[Midnightbsd-cvs] src [7124] vendor-crypto/heimdal: import heimdal 1.1.0
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Jul 22 10:55:58 EDT 2015
Revision: 7124
http://svnweb.midnightbsd.org/src/?rev=7124
Author: laffer1
Date: 2015-07-22 10:55:56 -0400 (Wed, 22 Jul 2015)
Log Message:
-----------
import heimdal 1.1.0
Added Paths:
-----------
vendor-crypto/heimdal/
vendor-crypto/heimdal/dist/
vendor-crypto/heimdal/dist/ChangeLog
vendor-crypto/heimdal/dist/ChangeLog.1998
vendor-crypto/heimdal/dist/ChangeLog.1999
vendor-crypto/heimdal/dist/ChangeLog.2000
vendor-crypto/heimdal/dist/ChangeLog.2001
vendor-crypto/heimdal/dist/ChangeLog.2002
vendor-crypto/heimdal/dist/ChangeLog.2003
vendor-crypto/heimdal/dist/ChangeLog.2004
vendor-crypto/heimdal/dist/ChangeLog.2005
vendor-crypto/heimdal/dist/ChangeLog.2006
vendor-crypto/heimdal/dist/LICENSE
vendor-crypto/heimdal/dist/Makefile.am
vendor-crypto/heimdal/dist/Makefile.am.common
vendor-crypto/heimdal/dist/Makefile.in
vendor-crypto/heimdal/dist/NEWS
vendor-crypto/heimdal/dist/README
vendor-crypto/heimdal/dist/acinclude.m4
vendor-crypto/heimdal/dist/aclocal.m4
vendor-crypto/heimdal/dist/admin/
vendor-crypto/heimdal/dist/admin/ChangeLog
vendor-crypto/heimdal/dist/admin/Makefile.am
vendor-crypto/heimdal/dist/admin/Makefile.in
vendor-crypto/heimdal/dist/admin/add.c
vendor-crypto/heimdal/dist/admin/change.c
vendor-crypto/heimdal/dist/admin/copy.c
vendor-crypto/heimdal/dist/admin/get.c
vendor-crypto/heimdal/dist/admin/ktutil-commands.in
vendor-crypto/heimdal/dist/admin/ktutil.8
vendor-crypto/heimdal/dist/admin/ktutil.c
vendor-crypto/heimdal/dist/admin/ktutil_locl.h
vendor-crypto/heimdal/dist/admin/list.c
vendor-crypto/heimdal/dist/admin/purge.c
vendor-crypto/heimdal/dist/admin/remove.c
vendor-crypto/heimdal/dist/admin/rename.c
vendor-crypto/heimdal/dist/appl/
vendor-crypto/heimdal/dist/appl/Makefile.am
vendor-crypto/heimdal/dist/appl/Makefile.in
vendor-crypto/heimdal/dist/appl/afsutil/
vendor-crypto/heimdal/dist/appl/afsutil/ChangeLog
vendor-crypto/heimdal/dist/appl/afsutil/Makefile.am
vendor-crypto/heimdal/dist/appl/afsutil/Makefile.in
vendor-crypto/heimdal/dist/appl/afsutil/afslog.1
vendor-crypto/heimdal/dist/appl/afsutil/afslog.c
vendor-crypto/heimdal/dist/appl/afsutil/pagsh.1
vendor-crypto/heimdal/dist/appl/afsutil/pagsh.c
vendor-crypto/heimdal/dist/appl/ftp/
vendor-crypto/heimdal/dist/appl/ftp/ChangeLog
vendor-crypto/heimdal/dist/appl/ftp/Makefile.am
vendor-crypto/heimdal/dist/appl/ftp/Makefile.in
vendor-crypto/heimdal/dist/appl/ftp/common/
vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.am
vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.in
vendor-crypto/heimdal/dist/appl/ftp/common/buffer.c
vendor-crypto/heimdal/dist/appl/ftp/common/common.h
vendor-crypto/heimdal/dist/appl/ftp/common/sockbuf.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/
vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.am
vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.in
vendor-crypto/heimdal/dist/appl/ftp/ftp/cmds.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/cmdtab.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/domacro.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/extern.h
vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.1
vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_locl.h
vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_var.h
vendor-crypto/heimdal/dist/appl/ftp/ftp/globals.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/gssapi.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/kauth.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/krb4.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/main.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/pathnames.h
vendor-crypto/heimdal/dist/appl/ftp/ftp/ruserpass.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/security.c
vendor-crypto/heimdal/dist/appl/ftp/ftp/security.h
vendor-crypto/heimdal/dist/appl/ftp/ftpd/
vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.am
vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.in
vendor-crypto/heimdal/dist/appl/ftp/ftpd/extern.h
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.y
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.8
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd_locl.h
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpusers.5
vendor-crypto/heimdal/dist/appl/ftp/ftpd/gss_userok.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/gssapi.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/kauth.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/klist.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/krb4.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/logwtmp.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/ls.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/pathnames.h
vendor-crypto/heimdal/dist/appl/ftp/ftpd/popen.c
vendor-crypto/heimdal/dist/appl/ftp/ftpd/security.c
vendor-crypto/heimdal/dist/appl/gssmask/
vendor-crypto/heimdal/dist/appl/gssmask/Makefile.am
vendor-crypto/heimdal/dist/appl/gssmask/Makefile.in
vendor-crypto/heimdal/dist/appl/gssmask/common.c
vendor-crypto/heimdal/dist/appl/gssmask/common.h
vendor-crypto/heimdal/dist/appl/gssmask/gssmaestro.c
vendor-crypto/heimdal/dist/appl/gssmask/gssmask.c
vendor-crypto/heimdal/dist/appl/gssmask/protocol.h
vendor-crypto/heimdal/dist/appl/kf/
vendor-crypto/heimdal/dist/appl/kf/Makefile.am
vendor-crypto/heimdal/dist/appl/kf/Makefile.in
vendor-crypto/heimdal/dist/appl/kf/kf.1
vendor-crypto/heimdal/dist/appl/kf/kf.c
vendor-crypto/heimdal/dist/appl/kf/kf_locl.h
vendor-crypto/heimdal/dist/appl/kf/kfd.8
vendor-crypto/heimdal/dist/appl/kf/kfd.c
vendor-crypto/heimdal/dist/appl/login/
vendor-crypto/heimdal/dist/appl/login/ChangeLog
vendor-crypto/heimdal/dist/appl/login/Makefile.am
vendor-crypto/heimdal/dist/appl/login/Makefile.in
vendor-crypto/heimdal/dist/appl/login/conf.c
vendor-crypto/heimdal/dist/appl/login/env.c
vendor-crypto/heimdal/dist/appl/login/limits_conf.c
vendor-crypto/heimdal/dist/appl/login/login.1
vendor-crypto/heimdal/dist/appl/login/login.access.5
vendor-crypto/heimdal/dist/appl/login/login.c
vendor-crypto/heimdal/dist/appl/login/login_access.c
vendor-crypto/heimdal/dist/appl/login/login_locl.h
vendor-crypto/heimdal/dist/appl/login/login_protos.h
vendor-crypto/heimdal/dist/appl/login/loginpaths.h
vendor-crypto/heimdal/dist/appl/login/osfc2.c
vendor-crypto/heimdal/dist/appl/login/read_string.c
vendor-crypto/heimdal/dist/appl/login/shadow.c
vendor-crypto/heimdal/dist/appl/login/stty_default.c
vendor-crypto/heimdal/dist/appl/login/tty.c
vendor-crypto/heimdal/dist/appl/login/utmp_login.c
vendor-crypto/heimdal/dist/appl/login/utmpx_login.c
vendor-crypto/heimdal/dist/appl/push/
vendor-crypto/heimdal/dist/appl/push/ChangeLog
vendor-crypto/heimdal/dist/appl/push/Makefile.am
vendor-crypto/heimdal/dist/appl/push/Makefile.in
vendor-crypto/heimdal/dist/appl/push/pfrom.1
vendor-crypto/heimdal/dist/appl/push/pfrom.in
vendor-crypto/heimdal/dist/appl/push/push.8
vendor-crypto/heimdal/dist/appl/push/push.c
vendor-crypto/heimdal/dist/appl/push/push_locl.h
vendor-crypto/heimdal/dist/appl/rcp/
vendor-crypto/heimdal/dist/appl/rcp/ChangeLog
vendor-crypto/heimdal/dist/appl/rcp/Makefile.am
vendor-crypto/heimdal/dist/appl/rcp/Makefile.in
vendor-crypto/heimdal/dist/appl/rcp/extern.h
vendor-crypto/heimdal/dist/appl/rcp/rcp.1
vendor-crypto/heimdal/dist/appl/rcp/rcp.c
vendor-crypto/heimdal/dist/appl/rcp/rcp_locl.h
vendor-crypto/heimdal/dist/appl/rcp/util.c
vendor-crypto/heimdal/dist/appl/rsh/
vendor-crypto/heimdal/dist/appl/rsh/ChangeLog
vendor-crypto/heimdal/dist/appl/rsh/Makefile.am
vendor-crypto/heimdal/dist/appl/rsh/Makefile.in
vendor-crypto/heimdal/dist/appl/rsh/common.c
vendor-crypto/heimdal/dist/appl/rsh/limits_conf.c
vendor-crypto/heimdal/dist/appl/rsh/login_access.c
vendor-crypto/heimdal/dist/appl/rsh/rsh.1
vendor-crypto/heimdal/dist/appl/rsh/rsh.c
vendor-crypto/heimdal/dist/appl/rsh/rsh_locl.h
vendor-crypto/heimdal/dist/appl/rsh/rshd.8
vendor-crypto/heimdal/dist/appl/rsh/rshd.c
vendor-crypto/heimdal/dist/appl/su/
vendor-crypto/heimdal/dist/appl/su/ChangeLog
vendor-crypto/heimdal/dist/appl/su/Makefile.am
vendor-crypto/heimdal/dist/appl/su/Makefile.in
vendor-crypto/heimdal/dist/appl/su/su.1
vendor-crypto/heimdal/dist/appl/su/su.c
vendor-crypto/heimdal/dist/appl/su/supaths.h
vendor-crypto/heimdal/dist/appl/telnet/
vendor-crypto/heimdal/dist/appl/telnet/ChangeLog
vendor-crypto/heimdal/dist/appl/telnet/Makefile.am
vendor-crypto/heimdal/dist/appl/telnet/Makefile.in
vendor-crypto/heimdal/dist/appl/telnet/README.ORIG
vendor-crypto/heimdal/dist/appl/telnet/arpa/
vendor-crypto/heimdal/dist/appl/telnet/arpa/telnet.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.am
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.in
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth-proto.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc-proto.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc_des.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/genget.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos5.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/krb4encpwd.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc-proto.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.h
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/rsaencpwd.c
vendor-crypto/heimdal/dist/appl/telnet/libtelnet/spx.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/
vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.am
vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.in
vendor-crypto/heimdal/dist/appl/telnet/telnet/authenc.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/commands.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/defines.h
vendor-crypto/heimdal/dist/appl/telnet/telnet/externs.h
vendor-crypto/heimdal/dist/appl/telnet/telnet/main.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/network.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.h
vendor-crypto/heimdal/dist/appl/telnet/telnet/sys_bsd.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.1
vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet_locl.h
vendor-crypto/heimdal/dist/appl/telnet/telnet/terminal.c
vendor-crypto/heimdal/dist/appl/telnet/telnet/types.h
vendor-crypto/heimdal/dist/appl/telnet/telnet/utilities.c
vendor-crypto/heimdal/dist/appl/telnet/telnet.state
vendor-crypto/heimdal/dist/appl/telnet/telnetd/
vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.am
vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.in
vendor-crypto/heimdal/dist/appl/telnet/telnetd/authenc.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/defs.h
vendor-crypto/heimdal/dist/appl/telnet/telnetd/ext.h
vendor-crypto/heimdal/dist/appl/telnet/telnetd/global.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/slc.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/state.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/sys_term.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.8
vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.h
vendor-crypto/heimdal/dist/appl/telnet/telnetd/termstat.c
vendor-crypto/heimdal/dist/appl/telnet/telnetd/utility.c
vendor-crypto/heimdal/dist/appl/test/
vendor-crypto/heimdal/dist/appl/test/Makefile.am
vendor-crypto/heimdal/dist/appl/test/Makefile.in
vendor-crypto/heimdal/dist/appl/test/common.c
vendor-crypto/heimdal/dist/appl/test/gss_common.c
vendor-crypto/heimdal/dist/appl/test/gss_common.h
vendor-crypto/heimdal/dist/appl/test/gssapi_client.c
vendor-crypto/heimdal/dist/appl/test/gssapi_server.c
vendor-crypto/heimdal/dist/appl/test/http_client.c
vendor-crypto/heimdal/dist/appl/test/nt_gss_client.c
vendor-crypto/heimdal/dist/appl/test/nt_gss_common.c
vendor-crypto/heimdal/dist/appl/test/nt_gss_common.h
vendor-crypto/heimdal/dist/appl/test/nt_gss_server.c
vendor-crypto/heimdal/dist/appl/test/tcp_client.c
vendor-crypto/heimdal/dist/appl/test/tcp_server.c
vendor-crypto/heimdal/dist/appl/test/test_locl.h
vendor-crypto/heimdal/dist/appl/test/uu_client.c
vendor-crypto/heimdal/dist/appl/test/uu_server.c
vendor-crypto/heimdal/dist/autogen.sh
vendor-crypto/heimdal/dist/cf/
vendor-crypto/heimdal/dist/cf/ChangeLog
vendor-crypto/heimdal/dist/cf/Makefile.am.common
vendor-crypto/heimdal/dist/cf/aix.m4
vendor-crypto/heimdal/dist/cf/auth-modules.m4
vendor-crypto/heimdal/dist/cf/autobuild.m4
vendor-crypto/heimdal/dist/cf/broken-getaddrinfo.m4
vendor-crypto/heimdal/dist/cf/broken-glob.m4
vendor-crypto/heimdal/dist/cf/broken-realloc.m4
vendor-crypto/heimdal/dist/cf/broken-snprintf.m4
vendor-crypto/heimdal/dist/cf/broken.m4
vendor-crypto/heimdal/dist/cf/broken2.m4
vendor-crypto/heimdal/dist/cf/c-attribute.m4
vendor-crypto/heimdal/dist/cf/c-function.m4
vendor-crypto/heimdal/dist/cf/capabilities.m4
vendor-crypto/heimdal/dist/cf/check-compile-et.m4
vendor-crypto/heimdal/dist/cf/check-getpwnam_r-posix.m4
vendor-crypto/heimdal/dist/cf/check-man.m4
vendor-crypto/heimdal/dist/cf/check-netinet-ip-and-tcp.m4
vendor-crypto/heimdal/dist/cf/check-type-extra.m4
vendor-crypto/heimdal/dist/cf/check-var.m4
vendor-crypto/heimdal/dist/cf/check-x.m4
vendor-crypto/heimdal/dist/cf/check-xau.m4
vendor-crypto/heimdal/dist/cf/crypto.m4
vendor-crypto/heimdal/dist/cf/db.m4
vendor-crypto/heimdal/dist/cf/destdirs.m4
vendor-crypto/heimdal/dist/cf/dlopen.m4
vendor-crypto/heimdal/dist/cf/find-func-no-libs.m4
vendor-crypto/heimdal/dist/cf/find-func-no-libs2.m4
vendor-crypto/heimdal/dist/cf/find-func.m4
vendor-crypto/heimdal/dist/cf/find-if-not-broken.m4
vendor-crypto/heimdal/dist/cf/framework-security.m4
vendor-crypto/heimdal/dist/cf/have-pragma-weak.m4
vendor-crypto/heimdal/dist/cf/have-struct-field.m4
vendor-crypto/heimdal/dist/cf/have-type.m4
vendor-crypto/heimdal/dist/cf/have-types.m4
vendor-crypto/heimdal/dist/cf/install-catman.sh
vendor-crypto/heimdal/dist/cf/irix.m4
vendor-crypto/heimdal/dist/cf/krb-bigendian.m4
vendor-crypto/heimdal/dist/cf/krb-func-getcwd-broken.m4
vendor-crypto/heimdal/dist/cf/krb-func-getlogin.m4
vendor-crypto/heimdal/dist/cf/krb-ipv6.m4
vendor-crypto/heimdal/dist/cf/krb-prog-ln-s.m4
vendor-crypto/heimdal/dist/cf/krb-prog-ranlib.m4
vendor-crypto/heimdal/dist/cf/krb-prog-yacc.m4
vendor-crypto/heimdal/dist/cf/krb-readline.m4
vendor-crypto/heimdal/dist/cf/krb-struct-spwd.m4
vendor-crypto/heimdal/dist/cf/krb-struct-winsize.m4
vendor-crypto/heimdal/dist/cf/krb-sys-aix.m4
vendor-crypto/heimdal/dist/cf/krb-sys-nextstep.m4
vendor-crypto/heimdal/dist/cf/krb-version.m4
vendor-crypto/heimdal/dist/cf/largefile.m4
vendor-crypto/heimdal/dist/cf/make-proto.pl
vendor-crypto/heimdal/dist/cf/mips-abi.m4
vendor-crypto/heimdal/dist/cf/misc.m4
vendor-crypto/heimdal/dist/cf/need-proto.m4
vendor-crypto/heimdal/dist/cf/osfc2.m4
vendor-crypto/heimdal/dist/cf/otp.m4
vendor-crypto/heimdal/dist/cf/proto-compat.m4
vendor-crypto/heimdal/dist/cf/pthreads.m4
vendor-crypto/heimdal/dist/cf/resolv.m4
vendor-crypto/heimdal/dist/cf/retsigtype.m4
vendor-crypto/heimdal/dist/cf/roken-frag.m4
vendor-crypto/heimdal/dist/cf/roken.m4
vendor-crypto/heimdal/dist/cf/socket-wrapper.m4
vendor-crypto/heimdal/dist/cf/sunos.m4
vendor-crypto/heimdal/dist/cf/telnet.m4
vendor-crypto/heimdal/dist/cf/test-package.m4
vendor-crypto/heimdal/dist/cf/valgrind-suppressions
vendor-crypto/heimdal/dist/cf/vararray.m4
vendor-crypto/heimdal/dist/cf/version-script.m4
vendor-crypto/heimdal/dist/cf/wflags.m4
vendor-crypto/heimdal/dist/cf/win32.m4
vendor-crypto/heimdal/dist/cf/with-all.m4
vendor-crypto/heimdal/dist/compile
vendor-crypto/heimdal/dist/config.guess
vendor-crypto/heimdal/dist/config.sub
vendor-crypto/heimdal/dist/configure
vendor-crypto/heimdal/dist/configure.in
vendor-crypto/heimdal/dist/doc/
vendor-crypto/heimdal/dist/doc/Makefile.am
vendor-crypto/heimdal/dist/doc/Makefile.in
vendor-crypto/heimdal/dist/doc/ack.texi
vendor-crypto/heimdal/dist/doc/apps.texi
vendor-crypto/heimdal/dist/doc/doxytmpl.dxy
vendor-crypto/heimdal/dist/doc/hcrypto.din
vendor-crypto/heimdal/dist/doc/heimdal.css
vendor-crypto/heimdal/dist/doc/heimdal.texi
vendor-crypto/heimdal/dist/doc/hx509.din
vendor-crypto/heimdal/dist/doc/hx509.texi
vendor-crypto/heimdal/dist/doc/init-creds
vendor-crypto/heimdal/dist/doc/install.texi
vendor-crypto/heimdal/dist/doc/intro.texi
vendor-crypto/heimdal/dist/doc/kerberos4.texi
vendor-crypto/heimdal/dist/doc/krb5.din
vendor-crypto/heimdal/dist/doc/latin1.tex
vendor-crypto/heimdal/dist/doc/layman.asc
vendor-crypto/heimdal/dist/doc/mdate-sh
vendor-crypto/heimdal/dist/doc/migration.texi
vendor-crypto/heimdal/dist/doc/misc.texi
vendor-crypto/heimdal/dist/doc/ntlm.din
vendor-crypto/heimdal/dist/doc/programming.texi
vendor-crypto/heimdal/dist/doc/setup.texi
vendor-crypto/heimdal/dist/doc/vars.texi
vendor-crypto/heimdal/dist/doc/vars.tin
vendor-crypto/heimdal/dist/doc/whatis.texi
vendor-crypto/heimdal/dist/doc/win2k.texi
vendor-crypto/heimdal/dist/etc/
vendor-crypto/heimdal/dist/etc/Makefile.am
vendor-crypto/heimdal/dist/etc/Makefile.in
vendor-crypto/heimdal/dist/etc/services.append
vendor-crypto/heimdal/dist/include/
vendor-crypto/heimdal/dist/include/Makefile.am
vendor-crypto/heimdal/dist/include/Makefile.in
vendor-crypto/heimdal/dist/include/bits.c
vendor-crypto/heimdal/dist/include/config.h.in
vendor-crypto/heimdal/dist/include/gssapi/
vendor-crypto/heimdal/dist/include/gssapi/Makefile.am
vendor-crypto/heimdal/dist/include/gssapi/Makefile.in
vendor-crypto/heimdal/dist/include/hcrypto/
vendor-crypto/heimdal/dist/include/hcrypto/Makefile.am
vendor-crypto/heimdal/dist/include/hcrypto/Makefile.in
vendor-crypto/heimdal/dist/include/kadm5/
vendor-crypto/heimdal/dist/include/kadm5/Makefile.am
vendor-crypto/heimdal/dist/include/kadm5/Makefile.in
vendor-crypto/heimdal/dist/include/make_crypto.c
vendor-crypto/heimdal/dist/install-sh
vendor-crypto/heimdal/dist/kadmin/
vendor-crypto/heimdal/dist/kadmin/ChangeLog
vendor-crypto/heimdal/dist/kadmin/Makefile.am
vendor-crypto/heimdal/dist/kadmin/Makefile.in
vendor-crypto/heimdal/dist/kadmin/add-random-users.c
vendor-crypto/heimdal/dist/kadmin/add_enctype.c
vendor-crypto/heimdal/dist/kadmin/ank.c
vendor-crypto/heimdal/dist/kadmin/check.c
vendor-crypto/heimdal/dist/kadmin/cpw.c
vendor-crypto/heimdal/dist/kadmin/del.c
vendor-crypto/heimdal/dist/kadmin/del_enctype.c
vendor-crypto/heimdal/dist/kadmin/dump.c
vendor-crypto/heimdal/dist/kadmin/ext.c
vendor-crypto/heimdal/dist/kadmin/get.c
vendor-crypto/heimdal/dist/kadmin/init.c
vendor-crypto/heimdal/dist/kadmin/kadm_conn.c
vendor-crypto/heimdal/dist/kadmin/kadmin-commands.in
vendor-crypto/heimdal/dist/kadmin/kadmin.8
vendor-crypto/heimdal/dist/kadmin/kadmin.c
vendor-crypto/heimdal/dist/kadmin/kadmin_locl.h
vendor-crypto/heimdal/dist/kadmin/kadmind.8
vendor-crypto/heimdal/dist/kadmin/kadmind.c
vendor-crypto/heimdal/dist/kadmin/load.c
vendor-crypto/heimdal/dist/kadmin/mod.c
vendor-crypto/heimdal/dist/kadmin/pw_quality.c
vendor-crypto/heimdal/dist/kadmin/random_password.c
vendor-crypto/heimdal/dist/kadmin/rename.c
vendor-crypto/heimdal/dist/kadmin/server.c
vendor-crypto/heimdal/dist/kadmin/stash.c
vendor-crypto/heimdal/dist/kadmin/test_util.c
vendor-crypto/heimdal/dist/kadmin/util.c
vendor-crypto/heimdal/dist/kcm/
vendor-crypto/heimdal/dist/kcm/Makefile.am
vendor-crypto/heimdal/dist/kcm/Makefile.in
vendor-crypto/heimdal/dist/kcm/acl.c
vendor-crypto/heimdal/dist/kcm/acquire.c
vendor-crypto/heimdal/dist/kcm/cache.c
vendor-crypto/heimdal/dist/kcm/client.c
vendor-crypto/heimdal/dist/kcm/config.c
vendor-crypto/heimdal/dist/kcm/connect.c
vendor-crypto/heimdal/dist/kcm/cursor.c
vendor-crypto/heimdal/dist/kcm/events.c
vendor-crypto/heimdal/dist/kcm/glue.c
vendor-crypto/heimdal/dist/kcm/headers.h
vendor-crypto/heimdal/dist/kcm/kcm.8
vendor-crypto/heimdal/dist/kcm/kcm_locl.h
vendor-crypto/heimdal/dist/kcm/kcm_protos.h
vendor-crypto/heimdal/dist/kcm/log.c
vendor-crypto/heimdal/dist/kcm/main.c
vendor-crypto/heimdal/dist/kcm/protocol.c
vendor-crypto/heimdal/dist/kcm/renew.c
vendor-crypto/heimdal/dist/kdc/
vendor-crypto/heimdal/dist/kdc/524.c
vendor-crypto/heimdal/dist/kdc/Makefile.am
vendor-crypto/heimdal/dist/kdc/Makefile.in
vendor-crypto/heimdal/dist/kdc/config.c
vendor-crypto/heimdal/dist/kdc/connect.c
vendor-crypto/heimdal/dist/kdc/default_config.c
vendor-crypto/heimdal/dist/kdc/digest.c
vendor-crypto/heimdal/dist/kdc/headers.h
vendor-crypto/heimdal/dist/kdc/hprop.8
vendor-crypto/heimdal/dist/kdc/hprop.c
vendor-crypto/heimdal/dist/kdc/hprop.h
vendor-crypto/heimdal/dist/kdc/hpropd.8
vendor-crypto/heimdal/dist/kdc/hpropd.c
vendor-crypto/heimdal/dist/kdc/kadb.h
vendor-crypto/heimdal/dist/kdc/kaserver.c
vendor-crypto/heimdal/dist/kdc/kdc-private.h
vendor-crypto/heimdal/dist/kdc/kdc-protos.h
vendor-crypto/heimdal/dist/kdc/kdc-replay.c
vendor-crypto/heimdal/dist/kdc/kdc.8
vendor-crypto/heimdal/dist/kdc/kdc.h
vendor-crypto/heimdal/dist/kdc/kdc_locl.h
vendor-crypto/heimdal/dist/kdc/kerberos4.c
vendor-crypto/heimdal/dist/kdc/kerberos5.c
vendor-crypto/heimdal/dist/kdc/krb5tgs.c
vendor-crypto/heimdal/dist/kdc/kstash.8
vendor-crypto/heimdal/dist/kdc/kstash.c
vendor-crypto/heimdal/dist/kdc/kx509.c
vendor-crypto/heimdal/dist/kdc/log.c
vendor-crypto/heimdal/dist/kdc/main.c
vendor-crypto/heimdal/dist/kdc/misc.c
vendor-crypto/heimdal/dist/kdc/mit_dump.c
vendor-crypto/heimdal/dist/kdc/pkinit.c
vendor-crypto/heimdal/dist/kdc/process.c
vendor-crypto/heimdal/dist/kdc/rx.h
vendor-crypto/heimdal/dist/kdc/set_dbinfo.c
vendor-crypto/heimdal/dist/kdc/string2key.8
vendor-crypto/heimdal/dist/kdc/string2key.c
vendor-crypto/heimdal/dist/kdc/v4_dump.c
vendor-crypto/heimdal/dist/kdc/version-script.map
vendor-crypto/heimdal/dist/kdc/windc.c
vendor-crypto/heimdal/dist/kdc/windc_plugin.h
vendor-crypto/heimdal/dist/kpasswd/
vendor-crypto/heimdal/dist/kpasswd/Makefile.am
vendor-crypto/heimdal/dist/kpasswd/Makefile.in
vendor-crypto/heimdal/dist/kpasswd/kpasswd-generator.c
vendor-crypto/heimdal/dist/kpasswd/kpasswd.1
vendor-crypto/heimdal/dist/kpasswd/kpasswd.c
vendor-crypto/heimdal/dist/kpasswd/kpasswd_locl.h
vendor-crypto/heimdal/dist/kpasswd/kpasswdd.8
vendor-crypto/heimdal/dist/kpasswd/kpasswdd.c
vendor-crypto/heimdal/dist/krb5.conf
vendor-crypto/heimdal/dist/kuser/
vendor-crypto/heimdal/dist/kuser/Makefile.am
vendor-crypto/heimdal/dist/kuser/Makefile.in
vendor-crypto/heimdal/dist/kuser/copy_cred_cache.1
vendor-crypto/heimdal/dist/kuser/copy_cred_cache.c
vendor-crypto/heimdal/dist/kuser/generate-requests.c
vendor-crypto/heimdal/dist/kuser/kdecode_ticket.c
vendor-crypto/heimdal/dist/kuser/kdestroy.1
vendor-crypto/heimdal/dist/kuser/kdestroy.c
vendor-crypto/heimdal/dist/kuser/kdigest-commands.in
vendor-crypto/heimdal/dist/kuser/kdigest.c
vendor-crypto/heimdal/dist/kuser/kgetcred.1
vendor-crypto/heimdal/dist/kuser/kgetcred.c
vendor-crypto/heimdal/dist/kuser/kimpersonate.1
vendor-crypto/heimdal/dist/kuser/kimpersonate.c
vendor-crypto/heimdal/dist/kuser/kinit.1
vendor-crypto/heimdal/dist/kuser/kinit.c
vendor-crypto/heimdal/dist/kuser/klist.1
vendor-crypto/heimdal/dist/kuser/klist.c
vendor-crypto/heimdal/dist/kuser/kuser_locl.h
vendor-crypto/heimdal/dist/kuser/kverify.c
vendor-crypto/heimdal/dist/lib/
vendor-crypto/heimdal/dist/lib/45/
vendor-crypto/heimdal/dist/lib/45/45_locl.h
vendor-crypto/heimdal/dist/lib/45/Makefile.am
vendor-crypto/heimdal/dist/lib/45/Makefile.in
vendor-crypto/heimdal/dist/lib/45/get_ad_tkt.c
vendor-crypto/heimdal/dist/lib/45/mk_req.c
vendor-crypto/heimdal/dist/lib/Makefile.am
vendor-crypto/heimdal/dist/lib/Makefile.in
vendor-crypto/heimdal/dist/lib/asn1/
vendor-crypto/heimdal/dist/lib/asn1/CMS.asn1
vendor-crypto/heimdal/dist/lib/asn1/ChangeLog
vendor-crypto/heimdal/dist/lib/asn1/Makefile.am
vendor-crypto/heimdal/dist/lib/asn1/Makefile.in
vendor-crypto/heimdal/dist/lib/asn1/asn1-common.h
vendor-crypto/heimdal/dist/lib/asn1/asn1_err.et
vendor-crypto/heimdal/dist/lib/asn1/asn1_gen.c
vendor-crypto/heimdal/dist/lib/asn1/asn1_print.c
vendor-crypto/heimdal/dist/lib/asn1/asn1_queue.h
vendor-crypto/heimdal/dist/lib/asn1/canthandle.asn1
vendor-crypto/heimdal/dist/lib/asn1/check-common.c
vendor-crypto/heimdal/dist/lib/asn1/check-common.h
vendor-crypto/heimdal/dist/lib/asn1/check-der.c
vendor-crypto/heimdal/dist/lib/asn1/check-gen.c
vendor-crypto/heimdal/dist/lib/asn1/check-timegm.c
vendor-crypto/heimdal/dist/lib/asn1/der-protos.h
vendor-crypto/heimdal/dist/lib/asn1/der.c
vendor-crypto/heimdal/dist/lib/asn1/der.h
vendor-crypto/heimdal/dist/lib/asn1/der_cmp.c
vendor-crypto/heimdal/dist/lib/asn1/der_copy.c
vendor-crypto/heimdal/dist/lib/asn1/der_format.c
vendor-crypto/heimdal/dist/lib/asn1/der_free.c
vendor-crypto/heimdal/dist/lib/asn1/der_get.c
vendor-crypto/heimdal/dist/lib/asn1/der_length.c
vendor-crypto/heimdal/dist/lib/asn1/der_locl.h
vendor-crypto/heimdal/dist/lib/asn1/der_put.c
vendor-crypto/heimdal/dist/lib/asn1/digest.asn1
vendor-crypto/heimdal/dist/lib/asn1/extra.c
vendor-crypto/heimdal/dist/lib/asn1/gen.c
vendor-crypto/heimdal/dist/lib/asn1/gen_copy.c
vendor-crypto/heimdal/dist/lib/asn1/gen_decode.c
vendor-crypto/heimdal/dist/lib/asn1/gen_encode.c
vendor-crypto/heimdal/dist/lib/asn1/gen_free.c
vendor-crypto/heimdal/dist/lib/asn1/gen_glue.c
vendor-crypto/heimdal/dist/lib/asn1/gen_length.c
vendor-crypto/heimdal/dist/lib/asn1/gen_locl.h
vendor-crypto/heimdal/dist/lib/asn1/gen_seq.c
vendor-crypto/heimdal/dist/lib/asn1/hash.c
vendor-crypto/heimdal/dist/lib/asn1/hash.h
vendor-crypto/heimdal/dist/lib/asn1/heim_asn1.h
vendor-crypto/heimdal/dist/lib/asn1/k5.asn1
vendor-crypto/heimdal/dist/lib/asn1/kx509.asn1
vendor-crypto/heimdal/dist/lib/asn1/lex.c
vendor-crypto/heimdal/dist/lib/asn1/lex.h
vendor-crypto/heimdal/dist/lib/asn1/lex.l
vendor-crypto/heimdal/dist/lib/asn1/main.c
vendor-crypto/heimdal/dist/lib/asn1/parse.c
vendor-crypto/heimdal/dist/lib/asn1/parse.h
vendor-crypto/heimdal/dist/lib/asn1/parse.y
vendor-crypto/heimdal/dist/lib/asn1/pkcs12.asn1
vendor-crypto/heimdal/dist/lib/asn1/pkcs8.asn1
vendor-crypto/heimdal/dist/lib/asn1/pkcs9.asn1
vendor-crypto/heimdal/dist/lib/asn1/pkinit.asn1
vendor-crypto/heimdal/dist/lib/asn1/rfc2459.asn1
vendor-crypto/heimdal/dist/lib/asn1/setchgpw2.asn1
vendor-crypto/heimdal/dist/lib/asn1/symbol.c
vendor-crypto/heimdal/dist/lib/asn1/symbol.h
vendor-crypto/heimdal/dist/lib/asn1/test.asn1
vendor-crypto/heimdal/dist/lib/asn1/test.gen
vendor-crypto/heimdal/dist/lib/asn1/timegm.c
vendor-crypto/heimdal/dist/lib/auth/
vendor-crypto/heimdal/dist/lib/auth/ChangeLog
vendor-crypto/heimdal/dist/lib/auth/Makefile.am
vendor-crypto/heimdal/dist/lib/auth/Makefile.in
vendor-crypto/heimdal/dist/lib/auth/afskauthlib/
vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.am
vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.in
vendor-crypto/heimdal/dist/lib/auth/afskauthlib/verify.c
vendor-crypto/heimdal/dist/lib/auth/pam/
vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.am
vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.in
vendor-crypto/heimdal/dist/lib/auth/pam/pam.c
vendor-crypto/heimdal/dist/lib/auth/pam/pam.conf.add
vendor-crypto/heimdal/dist/lib/auth/sia/
vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.am
vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.in
vendor-crypto/heimdal/dist/lib/auth/sia/krb4+c2_matrix.conf
vendor-crypto/heimdal/dist/lib/auth/sia/krb4_matrix.conf
vendor-crypto/heimdal/dist/lib/auth/sia/krb5+c2_matrix.conf
vendor-crypto/heimdal/dist/lib/auth/sia/krb5_matrix.conf
vendor-crypto/heimdal/dist/lib/auth/sia/make-rpath
vendor-crypto/heimdal/dist/lib/auth/sia/posix_getpw.c
vendor-crypto/heimdal/dist/lib/auth/sia/security.patch
vendor-crypto/heimdal/dist/lib/auth/sia/sia.c
vendor-crypto/heimdal/dist/lib/auth/sia/sia_locl.h
vendor-crypto/heimdal/dist/lib/com_err/
vendor-crypto/heimdal/dist/lib/com_err/ChangeLog
vendor-crypto/heimdal/dist/lib/com_err/Makefile.am
vendor-crypto/heimdal/dist/lib/com_err/Makefile.in
vendor-crypto/heimdal/dist/lib/com_err/com_err.c
vendor-crypto/heimdal/dist/lib/com_err/com_err.h
vendor-crypto/heimdal/dist/lib/com_err/com_right.h
vendor-crypto/heimdal/dist/lib/com_err/compile_et.c
vendor-crypto/heimdal/dist/lib/com_err/compile_et.h
vendor-crypto/heimdal/dist/lib/com_err/error.c
vendor-crypto/heimdal/dist/lib/com_err/lex.c
vendor-crypto/heimdal/dist/lib/com_err/lex.h
vendor-crypto/heimdal/dist/lib/com_err/lex.l
vendor-crypto/heimdal/dist/lib/com_err/parse.c
vendor-crypto/heimdal/dist/lib/com_err/parse.h
vendor-crypto/heimdal/dist/lib/com_err/parse.y
vendor-crypto/heimdal/dist/lib/com_err/roken_rename.h
vendor-crypto/heimdal/dist/lib/com_err/version-script.map
vendor-crypto/heimdal/dist/lib/gssapi/
vendor-crypto/heimdal/dist/lib/gssapi/ChangeLog
vendor-crypto/heimdal/dist/lib/gssapi/Makefile.am
vendor-crypto/heimdal/dist/lib/gssapi/Makefile.in
vendor-crypto/heimdal/dist/lib/gssapi/gss-commands.in
vendor-crypto/heimdal/dist/lib/gssapi/gss.c
vendor-crypto/heimdal/dist/lib/gssapi/gss_acquire_cred.3
vendor-crypto/heimdal/dist/lib/gssapi/gssapi/
vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi.h
vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_krb5.h
vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_spnego.h
vendor-crypto/heimdal/dist/lib/gssapi/gssapi.3
vendor-crypto/heimdal/dist/lib/gssapi/gssapi.h
vendor-crypto/heimdal/dist/lib/gssapi/gssapi_mech.h
vendor-crypto/heimdal/dist/lib/gssapi/krb5/
vendor-crypto/heimdal/dist/lib/gssapi/krb5/8003.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/accept_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/acquire_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/add_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/address_to_krb5addr.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/arcfour.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/canonicalize_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/ccache_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.h
vendor-crypto/heimdal/dist/lib/gssapi/krb5/compare_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/compat.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/context_time.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/copy_ccache.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/decapsulate.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/delete_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_status.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/duplicate_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/encapsulate.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/external.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/get_mic.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/gkrb5_err.et
vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5-private.h
vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5_locl.h
vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/indicate_mechs.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/init.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/init_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_context.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_mech.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_oid.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_mechs_for_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_names_for_mech.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_sec_context_by_oid.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/prf.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/process_context_token.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_buffer.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_name.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/sequence.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_cred_option.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_sec_context_option.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/test_cfx.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/ticket_flags.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/unwrap.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/v1.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/verify_mic.c
vendor-crypto/heimdal/dist/lib/gssapi/krb5/wrap.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/accept_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/acquire_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/add_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/canonicalize_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/compare_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/context_time.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/crypto.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/delete_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/digest.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_status.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/duplicate_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/external.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/indicate_mechs.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/init_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_context.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred_by_mech.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_mechs_for_name.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_names_for_mech.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm-private.h
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm.h
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/process_context_token.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_name.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/
vendor-crypto/heimdal/dist/lib/gssapi/spnego/accept_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/compat.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/context_stubs.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/cred_stubs.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/external.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/init_sec_context.c
vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego-private.h
vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego.asn1
vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego_locl.h
vendor-crypto/heimdal/dist/lib/gssapi/test_acquire_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/test_common.c
vendor-crypto/heimdal/dist/lib/gssapi/test_common.h
vendor-crypto/heimdal/dist/lib/gssapi/test_context.c
vendor-crypto/heimdal/dist/lib/gssapi/test_cred.c
vendor-crypto/heimdal/dist/lib/gssapi/test_kcred.c
vendor-crypto/heimdal/dist/lib/gssapi/test_names.c
vendor-crypto/heimdal/dist/lib/gssapi/test_ntlm.c
vendor-crypto/heimdal/dist/lib/gssapi/test_oid.c
vendor-crypto/heimdal/dist/lib/gssapi/version-script.map
vendor-crypto/heimdal/dist/lib/hdb/
vendor-crypto/heimdal/dist/lib/hdb/Makefile.am
vendor-crypto/heimdal/dist/lib/hdb/Makefile.in
vendor-crypto/heimdal/dist/lib/hdb/common.c
vendor-crypto/heimdal/dist/lib/hdb/db.c
vendor-crypto/heimdal/dist/lib/hdb/db3.c
vendor-crypto/heimdal/dist/lib/hdb/dbinfo.c
vendor-crypto/heimdal/dist/lib/hdb/ext.c
vendor-crypto/heimdal/dist/lib/hdb/hdb-ldap.c
vendor-crypto/heimdal/dist/lib/hdb/hdb-private.h
vendor-crypto/heimdal/dist/lib/hdb/hdb-protos.h
vendor-crypto/heimdal/dist/lib/hdb/hdb.asn1
vendor-crypto/heimdal/dist/lib/hdb/hdb.c
vendor-crypto/heimdal/dist/lib/hdb/hdb.h
vendor-crypto/heimdal/dist/lib/hdb/hdb.schema
vendor-crypto/heimdal/dist/lib/hdb/hdb_err.et
vendor-crypto/heimdal/dist/lib/hdb/hdb_locl.h
vendor-crypto/heimdal/dist/lib/hdb/keys.c
vendor-crypto/heimdal/dist/lib/hdb/keytab.c
vendor-crypto/heimdal/dist/lib/hdb/mkey.c
vendor-crypto/heimdal/dist/lib/hdb/ndbm.c
vendor-crypto/heimdal/dist/lib/hdb/print.c
vendor-crypto/heimdal/dist/lib/hdb/test_dbinfo.c
vendor-crypto/heimdal/dist/lib/hx509/
vendor-crypto/heimdal/dist/lib/hx509/ChangeLog
vendor-crypto/heimdal/dist/lib/hx509/Makefile.am
vendor-crypto/heimdal/dist/lib/hx509/Makefile.in
vendor-crypto/heimdal/dist/lib/hx509/ca.c
vendor-crypto/heimdal/dist/lib/hx509/cert.c
vendor-crypto/heimdal/dist/lib/hx509/cms.c
vendor-crypto/heimdal/dist/lib/hx509/collector.c
vendor-crypto/heimdal/dist/lib/hx509/crmf.asn1
vendor-crypto/heimdal/dist/lib/hx509/crypto.c
vendor-crypto/heimdal/dist/lib/hx509/data/
vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-bad.pem
vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-good.pem
vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-sf-pad-correct.pem
vendor-crypto/heimdal/dist/lib/hx509/data/ca.crt
vendor-crypto/heimdal/dist/lib/hx509/data/ca.key
vendor-crypto/heimdal/dist/lib/hx509/data/crl1.crl
vendor-crypto/heimdal/dist/lib/hx509/data/crl1.der
vendor-crypto/heimdal/dist/lib/hx509/data/gen-req.sh
vendor-crypto/heimdal/dist/lib/hx509/data/j.pem
vendor-crypto/heimdal/dist/lib/hx509/data/kdc.crt
vendor-crypto/heimdal/dist/lib/hx509/data/kdc.key
vendor-crypto/heimdal/dist/lib/hx509/data/key.der
vendor-crypto/heimdal/dist/lib/hx509/data/key2.der
vendor-crypto/heimdal/dist/lib/hx509/data/nist-data
vendor-crypto/heimdal/dist/lib/hx509/data/nist-data2
vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.key
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req1.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req2.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-2.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-3.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ca.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-keyhash.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp2.der
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.crt
vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.key
vendor-crypto/heimdal/dist/lib/hx509/data/openssl.cnf
vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy-chain.crt
vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.crt
vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.key
vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-pw.key
vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.crt
vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.key
vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.key
vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.key
vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.key
vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.key
vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.key
vendor-crypto/heimdal/dist/lib/hx509/data/revoke.crt
vendor-crypto/heimdal/dist/lib/hx509/data/revoke.key
vendor-crypto/heimdal/dist/lib/hx509/data/sf-class2-root.pem
vendor-crypto/heimdal/dist/lib/hx509/data/static-file
vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.crt
vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.key
vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.crt
vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.key
vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.p12
vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.crt
vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.key
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-128
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-256
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des-ede3
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-128
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-40
vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-64
vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.crt
vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.key
vendor-crypto/heimdal/dist/lib/hx509/data/test-nopw.p12
vendor-crypto/heimdal/dist/lib/hx509/data/test-pw.key
vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data
vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr
vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr-nocerts
vendor-crypto/heimdal/dist/lib/hx509/data/test.combined.crt
vendor-crypto/heimdal/dist/lib/hx509/data/test.crt
vendor-crypto/heimdal/dist/lib/hx509/data/test.key
vendor-crypto/heimdal/dist/lib/hx509/data/test.p12
vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-ca.pem
vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-cert.pem
vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-ca.pem
vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-cert.pem
vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad.key
vendor-crypto/heimdal/dist/lib/hx509/doxygen.c
vendor-crypto/heimdal/dist/lib/hx509/env.c
vendor-crypto/heimdal/dist/lib/hx509/error.c
vendor-crypto/heimdal/dist/lib/hx509/file.c
vendor-crypto/heimdal/dist/lib/hx509/hx509-private.h
vendor-crypto/heimdal/dist/lib/hx509/hx509-protos.h
vendor-crypto/heimdal/dist/lib/hx509/hx509.h
vendor-crypto/heimdal/dist/lib/hx509/hx509_err.et
vendor-crypto/heimdal/dist/lib/hx509/hx_locl.h
vendor-crypto/heimdal/dist/lib/hx509/hxtool-commands.in
vendor-crypto/heimdal/dist/lib/hx509/hxtool.c
vendor-crypto/heimdal/dist/lib/hx509/keyset.c
vendor-crypto/heimdal/dist/lib/hx509/ks_dir.c
vendor-crypto/heimdal/dist/lib/hx509/ks_file.c
vendor-crypto/heimdal/dist/lib/hx509/ks_keychain.c
vendor-crypto/heimdal/dist/lib/hx509/ks_mem.c
vendor-crypto/heimdal/dist/lib/hx509/ks_null.c
vendor-crypto/heimdal/dist/lib/hx509/ks_p11.c
vendor-crypto/heimdal/dist/lib/hx509/ks_p12.c
vendor-crypto/heimdal/dist/lib/hx509/lock.c
vendor-crypto/heimdal/dist/lib/hx509/name.c
vendor-crypto/heimdal/dist/lib/hx509/ocsp.asn1
vendor-crypto/heimdal/dist/lib/hx509/peer.c
vendor-crypto/heimdal/dist/lib/hx509/pkcs10.asn1
vendor-crypto/heimdal/dist/lib/hx509/print.c
vendor-crypto/heimdal/dist/lib/hx509/ref/
vendor-crypto/heimdal/dist/lib/hx509/ref/pkcs11.h
vendor-crypto/heimdal/dist/lib/hx509/req.c
vendor-crypto/heimdal/dist/lib/hx509/revoke.c
vendor-crypto/heimdal/dist/lib/hx509/softp11.c
vendor-crypto/heimdal/dist/lib/hx509/test_ca.in
vendor-crypto/heimdal/dist/lib/hx509/test_cert.in
vendor-crypto/heimdal/dist/lib/hx509/test_chain.in
vendor-crypto/heimdal/dist/lib/hx509/test_cms.in
vendor-crypto/heimdal/dist/lib/hx509/test_crypto.in
vendor-crypto/heimdal/dist/lib/hx509/test_java_pkcs11.in
vendor-crypto/heimdal/dist/lib/hx509/test_name.c
vendor-crypto/heimdal/dist/lib/hx509/test_nist.in
vendor-crypto/heimdal/dist/lib/hx509/test_nist2.in
vendor-crypto/heimdal/dist/lib/hx509/test_nist_cert.in
vendor-crypto/heimdal/dist/lib/hx509/test_nist_pkcs12.in
vendor-crypto/heimdal/dist/lib/hx509/test_pkcs11.in
vendor-crypto/heimdal/dist/lib/hx509/test_query.in
vendor-crypto/heimdal/dist/lib/hx509/test_req.in
vendor-crypto/heimdal/dist/lib/hx509/test_soft_pkcs11.c
vendor-crypto/heimdal/dist/lib/hx509/test_windows.in
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available1
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available2
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available3
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select1
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select2
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select3
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select4
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select5
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select6
vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select7
vendor-crypto/heimdal/dist/lib/hx509/version-script.map
vendor-crypto/heimdal/dist/lib/kadm5/
vendor-crypto/heimdal/dist/lib/kadm5/ChangeLog
vendor-crypto/heimdal/dist/lib/kadm5/Makefile.am
vendor-crypto/heimdal/dist/lib/kadm5/Makefile.in
vendor-crypto/heimdal/dist/lib/kadm5/acl.c
vendor-crypto/heimdal/dist/lib/kadm5/ad.c
vendor-crypto/heimdal/dist/lib/kadm5/admin.h
vendor-crypto/heimdal/dist/lib/kadm5/bump_pw_expire.c
vendor-crypto/heimdal/dist/lib/kadm5/check-cracklib.pl
vendor-crypto/heimdal/dist/lib/kadm5/chpass_c.c
vendor-crypto/heimdal/dist/lib/kadm5/chpass_s.c
vendor-crypto/heimdal/dist/lib/kadm5/client_glue.c
vendor-crypto/heimdal/dist/lib/kadm5/common_glue.c
vendor-crypto/heimdal/dist/lib/kadm5/context_s.c
vendor-crypto/heimdal/dist/lib/kadm5/create_c.c
vendor-crypto/heimdal/dist/lib/kadm5/create_s.c
vendor-crypto/heimdal/dist/lib/kadm5/default_keys.c
vendor-crypto/heimdal/dist/lib/kadm5/delete_c.c
vendor-crypto/heimdal/dist/lib/kadm5/delete_s.c
vendor-crypto/heimdal/dist/lib/kadm5/destroy_c.c
vendor-crypto/heimdal/dist/lib/kadm5/destroy_s.c
vendor-crypto/heimdal/dist/lib/kadm5/ent_setup.c
vendor-crypto/heimdal/dist/lib/kadm5/error.c
vendor-crypto/heimdal/dist/lib/kadm5/flush.c
vendor-crypto/heimdal/dist/lib/kadm5/flush_c.c
vendor-crypto/heimdal/dist/lib/kadm5/flush_s.c
vendor-crypto/heimdal/dist/lib/kadm5/free.c
vendor-crypto/heimdal/dist/lib/kadm5/get_c.c
vendor-crypto/heimdal/dist/lib/kadm5/get_princs_c.c
vendor-crypto/heimdal/dist/lib/kadm5/get_princs_s.c
vendor-crypto/heimdal/dist/lib/kadm5/get_s.c
vendor-crypto/heimdal/dist/lib/kadm5/init_c.c
vendor-crypto/heimdal/dist/lib/kadm5/init_s.c
vendor-crypto/heimdal/dist/lib/kadm5/iprop-commands.in
vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.8
vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.c
vendor-crypto/heimdal/dist/lib/kadm5/iprop.8
vendor-crypto/heimdal/dist/lib/kadm5/iprop.h
vendor-crypto/heimdal/dist/lib/kadm5/ipropd_common.c
vendor-crypto/heimdal/dist/lib/kadm5/ipropd_master.c
vendor-crypto/heimdal/dist/lib/kadm5/ipropd_slave.c
vendor-crypto/heimdal/dist/lib/kadm5/kadm5-private.h
vendor-crypto/heimdal/dist/lib/kadm5/kadm5-protos.h
vendor-crypto/heimdal/dist/lib/kadm5/kadm5-pwcheck.h
vendor-crypto/heimdal/dist/lib/kadm5/kadm5_err.et
vendor-crypto/heimdal/dist/lib/kadm5/kadm5_locl.h
vendor-crypto/heimdal/dist/lib/kadm5/kadm5_pwcheck.3
vendor-crypto/heimdal/dist/lib/kadm5/keys.c
vendor-crypto/heimdal/dist/lib/kadm5/log.c
vendor-crypto/heimdal/dist/lib/kadm5/marshall.c
vendor-crypto/heimdal/dist/lib/kadm5/modify_c.c
vendor-crypto/heimdal/dist/lib/kadm5/modify_s.c
vendor-crypto/heimdal/dist/lib/kadm5/password_quality.c
vendor-crypto/heimdal/dist/lib/kadm5/private.h
vendor-crypto/heimdal/dist/lib/kadm5/privs_c.c
vendor-crypto/heimdal/dist/lib/kadm5/privs_s.c
vendor-crypto/heimdal/dist/lib/kadm5/randkey_c.c
vendor-crypto/heimdal/dist/lib/kadm5/randkey_s.c
vendor-crypto/heimdal/dist/lib/kadm5/rename_c.c
vendor-crypto/heimdal/dist/lib/kadm5/rename_s.c
vendor-crypto/heimdal/dist/lib/kadm5/sample_passwd_check.c
vendor-crypto/heimdal/dist/lib/kadm5/send_recv.c
vendor-crypto/heimdal/dist/lib/kadm5/server_glue.c
vendor-crypto/heimdal/dist/lib/kadm5/set_keys.c
vendor-crypto/heimdal/dist/lib/kadm5/set_modifier.c
vendor-crypto/heimdal/dist/lib/kadm5/test_pw_quality.c
vendor-crypto/heimdal/dist/lib/kadm5/version-script.map
vendor-crypto/heimdal/dist/lib/kafs/
vendor-crypto/heimdal/dist/lib/kafs/ChangeLog
vendor-crypto/heimdal/dist/lib/kafs/Makefile.am
vendor-crypto/heimdal/dist/lib/kafs/Makefile.in
vendor-crypto/heimdal/dist/lib/kafs/README.dlfcn
vendor-crypto/heimdal/dist/lib/kafs/afskrb.c
vendor-crypto/heimdal/dist/lib/kafs/afskrb5.c
vendor-crypto/heimdal/dist/lib/kafs/afsl.exp
vendor-crypto/heimdal/dist/lib/kafs/afslib.c
vendor-crypto/heimdal/dist/lib/kafs/afslib.exp
vendor-crypto/heimdal/dist/lib/kafs/afssys.c
vendor-crypto/heimdal/dist/lib/kafs/afssysdefs.h
vendor-crypto/heimdal/dist/lib/kafs/common.c
vendor-crypto/heimdal/dist/lib/kafs/dlfcn.c
vendor-crypto/heimdal/dist/lib/kafs/dlfcn.h
vendor-crypto/heimdal/dist/lib/kafs/kafs.3
vendor-crypto/heimdal/dist/lib/kafs/kafs.h
vendor-crypto/heimdal/dist/lib/kafs/kafs_locl.h
vendor-crypto/heimdal/dist/lib/kafs/roken_rename.h
vendor-crypto/heimdal/dist/lib/krb5/
vendor-crypto/heimdal/dist/lib/krb5/Makefile.am
vendor-crypto/heimdal/dist/lib/krb5/Makefile.in
vendor-crypto/heimdal/dist/lib/krb5/acache.c
vendor-crypto/heimdal/dist/lib/krb5/acl.c
vendor-crypto/heimdal/dist/lib/krb5/add_et_list.c
vendor-crypto/heimdal/dist/lib/krb5/addr_families.c
vendor-crypto/heimdal/dist/lib/krb5/aes-test.c
vendor-crypto/heimdal/dist/lib/krb5/aname_to_localname.c
vendor-crypto/heimdal/dist/lib/krb5/appdefault.c
vendor-crypto/heimdal/dist/lib/krb5/asn1_glue.c
vendor-crypto/heimdal/dist/lib/krb5/auth_context.c
vendor-crypto/heimdal/dist/lib/krb5/build_ap_req.c
vendor-crypto/heimdal/dist/lib/krb5/build_auth.c
vendor-crypto/heimdal/dist/lib/krb5/cache.c
vendor-crypto/heimdal/dist/lib/krb5/changepw.c
vendor-crypto/heimdal/dist/lib/krb5/codec.c
vendor-crypto/heimdal/dist/lib/krb5/config_file.c
vendor-crypto/heimdal/dist/lib/krb5/config_file_netinfo.c
vendor-crypto/heimdal/dist/lib/krb5/constants.c
vendor-crypto/heimdal/dist/lib/krb5/context.c
vendor-crypto/heimdal/dist/lib/krb5/convert_creds.c
vendor-crypto/heimdal/dist/lib/krb5/copy_host_realm.c
vendor-crypto/heimdal/dist/lib/krb5/crc.c
vendor-crypto/heimdal/dist/lib/krb5/creds.c
vendor-crypto/heimdal/dist/lib/krb5/crypto.c
vendor-crypto/heimdal/dist/lib/krb5/data.c
vendor-crypto/heimdal/dist/lib/krb5/derived-key-test.c
vendor-crypto/heimdal/dist/lib/krb5/digest.c
vendor-crypto/heimdal/dist/lib/krb5/doxygen.c
vendor-crypto/heimdal/dist/lib/krb5/eai_to_heim_errno.c
vendor-crypto/heimdal/dist/lib/krb5/error_string.c
vendor-crypto/heimdal/dist/lib/krb5/expand_hostname.c
vendor-crypto/heimdal/dist/lib/krb5/fcache.c
vendor-crypto/heimdal/dist/lib/krb5/free.c
vendor-crypto/heimdal/dist/lib/krb5/free_host_realm.c
vendor-crypto/heimdal/dist/lib/krb5/generate_seq_number.c
vendor-crypto/heimdal/dist/lib/krb5/generate_subkey.c
vendor-crypto/heimdal/dist/lib/krb5/get_addrs.c
vendor-crypto/heimdal/dist/lib/krb5/get_cred.c
vendor-crypto/heimdal/dist/lib/krb5/get_default_principal.c
vendor-crypto/heimdal/dist/lib/krb5/get_default_realm.c
vendor-crypto/heimdal/dist/lib/krb5/get_for_creds.c
vendor-crypto/heimdal/dist/lib/krb5/get_host_realm.c
vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt.c
vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_pw.c
vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_keytab.c
vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_skey.c
vendor-crypto/heimdal/dist/lib/krb5/get_port.c
vendor-crypto/heimdal/dist/lib/krb5/heim_err.et
vendor-crypto/heimdal/dist/lib/krb5/heim_threads.h
vendor-crypto/heimdal/dist/lib/krb5/init_creds.c
vendor-crypto/heimdal/dist/lib/krb5/init_creds_pw.c
vendor-crypto/heimdal/dist/lib/krb5/k524_err.et
vendor-crypto/heimdal/dist/lib/krb5/kcm.c
vendor-crypto/heimdal/dist/lib/krb5/kcm.h
vendor-crypto/heimdal/dist/lib/krb5/kerberos.8
vendor-crypto/heimdal/dist/lib/krb5/keyblock.c
vendor-crypto/heimdal/dist/lib/krb5/keytab.c
vendor-crypto/heimdal/dist/lib/krb5/keytab_any.c
vendor-crypto/heimdal/dist/lib/krb5/keytab_file.c
vendor-crypto/heimdal/dist/lib/krb5/keytab_keyfile.c
vendor-crypto/heimdal/dist/lib/krb5/keytab_krb4.c
vendor-crypto/heimdal/dist/lib/krb5/keytab_memory.c
vendor-crypto/heimdal/dist/lib/krb5/krb5-private.h
vendor-crypto/heimdal/dist/lib/krb5/krb5-protos.h
vendor-crypto/heimdal/dist/lib/krb5/krb5-v4compat.h
vendor-crypto/heimdal/dist/lib/krb5/krb5.3
vendor-crypto/heimdal/dist/lib/krb5/krb5.conf.5
vendor-crypto/heimdal/dist/lib/krb5/krb5.h
vendor-crypto/heimdal/dist/lib/krb5/krb5.moduli
vendor-crypto/heimdal/dist/lib/krb5/krb524_convert_creds_kdc.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_425_conv_principal.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_acl_match_file.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_address.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_aname_to_localname.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_appdefault.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_auth_context.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_c_make_checksum.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_ccache.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_ccapi.h
vendor-crypto/heimdal/dist/lib/krb5/krb5_check_transited.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_compare_creds.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_config.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_context.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_create_checksum.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_creds.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_crypto_init.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_data.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_digest.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_eai_to_heim_errno.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_encrypt.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_err.et
vendor-crypto/heimdal/dist/lib/krb5/krb5_expand_hostname.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_find_padata.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_generate_random_block.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_all_client_addrs.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_credentials.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_creds.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_forwarded_creds.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_in_cred.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_init_creds.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_get_krbhst.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_getportbyname.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_init_context.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_is_thread_safe.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_keyblock.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_keytab.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_krbhst_init.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_kuserok.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_locl.h
vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_req.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_safe.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_openlog.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_parse_name.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_principal.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_rcache.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_error.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_safe.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_set_default_realm.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_set_password.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_storage.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_string_to_key.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_ticket.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_timeofday.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_unparse_name.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_init_creds.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_user.3
vendor-crypto/heimdal/dist/lib/krb5/krb5_warn.3
vendor-crypto/heimdal/dist/lib/krb5/krb_err.et
vendor-crypto/heimdal/dist/lib/krb5/krbhst-test.c
vendor-crypto/heimdal/dist/lib/krb5/krbhst.c
vendor-crypto/heimdal/dist/lib/krb5/kuserok.c
vendor-crypto/heimdal/dist/lib/krb5/locate_plugin.h
vendor-crypto/heimdal/dist/lib/krb5/log.c
vendor-crypto/heimdal/dist/lib/krb5/mcache.c
vendor-crypto/heimdal/dist/lib/krb5/misc.c
vendor-crypto/heimdal/dist/lib/krb5/mit_glue.c
vendor-crypto/heimdal/dist/lib/krb5/mk_error.c
vendor-crypto/heimdal/dist/lib/krb5/mk_priv.c
vendor-crypto/heimdal/dist/lib/krb5/mk_rep.c
vendor-crypto/heimdal/dist/lib/krb5/mk_req.c
vendor-crypto/heimdal/dist/lib/krb5/mk_req_ext.c
vendor-crypto/heimdal/dist/lib/krb5/mk_safe.c
vendor-crypto/heimdal/dist/lib/krb5/n-fold-test.c
vendor-crypto/heimdal/dist/lib/krb5/n-fold.c
vendor-crypto/heimdal/dist/lib/krb5/name-45-test.c
vendor-crypto/heimdal/dist/lib/krb5/net_read.c
vendor-crypto/heimdal/dist/lib/krb5/net_write.c
vendor-crypto/heimdal/dist/lib/krb5/pac.c
vendor-crypto/heimdal/dist/lib/krb5/padata.c
vendor-crypto/heimdal/dist/lib/krb5/parse-name-test.c
vendor-crypto/heimdal/dist/lib/krb5/pkinit.c
vendor-crypto/heimdal/dist/lib/krb5/plugin.c
vendor-crypto/heimdal/dist/lib/krb5/principal.c
vendor-crypto/heimdal/dist/lib/krb5/prog_setup.c
vendor-crypto/heimdal/dist/lib/krb5/prompter_posix.c
vendor-crypto/heimdal/dist/lib/krb5/rd_cred.c
vendor-crypto/heimdal/dist/lib/krb5/rd_error.c
vendor-crypto/heimdal/dist/lib/krb5/rd_priv.c
vendor-crypto/heimdal/dist/lib/krb5/rd_rep.c
vendor-crypto/heimdal/dist/lib/krb5/rd_req.c
vendor-crypto/heimdal/dist/lib/krb5/rd_safe.c
vendor-crypto/heimdal/dist/lib/krb5/read_message.c
vendor-crypto/heimdal/dist/lib/krb5/recvauth.c
vendor-crypto/heimdal/dist/lib/krb5/replay.c
vendor-crypto/heimdal/dist/lib/krb5/send_to_kdc.c
vendor-crypto/heimdal/dist/lib/krb5/sendauth.c
vendor-crypto/heimdal/dist/lib/krb5/set_default_realm.c
vendor-crypto/heimdal/dist/lib/krb5/sock_principal.c
vendor-crypto/heimdal/dist/lib/krb5/store-int.h
vendor-crypto/heimdal/dist/lib/krb5/store-test.c
vendor-crypto/heimdal/dist/lib/krb5/store.c
vendor-crypto/heimdal/dist/lib/krb5/store_emem.c
vendor-crypto/heimdal/dist/lib/krb5/store_fd.c
vendor-crypto/heimdal/dist/lib/krb5/store_mem.c
vendor-crypto/heimdal/dist/lib/krb5/string-to-key-test.c
vendor-crypto/heimdal/dist/lib/krb5/test_acl.c
vendor-crypto/heimdal/dist/lib/krb5/test_addr.c
vendor-crypto/heimdal/dist/lib/krb5/test_alname.c
vendor-crypto/heimdal/dist/lib/krb5/test_cc.c
vendor-crypto/heimdal/dist/lib/krb5/test_config.c
vendor-crypto/heimdal/dist/lib/krb5/test_crypto.c
vendor-crypto/heimdal/dist/lib/krb5/test_crypto_wrapping.c
vendor-crypto/heimdal/dist/lib/krb5/test_forward.c
vendor-crypto/heimdal/dist/lib/krb5/test_get_addrs.c
vendor-crypto/heimdal/dist/lib/krb5/test_hostname.c
vendor-crypto/heimdal/dist/lib/krb5/test_keytab.c
vendor-crypto/heimdal/dist/lib/krb5/test_kuserok.c
vendor-crypto/heimdal/dist/lib/krb5/test_mem.c
vendor-crypto/heimdal/dist/lib/krb5/test_pac.c
vendor-crypto/heimdal/dist/lib/krb5/test_pkinit_dh2key.c
vendor-crypto/heimdal/dist/lib/krb5/test_plugin.c
vendor-crypto/heimdal/dist/lib/krb5/test_prf.c
vendor-crypto/heimdal/dist/lib/krb5/test_princ.c
vendor-crypto/heimdal/dist/lib/krb5/test_renew.c
vendor-crypto/heimdal/dist/lib/krb5/test_store.c
vendor-crypto/heimdal/dist/lib/krb5/test_time.c
vendor-crypto/heimdal/dist/lib/krb5/ticket.c
vendor-crypto/heimdal/dist/lib/krb5/time.c
vendor-crypto/heimdal/dist/lib/krb5/transited.c
vendor-crypto/heimdal/dist/lib/krb5/v4_glue.c
vendor-crypto/heimdal/dist/lib/krb5/verify_init.c
vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.8
vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.c
vendor-crypto/heimdal/dist/lib/krb5/verify_user.c
vendor-crypto/heimdal/dist/lib/krb5/version-script.map
vendor-crypto/heimdal/dist/lib/krb5/version.c
vendor-crypto/heimdal/dist/lib/krb5/warn.c
vendor-crypto/heimdal/dist/lib/krb5/write_message.c
vendor-crypto/heimdal/dist/lib/ntlm/
vendor-crypto/heimdal/dist/lib/ntlm/ChangeLog
vendor-crypto/heimdal/dist/lib/ntlm/Makefile.am
vendor-crypto/heimdal/dist/lib/ntlm/Makefile.in
vendor-crypto/heimdal/dist/lib/ntlm/heimntlm-protos.h
vendor-crypto/heimdal/dist/lib/ntlm/heimntlm.h
vendor-crypto/heimdal/dist/lib/ntlm/ntlm.c
vendor-crypto/heimdal/dist/lib/ntlm/test_ntlm.c
vendor-crypto/heimdal/dist/lib/ntlm/version-script.map
vendor-crypto/heimdal/dist/lib/roken/
vendor-crypto/heimdal/dist/lib/roken/ChangeLog
vendor-crypto/heimdal/dist/lib/roken/Makefile.am
vendor-crypto/heimdal/dist/lib/roken/Makefile.in
vendor-crypto/heimdal/dist/lib/roken/base64-test.c
vendor-crypto/heimdal/dist/lib/roken/base64.c
vendor-crypto/heimdal/dist/lib/roken/base64.h
vendor-crypto/heimdal/dist/lib/roken/bswap.c
vendor-crypto/heimdal/dist/lib/roken/chown.c
vendor-crypto/heimdal/dist/lib/roken/closefrom.c
vendor-crypto/heimdal/dist/lib/roken/concat.c
vendor-crypto/heimdal/dist/lib/roken/copyhostent.c
vendor-crypto/heimdal/dist/lib/roken/daemon.c
vendor-crypto/heimdal/dist/lib/roken/dumpdata.c
vendor-crypto/heimdal/dist/lib/roken/ecalloc.3
vendor-crypto/heimdal/dist/lib/roken/ecalloc.c
vendor-crypto/heimdal/dist/lib/roken/emalloc.c
vendor-crypto/heimdal/dist/lib/roken/environment.c
vendor-crypto/heimdal/dist/lib/roken/eread.c
vendor-crypto/heimdal/dist/lib/roken/erealloc.c
vendor-crypto/heimdal/dist/lib/roken/err.c
vendor-crypto/heimdal/dist/lib/roken/err.hin
vendor-crypto/heimdal/dist/lib/roken/errx.c
vendor-crypto/heimdal/dist/lib/roken/esetenv.c
vendor-crypto/heimdal/dist/lib/roken/estrdup.c
vendor-crypto/heimdal/dist/lib/roken/ewrite.c
vendor-crypto/heimdal/dist/lib/roken/fchown.c
vendor-crypto/heimdal/dist/lib/roken/flock.c
vendor-crypto/heimdal/dist/lib/roken/fnmatch.c
vendor-crypto/heimdal/dist/lib/roken/fnmatch.hin
vendor-crypto/heimdal/dist/lib/roken/freeaddrinfo.c
vendor-crypto/heimdal/dist/lib/roken/freehostent.c
vendor-crypto/heimdal/dist/lib/roken/gai_strerror.c
vendor-crypto/heimdal/dist/lib/roken/get_default_username.c
vendor-crypto/heimdal/dist/lib/roken/get_window_size.c
vendor-crypto/heimdal/dist/lib/roken/getaddrinfo-test.c
vendor-crypto/heimdal/dist/lib/roken/getaddrinfo.c
vendor-crypto/heimdal/dist/lib/roken/getaddrinfo_hostspec.c
vendor-crypto/heimdal/dist/lib/roken/getarg.3
vendor-crypto/heimdal/dist/lib/roken/getarg.c
vendor-crypto/heimdal/dist/lib/roken/getarg.h
vendor-crypto/heimdal/dist/lib/roken/getcap.c
vendor-crypto/heimdal/dist/lib/roken/getcwd.c
vendor-crypto/heimdal/dist/lib/roken/getdtablesize.c
vendor-crypto/heimdal/dist/lib/roken/getegid.c
vendor-crypto/heimdal/dist/lib/roken/geteuid.c
vendor-crypto/heimdal/dist/lib/roken/getgid.c
vendor-crypto/heimdal/dist/lib/roken/gethostname.c
vendor-crypto/heimdal/dist/lib/roken/getifaddrs.c
vendor-crypto/heimdal/dist/lib/roken/getipnodebyaddr.c
vendor-crypto/heimdal/dist/lib/roken/getipnodebyname.c
vendor-crypto/heimdal/dist/lib/roken/getnameinfo.c
vendor-crypto/heimdal/dist/lib/roken/getnameinfo_verified.c
vendor-crypto/heimdal/dist/lib/roken/getopt.c
vendor-crypto/heimdal/dist/lib/roken/getprogname.c
vendor-crypto/heimdal/dist/lib/roken/gettimeofday.c
vendor-crypto/heimdal/dist/lib/roken/getuid.c
vendor-crypto/heimdal/dist/lib/roken/getusershell.c
vendor-crypto/heimdal/dist/lib/roken/glob.c
vendor-crypto/heimdal/dist/lib/roken/glob.hin
vendor-crypto/heimdal/dist/lib/roken/h_errno.c
vendor-crypto/heimdal/dist/lib/roken/hex-test.c
vendor-crypto/heimdal/dist/lib/roken/hex.c
vendor-crypto/heimdal/dist/lib/roken/hex.h
vendor-crypto/heimdal/dist/lib/roken/hostent_find_fqdn.c
vendor-crypto/heimdal/dist/lib/roken/hstrerror.c
vendor-crypto/heimdal/dist/lib/roken/ifaddrs.hin
vendor-crypto/heimdal/dist/lib/roken/inet_aton.c
vendor-crypto/heimdal/dist/lib/roken/inet_ntop.c
vendor-crypto/heimdal/dist/lib/roken/inet_pton.c
vendor-crypto/heimdal/dist/lib/roken/initgroups.c
vendor-crypto/heimdal/dist/lib/roken/innetgr.c
vendor-crypto/heimdal/dist/lib/roken/install-sh
vendor-crypto/heimdal/dist/lib/roken/iruserok.c
vendor-crypto/heimdal/dist/lib/roken/issuid.c
vendor-crypto/heimdal/dist/lib/roken/k_getpwnam.c
vendor-crypto/heimdal/dist/lib/roken/k_getpwuid.c
vendor-crypto/heimdal/dist/lib/roken/localtime_r.c
vendor-crypto/heimdal/dist/lib/roken/lstat.c
vendor-crypto/heimdal/dist/lib/roken/memmove.c
vendor-crypto/heimdal/dist/lib/roken/mini_inetd.c
vendor-crypto/heimdal/dist/lib/roken/missing
vendor-crypto/heimdal/dist/lib/roken/mkinstalldirs
vendor-crypto/heimdal/dist/lib/roken/mkstemp.c
vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.c
vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.h
vendor-crypto/heimdal/dist/lib/roken/net_read.c
vendor-crypto/heimdal/dist/lib/roken/net_write.c
vendor-crypto/heimdal/dist/lib/roken/parse_bytes-test.c
vendor-crypto/heimdal/dist/lib/roken/parse_bytes.c
vendor-crypto/heimdal/dist/lib/roken/parse_bytes.h
vendor-crypto/heimdal/dist/lib/roken/parse_reply-test.c
vendor-crypto/heimdal/dist/lib/roken/parse_time-test.c
vendor-crypto/heimdal/dist/lib/roken/parse_time.3
vendor-crypto/heimdal/dist/lib/roken/parse_time.c
vendor-crypto/heimdal/dist/lib/roken/parse_time.h
vendor-crypto/heimdal/dist/lib/roken/parse_units.c
vendor-crypto/heimdal/dist/lib/roken/parse_units.h
vendor-crypto/heimdal/dist/lib/roken/putenv.c
vendor-crypto/heimdal/dist/lib/roken/rcmd.c
vendor-crypto/heimdal/dist/lib/roken/readv.c
vendor-crypto/heimdal/dist/lib/roken/realloc.c
vendor-crypto/heimdal/dist/lib/roken/recvmsg.c
vendor-crypto/heimdal/dist/lib/roken/resolve-test.c
vendor-crypto/heimdal/dist/lib/roken/resolve.c
vendor-crypto/heimdal/dist/lib/roken/resolve.h
vendor-crypto/heimdal/dist/lib/roken/roken-common.h
vendor-crypto/heimdal/dist/lib/roken/roken.awk
vendor-crypto/heimdal/dist/lib/roken/roken.h.in
vendor-crypto/heimdal/dist/lib/roken/roken_gethostby.c
vendor-crypto/heimdal/dist/lib/roken/rtbl.3
vendor-crypto/heimdal/dist/lib/roken/rtbl.c
vendor-crypto/heimdal/dist/lib/roken/rtbl.h
vendor-crypto/heimdal/dist/lib/roken/sendmsg.c
vendor-crypto/heimdal/dist/lib/roken/setegid.c
vendor-crypto/heimdal/dist/lib/roken/setenv.c
vendor-crypto/heimdal/dist/lib/roken/seteuid.c
vendor-crypto/heimdal/dist/lib/roken/setprogname.c
vendor-crypto/heimdal/dist/lib/roken/signal.c
vendor-crypto/heimdal/dist/lib/roken/simple_exec.c
vendor-crypto/heimdal/dist/lib/roken/snprintf-test.c
vendor-crypto/heimdal/dist/lib/roken/snprintf-test.h
vendor-crypto/heimdal/dist/lib/roken/snprintf.c
vendor-crypto/heimdal/dist/lib/roken/socket.c
vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.c
vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.h
vendor-crypto/heimdal/dist/lib/roken/strcasecmp.c
vendor-crypto/heimdal/dist/lib/roken/strcollect.c
vendor-crypto/heimdal/dist/lib/roken/strdup.c
vendor-crypto/heimdal/dist/lib/roken/strerror.c
vendor-crypto/heimdal/dist/lib/roken/strftime.c
vendor-crypto/heimdal/dist/lib/roken/strlcat.c
vendor-crypto/heimdal/dist/lib/roken/strlcpy.c
vendor-crypto/heimdal/dist/lib/roken/strlwr.c
vendor-crypto/heimdal/dist/lib/roken/strncasecmp.c
vendor-crypto/heimdal/dist/lib/roken/strndup.c
vendor-crypto/heimdal/dist/lib/roken/strnlen.c
vendor-crypto/heimdal/dist/lib/roken/strpftime-test.c
vendor-crypto/heimdal/dist/lib/roken/strpftime-test.h
vendor-crypto/heimdal/dist/lib/roken/strpool.c
vendor-crypto/heimdal/dist/lib/roken/strptime.c
vendor-crypto/heimdal/dist/lib/roken/strsep.c
vendor-crypto/heimdal/dist/lib/roken/strsep_copy.c
vendor-crypto/heimdal/dist/lib/roken/strtok_r.c
vendor-crypto/heimdal/dist/lib/roken/strupr.c
vendor-crypto/heimdal/dist/lib/roken/swab.c
vendor-crypto/heimdal/dist/lib/roken/test-mem.c
vendor-crypto/heimdal/dist/lib/roken/test-mem.h
vendor-crypto/heimdal/dist/lib/roken/test-readenv.c
vendor-crypto/heimdal/dist/lib/roken/timegm.c
vendor-crypto/heimdal/dist/lib/roken/timeval.c
vendor-crypto/heimdal/dist/lib/roken/tm2time.c
vendor-crypto/heimdal/dist/lib/roken/unsetenv.c
vendor-crypto/heimdal/dist/lib/roken/unvis.c
vendor-crypto/heimdal/dist/lib/roken/verify.c
vendor-crypto/heimdal/dist/lib/roken/verr.c
vendor-crypto/heimdal/dist/lib/roken/verrx.c
vendor-crypto/heimdal/dist/lib/roken/vis.c
vendor-crypto/heimdal/dist/lib/roken/vis.h
vendor-crypto/heimdal/dist/lib/roken/vis.hin
vendor-crypto/heimdal/dist/lib/roken/vsyslog.c
vendor-crypto/heimdal/dist/lib/roken/vwarn.c
vendor-crypto/heimdal/dist/lib/roken/vwarnx.c
vendor-crypto/heimdal/dist/lib/roken/warn.c
vendor-crypto/heimdal/dist/lib/roken/warnerr.c
vendor-crypto/heimdal/dist/lib/roken/warnx.c
vendor-crypto/heimdal/dist/lib/roken/write_pid.c
vendor-crypto/heimdal/dist/lib/roken/writev.c
vendor-crypto/heimdal/dist/lib/roken/xdbm.h
vendor-crypto/heimdal/dist/lib/sl/
vendor-crypto/heimdal/dist/lib/sl/ChangeLog
vendor-crypto/heimdal/dist/lib/sl/Makefile.am
vendor-crypto/heimdal/dist/lib/sl/Makefile.in
vendor-crypto/heimdal/dist/lib/sl/lex.c
vendor-crypto/heimdal/dist/lib/sl/lex.l
vendor-crypto/heimdal/dist/lib/sl/make_cmds.c
vendor-crypto/heimdal/dist/lib/sl/make_cmds.h
vendor-crypto/heimdal/dist/lib/sl/parse.c
vendor-crypto/heimdal/dist/lib/sl/parse.h
vendor-crypto/heimdal/dist/lib/sl/parse.y
vendor-crypto/heimdal/dist/lib/sl/roken_rename.h
vendor-crypto/heimdal/dist/lib/sl/sl.c
vendor-crypto/heimdal/dist/lib/sl/sl.h
vendor-crypto/heimdal/dist/lib/sl/sl_locl.h
vendor-crypto/heimdal/dist/lib/sl/slc-gram.c
vendor-crypto/heimdal/dist/lib/sl/slc-gram.h
vendor-crypto/heimdal/dist/lib/sl/slc-gram.y
vendor-crypto/heimdal/dist/lib/sl/slc-lex.c
vendor-crypto/heimdal/dist/lib/sl/slc-lex.l
vendor-crypto/heimdal/dist/lib/sl/slc.h
vendor-crypto/heimdal/dist/lib/sl/ss.c
vendor-crypto/heimdal/dist/lib/sl/ss.h
vendor-crypto/heimdal/dist/lib/sl/test_sl.c
vendor-crypto/heimdal/dist/lib/vers/
vendor-crypto/heimdal/dist/lib/vers/ChangeLog
vendor-crypto/heimdal/dist/lib/vers/Makefile.am
vendor-crypto/heimdal/dist/lib/vers/Makefile.in
vendor-crypto/heimdal/dist/lib/vers/make-print-version.c
vendor-crypto/heimdal/dist/lib/vers/print_version.c
vendor-crypto/heimdal/dist/lib/vers/vers.h
vendor-crypto/heimdal/dist/ltmain.sh
vendor-crypto/heimdal/dist/missing
vendor-crypto/heimdal/dist/packages/
vendor-crypto/heimdal/dist/packages/ChangeLog
vendor-crypto/heimdal/dist/packages/Makefile.am
vendor-crypto/heimdal/dist/packages/Makefile.in
vendor-crypto/heimdal/dist/packages/debian/
vendor-crypto/heimdal/dist/packages/debian/Makefile.am
vendor-crypto/heimdal/dist/packages/debian/Makefile.in
vendor-crypto/heimdal/dist/packages/debian/README
vendor-crypto/heimdal/dist/packages/debian/README.Debian
vendor-crypto/heimdal/dist/packages/debian/changelog
vendor-crypto/heimdal/dist/packages/debian/compat
vendor-crypto/heimdal/dist/packages/debian/control
vendor-crypto/heimdal/dist/packages/debian/copyright
vendor-crypto/heimdal/dist/packages/debian/extras/
vendor-crypto/heimdal/dist/packages/debian/extras/default
vendor-crypto/heimdal/dist/packages/debian/extras/kadmind.acl
vendor-crypto/heimdal/dist/packages/debian/extras/kdc.conf
vendor-crypto/heimdal/dist/packages/debian/heimdal-clients-x.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.postinst
vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.prerm
vendor-crypto/heimdal/dist/packages/debian/heimdal-dev.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-docs.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.init
vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.dirs
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.examples
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.init
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.logrotate
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postinst
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postrm
vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.templates
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.dirs
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postinst
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postrm
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.prerm
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.dirs
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.install
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postinst
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postrm
vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.prerm
vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postinst.debhelper
vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postrm.debhelper
vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.substvars
vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postinst.debhelper
vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postrm.debhelper
vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.substvars
vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postinst.debhelper
vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postrm.debhelper
vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.substvars
vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper
vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper
vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.substvars
vendor-crypto/heimdal/dist/packages/debian/libkadm5srv7-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libkadm5srv8-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libkafs0-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postinst.debhelper
vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postrm.debhelper
vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.substvars
vendor-crypto/heimdal/dist/packages/debian/libotp0-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postinst.debhelper
vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postrm.debhelper
vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.substvars
vendor-crypto/heimdal/dist/packages/debian/libsl0-heimdal.install
vendor-crypto/heimdal/dist/packages/debian/patches/
vendor-crypto/heimdal/dist/packages/debian/patches/021_debian
vendor-crypto/heimdal/dist/packages/debian/patches/022_ftp-roken-glob
vendor-crypto/heimdal/dist/packages/debian/patches/022_openafs
vendor-crypto/heimdal/dist/packages/debian/patches/025_pthreads
vendor-crypto/heimdal/dist/packages/debian/patches/026_posix_max
vendor-crypto/heimdal/dist/packages/debian/po/
vendor-crypto/heimdal/dist/packages/debian/po/POTFILES.in
vendor-crypto/heimdal/dist/packages/debian/po/templates.pot
vendor-crypto/heimdal/dist/packages/debian/rules
vendor-crypto/heimdal/dist/packages/debian/scripts/
vendor-crypto/heimdal/dist/packages/debian/scripts/convert_source
vendor-crypto/heimdal/dist/packages/mac/
vendor-crypto/heimdal/dist/packages/mac/Info.plist
vendor-crypto/heimdal/dist/packages/mac/Makefile.am
vendor-crypto/heimdal/dist/packages/mac/Makefile.in
vendor-crypto/heimdal/dist/packages/mac/Resources/
vendor-crypto/heimdal/dist/packages/mac/Resources/Description.plist
vendor-crypto/heimdal/dist/packages/mac/Resources/English.lproj/
vendor-crypto/heimdal/dist/packages/mac/Resources/English.lproj/Welcome.rtf
vendor-crypto/heimdal/dist/packages/mac/mac.sh
vendor-crypto/heimdal/dist/tests/
vendor-crypto/heimdal/dist/tests/ChangeLog
vendor-crypto/heimdal/dist/tests/Makefile.am
vendor-crypto/heimdal/dist/tests/Makefile.in
vendor-crypto/heimdal/dist/tests/can/
vendor-crypto/heimdal/dist/tests/can/Makefile.am
vendor-crypto/heimdal/dist/tests/can/Makefile.in
vendor-crypto/heimdal/dist/tests/can/apple-10.4.kadm
vendor-crypto/heimdal/dist/tests/can/apple-10.4.req
vendor-crypto/heimdal/dist/tests/can/check-can.in
vendor-crypto/heimdal/dist/tests/can/heim-0.8.kadm
vendor-crypto/heimdal/dist/tests/can/heim-0.8.req
vendor-crypto/heimdal/dist/tests/can/krb5.conf.in
vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.ca.crt
vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.kadm
vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.req
vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.xf
vendor-crypto/heimdal/dist/tests/can/test_can.in
vendor-crypto/heimdal/dist/tests/db/
vendor-crypto/heimdal/dist/tests/db/Makefile.am
vendor-crypto/heimdal/dist/tests/db/Makefile.in
vendor-crypto/heimdal/dist/tests/db/add-modify-delete.in
vendor-crypto/heimdal/dist/tests/db/check-dbinfo.in
vendor-crypto/heimdal/dist/tests/db/have-db.in
vendor-crypto/heimdal/dist/tests/db/krb5.conf.in
vendor-crypto/heimdal/dist/tests/db/loaddump-db.in
vendor-crypto/heimdal/dist/tests/db/text-dump-0.7
vendor-crypto/heimdal/dist/tests/db/text-dump-known-ext
vendor-crypto/heimdal/dist/tests/db/text-dump-no-ext
vendor-crypto/heimdal/dist/tests/db/text-dump-unknown-ext
vendor-crypto/heimdal/dist/tests/gss/
vendor-crypto/heimdal/dist/tests/gss/Makefile.am
vendor-crypto/heimdal/dist/tests/gss/Makefile.in
vendor-crypto/heimdal/dist/tests/gss/check-basic.in
vendor-crypto/heimdal/dist/tests/gss/check-context.in
vendor-crypto/heimdal/dist/tests/gss/check-gss.in
vendor-crypto/heimdal/dist/tests/gss/check-gssmask.in
vendor-crypto/heimdal/dist/tests/gss/check-ntlm.in
vendor-crypto/heimdal/dist/tests/gss/check-spnego.in
vendor-crypto/heimdal/dist/tests/gss/krb5.conf.in
vendor-crypto/heimdal/dist/tests/gss/ntlm-user-file.txt
vendor-crypto/heimdal/dist/tests/java/
vendor-crypto/heimdal/dist/tests/java/KerberosInit.java
vendor-crypto/heimdal/dist/tests/java/Makefile.am
vendor-crypto/heimdal/dist/tests/java/Makefile.in
vendor-crypto/heimdal/dist/tests/java/check-kinit.in
vendor-crypto/heimdal/dist/tests/java/have-java.sh
vendor-crypto/heimdal/dist/tests/java/jaas.conf
vendor-crypto/heimdal/dist/tests/java/krb5.conf.in
vendor-crypto/heimdal/dist/tests/kdc/
vendor-crypto/heimdal/dist/tests/kdc/Makefile.am
vendor-crypto/heimdal/dist/tests/kdc/Makefile.in
vendor-crypto/heimdal/dist/tests/kdc/ap-req.c
vendor-crypto/heimdal/dist/tests/kdc/check-digest.in
vendor-crypto/heimdal/dist/tests/kdc/check-iprop.in
vendor-crypto/heimdal/dist/tests/kdc/check-kadmin.in
vendor-crypto/heimdal/dist/tests/kdc/check-kdc.in
vendor-crypto/heimdal/dist/tests/kdc/check-keys.in
vendor-crypto/heimdal/dist/tests/kdc/check-pkinit.in
vendor-crypto/heimdal/dist/tests/kdc/check-referral.in
vendor-crypto/heimdal/dist/tests/kdc/check-uu.in
vendor-crypto/heimdal/dist/tests/kdc/donotexists.txt
vendor-crypto/heimdal/dist/tests/kdc/heimdal.acl
vendor-crypto/heimdal/dist/tests/kdc/iprop-acl
vendor-crypto/heimdal/dist/tests/kdc/krb5-pkinit.conf.in
vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.in
vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.keys.in
vendor-crypto/heimdal/dist/tests/kdc/ntlm-user-file.txt
vendor-crypto/heimdal/dist/tests/kdc/pki-mapping
vendor-crypto/heimdal/dist/tests/kdc/uuserver.txt
vendor-crypto/heimdal/dist/tests/kdc/wait-kdc.sh
vendor-crypto/heimdal/dist/tests/ldap/
vendor-crypto/heimdal/dist/tests/ldap/Makefile.am
vendor-crypto/heimdal/dist/tests/ldap/Makefile.in
vendor-crypto/heimdal/dist/tests/ldap/check-ldap.in
vendor-crypto/heimdal/dist/tests/ldap/init.ldif
vendor-crypto/heimdal/dist/tests/ldap/krb5.conf.in
vendor-crypto/heimdal/dist/tests/ldap/samba.schema
vendor-crypto/heimdal/dist/tests/ldap/slapd-init.in
vendor-crypto/heimdal/dist/tests/ldap/slapd-stop
vendor-crypto/heimdal/dist/tests/ldap/slapd.conf
vendor-crypto/heimdal/dist/tests/plugin/
vendor-crypto/heimdal/dist/tests/plugin/Makefile.am
vendor-crypto/heimdal/dist/tests/plugin/Makefile.in
vendor-crypto/heimdal/dist/tests/plugin/check-pac.in
vendor-crypto/heimdal/dist/tests/plugin/krb5.conf.in
vendor-crypto/heimdal/dist/tests/plugin/windc.c
vendor-crypto/heimdal/dist/tools/
vendor-crypto/heimdal/dist/tools/Makefile.am
vendor-crypto/heimdal/dist/tools/Makefile.in
vendor-crypto/heimdal/dist/tools/heimdal-build.sh
vendor-crypto/heimdal/dist/tools/heimdal-gssapi.pc.in
vendor-crypto/heimdal/dist/tools/kdc-log-analyze.pl
vendor-crypto/heimdal/dist/tools/krb5-config.1
vendor-crypto/heimdal/dist/tools/krb5-config.in
Added: vendor-crypto/heimdal/dist/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1356 @@
+2008-01-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Release 1.1
+
+2008-01-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_for_creds.c: Use on variable less.
+
+ * lib/krb5/get_for_creds.c: Try to handle ticket full and
+ ticketless tickets better. Add doxygen comments while here.
+
+ * lib/krb5/test_forward.c: Used for testing
+ krb5_get_forwarded_creds().
+
+ * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward
+
+ * lib/krb5/Makefile.am: drop CHECK_SYMBOLS
+
+ * lib/hdb/Makefile.am: drop CHECK_SYMBOLS
+
+ * kdc/Makefile.am: drop CHECK_SYMBOLS
+
+2008-01-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/version-script.map: Add krb5_digest_probe.
+
+2008-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
+ hx509_name_binary.
+
+2008-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: add missing files
+
+2007-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
+ type2 message.
+
+2007-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/dbinfo.c: Add hdb_default_db().
+
+ * Makefile.am: Add some extra cf/*.
+
+2007-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.
+
+2007-12-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/log.c: Use hdb_db_dir().
+
+ * kpasswd/kpasswdd.c: Use hdb_db_dir().
+
+2007-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/config.c: Use hdb_db_dir().
+
+ * kdc/kdc_locl.h: add KDC_LOG_FILE
+
+ * kdc/hpropd.c: Use hdb_default_db().
+
+ * kdc/kstash.c: Use hdb_db_dir().
+
+ * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().
+
+ * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.
+
+ * lib/krb5/verify_krb5_conf.c: Check check_pac.
+
+ * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
+ field in the krb5_rd_req_in_ctx
+
+ * lib/krb5/expand_hostname.c: Adapt to changing
+ dns_canonicalize_hostname into flags field.
+
+ * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
+ into flags field, add check-pac as an libdefaults option.
+
+ * lib/krb5/pkinit.c: Adapt to changes in hx509 interface.
+
+ * doc: add doxygen documentation to hcrypto
+
+ * doc/doxytmpl.dxy: generate links
+
+2007-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h
+
+ * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
+ hdb database resides.
+
+ * configure.in: Add --with-hdbdir to specify where the database is
+ stored.
+
+ * lib/krb5/crypto.c: revert previous patch, the problem is located
+ in the RAND_file_name() function that will cause recursive nss
+ lookups, can't fix that here.
+
+2007-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
+ dead-lock in by not holding the lock while running
+ RAND_file_name. Prompted by Hai Zaar.
+
+ * lib/krb5/n-fold.c: spelling
+
+2007-12-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kdigest.c (digest-probe): implement command.
+
+ * kuser/kdigest-commands.in (digest-probe): new command
+
+ * kdc/digest.c: Implement supportedMechs request.
+
+ * lib/krb5/error_string.c: Make krb5_get_error_string return an
+ allocated string to make the function indempotent. From
+ Zeqing (Fred) Xia.
+
+2007-12-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_locl.h (krb5_context_data): Flag if
+ default_cc_name was set by the user.
+
+ * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.
+
+ * kcm/acquire.c: use krb5_free_cred_contents
+
+ * kuser/kimpersonate.c: use krb5_free_cred_contents
+
+ * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
+ cred cache.
+
+ * lib/krb5/cache.c: Put back code that was needed, move gen_new
+ into new_unique.
+
+ * lib/krb5/mcache.c (mcc_default_name): Remove const
+
+ * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
+ KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE
+
+ * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
+ default name.
+
+ * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.
+
+ * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.
+
+ * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.
+
+ * lib/krb5/krb5.h: Add krb5_cc_ops->default_name.
+
+ * lib/krb5/acache.c: Free context when done, implement
+ krb5_cc_ops->default_name.
+
+ * lib/krb5/kcm.c: implement dummy kcm_move
+
+ * lib/krb5/mcache.c: Implement the move operation.
+
+ * lib/krb5/version-script.map: export krb5_cc_move
+
+ * lib/krb5/cache.c: New function krb5_cc_move().
+
+ * lib/krb5/fcache.c: Implement the move operation.
+
+ * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
+ version bump.
+
+ * lib/krb5/acache.c: Implement the move operation. Avoid using
+ cc_set_principal() since it broken on Mac OS X 10.5.0.
+
+2007-12-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
+
+2007-11-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: Should pass different key usage constants
+ depending on whether or not optional sub-session key was passed by
+ the client for the check of authorization data. The constant is
+ used to derive "specific key" and its values are specified in
+ 7.5.1 of RFC4120.
+
+ Patch from Andy Polyakov.
+
+ * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
+ clients have started to not like that. Thanks to Andy Polyakov for
+ excellent research.
+
+2007-11-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/creds.c: use krb5_data_cmp
+
+ * lib/krb5/acache.c: use krb5_free_cred_contents
+
+ * lib/krb5/test_renew.c: use krb5_free_cred_contents
+
+2007-11-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acl.c: doxygen documentation
+
+ * lib/krb5/addr_families.c: doxygen documentation
+
+ * doc: add doxygen
+
+ * lib/krb5/plugin.c: doxygen documentation
+
+ * lib/krb5/kcm.c: doxygen documentation
+
+ * lib/krb5/fcache.c: doxygen documentation
+
+ * lib/krb5/cache.c: doxygen documentations
+
+ * lib/krb5/doxygen.c: doxygen introduction
+
+ * lib/krb5/error_string.c: Doxygen documentation.
+
+2007-11-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_plugin.c: expose krb5_plugin_register
+
+ * lib/krb5/plugin.c: expose krb5_plugin_register
+
+ * lib/krb5/version-script.map: sort, expose krb5_plugin_register
+
+2007-10-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Adding same enctype is enough one time. From
+ Andy Polyakov and Bjorn Sandell.
+
+2007-10-18 Love <lha at stacken.kth.se>
+
+ * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
+ from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
+
+ * lib/krb5/fcache.c (init_fcc): provide better error codes
+
+ * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
+ sending warning about pruned etypes.
+
+ * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
+ based) "old", this to support windows 2000 clients (unjoined to a
+ domain). From Andy Polyakov.
+
+2007-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
+
+2007-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
+ Ken'ichi.
+
+ * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
+ NULL on failure.
+
+2007-10-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
+ krb5_addr2sockaddr and igore thte test is that case.
+
+2007-09-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (krb5_free_context): free
+ default_cc_name_env, from Gunther Deschner.
+
+2007-08-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
+ work with c++, reported by Hai Zaar
+
+ * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar
+
+2007-08-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema
+
+2007-07-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check return value of alloc functions, from Charles Longeau
+
+ * lib/krb5/principal.c: spelling.
+
+ * kadmin/kadmin.8: spelling
+
+ * lib/krb5/crypto.c: Check return values from alloc
+ functions. Prompted by patch of Charles Longeau.
+
+ * lib/krb5/n-fold.c: Make _krb5_n_fold return a error
+ code. Prompted by patch of Charles Longeau.
+
+2007-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds.c: Always set the ticket options, use
+ KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
+ tri-state not so useful.
+
+2007-07-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
+ libraries.
+
+ * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
+ heimdal.
+
+ * tools/Makefile.am: Add heimdal-gssapi.pc and install it into
+ $(libdir)/pkgconfig
+
+2007-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.
+
+2007-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
+ key if the entry is a correct entry.
+
+ * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
+ Gunther Deschner.
+
+ * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.
+
+ * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.
+
+2007-07-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
+ from Peter Meinecke.
+
+ * kdc/kaserver.c: Don't ovewrite the error code, from Peter
+ Meinecke.
+
+2007-07-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * TODO-1.0: remove
+
+ * Makefile.am: remove TODO-1.0
+
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Heimdal 1.0 release branch cut here
+
+ * doc/hx509.texi: use version.texi
+
+ * doc/heimdal.texi: use version.texi
+
+ * doc/version.texi: version.texi
+
+ * lib/hdb/db3.c: avoid type-punned pointer warning.
+
+ * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
+ please OpenSSL and gcc.
+
+ * kdc/digest.c: Use unsigned char * as argument to MD5_Update to
+ please OpenSSL and gcc.
+
+2007-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: Add krb_err.h.
+
+ * kdc/set_dbinfo.c: Print acl file too.
+
+ * kdc/kerberos4.c: Error codes are just fine, remove XXX now.
+
+ * lib/krb5/krb5-v4compat.h: Drop duplicate error codes.
+
+ * kdc/kerberos4.c: switch to ET errors.
+
+ * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.
+
+ * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
+ et BASE.
+
+2007-07-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5-v4compat.h: Include "krb_err.h".
+
+ * lib/krb5/v4_glue.c: return more interesting error codes.
+
+ * lib/krb5/plugin.c: Prefix enum plugin_type.
+
+ * lib/krb5/krb5_locl.h: Expose plugin structures.
+
+ * lib/krb5/krb5.h: Add plugin structures.
+
+ * lib/krb5/krb_err.et: V4 errors.
+
+ * lib/krb5/version-script.map: First version of version script.
+
+2007-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
+ lets allow that for uncomplicated name-types.
+
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
+ address 0, its ticket less and don't really care about
+ from_addr. return better error codes.
+
+ * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.
+
+2007-07-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
+ more then one enctype 23 to krb5EncryptionType.
+
+ * lib/krb5/cache.c: Spelling.
+
+ * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
+ (get_pa_etype_info2): return the enctypes as sorted in the
+ database
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: krb5-v4compat.h defines prototypes for
+ v4 (semiprivate functions) in libkrb5, don't include
+ krb5-private.h any longer.
+
+ * lib/krb5/krbhst.c: Set error string when there is no KDC for a
+ realm.
+
+ * lib/krb5/Makefile.am: New library version.
+
+ * kdc/Makefile.am: New library version.
+
+ * lib/krb5/krb5_locl.h: Add default_cc_name_env.
+
+ * lib/krb5/cache.c (enviroment_changed): return non-zero if
+ enviroment that will determine default krb5cc name has changed.
+ (krb5_cc_default_name): also check if cached value is uptodate.
+
+ * lib/krb5/krb5_locl.h: Drop pkinit_flags.
+
+2007-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: add tests/java/Makefile
+
+ * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.
+
+2007-07-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Improve the default salt detection to avoid
+ returning v4 password salting to java that doesn't look at the
+ returning padata for salting.
+
+ * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
+
+2007-07-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: Try harder to provide better error message for
+ digest messages.
+
+ * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
+ krb5-pr*.h, make -j finds this.
+
+2007-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: On success, print username, not ip-adress.
+
+2007-06-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
+
+ * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds
+
+ * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
+
+2007-06-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Add example for pkinit_win2k_require_binding
+ in [kdc] section.
+
+ * kdc/default_config.c: Rename require_binding to
+ win2k_require_binding to match client configuration.
+
+ * kdc/default_config.c: Add [kdc]pkinit_require_binding option.
+
+ * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
+ if its not required.
+
+ * kdc/default_config.c: rename pkinit_princ_in_cert and add
+ pkinit_require_binding
+
+ * kdc/kdc.h: rename pkinit_princ_in_cert and add
+ pkinit_require_binding
+
+ * kdc/pkinit.c: rename pkinit_princ_in_cert
+
+2007-06-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.
+
+2007-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: Drop unused variable.
+
+ * kdc/krb5tgs.c: disable anonyous tgs requests
+
+ * kdc/krb5tgs.c: Don't check PAC on cross realm for now.
+
+ * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
+ nametypes.
+
+ * lib/krb5/krb5_principal.3: Document krb5_parse_nametype.
+
+ * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
+ return their integer values.
+
+ * lib/krb5/krb5.h (krb5_get_creds): Add
+ KRB5_GC_CONSTRAINED_DELEGATION.
+
+ * lib/krb5/get_cred.c (krb5_get_creds): if
+ KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
+ and constrained_delegation.
+
+2007-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: Return an error message instead of dropping the
+ packet for more failure cases.
+
+ * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.
+
+ * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
+ gracefully
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pac.c: make compile.
+
+ * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
+ pointer from stack.
+
+ * lib/krb5/plugin.c: Don't expose free pointer.
+
+ * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
+ calloc.
+
+ * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory
+
+ * lib/krb5/krbhst.c: Host is static memory, don't free.
+
+ * lib/krb5/crypto.c (decrypt_internal_derived): make sure length
+ is longer then confounder + checksum.
+
+ * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
+ users. This to allows libkdc users to to specify their own
+ databases
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
+ content data (and avoid leaking memory).
+
+ * kdc/misc.c (_kdc_db_fetch): set error string for failures.
+
+2007-06-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
+
+2007-06-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: tell user when they got a pk-init request with
+ pkinit disabled.
+
+2007-06-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
+ UNPARSE_DISPLAY.
+
+ * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
+
+ * lib/krb5/principal.c: Make no-quote mean replace strange chars
+ with space.
+
+ * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
+
+ * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
+
+ * lib/krb5/test_princ.c: Test quoteing.
+
+ * lib/krb5/pkinit.c: update (c)
+
+ * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.
+
+ * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
+ process needs to restart or just skip this KDC.
+
+ * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
+ KDC.
+
+ * lib/krb5/krb5.h: Add sendto hooks and opaque structure.
+
+ * lib/krb5/krb5_rd_error.3: Update prototype.
+
+ * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
+ the server.
+
+2007-06-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
+
+2007-06-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: Constify.
+
+ * kdc/kerberos5.c: Constify.
+
+ * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
+
+2007-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.
+
+ * kdc/Makefile.am: EXTRA_DIST += version-script.map.
+
+2007-06-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (print-distdir): print name of dist
+
+ * kdc/pkinit.c: Break out loading of mappings file to a separate
+ function and remove warning that it can't open the mapping file,
+ there are now mappings in the db, maybe the users uses that
+ instead...
+
+ * lib/krb5/crypto.c: Require the raw key have the correct size and
+ do away with the minsize. Minsize was a thing that originated
+ from RC2, but since RC2 is done in the x509/cms subsystem now
+ there is no need to keep that around.
+
+ * lib/hdb/dbinfo.c: If there is no default dbname, also check for
+ unset mkey_file and set it default mkey name, make backward compat
+ stuff work.
+
+ * kdc/version-script.map: add new symbols
+
+ * kdc/kdc-replay.c: Also update krb5_context view of what the time
+ is.
+
+ * configure.in: add tests/can/Makefile
+
+ * kdc/kdc-replay.c: Add --[version|help].
+
+ * kdc/pkinit.c: Push down the kdc time into the x509 library.
+
+ * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
+ reply data too.
+
+ * kdc/kdc-replay.c: verify reply by checking asn1 class, type and
+ tag of the reply if there is one.
+
+ * kdc/process.c: Save asn1 class, type and tag of the reply if
+ there is one. Used to verify the reply in kdc-replay.
+
+2007-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kdc_locl.h: extern for request_log.
+
+ * kdc/Makefile.am: Add kdc-replay.
+
+ * kdc/kdc-replay.c: Replay kdc messages to the KDC library.
+
+ * kdc/config.c: Pick up request_log from [kdc]kdc-request-log.
+
+ * kdc/connect.c: Option to save the request to disk.
+
+ * kdc/process.c (krb5_kdc_save_request): save request to file.
+
+ * kdc/process.c (krb5_kdc_process*): dont update _kdc_time
+ automagicly.
+ (krb5_kdc_update_time): set or get current kdc-time.
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
+ pkauthdata as the signeddata oid
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.
+
+2007-06-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
+ match windows DC behavior better.
+
+2007-06-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: use test for -framework Security
+
+ * appl/test/uu_server.c: Print status to stdout.
+
+ * kdc/digest.c (digest ntlm): provide log entires by setting ret
+ to an error.
+
+2007-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/hx509.texi: Indent crl-sign.
+
+ * doc/hx509.texi: One more crl-sign example.
+
+ * lib/krb5/test_princ.c: plug memory leaks.
+
+ * lib/krb5/pac.c: plug memory leaks.
+
+ * lib/krb5/test_pac.c: plug memory leaks.
+
+ * lib/krb5/test_prf.c: plug memory leak.
+
+ * lib/krb5/test_cc.c: plug memory leaks.
+
+ * doc/hx509.texi: Simple blob about publishing CRLs.
+
+ * doc/win2k.texi: drop text about enctypes.
+
+2007-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: In case of OCSP verification failure, referash
+ every 5 min. In case of success, refreash 2 min before expiring or
+ faster.
+
+2007-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_err.et: add error 68, WRONG_REALM
+
+ * kdc/pkinit.c: Handle the ms san in a propper way, still cheat
+ with the realm name.
+
+ * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
+ directly and hand the error back to the client.
+
+ * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
+ and fix error message for CLIENT_NAME_MISMATCH.
+
+ * kdc/pkinit.c: More logging for pk-init client mismatch.
+
+ * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
+ windows pk-init (-9) to make MIT clients happy.
+
+2007-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: Force des3 for win2k.
+
+ * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
+ COMPAT_WIN2K.
+
+ * lib/krb5/keytab_keyfile.c: Spelling.
+
+ * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
+ doesn't deal with case of realm.
+
+2007-05-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
+ of encryption.
+
+2007-05-10 Dave Love <fx at gnu.org>
+
+ * doc/win2k.texi: Update some URLs.
+
+2007-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kimpersonate.c: Fix version number of ticket, it should be
+ 5 not the kvno.
+
+2007-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Salting is really Encryption types and salting.
+
+2007-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: spelling, from Ronny Blomme
+
+ * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
+ Blomme
+
+2007-05-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
+ specified, create one and let it use the defaults.
+
+2007-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/test_dbinfo.c: test acl file
+
+ * lib/hdb/test_dbinfo.c: test acl file
+
+ * lib/hdb/dbinfo.c: add acl file
+
+ * etc: ignore Makefile.in
+
+ * Makefile.am: SUBDIRS += etc
+
+ * configure.in: Add etc/Makefile.
+
+ * etc/Makefile.am: make sure services.append is distributed
+
+2007-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc: rename windc_init to krb5_kdc_windc_init
+
+ * kdc/version-script.map: version script for libkdc
+
+ * kdc/Makefile.am: version script for libkdc
+
+2007-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
+ correct the order of the arguments.
+
+ * lib/hdb/Makefile.am: Add and test dbinfo.
+
+ * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;
+
+ * kdc/config.c: Use krb5_kdc_get_config and just fill in what the
+ users wanted differently.
+
+ * kdc/default_config.c: Make the default configuration fetch info
+ from the krb5.conf.
+
+2007-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
+ determine if to send the session-key, for the second place in the
+ function.
+
+ * tools/krb5-config.in: rename des to hcrypto
+
+ * kuser/Makefile.am: depend on libheimntlm
+
+ * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
+ this domain if the Kerberos password auth worked.
+
+ * kuser/klist.c: add new option --hidden that doesn't display
+ principal that starts with @
+
+ * tools/krb5-config.in: Add heimntlm when we use gssapi.
+
+ * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
+ free 'cred' with.
+
+ * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
+ 'cred' with.
+
+2007-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
+ determine if to send the session-key.
+
+ * kcm/client.c (kcm_ccache_new_client): make root be able to pass
+ the name constraints, not the opposite. From Bryan Jacobs.
+
+2007-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/acl.c: make compile again.
+
+ * kcm/client.c: fix warning.
+
+ * kcm: First, it allows root to ignore the naming conventions.
+ Second, it allows root to always perform any operation on any
+ ccache. Note that root could do this anyway with FILE ccaches.
+ From Bryan Jacobs.
+
+ * Rename libdes to libhcrypto.
+
+2007-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kinit: remove code that depend on kerberos 4 library
+
+ * kdc: remove code that depend on kerberos 4 library
+
+ * configure.in: Drop kerberos 4 support.
+
+ * kdc/hpropd.c (main): free the message when done with it.
+
+ * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
+ remember to free memory too.
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
+ done.
+
+ * configure.in: test rk_VERSIONSCRIPT
+
+2007-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: remove, all done by make dist now
+
+2007-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre
+
+2007-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kstash.8: Spelling, from raga <raga at comcast.net>
+ via Bjorn Sandell.
+
+ * lib/krb5/store_mem.c: indent.
+
+ * lib/krb5/recvauth.c: Set error string.
+
+ * lib/krb5/rd_req.c: clear error strings.
+
+ * lib/krb5/rd_cred.c: clear error string.
+
+ * lib/krb5/pkinit.c: Set error strings.
+
+ * lib/krb5/get_cred.c: Tell what principal we are not finding for
+ all KRB5_CC_NOTFOUND.
+
+2007-02-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Return the same error codes as a windows KDC.
+
+ * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
+ failed.
+
+ * kdc/kerberos5.c: Make handling of replying e_data more generic,
+ from metze.
+
+ * kdc/kerberos5.c: Fix (string const and shadow) warnings, from
+ metze.
+
+ * lib/krb5/pac.c: Create the PAC element in the same order as
+ w2k3, maybe there's some broken code in windows which relies on
+ this... From metze.
+
+ * kdc/kerberos5.c: Select a session enctype from the list of the
+ crypto systems supported enctype, is supported by the client and
+ is one of the enctype of the enctype of the krbtgt.
+
+ The later is used as a hint what enctype all KDC are supporting to
+ make sure a newer version of KDC wont generate a session enctype
+ that and older version of a KDC in the same realm can't decrypt.
+
+ But if the KDC admin is paranoid and doesn't want to have "no the
+ best" enctypes on the krbtgt, lets save the best pick from the
+ client list and hope that that will work for any other KDCs.
+
+ Reported by metze.
+
+ * kdc/hprop.c (propagate_database): on any failure, drop the
+ connection to the peer and try next one.
+
+2007-02-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: document new options.
+
+ * kdc/krb5tgs.c: Only check service key for cross realm PACs.
+
+ * lib/krb5/init_creds.c: use the new merged flags field.
+ (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
+ compat flags.
+
+ * lib/krb5/init_creds_pw.c: use the new merged flags field.
+
+ * lib/krb5/krb5_locl.h: merge all flags into one entity
+
+2007-02-11 Dave Love <fx at gnu.org>
+
+ * lib/krb5/krb5_aname_to_localname.3: Small fixes
+
+ * lib/krb5/krb5_digest.3: Small fixes
+
+ * kuser/kimpersonate.1: Small fixes
+
+2007-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
+ there is no entry.
+
+ * kdc/krb5tgs.c: Don't check PACs on cross realm requests.
+
+ * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.
+
+ * lib/krb5/init_creds_pw.c: Verify client referral data.
+
+ * kdc/kerberos5.c: switch some "return ret" to "goto out".
+
+ * kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
+ sign client referrals.
+
+ * lib/hdb/hdb.h: Add HDB_F_CANON.
+
+ * lib/hdb: add simple alias support to the database backends
+
+2007-02-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: Add canonicalize flag.
+
+ * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
+ canonicalize.
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
+ new function.
+
+ * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.
+
+ * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.
+
+ * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
+
+2007-02-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_princ.c: test parsing enterprise-names.
+
+ * lib/krb5/principal.c: Add support for parsing enterprise-names.
+
+ * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.
+
+ * lib/hdb/hdb-ldap.c: Make work again.
+
+2007-02-11 Dave Love <fx at gnu.org>
+
+ * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
+
+2007-02-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: prune trailing space
+
+ * lib/hdb/db.c: Be better at setting and clearing error string.
+
+ * lib/hdb/hdb.c: Be better at setting and clearing error string.
+
+2007-02-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
+ to print out the keytab name.
+
+ * doc/setup.texi: Spelling, from Guido Guenther
+
+2007-02-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.
+
+2007-02-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_store.c (test_uint16): unsigned ints can't be
+ negative
+
+2007-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: pass extra flags for detached signatures.
+
+ * lib/krb5/pkinit.c: pass extra flags for detached signatures.
+
+ * kdc/digest.c: Remove debug output.
+
+ * kuser/kdigest.c: Add support for ms-chap-v2 client.
+
+2007-02-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: Fix ms-chap-v2 get_masterkey
+
+ * kdc/digest.c: Fix ms-chap-v2 mutual response auth code.
+
+ * kuser/kdigest.c: Print session key if there is one.
+
+ * lib/krb5/digest.c: rename hash-a1 to session key
+
+ * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2
+
+ * kuser/kdigest.c: print rsp if there is one, from Klas.
+
+ * kdc/digest.c: Use right size, from Klas Lindfors.
+
+ * kuser/kdigest.c: Set client nonce if avaible, from Klas.
+
+ * kdc/digest.c: First version from kllin.
+
+ * kuser/kdigest.c: Don't restrict the type.
+
+2007-02-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kdigest-commands.in: add --client-response
+
+ * kuser/kdigest.c: Print status instead of response.
+
+ * kdc/digest.c: Better logging and return status = FALSE when
+ checksum doesn't match.
+
+ * kdc/digest.c: Check the digest response in the KDC.
+
+ * lib/krb5/digest.c: New functions to send in requestResponse to
+ KDC and get status of the request.
+
+ * kdc/digest.c: Add support for MS-CHAP v2.
+
+ * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
+
+2007-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: Make hx509.info too
+
+ * kdc/digest.c: don't verify identifier in CHAP, its the client
+ that chooses it.
+
+2007-01-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: Basic test of prf.
+
+ * lib/krb5/test_prf.c: Basic test of prf.
+
+ * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
+ functions.
+
+ * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.
+
+ * lib/krb5/krb5_data.3: Document krb5_data_cmp.
+
+ * lib/krb5/data.c: Add krb5_data_cmp.
+
+2007-01-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kx509.c: Don't use C99 syntax.
+
+2007-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: its LIBADD_roken (and shouldn't really exist, our
+ libtool usage it broken)
+
+ * configure.in: Add an extra variable for roken, LIBADD, that
+ should be used for library depencies.
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
+
+ * lib/krb5/krb5_init_context.3: fix mdoc errors
+
+ * Heimdal 0.8 branch cut today
+
+ * doc/hx509.texi: Spelling and more about proxy certificates.
+
+ * configure.in: check for arc4random
+
+2007-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
+ before starting
+
+ * tools/heimdal-build.sh: make cvs keep quiet
+
+ * kuser/kverify.c: Use argument as principal if passed an
+ argument. Bug report from Douglas E. Engert
+
+2007-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
+ the enc_tkt_in_skey case, from Douglas E. Engert.
+
+ * kdc/kx509.c: Issue certificates.
+
+ * kdc/config.c: Parse kx509/kca configuration.
+
+ * kdc/kdc.h: add kx509 config
+
+2007-01-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
+ there is nothing find.
+
+ * doc/hx509.texi: Examples for pk-init.
+
+ * doc/hx509.texi: About extending ca lifetime and sub cas.
+
+2007-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/hx509.texi: More about certificates.
+
+2007-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/hx509.texi: add Application requirements and write about
+ xmpp/jabber.
+
+2007-01-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/hx509.texi: More about issuing certificates.
+
+ * doc/hx509.texi: Start of a x.509 manual.
+
+ * include/Makefile.am: remove install headerfiles
+
+ * lib/krb5/test_pac.c: Use more interesting data to cause more
+ errors.
+
+ * include/Makefile.am: remove install headerfiles
+
+ * lib/krb5/mcache.c: MCC_CURSOR not used, remove.
+
+ * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used
+
+ * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
+ allocate data
+
+2007-01-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Hint about hxtool validate.
+
+ * appl/test/uu_server.c: print both "server" and "client"
+
+ * kdc/krb5tgs.c: Rename keys to be more obvious what they do.
+
+ * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
+ Bartlett
+
+ * kdc/windc.c: ident, spelling.
+
+ * kdc/windc_plugin.h: indent.
+
+ * kdc/krb5tgs.c: Pass down server entry to verify_pac function.
+ from Andrew Bartlett
+
+ * kdc/windc.c: pass down server entry to verify_pac function, from
+ Andrew Bartlett
+
+ * kdc/windc_plugin.h: pass down server entry to verify_pac
+ function, from Andrew Bartlett
+
+ * configure.in: Provide a automake symbol ENABLE_SHARED if shared
+ libraries are built.
+
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
+ when verifying the PAC. From Andrew Bartlett.
+
+2007-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_pac.c: move around to code test on real PAC.
+
+ * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
+ for real.
+
+ * lib/krb5/test_pac.c: Test more PAC (note that the values used in
+ this test is wrong, they have to be fixed when the pac code is
+ fixed).
+
+ * doc/setup.texi: Update to new hxtool issue-certificate usage
+
+ * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
+ and PK-INIT pa data, no need to expose our password protecting our
+ PKCS12 key.
+
+ * kuser/klist.c (print_cred_verbose): include ticket length in the
+ verbose output
+
+2007-01-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
+ it linux is unhappy.
+
+ * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
+ it linux is unhappy.
+
+ * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
+ named "bar.domain", this make one of the tests pass when it
+ shouldn't.
+
+2007-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Change --key argument to --out-key.
+
+ * kuser/kimpersonate.1: mangle my name
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: describe how to use hx509 to create
+ certificates.
+
+ * tools/heimdal-build.sh: Add --distcheck.
+
+ * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
+ if we should include the PAC in the krbtgt.
+
+ * kdc/pkinit.c (_kdc_as_rep): check if
+ krb5_generate_random_keyblock failes.
+
+ * kdc/kerberos5.c (_kdc_as_rep): check if
+ krb5_generate_random_keyblock failes.
+
+ * kdc/krb5tgs.c (tgs_build_reply): check if
+ krb5_generate_random_keyblock failes.
+
+ * kdc/krb5tgs.c: Scope etype.
+
+ * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
+ default on.
+
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
+ its server signature.
+
+ * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
+ (_kdc_tkt_add_if_relevant_ad): constify in data argument.
+
+ * kdc/windc_plugin.h: More comments add a client_access hook.
+
+ * kdc/windc.c: Add _kdc_windc_client_access.
+
+ * kdc/krb5tgs.c: rename functions after export some more pac
+ functions.
+
+ * lib/krb5/test_pac.c: export some more pac functions.
+
+ * lib/krb5/pac.c: export some more pac functions.
+
+ * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.
+
+ * configure.in: add tests/plugin/Makefile
+
+2007-01-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: Get right key for PAC krbtgt verification.
+
+ * kdc/config.c: spelling
+
+ * lib/krb5/krb5.h: typedef for krb5_pac.
+
+ * kdc/headers.h: Include <windc_plugin.h>.
+
+ * kdc/Makefile.am: Include windc.c and use windc_plugin.h
+
+ * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
+ Controller.
+
+ * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
+ Controller. Move the some of the log related stuff to its own
+ function.
+
+ * kdc/config.c: Init callbacks for emulating a Windows Domain
+ Controller.
+
+ * kdc/windc.c: Rename the init function to windc instead of pac.
+
+ * kdc/windc.c: Callbacks specific to emulating a Windows Domain
+ Controller.
+
+ * kdc/windc_plugin.h: Callbacks specific to emulating a Windows
+ Domain Controller.
+
+ * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ
+
+ * lib/krb5/pac.c: Support all keyed checksum types.
+
+2007-01-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
+
+ * lib/krb5/test_pac.c: test krb5_pac_get_types
+
+ * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
+
+ * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
+
+ * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
+
+ * lib/krb5/test_pac.c: test Add/remove pac buffer functions.
+
+ * lib/krb5/pac.c: Add/remove pac buffer functions.
+
+ * lib/krb5/pac.c: sprinkle const
+
+ * lib/krb5/pac.c: rename DCHECK to CHECK
+
+ * Happy New Year.
Added: vendor-crypto/heimdal/dist/ChangeLog.1998
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.1998 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.1998 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3201 @@
+Sat Dec 5 19:49:34 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/context.c: remove ktype_is_etype
+
+ * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
+
+ * configure.in: fix for AIX install; better tests for AIX dynamic
+ AFS libs; `--enable-new-des3-code'
+
+Tue Dec 1 14:44:44 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * appl/afsutil/Makefile.am: link with extra libs for aix
+
+ * kuser/Makefile.am: link with extra libs for aix
+
+Sun Nov 29 01:56:21 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost
+ the same as krb5_get_all_client_addrs except that it includes
+ loopback addresses
+
+ * kdc/connect.c (init_socket): bind to a particular address
+ (init_sockets): get all local addresses and bind to them all
+
+ * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
+ methods
+ (find_af, find_atype): new functions. use them.
+
+ * configure.in: add hesiod
+
+Wed Nov 25 11:37:48 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
+
+Mon Nov 23 12:53:48 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/log.c: rename delete -> remove
+
+ * lib/kadm5/delete_s.c: rename delete -> remove
+
+ * lib/hdb/common.c: rename delete -> remove
+
+Sun Nov 22 12:26:26 1998 Assar Westerlund <assar at sics.se>
+
+ * configure.in: check for environ and `struct spwd'
+
+Sun Nov 22 11:42:45 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
+ ktype_is_etype
+
+ * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
+ etypes
+ (em): sort entries
+
+Sun Nov 22 06:54:48 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/init_creds_pw.c: more type correctness
+
+ * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1
+ generated bits.
+
+Sun Nov 22 01:49:50 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * kdc/hprop.c (v4_prop): fix bogus indexing
+
+Sat Nov 21 21:39:20 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/verify_init.c (fail_verify_is_ok): new function
+ (krb5_verify_init_creds): if we cannot get a ticket for
+ host/`hostname` and fail_verify_is_ok just return. use
+ krb5_rd_req
+
+Sat Nov 21 23:12:27 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/free.c (krb5_xfree): new function
+
+ * lib/krb5/creds.c (krb5_free_creds_contents): new function
+
+ * lib/krb5/context.c: more type correctness
+
+ * lib/krb5/checksum.c: more type correctness
+
+ * lib/krb5/auth_context.c (krb5_auth_con_init): more type
+ correctness
+
+ * lib/asn1/der_get.c (der_get_length): fix test of len
+ (der_get_tag): more type correctness
+
+ * kuser/klist.c (usage): void-ize
+
+ * admin/ktutil.c (kt_remove): some more type correctness.
+
+Sat Nov 21 16:49:20 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * kuser/klist.c: try to list enctypes as keytypes
+
+ * kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
+ to set list of enctypes to use
+
+ * kadmin/load.c: load strings as hex
+
+ * kadmin/dump.c: dump hex as string is possible
+
+ * admin/ktutil.c: use print_version()
+
+ * configure.in, acconfig.h: test for hesiod
+
+Sun Nov 15 17:28:19 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/crypto.c: add some crypto debug code
+
+ * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
+ buffer when encoding ticket
+
+ * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
+
+ * kdc/kerberos5.c: allow mis-match of tgt session key, and service
+ session key
+
+ * admin/ktutil.c: keytype -> enctype
+
+Fri Nov 13 05:35:48 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
+
+Sat Nov 7 19:56:31 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_cred.c (add_cred): add termination NULL pointer
+
+Mon Nov 2 01:15:06 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_req.c: adapt to new crypto api
+
+ * lib/krb5/rd_rep.c: adapt to new crypto api
+
+ * lib/krb5/rd_priv.c: adopt to new crypto api
+
+ * lib/krb5/rd_cred.c: adopt to new crypto api
+
+ * lib/krb5/principal.c: ENOMEM -> ERANGE
+
+ * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
+
+ * lib/krb5/mk_req_ext.c: adopt to new crypto api
+
+ * lib/krb5/mk_req.c: get enctype from auth_context keyblock
+
+ * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
+
+ * lib/krb5/mk_priv.c: adopt to new crypto api
+
+ * lib/krb5/keytab.c: adopt to new crypto api
+
+ * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
+
+ * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
+
+ * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
+
+ * lib/krb5/get_in_tkt.c: adopt to new crypto api
+
+ * lib/krb5/get_cred.c: adopt to new crypto api
+
+ * lib/krb5/generate_subkey.c: use new crypto api
+
+ * lib/krb5/context.c: rename etype functions to enctype ditto
+
+ * lib/krb5/build_auth.c: use new crypto api
+
+ * lib/krb5/auth_context.c: remove enctype and cksumtype from
+ auth_context
+
+Mon Nov 2 01:15:06 1998 Assar Westerlund <assar at sics.se>
+
+ * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
+
+Tue Sep 15 18:41:38 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * admin/ktutil.c: fix printing of unrecognized keytypes
+
+Tue Sep 15 17:02:33 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
+ using AFS3 salt
+
+Tue Aug 25 23:30:52 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
+ `use_admin_kdc'
+
+ * lib/krb5/changepw.c (get_kdc_address): use
+ krb5_get_krb_admin_hst
+
+ * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
+
+ * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
+
+ * lib/krb5/context.c (krb5_get_use_admin_kdc,
+ krb5_set_use_admin_kdc): new functions
+
+Tue Aug 18 22:24:12 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/crypto.c: remove all calls to abort(); check return
+ value from _key_schedule;
+ (RSA_MD[45]_DES_verify): zero tmp and res;
+ (RSA_MD5_DES3_{verify,checksum}): implement
+
+Mon Aug 17 20:18:46 1998 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos4.c (swap32): conditionalize
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
+ returned from gethostby*() isn't a FQDN, try with the original
+ hostname
+
+ * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
+ and correct key usage
+
+ * lib/krb5/crypto.c (verify_checksum): make static
+
+ * admin/ktutil.c (kt_list): use krb5_enctype_to_string
+
+Sun Aug 16 20:57:56 1998 Assar Westerlund <assar at sics.se>
+
+ * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
+
+ * kadmin/ank.c (ank): print principal name in prompt
+
+ * lib/krb5/crypto.c (hmac): always allocate space for checksum.
+ never trust c.checksum.length
+ (_get_derived_key): try to return the derived key
+
+Sun Aug 16 19:48:42 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
+ (get_checksum_key): assume usage is `formatted'
+ (create_checksum,verify_checksum): moved the guts of the krb5_*
+ functions here, both take `formatted' key-usages
+ (encrypt_internal_derived): fix various bogosities
+ (derive_key): drop key_type parameter (already given by the
+ encryption_type)
+
+ * kdc/kerberos5.c (check_flags): handle case where client is NULL
+
+ * kdc/connect.c (process_request): return zero after processing
+ kerberos 4 request
+
+Sun Aug 16 18:38:15 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/crypto.c: merge x-*.[ch] into one file
+
+ * lib/krb5/cache.c: remove residual from krb5_ccache_data
+
+Fri Aug 14 16:28:23 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
+ separate function (will eventually end up someplace else)
+
+ * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
+
+ * configure.in, acconfig.h: test for four valued krb_put_int
+
+Thu Aug 13 23:46:29 1998 Assar Westerlund <assar at emma.pdc.kth.se>
+
+ * Release 0.0t
+
+Thu Aug 13 22:40:17 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/config_file.c (parse_binding): remove trailing
+ whitespace
+
+Wed Aug 12 20:15:11 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
+ to krb5_create_checksum
+
+ * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
+ few typos
+
+Wed Aug 5 12:39:54 1998 Assar Westerlund <assar at emma.pdc.kth.se>
+
+ * Release 0.0s
+
+Thu Jul 30 23:12:17 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
+
+Thu Jul 23 19:49:03 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kdc_locl.h: proto for `get_des_key'
+
+ * configure.in: test for four valued el_init
+
+ * kuser/klist.c: keytype -> enctype
+
+ * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
+
+ * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
+
+ * kdc/kaserver.c: use `get_des_key'
+
+ * kdc/524.c: use new crypto api
+
+ * kdc/kerberos4.c: use new crypto api
+
+ * kdc/kerberos5.c: always treat keytypes as enctypes; use new
+ crypto api
+
+ * kdc/kstash.c: adapt to new crypto api
+
+ * kdc/string2key.c: adapt to new crypto api
+
+ * admin/srvconvert.c: add keys for all possible enctypes
+
+ * admin/ktutil.c: keytype -> enctype
+
+ * lib/gssapi/init_sec_context.c: get enctype from auth_context
+ keyblock
+
+ * lib/hdb/hdb.c: remove hdb_*_keytype2key
+
+ * lib/kadm5/set_keys.c: adapt to new crypto api
+
+ * lib/kadm5/rename_s.c: adapt to new crypto api
+
+ * lib/kadm5/get_s.c: adapt to new crypto api
+
+ * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
+ des-cbc-md5, and des3-cbc-sha1
+
+ * lib/krb5/heim_err.et: error message for unsupported salt
+
+ * lib/krb5/codec.c: short-circuit these functions, since they are
+ not needed any more
+
+ * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
+
+Mon Jul 13 23:00:59 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
+ hostent->h_addr_list, use a copy instead
+
+Mon Jul 13 15:00:31 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/config_file.c (parse_binding, parse_section): make sure
+ everything is ok before adding to linked list
+
+ * lib/krb5/config_file.c: skip ws before checking for comment
+
+Wed Jul 8 10:45:45 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/asn1/k5.asn1: hmac-sha1-des3 = 12
+
+Tue Jun 30 18:08:05 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
+ unopened file
+
+ * lib/krb5/mk_priv.c: realloc correctly
+
+ * lib/krb5/get_addrs.c (find_all_addresses): init j
+
+ * lib/krb5/context.c (krb5_init_context): print error if parsing
+ of config file produced an error.
+
+ * lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
+ ignore more spaces
+
+ * lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
+ krb5_encode_ETYPE_INFO): initialize `ret'
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): realloc
+ correctly
+
+ * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
+
+ * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
+ with default_client
+
+ * kuser/kinit.c (main): initialize `ticket_life'
+
+ * kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
+ (tgs_rep2): initialize `krbtgt'
+
+ * kdc/connect.c (do_request): check for errors from `sendto'
+
+ * kdc/524.c (do_524): initialize `ret'
+
+ * kadmin/util.c (foreach_principal): don't clobber `ret'
+
+ * kadmin/del.c (del_entry): don't apply on zeroth argument
+
+ * kadmin/cpw.c (do_cpw_entry): initialize `ret'
+
+Sat Jun 13 04:14:01 1998 Assar Westerlund <assar at juguete.sics.se>
+
+ * Release 0.0r
+
+Sun Jun 7 04:13:14 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c: fall-back definition of
+ IN6_ADDR_V6_TO_V4
+
+ * configure.in: only set CFLAGS if it wasn't set look for
+ dn_expand and res_search
+
+Mon Jun 1 21:28:07 1998 Assar Westerlund <assar at sics.se>
+
+ * configure.in: remove duplicate seteuid
+
+Sat May 30 00:19:51 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
+ runtime dependencies on libkrb with some shared library
+ implementations
+
+Fri May 29 00:09:02 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kuser/kinit_options.c: Default options for kinit.
+
+ * kuser/kauth_options.c: Default options for kauth.
+
+ * kuser/kinit.c: Implement lots a new options.
+
+ * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
+ is not NULL; set endtime to min of new starttime + old_life, and
+ requested endtime
+
+ * lib/krb5/init_creds_pw.c (get_init_creds_common): if the
+ forwardable or proxiable flags are set in options, set the
+ kdc-flags to the value specified, and not always to one
+
+Thu May 28 21:28:06 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c: Optionally compare client address to addresses
+ in ticket.
+
+ * kdc/connect.c: Pass client address to as_rep() and tgs_rep().
+
+ * kdc/config.c: Add check_ticket_addresses, and
+ allow_null_ticket_addresses variables.
+
+Tue May 26 14:03:42 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/kadm5/create_s.c: possibly make DES keys version 4 salted
+
+ * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
+ before zapping version 4 salts
+
+Sun May 24 05:22:17 1998 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0q
+
+ * lib/krb5/aname_to_localname.c: new file
+
+ * lib/gssapi/init_sec_context.c (repl_mutual): no output token
+
+ * lib/gssapi/display_name.c (gss_display_name): zero terminate
+ output.
+
+Sat May 23 19:11:07 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/gssapi/display_status.c: new file
+
+ * Makefile.am: send -I to aclocal
+
+ * configure.in: remove duplicate setenv
+
+Sat May 23 04:55:19 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kadmin/util.c (foreach_principal): Check for expression before
+ wading through the whole database.
+
+ * kadmin/kadmin.c: Pass NULL password to
+ kadm5_*_init_with_password.
+
+ * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
+ of `password' parameter to init_with_password.
+
+ * lib/kadm5/init_s.c: implement init_with_{skey,creds}*
+
+ * lib/kadm5/server.c: Better arguments for
+ kadm5_init_with_password.
+
+Sat May 16 07:10:36 1998 Assar Westerlund <assar at sics.se>
+
+ * kdc/hprop.c: conditionalize ka-server reading support on
+ KASERVER_DB
+
+ * configure.in: new option `--enable-kaserver-db'
+
+Fri May 15 19:39:18 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/get_cred.c: Better error if local tgt couldn't be
+ found.
+
+Tue May 12 21:11:02 1998 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0p
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
+ encryption type in auth_context if it's compatible with the type
+ of the session key
+
+Mon May 11 21:11:14 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/hprop.c: add support for ka-server databases
+
+ * appl/ftp/ftpd: link with -lcrypt, if needed
+
+Fri May 1 07:29:52 1998 Assar Westerlund <assar at sics.se>
+
+ * configure.in: don't test for winsock.h
+
+Sat Apr 18 21:43:11 1998 Johan Danielsson <joda at puffer.pdc.kth.se>
+
+ * Release 0.0o
+
+Sat Apr 18 00:31:11 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/sock_principal.c: Save hostname.
+
+Sun Apr 5 11:29:45 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
+
+ * kdc/hprop.c (v4_prop): Check for null key.
+
+Fri Apr 3 03:54:54 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/str2key.c: Fix DES3 string-to-key.
+
+ * lib/krb5/keytab.c: Get default keytab name from context.
+
+ * lib/krb5/context.c: Get `default_keytab_name' value.
+
+ * kadmin/util.c (foreach_principal): Print error message if
+ `kadm5_get_principals' fails.
+
+ * kadmin/kadmind.c: Use `kadmind_loop'.
+
+ * lib/kadm5/server.c: Replace several other functions with
+ `kadmind_loop'.
+
+Sat Mar 28 09:49:18 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
+ of O_APPEND
+
+ * configure.in: generate ftp Makefiles
+
+ * kuser/klist.c (print_cred_verbose): print IPv4-address in a
+ portable way.
+
+ * admin/srvconvert.c (srvconv): return 0 if successful
+
+Tue Mar 24 00:40:33 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
+ keytab entries, and change default keytab to `/etc/krb5.keytab'.
+
+Mon Mar 23 23:43:59 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
+
+ * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
+ Fix bug in checking of pad.
+
+ * lib/gssapi/{un,}wrap.c: Add support for just integrity
+ protecting data.
+
+ * lib/gssapi/accept_sec_context.c: Use
+ `gssapi_krb5_verify_8003_checksum'.
+
+ * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
+
+ * lib/gssapi/init_sec_context.c: Zero cred, and store session key
+ properly in auth-context.
+
+Sun Mar 22 00:47:22 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/kadm5/delete_s.c: Check immutable bit.
+
+ * kadmin/kadmin.c: Pass client name to kadm5_init.
+
+ * lib/kadm5/init_c.c: Get creds for client name passed in.
+
+ * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
+
+Sat Mar 21 22:57:13 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/mk_error.c: Verify that error_code is in the range
+ [0,127].
+
+ * kdc/kerberos5.c: Move checking of principal flags to new
+ function `check_flags'.
+
+Sat Mar 21 14:38:51 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
+
+ * configure.in: define SunOS if running solaris
+
+Sat Mar 21 00:26:34 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/kadm5/server.c: Unifdef test for same principal when
+ changing password.
+
+ * kadmin/util.c: If kadm5_get_principals failes, we might still be
+ able to perform the requested opreration (for instance someone if
+ trying to change his own password).
+
+ * lib/kadm5/init_c.c: Try to get ticket via initial request, if
+ not possible via tgt.
+
+ * lib/kadm5/server.c: Check for principals changing their own
+ passwords.
+
+ * kdc/kerberos5.c (tgs_rep2): check for interesting flags on
+ involved principals.
+
+ * kadmin/util.c: Fix order of flags.
+
+Thu Mar 19 16:54:10 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
+
+Wed Mar 18 17:11:47 1998 Assar Westerlund <assar at sics.se>
+
+ * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
+
+Wed Mar 18 09:58:18 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
+ free keyseed; use correct keytab
+
+Tue Mar 10 09:56:16 1998 Assar Westerlund <assar at sics.se>
+
+ * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
+
+Mon Mar 16 23:58:23 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Release 0.0n
+
+Fri Mar 6 00:41:30 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/gssapi/{accept_sec_context,release_cred}.c: Use
+ krb5_kt_close/krb5_kt_resolve.
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
+ to lookup hosts, so CNAMEs can be ignored.
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
+ Add support for using proxy.
+
+ * lib/krb5/context.c: Initialize `http_proxy' from
+ `libdefaults/http_proxy'.
+
+ * lib/krb5/krb5.h: Add `http_proxy' to context.
+
+ * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
+ specifications.
+
+Wed Mar 4 01:47:29 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * admin/ktutil.c: Implement `add' and `remove' functions. Make
+ `--keytab' a global option.
+
+ * lib/krb5/keytab.c: Implement remove with files. Add memory
+ operations.
+
+Tue Mar 3 20:09:59 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/keytab.c: Use function pointers.
+
+ * admin: Remove kdb_edit.
+
+Sun Mar 1 03:28:42 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/dump_log.c: print operation names
+
+Sun Mar 1 03:04:12 1998 Assar Westerlund <assar at sics.se>
+
+ * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
+
+ * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
+ remove arbitrary limit
+
+ * kdc/hprop-common.c: use krb5_{read,write}_message
+
+ * lib/kadm5/ipropd_master.c (send_diffs): more careful use
+ krb5_{write,read}_message
+
+ * lib/kadm5/ipropd_slave.c (get_creds): get credentials for
+ `iprop/master' directly.
+ (main): use `krb5_read_message'
+
+Sun Mar 1 02:05:11 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kadmin/kadmin.c: Cleanup commands list, and add help strings.
+
+ * kadmin/get.c: Add long, short, and terse (equivalent to `list')
+ output formats. Short is the default.
+
+ * kadmin/util.c: Add `include_time' flag to timeval2str.
+
+ * kadmin/init.c: Max-life and max-renew can, infact, be zero.
+
+ * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
+
+ * kadmin/util.c: Add function `foreach_principal', that loops over
+ all principals matching an expression.
+
+ * kadmin/kadmin.c: Add usage string to `privileges'.
+
+ * lib/kadm5/get_princs_s.c: Also try to match aganist the
+ expression appended with `@default-realm'.
+
+ * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
+ excludes the realm if it's the same as the default realm.
+
+Fri Feb 27 05:02:21 1998 Assar Westerlund <assar at sics.se>
+
+ * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
+ headers and functions error -> com_err
+
+ (krb5_get_init_creds_keytab): use krb5_keytab_key_proc
+
+ * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
+ global
+
+ * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
+
+ * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
+
+Fri Feb 27 04:49:24 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
+ This should be fixed the correct way.
+
+ * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
+ (send_diffs): compare versions correctly
+ (main): reorder handling of events
+
+ * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
+
+Thu Feb 26 02:22:35 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/ipropd_{slave,master}.c: new files
+
+ * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
+ argument
+
+ * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
+ et_list *'
+
+ * aux/make-proto.pl: Should work with perl4
+
+Mon Feb 16 17:20:22 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
+ {asn1,krb5}_err.h).
+
+Thu Feb 12 03:28:40 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
+ is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
+
+ * lib/kadm5/log.c (get_version): globalize
+
+ * lib/kadm5/kadm5_locl.h: include <sys/file.h>
+
+ * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
+
+ * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
+ initializing local struct in declaration.
+
+Sat Jan 31 17:28:58 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/524.c: Use krb5_decode_EncTicketPart.
+
+ * kdc/kerberos5.c: Check at runtime whether to use enctypes
+ instead of keytypes. If so use the same value to encrypt ticket,
+ and kdc-rep as well as `keytype' for session key. Fix some obvious
+ bugs with the handling of additional tickets.
+
+ * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
+ krb5_decode_Authenticator.
+
+ * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
+
+ * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
+
+ * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
+ type, and not a key type. Use krb5_encode_EncAPRepPart.
+
+ * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
+
+ * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
+
+ * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
+
+ * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
+
+ * lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
+
+ * lib/krb5/codec.c: Enctype conversion stuff.
+
+ * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
+ setuid. Get configuration for libdefaults ktype_is_etype, and
+ default_etypes.
+
+ * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
+ krb5_convert_etype to krb5_decode_keytype, and add
+ krb5_decode_keyblock.
+
+Fri Jan 23 00:32:09 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
+
+ * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
+ from protocol keytypes (that really are enctypes) to internal
+ representation.
+
+Thu Jan 22 21:24:36 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
+ on keys in the database; and also a new `pa-key-info' padata-type.
+
+ * kdc/kerberos5.c: If pre-authentication fails, return a list of
+ keytypes, salttypes, and salts.
+
+ * lib/krb5/init_creds_pw.c: Add better support for
+ pre-authentication, by looking at hints from the KDC.
+
+ * lib/krb5/get_in_tkt.c: Add better support for specifying what
+ pre-authentication to use.
+
+ * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
+ KEYTYPE_DES_AFS3.
+
+ * lib/krb5/krb5.h: Add pre-authentication structures.
+
+ * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
+
+Wed Jan 21 06:20:40 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
+ `log_context.socket_name' and `log_context.socket_fd'
+
+ * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
+ to inform the possible running ipropd of an update.
+
+Wed Jan 21 01:34:09 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_in_tkt.c: Return error-packet to caller.
+
+ * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
+
+ * kdc/kerberos5.c: Add some support for using enctypes instead of
+ keytypes.
+
+ * lib/krb5/get_cred.c: Fixes to send authorization-data to the
+ KDC.
+
+ * lib/krb5/build_auth.c: Only generate local subkey if there is
+ none.
+
+ * lib/krb5/krb5.h: Add krb5_authdata type.
+
+ * lib/krb5/auth_context.c: Add
+ krb5_auth_con_set{,localsub,remotesub}key.
+
+ * lib/krb5/init_creds_pw.c: Return some error if prompter
+ functions return failure.
+
+Wed Jan 21 01:16:13 1998 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswd.c: detect bad password. use krb5_err.
+
+ * kadmin/util.c (edit_entry): remove unused variables
+
+Tue Jan 20 22:58:31 1998 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
+
+ * lib/kadm5/kadm5_locl.h: add kadm5_log_context and
+ kadm5_log*-functions
+
+ * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
+ log
+
+ * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
+ log
+
+ * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
+ log_context
+
+ * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
+ log
+
+ * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
+ log
+
+ * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
+ log
+
+ * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
+ log
+
+ * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
+
+ * lib/kadm5/replay_log.c: new file
+
+ * lib/kadm5/dump_log.c: new file
+
+ * lib/kadm5/log.c: new file
+
+ * lib/krb5/str2key.c (get_str): initialize pad space to zero
+
+ * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
+
+ * kpasswd/kpasswdd.c: rewritten to use the kadm5 API
+
+ * kpasswd/Makefile.am: link with kadm5srv
+
+ * kdc/kerberos5.c (tgs_rep): initialize `i'
+
+ * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
+
+ * include/Makefile.am: added admin.h
+
+Sun Jan 18 01:41:34 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
+
+ * lib/krb5/mcache.c (mcc_store_cred): restore linked list if
+ copy_creds fails.
+
+Tue Jan 6 04:17:56 1998 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
+
+ * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
+
+ * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
+ krb5_getportbyname
+
+ * kadmin/kadmind.c (main): htons correctly.
+ moved kadm5_server_{recv,send}
+
+ * kadmin/kadmin.c (main): only set admin_server if explicitly
+ given
+
+Mon Jan 5 23:34:44 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/hdb/ndbm.c: Implement locking of database.
+
+ * kdc/kerberos5.c: Process AuthorizationData.
+
+Sat Jan 3 22:07:07 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/string2key.c: Use AFS string-to-key from libkrb5.
+
+ * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
+
+ * lib/krb5/krb5.h: Add value for AFS salts.
+
+ * lib/krb5/str2key.c: Add support for AFS string-to-key.
+
+ * lib/kadm5/rename_s.c: Use correct salt.
+
+ * lib/kadm5/ent_setup.c: Always enable client. Only set max-life
+ and max-renew if != 0.
+
+ * lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
+
+Thu Dec 25 17:03:25 1997 Assar Westerlund <assar at sics.se>
+
+ * kadmin/ank.c (ank): don't zero password if --random-key was
+ given.
+
+Tue Dec 23 01:56:45 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0m
+
+ * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
+
+ * kadmin/util.c (edit_time): only set mask if != 0
+ (edit_attributes): only set mask if != 0
+
+ * kadmin/init.c (init): create `default'
+
+Sun Dec 21 09:44:05 1997 Assar Westerlund <assar at sics.se>
+
+ * kadmin/util.c (str2deltat, str2attr, get_deltat): return value
+ as pointer and have return value indicate success.
+
+ (get_response): check NULL from fgets
+
+ (edit_time, edit_attributes): new functions for reading values and
+ offering list of answers on '?'
+
+ (edit_entry): use edit_time and edit_attributes
+
+ * kadmin/ank.c (add_new_key): test the return value of
+ `krb5_parse_name'
+
+ * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
+ that the checksum has to be keyed, even though later drafts do.
+ Accept unkeyed checksums to be compatible with MIT.
+
+ * kadmin/kadmin_locl.h: add some prototypes.
+
+ * kadmin/util.c (edit_entry): return a value
+
+ * appl/afsutil/afslog.c (main): return a exit code.
+
+ * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
+
+ * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): use
+ krb5_{free,copy}_keyblock instead of the _contents versions
+
+Fri Dec 12 14:20:58 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
+
+Mon Dec 8 08:48:09 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
+
+Sat Dec 6 10:09:40 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
+ keyblock
+
+Sat Dec 6 08:26:10 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0l
+
+Thu Dec 4 03:38:12 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/send_to_kdc.c: Add TCP client support.
+
+ * lib/krb5/store.c: Add k_{put,get}_int.
+
+ * kadmin/ank.c: Set initial kvno to 1.
+
+ * kdc/connect.c: Send version 5 TCP-reply as length+data.
+
+Sat Nov 29 07:10:11 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
+
+ * kdc/kaserver.c (create_reply_ticket): use a random nonce in the
+ reply packet.
+
+ * kdc/connect.c (init_sockets): less reallocing.
+
+ * **/*.c: changed `struct fd_set' to `fd_set'
+
+Sat Nov 29 05:12:01 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_default_principal.c: More guessing.
+
+Thu Nov 20 02:55:09 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/rd_req.c: Use principal from ticket if no server is
+ given.
+
+Tue Nov 18 02:58:02 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kuser/klist.c: Use krb5_err*().
+
+Sun Nov 16 11:57:43 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
+ commands.
+
+Sun Nov 16 02:52:20 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
+ `enctype'
+
+ * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
+ if set.
+
+ * lib/krb5/get_cred.c: handle the case of a specific keytype
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
+ parameter instead of guessing it.
+
+ * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
+ `enctype'
+
+ * appl/test/common.c (common_setup): don't use `optarg'
+
+ * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
+ (krb5_kt_get_entry): retrieve the latest version if kvno == 0
+
+ * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
+
+ * lib/krb5/creds.c (krb5_compare_creds): check for
+ KRB5_TC_MATCH_KEYTYPE
+
+ * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
+ unused variable
+
+ * lib/krb5/creds.c (krb5_copy_creds_contents): only free the
+ contents if we fail.
+
+Sun Nov 16 00:32:48 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kpasswd/kpasswdd.c: Get password expiration time from config
+ file.
+
+ * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
+
+Wed Nov 12 02:35:57 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
+ restructured and fixed.
+
+ * lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
+
+Wed Nov 12 01:36:01 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
+ methods fail.
+
+Tue Nov 11 22:22:12 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kadmin/kadmin.c: Add `-l' flag to use local database.
+
+ * lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
+
+ * lib/kadm5: Use function pointer trampoline for easier dual use
+ (without radiation-hardening capability).
+
+Tue Nov 11 05:15:22 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/encrypt.c (krb5_etype_valid): new function
+
+ * lib/krb5/creds.c (krb5_copy_creds_contents): zero target
+
+ * lib/krb5/context.c (valid_etype): remove
+
+ * lib/krb5/checksum.c: remove dead code
+
+ * lib/krb5/changepw.c (send_request): free memory on error.
+
+ * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
+ from malloc.
+
+ * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
+ failure correctly.
+ (krb5_auth_con_setaddrs_from_fd): return error correctly.
+
+ * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
+
+Tue Nov 11 02:53:19 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/auth_context.c: Implement auth_con_setuserkey.
+
+ * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
+
+ * lib/krb5/keyblock.c: Rename krb5_free_keyblock to
+ krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
+
+ * lib/krb5/rd_req.c: Use auth_context->keyblock if
+ ap_options.use_session_key.
+
+Tue Nov 11 02:35:17 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
+ fix callers.
+
+ * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
+
+ * include/Makefile.am: add xdbm.h
+
+Tue Nov 11 01:58:22 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
+
+Mon Nov 10 22:41:53 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/ticket.c: Implement copy_ticket.
+
+ * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
+
+ * lib/krb5/data.c: Implement free_data and copy_data.
+
+Sun Nov 9 02:17:27 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
+
+ * kadmin/kadmin.c: Add get_privileges function.
+
+ * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
+ specification.
+
+ * kdc/connect.c: Exit if no sockets could be bound.
+
+ * kadmin/kadmind.c: Check return value from krb5_net_read().
+
+ * lib/kadm5,kadmin: Fix memory leaks.
+
+Fri Nov 7 02:45:26 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/kadm5/create_s.c: Get some default values from `default'
+ principal.
+
+ * lib/kadm5/ent_setup.c: Add optional default entry to get some
+ values from.
+
+Thu Nov 6 00:20:41 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/error/compile_et.awk: Remove generated destroy_*_error_table
+ prototype
+
+ * kadmin/kadmind.c: Crude admin server.
+
+ * kadmin/kadmin.c: Update to use remote protocol.
+
+ * kadmin/get.c: Fix principal formatting.
+
+ * lib/kadm5: Add client support.
+
+ * lib/kadm5/error.c: Error code mapping.
+
+ * lib/kadm5/server.c: Kadmind support function.
+
+ * lib/kadm5/marshall.c: Kadm5 marshalling.
+
+ * lib/kadm5/acl.c: Simple acl system.
+
+ * lib/kadm5/kadm5_locl.h: Add client stuff.
+
+ * lib/kadm5/init_s.c: Initialize acl.
+
+ * lib/kadm5/*: Return values.
+
+ * lib/kadm5/create_s.c: Correct kvno.
+
+Wed Nov 5 22:06:50 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/log.c: Fix parsing of log destinations.
+
+Mon Nov 3 20:33:55 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
+
+Sat Nov 1 01:40:53 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kadmin: Simple kadmin utility.
+
+ * admin/ktutil.c: Print keytype.
+
+ * lib/kadm5/get_s.c: Set correct n_key_data.
+
+ * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
+ master key.
+
+ * lib/kadm5/destroy_s.c: Check for allocated context.
+
+ * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
+
+Sat Nov 1 00:21:00 1997 Assar Westerlund <assar at sics.se>
+
+ * configure.in: test for readv, writev
+
+Wed Oct 29 23:41:26 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/warn.c (_warnerr): handle the case of an illegal error
+ code
+
+ * kdc/kerberos5.c (encode_reply): return success
+
+Wed Oct 29 18:01:59 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c (find_etype) Return correct index of selected
+ etype.
+
+Wed Oct 29 04:07:06 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0k
+
+ * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
+ environment variable
+
+ * *: use the roken_get*-macros from roken.h for the benefit of
+ Crays.
+
+ * configure.in: add --{enable,disable}-otp. check for compatible
+ prototypes for gethostbyname, gethostbyaddr, getservbyname, and
+ openlog (they have strange prototypes on Crays)
+
+ * acinclude.m4: new macro `AC_PROTO_COMPAT'
+
+Tue Oct 28 00:11:22 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/connect.c: Log bad requests.
+
+ * kdc/kerberos5.c: Move stuff that's in common between as_rep and
+ tgs_rep to separate functions.
+
+ * kdc/kerberos5.c: Fix user-to-user authentication.
+
+ * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
+ - add a kdc-options argument to krb5_get_credentials, and rename
+ it to krb5_get_credentials_with_flags
+ - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
+ - add some more user-to-user glue
+
+ * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
+ function, krb5_decrypt_ticket, so it is easier to decrypt and
+ check a ticket without having an ap-req.
+
+ * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
+ flags.
+
+ * lib/krb5/crc.c (crc_init_table): Check if table is already
+ inited.
+
+Sun Oct 26 04:51:02 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
+ indefinite encoding.
+
+ * lib/asn1/gen_glue.c (generate_units): Check for empty
+ member-list.
+
+Sat Oct 25 07:24:57 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/error/compile_et.awk: Allow specifying table-base.
+
+Tue Oct 21 20:21:40 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c: Check version number of krbtgt.
+
+Mon Oct 20 01:14:53 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
+ case of unhidden prompts.
+
+ * lib/krb5/str2key.c (string_to_key_internal): return error
+ instead of aborting. always free memory
+
+ * admin/ktutil.c: add `help' command
+
+ * admin/kdb_edit.c: implement new commands: add_random_key(ark),
+ change_password(cpw), change_random_key(crk)
+
+Thu Oct 16 05:16:36 1997 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswdd.c: change all the keys in the database
+
+ * kdc: removed all unsealing, now done by the hdb layer
+
+ * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
+ and `hdb_clear_master_key'
+
+ * admin/misc.c: removed
+
+Wed Oct 15 22:47:31 1997 Assar Westerlund <assar at sics.se>
+
+ * kuser/klist.c: print year as YYYY iff verbose
+
+Wed Oct 15 20:02:13 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kuser/klist.c: print etype from ticket
+
+Mon Oct 13 17:18:57 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Release 0.0j
+
+ * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
+ used to decrypt the reply from DCE secds.
+
+ * lib/krb5/auth_context.c: Add {get,set}enctype.
+
+ * lib/krb5/get_cred.c: Fix for DCE secd.
+
+ * lib/krb5/store.c: Store keytype twice, as MIT does.
+
+ * lib/krb5/get_in_tkt.c: Use etype from reply.
+
+Fri Oct 10 00:39:48 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/connect.c: check for leading '/' in http request
+
+Tue Sep 30 21:50:18 1997 Assar Westerlund <assar at assaris.pdc.kth.se>
+
+ * Release 0.0i
+
+Mon Sep 29 15:58:43 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
+ the kvno or keytype before receiving the AP-REQ
+
+ * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
+ use from the keytype.
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
+ cksumtype to use from the keytype.
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
+ from the keytype.
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
+ what etype to use from the keytype.
+
+ * lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
+ handle other key types than DES
+
+ * lib/krb5/encrypt.c (key_type): add `best_cksumtype'
+ (krb5_keytype_to_cksumtype): new function
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): figure out
+ what etype to use from the keytype.
+
+ * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
+ and `enctype' to 0
+
+ * admin/extkeytab.c (ext_keytab): extract all keys
+
+ * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
+
+ * configure.in: check for <netinet6/in6.h>. check for -linet6
+
+Tue Sep 23 03:00:53 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
+
+ * lib/krb5/rd_safe.c: fix check for keyed and collision-proof
+ checksum
+
+ * lib/krb5/context.c (valid_etype): remove hard-coded constants
+ (default_etypes): include DES3
+
+ * kdc/kerberos5.c: fix check for keyed and collision-proof
+ checksum
+
+ * admin/util.c (init_des_key, set_password): DES3 keys also
+
+ * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
+ no contact?
+
+ * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
+
+Mon Sep 22 11:44:27 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
+ the client is used to select wich key to encrypt the kdc rep with
+ (in case of as-req), and with the server info to select the
+ session key type. The server key the ticket is encrypted is based
+ purely on the keys in the database.
+
+ * kdc/string2key.c: Add keytype support. Default to version 5
+ keys.
+
+ * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
+
+ * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
+ many *_to_* functions.
+
+ * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
+ to krb5_string_to_key().
+
+ * lib/krb5/checksum.c: Some cleanup, and added:
+ - rsa-md5-des3
+ - hmac-sha1-des3
+ - keyed and collision proof flags to each checksum method
+ - checksum<->string functions.
+
+ * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
+
+Sun Sep 21 15:19:23 1997 Assar Westerlund <assar at sics.se>
+
+ * kdc/connect.c: use new addr_families functions
+
+ * kpasswd/kpasswdd.c: use new addr_families functions. Now works
+ over IPv6
+
+ * kuser/klist.c: use correct symbols for address families
+
+ * lib/krb5/sock_principal.c: use new addr_families functions
+
+ * lib/krb5/send_to_kdc.c: use new addr_families functions
+
+ * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
+
+ * lib/krb5/get_addrs.c: use new addr_families functions
+
+ * lib/krb5/changepw.c: use new addr_families functions. Now works
+ over IPv6
+
+ * lib/krb5/auth_context.c: use new addr_families functions
+
+ * lib/krb5/addr_families.c: new file
+
+ * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated
+ uses.
+
+ * acinclude.m4: new macro `AC_KRB_IPV6'. Use it.
+
+Sat Sep 13 23:04:23 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
+ principals.
+
+Sat Sep 13 00:59:36 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0h
+
+ * appl/telnet/telnet/commands.c: AF_INET6 support
+
+ * admin/misc.c: new file
+
+ * lib/krb5/context.c: new configuration variable `max_retries'
+
+ * lib/krb5/get_addrs.c: fixes and better #ifdef's
+
+ * lib/krb5/config_file.c: implement krb5_config_get_int
+
+ * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
+ AF_INET6 support
+
+ * kuser/klist.c: support for printing IPv6-addresses
+
+ * kdc/connect.c: support AF_INET6
+
+ * configure.in: test for gethostbyname2 and struct sockaddr_in6
+
+Thu Sep 11 07:25:28 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
+ PA-DATA'
+
+Wed Sep 10 21:20:17 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c: Fixes for cross-realm, including (but not
+ limited to):
+ - allow client to be non-existant (should probably check for
+ "local realm")
+ - if server isn't found and it is a request for a krbtgt, try to
+ find a realm on the way to the requested realm
+ - update the transited encoding iff
+ client-realm != server-realm != tgt-realm
+
+ * lib/krb5/get_cred.c: Several fixes for cross-realm.
+
+Tue Sep 9 15:59:20 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/string2key.c: Fix password handling.
+
+ * lib/krb5/encrypt.c: krb5_key_to_string
+
+Tue Sep 9 07:46:05 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_addrs.c: rewrote. Now should be able to handle
+ aliases and IPv6 addresses
+
+ * kuser/klist.c: try printing IPv6 addresses
+
+ * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
+
+ * configure.in: check for <netinet/in6_var.h>
+
+Mon Sep 8 02:57:14 1997 Assar Westerlund <assar at sics.se>
+
+ * doc: fixes
+
+ * admin/util.c (init_des_key): increase kvno
+ (set_password): return -1 if `des_read_pw_string' failed
+
+ * admin/mod.c (doit2): check the return value from `set_password'
+
+ * admin/ank.c (doit): don't add a new entry if `set_password'
+ failed
+
+Mon Sep 8 02:20:16 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/verify_init.c: fix ap_req_nofail semantics
+
+ * lib/krb5/transited.c: something that might resemble
+ domain-x500-compress
+
+Mon Sep 8 01:24:42 1997 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c (main): check number of arguments
+
+ * appl/popper/pop_init.c (pop_init): check number of arguments
+
+ * kpasswd/kpasswd.c (main): check number of arguments
+
+ * kdc/string2key.c (main): check number of arguments
+
+ * kuser/kdestroy.c (main): check number of arguments
+
+ * kuser/kinit.c (main): check number of arguments
+
+ * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
+ break out of select when a signal arrives
+
+ * kdc/main.c (main): use sigaction without SA_RESTART to break out
+ of select when a signal arrives
+
+ * kdc/kstash.c: default to HDB_DB_DIR "/m-key"
+
+ * kdc/config.c (configure): add `--version'. Check the number of
+ arguments. Handle the case of there being no specification of port
+ numbers.
+
+ * admin/util.c: seal and unseal key at appropriate places
+
+ * admin/kdb_edit.c (main): parse arguments, config file and read
+ master key iff there's one.
+
+ * admin/extkeytab.c (ext_keytab): unseal key while extracting
+
+Sun Sep 7 20:41:01 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/roken/roken.h: include <fcntl.h>
+
+ * kdc/kerberos5.c (set_salt_padata): new function
+
+ * appl/telnet/telnetd/telnetd.c: Rename some variables that
+ conflict with cpp symbols on HP-UX 10.20
+
+ * change all calls of `gethostbyaddr' to cast argument 1 to `const
+ char *'
+
+ * acconfig.h: only use SGTTY on nextstep
+
+Sun Sep 7 14:33:50 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c: Check invalid flag.
+
+Fri Sep 5 14:19:38 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
+
+ * lib/kafs: Move functions common to krb/krb5 modules to new file,
+ and make things more modular.
+
+ * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
+ -> krb5_config_list
+
+Thu Sep 4 23:39:43 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/get_addrs.c: Fix loopback test.
+
+Thu Sep 4 04:45:49 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/roken/roken.h: fallback definition of `O_ACCMODE'
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
+ checking for a v4 reply
+
+Wed Sep 3 18:20:14 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
+
+ * lib/hdb/hdb.c: new {seal,unseal}_keys functions
+
+ * kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
+
+ * kdc/hprop.c: Don't use same master key as version 4.
+
+ * admin/util.c: Don't dump core if no `default' is found.
+
+Wed Sep 3 16:01:07 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/connect.c: Allow run time port specification.
+
+ * kdc/config.c: Add flags for http support, and port
+ specifications.
+
+Tue Sep 2 02:00:03 1997 Assar Westerlund <assar at sics.se>
+
+ * include/bits.c: Don't generate ifndef's in bits.h. Instead, use
+ them when building the program. This makes it possible to include
+ bits.h without having defined all HAVE_INT17_T symbols.
+
+ * configure.in: test for sigaction
+
+ * doc: updated documentation.
+
+Tue Sep 2 00:20:31 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Release 0.0g
+
+Mon Sep 1 17:42:14 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/data.c: don't return ENOMEM if len == 0
+
+Sun Aug 31 17:15:49 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/hdb/hdb.asn1: Include salt type in salt.
+
+ * kdc/hprop.h: Change port to 754.
+
+ * kdc/hpropd.c: Verify who tries to transmit a database.
+
+ * appl/popper: Use getarg and krb5_log.
+
+ * lib/krb5/get_port.c: Add context parameter. Now takes port in
+ host byte order.
+
+Sat Aug 30 18:48:19 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/connect.c: Add timeout to select, and log about expired tcp
+ connections.
+
+ * kdc/config.c: Add `database' option.
+
+ * kdc/hpropd.c: Log about duplicate entries.
+
+ * lib/hdb/{db,ndbm}.c: Use common routines.
+
+ * lib/hdb/common.c: Implement more generic fetch/store/delete
+ functions.
+
+ * lib/hdb/hdb.h: Add `replace' parameter to store.
+
+ * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
+ entries.
+
+Fri Aug 29 03:13:23 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
+
+ * aux/make-proto.pl: fix __P for stone age mode
+
+Fri Aug 29 02:45:46 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/45/mk_req.c: implementation of krb_mk_req that uses 524
+ protocol
+
+ * lib/krb5/init_creds_pw.c: make change_password and
+ get_init_creds_common static
+
+ * lib/krb5/krb5.h: Merge stuff from removed headerfiles.
+
+ * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
+
+ * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
+
+Fri Aug 29 01:45:25 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/krb5.h: Remove all prototypes.
+
+ * lib/krb5/convert_creds.c: Use `struct credentials' instead of
+ `CREDENTIALS'.
+
+Fri Aug 29 00:08:18 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
+ and units for bit strings.
+
+ * admin/util.c: flags2int, int2flags, and flag_units are now
+ generated by asn1_compile
+
+ * lib/roken/parse_units.c: generalised `parse_units' and
+ `unparse_units' and added new functions `parse_flags' and
+ `unparse_flags' that use these
+
+ * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
+
+ * admin/util.c: Use {un,}parse_flags for printing and parsing
+ hdbflags.
+
+Thu Aug 28 03:26:12 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_addrs.c: restructured
+
+ * lib/krb5/warn.c (_warnerr): leak less memory
+
+ * lib/hdb/hdb.c (hdb_free_entry): zero keys
+ (hdb_check_db_format): leak less memory
+
+ * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
+ NDBM__get, NDBM__put
+
+ * lib/hdb/db.c (DB_seq): check for valid hdb_entries
+
+Thu Aug 28 02:06:58 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
+
+Thu Aug 28 01:13:17 1997 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.1, klist.1, kdestroy.1: new man pages
+
+ * kpasswd/kpasswd.1, kpasswdd.8: new man pages
+
+ * kdc/kstash.8, hprop.8, hpropd.8: new man pages
+
+ * admin/ktutil.8, admin/kdb_edit.8: new man pages
+
+ * admin/mod.c: new file
+
+ * admin/life.c: renamed gettime and puttime to getlife and putlife
+ and moved them to life.c
+
+ * admin/util.c: add print_flags, parse_flags, init_entry,
+ set_created_by, set_modified_by, edit_entry, set_password. Use
+ them.
+
+ * admin/get.c: use print_flags
+
+ * admin: removed unused stuff. use krb5_{warn,err}*
+
+ * admin/ank.c: re-organized and abstracted.
+
+ * admin/gettime.c: removed
+
+Thu Aug 28 00:37:39 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
+
+ * lib/roken/base64.c: Add base64 functions.
+
+ * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
+
+Wed Aug 27 00:29:20 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * include/Makefile.am: Don't make links to built files.
+
+ * admin/kdb_edit.c: Add command to set the database path.
+
+ * lib/hdb: Include version number in database.
+
+Tue Aug 26 20:14:54 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * admin/ktutil: Merged v4 srvtab conversion.
+
+Mon Aug 25 23:02:18 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/roken/roken.h: add F_OK
+
+ * lib/gssapi/acquire_creds.c: fix typo
+
+ * configure.in: call AC_TYPE_MODE_T
+
+ * acinclude.m4: Add AC_TYPE_MODE_T
+
+Sun Aug 24 16:46:53 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0f
+
+Sun Aug 24 08:06:54 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/popper/pop_pass.c: log poppers
+
+ * kdc/kaserver.c: some more checks
+
+ * kpasswd/kpasswd.c: removed `-p'
+
+ * kuser/kinit.c: removed `-p'
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
+ KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
+ krb-error text
+
+ * lib/gssapi/import_name.c (input_name): more names types.
+
+ * admin/load.c (parse_keys): handle the case of an empty salt
+
+ * kdc/kaserver.c: fix up memory deallocation
+
+ * kdc/kaserver.c: quick hack at talking kaserver protocol
+
+ * kdc/kerberos4.c: Make `db-fetch4' global
+
+ * configure.in: add --enable-kaserver
+
+ * kdc/rx.h, kdc/kerberos4.h: new header files
+
+ * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
+
+Sun Aug 24 03:52:44 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
+ type conflicts.
+
+ * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
+
+ * lib/des/{md4,md5,sha}.c: Now works on Crays.
+
+Sat Aug 23 18:15:01 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * appl/afsutil/afslog.c: If no cells or files specified, get
+ tokens for all local cells. Better test for files.
+
+Thu Aug 21 23:33:38 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/gssapi/v1.c: new file with v1 compatibility functions.
+
+Thu Aug 21 20:36:13 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
+
+ * kdc/kerberos4.c: Check database when converting v4 principals.
+
+ * kdc/kerberos5.c: Include kvno in Ticket.
+
+ * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
+
+ * kuser/klist.c: Print version number of ticket, include more
+ flags.
+
+Wed Aug 20 21:26:58 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
+ expiration.
+
+Wed Aug 20 17:40:31 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
+ there's an error.
+
+ * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
+ documentation and process KRB-ERROR's
+
+Tue Aug 19 20:41:30 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
+
+Mon Aug 18 05:15:09 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/gssapi/accept_sec_context.c: Added
+ `gsskrb5_register_acceptor_identity'
+
+Sun Aug 17 01:40:20 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
+ always pass server == NULL to krb5_rd_req.
+
+ * lib/gssapi: new files: canonicalize_name.c export_name.c
+ context_time.c compare_name.c release_cred.c acquire_cred.c
+ inquire_cred.c, from Luke Howard <lukeh at xedoc.com.au>
+
+ * lib/krb5/config_file.c: Add netinfo support from Luke Howard
+ <lukeh at xedoc.com.au>
+
+ * lib/editline/sysunix.c: sgtty-support from Luke Howard
+ <lukeh at xedoc.com.au>
+
+ * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
+ Howard <lukeh at xedoc.com.au>
+
+Sat Aug 16 00:44:47 1997 Assar Westerlund <assar at koi.pdc.kth.se>
+
+ * Release 0.0e
+
+Sat Aug 16 00:23:46 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * appl/afsutil/afslog.c: Use new libkafs.
+
+ * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
+
+ * lib/krb5/warn.c: Fix format string for *x type.
+
+Fri Aug 15 22:15:01 1997 Assar Westerlund <assar at sics.se>
+
+ * admin/get.c (get_entry): print more information about the entry
+
+ * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
+
+ * lib/krb5/config_file.c: new functions `krb5_config_get_time' and
+ `krb5_config_vget_time'. Use them.
+
+Fri Aug 15 00:09:37 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * admin/ktutil.c: Keytab manipulation program.
+
+ * lib/krb5/keytab.c: Return sane values from resolve and
+ start_seq_get.
+
+ * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
+
+ * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
+ krb524_convert_creds_kdc.
+
+ * lib/krb5/convert_creds.c: Implementation of
+ krb524_convert_creds_kdc.
+
+ * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
+
+ * kdc/524.c: A somewhat working 524-protocol module.
+
+ * kdc/kerberos4.c: Add version 4 ticket encoding and encryption
+ functions.
+
+ * lib/krb5/context.c: Fix kdc_timeout.
+
+ * lib/hdb/{ndbm,db}.c: Free name in close.
+
+ * kdc/kerberos5.c (tgs_check_autenticator): Return error code
+
+Thu Aug 14 21:29:03 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
+
+ * lib/krb5/store_emem.c: Fix reallocation bug.
+
+Tue Aug 12 01:29:46 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
+ `krb5_sock_to_principal'. Send server parameter to
+ krb5_rd_req/krb5_recvauth. Set addresses in auth_context.
+
+ * lib/krb5/recvauth.c: Set addresses in auth_context if there
+ aren't any
+
+ * lib/krb5/auth_context.c: New function
+ `krb5_auth_con_setaddrs_from_fd'
+
+ * lib/krb5/sock_principal.c: new function
+ `krb5_sock_to_principal'
+
+ * lib/krb5/time.c: new file with `krb5_timeofday' and
+ `krb5_us_timeofday'. Use these functions.
+
+ * kuser/klist.c: print KDC offset iff verbose
+
+ * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
+ [libdefaults]kdc_timesync is set.
+
+ * lib/krb5/fcache.c: Implement version 4 of the ccache format.
+
+Mon Aug 11 05:34:43 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
+
+ * lib/krb5/principal.c (krb5_unparse_name): allocate memory
+ properly
+
+ * kpasswd/kpasswd.c: Use `krb5_change_password'
+
+ * lib/krb5/init_creds_pw.c (init_cred): set realm of server
+ correctly.
+
+ * lib/krb5/init_creds_pw.c: support changing of password when it
+ has expired
+
+ * lib/krb5/changepw.c: new file
+
+ * kuser/klist.c: use getarg
+
+ * admin/init.c (init): add `kadmin/changepw'
+
+Mon Aug 11 04:30:47 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
+
+Mon Aug 11 00:03:24 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/config_file.c: implement support for #-comments
+
+Sat Aug 9 02:21:46 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/hprop*.c: Add database propagation programs.
+
+ * kdc/connect.c: Max request size.
+
+Sat Aug 9 00:47:28 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/otp: resurrected from krb4
+
+ * appl/push: new program for fetching mail with POP.
+
+ * appl/popper/popper.h: new include files. new fields in `POP'
+
+ * appl/popper/pop_pass.c: Implement both v4 and v5.
+
+ * appl/popper/pop_init.c: Implement both v4 and v5.
+
+ * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5
+
+ * appl/popper: Popper from krb4.
+
+ * configure.in: check for inline and <netinet/tcp.h> generate
+ files in appl/popper, appl/push, and lib/otp
+
+Fri Aug 8 05:51:02 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_cred.c: clean-up and try to free memory even when
+ there're errors
+
+ * lib/krb5/get_cred.c: adapt to new `extract_ticket'
+
+ * lib/krb5/get_in_tkt.c: reorganize. check everything and try to
+ return memory even if there are errors.
+
+ * kuser/kverify.c: new file
+
+ * lib/krb5/free_host_realm.c: new file
+
+ * lib/krb5/principal.c (krb5_sname_to_principal): implement
+ different nametypes. Also free memory.
+
+ * lib/krb5/verify_init.c: more functionality
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
+
+ * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
+ principals in creds. Should also compare them with that received
+ from the KDC
+
+ * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
+ krb5_ccache
+ (krb5_cc_destroy): call krb5_cc_close
+ (krb5_cc_retrieve_cred): delete the unused creds
+
+Fri Aug 8 02:30:40 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/log.c: Allow better control of destinations of logging
+ (like passing explicit destinations, and log-functions).
+
+Fri Aug 8 01:20:39 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_default_principal.c: new file
+
+ * kpasswd/kpasswdd.c: use krb5_log*
+
+Fri Aug 8 00:37:47 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
+
+Fri Aug 8 00:37:17 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
+ Print password expire information.
+
+ * kdc/config.c: new variable `kdc_warn_pwexpire'
+
+ * kpasswd/kpasswd.c: converted to getarg and get_init_creds
+
+Thu Aug 7 22:17:09 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mcache.c: new file
+
+ * admin/gettime.c: new function puttime. Use it.
+
+ * lib/krb5/keyblock.c: Added krb5_free_keyblock and
+ krb5_copy_keyblock
+
+ * lib/krb5/init_creds_pw.c: more functionality
+
+ * lib/krb5/creds.c: Added krb5_free_creds_contents and
+ krb5_copy_creds. Changed callers.
+
+ * lib/krb5/config_file.c: new functions krb5_config_get and
+ krb5_config_vget
+
+ * lib/krb5/cache.c: cleanup added mcache
+
+ * kdc/kerberos5.c: include last-req's of type 6 and 7, if
+ applicable
+
+Wed Aug 6 20:38:23 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
+
+Tue Aug 5 22:53:54 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
+ prompter_posix.c: the beginning of an implementation of the cygnus
+ initial-ticket API.
+
+ * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
+ almost krb5_get_in_tkt but doesn't write the creds to the ccache.
+ Small fixes in krb5_get_in_tkt
+
+ * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
+ loopback.
+
+Mon Aug 4 20:20:48 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc: Make context global.
+
+Fri Aug 1 17:23:56 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0d
+
+ * lib/roken/flock.c: new file
+
+ * kuser/kinit.c: check for and print expiry information in the
+ `kdc_rep'
+
+ * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
+
+ * kdc/kerberos5.c: Check the valid times on client and server.
+ Check the password expiration.
+ Check the require_preauth flag.
+ Send an lr_type == 6 with pw_end.
+ Set key.expiration to min(valid_end, pw_end)
+
+ * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
+
+ * admin/util.c, admin/load.c: handle the new flags.
+
+Fri Aug 1 16:56:12 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/hdb: Add some simple locking.
+
+Sun Jul 27 04:44:31 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/log.c: Add some general logging functions.
+
+ * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
+ for this to work is that all involved principals has a des key in
+ the database, and that the client has a version 4 (un-)salted
+ key. Furthermore krb5_425_conv_principal has to do it's job, as
+ present it's not very clever.
+
+ * lib/krb5/principal.c: Quick patch to make 425_conv work
+ somewhat.
+
+ * lib/hdb/hdb.c: Add keytype->key and next key functions.
+
+Fri Jul 25 17:32:12 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
+ `cksum'. It's allocated and freed by the caller
+
+ * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
+
+ * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
+ `client' to return as part of the KRB-ERROR
+
+Thu Jul 24 08:13:59 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c: Unseal keys from database before use.
+
+ * kdc/misc.c: New functions set_master_key, unseal_key and
+ free_key.
+
+ * lib/roken/getarg.c: Handle `-f arg' correctly.
+
+Thu Jul 24 01:54:43 1997 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c: implement `-l' aka `--lifetime'
+
+ * lib/roken/parse_units.c, parse_time.c: new files
+
+ * admin/gettime.c (gettime): use `parse_time'
+
+ * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
+ KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
+
+ * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
+ addresses in auth_context bind one socket per interface.
+
+ * kpasswd/kpasswd.c: use sequence numbers
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
+ the timestamps
+
+ * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
+ from auth_context
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
+ from auth_context
+
+ * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
+ not a comerr'd number.
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
+ number in KRB-ERROR correctly.
+
+ * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
+ number in KRB-ERROR correctly.
+
+ * lib/asn1/k5.asn1: Add `METHOD-DATA'
+
+ * removed some memory leaks.
+
+Wed Jul 23 07:53:18 1997 Assar Westerlund <assar at sics.se>
+
+ * Release 0.0c
+
+ * lib/krb5/rd_cred.c, get_for_creds.c: new files
+
+ * lib/krb5/get_host_realm.c: try default realm as last chance
+
+ * kpasswd/kpasswdd.c: updated to hdb changes
+
+ * appl/telnet/libtelnet/kerberos5.c: Implement forwarding
+
+ * appl/telnet/libtelnet: removed totally unused files
+
+ * admin/ank.c: fix prompts and generation of random keys
+
+Wed Jul 23 04:02:32 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * admin/dump.c: Include salt in dump.
+
+ * admin: Mostly updated for new db-format.
+
+ * kdc/kerberos5.c: Update to use new db format. Better checking of
+ flags and such. More logging.
+
+ * lib/hdb/hdb.c: Use generated encode and decode functions.
+
+ * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
+
+ * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
+ in the reply.
+
+Sun Jul 20 16:22:30 1997 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c: break if des_read_pw_string() != 0
+
+ * kpasswd/kpasswdd.c: send a reply
+
+ * kpasswd/kpasswd.c: restructured code. better report on
+ krb-error break if des_read_pw_string() != 0
+
+ * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
+ starttime and renew_till
+
+ * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
+ keyblock to krb5_verify_chekcsum
+
+Sun Jul 20 06:35:46 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Release 0.0b
+
+ * kpasswd/kpasswd.c: Avoid using non-standard struct names.
+
+Sat Jul 19 19:26:23 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
+ `krb5_kt_start_seq_get'. From <map at stacken.kth.se>
+
+Sat Jul 19 04:07:39 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/asn1/k5.asn1: Update with more pa-data types from
+ draft-ietf-cat-kerberos-revisions-00.txt
+
+ * admin/load.c: Update to match current db-format.
+
+ * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
+ up. Send back an empty pa-data if the client has the v4 flag set.
+
+ * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
+ pa-data. DTRT if there is any pa-data in the reply.
+
+ * lib/krb5/str2key.c: XOR with some sane value.
+
+ * lib/hdb/hdb.h: Add `version 4 salted key' flag.
+
+ * kuser/kinit.c: Ask for password before calling get_in_tkt. This
+ makes it possible to call key_proc more than once.
+
+ * kdc/string2key.c: Add flags to output version 5 (DES only),
+ version 4, and AFS string-to-key of a password.
+
+ * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
+ ENOMEM).
+
+Fri Jul 18 02:54:58 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
+ name2name thing
+
+ * kdc/misc.c: check result of hdb_open
+
+ * admin/kdb_edit: updated to new sl
+
+ * lib/sl: sl_func now returns an int. != 0 means to exit.
+
+ * kpasswd/kpasswdd: A crude (but somewhat working) implementation
+ of `draft-ietf-cat-kerb-chg-password-00.txt'
+
+Fri Jul 18 00:55:39 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kuser/krenew.c: Crude ticket renewing program.
+
+ * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
+ get forwarded and renewed tickets.
+
+ * kuser/kinit.c: Add `-r' flag.
+
+ * lib/krb5/get_cred.c: Move most of contents of get_creds to new
+ function get_kdc_cred, that always contacts the kdc and doesn't
+ save in the cache. This is a hack.
+
+ * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
+ (a bit kludgy).
+
+ * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
+
+ * lib/krb5/send_to_kdc.c: Get timeout from context.
+
+ * lib/krb5/context.c: Add kdc_timeout to context struct.
+
+Thu Jul 17 20:35:45 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kuser/klist.c: Print start time of ticket if available.
+
+ * lib/krb5/get_host_realm.c: Return error if no realm was found.
+
+Thu Jul 17 20:28:21 1997 Assar Westerlund <assar at sics.se>
+
+ * kpasswd: non-working kpasswd added
+
+Thu Jul 17 00:21:22 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * Release 0.0a
+
+ * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
+
+Wed Jul 16 03:37:41 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
+
+ * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
+ subkey.
+
+ * lib/krb5/principal.c (krb5_free_principal): Check for NULL.
+
+ * lib/krb5/send_to_kdc.c: Check for NULL return from
+ gethostbyname.
+
+ * lib/krb5/set_default_realm.c: Try to get realm of local host if
+ no default realm is available.
+
+ * Remove non ASN.1 principal code.
+
+Wed Jul 16 03:17:30 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
+ error handing. Do some logging.
+
+ * kdc/log.c: Some simple logging facilities.
+
+ * kdc/misc.c (db_fetch): Take a krb5_principal.
+
+ * kdc/connect.c: Pass address of request to as_rep and
+ tgs_rep. Send KRB-ERROR.
+
+ * lib/krb5/mk_error.c: Add more fields.
+
+ * lib/krb5/get_cred.c: Print normal error code if no e_text is
+ available.
+
+Wed Jul 16 03:07:50 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
+ Change encryption type of pa_enc_timestamp to DES-CBC-MD5
+
+ * lib/krb5/context.c: recognize all encryption types actually
+ implemented
+
+ * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
+ encryption type to `DES_CBC_MD5'
+
+ * lib/krb5/read_message.c, write_message.c: new files
+
+Tue Jul 15 17:14:21 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
+
+ * lib/error/compile_et.awk: generate a prototype for the
+ `destroy_foo_error_table' function.
+
+Mon Jul 14 12:24:40 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
+ with `kerberos.REALM'
+
+ * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
+ `max_skew'
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
+ subkey
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): always
+ generate a subkey.
+
+ * lib/krb5/address.c: implement `krb5_address_order'
+
+ * lib/gssapi/import_name.c: Implement `gss_import_name'
+
+ * lib/gssapi/external.c: Use new OID
+
+ * lib/gssapi/encapsulate.c: New functions
+ `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed
+ callers.
+
+ * lib/gssapi/decapsulate.c: New function
+ `gssaspi_krb5_verify_header'. Changed callers.
+
+ * lib/asn1/gen*.c: Give tags to generated structs.
+ Use `err' and `asprintf'
+
+ * appl/test/gss_common.c: new file
+
+ * appl/test/gssapi_server.c: removed all krb5 calls
+
+ * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
+ verifying checksums. Also start using session subkeys.
+
+Mon Jul 14 12:08:25 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
+
+Sun Jul 13 03:07:44 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
+
+ * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
+ `DES_encrypt_key_ivec'
+
+ * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
+
+ * kdc/kerberos5.c (tgs_rep): support keyed checksums
+
+ * lib/krb5/creds.c: new file
+
+ * lib/krb5/get_in_tkt.c: better freeing
+
+ * lib/krb5/context.c (krb5_free_context): more freeing
+
+ * lib/krb5/config_file.c: New function `krb5_config_file_free'
+
+ * lib/error/compile_et.awk: Generate a `destroy_' function.
+
+ * kuser/kinit.c, klist.c: Don't leak memory.
+
+Sun Jul 13 02:46:27 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kdc/connect.c: Check filedescriptor in select.
+
+ * kdc/kerberos5.c: Remove most of the most common memory leaks.
+
+ * lib/krb5/rd_req.c: Free allocated data.
+
+ * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
+ fields.
+
+Sun Jul 13 00:32:16 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/telnet: Conditionalize the krb4-support.
+
+ * configure.in: Test for krb4
+
+Sat Jul 12 17:14:12 1997 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
+ set the `pre_authent' flag
+
+ * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
+
+ * lib/krb5/encrypt.c: Made `generate_random_block' global.
+
+ * appl/test: Added gssapi_client and gssapi_server.
+
+ * lib/krb5/data.c: Add `krb5_data_zero'
+
+ * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
+
+ * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
+
+Sat Jul 12 16:45:58 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
+ returns zero length from SIOCGIFCONF.
+
+Sat Jul 12 16:38:34 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/test: new programs
+
+ * lib/krb5/rd_req.c: add address compare
+
+ * lib/krb5/mk_req_ext.c: allow no checksum
+
+ * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
+
+ * lib/krb5/address.c: fix `krb5_address_compare'
+
+Sat Jul 12 15:03:16 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/get_addrs.c: Fix ip4 address extraction.
+
+ * kuser/klist.c: Add verbose flag, and split main into smaller
+ pieces.
+
+ * lib/krb5/fcache.c: Save ticket flags.
+
+ * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
+ flags.
+
+ * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
+
+Sat Jul 12 13:12:48 1997 Assar Westerlund <assar at sics.se>
+
+ * configure.in: Call `AC_KRB_PROG_LN_S'
+
+ * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
+
+Sat Jul 12 00:57:01 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
+ pass options.
+
+Fri Jul 11 15:04:22 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/telnet: telnet & telnetd seems to be working.
+
+ * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
+ krb5_config_vget_next
+
+ * appl/telnet/libtelnet/kerberos5.c: update to current API
+
+Thu Jul 10 14:54:39 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
+ `krb5_kuserok'
+
+ * appl/telnet: Added.
+
+Thu Jul 10 05:09:25 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/error/compile_et.awk: Remove usage of sub, gsub, and
+ functions for compatibility with awk.
+
+ * include/bits.c: Must use signed char.
+
+ * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
+ here.
+
+ * lib/error/error.c: Replace krb5_get_err_text with new function
+ com_right.
+
+ * lib/error/compile_et.awk: Avoid using static variables.
+
+ * lib/error/error.c: Don't use krb5_locl.h
+
+ * lib/error/error.h: Move definitions of error_table and
+ error_list from krb5.h.
+
+ * lib/error: Moved from lib/krb5.
+
+Wed Jul 9 07:42:04 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
+
+Wed Jul 9 06:58:00 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
+ according to pseudocode from 1510
+
+Wed Jul 9 06:06:06 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/hdb/hdb.c: Add hdb_etype2key.
+
+ * kdc/kerberos5.c: Check authenticator. Use more general etype
+ functions.
+
+Wed Jul 9 03:51:12 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
+ draft-ietf-cat-kerberos-r-00.txt
+
+ * lib/krb5/principal.c (krb5_parse_name): default to local realm
+ if none given
+
+ * kuser/kinit.c: New option `-p' and prompt
+
+Wed Jul 9 02:30:06 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/keyblock.c: Keyblock generation functions.
+
+ * lib/krb5/encrypt.c: Use functions from checksum.c.
+
+ * lib/krb5/checksum.c: Move checksum functions here. Add
+ krb5_cksumsize function.
+
+Wed Jul 9 01:15:38 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_host_realm.c: implemented
+
+ * lib/krb5/config_file.c: Redid part. New functions:
+ krb5_config_v?get_next
+
+ * kuser/kdestroy.c: new program
+
+ * kuser/kinit.c: new flag `-f'
+
+ * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
+
+ * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
+
+ * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all
+ users.
+
+ * lib/krb5/get_addrs.c: figure out all local addresses, possibly
+ even IPv6!
+
+ * lib/krb5/checksum.c: table-driven checksum
+
+Mon Jul 7 21:13:28 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
+ krb5_encrypt.
+
+Mon Jul 7 11:15:51 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/roken/vsyslog.c: new file
+
+ * lib/krb5/encrypt.c: add des-cbc-md4.
+ adjust krb5_encrypt and krb5_decrypt to reality
+
+Mon Jul 7 02:46:31 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/encrypt.c: Implement as a vector of function pointers.
+
+ * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
+ des-cbc-md5 in separate functions.
+
+ * lib/krb5/krb5.h: Add more checksum and encryption types.
+
+ * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
+
+Sun Jul 6 23:02:59 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
+
+ * lib/krb5/config_file.[ch]: new c-based configuration reading
+ stuff
+
+Wed Jul 2 23:12:56 1997 Assar Westerlund <assar at sics.se>
+
+ * configure.in: Set WFLAGS if using gcc
+
+Wed Jul 2 17:47:03 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/asn1/der_put.c (der_put_int): Return size correctly.
+
+ * admin/ank.c: Be compatible with the asn1 principal format.
+
+Wed Jul 1 23:52:20 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/asn1: Now all decode_* and encode_* functions now take a
+ final size_t* argument, that they return the size in. Return
+ values are zero for success, and anything else (such as some
+ ASN1_* constant) for error.
+
+Mon Jun 30 06:08:14 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
+ O_WRONLY | O_APPEND
+
+ * lib/krb5/get_cred.c: removed stale prototype for
+ `extract_ticket' and corrected call.
+
+ * lib/asn1/gen_length.c (length_type): Make the length functions
+ for SequenceOf non-destructive
+
+ * admin/ank.c (doit): Fix reading of `y/n'.
+
+Mon Jun 16 05:41:43 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
+
+ * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
+
+ * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum.
+
+ * lib/gssapi/8003.c: New file.
+
+ * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
+ Authenticator.
+
+ * lib/krb5/auth_context.c: New functions
+ `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
+
+Tue Jun 10 00:35:54 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5: Preapre for use of some asn1-types.
+
+ * lib/asn1/*.c (copy_*): Constness.
+
+ * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
+ octet_string.
+
+ * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
+ general_string
+
+ * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
+ have anything to do with asn1_compile.
+
+ * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
+
+Sun Jun 8 03:51:55 1997 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c: Fix PA-ENC-TS-ENC
+
+ * kdc/connect.c(process_request): Set `new'
+
+ * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
+
+ * lib: Added editline,sl,roken.
+
+Mon Jun 2 00:37:48 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/fcache.c: Move file cache from cache.c.
+
+ * lib/krb5/cache.c: Allow more than one cache type.
+
+Sun Jun 1 23:45:33 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * admin/extkeytab.c: Merged with kdb_edit.
+
+Sun Jun 1 23:23:08 1997 Assar Westerlund <assar at sics.se>
+
+ * kdc/kdc.c: more support for ENC-TS-ENC
+
+ * lib/krb5/get_in_tkt.c: redone to enable pre-authentication
+
+Sun Jun 1 22:45:11 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/hdb/db.c: Merge fetch and store.
+
+ * admin: Merge to one program.
+
+ * lib/krb5/str2key.c: Fill in keytype and length.
+
+Sun Jun 1 16:31:23 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
+ lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE
+
+ * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
+ KRB_ERROR. Some support for PA_ENC_TS_ENC.
+
+ * lib/krb5/auth_context.c: implemented seq_number functions
+
+ * lib/krb5/generate_subkey.c, generate_seq_number.c: new files
+
+ * lib/gssapi/gssapi.h: avoid including <krb5.h>
+
+ * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
+ happy
+
+ * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
+
+ * configure.in: adapted to automake 1.1p
+
+Mon May 26 22:26:21 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/principal.c: Add contexts to many functions.
+
+Thu May 15 20:25:37 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/verify_user.c: First stab at a verify user.
+
+ * lib/auth/sia/sia5.c: SIA module for Kerberos 5.
+
+Mon Apr 14 00:09:03 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
+ able to (mostly) run gss-client and gss-server.
+
+ * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
+ krb5_kt_store_principal, krb5_kt_store_keyblock
+
+ * lib/des/md5.[ch], sha.[ch]: new files
+
+ * lib/asn1/der_get.c (generalizedtime2time): use `timegm'
+
+ * lib/asn1/timegm.c: new file
+
+ * admin/extkeytab.c: new program
+
+ * admin/admin_locl.h: new file
+
+ * admin/Makefile.am: Added extkeytab
+
+ * configure.in: moved config to include
+ removed timezone garbage
+ added lib/gssapi and admin
+
+ * Makefile.am: Added admin
+
+Mon Mar 17 11:34:05 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/kdc.c: Use new copying functions, and free some data.
+
+ * lib/asn1/Makefile.am: Try to not always rebuild generated files.
+
+ * lib/asn1/der_put.c: Add fix_dce().
+
+ * lib/asn1/der_{get,length,put}.c: Fix include files.
+
+ * lib/asn1/der_free.c: Remove unused functions.
+
+ * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
+ gen_length, and gen_copy.
+
+Sun Mar 16 18:13:52 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/sendauth.c: implemented functionality
+
+ * lib/krb5/rd_rep.c: Use `krb5_decrypt'
+
+ * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
+ NULL
+
+ * lib/krb5/principal.c (krb5_free_principal): added `context'
+ argument. Changed all callers.
+
+ (krb5_sname_to_principal): new function
+
+ * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
+ argument. Changed all callers
+
+ * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
+
+ * lib/asn1/gen.c: Fix encoding and decoding of BitStrings
+
+Fri Mar 14 11:29:00 1997 Assar Westerlund <assar at sics.se>
+
+ * configure.in: look for *dbm?
+
+ * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
+ Put trailing newline in asn1_files.
+
+Fri Mar 14 05:06:44 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/get_in_tkt.c: Fix some memory leaks.
+
+ * lib/krb5/krbhst.c: Properly free hostlist.
+
+ * lib/krb5/decrypt.c: CRCs are 32 bits.
+
+Fri Mar 14 04:39:15 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/asn1/gen.c: Generate one file for each type.
+
+Fri Mar 14 04:13:47 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/gen.c: Generate `length_FOO' functions
+
+ * lib/asn1/der_length.c: new file
+
+ * kuser/klist.c: renamed stime -> printable_time to avoid conflict
+ on HP/UX
+
+Fri Mar 14 03:37:23 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
+ datums. Don't add .db to filename.
+
+Fri Mar 14 02:49:51 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/dump.c: Database dump program.
+
+ * kdc/ank.c: Trivial database editing program.
+
+ * kdc/{kdc.c, load.c}: Use libhdb.
+
+ * lib/hdb: New database routine library.
+
+ * lib/krb5/error/Makefile.am: Add hdb_err.
+
+Wed Mar 12 17:41:14 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
+
+ * lib/asn1/gen.c: Generate free functions.
+
+ * Some specific free functions.
+
+Wed Mar 12 12:30:13 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5_mk_req_ext.c: new file
+
+ * lib/asn1/gen.c: optimize the case with a simple type
+
+ * lib/krb5/get_cred.c (krb5_get_credentials): Use
+ `mk_req_extended' and remove old code.
+
+ * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
+ EncASRepPart, then with an EncTGSRepPart.
+
+Wed Mar 12 08:26:04 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/store_emem.c: New resizable memory storage.
+
+ * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
+
+ * lib/krb5/krb5.h: Add free entry to krb5_storage.
+
+ * lib/krb5/decrypt.c: Make keyblock const.
+
+Tue Mar 11 20:22:17 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
+
+ * lib/krb5/rd_req.c: Return whole asn.1 ticket in
+ krb5_ticket->tkt.
+
+ * lib/krb5/get_in_tkt.c: TGS -> AS
+
+ * kuser/kfoo.c: Print error string rather than number.
+
+ * kdc/kdc.c: Some kind of non-working TGS support.
+
+Mon Mar 10 01:43:22 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/gen.c: reduced generated code by 1/5
+
+ * lib/asn1/der_put.c: (der_put_length_and_tag): new function
+
+ * lib/asn1/der_get.c (der_match_tag_and_length): new function
+
+ * lib/asn1/der.h: added prototypes
+
+Mon Mar 10 01:15:43 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
+ krb5_rd_req_with_keyblock.
+
+ * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
+ takes a precomputed keyblock.
+
+ * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
+
+ * lib/krb5/mk_req.c: Calculate checksum of in_data.
+
+Sun Mar 9 21:17:58 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/error/compile_et.awk: Add a declaration of struct
+ error_list, and multiple inclusion block to header files.
+
+Sun Mar 9 21:01:12 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_req.c: do some checks on times
+
+ * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
+ address.c}: new files
+
+ * lib/krb5/auth_context.c: more code
+
+ * configure.in: try to figure out timezone
+
+Sat Mar 8 11:41:07 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/error/error.c: Try strerror if error code wasn't found.
+
+ * lib/krb5/get_in_tkt.c: Remove realm parameter from
+ krb5_get_salt.
+
+ * lib/krb5/context.c: Initialize error table.
+
+ * kdc: The beginnings of a kdc.
+
+Sat Mar 8 08:16:28 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_safe.c: new file
+
+ * lib/krb5/checksum.c (krb5_verify_checksum): New function
+
+ * lib/krb5/get_cred.c: use krb5_create_checksum
+
+ * lib/krb5/checksum.c: new file
+
+ * lib/krb5/store.c: no more arithmetic with void*
+
+ * lib/krb5/cache.c: now seems to work again
+
+Sat Mar 8 06:58:09 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
+
+ * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
+
+ * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
+
+ * lib/krb5/{cache,keytab}.c: Use new storage functions.
+
+ * lib/krb5/krb5.h: Protypes for new storage functions.
+
+ * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
+ data to more than file descriptors.
+
+Sat Mar 8 01:01:17 1997 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/encrypt.c: New file.
+
+ * lib/krb5/Makefile.am: More -I
+
+ * configure.in: Test for big endian, random, rand, setitimer
+
+ * lib/asn1/gen.c: perhaps even decodes bitstrings
+
+Thu Mar 6 19:05:29 1997 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/config_file.y: Better return values on error.
+
+Sat Feb 8 15:59:56 1997 Assar Westerlund <assar at pdc.kth.se>
+
+ * lib/asn1/parse.y: ifdef HAVE_STRDUP
+
+ * lib/asn1/lex.l: ifdef strdup
+ brange-dead version of list of special characters to make stupid
+ lex accept it.
+
+ * lib/asn1/gen.c: A DER integer should really be a `unsigned'
+
+ * lib/asn1/der_put.c: A DER integer should really be a `unsigned'
+
+ * lib/asn1/der_get.c: A DER integer should really be a `unsigned'
+
+ * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
+ needed.
+
+ * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
+ lib/krb/store.h: new files.
+
+ * lib/krb5/keytab.c: now even with some functionality.
+
+ * lib/asn1/gen.c: changed paramater from void * to Foo *
+
+ * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
+ string.
+
+Sun Jan 19 06:17:39 1997 Assar Westerlund <assar at pdc.kth.se>
+
+ * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
+ cc before getting new ones.
+
+ * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
+ CRC should be stored LSW first. (?)
+
+ * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
+ `krb5_free_keyblock'
+
+ * lib/**/Makefile.am: Rename foo libfoo.a
+
+ * include/Makefile.in: Use test instead of [
+ -e does not work with /bin/sh on psoriasis
+
+ * configure.in: Search for awk
+ create lib/krb/error/compile_et
+
+Tue Jan 14 03:46:26 1997 Assar Westerlund <assar at pdc.kth.se>
+
+ * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
+
+Wed Dec 18 00:53:55 1996 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * kuser/kinit.c: Guess principal.
+
+ * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
+ warnings.
+
+ * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
+
+ * lib/krb5/mk_req.c: Get client from cache.
+
+ * lib/krb5/cache.c: Add better error checking some useful return
+ values.
+
+ * lib/krb5/krb5.h: Fix krb5_auth_context.
+
+ * lib/asn1/der.h: Make krb5_data compatible with krb5.h
+
+Tue Dec 17 01:32:36 1996 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/error: Add primitive error library.
+
+Mon Dec 16 16:30:20 1996 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lib/krb5/cache.c: Get correct address type from cache.
+
+ * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
+
Added: vendor-crypto/heimdal/dist/ChangeLog.1999
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.1999 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.1999 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2194 @@
+1999-12-30 Assar Westerlund <assar at sics.se>
+
+ * configure.in (krb4): use `-ldes' in tests
+
+1999-12-26 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/print.c (event2string): handle events without principal.
+ From Luke Howard <lukeh at PADL.COM>
+
+1999-12-25 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2j
+
+Tue Dec 21 18:03:17 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
+ related systems
+
+ * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
+ related systems
+
+ * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
+ related systems
+
+1999-12-20 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2i
+
+1999-12-20 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
+
+ * lib/krb5/send_to_kdc.c (send_via_proxy): free data
+ * lib/krb5/send_to_kdc.c (send_via_proxy): new function use
+ getaddrinfo instead of gethostbyname{,2}
+ * lib/krb5/get_for_creds.c: use getaddrinfo instead of
+ getnodebyname{,2}
+
+1999-12-17 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2h
+
+1999-12-17 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2g
+
+1999-12-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: bump version to 6:2:1
+
+ * lib/krb5/principal.c (krb5_sname_to_principal): handle
+ ai_canonname not being set
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
+ ai_canonname not being set
+
+ * appl/test/uu_server.c: print messages to stderr
+ * appl/test/tcp_server.c: print messages to stderr
+ * appl/test/nt_gss_server.c: print messages to stderr
+ * appl/test/gssapi_server.c: print messages to stderr
+
+ * appl/test/tcp_client.c (proto): remove shadowing `context'
+ * appl/test/common.c (client_doit): add forgotten ntohs
+
+1999-12-13 Assar Westerlund <assar at sics.se>
+
+ * configure.in (VERISON): bump to 0.2g-pre
+
+1999-12-12 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
+ robust and handle extra dot at the beginning of default_domain
+
+1999-12-12 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2f
+
+1999-12-12 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: bump version to 6:1:1
+
+ * lib/krb5/changepw.c (get_kdc_address): use
+ `krb5_get_krb_changepw_hst'
+
+ * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
+
+ * lib/krb5/get_host_realm.c: add support for _kerberos.domain
+ (according to draft-ietf-cat-krb-dns-locate-01.txt)
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2e
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/changepw.c (krb5_change_password): use the correct
+ address
+
+ * lib/krb5/Makefile.am: bump version to 6:0:1
+
+ * lib/asn1/Makefile.am: bump version to 1:4:0
+
+1999-12-04 Assar Westerlund <assar at sics.se>
+
+ * configure.in: move AC_KRB_IPv6 to make sure it's performed
+ before AC_BROKEN
+ (el_init): use new feature of AC_FIND_FUNC_NO_LIBS
+
+ * appl/test/uu_client.c: use client_doit
+ * appl/test/test_locl.h (client_doit): add prototype
+ * appl/test/tcp_client.c: use client_doit
+ * appl/test/nt_gss_client.c: use client_doit
+ * appl/test/gssapi_client.c: use client_doit
+ * appl/test/common.c (client_doit): move identical code here and
+ start using getaddrinfo
+
+ * appl/kf/kf.c (doit): rewrite to use getaddrinfo
+ * kdc/hprop.c: re-write to use getaddrinfo
+ * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname): use
+ getaddrinfo
+ * lib/krb5/changepw.c: re-write to use getaddrinfo
+ * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
+
+1999-12-03 Assar Westerlund <assar at sics.se>
+
+ * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
+ getnameinfo, gai_strerror
+ (socklen_t): check for
+
+1999-12-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
+
+1999-11-23 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
+ within unicode characters. this should probably be done in some
+ arbitrarly complex way to do it properly and you would have to
+ know what character encoding was used for the password and salt
+ string.
+
+ * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
+ (INADDR_ANY)
+ (ipv6_uninteresting): remove unused macro
+
+1999-11-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: rc4->arcfour
+
+ * lib/krb5/crypto.c: rc4->arcfour
+
+1999-11-17 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5_locl.h: add <rc4.h>
+ * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
+ * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
+ not be totally different from some small company up in the
+ north-west corner of the US
+
+ * lib/krb5/get_addrs.c (find_all_addresses): change code to
+ actually increment buf_size
+
+1999-11-14 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
+ * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
+ scanning optional
+ * lib/krb5/context.c (init_context_from_config_file): set
+ `scan_interfaces'
+
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
+ * lib/krb5/add_et_list.c (krb5_add_et_list): new function
+
+1999-11-12 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_default_realm.c (krb5_get_default_realm,
+ krb5_get_default_realms): set realms if they were unset
+ * lib/krb5/context.c (init_context_from_config_file): don't
+ initialize default realms here. it's done lazily instead.
+
+ * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
+ * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
+ bit constants are unsigned
+ * lib/asn1/gen.c (define_type): make length in sequences be
+ unsigned.
+
+ * configure.in: remove duplicate test for setsockopt test for
+ struct tm.tm_isdst
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
+ preauthentication information if we get back ERR_PREAUTH_REQUIRED
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
+ preauthentication generation code. it's now in krb5_get_in_cred
+
+ * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
+ tm.tm_gmtoff and timezone
+
+1999-11-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/main.c: make this work with multi-db
+
+ * kdc/kdc_locl.h: make this work with multi-db
+
+ * kdc/config.c: make this work with multi-db
+
+1999-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/misc.c: update for multi-database code
+
+ * kdc/main.c: update for multi-database code
+
+ * kdc/kdc_locl.h: update
+
+ * kdc/config.c: allow us to have more than one database
+
+1999-11-04 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2d
+
+ * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
+ (krb5_context_data has changed and some code do (might) access
+ fields directly)
+
+ * lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
+
+ * lib/krb5/get_cred.c (init_tgs_req): use
+ krb5_keytype_to_enctypes_default
+
+ * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
+ function
+
+ * lib/krb5/context.c (set_etypes): new function
+ (init_context_from_config_file): set both `etypes' and `etypes_des'
+
+1999-11-02 Assar Westerlund <assar at sics.se>
+
+ * configure.in (VERSION): bump to 0.2d-pre
+
+1999-10-29 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (krb5_parse_name): check memory allocations
+
+1999-10-28 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2c
+
+ * lib/krb5/dump_config.c (print_tree): check for empty tree
+
+ * lib/krb5/string-to-key-test.c (tests): update the test cases
+ with empty principals so that they actually use an empty realm and
+ not the default. use the correct etype for 3DES
+
+ * lib/krb5/Makefile.am: bump version to 4:1:0
+
+ * kdc/config.c (configure): more careful with the port string
+
+1999-10-26 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2b
+
+1999-10-20 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: bump version to 4:0:0
+ (krb524_convert_creds_kdc and potentially some other functions
+ have changed prototypes)
+
+ * lib/hdb/Makefile.am: bump version to 4:0:1
+
+ * lib/asn1/Makefile.am: bump version to 1:3:0
+
+ * configure.in (LIB_roken): add dbopen. getcap in roken
+ references dbopen and with shared libraries we need to add this
+ dependency.
+
+ * lib/krb5/verify_krb5_conf.c (main): support speicifying the
+ configuration file to test on the command line
+
+ * lib/krb5/config_file.c (parse_binding): handle line with no
+ whitespace before =
+ (krb5_config_parse_file_debug): set lineno earlier so that we don't
+ use it unitialized
+
+ * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
+ more include files for these tests
+
+ * lib/krb5/set_default_realm.c (krb5_set_default_realm): use
+ krb5_config_get_strings, which means that your configuration file
+ should look like:
+
+ [libdefaults]
+ default_realm = realm1 realm2 realm3
+
+ * lib/krb5/set_default_realm.c (config_binding_to_list): fix
+ copy-o. From Michal Vocu <michal at karlin.mff.cuni.cz>
+
+ * kdc/config.c (configure): add a missing strdup. From Michal
+ Vocu <michal at karlin.mff.cuni.cz>
+
+1999-10-17 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2a
+
+ * configure.in: only test for db.h with using berkeley_db. remember
+ to link with LIB_tgetent when checking for el_init. add xnlock
+
+ * appl/Makefile.am: add xnlock
+
+ * kdc/kerberos5.c (find_etype): support null keys
+
+ * kdc/kerberos4.c (get_des_key): support null keys
+
+ * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
+ calculation
+
+1999-10-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
+
+1999-10-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
+
+1999-10-10 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
+
+ * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
+
+ * lib/krb5/crypto.c (krb5_string_to_salttype): new function
+
+ * **/*.[ch]: const-ize
+
+1999-10-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/creds.c (krb5_compare_creds): const-ify
+
+ * lib/krb5/cache.c: clean-up and comment-up
+
+ * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
+ strings
+
+ * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
+ correct realm part
+
+ * kdc/connect.c (handle_tcp): things work much better when ret is
+ initialized
+
+1999-10-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
+ type of the session key
+
+ * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
+ correctly
+
+ * lib/krb5/creds.c (krb5_compare_creds): fix spelling of
+ krb5_enctypes_compatible_keys
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
+ credentials from the KDC if the existing one doesn't have a DES
+ session key.
+
+ * lib/45/get_ad_tkt.c (get_ad_tkt): update to new
+ krb524_convert_creds_kdc
+
+1999-10-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
+
+ * lib/krb5/keytab_memory.c: make krb5_mkt_ops const
+
+ * lib/krb5/keytab_file.c: make krb5_fkt_ops const
+
+1999-10-01 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/config_file.c: rewritten to allow error messages
+
+ * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
+ (libkrb5_la_SOURCES): add config_file_netinfo.c
+
+ * lib/krb5/verify_krb5_conf.c: new program for verifying that
+ krb5.conf is corret
+
+ * lib/krb5/config_file_netinfo.c: moved netinfo code here from
+ config_file.c
+
+1999-09-28 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c (dump_krb4): kludge default_realm
+
+ * lib/asn1/check-der.c: add test cases for Generalized time and
+ make sure we return the correct value
+
+ * lib/asn1/der_put.c: simplify by using der_put_length_and_tag
+
+ * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
+ krb5_verify_user that tries in all the local realms
+
+ * lib/krb5/set_default_realm.c: add support for having several
+ default realms
+
+ * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
+
+ * lib/krb5/get_default_realm.c (krb5_get_default_realms): add
+
+ * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
+ `default_realms'
+
+ * lib/krb5/context.c: change from `default_realm' to
+ `default_realms'
+
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
+ krb5_get_default_realms
+
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
+
+ * lib/krb5/copy_host_realm.c: new file
+
+1999-09-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/asn1/der_put.c (encode_generalized_time): encode length
+
+ * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
+ that allows more intelligent matching of the application version
+
+1999-09-26 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/asn1_print.c: add err.h
+
+ * kdc/config.c (configure): use parse_bytes
+
+ * appl/test/nt_gss_common.c: use the correct header file
+
+1999-09-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.c: add a `--cache' flag
+
+ * kuser/kinit.c (main): only get default value for `get_v4_tgt' if
+ it's explicitly set in krb5.conf
+
+1999-09-23 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/asn1_print.c (tag_names); add another univeral tag
+
+ * lib/asn1/der.h: update universal tags
+
+1999-09-22 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/asn1_print.c (loop): print length of octet string
+
+1999-09-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/ktutil.c (kt_get): add `--help'
+
+1999-09-21 Assar Westerlund <assar at sics.se>
+
+ * kuser/Makefile.am: add kdecode_ticket
+
+ * kuser/kdecode_ticket.c: new debug program
+
+ * appl/test/nt_gss_server.c: new program to test against `Sample *
+ SSPI Code' in Windows 2000 RC1 SDK.
+
+ * appl/test/Makefile.am: add nt_gss_client and nt_gss_server
+
+ * lib/asn1/der_get.c (decode_general_string): remember to advance
+ ret over the length-len
+
+ * lib/asn1/Makefile.am: add asn1_print
+
+ * lib/asn1/asn1_print.c: new program for printing DER-structures
+
+ * lib/asn1/der_put.c: make functions more consistent
+
+ * lib/asn1/der_get.c: make functions more consistent
+
+1999-09-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c: be more informative in pa-data error messages
+
+1999-09-16 Assar Westerlund <assar at sics.se>
+
+ * configure.in: test for strlcpy, strlcat
+
+1999-09-14 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
+ KRB5_LIBOS_PWDINTR when interrupted
+
+ * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
+ value from des_read_pw_string
+
+ * kuser/kinit.c (main): don't print any error if reading the
+ password was interrupted
+
+ * kpasswd/kpasswd.c (main): don't print any error if reading the
+ password was interrupted
+
+ * kdc/string2key.c (main): check the return value from fgets
+
+ * kdc/kstash.c (main): check return value from des_read_pw_string
+
+ * admin/ktutil.c (kt_add): check the return-value from fgets and
+ overwrite the password for paranoid reasons
+
+ * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
+ newline if it's there
+
+1999-09-13 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c (main): remove bogus error with `--print'. remove
+ sysloging of number of principals transferred
+
+ * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
+ principals
+ (main): get rid of bogus opening of hdb database when propagating
+ ka-server database
+
+1999-09-12 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
+
+ * lib/krb5/krb5.h (krb5_context_data): add keytab types
+
+ * configure.in: revert back awk test, not worked around in
+ roken.awk
+
+ * lib/krb5/keytab_krb4.c: remove O_BINARY
+
+ * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From
+ Love <lha at e.kth.se>
+
+ * lib/krb5/keytab_file.c: remove O_BINARY
+
+ * lib/krb5/keytab.c: move the list of keytab types to the context
+
+ * lib/krb5/fcache.c: remove O_BINARY
+
+ * lib/krb5/context.c (init_context_from_config_file): register all
+ standard cache and keytab types
+ (krb5_free_context): free `kt_types'
+
+ * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
+ standard types of credential caches to context
+
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
+
+1999-09-10 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/keytab.c: add comments and clean-up
+
+ * admin/ktutil.c: add `ktutil copy'
+
+ * lib/krb5/keytab_krb4.c: new file
+
+ * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
+
+ * lib/krb5/Makefile.am: add keytab_krb4.c
+
+ * lib/krb5/keytab.c: add krb4 and correct some if's
+
+ * admin/srvconvert.c (srvconv): move common code
+
+ * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
+
+ * lib/krb5/keytab.c: move out file and memory functions
+
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
+ keytab_memory.c
+
+ * lib/krb5/keytab_memory.c: new file
+
+ * lib/krb5/keytab_file.c: new file
+
+ * kpasswd/kpasswdd.c: move out password quality functions
+
+1999-09-07 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From
+ Love <lha at e.kth.se>
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
+ return value from `krb5_sendto_kdc'
+
+1999-09-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
+ remove the sending of data. add a parameter `limit'. let callers
+ send the date themselves (and preferably with net_write on tcp
+ sockets)
+ (send_and_recv_tcp): read first the length field and then only that
+ many bytes
+
+1999-09-05 Assar Westerlund <assar at sics.se>
+
+ * kdc/connect.c (handle_tcp): try to print warning `TCP data of
+ strange type' less often
+
+ * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
+ return on EOF. always free data. check return value from
+ realloc.
+ (send_and_recv_tcp, send_and_recv_http): check advertised length
+ against actual length
+
+1999-09-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: check for sgi capabilities
+
+1999-08-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
+ extra addresses
+
+ * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
+ add --realm flag
+
+ * lib/krb5/address.c (krb5_append_addresses): remove duplicates
+
+1999-08-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/keytab.c: HDB keytab backend
+
+1999-08-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab.c
+ (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
+ pointer
+
+1999-08-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * kpasswd/kpasswdd.c: add `--keytab' flag
+
+1999-08-23 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
+ instead of the non-standard `s6_addr32'. From Yoshinobu Inoue
+ <shin at kame.net> by way of the KAME repository
+
+1999-08-18 Assar Westerlund <assar at sics.se>
+
+ * configure.in (--enable-new-des3-code): remove check for `struct
+ addrinfo'
+
+ * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
+ des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
+ compatability
+
+ * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
+ derivation) just got assigned etype 16 by <bcn at isi.edu>. keep the
+ old etype at 7.
+
+1999-08-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
+ krb5_net_read actually returns -1
+
+ * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
+ krb5_net_read actually returns -1
+
+ * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
+ returned -1
+
+ * appl/test/tcp_server.c (proto): only trust errno if
+ krb5_net_read actually returns -1
+
+ * appl/kf/kfd.c (proto): be more careful with the return value
+ from krb5_net_read
+
+1999-08-13 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_addrs.c (get_addrs_int): try the different ways
+ sequentially instead of just one. this helps if your heimdal was
+ built with v6-support but your kernel doesn't have it, for
+ example.
+
+1999-08-12 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c: add inetd flag. default means try to figure out
+ if stdin is a socket or not.
+
+ * Makefile.am (ACLOCAL): just use `cf', this variable is only used
+ when the current directory is $(top_srcdir) anyways and having
+ $(top_srcdir) there breaks if it's a relative path
+
+1999-08-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: check for setproctitle
+
+1999-08-05 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (krb5_sname_to_principal): remember to call
+ freehostent
+
+ * appl/test/tcp_client.c: call freehostent
+
+ * appl/kf/kf.c (doit): call freehostent
+
+ * appl/kf/kf.c: make v6 friendly and simplify
+
+ * appl/kf/kfd.c: make v6 friendly and simplify
+
+ * appl/test/tcp_server.c: simplify by using krb5_err instead of
+ errx
+
+ * appl/test/tcp_client.c: simplify by using krb5_err instead of
+ errx
+
+ * appl/test/tcp_server.c: make v6 friendly and simplify
+
+ * appl/test/tcp_client.c: make v6 friendly and simplify
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1m
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c (main): some more KRB4-conditionalizing
+
+ * lib/krb5/get_in_tkt.c: type correctness
+
+ * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
+ flags. From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * kuser/kinit.c (main): add config file support for forwardable
+ and krb4 support. From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * kdc/kerberos5.c (as_rep): add an empty X500-compress string as
+ transited.
+ (fix_transited_encoding): check length.
+ From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
+ principals in some other realm. From Miroslav Ruda
+ <ruda at ics.muni.cz>
+ (main): rename sa_len -> sin_len, sa_lan is a define on some
+ platforms.
+
+ * appl/kf/kfd.c: add regpag support. From Miroslav Ruda
+ <ruda at ics.muni.cz>
+
+ * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
+ From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * lib/krb5/config_file.c (parse_list): don't run past end of line
+
+ * appl/test/gss_common.h: new prototypes
+
+ * appl/test/gssapi_client.c: use gss_err instead of abort
+
+ * appl/test/gss_common.c (gss_verr, gss_err): add
+
+1999-08-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
+ otherwise it doesn't build with shared libraries
+
+ * kdc/hpropd.c: v6-ify
+
+ * kdc/hprop.c: v6-ify
+
+1999-08-01 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
+
+1999-07-31 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
+ function that takes a FQDN
+
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
+
+ * lib/krb5/expand_hostname.c: new file
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1l
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/Makefile.am: bump version to 1:2:0
+
+ * lib/krb5/Makefile.am: bump version to 3:1:0
+
+ * configure.in: more inet_pton to roken
+
+ * lib/krb5/principal.c (krb5_sname_to_principal): use
+ getipnodebyname
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1k
+
+1999-07-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/Makefile.am: bump version number (changed function
+ signatures)
+
+ * lib/hdb/Makefile.am: bump version number (changes to some
+ function signatures)
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: bump version to 3:0:2
+
+ * lib/hdb/Makefile.am: bump version to 2:1:0
+
+ * lib/asn1/Makefile.am: bump version to 1:1:0
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1j
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * configure.in: rokenize inet_ntop
+
+ * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
+
+ * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
+
+ * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
+
+ * lib/krb5/store.c: lots of changes from size_t to ssize_t
+ (krb5_ret_stringz): check return value from realloc
+
+ * lib/krb5/mk_safe.c: some type correctness
+
+ * lib/krb5/mk_priv.c: some type correctness
+
+ * lib/krb5/krb5.h (krb5_storage): change return values of
+ functions from size_t to ssize_t
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1i
+
+ * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
+ in lib/roken/roken.awk
+
+ * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
+ step over addresses if there's no `sa_lan' field
+
+ * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
+ using `struct sockaddr_storage'
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
+ `struct sockaddr_storage'
+
+ * lib/krb5/changepw.c (krb5_change_password): simplify by using
+ `struct sockaddr_storage'
+
+ * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
+ simplify by using `struct sockaddr_storage'
+
+ * kpasswd/kpasswdd.c (*): simplify by using `struct
+ sockaddr_storage'
+
+ * kdc/connect.c (*): simplify by using `struct sockaddr_storage'
+
+ * configure.in (sa_family_t): just test for existence
+ (sockaddr_storage): also specify include file
+
+ * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
+ (sa_family_t): test for
+ (struct sockaddr_storage): test for
+
+ * kdc/hprop.c (propagate_database): typo, NULL should be
+ auth_context
+
+ * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
+ AF_INET6
+
+ * appl/kf/kf.c (main): use warnx
+
+ * appl/kf/kf.c (proto): remove shadowing context
+
+ * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
+ case of getting back an `sockaddr_in6' address when sizeof(struct
+ sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
+ tell us how large the address is. This obviously doesn't work
+ with unknown protocol types.
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1h
+
+1999-07-23 Assar Westerlund <assar at sics.se>
+
+ * appl/kf/kfd.c: clean-up and more paranoia
+
+ * etc/services.append: add kf
+
+ * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up
+
+1999-07-22 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/n-fold-test.c (main): print the correct data
+
+ * appl/Makefile.am (SUBDIRS): add kf
+
+ * appl/kf: new program. From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * kdc/hprop.c: declare some variables unconditionally to simplify
+ things
+
+ * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
+ (otherwise the modifier in the database doesn't get set)
+
+ * kdc/hpropd.c: clean-up and re-organize
+
+ * kdc/hprop.c: clean-up and re-organize
+
+ * configure.in (SunOS): define to xy for SunOS x.y
+
+1999-07-19 Assar Westerlund <assar at sics.se>
+
+ * configure.in (AC_BROKEN): test for copyhostent, freehostent,
+ getipnodebyaddr, getipnodebyname
+
+1999-07-15 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/check-der.c: more test cases for integers
+
+ * lib/asn1/der_length.c (length_int): handle the case of the
+ largest negative integer by not calling abs
+
+1999-07-14 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/check-der.c (generic_test): check malloc return value
+ properly
+
+ * lib/krb5/Makefile.am: add string_to_key_test
+
+ * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
+ the context
+
+ * lib/krb5/n-fold-test.c (main): return a relevant return value
+
+ * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
+ some clean-up.
+
+1999-07-12 Assar Westerlund <assar at sics.se>
+
+ * configure.in: handle not building X programs
+
+1999-07-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
+ variable
+ (ipv6_sockaddr2port): fix typo
+
+ * etc/services.append: beginning of a file with services
+
+ * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
+ there's no prefix. also clean-up a little bit.
+
+ * kdc/hprop.c (--kaspecials): new flag for handling special KA
+ server entries. From "Brandon S. Allbery KF8NH"
+ <allbery at kf8nh.apk.net>
+
+1999-07-05 Assar Westerlund <assar at sics.se>
+
+ * kdc/connect.c (handle_tcp): make sure we have data before
+ starting to look for HTTP
+
+ * kdc/connect.c (handle_tcp): always do getpeername, we can't
+ trust recvfrom to return anything sensible
+
+1999-07-04 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
+ all enctypes
+
+ * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
+
+ * admin/srvconvert.c (srvconv): better error messages
+
+1999-07-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (unparse_name): error check malloc properly
+
+ * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
+ properly
+
+ * lib/krb5/crypto.c (*): do some malloc return-value checks
+ properly
+
+ * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
+ krb5_data_alloc
+
+ * lib/hdb/hdb.c (hdb_process_master_key): check return value from
+ malloc
+
+ * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
+ information for TSequenceOf.
+
+ * kdc/kerberos5.c (get_pa_etype_info): check return value from
+ malloc
+
+1999-07-02 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
+ 0 and malloc returns NULL
+
+1999-06-29 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c (ipv6_parse_addr): implement
+
+1999-06-24 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
+ as an addrport one
+
+ * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
+ add
+ (krb5_auth_context): add local and remote port
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
+ local and remote address and add them to the krb-cred packet
+
+ * lib/krb5/auth_context.c: save the local and remove ports in the
+ auth_context
+
+ * lib/krb5/address.c (krb5_make_addrport): create an address of
+ type KRB5_ADDRESS_ADDRPORT from (addr, port)
+
+ * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
+ grabbing the port number out of the sockaddr
+
+1999-06-23 Assar Westerlund <assar at sics.se>
+
+ * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
+ increase possible verbosity.
+
+ * lib/krb5/config_file.c (parse_list): handle blank lines at
+ another place
+
+ * kdc/connect.c (add_port_string): don't return a value
+
+ * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
+ cache if the principals are different. close and NULL the old one
+ so that we create a new one.
+
+ * configure.in: move around cgywin et al
+ (LIB_kdb): set at the end of krb4-block
+ (krb4): test for krb_enable_debug and krb_disable_debug
+
+1999-06-16 Assar Westerlund <assar at sics.se>
+
+ * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
+ destruction of the v5 one fails
+
+ * lib/krb5/crypto.c (DES3_postproc): new version that does the
+ right thing
+ (*): don't put and recover length in 3DES encoding
+ other small fixes
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_default_principal.c: rewrite to use
+ get_default_username
+
+ * lib/krb5/Makefile.am: add n-fold-test
+
+ * kdc/connect.c: add fallbacks for all lookups by service name
+ (handle_tcp): break-up and clean-up
+
+1999-06-09 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
+ the loopback address as uninteresting
+
+ * lib/krb5/get_addrs.c: new magic flag to get loopback address if
+ there are no other addresses.
+ (krb5_get_all_client_addrs): use that flag
+
+1999-06-04 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
+ length
+ (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
+ (encrypt_internal_derived): don't include the length and don't
+ decrease by the checksum size twice
+ (_get_derived_key): the constant should be 5 bytes
+
+1999-06-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: use KRB_CHECK_X
+
+ * configure.in: check for netinet/ip.h
+
+1999-05-31 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
+ on RTLD_NOW
+
+1999-05-23 Assar Westerlund <assar at sics.se>
+
+ * appl/test/uu_server.c: removed unused stuff
+
+ * appl/test/uu_client.c: removed unused stuff
+
+1999-05-21 Assar Westerlund <assar at sics.se>
+
+ * kuser/kgetcred.c (main): correct error message
+
+ * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
+ directly, avoiding redundant lookups and memory leaks
+
+ * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
+ local and remote addresses
+
+ * lib/krb5/get_default_principal.c (get_logname): also try
+ $USERNAME
+
+ * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
+
+ * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
+ have a libresolv (currently by checking for res_search)
+
+1999-05-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/connect.c (handle_tcp): remove %-escapes in request
+
+1999-05-14 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1g
+
+ * admin/ktutil.c (kt_remove): -t should be -e
+
+ * configure.in (CHECK_NETINET_IP_AND_TCP): use
+
+ * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda
+ <ruda at ics.muni.cz>
+
+ * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav
+ Ruda <ruda at ics.muni.cz>
+
+ * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
+ and innetgr with roken versions
+
+ * kuser/kgetcred.c: new program
+
+Tue May 11 14:09:33 1999 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/mcache.c: fix paste-o
+
+1999-05-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: don't use uname
+
+1999-05-10 Assar Westerlund <assar at sics.se>
+
+ * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
+ arguments :-)
+
+ * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
+
+ * appl/test/tcp_server.c (setsockopt): cast to get rid of a
+ warning
+
+ * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
+ == NULL
+
+ * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
+ warning
+
+ * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
+ setting the default ccache.
+
+ * configure.in (getsockopt, setsockopt): test for
+ (AM_INIT_AUTOMAKE): bump version to 0.1g
+
+ * appl/Makefile.am (SUBDIRS): add kx
+
+ * lib/hdb/convert_db.c (main): handle the case of no master key
+
+1999-05-09 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1f
+
+ * kuser/kinit.c: add --noaddresses
+
+ * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
+ empty sit of list as to not ask for any addresses.
+
+1999-05-08 Assar Westerlund <assar at sics.se>
+
+ * acconfig.h (_GNU_SOURCE): define this to enable (used)
+ extensions on glibc-based systems such as linux
+
+1999-05-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
+ `*out_creds' properly
+
+ * lib/krb5/creds.c (krb5_compare_creds): just verify that the
+ keytypes/enctypes are compatible, not that they are the same
+
+ * kuser/kdestroy.c (cache): const-correctness
+
+1999-05-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
+ version
+
+ * lib/hdb/convert_db.c: add support for upgrading database
+ versions
+
+ * kdc/misc.c: add flags to fetch
+
+ * kdc/kstash.c: unlink keyfile on failure, chmod to 400
+
+ * kdc/hpropd.c: add --print option
+
+ * kdc/hprop.c: pass flags to hdb_foreach
+
+ * lib/hdb/convert_db.c: add some flags
+
+ * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
+ build prototype headers
+
+ * lib/hdb/hdb_locl.h: update prototypes
+
+ * lib/hdb/print.c: move printable version of entry from kadmin
+
+ * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
+ sealed or not; add flags to hdb_foreach
+
+ * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
+ NDBM_nextkey
+
+ * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
+
+ * lib/hdb/common.c: add flags to _hdb_{fetch,store}
+
+ * lib/hdb/hdb.h: add master_key_version to struct hdb, update
+ prototypes
+
+ * lib/hdb/hdb.asn1: make mkvno optional, update version to 2
+
+ * configure.in: --enable-netinfo
+
+ * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
+
+ * config.sub: fix for crays
+
+ * config.guess: new version from automake 1.4
+
+ * config.sub: new version from automake 1.4
+
+Wed Apr 28 00:21:17 1999 Assar Westerlund <assar at sics.se>
+
+ * Release 0.1e
+
+ * lib/krb5/mcache.c (mcc_get_next): get the current cursor
+ correctly
+
+ * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
+ From Ake Sandgren <ake at cs.umu.se>
+
+1999-04-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c: fix arguments to decrypt_ticket
+
+1999-04-25 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
+ DCE secd's that are not able to handle MD5 checksums by defaulting
+ to MD4 if the keytype was DES-CBC-CRC
+
+ * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
+
+ * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
+ `cksumtype'
+
+ * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
+ secd
+ (init_tgs_req): add all supported enctypes for the keytype in
+ `in_creds->session.keytype' if it's set
+
+ * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
+ encryption types
+ (do_checksum): new function
+ (verify_checksum): take the checksum to use from the checksum message
+ and not from the crypto struct
+ (etypes): add F_PSEUDO flags
+ (krb5_keytype_to_enctypes): new function
+
+ * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
+ and cksumtype
+ (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
+ (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
+ (krb5_auth_setenctype): comment out, it's rather bogus anyway
+
+Sun Apr 25 16:55:50 1999 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5_locl.h: fix for stupid aix warnings
+
+ * lib/krb5/fcache.c (erase_file): don't malloc
+
+Sat Apr 24 18:35:21 1999 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/config.c: pass context to krb5_config_file_free
+
+ * kuser/kinit.c: add `--fcache-version' to set cache version to
+ create
+
+ * kuser/klist.c: print cache version if verbose
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
+
+ * lib/krb5/principal.c: abort -> krb5_abortx
+
+ * lib/krb5/mk_rep.c: abort -> krb5_abortx
+
+ * lib/krb5/config_file.c: abort -> krb5_abortx
+
+ * lib/krb5/context.c (init_context_from_config_file): init
+ fcache_version; add krb5_{get,set}_fcache_version
+
+ * lib/krb5/keytab.c: add support for reading (and writing?) old
+ version keytabs
+
+ * lib/krb5/cache.c: add krb5_cc_get_version
+
+ * lib/krb5/fcache.c: add support for reading and writing old
+ version cache files
+
+ * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
+
+ * lib/krb5/store_emem.c (krb5_storage_emem): zero flags
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
+
+ * lib/krb5/store.c: add flags to change how various fields are
+ stored, used for old cache version support
+
+ * lib/krb5/krb5.h: add support for reading and writing old version
+ cache files, and keytabs
+
+Wed Apr 21 00:09:26 1999 Assar Westerlund <assar at sics.se>
+
+ * configure.in: fix test for readline.h remember to link with
+ $LIB_tgetent when trying linking with readline
+
+ * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
+ is given, request a postdated ticket.
+
+ * lib/krb5/data.c (krb5_data_free): free data as long as it's not
+ NULL
+
+Tue Apr 20 20:18:14 1999 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
+
+ * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
+
+ * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
+ KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
+ invalid
+
+Tue Apr 20 12:42:08 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * kpasswd/kpasswdd.c: don't try to load library by default; get
+ library and function name from krb5.conf
+
+ * kpasswd/sample_passwd_check.c: sample password checking
+ functions
+
+Mon Apr 19 22:22:19 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
+ krb5_data_alloc and be careful with checking allocation and sizes.
+
+ * kuser/klist.c (--tokens): conditionalize on KRB4
+
+ * kuser/kinit.c (renew_validate): set all flags
+ (main): fix cut-n-paste error when setting start-time
+
+ * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
+ ticket should be > than current time
+ (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
+
+ * kuser/kinit.c (renew_validate): use the client realm instead of
+ the local realm when renewing tickets.
+
+ * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
+ (krb5_get_forwarded_creds): correct freeing of out_creds
+
+ * kuser/kinit.c (renew_validate): hopefully fix up freeing of
+ memory
+
+ * configure.in: do all the krb4 tests with "$krb4" != "no"
+
+ * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
+ keyvalue if it's NULL. noticed by Ake Sandgren <ake at cs.umu.se>
+
+ * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
+ instead of just taking the first one. fix all callers. From
+ "Brandon S. Allbery KF8NH" <allbery at kf8nh.apk.net>
+
+ * kdc/kdc_locl.h (enable_kaserver): declaration
+
+ * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a
+ creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From
+ "Brandon S. Allbery KF8NH" <allbery at kf8nh.apk.net>
+
+ * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
+
+ * kdc/connect.c (add_standard_ports, process_request): look at
+ enable_kaserver. From "Brandon S. Allbery KF8NH"
+ <allbery at kf8nh.apk.net>
+
+ * kdc/config.c: new flag --kaserver and config file option
+ enable-kaserver. From "Brandon S. Allbery KF8NH"
+ <allbery at kf8nh.apk.net>
+
+Mon Apr 19 12:32:04 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: check for dlopen, and dlfcn.h
+
+ * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
+ check library
+
+ * configure.in: add appl/su
+
+Sun Apr 18 15:46:53 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
+ cache
+
+Fri Apr 16 17:58:51 1999 Assar Westerlund <assar at sics.se>
+
+ * configure.in: LIB_kdb: -L should be before -lkdb
+ test for prototype of strsep
+
+Thu Apr 15 11:34:38 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/Makefile.am: update version
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
+ ALLOC_SEQ
+
+ * lib/krb5/fcache.c: add some support for reading and writing old
+ cache formats;
+ (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
+ krb5_ret_creds
+
+ * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
+ initialize host_byteorder
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
+ host_byteorder
+
+ * lib/krb5/store_emem.c (krb5_storage_emem): initialize
+ host_byteorder
+
+ * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
+ (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
+ check host_byteorder flag; (krb5_store_creds): add;
+ (krb5_ret_creds): add
+
+ * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
+ storage of numbers
+
+ * lib/krb5/heim_err.et: add `host not found' error
+
+ * kdc/connect.c: don't use data after clearing decriptor
+
+ * lib/krb5/auth_context.c: abort -> krb5_abortx
+
+ * lib/krb5/warn.c: add __attribute__; add *abort functions
+
+ * configure.in: check for __attribute__
+
+ * kdc/connect.c: log bogus requests
+
+Tue Apr 13 18:38:05 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
+ for all DES keys
+
+1999-04-12 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
+
+ * lib/krb5/get_cred.c (init_tgs_req): some more error checking
+
+ * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
+ value from malloc
+
+Sun Apr 11 03:47:23 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: update to reality
+
+ * lib/krb5/krb5_425_conv_principal.3: update to reality
+
+1999-04-11 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_host_realm.c: handle more than one realm for a host
+
+ * kpasswd/kpasswd.c (main): use krb5_program_setup and
+ print_version
+
+ * kdc/string2key.c (main): use krb5_program_setup and
+ print_version
+
+Sun Apr 11 02:35:58 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
+ work, and check built-in list of host-type first-components
+
+ * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
+
+ * lib/krb5/context.c: add srv_* flags to context
+
+ * lib/krb5/principal.c: add default v4_name_convert entries
+
+ * lib/krb5/krb5.h: add srv_* flags to context
+
+Sat Apr 10 22:52:28 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * kadmin/kadmin.c: complain about un-recognised commands
+
+ * admin/ktutil.c: complain about un-recognised commands
+
+Sat Apr 10 15:41:49 1999 Assar Westerlund <assar at sics.se>
+
+ * kadmin/load.c (doit): fix error message
+
+ * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
+ fail to match.
+ (krb5_get_wrapped_length): new function
+
+ * configure.in: security/pam_modules.h: check for
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
+ around `ret_as_reply' semantics by only freeing it when ret == 0
+
+Fri Apr 9 20:24:04 1999 Assar Westerlund <assar at sics.se>
+
+ * kuser/klist.c (print_cred_verbose): handle the case of a bad
+ enctype
+
+ * configure.in: test for more header files
+ (LIB_roken): set
+
+Thu Apr 8 15:01:59 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: fixes for building w/o krb4
+
+ * ltmain.sh: update to libtool 1.2d
+
+ * ltconfig: update to libtool 1.2d
+
+Wed Apr 7 23:37:26 1999 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c: fix some error messages to be more understandable.
+
+ * kdc/hprop.c (ka_dump): remove unused variables
+
+ * appl/test/tcp_server.c: remove unused variables
+
+ * appl/test/gssapi_server.c: remove unused variables
+
+ * appl/test/gssapi_client.c: remove unused variables
+
+Wed Apr 7 14:05:15 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
+
+ * kuser/klist.c: make it compile w/o krb4
+
+ * kuser/kdestroy.c: make it compile w/o krb4
+
+ * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
+ strings
+
+Mon Apr 5 16:13:46 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: test for MIPS ABI; new test_package
+
+Thu Apr 1 11:00:40 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * include/Makefile.am: clean krb5-private.h
+
+ * Release 0.1d
+
+ * kpasswd/kpasswdd.c (doit): pass context to
+ krb5_get_all_client_addrs
+
+ * kdc/connect.c (init_sockets): pass context to
+ krb5_get_all_server_addrs
+
+ * lib/krb5/get_in_tkt.c (init_as_req): pass context to
+ krb5_get_all_client_addrs
+
+ * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
+ krb5_get_all_client_addrs
+
+ * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
+
+ * lib/krb5/krb5.h: add support for adding an extra set of
+ addresses
+
+ * lib/krb5/context.c: add support for adding an extra set of
+ addresses
+
+ * lib/krb5/addr_families.c: add krb5_parse_address
+
+ * lib/krb5/address.c: krb5_append_addresses
+
+ * lib/krb5/config_file.c (parse_binding): don't zap everything
+ after first whitespace
+
+ * kuser/kinit.c (renew_validate): don't allocate out
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
+ allocate out_creds
+
+ * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
+ out_creds pointer;
+ (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
+ free more memory
+
+ * lib/krb5/crypto.c (encrypt_internal): free checksum
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
+ and ticket
+
+ * kuser/Makefile.am: remove kfoo
+
+ * lib/Makefile.am: add auth
+
+ * lib/kadm5/iprop.h: getarg.h
+
+ * lib/kadm5/replay_log.c: use getarg
+
+ * lib/kadm5/ipropd_slave.c: use getarg
+
+ * lib/kadm5/ipropd_master.c: use getarg
+
+ * lib/kadm5/dump_log.c: use getarg
+
+ * kpasswd/kpasswdd.c: use getarg
+
+ * Makefile.am.common: make a more working check-local target
+
+ * lib/asn1/main.c: use getargs
+
+Mon Mar 29 20:19:57 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * kuser/klist.c (print_cred_verbose): use krb5_print_address
+
+ * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
+
+ * lib/krb5/addr_families.c (krb5_print_address): handle unknown
+ address types; (ipv6_print_addr): print in 16-bit groups (as it
+ should)
+
+ * lib/krb5/crc.c: crc_{init_table,update} ->
+ _krb5_crc_{init_table,update}
+
+ * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
+ crc_{init_table,update} -> _krb5_crc_{init_table,update}
+
+ * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
+
+ * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
+
+ * lib/krb5/krb5_locl.h: include krb5-private.h
+
+ * kdc/connect.c (addr_to_string): use krb5_print_address
+
+ * lib/krb5/addr_families.c (krb5_print_address): int -> size_t
+
+ * lib/krb5/addr_families.c: add support for printing ipv6
+ addresses, either with inet_ntop, or ugly for-loop
+
+ * kdc/524.c: check that the ticket came from a valid address; use
+ the address of the connection as the address to put in the v4
+ ticket (if this address is AF_INET)
+
+ * kdc/connect.c: pass addr to do_524
+
+ * kdc/kdc_locl.h: prototype for do_524
+
+Sat Mar 27 17:48:31 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
+ setlim; check for auth modules; siad.h, getpwnam_r;
+ lib/auth/Makefile, lib/auth/sia/Makefile
+
+ * lib/krb5/crypto.c: n_fold -> _krb5_n_fold
+
+ * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
+
+Thu Mar 25 04:35:21 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
+ it
+
+ * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
+
+ * lib/hdb/ndbm.c (NDBM_destroy): clear master key
+
+ * lib/hdb/db.c (DB_destroy): clear master key
+ (DB_open): check malloc
+
+ * kdc/connect.c (init_sockets): free addresses
+
+ * kadmin/kadmin.c (main): make code more consistent. always free
+ configuration information.
+
+ * kadmin/init.c (create_random_entry): free the entry
+
+Wed Mar 24 04:02:03 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
+ re-organize the code to always free `kdc_reply'
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
+ freeing memory
+
+ * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
+
+ * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
+
+ * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
+ header
+
+ * configure.in (db_185.h): check for
+
+ * admin/srvcreate.c: new file. contributed by Daniel Kouril
+ <kouril at informatics.muni.cz>
+
+ * admin/ktutil.c: srvcreate: new command
+
+ * kuser/klist.c: add support for printing AFS tokens
+
+ * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
+ tokens. based on code by Love <lha at stacken.kth.se>
+
+ * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
+
+ * configure.in: sys/ioccom.h: test for
+
+ * kuser/klist.c (main): don't print `no ticket file' with --test.
+ From: Love <lha at e.kth.se>
+
+ * kpasswd/kpasswdd.c (doit): more braces to make gcc happy
+
+ * kdc/connect.c (init_socket): get rid of a stupid warning
+
+ * include/bits.c (my_strupr): cast away some stupid warnings
+
+Tue Mar 23 14:34:44 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
+ loops, please
+
+Tue Mar 23 00:00:45 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/kadm5/Makefile.am (install_build_headers): recover from make
+ rewriting the names of the headers kludge to help solaris make
+
+ * lib/krb5/Makefile.am: kludge to help solaris make
+
+ * lib/hdb/Makefile.am: kludge to help solaris make
+
+ * configure.in (LIB_kdb): make sure there's a -L option in here by
+ adding $(LIB_krb4)
+
+ * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
+ unsigned
+
+ * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
+ remove the `dnl' to work around an automake flaw
+
+Sun Mar 21 15:08:49 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/get_default_realm.c: char* -> krb5_realm
+
+Sun Mar 21 14:08:30 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * include/bits.c: <bind/bitypes.h>
+
+ * lib/krb5/Makefile.am: create krb5-private.h
+
+Sat Mar 20 00:08:59 1999 Assar Westerlund <assar at sics.se>
+
+ * configure.in (gethostname): remove duplicate
+
+Fri Mar 19 14:48:03 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/hdb/Makefile.am: add version-info
+
+ * lib/gssapi/Makefile.am: add version-info
+
+ * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
+ to check_PROGRAMS
+
+ * lib/Makefile.am: add 45
+
+ * lib/kadm5/Makefile.am: split in client and server libraries
+ (breaks shared libraries otherwise)
+
+Thu Mar 18 11:33:30 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * include/kadm5/Makefile.am: clean a lot of header files (since
+ automake lacks a clean-hook)
+
+ * include/Makefile.am: clean a lot of header files (since automake
+ lacks a clean-hook)
+
+ * lib/kadm5/Makefile.am: fix build-installation of headers
+
+ * lib/krb5/Makefile.am: remove include_dir hack
+
+ * lib/hdb/Makefile.am: remove include_dir hack
+
+ * lib/asn1/Makefile.am: remove include_dir hack
+
+ * include/Makefile.am: remove include_dir hack
+
+ * doc/whatis.texi: define sub for html
+
+ * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
+
+ * lib/asn1/Makefile.am: der.h
+
+ * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
+
+ * kdc/Makefile.am: remove junk
+
+ * kadmin/Makefile.am: sl.a -> sl.la
+
+ * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
+
+ * admin/Makefile.am: sl.a -> sl.la
+
+ * configure.in: condition KRB5; AC_CHECK_XAU
+
+ * Makefile.am: include Makefile.am.common
+
+ * include/kadm5/Makefile.am: include Makefile.am.common; don't
+ install headers from here
+
+ * include/Makefile.am: include Makefile.am.common; don't install
+ headers from here
+
+ * doc/Makefile.am: include Makefile.am.common
+
+ * lib/krb5/Makefile.am: include Makefile.am.common
+
+ * lib/kadm5/Makefile.am: include Makefile.am.common
+
+ * lib/hdb/Makefile.am: include Makefile.am.common
+
+ * lib/gssapi/Makefile.am: include Makefile.am.common
+
+ * lib/asn1/Makefile.am: include Makefile.am.common
+
+ * lib/Makefile.am: include Makefile.am.common
+
+ * lib/45/Makefile.am: include Makefile.am.common
+
+ * kuser/Makefile.am: include Makefile.am.common
+
+ * kpasswd/Makefile.am: include Makefile.am.common
+
+ * kdc/Makefile.am: include Makefile.am.common
+
+ * kadmin/Makefile.am: include Makefile.am.common
+
+ * appl/test/Makefile.am: include Makefile.am.common
+
+ * appl/afsutil/Makefile.am: include Makefile.am.common
+
+ * appl/Makefile.am: include Makefile.am.common
+
+ * admin/Makefile.am: include Makefile.am.common
+
+Wed Mar 17 03:04:38 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/store.c (krb5_store_stringz): braces fix
+
+ * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
+
+ * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
+
+ * kdc/connect.c (loop): braces fix
+
+ * lib/krb5/config_file.c: cast to unsigned char to make is* happy
+
+ * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
+
+ * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
+ be consistent
+
+ * kadmin/util.c (timeval2str): more braces to make gcc happy
+
+ * kadmin/load.c: cast in is* to get rid of stupid warning
+
+ * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
+ warning
+
+ * kdc/kaserver.c: malloc checks and fixes
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
+ dot (if any) when looking up realms.
+
+Fri Mar 12 13:57:56 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/get_host_realm.c: add dns support
+
+ * lib/krb5/set_default_realm.c: use krb5_free_host_realm
+
+ * lib/krb5/free_host_realm.c: check for NULL realmlist
+
+ * lib/krb5/context.c: don't print warning if there is no krb5.conf
+
+Wed Mar 10 19:29:46 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: use AC_WFLAGS
+
+Mon Mar 8 11:49:43 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Release 0.1c
+
+ * kuser/klist.c: use print_version
+
+ * kuser/kdestroy.c: use print_version
+
+ * kdc/hpropd.c: use print_version
+
+ * kdc/hprop.c: use print_version
+
+ * kdc/config.c: use print_version
+
+ * kadmin/kadmind.c: use print_version
+
+ * kadmin/kadmin.c: use print_version
+
+ * appl/test/common.c: use print_version
+
+ * appl/afsutil/afslog.c: use print_version
+
+Mon Mar 1 10:49:14 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
+ HAVE_STRUCT_SOCKADDR_SA_LEN
+
+ * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
+
+Sun Feb 28 18:19:20 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/asn1/gen.c: make `BIT STRING's unsigned
+
+ * lib/asn1/{symbol.h,gen.c}: add TUInteger type
+
+ * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
+ krb5_get_init_creds_password
+
+ * lib/krb5/fcache.c (fcc_gen_new): implement
+
+Sat Feb 27 22:41:23 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * doc/install.texi: krb4 is now automatically detected
+
+ * doc/misc.texi: update procedure to set supported encryption
+ types
+
+ * doc/setup.texi: change some silly wordings
+
+Sat Feb 27 22:17:30 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/krb5/keytab.c (fkt_remove_entry): make this work
+
+ * admin/ktutil.c: add minimally working `get' command
+
+Sat Feb 27 19:44:49 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * lib/hdb/convert_db.c: more typos
+
+ * include/Makefile.am: remove EXTRA_DATA (as of autoconf
+ 2.13/automake 1.4)
+
+ * appl/Makefile.am: OTP_dir
+
+Fri Feb 26 17:37:00 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * doc/setup.texi: add kadmin section
+
+ * lib/asn1/check-der.c: fix printf warnings
+
+Thu Feb 25 11:16:49 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: -O does not belong in WFLAGS
+
+Thu Feb 25 11:05:57 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/asn1/der_put.c: fix der_put_int
+
+Tue Feb 23 20:35:12 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * configure.in: use AC_BROKEN_GLOB
+
+Mon Feb 22 15:12:44 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * configure.in: check for glob
+
+Mon Feb 22 11:32:42 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Release 0.1b
+
+Sat Feb 20 15:48:06 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
+ des3-cbc-md5
+
+ * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
+ what the draft said it should
+
+ * lib/hdb/convert_db.c: little program for database conversion
+
+ * lib/hdb/db.c (DB_open): try to open database w/o .db extension
+
+ * lib/hdb/ndbm.c (NDBM_open): add test for database format
+
+ * lib/hdb/db.c (DB_open): add test for database format
+
+ * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
+ unsigned
+
+ * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
+ EncryptionKey, and add a new function `hdb_set_master_keyfile' to
+ do what `hdb_set_master_key' used to do
+
+ * kdc/kstash.c: add `--convert-file' option to change keytype of
+ existing master key file
+
+Fri Feb 19 07:04:14 1999 Assar Westerlund <assar at squid.pdc.kth.se>
+
+ * Release 0.1a
+
+Sat Feb 13 17:12:53 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
+ is now a `u_char *'
+
+ * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
+ orig_host
+
+ (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
+ RSA_MD5_DES3_verify): initialize ret
+
+ * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
+ gssapi_krb5_init. ask for KEYTYPE_DES credentials
+
+ * kadmin/get.c (print_entry_long): print the keytypes and salts
+ available for the principal
+
+ * configure.in (WFLAGS): add `-O' to catch unitialized variables
+ and such
+ (gethostname, mkstemp, getusershell, inet_aton): more tests
+
+ * lib/hdb/hdb.h: update prototypes
+
+ * configure.in: homogenize broken detection with krb4
+
+ * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
+ `error'
+
+ * lib/asn1/Makefile.am (check-der): add
+
+ * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
+ of `unsigned'
+
+ * lib/asn1/der_length.c (length_unsigned): new function
+ (length_int): handle signed integers
+
+ * lib/asn1/der_put.c (der_put_unsigned): new function
+ (der_put_int): handle signed integers
+
+ * lib/asn1/der_get.c (der_get_unsigned): new function
+ (der_get_int): handle signed integers
+
+ * lib/asn1/der.h: all integer functions take `int' instead of
+ `unsigned'
+
+ * lib/asn1/lex.l (filename): unused. remove.
+
+ * lib/asn1/check-der.c: new test program for der encoding and
+ decoding.
+
+Mon Feb 1 04:09:06 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
+ gethostbyname2 with AF_INET6 if we actually have IPv6. From
+ "Brandon S. Allbery KF8NH" <allbery at kf8nh.apk.net>
+
+ * lib/krb5/changepw.c (get_kdc_address): dito
+
+Sun Jan 31 06:26:36 1999 Assar Westerlund <assar at sics.se>
+
+ * kdc/connect.c (parse_prots): always bind to AF_INET, there are
+ v6-implementations without support for `mapped V4 addresses'.
+ From Jun-ichiro itojun Hagino <itojun at kame.net>
+
+Sat Jan 30 22:38:27 1999 Assar Westerlund <assar at juguete.sics.se>
+
+ * Release 0.0u
+
+Sat Jan 30 13:43:02 1999 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: explicit rules for *.et files
+
+ * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
+ krb5_get_credentials was succesful.
+ (get_new_cache): return better error codes and return earlier.
+ (get_cred_cache): only delete default_client if it's different
+ from client
+ (kadm5_c_init_with_context): return a more descriptive error.
+
+ * kdc/kerberos5.c (check_flags): handle NULL client or server
+
+ * lib/krb5/sendauth.c (krb5_sendauth): return the error in
+ `ret_error' iff != NULL
+
+ * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
+ new functions
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
+ type-correctness
+
+ * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
+
+ * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
+
+ * lib/krb5/get_cred.c: KRB5_TGS_NAME: use
+
+ * lib/kafs/afskrb5.c (afslog_uid_int): update to changes
+
+ * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
+ instead of rename, but shouldn't this just call rename?
+
+ * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
+ error if the principal wasn't found.
+
+ * lib/hdb/ndbm.c (NDBM_seq): unseal key
+
+ * lib/hdb/db.c (DB_seq): unseal key
+
+ * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
+
+ * kdc/hprop.c (v4_prop): add krbtgt/THISREALM at OTHERREALM when
+ finding cross-realm tgts in the v4 database
+
+ * kadmin/mod.c (mod_entry): check the number of arguments. check
+ that kadm5_get_principal worked.
+
+ * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
+ we weren't able to remove it.
+
+ * admin/ktutil.c: less drive-by-deleting. From Love
+ <lha at e.kth.se>
+
+ * kdc/connect.c (parse_ports): copy the string before mishandling
+ it with strtok_r
+
+ * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
+ kvnos
+
+ * kadmin/kadmind.c (main): convert `debug_port' to network byte
+ order
+
+ * kadmin/kadmin.c: allow specification of port number.
+
+ * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
+ `kadmind_port'.
+
+ * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
+ initalize_kadm5_error_table_r.
+ allow specification of port number.
+
+ From Love <lha at stacken.kth.se>
+
+ * kuser/klist.c: add option -t | --test
+
Added: vendor-crypto/heimdal/dist/ChangeLog.2000
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2000 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2000 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1320 @@
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/test_get_addrs.c (main): handle krb5_init_context
+ failure consistently
+ * lib/krb5/string-to-key-test.c (main): handle krb5_init_context
+ failure consistently
+ * lib/krb5/prog_setup.c (krb5_program_setup): handle
+ krb5_init_context failure consistently
+ * lib/hdb/convert_db.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/kverify.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/klist.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/kinit.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/kgetcred.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/kdestroy.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/kdecode_ticket.c (main): handle krb5_init_context failure
+ consistently
+ * kuser/generate-requests.c (generate_requests): handle
+ krb5_init_context failure consistently
+ * kpasswd/kpasswd.c (main): handle krb5_init_context failure
+ consistently
+ * kpasswd/kpasswd-generator.c (generate_requests): handle
+ krb5_init_context failure consistently
+ * kdc/main.c (main): handle krb5_init_context failure consistently
+ * appl/test/uu_client.c (proto): handle krb5_init_context failure
+ consistently
+ * appl/kf/kf.c (main): handle krb5_init_context failure
+ consistently
+ * admin/ktutil.c (main): handle krb5_init_context failure
+ consistently
+
+ * admin/get.c (kt_get): more error checking
+
+2000-12-29 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/asn1_print.c (loop): check for length longer than data.
+ inspired by lha at stacken.kth.se
+
+2000-12-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/ktutil.8: reflect recent changes
+
+ * admin/copy.c: don't copy an entry that already exists in the
+ keytab, and warn if the keyblock differs
+
+2000-12-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/Makefile.am: merge srvconvert and srvcreate with copy
+
+ * admin/copy.c: merge srvconvert and srvcreate with copy
+
+ * lib/krb5/Makefile.am: always build keytab_krb4.c
+
+ * lib/krb5/context.c: always register the krb4 keytab functions
+
+ * lib/krb5/krb5.h: declare krb4_ftk_ops
+
+ * lib/krb5/keytab_krb4.c: We don't really need to include krb.h
+ here, since we only use the principal size macros, so define these
+ here. Theoretically someone could have a krb4 system where these
+ values are != 40, but this is unlikely, and
+ krb5_524_conv_principal also assume they are 40.
+
+2000-12-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: s/krb5_donot_reply/krb5_donot_replay/
+
+ * lib/krb5/replay.c: fix query-replace-o from MD5 API change, and
+ the struct is called krb5_donot_replay
+
+2000-12-12 Assar Westerlund <assar at sics.se>
+
+ * admin/srvconvert.c (srvconvert): do not use data after free:ing
+ it
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * Release 0.3d
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 14:0:0
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 6:3:0
+ * lib/krb5/Makefile.am (libkrb5_la_LIBADD): add library
+ dependencies
+
+2000-12-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/auth_context.c: implement krb5_auth_con_{get,set}rcache
+
+2000-12-08 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.h (krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as
+ a new pseudo-type
+
+ * lib/krb5/crypto.c (DES_AFS3_CMU_string_to_key): always treat
+ cell names as lower case
+ (krb5_encrypt_ivec, krb5_decrypt_ivec): new functions that allow an
+ explicit ivec to be specified. fix all sub-functions.
+ (DES3_CBC_encrypt_ivec): new function that takes an explicit ivec
+
+2000-12-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/Makefile.am: actually build replay cache code
+
+ * lib/krb5/replay.c: implement krb5_get_server_rcache
+
+ * kpasswd/kpasswdd.c: de-pointerise auth_context parameter to
+ krb5_mk_rep
+
+ * lib/krb5/recvauth.c: de-pointerise auth_context parameter to
+ krb5_mk_rep
+
+ * lib/krb5/mk_rep.c: auth_context should not be a pointer
+
+ * lib/krb5/auth_context.c: implement krb5_auth_con_genaddrs, and
+ make setaddrs_from_fd use that
+
+ * lib/krb5/krb5.h: add some more KRB5_AUTH_CONTEXT_* flags
+
+2000-12-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/Makefile.am: add kerberos.8 manpage
+
+ * lib/krb5/cache.c: check for NULL remove_cred function
+
+ * lib/krb5/fcache.c: pretend that empty files are non-existant
+
+ * lib/krb5/get_addrs.c (find_all_addresses): use getifaddrs, from
+ Jason Thorpe <thorpej at netbsd.org>
+
+2000-12-01 Assar Westerlund <assar at sics.se>
+
+ * configure.in: remove configure-time generation of krb5-config
+ * tools/Makefile.am: add generation of krb5-config at make-time
+ instead of configure-time
+
+ * tools/krb5-config.in: add --prefix and --exec-prefix
+
+2000-11-30 Assar Westerlund <assar at sics.se>
+
+ * tools/Makefile.am: add krb5-config.1
+ * tools/krb5-config.in: add kadm-client and kadm5-server as
+ libraries
+
+2000-11-29 Assar Westerlund <assar at sics.se>
+
+ * tools/krb5-config.in: add --prefix, --exec-prefix and gssapi
+
+2000-11-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: add roken/Makefile here, since it can't live in
+ rk_ROKEN
+
+2000-11-16 Assar Westerlund <assar at sics.se>
+
+ * configure.in: use the libtool -rpath, do not rely on ld
+ understanding -rpath
+
+ * configure.in: fix the -Wl stuff for krb4 linking add some
+ gratuitous extra options when linking with an existing libdes
+
+2000-11-15 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/hdb.c (hdb_next_enctype2key): const-ize a little bit
+ * lib/Makefile.am (SUBDIRS): try to only build des when needed
+ * kuser/klist.c: print key versions numbers of v4 tickets in
+ verbose mode
+
+ * kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2
+ * appl/test/gss_common.c (read_token): remove unused variable
+
+ * configure.in (krb4): add -Wl
+ (MD4Init et al): look for these in more libraries
+ (getmsg): only run test if we have the function
+ (AC_OUTPUT): create tools/krb5-config
+
+ * tools/krb5-config.in: new script for storing flags to use
+ * Makefile.am (SUBDIRS): add tools
+
+ * lib/krb5/get_cred.c (make_pa_tgs_req): update to new
+ krb5_mk_req_internal
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): allow different
+ usages for the encryption. change callers
+ * lib/krb5/rd_req.c (decrypt_authenticator): add an encryption
+ `usage'. also try the old
+ (and wrong) usage of KRB5_KU_AP_REQ_AUTH for backwards compatibility
+ (krb5_verify_ap_req2): new function for specifying the usage different
+ from the default (KRB5_KU_AP_REQ_AUTH)
+ * lib/krb5/build_auth.c (krb5_build_authenticator): add a `usage'
+ parameter to permit the generation of authenticators with
+ different crypto usage
+
+ * lib/krb5/mk_req.c (krb5_mk_req_exact): new function that takes a
+ krb5_principal
+ (krb5_mk_req): use krb5_mk_req_exact
+
+ * lib/krb5/mcache.c (mcc_close): free data
+ (mcc_destroy): don't free data
+
+2000-11-13 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/ndbm.c: handle both ndbm.h and gdbm/ndbm.h
+ * lib/hdb/hdb.c: handle both ndbm.h and gdbm/ndbm.h
+
+2000-11-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/hpropd.8: remove extra .Xc
+
+2000-10-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: fix v4 fallback lifetime calculation
+
+2000-10-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/524.c: fix log messge
+
+2000-10-08 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/changepw.c (krb5_change_password): check for fd's being
+ too large to select on
+ * kpasswd/kpasswdd.c (add_new_tcp): check for the socket fd being
+ too large to select on
+ * kdc/connect.c (add_new_tcp): check for the socket fd being too
+ large to selct on
+ * kdc/connect.c (loop): check that the socket fd is not too large
+ to select on
+ * lib/krb5/send_to_kdc.c (recv_loop): check `fd' for being too
+ large to be able to select on
+
+ * kdc/kaserver.c (do_authenticate): check for time skew
+
+2000-10-01 Assar Westerlund <assar at sics.se>
+
+ * kdc/524.c (set_address): allocate memory for storing addresses
+ in if the original request had an empty set of addresses
+ * kdc/524.c (set_address): fix bad return of pointer to automatic
+ data
+
+ * config.sub: update to version 2000-09-11 (aka 1.181) from
+ subversions.gnu.org
+
+ * config.guess: update to version 2000-09-05 (aka 1.156) from
+ subversions.gnu.org plus some minor tweaks
+
+2000-09-20 Assar Westerlund <assar at juguete.sics.se>
+
+ * Release 0.3c
+
+2000-09-19 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+ 13:1:0
+
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0
+
+2000-09-17 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak
+ (krb5_rd_req): try not to return an allocated auth_context on error
+
+ * lib/krb5/log.c (krb5_vlog_msg): fix const-ness
+
+2000-09-10 Assar Westerlund <assar at sics.se>
+
+ * kdc/524.c: re-organize
+ * kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context
+ * kdc/kerberos4.c (valid_princ): check return value of functions
+ (encode_v4_ticket): add some const
+ * kdc/misc.c (db_fetch): check malloc
+ (free_ent): new function
+
+ * lib/krb5/log.c (krb5_vlog_msg): log just the format string it we
+ fail to allocate the actual string to log, should at least provide
+ some hint as to where things went wrong
+
+2000-09-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/log.c: use DEFAULT_LOG_DEST
+
+ * kdc/config.c: use _PATH_KDC_CONF
+
+ * kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log
+
+2000-09-09 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (_key_schedule): re-use an existing schedule
+
+2000-09-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: fix dpagaix test
+
+2000-09-05 Assar Westerlund <assar at sics.se>
+
+ * configure.in: with_dce -> enable_dce. noticed by Ake Sandgren
+ <ake at cs.umu.se>
+
+2000-09-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kstash.8: update manual page
+
+ * kdc/kstash.c: fix typo, and remove unused option
+
+ * lib/krb5/kerberos.7: short kerberos intro page
+
+2000-08-27 Assar Westerlund <assar at sics.se>
+
+ * include/bits.c: add __attribute__ for gcc's pleasure
+ * lib/hdb/keytab.c: re-write to delay the opening of the database
+ till it's known which principal is being sought, thereby allowing
+ the usage of multiple databases, however they need to be specified
+ in /etc/krb5.conf since all the programs using this keytab do not
+ read kdc.conf
+
+ * appl/test/test_locl.h (keytab): add
+ * appl/test/common.c: add --keytab
+ * lib/krb5/crypto.c: remove trailing commas
+ (KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC
+
+2000-08-26 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the
+ beginning of the proxy specification. use getaddrinfo correctly
+ (krb5_sendto): always return a return code
+
+ * lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ
+ * lib/krb5/auth_context.c (krb5_auth_con_free): handle
+ auth_context == NULL
+
+2000-08-23 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c (find_type): make sure of always setting
+ `ret_etype' correctly. clean-up structure some
+
+2000-08-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/mcache.c: implement resolve
+
+2000-08-18 Assar Westerlund <assar at sics.se>
+
+ * kuser/kdecode_ticket.c: check return value from krb5_crypto_init
+ * kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init
+ * lib/krb5/*.c: check return value from krb5_crypto_init
+
+2000-08-16 Assar Westerlund <assar at sics.se>
+
+ * Release 0.3b
+
+2000-08-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: bump version to 13:0:0
+
+ * lib/hdb/Makefile.am: set version to 6:1:0
+
+ * configure.in: do getmsg testing the same way as in krb4
+
+ * lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure
+ of closing the file on error
+
+ * lib/krb5/crypto.c (encrypt_internal_derived): free the checksum
+ after use
+
+ * lib/krb5/warn.c (_warnerr): initialize args to make third,
+ purify et al happy
+
+2000-08-13 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c: re-write search for keys code. loop over all
+ supported enctypes in order, looping over all keys of each type,
+ and picking the one with the v5 default salt preferably
+
+2000-08-10 Assar Westerlund <assar at sics.se>
+
+ * appl/test/gss_common.c (enet_read): add and use
+ * lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make
+ const
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on
+ checksum type selection
+
+ * lib/krb5/context.c (krb5_init_context): do not leak memory on
+ failure
+ (default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5
+
+ * lib/krb5/principal.c: add fnmatch.h
+
+2000-08-09 Assar Westerlund <assar at sics.se>
+
+ * configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later
+ checks that should require them don't fail
+ * acconfig.h: add HAVE_UINT17_T
+
+2000-08-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/mit_dump.c: handle all sorts of weird MIT salt types
+
+2000-08-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * doc/setup.texi: port 212 -> 2121
+
+ * lib/krb5/principal.c: krb5_principal_match
+
+2000-08-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER
+ encoding
+
+ * kpasswd/Makefile.am: link with pidfile library
+
+ * kpasswd/kpasswdd.c: write a pid file
+
+ * kpasswd/kpasswd_locl.h: util.h
+
+ * kdc/Makefile.am: link with pidfile library
+
+ * kdc/main.c: write a pid file
+
+ * kdc/headers.h: util.h
+
+2000-08-04 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): always put
+ hostnames in lower case
+ (default_v4_name_convert): add imap
+
+2000-08-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crc.c (_krb5_crc_update): const-ize (finally)
+
+2000-07-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: check for uint*_t
+ * include/bits.c: define uint*_t
+
+2000-07-29 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c (check_tgs_flags): set endtime correctly when
+ renewing, From Derrick J Brashear <shadow at dementia.org>
+
+2000-07-28 Assar Westerlund <assar at juguete.sics.se>
+
+ * Release 0.3a
+
+2000-07-27 Assar Westerlund <assar at sics.se>
+
+ * kdc/hprop.c (dump_database): write an empty message to signal
+ end of dump
+
+2000-07-26 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/changepw.c (krb5_change_password): try to be more
+ careful when not to resend
+
+ * lib/hdb/db3.c: always create a cursor with db3. From Derrick J
+ Brashear <shadow at dementia.org>
+
+2000-07-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/Makefile.am: bump version to 6:0:0
+
+ * lib/asn1/Makefile.am: bump version to 3:0:1
+
+ * lib/krb5/Makefile.am: bump version to 12:0:1
+
+ * lib/krb5/krb5_config.3: manpage
+
+ * lib/krb5/krb5_appdefault.3: manpage
+
+ * lib/krb5/appdefault.c: implementation of the krb5_appdefault set
+ of functions
+
+2000-07-23 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/init_creds_pw.c (change_password): reset forwardable
+ and proxiable. copy preauthentication list correctly from
+ supplied options
+
+ * kdc/hpropd.c (main): check that the ticket was for `hprop/' for
+ paranoid reasons
+
+ * lib/krb5/sock_principal.c (krb5_sock_to_principal): look in
+ aliases for the real name
+
+2000-07-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * doc/setup.texi: say something about starting kadmind from the
+ command line
+
+2000-07-22 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of
+ mis-doing it here
+
+ * lib/krb5/changepw.c (krb5_change_password): make timeout 1 +
+ 2^{0,1,...}. also keep track if we got an old packet back and
+ then just wait without sending a new packet
+ * lib/krb5/changepw.c: use a datagram socket and remove the
+ sequence numbers
+ * lib/krb5/changepw.c (krb5_change_password): clarify an
+ expression, avoiding a warning
+
+2000-07-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.c: make -a and -n aliases for -v
+
+ * lib/krb5/write_message.c: ws
+
+ * kdc/hprop-common.c: nuke extra definitions of
+ krb5_read_priv_message et.al
+
+ * lib/krb5/read_message.c (krb5_read_message): return error if EOF
+
+2000-07-20 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswd.c: print usage consistently
+ * kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab
+ * kdc/hpropd.c: add --keytab
+ * kdc/hpropd.c: don't care what principal we recvauth as
+
+ * lib/krb5/get_cred.c: be more careful of not returning creds at
+ all when an error is returned
+ * lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly
+
+2000-07-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * fix-export: use autoreconf
+
+ * configure.in: remove stuff that belong in roken, and remove some
+ obsolete constructs
+
+2000-07-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: fix some typos
+
+ * appl/Makefile.am: dceutil*s*
+
+ * missing: update to missing from automake 1.4a
+
+2000-07-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: try to get xlc flags from ibmcxx.cfg use
+ conditional for X use readline cf macro
+
+ * configure.in: subst AIX compiler flags
+
+2000-07-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: pass sixth parameter to test-package; use some
+ newer autoconf constructs
+
+ * ltmain.sh: update to libtool 1.3c
+
+ * ltconfig: update to libtool 1.3c
+
+ * configure.in: update this to newer auto*/libtool
+
+ * appl/Makefile.am: use conditional for dce
+
+ * lib/Makefile.am: use conditional for dce
+
+2000-07-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/write_message.c: krb5_write_{priv,save}_message
+ * lib/krb5/read_message.c: krb5_read_{priv,save}_message
+ * lib/krb5/convert_creds.c: try port kerberos/88 if no response on
+ krb524/4444
+
+ * lib/krb5/convert_creds.c: use krb5_sendto
+
+ * lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send
+ to a port at arbitrary list of hosts
+
+2000-07-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * doc/misc.texi: language; say something about kadmin del_enctype
+
+2000-07-10 Assar Westerlund <assar at sics.se>
+
+ * appl/kf/Makefile.am: actually install
+
+2000-07-08 Assar Westerlund <assar at sics.se>
+
+ * configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre
+ (AC_ROKEN): roken is now at 10
+
+ * lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case
+ * kdc/Makefile.am (INCLUDES): add ../lib/krb5
+ * configure.in: update for standalone roken
+ * lib/Makefile.am (SUBDIRS): make roken conditional
+ * kdc/hprop.c: update to new hdb_seal_keys_mkey
+ * lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int):
+ rename and export them
+
+ * kdc/headers.h: add krb5_locl.h (since we just use some stuff
+ from there)
+
+2000-07-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.1: update for -f and add some more text for -v
+
+ * kuser/klist.c: use rtbl to format cred listing, add -f and -s
+
+ * lib/krb5/crypto.c: fix type in des3-cbc-none
+
+ * lib/hdb/mkey.c: add key usage
+
+ * kdc/kstash.c: remove writing of old keyfile, and treat
+ --convert-file as just reading and writing the keyfile without
+ asking for a new key
+
+ * lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype
+ based files, and convert the key to cfb64
+
+ * lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before
+ doing anything else
+
+ * lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno
+
+ * lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno
+
+ * lib/krb5/changepw.c: use krb5_eai_to_heim_errno
+
+ * lib/krb5/addr_families.c: use krb5_eai_to_heim_errno
+
+ * lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to
+ something that can be passed to get_err_text
+
+2000-07-07 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping
+ `*key'
+
+ * kdc/kerberos4.c (get_des_key): rewrite some, be more careful
+
+2000-07-06 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c (as_rep): be careful as to now overflowing when
+ calculating the end of lifetime of a ticket.
+
+ * lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5
+
+ * lib/hdb/db3.c: only use a cursor when needed, from Derrick J
+ Brashear <shadow at dementia.org>
+
+ * lib/krb5/crypto.c: introduce the `special' encryption methods
+ that are not like all other encryption methods and implement
+ arcfour-hmac-md5
+
+2000-07-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/mit_dump.c: set initial master key version number to 0
+ instead of 1; if we lated bump the mkvno we don't risk using the
+ wrong key to decrypt
+
+ * kdc/hprop.c: only get master key if we're actually going to use
+ it; enable reading of MIT krb5 dump files
+
+ * kdc/mit_dump.c: read MIT krb5 dump files
+
+ * lib/hdb/mkey.c (read_master_mit): fix this
+
+ * kdc/kstash.c: make this work with the new mkey code
+
+ * lib/hdb/Makefile.am: add mkey.c, and bump version number
+
+ * lib/hdb/hdb.h: rewrite master key handling
+
+ * lib/hdb/mkey.c: rewrite master key handling
+
+ * lib/krb5/crypto.c: add some more pseudo crypto types
+
+ * lib/krb5/krb5.h: change some funny etypes to use negative
+ numbers, and add some more
+
+2000-07-04 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are
+ none in the configuration file
+
+2000-07-02 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused
+ variable
+
+ * kpasswd/kpasswd-generator.c: new test program
+ * kpasswd/Makefile.am: add kpasswd-generator
+
+ * include/Makefile.am (CLEANFILES): add rc4.h
+
+ * kuser/generate-requests.c: new test program
+ * kuser/Makefile.am (noinst_PROGRAMS): add generate-requests
+
+2000-07-01 Assar Westerlund <assar at sics.se>
+
+ * configure.in: add --enable-dce and related stuff
+ * appl/Makefile.am (SUBDIRS): add $(APPL_dce)
+
+2000-06-29 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos4.c (get_des_key): fix thinkos/typos
+
+2000-06-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/purge.c: use parse_time to parse age
+
+ * lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time
+
+ * admin/list.c: add printing of timestamp and key data; some
+ cleanup
+
+ * lib/krb5/time.c (krb5_format_time): new function to format time
+
+ * lib/krb5/context.c (init_context_from_config_file): init
+ date_fmt, also do some cleanup
+
+ * lib/krb5/krb5.h: add date_fmt to context
+
+2000-06-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return
+ v4 or afs keys if possible
+
+2000-06-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/hprop.c (ka_convert): allow using null salt, and treat 0
+ pw_expire as never (from Derrick Brashear)
+
+2000-06-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/connect.c (add_standard_ports): only listen to port 750 if
+ serving v4 requests
+
+2000-06-22 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/lex.l: fix includes, and lex stuff
+ * lib/asn1/lex.h (error_message): update prototype
+ (yylex): add
+ * lib/asn1/gen_length.c (length_type): fail on malloc error
+ * lib/asn1/gen_decode.c (decode_type): fail on malloc error
+
+2000-06-21 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_for_creds.c: be more compatible with MIT code.
+ From Daniel Kouril <kouril at ics.muni.cz>
+ * lib/krb5/rd_cred.c: be more compatible with MIT code. From
+ Daniel Kouril <kouril at ics.muni.cz>
+ * kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's
+ vanilla pw-salt, that keeps win2k happy. also do the malloc check
+ correctly. From Daniel Kouril <kouril at ics.muni.cz>
+
+2000-06-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/hprop.c: add hdb keytabs
+
+2000-06-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/principal.c: back out rev. 1.64
+
+2000-06-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c: pa_* -> KRB5_PADATA_*
+
+ * kdc/hpropd.c: add realm override flag
+
+ * kdc/v4_dump.c: code for reading krb4 dump files
+
+ * kdc/hprop.c: generalize source database handing, add support for
+ non-standard local realms (from by Daniel Kouril
+ <kouril at ics.muni.cz> and Miroslav Ruda <ruda at ics.muni.cz>), and
+ support for using different ports (requested by the Czechs, but
+ implemented differently)
+
+ * lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_*
+
+ * lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_*
+
+ * lib/krb5/krb5.h: use some definitions from asn1.h
+
+ * lib/hdb/hdb.asn1: use new import syntax
+
+ * lib/asn1/k5.asn1: use distinguished value integers
+
+ * lib/asn1/gen_length.c: support for distinguished value integers
+
+ * lib/asn1/gen_encode.c: support for distinguished value integers
+
+ * lib/asn1/gen_decode.c: support for distinguished value integers
+
+ * lib/asn1/gen.c: support for distinguished value integers
+
+ * lib/asn1/lex.l: add support for more standards like import
+ statements
+
+ * lib/asn1/parse.y: add support for more standards like import
+ statements, and distinguished value integers
+
+2000-06-11 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_for_creds.c (add_addrs): ignore addresses of
+ unknown type
+ * lib/krb5/get_for_creds.c (add_addrs): zero memory before
+ starting to copy memory
+
+2000-06-10 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/test_get_addrs.c: test program for get_addrs
+ * lib/krb5/get_addrs.c (find_all_addresses): remember to add in
+ the size of ifr->ifr_name when using SA_LEN. noticed by Ken
+ Raeburn <raeburn at MIT.EDU>
+
+2000-06-07 Assar Westerlund <assar at sics.se>
+
+ * configure.in: add db3 detection stuff do not use streamsptys on
+ HP-UX 11
+ * lib/hdb/hdb.h (HDB): add dbc for db3
+ * kdc/connect.c (add_standard_ports): also listen on krb524 aka
+ 4444
+ * etc/services.append (krb524): add
+ * lib/hdb/db3.c: add berkeley db3 interface. contributed by
+ Derrick J Brashear <shadow at dementia.org>
+ * lib/hdb/hdb.h (struct HDB): add
+
+2000-06-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/524.c: if 524 is not enabled, just generate error reply and
+ exit
+
+ * kdc/kerberos4.c: if v4 is not enabled, just generate error reply
+ and exit
+
+ * kdc/connect.c: only listen to port 4444 if 524 is enabled
+
+ * kdc/config.c: add options to enable/disable v4 and 524 requests
+
+2000-06-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/524.c: handle non-existant server principals (from Daniel
+ Kouril)
+
+2000-06-03 Assar Westerlund <assar at sics.se>
+
+ * admin/ktutil.c: print name when failing to open keytab
+
+ * kuser/kinit.c: try also to fallback to v4 when no KDC is found
+
+2000-05-28 Assar Westerlund <assar at sics.se>
+
+ * kuser/klist.c: continue even we have no v5 ccache. make showing
+ your krb4 tickets the default (if build with krb4 support)
+ * kuser/kinit.c: add a fallback that tries to get a v4 ticket if
+ built with krb4 support and we got back a version error from the
+ KDC
+
+2000-05-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_keyfile.c: make this actually work
+
+2000-05-19 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/store_emem.c (emem_store): make it write-compatible
+ * lib/krb5/store_fd.c (fd_store): make it write-compatible
+ * lib/krb5/store_mem.c (mem_store): make it write-compatible
+ * lib/krb5/krb5.h (krb5_storage): make store write-compatible
+
+2000-05-18 Assar Westerlund <assar at sics.se>
+
+ * configure.in: add stdio.h in dbopen test
+
+2000-05-16 Assar Westerlund <assar at assaris.sics.se>
+
+ * Release 0.2t
+
+2000-05-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0
+ * lib/krb5/fcache.c: fix second lseek
+ * lib/krb5/principal.c (krb5_524_conv_principal): fix typo
+
+2000-05-15 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2s
+
+2000-05-15 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1
+ * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0
+ * lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and
+ simplify string copying
+
+2000-05-12 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/fcache.c (scrub_file): new function
+ (erase_file): re-write, use scrub_file
+ * lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add
+
+ * configure.in (dbopen): add header files
+
+ * lib/krb5/krb5.h (krb5_key_usage): add some more
+ * lib/krb5/fcache.c (erase_file): try to detect symlink games.
+ also call revoke.
+ * lib/krb5/changepw.c (krb5_change_password): remember to close
+ the socket on error
+
+ * kdc/main.c (main): also call sigterm on SIGTERM
+
+2000-05-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/config_file.c (krb5_config_vget_string_default,
+ krb5_config_get_string_default): add
+
+2000-04-25 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/fcache.c (fcc_initialize): just forget about
+ over-writing the old cred cache. it's too much of a hazzle trying
+ to do this safely.
+
+2000-04-11 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into
+ different parts for the derived and non-derived cases
+ * lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should
+ be done after having added confounder and checksum
+
+2000-04-09 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_addrs.c (find_all_addresses): apperently solaris
+ can return EINVAL when the buffer is too small. cope.
+ * lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x
+ * lib/asn1/gen_locl.h (filename): add prototype
+ (init_generate): const-ize
+ * lib/asn1/gen.c (filename): new function clean-up a little bit.
+ * lib/asn1/parse.y: be more tolerant in ranges
+ * lib/asn1/lex.l: count lines correctly.
+ (error_message): print filename in messages
+
+2000-04-08 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number
+ after comparing
+ * lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number
+ after comparing
+ * lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned
+ * lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned
+ * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make
+ `seqno' be unsigned
+ * lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence
+ number after the fact and only increment it if we were successful
+ * lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence
+ number after the fact and only increment it if we were successful
+ * lib/krb5/krb5.h (krb5_auth_context_data): make sequence number
+ unsigned
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
+ `in_tkt_service' can be NULL
+
+2000-04-06 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX).
+ (DOTDOT): add
+ * lib/asn1/lex.l (DOTDOT): add
+ * lib/asn1/k5.asn1 (UNSIGNED): add. use UNSIGNED for all sequence
+ numbers.
+ * lib/asn1/gen_length.c (length_type): add TUInteger
+ * lib/asn1/gen_free.c (free_type): add TUInteger
+ * lib/asn1/gen_encode.c (encode_type, generate_type_encode): add
+ TUInteger
+ * lib/asn1/gen_decode.c (decode_type, generate_type_decode): add
+ TUInteger
+ * lib/asn1/gen_copy.c (copy_type): add TUInteger
+ * lib/asn1/gen.c (define_asn1): add TUInteger
+ * lib/asn1/der_put.c (encode_unsigned): add
+ * lib/asn1/der_length.c (length_unsigned): add
+ * lib/asn1/der_get.c (decode_unsigned): add
+ * lib/asn1/der.h (decode_unsigned, encode_unsigned,
+ length_unsigned): add prototypes
+
+ * lib/asn1/k5.asn1: update pre-authentication types
+ * lib/krb5/krb5_err.et: add some error codes from pkinit
+
+2000-04-05 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/hdb.c: add support for hdb methods (aka back-ends).
+ include ldap.
+ * lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP
+ * lib/hdb/Makefile.am: add hdb-ldap.c and openldap
+ * kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add
+ * configure.in: bump version to 0.2s-pre add options and testing
+ for (open)ldap
+
+2000-04-04 Assar Westerlund <assar at sics.se>
+
+ * configure.in (krb4): fix the krb_mk_req test
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * configure.in (krb4): add test for const arguments to krb_mk_req
+ * lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of
+ arguments
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2r
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: set version to 10:0:0
+ * lib/45/mk_req.c (krb_mk_req): const-ize the arguments
+
+2000-03-30 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): add some
+ comments. add fall-back on adding the realm name in lower case.
+
+2000-03-29 Assar Westerlund <assar at sics.se>
+
+ * kdc/connect.c: remember to repoint all descr->sa to _ss after
+ realloc as this might have moved the memory around. problem
+ discovered and diagnosed by Brandon S. Allbery
+
+2000-03-27 Assar Westerlund <assar at sics.se>
+
+ * configure.in: recognize solaris 2.8
+ * config.guess, config.sub: update to current version from
+ :pserver:anoncvs at subversions.gnu.org:/home/cvs
+
+ * lib/krb5/init_creds_pw.c (print_expire): do not assume anything
+ about the size of time_t, i.e. make it 64-bit happy
+
+2000-03-13 Assar Westerlund <assar at sics.se>
+
+ * kuser/klist.c: add support for display v4 tickets
+
+2000-03-11 Assar Westerlund <assar at sics.se>
+
+ * kdc/kaserver.c (do_authenticate, do_getticket): call check_flags
+ * kdc/kerberos4.c (do_version4): call check_flags.
+ * kdc/kerberos5.c (check_flags): make global
+
+2000-03-10 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil
+ hack to avoid recursion
+
+2000-03-04 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous
+ * lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and
+ KRB5_GET_INIT_CREDS_OPT_ANONYMOUS
+ * lib/krb5/init_creds_pw.c (get_init_creds_common): set
+ request_anonymous flag appropriatly
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous):
+ add
+
+ * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to
+ determine whetever to ignore client name of not. always copy
+ client name from kdc. fix callers.
+
+ * kdc: add support for anonymous tickets
+
+ * kdc/string2key.8: add man-page for string2key
+
+2000-03-03 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c (dump_krb4): get expiration date from `valid_end'
+ and not `pw_end'
+
+ * kdc/kadb.h (ka_entry): fix name pw_end -> valid_end. add some
+ more fields
+
+ * kdc/hprop.c (v4_prop): set the `valid_end' from the v4
+ expiration date instead of the `pw_expire'
+ (ka_convert): set `valid_end' from ka expiration data and `pw_expire'
+ from pw_change + pw_expire
+ (main): add a default database for ka dumping
+
+2000-02-28 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/context.c (init_context_from_config_file): change
+ rfc2052 default to no. 2782 says that underscore should be used.
+
+2000-02-24 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that
+ stores and close succeed
+ * lib/krb5/store.c (krb5_store_creds): check to see that the
+ stores are succesful.
+
+2000-02-23 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2q
+
+2000-02-22 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: set version to 9:2:0
+
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy
+ the correct hostname
+
+ * kdc/connect.c (add_new_tcp): use the correct entries in the
+ descriptor table
+ * kdc/connect.c: initialize `descr' uniformly and correctly
+
+2000-02-20 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2p
+
+2000-02-19 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: set version to 9:1:0
+
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
+ that realms is filled in even when getaddrinfo fails or does not
+ return any canonical name
+
+ * kdc/connect.c (descr): add sockaddr and string representation
+ (*): re-write to use the above mentioned
+
+2000-02-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c (krb5_parse_address): use
+ krb5_sockaddr2address to copy the result from getaddrinfo.
+
+2000-02-14 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2o
+
+2000-02-13 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: set version to 9:0:0
+
+ * kdc/kaserver.c (do_authenticate): return the kvno of the server
+ and not the client. Thanks to Brandon S. Allbery KF8NH
+ <allbery at kf8nh.apk.net> and Chaskiel M Grundman
+ <cg2v at andrew.cmu.edu> for debugging.
+
+ * kdc/kerberos4.c (do_version4): if an tgs-req is received with an
+ old kvno, return an error reply and write a message in the log.
+
+2000-02-12 Assar Westerlund <assar at sics.se>
+
+ * appl/test/gssapi_server.c (proto): with `--fork', create a child
+ and send over/receive creds with export/import_sec_context
+ * appl/test/gssapi_client.c (proto): with `--fork', create a child
+ and send over/receive creds with export/import_sec_context
+ * appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
+
+2000-02-11 Assar Westerlund <assar at sics.se>
+
+ * kdc/kdc_locl.h: remove keyfile add explicit_addresses
+ * kdc/connect.c (init_sockets): pay attention to
+ explicit_addresses some more comments. better error messages.
+ * kdc/config.c: add some comments.
+ remove --key-file.
+ add --addresses.
+
+ * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
+ proper abstraction
+
+2000-02-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2n
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: set version to 8:0:0
+ * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
+ (krb5_kt_add_entry): set timestamp
+
+2000-02-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.h: add macros for accessing krb5_realm
+ * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
+ of `int32_t'
+
+ * lib/krb5/replay.c (checksum_authenticator): update to new API
+ for md5
+
+ * lib/krb5/krb5.h: remove des.h, it's not needed and applications
+ should not have to make sure to find it.
+
+2000-02-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
+ `out_key' to avoid conflicting with label. reported by Sean Doran
+ <smd at ebone.net>
+
+2000-02-02 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/expand_hostname.c: remember to lower-case host names.
+ bug reported by <amu at mit.edu>
+
+ * kdc/kerberos4.c (do_version4): look at check_ticket_addresses
+ and emulate that by setting krb_ignore_ip_address (not a great
+ interface but it doesn't seem like the time to go around fixing
+ libkrb stuff now)
+
+2000-02-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: change --noaddresses into --no-addresses
+
+2000-01-28 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswd.c (main): make sure the ticket is not
+ forwardable and not proxiable
+
+2000-01-26 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c: update to pseudo-standard APIs for
+ md4,md5,sha. some changes to libdes calls to make them more
+ portable.
+
+2000-01-21 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
+ clean up the correct creds.
+
+2000-01-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (append_component): change parameter to
+ `const char *'. check malloc
+ * lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
+ const-ize
+ * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
+ const
+ * lib/krb5/principal.c (replace_chars): also add space here
+ * lib/krb5/principal.c: (quotable_chars): add space
+
+2000-01-12 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos4.c (do_version4): check if preauth was required and
+ bail-out if so since there's no way that could be done in v4.
+ Return NULL_KEY as an error to the client (which is non-obvious,
+ but what can you do?)
+
+2000-01-09 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/principal.c (krb5_sname_to_principal): use
+ krb5_expand_hostname_realms
+ * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
+ variant of krb5_expand_hostname that tries until it expands into
+ something that's digestable by krb5_get_host_realm, returning also
+ the result from that function.
+
+2000-01-08 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2m
+
+2000-01-08 Assar Westerlund <assar at sics.se>
+
+ * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
+
+ * lib/krb5/Makefile.am: bump version to 7:1:0
+
+ * lib/krb5/principal.c (krb5_sname_to_principal): use
+ krb5_expand_hostname
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
+ ai_canonname being set in any of the addresses returnedby
+ getaddrinfo. glibc apparently returns the reverse lookup of every
+ address in ai_canonname.
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2l
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: set version to 7:0:0
+ * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
+
+ * lib/hdb/Makefile.am: set version to 4:1:1
+
+ * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
+ * lib/krb5/get_in_tkt.c (add_padata): change types to make
+ everything work out
+ (krb5_get_in_cred): remove const to make types match
+ * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
+ * lib/krb5/principal.c (krb5_sname_to_principal): handle not
+ getting back a canonname
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * Release 0.2k
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
+ we actually parse the port number. based on a patch from Leif
+ Johansson <leifj at it.su.se>
+
+2000-01-02 Assar Westerlund <assar at sics.se>
+
+ * admin/purge.c: remove all non-current and old entries from a
+ keytab
+
+ * admin: break up ktutil.c into files
+
+ * admin/ktutil.c (list): support --verbose (also listning time
+ stamps)
+ (kt_add, kt_get): set timestamp in newly created entries
+ (kt_change): add `change' command
+
+ * admin/srvconvert.c (srvconv): set timestamp in newly created
+ entries
+ * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
+ always go the a predicatble position on error
+ * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
+ * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
+ (fkt_next_entry_int): return timestamp
+ * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
Added: vendor-crypto/heimdal/dist/ChangeLog.2001
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2001 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2001 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1122 @@
+2001-12-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/crypto.c: use our own des string-to-key function, since
+ the one from openssl sometimes generates wrong output
+
+2001-12-05 Jacques Vidrine <n at nectar.cc>
+
+ * lib/hdb/mkey.c: fix a bug in which kstash would crash if
+ there were no /etc/krb5.conf
+
+2001-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5_verify_user.3: sort references (from Thomas
+ Klausner)
+
+ * lib/krb5/krb5_principal_get_realm.3: add section to reference
+ (from Thomas Klausner)
+
+ * lib/krb5/krb5_krbhst_init.3: sort references (from Thomas
+ Klausner)
+
+ * lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner)
+
+ * lib/krb5/krb5_get_krbhst.3: remove extra white space (from
+ Thomas Klausner)
+
+ * lib/krb5/krb5_get_all_client_addrs.3: add section to reference
+ (from Thomas Klausner)
+
+2001-10-29 Jacques Vidrine <n at nectar.com>
+
+ * admin/get.c: fix a bug in which a reference to a data
+ structure on the stack was being kept after the containing
+ function's lifetime, resulting in a segfault during `ktutil
+ get'.
+
+2001-10-22 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c: make all high-level encrypting and decrypting
+ functions check the return value of the underlying function and
+ handle errors more consistently. noted by Sam Hartman
+ <hartmans at mit.edu>
+
+2001-10-21 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a
+ non-keyed checksum when it should be non-keyed
+
+2001-09-29 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.1: add the kauth alias
+ * kuser/kinit.c: allow specification of afslog in krb5.conf, noted
+ by jhutz at cs.cmu.edu
+
+2001-09-27 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/gen.c: remove the need for libasn1.h, also make
+ generated files include all files from IMPORTed modules
+
+ * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values
+ * kpasswd/kpasswd.c: improve error message printing
+ * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change
+ to use sequence numbers connect the udp socket so that we can
+ figure out the local address
+
+2001-09-25 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED
+
+2001-09-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using
+ lower case realm as domain, but only when given a verification
+ function
+
+2001-09-20 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/der_put.c (der_put_length): do not even try writing
+ anything when len == 0
+
+2001-09-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/hpropd.c: add realm override option
+
+ * lib/krb5/set_default_realm.c (krb5_set_default_realm): make
+ realm parameter const
+
+ * kdc/hprop.c: more free's
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key
+ proc data
+
+ * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free
+ addrinfo
+
+ * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when
+ not returning error
+
+2001-09-16 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time):
+ make realm const
+
+ * lib/krb5/crypto.c: use des functions to avoid generating
+ warnings with openssl's prototypes
+
+2001-09-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: check for termcap.h
+
+ * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy
+
+2001-09-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/addr_families.c (krb5_print_address): handle snprintf
+ returning < 0. noticed by hin at stacken.kth.se
+
+2001-09-03 Assar Westerlund <assar at sics.se>
+
+ * Release 0.4e
+
+2001-09-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/Makefile.am: install kauth as a symlink to kinit
+
+ * kuser/kinit.c: get v4_tickets by default
+
+ * lib/asn1/Makefile.am: fix for broken automake
+
+2001-08-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke
+ Howard
+
+ * kuser/kinit.1: remove references to kauth
+
+ * kuser/Makefile.am: kauth is no more
+
+ * kuser/kinit.c: use appdefaults for everything. defaults are now
+ as in kauth.
+
+ * lib/krb5/appdefault.c: also check libdefaults, and realms/realm
+
+ * lib/krb5/context.c (krb5_free_context): free more stuff
+
+2001-08-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/verify_krb5_conf.c: do some checks of the values in the
+ file
+
+ * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling
+
+ * lib/krb5/context.c: don't init srv_try_txt, since it isn't used
+ anymore
+
+2001-08-29 Jacques Vidrine <n at nectar.com>
+
+ * configure.in: Check for already-installed com_err.
+
+2001-08-28 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1
+
+2001-08-24 Assar Westerlund <assar at sics.se>
+
+ * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require
+ no special treatment now
+
+ * kuser/generate-requests.c: parse arguments in a useful way
+ * kuser/kverify.c: add --help/--verify
+
+2001-08-22 Assar Westerlund <assar at sics.se>
+
+ * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4
+
+ * configure.in: re-write the handling of crypto libraries. try to
+ use the one of openssl's libcrypto or krb4's libdes that has all
+ the required functionality (md4, md5, sha1, des, rc4). if there
+ is no such library, the included lib/des is built.
+
+ * kdc/headers.h: include libutil.h if it exists
+ * kpasswd/kpasswd_locl.h: include libutil.h if it exists
+ * kdc/kerberos4.c (get_des_key): check for null keys even if
+ is_server
+
+2001-08-21 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/asn1_print.c: print some size_t correctly
+ * configure.in: remove extra space after -L check for libutil.h
+
+2001-08-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kdc_locl.h: fix prototype for get_des_key
+
+ * kdc/kaserver.c: fix call to get_des_key
+
+ * kdc/524.c: fix call to get_des_key
+
+ * kdc/kerberos4.c (get_des_key): if getting a key for a server,
+ return any des-key not just keys that can be string-to-keyed by
+ the client
+
+2001-08-10 Assar Westerlund <assar at sics.se>
+
+ * Release 0.4d
+
+2001-08-10 Assar Westerlund <assar at sics.se>
+
+ * configure.in: check for openpty
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0
+
+2001-08-08 Assar Westerlund <assar at sics.se>
+
+ * configure.in: just add -L (if required) from krb4 when testing
+ for libdes/libcrypto
+
+2001-08-04 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (man_MANS): add some missing man pages
+ * fix-export: fix the sed expression for finding the man pages
+
+2001-07-31 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswd-generator.c (main): implement --version and
+ --help
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to
+ 18:1:1
+
+2001-07-27 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/context.c (init_context_from_config_file): check
+ parsing of addresses
+
+2001-07-26 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename
+ sa_len -> salen to avoid the macro that's defined on irix. noted
+ by "Jacques A. Vidrine" <n at nectar.com>
+
+2001-07-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/addr_families.c: add support for type
+ KRB5_ADDRESS_ADDRPORT
+
+ * lib/krb5/addr_families.c (krb5_address_order): complain about
+ unsuppored address types
+
+2001-07-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/get.c: don't open connection to server until we loop over
+ the principals, at that time we know the realm of the (first)
+ principal and we can default to that admin server
+
+ * admin: add a rename command
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * kdc/hprop.c (usage): clarify a tiny bit
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * Release 0.4c
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+ 18:0:1
+
+ * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave
+ the same way as the MIT function
+
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0
+ * lib/krb5/sock_principal.c (krb5_sock_to_principal): use
+ getnameinfo
+
+ * lib/krb5/krbhst.c (srv_find_realm): handle port numbers
+ consistenly in local byte order
+
+ * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an
+ error string
+
+ * kuser/kinit.c (renew_validate): invert condition correctly. get
+ v4 tickets if we succeed renewing
+ * lib/krb5/principal.c (krb5_principal_get_type): add
+ (default_v4_name_convert): add "smtp"
+
+2001-07-13 Assar Westerlund <assar at sics.se>
+
+ * configure.in: remove make-print-version from LIBOBJS, it's no
+ longer in lib/roken but always built in lib/vers
+
+2001-07-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/mkey.c: more set_error_string
+
+2001-07-12 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library
+ dependencies
+
+ * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library
+ dependencies
+
+2001-07-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/hprop.c: remove v4 master key handling; remove old v4-db and
+ ka-db flags; add defaults for v4_realm and afs_cell
+
+2001-07-09 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname
+ before calling krb5_sname_to_principal. from "Jacques A. Vidrine"
+ <n at nectar.com>
+
+2001-07-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/context.c: use krb5_copy_addresses instead of
+ copy_HostAddresses
+
+2001-07-06 Assar Westerlund <assar at sics.se>
+
+ * configure.in (LIB_des_a, LIB_des_so): add these so that they can
+ be used by lib/auth/sia
+
+ * kuser/kinit.c: re-do some of the v4 fallbacks: look at
+ get-tokens flag do not print extra errors do not try to do 524 if
+ we got tickets from a v4 server
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to
+ printf
+
+ * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses
+ on ignore_addresses correctly
+ * lib/krb5/init_creds.c
+ (krb5_get_init_creds_opt_set_default_flags): change to take a
+ const realm
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the
+ instance is the first component of the local hostname, the
+ converted host should be the long hostname. from
+ <shadow at dementia.org>
+
+2001-07-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/Makefile.am: address.c is no more; add a couple of
+ manpages
+
+ * lib/krb5/krb5_timeofday.3: new manpage
+
+ * lib/krb5/krb5_get_all_client_addrs.3: new manpage
+
+ * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as
+ wildcard
+
+ * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as
+ wildcard
+
+ * lib/krb5/get_addrs.c: don't include client addresses that match
+ ignore_addresses
+
+ * lib/krb5/context.c: initialise ignore_addresses
+
+ * lib/krb5/addr_families.c: add new `arange' fake address type,
+ that matches more than one address; this required some internal
+ changes to many functions, so all of address.c got moved here
+ (wasn't much left there)
+
+ * lib/krb5/krb5.h: add list of ignored addresses to context
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * Release 0.4b
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * Release 0.4a
+
+2001-07-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: make this compile without krb4 support
+
+ * lib/krb5/write_message.c: remove priv parameter from
+ write_safe_message; don't know why it was there in the first place
+
+ * doc/install.texi: remove kaserver switches, it's always compiled
+ in now
+
+ * kdc/hprop.c: always include kadb support
+
+ * kdc/kaserver.c: always include kaserver support
+
+2001-07-02 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswdd.c (doit): make failing to bind a socket a
+ non-fatal error, and abort if no sockets were bound
+
+2001-07-01 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krbhst.c: remember the real port number when falling
+ back from kpasswd -> kadmin, and krb524 -> kdc
+
+2001-06-29 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
+ no_addresses is set, do not add any local addresses to KRB_CRED
+
+ * kuser/kinit.c: remove extra clearing of password and some
+ redundant code
+
+2001-06-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: move ticket conversion code to separate function,
+ and call that from a couple of places, like when renewing a
+ ticket; also add a flag for just converting a ticket
+
+ * lib/krb5/init_creds_pw.c: set renew-life to some sane value
+
+ * kdc/524.c: don't send more data than required
+
+2001-06-24 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns
+
+ * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
+ (any_start_seq_get): remove a double free
+ (any_next_entry): iterate over all (sub) keytabs and avoid leave data
+ around to be freed again
+
+ * kdc/kdc_locl.h: add a define for des_new_random_key when using
+ openssl's libcrypto
+
+ * configure.in: move v6 tests down
+
+ * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052
+
+ * update to libtool 1.4 and autoconf 2.50
+
+2001-06-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/hdb.c: use krb5_add_et_list
+
+2001-06-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/Makefile.am: add generation number
+ * lib/hdb/common.c: add generation number code
+ * lib/hdb/hdb.asn1: add generation number
+ * lib/hdb/print.c: use krb5_storage to make it more dynamic
+
+2001-06-21 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.conf.5: update to changed names used by
+ krb5_get_init_creds_opt_set_default_flags
+ * lib/krb5/init_creds.c
+ (krb5_get_init_creds_opt_set_default_flags): make the appdefault
+ keywords have the same names
+
+ * configure.in: only add -L and -R to the krb4 libdir if we are
+ actually using it
+
+ * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
+ dot of hostname add some comments
+ * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
+ testing for kerberos.REALM. this allows reusing that information
+ when actually contacting the server and thus avoids one DNS lookup
+
+2001-06-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: include k524_err.h
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
+ for keytype, the server will do this for us if it has anything to
+ complain about
+
+ * lib/krb5/context.c: add protocol compatible krb524 error codes
+
+ * lib/krb5/Makefile.am: add protocol compatible krb524 error codes
+
+ * lib/krb5/k524_err.et: add protocol compatible krb524 error codes
+
+ * lib/krb5/krb5_principal_get_realm.3: manpage
+
+ * lib/krb5/principal.c: add functions `krb5_principal_get_realm'
+ and `krb5_principal_get_comp_string' that returns parts of a
+ principal; this is a replacement for the internal
+ `krb5_princ_realm' and `krb5_princ_component' macros that everyone
+ seem to use
+
+2001-06-19 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c (main): dereference result from krb5_princ_realm.
+ from Thomas Nystrom <thn at saeab.se>
+
+2001-06-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
+ * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
+ * lib/krb5/krbhst.c (config_get_hosts): free hostlist
+ * kuser/kinit.c: free principal
+
+2001-06-18 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
+ freeaddrinfo
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
+ remove some unused variables
+
+ * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
+ * kdc/kerberos5.c: update to new krb5_auth_con* names
+ * kdc/hpropd.c: update to new krb5_auth_con* names
+ * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
+ and remove some comments
+ * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
+ order: remote - local - session
+ * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
+ auth_context
+ * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
+ order: remote - local - session
+ * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
+ local - remote - session
+
+2001-06-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/convert_creds.c: use starttime instead of authtime,
+ from Chris Chiappa
+
+ * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
+ the MIT function by the same name; add
+ krb524_convert_creds_kdc_ccache that does what the old version did
+
+ * admin/list.c (do_list): make sure list of keys is NULL
+ terminated; similar to patch sent by Chris Chiappa
+
+2001-06-18 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/mcache.c (mcc_remove_cred): use
+ krb5_free_creds_contents
+
+ * lib/krb5/auth_context.c: name function krb5_auth_con more
+ consistenly
+ * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
+ renamed krb5_auth_con_getauthenticator
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
+ use krb5_krbhst API
+ * lib/krb5/changepw.c (krb5_change_password): update to use
+ krb5_krbhst API
+ * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
+ * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
+ in krb5_krbhst_info
+ (krb5_krbhst_free): free everything
+
+ * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
+ (krb5_krbhst_info): add def_port (default port for this service)
+
+ * lib/krb5/krbhst-test.c: make it more verbose and useful
+ * lib/krb5/krbhst.c: remove some more memory leaks do not try any
+ dns operations if there is local configuration admin: fallback to
+ kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
+ add some comments
+
+ * configure.in: remove initstate and setstate, they should be in
+ cf/roken-frag.m4
+
+ * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
+ * lib/krb5/krbhst-test.c: new program for testing krbhst
+ * lib/krb5/krbhst.c (common_init): remove memory leak
+ (main): move test program into krbhst-test
+
+2001-06-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5_krbhst_init.3: manpage
+
+ * lib/krb5/krb5_get_krbhst.3: manpage
+
+2001-06-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
+
+ * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
+
+ * lib/krb5/krb5.h: types for new krbhst api
+
+ * lib/krb5/krbhst.c: implement a new api that looks up one host at
+ a time, instead of making a list of hosts
+
+2001-06-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: test for initstate and setstate
+
+ * lib/krb5/krbhst.c: remove rfc2052 support
+
+2001-06-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * fix some manpages for broken mdoc.old grog test
+
+2001-05-28 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.conf.5: add [appdefaults]
+ * lib/krb5/init_creds_pw.c: remove configuration reading that is
+ now done in krb5_get_init_creds_opt_set_default_flags
+ * lib/krb5/init_creds.c
+ (krb5_get_init_creds_opt_set_default_flags): add reading of
+ libdefaults versions of these and add no_addresses
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
+ when preauth was required and we retry
+
+2001-05-25 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
+ krb5_get_krb524hst
+ * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
+ support functions
+
+2001-05-22 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
+ properly
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * Release 0.3f
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am: bump version to 16:0:0
+ * lib/hdb/Makefile.am: bump version to 7:1:0
+ * lib/asn1/Makefile.am: bump version to 5:0:0
+ * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
+ * lib/krb5/codec.c: remove dead code
+
+2001-05-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/config.c: actually check the ticket addresses
+
+2001-05-15 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
+ parenthesis
+
+ * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
+ `errno' (called system_error) to allow callers to make sure they
+ pass the current and relevant value. update callers
+
+2001-05-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/verify_user.c: krb5_verify_user_opt
+
+ * lib/krb5/krb5.h: verify_opt
+
+ * kdc/kerberos5.c: pass context to krb5_domain_x500_decode
+
+2001-05-14 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswdd.c: adapt to new address functions
+ * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
+ * kdc/connect.c: adapt to changing address functions
+ * kdc/config.c: new krb5_config_parse_file
+ * kdc/524.c: new krb5_sockaddr2address
+ * lib/krb5/*: add some krb5_{set,clear}_error_string
+
+ * lib/asn1/k5.asn1 (LR_TYPE): add
+ * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
+
+2001-05-11 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c (tsg_rep): fix typo in variable name
+
+ * kpasswd/kpasswd-generator.c (nop_prompter): update prototype
+ * lib/krb5/init_creds_pw.c: update to new prompter, use prompter
+ types and send two prompts at once when changning password
+ * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
+ * lib/krb5/krb5.h (krb5_prompt): add type
+ (krb5_prompter_fct): add anem
+
+ * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
+ paramaters to krb5_cc_next_cred (as MIT does, and not as they
+ document). From "Jacques A. Vidrine" <n at nectar.com>
+
+2001-05-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/Makefile.am: store-test
+
+ * lib/krb5/store-test.c: simple bit storage test
+
+ * lib/krb5/store.c: add more byteorder storage flags
+
+ * lib/krb5/krb5.h: add more byteorder storage flags
+
+ * kdc/kerberos5.c: don't use NULL where we mean 0
+
+ * kdc/kerberos5.c: put referral test code in separate function,
+ and test for KRB5_NT_SRV_INST
+
+2001-05-10 Assar Westerlund <assar at sics.se>
+
+ * admin/list.c (do_list): do not close the keytab if opening it
+ failed
+ * admin/list.c (do_list): always print complete names. print
+ everything to stdout.
+ * admin/list.c: print both v5 and v4 list by default
+ * admin/remove.c (kt_remove): reorganize some. open the keytab
+ (defaulting to the modify one).
+ * admin/purge.c (kt_purge): reorganize some. open the keytab
+ (defaulting to the modify one). correct usage strings
+ * admin/list.c (kt_list): reorganize some. open the keytab
+ * admin/get.c (kt_get): reorganize some. open the keytab
+ (defaulting to the modify one)
+ * admin/copy.c (kt_copy): default to modify key name. re-organise
+ * admin/change.c (kt_change): reorganize some. open the keytab
+ (defaulting to the modify one)
+ * admin/add.c (kt_add): reorganize some. open the keytab
+ (defaulting to the modify one)
+ * admin/ktutil.c (main): do not open the keytab, let every
+ sub-function handle it
+
+ * kdc/config.c (configure): call free_getarg_strings
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
+ a few more errors
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
+ `use_dns' parameter boolean
+
+ * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
+ * lib/krb5/context.c (init_context_from_config_file): set
+ default_keytab_modify
+ * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
+ ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
+ (KEYTAB_DEFAULT_MODIFY): add
+ * lib/krb5/keytab.c (krb5_kt_default_modify_name): add
+ (krb5_kt_resolve): set error string for failed keytab type
+
+2001-05-08 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (encryption_type): make field names more
+ consistent
+ (create_checksum): separate usage and type
+ (krb5_create_checksum): add a separate type parameter
+ (encrypt_internal): only free once on mismatched checksum length
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
+ realm we didn't manage to reach any KDC for in the error string
+
+ * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
+ the entire subkey. from <tmartin at mirapoint.com>
+
+2001-05-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
+ KT_NOTFOUND if the file is empty
+
+2001-05-07 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/fcache.c: call krb5_set_error_string when open fails
+ fatally
+ * lib/krb5/keytab_file.c: call krb5_set_error_string when open
+ fails fatally
+
+ * lib/krb5/warn.c (_warnerr): print error_string in context in
+ preference to error string derived from error code
+ * kuser/kinit.c (main): try to print the error string
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
+ error strings for errors
+
+ * lib/krb5/krb5.h (krb5_context_data): add error_string and
+ error_buf
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
+ * lib/krb5/error_string.c: new file
+
+2001-05-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/time.c: krb5_string_to_deltat
+
+ * lib/krb5/sock_principal.c: one less data copy
+
+ * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
+
+ * lib/krb5/get_default_principal.c: change this slightly
+
+ * lib/krb5/crypto.c: make checksum_types into an array of pointers
+
+ * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
+ ticket
+
+2001-04-29 Assar Westerlund <assar at sics.se>
+
+ * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
+ the right realm if we fail to find a non-krbtgt service in the
+ database and the second component does a succesful non-dns lookup
+ to get the real realm (which has to be different from the
+ originally-supplied realm). this should help windows 2000 clients
+ that always start their lookups in `their' realm and do not have
+ any idea of how to map hostnames into realms
+ * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
+
+2001-04-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
+ parameter to request use of dns or not
+
+2001-04-25 Assar Westerlund <assar at sics.se>
+
+ * admin/get.c (kt_get): allow specification of encryption types
+ * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
+ close an unopened ccache, noted by <marc at mit.edu>
+
+ * lib/krb5/krb5.h (krb5_any_ops): add declaration
+ * lib/krb5/context.c (init_context_from_config_file): register
+ krb5_any_ops
+
+ * lib/krb5/keytab_any.c: new file, implementing union of keytabs
+ * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
+
+ * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
+ == NULL. noted by <marc at mit.edu>
+
+2001-04-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
+ else, from Jacques Vidrine
+
+2001-04-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
+
+ * lib/asn1/Makefile.am: add asn1_ENCTYPE.x
+
+ * lib/krb5/krb5.h: adapt to asn1 changes
+
+ * lib/asn1/k5.asn1: move enctypes here
+
+ * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
+ conflicts
+
+ * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
+ conflicts
+
+ * lib/asn1/lex.l: use strtol to parse constants
+
+2001-04-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: add simple support for running commands
+
+2001-03-26 Assar Westerlund <assar at sics.se>
+
+ * lib/hdb/hdb-ldap.c: change order of includes to allow it to work
+ with more versions of openldap
+
+ * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
+ replies
+ (*): update callers of krb5_km_error
+ (check_tgs_flags): handle renews requesting non-renewable tickets
+
+ * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
+ and cusec
+
+ * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
+ compatibility names
+
+ * lib/krb5/crypto.c (create_checksum): change so that `type == 0'
+ means pick from the `crypto' (context) and otherwise use that
+ type. this is not a large change in practice and allows callers
+ to specify the exact checksum algorithm to use
+
+2001-03-13 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
+ to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
+ integrity'. this helps for talking to old (pre 0.3d) KDCs
+
+2001-03-12 Assar Westerlund <assar at pdc.kth.se>
+
+ * lib/krb5/crypto.c (krb5_derive_key): new function, used by
+ derived-key-test.c
+ * lib/krb5/string-to-key-test.c: add new test vectors posted by
+ Ken Raeburn <raeburn at mit.edu> in <tx1bsra8919.fsf at raeburn.org> to
+ ietf-krb-wg at anl.gov
+ * lib/krb5/n-fold-test.c: more test vectors from same source
+ * lib/krb5/derived-key-test.c: more tests from same source
+
+2001-03-06 Assar Westerlund <assar at sics.se>
+
+ * acconfig.h: include roken_rename.h when appropriate
+
+2001-03-06 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.h (krb5_enctype): remove trailing comma
+
+2001-03-04 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
+ compatibility with MIT krb5
+
+2001-03-02 Assar Westerlund <assar at sics.se>
+
+ * kuser/kinit.c (main): only request a renewable ticket when
+ explicitly requested. it still gets a renewable one if the renew
+ life is specified
+ * kuser/kinit.c (renew_validate): treat -1 as flags not being set
+
+2001-02-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
+
+2001-02-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
+
+2001-02-25 Assar Westerlund <assar at sics.se>
+
+ * configure.in: do not use -R when testing for des functions
+
+2001-02-14 Assar Westerlund <assar at sics.se>
+
+ * configure.in: test for lber.h when trying to link against
+ openldap to handle openldap v1, from Sumit Bose
+ <sumit.bose at suse.de>
+
+2001-02-19 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/libasn1.h: add string.h (for memset)
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/warn.c (_warnerr): add printf attributes
+ * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
+ returned by getaddrinfo before trying the next kdc. from
+ thorpej at netbsd.org
+
+ * lib/krb5/krb5.conf.5: fix default_realm in example
+
+ * kdc/connect.c: fix a few kdc_log format types
+
+ * configure.in: try to handle libdes/libcrypto ont requiring -L
+
+2001-02-10 Assar Westerlund <assar at sics.se>
+
+ * lib/asn1/gen_decode.c (generate_type_decode): zero the data at
+ the beginning of the generated function, and add a label `fail'
+ that the code jumps to in case of errors that frees all allocated
+ data
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * configure.in: aix dce: fix misquotes, from Ake Sandgren
+ <ake at cs.umu.se>
+
+ * configure.in (dpagaix_LDFLAGS): try to add export file
+
+2001-02-05 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5_keytab.3: new man page, contributed by
+ <lha at stacken.kth.se>
+
+ * kdc/kaserver.c: update to new db_fetch4
+
+2001-02-05 Assar Westerlund <assar at assaris.sics.se>
+
+ * Release 0.3e
+
+2001-01-30 Assar Westerlund <assar at sics.se>
+
+ * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
+ properly
+ (kdb_prop): decrypt key properly
+ * kdc/hprop.c: handle building with KRB4 always try to decrypt v4
+ data with the master key leave it up to the v5 how to encrypt with
+ that master key
+
+ * kdc/kstash.c: include file name in error messages
+ * kdc/hprop.c: fix a typo and check some more return values
+ * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
+ correctly. From Jacques Vidrine <n at nectar.com>
+ * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
+ ENOENT
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+ 15:0:0
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
+ * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
+ * kdc/misc.c (db_fetch): return an error code. change callers to
+ look at this and try to print it in log messages
+
+ * lib/krb5/crypto.c (decrypt_internal_derived): check that there's
+ enough data
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * kdc/hprop.c (realm_buf): move it so it becomes properly
+ conditional on KRB4
+
+ * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
+ hdb_unseal_keys, hdb_seal_keys): check that we have the correct
+ master key and that we manage to decrypt the key properly,
+ returning an error code. fix all callers to check return value.
+
+ * tools/krb5-config.in: use @LIB_des_appl@
+ * tools/Makefile.am (krb5-config): add LIB_des_appl
+ * configure.in (LIB_des): set correctly
+ (LIB_des_appl): add for the use by krb5-config.in
+
+ * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
+ to make sure of not dropping data when doing it over a socket.
+ (this might break when used with ordinary files on win32)
+
+ * lib/hdb/hdb_err.et (NO_MKEY): add
+
+ * kdc/kerberos5.c (as_rep): be paranoid and check
+ krb5_enctype_to_string for failure, noted by <lha at stacken.kth.se>
+
+ * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
+ lib/krb5/krb5_auth_context.3: add new man pages, contributed by
+ <lha at stacken.kth.se>
+
+ * use the openssl api for md4/md5/sha and handle openssl/*.h
+
+ * kdc/kaserver.c (do_getticket): check length of ticket. noted by
+ <lha at stacken.kth.se>
+
+2001-01-28 Assar Westerlund <assar at sics.se>
+
+ * configure.in: send -R instead of -rpath to libtool to set
+ runtime library paths
+
+ * lib/krb5/Makefile.am: remove all dependencies on libkrb
+
+2001-01-27 Assar Westerlund <assar at sics.se>
+
+ * appl/rcp: add port of bsd rcp changed to use existing rsh,
+ contributed by Richard Nyberg <rnyberg at it.su.se>
+
+2001-01-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/get_port.c: don't warn if the port name can't be found,
+ nobody cares anyway
+
+2001-01-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/hprop.c: make it possible to convert a v4 dump file without
+ having any v4 libraries; the kdb backend still require them
+
+ * kdc/v4_dump.c: include shadow definition of kdb Principal, so we
+ don't have to depend on any v4 libraries
+
+ * kdc/hprop.h: include shadow definition of kdb Principal, so we
+ don't have to depend on any v4 libraries
+
+ * lib/hdb/print.c: reduce number of memory allocations
+
+ * lib/hdb/mkey.c: add support for reading krb4 /.k files
+
+2001-01-19 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
+ for realms document capath better
+
+ * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
+ at kpasswd_server before admin_server
+
+ * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
+ [libdefaults]capath for better hint of realm to send request to.
+ this allows the client to specify `realm routing information' in
+ case it cannot be done at the server (which is preferred)
+
+ * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
+ zero when we were expecting a sequence number. MIT krb5 cannot
+ generate a sequence number of zero, instead generating no sequence
+ number
+ * lib/krb5/rd_safe.c (krb5_rd_safe): dito
+
+2001-01-11 Assar Westerlund <assar at sics.se>
+
+ * kpasswd/kpasswdd.c: add --port option
+
+2001-01-10 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
+ just before returning
+
+2001-01-09 Assar Westerlund <assar at sics.se>
+
+ * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
+
+2001-01-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: call a time `time', and not `seconds'
+
+ * lib/krb5/init_creds.c: not much point in setting the anonymous
+ flag here
+
+ * lib/krb5/krb5_appdefault.3: document appdefault_time
+
+2001-01-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/verify_user.c: use
+ krb5_get_init_creds_opt_set_default_flags
+
+ * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
+
+ * lib/krb5/init_creds.c: new function
+ krb5_get_init_creds_opt_set_default_flags to set options from
+ krb5.conf
+
+ * lib/krb5/rd_cred.c: make this match the MIT function
+
+ * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
+ def_val
+ (krb5_appdefault_time): new function
+
+2001-01-03 Assar Westerlund <assar at sics.se>
+
+ * kdc/hpropd.c (main): handle EOF when reading from stdin
Added: vendor-crypto/heimdal/dist/ChangeLog.2002
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2002 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2002 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,726 @@
+2002-12-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/mk_rep.c: free allocated storage; reported by Howard
+ Chu
+
+2002-12-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
+
+2002-12-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * kpasswd/kpasswdd.c (doit): initialise sa_size to size of
+ sockaddr_storage
+
+ * kdc/connect.c (init_socket): initialise sa_size to size of
+ sockaddr_storage
+
+2002-11-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: remove trailing comma in enum
+
+2002-11-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/524.c: implement crude b2 style (non-)conversion for use
+ with afs
+
+ * kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
+ where it's used
+
+2002-10-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_keyfile.c: more strcspn
+
+ * lib/krb5/store_emem.c (emem_store): limit how much we allocate
+ (from Olaf Kirch)
+
+ * lib/krb5/principal.c: don't allow trailing backslashes in
+ components
+
+ * kdc/connect.c: check that %-quotes are followed by two hex
+ digits
+
+ * lib/krb5/keytab_any.c: properly close the open keytabs (from
+ Larry Greenfield)
+
+ * kdc/kaserver.c: make sure life is positive (from John Godehn)
+
+2002-10-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.c (display_tokens): allow tokens up to size of
+ buffer (from Magnus Holmberg)
+
+2002-09-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/changepw.c (process_reply): fix reply length check
+ calculation (reported by various people)
+
+2002-09-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_file.c (fkt_remove_entry): check return value
+ from start_seq_get (from Wynn Wilkes)
+
+2002-09-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
+ of ENOENT when "unconfigured"
+
+2002-09-16 Jacques Vidrine <nectar at kth.se>
+
+ * lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
+ to convert the newline to NUL in fgets results.
+
+2002-09-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.1: remove unneeded Ns
+
+ * lib/krb5/krb5_appdefault.3: remove extra "application"
+
+ * fix-export: remove autom4ate.cache
+
+2002-09-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * include/make_crypto.c: don't use function macros if possible
+
+ * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
+
+ * include/Makefile.am: use make_crypto to create crypto-headers.h
+
+ * include/make_crypto.c: crypto header generation tool
+
+ * configure.in: move crypto test to just after testing for krb4,
+ and move roken tests to after both, this speeds up various failure
+ cases with krb4
+
+ * lib/krb5/config_file.c: don't use NULL when we mean 0
+
+ * configure.in: we don't set package_libdir anymore, so no point
+ in testing for it
+
+ * tools/Makefile.am: subst INCLUDE_des
+
+ * tools/krb5-config.in: add INCLUDE_des to cflags
+
+ * configure.in: use AC_CONFIG_SRCDIR
+
+ * fix-export: remove some unneeded stuff
+
+ * kuser/kinit.c (do_524init): free principals
+
+2002-09-09 Jacques Vidrine <nectar at kth.se>
+
+ * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
+ kdc/kaserver.c (krb5_ret_xdr_data),
+ lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
+ counts: Check that they are non-negative, and that they are small
+ enough to avoid integer overflow when used in memory allocation
+ calculations. Potential problem areas pointed out by
+ Sebastian Krahmer <krahmer at suse.de>.
+
+ * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
+ creating a new keyfile.
+
+2002-09-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: don't try to build pam module
+
+2002-09-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * appl/kf/kf.c: fix warning string
+
+ * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
+ know we need it
+
+2002-09-04 Assar Westerlund <assar at kth.se>
+
+ * kdc/kerberos5.c (encode_reply): correct error logging
+
+2002-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/sendauth.c: close ccache if we opened it
+
+ * appl/kf/kf.c: handle new protocol
+
+ * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
+ handle the new protocol, and bail out if an old client tries to
+ connect
+
+ * appl/kf/kf_locl.h: we need a protocol version string
+
+ * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
+
+ * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
+
+ * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
+
+ * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
+
+ * lib/asn1/gen.c: add convenience macro that allocates a buffer
+ and encoded into that
+
+ * lib/krb5/get_cred.c (init_tgs_req): use
+ in_creds->session.keytype literally instead of trying to convert
+ to a list of enctypes (it should already be an enctype)
+
+ * lib/krb5/get_cred.c (init_tgs_req): init ret
+
+2002-09-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
+
+ * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
+
+ * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
+ zero ivec in DES3_CBC_encrypt if passed ivec is NULL
+
+ * lib/krb5/Makefile.am: back out 1.144, since it will re-create
+ krb5-protos.h at build-time, which requires perl, which is bad
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
+ blindly use the local subkey
+
+ * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
+ extracts the required blocksize from a crypto context
+
+ * lib/krb5/build_auth.c: just get the length of the encoded
+ authenticator instead of trying to grow a buffer
+
+2002-09-03 Assar Westerlund <assar at kth.se>
+
+ * configure.in: add --disable-mmap option, and tests for
+ sys/mman.h and mmap
+
+2002-09-03 Jacques Vidrine <nectar at kth.se>
+
+ * lib/krb5/changepw.c: verify lengths in response
+
+ * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
+ truncated integers
+
+2002-09-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/mk_req_ext.c: generate a local subkey if
+ AP_OPTS_USE_SUBKEY is set
+
+ * lib/krb5/build_auth.c: we don't have enough information about
+ whether to generate a local subkey here, so don't try to
+
+ * lib/krb5/auth_context.c: new function
+ krb5_auth_con_generatelocalsubkey
+
+ * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
+ initial ticket
+
+ * lib/krb5/context.c (init_context_from_config_file): simplify
+ initialisation of srv_lookup
+
+ * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
+
+ * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
+
+2002-08-30 Assar Westerlund <assar at kth.se>
+
+ * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
+ * lib/krb5/Makefile.am (TESTS): add name-45-test
+ * lib/krb5/name-45-test.c: add testcases for
+ krb5_425_conv_principal
+
+2002-08-29 Assar Westerlund <assar at kth.se>
+
+ * lib/krb5/parse-name-test.c: also test unparse_short functions
+ * lib/asn1/asn1_print.c: use com_err/error_message API
+ * lib/krb5/Makefile.am: add parse-name-test
+ * lib/krb5/parse-name-test.c: add a program for testing parsing
+ and unparsing principal names
+
+2002-08-28 Assar Westerlund <assar at kth.se>
+
+ * kdc/config.c: add missing ifdef DAEMON
+
+2002-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: use rk_SUNOS
+
+ * kdc/config.c: add detach options
+
+ * kdc/main.c: maybe detach from console?
+
+ * kdc/kdc.8: markup changes
+
+ * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
+
+ * configure.in: use rk_TELNET, rename some other macros, and don't
+ add -ldes to krb4 link command
+
+ * kuser/kinit.1: whitespace fix (from NetBSD)
+
+ * include/bits.c: we may need unistd.h for ssize_t
+
+2002-08-26 Assar Westerlund <assar at kth.se>
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
+ rrs before A ones when using the resolver to verify a mapping,
+ also use getaddrinfo when resolver is not available
+
+ * lib/hdb/keytab.c (find_db): const-correctness in parameters to
+ krb5_config_get_next
+
+ * lib/asn1/gen.c: include <string.h> in the generated files (for
+ memset)
+
+2002-08-22 Assar Westerlund <assar at kth.se>
+
+ * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
+ getarg so that it can handle --help and --version (and thus make
+ check can pass)
+
+ * lib/asn1/check-der.c: make this build again
+
+2002-08-22 Assar Westerlund <assar at kth.se>
+
+ * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
+ patch from Love <lha at stacken.kth.se>
+
+2002-08-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
+ KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
+
+ * kdc/kdc.8: add blurb about adding and removing addresses; update
+ kdc.conf section to match reality
+
+ * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
+ don't define it
+
+2002-08-21 Assar Westerlund <assar at kth.se>
+
+ * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
+ Love <lha at stacken.kth.se>
+
+2002-08-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
+ since it might not exist, and we don't actually care about the key
+
+2002-08-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: correct documentation for
+ verify_ap_req_nofail
+
+ * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
+ Mattias Amnefelt)
+
+ * kuser/klist.c (display_tokens): increase token buffer size, and
+ add more checks of the kernel data (from Love)
+
+2002-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * fix-export: use make to parse Makefile.am instead of perl
+
+ * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
+ groks AC_INIT with package name etc.
+
+ * kpasswd/kpasswdd.c: include <kadm5/private.h>
+
+ * lib/asn1/asn1_print.c: include com_right.h
+
+ * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
+
+ * include/bits.c: define krb5_socklen_t type; this should really
+ go someplace else, but this was easy
+
+ * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
+ fails, just warn about it
+
+ * kdc/log.c (kdc_openlog): no need for a config_file parameter
+
+ * kdc/config.c: just treat kdc.conf like any other config file
+
+ * lib/krb5/context.c (krb5_get_default_config_files): ignore
+ duplicate files
+
+2002-08-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
+ them
+
+ * lib/krb5/constants.c: turn strings into pointers, so we can
+ assign to them
+
+ * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
+ SCAN_INTERFACES is not set
+
+ * lib/krb5/context.c: fix various borked stuff in previous commits
+
+2002-08-16 Jacques Vidrine <n at nectar.com>
+
+ * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
+ the `admin_server' entry for kpasswd, override the `proto' result
+ to be UDP.
+
+2002-08-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/auth_context.c: check return value of
+ krb5_sockaddr2address
+
+ * lib/krb5/addr_families.c: check return value of
+ krb5_sockaddr2address
+
+ * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
+
+2002-08-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
+
+ * lib/krb5/context.c: allow changing config files with the
+ function krb5_set_config_files, there are also related functions
+ krb5_get_default_config_files and krb5_free_config_files; these
+ should work similar to their MIT counterparts
+
+ * lib/krb5/config_file.c: allow the use of more than one config
+ file by using the new function krb5_config_parse_file_multi
+
+2002-08-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * use sysconfdir instead of /etc
+
+ * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
+ to appease automake; force sysconfdir and localstatedir to /etc
+ and /var/heimdal for now
+
+ * kdc/connect.c (addr_to_string): check return value of
+ sockaddr2address
+
+2002-08-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
+ don't try comparing to one; this should make old clients work with
+ new servers
+
+ * lib/asn1/gen_decode.c: remove unused variable
+
+2002-07-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
+ Brashear)
+
+ * lib/krb5/principal.c: actually lower case the lower case
+ instance name (spotted by Derrick Brashear)
+
+2002-07-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * fix-export: if DATEDVERSION is set, change the version to
+ current date
+
+ * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
+ LTLIBOBJS
+
+2002-07-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/connect.c: add some cache-control-foo to the http responses
+ (from Gombas Gabor)
+
+ * lib/krb5/addr_families.c (krb5_print_address): don't copy size
+ if ret_len == NULL
+
+2002-06-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.c (display_tokens): don't bail out before we get
+ EDOM (signaling the end of the tokens), the kernel can also return
+ ENOTCONN, meaning that the index does not exist anymore (for
+ example if the token has expired)
+
+2002-06-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/changepw.c: make sure we return an error if there are
+ no changepw hosts found; from Wynn Wilkes
+
+2002-05-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
+ same type is found; spotted by Wynn Wilkes
+
+2002-05-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_file.c: check size of entry before trying to
+ read 32-bit kvno; also fix typo in previous
+
+2002-05-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * include/Makefile.am: only add to INCLUDES
+
+ * lib/45/mk_req.c: fix for storage change
+
+ * lib/hdb/print.c: fix for storage change
+
+2002-05-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c: don't free encrypted padata until we're really
+ done with it
+
+2002-05-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
+ enctype
+
+ * kuser/kinit.1: document -a
+
+ * kuser/kinit.c: add command line switch for extra addresses
+
+2002-04-30 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * configure.in: remove some duplicate tests
+
+ * configure.in: use AC_HELP_STRING
+
+2002-04-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
+ unknown
+
+2002-04-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: use rk_DESTDIRS
+
+2002-04-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
+ the principal
+
+2002-04-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/verify_init.c: fix typo in error string
+
+2002-04-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * acconfig.h: remove some stuff that is defined elsewhere
+
+ * lib/krb5/krb5_locl.h: include <sys/file.h>
+
+ * lib/krb5/acl.c: rename acl_string parameter
+
+ * lib/krb5/Makefile.am: remove __P from protos, and put parameter
+ names in comments
+
+ * kuser/klist.c: better align some headers
+
+ * kdc/kerberos4.c: storage tweaks
+
+ * kdc/kaserver.c: storage tweaks
+
+ * kdc/524.c: storage tweaks
+
+ * lib/krb5/keytab_krb4.c: storage tweaks
+
+ * lib/krb5/keytab_keyfile.c: storage tweaks
+
+ * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
+ sized keytab files
+
+ * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
+
+ * lib/krb5/fcache.c: storage tweaks
+
+ * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
+ function wrappers for store/fetch/seek, and also make the eof-code
+ configurable
+
+ * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
+ function wrappers for store/fetch/seek, and also make the eof-code
+ configurable
+
+ * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
+ function wrappers for store/fetch/seek, and also make the eof-code
+ configurable
+
+ * lib/krb5/store.c: make the krb5_storage opaque, and add function
+ wrappers for store/fetch/seek, and also make the eof-code
+ configurable
+
+ * lib/krb5/store-int.h: make the krb5_storage opaque, and add
+ function wrappers for store/fetch/seek, and also make the eof-code
+ configurable
+
+ * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
+ wrappers for store/fetch/seek, and also make the eof-code
+ configurable
+
+ * include/bits.c: include <sys/socket.h> to get socklen_t
+
+ * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
+ requested KDC-REQ etypes
+
+ * kdc/hpropd.c: constify
+
+ * kdc/hprop.c: constify
+
+ * kdc/string2key.c: constify
+
+ * kdc/kdc_locl.h: make port_str const
+
+ * kdc/config.c: constify
+
+ * lib/krb5/config_file.c: constify
+
+ * kdc/kstash.c: constify
+
+ * lib/krb5/verify_user.c: remove unnecessary cast
+
+ * lib/krb5/recvauth.c: constify
+
+ * lib/krb5/principal.c (krb5_parse_name): const qualify
+
+ * lib/krb5/mcache.c (mcc_get_name): constify return type
+
+ * lib/krb5/context.c (krb5_free_context): don't try to free the
+ ccache prefix
+
+ * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
+ prefix
+
+ * lib/krb5/krb5.h: constify some struct members
+
+ * lib/krb5/log.c: constify
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
+ qualify
+
+ * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
+
+ * lib/krb5/crypto.c: constify some
+
+ * lib/krb5/config_file.c: constify
+
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
+ constify local variable
+
+ * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
+
+2002-04-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/verify_krb5_conf.c: add some log checking
+
+ * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
+
+2002-04-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
+ matches the expected length
+
+2002-03-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/send_to_kdc.c: rename send parameter to send_data
+
+ * lib/krb5/mk_error.c: rename ctime parameter to client_time
+
+2002-03-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
+ Reinoud Zandijk)
+
+2002-03-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/asn1/k5.asn1: add the GSS-API checksum type here
+
+2002-03-11 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
+ 18:3:1
+ * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
+ * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
+
+2002-03-10 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/rd_cred.c: handle addresses with port numbers
+
+ * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
+ store the kvno % 256 as the byte and the complete 32 bit kvno after
+ the end of the current keytab entry
+
+ * lib/krb5/init_creds_pw.c:
+ handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
+ handle ports giving for the remote address
+
+ * lib/krb5/get_cred.c:
+ get a ticket with no addresses if no-addresses is set
+
+ * lib/krb5/crypto.c:
+ rename functions DES_* to krb5_* to avoid colliding with modern
+ openssl
+
+ * lib/krb5/addr_families.c:
+ make all functions taking 'struct sockaddr' actually take a socklen_t
+ instead of int and that acts as an in-out parameter (indicating the
+ maximum length of the sockaddr to be written)
+
+ * kdc/kerberos4.c:
+ make the kvno's in the krb4 universe by the real one % 256, since they
+ cannot only be 8 bit, and the v5 ones are actually 32 bits
+
+2002-02-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
+ before we need to write to it
+ (from \xC5ke Sandgren)
+
+2002-02-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
+ rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
+ directly
+
+ * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
+ Kouril)
+
+2002-02-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/context.c (krb5_get_err_text): protect against NULL
+ context
+
+2002-02-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/ktutil.c: no need to use the "modify" keytab anymore
+
+ * lib/krb5/keytab_any.c: implement add and remove
+
+ * lib/krb5/keytab_krb4.c: implement add and remove
+
+ * lib/krb5/store_emem.c (emem_free): clear memory before freeing
+ (this should perhaps be selectable with a flag)
+
+2002-02-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/config.c (get_dbinfo): if there are database specifications
+ in the config file, don't automatically try to use the default
+ values (from Gombas Gabor)
+
+ * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
+ (from Gombas Gabor)
+
+2002-01-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/list.c: get the default keytab from krb5.conf, and list
+ all parts of an ANY type keytab
+
+ * lib/krb5/context.c: default default_keytab_modify to NULL
+
+ * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
+ name is specified take it from the first component of the default
+ keytab name
+
+2002-01-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/keytab.c: compare keytab types case insensitively
+
+2002-01-07 Assar Westerlund <assar at sics.se>
+
+ * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
+ not really a krb5_key_usage). From Ben Harris <bjh21 at netbsd.org>
+ * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
+ Harris <bjh21 at netbsd.org>
+ * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
+ Harris <bjh21 at netbsd.org>
+ * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
+ <bjh21 at netbsd.org>
Added: vendor-crypto/heimdal/dist/ChangeLog.2003
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2003 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2003 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1795 @@
+2003-12-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/error_string.c: protect error_string with mutex
+
+ * lib/krb5/context.c: allocate and destroy mutex in krb5_context
+
+ * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string
+
+2003-12-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: make -9 work again
+
+2003-12-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: try handle ts preauth better, still
+ not good, but at least it work with older heimdal releases that
+ doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was
+ sent
+
+2003-12-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer
+ used
+
+2003-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as
+ parameters, required by CMS
+
+2003-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab):
+ avoid memory leak that snuck in when krb5_keytab_key_proc was
+ exported, pointed out by Panases Inc
+
+ * lib/krb5/keytab_file.c: do locking, found to be a problem for
+ Panasas Inc
+
+ * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix
+ them with _krb5_
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
+ KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
+ krb-cred
+
+ * lib/krb5/krb5_auth_context.3: some text about
+ krb5_auth_con_{add,remove}flags
+
+ * lib/krb5/auth_context.c: add krb5_auth_con_addflags and
+ krb5_auth_con_removeflags
+
+2003-12-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to
+ avoid memory leak
+
+2003-12-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c: require cipher-text to be padded to padsize
+
+ * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is
+ deprecated in RFC3493
+
+ * lib/krb5/verify_krb5_conf.c (check_host): don't check for
+ EAI_NODATA, because its depricated in RFC3493 Pointed out by
+ Hajimu UMEMOTO <ume at mahoroba.org> on heimdal-discuss
+
+2003-12-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS
+
+ * lib/krb5/test_crypto.c: add --version,--help
+
+ * kuser/kinit.c (main): return the return value from simple_execvp
+
+2003-11-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: don't use PKINIT DH per default since its too
+ slow
+
+ * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the
+ asn1_compile can't generate code for context tagless optionals
+
+ * kdc/pkinit.c: add support for KDC side of DH PKINIT
+
+ * lib/krb5/pkinit.c: clean up error handling, make enc-type work
+ again
+
+2003-11-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: add flag to make it work with pkinit dh
+
+ * lib/krb5/pkinit.c: make PKINIT DH support work
+
+2003-11-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen
+
+ * kdc/pkinit.c: clean up
+
+ * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field
+
+ * lib/krb5/pkinit.c: remove most compile depencies clean up
+
+ * kdc/pkinit.c: print an error and turn of pkinit if openssl
+ failed to load
+
+ * kdc/config.c: read pkinit (pki-mumble) configuration options
+
+ * kdc/kerberos5.c: add pkinit support
+
+ * kdc/kdc_locl.h: add prototypes for pkinit
+
+ * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
+ removed the dependency on valicert asn1 parser, remove smartcard
+ and globus support (for now). Work to be done on this: DH support,
+ Globus support, Smartcard support, windows support (MS implements
+ -09 of the draft), make it conform to the new draft
+
+ * lib/krb5/pkinit.c: fix bugs, improve error reporting
+
+2003-11-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: add some "struct foo;" glue for pkinit
+ structures that isn't used
+
+ * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's
+ api
+
+ * lib/krb5/krb5_locl.h: add some glue for pkinit add reference
+ counter to _krb5_get_init_creds_opt_private
+
+ * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt
+ private component to avoid copy all the data in it
+
+ * lib/krb5/crypto.c (AES_string_to_key): fix memory leak
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak
+
+ * lib/krb5/heim_threads.h: include pthread.h in the pthread case
+
+2003-11-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.c (main): parse kdc.conf
+ From: Jeffrey Hutzelman <jhutz at cmu.edu>
+
+2003-11-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am (TESTS): add test_crypto
+
+ * lib/krb5/test_crypto.c: time crypto operations
+
+2003-11-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/init-creds: spelling, Bruno Rohee <bruno at rohee.com>
+
+2003-11-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free
+ the ticket now, rewrite error handling to handle that
+
+ * kpasswd/kpasswdd.c (process): don't free ticket,
+ krb5_free_ticket does that now
+
+ * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
+ does that now
+
+ * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to
+ match mit behavior, pointed out by Derrick Brashear
+
+ * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket
+
+2003-11-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/padata.c: add krb5_padata_add
+
+ * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible
+
+ * lib/krb5/Makefile.am: add pkinit.c
+
+ * kuser/kinit.c: add pkinit support
+
+ * lib/krb5/init_creds_pw.c: add support for pkinit
+
+ * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to
+ _krb5_get_init_creds_opt_private
+
+ * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to
+ krb5_pk_init_ctx fix win2k error handling
+
+ * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr
+ Holub, I removed the dependency on valicert asn1 parser, remove
+ smartcard and globus support (for now). Work to be done on this:
+ DH support, Globus support, Smartcard support, windows support (MS
+ implements -09 of the draft), verify that it conforms the new
+ draft
+
+2003-11-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/der_copy.c (copy_oid): copy all components
+
+2003-10-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: document capaths section
+
+2003-10-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c: make sure that the server realm and the krbtgt
+ second component are identical; get rpath from the capaths section
+
+ * kdc/kerberos5.c: change logic for when to check transited policy
+ to a tri-state model involving per principal flags (to be
+ implemented)
+
+ * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state
+ variable
+
+ * kdc/config.c: change enforce_transited_policy to a tri-state
+ variable
+
+2003-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out
+ encoding to make sure it have a defined value on failure
+
+ * lib/krb5/transited.c (krb5_domain_x500_encode):
+ if num_realms ==0, set encoding and return (avoids malloc(0)),
+ check return value for malloc
+
+2003-10-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c (fix_transited_encoding): always print
+ cross-realm information
+
+2003-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: spelling, From: Tracy Di Marco White
+
+ * kdc/kerberos5.c (fix_transited_encoding): set transited type
+
+2003-10-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kdc.8: document enforce-transited-policy
+
+ * kdc/kerberos5.c: always check transited policy if flag set
+ either globally or on principal
+
+ * kdc/config.c: add flag to always check transited policy
+
+ * lib/hdb/hdb.asn1: add flag to enforce transited policy
+
+2003-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms
+ to zero not num_realms
+
+ * kuser/kgetcred.1: add --no-transit-check
+
+ * kuser/kgetcred.c: add --no-transit-check
+
+ * doc/setup.texi: describe Transit policy
+
+2003-10-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos5.c (fix_transited_encoding): also verify with
+ policy, unless asked not to
+
+ * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited
+ realms, unless the transited-policy-checked flag is set
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero
+ length tr data;
+ (krb5_check_transited): new function that does more useful stuff
+
+ * lib/krb5/get_cred.c: get capath info from [capaths] section
+
+2003-10-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous
+ method doesn't work well with a large number of clients accessing
+ the cache at the same time, and there is no simple way to add a
+ timeout to the lock.
+
+2003-10-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: print the error value
+ krb5_init_context failed with
+
+ * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if
+ there is binding before a section declaration. Bug found by
+ Arkadiusz Miskiewicz <arekm at pld-linux.org>
+
+2003-10-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/fcache.c (erase_file): revert a change in previous; if
+ the ccache is a symlink, kdestroy should remove it
+
+ * lib/krb5/fcache.c: implement locking
+
+2003-10-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred
+ returns error other than KRB5_CC_END
+
+2003-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: add some help function that is common
+ between ENC_TS and SAM2, free the etype{,2}-infos on failure, move
+ the pa counter into krb5_get_init_creds_ctx
+
+2003-10-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kaserver.c (do_getticket): if times data is shorter then 8
+ byte, request is malformed.
+
+ * kdc/kaserver.c (do_authenticate): if request length is less then
+ 8 byte, its a bad request and fail. Pointed out by Marco Foglia
+ <marco at foglia.org>
+
+ * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that
+ warns for mit syntax is used and just ignore the mit syntax when
+ its used
+
+ * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi]
+
+2003-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/lex.l: add BOOLEAN
+
+ * lib/asn1/parse.y: add BOOLEAN
+
+2003-10-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: When running kinit in "fork mode" do pagsh
+ independent of krb4, also always do krb4 setup of cc. Always try
+ to destroy the v4 cc.
+ - add boolean --{,no-}request-pac that will request pac or not
+
+ * kuser/klist.c (check_for_tgt): set client as part of the
+ pattern/match cred
+
+ * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token
+ (get_krb4_cc_name): move out from _krb5_krb_tf_setup
+ (_krb5_krb_tf_setup): adapt to allocated filename instead of
+ static filename
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT
+
+ * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user
+ have requested either use PAC or not use PAC, if the option not
+ set from the user, leave it up to the kdc to decide.
+ (init_creds_loop): clear error string on success
+
+ * lib/krb5/init_creds.c: add
+ krb5_get_init_creds_opt_set_paq_request break out common part of
+ extended opt functions to require_ext_opt
+
+ * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and
+ use it in struct _krb5_get_init_creds_opt_private
+
+ * tools/kdc-log-analyze.pl: handle some more failure lines
+
+ * doc/programming.texi: some diffrences between Heimdal and MIT
+ Kerberos in the API
+
+ * doc/setup.texi: add Setting up DNS
+
+ * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its
+ alway used
+
+ * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST
+
+ * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST
+
+ * lib/asn1: add boolean support
+
+2003-10-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on
+ failure
+
+2003-09-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/http_client.c (do_connect): use ai_protocol 0
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): handle
+ KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting
+ LARGE_MSG from send to kdc, and if this is the second time bail
+ out; try to free memory
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function,
+ and then implement the order krb5_sendto_kdc* function with this
+ function.
+
+ * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it
+ and adapt callers
+ (krbhst_get_default_proto): new function, returns udp, or in case
+ large_msg was requested for the krb5_krbhst_data, use tcp.
+ (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
+ using udp, use krbhst_get_default_proto
+
+ * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and
+ krb5_send_to_kdc_flags)
+
+2003-09-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth
+ context, use that
+
+ * appl/test/uu_client.c: print authorization data if there are any
+
+ * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String
+
+2003-09-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy
+ * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy
+
+ * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen
+
+ * kuser/kinit.c: don't get v4 tickets by default
+
+2003-09-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.c (process): remove a abort()
+
+ * doc/win2k.texi: add some text about netdom.exe and trusts
+
+ * TODO-1.0: gssapi rc4 done
+
+ * kpasswd/kpasswdd.c: add support for Set password protocol as
+ defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change
+ Password and Set Password Protocols
+
+2003-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/db3.c: improve readability of ->open ifdef, check if
+ version >= 4.1
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add
+
+ * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key
+ in the auth_context, they way processes that doesn't use the
+ keytab can still pass in the key of the service (matches behavior
+ of MIT Kerberos).
+
+2003-09-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: collect all init_creds context into a
+ structure so it can easier be passed around, also, while here,
+ change nonce for every request
+
+ * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before
+ the loop, add_padata() will handle that itself
+
+ * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len
+ until in contains interesting data, use right iteration counter
+ when clearing the addresses
+
+ * lib/krb5/log.c (log_realloc): increase len after realloc returns
+ sucessfully
+
+2003-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/config_file.c: fix prototypes
+ From: Fredrik Ljungberg <flag at pobox.se>
+
+2003-09-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/http_client.c: close socket when we are done, don't
+ allow the server to restart gssapi negotiation
+
+ * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by
+ Wissler Magnus <M.Wissler at abalon.se> on heimdal-discuss
+
+ * appl/test/gssapi_client.c (proto): use select_mech
+
+ * appl/test/http_client.c: use getarg
+
+ * appl/test/gss_common.h: prototype for select_mech
+
+ * appl/test/gss_common.c (select_mech): return the gss_OID from a
+ mech name
+
+ * appl/test/http_client.c: print both source and target
+
+ * appl/test/Makefile.am: build http_client
+
+2003-09-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/asn1_print.c: add support for printing Enumerated
+
+ * appl/test/gssapi_client.c: allow user to select mech; krb5,
+ spnego, and no-oid
+
+ * appl/test/test_locl.h: add mech
+
+ * appl/test/common.c: add --mech,-m argument
+
+ * appl/test/gssapi_server.c: print the mech that was used
+
+ * kdc/kerberos5.c (only_older_enctype_p): check request if the
+ client only supports old enctypes, before it used the database
+
+2003-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * **/*.c: add context argument to krb5_get_init_creds_opt_alloc
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add
+ context argument
+
+ * lib/krb5/krb5_get_init_creds.3: spelling
+
+2003-09-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (add_file): make len argument an pointer to
+ an integer
+
+ * lib/asn1/k5.asn1: add SAM types
+
+ * lib/krb5/init_creds_pw.c: break out the encrypt timestamp
+ preauth to its function break out the pa_data_to_key_plain to its
+ own function make more variables const
+
+2003-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt}
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: Add key usage for encryption of the
+ SAM-NONCE-OR-SAD field.
+
+ * include/make_crypto.c: include <openssl/ui.h> in the openssl
+ case
+
+ * kdc/hprop.h: use new DES_ api
+
+ * lib/krb5/krb5-v4compat.h: assume session key is a char array of
+ length 8
+
+ * lib/krb5/prompter_posix.c:
+ s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * lib/krb5/crypto.c: switch from the des_ to the DES_ api
+
+ * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block)
+
+ * kuser/kverify.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * kpasswd/kpasswd-generator.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * kdc/hprop.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare
+ a uint32_t with 0xffffffff instead of -1
+
+ * lib/krb5/krb5_425_conv_principal.3: fix [Gt]
+
+ * kuser/kinit.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle
+ password passed in though context
+
+ * lib/krb5/Makefile.am (TESTS): += test_config
+
+ * lib/krb5/aes-test.c: move variable thats used within a #ifdef to
+ be defined within that #ifdef
+
+ * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when
+ freeing it
+
+ * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros
+ out a keyblock
+
+ * lib/krb5/init_creds_pw.c: rewrite/implement
+ krb5_get_init_creds_password with new preauth handing, still it
+ can only work with krb5-pa-enc-timestamp for preauth, but now it
+ can handle etype-info2
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate
+ a opt structure
+ (krb5_get_init_creds_opt_free): free a opt structure
+ (krb5_get_init_creds_opt_set_pa_password): set preauth info for
+ enc-timestamp
+
+ * lib/krb5/krb5_locl.h: add struct
+ _krb5_get_init_creds_opt_private
+
+2003-09-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef,
+ add a pointer to a private part of krb5_get_init_creds_opt
+
+ * kdc/string2key.c (main): avoid const warning by using a extra
+ variable
+
+2003-08-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
+ reindent
+
+ * lib/krb5/ticket.c (krb5_copy_ticket): free all data when
+ failing, copy data to right memory, the later pointed out by Luke
+ Howard.
+
+2003-08-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers
+
+2003-08-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/db3.c: try to include more db headers
+
+ * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-08-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56
+
+ * appl/test/gssapi_client.c: send both INT and CONF wrapped token
+
+ * appl/test/gssapi_server.c: recv both INT and CONF wrapped token
+
+ * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
+
+2003-08-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/uu_client.c (proto): fill in client in the match cred
+
+2003-08-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers
+
+ * lib/krb5/crypto.c (usage2arcfour): simplify, only include
+ special cases From: Luke Howard <lukeh at PADL.COM>
+
+2003-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard
+ <lukeh at PADL.COM>
+
+ * lib/krb5/crypto.c (arcfour_checksum_p): return true when is
+ arcfour, not when its not pointed out by Luke Howard
+
+ * doc/ack.texi: update Luke Howard email address
+
+2003-08-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_encrypt.3: document:
+ krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
+ krb5_crypto_getenctype, krb5_crypto_getpadsize
+
+ * lib/krb5/crypto.c (krb5_crypto_getpadsize,
+ krb5_crypto_getconfoundersize): added From: Luke Howard
+ <lukeh at PADL.COM>
+
+2003-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c (handle_tcp): handle recvfrom returning 0
+ (connection closed)
+
+ * kdc/connect.c (grow_descr): increment the size after we succeed
+ to allocate the space
+
+ * lib/krb5/krb5_create_checksum.3: text about when
+ krb5_crypto_get_checksum_type is useful
+
+ * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format
+ string
+
+ * lib/krb5/krb5_create_checksum.3: document
+ krb5_crypto_get_checksum_type
+
+ * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type
+ From: Luke Howard <lukeh at PADL.COM>
+
+ * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-08-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/make_crypto.c: include aes.h inc in the local libdes
+ case too
+
+2003-08-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/asn1/der_free.c: set free'd poiners to NULL
+
+ * lib/asn1/gen_free.c: set free'd poiners to NULL
+
+2003-08-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support
+ on netbsd
+
+ * lib/krb5/crypto.c: Do the arcfour checksum mapping for
+ krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
+ <lukeh at PADL.COM>
+
+2003-08-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_config.c: check krb5_prepend_config_files_default
+ and krb5_prepend_config_files
+
+ * lib/krb5/context.c: add krb5_prepend_config_files and
+ krb5_prepend_config_files_default
+
+2003-08-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t
+ as argument
+
+ * lib/krb5/parse-name-test.c: please lint (and me)
+
+ * kdc/config.c (configure): remove only set variable 'e'
+
+ * kdc/connect.c (init_socket): sockaddr size argument to
+ krb5_addr2sockaddr is a krb5_addr2sockaddr *
+
+ * kdc/kerberos5.c (as_rep): remove usused variable
+ (tgs_rep2): don't use a temporary ret-variable, ret is reset later
+
+ * lib/krb5/krb5_get_in_cred.3: these function will be deprecated
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3
+
+ * lib/krb5/krb5_get_init_creds.3: begining of documentation of
+ krb5_get_init_creds
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with
+ with the mit implemtation, don't free `creds' argument when done,
+ its up the the caller to do that, also allow a NULL ccache.
+
+2003-08-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: document tgs_require_subkey
+
+ * lib/asn1/Makefile.am: remove trance of generate tests files, its
+ not really for consumption yet
+
+ * lib/hdb/Makefile.am: split generated source from non generated
+ source we make-proto.pl can generate prototypes for non
+ generate-source only (make-proto.pl dies on asn1compile's .c
+ files)
+
+ * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey
+ optional on configuration parameter
+ [realms]realm={tgs_require_subkey=bool}
+ defaults to off. The RFC1510 weakly defines the correct behavior,
+ so old DCE secd apparently required the subkey to be there, and MS
+ will use it when its there. But the request isn't encrypted in the
+ subkey, so you get to choose if you want to talk to a MS mdc or a
+ old DCE secd.
+
+ * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero
+
+2003-08-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/principal.c (unparse_name): len can't be zero, so,
+ don't check for that
+
+2003-08-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/principal.c (unparse_name): make sure there are space
+ for a NUL, set *name to NULL when there is a failure (so caller
+ can't get hold of a freed pointer)
+
+2003-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/kerberos.8: remove duplicate manual, from
+ cjep at netbsd.org
+
+2003-07-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/cache.c: indent
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): only read
+ KRB5CCNAME when not suid
+
+2003-07-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes,
+ use a char array instead of des_cblock
+
+2003-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2
+
+ * lib/krb5/crypto.c (hmac): make it return an error when out of
+ memory, update callsites to either return error or use krb5_abortx
+ (krb5_hmac): expose hmac
+
+2003-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype
+ of keyblock
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3
+
+ * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock
+ and related functions
+
+ * lib/krb5/heim_threads.h: make the non-debug version of the mutex
+ macros "use" the "mutex" integer so the compile wont complain
+ about defined unused variables
+
+ * lib/krb5/heim_threads.h: make thread local storage macros take a
+ "return" argument so no functions need to be created for the
+ no-pthread case
+
+ * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific
+
+ * configure.in: use KRB_PTHREADS
+
+ * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and
+ sort
+
+ * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString
+
+ * lib/krb5/krb5.3: add ticket access functions
+ * lib/krb5/krb5_ticket.3: ditto
+ * lib/krb5/ticket.c: ditto
+ * lib/krb5/Makefile.am: ditto
+
+ * lib/krb5/mit_glue.c: add some more krb5_c functions
+
+ * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions
+
+ * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type
+ is a valid one
+
+ * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented
+ error string when there is a context
+ (krb5_checksum_is_collision_proof): ditto
+
+2003-07-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data
+ argument optional
+ (krb5_c_{encrypt,decrypt}): return "better" error codes for
+ invalid ivec length
+
+ * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum
+ usage
+
+ * lib/krb5/crypto.c (krb5_crypto_getenctype): new function
+
+ * include/make_crypto.c: avoid redefining
+ OPENSSL_DES_LIBDES_COMPATIBILITY
+
+ * lib/krb5/krb5.h: add krb5_enc_data
+
+2003-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_c_ functions
+
+ * lib/krb5/mit_glue.c: support passing in NULL as the
+ cipher_state/ivec
+
+ * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and
+ krb5_c_decrypt
+
+ * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue
+
+ * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when
+ calculating the length of the encrypted data, use the keyed
+ checksum length if the enctype supports a keyed checksum. This
+ only matter for aes, for all other enctypes the key and unkeyed
+ checksum have the same length.
+
+2003-07-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/mit_glue.c: first version of krb5_c encryption glue
+
+ * doc/install.texi: update pointer to luke ldap documentation
+
+ * lib/hdb/hdb.c (hdb_create): check for dynamic backend after
+ static to avoid warning from dynamic backend when using a known
+ static backend
+
+2003-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/cache.c: don't return value in void function
+
+2003-07-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/creds.c (krb5_compare_creds): if client is specified in
+ the mcreds, check that too
+
+ * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}:
+ prefix libasn1 types with heim_
+
+ * lib/asn1: prefix typedefs and structs with heim_
+
+2003-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.c: avoid unnecessary setting of variable
+
+2003-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred
+
+ * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred
+
+ * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free
+ in the req_body addresses since they where pass in by caller
+ (find_cred): use krb5_cc_clear_mcred
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred
+
+ * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a
+ krb5_creds to use with krb5_cc_retrieve_cred
+
+2003-06-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix,
+ don't load anything
+
+2003-06-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke
+ Howard <lukeh at PADL.COM>
+
+ * lib/hdb/hdb.h: add struct hdb_so_method and
+ HDB_INTERFACE_VERSION
+
+2003-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using
+ arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since
+ Microsoft calculates the keyed checksum with the subkey of the
+ authenticator.
+
+ * kuser/kinit.c: write out v4 credential caches with
+ _krb5_krb_tf_setup
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup
+
+ * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4
+ credential to a new krb4 ticket file
+
+2003-06-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since
+ it contains more than 9 words; from wiz
+
+2003-06-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from
+ stefan sokoll <stefansokoll at yahoo.de>
+
+2003-06-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text
+
+ * lib/krb5/time.c: improve comment for krb5_set_real_time
+
+2003-06-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.1: document -A
+
+ * kuser/kinit.c: add -A as an alias for --no-addresses
+
+2003-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a
+ krb5_timestamp to krb5_us_timeofday
+
+ * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to
+ krb5_us_timeofday
+
+ * lib/krb5/time.c (krb5_set_real_time): fix comment and make it
+ work
+
+ * lib/krb5/time.c, lib/krb5/krb5_timeofday.3,
+ lib/krb5/Makefile.am lib/krb5/test_time.c:
+
+ implement krb5_set_real_time, used by SAMBA, requested by Luke
+ Howard <lukeh at PADL.COM>
+
+ * lib/asn1/k5.asn1: make the aes and sha1 checksum types match
+ draft-ietf-krb-wg-crypto-05
+
+2003-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data
+
+ * lib/krb5/crypto.c: clean up AES code to use a structure instead
+ of a key array
+ (_krb5_AES_string_to_default_iterator): set to 4096 as described in
+ aes draft -04
+ (derive_key): always remove the key->schedule since its
+ will contain the wrong (parent key) info
+
+2003-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn
+ * doc/setup.texi: add more kdc's to the example
+
+2003-06-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto
+ Patino <jalbertop at aranea.com.mx>, Luke Howard <lukeh at PADL.COM>
+ Pointed out by Andrew Bartlett of Samba
+
+ * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug
+ pthread stubs by default
+
+ * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3
+
+ * lib/krb5/krb5_free_addresses.3: removed file, functions are
+ documented in krb5_address.3
+
+ * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2
+
+ * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add
+ krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256
+
+2003-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Point out that slave needs /var/heimdal
+ directory and masterkey From: Mans Nilsson <mansaxel at sunet.se>,
+ Fix spelling while here
+
+2003-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3:
+ add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
+ krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password,
+ krb5_get_in_tkt_with_skey
+
+2003-05-28 Assar Westerlund <assar at kth.se>
+
+ * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the
+ non-threaded cases to work. Fix typo.
+
+2003-05-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of
+ "unsigned" integers. If MSB is set, we need to pad with a zero
+ byte.
+
+2003-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes
+
+ * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap
+ connection
+ (LDAP_store): remove superfluous argument to asprintf
+
+ From Alberto Patino <jalbertop at aranea.com.mx>
+
+2003-05-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/*.[0-9]: pacify mdoclink
+
+ * lib/krb5/krb5_ccache.3: document diffrences between mit and
+ heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$//
+
+2003-05-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/gssapi_server.c (proto): start to use
+ gss_krb5_copy_ccache
+
+ * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t
+ groveling for now
+
+2003-05-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1:
+ - add parser/generate glue for UTF8String and NULL
+ (DER primitive encode/decode functions missing)
+ - handle parsing of DEFAULT and, ...
+
+2003-05-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/heim_threads.h: add missing argument to mutex_init
+
+ * lib/krb5/crypto.c: protect the random initiator with a mutex
+
+ * lib/krb5/mcache.c: protect the mcc_head with a mutex
+
+ * lib/krb5/krb5_locl.h: include heim_threads.h
+
+ * lib/krb5/heim_threads.h: wrapper macros for thread
+ synchronization primitives
+
+2003-05-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_principal.3
+ lib/krb5/Makefile.am:
+ Add all Kerberos principal function to one manpage, add a few more
+ principal function to it, remove old now dup manpages
+
+ * lib/krb5/krb5_build_principal.3: remove file
+ * lib/krb5/krb5_free_principal.3: remove file
+ * lib/krb5/krb5_sname_to_principal.3: remove file
+ * lib/krb5/krb5_principal_get_realm.3: remove file
+
+2003-05-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd
+
+ * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
+ netbsd
+
+ * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort
+ sections, from netbsd
+
+ * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes,
+ from netbsd
+
+ * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
+ netbsd
+
+ * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD
+
+ * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD
+
+ * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd
+
+ * lib/krb5/get_default_realm.c: compatability -> compatibility,
+ from netbsd
+
+ * lib/krb5/krb5_warn.3: add copyright/license
+
+ * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY
+
+ * lib/krb5/krb5.3: add RCSID
+
+ * kdc/hprop.8: fix mdoc problem, from netbsd
+
+ * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner
+ <wiz at netbsd.org>
+
+ * kuser/kinit.1: setup -> set up, new sentence, new line from
+ Thomas Klausner <wiz at netbsd.org>
+
+2003-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswd.1: handle setting passwords for multiple
+ principals at the same time
+
+ * kpasswd/kpasswd.c: handle setting passwords for multiple
+ principals at the same time
+
+ * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and
+ rfc3244 share the response packet sure more constants now that
+ they exists
+
+2003-05-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: some define for rfc3244
+
+ * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password
+
+ * kpasswd/kpasswd.1: document --admin-principal
+
+ * kpasswd/kpasswd.c: use krb5_set_password
+
+ * lib/krb5/krb5_set_password.3: document krb5_change_password and
+ krb5_set_password
+
+ * lib/krb5/changepw.c: implement rfc3244, partly from
+ shadow at dementia.org
+
+ * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for
+ RFC3244
+
+ * lib/asn1/k5.asn1: add ChangePasswdDataMS, for
+ RFC3244
+
+2003-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kdestroy.c: destroy tokens even if there isn't v4 support
+
+ * kuser/kinit.c: get token even if there isn't v4 support
+
+ * kuser/klist.c: print tokens even if there isn't v4 support
+
+2003-05-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
+ tests
+
+ * lib/asn1/check-gen.c: there is no \e escape sequence; replace
+ everything with hex-codes, and cast to unsigned char* to make some
+ compilers happy
+
+2003-05-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
+ argument to krb5_us_timeofday have correct type
+
+2003-05-05 Assar Westerlund <assar at kth.se>
+
+ * include/make_crypto.c (main): include aes.h if ENABLE_AES
+
+2003-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * make-release: when fixing a valid cvs tag from release name
+ replace all number. to number- for all non-overlapping matches
+
+2003-05-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and
+ asn1_ETYPE_INFO2_ENTRY.x
+ (libasn1_la_LDFLAGS): set version to 6:1:1
+
+ * doc/Makefile.am: add apps.texi
+
+ * doc/setup.texi: add move forward link to applications
+
+ * doc/heimdal.texi: add applications
+
+ * doc/misc.texi: move afs stuff to applications add link to
+ applications
+
+ * doc/apps.texi: text about applications using kerberos
+ move afs text here
+
+2003-05-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: add cross realm text
+
+2003-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and
+ krb5_string_to_enctype
+
+2003-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd
+
+2003-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2
+ * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2
+
+2003-04-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): if the local
+ sequence number is non-zero, don't generate a new one
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is
+ non-zero, don't generate a new one
+
+ * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a
+ krb5_timestamp
+
+ * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c
+ lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and
+ RET_TIME
+
+ * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching
+ asn1)
+
+2003-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/programming.texi: s/managment/management/, from jmc
+ <jmc at prioris.mini.pw.edu.pl>
+
+2003-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (default_etypes): also advertise that we
+ handle aes encryption types
+
+ * lib/krb5/Makefile.am: add krb5_c_ checksum related functions
+
+ * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum
+ related functions
+
+ * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related
+ functions
+
+ * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
+
+2003-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krbhst.c: copy NUL too, from janj at wenf.org via openbsd
+
+2003-04-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/der_copy.c (copy_general_string): use strdup
+ * lib/asn1/der_put.c: remove sprintf
+ * lib/asn1/gen.c: remove strcpy/sprintf
+
+ * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
+ that other (me) have such hosts in the local domain and the tests
+ fails, to take hokkigai.pdc.kth.se instead
+
+ * lib/krb5/test_alname.c: add --version and --help
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_warn.3: add krb5_get_err_text
+
+ * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
+ * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
+ strlcpy, from openbsd
+ * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
+ * appl/kf/kfd.c: use strlcpy, from openbsd
+
+2003-04-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: fix for large file support in AIX, _LARGE_FILES
+ needs to be defined on the command line, since lex likes to
+ include stdio.h before we get to config.h
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
+ from Thomas Klausner <wiz at netbsd.org>
+
+ * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
+ <wiz at netbsd.org>
+
+2003-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: fix some more memory leaks
+
+2003-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/kf/kf.1: spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
+
+2003-04-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * admin/ktutil.8: typos, from jmc <jmc at acn.waw.pl>
+
+2003-04-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
+ * kuser/kinit.1: s/kerberos/Kerberos/
+ * kdc/kdc.8: s/kerberos/Kerberos/
+
+2003-04-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
+
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
+ converting too root, make sure user is ok according to
+ krb5_kuserok before allowing it.
+
+ * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
+
+ * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
+
+ * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
+ instead of the "illegal" salt #~, same change as kth-krb did
+ 1999. Problems occur with crypt() that behaves like AT&T crypt
+ (openssl does this). Pointed out by Marcus Watts.
+
+ * admin/change.c (kt_change): collect all principals we are going
+ to change, and pick the highest kvno and use that to guess what
+ kvno the resulting kvno is going to be. Now two ktutil change in a
+ row works. XXX fix the protocol to pass the kvno back.
+
+2003-03-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/kf/kf.1: afs->AFS, from jmc <jmc at acn.waw.pl>
+
+2003-03-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: add description on how to turn on v4, 524 and
+ kaserver support
+
+2003-03-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
+ and afs-use-524
+
+2003-03-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (as_rep): when the second enctype_to_string
+ failes, remember to free memory from the first enctype_to_string
+
+ * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
+ from Harald Joerg <harald.joerg at fujitsu-siemens.com>
+ (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
+
+ * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
+ length when key is longer then expected length, its probably
+ longer since the encrypted data was padded, reported by Aidan
+ Cully <aidan at kublai.com>
+
+ * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
+ encyption type, inspired by Aidan Cully <aidan at kublai.com>
+
+2003-03-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
+ (wildcard kvno) after principal when the keytab entry isn't found,
+ reported by Chris Chiappa <chris at chiappa.net>
+
+2003-03-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/misc.texi: update 2b example to match reality (from
+ mattiasa at e.kth.se)
+
+ * doc/misc.texi: spelling and add `Configuring AFS clients'
+ subsection
+
+2003-03-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_free_data_contents.3
+
+ * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
+ API
+
+ * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
+ with MIT API
+
+ * lib/krb5/krb5_verify_user.3: write more about how the ccache
+ argument should be inited when used
+
+2003-03-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/addr_families.c (krb5_print_address): make sure
+ print_addr is defined for the given address type; make addrports
+ printable
+
+ * kdc/string2key.c: print the used enctype for kerberos 5 keys
+
+2003-03-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/aes-test.c: add another arcfour test
+
+2003-03-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
+
+2003-03-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_ccache.3: update .Dd
+
+ * lib/krb5/krb5.3: sort in krb5_data functions
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
+
+ * lib/krb5/krb5_data.3: document krb5_data
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
+ prompter is NULL, don't try to ask for a password to
+ change. reported by Iain Moffat @ ufl.edu via Howard Chu
+ <hyc at highlandsun.com>
+
+2003-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_keytab.3: spelling, from
+ <jmc at prioris.mini.pw.edu.pl>
+
+ * lib/krb5/krb5.conf.5: . means new line
+
+ * lib/krb5/krb5.conf.5: spelling, from
+ <jmc at prioris.mini.pw.edu.pl>
+
+ * lib/krb5/krb5_auth_context.3: spelling, from
+ <jmc at prioris.mini.pw.edu.pl>
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
+
+ * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
+
+ * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
+ #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
+
+ * kdc/config.c: 524 is independent of kerberos 4, so move out
+ enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
+
+2003-03-17 Assar Westerlund <assar at kth.se>
+
+ * kdc/kdc.8: document --kerberos4-cross-realm
+ * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
+ * kdc/kdc_locl.h (enable_v4_cross_realm): add
+ * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
+ flag before giving out v4 tickets for foreign v5 principals
+ * kdc/config.c: add --enable-kerberos4-cross-realm option (default
+ to off)
+
+2003-03-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
+
+ * lib/krb5/krb5_aname_to_localname.3: manpage for
+ krb5_aname_to_localname
+
+ * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
+
+2003-03-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
+
+ * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
+
+ * lib/krb5/krb5_set_default_realm.3: Manpage for
+ krb5_free_host_realm, krb5_get_default_realm,
+ krb5_get_default_realms, krb5_get_host_realm, and
+ krb5_set_default_realm.
+
+ * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
+ <sobrado at acm.org> via NetBSD
+
+ * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
+
+ * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
+
+ * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
+ types, add krb5_fcc_ops and krb5_mcc_ops
+
+ * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
+ a id
+
+2003-03-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/intro.texi: add reference to source code, binaries and the
+ manual
+
+ * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
+
+2003-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kdc.8: better/difrent english
+
+ * kdc/kdc.8: . -> .\n, copyright/license
+
+ * kdc/kdc.8: changed configuration file -> restart kdc
+
+ * kdc/kerberos4.c: add krb4 into the most error messages written
+ to the logfile
+
+ * lib/krb5/krb5_ccache.3: add missing name of argument
+ (krb5_context) to most functions
+
+2003-03-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
+ function and return FALSE when there isn't a local account for
+ `luser'.
+
+ * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
+ describing the function
+
+2003-03-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
+ returned memory, don't return ENOMEM
+
+2003-03-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_address stuff and sort
+
+ * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
+
+ * lib/krb5/krb5_address.3: document types krb5_address and
+ krb5_addresses and their helper functions
+
+2003-03-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
+
+ * lib/krb5/krb5_kuserok.3: spelling, from cizzi at it.su.se
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
+
+ * lib/krb5/krb5_ccache.3: spelling, from cizzi at it.su.se
+
+ * lib/krb5/krb5.3: add more functions
+
+ * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
+ functions
+
+ * lib/krb5/krb5_kuserok.3: document krb5_kuserok
+
+ * lib/krb5/krb5_verify_user.3: document
+ krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
+
+ * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
+ krb5_verify_user_opt
+
+ * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
+
+ * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
+ return NULL
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
+ (TESTS): add test_cc
+
+ * lib/krb5/test_cc.c: test some
+ krb5_cc_default_name/krb5_cc_set_default_name combinations
+
+ * lib/krb5/context.c (init_context_from_config_file): set
+ default_cc_name to NULL
+ (krb5_free_context): free default_cc_name if set
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): new function
+ (krb5_cc_default_name): use krb5_cc_set_default_name
+
+ * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
+
+2003-02-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/kf/kf.1: s/securly/securely/ from NetBSD
+
+2003-02-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c: s/intialize/initialize, from
+ <jmc at prioris.mini.pw.edu.pl>
+
+2003-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: add AM_MAINTAINER_MODE
+
+2003-02-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * **/*.[0-9]: add copyright/licenses on all manpages
+
+2003-14-16 Jacques Vidrine <nectar at kth.se>
+
+ * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
+ PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
+ type specified by the KDC.
+
+2003-02-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: some autoconf put their version number in
+ autom4te.cache, so remove autom4te*.cache
+
+ * fix-export: make sure $1 is a directory
+
+2003-02-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.8: spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
+
+ * kdc/kdc.8: spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
+
+2003-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/hpropd.8: s/databases/a database/ s/Not/not/
+
+ * kdc/hprop.8: add missing .
+
+2003-01-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
+ address, write out encryption type in sentences, s/Host/host
+
+2003-01-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/check-gen.c: add checks for Authenticator too
+
+2003-01-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: in the hprop example, use hprop and the first
+ component, not host
+
+ * lib/krb5/get_addrs.c (find_all_addresses): address-less
+ point-to-point might not have an address, just ignore
+ those. Reported by Harald Barth.
+
+2003-01-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
+ found, don't print out all known keys
+
+ * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
+ and facility start resp
+ (check_log): find_value() returns -1 when key isn't found
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
+ 'const void *' to avoid AES_KEY being exposed in krb5-private.h
+
+ * lib/krb5/krb5.conf.5: add [kdc]use_2b
+
+ * kdc/524.c (encode_524_response): its 2b not b2
+
+ * doc/misc.texi: quote @ where missing
+
+ * lib/asn1/Makefile.am: add check-gen
+
+ * lib/asn1/check-gen.c: add Principal check
+
+ * lib/asn1/check-common.h: move generic asn1/der functions from
+ check-der.c to here
+
+ * lib/asn1/check-common.c: move generic asn1/der functions from
+ check-der.c to here
+
+ * lib/asn1/check-der.c: move out the generic asn1/der functions to
+ a common file
+
+2003-01-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/misc.texi: more text about afs, how to get get your KeyFile,
+ and how to start use 2b tokens
+
+ * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
+ <jmc at cvs.openbsd.org>
+
+2003-01-21 Jacques Vidrine <nectar at kth.se>
+
+ * kuser/kuser_locl.h: include crypto-headers.h for
+ des_read_pw_string prototype
+
+2003-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * admin/ktutil.8: document -v, --verbose
+
+ * admin/get.c (kt_get): make getarg usage consistent with other
+ other parts of ktutil
+
+ * admin/copy.c (kt_copy): remove adding verbose_flag to args
+ struct, since it will overrun the args array (from Sumit Bose)
+
+2003-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
+ ... }
+
+ * lib/krb5/aes-test.c: test vectors in aes-draft
+
+ * lib/krb5/Makefile.am: add aes-test.c
+
+ * lib/krb5/crypto.c: Add support for AES
+ (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
+ (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
+ to support checksumtype that are have a shorter wireformat then
+ their output block size.
+
+ * lib/krb5/crypto.c (struct encryption_type): split the blocksize
+ into blocksize and padsize, padsize is the minimum padding
+ size. they are the same for now
+ (enctype_*): add padsize
+ (encrypt_internal): use padsize
+ (encrypt_internal_derived): use padsize
+ (wrapped_length): use padsize
+ (wrapped_length_dervied): use padsize
+
+ * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
+ function for each enctype in preparation enctypes that uses
+ `Encryption and Checksum Specifications for Kerberos 5' draft
+
+ * lib/asn1/k5.asn1: add checksum and enctype for AES from
+ draft-raeburn-krb-rijndael-krb-02.txt
+
+ * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
+ KEYTYPE_AES256
+
+2003-01-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/common.c (_hdb_fetch): handle error code from
+ hdb_value2entry
+
+ * kdc/Makefile.am: always include kerberos4.c and 524.c in
+ kdc_SOURCES to support 524
+
+ * kdc/524.c: always compile in support for 524
+
+ * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
+
+ * kdc/config.c: always compile in support for 524
+
+ * kdc/connect.c: always compile in support for 524
+
+ * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
+ even when we build without kerberos 4, 524 needs them
+
+ * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
+ Kerberos 4 help functions/structures so other parts of the source
+ tree can use it (like the KDC)
+
Added: vendor-crypto/heimdal/dist/ChangeLog.2004
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2004 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2004 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1485 @@
+2004-12-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for
+ now (used in pkinit)
+
+2004-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/Makefile.am: add CHECK_SYMBOLS
+
+ * lib/hdb/keys.c: make all_etypes static
+
+ * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err
+ -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops
+
+ * kdc/kerberos5.c: use private version of principalname
+
+ * kdc/kerberos4.c: use private version of principalname
+
+ * kdc/hpropd.c: use private version of principalname
+
+ * kdc/524.c: use private version of principalname
+
+ * lib/krb5/rd_req.c: use private version of principalname
+
+ * lib/krb5/rd_cred.c: use private version of principalname
+
+ * lib/krb5/init_creds_pw.c: use private version of principalname
+
+ * lib/krb5/get_in_tkt.c: use private version of principalname
+
+ * lib/krb5/asn1_glue.c: make principalname functions private
+
+ * lib/krb5/krb5.h: add key usage for server referrals
+
+2004-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/principal.c: make default_v4_name_convert static
+
+ * lib/krb5/crypto.c: make lots of crypto related variables static
+
+ * lib/krb5/acache.c: make default_acc_name static
+
+2004-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: add some text about samba, use example.com
+
+ * lib/hdb/hdb-ldap.c: Add account expiration for samba from James
+ F. Hranicky <jfh at cise.ufl.edu>.
+ Add LDAP_addmod_integer and use it.
+
+2004-12-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text
+ fixes, from Dave Love
+
+2004-12-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just
+ needs pthread.h, threadlib is dead
+
+2004-12-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/config.c (configure): check for deprecated
+ enforce-transited-policy is set and fail if it is
+
+ * lib/asn1/asn1_print.c: don't print garabage for octet strings
+
+2004-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/main.c (main): catch sigpipe, we don't bother select()ing
+ for errors
+
+ * kdc/connect.c (handle_http_tcp): handle error from write(2)
+
+ * doc/setup.texi: clarify credentials refreshing stuff
+
+ * doc/setup.texi: add new node: Providing Kerberos credentials to
+ servers and programs
+
+ * doc/whatis.texi: fix spurious cross-reference makeinfo warning
+
+ * lib/hdb/hdb-ldap.c (pos): uppercase in character
+
+2004-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode
+ nibbels in the other order
+
+ * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if
+ attribute exists before we try to delete it LDAP__bytes2hex
+ encodes in strange byte order, is this really right ?
+
+2004-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all
+ entries, search for samba accounts too, From: "James F. Hranicky"
+ <jfh at cise.ufl.edu>
+
+ * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid
+ too
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing
+ both krb5PrincipalName and uid, it must be broken, ignore it and
+ return it doesn't exists.
+
+2004-12-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/hpropd.8: spelling, from OpenBSD
+
+ * kdc/kdc.8: use keeps for options, From OpenBSD k
+
+2004-12-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: document --random-key and the need to do backup
+ of the master key
+
+ * kdc/kstash.8: add --random-key
+
+ * kdc/kstash.c: add --random-key
+
+2004-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.8: spelling, from openbsd
+
+ * lib/krb5/krb5_init_context.3: spelling, from openbsd
+
+ * lib/krb5/krb5.conf.5: spelling, from openbsd
+
+ * kuser/kdestroy.1: use keeps around options, spelling, from
+ openbsd
+
+ * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD
+
+ * kdc/hpropd.8: use keeps around options, from OpenBSD
+
+ * kdc/hprop.8: use keeps around options, from OpenBSD
+
+2004-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (krb5_free_context): clear error string
+ before destroying mutex
+ (krb5_init_context): don't call krb5_free_context before there is a
+ mutex initialized
+
+2004-11-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c (get_new_tickets): only complain about ticket
+ renewable lifetime when the user asked for a specific renewable
+ lifetime
+
+2004-11-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (find_keys): log what principal is missing
+ enctypes
+
+2004-11-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after
+ freeing data
+
+ * lib/krb5/init_creds_pw.c (change_password): handle old_options
+ being NULL From Guenther Deschner on samba-technical.
+
+2004-11-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: add more text describing the
+ krb5_get_init_creds functions
+
+2004-11-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work
+ again
+
+2004-11-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.asn1: use constrained integers
+
+2004-11-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: add description for opt_init,
+ opt_alloc, opt_free
+
+ * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit
+
+ * lib/krb5/init_creds.c: unexport
+ krb5_get_init_creds_opt_free_pkinit
+
+ * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into
+ get_init_creds_common
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in
+ options NULL, just make a clean copy
+
+2004-11-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier
+ so we don't leak it on error
+
+2004-10-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: unbreak 2b entry
+
+ * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a
+ sockaddr but rather a kerberos address, deal with that. Based on
+ bug report from Jakob Schlyter <jakob at rfc.se>.
+
+2004-10-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c: Make sure argument passed to ctype isn't signed
+ char
+
+2004-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: match new error names
+
+ * lib/krb5/krb5_err.et: make error messages sane again
+
+2004-10-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab.c: use KRB5_KT_BADNAME
+
+ * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major
+ version bump) add KRB5_DELTAT_BADFORMAT
+
+ * lib/krb5/krb5.conf.5: time defaults to "s"
+
+ * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again,
+ MIT's behavior was actually that it failed to parse the number
+ (and thus used the default). Even better, ticket_lifetime (that
+ was a consumer supposed a of the interface) was documented but
+ never implemented, when it was implemented, people configuraiton
+ files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a
+ failure code.
+
+ * lib/asn1/k5.asn1: sync enctypes with pkinit branch
+
+ * lib/asn1/parse.y (readd) support negative numbers
+
+ * lib/asn1/lex.l: support hex numbers
+
+2004-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS
+
+ * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding
+ for rc2 don't to padding for blocksize 1
+
+ * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c:
+ Move keyset parsing and password based keyset generation into hdb.
+ Requested by Andrew Bartlett <abartlet at samba.org> for hdb-ldb
+ backend.
+
+2004-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: adapt to new signature of
+ krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/pkinit.c: free openssl engine deal with
+ RecipientIdentifier -> CMSIdentifier and heim_any -> name change
+ improve error messages
+
+ * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier
+ -> CMSIdentifier and heim_any -> name change
+
+2004-10-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/klist.c: use rtbl_set_separator
+
+2004-10-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse
+ user options first
+
+ * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add
+ openssl engine support for private key
+
+ * lib/krb5/crypto.c: support padding as its done in CMS
+
+ * kdc/pkinit.c: improve error logging
+
+ * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt
+
+2004-09-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: assume minutes for time
+
+ * lib/krb5/config_file.c (krb5_config_vget_time_default): use
+ krb5_string_to_deltat
+
+ * lib/krb5/appdefault.c (krb5_appdefault_time): use
+ krb5_string_to_deltat
+
+ * lib/krb5/time.c (krb5_string_to_deltat): set default unit to
+ minute for compatibility with MIT Kerberos.
+
+
+2004-09-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large
+ message safe" transport if we get back
+ KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner
+ <gd at sernet.de>
+
+2004-09-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin/list.c: use rtbl
+
+ * admin/ktutil-commands.in: slc source file
+
+ * lib/krb5/constants.c: check
+ /Library/Preferences/edu.mit.Kerberos on OSX
+
+2004-09-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/time.c (krb5_format_time): check return value from
+ localtime and strftime
+
+2004-09-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: make sure we don't always get renewable creds
+
+2004-09-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acache.c: use krb5_ccapi.h
+
+ * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to
+ separate (not installed) file
+
+ * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS
+ since AM_CPPFLAGS overridden by target specific _CPPFLAGS
+
+2004-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: make variable shorter, make error messages
+ from pkinit, make freeing easier
+
+2004-09-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen
+
+ * lib/krb5/crypto.c (seed_something): avoid poking at memory that
+ is uninitialized, make valgrind unhappy. Pointd out by
+ abartlet at samba.org. While where, plug the fd leak.
+
+2004-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/der_get.c (decode_*): name all tag-length variables the
+ same
+ (decode_enumerated): check that the tag-length is not longer the length
+
+ * lib/asn1/der_get.c (decode_boolean): fail if length of tag is
+ larger then len
+
+2004-08-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be
+ set in case of failure too, free unconditionally on exit to avoid
+ memory leak
+
+2004-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after
+ free
+
+2004-08-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (krb5_get_err_text): if neither of com_right
+ nor strerror finds the error-code, return Unknown error.
+
+2004-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5_kuserok.3: update to reality
+
+ * lib/krb5/kuserok.c: if a .k5login file exist, don't give
+ implicit rights to anyone; also check owner/mode of .k5login
+
+2004-08-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3
+
+ * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname
+
+ * lib/krb5/krb5.3: add krb5_getportbyname
+
+ * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid
+
+ * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid
+
+2004-08-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes
+ from the client and filter them out.
+
+ * lib/krb5/krb5_string_to_key.3: document krb5_free_salt
+
+2004-08-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_ticket.3: data needs to be freed when using
+ krb5_ticket_get_authorization_data_type
+
+2004-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_cc.c: test variables in default_cc_name
+
+ * lib/krb5/krb5.conf.5: explain support for varibles in
+ [libdefaults]default_cc_name
+
+ * lib/krb5/cache.c: drop ${time}, its not very useful
+
+ * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand
+ variables in the default cc name. Supported variables now are:
+ ${time},${uid} and ${null}
+
+ * lib/krb5/krb5.conf.5: document default_cc_name
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name):
+ s/libdefault/libdefaults/
+
+2004-08-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acache.c: replace magic 3 with ccapi_version_3
+
+ * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c
+
+ * lib/krb5/krb5.h: add krb5_acc_ops
+
+ * lib/krb5/acache.c: CCAPI v3 implementation, the read only
+ support was from Magnus Ahltorp and then extended by me to support
+ all other operations. Tested with MIT kerberos cc cache
+ implementation on MacOS 10.3.3
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the
+ default cc name, this is not very useful for general purpose glue
+ since its not possible to glue in user information (like uid), but
+ for CCAPI it works just fine
+
+2004-08-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kgetcred.1: document --cache/-c
+
+ * kuser/kgetcred.c: allow to specify what credential cache to use
+
+2004-08-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3
+
+ * lib/krb5/krb5_eai_to_heim_errno.3: document
+ krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
+
+ * lib/krb5/krb5.3: add krb5_eai_to_heim_errno,
+ krb5_h_errno_to_heim_errno
+
+2004-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms
+ result should be free with krb5_free_host_realm drop
+ krb5_get_host_realm text
+
+ * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result
+ should be free with krb5_free_host_realm
+
+ * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep
+
+ * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds
+
+ * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_rd_error
+
+ * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends
+
+ * lib/krb5/krb5_warn.3: clarify on what string
+ krb5_free_error_string should operate on
+
+ * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred
+
+ * lib/krb5/Makefile.am: krb5_get_credentials,
+ krb5_get_forwarded_creds and friends
+
+ * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds
+ and friends
+
+ * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and
+ friends
+
+2004-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/klist.c (print_cred_verbose): keytypes are no longer, use
+ enctype
+
+2004-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
+ compilers, From metze at samba.org
+
+2004-07-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_cc.c: more cc tests
+
+ * lib/krb5/krb5_check_transited.3: document krb5_check_transited
+
+2004-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
+ principal in cert work From: Mayur Patel <patelm4 at rpi.edu>
+
+2004-07-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: add krb5_verify_init_creds.3
+
+ * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
+
+2004-07-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_set_password.3: spelling from wiz at netbsd.org
+ description for krb5_passwd_result_to_string
+
+2004-07-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
+ fixes; split sentence in two for better understanding. From
+ wiz at NetBSD.org. Describe krb5_set_password_using_ccache while here.
+
+ * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
+ Stone <jonathan at dsg.stanford.edu>
+
+ * lib/krb5/changepw.c (process_reply): cast ssize_t to long and
+ print that From NetBSD via Havard Eidnes.
+
+2004-07-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: fix helpstring for hdb-openldap-module
+
+ * lib/krb5/test_cc.c: don't use krb5_err on error code 0
+
+2004-07-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
+
+2004-07-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
+
+2004-07-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
+ right argument
+
+2004-06-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
+ krbtgt is without addresses, default to not sending our own
+ addrport
+
+ * lib/asn1/lex.l: add support for /* */ and partial line --
+ comments
+
+ * kuser/Makefile.am: don't install copy_cred_cache manpage
+
+2004-06-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
+ copying a static opt, make sure to allocate the "private" field
+
+2004-06-24 Love <lha at stacken.kth.se>
+
+ * kdc/config.c: add enable_pkinit_princ_in_cert
+
+ * kdc/kdc_locl.h: enable_pkinit_princ_in_cert
+
+ * kdc/pkinit.c: Check certificate for Kerberos Principal in
+ OtherName of subjectAltName Based on patch from Mayur Patel
+ <patelm4 at rpi.edu>
+
+2004-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
+ session key for authorization-data
+
+2004-06-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c (handle_tcp): note who is what that closed the
+ connection on us
+
+2004-06-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * admin/get.c (kt_get): catch errors from krb5_parse_name
+
+2004-06-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: if its the entry just contains the
+ structural object (no samba nor heimdal object), add an aux
+ heimdal object on to it.
+
+2004-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswd.c: use krb5_set_password_using_ccache
+
+ * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
+
+ * lib/krb5/changepw.c: implement krb5_set_password_using_ccache
+
+ * lib/hdb/hdb-ldap.c: Allow the objectClass to be
+ "sambaSamAccount" or structural_object when searching for uid
+ entries.
+
+ * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
+
+ * lib/hdb/hdb-ldap.c: add creation base that defaults to the
+ search base
+
+ * lib/hdb/hdb-ldap.c: indent like the rest of the code
+
+2004-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: check return values from ldap operations and
+ close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
+ should retry by yourself.
+
+ * lib/hdb/hdb-ldap.c: require search base to be configured, create
+ local context structure
+
+2004-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: more ldap text, partly from Tarjei Huse
+ <tarjei at nu.no>
+
+2004-05-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: clean, indent
+
+ * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
+ krb5KeyVersionNumber is added on new entires
+
+2004-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: minor fixes, partly from Tarjei Huse
+ <tarjei at nu.no>
+
+ * lib/krb5/krb5.conf.5: some text about dbname and realm
+
+ * lib/krb5/krb5.conf.5: default value for
+ hdb-ldap-structural-object is account
+
+2004-05-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/Makefile.am: use ! instead of , as sed delimiter
+
+2004-05-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions
+
+2004-05-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
+
+ * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
+ option
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
+ Andrew Bartlett <abartlet at samba.org>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
+ check From: Andrew Bartlett <abartlet at samba.org>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
+ case, make sure ent->etypes are allocated, From: Andrew Bartlett
+ <abartlet at samba.org>
+
+2004-05-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: move "setpag if (argc < 1)" to common path
+
+2004-05-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
+
+ * fix-export: use right argument for -E
+
+2004-05-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/kinit.c: print some diagnostics if the exec fails
+
+2004-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
+ From: Luke Howard <lukeh at padl.com>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
+ not just a pointer size of it From: Luke Howard <lukeh at padl.com>
+
+2004-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: add -E flag where needed to make-proto
+
+2004-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c: add set_param for RC2
+
+ * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
+ that are no longer needed
+
+ * kdc/pkinit.c: use krb5_enctype_to_oid
+
+ * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
+ before we compare with it
+
+ * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
+ before returning it add aes-oids
+
+ * lib/krb5/crypto.c: add krb5_enctype_to_oid and
+ krb5_oid_to_enctype
+
+ * kdc/pkinit.c: use krb5_crypto_set_params
+
+ * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none
+
+ * lib/krb5/krb5.h: add KEYTYPE_AES192
+
+ * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
+ kcrypto RC2 support
+
+ * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
+ rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
+ broken
+
+ * lib/krb5/krb5.h: add KEYTYPE_RC2
+
+ * lib/krb5/crypto.c: add partial CMS parameter handling, this is
+ needed for RC2
+
+ * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
+
+ * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
+
+ * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
+
+ * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
+
+ * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
+ rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken
+
+2004-04-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/config_file.c: allow parsing directly from strings with
+ krb5_config_parse_string_multi
+
+ * lib/krb5/verify_krb5_conf.c: try to resolve hostnames
+
+2004-04-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
+ descriptor so we don't have to keep track of it in two places
+
+ * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
+ libkrb5
+
+ * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
+ own manpage
+
+ * replace krb5_free_creds_contents by krb5_free_cred_contents
+
+ * lib/krb5/cache.c: add krb5_cc_next_cred_match() and
+ krb5_cc_copy_cred_match()
+
+ * lib/krb5/creds.c (krb5_compare_creds): add more matching options
+
+ * lib/krb5/krb5.h: add more creds match flags
+
+ * kuser/copy_cred_cache: add --valid-for option
+
+ * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
+ of second ticket is > 0
+
+2004-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: use the right oid for pkauthdata
+
+ * lib/krb5/pkinit.c: always send both win2k compat version and the
+ ietf draft one, this is possible since microsoft use
+ wrong/diffrent PA number. Make the configuration flag boolean
+ configuring if NOT to send the win2k compat glue.
+
+ * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec
+
+ * kuser/copy_cred_cache.1: pacify mdoclint
+
+ * kdc/pkinit.c: use IV for envelopeddata encryption, patch
+ originally from Luke Howard <lukeh at padl.com>, tweeked by me.
+
+ * lib/krb5/krb5_storage.3: document
+ KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
+
+ * lib/krb5/krb5_data.3: document that krb5_data_free cleans the
+ structure too
+
+ * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
+ originally from Luke Howard <lukeh at padl.com>, tweeked by me.
+
+2004-04-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * kuser/copy_cred_cache.{c,1}: add cred cache copy tool
+
+ * configure.in: use rk_SYS_LARGEFILE
+
+ * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
+ issue with a storage flag instead of a separate function.
+
+2004-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: move out the oid check from get_reply_key
+
+ * lib/krb5/pkinit.c: uniquify error messages
+
+ * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
+ plain nonce for now
+
+ * lib/krb5/pkinit.c: more w2k compat from Luke Howard
+ <lukeh at padl.com> add RC2 support, clean up error messages
+
+ * lib/krb5/pkinit.c: remove more dependency on
+ krb5_config->pkinit_flags
+
+ * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
+ style answer to IETF, From Luke Howard <lukeh at padl.com>
+ (_krb5_pk_create_sign): ms handles NULL in param, so always send it
+ (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
+ digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
+ new function _set_digest_alg to set it
+
+2004-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/make_crypto.c: include rc2.h, and when I'm here, make
+ aes mandatory
+
+ * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
+ kerberos
+
+ * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
+ failure
+
+ * lib/krb5/crypto.c (DES3_random_to_key): make it produce the
+ right result
+ (DES3_postproc): use DES3_random_to_key
+ (krb5_random_to_key): check the required number of bits (not the size
+ of the key)
+
+ * lib/krb5/aes-test.c: test random to key function
+
+ * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
+ now
+
+2004-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_string_to_key.3: document that
+ krb5_string_to_key_derived is broken for non 3des enctypes and
+ thus deprecated
+
+ * kdc/pkinit.c (generate_dh_keyblock): use the new function
+ krb5_random_to_key
+
+ * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
+ need special processing
+
+ * lib/krb5/crypto.c (krb5_random_to_key): new function
+
+ * lib/krb5/krb5_keyblock.3: document krb5_random_to_key
+
+2004-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: use the first proposed enable enctype
+
+ * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
+ return from krb5_enctype_valid
+
+ * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
+
+2004-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
+ components being smaller then 127 and allocate one extra element
+ since first byte is split to to elements.
+
+2004-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
+ private use, lukeh at padl.com
+
+2004-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
+ DH public key
+
+2004-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_init_context.3: add krb5_context to so its added
+ as manpage-link too
+
+2004-04-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
+ XXX add locking
+
+ * kuser/kdestroy.c: add --credential argument that just remove one
+ credential entry out of the cache specified
+
+ * kdc/pkinit.c: replace the krb5.conf configuration option that
+ describes the mapping between principals and subject names with a
+ file, default /var/heimdal/pki-mapping. XXX this should be pushed
+ into HDB. XXX should add issuer too
+
+ * kdc/config.c: merge certificate/private_key to a user_id
+
+2004-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kdc_locl.h: update prototype for pk_initialize
+
+ * kuser/kinit.c: merge certificate/private_key to a user_id
+
+ * kdc/pkinit.c: adapt to heim_integer changes
+
+ * lib/krb5/pkinit.c: merge certificate/private_key to a user_id
+
+ * kdc/pkinit.c: adapt to heim_integer changes,
+ merge certificate/private_key to a user_id
+
+2004-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
+
+2004-04-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
+ libkrb5.la, add KRB5_LIB_FUNCTION proto
+
+ * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
+
+ * configure.in: export KRB5_LIB_FUNCTION when building with
+ BUILD_KRB5_LIB
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
+ error strings
+
+ * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
+ is printed on stderr, fflush it
+
+ * lib/krb5/krb5_keyblock.3: free functions also zeros out the key
+
+ * lib/krb5/krb5_get_init_creds.3: some text about
+ krb5_prompter_posix
+
+ * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
+
+ * lib/krb5/cache.c: add krb5_cc_get_prefix_ops
+
+ * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
+
+2004-04-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/http_client.c: support GSS_C_DELEG_FLAG and
+ GSS_C_MUTUAL_FLAG
+
+ * appl/test/http_client.c: verbose logging
+
+2004-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c: case size_t to unsigned long for LP64 platforms
+
+2004-04-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
+ default structural object
+
+ * tools/Makefile.am: handle sed expression breaking
+
+2004-03-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
+
+ * lib/krb5/changepw.c: add tcp support to the set protocol, should
+ be cleaned up to enable sharing code with krb5_sendto
+
+ * kpasswd/kpasswd.c (change_password): remove extra free
+
+ * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
+ osf/1
+
+2004-03-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
+ increase md->len, krb5_padata_add already does that
+
+ * lib/krb5/init_creds.c: its PAC not PAQ
+
+ * kuser/kinit.c: its PAC not PAQ
+
+ * kdc/kerberos4.c: stop the client from renewing tickets into the
+ future From: Jeffrey Hutzelman <jhutz at cmu.edu>
+
+2004-03-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: try to handle sys/strtty.h needing sys/stream.h
+
+2004-03-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
+ longer used
+
+ * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
+
+ * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
+ external users by prefixing it with _
+
+ * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
+
+ * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
+ users by prefixing it with _
+
+2004-03-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: add missing }
+
+2004-03-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: adapt to change of signature of
+ _krb5_pk_load_openssl_id
+
+ * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
+ prompter argument and use it
+
+ * kuser/kinit.c: adapt to signature change of
+ krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/krb5.3: add more stuff, 105 functions to go
+
+ * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
+
+ * lib/krb5/krb5_rcache.3: framework for replay cache manpage
+
+ * lib/krb5/krb5_string_to_key.3: document string to key functions
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
+ krb5_find_padata.3 krb5_generate_random_block.3
+
+ * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
+
+ * lib/krb5/krb5.3: add some more, 137 to go
+
+ * lib/krb5/krb5_principal.3: document krb5_get_default_principal
+
+ * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
+
+ * lib/krb5/krb5_generate_random_block.3: document
+ krb5_generate_random_block
+
+ * lib/krb5/krb5_find_padata.3: document padata functions
+
+ * lib/krb5/krb5.3: add some more, 142 to go
+
+ * lib/krb5/krb5_creds.3: drop .Pp before .Sh
+
+ * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
+
+ * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
+ and krb5_expand_hostname_realms
+
+ * lib/krb5/krb5.3: add more functions, 147 to go
+
+ * lib/krb5/krb5_creds.3: document krb5_creds
+
+ * lib/krb5/krb5_get_init_creds.3: add more functions, some more
+ text
+
+ * lib/krb5/krb5_ticket.3: document
+ krb5_ticket_get_authorization_data_type
+
+2004-03-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/aes-test.c: remove #if 0'ed code
+
+ * lib/krb5/krb5.3: add keyblock functions, 177 functions to go
+
+ * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
+
+ * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
+
+ * lib/krb5/krb5_config.3: document krb5_config_free_strings and
+ krb5_config_file_free
+
+ * lib/krb5/krb5_create_checksum.3: add krb5_hmac
+
+ * lib/krb5/krb5.3: add keyblock functions, 190 functions to go
+
+ * lib/krb5/krb5_keyblock.3: update .Dd
+
+ * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
+ krb5_generate_random_keyblock
+
+ * lib/krb5/krb5_init_context.3: add krb5_init_ets
+
+ * lib/krb5/krb5_config.3: add more krb5_config_ functions and
+ prototypes
+
+ * lib/krb5/krb5_init_context.3: document context modifcation
+ functions: address list, config file, use admin kdc, fcc version
+
+ * lib/krb5/krb5_storage.3: document krb5_storage and related
+ functions
+
+ * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
+ manpages and test_acl test program
+
+ * lib/krb5/krb5.3: add error string functions and sort
+
+ * lib/krb5/krb5_warn.3: document krb5_abort and error string
+ functions
+
+ * lib/krb5/krb5.3: add missing functions, only 285 left to
+ document
+
+ * lib/krb5/krb5_crypto_init.3: remove various enctype related
+ function
+
+ * lib/krb5/krb5_encrypt.3: add various enctype related function
+ here
+
+ * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
+ krb5_cksumtype_valid
+
+ * lib/krb5/crypto.c: real return values for
+ krb5_{enctype,cksumtype}_valid
+
+ * lib/krb5/krb5_create_checksum.3: add some functions and
+ descriptions
+
+ * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
+
+ * lib/krb5/krb5_auth_context.3: document
+ krb5_auth_con_generatelocalsubkey
+
+ * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
+
+ * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
+
+ * lib/krb5/krb5_init_context.3: document krb5_add_et_list
+
+ * lib/krb5/krb524_convert_creds_kdc.3: document
+ krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
+
+ * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
+
+ * lib/krb5/test_acl.c: test for generic acl code
+
+ * lib/krb5/acl.c: plug memory leak on file matching,
+ make it not fall over when no non matching acl,
+ make fnmatch matching useful by switching arguments
+
+2004-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/config.c: add --builtin-hdb command
+
+ * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
+ backends
+
+ * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
+ documentation
+
+ * doc/win2k.texi: fix bugs in examples, add more restrictions, use
+ example.com as an example. From: Pavel Ferdan
+ <xferdan at informatics.muni.cz>
+
+2004-03-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
+ password_lifetime; from Henry B. Hotz
+
+2004-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
+ is set send subkey
+ (generate if needed)
+
+ * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
+
+2004-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
+ and free memory in error path, assume realloc(NULL, ...) works,
+ factor out common code, indent
+
+2004-03-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: understand [password_quality]
+ spelling
+
+ * kuser/kgetcred.1: document --canonicalize
+
+ * kuser/kgetcred.c: add --canonicalize
+
+2004-03-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/fcache.c (fcc_store_cred): NULL terminate
+ krb5_config_get_bool_default' arglist
+
+2004-03-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
+
+ * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
+
+ * kdc/pkinit.c: pass client hdb_entry to pk_check_client
+
+ * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
+
+ * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
+ more like that language in RFC3280
+
+ * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
+ its more like that language in RFC3280
+
+ * lib/krb5/krb5.conf.5: document
+ [libdefaults]fcc-mit-ticketflags=boolean
+
+ * lib/krb5/fcache.c (fcc_store_cred): use
+ [libdefaults]fcc-mit-ticketflags=boolean to decide what format to
+ write the fcc in. Default to mit version (aka heimdal 0.7)
+
+ * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
+ _krb5_store_creds_heimdal_pre_0_7 that store the creds in just
+ that format make krb5_store_creds default to mit format
+
+ * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
+ the higher bits of the bitfield
+
+2004-03-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c (krb5_store_creds): add disabled code that
+ store the ticket flags in reverse order
+ (bitswap32): new function
+
+ * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
+ are set, its a mit cache, reverse the bits, bug pointed out by
+ Sergio Gelato <Sergio.Gelato at astro.su.se>
+
+2004-03-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
+
+ * kuser/kinit.c: when running kinit with a subprocess, fetch new
+ tickets after half the tickets lifetime
+
+ * lib/hdb/hdb.c: spelling
+
+ * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
+ password database. From: Andrew Bartlett <abartlet at samba.org>
+
+ * kdc/config.c: add --disable-DES
+
+ * kdc/kdc.8: document --detach and --disable-DES
+
+ * kdc/kerberos5.c: check if enctype is disabled before using it
+
+ * lib/krb5/crypto.c: add support for disabling checksum/encryption
+ types
+
+ * tools/kdc-log-analyze.pl: add more cases
+
+ * kdc/connect.c: on strange tcp error; log local port number and
+ socket type
+
+ * lib/asn1/der.h: fix prototype of encode_utf8string
+
+ * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
+
+ * lib/asn1/lex.l: added dummy parsing of CHOICE
+
+ * lib/asn1/parse.y: added dummy parsing of CHOICE
+
+ * lib/asn1/k5.asn1: drop SMTP_NAME
+
+2004-03-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/Makefile.am: support building ldap backend as module
+ sort asn1 hdb files
+
+ * lib/hdb/hdb.c: when building ldap as a shared module, don't
+ include it in the list
+
+ * configure.in: add --enable-hdb-openldap-module
+
+ * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
+ module
+
+ * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
+ Bartlett <abartlet at samba.org>
+
+ * lib/krb5/crypto.c (decrypt_internal_special): do not not modify
+ the original data test case from Ronnie Sahlberg
+ <ronnie_sahlberg at ozemail.com.au>
+
+2004-03-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_cc.c: more cc tests, mostly related to mcc
+ behavior
+
+ * lib/krb5/mcache.c (mcc_get_principal): also check for
+ primary_principal == NULL now that that isn't used as dead flag
+
+ * lib/krb5/mcache.c: don't overload the primary_principal == NULL
+ as dead since that doesn't always work. Based on patch from
+ Jeffrey Hutzelman <jhutz at cmu.edu>, tweeked by me
+
+2004-02-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
+
+ * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
+
+ * lib/hdb/db3.c: fix all db >= 4.1 cases
+
+ * doc/setup.texi: add text about hostname to realm mapping using
+ DNS
+
+2004-02-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: update error codes
+
+ * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_
+
+ * lib/krb5/pkinit.c: update error codes
+
+2004-02-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
+
+ * lib/krb5/store.c: handle memory allocate errors
+
+ * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
+ and don't put an error in the error strings then
+
+2004-02-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: s/heim_big_integer/heim_integer/
+
+ * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
+
+ * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
+
+ * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
+ errors
+
+ * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
+
+2004-02-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: rename AC_WFLAGS to rk_WFLAGS
+
+ * acinclude.m4: use m4_define, over-quote string
+
+2004-02-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (change_password): handle that
+ printf("%.*s", 0, (void*)NULL); doesn't work on solaris
+
+2004-02-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
+ 0, (void*)NULL); doesn't work on solaris
+
+ * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
+ some locate.updatedb, use FILES section to describe where the file
+ is instead.
+
+2004-02-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
+ for certain negative integers, it got the length wrong" , from
+ Panasas, Inc.
+
+ * lib/asn1/der_length.c: Fix len_unsigned for certain negative
+ integers, it got the length wrong, fix from Panasas, Inc.
+
+ rename len_int and len_unsigned to _heim_\&
+
+ * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
+
+2004-02-06 Dave Love <d.love at dl.ac.uk>
+
+ * configure.in: Check for sys/socket.h, net/if.h. Modify term.h,
+ security/pam_appl.h tests.
+
+2004-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
+ up the size of all the elements, don't use just the size of the
+ last element.
+
+ * lib/krb5/aes-test.c: add "next iv" test for aes128, check
+ decryption case too
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
+ the next to last block, fix decryption case too
+
+ * lib/krb5/aes-test.c: add "next iv" test for aes128
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
+ the next to last block
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
+ error
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
+ error
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
+ encode error
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
+ error
+
+ * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
+ encode error
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): abort on
+ internal asn1 encode error
+
+ * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
+ asn1 encode error
+
+2004-01-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: some text about order of [capaths] realms
+
+2004-01-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c: register WRFILE ops
+
+ * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
+
+ * lib/krb5/krb5.h: add krb5_wrfkt_ops
+
+ * kpasswd/kpasswdd.c (change): use the right password when
+ changing the password
+
+2004-01-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
+ means that the filesystem doesn't support locking
+
+ * lib/krb5/keytab.c: remove #if 0 out file locking code
+
+2004-01-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
+ size of all the elements, don't use just the size of the last
+ element.
+
+2004-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c (renew_validate): if renewable_flag and not time
+ specifed, use "1 month"
+
+2004-01-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_keyblock.3: add prototypes, describe
+ krb5_keyblock_zero
+
+2004-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_for_creds.c (add_addrs): don't add same address
+ multiple times
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
+ handle errors better for previous commit
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
+ are address-less, forward address-less tickets.
+
+ * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
+ export it
+
Added: vendor-crypto/heimdal/dist/ChangeLog.2005
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2005 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2005 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2004 @@
+2005-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to
+ make samba happy
+
+ * fix-export: Build kdc-private.h.
+
+2005-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (tgs_rep2): also print the principal for which
+ the enctype was missing
+
+2005-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kaserver.c: Finish up transition from hdb_entry to
+ hdb_entry_ex.
+
+ * kdc/kerberos4.c: Finish up transition from hdb_entry to
+ hdb_entry_ex.
+
+ * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex.
+
+ * kdc/kerberos5.c: Finish up transition from hdb_entry with
+ hdb_entry_ex.
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): use
+ KRB5_DEFAULT_CCNAME.
+
+ * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME, pointer to
+ default credential cache.
+
+ * lib/hdb/ndbm.c: memset hdb_entry_ex before use
+
+ * lib/hdb/db3.c: memset hdb_entry_ex before use
+
+ * lib/hdb/db.c: memset hdb_entry_ex before use
+
+2005-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.3: Add some more entrypoints.
+
+ * lib/krb5/changepw.c: If there is a target principal, use the
+ realm of the realm to change the password with,
+
+ * kuser/kinit.c: Default to use DH when fetching keys.
+
+ * lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch
+ originally from Andrew Bartlet
+
+ * lib/hdb/hdb-ldap.c: Wrap hdb_entry with hdb_entry_ex, add url
+ support, add ldapi support.
+
+ * kdc/kerberos5.c (tgs_make_reply): there are no such things a
+ keytypes any more, just use enctypes.
+
+ * kdc/kdc_locl.h: Remove private prototypes and instead include
+ <kdc-private.h>.
+
+ * kdc/Makefile.am: Build kdc-private.h and depend on it.
+
+ * kdc/config.c (configure): wrap line
+
+ * doc/kerberos4.texi: KDC 4 support is always compiled in.
+
+ * TODO: Remove some stuff that have been done.
+
+ * Makefile.am: Split long line
+
+ * doc/apps.texi: Spelling, From M\xE5ns Nilsson.
+
+ * doc/install.texi: spelling, From M\xE5ns Nilsson
+
+2005-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_principal.3: Constify principal argument to on
+ krb5_principal_get_ functions.
+
+ * lib/krb5/principal.c: Constify principal argument to on
+ krb5_principal_get_ functions.
+
+2005-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long
+ time ago
+
+2005-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet
+
+ * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return
+ NULL on success in the case 0 entries are allocated, From Andrew
+ Bartlet
+
+2005-12-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on
+ failure to parse format specifier.
+
+ * lib/krb5/store-test.c: Free more of the allocated memory.
+
+ * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated
+ memory, this function is only used by the test program.
+
+ * lib/krb5/parse-name-test.c: Free more of the allocated memory.
+
+ * lib/krb5/derived-key-test.c: Free more of the allocated memory.
+
+2005-12-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: spelling, From M\xE5ns Nilsson
+
+ * lib/krb5/krb5_keytab.3: Memory keytab are now named and
+ refcounted.
+
+ * lib/krb5/test_keytab.c: Test that memory keytab are refcounted.
+
+ * lib/krb5/keytab_memory.c: Index by name and start reference
+ counting on entries.
+
+2005-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h (krb5_address_type): add
+ KRB5_ADDRESS_NETBIOS (20)
+
+ * lib/hdb/hdb.c (find_method): accept relative paths as old db
+ format too.
+
+ * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype.
+
+2005-11-29 Dave Love <fx at gnu.org>
+
+ * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS.
+
+2005-11-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add
+ default_cc_name
+
+ * lib/hdb/hdb.c: Only match db databases on filename starting with
+ '/'.
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in
+ authenticator
+
+ * lib/krb5/rd_req.c (check_transited): explain the TR-type 0
+ better and why it matters.
+
+ * lib/krb5/test_cc.c: test krb5_cc_get_prefix_ops
+
+ * lib/krb5/cache.c (krb5_cc_get_prefix_ops): change the behavior
+ to return NULL when its not found, and fcc when the name starts
+ with a '/'. Almost matches behavior in other parts of the code,
+ but can't really do that since the name passed in to this function
+ may only contain the prefix itself without the colon.
+
+ * lib/krb5/cache.c (krb5_cc_get_prefix_ops): if there are not
+ colon (:) in the name, its a file credential cache
+
+ * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory
+
+ * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory
+
+ * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory
+
+2005-11-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session
+ key for delegated credentials
+
+ * kdc/kerberos5.c (_kdc_as_rep): add comment when we send
+ ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett
+
+2005-11-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_full_name): new function
+
+2005-11-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_crypto.c: Split encryption and s2k iterations to
+ diffrent counters, 38seconds of aes256 s2k is way too long.
+
+ * lib/krb5/test_crypto.c: Add timing code for s2k function.
+
+2005-11-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Print the time the principal expired, based on
+ patch from Andrew Bartlett.
+
+2005-11-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/cache.c (krb5_cc_get_full_name): Add
+
+2005-11-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: Spelling, From Michael Banck <mbanck at debian.org>
+
+2005-10-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/headers.h: Maybe include <sys/param.h>.
+
+2005-10-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
+ understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but
+ have KRB5_AUTHDATA_KDC_ISSUED commented out for now)
+
+2005-10-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/klist.c: In the list caches view, rename the Status field
+ to Expires.
+
+ * lib/krb5/krb5_encrypt.3: Fix mdoc for
+ krb5_encrypt_EncryptedData, Johnny Lam <jlam at pkgsrc.org>
+
+2005-10-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/gssapi_client.c: Check return value from asprintf
+ instead of string != NULL since it undefined behavior on
+ Linux. From Bj\xF6rn Sandell
+
+2005-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are
+ generated from the DH groups, fail.
+
+ * kdc/pkinit.c (get_dh_param): Pass down config so this function
+ can check pkinit_dh_min_bits
+
+ * kdc/config.c: Fill in pkinit_dh_min_bits from configuration
+ file.
+
+ * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration.
+
+2005-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Add option to require binding between reply
+ and response for the win2k version of the protocol.
+
+2005-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/programming.texi: Text about Kerberos errors.
+
+ * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the
+ Windows case to support the updated -09 protocol (using
+ asChecksum). Tell KDC we support this by sending
+ KRB5-PADATA-PK-AS-09-BINDING in the pa-data.
+
+ * lib/krb5/test_cc.c: Test copy FILE -> FILE, and MEMORY -> MEMORY
+ too.
+
+ * lib/krb5/test_cc.c: Test krb5_cc_copy_cache and
+ krb5_cc_cache_match.
+
+ * lib/krb5/cache.c (krb5_cc_cache_match): add function that
+ iterates over all credential caches for a user and returns a
+ match.
+
+ * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an
+ example.
+
+2005-10-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/programming.texi: Try to explain krb5_ccache, krb5_principal
+ and errors.
+
+2005-10-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_get_credentials.3: Add example how to use
+ krb5_get_credentials.
+
+2005-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds.c: Rename private to opt_private.
+
+ * lib/krb5/init_creds_pw.c: Rename private to opt_private.
+
+ * lib/krb5/pkinit.c: rename element private to opt_private to make
+ c++ picky compilers less upset.
+
+ * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element
+ private to opt_private to make c++ picky compilers less upset.
+
+2005-10-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function
+ (_krb5_free_krbhst_info): expose to internal use
+
+ * lib/krb5/init_creds_pw.c: Prepare to pass down a
+ krb5_krbhst_info into the pre-auth mechs
+
+ * lib/krb5/pkinit.c: Inline short functions, share more code,
+ rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for
+ verification of KDC info, and general cleaning up.
+
+2005-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir.
+
+ * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR
+ "/krb5.moduli"
+
+ * lib/krb5/krb5_locl.h: Add forward declaration for
+ krb5_dh_moduli. Add define for MODULI_FILE.
+
+ * kdc/pkinit.c: Removing PK-INIT-19 support.
+
+ * lib/krb5/pkinit.c: Removing PK-INIT-19 support.
+
+ * lib/krb5/pkinit.c (_krb5_dh_group_ok): return DH group name on
+ success.
+ (krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists
+
+ * kdc/pkinit.c: Save DH group name and print it on success.
+
+ * lib/krb5/pkinit.c (_krb5_dh_group_ok): if q is zero, ignore it.
+
+ * kdc/pkinit.c: Check dh group parameters from client.
+
+ * lib/krb5/krb5_err.et: Match error code with pk-init-27.
+
+ * lib/krb5/pkinit.c: Update error codes. Add name to group. Change
+ return value of _krb5_dh_group_ok.
+
+ * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH
+ parameters.
+
+2005-10-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/klist.1: Document --list-caches
+
+ * kuser/klist.c: Change short flag of --list-caches to -l (-v is
+ already used).
+
+2005-10-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120.
+
+ * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers
+ expect it
+ (acc_get_cache_first): don't leak memory or abort on malloc
+ failure
+
+2005-10-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/kerberos.8: Update text about Kerberos RFC's.
+
+2005-10-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/klist.c: Add option --list-caches that lists the avaible
+ caches and their status.
+
+ $ klist --list-caches
+ Principal Cache name Status
+ lha at E.KTH.SE 2 Valid
+ lha at SU.SE 1 Expired
+ lha/root at SU.SE 0 Expired
+ lha at N.L.NXS.SE Initial default ccache Expired
+
+2005-09-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab_keyfile.c: Use all DES keys, not just
+ des-cbc-md5, verify that they all are the same.
+
+ * lib/krb5/mcache.c Implement the cache iteration functions.
+
+ * lib/krb5/acache.c: Implement the cache iteration functions.
+
+ * lib/krb5/test_cc.c: Test the new cache iteration functions.
+
+ * lib/krb5/cache.c: Add cache iteration funcations. Add internal
+ allocation function for the memory of a krb5_ccache, and use it.
+
+ * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions
+
+2005-09-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space.
+
+ * kdc/kerberos5.c: More verbose PK-INIT logging.
+
+ * kdc/pkinit.c: The public DH key is encoded as an INTEGER in
+ subjectPublicKey. Don't verify OID's for now.
+
+ * lib/krb5/pkinit.c: Support cached DH variable (still need to
+ store it though), don't check the oid of the DH signedData for
+ now.
+
+2005-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and
+ the sender subkey. Both RFC1510 and RFC4120 say that you have to
+ use the session key, Heimdal uses subkey.
+
+2005-09-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Don't check oid's too closely, they change in
+ Windows Vista.
+
+2005-09-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the
+ protocol.
+
+ * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19)
+
+ * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL
+ to make sure its not freed.
+
+2005-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length
+ it set to 1, and content is 0x01, use the afs3 string-to-key.
+
+ * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted
+ key, use send the opaque, length 1 (with content set to 0x01) in
+ ETYPE-INFO2-ENTRY.
+
+ * lib/krb5/kcm.c: Remove signedness warnings.
+
+2005-09-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: Use libtool's default values for building
+ shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves
+ building problems users have on Mac OS X.
+
+2005-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/changepw.c: Constify password.
+
+2005-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_mk_req.3: Document krb5_rd_req.
+
+ * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3
+
+ * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact,
+ krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock,
+ krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep,
+ krb5_build_ap_req, krb5_verify_ap_req.
+
+2005-09-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at
+ all, use KRB5-PADATA-AFS3-SALT
+
+2005-08-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (log_timestamp): endtime, not endtype
+
+2005-08-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: Check for <sys/ucred.h>.
+
+ * kcm/connect.c (update_client_creds): in case there is no
+ UCRED_VERSION, skip LOCAL_PEERCRED
+
+ * kcm/headers.h: include <sys/ucred.h>
+
+2005-08-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_req.c (check_transited): Allow empty content of type
+ 0 because that is was Microsoft generates in their TGT.
+
+ * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of
+ type 0 because that is was Microsoft enerates in their TGT.
+
+2005-08-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/intro.texi: RFC 4120 replaces RFC 1510
+
+2005-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: Add --disable-afs-support.
+
+2005-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but
+ not TESTS, I have no same dns to use.
+
+ * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname()
+ and krb5_expand_hostname_realms().
+
+ * configure.in: Build KCM if we have doors or unix sockets.
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove
+ shadowing variable.
+
+ * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings,
+ plug memory leak. From: Stefan Metzmacher <metze at samba.org>
+
+ * lib/krb5/krb5_config.3: Document what happens with NULL to
+ krb5_config_free_strings
+ (nothing). Mdoc nit.
+
+2005-08-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/klist.c (check_for_tgt): Re-order code so it only free the
+ credential if one was returned.
+
+ * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t.
+
+2005-08-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/dbinfo.c: provide interface to find databases
+
+ * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys
+
+2005-08-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply.
+
+2005-08-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: Save the request buffer so that
+ pre-auth mechanism that needs it can verify the reply.
+
+2005-08-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_mem.c: Rename logf to avoid shadowing.
+
+ * lib/krb5/krb5_keytab.3: Fix the version number for
+ fcc-mit-ticketflags.
+
+ * lib/krb5/fcache.c: Revert previous, I was confused.
+
+ * lib/krb5/krb5_keytab.3: Document fcc-mit-ticketflags in
+ COMPATIBILITY section.
+
+ * lib/krb5/fcache.c (fcc_store_cred): default to MIT style ticket
+ flags.
+
+ * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break;
+
+ * lib/krb5/krb5_create_checksum.3: Update prototype for
+ krb5_create_checksum.
+
+ * kdc/pkinit.c: Make compile.
+
+ * lib/krb5/pkinit.c: Implement verification of asChecksum, now
+ client side code is using -27 of the pk-init draft.
+
+ * kdc/kdc_locl.h: update prototype for _kdc_as_rep
+
+ * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC.
+
+ * kdc/process.c: Pass down the request buffer to _kdc_as_rep().
+
+ * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to
+ _kdc_pk_mk_pa_reply.
+
+2005-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/ext.c: HDB extensions access glue.
+
+ * kcm/acquire.c: Use krb5_set_password instead of
+ krb5_change_password.
+
+ * configure.in: Add tests/Makefile and tests/db/Makefile.
+
+ * NEWS: New ASN.1 compiler
+
+ * lib/hdb/Makefile.am: Build extensions.
+
+ * lib/hdb/print.c: Print extensions.
+
+ * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory
+ extension".
+
+ * lib/hdb/hdb.h: Update interface version (and indent).
+
+ * lib/hdb/hdb.asn1: Add support for HDB-extension.
+
+2005-08-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_pkinit_dh2key.c: add tests vectors from
+ "Liqiang(Larry) Zhu" <lzhu at windows.microsoft.com>
+
+ * lib/hdb/mkey.c: Expose the crypto operations on the master key.
+
+ * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet
+
+2005-08-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the
+ ENC-TS case. From: Andrew Bartlett <abartlet at samba.org>
+
+ * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify
+ authenticator" once, its already done by
+ tgs_check_authenticator().
+
+ * kdc/kerberos5.c: Indent strings.
+
+ * kdc/kerberos5.c (log_timestamp): avoid shadow warnings From:
+ Andrew Bartlett <abartlet at samba.org>
+
+ * lib/krb5/verify_user.c: Add krb5_verify_opt_alloc and
+ krb5_verify_opt_free.
+
+ * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and
+ krb5_verify_opt_free.
+
+ * lib/hdb/db3.c (DB_open): catch errors from the d->open calls
+ instead of letting them slip though to d->cursor. Bug repport from
+ Andrew Bartlett <abartlet at samba.org>
+
+2005-07-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am (kdc_LDADD): add LDADD
+
+2005-07-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in
+ ENC-TS preauth, both for failure and success.
+
+ * kdc/hprop.c: Use the _krb5_krb_life_to_time function from
+ libkrb5 instead of including our own here too.
+
+ * kdc/kerberos5.c: indent printf strings
+
+ * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with
+ keyusage 0 in case the key was encrypted with MIT Kerberos (old
+ patch from Johan)
+
+2005-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: update to pkinit-27
+
+2005-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module.
+
+2005-07-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_pkinit_dh2key.c: framework for testing
+ _krb5_pk_octetstring2key
+
+ * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a
+ krb5_socklen_t
+
+ * kdc/connect.c (de_http): sscanf takes a char *, not unsigned
+ ditto, cast approriately
+
+ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output
+ unsigned char to match openssl
+
+2005-07-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE.
+
+2005-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory
+
+ * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call
+ krb5_cc_retrieve_cred once, and plug memory leak.
+
+2005-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules
+ name in the depend file
+
+ * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return
+ value from krb5_storage_from_fd
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute
+ to the DH when the server doesn't support the cached DH request.
+
+ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments
+
+2005-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: clean up pk-init DH support, not finished
+ yet; improve error reporting
+
+ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key
+ function used in pk-init-25
+
+ * configure.in: Use a configure switch to turn on PK-INIT, not by
+ detecting existence of the new ASN.1 library.
+
+ * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch.
+
+ Highlighs for the compiler is support for CHOICE and in general better
+ support for tags. This compiler support most of what is needed for
+ PK-INIT, LDAP, X.509, PKCS-12 and many other protocols.
+
+2005-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1: make scope variables unique to avoid shadow warnings
+
+2005-07-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: comment out paramenter name in typedef
+ functions to avoid shadow warnings
+
+ * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const
+
+ * kuser/klist.c: If there are no addresses, print addressless
+ instead of nothing.
+
+ * lib/krb5/Makefile.am (TESTS): add test_crypto_wrapping
+
+ * lib/krb5/crypto.c (wrapped_length): the underived encrypted
+ types checksum are all unkeyed (matches the code in
+ encrypt_internal() and encrypt_internal_special())
+
+ * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't
+ not supported
+
+ * lib/krb5/test_crypto_wrapping.c: test encryption wrapping
+
+ * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer
+
+2005-07-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O
+ otherwise am_aux_dir will be expanded using ac_aux_dir before the
+ later is set.
+
+ * configure.in: check for strings.h explicitly instead of
+ depending on AC_HEADER_STDC to check it for us
+
+2005-07-07 Assar Westerlund <assar at kth.se>
+
+ * configure.in: add AM_PROG_CC_C_O for automake 1.9
+
+2005-07-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when
+ returning a new error
+
+ * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on
+ error.
+
+ * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused,
+ remove From: "Henry B. Hotz" <hotz at jpl.nasa.gov>
+
+2005-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was
+ added in w2k3-sp1 From David Love
+
+ * doc/setup.texi: document kadmin command password-quality instead
+ of the not installed test_pw_quality
+
+ * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love
+
+ * fix-export: build kdc-protos.h
+
+2005-07-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc: prefix pkinit symbols with _kdc
+
+ * kuser/kinit.c: avoid shadowing variables
+
+ * kuser: s/optind/optidx/
+
+ * kdc: adapt pkinit code to libkdc split
+
+2005-06-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create
+
+ * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create
+
+ * kdc/kdc_locl.h: indent, remove dup prototypes
+
+ * kdc/libkdc: don't pollute namespace, generate public headerfile
+
+ * lib/krb5/principal.c: add krb5_425_conv_principal_ext2 that work
+ just like krb5_425_conv_principal_ext but takes a context variable
+ for the verification function
+
+ * kdc/Makefile.am: there is no export script, not pretend there is
+
+ * kdc: Merge in the libkdc/kdc configuration split from Andrew
+ Bartlet <abartlet at samba.org>
+
+ * lib/krb5/crypto.c: optionally compile in support for afs string2key
+
+ * configure.in: add --disable-afs-string-to-key to allow removal
+ of support for afs string2key (and dependency on crypt)
+
+2005-06-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and
+ TGS-REQ, for auditing
+
+ * kdc/kerberos5.c (as_req): print the supported encryption types
+ so its possible to know what clients to update.
+ (find_rpath): return const char * and update callers.
+
+2005-06-28 Luke Howard <lukeh at padl.com>
+
+ * kcm/connect.c: fix arguments to kcm_log() when reporting
+ sendmsg() error
+
+ * kcm/connect.c: don't send socket address in msghdr, it
+ returns an already connected error on Linux
+
+2005-06-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/524.c: Always include <krb5-v4compat.h>.
+
+2005-06-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/intro.texi: no more libdes, gssapi lib is complete
+
+ * lib/krb5/krb5.conf.5: Documentation for password quality
+ control. From: "James F. Hranicky" <jfh at cise.ufl.edu>
+
+ * lib/krb5/verify_krb5_conf.c (password_quality_entries): add
+ min_length and min_classes
+
+ * kdc/kaserver.c: log the kaserver requests, avoid shadowing
+ variables
+
+ * lib/hdb/db3.c (DB_open): in case of error, close database
+
+ * lib/hdb/ndbm.c (NDBM_open): in case of error, close database
+
+ * lib/hdb/db.c (DB_open): in case of error, close database
+
+2005-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/kcm.8: fix example
+
+2005-06-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_rep.c: indent
+
+ * lib/krb5/rd_rep.c (krb5_rd_rep): check if
+ KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp
+ should be checked, DCE-STYLE gssapi needs to be able to tweek this
+
+ * kdc/string2key.c: rename optind to optidx
+
+ * lib/hdb/convert_db.c: rename optind to optidx
+
+ * lib/hdb/keytab.c: const poison, add a unconst where needed
+
+ * lib/krb5/crypto.c (krb5_string_to_key): unconst password
+
+ * lib/asn1/k5.asn1: rename pvno to krb5-pvno
+
+ * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc):
+ unconst argument
+
+ * lib/krb5/verify_krb5_conf.c: rename optind to optidx
+
+ * lib/krb5/transited.c: rename the temporary string variable to
+ `str'
+
+ * lib/krb5/test_crypto.c: rename optind to optidx
+
+ * lib/krb5/test_alname.c: rename optind to optidx
+
+ * lib/krb5/store.c: unconst argument to krb5_store (XXX this
+ should be fixed, krb5_store doesn't need to modify its argument)
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto): remove shadowing
+ unnessecery variable ret
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): remove shadowing unnessecery
+ variable len
+
+ * lib/krb5/prog_setup.c: rename optind to optidx
+
+ * lib/krb5/padata.c: rename variable index to idx
+
+ * lib/krb5/log.c: rename variable time to timestr to avoid
+ shadowing
+
+ * lib/krb5/krbhst.c (krb5_krbhst_init_flags): rename variable to
+ avoid shadowing
+
+ * lib/krb5/krbhst-test.c: rename optind to optidx
+
+ * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to
+ krb5_store (XXX this should be fixed, krb5_store doesn't need to
+ modify its argument)
+
+ * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password
+
+ * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning
+
+2005-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/principal.c: rename index to idx
+
+ * lib/krb5/mk_error.c: use rk_UNCONST
+
+ * lib/krb5/fcache.c: rename to avoid shadowing
+
+ * lib/krb5/config_file.c: rename to avoid shadowing
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): just copy the
+ string instead of losing const
+
+ * lib/krb5/addr_families.c: use rk_UNCONST to silence const
+ warning
+
+ * lib/krb5/addr_families.c: rename sin to sin4
+
+ * lib/asn1/asn1_print.c: rename optind to optidx, remove shadowed
+ variables
+
+ * lib/asn1/main.c: rename optind to optidx
+
+ * lib/asn1/gen_copy.c: rename to avoid shadowing
+
+ * lib/asn1/gen_locl.h: rename function filename to get_filename
+
+ * lib/asn1/lex.l: use get_filename
+
+ * lib/asn1/gen.c: rename function filename to get_filename
+
+ * lib/krb5/acache.c: use HAVE_DLOPEN around cc_handle
+
+ * configure.in: add headers and prototypes to logwtmp, logout and
+ openpty checks
+
+ * configure.in: include headerfiles and set prototype for tgetent
+
+ * kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the
+ string
+
+ * kdc/kerberos5.c: replace strndup with inline copy, free data on
+ failure
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): replace strndup
+ with inline copy
+
+ * lib/krb5/log.c: rename close and log to avoid shadow warnings
+
+ * lib/krb5/get_in_tkt.c: rename index to i to avoid shadowing
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): rename two
+ of the local `realm' to srealm to avoid shadowing
+
+ * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to
+ avoid shadow warning
+
+ * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow
+ warning
+
+2005-06-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Release 0.7, see branch
+
+2005-06-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES +=
+ kcm.h
+
+ * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from
+ krb5_init_context
+
+ * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from
+ krb5_init_context
+
+ * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT
+ from krb5_init_context From: Mathias Feiler
+ <feiler at uni-hohenheim.de>
+
+ * lib/krb5/verify_krb5_conf.c: Add more missig entires, from
+ Mathias Feiler <feiler at uni-hohenheim.de>
+
+2005-06-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c (pk_principal_from_X509): remember to free
+ KRB5PrincipalName
+
+ * lib/krb5/log.c (krb5_closelog): free all content in
+ krb5_log_facility
+
+2005-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/524.c: init kvno to please gcc
+
+ * kdc/kaserver.c (do_authenticate): check return value from
+ unparse_auth_args
+
+2005-06-07 Dave Love <fx at gnu.org>
+
+ * doc/setup.texi: Spelling.
+
+ * doc/programming.texi: Spelling.
+
+2005-06-02 Dave Love <fx at gnu.org>
+
+ * kcm/connect.c (kcm_door_server): Make static.
+
+ * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare.
+
+2005-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/mit_dump.c (mit_prop_dump): cast argument to
+ krb5_parse_principal to avoid warning
+
+ * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to
+ mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit
+ codebase
+
+2005-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c: If we are allocating 0 entires, avoid failing
+ if ALLOC returns NULL
+
+ * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm
+
+ * lib/krb5/cache.c: When returning a new error code, set error
+ string.
+
+2005-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab_file.c: Adapt to changed signature of
+ _krb5_xunlock, clear more error string where needed.
+
+ * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it
+ into something sensable
+
+2005-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from
+ server entry to encrypted ticket flags
+
+2005-05-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/connect.c: rename sendlength to prependlength (which
+ hopefully better represents its purpose), and change type to
+ krb5_boolean
+
+ * kdc/connect.c: log signal causing exit
+
+ * kdc/main.c (sigterm): set exit_flag to signal causing exit;
+ (main): trap SIGXCPU
+
+2005-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path
+
+ * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not
+ client
+
+ * kcm/main.c: ignore SIGPIPE
+
+ * kcm/protocol.c: Add option to disallow getting krbtgt out from
+ from KCM. KCM will do the fetching part itself.
+
+ * kcm/config.c: Add option to disallow getting krbtgt out from
+ from KCM. KCM will do the fetching part itself.
+
+2005-05-30 Luke Howard <lukeh at padl.com>
+
+ * kcm/events.c: if credentials have expired when attempting
+ to renew, attempt to reacquire them using initial creds
+
+2005-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_principal.3: Spelling, from Bj\xF6rn Sandell
+
+ * doc/setup.texi: spelling, from Bj\xF6rn Sandell
+
+ * lib/krb5/name-45-test.c: XXX don't run the test unless the
+ machine is in kth.se or su.se because it depends on local resolver
+ configuration.
+
+ * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't
+ exists
+
+ * kcm/connect.c: fix doors support, fix signedness warnings
+
+ * kcm/config.c: add --door-path=
+
+ * configure.in: comment what the "detect doors on solaris"
+ fragment tries to do
+
+ * kcm/acquire.c (generate_random_pw): fix signed-ness warnings
+
+ * kcm/connect.c (update_client_creds): fix compile error in the
+ getpeerucred case
+
+ * lib/krb5/test_cc.c: change format for expantion variables in
+ default_cc_name to %{variable} to not confuse them with shell
+ ditto
+
+ * kcm/headers.h: Maybe include <door.h>.
+
+ * kcm/kcm_locl.h: add extern door_path;
+
+ * configure.in: detect doors using door_create
+
+ * kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on
+ LIB_door_create
+
+ * lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door
+
+ * lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to
+ kcm
+
+ * lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create
+
+ * lib/krb5/krb5_locl.h: Maybe include <sys/mman.h>, maybe include
+ <door.h>.
+
+ * lib/krb5/kcm.c (kcm_send_request): add support for doing a door
+ call to kcm
+
+ * lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with
+ system headerfiles that pollute the name space
+
+ * kcm/kcm.8: change format for expantion variables in
+ default_cc_name to %{variable} to not confuse them with shell
+ ditto
+
+ * lib/krb5/krb5.conf.5: change format for expantion variables in
+ default_cc_name to %{variable} to not confuse them with shell
+ ditto
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format
+ for expantion variables to %{variable} to not confuse them with
+ shell ditto
+
+ * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support
+
+2005-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/kf/kfd.c: case uid_t to unsigned long in printf format
+
+2005-05-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_auth_context.3: remove trailing space
+
+2005-05-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/connect.c (do_request): use sendmsg to send the reply
+
+ * fix-export: add make_proto for kcm/kcm_protos.h
+
+ * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h>
+
+ * kcm/Makefile.am (kcm_SOURCES): add headerfiles
+ (kcm_protos.h): generate prototypes
+
+ * kcm/protocol.c: fix error in last commit, use right function
+
+ * kcm/headers.h: include <ucred.h> if we have getpeerucred
+
+ * configure.in: check for functions getpeerucred and getpeereid
+
+ * kcm/connect.c (update_client_creds): add support for
+ getpeerucred and getpeereid
+
+ * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by
+ [libdefaults]kcm_socket=/path
+
+2005-05-24 David Love <fx at gnu.org>
+
+ * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling
+
+2005-05-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/protocol.c: Merge the description and function jumptables
+ into one structure. Use the length of the array when checking if
+ opcode is value, not a constant.
+
+ * kcm/kcm_locl.h: struct kcm_op: jumptable structure
+
+ * kcm/main.c: move declaration of detach_from_console away from
+ here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it.
+
+ * kcm/kcm_locl.h: move declaration of detach_from_console here
+
+ * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it.
+
+2005-05-23 Dave Love <fx at gnu.org>
+
+ * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it.
+
+ * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it.
+
+2005-05-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14
+
+2005-05-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes,
+ return and ignore the error
+
+ * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count'
+ have good values
+
+ * lib/krb5/test_keytab.c: tests all keytab format
+
+2005-05-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding
+ errors, fail. Make sure we free memory on error.
+ (pk_verify_chain_standard): make sure we provide good errors.
+
+ * lib/krb5/verify_krb5_conf.c: add missing options, prompted by
+ James F. Hranicky mail to heimdal-discuss
+
+ * lib/krb5/verify_krb5_conf.c: add pkinit and password quailty
+ check options
+
+ * lib/krb5/pkinit.c (pk_verify_chain_standard): store better error
+ message in the context for certificate errors.
+
+ * lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all
+ krb5_free_x_content like functions to make sure data doesnt get
+ reused, idea from Wynn Wilkes <wwilkes at vintela.com>
+
+ * configure.in: depend on automake 1.8, we don't test anything
+ older
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment
+ that the caller always free out_md; remove comment about memory,
+ it doesn't happen.
+ (init_cred_loop): free ctx->as_req.padata when its reset (From Wynn
+ Wilkes <wwilkes at vintela.com>), move a comment close the the code
+
+ * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call
+ krb5_kt_free_entry after each krb5_kt_next_entry.
+
+ * lib/krb5/keytab_file.c (fkt_remove_entry): need to call
+ krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn
+ Wilkes <wwilkes at vintela.com>
+
+2005-05-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: TESTS += test_keytab
+
+ * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks,
+ avoid crashing on empty keytab
+
+ * lib/krb5/krb5_keytab.3: document behavior of
+ krb5_kt_remove_entry
+
+ * lib/krb5/keytab_memory.c (mkt_remove_entry): check if there
+ isn't any entries in the keytab before removing any since that
+ leads to bad pointer arithmetic and crashing. From: Wynn Wilkes
+ <wwilkes at vintela.com>. Make the function return KRB5_KT_NOTFOUND
+ if the entry wasn't in the keytab (just like the filebased
+ keytab).
+
+ * lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab
+
+ * lib/krb5{addr_families,context,creds,free,keyblock,
+ mit_glue,rd_error}.c:zero out content of all krb5_free_x_content
+ like functions to make sure data doesnt get reused, idea from
+ Wynn Wilkes <wwilkes at vintela.com>
+
+ * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK
+
+ * lib/krb5/krb5.3: add krb5_cc_new_unique
+
+2005-05-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/fcache.c (fcc_get_first): check return value from
+ malloc, memset the structure, make sure cursor doesn't point to
+ freed memory on failure. From: Wynn Wilkes <wwilkes at vintela.com>
+
+ * lib/krb5/krb5_auth_context.3: document
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
+
+ * lib/krb5/get_cred.c: Remove expired credentials, based on
+ patches and comments from Anders Magnusson <ragge at ltu.se> and Wynn
+ Wilkes <wwilkes at vintela.com>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted
+ (ENCTYPE_NULL) credentials. for use with old mit server and java based
+ ones as they can't handle encrypted KRB-CRED. Note that the option
+ needs to turned on because if the consumer sends the KRB-CRED in
+ clear bad things will happen.
+
+ * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops
+
+ * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok
+ to return from krb5_get_credentials.
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials
+ be unencrypted, for compatibility with mit kerberos and java
+ kerberos. krb5_javakt_ops: export
+
+2005-05-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that
+ doesn't the use extended kvnos, as hinted, this is needed for
+ Java's Kerberos implementation.
+
+2005-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25
+ enckey, still no DH
+
+ * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey,
+ still no DH
+
+ * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and
+ pkinit-25 pa-data, return empty pkinit pa-data in the
+ PREAUTH_REQUIRED krb-error
+
+ * doc/ack.texi: add pkinit people
+
+ * lib/krb5/krb5_storage.3: document krb5_storage_is_flags
+
+ * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3,
+ krb5_krbhst_init.3,krb5_storage.3}:
+ make more pretty, from Bj\xF6rn Sandell
+
+2005-05-09 Dave Love <fx at gnu.org>
+
+ * doc/setup.texi: Fix and clarify password quality check examples.
+
+2005-05-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead
+ of HAVE_GETPWNAM_R From: Dave Love <d.love at dl.ac.uk>
+
+2005-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/addr_families.c (krb5_print_address): catch when the
+ unknown adress don't fit. From Bj\xF6rn Sandell <biorn at dce.chalmers.se>
+
+2005-05-05 Dave Love <d.love at dl.ac.uk>
+
+ * configure.in: fix type right test, include <termios.h> for
+ sys/strtty.h, not sys/ptyvar.h
+
+2005-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: spelling
+
+2005-05-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.conf.5: expand on what "trailing component" means
+
+2005-05-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * lib/krb5/rd_cred.c: put address comparison in separate function
+
+ * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory
+ for access files, all of which is handled like the regular
+ ~/.k5login
+
+ * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for
+ access files, all of which is handled like the regular ~/.k5login
+
+2005-05-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/ack.texi: Clearify what version of libdes we are using and
+ who's code in it we are using.
+
+ * kcm/kcm.8: more text about usage
+
+ * kcm/Makefile.am: man_MANS += kcm.8
+
+ * kcm/kcm.8: initial manpage
+
+ * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define
+ PKINIT
+
+2005-05-02 Dave Love <fx at gnu.org>
+
+ * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h.
+
+2005-05-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/krb5-config.in: add com_err to required libs
+
+ * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in
+ length
+
+ * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of
+ nonce for windows, remove the code that removed the signed
+ bit. Instead add comment that they still need to be the same
+ (Kerberos protocol nonce and pk-init nonce) for Windows.
+
+2005-05-02 David Love <fx at gnu.org>
+
+ * lib/krb5/crypto.c: Don't declare des_salt &c as static with
+ incomplete type (invalid in c89, at least).
+
+2005-05-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_locl.h: include <crypt.h>
+
+2005-05-02 David Love <fx at gnu.org>
+
+ * kcm/connect.c (init_socket): rename variable sun to un to avoid
+ namespace collision.
+ (handle_stream): Cast arg of krb5_warnx.
+
+2005-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the
+ highest bit to make windows PK-INIT happy. Also make the nonces
+ the same, again for windows, they are using pk-init-9.
+
+ XXX check if it isn't the that nonce is an unsigned variable so
+ its just a asn1 mismatch.
+
+ * kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id
+
+ * kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/pkinit.c: Pass prompter data to the prompter function,
+ implement a UI prompter function wrapping the kerberos prompter
+ function so that the the OpenSSL ENGINE can ask for a password
+ when loading the private key. From: Douglas E. Engert
+
+ * lib/krb5: add <err.h> in test programs
+
+ * configure.in: sys/ptyvar.h might need <sys/tty.h>
+
+ * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la
+
+2005-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/Makefile.am: use $(LIB_com_err)
+
+2005-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (krb5_set_config_files): ignore permission
+ denied on configuration files, user might not be allowed to read
+ /var/heimdal/kdc.conf
+
+2005-04-26 Dave Love <fx at gnu.org>
+
+ * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get
+ posix getpwnam_r
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/gen_glue.c: switch the units variable to a
+ function. gcc-4.1 needs the size of the structure if its defined
+ as extern struct units foo_units[] an we don't want to include
+ <parse_units.h> in the generate headerfile
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart,
+ krb5ValidEnd, krb5PasswordEnd From Howard Chu
+
+2005-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/whatis.texi: comment out docbook stuff for now
+
+ * kuser/klist.c: use strlcpy
+
+ * doc/ack.texi: we no longer use eay libdes, make acknowledgment
+ still be there, but claim that we no longer use it. Mark editline
+ to be a modified version as required by the license.
+
+ * lib/krb5/pkinit.c: use the unexported oid_to_enctype function
+
+ * lib/krb5/crypto.c: unexport the oid_to_enctype function, not for
+ external consumers
+
+ * kdc/Makefile.am: always add kaserver
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_new_unique
+
+ * lib/krb5/cache.c (krb5_cc_new_unique): new function to create a
+ new credential cache
+
+ * kdc/headers.h: don't include kerberos 4 headers here
+
+ * kdc/hpropd.c: include kerberos 4 headers here
+
+ * kdc/connect.c: add kaserver support independ of having krb4
+ support
+
+ * kdc/config.c: add kaserver support unconditionally, make kdc
+ only fail to start when there are no v4 realm configured and
+ krb4/kaserver is turned on
+
+ * kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and
+ so kaserver support is always compiled in (still default disabled)
+
+ * lib/krb5/v4_glue.c: simplify error handling
+
+ * doc/whatis.texi: add docbook version macro of @sub
+
+ * doc/heimdal.texi: change the wrapping around the Top node to
+ ifnottex, make html generation work
+
+ * lib/krb5/krb5_krbhst_init.3: spelling, from Bj\xF6rn Sandell
+ <biorn at dce.chalmers.se>
+
+ * lib/krb5/krb5_get_krbhst.3: spelling, from Bj\xF6rn Sandell
+ <biorn at dce.chalmers.se>
+
+ * lib/krb5/krb5_data.3: spelling, from Bj\xF6rn Sandell
+ <biorn at dce.chalmers.se>
+
+ * lib/krb5/krb5_aname_to_localname.3: spelling, from Bj\xF6rn Sandell
+ <biorn at dce.chalmers.se>
+
+ * lib/krb5/krb5_address.3: spelling, from Bj\xF6rn Sandell
+ <biorn at dce.chalmers.se>
+
+2005-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so
+ kerberos 4 is always compiled in (still default disabled)
+
+ * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and
+ so kerberos 4 is always compiled in (still default disabled)
+
+ * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data
+
+ * lib/krb5/convert_creds.c: Move the kerberos v4 replacement
+ functions to v4_glue.c
+
+ * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to
+ be a KDC, move the v4 bits over here
+
+ * lib/krb5/krb5-v4compat.h: add more v4 defines
+
+2005-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.c: Support multi-realms databases, requires
+ that all the realms are configured on the KDC in krb5.conf with
+ [libdefaults]default_realm stanzas.
+
+2005-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden
+
+ * lib/krb5/addr_families.c: catch two more snprintf problems
+
+2005-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/Makefile.am: this lib include com_err, add -com_err to
+ CHECK_SYMBOLS
+
+ * appl/test/http_client.c: cast ssize_t to unsigned long, fix
+ printf format
+
+2005-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames
+
+ * lib/krb5/get_host_realm.c: check return value of snprintf
+
+ * lib/krb5/test_addr.c: check address truncation
+
+ * lib/krb5/addr_families.c: check return values from snprintf and
+ clean up semantics of ret_len
+
+ * lib/krb5/krb5_address.3: clarify what ret_len is in
+ krb5_print_address
+
+ * lib/krb5/test_kuserok.c: add --version and --help
+
+ * lib/krb5/kuserok.c: use getpwnamn_r if it exists
+
+ * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok
+
+ * lib/krb5/test_kuserok.c: test program for krb5_kuserok
+
+2005-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed
+ with ccErrCCacheNotFound try again with create_default_ccache,
+ this fixes the problem where the security server apperenly haven't
+ started yet on Mac OS X
+
+ * lib/krb5/get_default_principal.c
+ (_krb5_get_default_principal_local): add, for use of functions
+ that in ccache layer to avoid recursive calls.
+
+ * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is*
+ macros in this file
+
+ * include/make_crypto.c: cast to unsigned char to make sure its
+ not negative when passing it to is* functions
+
+2005-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/programming.texi: remove manpage macro, add some more
+ references to manpages
+
+ * doc/heimdal.texi: define manpage macro
+
+ * doc/setup.texi: document new password policy code
+
+ * kpasswd/kpasswdd.c: add verifier libraries with
+ kadm5_add_passwd_quality_verifier
+
+ * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init
+
+2005-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the
+ same, and clients
+ (klog) can deal with that the kaserver returns the same thing for
+ both
+
+ * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill
+ in a keyblock from key data.
+
+2005-04-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: rk_WIN32_EXPORT for roken
+
+2005-04-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/gssapi_server.c: print out client principla of
+ delegated credential
+
+2005-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check
+ for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert
+
+2005-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * .cvsignore: ignore more generate files
+
+2005-04-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/asn1/check-der.c: use size_t, print size_t by casting to
+ unsigned long
+
+ * lib/krb5/test_crypto.c: print size_t by casting to unsigned long
+
+ * lib/krb5/acache.c: Argument to create_new_ccache is a principal,
+ not a credential cache name. Clean up lossage related to this
+ problem.
+
+ * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int
+
+ * lib/krb5/addr_families.c
+ (krb5_address_prefixlen_boundary,krb5_free_address):
+ use find_atype when we are dealing with a kerberos address type
+
+ * lib/krb5/aes-test.c: size_t vs int + fix printf
+
+ * lib/krb5/pkinit.c: Since the decode can't make out the diffrence
+ between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to
+ verify both cases
+
+2005-04-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/uu_client.c: print size_t by casting to unsigned long
+
+2005-04-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * kdc/kerberos4.c (do_version4): check client and server max_life
+
+ * kdc/kaserver.c (do_getticket): check client max_life
+
+2005-03-31 Love <lha at kth.se>
+
+ * lib/krb5/verify_krb5_conf.c: const poison
+
+ * lib/krb5/test_alname.c: const poison
+
+ * lib/asn1/main.c: const poison
+
+ * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses
+
+ * lib/krb5/addr_families.c: implement mask boundary for IPv6
+
+ * lib/asn1/gen.c: avoid const string warnings steming from
+ writeable-string
+
+2005-03-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: TESTS += test_addr
+
+ * lib/krb5/test_addr.c: simple test for addresses
+
+ * lib/krb5/addr_families.c: make RANGE parse prefixlen style
+ addresses too, fix printing of RANGE addresses, add
+ krb5_address_prefixlen_boundary
+
+ * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on
+ wildcards
+
+2005-03-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson
+
+ * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson
+
+2005-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acache.c: add mutex for global variables, clean up
+ returned error codes, implement storing addresses into the ccapi
+
+ * appl/test/gssapi_server.c: free memory, make error strings match
+
+ * appl/test/gssapi_server.c: use print_gss_name, print server name
+ too
+
+ * appl/test/gss_common.h (print_gss_name): common code for
+ printing gss name
+
+ * appl/test/gss_common.c (print_gss_name): common code for
+ printing gss name
+
+ * appl/test/http_client.c: Make constent with rest of the gssapi
+ test programs
+
+2005-03-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/keys.c: AES is enabled by default, remove ifdefs
+
+ * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs
+
+ * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled
+ by default, remove ifdefs
+
+ * kdc/kerberos5.c: AES is enabled by default, remove ifdefs
+
+2005-03-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Add some text about modifying the database
+
+2005-03-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: widen lifetime/renewal warning text field, also
+ make use of unparse_time_approx, no need to be specific to the
+ second when ticket needs to be renewed or their lifetime.
+
+ * doc/heimdal.texi: copyright maintenance, drop eay, use updated
+ UCB license
+
+ * lib/krb5/crypto.c: more static and unsigned issues
+
+ * lib/krb5/crypto.c: fix signedness issues, prompted by report of
+ Magnus Ahltorp
+
+2005-03-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_keytab.3: more text about how to free returned
+ resources
+
+2005-03-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: handle the -25 generation path
+
+ * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19
+
+ * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes
+
+2005-03-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: use generated oid's
+
+ * lib/krb5/pkinit.c: use generated oid's
+
+2005-03-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: update to the asn1 structures used in -25's
+
+ * lib/krb5/pkinit.c: update to the asn1 structures used in -25's
+
+2005-03-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use the newly written hex function from
+ roken and remove the old implementation
+
+2005-03-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/test/http_client.c: allow specifing port to connect to
+
+2005-02-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/Makefile.am: bump version to 21:0:4
+
+ * lib/hdb/Makefile.am: bump version to 8:0:1
+
+ * lib/asn1/Makefile.am: bump version to 7:0:1
+
+2005-02-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak
+ keys after doing the DES_cbc_cksum
+
+2005-02-19 Luke Howard <lukeh at padl.com>
+
+ * lib/krb5/krbhst.c: set KD_CONFIG after calling
+ config_get_hosts() in kpasswd_get_next()
+ From: Wynn Wilkes <wynnw at vintela.com>
+
+2005-02-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY
+ From: Chaskiel M Grundman <cg2v at andrew.cmu.edu>
+
+2005-02-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to
+ make %d work
+
+2005-02-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the
+ caller requested to provide the user with a glue what the caller
+ was asking for.
+
+2005-02-05 Luke Howard <lukeh at padl.com>
+
+ * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop
+
+ * kcm/acquire.c: don't leak salt if keyproc called multiple
+ times
+
+ * kcm/config.c: allow KCM system ccache to be configured from
+ krb5.conf, in the system_ccache stanza of [kcm]
+
+2005-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/protocol.c: use -1 as the invalid pid number
+
+ * kcm/connect.c: support SCM_CREDS (for NetBSD)
+
+ * kcm/Makefile.am: LDADD += LIB_pidfile
+
+ * kcm/connect.c: make it possible to build on systems without
+ SO_PEERCRED (still doesn't work)
+
+ * kcm/config.c: cast argument to isdigit to unsigned char
+
+ * lib/krb5/krb5.conf.5: document large_msg_size
+
+ * lib/krb5/context.c (init_context_from_config_file): init
+ large_msg_size to 6000
+
+ * lib/krb5/krb5.h (krb5_context_data): add large_msg_size,
+ threshold where we start to use transport protocols without tiny
+ max data transport sizes.
+
+ * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h
+ by now
+
+2005-02-02 Luke Howard <lukeh at padl.com>
+
+ * configure.in: generate kcm/Makefile
+
+ * Makefile.am: recurse into kcm/ if KCM defined
+
+ * kcm: add KCM daemon
+
+2005-02-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again
+
+ * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add
+ some more error strings
+
+2005-02-02 Luke Howard <lukeh at padl.com>
+
+ * configure.in: add --enable-kcm option for Kerberos
+ Credentials Manager (KCM)
+
+ * lib/krb5/Makefile.am: add kcm.c
+
+ * lib/krb5/cache.c: use cc_retrieve_cred if present rather
+ than enumerating ccache
+
+ * lib/krb5/context.c: register KCM cc_ops
+
+ * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred
+
+ * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock
+
+ * lib/krb5/kcm.[ch]: add initial implementation of KCM
+ client library
+
+ * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops
+
+ * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp
+
+ * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag
+
+2005-01-24 Luke Howard <lukeh at padl.com>
+
+ * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed
+ krb5_get_init_creds_password()
+
+ * kdc/kerberos5.c: don't crash when logging no server etype
+ support if client == NULL
+
+2005-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love
+ <d.love at dl.ac.uk>
+
+2005-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using
+ PAM. From: Dave Love <d.love at dl.ac.uk>
+
+2005-01-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to
+ unsigned char
+
+ * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned
+ char
+
+ * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to
+ unsigned char
+
+ * appl/kf/kfd.c (kfd_match_version): cast argument to islower to
+ unsigned char
+
+ * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled
+
+ * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more
+ text about krb5_enctype_valid
+
+ * lib/krb5/krb5_create_checksum.3: drop
+ krb5_checksum_is_disabled
+
+ * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled
+
+ * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing
+ as krb5_enctype_valid, so use the later since its older and the
+ api doesn't really need another entry point
+
+ * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as
+ krb5_enctype_valid, so use the later since its older and the api
+ doesn't really need another entry point
+
+ * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as
+ krb5_enctype_valid, so use the later since its older and the api
+ doesn't really need another entry point
+
+2005-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.8: document --addresses, controls what
+ addresses kpasswd should listen too
+
+ * kpasswd/kpasswdd.c: add --addresses, controls what addresses
+ kpasswd should listen too
+
+ * lib/krb5/addr_families.c (krb5_parse_address): filter out dup
+ addresses from getaddrinfo
+
+ * kpasswd/kpasswd.1: document -c
+
+ * kpasswd/kpasswd.c: allow specifying a credential cache to use
+ for the admin principal
+
+ * include/bits.c: constify to avoid warning with -Wwrite-string
+
+ * NEWS: add 0.6.2 and 0.6.3 items
+
+ * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended
+
+ * lib/krb5/krb5_is_thread_safe.3: document function
+
+ * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3
+
+ * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the
+ library was compiled with multithreading support. If not,
+ application must global lock the library, it it uses threads that
+ call kerberos functions at the same time.
+
+2005-01-05 Luke Howard <lukeh at padl.com>
+
+ * lib/krb5/auth_context.c: use krb5_generate_subkey_extended()
+
+ * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION
+
+ * lib/krb5/build_auth.c: support for enctype negotiation
+ (client sends EtypeList in Authenticator authz data)
+
+ * lib/krb5/context.c: mutex should be destroyed last in
+ krb5_free_context()
+
+ * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(),
+ set *subkey to NULL if key geneartion fails
+
+ * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA
+
+ * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56
+
+ * lib/krb5/rd_req.c: support for enctype negotiation
+ (client sends EtypeList in Authenticator authz data)
+
+2005-01-04 Luke Howard <lukeh at padl.com>
+
+ * lib/asn1/k5.asn1: add authorization data types for enctype
+ negotiation implementation
+
+2005-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/changepw.c (change_password_loop): on failing to find a
+ kdc, set result_code to KRB5_KPASSWD_HARDERROR
+
+2005-01-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/heimdal.texi: Happy New Year
+
Added: vendor-crypto/heimdal/dist/ChangeLog.2006
===================================================================
--- vendor-crypto/heimdal/dist/ChangeLog.2006 (rev 0)
+++ vendor-crypto/heimdal/dist/ChangeLog.2006 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2047 @@
+2006-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/process.c: Handle kx509 requests.
+
+ * kdc/connect.c: Listen to 9878 if kca is turned on.
+
+ * kdc/headers.h: Include <kx509_asn1.h>.
+
+ * kdc/config.c: code to parse [kdc]enable-kx509
+
+ * kdc/kdc.h: add enable_kx509
+
+ * kdc/Makefile.am: add kx509.c
+
+ * kdc/kx509.c: Kx509server (external certificate genration).
+
+ * lib/krb5/ticket.c: add krb5_ticket_get_endtime
+
+ * lib/krb5/krb5_ticket.3: Document krb5_ticket_get_endtime
+
+ * kdc/digest.c: Remove <digest_asn.h>, its already included in
+ headers.h
+
+ * kdc/digest.c: Return session key for the NTLMv2 case too
+
+ * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value
+ is krb5_error_code
+
+2006-12-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for
+ des-cbc-md4 and des-cbc-md5. This is for (older) windows that
+ will be unhappy anything else. From Inna Bort-Shatsky
+
+2006-12-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: Prefix internal symbol with _kdc_.
+
+ * kdc/kdc.h: add digests_allowed
+
+ * kdc/digest.c: return NTLM2 targetinfo structure.
+
+ * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo.
+
+ * kdc/config.c: Parse digest acl's
+
+ * kdc/kdc_locl.h: forward decl;
+
+ * kdc/digest.c: Add digest acl's
+
+2006-12-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: build ntlm-private.h
+
+2006-12-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/make_crypto.c: Include <.../hmac.h>.
+
+ * kdc/digest.c: reorder to show slot here ntlmv2 code will be
+ placed.
+
+ * kdc/digest.c: Announce that we support key exchange and add bits
+ to detect when it wasn't used.
+
+ * kdc/digest.c: Add support for generating NTLM2 session security
+ answer.
+
+2006-12-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/digest.c: Add sessionkey accessor functions.
+
+2006-12-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/digest.c: Unwrap the NTLM session key and return it to the
+ server.
+
+2006-12-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc
+ failure part, noticed by Arnaud Lacombe in NetBSD coverity scan.
+
+2006-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning.
+
+ * kdc/digest.c: Support NTLM verification, note that the KDC does
+ no NTLM packet parsing, its all done by the client side, the KDC
+ just calculate and verify the digest and return the result to the
+ service.
+
+ * kuser/kdigest.c: add ntlm-server-init
+
+ * kuser/Makefile.am: kdigest depends on libheimntlm.la
+
+ * kdc/headers.h: Include <heimntlm.h>.
+
+ * kdc/Makefile.am: libkdc needs libheimntlm.la
+
+ * autogen.sh: just run autoreconf -i -f
+
+ * lib/Makefile.am: hook in ntlm
+
+ * configure.in (AC_CONFIG_FILES): add lib/ntlm/Makefile
+
+ * lib/krb5/digest.c: API to authenticate ntlm requests.
+
+ * lib/krb5/fcache.c: Support "iteration" of file credential caches
+ by giving the user back the default file credential cache and only
+ that.
+
+ * lib/krb5/krb5_locl.h: Expand the default root for some of the cc
+ type names.
+
+2006-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data
+ structure too. Bug report from Stefan Metzmacher.
+
+2006-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: Read the appdefault configration before we try to
+ use the flags. Bug reported by Ingemar Nilsson.
+
+ * kuser/kdigest.c: prefix digest commands with digest_
+
+ * kuser/kdigest-commands.in: prefix digest commands with digest-
+
+2006-12-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/hprop.c: Return error codes on failure, improve error
+ reporting.
+
+2006-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error
+
+ * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error
+ strings
+
+2006-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: CLEANFILES += vis.h
+
+2006-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the
+ encrypted ticket
+
+ * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds
+ an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients
+ that we vouches for the CA.
+
+ * kdc/kerberos5.c (_kdc_tkt_add_if_relevant_ad): new function.
+
+ * lib/Makefile.am: Make the directories test automake conditional
+ so automake can include directories in make dist step.
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): leak less memory for
+ ExternalPrincipalIdentifiers
+
+ * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers
+
+ * kdc/pkinit.c: Add comment that the anchors in the signed data
+ really should be the trust anchors of the client.
+
+ * kuser/generate-requests.c: Use strcspn to remove \n from
+ string returned by fgets. From Bj\xF6rn Sandell
+
+ * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from
+ string returned by fgets. From Bj\xF6rn Sandell
+
+2006-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol
+ functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/config_file.c: Use strcspn to remove \n from fgets
+ result. Prompted by change by Ray Lai of OpenBSD via Bj\xF6rn
+ Sandell.
+
+ * kdc/string2key.c: Use strcspn to remove \n from fgets
+ result. Prompted by change by Ray Lai of OpenBSD via Bj\xF6rn
+ Sandell.
+
+2006-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass
+ in a NULLed plugin list
+
+2006-11-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: add more pkinit options.
+
+ * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply
+ to expect, this avoids overwriting the real PK-INIT error from
+ just a failed requeat with a Windows PK-INIT error (that always
+ failes).
+
+ * kdc/Makefile.am: Add LIB_pkinit to pacify AIX
+
+ * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX
+
+2006-11-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry
+ wrapping. Patch from Andreas Hasenack.
+
+ * kdc/pkinit.c: Need better code in the DH parameter rejection
+ case, add comment to that effect.
+
+2006-11-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large
+ packets when using datagram based transports.
+
+ * kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep.
+
+ * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes.
+
+2006-11-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Pass down hx509_peer_info.
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and
+ pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and
+ pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
+
+2006-11-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not
+ fragment packets and avoid stupid linklayers that doesn't allow
+ fragmented packets (unix dgram sockets on Mac OS X)
+
+2006-11-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users
+ certs in the pool to make sure a path is returned, without this
+ proxy certificates wont work.
+
+2006-11-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/config.c: Make all pkinit options prefixed with pkinit_
+
+ * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from
+ krb5_context
+
+ * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest
+
+ * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE.
+
+ * kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate
+ checksum.
+
+ * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate
+ checksum.
+
+2006-11-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a
+ context argument.
+
+ * lib/krb5/krb5_get_init_creds.3: Make
+ krb5_get_init_creds_opt_free take a context argument.
+
+ * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take
+ a context argument.
+
+ * kuser/kinit.c: Make krb5_get_init_creds_opt_free take a context
+ argument.
+
+ * kpasswd/kpasswd.c: Make krb5_get_init_creds_opt_free take a
+ context argument.
+
+ * kpasswd/kpasswd-generator.c: Make krb5_get_init_creds_opt_free
+ take a context argument.
+
+ * kdc/hprop.c: Make krb5_get_init_creds_opt_free take a context
+ argument.
+
+ * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a
+ context argument.
+
+ * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a
+ context argument.
+
+2006-11-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: fix pkinit option (s/-/_/)
+
+ * kdc/config.c: revert the enable-pkinit change, and make it
+ consistant with all other other enable- options
+
+2006-11-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: Make all pkinit options prefixed with pkinit_
+
+ * kdc/config.c: Make all pkinit options prefixed with pkinit_
+
+ * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_
+
+ * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_
+
+ * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again.
+
+ * lib/krb5/mit_glue.c (krb5_c_keylengths): rename.
+
+ * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api,
+ deal.
+
+2006-11-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pac.c (fill_zeros): stop using MIN.
+
+ * kuser/kinit.c: Forward decl
+
+ * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE.
+
+ * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s.
+
+ * lib/krb5/test_plugin.c: Set sin_len if it exists.
+
+ * lib/krb5/krbhst.c: Use plugin for the other realm locate types
+ too.
+
+2006-11-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_locl.h: Add plugin api
+
+ * lib/krb5/Makefile.am: Add plugin api.
+
+ * lib/krb5/krbhst.c: Use the resolve plugin interface.
+
+ * lib/krb5/locate_plugin.h: Add plugin interface for resolving
+ that is API compatible with MITs version.
+
+ * lib/krb5/plugin.c: Add first version of the plugin interface.
+
+ * lib/krb5/test_pac.c: Test signing.
+
+ * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now.
+
+ * lib/krb5/krb5.h: Add struct krb5_pac.
+
+2006-11-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/test_pac.c: PAC testing.
+
+ * lib/krb5/pac.c: Sprinkle error strings.
+
+ * lib/krb5/pac.c: Verify LOGON_NAME.
+
+ * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an
+ argument
+
+ * kdc/kerberos5.c (_kdc_as_rep): drop client_princ from
+ _kdc_pk_check_client since its not valid in canonicalize case
+
+ * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength.
+
+ * lib/krb5/mit_glue.c: Add krb5_c_keylength.
+
+2006-11-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pac.c: Almost enough code to do PAC parsing and
+ verification, missing in the unix2NTTIME and ucs2 corner. The
+ later will be adressed by finally adding libwind.
+
+ * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew
+
+ * kdc/hpropd.c: Remove support dumping to a kerberos 4 database.
+
+2006-11-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to
+ krb5_[gs]et_max_time_skew
+
+ * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed.
+ Check for id-pKKdcEkuOID and warn if its not there.
+
+ * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions.
+
+2006-11-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx.
+
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all
+ dancing version of the krb5_rd_req and implement krb5_rd_req and
+ krb5_rd_req_with_keyblock using it.
+
+2006-11-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging.
+
+2006-11-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/expand_hostname.c: Rename various routines and
+ constants from canonize to canonicalize. From Andrew Bartlett
+
+ * lib/krb5/context.c: Add krb5_[gs]et_time_wrap
+
+ * lib/krb5/krb5_locl.h: Rename various routines and constants from
+ canonize to canonicalize. From Andrew Bartlett
+
+ * appl/gssmask/common.c (add_list): fix alloc statement.
+ From Alex Deiter
+
+2006-10-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: Move version.h and version.h.in to
+ DISTCLEANFILES.
+
+2006-10-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmask.c: Only log when there are resources left.
+
+ * appl/gssmask/gssmask.c: make compile
+
+ * appl/gssmask/gssmask.c (AcquireCreds): free
+ krb5_get_init_creds_opt
+
+2006-10-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: heimdal 0.8-RC1
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/digest.c: Try to not leak memory.
+
+ * kdc/digest.c: Try to not leak memory.
+
+ * Makefile.am: remove valgrind target, it doesn't belong here.
+
+ * kuser/kinit.c: Try to not leak memory.
+
+ * kuser/kgetcred.c: Try to not leak memory.
+
+ * kdc/krb5tgs.c (check_KRB5SignedPath): free KRB5SignedPath on
+ successful completion too, not just the error cases.
+
+ * fix-export: Make make fix-export less verbose.
+
+ * kuser/kgetcred.c: Try to not leak memory.
+
+ * lib/hdb/keys.c (hdb_generate_key_set): free list of enctype when
+ done.
+
+ * lib/krb5/crypto.c: Allocate the memory we later use.
+
+ * lib/krb5/test_princ.c: Try to not leak memory.
+
+ * lib/krb5/test_crypto_wrapping.c: Try to not leak memory.
+
+ * lib/krb5/test_cc.c: Try to not leak memory.
+
+ * lib/krb5/addr_families.c (arange_free): Try to not leak memory.
+
+ * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory.
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/heimdal-build.sh: Add --test-environment
+
+ * tools/heimdal-build.sh: Add --ccache-dir
+
+ * lib/hdb/Makefile.am: remove dependency on et files covert_db
+ that now is removed
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: add gssapi to subdirs
+
+ * lib/hdb/hdb-ldap.c: Make compile.
+
+ * configure.in: add include/gssapi/Makefile.
+
+ * include/Makefile.am: clean more files
+
+ * include/make_crypto.c: Avoid creating a file called --version.
+
+ * include/bits.c: Avoid creating a file called --version.
+
+ * appl/test/Makefile.am: add nt_gss_common.h
+
+ * doc/Makefile.am: Disable TEXI2DVI for now.
+
+ * tools/Makefile.am: more files
+
+ * lib/krb5/context.c (krb5_free_context): free send_to_kdc context
+
+ * doc/heimdal.texi: Put Heimdal in the dircategory Security.
+
+ * lib/krb5/send_to_kdc.c: Add sent_to_kdc hook, from Andrew
+ Bartlet.
+
+ * lib/krb5/krb5_locl.h: Add send_to_kdc hook.
+
+ * lib/krb5/krb5.h: Add krb5_send_to_kdc_func prototype.
+
+ * kcm/Makefile.am: more files
+
+ * kdc/Makefile.am: more files
+
+ * lib/hdb/Makefile.am: more files
+
+ * lib/krb5/Makefile.am: add more files
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST.
+
+ * configure.in: Don't check for timegm, libroken provides it for
+ us.
+
+ * lib/krb5/acache.c: Does function typecasts instead of void *
+ type-casts.
+
+ * lib/krb5/krb5.h: Remove bonus , that Love sneeked in.
+
+ * configure.in: make --disable-pk-init help text also negative
+
+2006-10-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kgetcred.c: Avoid memory leak.
+
+ * tools/heimdal-build.sh: Add more verbose logging, add version of
+ script and heimdal to the mail.
+
+ * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to
+ avoid macros rewriting open and close.
+
+ * lib/krb5/Makefile.am: Add test_princ.
+
+ * lib/krb5/principal.c: More error strings, handle realm-less
+ printing.
+
+ * lib/krb5/test_princ.c: Test principal parsing and unparsing.
+
+2006-10-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we
+ don't recurse
+
+ * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components
+ -> no dns. no mapping, try local realm and hope KDC knows better.
+
+ * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags
+
+ * lib/krb5/krb5_principal.3: Document
+ krb5_unparse_name{_fixed,}_flags.
+
+ * lib/krb5/principal.c: Add krb5_unparse_name_flags and
+ krb5_unparse_name_fixed_flags.
+
+ * lib/krb5/krb5_principal.3: Document krb5_parse_name_flags.
+
+ * lib/krb5/principal.c: Add krb5_parse_name_flags.
+
+ * lib/krb5/principal.c: Add krb5_parse_name_flags.
+
+ * lib/krb5/krb5.h: Add krb5_parse_name_flags flags.
+
+ * lib/krb5/krb5_locl.h: Hide krb5_context_data from public
+ exposure.
+
+ * lib/krb5/krb5.h: Hide krb5_context_data from public exposure.
+
+ * kuser/klist.c: Use krb5_get_kdc_sec_offset.
+
+ * lib/krb5/context.c: Document krb5_get_kdc_sec_offset()
+
+ * lib/krb5/krb5_init_context.3: Add krb5_get_kdc_sec_offset()
+
+ * lib/krb5/krb5_init_context.3: Add krb5_set_dns_canonize_hostname
+ and krb5_get_dns_canonize_hostname
+
+ * lib/krb5/verify_krb5_conf.c:
+ add [libdefaults]dns_canonize_hostname
+
+ * lib/krb5/expand_hostname.c: use dns_canonize_hostname to
+ determin if we should talk to dns to find the canonical name of
+ the host.
+
+ * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname.
+
+ * tools/heimdal-build.sh: Set status.
+
+ * appl/gssmask/gssmask.c: handle more bits
+
+ * kdc/kerberos5.c: Prefix asn1 primitives with der_.
+
+2006-10-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: Build lib/asn1/der-protos.h.
+
+2006-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/Makefile.am: Add explit depenency on libroken.
+
+ * kdc/krb5tgs.c: Prefix der primitives with der_.
+
+ * kdc/pkinit.c: Prefix der primitives with der_.
+
+ * lib/hdb/ext.c: Prefix der primitives with der_.
+
+ * lib/hdb/ext.c: Prefix der primitives with der_.
+
+ * lib/krb5/crypto.c: Remove workaround from when there wasn't
+ always aes.
+
+ * lib/krb5/ticket.c: Prefix der primitives with der_.
+
+ * lib/krb5/digest.c: Prefix der primitives with der_.
+
+ * lib/krb5/crypto.c: Prefix der primitives with der_.
+
+ * lib/krb5/data.c: Prefix der primitives with der_.
+
+2006-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From
+ Olga Kornievskaia.
+
+ * kdc/kdc.8: document max-kdc-datagram-reply-length
+
+ * include/bits.c: Include Xint64 types.
+
+2006-10-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/heimdal-build.sh: Add socketwrapper and cputime limit.
+
+ * kdc/connect.c (loop): Log that the kdc have started.
+
+2006-10-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c (do_request): tell krb5_kdc_process_request if its
+ a datagram reply or not
+
+ * kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its
+ a datagram reply and the datagram reply length limit is reached.
+
+ * kdc/process.c: Rename krb5_kdc_process_generic_request to
+ krb5_kdc_process_request Add datagram_reply argument.
+
+ * kdc/config.c: check for [kdc]max-kdc-datagram-reply-length
+
+ * kdc/kdc.h (krb5_kdc_config): Add max_datagram_reply_length.
+
+ * lib/hdb/keytab.c: Change || to |, From metze.
+
+ * lib/hdb/keytab.c: Add back :file to sample format.
+
+ * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out
+ by Andrew Bartlet.
+
+ * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from
+ auth->cusec.
+
+2006-10-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: dist_-ify libkadm5clnt_la_SOURCES too
+
+ * doc/heimdal.texi: Update (c) years.
+
+ * appl/gssmask/protocol.h: Clarify protocol.
+
+ * kdc/hpropd.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * kdc/kerberos4.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * kdc/connect.c (handle_vanilla_tcp): shorten length when we
+ shorten the buffer, this matter im the PK-INIT encKey case where a
+ checksum is done over the whole packet. Reported by Olga
+ Kornievskaia
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: crypto-headers.h is a nodist header
+
+ * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1
+ unsigned char to make OpenSSL happy.
+
+ * appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST
+
+ * kuser/Makefile.am: split build files into dist_ and noinst_
+ SOURCES
+
+ * lib/hdb/Makefile.am: split build files into dist_ and noinst_
+ SOURCES
+
+ * lib/krb5/Makefile.am: split build files into dist_ and noinst_
+ SOURCES
+
+ * kdc/kerberos5.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+2006-10-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krbhst.c (common_init): don't try DNS when there is
+ realm w/o a dot.
+
+ * kdc/524.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * kdc/krb5tgs.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * lib/krb5/get_in_tkt.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * lib/krb5/rd_cred.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * lib/krb5/rd_req.c: Adapt to signature change of
+ _krb5_principalname2krb5_principal.
+
+ * lib/krb5/asn1_glue.c (_krb5_principalname2krb5_principal): add
+ krb5_context to signature.
+
+ * kdc/524.c (_krb5_principalname2krb5_principal): adapt to
+ signature change
+
+ * lib/hdb/keytab.c (hdb_get_entry): close and destroy the database
+ later, the hdb_entry_ex might still contain links to the database
+ that it expects to use.
+
+ * kdc/digest.c: Make digest argument o MD5_final unsigned char to
+ help OpenSSL.
+
+ * kuser/kdigest.c: Make digest argument o MD5_final unsigned char
+ to help OpenSSL.
+
+ * appl/gssmask/common.h: Maybe include <sys/wait.h>.
+
+2006-10-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and
+ explain why
+
+ * tools/heimdal-build.sh: Another mail header.
+
+ * tools/heimdal-build.sh: small fixes
+
+ * fix-export: More liberal parsing of AC_INIT
+
+ * tools/heimdal-build.sh: first cut
+
+2006-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: Call AB_INIT.
+
+ * kuser/kinit.c: Add flag --pk-use-enckey.
+
+ * kdc/pkinit.c: Sign the request in the encKey case. Bug reported
+ by Olga Kornievskaia of Umich.
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_digest.3
+
+ * lib/krb5/krb5_digest.3: Add all protos
+
+2006-10-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_digest.3: Basic krb5_digest manpage.
+
+2006-10-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: build gssapi mech private files
+
+ * lib/krb5/init_creds_pw.c: minimize layering and remove
+ krb5_kdc_flags
+
+ * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit
+ order.
+
+ * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right
+ bit order.
+
+ * kuser/kdigest.c: Don't require --kerberos-realm.
+
+ * lib/krb5/digest.c (digest_request): if NULL is passed in as
+ realm, use default realm.
+
+ * fix-export: build gssapi mech private files
+
+2006-09-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context
+ building, better error handling.
+
+ * appl/gssmask/gssmaestro.c: switch from wrap/unwrap to
+ encrypt/decrypt
+
+ * appl/gssmask/gssmask.c: Don't announce spn if there is none.
+
+ * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is
+ the same as afterward.
+
+2006-09-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE.
+
+ * appl/gssmask/gssmaestro.c: Add logsocket support.
+
+2006-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmaestro.c (build_context): print the step the
+ context exchange.
+
+2006-09-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG
+ to all context flags
+
+ * appl/gssmask/gssmaestro.c: Add wrap and mic tests for all
+ elements
+
+ * appl/gssmask/gssmask.c: Add mic tests
+
+ * appl/gssmask/gssmaestro.c: dont exit early then when context
+ is half built.
+
+ * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx
+ seems broken and its not good to upgrade to a broken enctype.
+
+2006-09-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmask.c: Add wrap/unwrap ops
+
+ * appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags
+
+ * appl/gssmask/common.c: Add permutate_all (and support
+ functions).
+
+ * appl/gssmask/common.h: Add permutate_all
+
+ * appl/gssmask/gssmask.c: use new flags, return moniker
+
+ * appl/gssmask/gssmaestro.c: test self context building and all
+ permutation of clients
+
+2006-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmask.c: add --logfile option, use htons() on
+ port number
+
+ * appl/gssmask/gssmaestro.c: Log port in connection message.
+
+ * configure.in: Make pk-init turned on by default.
+
+2006-09-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}.
+
+ * kuser/Makefile.am: Add tool for printing tickets.
+
+ * kuser/kimpersonate.1: Add tool for printing tickets.
+
+ * kuser/kimpersonate.c: Add tool for printing tickets.
+
+ * kdc/krb5tgs.c: Check the adtkt in the constrained delegation
+ case too.
+
+2006-09-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/main.c (sigterm): don't _exit, let loop() catch the signal
+ instead.
+
+ * lib/krb5/krb5_timeofday.3: Fixes from Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_get_init_creds.3: Fixes from Bj\xF6rn Sandell.
+
+2006-09-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/krb5-config.in: Add "kafs" option.
+
+2006-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/db.c: By using full function calling conversion (*func)
+ we avoid problem when close(fd) is overridden using a macro.
+
+ * lib/krb5/cache.c: By using full function calling
+ conversion (*func) we avoid problem when close(fd) is overridden
+ using a macro.
+
+2006-09-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Signing outgoing tickets.
+
+ * kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self
+ works securely.
+
+ * lib/krb5/pkinit.c: Adapt to new signature of
+ hx509_cms_unenvelope.
+
+2006-09-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a
+ sensable way
+
+2006-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_init_context.3: Prevent a font generation warning,
+ from Jason McIntyre.
+
+2006-09-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/context.c (krb5_init_ets): Add the hx errortable
+
+ * lib/krb5/krb5_locl.h: Include hx509_err.h.
+
+ * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string
+ from the hx509 lib
+
+2006-09-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
+ fix argument to krb5_get_init_creds_opt_set_addressless.
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the
+ error when we actually have an error to catch.
+
+ * lib/krb5/init_creds_pw.c: Remove debug printfs.
+
+ * kuser/kinit.c: Remove debug printf
+
+ * lib/krb5/krb5_get_init_creds.3: Document
+ krb5_get_init_creds_opt_set_addressless.
+
+ * kuser/kinit.c: Use new function
+ krb5_get_init_creds_opt_set_addressless.
+
+ * lib/krb5/krb5_locl.h: use new addressless, convert pa-pac option
+ to use the same tri-state option as the new addressless option.
+
+ * lib/krb5/init_creds_pw.c: use new addressless, convert pa-pac
+ option to use the same tri-state option as the new addressless
+ option.
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless):
+ used to control the address-lessness of the initial tickets
+ instead of passing in the empty set of address into
+ krb5_get_init_creds_opt_set_addresses.
+
+2006-09-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c (renew_validate): inherit the proxiable and
+ forwardable from the orignal ticket, pointed out by Bernard
+ Antoine of CERN.
+
+ * doc/setup.texi: More text about the acl_file entry and
+ hdb-ldap-structural-object. From R\xFCdiger Ranft.
+
+ * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback
+ lookups to 5. Patch from Wesley Craig, umich.edu
+
+ * configure.in: Add special tests for <sys/ucred.h>, include test
+ for sys/param.h and sys/types.h
+
+ * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth
+ Patch from Ingemar Nilsson <init at pdc.kth.se>
+
+2006-08-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kdigest.c (help): use sl_slc_help().
+
+ * kdc/digest.c: Catch more error, add SASL DIGEST MD5.
+
+ * lib/krb5/digest.c: Catch more error.
+
+2006-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: language.
+
+ * doc/heimdal.texi: Add last updated text.
+
+ * doc/heimdal.css: make box around heimdal title
+
+ * doc/heimdal.css: Inital Heimdal css for the info manual
+
+ * lib/krb5/digest.c: In the case where we get a DigestError back,
+ save the error string and code.
+
+2006-08-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used.
+
+ * kdc/digest.c: Remove local error label and have just one exit
+ label, set error strings properly.
+
+ * kdc/digest.c: Simply the disabled-service case. Check the
+ allow-digest flag in the HDB entry for the client.
+
+ * kdc/process.c (krb5_kdc_process_generic_request): check if we
+ got a digest request and process it.
+
+ * kdc/main.c: Register hdb keytab operations.
+
+ * kdc/kdc.8: document [kdc]enable-digest=boolean
+
+ * kdc/Makefile.am: add digest to libkdc
+
+ * kdc/digest.c: Make a return a goto to avoid freeing un-inited
+ memory in cleanup code.
+
+ * kdc/default_config.c (krb5_kdc_default_config): default to all
+ bits set to zero.
+
+ * kdc/kdc.h (krb5_kdc_configuration): Add enable_digest
+
+ * kdc/headers.h: Include <digest_asn1.h>.
+
+ * lib/krb5/context.c (krb5_kerberos_enctypes): new function,
+ returns the list of Kerberos encryption types sorted in order of
+ most preferred to least preferred encryption type.
+
+ * kdc/misc.c (_kdc_get_preferred_key): new function, Use the order
+ list of preferred encryption types and sort the available keys and
+ return the most preferred key.
+
+ * kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys().
+
+ * kdc/kerberos5.c: Handle session key etype separately from the
+ tgt etype, now the krbtgt can be a aes-only key without the need
+ to support not-as-good etypes for the krbtgt.
+
+2006-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/misc.c: Change _kdc_db_fetch() to return the database
+ pointer to if needed by the consumer.
+
+ * kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database
+ pointer to if needed by the consumer.
+
+ * kdc/kerberos5.c: Change _kdc_db_fetch() to return the database
+ pointer to if needed by the consumer.
+
+ * kdc/kerberos4.c: Change _kdc_db_fetch() to return the database
+ pointer to if needed by the consumer.
+
+ * kdc/kaserver.c: Change _kdc_db_fetch() to return the database
+ pointer to if needed by the consumer.
+
+ * kdc/524.c: Change _kdc_db_fetch() to return the database pointer
+ to if needed by the consumer.
+
+ * kuser/kdigest-commands.in: Add --kerberos-realm, add client
+ request command.
+
+ * lib/krb5/Makefile.am: digest.c
+
+ * lib/krb5/krb5.h: Add digest glue.
+
+ * lib/krb5/digest.c (krb5_digest_set_authentication_user): use
+ krb5_principal
+
+ * lib/krb5/digest.c: Add digest support to the client side.
+
+2006-08-21 Love H\xF6rnquist \xC5strand <lha at it.kth.se>
+
+ * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on
+ error and set return pointer to NULL
+ (krb5_free_ap_rep_enc_part): permit freeing of NULL
+
+2006-08-18 Love H\xF6rnquist \xC5strand <lha at it.kth.se>
+
+ * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}:
+ Frontend for remote digest service in KDC
+
+ * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl
+ functions.
+
+ * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions,
+ stores/retrieves a \n terminated string.
+
+ * lib/krb5/krb5_locl.h: Default to address-less tickets.
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear
+ error string on error.
+
+2006-07-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c: remove aes-192 (CMS)
+
+ * lib/krb5/crypto.c: Remove more CMS bits.
+
+ * lib/krb5/crypto.c: Remove CMS symmetric encryption support.
+
+2006-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when
+ there are no acl
+
+ * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos
+ database
+
+ * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to
+ HDB-Ext-PKINIT-hash. Add trust anchor to HDB-Ext-PKINIT-acl.
+
+ * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to
+ asn1_HDB_Ext_PKINIT_hash
+
+ * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash().
+
+2006-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: If --password-file gets STDIN, read the password
+ from the standard input.
+
+ * kuser/kinit.1: Document --password-file=STDIN.
+
+ * lib/krb5/krb5_string_to_key.3: Remove duplicate to.
+
+2006-07-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed
+ principals, check the second component of the krbtgt, otherwise
+ cross realm wont work. Prompted by report from Mattias Amnefelt.
+
+2006-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for
+ length
+ (handle_tcp): if the high bit it set in the unknown case, send
+ back a KRB_ERR_FIELD_TOOLONG
+
+2006-07-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmaestro.c: Add get_version_capa, cache
+ target_name.
+
+ * appl/gssmask/gssmask.c: use utname() to find the local hostname
+ and version of operatingsystem
+
+ * appl/gssmask/common.h: include <sys/utsname.h>
+
+ * appl/gssmask/gssmask.c: break out creation of a client and make
+ handleServer pthread_create compatible
+
+ * appl/gssmask/gssmaestro.c: break out out the build context
+ function
+
+2006-07-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * appl/gssmask/gssmaestro.c: externalize slave handling, add
+ GetTargetName glue
+
+ * appl/gssmask/gssmaestro.c: externalize principal/password handling
+
+ * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL
+ the first thing we do, so that on failure its set to a known value
+
+ * appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to
+ avoid memory corruption GetTargetName: always send a string, even
+ though we don't have a targetname
+
+ * appl/gssmask: break out common function; add gssmaestro (that
+ only tests one context for now)
+
+2006-06-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on
+ malloc failure
+
+ * appl/gssmask/gssmask.c: split out fetching of credentials for
+ easier reuse for pk-init testing
+
+ * appl/gssmask: maggot replacement, handles context testing
+
+ * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME
+ as the default prefix
+
+2006-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/heimdal.texi: Add Doug Rabson's license
+
+2006-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the
+ krb5_get_init_creds_opt structure.
+
+ * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error.
+
+ * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add
+ KRB-ERROR
+
+2006-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: section about verify_krb5_conf and kadmin check
+
+2006-06-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred
+ argument, its unused
+
+ * lib/krb5/Makefile.am: install krb5_get_creds.3
+
+ * lib/krb5/krb5_get_creds.3: new file
+
+2006-06-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is
+ ARCFOUR key already. Idea from Andreas Hasenack. While here, set
+ pw change time using sambaPwdLastSet
+
+ * kdc/kerberos4.c: Use enable_v4_per_principal and check the new
+ hdb flag.
+
+ * kdc/kdc.h: Add enable_v4_per_principal
+
+2006-06-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): if kdc_time +
+ config->kdc_warn_pwexpire is past pw_end, add expiration
+ message. From Bernard Antoine.
+
+ * kdc/default_config.c (krb5_kdc_default_config): set
+ kdc_warn_pwexpire to 0
+
+ * kdc/kerberos5.c: indent.
+
+2006-06-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c: constify
+
+2006-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/get_cred.c: Allow setting additional tickets in the
+ tgs-req
+
+ * kuser/kgetcred.c: add --delegation-credential-cache
+
+ * kdc/krb5tgs.c (tgs_build_reply): add constrained delegation.
+
+ * kdc/krb5tgs.c: Add impersonation.
+
+ * kuser/kgetcred.c: use new krb5_get_creds interface, add
+ impersonation.
+
+ * lib/krb5/get_cred.c (krb5_get_creds): add
+ KRB5_GC_NO_TRANSIT_CHECK
+
+ * lib/krb5/misc.c: Add impersonate support functions.
+
+ * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface.
+
+ * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation
+
+ * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more
+ KRB5_GC flags.
+
+2006-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function.
+
+ * lib/krb5/pkinit.c: Avoid more shadowing.
+
+ * kdc/connect.c (do_request): clean reply with krb5_data_zero
+
+ * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local
+ clien must exists test.
+
+ * kdc/krb5tgs.c: Plug old memory leaks, unify all goto's.
+
+ * kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and
+ tgs_build_reply.
+
+ * kdc/kerberos5.c: split out krb5 tgs req to make it easier to
+ reorganize the code.
+
+2006-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: spelling Bj\xF6rn Sandell
+
+ * lib/krb5/krb5_get_in_cred.3: spelling Bj\xF6rn Sandell
+
+2006-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.c (change): select the realm based on the
+ target principal From Gabor Gombas
+
+ * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO
+
+ * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO
+
+2006-05-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed.
+ Fix a warning.
+
+ * doc/setup.texi: Point to more examples, hint that you have to
+ use openssl 0.9.8a or later.
+
+ * doc/setup.texi: DIR now handles both PEM and DER.
+
+ * kuser/kinit.c: Pass down prompter and password to
+ krb5_get_init_creds_opt_set_pkinit.
+
+ * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its
+ longer then 0
+
+ * doc/ack.texi: Add Jason McIntyre.
+
+ * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason
+ McIntyre.
+
+2006-05-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.c: Move parsing of the PK-INIT configuration file to
+ the library so application doesn't need to deal with it.
+
+ * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move
+ parsing of the configuration file to the library so application
+ doesn't need to deal with it.
+
+ * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to
+ when trying to read the user certificate.
+
+ * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1
+ on failure. Pointed out by Douglas E. Engert.
+
+2006-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto
+ context cases and doesn't reset the string, and corrects the
+ grammar.
+
+ * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support,
+ its all containted in libhcrypto and libhx509 now.
+
+2006-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use
+ hx509_get_one_cert.
+
+ * lib/krb5/crypto.c (create_checksum): provide a error message
+ that a key checksum needs a key. From Andew Bartlett.
+
+2006-05-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check
+ for hx509 null DH.
+
+ * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in
+ older OpenSSL.
+
+ * doc/heimdal.texi: Add blob about imath.
+
+ * doc/ack.texi: Add blob about imath.
+
+ * include/make_crypto.c: Move up evp.h to please OpenSSL, from
+ Douglas E. Engert.
+
+ * kcm/acl.c: Multicache kcm interation isn't done yet, let wait
+ with this enum.
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Bj\xF6rn
+ Sandell
+
+ * lib/krb5/krb5_rcache.3: Spelling/mdoc from Bj\xF6rn Sandell
+
+ * lib/krb5/krb5_keytab.3: Spelling/mdoc from Bj\xF6rn Sandell
+
+ * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Bj\xF6rn Sandell
+
+ * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Bj\xF6rn
+ Sandell
+
+ * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Bj\xF6rn
+ Sandell
+
+ * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit
+ kvno if the reset of the data is longer then 4 bytes in hope to be
+ forward compatible. Pointed out by Michael B Allen.
+
+ * doc/programming.texi: Add fileformats.
+
+ * appl/test: Rename u_intXX_t to uintXX_t
+
+ * kuser: Rename u_intXX_t to uintXX_t
+
+ * kdc: Rename u_intXX_t to uintXX_t
+
+ * lib/hdb: Rename u_intXX_t to uintXX_t
+
+ * lib/45]: Rename u_intXX_t to uintXX_t
+
+ * lib/krb5: Rename u_intXX_t to uintXX_t
+
+ * lib/krb5/Makefile.am: Add test_store to TESTS
+
+ * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more
+ useful error message.
+
+ * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan.
+
+2006-05-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos4.c: Use the new unsigned integer storage types.
+
+ * kdc/kaserver.c: Use the new unsigned integer storage
+ types. Sprinkle some error handling.
+
+ * lib/krb5/krb5_storage.3: Document ret and store function for the
+ unsigned fixed size integer types.
+
+ * lib/krb5/v4_glue.c: Use the new unsigned integer storage
+ types. Fail that the address doesn't match, not the reverse.
+
+ * lib/krb5/store.c: Add ret and store function for the unsigned
+ fixed size integer types.
+
+ * lib/krb5/test_store.c: Test the integer storage types.
+
+2006-05-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c (krb5_store_principal): make it take a
+ krb5_const_principal, indent
+
+ * lib/krb5/krb5_storage.3: krb5_store_principal takes a
+ krb5_const_principal
+
+ * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no
+ longer a pointer.
+
+ * kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file
+
+ * kdc/config.c: read [kdc]pki-kdc-ocsp
+
+2006-05-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if
+ it seems to be valid, simplfy the pkinit-windows DH case (it
+ doesn't exists).
+
+2006-05-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Bj\xF6rn
+ Sandell.
+
+ * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes,
+ from Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes,
+ from Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_address.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from
+ Bj\xF6rn Sandell.
+
+ * lib/krb5/krb5.3: Spelling, from Bj\xF6rn Sandell.
+
+ * doc/ack.texi: add Bj\xF6rn
+
+2006-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (cert2epi): don't include subject if its null
+
+2006-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Send over what trust anchors the client have
+ configured.
+
+ * lib/krb5/pkinit.c (pk_verify_host): set better error string,
+ only check kdc name/address when we got a hostname/address passed
+ in the the function.
+
+ * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log
+ when a SAN matches.
+
+2006-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: More options and some text about windows
+ clients, certificate and KDCs.
+
+ * doc/setup.texi: notice about pki-mappings file space sensitive
+
+ * doc/setup.texi: Example pki-mapping file.
+
+ * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address
+
+ * lib/hdb/hdb.h: Bump hdb interface version to 4.
+
+2006-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kdestroy.1: Document --credential=principal.
+
+ * kdc/kerberos5.c (tgs_rep2): check that the client exists in the
+ kerberos database if its local request.
+
+ * kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_
+ flags as appropriate
+
+ * kdc/kerberos4.c (_kdc_db_fetch4): pass down flags though
+ krb5_425_conv_principal_ext2
+
+ * kdc/misc.c (_kdc_db_fetch): Break out the that we request from
+ principal from the entry and pass it in as a seprate argument.
+
+ * lib/hdb/keytab.c (hdb_get_entry): Break out the that we request
+ from principal from the entry and pass it in as a seprate
+ argument.
+
+ * lib/hdb/common.c: Break out the that we request from principal
+ from the entry and pass it in as a seprate argument.
+
+ * lib/hdb/hdb.h: Break out the that we request from principal from
+ the entry and pass it in as a seprate argument. Add more flags to
+ ->hdb_get(). Re-indent.
+
+2006-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * doc/setup.texi: document pki-allow-proxy-certificate
+
+ * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool
+ to allow using proxy certificate.
+
+ * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose
+ hx509_verify_set_proxy_certificate
+
+ * kdc/pkinit.c (_kdc_pk_check_client): Use
+ hx509_cert_get_base_subject to get subject name of the
+ certificate, needed for proxy certificates.
+
+ * kdc/kerberos5.c: Now that find_keys speaks for it self, remove
+ extra logging.
+
+ * kdc/kerberos5.c (find_keys): add client_name and server_name
+ argument and use them, and adapt callers.
+
+2006-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kuser/kinit.1: document option password-file
+
+ * kuser/kinit.c: Add option password-file, read password from the
+ first line of a file.
+
+ * configure.in: make tests/kdc/Makefile
+
+ * kdc/kerberos5.c: Catch the case where the client sends no
+ encryption types or no pa-types.
+
+ * lib/hdb/ext.c (hdb_replace_extension): set error message on
+ failure, not success.
+
+ * lib/hdb/keys.c (parse_key_set): handle error case better
+ (hdb_generate_key_set): return better error
+
+2006-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb.c (hdb_create): print out what we don't support
+
+ * lib/krb5/principal.c: Remove a double free introduced in 1.93
+
+ * lib/krb5/log.c (log_file): reset pointer to freed memory
+
+ * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to
+ make sure its not refereced
+
+ * tools/krb5-config.in: libhcrypto might depend on libasn1, switch
+ order
+
+ * lib/krb5/recvauth.c: indent
+
+ * doc/heimdal.texi: Add Setting up PK-INIT to Detailed Node
+ Listing.
+
+ * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the
+ function can verify the certificate is from the right realm.
+
+ * lib/krb5/init_creds_pw.c: Pass down realm to
+ _krb5_pk_rd_pa_reply
+
+2006-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding
+ subjectAltName_otherName pk-init-san and verifing it.
+
+ * lib/krb5/sendauth.c: reindent
+
+ * doc/Makefile.am: use --no-split to make one large file, mostly
+ for html
+
+ * doc/setup.texi: "document" pkinit_require_eku and
+ pkinit_require_krbtgt_otherName
+
+ * lib/krb5/pkinit.c: Add pkinit_require_eku and
+ pkinit_require_krbtgt_otherName
+
+ * doc/setup.texi: Add text about pk-init
+
+ * tools/kdc-log-analyze.pl: count v5 cross realms too
+
+2006-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
+
+ * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
+
+2006-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): use
+ hx509_cms_unwrap_ContentInfo.
+
+ * kdc/config.c: unbreak
+
+ * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and
+ libcrypto.
+
+ * kdc/config.c: Rename pki-chain to pki-pool to match rest of
+ code.
+
+2006-04-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero.
+
+ * kdc/config.c: Added certificate revoke information from
+ configuration file.
+
+ * kdc/pkinit.c: Added certificate revoke information.
+
+ * kuser/kinit.c: Added certificate revoke information from
+ configuration file.
+
+ * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke
+ information, ie CRL's
+
+2006-04-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again.
+
+ * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile
+ again.
+
+ * lib/krb5/transited.c (make_path): make sure we return allocated
+ memory Coverity, NetBSD CID#1892
+
+ * lib/krb5/transited.c (make_path): make sure we return allocated
+ memory Coverity, NetBSD CID#1892
+
+ * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): on
+ protocol failure, avoid leaking memory Coverity, NetBSD CID#1900
+
+ * lib/krb5/principal.c (krb5_parse_name): remember to free realm
+ in case of error Coverity, NetBSD CID#1883
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ext2): remove
+ memory leak in case of weird formated dns replys.
+ Coverity, NetBSD CID#1885
+
+ * lib/krb5/replay.c (krb5_rc_resolve_full): don't return pointer
+ to a allocated krb5_rcache in case of error.
+
+ * lib/krb5/log.c (krb5_addlog_dest): free fn in case of error
+ Coverity, NetBSD CID#1882
+
+ * lib/krb5/keytab_krb4.c: Fix deref before NULL check, fix error
+ handling. Coverity, NetBSD CID#2369
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
+ in_creds->client should always be set, assume so.
+
+ * lib/krb5/keytab_any.c (any_next_entry): restructure to make it
+ easier to read Fixes Coverity, NetBSD CID#625
+
+ * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL
+ check. Coverity NetBSD CID#2367
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): use
+ calloc. removed check that was never really used. Coverity NetBSD
+ CID#2370
+
+2006-04-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket\xB4
+ points to NULL in case of error, add error handling, use calloc.
+
+ * kpasswd/kpasswdd.c (doit): when done, close all fd in the
+ sockets array and free it. Coverity NetBSD CID#1916
+
+2006-04-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity,
+ NetBSD CID#1695
+
+ * kdc/524.c (_kdc_do_524): Handle memory allocation failure
+ Coverity, NetBSD CID#2752
+
+2006-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory
+ leak Coverity NetBSD CID#1890
+
+ * kdc/hprop.c (main): make sure type doesn't need to be set
+
+ * kdc/mit_dump.c (mit_prop_dump): close fd when done processing
+ Coverity NetBSD CID#1955
+
+ * kdc/string2key.c (tokey): catch warnings, free memory after use.
+ Based on Coverity NetBSD CID#1894
+
+ * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633
+
+2006-04-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswd-generator.c (read_words): catch empty file case,
+ will cause PBE (division by zero) later. From Tobias Stoeckmann.
+
+2006-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/keytab.c: Remove a delta from last revision that should
+ have gone in later.
+
+ * lib/krb5/krbhst.c: fix spelling
+
+ * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed
+ pointer, found by IBM checker.
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer,
+ found by IBM checker.
+
+ * lib/krb5/addr_families.c (krb5_make_addrport): clear return
+ value on error, found by IBM checker.
+
+ * kdc/kerberos5.c (check_addresses): treat netbios as no addresses
+
+ * kdc/{kerberos4,kaserver}.c: _kdc_check_flags takes hdb_entry_ex
+
+ * kdc/kerberos5.c (_kdc_check_flags): make it take hdb_entry_ex to
+ avoid ?:'s at callers
+
+ * lib/krb5/v4_glue.c: Avoid using free memory, found by IBM
+ checker.
+
+ * lib/krb5/transited.c (expand_realm): avoid passing NULL to
+ strlen, found by IBM checker.
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc
+ failure, found by IBM checker.
+
+ * lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy
+ with a memcpy
+
+ * lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory
+ leak, found by IBM checker.
+
+ * lib/krb5/keytab_file.c (fkt_next_entry_int): remove a
+ dereferencing NULL pointer, found by IBM checker.
+
+ * lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the
+ cname must always be given, don't avoid that fact and remove a
+ cname == NULL case. Plugs a memory leak found by IBM checker.
+
+ * lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing
+ free-ed memory on error. Found by IBM checker.
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use
+ calloc to avoid uninitialized memory problem.
+
+ * lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory
+ on error. Found by IBM checker.
+
+ * lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by
+ IBM checker.
+
+ * lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker
+ thought it found a memory leak, it didn't, but there was another
+ error in the code, lets fix that instead.
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory
+ leak. Found by IBM checker.
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return
+ pointer to freed memory in the error case. Found by IBM checker.
+
+ * lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM
+ checker.
+
+ * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before
+ going into the error clause and freeing key_set. Found by IBM
+ checker. Make sure ret == 0 after of parse error, we catch the
+ "no entries parsed" case later.
+
+ * lib/krb5/log.c (krb5_addlog_dest): make string length match
+ strings in strcasecmp. Found by IBM checker.
+
+2006-03-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set
+ variable_name as "hdb_entry_ex"
+ (hdb_ldap_common): change "arg" in condition (if) to "search_base"
+ (hdb_ldapi_create): change "serach_base" to "search_base" From
+ Alex V. Labuta.
+
+ * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix
+ prototype
+
+ * kuser/kinit.c: Add pool of certificates to help certificate path
+ building for clients sending incomplete path in the signedData.
+
+2006-03-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pkinit.c: Add pool of certificates to help certificate path
+ building for clients sending incomplete path in the signedData.
+
+ * lib/krb5/pkinit.c: Add pool of certificates to help certificate
+ path building for clients sending incomplete path in the
+ signedData.
+
+2006-03-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/config.c: Allow passing in related certificates used to
+ build the chain.
+
+ * kdc/pkinit.c: Allow passing in related certificates used to
+ build the chain.
+
+ * kdc/kerberos5.c (log_patype): Add case for
+ KRB5_PADATA_PA_PK_OCSP_RESPONSE.
+
+ * tools/Makefile.am: Spelling
+
+ * tools/krb5-config.in: Add hx509 when using PK-INIT.
+
+ * tools/Makefile.am: Add hx509 when using PK-INIT.
+
+2006-03-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS
+ X Kerberos.app problems.
+
+ * lib/krb5/krb5_ccapi.h: Add ticket flags definitions
+
+ * lib/krb5/pkinit.c: Use less openssl, spell chelling.
+
+ * kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with
+ asn1 wrapping
+
+ * configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile
+
+ * lib/Makefile.am: Add hx509.
+
+ * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used.
+
+ * configure.in: define automake PKINIT variable
+
+ * kdc/pkinit.c: Switch to hx509.
+
+ * lib/krb5/pkinit.c: Switch to hx509.
+
+2006-03-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/kerberos5.c (log_patypes): log the patypes requested by the
+ client
+
+2006-03-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the
+ req_buffer in the w2k case too. From Douglas E. Engert.
+
+2006-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto
+ error handling. Fixes Coverity NetBSD CID 2591 by catching a
+ failing krb5_copy_keyblock()
+
+2006-03-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in
+ address when free-ing. Fixes Coverity NetBSD bug #2605
+ (krb5_parse_address): reset val,len before possibly return errors
+ Fixes Coverity NetBSD bug #2605
+
+2006-03-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but
+ make sure nbytes > 0
+
+ * lib/krb5/get_for_creds.c (add_addrs): handle the case where
+ addr->len == 0 and n == 0, then realloc might return NULL.
+
+ * lib/krb5/crypto.c (decrypt_*): handle the case where the
+ plaintext is 0 bytes long, realloc might then return NULL.
+
+2006-02-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived.
+
+ * lib/krb5/krb5.3: Remove krb5_string_to_key_derived.
+
+ * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2
+ and use PKCS5_PBKDF2_HMAC_SHA1 instead.
+
+ * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory
+
+ * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1.
+
+2006-02-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * doc/setup.texi: remove cartouches - we don't use them anywhere
+ else, they should be around the example, not inside it, and
+ probably shouldn't be used in html at all
+
+2006-02-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_warn.3: Document that applications want to use
+ krb5_get_error_message, add example.
+
+2006-02-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/crypto.c (krb5_generate_random_block): check return
+ value from RAND_bytes
+
+ * lib/krb5/error_string.c: Change indentation, update (c)
+
+2006-02-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when
+ compiling w/o pkinit.
+
+2006-02-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/pkinit.c: update to new paChecksum definition, update
+ the dhgroup handling
+
+ * kdc/pkinit.c: update to new paChecksum definition, use
+ hdb_entry_ex
+
+2006-02-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/krb5_locl.h: Move Configurable options to last in the
+ file.
+
+ * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef
+
+2006-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kpasswd/kpasswdd.c: Send back a better error-message to the
+ client in case the password change was rejected.
+
+ * lib/krb5/krb5_warn.3: Document krb5_get_error_message.
+
+ * lib/krb5/error_string.c (krb5_get_error_message): new function,
+ and combination of krb5_get_error_string and krb5_get_err_text
+
+ * lib/krb5/krb5.3: sort, and krb5_get_error_message
+
+ * lib/hdb/hdb-ldap.c: Log the filter string to the error message
+ when doing searches.
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
+ Use KRB5_ADDRESSLESS_DEFAULT when
+ checking [appdefault]no-addresses.
+
+ * lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use
+ KRB5_ADDRESSLESS_DEFAULT when checking
+ [appdefault]no-addresses.
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
+ Use [appdefault]no-addresses before checking if the krbtgt is
+ address-less, use KRB5_ADDRESSLESS_DEFAULT.
+
+ * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that
+ controlls all address-less behavior. Defaults to false.
+
+2006-02-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE
+ failes to produce the matching lenghts.
+
+2006-01-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kcm/protocol.c (kcm_op_retrieve): remove unused variable
+
+2006-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to
+ kadm-server, kerberos library doesn't depend on db-library.
+
+2006-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include/Makefile.am: Don't clean crypto headers, they now live
+ in hcrypto/. Add hcrypto to SUBDIRS.
+
+ * include/hcrypto/Makefile.am: clean installed headers
+
+ * include/make_crypto.c: include crypto headers from hcrypto/
+
+ * include/make_crypto.c: Include more crypto headerfiles. Remove
+ support for old hash names.
+
+2006-01-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry,
+ from Andrew Bartlet.
+
+ * Happy New Year.
Added: vendor-crypto/heimdal/dist/LICENSE
===================================================================
--- vendor-crypto/heimdal/dist/LICENSE (rev 0)
+++ vendor-crypto/heimdal/dist/LICENSE 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,30 @@
+Copyright (c) 1995 - 2007 Kungliga Tekniska H\xF6gskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
Added: vendor-crypto/heimdal/dist/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,50 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+if KCM
+kcm_dir = kcm
+endif
+
+SUBDIRS= include lib kuser kdc admin kadmin kpasswd
+SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc
+
+## ACLOCAL = @ACLOCAL@ -I cf
+ACLOCAL_AMFLAGS = -I cf
+
+EXTRA_DIST = \
+ TODO \
+ LICENSE \
+ README \
+ ChangeLog \
+ ChangeLog.1998 \
+ ChangeLog.1999 \
+ ChangeLog.2000 \
+ ChangeLog.2001 \
+ ChangeLog.2002 \
+ ChangeLog.2003 \
+ ChangeLog.2004 \
+ ChangeLog.2005 \
+ ChangeLog.2006 \
+ Makefile.am.common \
+ autogen.sh \
+ krb5.conf \
+ cf/make-proto.pl \
+ cf/install-catman.sh \
+ cf/ChangeLog \
+ cf/c-function.m4 \
+ cf/ChangeLog \
+ cf/have-pragma-weak.m4 \
+ cf/have-types.m4 \
+ cf/krb-func-getcwd-broken.m4 \
+ cf/krb-prog-ranlib.m4 \
+ cf/krb-prog-yacc.m4 \
+ cf/krb-sys-aix.m4 \
+ cf/krb-sys-nextstep.m4 \
+ cf/krb-version.m4 \
+ cf/roken.m4 \
+ cf/valgrind-suppressions \
+ cf/vararray.m4
+
+print-distdir:
+ @echo $(distdir)
Added: vendor-crypto/heimdal/dist/Makefile.am.common
===================================================================
--- vendor-crypto/heimdal/dist/Makefile.am.common (rev 0)
+++ vendor-crypto/heimdal/dist/Makefile.am.common 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4 @@
+# $Id: Makefile.am.common,v 1.1.1.3 2012-07-21 15:09:05 laffer1 Exp $
+
+include $(top_srcdir)/cf/Makefile.am.common
+
Added: vendor-crypto/heimdal/dist/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,982 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure \
+ ChangeLog NEWS TODO compile config.guess config.sub install-sh \
+ ltmain.sh missing ylwrap
+subdir = .
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = include lib kuser kdc admin kadmin kpasswd kcm appl doc \
+ tools tests packages etc
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d $(distdir) \
+ || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr $(distdir); }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ at KCM_TRUE@kcm_dir = kcm
+SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl \
+ doc tools tests packages etc
+ACLOCAL_AMFLAGS = -I cf
+EXTRA_DIST = \
+ TODO \
+ LICENSE \
+ README \
+ ChangeLog \
+ ChangeLog.1998 \
+ ChangeLog.1999 \
+ ChangeLog.2000 \
+ ChangeLog.2001 \
+ ChangeLog.2002 \
+ ChangeLog.2003 \
+ ChangeLog.2004 \
+ ChangeLog.2005 \
+ ChangeLog.2006 \
+ Makefile.am.common \
+ autogen.sh \
+ krb5.conf \
+ cf/make-proto.pl \
+ cf/install-catman.sh \
+ cf/ChangeLog \
+ cf/c-function.m4 \
+ cf/ChangeLog \
+ cf/have-pragma-weak.m4 \
+ cf/have-types.m4 \
+ cf/krb-func-getcwd-broken.m4 \
+ cf/krb-prog-ranlib.m4 \
+ cf/krb-prog-yacc.m4 \
+ cf/krb-sys-aix.m4 \
+ cf/krb-sys-nextstep.m4 \
+ cf/krb-version.m4 \
+ cf/roken.m4 \
+ cf/valgrind-suppressions \
+ cf/vararray.m4
+
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign --ignore-deps'; \
+ cd $(srcdir) && $(AUTOMAKE) --foreign --ignore-deps \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ test -d $(distdir) || mkdir $(distdir)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+ -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r $(distdir)
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && cd $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+ @cd $(distuninstallcheck_dir) \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local am--refresh check check-am check-local \
+ clean clean-generic clean-libtool ctags ctags-recursive dist \
+ dist-all dist-bzip2 dist-gzip dist-hook dist-shar dist-tarZ \
+ dist-zip distcheck distclean distclean-generic \
+ distclean-libtool distclean-tags distcleancheck distdir \
+ distuninstallcheck dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-recursive uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+print-distdir:
+ @echo $(distdir)
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/NEWS
===================================================================
--- vendor-crypto/heimdal/dist/NEWS (rev 0)
+++ vendor-crypto/heimdal/dist/NEWS 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,802 @@
+Changes in release 1.1
+
+ * Read-only PKCS11 provider built-in to hx509.
+
+ * Documentation for hx509, hcrypto and ntlm libraries improved.
+
+ * Better compatibilty with Windows 2008 Server pre-releases and Vista.
+
+ * Mac OS X 10.5 support for native credential cache.
+
+ * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
+
+ * Bug fixes.
+
+Changes in release 1.0.2
+
+* Ubuntu packages.
+
+* Bug fixes.
+
+Changes in release 1.0.1
+
+ * Serveral bug fixes to iprop.
+
+ * Make work on platforms without dlopen.
+
+ * Add RFC3526 modp group14 as default.
+
+ * Handle [kdc] database = { } entries without realm = stanzas.
+
+ * Make krb5_get_renewed_creds work.
+
+ * Make kaserver preauth work again.
+
+ * Bug fixes.
+
+Changes in release 1.0
+
+ * Add gss_pseudo_random() for mechglue and krb5.
+
+ * Make session key for the krbtgt be selected by the best encryption
+ type of the client.
+
+ * Better interoperability with other PK-INIT implementations.
+
+ * Inital support for Mac OS X Keychain for hx509.
+
+ * Alias support for inital ticket requests.
+
+ * Add symbol versioning to selected libraries on platforms that uses
+ GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
+
+ * New version of imath included in hcrypto.
+
+ * Fix memory leaks.
+
+ * Bugs fixes.
+
+Changes in release 0.8.1
+
+ * Make ASN.1 library less paranoid to with regard to NUL in string to
+ make it inter-operate with MIT Kerberos again.
+
+ * Make GSS-API library work again when using gss_acquire_cred
+
+ * Add symbol versioning to libgssapi when using GNU ld.
+
+ * Fix memory leaks
+
+ * Bugs fixes
+
+Changes in release 0.8
+
+ * PK-INIT support.
+
+ * HDB extensions support, used by PK-INIT.
+
+ * New ASN.1 compiler.
+
+ * GSS-API mechglue from FreeBSD.
+
+ * Updated SPNEGO to support RFC4178.
+
+ * Support for Cryptosystem Negotiation Extension (RFC 4537).
+
+ * A new X.509 library (hx509) and related crypto functions.
+
+ * A new ntlm library (heimntlm) and related crypto functions.
+
+ * Updated the built-in crypto library with bignum support using
+ imath, support for RSA and DH and renamed it to libhcrypto.
+
+ * Subsystem in the KDC, digest, that will perform the digest
+ operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
+ DIGEST-MD5 NTLMv1 and NTLMv2.
+
+ * KDC will return the "response too big" error to force TCP retries
+ for large (default 1400 bytes) UDP replies. This is common for
+ PK-INIT requests.
+
+ * Libkafs defaults to use 2b tokens.
+
+ * Default to use the API cache on Mac OS X.
+
+ * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
+ see manpage for krb5_kuserok for description.
+
+ * Many, many, other updates to code and info manual and manual pages.
+
+ * Bug fixes
+
+Changes in release 0.7.2
+
+* Fix security problem in rshd that enable an attacker to overwrite
+ and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+ in a NULL de-reference before the user logged in, resulting in inetd
+ turning telnetd off because it forked too fast.
+
+* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
+ exists in the keytab before returning success. This allows servers
+ to check if its even possible to use GSSAPI.
+
+* Fix receiving end of token delegation for GSS-API. It still wrongly
+ uses subkey for sending for compatibility reasons, this will change
+ in 0.8.
+
+* telnetd, login and rshd are now more verbose in logging failed and
+ successful logins.
+
+* Bug fixes
+
+Changes in release 0.7.1
+
+* Bug fixes
+
+Changes in release 0.7
+
+ * Support for KCM, a process based credential cache
+
+ * Support CCAPI credential cache
+
+ * SPNEGO support
+
+ * AES (and the gssapi conterpart, CFX) support
+
+ * Adding new and improve old documentation
+
+ * Bug fixes
+
+Changes in release 0.6.6
+
+* Fix security problem in rshd that enable an attacker to overwrite
+ and change ownership of any file that root could write.
+
+* Fix a DOS in telnetd. The attacker could force the server to crash
+ in a NULL de-reference before the user logged in, resulting in inetd
+ turning telnetd off because it forked too fast.
+
+Changes in release 0.6.5
+
+ * fix vulnerabilities in telnetd
+
+ * unbreak Kerberos 4 and kaserver
+
+Changes in release 0.6.4
+
+ * fix vulnerabilities in telnet
+
+ * rshd: encryption without a separate error socket should now work
+
+ * telnet now uses appdefaults for the encrypt and forward/forwardable
+ settings
+
+ * bug fixes
+
+Changes in release 0.6.3
+
+ * fix vulnerabilities in ftpd
+
+ * support for linux AFS /proc "syscalls"
+
+ * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
+ kpasswdd
+
+ * fix possible KDC denial of service
+
+ * bug fixes
+
+Changes in release 0.6.2
+
+ * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
+
+Changes in release 0.6.1
+
+ * Fixed ARCFOUR suppport
+
+ * Cross realm vulnerability
+
+ * kdc: fix denial of service attack
+
+ * kdc: stop clients from renewing tickets into the future
+
+ * bug fixes
+
+Changes in release 0.6
+
+* The DES3 GSS-API mechanism has been changed to inter-operate with
+ other GSSAPI implementations. See man page for gssapi(3) how to turn
+ on generation of correct MIC messages. Next major release of heimdal
+ will generate correct MIC by default.
+
+* More complete GSS-API support
+
+* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
+ support in applications no longer requires Kerberos 4 libs
+
+* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
+
+* other bug fixes
+
+Changes in release 0.5.2
+
+ * kdc: add option for disabling v4 cross-realm (defaults to off)
+
+ * bug fixes
+
+Changes in release 0.5.1
+
+ * kadmind: fix remote exploit
+
+ * kadmind: add option to disable kerberos 4
+
+ * kdc: make sure kaserver token life is positive
+
+ * telnet: use the session key if there is no subkey
+
+ * fix EPSV parsing in ftp
+
+ * other bug fixes
+
+Changes in release 0.5
+
+ * add --detach option to kdc
+
+ * allow setting forward and forwardable option in telnet from
+ .telnetrc, with override from command line
+
+ * accept addresses with or without ports in krb5_rd_cred
+
+ * make it work with modern openssl
+
+ * use our own string2key function even with openssl (that handles weak
+ keys incorrectly)
+
+ * more system-specific requirements in login
+
+ * do not use getlogin() to determine root in su
+
+ * telnet: abort if telnetd does not support encryption
+
+ * update autoconf to 2.53
+
+ * update config.guess, config.sub
+
+ * other bug fixes
+
+Changes in release 0.4e
+
+ * improve libcrypto and database autoconf tests
+
+ * do not care about salting of server principals when serving v4 requests
+
+ * some improvements to gssapi library
+
+ * test for existing compile_et/libcom_err
+
+ * portability fixes
+
+ * bug fixes
+
+Changes in release 0.4d
+
+ * fix some problems when using libcrypto from openssl
+
+ * handle /dev/ptmx `unix98' ptys on Linux
+
+ * add some forgotten man pages
+
+ * rsh: clean-up and add man page
+
+ * fix -A and -a in builtin-ls in tpd
+
+ * fix building problem on Irix
+
+ * make `ktutil get' more efficient
+
+ * bug fixes
+
+Changes in release 0.4c
+
+ * fix buffer overrun in telnetd
+
+ * repair some of the v4 fallback code in kinit
+
+ * add more shared library dependencies
+
+ * simplify and fix hprop handling of v4 databases
+
+ * fix some building problems (osf's sia and osfc2 login)
+
+ * bug fixes
+
+Changes in release 0.4b
+
+ * update the shared library version numbers correctly
+
+Changes in release 0.4a
+
+ * corrected key used for checksum in mk_safe, unfortunately this
+ makes it backwards incompatible
+
+ * update to autoconf 2.50, libtool 1.4
+
+ * re-write dns/config lookups (krb5_krbhst API)
+
+ * make order of using subkeys consistent
+
+ * add man page links
+
+ * add more man pages
+
+ * remove rfc2052 support, now only rfc2782 is supported
+
+ * always build with kaserver protocol support in the KDC (assuming
+ KRB4 is enabled) and support for reading kaserver databases in
+ hprop
+
+Changes in release 0.3f
+
+ * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
+ the new keytab type that tries both of these in order (SRVTAB is
+ also an alias for krb4:)
+
+ * improve error reporting and error handling (error messages should
+ be more detailed and more useful)
+
+ * improve building with openssl
+
+ * add kadmin -K, rcp -F
+
+ * fix two incorrect weak DES keys
+
+ * fix building of kaserver compat in KDC
+
+ * the API is closer to what MIT krb5 is using
+
+ * more compatible with windows 2000
+
+ * removed some memory leaks
+
+ * bug fixes
+
+Changes in release 0.3e
+
+ * rcp program included
+
+ * fix buffer overrun in ftpd
+
+ * handle omitted sequence numbers as zeroes to handle MIT krb5 that
+ cannot generate zero sequence numbers
+
+ * handle v4 /.k files better
+
+ * configure/portability fixes
+
+ * fixes in parsing of options to kadmin (sub-)commands
+
+ * handle errors in kadmin load better
+
+ * bug fixes
+
+Changes in release 0.3d
+
+ * add krb5-config
+
+ * fix a bug in 3des gss-api mechanism, making it compatible with the
+ specification and the MIT implementation
+
+ * make telnetd only allow a specific list of environment variables to
+ stop it from setting `sensitive' variables
+
+ * try to use an existing libdes
+
+ * lib/krb5, kdc: use correct usage type for ap-req messages. This
+ should improve compatability with MIT krb5 when using 3DES
+ encryption types
+
+ * kdc: fix memory allocation problem
+
+ * update config.guess and config.sub
+
+ * lib/roken: more stuff implemented
+
+ * bug fixes and portability enhancements
+
+Changes in release 0.3c
+
+ * lib/krb5: memory caches now support the resolve operation
+
+ * appl/login: set PATH to some sane default
+
+ * kadmind: handle several realms
+
+ * bug fixes (including memory leaks)
+
+Changes in release 0.3b
+
+ * kdc: prefer default-salted keys on v5 requests
+
+ * kdc: lowercase hostnames in v4 mode
+
+ * hprop: handle more types of MIT salts
+
+ * lib/krb5: fix memory leak
+
+ * bug fixes
+
+Changes in release 0.3a:
+
+ * implement arcfour-hmac-md5 to interoperate with W2K
+
+ * modularise the handling of the master key, and allow for other
+ encryption types. This makes it easier to import a database from
+ some other source without having to re-encrypt all keys.
+
+ * allow for better control over which encryption types are created
+
+ * make kinit fallback to v4 if given a v4 KDC
+
+ * make klist work better with v4 and v5, and add some more MIT
+ compatibility options
+
+ * make the kdc listen on the krb524 (4444) port for compatibility
+ with MIT krb5 clients
+
+ * implement more DCE/DFS support, enabled with --enable-dce, see
+ lib/kdfs and appl/dceutils
+
+ * make the sequence numbers work correctly
+
+ * bug fixes
+
+Changes in release 0.2t:
+
+ * bug fixes
+
+Changes in release 0.2s:
+
+ * add OpenLDAP support in hdb
+
+ * login will get v4 tickets when it receives forwarded tickets
+
+ * xnlock supports both v5 and v4
+
+ * repair source routing for telnet
+
+ * fix building problems with krb4 (krb_mk_req)
+
+ * bug fixes
+
+Changes in release 0.2r:
+
+ * fix realloc memory corruption bug in kdc
+
+ * `add --key' and `cpw --key' in kadmin
+
+ * klist supports listing v4 tickets
+
+ * update config.guess and config.sub
+
+ * make v4 -> v5 principal name conversion more robust
+
+ * support for anonymous tickets
+
+ * new man-pages
+
+ * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
+
+ * use and set expiration and not password expiration when dumping
+ to/from ka server databases / krb4 databases
+
+ * make the code happier with 64-bit time_t
+
+ * follow RFC2782 and by default do not look for non-underscore SRV names
+
+Changes in release 0.2q:
+
+ * bug fix in tcp-handling in kdc
+
+ * bug fix in expand_hostname
+
+Changes in release 0.2p:
+
+ * bug fix in `kadmin load/merge'
+
+ * bug fix in krb5_parse_address
+
+Changes in release 0.2o:
+
+ * gss_{import,export}_sec_context added to libgssapi
+
+ * new option --addresses to kdc (for listening on an explicit set of
+ addresses)
+
+ * bug fixes in the krb4 and kaserver emulation part of the kdc
+
+ * other bug fixes
+
+Changes in release 0.2n:
+
+ * more robust parsing of dump files in kadmin
+ * changed default timestamp format for log messages to extended ISO
+ 8601 format (Y-M-DTH:M:S)
+ * changed md4/md5/sha1 APIes to be de-facto `standard'
+ * always make hostname into lower-case before creating principal
+ * small bits of more MIT-compatability
+ * bug fixes
+
+Changes in release 0.2m:
+
+ * handle glibc's getaddrinfo() that returns several ai_canonname
+
+ * new endian test
+
+ * man pages fixes
+
+Changes in release 0.2l:
+
+ * bug fixes
+
+Changes in release 0.2k:
+
+ * better IPv6 test
+
+ * make struct sockaddr_storage in roken work better on alphas
+
+ * some missing [hn]to[hn]s fixed.
+
+ * allow users to change their own passwords with kadmin (with initial
+ tickets)
+
+ * fix stupid bug in parsing KDC specification
+
+ * add `ktutil change' and `ktutil purge'
+
+Changes in release 0.2j:
+
+ * builds on Irix
+
+ * ftpd works in passive mode
+
+ * should build on cygwin
+
+ * work around broken IPv6-code on OpenBSD 2.6, also add configure
+ option --disable-ipv6
+
+Changes in release 0.2i:
+
+ * use getaddrinfo in the missing places.
+
+ * fix SRV lookup for admin server
+
+ * use get{addr,name}info everywhere. and implement it in terms of
+ getipnodeby{name,addr} (which uses gethostbyname{,2} and
+ gethostbyaddr)
+
+Changes in release 0.2h:
+
+ * fix typo in kx (now compiles)
+
+Changes in release 0.2g:
+
+ * lots of bug fixes:
+ * push works
+ * repair appl/test programs
+ * sockaddr_storage works on solaris (alignment issues)
+ * works better with non-roken getaddrinfo
+ * rsh works
+ * some non standard C constructs removed
+
+Changes in release 0.2f:
+
+ * support SRV records for kpasswd
+ * look for both _kerberos and krb5-realm when doing host -> realm mapping
+
+Changes in release 0.2e:
+
+ * changed copyright notices to remove `advertising'-clause.
+ * get{addr,name}info added to roken and used in the other code
+ (this makes things work much better with hosts with both v4 and v6
+ addresses, among other things)
+ * do pre-auth for both password and key-based get_in_tkt
+ * support for having several databases
+ * new command `del_enctype' in kadmin
+ * strptime (and new strftime) add to roken
+ * more paranoia about finding libdb
+ * bug fixes
+
+Changes in release 0.2d:
+
+ * new configuration option [libdefaults]default_etypes_des
+ * internal ls in ftpd builds without KRB4
+ * kx/rsh/push/pop_debug tries v5 and v4 consistenly
+ * build bug fixes
+ * other bug fixes
+
+Changes in release 0.2c:
+
+ * bug fixes (see ChangeLog's for details)
+
+Changes in release 0.2b:
+
+ * bug fixes
+ * actually bump shared library versions
+
+Changes in release 0.2a:
+
+ * a new program verify_krb5_conf for checking your /etc/krb5.conf
+ * add 3DES keys when changing password
+ * support null keys in database
+ * support multiple local realms
+ * implement a keytab backend for AFS KeyFile's
+ * implement a keytab backend for v4 srvtabs
+ * implement `ktutil copy'
+ * support password quality control in v4 kadmind
+ * improvements in v4 compat kadmind
+ * handle the case of having the correct cred in the ccache but with
+ the wrong encryption type better
+ * v6-ify the remaining programs.
+ * internal ls in ftpd
+ * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
+ * add `ank --random-password' and `cpw --random-password' in kadmin
+ * some programs and documentation for trying to talk to a W2K KDC
+ * bug fixes
+
+Changes in release 0.1m:
+
+ * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
+ From Miroslav Ruda <ruda at ics.muni.cz>
+ * v6-ify hprop and hpropd
+ * support numeric addresses in krb5_mk_req
+ * shadow support in login and su. From Miroslav Ruda <ruda at ics.muni.cz>
+ * make rsh/rshd IPv6-aware
+ * make the gssapi sample applications better at reporting errors
+ * lots of bug fixes
+ * handle systems with v6-aware libc and non-v6 kernels (like Linux
+ with glibc 2.1) better
+ * hide failure of ERPT in ftp
+ * lots of bug fixes
+
+Changes in release 0.1l:
+
+ * make ftp and ftpd IPv6-aware
+ * add inet_pton to roken
+ * more IPv6-awareness
+ * make mini_inetd v6 aware
+
+Changes in release 0.1k:
+
+ * bump shared libraries versions
+ * add roken version of inet_ntop
+ * merge more changes to rshd
+
+Changes in release 0.1j:
+
+ * restore back to the `old' 3DES code. This was supposed to be done
+ in 0.1h and 0.1i but I did a CVS screw-up.
+ * make telnetd handle v6 connections
+
+Changes in release 0.1i:
+
+ * start using `struct sockaddr_storage' which simplifies the code
+ (with a fallback definition if it's not defined)
+ * bug fixes (including in hprop and kf)
+ * don't use mawk which seems to mishandle roken.awk
+ * get_addrs should be able to handle v6 addresses on Linux (with the
+ required patch to the Linux kernel -- ask within)
+ * rshd builds with shadow passwords
+
+Changes in release 0.1h:
+
+ * kf: new program for forwarding credentials
+ * portability fixes
+ * make forwarding credentials work with MIT code
+ * better conversion of ka database
+ * add etc/services.append
+ * correct `modified by' from kpasswdd
+ * lots of bug fixes
+
+Changes in release 0.1g:
+
+ * kgetcred: new program for explicitly obtaining tickets
+ * configure fixes
+ * krb5-aware kx
+ * bug fixes
+
+Changes in release 0.1f;
+
+ * experimental support for v4 kadmin protokoll in kadmind
+ * bug fixes
+
+Changes in release 0.1e:
+
+ * try to handle old DCE and MIT kdcs
+ * support for older versions of credential cache files and keytabs
+ * postdated tickets work
+ * support for password quality checks in kpasswdd
+ * new flag --enable-kaserver for kdc
+ * renew fixes
+ * prototype su program
+ * updated (some) manpages
+ * support for KDC resource records
+ * should build with --without-krb4
+ * bug fixes
+
+Changes in release 0.1d:
+
+ * Support building with DB2 (uses 1.85-compat API)
+ * Support krb5-realm.DOMAIN in DNS
+ * new `ktutil srvcreate'
+ * v4/kafs support in klist/kdestroy
+ * bug fixes
+
+Changes in release 0.1c:
+
+ * fix ASN.1 encoding of signed integers
+ * somewhat working `ktutil get'
+ * some documentation updates
+ * update to Autoconf 2.13 and Automake 1.4
+ * the usual bug fixes
+
+Changes in release 0.1b:
+
+ * some old -> new crypto conversion utils
+ * bug fixes
+
+Changes in release 0.1a:
+
+ * new crypto code
+ * more bug fixes
+ * make sure we ask for DES keys in gssapi
+ * support signed ints in ASN1
+ * IPv6-bug fixes
+
+Changes in release 0.0u:
+
+ * lots of bug fixes
+
+Changes in release 0.0t:
+
+ * more robust parsing of krb5.conf
+ * include net{read,write} in lib/roken
+ * bug fixes
+
+Changes in release 0.0s:
+
+ * kludges for parsing options to rsh
+ * more robust parsing of krb5.conf
+ * removed some arbitrary limits
+ * bug fixes
+
+Changes in release 0.0r:
+
+ * default options for some programs
+ * bug fixes
+
+Changes in release 0.0q:
+
+ * support for building shared libraries with libtool
+ * bug fixes
+
+Changes in release 0.0p:
+
+ * keytab moved to /etc/krb5.keytab
+ * avoid false detection of IPv6 on Linux
+ * Lots of more functionality in the gssapi-library
+ * hprop can now read ka-server databases
+ * bug fixes
+
+Changes in release 0.0o:
+
+ * FTP with GSSAPI support.
+ * Bug fixes.
+
+Changes in release 0.0n:
+
+ * Incremental database propagation.
+ * Somewhat improved kadmin ui; the stuff in admin is now removed.
+ * Some support for using enctypes instead of keytypes.
+ * Lots of other improvement and bug fixes, see ChangeLog for details.
Added: vendor-crypto/heimdal/dist/README
===================================================================
--- vendor-crypto/heimdal/dist/README (rev 0)
+++ vendor-crypto/heimdal/dist/README 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,19 @@
+$Id: README,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+Heimdal is a Kerberos 5 implementation.
+
+Please see the manual in doc, by default installed in
+/usr/heimdal/info/heimdal.info for information on how to install.
+There are also briefer man pages for most of the commands.
+
+Bug reports and bugs are appreciated, see more under Bug reports in
+the manual on how we prefer them.
+
+For more information see the web-page at
+<http://www.pdc.kth.se/heimdal/> or the mailing lists:
+
+heimdal-announce at sics.se low-volume announcement
+heimdal-discuss at sics.se high-volume discussion
+
+send a mail to heimdal-announce-request at sics.se and
+heimdal-discuss-request at sics.se respectively to subscribe.
Added: vendor-crypto/heimdal/dist/acinclude.m4
===================================================================
--- vendor-crypto/heimdal/dist/acinclude.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/acinclude.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,10 @@
+dnl $Id: acinclude.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+dnl $FreeBSD$
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
Added: vendor-crypto/heimdal/dist/aclocal.m4
===================================================================
--- vendor-crypto/heimdal/dist/aclocal.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/aclocal.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7102 @@
+# generated automatically by aclocal 1.10 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_if(m4_PACKAGE_VERSION, [2.61],,
+[m4_fatal([this file was generated for autoconf 2.61.
+You have another version of autoconf. If you want to use that,
+you should regenerate the build system entirely.], [63])])
+
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+
+# serial 48 AC_PROG_LIBTOOL
+
+
+# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
+# -----------------------------------------------------------
+# If this macro is not defined by Autoconf, define it here.
+m4_ifdef([AC_PROVIDE_IFELSE],
+ [],
+ [m4_define([AC_PROVIDE_IFELSE],
+ [m4_ifdef([AC_PROVIDE_$1],
+ [$2], [$3])])])
+
+
+# AC_PROG_LIBTOOL
+# ---------------
+AC_DEFUN([AC_PROG_LIBTOOL],
+[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl
+dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX
+dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX.
+ AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [AC_LIBTOOL_CXX],
+ [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX
+ ])])
+dnl And a similar setup for Fortran 77 support
+ AC_PROVIDE_IFELSE([AC_PROG_F77],
+ [AC_LIBTOOL_F77],
+ [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77
+])])
+
+dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly.
+dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run
+dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both.
+ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],
+ [AC_LIBTOOL_GCJ],
+ [ifdef([AC_PROG_GCJ],
+ [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+ ifdef([A][M_PROG_GCJ],
+ [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+ ifdef([LT_AC_PROG_GCJ],
+ [define([LT_AC_PROG_GCJ],
+ defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])])
+])])# AC_PROG_LIBTOOL
+
+
+# _AC_PROG_LIBTOOL
+# ----------------
+AC_DEFUN([_AC_PROG_LIBTOOL],
+[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+# Prevent multiple expansion
+define([AC_PROG_LIBTOOL], [])
+])# _AC_PROG_LIBTOOL
+
+
+# AC_LIBTOOL_SETUP
+# ----------------
+AC_DEFUN([AC_LIBTOOL_SETUP],
+[AC_PREREQ(2.50)dnl
+AC_REQUIRE([AC_ENABLE_SHARED])dnl
+AC_REQUIRE([AC_ENABLE_STATIC])dnl
+AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_LD])dnl
+AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl
+AC_REQUIRE([AC_PROG_NM])dnl
+
+AC_REQUIRE([AC_PROG_LN_S])dnl
+AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+AC_REQUIRE([AC_OBJEXT])dnl
+AC_REQUIRE([AC_EXEEXT])dnl
+dnl
+
+AC_LIBTOOL_SYS_MAX_CMD_LEN
+AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+AC_LIBTOOL_OBJDIR
+
+AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+_LT_AC_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g']
+
+# Same as above, but do not quote variable references.
+[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g']
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ AC_PATH_MAGIC
+ fi
+ ;;
+esac
+
+AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+enable_win32_dll=yes, enable_win32_dll=no)
+
+AC_ARG_ENABLE([libtool-lock],
+ [AC_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+AC_ARG_WITH([pic],
+ [AC_HELP_STRING([--with-pic],
+ [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+ [pic_mode="$withval"],
+ [pic_mode=default])
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+AC_LIBTOOL_LANG_C_CONFIG
+_LT_AC_TAGCONFIG
+])# AC_LIBTOOL_SETUP
+
+
+# _LT_AC_SYS_COMPILER
+# -------------------
+AC_DEFUN([_LT_AC_SYS_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_AC_SYS_COMPILER
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+AC_DEFUN([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+AC_DEFUN([_LT_COMPILER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+AC_DEFUN([_LT_LINKER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_LINKER_BOILERPLATE
+
+
+# _LT_AC_SYS_LIBPATH_AIX
+# ----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX],
+[AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_AC_SYS_LIBPATH_AIX
+
+
+# _LT_AC_SHELL_INIT(ARG)
+# ----------------------
+AC_DEFUN([_LT_AC_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+ [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+ [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_AC_SHELL_INIT
+
+
+# _LT_AC_PROG_ECHO_BACKSLASH
+# --------------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH],
+[_LT_AC_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+ ;;
+esac
+
+echo=${ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X[$]1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+[$]*
+EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if (echo_test_string=`eval $cmd`) 2>/dev/null &&
+ echo_test_string=`eval $cmd` &&
+ (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+ then
+ break
+ fi
+ done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$echo" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ echo='print -r'
+ elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+ else
+ # Try using printf.
+ echo='printf %s\n'
+ if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ echo="$CONFIG_SHELL [$]0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$CONFIG_SHELL [$]0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+ if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "[$]0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ echo=echo
+ fi
+ fi
+ fi
+ fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+ ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(ECHO)
+])])# _LT_AC_PROG_ECHO_BACKSLASH
+
+
+# _LT_AC_LOCK
+# -----------
+AC_DEFUN([_LT_AC_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+ [AC_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+ [AC_LANG_PUSH(C)
+ AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+ AC_LANG_POP])
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *) LD="${LD-ld} -64" ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+[*-*-cygwin* | *-*-mingw* | *-*-pw32*)
+ AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+ AC_CHECK_TOOL(AS, as, false)
+ AC_CHECK_TOOL(OBJDUMP, objdump, false)
+ ;;
+ ])
+esac
+
+need_locks="$enable_libtool_lock"
+
+])# _LT_AC_LOCK
+
+
+# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION],
+[AC_REQUIRE([LT_AC_PROG_SED])
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$3"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ fi
+ $rm conftest*
+])
+
+if test x"[$]$2" = xyes; then
+ ifelse([$5], , :, [$5])
+else
+ ifelse([$6], , :, [$6])
+fi
+])# AC_LIBTOOL_COMPILER_OPTION
+
+
+# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [ACTION-SUCCESS], [ACTION-FAILURE])
+# ------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
+[AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $3"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&AS_MESSAGE_LOG_FD
+ $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ else
+ $2=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+ ifelse([$4], , :, [$4])
+else
+ ifelse([$5], , :, [$5])
+fi
+])# AC_LIBTOOL_LINKER_OPTION
+
+
+# AC_LIBTOOL_SYS_MAX_CMD_LEN
+# --------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN],
+[# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
+ = "XX$teststring") >/dev/null 2>&1 &&
+ new_result=`expr "X$teststring" : ".*" 2>&1` &&
+ lt_cv_sys_max_cmd_len=$new_result &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on massive
+ # amounts of additional arguments before passing them to the linker.
+ # It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ ;;
+ esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+ AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+ AC_MSG_RESULT(none)
+fi
+])# AC_LIBTOOL_SYS_MAX_CMD_LEN
+
+
+# _LT_AC_CHECK_DLFCN
+# ------------------
+AC_DEFUN([_LT_AC_CHECK_DLFCN],
+[AC_CHECK_HEADERS(dlfcn.h)dnl
+])# _LT_AC_CHECK_DLFCN
+
+
+# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ---------------------------------------------------------------------
+AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+ [$4]
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ exit (status);
+}]
+EOF
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) $1 ;;
+ x$lt_dlneed_uscore) $2 ;;
+ x$lt_dlunknown|x*) $3 ;;
+ esac
+ else :
+ # compilation failed
+ $3
+ fi
+fi
+rm -fr conftest*
+])# _LT_AC_TRY_DLOPEN_SELF
+
+
+# AC_LIBTOOL_DLOPEN_SELF
+# ----------------------
+AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ])
+ ;;
+
+ *)
+ AC_CHECK_FUNC([shl_load],
+ [lt_cv_dlopen="shl_load"],
+ [AC_CHECK_LIB([dld], [shl_load],
+ [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
+ [AC_CHECK_FUNC([dlopen],
+ [lt_cv_dlopen="dlopen"],
+ [AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [AC_CHECK_LIB([svld], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [AC_CHECK_LIB([dld], [dld_link],
+ [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
+ ])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ AC_CACHE_CHECK([whether a program can dlopen itself],
+ lt_cv_dlopen_self, [dnl
+ _LT_AC_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+ lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+ ])
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+ lt_cv_dlopen_self_static, [dnl
+ _LT_AC_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+ lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
+ ])
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+])# AC_LIBTOOL_DLOPEN_SELF
+
+
+# AC_LIBTOOL_PROG_CC_C_O([TAGNAME])
+# ---------------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler
+AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+ [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+ [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+ fi
+ fi
+ chmod u+w . 2>&AS_MESSAGE_LOG_FD
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+])
+])# AC_LIBTOOL_PROG_CC_C_O
+
+
+# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME])
+# -----------------------------------------
+# Check to see if we can do hard links to lock some files if needed
+AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS],
+[AC_REQUIRE([_LT_AC_LOCK])dnl
+
+hard_links="nottested"
+if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ AC_MSG_CHECKING([if we can lock with hard links])
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ AC_MSG_RESULT([$hard_links])
+ if test "$hard_links" = no; then
+ AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS
+
+
+# AC_LIBTOOL_OBJDIR
+# -----------------
+AC_DEFUN([AC_LIBTOOL_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+])# AC_LIBTOOL_OBJDIR
+
+
+# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME])
+# ----------------------------------------------
+# Check hardcoding attributes.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_AC_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \
+ test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \
+ test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+ test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then
+ # Linking always hardcodes the temporary library directory.
+ _LT_AC_TAGVAR(hardcode_action, $1)=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ _LT_AC_TAGVAR(hardcode_action, $1)=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ _LT_AC_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH
+
+
+# AC_LIBTOOL_SYS_LIB_STRIP
+# ------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP],
+[striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+fi
+ ;;
+ *)
+ AC_MSG_RESULT([no])
+ ;;
+ esac
+fi
+])# AC_LIBTOOL_SYS_LIB_STRIP
+
+
+# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER],
+[AC_MSG_CHECKING([dynamic linker characteristics])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[[01]] | aix4.[[01]].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[[45]]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[[123]]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ freebsd*) # from 4.6 on
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix3*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[[89]] | openbsd2.[[89]].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ shlibpath_overrides_runpath=no
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ shlibpath_overrides_runpath=yes
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+])# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+
+
+# _LT_AC_TAGCONFIG
+# ----------------
+AC_DEFUN([_LT_AC_TAGCONFIG],
+[AC_ARG_WITH([tags],
+ [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@],
+ [include additional configurations @<:@automatic@:>@])],
+ [tagnames="$withval"])
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+ if test ! -f "${ofile}"; then
+ AC_MSG_WARN([output file `$ofile' does not exist])
+ fi
+
+ if test -z "$LTCC"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+ if test -z "$LTCC"; then
+ AC_MSG_WARN([output file `$ofile' does not look like a libtool script])
+ else
+ AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile'])
+ fi
+ fi
+ if test -z "$LTCFLAGS"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`"
+ fi
+
+ # Extract list of available tagged configurations in $ofile.
+ # Note that this assumes the entire list is on one line.
+ available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for tagname in $tagnames; do
+ IFS="$lt_save_ifs"
+ # Check whether tagname contains only valid characters
+ case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in
+ "") ;;
+ *) AC_MSG_ERROR([invalid tag name: $tagname])
+ ;;
+ esac
+
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+ then
+ AC_MSG_ERROR([tag name \"$tagname\" already exists])
+ fi
+
+ # Update the list of available tags.
+ if test -n "$tagname"; then
+ echo appending configuration tag \"$tagname\" to $ofile
+
+ case $tagname in
+ CXX)
+ if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_LIBTOOL_LANG_CXX_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ F77)
+ if test -n "$F77" && test "X$F77" != "Xno"; then
+ AC_LIBTOOL_LANG_F77_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ GCJ)
+ if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+ AC_LIBTOOL_LANG_GCJ_CONFIG
+ else
+ tagname=""
+ fi
+ ;;
+
+ RC)
+ AC_LIBTOOL_LANG_RC_CONFIG
+ ;;
+
+ *)
+ AC_MSG_ERROR([Unsupported tag name: $tagname])
+ ;;
+ esac
+
+ # Append the new tag name to the list of available tags.
+ if test -n "$tagname" ; then
+ available_tags="$available_tags $tagname"
+ fi
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ # Now substitute the updated list of available tags.
+ if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+ mv "${ofile}T" "$ofile"
+ chmod +x "$ofile"
+ else
+ rm -f "${ofile}T"
+ AC_MSG_ERROR([unable to update list of available tagged configurations.])
+ fi
+fi
+])# _LT_AC_TAGCONFIG
+
+
+# AC_LIBTOOL_DLOPEN
+# -----------------
+# enable checks for dlopen support
+AC_DEFUN([AC_LIBTOOL_DLOPEN],
+ [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_DLOPEN
+
+
+# AC_LIBTOOL_WIN32_DLL
+# --------------------
+# declare package support for building win32 DLLs
+AC_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_BEFORE([$0], [AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_WIN32_DLL
+
+
+# AC_ENABLE_SHARED([DEFAULT])
+# ---------------------------
+# implement the --enable-shared flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_SHARED],
+[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([shared],
+ [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+ [build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_shared=]AC_ENABLE_SHARED_DEFAULT)
+])# AC_ENABLE_SHARED
+
+
+# AC_DISABLE_SHARED
+# -----------------
+# set the default shared flag to --disable-shared
+AC_DEFUN([AC_DISABLE_SHARED],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_SHARED(no)
+])# AC_DISABLE_SHARED
+
+
+# AC_ENABLE_STATIC([DEFAULT])
+# ---------------------------
+# implement the --enable-static flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_STATIC],
+[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([static],
+ [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+ [build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_static=]AC_ENABLE_STATIC_DEFAULT)
+])# AC_ENABLE_STATIC
+
+
+# AC_DISABLE_STATIC
+# -----------------
+# set the default static flag to --disable-static
+AC_DEFUN([AC_DISABLE_STATIC],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)
+])# AC_DISABLE_STATIC
+
+
+# AC_ENABLE_FAST_INSTALL([DEFAULT])
+# ---------------------------------
+# implement the --enable-fast-install flag
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_FAST_INSTALL],
+[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([fast-install],
+ [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+ [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT)
+])# AC_ENABLE_FAST_INSTALL
+
+
+# AC_DISABLE_FAST_INSTALL
+# -----------------------
+# set the default to --disable-fast-install
+AC_DEFUN([AC_DISABLE_FAST_INSTALL],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_FAST_INSTALL(no)
+])# AC_DISABLE_FAST_INSTALL
+
+
+# AC_LIBTOOL_PICMODE([MODE])
+# --------------------------
+# implement the --with-pic flag
+# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+AC_DEFUN([AC_LIBTOOL_PICMODE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+pic_mode=ifelse($#,1,$1,default)
+])# AC_LIBTOOL_PICMODE
+
+
+# AC_PROG_EGREP
+# -------------
+# This is predefined starting with Autoconf 2.54, so this conditional
+# definition can be removed once we require Autoconf 2.54 or later.
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP],
+[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep],
+ [if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+ then ac_cv_prog_egrep='grep -E'
+ else ac_cv_prog_egrep='egrep'
+ fi])
+ EGREP=$ac_cv_prog_egrep
+ AC_SUBST([EGREP])
+])])
+
+
+# AC_PATH_TOOL_PREFIX
+# -------------------
+# find a file program which can recognise shared library
+AC_DEFUN([AC_PATH_TOOL_PREFIX],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] | ?:[\\/]*])
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word. This closes a longstanding sh security hole.
+ ac_dummy="ifelse([$2], , $PATH, [$2])"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$1; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ AC_MSG_RESULT($MAGIC_CMD)
+else
+ AC_MSG_RESULT(no)
+fi
+])# AC_PATH_TOOL_PREFIX
+
+
+# AC_PATH_MAGIC
+# -------------
+# find a file program which can recognise a shared library
+AC_DEFUN([AC_PATH_MAGIC],
+[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+ else
+ MAGIC_CMD=:
+ fi
+fi
+])# AC_PATH_MAGIC
+
+
+# AC_PROG_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([AC_PROG_LD],
+[AC_ARG_WITH([gnu-ld],
+ [AC_HELP_STRING([--with-gnu-ld],
+ [assume the C compiler uses GNU ld @<:@default=no@:>@])],
+ [test "$withval" = no || with_gnu_ld=yes],
+ [with_gnu_ld=no])
+AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by $CC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]]* | ?:[[\\/]]*)
+ re_direlt='/[[^/]][[^/]]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_PROG_LD_GNU
+])# AC_PROG_LD
+
+
+# AC_PROG_LD_GNU
+# --------------
+AC_DEFUN([AC_PROG_LD_GNU],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# AC_PROG_LD_GNU
+
+
+# AC_PROG_LD_RELOAD_FLAG
+# ----------------------
+# find reload flag for linker
+# -- PORTME Some linkers may need a different reload flag.
+AC_DEFUN([AC_PROG_LD_RELOAD_FLAG],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+ lt_cv_ld_reload_flag,
+ [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+])# AC_PROG_LD_RELOAD_FLAG
+
+
+# AC_DEPLIBS_CHECK_METHOD
+# -----------------------
+# how to check for library dependencies
+# -- PORTME fill in with the dynamic library characteristics
+AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
+[AC_CACHE_CHECK([how to recognise dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[[45]]*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix3*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+nto-qnx*)
+ lt_cv_deplibs_check_method=unknown
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+])# AC_DEPLIBS_CHECK_METHOD
+
+
+# AC_PROG_NM
+# ----------
+# find the pathname to a BSD-compatible name lister
+AC_DEFUN([AC_PROG_NM],
+[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM,
+[if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi])
+NM="$lt_cv_path_NM"
+])# AC_PROG_NM
+
+
+# AC_CHECK_LIBM
+# -------------
+# check for math library
+AC_DEFUN([AC_CHECK_LIBM],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+ # These system don't have libm, or don't need it
+ ;;
+*-ncr-sysv4.3*)
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+ ;;
+*)
+ AC_CHECK_LIB(m, cos, LIBM="-lm")
+ ;;
+esac
+])# AC_CHECK_LIBM
+
+
+# AC_LIBLTDL_CONVENIENCE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl convenience library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-convenience to the configure arguments. Note that
+# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided,
+# it is assumed to be `libltdl'. LIBLTDL will be prefixed with
+# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/'
+# (note the single quotes!). If your package is not flat and you're not
+# using automake, define top_builddir and top_srcdir appropriately in
+# the Makefiles.
+AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ case $enable_ltdl_convenience in
+ no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+ "") enable_ltdl_convenience=yes
+ ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+ esac
+ LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
+ LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+ # For backwards non-gettext consistent compatibility...
+ INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_CONVENIENCE
+
+
+# AC_LIBLTDL_INSTALLABLE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl installable library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-install to the configure arguments. Note that
+# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided,
+# and an installed libltdl is not found, it is assumed to be `libltdl'.
+# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with
+# '${top_srcdir}/' (note the single quotes!). If your package is not
+# flat and you're not using automake, define top_builddir and top_srcdir
+# appropriately in the Makefiles.
+# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+ AC_CHECK_LIB(ltdl, lt_dlinit,
+ [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
+ [if test x"$enable_ltdl_install" = xno; then
+ AC_MSG_WARN([libltdl not installed, but installation disabled])
+ else
+ enable_ltdl_install=yes
+ fi
+ ])
+ if test x"$enable_ltdl_install" = x"yes"; then
+ ac_configure_args="$ac_configure_args --enable-ltdl-install"
+ LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
+ LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+ else
+ ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+ LIBLTDL="-lltdl"
+ LTDLINCL=
+ fi
+ # For backwards non-gettext consistent compatibility...
+ INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_INSTALLABLE
+
+
+# AC_LIBTOOL_CXX
+# --------------
+# enable support for C++ libraries
+AC_DEFUN([AC_LIBTOOL_CXX],
+[AC_REQUIRE([_LT_AC_LANG_CXX])
+])# AC_LIBTOOL_CXX
+
+
+# _LT_AC_LANG_CXX
+# ---------------
+AC_DEFUN([_LT_AC_LANG_CXX],
+[AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX])
+])# _LT_AC_LANG_CXX
+
+# _LT_AC_PROG_CXXCPP
+# ------------------
+AC_DEFUN([_LT_AC_PROG_CXXCPP],
+[
+AC_REQUIRE([AC_PROG_CXX])
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+fi
+])# _LT_AC_PROG_CXXCPP
+
+# AC_LIBTOOL_F77
+# --------------
+# enable support for Fortran 77 libraries
+AC_DEFUN([AC_LIBTOOL_F77],
+[AC_REQUIRE([_LT_AC_LANG_F77])
+])# AC_LIBTOOL_F77
+
+
+# _LT_AC_LANG_F77
+# ---------------
+AC_DEFUN([_LT_AC_LANG_F77],
+[AC_REQUIRE([AC_PROG_F77])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77])
+])# _LT_AC_LANG_F77
+
+
+# AC_LIBTOOL_GCJ
+# --------------
+# enable support for GCJ libraries
+AC_DEFUN([AC_LIBTOOL_GCJ],
+[AC_REQUIRE([_LT_AC_LANG_GCJ])
+])# AC_LIBTOOL_GCJ
+
+
+# _LT_AC_LANG_GCJ
+# ---------------
+AC_DEFUN([_LT_AC_LANG_GCJ],
+[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[],
+ [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[],
+ [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])],
+ [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])],
+ [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ])
+])# _LT_AC_LANG_GCJ
+
+
+# AC_LIBTOOL_RC
+# -------------
+# enable support for Windows resource files
+AC_DEFUN([AC_LIBTOOL_RC],
+[AC_REQUIRE([LT_AC_PROG_RC])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC])
+])# AC_LIBTOOL_RC
+
+
+# AC_LIBTOOL_LANG_C_CONFIG
+# ------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG])
+AC_DEFUN([_LT_AC_LANG_C_CONFIG],
+[lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF
+
+# Report which library types will actually be built
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_C_CONFIG
+
+
+# AC_LIBTOOL_LANG_CXX_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)])
+AC_DEFUN([_LT_AC_LANG_CXX_CONFIG],
+[AC_LANG_PUSH(C++)
+AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Dependencies to place before and after the object being linked:
+_LT_AC_TAGVAR(predep_objects, $1)=
+_LT_AC_TAGVAR(postdep_objects, $1)=
+_LT_AC_TAGVAR(predeps, $1)=
+_LT_AC_TAGVAR(postdeps, $1)=
+_LT_AC_TAGVAR(compiler_lib_search_path, $1)=
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+ $as_unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+ $as_unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+else
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+fi
+
+if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+ AC_PROG_LD
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+ grep 'no-whole-archive' > /dev/null; then
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+_LT_AC_TAGVAR(ld_shlibs, $1)=yes
+case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_AC_TAGVAR(archive_cmds, $1)=''
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ else
+ # We have old collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GXX" = yes ; then
+ lt_int_apple_cc_single_mod=no
+ output_verbose_link_cmd='echo'
+ if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+ lt_int_apple_cc_single_mod=yes
+ fi
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ fi
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ freebsd[[12]]*)
+ # C++ shared libraries reported to be fairly broken before switch to ELF
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ freebsd-elf*)
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+ gnu*)
+ ;;
+ hpux9*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ ;;
+ *)
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ interix3*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+ fi
+ fi
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+ esac
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc*)
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ esac
+ ;;
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ m88k*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ openbsd*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd='echo'
+ ;;
+ osf3*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+ $rm $lib.exp'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+ psos*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The C++ compiler is used as linker so we must use $wl
+ # flag to pass the commands to the underlying system
+ # linker. We must also pass each convience library through
+ # to the system linker between allextract/defaultextract.
+ # The C++ compiler will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if $CC --version | grep -v '^2\.7' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ fi
+
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ fi
+ ;;
+ esac
+ ;;
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ # So that behaviour is only enabled if SCOABSPATH is set to a
+ # non-empty value in the environment. Most likely only useful for
+ # creating official distributions of packages.
+ # This is a hack until libtool officially supports absolute path
+ # names for shared libraries.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+esac
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_AC_TAGVAR(GCC, $1)="$GXX"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_POSTDEP_PREDEP($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+])# AC_LIBTOOL_LANG_CXX_CONFIG
+
+# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME])
+# ------------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library. It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+ifelse([$1],[],[cat > conftest.$ac_ext <<EOF
+int a;
+void foo (void) { a = 0; }
+EOF
+],[$1],[CXX],[cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+EOF
+],[$1],[F77],[cat > conftest.$ac_ext <<EOF
+ subroutine foo
+ implicit none
+ integer*4 a
+ a=0
+ return
+ end
+EOF
+],[$1],[GCJ],[cat > conftest.$ac_ext <<EOF
+public class foo {
+ private int a;
+ public void bar (void) {
+ a = 0;
+ }
+};
+EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ # The `*' in the case matches for architectures that use `case' in
+ # $output_verbose_cmd can trigger glob expansion during the loop
+ # eval without this substitution.
+ output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
+
+ for p in `eval $output_verbose_link_cmd`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" \
+ || test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$_LT_AC_TAGVAR(compiler_lib_search_path, $1)"; then
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ else
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${_LT_AC_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$_LT_AC_TAGVAR(postdeps, $1)"; then
+ _LT_AC_TAGVAR(postdeps, $1)="${prev}${p}"
+ else
+ _LT_AC_TAGVAR(postdeps, $1)="${_LT_AC_TAGVAR(postdeps, $1)} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$_LT_AC_TAGVAR(predep_objects, $1)"; then
+ _LT_AC_TAGVAR(predep_objects, $1)="$p"
+ else
+ _LT_AC_TAGVAR(predep_objects, $1)="$_LT_AC_TAGVAR(predep_objects, $1) $p"
+ fi
+ else
+ if test -z "$_LT_AC_TAGVAR(postdep_objects, $1)"; then
+ _LT_AC_TAGVAR(postdep_objects, $1)="$p"
+ else
+ _LT_AC_TAGVAR(postdep_objects, $1)="$_LT_AC_TAGVAR(postdep_objects, $1) $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$rm -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+ifelse([$1],[CXX],
+[case $host_os in
+interix3*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ _LT_AC_TAGVAR(predep_objects,$1)=
+ _LT_AC_TAGVAR(postdep_objects,$1)=
+ _LT_AC_TAGVAR(postdeps,$1)=
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ _LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun'
+ ;;
+ esac
+ ;;
+esac
+])
+
+case " $_LT_AC_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+])# AC_LIBTOOL_POSTDEP_PREDEP
+
+# AC_LIBTOOL_LANG_F77_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG], [_LT_AC_LANG_F77_CONFIG(F77)])
+AC_DEFUN([_LT_AC_LANG_F77_CONFIG],
+[AC_REQUIRE([AC_PROG_F77])
+AC_LANG_PUSH(Fortran 77)
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code=" subroutine t\n return\n end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=" program t\n end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+_LT_AC_TAGVAR(GCC, $1)="$G77"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_F77_CONFIG
+
+
+# AC_LIBTOOL_LANG_GCJ_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG], [_LT_AC_LANG_GCJ_CONFIG(GCJ)])
+AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_GCJ_CONFIG
+
+
+# AC_LIBTOOL_LANG_RC_CONFIG
+# -------------------------
+# Ensure that the configuration vars for the Windows resource compiler are
+# suitably defined. Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG], [_LT_AC_LANG_RC_CONFIG(RC)])
+AC_DEFUN([_LT_AC_LANG_RC_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_RC_CONFIG
+
+
+# AC_LIBTOOL_CONFIG([TAGNAME])
+# ----------------------------
+# If TAGNAME is not passed, then create an initial libtool script
+# with a default configuration from the untagged config vars. Otherwise
+# add code to config.status for appending the configuration named by
+# TAGNAME from the matching tagged config vars.
+AC_DEFUN([AC_LIBTOOL_CONFIG],
+[# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ _LT_AC_TAGVAR(compiler, $1) \
+ _LT_AC_TAGVAR(CC, $1) \
+ _LT_AC_TAGVAR(LD, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1) \
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) \
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1) \
+ _LT_AC_TAGVAR(thread_safe_flag_spec, $1) \
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1) \
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) \
+ _LT_AC_TAGVAR(old_archive_cmds, $1) \
+ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) \
+ _LT_AC_TAGVAR(predep_objects, $1) \
+ _LT_AC_TAGVAR(postdep_objects, $1) \
+ _LT_AC_TAGVAR(predeps, $1) \
+ _LT_AC_TAGVAR(postdeps, $1) \
+ _LT_AC_TAGVAR(compiler_lib_search_path, $1) \
+ _LT_AC_TAGVAR(archive_cmds, $1) \
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1) \
+ _LT_AC_TAGVAR(postinstall_cmds, $1) \
+ _LT_AC_TAGVAR(postuninstall_cmds, $1) \
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) \
+ _LT_AC_TAGVAR(allow_undefined_flag, $1) \
+ _LT_AC_TAGVAR(no_undefined_flag, $1) \
+ _LT_AC_TAGVAR(export_symbols_cmds, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) \
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1) \
+ _LT_AC_TAGVAR(hardcode_automatic, $1) \
+ _LT_AC_TAGVAR(module_cmds, $1) \
+ _LT_AC_TAGVAR(module_expsym_cmds, $1) \
+ _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \
+ _LT_AC_TAGVAR(exclude_expsyms, $1) \
+ _LT_AC_TAGVAR(include_expsyms, $1); do
+
+ case $var in
+ _LT_AC_TAGVAR(old_archive_cmds, $1) | \
+ _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) | \
+ _LT_AC_TAGVAR(archive_cmds, $1) | \
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1) | \
+ _LT_AC_TAGVAR(module_cmds, $1) | \
+ _LT_AC_TAGVAR(module_expsym_cmds, $1) | \
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) | \
+ _LT_AC_TAGVAR(export_symbols_cmds, $1) | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\[$]0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\[$]0 --fallback-echo"[$]/[$]0 --fallback-echo"/'`
+ ;;
+ esac
+
+ifelse([$1], [],
+ [cfgfile="${ofile}T"
+ trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+ $rm -f "$cfgfile"
+ AC_MSG_NOTICE([creating $ofile])],
+ [cfgfile="$ofile"])
+
+ cat <<__EOF__ >> "$cfgfile"
+ifelse([$1], [],
+[#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG],
+[# ### BEGIN LIBTOOL TAG CONFIG: $tagname])
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_[]_LT_AC_TAGVAR(compiler, $1)
+
+# Is the compiler the GNU C compiler?
+with_gcc=$_LT_AC_TAGVAR(GCC, $1)
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_[]_LT_AC_TAGVAR(LD, $1)
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1)
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1)
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1)
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1)
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1)
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1)
+archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1)
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1)
+module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1)
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1)
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1)
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1)
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1)
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1)
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1)
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1)
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1)
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1)
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1)
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1)
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1)
+
+# Symbols that must always be exported.
+include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1)
+
+ifelse([$1],[],
+[# ### END LIBTOOL CONFIG],
+[# ### END LIBTOOL TAG CONFIG: $tagname])
+
+__EOF__
+
+ifelse([$1],[], [
+ case $host_os in
+ aix3*)
+ cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+EOF
+ ;;
+ esac
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" || \
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+])
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+])# AC_LIBTOOL_CONFIG
+
+
+# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+
+_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+ AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+ lt_cv_prog_compiler_rtti_exceptions,
+ [-fno-rtti -fno-exceptions], [],
+ [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI
+
+
+# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+# ---------------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
+[AC_REQUIRE([AC_CANONICAL_HOST])
+AC_REQUIRE([AC_PROG_NM])
+AC_REQUIRE([AC_OBJEXT])
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[[BCDT]]'
+ ;;
+cygwin* | mingw* | pw32*)
+ symcode='[[ABCDGISTW]]'
+ ;;
+hpux*) # Its linker distinguishes data from code symbols
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDEGRST]]'
+ fi
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ ;;
+linux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDGIRSTW]]'
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[[BCDEGRST]]'
+ ;;
+osf*)
+ symcode='[[BCDEGQRST]]'
+ ;;
+solaris*)
+ symcode='[[BDRT]]'
+ ;;
+sco3.2v5*)
+ symcode='[[DT]]'
+ ;;
+sysv4.2uw2*)
+ symcode='[[DT]]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[[ABDT]]'
+ ;;
+sysv4)
+ symcode='[[DFNSTU]]'
+ ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+ if AC_TRY_EVAL(ac_compile); then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if grep ' nm_test_var$' "$nlist" >/dev/null; then
+ if grep ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+ cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ lt_ptr_t address;
+}
+lt_preloaded_symbols[[]] =
+{
+EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+ cat <<\EOF >> conftest.$ac_ext
+ {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+ cat conftest.$ac_ext >&5
+ fi
+ rm -f conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ AC_MSG_RESULT(failed)
+else
+ AC_MSG_RESULT(ok)
+fi
+]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+
+
+# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME])
+# ---------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC],
+[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+ ifelse([$1],[CXX],[
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | os2* | pw32*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix4* | aix5*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ fi
+ ;;
+ aCC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ icpc* | ecpc*)
+ # Intel C++
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler.
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd*)
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+],
+[
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC (with -KPIC) is the default.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ newsos6)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ ccc*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All Alpha code is PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All OSF/1 code is PIC.
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ solaris*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ unicos*)
+ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+
+ uts4*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works],
+ _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1),
+ [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [],
+ [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in
+ "" | " "*) ;;
+ *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+ esac],
+ [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ *)
+ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])"
+ ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\"
+AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+ _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1),
+ $lt_tmp_static_flag,
+ [],
+ [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=])
+])
+
+
+# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME])
+# ------------------------------------
+# See if the linker supports building shared libraries.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS],
+[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ifelse([$1],[CXX],[
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix4* | aix5*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ ;;
+ cygwin* | mingw*)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ *)
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+],[
+ runpath_var=
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+ _LT_AC_TAGVAR(archive_cmds, $1)=
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)=
+ _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ _LT_AC_TAGVAR(thread_safe_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=no
+ _LT_AC_TAGVAR(module_cmds, $1)=
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)=
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ _LT_AC_TAGVAR(include_expsyms, $1)=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ _LT_CC_BASENAME([$compiler])
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=no
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ interix3*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+
+ if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then
+ runpath_var=
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_AC_TAGVAR(archive_cmds, $1)=''
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ else
+ # We have old collect2
+ _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ _LT_AC_SYS_LIBPATH_AIX
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ # see comment about different semantics on the GNU ld section
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ bsdi[[45]]*)
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+ _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[[012]])
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ freebsd1*)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ newsos6)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ openbsd*)
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ else
+ case $host_os in
+ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ ;;
+ *)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ else
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ solaris*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;;
+ *)
+ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+ _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no
+ ;;
+ motorola)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4.3*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*)
+ _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ _LT_AC_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+ # Assume -lc should be added
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $_LT_AC_TAGVAR(archive_cmds, $1) in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+ pic_flag=$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1)
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1)
+ then
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)])
+ ;;
+ esac
+ fi
+ ;;
+esac
+])# AC_LIBTOOL_PROG_LD_SHLIBS
+
+
+# _LT_AC_FILE_LTDLL_C
+# -------------------
+# Be careful that the start marker always follows a newline.
+AC_DEFUN([_LT_AC_FILE_LTDLL_C], [
+# /* ltdll.c starts here */
+# #define WIN32_LEAN_AND_MEAN
+# #include <windows.h>
+# #undef WIN32_LEAN_AND_MEAN
+# #include <stdio.h>
+#
+# #ifndef __CYGWIN__
+# # ifdef __CYGWIN32__
+# # define __CYGWIN__ __CYGWIN32__
+# # endif
+# #endif
+#
+# #ifdef __cplusplus
+# extern "C" {
+# #endif
+# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
+# #ifdef __cplusplus
+# }
+# #endif
+#
+# #ifdef __CYGWIN__
+# #include <cygwin/cygwin_dll.h>
+# DECLARE_CYGWIN_DLL( DllMain );
+# #endif
+# HINSTANCE __hDllInstance_base;
+#
+# BOOL APIENTRY
+# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
+# {
+# __hDllInstance_base = hInst;
+# return TRUE;
+# }
+# /* ltdll.c ends here */
+])# _LT_AC_FILE_LTDLL_C
+
+
+# _LT_AC_TAGVAR(VARNAME, [TAGNAME])
+# ---------------------------------
+AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])])
+
+
+# old names
+AC_DEFUN([AM_PROG_LIBTOOL], [AC_PROG_LIBTOOL])
+AC_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AC_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+AC_DEFUN([AM_PROG_LD], [AC_PROG_LD])
+AC_DEFUN([AM_PROG_NM], [AC_PROG_NM])
+
+# This is just to silence aclocal about the macro not being used
+ifelse([AC_DISABLE_FAST_INSTALL])
+
+AC_DEFUN([LT_AC_PROG_GCJ],
+[AC_CHECK_TOOL(GCJ, gcj, no)
+ test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ AC_SUBST(GCJFLAGS)
+])
+
+AC_DEFUN([LT_AC_PROG_RC],
+[AC_CHECK_TOOL(RC, windres, no)
+])
+
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_SED. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+# LT_AC_PROG_SED
+# --------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible. Prefer GNU sed if found.
+AC_DEFUN([LT_AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+])
+SED=$lt_cv_path_SED
+AC_MSG_RESULT([$SED])
+])
+
+# Copyright (C) 2002, 2003, 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.10'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version. Point them to the right macro.
+m4_if([$1], [1.10], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too. Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.10])dnl
+_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 12
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.60])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+ [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AM_PROG_INSTALL_SH
+AM_PROG_INSTALL_STRIP
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+ [_AM_DEPENDENCIES(OBJC)],
+ [define([AC_PROG_OBJC],
+ defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $1 | $1:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_PROG_LEX
+# -----------
+# Autoconf leaves LEX=: if lex or flex can't be found. Change that to a
+# "missing" invocation, for better error output.
+AC_DEFUN([AM_PROG_LEX],
+[AC_PREREQ(2.50)dnl
+AC_REQUIRE([AM_MISSING_HAS_RUN])dnl
+AC_REQUIRE([AC_PROG_LEX])dnl
+if test "$LEX" = :; then
+ LEX=${am_missing_run}flex
+fi])
+
+# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
+# From Jim Meyering
+
+# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+AC_DEFUN([AM_MAINTAINER_MODE],
+[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
+ dnl maintainer-mode is disabled by default
+ AC_ARG_ENABLE(maintainer-mode,
+[ --enable-maintainer-mode enable make rules and dependencies not useful
+ (and sometimes confusing) to the casual installer],
+ USE_MAINTAINER_MODE=$enableval,
+ USE_MAINTAINER_MODE=no)
+ AC_MSG_RESULT([$USE_MAINTAINER_MODE])
+ AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes])
+ MAINT=$MAINTAINER_MODE_TRUE
+ AC_SUBST(MAINT)dnl
+]
+)
+
+AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
+
+# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_PROG_CC_C_O
+# --------------
+# Like AC_PROG_CC_C_O, but changed for automake.
+AC_DEFUN([AM_PROG_CC_C_O],
+[AC_REQUIRE([AC_PROG_CC_C_O])dnl
+AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([compile])dnl
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+ac_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
+ # Losing compiler, so override with the script.
+ # FIXME: It is wrong to rewrite CC.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__CC in this case,
+ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+ CC="$am_aux_dir/compile $CC"
+fi
+dnl Make sure AC_PROG_CC is never called again, or it will override our
+dnl setting of CC.
+m4_define([AC_PROG_CC],
+ [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+ [[\\/$]]* | ?:[[\\/]]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t $srcdir/configure conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
+m4_include([cf/aix.m4])
+m4_include([cf/auth-modules.m4])
+m4_include([cf/autobuild.m4])
+m4_include([cf/broken-getaddrinfo.m4])
+m4_include([cf/broken-glob.m4])
+m4_include([cf/broken-realloc.m4])
+m4_include([cf/broken-snprintf.m4])
+m4_include([cf/broken.m4])
+m4_include([cf/broken2.m4])
+m4_include([cf/c-attribute.m4])
+m4_include([cf/capabilities.m4])
+m4_include([cf/check-compile-et.m4])
+m4_include([cf/check-getpwnam_r-posix.m4])
+m4_include([cf/check-man.m4])
+m4_include([cf/check-netinet-ip-and-tcp.m4])
+m4_include([cf/check-type-extra.m4])
+m4_include([cf/check-var.m4])
+m4_include([cf/check-x.m4])
+m4_include([cf/check-xau.m4])
+m4_include([cf/crypto.m4])
+m4_include([cf/db.m4])
+m4_include([cf/destdirs.m4])
+m4_include([cf/dlopen.m4])
+m4_include([cf/find-func-no-libs.m4])
+m4_include([cf/find-func-no-libs2.m4])
+m4_include([cf/find-func.m4])
+m4_include([cf/find-if-not-broken.m4])
+m4_include([cf/framework-security.m4])
+m4_include([cf/have-struct-field.m4])
+m4_include([cf/have-type.m4])
+m4_include([cf/irix.m4])
+m4_include([cf/krb-bigendian.m4])
+m4_include([cf/krb-func-getlogin.m4])
+m4_include([cf/krb-ipv6.m4])
+m4_include([cf/krb-prog-ln-s.m4])
+m4_include([cf/krb-readline.m4])
+m4_include([cf/krb-struct-spwd.m4])
+m4_include([cf/krb-struct-winsize.m4])
+m4_include([cf/largefile.m4])
+m4_include([cf/mips-abi.m4])
+m4_include([cf/misc.m4])
+m4_include([cf/need-proto.m4])
+m4_include([cf/osfc2.m4])
+m4_include([cf/otp.m4])
+m4_include([cf/proto-compat.m4])
+m4_include([cf/pthreads.m4])
+m4_include([cf/resolv.m4])
+m4_include([cf/retsigtype.m4])
+m4_include([cf/roken-frag.m4])
+m4_include([cf/socket-wrapper.m4])
+m4_include([cf/sunos.m4])
+m4_include([cf/telnet.m4])
+m4_include([cf/test-package.m4])
+m4_include([cf/version-script.m4])
+m4_include([cf/wflags.m4])
+m4_include([cf/win32.m4])
+m4_include([cf/with-all.m4])
+m4_include([acinclude.m4])
Added: vendor-crypto/heimdal/dist/admin/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/admin/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/admin/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add man_MANS to EXTRA_DIST
+
+ * Makefile.am: split build files into dist_ and noinst_ SOURCES
+
+2005-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ktutil.c: rename optind to optidx
+
+ * list.c: make a copy of realm and admin_server to avoid
+ un-consting avoid shadowing
+
+ * get.c: make a copy of realm and admin_server to avoid
+ un-consting avoid shadowing
+
+ * change.c (change_entry): just use global context to avoid
+ shadowing; make a copy of realm and admin_server to avoid
+ un-consting.
+
+2005-05-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * change.c (kt_change): plug memory leak from
+ krb5_kt_remove_entry, print principal on error.
+
+2005-05-02 Dave Love <d.love at dl.ac.uk>
+
+ * ktutil.c (help): Don't use non-constant initializer for `fake'.
+
+2005-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ktutil_locl.h: include <hex.h>
+
+2005-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add.c: add option -H --hex to the add command
+
+ * ktutil-commands.in: add option -H --hex to the add command
+
+ * ktutil.8: document option -H --hex to the add command
+
+2004-09-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * list.c: un c99'ify, from Anders.Magnusson at ltu.se
+
+2004-09-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * purge.c: convert to slc; don't purge keys older that a certain
+ time, instead purge keys that have newer versions that are at
+ least a certain age
+
+ * rename.c: convert to slc
+
+ * remove.c: convert to slc
+
+ * get.c: convert to slc; warn if resetting disallow-all-tix
+
+ * copy.c: convert to slc
+
+ * change.c: convert to slc
+
+ * add.c: convert to slc
+
+ * list.c: convert to slc
+
+ * ktutil_locl.h: convert to slc
+
+ * ktutil.c: convert to slc
+
+ * ktutil-commands.in: slc source file
Added: vendor-crypto/heimdal/dist/admin/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/admin/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/admin/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto)
+
+SLC = $(top_builddir)/lib/sl/slc
+
+man_MANS = ktutil.8
+
+sbin_PROGRAMS = ktutil
+
+dist_ktutil_SOURCES = \
+ add.c \
+ change.c \
+ copy.c \
+ get.c \
+ ktutil.c \
+ ktutil_locl.h \
+ list.c \
+ purge.c \
+ remove.c \
+ rename.c
+
+nodist_ktutil_SOURCES = \
+ ktutil-commands.c
+
+$(ktutil_OBJECTS): ktutil-commands.h
+
+CLEANFILES = ktutil-commands.h ktutil-commands.c
+
+ktutil-commands.c ktutil-commands.h: ktutil-commands.in
+ $(SLC) $(srcdir)/ktutil-commands.in
+
+LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_readline) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS) ktutil-commands.in
Added: vendor-crypto/heimdal/dist/admin/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/admin/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/admin/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,867 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+sbin_PROGRAMS = ktutil$(EXEEXT)
+subdir = admin
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
+sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(sbin_PROGRAMS)
+dist_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \
+ get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \
+ remove.$(OBJEXT) rename.$(OBJEXT)
+nodist_ktutil_OBJECTS = ktutil-commands.$(OBJEXT)
+ktutil_OBJECTS = $(dist_ktutil_OBJECTS) $(nodist_ktutil_OBJECTS)
+ktutil_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(dist_ktutil_SOURCES) $(nodist_ktutil_SOURCES)
+DIST_SOURCES = $(dist_ktutil_SOURCES)
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_readline) $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SLC = $(top_builddir)/lib/sl/slc
+man_MANS = ktutil.8
+dist_ktutil_SOURCES = \
+ add.c \
+ change.c \
+ copy.c \
+ get.c \
+ ktutil.c \
+ ktutil_locl.h \
+ list.c \
+ purge.c \
+ remove.c \
+ rename.c
+
+nodist_ktutil_SOURCES = \
+ ktutil-commands.c
+
+CLEANFILES = ktutil-commands.h ktutil-commands.c
+LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_readline) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS) ktutil-commands.in
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps admin/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps admin/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+ done
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES)
+ @rm -f ktutil$(EXEEXT)
+ $(LINK) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libtool clean-sbinPROGRAMS ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man8 install-pdf install-pdf-am install-ps \
+ install-ps-am install-sbinPROGRAMS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook uninstall-man \
+ uninstall-man8 uninstall-sbinPROGRAMS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(ktutil_OBJECTS): ktutil-commands.h
+
+ktutil-commands.c ktutil-commands.h: ktutil-commands.in
+ $(SLC) $(srcdir)/ktutil-commands.in
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/admin/add.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/add.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/add.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: add.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static char *
+readstring(const char *prompt, char *buf, size_t len)
+{
+ printf("%s", prompt);
+ if (fgets(buf, len, stdin) == NULL)
+ return NULL;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ return buf;
+}
+
+int
+kt_add(struct add_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_keytab keytab;
+ krb5_keytab_entry entry;
+ char buf[1024];
+ krb5_enctype enctype;
+
+ if((keytab = ktutil_open_keytab()) == NULL)
+ return 1;
+
+ memset(&entry, 0, sizeof(entry));
+ if(opt->principal_string == NULL) {
+ if(readstring("Principal: ", buf, sizeof(buf)) == NULL)
+ return 1;
+ opt->principal_string = buf;
+ }
+ ret = krb5_parse_name(context, opt->principal_string, &entry.principal);
+ if(ret) {
+ krb5_warn(context, ret, "%s", opt->principal_string);
+ goto out;
+ }
+ if(opt->enctype_string == NULL) {
+ if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) {
+ ret = 1;
+ goto out;
+ }
+ opt->enctype_string = buf;
+ }
+ ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
+ if(ret) {
+ int t;
+ if(sscanf(opt->enctype_string, "%d", &t) == 1)
+ enctype = t;
+ else {
+ krb5_warn(context, ret, "%s", opt->enctype_string);
+ goto out;
+ }
+ }
+ if(opt->kvno_integer == -1) {
+ if(readstring("Key version: ", buf, sizeof(buf)) == NULL) {
+ ret = 1;
+ goto out;
+ }
+ if(sscanf(buf, "%u", &opt->kvno_integer) != 1)
+ goto out;
+ }
+ if(opt->password_string == NULL && opt->random_flag == 0) {
+ if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
+ ret = 1;
+ goto out;
+ }
+ opt->password_string = buf;
+ }
+ if(opt->password_string) {
+ if (opt->hex_flag) {
+ size_t len;
+ void *data;
+
+ len = (strlen(opt->password_string) + 1) / 2;
+
+ data = malloc(len);
+ if (data == NULL) {
+ krb5_warn(context, ENOMEM, "malloc");
+ goto out;
+ }
+
+ if (hex_decode(opt->password_string, data, len) != len) {
+ free(data);
+ krb5_warn(context, ENOMEM, "hex decode failed");
+ goto out;
+ }
+
+ ret = krb5_keyblock_init(context, enctype,
+ data, len, &entry.keyblock);
+ free(data);
+ } else if (!opt->salt_flag) {
+ krb5_salt salt;
+ krb5_data pw;
+
+ salt.salttype = KRB5_PW_SALT;
+ salt.saltvalue.data = NULL;
+ salt.saltvalue.length = 0;
+ pw.data = (void*)opt->password_string;
+ pw.length = strlen(opt->password_string);
+ ret = krb5_string_to_key_data_salt(context, enctype, pw, salt,
+ &entry.keyblock);
+ } else {
+ ret = krb5_string_to_key(context, enctype, opt->password_string,
+ entry.principal, &entry.keyblock);
+ }
+ memset (opt->password_string, 0, strlen(opt->password_string));
+ } else {
+ ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock);
+ }
+ if(ret) {
+ krb5_warn(context, ret, "add");
+ goto out;
+ }
+ entry.vno = opt->kvno_integer;
+ entry.timestamp = time (NULL);
+ ret = krb5_kt_add_entry(context, keytab, &entry);
+ if(ret)
+ krb5_warn(context, ret, "add");
+ out:
+ krb5_kt_free_entry(context, &entry);
+ krb5_kt_close(context, keytab);
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/admin/change.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/change.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/change.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: change.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static krb5_error_code
+change_entry (krb5_keytab keytab,
+ krb5_principal principal, krb5_kvno kvno,
+ const char *realm, const char *admin_server, int server_port)
+{
+ krb5_error_code ret;
+ kadm5_config_params conf;
+ void *kadm_handle;
+ char *client_name;
+ krb5_keyblock *keys;
+ int num_keys;
+ int i;
+
+ ret = krb5_unparse_name (context, principal, &client_name);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_unparse_name");
+ return ret;
+ }
+
+ memset (&conf, 0, sizeof(conf));
+
+ if(realm == NULL)
+ realm = krb5_principal_get_realm(context, principal);
+ conf.realm = strdup(realm);
+ if (conf.realm == NULL) {
+ free (client_name);
+ krb5_set_error_string(context, "malloc failed");
+ return ENOMEM;
+ }
+ conf.mask |= KADM5_CONFIG_REALM;
+
+ if (admin_server) {
+ conf.admin_server = strdup(admin_server);
+ if (conf.admin_server == NULL) {
+ free(client_name);
+ free(conf.realm);
+ krb5_set_error_string(context, "malloc failed");
+ return ENOMEM;
+ }
+ conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ }
+
+ if (server_port) {
+ conf.kadmind_port = htons(server_port);
+ conf.mask |= KADM5_CONFIG_KADMIND_PORT;
+ }
+
+ ret = kadm5_init_with_skey_ctx (context,
+ client_name,
+ keytab_string,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ free(conf.admin_server);
+ free(conf.realm);
+ if (ret) {
+ krb5_warn (context, ret,
+ "kadm5_c_init_with_skey_ctx: %s:", client_name);
+ free (client_name);
+ return ret;
+ }
+ ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
+ kadm5_destroy (kadm_handle);
+ if (ret) {
+ krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name);
+ free (client_name);
+ return ret;
+ }
+ free (client_name);
+ for (i = 0; i < num_keys; ++i) {
+ krb5_keytab_entry new_entry;
+
+ new_entry.principal = principal;
+ new_entry.timestamp = time (NULL);
+ new_entry.vno = kvno + 1;
+ new_entry.keyblock = keys[i];
+
+ ret = krb5_kt_add_entry (context, keytab, &new_entry);
+ if (ret)
+ krb5_warn (context, ret, "krb5_kt_add_entry");
+ krb5_free_keyblock_contents (context, &keys[i]);
+ }
+ return ret;
+}
+
+/*
+ * loop over all the entries in the keytab (or those given) and change
+ * their keys, writing the new keys
+ */
+
+struct change_set {
+ krb5_principal principal;
+ krb5_kvno kvno;
+};
+
+int
+kt_change (struct change_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_keytab keytab;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry;
+ int i, j, max;
+ struct change_set *changeset;
+ int errors = 0;
+
+ if((keytab = ktutil_open_keytab()) == NULL)
+ return 1;
+
+ j = 0;
+ max = 0;
+ changeset = NULL;
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if(ret){
+ krb5_warn(context, ret, "%s", keytab_string);
+ goto out;
+ }
+
+ while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
+ int add = 0;
+
+ for (i = 0; i < j; ++i) {
+ if (krb5_principal_compare (context, changeset[i].principal,
+ entry.principal)) {
+ if (changeset[i].kvno < entry.vno)
+ changeset[i].kvno = entry.vno;
+ break;
+ }
+ }
+ if (i < j) {
+ krb5_kt_free_entry (context, &entry);
+ continue;
+ }
+
+ if (argc == 0) {
+ add = 1;
+ } else {
+ for (i = 0; i < argc; ++i) {
+ krb5_principal princ;
+
+ ret = krb5_parse_name (context, argv[i], &princ);
+ if (ret) {
+ krb5_warn (context, ret, "%s", argv[i]);
+ continue;
+ }
+ if (krb5_principal_compare (context, princ, entry.principal))
+ add = 1;
+
+ krb5_free_principal (context, princ);
+ }
+ }
+
+ if (add) {
+ if (j >= max) {
+ void *tmp;
+
+ max = max(max * 2, 1);
+ tmp = realloc (changeset, max * sizeof(*changeset));
+ if (tmp == NULL) {
+ krb5_kt_free_entry (context, &entry);
+ krb5_warnx (context, "realloc: out of memory");
+ ret = ENOMEM;
+ break;
+ }
+ changeset = tmp;
+ }
+ ret = krb5_copy_principal (context, entry.principal,
+ &changeset[j].principal);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_copy_principal");
+ krb5_kt_free_entry (context, &entry);
+ break;
+ }
+ changeset[j].kvno = entry.vno;
+ ++j;
+ }
+ krb5_kt_free_entry (context, &entry);
+ }
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+
+ if (ret == KRB5_KT_END) {
+ ret = 0;
+ for (i = 0; i < j; i++) {
+ if (verbose_flag) {
+ char *client_name;
+
+ ret = krb5_unparse_name (context, changeset[i].principal,
+ &client_name);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_unparse_name");
+ } else {
+ printf("Changing %s kvno %d\n",
+ client_name, changeset[i].kvno);
+ free(client_name);
+ }
+ }
+ ret = change_entry (keytab,
+ changeset[i].principal, changeset[i].kvno,
+ opt->realm_string,
+ opt->admin_server_string,
+ opt->server_port_integer);
+ if (ret != 0)
+ errors = 1;
+ }
+ } else
+ errors = 1;
+ for (i = 0; i < j; i++)
+ krb5_free_principal (context, changeset[i].principal);
+ free (changeset);
+
+ out:
+ krb5_kt_close(context, keytab);
+ return errors;
+}
Added: vendor-crypto/heimdal/dist/admin/copy.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/copy.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/copy.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: copy.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+
+static krb5_boolean
+compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b)
+{
+ if(a->keytype != b->keytype ||
+ a->keyvalue.length != b->keyvalue.length ||
+ memcmp(a->keyvalue.data, b->keyvalue.data, a->keyvalue.length) != 0)
+ return FALSE;
+ return TRUE;
+}
+
+static int
+kt_copy_int (const char *from, const char *to)
+{
+ krb5_error_code ret;
+ krb5_keytab src_keytab, dst_keytab;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry, dummy;
+
+ ret = krb5_kt_resolve (context, from, &src_keytab);
+ if (ret) {
+ krb5_warn (context, ret, "resolving src keytab `%s'", from);
+ return 1;
+ }
+
+ ret = krb5_kt_resolve (context, to, &dst_keytab);
+ if (ret) {
+ krb5_kt_close (context, src_keytab);
+ krb5_warn (context, ret, "resolving dst keytab `%s'", to);
+ return 1;
+ }
+
+ ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
+ goto out;
+ }
+
+ if (verbose_flag)
+ fprintf(stderr, "copying %s to %s\n", from, to);
+
+ while((ret = krb5_kt_next_entry(context, src_keytab,
+ &entry, &cursor)) == 0) {
+ char *name_str;
+ char *etype_str;
+ ret = krb5_unparse_name (context, entry.principal, &name_str);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_unparse_name");
+ name_str = NULL; /* XXX */
+ }
+ ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_enctype_to_string");
+ etype_str = NULL; /* XXX */
+ }
+ ret = krb5_kt_get_entry(context, dst_keytab,
+ entry.principal,
+ entry.vno,
+ entry.keyblock.keytype,
+ &dummy);
+ if(ret == 0) {
+ /* this entry is already in the new keytab, so no need to
+ copy it; if the keyblocks are not the same, something
+ is weird, so complain about that */
+ if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) {
+ krb5_warnx(context, "entry with different keyvalue "
+ "already exists for %s, keytype %s, kvno %d",
+ name_str, etype_str, entry.vno);
+ }
+ krb5_kt_free_entry(context, &dummy);
+ krb5_kt_free_entry (context, &entry);
+ free(name_str);
+ free(etype_str);
+ continue;
+ } else if(ret != KRB5_KT_NOTFOUND) {
+ krb5_warn (context, ret, "%s: fetching %s/%s/%u",
+ to, name_str, etype_str, entry.vno);
+ krb5_kt_free_entry (context, &entry);
+ free(name_str);
+ free(etype_str);
+ break;
+ }
+ if (verbose_flag)
+ fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str,
+ etype_str, entry.vno);
+ ret = krb5_kt_add_entry (context, dst_keytab, &entry);
+ krb5_kt_free_entry (context, &entry);
+ if (ret) {
+ krb5_warn (context, ret, "%s: adding %s/%s/%u",
+ to, name_str, etype_str, entry.vno);
+ free(name_str);
+ free(etype_str);
+ break;
+ }
+ free(name_str);
+ free(etype_str);
+ }
+ krb5_kt_end_seq_get (context, src_keytab, &cursor);
+
+ out:
+ krb5_kt_close (context, src_keytab);
+ krb5_kt_close (context, dst_keytab);
+ return ret != 0;
+}
+
+int
+kt_copy (void *opt, int argc, char **argv)
+{
+ return kt_copy_int(argv[0], argv[1]);
+}
+
+int
+srvconv(struct srvconvert_options *opt, int argc, char **argv)
+{
+ char kt4[1024], kt5[1024];
+
+ snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string);
+
+ if(keytab_string != NULL)
+ return kt_copy_int(kt4, keytab_string);
+
+ krb5_kt_default_modify_name(context, kt5, sizeof(kt5));
+ return kt_copy_int(kt4, kt5);
+}
+
+int
+srvcreate(struct srvcreate_options *opt, int argc, char **argv)
+{
+ char kt4[1024], kt5[1024];
+
+ snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string);
+
+ if(keytab_string != NULL)
+ return kt_copy_int(keytab_string, kt4);
+
+ krb5_kt_default_name(context, kt5, sizeof(kt5));
+ return kt_copy_int(kt5, kt4);
+}
Added: vendor-crypto/heimdal/dist/admin/get.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/get.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/get.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: get.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static void*
+open_kadmin_connection(char *principal,
+ const char *realm,
+ char *admin_server,
+ int server_port)
+{
+ static kadm5_config_params conf;
+ krb5_error_code ret;
+ void *kadm_handle;
+ memset(&conf, 0, sizeof(conf));
+
+ if(realm) {
+ conf.realm = strdup(realm);
+ if (conf.realm == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return NULL;
+ }
+ conf.mask |= KADM5_CONFIG_REALM;
+ }
+
+ if (admin_server) {
+ conf.admin_server = admin_server;
+ conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ }
+
+ if (server_port) {
+ conf.kadmind_port = htons(server_port);
+ conf.mask |= KADM5_CONFIG_KADMIND_PORT;
+ }
+
+ /* should get realm from each principal, instead of doing
+ everything with the same (local) realm */
+
+ ret = kadm5_init_with_password_ctx(context,
+ principal,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ free(conf.realm);
+ if(ret) {
+ krb5_warn(context, ret, "kadm5_init_with_password");
+ return NULL;
+ }
+ return kadm_handle;
+}
+
+int
+kt_get(struct get_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ krb5_keytab keytab;
+ void *kadm_handle = NULL;
+ krb5_enctype *etypes = NULL;
+ size_t netypes = 0;
+ int i, j;
+ unsigned int failed = 0;
+
+ if((keytab = ktutil_open_keytab()) == NULL)
+ return 1;
+
+ if(opt->realm_string)
+ krb5_set_default_realm(context, opt->realm_string);
+
+ if (opt->enctypes_strings.num_strings != 0) {
+
+ etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_warnx(context, "malloc failed");
+ goto out;
+ }
+ netypes = opt->enctypes_strings.num_strings;
+ for(i = 0; i < netypes; i++) {
+ ret = krb5_string_to_enctype(context,
+ opt->enctypes_strings.strings[i],
+ &etypes[i]);
+ if(ret) {
+ krb5_warnx(context, "unrecognized enctype: %s",
+ opt->enctypes_strings.strings[i]);
+ goto out;
+ }
+ }
+ }
+
+
+ for(i = 0; i < argc; i++){
+ krb5_principal princ_ent;
+ kadm5_principal_ent_rec princ;
+ int mask = 0;
+ krb5_keyblock *keys;
+ int n_keys;
+ int created = 0;
+ krb5_keytab_entry entry;
+
+ ret = krb5_parse_name(context, argv[i], &princ_ent);
+ if (ret) {
+ krb5_warn(context, ret, "can't parse principal %s", argv[i]);
+ failed++;
+ continue;
+ }
+ memset(&princ, 0, sizeof(princ));
+ princ.principal = princ_ent;
+ mask |= KADM5_PRINCIPAL;
+ princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ mask |= KADM5_ATTRIBUTES;
+ princ.princ_expire_time = 0;
+ mask |= KADM5_PRINC_EXPIRE_TIME;
+
+ if(kadm_handle == NULL) {
+ const char *r;
+ if(opt->realm_string != NULL)
+ r = opt->realm_string;
+ else
+ r = krb5_principal_get_realm(context, princ_ent);
+ kadm_handle = open_kadmin_connection(opt->principal_string,
+ r,
+ opt->admin_server_string,
+ opt->server_port_integer);
+ if(kadm_handle == NULL)
+ break;
+ }
+
+ ret = kadm5_create_principal(kadm_handle, &princ, mask, "x");
+ if(ret == 0)
+ created = 1;
+ else if(ret != KADM5_DUP) {
+ krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
+ krb5_free_principal(context, princ_ent);
+ failed++;
+ continue;
+ }
+ ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
+ if (ret) {
+ krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
+ krb5_free_principal(context, princ_ent);
+ failed++;
+ continue;
+ }
+
+ ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
+ KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
+ if (ret) {
+ krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
+ for (j = 0; j < n_keys; j++)
+ krb5_free_keyblock_contents(context, &keys[j]);
+ krb5_free_principal(context, princ_ent);
+ failed++;
+ continue;
+ }
+ if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
+ krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
+ princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+ mask = KADM5_ATTRIBUTES;
+ if(created) {
+ princ.kvno = 1;
+ mask |= KADM5_KVNO;
+ }
+ ret = kadm5_modify_principal(kadm_handle, &princ, mask);
+ if (ret) {
+ krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
+ for (j = 0; j < n_keys; j++)
+ krb5_free_keyblock_contents(context, &keys[j]);
+ krb5_free_principal(context, princ_ent);
+ failed++;
+ continue;
+ }
+ for(j = 0; j < n_keys; j++) {
+ int do_add = TRUE;
+
+ if (netypes) {
+ int k;
+
+ do_add = FALSE;
+ for (k = 0; k < netypes; ++k)
+ if (keys[j].keytype == etypes[k]) {
+ do_add = TRUE;
+ break;
+ }
+ }
+ if (do_add) {
+ entry.principal = princ_ent;
+ entry.vno = princ.kvno;
+ entry.keyblock = keys[j];
+ entry.timestamp = time (NULL);
+ ret = krb5_kt_add_entry(context, keytab, &entry);
+ if (ret)
+ krb5_warn(context, ret, "krb5_kt_add_entry");
+ }
+ krb5_free_keyblock_contents(context, &keys[j]);
+ }
+
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ krb5_free_principal(context, princ_ent);
+ }
+ out:
+ free(etypes);
+ if (kadm_handle)
+ kadm5_destroy(kadm_handle);
+ krb5_kt_close(context, keytab);
+ return ret != 0 || failed > 0;
+}
Added: vendor-crypto/heimdal/dist/admin/ktutil-commands.in
===================================================================
--- vendor-crypto/heimdal/dist/admin/ktutil-commands.in (rev 0)
+++ vendor-crypto/heimdal/dist/admin/ktutil-commands.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: ktutil-commands.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $ */
+
+command = {
+ name = "add"
+ option = {
+ long = "principal"
+ short = "p"
+ type = "string"
+ help = "principal to add"
+ argument = "principal"
+ default = ""
+ }
+ option = {
+ long = "kvno"
+ short = "V"
+ type = "integer"
+ help = "key version number"
+ default = "-1"
+ }
+ option = {
+ long = "enctype"
+ short = "e"
+ type = "string"
+ argument = "enctype"
+ help = "encryption type"
+ }
+ option = {
+ long = "password"
+ short = "w"
+ type = "string"
+ help = "password for key"
+ }
+ option = {
+ long = "salt"
+ short = "s"
+ type = "-flag"
+ help = "use unsalted keys"
+ default = "1"
+ }
+ option = {
+ long = "random"
+ short = "r"
+ type = "flag"
+ help = "generate random key"
+ }
+ option = {
+ long = "hex"
+ short = "H"
+ type = "flag"
+ help = "password is a hexadecimal string"
+ }
+ function = "kt_add"
+ help = "Adds a key to a keytab."
+ max_args = "0"
+}
+command = {
+ name = "change"
+ option = {
+ long = "realm"
+ short = "r"
+ type = "string"
+ argument = "realm"
+ help = "realm to use"
+ }
+ option = {
+ long = "admin-server"
+ short = "a"
+ type = "string"
+ argument = "host"
+ help = "server to contact"
+ }
+ option = {
+ long = "server-port"
+ short = "s"
+ type = "integer"
+ argument = "port number"
+ help = "port number on server"
+ }
+ function = "kt_change"
+ argument = "[principal...]"
+ help = "Change keys for specified principals (default all)."
+}
+command = {
+ name = "copy"
+ function = "kt_copy"
+ argument = "source destination"
+ min_args = "2"
+ max_args = "2"
+ help = "Copies one keytab to another."
+}
+command = {
+ name = "get"
+ option = {
+ long = "principal"
+ short = "p"
+ type = "string"
+ help = "admin principal"
+ argument = "principal"
+ }
+ option = {
+ long = "enctypes"
+ short = "e"
+ type = "strings"
+ help = "encryption types to use"
+ argument = "enctype"
+ }
+ option = {
+ long = "realm"
+ short = "r"
+ type = "string"
+ argument = "realm"
+ help = "realm to use"
+ }
+ option = {
+ long = "admin-server"
+ short = "a"
+ type = "string"
+ argument = "host"
+ help = "server to contact"
+ }
+ option = {
+ long = "server-port"
+ short = "s"
+ type = "integer"
+ argument = "port number"
+ help = "port number on server"
+ }
+ function = "kt_get"
+ min_args = "1"
+ argument = "principal..."
+ help = "Change keys for specified principals, and add them to the keytab."
+}
+command = {
+ name = "list"
+ option = {
+ long = "keys"
+ type = "flag"
+ help = "show key values"
+ }
+ option = {
+ long = "timestamp"
+ type = "flag"
+ help = "show timestamps"
+ }
+ max_args = "0"
+ function = "kt_list"
+ help = "Show contents of keytab."
+}
+command = {
+ name = "purge"
+ option = {
+ long = "age"
+ type = "string"
+ help = "age to retiere"
+ default = "1 week";
+ argument = "time"
+ }
+ max_args = "0"
+ function = "kt_purge"
+ help = "Remove superceded keys from keytab."
+}
+command = {
+ name = "remove"
+ name = "delete"
+ option = {
+ long = "principal"
+ short = "p"
+ type = "string"
+ help = "principal to remove"
+ argument = "principal"
+ }
+ option = {
+ long = "kvno"
+ short = "V"
+ type = "integer"
+ help = "key version to remove"
+ argument = "enctype"
+ default = "0"
+ }
+ option = {
+ long = "enctype"
+ short = "e"
+ type = "string"
+ help = "enctype to remove"
+ argument = "enctype"
+ }
+ max_args = "0"
+ function = "kt_remove"
+ help = "Remove keys from keytab."
+}
+command = {
+ name = "rename"
+ function = "kt_rename"
+ argument = "from to"
+ min_args = "2"
+ max_args = "2"
+ help = "Renames an entry in the keytab."
+}
+command = {
+ name = "srvconvert"
+ name = "srv2keytab"
+ option = {
+ long = "srvtab"
+ short = "s"
+ type = "string"
+ argument = "file"
+ help = "name of Kerberos 4 srvtab"
+ default = "/etc/srvtab"
+ }
+ max_args = "0"
+ function = "srvconv"
+ help = "Convert a Kerberos 4 srvtab to a keytab."
+}
+command = {
+ name = "srvcreate"
+ name = "key2srvtab"
+ option = {
+ long = "srvtab"
+ short = "s"
+ type = "string"
+ argument = "file"
+ help = "name of Kerberos 4 srvtab"
+ default = "/etc/srvtab"
+ }
+ max_args = "0"
+ function = "srvcreate"
+ help = "Convert a keytab to a Kerberos 4 srvtab."
+}
+command = {
+ name = "help"
+ argument = "command"
+ max_args = "1"
+ function = "help"
+}
Added: vendor-crypto/heimdal/dist/admin/ktutil.8
===================================================================
--- vendor-crypto/heimdal/dist/admin/ktutil.8 (rev 0)
+++ vendor-crypto/heimdal/dist/admin/ktutil.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,196 @@
+.\" Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: ktutil.8,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd April 14, 2005
+.Dt KTUTIL 8
+.Os HEIMDAL
+.Sh NAME
+.Nm ktutil
+.Nd manage Kerberos keytabs
+.Sh SYNOPSIS
+.Nm
+.Oo Fl k Ar keytab \*(Ba Xo
+.Fl -keytab= Ns Ar keytab
+.Xc
+.Oc
+.Op Fl v | Fl -verbose
+.Op Fl -version
+.Op Fl h | Fl -help
+.Ar command
+.Op Ar args
+.Sh DESCRIPTION
+.Nm
+is a program for managing keytabs.
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl v ,
+.Fl -verbose
+.Xc
+Verbose output.
+.El
+.Pp
+.Ar command
+can be one of the following:
+.Bl -tag -width srvconvert
+.It add Xo
+.Op Fl p Ar principal
+.Op Fl -principal= Ns Ar principal
+.Op Fl V Ar kvno
+.Op Fl -kvno= Ns Ar kvno
+.Op Fl e Ar enctype
+.Op Fl -enctype= Ns Ar enctype
+.Op Fl w Ar password
+.Op Fl -password= Ns Ar password
+.Op Fl r
+.Op Fl -random
+.Op Fl s
+.Op Fl -no-salt
+.Op Fl H
+.Op Fl -hex
+.Xc
+Adds a key to the keytab. Options that are not specified will be
+prompted for. This requires that you know the password or the hex key of the
+principal to add; if what you really want is to add a new principal to
+the keytab, you should consider the
+.Ar get
+command, which talks to the kadmin server.
+.It change Xo
+.Op Fl r Ar realm
+.Op Fl -realm= Ns Ar realm
+.Op Fl -a Ar host
+.Op Fl -admin-server= Ns Ar host
+.Op Fl -s Ar port
+.Op Fl -server-port= Ns Ar port
+.Xc
+Update one or several keys to new versions. By default, use the admin
+server for the realm of a keytab entry. Otherwise it will use the
+values specified by the options.
+.Pp
+If no principals are given, all the ones in the keytab are updated.
+.It copy Xo
+.Ar keytab-src
+.Ar keytab-dest
+.Xc
+Copies all the entries from
+.Ar keytab-src
+to
+.Ar keytab-dest .
+.It get Xo
+.Op Fl p Ar admin principal
+.Op Fl -principal= Ns Ar admin principal
+.Op Fl e Ar enctype
+.Op Fl -enctypes= Ns Ar enctype
+.Op Fl r Ar realm
+.Op Fl -realm= Ns Ar realm
+.Op Fl a Ar admin server
+.Op Fl -admin-server= Ns Ar admin server
+.Op Fl s Ar server port
+.Op Fl -server-port= Ns Ar server port
+.Ar principal ...
+.Xc
+For each
+.Ar principal ,
+generate a new key for it (creating it if it doesn't already exist),
+and put that key in the keytab.
+.Pp
+If no
+.Ar realm
+is specified, the realm to operate on is taken from the first
+principal.
+.It list Xo
+.Op Fl -keys
+.Op Fl -timestamp
+.Xc
+List the keys stored in the keytab.
+.It remove Xo
+.Op Fl p Ar principal
+.Op Fl -principal= Ns Ar principal
+.Op Fl V kvno
+.Op Fl -kvno= Ns Ar kvno
+.Op Fl e enctype
+.Op Fl -enctype= Ns Ar enctype
+.Xc
+Removes the specified key or keys. Not specifying a
+.Ar kvno
+removes keys with any version number. Not specifying an
+.Ar enctype
+removes keys of any type.
+.It rename Xo
+.Ar from-principal
+.Ar to-principal
+.Xc
+Renames all entries in the keytab that match the
+.Ar from-principal
+to
+.Ar to-principal .
+.It purge Xo
+.Op Fl -age= Ns Ar age
+.Xc
+Removes all old versions of a key for which there is a newer version
+that is at least
+.Ar age
+(default one week) old.
+.It srvconvert
+.It srv2keytab Xo
+.Op Fl s Ar srvtab
+.Op Fl -srvtab= Ns Ar srvtab
+.Xc
+Converts the version 4 srvtab in
+.Ar srvtab
+to a version 5 keytab and stores it in
+.Ar keytab .
+Identical to:
+.Bd -ragged -offset indent
+.Li ktutil copy
+.Li krb4: Ns Ar srvtab
+.Ar keytab
+.Ed
+.It srvcreate
+.It key2srvtab Xo
+.Op Fl s Ar srvtab
+.Op Fl -srvtab= Ns Ar srvtab
+.Xc
+Converts the version 5 keytab in
+.Ar keytab
+to a version 4 srvtab and stores it in
+.Ar srvtab .
+Identical to:
+.Bd -ragged -offset indent
+.Li ktutil copy
+.Ar keytab
+.Li krb4: Ns Ar srvtab
+.Ed
+.El
+.Sh SEE ALSO
+.Xr kadmin 8
Added: vendor-crypto/heimdal/dist/admin/ktutil.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/ktutil.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/ktutil.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,174 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+#include <err.h>
+
+RCSID("$Id: ktutil.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int help_flag;
+static int version_flag;
+int verbose_flag;
+char *keytab_string;
+static char keytab_buf[256];
+
+static struct getargs args[] = {
+ {
+ "version",
+ 0,
+ arg_flag,
+ &version_flag,
+ NULL,
+ NULL
+ },
+ {
+ "help",
+ 'h',
+ arg_flag,
+ &help_flag,
+ NULL,
+ NULL
+ },
+ {
+ "keytab",
+ 'k',
+ arg_string,
+ &keytab_string,
+ "keytab",
+ "keytab to operate on"
+ },
+ {
+ "verbose",
+ 'v',
+ arg_flag,
+ &verbose_flag,
+ "verbose",
+ "run verbosely"
+ }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+krb5_context context;
+
+krb5_keytab
+ktutil_open_keytab(void)
+{
+ krb5_error_code ret;
+ krb5_keytab keytab;
+ if (keytab_string == NULL) {
+ ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
+ if (ret) {
+ krb5_warn(context, ret, "krb5_kt_default_name");
+ return NULL;
+ }
+ keytab_string = keytab_buf;
+ }
+ ret = krb5_kt_resolve(context, keytab_string, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_string);
+ return NULL;
+ }
+ if (verbose_flag)
+ fprintf (stderr, "Using keytab %s\n", keytab_string);
+
+ return keytab;
+}
+
+int
+help(void *opt, int argc, char **argv)
+{
+ if(argc == 0) {
+ sl_help(commands, 1, argv - 1 /* XXX */);
+ } else {
+ SL_cmd *c = sl_match (commands, argv[0], 0);
+ if(c == NULL) {
+ fprintf (stderr, "No such command: %s. "
+ "Try \"help\" for a list of commands\n",
+ argv[0]);
+ } else {
+ if(c->func) {
+ char *fake[] = { NULL, "--help", NULL };
+ fake[0] = argv[0];
+ (*c->func)(2, fake);
+ fprintf(stderr, "\n");
+ }
+ if(c->help && *c->help)
+ fprintf (stderr, "%s\n", c->help);
+ if((++c)->name && c->func == NULL) {
+ int f = 0;
+ fprintf (stderr, "Synonyms:");
+ while (c->name && c->func == NULL) {
+ fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
+ f = 1;
+ }
+ fprintf (stderr, "\n");
+ }
+ }
+ }
+ return 0;
+}
+
+static void
+usage(int status)
+{
+ arg_printusage(args, num_args, NULL, "command");
+ exit(status);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+ krb5_error_code ret;
+ setprogname(argv[0]);
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ argc -= optidx;
+ argv += optidx;
+ if(argc == 0)
+ usage(1);
+ ret = sl_command(commands, argc, argv);
+ if(ret == -1)
+ krb5_warnx (context, "unrecognized command: %s", argv[0]);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/admin/ktutil_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/admin/ktutil_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/admin/ktutil_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: ktutil_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+ * $FreeBSD$
+ */
+
+#ifndef __KTUTIL_LOCL_H__
+#define __KTUTIL_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <parse_time.h>
+#include <roken.h>
+
+#include "crypto-headers.h"
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm5_err.h>
+
+#include <sl.h>
+#include <getarg.h>
+#include <hex.h>
+
+extern krb5_context context;
+
+extern int verbose_flag;
+extern char *keytab_string;
+
+krb5_keytab ktutil_open_keytab(void);
+
+#include "ktutil-commands.h"
+
+#endif /* __KTUTIL_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/admin/list.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/list.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/list.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+#include <rtbl.h>
+
+RCSID("$Id: list.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int
+do_list(struct list_options *opt, const char *keytab_str)
+{
+ krb5_error_code ret;
+ krb5_keytab keytab;
+ krb5_keytab_entry entry;
+ krb5_kt_cursor cursor;
+ rtbl_t table;
+
+ /* XXX specialcase the ANY type */
+ if(strncasecmp(keytab_str, "ANY:", 4) == 0) {
+ int flag = 0;
+ char buf[1024];
+ keytab_str += 4;
+ ret = 0;
+ while (strsep_copy((const char**)&keytab_str, ",",
+ buf, sizeof(buf)) != -1) {
+ if(flag)
+ printf("\n");
+ if(do_list(opt, buf))
+ ret = 1;
+ flag = 1;
+ }
+ return ret;
+ }
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if (ret) {
+ krb5_warn(context, ret, "resolving keytab %s", keytab_str);
+ return ret;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_str);
+ krb5_kt_close(context, keytab);
+ return ret;
+ }
+
+ printf ("%s:\n\n", keytab_str);
+
+ table = rtbl_create();
+ rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT);
+ rtbl_add_column_by_id(table, 1, "Type", 0);
+ rtbl_add_column_by_id(table, 2, "Principal", 0);
+ if (opt->timestamp_flag)
+ rtbl_add_column_by_id(table, 3, "Date", 0);
+ if(opt->keys_flag)
+ rtbl_add_column_by_id(table, 4, "Key", 0);
+ rtbl_set_separator(table, " ");
+
+ while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
+ char buf[1024], *s;
+
+ snprintf(buf, sizeof(buf), "%d", entry.vno);
+ rtbl_add_column_entry_by_id(table, 0, buf);
+
+ ret = krb5_enctype_to_string(context,
+ entry.keyblock.keytype, &s);
+ if (ret != 0) {
+ snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype);
+ rtbl_add_column_entry_by_id(table, 1, buf);
+ } else {
+ rtbl_add_column_entry_by_id(table, 1, s);
+ free(s);
+ }
+
+ krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
+ rtbl_add_column_entry_by_id(table, 2, buf);
+
+ if (opt->timestamp_flag) {
+ krb5_format_time(context, entry.timestamp, buf,
+ sizeof(buf), FALSE);
+ rtbl_add_column_entry_by_id(table, 3, buf);
+ }
+ if(opt->keys_flag) {
+ int i;
+ s = malloc(2 * entry.keyblock.keyvalue.length + 1);
+ if (s == NULL) {
+ krb5_warnx(context, "malloc failed");
+ ret = ENOMEM;
+ goto out;
+ }
+ for(i = 0; i < entry.keyblock.keyvalue.length; i++)
+ snprintf(s + 2 * i, 3, "%02x",
+ ((unsigned char*)entry.keyblock.keyvalue.data)[i]);
+ rtbl_add_column_entry_by_id(table, 4, s);
+ free(s);
+ }
+ krb5_kt_free_entry(context, &entry);
+ }
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ rtbl_format(table, stdout);
+
+out:
+ rtbl_destroy(table);
+
+ krb5_kt_close(context, keytab);
+ return ret;
+}
+
+int
+kt_list(struct list_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ char kt[1024];
+
+ if(verbose_flag)
+ opt->timestamp_flag = 1;
+
+ if (keytab_string == NULL) {
+ if((ret = krb5_kt_default_name(context, kt, sizeof(kt))) != 0) {
+ krb5_warn(context, ret, "getting default keytab name");
+ return 1;
+ }
+ keytab_string = kt;
+ }
+ return do_list(opt, keytab_string) != 0;
+}
Added: vendor-crypto/heimdal/dist/admin/purge.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/purge.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/purge.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,172 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: purge.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+/*
+ * keep track of the highest version for every principal.
+ */
+
+struct e {
+ krb5_principal principal;
+ int max_vno;
+ time_t timestamp;
+ struct e *next;
+};
+
+static struct e *
+get_entry (krb5_principal princ, struct e *head)
+{
+ struct e *e;
+
+ for (e = head; e != NULL; e = e->next)
+ if (krb5_principal_compare (context, princ, e->principal))
+ return e;
+ return NULL;
+}
+
+static void
+add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head)
+{
+ krb5_error_code ret;
+ struct e *e;
+
+ e = get_entry (princ, *head);
+ if (e != NULL) {
+ if(e->max_vno < vno) {
+ e->max_vno = vno;
+ e->timestamp = timestamp;
+ }
+ return;
+ }
+ e = malloc (sizeof (*e));
+ if (e == NULL)
+ krb5_errx (context, 1, "malloc: out of memory");
+ ret = krb5_copy_principal (context, princ, &e->principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_copy_principal");
+ e->max_vno = vno;
+ e->timestamp = timestamp;
+ e->next = *head;
+ *head = e;
+}
+
+static void
+delete_list (struct e *head)
+{
+ while (head != NULL) {
+ struct e *next = head->next;
+ krb5_free_principal (context, head->principal);
+ free (head);
+ head = next;
+ }
+}
+
+/*
+ * Remove all entries that have newer versions and that are older
+ * than `age'
+ */
+
+int
+kt_purge(struct purge_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ krb5_kt_cursor cursor;
+ krb5_keytab keytab;
+ krb5_keytab_entry entry;
+ int age;
+ struct e *head = NULL;
+ time_t judgement_day;
+
+ age = parse_time(opt->age_string, "s");
+ if(age < 0) {
+ krb5_warnx(context, "unparasable time `%s'", opt->age_string);
+ return 1;
+ }
+
+ if((keytab = ktutil_open_keytab()) == NULL)
+ return 1;
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if(ret){
+ krb5_warn(context, ret, "%s", keytab_string);
+ goto out;
+ }
+
+ while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
+ add_entry (entry.principal, entry.vno, entry.timestamp, &head);
+ krb5_kt_free_entry(context, &entry);
+ }
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+
+ judgement_day = time (NULL);
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if(ret){
+ krb5_warn(context, ret, "%s", keytab_string);
+ goto out;
+ }
+
+ while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
+ struct e *e = get_entry (entry.principal, head);
+
+ if (e == NULL) {
+ krb5_warnx (context, "ignoring extra entry");
+ continue;
+ }
+
+ if (entry.vno < e->max_vno
+ && judgement_day - e->timestamp > age) {
+ if (verbose_flag) {
+ char *name_str;
+
+ krb5_unparse_name (context, entry.principal, &name_str);
+ printf ("removing %s vno %d\n", name_str, entry.vno);
+ free (name_str);
+ }
+ ret = krb5_kt_remove_entry (context, keytab, &entry);
+ if (ret)
+ krb5_warn (context, ret, "remove");
+ }
+ krb5_kt_free_entry(context, &entry);
+ }
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+
+ delete_list (head);
+
+ out:
+ krb5_kt_close (context, keytab);
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/admin/remove.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/remove.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/remove.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: remove.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+int
+kt_remove(struct remove_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ krb5_keytab_entry entry;
+ krb5_keytab keytab;
+ krb5_principal principal = NULL;
+ krb5_enctype enctype = 0;
+
+ if(opt->principal_string) {
+ ret = krb5_parse_name(context, opt->principal_string, &principal);
+ if(ret) {
+ krb5_warn(context, ret, "%s", opt->principal_string);
+ return 1;
+ }
+ }
+ if(opt->enctype_string) {
+ ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
+ if(ret) {
+ int t;
+ if(sscanf(opt->enctype_string, "%d", &t) == 1)
+ enctype = t;
+ else {
+ krb5_warn(context, ret, "%s", opt->enctype_string);
+ if(principal)
+ krb5_free_principal(context, principal);
+ return 1;
+ }
+ }
+ }
+ if (!principal && !enctype && !opt->kvno_integer) {
+ krb5_warnx(context,
+ "You must give at least one of "
+ "principal, enctype or kvno.");
+ ret = EINVAL;
+ goto out;
+ }
+
+ if((keytab = ktutil_open_keytab()) == NULL) {
+ ret = 1;
+ goto out;
+ }
+
+ entry.principal = principal;
+ entry.keyblock.keytype = enctype;
+ entry.vno = opt->kvno_integer;
+ ret = krb5_kt_remove_entry(context, keytab, &entry);
+ krb5_kt_close(context, keytab);
+ if(ret)
+ krb5_warn(context, ret, "remove");
+ out:
+ if(principal)
+ krb5_free_principal(context, principal);
+ return ret != 0;
+}
+
Added: vendor-crypto/heimdal/dist/admin/rename.c
===================================================================
--- vendor-crypto/heimdal/dist/admin/rename.c (rev 0)
+++ vendor-crypto/heimdal/dist/admin/rename.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2001-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ktutil_locl.h"
+
+RCSID("$Id: rename.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+int
+kt_rename(void *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ krb5_keytab_entry entry;
+ krb5_keytab keytab;
+ krb5_kt_cursor cursor;
+ krb5_principal from_princ, to_princ;
+
+ ret = krb5_parse_name(context, argv[0], &from_princ);
+ if(ret != 0) {
+ krb5_warn(context, ret, "%s", argv[0]);
+ return 1;
+ }
+
+ ret = krb5_parse_name(context, argv[1], &to_princ);
+ if(ret != 0) {
+ krb5_free_principal(context, from_princ);
+ krb5_warn(context, ret, "%s", argv[1]);
+ return 1;
+ }
+
+ if((keytab = ktutil_open_keytab()) == NULL) {
+ krb5_free_principal(context, from_princ);
+ krb5_free_principal(context, to_princ);
+ return 1;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if(ret) {
+ krb5_kt_close(context, keytab);
+ krb5_free_principal(context, from_princ);
+ krb5_free_principal(context, to_princ);
+ return 1;
+ }
+ while(1) {
+ ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
+ if(ret != 0) {
+ if(ret != KRB5_CC_END && ret != KRB5_KT_END)
+ krb5_warn(context, ret, "getting entry from keytab");
+ else
+ ret = 0;
+ break;
+ }
+ if(krb5_principal_compare(context, entry.principal, from_princ)) {
+ krb5_free_principal(context, entry.principal);
+ entry.principal = to_princ;
+ ret = krb5_kt_add_entry(context, keytab, &entry);
+ if(ret) {
+ entry.principal = NULL;
+ krb5_kt_free_entry(context, &entry);
+ krb5_warn(context, ret, "adding entry");
+ break;
+ }
+ entry.principal = from_princ;
+ ret = krb5_kt_remove_entry(context, keytab, &entry);
+ if(ret) {
+ entry.principal = NULL;
+ krb5_kt_free_entry(context, &entry);
+ krb5_warn(context, ret, "removing entry");
+ break;
+ }
+ entry.principal = NULL;
+ }
+ krb5_kt_free_entry(context, &entry);
+ }
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+
+ krb5_free_principal(context, from_princ);
+ krb5_free_principal(context, to_princ);
+
+ return ret != 0;
+}
+
Added: vendor-crypto/heimdal/dist/appl/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+if OTP
+dir_otp = otp
+endif
+if DCE
+dir_dce = dceutils
+endif
+SUBDIRS = \
+ afsutil \
+ ftp \
+ login \
+ $(dir_otp) \
+ gssmask \
+ popper \
+ push \
+ rsh \
+ rcp \
+ su \
+ xnlock \
+ telnet \
+ test \
+ kx \
+ kf \
+ $(dir_dce)
Added: vendor-crypto/heimdal/dist/appl/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,835 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = appl
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = afsutil ftp login otp gssmask popper push rsh rcp su \
+ xnlock telnet test kx kf dceutils
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ at OTP_TRUE@dir_otp = otp
+ at DCE_TRUE@dir_dce = dceutils
+SUBDIRS = \
+ afsutil \
+ ftp \
+ login \
+ $(dir_otp) \
+ gssmask \
+ popper \
+ push \
+ rsh \
+ rcp \
+ su \
+ xnlock \
+ telnet \
+ test \
+ kx \
+ kf \
+ $(dir_dce)
+
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/afsutil/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,125 @@
+2007-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pagsh.1,afslog.1: - options must be lexicographically ordered;
+ again, options without arguments must be placed before options
+ with arguments. - manual page cross references are done using
+ the macro `.Xr', not the macro `.Nm' (used for command names
+ instead).
+
+ From Igor Sobrado.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add man_MANS to EXTRA_DIST
+
+2006-01-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afslog.1: Document options to allow select principal or
+ credential cache when doing afslog.
+
+ * afslog.c: Add options to allow select principal or credential
+ cache when doing afslog.
+
+2005-02-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: man_MANS += pagsh.1
+
+ * pagsh.c: add --cache-type that allows the user to control the
+ resulting credential cache type, inherit the type from the
+ invoking process
+
+ * pagsh.1: manpage for pagsh
+
+2004-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afslog.c: use negative string help string for arg_negative_flag
+ Pointed out by Harald Barth
+
+2004-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pagsh.c: use setprogname, if we stripped off -c, try use the
+ fallback code
+
+2003-10-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * pagsh.c: mkstemp formats must end in exactly six X's
+
+2003-07-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afslog.c (do_afslog): is cell is unset, set it "<default cell>"
+ for error printing
+
+ * pagsh.c: unconditionally set KRBTKFILE
+
+2003-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afslog.c (log_func): drop the error number
+
+2003-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afslog.c: set kafs log function if verbose is turned on
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (LDADD): use LIB_kafs
+
+ * afslog.1: --no-v4, --no-v5
+
+ * Makefile.am: always build afsutils now
+
+ * afslog.c: make build without KRB4
+
+2002-11-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * afslog.c: remove plural form in help string
+
+ * Makefile.am: add afslog manpage
+
+ * afslog.1: manpage
+
+ * afslog.c: try more files when trying to expand a cell name
+
+ * afslog.c: create a list of cells to get tokens for, before
+ actually doing anything, and try to get tokens via krb4 if krb5
+ fails, and give it a chance to work with krb4-only; also some bug
+ fixes, partially from Tomas Olsson.
+
+2002-08-23 Assar Westerlund <assar at kth.se>
+
+ * pagsh.c: make it handle --version/--help
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * afslog.c (main): call free_getarg_strings
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * afslog.c (main): handle krb5_init_context failure consistently
+
+2000-12-25 Assar Westerlund <assar at sics.se>
+
+ * afslog.c: clarify usage strings
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * pagsh.c (main): use mkstemp to generate temporary file names.
+ From Miroslav Ruda <ruda at ics.muni.cz>
+
+1999-07-04 Assar Westerlund <assar at sics.se>
+
+ * afslog.c (expand_cell_name): terminate on #. From Miroslav Ruda
+ <ruda at ics.muni.cz>
+
+1999-06-27 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (bin_PROGRAMS): only include pagsh if KRB4
+
+1999-06-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add pagsh
+
+ * pagsh.c: new file. contributed by Miroslav Ruda <ruda at ics.muni.cz>
+
+Sat Mar 27 12:49:43 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * afslog.c: cleanup option parsing
Added: vendor-crypto/heimdal/dist/appl/afsutil/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,22 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+bin_PROGRAMS = afslog pagsh
+
+afslog_SOURCES = afslog.c
+
+pagsh_SOURCES = pagsh.c
+
+man_MANS = afslog.1 pagsh.1
+
+LDADD = $(LIB_kafs) \
+ $(LIB_krb4) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/afsutil/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,851 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
+subdir = appl/afsutil
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_afslog_OBJECTS = afslog.$(OBJEXT)
+afslog_OBJECTS = $(am_afslog_OBJECTS)
+afslog_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
+ $(am__DEPENDENCIES_1)
+afslog_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_pagsh_OBJECTS = pagsh.$(OBJEXT)
+pagsh_OBJECTS = $(am_pagsh_OBJECTS)
+pagsh_LDADD = $(LDADD)
+pagsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
+DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+afslog_SOURCES = afslog.c
+pagsh_SOURCES = pagsh.c
+man_MANS = afslog.1 pagsh.1
+LDADD = $(LIB_kafs) \
+ $(LIB_krb4) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/afsutil/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/afsutil/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+afslog$(EXEEXT): $(afslog_OBJECTS) $(afslog_DEPENDENCIES)
+ @rm -f afslog$(EXEEXT)
+ $(LINK) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS)
+pagsh$(EXEEXT): $(pagsh_OBJECTS) $(pagsh_DEPENDENCIES)
+ @rm -f pagsh$(EXEEXT)
+ $(LINK) $(pagsh_OBJECTS) $(pagsh_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-hook \
+ uninstall-man uninstall-man1
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/afsutil/afslog.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/afslog.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/afslog.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,153 @@
+.\" Copyright (c) 2002 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: afslog.1,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd November 26, 2002
+.Dt AFSLOG 1
+.Os HEIMDAL
+.Sh NAME
+.Nm afslog
+.Nd
+obtain AFS tokens
+.Sh SYNOPSIS
+.Nm
+.Op Fl h | Fl -help
+.Op Fl -no-v4
+.Op Fl -no-v5
+.Op Fl u | Fl -unlog
+.Op Fl v | Fl -verbose
+.Op Fl -version
+.Oo Fl c Ar cell \*(Ba Xo
+.Fl -cell= Ns Ar cell
+.Xc
+.Oc
+.Oo Fl k Ar realm \*(Ba Xo
+.Fl -realm= Ns Ar realm
+.Xc
+.Oc
+.Oo Fl P Ar principal \*(Ba Xo
+.Fl -principal= Ns Ar principal
+.Xc
+.Oc
+.Bk -words
+.Oo Fl p Ar path \*(Ba Xo
+.Fl -file= Ns Ar path
+.Xc
+.Oc
+.Ek
+.Op Ar cell | path ...
+.Sh DESCRIPTION
+.Nm
+obtains AFS tokens for a number of cells. What cells to get tokens for
+can either be specified as an explicit list, as file paths to get
+tokens for, or be left unspecified, in which case
+.Nm
+will use whatever magic
+.Xr krb_afslog 3
+decides upon.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Fl -no-v4
+This makes
+.Nm
+not try using Kerberos 4.
+.It Fl -no-v5
+This makes
+.Nm
+not try using Kerberos 5.
+.It Xo
+.Fl P Ar principal ,
+.Fl -principal Ar principal
+.Xc
+select what Kerberos 5 principal to use.
+.It Fl -cache Ar cache
+select what Kerberos 5 credential cache to use.
+.Fl -principal
+overrides this option.
+.It Xo
+.Fl u ,
+.Fl -unlog
+.Xc
+Destroy tokens instead of obtaining new. If this is specified, all
+other options are ignored (except for
+.Fl -help
+and
+.Fl -version ) .
+.It Xo
+.Fl v ,
+.Fl -verbose
+.Xc
+Adds more verbosity for what is actually going on.
+.It Xo
+.Fl c Ar cell,
+.Fl -cell= Ns Ar cell
+.Xc
+This specified one or more cell names to get tokens for.
+.It Xo
+.Fl k Ar realm ,
+.Fl -realm= Ns Ar realm
+.Xc
+This is the Kerberos realm the AFS servers live in, this should
+normally not be specified.
+.It Xo
+.Fl p Ar path ,
+.Fl -file= Ns Ar path
+.Xc
+This specified one or more file paths for which tokens should be
+obtained.
+.El
+.Pp
+Instead of using
+.Fl c
+and
+.Fl p ,
+you may also pass a list of cells and file paths after any other
+options. These arguments are considered files if they are either
+the strings
+.Do . Dc
+or
+.Dq ..
+or they contain a slash, or if there exists a file by that name.
+.Sh EXAMPLES
+Assuming that there is no file called
+.Dq openafs.org
+in the current directory, and that
+.Pa /afs/openafs.org
+points to that cell, the follwing should be identical:
+.Bd -literal -offset indent
+$ afslog -c openafs.org
+$ afslog openafs.org
+$ afslog /afs/openafs.org/some/file
+.Ed
+.Sh SEE ALSO
+.Xr krb_afslog 3
Added: vendor-crypto/heimdal/dist/appl/afsutil/afslog.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/afslog.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/afslog.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,322 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: afslog.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+#endif
+#include <ctype.h>
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#endif
+#include <kafs.h>
+#include <roken.h>
+#include <getarg.h>
+#include <err.h>
+
+static int help_flag;
+static int version_flag;
+static getarg_strings cells;
+static char *realm;
+static getarg_strings files;
+static int unlog_flag;
+static int verbose;
+#ifdef KRB4
+static int use_krb4 = 1;
+#endif
+#ifdef KRB5
+static char *client_string;
+static char *cache_string;
+static int use_krb5 = 1;
+#endif
+
+struct getargs args[] = {
+ { "cell", 'c', arg_strings, &cells, "cells to get tokens for", "cell" },
+ { "file", 'p', arg_strings, &files, "files to get tokens for", "path" },
+ { "realm", 'k', arg_string, &realm, "realm for afs cell", "realm" },
+ { "unlog", 'u', arg_flag, &unlog_flag, "remove tokens" },
+#ifdef KRB4
+ { "v4", 0, arg_negative_flag, &use_krb4, "don't use Kerberos 4" },
+#endif
+#ifdef KRB5
+ { "principal",'P',arg_string,&client_string,"principal to use","principal"},
+ { "cache", 0, arg_string, &cache_string, "ccache to use", "cache"},
+ { "v5", 0, arg_negative_flag, &use_krb5, "don't use Kerberos 5" },
+#endif
+ { "verbose",'v', arg_flag, &verbose },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag },
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+#ifdef KRB5
+krb5_context context;
+krb5_ccache id;
+#endif
+
+static const char *
+expand_one_file(FILE *f, const char *cell)
+{
+ static char buf[1024];
+ char *p;
+
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ if(buf[0] == '>') {
+ for(p = buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++)
+ ;
+ *p = '\0';
+ if(strncmp(buf + 1, cell, strlen(cell)) == 0)
+ return buf + 1;
+ }
+ buf[0] = '\0';
+ }
+ return NULL;
+}
+
+static const char *
+expand_cell_name(const char *cell)
+{
+ FILE *f;
+ const char *c;
+ const char **fn, *files[] = { _PATH_CELLSERVDB,
+ _PATH_ARLA_CELLSERVDB,
+ _PATH_OPENAFS_DEBIAN_CELLSERVDB,
+ _PATH_ARLA_DEBIAN_CELLSERVDB,
+ NULL };
+ for(fn = files; *fn; fn++) {
+ f = fopen(*fn, "r");
+ if(f == NULL)
+ continue;
+ c = expand_one_file(f, cell);
+ fclose(f);
+ if(c)
+ return c;
+ }
+ return cell;
+}
+
+static void
+usage(int ecode)
+{
+ arg_printusage(args, num_args, NULL, "[cell|path]...");
+ exit(ecode);
+}
+
+struct cell_list {
+ char *cell;
+ struct cell_list *next;
+} *cell_list;
+
+static int
+afslog_cell(const char *cell, int expand)
+{
+ struct cell_list *p, **q;
+ const char *c = cell;
+ if(expand){
+ c = expand_cell_name(cell);
+ if(c == NULL){
+ warnx("No cell matching \"%s\" found.", cell);
+ return -1;
+ }
+ if(verbose && strcmp(c, cell) != 0)
+ warnx("Cell \"%s\" expanded to \"%s\"", cell, c);
+ }
+ /* add to list of cells to get tokens for, and also remove
+ duplicates; the actual afslog takes place later */
+ for(p = cell_list, q = &cell_list; p; q = &p->next, p = p->next)
+ if(strcmp(p->cell, c) == 0)
+ return 0;
+ p = malloc(sizeof(*p));
+ if(p == NULL)
+ return -1;
+ p->cell = strdup(c);
+ if(p->cell == NULL) {
+ free(p);
+ return -1;
+ }
+ p->next = NULL;
+ *q = p;
+ return 0;
+}
+
+static int
+afslog_file(const char *path)
+{
+ char cell[64];
+ if(k_afs_cell_of_file(path, cell, sizeof(cell))){
+ warnx("No cell found for file \"%s\".", path);
+ return -1;
+ }
+ if(verbose)
+ warnx("File \"%s\" lives in cell \"%s\"", path, cell);
+ return afslog_cell(cell, 0);
+}
+
+static int
+do_afslog(const char *cell)
+{
+ int k5ret, k4ret;
+
+ k5ret = k4ret = 0;
+
+#ifdef KRB5
+ if(context != NULL && id != NULL && use_krb5) {
+ k5ret = krb5_afslog(context, id, cell, realm);
+ if(k5ret == 0)
+ return 0;
+ }
+#endif
+#if KRB4
+ if (use_krb4) {
+ k4ret = krb_afslog(cell, realm);
+ if(k4ret == 0)
+ return 0;
+ }
+#endif
+ if (cell == NULL)
+ cell = "<default cell>";
+#ifdef KRB5
+ if (k5ret)
+ warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret));
+#endif
+#ifdef KRB4
+ if (k4ret)
+ warnx("krb_afslog(%s): %s", cell, krb_get_err_text(k4ret));
+#endif
+ if (k5ret || k4ret)
+ return 1;
+ return 0;
+}
+
+static void
+log_func(void *ctx, const char *str)
+{
+ fprintf(stderr, "%s\n", str);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optind = 0;
+ int i;
+ int num;
+ int ret = 0;
+ int failed = 0;
+ struct cell_list *p;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optind))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(!k_hasafs())
+ errx(1, "AFS does not seem to be present on this machine");
+
+ if(unlog_flag){
+ k_unlog();
+ exit(0);
+ }
+#ifdef KRB5
+ ret = krb5_init_context(&context);
+ if (ret) {
+ context = NULL;
+ } else {
+ if (client_string) {
+ krb5_principal client;
+
+ ret = krb5_parse_name(context, client_string, &client);
+ if (ret == 0)
+ ret = krb5_cc_cache_match(context, client, NULL, &id);
+ if (ret)
+ id = NULL;
+ }
+ if (id == NULL && cache_string) {
+ if(krb5_cc_resolve(context, cache_string, &id) != 0) {
+ krb5_warnx(context, "failed to open kerberos 5 cache '%s'",
+ cache_string);
+ id = NULL;
+ }
+ }
+ if (id == NULL)
+ if(krb5_cc_default(context, &id) != 0)
+ id = NULL;
+ }
+#endif
+
+ if (verbose)
+ kafs_set_verbose(log_func, NULL);
+
+ num = 0;
+ for(i = 0; i < files.num_strings; i++){
+ afslog_file(files.strings[i]);
+ num++;
+ }
+ free_getarg_strings (&files);
+ for(i = 0; i < cells.num_strings; i++){
+ afslog_cell(cells.strings[i], 1);
+ num++;
+ }
+ free_getarg_strings (&cells);
+ for(i = optind; i < argc; i++){
+ num++;
+ if(strcmp(argv[i], ".") == 0 ||
+ strcmp(argv[i], "..") == 0 ||
+ strchr(argv[i], '/') ||
+ access(argv[i], F_OK) == 0)
+ afslog_file(argv[i]);
+ else
+ afslog_cell(argv[i], 1);
+ }
+ if(num == 0) {
+ if(do_afslog(NULL))
+ failed++;
+ } else
+ for(p = cell_list; p; p = p->next) {
+ if(verbose)
+ warnx("Getting tokens for cell \"%s\"", p->cell);
+ if(do_afslog(p->cell))
+ failed++;
+ }
+
+ return failed;
+}
Added: vendor-crypto/heimdal/dist/appl/afsutil/pagsh.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/pagsh.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/pagsh.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+.\" Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: pagsh.1,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd February 12, 2005
+.Dt PAGSH 1
+.Os Heimdal
+.Sh NAME
+.Nm pagsh
+.Nd
+creates a new credential cache sandbox
+.Sh SYNOPSIS
+.Nm
+.Op Fl c
+.Op Fl h | Fl -help
+.Op Fl -version
+.Op Fl -cache-type= Ns Ar string
+.Ar command [args...]
+.Sh DESCRIPTION
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl c
+.Xc
+.It Xo
+.Fl -cache-type= Ns Ar string
+.Xc
+.It Xo
+.Fl h ,
+.Fl -help
+.Xc
+.It Xo
+.Fl -version
+.Xc
+.El
+.Pp
+.Nm
+creates a new credential cache sandbox for the user to live in.
+If AFS is installed on the computer, the user is put in a newly
+created PAG.
+.Pp
+For Kerberos 5, the credential cache type that is used is the same as
+the credential cache type that was used at the time of
+.Nm
+invocation.
+The credential cache type can be controlled by the option
+.Fl -cache-type .
+.Sh EXAMPLES
+Create a new sandbox where new credentials can be used, while the old
+credentials can be used by other processes.
+.Bd -literal -offset indent
+$ klist
+Credentials cache: FILE:/tmp/krb5cc_913
+ Principal: lha at E.KTH.SE
+
+ Issued Expires Principal
+Feb 12 10:08:31 Feb 12 20:06:36 krbtgt/E.KTH.SE at E.KTH.SE
+$ pagsh
+$ klist
+klist: No ticket file: /tmp/krb5cc_03014a
+.Ed
+.Sh SEE ALSO
+.Xr afslog 1
Added: vendor-crypto/heimdal/dist/appl/afsutil/pagsh.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/afsutil/pagsh.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/afsutil/pagsh.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 1995 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: pagsh.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <time.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#endif
+#include <kafs.h>
+
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+#ifndef TKT_ROOT
+#define TKT_ROOT "/tmp/tkt"
+#endif
+
+static int help_flag;
+static int version_flag;
+static int c_flag;
+#ifdef KRB5
+static char *typename_arg;
+#endif
+
+struct getargs getargs[] = {
+ { NULL, 'c', arg_flag, &c_flag },
+#ifdef KRB5
+ { "cache-type", 0, arg_string, &typename_arg },
+#endif
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag },
+};
+
+static int num_args = sizeof(getargs) / sizeof(getargs[0]);
+
+static void
+usage(int ecode)
+{
+ arg_printusage(getargs, num_args, NULL, "command [args...]");
+ exit(ecode);
+}
+
+/*
+ * Run command with a new ticket file / credentials cache / token
+ */
+
+int
+main(int argc, char **argv)
+{
+ int f;
+ char tf[1024];
+ char *p;
+
+ char *path;
+ char **args;
+ int i;
+ int optind = 0;
+
+ setprogname(argv[0]);
+ if(getarg(getargs, num_args, argc, argv, &optind))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+#ifdef KRB5
+ {
+ const krb5_cc_ops *type;
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache id;
+ const char *name;
+
+ ret = krb5_init_context(&context);
+ if (ret) /* XXX should this really call exit ? */
+ errx(1, "no kerberos 5 support");
+
+ if (typename_arg == NULL) {
+ char *s;
+
+ name = krb5_cc_default_name(context);
+ if (name == NULL)
+ krb5_errx(context, 1, "Failed getting default "
+ "credential cache type");
+
+ typename_arg = strdup(name);
+ if (typename_arg == NULL)
+ errx(1, "strdup");
+
+ s = strchr(typename_arg, ':');
+ if (s)
+ *s = '\0';
+ }
+
+ type = krb5_cc_get_prefix_ops(context, typename_arg);
+ if (type == NULL)
+ krb5_err(context, 1, ret, "Failed getting ops for %s "
+ "credential cache", typename_arg);
+
+ ret = krb5_cc_gen_new(context, type, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "Failed generating credential cache");
+
+ name = krb5_cc_get_name(context, id);
+ if (name == NULL)
+ krb5_errx(context, 1, "Generated credential cache have no name");
+
+ snprintf(tf, sizeof(tf), "%s:%s", typename_arg, name);
+
+ ret = krb5_cc_close(context, id);
+ if (ret)
+ krb5_err(context, 1, ret, "Failed closing credential cache");
+
+ krb5_free_context(context);
+
+ esetenv("KRB5CCNAME", tf, 1);
+ }
+#endif
+
+ snprintf (tf, sizeof(tf), "%s_XXXXXX", TKT_ROOT);
+ f = mkstemp (tf);
+ if (f < 0)
+ err(1, "mkstemp failed");
+ close (f);
+ unlink (tf);
+ esetenv("KRBTKFILE", tf, 1);
+
+ i = 0;
+
+ args = (char **) malloc((argc + 10)*sizeof(char *));
+ if (args == NULL)
+ errx (1, "Out of memory allocating %lu bytes",
+ (unsigned long)((argc + 10)*sizeof(char *)));
+
+ if(*argv == NULL) {
+ path = getenv("SHELL");
+ if(path == NULL){
+ struct passwd *pw = k_getpwuid(geteuid());
+ path = strdup(pw->pw_shell);
+ }
+ } else {
+ path = strdup(*argv++);
+ }
+ if (path == NULL)
+ errx (1, "Out of memory copying path");
+
+ p=strrchr(path, '/');
+ if(p)
+ args[i] = strdup(p+1);
+ else
+ args[i] = strdup(path);
+
+ if (args[i++] == NULL)
+ errx (1, "Out of memory copying arguments");
+
+ while(*argv)
+ args[i++] = *argv++;
+
+ args[i++] = NULL;
+
+ if(k_hasafs())
+ k_setpag();
+
+ unsetenv("PAGPID");
+ execvp(path, args);
+ if (errno == ENOENT || c_flag) {
+ char **sh_args = malloc ((i + 2) * sizeof(char *));
+ int j;
+
+ if (sh_args == NULL)
+ errx (1, "Out of memory copying sh arguments");
+ for (j = 1; j < i; ++j)
+ sh_args[j + 2] = args[j];
+ sh_args[0] = "sh";
+ sh_args[1] = "-c";
+ sh_args[2] = path;
+ execv ("/bin/sh", sh_args);
+ }
+ err (1, "execvp");
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1022 @@
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/gssapi.c: Fix pointer vs strict alias rules.
+
+2007-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/security.c: if no mech have no session, its ok, just don't
+ call it.
+
+ * ftp/security.h: provide prototype for sec_userok().
+
+ * move ksetpag after initgroups to make it work on Linux when its
+ without syscall hooks to change sys_setgroups preserve the
+ pag. From Alexsander Bostr\xF6m.
+
+2007-06-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/Makefile.am: don't clean yacc/lex files in CLEANFILES,
+ maintainers clean will do that for us.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/Makefile.am: Add man_MANS to EXTRA_DIST
+
+ * ftp/Makefile.am: Add man_MANS to EXTRA_DIST
+
+2006-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c: Add comment by seteuid call isn't not needed.
+
+ * ftpd/ftpd.c: Check return values from seteuid, prompted by MIT
+ advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+ Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084.
+
+2006-06-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/gss_userok.c (gss_userok): create a local krb5_context and
+ use that instead of the libgssapi context (that might not exist).
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Rename u_intXX_t to uintXX_t
+
+2006-03-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/ftp.1: Add undocument flags and spelling, from Ted Percival
+ <Ted.Percival at quest.com>
+
+2006-02-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.8: fix grammar in --no-insecure-oob option (partly
+ from Thomas Klausner)
+
+2006-01-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/ftp.c: Indent.
+
+2006-01-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (pass): remove unused variable in the !OTP case
+
+2005-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ls.c: Check return value from asprintf instead of string !=
+ NULL since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+ * ftpd/gss_userok.c: Check return value from asprintf instead of
+ string != NULL since it undefined behavior on Linux. From Bj\xF6rn
+ Sandell
+
+ * ftpd/ftpd.c: Check return value from asprintf instead of string
+ != NULL since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+ * ftp/gssapi.c: Check return value from asprintf instead of string
+ != NULL since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+2005-10-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/ftp.1: document -x
+
+ * ftp/security.h: implement cprotect (from MIT)
+
+ * ftp/security.c: add -x (encrypt) option; implement cprotect
+ (from MIT); make sure we CCC if switching to clear-text command
+ channel
+
+ * ftp/cmdtab.c: implement cprotect (from MIT)
+
+ * ftp/ruserpass.c: if doing command line encryption (-x), ignore
+ prot commands in .netrc
+
+ * ftp/ftp_var.h: add -x (encrypt) option
+
+ * ftp/globals.c: add -x (encrypt) option
+
+ * ftp/main.c: add -x (encrypt) option
+
+2005-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpcmd.y: Fix shadow warning.
+
+ * ftp/security.c: Fix shadow warning.
+ * ftp/security.c: Fix shadow warnings.
+
+ * ftp/ruserpass.c: Fix shadow warnings.
+
+ * ftp/ftp.c: Fix shadow warnings.
+
+ * ftp/cmds.c: fix shadow warnings
+
+ * Add Kerberos 5 klist, old patch from Tomas Nystr\xF6m (remove krb4
+ support). Support klist in client for kerberos 5 clase.
+ Clean up delegation of gss tokens and do afslog.
+
+2005-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/gssapi.c (gss_adat): avoid leaking memory
+ (gss_auth): always try next kname if there is one, independant of
+ min_stat
+
+ * ftp/gssapi.c: avoid const warning, use sin4 instead of sin to
+ avoid shadow warning, free target_name
+
+2005-07-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/security.c: keep track of if CCC was passed
+
+ * ftpd/extern.h: variable to keep track of if CCC was passed
+
+ * ftpd/ftpcmd.y: sprinkel check_secure, check if CCC was passed in
+ check_secure
+
+2005-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c (filename_check): change signednes of p to avoid
+ warning, move typecasts
+
+2005-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c: avoid 'unused variable' warnings
+
+2005-05-10 David Love <fx at gnu.org>
+
+ * ftpd/pathnames.h: #ifdef protect _PATH_ISSUE
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/domacro.c: handle string trunctions
+
+2005-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/security.c: use strlcat
+
+ * ftp/domacro.c: use strlcpy
+
+2005-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/security.c: cast size_t to unsigned long
+
+2005-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c (statcmd): cast argument to isdigit to unsigned char
+
+ * ftp/cmds.c (mget): cast char to unsigned char to make sure its
+ not negative when passing it to tolower
+
+2005-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/ftp.c: fix 3 'var' might be used uninitialized warnings
+
+2005-04-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/cmds.c: MacOS is also a unix that doesn't define
+ __unix__/unix While here, rewrite this part of the function to not
+ modify that string, but rather take a copy of it and them modify
+ is, all this just to pacify gcc
+
+2005-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/domacro.c: cast argument to is* to unsigned char
+
+ * ftp/ftp.c: cast argument to tolower to unsigned char
+
+2004-08-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/ftp.c: send ABOR protect with security layer if its there
+
+ * ftpd/{ftpd_locl.h, extern.h, ftpcmd.y, ftpd.8, ftpd.c}:
+ Remove all traces of setjmp/longjmp.
+ Handle those command that is needed in oobhandler,
+ those are ABOR, STAT, ENC, CONF, MIC.
+ add options to turn off insecure OOB handling and document the option
+
+ Changes inspired by openbsd and netbsd changes but quite diffrent is
+ most places since the code no longer look and is structured the same
+ way.
+
+2004-08-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/main.c: reverse help strings for --no-gss-bindings and
+ --no-gss-delegate
+
+2004-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpcmd.y: make cbuf 64k to handle lager tickets From:
+ MAAAAA MOOOR <huaraz at btinternet.com>
+
+2004-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c (main): setpag if there is krb4 OR krb5 support
+
+2003-12-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/security.h: add ftp_do_gss_delegate
+
+ * ftp/main.c (getargs): negative flag for delegating gss creds
+
+ * ftp/gssapi.c (ftp_do_gss_delegate): delegate creds (default on)
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/ftp.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * ftp/cmds.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+2003-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/security.h: add ftp_do_gss_bindings
+
+ * ftp/ftp.1: fix mdoc bug
+
+ * ftp/ftp.1: document --no-gss-bindings
+
+ * ftp/gssapi.c: Optionally support gss bindings, client does it by
+ default, server not. This is to make it work for clients behind
+ NAT.
+
+ * ftp/main.c (args): add gss-bindings
+ (main): set ftp_do_gss_bindings to 1 to make client use them
+
+ * ftpd/ftpd.c (args): add gss-bindings
+
+ * ftpd/ftpd.8: document --gss-bindings
+
+2003-06-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/gssapi.c (gss_adat): fix name allocation bug
+
+2003-05-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/gss_userok.c (gss_userok): release delegated cred handle
+
+ * ftp/gssapi.c (gss_adat): remove poking inside the delegated
+ handle, also fixes problem where to much memory was allocated
+
+ * ftpd/gss_userok.c (gss_userok): remove poking inside the
+ delegated handle
+
+2003-05-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpcmd.y: support afslog <cell> and afslog when compiled
+ with krb5
+
+2003-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/cmdtab.c: include afslog in both the krb4 and krb5 case
+
+ * ftp/kauth.c: include afslog in both the krb4 and krb5 case
+
+ * ftp/Makefile.am: always include auth.c
+
+2003-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/Makefile.am: always include auth.c
+
+ * ftpd/kauth.c: do afslog in the krb5 case too
+
+2003-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/ftp.1: replace > with \*[Gt]
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c: make sure argument to is* functions are unsigned
+
+2003-04-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.8: s/kerberos/Kerberos/
+
+2003-03-23 Assar Westerlund <assar at kth.se>
+
+ * ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag
+ (its done in main)
+
+ * ftpd/gss_userok.c: drop setpag
+
+ * ftpd/ftpd.c (main): set afs PAG
+
+ * ftpd/gss_userok.c: always try krb5_afslog, and while here do a
+ setpag too
+
+ * ftpd/ftpd_locl.h: always include kafs
+
+2003-03-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/gssapi.c (gss_adat): now that gss_export_name exports a
+ principal, bandaid with gss_display_name, and check that oid is
+ GSS_KRB5_NT_PRINCIPAL_NAME, also free memory
+
+2003-02-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftp/gssapi.c (gss_auth): print out the name we authenticated too
+
+2003-02-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ftpd/ls.c: use readlink with bufsize - 1, From NetBSD
+
+ * ftp/ftp.1: s/utilizes/uses/ from NetBSD
+
+ * ftpd/ftpd.8: s/utilize/use/ from NetBSD
+
+2003-02-10 Assar Westerlund <assar at kth.se>
+
+ * ftpd/ftpd.c (accept_with_timeout): use socklen_t
+
+2002-10-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/main.c: reinstate -n flag (from Torbj\xF6rn Granlund)
+
+2002-10-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/ftp.c: fix parsing of epsv ports (from Love)
+
+2002-09-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/security.c (sec_vfprintf): free encoded data
+
+ * ftp/gssapi.c (gss_decode): release buffer
+
+ * ftp/ftp.c (active_mode): no need to allocate buffer for EPRT
+
+2002-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD)
+
+2002-08-23 Assar Westerlund <assar at kth.se>
+
+ * ftp/main.c: start using getarg
+
+2002-08-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ls.c: uxp/v lacks _S_IFMT, but has S_IFMT
+
+2002-08-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/gssapi.c: remove unused variable
+
+2002-04-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/ftp.c: fix buffer overrun when receiving long replies
+
+2002-04-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/popen.c: make sure gl_pathc != 0 before referencing
+ gl_pathv
+
+2002-03-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/gssapi.c (gss_adat): if accept_sec_context fails, syslog a
+ reason and give a temporary error message
+
+2002-02-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c: if builtin_ls failes, return error
+
+ * ftpd/ls.c (builtin_ls): return status; also don't print fatal
+ error messages to the output stream, instead use syslog
+
+2001-09-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ls.c: make sure we don't include . in recursive listings
+
+2001-09-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (dataconn): don't wait forever on accept
+
+2001-09-04 Assar Westerlund <assar at sics.se>
+
+ * ftp/gssapi.c (gss_adat): leak less memory and check return value
+ from asprintf
+
+2001-08-28 Jacques Vidrine <n at nectar.com>
+
+ * ftpd/ftpd.c, ftpd/ftpd.8: On systems with IP_PORTRANGE, have
+ ftpd use `high-numbered' ports by default. Add a -U option
+ to get the old behavior.
+
+2001-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/gssapi.c: try using "host" if there's no "ftp" principal
+
+2001-08-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ls.c: implement -R
+
+2001-08-08 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c: make -a and -A do the same as in ls(1)
+
+2001-08-05 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpcmd.y: add some (unsigned char) casts to is*
+ * ftp/cmds.c: add some (unsigned char) casts to is*
+ * ftpd/gss_userok.c (gss_userok): make argument to printf type
+ correct
+
+2001-08-05 Assar Westerlund <assar at sics.se>
+
+ * ftp/cmds.c (setpeer): __NetBSD__ is also a unix-like OS
+
+2001-06-19 Assar Westerlund <assar at sics.se>
+
+ * ftpd/popen.c, ftpd/ftpd.c: try to handle GLOB_MAXPATH (FreeBSD)
+
+2001-04-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (do_store): call closefunc before claiming that
+ everything went ok, if the close fails the file might not have
+ been stored properly
+
+2001-03-26 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c, ftpd/popen.c: always use GLOB_LIMIT
+ * ftpd/popen.c (ftpd_popen): use GLOB_LIMIT if defined
+ * ftpd/ftpd.c (send_file_list): use GLOB_LIMIT if defined
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * ftp/cmds.c (setpeer): handle both service names and port numbers
+ for the second optional argument. also make parsing more robust
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * ftp/security.c (sec_end): only clean app_data if there is any
+ (*): do realloc consistently
+
+2001-02-05 Assar Westerlund <assar at sics.se>
+
+ * ftpd/popen.c (ftpd_popen): avoid overwriting the bounds of argv
+ and gargv
+
+2001-01-30 Assar Westerlund <assar at sics.se>
+
+ * ftpd/gss_userok.c: use gss_krb5_copy_ccache
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * ftpd/Makefile.am: move up LIB_otp so we do not end up picking
+ one from /usr/athena
+
+2001-01-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ls.c: fix bug in previous; make it easier to build test
+ version
+
+2001-01-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ls.c (lstat_file): handle case where file lives in `/'
+
+2001-01-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (pasv): close already open passive port
+
+2000-12-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ls.c: reverse time and size sort order (pointed out by
+ tege)
+
+2000-12-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c: make it possible to set list of good filename
+ characters from command line
+
+2000-12-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c: some spec-violating mirror software assumes that
+ you can do things like `LIST -CF'; don't pass `--' to ls so this
+ actually works
+
+ * ftpd/ls.c: implement -1CFx flags
+
+2000-12-08 Assar Westerlund <assar at sics.se>
+
+ * ftpd/gss_userok.c (gss_userok): handle getpwnam failing
+ * ftp/gssapi.c (gss_auth): be more explicit in error message
+
+2000-11-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.8: close list
+
+2000-11-15 Assar Westerlund <assar at sics.se>
+
+ * ftp/main.c: add `-l' for no line-editing
+ * ftp/globals.c (readline): add
+ * ftp/ftp_var.h (lineedit): add variable indicated if we should
+ use readline
+
+2000-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/security.c (sec_read): fix bug in previous (from Jacques A.
+ Vidrine <n at nectar.com>)
+
+2000-11-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpcmd.y: only allow pasv if logged in
+
+2000-10-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c: change bad filename message slightly
+
+ * common/buffer.c: HAVE_ST_BLKSIZE -> HAVE_STRUCT_STAT_ST_BLKSIZE
+
+2000-10-08 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c (*): check that fds are not too large to select on
+ * ftp/main.c (cmdscanner): print a newline upon EOF
+
+2000-09-19 Assar Westerlund <assar at sics.se>
+
+ * ftp/security.h: add some attributes to prototypes of sec*
+ * ftp/extern.h (command): add attributes
+
+2000-08-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c: change redundant password message to something
+ people can understand
+
+2000-07-27 Assar Westerlund <assar at sics.se>
+
+ * ftpd/gss_userok.c (gss_userok): only do AFS iff KRB4
+ * ftpd/ftpd.c (krb5_verify): only do AFS stuff if KRB4
+
+2000-07-07 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c: do not call setproctitle with a variable as the
+ format string
+
+2000-07-01 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd_locl.h: krb5.h before kafs.h
+ * ftpd/ftpd.c (krb5_verify): static-ize
+ * ftpd/ftpd.c (krb5_verify): conditionalize on KRB5
+
+2000-06-21 Assar Westerlund <assar at sics.se>
+
+ * ftpd: support for authenticating passwords with krb5, by Daniel
+ Kouril <kouril at ics.muni.cz>
+
+2000-06-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpcmd.y: change unix test to be negative
+
+2000-05-18 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (args): should use `debug'. From Onno van der
+ Linden <onno at simplex.nl>.
+
+2000-04-25 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c (login): re-structure code so that we prompt for
+ password for ftp/anonymous
+
+2000-04-11 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c (login): initialize tmp before calling fgets
+
+2000-04-02 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c: rename all st_mtime variables to avoid conflict with
+ #define.
+ * ftpd/ftpcmd.y: rename all st_mtime variables to avoid conflict
+ with #define.
+ * ftp/cmds.c: rename all st_mtime variables to avoid conflict with
+ #define.
+
+2000-03-26 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
+ time, ctime, and gmtime with `time_t's. there were some types
+ (like in lastlog) that we believed to always be time_t. this has
+ proven wrong on Solaris 8 in 64-bit mode, where they are stored as
+ 32-bit quantities but time_t has gone up to 64 bits
+
+2000-03-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * call list_file for broken usages of nlst too
+
+ * ftpd/ftpd.c: call list_file for broken usages of nlst too
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * ftp/security.c (sec_read): more paranoia with return value from
+ sec_get_data
+
+2000-01-08 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c (hookup): handle ai_canonname being set in any of the
+ addresses returnedby getaddrinfo. glibc apparently returns the
+ reverse lookup of every address in ai_canonname.
+ * ftp/ruserpass.c (guess_domain): dito
+
+1999-12-21 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c: don't use sa_len as a parameter, it's defined on
+ Irix
+
+1999-12-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (dataconn): make sure from points to actual data
+
+1999-12-16 Assar Westerlund <assar at sics.se>
+
+ * ftp/ruserpass.c (guess_domain): handle ai_canonname not being
+ set
+ * ftp/ftp.c (hookup): handle ai_canonname not being set
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * ftp/krb4.c (krb4_auth): the nat-IP address might not be realm
+ bounded.
+
+1999-12-05 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (dolog): update prototype
+ * ftpd/ftpd.c (dolog): use getnameinfo_verified
+ * ftpd/ftpd.c: replace inaddr2str by getnameinfo
+
+1999-12-04 Assar Westerlund <assar at sics.se>
+
+ * ftp/ruserpass.c (guess_domain): re-write to use getaddrinfo
+ * ftp/ftp.c (hookup): re-write to use getaddrinfo
+
+1999-11-30 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
+ the outgoing connections. It has to be `ftp-data' or some people
+ might get upset.
+
+ * ftpd/ftpd.c (args): set correct variable when `-l' so that
+ logging actually works
+
+1999-11-29 Assar Westerlund <assar at sics.se>
+
+ * ftp/security.c (sec_login): check return value from realloc
+ (sec_end): set app_data to NULL
+
+1999-11-25 Assar Westerlund <assar at sics.se>
+
+ * ftp/krb4.c (krb4_auth): obtain the `local' address when doing
+ NAT. also turn on passive mode. From <thn at stacken.kth.se>
+
+1999-11-20 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c (make_fileinfo): cast to allow for non-const
+ prototypes of readlink
+
+1999-11-12 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (args): use arg_counter for `l'
+
+1999-11-04 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c (S_ISSOCK, S_ISLNK): fallback definitions for systems
+ that don't have them (such as ultrix)
+
+1999-10-29 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c (make_fileinfo): cast uid's and gid's to unsigned in
+ printf, we don't know what types they might be.
+ (lstat_file): conditionalize the kafs part on KRB4
+
+ * ftpd/ftpd_locl.h: <sys/ioccom.h> is needed for kafs.h
+
+1999-10-28 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c (lstat_file): don't set st_mode, it should already be
+ correct
+
+ * ftpd/ls.c: don't use warnx to print errors
+
+ * ftpd/ls.c (builtin_ls): fix typo, 'd' shouldn't imply 'f'
+
+ * ftpd/ls.c (lstat_file): new function for avoiding stating AFS
+ mount points. From Love <lha at s3.kth.se>
+ (list_files): use `lstat_file'
+
+ * ftpd/ftpd.c: some const-poisoning
+
+ * ftpd/ftpd.c (args): add `-B' as an alias for `--builtin-ls' to
+ allow for stupid inetds that only support two arguments. From
+ Love <lha at s3.kth.se>
+
+1999-10-26 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpcmd.y (help): it's unnecessary to interpret help strings
+ as printf commands
+
+ * ftpd/ftpd.c (show_issue): don't interpret contents of
+ /etc/issue* as printf commands. From Brian A May
+ <bmay at dgs.monash.edu.au>
+
+1999-10-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/kauth.c (kauth): complain if protection level isn't
+ `private'
+
+ * ftp/krb4.c (krb4_decode): syslog failure reason
+
+ * ftp/kauth.c (kauth): set private level earlier
+
+ * ftp/security.c: get_command_prot; (sec_prot): partially match
+ `command' and `data'
+
+1999-10-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c: change `-l' flag to use arg_collect (this makes
+ `-ll' work again)
+
+ * ftpd/ftpd.c (list_file): pass filename to ls
+
+1999-10-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpcmd.y: FEAT
+
+1999-10-03 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ls.c: fall-back definitions for constans and casts for
+ printfs
+
+1999-10-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (main): make this use getarg; add `list_file'
+
+ * ftpd/ftpcmd.y (LIST): call list_file
+
+ * ftpd/ls.c: add simple built-in ls
+
+ * ftp/security.c: add `sec_vfprintf2' and `sec_fprintf2' that
+ prints to the data stream
+
+ * ftp/kauth.c (kauth): make sure we're using private protection
+ level
+
+ * ftp/security.c (set_command_prot): set command protection level
+
+ * ftp/security.c: make it possible to set the command protection
+ level with `prot'
+
+1999-09-30 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd_locl.h: add prototype for fclose to make sunos happy
+
+1999-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpd.c (do_login): show issue-file
+ (send_data): change handling of zero-byte files
+
+1999-08-18 Assar Westerlund <assar at sics.se>
+
+ * ftp/cmds.c (getit): be more suspicious when parsing the result
+ of MDTM. Do the comparison of timestamps correctly.
+
+1999-08-13 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (send_data): avoid calling mmap with `len == 0'.
+ Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
+ get grumpy later.
+
+ * ftp/ftp.c (copy_stream): avoid calling mmap with `len == 0'.
+ Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
+ get grumpy later.
+
+1999-08-03 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c (active_mode): hide failure of EPRT by setting verbose
+
+ * ftp/gssapi.c (gss_auth): initialize application_data in bindings
+
+1999-08-02 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpcmd.y: save file names when doing commands that might
+ get aborted (and longjmp:ed out of) to avoid overwriting them also
+ remove extra closing brace
+
+1999-08-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftpd/ftpcmd.y: change `site find' to `site locate' (to match
+ what it does, and other implementations) keep find as an alias
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * common/socket.c: moved to roken
+
+ * common/socket.c: new file with generic socket functions
+
+ * ftpd/ftpd.c: make it more AF-neutral and v6-capable
+
+ * ftpd/ftpcmd.y: add EPRT and EPSV
+
+ * ftpd/extern.h: update prototypes and variables
+
+ * ftp/krb4.c: update to new types of addresses
+
+ * ftp/gssapi.c: add support for both AF_INET and AF_INET6
+ addresses
+
+ * ftp/ftp.c: make it more AF-neutral and v6-capable
+
+ * ftp/extern.h (hookup): change prototype
+
+ * common/common.h: add prototypes for functions in socket.c
+
+ * common/Makefile.am (libcommon_a_SOURCES): add socket.c
+
+ * ftp/gssapi.c (gss_auth): check return value from
+ `gss_import_name' and print error messages if it fails
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * ftp/krb4.c (krb4_auth): type correctness
+
+1999-06-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * ftp/ftp.c (sendrequest): lmode != rmode
+
+1999-05-21 Assar Westerlund <assar at sics.se>
+
+ * ftp/extern.h (sendrequest): update prototype
+
+ * ftp/cmds.c: update calls to sendrequest and recvrequest to send
+ "b" when appropriate
+
+ * ftp/ftp.c (sendrequest): add argument for mode to open file in.
+
+1999-05-08 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpcmd.y: rename getline -> ftpd_getline
+
+ * ftp/main.c (makeargv): fill in unused slots with NULL
+
+Thu Apr 8 15:06:40 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/ftpd.c: remove definition of KRB_VERIFY_USER (moved to
+ config.h)
+
+Wed Apr 7 16:15:21 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftp/gssapi.c (gss_auth): call gss_display_status to get a sane
+ error message; return AUTH_{CONTINUE,ERROR}, where appropriate
+
+ * ftp/krb4.c: return AUTH_{CONTINUE,ERROR}, where appropriate
+
+ * ftp/security.c (sec_login): if mechanism returns AUTH_CONTINUE,
+ just continue with the next mechanism, this fixes the case of
+ having GSSAPI fail because of non-existant of expired tickets
+
+ * ftp/security.h: add AUTH_{OK,CONTINUE,ERROR}
+
+Thu Apr 1 16:59:04 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/Makefile.am: don't run check-local
+
+ * ftp/Makefile.am: don't run check-local
+
+Mon Mar 22 22:15:18 1999 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (pass): fall-back for KRB_VERIFY_SECURE
+
+ * ftpd/ftpd.c (pass): 1 -> KRB_VERIFY_SECURE
+
+Thu Mar 18 12:07:09 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/Makefile.am: clean ftpcmd.c
+
+ * ftpd/ftpd_locl.h: remove krb5.h (breaks in ftpcmd.y)
+
+ * ftpd/ftpd.c: move include of krb5.h here
+
+ * ftpd/Makefile.am: include Makefile.am.common
+
+ * Makefile.am: include Makefile.am.common
+
+ * ftp/Makefile.am: include Makefile.am.common
+
+ * common/Makefile.am: include Makefile.am.common
+
+Tue Mar 16 22:28:37 1999 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd_locl.h: add krb5.h to get heimdal_version
+
+ * ftpd/ftpd.c: krb_verify_user_multiple -> krb_verify_user
+
+Thu Mar 11 14:54:59 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftp/Makefile.in: WFLAGS
+
+ * ftp/ruserpass.c: add some if-braces
+
+Wed Mar 10 20:02:55 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/ftpd_locl.h: remove ifdef HAVE_FNMATCH
+
+Mon Mar 8 21:29:24 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/ftpd.c: re-add version in greeting message
+
+Mon Mar 1 10:49:38 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/logwtmp.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+Mon Feb 22 19:20:51 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * common/Makefile.in: remove glob
+
+Sat Feb 13 17:19:35 1999 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (match): remove #ifdef HAVE_FNMATCH. We have a
+ fnmatch implementation in roken and therefore always have it.
+
+ * ftp/ftp.c (copy_stream): initialize `werr'
+
+Wed Jan 13 23:52:57 1999 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpcmd.y: moved all check_login and check_login_no_guest to
+ the end of the rules to ensure we don't generate several
+ (independent) error messages. once again, having a yacc-grammar
+ for FTP with embedded actions doesn't strike me as the most
+ optimal way of doing it.
+
+Tue Dec 1 14:44:29 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * ftpd/Makefile.am: link with extra libs for aix
+
+Sun Nov 22 10:28:20 1998 Assar Westerlund <assar at sics.se>
+
+ * ftpd/ftpd.c (retrying): support on-the-fly decompression
+
+ * ftpd/Makefile.in (WFLAGS): set
+
+ * ftp/ruserpass.c (guess_domain): new function
+ (ruserpass): use it
+
+ * common/Makefile.in (WFLAGS): set
+
+ * Makefile.in (WFLAGS): set
+
+Sat Nov 21 23:13:03 1998 Assar Westerlund <assar at sics.se>
+
+ * ftp/security.c: some more type correctness.
+
+ * ftp/gssapi.c (gss_adat): more braces to shut up warnings
+
+Wed Nov 18 21:47:55 1998 Assar Westerlund <assar at sics.se>
+
+ * ftp/main.c (main): new option `-p' for enable passive mode.
+
+Mon Nov 2 01:57:49 1998 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c (getreply): remove extra `break'
+
+ * ftp/gssapi.c (gss_auth): fixo typo(copyo?)
+
+ * ftp/security.c (sec_login): fix loop and return value
+
+Tue Sep 1 16:56:42 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * ftp/cmds.c (quote1): fix % quoting bug
+
+Fri Aug 14 17:10:06 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * ftp/krb4.c: krb_put_int -> KRB_PUT_INT
+
+Tue Jun 30 18:07:15 1998 Assar Westerlund <assar at sics.se>
+
+ * ftp/security.c (auth): free `app_data'
+ (sec_end): only destroy if it was initialized
+
+Tue Jun 9 21:01:59 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * ftp/krb4.c: pass client address to krb_rd_req
+
+Sat May 16 00:02:07 1998 Assar Westerlund <assar at sics.se>
+
+ * ftpd/Makefile.am: link with DBLIB
+
+Tue May 12 14:15:32 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * ftp/gssapi.c: Save client name for userok().
+
+ * ftpd/gss_userok.c: Userok for gssapi.
+
+Fri May 1 07:15:01 1998 Assar Westerlund <assar at sics.se>
+
+ * ftp/ftp.c: unifdef -DHAVE_H_ERRNO
+
+Fri Mar 27 00:46:07 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Make compile w/o krb4.
+
+Thu Mar 26 03:49:12 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * ftp/*, ftpd/*: Changes for new framework.
+
+ * ftp/gssapi.c: GSS-API backend for the new security framework.
+
+ * ftp/krb4.c: Updated for new framework.
+
+ * ftp/security.{c,h}: New unified security framework.
Added: vendor-crypto/heimdal/dist/appl/ftp/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = common ftp ftpd
Added: vendor-crypto/heimdal/dist/appl/ftp/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,815 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+subdir = appl/ftp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SUBDIRS = common ftp ftpd
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/ftp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+noinst_LIBRARIES = libcommon.a
+
+libcommon_a_SOURCES = \
+ sockbuf.c \
+ buffer.c \
+ common.h
Added: vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/common/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,751 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = appl/ftp/common
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libcommon_a_AR = $(AR) $(ARFLAGS)
+libcommon_a_LIBADD =
+am_libcommon_a_OBJECTS = sockbuf.$(OBJEXT) buffer.$(OBJEXT)
+libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libcommon_a_SOURCES)
+DIST_SOURCES = $(libcommon_a_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_LIBRARIES = libcommon.a
+libcommon_a_SOURCES = \
+ sockbuf.c \
+ buffer.c \
+ common.h
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/common/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/ftp/common/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libcommon.a: $(libcommon_a_OBJECTS) $(libcommon_a_DEPENDENCIES)
+ -rm -f libcommon.a
+ $(libcommon_a_AR) libcommon.a $(libcommon_a_OBJECTS) $(libcommon_a_LIBADD)
+ $(RANLIB) libcommon.a
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LIBRARIES) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/ftp/common/buffer.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/common/buffer.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/common/buffer.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995-2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#include <stdio.h>
+#include <err.h>
+#include "roken.h"
+
+RCSID("$Id: buffer.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Allocate a buffer enough to handle st->st_blksize, if
+ * there is such a field, otherwise BUFSIZ.
+ */
+
+void *
+alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
+{
+ size_t new_sz;
+
+ new_sz = BUFSIZ;
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
+ if (st)
+ new_sz = max(BUFSIZ, st->st_blksize);
+#endif
+ if(new_sz > *sz) {
+ if (oldbuf)
+ free (oldbuf);
+ oldbuf = malloc (new_sz);
+ if (oldbuf == NULL) {
+ warn ("malloc");
+ *sz = 0;
+ return NULL;
+ }
+ *sz = new_sz;
+ }
+ return oldbuf;
+}
+
Added: vendor-crypto/heimdal/dist/appl/ftp/common/common.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/common/common.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/common/common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: common.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef __COMMON_H__
+#define __COMMON_H__
+
+#include "base64.h"
+
+void set_buffer_size(int, int);
+
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
+
+#endif /* __COMMON_H__ */
Added: vendor-crypto/heimdal/dist/appl/ftp/common/sockbuf.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/common/sockbuf.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/common/sockbuf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "common.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+RCSID("$Id: sockbuf.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+void
+set_buffer_size(int fd, int read)
+{
+#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT)
+ size_t size = 4194304;
+ while(size >= 131072 &&
+ setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF,
+ (void *)&size, sizeof(size)) < 0)
+ size /= 2;
+#endif
+}
+
+
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+
+bin_PROGRAMS = ftp
+
+CHECK_LOCAL =
+
+if KRB4
+krb4_sources = krb4.c
+endif
+if KRB5
+krb5_sources = gssapi.c
+endif
+
+ftp_SOURCES = \
+ cmds.c \
+ cmdtab.c \
+ extern.h \
+ ftp.c \
+ ftp_locl.h \
+ ftp_var.h \
+ main.c \
+ pathnames.h \
+ ruserpass.c \
+ domacro.c \
+ globals.c \
+ security.c \
+ security.h \
+ kauth.c \
+ $(krb4_sources) \
+ $(krb5_sources)
+
+EXTRA_ftp_SOURCES = krb4.c gssapi.c
+
+man_MANS = ftp.1
+
+LDADD = \
+ ../common/libcommon.a \
+ $(LIB_gssapi) \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(LIB_readline)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,869 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = ftp$(EXEEXT)
+subdir = appl/ftp/ftp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am__ftp_SOURCES_DIST = cmds.c cmdtab.c extern.h ftp.c ftp_locl.h \
+ ftp_var.h main.c pathnames.h ruserpass.c domacro.c globals.c \
+ security.c security.h kauth.c krb4.c gssapi.c
+ at KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT)
+ at KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT)
+am_ftp_OBJECTS = cmds.$(OBJEXT) cmdtab.$(OBJEXT) ftp.$(OBJEXT) \
+ main.$(OBJEXT) ruserpass.$(OBJEXT) domacro.$(OBJEXT) \
+ globals.$(OBJEXT) security.$(OBJEXT) kauth.$(OBJEXT) \
+ $(am__objects_1) $(am__objects_2)
+ftp_OBJECTS = $(am_ftp_OBJECTS)
+ftp_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+ftp_DEPENDENCIES = ../common/libcommon.a $(LIB_gssapi) $(LIB_krb5) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES)
+DIST_SOURCES = $(am__ftp_SOURCES_DIST) $(EXTRA_ftp_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) \
+ $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CHECK_LOCAL =
+ at KRB4_TRUE@krb4_sources = krb4.c
+ at KRB5_TRUE@krb5_sources = gssapi.c
+ftp_SOURCES = \
+ cmds.c \
+ cmdtab.c \
+ extern.h \
+ ftp.c \
+ ftp_locl.h \
+ ftp_var.h \
+ main.c \
+ pathnames.h \
+ ruserpass.c \
+ domacro.c \
+ globals.c \
+ security.c \
+ security.h \
+ kauth.c \
+ $(krb4_sources) \
+ $(krb5_sources)
+
+EXTRA_ftp_SOURCES = krb4.c gssapi.c
+man_MANS = ftp.1
+LDADD = \
+ ../common/libcommon.a \
+ $(LIB_gssapi) \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(LIB_readline)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftp/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+ftp$(EXEEXT): $(ftp_OBJECTS) $(ftp_DEPENDENCIES)
+ @rm -f ftp$(EXEEXT)
+ $(LINK) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-hook \
+ uninstall-man uninstall-man1
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/cmds.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/cmds.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/cmds.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2143 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FTP User Program -- Command Routines.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: cmds.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+typedef void (*sighand)(int);
+
+jmp_buf jabort;
+char *mname;
+char *home = "/";
+
+/*
+ * `Another' gets another argument, and stores the new argc and argv.
+ * It reverts to the top level (via main.c's intr()) on EOF/error.
+ *
+ * Returns false if no new arguments have been added.
+ */
+int
+another(int *pargc, char ***pargv, char *prompt)
+{
+ int len = strlen(line), ret;
+
+ if (len >= sizeof(line) - 3) {
+ printf("sorry, arguments too long\n");
+ intr(0);
+ }
+ printf("(%s) ", prompt);
+ line[len++] = ' ';
+ if (fgets(&line[len], sizeof(line) - len, stdin) == NULL)
+ intr(0);
+ len += strlen(&line[len]);
+ if (len > 0 && line[len - 1] == '\n')
+ line[len - 1] = '\0';
+ makeargv();
+ ret = margc > *pargc;
+ *pargc = margc;
+ *pargv = margv;
+ return (ret);
+}
+
+/*
+ * Connect to peer server and
+ * auto-login, if possible.
+ */
+void
+setpeer(int argc, char **argv)
+{
+ char *host;
+ u_short port;
+ struct servent *sp;
+
+ if (connected) {
+ printf("Already connected to %s, use close first.\n",
+ hostname);
+ code = -1;
+ return;
+ }
+ if (argc < 2)
+ another(&argc, &argv, "to");
+ if (argc < 2 || argc > 3) {
+ printf("usage: %s host-name [port]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ sp = getservbyname("ftp", "tcp");
+ if (sp == NULL)
+ errx(1, "You bastard. You removed ftp/tcp from services");
+ port = sp->s_port;
+ if (argc > 2) {
+ sp = getservbyname(argv[2], "tcp");
+ if (sp != NULL) {
+ port = sp->s_port;
+ } else {
+ char *ep;
+
+ port = strtol(argv[2], &ep, 0);
+ if (argv[2] == ep) {
+ printf("%s: bad port number-- %s\n",
+ argv[1], argv[2]);
+ printf ("usage: %s host-name [port]\n",
+ argv[0]);
+ code = -1;
+ return;
+ }
+ port = htons(port);
+ }
+ }
+ host = hookup(argv[1], port);
+ if (host) {
+ int overbose;
+
+ connected = 1;
+ /*
+ * Set up defaults for FTP.
+ */
+ strlcpy(typename, "ascii", sizeof(typename));
+ type = TYPE_A;
+ curtype = TYPE_A;
+ strlcpy(formname, "non-print", sizeof(formname));
+ form = FORM_N;
+ strlcpy(modename, "stream", sizeof(modename));
+ mode = MODE_S;
+ strlcpy(structname, "file", sizeof(structname));
+ stru = STRU_F;
+ strlcpy(bytename, "8", sizeof(bytename));
+ bytesize = 8;
+ if (autologin)
+ login(argv[1]);
+
+#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) || defined(__NetBSD__) || defined(__APPLE__)) && NBBY == 8
+/*
+ * this ifdef is to keep someone form "porting" this to an incompatible
+ * system and not checking this out. This way they have to think about it.
+ */
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+ if (command("SYST") == COMPLETE && overbose && strlen(reply_string) > 4) {
+ char *cp, *p;
+
+ cp = strdup(reply_string + 4);
+ if (cp == NULL)
+ errx(1, "strdup: out of memory");
+ p = strchr(cp, ' ');
+ if (p == NULL)
+ p = strchr(cp, '\r');
+ if (p) {
+ if (p[-1] == '.')
+ p--;
+ *p = '\0';
+ }
+
+ printf("Remote system type is %s.\n", cp);
+ free(cp);
+ }
+ if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
+ if (proxy)
+ unix_proxy = 1;
+ else
+ unix_server = 1;
+ /*
+ * Set type to 0 (not specified by user),
+ * meaning binary by default, but don't bother
+ * telling server. We can use binary
+ * for text files unless changed by the user.
+ */
+ type = 0;
+ strlcpy(typename, "binary", sizeof(typename));
+ if (overbose)
+ printf("Using %s mode to transfer files.\n",
+ typename);
+ } else {
+ if (proxy)
+ unix_proxy = 0;
+ else
+ unix_server = 0;
+ if (overbose &&
+ !strncmp(reply_string, "215 TOPS20", 10))
+ printf(
+"Remember to set tenex mode when transfering binary files from this machine.\n");
+ }
+ verbose = overbose;
+#endif /* unix */
+ }
+}
+
+struct types {
+ char *t_name;
+ char *t_mode;
+ int t_type;
+ char *t_arg;
+} types[] = {
+ { "ascii", "A", TYPE_A, 0 },
+ { "binary", "I", TYPE_I, 0 },
+ { "image", "I", TYPE_I, 0 },
+ { "ebcdic", "E", TYPE_E, 0 },
+ { "tenex", "L", TYPE_L, bytename },
+ { NULL }
+};
+
+/*
+ * Set transfer type.
+ */
+void
+settype(int argc, char **argv)
+{
+ struct types *p;
+ int comret;
+
+ if (argc > 2) {
+ char *sep;
+
+ printf("usage: %s [", argv[0]);
+ sep = " ";
+ for (p = types; p->t_name; p++) {
+ printf("%s%s", sep, p->t_name);
+ sep = " | ";
+ }
+ printf(" ]\n");
+ code = -1;
+ return;
+ }
+ if (argc < 2) {
+ printf("Using %s mode to transfer files.\n", typename);
+ code = 0;
+ return;
+ }
+ for (p = types; p->t_name; p++)
+ if (strcmp(argv[1], p->t_name) == 0)
+ break;
+ if (p->t_name == 0) {
+ printf("%s: unknown mode\n", argv[1]);
+ code = -1;
+ return;
+ }
+ if ((p->t_arg != NULL) && (*(p->t_arg) != '\0'))
+ comret = command ("TYPE %s %s", p->t_mode, p->t_arg);
+ else
+ comret = command("TYPE %s", p->t_mode);
+ if (comret == COMPLETE) {
+ strlcpy(typename, p->t_name, sizeof(typename));
+ curtype = type = p->t_type;
+ }
+}
+
+/*
+ * Internal form of settype; changes current type in use with server
+ * without changing our notion of the type for data transfers.
+ * Used to change to and from ascii for listings.
+ */
+void
+changetype(int newtype, int show)
+{
+ struct types *p;
+ int comret, oldverbose = verbose;
+
+ if (newtype == 0)
+ newtype = TYPE_I;
+ if (newtype == curtype)
+ return;
+ if (debug == 0 && show == 0)
+ verbose = 0;
+ for (p = types; p->t_name; p++)
+ if (newtype == p->t_type)
+ break;
+ if (p->t_name == 0) {
+ printf("ftp: internal error: unknown type %d\n", newtype);
+ return;
+ }
+ if (newtype == TYPE_L && bytename[0] != '\0')
+ comret = command("TYPE %s %s", p->t_mode, bytename);
+ else
+ comret = command("TYPE %s", p->t_mode);
+ if (comret == COMPLETE)
+ curtype = newtype;
+ verbose = oldverbose;
+}
+
+char *stype[] = {
+ "type",
+ "",
+ 0
+};
+
+/*
+ * Set binary transfer type.
+ */
+/*VARARGS*/
+void
+setbinary(int argc, char **argv)
+{
+
+ stype[1] = "binary";
+ settype(2, stype);
+}
+
+/*
+ * Set ascii transfer type.
+ */
+/*VARARGS*/
+void
+setascii(int argc, char **argv)
+{
+
+ stype[1] = "ascii";
+ settype(2, stype);
+}
+
+/*
+ * Set tenex transfer type.
+ */
+/*VARARGS*/
+void
+settenex(int argc, char **argv)
+{
+
+ stype[1] = "tenex";
+ settype(2, stype);
+}
+
+/*
+ * Set file transfer mode.
+ */
+/*ARGSUSED*/
+void
+setftmode(int argc, char **argv)
+{
+
+ printf("We only support %s mode, sorry.\n", modename);
+ code = -1;
+}
+
+/*
+ * Set file transfer format.
+ */
+/*ARGSUSED*/
+void
+setform(int argc, char **argv)
+{
+
+ printf("We only support %s format, sorry.\n", formname);
+ code = -1;
+}
+
+/*
+ * Set file transfer structure.
+ */
+/*ARGSUSED*/
+void
+setstruct(int argc, char **argv)
+{
+
+ printf("We only support %s structure, sorry.\n", structname);
+ code = -1;
+}
+
+/*
+ * Send a single file.
+ */
+void
+put(int argc, char **argv)
+{
+ char *cmd;
+ int loc = 0;
+ char *oldargv1, *oldargv2;
+
+ if (argc == 2) {
+ argc++;
+ argv[2] = argv[1];
+ loc++;
+ }
+ if (argc < 2 && !another(&argc, &argv, "local-file"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "remote-file")) {
+usage:
+ printf("usage: %s local-file remote-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ oldargv1 = argv[1];
+ oldargv2 = argv[2];
+ if (!globulize(&argv[1])) {
+ code = -1;
+ return;
+ }
+ /*
+ * If "globulize" modifies argv[1], and argv[2] is a copy of
+ * the old argv[1], make it a copy of the new argv[1].
+ */
+ if (argv[1] != oldargv1 && argv[2] == oldargv1) {
+ argv[2] = argv[1];
+ }
+ cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR");
+ if (loc && ntflag) {
+ argv[2] = dotrans(argv[2]);
+ }
+ if (loc && mapflag) {
+ argv[2] = domap(argv[2]);
+ }
+ sendrequest(cmd, argv[1], argv[2],
+ curtype == TYPE_I ? "rb" : "r",
+ argv[1] != oldargv1 || argv[2] != oldargv2);
+}
+
+/* ARGSUSED */
+static RETSIGTYPE
+mabort(int signo)
+{
+ int ointer;
+
+ printf("\n");
+ fflush(stdout);
+ if (mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with", mname)) {
+ interactive = ointer;
+ longjmp(jabort,0);
+ }
+ interactive = ointer;
+ }
+ mflag = 0;
+ longjmp(jabort,0);
+}
+
+/*
+ * Send multiple files.
+ */
+void
+mput(int argc, char **argv)
+{
+ int i;
+ RETSIGTYPE (*oldintr)(int);
+ int ointer;
+ char *tp;
+
+ if (argc < 2 && !another(&argc, &argv, "local-files")) {
+ printf("usage: %s local-files\n", argv[0]);
+ code = -1;
+ return;
+ }
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ if (proxy) {
+ char *cp, *tp2, tmpbuf[MaxPathLen];
+
+ while ((cp = remglob(argv,0)) != NULL) {
+ if (*cp == 0) {
+ mflag = 0;
+ continue;
+ }
+ if (mflag && confirm(argv[0], cp)) {
+ tp = cp;
+ if (mcase) {
+ while (*tp && !islower((unsigned char)*tp)) {
+ tp++;
+ }
+ if (!*tp) {
+ tp = cp;
+ tp2 = tmpbuf;
+ while ((*tp2 = *tp) != '\0') {
+ if (isupper((unsigned char)*tp2)) {
+ *tp2 = 'a' + *tp2 - 'A';
+ }
+ tp++;
+ tp2++;
+ }
+ }
+ tp = tmpbuf;
+ }
+ if (ntflag) {
+ tp = dotrans(tp);
+ }
+ if (mapflag) {
+ tp = domap(tp);
+ }
+ sendrequest((sunique) ? "STOU" : "STOR",
+ cp, tp,
+ curtype == TYPE_I ? "rb" : "r",
+ cp != tp || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mput")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+ return;
+ }
+ for (i = 1; i < argc; i++) {
+ char **cpp;
+ glob_t gl;
+ int flags;
+
+ if (!doglob) {
+ if (mflag && confirm(argv[0], argv[i])) {
+ tp = (ntflag) ? dotrans(argv[i]) : argv[i];
+ tp = (mapflag) ? domap(tp) : tp;
+ sendrequest((sunique) ? "STOU" : "STOR",
+ argv[i],
+ curtype == TYPE_I ? "rb" : "r",
+ tp, tp != argv[i] || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mput")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ continue;
+ }
+
+ memset(&gl, 0, sizeof(gl));
+ flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
+ warnx("%s: not found", argv[i]);
+ globfree(&gl);
+ continue;
+ }
+ for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
+ if (mflag && confirm(argv[0], *cpp)) {
+ tp = (ntflag) ? dotrans(*cpp) : *cpp;
+ tp = (mapflag) ? domap(tp) : tp;
+ sendrequest((sunique) ? "STOU" : "STOR",
+ *cpp, tp,
+ curtype == TYPE_I ? "rb" : "r",
+ *cpp != tp || !interactive);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mput")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ globfree(&gl);
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+}
+
+void
+reget(int argc, char **argv)
+{
+ getit(argc, argv, 1, curtype == TYPE_I ? "r+wb" : "r+w");
+}
+
+void
+get(int argc, char **argv)
+{
+ char *filemode;
+
+ if (restart_point) {
+ if (curtype == TYPE_I)
+ filemode = "r+wb";
+ else
+ filemode = "r+w";
+ } else {
+ if (curtype == TYPE_I)
+ filemode = "wb";
+ else
+ filemode = "w";
+ }
+
+ getit(argc, argv, 0, filemode);
+}
+
+/*
+ * Receive one file.
+ */
+int
+getit(int argc, char **argv, int restartit, char *filemode)
+{
+ int loc = 0;
+ int local_given = 1;
+ char *oldargv1, *oldargv2;
+
+ if (argc == 2) {
+ argc++;
+ local_given = 0;
+ argv[2] = argv[1];
+ loc++;
+ }
+ if ((argc < 2 && !another(&argc, &argv, "remote-file")) ||
+ (argc < 3 && !another(&argc, &argv, "local-file"))) {
+ printf("usage: %s remote-file [ local-file ]\n", argv[0]);
+ code = -1;
+ return (0);
+ }
+ oldargv1 = argv[1];
+ oldargv2 = argv[2];
+ if (!globulize(&argv[2])) {
+ code = -1;
+ return (0);
+ }
+ if (loc && mcase) {
+ char *tp = argv[1], *tp2, tmpbuf[MaxPathLen];
+
+ while (*tp && !islower((unsigned char)*tp)) {
+ tp++;
+ }
+ if (!*tp) {
+ tp = argv[2];
+ tp2 = tmpbuf;
+ while ((*tp2 = *tp) != '\0') {
+ if (isupper((unsigned char)*tp2)) {
+ *tp2 = 'a' + *tp2 - 'A';
+ }
+ tp++;
+ tp2++;
+ }
+ argv[2] = tmpbuf;
+ }
+ }
+ if (loc && ntflag)
+ argv[2] = dotrans(argv[2]);
+ if (loc && mapflag)
+ argv[2] = domap(argv[2]);
+ if (restartit) {
+ struct stat stbuf;
+ int ret;
+
+ ret = stat(argv[2], &stbuf);
+ if (restartit == 1) {
+ if (ret < 0) {
+ warn("local: %s", argv[2]);
+ return (0);
+ }
+ restart_point = stbuf.st_size;
+ } else if (ret == 0) {
+ int overbose;
+ int cmdret;
+ int yy, mo, day, hour, min, sec;
+ struct tm *tm;
+ time_t mtime = stbuf.st_mtime;
+
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+ cmdret = command("MDTM %s", argv[1]);
+ verbose = overbose;
+ if (cmdret != COMPLETE) {
+ printf("%s\n", reply_string);
+ return (0);
+ }
+ if (sscanf(reply_string,
+ "%*s %04d%02d%02d%02d%02d%02d",
+ &yy, &mo, &day, &hour, &min, &sec)
+ != 6) {
+ printf ("bad MDTM result\n");
+ return (0);
+ }
+
+ tm = gmtime(&mtime);
+ tm->tm_mon++;
+ tm->tm_year += 1900;
+
+ if ((tm->tm_year > yy) ||
+ (tm->tm_year == yy &&
+ tm->tm_mon > mo) ||
+ (tm->tm_mon == mo &&
+ tm->tm_mday > day) ||
+ (tm->tm_mday == day &&
+ tm->tm_hour > hour) ||
+ (tm->tm_hour == hour &&
+ tm->tm_min > min) ||
+ (tm->tm_min == min &&
+ tm->tm_sec > sec))
+ return (1);
+ }
+ }
+
+ recvrequest("RETR", argv[2], argv[1], filemode,
+ argv[1] != oldargv1 || argv[2] != oldargv2, local_given);
+ restart_point = 0;
+ return (0);
+}
+
+static int
+suspicious_filename(const char *fn)
+{
+ return strstr(fn, "../") != NULL || *fn == '/';
+}
+
+/*
+ * Get multiple files.
+ */
+void
+mget(int argc, char **argv)
+{
+ sighand oldintr;
+ int ch, ointer;
+ char *cp, *tp, *tp2, tmpbuf[MaxPathLen];
+
+ if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+ printf("usage: %s remote-files\n", argv[0]);
+ code = -1;
+ return;
+ }
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ while ((cp = remglob(argv,proxy)) != NULL) {
+ if (*cp == '\0') {
+ mflag = 0;
+ continue;
+ }
+ if (mflag && suspicious_filename(cp))
+ printf("*** Suspicious filename: %s\n", cp);
+ if (mflag && confirm(argv[0], cp)) {
+ tp = cp;
+ if (mcase) {
+ for (tp2 = tmpbuf;(ch = (unsigned char)*tp++);)
+ *tp2++ = tolower(ch);
+ *tp2 = '\0';
+ tp = tmpbuf;
+ }
+ if (ntflag) {
+ tp = dotrans(tp);
+ }
+ if (mapflag) {
+ tp = domap(tp);
+ }
+ recvrequest("RETR", tp, cp,
+ curtype == TYPE_I ? "wb" : "w",
+ tp != cp || !interactive, 0);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with","mget")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ signal(SIGINT,oldintr);
+ mflag = 0;
+}
+
+char *
+remglob(char **argv, int doswitch)
+{
+ char temp[16];
+ static char buf[MaxPathLen];
+ static FILE *ftemp = NULL;
+ static char **args;
+ int oldverbose, oldhash;
+ char *cp, *filemode;
+
+ if (!mflag) {
+ if (!doglob) {
+ args = NULL;
+ }
+ else {
+ if (ftemp) {
+ fclose(ftemp);
+ ftemp = NULL;
+ }
+ }
+ return (NULL);
+ }
+ if (!doglob) {
+ if (args == NULL)
+ args = argv;
+ if ((cp = *++args) == NULL)
+ args = NULL;
+ return (cp);
+ }
+ if (ftemp == NULL) {
+ int fd;
+ strlcpy(temp, _PATH_TMP_XXX, sizeof(temp));
+ fd = mkstemp(temp);
+ if(fd < 0){
+ warn("unable to create temporary file %s", temp);
+ return NULL;
+ }
+ close(fd);
+ oldverbose = verbose, verbose = 0;
+ oldhash = hash, hash = 0;
+ if (doswitch) {
+ pswitch(!proxy);
+ }
+ for (filemode = "w"; *++argv != NULL; filemode = "a")
+ recvrequest ("NLST", temp, *argv, filemode, 0, 0);
+ if (doswitch) {
+ pswitch(!proxy);
+ }
+ verbose = oldverbose; hash = oldhash;
+ ftemp = fopen(temp, "r");
+ unlink(temp);
+ if (ftemp == NULL) {
+ printf("can't find list of remote files, oops\n");
+ return (NULL);
+ }
+ }
+ while(fgets(buf, sizeof (buf), ftemp)) {
+ if ((cp = strchr(buf, '\n')) != NULL)
+ *cp = '\0';
+ if(!interactive && suspicious_filename(buf)){
+ printf("Ignoring remote globbed file `%s'\n", buf);
+ continue;
+ }
+ return buf;
+ }
+ fclose(ftemp);
+ ftemp = NULL;
+ return (NULL);
+}
+
+char *
+onoff(int bool)
+{
+
+ return (bool ? "on" : "off");
+}
+
+/*
+ * Show status.
+ */
+/*ARGSUSED*/
+void
+status(int argc, char **argv)
+{
+ int i;
+
+ if (connected)
+ printf("Connected to %s.\n", hostname);
+ else
+ printf("Not connected.\n");
+ if (!proxy) {
+ pswitch(1);
+ if (connected) {
+ printf("Connected for proxy commands to %s.\n", hostname);
+ }
+ else {
+ printf("No proxy connection.\n");
+ }
+ pswitch(0);
+ }
+ sec_status();
+ printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
+ modename, typename, formname, structname);
+ printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n",
+ onoff(verbose), onoff(bell), onoff(interactive),
+ onoff(doglob));
+ printf("Store unique: %s; Receive unique: %s\n", onoff(sunique),
+ onoff(runique));
+ printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag));
+ if (ntflag) {
+ printf("Ntrans: (in) %s (out) %s\n", ntin,ntout);
+ }
+ else {
+ printf("Ntrans: off\n");
+ }
+ if (mapflag) {
+ printf("Nmap: (in) %s (out) %s\n", mapin, mapout);
+ }
+ else {
+ printf("Nmap: off\n");
+ }
+ printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
+ onoff(hash), onoff(sendport));
+ if (macnum > 0) {
+ printf("Macros:\n");
+ for (i=0; i<macnum; i++) {
+ printf("\t%s\n",macros[i].mac_name);
+ }
+ }
+ code = 0;
+}
+
+/*
+ * Set beep on cmd completed mode.
+ */
+/*VARARGS*/
+void
+setbell(int argc, char **argv)
+{
+
+ bell = !bell;
+ printf("Bell mode %s.\n", onoff(bell));
+ code = bell;
+}
+
+/*
+ * Turn on packet tracing.
+ */
+/*VARARGS*/
+void
+settrace(int argc, char **argv)
+{
+
+ trace = !trace;
+ printf("Packet tracing %s.\n", onoff(trace));
+ code = trace;
+}
+
+/*
+ * Toggle hash mark printing during transfers.
+ */
+/*VARARGS*/
+void
+sethash(int argc, char **argv)
+{
+
+ hash = !hash;
+ printf("Hash mark printing %s", onoff(hash));
+ code = hash;
+ if (hash)
+ printf(" (%d bytes/hash mark)", 1024);
+ printf(".\n");
+}
+
+/*
+ * Turn on printing of server echo's.
+ */
+/*VARARGS*/
+void
+setverbose(int argc, char **argv)
+{
+
+ verbose = !verbose;
+ printf("Verbose mode %s.\n", onoff(verbose));
+ code = verbose;
+}
+
+/*
+ * Toggle PORT cmd use before each data connection.
+ */
+/*VARARGS*/
+void
+setport(int argc, char **argv)
+{
+
+ sendport = !sendport;
+ printf("Use of PORT cmds %s.\n", onoff(sendport));
+ code = sendport;
+}
+
+/*
+ * Turn on interactive prompting
+ * during mget, mput, and mdelete.
+ */
+/*VARARGS*/
+void
+setprompt(int argc, char **argv)
+{
+
+ interactive = !interactive;
+ printf("Interactive mode %s.\n", onoff(interactive));
+ code = interactive;
+}
+
+/*
+ * Toggle metacharacter interpretation
+ * on local file names.
+ */
+/*VARARGS*/
+void
+setglob(int argc, char **argv)
+{
+
+ doglob = !doglob;
+ printf("Globbing %s.\n", onoff(doglob));
+ code = doglob;
+}
+
+/*
+ * Set debugging mode on/off and/or
+ * set level of debugging.
+ */
+/*VARARGS*/
+void
+setdebug(int argc, char **argv)
+{
+ int val;
+
+ if (argc > 1) {
+ val = atoi(argv[1]);
+ if (val < 0) {
+ printf("%s: bad debugging value.\n", argv[1]);
+ code = -1;
+ return;
+ }
+ } else
+ val = !debug;
+ debug = val;
+ if (debug)
+ options |= SO_DEBUG;
+ else
+ options &= ~SO_DEBUG;
+ printf("Debugging %s (debug=%d).\n", onoff(debug), debug);
+ code = debug > 0;
+}
+
+/*
+ * Set current working directory
+ * on remote machine.
+ */
+void
+cd(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "remote-directory")) {
+ printf("usage: %s remote-directory\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("CWD %s", argv[1]) == ERROR && code == 500) {
+ if (verbose)
+ printf("CWD command not recognized, trying XCWD\n");
+ command("XCWD %s", argv[1]);
+ }
+}
+
+/*
+ * Set current working directory
+ * on local machine.
+ */
+void
+lcd(int argc, char **argv)
+{
+ char buf[MaxPathLen];
+
+ if (argc < 2)
+ argc++, argv[1] = home;
+ if (argc != 2) {
+ printf("usage: %s local-directory\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (!globulize(&argv[1])) {
+ code = -1;
+ return;
+ }
+ if (chdir(argv[1]) < 0) {
+ warn("local: %s", argv[1]);
+ code = -1;
+ return;
+ }
+ if (getcwd(buf, sizeof(buf)) != NULL)
+ printf("Local directory now %s\n", buf);
+ else
+ warnx("getwd: %s", buf);
+ code = 0;
+}
+
+/*
+ * Delete a single file.
+ */
+void
+delete(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "remote-file")) {
+ printf("usage: %s remote-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ command("DELE %s", argv[1]);
+}
+
+/*
+ * Delete multiple files.
+ */
+void
+mdelete(int argc, char **argv)
+{
+ sighand oldintr;
+ int ointer;
+ char *cp;
+
+ if (argc < 2 && !another(&argc, &argv, "remote-files")) {
+ printf("usage: %s remote-files\n", argv[0]);
+ code = -1;
+ return;
+ }
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ while ((cp = remglob(argv,0)) != NULL) {
+ if (*cp == '\0') {
+ mflag = 0;
+ continue;
+ }
+ if (mflag && confirm(argv[0], cp)) {
+ command("DELE %s", cp);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with", "mdelete")) {
+ mflag++;
+ }
+ interactive = ointer;
+ }
+ }
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+}
+
+/*
+ * Rename a remote file.
+ */
+void
+renamefile(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "from-name"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "to-name")) {
+usage:
+ printf("%s from-name to-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("RNFR %s", argv[1]) == CONTINUE)
+ command("RNTO %s", argv[2]);
+}
+
+/*
+ * Get a directory listing
+ * of remote files.
+ */
+void
+ls(int argc, char **argv)
+{
+ char *cmd;
+
+ if (argc < 2)
+ argc++, argv[1] = NULL;
+ if (argc < 3)
+ argc++, argv[2] = "-";
+ if (argc > 3) {
+ printf("usage: %s remote-directory local-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ cmd = argv[0][0] == 'n' ? "NLST" : "LIST";
+ if (strcmp(argv[2], "-") && !globulize(&argv[2])) {
+ code = -1;
+ return;
+ }
+ if (strcmp(argv[2], "-") && *argv[2] != '|')
+ if (!globulize(&argv[2]) || !confirm("output to local-file:",
+ argv[2])) {
+ code = -1;
+ return;
+ }
+ recvrequest(cmd, argv[2], argv[1], "w", 0, 1);
+}
+
+/*
+ * Get a directory listing
+ * of multiple remote files.
+ */
+void
+mls(int argc, char **argv)
+{
+ sighand oldintr;
+ int ointer, i;
+ char *cmd, filemode[2], *dest;
+
+ if (argc < 2 && !another(&argc, &argv, "remote-files"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "local-file")) {
+usage:
+ printf("usage: %s remote-files local-file\n", argv[0]);
+ code = -1;
+ return;
+ }
+ dest = argv[argc - 1];
+ argv[argc - 1] = NULL;
+ if (strcmp(dest, "-") && *dest != '|')
+ if (!globulize(&dest) ||
+ !confirm("output to local-file:", dest)) {
+ code = -1;
+ return;
+ }
+ cmd = argv[0][1] == 'l' ? "NLST" : "LIST";
+ mname = argv[0];
+ mflag = 1;
+ oldintr = signal(SIGINT, mabort);
+ setjmp(jabort);
+ filemode[1] = '\0';
+ for (i = 1; mflag && i < argc-1; ++i) {
+ *filemode = (i == 1) ? 'w' : 'a';
+ recvrequest(cmd, dest, argv[i], filemode, 0, 1);
+ if (!mflag && fromatty) {
+ ointer = interactive;
+ interactive = 1;
+ if (confirm("Continue with", argv[0])) {
+ mflag ++;
+ }
+ interactive = ointer;
+ }
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+}
+
+/*
+ * Do a shell escape
+ */
+/*ARGSUSED*/
+void
+shell(int argc, char **argv)
+{
+ pid_t pid;
+ RETSIGTYPE (*old1)(int), (*old2)(int);
+ char shellnam[40], *shellpath, *namep;
+ int waitstatus;
+
+ old1 = signal (SIGINT, SIG_IGN);
+ old2 = signal (SIGQUIT, SIG_IGN);
+ if ((pid = fork()) == 0) {
+ for (pid = 3; pid < 20; pid++)
+ close(pid);
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ shellpath = getenv("SHELL");
+ if (shellpath == NULL)
+ shellpath = _PATH_BSHELL;
+ namep = strrchr(shellpath, '/');
+ if (namep == NULL)
+ namep = shellpath;
+ snprintf (shellnam, sizeof(shellnam),
+ "-%s", ++namep);
+ if (strcmp(namep, "sh") != 0)
+ shellnam[0] = '+';
+ if (debug) {
+ printf ("%s\n", shellpath);
+ fflush (stdout);
+ }
+ if (argc > 1) {
+ execl(shellpath,shellnam,"-c",altarg,(char *)0);
+ }
+ else {
+ execl(shellpath,shellnam,(char *)0);
+ }
+ warn("%s", shellpath);
+ code = -1;
+ exit(1);
+ }
+ if (pid > 0)
+ while (waitpid(-1, &waitstatus, 0) != pid)
+ ;
+ signal(SIGINT, old1);
+ signal(SIGQUIT, old2);
+ if (pid == -1) {
+ warn("%s", "Try again later");
+ code = -1;
+ }
+ else {
+ code = 0;
+ }
+}
+
+/*
+ * Send new user information (re-login)
+ */
+void
+user(int argc, char **argv)
+{
+ char acctstr[80];
+ int n, aflag = 0;
+ char tmp[256];
+
+ if (argc < 2)
+ another(&argc, &argv, "username");
+ if (argc < 2 || argc > 4) {
+ printf("usage: %s username [password] [account]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ n = command("USER %s", argv[1]);
+ if (n == CONTINUE) {
+ if (argc < 3 ) {
+ UI_UTIL_read_pw_string (tmp,
+ sizeof(tmp),
+ "Password: ", 0);
+ argv[2] = tmp;
+ argc++;
+ }
+ n = command("PASS %s", argv[2]);
+ }
+ if (n == CONTINUE) {
+ if (argc < 4) {
+ printf("Account: "); fflush(stdout);
+ fgets(acctstr, sizeof(acctstr) - 1, stdin);
+ acctstr[strcspn(acctstr, "\r\n")] = '\0';
+ argv[3] = acctstr; argc++;
+ }
+ n = command("ACCT %s", argv[3]);
+ aflag++;
+ }
+ if (n != COMPLETE) {
+ fprintf(stdout, "Login failed.\n");
+ return;
+ }
+ if (!aflag && argc == 4) {
+ command("ACCT %s", argv[3]);
+ }
+}
+
+/*
+ * Print working directory.
+ */
+/*VARARGS*/
+void
+pwd(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ /*
+ * If we aren't verbose, this doesn't do anything!
+ */
+ verbose = 1;
+ if (command("PWD") == ERROR && code == 500) {
+ printf("PWD command not recognized, trying XPWD\n");
+ command("XPWD");
+ }
+ verbose = oldverbose;
+}
+
+/*
+ * Make a directory.
+ */
+void
+makedir(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "directory-name")) {
+ printf("usage: %s directory-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("MKD %s", argv[1]) == ERROR && code == 500) {
+ if (verbose)
+ printf("MKD command not recognized, trying XMKD\n");
+ command("XMKD %s", argv[1]);
+ }
+}
+
+/*
+ * Remove a directory.
+ */
+void
+removedir(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "directory-name")) {
+ printf("usage: %s directory-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if (command("RMD %s", argv[1]) == ERROR && code == 500) {
+ if (verbose)
+ printf("RMD command not recognized, trying XRMD\n");
+ command("XRMD %s", argv[1]);
+ }
+}
+
+/*
+ * Send a line, verbatim, to the remote machine.
+ */
+void
+quote(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "command line to send")) {
+ printf("usage: %s line-to-send\n", argv[0]);
+ code = -1;
+ return;
+ }
+ quote1("", argc, argv);
+}
+
+/*
+ * Send a SITE command to the remote machine. The line
+ * is sent verbatim to the remote machine, except that the
+ * word "SITE" is added at the front.
+ */
+void
+site(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) {
+ printf("usage: %s line-to-send\n", argv[0]);
+ code = -1;
+ return;
+ }
+ quote1("SITE ", argc, argv);
+}
+
+/*
+ * Turn argv[1..argc) into a space-separated string, then prepend initial text.
+ * Send the result as a one-line command and get response.
+ */
+void
+quote1(char *initial, int argc, char **argv)
+{
+ int i;
+ char buf[BUFSIZ]; /* must be >= sizeof(line) */
+
+ strlcpy(buf, initial, sizeof(buf));
+ for(i = 1; i < argc; i++) {
+ if(i > 1)
+ strlcat(buf, " ", sizeof(buf));
+ strlcat(buf, argv[i], sizeof(buf));
+ }
+ if (command("%s", buf) == PRELIM) {
+ while (getreply(0) == PRELIM)
+ continue;
+ }
+}
+
+void
+do_chmod(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "mode"))
+ goto usage;
+ if (argc < 3 && !another(&argc, &argv, "file-name")) {
+usage:
+ printf("usage: %s mode file-name\n", argv[0]);
+ code = -1;
+ return;
+ }
+ command("SITE CHMOD %s %s", argv[1], argv[2]);
+}
+
+void
+do_umask(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ verbose = 1;
+ command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]);
+ verbose = oldverbose;
+}
+
+void
+ftp_idle(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ verbose = 1;
+ command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]);
+ verbose = oldverbose;
+}
+
+/*
+ * Ask the other side for help.
+ */
+void
+rmthelp(int argc, char **argv)
+{
+ int oldverbose = verbose;
+
+ verbose = 1;
+ command(argc == 1 ? "HELP" : "HELP %s", argv[1]);
+ verbose = oldverbose;
+}
+
+/*
+ * Terminate session and exit.
+ */
+/*VARARGS*/
+void
+quit(int argc, char **argv)
+{
+
+ if (connected)
+ disconnect(0, 0);
+ pswitch(1);
+ if (connected) {
+ disconnect(0, 0);
+ }
+ exit(0);
+}
+
+/*
+ * Terminate session, but don't exit.
+ */
+void
+disconnect(int argc, char **argv)
+{
+
+ if (!connected)
+ return;
+ command("QUIT");
+ if (cout) {
+ fclose(cout);
+ }
+ cout = NULL;
+ connected = 0;
+ sec_end();
+ data = -1;
+ if (!proxy) {
+ macnum = 0;
+ }
+}
+
+int
+confirm(char *cmd, char *file)
+{
+ char buf[BUFSIZ];
+
+ if (!interactive)
+ return (1);
+ printf("%s %s? ", cmd, file);
+ fflush(stdout);
+ if (fgets(buf, sizeof buf, stdin) == NULL)
+ return (0);
+ return (*buf == 'y' || *buf == 'Y');
+}
+
+void
+fatal(char *msg)
+{
+
+ errx(1, "%s", msg);
+}
+
+/*
+ * Glob a local file name specification with
+ * the expectation of a single return value.
+ * Can't control multiple values being expanded
+ * from the expression, we return only the first.
+ */
+int
+globulize(char **cpp)
+{
+ glob_t gl;
+ int flags;
+
+ if (!doglob)
+ return (1);
+
+ flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ memset(&gl, 0, sizeof(gl));
+ if (glob(*cpp, flags, NULL, &gl) ||
+ gl.gl_pathc == 0) {
+ warnx("%s: not found", *cpp);
+ globfree(&gl);
+ return (0);
+ }
+ *cpp = strdup(gl.gl_pathv[0]); /* XXX - wasted memory */
+ globfree(&gl);
+ return (1);
+}
+
+void
+account(int argc, char **argv)
+{
+ char acctstr[50];
+
+ if (argc > 1) {
+ ++argv;
+ --argc;
+ strlcpy (acctstr, *argv, sizeof(acctstr));
+ while (argc > 1) {
+ --argc;
+ ++argv;
+ strlcat(acctstr, *argv, sizeof(acctstr));
+ }
+ }
+ else {
+ UI_UTIL_read_pw_string(acctstr, sizeof(acctstr), "Account:", 0);
+ }
+ command("ACCT %s", acctstr);
+}
+
+jmp_buf abortprox;
+
+static RETSIGTYPE
+proxabort(int sig)
+{
+
+ if (!proxy) {
+ pswitch(1);
+ }
+ if (connected) {
+ proxflag = 1;
+ }
+ else {
+ proxflag = 0;
+ }
+ pswitch(0);
+ longjmp(abortprox,1);
+}
+
+void
+doproxy(int argc, char **argv)
+{
+ struct cmd *c;
+ RETSIGTYPE (*oldintr)(int);
+
+ if (argc < 2 && !another(&argc, &argv, "command")) {
+ printf("usage: %s command\n", argv[0]);
+ code = -1;
+ return;
+ }
+ c = getcmd(argv[1]);
+ if (c == (struct cmd *) -1) {
+ printf("?Ambiguous command\n");
+ fflush(stdout);
+ code = -1;
+ return;
+ }
+ if (c == 0) {
+ printf("?Invalid command\n");
+ fflush(stdout);
+ code = -1;
+ return;
+ }
+ if (!c->c_proxy) {
+ printf("?Invalid proxy command\n");
+ fflush(stdout);
+ code = -1;
+ return;
+ }
+ if (setjmp(abortprox)) {
+ code = -1;
+ return;
+ }
+ oldintr = signal(SIGINT, proxabort);
+ pswitch(1);
+ if (c->c_conn && !connected) {
+ printf("Not connected\n");
+ fflush(stdout);
+ pswitch(0);
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ (*c->c_handler)(argc-1, argv+1);
+ if (connected) {
+ proxflag = 1;
+ }
+ else {
+ proxflag = 0;
+ }
+ pswitch(0);
+ signal(SIGINT, oldintr);
+}
+
+void
+setcase(int argc, char **argv)
+{
+
+ mcase = !mcase;
+ printf("Case mapping %s.\n", onoff(mcase));
+ code = mcase;
+}
+
+void
+setcr(int argc, char **argv)
+{
+
+ crflag = !crflag;
+ printf("Carriage Return stripping %s.\n", onoff(crflag));
+ code = crflag;
+}
+
+void
+setntrans(int argc, char **argv)
+{
+ if (argc == 1) {
+ ntflag = 0;
+ printf("Ntrans off.\n");
+ code = ntflag;
+ return;
+ }
+ ntflag++;
+ code = ntflag;
+ strlcpy (ntin, argv[1], 17);
+ if (argc == 2) {
+ ntout[0] = '\0';
+ return;
+ }
+ strlcpy (ntout, argv[2], 17);
+}
+
+char *
+dotrans(char *name)
+{
+ static char new[MaxPathLen];
+ char *cp1, *cp2 = new;
+ int i, ostop, found;
+
+ for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++)
+ continue;
+ for (cp1 = name; *cp1; cp1++) {
+ found = 0;
+ for (i = 0; *(ntin + i) && i < 16; i++) {
+ if (*cp1 == *(ntin + i)) {
+ found++;
+ if (i < ostop) {
+ *cp2++ = *(ntout + i);
+ }
+ break;
+ }
+ }
+ if (!found) {
+ *cp2++ = *cp1;
+ }
+ }
+ *cp2 = '\0';
+ return (new);
+}
+
+void
+setnmap(int argc, char **argv)
+{
+ char *cp;
+
+ if (argc == 1) {
+ mapflag = 0;
+ printf("Nmap off.\n");
+ code = mapflag;
+ return;
+ }
+ if (argc < 3 && !another(&argc, &argv, "mapout")) {
+ printf("Usage: %s [mapin mapout]\n",argv[0]);
+ code = -1;
+ return;
+ }
+ mapflag = 1;
+ code = 1;
+ cp = strchr(altarg, ' ');
+ if (proxy) {
+ while(*++cp == ' ')
+ continue;
+ altarg = cp;
+ cp = strchr(altarg, ' ');
+ }
+ *cp = '\0';
+ strlcpy(mapin, altarg, MaxPathLen);
+ while (*++cp == ' ')
+ continue;
+ strlcpy(mapout, cp, MaxPathLen);
+}
+
+char *
+domap(char *name)
+{
+ static char new[MaxPathLen];
+ char *cp1 = name, *cp2 = mapin;
+ char *tp[9], *te[9];
+ int i, toks[9], toknum = 0, match = 1;
+
+ for (i=0; i < 9; ++i) {
+ toks[i] = 0;
+ }
+ while (match && *cp1 && *cp2) {
+ switch (*cp2) {
+ case '\\':
+ if (*++cp2 != *cp1) {
+ match = 0;
+ }
+ break;
+ case '$':
+ if (*(cp2+1) >= '1' && (*cp2+1) <= '9') {
+ if (*cp1 != *(++cp2+1)) {
+ toks[toknum = *cp2 - '1']++;
+ tp[toknum] = cp1;
+ while (*++cp1 && *(cp2+1)
+ != *cp1);
+ te[toknum] = cp1;
+ }
+ cp2++;
+ break;
+ }
+ /* FALLTHROUGH */
+ default:
+ if (*cp2 != *cp1) {
+ match = 0;
+ }
+ break;
+ }
+ if (match && *cp1) {
+ cp1++;
+ }
+ if (match && *cp2) {
+ cp2++;
+ }
+ }
+ if (!match && *cp1) /* last token mismatch */
+ {
+ toks[toknum] = 0;
+ }
+ cp1 = new;
+ *cp1 = '\0';
+ cp2 = mapout;
+ while (*cp2) {
+ match = 0;
+ switch (*cp2) {
+ case '\\':
+ if (*(cp2 + 1)) {
+ *cp1++ = *++cp2;
+ }
+ break;
+ case '[':
+LOOP:
+ if (*++cp2 == '$' && isdigit((unsigned char)*(cp2+1))) {
+ if (*++cp2 == '0') {
+ char *cp3 = name;
+
+ while (*cp3) {
+ *cp1++ = *cp3++;
+ }
+ match = 1;
+ }
+ else if (toks[toknum = *cp2 - '1']) {
+ char *cp3 = tp[toknum];
+
+ while (cp3 != te[toknum]) {
+ *cp1++ = *cp3++;
+ }
+ match = 1;
+ }
+ }
+ else {
+ while (*cp2 && *cp2 != ',' &&
+ *cp2 != ']') {
+ if (*cp2 == '\\') {
+ cp2++;
+ }
+ else if (*cp2 == '$' &&
+ isdigit((unsigned char)*(cp2+1))) {
+ if (*++cp2 == '0') {
+ char *cp3 = name;
+
+ while (*cp3) {
+ *cp1++ = *cp3++;
+ }
+ }
+ else if (toks[toknum =
+ *cp2 - '1']) {
+ char *cp3=tp[toknum];
+
+ while (cp3 !=
+ te[toknum]) {
+ *cp1++ = *cp3++;
+ }
+ }
+ }
+ else if (*cp2) {
+ *cp1++ = *cp2++;
+ }
+ }
+ if (!*cp2) {
+ printf("nmap: unbalanced brackets\n");
+ return (name);
+ }
+ match = 1;
+ cp2--;
+ }
+ if (match) {
+ while (*++cp2 && *cp2 != ']') {
+ if (*cp2 == '\\' && *(cp2 + 1)) {
+ cp2++;
+ }
+ }
+ if (!*cp2) {
+ printf("nmap: unbalanced brackets\n");
+ return (name);
+ }
+ break;
+ }
+ switch (*++cp2) {
+ case ',':
+ goto LOOP;
+ case ']':
+ break;
+ default:
+ cp2--;
+ goto LOOP;
+ }
+ break;
+ case '$':
+ if (isdigit((unsigned char)*(cp2 + 1))) {
+ if (*++cp2 == '0') {
+ char *cp3 = name;
+
+ while (*cp3) {
+ *cp1++ = *cp3++;
+ }
+ }
+ else if (toks[toknum = *cp2 - '1']) {
+ char *cp3 = tp[toknum];
+
+ while (cp3 != te[toknum]) {
+ *cp1++ = *cp3++;
+ }
+ }
+ break;
+ }
+ /* intentional drop through */
+ default:
+ *cp1++ = *cp2;
+ break;
+ }
+ cp2++;
+ }
+ *cp1 = '\0';
+ if (!*new) {
+ return (name);
+ }
+ return (new);
+}
+
+void
+setpassive(int argc, char **argv)
+{
+
+ passivemode = !passivemode;
+ printf("Passive mode %s.\n", onoff(passivemode));
+ code = passivemode;
+}
+
+void
+setsunique(int argc, char **argv)
+{
+
+ sunique = !sunique;
+ printf("Store unique %s.\n", onoff(sunique));
+ code = sunique;
+}
+
+void
+setrunique(int argc, char **argv)
+{
+
+ runique = !runique;
+ printf("Receive unique %s.\n", onoff(runique));
+ code = runique;
+}
+
+/* change directory to perent directory */
+void
+cdup(int argc, char **argv)
+{
+
+ if (command("CDUP") == ERROR && code == 500) {
+ if (verbose)
+ printf("CDUP command not recognized, trying XCUP\n");
+ command("XCUP");
+ }
+}
+
+/* restart transfer at specific point */
+void
+restart(int argc, char **argv)
+{
+
+ if (argc != 2)
+ printf("restart: offset not specified\n");
+ else {
+ restart_point = atol(argv[1]);
+ printf("restarting at %ld. %s\n", (long)restart_point,
+ "execute get, put or append to initiate transfer");
+ }
+}
+
+/* show remote system type */
+void
+syst(int argc, char **argv)
+{
+
+ command("SYST");
+}
+
+void
+macdef(int argc, char **argv)
+{
+ char *tmp;
+ int c;
+
+ if (macnum == 16) {
+ printf("Limit of 16 macros have already been defined\n");
+ code = -1;
+ return;
+ }
+ if (argc < 2 && !another(&argc, &argv, "macro name")) {
+ printf("Usage: %s macro_name\n",argv[0]);
+ code = -1;
+ return;
+ }
+ if (interactive) {
+ printf("Enter macro line by line, terminating it with a null line\n");
+ }
+ strlcpy(macros[macnum].mac_name,
+ argv[1],
+ sizeof(macros[macnum].mac_name));
+ if (macnum == 0) {
+ macros[macnum].mac_start = macbuf;
+ }
+ else {
+ macros[macnum].mac_start = macros[macnum - 1].mac_end + 1;
+ }
+ tmp = macros[macnum].mac_start;
+ while (tmp != macbuf+4096) {
+ if ((c = getchar()) == EOF) {
+ printf("macdef:end of file encountered\n");
+ code = -1;
+ return;
+ }
+ if ((*tmp = c) == '\n') {
+ if (tmp == macros[macnum].mac_start) {
+ macros[macnum++].mac_end = tmp;
+ code = 0;
+ return;
+ }
+ if (*(tmp-1) == '\0') {
+ macros[macnum++].mac_end = tmp - 1;
+ code = 0;
+ return;
+ }
+ *tmp = '\0';
+ }
+ tmp++;
+ }
+ while (1) {
+ while ((c = getchar()) != '\n' && c != EOF)
+ /* LOOP */;
+ if (c == EOF || getchar() == '\n') {
+ printf("Macro not defined - 4k buffer exceeded\n");
+ code = -1;
+ return;
+ }
+ }
+}
+
+/*
+ * get size of file on remote machine
+ */
+void
+sizecmd(int argc, char **argv)
+{
+
+ if (argc < 2 && !another(&argc, &argv, "filename")) {
+ printf("usage: %s filename\n", argv[0]);
+ code = -1;
+ return;
+ }
+ command("SIZE %s", argv[1]);
+}
+
+/*
+ * get last modification time of file on remote machine
+ */
+void
+modtime(int argc, char **argv)
+{
+ int overbose;
+
+ if (argc < 2 && !another(&argc, &argv, "filename")) {
+ printf("usage: %s filename\n", argv[0]);
+ code = -1;
+ return;
+ }
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+ if (command("MDTM %s", argv[1]) == COMPLETE) {
+ int yy, mo, day, hour, min, sec;
+ sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo,
+ &day, &hour, &min, &sec);
+ /* might want to print this in local time */
+ printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1],
+ mo, day, yy, hour, min, sec);
+ } else
+ printf("%s\n", reply_string);
+ verbose = overbose;
+}
+
+/*
+ * show status on reomte machine
+ */
+void
+rmtstatus(int argc, char **argv)
+{
+
+ command(argc > 1 ? "STAT %s" : "STAT" , argv[1]);
+}
+
+/*
+ * get file if modtime is more recent than current file
+ */
+void
+newer(int argc, char **argv)
+{
+
+ if (getit(argc, argv, -1, curtype == TYPE_I ? "wb" : "w"))
+ printf("Local file \"%s\" is newer than remote file \"%s\"\n",
+ argv[2], argv[1]);
+}
+
+void
+klist(int argc, char **argv)
+{
+ int ret;
+ if(argc != 1){
+ printf("usage: %s\n", argv[0]);
+ code = -1;
+ return;
+ }
+
+ ret = command("SITE KLIST");
+ code = (ret == COMPLETE);
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/cmdtab.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/cmdtab.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/cmdtab.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+
+/*
+ * User FTP -- Command Tables.
+ */
+
+char accounthelp[] = "send account command to remote server";
+char appendhelp[] = "append to a file";
+char asciihelp[] = "set ascii transfer type";
+char beephelp[] = "beep when command completed";
+char binaryhelp[] = "set binary transfer type";
+char casehelp[] = "toggle mget upper/lower case id mapping";
+char cdhelp[] = "change remote working directory";
+char cduphelp[] = "change remote working directory to parent directory";
+char chmodhelp[] = "change file permissions of remote file";
+char connecthelp[] = "connect to remote tftp";
+char crhelp[] = "toggle carriage return stripping on ascii gets";
+char deletehelp[] = "delete remote file";
+char debughelp[] = "toggle/set debugging mode";
+char dirhelp[] = "list contents of remote directory";
+char disconhelp[] = "terminate ftp session";
+char domachelp[] = "execute macro";
+char formhelp[] = "set file transfer format";
+char globhelp[] = "toggle metacharacter expansion of local file names";
+char hashhelp[] = "toggle printing `#' for each buffer transferred";
+char helphelp[] = "print local help information";
+char idlehelp[] = "get (set) idle timer on remote side";
+char lcdhelp[] = "change local working directory";
+char lshelp[] = "list contents of remote directory";
+char macdefhelp[] = "define a macro";
+char mdeletehelp[] = "delete multiple files";
+char mdirhelp[] = "list contents of multiple remote directories";
+char mgethelp[] = "get multiple files";
+char mkdirhelp[] = "make directory on the remote machine";
+char mlshelp[] = "list contents of multiple remote directories";
+char modtimehelp[] = "show last modification time of remote file";
+char modehelp[] = "set file transfer mode";
+char mputhelp[] = "send multiple files";
+char newerhelp[] = "get file if remote file is newer than local file ";
+char nlisthelp[] = "nlist contents of remote directory";
+char nmaphelp[] = "set templates for default file name mapping";
+char ntranshelp[] = "set translation table for default file name mapping";
+char porthelp[] = "toggle use of PORT cmd for each data connection";
+char prompthelp[] = "force interactive prompting on multiple commands";
+char proxyhelp[] = "issue command on alternate connection";
+char pwdhelp[] = "print working directory on remote machine";
+char quithelp[] = "terminate ftp session and exit";
+char quotehelp[] = "send arbitrary ftp command";
+char receivehelp[] = "receive file";
+char regethelp[] = "get file restarting at end of local file";
+char remotehelp[] = "get help from remote server";
+char renamehelp[] = "rename file";
+char restarthelp[]= "restart file transfer at bytecount";
+char rmdirhelp[] = "remove directory on the remote machine";
+char rmtstatushelp[]="show status of remote machine";
+char runiquehelp[] = "toggle store unique for local files";
+char resethelp[] = "clear queued command replies";
+char sendhelp[] = "send one file";
+char passivehelp[] = "enter passive transfer mode";
+char sitehelp[] = "send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
+char shellhelp[] = "escape to the shell";
+char sizecmdhelp[] = "show size of remote file";
+char statushelp[] = "show current status";
+char structhelp[] = "set file transfer structure";
+char suniquehelp[] = "toggle store unique on remote machine";
+char systemhelp[] = "show remote system type";
+char tenexhelp[] = "set tenex file transfer type";
+char tracehelp[] = "toggle packet tracing";
+char typehelp[] = "set file transfer type";
+char umaskhelp[] = "get (set) umask on remote side";
+char userhelp[] = "send new user information";
+char verbosehelp[] = "toggle verbose mode";
+
+char prothelp[] = "set protection level";
+char prothelp_c[] = "set command protection level";
+#ifdef KRB4
+char kauthhelp[] = "get remote tokens";
+#endif
+#if defined(KRB4) || defined(KRB5)
+char klisthelp[] = "show remote tickets";
+#endif
+#ifdef KRB4
+char kdestroyhelp[] = "destroy remote tickets";
+char krbtkfilehelp[] = "set filename of remote tickets";
+#endif
+#if defined(KRB4) || defined(KRB5)
+char afsloghelp[] = "obtain remote AFS tokens";
+#endif
+
+struct cmd cmdtab[] = {
+ { "!", shellhelp, 0, 0, 0, shell },
+ { "$", domachelp, 1, 0, 0, domacro },
+ { "account", accounthelp, 0, 1, 1, account},
+ { "append", appendhelp, 1, 1, 1, put },
+ { "ascii", asciihelp, 0, 1, 1, setascii },
+ { "bell", beephelp, 0, 0, 0, setbell },
+ { "binary", binaryhelp, 0, 1, 1, setbinary },
+ { "bye", quithelp, 0, 0, 0, quit },
+ { "case", casehelp, 0, 0, 1, setcase },
+ { "cd", cdhelp, 0, 1, 1, cd },
+ { "cdup", cduphelp, 0, 1, 1, cdup },
+ { "chmod", chmodhelp, 0, 1, 1, do_chmod },
+ { "close", disconhelp, 0, 1, 1, disconnect },
+ { "cr", crhelp, 0, 0, 0, setcr },
+ { "delete", deletehelp, 0, 1, 1, delete },
+ { "debug", debughelp, 0, 0, 0, setdebug },
+ { "dir", dirhelp, 1, 1, 1, ls },
+ { "disconnect", disconhelp, 0, 1, 1, disconnect },
+ { "form", formhelp, 0, 1, 1, setform },
+ { "get", receivehelp, 1, 1, 1, get },
+ { "glob", globhelp, 0, 0, 0, setglob },
+ { "hash", hashhelp, 0, 0, 0, sethash },
+ { "help", helphelp, 0, 0, 1, help },
+ { "idle", idlehelp, 0, 1, 1, ftp_idle },
+ { "image", binaryhelp, 0, 1, 1, setbinary },
+ { "lcd", lcdhelp, 0, 0, 0, lcd },
+ { "ls", lshelp, 1, 1, 1, ls },
+ { "macdef", macdefhelp, 0, 0, 0, macdef },
+ { "mdelete", mdeletehelp, 1, 1, 1, mdelete },
+ { "mdir", mdirhelp, 1, 1, 1, mls },
+ { "mget", mgethelp, 1, 1, 1, mget },
+ { "mkdir", mkdirhelp, 0, 1, 1, makedir },
+ { "mls", mlshelp, 1, 1, 1, mls },
+ { "mode", modehelp, 0, 1, 1, setftmode },
+ { "modtime", modtimehelp, 0, 1, 1, modtime },
+ { "mput", mputhelp, 1, 1, 1, mput },
+ { "newer", newerhelp, 1, 1, 1, newer },
+ { "nmap", nmaphelp, 0, 0, 1, setnmap },
+ { "nlist", nlisthelp, 1, 1, 1, ls },
+ { "ntrans", ntranshelp, 0, 0, 1, setntrans },
+ { "open", connecthelp, 0, 0, 1, setpeer },
+ { "passive", passivehelp, 0, 0, 0, setpassive },
+ { "prompt", prompthelp, 0, 0, 0, setprompt },
+ { "proxy", proxyhelp, 0, 0, 1, doproxy },
+ { "sendport", porthelp, 0, 0, 0, setport },
+ { "put", sendhelp, 1, 1, 1, put },
+ { "pwd", pwdhelp, 0, 1, 1, pwd },
+ { "quit", quithelp, 0, 0, 0, quit },
+ { "quote", quotehelp, 1, 1, 1, quote },
+ { "recv", receivehelp, 1, 1, 1, get },
+ { "reget", regethelp, 1, 1, 1, reget },
+ { "rstatus", rmtstatushelp, 0, 1, 1, rmtstatus },
+ { "rhelp", remotehelp, 0, 1, 1, rmthelp },
+ { "rename", renamehelp, 0, 1, 1, renamefile },
+ { "reset", resethelp, 0, 1, 1, reset },
+ { "restart", restarthelp, 1, 1, 1, restart },
+ { "rmdir", rmdirhelp, 0, 1, 1, removedir },
+ { "runique", runiquehelp, 0, 0, 1, setrunique },
+ { "send", sendhelp, 1, 1, 1, put },
+ { "site", sitehelp, 0, 1, 1, site },
+ { "size", sizecmdhelp, 1, 1, 1, sizecmd },
+ { "status", statushelp, 0, 0, 1, status },
+ { "struct", structhelp, 0, 1, 1, setstruct },
+ { "system", systemhelp, 0, 1, 1, syst },
+ { "sunique", suniquehelp, 0, 0, 1, setsunique },
+ { "tenex", tenexhelp, 0, 1, 1, settenex },
+ { "trace", tracehelp, 0, 0, 0, settrace },
+ { "type", typehelp, 0, 1, 1, settype },
+ { "user", userhelp, 0, 1, 1, user },
+ { "umask", umaskhelp, 0, 1, 1, do_umask },
+ { "verbose", verbosehelp, 0, 0, 0, setverbose },
+ { "?", helphelp, 0, 0, 1, help },
+
+ { "protect", prothelp, 0, 1, 0, sec_prot },
+ /* what MIT uses */
+ { "cprotect", prothelp_c, 0, 1, 1, sec_prot_command },
+#ifdef KRB4
+ { "kauth", kauthhelp, 0, 1, 0, kauth },
+#endif
+#if defined(KRB4) || defined(KRB5)
+ { "klist", klisthelp, 0, 1, 0, klist },
+#endif
+#ifdef KRB4
+ { "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy },
+ { "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile },
+#endif
+#if defined(KRB4) || defined(KRB5)
+ { "afslog", afsloghelp, 0, 1, 0, afslog },
+#endif
+
+ { 0 },
+};
+
+int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/domacro.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/domacro.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/domacro.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 1985, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: domacro.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+void
+domacro(int argc, char **argv)
+{
+ int i, j, count = 2, loopflg = 0;
+ char *cp1, *cp2, line2[200];
+ struct cmd *c;
+
+ if (argc < 2 && !another(&argc, &argv, "macro name")) {
+ printf("Usage: %s macro_name.\n", argv[0]);
+ code = -1;
+ return;
+ }
+ for (i = 0; i < macnum; ++i) {
+ if (!strncmp(argv[1], macros[i].mac_name, 9)) {
+ break;
+ }
+ }
+ if (i == macnum) {
+ printf("'%s' macro not found.\n", argv[1]);
+ code = -1;
+ return;
+ }
+ strlcpy(line2, line, sizeof(line2));
+TOP:
+ cp1 = macros[i].mac_start;
+ while (cp1 != macros[i].mac_end) {
+ while (isspace((unsigned char)*cp1)) {
+ cp1++;
+ }
+ cp2 = line;
+ while (*cp1 != '\0') {
+ size_t len;
+ switch(*cp1) {
+ case '\\':
+ if (line + sizeof(line) - 2 < cp2)
+ goto out;
+ *cp2++ = *++cp1;
+ break;
+ case '$':
+ if (isdigit((unsigned char)*(cp1+1))) {
+ j = 0;
+ while (isdigit((unsigned char)*++cp1)) {
+ j = 10*j + *cp1 - '0';
+ }
+ cp1--;
+ if (argc - 2 >= j) {
+ len = sizeof(line) - (cp2 - line) - 1;
+ if (strlcpy(cp2, argv[j+1], len) >= len)
+ goto out;
+ cp2 += strlen(argv[j+1]);
+ }
+ break;
+ }
+ if (*(cp1+1) == 'i') {
+ loopflg = 1;
+ cp1++;
+ if (count < argc) {
+ len = sizeof(line) - (cp2 - line) - 1;
+ if (strlcpy(cp2, argv[count], len) >= len)
+ goto out;
+ cp2 += strlen(argv[count]);
+ }
+ break;
+ }
+ /* intentional drop through */
+ default:
+ if (line + sizeof(line) - 2 < cp2)
+ goto out;
+ *cp2++ = *cp1;
+ break;
+ }
+ if (*cp1 != '\0') {
+ cp1++;
+ }
+ }
+ out:
+ *cp2 = '\0';
+ makeargv();
+ c = getcmd(margv[0]);
+ if (c == (struct cmd *)-1) {
+ printf("?Ambiguous command\n");
+ code = -1;
+ }
+ else if (c == 0) {
+ printf("?Invalid command\n");
+ code = -1;
+ }
+ else if (c->c_conn && !connected) {
+ printf("Not connected.\n");
+ code = -1;
+ }
+ else {
+ if (verbose) {
+ printf("%s\n",line);
+ }
+ (*c->c_handler)(margc, margv);
+ if (bell && c->c_bell) {
+ putchar('\007');
+ }
+ strlcpy(line, line2, sizeof(line));
+ makeargv();
+ argc = margc;
+ argv = margv;
+ }
+ if (cp1 != macros[i].mac_end) {
+ cp1++;
+ }
+ }
+ if (loopflg && ++count < argc) {
+ goto TOP;
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/extern.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/extern.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/extern.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,174 @@
+/*-
+ * Copyright (c) 1994 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)extern.h 8.3 (Berkeley) 10/9/94
+ */
+
+/* $Id: extern.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#include <setjmp.h>
+#include <stdlib.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+void abort_remote (FILE *);
+void abortpt (int);
+void abortrecv (int);
+void account (int, char **);
+int another (int *, char ***, char *);
+void blkfree (char **);
+void cd (int, char **);
+void cdup (int, char **);
+void changetype (int, int);
+void cmdabort (int);
+void cmdscanner (int);
+int command (char *fmt, ...)
+ __attribute__ ((format (printf, 1,2)));
+int confirm (char *, char *);
+FILE *dataconn (const char *);
+void delete (int, char **);
+void disconnect (int, char **);
+void do_chmod (int, char **);
+void do_umask (int, char **);
+void domacro (int, char **);
+char *domap (char *);
+void doproxy (int, char **);
+char *dotrans (char *);
+int empty (fd_set *, int);
+void fatal (char *);
+void get (int, char **);
+struct cmd *getcmd (char *);
+int getit (int, char **, int, char *);
+int getreply (int);
+int globulize (char **);
+char *gunique (char *);
+void help (int, char **);
+char *hookup (const char *, int);
+void ftp_idle (int, char **);
+int initconn (void);
+void intr (int);
+void lcd (int, char **);
+int login (char *);
+RETSIGTYPE lostpeer (int);
+void ls (int, char **);
+void macdef (int, char **);
+void makeargv (void);
+void makedir (int, char **);
+void mdelete (int, char **);
+void mget (int, char **);
+void mls (int, char **);
+void modtime (int, char **);
+void mput (int, char **);
+char *onoff (int);
+void newer (int, char **);
+void proxtrans (char *, char *, char *);
+void psabort (int);
+void pswitch (int);
+void ptransfer (char *, long, struct timeval *, struct timeval *);
+void put (int, char **);
+void pwd (int, char **);
+void quit (int, char **);
+void quote (int, char **);
+void quote1 (char *, int, char **);
+void recvrequest (char *, char *, char *, char *, int, int);
+void reget (int, char **);
+char *remglob (char **, int);
+void removedir (int, char **);
+void renamefile (int, char **);
+void reset (int, char **);
+void restart (int, char **);
+void rmthelp (int, char **);
+void rmtstatus (int, char **);
+int ruserpass (char *, char **, char **, char **);
+void sendrequest (char *, char *, char *, char *, int);
+void setascii (int, char **);
+void setbell (int, char **);
+void setbinary (int, char **);
+void setcase (int, char **);
+void setcr (int, char **);
+void setdebug (int, char **);
+void setform (int, char **);
+void setftmode (int, char **);
+void setglob (int, char **);
+void sethash (int, char **);
+void setnmap (int, char **);
+void setntrans (int, char **);
+void setpassive (int, char **);
+void setpeer (int, char **);
+void setport (int, char **);
+void setprompt (int, char **);
+void setrunique (int, char **);
+void setstruct (int, char **);
+void setsunique (int, char **);
+void settenex (int, char **);
+void settrace (int, char **);
+void settype (int, char **);
+void setverbose (int, char **);
+void shell (int, char **);
+void site (int, char **);
+void sizecmd (int, char **);
+char *slurpstring (void);
+void status (int, char **);
+void syst (int, char **);
+void tvsub (struct timeval *, struct timeval *, struct timeval *);
+void user (int, char **);
+
+extern jmp_buf abortprox;
+extern int abrtflag;
+extern struct cmd cmdtab[];
+extern FILE *cout;
+extern int data;
+extern char *home;
+extern jmp_buf jabort;
+extern int proxy;
+extern char reply_string[];
+extern off_t restart_point;
+extern int NCMDS;
+
+extern char username[32];
+extern char myhostname[];
+extern char *mydomain;
+
+void afslog (int, char **);
+void kauth (int, char **);
+void kdestroy (int, char **);
+void klist (int, char **);
+void krbtkfile (int, char **);
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1211 @@
+.\" $NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $
+.\"
+.\" Copyright (c) 1985, 1989, 1990, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)ftp.1 8.3 (Berkeley) 10/9/94
+.\"
+.Dd March 23, 2006
+.Dt FTP 1
+.Os BSD 4.2
+.Sh NAME
+.Nm ftp
+.Nd
+.Tn ARPANET
+file transfer program
+.Sh SYNOPSIS
+.Nm ftp
+.Op Fl K
+.Op Fl d
+.Op Fl g
+.Op Fl i
+.Op Fl l
+.Op Fl n
+.Op Fl p
+.Op Fl t
+.Op Fl v
+.Op Fl x
+.Op Fl -no-gss-bindings
+.Op Fl -no-gss-delegate
+.Op Ar host
+.Sh DESCRIPTION
+.Nm
+is the user interface to the
+.Tn ARPANET
+standard File Transfer Protocol.
+The program allows a user to transfer files to and from a
+remote network site.
+.Pp
+Modifications have been made so that it almost follows the FTP
+Security Extensions, RFC 2228.
+.Pp
+Options may be specified at the command line, or to the
+command interpreter.
+.Bl -tag -width flag
+.It Fl K
+Disable Kerberos authentication.
+.It Fl t
+Enables packet tracing.
+.It Fl v
+Verbose option forces
+.Nm ftp
+to show all responses from the remote server, as well
+as report on data transfer statistics.
+.It Fl n
+Restrains
+.Nm ftp
+from attempting \*(Lqauto-login\*(Rq upon initial connection.
+If auto-login is enabled,
+.Nm ftp
+will check the
+.Pa .netrc
+(see below) file in the user's home directory for an entry describing
+an account on the remote machine.
+If no entry exists,
+.Nm ftp
+will prompt for the remote machine login name (default is the user
+identity on the local machine), and, if necessary, prompt for a password
+and an account with which to login.
+.It Fl i
+Turns off interactive prompting during
+multiple file transfers.
+.It Fl p
+Turn on passive mode.
+.It Fl d
+Enables debugging.
+.It Fl g
+Disables file name globbing.
+ .It Fl -no-gss-bindings
+Don't use GSS-API bindings when talking to peer. IP addresses will not
+be checked to ensure they match.
+.It Fl -no-gss-delegate
+Disable delegation of GSSAPI credentials.
+.It Fl l
+Disables command line editing.
+.It Fl x
+Encrypt command and data channel.
+.El
+.Pp
+The client host with which
+.Nm ftp
+is to communicate may be specified on the command line.
+If this is done,
+.Nm ftp
+will immediately attempt to establish a connection to an
+.Tn FTP
+server on that host; otherwise,
+.Nm ftp
+will enter its command interpreter and await instructions
+from the user.
+When
+.Nm ftp
+is awaiting commands from the user the prompt
+.Ql ftp\*[Gt]
+is provided to the user.
+The following commands are recognized
+by
+.Nm ftp :
+.Bl -tag -width Fl
+.It Ic \&! Op Ar command Op Ar args
+Invoke an interactive shell on the local machine.
+If there are arguments, the first is taken to be a command to execute
+directly, with the rest of the arguments as its arguments.
+.It Ic \&$ Ar macro-name Op Ar args
+Execute the macro
+.Ar macro-name
+that was defined with the
+.Ic macdef
+command.
+Arguments are passed to the macro unglobbed.
+.It Ic account Op Ar passwd
+Supply a supplemental password required by a remote system for access
+to resources once a login has been successfully completed.
+If no argument is included, the user will be prompted for an account
+password in a non-echoing input mode.
+.It Ic append Ar local-file Op Ar remote-file
+Append a local file to a file on the remote machine.
+If
+.Ar remote-file
+is left unspecified, the local file name is used in naming the
+remote file after being altered by any
+.Ic ntrans
+or
+.Ic nmap
+setting.
+File transfer uses the current settings for
+.Ic type ,
+.Ic format ,
+.Ic mode ,
+and
+.Ic structure .
+.It Ic ascii
+Set the file transfer
+.Ic type
+to network
+.Tn ASCII .
+This is the default type.
+.It Ic bell
+Arrange that a bell be sounded after each file transfer
+command is completed.
+.It Ic binary
+Set the file transfer
+.Ic type
+to support binary image transfer.
+.It Ic bye
+Terminate the
+.Tn FTP
+session with the remote server
+and exit
+.Nm ftp .
+An end of file will also terminate the session and exit.
+.It Ic case
+Toggle remote computer file name case mapping during
+.Ic mget
+commands.
+When
+.Ic case
+is on (default is off), remote computer file names with all letters in
+upper case are written in the local directory with the letters mapped
+to lower case.
+.It Ic \&cd Ar remote-directory
+Change the working directory on the remote machine
+to
+.Ar remote-directory .
+.It Ic cdup
+Change the remote machine working directory to the parent of the
+current remote machine working directory.
+.It Ic chmod Ar mode file-name
+Change the permission modes of the file
+.Ar file-name
+on the remote
+sytem to
+.Ar mode .
+.It Ic close
+Terminate the
+.Tn FTP
+session with the remote server, and
+return to the command interpreter.
+Any defined macros are erased.
+.It Ic \&cr
+Toggle carriage return stripping during
+ascii type file retrieval.
+Records are denoted by a carriage return/linefeed sequence
+during ascii type file transfer.
+When
+.Ic \&cr
+is on (the default), carriage returns are stripped from this
+sequence to conform with the
+.Ux
+single linefeed record
+delimiter.
+Records on
+.Pf non\- Ns Ux
+remote systems may contain single linefeeds;
+when an ascii type transfer is made, these linefeeds may be
+distinguished from a record delimiter only when
+.Ic \&cr
+is off.
+.It Ic delete Ar remote-file
+Delete the file
+.Ar remote-file
+on the remote machine.
+.It Ic debug Op Ar debug-value
+Toggle debugging mode.
+If an optional
+.Ar debug-value
+is specified it is used to set the debugging level.
+When debugging is on,
+.Nm ftp
+prints each command sent to the remote machine, preceded
+by the string
+.Ql \-\-\*[Gt]
+.It Xo
+.Ic dir
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a listing of the directory contents in the
+directory,
+.Ar remote-directory ,
+and, optionally, placing the output in
+.Ar local-file .
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic dir
+output.
+If no directory is specified, the current working
+directory on the remote machine is used.
+If no local
+file is specified, or
+.Ar local-file
+is
+.Fl ,
+output comes to the terminal.
+.It Ic disconnect
+A synonym for
+.Ar close .
+.It Ic form Ar format
+Set the file transfer
+.Ic form
+to
+.Ar format .
+The default format is \*(Lqfile\*(Rq.
+.It Ic get Ar remote-file Op Ar local-file
+Retrieve the
+.Ar remote-file
+and store it on the local machine.
+If the local
+file name is not specified, it is given the same
+name it has on the remote machine, subject to
+alteration by the current
+.Ic case ,
+.Ic ntrans ,
+and
+.Ic nmap
+settings.
+The current settings for
+.Ic type ,
+.Ic form ,
+.Ic mode ,
+and
+.Ic structure
+are used while transferring the file.
+.It Ic glob
+Toggle filename expansion for
+.Ic mdelete ,
+.Ic mget
+and
+.Ic mput .
+If globbing is turned off with
+.Ic glob ,
+the file name arguments
+are taken literally and not expanded.
+Globbing for
+.Ic mput
+is done as in
+.Xr csh 1 .
+For
+.Ic mdelete
+and
+.Ic mget ,
+each remote file name is expanded
+separately on the remote machine and the lists are not merged.
+Expansion of a directory name is likely to be
+different from expansion of the name of an ordinary file:
+the exact result depends on the foreign operating system and ftp server,
+and can be previewed by doing
+.Ql mls remote-files \- .
+As a security measure, remotely globbed files that starts with
+.Sq /
+or contains
+.Sq ../ ,
+will not be automatically received. If you have interactive prompting
+turned off, these filenames will be ignored. Note:
+.Ic mget
+and
+.Ic mput
+are not meant to transfer
+entire directory subtrees of files.
+That can be done by
+transferring a
+.Xr tar 1
+archive of the subtree (in binary mode).
+.It Ic hash
+Toggle hash-sign (``#'') printing for each data block
+transferred.
+The size of a data block is 1024 bytes.
+.It Ic help Op Ar command
+Print an informative message about the meaning of
+.Ar command .
+If no argument is given,
+.Nm ftp
+prints a list of the known commands.
+.It Ic idle Op Ar seconds
+Set the inactivity timer on the remote server to
+.Ar seconds
+seconds.
+If
+.Ar seconds
+is omitted, the current inactivity timer is printed.
+.It Ic lcd Op Ar directory
+Change the working directory on the local machine.
+If
+no
+.Ar directory
+is specified, the user's home directory is used.
+.It Xo
+.Ic \&ls
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a listing of the contents of a
+directory on the remote machine.
+The listing includes any system-dependent information that the server
+chooses to include; for example, most
+.Ux
+systems will produce
+output from the command
+.Ql ls \-l .
+(See also
+.Ic nlist . )
+If
+.Ar remote-directory
+is left unspecified, the current working directory is used.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic \&ls
+output.
+If no local file is specified, or if
+.Ar local-file
+is
+.Sq Fl ,
+the output is sent to the terminal.
+.It Ic macdef Ar macro-name
+Define a macro.
+Subsequent lines are stored as the macro
+.Ar macro-name ;
+a null line (consecutive newline characters
+in a file or
+carriage returns from the terminal) terminates macro input mode.
+There is a limit of 16 macros and 4096 total characters in all
+defined macros.
+Macros remain defined until a
+.Ic close
+command is executed.
+The macro processor interprets `$' and `\e' as special characters.
+A `$' followed by a number (or numbers) is replaced by the
+corresponding argument on the macro invocation command line.
+A `$' followed by an `i' signals that macro processor that the
+executing macro is to be looped.
+On the first pass `$i' is
+replaced by the first argument on the macro invocation command line,
+on the second pass it is replaced by the second argument, and so on.
+A `\e' followed by any character is replaced by that character.
+Use the `\e' to prevent special treatment of the `$'.
+.It Ic mdelete Op Ar remote-files
+Delete the
+.Ar remote-files
+on the remote machine.
+.It Ic mdir Ar remote-files local-file
+Like
+.Ic dir ,
+except multiple remote files may be specified.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic mdir
+output.
+.It Ic mget Ar remote-files
+Expand the
+.Ar remote-files
+on the remote machine
+and do a
+.Ic get
+for each file name thus produced.
+See
+.Ic glob
+for details on the filename expansion.
+Resulting file names will then be processed according to
+.Ic case ,
+.Ic ntrans ,
+and
+.Ic nmap
+settings.
+Files are transferred into the local working directory,
+which can be changed with
+.Ql lcd directory ;
+new local directories can be created with
+.Ql "\&! mkdir directory" .
+.It Ic mkdir Ar directory-name
+Make a directory on the remote machine.
+.It Ic mls Ar remote-files local-file
+Like
+.Ic nlist ,
+except multiple remote files may be specified,
+and the
+.Ar local-file
+must be specified.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic mls
+output.
+.It Ic mode Op Ar mode-name
+Set the file transfer
+.Ic mode
+to
+.Ar mode-name .
+The default mode is \*(Lqstream\*(Rq mode.
+.It Ic modtime Ar file-name
+Show the last modification time of the file on the remote machine.
+.It Ic mput Ar local-files
+Expand wild cards in the list of local files given as arguments
+and do a
+.Ic put
+for each file in the resulting list.
+See
+.Ic glob
+for details of filename expansion.
+Resulting file names will then be processed according to
+.Ic ntrans
+and
+.Ic nmap
+settings.
+.It Ic newer Ar file-name
+Get the file only if the modification time of the remote file is more
+recent that the file on the current system.
+If the file does not
+exist on the current system, the remote file is considered
+.Ic newer .
+Otherwise, this command is identical to
+.Ar get .
+.It Xo
+.Ic nlist
+.Op Ar remote-directory
+.Op Ar local-file
+.Xc
+Print a list of the files in a
+directory on the remote machine.
+If
+.Ar remote-directory
+is left unspecified, the current working directory is used.
+If interactive prompting is on,
+.Nm ftp
+will prompt the user to verify that the last argument is indeed the
+target local file for receiving
+.Ic nlist
+output.
+If no local file is specified, or if
+.Ar local-file
+is
+.Fl ,
+the output is sent to the terminal.
+.It Ic nmap Op Ar inpattern outpattern
+Set or unset the filename mapping mechanism.
+If no arguments are specified, the filename mapping mechanism is unset.
+If arguments are specified, remote filenames are mapped during
+.Ic mput
+commands and
+.Ic put
+commands issued without a specified remote target filename.
+If arguments are specified, local filenames are mapped during
+.Ic mget
+commands and
+.Ic get
+commands issued without a specified local target filename.
+This command is useful when connecting to a
+.No non\- Ns Ux
+remote computer
+with different file naming conventions or practices.
+The mapping follows the pattern set by
+.Ar inpattern
+and
+.Ar outpattern .
+.Op Ar Inpattern
+is a template for incoming filenames (which may have already been
+processed according to the
+.Ic ntrans
+and
+.Ic case
+settings).
+Variable templating is accomplished by including the
+sequences `$1', `$2', ..., `$9' in
+.Ar inpattern .
+Use `\\' to prevent this special treatment of the `$' character.
+All other characters are treated literally, and are used to determine the
+.Ic nmap
+.Op Ar inpattern
+variable values.
+For example, given
+.Ar inpattern
+$1.$2 and the remote file name "mydata.data", $1 would have the value
+"mydata", and $2 would have the value "data".
+The
+.Ar outpattern
+determines the resulting mapped filename.
+The sequences `$1', `$2', ...., `$9' are replaced by any value resulting
+from the
+.Ar inpattern
+template.
+The sequence `$0' is replace by the original filename.
+Additionally, the sequence
+.Ql Op Ar seq1 , Ar seq2
+is replaced by
+.Op Ar seq1
+if
+.Ar seq1
+is not a null string; otherwise it is replaced by
+.Ar seq2 .
+For example, the command
+.Pp
+.Bd -literal -offset indent -compact
+nmap $1.$2.$3 [$1,$2].[$2,file]
+.Ed
+.Pp
+would yield
+the output filename "myfile.data" for input filenames "myfile.data" and
+"myfile.data.old", "myfile.file" for the input filename "myfile", and
+"myfile.myfile" for the input filename ".myfile".
+Spaces may be included in
+.Ar outpattern ,
+as in the example: `nmap $1 sed "s/ *$//" \*[Gt] $1' .
+Use the `\e' character to prevent special treatment
+of the `$','[','[', and `,' characters.
+.It Ic ntrans Op Ar inchars Op Ar outchars
+Set or unset the filename character translation mechanism.
+If no arguments are specified, the filename character
+translation mechanism is unset.
+If arguments are specified, characters in
+remote filenames are translated during
+.Ic mput
+commands and
+.Ic put
+commands issued without a specified remote target filename.
+If arguments are specified, characters in
+local filenames are translated during
+.Ic mget
+commands and
+.Ic get
+commands issued without a specified local target filename.
+This command is useful when connecting to a
+.No non\- Ns Ux
+remote computer
+with different file naming conventions or practices.
+Characters in a filename matching a character in
+.Ar inchars
+are replaced with the corresponding character in
+.Ar outchars .
+If the character's position in
+.Ar inchars
+is longer than the length of
+.Ar outchars ,
+the character is deleted from the file name.
+.It Ic open Ar host Op Ar port
+Establish a connection to the specified
+.Ar host
+.Tn FTP
+server.
+An optional port number may be supplied,
+in which case,
+.Nm ftp
+will attempt to contact an
+.Tn FTP
+server at that port.
+If the
+.Ic auto-login
+option is on (default),
+.Nm ftp
+will also attempt to automatically log the user in to
+the
+.Tn FTP
+server (see below).
+.It Ic passive
+Toggle passive mode. If passive mode is turned on
+(default is off), the ftp client will
+send a
+.Dv PASV
+command for all data connections instead of the usual
+.Dv PORT
+command. The
+.Dv PASV
+command requests that the remote server open a port for the data connection
+and return the address of that port. The remote server listens on that
+port and the client connects to it. When using the more traditional
+.Dv PORT
+command, the client listens on a port and sends that address to the remote
+server, who connects back to it. Passive mode is useful when using
+.Nm ftp
+through a gateway router or host that controls the directionality of
+traffic.
+(Note that though ftp servers are required to support the
+.Dv PASV
+command by RFC 1123, some do not.)
+.It Ic prompt
+Toggle interactive prompting.
+Interactive prompting
+occurs during multiple file transfers to allow the
+user to selectively retrieve or store files.
+If prompting is turned off (default is on), any
+.Ic mget
+or
+.Ic mput
+will transfer all files, and any
+.Ic mdelete
+will delete all files.
+.It Ic proxy Ar ftp-command
+Execute an ftp command on a secondary control connection.
+This command allows simultaneous connection to two remote ftp
+servers for transferring files between the two servers.
+The first
+.Ic proxy
+command should be an
+.Ic open ,
+to establish the secondary control connection.
+Enter the command "proxy ?" to see other ftp commands executable on the
+secondary connection.
+The following commands behave differently when prefaced by
+.Ic proxy :
+.Ic open
+will not define new macros during the auto-login process,
+.Ic close
+will not erase existing macro definitions,
+.Ic get
+and
+.Ic mget
+transfer files from the host on the primary control connection
+to the host on the secondary control connection, and
+.Ic put ,
+.Ic mput ,
+and
+.Ic append
+transfer files from the host on the secondary control connection
+to the host on the primary control connection.
+Third party file transfers depend upon support of the ftp protocol
+.Dv PASV
+command by the server on the secondary control connection.
+.It Ic put Ar local-file Op Ar remote-file
+Store a local file on the remote machine.
+If
+.Ar remote-file
+is left unspecified, the local file name is used
+after processing according to any
+.Ic ntrans
+or
+.Ic nmap
+settings
+in naming the remote file.
+File transfer uses the
+current settings for
+.Ic type ,
+.Ic format ,
+.Ic mode ,
+and
+.Ic structure .
+.It Ic pwd
+Print the name of the current working directory on the remote
+machine.
+.It Ic quit
+A synonym for
+.Ic bye .
+.It Ic quote Ar arg1 arg2 ...
+The arguments specified are sent, verbatim, to the remote
+.Tn FTP
+server.
+.It Ic recv Ar remote-file Op Ar local-file
+A synonym for get.
+.It Ic reget Ar remote-file Op Ar local-file
+Reget acts like get, except that if
+.Ar local-file
+exists and is
+smaller than
+.Ar remote-file ,
+.Ar local-file
+is presumed to be
+a partially transferred copy of
+.Ar remote-file
+and the transfer
+is continued from the apparent point of failure.
+This command
+is useful when transferring very large files over networks that
+are prone to dropping connections.
+.It Ic remotehelp Op Ar command-name
+Request help from the remote
+.Tn FTP
+server.
+If a
+.Ar command-name
+is specified it is supplied to the server as well.
+.It Ic remotestatus Op Ar file-name
+With no arguments, show status of remote machine.
+If
+.Ar file-name
+is specified, show status of
+.Ar file-name
+on remote machine.
+.It Xo
+.Ic rename
+.Op Ar from
+.Op Ar to
+.Xc
+Rename the file
+.Ar from
+on the remote machine, to the file
+.Ar to .
+.It Ic reset
+Clear reply queue.
+This command re-synchronizes command/reply sequencing with the remote
+ftp server.
+Resynchronization may be necessary following a violation of the ftp protocol
+by the remote server.
+.It Ic restart Ar marker
+Restart the immediately following
+.Ic get
+or
+.Ic put
+at the
+indicated
+.Ar marker .
+On
+.Ux
+systems, marker is usually a byte
+offset into the file.
+.It Ic rmdir Ar directory-name
+Delete a directory on the remote machine.
+.It Ic runique
+Toggle storing of files on the local system with unique filenames.
+If a file already exists with a name equal to the target
+local filename for a
+.Ic get
+or
+.Ic mget
+command, a ".1" is appended to the name.
+If the resulting name matches another existing file,
+a ".2" is appended to the original name.
+If this process continues up to ".99", an error
+message is printed, and the transfer does not take place.
+The generated unique filename will be reported.
+Note that
+.Ic runique
+will not affect local files generated from a shell command
+(see below).
+The default value is off.
+.It Ic send Ar local-file Op Ar remote-file
+A synonym for put.
+.It Ic sendport
+Toggle the use of
+.Dv PORT
+commands.
+By default,
+.Nm ftp
+will attempt to use a
+.Dv PORT
+command when establishing
+a connection for each data transfer.
+The use of
+.Dv PORT
+commands can prevent delays
+when performing multiple file transfers.
+If the
+.Dv PORT
+command fails,
+.Nm ftp
+will use the default data port.
+When the use of
+.Dv PORT
+commands is disabled, no attempt will be made to use
+.Dv PORT
+commands for each data transfer.
+This is useful
+for certain
+.Tn FTP
+implementations which do ignore
+.Dv PORT
+commands but, incorrectly, indicate they've been accepted.
+.It Ic site Ar arg1 arg2 ...
+The arguments specified are sent, verbatim, to the remote
+.Tn FTP
+server as a
+.Dv SITE
+command.
+.It Ic size Ar file-name
+Return size of
+.Ar file-name
+on remote machine.
+.It Ic status
+Show the current status of
+.Nm ftp .
+.It Ic struct Op Ar struct-name
+Set the file transfer
+.Ar structure
+to
+.Ar struct-name .
+By default \*(Lqstream\*(Rq structure is used.
+.It Ic sunique
+Toggle storing of files on remote machine under unique file names.
+Remote ftp server must support ftp protocol
+.Dv STOU
+command for
+successful completion.
+The remote server will report unique name.
+Default value is off.
+.It Ic system
+Show the type of operating system running on the remote machine.
+.It Ic tenex
+Set the file transfer type to that needed to
+talk to
+.Tn TENEX
+machines.
+.It Ic trace
+Toggle packet tracing.
+.It Ic type Op Ar type-name
+Set the file transfer
+.Ic type
+to
+.Ar type-name .
+If no type is specified, the current type
+is printed.
+The default type is network
+.Tn ASCII .
+.It Ic umask Op Ar newmask
+Set the default umask on the remote server to
+.Ar newmask .
+If
+.Ar newmask
+is omitted, the current umask is printed.
+.It Xo
+.Ic user Ar user-name
+.Op Ar password
+.Op Ar account
+.Xc
+Identify yourself to the remote
+.Tn FTP
+server.
+If the
+.Ar password
+is not specified and the server requires it,
+.Nm ftp
+will prompt the user for it (after disabling local echo).
+If an
+.Ar account
+field is not specified, and the
+.Tn FTP
+server
+requires it, the user will be prompted for it.
+If an
+.Ar account
+field is specified, an account command will
+be relayed to the remote server after the login sequence
+is completed if the remote server did not require it
+for logging in.
+Unless
+.Nm ftp
+is invoked with \*(Lqauto-login\*(Rq disabled, this
+process is done automatically on initial connection to
+the
+.Tn FTP
+server.
+.It Ic verbose
+Toggle verbose mode.
+In verbose mode, all responses from
+the
+.Tn FTP
+server are displayed to the user.
+In addition,
+if verbose is on, when a file transfer completes, statistics
+regarding the efficiency of the transfer are reported.
+By default,
+verbose is on.
+.It Ic \&? Op Ar command
+A synonym for help.
+.El
+.Pp
+The following command can be used with ftpsec-aware servers.
+.Bl -tag -width Fl
+.It Xo
+.Ic prot
+.Ar clear |
+.Ar safe |
+.Ar confidential |
+.Ar private
+.Xc
+Set the data protection level to the requested level.
+.El
+.Pp
+The following command can be used with ftp servers that has
+implemented the KAUTH site command.
+.Bl -tag -width Fl
+.It Ic kauth Op Ar principal
+Obtain remote tickets.
+.El
+.Pp
+Command arguments which have embedded spaces may be quoted with
+quote `"' marks.
+.Sh ABORTING A FILE TRANSFER
+To abort a file transfer, use the terminal interrupt key
+(usually Ctrl-C).
+Sending transfers will be immediately halted.
+Receiving transfers will be halted by sending a ftp protocol
+.Dv ABOR
+command to the remote server, and discarding any further data received.
+The speed at which this is accomplished depends upon the remote
+server's support for
+.Dv ABOR
+processing.
+If the remote server does not support the
+.Dv ABOR
+command, an
+.Ql ftp\*[Gt]
+prompt will not appear until the remote server has completed
+sending the requested file.
+.Pp
+The terminal interrupt key sequence will be ignored when
+.Nm ftp
+has completed any local processing and is awaiting a reply
+from the remote server.
+A long delay in this mode may result from the ABOR processing described
+above, or from unexpected behavior by the remote server, including
+violations of the ftp protocol.
+If the delay results from unexpected remote server behavior, the local
+.Nm ftp
+program must be killed by hand.
+.Sh FILE NAMING CONVENTIONS
+Files specified as arguments to
+.Nm ftp
+commands are processed according to the following rules.
+.Bl -enum
+.It
+If the file name
+.Sq Fl
+is specified, the
+.Ar stdin
+(for reading) or
+.Ar stdout
+(for writing) is used.
+.It
+If the first character of the file name is
+.Sq \&| ,
+the
+remainder of the argument is interpreted as a shell command.
+.Nm Ftp
+then forks a shell, using
+.Xr popen 3
+with the argument supplied, and reads (writes) from the stdout
+(stdin).
+If the shell command includes spaces, the argument
+must be quoted; e.g.
+\*(Lq" ls -lt"\*(Rq.
+A particularly
+useful example of this mechanism is: \*(Lqdir more\*(Rq.
+.It
+Failing the above checks, if ``globbing'' is enabled,
+local file names are expanded
+according to the rules used in the
+.Xr csh 1 ;
+c.f. the
+.Ic glob
+command.
+If the
+.Nm ftp
+command expects a single local file (.e.g.
+.Ic put ) ,
+only the first filename generated by the "globbing" operation is used.
+.It
+For
+.Ic mget
+commands and
+.Ic get
+commands with unspecified local file names, the local filename is
+the remote filename, which may be altered by a
+.Ic case ,
+.Ic ntrans ,
+or
+.Ic nmap
+setting.
+The resulting filename may then be altered if
+.Ic runique
+is on.
+.It
+For
+.Ic mput
+commands and
+.Ic put
+commands with unspecified remote file names, the remote filename is
+the local filename, which may be altered by a
+.Ic ntrans
+or
+.Ic nmap
+setting.
+The resulting filename may then be altered by the remote server if
+.Ic sunique
+is on.
+.El
+.Sh FILE TRANSFER PARAMETERS
+The FTP specification specifies many parameters which may
+affect a file transfer.
+The
+.Ic type
+may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary),
+\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for
+.Tn PDP Ns -10's
+and
+.Tn PDP Ns -20's
+mostly).
+.Nm Ftp
+supports the ascii and image types of file transfer,
+plus local byte size 8 for
+.Ic tenex
+mode transfers.
+.Pp
+.Nm Ftp
+supports only the default values for the remaining
+file transfer parameters:
+.Ic mode ,
+.Ic form ,
+and
+.Ic struct .
+.Sh THE .netrc FILE
+The
+.Pa .netrc
+file contains login and initialization information
+used by the auto-login process.
+It resides in the user's home directory.
+The following tokens are recognized; they may be separated by spaces,
+tabs, or new-lines:
+.Bl -tag -width password
+.It Ic machine Ar name
+Identify a remote machine
+.Ar name .
+The auto-login process searches the
+.Pa .netrc
+file for a
+.Ic machine
+token that matches the remote machine specified on the
+.Nm ftp
+command line or as an
+.Ic open
+command argument.
+Once a match is made, the subsequent
+.Pa .netrc
+tokens are processed,
+stopping when the end of file is reached or another
+.Ic machine
+or a
+.Ic default
+token is encountered.
+.It Ic default
+This is the same as
+.Ic machine
+.Ar name
+except that
+.Ic default
+matches any name.
+There can be only one
+.Ic default
+token, and it must be after all
+.Ic machine
+tokens.
+This is normally used as:
+.Pp
+.Dl default login anonymous password user at site
+.Pp
+thereby giving the user
+.Ar automatic
+anonymous ftp login to
+machines not specified in
+.Pa .netrc .
+This can be overridden
+by using the
+.Fl n
+flag to disable auto-login.
+.It Ic login Ar name
+Identify a user on the remote machine.
+If this token is present, the auto-login process will initiate
+a login using the specified
+.Ar name .
+.It Ic password Ar string
+Supply a password.
+If this token is present, the auto-login process will supply the
+specified string if the remote server requires a password as part
+of the login process.
+Note that if this token is present in the
+.Pa .netrc
+file for any user other
+than
+.Ar anonymous ,
+.Nm ftp
+will abort the auto-login process if the
+.Pa .netrc
+is readable by
+anyone besides the user.
+.It Ic account Ar string
+Supply an additional account password.
+If this token is present, the auto-login process will supply the
+specified string if the remote server requires an additional
+account password, or the auto-login process will initiate an
+.Dv ACCT
+command if it does not.
+.It Ic macdef Ar name
+Define a macro.
+This token functions like the
+.Nm ftp
+.Ic macdef
+command functions.
+A macro is defined with the specified name; its contents begin with the
+next
+.Pa .netrc
+line and continue until a null line (consecutive new-line
+characters) is encountered.
+If a macro named
+.Ic init
+is defined, it is automatically executed as the last step in the
+auto-login process.
+.El
+.Sh ENVIRONMENT
+.Nm Ftp
+uses the following environment variables.
+.Bl -tag -width Fl
+.It Ev HOME
+For default location of a
+.Pa .netrc
+file, if one exists.
+.It Ev SHELL
+For default shell.
+.El
+.Sh SEE ALSO
+.Xr ftpd 8
+.Rs
+.%T RFC2228
+.Re
+.Sh HISTORY
+The
+.Nm ftp
+command appeared in
+.Bx 4.2 .
+.Sh BUGS
+Correct execution of many commands depends upon proper behavior
+by the remote server.
+.Pp
+An error in the treatment of carriage returns
+in the
+.Bx 4.2
+ascii-mode transfer code
+has been corrected.
+This correction may result in incorrect transfers of binary files
+to and from
+.Bx 4.2
+servers using the ascii type.
+Avoid this problem by using the binary image type.
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1780 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID ("$Id: ftp.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+struct sockaddr_storage hisctladdr_ss;
+struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
+struct sockaddr_storage data_addr_ss;
+struct sockaddr *data_addr = (struct sockaddr *)&data_addr_ss;
+struct sockaddr_storage myctladdr_ss;
+struct sockaddr *myctladdr = (struct sockaddr *)&myctladdr_ss;
+int data = -1;
+int abrtflag = 0;
+jmp_buf ptabort;
+int ptabflg;
+int ptflag = 0;
+off_t restart_point = 0;
+
+
+FILE *cin, *cout;
+
+typedef void (*sighand) (int);
+
+char *
+hookup (const char *host, int port)
+{
+ static char hostnamebuf[MaxHostNameLen];
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ char portstr[NI_MAXSERV];
+ socklen_t len;
+ int s;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+ hints.ai_flags = AI_CANONNAME;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
+
+ error = getaddrinfo (host, portstr, &hints, &ai);
+ if (error) {
+ warnx ("%s: %s", host, gai_strerror(error));
+ code = -1;
+ return NULL;
+ }
+ strlcpy (hostnamebuf, host, sizeof(hostnamebuf));
+ hostname = hostnamebuf;
+
+ s = -1;
+ for (a = ai; a != NULL; a = a->ai_next) {
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+
+ if (a->ai_canonname != NULL)
+ strlcpy (hostnamebuf, a->ai_canonname, sizeof(hostnamebuf));
+
+ memcpy (hisctladdr, a->ai_addr, a->ai_addrlen);
+
+ error = connect (s, a->ai_addr, a->ai_addrlen);
+ if (error < 0) {
+ char addrstr[256];
+
+ if (getnameinfo (a->ai_addr, a->ai_addrlen,
+ addrstr, sizeof(addrstr),
+ NULL, 0, NI_NUMERICHOST) != 0)
+ strlcpy (addrstr, "unknown address", sizeof(addrstr));
+
+ warn ("connect %s", addrstr);
+ close (s);
+ s = -1;
+ continue;
+ }
+ break;
+ }
+ freeaddrinfo (ai);
+ if (s < 0) {
+ warnx ("failed to contact %s", host);
+ code = -1;
+ return NULL;
+ }
+
+ len = sizeof(myctladdr_ss);
+ if (getsockname (s, myctladdr, &len) < 0) {
+ warn ("getsockname");
+ code = -1;
+ close (s);
+ return NULL;
+ }
+#ifdef IPTOS_LOWDELAY
+ socket_set_tos (s, IPTOS_LOWDELAY);
+#endif
+ cin = fdopen (s, "r");
+ cout = fdopen (s, "w");
+ if (cin == NULL || cout == NULL) {
+ warnx ("fdopen failed.");
+ if (cin)
+ fclose (cin);
+ if (cout)
+ fclose (cout);
+ code = -1;
+ goto bad;
+ }
+ if (verbose)
+ printf ("Connected to %s.\n", hostname);
+ if (getreply (0) > 2) { /* read startup message from server */
+ if (cin)
+ fclose (cin);
+ if (cout)
+ fclose (cout);
+ code = -1;
+ goto bad;
+ }
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+ {
+ int on = 1;
+
+ if (setsockopt (s, SOL_SOCKET, SO_OOBINLINE, (char *) &on, sizeof (on))
+ < 0 && debug) {
+ warn ("setsockopt");
+ }
+ }
+#endif /* SO_OOBINLINE */
+
+ return (hostname);
+bad:
+ close (s);
+ return NULL;
+}
+
+int
+login (char *host)
+{
+ char tmp[80];
+ char defaultpass[128];
+ char *userstr, *pass, *acctstr;
+ int n, aflag = 0;
+
+ char *myname = NULL;
+ struct passwd *pw = k_getpwuid(getuid());
+
+ if (pw != NULL)
+ myname = pw->pw_name;
+
+ userstr = pass = acctstr = 0;
+
+ if(sec_login(host))
+ printf("\n*** Using plaintext user and password ***\n\n");
+ else{
+ printf("Authentication successful.\n\n");
+ }
+
+ if (ruserpass (host, &userstr, &pass, &acctstr) < 0) {
+ code = -1;
+ return (0);
+ }
+ while (userstr == NULL) {
+ if (myname)
+ printf ("Name (%s:%s): ", host, myname);
+ else
+ printf ("Name (%s): ", host);
+ *tmp = '\0';
+ if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
+ tmp[strlen (tmp) - 1] = '\0';
+ if (*tmp == '\0')
+ userstr = myname;
+ else
+ userstr = tmp;
+ }
+ strlcpy(username, userstr, sizeof(username));
+ n = command("USER %s", userstr);
+ if (n == COMPLETE)
+ n = command("PASS dummy"); /* DK: Compatibility with gssftp daemon */
+ else if(n == CONTINUE) {
+ if (pass == NULL) {
+ char prompt[128];
+ if(myname &&
+ (!strcmp(userstr, "ftp") || !strcmp(userstr, "anonymous"))) {
+ snprintf(defaultpass, sizeof(defaultpass),
+ "%s@%s", myname, mydomain);
+ snprintf(prompt, sizeof(prompt),
+ "Password (%s): ", defaultpass);
+ } else if (sec_complete) {
+ pass = myname;
+ } else {
+ *defaultpass = '\0';
+ snprintf(prompt, sizeof(prompt), "Password: ");
+ }
+ if (pass == NULL) {
+ pass = defaultpass;
+ UI_UTIL_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+ if (tmp[0])
+ pass = tmp;
+ }
+ }
+ n = command ("PASS %s", pass);
+ }
+ if (n == CONTINUE) {
+ aflag++;
+ acctstr = tmp;
+ UI_UTIL_read_pw_string (acctstr, 128, "Account:", 0);
+ n = command ("ACCT %s", acctstr);
+ }
+ if (n != COMPLETE) {
+ warnx ("Login failed.");
+ return (0);
+ }
+ if (!aflag && acctstr != NULL)
+ command ("ACCT %s", acctstr);
+ if (proxy)
+ return (1);
+ for (n = 0; n < macnum; ++n) {
+ if (!strcmp("init", macros[n].mac_name)) {
+ strlcpy (line, "$init", sizeof (line));
+ makeargv();
+ domacro(margc, margv);
+ break;
+ }
+ }
+ sec_set_protection_level ();
+ return (1);
+}
+
+void
+cmdabort (int sig)
+{
+
+ printf ("\n");
+ fflush (stdout);
+ abrtflag++;
+ if (ptflag)
+ longjmp (ptabort, 1);
+}
+
+int
+command (char *fmt,...)
+{
+ va_list ap;
+ int r;
+ sighand oldintr;
+
+ abrtflag = 0;
+ if (cout == NULL) {
+ warn ("No control connection for command");
+ code = -1;
+ return (0);
+ }
+ oldintr = signal(SIGINT, cmdabort);
+ if(debug){
+ printf("---> ");
+ if (strncmp("PASS ", fmt, 5) == 0)
+ printf("PASS XXXX");
+ else {
+ va_start(ap, fmt);
+ vfprintf(stdout, fmt, ap);
+ va_end(ap);
+ }
+ }
+ va_start(ap, fmt);
+ sec_vfprintf(cout, fmt, ap);
+ va_end(ap);
+ if(debug){
+ printf("\n");
+ fflush(stdout);
+ }
+ fprintf (cout, "\r\n");
+ fflush (cout);
+ cpend = 1;
+ r = getreply (!strcmp (fmt, "QUIT"));
+ if (abrtflag && oldintr != SIG_IGN)
+ (*oldintr) (SIGINT);
+ signal (SIGINT, oldintr);
+ return (r);
+}
+
+char reply_string[BUFSIZ]; /* last line of previous reply */
+
+int
+getreply (int expecteof)
+{
+ char *p;
+ char *lead_string;
+ int c;
+ struct sigaction sa, osa;
+ char buf[8192];
+ int reply_code;
+ int long_warn = 0;
+
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sa.sa_handler = cmdabort;
+ sigaction (SIGINT, &sa, &osa);
+
+ p = buf;
+
+ reply_code = 0;
+ while (1) {
+ c = getc (cin);
+ switch (c) {
+ case EOF:
+ if (expecteof) {
+ sigaction (SIGINT, &osa, NULL);
+ code = 221;
+ return 0;
+ }
+ lostpeer (0);
+ if (verbose) {
+ printf ("421 Service not available, "
+ "remote server has closed connection\n");
+ fflush (stdout);
+ }
+ code = 421;
+ return (4);
+ case IAC:
+ c = getc (cin);
+ if (c == WILL || c == WONT)
+ fprintf (cout, "%c%c%c", IAC, DONT, getc (cin));
+ if (c == DO || c == DONT)
+ fprintf (cout, "%c%c%c", IAC, WONT, getc (cin));
+ continue;
+ case '\n':
+ *p++ = '\0';
+ if(isdigit((unsigned char)buf[0])){
+ sscanf(buf, "%d", &code);
+ if(code == 631){
+ code = 0;
+ sec_read_msg(buf, prot_safe);
+ sscanf(buf, "%d", &code);
+ lead_string = "S:";
+ } else if(code == 632){
+ code = 0;
+ sec_read_msg(buf, prot_private);
+ sscanf(buf, "%d", &code);
+ lead_string = "P:";
+ }else if(code == 633){
+ code = 0;
+ sec_read_msg(buf, prot_confidential);
+ sscanf(buf, "%d", &code);
+ lead_string = "C:";
+ }else if(sec_complete)
+ lead_string = "!!";
+ else
+ lead_string = "";
+ if(code != 0 && reply_code == 0)
+ reply_code = code;
+ if (verbose > 0 || (verbose > -1 && code > 499))
+ fprintf (stdout, "%s%s\n", lead_string, buf);
+ if (code == reply_code && buf[3] == ' ') {
+ strlcpy (reply_string, buf, sizeof(reply_string));
+ if (code >= 200)
+ cpend = 0;
+ sigaction (SIGINT, &osa, NULL);
+ if (code == 421)
+ lostpeer (0);
+#if 1
+ if (abrtflag &&
+ osa.sa_handler != cmdabort &&
+ osa.sa_handler != SIG_IGN)
+ osa.sa_handler (SIGINT);
+#endif
+ if (code == 227 || code == 229) {
+ char *q;
+
+ q = strchr (reply_string, '(');
+ if (q) {
+ q++;
+ strlcpy(pasv, q, sizeof(pasv));
+ q = strrchr(pasv, ')');
+ if (q)
+ *q = '\0';
+ }
+ }
+ return code / 100;
+ }
+ }else{
+ if(verbose > 0 || (verbose > -1 && code > 499)){
+ if(sec_complete)
+ fprintf(stdout, "!!");
+ fprintf(stdout, "%s\n", buf);
+ }
+ }
+ p = buf;
+ long_warn = 0;
+ continue;
+ default:
+ if(p < buf + sizeof(buf) - 1)
+ *p++ = c;
+ else if(long_warn == 0) {
+ fprintf(stderr, "WARNING: incredibly long line received\n");
+ long_warn = 1;
+ }
+ }
+ }
+
+}
+
+
+#if 0
+int
+getreply (int expecteof)
+{
+ int c, n;
+ int dig;
+ int originalcode = 0, continuation = 0;
+ sighand oldintr;
+ int pflag = 0;
+ char *cp, *pt = pasv;
+
+ oldintr = signal (SIGINT, cmdabort);
+ for (;;) {
+ dig = n = code = 0;
+ cp = reply_string;
+ while ((c = getc (cin)) != '\n') {
+ if (c == IAC) { /* handle telnet commands */
+ switch (c = getc (cin)) {
+ case WILL:
+ case WONT:
+ c = getc (cin);
+ fprintf (cout, "%c%c%c", IAC, DONT, c);
+ fflush (cout);
+ break;
+ case DO:
+ case DONT:
+ c = getc (cin);
+ fprintf (cout, "%c%c%c", IAC, WONT, c);
+ fflush (cout);
+ break;
+ default:
+ break;
+ }
+ continue;
+ }
+ dig++;
+ if (c == EOF) {
+ if (expecteof) {
+ signal (SIGINT, oldintr);
+ code = 221;
+ return (0);
+ }
+ lostpeer (0);
+ if (verbose) {
+ printf ("421 Service not available, remote server has closed connection\n");
+ fflush (stdout);
+ }
+ code = 421;
+ return (4);
+ }
+ if (c != '\r' && (verbose > 0 ||
+ (verbose > -1 && n == '5' && dig > 4))) {
+ if (proxflag &&
+ (dig == 1 || dig == 5 && verbose == 0))
+ printf ("%s:", hostname);
+ putchar (c);
+ }
+ if (dig < 4 && isdigit (c))
+ code = code * 10 + (c - '0');
+ if (!pflag && code == 227)
+ pflag = 1;
+ if (dig > 4 && pflag == 1 && isdigit (c))
+ pflag = 2;
+ if (pflag == 2) {
+ if (c != '\r' && c != ')')
+ *pt++ = c;
+ else {
+ *pt = '\0';
+ pflag = 3;
+ }
+ }
+ if (dig == 4 && c == '-') {
+ if (continuation)
+ code = 0;
+ continuation++;
+ }
+ if (n == 0)
+ n = c;
+ if (cp < &reply_string[sizeof (reply_string) - 1])
+ *cp++ = c;
+ }
+ if (verbose > 0 || verbose > -1 && n == '5') {
+ putchar (c);
+ fflush (stdout);
+ }
+ if (continuation && code != originalcode) {
+ if (originalcode == 0)
+ originalcode = code;
+ continue;
+ }
+ *cp = '\0';
+ if(sec_complete){
+ if(code == 631)
+ sec_read_msg(reply_string, prot_safe);
+ else if(code == 632)
+ sec_read_msg(reply_string, prot_private);
+ else if(code == 633)
+ sec_read_msg(reply_string, prot_confidential);
+ n = code / 100 + '0';
+ }
+ if (n != '1')
+ cpend = 0;
+ signal (SIGINT, oldintr);
+ if (code == 421 || originalcode == 421)
+ lostpeer (0);
+ if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
+ (*oldintr) (SIGINT);
+ return (n - '0');
+ }
+}
+
+#endif
+
+int
+empty (fd_set * mask, int sec)
+{
+ struct timeval t;
+
+ t.tv_sec = sec;
+ t.tv_usec = 0;
+ return (select (FD_SETSIZE, mask, NULL, NULL, &t));
+}
+
+jmp_buf sendabort;
+
+static RETSIGTYPE
+abortsend (int sig)
+{
+
+ mflag = 0;
+ abrtflag = 0;
+ printf ("\nsend aborted\nwaiting for remote to finish abort\n");
+ fflush (stdout);
+ longjmp (sendabort, 1);
+}
+
+#define HASHBYTES 1024
+
+static int
+copy_stream (FILE * from, FILE * to)
+{
+ static size_t bufsize;
+ static char *buf;
+ int n;
+ int bytes = 0;
+ int werr = 0;
+ int hashbytes = HASHBYTES;
+ struct stat st;
+
+#if defined(HAVE_MMAP) && !defined(NO_MMAP)
+ void *chunk;
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+
+ if (fstat (fileno (from), &st) == 0 && S_ISREG (st.st_mode)) {
+ /*
+ * mmap zero bytes has potential of loosing, don't do it.
+ */
+ if (st.st_size == 0)
+ return 0;
+ chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0);
+ if (chunk != (void *) MAP_FAILED) {
+ int res;
+
+ res = sec_write (fileno (to), chunk, st.st_size);
+ if (munmap (chunk, st.st_size) < 0)
+ warn ("munmap");
+ sec_fflush (to);
+ return res;
+ }
+ }
+#endif
+
+ buf = alloc_buffer (buf, &bufsize,
+ fstat (fileno (from), &st) >= 0 ? &st : NULL);
+ if (buf == NULL)
+ return -1;
+
+ while ((n = read (fileno (from), buf, bufsize)) > 0) {
+ werr = sec_write (fileno (to), buf, n);
+ if (werr < 0)
+ break;
+ bytes += werr;
+ while (hash && bytes > hashbytes) {
+ putchar ('#');
+ hashbytes += HASHBYTES;
+ }
+ }
+ sec_fflush (to);
+ if (n < 0)
+ warn ("local");
+
+ if (werr < 0) {
+ if (errno != EPIPE)
+ warn ("netout");
+ bytes = -1;
+ }
+ return bytes;
+}
+
+void
+sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames)
+{
+ struct stat st;
+ struct timeval start, stop;
+ int c, d;
+ FILE *fin, *dout = 0;
+ int (*closefunc) (FILE *);
+ RETSIGTYPE (*oldintr)(int), (*oldintp)(int);
+ long bytes = 0, hashbytes = HASHBYTES;
+ char *rmode = "w";
+
+ if (verbose && printnames) {
+ if (local && strcmp (local, "-") != 0)
+ printf ("local: %s ", local);
+ if (remote)
+ printf ("remote: %s\n", remote);
+ }
+ if (proxy) {
+ proxtrans (cmd, local, remote);
+ return;
+ }
+ if (curtype != type)
+ changetype (type, 0);
+ closefunc = NULL;
+ oldintr = NULL;
+ oldintp = NULL;
+
+ if (setjmp (sendabort)) {
+ while (cpend) {
+ getreply (0);
+ }
+ if (data >= 0) {
+ close (data);
+ data = -1;
+ }
+ if (oldintr)
+ signal (SIGINT, oldintr);
+ if (oldintp)
+ signal (SIGPIPE, oldintp);
+ code = -1;
+ return;
+ }
+ oldintr = signal (SIGINT, abortsend);
+ if (strcmp (local, "-") == 0)
+ fin = stdin;
+ else if (*local == '|') {
+ oldintp = signal (SIGPIPE, SIG_IGN);
+ fin = popen (local + 1, lmode);
+ if (fin == NULL) {
+ warn ("%s", local + 1);
+ signal (SIGINT, oldintr);
+ signal (SIGPIPE, oldintp);
+ code = -1;
+ return;
+ }
+ closefunc = pclose;
+ } else {
+ fin = fopen (local, lmode);
+ if (fin == NULL) {
+ warn ("local: %s", local);
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ closefunc = fclose;
+ if (fstat (fileno (fin), &st) < 0 ||
+ (st.st_mode & S_IFMT) != S_IFREG) {
+ fprintf (stdout, "%s: not a plain file.\n", local);
+ signal (SIGINT, oldintr);
+ fclose (fin);
+ code = -1;
+ return;
+ }
+ }
+ if (initconn ()) {
+ signal (SIGINT, oldintr);
+ if (oldintp)
+ signal (SIGPIPE, oldintp);
+ code = -1;
+ if (closefunc != NULL)
+ (*closefunc) (fin);
+ return;
+ }
+ if (setjmp (sendabort))
+ goto abort;
+
+ if (restart_point &&
+ (strcmp (cmd, "STOR") == 0 || strcmp (cmd, "APPE") == 0)) {
+ int rc;
+
+ switch (curtype) {
+ case TYPE_A:
+ rc = fseek (fin, (long) restart_point, SEEK_SET);
+ break;
+ case TYPE_I:
+ case TYPE_L:
+ rc = lseek (fileno (fin), restart_point, SEEK_SET);
+ break;
+ default:
+ abort();
+ }
+ if (rc < 0) {
+ warn ("local: %s", local);
+ restart_point = 0;
+ if (closefunc != NULL)
+ (*closefunc) (fin);
+ return;
+ }
+ if (command ("REST %ld", (long) restart_point)
+ != CONTINUE) {
+ restart_point = 0;
+ if (closefunc != NULL)
+ (*closefunc) (fin);
+ return;
+ }
+ restart_point = 0;
+ rmode = "r+w";
+ }
+ if (remote) {
+ if (command ("%s %s", cmd, remote) != PRELIM) {
+ signal (SIGINT, oldintr);
+ if (oldintp)
+ signal (SIGPIPE, oldintp);
+ if (closefunc != NULL)
+ (*closefunc) (fin);
+ return;
+ }
+ } else if (command ("%s", cmd) != PRELIM) {
+ signal(SIGINT, oldintr);
+ if (oldintp)
+ signal(SIGPIPE, oldintp);
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ return;
+ }
+ dout = dataconn(rmode);
+ if (dout == NULL)
+ goto abort;
+ set_buffer_size (fileno (dout), 0);
+ gettimeofday (&start, (struct timezone *) 0);
+ oldintp = signal (SIGPIPE, SIG_IGN);
+ switch (curtype) {
+
+ case TYPE_I:
+ case TYPE_L:
+ errno = d = c = 0;
+ bytes = copy_stream (fin, dout);
+ break;
+
+ case TYPE_A:
+ while ((c = getc (fin)) != EOF) {
+ if (c == '\n') {
+ while (hash && (bytes >= hashbytes)) {
+ putchar ('#');
+ fflush (stdout);
+ hashbytes += HASHBYTES;
+ }
+ if (ferror (dout))
+ break;
+ sec_putc ('\r', dout);
+ bytes++;
+ }
+ sec_putc (c, dout);
+ bytes++;
+ }
+ sec_fflush (dout);
+ if (hash) {
+ if (bytes < hashbytes)
+ putchar ('#');
+ putchar ('\n');
+ fflush (stdout);
+ }
+ if (ferror (fin))
+ warn ("local: %s", local);
+ if (ferror (dout)) {
+ if (errno != EPIPE)
+ warn ("netout");
+ bytes = -1;
+ }
+ break;
+ }
+ if (closefunc != NULL)
+ (*closefunc) (fin);
+ fclose (dout);
+ gettimeofday (&stop, (struct timezone *) 0);
+ getreply (0);
+ signal (SIGINT, oldintr);
+ if (oldintp)
+ signal (SIGPIPE, oldintp);
+ if (bytes > 0)
+ ptransfer ("sent", bytes, &start, &stop);
+ return;
+abort:
+ signal (SIGINT, oldintr);
+ if (oldintp)
+ signal (SIGPIPE, oldintp);
+ if (!cpend) {
+ code = -1;
+ return;
+ }
+ if (data >= 0) {
+ close (data);
+ data = -1;
+ }
+ if (dout)
+ fclose (dout);
+ getreply (0);
+ code = -1;
+ if (closefunc != NULL && fin != NULL)
+ (*closefunc) (fin);
+ gettimeofday (&stop, (struct timezone *) 0);
+ if (bytes > 0)
+ ptransfer ("sent", bytes, &start, &stop);
+}
+
+jmp_buf recvabort;
+
+void
+abortrecv (int sig)
+{
+
+ mflag = 0;
+ abrtflag = 0;
+ printf ("\nreceive aborted\nwaiting for remote to finish abort\n");
+ fflush (stdout);
+ longjmp (recvabort, 1);
+}
+
+void
+recvrequest (char *cmd, char *local, char *remote,
+ char *lmode, int printnames, int local_given)
+{
+ FILE *fout = NULL, *din = NULL;
+ int (*closefunc) (FILE *);
+ sighand oldintr, oldintp;
+ int c, d, is_retr, tcrflag, bare_lfs = 0;
+ static size_t bufsize;
+ static char *buf;
+ long bytes = 0, hashbytes = HASHBYTES;
+ struct timeval start, stop;
+ struct stat st;
+
+ is_retr = strcmp (cmd, "RETR") == 0;
+ if (is_retr && verbose && printnames) {
+ if (local && strcmp (local, "-") != 0)
+ printf ("local: %s ", local);
+ if (remote)
+ printf ("remote: %s\n", remote);
+ }
+ if (proxy && is_retr) {
+ proxtrans (cmd, local, remote);
+ return;
+ }
+ closefunc = NULL;
+ oldintr = NULL;
+ oldintp = NULL;
+ tcrflag = !crflag && is_retr;
+ if (setjmp (recvabort)) {
+ while (cpend) {
+ getreply (0);
+ }
+ if (data >= 0) {
+ close (data);
+ data = -1;
+ }
+ if (oldintr)
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ oldintr = signal (SIGINT, abortrecv);
+ if (!local_given || (strcmp (local, "-") && *local != '|')) {
+ if (access (local, 2) < 0) {
+ char *dir = strrchr (local, '/');
+
+ if (errno != ENOENT && errno != EACCES) {
+ warn ("local: %s", local);
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (dir != NULL)
+ *dir = 0;
+ d = access (dir ? local : ".", 2);
+ if (dir != NULL)
+ *dir = '/';
+ if (d < 0) {
+ warn ("local: %s", local);
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (!runique && errno == EACCES &&
+ chmod (local, 0600) < 0) {
+ warn ("local: %s", local);
+ signal (SIGINT, oldintr);
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (runique && errno == EACCES &&
+ (local = gunique (local)) == NULL) {
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ } else if (runique && (local = gunique (local)) == NULL) {
+ signal(SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ }
+ if (!is_retr) {
+ if (curtype != TYPE_A)
+ changetype (TYPE_A, 0);
+ } else if (curtype != type)
+ changetype (type, 0);
+ if (initconn ()) {
+ signal (SIGINT, oldintr);
+ code = -1;
+ return;
+ }
+ if (setjmp (recvabort))
+ goto abort;
+ if (is_retr && restart_point &&
+ command ("REST %ld", (long) restart_point) != CONTINUE)
+ return;
+ if (remote) {
+ if (command ("%s %s", cmd, remote) != PRELIM) {
+ signal (SIGINT, oldintr);
+ return;
+ }
+ } else {
+ if (command ("%s", cmd) != PRELIM) {
+ signal (SIGINT, oldintr);
+ return;
+ }
+ }
+ din = dataconn ("r");
+ if (din == NULL)
+ goto abort;
+ set_buffer_size (fileno (din), 1);
+ if (local_given && strcmp (local, "-") == 0)
+ fout = stdout;
+ else if (local_given && *local == '|') {
+ oldintp = signal (SIGPIPE, SIG_IGN);
+ fout = popen (local + 1, "w");
+ if (fout == NULL) {
+ warn ("%s", local + 1);
+ goto abort;
+ }
+ closefunc = pclose;
+ } else {
+ fout = fopen (local, lmode);
+ if (fout == NULL) {
+ warn ("local: %s", local);
+ goto abort;
+ }
+ closefunc = fclose;
+ }
+ buf = alloc_buffer (buf, &bufsize,
+ fstat (fileno (fout), &st) >= 0 ? &st : NULL);
+ if (buf == NULL)
+ goto abort;
+
+ gettimeofday (&start, (struct timezone *) 0);
+ switch (curtype) {
+
+ case TYPE_I:
+ case TYPE_L:
+ if (restart_point &&
+ lseek (fileno (fout), restart_point, SEEK_SET) < 0) {
+ warn ("local: %s", local);
+ if (closefunc != NULL)
+ (*closefunc) (fout);
+ return;
+ }
+ errno = d = 0;
+ while ((c = sec_read (fileno (din), buf, bufsize)) > 0) {
+ if ((d = write (fileno (fout), buf, c)) != c)
+ break;
+ bytes += c;
+ if (hash) {
+ while (bytes >= hashbytes) {
+ putchar ('#');
+ hashbytes += HASHBYTES;
+ }
+ fflush (stdout);
+ }
+ }
+ if (hash && bytes > 0) {
+ if (bytes < HASHBYTES)
+ putchar ('#');
+ putchar ('\n');
+ fflush (stdout);
+ }
+ if (c < 0) {
+ if (errno != EPIPE)
+ warn ("netin");
+ bytes = -1;
+ }
+ if (d < c) {
+ if (d < 0)
+ warn ("local: %s", local);
+ else
+ warnx ("%s: short write", local);
+ }
+ break;
+
+ case TYPE_A:
+ if (restart_point) {
+ int i, n, ch;
+
+ if (fseek (fout, 0L, SEEK_SET) < 0)
+ goto done;
+ n = restart_point;
+ for (i = 0; i++ < n;) {
+ if ((ch = sec_getc (fout)) == EOF)
+ goto done;
+ if (ch == '\n')
+ i++;
+ }
+ if (fseek (fout, 0L, SEEK_CUR) < 0) {
+ done:
+ warn ("local: %s", local);
+ if (closefunc != NULL)
+ (*closefunc) (fout);
+ return;
+ }
+ }
+ while ((c = sec_getc(din)) != EOF) {
+ if (c == '\n')
+ bare_lfs++;
+ while (c == '\r') {
+ while (hash && (bytes >= hashbytes)) {
+ putchar ('#');
+ fflush (stdout);
+ hashbytes += HASHBYTES;
+ }
+ bytes++;
+ if ((c = sec_getc (din)) != '\n' || tcrflag) {
+ if (ferror (fout))
+ goto break2;
+ putc ('\r', fout);
+ if (c == '\0') {
+ bytes++;
+ goto contin2;
+ }
+ if (c == EOF)
+ goto contin2;
+ }
+ }
+ putc (c, fout);
+ bytes++;
+ contin2:;
+ }
+break2:
+ if (bare_lfs) {
+ printf ("WARNING! %d bare linefeeds received in ASCII mode\n",
+ bare_lfs);
+ printf ("File may not have transferred correctly.\n");
+ }
+ if (hash) {
+ if (bytes < hashbytes)
+ putchar ('#');
+ putchar ('\n');
+ fflush (stdout);
+ }
+ if (ferror (din)) {
+ if (errno != EPIPE)
+ warn ("netin");
+ bytes = -1;
+ }
+ if (ferror (fout))
+ warn ("local: %s", local);
+ break;
+ }
+ if (closefunc != NULL)
+ (*closefunc) (fout);
+ signal (SIGINT, oldintr);
+ if (oldintp)
+ signal (SIGPIPE, oldintp);
+ fclose (din);
+ gettimeofday (&stop, (struct timezone *) 0);
+ getreply (0);
+ if (bytes > 0 && is_retr)
+ ptransfer ("received", bytes, &start, &stop);
+ return;
+abort:
+
+ /* abort using RFC959 recommended IP,SYNC sequence */
+
+ if (oldintp)
+ signal (SIGPIPE, oldintr);
+ signal (SIGINT, SIG_IGN);
+ if (!cpend) {
+ code = -1;
+ signal (SIGINT, oldintr);
+ return;
+ }
+ abort_remote(din);
+ code = -1;
+ if (data >= 0) {
+ close (data);
+ data = -1;
+ }
+ if (closefunc != NULL && fout != NULL)
+ (*closefunc) (fout);
+ if (din)
+ fclose (din);
+ gettimeofday (&stop, (struct timezone *) 0);
+ if (bytes > 0)
+ ptransfer ("received", bytes, &start, &stop);
+ signal (SIGINT, oldintr);
+}
+
+static int
+parse_epsv (const char *str)
+{
+ char sep;
+ char *end;
+ int port;
+
+ if (*str == '\0')
+ return -1;
+ sep = *str++;
+ if (sep != *str++)
+ return -1;
+ if (sep != *str++)
+ return -1;
+ port = strtol (str, &end, 0);
+ if (str == end)
+ return -1;
+ if (end[0] != sep || end[1] != '\0')
+ return -1;
+ return htons(port);
+}
+
+static int
+parse_pasv (struct sockaddr_in *sin4, const char *str)
+{
+ int a0, a1, a2, a3, p0, p1;
+
+ /*
+ * What we've got at this point is a string of comma separated
+ * one-byte unsigned integer values. The first four are the an IP
+ * address. The fifth is the MSB of the port number, the sixth is the
+ * LSB. From that we'll prepare a sockaddr_in.
+ */
+
+ if (sscanf (str, "%d,%d,%d,%d,%d,%d",
+ &a0, &a1, &a2, &a3, &p0, &p1) != 6) {
+ printf ("Passive mode address scan failure. "
+ "Shouldn't happen!\n");
+ return -1;
+ }
+ if (a0 < 0 || a0 > 255 ||
+ a1 < 0 || a1 > 255 ||
+ a2 < 0 || a2 > 255 ||
+ a3 < 0 || a3 > 255 ||
+ p0 < 0 || p0 > 255 ||
+ p1 < 0 || p1 > 255) {
+ printf ("Can't parse passive mode string.\n");
+ return -1;
+ }
+ memset (sin4, 0, sizeof(*sin4));
+ sin4->sin_family = AF_INET;
+ sin4->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
+ (a2 << 8) | a3);
+ sin4->sin_port = htons ((p0 << 8) | p1);
+ return 0;
+}
+
+static int
+passive_mode (void)
+{
+ int port;
+
+ data = socket (myctladdr->sa_family, SOCK_STREAM, 0);
+ if (data < 0) {
+ warn ("socket");
+ return (1);
+ }
+ if (options & SO_DEBUG)
+ socket_set_debug (data);
+ if (command ("EPSV") != COMPLETE) {
+ if (command ("PASV") != COMPLETE) {
+ printf ("Passive mode refused.\n");
+ goto bad;
+ }
+ }
+
+ /*
+ * Parse the reply to EPSV or PASV
+ */
+
+ port = parse_epsv (pasv);
+ if (port > 0) {
+ data_addr->sa_family = myctladdr->sa_family;
+ socket_set_address_and_port (data_addr,
+ socket_get_address (hisctladdr),
+ port);
+ } else {
+ if (parse_pasv ((struct sockaddr_in *)data_addr, pasv) < 0)
+ goto bad;
+ }
+
+ if (connect (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
+ warn ("connect");
+ goto bad;
+ }
+#ifdef IPTOS_THROUGHPUT
+ socket_set_tos (data, IPTOS_THROUGHPUT);
+#endif
+ return (0);
+bad:
+ close (data);
+ data = -1;
+ sendport = 1;
+ return (1);
+}
+
+
+static int
+active_mode (void)
+{
+ int tmpno = 0;
+ socklen_t len;
+ int result;
+
+noport:
+ data_addr->sa_family = myctladdr->sa_family;
+ socket_set_address_and_port (data_addr, socket_get_address (myctladdr),
+ sendport ? 0 : socket_get_port (myctladdr));
+
+ if (data != -1)
+ close (data);
+ data = socket (data_addr->sa_family, SOCK_STREAM, 0);
+ if (data < 0) {
+ warn ("socket");
+ if (tmpno)
+ sendport = 1;
+ return (1);
+ }
+ if (!sendport)
+ socket_set_reuseaddr (data, 1);
+ if (bind (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
+ warn ("bind");
+ goto bad;
+ }
+ if (options & SO_DEBUG)
+ socket_set_debug (data);
+ len = sizeof (data_addr_ss);
+ if (getsockname (data, data_addr, &len) < 0) {
+ warn ("getsockname");
+ goto bad;
+ }
+ if (listen (data, 1) < 0)
+ warn ("listen");
+ if (sendport) {
+ char addr_str[256];
+ int inet_af;
+ int overbose;
+
+ if (inet_ntop (data_addr->sa_family, socket_get_address (data_addr),
+ addr_str, sizeof(addr_str)) == NULL)
+ errx (1, "inet_ntop failed");
+ switch (data_addr->sa_family) {
+ case AF_INET :
+ inet_af = 1;
+ break;
+#ifdef HAVE_IPV6
+ case AF_INET6 :
+ inet_af = 2;
+ break;
+#endif
+ default :
+ errx (1, "bad address family %d", data_addr->sa_family);
+ }
+
+
+ overbose = verbose;
+ if (debug == 0)
+ verbose = -1;
+
+ result = command ("EPRT |%d|%s|%d|",
+ inet_af, addr_str,
+ ntohs(socket_get_port (data_addr)));
+ verbose = overbose;
+
+ if (result == ERROR) {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)data_addr;
+
+ unsigned int a = ntohl(sin4->sin_addr.s_addr);
+ unsigned int p = ntohs(sin4->sin_port);
+
+ if (data_addr->sa_family != AF_INET) {
+ warnx ("remote server doesn't support EPRT");
+ goto bad;
+ }
+
+ result = command("PORT %d,%d,%d,%d,%d,%d",
+ (a >> 24) & 0xff,
+ (a >> 16) & 0xff,
+ (a >> 8) & 0xff,
+ a & 0xff,
+ (p >> 8) & 0xff,
+ p & 0xff);
+ if (result == ERROR && sendport == -1) {
+ sendport = 0;
+ tmpno = 1;
+ goto noport;
+ }
+ return (result != COMPLETE);
+ }
+ return result != COMPLETE;
+ }
+ if (tmpno)
+ sendport = 1;
+
+
+#ifdef IPTOS_THROUGHPUT
+ socket_set_tos (data, IPTOS_THROUGHPUT);
+#endif
+ return (0);
+bad:
+ close (data);
+ data = -1;
+ if (tmpno)
+ sendport = 1;
+ return (1);
+}
+
+/*
+ * Need to start a listen on the data channel before we send the command,
+ * otherwise the server's connect may fail.
+ */
+int
+initconn (void)
+{
+ if (passivemode)
+ return passive_mode ();
+ else
+ return active_mode ();
+}
+
+FILE *
+dataconn (const char *lmode)
+{
+ struct sockaddr_storage from_ss;
+ struct sockaddr *from = (struct sockaddr *)&from_ss;
+ socklen_t fromlen = sizeof(from_ss);
+ int s;
+
+ if (passivemode)
+ return (fdopen (data, lmode));
+
+ s = accept (data, from, &fromlen);
+ if (s < 0) {
+ warn ("accept");
+ close (data), data = -1;
+ return (NULL);
+ }
+ close (data);
+ data = s;
+#ifdef IPTOS_THROUGHPUT
+ socket_set_tos (s, IPTOS_THROUGHPUT);
+#endif
+ return (fdopen (data, lmode));
+}
+
+void
+ptransfer (char *direction, long int bytes,
+ struct timeval * t0, struct timeval * t1)
+{
+ struct timeval td;
+ float s;
+ float bs;
+ int prec;
+ char *unit;
+
+ if (verbose) {
+ td.tv_sec = t1->tv_sec - t0->tv_sec;
+ td.tv_usec = t1->tv_usec - t0->tv_usec;
+ if (td.tv_usec < 0) {
+ td.tv_sec--;
+ td.tv_usec += 1000000;
+ }
+ s = td.tv_sec + (td.tv_usec / 1000000.);
+ bs = bytes / (s ? s : 1);
+ if (bs >= 1048576) {
+ bs /= 1048576;
+ unit = "M";
+ prec = 2;
+ } else if (bs >= 1024) {
+ bs /= 1024;
+ unit = "k";
+ prec = 1;
+ } else {
+ unit = "";
+ prec = 0;
+ }
+
+ printf ("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n",
+ bytes, direction, s, prec, bs, unit);
+ }
+}
+
+void
+psabort (int sig)
+{
+
+ abrtflag++;
+}
+
+void
+pswitch (int flag)
+{
+ sighand oldintr;
+ static struct comvars {
+ int connect;
+ char name[MaxHostNameLen];
+ struct sockaddr_storage mctl;
+ struct sockaddr_storage hctl;
+ FILE *in;
+ FILE *out;
+ int tpe;
+ int curtpe;
+ int cpnd;
+ int sunqe;
+ int runqe;
+ int mcse;
+ int ntflg;
+ char nti[17];
+ char nto[17];
+ int mapflg;
+ char mi[MaxPathLen];
+ char mo[MaxPathLen];
+ } proxstruct, tmpstruct;
+ struct comvars *ip, *op;
+
+ abrtflag = 0;
+ oldintr = signal (SIGINT, psabort);
+ if (flag) {
+ if (proxy)
+ return;
+ ip = &tmpstruct;
+ op = &proxstruct;
+ proxy++;
+ } else {
+ if (!proxy)
+ return;
+ ip = &proxstruct;
+ op = &tmpstruct;
+ proxy = 0;
+ }
+ ip->connect = connected;
+ connected = op->connect;
+ if (hostname) {
+ strlcpy (ip->name, hostname, sizeof (ip->name));
+ } else
+ ip->name[0] = 0;
+ hostname = op->name;
+ ip->hctl = hisctladdr_ss;
+ hisctladdr_ss = op->hctl;
+ ip->mctl = myctladdr_ss;
+ myctladdr_ss = op->mctl;
+ ip->in = cin;
+ cin = op->in;
+ ip->out = cout;
+ cout = op->out;
+ ip->tpe = type;
+ type = op->tpe;
+ ip->curtpe = curtype;
+ curtype = op->curtpe;
+ ip->cpnd = cpend;
+ cpend = op->cpnd;
+ ip->sunqe = sunique;
+ sunique = op->sunqe;
+ ip->runqe = runique;
+ runique = op->runqe;
+ ip->mcse = mcase;
+ mcase = op->mcse;
+ ip->ntflg = ntflag;
+ ntflag = op->ntflg;
+ strlcpy (ip->nti, ntin, sizeof (ip->nti));
+ strlcpy (ntin, op->nti, 17);
+ strlcpy (ip->nto, ntout, sizeof (ip->nto));
+ strlcpy (ntout, op->nto, 17);
+ ip->mapflg = mapflag;
+ mapflag = op->mapflg;
+ strlcpy (ip->mi, mapin, MaxPathLen);
+ strlcpy (mapin, op->mi, MaxPathLen);
+ strlcpy (ip->mo, mapout, MaxPathLen);
+ strlcpy (mapout, op->mo, MaxPathLen);
+ signal(SIGINT, oldintr);
+ if (abrtflag) {
+ abrtflag = 0;
+ (*oldintr) (SIGINT);
+ }
+}
+
+void
+abortpt (int sig)
+{
+
+ printf ("\n");
+ fflush (stdout);
+ ptabflg++;
+ mflag = 0;
+ abrtflag = 0;
+ longjmp (ptabort, 1);
+}
+
+void
+proxtrans (char *cmd, char *local, char *remote)
+{
+ sighand oldintr = NULL;
+ int secndflag = 0, prox_type, nfnd;
+ char *cmd2;
+ fd_set mask;
+
+ if (strcmp (cmd, "RETR"))
+ cmd2 = "RETR";
+ else
+ cmd2 = runique ? "STOU" : "STOR";
+ if ((prox_type = type) == 0) {
+ if (unix_server && unix_proxy)
+ prox_type = TYPE_I;
+ else
+ prox_type = TYPE_A;
+ }
+ if (curtype != prox_type)
+ changetype (prox_type, 1);
+ if (command ("PASV") != COMPLETE) {
+ printf ("proxy server does not support third party transfers.\n");
+ return;
+ }
+ pswitch (0);
+ if (!connected) {
+ printf ("No primary connection\n");
+ pswitch (1);
+ code = -1;
+ return;
+ }
+ if (curtype != prox_type)
+ changetype (prox_type, 1);
+ if (command ("PORT %s", pasv) != COMPLETE) {
+ pswitch (1);
+ return;
+ }
+ if (setjmp (ptabort))
+ goto abort;
+ oldintr = signal (SIGINT, abortpt);
+ if (command ("%s %s", cmd, remote) != PRELIM) {
+ signal (SIGINT, oldintr);
+ pswitch (1);
+ return;
+ }
+ sleep (2);
+ pswitch (1);
+ secndflag++;
+ if (command ("%s %s", cmd2, local) != PRELIM)
+ goto abort;
+ ptflag++;
+ getreply (0);
+ pswitch (0);
+ getreply (0);
+ signal (SIGINT, oldintr);
+ pswitch (1);
+ ptflag = 0;
+ printf ("local: %s remote: %s\n", local, remote);
+ return;
+abort:
+ signal (SIGINT, SIG_IGN);
+ ptflag = 0;
+ if (strcmp (cmd, "RETR") && !proxy)
+ pswitch (1);
+ else if (!strcmp (cmd, "RETR") && proxy)
+ pswitch (0);
+ if (!cpend && !secndflag) { /* only here if cmd = "STOR" (proxy=1) */
+ if (command ("%s %s", cmd2, local) != PRELIM) {
+ pswitch (0);
+ if (cpend)
+ abort_remote ((FILE *) NULL);
+ }
+ pswitch (1);
+ if (ptabflg)
+ code = -1;
+ if (oldintr)
+ signal (SIGINT, oldintr);
+ return;
+ }
+ if (cpend)
+ abort_remote ((FILE *) NULL);
+ pswitch (!proxy);
+ if (!cpend && !secndflag) { /* only if cmd = "RETR" (proxy=1) */
+ if (command ("%s %s", cmd2, local) != PRELIM) {
+ pswitch (0);
+ if (cpend)
+ abort_remote ((FILE *) NULL);
+ pswitch (1);
+ if (ptabflg)
+ code = -1;
+ signal (SIGINT, oldintr);
+ return;
+ }
+ }
+ if (cpend)
+ abort_remote ((FILE *) NULL);
+ pswitch (!proxy);
+ if (cpend) {
+ FD_ZERO (&mask);
+ if (fileno(cin) >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET (fileno (cin), &mask);
+ if ((nfnd = empty (&mask, 10)) <= 0) {
+ if (nfnd < 0) {
+ warn ("abort");
+ }
+ if (ptabflg)
+ code = -1;
+ lostpeer (0);
+ }
+ getreply (0);
+ getreply (0);
+ }
+ if (proxy)
+ pswitch (0);
+ pswitch (1);
+ if (ptabflg)
+ code = -1;
+ signal (SIGINT, oldintr);
+}
+
+void
+reset (int argc, char **argv)
+{
+ fd_set mask;
+ int nfnd = 1;
+
+ FD_ZERO (&mask);
+ while (nfnd > 0) {
+ if (fileno (cin) >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET (fileno (cin), &mask);
+ if ((nfnd = empty (&mask, 0)) < 0) {
+ warn ("reset");
+ code = -1;
+ lostpeer(0);
+ } else if (nfnd) {
+ getreply(0);
+ }
+ }
+}
+
+char *
+gunique (char *local)
+{
+ static char new[MaxPathLen];
+ char *cp = strrchr (local, '/');
+ int d, count = 0;
+ char ext = '1';
+
+ if (cp)
+ *cp = '\0';
+ d = access (cp ? local : ".", 2);
+ if (cp)
+ *cp = '/';
+ if (d < 0) {
+ warn ("local: %s", local);
+ return NULL;
+ }
+ strlcpy (new, local, sizeof(new));
+ cp = new + strlen(new);
+ *cp++ = '.';
+ while (!d) {
+ if (++count == 100) {
+ printf ("runique: can't find unique file name.\n");
+ return NULL;
+ }
+ *cp++ = ext;
+ *cp = '\0';
+ if (ext == '9')
+ ext = '0';
+ else
+ ext++;
+ if ((d = access (new, 0)) < 0)
+ break;
+ if (ext != '0')
+ cp--;
+ else if (*(cp - 2) == '.')
+ *(cp - 1) = '1';
+ else {
+ *(cp - 2) = *(cp - 2) + 1;
+ cp--;
+ }
+ }
+ return (new);
+}
+
+void
+abort_remote (FILE * din)
+{
+ char buf[BUFSIZ];
+ int nfnd;
+ fd_set mask;
+
+ /*
+ * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
+ * after urgent byte rather than before as is protocol now
+ */
+ snprintf (buf, sizeof (buf), "%c%c%c", IAC, IP, IAC);
+ if (send (fileno (cout), buf, 3, MSG_OOB) != 3)
+ warn ("abort");
+ fprintf (cout, "%c", DM);
+ sec_fprintf(cout, "ABOR");
+ sec_fflush (cout);
+ fprintf (cout, "\r\n");
+ fflush(cout);
+ FD_ZERO (&mask);
+ if (fileno (cin) >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET (fileno (cin), &mask);
+ if (din) {
+ if (fileno (din) >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET (fileno (din), &mask);
+ }
+ if ((nfnd = empty (&mask, 10)) <= 0) {
+ if (nfnd < 0) {
+ warn ("abort");
+ }
+ if (ptabflg)
+ code = -1;
+ lostpeer (0);
+ }
+ if (din && FD_ISSET (fileno (din), &mask)) {
+ while (read (fileno (din), buf, BUFSIZ) > 0)
+ /* LOOP */ ;
+ }
+ if (getreply (0) == ERROR && code == 552) {
+ /* 552 needed for nic style abort */
+ getreply (0);
+ }
+ getreply (0);
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ftp_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+/* $FreeBSD$ */
+
+#ifndef __FTP_LOCL_H__
+#define __FTP_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_ARPA_FTP_H
+#include <arpa/ftp.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <errno.h>
+#include <ctype.h>
+#include <glob.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#include <err.h>
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose) (FILE *);
+
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent *gethostbyname(const char *);
+
+#endif
+
+#include "ftp_var.h"
+#include "extern.h"
+#include "common.h"
+#include "pathnames.h"
+
+#include "roken.h"
+#include "security.h"
+
+/* des_read_pw_string */
+#include "crypto-headers.h"
+
+#if defined(__sun__) && !defined(__svr4)
+int fclose(FILE*);
+int pclose(FILE*);
+#endif
+
+#endif /* __FTP_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_var.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_var.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/ftp_var.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)ftp_var.h 8.4 (Berkeley) 10/9/94
+ */
+
+/*
+ * FTP global variables.
+ */
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <setjmp.h>
+
+/*
+ * Options and other state info.
+ */
+extern int trace; /* trace packets exchanged */
+extern int hash; /* print # for each buffer transferred */
+extern int sendport; /* use PORT cmd for each data connection */
+extern int verbose; /* print messages coming back from server */
+extern int connected; /* connected to server */
+extern int fromatty; /* input is from a terminal */
+extern int interactive; /* interactively prompt on m* cmds */
+extern int lineedit; /* use line-editing */
+extern int debug; /* debugging level */
+extern int bell; /* ring bell on cmd completion */
+extern int doglob; /* glob local file names */
+extern int autologin; /* establish user account on connection */
+extern int doencrypt;
+extern int proxy; /* proxy server connection active */
+extern int proxflag; /* proxy connection exists */
+extern int sunique; /* store files on server with unique name */
+extern int runique; /* store local files with unique name */
+extern int mcase; /* map upper to lower case for mget names */
+extern int ntflag; /* use ntin ntout tables for name translation */
+extern int mapflag; /* use mapin mapout templates on file names */
+extern int code; /* return/reply code for ftp command */
+extern int crflag; /* if 1, strip car. rets. on ascii gets */
+extern char pasv[64]; /* passive port for proxy data connection */
+extern int passivemode; /* passive mode enabled */
+extern char *altarg; /* argv[1] with no shell-like preprocessing */
+extern char ntin[17]; /* input translation table */
+extern char ntout[17]; /* output translation table */
+extern char mapin[MaxPathLen]; /* input map template */
+extern char mapout[MaxPathLen]; /* output map template */
+extern char typename[32]; /* name of file transfer type */
+extern int type; /* requested file transfer type */
+extern int curtype; /* current file transfer type */
+extern char structname[32]; /* name of file transfer structure */
+extern int stru; /* file transfer structure */
+extern char formname[32]; /* name of file transfer format */
+extern int form; /* file transfer format */
+extern char modename[32]; /* name of file transfer mode */
+extern int mode; /* file transfer mode */
+extern char bytename[32]; /* local byte size in ascii */
+extern int bytesize; /* local byte size in binary */
+
+extern char *hostname; /* name of host connected to */
+extern int unix_server; /* server is unix, can use binary for ascii */
+extern int unix_proxy; /* proxy is unix, can use binary for ascii */
+
+extern jmp_buf toplevel; /* non-local goto stuff for cmd scanner */
+
+extern char line[200]; /* input line buffer */
+extern char *stringbase; /* current scan point in line buffer */
+extern char argbuf[200]; /* argument storage buffer */
+extern char *argbase; /* current storage point in arg buffer */
+extern int margc; /* count of arguments on input line */
+extern char **margv; /* args parsed from input line */
+extern int margvlen; /* how large margv is currently */
+extern int cpend; /* flag: if != 0, then pending server reply */
+extern int mflag; /* flag: if != 0, then active multi command */
+
+extern int options; /* used during socket creation */
+extern int use_kerberos; /* use Kerberos authentication */
+
+/*
+ * Format of command table.
+ */
+struct cmd {
+ char *c_name; /* name of command */
+ char *c_help; /* help string */
+ char c_bell; /* give bell when command completes */
+ char c_conn; /* must be connected to use command */
+ char c_proxy; /* proxy server may execute */
+ void (*c_handler) (int, char **); /* function to call */
+};
+
+struct macel {
+ char mac_name[9]; /* macro name */
+ char *mac_start; /* start of macro in macbuf */
+ char *mac_end; /* end of macro in macbuf */
+};
+
+extern int macnum; /* number of defined macros */
+extern struct macel macros[16];
+extern char macbuf[4096];
+
+
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/globals.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/globals.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/globals.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+#include "ftp_locl.h"
+RCSID("$Id: globals.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+/*
+ * Options and other state info.
+ */
+int trace; /* trace packets exchanged */
+int hash; /* print # for each buffer transferred */
+int sendport; /* use PORT cmd for each data connection */
+int verbose; /* print messages coming back from server */
+int connected; /* connected to server */
+int fromatty; /* input is from a terminal */
+int interactive; /* interactively prompt on m* cmds */
+int lineedit; /* use line-editing */
+int debug; /* debugging level */
+int bell; /* ring bell on cmd completion */
+int doglob; /* glob local file names */
+int doencrypt; /* try to use encryption */
+int autologin; /* establish user account on connection */
+int proxy; /* proxy server connection active */
+int proxflag; /* proxy connection exists */
+int sunique; /* store files on server with unique name */
+int runique; /* store local files with unique name */
+int mcase; /* map upper to lower case for mget names */
+int ntflag; /* use ntin ntout tables for name translation */
+int mapflag; /* use mapin mapout templates on file names */
+int code; /* return/reply code for ftp command */
+int crflag; /* if 1, strip car. rets. on ascii gets */
+char pasv[64]; /* passive port for proxy data connection */
+int passivemode; /* passive mode enabled */
+char *altarg; /* argv[1] with no shell-like preprocessing */
+char ntin[17]; /* input translation table */
+char ntout[17]; /* output translation table */
+char mapin[MaxPathLen]; /* input map template */
+char mapout[MaxPathLen]; /* output map template */
+char typename[32]; /* name of file transfer type */
+int type; /* requested file transfer type */
+int curtype; /* current file transfer type */
+char structname[32]; /* name of file transfer structure */
+int stru; /* file transfer structure */
+char formname[32]; /* name of file transfer format */
+int form; /* file transfer format */
+char modename[32]; /* name of file transfer mode */
+int mode; /* file transfer mode */
+char bytename[32]; /* local byte size in ascii */
+int bytesize; /* local byte size in binary */
+
+char *hostname; /* name of host connected to */
+int unix_server; /* server is unix, can use binary for ascii */
+int unix_proxy; /* proxy is unix, can use binary for ascii */
+
+jmp_buf toplevel; /* non-local goto stuff for cmd scanner */
+
+char line[200]; /* input line buffer */
+char *stringbase; /* current scan point in line buffer */
+char argbuf[200]; /* argument storage buffer */
+char *argbase; /* current storage point in arg buffer */
+int margc; /* count of arguments on input line */
+char **margv; /* args parsed from input line */
+int margvlen; /* how large margv is currently */
+int cpend; /* flag: if != 0, then pending server reply */
+int mflag; /* flag: if != 0, then active multi command */
+
+int options; /* used during socket creation */
+int use_kerberos; /* use Kerberos authentication */
+
+/*
+ * Format of command table.
+ */
+
+int macnum; /* number of defined macros */
+struct macel macros[16];
+char macbuf[4096];
+
+char username[32];
+
+/* these are set in ruserpass */
+char myhostname[MaxHostNameLen];
+char *mydomain;
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/gssapi.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/gssapi.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/gssapi.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,528 @@
+/*
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <gssapi.h>
+#include <krb5_err.h>
+
+RCSID("$Id: gssapi.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+int ftp_do_gss_bindings = 0;
+int ftp_do_gss_delegate = 1;
+
+struct gss_data {
+ gss_ctx_id_t context_hdl;
+ char *client_name;
+ gss_cred_id_t delegated_cred_handle;
+ void *mech_data;
+};
+
+static int
+gss_init(void *app_data)
+{
+ struct gss_data *d = app_data;
+ d->context_hdl = GSS_C_NO_CONTEXT;
+ d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+#if defined(FTP_SERVER)
+ return 0;
+#else
+ /* XXX Check the gss mechanism; with gss_indicate_mechs() ? */
+#ifdef KRB5
+ return !use_kerberos;
+#else
+ return 0;
+#endif /* KRB5 */
+#endif /* FTP_SERVER */
+}
+
+static int
+gss_check_prot(void *app_data, int level)
+{
+ if(level == prot_confidential)
+ return -1;
+ return 0;
+}
+
+static int
+gss_decode(void *app_data, void *buf, int len, int level)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input, output;
+ gss_qop_t qop_state;
+ int conf_state;
+ struct gss_data *d = app_data;
+ size_t ret_len;
+
+ input.length = len;
+ input.value = buf;
+ maj_stat = gss_unwrap (&min_stat,
+ d->context_hdl,
+ &input,
+ &output,
+ &conf_state,
+ &qop_state);
+ if(GSS_ERROR(maj_stat))
+ return -1;
+ memmove(buf, output.value, output.length);
+ ret_len = output.length;
+ gss_release_buffer(&min_stat, &output);
+ return ret_len;
+}
+
+static int
+gss_overhead(void *app_data, int level, int len)
+{
+ return 100; /* dunno? */
+}
+
+
+static int
+gss_encode(void *app_data, void *from, int length, int level, void **to)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input, output;
+ int conf_state;
+ struct gss_data *d = app_data;
+
+ input.length = length;
+ input.value = from;
+ maj_stat = gss_wrap (&min_stat,
+ d->context_hdl,
+ level == prot_private,
+ GSS_C_QOP_DEFAULT,
+ &input,
+ &conf_state,
+ &output);
+ *to = output.value;
+ return output.length;
+}
+
+static void
+sockaddr_to_gss_address (struct sockaddr *sa,
+ OM_uint32 *addr_type,
+ gss_buffer_desc *gss_addr)
+{
+ switch (sa->sa_family) {
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+ gss_addr->length = 16;
+ gss_addr->value = &sin6->sin6_addr;
+ *addr_type = GSS_C_AF_INET6;
+ break;
+ }
+#endif
+ case AF_INET : {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+
+ gss_addr->length = 4;
+ gss_addr->value = &sin4->sin_addr;
+ *addr_type = GSS_C_AF_INET;
+ break;
+ }
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+
+ }
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+static int
+gss_adat(void *app_data, void *buf, size_t len)
+{
+ char *p = NULL;
+ gss_buffer_desc input_token, output_token;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t client_name;
+ struct gss_data *d = app_data;
+ gss_channel_bindings_t bindings;
+
+ if (ftp_do_gss_bindings) {
+ bindings = malloc(sizeof(*bindings));
+ if (bindings == NULL)
+ errx(1, "out of memory");
+
+ sockaddr_to_gss_address (his_addr,
+ &bindings->initiator_addrtype,
+ &bindings->initiator_address);
+ sockaddr_to_gss_address (ctrl_addr,
+ &bindings->acceptor_addrtype,
+ &bindings->acceptor_address);
+
+ bindings->application_data.length = 0;
+ bindings->application_data.value = NULL;
+ } else
+ bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+ input_token.value = buf;
+ input_token.length = len;
+
+ maj_stat = gss_accept_sec_context (&min_stat,
+ &d->context_hdl,
+ GSS_C_NO_CREDENTIAL,
+ &input_token,
+ bindings,
+ &client_name,
+ NULL,
+ &output_token,
+ NULL,
+ NULL,
+ &d->delegated_cred_handle);
+
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+
+ if(output_token.length) {
+ if(base64_encode(output_token.value, output_token.length, &p) < 0) {
+ reply(535, "Out of memory base64-encoding.");
+ return -1;
+ }
+ gss_release_buffer(&min_stat, &output_token);
+ }
+ if(maj_stat == GSS_S_COMPLETE){
+ char *name;
+ gss_buffer_desc export_name;
+ gss_OID oid;
+
+ maj_stat = gss_display_name(&min_stat, client_name,
+ &export_name, &oid);
+ if(maj_stat != 0) {
+ reply(500, "Error displaying name");
+ goto out;
+ }
+ /* XXX kerberos */
+ if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
+ reply(500, "OID not kerberos principal name");
+ gss_release_buffer(&min_stat, &export_name);
+ goto out;
+ }
+ name = malloc(export_name.length + 1);
+ if(name == NULL) {
+ reply(500, "Out of memory");
+ gss_release_buffer(&min_stat, &export_name);
+ goto out;
+ }
+ memcpy(name, export_name.value, export_name.length);
+ name[export_name.length] = '\0';
+ gss_release_buffer(&min_stat, &export_name);
+ d->client_name = name;
+ if(p)
+ reply(235, "ADAT=%s", p);
+ else
+ reply(235, "ADAT Complete");
+ sec_complete = 1;
+
+ } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
+ if(p)
+ reply(335, "ADAT=%s", p);
+ else
+ reply(335, "OK, need more data");
+ } else {
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ gss_display_status(&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ syslog(LOG_ERR, "gss_accept_sec_context: %s",
+ (char*)status_string.value);
+ gss_release_buffer(&new_stat, &status_string);
+ reply(431, "Security resource unavailable");
+ }
+ out:
+ if (client_name)
+ gss_release_name(&min_stat, &client_name);
+ free(p);
+ return 0;
+}
+
+int gss_userok(void*, char*);
+int gss_session(void*, char*);
+
+struct sec_server_mech gss_server_mech = {
+ "GSSAPI",
+ sizeof(struct gss_data),
+ gss_init, /* init */
+ NULL, /* end */
+ gss_check_prot,
+ gss_overhead,
+ gss_encode,
+ gss_decode,
+ /* */
+ NULL,
+ gss_adat,
+ NULL, /* pbsz */
+ NULL, /* ccc */
+ gss_userok,
+ gss_session
+};
+
+#else /* FTP_SERVER */
+
+extern struct sockaddr *hisctladdr, *myctladdr;
+
+static int
+import_name(const char *kname, const char *host, gss_name_t *target_name)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc name;
+ char *str;
+
+ name.length = asprintf(&str, "%s@%s", kname, host);
+ if (str == NULL) {
+ printf("Out of memory\n");
+ return AUTH_ERROR;
+ }
+ name.value = str;
+
+ maj_stat = gss_import_name(&min_stat,
+ &name,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ target_name);
+ if (GSS_ERROR(maj_stat)) {
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+
+ gss_display_status(&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ printf("Error importing name %s: %s\n",
+ (char *)name.value,
+ (char *)status_string.value);
+ free(name.value);
+ gss_release_buffer(&new_stat, &status_string);
+ return AUTH_ERROR;
+ }
+ free(name.value);
+ return 0;
+}
+
+static int
+gss_auth(void *app_data, char *host)
+{
+
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t target_name;
+ gss_buffer_desc input, output_token;
+ int context_established = 0;
+ char *p;
+ int n;
+ gss_channel_bindings_t bindings;
+ struct gss_data *d = app_data;
+ OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+
+ const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
+
+
+ if(import_name(*kname++, host, &target_name))
+ return AUTH_ERROR;
+
+ input.length = 0;
+ input.value = NULL;
+
+ if (ftp_do_gss_bindings) {
+ bindings = malloc(sizeof(*bindings));
+ if (bindings == NULL)
+ errx(1, "out of memory");
+
+ sockaddr_to_gss_address (myctladdr,
+ &bindings->initiator_addrtype,
+ &bindings->initiator_address);
+ sockaddr_to_gss_address (hisctladdr,
+ &bindings->acceptor_addrtype,
+ &bindings->acceptor_address);
+
+ bindings->application_data.length = 0;
+ bindings->application_data.value = NULL;
+ } else
+ bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+ if (ftp_do_gss_delegate)
+ mech_flags |= GSS_C_DELEG_FLAG;
+
+ while(!context_established) {
+ maj_stat = gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &d->context_hdl,
+ target_name,
+ GSS_C_NO_OID,
+ mech_flags,
+ 0,
+ bindings,
+ &input,
+ NULL,
+ &output_token,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat)) {
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+
+ d->context_hdl = GSS_C_NO_CONTEXT;
+
+ gss_release_name(&min_stat, &target_name);
+
+ if(*kname != NULL) {
+
+ if(import_name(*kname++, host, &target_name)) {
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ return AUTH_ERROR;
+ }
+ continue;
+ }
+
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+
+ gss_display_status(&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ printf("Error initializing security context: %s\n",
+ (char*)status_string.value);
+ gss_release_buffer(&new_stat, &status_string);
+ return AUTH_CONTINUE;
+ }
+
+ if (input.value) {
+ free(input.value);
+ input.value = NULL;
+ input.length = 0;
+ }
+ if (output_token.length != 0) {
+ base64_encode(output_token.value, output_token.length, &p);
+ gss_release_buffer(&min_stat, &output_token);
+ n = command("ADAT %s", p);
+ free(p);
+ }
+ if (GSS_ERROR(maj_stat)) {
+ if (d->context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&min_stat,
+ &d->context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ }
+ if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+ p = strstr(reply_string, "ADAT=");
+ if(p == NULL){
+ printf("Error: expected ADAT in reply. got: %s\n",
+ reply_string);
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ return AUTH_ERROR;
+ } else {
+ p+=5;
+ input.value = malloc(strlen(p));
+ input.length = base64_decode(p, input.value);
+ }
+ } else {
+ if(code != 235) {
+ printf("Unrecognized response code: %d\n", code);
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ return AUTH_ERROR;
+ }
+ context_established = 1;
+ }
+ }
+
+ gss_release_name(&min_stat, &target_name);
+
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ if (input.value)
+ free(input.value);
+
+ {
+ gss_name_t targ_name;
+
+ maj_stat = gss_inquire_context(&min_stat,
+ d->context_hdl,
+ NULL,
+ &targ_name,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat) == 0) {
+ gss_buffer_desc name;
+ maj_stat = gss_display_name (&min_stat,
+ targ_name,
+ &name,
+ NULL);
+ if (GSS_ERROR(maj_stat) == 0) {
+ printf("Authenticated to <%s>\n", (char *)name.value);
+ gss_release_buffer(&min_stat, &name);
+ }
+ gss_release_name(&min_stat, &targ_name);
+ } else
+ printf("Failed to get gss name of peer.\n");
+ }
+
+
+ return AUTH_OK;
+}
+
+struct sec_client_mech gss_client_mech = {
+ "GSSAPI",
+ sizeof(struct gss_data),
+ gss_init,
+ gss_auth,
+ NULL, /* end */
+ gss_check_prot,
+ gss_overhead,
+ gss_encode,
+ gss_decode,
+};
+
+#endif /* FTP_SERVER */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/kauth.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/kauth.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/kauth.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 1995-1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: kauth.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+#ifdef KRB4
+#include <krb.h>
+
+void
+kauth(int argc, char **argv)
+{
+ int ret;
+ char buf[1024];
+ des_cblock key;
+ des_key_schedule schedule;
+ KTEXT_ST tkt, tktcopy;
+ char *name;
+ char *p;
+ int overbose;
+ char passwd[100];
+ int tmp;
+
+ int save;
+
+ if(argc > 2){
+ printf("usage: %s [principal]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if(argc == 2)
+ name = argv[1];
+ else
+ name = username;
+
+ overbose = verbose;
+ verbose = 0;
+
+ save = set_command_prot(prot_private);
+ ret = command("SITE KAUTH %s", name);
+ if(ret != CONTINUE){
+ verbose = overbose;
+ set_command_prot(save);
+ code = -1;
+ return;
+ }
+ verbose = overbose;
+ p = strstr(reply_string, "T=");
+ if(!p){
+ printf("Bad reply from server.\n");
+ set_command_prot(save);
+ code = -1;
+ return;
+ }
+ p += 2;
+ tmp = base64_decode(p, &tkt.dat);
+ if(tmp < 0){
+ printf("Failed to decode base64 in reply.\n");
+ set_command_prot(save);
+ code = -1;
+ return;
+ }
+ tkt.length = tmp;
+ tktcopy.length = tkt.length;
+
+ p = strstr(reply_string, "P=");
+ if(!p){
+ printf("Bad reply from server.\n");
+ verbose = overbose;
+ set_command_prot(save);
+ code = -1;
+ return;
+ }
+ name = p + 2;
+ for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
+ *p = 0;
+
+ snprintf(buf, sizeof(buf), "Password for %s:", name);
+ if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
+ *passwd = '\0';
+ des_string_to_key (passwd, &key);
+
+ des_key_sched(&key, schedule);
+
+ des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
+ tkt.length,
+ schedule, &key, DES_DECRYPT);
+ if (strcmp ((char*)tktcopy.dat + 8,
+ KRB_TICKET_GRANTING_TICKET) != 0) {
+ afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
+ des_key_sched (&key, schedule);
+ des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
+ tkt.length,
+ schedule, &key, DES_DECRYPT);
+ }
+ memset(key, 0, sizeof(key));
+ memset(schedule, 0, sizeof(schedule));
+ memset(passwd, 0, sizeof(passwd));
+ if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
+ printf("Out of memory base64-encoding.\n");
+ set_command_prot(save);
+ code = -1;
+ return;
+ }
+ memset (tktcopy.dat, 0, tktcopy.length);
+ ret = command("SITE KAUTH %s %s", name, p);
+ free(p);
+ set_command_prot(save);
+ if(ret != COMPLETE){
+ code = -1;
+ return;
+ }
+ code = 0;
+}
+
+void
+kdestroy(int argc, char **argv)
+{
+ int ret;
+ if (argc != 1) {
+ printf("usage: %s\n", argv[0]);
+ code = -1;
+ return;
+ }
+ ret = command("SITE KDESTROY");
+ code = (ret == COMPLETE);
+}
+
+void
+krbtkfile(int argc, char **argv)
+{
+ int ret;
+ if(argc != 2) {
+ printf("usage: %s tktfile\n", argv[0]);
+ code = -1;
+ return;
+ }
+ ret = command("SITE KRBTKFILE %s", argv[1]);
+ code = (ret == COMPLETE);
+}
+#endif
+
+#if defined(KRB4) || defined(KRB5)
+
+void
+afslog(int argc, char **argv)
+{
+ int ret;
+ if(argc > 2) {
+ printf("usage: %s [cell]\n", argv[0]);
+ code = -1;
+ return;
+ }
+ if(argc == 2)
+ ret = command("SITE AFSLOG %s", argv[1]);
+ else
+ ret = command("SITE AFSLOG");
+ code = (ret == COMPLETE);
+}
+
+#else
+int ftp_afslog_placeholder;
+#endif
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/krb4.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/krb4.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/krb4.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,340 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <krb.h>
+
+RCSID("$Id: krb4.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+#ifdef FTP_SERVER
+#define LOCAL_ADDR ctrl_addr
+#define REMOTE_ADDR his_addr
+#else
+#define LOCAL_ADDR myctladdr
+#define REMOTE_ADDR hisctladdr
+#endif
+
+extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
+
+struct krb4_data {
+ des_cblock key;
+ des_key_schedule schedule;
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+ char realm[REALM_SZ];
+};
+
+static int
+krb4_check_prot(void *app_data, int level)
+{
+ if(level == prot_confidential)
+ return -1;
+ return 0;
+}
+
+static int
+krb4_decode(void *app_data, void *buf, int len, int level)
+{
+ MSG_DAT m;
+ int e;
+ struct krb4_data *d = app_data;
+
+ if(level == prot_safe)
+ e = krb_rd_safe(buf, len, &d->key,
+ (struct sockaddr_in *)REMOTE_ADDR,
+ (struct sockaddr_in *)LOCAL_ADDR, &m);
+ else
+ e = krb_rd_priv(buf, len, d->schedule, &d->key,
+ (struct sockaddr_in *)REMOTE_ADDR,
+ (struct sockaddr_in *)LOCAL_ADDR, &m);
+ if(e){
+ syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
+ return -1;
+ }
+ memmove(buf, m.app_data, m.app_length);
+ return m.app_length;
+}
+
+static int
+krb4_overhead(void *app_data, int level, int len)
+{
+ return 31;
+}
+
+static int
+krb4_encode(void *app_data, void *from, int length, int level, void **to)
+{
+ struct krb4_data *d = app_data;
+ *to = malloc(length + 31);
+ if(level == prot_safe)
+ return krb_mk_safe(from, *to, length, &d->key,
+ (struct sockaddr_in *)LOCAL_ADDR,
+ (struct sockaddr_in *)REMOTE_ADDR);
+ else if(level == prot_private)
+ return krb_mk_priv(from, *to, length, d->schedule, &d->key,
+ (struct sockaddr_in *)LOCAL_ADDR,
+ (struct sockaddr_in *)REMOTE_ADDR);
+ else
+ return -1;
+}
+
+#ifdef FTP_SERVER
+
+static int
+krb4_adat(void *app_data, void *buf, size_t len)
+{
+ KTEXT_ST tkt;
+ AUTH_DAT auth_dat;
+ char *p;
+ int kerror;
+ uint32_t cs;
+ char msg[35]; /* size of encrypted block */
+ int tmp_len;
+ struct krb4_data *d = app_data;
+ char inst[INST_SZ];
+ struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
+
+ memcpy(tkt.dat, buf, len);
+ tkt.length = len;
+
+ k_getsockinst(0, inst, sizeof(inst));
+ kerror = krb_rd_req(&tkt, "ftp", inst,
+ his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+ if(kerror == RD_AP_UNDEC){
+ k_getsockinst(0, inst, sizeof(inst));
+ kerror = krb_rd_req(&tkt, "rcmd", inst,
+ his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+ }
+
+ if(kerror){
+ reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+ return -1;
+ }
+
+ memcpy(d->key, auth_dat.session, sizeof(d->key));
+ des_set_key(&d->key, d->schedule);
+
+ strlcpy(d->name, auth_dat.pname, sizeof(d->name));
+ strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
+ strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
+
+ cs = auth_dat.checksum + 1;
+ {
+ unsigned char tmp[4];
+ KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
+ tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
+ (struct sockaddr_in *)LOCAL_ADDR,
+ (struct sockaddr_in *)REMOTE_ADDR);
+ }
+ if(tmp_len < 0){
+ reply(535, "Error creating reply: %s.", strerror(errno));
+ return -1;
+ }
+ len = tmp_len;
+ if(base64_encode(msg, len, &p) < 0) {
+ reply(535, "Out of memory base64-encoding.");
+ return -1;
+ }
+ reply(235, "ADAT=%s", p);
+ sec_complete = 1;
+ free(p);
+ return 0;
+}
+
+static int
+krb4_userok(void *app_data, char *user)
+{
+ struct krb4_data *d = app_data;
+ return krb_kuserok(d->name, d->instance, d->realm, user);
+}
+
+struct sec_server_mech krb4_server_mech = {
+ "KERBEROS_V4",
+ sizeof(struct krb4_data),
+ NULL, /* init */
+ NULL, /* end */
+ krb4_check_prot,
+ krb4_overhead,
+ krb4_encode,
+ krb4_decode,
+ /* */
+ NULL,
+ krb4_adat,
+ NULL, /* pbsz */
+ NULL, /* ccc */
+ krb4_userok
+};
+
+#else /* FTP_SERVER */
+
+static int
+krb4_init(void *app_data)
+{
+ return !use_kerberos;
+}
+
+static int
+mk_auth(struct krb4_data *d, KTEXT adat,
+ char *service, char *host, int checksum)
+{
+ int ret;
+ CREDENTIALS cred;
+ char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+
+ strlcpy(sname, service, sizeof(sname));
+ strlcpy(inst, krb_get_phost(host), sizeof(inst));
+ strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+ ret = krb_mk_req(adat, sname, inst, realm, checksum);
+ if(ret)
+ return ret;
+ strlcpy(sname, service, sizeof(sname));
+ strlcpy(inst, krb_get_phost(host), sizeof(inst));
+ strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+ ret = krb_get_cred(sname, inst, realm, &cred);
+ memmove(&d->key, &cred.session, sizeof(des_cblock));
+ des_key_sched(&d->key, d->schedule);
+ memset(&cred, 0, sizeof(cred));
+ return ret;
+}
+
+static int
+krb4_auth(void *app_data, char *host)
+{
+ int ret;
+ char *p;
+ int len;
+ KTEXT_ST adat;
+ MSG_DAT msg_data;
+ int checksum;
+ uint32_t cs;
+ struct krb4_data *d = app_data;
+ struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR;
+ struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
+
+ checksum = getpid();
+ ret = mk_auth(d, &adat, "ftp", host, checksum);
+ if(ret == KDC_PR_UNKNOWN)
+ ret = mk_auth(d, &adat, "rcmd", host, checksum);
+ if(ret){
+ printf("%s\n", krb_get_err_text(ret));
+ return AUTH_CONTINUE;
+ }
+
+#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
+ if (krb_get_config_bool("nat_in_use")) {
+ struct in_addr natAddr;
+
+ if (krb_get_our_ip_for_realm(krb_realmofhost(host),
+ &natAddr) != KSUCCESS
+ && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
+ printf("Can't get address for realm %s\n",
+ krb_realmofhost(host));
+ else {
+ if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
+ printf("Using NAT IP address (%s) for kerberos 4\n",
+ inet_ntoa(natAddr));
+ localaddr->sin_addr = natAddr;
+
+ /*
+ * This not the best place to do this, but it
+ * is here we know that (probably) NAT is in
+ * use!
+ */
+
+ passivemode = 1;
+ printf("Setting: Passive mode on.\n");
+ }
+ }
+ }
+#endif
+
+ printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
+ printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
+
+ if(base64_encode(adat.dat, adat.length, &p) < 0) {
+ printf("Out of memory base64-encoding.\n");
+ return AUTH_CONTINUE;
+ }
+ ret = command("ADAT %s", p);
+ free(p);
+
+ if(ret != COMPLETE){
+ printf("Server didn't accept auth data.\n");
+ return AUTH_ERROR;
+ }
+
+ p = strstr(reply_string, "ADAT=");
+ if(!p){
+ printf("Remote host didn't send adat reply.\n");
+ return AUTH_ERROR;
+ }
+ p += 5;
+ len = base64_decode(p, adat.dat);
+ if(len < 0){
+ printf("Failed to decode base64 from server.\n");
+ return AUTH_ERROR;
+ }
+ adat.length = len;
+ ret = krb_rd_safe(adat.dat, adat.length, &d->key,
+ (struct sockaddr_in *)hisctladdr,
+ (struct sockaddr_in *)myctladdr, &msg_data);
+ if(ret){
+ printf("Error reading reply from server: %s.\n",
+ krb_get_err_text(ret));
+ return AUTH_ERROR;
+ }
+ krb_get_int(msg_data.app_data, &cs, 4, 0);
+ if(cs - checksum != 1){
+ printf("Bad checksum returned from server.\n");
+ return AUTH_ERROR;
+ }
+ return AUTH_OK;
+}
+
+struct sec_client_mech krb4_client_mech = {
+ "KERBEROS_V4",
+ sizeof(struct krb4_data),
+ krb4_init, /* init */
+ krb4_auth,
+ NULL, /* end */
+ krb4_check_prot,
+ krb4_overhead,
+ krb4_encode,
+ krb4_decode
+};
+
+#endif /* FTP_SERVER */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/main.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/main.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/main.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,591 @@
+/*
+ * Copyright (c) 1985, 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * FTP User Program -- Command Interface.
+ */
+
+#include "ftp_locl.h"
+#include <getarg.h>
+
+RCSID("$Id: main.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int help_flag;
+static int version_flag;
+static int debug_flag;
+
+struct getargs getargs[] = {
+ { NULL, 'd', arg_flag, &debug_flag,
+ "debug", NULL },
+ { NULL, 'g', arg_negative_flag, &doglob,
+ "disables globbing", NULL},
+ { NULL, 'i', arg_negative_flag, &interactive,
+ "Turn off interactive prompting", NULL},
+ { NULL, 'l', arg_negative_flag, &lineedit,
+ "Turn off line editing", NULL},
+ { NULL, 'n', arg_negative_flag, &autologin,
+ "Turn off auto-login", NULL},
+ { NULL, 'p', arg_flag, &passivemode,
+ "passive mode", NULL},
+ { NULL, 't', arg_counter, &trace,
+ "Packet tracing", NULL},
+#ifdef KRB5
+ { "gss-bindings", 0, arg_negative_flag, &ftp_do_gss_bindings,
+ "Don't use GSS-API bindings", NULL},
+ { "gss-delegate", 0, arg_negative_flag, &ftp_do_gss_delegate,
+ "Disable delegation of GSS-API credentials", NULL},
+#endif
+ { NULL, 'v', arg_counter, &verbose,
+ "verbosity", NULL},
+ { NULL, 'K', arg_negative_flag, &use_kerberos,
+ "Disable kerberos authentication", NULL},
+ { "encrypt", 'x', arg_flag, &doencrypt,
+ "Encrypt command and data channel if possible" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag },
+};
+
+static int num_args = sizeof(getargs) / sizeof(getargs[0]);
+
+static void
+usage(int ecode)
+{
+ arg_printusage(getargs, num_args, NULL, "[host [port]]");
+ exit(ecode);
+}
+
+int
+main(int argc, char **argv)
+{
+ int top;
+ struct passwd *pw = NULL;
+ char homedir[MaxPathLen];
+ struct servent *sp;
+ int optind = 0;
+
+ setprogname(argv[0]);
+
+ sp = getservbyname("ftp", "tcp");
+ if (sp == 0)
+ errx(1, "ftp/tcp: unknown service");
+ doglob = 1;
+ interactive = 1;
+ autologin = 1;
+ lineedit = 1;
+ passivemode = 0; /* passive mode not active */
+ use_kerberos = 1;
+#ifdef KRB5
+ ftp_do_gss_bindings = 1;
+#endif
+
+ if(getarg(getargs, num_args, argc, argv, &optind))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if (debug_flag) {
+ options |= SO_DEBUG;
+ debug++;
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ fromatty = isatty(fileno(stdin));
+ if (fromatty)
+ verbose++;
+ cpend = 0; /* no pending replies */
+ proxy = 0; /* proxy not active */
+ crflag = 1; /* strip c.r. on ascii gets */
+ sendport = -1; /* not using ports */
+ /*
+ * Set up the home directory in case we're globbing.
+ */
+ pw = k_getpwuid(getuid());
+ if (pw != NULL) {
+ strlcpy(homedir, pw->pw_dir, sizeof(homedir));
+ home = homedir;
+ }
+ if (argc > 0) {
+ char *xargv[5];
+
+ if (setjmp(toplevel))
+ exit(0);
+ signal(SIGINT, intr);
+ signal(SIGPIPE, lostpeer);
+ xargv[0] = (char*)getprogname();
+ xargv[1] = argv[0];
+ xargv[2] = argv[1];
+ xargv[3] = argv[2];
+ xargv[4] = NULL;
+ setpeer(argc+1, xargv);
+ }
+ if(setjmp(toplevel) == 0)
+ top = 1;
+ else
+ top = 0;
+ if (top) {
+ signal(SIGINT, intr);
+ signal(SIGPIPE, lostpeer);
+ }
+ for (;;) {
+ cmdscanner(top);
+ top = 1;
+ }
+}
+
+void
+intr(int sig)
+{
+
+ longjmp(toplevel, 1);
+}
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
+RETSIGTYPE
+lostpeer(int sig)
+{
+
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), SHUT_RDWR);
+ fclose(cout);
+ cout = NULL;
+ }
+ if (data >= 0) {
+ shutdown(data, SHUT_RDWR);
+ close(data);
+ data = -1;
+ }
+ connected = 0;
+ }
+ pswitch(1);
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), SHUT_RDWR);
+ fclose(cout);
+ cout = NULL;
+ }
+ connected = 0;
+ }
+ proxflag = 0;
+ pswitch(0);
+ sec_end();
+ SIGRETURN(0);
+}
+
+/*
+char *
+tail(filename)
+ char *filename;
+{
+ char *s;
+
+ while (*filename) {
+ s = strrchr(filename, '/');
+ if (s == NULL)
+ break;
+ if (s[1])
+ return (s + 1);
+ *s = '\0';
+ }
+ return (filename);
+}
+*/
+
+static char *
+simple_readline(char *prompt)
+{
+ char buf[BUFSIZ];
+ printf ("%s", prompt);
+ fflush (stdout);
+ if(fgets(buf, sizeof(buf), stdin) == NULL)
+ return NULL;
+ if (buf[strlen(buf) - 1] == '\n')
+ buf[strlen(buf) - 1] = '\0';
+ return strdup(buf);
+}
+
+#ifndef HAVE_READLINE
+
+static char *
+readline(char *prompt)
+{
+ return simple_readline (prompt);
+}
+
+static void
+add_history(char *p)
+{
+}
+
+#else
+
+/* These should not really be here */
+
+char *readline(char *);
+void add_history(char *);
+
+#endif
+
+/*
+ * Command parser.
+ */
+void
+cmdscanner(int top)
+{
+ struct cmd *c;
+ int l;
+
+ if (!top)
+ putchar('\n');
+ for (;;) {
+ if (fromatty) {
+ char *p;
+ if (lineedit)
+ p = readline("ftp> ");
+ else
+ p = simple_readline("ftp> ");
+ if(p == NULL) {
+ printf("\n");
+ quit(0, 0);
+ }
+ strlcpy(line, p, sizeof(line));
+ if (lineedit)
+ add_history(p);
+ free(p);
+ } else{
+ if (fgets(line, sizeof line, stdin) == NULL)
+ quit(0, 0);
+ }
+ /* XXX will break on long lines */
+ l = strlen(line);
+ if (l == 0)
+ break;
+ if (line[--l] == '\n') {
+ if (l == 0)
+ break;
+ line[l] = '\0';
+ } else if (l == sizeof(line) - 2) {
+ printf("sorry, input line too long\n");
+ while ((l = getchar()) != '\n' && l != EOF)
+ /* void */;
+ break;
+ } /* else it was a line without a newline */
+ makeargv();
+ if (margc == 0) {
+ continue;
+ }
+ c = getcmd(margv[0]);
+ if (c == (struct cmd *)-1) {
+ printf("?Ambiguous command\n");
+ continue;
+ }
+ if (c == 0) {
+ printf("?Invalid command\n");
+ continue;
+ }
+ if (c->c_conn && !connected) {
+ printf("Not connected.\n");
+ continue;
+ }
+ (*c->c_handler)(margc, margv);
+ if (bell && c->c_bell)
+ putchar('\007');
+ if (c->c_handler != help)
+ break;
+ }
+ signal(SIGINT, intr);
+ signal(SIGPIPE, lostpeer);
+}
+
+struct cmd *
+getcmd(char *name)
+{
+ char *p, *q;
+ struct cmd *c, *found;
+ int nmatches, longest;
+
+ longest = 0;
+ nmatches = 0;
+ found = 0;
+ for (c = cmdtab; (p = c->c_name); c++) {
+ for (q = name; *q == *p++; q++)
+ if (*q == 0) /* exact match? */
+ return (c);
+ if (!*q) { /* the name was a prefix */
+ if (q - name > longest) {
+ longest = q - name;
+ nmatches = 1;
+ found = c;
+ } else if (q - name == longest)
+ nmatches++;
+ }
+ }
+ if (nmatches > 1)
+ return ((struct cmd *)-1);
+ return (found);
+}
+
+/*
+ * Slice a string up into argc/argv.
+ */
+
+int slrflag;
+
+void
+makeargv(void)
+{
+ char **argp;
+
+ argp = margv;
+ stringbase = line; /* scan from first of buffer */
+ argbase = argbuf; /* store from first of buffer */
+ slrflag = 0;
+ for (margc = 0; ; margc++) {
+ /* Expand array if necessary */
+ if (margc == margvlen) {
+ int i;
+
+ margv = (margvlen == 0)
+ ? (char **)malloc(20 * sizeof(char *))
+ : (char **)realloc(margv,
+ (margvlen + 20)*sizeof(char *));
+ if (margv == NULL)
+ errx(1, "cannot realloc argv array");
+ for(i = margvlen; i < margvlen + 20; ++i)
+ margv[i] = NULL;
+ margvlen += 20;
+ argp = margv + margc;
+ }
+
+ if ((*argp++ = slurpstring()) == NULL)
+ break;
+ }
+
+}
+
+/*
+ * Parse string into argbuf;
+ * implemented with FSM to
+ * handle quoting and strings
+ */
+char *
+slurpstring(void)
+{
+ int got_one = 0;
+ char *sb = stringbase;
+ char *ap = argbase;
+ char *tmp = argbase; /* will return this if token found */
+
+ if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */
+ switch (slrflag) { /* and $ as token for macro invoke */
+ case 0:
+ slrflag++;
+ stringbase++;
+ return ((*sb == '!') ? "!" : "$");
+ /* NOTREACHED */
+ case 1:
+ slrflag++;
+ altarg = stringbase;
+ break;
+ default:
+ break;
+ }
+ }
+
+S0:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ case ' ':
+ case '\t':
+ sb++; goto S0;
+
+ default:
+ switch (slrflag) {
+ case 0:
+ slrflag++;
+ break;
+ case 1:
+ slrflag++;
+ altarg = sb;
+ break;
+ default:
+ break;
+ }
+ goto S1;
+ }
+
+S1:
+ switch (*sb) {
+
+ case ' ':
+ case '\t':
+ case '\0':
+ goto OUT; /* end of token */
+
+ case '\\':
+ sb++; goto S2; /* slurp next character */
+
+ case '"':
+ sb++; goto S3; /* slurp quoted string */
+
+ default:
+ *ap++ = *sb++; /* add character to token */
+ got_one = 1;
+ goto S1;
+ }
+
+S2:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ default:
+ *ap++ = *sb++;
+ got_one = 1;
+ goto S1;
+ }
+
+S3:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ case '"':
+ sb++; goto S1;
+
+ default:
+ *ap++ = *sb++;
+ got_one = 1;
+ goto S3;
+ }
+
+OUT:
+ if (got_one)
+ *ap++ = '\0';
+ argbase = ap; /* update storage pointer */
+ stringbase = sb; /* update scan pointer */
+ if (got_one) {
+ return (tmp);
+ }
+ switch (slrflag) {
+ case 0:
+ slrflag++;
+ break;
+ case 1:
+ slrflag++;
+ altarg = (char *) 0;
+ break;
+ default:
+ break;
+ }
+ return NULL;
+}
+
+#define HELPINDENT ((int) sizeof ("directory"))
+
+/*
+ * Help command.
+ * Call each command handler with argc == 0 and argv[0] == name.
+ */
+void
+help(int argc, char **argv)
+{
+ struct cmd *c;
+
+ if (argc == 1) {
+ int i, j, w, k;
+ int columns, width = 0, lines;
+
+ printf("Commands may be abbreviated. Commands are:\n\n");
+ for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
+ int len = strlen(c->c_name);
+
+ if (len > width)
+ width = len;
+ }
+ width = (width + 8) &~ 7;
+ columns = 80 / width;
+ if (columns == 0)
+ columns = 1;
+ lines = (NCMDS + columns - 1) / columns;
+ for (i = 0; i < lines; i++) {
+ for (j = 0; j < columns; j++) {
+ c = cmdtab + j * lines + i;
+ if (c->c_name && (!proxy || c->c_proxy)) {
+ printf("%s", c->c_name);
+ }
+ else if (c->c_name) {
+ for (k=0; k < strlen(c->c_name); k++) {
+ putchar(' ');
+ }
+ }
+ if (c + lines >= &cmdtab[NCMDS]) {
+ printf("\n");
+ break;
+ }
+ w = strlen(c->c_name);
+ while (w < width) {
+ w = (w + 8) &~ 7;
+ putchar('\t');
+ }
+ }
+ }
+ return;
+ }
+ while (--argc > 0) {
+ char *arg;
+ arg = *++argv;
+ c = getcmd(arg);
+ if (c == (struct cmd *)-1)
+ printf("?Ambiguous help command %s\n", arg);
+ else if (c == (struct cmd *)0)
+ printf("?Invalid help command %s\n", arg);
+ else
+ printf("%-*s\t%s\n", HELPINDENT,
+ c->c_name, c->c_help);
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/pathnames.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/pathnames.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/pathnames.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)pathnames.h 8.1 (Berkeley) 6/6/93
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#define _PATH_TMP_XXX "/tmp/ftpXXXXXX"
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/ruserpass.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/ruserpass.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/ruserpass.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,313 @@
+/*
+ * Copyright (c) 1985, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftp_locl.h"
+RCSID("$Id: ruserpass.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int token (void);
+static FILE *cfile;
+
+#define DEFAULT 1
+#define LOGIN 2
+#define PASSWD 3
+#define ACCOUNT 4
+#define MACDEF 5
+#define PROT 6
+#define ID 10
+#define MACH 11
+
+static char tokval[100];
+
+static struct toktab {
+ char *tokstr;
+ int tval;
+} toktab[]= {
+ { "default", DEFAULT },
+ { "login", LOGIN },
+ { "password", PASSWD },
+ { "passwd", PASSWD },
+ { "account", ACCOUNT },
+ { "machine", MACH },
+ { "macdef", MACDEF },
+ { "prot", PROT },
+ { NULL, 0 }
+};
+
+/*
+ * Write a copy of the hostname into `hostname, sz' and return a guess
+ * as to the `domain' of that hostname.
+ */
+
+static char *
+guess_domain (char *hostname_str, size_t sz)
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ char *dot;
+
+ if (gethostname (hostname_str, sz) < 0) {
+ strlcpy (hostname_str, "", sz);
+ return "";
+ }
+ dot = strchr (hostname_str, '.');
+ if (dot != NULL)
+ return dot + 1;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+
+ error = getaddrinfo (hostname_str, NULL, &hints, &ai);
+ if (error)
+ return hostname_str;
+
+ for (a = ai; a != NULL; a = a->ai_next)
+ if (a->ai_canonname != NULL) {
+ strlcpy (hostname_str, ai->ai_canonname, sz);
+ break;
+ }
+ freeaddrinfo (ai);
+ dot = strchr (hostname_str, '.');
+ if (dot != NULL)
+ return dot + 1;
+ else
+ return hostname_str;
+}
+
+int
+ruserpass(char *host, char **aname, char **apass, char **aacct)
+{
+ char *hdir, buf[BUFSIZ], *tmp;
+ int t, i, c, usedefault = 0;
+ struct stat stb;
+
+ mydomain = guess_domain (myhostname, MaxHostNameLen);
+
+ hdir = getenv("HOME");
+ if (hdir == NULL)
+ hdir = ".";
+ snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
+ cfile = fopen(buf, "r");
+ if (cfile == NULL) {
+ if (errno != ENOENT)
+ warn("%s", buf);
+ return (0);
+ }
+
+next:
+ while ((t = token())) switch(t) {
+
+ case DEFAULT:
+ usedefault = 1;
+ /* FALL THROUGH */
+
+ case MACH:
+ if (!usedefault) {
+ if (token() != ID)
+ continue;
+ /*
+ * Allow match either for user's input host name
+ * or official hostname. Also allow match of
+ * incompletely-specified host in local domain.
+ */
+ if (strcasecmp(host, tokval) == 0)
+ goto match;
+ if (strcasecmp(hostname, tokval) == 0)
+ goto match;
+ if ((tmp = strchr(hostname, '.')) != NULL &&
+ tmp++ &&
+ strcasecmp(tmp, mydomain) == 0 &&
+ strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
+ tokval[tmp - hostname] == '\0')
+ goto match;
+ if ((tmp = strchr(host, '.')) != NULL &&
+ tmp++ &&
+ strcasecmp(tmp, mydomain) == 0 &&
+ strncasecmp(host, tokval, tmp - host) == 0 &&
+ tokval[tmp - host] == '\0')
+ goto match;
+ continue;
+ }
+ match:
+ while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
+
+ case LOGIN:
+ if (token()) {
+ if (*aname == 0) {
+ *aname = strdup(tokval);
+ } else {
+ if (strcmp(*aname, tokval))
+ goto next;
+ }
+ }
+ break;
+ case PASSWD:
+ if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
+ fstat(fileno(cfile), &stb) >= 0 &&
+ (stb.st_mode & 077) != 0) {
+ warnx("Error: .netrc file is readable by others.");
+ warnx("Remove password or make file unreadable by others.");
+ goto bad;
+ }
+ if (token() && *apass == 0) {
+ *apass = strdup(tokval);
+ }
+ break;
+ case ACCOUNT:
+ if (fstat(fileno(cfile), &stb) >= 0
+ && (stb.st_mode & 077) != 0) {
+ warnx("Error: .netrc file is readable by others.");
+ warnx("Remove account or make file unreadable by others.");
+ goto bad;
+ }
+ if (token() && *aacct == 0) {
+ *aacct = strdup(tokval);
+ }
+ break;
+ case MACDEF:
+ if (proxy) {
+ fclose(cfile);
+ return (0);
+ }
+ while ((c=getc(cfile)) != EOF &&
+ (c == ' ' || c == '\t'));
+ if (c == EOF || c == '\n') {
+ printf("Missing macdef name argument.\n");
+ goto bad;
+ }
+ if (macnum == 16) {
+ printf("Limit of 16 macros have already been defined\n");
+ goto bad;
+ }
+ tmp = macros[macnum].mac_name;
+ *tmp++ = c;
+ for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
+ !isspace(c); ++i) {
+ *tmp++ = c;
+ }
+ if (c == EOF) {
+ printf("Macro definition missing null line terminator.\n");
+ goto bad;
+ }
+ *tmp = '\0';
+ if (c != '\n') {
+ while ((c=getc(cfile)) != EOF && c != '\n');
+ }
+ if (c == EOF) {
+ printf("Macro definition missing null line terminator.\n");
+ goto bad;
+ }
+ if (macnum == 0) {
+ macros[macnum].mac_start = macbuf;
+ }
+ else {
+ macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
+ }
+ tmp = macros[macnum].mac_start;
+ while (tmp != macbuf + 4096) {
+ if ((c=getc(cfile)) == EOF) {
+ printf("Macro definition missing null line terminator.\n");
+ goto bad;
+ }
+ *tmp = c;
+ if (*tmp == '\n') {
+ if (*(tmp-1) == '\0') {
+ macros[macnum++].mac_end = tmp - 1;
+ break;
+ }
+ *tmp = '\0';
+ }
+ tmp++;
+ }
+ if (tmp == macbuf + 4096) {
+ printf("4K macro buffer exceeded\n");
+ goto bad;
+ }
+ break;
+ case PROT:
+ token();
+ if(doencrypt == 0 && sec_request_prot(tokval) < 0)
+ warnx("Unknown protection level \"%s\"", tokval);
+ break;
+ default:
+ warnx("Unknown .netrc keyword %s", tokval);
+ break;
+ }
+ goto done;
+ }
+done:
+ fclose(cfile);
+ return (0);
+bad:
+ fclose(cfile);
+ return (-1);
+}
+
+static int
+token(void)
+{
+ char *cp;
+ int c;
+ struct toktab *t;
+
+ if (feof(cfile) || ferror(cfile))
+ return (0);
+ while ((c = getc(cfile)) != EOF &&
+ (c == '\n' || c == '\t' || c == ' ' || c == ','))
+ continue;
+ if (c == EOF)
+ return (0);
+ cp = tokval;
+ if (c == '"') {
+ while ((c = getc(cfile)) != EOF && c != '"') {
+ if (c == '\\')
+ c = getc(cfile);
+ *cp++ = c;
+ }
+ } else {
+ *cp++ = c;
+ while ((c = getc(cfile)) != EOF
+ && c != '\n' && c != '\t' && c != ' ' && c != ',') {
+ if (c == '\\')
+ c = getc(cfile);
+ *cp++ = c;
+ }
+ }
+ *cp = 0;
+ if (tokval[0] == 0)
+ return (0);
+ for (t = toktab; t->tokstr; t++)
+ if (!strcmp(t->tokstr, tokval))
+ return (t->tval);
+ return (ID);
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/security.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/security.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/security.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,883 @@
+/*
+ * Copyright (c) 1998-2002, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+
+RCSID("$Id: security.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static enum protection_level command_prot;
+static enum protection_level data_prot;
+static size_t buffer_size;
+
+struct buffer {
+ void *data;
+ size_t size;
+ size_t index;
+ int eof_flag;
+};
+
+static struct buffer in_buffer, out_buffer;
+int sec_complete;
+
+static struct {
+ enum protection_level level;
+ const char *name;
+} level_names[] = {
+ { prot_clear, "clear" },
+ { prot_safe, "safe" },
+ { prot_confidential, "confidential" },
+ { prot_private, "private" }
+};
+
+static const char *
+level_to_name(enum protection_level level)
+{
+ int i;
+ for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+ if(level_names[i].level == level)
+ return level_names[i].name;
+ return "unknown";
+}
+
+#ifndef FTP_SERVER /* not used in server */
+static enum protection_level
+name_to_level(const char *name)
+{
+ int i;
+ for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+ if(!strncasecmp(level_names[i].name, name, strlen(name)))
+ return level_names[i].level;
+ return (enum protection_level)-1;
+}
+#endif
+
+#ifdef FTP_SERVER
+
+static struct sec_server_mech *mechs[] = {
+#ifdef KRB5
+ &gss_server_mech,
+#endif
+#ifdef KRB4
+ &krb4_server_mech,
+#endif
+ NULL
+};
+
+static struct sec_server_mech *mech;
+
+#else
+
+static struct sec_client_mech *mechs[] = {
+#ifdef KRB5
+ &gss_client_mech,
+#endif
+#ifdef KRB4
+ &krb4_client_mech,
+#endif
+ NULL
+};
+
+static struct sec_client_mech *mech;
+
+#endif
+
+static void *app_data;
+
+int
+sec_getc(FILE *F)
+{
+ if(sec_complete && data_prot) {
+ char c;
+ if(sec_read(fileno(F), &c, 1) <= 0)
+ return EOF;
+ return c;
+ } else
+ return getc(F);
+}
+
+static int
+block_read(int fd, void *buf, size_t len)
+{
+ unsigned char *p = buf;
+ int b;
+ while(len) {
+ b = read(fd, p, len);
+ if (b == 0)
+ return 0;
+ else if (b < 0)
+ return -1;
+ len -= b;
+ p += b;
+ }
+ return p - (unsigned char*)buf;
+}
+
+static int
+block_write(int fd, void *buf, size_t len)
+{
+ unsigned char *p = buf;
+ int b;
+ while(len) {
+ b = write(fd, p, len);
+ if(b < 0)
+ return -1;
+ len -= b;
+ p += b;
+ }
+ return p - (unsigned char*)buf;
+}
+
+static int
+sec_get_data(int fd, struct buffer *buf, int level)
+{
+ int len;
+ int b;
+ void *tmp;
+
+ b = block_read(fd, &len, sizeof(len));
+ if (b == 0)
+ return 0;
+ else if (b < 0)
+ return -1;
+ len = ntohl(len);
+ tmp = realloc(buf->data, len);
+ if (tmp == NULL)
+ return -1;
+ buf->data = tmp;
+ b = block_read(fd, buf->data, len);
+ if (b == 0)
+ return 0;
+ else if (b < 0)
+ return -1;
+ buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
+ buf->index = 0;
+ return 0;
+}
+
+static size_t
+buffer_read(struct buffer *buf, void *dataptr, size_t len)
+{
+ len = min(len, buf->size - buf->index);
+ memcpy(dataptr, (char*)buf->data + buf->index, len);
+ buf->index += len;
+ return len;
+}
+
+static size_t
+buffer_write(struct buffer *buf, void *dataptr, size_t len)
+{
+ if(buf->index + len > buf->size) {
+ void *tmp;
+ if(buf->data == NULL)
+ tmp = malloc(1024);
+ else
+ tmp = realloc(buf->data, buf->index + len);
+ if(tmp == NULL)
+ return -1;
+ buf->data = tmp;
+ buf->size = buf->index + len;
+ }
+ memcpy((char*)buf->data + buf->index, dataptr, len);
+ buf->index += len;
+ return len;
+}
+
+int
+sec_read(int fd, void *dataptr, int length)
+{
+ size_t len;
+ int rx = 0;
+
+ if(sec_complete == 0 || data_prot == 0)
+ return read(fd, dataptr, length);
+
+ if(in_buffer.eof_flag){
+ in_buffer.eof_flag = 0;
+ return 0;
+ }
+
+ len = buffer_read(&in_buffer, dataptr, length);
+ length -= len;
+ rx += len;
+ dataptr = (char*)dataptr + len;
+
+ while(length){
+ int ret;
+
+ ret = sec_get_data(fd, &in_buffer, data_prot);
+ if (ret < 0)
+ return -1;
+ if(ret == 0 && in_buffer.size == 0) {
+ if(rx)
+ in_buffer.eof_flag = 1;
+ return rx;
+ }
+ len = buffer_read(&in_buffer, dataptr, length);
+ length -= len;
+ rx += len;
+ dataptr = (char*)dataptr + len;
+ }
+ return rx;
+}
+
+static int
+sec_send(int fd, char *from, int length)
+{
+ int bytes;
+ void *buf;
+ bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
+ bytes = htonl(bytes);
+ block_write(fd, &bytes, sizeof(bytes));
+ block_write(fd, buf, ntohl(bytes));
+ free(buf);
+ return length;
+}
+
+int
+sec_fflush(FILE *F)
+{
+ if(data_prot != prot_clear) {
+ if(out_buffer.index > 0){
+ sec_write(fileno(F), out_buffer.data, out_buffer.index);
+ out_buffer.index = 0;
+ }
+ sec_send(fileno(F), NULL, 0);
+ }
+ fflush(F);
+ return 0;
+}
+
+int
+sec_write(int fd, char *dataptr, int length)
+{
+ int len = buffer_size;
+ int tx = 0;
+
+ if(data_prot == prot_clear)
+ return write(fd, dataptr, length);
+
+ len -= (*mech->overhead)(app_data, data_prot, len);
+ while(length){
+ if(length < len)
+ len = length;
+ sec_send(fd, dataptr, len);
+ length -= len;
+ dataptr += len;
+ tx += len;
+ }
+ return tx;
+}
+
+int
+sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
+{
+ char *buf;
+ int ret;
+ if(data_prot == prot_clear)
+ return vfprintf(f, fmt, ap);
+ else {
+ int len;
+ len = vasprintf(&buf, fmt, ap);
+ if (len == -1)
+ return len;
+ ret = buffer_write(&out_buffer, buf, len);
+ free(buf);
+ return ret;
+ }
+}
+
+int
+sec_fprintf2(FILE *f, const char *fmt, ...)
+{
+ int ret;
+ va_list ap;
+ va_start(ap, fmt);
+ ret = sec_vfprintf2(f, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+int
+sec_putc(int c, FILE *F)
+{
+ char ch = c;
+ if(data_prot == prot_clear)
+ return putc(c, F);
+
+ buffer_write(&out_buffer, &ch, 1);
+ if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
+ sec_write(fileno(F), out_buffer.data, out_buffer.index);
+ out_buffer.index = 0;
+ }
+ return c;
+}
+
+int
+sec_read_msg(char *s, int level)
+{
+ int len;
+ char *buf;
+ int return_code;
+
+ buf = malloc(strlen(s));
+ len = base64_decode(s + 4, buf); /* XXX */
+
+ len = (*mech->decode)(app_data, buf, len, level);
+ if(len < 0)
+ return -1;
+
+ buf[len] = '\0';
+
+ if(buf[3] == '-')
+ return_code = 0;
+ else
+ sscanf(buf, "%d", &return_code);
+ if(buf[len-1] == '\n')
+ buf[len-1] = '\0';
+ strcpy(s, buf);
+ free(buf);
+ return return_code;
+}
+
+int
+sec_vfprintf(FILE *f, const char *fmt, va_list ap)
+{
+ char *buf;
+ void *enc;
+ int len;
+ if(!sec_complete)
+ return vfprintf(f, fmt, ap);
+
+ if (vasprintf(&buf, fmt, ap) == -1) {
+ printf("Failed to allocate command.\n");
+ return -1;
+ }
+ len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
+ free(buf);
+ if(len < 0) {
+ printf("Failed to encode command.\n");
+ return -1;
+ }
+ if(base64_encode(enc, len, &buf) < 0){
+ free(enc);
+ printf("Out of memory base64-encoding.\n");
+ return -1;
+ }
+ free(enc);
+#ifdef FTP_SERVER
+ if(command_prot == prot_safe)
+ fprintf(f, "631 %s\r\n", buf);
+ else if(command_prot == prot_private)
+ fprintf(f, "632 %s\r\n", buf);
+ else if(command_prot == prot_confidential)
+ fprintf(f, "633 %s\r\n", buf);
+#else
+ if(command_prot == prot_safe)
+ fprintf(f, "MIC %s", buf);
+ else if(command_prot == prot_private)
+ fprintf(f, "ENC %s", buf);
+ else if(command_prot == prot_confidential)
+ fprintf(f, "CONF %s", buf);
+#endif
+ free(buf);
+ return 0;
+}
+
+int
+sec_fprintf(FILE *f, const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+ va_start(ap, fmt);
+ ret = sec_vfprintf(f, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+int ccc_passed;
+
+void
+auth(char *auth_name)
+{
+ int i;
+ void *tmp;
+
+ for(i = 0; (mech = mechs[i]) != NULL; i++){
+ if(!strcasecmp(auth_name, mech->name)){
+ tmp = realloc(app_data, mech->size);
+ if (tmp == NULL) {
+ reply(431, "Unable to accept %s at this time", mech->name);
+ return;
+ }
+ app_data = tmp;
+
+ if(mech->init && (*mech->init)(app_data) != 0) {
+ reply(431, "Unable to accept %s at this time", mech->name);
+ return;
+ }
+ if(mech->auth) {
+ (*mech->auth)(app_data);
+ return;
+ }
+ if(mech->adat)
+ reply(334, "Send authorization data.");
+ else
+ reply(234, "Authorization complete.");
+ return;
+ }
+ }
+ free (app_data);
+ app_data = NULL;
+ reply(504, "%s is unknown to me", auth_name);
+}
+
+void
+adat(char *auth_data)
+{
+ if(mech && !sec_complete) {
+ void *buf = malloc(strlen(auth_data));
+ size_t len;
+ len = base64_decode(auth_data, buf);
+ (*mech->adat)(app_data, buf, len);
+ free(buf);
+ } else
+ reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
+}
+
+void pbsz(int size)
+{
+ size_t new = size;
+ if(!sec_complete)
+ reply(503, "Incomplete security data exchange.");
+ if(mech->pbsz)
+ new = (*mech->pbsz)(app_data, size);
+ if(buffer_size != new){
+ buffer_size = size;
+ }
+ if(new != size)
+ reply(200, "PBSZ=%lu", (unsigned long)new);
+ else
+ reply(200, "OK");
+}
+
+void
+prot(char *pl)
+{
+ int p = -1;
+
+ if(buffer_size == 0){
+ reply(503, "No protection buffer size negotiated.");
+ return;
+ }
+
+ if(!strcasecmp(pl, "C"))
+ p = prot_clear;
+ else if(!strcasecmp(pl, "S"))
+ p = prot_safe;
+ else if(!strcasecmp(pl, "E"))
+ p = prot_confidential;
+ else if(!strcasecmp(pl, "P"))
+ p = prot_private;
+ else {
+ reply(504, "Unrecognized protection level.");
+ return;
+ }
+
+ if(sec_complete){
+ if((*mech->check_prot)(app_data, p)){
+ reply(536, "%s does not support %s protection.",
+ mech->name, level_to_name(p));
+ }else{
+ data_prot = (enum protection_level)p;
+ reply(200, "Data protection is %s.", level_to_name(p));
+ }
+ }else{
+ reply(503, "Incomplete security data exchange.");
+ }
+}
+
+void ccc(void)
+{
+ if(sec_complete){
+ if(mech->ccc && (*mech->ccc)(app_data) == 0) {
+ command_prot = data_prot = prot_clear;
+ ccc_passed = 1;
+ } else
+ reply(534, "You must be joking.");
+ }else
+ reply(503, "Incomplete security data exchange.");
+}
+
+void mec(char *msg, enum protection_level level)
+{
+ void *buf;
+ size_t len, buf_size;
+ if(!sec_complete) {
+ reply(503, "Incomplete security data exchange.");
+ return;
+ }
+ buf_size = strlen(msg) + 2;
+ buf = malloc(buf_size);
+ len = base64_decode(msg, buf);
+ command_prot = level;
+ if(len == (size_t)-1) {
+ reply(501, "Failed to base64-decode command");
+ return;
+ }
+ len = (*mech->decode)(app_data, buf, len, level);
+ if(len == (size_t)-1) {
+ reply(535, "Failed to decode command");
+ return;
+ }
+ ((char*)buf)[len] = '\0';
+ if(strstr((char*)buf, "\r\n") == NULL)
+ strlcat((char*)buf, "\r\n", buf_size);
+ new_ftp_command(buf);
+}
+
+/* ------------------------------------------------------------ */
+
+int
+sec_userok(char *userstr)
+{
+ if(sec_complete)
+ return (*mech->userok)(app_data, userstr);
+ return 0;
+}
+
+int
+sec_session(char *user)
+{
+ if(sec_complete && mech->session)
+ return (*mech->session)(app_data, user);
+ return 0;
+}
+
+char *ftp_command;
+
+void
+new_ftp_command(char *command)
+{
+ ftp_command = command;
+}
+
+void
+delete_ftp_command(void)
+{
+ free(ftp_command);
+ ftp_command = NULL;
+}
+
+int
+secure_command(void)
+{
+ return ftp_command != NULL;
+}
+
+enum protection_level
+get_command_prot(void)
+{
+ return command_prot;
+}
+
+#else /* FTP_SERVER */
+
+void
+sec_status(void)
+{
+ if(sec_complete){
+ printf("Using %s for authentication.\n", mech->name);
+ printf("Using %s command channel.\n", level_to_name(command_prot));
+ printf("Using %s data channel.\n", level_to_name(data_prot));
+ if(buffer_size > 0)
+ printf("Protection buffer size: %lu.\n",
+ (unsigned long)buffer_size);
+ }else{
+ printf("Not using any security mechanism.\n");
+ }
+}
+
+static int
+sec_prot_internal(int level)
+{
+ int ret;
+ char *p;
+ unsigned int s = 1048576;
+
+ int old_verbose = verbose;
+ verbose = 0;
+
+ if(!sec_complete){
+ printf("No security data exchange has taken place.\n");
+ return -1;
+ }
+
+ if(level){
+ ret = command("PBSZ %u", s);
+ if(ret != COMPLETE){
+ printf("Failed to set protection buffer size.\n");
+ return -1;
+ }
+ buffer_size = s;
+ p = strstr(reply_string, "PBSZ=");
+ if(p)
+ sscanf(p, "PBSZ=%u", &s);
+ if(s < buffer_size)
+ buffer_size = s;
+ }
+ verbose = old_verbose;
+ ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+ if(ret != COMPLETE){
+ printf("Failed to set protection level.\n");
+ return -1;
+ }
+
+ data_prot = (enum protection_level)level;
+ return 0;
+}
+
+enum protection_level
+set_command_prot(enum protection_level level)
+{
+ int ret;
+ enum protection_level old = command_prot;
+ if(level != command_prot && level == prot_clear) {
+ ret = command("CCC");
+ if(ret != COMPLETE) {
+ printf("Failed to clear command channel.\n");
+ return -1;
+ }
+ }
+ command_prot = level;
+ return old;
+}
+
+void
+sec_prot(int argc, char **argv)
+{
+ int level = -1;
+
+ if(argc > 3)
+ goto usage;
+
+ if(argc == 1) {
+ sec_status();
+ return;
+ }
+ if(!sec_complete) {
+ printf("No security data exchange has taken place.\n");
+ code = -1;
+ return;
+ }
+ level = name_to_level(argv[argc - 1]);
+
+ if(level == -1)
+ goto usage;
+
+ if((*mech->check_prot)(app_data, level)) {
+ printf("%s does not implement %s protection.\n",
+ mech->name, level_to_name(level));
+ code = -1;
+ return;
+ }
+
+ if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
+ if(sec_prot_internal(level) < 0){
+ code = -1;
+ return;
+ }
+ } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
+ if(set_command_prot(level) < 0) {
+ code = -1;
+ return;
+ }
+ } else
+ goto usage;
+ code = 0;
+ return;
+ usage:
+ printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
+ argv[0]);
+ code = -1;
+}
+
+void
+sec_prot_command(int argc, char **argv)
+{
+ int level;
+
+ if(argc > 2)
+ goto usage;
+
+ if(!sec_complete) {
+ printf("No security data exchange has taken place.\n");
+ code = -1;
+ return;
+ }
+
+ if(argc == 1) {
+ sec_status();
+ } else {
+ level = name_to_level(argv[1]);
+ if(level == -1)
+ goto usage;
+
+ if((*mech->check_prot)(app_data, level)) {
+ printf("%s does not implement %s protection.\n",
+ mech->name, level_to_name(level));
+ code = -1;
+ return;
+ }
+ if(set_command_prot(level) < 0) {
+ code = -1;
+ return;
+ }
+ }
+ code = 0;
+ return;
+ usage:
+ printf("usage: %s [clear|safe|confidential|private]\n",
+ argv[0]);
+ code = -1;
+}
+
+static enum protection_level request_data_prot;
+
+void
+sec_set_protection_level(void)
+{
+ if(sec_complete && data_prot != request_data_prot)
+ sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+ int l = name_to_level(level);
+ if(l == -1)
+ return -1;
+ request_data_prot = (enum protection_level)l;
+ return 0;
+}
+
+int
+sec_login(char *host)
+{
+ int ret;
+ struct sec_client_mech **m;
+ int old_verbose = verbose;
+
+ verbose = -1; /* shut up all messages this will produce (they
+ are usually not very user friendly) */
+
+ for(m = mechs; *m && (*m)->name; m++) {
+ void *tmp;
+
+ tmp = realloc(app_data, (*m)->size);
+ if (tmp == NULL) {
+ warnx ("realloc %lu failed", (unsigned long)(*m)->size);
+ return -1;
+ }
+ app_data = tmp;
+
+ if((*m)->init && (*(*m)->init)(app_data) != 0) {
+ printf("Skipping %s...\n", (*m)->name);
+ continue;
+ }
+ printf("Trying %s...\n", (*m)->name);
+ ret = command("AUTH %s", (*m)->name);
+ if(ret != CONTINUE){
+ if(code == 504){
+ printf("%s is not supported by the server.\n", (*m)->name);
+ }else if(code == 534){
+ printf("%s rejected as security mechanism.\n", (*m)->name);
+ }else if(ret == ERROR) {
+ printf("The server doesn't support the FTP "
+ "security extensions.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+ continue;
+ }
+
+ ret = (*(*m)->auth)(app_data, host);
+
+ if(ret == AUTH_CONTINUE)
+ continue;
+ else if(ret != AUTH_OK){
+ /* mechanism is supposed to output error string */
+ verbose = old_verbose;
+ return -1;
+ }
+ mech = *m;
+ sec_complete = 1;
+ if(doencrypt) {
+ command_prot = prot_private;
+ request_data_prot = prot_private;
+ } else {
+ command_prot = prot_safe;
+ }
+ break;
+ }
+
+ verbose = old_verbose;
+ return *m == NULL;
+}
+
+void
+sec_end(void)
+{
+ if (mech != NULL) {
+ if(mech->end)
+ (*mech->end)(app_data);
+ if (app_data != NULL) {
+ memset(app_data, 0, mech->size);
+ free(app_data);
+ app_data = NULL;
+ }
+ }
+ sec_complete = 0;
+ data_prot = (enum protection_level)0;
+}
+
+#endif /* FTP_SERVER */
+
Added: vendor-crypto/heimdal/dist/appl/ftp/ftp/security.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftp/security.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftp/security.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: security.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifndef __security_h__
+#define __security_h__
+
+enum protection_level {
+ prot_clear,
+ prot_safe,
+ prot_confidential,
+ prot_private
+};
+
+struct sec_client_mech {
+ char *name;
+ size_t size;
+ int (*init)(void *);
+ int (*auth)(void *, char*);
+ void (*end)(void *);
+ int (*check_prot)(void *, int);
+ int (*overhead)(void *, int, int);
+ int (*encode)(void *, void*, int, int, void**);
+ int (*decode)(void *, void*, int, int);
+};
+
+struct sec_server_mech {
+ char *name;
+ size_t size;
+ int (*init)(void *);
+ void (*end)(void *);
+ int (*check_prot)(void *, int);
+ int (*overhead)(void *, int, int);
+ int (*encode)(void *, void*, int, int, void**);
+ int (*decode)(void *, void*, int, int);
+
+ int (*auth)(void *);
+ int (*adat)(void *, void*, size_t);
+ size_t (*pbsz)(void *, size_t);
+ int (*ccc)(void*);
+ int (*userok)(void*, char*);
+ int (*session)(void*, char*);
+};
+
+#define AUTH_OK 0
+#define AUTH_CONTINUE 1
+#define AUTH_ERROR 2
+
+extern int ftp_do_gss_bindings;
+extern int ftp_do_gss_delegate;
+#ifdef FTP_SERVER
+extern struct sec_server_mech krb4_server_mech, gss_server_mech;
+#else
+extern struct sec_client_mech krb4_client_mech, gss_client_mech;
+#endif
+
+extern int sec_complete;
+
+#ifdef FTP_SERVER
+extern char *ftp_command;
+void new_ftp_command(char*);
+void delete_ftp_command(void);
+#endif
+
+/* ---- */
+
+
+int sec_fflush (FILE *);
+int sec_fprintf (FILE *, const char *, ...)
+ __attribute__ ((format (printf, 2,3)));
+int sec_getc (FILE *);
+int sec_putc (int, FILE *);
+int sec_read (int, void *, int);
+int sec_read_msg (char *, int);
+int sec_vfprintf (FILE *, const char *, va_list)
+ __attribute__ ((format (printf, 2,0)));
+int sec_fprintf2(FILE *f, const char *fmt, ...)
+ __attribute__ ((format (printf, 2,3)));
+int sec_vfprintf2(FILE *, const char *, va_list)
+ __attribute__ ((format (printf, 2,0)));
+int sec_write (int, char *, int);
+
+#ifdef FTP_SERVER
+void adat (char *);
+void auth (char *);
+void ccc (void);
+void mec (char *, enum protection_level);
+void pbsz (int);
+void prot (char *);
+void delete_ftp_command (void);
+void new_ftp_command (char *);
+int sec_userok (char *);
+int sec_session(char *);
+int secure_command (void);
+enum protection_level get_command_prot(void);
+#else
+void sec_end (void);
+int sec_login (char *);
+void sec_prot (int, char **);
+void sec_prot_command (int, char **);
+int sec_request_prot (char *);
+void sec_set_protection_level (void);
+void sec_status (void);
+
+enum protection_level set_command_prot(enum protection_level);
+
+#endif
+
+#endif /* __security_h__ */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+
+libexec_PROGRAMS = ftpd
+
+CHECK_LOCAL =
+
+if KRB4
+krb4_sources = krb4.c
+endif
+if KRB5
+krb5_sources = gssapi.c gss_userok.c
+endif
+
+ftpd_SOURCES = \
+ extern.h \
+ ftpcmd.y \
+ ftpd.c \
+ ftpd_locl.h \
+ logwtmp.c \
+ ls.c \
+ pathnames.h \
+ popen.c \
+ security.c \
+ kauth.c \
+ klist.c \
+ $(krb4_sources) \
+ $(krb5_sources)
+
+EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
+
+$(ftpd_OBJECTS): security.h
+
+security.c:
+ @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
+security.h:
+ @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
+krb4.c:
+ @test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
+gssapi.c:
+ @test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
+
+CLEANFILES = security.c security.h krb4.c gssapi.c
+
+man_MANS = ftpd.8 ftpusers.5
+
+LDADD = ../common/libcommon.a \
+ $(LIB_otp) \
+ $(LIB_gssapi) \
+ $(LIB_krb5) \
+ $(LIB_kafs) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,939 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ftpcmd.c
+libexec_PROGRAMS = ftpd$(EXEEXT)
+subdir = appl/ftp/ftpd
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" \
+ "$(DESTDIR)$(man8dir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am__ftpd_SOURCES_DIST = extern.h ftpcmd.y ftpd.c ftpd_locl.h logwtmp.c \
+ ls.c pathnames.h popen.c security.c kauth.c klist.c krb4.c \
+ gssapi.c gss_userok.c
+ at KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT)
+ at KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT)
+am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \
+ ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \
+ kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) \
+ $(am__objects_2)
+ftpd_OBJECTS = $(am_ftpd_OBJECTS)
+ftpd_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
+ $(am__DEPENDENCIES_1)
+ftpd_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \
+ $(LIB_gssapi) $(LIB_krb5) $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+ at MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
+YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
+YLWRAP = $(top_srcdir)/ylwrap
+SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES)
+DIST_SOURCES = $(am__ftpd_SOURCES_DIST) $(EXTRA_ftpd_SOURCES)
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CHECK_LOCAL =
+ at KRB4_TRUE@krb4_sources = krb4.c
+ at KRB5_TRUE@krb5_sources = gssapi.c gss_userok.c
+ftpd_SOURCES = \
+ extern.h \
+ ftpcmd.y \
+ ftpd.c \
+ ftpd_locl.h \
+ logwtmp.c \
+ ls.c \
+ pathnames.h \
+ popen.c \
+ security.c \
+ kauth.c \
+ klist.c \
+ $(krb4_sources) \
+ $(krb5_sources)
+
+EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
+CLEANFILES = security.c security.h krb4.c gssapi.c
+man_MANS = ftpd.8 ftpusers.5
+LDADD = ../common/libcommon.a \
+ $(LIB_otp) \
+ $(LIB_gssapi) \
+ $(LIB_krb5) \
+ $(LIB_kafs) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftpd/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftpd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES)
+ @rm -f ftpd$(EXEEXT)
+ $(LINK) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+.y.c:
+ $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man5: $(man5_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -rm -f ftpcmd.c
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man5 install-man8 \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man5 \
+ uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(ftpd_OBJECTS): security.h
+
+security.c:
+ @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
+security.h:
+ @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
+krb4.c:
+ @test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
+gssapi.c:
+ @test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/extern.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/extern.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/extern.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,148 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)extern.h 8.2 (Berkeley) 4/4/94
+ */
+
+#ifndef _EXTERN_H_
+#define _EXTERN_H_
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifndef NBBY
+#define NBBY CHAR_BIT
+#endif
+
+void abor(void);
+void blkfree(char **);
+char **copyblk(char **);
+void cwd(char *);
+void do_delete(char *);
+void dologout(int);
+void eprt(char *);
+void epsv(char *);
+void fatal(char *);
+int filename_check(char *);
+int ftpd_pclose(FILE *);
+FILE *ftpd_popen(char *, char *, int, int);
+char *ftpd_getline(char *, int);
+void ftpd_logwtmp(char *, char *, char *);
+void lreply(int, const char *, ...)
+ __attribute__ ((format (printf, 2, 3)));
+void makedir(char *);
+void nack(char *);
+void nreply(const char *, ...)
+ __attribute__ ((format (printf, 1, 2)));
+void pass(char *);
+void pasv(void);
+void perror_reply(int, const char *);
+void pwd(void);
+void removedir(char *);
+void renamecmd(char *, char *);
+char *renamefrom(char *);
+void reply(int, const char *, ...)
+ __attribute__ ((format (printf, 2, 3)));
+void retrieve(const char *, char *);
+void send_file_list(char *);
+void setproctitle(const char *, ...)
+ __attribute__ ((format (printf, 1, 2)));
+void statcmd(void);
+void statfilecmd(char *);
+void do_store(char *, char *, int);
+void upper(char *);
+void user(char *);
+void yyerror(char *);
+
+void list_file(char*);
+
+void kauth(char *, char*);
+void klist(void);
+void cond_kdestroy(void);
+void kdestroy(void);
+void krbtkfile(const char *tkfile);
+void afslog(const char *, int);
+void afsunlog(void);
+
+extern int do_destroy_tickets;
+extern char *k5ccname;
+
+int find(char *);
+
+int builtin_ls(FILE*, const char*);
+
+int do_login(int code, char *passwd);
+int klogin(char *name, char *password);
+
+const char *ftp_rooted(const char *path);
+
+extern struct sockaddr *ctrl_addr, *his_addr;
+extern char hostname[];
+
+extern struct sockaddr *data_dest;
+extern int logged_in;
+extern struct passwd *pw;
+extern int guest;
+extern int logging;
+extern int type;
+extern off_t file_size;
+extern off_t byte_count;
+extern int ccc_passed;
+
+extern int form;
+extern int debug;
+extern int ftpd_timeout;
+extern int maxtimeout;
+extern int pdata;
+extern char hostname[], remotehost[];
+extern char proctitle[];
+extern int usedefault;
+extern char tmpline[];
+
+#endif /* _EXTERN_H_ */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3551 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+ simplifying the original so-called "semantic" parser. */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+ infringing on user name space. This should be done even for local
+ variables, as they might otherwise be expanded by user macros.
+ There are some unavoidable exceptions within include files to
+ define necessary library symbols; they are noted "INFRINGES ON
+ USER NAME SPACE" below. */
+
+/* Identify Bison output. */
+#define YYBISON 1
+
+/* Bison version. */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name. */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers. */
+#define YYPURE 0
+
+/* Using locations. */
+#define YYLSP_NEEDED 0
+
+
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ A = 258,
+ B = 259,
+ C = 260,
+ E = 261,
+ F = 262,
+ I = 263,
+ L = 264,
+ N = 265,
+ P = 266,
+ R = 267,
+ S = 268,
+ T = 269,
+ SP = 270,
+ CRLF = 271,
+ COMMA = 272,
+ USER = 273,
+ PASS = 274,
+ ACCT = 275,
+ REIN = 276,
+ QUIT = 277,
+ PORT = 278,
+ PASV = 279,
+ TYPE = 280,
+ STRU = 281,
+ MODE = 282,
+ RETR = 283,
+ STOR = 284,
+ APPE = 285,
+ MLFL = 286,
+ MAIL = 287,
+ MSND = 288,
+ MSOM = 289,
+ MSAM = 290,
+ MRSQ = 291,
+ MRCP = 292,
+ ALLO = 293,
+ REST = 294,
+ RNFR = 295,
+ RNTO = 296,
+ ABOR = 297,
+ DELE = 298,
+ CWD = 299,
+ LIST = 300,
+ NLST = 301,
+ SITE = 302,
+ sTAT = 303,
+ HELP = 304,
+ NOOP = 305,
+ MKD = 306,
+ RMD = 307,
+ PWD = 308,
+ CDUP = 309,
+ STOU = 310,
+ SMNT = 311,
+ SYST = 312,
+ SIZE = 313,
+ MDTM = 314,
+ EPRT = 315,
+ EPSV = 316,
+ UMASK = 317,
+ IDLE = 318,
+ CHMOD = 319,
+ AUTH = 320,
+ ADAT = 321,
+ PROT = 322,
+ PBSZ = 323,
+ CCC = 324,
+ MIC = 325,
+ CONF = 326,
+ ENC = 327,
+ KAUTH = 328,
+ KLIST = 329,
+ KDESTROY = 330,
+ KRBTKFILE = 331,
+ AFSLOG = 332,
+ LOCATE = 333,
+ URL = 334,
+ FEAT = 335,
+ OPTS = 336,
+ LEXERR = 337,
+ STRING = 338,
+ NUMBER = 339
+ };
+#endif
+/* Tokens. */
+#define A 258
+#define B 259
+#define C 260
+#define E 261
+#define F 262
+#define I 263
+#define L 264
+#define N 265
+#define P 266
+#define R 267
+#define S 268
+#define T 269
+#define SP 270
+#define CRLF 271
+#define COMMA 272
+#define USER 273
+#define PASS 274
+#define ACCT 275
+#define REIN 276
+#define QUIT 277
+#define PORT 278
+#define PASV 279
+#define TYPE 280
+#define STRU 281
+#define MODE 282
+#define RETR 283
+#define STOR 284
+#define APPE 285
+#define MLFL 286
+#define MAIL 287
+#define MSND 288
+#define MSOM 289
+#define MSAM 290
+#define MRSQ 291
+#define MRCP 292
+#define ALLO 293
+#define REST 294
+#define RNFR 295
+#define RNTO 296
+#define ABOR 297
+#define DELE 298
+#define CWD 299
+#define LIST 300
+#define NLST 301
+#define SITE 302
+#define sTAT 303
+#define HELP 304
+#define NOOP 305
+#define MKD 306
+#define RMD 307
+#define PWD 308
+#define CDUP 309
+#define STOU 310
+#define SMNT 311
+#define SYST 312
+#define SIZE 313
+#define MDTM 314
+#define EPRT 315
+#define EPSV 316
+#define UMASK 317
+#define IDLE 318
+#define CHMOD 319
+#define AUTH 320
+#define ADAT 321
+#define PROT 322
+#define PBSZ 323
+#define CCC 324
+#define MIC 325
+#define CONF 326
+#define ENC 327
+#define KAUTH 328
+#define KLIST 329
+#define KDESTROY 330
+#define KRBTKFILE 331
+#define AFSLOG 332
+#define LOCATE 333
+#define URL 334
+#define FEAT 335
+#define OPTS 336
+#define LEXERR 337
+#define STRING 338
+#define NUMBER 339
+
+
+
+
+/* Copy the first part of user declarations. */
+#line 43 "ftpcmd.y"
+
+
+#include "ftpd_locl.h"
+RCSID("$Id: ftpcmd.c,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $");
+
+off_t restart_point;
+
+static int hasyyerrored;
+
+
+static int cmd_type;
+static int cmd_form;
+static int cmd_bytesz;
+char cbuf[64*1024];
+char *fromname;
+
+struct tab {
+ char *name;
+ short token;
+ short state;
+ short implemented; /* 1 if command is implemented */
+ char *help;
+};
+
+extern struct tab cmdtab[];
+extern struct tab sitetab[];
+
+static char *copy (char *);
+static void help (struct tab *, char *);
+static struct tab *
+ lookup (struct tab *, char *);
+static void sizecmd (char *);
+static RETSIGTYPE toolong (int);
+static int yylex (void);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+
+
+/* Enabling traces. */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages. */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table. */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 86 "ftpcmd.y"
+{
+ int i;
+ char *s;
+}
+/* Line 193 of yacc.c. */
+#line 312 "ftpcmd.c"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations. */
+
+
+/* Line 216 of yacc.c. */
+#line 325 "ftpcmd.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+# define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+# define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# else
+# define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+# if ENABLE_NLS
+# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+# define YY_(msgid) dgettext ("bison-runtime", msgid)
+# endif
+# endif
+# ifndef YY_
+# define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E. */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions. */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+ int i;
+#endif
+{
+ return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols. */
+
+# ifdef YYSTACK_USE_ALLOCA
+# if YYSTACK_USE_ALLOCA
+# ifdef __GNUC__
+# define YYSTACK_ALLOC __builtin_alloca
+# elif defined __BUILTIN_VA_ARG_INCR
+# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+# elif defined _AIX
+# define YYSTACK_ALLOC __alloca
+# elif defined _MSC_VER
+# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+# define alloca _alloca
+# else
+# define YYSTACK_ALLOC alloca
+# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# endif
+# endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+ /* Pacify GCC's `empty if-body' warning. */
+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+# ifndef YYSTACK_ALLOC_MAXIMUM
+ /* The OS might guarantee only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
+ to allow for a few compiler-allocated temporary stack slots. */
+# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+# endif
+# else
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
+# ifndef YYSTACK_ALLOC_MAXIMUM
+# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+# endif
+# if (defined __cplusplus && ! defined _STDLIB_H \
+ && ! ((defined YYMALLOC || defined malloc) \
+ && (defined YYFREE || defined free)))
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# ifndef YYFREE
+# define YYFREE free
+# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+ && (! defined __cplusplus \
+ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member. */
+union yyalloc
+{
+ yytype_int16 yyss;
+ YYSTYPE yyvs;
+ };
+
+/* The size of the maximum gap between one aligned stack and the next. */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+ N elements. */
+# define YYSTACK_BYTES(N) \
+ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+ + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO. The source and destination do
+ not overlap. */
+# ifndef YYCOPY
+# if defined __GNUC__ && 1 < __GNUC__
+# define YYCOPY(To, From, Count) \
+ __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+# else
+# define YYCOPY(To, From, Count) \
+ do \
+ { \
+ YYSIZE_T yyi; \
+ for (yyi = 0; yyi < (Count); yyi++) \
+ (To)[yyi] = (From)[yyi]; \
+ } \
+ while (YYID (0))
+# endif
+# endif
+
+/* Relocate STACK from its old location to the new one. The
+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
+ elements in the stack, and YYPTR gives the new location of the
+ stack. Advance YYPTR to a properly aligned location for the next
+ stack. */
+# define YYSTACK_RELOCATE(Stack) \
+ do \
+ { \
+ YYSIZE_T yynewbytes; \
+ YYCOPY (&yyptr->Stack, Stack, yysize); \
+ Stack = &yyptr->Stack; \
+ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+ yyptr += yynewbytes / sizeof (*yyptr); \
+ } \
+ while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL 2
+/* YYLAST -- Last index in YYTABLE. */
+#define YYLAST 327
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS 85
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS 18
+/* YYNRULES -- Number of rules. */
+#define YYNRULES 98
+/* YYNRULES -- Number of states. */
+#define YYNSTATES 317
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
+#define YYUNDEFTOK 2
+#define YYMAXUTOK 339
+
+#define YYTRANSLATE(YYX) \
+ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
+static const yytype_uint8 yytranslate[] =
+{
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
+ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
+ 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
+ 45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
+ 55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
+ 65, 66, 67, 68, 69, 70, 71, 72, 73, 74,
+ 75, 76, 77, 78, 79, 80, 81, 82, 83, 84
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+ YYRHS. */
+static const yytype_uint16 yyprhs[] =
+{
+ 0, 0, 3, 4, 7, 10, 16, 22, 28, 34,
+ 38, 42, 48, 54, 60, 66, 72, 82, 88, 94,
+ 100, 104, 110, 114, 120, 126, 130, 136, 142, 146,
+ 150, 156, 160, 166, 170, 176, 182, 186, 190, 194,
+ 200, 206, 214, 220, 228, 238, 244, 252, 260, 266,
+ 272, 280, 286, 294, 302, 308, 314, 318, 324, 330,
+ 334, 337, 343, 349, 354, 359, 365, 371, 375, 380,
+ 385, 390, 392, 393, 395, 397, 409, 411, 413, 415,
+ 417, 421, 423, 427, 429, 431, 435, 438, 440, 442,
+ 444, 446, 448, 450, 452, 454, 456, 458, 460
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yytype_int8 yyrhs[] =
+{
+ 86, 0, -1, -1, 86, 87, -1, 86, 88, -1,
+ 18, 15, 89, 16, 102, -1, 19, 15, 90, 16,
+ 102, -1, 23, 15, 92, 16, 102, -1, 60, 15,
+ 83, 16, 102, -1, 24, 16, 101, -1, 61, 16,
+ 101, -1, 61, 15, 83, 16, 101, -1, 25, 15,
+ 94, 16, 102, -1, 26, 15, 95, 16, 102, -1,
+ 27, 15, 96, 16, 102, -1, 38, 15, 84, 16,
+ 102, -1, 38, 15, 84, 15, 12, 15, 84, 16,
+ 102, -1, 28, 15, 97, 16, 101, -1, 29, 15,
+ 97, 16, 101, -1, 30, 15, 97, 16, 101, -1,
+ 46, 16, 101, -1, 46, 15, 83, 16, 101, -1,
+ 45, 16, 101, -1, 45, 15, 97, 16, 101, -1,
+ 48, 15, 97, 16, 101, -1, 48, 16, 102, -1,
+ 43, 15, 97, 16, 100, -1, 41, 15, 97, 16,
+ 100, -1, 42, 16, 102, -1, 44, 16, 101, -1,
+ 44, 15, 97, 16, 101, -1, 49, 16, 102, -1,
+ 49, 15, 83, 16, 102, -1, 50, 16, 102, -1,
+ 51, 15, 97, 16, 101, -1, 52, 15, 97, 16,
+ 100, -1, 53, 16, 101, -1, 54, 16, 101, -1,
+ 80, 16, 102, -1, 81, 15, 83, 16, 102, -1,
+ 47, 15, 49, 16, 102, -1, 47, 15, 49, 15,
+ 83, 16, 102, -1, 47, 15, 62, 16, 101, -1,
+ 47, 15, 62, 15, 99, 16, 100, -1, 47, 15,
+ 64, 15, 99, 15, 97, 16, 100, -1, 47, 15,
+ 63, 16, 102, -1, 47, 15, 63, 15, 84, 16,
+ 102, -1, 47, 15, 73, 15, 83, 16, 101, -1,
+ 47, 15, 74, 16, 101, -1, 47, 15, 75, 16,
+ 101, -1, 47, 15, 76, 15, 83, 16, 101, -1,
+ 47, 15, 77, 16, 101, -1, 47, 15, 77, 15,
+ 83, 16, 101, -1, 47, 15, 78, 15, 83, 16,
+ 101, -1, 47, 15, 79, 16, 102, -1, 55, 15,
+ 97, 16, 101, -1, 57, 16, 102, -1, 58, 15,
+ 97, 16, 101, -1, 59, 15, 97, 16, 101, -1,
+ 22, 16, 102, -1, 1, 16, -1, 40, 15, 97,
+ 16, 100, -1, 39, 15, 91, 16, 102, -1, 65,
+ 15, 83, 16, -1, 66, 15, 83, 16, -1, 68,
+ 15, 84, 16, 102, -1, 67, 15, 83, 16, 102,
+ -1, 69, 16, 102, -1, 70, 15, 83, 16, -1,
+ 71, 15, 83, 16, -1, 72, 15, 83, 16, -1,
+ 83, -1, -1, 83, -1, 84, -1, 84, 17, 84,
+ 17, 84, 17, 84, 17, 84, 17, 84, -1, 10,
+ -1, 14, -1, 5, -1, 3, -1, 3, 15, 93,
+ -1, 6, -1, 6, 15, 93, -1, 8, -1, 9,
+ -1, 9, 15, 91, -1, 9, 91, -1, 7, -1,
+ 12, -1, 11, -1, 13, -1, 4, -1, 5, -1,
+ 98, -1, 83, -1, 84, -1, 101, -1, 102, -1,
+ -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+static const yytype_uint16 yyrline[] =
+{
+ 0, 129, 129, 131, 136, 140, 146, 153, 164, 170,
+ 175, 180, 186, 223, 237, 251, 257, 263, 272, 281,
+ 290, 295, 304, 309, 315, 322, 327, 334, 348, 353,
+ 358, 365, 370, 387, 392, 399, 406, 411, 416, 426,
+ 433, 438, 443, 451, 464, 478, 485, 502, 525, 530,
+ 539, 552, 563, 576, 583, 588, 595, 613, 630, 658,
+ 665, 671, 681, 691, 696, 701, 706, 711, 716, 721,
+ 726, 734, 739, 742, 746, 750, 763, 767, 771, 778,
+ 783, 788, 793, 798, 802, 807, 813, 821, 825, 829,
+ 836, 840, 844, 851, 879, 883, 909, 917, 928
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+ "$end", "error", "$undefined", "A", "B", "C", "E", "F", "I", "L", "N",
+ "P", "R", "S", "T", "SP", "CRLF", "COMMA", "USER", "PASS", "ACCT",
+ "REIN", "QUIT", "PORT", "PASV", "TYPE", "STRU", "MODE", "RETR", "STOR",
+ "APPE", "MLFL", "MAIL", "MSND", "MSOM", "MSAM", "MRSQ", "MRCP", "ALLO",
+ "REST", "RNFR", "RNTO", "ABOR", "DELE", "CWD", "LIST", "NLST", "SITE",
+ "sTAT", "HELP", "NOOP", "MKD", "RMD", "PWD", "CDUP", "STOU", "SMNT",
+ "SYST", "SIZE", "MDTM", "EPRT", "EPSV", "UMASK", "IDLE", "CHMOD", "AUTH",
+ "ADAT", "PROT", "PBSZ", "CCC", "MIC", "CONF", "ENC", "KAUTH", "KLIST",
+ "KDESTROY", "KRBTKFILE", "AFSLOG", "LOCATE", "URL", "FEAT", "OPTS",
+ "LEXERR", "STRING", "NUMBER", "$accept", "cmd_list", "cmd", "rcmd",
+ "username", "password", "byte_size", "host_port", "form_code",
+ "type_code", "struct_code", "mode_code", "pathname", "pathstring",
+ "octal_number", "check_login_no_guest", "check_login", "check_secure", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+ token YYLEX-NUM. */
+static const yytype_uint16 yytoknum[] =
+{
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
+ 265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
+ 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
+ 285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
+ 295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
+ 305, 306, 307, 308, 309, 310, 311, 312, 313, 314,
+ 315, 316, 317, 318, 319, 320, 321, 322, 323, 324,
+ 325, 326, 327, 328, 329, 330, 331, 332, 333, 334,
+ 335, 336, 337, 338, 339
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
+static const yytype_uint8 yyr1[] =
+{
+ 0, 85, 86, 86, 86, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 87, 87, 87, 87, 87, 87,
+ 87, 88, 88, 88, 88, 88, 88, 88, 88, 88,
+ 88, 89, 90, 90, 91, 92, 93, 93, 93, 94,
+ 94, 94, 94, 94, 94, 94, 94, 95, 95, 95,
+ 96, 96, 96, 97, 98, 99, 100, 101, 102
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
+static const yytype_uint8 yyr2[] =
+{
+ 0, 2, 0, 2, 2, 5, 5, 5, 5, 3,
+ 3, 5, 5, 5, 5, 5, 9, 5, 5, 5,
+ 3, 5, 3, 5, 5, 3, 5, 5, 3, 3,
+ 5, 3, 5, 3, 5, 5, 3, 3, 3, 5,
+ 5, 7, 5, 7, 9, 5, 7, 7, 5, 5,
+ 7, 5, 7, 7, 5, 5, 3, 5, 5, 3,
+ 2, 5, 5, 4, 4, 5, 5, 3, 4, 4,
+ 4, 1, 0, 1, 1, 11, 1, 1, 1, 1,
+ 3, 1, 3, 1, 1, 3, 2, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 0
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+ STATE-NUM when YYTABLE doesn't specify something else to do. Zero
+ means the default is an error. */
+static const yytype_uint8 yydefact[] =
+{
+ 2, 0, 1, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 3, 4,
+ 60, 0, 72, 98, 0, 98, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 98, 0, 0, 98,
+ 0, 98, 0, 98, 0, 0, 98, 0, 98, 98,
+ 0, 0, 98, 98, 0, 98, 0, 0, 0, 0,
+ 98, 0, 0, 0, 0, 98, 0, 0, 0, 98,
+ 0, 71, 0, 73, 0, 59, 0, 0, 9, 97,
+ 79, 81, 83, 84, 0, 87, 89, 88, 0, 91,
+ 92, 90, 0, 94, 0, 93, 0, 0, 0, 74,
+ 0, 0, 0, 28, 0, 0, 29, 0, 22, 0,
+ 20, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 25, 0, 31, 33, 0, 0, 36,
+ 37, 0, 56, 0, 0, 0, 0, 10, 0, 0,
+ 0, 0, 67, 0, 0, 0, 38, 0, 98, 98,
+ 0, 98, 0, 0, 0, 86, 98, 98, 98, 98,
+ 98, 98, 0, 98, 98, 98, 98, 98, 98, 98,
+ 98, 0, 98, 0, 98, 0, 98, 0, 0, 98,
+ 98, 0, 0, 98, 0, 98, 98, 98, 98, 98,
+ 98, 98, 98, 98, 98, 63, 64, 98, 98, 68,
+ 69, 70, 98, 5, 6, 0, 7, 78, 76, 77,
+ 80, 82, 85, 12, 13, 14, 17, 18, 19, 0,
+ 15, 62, 61, 96, 27, 26, 30, 23, 21, 0,
+ 40, 95, 0, 42, 0, 45, 0, 0, 48, 49,
+ 0, 0, 51, 0, 54, 24, 32, 34, 35, 55,
+ 57, 58, 8, 11, 66, 65, 39, 0, 0, 98,
+ 98, 98, 0, 98, 98, 98, 98, 0, 0, 41,
+ 43, 46, 0, 47, 50, 52, 53, 0, 98, 98,
+ 0, 16, 44, 0, 0, 0, 75
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const yytype_int16 yydefgoto[] =
+{
+ -1, 1, 48, 49, 102, 104, 130, 107, 240, 114,
+ 118, 122, 124, 125, 262, 252, 253, 109
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+ STATE-NUM. */
+#define YYPACT_NINF -196
+static const yytype_int16 yypact[] =
+{
+ -196, 246, -196, 3, 13, 20, 11, 24, 21, 26,
+ 30, 45, 66, 67, 68, 69, 70, 71, 72, 76,
+ 73, -7, -5, 15, 78, 28, 32, 80, 79, 82,
+ 83, 91, 93, 94, 96, 97, 98, 38, 100, 101,
+ 102, 103, 104, 106, 107, 108, 111, 109, -196, -196,
+ -196, -66, 36, -196, 14, -196, 12, 22, 1, 46,
+ 46, 46, 25, 48, 46, 46, -196, 46, 46, -196,
+ 46, -196, 53, -196, 27, 46, -196, 55, -196, -196,
+ 46, 46, -196, -196, 46, -196, 46, 46, 56, 59,
+ -196, 60, 61, 62, 63, -196, 65, 77, 85, -196,
+ 86, -196, 114, -196, 115, -196, 120, 130, -196, -196,
+ 135, 136, -196, -11, 138, -196, -196, -196, 139, -196,
+ -196, -196, 143, -196, 145, -196, 147, 156, 47, -196,
+ 157, 162, 165, -196, 166, 168, -196, 170, -196, 174,
+ -196, 49, 52, 54, 137, 177, 178, 179, 181, 64,
+ 182, 183, 184, -196, 185, -196, -196, 186, 187, -196,
+ -196, 188, -196, 189, 190, 191, 192, -196, 193, 194,
+ 195, 196, -196, 197, 198, 199, -196, 200, -196, -196,
+ 133, -196, 2, 2, 48, -196, -196, -196, -196, -196,
+ -196, -196, 206, -196, -196, -196, -196, -196, -196, -196,
+ -196, 110, -196, 140, -196, 141, -196, 140, 144, -196,
+ -196, 146, 148, -196, 149, -196, -196, -196, -196, -196,
+ -196, -196, -196, -196, -196, -196, -196, -196, -196, -196,
+ -196, -196, -196, -196, -196, 202, -196, -196, -196, -196,
+ -196, -196, -196, -196, -196, -196, -196, -196, -196, 205,
+ -196, -196, -196, -196, -196, -196, -196, -196, -196, 207,
+ -196, -196, 210, -196, 212, -196, 215, 217, -196, -196,
+ 218, 219, -196, 221, -196, -196, -196, -196, -196, -196,
+ -196, -196, -196, -196, -196, -196, -196, 155, 158, -196,
+ -196, -196, 46, -196, -196, -196, -196, 204, 224, -196,
+ -196, -196, 225, -196, -196, -196, -196, 159, -196, -196,
+ 227, -196, -196, 161, 231, 167, -196
+};
+
+/* YYPGOTO[NTERM-NUM]. */
+static const yytype_int16 yypgoto[] =
+{
+ -196, -196, -196, -196, -196, -196, -110, -196, 39, -196,
+ -196, -196, -9, -196, 42, -195, -33, -53
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
+ positive, shift that token. If negative, reduce the rule which
+ number is the opposite. If zero, do what YYDEFACT says.
+ If YYTABLE_NINF, syntax error. */
+#define YYTABLE_NINF -1
+static const yytype_uint16 yytable[] =
+{
+ 105, 254, 255, 185, 184, 119, 120, 237, 68, 69,
+ 70, 71, 238, 133, 121, 110, 239, 101, 111, 50,
+ 112, 113, 108, 153, 278, 155, 156, 53, 51, 115,
+ 72, 73, 162, 116, 117, 52, 136, 55, 138, 54,
+ 140, 56, 172, 75, 76, 57, 176, 77, 78, 159,
+ 160, 126, 127, 89, 90, 131, 132, 167, 134, 135,
+ 58, 137, 192, 193, 201, 202, 152, 203, 204, 205,
+ 206, 157, 158, 129, 242, 161, 141, 163, 164, 212,
+ 213, 59, 60, 61, 62, 63, 64, 65, 67, 142,
+ 143, 144, 66, 74, 80, 300, 79, 81, 106, 82,
+ 145, 146, 147, 148, 149, 150, 151, 83, 84, 128,
+ 85, 86, 87, 88, 312, 91, 92, 93, 94, 103,
+ 95, 96, 97, 98, 100, 233, 234, 99, 236, 123,
+ 178, 179, 129, 243, 244, 245, 139, 180, 154, 165,
+ 250, 251, 166, 168, 169, 170, 181, 171, 173, 260,
+ 182, 183, 207, 265, 186, 187, 246, 247, 248, 188,
+ 174, 189, 274, 190, 276, 256, 257, 258, 175, 177,
+ 282, 263, 191, 194, 284, 285, 268, 269, 195, 286,
+ 272, 196, 197, 275, 198, 277, 199, 279, 280, 281,
+ 200, 283, 208, 259, 209, 210, 211, 214, 0, 215,
+ 216, 217, 218, 219, 220, 221, 222, 223, 224, 225,
+ 226, 227, 228, 229, 230, 231, 232, 235, 249, 287,
+ 288, 307, 241, 289, 261, 264, 290, 267, 291, 270,
+ 292, 271, 273, 293, 294, 295, 299, 296, 301, 297,
+ 308, 309, 298, 310, 313, 314, 2, 3, 315, 266,
+ 0, 316, 0, 0, 0, 311, 0, 0, 0, 0,
+ 303, 304, 305, 306, 4, 5, 0, 0, 6, 7,
+ 8, 9, 10, 11, 12, 13, 14, 0, 0, 0,
+ 0, 0, 0, 302, 15, 16, 17, 18, 19, 20,
+ 21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
+ 31, 32, 0, 33, 34, 35, 36, 37, 0, 0,
+ 0, 38, 39, 40, 41, 42, 43, 44, 45, 0,
+ 0, 0, 0, 0, 0, 0, 46, 47
+};
+
+static const yytype_int16 yycheck[] =
+{
+ 53, 196, 197, 113, 15, 4, 5, 5, 15, 16,
+ 15, 16, 10, 66, 13, 3, 14, 83, 6, 16,
+ 8, 9, 55, 76, 219, 78, 79, 16, 15, 7,
+ 15, 16, 85, 11, 12, 15, 69, 16, 71, 15,
+ 73, 15, 95, 15, 16, 15, 99, 15, 16, 82,
+ 83, 60, 61, 15, 16, 64, 65, 90, 67, 68,
+ 15, 70, 15, 16, 15, 16, 75, 15, 16, 15,
+ 16, 80, 81, 84, 184, 84, 49, 86, 87, 15,
+ 16, 15, 15, 15, 15, 15, 15, 15, 15, 62,
+ 63, 64, 16, 15, 15, 290, 16, 15, 84, 16,
+ 73, 74, 75, 76, 77, 78, 79, 16, 15, 84,
+ 16, 15, 15, 15, 309, 15, 15, 15, 15, 83,
+ 16, 15, 15, 15, 15, 178, 179, 16, 181, 83,
+ 16, 16, 84, 186, 187, 188, 83, 17, 83, 83,
+ 193, 194, 83, 83, 83, 83, 16, 84, 83, 202,
+ 15, 15, 15, 206, 16, 16, 189, 190, 191, 16,
+ 83, 16, 215, 16, 217, 198, 199, 200, 83, 83,
+ 223, 204, 16, 16, 227, 228, 209, 210, 16, 232,
+ 213, 16, 16, 216, 16, 218, 16, 220, 221, 222,
+ 16, 224, 15, 83, 16, 16, 15, 15, -1, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 84, 12, 17,
+ 15, 17, 183, 16, 84, 84, 16, 83, 16, 83,
+ 15, 83, 83, 16, 16, 16, 289, 16, 291, 84,
+ 16, 16, 84, 84, 17, 84, 0, 1, 17, 207,
+ -1, 84, -1, -1, -1, 308, -1, -1, -1, -1,
+ 293, 294, 295, 296, 18, 19, -1, -1, 22, 23,
+ 24, 25, 26, 27, 28, 29, 30, -1, -1, -1,
+ -1, -1, -1, 292, 38, 39, 40, 41, 42, 43,
+ 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
+ 54, 55, -1, 57, 58, 59, 60, 61, -1, -1,
+ -1, 65, 66, 67, 68, 69, 70, 71, 72, -1,
+ -1, -1, -1, -1, -1, -1, 80, 81
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+ symbol of state STATE-NUM. */
+static const yytype_uint8 yystos[] =
+{
+ 0, 86, 0, 1, 18, 19, 22, 23, 24, 25,
+ 26, 27, 28, 29, 30, 38, 39, 40, 41, 42,
+ 43, 44, 45, 46, 47, 48, 49, 50, 51, 52,
+ 53, 54, 55, 57, 58, 59, 60, 61, 65, 66,
+ 67, 68, 69, 70, 71, 72, 80, 81, 87, 88,
+ 16, 15, 15, 16, 15, 16, 15, 15, 15, 15,
+ 15, 15, 15, 15, 15, 15, 16, 15, 15, 16,
+ 15, 16, 15, 16, 15, 15, 16, 15, 16, 16,
+ 15, 15, 16, 16, 15, 16, 15, 15, 15, 15,
+ 16, 15, 15, 15, 15, 16, 15, 15, 15, 16,
+ 15, 83, 89, 83, 90, 102, 84, 92, 101, 102,
+ 3, 6, 8, 9, 94, 7, 11, 12, 95, 4,
+ 5, 13, 96, 83, 97, 98, 97, 97, 84, 84,
+ 91, 97, 97, 102, 97, 97, 101, 97, 101, 83,
+ 101, 49, 62, 63, 64, 73, 74, 75, 76, 77,
+ 78, 79, 97, 102, 83, 102, 102, 97, 97, 101,
+ 101, 97, 102, 97, 97, 83, 83, 101, 83, 83,
+ 83, 84, 102, 83, 83, 83, 102, 83, 16, 16,
+ 17, 16, 15, 15, 15, 91, 16, 16, 16, 16,
+ 16, 16, 15, 16, 16, 16, 16, 16, 16, 16,
+ 16, 15, 16, 15, 16, 15, 16, 15, 15, 16,
+ 16, 15, 15, 16, 15, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 102, 102, 84, 102, 5, 10, 14,
+ 93, 93, 91, 102, 102, 102, 101, 101, 101, 12,
+ 102, 102, 100, 101, 100, 100, 101, 101, 101, 83,
+ 102, 84, 99, 101, 84, 102, 99, 83, 101, 101,
+ 83, 83, 101, 83, 102, 101, 102, 101, 100, 101,
+ 101, 101, 102, 101, 102, 102, 102, 17, 15, 16,
+ 16, 16, 15, 16, 16, 16, 16, 84, 84, 102,
+ 100, 102, 97, 101, 101, 101, 101, 17, 16, 16,
+ 84, 102, 100, 17, 84, 17, 84
+};
+
+#define yyerrok (yyerrstatus = 0)
+#define yyclearin (yychar = YYEMPTY)
+#define YYEMPTY (-2)
+#define YYEOF 0
+
+#define YYACCEPT goto yyacceptlab
+#define YYABORT goto yyabortlab
+#define YYERROR goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror. This remains here temporarily
+ to ease the transition to the new meaning of YYERROR, for GCC.
+ Once GCC version 2 has supplanted version 1, this can go. */
+
+#define YYFAIL goto yyerrlab
+
+#define YYRECOVERING() (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value) \
+do \
+ if (yychar == YYEMPTY && yylen == 1) \
+ { \
+ yychar = (Token); \
+ yylval = (Value); \
+ yytoken = YYTRANSLATE (yychar); \
+ YYPOPSTACK (1); \
+ goto yybackup; \
+ } \
+ else \
+ { \
+ yyerror (YY_("syntax error: cannot back up")); \
+ YYERROR; \
+ } \
+while (YYID (0))
+
+
+#define YYTERROR 1
+#define YYERRCODE 256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (YYID (N)) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+ This macro was not mandated originally: define only if we know
+ we won't break user code: when these are the locations we know. */
+
+#ifndef YY_LOCATION_PRINT
+# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+# define YY_LOCATION_PRINT(File, Loc) \
+ fprintf (File, "%d.%d-%d.%d", \
+ (Loc).first_line, (Loc).first_column, \
+ (Loc).last_line, (Loc).last_column)
+# else
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments. */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested. */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+# define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args) \
+do { \
+ if (yydebug) \
+ YYFPRINTF Args; \
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
+do { \
+ if (yydebug) \
+ { \
+ YYFPRINTF (stderr, "%s ", Title); \
+ yy_symbol_print (stderr, \
+ Type, Value); \
+ YYFPRINTF (stderr, "\n"); \
+ } \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (!yyvaluep)
+ return;
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+ YYUSE (yyoutput);
+# endif
+ switch (yytype)
+ {
+ default:
+ break;
+ }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (yytype < YYNTOKENS)
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+ else
+ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+ YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included). |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+ yytype_int16 *bottom;
+ yytype_int16 *top;
+#endif
+{
+ YYFPRINTF (stderr, "Stack now");
+ for (; bottom <= top; ++bottom)
+ YYFPRINTF (stderr, " %d", *bottom);
+ YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top) \
+do { \
+ if (yydebug) \
+ yy_stack_print ((Bottom), (Top)); \
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced. |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+ YYSTYPE *yyvsp;
+ int yyrule;
+#endif
+{
+ int yynrhs = yyr2[yyrule];
+ int yyi;
+ unsigned long int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+ yyrule - 1, yylno);
+ /* The symbols being reduced. */
+ for (yyi = 0; yyi < yynrhs; yyi++)
+ {
+ fprintf (stderr, " $%d = ", yyi + 1);
+ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+ &(yyvsp[(yyi + 1) - (yynrhs)])
+ );
+ fprintf (stderr, "\n");
+ }
+}
+
+# define YY_REDUCE_PRINT(Rule) \
+do { \
+ if (yydebug) \
+ yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace. It is left uninitialized so that
+ multiple parsers can coexist. */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks. */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+ if the built-in stack extension method is used).
+
+ Do not make this value too large; the results are undefined if
+ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ evaluated with infinite-precision integer arithmetic. */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+# if defined __GLIBC__ && defined _STRING_H
+# define yystrlen strlen
+# else
+/* Return the length of YYSTR. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+ const char *yystr;
+#endif
+{
+ YYSIZE_T yylen;
+ for (yylen = 0; yystr[yylen]; yylen++)
+ continue;
+ return yylen;
+}
+# endif
+# endif
+
+# ifndef yystpcpy
+# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+# define yystpcpy stpcpy
+# else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+ YYDEST. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+ char *yydest;
+ const char *yysrc;
+#endif
+{
+ char *yyd = yydest;
+ const char *yys = yysrc;
+
+ while ((*yyd++ = *yys++) != '\0')
+ continue;
+
+ return yyd - 1;
+}
+# endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+ quotes and backslashes, so that it's suitable for yyerror. The
+ heuristic is that double-quoting is unnecessary unless the string
+ contains an apostrophe, a comma, or backslash (other than
+ backslash-backslash). YYSTR is taken from yytname. If YYRES is
+ null, do not copy; instead, return the length of what the result
+ would have been. */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+ if (*yystr == '"')
+ {
+ YYSIZE_T yyn = 0;
+ char const *yyp = yystr;
+
+ for (;;)
+ switch (*++yyp)
+ {
+ case '\'':
+ case ',':
+ goto do_not_strip_quotes;
+
+ case '\\':
+ if (*++yyp != '\\')
+ goto do_not_strip_quotes;
+ /* Fall through. */
+ default:
+ if (yyres)
+ yyres[yyn] = *yyp;
+ yyn++;
+ break;
+
+ case '"':
+ if (yyres)
+ yyres[yyn] = '\0';
+ return yyn;
+ }
+ do_not_strip_quotes: ;
+ }
+
+ if (! yyres)
+ return yystrlen (yystr);
+
+ return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+ YYCHAR while in state YYSTATE. Return the number of bytes copied,
+ including the terminating null byte. If YYRESULT is null, do not
+ copy anything; just return the number of bytes that would be
+ copied. As a special case, return 0 if an ordinary "syntax error"
+ message will do. Return YYSIZE_MAXIMUM if overflow occurs during
+ size calculation. */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+ int yyn = yypact[yystate];
+
+ if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+ return 0;
+ else
+ {
+ int yytype = YYTRANSLATE (yychar);
+ YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+ YYSIZE_T yysize = yysize0;
+ YYSIZE_T yysize1;
+ int yysize_overflow = 0;
+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ int yyx;
+
+# if 0
+ /* This is so xgettext sees the translatable formats that are
+ constructed on the fly. */
+ YY_("syntax error, unexpected %s");
+ YY_("syntax error, unexpected %s, expecting %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+ char *yyfmt;
+ char const *yyf;
+ static char const yyunexpected[] = "syntax error, unexpected %s";
+ static char const yyexpecting[] = ", expecting %s";
+ static char const yyor[] = " or %s";
+ char yyformat[sizeof yyunexpected
+ + sizeof yyexpecting - 1
+ + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+ * (sizeof yyor - 1))];
+ char const *yyprefix = yyexpecting;
+
+ /* Start YYX at -YYN if negative to avoid negative indexes in
+ YYCHECK. */
+ int yyxbegin = yyn < 0 ? -yyn : 0;
+
+ /* Stay within bounds of both yycheck and yytname. */
+ int yychecklim = YYLAST - yyn + 1;
+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+ int yycount = 1;
+
+ yyarg[0] = yytname[yytype];
+ yyfmt = yystpcpy (yyformat, yyunexpected);
+
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+ {
+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ {
+ yycount = 1;
+ yysize = yysize0;
+ yyformat[sizeof yyunexpected - 1] = '\0';
+ break;
+ }
+ yyarg[yycount++] = yytname[yyx];
+ yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+ yyfmt = yystpcpy (yyfmt, yyprefix);
+ yyprefix = yyor;
+ }
+
+ yyf = YY_(yyformat);
+ yysize1 = yysize + yystrlen (yyf);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+
+ if (yysize_overflow)
+ return YYSIZE_MAXIMUM;
+
+ if (yyresult)
+ {
+ /* Avoid sprintf, as that infringes on the user's name space.
+ Don't have undefined behavior even if the translation
+ produced a string with the wrong number of "%s"s. */
+ char *yyp = yyresult;
+ int yyi = 0;
+ while ((*yyp = *yyf) != '\0')
+ {
+ if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+ {
+ yyp += yytnamerr (yyp, yyarg[yyi++]);
+ yyf += 2;
+ }
+ else
+ {
+ yyp++;
+ yyf++;
+ }
+ }
+ }
+ return yysize;
+ }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol. |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
+ int yytype;
+ YYSTYPE *yyvaluep;
+#endif
+{
+ YYUSE (yyvaluep);
+
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+ switch (yytype)
+ {
+
+ default:
+ break;
+ }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes. */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The look-ahead symbol. */
+int yychar;
+
+/* The semantic value of the look-ahead symbol. */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far. */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse. |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+ void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+ int yystate;
+ int yyn;
+ int yyresult;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
+ /* Look-ahead token as an internal (translated) token number. */
+ int yytoken = 0;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+ /* Three stacks and their tools:
+ `yyss': related to states,
+ `yyvs': related to semantic values,
+ `yyls': related to locations.
+
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss = yyssa;
+ yytype_int16 *yyssp;
+
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs = yyvsa;
+ YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
+
+ YYSIZE_T yystacksize = YYINITDEPTH;
+
+ /* The variables used to return semantic value and location from the
+ action routines. */
+ YYSTYPE yyval;
+
+
+ /* The number of symbols on the RHS of the reduced rule.
+ Keep to zero when no symbol should be popped. */
+ int yylen = 0;
+
+ YYDPRINTF ((stderr, "Starting parse\n"));
+
+ yystate = 0;
+ yyerrstatus = 0;
+ yynerrs = 0;
+ yychar = YYEMPTY; /* Cause a token to be read. */
+
+ /* Initialize stack pointers.
+ Waste one element of value and location stack
+ so that they stay on the same level as the state stack.
+ The wasted elements are never initialized. */
+
+ yyssp = yyss;
+ yyvsp = yyvs;
+
+ goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate. |
+`------------------------------------------------------------*/
+ yynewstate:
+ /* In all cases, when you get here, the value and location stacks
+ have just been pushed. So pushing a state here evens the stacks. */
+ yyssp++;
+
+ yysetstate:
+ *yyssp = yystate;
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ {
+ /* Get the current used size of the three stacks, in elements. */
+ YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+ {
+ /* Give user a chance to reallocate the stack. Use copies of
+ these so that the &'s don't force the real ones into
+ memory. */
+ YYSTYPE *yyvs1 = yyvs;
+ yytype_int16 *yyss1 = yyss;
+
+
+ /* Each stack pointer address is followed by the size of the
+ data in use in that stack, in bytes. This used to be a
+ conditional around just the two extra args, but that might
+ be undefined if yyoverflow is a macro. */
+ yyoverflow (YY_("memory exhausted"),
+ &yyss1, yysize * sizeof (*yyssp),
+ &yyvs1, yysize * sizeof (*yyvsp),
+
+ &yystacksize);
+
+ yyss = yyss1;
+ yyvs = yyvs1;
+ }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+ goto yyexhaustedlab;
+# else
+ /* Extend the stack our own way. */
+ if (YYMAXDEPTH <= yystacksize)
+ goto yyexhaustedlab;
+ yystacksize *= 2;
+ if (YYMAXDEPTH < yystacksize)
+ yystacksize = YYMAXDEPTH;
+
+ {
+ yytype_int16 *yyss1 = yyss;
+ union yyalloc *yyptr =
+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+ if (! yyptr)
+ goto yyexhaustedlab;
+ YYSTACK_RELOCATE (yyss);
+ YYSTACK_RELOCATE (yyvs);
+
+# undef YYSTACK_RELOCATE
+ if (yyss1 != yyssa)
+ YYSTACK_FREE (yyss1);
+ }
+# endif
+#endif /* no yyoverflow */
+
+ yyssp = yyss + yysize - 1;
+ yyvsp = yyvs + yysize - 1;
+
+
+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+ (unsigned long int) yystacksize));
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ YYABORT;
+ }
+
+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+ goto yybackup;
+
+/*-----------.
+| yybackup. |
+`-----------*/
+yybackup:
+
+ /* Do appropriate processing given the current state. Read a
+ look-ahead token if we need one and don't already have one. */
+
+ /* First try to decide what to do without reference to look-ahead token. */
+ yyn = yypact[yystate];
+ if (yyn == YYPACT_NINF)
+ goto yydefault;
+
+ /* Not known => get a look-ahead token if don't already have one. */
+
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ if (yychar == YYEMPTY)
+ {
+ YYDPRINTF ((stderr, "Reading a token: "));
+ yychar = YYLEX;
+ }
+
+ if (yychar <= YYEOF)
+ {
+ yychar = yytoken = YYEOF;
+ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+ else
+ {
+ yytoken = YYTRANSLATE (yychar);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+ }
+
+ /* If the proper action on seeing token YYTOKEN is to reduce or to
+ detect an error, take that action. */
+ yyn += yytoken;
+ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+ goto yydefault;
+ yyn = yytable[yyn];
+ if (yyn <= 0)
+ {
+ if (yyn == 0 || yyn == YYTABLE_NINF)
+ goto yyerrlab;
+ yyn = -yyn;
+ goto yyreduce;
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ /* Count tokens shifted since error; after three, turn off error
+ status. */
+ if (yyerrstatus)
+ yyerrstatus--;
+
+ /* Shift the look-ahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+ /* Discard the shifted token unless it is eof. */
+ if (yychar != YYEOF)
+ yychar = YYEMPTY;
+
+ yystate = yyn;
+ *++yyvsp = yylval;
+
+ goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state. |
+`-----------------------------------------------------------*/
+yydefault:
+ yyn = yydefact[yystate];
+ if (yyn == 0)
+ goto yyerrlab;
+ goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction. |
+`-----------------------------*/
+yyreduce:
+ /* yyn is the number of a rule to reduce with. */
+ yylen = yyr2[yyn];
+
+ /* If YYLEN is nonzero, implement the default value of the action:
+ `$$ = $1'.
+
+ Otherwise, the following line sets YYVAL to garbage.
+ This behavior is undocumented and Bison
+ users should not rely upon it. Assigning to YYVAL
+ unconditionally makes the parser a bit smaller, and it avoids a
+ GCC warning that YYVAL may be used uninitialized. */
+ yyval = yyvsp[1-yylen];
+
+
+ YY_REDUCE_PRINT (yyn);
+ switch (yyn)
+ {
+ case 3:
+#line 132 "ftpcmd.y"
+ {
+ fromname = (char *) 0;
+ restart_point = (off_t) 0;
+ }
+ break;
+
+ case 5:
+#line 141 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ user((yyvsp[(3) - (5)].s));
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 6:
+#line 147 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ pass((yyvsp[(3) - (5)].s));
+ memset ((yyvsp[(3) - (5)].s), 0, strlen((yyvsp[(3) - (5)].s)));
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 7:
+#line 154 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ usedefault = 0;
+ if (pdata >= 0) {
+ close(pdata);
+ pdata = -1;
+ }
+ reply(200, "PORT command successful.");
+ }
+ }
+ break;
+
+ case 8:
+#line 165 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ eprt ((yyvsp[(3) - (5)].s));
+ free ((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 9:
+#line 171 "ftpcmd.y"
+ {
+ if((yyvsp[(3) - (3)].i))
+ pasv ();
+ }
+ break;
+
+ case 10:
+#line 176 "ftpcmd.y"
+ {
+ if((yyvsp[(3) - (3)].i))
+ epsv (NULL);
+ }
+ break;
+
+ case 11:
+#line 181 "ftpcmd.y"
+ {
+ if((yyvsp[(5) - (5)].i))
+ epsv ((yyvsp[(3) - (5)].s));
+ free ((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 12:
+#line 187 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ switch (cmd_type) {
+
+ case TYPE_A:
+ if (cmd_form == FORM_N) {
+ reply(200, "Type set to A.");
+ type = cmd_type;
+ form = cmd_form;
+ } else
+ reply(504, "Form must be N.");
+ break;
+
+ case TYPE_E:
+ reply(504, "Type E not implemented.");
+ break;
+
+ case TYPE_I:
+ reply(200, "Type set to I.");
+ type = cmd_type;
+ break;
+
+ case TYPE_L:
+#if NBBY == 8
+ if (cmd_bytesz == 8) {
+ reply(200,
+ "Type set to L (byte size 8).");
+ type = cmd_type;
+ } else
+ reply(504, "Byte size must be 8.");
+#else /* NBBY == 8 */
+ UNIMPLEMENTED for NBBY != 8
+#endif /* NBBY == 8 */
+ }
+ }
+ }
+ break;
+
+ case 13:
+#line 224 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ switch ((yyvsp[(3) - (5)].i)) {
+
+ case STRU_F:
+ reply(200, "STRU F ok.");
+ break;
+
+ default:
+ reply(504, "Unimplemented STRU type.");
+ }
+ }
+ }
+ break;
+
+ case 14:
+#line 238 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ switch ((yyvsp[(3) - (5)].i)) {
+
+ case MODE_S:
+ reply(200, "MODE S ok.");
+ break;
+
+ default:
+ reply(502, "Unimplemented MODE type.");
+ }
+ }
+ }
+ break;
+
+ case 15:
+#line 252 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ reply(202, "ALLO command ignored.");
+ }
+ }
+ break;
+
+ case 16:
+#line 258 "ftpcmd.y"
+ {
+ if ((yyvsp[(9) - (9)].i)) {
+ reply(202, "ALLO command ignored.");
+ }
+ }
+ break;
+
+ case 17:
+#line 264 "ftpcmd.y"
+ {
+ char *name = (yyvsp[(3) - (5)].s);
+
+ if ((yyvsp[(5) - (5)].i) && name != NULL)
+ retrieve(0, name);
+ if (name != NULL)
+ free(name);
+ }
+ break;
+
+ case 18:
+#line 273 "ftpcmd.y"
+ {
+ char *name = (yyvsp[(3) - (5)].s);
+
+ if ((yyvsp[(5) - (5)].i) && name != NULL)
+ do_store(name, "w", 0);
+ if (name != NULL)
+ free(name);
+ }
+ break;
+
+ case 19:
+#line 282 "ftpcmd.y"
+ {
+ char *name = (yyvsp[(3) - (5)].s);
+
+ if ((yyvsp[(5) - (5)].i) && name != NULL)
+ do_store(name, "a", 0);
+ if (name != NULL)
+ free(name);
+ }
+ break;
+
+ case 20:
+#line 291 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ send_file_list(".");
+ }
+ break;
+
+ case 21:
+#line 296 "ftpcmd.y"
+ {
+ char *name = (yyvsp[(3) - (5)].s);
+
+ if ((yyvsp[(5) - (5)].i) && name != NULL)
+ send_file_list(name);
+ if (name != NULL)
+ free(name);
+ }
+ break;
+
+ case 22:
+#line 305 "ftpcmd.y"
+ {
+ if((yyvsp[(3) - (3)].i))
+ list_file(".");
+ }
+ break;
+
+ case 23:
+#line 310 "ftpcmd.y"
+ {
+ if((yyvsp[(5) - (5)].i))
+ list_file((yyvsp[(3) - (5)].s));
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 24:
+#line 316 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ statfilecmd((yyvsp[(3) - (5)].s));
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 25:
+#line 323 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ statcmd();
+ }
+ break;
+
+ case 26:
+#line 328 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ do_delete((yyvsp[(3) - (5)].s));
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 27:
+#line 335 "ftpcmd.y"
+ {
+ if((yyvsp[(5) - (5)].i)){
+ if (fromname) {
+ renamecmd(fromname, (yyvsp[(3) - (5)].s));
+ free(fromname);
+ fromname = (char *) 0;
+ } else {
+ reply(503, "Bad sequence of commands.");
+ }
+ }
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 28:
+#line 349 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ reply(225, "ABOR command successful.");
+ }
+ break;
+
+ case 29:
+#line 354 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ cwd(pw->pw_dir);
+ }
+ break;
+
+ case 30:
+#line 359 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ cwd((yyvsp[(3) - (5)].s));
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 31:
+#line 366 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ help(cmdtab, (char *) 0);
+ }
+ break;
+
+ case 32:
+#line 371 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ char *cp = (yyvsp[(3) - (5)].s);
+
+ if (strncasecmp(cp, "SITE", 4) == 0) {
+ cp = (yyvsp[(3) - (5)].s) + 4;
+ if (*cp == ' ')
+ cp++;
+ if (*cp)
+ help(sitetab, cp);
+ else
+ help(sitetab, (char *) 0);
+ } else
+ help(cmdtab, (yyvsp[(3) - (5)].s));
+ }
+ }
+ break;
+
+ case 33:
+#line 388 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ reply(200, "NOOP command successful.");
+ }
+ break;
+
+ case 34:
+#line 393 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ makedir((yyvsp[(3) - (5)].s));
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 35:
+#line 400 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ removedir((yyvsp[(3) - (5)].s));
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 36:
+#line 407 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ pwd();
+ }
+ break;
+
+ case 37:
+#line 412 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ cwd("..");
+ }
+ break;
+
+ case 38:
+#line 417 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i)) {
+ lreply(211, "Supported features:");
+ lreply(0, " MDTM");
+ lreply(0, " REST STREAM");
+ lreply(0, " SIZE");
+ reply(211, "End");
+ }
+ }
+ break;
+
+ case 39:
+#line 427 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ reply(501, "Bad options");
+ free ((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 40:
+#line 434 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ help(sitetab, (char *) 0);
+ }
+ break;
+
+ case 41:
+#line 439 "ftpcmd.y"
+ {
+ if ((yyvsp[(7) - (7)].i))
+ help(sitetab, (yyvsp[(5) - (7)].s));
+ }
+ break;
+
+ case 42:
+#line 444 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ int oldmask = umask(0);
+ umask(oldmask);
+ reply(200, "Current UMASK is %03o", oldmask);
+ }
+ }
+ break;
+
+ case 43:
+#line 452 "ftpcmd.y"
+ {
+ if ((yyvsp[(7) - (7)].i)) {
+ if (((yyvsp[(5) - (7)].i) == -1) || ((yyvsp[(5) - (7)].i) > 0777)) {
+ reply(501, "Bad UMASK value");
+ } else {
+ int oldmask = umask((yyvsp[(5) - (7)].i));
+ reply(200,
+ "UMASK set to %03o (was %03o)",
+ (yyvsp[(5) - (7)].i), oldmask);
+ }
+ }
+ }
+ break;
+
+ case 44:
+#line 465 "ftpcmd.y"
+ {
+ if ((yyvsp[(9) - (9)].i) && (yyvsp[(7) - (9)].s) != NULL) {
+ if ((yyvsp[(5) - (9)].i) > 0777)
+ reply(501,
+ "CHMOD: Mode value must be between 0 and 0777");
+ else if (chmod((yyvsp[(7) - (9)].s), (yyvsp[(5) - (9)].i)) < 0)
+ perror_reply(550, (yyvsp[(7) - (9)].s));
+ else
+ reply(200, "CHMOD command successful.");
+ }
+ if ((yyvsp[(7) - (9)].s) != NULL)
+ free((yyvsp[(7) - (9)].s));
+ }
+ break;
+
+ case 45:
+#line 479 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ reply(200,
+ "Current IDLE time limit is %d seconds; max %d",
+ ftpd_timeout, maxtimeout);
+ }
+ break;
+
+ case 46:
+#line 486 "ftpcmd.y"
+ {
+ if ((yyvsp[(7) - (7)].i)) {
+ if ((yyvsp[(5) - (7)].i) < 30 || (yyvsp[(5) - (7)].i) > maxtimeout) {
+ reply(501,
+ "Maximum IDLE time must be between 30 and %d seconds",
+ maxtimeout);
+ } else {
+ ftpd_timeout = (yyvsp[(5) - (7)].i);
+ alarm((unsigned) ftpd_timeout);
+ reply(200,
+ "Maximum IDLE time set to %d seconds",
+ ftpd_timeout);
+ }
+ }
+ }
+ break;
+
+ case 47:
+#line 503 "ftpcmd.y"
+ {
+#ifdef KRB4
+ char *p;
+
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else{
+ if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL){
+ p = strpbrk((yyvsp[(5) - (7)].s), " \t");
+ if(p){
+ *p++ = 0;
+ kauth((yyvsp[(5) - (7)].s), p + strspn(p, " \t"));
+ }else
+ kauth((yyvsp[(5) - (7)].s), NULL);
+ }
+ }
+ if((yyvsp[(5) - (7)].s) != NULL)
+ free((yyvsp[(5) - (7)].s));
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ break;
+
+ case 48:
+#line 526 "ftpcmd.y"
+ {
+ if((yyvsp[(5) - (5)].i))
+ klist();
+ }
+ break;
+
+ case 49:
+#line 531 "ftpcmd.y"
+ {
+#ifdef KRB4
+ if((yyvsp[(5) - (5)].i))
+ kdestroy();
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ break;
+
+ case 50:
+#line 540 "ftpcmd.y"
+ {
+#ifdef KRB4
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s))
+ krbtkfile((yyvsp[(5) - (7)].s));
+ if((yyvsp[(5) - (7)].s))
+ free((yyvsp[(5) - (7)].s));
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ break;
+
+ case 51:
+#line 553 "ftpcmd.y"
+ {
+#if defined(KRB4) || defined(KRB5)
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else if((yyvsp[(5) - (5)].i))
+ afslog(NULL, 0);
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ break;
+
+ case 52:
+#line 564 "ftpcmd.y"
+ {
+#if defined(KRB4) || defined(KRB5)
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else if((yyvsp[(7) - (7)].i))
+ afslog((yyvsp[(5) - (7)].s), 0);
+ if((yyvsp[(5) - (7)].s))
+ free((yyvsp[(5) - (7)].s));
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ break;
+
+ case 53:
+#line 577 "ftpcmd.y"
+ {
+ if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL)
+ find((yyvsp[(5) - (7)].s));
+ if((yyvsp[(5) - (7)].s) != NULL)
+ free((yyvsp[(5) - (7)].s));
+ }
+ break;
+
+ case 54:
+#line 584 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ reply(200, "http://www.pdc.kth.se/heimdal/");
+ }
+ break;
+
+ case 55:
+#line 589 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ do_store((yyvsp[(3) - (5)].s), "w", 1);
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 56:
+#line 596 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i)) {
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+ reply(215, "UNIX Type: L%d", NBBY);
+#else
+ reply(215, "UNKNOWN Type: L%d", NBBY);
+#endif
+ }
+ }
+ break;
+
+ case 57:
+#line 614 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL)
+ sizecmd((yyvsp[(3) - (5)].s));
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 58:
+#line 631 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) {
+ struct stat stbuf;
+ if (stat((yyvsp[(3) - (5)].s), &stbuf) < 0)
+ reply(550, "%s: %s",
+ (yyvsp[(3) - (5)].s), strerror(errno));
+ else if (!S_ISREG(stbuf.st_mode)) {
+ reply(550,
+ "%s: not a plain file.", (yyvsp[(3) - (5)].s));
+ } else {
+ struct tm *t;
+ time_t mtime = stbuf.st_mtime;
+
+ t = gmtime(&mtime);
+ reply(213,
+ "%04d%02d%02d%02d%02d%02d",
+ t->tm_year + 1900,
+ t->tm_mon + 1,
+ t->tm_mday,
+ t->tm_hour,
+ t->tm_min,
+ t->tm_sec);
+ }
+ }
+ if ((yyvsp[(3) - (5)].s) != NULL)
+ free((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 59:
+#line 659 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i)) {
+ reply(221, "Goodbye.");
+ dologout(0);
+ }
+ }
+ break;
+
+ case 60:
+#line 666 "ftpcmd.y"
+ {
+ yyerrok;
+ }
+ break;
+
+ case 61:
+#line 672 "ftpcmd.y"
+ {
+ restart_point = (off_t) 0;
+ if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s)) {
+ fromname = renamefrom((yyvsp[(3) - (5)].s));
+ if (fromname == (char *) 0 && (yyvsp[(3) - (5)].s)) {
+ free((yyvsp[(3) - (5)].s));
+ }
+ }
+ }
+ break;
+
+ case 62:
+#line 682 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i)) {
+ fromname = (char *) 0;
+ restart_point = (yyvsp[(3) - (5)].i); /* XXX $3 is only "int" */
+ reply(350, "Restarting at %ld. %s",
+ (long)restart_point,
+ "Send STORE or RETRIEVE to initiate transfer.");
+ }
+ }
+ break;
+
+ case 63:
+#line 692 "ftpcmd.y"
+ {
+ auth((yyvsp[(3) - (4)].s));
+ free((yyvsp[(3) - (4)].s));
+ }
+ break;
+
+ case 64:
+#line 697 "ftpcmd.y"
+ {
+ adat((yyvsp[(3) - (4)].s));
+ free((yyvsp[(3) - (4)].s));
+ }
+ break;
+
+ case 65:
+#line 702 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ pbsz((yyvsp[(3) - (5)].i));
+ }
+ break;
+
+ case 66:
+#line 707 "ftpcmd.y"
+ {
+ if ((yyvsp[(5) - (5)].i))
+ prot((yyvsp[(3) - (5)].s));
+ }
+ break;
+
+ case 67:
+#line 712 "ftpcmd.y"
+ {
+ if ((yyvsp[(3) - (3)].i))
+ ccc();
+ }
+ break;
+
+ case 68:
+#line 717 "ftpcmd.y"
+ {
+ mec((yyvsp[(3) - (4)].s), prot_safe);
+ free((yyvsp[(3) - (4)].s));
+ }
+ break;
+
+ case 69:
+#line 722 "ftpcmd.y"
+ {
+ mec((yyvsp[(3) - (4)].s), prot_confidential);
+ free((yyvsp[(3) - (4)].s));
+ }
+ break;
+
+ case 70:
+#line 727 "ftpcmd.y"
+ {
+ mec((yyvsp[(3) - (4)].s), prot_private);
+ free((yyvsp[(3) - (4)].s));
+ }
+ break;
+
+ case 72:
+#line 739 "ftpcmd.y"
+ {
+ (yyval.s) = (char *)calloc(1, sizeof(char));
+ }
+ break;
+
+ case 75:
+#line 752 "ftpcmd.y"
+ {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest;
+
+ sin4->sin_family = AF_INET;
+ sin4->sin_port = htons((yyvsp[(9) - (11)].i) * 256 + (yyvsp[(11) - (11)].i));
+ sin4->sin_addr.s_addr =
+ htonl(((yyvsp[(1) - (11)].i) << 24) | ((yyvsp[(3) - (11)].i) << 16) | ((yyvsp[(5) - (11)].i) << 8) | (yyvsp[(7) - (11)].i));
+ }
+ break;
+
+ case 76:
+#line 764 "ftpcmd.y"
+ {
+ (yyval.i) = FORM_N;
+ }
+ break;
+
+ case 77:
+#line 768 "ftpcmd.y"
+ {
+ (yyval.i) = FORM_T;
+ }
+ break;
+
+ case 78:
+#line 772 "ftpcmd.y"
+ {
+ (yyval.i) = FORM_C;
+ }
+ break;
+
+ case 79:
+#line 779 "ftpcmd.y"
+ {
+ cmd_type = TYPE_A;
+ cmd_form = FORM_N;
+ }
+ break;
+
+ case 80:
+#line 784 "ftpcmd.y"
+ {
+ cmd_type = TYPE_A;
+ cmd_form = (yyvsp[(3) - (3)].i);
+ }
+ break;
+
+ case 81:
+#line 789 "ftpcmd.y"
+ {
+ cmd_type = TYPE_E;
+ cmd_form = FORM_N;
+ }
+ break;
+
+ case 82:
+#line 794 "ftpcmd.y"
+ {
+ cmd_type = TYPE_E;
+ cmd_form = (yyvsp[(3) - (3)].i);
+ }
+ break;
+
+ case 83:
+#line 799 "ftpcmd.y"
+ {
+ cmd_type = TYPE_I;
+ }
+ break;
+
+ case 84:
+#line 803 "ftpcmd.y"
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = NBBY;
+ }
+ break;
+
+ case 85:
+#line 808 "ftpcmd.y"
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = (yyvsp[(3) - (3)].i);
+ }
+ break;
+
+ case 86:
+#line 814 "ftpcmd.y"
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = (yyvsp[(2) - (2)].i);
+ }
+ break;
+
+ case 87:
+#line 822 "ftpcmd.y"
+ {
+ (yyval.i) = STRU_F;
+ }
+ break;
+
+ case 88:
+#line 826 "ftpcmd.y"
+ {
+ (yyval.i) = STRU_R;
+ }
+ break;
+
+ case 89:
+#line 830 "ftpcmd.y"
+ {
+ (yyval.i) = STRU_P;
+ }
+ break;
+
+ case 90:
+#line 837 "ftpcmd.y"
+ {
+ (yyval.i) = MODE_S;
+ }
+ break;
+
+ case 91:
+#line 841 "ftpcmd.y"
+ {
+ (yyval.i) = MODE_B;
+ }
+ break;
+
+ case 92:
+#line 845 "ftpcmd.y"
+ {
+ (yyval.i) = MODE_C;
+ }
+ break;
+
+ case 93:
+#line 852 "ftpcmd.y"
+ {
+ /*
+ * Problem: this production is used for all pathname
+ * processing, but only gives a 550 error reply.
+ * This is a valid reply in some cases but not in others.
+ */
+ if (logged_in && (yyvsp[(1) - (1)].s) && *(yyvsp[(1) - (1)].s) == '~') {
+ glob_t gl;
+ int flags =
+ GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+ memset(&gl, 0, sizeof(gl));
+ if (glob((yyvsp[(1) - (1)].s), flags, NULL, &gl) ||
+ gl.gl_pathc == 0) {
+ reply(550, "not found");
+ (yyval.s) = NULL;
+ } else {
+ (yyval.s) = strdup(gl.gl_pathv[0]);
+ }
+ globfree(&gl);
+ free((yyvsp[(1) - (1)].s));
+ } else
+ (yyval.s) = (yyvsp[(1) - (1)].s);
+ }
+ break;
+
+ case 95:
+#line 884 "ftpcmd.y"
+ {
+ int ret, dec, multby, digit;
+
+ /*
+ * Convert a number that was read as decimal number
+ * to what it would be if it had been read as octal.
+ */
+ dec = (yyvsp[(1) - (1)].i);
+ multby = 1;
+ ret = 0;
+ while (dec) {
+ digit = dec%10;
+ if (digit > 7) {
+ ret = -1;
+ break;
+ }
+ ret += digit * multby;
+ multby *= 8;
+ dec /= 10;
+ }
+ (yyval.i) = ret;
+ }
+ break;
+
+ case 96:
+#line 910 "ftpcmd.y"
+ {
+ (yyval.i) = (yyvsp[(1) - (1)].i) && !guest;
+ if((yyvsp[(1) - (1)].i) && !(yyval.i))
+ reply(550, "Permission denied");
+ }
+ break;
+
+ case 97:
+#line 918 "ftpcmd.y"
+ {
+ if((yyvsp[(1) - (1)].i)) {
+ if(((yyval.i) = logged_in) == 0)
+ reply(530, "Please login with USER and PASS.");
+ } else
+ (yyval.i) = 0;
+ }
+ break;
+
+ case 98:
+#line 928 "ftpcmd.y"
+ {
+ (yyval.i) = 1;
+ if(sec_complete && !ccc_passed && !secure_command()) {
+ (yyval.i) = 0;
+ reply(533, "Command protection level denied "
+ "for paranoid reasons.");
+ }
+ }
+ break;
+
+
+/* Line 1267 of yacc.c. */
+#line 2778 "ftpcmd.c"
+ default: break;
+ }
+ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+
+ *++yyvsp = yyval;
+
+
+ /* Now `shift' the result of the reduction. Determine what state
+ that goes to, based on the state we popped back to and the rule
+ number reduced by. */
+
+ yyn = yyr1[yyn];
+
+ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+ yystate = yytable[yystate];
+ else
+ yystate = yydefgoto[yyn - YYNTOKENS];
+
+ goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+ /* If not already recovering from an error, report this error. */
+ if (!yyerrstatus)
+ {
+ ++yynerrs;
+#if ! YYERROR_VERBOSE
+ yyerror (YY_("syntax error"));
+#else
+ {
+ YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+ if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+ {
+ YYSIZE_T yyalloc = 2 * yysize;
+ if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+ yyalloc = YYSTACK_ALLOC_MAXIMUM;
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+ yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+ if (yymsg)
+ yymsg_alloc = yyalloc;
+ else
+ {
+ yymsg = yymsgbuf;
+ yymsg_alloc = sizeof yymsgbuf;
+ }
+ }
+
+ if (0 < yysize && yysize <= yymsg_alloc)
+ {
+ (void) yysyntax_error (yymsg, yystate, yychar);
+ yyerror (yymsg);
+ }
+ else
+ {
+ yyerror (YY_("syntax error"));
+ if (yysize != 0)
+ goto yyexhaustedlab;
+ }
+ }
+#endif
+ }
+
+
+
+ if (yyerrstatus == 3)
+ {
+ /* If just tried and failed to reuse look-ahead token after an
+ error, discard it. */
+
+ if (yychar <= YYEOF)
+ {
+ /* Return failure if at end of input. */
+ if (yychar == YYEOF)
+ YYABORT;
+ }
+ else
+ {
+ yydestruct ("Error: discarding",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
+ }
+ }
+
+ /* Else will try to reuse look-ahead token after shifting the error
+ token. */
+ goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR. |
+`---------------------------------------------------*/
+yyerrorlab:
+
+ /* Pacify compilers like GCC when the user code never invokes
+ YYERROR and the label yyerrorlab therefore never appears in user
+ code. */
+ if (/*CONSTCOND*/ 0)
+ goto yyerrorlab;
+
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYERROR. */
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+ yystate = *yyssp;
+ goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR. |
+`-------------------------------------------------------------*/
+yyerrlab1:
+ yyerrstatus = 3; /* Each real token shifted decrements this. */
+
+ for (;;)
+ {
+ yyn = yypact[yystate];
+ if (yyn != YYPACT_NINF)
+ {
+ yyn += YYTERROR;
+ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+ {
+ yyn = yytable[yyn];
+ if (0 < yyn)
+ break;
+ }
+ }
+
+ /* Pop the current state because it cannot handle the error token. */
+ if (yyssp == yyss)
+ YYABORT;
+
+
+ yydestruct ("Error: popping",
+ yystos[yystate], yyvsp);
+ YYPOPSTACK (1);
+ yystate = *yyssp;
+ YY_STACK_PRINT (yyss, yyssp);
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ *++yyvsp = yylval;
+
+
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+ yystate = yyn;
+ goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here. |
+`-------------------------------------*/
+yyacceptlab:
+ yyresult = 0;
+ goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here. |
+`-----------------------------------*/
+yyabortlab:
+ yyresult = 1;
+ goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here. |
+`-------------------------------------------------*/
+yyexhaustedlab:
+ yyerror (YY_("memory exhausted"));
+ yyresult = 2;
+ /* Fall through. */
+#endif
+
+yyreturn:
+ if (yychar != YYEOF && yychar != YYEMPTY)
+ yydestruct ("Cleanup: discarding lookahead",
+ yytoken, &yylval);
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYABORT or YYACCEPT. */
+ YYPOPSTACK (yylen);
+ YY_STACK_PRINT (yyss, yyssp);
+ while (yyssp != yyss)
+ {
+ yydestruct ("Cleanup: popping",
+ yystos[*yyssp], yyvsp);
+ YYPOPSTACK (1);
+ }
+#ifndef yyoverflow
+ if (yyss != yyssa)
+ YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+#endif
+ /* Make sure YYID is used. */
+ return YYID (yyresult);
+}
+
+
+#line 938 "ftpcmd.y"
+
+
+#define CMD 0 /* beginning of command */
+#define ARGS 1 /* expect miscellaneous arguments */
+#define STR1 2 /* expect SP followed by STRING */
+#define STR2 3 /* expect STRING */
+#define OSTR 4 /* optional SP then STRING */
+#define ZSTR1 5 /* SP then optional STRING */
+#define ZSTR2 6 /* optional STRING after SP */
+#define SITECMD 7 /* SITE command */
+#define NSTR 8 /* Number followed by a string */
+
+struct tab cmdtab[] = { /* In order defined in RFC 765 */
+ { "USER", USER, STR1, 1, "<sp> username" },
+ { "PASS", PASS, ZSTR1, 1, "<sp> password" },
+ { "ACCT", ACCT, STR1, 0, "(specify account)" },
+ { "SMNT", SMNT, ARGS, 0, "(structure mount)" },
+ { "REIN", REIN, ARGS, 0, "(reinitialize server state)" },
+ { "QUIT", QUIT, ARGS, 1, "(terminate service)", },
+ { "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4" },
+ { "EPRT", EPRT, STR1, 1, "<sp> string" },
+ { "PASV", PASV, ARGS, 1, "(set server in passive mode)" },
+ { "EPSV", EPSV, OSTR, 1, "[<sp> foo]" },
+ { "TYPE", TYPE, ARGS, 1, "<sp> [ A | E | I | L ]" },
+ { "STRU", STRU, ARGS, 1, "(specify file structure)" },
+ { "MODE", MODE, ARGS, 1, "(specify transfer mode)" },
+ { "RETR", RETR, STR1, 1, "<sp> file-name" },
+ { "STOR", STOR, STR1, 1, "<sp> file-name" },
+ { "APPE", APPE, STR1, 1, "<sp> file-name" },
+ { "MLFL", MLFL, OSTR, 0, "(mail file)" },
+ { "MAIL", MAIL, OSTR, 0, "(mail to user)" },
+ { "MSND", MSND, OSTR, 0, "(mail send to terminal)" },
+ { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" },
+ { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" },
+ { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" },
+ { "MRCP", MRCP, STR1, 0, "(mail recipient)" },
+ { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" },
+ { "REST", REST, ARGS, 1, "<sp> offset (restart command)" },
+ { "RNFR", RNFR, STR1, 1, "<sp> file-name" },
+ { "RNTO", RNTO, STR1, 1, "<sp> file-name" },
+ { "ABOR", ABOR, ARGS, 1, "(abort operation)" },
+ { "DELE", DELE, STR1, 1, "<sp> file-name" },
+ { "CWD", CWD, OSTR, 1, "[ <sp> directory-name ]" },
+ { "XCWD", CWD, OSTR, 1, "[ <sp> directory-name ]" },
+ { "LIST", LIST, OSTR, 1, "[ <sp> path-name ]" },
+ { "NLST", NLST, OSTR, 1, "[ <sp> path-name ]" },
+ { "SITE", SITE, SITECMD, 1, "site-cmd [ <sp> arguments ]" },
+ { "SYST", SYST, ARGS, 1, "(get type of operating system)" },
+ { "STAT", sTAT, OSTR, 1, "[ <sp> path-name ]" },
+ { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" },
+ { "NOOP", NOOP, ARGS, 1, "" },
+ { "MKD", MKD, STR1, 1, "<sp> path-name" },
+ { "XMKD", MKD, STR1, 1, "<sp> path-name" },
+ { "RMD", RMD, STR1, 1, "<sp> path-name" },
+ { "XRMD", RMD, STR1, 1, "<sp> path-name" },
+ { "PWD", PWD, ARGS, 1, "(return current directory)" },
+ { "XPWD", PWD, ARGS, 1, "(return current directory)" },
+ { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" },
+ { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" },
+ { "STOU", STOU, STR1, 1, "<sp> file-name" },
+ { "SIZE", SIZE, OSTR, 1, "<sp> path-name" },
+ { "MDTM", MDTM, OSTR, 1, "<sp> path-name" },
+
+ /* extensions from RFC2228 */
+ { "AUTH", AUTH, STR1, 1, "<sp> auth-type" },
+ { "ADAT", ADAT, STR1, 1, "<sp> auth-data" },
+ { "PBSZ", PBSZ, ARGS, 1, "<sp> buffer-size" },
+ { "PROT", PROT, STR1, 1, "<sp> prot-level" },
+ { "CCC", CCC, ARGS, 1, "" },
+ { "MIC", MIC, STR1, 1, "<sp> integrity command" },
+ { "CONF", CONF, STR1, 1, "<sp> confidentiality command" },
+ { "ENC", ENC, STR1, 1, "<sp> privacy command" },
+
+ /* RFC2389 */
+ { "FEAT", FEAT, ARGS, 1, "" },
+ { "OPTS", OPTS, ARGS, 1, "<sp> command [<sp> options]" },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+struct tab sitetab[] = {
+ { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" },
+ { "IDLE", IDLE, ARGS, 1, "[ <sp> maximum-idle-time ]" },
+ { "CHMOD", CHMOD, NSTR, 1, "<sp> mode <sp> file-name" },
+ { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" },
+
+ { "KAUTH", KAUTH, STR1, 1, "<sp> principal [ <sp> ticket ]" },
+ { "KLIST", KLIST, ARGS, 1, "(show ticket file)" },
+ { "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
+ { "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
+ { "AFSLOG", AFSLOG, OSTR, 1, "[<sp> cell]" },
+
+ { "LOCATE", LOCATE, STR1, 1, "<sp> globexpr" },
+ { "FIND", LOCATE, STR1, 1, "<sp> globexpr" },
+
+ { "URL", URL, ARGS, 1, "?" },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+static struct tab *
+lookup(struct tab *p, char *cmd)
+{
+
+ for (; p->name != NULL; p++)
+ if (strcmp(cmd, p->name) == 0)
+ return (p);
+ return (0);
+}
+
+/*
+ * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+char *
+ftpd_getline(char *s, int n)
+{
+ int c;
+ char *cs;
+
+ cs = s;
+
+ /* might still be data within the security MIC/CONF/ENC */
+ if(ftp_command){
+ strlcpy(s, ftp_command, n);
+ if (debug)
+ syslog(LOG_DEBUG, "command: %s", s);
+ return s;
+ }
+ while ((c = getc(stdin)) != EOF) {
+ c &= 0377;
+ if (c == IAC) {
+ if ((c = getc(stdin)) != EOF) {
+ c &= 0377;
+ switch (c) {
+ case WILL:
+ case WONT:
+ c = getc(stdin);
+ printf("%c%c%c", IAC, DONT, 0377&c);
+ fflush(stdout);
+ continue;
+ case DO:
+ case DONT:
+ c = getc(stdin);
+ printf("%c%c%c", IAC, WONT, 0377&c);
+ fflush(stdout);
+ continue;
+ case IAC:
+ break;
+ default:
+ continue; /* ignore command */
+ }
+ }
+ }
+ *cs++ = c;
+ if (--n <= 0 || c == '\n')
+ break;
+ }
+ if (c == EOF && cs == s)
+ return (NULL);
+ *cs++ = '\0';
+ if (debug) {
+ if (!guest && strncasecmp("pass ", s, 5) == 0) {
+ /* Don't syslog passwords */
+ syslog(LOG_DEBUG, "command: %.5s ???", s);
+ } else {
+ char *cp;
+ int len;
+
+ /* Don't syslog trailing CR-LF */
+ len = strlen(s);
+ cp = s + len - 1;
+ while (cp >= s && (*cp == '\n' || *cp == '\r')) {
+ --cp;
+ --len;
+ }
+ syslog(LOG_DEBUG, "command: %.*s", len, s);
+ }
+ }
+#ifdef XXX
+ fprintf(stderr, "%s\n", s);
+#endif
+ return (s);
+}
+
+static RETSIGTYPE
+toolong(int signo)
+{
+
+ reply(421,
+ "Timeout (%d seconds): closing control connection.",
+ ftpd_timeout);
+ if (logging)
+ syslog(LOG_INFO, "User %s timed out after %d seconds",
+ (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
+ dologout(1);
+ SIGRETURN(0);
+}
+
+static int
+yylex(void)
+{
+ static int cpos, state;
+ char *cp, *cp2;
+ struct tab *p;
+ int n;
+ char c;
+
+ for (;;) {
+ switch (state) {
+
+ case CMD:
+ hasyyerrored = 0;
+
+ signal(SIGALRM, toolong);
+ alarm((unsigned) ftpd_timeout);
+ if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
+ alarm(0);
+#ifdef HAVE_SETPROCTITLE
+ if (strncasecmp(cbuf, "PASS", 4) != 0)
+ setproctitle("%s: %s", proctitle, cbuf);
+#endif /* HAVE_SETPROCTITLE */
+ if ((cp = strchr(cbuf, '\r'))) {
+ *cp++ = '\n';
+ *cp = '\0';
+ }
+ if ((cp = strpbrk(cbuf, " \n")))
+ cpos = cp - cbuf;
+ if (cpos == 0)
+ cpos = 4;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ strupr(cbuf);
+ p = lookup(cmdtab, cbuf);
+ cbuf[cpos] = c;
+ if (p != 0) {
+ if (p->implemented == 0) {
+ nack(p->name);
+ hasyyerrored = 1;
+ break;
+ }
+ state = p->state;
+ yylval.s = p->name;
+ return (p->token);
+ }
+ break;
+
+ case SITECMD:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ return (SP);
+ }
+ cp = &cbuf[cpos];
+ if ((cp2 = strpbrk(cp, " \n")))
+ cpos = cp2 - cbuf;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ strupr(cp);
+ p = lookup(sitetab, cp);
+ cbuf[cpos] = c;
+ if (p != 0) {
+ if (p->implemented == 0) {
+ state = CMD;
+ nack(p->name);
+ hasyyerrored = 1;
+ break;
+ }
+ state = p->state;
+ yylval.s = p->name;
+ return (p->token);
+ }
+ state = CMD;
+ break;
+
+ case OSTR:
+ if (cbuf[cpos] == '\n') {
+ state = CMD;
+ return (CRLF);
+ }
+ /* FALLTHROUGH */
+
+ case STR1:
+ case ZSTR1:
+ dostr1:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ if(state == OSTR)
+ state = STR2;
+ else
+ state++;
+ return (SP);
+ }
+ break;
+
+ case ZSTR2:
+ if (cbuf[cpos] == '\n') {
+ state = CMD;
+ return (CRLF);
+ }
+ /* FALLTHROUGH */
+
+ case STR2:
+ cp = &cbuf[cpos];
+ n = strlen(cp);
+ cpos += n - 1;
+ /*
+ * Make sure the string is nonempty and \n terminated.
+ */
+ if (n > 1 && cbuf[cpos] == '\n') {
+ cbuf[cpos] = '\0';
+ yylval.s = copy(cp);
+ cbuf[cpos] = '\n';
+ state = ARGS;
+ return (STRING);
+ }
+ break;
+
+ case NSTR:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ return (SP);
+ }
+ if (isdigit((unsigned char)cbuf[cpos])) {
+ cp = &cbuf[cpos];
+ while (isdigit((unsigned char)cbuf[++cpos]))
+ ;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ yylval.i = atoi(cp);
+ cbuf[cpos] = c;
+ state = STR1;
+ return (NUMBER);
+ }
+ state = STR1;
+ goto dostr1;
+
+ case ARGS:
+ if (isdigit((unsigned char)cbuf[cpos])) {
+ cp = &cbuf[cpos];
+ while (isdigit((unsigned char)cbuf[++cpos]))
+ ;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ yylval.i = atoi(cp);
+ cbuf[cpos] = c;
+ return (NUMBER);
+ }
+ switch (cbuf[cpos++]) {
+
+ case '\n':
+ state = CMD;
+ return (CRLF);
+
+ case ' ':
+ return (SP);
+
+ case ',':
+ return (COMMA);
+
+ case 'A':
+ case 'a':
+ return (A);
+
+ case 'B':
+ case 'b':
+ return (B);
+
+ case 'C':
+ case 'c':
+ return (C);
+
+ case 'E':
+ case 'e':
+ return (E);
+
+ case 'F':
+ case 'f':
+ return (F);
+
+ case 'I':
+ case 'i':
+ return (I);
+
+ case 'L':
+ case 'l':
+ return (L);
+
+ case 'N':
+ case 'n':
+ return (N);
+
+ case 'P':
+ case 'p':
+ return (P);
+
+ case 'R':
+ case 'r':
+ return (R);
+
+ case 'S':
+ case 's':
+ return (S);
+
+ case 'T':
+ case 't':
+ return (T);
+
+ }
+ break;
+
+ default:
+ fatal("Unknown state in scanner.");
+ }
+ yyerror(NULL);
+ state = CMD;
+ return (0);
+ }
+}
+
+/* ARGSUSED */
+void
+yyerror(char *s)
+{
+ char *cp;
+
+ if (hasyyerrored)
+ return;
+
+ if ((cp = strchr(cbuf,'\n')))
+ *cp = '\0';
+ reply(500, "'%s': command not understood.", cbuf);
+ hasyyerrored = 1;
+}
+
+static char *
+copy(char *s)
+{
+ char *p;
+
+ p = strdup(s);
+ if (p == NULL)
+ fatal("Ran out of memory.");
+ return p;
+}
+
+static void
+help(struct tab *ctab, char *s)
+{
+ struct tab *c;
+ int width, NCMDS;
+ char *t;
+ char buf[1024];
+
+ if (ctab == sitetab)
+ t = "SITE ";
+ else
+ t = "";
+ width = 0, NCMDS = 0;
+ for (c = ctab; c->name != NULL; c++) {
+ int len = strlen(c->name);
+
+ if (len > width)
+ width = len;
+ NCMDS++;
+ }
+ width = (width + 8) &~ 7;
+ if (s == 0) {
+ int i, j, w;
+ int columns, lines;
+
+ lreply(214, "The following %scommands are recognized %s.",
+ t, "(* =>'s unimplemented)");
+ columns = 76 / width;
+ if (columns == 0)
+ columns = 1;
+ lines = (NCMDS + columns - 1) / columns;
+ for (i = 0; i < lines; i++) {
+ strlcpy (buf, " ", sizeof(buf));
+ for (j = 0; j < columns; j++) {
+ c = ctab + j * lines + i;
+ snprintf (buf + strlen(buf),
+ sizeof(buf) - strlen(buf),
+ "%s%c",
+ c->name,
+ c->implemented ? ' ' : '*');
+ if (c + lines >= &ctab[NCMDS])
+ break;
+ w = strlen(c->name) + 1;
+ while (w < width) {
+ strlcat (buf,
+ " ",
+ sizeof(buf));
+ w++;
+ }
+ }
+ lreply(214, "%s", buf);
+ }
+ reply(214, "Direct comments to kth-krb-bugs at pdc.kth.se");
+ return;
+ }
+ strupr(s);
+ c = lookup(ctab, s);
+ if (c == (struct tab *)0) {
+ reply(502, "Unknown command %s.", s);
+ return;
+ }
+ if (c->implemented)
+ reply(214, "Syntax: %s%s %s", t, c->name, c->help);
+ else
+ reply(214, "%s%-*s\t%s; unimplemented.", t, width,
+ c->name, c->help);
+}
+
+static void
+sizecmd(char *filename)
+{
+ switch (type) {
+ case TYPE_L:
+ case TYPE_I: {
+ struct stat stbuf;
+ if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
+ reply(550, "%s: not a plain file.", filename);
+ else
+ reply(213, "%lu", (unsigned long)stbuf.st_size);
+ break;
+ }
+ case TYPE_A: {
+ FILE *fin;
+ int c;
+ size_t count;
+ struct stat stbuf;
+ fin = fopen(filename, "r");
+ if (fin == NULL) {
+ perror_reply(550, filename);
+ return;
+ }
+ if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
+ reply(550, "%s: not a plain file.", filename);
+ fclose(fin);
+ return;
+ }
+
+ count = 0;
+ while((c=getc(fin)) != EOF) {
+ if (c == '\n') /* will get expanded to \r\n */
+ count++;
+ count++;
+ }
+ fclose(fin);
+
+ reply(213, "%lu", (unsigned long)count);
+ break;
+ }
+ default:
+ reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
+ }
+}
+
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.y
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.y (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpcmd.y 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1496 @@
+/* $NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $ */
+
+/*
+ * Copyright (c) 1985, 1988, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94
+ */
+
+/*
+ * Grammar for FTP commands.
+ * See RFC 959.
+ */
+
+%{
+
+#include "ftpd_locl.h"
+RCSID("$Id: ftpcmd.y,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+off_t restart_point;
+
+static int hasyyerrored;
+
+
+static int cmd_type;
+static int cmd_form;
+static int cmd_bytesz;
+char cbuf[64*1024];
+char *fromname;
+
+struct tab {
+ char *name;
+ short token;
+ short state;
+ short implemented; /* 1 if command is implemented */
+ char *help;
+};
+
+extern struct tab cmdtab[];
+extern struct tab sitetab[];
+
+static char *copy (char *);
+static void help (struct tab *, char *);
+static struct tab *
+ lookup (struct tab *, char *);
+static void sizecmd (char *);
+static RETSIGTYPE toolong (int);
+static int yylex (void);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+ int i;
+ char *s;
+}
+
+%token
+ A B C E F I
+ L N P R S T
+
+ SP CRLF COMMA
+
+ USER PASS ACCT REIN QUIT PORT
+ PASV TYPE STRU MODE RETR STOR
+ APPE MLFL MAIL MSND MSOM MSAM
+ MRSQ MRCP ALLO REST RNFR RNTO
+ ABOR DELE CWD LIST NLST SITE
+ sTAT HELP NOOP MKD RMD PWD
+ CDUP STOU SMNT SYST SIZE MDTM
+ EPRT EPSV
+
+ UMASK IDLE CHMOD
+
+ AUTH ADAT PROT PBSZ CCC MIC
+ CONF ENC
+
+ KAUTH KLIST KDESTROY KRBTKFILE AFSLOG
+ LOCATE URL
+
+ FEAT OPTS
+
+ LEXERR
+
+%token <s> STRING
+%token <i> NUMBER
+
+%type <i> check_login check_login_no_guest check_secure octal_number byte_size
+%type <i> struct_code mode_code type_code form_code
+%type <s> pathstring pathname password username
+
+%start cmd_list
+
+%%
+
+cmd_list
+ : /* empty */
+ | cmd_list cmd
+ {
+ fromname = (char *) 0;
+ restart_point = (off_t) 0;
+ }
+ | cmd_list rcmd
+ ;
+
+cmd
+ : USER SP username CRLF check_secure
+ {
+ if ($5)
+ user($3);
+ free($3);
+ }
+ | PASS SP password CRLF check_secure
+ {
+ if ($5)
+ pass($3);
+ memset ($3, 0, strlen($3));
+ free($3);
+ }
+ | PORT SP host_port CRLF check_secure
+ {
+ if ($5) {
+ usedefault = 0;
+ if (pdata >= 0) {
+ close(pdata);
+ pdata = -1;
+ }
+ reply(200, "PORT command successful.");
+ }
+ }
+ | EPRT SP STRING CRLF check_secure
+ {
+ if ($5)
+ eprt ($3);
+ free ($3);
+ }
+ | PASV CRLF check_login
+ {
+ if($3)
+ pasv ();
+ }
+ | EPSV CRLF check_login
+ {
+ if($3)
+ epsv (NULL);
+ }
+ | EPSV SP STRING CRLF check_login
+ {
+ if($5)
+ epsv ($3);
+ free ($3);
+ }
+ | TYPE SP type_code CRLF check_secure
+ {
+ if ($5) {
+ switch (cmd_type) {
+
+ case TYPE_A:
+ if (cmd_form == FORM_N) {
+ reply(200, "Type set to A.");
+ type = cmd_type;
+ form = cmd_form;
+ } else
+ reply(504, "Form must be N.");
+ break;
+
+ case TYPE_E:
+ reply(504, "Type E not implemented.");
+ break;
+
+ case TYPE_I:
+ reply(200, "Type set to I.");
+ type = cmd_type;
+ break;
+
+ case TYPE_L:
+#if NBBY == 8
+ if (cmd_bytesz == 8) {
+ reply(200,
+ "Type set to L (byte size 8).");
+ type = cmd_type;
+ } else
+ reply(504, "Byte size must be 8.");
+#else /* NBBY == 8 */
+ UNIMPLEMENTED for NBBY != 8
+#endif /* NBBY == 8 */
+ }
+ }
+ }
+ | STRU SP struct_code CRLF check_secure
+ {
+ if ($5) {
+ switch ($3) {
+
+ case STRU_F:
+ reply(200, "STRU F ok.");
+ break;
+
+ default:
+ reply(504, "Unimplemented STRU type.");
+ }
+ }
+ }
+ | MODE SP mode_code CRLF check_secure
+ {
+ if ($5) {
+ switch ($3) {
+
+ case MODE_S:
+ reply(200, "MODE S ok.");
+ break;
+
+ default:
+ reply(502, "Unimplemented MODE type.");
+ }
+ }
+ }
+ | ALLO SP NUMBER CRLF check_secure
+ {
+ if ($5) {
+ reply(202, "ALLO command ignored.");
+ }
+ }
+ | ALLO SP NUMBER SP R SP NUMBER CRLF check_secure
+ {
+ if ($9) {
+ reply(202, "ALLO command ignored.");
+ }
+ }
+ | RETR SP pathname CRLF check_login
+ {
+ char *name = $3;
+
+ if ($5 && name != NULL)
+ retrieve(0, name);
+ if (name != NULL)
+ free(name);
+ }
+ | STOR SP pathname CRLF check_login
+ {
+ char *name = $3;
+
+ if ($5 && name != NULL)
+ do_store(name, "w", 0);
+ if (name != NULL)
+ free(name);
+ }
+ | APPE SP pathname CRLF check_login
+ {
+ char *name = $3;
+
+ if ($5 && name != NULL)
+ do_store(name, "a", 0);
+ if (name != NULL)
+ free(name);
+ }
+ | NLST CRLF check_login
+ {
+ if ($3)
+ send_file_list(".");
+ }
+ | NLST SP STRING CRLF check_login
+ {
+ char *name = $3;
+
+ if ($5 && name != NULL)
+ send_file_list(name);
+ if (name != NULL)
+ free(name);
+ }
+ | LIST CRLF check_login
+ {
+ if($3)
+ list_file(".");
+ }
+ | LIST SP pathname CRLF check_login
+ {
+ if($5)
+ list_file($3);
+ free($3);
+ }
+ | sTAT SP pathname CRLF check_login
+ {
+ if ($5 && $3 != NULL)
+ statfilecmd($3);
+ if ($3 != NULL)
+ free($3);
+ }
+ | sTAT CRLF check_secure
+ {
+ if ($3)
+ statcmd();
+ }
+ | DELE SP pathname CRLF check_login_no_guest
+ {
+ if ($5 && $3 != NULL)
+ do_delete($3);
+ if ($3 != NULL)
+ free($3);
+ }
+ | RNTO SP pathname CRLF check_login_no_guest
+ {
+ if($5){
+ if (fromname) {
+ renamecmd(fromname, $3);
+ free(fromname);
+ fromname = (char *) 0;
+ } else {
+ reply(503, "Bad sequence of commands.");
+ }
+ }
+ if ($3 != NULL)
+ free($3);
+ }
+ | ABOR CRLF check_secure
+ {
+ if ($3)
+ reply(225, "ABOR command successful.");
+ }
+ | CWD CRLF check_login
+ {
+ if ($3)
+ cwd(pw->pw_dir);
+ }
+ | CWD SP pathname CRLF check_login
+ {
+ if ($5 && $3 != NULL)
+ cwd($3);
+ if ($3 != NULL)
+ free($3);
+ }
+ | HELP CRLF check_secure
+ {
+ if ($3)
+ help(cmdtab, (char *) 0);
+ }
+ | HELP SP STRING CRLF check_secure
+ {
+ if ($5) {
+ char *cp = $3;
+
+ if (strncasecmp(cp, "SITE", 4) == 0) {
+ cp = $3 + 4;
+ if (*cp == ' ')
+ cp++;
+ if (*cp)
+ help(sitetab, cp);
+ else
+ help(sitetab, (char *) 0);
+ } else
+ help(cmdtab, $3);
+ }
+ }
+ | NOOP CRLF check_secure
+ {
+ if ($3)
+ reply(200, "NOOP command successful.");
+ }
+ | MKD SP pathname CRLF check_login
+ {
+ if ($5 && $3 != NULL)
+ makedir($3);
+ if ($3 != NULL)
+ free($3);
+ }
+ | RMD SP pathname CRLF check_login_no_guest
+ {
+ if ($5 && $3 != NULL)
+ removedir($3);
+ if ($3 != NULL)
+ free($3);
+ }
+ | PWD CRLF check_login
+ {
+ if ($3)
+ pwd();
+ }
+ | CDUP CRLF check_login
+ {
+ if ($3)
+ cwd("..");
+ }
+ | FEAT CRLF check_secure
+ {
+ if ($3) {
+ lreply(211, "Supported features:");
+ lreply(0, " MDTM");
+ lreply(0, " REST STREAM");
+ lreply(0, " SIZE");
+ reply(211, "End");
+ }
+ }
+ | OPTS SP STRING CRLF check_secure
+ {
+ if ($5)
+ reply(501, "Bad options");
+ free ($3);
+ }
+
+ | SITE SP HELP CRLF check_secure
+ {
+ if ($5)
+ help(sitetab, (char *) 0);
+ }
+ | SITE SP HELP SP STRING CRLF check_secure
+ {
+ if ($7)
+ help(sitetab, $5);
+ }
+ | SITE SP UMASK CRLF check_login
+ {
+ if ($5) {
+ int oldmask = umask(0);
+ umask(oldmask);
+ reply(200, "Current UMASK is %03o", oldmask);
+ }
+ }
+ | SITE SP UMASK SP octal_number CRLF check_login_no_guest
+ {
+ if ($7) {
+ if (($5 == -1) || ($5 > 0777)) {
+ reply(501, "Bad UMASK value");
+ } else {
+ int oldmask = umask($5);
+ reply(200,
+ "UMASK set to %03o (was %03o)",
+ $5, oldmask);
+ }
+ }
+ }
+ | SITE SP CHMOD SP octal_number SP pathname CRLF check_login_no_guest
+ {
+ if ($9 && $7 != NULL) {
+ if ($5 > 0777)
+ reply(501,
+ "CHMOD: Mode value must be between 0 and 0777");
+ else if (chmod($7, $5) < 0)
+ perror_reply(550, $7);
+ else
+ reply(200, "CHMOD command successful.");
+ }
+ if ($7 != NULL)
+ free($7);
+ }
+ | SITE SP IDLE CRLF check_secure
+ {
+ if ($5)
+ reply(200,
+ "Current IDLE time limit is %d seconds; max %d",
+ ftpd_timeout, maxtimeout);
+ }
+ | SITE SP IDLE SP NUMBER CRLF check_secure
+ {
+ if ($7) {
+ if ($5 < 30 || $5 > maxtimeout) {
+ reply(501,
+ "Maximum IDLE time must be between 30 and %d seconds",
+ maxtimeout);
+ } else {
+ ftpd_timeout = $5;
+ alarm((unsigned) ftpd_timeout);
+ reply(200,
+ "Maximum IDLE time set to %d seconds",
+ ftpd_timeout);
+ }
+ }
+ }
+
+ | SITE SP KAUTH SP STRING CRLF check_login
+ {
+#ifdef KRB4
+ char *p;
+
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else{
+ if($7 && $5 != NULL){
+ p = strpbrk($5, " \t");
+ if(p){
+ *p++ = 0;
+ kauth($5, p + strspn(p, " \t"));
+ }else
+ kauth($5, NULL);
+ }
+ }
+ if($5 != NULL)
+ free($5);
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ | SITE SP KLIST CRLF check_login
+ {
+ if($5)
+ klist();
+ }
+ | SITE SP KDESTROY CRLF check_login
+ {
+#ifdef KRB4
+ if($5)
+ kdestroy();
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ | SITE SP KRBTKFILE SP STRING CRLF check_login
+ {
+#ifdef KRB4
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else if($7 && $5)
+ krbtkfile($5);
+ if($5)
+ free($5);
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ | SITE SP AFSLOG CRLF check_login
+ {
+#if defined(KRB4) || defined(KRB5)
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else if($5)
+ afslog(NULL, 0);
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ | SITE SP AFSLOG SP STRING CRLF check_login
+ {
+#if defined(KRB4) || defined(KRB5)
+ if(guest)
+ reply(500, "Can't be done as guest.");
+ else if($7)
+ afslog($5, 0);
+ if($5)
+ free($5);
+#else
+ reply(500, "Command not implemented.");
+#endif
+ }
+ | SITE SP LOCATE SP STRING CRLF check_login
+ {
+ if($7 && $5 != NULL)
+ find($5);
+ if($5 != NULL)
+ free($5);
+ }
+ | SITE SP URL CRLF check_secure
+ {
+ if ($5)
+ reply(200, "http://www.pdc.kth.se/heimdal/");
+ }
+ | STOU SP pathname CRLF check_login
+ {
+ if ($5 && $3 != NULL)
+ do_store($3, "w", 1);
+ if ($3 != NULL)
+ free($3);
+ }
+ | SYST CRLF check_secure
+ {
+ if ($3) {
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+ reply(215, "UNIX Type: L%d", NBBY);
+#else
+ reply(215, "UNKNOWN Type: L%d", NBBY);
+#endif
+ }
+ }
+
+ /*
+ * SIZE is not in RFC959, but Postel has blessed it and
+ * it will be in the updated RFC.
+ *
+ * Return size of file in a format suitable for
+ * using with RESTART (we just count bytes).
+ */
+ | SIZE SP pathname CRLF check_login
+ {
+ if ($5 && $3 != NULL)
+ sizecmd($3);
+ if ($3 != NULL)
+ free($3);
+ }
+
+ /*
+ * MDTM is not in RFC959, but Postel has blessed it and
+ * it will be in the updated RFC.
+ *
+ * Return modification time of file as an ISO 3307
+ * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx
+ * where xxx is the fractional second (of any precision,
+ * not necessarily 3 digits)
+ */
+ | MDTM SP pathname CRLF check_login
+ {
+ if ($5 && $3 != NULL) {
+ struct stat stbuf;
+ if (stat($3, &stbuf) < 0)
+ reply(550, "%s: %s",
+ $3, strerror(errno));
+ else if (!S_ISREG(stbuf.st_mode)) {
+ reply(550,
+ "%s: not a plain file.", $3);
+ } else {
+ struct tm *t;
+ time_t mtime = stbuf.st_mtime;
+
+ t = gmtime(&mtime);
+ reply(213,
+ "%04d%02d%02d%02d%02d%02d",
+ t->tm_year + 1900,
+ t->tm_mon + 1,
+ t->tm_mday,
+ t->tm_hour,
+ t->tm_min,
+ t->tm_sec);
+ }
+ }
+ if ($3 != NULL)
+ free($3);
+ }
+ | QUIT CRLF check_secure
+ {
+ if ($3) {
+ reply(221, "Goodbye.");
+ dologout(0);
+ }
+ }
+ | error CRLF
+ {
+ yyerrok;
+ }
+ ;
+rcmd
+ : RNFR SP pathname CRLF check_login_no_guest
+ {
+ restart_point = (off_t) 0;
+ if ($5 && $3) {
+ fromname = renamefrom($3);
+ if (fromname == (char *) 0 && $3) {
+ free($3);
+ }
+ }
+ }
+ | REST SP byte_size CRLF check_secure
+ {
+ if ($5) {
+ fromname = (char *) 0;
+ restart_point = $3; /* XXX $3 is only "int" */
+ reply(350, "Restarting at %ld. %s",
+ (long)restart_point,
+ "Send STORE or RETRIEVE to initiate transfer.");
+ }
+ }
+ | AUTH SP STRING CRLF
+ {
+ auth($3);
+ free($3);
+ }
+ | ADAT SP STRING CRLF
+ {
+ adat($3);
+ free($3);
+ }
+ | PBSZ SP NUMBER CRLF check_secure
+ {
+ if ($5)
+ pbsz($3);
+ }
+ | PROT SP STRING CRLF check_secure
+ {
+ if ($5)
+ prot($3);
+ }
+ | CCC CRLF check_secure
+ {
+ if ($3)
+ ccc();
+ }
+ | MIC SP STRING CRLF
+ {
+ mec($3, prot_safe);
+ free($3);
+ }
+ | CONF SP STRING CRLF
+ {
+ mec($3, prot_confidential);
+ free($3);
+ }
+ | ENC SP STRING CRLF
+ {
+ mec($3, prot_private);
+ free($3);
+ }
+ ;
+
+username
+ : STRING
+ ;
+
+password
+ : /* empty */
+ {
+ $$ = (char *)calloc(1, sizeof(char));
+ }
+ | STRING
+ ;
+
+byte_size
+ : NUMBER
+ ;
+
+host_port
+ : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
+ NUMBER COMMA NUMBER
+ {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest;
+
+ sin4->sin_family = AF_INET;
+ sin4->sin_port = htons($9 * 256 + $11);
+ sin4->sin_addr.s_addr =
+ htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
+ }
+ ;
+
+form_code
+ : N
+ {
+ $$ = FORM_N;
+ }
+ | T
+ {
+ $$ = FORM_T;
+ }
+ | C
+ {
+ $$ = FORM_C;
+ }
+ ;
+
+type_code
+ : A
+ {
+ cmd_type = TYPE_A;
+ cmd_form = FORM_N;
+ }
+ | A SP form_code
+ {
+ cmd_type = TYPE_A;
+ cmd_form = $3;
+ }
+ | E
+ {
+ cmd_type = TYPE_E;
+ cmd_form = FORM_N;
+ }
+ | E SP form_code
+ {
+ cmd_type = TYPE_E;
+ cmd_form = $3;
+ }
+ | I
+ {
+ cmd_type = TYPE_I;
+ }
+ | L
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = NBBY;
+ }
+ | L SP byte_size
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = $3;
+ }
+ /* this is for a bug in the BBN ftp */
+ | L byte_size
+ {
+ cmd_type = TYPE_L;
+ cmd_bytesz = $2;
+ }
+ ;
+
+struct_code
+ : F
+ {
+ $$ = STRU_F;
+ }
+ | R
+ {
+ $$ = STRU_R;
+ }
+ | P
+ {
+ $$ = STRU_P;
+ }
+ ;
+
+mode_code
+ : S
+ {
+ $$ = MODE_S;
+ }
+ | B
+ {
+ $$ = MODE_B;
+ }
+ | C
+ {
+ $$ = MODE_C;
+ }
+ ;
+
+pathname
+ : pathstring
+ {
+ /*
+ * Problem: this production is used for all pathname
+ * processing, but only gives a 550 error reply.
+ * This is a valid reply in some cases but not in others.
+ */
+ if (logged_in && $1 && *$1 == '~') {
+ glob_t gl;
+ int flags =
+ GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+ memset(&gl, 0, sizeof(gl));
+ if (glob($1, flags, NULL, &gl) ||
+ gl.gl_pathc == 0) {
+ reply(550, "not found");
+ $$ = NULL;
+ } else {
+ $$ = strdup(gl.gl_pathv[0]);
+ }
+ globfree(&gl);
+ free($1);
+ } else
+ $$ = $1;
+ }
+ ;
+
+pathstring
+ : STRING
+ ;
+
+octal_number
+ : NUMBER
+ {
+ int ret, dec, multby, digit;
+
+ /*
+ * Convert a number that was read as decimal number
+ * to what it would be if it had been read as octal.
+ */
+ dec = $1;
+ multby = 1;
+ ret = 0;
+ while (dec) {
+ digit = dec%10;
+ if (digit > 7) {
+ ret = -1;
+ break;
+ }
+ ret += digit * multby;
+ multby *= 8;
+ dec /= 10;
+ }
+ $$ = ret;
+ }
+ ;
+
+
+check_login_no_guest : check_login
+ {
+ $$ = $1 && !guest;
+ if($1 && !$$)
+ reply(550, "Permission denied");
+ }
+ ;
+
+check_login : check_secure
+ {
+ if($1) {
+ if(($$ = logged_in) == 0)
+ reply(530, "Please login with USER and PASS.");
+ } else
+ $$ = 0;
+ }
+ ;
+
+check_secure : /* empty */
+ {
+ $$ = 1;
+ if(sec_complete && !ccc_passed && !secure_command()) {
+ $$ = 0;
+ reply(533, "Command protection level denied "
+ "for paranoid reasons.");
+ }
+ }
+ ;
+
+%%
+
+#define CMD 0 /* beginning of command */
+#define ARGS 1 /* expect miscellaneous arguments */
+#define STR1 2 /* expect SP followed by STRING */
+#define STR2 3 /* expect STRING */
+#define OSTR 4 /* optional SP then STRING */
+#define ZSTR1 5 /* SP then optional STRING */
+#define ZSTR2 6 /* optional STRING after SP */
+#define SITECMD 7 /* SITE command */
+#define NSTR 8 /* Number followed by a string */
+
+struct tab cmdtab[] = { /* In order defined in RFC 765 */
+ { "USER", USER, STR1, 1, "<sp> username" },
+ { "PASS", PASS, ZSTR1, 1, "<sp> password" },
+ { "ACCT", ACCT, STR1, 0, "(specify account)" },
+ { "SMNT", SMNT, ARGS, 0, "(structure mount)" },
+ { "REIN", REIN, ARGS, 0, "(reinitialize server state)" },
+ { "QUIT", QUIT, ARGS, 1, "(terminate service)", },
+ { "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4" },
+ { "EPRT", EPRT, STR1, 1, "<sp> string" },
+ { "PASV", PASV, ARGS, 1, "(set server in passive mode)" },
+ { "EPSV", EPSV, OSTR, 1, "[<sp> foo]" },
+ { "TYPE", TYPE, ARGS, 1, "<sp> [ A | E | I | L ]" },
+ { "STRU", STRU, ARGS, 1, "(specify file structure)" },
+ { "MODE", MODE, ARGS, 1, "(specify transfer mode)" },
+ { "RETR", RETR, STR1, 1, "<sp> file-name" },
+ { "STOR", STOR, STR1, 1, "<sp> file-name" },
+ { "APPE", APPE, STR1, 1, "<sp> file-name" },
+ { "MLFL", MLFL, OSTR, 0, "(mail file)" },
+ { "MAIL", MAIL, OSTR, 0, "(mail to user)" },
+ { "MSND", MSND, OSTR, 0, "(mail send to terminal)" },
+ { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" },
+ { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" },
+ { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" },
+ { "MRCP", MRCP, STR1, 0, "(mail recipient)" },
+ { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" },
+ { "REST", REST, ARGS, 1, "<sp> offset (restart command)" },
+ { "RNFR", RNFR, STR1, 1, "<sp> file-name" },
+ { "RNTO", RNTO, STR1, 1, "<sp> file-name" },
+ { "ABOR", ABOR, ARGS, 1, "(abort operation)" },
+ { "DELE", DELE, STR1, 1, "<sp> file-name" },
+ { "CWD", CWD, OSTR, 1, "[ <sp> directory-name ]" },
+ { "XCWD", CWD, OSTR, 1, "[ <sp> directory-name ]" },
+ { "LIST", LIST, OSTR, 1, "[ <sp> path-name ]" },
+ { "NLST", NLST, OSTR, 1, "[ <sp> path-name ]" },
+ { "SITE", SITE, SITECMD, 1, "site-cmd [ <sp> arguments ]" },
+ { "SYST", SYST, ARGS, 1, "(get type of operating system)" },
+ { "STAT", sTAT, OSTR, 1, "[ <sp> path-name ]" },
+ { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" },
+ { "NOOP", NOOP, ARGS, 1, "" },
+ { "MKD", MKD, STR1, 1, "<sp> path-name" },
+ { "XMKD", MKD, STR1, 1, "<sp> path-name" },
+ { "RMD", RMD, STR1, 1, "<sp> path-name" },
+ { "XRMD", RMD, STR1, 1, "<sp> path-name" },
+ { "PWD", PWD, ARGS, 1, "(return current directory)" },
+ { "XPWD", PWD, ARGS, 1, "(return current directory)" },
+ { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" },
+ { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" },
+ { "STOU", STOU, STR1, 1, "<sp> file-name" },
+ { "SIZE", SIZE, OSTR, 1, "<sp> path-name" },
+ { "MDTM", MDTM, OSTR, 1, "<sp> path-name" },
+
+ /* extensions from RFC2228 */
+ { "AUTH", AUTH, STR1, 1, "<sp> auth-type" },
+ { "ADAT", ADAT, STR1, 1, "<sp> auth-data" },
+ { "PBSZ", PBSZ, ARGS, 1, "<sp> buffer-size" },
+ { "PROT", PROT, STR1, 1, "<sp> prot-level" },
+ { "CCC", CCC, ARGS, 1, "" },
+ { "MIC", MIC, STR1, 1, "<sp> integrity command" },
+ { "CONF", CONF, STR1, 1, "<sp> confidentiality command" },
+ { "ENC", ENC, STR1, 1, "<sp> privacy command" },
+
+ /* RFC2389 */
+ { "FEAT", FEAT, ARGS, 1, "" },
+ { "OPTS", OPTS, ARGS, 1, "<sp> command [<sp> options]" },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+struct tab sitetab[] = {
+ { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" },
+ { "IDLE", IDLE, ARGS, 1, "[ <sp> maximum-idle-time ]" },
+ { "CHMOD", CHMOD, NSTR, 1, "<sp> mode <sp> file-name" },
+ { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" },
+
+ { "KAUTH", KAUTH, STR1, 1, "<sp> principal [ <sp> ticket ]" },
+ { "KLIST", KLIST, ARGS, 1, "(show ticket file)" },
+ { "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" },
+ { "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
+ { "AFSLOG", AFSLOG, OSTR, 1, "[<sp> cell]" },
+
+ { "LOCATE", LOCATE, STR1, 1, "<sp> globexpr" },
+ { "FIND", LOCATE, STR1, 1, "<sp> globexpr" },
+
+ { "URL", URL, ARGS, 1, "?" },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+static struct tab *
+lookup(struct tab *p, char *cmd)
+{
+
+ for (; p->name != NULL; p++)
+ if (strcmp(cmd, p->name) == 0)
+ return (p);
+ return (0);
+}
+
+/*
+ * ftpd_getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+char *
+ftpd_getline(char *s, int n)
+{
+ int c;
+ char *cs;
+
+ cs = s;
+
+ /* might still be data within the security MIC/CONF/ENC */
+ if(ftp_command){
+ strlcpy(s, ftp_command, n);
+ if (debug)
+ syslog(LOG_DEBUG, "command: %s", s);
+ return s;
+ }
+ while ((c = getc(stdin)) != EOF) {
+ c &= 0377;
+ if (c == IAC) {
+ if ((c = getc(stdin)) != EOF) {
+ c &= 0377;
+ switch (c) {
+ case WILL:
+ case WONT:
+ c = getc(stdin);
+ printf("%c%c%c", IAC, DONT, 0377&c);
+ fflush(stdout);
+ continue;
+ case DO:
+ case DONT:
+ c = getc(stdin);
+ printf("%c%c%c", IAC, WONT, 0377&c);
+ fflush(stdout);
+ continue;
+ case IAC:
+ break;
+ default:
+ continue; /* ignore command */
+ }
+ }
+ }
+ *cs++ = c;
+ if (--n <= 0 || c == '\n')
+ break;
+ }
+ if (c == EOF && cs == s)
+ return (NULL);
+ *cs++ = '\0';
+ if (debug) {
+ if (!guest && strncasecmp("pass ", s, 5) == 0) {
+ /* Don't syslog passwords */
+ syslog(LOG_DEBUG, "command: %.5s ???", s);
+ } else {
+ char *cp;
+ int len;
+
+ /* Don't syslog trailing CR-LF */
+ len = strlen(s);
+ cp = s + len - 1;
+ while (cp >= s && (*cp == '\n' || *cp == '\r')) {
+ --cp;
+ --len;
+ }
+ syslog(LOG_DEBUG, "command: %.*s", len, s);
+ }
+ }
+#ifdef XXX
+ fprintf(stderr, "%s\n", s);
+#endif
+ return (s);
+}
+
+static RETSIGTYPE
+toolong(int signo)
+{
+
+ reply(421,
+ "Timeout (%d seconds): closing control connection.",
+ ftpd_timeout);
+ if (logging)
+ syslog(LOG_INFO, "User %s timed out after %d seconds",
+ (pw ? pw -> pw_name : "unknown"), ftpd_timeout);
+ dologout(1);
+ SIGRETURN(0);
+}
+
+static int
+yylex(void)
+{
+ static int cpos, state;
+ char *cp, *cp2;
+ struct tab *p;
+ int n;
+ char c;
+
+ for (;;) {
+ switch (state) {
+
+ case CMD:
+ hasyyerrored = 0;
+
+ signal(SIGALRM, toolong);
+ alarm((unsigned) ftpd_timeout);
+ if (ftpd_getline(cbuf, sizeof(cbuf)-1) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
+ alarm(0);
+#ifdef HAVE_SETPROCTITLE
+ if (strncasecmp(cbuf, "PASS", 4) != 0)
+ setproctitle("%s: %s", proctitle, cbuf);
+#endif /* HAVE_SETPROCTITLE */
+ if ((cp = strchr(cbuf, '\r'))) {
+ *cp++ = '\n';
+ *cp = '\0';
+ }
+ if ((cp = strpbrk(cbuf, " \n")))
+ cpos = cp - cbuf;
+ if (cpos == 0)
+ cpos = 4;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ strupr(cbuf);
+ p = lookup(cmdtab, cbuf);
+ cbuf[cpos] = c;
+ if (p != 0) {
+ if (p->implemented == 0) {
+ nack(p->name);
+ hasyyerrored = 1;
+ break;
+ }
+ state = p->state;
+ yylval.s = p->name;
+ return (p->token);
+ }
+ break;
+
+ case SITECMD:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ return (SP);
+ }
+ cp = &cbuf[cpos];
+ if ((cp2 = strpbrk(cp, " \n")))
+ cpos = cp2 - cbuf;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ strupr(cp);
+ p = lookup(sitetab, cp);
+ cbuf[cpos] = c;
+ if (p != 0) {
+ if (p->implemented == 0) {
+ state = CMD;
+ nack(p->name);
+ hasyyerrored = 1;
+ break;
+ }
+ state = p->state;
+ yylval.s = p->name;
+ return (p->token);
+ }
+ state = CMD;
+ break;
+
+ case OSTR:
+ if (cbuf[cpos] == '\n') {
+ state = CMD;
+ return (CRLF);
+ }
+ /* FALLTHROUGH */
+
+ case STR1:
+ case ZSTR1:
+ dostr1:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ if(state == OSTR)
+ state = STR2;
+ else
+ state++;
+ return (SP);
+ }
+ break;
+
+ case ZSTR2:
+ if (cbuf[cpos] == '\n') {
+ state = CMD;
+ return (CRLF);
+ }
+ /* FALLTHROUGH */
+
+ case STR2:
+ cp = &cbuf[cpos];
+ n = strlen(cp);
+ cpos += n - 1;
+ /*
+ * Make sure the string is nonempty and \n terminated.
+ */
+ if (n > 1 && cbuf[cpos] == '\n') {
+ cbuf[cpos] = '\0';
+ yylval.s = copy(cp);
+ cbuf[cpos] = '\n';
+ state = ARGS;
+ return (STRING);
+ }
+ break;
+
+ case NSTR:
+ if (cbuf[cpos] == ' ') {
+ cpos++;
+ return (SP);
+ }
+ if (isdigit((unsigned char)cbuf[cpos])) {
+ cp = &cbuf[cpos];
+ while (isdigit((unsigned char)cbuf[++cpos]))
+ ;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ yylval.i = atoi(cp);
+ cbuf[cpos] = c;
+ state = STR1;
+ return (NUMBER);
+ }
+ state = STR1;
+ goto dostr1;
+
+ case ARGS:
+ if (isdigit((unsigned char)cbuf[cpos])) {
+ cp = &cbuf[cpos];
+ while (isdigit((unsigned char)cbuf[++cpos]))
+ ;
+ c = cbuf[cpos];
+ cbuf[cpos] = '\0';
+ yylval.i = atoi(cp);
+ cbuf[cpos] = c;
+ return (NUMBER);
+ }
+ switch (cbuf[cpos++]) {
+
+ case '\n':
+ state = CMD;
+ return (CRLF);
+
+ case ' ':
+ return (SP);
+
+ case ',':
+ return (COMMA);
+
+ case 'A':
+ case 'a':
+ return (A);
+
+ case 'B':
+ case 'b':
+ return (B);
+
+ case 'C':
+ case 'c':
+ return (C);
+
+ case 'E':
+ case 'e':
+ return (E);
+
+ case 'F':
+ case 'f':
+ return (F);
+
+ case 'I':
+ case 'i':
+ return (I);
+
+ case 'L':
+ case 'l':
+ return (L);
+
+ case 'N':
+ case 'n':
+ return (N);
+
+ case 'P':
+ case 'p':
+ return (P);
+
+ case 'R':
+ case 'r':
+ return (R);
+
+ case 'S':
+ case 's':
+ return (S);
+
+ case 'T':
+ case 't':
+ return (T);
+
+ }
+ break;
+
+ default:
+ fatal("Unknown state in scanner.");
+ }
+ yyerror(NULL);
+ state = CMD;
+ return (0);
+ }
+}
+
+/* ARGSUSED */
+void
+yyerror(char *s)
+{
+ char *cp;
+
+ if (hasyyerrored)
+ return;
+
+ if ((cp = strchr(cbuf,'\n')))
+ *cp = '\0';
+ reply(500, "'%s': command not understood.", cbuf);
+ hasyyerrored = 1;
+}
+
+static char *
+copy(char *s)
+{
+ char *p;
+
+ p = strdup(s);
+ if (p == NULL)
+ fatal("Ran out of memory.");
+ return p;
+}
+
+static void
+help(struct tab *ctab, char *s)
+{
+ struct tab *c;
+ int width, NCMDS;
+ char *t;
+ char buf[1024];
+
+ if (ctab == sitetab)
+ t = "SITE ";
+ else
+ t = "";
+ width = 0, NCMDS = 0;
+ for (c = ctab; c->name != NULL; c++) {
+ int len = strlen(c->name);
+
+ if (len > width)
+ width = len;
+ NCMDS++;
+ }
+ width = (width + 8) &~ 7;
+ if (s == 0) {
+ int i, j, w;
+ int columns, lines;
+
+ lreply(214, "The following %scommands are recognized %s.",
+ t, "(* =>'s unimplemented)");
+ columns = 76 / width;
+ if (columns == 0)
+ columns = 1;
+ lines = (NCMDS + columns - 1) / columns;
+ for (i = 0; i < lines; i++) {
+ strlcpy (buf, " ", sizeof(buf));
+ for (j = 0; j < columns; j++) {
+ c = ctab + j * lines + i;
+ snprintf (buf + strlen(buf),
+ sizeof(buf) - strlen(buf),
+ "%s%c",
+ c->name,
+ c->implemented ? ' ' : '*');
+ if (c + lines >= &ctab[NCMDS])
+ break;
+ w = strlen(c->name) + 1;
+ while (w < width) {
+ strlcat (buf,
+ " ",
+ sizeof(buf));
+ w++;
+ }
+ }
+ lreply(214, "%s", buf);
+ }
+ reply(214, "Direct comments to kth-krb-bugs at pdc.kth.se");
+ return;
+ }
+ strupr(s);
+ c = lookup(ctab, s);
+ if (c == (struct tab *)0) {
+ reply(502, "Unknown command %s.", s);
+ return;
+ }
+ if (c->implemented)
+ reply(214, "Syntax: %s%s %s", t, c->name, c->help);
+ else
+ reply(214, "%s%-*s\t%s; unimplemented.", t, width,
+ c->name, c->help);
+}
+
+static void
+sizecmd(char *filename)
+{
+ switch (type) {
+ case TYPE_L:
+ case TYPE_I: {
+ struct stat stbuf;
+ if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode))
+ reply(550, "%s: not a plain file.", filename);
+ else
+ reply(213, "%lu", (unsigned long)stbuf.st_size);
+ break;
+ }
+ case TYPE_A: {
+ FILE *fin;
+ int c;
+ size_t count;
+ struct stat stbuf;
+ fin = fopen(filename, "r");
+ if (fin == NULL) {
+ perror_reply(550, filename);
+ return;
+ }
+ if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) {
+ reply(550, "%s: not a plain file.", filename);
+ fclose(fin);
+ return;
+ }
+
+ count = 0;
+ while((c=getc(fin)) != EOF) {
+ if (c == '\n') /* will get expanded to \r\n */
+ count++;
+ count++;
+ }
+ fclose(fin);
+
+ reply(213, "%lu", (unsigned long)count);
+ break;
+ }
+ default:
+ reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.8
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.8 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,503 @@
+.\" $NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $
+.\"
+.\" Copyright (c) 1985, 1988, 1991, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
+.\"
+.Dd July 19, 2003
+.Dt FTPD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm ftpd
+.Nd Internet File Transfer Protocol server
+.Sh SYNOPSIS
+.Nm
+.Op Fl a Ar authmode
+.Op Fl dilvU
+.Op Fl g Ar umask
+.Op Fl p Ar port
+.Op Fl T Ar maxtimeout
+.Op Fl t Ar timeout
+.Op Fl -gss-bindings
+.Op Fl I | Fl -no-insecure-oob
+.Op Fl u Ar default umask
+.Op Fl B | Fl -builtin-ls
+.Op Fl -good-chars= Ns Ar string
+.Sh DESCRIPTION
+.Nm Ftpd
+is the
+Internet File Transfer Protocol
+server process. The server uses the
+.Tn TCP
+protocol
+and listens at the port specified in the
+.Dq ftp
+service specification; see
+.Xr services 5 .
+.Pp
+Available options:
+.Bl -tag -width Ds
+.It Fl a
+Select the level of authentication required. Kerberised login can not
+be turned off. The default is to only allow kerberised login. Other
+possibilities can be turned on by giving a string of comma separated
+flags as argument to
+.Fl a .
+Recognised flags are:
+.Bl -tag -width plain
+.It Ar plain
+Allow logging in with plaintext password. The password can be a(n) OTP
+or an ordinary password.
+.It Ar otp
+Same as
+.Ar plain ,
+but only OTP is allowed.
+.It Ar ftp
+Allow anonymous login.
+.El
+.Pp
+The following combination modes exists for backwards compatibility:
+.Bl -tag -width plain
+.It Ar none
+Same as
+.Ar plain,ftp .
+.It Ar safe
+Same as
+.Ar ftp .
+.It Ar user
+Ignored.
+.El
+.It Fl d
+Debugging information is written to the syslog using LOG_FTP.
+.It Fl g
+Anonymous users will get a umask of
+.Ar umask .
+.It Fl -gss-bindings
+require the peer to use GSS-API bindings (ie make sure IP addresses match).
+.It Fl i
+Open a socket and wait for a connection. This is mainly used for
+debugging when ftpd isn't started by inetd.
+.It Fl l
+Each successful and failed
+.Xr ftp 1
+session is logged using syslog with a facility of LOG_FTP.
+If this option is specified twice, the retrieve (get), store (put), append,
+delete, make directory, remove directory and rename operations and
+their filename arguments are also logged.
+.It Fl p
+Use
+.Ar port
+(a service name or number) instead of the default
+.Ar ftp/tcp .
+.It Fl T
+A client may also request a different timeout period;
+the maximum period allowed may be set to
+.Ar timeout
+seconds with the
+.Fl T
+option.
+The default limit is 2 hours.
+.It Fl t
+The inactivity timeout period is set to
+.Ar timeout
+seconds (the default is 15 minutes).
+.It Fl u
+Set the initial umask to something else than the default 027.
+.It Fl U
+In previous versions of
+.Nm ftpd ,
+when a passive mode client requested a data connection to the server, the
+server would use data ports in the range 1024..4999. Now, by default,
+if the system supports the IP_PORTRANGE socket option, the server will
+use data ports in the range 49152..65535. Specifying this option will
+revert to the old behavior.
+.It Fl v
+Verbose mode.
+.It Xo
+.Fl B ,
+.Fl -builtin-ls
+.Xc
+use built-in ls to list files
+.It Xo
+.Fl -good-chars= Ns Ar string
+.Xc
+allowed anonymous upload filename chars
+.It Xo
+.Fl I
+.Fl -no-insecure-oob
+.Xc
+don't allow insecure out of band.
+Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning
+on this option makes them no longer work.
+.El
+.Pp
+The file
+.Pa /etc/nologin
+can be used to disable ftp access.
+If the file exists,
+.Nm
+displays it and exits.
+If the file
+.Pa /etc/ftpwelcome
+exists,
+.Nm
+prints it before issuing the
+.Dq ready
+message.
+If the file
+.Pa /etc/motd
+exists,
+.Nm
+prints it after a successful login.
+.Pp
+The ftp server currently supports the following ftp requests.
+The case of the requests is ignored.
+.Bl -column "Request" -offset indent
+.It Request Ta "Description"
+.It ABOR Ta "abort previous command"
+.It ACCT Ta "specify account (ignored)"
+.It ALLO Ta "allocate storage (vacuously)"
+.It APPE Ta "append to a file"
+.It CDUP Ta "change to parent of current working directory"
+.It CWD Ta "change working directory"
+.It DELE Ta "delete a file"
+.It HELP Ta "give help information"
+.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA"
+.It MKD Ta "make a directory"
+.It MDTM Ta "show last modification time of file"
+.It MODE Ta "specify data transfer" Em mode
+.It NLST Ta "give name list of files in directory"
+.It NOOP Ta "do nothing"
+.It PASS Ta "specify password"
+.It PASV Ta "prepare for server-to-server transfer"
+.It PORT Ta "specify data connection port"
+.It PWD Ta "print the current working directory"
+.It QUIT Ta "terminate session"
+.It REST Ta "restart incomplete transfer"
+.It RETR Ta "retrieve a file"
+.It RMD Ta "remove a directory"
+.It RNFR Ta "specify rename-from file name"
+.It RNTO Ta "specify rename-to file name"
+.It SITE Ta "non-standard commands (see next section)"
+.It SIZE Ta "return size of file"
+.It STAT Ta "return status of server"
+.It STOR Ta "store a file"
+.It STOU Ta "store a file with a unique name"
+.It STRU Ta "specify data transfer" Em structure
+.It SYST Ta "show operating system type of server system"
+.It TYPE Ta "specify data transfer" Em type
+.It USER Ta "specify user name"
+.It XCUP Ta "change to parent of current working directory (deprecated)"
+.It XCWD Ta "change working directory (deprecated)"
+.It XMKD Ta "make a directory (deprecated)"
+.It XPWD Ta "print the current working directory (deprecated)"
+.It XRMD Ta "remove a directory (deprecated)"
+.El
+.Pp
+The following commands are specified by RFC2228.
+.Bl -column Request -offset indent
+.It AUTH Ta "authentication/security mechanism"
+.It ADAT Ta "authentication/security data"
+.It PROT Ta "data channel protection level"
+.It PBSZ Ta "protection buffer size"
+.It MIC Ta "integrity protected command"
+.It CONF Ta "confidentiality protected command"
+.It ENC Ta "privacy protected command"
+.It CCC Ta "clear command channel"
+.El
+.Pp
+The following non-standard or
+.Tn UNIX
+specific commands are supported
+by the
+SITE request.
+.Pp
+.Bl -column Request -offset indent
+.It UMASK Ta change umask, (e.g.
+.Ic "SITE UMASK 002" )
+.It IDLE Ta set idle-timer, (e.g.
+.Ic "SITE IDLE 60" )
+.It CHMOD Ta change mode of a file (e.g.
+.Ic "SITE CHMOD 755 filename" )
+.It FIND Ta quickly find a specific file with GNU
+.Xr locate 1 .
+.It HELP Ta give help information.
+.El
+.Pp
+The following Kerberos related site commands are understood.
+.Bl -column Request -offset indent
+.It KAUTH Ta obtain remote tickets.
+.It KLIST Ta show remote tickets
+.El
+.Pp
+The remaining ftp requests specified in Internet RFC 959
+are
+recognized, but not implemented.
+MDTM and SIZE are not specified in RFC 959, but will appear in the
+next updated FTP RFC.
+.Pp
+The ftp server will abort an active file transfer only when the
+ABOR
+command is preceded by a Telnet "Interrupt Process" (IP)
+signal and a Telnet "Synch" signal in the command Telnet stream,
+as described in Internet RFC 959.
+If a
+STAT
+command is received during a data transfer, preceded by a Telnet IP
+and Synch, transfer status will be returned.
+.Pp
+.Nm Ftpd
+interprets file names according to the
+.Dq globbing
+conventions used by
+.Xr csh 1 .
+This allows users to use the metacharacters
+.Dq Li \&*?[]{}~ .
+.Pp
+.Nm Ftpd
+authenticates users according to these rules.
+.Pp
+.Bl -enum -offset indent
+.It
+If Kerberos authentication is used, the user must pass valid tickets
+and the principal must be allowed to login as the remote user.
+.It
+The login name must be in the password data base, and not have a null
+password (if Kerberos is used the password field is not checked). In
+this case a password must be provided by the client before any file
+operations may be performed. If the user has an OTP key, the response
+from a successful USER command will include an OTP challenge. The
+client may choose to respond with a PASS command giving either a
+standard password or an OTP one-time password. The server will
+automatically determine which type of password it has been given and
+attempt to authenticate accordingly. See
+.Xr otp 1
+for more information on OTP authentication.
+.It
+The login name must not appear in the file
+.Pa /etc/ftpusers .
+.It
+The user must have a standard shell returned by
+.Xr getusershell 3 .
+.It
+If the user name appears in the file
+.Pa /etc/ftpchroot
+the session's root will be changed to the user's login directory by
+.Xr chroot 2
+as for an
+.Dq anonymous
+or
+.Dq ftp
+account (see next item). However, the user must still supply a password.
+This feature is intended as a compromise between a fully anonymous account
+and a fully privileged account. The account should also be set up as for an
+anonymous account.
+.It
+If the user name is
+.Dq anonymous
+or
+.Dq ftp ,
+an
+anonymous ftp account must be present in the password
+file (user
+.Dq ftp ) .
+In this case the user is allowed
+to log in by specifying any password (by convention an email address for
+the user should be used as the password).
+.El
+.Pp
+In the last case,
+.Nm ftpd
+takes special measures to restrict the client's access privileges.
+The server performs a
+.Xr chroot 2
+to the home directory of the
+.Dq ftp
+user.
+In order that system security is not breached, it is recommended
+that the
+.Dq ftp
+subtree be constructed with care, consider following these guidelines
+for anonymous ftp.
+.Pp
+In general all files should be owned by
+.Dq root ,
+and have non-write permissions (644 or 755 depending on the kind of
+file). No files should be owned or writable by
+.Dq ftp
+(possibly with exception for the
+.Pa ~ftp/incoming ,
+as specified below).
+.Bl -tag -width "~ftp/pub" -offset indent
+.It Pa ~ftp
+The
+.Dq ftp
+homedirectory should be owned by root.
+.It Pa ~ftp/bin
+The directory for external programs (such as
+.Xr ls 1 ) .
+These programs must either be statically linked, or you must setup an
+environment for dynamic linking when running chrooted.
+These programs will be used if present:
+.Bl -tag -width "locate" -offset indent
+.It ls
+Used when listing files.
+.It compress
+When retrieving a filename that ends in
+.Pa .Z ,
+and that file isn't present,
+.Nm
+will try to find the filename without
+.Pa .Z
+and compress it on the fly.
+.It gzip
+Same as compress, just with files ending in
+.Pa .gz .
+.It gtar
+Enables retrieval of whole directories as files ending in
+.Pa .tar .
+Can also be combined with compression. You must use GNU Tar (or some
+other that supports the
+.Fl z
+and
+.Fl Z
+flags).
+.It locate
+Will enable ``fast find'' with the
+.Ic SITE FIND
+command. You must also create a
+.Pa locatedb
+file in
+.Pa ~ftp/etc .
+.El
+.It Pa ~ftp/etc
+If you put copies of the
+.Xr passwd 5
+and
+.Xr group 5
+files here, ls will be able to produce owner names rather than
+numbers. Remember to remove any passwords from these files.
+.Pp
+The file
+.Pa motd ,
+if present, will be printed after a successful login.
+.It Pa ~ftp/dev
+Put a copy of
+.Xr /dev/null 7
+here.
+.It Pa ~ftp/pub
+Traditional place to put whatever you want to make public.
+.El
+.Pp
+If you want guests to be able to upload files, create a
+.Pa ~ftp/incoming
+directory owned by
+.Dq root ,
+and group
+.Dq ftp
+with mode 730 (make sure
+.Dq ftp
+is member of group
+.Dq ftp ) .
+The following restrictions apply to anonymous users:
+.Bl -bullet
+.It
+Directories created will have mode 700.
+.It
+Uploaded files will be created with an umask of 777, if not changed
+with the
+.Fl g
+option.
+.It
+These command are not accessible:
+.Ic DELE , RMD , RNTO , RNFR ,
+.Ic SITE UMASK ,
+and
+.Ic SITE CHMOD .
+.It
+Filenames must start with an alpha-numeric character, and consist of
+alpha-numeric characters or any of the following:
+.Li \&+
+(plus),
+.Li \&-
+(minus),
+.Li \&=
+(equal),
+.Li \&_
+(underscore),
+.Li \&.
+(period), and
+.Li \&,
+(comma).
+.El
+.Sh FILES
+.Bl -tag -width /etc/ftpwelcome -compact
+.It Pa /etc/ftpusers
+Access list for users.
+.It Pa /etc/ftpchroot
+List of normal users who should be chroot'd.
+.It Pa /etc/ftpwelcome
+Welcome notice.
+.It Pa /etc/motd
+Welcome notice after login.
+.It Pa /etc/nologin
+Displayed and access refused.
+.It Pa ~/.klogin
+Login access for Kerberos.
+.El
+.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr otp 1 ,
+.Xr getusershell 3 ,
+.Xr ftpusers 5 ,
+.Xr syslogd 8
+.Sh STANDARDS
+.Bl -tag -compact -width "RFC 1938"
+.It Cm RFC 959
+FTP PROTOCOL SPECIFICATION
+.It Cm RFC 1938
+OTP Specification
+.It Cm RFC 2228
+FTP Security Extensions.
+.El
+.Sh BUGS
+The server must run as the super-user
+to create sockets with privileged port numbers. It maintains
+an effective user id of the logged in user, reverting to
+the super-user only when binding addresses to sockets. The
+possible security holes have been extensively
+scrutinized, but are possibly incomplete.
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2393 @@
+/*
+ * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define FTP_NAMES
+#include "ftpd_locl.h"
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#include "getarg.h"
+
+RCSID("$Id: ftpd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static char version[] = "Version 6.00";
+
+extern off_t restart_point;
+extern char cbuf[];
+
+struct sockaddr_storage ctrl_addr_ss;
+struct sockaddr *ctrl_addr = (struct sockaddr *)&ctrl_addr_ss;
+
+struct sockaddr_storage data_source_ss;
+struct sockaddr *data_source = (struct sockaddr *)&data_source_ss;
+
+struct sockaddr_storage data_dest_ss;
+struct sockaddr *data_dest = (struct sockaddr *)&data_dest_ss;
+
+struct sockaddr_storage his_addr_ss;
+struct sockaddr *his_addr = (struct sockaddr *)&his_addr_ss;
+
+struct sockaddr_storage pasv_addr_ss;
+struct sockaddr *pasv_addr = (struct sockaddr *)&pasv_addr_ss;
+
+int data;
+int logged_in;
+struct passwd *pw;
+int debug = 0;
+int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */
+int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
+int restricted_data_ports = 1;
+int logging;
+int guest;
+int dochroot;
+int type;
+int form;
+int stru; /* avoid C keyword */
+int mode;
+int usedefault = 1; /* for data transfers */
+int pdata = -1; /* for passive mode */
+int allow_insecure_oob = 1;
+static int transflag;
+static int urgflag;
+off_t file_size;
+off_t byte_count;
+#if !defined(CMASK) || CMASK == 0
+#undef CMASK
+#define CMASK 027
+#endif
+int defumask = CMASK; /* default umask value */
+int guest_umask = 0777; /* Paranoia for anonymous users */
+char tmpline[10240];
+char hostname[MaxHostNameLen];
+char remotehost[MaxHostNameLen];
+static char ttyline[20];
+
+#define AUTH_PLAIN (1 << 0) /* allow sending passwords */
+#define AUTH_OTP (1 << 1) /* passwords are one-time */
+#define AUTH_FTP (1 << 2) /* allow anonymous login */
+
+static int auth_level = 0; /* Only allow kerberos login by default */
+
+/*
+ * Timeout intervals for retrying connections
+ * to hosts that don't accept PORT cmds. This
+ * is a kludge, but given the problems with TCP...
+ */
+#define SWAITMAX 90 /* wait at most 90 seconds */
+#define SWAITINT 5 /* interval between retries */
+
+int swaitmax = SWAITMAX;
+int swaitint = SWAITINT;
+
+#ifdef HAVE_SETPROCTITLE
+char proctitle[BUFSIZ]; /* initial part of title */
+#endif /* HAVE_SETPROCTITLE */
+
+#define LOGCMD(cmd, file) \
+ if (logging > 1) \
+ syslog(LOG_INFO,"%s %s%s", cmd, \
+ *(file) == '/' ? "" : curdir(), file);
+#define LOGCMD2(cmd, file1, file2) \
+ if (logging > 1) \
+ syslog(LOG_INFO,"%s %s%s %s%s", cmd, \
+ *(file1) == '/' ? "" : curdir(), file1, \
+ *(file2) == '/' ? "" : curdir(), file2);
+#define LOGBYTES(cmd, file, cnt) \
+ if (logging > 1) { \
+ if (cnt == (off_t)-1) \
+ syslog(LOG_INFO,"%s %s%s", cmd, \
+ *(file) == '/' ? "" : curdir(), file); \
+ else \
+ syslog(LOG_INFO, "%s %s%s = %ld bytes", \
+ cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \
+ }
+
+static void ack (char *);
+static void myoob (int);
+static int handleoobcmd(void);
+static int checkuser (char *, char *);
+static int checkaccess (char *);
+static FILE *dataconn (const char *, off_t, const char *);
+static void dolog (struct sockaddr *, int);
+static void end_login (void);
+static FILE *getdatasock (const char *, int);
+static char *gunique (char *);
+static RETSIGTYPE lostconn (int);
+static int receive_data (FILE *, FILE *);
+static void send_data (FILE *, FILE *);
+static struct passwd * sgetpwnam (char *);
+
+static char *
+curdir(void)
+{
+ static char path[MaxPathLen+1]; /* path + '/' + '\0' */
+
+ if (getcwd(path, sizeof(path)-1) == NULL)
+ return ("");
+ if (path[1] != '\0') /* special case for root dir. */
+ strlcat(path, "/", sizeof(path));
+ /* For guest account, skip / since it's chrooted */
+ return (guest ? path+1 : path);
+}
+
+#ifndef LINE_MAX
+#define LINE_MAX 1024
+#endif
+
+static int
+parse_auth_level(char *str)
+{
+ char *p;
+ int ret = 0;
+ char *foo = NULL;
+
+ for(p = strtok_r(str, ",", &foo);
+ p;
+ p = strtok_r(NULL, ",", &foo)) {
+ if(strcmp(p, "user") == 0)
+ ;
+#ifdef OTP
+ else if(strcmp(p, "otp") == 0)
+ ret |= AUTH_PLAIN|AUTH_OTP;
+#endif
+ else if(strcmp(p, "ftp") == 0 ||
+ strcmp(p, "safe") == 0)
+ ret |= AUTH_FTP;
+ else if(strcmp(p, "plain") == 0)
+ ret |= AUTH_PLAIN;
+ else if(strcmp(p, "none") == 0)
+ ret |= AUTH_PLAIN|AUTH_FTP;
+ else
+ warnx("bad value for -a: `%s'", p);
+ }
+ return ret;
+}
+
+/*
+ * Print usage and die.
+ */
+
+static int interactive_flag;
+static char *guest_umask_string;
+static char *port_string;
+static char *umask_string;
+static char *auth_string;
+
+int use_builtin_ls = -1;
+
+static int help_flag;
+static int version_flag;
+
+static const char *good_chars = "+-=_,.";
+
+struct getargs args[] = {
+ { NULL, 'a', arg_string, &auth_string, "required authentication" },
+ { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" },
+ { NULL, 'p', arg_string, &port_string, "what port to listen to" },
+ { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" },
+ { NULL, 'l', arg_counter, &logging, "log more stuff", "" },
+ { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
+ { NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
+ { NULL, 'u', arg_string, &umask_string, "umask for user logins" },
+ { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" },
+ { NULL, 'd', arg_flag, &debug, "enable debugging" },
+ { NULL, 'v', arg_flag, &debug, "enable debugging" },
+ { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
+ { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" },
+ { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" },
+#ifdef KRB5
+ { "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL},
+#endif
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage (int code)
+{
+ arg_printusage(args, num_args, NULL, "");
+ exit (code);
+}
+
+/* output contents of a file */
+static int
+show_file(const char *file, int code)
+{
+ FILE *f;
+ char buf[128];
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return -1;
+ while(fgets(buf, sizeof(buf), f)){
+ buf[strcspn(buf, "\r\n")] = '\0';
+ lreply(code, "%s", buf);
+ }
+ fclose(f);
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ socklen_t his_addr_len, ctrl_addr_len;
+ int on = 1;
+ int port;
+ struct servent *sp;
+
+ int optind = 0;
+
+ setprogname (argv[0]);
+
+ /* detach from any tickets and tokens */
+ {
+#ifdef KRB4
+ char tkfile[1024];
+ snprintf(tkfile, sizeof(tkfile),
+ "/tmp/ftp_%u", (unsigned)getpid());
+ krb_set_tkt_string(tkfile);
+#endif
+ }
+
+ if(getarg(args, num_args, argc, argv, &optind))
+ usage(1);
+
+ if(help_flag)
+ usage(0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(auth_string)
+ auth_level = parse_auth_level(auth_string);
+ {
+ char *p;
+ long val = 0;
+
+ if(guest_umask_string) {
+ val = strtol(guest_umask_string, &p, 8);
+ if (*p != '\0' || val < 0)
+ warnx("bad value for -g");
+ else
+ guest_umask = val;
+ }
+ if(umask_string) {
+ val = strtol(umask_string, &p, 8);
+ if (*p != '\0' || val < 0)
+ warnx("bad value for -u");
+ else
+ defumask = val;
+ }
+ }
+ sp = getservbyname("ftp", "tcp");
+ if(sp)
+ port = sp->s_port;
+ else
+ port = htons(21);
+ if(port_string) {
+ sp = getservbyname(port_string, "tcp");
+ if(sp)
+ port = sp->s_port;
+ else
+ if(isdigit((unsigned char)port_string[0]))
+ port = htons(atoi(port_string));
+ else
+ warnx("bad value for -p");
+ }
+
+ if (maxtimeout < ftpd_timeout)
+ maxtimeout = ftpd_timeout;
+
+#if 0
+ if (ftpd_timeout > maxtimeout)
+ ftpd_timeout = maxtimeout;
+#endif
+
+ if(interactive_flag)
+ mini_inetd (port);
+
+ /*
+ * LOG_NDELAY sets up the logging connection immediately,
+ * necessary for anonymous ftp's that chroot and can't do it later.
+ */
+ openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);
+ his_addr_len = sizeof(his_addr_ss);
+ if (getpeername(STDIN_FILENO, his_addr, &his_addr_len) < 0) {
+ syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
+ exit(1);
+ }
+ ctrl_addr_len = sizeof(ctrl_addr_ss);
+ if (getsockname(STDIN_FILENO, ctrl_addr, &ctrl_addr_len) < 0) {
+ syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
+ exit(1);
+ }
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ {
+ int tos = IPTOS_LOWDELAY;
+
+ if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
+ (void *)&tos, sizeof(int)) < 0)
+ syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+ }
+#endif
+ data_source->sa_family = ctrl_addr->sa_family;
+ socket_set_port (data_source,
+ htons(ntohs(socket_get_port(ctrl_addr)) - 1));
+
+ /* set this here so it can be put in wtmp */
+ snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
+
+
+ /* freopen(_PATH_DEVNULL, "w", stderr); */
+ signal(SIGPIPE, lostconn);
+ signal(SIGCHLD, SIG_IGN);
+#ifdef SIGURG
+ if (signal(SIGURG, myoob) == SIG_ERR)
+ syslog(LOG_ERR, "signal: %m");
+#endif
+
+ /* Try to handle urgent data inline */
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_ERR, "setsockopt: %m");
+#endif
+
+#ifdef F_SETOWN
+ if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
+ syslog(LOG_ERR, "fcntl F_SETOWN: %m");
+#endif
+ dolog(his_addr, his_addr_len);
+ /*
+ * Set up default state
+ */
+ data = -1;
+ type = TYPE_A;
+ form = FORM_N;
+ stru = STRU_F;
+ mode = MODE_S;
+ tmpline[0] = '\0';
+
+ /* If logins are disabled, print out the message. */
+ if(show_file(_PATH_NOLOGIN, 530) == 0) {
+ reply(530, "System not available.");
+ exit(0);
+ }
+ show_file(_PATH_FTPWELCOME, 220);
+ /* reply(220,) must follow */
+ gethostname(hostname, sizeof(hostname));
+
+ reply(220, "%s FTP server (%s"
+#ifdef KRB5
+ "+%s"
+#endif
+#ifdef KRB4
+ "+%s"
+#endif
+ ") ready.", hostname, version
+#ifdef KRB5
+ ,heimdal_version
+#endif
+#ifdef KRB4
+ ,krb4_version
+#endif
+ );
+
+ for (;;)
+ yyparse();
+ /* NOTREACHED */
+}
+
+static RETSIGTYPE
+lostconn(int signo)
+{
+
+ if (debug)
+ syslog(LOG_DEBUG, "lost connection");
+ dologout(-1);
+}
+
+/*
+ * Helper function for sgetpwnam().
+ */
+static char *
+sgetsave(char *s)
+{
+ char *new = strdup(s);
+
+ if (new == NULL) {
+ perror_reply(421, "Local resource failure: malloc");
+ dologout(1);
+ /* NOTREACHED */
+ }
+ return new;
+}
+
+/*
+ * Save the result of a getpwnam. Used for USER command, since
+ * the data returned must not be clobbered by any other command
+ * (e.g., globbing).
+ */
+static struct passwd *
+sgetpwnam(char *name)
+{
+ static struct passwd save;
+ struct passwd *p;
+
+ if ((p = k_getpwnam(name)) == NULL)
+ return (p);
+ if (save.pw_name) {
+ free(save.pw_name);
+ free(save.pw_passwd);
+ free(save.pw_gecos);
+ free(save.pw_dir);
+ free(save.pw_shell);
+ }
+ save = *p;
+ save.pw_name = sgetsave(p->pw_name);
+ save.pw_passwd = sgetsave(p->pw_passwd);
+ save.pw_gecos = sgetsave(p->pw_gecos);
+ save.pw_dir = sgetsave(p->pw_dir);
+ save.pw_shell = sgetsave(p->pw_shell);
+ return (&save);
+}
+
+static int login_attempts; /* number of failed login attempts */
+static int askpasswd; /* had user command, ask for passwd */
+static char curname[10]; /* current USER name */
+#ifdef OTP
+OtpContext otp_ctx;
+#endif
+
+/*
+ * USER command.
+ * Sets global passwd pointer pw if named account exists and is acceptable;
+ * sets askpasswd if a PASS command is expected. If logged in previously,
+ * need to reset state. If name is "ftp" or "anonymous", the name is not in
+ * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return.
+ * If account doesn't exist, ask for passwd anyway. Otherwise, check user
+ * requesting login privileges. Disallow anyone who does not have a standard
+ * shell as returned by getusershell(). Disallow anyone mentioned in the file
+ * _PATH_FTPUSERS to allow people such as root and uucp to be avoided.
+ */
+void
+user(char *name)
+{
+ char *cp, *shell;
+
+ if(auth_level == 0 && !sec_complete){
+ reply(530, "No login allowed without authorization.");
+ return;
+ }
+
+ if (logged_in) {
+ if (guest) {
+ reply(530, "Can't change user from guest login.");
+ return;
+ } else if (dochroot) {
+ reply(530, "Can't change user from chroot user.");
+ return;
+ }
+ end_login();
+ }
+
+ guest = 0;
+ if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
+ if ((auth_level & AUTH_FTP) == 0 ||
+ checkaccess("ftp") ||
+ checkaccess("anonymous"))
+ reply(530, "User %s access denied.", name);
+ else if ((pw = sgetpwnam("ftp")) != NULL) {
+ guest = 1;
+ defumask = guest_umask; /* paranoia for incoming */
+ askpasswd = 1;
+ reply(331, "Guest login ok, type your name as password.");
+ } else
+ reply(530, "User %s unknown.", name);
+ if (!askpasswd && logging) {
+ char data_addr[256];
+
+ if (inet_ntop (his_addr->sa_family,
+ socket_get_address(his_addr),
+ data_addr, sizeof(data_addr)) == NULL)
+ strlcpy (data_addr, "unknown address",
+ sizeof(data_addr));
+
+ syslog(LOG_NOTICE,
+ "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)",
+ remotehost, data_addr);
+ }
+ return;
+ }
+ if((auth_level & AUTH_PLAIN) == 0 && !sec_complete){
+ reply(530, "Only authorized and anonymous login allowed.");
+ return;
+ }
+ if ((pw = sgetpwnam(name))) {
+ if ((shell = pw->pw_shell) == NULL || *shell == 0)
+ shell = _PATH_BSHELL;
+ while ((cp = getusershell()) != NULL)
+ if (strcmp(cp, shell) == 0)
+ break;
+ endusershell();
+
+ if (cp == NULL || checkaccess(name)) {
+ reply(530, "User %s access denied.", name);
+ if (logging) {
+ char data_addr[256];
+
+ if (inet_ntop (his_addr->sa_family,
+ socket_get_address(his_addr),
+ data_addr,
+ sizeof(data_addr)) == NULL)
+ strlcpy (data_addr,
+ "unknown address",
+ sizeof(data_addr));
+
+ syslog(LOG_NOTICE,
+ "FTP LOGIN REFUSED FROM %s(%s), %s",
+ remotehost,
+ data_addr,
+ name);
+ }
+ pw = (struct passwd *) NULL;
+ return;
+ }
+ }
+ if (logging)
+ strlcpy(curname, name, sizeof(curname));
+ if(sec_complete) {
+ if(sec_userok(name) == 0) {
+ do_login(232, name);
+ sec_session(name);
+ } else
+ reply(530, "User %s access denied.", name);
+ } else {
+#ifdef OTP
+ char ss[256];
+
+ if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) {
+ reply(331, "Password %s for %s required.",
+ ss, name);
+ askpasswd = 1;
+ } else
+#endif
+ if ((auth_level & AUTH_OTP) == 0) {
+ reply(331, "Password required for %s.", name);
+ askpasswd = 1;
+ } else {
+#ifdef OTP
+ char *s;
+
+ if ((s = otp_error (&otp_ctx)) != NULL)
+ lreply(530, "OTP: %s", s);
+#endif
+ reply(530,
+ "Only authorized, anonymous"
+#ifdef OTP
+ " and OTP "
+#endif
+ "login allowed.");
+ }
+
+ }
+ /*
+ * Delay before reading passwd after first failed
+ * attempt to slow down passwd-guessing programs.
+ */
+ if (login_attempts)
+ sleep(login_attempts);
+}
+
+/*
+ * Check if a user is in the file "fname"
+ */
+static int
+checkuser(char *fname, char *name)
+{
+ FILE *fd;
+ int found = 0;
+ char *p, line[BUFSIZ];
+
+ if ((fd = fopen(fname, "r")) != NULL) {
+ while (fgets(line, sizeof(line), fd) != NULL)
+ if ((p = strchr(line, '\n')) != NULL) {
+ *p = '\0';
+ if (line[0] == '#')
+ continue;
+ if (strcmp(line, name) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ fclose(fd);
+ }
+ return (found);
+}
+
+
+/*
+ * Determine whether a user has access, based on information in
+ * _PATH_FTPUSERS. The users are listed one per line, with `allow'
+ * or `deny' after the username. If anything other than `allow', or
+ * just nothing, is given after the username, `deny' is assumed.
+ *
+ * If the user is not found in the file, but the pseudo-user `*' is,
+ * the permission is taken from that line.
+ *
+ * This preserves the old semantics where if a user was listed in the
+ * file he was denied, otherwise he was allowed.
+ *
+ * Return 1 if the user is denied, or 0 if he is allowed. */
+
+static int
+match(const char *pattern, const char *string)
+{
+ return fnmatch(pattern, string, FNM_NOESCAPE);
+}
+
+static int
+checkaccess(char *name)
+{
+#define ALLOWED 0
+#define NOT_ALLOWED 1
+ FILE *fd;
+ int allowed = ALLOWED;
+ char *user, *perm, line[BUFSIZ];
+ char *foo;
+
+ fd = fopen(_PATH_FTPUSERS, "r");
+
+ if(fd == NULL)
+ return allowed;
+
+ while (fgets(line, sizeof(line), fd) != NULL) {
+ foo = NULL;
+ user = strtok_r(line, " \t\n", &foo);
+ if (user == NULL || user[0] == '#')
+ continue;
+ perm = strtok_r(NULL, " \t\n", &foo);
+ if (match(user, name) == 0){
+ if(perm && strcmp(perm, "allow") == 0)
+ allowed = ALLOWED;
+ else
+ allowed = NOT_ALLOWED;
+ break;
+ }
+ }
+ fclose(fd);
+ return allowed;
+}
+#undef ALLOWED
+#undef NOT_ALLOWED
+
+
+int do_login(int code, char *passwd)
+{
+ login_attempts = 0; /* this time successful */
+ if (setegid((gid_t)pw->pw_gid) < 0) {
+ reply(550, "Can't set gid.");
+ return -1;
+ }
+ initgroups(pw->pw_name, pw->pw_gid);
+#if defined(KRB4) || defined(KRB5)
+ if(k_hasafs())
+ k_setpag();
+#endif
+
+ /* open wtmp before chroot */
+ ftpd_logwtmp(ttyline, pw->pw_name, remotehost);
+ logged_in = 1;
+
+ dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
+ if (guest) {
+ /*
+ * We MUST do a chdir() after the chroot. Otherwise
+ * the old current directory will be accessible as "."
+ * outside the new root!
+ */
+ if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+ reply(550, "Can't set guest privileges.");
+ return -1;
+ }
+ } else if (dochroot) {
+ if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
+ reply(550, "Can't change root.");
+ return -1;
+ }
+ } else if (chdir(pw->pw_dir) < 0) {
+ if (chdir("/") < 0) {
+ reply(530, "User %s: can't change directory to %s.",
+ pw->pw_name, pw->pw_dir);
+ return -1;
+ } else
+ lreply(code, "No directory! Logging in with home=/");
+ }
+ if (seteuid((uid_t)pw->pw_uid) < 0) {
+ reply(550, "Can't set uid.");
+ return -1;
+ }
+
+ if(use_builtin_ls == -1) {
+ struct stat st;
+ /* if /bin/ls exist and is a regular file, use it, otherwise
+ use built-in ls */
+ if(stat("/bin/ls", &st) == 0 &&
+ S_ISREG(st.st_mode))
+ use_builtin_ls = 0;
+ else
+ use_builtin_ls = 1;
+ }
+
+ /*
+ * Display a login message, if it exists.
+ * N.B. reply(code,) must follow the message.
+ */
+ show_file(_PATH_FTPLOGINMESG, code);
+ if(show_file(_PATH_ISSUE_NET, code) != 0)
+ show_file(_PATH_ISSUE, code);
+ if (guest) {
+ reply(code, "Guest login ok, access restrictions apply.");
+#ifdef HAVE_SETPROCTITLE
+ snprintf (proctitle, sizeof(proctitle),
+ "%s: anonymous/%s",
+ remotehost,
+ passwd);
+ setproctitle("%s", proctitle);
+#endif /* HAVE_SETPROCTITLE */
+ if (logging) {
+ char data_addr[256];
+
+ if (inet_ntop (his_addr->sa_family,
+ socket_get_address(his_addr),
+ data_addr, sizeof(data_addr)) == NULL)
+ strlcpy (data_addr, "unknown address",
+ sizeof(data_addr));
+
+ syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
+ remotehost,
+ data_addr,
+ passwd);
+ }
+ } else {
+ reply(code, "User %s logged in.", pw->pw_name);
+#ifdef HAVE_SETPROCTITLE
+ snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
+ setproctitle("%s", proctitle);
+#endif /* HAVE_SETPROCTITLE */
+ if (logging) {
+ char data_addr[256];
+
+ if (inet_ntop (his_addr->sa_family,
+ socket_get_address(his_addr),
+ data_addr, sizeof(data_addr)) == NULL)
+ strlcpy (data_addr, "unknown address",
+ sizeof(data_addr));
+
+ syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s",
+ remotehost,
+ data_addr,
+ pw->pw_name);
+ }
+ }
+ umask(defumask);
+ return 0;
+}
+
+/*
+ * Terminate login as previous user, if any, resetting state;
+ * used when USER command is given or login fails.
+ */
+static void
+end_login(void)
+{
+
+ if (seteuid((uid_t)0) < 0)
+ fatal("Failed to seteuid");
+ if (logged_in)
+ ftpd_logwtmp(ttyline, "", "");
+ pw = NULL;
+ logged_in = 0;
+ guest = 0;
+ dochroot = 0;
+}
+
+#ifdef KRB5
+static int
+krb5_verify(struct passwd *pwd, char *passwd)
+{
+ krb5_context context;
+ krb5_ccache id;
+ krb5_principal princ;
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if(ret)
+ return ret;
+
+ ret = krb5_parse_name(context, pwd->pw_name, &princ);
+ if(ret){
+ krb5_free_context(context);
+ return ret;
+ }
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+ if(ret){
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
+ return ret;
+ }
+ ret = krb5_verify_user(context,
+ princ,
+ id,
+ passwd,
+ 1,
+ NULL);
+ krb5_free_principal(context, princ);
+ if (k_hasafs()) {
+ krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir);
+ }
+ krb5_cc_destroy(context, id);
+ krb5_free_context (context);
+ if(ret)
+ return ret;
+ return 0;
+}
+#endif /* KRB5 */
+
+void
+pass(char *passwd)
+{
+ int rval;
+
+ /* some clients insists on sending a password */
+ if (logged_in && askpasswd == 0){
+ reply(230, "Password not necessary");
+ return;
+ }
+
+ if (logged_in || askpasswd == 0) {
+ reply(503, "Login with USER first.");
+ return;
+ }
+ askpasswd = 0;
+ rval = 1;
+ if (!guest) { /* "ftp" is only account allowed no password */
+ if (pw == NULL)
+ rval = 1; /* failure below */
+#ifdef OTP
+ else if (otp_verify_user (&otp_ctx, passwd) == 0) {
+ rval = 0;
+ }
+#endif
+ else if((auth_level & AUTH_OTP) == 0) {
+#ifdef KRB5
+ rval = krb5_verify(pw, passwd);
+#endif
+#ifdef KRB4
+ if (rval) {
+ char realm[REALM_SZ];
+ if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS)
+ rval = krb_verify_user(pw->pw_name,
+ "", realm,
+ passwd,
+ KRB_VERIFY_SECURE, NULL);
+ if (rval == KSUCCESS ) {
+ chown (tkt_string(), pw->pw_uid, pw->pw_gid);
+ if(k_hasafs())
+ krb_afslog(0, 0);
+ }
+ }
+#endif
+ if (rval)
+ rval = unix_verify_user(pw->pw_name, passwd);
+ } else {
+#ifdef OTP
+ char *s;
+ if ((s = otp_error(&otp_ctx)) != NULL)
+ lreply(530, "OTP: %s", s);
+#endif
+ }
+ memset (passwd, 0, strlen(passwd));
+
+ /*
+ * If rval == 1, the user failed the authentication
+ * check above. If rval == 0, either Kerberos or
+ * local authentication succeeded.
+ */
+ if (rval) {
+ char data_addr[256];
+
+ if (inet_ntop (his_addr->sa_family,
+ socket_get_address(his_addr),
+ data_addr, sizeof(data_addr)) == NULL)
+ strlcpy (data_addr, "unknown address",
+ sizeof(data_addr));
+
+ reply(530, "Login incorrect.");
+ if (logging)
+ syslog(LOG_NOTICE,
+ "FTP LOGIN FAILED FROM %s(%s), %s",
+ remotehost,
+ data_addr,
+ curname);
+ pw = NULL;
+ if (login_attempts++ >= 5) {
+ syslog(LOG_NOTICE,
+ "repeated login failures from %s(%s)",
+ remotehost,
+ data_addr);
+ exit(0);
+ }
+ return;
+ }
+ }
+ if(!do_login(230, passwd))
+ return;
+
+ /* Forget all about it... */
+ end_login();
+}
+
+void
+retrieve(const char *cmd, char *name)
+{
+ FILE *fin = NULL, *dout;
+ struct stat st;
+ int (*closefunc) (FILE *);
+ char line[BUFSIZ];
+
+
+ if (cmd == 0) {
+ fin = fopen(name, "r");
+ closefunc = fclose;
+ st.st_size = 0;
+ if(fin == NULL){
+ int save_errno = errno;
+ struct cmds {
+ const char *ext;
+ const char *cmd;
+ const char *rev_cmd;
+ } cmds[] = {
+ {".tar", "/bin/gtar cPf - %s", NULL},
+ {".tar.gz", "/bin/gtar zcPf - %s", NULL},
+ {".tar.Z", "/bin/gtar ZcPf - %s", NULL},
+ {".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
+ {".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
+ {NULL, NULL}
+ };
+ struct cmds *p;
+ for(p = cmds; p->ext; p++){
+ char *tail = name + strlen(name) - strlen(p->ext);
+ char c = *tail;
+
+ if(strcmp(tail, p->ext) == 0 &&
+ (*tail = 0) == 0 &&
+ access(name, R_OK) == 0){
+ snprintf (line, sizeof(line), p->cmd, name);
+ *tail = c;
+ break;
+ }
+ *tail = c;
+ if (p->rev_cmd != NULL) {
+ char *ext;
+ int ret;
+
+ ret = asprintf(&ext, "%s%s", name, p->ext);
+ if (ret != -1) {
+ if (access(ext, R_OK) == 0) {
+ snprintf (line, sizeof(line),
+ p->rev_cmd, ext);
+ free(ext);
+ break;
+ }
+ free(ext);
+ }
+ }
+
+ }
+ if(p->ext){
+ fin = ftpd_popen(line, "r", 0, 0);
+ closefunc = ftpd_pclose;
+ st.st_size = -1;
+ cmd = line;
+ } else
+ errno = save_errno;
+ }
+ } else {
+ snprintf(line, sizeof(line), cmd, name);
+ name = line;
+ fin = ftpd_popen(line, "r", 1, 0);
+ closefunc = ftpd_pclose;
+ st.st_size = -1;
+ }
+ if (fin == NULL) {
+ if (errno != 0) {
+ perror_reply(550, name);
+ if (cmd == 0) {
+ LOGCMD("get", name);
+ }
+ }
+ return;
+ }
+ byte_count = -1;
+ if (cmd == 0){
+ if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) {
+ reply(550, "%s: not a plain file.", name);
+ goto done;
+ }
+ }
+ if (restart_point) {
+ if (type == TYPE_A) {
+ off_t i, n;
+ int c;
+
+ n = restart_point;
+ i = 0;
+ while (i++ < n) {
+ if ((c=getc(fin)) == EOF) {
+ perror_reply(550, name);
+ goto done;
+ }
+ if (c == '\n')
+ i++;
+ }
+ } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) {
+ perror_reply(550, name);
+ goto done;
+ }
+ }
+ dout = dataconn(name, st.st_size, "w");
+ if (dout == NULL)
+ goto done;
+ set_buffer_size(fileno(dout), 0);
+ send_data(fin, dout);
+ fclose(dout);
+ data = -1;
+ pdata = -1;
+done:
+ if (cmd == 0)
+ LOGBYTES("get", name, byte_count);
+ (*closefunc)(fin);
+}
+
+/* filename sanity check */
+
+int
+filename_check(char *filename)
+{
+ char *p;
+
+ p = strrchr(filename, '/');
+ if(p)
+ filename = p + 1;
+
+ p = filename;
+
+ if(isalnum((unsigned char)*p)){
+ p++;
+ while(*p && (isalnum((unsigned char)*p) || strchr(good_chars, (unsigned char)*p)))
+ p++;
+ if(*p == '\0')
+ return 0;
+ }
+ lreply(553, "\"%s\" is not an acceptable filename.", filename);
+ lreply(553, "The filename must start with an alphanumeric "
+ "character and must only");
+ reply(553, "consist of alphanumeric characters or any of the following: %s",
+ good_chars);
+ return 1;
+}
+
+void
+do_store(char *name, char *mode, int unique)
+{
+ FILE *fout, *din;
+ struct stat st;
+ int (*closefunc) (FILE *);
+
+ if(guest && filename_check(name))
+ return;
+ if (unique && stat(name, &st) == 0 &&
+ (name = gunique(name)) == NULL) {
+ LOGCMD(*mode == 'w' ? "put" : "append", name);
+ return;
+ }
+
+ if (restart_point)
+ mode = "r+";
+ fout = fopen(name, mode);
+ closefunc = fclose;
+ if (fout == NULL) {
+ perror_reply(553, name);
+ LOGCMD(*mode == 'w' ? "put" : "append", name);
+ return;
+ }
+ byte_count = -1;
+ if (restart_point) {
+ if (type == TYPE_A) {
+ off_t i, n;
+ int c;
+
+ n = restart_point;
+ i = 0;
+ while (i++ < n) {
+ if ((c=getc(fout)) == EOF) {
+ perror_reply(550, name);
+ goto done;
+ }
+ if (c == '\n')
+ i++;
+ }
+ /*
+ * We must do this seek to "current" position
+ * because we are changing from reading to
+ * writing.
+ */
+ if (fseek(fout, 0L, SEEK_CUR) < 0) {
+ perror_reply(550, name);
+ goto done;
+ }
+ } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) {
+ perror_reply(550, name);
+ goto done;
+ }
+ }
+ din = dataconn(name, (off_t)-1, "r");
+ if (din == NULL)
+ goto done;
+ set_buffer_size(fileno(din), 1);
+ if (receive_data(din, fout) == 0) {
+ if((*closefunc)(fout) < 0)
+ perror_reply(552, name);
+ else {
+ if (unique)
+ reply(226, "Transfer complete (unique file name:%s).",
+ name);
+ else
+ reply(226, "Transfer complete.");
+ }
+ } else
+ (*closefunc)(fout);
+ fclose(din);
+ data = -1;
+ pdata = -1;
+done:
+ LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
+}
+
+static FILE *
+getdatasock(const char *mode, int domain)
+{
+ int s, t, tries;
+
+ if (data >= 0)
+ return (fdopen(data, mode));
+ if (seteuid(0) < 0)
+ fatal("Failed to seteuid");
+ s = socket(domain, SOCK_STREAM, 0);
+ if (s < 0)
+ goto bad;
+ socket_set_reuseaddr (s, 1);
+ /* anchor socket to avoid multi-homing problems */
+ socket_set_address_and_port (data_source,
+ socket_get_address (ctrl_addr),
+ socket_get_port (data_source));
+
+ for (tries = 1; ; tries++) {
+ if (bind(s, data_source,
+ socket_sockaddr_size (data_source)) >= 0)
+ break;
+ if (errno != EADDRINUSE || tries > 10)
+ goto bad;
+ sleep(tries);
+ }
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
+#ifdef IPTOS_THROUGHPUT
+ socket_set_tos (s, IPTOS_THROUGHPUT);
+#endif
+ return (fdopen(s, mode));
+bad:
+ /* Return the real value of errno (close may change it) */
+ t = errno;
+ if (seteuid((uid_t)pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
+ close(s);
+ errno = t;
+ return (NULL);
+}
+
+static int
+accept_with_timeout(int socket,
+ struct sockaddr *address,
+ socklen_t *address_len,
+ struct timeval *timeout)
+{
+ int ret;
+ fd_set rfd;
+ FD_ZERO(&rfd);
+ FD_SET(socket, &rfd);
+ ret = select(socket + 1, &rfd, NULL, NULL, timeout);
+ if(ret < 0)
+ return ret;
+ if(ret == 0) {
+ errno = ETIMEDOUT;
+ return -1;
+ }
+ return accept(socket, address, address_len);
+}
+
+static FILE *
+dataconn(const char *name, off_t size, const char *mode)
+{
+ char sizebuf[32];
+ FILE *file;
+ int domain, retry = 0;
+
+ file_size = size;
+ byte_count = 0;
+ if (size >= 0)
+ snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", (long)size);
+ else
+ *sizebuf = '\0';
+ if (pdata >= 0) {
+ struct sockaddr_storage from_ss;
+ struct sockaddr *from = (struct sockaddr *)&from_ss;
+ struct timeval timeout;
+ int s;
+ socklen_t fromlen = sizeof(from_ss);
+
+ timeout.tv_sec = 15;
+ timeout.tv_usec = 0;
+ s = accept_with_timeout(pdata, from, &fromlen, &timeout);
+ if (s < 0) {
+ reply(425, "Can't open data connection.");
+ close(pdata);
+ pdata = -1;
+ return (NULL);
+ }
+ close(pdata);
+ pdata = s;
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ {
+ int tos = IPTOS_THROUGHPUT;
+
+ setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos,
+ sizeof(tos));
+ }
+#endif
+ reply(150, "Opening %s mode data connection for '%s'%s.",
+ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
+ return (fdopen(pdata, mode));
+ }
+ if (data >= 0) {
+ reply(125, "Using existing data connection for '%s'%s.",
+ name, sizebuf);
+ usedefault = 1;
+ return (fdopen(data, mode));
+ }
+ if (usedefault)
+ data_dest = his_addr;
+ usedefault = 1;
+ /*
+ * Default to using the same socket type as the ctrl address,
+ * unless we know the type of the data address.
+ */
+ domain = data_dest->sa_family;
+ if (domain == PF_UNSPEC)
+ domain = ctrl_addr->sa_family;
+
+ file = getdatasock(mode, domain);
+ if (file == NULL) {
+ char data_addr[256];
+
+ if (inet_ntop (data_source->sa_family,
+ socket_get_address(data_source),
+ data_addr, sizeof(data_addr)) == NULL)
+ strlcpy (data_addr, "unknown address",
+ sizeof(data_addr));
+
+ reply(425, "Can't create data socket (%s,%d): %s.",
+ data_addr,
+ socket_get_port (data_source),
+ strerror(errno));
+ return (NULL);
+ }
+ data = fileno(file);
+ while (connect(data, data_dest,
+ socket_sockaddr_size(data_dest)) < 0) {
+ if (errno == EADDRINUSE && retry < swaitmax) {
+ sleep(swaitint);
+ retry += swaitint;
+ continue;
+ }
+ perror_reply(425, "Can't build data connection");
+ fclose(file);
+ data = -1;
+ return (NULL);
+ }
+ reply(150, "Opening %s mode data connection for '%s'%s.",
+ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
+ return (file);
+}
+
+/*
+ * Tranfer the contents of "instr" to "outstr" peer using the appropriate
+ * encapsulation of the data subject * to Mode, Structure, and Type.
+ *
+ * NB: Form isn't handled.
+ */
+static void
+send_data(FILE *instr, FILE *outstr)
+{
+ int c, cnt, filefd, netfd;
+ static char *buf;
+ static size_t bufsize;
+
+ transflag = 1;
+ switch (type) {
+
+ case TYPE_A:
+ while ((c = getc(instr)) != EOF) {
+ if (urgflag && handleoobcmd())
+ return;
+ byte_count++;
+ if(c == '\n')
+ sec_putc('\r', outstr);
+ sec_putc(c, outstr);
+ }
+ sec_fflush(outstr);
+ transflag = 0;
+ urgflag = 0;
+ if (ferror(instr))
+ goto file_err;
+ if (ferror(outstr))
+ goto data_err;
+ reply(226, "Transfer complete.");
+ return;
+
+ case TYPE_I:
+ case TYPE_L:
+#if 0 /* XXX handle urg flag */
+#if defined(HAVE_MMAP) && !defined(NO_MMAP)
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+ {
+ struct stat st;
+ char *chunk;
+ int in = fileno(instr);
+ if(fstat(in, &st) == 0 && S_ISREG(st.st_mode)
+ && st.st_size > 0) {
+ /*
+ * mmap zero bytes has potential of loosing, don't do it.
+ */
+ chunk = mmap(0, st.st_size, PROT_READ,
+ MAP_SHARED, in, 0);
+ if((void *)chunk != (void *)MAP_FAILED) {
+ cnt = st.st_size - restart_point;
+ sec_write(fileno(outstr), chunk + restart_point, cnt);
+ if (munmap(chunk, st.st_size) < 0)
+ warn ("munmap");
+ sec_fflush(outstr);
+ byte_count = cnt;
+ transflag = 0;
+ urgflag = 0;
+ }
+ }
+ }
+#endif
+#endif
+ if(transflag) {
+ struct stat st;
+
+ netfd = fileno(outstr);
+ filefd = fileno(instr);
+ buf = alloc_buffer (buf, &bufsize,
+ fstat(filefd, &st) >= 0 ? &st : NULL);
+ if (buf == NULL) {
+ transflag = 0;
+ urgflag = 0;
+ perror_reply(451, "Local resource failure: malloc");
+ return;
+ }
+ while ((cnt = read(filefd, buf, bufsize)) > 0 &&
+ sec_write(netfd, buf, cnt) == cnt) {
+ byte_count += cnt;
+ if (urgflag && handleoobcmd())
+ return;
+ }
+ sec_fflush(outstr); /* to end an encrypted stream */
+ transflag = 0;
+ urgflag = 0;
+ if (cnt != 0) {
+ if (cnt < 0)
+ goto file_err;
+ goto data_err;
+ }
+ }
+ reply(226, "Transfer complete.");
+ return;
+ default:
+ transflag = 0;
+ urgflag = 0;
+ reply(550, "Unimplemented TYPE %d in send_data", type);
+ return;
+ }
+
+data_err:
+ transflag = 0;
+ urgflag = 0;
+ perror_reply(426, "Data connection");
+ return;
+
+file_err:
+ transflag = 0;
+ urgflag = 0;
+ perror_reply(551, "Error on input file");
+}
+
+/*
+ * Transfer data from peer to "outstr" using the appropriate encapulation of
+ * the data subject to Mode, Structure, and Type.
+ *
+ * N.B.: Form isn't handled.
+ */
+static int
+receive_data(FILE *instr, FILE *outstr)
+{
+ int cnt, bare_lfs = 0;
+ static char *buf;
+ static size_t bufsize;
+ struct stat st;
+
+ transflag = 1;
+
+ buf = alloc_buffer (buf, &bufsize,
+ fstat(fileno(outstr), &st) >= 0 ? &st : NULL);
+ if (buf == NULL) {
+ transflag = 0;
+ urgflag = 0;
+ perror_reply(451, "Local resource failure: malloc");
+ return -1;
+ }
+
+ switch (type) {
+
+ case TYPE_I:
+ case TYPE_L:
+ while ((cnt = sec_read(fileno(instr), buf, bufsize)) > 0) {
+ if (write(fileno(outstr), buf, cnt) != cnt)
+ goto file_err;
+ byte_count += cnt;
+ if (urgflag && handleoobcmd())
+ return (-1);
+ }
+ if (cnt < 0)
+ goto data_err;
+ transflag = 0;
+ urgflag = 0;
+ return (0);
+
+ case TYPE_E:
+ reply(553, "TYPE E not implemented.");
+ transflag = 0;
+ urgflag = 0;
+ return (-1);
+
+ case TYPE_A:
+ {
+ char *p, *q;
+ int cr_flag = 0;
+ while ((cnt = sec_read(fileno(instr),
+ buf + cr_flag,
+ bufsize - cr_flag)) > 0){
+ if (urgflag && handleoobcmd())
+ return (-1);
+ byte_count += cnt;
+ cnt += cr_flag;
+ cr_flag = 0;
+ for(p = buf, q = buf; p < buf + cnt;) {
+ if(*p == '\n')
+ bare_lfs++;
+ if(*p == '\r') {
+ if(p == buf + cnt - 1){
+ cr_flag = 1;
+ p++;
+ continue;
+ }else if(p[1] == '\n'){
+ *q++ = '\n';
+ p += 2;
+ continue;
+ }
+ }
+ *q++ = *p++;
+ }
+ fwrite(buf, q - buf, 1, outstr);
+ if(cr_flag)
+ buf[0] = '\r';
+ }
+ if(cr_flag)
+ putc('\r', outstr);
+ fflush(outstr);
+ if (ferror(instr))
+ goto data_err;
+ if (ferror(outstr))
+ goto file_err;
+ transflag = 0;
+ urgflag = 0;
+ if (bare_lfs) {
+ lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n"
+ " File may not have transferred correctly.\r\n",
+ bare_lfs);
+ }
+ return (0);
+ }
+ default:
+ reply(550, "Unimplemented TYPE %d in receive_data", type);
+ transflag = 0;
+ urgflag = 0;
+ return (-1);
+ }
+
+data_err:
+ transflag = 0;
+ urgflag = 0;
+ perror_reply(426, "Data Connection");
+ return (-1);
+
+file_err:
+ transflag = 0;
+ urgflag = 0;
+ perror_reply(452, "Error writing file");
+ return (-1);
+}
+
+void
+statfilecmd(char *filename)
+{
+ FILE *fin;
+ int c;
+ char line[LINE_MAX];
+
+ snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
+ fin = ftpd_popen(line, "r", 1, 0);
+ lreply(211, "status of %s:", filename);
+ while ((c = getc(fin)) != EOF) {
+ if (c == '\n') {
+ if (ferror(stdout)){
+ perror_reply(421, "control connection");
+ ftpd_pclose(fin);
+ dologout(1);
+ /* NOTREACHED */
+ }
+ if (ferror(fin)) {
+ perror_reply(551, filename);
+ ftpd_pclose(fin);
+ return;
+ }
+ putc('\r', stdout);
+ }
+ putc(c, stdout);
+ }
+ ftpd_pclose(fin);
+ reply(211, "End of Status");
+}
+
+void
+statcmd(void)
+{
+#if 0
+ struct sockaddr_in *sin;
+ u_char *a, *p;
+
+ lreply(211, "%s FTP server (%s) status:", hostname, version);
+ printf(" %s\r\n", version);
+ printf(" Connected to %s", remotehost);
+ if (!isdigit((unsigned char)remotehost[0]))
+ printf(" (%s)", inet_ntoa(his_addr.sin_addr));
+ printf("\r\n");
+ if (logged_in) {
+ if (guest)
+ printf(" Logged in anonymously\r\n");
+ else
+ printf(" Logged in as %s\r\n", pw->pw_name);
+ } else if (askpasswd)
+ printf(" Waiting for password\r\n");
+ else
+ printf(" Waiting for user name\r\n");
+ printf(" TYPE: %s", typenames[type]);
+ if (type == TYPE_A || type == TYPE_E)
+ printf(", FORM: %s", formnames[form]);
+ if (type == TYPE_L)
+#if NBBY == 8
+ printf(" %d", NBBY);
+#else
+ printf(" %d", bytesize); /* need definition! */
+#endif
+ printf("; STRUcture: %s; transfer MODE: %s\r\n",
+ strunames[stru], modenames[mode]);
+ if (data != -1)
+ printf(" Data connection open\r\n");
+ else if (pdata != -1) {
+ printf(" in Passive mode");
+ sin = &pasv_addr;
+ goto printaddr;
+ } else if (usedefault == 0) {
+ printf(" PORT");
+ sin = &data_dest;
+printaddr:
+ a = (u_char *) &sin->sin_addr;
+ p = (u_char *) &sin->sin_port;
+#define UC(b) (((int) b) & 0xff)
+ printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]),
+ UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
+#undef UC
+ } else
+ printf(" No data connection\r\n");
+#endif
+ reply(211, "End of status");
+}
+
+void
+fatal(char *s)
+{
+
+ reply(451, "Error in server: %s\n", s);
+ reply(221, "Closing connection due to server error.");
+ dologout(0);
+ /* NOTREACHED */
+}
+
+static void
+int_reply(int, char *, const char *, va_list)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 3, 0)))
+#endif
+;
+
+static void
+int_reply(int n, char *c, const char *fmt, va_list ap)
+{
+ char buf[10240];
+ char *p;
+ p=buf;
+ if(n){
+ snprintf(p, sizeof(buf), "%d%s", n, c);
+ p+=strlen(p);
+ }
+ vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
+ p+=strlen(p);
+ snprintf(p, sizeof(buf) - strlen(p), "\r\n");
+ p+=strlen(p);
+ sec_fprintf(stdout, "%s", buf);
+ fflush(stdout);
+ if (debug)
+ syslog(LOG_DEBUG, "<--- %s- ", buf);
+}
+
+void
+reply(int n, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ int_reply(n, " ", fmt, ap);
+ delete_ftp_command();
+ va_end(ap);
+}
+
+void
+lreply(int n, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ int_reply(n, "-", fmt, ap);
+ va_end(ap);
+}
+
+void
+nreply(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ int_reply(0, NULL, fmt, ap);
+ va_end(ap);
+}
+
+static void
+ack(char *s)
+{
+
+ reply(250, "%s command successful.", s);
+}
+
+void
+nack(char *s)
+{
+
+ reply(502, "%s command not implemented.", s);
+}
+
+void
+do_delete(char *name)
+{
+ struct stat st;
+
+ LOGCMD("delete", name);
+ if (stat(name, &st) < 0) {
+ perror_reply(550, name);
+ return;
+ }
+ if ((st.st_mode&S_IFMT) == S_IFDIR) {
+ if (rmdir(name) < 0) {
+ perror_reply(550, name);
+ return;
+ }
+ goto done;
+ }
+ if (unlink(name) < 0) {
+ perror_reply(550, name);
+ return;
+ }
+done:
+ ack("DELE");
+}
+
+void
+cwd(char *path)
+{
+
+ if (chdir(path) < 0)
+ perror_reply(550, path);
+ else
+ ack("CWD");
+}
+
+void
+makedir(char *name)
+{
+
+ LOGCMD("mkdir", name);
+ if(guest && filename_check(name))
+ return;
+ if (mkdir(name, 0777) < 0)
+ perror_reply(550, name);
+ else{
+ if(guest)
+ chmod(name, 0700); /* guest has umask 777 */
+ reply(257, "MKD command successful.");
+ }
+}
+
+void
+removedir(char *name)
+{
+
+ LOGCMD("rmdir", name);
+ if (rmdir(name) < 0)
+ perror_reply(550, name);
+ else
+ ack("RMD");
+}
+
+void
+pwd(void)
+{
+ char path[MaxPathLen];
+ char *ret;
+
+ /* SunOS has a broken getcwd that does popen(pwd) (!!!), this
+ * failes miserably when running chroot
+ */
+ ret = getcwd(path, sizeof(path));
+ if (ret == NULL)
+ reply(550, "%s.", strerror(errno));
+ else
+ reply(257, "\"%s\" is current directory.", path);
+}
+
+char *
+renamefrom(char *name)
+{
+ struct stat st;
+
+ if (stat(name, &st) < 0) {
+ perror_reply(550, name);
+ return NULL;
+ }
+ reply(350, "File exists, ready for destination name");
+ return (name);
+}
+
+void
+renamecmd(char *from, char *to)
+{
+
+ LOGCMD2("rename", from, to);
+ if(guest && filename_check(to))
+ return;
+ if (rename(from, to) < 0)
+ perror_reply(550, "rename");
+ else
+ ack("RNTO");
+}
+
+static void
+dolog(struct sockaddr *sa, int len)
+{
+ getnameinfo_verified (sa, len, remotehost, sizeof(remotehost),
+ NULL, 0, 0);
+#ifdef HAVE_SETPROCTITLE
+ snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
+ setproctitle("%s", proctitle);
+#endif /* HAVE_SETPROCTITLE */
+
+ if (logging) {
+ char data_addr[256];
+
+ if (inet_ntop (his_addr->sa_family,
+ socket_get_address(his_addr),
+ data_addr, sizeof(data_addr)) == NULL)
+ strlcpy (data_addr, "unknown address",
+ sizeof(data_addr));
+
+
+ syslog(LOG_INFO, "connection from %s(%s)",
+ remotehost,
+ data_addr);
+ }
+}
+
+/*
+ * Record logout in wtmp file
+ * and exit with supplied status.
+ */
+void
+dologout(int status)
+{
+ transflag = 0;
+ urgflag = 0;
+ if (logged_in) {
+#if KRB4 || KRB5
+ cond_kdestroy();
+#endif
+ seteuid((uid_t)0); /* No need to check, we call exit() below */
+ ftpd_logwtmp(ttyline, "", "");
+ }
+ /* beware of flushing buffers after a SIGPIPE */
+#ifdef XXX
+ exit(status);
+#else
+ _exit(status);
+#endif
+}
+
+void abor(void)
+{
+ if (!transflag)
+ return;
+ reply(426, "Transfer aborted. Data connection closed.");
+ reply(226, "Abort successful");
+ transflag = 0;
+}
+
+static void
+myoob(int signo)
+{
+ urgflag = 1;
+}
+
+static char *
+mec_space(char *p)
+{
+ while(isspace(*(unsigned char *)p))
+ p++;
+ return p;
+}
+
+static int
+handleoobcmd(void)
+{
+ char *cp;
+
+ /* only process if transfer occurring */
+ if (!transflag)
+ return 0;
+
+ urgflag = 0;
+
+ cp = tmpline;
+ if (ftpd_getline(cp, sizeof(tmpline)) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
+
+ if (strncasecmp("MIC", cp, 3) == 0) {
+ mec(mec_space(cp + 3), prot_safe);
+ } else if (strncasecmp("CONF", cp, 4) == 0) {
+ mec(mec_space(cp + 4), prot_confidential);
+ } else if (strncasecmp("ENC", cp, 3) == 0) {
+ mec(mec_space(cp + 3), prot_private);
+ } else if (!allow_insecure_oob) {
+ reply(533, "Command protection level denied "
+ "for paranoid reasons.");
+ goto out;
+ }
+
+ if (secure_command())
+ cp = ftp_command;
+
+ if (strcasecmp(cp, "ABOR\r\n") == 0) {
+ abor();
+ } else if (strcasecmp(cp, "STAT\r\n") == 0) {
+ if (file_size != (off_t) -1)
+ reply(213, "Status: %ld of %ld bytes transferred",
+ (long)byte_count,
+ (long)file_size);
+ else
+ reply(213, "Status: %ld bytes transferred",
+ (long)byte_count);
+ }
+out:
+ return (transflag == 0);
+}
+
+/*
+ * Note: a response of 425 is not mentioned as a possible response to
+ * the PASV command in RFC959. However, it has been blessed as
+ * a legitimate response by Jon Postel in a telephone conversation
+ * with Rick Adams on 25 Jan 89.
+ */
+void
+pasv(void)
+{
+ socklen_t len;
+ char *p, *a;
+ struct sockaddr_in *sin;
+
+ if (ctrl_addr->sa_family != AF_INET) {
+ reply(425,
+ "You cannot do PASV with something that's not IPv4");
+ return;
+ }
+
+ if(pdata != -1)
+ close(pdata);
+
+ pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+ if (pdata < 0) {
+ perror_reply(425, "Can't open passive connection");
+ return;
+ }
+ pasv_addr->sa_family = ctrl_addr->sa_family;
+ socket_set_address_and_port (pasv_addr,
+ socket_get_address (ctrl_addr),
+ 0);
+ socket_set_portrange(pdata, restricted_data_ports,
+ pasv_addr->sa_family);
+ if (seteuid(0) < 0)
+ fatal("Failed to seteuid");
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
+ goto pasv_error;
+ }
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
+ len = sizeof(pasv_addr_ss);
+ if (getsockname(pdata, pasv_addr, &len) < 0)
+ goto pasv_error;
+ if (listen(pdata, 1) < 0)
+ goto pasv_error;
+ sin = (struct sockaddr_in *)pasv_addr;
+ a = (char *) &sin->sin_addr;
+ p = (char *) &sin->sin_port;
+
+#define UC(b) (((int) b) & 0xff)
+
+ reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
+ UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
+ return;
+
+pasv_error:
+ close(pdata);
+ pdata = -1;
+ perror_reply(425, "Can't open passive connection");
+ return;
+}
+
+void
+epsv(char *proto)
+{
+ socklen_t len;
+
+ pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
+ if (pdata < 0) {
+ perror_reply(425, "Can't open passive connection");
+ return;
+ }
+ pasv_addr->sa_family = ctrl_addr->sa_family;
+ socket_set_address_and_port (pasv_addr,
+ socket_get_address (ctrl_addr),
+ 0);
+ socket_set_portrange(pdata, restricted_data_ports,
+ pasv_addr->sa_family);
+ if (seteuid(0) < 0)
+ fatal("Failed to seteuid");
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+ if (seteuid(pw->pw_uid))
+ fatal("Failed to seteuid");
+ goto pasv_error;
+ }
+ if (seteuid(pw->pw_uid) < 0)
+ fatal("Failed to seteuid");
+ len = sizeof(pasv_addr_ss);
+ if (getsockname(pdata, pasv_addr, &len) < 0)
+ goto pasv_error;
+ if (listen(pdata, 1) < 0)
+ goto pasv_error;
+
+ reply(229, "Entering Extended Passive Mode (|||%d|)",
+ ntohs(socket_get_port (pasv_addr)));
+ return;
+
+pasv_error:
+ close(pdata);
+ pdata = -1;
+ perror_reply(425, "Can't open passive connection");
+ return;
+}
+
+void
+eprt(char *str)
+{
+ char *end;
+ char sep;
+ int af;
+ int ret;
+ int port;
+
+ usedefault = 0;
+ if (pdata >= 0) {
+ close(pdata);
+ pdata = -1;
+ }
+
+ sep = *str++;
+ if (sep == '\0') {
+ reply(500, "Bad syntax in EPRT");
+ return;
+ }
+ af = strtol (str, &end, 0);
+ if (af == 0 || *end != sep) {
+ reply(500, "Bad syntax in EPRT");
+ return;
+ }
+ str = end + 1;
+ switch (af) {
+#ifdef HAVE_IPV6
+ case 2 :
+ data_dest->sa_family = AF_INET6;
+ break;
+#endif
+ case 1 :
+ data_dest->sa_family = AF_INET;
+ break;
+ default :
+ reply(522, "Network protocol %d not supported, use (1"
+#ifdef HAVE_IPV6
+ ",2"
+#endif
+ ")", af);
+ return;
+ }
+ end = strchr (str, sep);
+ if (end == NULL) {
+ reply(500, "Bad syntax in EPRT");
+ return;
+ }
+ *end = '\0';
+ ret = inet_pton (data_dest->sa_family, str,
+ socket_get_address (data_dest));
+
+ if (ret != 1) {
+ reply(500, "Bad address syntax in EPRT");
+ return;
+ }
+ str = end + 1;
+ port = strtol (str, &end, 0);
+ if (port == 0 || *end != sep) {
+ reply(500, "Bad port syntax in EPRT");
+ return;
+ }
+ socket_set_port (data_dest, htons(port));
+ reply(200, "EPRT command successful.");
+}
+
+/*
+ * Generate unique name for file with basename "local".
+ * The file named "local" is already known to exist.
+ * Generates failure reply on error.
+ */
+static char *
+gunique(char *local)
+{
+ static char new[MaxPathLen];
+ struct stat st;
+ int count;
+ char *cp;
+
+ cp = strrchr(local, '/');
+ if (cp)
+ *cp = '\0';
+ if (stat(cp ? local : ".", &st) < 0) {
+ perror_reply(553, cp ? local : ".");
+ return NULL;
+ }
+ if (cp)
+ *cp = '/';
+ for (count = 1; count < 100; count++) {
+ snprintf (new, sizeof(new), "%s.%d", local, count);
+ if (stat(new, &st) < 0)
+ return (new);
+ }
+ reply(452, "Unique file name cannot be created.");
+ return (NULL);
+}
+
+/*
+ * Format and send reply containing system error number.
+ */
+void
+perror_reply(int code, const char *string)
+{
+ reply(code, "%s: %s.", string, strerror(errno));
+}
+
+static char *onefile[] = {
+ "",
+ 0
+};
+
+void
+list_file(char *file)
+{
+ if(use_builtin_ls) {
+ FILE *dout;
+ dout = dataconn(file, -1, "w");
+ if (dout == NULL)
+ return;
+ set_buffer_size(fileno(dout), 0);
+ if(builtin_ls(dout, file) == 0)
+ reply(226, "Transfer complete.");
+ else
+ reply(451, "Requested action aborted. Local error in processing.");
+ fclose(dout);
+ data = -1;
+ pdata = -1;
+ } else {
+#ifdef HAVE_LS_A
+ const char *cmd = "/bin/ls -lA %s";
+#else
+ const char *cmd = "/bin/ls -la %s";
+#endif
+ retrieve(cmd, file);
+ }
+}
+
+void
+send_file_list(char *whichf)
+{
+ struct stat st;
+ DIR *dirp = NULL;
+ struct dirent *dir;
+ FILE *dout = NULL;
+ char **dirlist, *dirname;
+ int simple = 0;
+ int freeglob = 0;
+ glob_t gl;
+ char buf[MaxPathLen];
+
+ if (strpbrk(whichf, "~{[*?") != NULL) {
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
+#ifdef GLOB_MAXPATH
+ GLOB_MAXPATH
+#else
+ GLOB_LIMIT
+#endif
+ ;
+
+ memset(&gl, 0, sizeof(gl));
+ freeglob = 1;
+ if (glob(whichf, flags, 0, &gl)) {
+ reply(550, "not found");
+ goto out;
+ } else if (gl.gl_pathc == 0) {
+ errno = ENOENT;
+ perror_reply(550, whichf);
+ goto out;
+ }
+ dirlist = gl.gl_pathv;
+ } else {
+ onefile[0] = whichf;
+ dirlist = onefile;
+ simple = 1;
+ }
+
+ while ((dirname = *dirlist++)) {
+
+ if (urgflag && handleoobcmd())
+ goto out;
+
+ if (stat(dirname, &st) < 0) {
+ /*
+ * If user typed "ls -l", etc, and the client
+ * used NLST, do what the user meant.
+ */
+ if (dirname[0] == '-' && *dirlist == NULL &&
+ transflag == 0) {
+ list_file(dirname);
+ goto out;
+ }
+ perror_reply(550, whichf);
+ goto out;
+ }
+
+ if (S_ISREG(st.st_mode)) {
+ if (dout == NULL) {
+ dout = dataconn("file list", (off_t)-1, "w");
+ if (dout == NULL)
+ goto out;
+ transflag = 1;
+ }
+ snprintf(buf, sizeof(buf), "%s%s\n", dirname,
+ type == TYPE_A ? "\r" : "");
+ sec_write(fileno(dout), buf, strlen(buf));
+ byte_count += strlen(dirname) + 1;
+ continue;
+ } else if (!S_ISDIR(st.st_mode))
+ continue;
+
+ if ((dirp = opendir(dirname)) == NULL)
+ continue;
+
+ while ((dir = readdir(dirp)) != NULL) {
+ char nbuf[MaxPathLen];
+
+ if (urgflag && handleoobcmd())
+ goto out;
+
+ if (!strcmp(dir->d_name, "."))
+ continue;
+ if (!strcmp(dir->d_name, ".."))
+ continue;
+
+ snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
+
+ /*
+ * We have to do a stat to insure it's
+ * not a directory or special file.
+ */
+ if (simple || (stat(nbuf, &st) == 0 &&
+ S_ISREG(st.st_mode))) {
+ if (dout == NULL) {
+ dout = dataconn("file list", (off_t)-1, "w");
+ if (dout == NULL)
+ goto out;
+ transflag = 1;
+ }
+ if(strncmp(nbuf, "./", 2) == 0)
+ snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
+ type == TYPE_A ? "\r" : "");
+ else
+ snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
+ type == TYPE_A ? "\r" : "");
+ sec_write(fileno(dout), buf, strlen(buf));
+ byte_count += strlen(nbuf) + 1;
+ }
+ }
+ closedir(dirp);
+ }
+ if (dout == NULL)
+ reply(550, "No files found.");
+ else if (ferror(dout) != 0)
+ perror_reply(550, "Data connection");
+ else
+ reply(226, "Transfer complete.");
+
+out:
+ transflag = 0;
+ if (dout != NULL){
+ sec_write(fileno(dout), buf, 0); /* XXX flush */
+
+ fclose(dout);
+ }
+ data = -1;
+ pdata = -1;
+ if (freeglob) {
+ freeglob = 0;
+ globfree(&gl);
+ }
+}
+
+
+int
+find(char *pattern)
+{
+ char line[1024];
+ FILE *f;
+
+ snprintf(line, sizeof(line),
+ "/bin/locate -d %s -- %s",
+ ftp_rooted("/etc/locatedb"),
+ pattern);
+ f = ftpd_popen(line, "r", 1, 1);
+ if(f == NULL){
+ perror_reply(550, "/bin/locate");
+ return 1;
+ }
+ lreply(200, "Output from find.");
+ while(fgets(line, sizeof(line), f)){
+ if(line[strlen(line)-1] == '\n')
+ line[strlen(line)-1] = 0;
+ nreply("%s", line);
+ }
+ reply(200, "Done");
+ ftpd_pclose(f);
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpd_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ftpd_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __ftpd_locl_h__
+#define __ftpd_locl_h__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+/*
+ * FTP server.
+ */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+
+#include <arpa/ftp.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <glob.h>
+#include <limits.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <time.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#include <fnmatch.h>
+
+#ifdef HAVE_BSD_BSD_H
+#include <bsd/bsd.h>
+#endif
+
+#include <err.h>
+#include "roken.h"
+
+#include "pathnames.h"
+#include "extern.h"
+#include "common.h"
+
+#include "security.h"
+
+#ifdef KRB5
+#include <krb5.h>
+#endif /* KRB5 */
+
+#ifdef KRB4
+#include <krb.h>
+#endif
+
+#if defined(KRB4) || defined(KRB5)
+#include <kafs.h>
+#endif
+
+#ifdef OTP
+#include <otp.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+extern int LIBPREFIX(fclose) (FILE *);
+#endif
+
+/* SunOS doesn't have any declaration of fclose */
+
+int fclose(FILE *stream);
+
+int yyparse(void);
+
+#ifndef LOG_FTP
+#define LOG_FTP LOG_DAEMON
+#endif
+
+#endif /* __ftpd_locl_h__ */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpusers.5
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpusers.5 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ftpusers.5 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,37 @@
+.\" $Id: ftpusers.5,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 7, 1997
+.Dt FTPUSERS 5
+.Os KTH-KRB
+.Sh NAME
+.Pa /etc/ftpusers
+.Nd FTP access list file
+.Sh DESCRIPTION
+.Pa /etc/ftpusers
+contains a list of users that should be allowed or denied FTP
+access. Each line contains a user, optionally followed by
+.Dq allow
+(anything but
+.Dq allow
+is ignored). The semi-user
+.Dq *
+matches any user. Users that has an explicit
+.Dq allow ,
+or that does not match any line, are allowed access. Anyone else is
+denied access.
+.Pp
+Note that this is compatible with the old format, where this file
+contained a list of users that should be denied access.
+.Sh EXAMPLES
+This will deny anyone but
+.Dq foo
+and
+.Dq bar
+to use FTP:
+.Bd -literal
+foo allow
+bar allow
+*
+.Ed
+.Sh SEE ALSO
+.Xr ftpd 8
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/gss_userok.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/gss_userok.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/gss_userok.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftpd_locl.h"
+#include <gssapi.h>
+#include <krb5.h>
+
+RCSID("$Id: gss_userok.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+/* XXX a bit too much of krb5 dependency here...
+ What is the correct way to do this?
+ */
+
+struct gss_krb5_data {
+ krb5_context context;
+};
+
+/* XXX sync with gssapi.c */
+struct gss_data {
+ gss_ctx_id_t context_hdl;
+ char *client_name;
+ gss_cred_id_t delegated_cred_handle;
+ void *mech_data;
+};
+
+int gss_userok(void*, char*); /* to keep gcc happy */
+int gss_session(void*, char*); /* to keep gcc happy */
+
+int
+gss_userok(void *app_data, char *username)
+{
+ struct gss_data *data = app_data;
+ krb5_error_code ret;
+ krb5_principal client;
+ struct gss_krb5_data *kdata;
+
+ kdata = calloc(1, sizeof(struct gss_krb5_data));
+ if (kdata == NULL)
+ return 1;
+ data->mech_data = kdata;
+
+ ret = krb5_init_context(&(kdata->context));
+ if (ret) {
+ free(kdata);
+ return 1;
+ }
+
+ ret = krb5_parse_name(kdata->context, data->client_name, &client);
+ if(ret) {
+ krb5_free_context(kdata->context);
+ free(kdata);
+ return 1;
+ }
+ ret = krb5_kuserok(kdata->context, client, username);
+ if (!ret) {
+ krb5_free_principal(kdata->context, client);
+ krb5_free_context(kdata->context);
+ free(kdata);
+ return 1;
+ }
+
+ ret = 0;
+ krb5_free_principal(kdata->context, client);
+ return ret;
+}
+
+int
+gss_session(void *app_data, char *username)
+{
+ struct gss_data *data = app_data;
+ krb5_error_code ret;
+ OM_uint32 minor_status;
+ struct gss_krb5_data *kdata;
+
+ ret = 0;
+
+ kdata = (struct gss_krb5_data *)(data->mech_data);
+
+ /* more of krb-depend stuff :-( */
+ /* gss_add_cred() ? */
+ if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+ krb5_ccache ccache = NULL;
+ const char* ticketfile;
+ struct passwd *kpw;
+
+ ret = krb5_cc_gen_new(kdata->context, &krb5_fcc_ops, &ccache);
+ if (ret)
+ goto fail;
+
+ ticketfile = krb5_cc_get_name(kdata->context, ccache);
+
+ ret = gss_krb5_copy_ccache(&minor_status,
+ data->delegated_cred_handle,
+ ccache);
+ if (ret) {
+ ret = 0;
+ goto fail;
+ }
+
+ do_destroy_tickets = 1;
+
+ kpw = getpwnam(username);
+
+ if (kpw == NULL) {
+ unlink(ticketfile);
+ ret = 1;
+ goto fail;
+ }
+
+ chown (ticketfile, kpw->pw_uid, kpw->pw_gid);
+
+ if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) {
+ esetenv ("KRB5CCNAME", k5ccname, 1);
+ }
+ afslog(NULL, 1);
+ fail:
+ if (ccache)
+ krb5_cc_close(kdata->context, ccache);
+ }
+
+ gss_release_cred(&minor_status, &data->delegated_cred_handle);
+ krb5_free_context(kdata->context);
+ free(kdata);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/gssapi.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/gssapi.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/gssapi.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,528 @@
+/*
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <gssapi.h>
+#include <krb5_err.h>
+
+RCSID("$Id: gssapi.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+int ftp_do_gss_bindings = 0;
+int ftp_do_gss_delegate = 1;
+
+struct gss_data {
+ gss_ctx_id_t context_hdl;
+ char *client_name;
+ gss_cred_id_t delegated_cred_handle;
+ void *mech_data;
+};
+
+static int
+gss_init(void *app_data)
+{
+ struct gss_data *d = app_data;
+ d->context_hdl = GSS_C_NO_CONTEXT;
+ d->delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+#if defined(FTP_SERVER)
+ return 0;
+#else
+ /* XXX Check the gss mechanism; with gss_indicate_mechs() ? */
+#ifdef KRB5
+ return !use_kerberos;
+#else
+ return 0;
+#endif /* KRB5 */
+#endif /* FTP_SERVER */
+}
+
+static int
+gss_check_prot(void *app_data, int level)
+{
+ if(level == prot_confidential)
+ return -1;
+ return 0;
+}
+
+static int
+gss_decode(void *app_data, void *buf, int len, int level)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input, output;
+ gss_qop_t qop_state;
+ int conf_state;
+ struct gss_data *d = app_data;
+ size_t ret_len;
+
+ input.length = len;
+ input.value = buf;
+ maj_stat = gss_unwrap (&min_stat,
+ d->context_hdl,
+ &input,
+ &output,
+ &conf_state,
+ &qop_state);
+ if(GSS_ERROR(maj_stat))
+ return -1;
+ memmove(buf, output.value, output.length);
+ ret_len = output.length;
+ gss_release_buffer(&min_stat, &output);
+ return ret_len;
+}
+
+static int
+gss_overhead(void *app_data, int level, int len)
+{
+ return 100; /* dunno? */
+}
+
+
+static int
+gss_encode(void *app_data, void *from, int length, int level, void **to)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input, output;
+ int conf_state;
+ struct gss_data *d = app_data;
+
+ input.length = length;
+ input.value = from;
+ maj_stat = gss_wrap (&min_stat,
+ d->context_hdl,
+ level == prot_private,
+ GSS_C_QOP_DEFAULT,
+ &input,
+ &conf_state,
+ &output);
+ *to = output.value;
+ return output.length;
+}
+
+static void
+sockaddr_to_gss_address (struct sockaddr *sa,
+ OM_uint32 *addr_type,
+ gss_buffer_desc *gss_addr)
+{
+ switch (sa->sa_family) {
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+ gss_addr->length = 16;
+ gss_addr->value = &sin6->sin6_addr;
+ *addr_type = GSS_C_AF_INET6;
+ break;
+ }
+#endif
+ case AF_INET : {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+
+ gss_addr->length = 4;
+ gss_addr->value = &sin4->sin_addr;
+ *addr_type = GSS_C_AF_INET;
+ break;
+ }
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+
+ }
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+static int
+gss_adat(void *app_data, void *buf, size_t len)
+{
+ char *p = NULL;
+ gss_buffer_desc input_token, output_token;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t client_name;
+ struct gss_data *d = app_data;
+ gss_channel_bindings_t bindings;
+
+ if (ftp_do_gss_bindings) {
+ bindings = malloc(sizeof(*bindings));
+ if (bindings == NULL)
+ errx(1, "out of memory");
+
+ sockaddr_to_gss_address (his_addr,
+ &bindings->initiator_addrtype,
+ &bindings->initiator_address);
+ sockaddr_to_gss_address (ctrl_addr,
+ &bindings->acceptor_addrtype,
+ &bindings->acceptor_address);
+
+ bindings->application_data.length = 0;
+ bindings->application_data.value = NULL;
+ } else
+ bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+ input_token.value = buf;
+ input_token.length = len;
+
+ maj_stat = gss_accept_sec_context (&min_stat,
+ &d->context_hdl,
+ GSS_C_NO_CREDENTIAL,
+ &input_token,
+ bindings,
+ &client_name,
+ NULL,
+ &output_token,
+ NULL,
+ NULL,
+ &d->delegated_cred_handle);
+
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+
+ if(output_token.length) {
+ if(base64_encode(output_token.value, output_token.length, &p) < 0) {
+ reply(535, "Out of memory base64-encoding.");
+ return -1;
+ }
+ gss_release_buffer(&min_stat, &output_token);
+ }
+ if(maj_stat == GSS_S_COMPLETE){
+ char *name;
+ gss_buffer_desc export_name;
+ gss_OID oid;
+
+ maj_stat = gss_display_name(&min_stat, client_name,
+ &export_name, &oid);
+ if(maj_stat != 0) {
+ reply(500, "Error displaying name");
+ goto out;
+ }
+ /* XXX kerberos */
+ if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
+ reply(500, "OID not kerberos principal name");
+ gss_release_buffer(&min_stat, &export_name);
+ goto out;
+ }
+ name = malloc(export_name.length + 1);
+ if(name == NULL) {
+ reply(500, "Out of memory");
+ gss_release_buffer(&min_stat, &export_name);
+ goto out;
+ }
+ memcpy(name, export_name.value, export_name.length);
+ name[export_name.length] = '\0';
+ gss_release_buffer(&min_stat, &export_name);
+ d->client_name = name;
+ if(p)
+ reply(235, "ADAT=%s", p);
+ else
+ reply(235, "ADAT Complete");
+ sec_complete = 1;
+
+ } else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
+ if(p)
+ reply(335, "ADAT=%s", p);
+ else
+ reply(335, "OK, need more data");
+ } else {
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ gss_display_status(&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ syslog(LOG_ERR, "gss_accept_sec_context: %s",
+ (char*)status_string.value);
+ gss_release_buffer(&new_stat, &status_string);
+ reply(431, "Security resource unavailable");
+ }
+ out:
+ if (client_name)
+ gss_release_name(&min_stat, &client_name);
+ free(p);
+ return 0;
+}
+
+int gss_userok(void*, char*);
+int gss_session(void*, char*);
+
+struct sec_server_mech gss_server_mech = {
+ "GSSAPI",
+ sizeof(struct gss_data),
+ gss_init, /* init */
+ NULL, /* end */
+ gss_check_prot,
+ gss_overhead,
+ gss_encode,
+ gss_decode,
+ /* */
+ NULL,
+ gss_adat,
+ NULL, /* pbsz */
+ NULL, /* ccc */
+ gss_userok,
+ gss_session
+};
+
+#else /* FTP_SERVER */
+
+extern struct sockaddr *hisctladdr, *myctladdr;
+
+static int
+import_name(const char *kname, const char *host, gss_name_t *target_name)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc name;
+ char *str;
+
+ name.length = asprintf(&str, "%s@%s", kname, host);
+ if (str == NULL) {
+ printf("Out of memory\n");
+ return AUTH_ERROR;
+ }
+ name.value = str;
+
+ maj_stat = gss_import_name(&min_stat,
+ &name,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ target_name);
+ if (GSS_ERROR(maj_stat)) {
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+
+ gss_display_status(&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ printf("Error importing name %s: %s\n",
+ (char *)name.value,
+ (char *)status_string.value);
+ free(name.value);
+ gss_release_buffer(&new_stat, &status_string);
+ return AUTH_ERROR;
+ }
+ free(name.value);
+ return 0;
+}
+
+static int
+gss_auth(void *app_data, char *host)
+{
+
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t target_name;
+ gss_buffer_desc input, output_token;
+ int context_established = 0;
+ char *p;
+ int n;
+ gss_channel_bindings_t bindings;
+ struct gss_data *d = app_data;
+ OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG;
+
+ const char *knames[] = { "ftp", "host", NULL }, **kname = knames;
+
+
+ if(import_name(*kname++, host, &target_name))
+ return AUTH_ERROR;
+
+ input.length = 0;
+ input.value = NULL;
+
+ if (ftp_do_gss_bindings) {
+ bindings = malloc(sizeof(*bindings));
+ if (bindings == NULL)
+ errx(1, "out of memory");
+
+ sockaddr_to_gss_address (myctladdr,
+ &bindings->initiator_addrtype,
+ &bindings->initiator_address);
+ sockaddr_to_gss_address (hisctladdr,
+ &bindings->acceptor_addrtype,
+ &bindings->acceptor_address);
+
+ bindings->application_data.length = 0;
+ bindings->application_data.value = NULL;
+ } else
+ bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+ if (ftp_do_gss_delegate)
+ mech_flags |= GSS_C_DELEG_FLAG;
+
+ while(!context_established) {
+ maj_stat = gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &d->context_hdl,
+ target_name,
+ GSS_C_NO_OID,
+ mech_flags,
+ 0,
+ bindings,
+ &input,
+ NULL,
+ &output_token,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat)) {
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+
+ d->context_hdl = GSS_C_NO_CONTEXT;
+
+ gss_release_name(&min_stat, &target_name);
+
+ if(*kname != NULL) {
+
+ if(import_name(*kname++, host, &target_name)) {
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ return AUTH_ERROR;
+ }
+ continue;
+ }
+
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+
+ gss_display_status(&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ printf("Error initializing security context: %s\n",
+ (char*)status_string.value);
+ gss_release_buffer(&new_stat, &status_string);
+ return AUTH_CONTINUE;
+ }
+
+ if (input.value) {
+ free(input.value);
+ input.value = NULL;
+ input.length = 0;
+ }
+ if (output_token.length != 0) {
+ base64_encode(output_token.value, output_token.length, &p);
+ gss_release_buffer(&min_stat, &output_token);
+ n = command("ADAT %s", p);
+ free(p);
+ }
+ if (GSS_ERROR(maj_stat)) {
+ if (d->context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&min_stat,
+ &d->context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ }
+ if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+ p = strstr(reply_string, "ADAT=");
+ if(p == NULL){
+ printf("Error: expected ADAT in reply. got: %s\n",
+ reply_string);
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ return AUTH_ERROR;
+ } else {
+ p+=5;
+ input.value = malloc(strlen(p));
+ input.length = base64_decode(p, input.value);
+ }
+ } else {
+ if(code != 235) {
+ printf("Unrecognized response code: %d\n", code);
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ return AUTH_ERROR;
+ }
+ context_established = 1;
+ }
+ }
+
+ gss_release_name(&min_stat, &target_name);
+
+ if (bindings != GSS_C_NO_CHANNEL_BINDINGS)
+ free(bindings);
+ if (input.value)
+ free(input.value);
+
+ {
+ gss_name_t targ_name;
+
+ maj_stat = gss_inquire_context(&min_stat,
+ d->context_hdl,
+ NULL,
+ &targ_name,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat) == 0) {
+ gss_buffer_desc name;
+ maj_stat = gss_display_name (&min_stat,
+ targ_name,
+ &name,
+ NULL);
+ if (GSS_ERROR(maj_stat) == 0) {
+ printf("Authenticated to <%s>\n", (char *)name.value);
+ gss_release_buffer(&min_stat, &name);
+ }
+ gss_release_name(&min_stat, &targ_name);
+ } else
+ printf("Failed to get gss name of peer.\n");
+ }
+
+
+ return AUTH_OK;
+}
+
+struct sec_client_mech gss_client_mech = {
+ "GSSAPI",
+ sizeof(struct gss_data),
+ gss_init,
+ gss_auth,
+ NULL, /* end */
+ gss_check_prot,
+ gss_overhead,
+ gss_encode,
+ gss_decode,
+};
+
+#endif /* FTP_SERVER */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/kauth.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/kauth.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/kauth.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,360 @@
+/*
+ * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftpd_locl.h"
+
+RCSID("$Id: kauth.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+#if defined(KRB4) || defined(KRB5)
+
+int do_destroy_tickets = 1;
+char *k5ccname;
+
+#endif
+
+#ifdef KRB4
+
+static KTEXT_ST cip;
+static unsigned int lifetime;
+static time_t local_time;
+
+static krb_principal pr;
+
+static int
+save_tkt(const char *user,
+ const char *instance,
+ const char *realm,
+ const void *arg,
+ key_proc_t key_proc,
+ KTEXT *cipp)
+{
+ local_time = time(0);
+ memmove(&cip, *cipp, sizeof(cip));
+ return -1;
+}
+
+static int
+store_ticket(KTEXT cip)
+{
+ char *ptr;
+ des_cblock session;
+ krb_principal sp;
+ unsigned char kvno;
+ KTEXT_ST tkt;
+ int left = cip->length;
+ int len;
+ int kerror;
+
+ ptr = (char *) cip->dat;
+
+ /* extract session key */
+ memmove(session, ptr, 8);
+ ptr += 8;
+ left -= 8;
+
+ len = strnlen(ptr, left);
+ if (len == left)
+ return(INTK_BADPW);
+
+ /* extract server's name */
+ strlcpy(sp.name, ptr, sizeof(sp.name));
+ ptr += len + 1;
+ left -= len + 1;
+
+ len = strnlen(ptr, left);
+ if (len == left)
+ return(INTK_BADPW);
+
+ /* extract server's instance */
+ strlcpy(sp.instance, ptr, sizeof(sp.instance));
+ ptr += len + 1;
+ left -= len + 1;
+
+ len = strnlen(ptr, left);
+ if (len == left)
+ return(INTK_BADPW);
+
+ /* extract server's realm */
+ strlcpy(sp.realm, ptr, sizeof(sp.realm));
+ ptr += len + 1;
+ left -= len + 1;
+
+ if(left < 3)
+ return INTK_BADPW;
+ /* extract ticket lifetime, server key version, ticket length */
+ /* be sure to avoid sign extension on lifetime! */
+ lifetime = (unsigned char) ptr[0];
+ kvno = (unsigned char) ptr[1];
+ tkt.length = (unsigned char) ptr[2];
+ ptr += 3;
+ left -= 3;
+
+ if (tkt.length > left)
+ return(INTK_BADPW);
+
+ /* extract ticket itself */
+ memmove(tkt.dat, ptr, tkt.length);
+ ptr += tkt.length;
+ left -= tkt.length;
+
+ /* Here is where the time should be verified against the KDC.
+ * Unfortunately everything is sent in host byte order (receiver
+ * makes wrong) , and at this stage there is no way for us to know
+ * which byteorder the KDC has. So we simply ignore the time,
+ * there are no security risks with this, the only thing that can
+ * happen is that we might receive a replayed ticket, which could
+ * at most be useless.
+ */
+
+#if 0
+ /* check KDC time stamp */
+ {
+ time_t kdc_time;
+
+ memmove(&kdc_time, ptr, sizeof(kdc_time));
+ if (swap_bytes) swap_u_long(kdc_time);
+
+ ptr += 4;
+
+ if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
+ return(RD_AP_TIME); /* XXX should probably be better
+ code */
+ }
+ }
+#endif
+
+ /* initialize ticket cache */
+
+ if (tf_create(TKT_FILE) != KSUCCESS)
+ return(INTK_ERR);
+
+ if (tf_put_pname(pr.name) != KSUCCESS ||
+ tf_put_pinst(pr.instance) != KSUCCESS) {
+ tf_close();
+ return(INTK_ERR);
+ }
+
+
+ kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session,
+ lifetime, kvno, &tkt, local_time);
+ tf_close();
+
+ return(kerror);
+}
+
+void
+kauth(char *principal, char *ticket)
+{
+ char *p;
+ int ret;
+
+ if(get_command_prot() != prot_private) {
+ reply(500, "Request denied (bad protection level)");
+ return;
+ }
+ ret = krb_parse_name(principal, &pr);
+ if(ret){
+ reply(500, "Bad principal: %s.", krb_get_err_text(ret));
+ return;
+ }
+ if(pr.realm[0] == 0)
+ krb_get_lrealm(pr.realm, 1);
+
+ if(ticket){
+ cip.length = base64_decode(ticket, &cip.dat);
+ if(cip.length == -1){
+ reply(500, "Failed to decode data.");
+ return;
+ }
+ ret = store_ticket(&cip);
+ if(ret){
+ reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
+ memset(&cip, 0, sizeof(cip));
+ return;
+ }
+ do_destroy_tickets = 1;
+
+ if(k_hasafs())
+ krb_afslog(0, 0);
+ reply(200, "Tickets will be destroyed on exit.");
+ return;
+ }
+
+ ret = krb_get_in_tkt (pr.name,
+ pr.instance,
+ pr.realm,
+ KRB_TICKET_GRANTING_TICKET,
+ pr.realm,
+ DEFAULT_TKT_LIFE,
+ NULL, save_tkt, NULL);
+ if(ret != INTK_BADPW){
+ reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
+ return;
+ }
+ if(base64_encode(cip.dat, cip.length, &p) < 0) {
+ reply(500, "Out of memory while base64-encoding.");
+ return;
+ }
+ reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
+ free(p);
+ memset(&cip, 0, sizeof(cip));
+}
+
+
+static char *
+short_date(int32_t dp)
+{
+ char *cp;
+ time_t t = (time_t)dp;
+
+ if (t == (time_t)(-1L)) return "*** Never *** ";
+ cp = ctime(&t) + 4;
+ cp[15] = '\0';
+ return (cp);
+}
+
+void
+krbtkfile(const char *tkfile)
+{
+ do_destroy_tickets = 0;
+ krb_set_tkt_string(tkfile);
+ reply(200, "Using ticket file %s", tkfile);
+}
+
+#endif /* KRB4 */
+
+#ifdef KRB5
+
+static void
+dest_cc(void)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_ccache id;
+
+ ret = krb5_init_context(&context);
+ if (ret == 0) {
+ if (k5ccname)
+ ret = krb5_cc_resolve(context, k5ccname, &id);
+ else
+ ret = krb5_cc_default (context, &id);
+ if (ret)
+ krb5_free_context(context);
+ }
+ if (ret == 0) {
+ krb5_cc_destroy(context, id);
+ krb5_free_context (context);
+ }
+}
+#endif
+
+#if defined(KRB4) || defined(KRB5)
+
+/*
+ * Only destroy if we created the tickets
+ */
+
+void
+cond_kdestroy(void)
+{
+ if (do_destroy_tickets) {
+#if KRB4
+ dest_tkt();
+#endif
+#if KRB5
+ dest_cc();
+#endif
+ do_destroy_tickets = 0;
+ }
+ afsunlog();
+}
+
+void
+kdestroy(void)
+{
+#if KRB4
+ dest_tkt();
+#endif
+#if KRB5
+ dest_cc();
+#endif
+ afsunlog();
+ reply(200, "Tickets destroyed");
+}
+
+
+void
+afslog(const char *cell, int quiet)
+{
+ if(k_hasafs()) {
+#ifdef KRB5
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_ccache id;
+
+ ret = krb5_init_context(&context);
+ if (ret == 0) {
+ if (k5ccname)
+ ret = krb5_cc_resolve(context, k5ccname, &id);
+ else
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ krb5_free_context(context);
+ }
+ if (ret == 0) {
+ krb5_afslog(context, id, cell, 0);
+ krb5_cc_close (context, id);
+ krb5_free_context (context);
+ }
+#endif
+#ifdef KRB4
+ krb_afslog(cell, 0);
+#endif
+ if (!quiet)
+ reply(200, "afslog done");
+ } else {
+ if (!quiet)
+ reply(200, "no AFS present");
+ }
+}
+
+void
+afsunlog(void)
+{
+ if(k_hasafs())
+ k_unlog();
+}
+
+#else
+int ftpd_afslog_placeholder;
+#endif /* KRB4 || KRB5 */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/klist.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/klist.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/klist.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 1995 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ftpd_locl.h"
+
+#ifdef KRB5
+
+static int
+print_cred(krb5_context context, krb5_creds *cred)
+{
+ char t1[128], t2[128], *str;
+ krb5_error_code ret;
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+
+ if(cred->times.starttime)
+ krb5_format_time(context, cred->times.starttime, t1, sizeof(t1), 1);
+ else
+ krb5_format_time(context, cred->times.authtime, t1, sizeof(t1), 1);
+
+ if(cred->times.endtime > sec)
+ krb5_format_time(context, cred->times.endtime, t2, sizeof(t2), 1);
+ else
+ strlcpy(t2, ">>>Expired<<<", sizeof(t2));
+
+ ret = krb5_unparse_name (context, cred->server, &str);
+ if (ret) {
+ lreply(500, "krb5_unparse_name: %d", ret);
+ return 1;
+ }
+
+ lreply(200, "%-20s %-20s %s", t1, t2, str);
+ free(str);
+ return 0;
+}
+
+static int
+print_tickets (krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal principal)
+{
+ krb5_error_code ret;
+ krb5_cc_cursor cursor;
+ krb5_creds cred;
+ char *str;
+
+ ret = krb5_unparse_name (context, principal, &str);
+ if (ret) {
+ lreply(500, "krb5_unparse_name: %d", ret);
+ return 500;
+ }
+
+ lreply(200, "%17s: %s:%s",
+ "Credentials cache",
+ krb5_cc_get_type(context, ccache),
+ krb5_cc_get_name(context, ccache));
+ lreply(200, "%17s: %s", "Principal", str);
+ free (str);
+
+ ret = krb5_cc_start_seq_get (context, ccache, &cursor);
+ if (ret) {
+ lreply(500, "krb5_cc_start_seq_get: %d", ret);
+ return 500;
+ }
+
+ lreply(200, " Issued Expires Principal");
+
+ while ((ret = krb5_cc_next_cred (context,
+ ccache,
+ &cursor,
+ &cred)) == 0) {
+ if (print_cred(context, &cred))
+ return 500;
+ krb5_free_cred_contents (context, &cred);
+ }
+ if (ret != KRB5_CC_END) {
+ lreply(500, "krb5_cc_get_next: %d", ret);
+ return 500;
+ }
+ ret = krb5_cc_end_seq_get (context, ccache, &cursor);
+ if (ret) {
+ lreply(500, "krb5_cc_end_seq_get: %d", ret);
+ return 500;
+ }
+
+ return 200;
+}
+
+static int
+klist5(void)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_principal principal;
+ int exit_status = 200;
+
+ ret = krb5_init_context (&context);
+ if (ret) {
+ lreply(500, "krb5_init_context failed: %d", ret);
+ return 500;
+ }
+
+ if (k5ccname)
+ ret = krb5_cc_resolve(context, k5ccname, &ccache);
+ else
+ ret = krb5_cc_default (context, &ccache);
+ if (ret) {
+ lreply(500, "krb5_cc_default: %d", ret);
+ return 500;
+ }
+
+ ret = krb5_cc_get_principal (context, ccache, &principal);
+ if (ret) {
+ if(ret == ENOENT)
+ lreply(500, "No ticket file: %s",
+ krb5_cc_get_name(context, ccache));
+ else
+ lreply(500, "krb5_cc_get_principal: %d", ret);
+
+ return 500;
+ }
+ exit_status = print_tickets (context, ccache, principal);
+
+ ret = krb5_cc_close (context, ccache);
+ if (ret) {
+ lreply(500, "krb5_cc_close: %d", ret);
+ exit_status = 500;
+ }
+
+ krb5_free_principal (context, principal);
+ krb5_free_context (context);
+ return exit_status;
+}
+#endif
+
+void
+klist(void)
+{
+#if KRB5
+ int res = klist5();
+ reply(res, " ");
+#else
+ reply(500, "Command not implemented.");
+#endif
+}
+
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/krb4.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/krb4.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/krb4.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,340 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+#include <krb.h>
+
+RCSID("$Id: krb4.c,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $");
+
+#ifdef FTP_SERVER
+#define LOCAL_ADDR ctrl_addr
+#define REMOTE_ADDR his_addr
+#else
+#define LOCAL_ADDR myctladdr
+#define REMOTE_ADDR hisctladdr
+#endif
+
+extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
+
+struct krb4_data {
+ des_cblock key;
+ des_key_schedule schedule;
+ char name[ANAME_SZ];
+ char instance[INST_SZ];
+ char realm[REALM_SZ];
+};
+
+static int
+krb4_check_prot(void *app_data, int level)
+{
+ if(level == prot_confidential)
+ return -1;
+ return 0;
+}
+
+static int
+krb4_decode(void *app_data, void *buf, int len, int level)
+{
+ MSG_DAT m;
+ int e;
+ struct krb4_data *d = app_data;
+
+ if(level == prot_safe)
+ e = krb_rd_safe(buf, len, &d->key,
+ (struct sockaddr_in *)REMOTE_ADDR,
+ (struct sockaddr_in *)LOCAL_ADDR, &m);
+ else
+ e = krb_rd_priv(buf, len, d->schedule, &d->key,
+ (struct sockaddr_in *)REMOTE_ADDR,
+ (struct sockaddr_in *)LOCAL_ADDR, &m);
+ if(e){
+ syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
+ return -1;
+ }
+ memmove(buf, m.app_data, m.app_length);
+ return m.app_length;
+}
+
+static int
+krb4_overhead(void *app_data, int level, int len)
+{
+ return 31;
+}
+
+static int
+krb4_encode(void *app_data, void *from, int length, int level, void **to)
+{
+ struct krb4_data *d = app_data;
+ *to = malloc(length + 31);
+ if(level == prot_safe)
+ return krb_mk_safe(from, *to, length, &d->key,
+ (struct sockaddr_in *)LOCAL_ADDR,
+ (struct sockaddr_in *)REMOTE_ADDR);
+ else if(level == prot_private)
+ return krb_mk_priv(from, *to, length, d->schedule, &d->key,
+ (struct sockaddr_in *)LOCAL_ADDR,
+ (struct sockaddr_in *)REMOTE_ADDR);
+ else
+ return -1;
+}
+
+#ifdef FTP_SERVER
+
+static int
+krb4_adat(void *app_data, void *buf, size_t len)
+{
+ KTEXT_ST tkt;
+ AUTH_DAT auth_dat;
+ char *p;
+ int kerror;
+ uint32_t cs;
+ char msg[35]; /* size of encrypted block */
+ int tmp_len;
+ struct krb4_data *d = app_data;
+ char inst[INST_SZ];
+ struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
+
+ memcpy(tkt.dat, buf, len);
+ tkt.length = len;
+
+ k_getsockinst(0, inst, sizeof(inst));
+ kerror = krb_rd_req(&tkt, "ftp", inst,
+ his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+ if(kerror == RD_AP_UNDEC){
+ k_getsockinst(0, inst, sizeof(inst));
+ kerror = krb_rd_req(&tkt, "rcmd", inst,
+ his_addr_sin->sin_addr.s_addr, &auth_dat, "");
+ }
+
+ if(kerror){
+ reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
+ return -1;
+ }
+
+ memcpy(d->key, auth_dat.session, sizeof(d->key));
+ des_set_key(&d->key, d->schedule);
+
+ strlcpy(d->name, auth_dat.pname, sizeof(d->name));
+ strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
+ strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
+
+ cs = auth_dat.checksum + 1;
+ {
+ unsigned char tmp[4];
+ KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
+ tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
+ (struct sockaddr_in *)LOCAL_ADDR,
+ (struct sockaddr_in *)REMOTE_ADDR);
+ }
+ if(tmp_len < 0){
+ reply(535, "Error creating reply: %s.", strerror(errno));
+ return -1;
+ }
+ len = tmp_len;
+ if(base64_encode(msg, len, &p) < 0) {
+ reply(535, "Out of memory base64-encoding.");
+ return -1;
+ }
+ reply(235, "ADAT=%s", p);
+ sec_complete = 1;
+ free(p);
+ return 0;
+}
+
+static int
+krb4_userok(void *app_data, char *user)
+{
+ struct krb4_data *d = app_data;
+ return krb_kuserok(d->name, d->instance, d->realm, user);
+}
+
+struct sec_server_mech krb4_server_mech = {
+ "KERBEROS_V4",
+ sizeof(struct krb4_data),
+ NULL, /* init */
+ NULL, /* end */
+ krb4_check_prot,
+ krb4_overhead,
+ krb4_encode,
+ krb4_decode,
+ /* */
+ NULL,
+ krb4_adat,
+ NULL, /* pbsz */
+ NULL, /* ccc */
+ krb4_userok
+};
+
+#else /* FTP_SERVER */
+
+static int
+krb4_init(void *app_data)
+{
+ return !use_kerberos;
+}
+
+static int
+mk_auth(struct krb4_data *d, KTEXT adat,
+ char *service, char *host, int checksum)
+{
+ int ret;
+ CREDENTIALS cred;
+ char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
+
+ strlcpy(sname, service, sizeof(sname));
+ strlcpy(inst, krb_get_phost(host), sizeof(inst));
+ strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+ ret = krb_mk_req(adat, sname, inst, realm, checksum);
+ if(ret)
+ return ret;
+ strlcpy(sname, service, sizeof(sname));
+ strlcpy(inst, krb_get_phost(host), sizeof(inst));
+ strlcpy(realm, krb_realmofhost(host), sizeof(realm));
+ ret = krb_get_cred(sname, inst, realm, &cred);
+ memmove(&d->key, &cred.session, sizeof(des_cblock));
+ des_key_sched(&d->key, d->schedule);
+ memset(&cred, 0, sizeof(cred));
+ return ret;
+}
+
+static int
+krb4_auth(void *app_data, char *host)
+{
+ int ret;
+ char *p;
+ int len;
+ KTEXT_ST adat;
+ MSG_DAT msg_data;
+ int checksum;
+ uint32_t cs;
+ struct krb4_data *d = app_data;
+ struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR;
+ struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
+
+ checksum = getpid();
+ ret = mk_auth(d, &adat, "ftp", host, checksum);
+ if(ret == KDC_PR_UNKNOWN)
+ ret = mk_auth(d, &adat, "rcmd", host, checksum);
+ if(ret){
+ printf("%s\n", krb_get_err_text(ret));
+ return AUTH_CONTINUE;
+ }
+
+#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
+ if (krb_get_config_bool("nat_in_use")) {
+ struct in_addr natAddr;
+
+ if (krb_get_our_ip_for_realm(krb_realmofhost(host),
+ &natAddr) != KSUCCESS
+ && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
+ printf("Can't get address for realm %s\n",
+ krb_realmofhost(host));
+ else {
+ if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
+ printf("Using NAT IP address (%s) for kerberos 4\n",
+ inet_ntoa(natAddr));
+ localaddr->sin_addr = natAddr;
+
+ /*
+ * This not the best place to do this, but it
+ * is here we know that (probably) NAT is in
+ * use!
+ */
+
+ passivemode = 1;
+ printf("Setting: Passive mode on.\n");
+ }
+ }
+ }
+#endif
+
+ printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
+ printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
+
+ if(base64_encode(adat.dat, adat.length, &p) < 0) {
+ printf("Out of memory base64-encoding.\n");
+ return AUTH_CONTINUE;
+ }
+ ret = command("ADAT %s", p);
+ free(p);
+
+ if(ret != COMPLETE){
+ printf("Server didn't accept auth data.\n");
+ return AUTH_ERROR;
+ }
+
+ p = strstr(reply_string, "ADAT=");
+ if(!p){
+ printf("Remote host didn't send adat reply.\n");
+ return AUTH_ERROR;
+ }
+ p += 5;
+ len = base64_decode(p, adat.dat);
+ if(len < 0){
+ printf("Failed to decode base64 from server.\n");
+ return AUTH_ERROR;
+ }
+ adat.length = len;
+ ret = krb_rd_safe(adat.dat, adat.length, &d->key,
+ (struct sockaddr_in *)hisctladdr,
+ (struct sockaddr_in *)myctladdr, &msg_data);
+ if(ret){
+ printf("Error reading reply from server: %s.\n",
+ krb_get_err_text(ret));
+ return AUTH_ERROR;
+ }
+ krb_get_int(msg_data.app_data, &cs, 4, 0);
+ if(cs - checksum != 1){
+ printf("Bad checksum returned from server.\n");
+ return AUTH_ERROR;
+ }
+ return AUTH_OK;
+}
+
+struct sec_client_mech krb4_client_mech = {
+ "KERBEROS_V4",
+ sizeof(struct krb4_data),
+ krb4_init, /* init */
+ krb4_auth,
+ NULL, /* end */
+ krb4_check_prot,
+ krb4_overhead,
+ krb4_encode,
+ krb4_decode
+};
+
+#endif /* FTP_SERVER */
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/logwtmp.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/logwtmp.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/logwtmp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: logwtmp.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#include <roken.h>
+#include "extern.h"
+
+#ifndef WTMP_FILE
+#ifdef _PATH_WTMP
+#define WTMP_FILE _PATH_WTMP
+#else
+#define WTMP_FILE "/var/adm/wtmp"
+#endif
+#endif
+
+void
+ftpd_logwtmp(char *line, char *name, char *host)
+{
+ static int init = 0;
+ static int fd;
+#ifdef WTMPX_FILE
+ static int fdx;
+#endif
+ struct utmp ut;
+#ifdef WTMPX_FILE
+ struct utmpx utx;
+#endif
+
+ memset(&ut, 0, sizeof(struct utmp));
+#ifdef HAVE_STRUCT_UTMP_UT_TYPE
+ if(name[0])
+ ut.ut_type = USER_PROCESS;
+ else
+ ut.ut_type = DEAD_PROCESS;
+#endif
+ strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+ strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_PID
+ ut.ut_pid = getpid();
+#endif
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+ strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+#endif
+ ut.ut_time = time(NULL);
+
+#ifdef WTMPX_FILE
+ strncpy(utx.ut_line, line, sizeof(utx.ut_line));
+ strncpy(utx.ut_user, name, sizeof(utx.ut_user));
+ strncpy(utx.ut_host, host, sizeof(utx.ut_host));
+#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
+ utx.ut_syslen = strlen(host) + 1;
+ if (utx.ut_syslen > sizeof(utx.ut_host))
+ utx.ut_syslen = sizeof(utx.ut_host);
+#endif
+ {
+ struct timeval tv;
+
+ gettimeofday (&tv, 0);
+ utx.ut_tv.tv_sec = tv.tv_sec;
+ utx.ut_tv.tv_usec = tv.tv_usec;
+ }
+
+ if(name[0])
+ utx.ut_type = USER_PROCESS;
+ else
+ utx.ut_type = DEAD_PROCESS;
+#endif
+
+ if(!init){
+ fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
+#ifdef WTMPX_FILE
+ fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
+#endif
+ init = 1;
+ }
+ if(fd >= 0) {
+ write(fd, &ut, sizeof(struct utmp)); /* XXX */
+#ifdef WTMPX_FILE
+ write(fdx, &utx, sizeof(struct utmpx));
+#endif
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/ls.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/ls.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/ls.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,891 @@
+/*
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifndef TEST
+#include "ftpd_locl.h"
+
+RCSID("$Id: ls.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#else
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+
+#define sec_fprintf2 fprintf
+#define sec_fflush fflush
+static void list_files(FILE *out, const char **files, int n_files, int flags);
+static int parse_flags(const char *options);
+
+int
+main(int argc, char **argv)
+{
+ int i = 1;
+ int flags;
+ if(argc > 1 && argv[1][0] == '-') {
+ flags = parse_flags(argv[1]);
+ i = 2;
+ } else
+ flags = parse_flags(NULL);
+
+ list_files(stdout, (const char **)argv + i, argc - i, flags);
+ return 0;
+}
+#endif
+
+struct fileinfo {
+ struct stat st;
+ int inode;
+ int bsize;
+ char mode[11];
+ int n_link;
+ char *user;
+ char *group;
+ char *size;
+ char *major;
+ char *minor;
+ char *date;
+ char *filename;
+ char *link;
+};
+
+static void
+free_fileinfo(struct fileinfo *f)
+{
+ free(f->user);
+ free(f->group);
+ free(f->size);
+ free(f->major);
+ free(f->minor);
+ free(f->date);
+ free(f->filename);
+ free(f->link);
+}
+
+#define LS_DIRS (1 << 0)
+#define LS_IGNORE_DOT (1 << 1)
+#define LS_SORT_MODE (3 << 2)
+#define SORT_MODE(f) ((f) & LS_SORT_MODE)
+#define LS_SORT_NAME (1 << 2)
+#define LS_SORT_MTIME (2 << 2)
+#define LS_SORT_SIZE (3 << 2)
+#define LS_SORT_REVERSE (1 << 4)
+
+#define LS_SIZE (1 << 5)
+#define LS_INODE (1 << 6)
+#define LS_TYPE (1 << 7)
+#define LS_DISP_MODE (3 << 8)
+#define DISP_MODE(f) ((f) & LS_DISP_MODE)
+#define LS_DISP_LONG (1 << 8)
+#define LS_DISP_COLUMN (2 << 8)
+#define LS_DISP_CROSS (3 << 8)
+#define LS_SHOW_ALL (1 << 10)
+#define LS_RECURSIVE (1 << 11)
+#define LS_EXTRA_BLANK (1 << 12)
+#define LS_SHOW_DIRNAME (1 << 13)
+#define LS_DIR_FLAG (1 << 14) /* these files come via list_dir */
+
+#ifndef S_ISTXT
+#define S_ISTXT S_ISVTX
+#endif
+
+#if !defined(_S_IFMT) && defined(S_IFMT)
+#define _S_IFMT S_IFMT
+#endif
+
+#ifndef S_ISSOCK
+#define S_ISSOCK(mode) (((mode) & _S_IFMT) == S_IFSOCK)
+#endif
+
+#ifndef S_ISLNK
+#define S_ISLNK(mode) (((mode) & _S_IFMT) == S_IFLNK)
+#endif
+
+static size_t
+block_convert(size_t blocks)
+{
+#ifdef S_BLKSIZE
+ return blocks * S_BLKSIZE / 1024;
+#else
+ return blocks * 512 / 1024;
+#endif
+}
+
+static int
+make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
+{
+ char buf[128];
+ int file_type = 0;
+ struct stat *st = &file->st;
+
+ file->inode = st->st_ino;
+ file->bsize = block_convert(st->st_blocks);
+
+ if(S_ISDIR(st->st_mode)) {
+ file->mode[0] = 'd';
+ file_type = '/';
+ }
+ else if(S_ISCHR(st->st_mode))
+ file->mode[0] = 'c';
+ else if(S_ISBLK(st->st_mode))
+ file->mode[0] = 'b';
+ else if(S_ISREG(st->st_mode)) {
+ file->mode[0] = '-';
+ if(st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
+ file_type = '*';
+ }
+ else if(S_ISFIFO(st->st_mode)) {
+ file->mode[0] = 'p';
+ file_type = '|';
+ }
+ else if(S_ISLNK(st->st_mode)) {
+ file->mode[0] = 'l';
+ file_type = '@';
+ }
+ else if(S_ISSOCK(st->st_mode)) {
+ file->mode[0] = 's';
+ file_type = '=';
+ }
+#ifdef S_ISWHT
+ else if(S_ISWHT(st->st_mode)) {
+ file->mode[0] = 'w';
+ file_type = '%';
+ }
+#endif
+ else
+ file->mode[0] = '?';
+ {
+ char *x[] = { "---", "--x", "-w-", "-wx",
+ "r--", "r-x", "rw-", "rwx" };
+ strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]);
+ strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]);
+ strcpy(file->mode + 7, x[(st->st_mode & S_IRWXO) >> 0]);
+ if((st->st_mode & S_ISUID)) {
+ if((st->st_mode & S_IXUSR))
+ file->mode[3] = 's';
+ else
+ file->mode[3] = 'S';
+ }
+ if((st->st_mode & S_ISGID)) {
+ if((st->st_mode & S_IXGRP))
+ file->mode[6] = 's';
+ else
+ file->mode[6] = 'S';
+ }
+ if((st->st_mode & S_ISTXT)) {
+ if((st->st_mode & S_IXOTH))
+ file->mode[9] = 't';
+ else
+ file->mode[9] = 'T';
+ }
+ }
+ file->n_link = st->st_nlink;
+ {
+ struct passwd *pwd;
+ pwd = getpwuid(st->st_uid);
+ if(pwd == NULL) {
+ if (asprintf(&file->user, "%u", (unsigned)st->st_uid) == -1)
+ file->user = NULL;
+ } else
+ file->user = strdup(pwd->pw_name);
+ if (file->user == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ }
+ {
+ struct group *grp;
+ grp = getgrgid(st->st_gid);
+ if(grp == NULL) {
+ if (asprintf(&file->group, "%u", (unsigned)st->st_gid) == -1)
+ file->group = NULL;
+ } else
+ file->group = strdup(grp->gr_name);
+ if (file->group == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ }
+
+ if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
+#if defined(major) && defined(minor)
+ if (asprintf(&file->major, "%u", (unsigned)major(st->st_rdev)) == -1)
+ file->major = NULL;
+ if (asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev)) == -1)
+ file->minor = NULL;
+#else
+ /* Don't want to use the DDI/DKI crap. */
+ if (asprintf(&file->major, "%u", (unsigned)st->st_rdev) == -1)
+ file->major = NULL;
+ if (asprintf(&file->minor, "%u", 0) == -1)
+ file->minor = NULL;
+#endif
+ if (file->major == NULL || file->minor == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ } else {
+ if (asprintf(&file->size, "%lu", (unsigned long)st->st_size) == -1)
+ file->size = NULL;
+ }
+
+ {
+ time_t t = time(NULL);
+ time_t mtime = st->st_mtime;
+ struct tm *tm = localtime(&mtime);
+ if((t - mtime > 6*30*24*60*60) ||
+ (mtime - t > 6*30*24*60*60))
+ strftime(buf, sizeof(buf), "%b %e %Y", tm);
+ else
+ strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
+ file->date = strdup(buf);
+ if (file->date == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ }
+ {
+ const char *p = strrchr(filename, '/');
+ if(p)
+ p++;
+ else
+ p = filename;
+ if((flags & LS_TYPE) && file_type != 0) {
+ if (asprintf(&file->filename, "%s%c", p, file_type) == -1)
+ file->filename = NULL;
+ } else
+ file->filename = strdup(p);
+ if (file->filename == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ }
+ if(S_ISLNK(st->st_mode)) {
+ int n;
+ n = readlink((char *)filename, buf, sizeof(buf) - 1);
+ if(n >= 0) {
+ buf[n] = '\0';
+ file->link = strdup(buf);
+ if (file->link == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ } else
+ sec_fprintf2(out, "readlink(%s): %s", filename, strerror(errno));
+ }
+ return 0;
+}
+
+static void
+print_file(FILE *out,
+ int flags,
+ struct fileinfo *f,
+ int max_inode,
+ int max_bsize,
+ int max_n_link,
+ int max_user,
+ int max_group,
+ int max_size,
+ int max_major,
+ int max_minor,
+ int max_date)
+{
+ if(f->filename == NULL)
+ return;
+
+ if(flags & LS_INODE) {
+ sec_fprintf2(out, "%*d", max_inode, f->inode);
+ sec_fprintf2(out, " ");
+ }
+ if(flags & LS_SIZE) {
+ sec_fprintf2(out, "%*d", max_bsize, f->bsize);
+ sec_fprintf2(out, " ");
+ }
+ sec_fprintf2(out, "%s", f->mode);
+ sec_fprintf2(out, " ");
+ sec_fprintf2(out, "%*d", max_n_link, f->n_link);
+ sec_fprintf2(out, " ");
+ sec_fprintf2(out, "%-*s", max_user, f->user);
+ sec_fprintf2(out, " ");
+ sec_fprintf2(out, "%-*s", max_group, f->group);
+ sec_fprintf2(out, " ");
+ if(f->major != NULL && f->minor != NULL)
+ sec_fprintf2(out, "%*s, %*s", max_major, f->major, max_minor, f->minor);
+ else
+ sec_fprintf2(out, "%*s", max_size, f->size);
+ sec_fprintf2(out, " ");
+ sec_fprintf2(out, "%*s", max_date, f->date);
+ sec_fprintf2(out, " ");
+ sec_fprintf2(out, "%s", f->filename);
+ if(f->link)
+ sec_fprintf2(out, " -> %s", f->link);
+ sec_fprintf2(out, "\r\n");
+}
+
+static int
+compare_filename(struct fileinfo *a, struct fileinfo *b)
+{
+ if(a->filename == NULL)
+ return 1;
+ if(b->filename == NULL)
+ return -1;
+ return strcmp(a->filename, b->filename);
+}
+
+static int
+compare_mtime(struct fileinfo *a, struct fileinfo *b)
+{
+ if(a->filename == NULL)
+ return 1;
+ if(b->filename == NULL)
+ return -1;
+ return b->st.st_mtime - a->st.st_mtime;
+}
+
+static int
+compare_size(struct fileinfo *a, struct fileinfo *b)
+{
+ if(a->filename == NULL)
+ return 1;
+ if(b->filename == NULL)
+ return -1;
+ return b->st.st_size - a->st.st_size;
+}
+
+static int list_dir(FILE*, const char*, int);
+
+static int
+find_log10(int num)
+{
+ int i = 1;
+ while(num > 10) {
+ i++;
+ num /= 10;
+ }
+ return i;
+}
+
+/*
+ * Operate as lstat but fake up entries for AFS mount points so we don't
+ * have to fetch them.
+ */
+
+#ifdef KRB4
+static int do_the_afs_dance = 1;
+#endif
+
+static int
+lstat_file (const char *file, struct stat *sb)
+{
+#ifdef KRB4
+ if (do_the_afs_dance &&
+ k_hasafs()
+ && strcmp(file, ".")
+ && strcmp(file, "..")
+ && strcmp(file, "/"))
+ {
+ struct ViceIoctl a_params;
+ char *dir, *last;
+ char *path_bkp;
+ static ino_t ino_counter = 0, ino_last = 0;
+ int ret;
+ const int maxsize = 2048;
+
+ path_bkp = strdup (file);
+ if (path_bkp == NULL)
+ return -1;
+
+ a_params.out = malloc (maxsize);
+ if (a_params.out == NULL) {
+ free (path_bkp);
+ return -1;
+ }
+
+ /* If path contains more than the filename alone - split it */
+
+ last = strrchr (path_bkp, '/');
+ if (last != NULL) {
+ if(last[1] == '\0')
+ /* if path ended in /, replace with `.' */
+ a_params.in = ".";
+ else
+ a_params.in = last + 1;
+ while(last > path_bkp && *--last == '/');
+ if(*last != '/' || last != path_bkp) {
+ *++last = '\0';
+ dir = path_bkp;
+ } else
+ /* we got to the start, so this must be the root dir */
+ dir = "/";
+ } else {
+ /* file is relative to cdir */
+ dir = ".";
+ a_params.in = path_bkp;
+ }
+
+ a_params.in_size = strlen (a_params.in) + 1;
+ a_params.out_size = maxsize;
+
+ ret = k_pioctl (dir, VIOC_AFS_STAT_MT_PT, &a_params, 0);
+ free (a_params.out);
+ if (ret < 0) {
+ free (path_bkp);
+
+ if (errno != EINVAL)
+ return ret;
+ else
+ /* if we get EINVAL this is probably not a mountpoint */
+ return lstat (file, sb);
+ }
+
+ /*
+ * wow this was a mountpoint, lets cook the struct stat
+ * use . as a prototype
+ */
+
+ ret = lstat (dir, sb);
+ free (path_bkp);
+ if (ret < 0)
+ return ret;
+
+ if (ino_last == sb->st_ino)
+ ino_counter++;
+ else {
+ ino_last = sb->st_ino;
+ ino_counter = 0;
+ }
+ sb->st_ino += ino_counter;
+ sb->st_nlink = 3;
+
+ return 0;
+ }
+#endif /* KRB4 */
+ return lstat (file, sb);
+}
+
+#define IS_DOT_DOTDOT(X) ((X)[0] == '.' && ((X)[1] == '\0' || \
+ ((X)[1] == '.' && (X)[2] == '\0')))
+
+static int
+list_files(FILE *out, const char **files, int n_files, int flags)
+{
+ struct fileinfo *fi;
+ int i;
+ int *dirs = NULL;
+ size_t total_blocks = 0;
+ int n_print = 0;
+ int ret = 0;
+
+ if(n_files == 0)
+ return 0;
+
+ if(n_files > 1)
+ flags |= LS_SHOW_DIRNAME;
+
+ fi = calloc(n_files, sizeof(*fi));
+ if (fi == NULL) {
+ syslog(LOG_ERR, "out of memory");
+ return -1;
+ }
+ for(i = 0; i < n_files; i++) {
+ if(lstat_file(files[i], &fi[i].st) < 0) {
+ sec_fprintf2(out, "%s: %s\r\n", files[i], strerror(errno));
+ fi[i].filename = NULL;
+ } else {
+ int include_in_list = 1;
+ total_blocks += block_convert(fi[i].st.st_blocks);
+ if(S_ISDIR(fi[i].st.st_mode)) {
+ if(dirs == NULL)
+ dirs = calloc(n_files, sizeof(*dirs));
+ if(dirs == NULL) {
+ syslog(LOG_ERR, "%s: %m", files[i]);
+ ret = -1;
+ goto out;
+ }
+ dirs[i] = 1;
+ if((flags & LS_DIRS) == 0)
+ include_in_list = 0;
+ }
+ if(include_in_list) {
+ ret = make_fileinfo(out, files[i], &fi[i], flags);
+ if (ret)
+ goto out;
+ n_print++;
+ }
+ }
+ }
+ switch(SORT_MODE(flags)) {
+ case LS_SORT_NAME:
+ qsort(fi, n_files, sizeof(*fi),
+ (int (*)(const void*, const void*))compare_filename);
+ break;
+ case LS_SORT_MTIME:
+ qsort(fi, n_files, sizeof(*fi),
+ (int (*)(const void*, const void*))compare_mtime);
+ break;
+ case LS_SORT_SIZE:
+ qsort(fi, n_files, sizeof(*fi),
+ (int (*)(const void*, const void*))compare_size);
+ break;
+ }
+ if(DISP_MODE(flags) == LS_DISP_LONG) {
+ int max_inode = 0;
+ int max_bsize = 0;
+ int max_n_link = 0;
+ int max_user = 0;
+ int max_group = 0;
+ int max_size = 0;
+ int max_major = 0;
+ int max_minor = 0;
+ int max_date = 0;
+ for(i = 0; i < n_files; i++) {
+ if(fi[i].filename == NULL)
+ continue;
+ if(fi[i].inode > max_inode)
+ max_inode = fi[i].inode;
+ if(fi[i].bsize > max_bsize)
+ max_bsize = fi[i].bsize;
+ if(fi[i].n_link > max_n_link)
+ max_n_link = fi[i].n_link;
+ if(strlen(fi[i].user) > max_user)
+ max_user = strlen(fi[i].user);
+ if(strlen(fi[i].group) > max_group)
+ max_group = strlen(fi[i].group);
+ if(fi[i].major != NULL && strlen(fi[i].major) > max_major)
+ max_major = strlen(fi[i].major);
+ if(fi[i].minor != NULL && strlen(fi[i].minor) > max_minor)
+ max_minor = strlen(fi[i].minor);
+ if(fi[i].size != NULL && strlen(fi[i].size) > max_size)
+ max_size = strlen(fi[i].size);
+ if(strlen(fi[i].date) > max_date)
+ max_date = strlen(fi[i].date);
+ }
+ if(max_size < max_major + max_minor + 2)
+ max_size = max_major + max_minor + 2;
+ else if(max_size - max_minor - 2 > max_major)
+ max_major = max_size - max_minor - 2;
+ max_inode = find_log10(max_inode);
+ max_bsize = find_log10(max_bsize);
+ max_n_link = find_log10(max_n_link);
+
+ if(n_print > 0)
+ sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks);
+ if(flags & LS_SORT_REVERSE)
+ for(i = n_files - 1; i >= 0; i--)
+ print_file(out,
+ flags,
+ &fi[i],
+ max_inode,
+ max_bsize,
+ max_n_link,
+ max_user,
+ max_group,
+ max_size,
+ max_major,
+ max_minor,
+ max_date);
+ else
+ for(i = 0; i < n_files; i++)
+ print_file(out,
+ flags,
+ &fi[i],
+ max_inode,
+ max_bsize,
+ max_n_link,
+ max_user,
+ max_group,
+ max_size,
+ max_major,
+ max_minor,
+ max_date);
+ } else if(DISP_MODE(flags) == LS_DISP_COLUMN ||
+ DISP_MODE(flags) == LS_DISP_CROSS) {
+ int max_len = 0;
+ int size_len = 0;
+ int num_files = n_files;
+ int columns;
+ int j;
+ for(i = 0; i < n_files; i++) {
+ if(fi[i].filename == NULL) {
+ num_files--;
+ continue;
+ }
+ if(strlen(fi[i].filename) > max_len)
+ max_len = strlen(fi[i].filename);
+ if(find_log10(fi[i].bsize) > size_len)
+ size_len = find_log10(fi[i].bsize);
+ }
+ if(num_files == 0)
+ goto next;
+ if(flags & LS_SIZE) {
+ columns = 80 / (size_len + 1 + max_len + 1);
+ max_len = 80 / columns - size_len - 1;
+ } else {
+ columns = 80 / (max_len + 1); /* get space between columns */
+ max_len = 80 / columns;
+ }
+ if(flags & LS_SIZE)
+ sec_fprintf2(out, "total %lu\r\n",
+ (unsigned long)total_blocks);
+ if(DISP_MODE(flags) == LS_DISP_CROSS) {
+ for(i = 0, j = 0; i < n_files; i++) {
+ if(fi[i].filename == NULL)
+ continue;
+ if(flags & LS_SIZE)
+ sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize,
+ max_len, fi[i].filename);
+ else
+ sec_fprintf2(out, "%-*s", max_len, fi[i].filename);
+ j++;
+ if(j == columns) {
+ sec_fprintf2(out, "\r\n");
+ j = 0;
+ }
+ }
+ if(j > 0)
+ sec_fprintf2(out, "\r\n");
+ } else {
+ int skip = (num_files + columns - 1) / columns;
+ j = 0;
+ for(i = 0; i < skip; i++) {
+ for(j = i; j < n_files;) {
+ while(j < n_files && fi[j].filename == NULL)
+ j++;
+ if(flags & LS_SIZE)
+ sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize,
+ max_len, fi[j].filename);
+ else
+ sec_fprintf2(out, "%-*s", max_len, fi[j].filename);
+ j += skip;
+ }
+ sec_fprintf2(out, "\r\n");
+ }
+ }
+ } else {
+ for(i = 0; i < n_files; i++) {
+ if(fi[i].filename == NULL)
+ continue;
+ sec_fprintf2(out, "%s\r\n", fi[i].filename);
+ }
+ }
+ next:
+ if(((flags & LS_DIRS) == 0 || (flags & LS_RECURSIVE)) && dirs != NULL) {
+ for(i = 0; i < n_files; i++) {
+ if(dirs[i]) {
+ const char *p = strrchr(files[i], '/');
+ if(p == NULL)
+ p = files[i];
+ else
+ p++;
+ if(!(flags & LS_DIR_FLAG) || !IS_DOT_DOTDOT(p)) {
+ if((flags & LS_SHOW_DIRNAME)) {
+ if ((flags & LS_EXTRA_BLANK))
+ sec_fprintf2(out, "\r\n");
+ sec_fprintf2(out, "%s:\r\n", files[i]);
+ }
+ list_dir(out, files[i], flags | LS_DIRS | LS_EXTRA_BLANK);
+ }
+ }
+ }
+ }
+ out:
+ for(i = 0; i < n_files; i++)
+ free_fileinfo(&fi[i]);
+ free(fi);
+ if(dirs != NULL)
+ free(dirs);
+ return ret;
+}
+
+static void
+free_files (char **files, int n)
+{
+ int i;
+
+ for (i = 0; i < n; ++i)
+ free (files[i]);
+ free (files);
+}
+
+static int
+hide_file(const char *filename, int flags)
+{
+ if(filename[0] != '.')
+ return 0;
+ if((flags & LS_IGNORE_DOT))
+ return 1;
+ if(filename[1] == '\0' || (filename[1] == '.' && filename[2] == '\0')) {
+ if((flags & LS_SHOW_ALL))
+ return 0;
+ else
+ return 1;
+ }
+ return 0;
+}
+
+static int
+list_dir(FILE *out, const char *directory, int flags)
+{
+ DIR *d = opendir(directory);
+ struct dirent *ent;
+ char **files = NULL;
+ int n_files = 0;
+ int ret;
+
+ if(d == NULL) {
+ syslog(LOG_ERR, "%s: %m", directory);
+ return -1;
+ }
+ while((ent = readdir(d)) != NULL) {
+ void *tmp;
+
+ if(hide_file(ent->d_name, flags))
+ continue;
+ tmp = realloc(files, (n_files + 1) * sizeof(*files));
+ if (tmp == NULL) {
+ syslog(LOG_ERR, "%s: out of memory", directory);
+ free_files (files, n_files);
+ closedir (d);
+ return -1;
+ }
+ files = tmp;
+ ret = asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
+ if (ret == -1) {
+ syslog(LOG_ERR, "%s: out of memory", directory);
+ free_files (files, n_files);
+ closedir (d);
+ return -1;
+ }
+ ++n_files;
+ }
+ closedir(d);
+ return list_files(out, (const char**)files, n_files, flags | LS_DIR_FLAG);
+}
+
+static int
+parse_flags(const char *options)
+{
+#ifdef TEST
+ int flags = LS_SORT_NAME | LS_IGNORE_DOT | LS_DISP_COLUMN;
+#else
+ int flags = LS_SORT_NAME | LS_IGNORE_DOT | LS_DISP_LONG;
+#endif
+
+ const char *p;
+ if(options == NULL || *options != '-')
+ return flags;
+ for(p = options + 1; *p; p++) {
+ switch(*p) {
+ case '1':
+ flags = (flags & ~LS_DISP_MODE);
+ break;
+ case 'a':
+ flags |= LS_SHOW_ALL;
+ /*FALLTHROUGH*/
+ case 'A':
+ flags &= ~LS_IGNORE_DOT;
+ break;
+ case 'C':
+ flags = (flags & ~LS_DISP_MODE) | LS_DISP_COLUMN;
+ break;
+ case 'd':
+ flags |= LS_DIRS;
+ break;
+ case 'f':
+ flags = (flags & ~LS_SORT_MODE);
+ break;
+ case 'F':
+ flags |= LS_TYPE;
+ break;
+ case 'i':
+ flags |= LS_INODE;
+ break;
+ case 'l':
+ flags = (flags & ~LS_DISP_MODE) | LS_DISP_LONG;
+ break;
+ case 'r':
+ flags |= LS_SORT_REVERSE;
+ break;
+ case 'R':
+ flags |= LS_RECURSIVE;
+ break;
+ case 's':
+ flags |= LS_SIZE;
+ break;
+ case 'S':
+ flags = (flags & ~LS_SORT_MODE) | LS_SORT_SIZE;
+ break;
+ case 't':
+ flags = (flags & ~LS_SORT_MODE) | LS_SORT_MTIME;
+ break;
+ case 'x':
+ flags = (flags & ~LS_DISP_MODE) | LS_DISP_CROSS;
+ break;
+ /* these are a bunch of unimplemented flags from BSD ls */
+ case 'k': /* display sizes in kB */
+ case 'c': /* last change time */
+ case 'L': /* list symlink target */
+ case 'm': /* stream output */
+ case 'o': /* BSD file flags */
+ case 'p': /* display / after directories */
+ case 'q': /* print non-graphic characters */
+ case 'u': /* use last access time */
+ case 'T': /* display complete time */
+ case 'W': /* include whiteouts */
+ break;
+ }
+ }
+ return flags;
+}
+
+int
+builtin_ls(FILE *out, const char *file)
+{
+ int flags;
+ int ret;
+
+ if(*file == '-') {
+ flags = parse_flags(file);
+ file = ".";
+ } else
+ flags = parse_flags("");
+
+ ret = list_files(out, &file, 1, flags);
+ sec_fflush(out);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/pathnames.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/pathnames.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/pathnames.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)pathnames.h 8.1 (Berkeley) 6/4/93
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_FTPUSERS
+#define _PATH_FTPUSERS SYSCONFDIR "/ftpusers"
+#endif
+
+#define _PATH_FTPCHROOT SYSCONFDIR "/ftpchroot"
+#define _PATH_FTPWELCOME SYSCONFDIR "/ftpwelcome"
+#define _PATH_FTPLOGINMESG SYSCONFDIR "/motd"
+
+#ifndef _PATH_ISSUE
+#define _PATH_ISSUE SYSCONFDIR "/issue"
+#endif
+#define _PATH_ISSUE_NET SYSCONFDIR "/issue.net"
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/popen.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/popen.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/popen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 1988, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software written by Ken Arnold and
+ * published in UNIX Review, Vol. 6, No. 8.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: popen.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+#endif
+
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <glob.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <roken.h>
+#include "extern.h"
+
+
+/*
+ * Special version of popen which avoids call to shell. This ensures
+ * no one may create a pipe to a hidden program as a side effect of a
+ * list or dir command.
+ */
+static int *pids;
+static int fds;
+
+extern int dochroot;
+
+/* return path prepended with ~ftp if that file exists, otherwise
+ * return path unchanged
+ */
+
+const char *
+ftp_rooted(const char *path)
+{
+ static char home[MaxPathLen] = "";
+ static char newpath[MaxPathLen];
+ struct passwd *pwd;
+
+ if(!home[0])
+ if((pwd = k_getpwnam("ftp")))
+ strlcpy(home, pwd->pw_dir, sizeof(home));
+ snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
+ if(access(newpath, X_OK))
+ strlcpy(newpath, path, sizeof(newpath));
+ return newpath;
+}
+
+
+#define MAXARGS 100
+#define MAXGLOBS 1000
+
+FILE *
+ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
+{
+ char *cp;
+ FILE *iop;
+ int argc, gargc, pdes[2], pid;
+ char **pop, *argv[MAXARGS], *gargv[MAXGLOBS];
+ char *foo;
+
+ if (strcmp(type, "r") && strcmp(type, "w"))
+ return (NULL);
+
+ if (!pids) {
+
+ /* This function is ugly and should be rewritten, in
+ * modern unices there is no such thing as a maximum
+ * filedescriptor.
+ */
+
+ fds = getdtablesize();
+ pids = (int*)calloc(fds, sizeof(int));
+ if(!pids)
+ return NULL;
+ }
+ if (pipe(pdes) < 0)
+ return (NULL);
+
+ /* break up string into pieces */
+ foo = NULL;
+ for (argc = 0, cp = program; argc < MAXARGS - 1; cp = NULL) {
+ if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
+ break;
+ }
+ argv[MAXARGS - 1] = NULL;
+
+ gargv[0] = (char*)ftp_rooted(argv[0]);
+ /* glob each piece */
+ for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) {
+ glob_t gl;
+ int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE
+ |
+#ifdef GLOB_MAXPATH
+ GLOB_MAXPATH
+#else
+ GLOB_LIMIT
+#endif
+ ;
+
+ memset(&gl, 0, sizeof(gl));
+ if (no_glob ||
+ glob(argv[argc], flags, NULL, &gl) ||
+ gl.gl_pathc == 0)
+ gargv[gargc++] = strdup(argv[argc]);
+ else
+ for (pop = gl.gl_pathv;
+ *pop && gargc < MAXGLOBS - 1;
+ pop++)
+ gargv[gargc++] = strdup(*pop);
+ globfree(&gl);
+ }
+ gargv[gargc] = NULL;
+
+ iop = NULL;
+ switch(pid = fork()) {
+ case -1: /* error */
+ close(pdes[0]);
+ close(pdes[1]);
+ goto pfree;
+ /* NOTREACHED */
+ case 0: /* child */
+ if (*type == 'r') {
+ if (pdes[1] != STDOUT_FILENO) {
+ dup2(pdes[1], STDOUT_FILENO);
+ close(pdes[1]);
+ }
+ if(do_stderr)
+ dup2(STDOUT_FILENO, STDERR_FILENO);
+ close(pdes[0]);
+ } else {
+ if (pdes[0] != STDIN_FILENO) {
+ dup2(pdes[0], STDIN_FILENO);
+ close(pdes[0]);
+ }
+ close(pdes[1]);
+ }
+ execv(gargv[0], gargv);
+ gargv[0] = argv[0];
+ execv(gargv[0], gargv);
+ _exit(1);
+ }
+ /* parent; assume fdopen can't fail... */
+ if (*type == 'r') {
+ iop = fdopen(pdes[0], type);
+ close(pdes[1]);
+ } else {
+ iop = fdopen(pdes[1], type);
+ close(pdes[0]);
+ }
+ pids[fileno(iop)] = pid;
+
+pfree:
+ for (argc = 1; gargv[argc] != NULL; argc++)
+ free(gargv[argc]);
+
+
+ return (iop);
+}
+
+int
+ftpd_pclose(FILE *iop)
+{
+ int fdes, status;
+ pid_t pid;
+ sigset_t sigset, osigset;
+
+ /*
+ * pclose returns -1 if stream is not associated with a
+ * `popened' command, or, if already `pclosed'.
+ */
+ if (pids == 0 || pids[fdes = fileno(iop)] == 0)
+ return (-1);
+ fclose(iop);
+ sigemptyset(&sigset);
+ sigaddset(&sigset, SIGINT);
+ sigaddset(&sigset, SIGQUIT);
+ sigaddset(&sigset, SIGHUP);
+ sigprocmask(SIG_BLOCK, &sigset, &osigset);
+ while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR)
+ continue;
+ sigprocmask(SIG_SETMASK, &osigset, NULL);
+ pids[fdes] = 0;
+ if (pid < 0)
+ return (pid);
+ if (WIFEXITED(status))
+ return (WEXITSTATUS(status));
+ return (1);
+}
Added: vendor-crypto/heimdal/dist/appl/ftp/ftpd/security.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/ftp/ftpd/security.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/ftp/ftpd/security.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,883 @@
+/*
+ * Copyright (c) 1998-2002, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef FTP_SERVER
+#include "ftpd_locl.h"
+#else
+#include "ftp_locl.h"
+#endif
+
+RCSID("$Id: security.c,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $");
+
+static enum protection_level command_prot;
+static enum protection_level data_prot;
+static size_t buffer_size;
+
+struct buffer {
+ void *data;
+ size_t size;
+ size_t index;
+ int eof_flag;
+};
+
+static struct buffer in_buffer, out_buffer;
+int sec_complete;
+
+static struct {
+ enum protection_level level;
+ const char *name;
+} level_names[] = {
+ { prot_clear, "clear" },
+ { prot_safe, "safe" },
+ { prot_confidential, "confidential" },
+ { prot_private, "private" }
+};
+
+static const char *
+level_to_name(enum protection_level level)
+{
+ int i;
+ for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+ if(level_names[i].level == level)
+ return level_names[i].name;
+ return "unknown";
+}
+
+#ifndef FTP_SERVER /* not used in server */
+static enum protection_level
+name_to_level(const char *name)
+{
+ int i;
+ for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+ if(!strncasecmp(level_names[i].name, name, strlen(name)))
+ return level_names[i].level;
+ return (enum protection_level)-1;
+}
+#endif
+
+#ifdef FTP_SERVER
+
+static struct sec_server_mech *mechs[] = {
+#ifdef KRB5
+ &gss_server_mech,
+#endif
+#ifdef KRB4
+ &krb4_server_mech,
+#endif
+ NULL
+};
+
+static struct sec_server_mech *mech;
+
+#else
+
+static struct sec_client_mech *mechs[] = {
+#ifdef KRB5
+ &gss_client_mech,
+#endif
+#ifdef KRB4
+ &krb4_client_mech,
+#endif
+ NULL
+};
+
+static struct sec_client_mech *mech;
+
+#endif
+
+static void *app_data;
+
+int
+sec_getc(FILE *F)
+{
+ if(sec_complete && data_prot) {
+ char c;
+ if(sec_read(fileno(F), &c, 1) <= 0)
+ return EOF;
+ return c;
+ } else
+ return getc(F);
+}
+
+static int
+block_read(int fd, void *buf, size_t len)
+{
+ unsigned char *p = buf;
+ int b;
+ while(len) {
+ b = read(fd, p, len);
+ if (b == 0)
+ return 0;
+ else if (b < 0)
+ return -1;
+ len -= b;
+ p += b;
+ }
+ return p - (unsigned char*)buf;
+}
+
+static int
+block_write(int fd, void *buf, size_t len)
+{
+ unsigned char *p = buf;
+ int b;
+ while(len) {
+ b = write(fd, p, len);
+ if(b < 0)
+ return -1;
+ len -= b;
+ p += b;
+ }
+ return p - (unsigned char*)buf;
+}
+
+static int
+sec_get_data(int fd, struct buffer *buf, int level)
+{
+ int len;
+ int b;
+ void *tmp;
+
+ b = block_read(fd, &len, sizeof(len));
+ if (b == 0)
+ return 0;
+ else if (b < 0)
+ return -1;
+ len = ntohl(len);
+ tmp = realloc(buf->data, len);
+ if (tmp == NULL)
+ return -1;
+ buf->data = tmp;
+ b = block_read(fd, buf->data, len);
+ if (b == 0)
+ return 0;
+ else if (b < 0)
+ return -1;
+ buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
+ buf->index = 0;
+ return 0;
+}
+
+static size_t
+buffer_read(struct buffer *buf, void *dataptr, size_t len)
+{
+ len = min(len, buf->size - buf->index);
+ memcpy(dataptr, (char*)buf->data + buf->index, len);
+ buf->index += len;
+ return len;
+}
+
+static size_t
+buffer_write(struct buffer *buf, void *dataptr, size_t len)
+{
+ if(buf->index + len > buf->size) {
+ void *tmp;
+ if(buf->data == NULL)
+ tmp = malloc(1024);
+ else
+ tmp = realloc(buf->data, buf->index + len);
+ if(tmp == NULL)
+ return -1;
+ buf->data = tmp;
+ buf->size = buf->index + len;
+ }
+ memcpy((char*)buf->data + buf->index, dataptr, len);
+ buf->index += len;
+ return len;
+}
+
+int
+sec_read(int fd, void *dataptr, int length)
+{
+ size_t len;
+ int rx = 0;
+
+ if(sec_complete == 0 || data_prot == 0)
+ return read(fd, dataptr, length);
+
+ if(in_buffer.eof_flag){
+ in_buffer.eof_flag = 0;
+ return 0;
+ }
+
+ len = buffer_read(&in_buffer, dataptr, length);
+ length -= len;
+ rx += len;
+ dataptr = (char*)dataptr + len;
+
+ while(length){
+ int ret;
+
+ ret = sec_get_data(fd, &in_buffer, data_prot);
+ if (ret < 0)
+ return -1;
+ if(ret == 0 && in_buffer.size == 0) {
+ if(rx)
+ in_buffer.eof_flag = 1;
+ return rx;
+ }
+ len = buffer_read(&in_buffer, dataptr, length);
+ length -= len;
+ rx += len;
+ dataptr = (char*)dataptr + len;
+ }
+ return rx;
+}
+
+static int
+sec_send(int fd, char *from, int length)
+{
+ int bytes;
+ void *buf;
+ bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
+ bytes = htonl(bytes);
+ block_write(fd, &bytes, sizeof(bytes));
+ block_write(fd, buf, ntohl(bytes));
+ free(buf);
+ return length;
+}
+
+int
+sec_fflush(FILE *F)
+{
+ if(data_prot != prot_clear) {
+ if(out_buffer.index > 0){
+ sec_write(fileno(F), out_buffer.data, out_buffer.index);
+ out_buffer.index = 0;
+ }
+ sec_send(fileno(F), NULL, 0);
+ }
+ fflush(F);
+ return 0;
+}
+
+int
+sec_write(int fd, char *dataptr, int length)
+{
+ int len = buffer_size;
+ int tx = 0;
+
+ if(data_prot == prot_clear)
+ return write(fd, dataptr, length);
+
+ len -= (*mech->overhead)(app_data, data_prot, len);
+ while(length){
+ if(length < len)
+ len = length;
+ sec_send(fd, dataptr, len);
+ length -= len;
+ dataptr += len;
+ tx += len;
+ }
+ return tx;
+}
+
+int
+sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
+{
+ char *buf;
+ int ret;
+ if(data_prot == prot_clear)
+ return vfprintf(f, fmt, ap);
+ else {
+ int len;
+ len = vasprintf(&buf, fmt, ap);
+ if (len == -1)
+ return len;
+ ret = buffer_write(&out_buffer, buf, len);
+ free(buf);
+ return ret;
+ }
+}
+
+int
+sec_fprintf2(FILE *f, const char *fmt, ...)
+{
+ int ret;
+ va_list ap;
+ va_start(ap, fmt);
+ ret = sec_vfprintf2(f, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+int
+sec_putc(int c, FILE *F)
+{
+ char ch = c;
+ if(data_prot == prot_clear)
+ return putc(c, F);
+
+ buffer_write(&out_buffer, &ch, 1);
+ if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
+ sec_write(fileno(F), out_buffer.data, out_buffer.index);
+ out_buffer.index = 0;
+ }
+ return c;
+}
+
+int
+sec_read_msg(char *s, int level)
+{
+ int len;
+ char *buf;
+ int return_code;
+
+ buf = malloc(strlen(s));
+ len = base64_decode(s + 4, buf); /* XXX */
+
+ len = (*mech->decode)(app_data, buf, len, level);
+ if(len < 0)
+ return -1;
+
+ buf[len] = '\0';
+
+ if(buf[3] == '-')
+ return_code = 0;
+ else
+ sscanf(buf, "%d", &return_code);
+ if(buf[len-1] == '\n')
+ buf[len-1] = '\0';
+ strcpy(s, buf);
+ free(buf);
+ return return_code;
+}
+
+int
+sec_vfprintf(FILE *f, const char *fmt, va_list ap)
+{
+ char *buf;
+ void *enc;
+ int len;
+ if(!sec_complete)
+ return vfprintf(f, fmt, ap);
+
+ if (vasprintf(&buf, fmt, ap) == -1) {
+ printf("Failed to allocate command.\n");
+ return -1;
+ }
+ len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
+ free(buf);
+ if(len < 0) {
+ printf("Failed to encode command.\n");
+ return -1;
+ }
+ if(base64_encode(enc, len, &buf) < 0){
+ free(enc);
+ printf("Out of memory base64-encoding.\n");
+ return -1;
+ }
+ free(enc);
+#ifdef FTP_SERVER
+ if(command_prot == prot_safe)
+ fprintf(f, "631 %s\r\n", buf);
+ else if(command_prot == prot_private)
+ fprintf(f, "632 %s\r\n", buf);
+ else if(command_prot == prot_confidential)
+ fprintf(f, "633 %s\r\n", buf);
+#else
+ if(command_prot == prot_safe)
+ fprintf(f, "MIC %s", buf);
+ else if(command_prot == prot_private)
+ fprintf(f, "ENC %s", buf);
+ else if(command_prot == prot_confidential)
+ fprintf(f, "CONF %s", buf);
+#endif
+ free(buf);
+ return 0;
+}
+
+int
+sec_fprintf(FILE *f, const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+ va_start(ap, fmt);
+ ret = sec_vfprintf(f, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+/* end common stuff */
+
+#ifdef FTP_SERVER
+
+int ccc_passed;
+
+void
+auth(char *auth_name)
+{
+ int i;
+ void *tmp;
+
+ for(i = 0; (mech = mechs[i]) != NULL; i++){
+ if(!strcasecmp(auth_name, mech->name)){
+ tmp = realloc(app_data, mech->size);
+ if (tmp == NULL) {
+ reply(431, "Unable to accept %s at this time", mech->name);
+ return;
+ }
+ app_data = tmp;
+
+ if(mech->init && (*mech->init)(app_data) != 0) {
+ reply(431, "Unable to accept %s at this time", mech->name);
+ return;
+ }
+ if(mech->auth) {
+ (*mech->auth)(app_data);
+ return;
+ }
+ if(mech->adat)
+ reply(334, "Send authorization data.");
+ else
+ reply(234, "Authorization complete.");
+ return;
+ }
+ }
+ free (app_data);
+ app_data = NULL;
+ reply(504, "%s is unknown to me", auth_name);
+}
+
+void
+adat(char *auth_data)
+{
+ if(mech && !sec_complete) {
+ void *buf = malloc(strlen(auth_data));
+ size_t len;
+ len = base64_decode(auth_data, buf);
+ (*mech->adat)(app_data, buf, len);
+ free(buf);
+ } else
+ reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
+}
+
+void pbsz(int size)
+{
+ size_t new = size;
+ if(!sec_complete)
+ reply(503, "Incomplete security data exchange.");
+ if(mech->pbsz)
+ new = (*mech->pbsz)(app_data, size);
+ if(buffer_size != new){
+ buffer_size = size;
+ }
+ if(new != size)
+ reply(200, "PBSZ=%lu", (unsigned long)new);
+ else
+ reply(200, "OK");
+}
+
+void
+prot(char *pl)
+{
+ int p = -1;
+
+ if(buffer_size == 0){
+ reply(503, "No protection buffer size negotiated.");
+ return;
+ }
+
+ if(!strcasecmp(pl, "C"))
+ p = prot_clear;
+ else if(!strcasecmp(pl, "S"))
+ p = prot_safe;
+ else if(!strcasecmp(pl, "E"))
+ p = prot_confidential;
+ else if(!strcasecmp(pl, "P"))
+ p = prot_private;
+ else {
+ reply(504, "Unrecognized protection level.");
+ return;
+ }
+
+ if(sec_complete){
+ if((*mech->check_prot)(app_data, p)){
+ reply(536, "%s does not support %s protection.",
+ mech->name, level_to_name(p));
+ }else{
+ data_prot = (enum protection_level)p;
+ reply(200, "Data protection is %s.", level_to_name(p));
+ }
+ }else{
+ reply(503, "Incomplete security data exchange.");
+ }
+}
+
+void ccc(void)
+{
+ if(sec_complete){
+ if(mech->ccc && (*mech->ccc)(app_data) == 0) {
+ command_prot = data_prot = prot_clear;
+ ccc_passed = 1;
+ } else
+ reply(534, "You must be joking.");
+ }else
+ reply(503, "Incomplete security data exchange.");
+}
+
+void mec(char *msg, enum protection_level level)
+{
+ void *buf;
+ size_t len, buf_size;
+ if(!sec_complete) {
+ reply(503, "Incomplete security data exchange.");
+ return;
+ }
+ buf_size = strlen(msg) + 2;
+ buf = malloc(buf_size);
+ len = base64_decode(msg, buf);
+ command_prot = level;
+ if(len == (size_t)-1) {
+ reply(501, "Failed to base64-decode command");
+ return;
+ }
+ len = (*mech->decode)(app_data, buf, len, level);
+ if(len == (size_t)-1) {
+ reply(535, "Failed to decode command");
+ return;
+ }
+ ((char*)buf)[len] = '\0';
+ if(strstr((char*)buf, "\r\n") == NULL)
+ strlcat((char*)buf, "\r\n", buf_size);
+ new_ftp_command(buf);
+}
+
+/* ------------------------------------------------------------ */
+
+int
+sec_userok(char *userstr)
+{
+ if(sec_complete)
+ return (*mech->userok)(app_data, userstr);
+ return 0;
+}
+
+int
+sec_session(char *user)
+{
+ if(sec_complete && mech->session)
+ return (*mech->session)(app_data, user);
+ return 0;
+}
+
+char *ftp_command;
+
+void
+new_ftp_command(char *command)
+{
+ ftp_command = command;
+}
+
+void
+delete_ftp_command(void)
+{
+ free(ftp_command);
+ ftp_command = NULL;
+}
+
+int
+secure_command(void)
+{
+ return ftp_command != NULL;
+}
+
+enum protection_level
+get_command_prot(void)
+{
+ return command_prot;
+}
+
+#else /* FTP_SERVER */
+
+void
+sec_status(void)
+{
+ if(sec_complete){
+ printf("Using %s for authentication.\n", mech->name);
+ printf("Using %s command channel.\n", level_to_name(command_prot));
+ printf("Using %s data channel.\n", level_to_name(data_prot));
+ if(buffer_size > 0)
+ printf("Protection buffer size: %lu.\n",
+ (unsigned long)buffer_size);
+ }else{
+ printf("Not using any security mechanism.\n");
+ }
+}
+
+static int
+sec_prot_internal(int level)
+{
+ int ret;
+ char *p;
+ unsigned int s = 1048576;
+
+ int old_verbose = verbose;
+ verbose = 0;
+
+ if(!sec_complete){
+ printf("No security data exchange has taken place.\n");
+ return -1;
+ }
+
+ if(level){
+ ret = command("PBSZ %u", s);
+ if(ret != COMPLETE){
+ printf("Failed to set protection buffer size.\n");
+ return -1;
+ }
+ buffer_size = s;
+ p = strstr(reply_string, "PBSZ=");
+ if(p)
+ sscanf(p, "PBSZ=%u", &s);
+ if(s < buffer_size)
+ buffer_size = s;
+ }
+ verbose = old_verbose;
+ ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+ if(ret != COMPLETE){
+ printf("Failed to set protection level.\n");
+ return -1;
+ }
+
+ data_prot = (enum protection_level)level;
+ return 0;
+}
+
+enum protection_level
+set_command_prot(enum protection_level level)
+{
+ int ret;
+ enum protection_level old = command_prot;
+ if(level != command_prot && level == prot_clear) {
+ ret = command("CCC");
+ if(ret != COMPLETE) {
+ printf("Failed to clear command channel.\n");
+ return -1;
+ }
+ }
+ command_prot = level;
+ return old;
+}
+
+void
+sec_prot(int argc, char **argv)
+{
+ int level = -1;
+
+ if(argc > 3)
+ goto usage;
+
+ if(argc == 1) {
+ sec_status();
+ return;
+ }
+ if(!sec_complete) {
+ printf("No security data exchange has taken place.\n");
+ code = -1;
+ return;
+ }
+ level = name_to_level(argv[argc - 1]);
+
+ if(level == -1)
+ goto usage;
+
+ if((*mech->check_prot)(app_data, level)) {
+ printf("%s does not implement %s protection.\n",
+ mech->name, level_to_name(level));
+ code = -1;
+ return;
+ }
+
+ if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
+ if(sec_prot_internal(level) < 0){
+ code = -1;
+ return;
+ }
+ } else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
+ if(set_command_prot(level) < 0) {
+ code = -1;
+ return;
+ }
+ } else
+ goto usage;
+ code = 0;
+ return;
+ usage:
+ printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
+ argv[0]);
+ code = -1;
+}
+
+void
+sec_prot_command(int argc, char **argv)
+{
+ int level;
+
+ if(argc > 2)
+ goto usage;
+
+ if(!sec_complete) {
+ printf("No security data exchange has taken place.\n");
+ code = -1;
+ return;
+ }
+
+ if(argc == 1) {
+ sec_status();
+ } else {
+ level = name_to_level(argv[1]);
+ if(level == -1)
+ goto usage;
+
+ if((*mech->check_prot)(app_data, level)) {
+ printf("%s does not implement %s protection.\n",
+ mech->name, level_to_name(level));
+ code = -1;
+ return;
+ }
+ if(set_command_prot(level) < 0) {
+ code = -1;
+ return;
+ }
+ }
+ code = 0;
+ return;
+ usage:
+ printf("usage: %s [clear|safe|confidential|private]\n",
+ argv[0]);
+ code = -1;
+}
+
+static enum protection_level request_data_prot;
+
+void
+sec_set_protection_level(void)
+{
+ if(sec_complete && data_prot != request_data_prot)
+ sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+ int l = name_to_level(level);
+ if(l == -1)
+ return -1;
+ request_data_prot = (enum protection_level)l;
+ return 0;
+}
+
+int
+sec_login(char *host)
+{
+ int ret;
+ struct sec_client_mech **m;
+ int old_verbose = verbose;
+
+ verbose = -1; /* shut up all messages this will produce (they
+ are usually not very user friendly) */
+
+ for(m = mechs; *m && (*m)->name; m++) {
+ void *tmp;
+
+ tmp = realloc(app_data, (*m)->size);
+ if (tmp == NULL) {
+ warnx ("realloc %lu failed", (unsigned long)(*m)->size);
+ return -1;
+ }
+ app_data = tmp;
+
+ if((*m)->init && (*(*m)->init)(app_data) != 0) {
+ printf("Skipping %s...\n", (*m)->name);
+ continue;
+ }
+ printf("Trying %s...\n", (*m)->name);
+ ret = command("AUTH %s", (*m)->name);
+ if(ret != CONTINUE){
+ if(code == 504){
+ printf("%s is not supported by the server.\n", (*m)->name);
+ }else if(code == 534){
+ printf("%s rejected as security mechanism.\n", (*m)->name);
+ }else if(ret == ERROR) {
+ printf("The server doesn't support the FTP "
+ "security extensions.\n");
+ verbose = old_verbose;
+ return -1;
+ }
+ continue;
+ }
+
+ ret = (*(*m)->auth)(app_data, host);
+
+ if(ret == AUTH_CONTINUE)
+ continue;
+ else if(ret != AUTH_OK){
+ /* mechanism is supposed to output error string */
+ verbose = old_verbose;
+ return -1;
+ }
+ mech = *m;
+ sec_complete = 1;
+ if(doencrypt) {
+ command_prot = prot_private;
+ request_data_prot = prot_private;
+ } else {
+ command_prot = prot_safe;
+ }
+ break;
+ }
+
+ verbose = old_verbose;
+ return *m == NULL;
+}
+
+void
+sec_end(void)
+{
+ if (mech != NULL) {
+ if(mech->end)
+ (*mech->end)(app_data);
+ if (app_data != NULL) {
+ memset(app_data, 0, mech->size);
+ free(app_data);
+ app_data = NULL;
+ }
+ }
+ sec_complete = 0;
+ data_prot = (enum protection_level)0;
+}
+
+#endif /* FTP_SERVER */
+
Added: vendor-crypto/heimdal/dist/appl/gssmask/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_PROGRAMS = gssmask gssmaestro
+
+gssmask_SOURCES = gssmask.c common.c common.h protocol.h
+
+gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
+
+LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
+
Added: vendor-crypto/heimdal/dist/appl/gssmask/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,760 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+noinst_PROGRAMS = gssmask$(EXEEXT) gssmaestro$(EXEEXT)
+subdir = appl/gssmask
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_gssmaestro_OBJECTS = gssmaestro.$(OBJEXT) common.$(OBJEXT)
+gssmaestro_OBJECTS = $(am_gssmaestro_OBJECTS)
+gssmaestro_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+gssmaestro_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+ $(am__DEPENDENCIES_1)
+am_gssmask_OBJECTS = gssmask.$(OBJEXT) common.$(OBJEXT)
+gssmask_OBJECTS = $(am_gssmask_OBJECTS)
+gssmask_LDADD = $(LDADD)
+gssmask_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(gssmaestro_SOURCES) $(gssmask_SOURCES)
+DIST_SOURCES = $(gssmaestro_SOURCES) $(gssmask_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+gssmask_SOURCES = gssmask.c common.c common.h protocol.h
+gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h
+LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/gssmask/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/gssmask/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+gssmaestro$(EXEEXT): $(gssmaestro_OBJECTS) $(gssmaestro_DEPENDENCIES)
+ @rm -f gssmaestro$(EXEEXT)
+ $(LINK) $(gssmaestro_OBJECTS) $(gssmaestro_LDADD) $(LIBS)
+gssmask$(EXEEXT): $(gssmask_OBJECTS) $(gssmask_DEPENDENCIES)
+ @rm -f gssmask$(EXEEXT)
+ $(LINK) $(gssmask_OBJECTS) $(gssmask_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/gssmask/common.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/common.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <common.h>
+RCSID("$Id: common.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code
+store_string(krb5_storage *sp, const char *str)
+{
+ size_t len = strlen(str) + 1;
+ krb5_error_code ret;
+
+ ret = krb5_store_int32(sp, len);
+ if (ret)
+ return ret;
+ ret = krb5_storage_write(sp, str, len);
+ if (ret != len)
+ return EINVAL;
+ return 0;
+}
+
+static void
+add_list(char ****list, size_t *listlen, char **str, size_t len)
+{
+ size_t i;
+ *list = erealloc(*list, sizeof(**list) * (*listlen + 1));
+
+ (*list)[*listlen] = ecalloc(len, sizeof(**list));
+ for (i = 0; i < len; i++)
+ (*list)[*listlen][i] = str[i];
+ (*listlen)++;
+}
+
+static void
+permute(char ****list, size_t *listlen,
+ char **str, const int start, const int len)
+{
+ int i, j;
+
+#define SWAP(s,i,j) { char *t = str[i]; str[i] = str[j]; str[j] = t; }
+
+ for (i = start; i < len - 1; i++) {
+ for (j = i+1; j < len; j++) {
+ SWAP(str,i,j);
+ permute(list, listlen, str, i+1, len);
+ SWAP(str,i,j);
+ }
+ }
+ add_list(list, listlen, str, len);
+}
+
+char ***
+permutate_all(struct getarg_strings *strings, size_t *size)
+{
+ char **list, ***all = NULL;
+ int i;
+
+ *size = 0;
+
+ list = ecalloc(strings->num_strings, sizeof(*list));
+ for (i = 0; i < strings->num_strings; i++)
+ list[i] = strings->strings[i];
+
+ permute(&all, size, list, 0, strings->num_strings);
+ free(list);
+ return all;
+}
Added: vendor-crypto/heimdal/dist/appl/gssmask/common.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/common.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: common.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+/*
+ * pthread support is disable because the pthread
+ * test have no "application pthread libflags" variable,
+ * when this is fixed pthread support can be enabled again.
+ */
+#undef ENABLE_PTHREAD_SUPPORT
+
+#include <sys/param.h>
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#include <assert.h>
+#include <krb5.h>
+#include <gssapi.h>
+#include <unistd.h>
+
+#include <roken.h>
+#include <getarg.h>
+
+#include "protocol.h"
+
+krb5_error_code store_string(krb5_storage *, const char *);
+
+
+#define ret16(_client, num) \
+ do { \
+ if (krb5_ret_int16((_client)->sock, &(num)) != 0) \
+ errx(1, "krb5_ret_int16 " #num); \
+ } while(0)
+
+#define ret32(_client, num) \
+ do { \
+ if (krb5_ret_int32((_client)->sock, &(num)) != 0) \
+ errx(1, "krb5_ret_int32 " #num); \
+ } while(0)
+
+#define retdata(_client, data) \
+ do { \
+ if (krb5_ret_data((_client)->sock, &(data)) != 0) \
+ errx(1, "krb5_ret_data " #data); \
+ } while(0)
+
+#define retstring(_client, data) \
+ do { \
+ if (krb5_ret_string((_client)->sock, &(data)) != 0) \
+ errx(1, "krb5_ret_data " #data); \
+ } while(0)
+
+
+#define put32(_client, num) \
+ do { \
+ if (krb5_store_int32((_client)->sock, num) != 0) \
+ errx(1, "krb5_store_int32 " #num); \
+ } while(0)
+
+#define putdata(_client, data) \
+ do { \
+ if (krb5_store_data((_client)->sock, data) != 0) \
+ errx(1, "krb5_store_data " #data); \
+ } while(0)
+
+#define putstring(_client, str) \
+ do { \
+ if (store_string((_client)->sock, str) != 0) \
+ errx(1, "krb5_store_str " #str); \
+ } while(0)
+
+char *** permutate_all(struct getarg_strings *, size_t *);
Added: vendor-crypto/heimdal/dist/appl/gssmask/gssmaestro.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/gssmaestro.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/gssmaestro.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,851 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <common.h>
+RCSID("$Id: gssmaestro.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static FILE *logfile;
+
+/*
+ *
+ */
+
+struct client {
+ char *name;
+ struct sockaddr *sa;
+ socklen_t salen;
+ krb5_storage *sock;
+ int32_t capabilities;
+ char *target_name;
+ char *moniker;
+ krb5_storage *logsock;
+ int have_log;
+#ifdef ENABLE_PTHREAD_SUPPORT
+ pthread_t thr;
+#else
+ pid_t child;
+#endif
+};
+
+static struct client **clients;
+static int num_clients;
+
+static int
+init_sec_context(struct client *client,
+ int32_t *hContext, int32_t *hCred,
+ int32_t flags,
+ const char *targetname,
+ const krb5_data *itoken, krb5_data *otoken)
+{
+ int32_t val;
+ krb5_data_zero(otoken);
+ put32(client, eInitContext);
+ put32(client, *hContext);
+ put32(client, *hCred);
+ put32(client, flags);
+ putstring(client, targetname);
+ putdata(client, *itoken);
+ ret32(client, *hContext);
+ ret32(client, val);
+ retdata(client, *otoken);
+ return val;
+}
+
+static int
+accept_sec_context(struct client *client,
+ int32_t *hContext,
+ int32_t flags,
+ const krb5_data *itoken,
+ krb5_data *otoken,
+ int32_t *hDelegCred)
+{
+ int32_t val;
+ krb5_data_zero(otoken);
+ put32(client, eAcceptContext);
+ put32(client, *hContext);
+ put32(client, flags);
+ putdata(client, *itoken);
+ ret32(client, *hContext);
+ ret32(client, val);
+ retdata(client, *otoken);
+ ret32(client, *hDelegCred);
+ return val;
+}
+
+static int
+acquire_cred(struct client *client,
+ const char *username,
+ const char *password,
+ int32_t flags,
+ int32_t *hCred)
+{
+ int32_t val;
+ put32(client, eAcquireCreds);
+ putstring(client, username);
+ putstring(client, password);
+ put32(client, flags);
+ ret32(client, val);
+ ret32(client, *hCred);
+ return val;
+}
+
+static int
+toast_resource(struct client *client,
+ int32_t hCred)
+{
+ int32_t val;
+ put32(client, eToastResource);
+ put32(client, hCred);
+ ret32(client, val);
+ return val;
+}
+
+static int
+goodbye(struct client *client)
+{
+ put32(client, eGoodBye);
+ return GSMERR_OK;
+}
+
+static int
+get_targetname(struct client *client,
+ char **target)
+{
+ put32(client, eGetTargetName);
+ retstring(client, *target);
+ return GSMERR_OK;
+}
+
+static int32_t
+encrypt_token(struct client *client, int32_t hContext, int32_t flags,
+ krb5_data *in, krb5_data *out)
+{
+ int32_t val;
+ put32(client, eEncrypt);
+ put32(client, hContext);
+ put32(client, flags);
+ put32(client, 0);
+ putdata(client, *in);
+ ret32(client, val);
+ retdata(client, *out);
+ return val;
+}
+
+static int32_t
+decrypt_token(struct client *client, int32_t hContext, int flags,
+ krb5_data *in, krb5_data *out)
+{
+ int32_t val;
+ put32(client, eDecrypt);
+ put32(client, hContext);
+ put32(client, flags);
+ put32(client, 0);
+ putdata(client, *in);
+ ret32(client, val);
+ retdata(client, *out);
+ return val;
+}
+
+static int32_t
+get_mic(struct client *client, int32_t hContext,
+ krb5_data *in, krb5_data *mic)
+{
+ int32_t val;
+ put32(client, eSign);
+ put32(client, hContext);
+ put32(client, 0);
+ put32(client, 0);
+ putdata(client, *in);
+ ret32(client, val);
+ retdata(client, *mic);
+ return val;
+}
+
+static int32_t
+verify_mic(struct client *client, int32_t hContext,
+ krb5_data *in, krb5_data *mic)
+{
+ int32_t val;
+ put32(client, eVerify);
+ put32(client, hContext);
+ put32(client, 0);
+ put32(client, 0);
+ putdata(client, *in);
+ putdata(client, *mic);
+ ret32(client, val);
+ return val;
+}
+
+
+static int32_t
+get_version_capa(struct client *client,
+ int32_t *version, int32_t *capa,
+ char **version_str)
+{
+ put32(client, eGetVersionAndCapabilities);
+ ret32(client, *version);
+ ret32(client, *capa);
+ retstring(client, *version_str);
+ return GSMERR_OK;
+}
+
+static int32_t
+get_moniker(struct client *client,
+ char **moniker)
+{
+ put32(client, eGetMoniker);
+ retstring(client, *moniker);
+ return GSMERR_OK;
+}
+
+static int
+wait_log(struct client *c)
+{
+ int32_t port;
+ struct sockaddr_storage sast;
+ socklen_t salen = sizeof(sast);
+ int fd, fd2, ret;
+
+ memset(&sast, 0, sizeof(sast));
+
+ assert(sizeof(sast) >= c->salen);
+
+ fd = socket(c->sa->sa_family, SOCK_STREAM, 0);
+ if (fd < 0)
+ err(1, "failed to build socket for %s's logging port", c->moniker);
+
+ ((struct sockaddr *)&sast)->sa_family = c->sa->sa_family;
+ ret = bind(fd, (struct sockaddr *)&sast, c->salen);
+ if (ret < 0)
+ err(1, "failed to bind %s's logging port", c->moniker);
+
+ if (listen(fd, SOMAXCONN) < 0)
+ err(1, "failed to listen %s's logging port", c->moniker);
+
+ salen = sizeof(sast);
+ ret = getsockname(fd, (struct sockaddr *)&sast, &salen);
+ if (ret < 0)
+ err(1, "failed to get address of local socket for %s", c->moniker);
+
+ port = socket_get_port((struct sockaddr *)&sast);
+
+ put32(c, eSetLoggingSocket);
+ put32(c, ntohs(port));
+
+ salen = sizeof(sast);
+ fd2 = accept(fd, (struct sockaddr *)&sast, &salen);
+ if (fd2 < 0)
+ err(1, "failed to accept local socket for %s", c->moniker);
+ close(fd);
+
+ return fd2;
+}
+
+
+
+
+static int
+build_context(struct client *ipeer, struct client *apeer,
+ int32_t flags, int32_t hCred,
+ int32_t *iContext, int32_t *aContext, int32_t *hDelegCred)
+{
+ int32_t val = GSMERR_ERROR, ic = 0, ac = 0, deleg = 0;
+ krb5_data itoken, otoken;
+ int iDone = 0, aDone = 0;
+ int step = 0;
+ int first_call = 0x80;
+
+ if (apeer->target_name == NULL)
+ errx(1, "apeer %s have no target name", apeer->name);
+
+ krb5_data_zero(&itoken);
+
+ while (!iDone || !aDone) {
+
+ if (iDone) {
+ warnx("iPeer already done, aPeer want extra rtt");
+ val = GSMERR_ERROR;
+ goto out;
+ }
+
+ val = init_sec_context(ipeer, &ic, &hCred, flags|first_call,
+ apeer->target_name, &itoken, &otoken);
+ step++;
+ switch(val) {
+ case GSMERR_OK:
+ iDone = 1;
+ if (aDone)
+ continue;
+ break;
+ case GSMERR_CONTINUE_NEEDED:
+ break;
+ default:
+ warnx("iPeer %s failed with %d (step %d)",
+ ipeer->name, (int)val, step);
+ goto out;
+ }
+
+ if (aDone) {
+ warnx("aPeer already done, iPeer want extra rtt");
+ val = GSMERR_ERROR;
+ goto out;
+ }
+
+ val = accept_sec_context(apeer, &ac, flags|first_call,
+ &otoken, &itoken, &deleg);
+ step++;
+ switch(val) {
+ case GSMERR_OK:
+ aDone = 1;
+ if (iDone)
+ continue;
+ break;
+ case GSMERR_CONTINUE_NEEDED:
+ break;
+ default:
+ warnx("aPeer %s failed with %d (step %d)",
+ apeer->name, (int)val, step);
+ val = GSMERR_ERROR;
+ goto out;
+ }
+ first_call = 0;
+ val = GSMERR_OK;
+ }
+
+ if (iContext == NULL || val != GSMERR_OK) {
+ if (ic)
+ toast_resource(ipeer, ic);
+ if (iContext)
+ *iContext = 0;
+ } else
+ *iContext = ic;
+
+ if (aContext == NULL || val != GSMERR_OK) {
+ if (ac)
+ toast_resource(apeer, ac);
+ if (aContext)
+ *aContext = 0;
+ } else
+ *aContext = ac;
+
+ if (hDelegCred == NULL || val != GSMERR_OK) {
+ if (deleg)
+ toast_resource(apeer, deleg);
+ if (hDelegCred)
+ *hDelegCred = 0;
+ } else
+ *hDelegCred = deleg;
+
+out:
+ return val;
+}
+
+static void
+test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
+{
+ krb5_data msg, mic;
+ int32_t val;
+
+ msg.data = "foo";
+ msg.length = 3;
+
+ krb5_data_zero(&mic);
+
+ val = get_mic(c1, hc1, &msg, &mic);
+ if (val)
+ errx(1, "get_mic failed to host: %s", c1->moniker);
+ val = verify_mic(c2, hc2, &msg, &mic);
+ if (val)
+ errx(1, "verify_mic failed to host: %s", c2->moniker);
+
+ krb5_data_free(&mic);
+}
+
+static int32_t
+test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2,
+ int conf)
+{
+ krb5_data msg, wrapped, out;
+ int32_t val;
+
+ msg.data = "foo";
+ msg.length = 3;
+
+ krb5_data_zero(&wrapped);
+ krb5_data_zero(&out);
+
+ val = encrypt_token(c1, hc1, conf, &msg, &wrapped);
+ if (val) {
+ warnx("encrypt_token failed to host: %s", c1->moniker);
+ return val;
+ }
+ val = decrypt_token(c2, hc2, conf, &wrapped, &out);
+ if (val) {
+ krb5_data_free(&wrapped);
+ warnx("decrypt_token failed to host: %s", c2->moniker);
+ return val;
+ }
+
+ if (msg.length != out.length) {
+ warnx("decrypted'ed token have wrong length (%lu != %lu)",
+ (unsigned long)msg.length, (unsigned long)out.length);
+ val = GSMERR_ERROR;
+ } else if (memcmp(msg.data, out.data, msg.length) != 0) {
+ warnx("decryptd'ed token have wrong data");
+ val = GSMERR_ERROR;
+ }
+
+ krb5_data_free(&wrapped);
+ krb5_data_free(&out);
+ return val;
+}
+
+static int32_t
+test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2)
+{
+ int32_t val;
+ int i;
+
+ for (i = 0; i < 10; i++) {
+ test_mic(c1, hc1, c2, hc2);
+ test_mic(c2, hc2, c1, hc1);
+ val = test_wrap(c1, hc1, c2, hc2, 0);
+ if (val) return val;
+ val = test_wrap(c2, hc2, c1, hc1, 0);
+ if (val) return val;
+ val = test_wrap(c1, hc1, c2, hc2, 1);
+ if (val) return val;
+ val = test_wrap(c2, hc2, c1, hc1, 1);
+ if (val) return val;
+ }
+ return GSMERR_OK;
+}
+
+static int
+log_function(void *ptr)
+{
+ struct client *c = ptr;
+ int32_t cmd, line;
+ char *file, *string;
+
+ while (1) {
+ if (krb5_ret_int32(c->logsock, &cmd))
+ goto out;
+
+ switch (cmd) {
+ case eLogSetMoniker:
+ if (krb5_ret_string(c->logsock, &file))
+ goto out;
+ free(file);
+ break;
+ case eLogInfo:
+ case eLogFailure:
+ if (krb5_ret_string(c->logsock, &file))
+ goto out;
+ if (krb5_ret_int32(c->logsock, &line))
+ goto out;
+ if (krb5_ret_string(c->logsock, &string))
+ goto out;
+ printf("%s:%lu: %s\n",
+ file, (unsigned long)line, string);
+ fprintf(logfile, "%s:%lu: %s\n",
+ file, (unsigned long)line, string);
+ fflush(logfile);
+ free(file);
+ free(string);
+ if (krb5_store_int32(c->logsock, 0))
+ goto out;
+ break;
+ default:
+ errx(1, "client send bad log command: %d", (int)cmd);
+ }
+ }
+out:
+
+ return 0;
+}
+
+static void
+connect_client(const char *slave)
+{
+ char *name, *port;
+ struct client *c = ecalloc(1, sizeof(*c));
+ struct addrinfo hints, *res0, *res;
+ int ret, fd;
+
+ name = estrdup(slave);
+ port = strchr(name, ':');
+ if (port == NULL)
+ errx(1, "port missing from %s", name);
+ *port++ = 0;
+
+ c->name = estrdup(slave);
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+
+ ret = getaddrinfo(name, port, &hints, &res0);
+ if (ret)
+ errx(1, "error resolving %s", name);
+
+ for (res = res0, fd = -1; res; res = res->ai_next) {
+ fd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (fd < 0)
+ continue;
+ if (connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
+ close(fd);
+ fd = -1;
+ continue;
+ }
+ c->sa = ecalloc(1, res->ai_addrlen);
+ memcpy(c->sa, res->ai_addr, res->ai_addrlen);
+ c->salen = res->ai_addrlen;
+ break; /* okay we got one */
+ }
+ if (fd < 0)
+ err(1, "connect to host: %s", name);
+ freeaddrinfo(res);
+
+ c->sock = krb5_storage_from_fd(fd);
+ close(fd);
+ if (c->sock == NULL)
+ errx(1, "krb5_storage_from_fd");
+
+ {
+ int32_t version;
+ char *str = NULL;
+ get_version_capa(c, &version, &c->capabilities, &str);
+ if (str) {
+ free(str);
+ }
+ if (c->capabilities & HAS_MONIKER)
+ get_moniker(c, &c->moniker);
+ else
+ c->moniker = c->name;
+ if (c->capabilities & ISSERVER)
+ get_targetname(c, &c->target_name);
+ }
+
+ if (logfile) {
+ int fd;
+
+ printf("starting log socket to client %s\n", c->moniker);
+
+ fd = wait_log(c);
+
+ c->logsock = krb5_storage_from_fd(fd);
+ close(fd);
+ if (c->logsock == NULL)
+ errx(1, "failed to create log krb5_storage");
+#ifdef ENABLE_PTHREAD_SUPPORT
+ pthread_create(&c->thr, NULL, log_function, c);
+#else
+ c->child = fork();
+ if (c->child == -1)
+ errx(1, "failed to fork");
+ else if (c->child == 0) {
+ log_function(c);
+ fclose(logfile);
+ exit(0);
+ }
+#endif
+ }
+
+
+ clients = erealloc(clients, (num_clients + 1) * sizeof(*clients));
+
+ clients[num_clients] = c;
+ num_clients++;
+
+ free(name);
+}
+
+static struct client *
+get_client(const char *slave)
+{
+ size_t i;
+ for (i = 0; i < num_clients; i++)
+ if (strcmp(slave, clients[i]->name) == 0)
+ return clients[i];
+ errx(1, "failed to find client %s", slave);
+}
+
+/*
+ *
+ */
+
+static int version_flag;
+static int help_flag;
+static char *logfile_str;
+static getarg_strings principals;
+static getarg_strings slaves;
+
+struct getargs args[] = {
+ { "principals", 0, arg_strings, &principals, "Test principal",
+ NULL },
+ { "slaves", 0, arg_strings, &slaves, "Slaves",
+ NULL },
+ { "log-file", 0, arg_string, &logfile_str, "Logfile",
+ NULL },
+ { "version", 0, arg_flag, &version_flag, "Print version",
+ NULL },
+ { "help", 0, arg_flag, &help_flag, NULL,
+ NULL }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx= 0;
+ char *user;
+ char *password;
+ char ***list, **p;
+ size_t num_list, i, j, k;
+ int failed = 0;
+
+ setprogname (argv[0]);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ if (optidx != argc)
+ usage (1);
+
+ if (principals.num_strings == 0)
+ errx(1, "no principals");
+
+ user = estrdup(principals.strings[0]);
+ password = strchr(user, ':');
+ if (password == NULL)
+ errx(1, "password missing from %s", user);
+ *password++ = 0;
+
+ if (slaves.num_strings == 0)
+ errx(1, "no principals");
+
+ if (logfile_str) {
+ printf("open logfile %s\n", logfile_str);
+ logfile = fopen(logfile_str, "w+");
+ if (logfile == NULL)
+ err(1, "failed to open: %s", logfile_str);
+ }
+
+ /*
+ *
+ */
+
+ list = permutate_all(&slaves, &num_list);
+
+ /*
+ * Set up connection to all clients
+ */
+
+ printf("Connecting to slaves\n");
+ for (i = 0; i < slaves.num_strings; i++)
+ connect_client(slaves.strings[i]);
+
+ /*
+ * Test acquire credentials
+ */
+
+ printf("Test acquire credentials\n");
+ for (i = 0; i < slaves.num_strings; i++) {
+ int32_t hCred, val;
+
+ val = acquire_cred(clients[i], user, password, 1, &hCred);
+ if (val != GSMERR_OK) {
+ warnx("Failed to acquire_cred on host %s: %d",
+ clients[i]->moniker, (int)val);
+ failed = 1;
+ } else
+ toast_resource(clients[i], hCred);
+ }
+
+ if (failed)
+ goto out;
+
+ /*
+ * First test if all slaves can build context to them-self.
+ */
+
+ printf("Self context tests\n");
+ for (i = 0; i < num_clients; i++) {
+ int32_t hCred, val, delegCred;
+ int32_t clientC, serverC;
+ struct client *c = clients[i];
+
+ if (c->target_name == NULL)
+ continue;
+
+ printf("%s connects to self using %s\n",
+ c->moniker, c->target_name);
+
+ val = acquire_cred(c, user, password, 1, &hCred);
+ if (val != GSMERR_OK)
+ errx(1, "failed to acquire_cred: %d", (int)val);
+
+ val = build_context(c, c,
+ GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
+ GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
+ GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
+ hCred, &clientC, &serverC, &delegCred);
+ if (val == GSMERR_OK) {
+ test_token(c, clientC, c, serverC);
+ toast_resource(c, clientC);
+ toast_resource(c, serverC);
+ if (delegCred)
+ toast_resource(c, delegCred);
+ } else {
+ warnx("build_context failed: %d", (int)val);
+ }
+ /*
+ *
+ */
+
+ val = build_context(c, c,
+ GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG,
+ hCred, &clientC, &serverC, &delegCred);
+ if (val == GSMERR_OK) {
+ test_token(c, clientC, c, serverC);
+ toast_resource(c, clientC);
+ toast_resource(c, serverC);
+ if (delegCred)
+ toast_resource(c, delegCred);
+ } else {
+ warnx("build_context failed: %d", (int)val);
+ }
+
+ toast_resource(c, hCred);
+ }
+ /*
+ * Build contexts though all entries in each lists, including the
+ * step from the last entry to the first, ie treat the list as a
+ * circle.
+ *
+ * Only follow the delegated credential, but test "all"
+ * flags. (XXX only do deleg|mutual right now.
+ */
+
+ printf("\"All\" permutation tests\n");
+
+ for (i = 0; i < num_list; i++) {
+ int32_t hCred, val, delegCred = 0;
+ int32_t clientC = 0, serverC = 0;
+ struct client *client, *server;
+
+ p = list[i];
+
+ client = get_client(p[0]);
+
+ val = acquire_cred(client, user, password, 1, &hCred);
+ if (val != GSMERR_OK)
+ errx(1, "failed to acquire_cred: %d", (int)val);
+
+ for (j = 1; j < num_clients + 1; j++) {
+ server = get_client(p[j % num_clients]);
+
+ if (server->target_name == NULL)
+ break;
+
+ for (k = 1; k < j; k++)
+ printf("\t");
+ printf("%s -> %s\n", client->moniker, server->moniker);
+
+ val = build_context(client, server,
+ GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG|
+ GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG|
+ GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
+ hCred, &clientC, &serverC, &delegCred);
+ if (val != GSMERR_OK) {
+ warnx("build_context failed: %d", (int)val);
+ break;
+ }
+
+ val = test_token(client, clientC, server, serverC);
+ if (val)
+ break;
+
+ toast_resource(client, clientC);
+ toast_resource(server, serverC);
+ if (!delegCred) {
+ warnx("no delegated cred on %s", server->moniker);
+ break;
+ }
+ toast_resource(client, hCred);
+ hCred = delegCred;
+ client = server;
+ }
+ if (hCred)
+ toast_resource(client, hCred);
+ }
+
+ /*
+ * Close all connections to clients
+ */
+
+out:
+ printf("sending goodbye and waiting for log sockets\n");
+ for (i = 0; i < num_clients; i++) {
+ goodbye(clients[i]);
+ if (clients[i]->logsock) {
+#ifdef ENABLE_PTHREAD_SUPPORT
+ pthread_join(&clients[i]->thr, NULL);
+#else
+ waitpid(clients[i]->child, NULL, 0);
+#endif
+ }
+ }
+
+ printf("done\n");
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/gssmask/gssmask.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/gssmask.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/gssmask.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1092 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "common.h"
+RCSID("$Id: gssmask.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ *
+ */
+
+enum handle_type { handle_context, handle_cred };
+
+struct handle {
+ int32_t idx;
+ enum handle_type type;
+ void *ptr;
+ struct handle *next;
+};
+
+struct client {
+ krb5_storage *sock;
+ krb5_storage *logging;
+ char *moniker;
+ int32_t nHandle;
+ struct handle *handles;
+ struct sockaddr_storage sa;
+ socklen_t salen;
+ char servername[MAXHOSTNAMELEN];
+};
+
+FILE *logfile;
+static char *targetname;
+krb5_context context;
+
+/*
+ *
+ */
+
+static void
+logmessage(struct client *c, const char *file, unsigned int lineno,
+ int level, const char *fmt, ...)
+{
+ char *message;
+ va_list ap;
+ int32_t ackid;
+
+ va_start(ap, fmt);
+ vasprintf(&message, fmt, ap);
+ va_end(ap);
+
+ if (logfile)
+ fprintf(logfile, "%s:%u: %d %s\n", file, lineno, level, message);
+
+ if (c->logging) {
+ if (krb5_store_int32(c->logging, eLogInfo) != 0)
+ errx(1, "krb5_store_int32: log level");
+ if (krb5_store_string(c->logging, file) != 0)
+ errx(1, "krb5_store_string: filename");
+ if (krb5_store_int32(c->logging, lineno) != 0)
+ errx(1, "krb5_store_string: filename");
+ if (krb5_store_string(c->logging, message) != 0)
+ errx(1, "krb5_store_string: message");
+ if (krb5_ret_int32(c->logging, &ackid) != 0)
+ errx(1, "krb5_ret_int32: ackid");
+ }
+ free(message);
+}
+
+/*
+ *
+ */
+
+static int32_t
+add_handle(struct client *c, enum handle_type type, void *data)
+{
+ struct handle *h;
+
+ h = ecalloc(1, sizeof(*h));
+
+ h->idx = ++c->nHandle;
+ h->type = type;
+ h->ptr = data;
+ h->next = c->handles;
+ c->handles = h;
+
+ return h->idx;
+}
+
+static void
+del_handle(struct handle **h, int32_t idx)
+{
+ OM_uint32 min_stat;
+
+ if (idx == 0)
+ return;
+
+ while (*h) {
+ if ((*h)->idx == idx) {
+ struct handle *p = *h;
+ *h = (*h)->next;
+ switch(p->type) {
+ case handle_context: {
+ gss_ctx_id_t c = p->ptr;
+ gss_delete_sec_context(&min_stat, &c, NULL);
+ break; }
+ case handle_cred: {
+ gss_cred_id_t c = p->ptr;
+ gss_release_cred(&min_stat, &c);
+ break; }
+ }
+ free(p);
+ return;
+ }
+ h = &((*h)->next);
+ }
+ errx(1, "tried to delete an unexisting handle");
+}
+
+static void *
+find_handle(struct handle *h, int32_t idx, enum handle_type type)
+{
+ if (idx == 0)
+ return NULL;
+
+ while (h) {
+ if (h->idx == idx) {
+ if (type == h->type)
+ return h->ptr;
+ errx(1, "monger switched type on handle!");
+ }
+ h = h->next;
+ }
+ return NULL;
+}
+
+
+static int32_t
+convert_gss_to_gsm(OM_uint32 maj_stat)
+{
+ switch(maj_stat) {
+ case 0:
+ return GSMERR_OK;
+ case GSS_S_CONTINUE_NEEDED:
+ return GSMERR_CONTINUE_NEEDED;
+ case GSS_S_DEFECTIVE_TOKEN:
+ return GSMERR_INVALID_TOKEN;
+ case GSS_S_BAD_MIC:
+ return GSMERR_AP_MODIFIED;
+ default:
+ return GSMERR_ERROR;
+ }
+}
+
+static int32_t
+convert_krb5_to_gsm(krb5_error_code ret)
+{
+ switch(ret) {
+ case 0:
+ return GSMERR_OK;
+ default:
+ return GSMERR_ERROR;
+ }
+}
+
+/*
+ *
+ */
+
+static int32_t
+acquire_cred(struct client *c,
+ krb5_principal principal,
+ krb5_get_init_creds_opt *opt,
+ int32_t *handle)
+{
+ krb5_error_code ret;
+ krb5_creds cred;
+ krb5_ccache id;
+ gss_cred_id_t gcred;
+ OM_uint32 maj_stat, min_stat;
+
+ *handle = 0;
+
+ krb5_get_init_creds_opt_set_forwardable (opt, 1);
+ krb5_get_init_creds_opt_set_renew_life (opt, 3600 * 24 * 30);
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ NULL,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ opt);
+ if (ret) {
+ logmessage(c, __FILE__, __LINE__, 0,
+ "krb5_get_init_creds failed: %d", ret);
+ return convert_krb5_to_gsm(ret);
+ }
+
+ ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_initialize (context, id, cred.client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_store_cred (context, id, &cred);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_store_cred");
+
+ krb5_free_cred_contents (context, &cred);
+
+ maj_stat = gss_krb5_import_cred(&min_stat,
+ id,
+ NULL,
+ NULL,
+ &gcred);
+ krb5_cc_close(context, id);
+ if (maj_stat) {
+ logmessage(c, __FILE__, __LINE__, 0,
+ "krb5 import creds failed with: %d", maj_stat);
+ return convert_gss_to_gsm(maj_stat);
+ }
+
+ *handle = add_handle(c, handle_cred, gcred);
+
+ return 0;
+}
+
+
+/*
+ *
+ */
+
+#define HandleOP(h) \
+handle##h(enum gssMaggotOp op, struct client *c)
+
+/*
+ *
+ */
+
+static int
+HandleOP(GetVersionInfo)
+{
+ put32(c, GSSMAGGOTPROTOCOL);
+ errx(1, "GetVersionInfo");
+}
+
+static int
+HandleOP(GoodBye)
+{
+ struct handle *h = c->handles;
+ int i = 0;
+
+ while (h) {
+ h = h->next;
+ i++;
+ }
+
+ if (i != 0)
+ logmessage(c, __FILE__, __LINE__, 0,
+ "Did not toast all resources: %d", i);
+ return 1;
+}
+
+static int
+HandleOP(InitContext)
+{
+ OM_uint32 maj_stat, min_stat, ret_flags;
+ int32_t hContext, hCred, flags;
+ krb5_data target_name, in_token;
+ int32_t new_context_id = 0, gsm_error = 0;
+ krb5_data out_token = { 0 , NULL };
+
+ gss_ctx_id_t ctx;
+ gss_cred_id_t creds;
+ gss_name_t gss_target_name;
+ gss_buffer_desc input_token, output_token;
+ gss_OID oid = GSS_C_NO_OID;
+ gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
+
+ ret32(c, hContext);
+ ret32(c, hCred);
+ ret32(c, flags);
+ retdata(c, target_name);
+ retdata(c, in_token);
+
+ logmessage(c, __FILE__, __LINE__, 0,
+ "targetname: <%.*s>", (int)target_name.length,
+ (char *)target_name.data);
+
+ ctx = find_handle(c->handles, hContext, handle_context);
+ if (ctx == NULL)
+ hContext = 0;
+ creds = find_handle(c->handles, hCred, handle_cred);
+ if (creds == NULL)
+ abort();
+
+ input_token.length = target_name.length;
+ input_token.value = target_name.data;
+
+ maj_stat = gss_import_name(&min_stat,
+ &input_token,
+ GSS_KRB5_NT_PRINCIPAL_NAME,
+ &gss_target_name);
+ if (GSS_ERROR(maj_stat)) {
+ logmessage(c, __FILE__, __LINE__, 0,
+ "import name creds failed with: %d", maj_stat);
+ gsm_error = convert_gss_to_gsm(maj_stat);
+ goto out;
+ }
+
+ /* oid from flags */
+
+ if (in_token.length) {
+ input_token.length = in_token.length;
+ input_token.value = in_token.data;
+ input_token_ptr = &input_token;
+ if (ctx == NULL)
+ krb5_errx(context, 1, "initcreds, context NULL, but not first req");
+ } else {
+ input_token.length = 0;
+ input_token.value = NULL;
+ if (ctx)
+ krb5_errx(context, 1, "initcreds, context not NULL, but first req");
+ }
+
+ if ((flags & GSS_C_DELEG_FLAG) != 0)
+ logmessage(c, __FILE__, __LINE__, 0, "init_sec_context delegating");
+ if ((flags & GSS_C_DCE_STYLE) != 0)
+ logmessage(c, __FILE__, __LINE__, 0, "init_sec_context dce-style");
+
+ maj_stat = gss_init_sec_context(&min_stat,
+ creds,
+ &ctx,
+ gss_target_name,
+ oid,
+ flags & 0x7f,
+ 0,
+ NULL,
+ input_token_ptr,
+ NULL,
+ &output_token,
+ &ret_flags,
+ NULL);
+ if (GSS_ERROR(maj_stat)) {
+ if (hContext != 0)
+ del_handle(&c->handles, hContext);
+ new_context_id = 0;
+ logmessage(c, __FILE__, __LINE__, 0,
+ "gss_init_sec_context returns code: %d/%d",
+ maj_stat, min_stat);
+ } else {
+ if (input_token.length == 0)
+ new_context_id = add_handle(c, handle_context, ctx);
+ else
+ new_context_id = hContext;
+ }
+
+ gsm_error = convert_gss_to_gsm(maj_stat);
+
+ if (output_token.length) {
+ out_token.data = output_token.value;
+ out_token.length = output_token.length;
+ }
+
+out:
+ logmessage(c, __FILE__, __LINE__, 0,
+ "InitContext return code: %d", gsm_error);
+
+ put32(c, new_context_id);
+ put32(c, gsm_error);
+ putdata(c, out_token);
+
+ gss_release_name(&min_stat, &gss_target_name);
+ if (output_token.length)
+ gss_release_buffer(&min_stat, &output_token);
+ krb5_data_free(&in_token);
+ krb5_data_free(&target_name);
+
+ return 0;
+}
+
+static int
+HandleOP(AcceptContext)
+{
+ OM_uint32 maj_stat, min_stat, ret_flags;
+ int32_t hContext, deleg_hcred, flags;
+ krb5_data in_token;
+ int32_t new_context_id = 0, gsm_error = 0;
+ krb5_data out_token = { 0 , NULL };
+
+ gss_ctx_id_t ctx;
+ gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
+ gss_buffer_desc input_token, output_token;
+ gss_buffer_t input_token_ptr = GSS_C_NO_BUFFER;
+
+ ret32(c, hContext);
+ ret32(c, flags);
+ retdata(c, in_token);
+
+ ctx = find_handle(c->handles, hContext, handle_context);
+ if (ctx == NULL)
+ hContext = 0;
+
+ if (in_token.length) {
+ input_token.length = in_token.length;
+ input_token.value = in_token.data;
+ input_token_ptr = &input_token;
+ } else {
+ input_token.length = 0;
+ input_token.value = NULL;
+ }
+
+ maj_stat = gss_accept_sec_context(&min_stat,
+ &ctx,
+ GSS_C_NO_CREDENTIAL,
+ &input_token,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ NULL,
+ NULL,
+ &output_token,
+ &ret_flags,
+ NULL,
+ &deleg_cred);
+ if (GSS_ERROR(maj_stat)) {
+ if (hContext != 0)
+ del_handle(&c->handles, hContext);
+ logmessage(c, __FILE__, __LINE__, 0,
+ "gss_accept_sec_context returns code: %d/%d",
+ maj_stat, min_stat);
+ new_context_id = 0;
+ } else {
+ if (hContext == 0)
+ new_context_id = add_handle(c, handle_context, ctx);
+ else
+ new_context_id = hContext;
+ }
+ if (output_token.length) {
+ out_token.data = output_token.value;
+ out_token.length = output_token.length;
+ }
+ if ((ret_flags & GSS_C_DCE_STYLE) != 0)
+ logmessage(c, __FILE__, __LINE__, 0, "accept_sec_context dce-style");
+ if ((ret_flags & GSS_C_DELEG_FLAG) != 0) {
+ deleg_hcred = add_handle(c, handle_cred, deleg_cred);
+ logmessage(c, __FILE__, __LINE__, 0,
+ "accept_context delegated handle: %d", deleg_hcred);
+ } else {
+ gss_release_cred(&min_stat, &deleg_cred);
+ deleg_hcred = 0;
+ }
+
+
+ gsm_error = convert_gss_to_gsm(maj_stat);
+
+ put32(c, new_context_id);
+ put32(c, gsm_error);
+ putdata(c, out_token);
+ put32(c, deleg_hcred);
+
+ if (output_token.length)
+ gss_release_buffer(&min_stat, &output_token);
+ krb5_data_free(&in_token);
+
+ return 0;
+}
+
+static int
+HandleOP(ToastResource)
+{
+ int32_t handle;
+
+ ret32(c, handle);
+ logmessage(c, __FILE__, __LINE__, 0, "toasting %d", handle);
+ del_handle(&c->handles, handle);
+ put32(c, GSMERR_OK);
+
+ return 0;
+}
+
+static int
+HandleOP(AcquireCreds)
+{
+ char *name, *password;
+ int32_t gsm_error, flags, handle = 0;
+ krb5_principal principal = NULL;
+ krb5_get_init_creds_opt *opt = NULL;
+ krb5_error_code ret;
+
+ retstring(c, name);
+ retstring(c, password);
+ ret32(c, flags);
+
+ logmessage(c, __FILE__, __LINE__, 0,
+ "username: %s password: %s", name, password);
+
+ ret = krb5_parse_name(context, name, &principal);
+ if (ret) {
+ gsm_error = convert_krb5_to_gsm(ret);
+ goto out;
+ }
+
+ ret = krb5_get_init_creds_opt_alloc (context, &opt);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+
+ krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL);
+
+ gsm_error = acquire_cred(c, principal, opt, &handle);
+
+out:
+ logmessage(c, __FILE__, __LINE__, 0,
+ "AcquireCreds handle: %d return code: %d", handle, gsm_error);
+
+ if (opt)
+ krb5_get_init_creds_opt_free (context, opt);
+ if (principal)
+ krb5_free_principal(context, principal);
+ free(name);
+ free(password);
+
+ put32(c, gsm_error);
+ put32(c, handle);
+
+ return 0;
+}
+
+static int
+HandleOP(Sign)
+{
+ OM_uint32 maj_stat, min_stat;
+ int32_t hContext, flags, seqno;
+ krb5_data token;
+ gss_ctx_id_t ctx;
+ gss_buffer_desc input_token, output_token;
+
+ ret32(c, hContext);
+ ret32(c, flags);
+ ret32(c, seqno);
+ retdata(c, token);
+
+ ctx = find_handle(c->handles, hContext, handle_context);
+ if (ctx == NULL)
+ errx(1, "sign: reference to unknown context");
+
+ input_token.length = token.length;
+ input_token.value = token.data;
+
+ maj_stat = gss_get_mic(&min_stat, ctx, 0, &input_token,
+ &output_token);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_get_mic failed");
+
+ krb5_data_free(&token);
+
+ token.data = output_token.value;
+ token.length = output_token.length;
+
+ put32(c, 0); /* XXX fix gsm_error */
+ putdata(c, token);
+
+ gss_release_buffer(&min_stat, &output_token);
+
+ return 0;
+}
+
+static int
+HandleOP(Verify)
+{
+ OM_uint32 maj_stat, min_stat;
+ int32_t hContext, flags, seqno;
+ krb5_data msg, mic;
+ gss_ctx_id_t ctx;
+ gss_buffer_desc msg_token, mic_token;
+ gss_qop_t qop;
+
+ ret32(c, hContext);
+
+ ctx = find_handle(c->handles, hContext, handle_context);
+ if (ctx == NULL)
+ errx(1, "verify: reference to unknown context");
+
+ ret32(c, flags);
+ ret32(c, seqno);
+ retdata(c, msg);
+
+ msg_token.length = msg.length;
+ msg_token.value = msg.data;
+
+ retdata(c, mic);
+
+ mic_token.length = mic.length;
+ mic_token.value = mic.data;
+
+ maj_stat = gss_verify_mic(&min_stat, ctx, &msg_token,
+ &mic_token, &qop);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_verify_mic failed");
+
+ krb5_data_free(&mic);
+ krb5_data_free(&msg);
+
+ put32(c, 0); /* XXX fix gsm_error */
+
+ return 0;
+}
+
+static int
+HandleOP(GetVersionAndCapabilities)
+{
+ int32_t cap = HAS_MONIKER;
+ char name[256] = "unknown", *str;
+
+ if (targetname)
+ cap |= ISSERVER; /* is server */
+
+#ifdef HAVE_UNAME
+ {
+ struct utsname ut;
+ if (uname(&ut) == 0) {
+ snprintf(name, sizeof(name), "%s-%s-%s",
+ ut.sysname, ut.version, ut.machine);
+ }
+ }
+#endif
+
+ asprintf(&str, "gssmask %s %s", PACKAGE_STRING, name);
+
+ put32(c, GSSMAGGOTPROTOCOL);
+ put32(c, cap);
+ putstring(c, str);
+ free(str);
+
+ return 0;
+}
+
+static int
+HandleOP(GetTargetName)
+{
+ if (targetname)
+ putstring(c, targetname);
+ else
+ putstring(c, "");
+ return 0;
+}
+
+static int
+HandleOP(SetLoggingSocket)
+{
+ int32_t portnum;
+ int fd, ret;
+
+ ret32(c, portnum);
+
+ logmessage(c, __FILE__, __LINE__, 0,
+ "logging port on peer is: %d", (int)portnum);
+
+ socket_set_port((struct sockaddr *)(&c->sa), htons(portnum));
+
+ fd = socket(((struct sockaddr *)&c->sa)->sa_family, SOCK_STREAM, 0);
+ if (fd < 0)
+ return 0;
+
+ ret = connect(fd, (struct sockaddr *)&c->sa, c->salen);
+ if (ret < 0) {
+ logmessage(c, __FILE__, __LINE__, 0, "failed connect to log port: %s",
+ strerror(errno));
+ close(fd);
+ return 0;
+ }
+
+ if (c->logging)
+ krb5_storage_free(c->logging);
+ c->logging = krb5_storage_from_fd(fd);
+ close(fd);
+
+ krb5_store_int32(c->logging, eLogSetMoniker);
+ store_string(c->logging, c->moniker);
+
+ logmessage(c, __FILE__, __LINE__, 0, "logging turned on");
+
+ return 0;
+}
+
+
+static int
+HandleOP(ChangePassword)
+{
+ errx(1, "ChangePassword");
+}
+
+static int
+HandleOP(SetPasswordSelf)
+{
+ errx(1, "SetPasswordSelf");
+}
+
+static int
+HandleOP(Wrap)
+{
+ OM_uint32 maj_stat, min_stat;
+ int32_t hContext, flags, seqno;
+ krb5_data token;
+ gss_ctx_id_t ctx;
+ gss_buffer_desc input_token, output_token;
+ int conf_state;
+
+ ret32(c, hContext);
+ ret32(c, flags);
+ ret32(c, seqno);
+ retdata(c, token);
+
+ ctx = find_handle(c->handles, hContext, handle_context);
+ if (ctx == NULL)
+ errx(1, "wrap: reference to unknown context");
+
+ input_token.length = token.length;
+ input_token.value = token.data;
+
+ maj_stat = gss_wrap(&min_stat, ctx, flags, 0, &input_token,
+ &conf_state, &output_token);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_wrap failed");
+
+ krb5_data_free(&token);
+
+ token.data = output_token.value;
+ token.length = output_token.length;
+
+ put32(c, 0); /* XXX fix gsm_error */
+ putdata(c, token);
+
+ gss_release_buffer(&min_stat, &output_token);
+
+ return 0;
+}
+
+
+static int
+HandleOP(Unwrap)
+{
+ OM_uint32 maj_stat, min_stat;
+ int32_t hContext, flags, seqno;
+ krb5_data token;
+ gss_ctx_id_t ctx;
+ gss_buffer_desc input_token, output_token;
+ int conf_state;
+ gss_qop_t qop_state;
+
+ ret32(c, hContext);
+ ret32(c, flags);
+ ret32(c, seqno);
+ retdata(c, token);
+
+ ctx = find_handle(c->handles, hContext, handle_context);
+ if (ctx == NULL)
+ errx(1, "unwrap: reference to unknown context");
+
+ input_token.length = token.length;
+ input_token.value = token.data;
+
+ maj_stat = gss_unwrap(&min_stat, ctx, &input_token,
+ &output_token, &conf_state, &qop_state);
+
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat);
+
+ krb5_data_free(&token);
+ if (maj_stat == GSS_S_COMPLETE) {
+ token.data = output_token.value;
+ token.length = output_token.length;
+ } else {
+ token.data = NULL;
+ token.length = 0;
+ }
+ put32(c, 0); /* XXX fix gsm_error */
+ putdata(c, token);
+
+ if (maj_stat == GSS_S_COMPLETE)
+ gss_release_buffer(&min_stat, &output_token);
+
+ return 0;
+}
+
+static int
+HandleOP(Encrypt)
+{
+ return handleWrap(op, c);
+}
+
+static int
+HandleOP(Decrypt)
+{
+ return handleUnwrap(op, c);
+}
+
+static int
+HandleOP(ConnectLoggingService2)
+{
+ errx(1, "ConnectLoggingService2");
+}
+
+static int
+HandleOP(GetMoniker)
+{
+ putstring(c, c->moniker);
+ return 0;
+}
+
+static int
+HandleOP(CallExtension)
+{
+ errx(1, "CallExtension");
+}
+
+static int
+HandleOP(AcquirePKInitCreds)
+{
+ int32_t flags;
+ krb5_data pfxdata;
+
+ ret32(c, flags);
+ retdata(c, pfxdata);
+
+ /* get credentials */
+
+ krb5_data_free(&pfxdata);
+
+ put32(c, -1); /* hResource */
+ put32(c, GSMERR_NOT_SUPPORTED);
+ return 0;
+}
+
+/*
+ *
+ */
+
+struct handler {
+ enum gssMaggotOp op;
+ const char *name;
+ int (*func)(enum gssMaggotOp, struct client *);
+};
+
+#define S(a) { e##a, #a, handle##a }
+
+struct handler handlers[] = {
+ S(GetVersionInfo),
+ S(GoodBye),
+ S(InitContext),
+ S(AcceptContext),
+ S(ToastResource),
+ S(AcquireCreds),
+ S(Encrypt),
+ S(Decrypt),
+ S(Sign),
+ S(Verify),
+ S(GetVersionAndCapabilities),
+ S(GetTargetName),
+ S(SetLoggingSocket),
+ S(ChangePassword),
+ S(SetPasswordSelf),
+ S(Wrap),
+ S(Unwrap),
+ S(ConnectLoggingService2),
+ S(GetMoniker),
+ S(CallExtension),
+ S(AcquirePKInitCreds)
+};
+
+#undef S
+
+/*
+ *
+ */
+
+static struct handler *
+find_op(int32_t op)
+{
+ int i;
+
+ for (i = 0; i < sizeof(handlers)/sizeof(handlers[0]); i++)
+ if (handlers[i].op == op)
+ return &handlers[i];
+ return NULL;
+}
+
+static struct client *
+create_client(int fd, int port, const char *moniker)
+{
+ struct client *c;
+
+ c = ecalloc(1, sizeof(*c));
+
+ if (moniker) {
+ c->moniker = estrdup(moniker);
+ } else {
+ char hostname[MAXHOSTNAMELEN];
+ gethostname(hostname, sizeof(hostname));
+ asprintf(&c->moniker, "gssmask: %s:%d", hostname, port);
+ }
+
+ {
+ c->salen = sizeof(c->sa);
+ getpeername(fd, (struct sockaddr *)&c->sa, &c->salen);
+
+ getnameinfo((struct sockaddr *)&c->sa, c->salen,
+ c->servername, sizeof(c->servername),
+ NULL, 0, NI_NUMERICHOST);
+ }
+
+ c->sock = krb5_storage_from_fd(fd);
+ if (c->sock == NULL)
+ errx(1, "krb5_storage_from_fd");
+
+ close(fd);
+
+ return c;
+}
+
+static void
+free_client(struct client *c)
+{
+ while(c->handles)
+ del_handle(&c->handles, c->handles->idx);
+
+ free(c->moniker);
+ krb5_storage_free(c->sock);
+ if (c->logging)
+ krb5_storage_free(c->logging);
+ free(c);
+}
+
+
+static void *
+handleServer(void *ptr)
+{
+ struct handler *handler;
+ struct client *c;
+ int32_t op;
+
+ c = (struct client *)ptr;
+
+
+ while(1) {
+ ret32(c, op);
+
+ handler = find_op(op);
+ if (handler == NULL) {
+ logmessage(c, __FILE__, __LINE__, 0,
+ "op %d not supported", (int)op);
+ exit(1);
+ }
+
+ logmessage(c, __FILE__, __LINE__, 0,
+ "---> Got op %s from server %s",
+ handler->name, c->servername);
+
+ if ((handler->func)(handler->op, c))
+ break;
+ }
+
+ return NULL;
+}
+
+
+static char *port_str;
+static int version_flag;
+static int help_flag;
+static char *logfile_str;
+static char *moniker_str;
+
+static int port = 4711;
+
+struct getargs args[] = {
+ { "spn", 0, arg_string, &targetname, "This host's SPN",
+ "service/host at REALM" },
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "number-of-service" },
+ { "logfile", 0, arg_string, &logfile_str, "logfile",
+ "number-of-service" },
+ { "moniker", 0, arg_string, &moniker_str, "nickname",
+ "name" },
+ { "version", 0, arg_flag, &version_flag, "Print version",
+ NULL },
+ { "help", 0, arg_flag, &help_flag, NULL,
+ NULL }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ if (optidx != argc)
+ usage (1);
+
+ if (port_str) {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ }
+
+ krb5_init_context(&context);
+
+ {
+ const char *lf = logfile_str;
+ if (lf == NULL)
+ lf = "/dev/tty";
+
+ logfile = fopen(lf, "w");
+ if (logfile == NULL)
+ err(1, "error opening %s", lf);
+ }
+
+ mini_inetd(htons(port));
+ fprintf(logfile, "connected\n");
+
+ {
+ struct client *c;
+
+ c = create_client(0, port, moniker_str);
+ /* close(0); */
+
+ handleServer(c);
+
+ free_client(c);
+ }
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/gssmask/protocol.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/gssmask/protocol.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/gssmask/protocol.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,286 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * $Id: protocol.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+ */
+
+/* missing from tests:
+ * - export context
+ * - import context
+ */
+
+/*
+ * wire encodings:
+ * int16: number, 2 bytes, in network order
+ * int32: number, 4 bytes, in network order
+ * length-encoded: [int32 length, data of length bytes]
+ * string: [int32 length, string of length + 1 bytes, includes trailing '\0' ]
+ */
+
+enum gssMaggotErrorCodes {
+ GSMERR_OK = 0,
+ GSMERR_ERROR,
+ GSMERR_CONTINUE_NEEDED,
+ GSMERR_INVALID_TOKEN,
+ GSMERR_AP_MODIFIED,
+ GSMERR_TEST_ISSUE,
+ GSMERR_NOT_SUPPORTED
+};
+
+/*
+ * input:
+ * int32: message OP (enum gssMaggotProtocol)
+ * ...
+ *
+ * return: -- on error
+ * int32: not support (GSMERR_NOT_SUPPORTED)
+ *
+ * return: -- on existing message OP
+ * int32: support (GSMERR_OK) -- only sent for extensions
+ * ...
+ */
+
+#define GSSMAGGOTPROTOCOL 14
+
+enum gssMaggotOp {
+ eGetVersionInfo = 0,
+ /*
+ * input:
+ * none
+ * return:
+ * int32: last version handled
+ */
+ eGoodBye,
+ /*
+ * input:
+ * none
+ * return:
+ * close socket
+ */
+ eInitContext,
+ /*
+ * input:
+ * int32: hContext
+ * int32: hCred
+ * int32: Flags
+ * the lowest 0x7f flags maps directly to GSS-API flags
+ * DELEGATE 0x001
+ * MUTUAL_AUTH 0x002
+ * REPLAY_DETECT 0x004
+ * SEQUENCE_DETECT 0x008
+ * CONFIDENTIALITY 0x010
+ * INTEGRITY 0x020
+ * ANONYMOUS 0x040
+ *
+ * FIRST_CALL 0x080
+ *
+ * NTLM 0x100
+ * SPNEGO 0x200
+ * length-encoded: targetname
+ * length-encoded: token
+ * return:
+ * int32: hNewContextId
+ * int32: gssapi status val
+ * length-encoded: output token
+ */
+ eAcceptContext,
+ /*
+ * input:
+ * int32: hContext
+ * int32: Flags -- unused ?
+ * flags are same as flags for eInitContext
+ * length-encoded: token
+ * return:
+ * int32: hNewContextId
+ * int32: gssapi status val
+ * length-encoded: output token
+ * int32: delegation cred id
+ */
+ eToastResource,
+ /*
+ * input:
+ * int32: hResource
+ * return:
+ * int32: gsm status val
+ */
+ eAcquireCreds,
+ /*
+ * input:
+ * string: principal name
+ * string: password
+ * int32: flags
+ * FORWARDABLE 0x001
+ * DEFAULT_CREDS 0x002
+ *
+ * NTLM 0x100
+ * SPNEGO 0x200
+ * return:
+ * int32: gsm status val
+ * int32: hCred
+ */
+ eEncrypt,
+ /*
+ * input:
+ * int32: hContext
+ * int32: flags -- unused
+ * int32: seqno -- unused
+ * length-encode: plaintext
+ * return:
+ * int32: gsm status val
+ * length-encode: ciphertext
+ */
+ eDecrypt,
+ /*
+ * input:
+ * int32: hContext
+ * int32: flags -- unused
+ * int32: seqno -- unused
+ * length-encode: ciphertext
+ * return:
+ * int32: gsm status val
+ * length-encode: plaintext
+ */
+ eSign,
+ /* message same as eEncrypt */
+ eVerify,
+ /*
+ * input:
+ * int32: hContext
+ * int32: flags -- unused
+ * int32: seqno -- unused
+ * length-encode: message
+ * length-encode: signature
+ * return:
+ * int32: gsm status val
+ */
+ eGetVersionAndCapabilities,
+ /*
+ * return:
+ * int32: protocol version
+ * int32: capability flags */
+#define ISSERVER 0x01
+#define ISKDC 0x02
+#define MS_KERBEROS 0x04
+#define LOGSERVER 0x08
+#define HAS_MONIKER 0x10
+ /* string: version string
+ */
+ eGetTargetName,
+ /*
+ * return:
+ * string: target principal name
+ */
+ eSetLoggingSocket,
+ /*
+ * input:
+ * int32: hostPort
+ * return to the port on the host:
+ * int32: opcode - for example eLogSetMoniker
+ */
+ eChangePassword,
+ /* here ended version 7 of the protocol */
+ /*
+ * input:
+ * string: principal name
+ * string: old password
+ * string: new password
+ * return:
+ * int32: gsm status val
+ */
+ eSetPasswordSelf,
+ /* same as eChangePassword */
+ eWrap,
+ /* message same as eEncrypt */
+ eUnwrap,
+ /* message same as eDecrypt */
+ eConnectLoggingService2,
+ /*
+ * return1:
+ * int16: log port number
+ * int32: master log prototocol version (0)
+ *
+ * wait for master to connect on the master log socket
+ *
+ * return2:
+ * int32: gsm connection status
+ * int32: maggot log prototocol version (2)
+ */
+ eGetMoniker,
+ /*
+ * return:
+ * string: moniker (Nickname the master can refer to maggot)
+ */
+ eCallExtension,
+ /*
+ * input:
+ * string: extension name
+ * int32: message id
+ * return:
+ * int32: gsm status val
+ */
+ eAcquirePKInitCreds,
+ /*
+ * input:
+ * int32: flags
+ * length-encode: certificate (pkcs12 data)
+ * return:
+ * int32: hResource
+ * int32: gsm status val (GSMERR_NOT_SUPPORTED)
+ */
+ /* here ended version 7 of the protocol */
+ eLastProtocolMessage
+};
+
+enum gssMaggotLogOp{
+ eLogInfo = 0,
+ /*
+ string: File
+ int32: Line
+ string: message
+ reply:
+ int32: ackid
+ */
+ eLogFailure,
+ /*
+ string: File
+ int32: Line
+ string: message
+ reply:
+ int32: ackid
+ */
+ eLogSetMoniker
+ /*
+ string: moniker
+ */
+};
Added: vendor-crypto/heimdal/dist/appl/kf/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,20 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+bin_PROGRAMS = kf
+
+libexec_PROGRAMS = kfd
+
+man_MANS = kf.1 kfd.8
+
+kf_SOURCES = kf.c kf_locl.h
+
+kfd_SOURCES = kfd.c kf_locl.h
+
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/kf/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,925 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = kf$(EXEEXT)
+libexec_PROGRAMS = kfd$(EXEEXT)
+subdir = appl/kf
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
+am_kf_OBJECTS = kf.$(OBJEXT)
+kf_OBJECTS = $(am_kf_OBJECTS)
+kf_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+kf_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+am_kfd_OBJECTS = kfd.$(OBJEXT)
+kfd_OBJECTS = $(am_kfd_OBJECTS)
+kfd_LDADD = $(LDADD)
+kfd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
+DIST_SOURCES = $(kf_SOURCES) $(kfd_SOURCES)
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+man_MANS = kf.1 kfd.8
+kf_SOURCES = kf.c kf_locl.h
+kfd_SOURCES = kfd.c kf_locl.h
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/kf/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/kf/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+kf$(EXEEXT): $(kf_OBJECTS) $(kf_DEPENDENCIES)
+ @rm -f kf$(EXEEXT)
+ $(LINK) $(kf_OBJECTS) $(kf_LDADD) $(LIBS)
+kfd$(EXEEXT): $(kfd_OBJECTS) $(kfd_DEPENDENCIES)
+ @rm -f kfd$(EXEEXT)
+ $(LINK) $(kfd_OBJECTS) $(kfd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-libexecPROGRAMS \
+ install-man install-man1 install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
+ uninstall-man1 uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/kf/kf.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/kf.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/kf.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,112 @@
+.\" Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kf.1,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd July 2, 2000
+.Dt KF 1
+.Os Heimdal
+.Sh NAME
+.Nm kf
+.Nd securely forward tickets
+.Sh SYNOPSIS
+.Nm
+.Oo
+.Fl p Ar port |
+.Fl -port Ns = Ns Ar port
+.Oc
+.Oo
+.Fl l Ar login |
+.Fl -login Ns = Ns Ar login
+.Oc
+.Oo
+.Fl c Ar ccache |
+.Fl -ccache Ns = Ns Ar ccache
+.Oc
+.Op Fl F | -forwardable
+.Op Fl G | -no-forwardable
+.Op Fl h | -help
+.Op Fl -version
+.Ar host ...
+.Sh DESCRIPTION
+The
+.Nm
+program forwards tickets to a remote host through an authenticated
+and encrypted stream.
+Options supported are:
+.Bl -tag -width indent
+.It Xo
+.Fl p Ar port ,
+.Fl -port Ns = Ns Ar port
+.Xc
+port to connect to
+.It Xo
+.Fl l Ar login ,
+.Fl -login Ns = Ns Ar login
+.Xc
+remote login name
+.It Xo
+.Fl c Ar ccache ,
+.Fl -ccache Ns = Ns Ar ccache
+.Xc
+remote cred cache
+.It Fl F , -forwardable
+forward forwardable credentials
+.It Fl G , -no-forwardable
+do not forward forwardable credentials
+.It Fl h , -help
+.It Fl -version
+.El
+.Pp
+.Nm
+is useful when you do not want to enter your password on a remote host
+but want to have your tickets one for example AFS.
+.Pp
+In order for
+.Nm
+to work you will need to acquire your initial ticket with forwardable
+flag, i.e.
+.Nm kinit Fl -forwardable .
+.Pp
+.Nm telnet
+is able to forward tickets by itself.
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr telnet 1 ,
+.Xr kfd 8
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/appl/kf/kf.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/kf.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/kf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,335 @@
+/*
+ * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kf_locl.h"
+RCSID("$Id: kf.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+krb5_context context;
+static int help_flag;
+static int version_flag;
+static char *port_str;
+const char *service = KF_SERVICE;
+const char *remote_name = NULL;
+int forwardable = 0;
+const char *ccache_name = NULL;
+
+static struct getargs args[] = {
+ { "port", 'p', arg_string, &port_str, "port to connect to", "port" },
+ { "login", 'l',arg_string, &remote_name,"remote login name","login"},
+ { "ccache", 'c',arg_string, &ccache_name, "remote cred cache","ccache"},
+ { "forwardable",'F',arg_flag,&forwardable,
+ "Forward forwardable credentials", NULL },
+ { "forwardable",'G',arg_negative_flag,&forwardable,
+ "Don't forward forwardable credentials", NULL },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code, struct getargs *args, int num_args)
+{
+ arg_printusage(args, num_args, NULL, "hosts");
+ exit(code);
+}
+
+static int
+client_setup(krb5_context *context, int *argc, char **argv)
+{
+ int optind = 0;
+ int port = 0;
+ int status;
+
+ setprogname (argv[0]);
+
+ status = krb5_init_context (context);
+ if (status)
+ errx(1, "krb5_init_context failed: %d", status);
+
+ forwardable = krb5_config_get_bool (*context, NULL,
+ "libdefaults",
+ "forwardable",
+ NULL);
+
+ if (getarg (args, num_args, *argc, argv, &optind))
+ usage(1, args, num_args);
+
+ if(help_flag)
+ usage (0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(port_str) {
+ struct servent *s = roken_getservbyname(port_str, "tcp");
+ if(s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ port = htons(port);
+ }
+ }
+
+ if (port == 0)
+ port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
+
+ if(*argc - optind < 1)
+ usage(1, args, num_args);
+ *argc = optind;
+
+ return port;
+}
+
+/*
+ * forward creds to `hostname'/`service' over `sock'
+ * return 0 iff OK
+ */
+
+static int
+proto (int sock, const char *hostname, const char *service,
+ char *message, size_t len)
+{
+ krb5_auth_context auth_context;
+ krb5_error_code status;
+ krb5_principal server;
+ krb5_data data;
+ krb5_data data_send;
+
+ krb5_ccache ccache;
+ krb5_creds creds;
+ krb5_kdc_flags flags;
+ krb5_principal principal;
+
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status) {
+ krb5_warn (context, status, "krb5_auth_con_init");
+ return 1;
+ }
+
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+ if (status) {
+ krb5_warn (context, status, "krb5_auth_con_setaddr");
+ return 1;
+ }
+
+ status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status) {
+ krb5_warn (context, status, "krb5_sname_to_principal");
+ return 1;
+ }
+
+ status = krb5_sendauth (context,
+ &auth_context,
+ &sock,
+ KF_VERSION_1,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (status) {
+ krb5_warn(context, status, "krb5_sendauth");
+ return 1;
+ }
+
+ if (ccache_name == NULL)
+ ccache_name = "";
+
+ data_send.data = (void *)remote_name;
+ data_send.length = strlen(remote_name) + 1;
+ status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
+ if (status) {
+ krb5_warn (context, status, "krb5_write_message");
+ return 1;
+ }
+ data_send.data = (void *)ccache_name;
+ data_send.length = strlen(ccache_name)+1;
+ status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
+ if (status) {
+ krb5_warn (context, status, "krb5_write_message");
+ return 1;
+ }
+
+ memset (&creds, 0, sizeof(creds));
+
+ status = krb5_cc_default (context, &ccache);
+ if (status) {
+ krb5_warn (context, status, "krb5_cc_default");
+ return 1;
+ }
+
+ status = krb5_cc_get_principal (context, ccache, &principal);
+ if (status) {
+ krb5_warn (context, status, "krb5_cc_get_principal");
+ return 1;
+ }
+
+ creds.client = principal;
+
+ status = krb5_make_principal (context,
+ &creds.server,
+ principal->realm,
+ KRB5_TGS_NAME,
+ principal->realm,
+ NULL);
+
+ if (status) {
+ krb5_warn (context, status, "krb5_make_principal");
+ return 1;
+ }
+
+ creds.times.endtime = 0;
+
+ flags.i = 0;
+ flags.b.forwarded = 1;
+ flags.b.forwardable = forwardable;
+
+ status = krb5_get_forwarded_creds (context,
+ auth_context,
+ ccache,
+ flags.i,
+ hostname,
+ &creds,
+ &data);
+ if (status) {
+ krb5_warn (context, status, "krb5_get_forwarded_creds");
+ return 1;
+ }
+
+ status = krb5_write_priv_message(context, auth_context, &sock, &data);
+
+ if (status) {
+ krb5_warn (context, status, "krb5_mk_priv");
+ return 1;
+ }
+
+ krb5_data_free (&data);
+
+ status = krb5_read_priv_message(context, auth_context, &sock, &data);
+ if (status) {
+ krb5_warn (context, status, "krb5_mk_priv");
+ return 1;
+ }
+ if(data.length >= len) {
+ krb5_warnx (context, "returned string is too long, truncating");
+ memcpy(message, data.data, len);
+ message[len - 1] = '\0';
+ } else {
+ memcpy(message, data.data, data.length);
+ message[data.length] = '\0';
+ }
+ krb5_data_free (&data);
+
+ return(strcmp(message, "ok"));
+}
+
+static int
+doit (const char *hostname, int port, const char *service,
+ char *message, size_t len)
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ char portstr[NI_MAXSERV];
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
+
+ error = getaddrinfo (hostname, portstr, &hints, &ai);
+ if (error) {
+ errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
+ }
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ int s;
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ freeaddrinfo (ai);
+ return proto (s, hostname, service, message, len);
+ }
+ warnx ("failed to contact %s", hostname);
+ freeaddrinfo (ai);
+ return 1;
+}
+
+int
+main(int argc, char **argv)
+{
+ int argcc,port,i;
+ int ret=0;
+
+ argcc = argc;
+ port = client_setup(&context, &argcc, argv);
+
+ if (remote_name == NULL) {
+ remote_name = get_default_username ();
+ if (remote_name == NULL)
+ errx (1, "who are you?");
+ }
+
+ for (i = argcc;i < argc; i++) {
+ char message[128];
+ ret = doit (argv[i], port, service, message, sizeof(message));
+ if(ret == 0)
+ warnx ("%s: ok", argv[i]);
+ else
+ warnx ("%s: failed: %s", argv[i], message);
+ }
+ return(ret);
+}
Added: vendor-crypto/heimdal/dist/appl/kf/kf_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/kf_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/kf_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kf_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <errno.h>
+#include <roken.h>
+#include <getarg.h>
+#include <err.h>
+#include <krb5.h>
+
+#define KF_SERVICE "host"
+
+#define KF_PORT_NAME "kf"
+#define KF_PORT_NUM 2110
+#define KF_VERSION_1 "KFWDV0.1"
Added: vendor-crypto/heimdal/dist/appl/kf/kfd.8
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/kfd.8 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/kfd.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,85 @@
+.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kfd.8,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd July 2, 2000
+.Dt KFD 8
+.Os Heimdal
+.Sh NAME
+.Nm kfd
+.Nd receive forwarded tickets
+.Sh SYNOPSIS
+.Nm
+.Oo
+.Fl p Ar port |
+.Fl -port Ns = Ns Ar port
+.Oc
+.Op Fl i | -inetd
+.Oo
+.Fl R Ar regpag |
+.Fl -regpag Ns = Ns Ar regpag
+.Oc
+.Op Fl h | -help
+.Op Fl -version
+.Sh DESCRIPTION
+This is the daemon for
+.Xr kf 1 .
+Supported options:
+.Bl -tag -width indent
+.It Xo
+.Fl p Ar port ,
+.Fl -port Ns = Ns Ar port
+.Xc
+port to listen to
+.It Fl i , -inetd
+not started from inetd
+.It Xo
+.Fl R Ar regpag ,
+.Fl -regpag= Ns Ar regpag
+.Xc
+path to regpag binary
+.El
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.Sh EXAMPLES
+Put the following in
+.Pa /etc/inetd.conf :
+.Bd -literal
+kf stream tcp nowait root /usr/heimdal/libexec/kfd kfd
+.Ed
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kf 1
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/appl/kf/kfd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/kf/kfd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/kf/kfd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,308 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kf_locl.h"
+RCSID("$Id: kfd.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+krb5_context context;
+char krb5_tkfile[MAXPATHLEN];
+
+static int help_flag;
+static int version_flag;
+static char *port_str;
+char *service = KF_SERVICE;
+int do_inetd = 0;
+static char *regpag_str=NULL;
+
+static struct getargs args[] = {
+ { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
+ { "inetd",'i',arg_flag, &do_inetd,
+ "Not started from inetd", NULL },
+ { "regpag",'R',arg_string,®pag_str,"path to regpag binary","regpag"},
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code, struct getargs *args, int num_args)
+{
+ arg_printusage(args, num_args, NULL, "");
+ exit(code);
+}
+
+static int
+server_setup(krb5_context *context, int argc, char **argv)
+{
+ int port = 0;
+ int local_argc;
+
+ local_argc = krb5_program_setup(context, argc, argv, args, num_args, usage);
+
+ if(help_flag)
+ (*usage)(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(port_str){
+ struct servent *s = roken_getservbyname(port_str, "tcp");
+ if(s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ port = htons(port);
+ }
+ }
+
+ if (port == 0)
+ port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
+
+ if(argv[local_argc] != NULL)
+ usage(1, args, num_args);
+
+ return port;
+}
+
+static int protocol_version;
+
+static krb5_boolean
+kfd_match_version(const void *arg, const char *version)
+{
+ if(strcmp(version, KF_VERSION_1) == 0) {
+ protocol_version = 1;
+ return TRUE;
+ } else if (strlen(version) == 4 &&
+ version[0] == '0' &&
+ version[1] == '.' &&
+ (version[2] == '4' || version[2] == '3') &&
+ islower((unsigned char)version[3])) {
+ protocol_version = 0;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+static int
+proto (int sock, const char *service)
+{
+ krb5_auth_context auth_context;
+ krb5_error_code status;
+ krb5_principal server;
+ krb5_ticket *ticket;
+ char *name;
+ char ret_string[10];
+ char hostname[MAXHOSTNAMELEN];
+ krb5_data data;
+ krb5_data remotename;
+ krb5_data tk_file;
+ krb5_ccache ccache;
+ char ccname[MAXPATHLEN];
+ struct passwd *pwd;
+
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ krb5_err(context, 1, status, "krb5_auth_con_init");
+
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+ if (status)
+ krb5_err(context, 1, status, "krb5_auth_con_setaddr");
+
+ if(gethostname (hostname, sizeof(hostname)) < 0)
+ krb5_err(context, 1, errno, "gethostname");
+
+ status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status)
+ krb5_err(context, 1, status, "krb5_sname_to_principal");
+
+ status = krb5_recvauth_match_version (context,
+ &auth_context,
+ &sock,
+ kfd_match_version,
+ NULL,
+ server,
+ 0,
+ NULL,
+ &ticket);
+ if (status)
+ krb5_err(context, 1, status, "krb5_recvauth");
+
+ status = krb5_unparse_name (context,
+ ticket->client,
+ &name);
+ if (status)
+ krb5_err(context, 1, status, "krb5_unparse_name");
+
+ if(protocol_version == 0) {
+ data.data = "old clnt"; /* XXX old clients only had room for
+ 10 bytes of message, and also
+ didn't show it to the user */
+ data.length = strlen(data.data) + 1;
+ krb5_write_message(context, &sock, &data);
+ sleep(2); /* XXX give client time to finish */
+ krb5_errx(context, 1, "old client; exiting");
+ }
+
+ status=krb5_read_priv_message (context, auth_context,
+ &sock, &remotename);
+ if (status)
+ krb5_err(context, 1, status, "krb5_read_message");
+ status=krb5_read_priv_message (context, auth_context,
+ &sock, &tk_file);
+ if (status)
+ krb5_err(context, 1, status, "krb5_read_message");
+
+ krb5_data_zero (&data);
+
+ if(((char*)remotename.data)[remotename.length-1] != '\0')
+ krb5_errx(context, 1, "unterminated received");
+ if(((char*)tk_file.data)[tk_file.length-1] != '\0')
+ krb5_errx(context, 1, "unterminated received");
+
+ status = krb5_read_priv_message(context, auth_context, &sock, &data);
+
+ if (status) {
+ krb5_err(context, 1, errno, "krb5_read_priv_message");
+ goto out;
+ }
+
+ pwd = getpwnam ((char *)(remotename.data));
+ if (pwd == NULL) {
+ status=1;
+ krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data));
+ goto out;
+ }
+
+ if(!krb5_kuserok (context,
+ ticket->client,
+ (char *)(remotename.data))) {
+ status=1;
+ krb5_warnx(context, "krb5_kuserok: permission denied");
+ goto out;
+ }
+
+ if (setgid(pwd->pw_gid) < 0) {
+ krb5_warn(context, errno, "setgid");
+ goto out;
+ }
+ if (setuid(pwd->pw_uid) < 0) {
+ krb5_warn(context, errno, "setuid");
+ goto out;
+ }
+
+ if (tk_file.length != 1)
+ snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data));
+ else
+ snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%lu",
+ (unsigned long)pwd->pw_uid);
+
+ status = krb5_cc_resolve (context, ccname, &ccache);
+ if (status) {
+ krb5_warn(context, status, "krb5_cc_resolve");
+ goto out;
+ }
+ status = krb5_cc_initialize (context, ccache, ticket->client);
+ if (status) {
+ krb5_warn(context, status, "krb5_cc_initialize");
+ goto out;
+ }
+ status = krb5_rd_cred2 (context, auth_context, ccache, &data);
+ krb5_cc_close (context, ccache);
+ if (status) {
+ krb5_warn(context, status, "krb5_rd_cred");
+ goto out;
+
+ }
+ strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile));
+ krb5_warnx(context, "%s forwarded ticket to %s,%s",
+ name,
+ (char *)(remotename.data),ccname);
+ out:
+ if (status) {
+ strlcpy(ret_string, "no", sizeof(ret_string));
+ krb5_warnx(context, "failed");
+ } else {
+ strlcpy(ret_string, "ok", sizeof(ret_string));
+ }
+
+ krb5_data_free (&tk_file);
+ krb5_data_free (&remotename);
+ krb5_data_free (&data);
+ free(name);
+
+ data.data = ret_string;
+ data.length = strlen(ret_string) + 1;
+ return krb5_write_priv_message(context, auth_context, &sock, &data);
+}
+
+static int
+doit (int port, const char *service)
+{
+ if (do_inetd)
+ mini_inetd(port);
+ return proto (STDIN_FILENO, service);
+}
+
+int
+main(int argc, char **argv)
+{
+ int port;
+ int ret;
+ krb5_log_facility *fac;
+
+ setprogname (argv[0]);
+ roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
+ port = server_setup(&context, argc, argv);
+ ret = krb5_openlog(context, "kfd", &fac);
+ if(ret) krb5_err(context, 1, ret, "krb5_openlog");
+ ret = krb5_set_warn_dest(context, fac);
+ if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest");
+
+ ret = doit (port, service);
+ closelog();
+ if (ret == 0 && regpag_str != NULL)
+ ret = execl(regpag_str, "regpag", "-t", krb5_tkfile, "-r", NULL);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/appl/login/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,355 @@
+2006-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * limits_conf.c: Clear errno before calling the strtol
+ functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj\xF6rn
+ Sandell.
+
+ * limits_conf.c: Report to syslog strings that start with NUL;
+ prevents negative index array access. Ray Lai of OpenBSD via Bj\xF6rn
+ Sandell.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add man_MANS to EXTRA_DIST
+
+2006-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * read_string.c: try to not call signaction for signal 0 and use
+ NSIG if it exists to determin how many signals there exists, also,
+ only restore those signalhandlers that we got out.
+
+2006-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * login_locl.h: Include "loginpaths.h"
+
+ * loginpaths.h: Shared paths between login and rshd.
+
+2006-01-09 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * login.c: log successful logins
+
+2005-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * login.c (do_login): only do krb4_get_afs_tokens if we have done
+ v4 authentication or done a 5to4 conversion of tickets. This is to
+ avoid delays on a realm that only support Kerberos 5 and drop
+ Kerberos 4 requests.
+
+2005-05-10 Dave Love <fx at gnu.org>
+
+ * login.c: Include <crypt.h>.
+
+2005-05-02 Dave Love <fx at gnu.org>
+
+ * limits_conf.c: Check RLIMIT_MEMLOCK, not RLIMIT_LOCK.
+
+2005-04-28 Dave Love <fx at gnu.org>
+
+ * limits_conf.c: Maybe include sys/resource.h. Use various
+ RLIMIT_ macros conditionally. For Solaris, Irix and Tru64.
+
+2005-04-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.1: document limits.conf
+
+ * Makefile.am: limits_conf.c
+
+ * login_locl.h: template for limits.conf
+
+ * login.c: read limits.conf (from /etc/security by default,
+ overridable in login.conf)
+
+ * limits_conf.c: implement a parser for limits.conf
+
+2004-09-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c: use krb5_appdefault_boolean instead of
+ krb5_config_get_bool
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * login.c (krb5_to4): set client princ of the mcred
+
+2003-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * login.c (krb5_to4): use krb5_cc_clear_mcred
+
+2003-03-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: install man pages
+
+ * login.1: manpage for login
+
+ * login.c: allow "welcome" as well as "motd" in login.conf
+
+ * login.access.5: login.access manual page
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * login.c: also need pag_set
+ * login.c: if there is kerberos 5, call krb5_afslog\*
+
+2002-08-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c: if motd is set in login.conf, output its contents
+ before starting the shell
+
+2002-02-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c: reset signals to default, needed on solaris 8
+
+2002-02-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * login_locl.h: include netgroup.h and rpcsvc/ypclnt.h
+
+ * login.c: make this build without krb5
+
+2001-09-22 Assar Westerlund <assar at sics.se>
+
+ * login_locl.h: kludge: use absolute path to find prot.h so we do
+ not get confused by athena's prot.h
+
+2001-09-17 Assar Westerlund <assar at sics.se>
+
+ * login.c (do_login): add setpcred
+
+2001-07-06 Assar Westerlund <assar at sics.se>
+
+ * login.c: move osf2c magic earlier. from Mark Davies
+ <mark at MCS.VUW.AC.NZ>
+
+2001-06-19 Assar Westerlund <assar at sics.se>
+
+ * login.c (krb5_to4): dereference result from krb5_princ_realm.
+ noted by Thomas Nystrom <thn at saeab.se>
+
+2001-06-04 Assar Westerlund <assar at sics.se>
+
+ * update copyright messages on Wietse Venema's code.
+
+2001-05-31 Assar Westerlund <assar at sics.se>
+
+ * login.c (krb5_to4): look for [realms]<realm>krb4_get_tickets to
+ decide whether to get kerberos 4 tickets
+
+2001-02-08 Assar Westerlund <assar at sics.se>
+
+ * utmp_login.c, utmpx_login.c: try to write a useful string as
+ host in utmp, using the same algoritm as telnetd
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * login.c: remove some krb5_free_context that might happen at
+ unappropriate times
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * login.c (main): handle krb5_init_context failure consistently
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * login.c (do_login): set the group on the tty.
+ (r_flag): comment out
+ * login.c (krb5_to4): always return a value
+
+2000-10-15 Assar Westerlund <assar at sics.se>
+
+ * login.c (krb5_to4): check another return code
+
+2000-08-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c (do_login): set PATH to something sane;
+ (start_logout_process): avoid getting signals sent to the parent
+
+ * login_locl.h: _PATH_DEFPATH
+
+2000-07-01 Assar Westerlund <assar at sics.se>
+
+ * login.c (login_timeout): add back
+
+2000-06-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * env.c: new file for environment related functions
+
+ * login.c: move environment stuff to separate file, allow
+ specifying list of environment files via login.conf
+
+2000-06-21 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (LDADD): add otp
+ * login.c: add reading of /etc/environment. From Ake Sandgren
+ <ake at cs.umu.se>
+ add otp support. From Daniel Kouril <kouril at ics.muni.cz>
+
+2000-06-09 Assar Westerlund <assar at sics.se>
+
+ * login.c (do_login): work-around for setuid and capabilities bug
+ fixed in Linux 2.2.16
+
+2000-04-09 Assar Westerlund <assar at sics.se>
+
+ * login.c: allow conversion of v5 -> v4 tickets when logging in
+ with forwarded tickets
+
+1999-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * conf.c: remove case for not having cgetent, since it's in roken
+
+1999-11-05 Assar Westerlund <assar at sics.se>
+
+ * login.c (do_login): conditionalize shadow stuff on getspnam
+
+1999-10-30 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (login_DEPENDENCIES): remove, it's not entirely
+ correct and was causing problems with non-GNU make
+
+1999-10-28 Assar Westerlund <assar at sics.se>
+
+ * login.c (start_logout_proceess): don't examine `prog' before
+ setting it.
+
+1999-10-27 Assar Westerlund <assar at sics.se>
+
+ * login.c (do_login): chown and chmod the tty. some clean-up.
+
+1999-10-03 Assar Westerlund <assar at sics.se>
+
+ * login.c (krb5_start_session): correct the ccache to
+ krb524_convert_creds_kdc
+
+1999-09-28 Assar Westerlund <assar at sics.se>
+
+ * login.c (krb5_verify): use krb5_verify_user_lrealm
+
+1999-09-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c: SGI capability mumbo-jumbo
+
+1999-08-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c (start_logout_process): call setproctitle
+
+ * login_locl.h: declare struct spwd
+
+ * login.c: add support for starting extra processes at login and
+ logout; always preserve TERM and TZ
+
+ * conf.c: add configuration file support
+
+1999-08-07 Assar Westerlund <assar at sics.se>
+
+ * shadow.c (check_shadow): check for a NULL sp
+
+1999-08-05 Assar Westerlund <assar at sics.se>
+
+ * login.c (main): move down login incorrect to disallow account
+ guessing
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * utmpx_login.c (utmpx_login): fix for Solaris. From Miroslav
+ Ruda <ruda at ics.muni.cz>
+
+ * login_locl.h: add <shadow.h> and some prototypes
+
+ * login.c: fixes with v4 and shadow support. From Miroslav Ruda
+ <ruda at ics.muni.cz>
+
+ * shadow.c: new file with functions for handling shadow passwords
+
+ * Makefile.am: add shadow
+
+1999-07-22 Assar Westerlund <assar at sics.se>
+
+ * login.c (main): generate a better tty name
+
+1999-05-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * login.c (do_login): set $SHELL
+
+1999-05-18 Assar Westerlund <assar at sics.se>
+
+ * add login-access
+
+1999-05-11 Assar Westerlund <assar at sics.se>
+
+ * login.c: copy the v5 ccache to a file after having done setuid
+
+1999-05-09 Assar Westerlund <assar at sics.se>
+
+ * login.c (krb5_verify): check seteuid for errors
+
+Mon Apr 19 22:30:55 1999 Assar Westerlund <assar at sics.se>
+
+ * login.c: conditionalize the kafs calls on KRB4
+
+ * Makefile.am (LDADD): add kafs
+
+ * login.c: add support for getting afs tokens with v4 and v5
+
+Sun Apr 18 14:12:28 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * login.c: check _PATH_NOLOGIN
+
+ * login_locl.h: _PATH_NOLOGIN
+
+1999-04-11 Assar Westerlund <assar at sics.se>
+
+ * login.c (main): use print_version
+
+Thu Apr 8 15:03:55 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * login.c: remove definition of KRB_VERIFY_USER et.al. (moved to
+ config.h)
+
+ * login_locl.h: include udb.h, sys/resource.h, and sys/category.h
+
+Sat Mar 27 17:58:37 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: osfc2.c
+
+ * login.c: magic for OSF C2, and Crays
+
+ * login_locl.h: do_osfc2_magic proto
+
+ * osfc2.c: bsd_locl -> login_locl
+
+ * osfc2.c: OSF C2 magic
+
+Tue Mar 23 14:17:40 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * login_locl.h: _PATH_UTMP
+
+Sun Mar 21 15:02:31 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * login.c: `-h' is host, not help
+
+Sat Mar 20 00:11:13 1999 Assar Westerlund <assar at sics.se>
+
+ * login_locl.h: krb.h: add
+
+ * login.c: static-size
+ (krb4_verify): add
+
+Thu Mar 18 11:36:10 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: include Makefile.am.common
+
+Thu Mar 11 17:53:36 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * utmpx_login.c: add some consts
+
+ * utmp_login.c: add some consts
+
+ * login.c: staticize
+
+ * login_locl.h: add prototypes, and defaults for
+ _PATH_*
+
+Mon Mar 1 10:49:14 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+ * utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
Added: vendor-crypto/heimdal/dist/appl/login/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,43 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+man_MANS = login.1 login.access.5
+
+bin_PROGRAMS = login
+
+login_SOURCES = \
+ conf.c \
+ env.c \
+ login.c \
+ login_access.c \
+ login_locl.h \
+ login_protos.h \
+ loginpaths.h \
+ limits_conf.c \
+ osfc2.c \
+ read_string.c \
+ shadow.c \
+ stty_default.c \
+ tty.c \
+ utmp_login.c \
+ utmpx_login.c
+
+LDADD = $(LIB_otp) \
+ $(LIB_kafs) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(LIB_security) \
+ $(DBLIB)
+
+$(srcdir)/login_protos.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
+
+$(login_OBJECTS): $(srcdir)/login_protos.h
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/login/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,915 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+bin_PROGRAMS = login$(EXEEXT)
+subdir = appl/login
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \
+ "$(DESTDIR)$(man5dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \
+ login_access.$(OBJEXT) limits_conf.$(OBJEXT) osfc2.$(OBJEXT) \
+ read_string.$(OBJEXT) shadow.$(OBJEXT) stty_default.$(OBJEXT) \
+ tty.$(OBJEXT) utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
+login_OBJECTS = $(am_login_OBJECTS)
+login_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
+ $(am__DEPENDENCIES_1)
+login_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(login_SOURCES)
+DIST_SOURCES = $(login_SOURCES)
+man1dir = $(mandir)/man1
+man5dir = $(mandir)/man5
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+man_MANS = login.1 login.access.5
+login_SOURCES = \
+ conf.c \
+ env.c \
+ login.c \
+ login_access.c \
+ login_locl.h \
+ login_protos.h \
+ loginpaths.h \
+ limits_conf.c \
+ osfc2.c \
+ read_string.c \
+ shadow.c \
+ stty_default.c \
+ tty.c \
+ utmp_login.c \
+ utmpx_login.c
+
+LDADD = $(LIB_otp) \
+ $(LIB_kafs) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(LIB_security) \
+ $(DBLIB)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/login/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/login/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES)
+ @rm -f login$(EXEEXT)
+ $(LINK) $(login_OBJECTS) $(login_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+install-man5: $(man5_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1 install-man5
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1 uninstall-man5
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-man5 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-man uninstall-man1 uninstall-man5
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(srcdir)/login_protos.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h
+
+$(login_OBJECTS): $(srcdir)/login_protos.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/login/conf.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/conf.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/conf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "login_locl.h"
+
+RCSID("$Id: conf.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static char *confbuf;
+
+static int
+login_conf_init(void)
+{
+ char *files[] = { _PATH_LOGIN_CONF, NULL };
+ return cgetent(&confbuf, files, "default");
+}
+
+char *
+login_conf_get_string(const char *str)
+{
+ char *value;
+ if(login_conf_init() != 0)
+ return NULL;
+ if(cgetstr(confbuf, (char *)str, &value) < 0)
+ return NULL;
+ return value;
+}
Added: vendor-crypto/heimdal/dist/appl/login/env.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/env.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/env.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+RCSID("$Id: env.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * the environment we will send to execle and the shell.
+ */
+
+char **env;
+int num_env;
+
+void
+extend_env(char *str)
+{
+ env = realloc(env, (num_env + 1) * sizeof(*env));
+ if(env == NULL)
+ errx(1, "Out of memory!");
+ env[num_env++] = str;
+}
+
+void
+add_env(const char *var, const char *value)
+{
+ int i;
+ char *str;
+ asprintf(&str, "%s=%s", var, value);
+ if(str == NULL)
+ errx(1, "Out of memory!");
+ for(i = 0; i < num_env; i++)
+ if(strncmp(env[i], var, strlen(var)) == 0 &&
+ env[i][strlen(var)] == '='){
+ free(env[i]);
+ env[i] = str;
+ return;
+ }
+
+ extend_env(str);
+}
+
+void
+copy_env(void)
+{
+ char **p;
+ for(p = environ; *p; p++)
+ extend_env(*p);
+}
+
+int
+login_read_env(const char *file)
+{
+ char **newenv;
+ char *p;
+ int i, j;
+
+ newenv = NULL;
+ i = read_environment(file, &newenv);
+ for (j = 0; j < i; j++) {
+ p = strchr(newenv[j], '=');
+ *p++ = 0;
+ add_env(newenv[j], p);
+ *--p = '=';
+ free(newenv[j]);
+ }
+ free(newenv);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/login/limits_conf.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/limits_conf.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/limits_conf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: limits_conf.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <errno.h>
+#include <limits.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+struct limit {
+ const char *name;
+ int resource;
+ int scale;
+ int has_limit;
+ struct rlimit limit;
+} limits[] = {
+#define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
+ LIM(CORE, 1024),
+ LIM(CPU, 60),
+ LIM(DATA, 1024),
+ LIM(FSIZE, 1024),
+#ifdef RLIMIT_MEMLOCK
+ LIM(MEMLOCK, 1024),
+#endif
+ LIM(NOFILE, 1),
+#ifdef RLIMIT_NPROC
+ LIM(NPROC, 1),
+#endif
+#ifdef RLIMIT_RSS
+ LIM(RSS, 1024),
+#endif
+ LIM(STACK, 1024),
+
+#ifdef RLIMIT_AS
+ LIM(AS, 1024),
+#endif
+#ifdef RLIMIT_LOCKS
+ LIM(LOCKS, 1),
+#endif
+ /*
+ maxlogins
+ priority
+ */
+ { NULL, 0 }
+};
+
+static struct limit *
+find_limit(const char *name)
+{
+ struct limit *l;
+ for(l = limits; l->name != NULL; l++)
+ if(strcasecmp(name, l->name) == 0)
+ return l;
+ return NULL;
+}
+
+/* this function reads limits.conf files similar to pam_limits
+ unimplemented features include:
+ % maxlogins
+ "-" no limits,
+ priorities etc that are not set via setrlimit
+ XXX uses static storage, and clobbers getgr*
+*/
+
+int
+read_limits_conf(const char *file, const struct passwd *pwd)
+{
+ FILE *f;
+ char *args[4];
+ int lineno = 0;
+ char buf[1024];
+ struct limit *l;
+ rlim_t value;
+
+ f = fopen(file, "r");
+ if(f == NULL) {
+ if(errno != ENOENT && errno != ENOTDIR)
+ syslog(LOG_ERR, "%s: %m", file);
+ return -1;
+ }
+
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ char *last = NULL;
+ char *end = NULL;
+ int level;
+
+ lineno++;
+
+ if(buf[0] == '\0') {
+ syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
+ continue;
+ }
+ if(buf[strlen(buf) - 1] != '\n') {
+ /* file did not end with a newline, figure out if we're at
+ the EOF, or if our buffer was too small */
+ int eof = 1;
+ int c;
+ while((c = fgetc(f)) != EOF) {
+ eof = 0;
+ if(c == '\n')
+ break;
+ }
+ if(!eof) {
+ syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
+ continue;
+ }
+ }
+ buf[strcspn(buf, "#\r\n")] = '\0';
+ if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
+ (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
+ (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
+ (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
+ if(args[0] != NULL) /* this would include comment lines */
+ syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
+ continue;
+ }
+
+ l = find_limit(args[2]);
+ if(l == NULL) {
+ syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
+ continue;
+ }
+ if(strcmp(args[3], "-") == 0) {
+ value = RLIM_INFINITY;
+ } else {
+ errno = 0;
+ value = strtol(args[3], &end, 10);
+ if(*end != '\0') {
+ syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+ continue;
+ }
+ if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
+ syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+ continue;
+ }
+ if(value * l->scale < value)
+ value = RLIM_INFINITY;
+ else
+ value *= l->scale;
+ }
+ level = 0;
+ /* XXX unclear: if you set group hard and user soft limit,
+ should the hard limit still apply? this code doesn't. */
+ if(strcmp(args[0], pwd->pw_name) == 0)
+ level = 3;
+ if(*args[0] == '@') {
+ struct group *gr;
+ gr = getgrnam(args[0] + 1);
+ if(gr != NULL && gr->gr_gid == pwd->pw_gid)
+ level = 2;
+ }
+ if(strcmp(args[0], "*") == 0)
+ level = 1;
+ if(level == 0 || level < l->has_limit) /* not for us */
+ continue;
+ if(l->has_limit < level) {
+ if(getrlimit(l->resource, &l->limit) < 0)
+ continue;
+ l->has_limit = level;
+ }
+
+ /* XXX unclear: if you soft to more than default hard, should
+ we set hard to soft? this code doesn't. */
+ if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
+ l->limit.rlim_cur = value;
+ if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0)
+ l->limit.rlim_max = value;
+ }
+ fclose(f);
+ for(l = limits; l->name != NULL; l++) {
+ if(l->has_limit) {
+ if(l->limit.rlim_cur > l->limit.rlim_max)
+ l->limit.rlim_cur = l->limit.rlim_max;
+ if(setrlimit(l->resource, &l->limit) != 0)
+ syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
+ }
+ l->has_limit = 0;
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/login/login.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/login.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/login.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,253 @@
+.\" $Id: login.1,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd April 22, 2005
+.Dt LOGIN 1
+.Os HEIMDAL
+.Sh NAME
+.Nm login
+.Nd
+authenticate a user and start new session
+.Sh SYNOPSIS
+.Nm
+.Op Fl fp
+.Op Fl a Ar level
+.Op Fl h Ar hostname
+.Ar [username]
+.Sh DESCRIPTION
+This manual page documents the
+.Nm login
+program distributed with the Heimdal Kerberos 5 implementation, it may
+differ in important ways from your system version.
+.Pp
+The
+.Nm login
+programs logs users into the system. It is intended to be run by
+system daemons like
+.Xr getty 8
+or
+.Xr telnetd 8 .
+If you are already logged in, but want to change to another user, you
+should use
+.Xr su 1 .
+.Pp
+A username can be given on the command line, else one will be prompted
+for.
+.Pp
+A password is required to login, unless the
+.Fl f
+option is given (indicating that the calling program has already done
+proper authentication). With
+.Fl f
+the user will be logged in without further questions.
+.Pp
+For password authentication Kerberos 5, Kerberos 4 (if compiled in),
+OTP (if compiled in) and local
+.No ( Pa /etc/passwd )
+passwords are supported. OTP will be used if the the user is
+registered to use it, and
+.Nm login
+is given the option
+.Fl a Li otp .
+When using OTP, a challenge is shown to the user.
+.Pp
+Further options are:
+.Bl -tag -width Ds
+.It Fl a Ar string
+Which authentication mode to use, the only supported value is
+currently
+.Dq otp .
+.It Fl f
+Indicates that the user is already authenticated. This happens, for
+instance, when login is started by telnetd, and the user has proved
+authentic via Kerberos.
+.It Fl h Ar hostname
+Indicates which host the user is logging in from. This is passed from
+telnetd, and is entered into the login database.
+.It Fl p
+This tells
+.Nm login
+to preserve all environment variables. If not given, only the
+.Dv TERM
+and
+.Dv TZ
+variables are preserved. It could be a security risk to pass random
+variables to
+.Nm login
+or the user shell, so the calling daemon should make sure it only
+passes
+.Dq safe
+variables.
+.El
+.Pp
+The process of logging user in proceeds as follows.
+.Pp
+First a check is made that logins are allowed at all. This usually
+means checking
+.Pa /etc/nologin .
+If it exists, and the user trying to login is not root, the contents
+is printed, and then login exits.
+.Pp
+Then various system parameters are set up, like changing the owner of
+the tty to the user, setting up signals, setting the group list, and
+user and group id. Also various machine specific tasks are performed.
+.Pp
+Next
+.Nm login
+changes to the users home directory, or if that fails, to
+.Pa / .
+The environment is setup, by adding some required variables (such as
+.Dv PATH ) ,
+and also authentication related ones (such as
+.Dv KRB5CCNAME ) .
+If an environment file exists
+.No ( Pa /etc/environment ) ,
+variables are set according to
+it.
+.Pp
+If one or more login message files are configured, their contents is
+printed to the terminal.
+.Pp
+If a login time command is configured, it is executed. A logout time
+command can also be configured, which makes
+.Nm login
+fork, and wait for the user shell to exit, and then run the command.
+This can be used to clean up user credentials.
+.Pp
+Finally, the user's shell is executed. If the user logging in is root,
+and root's login shell does not exist, a default shell (usually
+.Pa /bin/sh )
+is also tried before giving up.
+.Sh ENVIRONMENT
+These environment variables are set by login (not including ones set by
+.Pa /etc/environment ) :
+.Pp
+.Bl -tag -compact -width USERXXLOGNAME
+.It Dv PATH
+the default system path
+.It Dv HOME
+the user's home directory (or possibly
+.Pa / )
+.It Dv USER , Dv LOGNAME
+both set to the username
+.It Dv SHELL
+the user's shell
+.It Dv TERM , Dv TZ
+set to whatever is passed to
+.Nm login
+.It Dv KRB5CCNAME
+if the password is verified via Kerberos 5, this will point to the
+credentials cache file
+.It Dv KRBTKFILE
+if the password is verified via Kerberos 4, this will point to the
+ticket file
+.El
+.Sh FILES
+.Bl -tag -compact -width Ds
+.It Pa /etc/environment
+Contains a set of environment variables that should be set in addition
+to the ones above. It should contain sh-style assignments like
+.Dq VARIABLE=value .
+Note that they are not parsed the way a shell would. No variable
+expansion is performed, and all strings are literal, and quotation
+marks should not be used. Everything after a hash mark is considered a
+comment. The following are all different (the last will set the
+variable
+.Dv BAR ,
+not
+.Dv FOO ) .
+.Bd -literal -offset indent
+FOO=this is a string
+FOO="this is a string"
+BAR= FOO='this is a string'
+.Ed
+.It Pa /etc/login.access
+See
+.Xr login.access 5 .
+.It Pa /etc/login.conf
+This is a termcap style configuration file, that contains various
+settings used by
+.Nm login .
+Currently only the
+.Dq default
+capability record is used. The possible capability strings include:
+.Pp
+.Bl -tag -compact -width Ds
+.It Li environment
+This is a comma separated list of environment files that are read in
+the order specified. If this is missing the default
+.Pa /etc/environment
+is used.
+.It Li login_program
+This program will be executed just before the user's shell is started.
+It will be called without arguments.
+.It Li logout_program
+This program will be executed just after the user's shell has
+terminated. It will be called without arguments. This program will be
+the parent process of the spawned shell.
+.It Li motd
+A comma separated list of text files that will be printed to the
+user's terminal before starting the shell. The string
+.Li welcome
+works similarly, but points to a single file.
+.It Li limits
+Points to a file containing ulimit settings for various users. Syntax
+is inspired by what pam_limits uses, and the default is
+.Pa /etc/security/limits.conf .
+.El
+.It Pa /etc/nologin
+If it exists, login is denied to all but root. The contents of this
+file is printed before login exits.
+.El
+.Pp
+Other
+.Nm login
+programs typically print all sorts of information by default, such as
+last time you logged in, if you have mail, and system message files.
+This version of
+.Nm login
+does not, so there is no reason for
+.Pa .hushlogin
+files or similar. We feel that these tasks are best left to the user's
+shell, but the
+.Li login_program
+facility allows for a shell independent solution, if that is desired.
+.Sh EXAMPLES
+A
+.Pa login.conf
+file could look like:
+.Bd -literal -offset indent
+default:\\
+ :motd=/etc/motd,/etc/motd.local:\\
+ :limits=/etc/limits.conf:
+.Ed
+.Pp
+The
+.Pa limits.conf
+file consists of a table with four whitespace separated fields. First
+field is a username or a groupname (prefixed with
+.Sq @ ) ,
+or
+.Sq * .
+Second field is
+.Sq soft ,
+.Sq hard ,
+or
+.Sq -
+(the last meaning both soft and hard).
+Third field is a limit name (such as
+.Sq cpu
+or
+.Sq core ) .
+Last field is the limit value (a number or
+.Sq -
+for unlimited). In the case of data sizes, the value is in kilobytes,
+and cputime is in minutes.
+.Sh SEE ALSO
+.Xr su 1 ,
+.Xr login.access 5 ,
+.Xr getty 8 ,
+.Xr telnetd 8
+.Sh AUTHORS
+This login program was written for the Heimdal Kerberos 5
+implementation. The login.access code was written by Wietse Venema.
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/appl/login/login.access.5
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/login.access.5 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/login.access.5 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+.\" $Id: login.access.5,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd March 21, 2003
+.Dt LOGIN.ACCESS 5
+.Os HEIMDAL
+.Sh NAME
+.Nm login.access
+.Nd
+login access control table
+.Sh DESCRIPTION
+The
+.Nm login.access
+file specifies on which ttys or from which hosts certain users are
+allowed to login.
+.Pp
+At login, the
+.Pa /etc/login.access
+file is checked for the first entry that matches a specific user/host
+or user/tty combination. That entry can either allow or deny login
+access to that user.
+.Pp
+Each entry have three fields separated by colon:
+.Bl -bullet
+.It
+The first field indicates the permission given if the entry matches.
+It can be either
+.Dq +
+(allow access)
+or
+.Dq -
+(deny access) .
+.It
+The second field is a comma separated list of users or groups for
+which the current entry applies. NIS netgroups can used (if
+configured) if preceeded by @. The magic string ALL matches all users.
+A group will match if the user is a member of that group, or it is the
+user's primary group.
+.It
+The third field is a list of ttys, or network names. A network name
+can be either a hostname, a domain (indicated by a starting period),
+or a netgroup. As with the user list, ALL matches anything. LOCAL
+matches a string not containing a period.
+.El
+.Pp
+If the string EXCEPT is found in either the user or from list, the
+rest of the list are exceptions to the list before EXCEPT.
+.Sh BUGS
+If there's a user and a group with the same name, there is no way to
+make the group match if the user also matches.
+.Sh SEE ALSO
+.Xr login 1
+.Sh AUTHORS
+The
+.Fn login_access
+function was written by
+Wietse Venema. This manual page was written for Heimdal.
Added: vendor-crypto/heimdal/dist/appl/login/login.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/login.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/login.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,887 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+#ifdef HAVE_CAPABILITY_H
+#include <capability.h>
+#endif
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
+RCSID("$Id: login.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int login_timeout = 60;
+
+static int
+start_login_process(void)
+{
+ char *prog, *argv0;
+ prog = login_conf_get_string("login_program");
+ if(prog == NULL)
+ return 0;
+ argv0 = strrchr(prog, '/');
+
+ if(argv0)
+ argv0++;
+ else
+ argv0 = prog;
+
+ return simple_execle(prog, argv0, NULL, env);
+}
+
+static int
+start_logout_process(void)
+{
+ char *prog, *argv0;
+ pid_t pid;
+
+ prog = login_conf_get_string("logout_program");
+ if(prog == NULL)
+ return 0;
+ argv0 = strrchr(prog, '/');
+
+ if(argv0)
+ argv0++;
+ else
+ argv0 = prog;
+
+ pid = fork();
+ if(pid == 0) {
+ /* avoid getting signals sent to the shell */
+ setpgid(0, getpid());
+ return 0;
+ }
+ if(pid == -1)
+ err(1, "fork");
+ /* wait for the real login process to exit */
+#ifdef HAVE_SETPROCTITLE
+ setproctitle("waitpid %d", pid);
+#endif
+ while(1) {
+ int status;
+ int ret;
+ ret = waitpid(pid, &status, 0);
+ if(ret > 0) {
+ if(WIFEXITED(status) || WIFSIGNALED(status)) {
+ execle(prog, argv0, NULL, env);
+ err(1, "exec %s", prog);
+ }
+ } else if(ret < 0)
+ err(1, "waitpid");
+ }
+}
+
+static void
+exec_shell(const char *shell, int fallback)
+{
+ char *sh;
+ const char *p;
+
+ extend_env(NULL);
+ if(start_login_process() < 0)
+ warn("login process");
+ start_logout_process();
+
+ p = strrchr(shell, '/');
+ if(p)
+ p++;
+ else
+ p = shell;
+ if (asprintf(&sh, "-%s", p) == -1)
+ errx(1, "Out of memory");
+ execle(shell, sh, NULL, env);
+ if(fallback){
+ warnx("Can't exec %s, trying %s",
+ shell, _PATH_BSHELL);
+ execle(_PATH_BSHELL, "-sh", NULL, env);
+ err(1, "%s", _PATH_BSHELL);
+ }
+ err(1, "%s", shell);
+}
+
+static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth;
+
+#ifdef KRB4
+static krb5_boolean get_v4_tgt = FALSE;
+#endif
+
+#ifdef OTP
+static OtpContext otp_ctx;
+
+static int
+otp_verify(struct passwd *pwd, const char *password)
+{
+ return (otp_verify_user (&otp_ctx, password));
+}
+#endif /* OTP */
+
+
+static int pag_set = 0;
+
+#ifdef KRB5
+static krb5_context context;
+static krb5_ccache id, id2;
+
+static int
+krb5_verify(struct passwd *pwd, const char *password)
+{
+ krb5_error_code ret;
+ krb5_principal princ;
+
+ ret = krb5_parse_name(context, pwd->pw_name, &princ);
+ if(ret)
+ return 1;
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+ if(ret) {
+ krb5_free_principal(context, princ);
+ return 1;
+ }
+ ret = krb5_verify_user_lrealm(context,
+ princ,
+ id,
+ password,
+ 1,
+ NULL);
+ krb5_free_principal(context, princ);
+ return ret;
+}
+
+#ifdef KRB4
+static krb5_error_code
+krb5_to4 (krb5_ccache id)
+{
+ krb5_error_code ret;
+ krb5_principal princ;
+
+ ret = krb5_cc_get_principal(context, id, &princ);
+ if(ret == 0) {
+ krb5_appdefault_boolean(context, "login",
+ krb5_principal_get_realm(context, princ),
+ "krb4_get_tickets", FALSE, &get_v4_tgt);
+ krb5_free_principal(context, princ);
+ } else {
+ krb5_realm realm = NULL;
+ krb5_get_default_realm(context, &realm);
+ krb5_appdefault_boolean(context, "login",
+ realm,
+ "krb4_get_tickets", FALSE, &get_v4_tgt);
+ free(realm);
+ }
+
+ if (get_v4_tgt) {
+ CREDENTIALS c;
+ krb5_creds mcred, cred;
+ char krb4tkfile[MAXPATHLEN];
+ krb5_error_code ret;
+ krb5_principal princ;
+
+ krb5_cc_clear_mcred(&mcred);
+
+ ret = krb5_cc_get_principal (context, id, &princ);
+ if (ret)
+ return ret;
+
+ ret = krb5_make_principal(context, &mcred.server,
+ princ->realm,
+ "krbtgt",
+ princ->realm,
+ NULL);
+ if (ret) {
+ krb5_free_principal(context, princ);
+ return ret;
+ }
+ mcred.client = princ;
+
+ ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
+ if(ret == 0) {
+ ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c);
+ if(ret == 0) {
+ snprintf(krb4tkfile,sizeof(krb4tkfile),"%s%d",TKT_ROOT,
+ getuid());
+ krb_set_tkt_string(krb4tkfile);
+ tf_setup(&c, c.pname, c.pinst);
+ }
+ memset(&c, 0, sizeof(c));
+ krb5_free_cred_contents(context, &cred);
+ }
+ if (ret != 0)
+ get_v4_tgt = FALSE;
+ krb5_free_principal(context, mcred.server);
+ krb5_free_principal(context, mcred.client);
+ }
+ return 0;
+}
+#endif /* KRB4 */
+
+static int
+krb5_start_session (const struct passwd *pwd)
+{
+ krb5_error_code ret;
+ char residual[64];
+
+ /* copy credentials to file cache */
+ snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u",
+ (unsigned)pwd->pw_uid);
+ krb5_cc_resolve(context, residual, &id2);
+ ret = krb5_cc_copy_cache(context, id, id2);
+ if (ret == 0)
+ add_env("KRB5CCNAME", residual);
+ else {
+ krb5_cc_destroy (context, id2);
+ return ret;
+ }
+#ifdef KRB4
+ krb5_to4 (id2);
+#endif
+ krb5_cc_close(context, id2);
+ krb5_cc_destroy(context, id);
+ return 0;
+}
+
+static void
+krb5_finish (void)
+{
+ krb5_free_context(context);
+}
+
+static void
+krb5_get_afs_tokens (const struct passwd *pwd)
+{
+ char cell[64];
+ char *pw_dir;
+ krb5_error_code ret;
+
+ if (!k_hasafs ())
+ return;
+
+ ret = krb5_cc_default(context, &id2);
+
+ if (ret == 0) {
+ pw_dir = pwd->pw_dir;
+
+ if (!pag_set) {
+ k_setpag();
+ pag_set = 1;
+ }
+
+ if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
+ krb5_afslog_uid_home (context, id2,
+ cell, NULL, pwd->pw_uid, pwd->pw_dir);
+ krb5_afslog_uid_home (context, id2, NULL, NULL,
+ pwd->pw_uid, pwd->pw_dir);
+ krb5_cc_close (context, id2);
+ }
+}
+
+#endif /* KRB5 */
+
+#ifdef KRB4
+
+static int
+krb4_verify(struct passwd *pwd, const char *password)
+{
+ char lrealm[REALM_SZ];
+ int ret;
+ char ticket_file[MaxPathLen];
+
+ ret = krb_get_lrealm (lrealm, 1);
+ if (ret)
+ return 1;
+
+ snprintf (ticket_file, sizeof(ticket_file),
+ "%s%u_%u",
+ TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
+
+ krb_set_tkt_string (ticket_file);
+
+ ret = krb_verify_user (pwd->pw_name, "", lrealm, (char *)password,
+ KRB_VERIFY_SECURE_FAIL, NULL);
+ if (ret)
+ return 1;
+
+ if (chown (ticket_file, pwd->pw_uid, pwd->pw_gid) < 0) {
+ dest_tkt();
+ return 1;
+ }
+
+ add_env ("KRBTKFILE", ticket_file);
+ return 0;
+}
+
+static void
+krb4_get_afs_tokens (const struct passwd *pwd)
+{
+ char cell[64];
+ char *pw_dir;
+
+ if (!k_hasafs ())
+ return;
+
+ pw_dir = pwd->pw_dir;
+
+ if (!pag_set) {
+ k_setpag();
+ pag_set = 1;
+ }
+
+ if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0)
+ krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
+
+ krb_afslog_uid_home (NULL, NULL, pwd->pw_uid, pwd->pw_dir);
+}
+
+#endif /* KRB4 */
+
+static int f_flag;
+static int p_flag;
+#if 0
+static int r_flag;
+#endif
+static int version_flag;
+static int help_flag;
+static char *remote_host;
+static char *auth_level = NULL;
+
+struct getargs args[] = {
+ { NULL, 'a', arg_string, &auth_level, "authentication mode" },
+#if 0
+ { NULL, 'd' },
+#endif
+ { NULL, 'f', arg_flag, &f_flag, "pre-authenticated" },
+ { NULL, 'h', arg_string, &remote_host, "remote host", "hostname" },
+ { NULL, 'p', arg_flag, &p_flag, "don't purge environment" },
+#if 0
+ { NULL, 'r', arg_flag, &r_flag, "rlogin protocol" },
+#endif
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag,&help_flag, }
+};
+
+int nargs = sizeof(args) / sizeof(args[0]);
+
+static void
+update_utmp(const char *username, const char *hostname,
+ char *tty, char *ttyn)
+{
+ /*
+ * Update the utmp files, both BSD and SYSV style.
+ */
+ if (utmpx_login(tty, username, hostname) != 0 && !f_flag) {
+ printf("No utmpx entry. You must exec \"login\" from the "
+ "lowest level shell.\n");
+ exit(1);
+ }
+ utmp_login(ttyn, username, hostname);
+}
+
+static void
+checknologin(void)
+{
+ FILE *f;
+ char buf[1024];
+
+ f = fopen(_PATH_NOLOGIN, "r");
+ if(f == NULL)
+ return;
+ while(fgets(buf, sizeof(buf), f))
+ fputs(buf, stdout);
+ fclose(f);
+ exit(0);
+}
+
+/* print contents of a file */
+static void
+show_file(const char *file)
+{
+ FILE *f;
+ char buf[BUFSIZ];
+ if((f = fopen(file, "r")) == NULL)
+ return;
+ while (fgets(buf, sizeof(buf), f))
+ fputs(buf, stdout);
+ fclose(f);
+}
+
+/*
+ * Actually log in the user. `pwd' contains all the relevant
+ * information about the user. `ttyn' is the complete name of the tty
+ * and `tty' the short name.
+ */
+
+static void
+do_login(const struct passwd *pwd, char *tty, char *ttyn)
+{
+#ifdef HAVE_GETSPNAM
+ struct spwd *sp;
+#endif
+ int rootlogin = (pwd->pw_uid == 0);
+ gid_t tty_gid;
+ struct group *gr;
+ const char *home_dir;
+ int i;
+
+ if(!rootlogin)
+ checknologin();
+
+#ifdef HAVE_GETSPNAM
+ sp = getspnam(pwd->pw_name);
+#endif
+
+ update_utmp(pwd->pw_name, remote_host ? remote_host : "",
+ tty, ttyn);
+
+ gr = getgrnam ("tty");
+ if (gr != NULL)
+ tty_gid = gr->gr_gid;
+ else
+ tty_gid = pwd->pw_gid;
+
+ if (chown (ttyn, pwd->pw_uid, tty_gid) < 0) {
+ warn("chown %s", ttyn);
+ if (rootlogin == 0)
+ exit (1);
+ }
+
+ if (chmod (ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) {
+ warn("chmod %s", ttyn);
+ if (rootlogin == 0)
+ exit (1);
+ }
+
+#ifdef HAVE_SETLOGIN
+ if(setlogin(pwd->pw_name)){
+ warn("setlogin(%s)", pwd->pw_name);
+ if(rootlogin == 0)
+ exit(1);
+ }
+#endif
+ if(rootlogin == 0) {
+ const char *file = login_conf_get_string("limits");
+ if(file == NULL)
+ file = _PATH_LIMITS_CONF;
+
+ read_limits_conf(file, pwd);
+ }
+
+#ifdef HAVE_SETPCRED
+ if (setpcred (pwd->pw_name, NULL) == -1)
+ warn("setpcred(%s)", pwd->pw_name);
+#endif /* HAVE_SETPCRED */
+#ifdef HAVE_INITGROUPS
+ if(initgroups(pwd->pw_name, pwd->pw_gid)){
+ warn("initgroups(%s, %u)", pwd->pw_name, (unsigned)pwd->pw_gid);
+ if(rootlogin == 0)
+ exit(1);
+ }
+#endif
+ if(do_osfc2_magic(pwd->pw_uid))
+ exit(1);
+ if(setgid(pwd->pw_gid)){
+ warn("setgid(%u)", (unsigned)pwd->pw_gid);
+ if(rootlogin == 0)
+ exit(1);
+ }
+ if(setuid(pwd->pw_uid) || (pwd->pw_uid != 0 && setuid(0) == 0)) {
+ warn("setuid(%u)", (unsigned)pwd->pw_uid);
+ if(rootlogin == 0)
+ exit(1);
+ }
+
+ /* make sure signals are set to default actions, apparently some
+ OS:es like to ignore SIGINT, which is not very convenient */
+
+ for (i = 1; i < NSIG; ++i)
+ signal(i, SIG_DFL);
+
+ /* all kinds of different magic */
+
+#ifdef HAVE_GETSPNAM
+ check_shadow(pwd, sp);
+#endif
+
+#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM)
+ {
+ struct udb *udb;
+ long t;
+ const long maxcpu = 46116860184; /* some random constant */
+ udb = getudbnam(pwd->pw_name);
+ if(udb == UDB_NULL)
+ errx(1, "Failed to get UDB entry.");
+ t = udb->ue_pcpulim[UDBRC_INTER];
+ if(t == 0 || t > maxcpu)
+ t = CPUUNLIM;
+ else
+ t *= 100 * CLOCKS_PER_SEC;
+
+ if(limit(C_PROC, 0, L_CPU, t) < 0)
+ warn("limit C_PROC");
+
+ t = udb->ue_jcpulim[UDBRC_INTER];
+ if(t == 0 || t > maxcpu)
+ t = CPUUNLIM;
+ else
+ t *= 100 * CLOCKS_PER_SEC;
+
+ if(limit(C_JOBPROCS, 0, L_CPU, t) < 0)
+ warn("limit C_JOBPROCS");
+
+ nice(udb->ue_nice[UDBRC_INTER]);
+ }
+#endif
+#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC)
+ /* XXX SGI capability hack IRIX 6.x (x >= 0?) has something
+ called capabilities, that allow you to give away
+ permissions (such as chown) to specific processes. From 6.5
+ this is default on, and the default capability set seems to
+ not always be the empty set. The problem is that the
+ runtime linker refuses to do just about anything if the
+ process has *any* capabilities set, so we have to remove
+ them here (unless otherwise instructed by /etc/capability).
+ In IRIX < 6.5, these functions was called sgi_cap_setproc,
+ etc, but we ignore this fact (it works anyway). */
+ {
+ struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name);
+ cap_t cap;
+ if(ucap == NULL)
+ cap = cap_from_text("all=");
+ else
+ cap = cap_from_text(ucap->ca_default);
+ if(cap == NULL)
+ err(1, "cap_from_text");
+ if(cap_set_proc(cap) < 0)
+ err(1, "cap_set_proc");
+ cap_free(cap);
+ free(ucap);
+ }
+#endif
+ home_dir = pwd->pw_dir;
+ if (chdir(home_dir) < 0) {
+ fprintf(stderr, "No home directory \"%s\"!\n", pwd->pw_dir);
+ if (chdir("/"))
+ exit(0);
+ home_dir = "/";
+ fprintf(stderr, "Logging in with home = \"/\".\n");
+ }
+#ifdef KRB5
+ if (auth == AUTH_KRB5) {
+ krb5_start_session (pwd);
+ }
+#ifdef KRB4
+ else if (auth == 0) {
+ krb5_error_code ret;
+ krb5_ccache id;
+
+ ret = krb5_cc_default (context, &id);
+ if (ret == 0) {
+ krb5_to4 (id);
+ krb5_cc_close (context, id);
+ }
+ }
+#endif /* KRB4 */
+
+ krb5_get_afs_tokens (pwd);
+
+ krb5_finish ();
+#endif /* KRB5 */
+
+#ifdef KRB4
+ if (auth == AUTH_KRB4 || get_v4_tgt)
+ krb4_get_afs_tokens (pwd);
+#endif /* KRB4 */
+
+ add_env("PATH", _PATH_DEFPATH);
+
+ {
+ const char *str = login_conf_get_string("environment");
+ char buf[MAXPATHLEN];
+
+ if(str == NULL) {
+ login_read_env(_PATH_ETC_ENVIRONMENT);
+ } else {
+ while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
+ if(buf[0] == '\0')
+ continue;
+ login_read_env(buf);
+ }
+ }
+ }
+ {
+ const char *str = login_conf_get_string("motd");
+ char buf[MAXPATHLEN];
+
+ if(str != NULL) {
+ while(strsep_copy(&str, ",", buf, sizeof(buf)) != -1) {
+ if(buf[0] == '\0')
+ continue;
+ show_file(buf);
+ }
+ } else {
+ str = login_conf_get_string("welcome");
+ if(str != NULL)
+ show_file(str);
+ }
+ }
+ add_env("HOME", home_dir);
+ add_env("USER", pwd->pw_name);
+ add_env("LOGNAME", pwd->pw_name);
+ add_env("SHELL", pwd->pw_shell);
+ exec_shell(pwd->pw_shell, rootlogin);
+}
+
+static int
+check_password(struct passwd *pwd, const char *password)
+{
+ if(pwd->pw_passwd == NULL)
+ return 1;
+ if(pwd->pw_passwd[0] == '\0'){
+#ifdef ALLOW_NULL_PASSWORD
+ return password[0] != '\0';
+#else
+ return 1;
+#endif
+ }
+ if(strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) == 0)
+ return 0;
+#ifdef KRB5
+ if(krb5_verify(pwd, password) == 0) {
+ auth = AUTH_KRB5;
+ return 0;
+ }
+#endif
+#ifdef KRB4
+ if (krb4_verify (pwd, password) == 0) {
+ auth = AUTH_KRB4;
+ return 0;
+ }
+#endif
+#ifdef OTP
+ if (otp_verify (pwd, password) == 0) {
+ auth = AUTH_OTP;
+ return 0;
+ }
+#endif
+ return 1;
+}
+
+static void
+usage(int status)
+{
+ arg_printusage(args, nargs, NULL, "[username]");
+ exit(status);
+}
+
+static RETSIGTYPE
+sig_handler(int sig)
+{
+ if (sig == SIGALRM)
+ fprintf(stderr, "Login timed out after %d seconds\n",
+ login_timeout);
+ else
+ fprintf(stderr, "Login received signal, exiting\n");
+ exit(0);
+}
+
+int
+main(int argc, char **argv)
+{
+ int max_tries = 5;
+ int try;
+
+ char username[32];
+ int optidx = 0;
+
+ int ask = 1;
+ struct sigaction sa;
+
+ setprogname(argv[0]);
+
+#ifdef KRB5
+ {
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+ }
+#endif
+
+ openlog("login", LOG_ODELAY | LOG_PID, LOG_AUTH);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optidx))
+ usage (1);
+ argc -= optidx;
+ argv += optidx;
+
+ if(help_flag)
+ usage(0);
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ if (geteuid() != 0)
+ errx(1, "only root may use login, use su");
+
+ /* Default tty settings. */
+ stty_default();
+
+ if(p_flag)
+ copy_env();
+ else {
+ /* this set of variables is always preserved by BSD login */
+ if(getenv("TERM"))
+ add_env("TERM", getenv("TERM"));
+ if(getenv("TZ"))
+ add_env("TZ", getenv("TZ"));
+ }
+
+ if(*argv){
+ if(strchr(*argv, '=') == NULL && strcmp(*argv, "-") != 0){
+ strlcpy (username, *argv, sizeof(username));
+ ask = 0;
+ }
+ }
+
+#if defined(DCE) && defined(AIX)
+ esetenv("AUTHSTATE", "DCE", 1);
+#endif
+
+ /* XXX should we care about environment on the command line? */
+
+ memset(&sa, 0, sizeof(sa));
+ sa.sa_handler = sig_handler;
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction(SIGALRM, &sa, NULL);
+ alarm(login_timeout);
+
+ for(try = 0; try < max_tries; try++){
+ struct passwd *pwd;
+ char password[128];
+ int ret;
+ char ttname[32];
+ char *tty, *ttyn;
+ char prompt[128];
+#ifdef OTP
+ char otp_str[256];
+#endif
+
+ if(ask){
+ f_flag = 0;
+#if 0
+ r_flag = 0;
+#endif
+ ret = read_string("login: ", username, sizeof(username), 1);
+ if(ret == -3)
+ exit(0);
+ if(ret == -2)
+ sig_handler(0); /* exit */
+ }
+ pwd = k_getpwnam(username);
+#ifdef ALLOW_NULL_PASSWORD
+ if (pwd != NULL && (pwd->pw_passwd[0] == '\0')) {
+ strcpy(password,"");
+ }
+ else
+#endif
+
+ {
+#ifdef OTP
+ if(auth_level && strcmp(auth_level, "otp") == 0 &&
+ otp_challenge(&otp_ctx, username,
+ otp_str, sizeof(otp_str)) == 0)
+ snprintf (prompt, sizeof(prompt), "%s's %s Password: ",
+ username, otp_str);
+ else
+#endif
+ strncpy(prompt, "Password: ", sizeof(prompt));
+
+ if (f_flag == 0) {
+ ret = read_string(prompt, password, sizeof(password), 0);
+ if (ret == -3) {
+ ask = 1;
+ continue;
+ }
+ if (ret == -2)
+ sig_handler(0);
+ }
+ }
+
+ if(pwd == NULL){
+ fprintf(stderr, "Login incorrect.\n");
+ ask = 1;
+ continue;
+ }
+
+ if(f_flag == 0 && check_password(pwd, password)){
+ fprintf(stderr, "Login incorrect.\n");
+ ask = 1;
+ continue;
+ }
+ ttyn = ttyname(STDIN_FILENO);
+ if(ttyn == NULL){
+ snprintf(ttname, sizeof(ttname), "%s??", _PATH_TTY);
+ ttyn = ttname;
+ }
+ if (strncmp (ttyn, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+ tty = ttyn + strlen(_PATH_DEV);
+ else
+ tty = ttyn;
+
+ if (login_access (pwd, remote_host ? remote_host : tty) == 0) {
+ fprintf(stderr, "Permission denied\n");
+ if (remote_host)
+ syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s",
+ pwd->pw_name, remote_host);
+ else
+ syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s",
+ pwd->pw_name, tty);
+ exit (1);
+ } else {
+ if (remote_host)
+ syslog(LOG_NOTICE, "%s LOGIN ACCEPTED FROM %s ppid=%d",
+ pwd->pw_name, remote_host, (int) getppid());
+ else
+ syslog(LOG_NOTICE, "%s LOGIN ACCEPTED ON %s ppid=%d",
+ pwd->pw_name, tty, (int) getppid());
+ }
+ alarm(0);
+ do_login(pwd, tty, ttyn);
+ }
+ exit(1);
+}
Added: vendor-crypto/heimdal/dist/appl/login/login_access.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/login_access.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/login_access.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,277 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
+* files may be covered by other copyrights.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that this entire copyright notice
+* is duplicated in all such copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+ /*
+ * This module implements a simple but effective form of login access
+ * control based on login names and on host (or domain) names, internet
+ * addresses (or network numbers), or on terminal line names in case of
+ * non-networked logins. Diagnostics are reported through syslog(3).
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: login_access.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+static char fs[] = ":"; /* field separator */
+static char sep[] = ", \t"; /* list-element separator */
+
+ /* Constants to be used in assignments only, not in comparisons... */
+
+#define YES 1
+#define NO 0
+
+ /*
+ * A structure to bundle up all login-related information to keep the
+ * functional interfaces as generic as possible.
+ */
+struct login_info {
+ struct passwd *user;
+ char *from;
+};
+
+static int list_match(char *list, struct login_info *item,
+ int (*match_fn)(char *, struct login_info *));
+static int user_match(char *tok, struct login_info *item);
+static int from_match(char *tok, struct login_info *item);
+static int string_match(char *tok, char *string);
+
+/* login_access - match username/group and host/tty with access control file */
+
+int login_access(struct passwd *user, char *from)
+{
+ struct login_info item;
+ FILE *fp;
+ char line[BUFSIZ];
+ char *perm; /* becomes permission field */
+ char *users; /* becomes list of login names */
+ char *froms; /* becomes list of terminals or hosts */
+ int match = NO;
+ int end;
+ int lineno = 0; /* for diagnostics */
+ char *foo;
+
+ /*
+ * Bundle up the arguments to avoid unnecessary clumsiness lateron.
+ */
+ item.user = user;
+ item.from = from;
+
+ /*
+ * Process the table one line at a time and stop at the first match.
+ * Blank lines and lines that begin with a '#' character are ignored.
+ * Non-comment lines are broken at the ':' character. All fields are
+ * mandatory. The first field should be a "+" or "-" character. A
+ * non-existing table means no access control.
+ */
+
+ if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
+ while (!match && fgets(line, sizeof(line), fp)) {
+ lineno++;
+ if (line[end = strlen(line) - 1] != '\n') {
+ syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
+ _PATH_LOGACCESS, lineno);
+ continue;
+ }
+ if (line[0] == '#')
+ continue; /* comment line */
+ while (end > 0 && isspace((unsigned char)line[end - 1]))
+ end--;
+ line[end] = 0; /* strip trailing whitespace */
+ if (line[0] == 0) /* skip blank lines */
+ continue;
+ foo = NULL;
+ if (!(perm = strtok_r(line, fs, &foo))
+ || !(users = strtok_r(NULL, fs, &foo))
+ || !(froms = strtok_r(NULL, fs, &foo))
+ || strtok_r(NULL, fs, &foo)) {
+ syslog(LOG_ERR, "%s: line %d: bad field count",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ if (perm[0] != '+' && perm[0] != '-') {
+ syslog(LOG_ERR, "%s: line %d: bad first field",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ match = (list_match(froms, &item, from_match)
+ && list_match(users, &item, user_match));
+ }
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
+ }
+ return (match == 0 || (line[0] == '+'));
+}
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(char *list,
+ struct login_info *item,
+ int (*match_fn)(char *, struct login_info *))
+{
+ char *tok;
+ int match = NO;
+ char *foo = NULL;
+
+ /*
+ * Process tokens one at a time. We have exhausted all possible matches
+ * when we reach an "EXCEPT" token or the end of the list. If we do find
+ * a match, look for an "EXCEPT" list and recurse to determine whether
+ * the match is affected by any exceptions.
+ */
+
+ for (tok = strtok_r(list, sep, &foo);
+ tok != NULL;
+ tok = strtok_r(NULL, sep, &foo)) {
+ if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
+ break;
+ if ((match = (*match_fn) (tok, item)) != 0) /* YES */
+ break;
+ }
+ /* Process exceptions to matches. */
+
+ if (match != NO) {
+ while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
+ /* VOID */ ;
+ if (tok == 0 || list_match(NULL, item, match_fn) == NO)
+ return (match);
+ }
+ return (NO);
+}
+
+/* myhostname - figure out local machine name */
+
+static char *myhostname(void)
+{
+ static char name[MAXHOSTNAMELEN + 1] = "";
+
+ if (name[0] == 0) {
+ gethostname(name, sizeof(name));
+ name[MAXHOSTNAMELEN] = 0;
+ }
+ return (name);
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int netgroup_match(char *group, char *machine, char *user)
+{
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ static char *mydomain = 0;
+
+ if (mydomain == 0)
+ yp_get_default_domain(&mydomain);
+ return (innetgr(group, machine, user, mydomain));
+#else
+ syslog(LOG_ERR, "NIS netgroup support not configured");
+ return 0;
+#endif
+}
+
+/* user_match - match a username against one token */
+
+static int user_match(char *tok, struct login_info *item)
+{
+ char *string = item->user->pw_name;
+ struct login_info fake_item;
+ struct group *group;
+ int i;
+ char *at;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the username, if the
+ * token is a group that contains the username, or if the token is the
+ * name of the user's primary group.
+ */
+
+ if ((at = strchr(tok + 1, '@')) != 0) { /* split user at host pattern */
+ *at = 0;
+ fake_item.from = myhostname();
+ return (user_match(tok, item) && from_match(at + 1, &fake_item));
+ } else if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, (char *) 0, string));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+ if (item->user->pw_gid == group->gr_gid)
+ return (YES);
+ for (i = 0; group->gr_mem[i]; i++)
+ if (strcasecmp(string, group->gr_mem[i]) == 0)
+ return (YES);
+ }
+ return (NO);
+}
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int from_match(char *tok, struct login_info *item)
+{
+ char *string = item->from;
+ int tok_len;
+ int str_len;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds. Return
+ * YES if the token fully matches the string. If the token is a domain
+ * name, return YES if it matches the last fields of the string. If the
+ * token has the magic value "LOCAL", return YES if the string does not
+ * contain a "." character. If the token is a network number, return YES
+ * if it matches the head of the string.
+ */
+
+ if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, string, (char *) 0));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if (tok[0] == '.') { /* domain: match last fields */
+ if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return (YES);
+ } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
+ if (strchr(string, '.') == 0)
+ return (YES);
+ } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
+ && strncmp(tok, string, tok_len) == 0) {
+ return (YES);
+ }
+ return (NO);
+}
+
+/* string_match - match a string against one token */
+
+static int string_match(char *tok, char *string)
+{
+
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+ return (YES);
+ } else if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ return (NO);
+}
Added: vendor-crypto/heimdal/dist/appl/login/login_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/login_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/login_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: login_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __LOGIN_LOCL_H__
+#define __LOGIN_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <signal.h>
+#include <termios.h>
+#include <err.h>
+#include <pwd.h>
+#include <roken.h>
+#include <getarg.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_UDB_H
+#include <udb.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+#ifdef HAVE_SYS_CATEGORY_H
+#include <sys/category.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+#ifdef HAVE_NETGROUP_H
+#include <netgroup.h>
+#endif
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#endif
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#include <kafs.h>
+
+#ifdef OTP
+#include <otp.h>
+#endif
+
+#ifdef HAVE_OSFC2
+#define getargs OSFgetargs
+#include "/usr/include/prot.h"
+#undef getargs
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+#ifndef _PATH_WTMP
+#ifdef WTMP_FILE
+#define _PATH_WTMP WTMP_FILE
+#else
+#define _PATH_WTMP "/var/adm/wtmp"
+#endif
+#endif
+#ifndef _PATH_UTMP
+#ifdef UTMP_FILE
+#define _PATH_UTMP UTMP_FILE
+#else
+#define _PATH_UTMP "/var/adm/utmp"
+#endif
+#endif
+
+#ifndef _PATH_LOGACCESS
+#define _PATH_LOGACCESS SYSCONFDIR "/login.access"
+#endif /* _PATH_LOGACCESS */
+
+#ifndef _PATH_LOGIN_CONF
+#define _PATH_LOGIN_CONF SYSCONFDIR "/login.conf"
+#endif /* _PATH_LOGIN_CONF */
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/bin:/bin"
+#endif
+
+#include "loginpaths.h"
+
+struct spwd;
+
+extern char **env;
+extern int num_env;
+
+#include "login_protos.h"
+
+#endif /* __LOGIN_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/appl/login/login_protos.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/login_protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/login_protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+/* This is a generated file */
+#ifndef __login_protos_h__
+#define __login_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void
+add_env (
+ const char */*var*/,
+ const char */*value*/);
+
+void
+check_shadow (
+ const struct passwd */*pw*/,
+ const struct spwd */*sp*/);
+
+char *
+clean_ttyname (char */*tty*/);
+
+void
+copy_env (void);
+
+int
+do_osfc2_magic (uid_t /*uid*/);
+
+void
+extend_env (char */*str*/);
+
+int
+login_access (
+ struct passwd */*user*/,
+ char */*from*/);
+
+char *
+login_conf_get_string (const char */*str*/);
+
+int
+login_read_env (const char */*file*/);
+
+char *
+make_id (char */*tty*/);
+
+void
+prepare_utmp (
+ struct utmp */*utmp*/,
+ char */*tty*/,
+ const char */*username*/,
+ const char */*hostname*/);
+
+int
+read_limits_conf (
+ const char */*file*/,
+ const struct passwd */*pwd*/);
+
+int
+read_string (
+ const char */*prompt*/,
+ char */*buf*/,
+ size_t /*len*/,
+ int /*echo*/);
+
+void
+shrink_hostname (
+ const char */*hostname*/,
+ char */*dst*/,
+ size_t /*dst_sz*/);
+
+void
+stty_default (void);
+
+void
+utmp_login (
+ char */*tty*/,
+ const char */*username*/,
+ const char */*hostname*/);
+
+int
+utmpx_login (
+ char */*line*/,
+ const char */*user*/,
+ const char */*host*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __login_protos_h__ */
Added: vendor-crypto/heimdal/dist/appl/login/loginpaths.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/loginpaths.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/loginpaths.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: loginpaths.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __LOGIN_PATH_H
+#define __LOGIN_PATH_H
+
+#ifndef _PATH_NOLOGIN
+#define _PATH_NOLOGIN "/etc/nologin"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
+#endif
+
+#ifndef _PATH_LIMITS_CONF
+#define _PATH_LIMITS_CONF "/etc/security/limits.conf"
+#endif
+
+
+#endif /* __LOGIN_PATH_H */
Added: vendor-crypto/heimdal/dist/appl/login/osfc2.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/osfc2.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/osfc2.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+RCSID("$Id: osfc2.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+int
+do_osfc2_magic(uid_t uid)
+{
+#ifdef HAVE_OSFC2
+ struct es_passwd *epw;
+ char *argv[2];
+
+ /* fake */
+ argv[0] = (char*)getprogname();
+ argv[1] = NULL;
+ set_auth_parameters(1, argv);
+
+ epw = getespwuid(uid);
+ if(epw == NULL) {
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "getespwuid failed for %d", uid);
+ printf("Sorry.\n");
+ return 1;
+ }
+ /* We don't check for auto-retired, foo-retired,
+ bar-retired, or any other kind of retired accounts
+ here; neither do we check for time-locked accounts, or
+ any other kind of serious C2 mumbo-jumbo. We do,
+ however, call setluid, since failing to do so is not
+ very good (take my word for it). */
+
+ if(!epw->uflg->fg_uid) {
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "attempted login by %s (has no uid)", epw->ufld->fd_name);
+ printf("Sorry.\n");
+ return 1;
+ }
+ setluid(epw->ufld->fd_uid);
+ if(getluid() != epw->ufld->fd_uid) {
+ syslog(LOG_AUTHPRIV|LOG_NOTICE,
+ "failed to set LUID for %s (%d)",
+ epw->ufld->fd_name, epw->ufld->fd_uid);
+ printf("Sorry.\n");
+ return 1;
+ }
+#endif /* HAVE_OSFC2 */
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/login/read_string.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/read_string.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/read_string.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: read_string.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static sig_atomic_t intr_flag;
+
+static void
+intr(int sig)
+{
+ intr_flag++;
+}
+
+#ifndef NSIG
+#define NSIG 47
+#endif
+
+int
+read_string(const char *prompt, char *buf, size_t len, int echo)
+{
+ struct sigaction sigs[NSIG];
+ int oksigs[NSIG];
+ struct sigaction sa;
+ FILE *tty;
+ int ret = 0;
+ int of = 0;
+ int i;
+ int c;
+ char *p;
+
+ struct termios t_new, t_old;
+
+ memset(&oksigs, 0, sizeof(oksigs));
+
+ memset(&sa, 0, sizeof(sa));
+ sa.sa_handler = intr;
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = 0;
+ for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
+ if (i != SIGALRM)
+ if (sigaction(i, &sa, &sigs[i]) == 0)
+ oksigs[i] = 1;
+
+ if((tty = fopen("/dev/tty", "r")) == NULL)
+ tty = stdin;
+
+ fprintf(stderr, "%s", prompt);
+ fflush(stderr);
+
+ if(echo == 0){
+ tcgetattr(fileno(tty), &t_old);
+ memcpy(&t_new, &t_old, sizeof(t_new));
+ t_new.c_lflag &= ~ECHO;
+ tcsetattr(fileno(tty), TCSANOW, &t_new);
+ }
+ intr_flag = 0;
+ p = buf;
+ while(intr_flag == 0){
+ c = getc(tty);
+ if(c == EOF){
+ if(!ferror(tty))
+ ret = 1;
+ break;
+ }
+ if(c == '\n')
+ break;
+ if(of == 0)
+ *p++ = c;
+ of = (p == buf + len);
+ }
+ if(of)
+ p--;
+ *p = 0;
+
+ if(echo == 0){
+ printf("\n");
+ tcsetattr(fileno(tty), TCSANOW, &t_old);
+ }
+
+ if(tty != stdin)
+ fclose(tty);
+
+ for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++)
+ if (oksigs[i])
+ sigaction(i, &sigs[i], NULL);
+
+ if(ret)
+ return -3;
+ if(intr_flag)
+ return -2;
+ if(of)
+ return -1;
+ return 0;
+}
+
+
+#if 0
+int main()
+{
+ char s[128];
+ int ret;
+ ret = read_string("foo: ", s, sizeof(s), 0);
+ printf("%d ->%s<-\n", ret, s);
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/login/shadow.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/shadow.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/shadow.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: shadow.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef HAVE_SHADOW_H
+
+#ifndef _PATH_CHPASS
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif
+
+static int
+change_passwd(const struct passwd *who)
+{
+ int status;
+ pid_t pid;
+
+ switch (pid = fork()) {
+ case -1:
+ printf("fork /bin/passwd");
+ exit(1);
+ case 0:
+ execlp(_PATH_CHPASS, "passwd", who->pw_name, (char *) 0);
+ exit(1);
+ default:
+ waitpid(pid, &status, 0);
+ return (status);
+ }
+}
+
+void
+check_shadow(const struct passwd *pw, const struct spwd *sp)
+{
+ long today;
+
+ today = time(0)/(24L * 60 * 60);
+
+ if (sp == NULL)
+ return;
+
+ if (sp->sp_expire > 0) {
+ if (today >= sp->sp_expire) {
+ printf("Your account has expired.\n");
+ sleep(1);
+ exit(0);
+ } else if (sp->sp_expire - today < 14) {
+ printf("Your account will expire in %d days.\n",
+ (int)(sp->sp_expire - today));
+ }
+ }
+
+ if (sp->sp_max > 0) {
+ if (today >= (sp->sp_lstchg + sp->sp_max)) {
+ printf("Your password has expired. Choose a new one.\n");
+ change_passwd(pw);
+ } else if (sp->sp_warn > 0
+ && (today > (sp->sp_lstchg + sp->sp_max - sp->sp_warn))) {
+ printf("Your password will expire in %d days.\n",
+ (int)(sp->sp_lstchg + sp->sp_max - today));
+ }
+ }
+}
+#endif /* HAVE_SHADOW_H */
Added: vendor-crypto/heimdal/dist/appl/login/stty_default.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/stty_default.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/stty_default.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: stty_default.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <termios.h>
+
+/* HP-UX 9.0 termios doesn't define these */
+#ifndef FLUSHO
+#define FLUSHO 0
+#endif
+
+#ifndef XTABS
+#define XTABS 0
+#endif
+
+#ifndef OXTABS
+#define OXTABS XTABS
+#endif
+
+/* Ultrix... */
+#ifndef ECHOPRT
+#define ECHOPRT 0
+#endif
+
+#ifndef ECHOCTL
+#define ECHOCTL 0
+#endif
+
+#ifndef ECHOKE
+#define ECHOKE 0
+#endif
+
+#ifndef IMAXBEL
+#define IMAXBEL 0
+#endif
+
+#define Ctl(x) ((x) ^ 0100)
+
+void
+stty_default(void)
+{
+ struct termios termios;
+
+ /*
+ * Finalize the terminal settings. Some systems default to 8 bits,
+ * others to 7, so we should leave that alone.
+ */
+ tcgetattr(0, &termios);
+
+ termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
+ termios.c_iflag &= ~IXANY;
+
+ termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
+ termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
+
+ termios.c_oflag |= (OPOST|ONLCR);
+ termios.c_oflag &= ~OXTABS;
+
+ termios.c_cc[VINTR] = Ctl('C');
+ termios.c_cc[VERASE] = Ctl('H');
+ termios.c_cc[VKILL] = Ctl('U');
+ termios.c_cc[VEOF] = Ctl('D');
+
+ termios.c_cc[VSUSP] = Ctl('Z');
+
+ tcsetattr(0, TCSANOW, &termios);
+}
Added: vendor-crypto/heimdal/dist/appl/login/tty.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/tty.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/tty.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: tty.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Clean the tty name. Return a pointer to the cleaned version.
+ */
+
+char *
+clean_ttyname (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+ res += strlen(_PATH_DEV);
+ if (strncmp (res, "pty/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "ptym/", 5) == 0)
+ res += 5;
+ return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+char *
+make_id (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, "pts/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "tty", 3) == 0)
+ res += 3;
+ return res;
+}
Added: vendor-crypto/heimdal/dist/appl/login/utmp_login.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/utmp_login.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/utmp_login.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: utmp_login.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* try to put something useful from hostname into dst, dst_sz:
+ * full name, first component or address */
+
+void
+shrink_hostname (const char *hostname,
+ char *dst, size_t dst_sz)
+{
+ char local_hostname[MaxHostNameLen];
+ char *ld, *hd;
+ int ret;
+ struct addrinfo *ai;
+
+ if (strlen(hostname) < dst_sz) {
+ strlcpy (dst, hostname, dst_sz);
+ return;
+ }
+ gethostname (local_hostname, sizeof(local_hostname));
+ hd = strchr (hostname, '.');
+ ld = strchr (local_hostname, '.');
+ if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0
+ && hd - hostname < dst_sz) {
+ strlcpy (dst, hostname, dst_sz);
+ dst[hd - hostname] = '\0';
+ return;
+ }
+
+ ret = getaddrinfo (hostname, NULL, NULL, &ai);
+ if (ret) {
+ strncpy (dst, hostname, dst_sz);
+ return;
+ }
+ ret = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+ dst, dst_sz,
+ NULL, 0,
+ NI_NUMERICHOST);
+ freeaddrinfo (ai);
+ if (ret) {
+ strncpy (dst, hostname, dst_sz);
+ return;
+ }
+}
+
+void
+prepare_utmp (struct utmp *utmp, char *tty,
+ const char *username, const char *hostname)
+{
+ char *ttyx = clean_ttyname (tty);
+
+ memset(utmp, 0, sizeof(*utmp));
+ utmp->ut_time = time(NULL);
+ strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
+ strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
+
+# ifdef HAVE_STRUCT_UTMP_UT_USER
+ strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_ADDR
+ if (hostname[0]) {
+ struct hostent *he;
+ if ((he = gethostbyname(hostname)))
+ memcpy(&utmp->ut_addr, he->h_addr_list[0],
+ sizeof(utmp->ut_addr));
+ }
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_HOST
+ shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host));
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_TYPE
+ utmp->ut_type = USER_PROCESS;
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_PID
+ utmp->ut_pid = getpid();
+# endif
+
+# ifdef HAVE_STRUCT_UTMP_UT_ID
+ strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
+# endif
+}
+
+#ifdef HAVE_UTMPX_H
+void utmp_login(char *tty, const char *username, const char *hostname)
+{
+ return;
+}
+#else
+
+/* update utmp and wtmp - the BSD way */
+
+void utmp_login(char *tty, const char *username, const char *hostname)
+{
+ struct utmp utmp;
+ int fd;
+
+ prepare_utmp (&utmp, tty, username, hostname);
+
+#ifdef HAVE_SETUTENT
+ utmpname(_PATH_UTMP);
+ setutent();
+ pututline(&utmp);
+ endutent();
+#else
+
+#ifdef HAVE_TTYSLOT
+ {
+ int ttyno;
+ ttyno = ttyslot();
+ if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
+ lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+ }
+#endif /* HAVE_TTYSLOT */
+#endif /* HAVE_SETUTENT */
+
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+}
+#endif /* !HAVE_UTMPX_H */
Added: vendor-crypto/heimdal/dist/appl/login/utmpx_login.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/login/utmpx_login.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/login/utmpx_login.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,105 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
+* files may be covered by other copyrights.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that this entire copyright notice
+* is duplicated in all such copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+/* Author: Wietse Venema <wietse at wzv.win.tue.nl> */
+
+#include "login_locl.h"
+
+RCSID("$Id: utmpx_login.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* utmpx_login - update utmp and wtmp after login */
+
+#ifndef HAVE_UTMPX_H
+int utmpx_login(char *line, const char *user, const char *host) { return 0; }
+#else
+
+static void
+utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host)
+{
+ struct timeval tmp;
+ char *clean_tty = clean_ttyname(line);
+
+ strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
+#ifdef HAVE_STRUCT_UTMPX_UT_ID
+ strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
+#endif
+ strncpy(ut->ut_user, user, sizeof(ut->ut_user));
+ shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host));
+#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
+ ut->ut_syslen = strlen(host) + 1;
+ if (ut->ut_syslen > sizeof(ut->ut_host))
+ ut->ut_syslen = sizeof(ut->ut_host);
+#endif
+ ut->ut_type = USER_PROCESS;
+ gettimeofday (&tmp, 0);
+ ut->ut_tv.tv_sec = tmp.tv_sec;
+ ut->ut_tv.tv_usec = tmp.tv_usec;
+ pututxline(ut);
+#ifdef WTMPX_FILE
+ updwtmpx(WTMPX_FILE, ut);
+#elif defined(WTMP_FILE)
+ {
+ struct utmp utmp;
+ int fd;
+
+ prepare_utmp (&utmp, line, user, host);
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
+ write(fd, &utmp, sizeof(struct utmp));
+ close(fd);
+ }
+ }
+#endif
+}
+
+int
+utmpx_login(char *line, const char *user, const char *host)
+{
+ struct utmpx *ut, save_ut;
+ pid_t mypid = getpid();
+ int ret = (-1);
+
+ /*
+ * SYSV4 ttymon and login use tty port names with the "/dev/" prefix
+ * stripped off. Rlogind and telnetd, on the other hand, make utmpx
+ * entries with device names like /dev/pts/nnn. We therefore cannot use
+ * getutxline(). Return nonzero if no utmp entry was found with our own
+ * process ID for a login or user process.
+ */
+
+ while ((ut = getutxent())) {
+ /* Try to find a reusable entry */
+ if (ut->ut_pid == mypid
+ && ( ut->ut_type == INIT_PROCESS
+ || ut->ut_type == LOGIN_PROCESS
+ || ut->ut_type == USER_PROCESS)) {
+ save_ut = *ut;
+ utmpx_update(&save_ut, line, user, host);
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == -1) {
+ /* Grow utmpx file by one record. */
+ struct utmpx newut;
+ memset(&newut, 0, sizeof(newut));
+ newut.ut_pid = mypid;
+ utmpx_update(&newut, line, user, host);
+ ret = 0;
+ }
+ endutxent();
+ return (ret);
+}
+#endif /* HAVE_UTMPX_H */
Added: vendor-crypto/heimdal/dist/appl/push/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,200 @@
+2005-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * push.c: catch when snprint needs a larger buffer
+
+2004-06-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * push.c: alloc memory to handle very long lines
+
+2003-04-03 Assar Westerlund <assar at kth.se>
+
+ * push.c: fixed one incorrect fprintf to stderr
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * push.c: add names of pop states, add some more debugging and use
+ fprintf(stderr) for all dbg stmts.
+
+2001-09-04 Assar Westerlund <assar at sics.se>
+
+ * push.c (doit): check return values from snprintf being negative
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * push.c (main): handle krb5_init_context failure consistently
+
+2000-12-26 Assar Westerlund <assar at sics.se>
+
+ * push.c: support several headers, from <mattiasa at e.kth.se> use
+ estrdup, emalloc, erealloc
+
+2000-11-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * pfrom.1: work around bug in grog that makes it think it needs
+ mdoc.old
+
+ * push.8: work around bug in grog that makes it think it needs
+ mdoc.old
+
+2000-11-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * push.c: add space to usage
+
+2000-10-08 Assar Westerlund <assar at sics.se>
+
+ * push.c (doit): check that fds are not too large to select on
+
+2000-03-04 Assar Westerlund <assar at sics.se>
+
+ * add man-page for pfrom
+
+1999-12-28 Assar Westerlund <assar at sics.se>
+
+ * push.c (main): call k_getportbyname with port number in
+ network-byte-order
+
+1999-12-14 Assar Westerlund <assar at sics.se>
+
+ * push.c (do_connect): remove bogus local block variable
+
+1999-12-05 Assar Westerlund <assar at sics.se>
+
+ * push.c (do_connect): use `getaddrinfo'
+ * push.c: add --count (print number of messages and bytes at
+ beginning)
+
+1999-11-13 Assar Westerlund <assar at sics.se>
+
+ * push.c: make `-v' a arg_counter
+
+1999-11-02 Assar Westerlund <assar at sics.se>
+
+ * push.c (main): redo the v4/v5 selection for consistency. -4 ->
+ try only v4 -5 -> try only v5 none, -45 -> try v5, v4
+
+1999-08-19 Assar Westerlund <assar at sics.se>
+
+ * push.c (doit): remember to step over the error message when we
+ discover that XDELE is not supported
+
+1999-08-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * push.c: use XDELE
+
+1999-08-05 Assar Westerlund <assar at sics.se>
+
+ * push.c (do_connect): v6-ify
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * push.c: get_default_username and the resulting const propagation
+
+1999-05-21 Assar Westerlund <assar at sics.se>
+
+ * push.c (parse_pobox): try $USERNAME
+
+1999-05-11 Assar Westerlund <assar at sics.se>
+
+ * push.c (do_v5): remove unused and non-working code
+
+1999-05-10 Assar Westerlund <assar at sics.se>
+
+ * push.c (do_v5): call krb5_sendauth with ccache == NULL
+
+Wed Apr 7 23:40:00 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: fix names of hesiod variables
+
+Wed Mar 24 04:37:04 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (pfrom): fix typo
+
+ * push.c (get_pobox): try to handle old and new hesiod APIs
+
+Mon Mar 22 22:19:40 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: hesoid -> hesiod
+
+Sun Mar 21 18:02:10 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: bindir -> libexecdir
+
+Sat Mar 20 00:12:26 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: LDADD: add missing backslash
+
+Thu Mar 18 15:28:35 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: clean pfrom
+
+ * Makefile.am: include Makefile.am.common
+
+Mon Mar 15 18:26:16 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * push.c: strncasecmp headers
+
+Mon Feb 15 22:22:09 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (pfrom): use libexecdir
+
+ * Makefile.am: build and install pfrom
+
+ * push.c (do_connect): init `s'
+ (pop_state): spell-check enums
+
+Tue Nov 24 23:20:54 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: build and install pfrom
+
+ * pfrom.in: bindir -> libexecdir
+
+Sun Nov 22 15:33:52 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * push.c: eliminate some warnings
+
+Sun Nov 22 10:34:54 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (WFLAGS): set
+
+Thu Nov 19 01:17:33 1998 Assar Westerlund <assar at sics.se>
+
+ * push_locl.h: add <hesiod.h>
+
+ * Makefile.am, Makefile.in: link and include hesiod
+
+ * push.c (get_pobox): new function. add hesiod support.
+
+1998-11-07 Assar Westerlund <assar at sics.se>
+
+ * push.8: updated
+
+ * push.c: --from implementation from <lha at stacken.kth.se>
+
+Fri Jul 10 01:14:45 1998 Assar Westerlund <assar at sics.se>
+
+ * push.c (net_{read,write}): remove
+
+Wed Jun 24 14:41:41 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * push.c: allow `po:user at host' mailbox syntax
+
+Tue Jun 2 17:35:06 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * push.c: quote '^From ' properly
+
+Mon May 25 05:22:47 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (clean): PROGS -> PROGRAMS
+
+Sun Apr 26 11:42:13 1998 Assar Westerlund <assar at sics.se>
+
+ * push.c (main): better default for v4 and v5
+
+ * push.c (main): init context correctly
+
+ * push.c: should work with krb4
+
+ * push_locl.h: krb4 compat
+
+ * Makefile.in: new file
+
Added: vendor-crypto/heimdal/dist/appl/push/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hesiod)
+
+bin_SCRIPTS = pfrom
+
+libexec_PROGRAMS = push
+
+push_SOURCES = push.c push_locl.h
+
+pfrom: pfrom.in
+ sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
+ chmod +x $@
+
+man_MANS = push.8 pfrom.1
+
+CLEANFILES = pfrom
+
+EXTRA_DIST = pfrom.in $(man_MANS)
+
+LDADD = $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(LIB_hesiod)
Added: vendor-crypto/heimdal/dist/appl/push/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,915 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+libexec_PROGRAMS = push$(EXEEXT)
+subdir = appl/push
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am_push_OBJECTS = push.$(OBJEXT)
+push_OBJECTS = $(am_push_OBJECTS)
+push_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+push_DEPENDENCIES = $(LIB_krb5) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+SCRIPTS = $(bin_SCRIPTS)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(push_SOURCES)
+DIST_SOURCES = $(push_SOURCES)
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4) $(INCLUDE_hesiod)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+bin_SCRIPTS = pfrom
+push_SOURCES = push.c push_locl.h
+man_MANS = push.8 pfrom.1
+CLEANFILES = pfrom
+EXTRA_DIST = pfrom.in $(man_MANS)
+LDADD = $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(LIB_hesiod)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/push/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/push/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+push$(EXEEXT): $(push_OBJECTS) $(push_DEPENDENCIES)
+ @rm -f push$(EXEEXT)
+ $(LINK) $(push_OBJECTS) $(push_LDADD) $(LIBS)
+install-binSCRIPTS: $(bin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_SCRIPTS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f $$d$$p; then \
+ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+ echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-binSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_SCRIPTS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binSCRIPTS install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binSCRIPTS uninstall-libexecPROGRAMS \
+ uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binSCRIPTS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man1 install-man8 \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-binSCRIPTS uninstall-hook uninstall-libexecPROGRAMS \
+ uninstall-man uninstall-man1 uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+pfrom: pfrom.in
+ sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
+ chmod +x $@
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/push/pfrom.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/pfrom.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/pfrom.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: pfrom.1,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd March 4, 2000
+.Dt PFROM 1
+.Os HEIMDAL
+.Sh NAME
+.Nm pfrom
+.Nd "fetch a list of the current mail via POP"
+.Sh SYNOPSIS
+.Nm
+.Op Fl 4 | Fl -krb4
+.Op Fl 5 | Fl -krb5
+.Op Fl v | Fl -verbose
+.Op Fl c | -count
+.Op Fl -header
+.Oo Fl p Ar port-spec \*(Ba Xo
+.Fl -port= Ns Ar port-spec
+.Xc
+.Oc
+.Sh DESCRIPTION
+.Nm
+is a script that does push --from.
+.Sh SEE ALSO
+.Xr push 8
Added: vendor-crypto/heimdal/dist/appl/push/pfrom.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/pfrom.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/pfrom.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6 @@
+#!/bin/sh
+# $Id: pfrom.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+libexecdir=%libexecdir%
+PATH=$libexecdir:$PATH
+export PATH
+push --from $*
Added: vendor-crypto/heimdal/dist/appl/push/push.8
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/push.8 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/push.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,138 @@
+.\" $Id: push.8,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd May 31, 1998
+.Dt PUSH 8
+.Os HEIMDAL
+.Sh NAME
+.Nm push
+.Nd fetch mail via POP
+.Sh SYNOPSIS
+.Nm
+.Op Fl 4 | Fl -krb4
+.Op Fl 5 | Fl -krb5
+.Op Fl v | Fl -verbose
+.Op Fl f | Fl -fork
+.Op Fl l | -leave
+.Op Fl -from
+.Op Fl c | -count
+.Op Fl -headers Ns = Ns Ar headers
+.Oo Fl p Ar port-spec \*(Ba Xo
+.Fl -port Ns = Ns Ar port-spec
+.Xc
+.Oc
+.Ar po-box
+.Pa filename
+.Sh DESCRIPTION
+.Nm
+retrieves mail from the post office box
+.Ar po-box ,
+and stores the mail in mbox format in
+.Pa filename .
+The
+.Ar po-box
+can have any of the following formats:
+.Bl -hang -compact -offset indent
+.It Ql hostname:username
+.It Ql po:hostname:username
+.It Ql username at hostname
+.It Ql po:username at hostname
+.It Ql hostname
+.It Ql po:username
+.El
+.Pp
+If no username is specified,
+.Nm
+assumes that it's the same as on the local machine;
+.Ar hostname
+defaults to the value of the
+.Ev MAILHOST
+environment variable.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl 4 ,
+.Fl -krb4
+.Xc
+use Kerberos 4 (if compiled with support for Kerberos 4)
+.It Xo
+.Fl 5 ,
+.Fl -krb5
+.Xc
+use Kerberos 5 (if compiled with support for Kerberos 5)
+.It Xo
+.Fl f ,
+.Fl -fork
+.Xc
+fork before starting to delete messages
+.It Xo
+.Fl l ,
+.Fl -leave
+.Xc
+don't delete fetched mail
+.It Xo
+.Fl -from
+.Xc
+behave like from.
+.It Xo
+.Fl c ,
+.Fl -count
+.Xc
+first print how many messages and bytes there are.
+.It Xo
+.Fl -headers Ns = Ns Ar headers
+.Xc
+a list of comma-separated headers that should get printed.
+.It Xo
+.Fl p Ar port-spec ,
+.Fl -port Ns = Ns Ar port-spec
+.Xc
+use this port instead of the default
+.Ql kpop
+or
+.Ql 1109 .
+.El
+.Pp
+The default is to first try Kerberos 5 authentication and then, if
+that fails, Kerberos 4.
+.Sh ENVIRONMENT
+.Bl -tag -width Ds
+.It Ev MAILHOST
+points to the post office, if no other hostname is specified.
+.El
+.\".Sh FILES
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ push cornfield:roosta ~/.emacs-mail-crash-box
+.Ed
+.Pp
+tries to fetch mail for the user
+.Ar roosta
+from the post office at
+.Dq cornfield ,
+and stores the mail in
+.Pa ~/.emacs-mail-crash-box
+(you are using Gnus, aren't you?)
+.Bd -literal -offset indent
+$ push --from -5 havregryn
+.Ed
+.Pp
+tries to fetch
+.Sy From:
+lines for current user at post office
+.Dq havregryn
+using Kerberos 5.
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr from 1 ,
+.Xr pfrom 1 ,
+.Xr movemail 8 ,
+.Xr popper 8
+.\".Sh STANDARDS
+.Sh HISTORY
+.Nm
+was written while waiting for
+.Nm movemail
+to finish getting the mail.
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/appl/push/push.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/push.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/push.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,844 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "push_locl.h"
+RCSID("$Id: push.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+#ifdef KRB4
+static int use_v4 = -1;
+#endif
+
+#ifdef KRB5
+static int use_v5 = -1;
+static krb5_context context;
+#endif
+
+static char *port_str;
+static int verbose_level;
+static int do_fork;
+static int do_leave;
+static int do_version;
+static int do_help;
+static int do_from;
+static int do_count;
+static char *header_str;
+
+struct getargs args[] = {
+#ifdef KRB4
+ { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4",
+ NULL },
+#endif
+#ifdef KRB5
+ { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5",
+ NULL },
+#endif
+ { "verbose",'v', arg_counter, &verbose_level, "Verbose",
+ NULL },
+ { "fork", 'f', arg_flag, &do_fork, "Fork deleting proc",
+ NULL },
+ { "leave", 'l', arg_flag, &do_leave, "Leave mail on server",
+ NULL },
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "number-or-service" },
+ { "from", 0, arg_flag, &do_from, "Behave like from",
+ NULL },
+ { "headers", 0, arg_string, &header_str, "Headers to print", NULL },
+ { "count", 'c', arg_flag, &do_count, "Print number of messages", NULL},
+ { "version", 0, arg_flag, &do_version, "Print version",
+ NULL },
+ { "help", 0, arg_flag, &do_help, NULL,
+ NULL }
+
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "[[{po:username[@hostname] | hostname[:username]}] ...] "
+ "filename");
+ exit (ret);
+}
+
+static int
+do_connect (const char *hostname, int port, int nodelay)
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ int s = -1;
+ char portstr[NI_MAXSERV];
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
+
+ error = getaddrinfo (hostname, portstr, &hints, &ai);
+ if (error)
+ errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ break;
+ }
+ freeaddrinfo (ai);
+ if (a == NULL) {
+ warnx ("failed to contact %s", hostname);
+ return -1;
+ }
+
+ if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
+ (void *)&nodelay, sizeof(nodelay)) < 0)
+ err (1, "setsockopt TCP_NODELAY");
+ return s;
+}
+
+typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP,
+ DELE, XDELE, QUIT} pop_state;
+
+static char *pop_state_string[] = {
+ "INIT", "GREET", "USER", "PASS", "STAT", "RETR", "TOP",
+ "DELE", "XDELE", "QUIT"
+};
+
+#define PUSH_BUFSIZ 65536
+
+#define STEP 16
+
+struct write_state {
+ struct iovec *iovecs;
+ size_t niovecs, maxiovecs, allociovecs;
+ int fd;
+};
+
+static void
+write_state_init (struct write_state *w, int fd)
+{
+#ifdef UIO_MAXIOV
+ w->maxiovecs = UIO_MAXIOV;
+#else
+ w->maxiovecs = 16;
+#endif
+ w->allociovecs = min(STEP, w->maxiovecs);
+ w->niovecs = 0;
+ w->iovecs = emalloc(w->allociovecs * sizeof(*w->iovecs));
+ w->fd = fd;
+}
+
+static void
+write_state_add (struct write_state *w, void *v, size_t len)
+{
+ if(w->niovecs == w->allociovecs) {
+ if(w->niovecs == w->maxiovecs) {
+ if(writev (w->fd, w->iovecs, w->niovecs) < 0)
+ err(1, "writev");
+ w->niovecs = 0;
+ } else {
+ w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs);
+ w->iovecs = erealloc (w->iovecs,
+ w->allociovecs * sizeof(*w->iovecs));
+ }
+ }
+ w->iovecs[w->niovecs].iov_base = v;
+ w->iovecs[w->niovecs].iov_len = len;
+ ++w->niovecs;
+}
+
+static void
+write_state_flush (struct write_state *w)
+{
+ if (w->niovecs) {
+ if (writev (w->fd, w->iovecs, w->niovecs) < 0)
+ err (1, "writev");
+ w->niovecs = 0;
+ }
+}
+
+static void
+write_state_destroy (struct write_state *w)
+{
+ free (w->iovecs);
+}
+
+static int
+doit(int s,
+ const char *host,
+ const char *user,
+ const char *outfilename,
+ const char *header_str,
+ int leavep,
+ int verbose,
+ int forkp)
+{
+ int ret;
+ char out_buf[PUSH_BUFSIZ];
+ int out_len = 0;
+ char *in_buf;
+ size_t in_buf_size;
+ size_t in_len = 0;
+ char *in_ptr;
+ pop_state state = INIT;
+ unsigned count, bytes;
+ unsigned asked_for = 0, retrieved = 0, asked_deleted = 0, deleted = 0;
+ unsigned sent_xdele = 0;
+ int out_fd;
+ char from_line[128];
+ size_t from_line_length;
+ time_t now;
+ struct write_state write_state;
+ int numheaders = 1;
+ char **headers = NULL;
+ int i;
+ char *tmp = NULL;
+
+ in_buf = emalloc(PUSH_BUFSIZ + 1);
+ in_ptr = in_buf;
+ in_buf_size = PUSH_BUFSIZ;
+
+ if (do_from) {
+ char *tmp2;
+
+ tmp2 = tmp = estrdup(header_str);
+
+ out_fd = -1;
+ if (verbose)
+ fprintf (stderr, "%s@%s\n", user, host);
+ while (*tmp != '\0') {
+ tmp = strchr(tmp, ',');
+ if (tmp == NULL)
+ break;
+ tmp++;
+ numheaders++;
+ }
+
+ headers = emalloc(sizeof(char *) * (numheaders + 1));
+ for (i = 0; i < numheaders; i++) {
+ headers[i] = strtok_r(tmp2, ",", &tmp2);
+ }
+ headers[numheaders] = NULL;
+ } else {
+ out_fd = open(outfilename, O_WRONLY | O_APPEND | O_CREAT, 0666);
+ if (out_fd < 0)
+ err (1, "open %s", outfilename);
+ if (verbose)
+ fprintf (stderr, "%s@%s -> %s\n", user, host, outfilename);
+ }
+
+ now = time(NULL);
+ from_line_length = snprintf (from_line, sizeof(from_line),
+ "From %s %s", "push", ctime(&now));
+ if (from_line_length < 0 || from_line_length > sizeof(from_line))
+ errx (1, "snprintf failed");
+
+ out_len = snprintf (out_buf, sizeof(out_buf),
+ "USER %s\r\nPASS hej\r\nSTAT\r\n",
+ user);
+ if (out_len < 0 || out_len > sizeof(out_buf))
+ errx (1, "snprintf failed");
+ if (net_write (s, out_buf, out_len) != out_len)
+ err (1, "write");
+ if (verbose > 1)
+ fprintf (stderr, "%s", out_buf);
+
+ if (!do_from)
+ write_state_init (&write_state, out_fd);
+
+ while(state != QUIT) {
+ fd_set readset, writeset;
+
+ FD_ZERO(&readset);
+ FD_ZERO(&writeset);
+ if (s >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET(s,&readset);
+
+ if (verbose > 1)
+ fprintf (stderr, "state: %s count: %d asked_for: %d "
+ "retrieved: %d asked_deleted: %d\n",
+ pop_state_string[state],
+ count, asked_for, retrieved, asked_deleted);
+
+ if (((state == STAT || state == RETR || state == TOP)
+ && asked_for < count)
+ || (state == XDELE && !sent_xdele)
+ || (state == DELE && asked_deleted < count))
+ FD_SET(s,&writeset);
+ ret = select (s + 1, &readset, &writeset, NULL, NULL);
+ if (ret < 0) {
+ if (errno == EAGAIN)
+ continue;
+ else
+ err (1, "select");
+ }
+
+ if (FD_ISSET(s, &readset)) {
+ char *beg, *p;
+ size_t rem;
+ int blank_line = 0;
+
+ if(in_len >= in_buf_size) {
+ char *tmp = erealloc(in_buf, in_buf_size + PUSH_BUFSIZ + 1);
+ in_ptr = tmp + (in_ptr - in_buf);
+ in_buf = tmp;
+ in_buf_size += PUSH_BUFSIZ;
+ }
+
+ ret = read (s, in_ptr, in_buf_size - in_len);
+ if (ret < 0)
+ err (1, "read");
+ else if (ret == 0)
+ errx (1, "EOF during read");
+
+ in_len += ret;
+ in_ptr += ret;
+ *in_ptr = '\0';
+
+ beg = in_buf;
+ rem = in_len;
+ while(rem > 1
+ && (p = strstr(beg, "\r\n")) != NULL) {
+ if (state == TOP) {
+ char *copy = beg;
+
+ for (i = 0; i < numheaders; i++) {
+ size_t len;
+
+ len = min(p - copy + 1, strlen(headers[i]));
+ if (strncasecmp(copy, headers[i], len) == 0) {
+ fprintf (stdout, "%.*s\n", (int)(p - copy), copy);
+ }
+ }
+ if (beg[0] == '.' && beg[1] == '\r' && beg[2] == '\n') {
+ if (numheaders > 1)
+ fprintf (stdout, "\n");
+ state = STAT;
+ if (++retrieved == count) {
+ state = QUIT;
+ net_write (s, "QUIT\r\n", 6);
+ if (verbose > 1)
+ fprintf (stderr, "QUIT\r\n");
+ }
+ }
+ rem -= p - beg + 2;
+ beg = p + 2;
+ } else if (state == RETR) {
+ char *copy = beg;
+ if (beg[0] == '.') {
+ if (beg[1] == '\r' && beg[2] == '\n') {
+ if(!blank_line)
+ write_state_add(&write_state, "\n", 1);
+ state = STAT;
+ rem -= p - beg + 2;
+ beg = p + 2;
+ if (++retrieved == count) {
+ write_state_flush (&write_state);
+ if (fsync (out_fd) < 0)
+ err (1, "fsync");
+ close(out_fd);
+ if (leavep) {
+ state = QUIT;
+ net_write (s, "QUIT\r\n", 6);
+ if (verbose > 1)
+ fprintf (stderr, "QUIT\r\n");
+ } else {
+ if (forkp) {
+ pid_t pid;
+
+ pid = fork();
+ if (pid < 0)
+ warn ("fork");
+ else if(pid != 0) {
+ if(verbose)
+ fprintf (stderr,
+ "(exiting)");
+ return 0;
+ }
+ }
+
+ state = XDELE;
+ if (verbose)
+ fprintf (stderr, "deleting... ");
+ }
+ }
+ continue;
+ } else
+ ++copy;
+ }
+ *p = '\n';
+ if(blank_line &&
+ strncmp(copy, "From ", min(p - copy + 1, 5)) == 0)
+ write_state_add(&write_state, ">", 1);
+ write_state_add(&write_state, copy, p - copy + 1);
+ blank_line = (*copy == '\n');
+ rem -= p - beg + 2;
+ beg = p + 2;
+ } else if (rem >= 3 && strncmp (beg, "+OK", 3) == 0) {
+ if (state == STAT) {
+ if (!do_from)
+ write_state_add(&write_state,
+ from_line, from_line_length);
+ blank_line = 0;
+ if (do_from)
+ state = TOP;
+ else
+ state = RETR;
+ } else if (state == XDELE) {
+ state = QUIT;
+ net_write (s, "QUIT\r\n", 6);
+ if (verbose > 1)
+ fprintf (stderr, "QUIT\r\n");
+ break;
+ } else if (state == DELE) {
+ if (++deleted == count) {
+ state = QUIT;
+ net_write (s, "QUIT\r\n", 6);
+ if (verbose > 1)
+ fprintf (stderr, "QUIT\r\n");
+ break;
+ }
+ } else if (++state == STAT) {
+ if(sscanf (beg + 4, "%u %u", &count, &bytes) != 2)
+ errx(1, "Bad STAT-line: %.*s", (int)(p - beg), beg);
+ if (verbose) {
+ fprintf (stderr, "%u message(s) (%u bytes). "
+ "fetching... ",
+ count, bytes);
+ if (do_from)
+ fprintf (stderr, "\n");
+ } else if (do_count) {
+ fprintf (stderr, "%u message(s) (%u bytes).\n",
+ count, bytes);
+ }
+ if (count == 0) {
+ state = QUIT;
+ net_write (s, "QUIT\r\n", 6);
+ if (verbose > 1)
+ fprintf (stderr, "QUIT\r\n");
+ break;
+ }
+ }
+
+ rem -= p - beg + 2;
+ beg = p + 2;
+ } else {
+ if(state == XDELE) {
+ state = DELE;
+ rem -= p - beg + 2;
+ beg = p + 2;
+ } else
+ errx (1, "Bad response: %.*s", (int)(p - beg), beg);
+ }
+ }
+ if (!do_from)
+ write_state_flush (&write_state);
+
+ memmove (in_buf, beg, rem);
+ in_len = rem;
+ in_ptr = in_buf + rem;
+ }
+ if (FD_ISSET(s, &writeset)) {
+ if ((state == STAT && !do_from) || state == RETR)
+ out_len = snprintf (out_buf, sizeof(out_buf),
+ "RETR %u\r\n", ++asked_for);
+ else if ((state == STAT && do_from) || state == TOP)
+ out_len = snprintf (out_buf, sizeof(out_buf),
+ "TOP %u 0\r\n", ++asked_for);
+ else if(state == XDELE) {
+ out_len = snprintf(out_buf, sizeof(out_buf),
+ "XDELE %u %u\r\n", 1, count);
+ sent_xdele++;
+ }
+ else if(state == DELE)
+ out_len = snprintf (out_buf, sizeof(out_buf),
+ "DELE %u\r\n", ++asked_deleted);
+ if (out_len < 0 || out_len > sizeof(out_buf))
+ errx (1, "snprintf failed");
+ if (net_write (s, out_buf, out_len) != out_len)
+ err (1, "write");
+ if (verbose > 1)
+ fprintf (stderr, "%s", out_buf);
+ }
+ }
+ if (verbose)
+ fprintf (stderr, "Done\n");
+ if (do_from) {
+ free (tmp);
+ free (headers);
+ } else {
+ write_state_destroy (&write_state);
+ }
+ return 0;
+}
+
+#ifdef KRB5
+static int
+do_v5 (const char *host,
+ int port,
+ const char *user,
+ const char *filename,
+ const char *header_str,
+ int leavep,
+ int verbose,
+ int forkp)
+{
+ krb5_error_code ret;
+ krb5_auth_context auth_context = NULL;
+ krb5_principal server;
+ int s;
+
+ s = do_connect (host, port, 1);
+ if (s < 0)
+ return 1;
+
+ ret = krb5_sname_to_principal (context,
+ host,
+ "pop",
+ KRB5_NT_SRV_HST,
+ &server);
+ if (ret) {
+ warnx ("krb5_sname_to_principal: %s",
+ krb5_get_err_text (context, ret));
+ return 1;
+ }
+
+ ret = krb5_sendauth (context,
+ &auth_context,
+ &s,
+ "KPOPV1.0",
+ NULL,
+ server,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ krb5_free_principal (context, server);
+ if (ret) {
+ warnx ("krb5_sendauth: %s",
+ krb5_get_err_text (context, ret));
+ return 1;
+ }
+ return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
+}
+#endif
+
+#ifdef KRB4
+static int
+do_v4 (const char *host,
+ int port,
+ const char *user,
+ const char *filename,
+ const char *header_str,
+ int leavep,
+ int verbose,
+ int forkp)
+{
+ KTEXT_ST ticket;
+ MSG_DAT msg_data;
+ CREDENTIALS cred;
+ des_key_schedule sched;
+ int s;
+ int ret;
+
+ s = do_connect (host, port, 1);
+ if (s < 0)
+ return 1;
+ ret = krb_sendauth(0,
+ s,
+ &ticket,
+ "pop",
+ (char *)host,
+ krb_realmofhost(host),
+ getpid(),
+ &msg_data,
+ &cred,
+ sched,
+ NULL,
+ NULL,
+ "KPOPV0.1");
+ if(ret) {
+ warnx("krb_sendauth: %s", krb_get_err_text(ret));
+ return 1;
+ }
+ return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
+}
+#endif /* KRB4 */
+
+#ifdef HESIOD
+
+#ifdef HESIOD_INTERFACES
+
+static char *
+hesiod_get_pobox (const char **user)
+{
+ void *context;
+ struct hesiod_postoffice *hpo;
+ char *ret = NULL;
+
+ if(hesiod_init (&context) != 0)
+ err (1, "hesiod_init");
+
+ hpo = hesiod_getmailhost (context, *user);
+ if (hpo == NULL) {
+ warn ("hesiod_getmailhost %s", *user);
+ } else {
+ if (strcasecmp(hpo->hesiod_po_type, "pop") != 0)
+ errx (1, "Unsupported po type %s", hpo->hesiod_po_type);
+
+ ret = estrdup(hpo->hesiod_po_host);
+ *user = estrdup(hpo->hesiod_po_name);
+ hesiod_free_postoffice (context, hpo);
+ }
+ hesiod_end (context);
+ return ret;
+}
+
+#else /* !HESIOD_INTERFACES */
+
+static char *
+hesiod_get_pobox (const char **user)
+{
+ char *ret = NULL;
+ struct hes_postoffice *hpo;
+
+ hpo = hes_getmailhost (*user);
+ if (hpo == NULL) {
+ warn ("hes_getmailhost %s", *user);
+ } else {
+ if (strcasecmp(hpo->po_type, "pop") != 0)
+ errx (1, "Unsupported po type %s", hpo->po_type);
+
+ ret = estrdup(hpo->po_host);
+ *user = estrdup(hpo->po_name);
+ }
+ return ret;
+}
+
+#endif /* HESIOD_INTERFACES */
+
+#endif /* HESIOD */
+
+static char *
+get_pobox (const char **user)
+{
+ char *ret = NULL;
+
+#ifdef HESIOD
+ ret = hesiod_get_pobox (user);
+#endif
+
+ if (ret == NULL)
+ ret = getenv("MAILHOST");
+ if (ret == NULL)
+ errx (1, "MAILHOST not set");
+ return ret;
+}
+
+static void
+parse_pobox (char *a0, const char **host, const char **user)
+{
+ const char *h, *u;
+ char *p;
+ int po = 0;
+
+ if (a0 == NULL) {
+
+ *user = getenv ("USERNAME");
+ if (*user == NULL) {
+ struct passwd *pwd = getpwuid (getuid ());
+
+ if (pwd == NULL)
+ errx (1, "Who are you?");
+ *user = estrdup (pwd->pw_name);
+ }
+ *host = get_pobox (user);
+ return;
+ }
+
+ /* if the specification starts with po:, remember this information */
+ if(strncmp(a0, "po:", 3) == 0) {
+ a0 += 3;
+ po++;
+ }
+ /* if there is an `@', the hostname is after it, otherwise at the
+ beginning of the string */
+ p = strchr(a0, '@');
+ if(p != NULL) {
+ *p++ = '\0';
+ h = p;
+ } else {
+ h = a0;
+ }
+ /* if there is a `:', the username comes before it, otherwise at
+ the beginning of the string */
+ p = strchr(a0, ':');
+ if(p != NULL) {
+ *p++ = '\0';
+ u = p;
+ } else {
+ u = a0;
+ }
+ if(h == u) {
+ /* some inconsistent compatibility with various mailers */
+ if(po) {
+ h = get_pobox (&u);
+ } else {
+ u = get_default_username ();
+ if (u == NULL)
+ errx (1, "Who are you?");
+ }
+ }
+ *host = h;
+ *user = u;
+}
+
+int
+main(int argc, char **argv)
+{
+ int port = 0;
+ int optind = 0;
+ int ret = 1;
+ const char *host, *user, *filename = NULL;
+ char *pobox = NULL;
+
+ setprogname (argv[0]);
+
+#ifdef KRB5
+ {
+ krb5_error_code ret;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+ }
+#endif
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+
+ argc -= optind;
+ argv += optind;
+
+#if defined(KRB4) && defined(KRB5)
+ if(use_v4 == -1 && use_v5 == 1)
+ use_v4 = 0;
+ if(use_v5 == -1 && use_v4 == 1)
+ use_v5 = 0;
+#endif
+
+ if (do_help)
+ usage (0);
+
+ if (do_version) {
+ print_version(NULL);
+ return 0;
+ }
+
+ if (do_from && header_str == NULL)
+ header_str = "From:";
+ else if (header_str != NULL)
+ do_from = 1;
+
+ if (do_from) {
+ if (argc == 0)
+ pobox = NULL;
+ else if (argc == 1)
+ pobox = argv[0];
+ else
+ usage (1);
+ } else {
+ if (argc == 1) {
+ filename = argv[0];
+ pobox = NULL;
+ } else if (argc == 2) {
+ filename = argv[1];
+ pobox = argv[0];
+ } else
+ usage (1);
+ }
+
+ if (port_str) {
+ struct servent *s = roken_getservbyname (port_str, "tcp");
+
+ if (s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ port = htons(port);
+ }
+ }
+ if (port == 0) {
+#ifdef KRB5
+ port = krb5_getportbyname (context, "kpop", "tcp", 1109);
+#elif defined(KRB4)
+ port = k_getportbyname ("kpop", "tcp", htons(1109));
+#else
+#error must define KRB4 or KRB5
+#endif
+ }
+
+ parse_pobox (pobox, &host, &user);
+
+#ifdef KRB5
+ if (ret && use_v5) {
+ ret = do_v5 (host, port, user, filename, header_str,
+ do_leave, verbose_level, do_fork);
+ }
+#endif
+
+#ifdef KRB4
+ if (ret && use_v4) {
+ ret = do_v4 (host, port, user, filename, header_str,
+ do_leave, verbose_level, do_fork);
+ }
+#endif /* KRB4 */
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/appl/push/push_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/push/push_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/push/push_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: push_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HESIOD
+#include <hesiod.h>
+#endif
+
+#include <roken.h>
+#include <err.h>
+#include <getarg.h>
+#ifdef KRB5
+#include <krb5.h>
+#endif
+
+#ifdef KRB4
+#include <krb.h>
+#endif
Added: vendor-crypto/heimdal/dist/appl/rcp/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,125 @@
+2007-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add missing files, from Buchan Milne.
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: more files
+
+2006-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c: Check return values from setuid, prompted by MIT
+ advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+ Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084.
+
+ * rcp.c: Check return values from setuid, prompted by MIT
+ advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+ Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084.
+
+ * rcp.c: Check return values from seteuid, prompted by MIT
+ advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus
+ Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084.
+
+2005-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rcp.c: Check return value from asprintf instead of string !=
+ NULL since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+2005-08-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c: Explicit typecast to avoid signess warning.
+
+2005-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rcp_locl.h: undef _PATH_RSH to make sure our version is used
+
+2005-05-11 David Love <fx at gnu.org>
+
+ * rcp.c: MODEMASK is defined in sys/vnode.h on Solaris, so undef
+ it before we define our own.
+
+2005-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rcp_locl.h: use BINDIR instead of "/usr/bin/ with _PATH_RSH
+
+2005-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c: use unsigned char * to make sure its not negative when
+ passing it to is* functions
+
+2004-05-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * rcp.c: add -e (passed to rsh)
+
+2003-04-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * rcp.1: add a HISTORY section
+
+ * rcp.1: brief manpage
+
+ * rcp.c: add a -4 option
+
+2001-09-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * rcp.c: more va_* fixing; from Thomas Klausner
+
+2001-09-08 Assar Westerlund <assar at sics.se>
+
+ * rcp.c (run_err): always match va_start and va_end
+
+2001-09-04 Assar Westerlund <assar at sics.se>
+
+ * util.c (allocbuf): do not leak memory on failure and zero
+ re-used memory, from Markus Friedl <markus at openbsd.org>
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * rcp.c (main): add missing setprogname
+
+2001-06-14 Assar Westerlund <assar at sics.se>
+
+ * rcp.c: add some const replace a few malloc/snprintf with
+ asprintf
+ * rcp.c (sizestr): remove and use snprintf to do this correctly
+ instead
+
+2001-04-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * rcp.c: convert to use getarg
+
+ * rcp.c: do a better job of supporting files larger than 2GB
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * rcp.c: add -F for forwarding ticket, from Ake Sandgren
+ <ake at cs.umu.se>
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * util.c (roundup): add fallback definition
+
+ * rcp.c: remove non-STDC code
+ * rcp_locl.h: add sys/types.h and sys/wait.h
+
+ * rcp.c: no calls to err with NULL
+
+2001-01-28 Assar Westerlund <assar at sics.se>
+
+ * rcp_locl.h: add
+
+ * Makefile.am (LDADD): remove unused libraries
+
+2001-01-27 Assar Westerlund <assar at sics.se>
+
+ * util.c: replace vfork by fork
+
+ * rcp.c: add RCSID S_ISTXT -> S_ISVTX printf sizes of files with
+ %lu instead of %q (which is not portable)
+
+ * util.c: add RCSID do not use sig_t
+ * rcp.c: remove __P, use st_mtime et al from struct stat
+ * extern.h: remove __P
+
+ * initial import of port of bsd rcp changed to use existing rsh,
+ contributed by Richard Nyberg <rnyberg at it.su.se>
+
Added: vendor-crypto/heimdal/dist/appl/rcp/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+bin_PROGRAMS = rcp
+
+rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h
+
+man_MANS = rcp.1
+
+EXTRA_DIST = $(man_MANS)
+
+LDADD = $(LIB_roken)
Added: vendor-crypto/heimdal/dist/appl/rcp/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,829 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+bin_PROGRAMS = rcp$(EXEEXT)
+subdir = appl/rcp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_rcp_OBJECTS = rcp.$(OBJEXT) util.$(OBJEXT)
+rcp_OBJECTS = $(am_rcp_OBJECTS)
+rcp_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+rcp_DEPENDENCIES = $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(rcp_SOURCES)
+DIST_SOURCES = $(rcp_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h
+man_MANS = rcp.1
+EXTRA_DIST = $(man_MANS)
+LDADD = $(LIB_roken)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/rcp/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/rcp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+rcp$(EXEEXT): $(rcp_OBJECTS) $(rcp_DEPENDENCIES)
+ @rm -f rcp$(EXEEXT)
+ $(LINK) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-hook \
+ uninstall-man uninstall-man1
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/rcp/extern.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/extern.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/extern.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,51 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)extern.h 8.1 (Berkeley) 5/31/93
+ * $FreeBSD$
+ */
+
+typedef struct {
+ int cnt;
+ char *buf;
+} BUF;
+
+extern int iamremote;
+
+BUF *allocbuf (BUF *, int, int);
+char *colon (char *);
+void lostconn (int);
+void nospace (void);
+int okname (char *);
+void run_err (const char *, ...);
+int susystem (char *, int);
+void verifydir (char *);
Added: vendor-crypto/heimdal/dist/appl/rcp/rcp.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/rcp.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/rcp.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+.\" $Id: rcp.1,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd April 16, 2003
+.Dt RCP 1
+.Os HEIMDAL
+.Sh NAME
+.Nm rcp
+.Nd
+copy file to and from remote machines
+.Sh SYNOPSIS
+.Nm rcp
+.Op Fl 45FKpxz
+.Op Fl P Ar port
+.Ar file1 file2
+.Nm rcp
+.Op Fl 45FKprxz
+.Op Fl P Ar port
+.Ar file... directory
+.Sh DESCRIPTION
+.Nm rcp
+copies files between machines. Each file argument is either a remote file name of the form
+.Dq rname at rhost:path
+or a local file (containing no colon or with a slash before the first
+colon).
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl 4 ,
+.Fl 5 ,
+.Fl K ,
+.Fl F ,
+.Fl x ,
+.Fl z
+.Xc
+These options are passed on to
+.Xr rsh 1 .
+.It Fl P Ar port
+This will pass the option
+.Fl p Ar port
+to
+.Xr rsh 1 .
+.It Fl p
+Preserve file permissions.
+.It Fl r
+Copy source directories recursively.
+.El
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.Sh DIAGNOSTICS
+.Nm rcp
+is implemented as a protocol on top of
+.Xr rsh 1 ,
+and thus requires a working rsh. If you intend to use Kerberos
+authentication, rsh needs to be Kerberos aware, else you may see more
+or less strange errors, such as "login incorrect", or "lost
+connection".
+.\".Sh SEE ALSO
+.\".Sh STANDARDS
+.Sh HISTORY
+The
+.Nm rcp
+utility first appeared in 4.2BSD. This version is derived from
+4.3BSD-Reno.
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/appl/rcp/rcp.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/rcp.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/rcp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,802 @@
+/*
+ * Copyright (c) 1983, 1990, 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "rcp_locl.h"
+#include <getarg.h>
+
+#define RSH_PROGRAM "rsh"
+
+struct passwd *pwd;
+uid_t userid;
+int errs, remin, remout;
+int pflag, iamremote, iamrecursive, targetshouldbedirectory;
+int doencrypt, noencrypt;
+int usebroken, usekrb4, usekrb5, forwardtkt;
+char *port;
+int eflag = 0;
+
+#define CMDNEEDS 64
+char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
+
+int response (void);
+void rsource (char *, struct stat *);
+void sink (int, char *[]);
+void source (int, char *[]);
+void tolocal (int, char *[]);
+void toremote (char *, int, char *[]);
+
+int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout);
+
+static int fflag, tflag;
+
+static int version_flag, help_flag;
+
+struct getargs args[] = {
+ { NULL, '4', arg_flag, &usekrb4, "use Kerberos 4 authentication" },
+ { NULL, '5', arg_flag, &usekrb5, "use Kerberos 5 authentication" },
+ { NULL, 'F', arg_flag, &forwardtkt, "forward credentials" },
+ { NULL, 'K', arg_flag, &usebroken, "use BSD authentication" },
+ { NULL, 'P', arg_string, &port, "non-default port", "port" },
+ { NULL, 'p', arg_flag, &pflag, "preserve file permissions" },
+ { NULL, 'r', arg_flag, &iamrecursive, "recursive mode" },
+ { NULL, 'x', arg_flag, &doencrypt, "use encryption" },
+ { NULL, 'z', arg_flag, &noencrypt, "don't encrypt" },
+ { NULL, 'd', arg_flag, &targetshouldbedirectory },
+ { NULL, 'e', arg_flag, &eflag, "passed to rsh" },
+ { NULL, 'f', arg_flag, &fflag },
+ { NULL, 't', arg_flag, &tflag },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "file1 file2|file... directory");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *targ;
+ int optind = 0;
+
+ setprogname(argv[0]);
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+ if(help_flag)
+ usage(0);
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ iamremote = (fflag || tflag);
+
+ argc -= optind;
+ argv += optind;
+
+ if ((pwd = getpwuid(userid = getuid())) == NULL)
+ errx(1, "unknown user %d", (int)userid);
+
+ remin = STDIN_FILENO; /* XXX */
+ remout = STDOUT_FILENO;
+
+ if (fflag) { /* Follow "protocol", send data. */
+ response();
+ if (setuid(userid) < 0)
+ errx(1, "setuid failed");
+ source(argc, argv);
+ exit(errs);
+ }
+
+ if (tflag) { /* Receive data. */
+ if (setuid(userid) < 0)
+ errx(1, "setuid failed");
+ sink(argc, argv);
+ exit(errs);
+ }
+
+ if (argc < 2)
+ usage(1);
+ if (argc > 2)
+ targetshouldbedirectory = 1;
+
+ remin = remout = -1;
+ /* Command to be executed on remote system using "rsh". */
+ snprintf(cmd, sizeof(cmd),
+ "rcp%s%s%s", iamrecursive ? " -r" : "",
+ pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
+
+ signal(SIGPIPE, lostconn);
+
+ if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */
+ toremote(targ, argc, argv);
+ else {
+ tolocal(argc, argv); /* Dest is local host. */
+ if (targetshouldbedirectory)
+ verifydir(argv[argc - 1]);
+ }
+ exit(errs);
+}
+
+void
+toremote(char *targ, int argc, char **argv)
+{
+ int i;
+ char *bp, *host, *src, *suser, *thost, *tuser;
+
+ *targ++ = 0;
+ if (*targ == 0)
+ targ = ".";
+
+ if ((thost = strchr(argv[argc - 1], '@'))) {
+ /* user at host */
+ *thost++ = 0;
+ tuser = argv[argc - 1];
+ if (*tuser == '\0')
+ tuser = NULL;
+ else if (!okname(tuser))
+ exit(1);
+ } else {
+ thost = argv[argc - 1];
+ tuser = NULL;
+ }
+
+ for (i = 0; i < argc - 1; i++) {
+ src = colon(argv[i]);
+ if (src) { /* remote to remote */
+ int ret;
+ *src++ = 0;
+ if (*src == 0)
+ src = ".";
+ host = strchr(argv[i], '@');
+ if (host) {
+ *host++ = '\0';
+ suser = argv[i];
+ if (*suser == '\0')
+ suser = pwd->pw_name;
+ else if (!okname(suser))
+ continue;
+ ret = asprintf(&bp,
+ "%s%s %s -l %s -n %s %s '%s%s%s:%s'",
+ _PATH_RSH, eflag ? " -e" : "",
+ host, suser, cmd, src,
+ tuser ? tuser : "", tuser ? "@" : "",
+ thost, targ);
+ } else {
+ ret = asprintf(&bp,
+ "exec %s%s %s -n %s %s '%s%s%s:%s'",
+ _PATH_RSH, eflag ? " -e" : "",
+ argv[i], cmd, src,
+ tuser ? tuser : "", tuser ? "@" : "",
+ thost, targ);
+ }
+ if (ret == -1)
+ err (1, "malloc");
+ susystem(bp, userid);
+ free(bp);
+ } else { /* local to remote */
+ if (remin == -1) {
+ if (asprintf(&bp, "%s -t %s", cmd, targ) == -1)
+ err (1, "malloc");
+ host = thost;
+
+ if (do_cmd(host, tuser, bp, &remin, &remout) < 0)
+ exit(1);
+
+ if (response() < 0)
+ exit(1);
+ free(bp);
+ if (setuid(userid) < 0)
+ errx(1, "setuid failed");
+ }
+ source(1, argv+i);
+ }
+ }
+}
+
+void
+tolocal(int argc, char **argv)
+{
+ int i;
+ char *bp, *host, *src, *suser;
+
+ for (i = 0; i < argc - 1; i++) {
+ int ret;
+
+ if (!(src = colon(argv[i]))) { /* Local to local. */
+ ret = asprintf(&bp, "exec %s%s%s %s %s", _PATH_CP,
+ iamrecursive ? " -PR" : "", pflag ? " -p" : "",
+ argv[i], argv[argc - 1]);
+ if (ret == -1)
+ err (1, "malloc");
+ if (susystem(bp, userid))
+ ++errs;
+ free(bp);
+ continue;
+ }
+ *src++ = 0;
+ if (*src == 0)
+ src = ".";
+ if ((host = strchr(argv[i], '@')) == NULL) {
+ host = argv[i];
+ suser = pwd->pw_name;
+ } else {
+ *host++ = 0;
+ suser = argv[i];
+ if (*suser == '\0')
+ suser = pwd->pw_name;
+ else if (!okname(suser))
+ continue;
+ }
+ ret = asprintf(&bp, "%s -f %s", cmd, src);
+ if (ret == -1)
+ err (1, "malloc");
+ if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
+ free(bp);
+ ++errs;
+ continue;
+ }
+ free(bp);
+ sink(1, argv + argc - 1);
+ if (seteuid(0) < 0)
+ exit(1);
+ close(remin);
+ remin = remout = -1;
+ }
+}
+
+void
+source(int argc, char **argv)
+{
+ struct stat stb;
+ static BUF buffer;
+ BUF *bp;
+ off_t i;
+ int amt, fd, haderr, indx, result;
+ char *last, *name, buf[BUFSIZ];
+
+ for (indx = 0; indx < argc; ++indx) {
+ name = argv[indx];
+ if ((fd = open(name, O_RDONLY, 0)) < 0)
+ goto syserr;
+ if (fstat(fd, &stb)) {
+syserr: run_err("%s: %s", name, strerror(errno));
+ goto next;
+ }
+ switch (stb.st_mode & S_IFMT) {
+ case S_IFREG:
+ break;
+ case S_IFDIR:
+ if (iamrecursive) {
+ rsource(name, &stb);
+ goto next;
+ }
+ /* FALLTHROUGH */
+ default:
+ run_err("%s: not a regular file", name);
+ goto next;
+ }
+ if ((last = strrchr(name, '/')) == NULL)
+ last = name;
+ else
+ ++last;
+ if (pflag) {
+ /*
+ * Make it compatible with possible future
+ * versions expecting microseconds.
+ */
+ snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
+ (long)stb.st_mtime,
+ (long)stb.st_atime);
+ write(remout, buf, strlen(buf));
+ if (response() < 0)
+ goto next;
+ }
+#undef MODEMASK
+#define MODEMASK (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)
+ snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
+ stb.st_mode & MODEMASK,
+ (unsigned long)stb.st_size,
+ last);
+ write(remout, buf, strlen(buf));
+ if (response() < 0)
+ goto next;
+ if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) {
+next: close(fd);
+ continue;
+ }
+
+ /* Keep writing after an error so that we stay sync'd up. */
+ for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
+ amt = bp->cnt;
+ if (i + amt > stb.st_size)
+ amt = stb.st_size - i;
+ if (!haderr) {
+ result = read(fd, bp->buf, amt);
+ if (result != amt)
+ haderr = result >= 0 ? EIO : errno;
+ }
+ if (haderr)
+ write(remout, bp->buf, amt);
+ else {
+ result = write(remout, bp->buf, amt);
+ if (result != amt)
+ haderr = result >= 0 ? EIO : errno;
+ }
+ }
+ if (close(fd) && !haderr)
+ haderr = errno;
+ if (!haderr)
+ write(remout, "", 1);
+ else
+ run_err("%s: %s", name, strerror(haderr));
+ response();
+ }
+}
+
+void
+rsource(char *name, struct stat *statp)
+{
+ DIR *dirp;
+ struct dirent *dp;
+ char *last, *vect[1], path[MAXPATHLEN];
+
+ if (!(dirp = opendir(name))) {
+ run_err("%s: %s", name, strerror(errno));
+ return;
+ }
+ last = strrchr(name, '/');
+ if (last == 0)
+ last = name;
+ else
+ last++;
+ if (pflag) {
+ snprintf(path, sizeof(path), "T%ld 0 %ld 0\n",
+ (long)statp->st_mtime,
+ (long)statp->st_atime);
+ write(remout, path, strlen(path));
+ if (response() < 0) {
+ closedir(dirp);
+ return;
+ }
+ }
+ snprintf(path, sizeof(path),
+ "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last);
+ write(remout, path, strlen(path));
+ if (response() < 0) {
+ closedir(dirp);
+ return;
+ }
+ while ((dp = readdir(dirp))) {
+ if (dp->d_ino == 0)
+ continue;
+ if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
+ continue;
+ if (strlen(name) + 1 + strlen(dp->d_name) >= MAXPATHLEN - 1) {
+ run_err("%s/%s: name too long", name, dp->d_name);
+ continue;
+ }
+ snprintf(path, sizeof(path), "%s/%s", name, dp->d_name);
+ vect[0] = path;
+ source(1, vect);
+ }
+ closedir(dirp);
+ write(remout, "E\n", 2);
+ response();
+}
+
+void
+sink(int argc, char **argv)
+{
+ static BUF buffer;
+ struct stat stb;
+ struct timeval tv[2];
+ enum { YES, NO, DISPLAYED } wrerr;
+ BUF *bp;
+ off_t i, j, size;
+ int amt, count, exists, first, mask, mode, ofd, omode;
+ int setimes, targisdir, wrerrno = 0;
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ];
+
+#define atime tv[0]
+#define mtime tv[1]
+#define SCREWUP(str) { why = str; goto screwup; }
+
+ setimes = targisdir = 0;
+ mask = umask(0);
+ if (!pflag)
+ umask(mask);
+ if (argc != 1) {
+ run_err("ambiguous target");
+ exit(1);
+ }
+ targ = *argv;
+ if (targetshouldbedirectory)
+ verifydir(targ);
+ write(remout, "", 1);
+ if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
+ targisdir = 1;
+ for (first = 1;; first = 0) {
+ cp = buf;
+ if (read(remin, cp, 1) <= 0)
+ return;
+ if (*cp++ == '\n')
+ SCREWUP("unexpected <newline>");
+ do {
+ if (read(remin, &ch, sizeof(ch)) != sizeof(ch))
+ SCREWUP("lost connection");
+ *cp++ = ch;
+ } while (cp < &buf[BUFSIZ - 1] && ch != '\n');
+ *cp = 0;
+
+ if (buf[0] == '\01' || buf[0] == '\02') {
+ if (iamremote == 0)
+ write(STDERR_FILENO,
+ buf + 1, strlen(buf + 1));
+ if (buf[0] == '\02')
+ exit(1);
+ ++errs;
+ continue;
+ }
+ if (buf[0] == 'E') {
+ write(remout, "", 1);
+ return;
+ }
+
+ if (ch == '\n')
+ *--cp = 0;
+
+ cp = buf;
+ if (*cp == 'T') {
+ setimes++;
+ cp++;
+ mtime.tv_sec = strtol(cp, &cp, 10);
+ if (!cp || *cp++ != ' ')
+ SCREWUP("mtime.sec not delimited");
+ mtime.tv_usec = strtol(cp, &cp, 10);
+ if (!cp || *cp++ != ' ')
+ SCREWUP("mtime.usec not delimited");
+ atime.tv_sec = strtol(cp, &cp, 10);
+ if (!cp || *cp++ != ' ')
+ SCREWUP("atime.sec not delimited");
+ atime.tv_usec = strtol(cp, &cp, 10);
+ if (!cp || *cp++ != '\0')
+ SCREWUP("atime.usec not delimited");
+ write(remout, "", 1);
+ continue;
+ }
+ if (*cp != 'C' && *cp != 'D') {
+ /*
+ * Check for the case "rcp remote:foo\* local:bar".
+ * In this case, the line "No match." can be returned
+ * by the shell before the rcp command on the remote is
+ * executed so the ^Aerror_message convention isn't
+ * followed.
+ */
+ if (first) {
+ run_err("%s", cp);
+ exit(1);
+ }
+ SCREWUP("expected control record");
+ }
+ mode = 0;
+ for (++cp; cp < buf + 5; cp++) {
+ if (*cp < '0' || *cp > '7')
+ SCREWUP("bad mode");
+ mode = (mode << 3) | (*cp - '0');
+ }
+ if (*cp++ != ' ')
+ SCREWUP("mode not delimited");
+
+ for (size = 0; isdigit((unsigned char)*cp);)
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
+ if (targisdir) {
+ static char *namebuf;
+ static int cursize;
+ size_t need;
+
+ need = strlen(targ) + strlen(cp) + 250;
+ if (need > cursize) {
+ if (!(namebuf = malloc(need)))
+ run_err("%s", strerror(errno));
+ }
+ snprintf(namebuf, need, "%s%s%s", targ,
+ *targ ? "/" : "", cp);
+ np = namebuf;
+ } else
+ np = targ;
+ exists = stat(np, &stb) == 0;
+ if (buf[0] == 'D') {
+ int mod_flag = pflag;
+ if (exists) {
+ if (!S_ISDIR(stb.st_mode)) {
+ errno = ENOTDIR;
+ goto bad;
+ }
+ if (pflag)
+ chmod(np, mode);
+ } else {
+ /* Handle copying from a read-only directory */
+ mod_flag = 1;
+ if (mkdir(np, mode | S_IRWXU) < 0)
+ goto bad;
+ }
+ vect[0] = np;
+ sink(1, vect);
+ if (setimes) {
+ setimes = 0;
+ if (utimes(np, tv) < 0)
+ run_err("%s: set times: %s",
+ np, strerror(errno));
+ }
+ if (mod_flag)
+ chmod(np, mode);
+ continue;
+ }
+ omode = mode;
+ mode |= S_IWRITE;
+ if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
+bad: run_err("%s: %s", np, strerror(errno));
+ continue;
+ }
+ write(remout, "", 1);
+ if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) {
+ close(ofd);
+ continue;
+ }
+ cp = bp->buf;
+ wrerr = NO;
+ for (count = i = 0; i < size; i += BUFSIZ) {
+ amt = BUFSIZ;
+ if (i + amt > size)
+ amt = size - i;
+ count += amt;
+ if((j = net_read(remin, cp, amt)) != amt) {
+ run_err("%s", j ? strerror(errno) :
+ "dropped connection");
+ exit(1);
+ }
+ amt -= j;
+ cp += j;
+ if (count == bp->cnt) {
+ /* Keep reading so we stay sync'd up. */
+ if (wrerr == NO) {
+ j = write(ofd, bp->buf, count);
+ if (j != count) {
+ wrerr = YES;
+ wrerrno = j >= 0 ? EIO : errno;
+ }
+ }
+ count = 0;
+ cp = bp->buf;
+ }
+ }
+ if (count != 0 && wrerr == NO &&
+ (j = write(ofd, bp->buf, count)) != count) {
+ wrerr = YES;
+ wrerrno = j >= 0 ? EIO : errno;
+ }
+ if (ftruncate(ofd, size)) {
+ run_err("%s: truncate: %s", np, strerror(errno));
+ wrerr = DISPLAYED;
+ }
+ if (pflag) {
+ if (exists || omode != mode)
+ if (fchmod(ofd, omode))
+ run_err("%s: set mode: %s",
+ np, strerror(errno));
+ } else {
+ if (!exists && omode != mode)
+ if (fchmod(ofd, omode & ~mask))
+ run_err("%s: set mode: %s",
+ np, strerror(errno));
+ }
+ close(ofd);
+ response();
+ if (setimes && wrerr == NO) {
+ setimes = 0;
+ if (utimes(np, tv) < 0) {
+ run_err("%s: set times: %s",
+ np, strerror(errno));
+ wrerr = DISPLAYED;
+ }
+ }
+ switch(wrerr) {
+ case YES:
+ run_err("%s: %s", np, strerror(wrerrno));
+ break;
+ case NO:
+ write(remout, "", 1);
+ break;
+ case DISPLAYED:
+ break;
+ }
+ }
+screwup:
+ run_err("protocol error: %s", why);
+ exit(1);
+}
+
+int
+response(void)
+{
+ char ch, *cp, resp, rbuf[BUFSIZ];
+
+ if (read(remin, &resp, sizeof(resp)) != sizeof(resp))
+ lostconn(0);
+
+ cp = rbuf;
+ switch(resp) {
+ case 0: /* ok */
+ return (0);
+ default:
+ *cp++ = resp;
+ /* FALLTHROUGH */
+ case 1: /* error, followed by error msg */
+ case 2: /* fatal error, "" */
+ do {
+ if (read(remin, &ch, sizeof(ch)) != sizeof(ch))
+ lostconn(0);
+ *cp++ = ch;
+ } while (cp < &rbuf[BUFSIZ] && ch != '\n');
+
+ if (!iamremote)
+ write(STDERR_FILENO, rbuf, cp - rbuf);
+ ++errs;
+ if (resp == 1)
+ return (-1);
+ exit(1);
+ }
+ /* NOTREACHED */
+}
+
+#include <stdarg.h>
+
+void
+run_err(const char *fmt, ...)
+{
+ static FILE *fp;
+ va_list ap;
+
+ ++errs;
+ if (fp == NULL && !(fp = fdopen(remout, "w")))
+ return;
+ va_start(ap, fmt);
+ fprintf(fp, "%c", 0x01);
+ fprintf(fp, "rcp: ");
+ vfprintf(fp, fmt, ap);
+ fprintf(fp, "\n");
+ fflush(fp);
+ va_end(ap);
+
+ if (!iamremote) {
+ va_start(ap, fmt);
+ vwarnx(fmt, ap);
+ va_end(ap);
+ }
+}
+
+/*
+ * This function executes the given command as the specified user on the
+ * given host. This returns < 0 if execution fails, and >= 0 otherwise. This
+ * assigns the input and output file descriptors on success.
+ *
+ * If it cannot create necessary pipes it exits with error message.
+ */
+
+int
+do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
+{
+ int pin[2], pout[2], reserved[2];
+
+ /*
+ * Reserve two descriptors so that the real pipes won't get
+ * descriptors 0 and 1 because that will screw up dup2 below.
+ */
+ pipe(reserved);
+
+ /* Create a socket pair for communicating with rsh. */
+ if (pipe(pin) < 0) {
+ perror("pipe");
+ exit(255);
+ }
+ if (pipe(pout) < 0) {
+ perror("pipe");
+ exit(255);
+ }
+
+ /* Free the reserved descriptors. */
+ close(reserved[0]);
+ close(reserved[1]);
+
+ /* For a child to execute the command on the remote host using rsh. */
+ if (fork() == 0) {
+ char *args[100];
+ unsigned int i;
+
+ /* Child. */
+ close(pin[1]);
+ close(pout[0]);
+ dup2(pin[0], 0);
+ dup2(pout[1], 1);
+ close(pin[0]);
+ close(pout[1]);
+
+ i = 0;
+ args[i++] = RSH_PROGRAM;
+ if (usekrb4)
+ args[i++] = "-4";
+ if (usekrb5)
+ args[i++] = "-5";
+ if (usebroken)
+ args[i++] = "-K";
+ if (doencrypt)
+ args[i++] = "-x";
+ if (forwardtkt)
+ args[i++] = "-F";
+ if (noencrypt)
+ args[i++] = "-z";
+ if (port != NULL) {
+ args[i++] = "-p";
+ args[i++] = port;
+ }
+ if (eflag)
+ args[i++] = "-e";
+ if (remuser != NULL) {
+ args[i++] = "-l";
+ args[i++] = remuser;
+ }
+ args[i++] = host;
+ args[i++] = cmd;
+ args[i++] = NULL;
+
+ execvp(RSH_PROGRAM, args);
+ perror(RSH_PROGRAM);
+ exit(1);
+ }
+ /* Parent. Close the other side, and return the local side. */
+ close(pin[0]);
+ *fdout = pin[1];
+ close(pout[1]);
+ *fdin = pout[0];
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/rcp/rcp_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/rcp_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/rcp_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: rcp_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+
+#include <ctype.h>
+#include <dirent.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <roken.h>
+
+#include "extern.h"
+
+#ifndef _PATH_CP
+#define _PATH_CP "/bin/cp"
+#endif
+#undef _PATH_RSH
+#define _PATH_RSH BINDIR "/rsh"
Added: vendor-crypto/heimdal/dist/appl/rcp/util.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rcp/util.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rcp/util.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,172 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if 0
+#ifndef lint
+#if 0
+static char sccsid[] = "@(#)util.c 8.2 (Berkeley) 4/2/94";
+#endif
+static const char rcsid[] =
+ "$FreeBSD$";
+#endif /* not lint */
+#endif
+
+#include "rcp_locl.h"
+
+RCSID("$Id: util.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+char *
+colon(cp)
+ char *cp;
+{
+ if (*cp == ':') /* Leading colon is part of file name. */
+ return (0);
+
+ for (; *cp; ++cp) {
+ if (*cp == ':')
+ return (cp);
+ if (*cp == '/')
+ return (0);
+ }
+ return (0);
+}
+
+void
+verifydir(cp)
+ char *cp;
+{
+ struct stat stb;
+
+ if (!stat(cp, &stb)) {
+ if (S_ISDIR(stb.st_mode))
+ return;
+ errno = ENOTDIR;
+ }
+ run_err("%s: %s", cp, strerror(errno));
+ exit(1);
+}
+
+int
+okname(cp0)
+ char *cp0;
+{
+ int c;
+ unsigned char *cp;
+
+ cp = (unsigned char *)cp0;
+ do {
+ c = *cp;
+ if (c & 0200)
+ goto bad;
+ if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
+ goto bad;
+ } while (*++cp);
+ return (1);
+
+bad: warnx("%s: invalid user name", cp0);
+ return (0);
+}
+
+int
+susystem(s, userid)
+ int userid;
+ char *s;
+{
+ void (*istat)(int), (*qstat)(int);
+ int status;
+ pid_t pid;
+
+ pid = fork();
+ switch (pid) {
+ case -1:
+ return (127);
+
+ case 0:
+ if (setuid(userid) < 0)
+ _exit(127);
+ execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit(127);
+ }
+ istat = signal(SIGINT, SIG_IGN);
+ qstat = signal(SIGQUIT, SIG_IGN);
+ if (waitpid(pid, &status, 0) < 0)
+ status = -1;
+ (void)signal(SIGINT, istat);
+ (void)signal(SIGQUIT, qstat);
+ return (status);
+}
+
+#ifndef roundup
+#define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
+#endif
+
+BUF *
+allocbuf(bp, fd, blksize)
+ BUF *bp;
+ int fd, blksize;
+{
+ struct stat stb;
+ size_t size;
+ char *p;
+
+ if (fstat(fd, &stb) < 0) {
+ run_err("fstat: %s", strerror(errno));
+ return (0);
+ }
+ size = roundup(stb.st_blksize, blksize);
+ if (size == 0)
+ size = blksize;
+ if (bp->cnt >= size)
+ return (bp);
+ if ((p = realloc(bp->buf, size)) == NULL) {
+ if (bp->buf)
+ free(bp->buf);
+ bp->buf = NULL;
+ bp->cnt = 0;
+ run_err("%s", strerror(errno));
+ return (0);
+ }
+ memset(p, 0, size);
+ bp->buf = p;
+ bp->cnt = size;
+ return (bp);
+}
+
+void
+lostconn(signo)
+ int signo;
+{
+ if (!iamremote)
+ warnx("lost connection");
+ exit(1);
+}
Added: vendor-crypto/heimdal/dist/appl/rsh/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,549 @@
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh.c: Fix pointer vs strict alias rules.
+
+ * rshd.c: Fix pointer vs strict alias rules.
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c: Declare iruserok if needed, based on bug report from
+ David Love.
+
+2006-11-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh_locl.h: Forward decl.
+
+2006-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh_locl.h: Include "crypto-headers.h".
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add man_MANS to EXTRA_DIST
+
+2006-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: rshd_SOURCES += add limits_conf.c
+
+ * rsh_locl.h: Include "loginpaths.h"
+
+ * rshd.c: Read limits from limits.confon non-root login, patch
+ from Daniel Ahlin
+
+2006-02-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.8: grammar (from Thomas Klausner)
+
+2006-01-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.c (krb5_start_session): syslog failures to store cred cache
+
+2005-12-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c (doit): move creation of users ticket file to later to
+ avoid seteuid/setuid dance. this breaks DCE, so remove support for
+ it completely.
+
+2005-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c: Check return value from asprintf instead of string !=
+ NULL since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+ * rsh.c: Check return value from asprintf instead of string !=
+ NULL since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+2005-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c: init some important variables and check that they are
+ set checking authentication, all to please gcc
+
+2005-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c: case uid_t to unsigned long in printf format
+
+2005-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh_locl.h: Use larger buffer for recving data to be compatible
+ with older versions of heimdal (0.4 branch specificly)
+
+ * rshd.c: Use larger buffer for recving data to be compatible with
+ older versions of heimdal (0.4 branch specificly)
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c: use snprintf to format tkfile
+
+2005-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh.c: use strlcat
+
+ * rsh.c: use strlcpy
+
+ * rsh_locl.h: forward declaration for private structures
+
+2005-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh.c: cast size_t to unsigned long
+
+2004-09-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.c: rename loop to rshd_loop
+
+ * rshd.c: pass errsock status to init_ivecs
+
+ * rsh.c: rename loop() to rsh_loop()
+
+ * rsh.c (loop): pass errsock status to init_ivecs
+
+ * common.c (init_ivecs): if we don't have an errsock the ivecs
+ should point to the same data
+
+ * rshd.c: if we don't have an errsock, dup stdout to stderr (this
+ would normally be done by inetd, but not by mini_inetd).
+
+ * rshd.c: move keepalive setting to after setting up sockets
+
+2004-02-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.1: reorder and document some options
+
+ * rsh_locl.h: include kafs.h if krb4 || krb5
+
+ * rsh.c: reorder some options
+
+2003-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.1: document -d
+
+2003-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.c: -P also with KRB5
+
+2003-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rsh.1: replace > with \*[Gt]
+
+2003-04-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.c: use krb5_appdefault to get defaults for forward and
+ encrypt
+
+ * rshd.c: use ARG_MAX + 1
+
+ * rshd.c (read_str): return allocated string
+
+ * rsh_locl.h: set NCARGS to 8k if undefined
+
+2003-03-23 Assar Westerlund <assar at kth.se>
+
+ * rsh.c (loop): only check errsock if it's valid
+
+2003-03-18 Love Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rshd.c: do krb5_afslog when compling with afs support
+
+ * rsh_locl.h: always include kafs.h
+
+2002-11-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.8: clarify -x and kerberos 5
+
+2002-11-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh_locl.h: bump COMMAND_SZ to NCARGS+1
+
+2002-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.c: free some memory
+
+2002-09-04 Assar Westerlund <assar at kth.se>
+
+ * common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize
+
+2002-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.1: document -P
+
+2002-09-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.c: revert to protocol v1 if not asked for specific protocol
+
+ * rshd.c: handle protocol version 2
+
+ * rsh.c: handle protocol version 2
+
+ * common.c: handle protocol version 2
+
+ * rsh_locl.h: handle protocol version 2
+
+2002-02-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.c: don't show options that doesn't apply
+
+ * rsh.c: don't show options that doesn't apply
+
+ * rsh_locl.h: if we're not building with any kerberos support,
+ just call read/write directly
+
+ * common.c: if we're not building with any kerberos support, just
+ call read/write directly
+
+ * rshd.c: make this build without krb5; also use the addrinfo
+ interface to mini_inetd, and set the keepalive option if requested
+
+ * rsh.c: make this build without krb5
+
+ * rsh_locl.h: make this build without krb5
+
+ * common.c: make this build without krb5
+
+2001-11-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.c: make the syslog messages somewhat more informative
+
+2001-08-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.c: only complain about encryption flag when old
+ authentication is requested
+
+2001-08-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.c: don't try broken auth if rresvport failed; try to give
+ some more informative error messages
+
+2001-07-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.8: add an EXAMPLE
+ * rshd.8: manual page
+ * rshd.c: add some compat flags
+ * rsh.1: manual page
+ * rsh.c: iff -d, set the SO_DEBUG flags of the stdout and stderr
+ socket; implement parsing user at host
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (fatal): use vsnprintf correctly
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add login_access
+ * rshd.c (login_access): add prototype
+ (syslog_and_die, fatal): add printf attributes
+ (*): AIX -> _AIX
+ (doit): use login_access
+ based on patches from Ake Sandgren <ake at cs.umu.se>
+
+2001-01-09 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (save_krb5_creds): use krb5_rd_cred2 instead of
+ krb5_rd_cred
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (main): handle krb5_init_context failure consistently
+ * rsh.c (main): handle krb5_init_context failure consistently
+
+2000-12-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * rshd.c: require encryption if passed -x
+
+2000-11-15 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (loop): check that the fd's aren't too large to select on
+ * rsh.c (loop, proto): check that the fd's aren't too large to
+ select on
+
+2000-08-10 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: move code to do config/command parsing correctly.
+
+2000-08-09 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (main): only fetch stuff from krb5.conf when no option has
+ been given
+
+2000-08-01 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (doit): loop until we create an error socket of an
+ supported socket family
+
+2000-07-02 Assar Westerlund <assar at sics.se>
+
+ * rshd.c: DCE stuff from Ake Sandgren <ake at cs.umu.se>
+ do not call syslog with a variable as format string
+
+ * rsh_locl.h (_PATH_ETC_ENVIRONMENT): add
+
+2000-06-09 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (main): work-around for setuid and capabilities bug fixed
+ in Linux 2.2.16
+
+2000-06-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * rsh.c: nuke long option from -z
+
+ * rsh.c: don't try to encrypt if auth is broken (Daniel Kouril)
+
+2000-06-03 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (doit): check return value of getspnam. From
+ <haba at pdc.kth.se>
+
+2000-05-23 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (proto): select on the normal socket when waiting for the
+ daemon to connect back to the stderr port, so that we discover
+ when data arrives there before. when that happens, we assume that
+ the daemon did not manage to connect (because of NAT/whatever) and
+ continue as if `-e' was given
+ * rshd.c (doit): if we fail to connect back to the stderr port,
+ act as if `-e' was given on the client side, i.e. without the
+ special TCP-connection. This tries to make things better when
+ running the head against a NAT wall, for example.
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (LDADD): make sure we use the heimdal libdes
+
+2000-02-06 Assar Westerlund <assar at sics.se>
+
+ * *: conditionalize des stuff on KRB4
+
+1999-12-16 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (doit): addrinfo returned from getaddrinfo() is not usable
+ directly as hints. copy it and set AI_PASSIVE.
+
+1999-11-20 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (main): remember to close the priviledged sockets before
+ calling rlogin
+
+1999-11-02 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (main): redo the v4/v5 selection for consistency. -4 ->
+ try only v4 -5 -> try only v5 none, -45 -> try v5, v4
+
+1999-10-26 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (main): ignore SIGPIPE
+
+ * common.c (do_read): the encoded length can be longer than the
+ buffer being used, allocate memory for it dynamically. From Brian
+ A May <bmay at dgs.monash.edu.au>
+
+1999-10-14 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (proto): be more careful and don't print errno when read()
+ returns 0
+
+1999-09-20 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (recv_krb4_auth): set `iv'
+
+1999-08-16 Assar Westerlund <assar at sics.se>
+
+ * common.c (do_read): be careful with the return value from
+ krb5_net_read
+
+1999-08-05 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: call freehostent
+
+ * rsh.c: remove some dead code
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * rshd.c: re-write the handling of forwarded credentials and
+ stuff. From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * rsh_locl.h: always include kafs.h
+
+ * rsh.c: add `-z' and `-G' options
+
+ * rsh.c (loop): shutdown one side of the TCP connection on EOF.
+ From Brian A May <bmay at dgs.monash.edu.au>
+
+ * common.c (do_read): handle EOF. From Brian A May
+ <bmay at dgs.monash.edu.au>
+
+1999-08-01 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: const fixes
+
+1999-07-29 Assar Westerlund <assar at sics.se>
+
+ * rshd.c: v6-ify
+
+ * rsh.c: v6-ify
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * rsh_locl.h: move around kafs.h
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * rsh_locl.h: <shadow.h>
+
+ * rsh.c, rshd.c: improve forwarding and implement unique ccache on
+ server. From Miroslav Ruda <ruda at ics.muni.cz>
+
+1999-07-03 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (construct_command): handle argc == 0 for generality
+
+1999-06-23 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: new option `-e' for not trying to open an stderr socket
+
+1999-06-17 Assar Westerlund <assar at sics.se>
+
+ * rsh_locl.h (RSH_BUFSIZ): bump to 16 * 1024 to be sure that we
+ don't leave any data inside des_enc_read. (that constant should
+ really be exported in some way...)
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: use get_default_username and resulting const pollution
+
+1999-05-21 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (main): try $USERNAME
+
+1999-05-14 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (doit): afslog correctly
+
+1999-05-11 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (main): add fallback to rlogin
+
+1999-05-10 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (send_krb5_auth): call krb5_sendauth with ccache == NULL.
+ check return value from krb5_crypto_init
+
+ * common.c (do_write, do_read): always return -1 for failure
+ (net_write, net_read): remove. they already exist in libroken
+
+1999-05-09 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: make sure it tries with all other authentication methods
+ after one has failed
+ * rsh.c (main): detect the case of no command given.
+
+1999-04-11 Assar Westerlund <assar at sics.se>
+
+ * rsh.c: new option --forwardable. use print_version
+
+Sat Apr 10 17:10:55 1999 Assar Westerlund <assar at sics.se>
+
+ * rshd.c (setup_copier): use `socketpair' instead of `pipe'. Some
+ shells don't think it's a rsh session if they find a pipe at the
+ other end.
+ (setup_environment): add SSH_CLIENT just to make bash happy
+
+ * common.c (do_read): use krb5_get_wrapped_length
+
+Wed Mar 24 03:59:42 1999 Assar Westerlund <assar at sics.se>
+
+ * rsh.c (loop): more braces to make gcc happy
+
+Tue Mar 23 17:08:32 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * rsh_locl.h: kafs.h
+
+ * rshd.c: add `-P', `-v', and `-L' flags
+
+Thu Mar 18 11:37:24 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: include Makefile.am.common
+
+Tue Dec 1 14:44:44 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * appl/rsh/rshd.c: update to new crypto framework
+
+ * appl/rsh/rsh_locl.h: update to new crypto framework
+
+ * appl/rsh/rsh.c: update to new crypto framework
+
+ * appl/rsh/common.c: update to new crypto framework
+
+Mon Nov 2 01:15:06 1998 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rsh.c (main): initialize host
+
+ * appl/rsh/rshd.c (recv_krb5_auth): disable `do_encrypt' if not
+ encrypting.
+
+Thu Jul 30 23:12:17 1998 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rsh.c: kludges for parsing `rsh hostname -l user'
+
+Thu Jul 23 19:49:03 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * appl/rsh/rshd.c: use krb5_verify_authenticator_checksum
+
+Sat Apr 18 21:13:06 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * appl/rsh/rsh.c: Don't try v5 if (only) `-4' is specified.
+
+Sun Dec 21 09:44:05 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rshd.c (recv_krb5_auth): swap the order of the
+ `local_user' and the `remote_user'
+
+ * appl/rsh/rsh.c (send_krb5_auth): swap the order of the
+ `local_user' and the `remote_user'
+
+Sat Nov 29 07:10:11 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rshd.c: updated to use getarg.
+ changed `struct fd_set' to `fd_set'.
+ implemented broken/BSD authentication (requires iruserok)
+
+Wed Nov 12 02:35:57 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rsh_locl.h: add AUTH_BROKEN and PATH_RSH
+
+ * appl/rsh/Makefile.am: set BINDIR
+
+ * appl/rsh/rsh.c: implemented BSD-style reserved port
+ `authentication'
+
+Sun Aug 24 08:06:54 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rshd.c: syslog remote shells
+
+Tue Aug 12 01:29:46 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rshd/rshd.c: Use `krb5_sock_to_principal'. Send server
+ parameter to krb5_rd_req/krb5_recvauth. Set addresses in
+ auth_context.
+
+Fri Jul 25 17:32:12 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rshd.c: implement forwarding
+
+ * appl/rsh/rsh.c: Use getarg. Implement forwarding.
+
+Sun Jul 13 00:32:16 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh: Conditionalize the krb4-support.
+
+Wed Jul 9 06:58:00 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rsh.c: use the correct user for the checksum
+
+Mon Jul 7 11:15:51 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh/rshd.c: Now works. Also implementd encryption and
+ `-p'.
+
+ * appl/rsh/common.c: new file
+
+Mon Jun 30 06:08:14 1997 Assar Westerlund <assar at sics.se>
+
+ * appl/rsh: New program.
+
Added: vendor-crypto/heimdal/dist/appl/rsh/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,29 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4) -I$(srcdir)/../login
+
+bin_PROGRAMS = rsh
+
+man_MANS = rsh.1 rshd.8
+
+libexec_PROGRAMS = rshd
+
+rsh_SOURCES = rsh.c common.c rsh_locl.h
+
+rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h
+
+login_access.c:
+ $(LN_S) $(srcdir)/../login/login_access.c .
+
+limits_conf.c:
+ $(LN_S) $(srcdir)/../login/limits_conf.c .
+
+LDADD = $(LIB_kafs) \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/rsh/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,936 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+bin_PROGRAMS = rsh$(EXEEXT)
+libexec_PROGRAMS = rshd$(EXEEXT)
+subdir = appl/rsh
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
+am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT)
+rsh_OBJECTS = $(am_rsh_OBJECTS)
+rsh_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
+ $(am__DEPENDENCIES_1)
+rsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) \
+ login_access.$(OBJEXT) limits_conf.$(OBJEXT)
+rshd_OBJECTS = $(am_rshd_OBJECTS)
+rshd_LDADD = $(LDADD)
+rshd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
+DIST_SOURCES = $(rsh_SOURCES) $(rshd_SOURCES)
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4) -I$(srcdir)/../login
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+man_MANS = rsh.1 rshd.8
+rsh_SOURCES = rsh.c common.c rsh_locl.h
+rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h
+LDADD = $(LIB_kafs) \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/rsh/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/rsh/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+rsh$(EXEEXT): $(rsh_OBJECTS) $(rsh_DEPENDENCIES)
+ @rm -f rsh$(EXEEXT)
+ $(LINK) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS)
+rshd$(EXEEXT): $(rshd_OBJECTS) $(rshd_DEPENDENCIES)
+ @rm -f rshd$(EXEEXT)
+ $(LINK) $(rshd_OBJECTS) $(rshd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-libexecPROGRAMS \
+ install-man install-man1 install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
+ uninstall-man1 uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+login_access.c:
+ $(LN_S) $(srcdir)/../login/login_access.c .
+
+limits_conf.c:
+ $(LN_S) $(srcdir)/../login/limits_conf.c .
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/rsh/common.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/common.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "rsh_locl.h"
+RCSID("$Id: common.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+#if defined(KRB4) || defined(KRB5)
+
+#ifdef KRB5
+int key_usage = 1026;
+
+void *ivec_in[2];
+void *ivec_out[2];
+
+void
+init_ivecs(int client, int have_errsock)
+{
+ size_t blocksize;
+
+ krb5_crypto_getblocksize(context, crypto, &blocksize);
+
+ ivec_in[0] = malloc(blocksize);
+ memset(ivec_in[0], client, blocksize);
+
+ if(have_errsock) {
+ ivec_in[1] = malloc(blocksize);
+ memset(ivec_in[1], 2 | client, blocksize);
+ } else
+ ivec_in[1] = ivec_in[0];
+
+ ivec_out[0] = malloc(blocksize);
+ memset(ivec_out[0], !client, blocksize);
+
+ if(have_errsock) {
+ ivec_out[1] = malloc(blocksize);
+ memset(ivec_out[1], 2 | !client, blocksize);
+ } else
+ ivec_out[1] = ivec_out[0];
+}
+#endif
+
+
+ssize_t
+do_read (int fd, void *buf, size_t sz, void *ivec)
+{
+ if (do_encrypt) {
+#ifdef KRB4
+ if (auth_method == AUTH_KRB4) {
+ return des_enc_read (fd, buf, sz, schedule, &iv);
+ } else
+#endif /* KRB4 */
+#ifdef KRB5
+ if(auth_method == AUTH_KRB5) {
+ krb5_error_code ret;
+ uint32_t len, outer_len;
+ int status;
+ krb5_data data;
+ void *edata;
+
+ ret = krb5_net_read (context, &fd, &len, 4);
+ if (ret <= 0)
+ return ret;
+ len = ntohl(len);
+ if (len > sz)
+ abort ();
+ /* ivec will be non null for protocol version 2 */
+ if(ivec != NULL)
+ outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
+ else
+ outer_len = krb5_get_wrapped_length (context, crypto, len);
+ edata = malloc (outer_len);
+ if (edata == NULL)
+ errx (1, "malloc: cannot allocate %u bytes", outer_len);
+ ret = krb5_net_read (context, &fd, edata, outer_len);
+ if (ret <= 0)
+ return ret;
+
+ status = krb5_decrypt_ivec(context, crypto, key_usage,
+ edata, outer_len, &data, ivec);
+ free (edata);
+
+ if (status)
+ krb5_err (context, 1, status, "decrypting data");
+ if(ivec != NULL) {
+ unsigned long l;
+ if(data.length < len + 4)
+ errx (1, "data received is too short");
+ _krb5_get_int(data.data, &l, 4);
+ if(l != len)
+ errx (1, "inconsistency in received data");
+ memcpy (buf, (unsigned char *)data.data+4, len);
+ } else
+ memcpy (buf, data.data, len);
+ krb5_data_free (&data);
+ return len;
+ } else
+#endif /* KRB5 */
+ abort ();
+ } else
+ return read (fd, buf, sz);
+}
+
+ssize_t
+do_write (int fd, void *buf, size_t sz, void *ivec)
+{
+ if (do_encrypt) {
+#ifdef KRB4
+ if(auth_method == AUTH_KRB4) {
+ return des_enc_write (fd, buf, sz, schedule, &iv);
+ } else
+#endif /* KRB4 */
+#ifdef KRB5
+ if(auth_method == AUTH_KRB5) {
+ krb5_error_code status;
+ krb5_data data;
+ unsigned char len[4];
+ int ret;
+
+ _krb5_put_int(len, sz, 4);
+ if(ivec != NULL) {
+ unsigned char *tmp = malloc(sz + 4);
+ if(tmp == NULL)
+ err(1, "malloc");
+ _krb5_put_int(tmp, sz, 4);
+ memcpy(tmp + 4, buf, sz);
+ status = krb5_encrypt_ivec(context, crypto, key_usage,
+ tmp, sz + 4, &data, ivec);
+ free(tmp);
+ } else
+ status = krb5_encrypt_ivec(context, crypto, key_usage,
+ buf, sz, &data, ivec);
+
+ if (status)
+ krb5_err(context, 1, status, "encrypting data");
+
+ ret = krb5_net_write (context, &fd, len, 4);
+ if (ret != 4)
+ return ret;
+ ret = krb5_net_write (context, &fd, data.data, data.length);
+ if (ret != data.length)
+ return ret;
+ free (data.data);
+ return sz;
+ } else
+#endif /* KRB5 */
+ abort();
+ } else
+ return write (fd, buf, sz);
+}
+#endif /* KRB4 || KRB5 */
Added: vendor-crypto/heimdal/dist/appl/rsh/limits_conf.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/limits_conf.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/limits_conf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: limits_conf.c,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $");
+
+#include <errno.h>
+#include <limits.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+struct limit {
+ const char *name;
+ int resource;
+ int scale;
+ int has_limit;
+ struct rlimit limit;
+} limits[] = {
+#define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
+ LIM(CORE, 1024),
+ LIM(CPU, 60),
+ LIM(DATA, 1024),
+ LIM(FSIZE, 1024),
+#ifdef RLIMIT_MEMLOCK
+ LIM(MEMLOCK, 1024),
+#endif
+ LIM(NOFILE, 1),
+#ifdef RLIMIT_NPROC
+ LIM(NPROC, 1),
+#endif
+#ifdef RLIMIT_RSS
+ LIM(RSS, 1024),
+#endif
+ LIM(STACK, 1024),
+
+#ifdef RLIMIT_AS
+ LIM(AS, 1024),
+#endif
+#ifdef RLIMIT_LOCKS
+ LIM(LOCKS, 1),
+#endif
+ /*
+ maxlogins
+ priority
+ */
+ { NULL, 0 }
+};
+
+static struct limit *
+find_limit(const char *name)
+{
+ struct limit *l;
+ for(l = limits; l->name != NULL; l++)
+ if(strcasecmp(name, l->name) == 0)
+ return l;
+ return NULL;
+}
+
+/* this function reads limits.conf files similar to pam_limits
+ unimplemented features include:
+ % maxlogins
+ "-" no limits,
+ priorities etc that are not set via setrlimit
+ XXX uses static storage, and clobbers getgr*
+*/
+
+int
+read_limits_conf(const char *file, const struct passwd *pwd)
+{
+ FILE *f;
+ char *args[4];
+ int lineno = 0;
+ char buf[1024];
+ struct limit *l;
+ rlim_t value;
+
+ f = fopen(file, "r");
+ if(f == NULL) {
+ if(errno != ENOENT && errno != ENOTDIR)
+ syslog(LOG_ERR, "%s: %m", file);
+ return -1;
+ }
+
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ char *last = NULL;
+ char *end = NULL;
+ int level;
+
+ lineno++;
+
+ if(buf[0] == '\0') {
+ syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
+ continue;
+ }
+ if(buf[strlen(buf) - 1] != '\n') {
+ /* file did not end with a newline, figure out if we're at
+ the EOF, or if our buffer was too small */
+ int eof = 1;
+ int c;
+ while((c = fgetc(f)) != EOF) {
+ eof = 0;
+ if(c == '\n')
+ break;
+ }
+ if(!eof) {
+ syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
+ continue;
+ }
+ }
+ buf[strcspn(buf, "#\r\n")] = '\0';
+ if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
+ (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
+ (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
+ (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
+ if(args[0] != NULL) /* this would include comment lines */
+ syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
+ continue;
+ }
+
+ l = find_limit(args[2]);
+ if(l == NULL) {
+ syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
+ continue;
+ }
+ if(strcmp(args[3], "-") == 0) {
+ value = RLIM_INFINITY;
+ } else {
+ errno = 0;
+ value = strtol(args[3], &end, 10);
+ if(*end != '\0') {
+ syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+ continue;
+ }
+ if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
+ syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
+ continue;
+ }
+ if(value * l->scale < value)
+ value = RLIM_INFINITY;
+ else
+ value *= l->scale;
+ }
+ level = 0;
+ /* XXX unclear: if you set group hard and user soft limit,
+ should the hard limit still apply? this code doesn't. */
+ if(strcmp(args[0], pwd->pw_name) == 0)
+ level = 3;
+ if(*args[0] == '@') {
+ struct group *gr;
+ gr = getgrnam(args[0] + 1);
+ if(gr != NULL && gr->gr_gid == pwd->pw_gid)
+ level = 2;
+ }
+ if(strcmp(args[0], "*") == 0)
+ level = 1;
+ if(level == 0 || level < l->has_limit) /* not for us */
+ continue;
+ if(l->has_limit < level) {
+ if(getrlimit(l->resource, &l->limit) < 0)
+ continue;
+ l->has_limit = level;
+ }
+
+ /* XXX unclear: if you soft to more than default hard, should
+ we set hard to soft? this code doesn't. */
+ if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
+ l->limit.rlim_cur = value;
+ if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0)
+ l->limit.rlim_max = value;
+ }
+ fclose(f);
+ for(l = limits; l->name != NULL; l++) {
+ if(l->has_limit) {
+ if(l->limit.rlim_cur > l->limit.rlim_max)
+ l->limit.rlim_cur = l->limit.rlim_max;
+ if(setrlimit(l->resource, &l->limit) != 0)
+ syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
+ }
+ l->has_limit = 0;
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/rsh/login_access.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/login_access.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/login_access.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,277 @@
+/************************************************************************
+* Copyright 1995 by Wietse Venema. All rights reserved. Some individual
+* files may be covered by other copyrights.
+*
+* This material was originally written and compiled by Wietse Venema at
+* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
+* 1992, 1993, 1994 and 1995.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that this entire copyright notice
+* is duplicated in all such copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantibility and fitness for any particular purpose.
+************************************************************************/
+ /*
+ * This module implements a simple but effective form of login access
+ * control based on login names and on host (or domain) names, internet
+ * addresses (or network numbers), or on terminal line names in case of
+ * non-networked logins. Diagnostics are reported through syslog(3).
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
+ */
+
+#include "login_locl.h"
+
+RCSID("$Id: login_access.c,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $");
+
+ /* Delimiters for fields and for lists of users, ttys or hosts. */
+
+static char fs[] = ":"; /* field separator */
+static char sep[] = ", \t"; /* list-element separator */
+
+ /* Constants to be used in assignments only, not in comparisons... */
+
+#define YES 1
+#define NO 0
+
+ /*
+ * A structure to bundle up all login-related information to keep the
+ * functional interfaces as generic as possible.
+ */
+struct login_info {
+ struct passwd *user;
+ char *from;
+};
+
+static int list_match(char *list, struct login_info *item,
+ int (*match_fn)(char *, struct login_info *));
+static int user_match(char *tok, struct login_info *item);
+static int from_match(char *tok, struct login_info *item);
+static int string_match(char *tok, char *string);
+
+/* login_access - match username/group and host/tty with access control file */
+
+int login_access(struct passwd *user, char *from)
+{
+ struct login_info item;
+ FILE *fp;
+ char line[BUFSIZ];
+ char *perm; /* becomes permission field */
+ char *users; /* becomes list of login names */
+ char *froms; /* becomes list of terminals or hosts */
+ int match = NO;
+ int end;
+ int lineno = 0; /* for diagnostics */
+ char *foo;
+
+ /*
+ * Bundle up the arguments to avoid unnecessary clumsiness lateron.
+ */
+ item.user = user;
+ item.from = from;
+
+ /*
+ * Process the table one line at a time and stop at the first match.
+ * Blank lines and lines that begin with a '#' character are ignored.
+ * Non-comment lines are broken at the ':' character. All fields are
+ * mandatory. The first field should be a "+" or "-" character. A
+ * non-existing table means no access control.
+ */
+
+ if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
+ while (!match && fgets(line, sizeof(line), fp)) {
+ lineno++;
+ if (line[end = strlen(line) - 1] != '\n') {
+ syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
+ _PATH_LOGACCESS, lineno);
+ continue;
+ }
+ if (line[0] == '#')
+ continue; /* comment line */
+ while (end > 0 && isspace((unsigned char)line[end - 1]))
+ end--;
+ line[end] = 0; /* strip trailing whitespace */
+ if (line[0] == 0) /* skip blank lines */
+ continue;
+ foo = NULL;
+ if (!(perm = strtok_r(line, fs, &foo))
+ || !(users = strtok_r(NULL, fs, &foo))
+ || !(froms = strtok_r(NULL, fs, &foo))
+ || strtok_r(NULL, fs, &foo)) {
+ syslog(LOG_ERR, "%s: line %d: bad field count",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ if (perm[0] != '+' && perm[0] != '-') {
+ syslog(LOG_ERR, "%s: line %d: bad first field",
+ _PATH_LOGACCESS,
+ lineno);
+ continue;
+ }
+ match = (list_match(froms, &item, from_match)
+ && list_match(users, &item, user_match));
+ }
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
+ }
+ return (match == 0 || (line[0] == '+'));
+}
+
+/* list_match - match an item against a list of tokens with exceptions */
+
+static int
+list_match(char *list,
+ struct login_info *item,
+ int (*match_fn)(char *, struct login_info *))
+{
+ char *tok;
+ int match = NO;
+ char *foo = NULL;
+
+ /*
+ * Process tokens one at a time. We have exhausted all possible matches
+ * when we reach an "EXCEPT" token or the end of the list. If we do find
+ * a match, look for an "EXCEPT" list and recurse to determine whether
+ * the match is affected by any exceptions.
+ */
+
+ for (tok = strtok_r(list, sep, &foo);
+ tok != NULL;
+ tok = strtok_r(NULL, sep, &foo)) {
+ if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
+ break;
+ if ((match = (*match_fn) (tok, item)) != 0) /* YES */
+ break;
+ }
+ /* Process exceptions to matches. */
+
+ if (match != NO) {
+ while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
+ /* VOID */ ;
+ if (tok == 0 || list_match(NULL, item, match_fn) == NO)
+ return (match);
+ }
+ return (NO);
+}
+
+/* myhostname - figure out local machine name */
+
+static char *myhostname(void)
+{
+ static char name[MAXHOSTNAMELEN + 1] = "";
+
+ if (name[0] == 0) {
+ gethostname(name, sizeof(name));
+ name[MAXHOSTNAMELEN] = 0;
+ }
+ return (name);
+}
+
+/* netgroup_match - match group against machine or user */
+
+static int netgroup_match(char *group, char *machine, char *user)
+{
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ static char *mydomain = 0;
+
+ if (mydomain == 0)
+ yp_get_default_domain(&mydomain);
+ return (innetgr(group, machine, user, mydomain));
+#else
+ syslog(LOG_ERR, "NIS netgroup support not configured");
+ return 0;
+#endif
+}
+
+/* user_match - match a username against one token */
+
+static int user_match(char *tok, struct login_info *item)
+{
+ char *string = item->user->pw_name;
+ struct login_info fake_item;
+ struct group *group;
+ int i;
+ char *at;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the username, if the
+ * token is a group that contains the username, or if the token is the
+ * name of the user's primary group.
+ */
+
+ if ((at = strchr(tok + 1, '@')) != 0) { /* split user at host pattern */
+ *at = 0;
+ fake_item.from = myhostname();
+ return (user_match(tok, item) && from_match(at + 1, &fake_item));
+ } else if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, (char *) 0, string));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if ((group = getgrnam(tok)) != 0) { /* try group membership */
+ if (item->user->pw_gid == group->gr_gid)
+ return (YES);
+ for (i = 0; group->gr_mem[i]; i++)
+ if (strcasecmp(string, group->gr_mem[i]) == 0)
+ return (YES);
+ }
+ return (NO);
+}
+
+/* from_match - match a host or tty against a list of tokens */
+
+static int from_match(char *tok, struct login_info *item)
+{
+ char *string = item->from;
+ int tok_len;
+ int str_len;
+
+ /*
+ * If a token has the magic value "ALL" the match always succeeds. Return
+ * YES if the token fully matches the string. If the token is a domain
+ * name, return YES if it matches the last fields of the string. If the
+ * token has the magic value "LOCAL", return YES if the string does not
+ * contain a "." character. If the token is a network number, return YES
+ * if it matches the head of the string.
+ */
+
+ if (tok[0] == '@') { /* netgroup */
+ return (netgroup_match(tok + 1, string, (char *) 0));
+ } else if (string_match(tok, string)) { /* ALL or exact match */
+ return (YES);
+ } else if (tok[0] == '.') { /* domain: match last fields */
+ if ((str_len = strlen(string)) > (tok_len = strlen(tok))
+ && strcasecmp(tok, string + str_len - tok_len) == 0)
+ return (YES);
+ } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
+ if (strchr(string, '.') == 0)
+ return (YES);
+ } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
+ && strncmp(tok, string, tok_len) == 0) {
+ return (YES);
+ }
+ return (NO);
+}
+
+/* string_match - match a string against one token */
+
+static int string_match(char *tok, char *string)
+{
+
+ /*
+ * If the token has the magic value "ALL" the match always succeeds.
+ * Otherwise, return YES if the token fully matches the string.
+ */
+
+ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
+ return (YES);
+ } else if (strcasecmp(tok, string) == 0) { /* try exact match */
+ return (YES);
+ }
+ return (NO);
+}
Added: vendor-crypto/heimdal/dist/appl/rsh/rsh.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/rsh.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/rsh.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,295 @@
+.\" Copyright (c) 2002 - 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: rsh.1,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd February 20, 2004
+.Dt RSH 1
+.Os HEIMDAL
+.Sh NAME
+.Nm rsh
+.Nd
+remote shell
+.Sh SYNOPSIS
+.Nm
+.Op Fl 45FGKdefnuxz
+.Op Fl U Pa string
+.Op Fl p Ar port
+.Op Fl l Ar username
+.Op Fl P Ar N|O
+.Ar host [command]
+.Sh DESCRIPTION
+.Nm
+authenticates to the
+.Xr rshd 8
+daemon on the remote
+.Ar host ,
+and then executes the specified
+.Ar command .
+.Pp
+.Nm
+copies its standard input to the remote command, and the standard
+output and error of the remote command to its own.
+.Pp
+Valid options are:
+.Bl -tag -width Ds
+.It Xo
+.Fl 4 ,
+.Fl -krb4
+.Xc
+The
+.Fl 4
+option requests Kerberos 4 authentication. Normally all supported
+authentication mechanisms will be tried, but in some cases more
+explicit control is desired.
+.It Xo
+.Fl 5 ,
+.Fl -krb5
+.Xc
+The
+.Fl 5
+option requests Kerberos 5 authentication. This is analogous to the
+.Fl 4
+option.
+.It Xo
+.Fl K ,
+.Fl -broken
+.Xc
+The
+.Fl K
+option turns off all Kerberos authentication. The security in this
+mode relies on reserved ports. The long name is an indication of how
+good this is.
+.It Xo
+.Fl n ,
+.Fl -no-input
+.Xc
+The
+.Fl n
+option directs the input from the
+.Pa /dev/null
+device (see the
+.Sx BUGS
+section of this manual page).
+.It Fl d
+Enable
+.Xr setsockopt 2
+socket debugging.
+.It Xo
+.Fl e ,
+.Fl -no-stderr
+.Xc
+Don't use a separate socket for the stderr stream. This can be
+necessary if rsh-ing through a NAT bridge.
+.It Xo
+.Fl x ,
+.Fl -encrypt
+.Xc
+The
+.Fl x
+option enables encryption for all data exchange. This is only valid
+for Kerberos authenticated connections (see the
+.Sx BUGS
+section for limitations).
+.It Xo
+.Fl z
+.Xc
+The opposite of
+.Fl x .
+This is the default, and is mainly useful if encryption has been
+enabled by default, for instance in the
+.Li appdefaults
+section of
+.Pa /etc/krb5.conf
+when using Kerberos 5.
+.It Xo
+.Fl f ,
+.Fl -forward
+.Xc
+Forward Kerberos 5 credentials to the remote host.
+Also settable via
+.Li appdefaults
+(see
+.Xr krb5.conf ) .
+.It Xo
+.Fl F ,
+.Fl -forwardable
+.Xc
+Make the forwarded credentials re-forwardable.
+Also settable via
+.Li appdefaults
+(see
+.Xr krb5.conf ) .
+.It Xo
+.Fl l Ar string ,
+.Fl -user= Ns Ar string
+.Xc
+By default the remote username is the same as the local. The
+.Fl l
+option or the
+.Pa username at host
+format allow the remote name to be specified.
+.It Xo
+.Fl n ,
+.Fl -no-input
+.Xc
+Direct input from
+.Pa /dev/null
+(see the
+.Sx BUGS
+section).
+.It Xo
+.Fl p Ar number-or-service ,
+.Fl -port= Ns Ar number-or-service
+.Xc
+Connect to this port instead of the default (which is 514 when using
+old port based authentication, 544 for Kerberos 5 and non-encrypted
+Kerberos 4, and 545 for encrytpted Kerberos 4; subject of course to
+the contents of
+.Pa /etc/services ) .
+.It Xo
+.Fl P Ar N|O|1|2 ,
+.Fl -protocol= Ns Ar N|O|1|2
+.Xc
+Specifies the protocol version to use with Kerberos 5.
+.Ar N
+and
+.Ar 2
+select protocol version 2, while
+.Ar O
+and
+.Ar 1
+select version 1. Version 2 is believed to be more secure, and is the
+default. Unless asked for a specific version,
+.Nm
+will try both. This behaviour may change in the future.
+.It Xo
+.Fl u ,
+.Fl -unique
+.Xc
+Make sure the remote credentials cache is unique, that is, don't reuse
+any existing cache. Mutually exclusive to
+.Fl U .
+.It Xo
+.Fl U Pa string ,
+.Fl -tkfile= Ns Pa string
+.Xc
+Name of the remote credentials cache. Mutually exclusive to
+.Fl u .
+.It Xo
+.Fl x ,
+.Fl -encrypt
+.Xc
+The
+.Fl x
+option enables encryption for all data exchange. This is only valid
+for Kerberos authenticated connections (see the
+.Sx BUGS
+section for limitations).
+.It Fl z
+The opposite of
+.Fl x .
+This is the default, but encryption can be enabled when using
+Kerberos 5, by setting the
+.Li libdefaults/encrypt
+option in
+.Xr krb5.conf 5 .
+.El
+.\".Pp
+.\"Without a
+.\".Ar command
+.\".Nm
+.\"will just exec
+.\".Xr rlogin 1
+.\"with the same arguments.
+.Sh EXAMPLES
+Care should be taken when issuing commands containing shell meta
+characters. Without quoting, these will be expanded on the local
+machine.
+.Pp
+The following command:
+.Pp
+.Dl rsh otherhost cat remotefile \*[Gt] localfile
+.Pp
+will write the contents of the remote
+.Pa remotefile
+to the local
+.Pa localfile ,
+but:
+.Pp
+.Dl rsh otherhost 'cat remotefile \*[Gt] remotefile2'
+.Pp
+will write it to the remote
+.Pa remotefile2 .
+.\".Sh ENVIRONMENT
+.Sh FILES
+.Bl -tag -width /etc/hosts -compact
+.It Pa /etc/hosts
+.El
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr rlogin 1 ,
+.Xr krb_realmofhost 3 ,
+.Xr krb_sendauth 3 ,
+.Xr hosts.equiv 5 ,
+.Xr krb5.conf 5 ,
+.Xr rhosts 5 ,
+.Xr kerberos 8
+.Xr rshd 8
+.\".Sh STANDARDS
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
+.Sh AUTHORS
+This implementation of
+.Nm
+was written as part of the Heimdal Kerberos 5 implementation.
+.Sh BUGS
+Some shells (notably
+.Xr csh 1 )
+will cause
+.Nm
+to block if run in the background, unless the standard input is directed away from the terminal. This is what the
+.Fl n
+option is for.
+.Pp
+The
+.Fl x
+options enables encryption for the session, but for both Kerberos 4
+and 5 the actual command is sent unencrypted, so you should not send
+any secret information in the command line (which is probably a bad
+idea anyway, since the command line can usually be read with tools
+like
+.Xr ps 1 ) .
+Forthermore in Kerberos 4 the command is not even integrity
+protected, so anyone with the right tools can modify the command.
Added: vendor-crypto/heimdal/dist/appl/rsh/rsh.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/rsh.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/rsh.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1124 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "rsh_locl.h"
+RCSID("$Id: rsh.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+enum auth_method auth_method;
+#if defined(KRB4) || defined(KRB5)
+int do_encrypt = -1;
+#endif
+#ifdef KRB5
+int do_unique_tkfile = 0;
+char *unique_tkfile = NULL;
+char tkfile[MAXPATHLEN];
+int do_forward = -1;
+int do_forwardable = -1;
+krb5_context context;
+krb5_keyblock *keyblock;
+krb5_crypto crypto;
+#endif
+#ifdef KRB4
+des_key_schedule schedule;
+des_cblock iv;
+#endif
+int sock_debug = 0;
+
+#ifdef KRB4
+static int use_v4 = -1;
+#endif
+#ifdef KRB5
+static int use_v5 = -1;
+#endif
+#if defined(KRB4) || defined(KRB5)
+static int use_only_broken = 0;
+#else
+static int use_only_broken = 1;
+#endif
+static int use_broken = 1;
+static char *port_str;
+static const char *user;
+static int do_version;
+static int do_help;
+static int do_errsock = 1;
+#ifdef KRB5
+static char *protocol_version_str;
+static int protocol_version = 2;
+#endif
+
+/*
+ *
+ */
+
+static int input = 1; /* Read from stdin */
+
+static int
+rsh_loop (int s, int errsock)
+{
+ fd_set real_readset;
+ int count = 1;
+
+#ifdef KRB5
+ if(auth_method == AUTH_KRB5 && protocol_version == 2)
+ init_ivecs(1, errsock != -1);
+#endif
+
+ if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
+ errx (1, "fd too large");
+
+ FD_ZERO(&real_readset);
+ FD_SET(s, &real_readset);
+ if (errsock != -1) {
+ FD_SET(errsock, &real_readset);
+ ++count;
+ }
+ if(input)
+ FD_SET(STDIN_FILENO, &real_readset);
+
+ for (;;) {
+ int ret;
+ fd_set readset;
+ char buf[RSH_BUFSIZ];
+
+ readset = real_readset;
+ ret = select (max(s, errsock) + 1, &readset, NULL, NULL, NULL);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ err (1, "select");
+ }
+ if (FD_ISSET(s, &readset)) {
+ ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
+ if (ret < 0)
+ err (1, "read");
+ else if (ret == 0) {
+ close (s);
+ FD_CLR(s, &real_readset);
+ if (--count == 0)
+ return 0;
+ } else
+ net_write (STDOUT_FILENO, buf, ret);
+ }
+ if (errsock != -1 && FD_ISSET(errsock, &readset)) {
+ ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
+ if (ret < 0)
+ err (1, "read");
+ else if (ret == 0) {
+ close (errsock);
+ FD_CLR(errsock, &real_readset);
+ if (--count == 0)
+ return 0;
+ } else
+ net_write (STDERR_FILENO, buf, ret);
+ }
+ if (FD_ISSET(STDIN_FILENO, &readset)) {
+ ret = read (STDIN_FILENO, buf, sizeof(buf));
+ if (ret < 0)
+ err (1, "read");
+ else if (ret == 0) {
+ close (STDIN_FILENO);
+ FD_CLR(STDIN_FILENO, &real_readset);
+ shutdown (s, SHUT_WR);
+ } else
+ do_write (s, buf, ret, ivec_out[0]);
+ }
+ }
+}
+
+#ifdef KRB4
+static int
+send_krb4_auth(int s,
+ struct sockaddr *thisaddr,
+ struct sockaddr *thataddr,
+ const char *hostname,
+ const char *remote_user,
+ const char *local_user,
+ size_t cmd_len,
+ const char *cmd)
+{
+ KTEXT_ST text;
+ CREDENTIALS cred;
+ MSG_DAT msg;
+ int status;
+ size_t len;
+
+ /* the normal default for krb4 should be to disable encryption */
+ status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0,
+ s, &text, "rcmd",
+ (char *)hostname, krb_realmofhost (hostname),
+ getpid(), &msg, &cred, schedule,
+ (struct sockaddr_in *)thisaddr,
+ (struct sockaddr_in *)thataddr,
+ KCMD_OLD_VERSION);
+ if (status != KSUCCESS) {
+ warnx("%s: %s", hostname, krb_get_err_text(status));
+ return 1;
+ }
+ memcpy (iv, cred.session, sizeof(iv));
+
+ len = strlen(remote_user) + 1;
+ if (net_write (s, remote_user, len) != len) {
+ warn("write");
+ return 1;
+ }
+ if (net_write (s, cmd, cmd_len) != cmd_len) {
+ warn("write");
+ return 1;
+ }
+ return 0;
+}
+#endif /* KRB4 */
+
+#ifdef KRB5
+/*
+ * Send forward information on `s' for host `hostname', them being
+ * forwardable themselves if `forwardable'
+ */
+
+static int
+krb5_forward_cred (krb5_auth_context auth_context,
+ int s,
+ const char *hostname,
+ int forwardable)
+{
+ krb5_error_code ret;
+ krb5_ccache ccache;
+ krb5_creds creds;
+ krb5_kdc_flags flags;
+ krb5_data out_data;
+ krb5_principal principal;
+
+ memset (&creds, 0, sizeof(creds));
+
+ ret = krb5_cc_default (context, &ccache);
+ if (ret) {
+ warnx ("could not forward creds: krb5_cc_default: %s",
+ krb5_get_err_text (context, ret));
+ return 1;
+ }
+
+ ret = krb5_cc_get_principal (context, ccache, &principal);
+ if (ret) {
+ warnx ("could not forward creds: krb5_cc_get_principal: %s",
+ krb5_get_err_text (context, ret));
+ return 1;
+ }
+
+ creds.client = principal;
+
+ ret = krb5_build_principal (context,
+ &creds.server,
+ strlen(principal->realm),
+ principal->realm,
+ "krbtgt",
+ principal->realm,
+ NULL);
+
+ if (ret) {
+ warnx ("could not forward creds: krb5_build_principal: %s",
+ krb5_get_err_text (context, ret));
+ return 1;
+ }
+
+ creds.times.endtime = 0;
+
+ flags.i = 0;
+ flags.b.forwarded = 1;
+ flags.b.forwardable = forwardable;
+
+ ret = krb5_get_forwarded_creds (context,
+ auth_context,
+ ccache,
+ flags.i,
+ hostname,
+ &creds,
+ &out_data);
+ if (ret) {
+ warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
+ krb5_get_err_text (context, ret));
+ return 1;
+ }
+
+ ret = krb5_write_message (context,
+ (void *)&s,
+ &out_data);
+ krb5_data_free (&out_data);
+
+ if (ret)
+ warnx ("could not forward creds: krb5_write_message: %s",
+ krb5_get_err_text (context, ret));
+ return 0;
+}
+
+static int sendauth_version_error;
+
+static int
+send_krb5_auth(int s,
+ struct sockaddr *thisaddr,
+ struct sockaddr *thataddr,
+ const char *hostname,
+ const char *remote_user,
+ const char *local_user,
+ size_t cmd_len,
+ const char *cmd)
+{
+ krb5_principal server;
+ krb5_data cksum_data;
+ int status;
+ size_t len;
+ krb5_auth_context auth_context = NULL;
+ const char *protocol_string = NULL;
+ krb5_flags ap_opts;
+ char *str;
+
+ status = krb5_sname_to_principal(context,
+ hostname,
+ "host",
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status) {
+ warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
+ return 1;
+ }
+
+ if(do_encrypt == -1) {
+ krb5_appdefault_boolean(context, NULL,
+ krb5_principal_get_realm(context, server),
+ "encrypt",
+ FALSE,
+ &do_encrypt);
+ }
+
+ cksum_data.length = asprintf (&str,
+ "%u:%s%s%s",
+ ntohs(socket_get_port(thataddr)),
+ do_encrypt ? "-x " : "",
+ cmd,
+ remote_user);
+ if (str == NULL) {
+ warnx ("%s: failed to allocate command", hostname);
+ return 1;
+ }
+ cksum_data.data = str;
+
+ ap_opts = 0;
+
+ if(do_encrypt)
+ ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
+
+ switch(protocol_version) {
+ case 2:
+ ap_opts |= AP_OPTS_USE_SUBKEY;
+ protocol_string = KCMD_NEW_VERSION;
+ break;
+ case 1:
+ protocol_string = KCMD_OLD_VERSION;
+ key_usage = KRB5_KU_OTHER_ENCRYPTED;
+ break;
+ default:
+ abort();
+ }
+
+ status = krb5_sendauth (context,
+ &auth_context,
+ &s,
+ protocol_string,
+ NULL,
+ server,
+ ap_opts,
+ &cksum_data,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ /* do this while we have a principal */
+ if(do_forward == -1 || do_forwardable == -1) {
+ krb5_const_realm realm = krb5_principal_get_realm(context, server);
+ if (do_forwardable == -1)
+ krb5_appdefault_boolean(context, NULL, realm,
+ "forwardable", FALSE,
+ &do_forwardable);
+ if (do_forward == -1)
+ krb5_appdefault_boolean(context, NULL, realm,
+ "forward", FALSE,
+ &do_forward);
+ }
+
+ krb5_free_principal(context, server);
+ krb5_data_free(&cksum_data);
+
+ if (status) {
+ if(status == KRB5_SENDAUTH_REJECTED &&
+ protocol_version == 2 && protocol_version_str == NULL)
+ sendauth_version_error = 1;
+ else
+ krb5_warn(context, status, "%s", hostname);
+ return 1;
+ }
+
+ status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
+ if(keyblock == NULL)
+ status = krb5_auth_con_getkey (context, auth_context, &keyblock);
+ if (status) {
+ warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
+ return 1;
+ }
+
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &s);
+ if (status) {
+ warnx("krb5_auth_con_setaddrs_from_fd: %s",
+ krb5_get_err_text(context, status));
+ return(1);
+ }
+
+ status = krb5_crypto_init(context, keyblock, 0, &crypto);
+ if(status) {
+ warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
+ return 1;
+ }
+
+ len = strlen(remote_user) + 1;
+ if (net_write (s, remote_user, len) != len) {
+ warn ("write");
+ return 1;
+ }
+ if (do_encrypt && net_write (s, "-x ", 3) != 3) {
+ warn ("write");
+ return 1;
+ }
+ if (net_write (s, cmd, cmd_len) != cmd_len) {
+ warn ("write");
+ return 1;
+ }
+
+ if (do_unique_tkfile) {
+ if (net_write (s, tkfile, strlen(tkfile)) != strlen(tkfile)) {
+ warn ("write");
+ return 1;
+ }
+ }
+ len = strlen(local_user) + 1;
+ if (net_write (s, local_user, len) != len) {
+ warn ("write");
+ return 1;
+ }
+
+ if (!do_forward
+ || krb5_forward_cred (auth_context, s, hostname, do_forwardable)) {
+ /* Empty forwarding info */
+
+ u_char zero[4] = {0, 0, 0, 0};
+ write (s, &zero, 4);
+ }
+ krb5_auth_con_free (context, auth_context);
+ return 0;
+}
+
+#endif /* KRB5 */
+
+static int
+send_broken_auth(int s,
+ struct sockaddr *thisaddr,
+ struct sockaddr *thataddr,
+ const char *hostname,
+ const char *remote_user,
+ const char *local_user,
+ size_t cmd_len,
+ const char *cmd)
+{
+ size_t len;
+
+ len = strlen(local_user) + 1;
+ if (net_write (s, local_user, len) != len) {
+ warn ("write");
+ return 1;
+ }
+ len = strlen(remote_user) + 1;
+ if (net_write (s, remote_user, len) != len) {
+ warn ("write");
+ return 1;
+ }
+ if (net_write (s, cmd, cmd_len) != cmd_len) {
+ warn ("write");
+ return 1;
+ }
+ return 0;
+}
+
+static int
+proto (int s, int errsock,
+ const char *hostname, const char *local_user, const char *remote_user,
+ const char *cmd, size_t cmd_len,
+ int (*auth_func)(int s,
+ struct sockaddr *this, struct sockaddr *that,
+ const char *hostname, const char *remote_user,
+ const char *local_user, size_t cmd_len,
+ const char *cmd))
+{
+ int errsock2;
+ char buf[BUFSIZ];
+ char *p;
+ size_t len;
+ char reply;
+ struct sockaddr_storage thisaddr_ss;
+ struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
+ struct sockaddr_storage thataddr_ss;
+ struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
+ struct sockaddr_storage erraddr_ss;
+ struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
+ socklen_t addrlen;
+ int ret;
+
+ addrlen = sizeof(thisaddr_ss);
+ if (getsockname (s, thisaddr, &addrlen) < 0) {
+ warn ("getsockname(%s)", hostname);
+ return 1;
+ }
+ addrlen = sizeof(thataddr_ss);
+ if (getpeername (s, thataddr, &addrlen) < 0) {
+ warn ("getpeername(%s)", hostname);
+ return 1;
+ }
+
+ if (errsock != -1) {
+
+ addrlen = sizeof(erraddr_ss);
+ if (getsockname (errsock, erraddr, &addrlen) < 0) {
+ warn ("getsockname");
+ return 1;
+ }
+
+ if (listen (errsock, 1) < 0) {
+ warn ("listen");
+ return 1;
+ }
+
+ p = buf;
+ snprintf (p, sizeof(buf), "%u",
+ ntohs(socket_get_port(erraddr)));
+ len = strlen(buf) + 1;
+ if(net_write (s, buf, len) != len) {
+ warn ("write");
+ close (errsock);
+ return 1;
+ }
+
+
+ for (;;) {
+ fd_set fdset;
+
+ if (errsock >= FD_SETSIZE || s >= FD_SETSIZE)
+ errx (1, "fd too large");
+
+ FD_ZERO(&fdset);
+ FD_SET(errsock, &fdset);
+ FD_SET(s, &fdset);
+
+ ret = select (max(errsock, s) + 1, &fdset, NULL, NULL, NULL);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ warn ("select");
+ close (errsock);
+ return 1;
+ }
+ if (FD_ISSET(errsock, &fdset)) {
+ errsock2 = accept (errsock, NULL, NULL);
+ close (errsock);
+ if (errsock2 < 0) {
+ warn ("accept");
+ return 1;
+ }
+ break;
+ }
+
+ /*
+ * there should not arrive any data on this fd so if it's
+ * readable it probably indicates that the other side when
+ * away.
+ */
+
+ if (FD_ISSET(s, &fdset)) {
+ warnx ("socket closed");
+ close (errsock);
+ errsock2 = -1;
+ break;
+ }
+ }
+ } else {
+ if (net_write (s, "0", 2) != 2) {
+ warn ("write");
+ return 1;
+ }
+ errsock2 = -1;
+ }
+
+ if ((*auth_func)(s, thisaddr, thataddr, hostname,
+ remote_user, local_user,
+ cmd_len, cmd)) {
+ close (errsock2);
+ return 1;
+ }
+
+ ret = net_read (s, &reply, 1);
+ if (ret < 0) {
+ warn ("read");
+ close (errsock2);
+ return 1;
+ } else if (ret == 0) {
+ warnx ("unexpected EOF from %s", hostname);
+ close (errsock2);
+ return 1;
+ }
+ if (reply != 0) {
+
+ warnx ("Error from rshd at %s:", hostname);
+
+ while ((ret = read (s, buf, sizeof(buf))) > 0)
+ write (STDOUT_FILENO, buf, ret);
+ write (STDOUT_FILENO,"\n",1);
+ close (errsock2);
+ return 1;
+ }
+
+ if (sock_debug) {
+ int one = 1;
+ if (setsockopt(s, SOL_SOCKET, SO_DEBUG, (void *)&one, sizeof(one)) < 0)
+ warn("setsockopt remote");
+ if (errsock2 != -1 &&
+ setsockopt(errsock2, SOL_SOCKET, SO_DEBUG,
+ (void *)&one, sizeof(one)) < 0)
+ warn("setsockopt stderr");
+ }
+
+ return rsh_loop (s, errsock2);
+}
+
+/*
+ * Return in `res' a copy of the concatenation of `argc, argv' into
+ * malloced space. */
+
+static size_t
+construct_command (char **res, int argc, char **argv)
+{
+ int i;
+ size_t len = 0;
+ char *tmp;
+
+ for (i = 0; i < argc; ++i)
+ len += strlen(argv[i]) + 1;
+ len = max (1, len);
+ tmp = malloc (len);
+ if (tmp == NULL)
+ errx (1, "malloc %lu failed", (unsigned long)len);
+
+ *tmp = '\0';
+ for (i = 0; i < argc - 1; ++i) {
+ strlcat (tmp, argv[i], len);
+ strlcat (tmp, " ", len);
+ }
+ if (argc > 0)
+ strlcat (tmp, argv[argc-1], len);
+ *res = tmp;
+ return len;
+}
+
+static char *
+print_addr (const struct sockaddr *sa)
+{
+ char addr_str[256];
+ char *res;
+ const char *as = NULL;
+
+ if(sa->sa_family == AF_INET)
+ as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr,
+ addr_str, sizeof(addr_str));
+#ifdef HAVE_INET6
+ else if(sa->sa_family == AF_INET6)
+ as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr,
+ addr_str, sizeof(addr_str));
+#endif
+ if(as == NULL)
+ return NULL;
+ res = strdup(as);
+ if (res == NULL)
+ errx (1, "malloc: out of memory");
+ return res;
+}
+
+static int
+doit_broken (int argc,
+ char **argv,
+ int hostindex,
+ struct addrinfo *ai,
+ const char *remote_user,
+ const char *local_user,
+ int priv_socket1,
+ int priv_socket2,
+ const char *cmd,
+ size_t cmd_len)
+{
+ struct addrinfo *a;
+
+ if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
+ int save_errno = errno;
+
+ close(priv_socket1);
+ close(priv_socket2);
+
+ for (a = ai->ai_next; a != NULL; a = a->ai_next) {
+ pid_t pid;
+ char *adr = print_addr(a->ai_addr);
+ if(adr == NULL)
+ continue;
+
+ pid = fork();
+ if (pid < 0)
+ err (1, "fork");
+ else if(pid == 0) {
+ char **new_argv;
+ int i = 0;
+
+ new_argv = malloc((argc + 2) * sizeof(*new_argv));
+ if (new_argv == NULL)
+ errx (1, "malloc: out of memory");
+ new_argv[i] = argv[i];
+ ++i;
+ if (hostindex == i)
+ new_argv[i++] = adr;
+ new_argv[i++] = "-K";
+ for(; i <= argc; ++i)
+ new_argv[i] = argv[i - 1];
+ if (hostindex > 1)
+ new_argv[hostindex + 1] = adr;
+ new_argv[argc + 1] = NULL;
+ execv(PATH_RSH, new_argv);
+ err(1, "execv(%s)", PATH_RSH);
+ } else {
+ int status;
+ free(adr);
+
+ while(waitpid(pid, &status, 0) < 0)
+ ;
+ if(WIFEXITED(status) && WEXITSTATUS(status) == 0)
+ return 0;
+ }
+ }
+ errno = save_errno;
+ warn("%s", argv[hostindex]);
+ return 1;
+ } else {
+ int ret;
+
+ ret = proto (priv_socket1, priv_socket2,
+ argv[hostindex],
+ local_user, remote_user,
+ cmd, cmd_len,
+ send_broken_auth);
+ return ret;
+ }
+}
+
+#if defined(KRB4) || defined(KRB5)
+static int
+doit (const char *hostname,
+ struct addrinfo *ai,
+ const char *remote_user,
+ const char *local_user,
+ const char *cmd,
+ size_t cmd_len,
+ int (*auth_func)(int s,
+ struct sockaddr *this, struct sockaddr *that,
+ const char *hostname, const char *remote_user,
+ const char *local_user, size_t cmd_len,
+ const char *cmd))
+{
+ int error;
+ struct addrinfo *a;
+ int socketfailed = 1;
+ int ret;
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ int s;
+ int errsock;
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ socketfailed = 0;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ char addr[128];
+ if(getnameinfo(a->ai_addr, a->ai_addrlen,
+ addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
+ warn ("connect(%s [%s])", hostname, addr);
+ else
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ if (do_errsock) {
+ struct addrinfo *ea, *eai;
+ struct addrinfo hints;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = a->ai_socktype;
+ hints.ai_protocol = a->ai_protocol;
+ hints.ai_family = a->ai_family;
+ hints.ai_flags = AI_PASSIVE;
+
+ errsock = -1;
+
+ error = getaddrinfo (NULL, "0", &hints, &eai);
+ if (error)
+ errx (1, "getaddrinfo: %s", gai_strerror(error));
+ for (ea = eai; ea != NULL; ea = ea->ai_next) {
+ errsock = socket (ea->ai_family, ea->ai_socktype,
+ ea->ai_protocol);
+ if (errsock < 0)
+ continue;
+ if (bind (errsock, ea->ai_addr, ea->ai_addrlen) < 0)
+ err (1, "bind");
+ break;
+ }
+ if (errsock < 0)
+ err (1, "socket");
+ freeaddrinfo (eai);
+ } else
+ errsock = -1;
+
+ ret = proto (s, errsock,
+ hostname,
+ local_user, remote_user,
+ cmd, cmd_len, auth_func);
+ close (s);
+ return ret;
+ }
+ if(socketfailed)
+ warnx ("failed to contact %s", hostname);
+ return -1;
+}
+#endif /* KRB4 || KRB5 */
+
+struct getargs args[] = {
+#ifdef KRB4
+ { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
+#endif
+#ifdef KRB5
+ { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
+ { "forward", 'f', arg_flag, &do_forward, "Forward credentials [krb5]"},
+ { "forwardable", 'F', arg_flag, &do_forwardable,
+ "Forward forwardable credentials [krb5]" },
+ { NULL, 'G', arg_negative_flag,&do_forward, "Don't forward credentials" },
+ { "unique", 'u', arg_flag, &do_unique_tkfile,
+ "Use unique remote credentials cache [krb5]" },
+ { "tkfile", 'U', arg_string, &unique_tkfile,
+ "Specifies remote credentials cache [krb5]" },
+ { "protocol", 'P', arg_string, &protocol_version_str,
+ "Protocol version [krb5]", "protocol" },
+#endif
+ { "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
+#if defined(KRB4) || defined(KRB5)
+ { "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
+ { NULL, 'z', arg_negative_flag, &do_encrypt,
+ "Don't encrypt connection", NULL },
+#endif
+ { NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
+ { "input", 'n', arg_negative_flag, &input, "Close stdin" },
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "port" },
+ { "user", 'l', arg_string, &user, "Run as this user", "login" },
+ { "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
+#ifdef KRB5
+#endif
+ { "version", 0, arg_flag, &do_version, NULL },
+ { "help", 0, arg_flag, &do_help, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "[login@]host [command]");
+ exit (ret);
+}
+
+/*
+ *
+ */
+
+int
+main(int argc, char **argv)
+{
+ int priv_port1, priv_port2;
+ int priv_socket1, priv_socket2;
+ int argindex = 0;
+ int error;
+ struct addrinfo hints, *ai;
+ int ret = 1;
+ char *cmd;
+ char *tmp;
+ size_t cmd_len;
+ const char *local_user;
+ char *host = NULL;
+ int host_index = -1;
+#ifdef KRB5
+ int status;
+#endif
+ uid_t uid;
+
+ priv_port1 = priv_port2 = IPPORT_RESERVED-1;
+ priv_socket1 = rresvport(&priv_port1);
+ priv_socket2 = rresvport(&priv_port2);
+ uid = getuid ();
+ if (setuid (uid) || (uid != 0 && setuid(0) == 0))
+ err (1, "setuid");
+
+ setprogname (argv[0]);
+
+ if (argc >= 2 && argv[1][0] != '-') {
+ host = argv[host_index = 1];
+ argindex = 1;
+ }
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &argindex))
+ usage (1);
+
+ if (do_help)
+ usage (0);
+
+ if (do_version) {
+ print_version (NULL);
+ return 0;
+ }
+
+#ifdef KRB5
+ if(protocol_version_str != NULL) {
+ if(strcasecmp(protocol_version_str, "N") == 0)
+ protocol_version = 2;
+ else if(strcasecmp(protocol_version_str, "O") == 0)
+ protocol_version = 1;
+ else {
+ char *end;
+ int v;
+ v = strtol(protocol_version_str, &end, 0);
+ if(*end != '\0' || (v != 1 && v != 2)) {
+ errx(1, "unknown protocol version \"%s\"",
+ protocol_version_str);
+ }
+ protocol_version = v;
+ }
+ }
+
+ status = krb5_init_context (&context);
+ if (status) {
+ if(use_v5 == 1)
+ errx(1, "krb5_init_context failed: %d", status);
+ else
+ use_v5 = 0;
+ }
+
+ /* request for forwardable on the command line means we should
+ also forward */
+ if (do_forwardable == 1)
+ do_forward = 1;
+
+#endif
+
+#if defined(KRB4) && defined(KRB5)
+ if(use_v4 == -1 && use_v5 == 1)
+ use_v4 = 0;
+ if(use_v5 == -1 && use_v4 == 1)
+ use_v5 = 0;
+#endif
+
+ if (use_only_broken) {
+#ifdef KRB4
+ use_v4 = 0;
+#endif
+#ifdef KRB5
+ use_v5 = 0;
+#endif
+ }
+
+ if(priv_socket1 < 0) {
+ if (use_only_broken)
+ errx (1, "unable to bind reserved port: is rsh setuid root?");
+ use_broken = 0;
+ }
+
+#if defined(KRB4) || defined(KRB5)
+ if (do_encrypt == 1 && use_only_broken)
+ errx (1, "encryption not supported with old style authentication");
+#endif
+
+
+
+#ifdef KRB5
+ if (do_unique_tkfile && unique_tkfile != NULL)
+ errx (1, "Only one of -u and -U allowed.");
+
+ if (do_unique_tkfile)
+ strlcpy(tkfile,"-u ", sizeof(tkfile));
+ else if (unique_tkfile != NULL) {
+ if (strchr(unique_tkfile,' ') != NULL) {
+ warnx("Space is not allowed in tkfilename");
+ usage(1);
+ }
+ do_unique_tkfile = 1;
+ snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
+ }
+#endif
+
+ if (host == NULL) {
+ if (argc - argindex < 1)
+ usage (1);
+ else
+ host = argv[host_index = argindex++];
+ }
+
+ if((tmp = strchr(host, '@')) != NULL) {
+ *tmp++ = '\0';
+ user = host;
+ host = tmp;
+ }
+
+ if (argindex == argc) {
+ close (priv_socket1);
+ close (priv_socket2);
+ argv[0] = "rlogin";
+ execvp ("rlogin", argv);
+ err (1, "execvp rlogin");
+ }
+
+ local_user = get_default_username ();
+ if (local_user == NULL)
+ errx (1, "who are you?");
+
+ if (user == NULL)
+ user = local_user;
+
+ cmd_len = construct_command(&cmd, argc - argindex, argv + argindex);
+
+ /*
+ * Try all different authentication methods
+ */
+
+#ifdef KRB5
+ if (ret && use_v5) {
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ if(port_str == NULL) {
+ error = getaddrinfo(host, "kshell", &hints, &ai);
+ if(error == EAI_NONAME)
+ error = getaddrinfo(host, "544", &hints, &ai);
+ } else
+ error = getaddrinfo(host, port_str, &hints, &ai);
+
+ if(error)
+ errx (1, "getaddrinfo: %s", gai_strerror(error));
+
+ auth_method = AUTH_KRB5;
+ again:
+ ret = doit (host, ai, user, local_user, cmd, cmd_len,
+ send_krb5_auth);
+ if(ret != 0 && sendauth_version_error &&
+ protocol_version == 2) {
+ protocol_version = 1;
+ goto again;
+ }
+ freeaddrinfo(ai);
+ }
+#endif
+#ifdef KRB4
+ if (ret && use_v4) {
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ if(port_str == NULL) {
+ if(do_encrypt) {
+ error = getaddrinfo(host, "ekshell", &hints, &ai);
+ if(error == EAI_NONAME)
+ error = getaddrinfo(host, "545", &hints, &ai);
+ } else {
+ error = getaddrinfo(host, "kshell", &hints, &ai);
+ if(error == EAI_NONAME)
+ error = getaddrinfo(host, "544", &hints, &ai);
+ }
+ } else
+ error = getaddrinfo(host, port_str, &hints, &ai);
+
+ if(error)
+ errx (1, "getaddrinfo: %s", gai_strerror(error));
+ auth_method = AUTH_KRB4;
+ ret = doit (host, ai, user, local_user, cmd, cmd_len,
+ send_krb4_auth);
+ freeaddrinfo(ai);
+ }
+#endif
+ if (ret && use_broken) {
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ if(port_str == NULL) {
+ error = getaddrinfo(host, "shell", &hints, &ai);
+ if(error == EAI_NONAME)
+ error = getaddrinfo(host, "514", &hints, &ai);
+ } else
+ error = getaddrinfo(host, port_str, &hints, &ai);
+
+ if(error)
+ errx (1, "getaddrinfo: %s", gai_strerror(error));
+
+ auth_method = AUTH_BROKEN;
+ ret = doit_broken (argc, argv, host_index, ai,
+ user, local_user,
+ priv_socket1,
+ do_errsock ? priv_socket2 : -1,
+ cmd, cmd_len);
+ freeaddrinfo(ai);
+ }
+ free(cmd);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/appl/rsh/rsh_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/rsh_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/rsh_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: rsh_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include <stdarg.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#include <errno.h>
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#ifdef KRB4
+#include <krb.h>
+#include <prot.h>
+#endif
+#ifdef KRB5
+#include <krb5.h>
+/* XXX */
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+struct ContentInfo;
+struct _krb5_krb_auth_data;
+struct krb5_dh_moduli;
+#include "crypto-headers.h"
+#include <krb5-private.h> /* for _krb5_{get,put}_int */
+#endif
+#if defined(KRB4) || defined(KRB5)
+#include <kafs.h>
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/bin:/bin"
+#endif
+
+#include "loginpaths.h"
+
+/*
+ *
+ */
+
+enum auth_method { AUTH_KRB4, AUTH_KRB5, AUTH_BROKEN };
+
+extern enum auth_method auth_method;
+extern int do_encrypt;
+#ifdef KRB5
+extern krb5_context context;
+extern krb5_keyblock *keyblock;
+extern krb5_crypto crypto;
+extern int key_usage;
+extern void *ivec_in[2];
+extern void *ivec_out[2];
+void init_ivecs(int, int);
+#endif
+#ifdef KRB4
+extern des_key_schedule schedule;
+extern des_cblock iv;
+#endif
+
+#define KCMD_OLD_VERSION "KCMDV0.1"
+#define KCMD_NEW_VERSION "KCMDV0.2"
+
+#define USERNAME_SZ 16
+#ifndef ARG_MAX
+#define ARG_MAX 8192
+#endif
+
+#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
+#define RSHD_BUFSIZ (16 * 1024) /* Old maxize for Heimdal 0.4 rsh */
+
+#define PATH_RSH BINDIR "/rsh"
+
+#if defined(KRB4) || defined(KRB5)
+ssize_t do_read (int, void*, size_t, void*);
+ssize_t do_write (int, void*, size_t, void*);
+#else
+#define do_write(F, B, L, I) write((F), (B), (L))
+#define do_read(F, B, L, I) read((F), (B), (L))
+#endif
Added: vendor-crypto/heimdal/dist/appl/rsh/rshd.8
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/rshd.8 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/rshd.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,162 @@
+.\" Copyright (c) 2001 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: rshd.8,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd November 22, 2002
+.Dt RSHD 8
+.Os HEIMDAL
+.Sh NAME
+.Nm rshd
+.Nd
+remote shell server
+.Sh SYNOPSIS
+.Nm
+.Op Fl aiklnvxPL
+.Op Fl p Ar port
+.Sh DESCRIPTION
+.Nm
+is the server for
+the
+.Xr rsh 1
+program. It provides an authenticated remote command execution
+service. Supported options are:
+.Bl -tag -width Ds
+.It Xo
+.Fl n ,
+.Fl -no-keepalive
+.Xc
+Disables keep-alive messages.
+Keep-alives are packets sent at certain intervals to make sure that the
+client is still there, even when it doesn't send any data.
+.It Xo
+.Fl k ,
+.Fl -kerberos
+.Xc
+Assume that clients connecting to this server will use some form of
+Kerberos authentication. See the
+.Sx EXAMPLES
+section for a sample
+.Xr inetd.conf 5
+configuration.
+.It Xo
+.Fl x ,
+.Fl -encrypt
+.Xc
+For Kerberos 4 this means that the connections are encrypted. Kerberos
+5 can negotiate encryption even without this option, but if it's
+present
+.Nm
+will deny unencrypted connections. This option implies
+.Fl k .
+.\".It Xo
+.\".Fl l ,
+.\".Fl -no-rhosts
+.\".Xc
+.\"When using old port-based authentication, the user's
+.\".Pa .rhosts
+.\"files are normally checked. This option disables this.
+.It Xo
+.Fl v ,
+.Fl -vacuous
+.Xc
+If the connecting client does not use any Kerberised authentication,
+print a message that complains about this fact, and exit. This is
+helpful if you want to move away from old port-based authentication.
+.It Xo
+.Fl P
+.Xc
+When using the AFS filesystem, users' authentication tokens are put in
+something called a PAG (Process Authentication Group). Multiple
+processes can share a PAG, but normally each login session has its own
+PAG. This option disables the
+.Fn setpag
+call, so all tokens will be put in the default (uid-based) PAG, making
+it possible to share tokens between sessions. This is only useful in
+peculiar environments, such as some batch systems.
+.It Xo
+.Fl i ,
+.Fl -no-inetd
+.Xc
+The
+.Fl i
+option will cause
+.Nm
+to create a socket, instead of assuming that its stdin came from
+.Xr inetd 8 .
+This is mostly useful for debugging.
+.It Xo
+.Fl p Ar port ,
+.Fl -port= Ns Ar port
+.Xc
+Port to use with
+.Fl i .
+.It Xo
+.Fl a
+.Xc
+This flag is for backwards compatibility only.
+.It Xo
+.Fl L
+.Xc
+This flag enables logging of connections to
+.Xr syslogd 8 .
+This option is always on in this implementation.
+.El
+.\".Sh ENVIRONMENT
+.Sh FILES
+.Bl -tag -width /etc/hosts.equiv -compact
+.It Pa /etc/hosts.equiv
+.It Pa ~/.rhosts
+.El
+.Sh EXAMPLES
+The following can be used to enable Kerberised rsh in
+.Xr inetd.cond 5 ,
+while disabling non-Kerberised connections:
+.Bd -literal
+shell stream tcp nowait root /usr/libexec/rshd rshd -v
+kshell stream tcp nowait root /usr/libexec/rshd rshd -k
+ekshell stream tcp nowait root /usr/libexec/rshd rshd -kx
+.Ed
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr rsh 1 ,
+.Xr iruserok 3
+.\".Sh STANDARDS
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Bx 4.2 .
+.Sh AUTHORS
+This implementation of
+.Nm
+was written as part of the Heimdal Kerberos 5 implementation.
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/appl/rsh/rshd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/rsh/rshd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/rsh/rshd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1063 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "rsh_locl.h"
+#include "login_locl.h"
+RCSID("$Id: rshd.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+int
+login_access( struct passwd *user, char *from);
+int
+read_limits_conf(const char *file, const struct passwd *pwd);
+
+#ifdef NEED_IRUSEROK_PROTO
+int iruserok(uint32_t, int, const char *, const char *);
+#endif
+
+enum auth_method auth_method;
+
+#ifdef KRB5
+krb5_context context;
+krb5_keyblock *keyblock;
+krb5_crypto crypto;
+#endif
+
+#ifdef KRB4
+des_key_schedule schedule;
+des_cblock iv;
+#endif
+
+#ifdef KRB5
+krb5_ccache ccache, ccache2;
+int kerberos_status = 0;
+#endif
+
+int do_encrypt = 0;
+
+static int do_unique_tkfile = 0;
+static char tkfile[MAXPATHLEN] = "";
+
+static int do_inetd = 1;
+static char *port_str;
+static int do_rhosts = 1;
+static int do_kerberos = 0;
+#define DO_KRB4 2
+#define DO_KRB5 4
+static int do_vacuous = 0;
+static int do_log = 1;
+static int do_newpag = 1;
+static int do_addr_verify = 0;
+static int do_keepalive = 1;
+static int do_version;
+static int do_help = 0;
+
+static void
+syslog_and_die (const char *m, ...)
+ __attribute__ ((format (printf, 1, 2)));
+
+static void
+syslog_and_die (const char *m, ...)
+{
+ va_list args;
+
+ va_start(args, m);
+ vsyslog (LOG_ERR, m, args);
+ va_end(args);
+ exit (1);
+}
+
+static void
+fatal (int, const char*, const char *, ...)
+ __attribute__ ((noreturn, format (printf, 3, 4)));
+
+static void
+fatal (int sock, const char *what, const char *m, ...)
+{
+ va_list args;
+ char buf[BUFSIZ];
+ size_t len;
+
+ *buf = 1;
+ va_start(args, m);
+ len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
+ len = min(len, sizeof(buf) - 1);
+ va_end(args);
+ if(what != NULL)
+ syslog (LOG_ERR, "%s: %m: %s", what, buf + 1);
+ else
+ syslog (LOG_ERR, "%s", buf + 1);
+ net_write (sock, buf, len + 1);
+ exit (1);
+}
+
+static char *
+read_str (int s, size_t sz, char *expl)
+{
+ char *str = malloc(sz);
+ char *p = str;
+ if(str == NULL)
+ fatal(s, NULL, "%s too long", expl);
+ while(p < str + sz) {
+ if(net_read(s, p, 1) != 1)
+ syslog_and_die("read: %m");
+ if(*p == '\0')
+ return str;
+ p++;
+ }
+ fatal(s, NULL, "%s too long", expl);
+}
+
+static int
+recv_bsd_auth (int s, u_char *buf,
+ struct sockaddr_in *thisaddr,
+ struct sockaddr_in *thataddr,
+ char **client_username,
+ char **server_username,
+ char **cmd)
+{
+ struct passwd *pwd;
+
+ *client_username = read_str (s, USERNAME_SZ, "local username");
+ *server_username = read_str (s, USERNAME_SZ, "remote username");
+ *cmd = read_str (s, ARG_MAX + 1, "command");
+ pwd = getpwnam(*server_username);
+ if (pwd == NULL)
+ fatal(s, NULL, "Login incorrect.");
+ if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
+ *client_username, *server_username))
+ fatal(s, NULL, "Login incorrect.");
+ return 0;
+}
+
+#ifdef KRB4
+static int
+recv_krb4_auth (int s, u_char *buf,
+ struct sockaddr *thisaddr,
+ struct sockaddr *thataddr,
+ char **client_username,
+ char **server_username,
+ char **cmd)
+{
+ int status;
+ int32_t options;
+ KTEXT_ST ticket;
+ AUTH_DAT auth;
+ char instance[INST_SZ + 1];
+ char version[KRB_SENDAUTH_VLEN + 1];
+
+ if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
+ return -1;
+ if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
+ KRB_SENDAUTH_VLEN - 4)
+ syslog_and_die ("reading auth info: %m");
+ if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
+ syslog_and_die("unrecognized auth protocol: %.8s", buf);
+
+ options = KOPT_IGNORE_PROTOCOL;
+ if (do_encrypt)
+ options |= KOPT_DO_MUTUAL;
+ k_getsockinst (s, instance, sizeof(instance));
+ status = krb_recvauth (options,
+ s,
+ &ticket,
+ "rcmd",
+ instance,
+ (struct sockaddr_in *)thataddr,
+ (struct sockaddr_in *)thisaddr,
+ &auth,
+ "",
+ schedule,
+ version);
+ if (status != KSUCCESS)
+ syslog_and_die ("recvauth: %s", krb_get_err_text(status));
+ if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
+ syslog_and_die ("bad version: %s", version);
+
+ *server_username = read_str (s, USERNAME_SZ, "remote username");
+ if (kuserok (&auth, *server_username) != 0)
+ fatal (s, NULL, "Permission denied.");
+ *cmd = read_str (s, ARG_MAX + 1, "command");
+
+ syslog(LOG_INFO|LOG_AUTH,
+ "kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
+ krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
+
+ inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
+ *server_username,
+ *cmd);
+
+ memcpy (iv, auth.session, sizeof(iv));
+
+ return 0;
+}
+
+#endif /* KRB4 */
+
+#ifdef KRB5
+static int
+save_krb5_creds (int s,
+ krb5_auth_context auth_context,
+ krb5_principal client)
+
+{
+ int ret;
+ krb5_data remote_cred;
+
+ krb5_data_zero (&remote_cred);
+ ret= krb5_read_message (context, (void *)&s, &remote_cred);
+ if (ret) {
+ krb5_data_free(&remote_cred);
+ return 0;
+ }
+ if (remote_cred.length == 0)
+ return 0;
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
+ if (ret) {
+ krb5_data_free(&remote_cred);
+ return 0;
+ }
+
+ krb5_cc_initialize(context,ccache,client);
+ ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
+ if(ret != 0)
+ syslog(LOG_INFO|LOG_AUTH,
+ "reading creds: %s", krb5_get_err_text(context, ret));
+ krb5_data_free (&remote_cred);
+ if (ret)
+ return 0;
+ return 1;
+}
+
+static void
+krb5_start_session (void)
+{
+ krb5_error_code ret;
+ char *estr;
+
+ ret = krb5_cc_resolve (context, tkfile, &ccache2);
+ if (ret) {
+ estr = krb5_get_error_string(context);
+ syslog(LOG_WARNING, "resolve cred cache %s: %s",
+ tkfile,
+ estr ? estr : krb5_get_err_text(context, ret));
+ free(estr);
+ krb5_cc_destroy(context, ccache);
+ return;
+ }
+
+ ret = krb5_cc_copy_cache (context, ccache, ccache2);
+ if (ret) {
+ estr = krb5_get_error_string(context);
+ syslog(LOG_WARNING, "storing credentials: %s",
+ estr ? estr : krb5_get_err_text(context, ret));
+ free(estr);
+ krb5_cc_destroy(context, ccache);
+ return ;
+ }
+
+ krb5_cc_close(context, ccache2);
+ krb5_cc_destroy(context, ccache);
+ return;
+}
+
+static int protocol_version;
+
+static krb5_boolean
+match_kcmd_version(const void *data, const char *version)
+{
+ if(strcmp(version, KCMD_NEW_VERSION) == 0) {
+ protocol_version = 2;
+ return TRUE;
+ }
+ if(strcmp(version, KCMD_OLD_VERSION) == 0) {
+ protocol_version = 1;
+ key_usage = KRB5_KU_OTHER_ENCRYPTED;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+
+static int
+recv_krb5_auth (int s, u_char *buf,
+ struct sockaddr *thisaddr,
+ struct sockaddr *thataddr,
+ char **client_username,
+ char **server_username,
+ char **cmd)
+{
+ uint32_t len;
+ krb5_auth_context auth_context = NULL;
+ krb5_ticket *ticket;
+ krb5_error_code status;
+ krb5_data cksum_data;
+ krb5_principal server;
+ char *str;
+
+ if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
+ return -1;
+ len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
+
+ if (net_read(s, buf, len) != len)
+ syslog_and_die ("reading auth info: %m");
+ if (len != sizeof(KRB5_SENDAUTH_VERSION)
+ || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
+ syslog_and_die ("bad sendauth version: %.8s", buf);
+
+ status = krb5_sock_to_principal (context,
+ s,
+ "host",
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status)
+ syslog_and_die ("krb5_sock_to_principal: %s",
+ krb5_get_err_text(context, status));
+
+ status = krb5_recvauth_match_version(context,
+ &auth_context,
+ &s,
+ match_kcmd_version,
+ NULL,
+ server,
+ KRB5_RECVAUTH_IGNORE_VERSION,
+ NULL,
+ &ticket);
+ krb5_free_principal (context, server);
+ if (status)
+ syslog_and_die ("krb5_recvauth: %s",
+ krb5_get_err_text(context, status));
+
+ *server_username = read_str (s, USERNAME_SZ, "remote username");
+ *cmd = read_str (s, ARG_MAX + 1, "command");
+ *client_username = read_str (s, ARG_MAX + 1, "local username");
+
+ if(protocol_version == 2) {
+ status = krb5_auth_con_getremotesubkey(context, auth_context,
+ &keyblock);
+ if(status != 0 || keyblock == NULL)
+ syslog_and_die("failed to get remote subkey");
+ } else if(protocol_version == 1) {
+ status = krb5_auth_con_getkey (context, auth_context, &keyblock);
+ if(status != 0 || keyblock == NULL)
+ syslog_and_die("failed to get key");
+ }
+ if (status != 0 || keyblock == NULL)
+ syslog_and_die ("krb5_auth_con_getkey: %s",
+ krb5_get_err_text(context, status));
+
+ status = krb5_crypto_init(context, keyblock, 0, &crypto);
+ if(status)
+ syslog_and_die("krb5_crypto_init: %s",
+ krb5_get_err_text(context, status));
+
+
+ cksum_data.length = asprintf (&str,
+ "%u:%s%s",
+ ntohs(socket_get_port (thisaddr)),
+ *cmd,
+ *server_username);
+ if (str == NULL)
+ syslog_and_die ("asprintf: out of memory");
+ cksum_data.data = str;
+
+ status = krb5_verify_authenticator_checksum(context,
+ auth_context,
+ cksum_data.data,
+ cksum_data.length);
+
+ if (status)
+ syslog_and_die ("krb5_verify_authenticator_checksum: %s",
+ krb5_get_err_text(context, status));
+
+ free (cksum_data.data);
+
+ if (strncmp (*client_username, "-u ", 3) == 0) {
+ do_unique_tkfile = 1;
+ memmove (*client_username, *client_username + 3,
+ strlen(*client_username) - 2);
+ }
+
+ if (strncmp (*client_username, "-U ", 3) == 0) {
+ char *end, *temp_tkfile;
+
+ do_unique_tkfile = 1;
+ if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
+ temp_tkfile = tkfile;
+ } else {
+ strlcpy (tkfile, "FILE:", sizeof(tkfile));
+ temp_tkfile = tkfile + 5;
+ }
+ end = strchr(*client_username + 3,' ');
+ if (end == NULL)
+ syslog_and_die("missing argument after -U");
+ snprintf(temp_tkfile, sizeof(tkfile) - (temp_tkfile - tkfile),
+ "%.*s",
+ (int)(end - *client_username - 3),
+ *client_username + 3);
+ memmove (*client_username, end + 1, strlen(end+1)+1);
+ }
+
+ kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
+
+ if(!krb5_kuserok (context,
+ ticket->client,
+ *server_username))
+ fatal (s, NULL, "Permission denied.");
+
+ if (strncmp (*cmd, "-x ", 3) == 0) {
+ do_encrypt = 1;
+ memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
+ } else {
+ if(do_encrypt)
+ fatal (s, NULL, "Encryption is required.");
+ do_encrypt = 0;
+ }
+
+ {
+ char *name;
+
+ if (krb5_unparse_name (context, ticket->client, &name) == 0) {
+ char addr_str[256];
+
+ if (inet_ntop (thataddr->sa_family,
+ socket_get_address (thataddr),
+ addr_str, sizeof(addr_str)) == NULL)
+ strlcpy (addr_str, "unknown address",
+ sizeof(addr_str));
+
+ syslog(LOG_INFO|LOG_AUTH,
+ "kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
+ name,
+ addr_str,
+ *server_username,
+ *cmd);
+ free (name);
+ }
+ }
+
+ return 0;
+}
+#endif /* KRB5 */
+
+static void
+rshd_loop (int from0, int to0,
+ int to1, int from1,
+ int to2, int from2,
+ int have_errsock)
+{
+ fd_set real_readset;
+ int max_fd;
+ int count = 2;
+ char *buf;
+
+ if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
+ errx (1, "fd too large");
+
+#ifdef KRB5
+ if(auth_method == AUTH_KRB5 && protocol_version == 2)
+ init_ivecs(0, have_errsock);
+#endif
+
+ FD_ZERO(&real_readset);
+ FD_SET(from0, &real_readset);
+ FD_SET(from1, &real_readset);
+ FD_SET(from2, &real_readset);
+ max_fd = max(from0, max(from1, from2)) + 1;
+
+ buf = malloc(max(RSHD_BUFSIZ, RSH_BUFSIZ));
+ if (buf == NULL)
+ syslog_and_die("out of memory");
+
+ for (;;) {
+ int ret;
+ fd_set readset = real_readset;
+
+ ret = select (max_fd, &readset, NULL, NULL, NULL);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ syslog_and_die ("select: %m");
+ }
+ if (FD_ISSET(from0, &readset)) {
+ ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]);
+ if (ret < 0)
+ syslog_and_die ("read: %m");
+ else if (ret == 0) {
+ close (from0);
+ close (to0);
+ FD_CLR(from0, &real_readset);
+ } else
+ net_write (to0, buf, ret);
+ }
+ if (FD_ISSET(from1, &readset)) {
+ ret = read (from1, buf, RSH_BUFSIZ);
+ if (ret < 0)
+ syslog_and_die ("read: %m");
+ else if (ret == 0) {
+ close (from1);
+ close (to1);
+ FD_CLR(from1, &real_readset);
+ if (--count == 0)
+ exit (0);
+ } else
+ do_write (to1, buf, ret, ivec_out[0]);
+ }
+ if (FD_ISSET(from2, &readset)) {
+ ret = read (from2, buf, RSH_BUFSIZ);
+ if (ret < 0)
+ syslog_and_die ("read: %m");
+ else if (ret == 0) {
+ close (from2);
+ close (to2);
+ FD_CLR(from2, &real_readset);
+ if (--count == 0)
+ exit (0);
+ } else
+ do_write (to2, buf, ret, ivec_out[1]);
+ }
+ }
+}
+
+/*
+ * Used by `setup_copier' to create some pipe-like means of
+ * communcation. Real pipes would probably be the best thing, but
+ * then the shell doesn't understand it's talking to rshd. If
+ * socketpair doesn't work everywhere, some autoconf magic would have
+ * to be added here.
+ *
+ * If it fails creating the `pipe', it aborts by calling fatal.
+ */
+
+static void
+pipe_a_like (int fd[2])
+{
+ if (socketpair (AF_UNIX, SOCK_STREAM, 0, fd) < 0)
+ fatal (STDOUT_FILENO, "socketpair", "Pipe creation failed.");
+}
+
+/*
+ * Start a child process and leave the parent copying data to and from it. */
+
+static void
+setup_copier (int have_errsock)
+{
+ int p0[2], p1[2], p2[2];
+ pid_t pid;
+
+ pipe_a_like(p0);
+ pipe_a_like(p1);
+ pipe_a_like(p2);
+ pid = fork ();
+ if (pid < 0)
+ fatal (STDOUT_FILENO, "fork", "Could not create child process.");
+ if (pid == 0) { /* child */
+ close (p0[1]);
+ close (p1[0]);
+ close (p2[0]);
+ dup2 (p0[0], STDIN_FILENO);
+ dup2 (p1[1], STDOUT_FILENO);
+ dup2 (p2[1], STDERR_FILENO);
+ close (p0[0]);
+ close (p1[1]);
+ close (p2[1]);
+ } else { /* parent */
+ close (p0[0]);
+ close (p1[1]);
+ close (p2[1]);
+
+ if (net_write (STDOUT_FILENO, "", 1) != 1)
+ fatal (STDOUT_FILENO, "net_write", "Write failure.");
+
+ rshd_loop (STDIN_FILENO, p0[1],
+ STDOUT_FILENO, p1[0],
+ STDERR_FILENO, p2[0],
+ have_errsock);
+ }
+}
+
+/*
+ * Is `port' a ``reserverd'' port?
+ */
+
+static int
+is_reserved(u_short port)
+{
+ return ntohs(port) < IPPORT_RESERVED;
+}
+
+/*
+ * Set the necessary part of the environment in `env'.
+ */
+
+static void
+setup_environment (char ***env, const struct passwd *pwd)
+{
+ int i, j, path;
+ char **e;
+
+ i = 0;
+ path = 0;
+ *env = NULL;
+
+ i = read_environment(_PATH_ETC_ENVIRONMENT, env);
+ e = *env;
+ for (j = 0; j < i; j++) {
+ if (!strncmp(e[j], "PATH=", 5)) {
+ path = 1;
+ }
+ }
+
+ e = *env;
+ e = realloc(e, (i + 7) * sizeof(char *));
+
+ if (asprintf (&e[i++], "USER=%s", pwd->pw_name) == -1)
+ syslog_and_die ("asprintf: out of memory");
+ if (asprintf (&e[i++], "HOME=%s", pwd->pw_dir) == -1)
+ syslog_and_die ("asprintf: out of memory");
+ if (asprintf (&e[i++], "SHELL=%s", pwd->pw_shell) == -1)
+ syslog_and_die ("asprintf: out of memory");
+ if (! path) {
+ if (asprintf (&e[i++], "PATH=%s", _PATH_DEFPATH) == -1)
+ syslog_and_die ("asprintf: out of memory");
+ }
+ asprintf (&e[i++], "SSH_CLIENT=only_to_make_bash_happy");
+ if (do_unique_tkfile)
+ if (asprintf (&e[i++], "KRB5CCNAME=%s", tkfile) == -1)
+ syslog_and_die ("asprintf: out of memory");
+ e[i++] = NULL;
+ *env = e;
+}
+
+static void
+doit (void)
+{
+ u_char buf[BUFSIZ];
+ u_char *p;
+ struct sockaddr_storage thisaddr_ss;
+ struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
+ struct sockaddr_storage thataddr_ss;
+ struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss;
+ struct sockaddr_storage erraddr_ss;
+ struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss;
+ socklen_t thisaddr_len, thataddr_len;
+ int port;
+ int errsock = -1;
+ char *client_user = NULL, *server_user = NULL, *cmd = NULL;
+ struct passwd *pwd;
+ int s = STDIN_FILENO;
+ char **env;
+ int ret;
+ char that_host[NI_MAXHOST];
+
+ thisaddr_len = sizeof(thisaddr_ss);
+ if (getsockname (s, thisaddr, &thisaddr_len) < 0)
+ syslog_and_die("getsockname: %m");
+ thataddr_len = sizeof(thataddr_ss);
+ if (getpeername (s, thataddr, &thataddr_len) < 0)
+ syslog_and_die ("getpeername: %m");
+
+ /* check for V4MAPPED addresses? */
+
+ if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
+ fatal(s, NULL, "Permission denied.");
+
+ p = buf;
+ port = 0;
+ for(;;) {
+ if (net_read (s, p, 1) != 1)
+ syslog_and_die ("reading port number: %m");
+ if (*p == '\0')
+ break;
+ else if (isdigit(*p))
+ port = port * 10 + *p - '0';
+ else
+ syslog_and_die ("non-digit in port number: %c", *p);
+ }
+
+ if (do_kerberos == 0 && !is_reserved(htons(port)))
+ fatal(s, NULL, "Permission denied.");
+
+ if (port) {
+ int priv_port = IPPORT_RESERVED - 1;
+
+ /*
+ * There's no reason to require a ``privileged'' port number
+ * here, but for some reason the brain dead rsh clients
+ * do... :-(
+ */
+
+ erraddr->sa_family = thataddr->sa_family;
+ socket_set_address_and_port (erraddr,
+ socket_get_address (thataddr),
+ htons(port));
+
+ /*
+ * we only do reserved port for IPv4
+ */
+
+ if (erraddr->sa_family == AF_INET)
+ errsock = rresvport (&priv_port);
+ else
+ errsock = socket (erraddr->sa_family, SOCK_STREAM, 0);
+ if (errsock < 0)
+ syslog_and_die ("socket: %m");
+ if (connect (errsock,
+ erraddr,
+ socket_sockaddr_size (erraddr)) < 0) {
+ syslog (LOG_WARNING, "connect: %m");
+ close (errsock);
+ }
+ }
+
+ if(do_kerberos) {
+ if (net_read (s, buf, 4) != 4)
+ syslog_and_die ("reading auth info: %m");
+
+#ifdef KRB4
+ if ((do_kerberos & DO_KRB4) &&
+ recv_krb4_auth (s, buf, thisaddr, thataddr,
+ &client_user,
+ &server_user,
+ &cmd) == 0)
+ auth_method = AUTH_KRB4;
+ else
+#endif /* KRB4 */
+#ifdef KRB5
+ if((do_kerberos & DO_KRB5) &&
+ recv_krb5_auth (s, buf, thisaddr, thataddr,
+ &client_user,
+ &server_user,
+ &cmd) == 0)
+ auth_method = AUTH_KRB5;
+ else
+#endif /* KRB5 */
+ syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
+ buf[0], buf[1], buf[2], buf[3]);
+ } else {
+ if(recv_bsd_auth (s, buf,
+ (struct sockaddr_in *)thisaddr,
+ (struct sockaddr_in *)thataddr,
+ &client_user,
+ &server_user,
+ &cmd) == 0) {
+ auth_method = AUTH_BROKEN;
+ if(do_vacuous) {
+ printf("Remote host requires Kerberos authentication\n");
+ exit(0);
+ }
+ } else
+ syslog_and_die("recv_bsd_auth failed");
+ }
+
+ if (client_user == NULL || server_user == NULL || cmd == NULL)
+ syslog_and_die("mising client/server/cmd");
+
+ pwd = getpwnam (server_user);
+ if (pwd == NULL)
+ fatal (s, NULL, "Login incorrect.");
+
+ if (*pwd->pw_shell == '\0')
+ pwd->pw_shell = _PATH_BSHELL;
+
+ if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0)
+ fatal (s, NULL, "Login disabled.");
+
+
+ ret = getnameinfo_verified (thataddr, thataddr_len,
+ that_host, sizeof(that_host),
+ NULL, 0, 0);
+ if (ret)
+ fatal (s, NULL, "getnameinfo: %s", gai_strerror(ret));
+
+ if (login_access(pwd, that_host) == 0) {
+ syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s",
+ server_user, that_host);
+ fatal(s, NULL, "Permission denied.");
+ }
+
+#ifdef HAVE_GETSPNAM
+ {
+ struct spwd *sp;
+ long today;
+
+ sp = getspnam(server_user);
+ if (sp != NULL) {
+ today = time(0)/(24L * 60 * 60);
+ if (sp->sp_expire > 0)
+ if (today > sp->sp_expire)
+ fatal(s, NULL, "Account has expired.");
+ }
+ }
+#endif
+
+
+#ifdef HAVE_SETLOGIN
+ if (setlogin(pwd->pw_name) < 0)
+ syslog(LOG_ERR, "setlogin() failed: %m");
+#endif
+
+#ifdef HAVE_SETPCRED
+ if (setpcred (pwd->pw_name, NULL) == -1)
+ syslog(LOG_ERR, "setpcred() failure: %m");
+#endif /* HAVE_SETPCRED */
+
+ /* Apply limits if not root */
+ if(pwd->pw_uid != 0) {
+ const char *file = _PATH_LIMITS_CONF;
+ read_limits_conf(file, pwd);
+ }
+
+ if (initgroups (pwd->pw_name, pwd->pw_gid) < 0)
+ fatal (s, "initgroups", "Login incorrect.");
+
+ if (setgid(pwd->pw_gid) < 0)
+ fatal (s, "setgid", "Login incorrect.");
+
+ if (setuid (pwd->pw_uid) < 0)
+ fatal (s, "setuid", "Login incorrect.");
+
+ if (chdir (pwd->pw_dir) < 0)
+ fatal (s, "chdir", "Remote directory.");
+
+ if (errsock >= 0) {
+ if (dup2 (errsock, STDERR_FILENO) < 0)
+ fatal (s, "dup2", "Cannot dup stderr.");
+ close (errsock);
+ } else {
+ if (dup2 (STDOUT_FILENO, STDERR_FILENO) < 0)
+ fatal (s, "dup2", "Cannot dup stderr.");
+ }
+
+#ifdef KRB5
+ {
+ int fd;
+
+ if (!do_unique_tkfile)
+ snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu",
+ (unsigned long)pwd->pw_uid);
+ else if (*tkfile=='\0') {
+ snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_XXXXXX");
+ fd = mkstemp(tkfile+5);
+ close(fd);
+ unlink(tkfile+5);
+ }
+
+ if (kerberos_status)
+ krb5_start_session();
+ }
+#endif
+
+ setup_environment (&env, pwd);
+
+ if (do_encrypt) {
+ setup_copier (errsock >= 0);
+ } else {
+ if (net_write (s, "", 1) != 1)
+ fatal (s, "net_write", "write failed");
+ }
+
+#if defined(KRB4) || defined(KRB5)
+ if(k_hasafs()) {
+ char cell[64];
+
+ if(do_newpag)
+ k_setpag();
+#ifdef KRB4
+ if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
+ krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
+ krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
+#endif
+
+#ifdef KRB5
+ /* XXX */
+ if (kerberos_status) {
+ krb5_ccache ccache;
+ krb5_error_code status;
+
+ status = krb5_cc_resolve (context, tkfile, &ccache);
+ if (!status) {
+ if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
+ krb5_afslog_uid_home(context, ccache, cell, NULL,
+ pwd->pw_uid, pwd->pw_dir);
+ krb5_afslog_uid_home(context, ccache, NULL, NULL,
+ pwd->pw_uid, pwd->pw_dir);
+ krb5_cc_close (context, ccache);
+ }
+ }
+#endif /* KRB5 */
+ }
+#endif /* KRB5 || KRB4 */
+ execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
+ err(1, "exec %s", pwd->pw_shell);
+}
+
+struct getargs args[] = {
+ { NULL, 'a', arg_flag, &do_addr_verify },
+ { "keepalive", 'n', arg_negative_flag, &do_keepalive },
+ { "inetd", 'i', arg_negative_flag, &do_inetd,
+ "Not started from inetd" },
+#if defined(KRB4) || defined(KRB5)
+ { "kerberos", 'k', arg_flag, &do_kerberos,
+ "Implement kerberised services" },
+ { "encrypt", 'x', arg_flag, &do_encrypt,
+ "Implement encrypted service" },
+#endif
+ { "rhosts", 'l', arg_negative_flag, &do_rhosts,
+ "Don't check users .rhosts" },
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "port" },
+ { "vacuous", 'v', arg_flag, &do_vacuous,
+ "Don't accept non-kerberised connections" },
+#if defined(KRB4) || defined(KRB5)
+ { NULL, 'P', arg_negative_flag, &do_newpag,
+ "Don't put process in new PAG" },
+#endif
+ /* compatibility flag: */
+ { NULL, 'L', arg_flag, &do_log },
+ { "version", 0, arg_flag, &do_version },
+ { "help", 0, arg_flag, &do_help }
+};
+
+static void
+usage (int ret)
+{
+ if(isatty(STDIN_FILENO))
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "");
+ else
+ syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname());
+ exit (ret);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ int optind = 0;
+ int on = 1;
+
+ setprogname (argv[0]);
+ roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
+
+ if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage(1);
+
+ if(do_help)
+ usage (0);
+
+ if (do_version) {
+ print_version(NULL);
+ exit(0);
+ }
+
+#if defined(KRB4) || defined(KRB5)
+ if (do_encrypt)
+ do_kerberos = 1;
+
+ if(do_kerberos)
+ do_kerberos = DO_KRB4 | DO_KRB5;
+#endif
+
+#ifdef KRB5
+ if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
+ do_kerberos &= ~DO_KRB5;
+#endif
+
+ if (!do_inetd) {
+ int error;
+ struct addrinfo *ai = NULL, hints;
+ char portstr[NI_MAXSERV];
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_family = PF_UNSPEC;
+
+ if(port_str != NULL) {
+ error = getaddrinfo (NULL, port_str, &hints, &ai);
+ if (error)
+ errx (1, "getaddrinfo: %s", gai_strerror (error));
+ }
+ if (ai == NULL) {
+#if defined(KRB4) || defined(KRB5)
+ if (do_kerberos) {
+ if (do_encrypt) {
+ error = getaddrinfo(NULL, "ekshell", &hints, &ai);
+ if(error == EAI_NONAME) {
+ snprintf(portstr, sizeof(portstr), "%d", 545);
+ error = getaddrinfo(NULL, portstr, &hints, &ai);
+ }
+ if(error)
+ errx (1, "getaddrinfo: %s", gai_strerror (error));
+ } else {
+ error = getaddrinfo(NULL, "kshell", &hints, &ai);
+ if(error == EAI_NONAME) {
+ snprintf(portstr, sizeof(portstr), "%d", 544);
+ error = getaddrinfo(NULL, portstr, &hints, &ai);
+ }
+ if(error)
+ errx (1, "getaddrinfo: %s", gai_strerror (error));
+ }
+ } else
+#endif
+ {
+ error = getaddrinfo(NULL, "shell", &hints, &ai);
+ if(error == EAI_NONAME) {
+ snprintf(portstr, sizeof(portstr), "%d", 514);
+ error = getaddrinfo(NULL, portstr, &hints, &ai);
+ }
+ if(error)
+ errx (1, "getaddrinfo: %s", gai_strerror (error));
+ }
+ }
+ mini_inetd_addrinfo (ai);
+ freeaddrinfo(ai);
+ }
+
+ if (do_keepalive &&
+ setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+ sizeof(on)) < 0)
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+
+ /* set SO_LINGER? */
+
+ signal (SIGPIPE, SIG_IGN);
+
+ doit ();
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/su/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/su/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/su/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,123 @@
+2007-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c: read environment from _PATH_ETC_ENVIRONMENT
+
+ * supaths.c: paths
+
+2007-08-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c: Check all local realms when su-ing, from Magnus Holmberg.
+
+2007-06-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c: If not root and not setuid, print warning.
+
+2006-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c (group_member_p): rename from group_member to avoid name
+ pollution from glibc headers. Fixed based on report from David Love.
+
+2006-01-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * su.c: fix reversed logic when deciding to print tty or not
+
+2005-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c: Check return value from asprintf instead of string != NULL
+ since it undefined behavior on Linux. From Bj\xF6rn Sandell
+
+2005-05-10 Dave Love <fx at gnu.org>
+
+ * su.c: Include <crypt.h>.
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+2003-05-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * su.c: remove accidentally committed code that prints the command
+ being executed
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4
+ any more
+
+2002-02-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * su.c: make this build without krb5
+
+2002-01-09 Jacques Vidrine <n at nectar.cc>
+
+ * su.c: Don't use getlogin() to determine whether we are root.
+ Patch by joda.
+
+2001-06-12 Assar Westerlund <assar at sics.se>
+
+ * su.c: check memory allocations. add some const
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * su.c (krb5_verify): handle krb5_init_context failure
+ consistently
+
+2000-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * su.c: set KRBTKFILE
+
+2000-07-10 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: actually install su
+ * su.c (krb5_verify): try harder freeing. do not get upset on
+ interrupted password read
+
+2000-06-09 Assar Westerlund <assar at sics.se>
+
+ * su.c (main): work-around for setuid and capabilities bug fixed
+ in Linux 2.2.16
+
+2000-06-03 Assar Westerlund <assar at sics.se>
+
+ * su.c (main): just ignore shadow information if getspnam returns
+ NULL
+
+1999-10-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: use LIB_roken
+
+1999-09-28 Assar Westerlund <assar at sics.se>
+
+ * su.c (krb5_verify): use krb5_verify_user_lrealm
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * su.c: add support for shadow passwords and rewrite some logic.
+ From Miroslav Ruda <ruda at ics.muni.cz>
+
+ * Makefile.am: add libkafs
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * su.c (main): conditionalize `getlogin'
+
+1999-05-11 Assar Westerlund <assar at sics.se>
+
+ * su.c (verfiy_krb5): get the name out of the ccache before
+ closing it
+
+1999-05-05 Assar Westerlund <assar at sics.se>
+
+ * su.c: some more error checking
+
+Wed Apr 21 21:04:36 1999 Assar Westerlund <assar at sics.se>
+
+ * su.c (-f): implement
+
+ * su.c: implement -i
+ (verify_krb5): correct the ownership on the credential cache
+
+Tue Apr 20 13:26:13 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * su.c: don't depend on paths.h
+
Added: vendor-crypto/heimdal/dist/appl/su/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/su/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/su/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,20 @@
+# $Id: Makefile.am,v 1.1.1.4 2012-07-21 15:09:09 laffer1 Exp $
+# $FreeBSD$
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+
+bin_PROGRAMS = su
+bin_SUIDS = su
+su_SOURCES = su.c supaths.h
+man_MANS = su.1
+
+LDADD = $(LIB_kafs) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/su/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/su/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/su/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,841 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+bin_PROGRAMS = su$(EXEEXT)
+subdir = appl/su
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_su_OBJECTS = su.$(OBJEXT)
+su_OBJECTS = $(am_su_OBJECTS)
+su_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
+ $(am__DEPENDENCIES_1)
+su_DEPENDENCIES = $(am__DEPENDENCIES_2) \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(su_SOURCES)
+DIST_SOURCES = $(su_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+bin_SUIDS = su
+su_SOURCES = su.c supaths.h
+man_MANS = su.1
+LDADD = $(LIB_kafs) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/su/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/su/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+su$(EXEEXT): $(su_OBJECTS) $(su_DEPENDENCIES)
+ @rm -f su$(EXEEXT)
+ $(LINK) $(su_OBJECTS) $(su_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-hook \
+ uninstall-man uninstall-man1
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/su/su.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/su/su.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/su/su.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,123 @@
+.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: su.1,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+.\"
+.Dd January 12, 2006
+.Dt SU 1
+.Os HEIMDAL
+.Sh NAME
+.Nm su
+.Nd substitute user identity
+.Sh SYNOPSIS
+.Nm su
+.Op Fl K | Fl -no-kerberos
+.Op Fl f
+.Op Fl l | Fl -full
+.Op Fl m
+.Oo Fl i Ar instance \*(Ba Xo
+.Fl -instance= Ns Ar instance
+.Xc
+.Oc
+.Oo Fl c Ar command \*(Ba Xo
+.Fl -command= Ns Ar command
+.Xc
+.Oc
+.Op Ar login Op Ar "shell arguments"
+.Sh DESCRIPTION
+.Nm su
+will use Kerberos authentication provided that an instance for the
+user wanting to change effective UID is present in a file named
+.Pa .k5login
+in the target user id's home directory
+.Pp
+A special case exists where
+.Ql root Ap s
+.Pa ~/.k5login
+needs to contain an entry for:
+.Ql user Ns / Ns Ao instance Ac Ns @ Ns REALM
+for
+.Nm su
+to succed (where
+.Aq instance
+is
+.Ql root
+unless changed with
+.Fl i ) .
+.Pp
+In the absence of either an entry for current user in said file or
+other problems like missing
+.Ql host/hostname at REALM
+keys in the system's
+keytab, or user typing the wrong password,
+.Nm su
+will fall back to traditional
+.Pa /etc/passwd
+authentication.
+.Pp
+When using
+.Pa /etc/passwd
+authentication,
+.Nm su
+allows
+.Ql root
+access only to members of the group
+.Ql wheel ,
+or to any user (with knowledge of the
+.Ql root
+password) if that group
+does not exist, or has no members.
+.Pp
+The options are as follows:
+.Bl -item -width Ds
+.It
+.Fl K ,
+.Fl -no-kerberos
+don't use Kerberos.
+.It
+.Fl f
+don't read .cshrc.
+.It
+.Fl l ,
+.Fl -full
+simulate full login.
+.It
+.Fl m
+leave environment unmodified.
+.It
+.Fl i Ar instance ,
+.Fl -instance= Ns Ar instance
+root instance to use.
+.It
+.Fl c Ar command ,
+.Fl -command= Ns Ar command
+command to execute.
+.El
Added: vendor-crypto/heimdal/dist/appl/su/su.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/su/su.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/su/su.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,626 @@
+/*
+ * Copyright (c) 1999 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+/*
+ * $FreeBSD$
+ */
+
+#include <config.h>
+
+RCSID("$Id: su.c,v 1.1.1.4 2012-07-21 15:09:09 laffer1 Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <syslog.h>
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+#include <pwd.h>
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
+#include "crypto-headers.h"
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#endif
+#include <kafs.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+#include "supaths.h"
+
+int kerberos_flag = 1;
+int csh_f_flag;
+int full_login;
+int env_flag;
+char *kerberos_instance = "root";
+int help_flag;
+int version_flag;
+char *cmd;
+char tkfile[256];
+
+struct getargs args[] = {
+ { "kerberos", 'K', arg_negative_flag, &kerberos_flag,
+ "don't use kerberos" },
+ { NULL, 'f', arg_flag, &csh_f_flag,
+ "don't read .cshrc" },
+ { "full", 'l', arg_flag, &full_login,
+ "simulate full login" },
+ { NULL, 'm', arg_flag, &env_flag,
+ "leave environment unmodified" },
+ { "instance", 'i', arg_string, &kerberos_instance,
+ "root instance to use" },
+ { "command", 'c', arg_string, &cmd,
+ "command to execute" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag },
+};
+
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[login [shell arguments]]");
+ exit (ret);
+}
+
+static void
+free_info(struct passwd *p)
+{
+ free (p->pw_name);
+ free (p->pw_passwd);
+ free (p->pw_dir);
+ free (p->pw_shell);
+ free (p);
+}
+
+static struct passwd*
+dup_info(const struct passwd *pwd)
+{
+ struct passwd *info;
+
+ info = malloc(sizeof(*info));
+ if(info == NULL)
+ return NULL;
+ info->pw_name = strdup(pwd->pw_name);
+ info->pw_passwd = strdup(pwd->pw_passwd);
+ info->pw_uid = pwd->pw_uid;
+ info->pw_gid = pwd->pw_gid;
+ info->pw_dir = strdup(pwd->pw_dir);
+ info->pw_shell = strdup(pwd->pw_shell);
+ if(info->pw_name == NULL || info->pw_passwd == NULL ||
+ info->pw_dir == NULL || info->pw_shell == NULL) {
+ free_info (info);
+ return NULL;
+ }
+ return info;
+}
+
+#if defined(KRB4) || defined(KRB5)
+static void
+set_tkfile()
+{
+#ifndef TKT_ROOT
+#define TKT_ROOT "/tmp/tkt"
+#endif
+ int fd;
+ if(*tkfile != '\0')
+ return;
+ snprintf(tkfile, sizeof(tkfile), "%s_XXXXXX", TKT_ROOT);
+ fd = mkstemp(tkfile);
+ if(fd >= 0)
+ close(fd);
+#ifdef KRB4
+ krb_set_tkt_string(tkfile);
+#endif
+}
+#endif
+
+#ifdef KRB5
+static krb5_context context;
+static krb5_ccache ccache;
+
+static int
+krb5_verify(const struct passwd *login_info,
+ const struct passwd *su_info,
+ const char *kerberos_instance)
+{
+ krb5_error_code ret;
+ krb5_principal p;
+ krb5_realm *realms, *r;
+ char *login_name = NULL;
+ int user_ok = 0;
+
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+ login_name = getlogin();
+#endif
+ ret = krb5_init_context (&context);
+ if (ret) {
+#if 0
+ warnx("krb5_init_context failed: %d", ret);
+#endif
+ return 1;
+ }
+
+ ret = krb5_get_default_realms(context, &realms);
+ if (ret)
+ return 1;
+
+ /* Check all local realms */
+ for (r = realms; *r != NULL && !user_ok; r++) {
+
+ if (login_name == NULL || strcmp (login_name, "root") == 0)
+ login_name = login_info->pw_name;
+ if (strcmp (su_info->pw_name, "root") == 0)
+ ret = krb5_make_principal(context, &p, *r,
+ login_name,
+ kerberos_instance,
+ NULL);
+ else
+ ret = krb5_make_principal(context, &p, *r,
+ su_info->pw_name,
+ NULL);
+ if (ret) {
+ krb5_free_host_realm(context, realms);
+ return 1;
+ }
+
+ /* if we are su-ing too root, check with krb5_kuserok */
+ if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
+ continue;
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
+ if(ret) {
+ krb5_free_host_realm(context, realms);
+ krb5_free_principal (context, p);
+ return 1;
+ }
+ ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
+ krb5_free_principal (context, p);
+ switch (ret) {
+ case 0:
+ user_ok = 1;
+ break;
+ case KRB5_LIBOS_PWDINTR :
+ krb5_cc_destroy(context, ccache);
+ break;
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ case KRB5KRB_AP_ERR_MODIFIED:
+ krb5_cc_destroy(context, ccache);
+ krb5_warnx(context, "Password incorrect");
+ break;
+ default :
+ krb5_cc_destroy(context, ccache);
+ krb5_warn(context, ret, "krb5_verify_user");
+ break;
+ }
+ }
+ krb5_free_host_realm(context, realms);
+ if (!user_ok)
+ return 1;
+ return 0;
+}
+
+static int
+krb5_start_session(void)
+{
+ krb5_ccache ccache2;
+ char *cc_name;
+ int ret;
+
+ ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2);
+ if (ret) {
+ krb5_cc_destroy(context, ccache);
+ return 1;
+ }
+
+ ret = krb5_cc_copy_cache(context, ccache, ccache2);
+
+ ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
+ krb5_cc_get_name(context, ccache2));
+ if (ret == -1)
+ errx(1, "malloc - out of memory");
+ esetenv("KRB5CCNAME", cc_name, 1);
+
+ /* we want to export this even if we don't directly support KRB4 */
+ set_tkfile();
+ esetenv("KRBTKFILE", tkfile, 1);
+
+ /* convert creds? */
+ if(k_hasafs()) {
+ if (k_setpag() == 0)
+ krb5_afslog(context, ccache2, NULL, NULL);
+ }
+
+ krb5_cc_close(context, ccache2);
+ krb5_cc_destroy(context, ccache);
+ return 0;
+}
+#endif
+
+#ifdef KRB4
+
+static int
+krb_verify(const struct passwd *login_info,
+ const struct passwd *su_info,
+ const char *kerberos_instance)
+{
+ int ret;
+ char *login_name = NULL;
+ char *name, *instance, realm[REALM_SZ];
+
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+ login_name = getlogin();
+#endif
+
+ ret = krb_get_lrealm(realm, 1);
+
+ if (login_name == NULL || strcmp (login_name, "root") == 0)
+ login_name = login_info->pw_name;
+ if (strcmp (su_info->pw_name, "root") == 0) {
+ name = login_name;
+ instance = (char*)kerberos_instance;
+ } else {
+ name = su_info->pw_name;
+ instance = "";
+ }
+
+ if(su_info->pw_uid != 0 ||
+ krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
+ char password[128];
+ char *prompt;
+ ret = asprintf (&prompt,
+ "%s's Password: ",
+ krb_unparse_name_long (name, instance, realm));
+ if (ret == -1)
+ return (1);
+ if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
+ memset (password, 0, sizeof (password));
+ free(prompt);
+ return (1);
+ }
+ free(prompt);
+ if (strlen(password) == 0)
+ return (1); /* Empty passwords are not allowed */
+ set_tkfile();
+ setuid(geteuid()); /* need to run as root here */
+ ret = krb_verify_user(name, instance, realm, password,
+ KRB_VERIFY_SECURE, NULL);
+ memset(password, 0, sizeof(password));
+
+ if(ret) {
+ warnx("%s", krb_get_err_text(ret));
+ return 1;
+ }
+ chown (tkt_string(), su_info->pw_uid, su_info->pw_gid);
+ return 0;
+ }
+ return 1;
+}
+
+
+static int
+krb_start_session(void)
+{
+ esetenv("KRBTKFILE", tkfile, 1);
+
+ /* convert creds? */
+ if(k_hasafs() && k_setpag() == 0)
+ krb_afslog(NULL, NULL);
+
+ return 0;
+}
+#endif
+
+#define GROUP_MEMBER 0
+#define GROUP_MISSING 1
+#define GROUP_EMPTY 2
+#define GROUP_NOT_MEMBER 3
+
+static int
+group_member_p(const char *group, const char *user)
+{
+ struct group *g;
+ int i;
+ g = getgrnam(group);
+ if(g == NULL)
+ return GROUP_MISSING;
+ if(g->gr_mem[0] == NULL)
+ return GROUP_EMPTY;
+ for(i = 0; g->gr_mem[i] != NULL; i++)
+ if(strcmp(user, g->gr_mem[i]) == 0)
+ return GROUP_MEMBER;
+ return GROUP_NOT_MEMBER;
+}
+
+static int
+verify_unix(struct passwd *login, struct passwd *su)
+{
+ char prompt[128];
+ char pw_buf[1024];
+ char *pw;
+ int r;
+ if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
+ snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
+ r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
+ if(r != 0)
+ exit(0);
+ pw = crypt(pw_buf, su->pw_passwd);
+ memset(pw_buf, 0, sizeof(pw_buf));
+ if(strcmp(pw, su->pw_passwd) != 0) {
+ syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
+ login->pw_name, su->pw_name);
+ return 1;
+ }
+ }
+ /* if su:ing to root, check membership of group wheel or root; if
+ that group doesn't exist, or is empty, allow anyone to su
+ root */
+ if(su->pw_uid == 0) {
+#ifndef ROOT_GROUP
+#define ROOT_GROUP "wheel"
+#endif
+ int gs = group_member_p(ROOT_GROUP, login->pw_name);
+ if(gs == GROUP_NOT_MEMBER) {
+ syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
+ login->pw_name, su->pw_name, ROOT_GROUP);
+ return 1;
+ }
+ return 0;
+ }
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int i, optind = 0;
+ char *su_user;
+ struct passwd *su_info;
+ struct passwd *login_info;
+
+ struct passwd *pwd;
+
+ char *shell;
+
+ int ok = 0;
+ int kerberos_error=1;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ usage(1);
+
+ for (i=0; i < optind; i++)
+ if (strcmp(argv[i], "-") == 0) {
+ full_login = 1;
+ break;
+ }
+
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ if(optind >= argc)
+ su_user = "root";
+ else
+ su_user = argv[optind++];
+
+ if (!issuid() && getuid() != 0)
+ warnx("Not setuid and you are root, expect this to fail");
+
+ pwd = k_getpwnam(su_user);
+ if(pwd == NULL)
+ errx (1, "unknown login %s", su_user);
+ if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) {
+ syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user);
+ errx (1, "unknown login %s", su_user);
+ }
+ su_info = dup_info(pwd);
+ if (su_info == NULL)
+ errx (1, "malloc: out of memory");
+
+ pwd = getpwuid(getuid());
+ if(pwd == NULL)
+ errx(1, "who are you?");
+ login_info = dup_info(pwd);
+ if (login_info == NULL)
+ errx (1, "malloc: out of memory");
+ if(env_flag)
+ shell = login_info->pw_shell;
+ else
+ shell = su_info->pw_shell;
+ if(shell == NULL || *shell == '\0')
+ shell = _PATH_BSHELL;
+
+
+#ifdef KRB5
+ if(kerberos_flag && ok == 0 &&
+ (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0)
+ ok = 5;
+#endif
+#ifdef KRB4
+ if(kerberos_flag && ok == 0 &&
+ (kerberos_error = krb_verify(login_info, su_info, kerberos_instance)) == 0)
+ ok = 4;
+#endif
+
+ if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
+ printf("Sorry!\n");
+ exit(1);
+ }
+
+#ifdef HAVE_GETSPNAM
+ { struct spwd *sp;
+ long today;
+
+ sp = getspnam(su_info->pw_name);
+ if (sp != NULL) {
+ today = time(0)/(24L * 60 * 60);
+ if (sp->sp_expire > 0) {
+ if (today >= sp->sp_expire) {
+ if (login_info->pw_uid)
+ errx(1,"Your account has expired.");
+ else
+ printf("Your account has expired.");
+ }
+ else if (sp->sp_expire - today < 14)
+ printf("Your account will expire in %d days.\n",
+ (int)(sp->sp_expire - today));
+ }
+ if (sp->sp_max > 0) {
+ if (today >= sp->sp_lstchg + sp->sp_max) {
+ if (login_info->pw_uid)
+ errx(1,"Your password has expired. Choose a new one.");
+ else
+ printf("Your password has expired. Choose a new one.");
+ }
+ else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn)
+ printf("Your account will expire in %d days.\n",
+ (int)(sp->sp_lstchg + sp->sp_max -today));
+ }
+ }
+ }
+#endif
+ {
+ char *tty = ttyname (STDERR_FILENO);
+ syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
+ login_info->pw_name, su_info->pw_name, tty);
+ }
+
+
+ if(!env_flag) {
+ if(full_login) {
+ char *t = getenv ("TERM");
+ char **newenv = NULL;
+ int i, j;
+
+ i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
+
+ environ = malloc ((10 + i) * sizeof (char *));
+ if (environ == NULL)
+ err (1, "malloc");
+ environ[0] = NULL;
+
+ for (j = 0; j < i; j++) {
+ char *p = strchr(newenv[j], '=');
+ *p++ = 0;
+ esetenv (newenv[j], p, 1);
+ }
+ free(newenv);
+
+ esetenv ("PATH", _PATH_DEFPATH, 1);
+ if (t)
+ esetenv ("TERM", t, 1);
+ if (chdir (su_info->pw_dir) < 0)
+ errx (1, "no directory");
+ }
+ if (full_login || su_info->pw_uid)
+ esetenv ("USER", su_info->pw_name, 1);
+ esetenv("HOME", su_info->pw_dir, 1);
+ esetenv("SHELL", shell, 1);
+ }
+
+ {
+ int i;
+ char **args;
+ char *p;
+
+ p = strrchr(shell, '/');
+ if(p)
+ p++;
+ else
+ p = shell;
+
+ if (strcmp(p, "csh") != 0)
+ csh_f_flag = 0;
+
+ args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args));
+ if (args == NULL)
+ err (1, "malloc");
+ i = 0;
+ if(full_login) {
+ if (asprintf(&args[i++], "-%s", p) == -1)
+ errx (1, "malloc");
+ } else
+ args[i++] = p;
+ if (cmd) {
+ args[i++] = "-c";
+ args[i++] = cmd;
+ }
+
+ if (csh_f_flag)
+ args[i++] = "-f";
+
+ for (argv += optind; *argv; ++argv)
+ args[i++] = *argv;
+ args[i] = NULL;
+
+ if(setgid(su_info->pw_gid) < 0)
+ err(1, "setgid");
+ if (initgroups (su_info->pw_name, su_info->pw_gid) < 0)
+ err (1, "initgroups");
+ if(setuid(su_info->pw_uid) < 0
+ || (su_info->pw_uid != 0 && setuid(0) == 0))
+ err(1, "setuid");
+
+#ifdef KRB5
+ if (ok == 5)
+ krb5_start_session();
+#endif
+#ifdef KRB4
+ if (ok == 4)
+ krb_start_session();
+#endif
+ execv(shell, args);
+ }
+
+ exit(1);
+}
Added: vendor-crypto/heimdal/dist/appl/su/supaths.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/su/supaths.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/su/supaths.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: supaths.h,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifndef __SU_PATH_H
+#define __SU_PATH_H
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH "/usr/bin:/bin"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_ETC_ENVIRONMENT
+#define _PATH_ETC_ENVIRONMENT SYSCONFDIR "/environment"
+#endif
+
+#endif /* __SU_PATH_H */
Added: vendor-crypto/heimdal/dist/appl/telnet/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,804 @@
+2007-12-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/sys_term.c: Use strlcpy instead of strncpy, thanks to
+ Antoine Brodin.
+
+2007-07-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c (usage): use exit_code, add --version and
+ --help.
+
+ * telnetd/telnetd.c: Add --help, reported by David Love.
+
+2007-07-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/main.c: Catch --help, reported by David Love.
+
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/sys_term.c: GLIBC made the choice that ut_tv should be
+ shared between 32 and 64 bit platforms so now we can no longer use
+ struct timeval functions to compare or set/get data that uses
+ pointer (gettimeofday for example) since ut_tv is now not a struct
+ timeval but rather a struct { int32_t tv_sec; int32_t tv_usec; };
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/telnet_locl.h: Include roken.h before the local
+ headerfiles.
+
+ * telnetd/telnetd.h: HP/UX defines SE in sys/uio.h, #undef it.
+
+ * telnetd/sys_term.c: Dont't include some streamspty headers here.
+
+ * telnetd/telnetd.c: Dont't include some streamspty headers here.
+
+ * telnetd/telnetd.h: includes some STREAMSPTY header here to avoid
+ ioctl vs socket_wrapper horror.
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/Makefile.am: more files
+
+ * telnetd/Makefile.am: more files
+
+2006-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.8: Add documentation for -e, require encryption.
+
+ * telnetd/telnetd.h: Add require_encryption.
+
+ * telnetd/telnetd.c: Allow encryption to be required, wait to the
+ client to turn it on, if failes, refuse the connection.
+
+ * telnetd/state.c: If encryption is required, don't allow it to be
+ turned off.
+
+2006-09-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * libtelnet/kerberos5.c (kerberos5_forward): use KDCOptions2int on
+ flags before passing them to krb5_get_forwarded_creds.
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Rename u_intXX_t to uintXX_t
+
+2006-03-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * libtelnet/encrypt.c: Spelling.
+
+2005-12-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c: Initialize the slc mapping table before its
+ used. Based on bug report from Russell Sanford
+ <rrs at clyde.dcccd.edu>
+
+2005-11-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/telnet.c: Spelling in comments, from Dave Love
+ <fx at gnu.org>
+
+2005-10-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * libtelnet/kerberos5.c (Data): Use right variable. From Tomas
+ Olsson
+
+2005-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/commands.c: Check return value from asprintf instead of
+ string != NULL since it undefined behavior on Linux. From Bj\xF6rn
+ Sandell
+
+ * libtelnet/kerberos5.c: Check return value from asprintf instead
+ of string != NULL since it undefined behavior on Linux. From Bj\xF6rn
+ Sandell
+
+ * libtelnet/kerberos.c: Check return value from asprintf instead
+ of string != NULL since it undefined behavior on Linux. From Bj\xF6rn
+ Sandell
+
+2005-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c: Fix printing of /etc/issue{,.net}.
+
+ * telnetd/utility.c: make writenet take const void * and size_t,
+ abort if size it too large
+
+ * telnetd/state.c: Fix ansi c warning.
+
+ * telnetd/sys_term.c: no need to typecast argument to writenet
+
+ * telnetd/ext.h: make writenet take const void * and size_t
+
+2005-07-07 Assar Westerlund <assar at kth.se>
+
+ * libtelnet/kerberos.c: Do not assume that des_key_schedule is an
+ array.
+
+2005-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * libtelnet/kerberos5.c: case uid_t to unsigned long in printf
+ format
+
+ * telnetd/sys_term.c (set_termbuf): use {} around if to make else
+ unambiguous
+
+2005-05-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/sys_term.c (start_login): put utmpx code into a new
+ scope to avoid pre c99 problems.
+
+2005-05-19 Dave Love <fx at gnu.org>
+
+ * telnet/telnet.c,telnet_locl.h: Make solaris find tgetent
+
+2005-05-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnetd/sys_term.c (start_login): set encryption pointers to
+ NULL, so we don't try to do either
+
+2005-05-11 Dave Love <fx at gnu.org>
+
+ * telnet/telnet.c: undef ISASCII before we define our own (problem
+ on Irix)
+
+2005-04-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnetd/utility.c (putf): %t: the regular and streamspty case
+ are functionally equivalent, so merge them, this also makes it
+ work better on machines that puts their devices in a subdirectory
+ to /dev
+
+2005-04-27 Dave Love <fx at gnu.org>
+
+ * telnetd/sys_term.c (getpty): Declare p.
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c: use strlcpy
+
+2005-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/global.c, telnetd/state.c, telnetd/telnetd.c,
+ telentd/ext.h: remove another strcpy
+
+2005-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/sys_term.c: rewrite getpty to make use openpty when its
+ found, save the slave fd so that cleanopen can use it if its
+ available
+
+2005-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/sys_term.c: clean_ttyname might be unused, mark it so
+ with __attribute__
+
+2005-04-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/sys_term.c: use NULL as last argument to execl, not 0
+
+ * telnet/commands.c: use NULL as last argument to execl, not 0
+
+2005-03-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/telnet.c: From FreeBSD:
+
+ Correct a pair of buffer overflows in the telnet(1) command:
+
+ (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
+ functions.
+
+ (CAN-2005-0469) A global uninitialized data section buffer overflow in
+ slc_add_reply() and related functions.
+
+ As a result of these vulnerabilities, it may be possible for a
+ malicious telnet server or active network attacker to cause
+ telnet(1) to execute arbitrary code with the privileges of the
+ user running it.
+
+ Security: CAN-2005-0468, CAN-2005-0469 Security:
+ FreeBSD-SA-05:01.telnet Security:
+ http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
+ Security:
+ http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
+
+ These fixes are based in part on patches Submitted by: Solar
+ Designer <solar at openwall.com>
+
+2005-03-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c: remove setting of DES_check_key, all code
+ uses DES_set_key_checked
+
+ * libtelnet/enc_des.c: use DES_set_key_checked
+
+2005-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/telnet.c: cast argument to toupper to unsigned char
+
+ * telnet/commands.c: cast argument to is* to unsigned char
+
+2004-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/network.c: make network rings larger From: MAAAAA MOOOR
+ <huaraz at btinternet.com>
+
+ * telnetd/state.c: make subbuffer larger XXX resize dynamicly
+ From: MAAAAA MOOOR <huaraz at btinternet.com>
+
+ * libtelnet/kerberos5.c (Data): allocate the data needed to be
+ send From: MAAAAA MOOOR <huaraz at btinternet.com>
+
+2004-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/main.c: make encrypt, forwardable, forward use appdefault
+ (that also searches libdefaults), prompted by Thomas Nystrom
+ <thn at saeab.se>
+
+2004-03-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c: call setprogname to make libvers happy
+
+ * telnet/main.c: call setprogname to make libvers happy
+
+2003-09-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/externs.h: export Scheduler and scheduler_lockout_tty
+
+ * telnet/telnet.c (my_telnet): if telnet_spin returns failure,
+ complain that the server disconnected and exit
+
+ * telnet/authenc.c (telnet_spin): if Scheduler() returns failure
+ (-1) propagate to higher level
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnetd/telnetd.c: use new DES_ api
+
+ * libtelnet/enc_des.c: use new DES_ api
+
+2003-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * telnet/telnet.1: replace <,> with \*[Lt],\*[Gt]
+
+2002-09-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
+
+2002-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnet/commands.c: remove extra "Toggle"'s
+
+ * telnet/commands.c: IRIX == 4 -> IRIX4
+
+ * telnet/main.c: rename functions to what they're really called
+
+ * telnet/commands.c: kill some might be uninitialized warnings
+
+ * telnet/commands.c: add forward and forwardable toggle options,
+ and call set_forward_options() after parsing .telnetrc
+
+ * telnet/externs.h: proto for set_forward_options
+
+ * telnet/main.c: only register what forwarding options are asked
+ for when parsing command line, we have to set the actual flags
+ later after we have read .telnetrc
+
+ * libtelnet/auth-proto.h: kerberos5_set_forward{,able} protos
+
+ * libtelnet/kerberos5.c: add kerberos5_set_forward{,able}
+ functions suitable for the command parser
+
+2002-08-23 Assar Westerlund <assar at kth.se>
+
+ * telnetd/telnetd.c: add --version as a special case
+ * telnet/main.c: add --version as a special case
+
+2002-05-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnet/telnet.c: only try to negotiate encryption if we're
+ talking to a real telnet
+
+2002-03-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnet/commands.c: fix an old cut-n-paste typo (via debian)
+
+2002-02-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnet/telnet.c: print a more informative message than "done"
+ after negotiating encryption
+
+2001-09-17 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.c: add a kludge to make it build on aix (that
+ defines NOERROR in both sys/stream.h and arpa/nameser.h and
+ considers that a fatal error)
+
+ * telnet/telnet.c: undef PUTSHORT to avoid conflict
+
+2001-08-26 Assar Westerlund <assar at sics.se>
+
+ * telnetd/Makefile.am: also link with the library for logout
+
+2001-08-22 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c: include libutil.h if it exists
+
+2001-08-10 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (getpty): call openpty if it exists
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * telnetd/global.c (output_data): make sure of not forwarding
+ `nfrontp' too far, thereby allowing writes after the end of
+ `netobuf'
+
+2001-06-18 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c: update to new krb5_auth_con* names
+
+2001-04-25 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (start_login): give the correct error if exec
+ fails
+ * telnetd/utility.c (fatalperror_errno): add a new function with
+ explicit errno parameter
+
+2001-03-07 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c: some minimal more amount of
+ const-correctness
+
+2001-02-24 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/enc_des.c: learn to live with libcrypto (from openssl)
+
+2001-02-20 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): copy the hostname so it doesn't get
+ overwritten while reading ~/.telnetrc
+ (*): removed some unneeded externs
+
+2001-02-08 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (startslave, start_login): re-write code to
+ keep track both of remote hostname and utmp string to be used
+ * telnetd/telnetd.c (doit, my_telnet): re-write code to keep track
+ both of remote hostname and utmp string to be used
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * telnet/Makefile.am, telnetd/Makefile.am: add LIB_kdfs
+
+2001-01-09 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c (kerberos5_is): use krb5_rd_cred2 instead
+ of krb5_rd_cred
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * telnet/main.c (krb5_init): check krb5_init_context for success
+ * libtelnet/kerberos5.c (kerberos5_init): check krb5_init_context
+ for success
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (sourceroute): make it not break if the
+ rfc2292 api does not exist
+
+2000-12-09 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (scrub_env): add supporting non-file TERMCAP
+ variables
+
+2000-12-07 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.h: move include files around to avoid getting SE
+ from sys/*.h on HP to override SE from telnet.h
+
+ * telnetd/sys_term.c (scrub_env): remove some const-ness
+ * telnetd/sys_term.c (scrub_env): add LOGNAME and POSIXLY_CORRECT
+ to the list of authorized environment variables to be compatible
+ with linux-telnetd
+
+ * telnetd/sys_term.c (scrub_env): change filtering algoritm from
+ allowing everything except a few bad cases to not allowing
+ anything except a few non-dangerous cases
+
+2000-12-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * libtelnet/kerberos5.c: de-pointerise auth_context parameter to
+ krb5_mk_rep
+
+2000-11-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * libtelnet/kerberos5.c: print the principal we're trying to use
+
+ * libtelnet/kerberos.c: print the principal we're trying to use
+
+2000-11-16 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/misc-proto.h (telnet_getenv): const-ize some
+
+2000-11-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnet/telnet.c: fake entry if no tgetent
+
+2000-10-08 Assar Westerlund <assar at sics.se>
+
+ * telnetd/utility.c (stilloob): check that fds are not too large
+ to select on
+ (ttloop): remove confusing output of errno
+ * telnetd/telnetd.c (my_telnet): check that fds are not too large
+ to select on
+ * telnet/utilities.c (EmptyTerminal): check that fds are not too
+ large to select on
+ * telnet/sys_bsd.c (process_rings): check that fds are not too
+ large to select on
+ * telnet/network.c (stilloob): check that fds are not too large to
+ select on
+
+2000-06-09 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c: remove all setuid(getuid()). we do not
+ support telnet being setuid root
+
+2000-05-05 Assar Westerlund <assar at sics.se>
+
+ * telnet/externs.h (sourceroute): update prototype
+ * telnet/commands.c (tn): re-enable source routing
+ (sourceroute): make it work again based on the code from
+ itojun at kame.net
+
+2000-03-28 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): clean-up a tiny little bit. give-up if
+ we do not manage to connect to any address
+
+2000-03-26 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (*): make sure to always call time, ctime,
+ and gmtime with `time_t's. there were some types (like in
+ lastlog) that we believed to always be time_t. this has proven
+ wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit
+ quantities but time_t has gone up to 64 bits
+
+2000-03-03 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c (kerberos5_init): check that we do have a
+ keytab before saying that we will support KERBEROS5
+
+2000-02-12 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): only set tos for AF_INET. From
+ itojun at iijlab.net
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos.c (kerberos4_is): send a reject back to the
+ client when we're not authorized
+
+2000-02-06 Assar Westerlund <assar at sics.se>
+
+ * telnet/ring.h (ring_encrypt): better proto
+ * telnet/ring.c (ring_encrypt): better proto
+
+2000-02-04 Assar Westerlund <assar at sics.se>
+
+ * telnet/telnet_locl.h: klduge-around KLUDGELINEMODE
+
+2000-01-18 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/misc.c (auth_encrypt_user): const-ify
+ * libtelnet/misc.h (RemoteHostName, LocalHostName): const-ify
+ * libtelnet/misc.c (auth_encrypt_init, RemoteHostName,
+ LocalHostName): const-ify
+ * libtelnet/misc-proto.h (auth_encrypt_init, auth_encrypt_user):
+ const-ify
+ * libtelnet/encrypt.c (encrypt_init, Name): const-ify
+ * libtelnet/enc-proto.h (encrypt_init): const-ify
+ * libtelnet/auth.c (auth_init, Name): const-ify
+ * libtelnet/auth-proto.h (auth_init): const-ify
+
+2000-01-08 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): handle ai_canonname being set in any of
+ the addresses returnedby getaddrinfo. glibc apparently returns
+ the reverse lookup of every address in ai_canonname. remove some
+ unused variables.
+
+2000-01-01 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (addarg): make void (return value isn't check
+ anyway). fatal error when malloc fails
+
+1999-12-16 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (*): handle ai_canonname not being set
+
+1999-12-04 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.c (doit): use getnameinfo_verified
+ * telnetd/telnetd.c: use getnameinfo
+ * telnet/commands.c: re-write to using getaddrinfo. disable
+ source-routing for the moment, it doesn't seem to be used anyways.
+
+1999-09-16 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c: revert 1.54, get_default_username should DTRT
+ now
+
+1999-09-05 Assar Westerlund <assar at sics.se>
+
+ * telnetd/utility.c (ttloop): make it return 1 if interrupted by a
+ signal, which must have been what was meant from the beginning
+
+ * telnetd/ext.h (ttloop): update prototype
+
+ * telnetd/authenc.c (telnet_spin): actually return the value from
+ ttloop (otherwise it's kind of bogus)
+
+1999-08-05 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (rmut): free utxp
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * telnet/main.c: add -G and config file support. From Miroslav
+ Ruda <ruda at ics.muni.cz>
+
+ * telnetd/sys_term.c (rmut): work around utmpx strangness. From
+ Miroslav Ruda <ruda at ics.muni.cz>
+
+1999-08-02 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.c (doit): only free hp if != NULL. From: Jonas
+ Oberg <jonas at coyote.org>
+
+1999-07-29 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.c (doit): remove unused variable mapped_sin
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * telnetd/ext.h: update prototypes
+
+ * telnetd/telnetd.c: make it handle v4 and v6 sockets. (it
+ doesn't handle being given a v6 socket that's really talking to an
+ v4 adress (mapped) because the rest of the code in telnetd is not
+ able to handle it anyway). please run two telnetd from your
+ inetd, one for v4 and one for v6.
+
+1999-07-07 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): extra bogus const-cast
+
+1999-07-06 Assar Westerlund <assar at sics.se>
+
+ * telnetd/sys_term.c (start_login): print a different warning with
+ `-a otp'
+
+1999-06-24 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c (kerberos5_send): set the addresses in the
+ auth_context
+
+1999-06-23 Assar Westerlund <assar at sics.se>
+
+ * telnet/Makefile.am (INCLUDES): add $(INCLUDE_krb4)
+
+ * telnet/commands.c (togkrbdebug): conditionalize on
+ krb_disable_debug
+
+1999-06-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * telnet/commands.c: add kerberos debugging option
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): use get_default_username
+
+1999-05-14 Assar Westerlund <assar at sics.se>
+
+ * telnetd/state.c (telrcv): magic patch to make it work against
+ DOS Clarkson Telnet. From Miroslav Ruda <ruda at ics.muni.cz>
+
+1999-04-25 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c (kerberos5_send): use
+ `krb5_auth_setkeytype' instead of `krb5_auth_setenctype' to make
+ sure we get a DES session key.
+
+Thu Apr 1 16:59:27 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/Makefile.am: don't run check-local
+
+ * telnet/Makefile.am: don't run check-local
+
+Mon Mar 29 16:11:33 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/sys_term.c: _CRAY -> HAVE_STRUCT_UTMP_UT_ID
+
+Sat Mar 20 00:12:54 1999 Assar Westerlund <assar at sics.se>
+
+ * telnet/authenc.c (telnet_gets): remove old extern declarations
+
+Thu Mar 18 11:20:16 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/Makefile.am: include Makefile.am.common
+
+ * telnet/Makefile.am: include Makefile.am.common
+
+ * libtelnet/Makefile.am: include Makefile.am.common
+
+ * Makefile.am: include Makefile.am.common
+
+Mon Mar 15 17:40:53 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/telnetd.c: replace perror/exit with fatalperror
+
+Sat Mar 13 22:18:57 1999 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.c (main): 0 -> STDIN_FILENO. remove abs
+
+ * libtelnet/kerberos.c (kerberos4_is): syslog root logins
+
+Thu Mar 11 14:48:54 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/Makefile.in: add WFLAGS
+
+ * telnet/Makefile.in: add WFLAGS
+
+ * libtelnet/Makefile.in: add WFLAGS
+
+ * telnetd/sys_term.c: remove unused variables
+
+ * telnet/telnet.c: fix some warnings
+
+ * telnet/main.c: fix some warnings
+
+ * telnet/commands.c: fix types in format string
+
+ * libtelnet/auth.c: fix types in format string
+
+Mon Mar 1 10:50:30 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/sys_term.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
+
+Mon Feb 1 04:08:36 1999 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): only call gethostbyname2 with AF_INET6
+ if we actually have IPv6. From "Brandon S. Allbery KF8NH"
+ <allbery at kf8nh.apk.net>
+
+Sat Nov 21 16:51:00 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * telnetd/sys_term.c (cleanup): don't call vhangup() on sgi:s
+
+Fri Aug 14 16:29:18 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * libtelnet/kerberos.c: krb_put_int -> KRB_PUT_INT
+
+Thu Jul 23 20:29:05 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * libtelnet/kerberos5.c: use krb5_verify_authenticator_checksum
+
+Mon Jul 13 22:00:09 1998 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): don't advance hostent->h_addr_list, use
+ a copy instead
+
+Wed May 27 04:19:17 1998 Assar Westerlund <assar at sics.se>
+
+ * telnet/sys_bsd.c (process_rings): correct call to `stilloob'
+
+Fri May 15 19:38:19 1998 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * libtelnet/kerberos5.c: Always print errors from mk_req.
+
+Fri May 1 07:16:59 1998 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c: unifdef -DHAVE_H_ERRNO
+
+Sat Apr 4 15:00:29 1998 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): moved the printing of `trying...' to the
+ loop
+
+Thu Mar 12 02:33:48 1998 Assar Westerlund <assar at sics.se>
+
+ * telnet/telnet_locl.h: include <term.h>. From Gregory S. Stark
+ <gsstark at mit.edu>
+
+Sat Feb 21 15:12:38 1998 Assar Westerlund <assar at sics.se>
+
+ * telnetd/ext.h: add prototype for login_tty
+
+ * telnet/utilities.c (printsub): `direction' is now an int.
+
+ * libtelnet/misc-proto.h: add prototype for `printsub'
+
+Tue Feb 17 02:45:01 1998 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos.c (kerberos4_is): cred.pname should be
+ cred.pinst. From <art at stacken.kth.se>
+
+Sun Feb 15 02:46:39 1998 Assar Westerlund <assar at sics.se>
+
+ * telnet/*/*.c: renamed `telnet' to `my_telnet' to avoid
+ conflicts with system header files on mklinux.
+
+Tue Feb 10 02:09:03 1998 Assar Westerlund <assar at sics.se>
+
+ * telnetd/telnetd.c: new signature for `getterminaltype' and
+ `auth_wait'
+
+ * libtelnet: changed the signature of the authentication method
+ `status'
+
+Sat Feb 7 07:21:29 1998 Assar Westerlund <assar at sics.se>
+
+ * */*.c: replace HAS_GETTOS by HAVE_PARSETOS and HAVE_GETTOSBYNAME
+
+Fri Dec 26 16:17:10 1997 Assar Westerlund <assar at sics.se>
+
+ * telnet/commands.c (tn): repair support for numeric addresses
+
+Sun Dec 21 09:40:31 1997 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos.c: fix up lots of stuff related to the
+ forwarding of v4 tickets.
+
+ * libtelnet/kerberos5.c (kerberos5_forward): zero out `creds'.
+
+Mon Dec 15 20:53:13 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * telnet/sys_bsd.c: Don't turn off OPOST in 8bit-mode.
+
+Tue Dec 9 19:26:50 1997 Assar Westerlund <assar at sics.se>
+
+ * telnet/main.c (main): add 'b' to getopt
+
+Sat Nov 29 03:28:54 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * telnet/telnet.c: Change binary mode to do just that, and add a
+ eight-bit mode for just passing all characters.
+
+Sun Nov 16 04:37:02 1997 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c (kerberos5_send): always ask for a session
+ key of type DES
+
+ * libtelnet/kerberos5.c: remove old garbage and fix call to
+ krb5_auth_con_setaddrs_from_fd
+
+Fri Nov 14 20:35:18 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * telnetd/telnetd.c: Output contents of /etc/issue.
+
+Mon Nov 3 07:09:16 1997 Assar Westerlund <assar at sics.se>
+
+ * telnet/telnet_locl.h: only include <sys/termio.h> iff
+ !defined(HAVE_TERMIOS_H)
+
+ * libtelnet/kerberos.c (kerberos4_is): send the peer address to
+ krb_rd_req
+
+ * telnetd/telnetd.c (terminaltypeok): always return OK. It used
+ to call `tgetent' to figure if it was a defined terminal type.
+ It's possible to overflow tgetent so that's a bad idea. The worst
+ that could happen by saying yes to all terminals is that the user
+ ends up with a terminal that has no definition on the local
+ system. And besides, most telnet client has no support for
+ falling back to a different terminal type.
+
+Mon Oct 20 05:47:19 1997 Assar Westerlund <assar at sics.se>
+
+ * libtelnet/kerberos5.c: remove lots of old junk. clean-up.
+ better error checking and reporting. tell the user permission
+ denied much earlier.
+
+ * libtelnet/kerberos.c (kerberos4_is): only print
+ UserNameRequested if != NULL
+
Added: vendor-crypto/heimdal/dist/appl/telnet/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,11 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = libtelnet telnet telnetd
+
+dist-hook:
+ $(mkinstalldirs) $(distdir)/arpa
+ $(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
+
+EXTRA_DIST = README.ORIG telnet.state
Added: vendor-crypto/heimdal/dist/appl/telnet/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,820 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+subdir = appl/telnet
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SUBDIRS = libtelnet telnet telnetd
+EXTRA_DIST = README.ORIG telnet.state
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/telnet/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+dist-hook:
+ $(mkinstalldirs) $(distdir)/arpa
+ $(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/telnet/README.ORIG
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/README.ORIG (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/README.ORIG 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,743 @@
+
+This is a distribution of both client and server telnet. These programs
+have been compiled on:
+ telnet telnetd
+ 4.4 BSD-Lite x x
+ 4.3 BSD Reno X X
+ UNICOS 9.1 X X
+ UNICOS 9.0 X X
+ UNICOS 8.0 X X
+ BSDI 2.0 X X
+ Solaris 2.4 x x (no linemode in server)
+ SunOs 4.1.4 X X (no linemode in server)
+ Ultrix 4.3 X X (no linemode in server)
+ Ultrix 4.1 X X (no linemode in server)
+
+In addition, previous versions have been compiled on the following
+machines, but were not available for testing this version.
+ telnet telnetd
+ Next1.0 X X
+ UNICOS 8.3 X X
+ UNICOS 7.C X X
+ UNICOS 7.0 X X
+ SunOs 4.0.3c X X (no linemode in server)
+ 4.3 BSD X X (no linemode in server)
+ DYNIX V3.0.12 X X (no linemode in server)
+ Ultrix 3.1 X X (no linemode in server)
+ Ultrix 4.0 X X (no linemode in server)
+ SunOs 3.5 X X (no linemode in server)
+ SunOs 4.1.3 X X (no linemode in server)
+ Solaris 2.2 x x (no linemode in server)
+ Solaris 2.3 x x (no linemode in server)
+ BSDI 1.0 X X
+ BSDI 1.1 X X
+ DYNIX V3.0.17.9 X X (no linemode in server)
+ HP-UX 8.0 x x (no linemode in server)
+
+This code should work, but there are no guarantees.
+
+May 30, 1995
+
+This release represents what is on the 4.4BSD-Lite2 release, which
+should be the final BSD release. I will continue to support of
+telnet, The code (without encryption) is available via anonymous ftp
+from ftp.cray.com, in src/telnet/telnet.YY.MM.DD.NE.tar.Z, where
+YY.MM.DD is replaced with the year, month and day of the release.
+If you can't find it at one of these places, at some point in the
+near future information about the latest releases should be available
+from ftp.borman.com.
+
+In addition, the version with the encryption code is available via
+ftp from net-dist.mit.edu, in the directory /pub/telnet. There
+is a README file there that gives further information on how
+to get the distribution.
+
+Questions, comments, bug reports and bug fixes can be sent to
+one of these addresses:
+ dab at borman.com
+ dab at cray.com
+ dab at bsdi.com
+
+This release is mainly bug fixes and code cleanup.
+
+ Replace all calls to bcopy()/bzero() with calls to
+ memmove()/memset() and all calls to index()/rindex()
+ with calls to strchr()/strrchr().
+
+ Add some missing diagnostics for option tracing
+ to telnetd.
+
+ Add support for BSDI 2.0 and Solaris 2.4.
+
+ Add support for UNICOS 8.0
+
+ Get rid of expanded tabs and trailing white spaces.
+
+ From Paul Vixie:
+ Fix for telnet going into an endless spin
+ when the session dies abnormally.
+
+ From Jef Poskanzer:
+ Changes to allow telnet to compile
+ under SunOS 3.5.
+
+ From Philip Guenther:
+ makeutx() doesn't expand utmpx,
+ use pututxline() instead.
+
+ From Chris Torek:
+ Add a sleep(1) before execing login
+ to avoid race condition that can eat
+ up the login prompt.
+ Use terminal speed directly if it is
+ not an encoded value.
+
+ From Steve Parker:
+ Fix to realloc() call. Fix for execing
+ login on solaris with no user name.
+
+January 19, 1994
+
+This is a list of some of the changes since the last tar release
+of telnet/telnetd. There are probably other changes that aren't
+listed here, but this should hit a lot of the main ones.
+
+ General:
+ Changed #define for AUTHENTICATE to AUTHENTICATION
+ Changed #define for ENCRYPT to ENCRYPTION
+ Changed #define for DES_ENCRYPT to DES_ENCRYPTION
+
+ Added support for SPX authentication: -DSPX
+
+ Added support for Kerberos Version 5 authentication: -DKRB5
+
+ Added support for ANSI C function prototypes
+
+ Added support for the NEW-ENVIRON option (RFC-1572)
+ including support for USERVAR.
+
+ Made support for the old Environment Option (RFC-1408)
+ conditional on -DOLD_ENVIRON
+
+ Added #define ENV_HACK - support for RFC 1571
+
+ The encryption code is removed from the public distributions.
+ Domestic 4.4 BSD distributions contain the encryption code.
+
+ ENV_HACK: Code to deal with systems that only implement
+ the old ENVIRON option, and have reversed definitions
+ of ENV_VAR and ENV_VAL. Also fixes ENV processing in
+ client to handle things besides just the default set...
+
+ NO_BSD_SETJMP: UNICOS configuration for
+ UNICOS 6.1/6.0/5.1/5.0 systems.
+
+ STREAMSPTY: Use /dev/ptmx to get a clean pty. This
+ is for SVr4 derivatives (Like Solaris)
+
+ UTMPX: For systems that have /etc/utmpx. This is for
+ SVr4 derivatives (Like Solaris)
+
+ Definitions for BSDI 1.0
+
+ Definitions for 4.3 Reno and 4.4 BSD.
+
+ Definitions for UNICOS 8.0 and UNICOS 7.C
+
+ Definitions for Solaris 2.0
+
+ Definitions for HP-UX 8.0
+
+ Latest Copyright notices from Berkeley.
+
+ FLOW-CONTROL: support for RFC-XXXx
+
+
+ Client Specific:
+
+ Fix the "send" command to not send garbage...
+
+ Fix status message for "skiprc"
+
+ Make sure to send NAWS after telnet has been suspended
+ or an external command has been run, if the window size
+ has changed.
+
+ sysV88 support.
+
+ Server Specific:
+
+ Support flowcontrol option in non-linemode servers.
+
+ -k Server supports Kludge Linemode, but will default to
+ either single character mode or real Linemode support.
+ The user will have to explicitly ask to switch into
+ kludge linemode. ("stty extproc", or escape back to
+ to telnet and say "mode line".)
+
+ -u Specify the length of the hostname field in the utmp
+ file. Hostname longer than this length will be put
+ into the utmp file in dotted decimal notation, rather
+ than putting in a truncated hostname.
+
+ -U Registered hosts only. If a reverse hostname lookup
+ fails, the connection will be refused.
+
+ -f/-F
+ Allows forwarding of credentials for KRB5.
+
+Februrary 22, 1991:
+
+ Features:
+
+ This version of telnet/telnetd has support for both
+ the AUTHENTICATION and ENCRYPTION options. The
+ AUTHENTICATION option is fairly well defined, and
+ an option number has been assigned to it. The
+ ENCRYPTION option is still in a state of flux; an
+ option number has been assigned to, but it is still
+ subject to change. The code is provided in this release
+ for experimental and testing purposes.
+
+ The telnet "send" command can now be used to send
+ do/dont/will/wont commands, with any telnet option
+ name. The rules for when do/dont/will/wont are sent
+ are still followed, so just because the user requests
+ that one of these be sent doesn't mean that it will
+ be sent...
+
+ The telnet "getstatus" command no longer requires
+ that option printing be enabled to see the response
+ to the "DO STATUS" command.
+
+ A -n flag has been added to telnetd to disable
+ keepalives.
+
+ A new telnet command, "auth" has been added (if
+ AUTHENTICATE is defined). It has four sub-commands,
+ "status", "disable", "enable" and "help".
+
+ A new telnet command, "encrypt" has been added (if
+ ENCRYPT is defined). It has many sub-commands:
+ "enable", "type", "start", "stop", "input",
+ "-input", "output", "-output", "status", and "help".
+
+ The LOGOUT option is now supported by both telnet
+ and telnetd, a new command, "logout", was added
+ to support this.
+
+ Several new toggle options were added:
+ "autoencrypt", "autodecrypt", "autologin", "authdebug",
+ "encdebug", "skiprc", "verbose_encrypt"
+
+ An "rlogin" interface has been added. If the program
+ is named "rlogin", or the "-r" flag is given, then
+ an rlogin type of interface will be used.
+ ~. Terminates the session
+ ~<susp> Suspend the session
+ ~^] Escape to telnet command mode
+ ~~ Pass through the ~.
+ BUG: If you type the rlogin escape character
+ in the middle of a line while in rlogin
+ mode, you cannot erase it or any characters
+ before it. Hopefully this can be fixed
+ in a future release...
+
+ General changes:
+
+ A "libtelnet.a" has now been created. This libraray
+ contains code that is common to both telnet and
+ telnetd. This is also where library routines that
+ are needed, but are not in the standard C library,
+ are placed.
+
+ The makefiles have been re-done. All of the site
+ specific configuration information has now been put
+ into a single "Config.generic" file, in the top level
+ directory. Changing this one file will take care of
+ all three subdirectories. Also, to add a new/local
+ definition, a "Config.local" file may be created
+ at the top level; if that file exists, the subdirectories
+ will use that file instead of "Config.generic".
+
+ Many 1-2 line functions in commands.c have been
+ removed, and just inserted in-line, or replaced
+ with a macro.
+
+ Bug Fixes:
+
+ The non-termio code in both telnet and telnetd was
+ setting/clearing CTLECH in the sg_flags word. This
+ was incorrect, and has been changed to set/clear the
+ LCTLECH bit in the local mode word.
+
+ The SRCRT #define has been removed. If IP_OPTIONS
+ and IPPROTO_IP are defined on the system, then the
+ source route code is automatically enabled.
+
+ The NO_GETTYTAB #define has been removed; there
+ is a compatability routine that can be built into
+ libtelnet to achive the same results.
+
+ The server, telnetd, has been switched to use getopt()
+ for parsing the argument list.
+
+ The code for getting the input/output speeds via
+ cfgetispeed()/cfgetospeed() was still not quite
+ right in telnet. Posix says if the ispeed is 0,
+ then it is really equal to the ospeed.
+
+ The suboption processing code in telnet now has
+ explicit checks to make sure that we received
+ the entire suboption (telnetd was already doing this).
+
+ The telnet code for processing the terminal type
+ could cause a core dump if an existing connection
+ was closed, and a new connection opened without
+ exiting telnet.
+
+ Telnetd was doing a TCSADRAIN when setting the new
+ terminal settings; This is not good, because it means
+ that the tcsetattr() will hang waiting for output to
+ drain, and telnetd is the only one that will drain
+ the output... The fix is to use TCSANOW which does
+ not wait.
+
+ Telnetd was improperly setting/clearing the ISTRIP
+ flag in the c_lflag field, it should be using the
+ c_iflag field.
+
+ When the child process of telnetd was opening the
+ slave side of the pty, it was re-setting the EXTPROC
+ bit too early, and some of the other initialization
+ code was wiping it out. This would cause telnetd
+ to go out of linemode and into single character mode.
+
+ One instance of leaving linemode in telnetd forgot
+ to send a WILL ECHO to the client, the net result
+ would be that the user would see double character
+ echo.
+
+ If the MODE was being changed several times very
+ quickly, telnetd could get out of sync with the
+ state changes and the returning acks; and wind up
+ being left in the wrong state.
+
+September 14, 1990:
+
+ Switch the client to use getopt() for parsing the
+ argument list. The 4.3Reno getopt.c is included for
+ systems that don't have getopt().
+
+ Use the posix _POSIX_VDISABLE value for what value
+ to use when disabling special characters. If this
+ is undefined, it defaults to 0x3ff.
+
+ For non-termio systems, TIOCSETP was being used to
+ change the state of the terminal. This causes the
+ input queue to be flushed, which we don't want. This
+ is now changed to TIOCSETN.
+
+ Take out the "#ifdef notdef" around the code in the
+ server that generates a "sync" when the pty oputput
+ is flushed. The potential problem is that some older
+ telnet clients may go into an infinate loop when they
+ receive a "sync", if so, the server can be compiled
+ with "NO_URGENT" defined.
+
+ Fix the client where it was setting/clearing the OPOST
+ bit in the c_lflag field, not the c_oflag field.
+
+ Fix the client where it was setting/clearing the ISTRIP
+ bit in the c_lflag field, not the c_iflag field. (On
+ 4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
+ The client also had its interpretation of WILL BINARY
+ and DO BINARY reversed.
+
+ Fix a bug in client that would cause a core dump when
+ attempting to remove the last environment variable.
+
+ In the client, there were a few places were switch()
+ was being passed a character, and if it was a negative
+ value, it could get sign extended, and not match
+ the 8 bit case statements. The fix is to and the
+ switch value with 0xff.
+
+ Add a couple more printoption() calls in the client, I
+ don't think there are any more places were a telnet
+ command can be received and not printed out when
+ "options" is on.
+
+ A new flag has been added to the client, "-a". Currently,
+ this just causes the USER name to be sent across, in
+ the future this may be used to signify that automatic
+ authentication is requested.
+
+ The USER variable is now only sent by the client if
+ the "-a" or "-l user" options are explicity used, or
+ if the user explicitly asks for the "USER" environment
+ variable to be exported. In the server, if it receives
+ the "USER" environment variable, it won't print out the
+ banner message, so that only "Password:" will be printed.
+ This makes the symantics more like rlogin, and should be
+ more familiar to the user. (People are not used to
+ getting a banner message, and then getting just a
+ "Password:" prompt.)
+
+ Re-vamp the code for starting up the child login
+ process. The code was getting ugly, and it was
+ hard to tell what was really going on. What we
+ do now is after the fork(), in the child:
+ 1) make sure we have no controlling tty
+ 2) open and initialize the tty
+ 3) do a setsid()/setpgrp()
+ 4) makes the tty our controlling tty.
+ On some systems, #2 makes the tty our controlling
+ tty, and #4 is a no-op. The parent process does
+ a gets rid of any controlling tty after the child
+ is fork()ed.
+
+ Use the strdup() library routine in telnet, instead
+ of the local savestr() routine. If you don't have
+ strdup(), you need to define NO_STRDUP.
+
+ Add support for ^T (SIGINFO/VSTATUS), found in the
+ 4.3Reno distribution. This maps to the AYT character.
+ You need a 4-line bugfix in the kernel to get this
+ to work properly:
+
+ > *** tty_pty.c.ORG Tue Sep 11 09:41:53 1990
+ > --- tty_pty.c Tue Sep 11 17:48:03 1990
+ > ***************
+ > *** 609,613 ****
+ > if ((tp->t_lflag&NOFLSH) == 0)
+ > ttyflush(tp, FREAD|FWRITE);
+ > ! pgsignal(tp->t_pgrp, *(unsigned int *)data);
+ > return(0);
+ > }
+ > --- 609,616 ----
+ > if ((tp->t_lflag&NOFLSH) == 0)
+ > ttyflush(tp, FREAD|FWRITE);
+ > ! pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
+ > ! if ((*(unsigned int *)data == SIGINFO) &&
+ > ! ((tp->t_lflag&NOKERNINFO) == 0))
+ > ! ttyinfo(tp);
+ > return(0);
+ > }
+
+ The client is now smarter when setting the telnet escape
+ character; it only sets it to one of VEOL and VEOL2 if
+ one of them is undefined, and the other one is not already
+ defined to the telnet escape character.
+
+ Handle TERMIOS systems that have seperate input and output
+ line speed settings imbedded in the flags.
+
+ Many other minor bug fixes.
+
+June 20, 1990:
+ Re-organize makefiles and source tree. The telnet/Source
+ directory is now gone, and all the source that was in
+ telnet/Source is now just in the telnet directory.
+
+ Seperate makefile for each system are now gone. There
+ are two makefiles, Makefile and Makefile.generic.
+ The "Makefile" has the definitions for the various
+ system, and "Makefile.generic" does all the work.
+ There is a variable called "WHAT" that is used to
+ specify what to make. For example, in the telnet
+ directory, you might say:
+ make 4.4bsd WHAT=clean
+ to clean out the directory.
+
+ Add support for the ENVIRON and XDISPLOC options.
+ In order for the server to work, login has to have
+ the "-p" option to preserve environment variables.
+
+ Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
+
+ Add the "-l user" option to command line and open command
+ (This is passed through the ENVIRON option).
+
+ Add the "-e" command line option, for setting the escape
+ character.
+
+ Add the "-D", diagnostic, option to the server. This allows
+ the server to print out debug information, which is very
+ useful when trying to debug a telnet that doesn't have any
+ debugging ability.
+
+ Turn off the literal next character when not in LINEMODE.
+
+ Don't recognize ^Y locally, just pass it through.
+
+ Make minor modifications for Sun4.0 and Sun4.1
+
+ Add support for both FORW1 and FORW2 characters. The
+ telnet escpape character is set to whichever of the
+ two is not being used. If both are in use, the escape
+ character is not set, so when in linemode the user will
+ have to follow the escape character with a <CR> or <EOF)
+ to get it passed through.
+
+ Commands can now be put in single and double quotes, and
+ a backslash is now an escape character. This is needed
+ for allowing arbitrary strings to be assigned to environment
+ variables.
+
+ Switch telnetd to use macros like telnet for keeping
+ track of the state of all the options.
+
+ Fix telnetd's processing of options so that we always do
+ the right processing of the LINEMODE option, regardless
+ of who initiates the request to turn it on. Also, make
+ sure that if the other side went "WILL ECHO" in response
+ to our "DO ECHO", that we send a "DONT ECHO" to get the
+ option turned back off!
+
+ Fix the TERMIOS setting of the terminal speed to handle both
+ BSD's seperate fields, and the SYSV method of CBAUD bits.
+
+ Change how we deal with the other side refusing to enable
+ an option. The sequence used to be: send DO option; receive
+ WONT option; send DONT option. Now, the sequence is: send
+ DO option; receive WONT option. Both should be valid
+ according to the spec, but there has been at least one
+ client implementation of telnet identified that can get
+ really confused by this. (The exact sequence, from a trace
+ on the server side, is (numbers are number of responses that
+ we expect to get after that line...):
+
+ send WILL ECHO 1 (initial request)
+ send WONT ECHO 2 (server is changing state)
+ recv DO ECHO 1 (first reply, ok. expect DONT ECHO next)
+ send WILL ECHO 2 (server changes state again)
+ recv DONT ECHO 1 (second reply, ok. expect DO ECHO next)
+ recv DONT ECHO 0 (third reply, wrong answer. got DONT!!!)
+ *** send WONT ECHO (send WONT to acknowledge the DONT)
+ send WILL ECHO 1 (ask again to enable option)
+ recv DO ECHO 0
+
+ recv DONT ECHO 0
+ send WONT ECHO 1
+ recv DONT ECHO 0
+ recv DO ECHO 1
+ send WILL ECHO 0
+ (and the last 5 lines loop forever)
+
+ The line with the "***" is last of the WILL/DONT/WONT sequence.
+ The change to the server to not generate that makes this same
+ example become:
+
+ send will ECHO 1
+ send wont ECHO 2
+ recv do ECHO 1
+ send will ECHO 2
+ recv dont ECHO 1
+ recv dont ECHO 0
+ recv do ECHO 1
+ send will ECHO 0
+
+ There is other option negotiation going on, and not sending
+ the third part changes some of the timings, but this specific
+ example no longer gets stuck in a loop. The "telnet.state"
+ file has been modified to reflect this change to the algorithm.
+
+ A bunch of miscellaneous bug fixes and changes to make
+ lint happier.
+
+ This version of telnet also has some KERBEROS stuff in
+ it. This has not been tested, it uses an un-authorized
+ telnet option number, and uses an out-of-date version
+ of the (still being defined) AUTHENTICATION option.
+ There is no support for this code, do not enable it.
+
+
+March 1, 1990:
+CHANGES/BUGFIXES SINCE LAST RELEASE:
+ Some support for IP TOS has been added. Requires that the
+ kernel support the IP_TOS socket option (currently this
+ is only in UNICOS 6.0).
+
+ Both telnet and telnetd now use the cc_t typedef. typedefs are
+ included for systems that don't have it (in termios.h).
+
+ SLC_SUSP was not supported properly before. It is now.
+
+ IAC EOF was not translated properly in telnetd for SYSV_TERMIO
+ when not in linemode. It now saves a copy of the VEOF character,
+ so that when ICANON is turned off and we can't trust it anymore
+ (because it is now the VMIN character) we use the saved value.
+
+ There were two missing "break" commands in the linemode
+ processing code in telnetd.
+
+ Telnetd wasn't setting the kernel window size information
+ properly. It was using the rows for both rows and columns...
+
+Questions/comments go to
+ David Borman
+ Cray Research, Inc.
+ 655F Lone Oak Drive
+ Eagan, MN 55123
+ dab at cray.com.
+
+README: You are reading it.
+
+Config.generic:
+ This file contains all the OS specific definitions. It
+ has pre-definitions for many common system types, and is
+ in standard makefile fromat. See the comments at the top
+ of the file for more information.
+
+Config.local:
+ This is not part of the distribution, but if this file exists,
+ it is used instead of "Config.generic". This allows site
+ specific configuration without having to modify the distributed
+ "Config.generic" file.
+
+kern.diff:
+ This file contains the diffs for the changes needed for the
+ kernel to support LINEMODE is the server. These changes are
+ for a 4.3BSD system. You may need to make some changes for
+ your particular system.
+
+ There is a new bit in the terminal state word, TS_EXTPROC.
+ When this bit is set, several aspects of the terminal driver
+ are disabled. Input line editing, character echo, and
+ mapping of signals are all disabled. This allows the telnetd
+ to turn of these functions when in linemode, but still keep
+ track of what state the user wants the terminal to be in.
+
+ New ioctl()s:
+
+ TIOCEXT Turn on/off the TS_EXTPROC bit
+ TIOCGSTATE Get t_state of tty to look at TS_EXTPROC bit
+ TIOCSIG Generate a signal to processes in the
+ current process group of the pty.
+
+ There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
+ When packet mode is turned on in the pty, and the TS_EXTPROC
+ bit is set, then whenever the state of the pty is changed, the
+ next read on the master side of the pty will have the TIOCPKT_IOCTL
+ bit set, and the data will contain the following:
+ struct xx {
+ struct sgttyb a;
+ struct tchars b;
+ struct ltchars c;
+ int t_state;
+ int t_flags;
+ }
+ This allows the process on the server side of the pty to know
+ when the state of the terminal has changed, and what the new
+ state is.
+
+ However, if you define USE_TERMIO or SYSV_TERMIO, the code will
+ expect that the structure returned in the TIOCPKT_IOCTL is
+ the termio/termios structure.
+
+stty.diff:
+ This file contains the changes needed for the stty(1) program
+ to report on the current status of the TS_EXTPROC bit. It also
+ allows the user to turn on/off the TS_EXTPROC bit. This is useful
+ because it allows the user to say "stty -extproc", and the
+ LINEMODE option will be automatically disabled, and saying "stty
+ extproc" will re-enable the LINEMODE option.
+
+telnet.state:
+ Both the client and server have code in them to deal
+ with option negotiation loops. The algorithm that is
+ used is described in this file.
+
+telnet:
+ This directory contains the client code. No kernel changes are
+ needed to use this code.
+
+telnetd:
+ This directory contains the server code. If LINEMODE or KLUDGELINEMODE
+ are defined, then the kernel modifications listed above are needed.
+
+libtelnet:
+ This directory contains code that is common to both the client
+ and the server.
+
+arpa:
+ This directory has a new <arpa/telnet.h>
+
+libtelnet/Makefile.4.4:
+telnet/Makefile.4.4:
+telnetd/Makefile.4.4:
+ These are the makefiles that can be used on a 4.3Reno
+ system when this software is installed in /usr/src/lib/libtelnet,
+ /usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
+
+
+The following TELNET options are supported:
+
+ LINEMODE:
+ The LINEMODE option is supported as per RFC1116. The
+ FORWARDMASK option is not currently supported.
+
+ BINARY: The client has the ability to turn on/off the BINARY
+ option in each direction. Turning on BINARY from
+ server to client causes the LITOUT bit to get set in
+ the terminal driver on both ends, turning on BINARY
+ from the client to the server causes the PASS8 bit
+ to get set in the terminal driver on both ends.
+
+ TERMINAL-TYPE:
+ This is supported as per RFC1091. On the server side,
+ when a terminal type is received, termcap/terminfo
+ is consulted to determine if it is a known terminal
+ type. It keeps requesting terminal types until it
+ gets one that it recongnizes, or hits the end of the
+ list. The server side looks up the entry in the
+ termcap/terminfo data base, and generates a list of
+ names which it then passes one at a time to each
+ request for a terminal type, duplicating the last
+ entry in the list before cycling back to the beginning.
+
+ NAWS: The Negotiate about Window Size, as per RFC 1073.
+
+ TERMINAL-SPEED:
+ Implemented as per RFC 1079
+
+ TOGGLE-FLOW-CONTROL:
+ Implemented as per RFC 1080
+
+ TIMING-MARK:
+ As per RFC 860
+
+ SGA: As per RFC 858
+
+ ECHO: As per RFC 857
+
+ LOGOUT: As per RFC 727
+
+ STATUS:
+ The server will send its current status upon
+ request. It does not ask for the clients status.
+ The client will request the servers current status
+ from the "send getstatus" command.
+
+ ENVIRON:
+ This option is currently being defined by the IETF
+ Telnet Working Group, and an RFC has not yet been
+ issued, but should be in the near future...
+
+ X-DISPLAY-LOCATION:
+ This functionality can be done through the ENVIRON
+ option, it is added here for completeness.
+
+ AUTHENTICATION:
+ This option is currently being defined by the IETF
+ Telnet Working Group, and an RFC has not yet been
+ issued. The basic framework is pretty much decided,
+ but the definitions for the specific authentication
+ schemes is still in a state of flux.
+
+ ENCRYPTION:
+ This option is currently being defined by the IETF
+ Telnet Working Group, and an RFC has not yet been
+ issued. The draft RFC is still in a state of flux,
+ so this code may change in the future.
Added: vendor-crypto/heimdal/dist/appl/telnet/arpa/telnet.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/arpa/telnet.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/arpa/telnet.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 1983, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)telnet.h 8.2 (Berkeley) 12/15/93
+ */
+
+#ifndef _TELNET_H_
+#define _TELNET_H_
+
+/*
+ * Definitions for the TELNET protocol.
+ */
+#define IAC 255 /* interpret as command: */
+#define DONT 254 /* you are not to use option */
+#define DO 253 /* please, you use option */
+#define WONT 252 /* I won't use option */
+#define WILL 251 /* I will use option */
+#define SB 250 /* interpret as subnegotiation */
+#define GA 249 /* you may reverse the line */
+#define EL 248 /* erase the current line */
+#define EC 247 /* erase the current character */
+#define AYT 246 /* are you there */
+#define AO 245 /* abort output--but let prog finish */
+#define IP 244 /* interrupt process--permanently */
+#define BREAK 243 /* break */
+#define DM 242 /* data mark--for connect. cleaning */
+#define NOP 241 /* nop */
+#define SE 240 /* end sub negotiation */
+#define EOR 239 /* end of record (transparent mode) */
+#define ABORT 238 /* Abort process */
+#define SUSP 237 /* Suspend process */
+#define xEOF 236 /* End of file: EOF is already used... */
+
+#define SYNCH 242 /* for telfunc calls */
+
+#ifdef TELCMDS
+char *telcmds[] = {
+ "EOF", "SUSP", "ABORT", "EOR",
+ "SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
+ "EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
+};
+#else
+extern char *telcmds[];
+#endif
+
+#define TELCMD_FIRST xEOF
+#define TELCMD_LAST IAC
+#define TELCMD_OK(x) ((unsigned int)(x) <= TELCMD_LAST && \
+ (unsigned int)(x) >= TELCMD_FIRST)
+#define TELCMD(x) telcmds[(x)-TELCMD_FIRST]
+
+/* telnet options */
+#define TELOPT_BINARY 0 /* 8-bit data path */
+#define TELOPT_ECHO 1 /* echo */
+#define TELOPT_RCP 2 /* prepare to reconnect */
+#define TELOPT_SGA 3 /* suppress go ahead */
+#define TELOPT_NAMS 4 /* approximate message size */
+#define TELOPT_STATUS 5 /* give status */
+#define TELOPT_TM 6 /* timing mark */
+#define TELOPT_RCTE 7 /* remote controlled transmission and echo */
+#define TELOPT_NAOL 8 /* negotiate about output line width */
+#define TELOPT_NAOP 9 /* negotiate about output page size */
+#define TELOPT_NAOCRD 10 /* negotiate about CR disposition */
+#define TELOPT_NAOHTS 11 /* negotiate about horizontal tabstops */
+#define TELOPT_NAOHTD 12 /* negotiate about horizontal tab disposition */
+#define TELOPT_NAOFFD 13 /* negotiate about formfeed disposition */
+#define TELOPT_NAOVTS 14 /* negotiate about vertical tab stops */
+#define TELOPT_NAOVTD 15 /* negotiate about vertical tab disposition */
+#define TELOPT_NAOLFD 16 /* negotiate about output LF disposition */
+#define TELOPT_XASCII 17 /* extended ascic character set */
+#define TELOPT_LOGOUT 18 /* force logout */
+#define TELOPT_BM 19 /* byte macro */
+#define TELOPT_DET 20 /* data entry terminal */
+#define TELOPT_SUPDUP 21 /* supdup protocol */
+#define TELOPT_SUPDUPOUTPUT 22 /* supdup output */
+#define TELOPT_SNDLOC 23 /* send location */
+#define TELOPT_TTYPE 24 /* terminal type */
+#define TELOPT_EOR 25 /* end or record */
+#define TELOPT_TUID 26 /* TACACS user identification */
+#define TELOPT_OUTMRK 27 /* output marking */
+#define TELOPT_TTYLOC 28 /* terminal location number */
+#define TELOPT_3270REGIME 29 /* 3270 regime */
+#define TELOPT_X3PAD 30 /* X.3 PAD */
+#define TELOPT_NAWS 31 /* window size */
+#define TELOPT_TSPEED 32 /* terminal speed */
+#define TELOPT_LFLOW 33 /* remote flow control */
+#define TELOPT_LINEMODE 34 /* Linemode option */
+#define TELOPT_XDISPLOC 35 /* X Display Location */
+#define TELOPT_OLD_ENVIRON 36 /* Old - Environment variables */
+#define TELOPT_AUTHENTICATION 37/* Authenticate */
+#define TELOPT_ENCRYPT 38 /* Encryption option */
+#define TELOPT_NEW_ENVIRON 39 /* New - Environment variables */
+#define TELOPT_EXOPL 255 /* extended-options-list */
+
+
+#define NTELOPTS (1+TELOPT_NEW_ENVIRON)
+#ifdef TELOPTS
+char *telopts[NTELOPTS+1] = {
+ "BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
+ "STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
+ "NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
+ "NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
+ "DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
+ "SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
+ "TACACS UID", "OUTPUT MARKING", "TTYLOC",
+ "3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
+ "LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
+ "ENCRYPT", "NEW-ENVIRON",
+ 0,
+};
+#define TELOPT_FIRST TELOPT_BINARY
+#define TELOPT_LAST TELOPT_NEW_ENVIRON
+#define TELOPT_OK(x) ((unsigned int)(x) <= TELOPT_LAST)
+#define TELOPT(x) telopts[(x)-TELOPT_FIRST]
+#endif
+
+/* sub-option qualifiers */
+#define TELQUAL_IS 0 /* option is... */
+#define TELQUAL_SEND 1 /* send option */
+#define TELQUAL_INFO 2 /* ENVIRON: informational version of IS */
+#define TELQUAL_REPLY 2 /* AUTHENTICATION: client version of IS */
+#define TELQUAL_NAME 3 /* AUTHENTICATION: client version of IS */
+
+#define LFLOW_OFF 0 /* Disable remote flow control */
+#define LFLOW_ON 1 /* Enable remote flow control */
+#define LFLOW_RESTART_ANY 2 /* Restart output on any char */
+#define LFLOW_RESTART_XON 3 /* Restart output only on XON */
+
+/*
+ * LINEMODE suboptions
+ */
+
+#define LM_MODE 1
+#define LM_FORWARDMASK 2
+#define LM_SLC 3
+
+#define MODE_EDIT 0x01
+#define MODE_TRAPSIG 0x02
+#define MODE_ACK 0x04
+#define MODE_SOFT_TAB 0x08
+#define MODE_LIT_ECHO 0x10
+
+#define MODE_MASK 0x1f
+
+/* Not part of protocol, but needed to simplify things... */
+#define MODE_FLOW 0x0100
+#define MODE_ECHO 0x0200
+#define MODE_INBIN 0x0400
+#define MODE_OUTBIN 0x0800
+#define MODE_FORCE 0x1000
+
+#define SLC_SYNCH 1
+#define SLC_BRK 2
+#define SLC_IP 3
+#define SLC_AO 4
+#define SLC_AYT 5
+#define SLC_EOR 6
+#define SLC_ABORT 7
+#define SLC_EOF 8
+#define SLC_SUSP 9
+#define SLC_EC 10
+#define SLC_EL 11
+#define SLC_EW 12
+#define SLC_RP 13
+#define SLC_LNEXT 14
+#define SLC_XON 15
+#define SLC_XOFF 16
+#define SLC_FORW1 17
+#define SLC_FORW2 18
+
+#define NSLC 18
+
+/*
+ * For backwards compatability, we define SLC_NAMES to be the
+ * list of names if SLC_NAMES is not defined.
+ */
+#define SLC_NAMELIST "0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
+ "ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
+ "LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
+#ifdef SLC_NAMES
+char *slc_names[] = {
+ SLC_NAMELIST
+};
+#else
+extern char *slc_names[];
+#define SLC_NAMES SLC_NAMELIST
+#endif
+
+#define SLC_NAME_OK(x) ((unsigned int)(x) <= NSLC)
+#define SLC_NAME(x) slc_names[x]
+
+#define SLC_NOSUPPORT 0
+#define SLC_CANTCHANGE 1
+#define SLC_VARIABLE 2
+#define SLC_DEFAULT 3
+#define SLC_LEVELBITS 0x03
+
+#define SLC_FUNC 0
+#define SLC_FLAGS 1
+#define SLC_VALUE 2
+
+#define SLC_ACK 0x80
+#define SLC_FLUSHIN 0x40
+#define SLC_FLUSHOUT 0x20
+
+#define OLD_ENV_VAR 1
+#define OLD_ENV_VALUE 0
+#define NEW_ENV_VAR 0
+#define NEW_ENV_VALUE 1
+#define ENV_ESC 2
+#define ENV_USERVAR 3
+
+/*
+ * AUTHENTICATION suboptions
+ */
+
+/*
+ * Who is authenticating who ...
+ */
+#define AUTH_WHO_CLIENT 0 /* Client authenticating server */
+#define AUTH_WHO_SERVER 1 /* Server authenticating client */
+#define AUTH_WHO_MASK 1
+
+/*
+ * amount of authentication done
+ */
+#define AUTH_HOW_ONE_WAY 0
+#define AUTH_HOW_MUTUAL 2
+#define AUTH_HOW_MASK 2
+
+#define AUTHTYPE_NULL 0
+#define AUTHTYPE_KERBEROS_V4 1
+#define AUTHTYPE_KERBEROS_V5 2
+#define AUTHTYPE_SPX 3
+#define AUTHTYPE_MINK 4
+#define AUTHTYPE_SRA 5
+#define AUTHTYPE_CNT 6
+/* #define AUTHTYPE_UNSECURE 6 */
+
+#define AUTHTYPE_TEST 99
+
+#ifdef AUTH_NAMES
+char *authtype_names[] = {
+ "NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK",
+ "SRA", 0,
+};
+#else
+extern char *authtype_names[];
+#endif
+
+#define AUTHTYPE_NAME_OK(x) ((unsigned int)(x) < AUTHTYPE_CNT)
+#define AUTHTYPE_NAME(x) authtype_names[x]
+
+/*
+ * ENCRYPTion suboptions
+ */
+#define ENCRYPT_IS 0 /* I pick encryption type ... */
+#define ENCRYPT_SUPPORT 1 /* I support encryption types ... */
+#define ENCRYPT_REPLY 2 /* Initial setup response */
+#define ENCRYPT_START 3 /* Am starting to send encrypted */
+#define ENCRYPT_END 4 /* Am ending encrypted */
+#define ENCRYPT_REQSTART 5 /* Request you start encrypting */
+#define ENCRYPT_REQEND 6 /* Request you send encrypting */
+#define ENCRYPT_ENC_KEYID 7
+#define ENCRYPT_DEC_KEYID 8
+#define ENCRYPT_CNT 9
+
+#define ENCTYPE_ANY 0
+#define ENCTYPE_DES_CFB64 1
+#define ENCTYPE_DES_OFB64 2
+#define ENCTYPE_CNT 3
+
+#ifdef ENCRYPT_NAMES
+char *encrypt_names[] = {
+ "IS", "SUPPORT", "REPLY", "START", "END",
+ "REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
+ 0,
+};
+char *enctype_names[] = {
+ "ANY", "DES_CFB64", "DES_OFB64", 0,
+};
+#else
+extern char *encrypt_names[];
+extern char *enctype_names[];
+#endif
+
+
+#define ENCRYPT_NAME_OK(x) ((unsigned int)(x) < ENCRYPT_CNT)
+#define ENCRYPT_NAME(x) encrypt_names[x]
+
+#define ENCTYPE_NAME_OK(x) ((unsigned int)(x) < ENCTYPE_CNT)
+#define ENCTYPE_NAME(x) enctype_names[x]
+
+#endif /* !_TELNET_H_ */
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,24 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+
+noinst_LIBRARIES = libtelnet.a
+
+libtelnet_a_SOURCES = \
+ auth-proto.h \
+ auth.c \
+ auth.h \
+ enc-proto.h \
+ enc_des.c \
+ encrypt.c \
+ encrypt.h \
+ genget.c \
+ kerberos.c \
+ kerberos5.c \
+ misc-proto.h \
+ misc.c \
+ misc.h
+
+EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,764 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = appl/telnet/libtelnet
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libtelnet_a_AR = $(AR) $(ARFLAGS)
+libtelnet_a_LIBADD =
+am_libtelnet_a_OBJECTS = auth.$(OBJEXT) enc_des.$(OBJEXT) \
+ encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos.$(OBJEXT) \
+ kerberos5.$(OBJEXT) misc.$(OBJEXT)
+libtelnet_a_OBJECTS = $(am_libtelnet_a_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libtelnet_a_SOURCES)
+DIST_SOURCES = $(libtelnet_a_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_LIBRARIES = libtelnet.a
+libtelnet_a_SOURCES = \
+ auth-proto.h \
+ auth.c \
+ auth.h \
+ enc-proto.h \
+ enc_des.c \
+ encrypt.c \
+ encrypt.h \
+ genget.c \
+ kerberos.c \
+ kerberos5.c \
+ misc-proto.h \
+ misc.c \
+ misc.h
+
+EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/libtelnet/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/telnet/libtelnet/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libtelnet.a: $(libtelnet_a_OBJECTS) $(libtelnet_a_DEPENDENCIES)
+ -rm -f libtelnet.a
+ $(libtelnet_a_AR) libtelnet.a $(libtelnet_a_OBJECTS) $(libtelnet_a_LIBADD)
+ $(RANLIB) libtelnet.a
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LIBRARIES) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth-proto.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth-proto.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth-proto.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)auth-proto.h 8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: auth-proto.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef AUTHENTICATION
+Authenticator *findauthenticator (int, int);
+
+int auth_wait (char *, size_t);
+void auth_disable_name (char *);
+void auth_finished (Authenticator *, int);
+void auth_gen_printsub (unsigned char *, int, unsigned char *, int);
+void auth_init (const char *, int);
+void auth_is (unsigned char *, int);
+void auth_name(unsigned char*, int);
+void auth_reply (unsigned char *, int);
+void auth_request (void);
+void auth_send (unsigned char *, int);
+void auth_send_retry (void);
+void auth_printsub(unsigned char*, int, unsigned char*, int);
+int getauthmask(char *type, int *maskp);
+int auth_enable(char *type);
+int auth_disable(char *type);
+int auth_onoff(char *type, int on);
+int auth_togdebug(int on);
+int auth_status(void);
+int auth_sendname(unsigned char *cp, int len);
+void auth_debug(int mode);
+void auth_gen_printsub(unsigned char *data, int cnt,
+ unsigned char *buf, int buflen);
+
+#ifdef UNSAFE
+int unsafe_init (Authenticator *, int);
+int unsafe_send (Authenticator *);
+void unsafe_is (Authenticator *, unsigned char *, int);
+void unsafe_reply (Authenticator *, unsigned char *, int);
+int unsafe_status (Authenticator *, char *, int);
+void unsafe_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+
+#ifdef SRA
+int sra_init (Authenticator *, int);
+int sra_send (Authenticator *);
+void sra_is (Authenticator *, unsigned char *, int);
+void sra_reply (Authenticator *, unsigned char *, int);
+int sra_status (Authenticator *, char *, int);
+void sra_printsub (unsigned char *, int, unsigned char *, int);
+#endif
+
+#ifdef KRB4
+int kerberos4_init (Authenticator *, int);
+int kerberos4_send_mutual (Authenticator *);
+int kerberos4_send_oneway (Authenticator *);
+void kerberos4_is (Authenticator *, unsigned char *, int);
+void kerberos4_reply (Authenticator *, unsigned char *, int);
+int kerberos4_status (Authenticator *, char *, size_t, int);
+void kerberos4_printsub (unsigned char *, int, unsigned char *, int);
+int kerberos4_forward(Authenticator *ap, void *);
+#endif
+
+#ifdef KRB5
+int kerberos5_init (Authenticator *, int);
+int kerberos5_send_mutual (Authenticator *);
+int kerberos5_send_oneway (Authenticator *);
+void kerberos5_is (Authenticator *, unsigned char *, int);
+void kerberos5_reply (Authenticator *, unsigned char *, int);
+int kerberos5_status (Authenticator *, char *, size_t, int);
+void kerberos5_printsub (unsigned char *, int, unsigned char *, int);
+int kerberos5_set_forward(int);
+int kerberos5_set_forwardable(int);
+#endif
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,660 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <config.h>
+
+RCSID("$Id: auth.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if defined(AUTHENTICATION)
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <signal.h>
+#define AUTH_NAMES
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include <roken.h>
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc-proto.h"
+#include "auth-proto.h"
+
+#define typemask(x) (1<<((x)-1))
+
+#ifdef KRB4_ENCPWD
+extern krb4encpwd_init();
+extern krb4encpwd_send();
+extern krb4encpwd_is();
+extern krb4encpwd_reply();
+extern krb4encpwd_status();
+extern krb4encpwd_printsub();
+#endif
+
+#ifdef RSA_ENCPWD
+extern rsaencpwd_init();
+extern rsaencpwd_send();
+extern rsaencpwd_is();
+extern rsaencpwd_reply();
+extern rsaencpwd_status();
+extern rsaencpwd_printsub();
+#endif
+
+int auth_debug_mode = 0;
+int auth_has_failed = 0;
+int auth_enable_encrypt = 0;
+static const char *Name = "Noname";
+static int Server = 0;
+static Authenticator *authenticated = 0;
+static int authenticating = 0;
+static int validuser = 0;
+static unsigned char _auth_send_data[256];
+static unsigned char *auth_send_data;
+static int auth_send_cnt = 0;
+
+/*
+ * Authentication types supported. Plese note that these are stored
+ * in priority order, i.e. try the first one first.
+ */
+Authenticator authenticators[] = {
+#ifdef UNSAFE
+ { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ unsafe_init,
+ unsafe_send,
+ unsafe_is,
+ unsafe_reply,
+ unsafe_status,
+ unsafe_printsub },
+#endif
+#ifdef SRA
+ { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ sra_init,
+ sra_send,
+ sra_is,
+ sra_reply,
+ sra_status,
+ sra_printsub },
+#endif
+#ifdef SPX
+ { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+ spx_init,
+ spx_send,
+ spx_is,
+ spx_reply,
+ spx_status,
+ spx_printsub },
+ { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ spx_init,
+ spx_send,
+ spx_is,
+ spx_reply,
+ spx_status,
+ spx_printsub },
+#endif
+#ifdef KRB5
+ { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+ kerberos5_init,
+ kerberos5_send_mutual,
+ kerberos5_is,
+ kerberos5_reply,
+ kerberos5_status,
+ kerberos5_printsub },
+ { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ kerberos5_init,
+ kerberos5_send_oneway,
+ kerberos5_is,
+ kerberos5_reply,
+ kerberos5_status,
+ kerberos5_printsub },
+#endif
+#ifdef KRB4
+ { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+ kerberos4_init,
+ kerberos4_send_mutual,
+ kerberos4_is,
+ kerberos4_reply,
+ kerberos4_status,
+ kerberos4_printsub },
+ { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ kerberos4_init,
+ kerberos4_send_oneway,
+ kerberos4_is,
+ kerberos4_reply,
+ kerberos4_status,
+ kerberos4_printsub },
+#endif
+#ifdef KRB4_ENCPWD
+ { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+ krb4encpwd_init,
+ krb4encpwd_send,
+ krb4encpwd_is,
+ krb4encpwd_reply,
+ krb4encpwd_status,
+ krb4encpwd_printsub },
+#endif
+#ifdef RSA_ENCPWD
+ { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
+ rsaencpwd_init,
+ rsaencpwd_send,
+ rsaencpwd_is,
+ rsaencpwd_reply,
+ rsaencpwd_status,
+ rsaencpwd_printsub },
+#endif
+ { 0, },
+};
+
+static Authenticator NoAuth = { 0 };
+
+static int i_support = 0;
+static int i_wont_support = 0;
+
+Authenticator *
+findauthenticator(int type, int way)
+{
+ Authenticator *ap = authenticators;
+
+ while (ap->type && (ap->type != type || ap->way != way))
+ ++ap;
+ return(ap->type ? ap : 0);
+}
+
+void
+auth_init(const char *name, int server)
+{
+ Authenticator *ap = authenticators;
+
+ Server = server;
+ Name = name;
+
+ i_support = 0;
+ authenticated = 0;
+ authenticating = 0;
+ while (ap->type) {
+ if (!ap->init || (*ap->init)(ap, server)) {
+ i_support |= typemask(ap->type);
+ if (auth_debug_mode)
+ printf(">>>%s: I support auth type %d %d\r\n",
+ Name,
+ ap->type, ap->way);
+ }
+ else if (auth_debug_mode)
+ printf(">>>%s: Init failed: auth type %d %d\r\n",
+ Name, ap->type, ap->way);
+ ++ap;
+ }
+}
+
+void
+auth_disable_name(char *name)
+{
+ int x;
+ for (x = 0; x < AUTHTYPE_CNT; ++x) {
+ if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
+ i_wont_support |= typemask(x);
+ break;
+ }
+ }
+}
+
+int
+getauthmask(char *type, int *maskp)
+{
+ int x;
+
+ if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
+ *maskp = -1;
+ return(1);
+ }
+
+ for (x = 1; x < AUTHTYPE_CNT; ++x) {
+ if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
+ *maskp = typemask(x);
+ return(1);
+ }
+ }
+ return(0);
+}
+
+int
+auth_enable(char *type)
+{
+ return(auth_onoff(type, 1));
+}
+
+int
+auth_disable(char *type)
+{
+ return(auth_onoff(type, 0));
+}
+
+int
+auth_onoff(char *type, int on)
+{
+ int i, mask = -1;
+ Authenticator *ap;
+
+ if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
+ printf("auth %s 'type'\n", on ? "enable" : "disable");
+ printf("Where 'type' is one of:\n");
+ printf("\t%s\n", AUTHTYPE_NAME(0));
+ mask = 0;
+ for (ap = authenticators; ap->type; ap++) {
+ if ((mask & (i = typemask(ap->type))) != 0)
+ continue;
+ mask |= i;
+ printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+ }
+ return(0);
+ }
+
+ if (!getauthmask(type, &mask)) {
+ printf("%s: invalid authentication type\n", type);
+ return(0);
+ }
+ if (on)
+ i_wont_support &= ~mask;
+ else
+ i_wont_support |= mask;
+ return(1);
+}
+
+int
+auth_togdebug(int on)
+{
+ if (on < 0)
+ auth_debug_mode ^= 1;
+ else
+ auth_debug_mode = on;
+ printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
+ return(1);
+}
+
+int
+auth_status(void)
+{
+ Authenticator *ap;
+ int i, mask;
+
+ if (i_wont_support == -1)
+ printf("Authentication disabled\n");
+ else
+ printf("Authentication enabled\n");
+
+ mask = 0;
+ for (ap = authenticators; ap->type; ap++) {
+ if ((mask & (i = typemask(ap->type))) != 0)
+ continue;
+ mask |= i;
+ printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
+ (i_wont_support & typemask(ap->type)) ?
+ "disabled" : "enabled");
+ }
+ return(1);
+}
+
+/*
+ * This routine is called by the server to start authentication
+ * negotiation.
+ */
+void
+auth_request(void)
+{
+ static unsigned char str_request[64] = { IAC, SB,
+ TELOPT_AUTHENTICATION,
+ TELQUAL_SEND, };
+ Authenticator *ap = authenticators;
+ unsigned char *e = str_request + 4;
+
+ if (!authenticating) {
+ authenticating = 1;
+ while (ap->type) {
+ if (i_support & ~i_wont_support & typemask(ap->type)) {
+ if (auth_debug_mode) {
+ printf(">>>%s: Sending type %d %d\r\n",
+ Name, ap->type, ap->way);
+ }
+ *e++ = ap->type;
+ *e++ = ap->way;
+ }
+ ++ap;
+ }
+ *e++ = IAC;
+ *e++ = SE;
+ telnet_net_write(str_request, e - str_request);
+ printsub('>', &str_request[2], e - str_request - 2);
+ }
+}
+
+/*
+ * This is called when an AUTH SEND is received.
+ * It should never arrive on the server side (as only the server can
+ * send an AUTH SEND).
+ * You should probably respond to it if you can...
+ *
+ * If you want to respond to the types out of order (i.e. even
+ * if he sends LOGIN KERBEROS and you support both, you respond
+ * with KERBEROS instead of LOGIN (which is against what the
+ * protocol says)) you will have to hack this code...
+ */
+void
+auth_send(unsigned char *data, int cnt)
+{
+ Authenticator *ap;
+ static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
+ TELQUAL_IS, AUTHTYPE_NULL, 0,
+ IAC, SE };
+ if (Server) {
+ if (auth_debug_mode) {
+ printf(">>>%s: auth_send called!\r\n", Name);
+ }
+ return;
+ }
+
+ if (auth_debug_mode) {
+ printf(">>>%s: auth_send got:", Name);
+ printd(data, cnt); printf("\r\n");
+ }
+
+ /*
+ * Save the data, if it is new, so that we can continue looking
+ * at it if the authorization we try doesn't work
+ */
+ if (data < _auth_send_data ||
+ data > _auth_send_data + sizeof(_auth_send_data)) {
+ auth_send_cnt = cnt > sizeof(_auth_send_data)
+ ? sizeof(_auth_send_data)
+ : cnt;
+ memmove(_auth_send_data, data, auth_send_cnt);
+ auth_send_data = _auth_send_data;
+ } else {
+ /*
+ * This is probably a no-op, but we just make sure
+ */
+ auth_send_data = data;
+ auth_send_cnt = cnt;
+ }
+ while ((auth_send_cnt -= 2) >= 0) {
+ if (auth_debug_mode)
+ printf(">>>%s: He supports %d\r\n",
+ Name, *auth_send_data);
+ if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
+ ap = findauthenticator(auth_send_data[0],
+ auth_send_data[1]);
+ if (ap && ap->send) {
+ if (auth_debug_mode)
+ printf(">>>%s: Trying %d %d\r\n",
+ Name, auth_send_data[0],
+ auth_send_data[1]);
+ if ((*ap->send)(ap)) {
+ /*
+ * Okay, we found one we like
+ * and did it.
+ * we can go home now.
+ */
+ if (auth_debug_mode)
+ printf(">>>%s: Using type %d\r\n",
+ Name, *auth_send_data);
+ auth_send_data += 2;
+ return;
+ }
+ }
+ /* else
+ * just continue on and look for the
+ * next one if we didn't do anything.
+ */
+ }
+ auth_send_data += 2;
+ }
+ telnet_net_write(str_none, sizeof(str_none));
+ printsub('>', &str_none[2], sizeof(str_none) - 2);
+ if (auth_debug_mode)
+ printf(">>>%s: Sent failure message\r\n", Name);
+ auth_finished(0, AUTH_REJECT);
+ auth_has_failed = 1;
+#ifdef KANNAN
+ /*
+ * We requested strong authentication, however no mechanisms worked.
+ * Therefore, exit on client end.
+ */
+ printf("Unable to securely authenticate user ... exit\n");
+ exit(0);
+#endif /* KANNAN */
+}
+
+void
+auth_send_retry(void)
+{
+ /*
+ * if auth_send_cnt <= 0 then auth_send will end up rejecting
+ * the authentication and informing the other side of this.
+ */
+ auth_send(auth_send_data, auth_send_cnt);
+}
+
+void
+auth_is(unsigned char *data, int cnt)
+{
+ Authenticator *ap;
+
+ if (cnt < 2)
+ return;
+
+ if (data[0] == AUTHTYPE_NULL) {
+ auth_finished(0, AUTH_REJECT);
+ return;
+ }
+
+ if ((ap = findauthenticator(data[0], data[1]))) {
+ if (ap->is)
+ (*ap->is)(ap, data+2, cnt-2);
+ } else if (auth_debug_mode)
+ printf(">>>%s: Invalid authentication in IS: %d\r\n",
+ Name, *data);
+}
+
+void
+auth_reply(unsigned char *data, int cnt)
+{
+ Authenticator *ap;
+
+ if (cnt < 2)
+ return;
+
+ if ((ap = findauthenticator(data[0], data[1]))) {
+ if (ap->reply)
+ (*ap->reply)(ap, data+2, cnt-2);
+ } else if (auth_debug_mode)
+ printf(">>>%s: Invalid authentication in SEND: %d\r\n",
+ Name, *data);
+}
+
+void
+auth_name(unsigned char *data, int cnt)
+{
+ char savename[256];
+
+ if (cnt < 1) {
+ if (auth_debug_mode)
+ printf(">>>%s: Empty name in NAME\r\n", Name);
+ return;
+ }
+ if (cnt > sizeof(savename) - 1) {
+ if (auth_debug_mode)
+ printf(">>>%s: Name in NAME (%d) exceeds %lu length\r\n",
+ Name, cnt, (unsigned long)(sizeof(savename)-1));
+ return;
+ }
+ memmove(savename, data, cnt);
+ savename[cnt] = '\0'; /* Null terminate */
+ if (auth_debug_mode)
+ printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
+ auth_encrypt_user(savename);
+}
+
+int
+auth_sendname(unsigned char *cp, int len)
+{
+ static unsigned char str_request[256+6]
+ = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
+ unsigned char *e = str_request + 4;
+ unsigned char *ee = &str_request[sizeof(str_request)-2];
+
+ while (--len >= 0) {
+ if ((*e++ = *cp++) == IAC)
+ *e++ = IAC;
+ if (e >= ee)
+ return(0);
+ }
+ *e++ = IAC;
+ *e++ = SE;
+ telnet_net_write(str_request, e - str_request);
+ printsub('>', &str_request[2], e - &str_request[2]);
+ return(1);
+}
+
+void
+auth_finished(Authenticator *ap, int result)
+{
+ if (!(authenticated = ap))
+ authenticated = &NoAuth;
+ validuser = result;
+}
+
+/* ARGSUSED */
+static void
+auth_intr(int sig)
+{
+ auth_finished(0, AUTH_REJECT);
+}
+
+int
+auth_wait(char *name, size_t name_sz)
+{
+ if (auth_debug_mode)
+ printf(">>>%s: in auth_wait.\r\n", Name);
+
+ if (Server && !authenticating)
+ return(0);
+
+ signal(SIGALRM, auth_intr);
+ alarm(30);
+ while (!authenticated)
+ if (telnet_spin())
+ break;
+ alarm(0);
+ signal(SIGALRM, SIG_DFL);
+
+ /*
+ * Now check to see if the user is valid or not
+ */
+ if (!authenticated || authenticated == &NoAuth)
+ return(AUTH_REJECT);
+
+ if (validuser == AUTH_VALID)
+ validuser = AUTH_USER;
+
+ if (authenticated->status)
+ validuser = (*authenticated->status)(authenticated,
+ name, name_sz,
+ validuser);
+ return(validuser);
+}
+
+void
+auth_debug(int mode)
+{
+ auth_debug_mode = mode;
+}
+
+void
+auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+ Authenticator *ap;
+
+ if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
+ (*ap->printsub)(data, cnt, buf, buflen);
+ else
+ auth_gen_printsub(data, cnt, buf, buflen);
+}
+
+void
+auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+ unsigned char *cp;
+ unsigned char tbuf[16];
+
+ cnt -= 3;
+ data += 3;
+ buf[buflen-1] = '\0';
+ buf[buflen-2] = '*';
+ buflen -= 2;
+ for (; cnt > 0; cnt--, data++) {
+ snprintf((char*)tbuf, sizeof(tbuf), " %d", *data);
+ for (cp = tbuf; *cp && buflen > 0; --buflen)
+ *buf++ = *cp++;
+ if (buflen <= 0)
+ return;
+ }
+ *buf = '\0';
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/auth.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)auth.h 8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: auth.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __AUTH__
+#define __AUTH__
+
+#define AUTH_REJECT 0 /* Rejected */
+#define AUTH_UNKNOWN 1 /* We don't know who he is, but he's okay */
+#define AUTH_OTHER 2 /* We know him, but not his name */
+#define AUTH_USER 3 /* We know he name */
+#define AUTH_VALID 4 /* We know him, and he needs no password */
+
+typedef struct XauthP {
+ int type;
+ int way;
+ int (*init) (struct XauthP *, int);
+ int (*send) (struct XauthP *);
+ void (*is) (struct XauthP *, unsigned char *, int);
+ void (*reply) (struct XauthP *, unsigned char *, int);
+ int (*status) (struct XauthP *, char *, size_t, int);
+ void (*printsub) (unsigned char *, int, unsigned char *, int);
+} Authenticator;
+
+#include "auth-proto.h"
+
+extern int auth_debug_mode;
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc-proto.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc-proto.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc-proto.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,133 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)enc-proto.h 8.1 (Berkeley) 6/4/93
+ *
+ * @(#)enc-proto.h 5.2 (Berkeley) 3/22/91
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: enc-proto.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#if defined(ENCRYPTION)
+Encryptions *findencryption (int);
+Encryptions *finddecryption(int);
+int EncryptAutoDec(int);
+int EncryptAutoEnc(int);
+int EncryptDebug(int);
+int EncryptDisable(char*, char*);
+int EncryptEnable(char*, char*);
+int EncryptStart(char*);
+int EncryptStartInput(void);
+int EncryptStartOutput(void);
+int EncryptStatus(void);
+int EncryptStop(char*);
+int EncryptStopInput(void);
+int EncryptStopOutput(void);
+int EncryptType(char*, char*);
+int EncryptVerbose(int);
+void decrypt_auto(int);
+void encrypt_auto(int);
+void encrypt_debug(int);
+void encrypt_dec_keyid(unsigned char*, int);
+void encrypt_display(void);
+void encrypt_enc_keyid(unsigned char*, int);
+void encrypt_end(void);
+void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int);
+void encrypt_init(const char*, int);
+void encrypt_is(unsigned char*, int);
+void encrypt_list_types(void);
+void encrypt_not(void);
+void encrypt_printsub(unsigned char*, int, unsigned char*, int);
+void encrypt_reply(unsigned char*, int);
+void encrypt_request_end(void);
+void encrypt_request_start(unsigned char*, int);
+void encrypt_send_end(void);
+void encrypt_send_keyid(int, unsigned char*, int, int);
+void encrypt_send_request_end(void);
+int encrypt_is_encrypting(void);
+void encrypt_send_request_start(void);
+void encrypt_send_support(void);
+void encrypt_session_key(Session_Key*, int);
+void encrypt_start(unsigned char*, int);
+void encrypt_start_output(int);
+void encrypt_support(unsigned char*, int);
+void encrypt_verbose_quiet(int);
+void encrypt_wait(void);
+int encrypt_delay(void);
+
+#ifdef TELENTD
+void encrypt_wait (void);
+#else
+void encrypt_display (void);
+#endif
+
+void cfb64_encrypt (unsigned char *, int);
+int cfb64_decrypt (int);
+void cfb64_init (int);
+int cfb64_start (int, int);
+int cfb64_is (unsigned char *, int);
+int cfb64_reply (unsigned char *, int);
+void cfb64_session (Session_Key *, int);
+int cfb64_keyid (int, unsigned char *, int *);
+void cfb64_printsub (unsigned char *, int, unsigned char *, int);
+
+void ofb64_encrypt (unsigned char *, int);
+int ofb64_decrypt (int);
+void ofb64_init (int);
+int ofb64_start (int, int);
+int ofb64_is (unsigned char *, int);
+int ofb64_reply (unsigned char *, int);
+void ofb64_session (Session_Key *, int);
+int ofb64_keyid (int, unsigned char *, int *);
+void ofb64_printsub (unsigned char *, int, unsigned char *, int);
+
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc_des.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc_des.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/enc_des.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,674 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: enc_des.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
+#include <arpa/telnet.h>
+#include <stdio.h>
+#ifdef __STDC__
+#include <stdlib.h>
+#include <string.h>
+#endif
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "misc-proto.h"
+
+#include "crypto-headers.h"
+
+extern int encrypt_debug_mode;
+
+#define CFB 0
+#define OFB 1
+
+#define NO_SEND_IV 1
+#define NO_RECV_IV 2
+#define NO_KEYID 4
+#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)
+#define SUCCESS 0
+#define FAILED -1
+
+
+struct stinfo {
+ DES_cblock str_output;
+ DES_cblock str_feed;
+ DES_cblock str_iv;
+ DES_cblock str_ikey;
+ DES_key_schedule str_sched;
+ int str_index;
+ int str_flagshift;
+};
+
+struct fb {
+ DES_cblock krbdes_key;
+ DES_key_schedule krbdes_sched;
+ DES_cblock temp_feed;
+ unsigned char fb_feed[64];
+ int need_start;
+ int state[2];
+ int keyid[2];
+ int once;
+ struct stinfo streams[2];
+};
+
+static struct fb fb[2];
+
+struct keyidlist {
+ char *keyid;
+ int keyidlen;
+ char *key;
+ int keylen;
+ int flags;
+} keyidlist [] = {
+ { "\0", 1, 0, 0, 0 }, /* default key of zero */
+ { 0, 0, 0, 0, 0 }
+};
+
+#define KEYFLAG_MASK 03
+
+#define KEYFLAG_NOINIT 00
+#define KEYFLAG_INIT 01
+#define KEYFLAG_OK 02
+#define KEYFLAG_BAD 03
+
+#define KEYFLAG_SHIFT 2
+
+#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))
+
+#define FB64_IV 1
+#define FB64_IV_OK 2
+#define FB64_IV_BAD 3
+
+
+void fb64_stream_iv (DES_cblock, struct stinfo *);
+void fb64_init (struct fb *);
+static int fb64_start (struct fb *, int, int);
+int fb64_is (unsigned char *, int, struct fb *);
+int fb64_reply (unsigned char *, int, struct fb *);
+static void fb64_session (Session_Key *, int, struct fb *);
+void fb64_stream_key (DES_cblock, struct stinfo *);
+int fb64_keyid (int, unsigned char *, int *, struct fb *);
+void fb64_printsub(unsigned char *, int ,
+ unsigned char *, int , char *);
+
+void cfb64_init(int server)
+{
+ fb64_init(&fb[CFB]);
+ fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
+ fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
+ fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
+}
+
+
+void ofb64_init(int server)
+{
+ fb64_init(&fb[OFB]);
+ fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
+ fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
+ fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
+}
+
+void fb64_init(struct fb *fbp)
+{
+ memset(fbp,0, sizeof(*fbp));
+ fbp->state[0] = fbp->state[1] = FAILED;
+ fbp->fb_feed[0] = IAC;
+ fbp->fb_feed[1] = SB;
+ fbp->fb_feed[2] = TELOPT_ENCRYPT;
+ fbp->fb_feed[3] = ENCRYPT_IS;
+}
+
+/*
+ * Returns:
+ * -1: some error. Negotiation is done, encryption not ready.
+ * 0: Successful, initial negotiation all done.
+ * 1: successful, negotiation not done yet.
+ * 2: Not yet. Other things (like getting the key from
+ * Kerberos) have to happen before we can continue.
+ */
+int cfb64_start(int dir, int server)
+{
+ return(fb64_start(&fb[CFB], dir, server));
+}
+
+int ofb64_start(int dir, int server)
+{
+ return(fb64_start(&fb[OFB], dir, server));
+}
+
+static int fb64_start(struct fb *fbp, int dir, int server)
+{
+ int x;
+ unsigned char *p;
+ int state;
+
+ switch (dir) {
+ case DIR_DECRYPT:
+ /*
+ * This is simply a request to have the other side
+ * start output (our input). He will negotiate an
+ * IV so we need not look for it.
+ */
+ state = fbp->state[dir-1];
+ if (state == FAILED)
+ state = IN_PROGRESS;
+ break;
+
+ case DIR_ENCRYPT:
+ state = fbp->state[dir-1];
+ if (state == FAILED)
+ state = IN_PROGRESS;
+ else if ((state & NO_SEND_IV) == 0) {
+ break;
+ }
+
+ if (!VALIDKEY(fbp->krbdes_key)) {
+ fbp->need_start = 1;
+ break;
+ }
+
+ state &= ~NO_SEND_IV;
+ state |= NO_RECV_IV;
+ if (encrypt_debug_mode)
+ printf("Creating new feed\r\n");
+ /*
+ * Create a random feed and send it over.
+ */
+#ifndef OLD_DES_RANDOM_KEY
+ DES_random_key(&fbp->temp_feed);
+#else
+ /*
+ * From des_cryp.man "If the des_check_key flag is non-zero,
+ * des_set_key will check that the key passed is
+ * of odd parity and is not a week or semi-weak key."
+ */
+ do {
+ DES_random_key(fbp->temp_feed);
+ DES_set_odd_parity(fbp->temp_feed);
+ } while (DES_is_weak_key(fbp->temp_feed));
+#endif
+ DES_ecb_encrypt(&fbp->temp_feed,
+ &fbp->temp_feed,
+ &fbp->krbdes_sched, 1);
+ p = fbp->fb_feed + 3;
+ *p++ = ENCRYPT_IS;
+ p++;
+ *p++ = FB64_IV;
+ for (x = 0; x < sizeof(DES_cblock); ++x) {
+ if ((*p++ = fbp->temp_feed[x]) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+ telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+ break;
+ default:
+ return(FAILED);
+ }
+ return(fbp->state[dir-1] = state);
+}
+
+/*
+ * Returns:
+ * -1: some error. Negotiation is done, encryption not ready.
+ * 0: Successful, initial negotiation all done.
+ * 1: successful, negotiation not done yet.
+ */
+
+int cfb64_is(unsigned char *data, int cnt)
+{
+ return(fb64_is(data, cnt, &fb[CFB]));
+}
+
+int ofb64_is(unsigned char *data, int cnt)
+{
+ return(fb64_is(data, cnt, &fb[OFB]));
+}
+
+
+int fb64_is(unsigned char *data, int cnt, struct fb *fbp)
+{
+ unsigned char *p;
+ int state = fbp->state[DIR_DECRYPT-1];
+
+ if (cnt-- < 1)
+ goto failure;
+
+ switch (*data++) {
+ case FB64_IV:
+ if (cnt != sizeof(DES_cblock)) {
+ if (encrypt_debug_mode)
+ printf("CFB64: initial vector failed on size\r\n");
+ state = FAILED;
+ goto failure;
+ }
+
+ if (encrypt_debug_mode)
+ printf("CFB64: initial vector received\r\n");
+
+ if (encrypt_debug_mode)
+ printf("Initializing Decrypt stream\r\n");
+
+ fb64_stream_iv(data, &fbp->streams[DIR_DECRYPT-1]);
+
+ p = fbp->fb_feed + 3;
+ *p++ = ENCRYPT_REPLY;
+ p++;
+ *p++ = FB64_IV_OK;
+ *p++ = IAC;
+ *p++ = SE;
+ printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+ telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+ state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
+ break;
+
+ default:
+ if (encrypt_debug_mode) {
+ printf("Unknown option type: %d\r\n", *(data-1));
+ printd(data, cnt);
+ printf("\r\n");
+ }
+ /* FALL THROUGH */
+ failure:
+ /*
+ * We failed. Send an FB64_IV_BAD option
+ * to the other side so it will know that
+ * things failed.
+ */
+ p = fbp->fb_feed + 3;
+ *p++ = ENCRYPT_REPLY;
+ p++;
+ *p++ = FB64_IV_BAD;
+ *p++ = IAC;
+ *p++ = SE;
+ printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
+ telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
+
+ break;
+ }
+ return(fbp->state[DIR_DECRYPT-1] = state);
+}
+
+/*
+ * Returns:
+ * -1: some error. Negotiation is done, encryption not ready.
+ * 0: Successful, initial negotiation all done.
+ * 1: successful, negotiation not done yet.
+ */
+
+int cfb64_reply(unsigned char *data, int cnt)
+{
+ return(fb64_reply(data, cnt, &fb[CFB]));
+}
+
+int ofb64_reply(unsigned char *data, int cnt)
+{
+ return(fb64_reply(data, cnt, &fb[OFB]));
+}
+
+
+int fb64_reply(unsigned char *data, int cnt, struct fb *fbp)
+{
+ int state = fbp->state[DIR_ENCRYPT-1];
+
+ if (cnt-- < 1)
+ goto failure;
+
+ switch (*data++) {
+ case FB64_IV_OK:
+ fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+ if (state == FAILED)
+ state = IN_PROGRESS;
+ state &= ~NO_RECV_IV;
+ encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
+ break;
+
+ case FB64_IV_BAD:
+ memset(fbp->temp_feed, 0, sizeof(DES_cblock));
+ fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
+ state = FAILED;
+ break;
+
+ default:
+ if (encrypt_debug_mode) {
+ printf("Unknown option type: %d\r\n", data[-1]);
+ printd(data, cnt);
+ printf("\r\n");
+ }
+ /* FALL THROUGH */
+ failure:
+ state = FAILED;
+ break;
+ }
+ return(fbp->state[DIR_ENCRYPT-1] = state);
+}
+
+void cfb64_session(Session_Key *key, int server)
+{
+ fb64_session(key, server, &fb[CFB]);
+}
+
+void ofb64_session(Session_Key *key, int server)
+{
+ fb64_session(key, server, &fb[OFB]);
+}
+
+static void fb64_session(Session_Key *key, int server, struct fb *fbp)
+{
+
+ if (!key || key->type != SK_DES) {
+ if (encrypt_debug_mode)
+ printf("Can't set krbdes's session key (%d != %d)\r\n",
+ key ? key->type : -1, SK_DES);
+ return;
+ }
+ memcpy(fbp->krbdes_key, key->data, sizeof(DES_cblock));
+
+ fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
+ fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
+
+ if (fbp->once == 0) {
+#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL)
+ DES_init_random_number_generator(&fbp->krbdes_key);
+#endif
+ fbp->once = 1;
+ }
+ DES_set_key_checked((DES_cblock *)&fbp->krbdes_key,
+ &fbp->krbdes_sched);
+ /*
+ * Now look to see if krbdes_start() was was waiting for
+ * the key to show up. If so, go ahead an call it now
+ * that we have the key.
+ */
+ if (fbp->need_start) {
+ fbp->need_start = 0;
+ fb64_start(fbp, DIR_ENCRYPT, server);
+ }
+}
+
+/*
+ * We only accept a keyid of 0. If we get a keyid of
+ * 0, then mark the state as SUCCESS.
+ */
+
+int cfb64_keyid(int dir, unsigned char *kp, int *lenp)
+{
+ return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
+}
+
+int ofb64_keyid(int dir, unsigned char *kp, int *lenp)
+{
+ return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
+}
+
+int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp)
+{
+ int state = fbp->state[dir-1];
+
+ if (*lenp != 1 || (*kp != '\0')) {
+ *lenp = 0;
+ return(state);
+ }
+
+ if (state == FAILED)
+ state = IN_PROGRESS;
+
+ state &= ~NO_KEYID;
+
+ return(fbp->state[dir-1] = state);
+}
+
+void fb64_printsub(unsigned char *data, int cnt,
+ unsigned char *buf, int buflen, char *type)
+{
+ char lbuf[32];
+ int i;
+ char *cp;
+
+ buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
+ buflen -= 1;
+
+ switch(data[2]) {
+ case FB64_IV:
+ snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
+ cp = lbuf;
+ goto common;
+
+ case FB64_IV_OK:
+ snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
+ cp = lbuf;
+ goto common;
+
+ case FB64_IV_BAD:
+ snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
+ cp = lbuf;
+ goto common;
+
+ default:
+ snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
+ cp = lbuf;
+ common:
+ for (; (buflen > 0) && (*buf = *cp++); buf++)
+ buflen--;
+ for (i = 3; i < cnt; i++) {
+ snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
+ for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
+ buflen--;
+ }
+ break;
+ }
+}
+
+void cfb64_printsub(unsigned char *data, int cnt,
+ unsigned char *buf, int buflen)
+{
+ fb64_printsub(data, cnt, buf, buflen, "CFB64");
+}
+
+void ofb64_printsub(unsigned char *data, int cnt,
+ unsigned char *buf, int buflen)
+{
+ fb64_printsub(data, cnt, buf, buflen, "OFB64");
+}
+
+void fb64_stream_iv(DES_cblock seed, struct stinfo *stp)
+{
+
+ memcpy(stp->str_iv, seed,sizeof(DES_cblock));
+ memcpy(stp->str_output, seed, sizeof(DES_cblock));
+
+ DES_set_key_checked(&stp->str_ikey, &stp->str_sched);
+
+ stp->str_index = sizeof(DES_cblock);
+}
+
+void fb64_stream_key(DES_cblock key, struct stinfo *stp)
+{
+ memcpy(stp->str_ikey, key, sizeof(DES_cblock));
+ DES_set_key_checked((DES_cblock*)key, &stp->str_sched);
+
+ memcpy(stp->str_output, stp->str_iv, sizeof(DES_cblock));
+
+ stp->str_index = sizeof(DES_cblock);
+}
+
+/*
+ * DES 64 bit Cipher Feedback
+ *
+ * key --->+-----+
+ * +->| DES |--+
+ * | +-----+ |
+ * | v
+ * INPUT --(--------->(+)+---> DATA
+ * | |
+ * +-------------+
+ *
+ *
+ * Given:
+ * iV: Initial vector, 64 bits (8 bytes) long.
+ * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ * V0 = DES(iV, key)
+ * On = Dn ^ Vn
+ * V(n+1) = DES(On, key)
+ */
+
+void cfb64_encrypt(unsigned char *s, int c)
+{
+ struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
+ int index;
+
+ index = stp->str_index;
+ while (c-- > 0) {
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_output, &b,&stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
+ index = 0;
+ }
+
+ /* On encryption, we store (feed ^ data) which is cypher */
+ *s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
+ s++;
+ index++;
+ }
+ stp->str_index = index;
+}
+
+int cfb64_decrypt(int data)
+{
+ struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
+ int index;
+
+ if (data == -1) {
+ /*
+ * Back up one byte. It is assumed that we will
+ * never back up more than one byte. If we do, this
+ * may or may not work.
+ */
+ if (stp->str_index)
+ --stp->str_index;
+ return(0);
+ }
+
+ index = stp->str_index++;
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
+ stp->str_index = 1; /* Next time will be 1 */
+ index = 0; /* But now use 0 */
+ }
+
+ /* On decryption we store (data) which is cypher. */
+ stp->str_output[index] = data;
+ return(data ^ stp->str_feed[index]);
+}
+
+/*
+ * DES 64 bit Output Feedback
+ *
+ * key --->+-----+
+ * +->| DES |--+
+ * | +-----+ |
+ * +-----------+
+ * v
+ * INPUT -------->(+) ----> DATA
+ *
+ * Given:
+ * iV: Initial vector, 64 bits (8 bytes) long.
+ * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
+ * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
+ *
+ * V0 = DES(iV, key)
+ * V(n+1) = DES(Vn, key)
+ * On = Dn ^ Vn
+ */
+
+void ofb64_encrypt(unsigned char *s, int c)
+{
+ struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
+ int index;
+
+ index = stp->str_index;
+ while (c-- > 0) {
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_feed,&b, &stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
+ index = 0;
+ }
+ *s++ ^= stp->str_feed[index];
+ index++;
+ }
+ stp->str_index = index;
+}
+
+int ofb64_decrypt(int data)
+{
+ struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
+ int index;
+
+ if (data == -1) {
+ /*
+ * Back up one byte. It is assumed that we will
+ * never back up more than one byte. If we do, this
+ * may or may not work.
+ */
+ if (stp->str_index)
+ --stp->str_index;
+ return(0);
+ }
+
+ index = stp->str_index++;
+ if (index == sizeof(DES_cblock)) {
+ DES_cblock b;
+ DES_ecb_encrypt(&stp->str_feed,&b,&stp->str_sched, 1);
+ memcpy(stp->str_feed, b, sizeof(DES_cblock));
+ stp->str_index = 1; /* Next time will be 1 */
+ index = 0; /* But now use 0 */
+ }
+
+ return(data ^ stp->str_feed[index]);
+}
+#endif
+
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1005 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include <config.h>
+
+RCSID("$Id: encrypt.c,v 1.3 2012-08-26 15:31:23 laffer1 Exp $");
+
+#if defined(ENCRYPTION)
+
+#define ENCRYPT_NAMES
+#include <arpa/telnet.h>
+
+#include "encrypt.h"
+#include "misc.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+/*
+ * These functions pointers point to the current routines
+ * for encrypting and decrypting data.
+ */
+void (*encrypt_output) (unsigned char *, int);
+int (*decrypt_input) (int);
+char *nclearto;
+
+int encrypt_debug_mode = 0;
+static int decrypt_mode = 0;
+static int encrypt_mode = 0;
+static int encrypt_verbose = 0;
+static int autoencrypt = 0;
+static int autodecrypt = 0;
+static int havesessionkey = 0;
+static int Server = 0;
+static const char *Name = "Noname";
+
+#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
+
+static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
+ | typemask(ENCTYPE_DES_OFB64);
+ static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
+ | typemask(ENCTYPE_DES_OFB64);
+ static long i_wont_support_encrypt = 0;
+ static long i_wont_support_decrypt = 0;
+#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
+#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
+
+ static long remote_supports_encrypt = 0;
+ static long remote_supports_decrypt = 0;
+
+ static Encryptions encryptions[] = {
+#if defined(DES_ENCRYPTION)
+ { "DES_CFB64", ENCTYPE_DES_CFB64,
+ cfb64_encrypt,
+ cfb64_decrypt,
+ cfb64_init,
+ cfb64_start,
+ cfb64_is,
+ cfb64_reply,
+ cfb64_session,
+ cfb64_keyid,
+ cfb64_printsub },
+ { "DES_OFB64", ENCTYPE_DES_OFB64,
+ ofb64_encrypt,
+ ofb64_decrypt,
+ ofb64_init,
+ ofb64_start,
+ ofb64_is,
+ ofb64_reply,
+ ofb64_session,
+ ofb64_keyid,
+ ofb64_printsub },
+#endif
+ { 0, },
+ };
+
+static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
+ ENCRYPT_SUPPORT };
+static unsigned char str_suplen = 0;
+static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
+static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
+
+Encryptions *
+findencryption(int type)
+{
+ Encryptions *ep = encryptions;
+
+ if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
+ return(0);
+ while (ep->type && ep->type != type)
+ ++ep;
+ return(ep->type ? ep : 0);
+}
+
+Encryptions *
+finddecryption(int type)
+{
+ Encryptions *ep = encryptions;
+
+ if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
+ return(0);
+ while (ep->type && ep->type != type)
+ ++ep;
+ return(ep->type ? ep : 0);
+}
+
+#define MAXKEYLEN 64
+
+static struct key_info {
+ unsigned char keyid[MAXKEYLEN];
+ int keylen;
+ int dir;
+ int *modep;
+ Encryptions *(*getcrypt)();
+} ki[2] = {
+ { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
+ { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
+};
+
+void
+encrypt_init(const char *name, int server)
+{
+ Encryptions *ep = encryptions;
+
+ Name = name;
+ Server = server;
+ i_support_encrypt = i_support_decrypt = 0;
+ remote_supports_encrypt = remote_supports_decrypt = 0;
+ encrypt_mode = 0;
+ decrypt_mode = 0;
+ encrypt_output = 0;
+ decrypt_input = 0;
+#ifdef notdef
+ encrypt_verbose = !server;
+#endif
+
+ str_suplen = 4;
+
+ while (ep->type) {
+ if (encrypt_debug_mode)
+ printf(">>>%s: I will support %s\r\n",
+ Name, ENCTYPE_NAME(ep->type));
+ i_support_encrypt |= typemask(ep->type);
+ i_support_decrypt |= typemask(ep->type);
+ if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
+ if ((str_send[str_suplen++] = ep->type) == IAC)
+ str_send[str_suplen++] = IAC;
+ if (ep->init)
+ (*ep->init)(Server);
+ ++ep;
+ }
+ str_send[str_suplen++] = IAC;
+ str_send[str_suplen++] = SE;
+}
+
+void
+encrypt_list_types(void)
+{
+ Encryptions *ep = encryptions;
+
+ printf("Valid encryption types:\n");
+ while (ep->type) {
+ printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
+ ++ep;
+ }
+}
+
+int
+EncryptEnable(char *type, char *mode)
+{
+ if (isprefix(type, "help") || isprefix(type, "?")) {
+ printf("Usage: encrypt enable <type> [input|output]\n");
+ encrypt_list_types();
+ return(0);
+ }
+ if (EncryptType(type, mode))
+ return(EncryptStart(mode));
+ return(0);
+}
+
+int
+EncryptDisable(char *type, char *mode)
+{
+ Encryptions *ep;
+ int ret = 0;
+
+ if (isprefix(type, "help") || isprefix(type, "?")) {
+ printf("Usage: encrypt disable <type> [input|output]\n");
+ encrypt_list_types();
+ } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
+ sizeof(Encryptions))) == 0) {
+ printf("%s: invalid encryption type\n", type);
+ } else if (Ambiguous(ep)) {
+ printf("Ambiguous type '%s'\n", type);
+ } else {
+ if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
+ if (decrypt_mode == ep->type)
+ EncryptStopInput();
+ i_wont_support_decrypt |= typemask(ep->type);
+ ret = 1;
+ }
+ if ((mode == 0) || (isprefix(mode, "output"))) {
+ if (encrypt_mode == ep->type)
+ EncryptStopOutput();
+ i_wont_support_encrypt |= typemask(ep->type);
+ ret = 1;
+ }
+ if (ret == 0)
+ printf("%s: invalid encryption mode\n", mode);
+ }
+ return(ret);
+}
+
+int
+EncryptType(char *type, char *mode)
+{
+ Encryptions *ep;
+ int ret = 0;
+
+ if (isprefix(type, "help") || isprefix(type, "?")) {
+ printf("Usage: encrypt type <type> [input|output]\n");
+ encrypt_list_types();
+ } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
+ sizeof(Encryptions))) == 0) {
+ printf("%s: invalid encryption type\n", type);
+ } else if (Ambiguous(ep)) {
+ printf("Ambiguous type '%s'\n", type);
+ } else {
+ if ((mode == 0) || isprefix(mode, "input")) {
+ decrypt_mode = ep->type;
+ i_wont_support_decrypt &= ~typemask(ep->type);
+ ret = 1;
+ }
+ if ((mode == 0) || isprefix(mode, "output")) {
+ encrypt_mode = ep->type;
+ i_wont_support_encrypt &= ~typemask(ep->type);
+ ret = 1;
+ }
+ if (ret == 0)
+ printf("%s: invalid encryption mode\n", mode);
+ }
+ return(ret);
+}
+
+int
+EncryptStart(char *mode)
+{
+ int ret = 0;
+ if (mode) {
+ if (isprefix(mode, "input"))
+ return(EncryptStartInput());
+ if (isprefix(mode, "output"))
+ return(EncryptStartOutput());
+ if (isprefix(mode, "help") || isprefix(mode, "?")) {
+ printf("Usage: encrypt start [input|output]\n");
+ return(0);
+ }
+ printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
+ return(0);
+ }
+ ret += EncryptStartInput();
+ ret += EncryptStartOutput();
+ return(ret);
+}
+
+int
+EncryptStartInput(void)
+{
+ if (decrypt_mode) {
+ encrypt_send_request_start();
+ return(1);
+ }
+ printf("No previous decryption mode, decryption not enabled\r\n");
+ return(0);
+}
+
+int
+EncryptStartOutput(void)
+{
+ if (encrypt_mode) {
+ encrypt_start_output(encrypt_mode);
+ return(1);
+ }
+ printf("No previous encryption mode, encryption not enabled\r\n");
+ return(0);
+}
+
+int
+EncryptStop(char *mode)
+{
+ int ret = 0;
+ if (mode) {
+ if (isprefix(mode, "input"))
+ return(EncryptStopInput());
+ if (isprefix(mode, "output"))
+ return(EncryptStopOutput());
+ if (isprefix(mode, "help") || isprefix(mode, "?")) {
+ printf("Usage: encrypt stop [input|output]\n");
+ return(0);
+ }
+ printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
+ return(0);
+ }
+ ret += EncryptStopInput();
+ ret += EncryptStopOutput();
+ return(ret);
+}
+
+int
+EncryptStopInput(void)
+{
+ encrypt_send_request_end();
+ return(1);
+}
+
+int
+EncryptStopOutput(void)
+{
+ encrypt_send_end();
+ return(1);
+}
+
+void
+encrypt_display(void)
+{
+ printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
+ autoencrypt?"on":"off", autodecrypt?"on":"off");
+
+ if (encrypt_output)
+ printf("Currently encrypting output with %s\r\n",
+ ENCTYPE_NAME(encrypt_mode));
+ else
+ printf("Currently not encrypting output\r\n");
+
+ if (decrypt_input)
+ printf("Currently decrypting input with %s\r\n",
+ ENCTYPE_NAME(decrypt_mode));
+ else
+ printf("Currently not decrypting input\r\n");
+}
+
+int
+EncryptStatus(void)
+{
+ printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
+ autoencrypt?"on":"off", autodecrypt?"on":"off");
+
+ if (encrypt_output)
+ printf("Currently encrypting output with %s\r\n",
+ ENCTYPE_NAME(encrypt_mode));
+ else if (encrypt_mode) {
+ printf("Currently output is clear text.\r\n");
+ printf("Last encryption mode was %s\r\n",
+ ENCTYPE_NAME(encrypt_mode));
+ } else
+ printf("Currently not encrypting output\r\n");
+
+ if (decrypt_input) {
+ printf("Currently decrypting input with %s\r\n",
+ ENCTYPE_NAME(decrypt_mode));
+ } else if (decrypt_mode) {
+ printf("Currently input is clear text.\r\n");
+ printf("Last decryption mode was %s\r\n",
+ ENCTYPE_NAME(decrypt_mode));
+ } else
+ printf("Currently not decrypting input\r\n");
+
+ return 1;
+}
+
+void
+encrypt_send_support(void)
+{
+ if (str_suplen) {
+ /*
+ * If the user has requested that decryption start
+ * immediatly, then send a "REQUEST START" before
+ * we negotiate the type.
+ */
+ if (!Server && autodecrypt)
+ encrypt_send_request_start();
+ telnet_net_write(str_send, str_suplen);
+ printsub('>', &str_send[2], str_suplen - 2);
+ str_suplen = 0;
+ }
+}
+
+int
+EncryptDebug(int on)
+{
+ if (on < 0)
+ encrypt_debug_mode ^= 1;
+ else
+ encrypt_debug_mode = on;
+ printf("Encryption debugging %s\r\n",
+ encrypt_debug_mode ? "enabled" : "disabled");
+ return(1);
+}
+
+/* turn on verbose encryption, but dont keep telling the whole world
+ */
+void encrypt_verbose_quiet(int on)
+{
+ if(on < 0)
+ encrypt_verbose ^= 1;
+ else
+ encrypt_verbose = on ? 1 : 0;
+}
+
+int
+EncryptVerbose(int on)
+{
+ encrypt_verbose_quiet(on);
+ printf("Encryption %s verbose\r\n",
+ encrypt_verbose ? "is" : "is not");
+ return(1);
+}
+
+int
+EncryptAutoEnc(int on)
+{
+ encrypt_auto(on);
+ printf("Automatic encryption of output is %s\r\n",
+ autoencrypt ? "enabled" : "disabled");
+ return(1);
+}
+
+int
+EncryptAutoDec(int on)
+{
+ decrypt_auto(on);
+ printf("Automatic decryption of input is %s\r\n",
+ autodecrypt ? "enabled" : "disabled");
+ return(1);
+}
+
+/* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
+ encrypt */
+void
+encrypt_not(void)
+{
+ if (encrypt_verbose)
+ printf("[ Connection is NOT encrypted ]\r\n");
+ else
+ printf("\r\n*** Connection not encrypted! "
+ "Communication may be eavesdropped. ***\r\n");
+}
+
+/*
+ * Called when ENCRYPT SUPPORT is received.
+ */
+void
+encrypt_support(unsigned char *typelist, int cnt)
+{
+ int type, use_type = 0;
+ Encryptions *ep;
+
+ /*
+ * Forget anything the other side has previously told us.
+ */
+ remote_supports_decrypt = 0;
+
+ while (cnt-- > 0) {
+ type = *typelist++;
+ if (encrypt_debug_mode)
+ printf(">>>%s: He is supporting %s (%d)\r\n",
+ Name,
+ ENCTYPE_NAME(type), type);
+ if ((type < ENCTYPE_CNT) &&
+ (I_SUPPORT_ENCRYPT & typemask(type))) {
+ remote_supports_decrypt |= typemask(type);
+ if (use_type == 0)
+ use_type = type;
+ }
+ }
+ if (use_type) {
+ ep = findencryption(use_type);
+ if (!ep)
+ return;
+ type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
+ if (encrypt_debug_mode)
+ printf(">>>%s: (*ep->start)() returned %d\r\n",
+ Name, type);
+ if (type < 0)
+ return;
+ encrypt_mode = use_type;
+ if (type == 0)
+ encrypt_start_output(use_type);
+ }
+}
+
+void
+encrypt_is(unsigned char *data, int cnt)
+{
+ Encryptions *ep;
+ int type, ret;
+
+ if (--cnt < 0)
+ return;
+ type = *data++;
+ if (type < ENCTYPE_CNT)
+ remote_supports_encrypt |= typemask(type);
+ if (!(ep = finddecryption(type))) {
+ if (encrypt_debug_mode)
+ printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+ Name,
+ ENCTYPE_NAME_OK(type)
+ ? ENCTYPE_NAME(type) : "(unknown)",
+ type);
+ return;
+ }
+ if (!ep->is) {
+ if (encrypt_debug_mode)
+ printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+ Name,
+ ENCTYPE_NAME_OK(type)
+ ? ENCTYPE_NAME(type) : "(unknown)",
+ type);
+ ret = 0;
+ } else {
+ ret = (*ep->is)(data, cnt);
+ if (encrypt_debug_mode)
+ printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
+ (ret < 0) ? "FAIL " :
+ (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+ }
+ if (ret < 0) {
+ autodecrypt = 0;
+ } else {
+ decrypt_mode = type;
+ if (ret == 0 && autodecrypt)
+ encrypt_send_request_start();
+ }
+}
+
+void
+encrypt_reply(unsigned char *data, int cnt)
+{
+ Encryptions *ep;
+ int ret, type;
+
+ if (--cnt < 0)
+ return;
+ type = *data++;
+ if (!(ep = findencryption(type))) {
+ if (encrypt_debug_mode)
+ printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
+ Name,
+ ENCTYPE_NAME_OK(type)
+ ? ENCTYPE_NAME(type) : "(unknown)",
+ type);
+ return;
+ }
+ if (!ep->reply) {
+ if (encrypt_debug_mode)
+ printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
+ Name,
+ ENCTYPE_NAME_OK(type)
+ ? ENCTYPE_NAME(type) : "(unknown)",
+ type);
+ ret = 0;
+ } else {
+ ret = (*ep->reply)(data, cnt);
+ if (encrypt_debug_mode)
+ printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
+ data, cnt,
+ (ret < 0) ? "FAIL " :
+ (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+ }
+ if (encrypt_debug_mode)
+ printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
+ if (ret < 0) {
+ autoencrypt = 0;
+ } else {
+ encrypt_mode = type;
+ if (ret == 0 && autoencrypt)
+ encrypt_start_output(type);
+ }
+}
+
+/*
+ * Called when ENCRYPT START is received.
+ */
+void
+encrypt_start(unsigned char *data, int cnt)
+{
+ Encryptions *ep;
+
+ if (!decrypt_mode) {
+ /*
+ * Something is wrong. We should not get a START
+ * command without having already picked our
+ * decryption scheme. Send a REQUEST-END to
+ * attempt to clear the channel...
+ */
+ printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
+ encrypt_send_request_end();
+ return;
+ }
+
+ if ((ep = finddecryption(decrypt_mode))) {
+ decrypt_input = ep->input;
+ if (encrypt_verbose)
+ printf("[ Input is now decrypted with type %s ]\r\n",
+ ENCTYPE_NAME(decrypt_mode));
+ if (encrypt_debug_mode)
+ printf(">>>%s: Start to decrypt input with type %s\r\n",
+ Name, ENCTYPE_NAME(decrypt_mode));
+ } else {
+ printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
+ Name,
+ ENCTYPE_NAME_OK(decrypt_mode)
+ ? ENCTYPE_NAME(decrypt_mode)
+ : "(unknown)",
+ decrypt_mode);
+ encrypt_send_request_end();
+ }
+}
+
+void
+encrypt_session_key(Session_Key *key, int server)
+{
+ Encryptions *ep = encryptions;
+
+ havesessionkey = 1;
+
+ while (ep->type) {
+ if (ep->session)
+ (*ep->session)(key, server);
+ ++ep;
+ }
+}
+
+/*
+ * Called when ENCRYPT END is received.
+ */
+void
+encrypt_end(void)
+{
+ decrypt_input = 0;
+ if (encrypt_debug_mode)
+ printf(">>>%s: Input is back to clear text\r\n", Name);
+ if (encrypt_verbose)
+ printf("[ Input is now clear text ]\r\n");
+}
+
+/*
+ * Called when ENCRYPT REQUEST-END is received.
+ */
+void
+encrypt_request_end(void)
+{
+ encrypt_send_end();
+}
+
+/*
+ * Called when ENCRYPT REQUEST-START is received. If we receive
+ * this before a type is picked, then that indicates that the
+ * other side wants us to start encrypting data as soon as we
+ * can.
+ */
+void
+encrypt_request_start(unsigned char *data, int cnt)
+{
+ if (encrypt_mode == 0) {
+ if (Server)
+ autoencrypt = 1;
+ return;
+ }
+ encrypt_start_output(encrypt_mode);
+}
+
+static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
+
+static void
+encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
+{
+ Encryptions *ep;
+ int dir = kp->dir;
+ int ret = 0;
+
+ if (len > MAXKEYLEN)
+ len = MAXKEYLEN;
+
+ if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ if (len == 0)
+ return;
+ kp->keylen = 0;
+ } else if (len == 0) {
+ /*
+ * Empty option, indicates a failure.
+ */
+ if (kp->keylen == 0)
+ return;
+ kp->keylen = 0;
+ if (ep->keyid)
+ (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+
+ } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
+ /*
+ * Length or contents are different
+ */
+ kp->keylen = len;
+ memcpy(kp->keyid,keyid, len);
+ if (ep->keyid)
+ (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+ } else {
+ if (ep->keyid)
+ ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
+ if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
+ encrypt_start_output(*kp->modep);
+ return;
+ }
+
+ encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
+}
+
+void encrypt_enc_keyid(unsigned char *keyid, int len)
+{
+ encrypt_keyid(&ki[1], keyid, len);
+}
+
+void encrypt_dec_keyid(unsigned char *keyid, int len)
+{
+ encrypt_keyid(&ki[0], keyid, len);
+}
+
+
+void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
+{
+ unsigned char *strp;
+
+ str_keyid[3] = (dir == DIR_ENCRYPT)
+ ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
+ if (saveit) {
+ struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
+ memcpy(kp->keyid,keyid, keylen);
+ kp->keylen = keylen;
+ }
+
+ for (strp = &str_keyid[4]; keylen > 0; --keylen) {
+ if ((*strp++ = *keyid++) == IAC)
+ *strp++ = IAC;
+ }
+ *strp++ = IAC;
+ *strp++ = SE;
+ telnet_net_write(str_keyid, strp - str_keyid);
+ printsub('>', &str_keyid[2], strp - str_keyid - 2);
+}
+
+void
+encrypt_auto(int on)
+{
+ if (on < 0)
+ autoencrypt ^= 1;
+ else
+ autoencrypt = on ? 1 : 0;
+}
+
+void
+decrypt_auto(int on)
+{
+ if (on < 0)
+ autodecrypt ^= 1;
+ else
+ autodecrypt = on ? 1 : 0;
+}
+
+void
+encrypt_start_output(int type)
+{
+ Encryptions *ep;
+ unsigned char *p;
+ int i;
+
+ if (!(ep = findencryption(type))) {
+ if (encrypt_debug_mode) {
+ printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
+ Name,
+ ENCTYPE_NAME_OK(type)
+ ? ENCTYPE_NAME(type) : "(unknown)",
+ type);
+ }
+ return;
+ }
+ if (ep->start) {
+ i = (*ep->start)(DIR_ENCRYPT, Server);
+ if (encrypt_debug_mode) {
+ printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
+ Name,
+ (i < 0) ? "failed" :
+ "initial negotiation in progress",
+ i, ENCTYPE_NAME(type));
+ }
+ if (i)
+ return;
+ }
+ p = str_start + 3;
+ *p++ = ENCRYPT_START;
+ for (i = 0; i < ki[0].keylen; ++i) {
+ if ((*p++ = ki[0].keyid[i]) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ telnet_net_write(str_start, p - str_start);
+ net_encrypt();
+ printsub('>', &str_start[2], p - &str_start[2]);
+ /*
+ * If we are already encrypting in some mode, then
+ * encrypt the ring (which includes our request) in
+ * the old mode, mark it all as "clear text" and then
+ * switch to the new mode.
+ */
+ encrypt_output = ep->output;
+ encrypt_mode = type;
+ if (encrypt_debug_mode)
+ printf(">>>%s: Started to encrypt output with type %s\r\n",
+ Name, ENCTYPE_NAME(type));
+ if (encrypt_verbose)
+ printf("[ Output is now encrypted with type %s ]\r\n",
+ ENCTYPE_NAME(type));
+}
+
+void
+encrypt_send_end(void)
+{
+ if (!encrypt_output)
+ return;
+
+ str_end[3] = ENCRYPT_END;
+ telnet_net_write(str_end, sizeof(str_end));
+ net_encrypt();
+ printsub('>', &str_end[2], sizeof(str_end) - 2);
+ /*
+ * Encrypt the output buffer now because it will not be done by
+ * netflush...
+ */
+ encrypt_output = 0;
+ if (encrypt_debug_mode)
+ printf(">>>%s: Output is back to clear text\r\n", Name);
+ if (encrypt_verbose)
+ printf("[ Output is now clear text ]\r\n");
+}
+
+void
+encrypt_send_request_start(void)
+{
+ unsigned char *p;
+ int i;
+
+ p = &str_start[3];
+ *p++ = ENCRYPT_REQSTART;
+ for (i = 0; i < ki[1].keylen; ++i) {
+ if ((*p++ = ki[1].keyid[i]) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ telnet_net_write(str_start, p - str_start);
+ printsub('>', &str_start[2], p - &str_start[2]);
+ if (encrypt_debug_mode)
+ printf(">>>%s: Request input to be encrypted\r\n", Name);
+}
+
+void
+encrypt_send_request_end(void)
+{
+ str_end[3] = ENCRYPT_REQEND;
+ telnet_net_write(str_end, sizeof(str_end));
+ printsub('>', &str_end[2], sizeof(str_end) - 2);
+
+ if (encrypt_debug_mode)
+ printf(">>>%s: Request input to be clear text\r\n", Name);
+}
+
+
+void encrypt_wait(void)
+{
+ if (encrypt_debug_mode)
+ printf(">>>%s: in encrypt_wait\r\n", Name);
+ if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
+ return;
+ while (autoencrypt && !encrypt_output)
+ if (telnet_spin())
+ return;
+}
+
+int
+encrypt_delay(void)
+{
+ if(!havesessionkey ||
+ (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
+ (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
+ return 0;
+ if(!(encrypt_output && decrypt_input))
+ return 1;
+ return 0;
+}
+
+int encrypt_is_encrypting()
+{
+ if (encrypt_output && decrypt_input)
+ return 1;
+ return 0;
+}
+
+void
+encrypt_debug(int mode)
+{
+ encrypt_debug_mode = mode;
+}
+
+void encrypt_gen_printsub(unsigned char *data, int cnt,
+ unsigned char *buf, int buflen)
+{
+ char tbuf[16], *cp;
+
+ cnt -= 2;
+ data += 2;
+ buf[buflen-1] = '\0';
+ buf[buflen-2] = '*';
+ buflen -= 2;;
+ for (; cnt > 0; cnt--, data++) {
+ snprintf(tbuf, sizeof(tbuf), " %d", *data);
+ for (cp = tbuf; *cp && buflen > 0; --buflen)
+ *buf++ = *cp++;
+ if (buflen <= 0)
+ return;
+ }
+ *buf = '\0';
+}
+
+void
+encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+ Encryptions *ep;
+ int type = data[1];
+
+ for (ep = encryptions; ep->type && ep->type != type; ep++)
+ ;
+
+ if (ep->printsub)
+ (*ep->printsub)(data, cnt, buf, buflen);
+ else
+ encrypt_gen_printsub(data, cnt, buf, buflen);
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/encrypt.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)encrypt.h 8.1 (Berkeley) 6/4/93
+ *
+ * @(#)encrypt.h 5.2 (Berkeley) 3/22/91
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: encrypt.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __ENCRYPT__
+#define __ENCRYPT__
+
+#define DIR_DECRYPT 1
+#define DIR_ENCRYPT 2
+
+#define VALIDKEY(key) ( key[0] | key[1] | key[2] | key[3] | \
+ key[4] | key[5] | key[6] | key[7])
+
+#define SAMEKEY(k1, k2) (!memcmp(k1, k2, sizeof(des_cblock)))
+
+typedef struct {
+ short type;
+ int length;
+ unsigned char *data;
+} Session_Key;
+
+typedef struct {
+ char *name;
+ int type;
+ void (*output) (unsigned char *, int);
+ int (*input) (int);
+ void (*init) (int);
+ int (*start) (int, int);
+ int (*is) (unsigned char *, int);
+ int (*reply) (unsigned char *, int);
+ void (*session) (Session_Key *, int);
+ int (*keyid) (int, unsigned char *, int *);
+ void (*printsub) (unsigned char *, int, unsigned char *, int);
+} Encryptions;
+
+#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */
+
+#include "crypto-headers.h"
+#ifdef HAVE_OPENSSL
+#define des_new_random_key des_random_key
+#endif
+
+#include "enc-proto.h"
+
+extern int encrypt_debug_mode;
+extern int (*decrypt_input) (int);
+extern void (*encrypt_output) (unsigned char *, int);
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/genget.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/genget.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/genget.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,103 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+#include "misc-proto.h"
+
+RCSID("$Id: genget.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <ctype.h>
+
+#define LOWER(x) (isupper(x) ? tolower(x) : (x))
+/*
+ * The prefix function returns 0 if *s1 is not a prefix
+ * of *s2. If *s1 exactly matches *s2, the negative of
+ * the length is returned. If *s1 is a prefix of *s2,
+ * the length of *s1 is returned.
+ */
+
+int
+isprefix(char *s1, char *s2)
+{
+ char *os1;
+ char c1, c2;
+
+ if (*s1 == '\0')
+ return(-1);
+ os1 = s1;
+ c1 = *s1;
+ c2 = *s2;
+ while (tolower((unsigned char)c1) == tolower((unsigned char)c2)) {
+ if (c1 == '\0')
+ break;
+ c1 = *++s1;
+ c2 = *++s2;
+ }
+ return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
+}
+
+static char *ambiguous; /* special return value for command routines */
+
+char **
+genget(char *name, char **table, int stlen)
+ /* name to match */
+ /* name entry in table */
+
+{
+ char **c, **found;
+ int n;
+
+ if (name == 0)
+ return 0;
+
+ found = 0;
+ for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
+ if ((n = isprefix(name, *c)) == 0)
+ continue;
+ if (n < 0) /* exact match */
+ return(c);
+ if (found)
+ return(&ambiguous);
+ found = c;
+ }
+ return(found);
+}
+
+/*
+ * Function call version of Ambiguous()
+ */
+int
+Ambiguous(void *s)
+{
+ return((char **)s == &ambiguous);
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,723 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: kerberos.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef KRB4
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdio.h>
+#include <krb.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int kerberos4_cksum (unsigned char *, int);
+extern int auth_debug_mode;
+
+static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+ AUTHTYPE_KERBEROS_V4, };
+
+#define KRB_AUTH 0 /* Authentication data follows */
+#define KRB_REJECT 1 /* Rejected (reason might follow) */
+#define KRB_ACCEPT 2 /* Accepted */
+#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */
+#define KRB_RESPONSE 4 /* Response for mutual auth. */
+
+#define KRB_FORWARD 5 /* */
+#define KRB_FORWARD_ACCEPT 6 /* */
+#define KRB_FORWARD_REJECT 7 /* */
+
+#define KRB_SERVICE_NAME "rcmd"
+
+static KTEXT_ST auth;
+static char name[ANAME_SZ];
+static AUTH_DAT adat;
+static des_cblock session_key;
+static des_cblock cred_session;
+static des_key_schedule sched;
+static des_cblock challenge;
+static int auth_done; /* XXX */
+
+static int pack_cred(CREDENTIALS *cred, unsigned char *buf);
+static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred);
+
+
+static int
+Data(Authenticator *ap, int type, const void *d, int c)
+{
+ unsigned char *p = str_data + 4;
+ const unsigned char *cd = (const unsigned char *)d;
+
+ if (c == -1)
+ c = strlen((const char *)cd);
+
+ if (auth_debug_mode) {
+ printf("%s:%d: [%d] (%d)",
+ str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+ str_data[3],
+ type, c);
+ printd(d, c);
+ printf("\r\n");
+ }
+ *p++ = ap->type;
+ *p++ = ap->way;
+ *p++ = type;
+ while (c-- > 0) {
+ if ((*p++ = *cd++) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ if (str_data[3] == TELQUAL_IS)
+ printsub('>', &str_data[2], p - (&str_data[2]));
+ return(telnet_net_write(str_data, p - str_data));
+}
+
+int
+kerberos4_init(Authenticator *ap, int server)
+{
+ FILE *fp;
+
+ if (server) {
+ str_data[3] = TELQUAL_REPLY;
+ if ((fp = fopen(KEYFILE, "r")) == NULL)
+ return(0);
+ fclose(fp);
+ } else {
+ str_data[3] = TELQUAL_IS;
+ }
+ return(1);
+}
+
+char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
+int dst_realm_sz = REALM_SZ;
+
+static int
+kerberos4_send(char *name, Authenticator *ap)
+{
+ KTEXT_ST auth;
+ char instance[INST_SZ];
+ char *realm;
+ CREDENTIALS cred;
+ int r;
+
+ if (!UserNameRequested) {
+ if (auth_debug_mode) {
+ printf("Kerberos V4: no user name supplied\r\n");
+ }
+ return(0);
+ }
+
+ memset(instance, 0, sizeof(instance));
+
+ strlcpy (instance,
+ krb_get_phost(RemoteHostName),
+ INST_SZ);
+
+ realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
+
+ if (!realm) {
+ printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
+ return(0);
+ }
+ printf("[ Trying %s (%s.%s@%s) ... ]\r\n", name,
+ KRB_SERVICE_NAME, instance, realm);
+ r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L);
+ if (r) {
+ printf("mk_req failed: %s\r\n", krb_get_err_text(r));
+ return(0);
+ }
+ r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred);
+ if (r) {
+ printf("get_cred failed: %s\r\n", krb_get_err_text(r));
+ return(0);
+ }
+ if (!auth_sendname((unsigned char*)UserNameRequested,
+ strlen(UserNameRequested))) {
+ if (auth_debug_mode)
+ printf("Not enough room for user name\r\n");
+ return(0);
+ }
+ if (auth_debug_mode)
+ printf("Sent %d bytes of authentication data\r\n", auth.length);
+ if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
+ if (auth_debug_mode)
+ printf("Not enough room for authentication data\r\n");
+ return(0);
+ }
+#ifdef ENCRYPTION
+ /* create challenge */
+ if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) {
+ int i;
+
+ des_key_sched(&cred.session, sched);
+ memcpy (&cred_session, &cred.session, sizeof(cred_session));
+#ifndef HAVE_OPENSSL
+ des_init_random_number_generator(&cred.session);
+#endif
+ des_new_random_key(&session_key);
+ des_ecb_encrypt(&session_key, &session_key, sched, 0);
+ des_ecb_encrypt(&session_key, &challenge, sched, 0);
+
+ /*
+ old code
+ Some CERT Advisory thinks this is a bad thing...
+
+ des_init_random_number_generator(&cred.session);
+ des_new_random_key(&challenge);
+ des_ecb_encrypt(&challenge, &session_key, sched, 1);
+ */
+
+ /*
+ * Increment the challenge by 1, and encrypt it for
+ * later comparison.
+ */
+ for (i = 7; i >= 0; --i)
+ if(++challenge[i] != 0) /* No carry! */
+ break;
+ des_ecb_encrypt(&challenge, &challenge, sched, 1);
+ }
+
+#endif
+
+ if (auth_debug_mode) {
+ printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+ printd(auth.dat, auth.length);
+ printf("\r\n");
+ printf("Sent Kerberos V4 credentials to server\r\n");
+ }
+ return(1);
+}
+int
+kerberos4_send_mutual(Authenticator *ap)
+{
+ return kerberos4_send("mutual KERBEROS4", ap);
+}
+
+int
+kerberos4_send_oneway(Authenticator *ap)
+{
+ return kerberos4_send("KERBEROS4", ap);
+}
+
+void
+kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
+{
+ struct sockaddr_in addr;
+ char realm[REALM_SZ];
+ char instance[INST_SZ];
+ int r;
+ socklen_t addr_len;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case KRB_AUTH:
+ if (krb_get_lrealm(realm, 1) != KSUCCESS) {
+ Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("No local realm\r\n");
+ return;
+ }
+ memmove(auth.dat, data, auth.length = cnt);
+ if (auth_debug_mode) {
+ printf("Got %d bytes of authentication data\r\n", cnt);
+ printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
+ printd(auth.dat, auth.length);
+ printf("\r\n");
+ }
+ k_getsockinst(0, instance, sizeof(instance));
+ addr_len = sizeof(addr);
+ if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) {
+ if(auth_debug_mode)
+ printf("getpeername failed\r\n");
+ Data(ap, KRB_REJECT, "getpeername failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+ if (addr.sin_family != AF_INET) {
+ if (auth_debug_mode)
+ printf("unknown address family: %d\r\n", addr.sin_family);
+ Data(ap, KRB_REJECT, "bad address family", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+
+ r = krb_rd_req(&auth, KRB_SERVICE_NAME,
+ instance, addr.sin_addr.s_addr, &adat, "");
+ if (r) {
+ if (auth_debug_mode)
+ printf("Kerberos failed him as %s\r\n", name);
+ Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+ /* save the session key */
+ memmove(session_key, adat.session, sizeof(adat.session));
+ krb_kntoln(&adat, name);
+
+ if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
+ char ts[MaxPathLen];
+ struct passwd *pw = getpwnam(UserNameRequested);
+
+ if(pw){
+ snprintf(ts, sizeof(ts),
+ "%s%u",
+ TKT_ROOT,
+ (unsigned)pw->pw_uid);
+ esetenv("KRBTKFILE", ts, 1);
+
+ if (pw->pw_uid == 0)
+ syslog(LOG_INFO|LOG_AUTH,
+ "ROOT Kerberos login from %s on %s\n",
+ krb_unparse_name_long(adat.pname,
+ adat.pinst,
+ adat.prealm),
+ RemoteHostName);
+ }
+ Data(ap, KRB_ACCEPT, NULL, 0);
+ } else {
+ char *msg;
+ int ret;
+
+ ret = asprintf (&msg, "user `%s' is not authorized to "
+ "login as `%s'",
+ krb_unparse_name_long(adat.pname,
+ adat.pinst,
+ adat.prealm),
+ UserNameRequested ? UserNameRequested : "<nobody>");
+ if (ret == -1)
+ Data(ap, KRB_REJECT, NULL, 0);
+ else {
+ Data(ap, KRB_REJECT, (void *)msg, -1);
+ free(msg);
+ }
+ auth_finished(ap, AUTH_REJECT);
+ break;
+ }
+ auth_finished(ap, AUTH_USER);
+ break;
+
+ case KRB_CHALLENGE:
+#ifndef ENCRYPTION
+ Data(ap, KRB_RESPONSE, NULL, 0);
+#else
+ if(!VALIDKEY(session_key)){
+ Data(ap, KRB_RESPONSE, NULL, 0);
+ break;
+ }
+ des_key_sched(&session_key, sched);
+ {
+ des_cblock d_block;
+ int i;
+ Session_Key skey;
+
+ memmove(d_block, data, sizeof(d_block));
+
+ /* make a session key for encryption */
+ des_ecb_encrypt(&d_block, &session_key, sched, 1);
+ skey.type=SK_DES;
+ skey.length=8;
+ skey.data=session_key;
+ encrypt_session_key(&skey, 1);
+
+ /* decrypt challenge, add one and encrypt it */
+ des_ecb_encrypt(&d_block, &challenge, sched, 0);
+ for (i = 7; i >= 0; i--)
+ if(++challenge[i] != 0)
+ break;
+ des_ecb_encrypt(&challenge, &challenge, sched, 1);
+ Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
+ }
+#endif
+ break;
+
+ case KRB_FORWARD:
+ {
+ des_key_schedule ks;
+ unsigned char netcred[sizeof(CREDENTIALS)];
+ CREDENTIALS cred;
+ int ret;
+ if(cnt > sizeof(cred))
+ abort();
+
+ memcpy (session_key, adat.session, sizeof(session_key));
+ des_set_key(&session_key, ks);
+ des_pcbc_encrypt((void*)data, (void*)netcred, cnt,
+ ks, &session_key, DES_DECRYPT);
+ unpack_cred(netcred, cnt, &cred);
+ {
+ if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) ||
+ strncmp(cred.instance, cred.realm, sizeof(cred.instance)) ||
+ cred.lifetime < 0 || cred.lifetime > 255 ||
+ cred.kvno < 0 || cred.kvno > 255 ||
+ cred.issue_date < 0 ||
+ cred.issue_date > time(0) + CLOCK_SKEW ||
+ strncmp(cred.pname, adat.pname, sizeof(cred.pname)) ||
+ strncmp(cred.pinst, adat.pinst, sizeof(cred.pinst))){
+ Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1);
+ }else{
+ if((ret = tf_setup(&cred,
+ cred.pname,
+ cred.pinst)) == KSUCCESS){
+ struct passwd *pw = getpwnam(UserNameRequested);
+
+ if (pw)
+ chown(tkt_string(), pw->pw_uid, pw->pw_gid);
+ Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+ } else{
+ Data(ap, KRB_FORWARD_REJECT,
+ krb_get_err_text(ret), -1);
+ }
+ }
+ }
+ memset(data, 0, cnt);
+ memset(&ks, 0, sizeof(ks));
+ memset(&cred, 0, sizeof(cred));
+ }
+
+ break;
+
+ default:
+ if (auth_debug_mode)
+ printf("Unknown Kerberos option %d\r\n", data[-1]);
+ Data(ap, KRB_REJECT, 0, 0);
+ break;
+ }
+}
+
+void
+kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt)
+{
+ Session_Key skey;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case KRB_REJECT:
+ if(auth_done){ /* XXX Ick! */
+ printf("[ Kerberos V4 received unknown opcode ]\r\n");
+ }else{
+ printf("[ Kerberos V4 refuses authentication ");
+ if (cnt > 0)
+ printf("because %.*s ", cnt, data);
+ printf("]\r\n");
+ auth_send_retry();
+ }
+ return;
+ case KRB_ACCEPT:
+ printf("[ Kerberos V4 accepts you ]\r\n");
+ auth_done = 1;
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ /*
+ * Send over the encrypted challenge.
+ */
+ Data(ap, KRB_CHALLENGE, session_key,
+ sizeof(session_key));
+ des_ecb_encrypt(&session_key, &session_key, sched, 1);
+ skey.type = SK_DES;
+ skey.length = 8;
+ skey.data = session_key;
+ encrypt_session_key(&skey, 0);
+#if 0
+ kerberos4_forward(ap, &cred_session);
+#endif
+ return;
+ }
+ auth_finished(ap, AUTH_USER);
+ return;
+ case KRB_RESPONSE:
+ /* make sure the response is correct */
+ if ((cnt != sizeof(des_cblock)) ||
+ (memcmp(data, challenge, sizeof(challenge)))){
+ printf("[ Kerberos V4 challenge failed!!! ]\r\n");
+ auth_send_retry();
+ return;
+ }
+ printf("[ Kerberos V4 challenge successful ]\r\n");
+ auth_finished(ap, AUTH_USER);
+ break;
+ case KRB_FORWARD_ACCEPT:
+ printf("[ Kerberos V4 accepted forwarded credentials ]\r\n");
+ break;
+ case KRB_FORWARD_REJECT:
+ printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n",
+ cnt, data);
+ break;
+ default:
+ if (auth_debug_mode)
+ printf("Unknown Kerberos option %d\r\n", data[-1]);
+ return;
+ }
+}
+
+int
+kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
+{
+ if (level < AUTH_USER)
+ return(level);
+
+ if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+ strlcpy(name, UserNameRequested, name_sz);
+ return(AUTH_VALID);
+ } else
+ return(AUTH_USER);
+}
+
+#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
+#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void
+kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+ int i;
+
+ buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
+ buflen -= 1;
+
+ switch(data[3]) {
+ case KRB_REJECT: /* Rejected (reason might follow) */
+ strlcpy((char *)buf, " REJECT ", buflen);
+ goto common;
+
+ case KRB_ACCEPT: /* Accepted (name might follow) */
+ strlcpy((char *)buf, " ACCEPT ", buflen);
+ common:
+ BUMP(buf, buflen);
+ if (cnt <= 4)
+ break;
+ ADDC(buf, buflen, '"');
+ for (i = 4; i < cnt; i++)
+ ADDC(buf, buflen, data[i]);
+ ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\0');
+ break;
+
+ case KRB_AUTH: /* Authentication data follows */
+ strlcpy((char *)buf, " AUTH", buflen);
+ goto common2;
+
+ case KRB_CHALLENGE:
+ strlcpy((char *)buf, " CHALLENGE", buflen);
+ goto common2;
+
+ case KRB_RESPONSE:
+ strlcpy((char *)buf, " RESPONSE", buflen);
+ goto common2;
+
+ default:
+ snprintf((char*)buf, buflen, " %d (unknown)", data[3]);
+ common2:
+ BUMP(buf, buflen);
+ for (i = 4; i < cnt; i++) {
+ snprintf((char*)buf, buflen, " %d", data[i]);
+ BUMP(buf, buflen);
+ }
+ break;
+ }
+}
+
+int
+kerberos4_cksum(unsigned char *d, int n)
+{
+ int ck = 0;
+
+ /*
+ * A comment is probably needed here for those not
+ * well versed in the "C" language. Yes, this is
+ * supposed to be a "switch" with the body of the
+ * "switch" being a "while" statement. The whole
+ * purpose of the switch is to allow us to jump into
+ * the middle of the while() loop, and then not have
+ * to do any more switch()s.
+ *
+ * Some compilers will spit out a warning message
+ * about the loop not being entered at the top.
+ */
+ switch (n&03)
+ while (n > 0) {
+ case 0:
+ ck ^= (int)*d++ << 24;
+ --n;
+ case 3:
+ ck ^= (int)*d++ << 16;
+ --n;
+ case 2:
+ ck ^= (int)*d++ << 8;
+ --n;
+ case 1:
+ ck ^= (int)*d++;
+ --n;
+ }
+ return(ck);
+}
+
+static int
+pack_cred(CREDENTIALS *cred, unsigned char *buf)
+{
+ unsigned char *p = buf;
+
+ memcpy (p, cred->service, ANAME_SZ);
+ p += ANAME_SZ;
+ memcpy (p, cred->instance, INST_SZ);
+ p += INST_SZ;
+ memcpy (p, cred->realm, REALM_SZ);
+ p += REALM_SZ;
+ memcpy(p, cred->session, 8);
+ p += 8;
+ p += KRB_PUT_INT(cred->lifetime, p, 4, 4);
+ p += KRB_PUT_INT(cred->kvno, p, 4, 4);
+ p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4);
+ memcpy(p, cred->ticket_st.dat, cred->ticket_st.length);
+ p += cred->ticket_st.length;
+ p += KRB_PUT_INT(0, p, 4, 4);
+ p += KRB_PUT_INT(cred->issue_date, p, 4, 4);
+ memcpy (p, cred->pname, ANAME_SZ);
+ p += ANAME_SZ;
+ memcpy (p, cred->pinst, INST_SZ);
+ p += INST_SZ;
+ return p - buf;
+}
+
+static int
+unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred)
+{
+ char *p = (char*)buf;
+ uint32_t tmp;
+
+ strncpy (cred->service, p, ANAME_SZ);
+ cred->service[ANAME_SZ - 1] = '\0';
+ p += ANAME_SZ;
+ strncpy (cred->instance, p, INST_SZ);
+ cred->instance[INST_SZ - 1] = '\0';
+ p += INST_SZ;
+ strncpy (cred->realm, p, REALM_SZ);
+ cred->realm[REALM_SZ - 1] = '\0';
+ p += REALM_SZ;
+
+ memcpy(cred->session, p, 8);
+ p += 8;
+ p += krb_get_int(p, &tmp, 4, 0);
+ cred->lifetime = tmp;
+ p += krb_get_int(p, &tmp, 4, 0);
+ cred->kvno = tmp;
+
+ p += krb_get_int(p, &cred->ticket_st.length, 4, 0);
+ memcpy(cred->ticket_st.dat, p, cred->ticket_st.length);
+ p += cred->ticket_st.length;
+ p += krb_get_int(p, &tmp, 4, 0);
+ cred->ticket_st.mbz = 0;
+ p += krb_get_int(p, (uint32_t *)&cred->issue_date, 4, 0);
+
+ strncpy (cred->pname, p, ANAME_SZ);
+ cred->pname[ANAME_SZ - 1] = '\0';
+ p += ANAME_SZ;
+ strncpy (cred->pinst, p, INST_SZ);
+ cred->pinst[INST_SZ - 1] = '\0';
+ p += INST_SZ;
+ return 0;
+}
+
+
+int
+kerberos4_forward(Authenticator *ap, void *v)
+{
+ des_cblock *key = (des_cblock *)v;
+ CREDENTIALS cred;
+ char *realm;
+ des_key_schedule ks;
+ int len;
+ unsigned char netcred[sizeof(CREDENTIALS)];
+ int ret;
+
+ realm = krb_realmofhost(RemoteHostName);
+ if(realm == NULL)
+ return -1;
+ memset(&cred, 0, sizeof(cred));
+ ret = krb_get_cred(KRB_TICKET_GRANTING_TICKET,
+ realm,
+ realm,
+ &cred);
+ if(ret)
+ return ret;
+ des_set_key(key, ks);
+ len = pack_cred(&cred, netcred);
+ des_pcbc_encrypt((void*)netcred, (void*)netcred, len,
+ ks, key, DES_ENCRYPT);
+ memset(&ks, 0, sizeof(ks));
+ Data(ap, KRB_FORWARD, netcred, len);
+ memset(netcred, 0, sizeof(netcred));
+ return 0;
+}
+
+#endif /* KRB4 */
+
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos5.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos5.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/kerberos5.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,895 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <config.h>
+
+RCSID("$Id: kerberos5.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef KRB5
+
+#include <arpa/telnet.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <pwd.h>
+#define Authenticator k5_Authenticator
+#include <krb5.h>
+#undef Authenticator
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+#if defined(DCE)
+int dfsk5ok = 0;
+int dfspag = 0;
+int dfsfwd = 0;
+#endif
+
+int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */
+
+int forward(int);
+int forwardable(int);
+
+/* These values need to be the same as those defined in telnet/main.c. */
+/* Either define them in both places, or put in some common header file. */
+#define OPTS_FORWARD_CREDS 0x00000002
+#define OPTS_FORWARDABLE_CREDS 0x00000001
+
+
+void kerberos5_forward (Authenticator *);
+
+static unsigned char str_data[4] = { IAC, SB, TELOPT_AUTHENTICATION, 0 };
+
+#define KRB_AUTH 0 /* Authentication data follows */
+#define KRB_REJECT 1 /* Rejected (reason might follow) */
+#define KRB_ACCEPT 2 /* Accepted */
+#define KRB_RESPONSE 3 /* Response for mutual auth. */
+
+#define KRB_FORWARD 4 /* Forwarded credentials follow */
+#define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */
+#define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */
+
+static krb5_data auth;
+static krb5_ticket *ticket;
+
+static krb5_context context;
+static krb5_auth_context auth_context;
+
+static int
+Data(Authenticator *ap, int type, const void *d, int c)
+{
+ const unsigned char *cp, *cd = d;
+ unsigned char *p0, *p;
+ size_t len = sizeof(str_data) + 3 + 2;
+ int ret;
+
+ if (c == -1)
+ c = strlen((const char*)cd);
+
+ for (cp = cd; cp - cd < c; cp++, len++)
+ if (*cp == IAC)
+ len++;
+
+ p0 = malloc(len);
+ if (p0 == NULL)
+ return 0;
+
+ memcpy(p0, str_data, sizeof(str_data));
+ p = p0 + sizeof(str_data);
+
+ if (auth_debug_mode) {
+ printf("%s:%d: [%d] (%d)",
+ str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+ str_data[3],
+ type, c);
+ printd(d, c);
+ printf("\r\n");
+ }
+ *p++ = ap->type;
+ *p++ = ap->way;
+ *p++ = type;
+ while (c-- > 0) {
+ if ((*p++ = *cd++) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ if (str_data[3] == TELQUAL_IS)
+ printsub('>', &p0[2], len - 2);
+ ret = telnet_net_write(p0, len);
+ free(p0);
+ return ret;
+}
+
+int
+kerberos5_init(Authenticator *ap, int server)
+{
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return 0;
+ if (server) {
+ krb5_keytab kt;
+ krb5_kt_cursor cursor;
+
+ ret = krb5_kt_default(context, &kt);
+ if (ret)
+ return 0;
+
+ ret = krb5_kt_start_seq_get (context, kt, &cursor);
+ if (ret) {
+ krb5_kt_close (context, kt);
+ return 0;
+ }
+ krb5_kt_end_seq_get (context, kt, &cursor);
+ krb5_kt_close (context, kt);
+
+ str_data[3] = TELQUAL_REPLY;
+ } else
+ str_data[3] = TELQUAL_IS;
+ return(1);
+}
+
+extern int net;
+static int
+kerberos5_send(char *name, Authenticator *ap)
+{
+ krb5_error_code ret;
+ krb5_ccache ccache;
+ int ap_opts;
+ krb5_data cksum_data;
+ char ap_msg[2];
+
+ if (!UserNameRequested) {
+ if (auth_debug_mode) {
+ printf("Kerberos V5: no user name supplied\r\n");
+ }
+ return(0);
+ }
+
+ ret = krb5_cc_default(context, &ccache);
+ if (ret) {
+ if (auth_debug_mode) {
+ printf("Kerberos V5: could not get default ccache: %s\r\n",
+ krb5_get_err_text (context, ret));
+ }
+ return 0;
+ }
+
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
+ ap_opts = AP_OPTS_MUTUAL_REQUIRED;
+ else
+ ap_opts = 0;
+
+ ap_opts |= AP_OPTS_USE_SUBKEY;
+
+ ret = krb5_auth_con_init (context, &auth_context);
+ if (ret) {
+ if (auth_debug_mode) {
+ printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ }
+ return(0);
+ }
+
+ ret = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &net);
+ if (ret) {
+ if (auth_debug_mode) {
+ printf ("Kerberos V5:"
+ " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ }
+ return(0);
+ }
+
+ krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES);
+
+ ap_msg[0] = ap->type;
+ ap_msg[1] = ap->way;
+
+ cksum_data.length = sizeof(ap_msg);
+ cksum_data.data = ap_msg;
+
+
+ {
+ krb5_principal service;
+ char sname[128];
+
+
+ ret = krb5_sname_to_principal (context,
+ RemoteHostName,
+ NULL,
+ KRB5_NT_SRV_HST,
+ &service);
+ if(ret) {
+ if (auth_debug_mode) {
+ printf ("Kerberos V5:"
+ " krb5_sname_to_principal(%s) failed (%s)\r\n",
+ RemoteHostName, krb5_get_err_text(context, ret));
+ }
+ return 0;
+ }
+ ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname));
+ if(ret) {
+ if (auth_debug_mode) {
+ printf ("Kerberos V5:"
+ " krb5_unparse_name_fixed failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ }
+ return 0;
+ }
+ printf("[ Trying %s (%s)... ]\r\n", name, sname);
+ ret = krb5_mk_req_exact(context, &auth_context, ap_opts,
+ service,
+ &cksum_data, ccache, &auth);
+ krb5_free_principal (context, service);
+
+ }
+ if (ret) {
+ if (1 || auth_debug_mode) {
+ printf("Kerberos V5: mk_req failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ }
+ return(0);
+ }
+
+ if (!auth_sendname((unsigned char *)UserNameRequested,
+ strlen(UserNameRequested))) {
+ if (auth_debug_mode)
+ printf("Not enough room for user name\r\n");
+ return(0);
+ }
+ if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
+ if (auth_debug_mode)
+ printf("Not enough room for authentication data\r\n");
+ return(0);
+ }
+ if (auth_debug_mode) {
+ printf("Sent Kerberos V5 credentials to server\r\n");
+ }
+ return(1);
+}
+
+int
+kerberos5_send_mutual(Authenticator *ap)
+{
+ return kerberos5_send("mutual KERBEROS5", ap);
+}
+
+int
+kerberos5_send_oneway(Authenticator *ap)
+{
+ return kerberos5_send("KERBEROS5", ap);
+}
+
+static void log_message(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ if (auth_debug_mode) {
+ va_start(ap, fmt);
+ vfprintf(stdout, fmt, ap);
+ va_end(ap);
+ fprintf(stdout, "\r\n");
+ }
+ va_start(ap, fmt);
+ vsyslog(LOG_NOTICE, fmt, ap);
+ va_end(ap);
+}
+
+void
+kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
+{
+ krb5_error_code ret;
+ krb5_data outbuf;
+ krb5_keyblock *key_block;
+ char *name;
+ krb5_principal server;
+ int zero = 0;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case KRB_AUTH:
+ auth.data = (char *)data;
+ auth.length = cnt;
+
+ auth_context = NULL;
+
+ ret = krb5_auth_con_init (context, &auth_context);
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: krb5_auth_con_init failed (%s)",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+
+ ret = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &zero);
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: "
+ "krb5_auth_con_setaddrs_from_fd failed (%s)",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+
+ ret = krb5_sock_to_principal (context,
+ 0,
+ "host",
+ KRB5_NT_SRV_HST,
+ &server);
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: "
+ "krb5_sock_to_principal failed (%s)",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+
+ ret = krb5_rd_req(context,
+ &auth_context,
+ &auth,
+ server,
+ NULL,
+ NULL,
+ &ticket);
+
+ krb5_free_principal (context, server);
+ if (ret) {
+ const char *errbuf2 = "Read req failed";
+ char *errbuf;
+ int ret2;
+
+ ret2 = asprintf(&errbuf,
+ "Read req failed: %s",
+ krb5_get_err_text(context, ret));
+ if (ret2 != -1)
+ errbuf2 = errbuf;
+ Data(ap, KRB_REJECT, errbuf2, -1);
+ log_message("%s", errbuf2);
+ if (ret2 != -1)
+ free (errbuf);
+ return;
+ }
+
+ {
+ char ap_msg[2];
+
+ ap_msg[0] = ap->type;
+ ap_msg[1] = ap->way;
+
+ ret = krb5_verify_authenticator_checksum(context,
+ auth_context,
+ ap_msg,
+ sizeof(ap_msg));
+
+ if (ret) {
+ const char *errbuf2 = "Bad checksum";
+ char *errbuf;
+ int ret2;
+
+ ret2 = asprintf(&errbuf, "Bad checksum: %s",
+ krb5_get_err_text(context, ret));
+ if (ret2 != -1)
+ errbuf2 = errbuf;
+ Data(ap, KRB_REJECT, errbuf2, -1);
+ log_message("%s", errbuf2);
+ if (ret2 != -1)
+ free(errbuf);
+ return;
+ }
+ }
+ ret = krb5_auth_con_getremotesubkey (context,
+ auth_context,
+ &key_block);
+
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: "
+ "krb5_auth_con_getremotesubkey failed (%s)",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+
+ if (key_block == NULL) {
+ ret = krb5_auth_con_getkey(context,
+ auth_context,
+ &key_block);
+ }
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: "
+ "krb5_auth_con_getkey failed (%s)",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+ if (key_block == NULL) {
+ Data(ap, KRB_REJECT, "no subkey received", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: "
+ "krb5_auth_con_getremotesubkey returned NULL key");
+ return;
+ }
+
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ ret = krb5_mk_rep(context, auth_context, &outbuf);
+ if (ret) {
+ Data(ap, KRB_REJECT,
+ "krb5_mk_rep failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ log_message("Kerberos V5: "
+ "krb5_mk_rep failed (%s)",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+ Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
+ }
+ if (krb5_unparse_name(context, ticket->client, &name))
+ name = 0;
+
+ if(UserNameRequested && krb5_kuserok(context,
+ ticket->client,
+ UserNameRequested)) {
+ Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
+ log_message("%s accepted as user %s from %s",
+ name ? name : "<unknown>",
+ UserNameRequested ? UserNameRequested : "<unknown>",
+ RemoteHostName ? RemoteHostName : "<unknown>");
+
+ if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
+ key_block->keytype == ETYPE_DES_CBC_MD4 ||
+ key_block->keytype == ETYPE_DES_CBC_CRC) {
+ Session_Key skey;
+
+ skey.type = SK_DES;
+ skey.length = 8;
+ skey.data = key_block->keyvalue.data;
+ encrypt_session_key(&skey, 0);
+ }
+
+ } else {
+ const char *msg2 = "user is not authorized to login";
+ char *msg;
+
+ ret = asprintf (&msg, "user `%s' is not authorized to "
+ "login as `%s'",
+ name ? name : "<unknown>",
+ UserNameRequested ? UserNameRequested : "<nobody>");
+ if (ret != -1)
+ msg2 = msg;
+ Data(ap, KRB_REJECT, (void *)msg2, -1);
+ if (ret != -1)
+ free(msg);
+ auth_finished (ap, AUTH_REJECT);
+ krb5_free_keyblock_contents(context, key_block);
+ break;
+ }
+ auth_finished(ap, AUTH_USER);
+ krb5_free_keyblock_contents(context, key_block);
+
+ break;
+ case KRB_FORWARD: {
+ struct passwd *pwd;
+ char ccname[1024]; /* XXX */
+ krb5_data inbuf;
+ krb5_ccache ccache;
+ inbuf.data = (char *)data;
+ inbuf.length = cnt;
+
+ pwd = getpwnam (UserNameRequested);
+ if (pwd == NULL)
+ break;
+
+ snprintf (ccname, sizeof(ccname),
+ "FILE:/tmp/krb5cc_%lu", (unsigned long)pwd->pw_uid);
+
+ ret = krb5_cc_resolve (context, ccname, &ccache);
+ if (ret) {
+ log_message("Kerberos V5: could not get ccache: %s",
+ krb5_get_err_text(context, ret));
+ break;
+ }
+
+ ret = krb5_cc_initialize (context,
+ ccache,
+ ticket->client);
+ if (ret) {
+ log_message("Kerberos V5: could not init ccache: %s",
+ krb5_get_err_text(context, ret));
+ break;
+ }
+
+#if defined(DCE)
+ esetenv("KRB5CCNAME", ccname, 1);
+#endif
+ ret = krb5_rd_cred2 (context,
+ auth_context,
+ ccache,
+ &inbuf);
+ if(ret) {
+ const char *errbuf2 = "Read forwarded creds failed";
+ char *errbuf;
+ int ret2;
+
+ ret2 = asprintf (&errbuf,
+ "Read forwarded creds failed: %s",
+ krb5_get_err_text (context, ret));
+ if (ret2 != -1)
+ errbuf2 = errbuf;
+ Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
+ log_message("Could not read forwarded credentials: %s", errbuf);
+
+ if (ret2 != -1)
+ free (errbuf);
+ } else {
+ Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
+#if defined(DCE)
+ dfsfwd = 1;
+#endif
+ }
+ chown (ccname + 5, pwd->pw_uid, -1);
+ log_message("Forwarded credentials obtained");
+ break;
+ }
+ default:
+ log_message("Unknown Kerberos option %d", data[-1]);
+ Data(ap, KRB_REJECT, 0, 0);
+ break;
+ }
+}
+
+void
+kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
+{
+ static int mutual_complete = 0;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case KRB_REJECT:
+ if (cnt > 0) {
+ printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
+ cnt, data);
+ } else
+ printf("[ Kerberos V5 refuses authentication ]\r\n");
+ auth_send_retry();
+ return;
+ case KRB_ACCEPT: {
+ krb5_error_code ret;
+ Session_Key skey;
+ krb5_keyblock *keyblock;
+
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL &&
+ !mutual_complete) {
+ printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
+ auth_send_retry();
+ return;
+ }
+ if (cnt)
+ printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
+ else
+ printf("[ Kerberos V5 accepts you ]\r\n");
+
+ ret = krb5_auth_con_getlocalsubkey (context,
+ auth_context,
+ &keyblock);
+ if (ret)
+ ret = krb5_auth_con_getkey (context,
+ auth_context,
+ &keyblock);
+ if(ret) {
+ printf("[ krb5_auth_con_getkey: %s ]\r\n",
+ krb5_get_err_text(context, ret));
+ auth_send_retry();
+ return;
+ }
+
+ skey.type = SK_DES;
+ skey.length = 8;
+ skey.data = keyblock->keyvalue.data;
+ encrypt_session_key(&skey, 0);
+ krb5_free_keyblock_contents (context, keyblock);
+ auth_finished(ap, AUTH_USER);
+ if (forward_flags & OPTS_FORWARD_CREDS)
+ kerberos5_forward(ap);
+ break;
+ }
+ case KRB_RESPONSE:
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ /* the rest of the reply should contain a krb_ap_rep */
+ krb5_ap_rep_enc_part *reply;
+ krb5_data inbuf;
+ krb5_error_code ret;
+
+ inbuf.length = cnt;
+ inbuf.data = (char *)data;
+
+ ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
+ if (ret) {
+ printf("[ Mutual authentication failed: %s ]\r\n",
+ krb5_get_err_text (context, ret));
+ auth_send_retry();
+ return;
+ }
+ krb5_free_ap_rep_enc_part(context, reply);
+ mutual_complete = 1;
+ }
+ return;
+ case KRB_FORWARD_ACCEPT:
+ printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
+ return;
+ case KRB_FORWARD_REJECT:
+ printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
+ cnt, data);
+ return;
+ default:
+ if (auth_debug_mode)
+ printf("Unknown Kerberos option %d\r\n", data[-1]);
+ return;
+ }
+}
+
+int
+kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
+{
+ if (level < AUTH_USER)
+ return(level);
+
+ if (UserNameRequested &&
+ krb5_kuserok(context,
+ ticket->client,
+ UserNameRequested))
+ {
+ strlcpy(name, UserNameRequested, name_sz);
+#if defined(DCE)
+ dfsk5ok = 1;
+#endif
+ return(AUTH_VALID);
+ } else
+ return(AUTH_USER);
+}
+
+#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
+#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+void
+kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
+{
+ int i;
+
+ buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
+ buflen -= 1;
+
+ switch(data[3]) {
+ case KRB_REJECT: /* Rejected (reason might follow) */
+ strlcpy((char *)buf, " REJECT ", buflen);
+ goto common;
+
+ case KRB_ACCEPT: /* Accepted (name might follow) */
+ strlcpy((char *)buf, " ACCEPT ", buflen);
+ common:
+ BUMP(buf, buflen);
+ if (cnt <= 4)
+ break;
+ ADDC(buf, buflen, '"');
+ for (i = 4; i < cnt; i++)
+ ADDC(buf, buflen, data[i]);
+ ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\0');
+ break;
+
+
+ case KRB_AUTH: /* Authentication data follows */
+ strlcpy((char *)buf, " AUTH", buflen);
+ goto common2;
+
+ case KRB_RESPONSE:
+ strlcpy((char *)buf, " RESPONSE", buflen);
+ goto common2;
+
+ case KRB_FORWARD: /* Forwarded credentials follow */
+ strlcpy((char *)buf, " FORWARD", buflen);
+ goto common2;
+
+ case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
+ strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
+ goto common2;
+
+ case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
+ /* (reason might follow) */
+ strlcpy((char *)buf, " FORWARD_REJECT", buflen);
+ goto common2;
+
+ default:
+ snprintf((char*)buf, buflen, " %d (unknown)", data[3]);
+ common2:
+ BUMP(buf, buflen);
+ for (i = 4; i < cnt; i++) {
+ snprintf((char*)buf, buflen, " %d", data[i]);
+ BUMP(buf, buflen);
+ }
+ break;
+ }
+}
+
+void
+kerberos5_forward(Authenticator *ap)
+{
+ krb5_error_code ret;
+ krb5_ccache ccache;
+ krb5_creds creds;
+ KDCOptions flags;
+ krb5_data out_data;
+ krb5_principal principal;
+
+ ret = krb5_cc_default (context, &ccache);
+ if (ret) {
+ if (auth_debug_mode)
+ printf ("KerberosV5: could not get default ccache: %s\r\n",
+ krb5_get_err_text (context, ret));
+ return;
+ }
+
+ ret = krb5_cc_get_principal (context, ccache, &principal);
+ if (ret) {
+ if (auth_debug_mode)
+ printf ("KerberosV5: could not get principal: %s\r\n",
+ krb5_get_err_text (context, ret));
+ return;
+ }
+
+ memset (&creds, 0, sizeof(creds));
+
+ creds.client = principal;
+
+ ret = krb5_build_principal (context,
+ &creds.server,
+ strlen(principal->realm),
+ principal->realm,
+ "krbtgt",
+ principal->realm,
+ NULL);
+
+ if (ret) {
+ if (auth_debug_mode)
+ printf ("KerberosV5: could not get principal: %s\r\n",
+ krb5_get_err_text (context, ret));
+ return;
+ }
+
+ creds.times.endtime = 0;
+
+ memset(&flags, 0, sizeof(flags));
+ flags.forwarded = 1;
+ if (forward_flags & OPTS_FORWARDABLE_CREDS)
+ flags.forwardable = 1;
+
+ ret = krb5_get_forwarded_creds (context,
+ auth_context,
+ ccache,
+ KDCOptions2int(flags),
+ RemoteHostName,
+ &creds,
+ &out_data);
+ if (ret) {
+ if (auth_debug_mode)
+ printf ("Kerberos V5: error getting forwarded creds: %s\r\n",
+ krb5_get_err_text (context, ret));
+ return;
+ }
+
+ if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) {
+ if (auth_debug_mode)
+ printf("Not enough room for authentication data\r\n");
+ } else {
+ if (auth_debug_mode)
+ printf("Forwarded local Kerberos V5 credentials to server\r\n");
+ }
+}
+
+#if defined(DCE)
+/* if this was a K5 authentication try and join a PAG for the user. */
+void
+kerberos5_dfspag(void)
+{
+ if (dfsk5ok) {
+ dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client,
+ UserNameRequested);
+ }
+}
+#endif
+
+int
+kerberos5_set_forward(int on)
+{
+ if(on == 0)
+ forward_flags &= ~OPTS_FORWARD_CREDS;
+ if(on == 1)
+ forward_flags |= OPTS_FORWARD_CREDS;
+ if(on == -1)
+ forward_flags ^= OPTS_FORWARD_CREDS;
+ return 0;
+}
+
+int
+kerberos5_set_forwardable(int on)
+{
+ if(on == 0)
+ forward_flags &= ~OPTS_FORWARDABLE_CREDS;
+ if(on == 1)
+ forward_flags |= OPTS_FORWARDABLE_CREDS;
+ if(on == -1)
+ forward_flags ^= OPTS_FORWARDABLE_CREDS;
+ return 0;
+}
+
+#endif /* KRB5 */
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/krb4encpwd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/krb4encpwd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/krb4encpwd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,436 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: krb4encpwd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef KRB4_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1. Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2. This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility. DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3. Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4. This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc. It may cease to generate certificates after the expiration
+ * date. Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5. Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#include <arpa/telnet.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#include <krb.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+int krb_mk_encpwd_req (KTEXT, char *, char *, char *, char *, char *, char *);
+int krb_rd_encpwd_req (KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *);
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+ AUTHTYPE_KRB4_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+ TELQUAL_NAME, };
+
+#define KRB4_ENCPWD_AUTH 0 /* Authentication data follows */
+#define KRB4_ENCPWD_REJECT 1 /* Rejected (reason might follow) */
+#define KRB4_ENCPWD_ACCEPT 2 /* Accepted */
+#define KRB4_ENCPWD_CHALLENGE 3 /* Challenge for mutual auth. */
+#define KRB4_ENCPWD_ACK 4 /* Acknowledge */
+
+#define KRB_SERVICE_NAME "rcmd"
+
+static KTEXT_ST auth;
+static char name[ANAME_SZ];
+static char user_passwd[ANAME_SZ];
+static AUTH_DAT adat = { 0 };
+static des_key_schedule sched;
+static char challenge[REALM_SZ];
+
+ static int
+Data(ap, type, d, c)
+ Authenticator *ap;
+ int type;
+ void *d;
+ int c;
+{
+ unsigned char *p = str_data + 4;
+ unsigned char *cd = (unsigned char *)d;
+
+ if (c == -1)
+ c = strlen(cd);
+
+ if (0) {
+ printf("%s:%d: [%d] (%d)",
+ str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+ str_data[3],
+ type, c);
+ printd(d, c);
+ printf("\r\n");
+ }
+ *p++ = ap->type;
+ *p++ = ap->way;
+ *p++ = type;
+ while (c-- > 0) {
+ if ((*p++ = *cd++) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ if (str_data[3] == TELQUAL_IS)
+ printsub('>', &str_data[2], p - (&str_data[2]));
+ return(telnet_net_write(str_data, p - str_data));
+}
+
+ int
+krb4encpwd_init(ap, server)
+ Authenticator *ap;
+ int server;
+{
+ char hostname[80], *cp, *realm;
+ des_clock skey;
+
+ if (server) {
+ str_data[3] = TELQUAL_REPLY;
+ } else {
+ str_data[3] = TELQUAL_IS;
+ gethostname(hostname, sizeof(hostname));
+ realm = krb_realmofhost(hostname);
+ cp = strchr(hostname, '.');
+ if (*cp != NULL) *cp = NULL;
+ if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
+ KEYFILE, (char *)skey)) {
+ return(0);
+ }
+ }
+ return(1);
+}
+
+ int
+krb4encpwd_send(ap)
+ Authenticator *ap;
+{
+
+ printf("[ Trying KRB4ENCPWD ... ]\r\n");
+ if (!UserNameRequested) {
+ return(0);
+ }
+ if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+ return(0);
+ }
+
+ if (!Data(ap, KRB4_ENCPWD_ACK, NULL, 0)) {
+ return(0);
+ }
+
+ return(1);
+}
+
+ void
+krb4encpwd_is(ap, data, cnt)
+ Authenticator *ap;
+ unsigned char *data;
+ int cnt;
+{
+ Session_Key skey;
+ des_cblock datablock;
+ char r_passwd[ANAME_SZ], r_user[ANAME_SZ];
+ char lhostname[ANAME_SZ], *cp;
+ int r;
+ time_t now;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case KRB4_ENCPWD_AUTH:
+ memmove(auth.dat, data, auth.length = cnt);
+
+ gethostname(lhostname, sizeof(lhostname));
+ if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
+
+ if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
+ Data(ap, KRB4_ENCPWD_REJECT, "Auth failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+ auth_encrypt_userpwd(r_passwd);
+ if (passwdok(UserNameRequested, UserPassword) == 0) {
+ /*
+ * illegal username and password
+ */
+ Data(ap, KRB4_ENCPWD_REJECT, "Illegal password", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+
+ memmove(session_key, adat.session, sizeof(des_cblock));
+ Data(ap, KRB4_ENCPWD_ACCEPT, 0, 0);
+ auth_finished(ap, AUTH_USER);
+ break;
+
+ case KRB4_ENCPWD_CHALLENGE:
+ /*
+ * Take the received random challenge text and save
+ * for future authentication.
+ */
+ memmove(challenge, data, sizeof(des_cblock));
+ break;
+
+
+ case KRB4_ENCPWD_ACK:
+ /*
+ * Receive ack, if mutual then send random challenge
+ */
+
+ /*
+ * If we are doing mutual authentication, get set up to send
+ * the challenge, and verify it when the response comes back.
+ */
+
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ int i;
+
+ time(&now);
+ snprintf(challenge, sizeof(challenge), "%x", now);
+ Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
+ }
+ break;
+
+ default:
+ Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
+ break;
+ }
+}
+
+
+ void
+krb4encpwd_reply(ap, data, cnt)
+ Authenticator *ap;
+ unsigned char *data;
+ int cnt;
+{
+ Session_Key skey;
+ KTEXT_ST krb_token;
+ des_cblock enckey;
+ CREDENTIALS cred;
+ int r;
+ char randchal[REALM_SZ], instance[ANAME_SZ], *cp;
+ char hostname[80], *realm;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case KRB4_ENCPWD_REJECT:
+ if (cnt > 0) {
+ printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n",
+ cnt, data);
+ } else
+ printf("[ KRB4_ENCPWD refuses authentication ]\r\n");
+ auth_send_retry();
+ return;
+ case KRB4_ENCPWD_ACCEPT:
+ printf("[ KRB4_ENCPWD accepts you ]\r\n");
+ auth_finished(ap, AUTH_USER);
+ return;
+ case KRB4_ENCPWD_CHALLENGE:
+ /*
+ * Verify that the response to the challenge is correct.
+ */
+
+ gethostname(hostname, sizeof(hostname));
+ realm = krb_realmofhost(hostname);
+ memmove(challenge, data, cnt);
+ memset(user_passwd, 0, sizeof(user_passwd));
+ des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+ UserPassword = user_passwd;
+ Challenge = challenge;
+ strlcpy(instance, RemoteHostName, sizeof(instance));
+ if ((cp = strchr(instance, '.')) != 0) *cp = '\0';
+
+ if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
+ krb_token.length = 0;
+ }
+
+ if (!Data(ap, KRB4_ENCPWD_AUTH, krb_token.dat, krb_token.length)) {
+ return;
+ }
+
+ break;
+
+ default:
+ return;
+ }
+}
+
+ int
+krb4encpwd_status(ap, name, name_sz, level)
+ Authenticator *ap;
+ char *name;
+ size_t name_sz;
+ int level;
+{
+
+ if (level < AUTH_USER)
+ return(level);
+
+ if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
+ strlcpy(name, UserNameRequested, name_sz);
+ return(AUTH_VALID);
+ } else {
+ return(AUTH_USER);
+ }
+}
+
+#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
+#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+ void
+krb4encpwd_printsub(data, cnt, buf, buflen)
+ unsigned char *data, *buf;
+ int cnt, buflen;
+{
+ int i;
+
+ buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
+ buflen -= 1;
+
+ switch(data[3]) {
+ case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */
+ strlcpy((char *)buf, " REJECT ", buflen);
+ goto common;
+
+ case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */
+ strlcpy((char *)buf, " ACCEPT ", buflen);
+ common:
+ BUMP(buf, buflen);
+ if (cnt <= 4)
+ break;
+ ADDC(buf, buflen, '"');
+ for (i = 4; i < cnt; i++)
+ ADDC(buf, buflen, data[i]);
+ ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\0');
+ break;
+
+ case KRB4_ENCPWD_AUTH: /* Authentication data follows */
+ strlcpy((char *)buf, " AUTH", buflen);
+ goto common2;
+
+ case KRB4_ENCPWD_CHALLENGE:
+ strlcpy((char *)buf, " CHALLENGE", buflen);
+ goto common2;
+
+ case KRB4_ENCPWD_ACK:
+ strlcpy((char *)buf, " ACK", buflen);
+ goto common2;
+
+ default:
+ snprintf(buf, buflen, " %d (unknown)", data[3]);
+ common2:
+ BUMP(buf, buflen);
+ for (i = 4; i < cnt; i++) {
+ snprintf(buf, buflen, " %d", data[i]);
+ BUMP(buf, buflen);
+ }
+ break;
+ }
+}
+
+int passwdok(name, passwd)
+char *name, *passwd;
+{
+ char *crypt();
+ char *salt, *p;
+ struct passwd *pwd;
+ int passwdok_status = 0;
+
+ if (pwd = k_getpwnam(name))
+ salt = pwd->pw_passwd;
+ else salt = "xx";
+
+ p = crypt(passwd, salt);
+
+ if (pwd && !strcmp(p, pwd->pw_passwd)) {
+ passwdok_status = 1;
+ } else passwdok_status = 0;
+ return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+ char *msg;
+ unsigned char *key;
+{
+ int i;
+ printf("%s:", msg);
+ for (i = 0; i < 8; i++)
+ printf(" %3d", key[i]);
+ printf("\r\n");
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc-proto.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc-proto.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc-proto.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)misc-proto.h 8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America is assumed
+ * to require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* $Id: misc-proto.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __MISC_PROTO__
+#define __MISC_PROTO__
+
+void auth_encrypt_init (const char *, const char *, const char *, int);
+void auth_encrypt_user(const char *name);
+void auth_encrypt_connect (int);
+void printd (const unsigned char *, int);
+
+char** genget (char *name, char **table, int stlen);
+int isprefix(char *s1, char *s2);
+int Ambiguous(void *s);
+
+/*
+ * These functions are imported from the application
+ */
+int telnet_net_write (unsigned char *, int);
+void net_encrypt (void);
+int telnet_spin (void);
+char *telnet_getenv (const char *);
+char *telnet_gets (char *, char *, int, int);
+void printsub(int direction, unsigned char *pointer, int length);
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: misc.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+#include "misc.h"
+#include "auth.h"
+#include "encrypt.h"
+
+
+const char *RemoteHostName;
+const char *LocalHostName;
+char *UserNameRequested = 0;
+int ConnectedCount = 0;
+
+void
+auth_encrypt_init(const char *local, const char *remote, const char *name,
+ int server)
+{
+ RemoteHostName = remote;
+ LocalHostName = local;
+#ifdef AUTHENTICATION
+ auth_init(name, server);
+#endif
+#ifdef ENCRYPTION
+ encrypt_init(name, server);
+#endif
+ if (UserNameRequested) {
+ free(UserNameRequested);
+ UserNameRequested = 0;
+ }
+}
+
+void
+auth_encrypt_user(const char *name)
+{
+ if (UserNameRequested)
+ free(UserNameRequested);
+ UserNameRequested = name ? strdup(name) : 0;
+}
+
+void
+auth_encrypt_connect(int cnt)
+{
+}
+
+void
+printd(const unsigned char *data, int cnt)
+{
+ if (cnt > 16)
+ cnt = 16;
+ while (cnt-- > 0) {
+ printf(" %02x", *data);
+ ++data;
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/misc.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,42 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)misc.h 8.1 (Berkeley) 6/4/93
+ */
+
+extern char *UserNameRequested;
+extern const char *LocalHostName;
+extern const char *RemoteHostName;
+extern int ConnectedCount;
+extern int ReservedPort;
+
+#include "misc-proto.h"
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/rsaencpwd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/rsaencpwd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/rsaencpwd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,487 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: rsaencpwd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef RSA_ENCPWD
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1. Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2. This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility. DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3. Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4. This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc. It may cease to generate certificates after the expiration
+ * date. Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5. Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#include <sys/types.h>
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <pwd.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+#include "cdc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+ AUTHTYPE_RSA_ENCPWD, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+ TELQUAL_NAME, };
+
+#define RSA_ENCPWD_AUTH 0 /* Authentication data follows */
+#define RSA_ENCPWD_REJECT 1 /* Rejected (reason might follow) */
+#define RSA_ENCPWD_ACCEPT 2 /* Accepted */
+#define RSA_ENCPWD_CHALLENGEKEY 3 /* Challenge and public key */
+
+#define NAME_SZ 40
+#define CHAL_SZ 20
+#define PWD_SZ 40
+
+static KTEXT_ST auth;
+static char name[NAME_SZ];
+static char user_passwd[PWD_SZ];
+static char key_file[2*NAME_SZ];
+static char lhostname[NAME_SZ];
+static char challenge[CHAL_SZ];
+static int challenge_len;
+
+ static int
+Data(ap, type, d, c)
+ Authenticator *ap;
+ int type;
+ void *d;
+ int c;
+{
+ unsigned char *p = str_data + 4;
+ unsigned char *cd = (unsigned char *)d;
+
+ if (c == -1)
+ c = strlen((char *)cd);
+
+ if (0) {
+ printf("%s:%d: [%d] (%d)",
+ str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+ str_data[3],
+ type, c);
+ printd(d, c);
+ printf("\r\n");
+ }
+ *p++ = ap->type;
+ *p++ = ap->way;
+ if (type != NULL) *p++ = type;
+ while (c-- > 0) {
+ if ((*p++ = *cd++) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ if (str_data[3] == TELQUAL_IS)
+ printsub('>', &str_data[2], p - (&str_data[2]));
+ return(telnet_net_write(str_data, p - str_data));
+}
+
+ int
+rsaencpwd_init(ap, server)
+ Authenticator *ap;
+ int server;
+{
+ char *cp;
+ FILE *fp;
+
+ if (server) {
+ str_data[3] = TELQUAL_REPLY;
+ memset(key_file, 0, sizeof(key_file));
+ gethostname(lhostname, sizeof(lhostname));
+ if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
+ snprintf(key_file, sizeof(key_file),
+ SYSCONFDIR "/.%s_privkey", lhostname);
+ if ((fp=fopen(key_file, "r"))==NULL) return(0);
+ fclose(fp);
+ } else {
+ str_data[3] = TELQUAL_IS;
+ }
+ return(1);
+}
+
+ int
+rsaencpwd_send(ap)
+ Authenticator *ap;
+{
+
+ printf("[ Trying RSAENCPWD ... ]\r\n");
+ if (!UserNameRequested) {
+ return(0);
+ }
+ if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+ return(0);
+ }
+ if (!Data(ap, NULL, NULL, 0)) {
+ return(0);
+ }
+
+
+ return(1);
+}
+
+ void
+rsaencpwd_is(ap, data, cnt)
+ Authenticator *ap;
+ unsigned char *data;
+ int cnt;
+{
+ Session_Key skey;
+ des_cblock datablock;
+ char r_passwd[PWD_SZ], r_user[NAME_SZ];
+ char *cp, key[160];
+ char chalkey[160], *ptr;
+ FILE *fp;
+ int r, i, j, chalkey_len, len;
+ time_t now;
+
+ cnt--;
+ switch (*data++) {
+ case RSA_ENCPWD_AUTH:
+ memmove(auth.dat, data, auth.length = cnt);
+
+ if ((fp=fopen(key_file, "r"))==NULL) {
+ Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+ /*
+ * get privkey
+ */
+ fscanf(fp, "%x;", &len);
+ for (i=0;i<len;i++) {
+ j = getc(fp); key[i]=j;
+ }
+ fclose(fp);
+
+ r = accept_rsa_encpwd(&auth, key, challenge,
+ challenge_len, r_passwd);
+ if (r < 0) {
+ Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+ auth_encrypt_userpwd(r_passwd);
+ if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
+ /*
+ * illegal username and password
+ */
+ Data(ap, RSA_ENCPWD_REJECT, "Illegal password", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+
+ Data(ap, RSA_ENCPWD_ACCEPT, 0, 0);
+ auth_finished(ap, AUTH_USER);
+ break;
+
+
+ case IAC:
+
+ /*
+ * If we are doing mutual authentication, get set up to send
+ * the challenge, and verify it when the response comes back.
+ */
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
+ int i;
+
+
+ time(&now);
+ if ((now % 2) == 0) {
+ snprintf(challenge, sizeof(challenge), "%x", now);
+ challenge_len = strlen(challenge);
+ } else {
+ strlcpy(challenge, "randchal", sizeof(challenge));
+ challenge_len = 8;
+ }
+
+ if ((fp=fopen(key_file, "r"))==NULL) {
+ Data(ap, RSA_ENCPWD_REJECT, "Auth failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+ /*
+ * skip privkey
+ */
+ fscanf(fp, "%x;", &len);
+ for (i=0;i<len;i++) {
+ j = getc(fp);
+ }
+ /*
+ * get pubkey
+ */
+ fscanf(fp, "%x;", &len);
+ for (i=0;i<len;i++) {
+ j = getc(fp); key[i]=j;
+ }
+ fclose(fp);
+ chalkey[0] = 0x30;
+ ptr = (char *) &chalkey[1];
+ chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
+ EncodeLength(ptr, chalkey_len);
+ ptr +=NumEncodeLengthOctets(chalkey_len);
+ *ptr++ = 0x04; /* OCTET STRING */
+ *ptr++ = challenge_len;
+ memmove(ptr, challenge, challenge_len);
+ ptr += challenge_len;
+ *ptr++ = 0x04; /* OCTET STRING */
+ EncodeLength(ptr, i);
+ ptr += NumEncodeLengthOctets(i);
+ memmove(ptr, key, i);
+ chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
+ Data(ap, RSA_ENCPWD_CHALLENGEKEY, chalkey, chalkey_len);
+ }
+ break;
+
+ default:
+ Data(ap, RSA_ENCPWD_REJECT, 0, 0);
+ break;
+ }
+}
+
+
+ void
+rsaencpwd_reply(ap, data, cnt)
+ Authenticator *ap;
+ unsigned char *data;
+ int cnt;
+{
+ Session_Key skey;
+ KTEXT_ST token;
+ des_cblock enckey;
+ int r, pubkey_len;
+ char randchal[CHAL_SZ], *cp;
+ char chalkey[160], pubkey[128], *ptr;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case RSA_ENCPWD_REJECT:
+ if (cnt > 0) {
+ printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
+ cnt, data);
+ } else
+ printf("[ RSA_ENCPWD refuses authentication ]\r\n");
+ auth_send_retry();
+ return;
+ case RSA_ENCPWD_ACCEPT:
+ printf("[ RSA_ENCPWD accepts you ]\r\n");
+ auth_finished(ap, AUTH_USER);
+ return;
+ case RSA_ENCPWD_CHALLENGEKEY:
+ /*
+ * Verify that the response to the challenge is correct.
+ */
+
+ memmove(chalkey, data, cnt);
+ ptr = (char *) &chalkey[0];
+ ptr += DecodeHeaderLength(chalkey);
+ if (*ptr != 0x04) {
+ return;
+ }
+ *ptr++;
+ challenge_len = DecodeValueLength(ptr);
+ ptr += NumEncodeLengthOctets(challenge_len);
+ memmove(challenge, ptr, challenge_len);
+ ptr += challenge_len;
+ if (*ptr != 0x04) {
+ return;
+ }
+ *ptr++;
+ pubkey_len = DecodeValueLength(ptr);
+ ptr += NumEncodeLengthOctets(pubkey_len);
+ memmove(pubkey, ptr, pubkey_len);
+ memset(user_passwd, 0, sizeof(user_passwd));
+ des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
+ UserPassword = user_passwd;
+ Challenge = challenge;
+ r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
+ if (r < 0) {
+ token.length = 1;
+ }
+
+ if (!Data(ap, RSA_ENCPWD_AUTH, token.dat, token.length)) {
+ return;
+ }
+
+ break;
+
+ default:
+ return;
+ }
+}
+
+ int
+rsaencpwd_status(ap, name, name_sz, level)
+ Authenticator *ap;
+ char *name;
+ size_t name_sz;
+ int level;
+{
+
+ if (level < AUTH_USER)
+ return(level);
+
+ if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
+ strlcpy(name, UserNameRequested, name_sz);
+ return(AUTH_VALID);
+ } else {
+ return(AUTH_USER);
+ }
+}
+
+#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
+#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+ void
+rsaencpwd_printsub(data, cnt, buf, buflen)
+ unsigned char *data, *buf;
+ int cnt, buflen;
+{
+ int i;
+
+ buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
+ buflen -= 1;
+
+ switch(data[3]) {
+ case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */
+ strlcpy((char *)buf, " REJECT ", buflen);
+ goto common;
+
+ case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */
+ strlcpy((char *)buf, " ACCEPT ", buflen);
+ common:
+ BUMP(buf, buflen);
+ if (cnt <= 4)
+ break;
+ ADDC(buf, buflen, '"');
+ for (i = 4; i < cnt; i++)
+ ADDC(buf, buflen, data[i]);
+ ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\0');
+ break;
+
+ case RSA_ENCPWD_AUTH: /* Authentication data follows */
+ strlcpy((char *)buf, " AUTH", buflen);
+ goto common2;
+
+ case RSA_ENCPWD_CHALLENGEKEY:
+ strlcpy((char *)buf, " CHALLENGEKEY", buflen);
+ goto common2;
+
+ default:
+ snprintf(buf, buflen, " %d (unknown)", data[3]);
+ common2:
+ BUMP(buf, buflen);
+ for (i = 4; i < cnt; i++) {
+ snprintf(buf, buflen, " %d", data[i]);
+ BUMP(buf, buflen);
+ }
+ break;
+ }
+}
+
+int rsaencpwd_passwdok(name, passwd)
+char *name, *passwd;
+{
+ char *crypt();
+ char *salt, *p;
+ struct passwd *pwd;
+ int passwdok_status = 0;
+
+ if (pwd = k_getpwnam(name))
+ salt = pwd->pw_passwd;
+ else salt = "xx";
+
+ p = crypt(passwd, salt);
+
+ if (pwd && !strcmp(p, pwd->pw_passwd)) {
+ passwdok_status = 1;
+ } else passwdok_status = 0;
+ return(passwdok_status);
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+ char *msg;
+ unsigned char *key;
+{
+ int i;
+ printf("%s:", msg);
+ for (i = 0; i < 8; i++)
+ printf(" %3d", key[i]);
+ printf("\r\n");
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/libtelnet/spx.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/libtelnet/spx.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/libtelnet/spx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,586 @@
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: spx.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef SPX
+/*
+ * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
+ * ALL RIGHTS RESERVED
+ *
+ * "Digital Equipment Corporation authorizes the reproduction,
+ * distribution and modification of this software subject to the following
+ * restrictions:
+ *
+ * 1. Any partial or whole copy of this software, or any modification
+ * thereof, must include this copyright notice in its entirety.
+ *
+ * 2. This software is supplied "as is" with no warranty of any kind,
+ * expressed or implied, for any purpose, including any warranty of fitness
+ * or merchantibility. DIGITAL assumes no responsibility for the use or
+ * reliability of this software, nor promises to provide any form of
+ * support for it on any basis.
+ *
+ * 3. Distribution of this software is authorized only if no profit or
+ * remuneration of any kind is received in exchange for such distribution.
+ *
+ * 4. This software produces public key authentication certificates
+ * bearing an expiration date established by DIGITAL and RSA Data
+ * Security, Inc. It may cease to generate certificates after the expiration
+ * date. Any modification of this software that changes or defeats
+ * the expiration date or its effect is unauthorized.
+ *
+ * 5. Software that will renew or extend the expiration date of
+ * authentication certificates produced by this software may be obtained
+ * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
+ * 94065, (415)595-8782, or from DIGITAL"
+ *
+ */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+#include <stdio.h>
+#include "gssapi_defs.h"
+#include <stdlib.h>
+#include <string.h>
+
+#include <pwd.h>
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#include "encrypt.h"
+#include "auth.h"
+#include "misc.h"
+
+extern auth_debug_mode;
+
+static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
+ AUTHTYPE_SPX, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+ TELQUAL_NAME, };
+
+#define SPX_AUTH 0 /* Authentication data follows */
+#define SPX_REJECT 1 /* Rejected (reason might follow) */
+#define SPX_ACCEPT 2 /* Accepted */
+
+static des_key_schedule sched;
+static des_cblock challenge = { 0 };
+
+
+/*******************************************************************/
+
+gss_OID_set actual_mechs;
+gss_OID actual_mech_type, output_name_type;
+int major_status, status, msg_ctx = 0, new_status;
+int req_flags = 0, ret_flags, lifetime_rec;
+gss_cred_id_t gss_cred_handle;
+gss_ctx_id_t actual_ctxhandle, context_handle;
+gss_buffer_desc output_token, input_token, input_name_buffer;
+gss_buffer_desc status_string;
+gss_name_t desired_targname, src_name;
+gss_channel_bindings input_chan_bindings;
+char lhostname[GSS_C_MAX_PRINTABLE_NAME];
+char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+int to_addr=0, from_addr=0;
+char *address;
+gss_buffer_desc fullname_buffer;
+gss_OID fullname_type;
+gss_cred_id_t gss_delegated_cred_handle;
+
+/*******************************************************************/
+
+
+
+ static int
+Data(ap, type, d, c)
+ Authenticator *ap;
+ int type;
+ void *d;
+ int c;
+{
+ unsigned char *p = str_data + 4;
+ unsigned char *cd = (unsigned char *)d;
+
+ if (c == -1)
+ c = strlen((char *)cd);
+
+ if (0) {
+ printf("%s:%d: [%d] (%d)",
+ str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
+ str_data[3],
+ type, c);
+ printd(d, c);
+ printf("\r\n");
+ }
+ *p++ = ap->type;
+ *p++ = ap->way;
+ *p++ = type;
+ while (c-- > 0) {
+ if ((*p++ = *cd++) == IAC)
+ *p++ = IAC;
+ }
+ *p++ = IAC;
+ *p++ = SE;
+ if (str_data[3] == TELQUAL_IS)
+ printsub('>', &str_data[2], p - (&str_data[2]));
+ return(telnet_net_write(str_data, p - str_data));
+}
+
+ int
+spx_init(ap, server)
+ Authenticator *ap;
+ int server;
+{
+ gss_cred_id_t tmp_cred_handle;
+
+ if (server) {
+ str_data[3] = TELQUAL_REPLY;
+ gethostname(lhostname, sizeof(lhostname));
+ snprintf (targ_printable, sizeof(targ_printable),
+ "SERVICE:rcmd@%s", lhostname);
+ input_name_buffer.length = strlen(targ_printable);
+ input_name_buffer.value = targ_printable;
+ major_status = gss_import_name(&status,
+ &input_name_buffer,
+ GSS_C_NULL_OID,
+ &desired_targname);
+ major_status = gss_acquire_cred(&status,
+ desired_targname,
+ 0,
+ GSS_C_NULL_OID_SET,
+ GSS_C_ACCEPT,
+ &tmp_cred_handle,
+ &actual_mechs,
+ &lifetime_rec);
+ if (major_status != GSS_S_COMPLETE) return(0);
+ } else {
+ str_data[3] = TELQUAL_IS;
+ }
+ return(1);
+}
+
+ int
+spx_send(ap)
+ Authenticator *ap;
+{
+ des_cblock enckey;
+ int r;
+
+ gss_OID actual_mech_type, output_name_type;
+ int msg_ctx = 0, new_status, status;
+ int req_flags = 0, ret_flags, lifetime_rec, major_status;
+ gss_buffer_desc output_token, input_token, input_name_buffer;
+ gss_buffer_desc output_name_buffer, status_string;
+ gss_name_t desired_targname;
+ gss_channel_bindings input_chan_bindings;
+ char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
+ int from_addr=0, to_addr=0, myhostlen, j;
+ int deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
+ char *address;
+
+ printf("[ Trying SPX ... ]\r\n");
+ snprintf (targ_printable, sizeof(targ_printable),
+ "SERVICE:rcmd@%s", RemoteHostName);
+
+ input_name_buffer.length = strlen(targ_printable);
+ input_name_buffer.value = targ_printable;
+
+ if (!UserNameRequested) {
+ return(0);
+ }
+
+ major_status = gss_import_name(&status,
+ &input_name_buffer,
+ GSS_C_NULL_OID,
+ &desired_targname);
+
+
+ major_status = gss_display_name(&status,
+ desired_targname,
+ &output_name_buffer,
+ &output_name_type);
+
+ printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
+
+ major_status = gss_release_buffer(&status, &output_name_buffer);
+
+ input_chan_bindings = (gss_channel_bindings)
+ malloc(sizeof(gss_channel_bindings_desc));
+
+ input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+ input_chan_bindings->initiator_address.length = 4;
+ address = (char *) malloc(4);
+ input_chan_bindings->initiator_address.value = (char *) address;
+ address[0] = ((from_addr & 0xff000000) >> 24);
+ address[1] = ((from_addr & 0xff0000) >> 16);
+ address[2] = ((from_addr & 0xff00) >> 8);
+ address[3] = (from_addr & 0xff);
+ input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+ input_chan_bindings->acceptor_address.length = 4;
+ address = (char *) malloc(4);
+ input_chan_bindings->acceptor_address.value = (char *) address;
+ address[0] = ((to_addr & 0xff000000) >> 24);
+ address[1] = ((to_addr & 0xff0000) >> 16);
+ address[2] = ((to_addr & 0xff00) >> 8);
+ address[3] = (to_addr & 0xff);
+ input_chan_bindings->application_data.length = 0;
+
+ req_flags = 0;
+ if (deleg_flag) req_flags = req_flags | 1;
+ if (mutual_flag) req_flags = req_flags | 2;
+ if (replay_flag) req_flags = req_flags | 4;
+ if (seq_flag) req_flags = req_flags | 8;
+
+ major_status = gss_init_sec_context(&status, /* minor status */
+ GSS_C_NO_CREDENTIAL, /* cred handle */
+ &actual_ctxhandle, /* ctx handle */
+ desired_targname, /* target name */
+ GSS_C_NULL_OID, /* mech type */
+ req_flags, /* req flags */
+ 0, /* time req */
+ input_chan_bindings, /* chan binding */
+ GSS_C_NO_BUFFER, /* input token */
+ &actual_mech_type, /* actual mech */
+ &output_token, /* output token */
+ &ret_flags, /* ret flags */
+ &lifetime_rec); /* time rec */
+
+ if ((major_status != GSS_S_COMPLETE) &&
+ (major_status != GSS_S_CONTINUE_NEEDED)) {
+ gss_display_status(&new_status,
+ status,
+ GSS_C_MECH_CODE,
+ GSS_C_NULL_OID,
+ &msg_ctx,
+ &status_string);
+ printf("%s\n", status_string.value);
+ return(0);
+ }
+
+ if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
+ return(0);
+ }
+
+ if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) {
+ return(0);
+ }
+
+ return(1);
+}
+
+ void
+spx_is(ap, data, cnt)
+ Authenticator *ap;
+ unsigned char *data;
+ int cnt;
+{
+ Session_Key skey;
+ des_cblock datablock;
+ int r;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case SPX_AUTH:
+ input_token.length = cnt;
+ input_token.value = (char *) data;
+
+ gethostname(lhostname, sizeof(lhostname));
+
+ snprintf(targ_printable, sizeof(targ_printable),
+ "SERVICE:rcmd@%s", lhostname);
+
+ input_name_buffer.length = strlen(targ_printable);
+ input_name_buffer.value = targ_printable;
+
+ major_status = gss_import_name(&status,
+ &input_name_buffer,
+ GSS_C_NULL_OID,
+ &desired_targname);
+
+ major_status = gss_acquire_cred(&status,
+ desired_targname,
+ 0,
+ GSS_C_NULL_OID_SET,
+ GSS_C_ACCEPT,
+ &gss_cred_handle,
+ &actual_mechs,
+ &lifetime_rec);
+
+ major_status = gss_release_name(&status, desired_targname);
+
+ input_chan_bindings = (gss_channel_bindings)
+ malloc(sizeof(gss_channel_bindings_desc));
+
+ input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
+ input_chan_bindings->initiator_address.length = 4;
+ address = (char *) malloc(4);
+ input_chan_bindings->initiator_address.value = (char *) address;
+ address[0] = ((from_addr & 0xff000000) >> 24);
+ address[1] = ((from_addr & 0xff0000) >> 16);
+ address[2] = ((from_addr & 0xff00) >> 8);
+ address[3] = (from_addr & 0xff);
+ input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
+ input_chan_bindings->acceptor_address.length = 4;
+ address = (char *) malloc(4);
+ input_chan_bindings->acceptor_address.value = (char *) address;
+ address[0] = ((to_addr & 0xff000000) >> 24);
+ address[1] = ((to_addr & 0xff0000) >> 16);
+ address[2] = ((to_addr & 0xff00) >> 8);
+ address[3] = (to_addr & 0xff);
+ input_chan_bindings->application_data.length = 0;
+
+ major_status = gss_accept_sec_context(&status,
+ &context_handle,
+ gss_cred_handle,
+ &input_token,
+ input_chan_bindings,
+ &src_name,
+ &actual_mech_type,
+ &output_token,
+ &ret_flags,
+ &lifetime_rec,
+ &gss_delegated_cred_handle);
+
+
+ if (major_status != GSS_S_COMPLETE) {
+
+ major_status = gss_display_name(&status,
+ src_name,
+ &fullname_buffer,
+ &fullname_type);
+ Data(ap, SPX_REJECT, "auth failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ return;
+ }
+
+ major_status = gss_display_name(&status,
+ src_name,
+ &fullname_buffer,
+ &fullname_type);
+
+
+ Data(ap, SPX_ACCEPT, output_token.value, output_token.length);
+ auth_finished(ap, AUTH_USER);
+ break;
+
+ default:
+ Data(ap, SPX_REJECT, 0, 0);
+ break;
+ }
+}
+
+
+ void
+spx_reply(ap, data, cnt)
+ Authenticator *ap;
+ unsigned char *data;
+ int cnt;
+{
+ Session_Key skey;
+
+ if (cnt-- < 1)
+ return;
+ switch (*data++) {
+ case SPX_REJECT:
+ if (cnt > 0) {
+ printf("[ SPX refuses authentication because %.*s ]\r\n",
+ cnt, data);
+ } else
+ printf("[ SPX refuses authentication ]\r\n");
+ auth_send_retry();
+ return;
+ case SPX_ACCEPT:
+ printf("[ SPX accepts you ]\r\n");
+ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ /*
+ * Send over the encrypted challenge.
+ */
+ input_token.value = (char *) data;
+ input_token.length = cnt;
+
+ major_status = gss_init_sec_context(&status, /* minor stat */
+ GSS_C_NO_CREDENTIAL, /* cred handle */
+ &actual_ctxhandle, /* ctx handle */
+ desired_targname, /* target name */
+ GSS_C_NULL_OID, /* mech type */
+ req_flags, /* req flags */
+ 0, /* time req */
+ input_chan_bindings, /* chan binding */
+ &input_token, /* input token */
+ &actual_mech_type, /* actual mech */
+ &output_token, /* output token */
+ &ret_flags, /* ret flags */
+ &lifetime_rec); /* time rec */
+
+ if (major_status != GSS_S_COMPLETE) {
+ gss_display_status(&new_status,
+ status,
+ GSS_C_MECH_CODE,
+ GSS_C_NULL_OID,
+ &msg_ctx,
+ &status_string);
+ printf("[ SPX mutual response fails ... '%s' ]\r\n",
+ status_string.value);
+ auth_send_retry();
+ return;
+ }
+ }
+ auth_finished(ap, AUTH_USER);
+ return;
+
+ default:
+ return;
+ }
+}
+
+ int
+spx_status(ap, name, name_sz, level)
+ Authenticator *ap;
+ char *name;
+ size_t name_sz;
+ int level;
+{
+
+ gss_buffer_desc fullname_buffer, acl_file_buffer;
+ gss_OID fullname_type;
+ char acl_file[160], fullname[160];
+ int major_status, status = 0;
+ struct passwd *pwd;
+
+ /*
+ * hard code fullname to
+ * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
+ * and acl_file to "~kannan/.sphinx"
+ */
+
+ pwd = k_getpwnam(UserNameRequested);
+ if (pwd == NULL) {
+ return(AUTH_USER); /* not authenticated */
+ }
+
+ snprintf (acl_file, sizeof(acl_file),
+ "%s/.sphinx", pwd->pw_dir);
+
+ acl_file_buffer.value = acl_file;
+ acl_file_buffer.length = strlen(acl_file);
+
+ major_status = gss_display_name(&status,
+ src_name,
+ &fullname_buffer,
+ &fullname_type);
+
+ if (level < AUTH_USER)
+ return(level);
+
+ major_status = gss__check_acl(&status, &fullname_buffer,
+ &acl_file_buffer);
+
+ if (major_status == GSS_S_COMPLETE) {
+ strlcpy(name, UserNameRequested, name_sz);
+ return(AUTH_VALID);
+ } else {
+ return(AUTH_USER);
+ }
+
+}
+
+#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
+#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
+
+ void
+spx_printsub(data, cnt, buf, buflen)
+ unsigned char *data, *buf;
+ int cnt, buflen;
+{
+ int i;
+
+ buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
+ buflen -= 1;
+
+ switch(data[3]) {
+ case SPX_REJECT: /* Rejected (reason might follow) */
+ strlcpy((char *)buf, " REJECT ", buflen);
+ goto common;
+
+ case SPX_ACCEPT: /* Accepted (name might follow) */
+ strlcpy((char *)buf, " ACCEPT ", buflen);
+ common:
+ BUMP(buf, buflen);
+ if (cnt <= 4)
+ break;
+ ADDC(buf, buflen, '"');
+ for (i = 4; i < cnt; i++)
+ ADDC(buf, buflen, data[i]);
+ ADDC(buf, buflen, '"');
+ ADDC(buf, buflen, '\0');
+ break;
+
+ case SPX_AUTH: /* Authentication data follows */
+ strlcpy((char *)buf, " AUTH", buflen);
+ goto common2;
+
+ default:
+ snprintf(buf, buflen, " %d (unknown)", data[3]);
+ common2:
+ BUMP(buf, buflen);
+ for (i = 4; i < cnt; i++) {
+ snprintf(buf, buflen, " %d", data[i]);
+ BUMP(buf, buflen);
+ }
+ break;
+ }
+}
+
+#endif
+
+#ifdef notdef
+
+prkey(msg, key)
+ char *msg;
+ unsigned char *key;
+{
+ int i;
+ printf("%s:", msg);
+ for (i = 0; i < 8; i++)
+ printf(" %3d", key[i]);
+ printf("\r\n");
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+
+bin_PROGRAMS = telnet
+
+CHECK_LOCAL =
+
+telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \
+ sys_bsd.c telnet.c terminal.c \
+ utilities.c defines.h externs.h ring.h telnet_locl.h types.h
+
+man_MANS = telnet.1
+
+LDADD = ../libtelnet/libtelnet.a \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_tgetent) \
+ $(LIB_kdfs) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,845 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = telnet$(EXEEXT)
+subdir = appl/telnet/telnet
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_telnet_OBJECTS = authenc.$(OBJEXT) commands.$(OBJEXT) \
+ main.$(OBJEXT) network.$(OBJEXT) ring.$(OBJEXT) \
+ sys_bsd.$(OBJEXT) telnet.$(OBJEXT) terminal.$(OBJEXT) \
+ utilities.$(OBJEXT)
+telnet_OBJECTS = $(am_telnet_OBJECTS)
+telnet_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+telnet_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(LIB_kdfs) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(telnet_SOURCES)
+DIST_SOURCES = $(telnet_SOURCES)
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CHECK_LOCAL =
+telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \
+ sys_bsd.c telnet.c terminal.c \
+ utilities.c defines.h externs.h ring.h telnet_locl.h types.h
+
+man_MANS = telnet.1
+LDADD = ../libtelnet/libtelnet.a \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_tgetent) \
+ $(LIB_kdfs) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnet/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnet/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+telnet$(EXEEXT): $(telnet_OBJECTS) $(telnet_DEPENDENCIES)
+ @rm -f telnet$(EXEEXT)
+ $(LINK) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-binPROGRAMS uninstall-hook \
+ uninstall-man uninstall-man1
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/authenc.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/authenc.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/authenc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: authenc.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+int
+telnet_net_write(unsigned char *str, int len)
+{
+ if (NETROOM() > len) {
+ ring_supply_data(&netoring, str, len);
+ if (str[0] == IAC && str[1] == SE)
+ printsub('>', &str[2], len-2);
+ return(len);
+ }
+ return(0);
+}
+
+void
+net_encrypt(void)
+{
+#if defined(ENCRYPTION)
+ if (encrypt_output)
+ ring_encrypt(&netoring, encrypt_output);
+ else
+ ring_clearto(&netoring);
+#endif
+}
+
+int
+telnet_spin(void)
+{
+ int ret = 0;
+
+ scheduler_lockout_tty = 1;
+ if (Scheduler(0) == -1)
+ ret = 1;
+ scheduler_lockout_tty = 0;
+
+ return ret;
+
+}
+
+char *
+telnet_getenv(const char *val)
+{
+ return((char *)env_getvalue((unsigned char *)val));
+}
+
+char *
+telnet_gets(char *prompt, char *result, int length, int echo)
+{
+ int om = globalmode;
+ char *res;
+
+ TerminalNewMode(-1);
+ if (echo) {
+ printf("%s", prompt);
+ res = fgets(result, length, stdin);
+ } else if ((res = getpass(prompt))) {
+ strlcpy(result, res, length);
+ res = result;
+ }
+ TerminalNewMode(om);
+ return(res);
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/commands.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/commands.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/commands.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2696 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: commands.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if defined(IPPROTO_IP) && defined(IP_TOS)
+int tos = -1;
+#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
+
+char *hostname;
+static char _hostname[MaxHostNameLen];
+
+typedef int (*intrtn_t)(int, char**);
+static int call(intrtn_t, ...);
+
+typedef struct {
+ char *name; /* command name */
+ char *help; /* help string (NULL for no help) */
+ int (*handler)(); /* routine which executes command */
+ int needconnect; /* Do we need to be connected to execute? */
+} Command;
+
+static char line[256];
+static char saveline[256];
+static int margc;
+static char *margv[20];
+
+static void
+makeargv()
+{
+ char *cp, *cp2, c;
+ char **argp = margv;
+
+ margc = 0;
+ cp = line;
+ if (*cp == '!') { /* Special case shell escape */
+ /* save for shell command */
+ strlcpy(saveline, line, sizeof(saveline));
+ *argp++ = "!"; /* No room in string to get this */
+ margc++;
+ cp++;
+ }
+ while ((c = *cp)) {
+ int inquote = 0;
+ while (isspace((unsigned char)c))
+ c = *++cp;
+ if (c == '\0')
+ break;
+ *argp++ = cp;
+ margc += 1;
+ for (cp2 = cp; c != '\0'; c = *++cp) {
+ if (inquote) {
+ if (c == inquote) {
+ inquote = 0;
+ continue;
+ }
+ } else {
+ if (c == '\\') {
+ if ((c = *++cp) == '\0')
+ break;
+ } else if (c == '"') {
+ inquote = '"';
+ continue;
+ } else if (c == '\'') {
+ inquote = '\'';
+ continue;
+ } else if (isspace((unsigned char)c))
+ break;
+ }
+ *cp2++ = c;
+ }
+ *cp2 = '\0';
+ if (c == '\0')
+ break;
+ cp++;
+ }
+ *argp++ = 0;
+}
+
+/*
+ * Make a character string into a number.
+ *
+ * Todo: 1. Could take random integers (12, 0x12, 012, 0b1).
+ */
+
+static char
+special(char *s)
+{
+ char c;
+ char b;
+
+ switch (*s) {
+ case '^':
+ b = *++s;
+ if (b == '?') {
+ c = b | 0x40; /* DEL */
+ } else {
+ c = b & 0x1f;
+ }
+ break;
+ default:
+ c = *s;
+ break;
+ }
+ return c;
+}
+
+/*
+ * Construct a control character sequence
+ * for a special character.
+ */
+static char *
+control(cc_t c)
+{
+ static char buf[5];
+ /*
+ * The only way I could get the Sun 3.5 compiler
+ * to shut up about
+ * if ((unsigned int)c >= 0x80)
+ * was to assign "c" to an unsigned int variable...
+ * Arggg....
+ */
+ unsigned int uic = (unsigned int)c;
+
+ if (uic == 0x7f)
+ return ("^?");
+ if (c == (cc_t)_POSIX_VDISABLE) {
+ return "off";
+ }
+ if (uic >= 0x80) {
+ buf[0] = '\\';
+ buf[1] = ((c>>6)&07) + '0';
+ buf[2] = ((c>>3)&07) + '0';
+ buf[3] = (c&07) + '0';
+ buf[4] = 0;
+ } else if (uic >= 0x20) {
+ buf[0] = c;
+ buf[1] = 0;
+ } else {
+ buf[0] = '^';
+ buf[1] = '@'+c;
+ buf[2] = 0;
+ }
+ return (buf);
+}
+
+
+
+/*
+ * The following are data structures and routines for
+ * the "send" command.
+ *
+ */
+
+struct sendlist {
+ char *name; /* How user refers to it (case independent) */
+ char *help; /* Help information (0 ==> no help) */
+ int needconnect; /* Need to be connected */
+ int narg; /* Number of arguments */
+ int (*handler)(); /* Routine to perform (for special ops) */
+ int nbyte; /* Number of bytes to send this command */
+ int what; /* Character to be sent (<0 ==> special) */
+};
+
+
+static int
+ send_esc (void),
+ send_help (void),
+ send_docmd (char *),
+ send_dontcmd (char *),
+ send_willcmd (char *),
+ send_wontcmd (char *);
+
+static struct sendlist Sendlist[] = {
+ { "ao", "Send Telnet Abort output", 1, 0, 0, 2, AO },
+ { "ayt", "Send Telnet 'Are You There'", 1, 0, 0, 2, AYT },
+ { "brk", "Send Telnet Break", 1, 0, 0, 2, BREAK },
+ { "break", 0, 1, 0, 0, 2, BREAK },
+ { "ec", "Send Telnet Erase Character", 1, 0, 0, 2, EC },
+ { "el", "Send Telnet Erase Line", 1, 0, 0, 2, EL },
+ { "escape", "Send current escape character", 1, 0, send_esc, 1, 0 },
+ { "ga", "Send Telnet 'Go Ahead' sequence", 1, 0, 0, 2, GA },
+ { "ip", "Send Telnet Interrupt Process", 1, 0, 0, 2, IP },
+ { "intp", 0, 1, 0, 0, 2, IP },
+ { "interrupt", 0, 1, 0, 0, 2, IP },
+ { "intr", 0, 1, 0, 0, 2, IP },
+ { "nop", "Send Telnet 'No operation'", 1, 0, 0, 2, NOP },
+ { "eor", "Send Telnet 'End of Record'", 1, 0, 0, 2, EOR },
+ { "abort", "Send Telnet 'Abort Process'", 1, 0, 0, 2, ABORT },
+ { "susp", "Send Telnet 'Suspend Process'", 1, 0, 0, 2, SUSP },
+ { "eof", "Send Telnet End of File Character", 1, 0, 0, 2, xEOF },
+ { "synch", "Perform Telnet 'Synch operation'", 1, 0, dosynch, 2, 0 },
+ { "getstatus", "Send request for STATUS", 1, 0, get_status, 6, 0 },
+ { "?", "Display send options", 0, 0, send_help, 0, 0 },
+ { "help", 0, 0, 0, send_help, 0, 0 },
+ { "do", 0, 0, 1, send_docmd, 3, 0 },
+ { "dont", 0, 0, 1, send_dontcmd, 3, 0 },
+ { "will", 0, 0, 1, send_willcmd, 3, 0 },
+ { "wont", 0, 0, 1, send_wontcmd, 3, 0 },
+ { 0 }
+};
+
+#define GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
+ sizeof(struct sendlist)))
+
+static int
+sendcmd(int argc, char **argv)
+{
+ int count; /* how many bytes we are going to need to send */
+ int i;
+ struct sendlist *s; /* pointer to current command */
+ int success = 0;
+ int needconnect = 0;
+
+ if (argc < 2) {
+ printf("need at least one argument for 'send' command\r\n");
+ printf("'send ?' for help\r\n");
+ return 0;
+ }
+ /*
+ * First, validate all the send arguments.
+ * In addition, we see how much space we are going to need, and
+ * whether or not we will be doing a "SYNCH" operation (which
+ * flushes the network queue).
+ */
+ count = 0;
+ for (i = 1; i < argc; i++) {
+ s = GETSEND(argv[i]);
+ if (s == 0) {
+ printf("Unknown send argument '%s'\r\n'send ?' for help.\r\n",
+ argv[i]);
+ return 0;
+ } else if (Ambiguous(s)) {
+ printf("Ambiguous send argument '%s'\r\n'send ?' for help.\r\n",
+ argv[i]);
+ return 0;
+ }
+ if (i + s->narg >= argc) {
+ fprintf(stderr,
+ "Need %d argument%s to 'send %s' command. 'send %s ?' for help.\r\n",
+ s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
+ return 0;
+ }
+ count += s->nbyte;
+ if (s->handler == send_help) {
+ send_help();
+ return 0;
+ }
+
+ i += s->narg;
+ needconnect += s->needconnect;
+ }
+ if (!connected && needconnect) {
+ printf("?Need to be connected first.\r\n");
+ printf("'send ?' for help\r\n");
+ return 0;
+ }
+ /* Now, do we have enough room? */
+ if (NETROOM() < count) {
+ printf("There is not enough room in the buffer TO the network\r\n");
+ printf("to process your request. Nothing will be done.\r\n");
+ printf("('send synch' will throw away most data in the network\r\n");
+ printf("buffer, if this might help.)\r\n");
+ return 0;
+ }
+ /* OK, they are all OK, now go through again and actually send */
+ count = 0;
+ for (i = 1; i < argc; i++) {
+ if ((s = GETSEND(argv[i])) == 0) {
+ fprintf(stderr, "Telnet 'send' error - argument disappeared!\r\n");
+ quit();
+ /*NOTREACHED*/
+ }
+ if (s->handler) {
+ count++;
+ success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0,
+ (s->narg > 1) ? argv[i+2] : 0);
+ i += s->narg;
+ } else {
+ NET2ADD(IAC, s->what);
+ printoption("SENT", IAC, s->what);
+ }
+ }
+ return (count == success);
+}
+
+static int
+send_tncmd(void (*func)(), char *cmd, char *name);
+
+static int
+send_esc()
+{
+ NETADD(escape);
+ return 1;
+}
+
+static int
+send_docmd(char *name)
+{
+ return(send_tncmd(send_do, "do", name));
+}
+
+static int
+send_dontcmd(char *name)
+{
+ return(send_tncmd(send_dont, "dont", name));
+}
+
+static int
+send_willcmd(char *name)
+{
+ return(send_tncmd(send_will, "will", name));
+}
+
+static int
+send_wontcmd(char *name)
+{
+ return(send_tncmd(send_wont, "wont", name));
+}
+
+extern char *telopts[]; /* XXX */
+
+static int
+send_tncmd(void (*func)(), char *cmd, char *name)
+{
+ char **cpp;
+ int val = 0;
+
+ if (isprefix(name, "help") || isprefix(name, "?")) {
+ int col, len;
+
+ printf("Usage: send %s <value|option>\r\n", cmd);
+ printf("\"value\" must be from 0 to 255\r\n");
+ printf("Valid options are:\r\n\t");
+
+ col = 8;
+ for (cpp = telopts; *cpp; cpp++) {
+ len = strlen(*cpp) + 3;
+ if (col + len > 65) {
+ printf("\r\n\t");
+ col = 8;
+ }
+ printf(" \"%s\"", *cpp);
+ col += len;
+ }
+ printf("\r\n");
+ return 0;
+ }
+ cpp = genget(name, telopts, sizeof(char *));
+ if (Ambiguous(cpp)) {
+ fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\r\n",
+ name, cmd);
+ return 0;
+ }
+ if (cpp) {
+ val = cpp - telopts;
+ } else {
+ char *cp = name;
+
+ while (*cp >= '0' && *cp <= '9') {
+ val *= 10;
+ val += *cp - '0';
+ cp++;
+ }
+ if (*cp != 0) {
+ fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\r\n",
+ name, cmd);
+ return 0;
+ } else if (val < 0 || val > 255) {
+ fprintf(stderr, "'%s': bad value ('send %s ?' for help).\r\n",
+ name, cmd);
+ return 0;
+ }
+ }
+ if (!connected) {
+ printf("?Need to be connected first.\r\n");
+ return 0;
+ }
+ (*func)(val, 1);
+ return 1;
+}
+
+static int
+send_help()
+{
+ struct sendlist *s; /* pointer to current command */
+ for (s = Sendlist; s->name; s++) {
+ if (s->help)
+ printf("%-15s %s\r\n", s->name, s->help);
+ }
+ return(0);
+}
+
+/*
+ * The following are the routines and data structures referred
+ * to by the arguments to the "toggle" command.
+ */
+
+static int
+lclchars()
+{
+ donelclchars = 1;
+ return 1;
+}
+
+static int
+togdebug()
+{
+#ifndef NOT43
+ if (net > 0 &&
+ (SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
+ perror("setsockopt (SO_DEBUG)");
+ }
+#else /* NOT43 */
+ if (debug) {
+ if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
+ perror("setsockopt (SO_DEBUG)");
+ } else
+ printf("Cannot turn off socket debugging\r\n");
+#endif /* NOT43 */
+ return 1;
+}
+
+#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
+#include <krb.h>
+
+static int
+togkrbdebug(void)
+{
+ if(krb_debug)
+ krb_enable_debug();
+ else
+ krb_disable_debug();
+ return 1;
+}
+#endif
+
+static int
+togcrlf()
+{
+ if (crlf) {
+ printf("Will send carriage returns as telnet <CR><LF>.\r\n");
+ } else {
+ printf("Will send carriage returns as telnet <CR><NUL>.\r\n");
+ }
+ return 1;
+}
+
+int binmode;
+
+static int
+togbinary(int val)
+{
+ donebinarytoggle = 1;
+
+ if (val >= 0) {
+ binmode = val;
+ } else {
+ if (my_want_state_is_will(TELOPT_BINARY) &&
+ my_want_state_is_do(TELOPT_BINARY)) {
+ binmode = 1;
+ } else if (my_want_state_is_wont(TELOPT_BINARY) &&
+ my_want_state_is_dont(TELOPT_BINARY)) {
+ binmode = 0;
+ }
+ val = binmode ? 0 : 1;
+ }
+
+ if (val == 1) {
+ if (my_want_state_is_will(TELOPT_BINARY) &&
+ my_want_state_is_do(TELOPT_BINARY)) {
+ printf("Already operating in binary mode with remote host.\r\n");
+ } else {
+ printf("Negotiating binary mode with remote host.\r\n");
+ tel_enter_binary(3);
+ }
+ } else {
+ if (my_want_state_is_wont(TELOPT_BINARY) &&
+ my_want_state_is_dont(TELOPT_BINARY)) {
+ printf("Already in network ascii mode with remote host.\r\n");
+ } else {
+ printf("Negotiating network ascii mode with remote host.\r\n");
+ tel_leave_binary(3);
+ }
+ }
+ return 1;
+}
+
+static int
+togrbinary(int val)
+{
+ donebinarytoggle = 1;
+
+ if (val == -1)
+ val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
+
+ if (val == 1) {
+ if (my_want_state_is_do(TELOPT_BINARY)) {
+ printf("Already receiving in binary mode.\r\n");
+ } else {
+ printf("Negotiating binary mode on input.\r\n");
+ tel_enter_binary(1);
+ }
+ } else {
+ if (my_want_state_is_dont(TELOPT_BINARY)) {
+ printf("Already receiving in network ascii mode.\r\n");
+ } else {
+ printf("Negotiating network ascii mode on input.\r\n");
+ tel_leave_binary(1);
+ }
+ }
+ return 1;
+}
+
+static int
+togxbinary(int val)
+{
+ donebinarytoggle = 1;
+
+ if (val == -1)
+ val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
+
+ if (val == 1) {
+ if (my_want_state_is_will(TELOPT_BINARY)) {
+ printf("Already transmitting in binary mode.\r\n");
+ } else {
+ printf("Negotiating binary mode on output.\r\n");
+ tel_enter_binary(2);
+ }
+ } else {
+ if (my_want_state_is_wont(TELOPT_BINARY)) {
+ printf("Already transmitting in network ascii mode.\r\n");
+ } else {
+ printf("Negotiating network ascii mode on output.\r\n");
+ tel_leave_binary(2);
+ }
+ }
+ return 1;
+}
+
+
+static int togglehelp (void);
+#if defined(AUTHENTICATION)
+extern int auth_togdebug (int);
+#endif
+#if defined(ENCRYPTION)
+extern int EncryptAutoEnc (int);
+extern int EncryptAutoDec (int);
+extern int EncryptDebug (int);
+extern int EncryptVerbose (int);
+#endif
+
+struct togglelist {
+ char *name; /* name of toggle */
+ char *help; /* help message */
+ int (*handler)(); /* routine to do actual setting */
+ int *variable;
+ char *actionexplanation;
+};
+
+static struct togglelist Togglelist[] = {
+ { "autoflush",
+ "flushing of output when sending interrupt characters",
+ 0,
+ &autoflush,
+ "flush output when sending interrupt characters" },
+ { "autosynch",
+ "automatic sending of interrupt characters in urgent mode",
+ 0,
+ &autosynch,
+ "send interrupt characters in urgent mode" },
+#if defined(AUTHENTICATION)
+ { "autologin",
+ "automatic sending of login and/or authentication info",
+ 0,
+ &autologin,
+ "send login name and/or authentication information" },
+ { "authdebug",
+ "authentication debugging",
+ auth_togdebug,
+ 0,
+ "print authentication debugging information" },
+#endif
+#if defined(ENCRYPTION)
+ { "autoencrypt",
+ "automatic encryption of data stream",
+ EncryptAutoEnc,
+ 0,
+ "automatically encrypt output" },
+ { "autodecrypt",
+ "automatic decryption of data stream",
+ EncryptAutoDec,
+ 0,
+ "automatically decrypt input" },
+ { "verbose_encrypt",
+ "verbose encryption output",
+ EncryptVerbose,
+ 0,
+ "print verbose encryption output" },
+ { "encdebug",
+ "encryption debugging",
+ EncryptDebug,
+ 0,
+ "print encryption debugging information" },
+#endif
+#if defined(KRB5)
+ { "forward",
+ "credentials forwarding",
+ kerberos5_set_forward,
+ 0,
+ "forward credentials" },
+ { "forwardable",
+ "forwardable flag of forwarded credentials",
+ kerberos5_set_forwardable,
+ 0,
+ "forward forwardable credentials" },
+#endif
+ { "skiprc",
+ "don't read ~/.telnetrc file",
+ 0,
+ &skiprc,
+ "skip reading of ~/.telnetrc file" },
+ { "binary",
+ "sending and receiving of binary data",
+ togbinary,
+ 0,
+ 0 },
+ { "inbinary",
+ "receiving of binary data",
+ togrbinary,
+ 0,
+ 0 },
+ { "outbinary",
+ "sending of binary data",
+ togxbinary,
+ 0,
+ 0 },
+ { "crlf",
+ "sending carriage returns as telnet <CR><LF>",
+ togcrlf,
+ &crlf,
+ 0 },
+ { "crmod",
+ "mapping of received carriage returns",
+ 0,
+ &crmod,
+ "map carriage return on output" },
+ { "localchars",
+ "local recognition of certain control characters",
+ lclchars,
+ &localchars,
+ "recognize certain control characters" },
+ { " ", "", 0 }, /* empty line */
+ { "debug",
+ "debugging",
+ togdebug,
+ &debug,
+ "turn on socket level debugging" },
+#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG)
+ { "krb_debug",
+ "kerberos 4 debugging",
+ togkrbdebug,
+ &krb_debug,
+ "turn on kerberos 4 debugging" },
+#endif
+ { "netdata",
+ "printing of hexadecimal network data (debugging)",
+ 0,
+ &netdata,
+ "print hexadecimal representation of network traffic" },
+ { "prettydump",
+ "output of \"netdata\" to user readable format (debugging)",
+ 0,
+ &prettydump,
+ "print user readable output for \"netdata\"" },
+ { "options",
+ "viewing of options processing (debugging)",
+ 0,
+ &showoptions,
+ "show option processing" },
+ { "termdata",
+ "printing of hexadecimal terminal data (debugging)",
+ 0,
+ &termdata,
+ "print hexadecimal representation of terminal traffic" },
+ { "?",
+ 0,
+ togglehelp },
+ { "help",
+ 0,
+ togglehelp },
+ { 0 }
+};
+
+static int
+togglehelp()
+{
+ struct togglelist *c;
+
+ for (c = Togglelist; c->name; c++) {
+ if (c->help) {
+ if (*c->help)
+ printf("%-15s toggle %s\r\n", c->name, c->help);
+ else
+ printf("\r\n");
+ }
+ }
+ printf("\r\n");
+ printf("%-15s %s\r\n", "?", "display help information");
+ return 0;
+}
+
+static void
+settogglehelp(int set)
+{
+ struct togglelist *c;
+
+ for (c = Togglelist; c->name; c++) {
+ if (c->help) {
+ if (*c->help)
+ printf("%-15s %s %s\r\n", c->name, set ? "enable" : "disable",
+ c->help);
+ else
+ printf("\r\n");
+ }
+ }
+}
+
+#define GETTOGGLE(name) (struct togglelist *) \
+ genget(name, (char **) Togglelist, sizeof(struct togglelist))
+
+static int
+toggle(int argc, char *argv[])
+{
+ int retval = 1;
+ char *name;
+ struct togglelist *c;
+
+ if (argc < 2) {
+ fprintf(stderr,
+ "Need an argument to 'toggle' command. 'toggle ?' for help.\r\n");
+ return 0;
+ }
+ argc--;
+ argv++;
+ while (argc--) {
+ name = *argv++;
+ c = GETTOGGLE(name);
+ if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\r\n",
+ name);
+ return 0;
+ } else if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\r\n",
+ name);
+ return 0;
+ } else {
+ if (c->variable) {
+ *c->variable = !*c->variable; /* invert it */
+ if (c->actionexplanation) {
+ printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+ c->actionexplanation);
+ }
+ }
+ if (c->handler) {
+ retval &= (*c->handler)(-1);
+ }
+ }
+ }
+ return retval;
+}
+
+/*
+ * The following perform the "set" command.
+ */
+
+struct termios new_tc = { 0 };
+
+struct setlist {
+ char *name; /* name */
+ char *help; /* help information */
+ void (*handler)();
+ cc_t *charp; /* where it is located at */
+};
+
+static struct setlist Setlist[] = {
+#ifdef KLUDGELINEMODE
+ { "echo", "character to toggle local echoing on/off", 0, &echoc },
+#endif
+ { "escape", "character to escape back to telnet command mode", 0, &escape },
+ { "rlogin", "rlogin escape character", 0, &rlogin },
+ { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
+ { " ", "" },
+ { " ", "The following need 'localchars' to be toggled true", 0, 0 },
+ { "flushoutput", "character to cause an Abort Output", 0, &termFlushChar },
+ { "interrupt", "character to cause an Interrupt Process", 0, &termIntChar },
+ { "quit", "character to cause an Abort process", 0, &termQuitChar },
+ { "eof", "character to cause an EOF ", 0, &termEofChar },
+ { " ", "" },
+ { " ", "The following are for local editing in linemode", 0, 0 },
+ { "erase", "character to use to erase a character", 0, &termEraseChar },
+ { "kill", "character to use to erase a line", 0, &termKillChar },
+ { "lnext", "character to use for literal next", 0, &termLiteralNextChar },
+ { "susp", "character to cause a Suspend Process", 0, &termSuspChar },
+ { "reprint", "character to use for line reprint", 0, &termRprntChar },
+ { "worderase", "character to use to erase a word", 0, &termWerasChar },
+ { "start", "character to use for XON", 0, &termStartChar },
+ { "stop", "character to use for XOFF", 0, &termStopChar },
+ { "forw1", "alternate end of line character", 0, &termForw1Char },
+ { "forw2", "alternate end of line character", 0, &termForw2Char },
+ { "ayt", "alternate AYT character", 0, &termAytChar },
+ { 0 }
+};
+
+static struct setlist *
+getset(char *name)
+{
+ return (struct setlist *)
+ genget(name, (char **) Setlist, sizeof(struct setlist));
+}
+
+void
+set_escape_char(char *s)
+{
+ if (rlogin != _POSIX_VDISABLE) {
+ rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
+ printf("Telnet rlogin escape character is '%s'.\r\n",
+ control(rlogin));
+ } else {
+ escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
+ printf("Telnet escape character is '%s'.\r\n", control(escape));
+ }
+}
+
+static int
+setcmd(int argc, char *argv[])
+{
+ int value;
+ struct setlist *ct;
+ struct togglelist *c;
+
+ if (argc < 2 || argc > 3) {
+ printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
+ return 0;
+ }
+ if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
+ for (ct = Setlist; ct->name; ct++)
+ printf("%-15s %s\r\n", ct->name, ct->help);
+ printf("\r\n");
+ settogglehelp(1);
+ printf("%-15s %s\r\n", "?", "display help information");
+ return 0;
+ }
+
+ ct = getset(argv[1]);
+ if (ct == 0) {
+ c = GETTOGGLE(argv[1]);
+ if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('set ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ } else if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (c->variable) {
+ if ((argc == 2) || (strcmp("on", argv[2]) == 0))
+ *c->variable = 1;
+ else if (strcmp("off", argv[2]) == 0)
+ *c->variable = 0;
+ else {
+ printf("Format is 'set togglename [on|off]'\r\n'set ?' for help.\r\n");
+ return 0;
+ }
+ if (c->actionexplanation) {
+ printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+ c->actionexplanation);
+ }
+ }
+ if (c->handler)
+ (*c->handler)(1);
+ } else if (argc != 3) {
+ printf("Format is 'set Name Value'\r\n'set ?' for help.\r\n");
+ return 0;
+ } else if (Ambiguous(ct)) {
+ fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ } else if (ct->handler) {
+ (*ct->handler)(argv[2]);
+ printf("%s set to \"%s\".\r\n", ct->name, (char *)ct->charp);
+ } else {
+ if (strcmp("off", argv[2])) {
+ value = special(argv[2]);
+ } else {
+ value = _POSIX_VDISABLE;
+ }
+ *(ct->charp) = (cc_t)value;
+ printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
+ }
+ slc_check();
+ return 1;
+}
+
+static int
+unsetcmd(int argc, char *argv[])
+{
+ struct setlist *ct;
+ struct togglelist *c;
+ char *name;
+
+ if (argc < 2) {
+ fprintf(stderr,
+ "Need an argument to 'unset' command. 'unset ?' for help.\r\n");
+ return 0;
+ }
+ if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
+ for (ct = Setlist; ct->name; ct++)
+ printf("%-15s %s\r\n", ct->name, ct->help);
+ printf("\r\n");
+ settogglehelp(0);
+ printf("%-15s %s\r\n", "?", "display help information");
+ return 0;
+ }
+
+ argc--;
+ argv++;
+ while (argc--) {
+ name = *argv++;
+ ct = getset(name);
+ if (ct == 0) {
+ c = GETTOGGLE(name);
+ if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\r\n",
+ name);
+ return 0;
+ } else if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
+ name);
+ return 0;
+ }
+ if (c->variable) {
+ *c->variable = 0;
+ if (c->actionexplanation) {
+ printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
+ c->actionexplanation);
+ }
+ }
+ if (c->handler)
+ (*c->handler)(0);
+ } else if (Ambiguous(ct)) {
+ fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\r\n",
+ name);
+ return 0;
+ } else if (ct->handler) {
+ (*ct->handler)(0);
+ printf("%s reset to \"%s\".\r\n", ct->name, (char *)ct->charp);
+ } else {
+ *(ct->charp) = _POSIX_VDISABLE;
+ printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
+ }
+ }
+ return 1;
+}
+
+/*
+ * The following are the data structures and routines for the
+ * 'mode' command.
+ */
+#ifdef KLUDGELINEMODE
+
+static int
+dokludgemode(void)
+{
+ kludgelinemode = 1;
+ send_wont(TELOPT_LINEMODE, 1);
+ send_dont(TELOPT_SGA, 1);
+ send_dont(TELOPT_ECHO, 1);
+ return 1;
+}
+#endif
+
+static int
+dolinemode()
+{
+#ifdef KLUDGELINEMODE
+ if (kludgelinemode)
+ send_dont(TELOPT_SGA, 1);
+#endif
+ send_will(TELOPT_LINEMODE, 1);
+ send_dont(TELOPT_ECHO, 1);
+ return 1;
+}
+
+static int
+docharmode()
+{
+#ifdef KLUDGELINEMODE
+ if (kludgelinemode)
+ send_do(TELOPT_SGA, 1);
+ else
+#endif
+ send_wont(TELOPT_LINEMODE, 1);
+ send_do(TELOPT_ECHO, 1);
+ return 1;
+}
+
+static int
+dolmmode(int bit, int on)
+{
+ unsigned char c;
+
+ if (my_want_state_is_wont(TELOPT_LINEMODE)) {
+ printf("?Need to have LINEMODE option enabled first.\r\n");
+ printf("'mode ?' for help.\r\n");
+ return 0;
+ }
+
+ if (on)
+ c = (linemode | bit);
+ else
+ c = (linemode & ~bit);
+ lm_mode(&c, 1, 1);
+ return 1;
+}
+
+static int
+tn_setmode(int bit)
+{
+ return dolmmode(bit, 1);
+}
+
+static int
+tn_clearmode(int bit)
+{
+ return dolmmode(bit, 0);
+}
+
+struct modelist {
+ char *name; /* command name */
+ char *help; /* help string */
+ int (*handler)(); /* routine which executes command */
+ int needconnect; /* Do we need to be connected to execute? */
+ int arg1;
+};
+
+static int modehelp(void);
+
+static struct modelist ModeList[] = {
+ { "character", "Disable LINEMODE option", docharmode, 1 },
+#ifdef KLUDGELINEMODE
+ { "", "(or disable obsolete line-by-line mode)", 0 },
+#endif
+ { "line", "Enable LINEMODE option", dolinemode, 1 },
+#ifdef KLUDGELINEMODE
+ { "", "(or enable obsolete line-by-line mode)", 0 },
+#endif
+ { "", "", 0 },
+ { "", "These require the LINEMODE option to be enabled", 0 },
+ { "isig", "Enable signal trapping", tn_setmode, 1, MODE_TRAPSIG },
+ { "+isig", 0, tn_setmode, 1, MODE_TRAPSIG },
+ { "-isig", "Disable signal trapping", tn_clearmode, 1, MODE_TRAPSIG },
+ { "edit", "Enable character editing", tn_setmode, 1, MODE_EDIT },
+ { "+edit", 0, tn_setmode, 1, MODE_EDIT },
+ { "-edit", "Disable character editing", tn_clearmode, 1, MODE_EDIT },
+ { "softtabs", "Enable tab expansion", tn_setmode, 1, MODE_SOFT_TAB },
+ { "+softtabs", 0, tn_setmode, 1, MODE_SOFT_TAB },
+ { "-softtabs", "Disable tab expansion", tn_clearmode, 1, MODE_SOFT_TAB },
+ { "litecho", "Enable literal character echo", tn_setmode, 1, MODE_LIT_ECHO },
+ { "+litecho", 0, tn_setmode, 1, MODE_LIT_ECHO },
+ { "-litecho", "Disable literal character echo", tn_clearmode, 1, MODE_LIT_ECHO },
+ { "help", 0, modehelp, 0 },
+#ifdef KLUDGELINEMODE
+ { "kludgeline", 0, dokludgemode, 1 },
+#endif
+ { "", "", 0 },
+ { "?", "Print help information", modehelp, 0 },
+ { 0 },
+};
+
+
+static int
+modehelp(void)
+{
+ struct modelist *mt;
+
+ printf("format is: 'mode Mode', where 'Mode' is one of:\r\n\r\n");
+ for (mt = ModeList; mt->name; mt++) {
+ if (mt->help) {
+ if (*mt->help)
+ printf("%-15s %s\r\n", mt->name, mt->help);
+ else
+ printf("\r\n");
+ }
+ }
+ return 0;
+}
+
+#define GETMODECMD(name) (struct modelist *) \
+ genget(name, (char **) ModeList, sizeof(struct modelist))
+
+static int
+modecmd(int argc, char **argv)
+{
+ struct modelist *mt;
+
+ if (argc != 2) {
+ printf("'mode' command requires an argument\r\n");
+ printf("'mode ?' for help.\r\n");
+ } else if ((mt = GETMODECMD(argv[1])) == 0) {
+ fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\r\n", argv[1]);
+ } else if (Ambiguous(mt)) {
+ fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\r\n", argv[1]);
+ } else if (mt->needconnect && !connected) {
+ printf("?Need to be connected first.\r\n");
+ printf("'mode ?' for help.\r\n");
+ } else if (mt->handler) {
+ return (*mt->handler)(mt->arg1);
+ }
+ return 0;
+}
+
+/*
+ * The following data structures and routines implement the
+ * "display" command.
+ */
+
+static int
+display(int argc, char *argv[])
+{
+ struct togglelist *tl;
+ struct setlist *sl;
+
+#define dotog(tl) if (tl->variable && tl->actionexplanation) { \
+ if (*tl->variable) { \
+ printf("will"); \
+ } else { \
+ printf("won't"); \
+ } \
+ printf(" %s.\r\n", tl->actionexplanation); \
+ }
+
+#define doset(sl) if (sl->name && *sl->name != ' ') { \
+ if (sl->handler == 0) \
+ printf("%-15s [%s]\r\n", sl->name, control(*sl->charp)); \
+ else \
+ printf("%-15s \"%s\"\r\n", sl->name, (char *)sl->charp); \
+ }
+
+ if (argc == 1) {
+ for (tl = Togglelist; tl->name; tl++) {
+ dotog(tl);
+ }
+ printf("\r\n");
+ for (sl = Setlist; sl->name; sl++) {
+ doset(sl);
+ }
+ } else {
+ int i;
+
+ for (i = 1; i < argc; i++) {
+ sl = getset(argv[i]);
+ tl = GETTOGGLE(argv[i]);
+ if (Ambiguous(sl) || Ambiguous(tl)) {
+ printf("?Ambiguous argument '%s'.\r\n", argv[i]);
+ return 0;
+ } else if (!sl && !tl) {
+ printf("?Unknown argument '%s'.\r\n", argv[i]);
+ return 0;
+ } else {
+ if (tl) {
+ dotog(tl);
+ }
+ if (sl) {
+ doset(sl);
+ }
+ }
+ }
+ }
+/*@*/optionstatus();
+#if defined(ENCRYPTION)
+ EncryptStatus();
+#endif
+ return 1;
+#undef doset
+#undef dotog
+}
+
+/*
+ * The following are the data structures, and many of the routines,
+ * relating to command processing.
+ */
+
+/*
+ * Set the escape character.
+ */
+static int
+setescape(int argc, char *argv[])
+{
+ char *arg;
+ char buf[50];
+
+ printf(
+ "Deprecated usage - please use 'set escape%s%s' in the future.\r\n",
+ (argc > 2)? " ":"", (argc > 2)? argv[1]: "");
+ if (argc > 2)
+ arg = argv[1];
+ else {
+ printf("new escape character: ");
+ fgets(buf, sizeof(buf), stdin);
+ arg = buf;
+ }
+ if (arg[0] != '\0')
+ escape = arg[0];
+ printf("Escape character is '%s'.\r\n", control(escape));
+
+ fflush(stdout);
+ return 1;
+}
+
+static int
+togcrmod()
+{
+ crmod = !crmod;
+ printf("Deprecated usage - please use 'toggle crmod' in the future.\r\n");
+ printf("%s map carriage return on output.\r\n", crmod ? "Will" : "Won't");
+ fflush(stdout);
+ return 1;
+}
+
+static int
+telnetsuspend()
+{
+#ifdef SIGTSTP
+ setcommandmode();
+ {
+ long oldrows, oldcols, newrows, newcols, err;
+
+ err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+ kill(0, SIGTSTP);
+ /*
+ * If we didn't get the window size before the SUSPEND, but we
+ * can get them now (?), then send the NAWS to make sure that
+ * we are set up for the right window size.
+ */
+ if (TerminalWindowSize(&newrows, &newcols) && connected &&
+ (err || ((oldrows != newrows) || (oldcols != newcols)))) {
+ sendnaws();
+ }
+ }
+ /* reget parameters in case they were changed */
+ TerminalSaveState();
+ setconnmode(0);
+#else
+ printf("Suspend is not supported. Try the '!' command instead\r\n");
+#endif
+ return 1;
+}
+
+static int
+shell(int argc, char **argv)
+{
+ long oldrows, oldcols, newrows, newcols, err;
+
+ setcommandmode();
+
+ err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
+ switch(fork()) {
+ case -1:
+ perror("Fork failed\r\n");
+ break;
+
+ case 0:
+ {
+ /*
+ * Fire up the shell in the child.
+ */
+ char *shellp, *shellname;
+
+ shellp = getenv("SHELL");
+ if (shellp == NULL)
+ shellp = "/bin/sh";
+ if ((shellname = strrchr(shellp, '/')) == 0)
+ shellname = shellp;
+ else
+ shellname++;
+ if (argc > 1)
+ execl(shellp, shellname, "-c", &saveline[1], NULL);
+ else
+ execl(shellp, shellname, NULL);
+ perror("Execl");
+ _exit(1);
+ }
+ default:
+ wait((int *)0); /* Wait for the shell to complete */
+
+ if (TerminalWindowSize(&newrows, &newcols) && connected &&
+ (err || ((oldrows != newrows) || (oldcols != newcols)))) {
+ sendnaws();
+ }
+ break;
+ }
+ return 1;
+}
+
+static int
+bye(int argc, char **argv)
+{
+ if (connected) {
+ shutdown(net, 2);
+ printf("Connection closed.\r\n");
+ NetClose(net);
+ connected = 0;
+ resettermname = 1;
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+ auth_encrypt_connect(connected);
+#endif
+ /* reset options */
+ tninit();
+ }
+ if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0))
+ longjmp(toplevel, 1);
+ return 0; /* NOTREACHED */
+}
+
+int
+quit(void)
+{
+ call(bye, "bye", "fromquit", 0);
+ Exit(0);
+ return 0; /*NOTREACHED*/
+}
+
+static int
+logout()
+{
+ send_do(TELOPT_LOGOUT, 1);
+ netflush();
+ return 1;
+}
+
+
+/*
+ * The SLC command.
+ */
+
+struct slclist {
+ char *name;
+ char *help;
+ void (*handler)();
+ int arg;
+};
+
+static void slc_help(void);
+
+struct slclist SlcList[] = {
+ { "export", "Use local special character definitions",
+ slc_mode_export, 0 },
+ { "import", "Use remote special character definitions",
+ slc_mode_import, 1 },
+ { "check", "Verify remote special character definitions",
+ slc_mode_import, 0 },
+ { "help", 0, slc_help, 0 },
+ { "?", "Print help information", slc_help, 0 },
+ { 0 },
+};
+
+static void
+slc_help(void)
+{
+ struct slclist *c;
+
+ for (c = SlcList; c->name; c++) {
+ if (c->help) {
+ if (*c->help)
+ printf("%-15s %s\r\n", c->name, c->help);
+ else
+ printf("\r\n");
+ }
+ }
+}
+
+static struct slclist *
+getslc(char *name)
+{
+ return (struct slclist *)
+ genget(name, (char **) SlcList, sizeof(struct slclist));
+}
+
+static int
+slccmd(int argc, char **argv)
+{
+ struct slclist *c;
+
+ if (argc != 2) {
+ fprintf(stderr,
+ "Need an argument to 'slc' command. 'slc ?' for help.\r\n");
+ return 0;
+ }
+ c = getslc(argv[1]);
+ if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ (*c->handler)(c->arg);
+ slcstate();
+ return 1;
+}
+
+/*
+ * The ENVIRON command.
+ */
+
+struct envlist {
+ char *name;
+ char *help;
+ void (*handler)();
+ int narg;
+};
+
+static void env_help (void);
+
+struct envlist EnvList[] = {
+ { "define", "Define an environment variable",
+ (void (*)())env_define, 2 },
+ { "undefine", "Undefine an environment variable",
+ env_undefine, 1 },
+ { "export", "Mark an environment variable for automatic export",
+ env_export, 1 },
+ { "unexport", "Don't mark an environment variable for automatic export",
+ env_unexport, 1 },
+ { "send", "Send an environment variable", env_send, 1 },
+ { "list", "List the current environment variables",
+ env_list, 0 },
+ { "help", 0, env_help, 0 },
+ { "?", "Print help information", env_help, 0 },
+ { 0 },
+};
+
+static void
+env_help()
+{
+ struct envlist *c;
+
+ for (c = EnvList; c->name; c++) {
+ if (c->help) {
+ if (*c->help)
+ printf("%-15s %s\r\n", c->name, c->help);
+ else
+ printf("\r\n");
+ }
+ }
+}
+
+static struct envlist *
+getenvcmd(char *name)
+{
+ return (struct envlist *)
+ genget(name, (char **) EnvList, sizeof(struct envlist));
+}
+
+static int
+env_cmd(int argc, char **argv)
+{
+ struct envlist *c;
+
+ if (argc < 2) {
+ fprintf(stderr,
+ "Need an argument to 'environ' command. 'environ ?' for help.\r\n");
+ return 0;
+ }
+ c = getenvcmd(argv[1]);
+ if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (c->narg + 2 != argc) {
+ fprintf(stderr,
+ "Need %s%d argument%s to 'environ %s' command. 'environ ?' for help.\r\n",
+ c->narg < argc + 2 ? "only " : "",
+ c->narg, c->narg == 1 ? "" : "s", c->name);
+ return 0;
+ }
+ (*c->handler)(argv[2], argv[3]);
+ return 1;
+}
+
+struct env_lst {
+ struct env_lst *next; /* pointer to next structure */
+ struct env_lst *prev; /* pointer to previous structure */
+ unsigned char *var; /* pointer to variable name */
+ unsigned char *value; /* pointer to variable value */
+ int export; /* 1 -> export with default list of variables */
+ int welldefined; /* A well defined variable */
+};
+
+struct env_lst envlisthead;
+
+struct env_lst *
+env_find(unsigned char *var)
+{
+ struct env_lst *ep;
+
+ for (ep = envlisthead.next; ep; ep = ep->next) {
+ if (strcmp((char *)ep->var, (char *)var) == 0)
+ return(ep);
+ }
+ return(NULL);
+}
+
+#ifdef IRIX4
+#define environ _environ
+#endif
+
+void
+env_init(void)
+{
+ char **epp, *cp;
+ struct env_lst *ep;
+
+ for (epp = environ; *epp; epp++) {
+ if ((cp = strchr(*epp, '='))) {
+ *cp = '\0';
+ ep = env_define((unsigned char *)*epp,
+ (unsigned char *)cp+1);
+ ep->export = 0;
+ *cp = '=';
+ }
+ }
+ /*
+ * Special case for DISPLAY variable. If it is ":0.0" or
+ * "unix:0.0", we have to get rid of "unix" and insert our
+ * hostname.
+ */
+ if ((ep = env_find((unsigned char*)"DISPLAY"))
+ && (*ep->value == ':'
+ || strncmp((char *)ep->value, "unix:", 5) == 0)) {
+ char hbuf[256+1];
+ char *cp2 = strchr((char *)ep->value, ':');
+ int error;
+
+ /* XXX - should be k_gethostname? */
+ gethostname(hbuf, 256);
+ hbuf[256] = '\0';
+
+ /* If this is not the full name, try to get it via DNS */
+ if (strchr(hbuf, '.') == 0) {
+ struct addrinfo hints, *ai, *a;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+
+ error = getaddrinfo (hbuf, NULL, &hints, &ai);
+ if (error == 0) {
+ for (a = ai; a != NULL; a = a->ai_next)
+ if (a->ai_canonname != NULL) {
+ strlcpy (hbuf,
+ ai->ai_canonname,
+ 256);
+ break;
+ }
+ freeaddrinfo (ai);
+ }
+ }
+
+ error = asprintf (&cp, "%s%s", hbuf, cp2);
+ if (error != -1) {
+ free (ep->value);
+ ep->value = (unsigned char *)cp;
+ }
+ }
+ /*
+ * If USER is not defined, but LOGNAME is, then add
+ * USER with the value from LOGNAME. By default, we
+ * don't export the USER variable.
+ */
+ if ((env_find((unsigned char*)"USER") == NULL) &&
+ (ep = env_find((unsigned char*)"LOGNAME"))) {
+ env_define((unsigned char *)"USER", ep->value);
+ env_unexport((unsigned char *)"USER");
+ }
+ env_export((unsigned char *)"DISPLAY");
+ env_export((unsigned char *)"PRINTER");
+ env_export((unsigned char *)"XAUTHORITY");
+}
+
+struct env_lst *
+env_define(unsigned char *var, unsigned char *value)
+{
+ struct env_lst *ep;
+
+ if ((ep = env_find(var))) {
+ if (ep->var)
+ free(ep->var);
+ if (ep->value)
+ free(ep->value);
+ } else {
+ ep = (struct env_lst *)malloc(sizeof(struct env_lst));
+ ep->next = envlisthead.next;
+ envlisthead.next = ep;
+ ep->prev = &envlisthead;
+ if (ep->next)
+ ep->next->prev = ep;
+ }
+ ep->welldefined = opt_welldefined((char *)var);
+ ep->export = 1;
+ ep->var = (unsigned char *)strdup((char *)var);
+ ep->value = (unsigned char *)strdup((char *)value);
+ return(ep);
+}
+
+void
+env_undefine(unsigned char *var)
+{
+ struct env_lst *ep;
+
+ if ((ep = env_find(var))) {
+ ep->prev->next = ep->next;
+ if (ep->next)
+ ep->next->prev = ep->prev;
+ if (ep->var)
+ free(ep->var);
+ if (ep->value)
+ free(ep->value);
+ free(ep);
+ }
+}
+
+void
+env_export(unsigned char *var)
+{
+ struct env_lst *ep;
+
+ if ((ep = env_find(var)))
+ ep->export = 1;
+}
+
+void
+env_unexport(unsigned char *var)
+{
+ struct env_lst *ep;
+
+ if ((ep = env_find(var)))
+ ep->export = 0;
+}
+
+void
+env_send(unsigned char *var)
+{
+ struct env_lst *ep;
+
+ if (my_state_is_wont(TELOPT_NEW_ENVIRON)
+#ifdef OLD_ENVIRON
+ && my_state_is_wont(TELOPT_OLD_ENVIRON)
+#endif
+ ) {
+ fprintf(stderr,
+ "Cannot send '%s': Telnet ENVIRON option not enabled\r\n",
+ var);
+ return;
+ }
+ ep = env_find(var);
+ if (ep == 0) {
+ fprintf(stderr, "Cannot send '%s': variable not defined\r\n",
+ var);
+ return;
+ }
+ env_opt_start_info();
+ env_opt_add(ep->var);
+ env_opt_end(0);
+}
+
+void
+env_list(void)
+{
+ struct env_lst *ep;
+
+ for (ep = envlisthead.next; ep; ep = ep->next) {
+ printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
+ ep->var, ep->value);
+ }
+}
+
+unsigned char *
+env_default(int init, int welldefined)
+{
+ static struct env_lst *nep = NULL;
+
+ if (init) {
+ nep = &envlisthead;
+ return NULL;
+ }
+ if (nep) {
+ while ((nep = nep->next)) {
+ if (nep->export && (nep->welldefined == welldefined))
+ return(nep->var);
+ }
+ }
+ return(NULL);
+}
+
+unsigned char *
+env_getvalue(unsigned char *var)
+{
+ struct env_lst *ep;
+
+ if ((ep = env_find(var)))
+ return(ep->value);
+ return(NULL);
+}
+
+
+#if defined(AUTHENTICATION)
+/*
+ * The AUTHENTICATE command.
+ */
+
+struct authlist {
+ char *name;
+ char *help;
+ int (*handler)();
+ int narg;
+};
+
+static int
+ auth_help (void);
+
+struct authlist AuthList[] = {
+ { "status", "Display current status of authentication information",
+ auth_status, 0 },
+ { "disable", "Disable an authentication type ('auth disable ?' for more)",
+ auth_disable, 1 },
+ { "enable", "Enable an authentication type ('auth enable ?' for more)",
+ auth_enable, 1 },
+ { "help", 0, auth_help, 0 },
+ { "?", "Print help information", auth_help, 0 },
+ { 0 },
+};
+
+static int
+auth_help()
+{
+ struct authlist *c;
+
+ for (c = AuthList; c->name; c++) {
+ if (c->help) {
+ if (*c->help)
+ printf("%-15s %s\r\n", c->name, c->help);
+ else
+ printf("\r\n");
+ }
+ }
+ return 0;
+}
+
+static int
+auth_cmd(int argc, char **argv)
+{
+ struct authlist *c;
+
+ if (argc < 2) {
+ fprintf(stderr,
+ "Need an argument to 'auth' command. 'auth ?' for help.\r\n");
+ return 0;
+ }
+
+ c = (struct authlist *)
+ genget(argv[1], (char **) AuthList, sizeof(struct authlist));
+ if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (c->narg + 2 != argc) {
+ fprintf(stderr,
+ "Need %s%d argument%s to 'auth %s' command. 'auth ?' for help.\r\n",
+ c->narg < argc + 2 ? "only " : "",
+ c->narg, c->narg == 1 ? "" : "s", c->name);
+ return 0;
+ }
+ return((*c->handler)(argv[2], argv[3]));
+}
+#endif
+
+
+#if defined(ENCRYPTION)
+/*
+ * The ENCRYPT command.
+ */
+
+struct encryptlist {
+ char *name;
+ char *help;
+ int (*handler)();
+ int needconnect;
+ int minarg;
+ int maxarg;
+};
+
+static int
+ EncryptHelp (void);
+
+struct encryptlist EncryptList[] = {
+ { "enable", "Enable encryption. ('encrypt enable ?' for more)",
+ EncryptEnable, 1, 1, 2 },
+ { "disable", "Disable encryption. ('encrypt enable ?' for more)",
+ EncryptDisable, 0, 1, 2 },
+ { "type", "Set encryptiong type. ('encrypt type ?' for more)",
+ EncryptType, 0, 1, 1 },
+ { "start", "Start encryption. ('encrypt start ?' for more)",
+ EncryptStart, 1, 0, 1 },
+ { "stop", "Stop encryption. ('encrypt stop ?' for more)",
+ EncryptStop, 1, 0, 1 },
+ { "input", "Start encrypting the input stream",
+ EncryptStartInput, 1, 0, 0 },
+ { "-input", "Stop encrypting the input stream",
+ EncryptStopInput, 1, 0, 0 },
+ { "output", "Start encrypting the output stream",
+ EncryptStartOutput, 1, 0, 0 },
+ { "-output", "Stop encrypting the output stream",
+ EncryptStopOutput, 1, 0, 0 },
+
+ { "status", "Display current status of authentication information",
+ EncryptStatus, 0, 0, 0 },
+ { "help", 0, EncryptHelp, 0, 0, 0 },
+ { "?", "Print help information", EncryptHelp, 0, 0, 0 },
+ { 0 },
+};
+
+static int
+EncryptHelp()
+{
+ struct encryptlist *c;
+
+ for (c = EncryptList; c->name; c++) {
+ if (c->help) {
+ if (*c->help)
+ printf("%-15s %s\r\n", c->name, c->help);
+ else
+ printf("\r\n");
+ }
+ }
+ return 0;
+}
+
+static int
+encrypt_cmd(int argc, char **argv)
+{
+ struct encryptlist *c;
+
+ c = (struct encryptlist *)
+ genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
+ if (c == 0) {
+ fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ if (Ambiguous(c)) {
+ fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\r\n",
+ argv[1]);
+ return 0;
+ }
+ argc -= 2;
+ if (argc < c->minarg || argc > c->maxarg) {
+ if (c->minarg == c->maxarg) {
+ fprintf(stderr, "Need %s%d argument%s ",
+ c->minarg < argc ? "only " : "", c->minarg,
+ c->minarg == 1 ? "" : "s");
+ } else {
+ fprintf(stderr, "Need %s%d-%d arguments ",
+ c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
+ }
+ fprintf(stderr, "to 'encrypt %s' command. 'encrypt ?' for help.\r\n",
+ c->name);
+ return 0;
+ }
+ if (c->needconnect && !connected) {
+ if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
+ printf("?Need to be connected first.\r\n");
+ return 0;
+ }
+ }
+ return ((*c->handler)(argc > 0 ? argv[2] : 0,
+ argc > 1 ? argv[3] : 0,
+ argc > 2 ? argv[4] : 0));
+}
+#endif
+
+
+/*
+ * Print status about the connection.
+ */
+
+static int
+status(int argc, char **argv)
+{
+ if (connected) {
+ printf("Connected to %s.\r\n", hostname);
+ if ((argc < 2) || strcmp(argv[1], "notmuch")) {
+ int mode = getconnmode();
+
+ if (my_want_state_is_will(TELOPT_LINEMODE)) {
+ printf("Operating with LINEMODE option\r\n");
+ printf("%s line editing\r\n", (mode&MODE_EDIT) ? "Local" : "No");
+ printf("%s catching of signals\r\n",
+ (mode&MODE_TRAPSIG) ? "Local" : "No");
+ slcstate();
+#ifdef KLUDGELINEMODE
+ } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
+ printf("Operating in obsolete linemode\r\n");
+#endif
+ } else {
+ printf("Operating in single character mode\r\n");
+ if (localchars)
+ printf("Catching signals locally\r\n");
+ }
+ printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
+ if (my_want_state_is_will(TELOPT_LFLOW))
+ printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
+#if defined(ENCRYPTION)
+ encrypt_display();
+#endif
+ }
+ } else {
+ printf("No connection.\r\n");
+ }
+ printf("Escape character is '%s'.\r\n", control(escape));
+ fflush(stdout);
+ return 1;
+}
+
+#ifdef SIGINFO
+/*
+ * Function that gets called when SIGINFO is received.
+ */
+RETSIGTYPE
+ayt_status(int ignore)
+{
+ call(status, "status", "notmuch", 0);
+}
+#endif
+
+static Command *getcmd(char *name);
+
+static void
+cmdrc(char *m1, char *m2)
+{
+ static char rcname[128];
+ Command *c;
+ FILE *rcfile;
+ int gotmachine = 0;
+ int l1 = strlen(m1);
+ int l2 = strlen(m2);
+ char m1save[64];
+
+ if (skiprc)
+ return;
+
+ strlcpy(m1save, m1, sizeof(m1save));
+ m1 = m1save;
+
+ if (rcname[0] == 0) {
+ char *home = getenv("HOME");
+
+ snprintf (rcname, sizeof(rcname), "%s/.telnetrc",
+ home ? home : "");
+ }
+
+ if ((rcfile = fopen(rcname, "r")) == 0) {
+ return;
+ }
+
+ for (;;) {
+ if (fgets(line, sizeof(line), rcfile) == NULL)
+ break;
+ if (line[0] == 0)
+ break;
+ if (line[0] == '#')
+ continue;
+ if (gotmachine) {
+ if (!isspace((unsigned char)line[0]))
+ gotmachine = 0;
+ }
+ if (gotmachine == 0) {
+ if (isspace((unsigned char)line[0]))
+ continue;
+ if (strncasecmp(line, m1, l1) == 0)
+ strncpy(line, &line[l1], sizeof(line) - l1);
+ else if (strncasecmp(line, m2, l2) == 0)
+ strncpy(line, &line[l2], sizeof(line) - l2);
+ else if (strncasecmp(line, "DEFAULT", 7) == 0)
+ strncpy(line, &line[7], sizeof(line) - 7);
+ else
+ continue;
+ if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
+ continue;
+ gotmachine = 1;
+ }
+ makeargv();
+ if (margv[0] == 0)
+ continue;
+ c = getcmd(margv[0]);
+ if (Ambiguous(c)) {
+ printf("?Ambiguous command: %s\r\n", margv[0]);
+ continue;
+ }
+ if (c == 0) {
+ printf("?Invalid command: %s\r\n", margv[0]);
+ continue;
+ }
+ /*
+ * This should never happen...
+ */
+ if (c->needconnect && !connected) {
+ printf("?Need to be connected first for %s.\r\n", margv[0]);
+ continue;
+ }
+ (*c->handler)(margc, margv);
+ }
+ fclose(rcfile);
+}
+
+int
+tn(int argc, char **argv)
+{
+ struct servent *sp = 0;
+ char *cmd, *hostp = 0, *portp = 0;
+ char *user = 0;
+ int port = 0;
+
+ /* clear the socket address prior to use */
+
+ if (connected) {
+ printf("?Already connected to %s\r\n", hostname);
+ return 0;
+ }
+ if (argc < 2) {
+ strlcpy(line, "open ", sizeof(line));
+ printf("(to) ");
+ fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
+ makeargv();
+ argc = margc;
+ argv = margv;
+ }
+ cmd = *argv;
+ --argc; ++argv;
+ while (argc) {
+ if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?"))
+ goto usage;
+ if (strcmp(*argv, "-l") == 0) {
+ --argc; ++argv;
+ if (argc == 0)
+ goto usage;
+ user = strdup(*argv++);
+ --argc;
+ continue;
+ }
+ if (strcmp(*argv, "-a") == 0) {
+ --argc; ++argv;
+ autologin = 1;
+ continue;
+ }
+ if (hostp == 0) {
+ hostp = *argv++;
+ --argc;
+ continue;
+ }
+ if (portp == 0) {
+ portp = *argv++;
+ --argc;
+ continue;
+ }
+ usage:
+ printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
+ return 0;
+ }
+ if (hostp == 0)
+ goto usage;
+
+ strlcpy (_hostname, hostp, sizeof(_hostname));
+ hostp = _hostname;
+ if (hostp[0] == '@' || hostp[0] == '!') {
+ char *p;
+ hostname = NULL;
+ for (p = hostp + 1; *p; p++) {
+ if (*p == ',' || *p == '@')
+ hostname = p;
+ }
+ if (hostname == NULL) {
+ fprintf(stderr, "%s: bad source route specification\n", hostp);
+ return 0;
+ }
+ *hostname++ = '\0';
+ } else
+ hostname = hostp;
+
+ if (portp) {
+ if (*portp == '-') {
+ portp++;
+ telnetport = 1;
+ } else
+ telnetport = 0;
+ port = atoi(portp);
+ if (port == 0) {
+ sp = roken_getservbyname(portp, "tcp");
+ if (sp)
+ port = sp->s_port;
+ else {
+ printf("%s: bad port number\r\n", portp);
+ return 0;
+ }
+ } else {
+ port = htons(port);
+ }
+ } else {
+ if (sp == 0) {
+ sp = roken_getservbyname("telnet", "tcp");
+ if (sp == 0) {
+ fprintf(stderr, "telnet: tcp/telnet: unknown service\r\n");
+ return 0;
+ }
+ port = sp->s_port;
+ }
+ telnetport = 1;
+ }
+
+ {
+ struct addrinfo *ai, *a, hints;
+ int error;
+ char portstr[NI_MAXSERV];
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+ hints.ai_flags = AI_CANONNAME;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
+
+ error = getaddrinfo (hostname, portstr, &hints, &ai);
+ if (error) {
+ fprintf (stderr, "%s: %s\r\n", hostname, gai_strerror (error));
+ return 0;
+ }
+
+ for (a = ai; a != NULL && connected == 0; a = a->ai_next) {
+ char addrstr[256];
+
+ if (a->ai_canonname != NULL)
+ strlcpy (_hostname, a->ai_canonname, sizeof(_hostname));
+
+ if (getnameinfo (a->ai_addr, a->ai_addrlen,
+ addrstr, sizeof(addrstr),
+ NULL, 0, NI_NUMERICHOST) != 0)
+ strlcpy (addrstr, "unknown address", sizeof(addrstr));
+
+ printf("Trying %s...\r\n", addrstr);
+
+ net = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (net < 0) {
+ warn ("socket");
+ continue;
+ }
+
+#if defined(IP_OPTIONS) && defined(IPPROTO_IP) && defined(HAVE_SETSOCKOPT)
+ if (hostp[0] == '@' || hostp[0] == '!') {
+ char *srp = 0;
+ int srlen;
+ int proto, opt;
+
+ if ((srlen = sourceroute(a, hostp, &srp, &proto, &opt)) < 0) {
+ (void) NetClose(net);
+ net = -1;
+ continue;
+ }
+ if (srp && setsockopt(net, proto, opt, srp, srlen) < 0)
+ perror("setsockopt (source route)");
+ }
+#endif
+
+#if defined(IPPROTO_IP) && defined(IP_TOS)
+ if (a->ai_family == AF_INET) {
+# if defined(HAVE_GETTOSBYNAME)
+ struct tosent *tp;
+ if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+ tos = tp->t_tos;
+# endif
+ if (tos < 0)
+ tos = 020; /* Low Delay bit */
+ if (tos
+ && (setsockopt(net, IPPROTO_IP, IP_TOS,
+ (void *)&tos, sizeof(int)) < 0)
+ && (errno != ENOPROTOOPT))
+ perror("telnet: setsockopt (IP_TOS) (ignored)");
+ }
+#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
+ if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
+ perror("setsockopt (SO_DEBUG)");
+ }
+
+ if (connect (net, a->ai_addr, a->ai_addrlen) < 0) {
+ fprintf (stderr, "telnet: connect to address %s: %s\n",
+ addrstr, strerror(errno));
+ NetClose(net);
+ if (a->ai_next != NULL) {
+ continue;
+ } else {
+ freeaddrinfo (ai);
+ return 0;
+ }
+ }
+ ++connected;
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+ auth_encrypt_connect(connected);
+#endif
+ }
+ freeaddrinfo (ai);
+ if (connected == 0)
+ return 0;
+ }
+ cmdrc(hostp, hostname);
+ set_forward_options();
+ if (autologin && user == NULL)
+ user = (char *)get_default_username ();
+ if (user) {
+ env_define((unsigned char *)"USER", (unsigned char *)user);
+ env_export((unsigned char *)"USER");
+ }
+ call(status, "status", "notmuch", 0);
+ if (setjmp(peerdied) == 0)
+ my_telnet((char *)user);
+ NetClose(net);
+ ExitString("Connection closed by foreign host.\r\n",1);
+ /*NOTREACHED*/
+ return 0;
+}
+
+#define HELPINDENT ((int)sizeof ("connect"))
+
+static char
+ openhelp[] = "connect to a site",
+ closehelp[] = "close current connection",
+ logouthelp[] = "forcibly logout remote user and close the connection",
+ quithelp[] = "exit telnet",
+ statushelp[] = "print status information",
+ helphelp[] = "print help information",
+ sendhelp[] = "transmit special characters ('send ?' for more)",
+ sethelp[] = "set operating parameters ('set ?' for more)",
+ unsethelp[] = "unset operating parameters ('unset ?' for more)",
+ togglestring[] ="toggle operating parameters ('toggle ?' for more)",
+ slchelp[] = "change state of special charaters ('slc ?' for more)",
+ displayhelp[] = "display operating parameters",
+#if defined(AUTHENTICATION)
+ authhelp[] = "turn on (off) authentication ('auth ?' for more)",
+#endif
+#if defined(ENCRYPTION)
+ encrypthelp[] = "turn on (off) encryption ('encrypt ?' for more)",
+#endif
+ zhelp[] = "suspend telnet",
+ shellhelp[] = "invoke a subshell",
+ envhelp[] = "change environment variables ('environ ?' for more)",
+ modestring[] = "try to enter line or character mode ('mode ?' for more)";
+
+static int help(int argc, char **argv);
+
+static Command cmdtab[] = {
+ { "close", closehelp, bye, 1 },
+ { "logout", logouthelp, logout, 1 },
+ { "display", displayhelp, display, 0 },
+ { "mode", modestring, modecmd, 0 },
+ { "open", openhelp, tn, 0 },
+ { "quit", quithelp, quit, 0 },
+ { "send", sendhelp, sendcmd, 0 },
+ { "set", sethelp, setcmd, 0 },
+ { "unset", unsethelp, unsetcmd, 0 },
+ { "status", statushelp, status, 0 },
+ { "toggle", togglestring, toggle, 0 },
+ { "slc", slchelp, slccmd, 0 },
+#if defined(AUTHENTICATION)
+ { "auth", authhelp, auth_cmd, 0 },
+#endif
+#if defined(ENCRYPTION)
+ { "encrypt", encrypthelp, encrypt_cmd, 0 },
+#endif
+ { "z", zhelp, telnetsuspend, 0 },
+ { "!", shellhelp, shell, 0 },
+ { "environ", envhelp, env_cmd, 0 },
+ { "?", helphelp, help, 0 },
+ { 0, 0, 0, 0 }
+};
+
+static char crmodhelp[] = "deprecated command -- use 'toggle crmod' instead";
+static char escapehelp[] = "deprecated command -- use 'set escape' instead";
+
+static Command cmdtab2[] = {
+ { "help", 0, help, 0 },
+ { "escape", escapehelp, setescape, 0 },
+ { "crmod", crmodhelp, togcrmod, 0 },
+ { 0, 0, 0, 0 }
+};
+
+
+/*
+ * Call routine with argc, argv set from args (terminated by 0).
+ */
+
+static int
+call(intrtn_t routine, ...)
+{
+ va_list ap;
+ char *args[100];
+ int argno = 0;
+
+ va_start(ap, routine);
+ while ((args[argno++] = va_arg(ap, char *)) != 0);
+ va_end(ap);
+ return (*routine)(argno-1, args);
+}
+
+
+static Command
+*getcmd(char *name)
+{
+ Command *cm;
+
+ if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
+ return cm;
+ return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
+}
+
+void
+command(int top, char *tbuf, int cnt)
+{
+ Command *c;
+
+ setcommandmode();
+ if (!top) {
+ putchar('\n');
+ } else {
+ signal(SIGINT, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
+ }
+ for (;;) {
+ if (rlogin == _POSIX_VDISABLE)
+ printf("%s> ", prompt);
+ if (tbuf) {
+ char *cp;
+ cp = line;
+ while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
+ cnt--;
+ tbuf = 0;
+ if (cp == line || *--cp != '\n' || cp == line)
+ goto getline;
+ *cp = '\0';
+ if (rlogin == _POSIX_VDISABLE)
+ printf("%s\r\n", line);
+ } else {
+ getline:
+ if (rlogin != _POSIX_VDISABLE)
+ printf("%s> ", prompt);
+ if (fgets(line, sizeof(line), stdin) == NULL) {
+ if (feof(stdin) || ferror(stdin)) {
+ quit();
+ /*NOTREACHED*/
+ }
+ break;
+ }
+ }
+ if (line[0] == 0)
+ break;
+ makeargv();
+ if (margv[0] == 0) {
+ break;
+ }
+ c = getcmd(margv[0]);
+ if (Ambiguous(c)) {
+ printf("?Ambiguous command\r\n");
+ continue;
+ }
+ if (c == 0) {
+ printf("?Invalid command\r\n");
+ continue;
+ }
+ if (c->needconnect && !connected) {
+ printf("?Need to be connected first.\r\n");
+ continue;
+ }
+ if ((*c->handler)(margc, margv)) {
+ break;
+ }
+ }
+ if (!top) {
+ if (!connected) {
+ longjmp(toplevel, 1);
+ /*NOTREACHED*/
+ }
+ setconnmode(0);
+ }
+}
+
+/*
+ * Help command.
+ */
+static int
+help(int argc, char **argv)
+{
+ Command *c;
+
+ if (argc == 1) {
+ printf("Commands may be abbreviated. Commands are:\r\n\r\n");
+ for (c = cmdtab; c->name; c++)
+ if (c->help) {
+ printf("%-*s\t%s\r\n", HELPINDENT, c->name,
+ c->help);
+ }
+ return 0;
+ }
+ while (--argc > 0) {
+ char *arg;
+ arg = *++argv;
+ c = getcmd(arg);
+ if (Ambiguous(c))
+ printf("?Ambiguous help command %s\r\n", arg);
+ else if (c == (Command *)0)
+ printf("?Invalid help command %s\r\n", arg);
+ else
+ printf("%s\r\n", c->help);
+ }
+ return 0;
+}
+
+
+#if defined(IP_OPTIONS) && defined(IPPROTO_IP)
+
+/*
+ * Source route is handed in as
+ * [!]@hop1 at hop2...@dst
+ *
+ * If the leading ! is present, it is a strict source route, otherwise it is
+ * assmed to be a loose source route. Note that leading ! is effective
+ * only for IPv4 case.
+ *
+ * We fill in the source route option as
+ * hop1,hop2,hop3...dest
+ * and return a pointer to hop1, which will
+ * be the address to connect() to.
+ *
+ * Arguments:
+ * ai: The address (by struct addrinfo) for the final destination.
+ *
+ * arg: Pointer to route list to decipher
+ *
+ * cpp: Pointer to a pointer, so that sourceroute() can return
+ * the address of result buffer (statically alloc'ed).
+ *
+ * protop/optp:
+ * Pointer to an integer. The pointed variable
+ * lenp: pointer to an integer that contains the
+ * length of *cpp if *cpp != NULL.
+ *
+ * Return values:
+ *
+ * Returns the length of the option pointed to by *cpp. If the
+ * return value is -1, there was a syntax error in the
+ * option, either arg contained unknown characters or too many hosts,
+ * or hostname cannot be resolved.
+ *
+ * The caller needs to pass return value (len), *cpp, *protop and *optp
+ * to setsockopt(2).
+ *
+ * *cpp: Points to the result buffer. The region is statically
+ * allocated by the function.
+ *
+ * *protop:
+ * protocol # to be passed to setsockopt(2).
+ *
+ * *optp: option # to be passed to setsockopt(2).
+ *
+ */
+int
+sourceroute(struct addrinfo *ai,
+ char *arg,
+ char **cpp,
+ int *protop,
+ int *optp)
+{
+ char *cp, *cp2, *lsrp = NULL, *lsrep = NULL;
+ struct addrinfo hints, *res;
+ int len, error;
+ struct sockaddr_in *sin;
+ register char c;
+ static char lsr[44];
+#ifdef INET6
+ struct cmsghdr *cmsg = NULL;
+ struct sockaddr_in6 *sin6;
+ static char rhbuf[1024];
+#endif
+
+ /*
+ * Verify the arguments.
+ */
+ if (cpp == NULL)
+ return -1;
+
+ cp = arg;
+
+ *cpp = NULL;
+ switch (ai->ai_family) {
+ case AF_INET:
+ lsrp = lsr;
+ lsrep = lsrp + sizeof(lsr);
+
+ /*
+ * Next, decide whether we have a loose source
+ * route or a strict source route, and fill in
+ * the begining of the option.
+ */
+ if (*cp == '!') {
+ cp++;
+ *lsrp++ = IPOPT_SSRR;
+ } else
+ *lsrp++ = IPOPT_LSRR;
+ if (*cp != '@')
+ return -1;
+ lsrp++; /* skip over length, we'll fill it in later */
+ *lsrp++ = 4;
+ cp++;
+ *protop = IPPROTO_IP;
+ *optp = IP_OPTIONS;
+ break;
+#ifdef INET6
+ case AF_INET6:
+/* this needs to be updated for rfc2292bis */
+#ifdef IPV6_PKTOPTIONS
+ cmsg = inet6_rthdr_init(rhbuf, IPV6_RTHDR_TYPE_0);
+ if (*cp != '@')
+ return -1;
+ cp++;
+ *protop = IPPROTO_IPV6;
+ *optp = IPV6_PKTOPTIONS;
+ break;
+#else
+ return -1;
+#endif
+#endif
+ default:
+ return -1;
+ }
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = ai->ai_family;
+ hints.ai_socktype = SOCK_STREAM;
+
+ for (c = 0;;) {
+ if (c == ':')
+ cp2 = 0;
+ else for (cp2 = cp; (c = *cp2) != '\0'; cp2++) {
+ if (c == ',') {
+ *cp2++ = '\0';
+ if (*cp2 == '@')
+ cp2++;
+ } else if (c == '@') {
+ *cp2++ = '\0';
+ }
+#if 0 /*colon conflicts with IPv6 address*/
+ else if (c == ':') {
+ *cp2++ = '\0';
+ }
+#endif
+ else
+ continue;
+ break;
+ }
+ if (!c)
+ cp2 = 0;
+
+ error = getaddrinfo(cp, NULL, &hints, &res);
+ if (error) {
+ fprintf(stderr, "%s: %s\n", cp, gai_strerror(error));
+ return -1;
+ }
+ if (ai->ai_family != res->ai_family) {
+ freeaddrinfo(res);
+ return -1;
+ }
+ if (ai->ai_family == AF_INET) {
+ /*
+ * Check to make sure there is space for address
+ */
+ if (lsrp + 4 > lsrep) {
+ freeaddrinfo(res);
+ return -1;
+ }
+ sin = (struct sockaddr_in *)res->ai_addr;
+ memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr));
+ lsrp += sizeof(struct in_addr);
+ }
+#ifdef INET6
+ else if (ai->ai_family == AF_INET6) {
+ sin6 = (struct sockaddr_in6 *)res->ai_addr;
+ inet6_rthdr_add(cmsg, &sin6->sin6_addr,
+ IPV6_RTHDR_LOOSE);
+ }
+#endif
+ else {
+ freeaddrinfo(res);
+ return -1;
+ }
+ freeaddrinfo(res);
+ if (cp2)
+ cp = cp2;
+ else
+ break;
+ }
+ if (ai->ai_family == AF_INET) {
+ /* record the last hop */
+ if (lsrp + 4 > lsrep)
+ return -1;
+ sin = (struct sockaddr_in *)ai->ai_addr;
+ memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr));
+ lsrp += sizeof(struct in_addr);
+#ifndef sysV88
+ lsr[IPOPT_OLEN] = lsrp - lsr;
+ if (lsr[IPOPT_OLEN] <= 7 || lsr[IPOPT_OLEN] > 40)
+ return -1;
+ *lsrp++ = IPOPT_NOP; /*32bit word align*/
+ len = lsrp - lsr;
+ *cpp = lsr;
+#else
+ ipopt.io_len = lsrp - lsr;
+ if (ipopt.io_len <= 5) /*is 3 better?*/
+ return -1;
+ *cpp = (char 8)&ipopt;
+#endif
+ }
+#ifdef INET6
+ else if (ai->ai_family == AF_INET6) {
+ inet6_rthdr_lasthop(cmsg, IPV6_RTHDR_LOOSE);
+ len = cmsg->cmsg_len;
+ *cpp = rhbuf;
+ }
+#endif
+ else
+ return -1;
+ return len;
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/defines.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/defines.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/defines.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)defines.h 8.1 (Berkeley) 6/6/93
+ */
+
+#define settimer(x) clocks.x = clocks.system++
+
+#define NETADD(c) { *netoring.supply = c; ring_supplied(&netoring, 1); }
+#define NET2ADD(c1,c2) { NETADD(c1); NETADD(c2); }
+#define NETBYTES() (ring_full_count(&netoring))
+#define NETROOM() (ring_empty_count(&netoring))
+
+#define TTYADD(c) if (!(SYNCHing||flushout)) { \
+ *ttyoring.supply = c; \
+ ring_supplied(&ttyoring, 1); \
+ }
+#define TTYBYTES() (ring_full_count(&ttyoring))
+#define TTYROOM() (ring_empty_count(&ttyoring))
+
+/* Various modes */
+#define MODE_LOCAL_CHARS(m) ((m)&(MODE_EDIT|MODE_TRAPSIG))
+#define MODE_LOCAL_ECHO(m) ((m)&MODE_ECHO)
+#define MODE_COMMAND_LINE(m) ((m)==-1)
+
+#define CONTROL(x) ((x)&0x1f) /* CTRL(x) is not portable */
+
+
+/* XXX extra mode bits, these should be synced with <arpa/telnet.h> */
+
+#define MODE_OUT8 0x8000 /* binary mode sans -opost */
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/externs.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/externs.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/externs.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,444 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)externs.h 8.3 (Berkeley) 5/30/95
+ */
+
+/* $Id: externs.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef BSD
+# define BSD 43
+#endif
+
+#ifndef _POSIX_VDISABLE
+# ifdef sun
+# include <sys/param.h> /* pick up VDISABLE definition, mayby */
+# endif
+# ifdef VDISABLE
+# define _POSIX_VDISABLE VDISABLE
+# else
+# define _POSIX_VDISABLE ((cc_t)'\377')
+# endif
+#endif
+
+#define SUBBUFSIZE 256
+
+extern int
+ autologin, /* Autologin enabled */
+ skiprc, /* Don't process the ~/.telnetrc file */
+ eight, /* use eight bit mode (binary in and/or out */
+ binary,
+ flushout, /* flush output */
+ connected, /* Are we connected to the other side? */
+ globalmode, /* Mode tty should be in */
+ telnetport, /* Are we connected to the telnet port? */
+ localflow, /* Flow control handled locally */
+ restartany, /* If flow control, restart output on any character */
+ localchars, /* we recognize interrupt/quit */
+ donelclchars, /* the user has set "localchars" */
+ showoptions,
+ wantencryption, /* User has requested encryption */
+ net, /* Network file descriptor */
+ tin, /* Terminal input file descriptor */
+ tout, /* Terminal output file descriptor */
+ crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+ autoflush, /* flush output when interrupting? */
+ autosynch, /* send interrupt characters with SYNCH? */
+ SYNCHing, /* Is the stream in telnet SYNCH mode? */
+ donebinarytoggle, /* the user has put us in binary */
+ dontlecho, /* do we suppress local echoing right now? */
+ crmod,
+ netdata, /* Print out network data flow */
+ prettydump, /* Print "netdata" output in user readable format */
+ termdata, /* Print out terminal data flow */
+ debug; /* Debug level */
+
+extern int intr_happened, intr_waiting; /* for interrupt handling */
+
+extern cc_t escape; /* Escape to command mode */
+extern cc_t rlogin; /* Rlogin mode escape character */
+#ifdef KLUDGELINEMODE
+extern cc_t echoc; /* Toggle local echoing */
+#endif
+
+extern char
+ *prompt; /* Prompt for command. */
+
+extern char
+ doopt[],
+ dont[],
+ will[],
+ wont[],
+ do_dont_resp[],
+ will_wont_resp[],
+ options[], /* All the little options */
+ *hostname; /* Who are we connected to? */
+#if defined(ENCRYPTION)
+extern void (*encrypt_output) (unsigned char *, int);
+extern int (*decrypt_input) (int);
+#endif
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define MY_STATE_WILL 0x01
+#define MY_WANT_STATE_WILL 0x02
+#define MY_STATE_DO 0x04
+#define MY_WANT_STATE_DO 0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define my_state_is_do(opt) (options[opt]&MY_STATE_DO)
+#define my_state_is_will(opt) (options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt) (options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt) (options[opt]&MY_WANT_STATE_WILL)
+
+#define my_state_is_dont(opt) (!my_state_is_do(opt))
+#define my_state_is_wont(opt) (!my_state_is_will(opt))
+#define my_want_state_is_dont(opt) (!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt) (!my_want_state_is_will(opt))
+
+#define set_my_state_do(opt) {options[opt] |= MY_STATE_DO;}
+#define set_my_state_will(opt) {options[opt] |= MY_STATE_WILL;}
+#define set_my_want_state_do(opt) {options[opt] |= MY_WANT_STATE_DO;}
+#define set_my_want_state_will(opt) {options[opt] |= MY_WANT_STATE_WILL;}
+
+#define set_my_state_dont(opt) {options[opt] &= ~MY_STATE_DO;}
+#define set_my_state_wont(opt) {options[opt] &= ~MY_STATE_WILL;}
+#define set_my_want_state_dont(opt) {options[opt] &= ~MY_WANT_STATE_DO;}
+#define set_my_want_state_wont(opt) {options[opt] &= ~MY_WANT_STATE_WILL;}
+
+/*
+ * Make everything symmetrical
+ */
+
+#define HIS_STATE_WILL MY_STATE_DO
+#define HIS_WANT_STATE_WILL MY_WANT_STATE_DO
+#define HIS_STATE_DO MY_STATE_WILL
+#define HIS_WANT_STATE_DO MY_WANT_STATE_WILL
+
+#define his_state_is_do my_state_is_will
+#define his_state_is_will my_state_is_do
+#define his_want_state_is_do my_want_state_is_will
+#define his_want_state_is_will my_want_state_is_do
+
+#define his_state_is_dont my_state_is_wont
+#define his_state_is_wont my_state_is_dont
+#define his_want_state_is_dont my_want_state_is_wont
+#define his_want_state_is_wont my_want_state_is_dont
+
+#define set_his_state_do set_my_state_will
+#define set_his_state_will set_my_state_do
+#define set_his_want_state_do set_my_want_state_will
+#define set_his_want_state_will set_my_want_state_do
+
+#define set_his_state_dont set_my_state_wont
+#define set_his_state_wont set_my_state_dont
+#define set_his_want_state_dont set_my_want_state_wont
+#define set_his_want_state_wont set_my_want_state_dont
+
+
+extern FILE
+ *NetTrace; /* Where debugging output goes */
+extern char
+ NetTraceFile[]; /* Name of file where debugging output goes */
+extern void
+ SetNetTrace (char *); /* Function to change where debugging goes */
+
+extern jmp_buf
+ peerdied,
+ toplevel; /* For error conditions. */
+
+int Scheduler(int);
+extern int scheduler_lockout_tty;
+
+
+/* authenc.c */
+
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+int telnet_net_write(unsigned char *str, int len);
+void net_encrypt(void);
+int telnet_spin(void);
+char *telnet_getenv(const char *val);
+char *telnet_gets(char *prompt, char *result, int length, int echo);
+#endif
+
+/* commands.c */
+
+struct env_lst *env_define (unsigned char *, unsigned char *);
+struct env_lst *env_find(unsigned char *var);
+void env_init (void);
+void env_undefine (unsigned char *);
+void env_export (unsigned char *);
+void env_unexport (unsigned char *);
+void env_send (unsigned char *);
+void env_list (void);
+unsigned char * env_default(int init, int welldefined);
+unsigned char * env_getvalue(unsigned char *var);
+
+void set_escape_char(char *s);
+int sourceroute(struct addrinfo *ai, char *arg, char **cpp,
+ int *prototp, int *optp);
+
+#if defined(AUTHENTICATION)
+int auth_enable (char *);
+int auth_disable (char *);
+int auth_status (void);
+#endif
+
+#if defined(ENCRYPTION)
+int EncryptEnable (char *, char *);
+int EncryptDisable (char *, char *);
+int EncryptType (char *, char *);
+int EncryptStart (char *);
+int EncryptStartInput (void);
+int EncryptStartOutput (void);
+int EncryptStop (char *);
+int EncryptStopInput (void);
+int EncryptStopOutput (void);
+int EncryptStatus (void);
+#endif
+
+#ifdef SIGINFO
+RETSIGTYPE ayt_status(int);
+#endif
+int tn(int argc, char **argv);
+void command(int top, char *tbuf, int cnt);
+
+/* main.c */
+
+void tninit(void);
+void set_forward_options(void);
+
+/* network.c */
+
+void init_network(void);
+int stilloob(void);
+void setneturg(void);
+int netflush(void);
+
+/* sys_bsd.c */
+
+void init_sys(void);
+int TerminalWrite(char *buf, int n);
+int TerminalRead(unsigned char *buf, int n);
+int TerminalAutoFlush(void);
+int TerminalSpecialChars(int c);
+void TerminalFlushOutput(void);
+void TerminalSaveState(void);
+void TerminalDefaultChars(void);
+void TerminalNewMode(int f);
+cc_t *tcval(int func);
+void TerminalSpeeds(long *input_speed, long *output_speed);
+int TerminalWindowSize(long *rows, long *cols);
+int NetClose(int fd);
+void NetNonblockingIO(int fd, int onoff);
+int process_rings(int netin, int netout, int netex, int ttyin, int ttyout,
+ int poll);
+
+/* telnet.c */
+
+void init_telnet(void);
+
+void tel_leave_binary(int rw);
+void tel_enter_binary(int rw);
+int opt_welldefined(char *ep);
+int telrcv(void);
+int rlogin_susp(void);
+void intp(void);
+void sendbrk(void);
+void sendabort(void);
+void sendsusp(void);
+void sendeof(void);
+void sendayt(void);
+
+void xmitAO(void);
+void xmitEL(void);
+void xmitEC(void);
+
+
+void Dump (char, unsigned char *, int);
+void printoption (char *, int, int);
+void printsub (int, unsigned char *, int);
+void sendnaws (void);
+void setconnmode (int);
+void setcommandmode (void);
+void setneturg (void);
+void sys_telnet_init (void);
+void my_telnet (char *);
+void tel_enter_binary (int);
+void TerminalFlushOutput (void);
+void TerminalNewMode (int);
+void TerminalRestoreState (void);
+void TerminalSaveState (void);
+void willoption (int);
+void wontoption (int);
+
+
+void send_do (int, int);
+void send_dont (int, int);
+void send_will (int, int);
+void send_wont (int, int);
+
+void lm_will (unsigned char *, int);
+void lm_wont (unsigned char *, int);
+void lm_do (unsigned char *, int);
+void lm_dont (unsigned char *, int);
+void lm_mode (unsigned char *, int, int);
+
+void slc_init (void);
+void slcstate (void);
+void slc_mode_export (void);
+void slc_mode_import (int);
+void slc_import (int);
+void slc_export (void);
+void slc (unsigned char *, int);
+void slc_check (void);
+void slc_start_reply (void);
+void slc_add_reply (unsigned char, unsigned char, cc_t);
+void slc_end_reply (void);
+int slc_update (void);
+
+void env_opt (unsigned char *, int);
+void env_opt_start (void);
+void env_opt_start_info (void);
+void env_opt_add (unsigned char *);
+void env_opt_end (int);
+
+unsigned char *env_default (int, int);
+unsigned char *env_getvalue (unsigned char *);
+
+int get_status (void);
+int dosynch (void);
+
+cc_t *tcval (int);
+
+int quit (void);
+
+/* terminal.c */
+
+void init_terminal(void);
+int ttyflush(int drop);
+int getconnmode(void);
+
+/* utilities.c */
+
+int SetSockOpt(int fd, int level, int option, int yesno);
+void SetNetTrace(char *file);
+void Dump(char direction, unsigned char *buffer, int length);
+void printoption(char *direction, int cmd, int option);
+void optionstatus(void);
+void printsub(int direction, unsigned char *pointer, int length);
+void EmptyTerminal(void);
+void SetForExit(void);
+void Exit(int returnCode);
+void ExitString(char *string, int returnCode);
+
+extern struct termios new_tc;
+
+# define termEofChar new_tc.c_cc[VEOF]
+# define termEraseChar new_tc.c_cc[VERASE]
+# define termIntChar new_tc.c_cc[VINTR]
+# define termKillChar new_tc.c_cc[VKILL]
+# define termQuitChar new_tc.c_cc[VQUIT]
+
+# ifndef VSUSP
+extern cc_t termSuspChar;
+# else
+# define termSuspChar new_tc.c_cc[VSUSP]
+# endif
+# if defined(VFLUSHO) && !defined(VDISCARD)
+# define VDISCARD VFLUSHO
+# endif
+# ifndef VDISCARD
+extern cc_t termFlushChar;
+# else
+# define termFlushChar new_tc.c_cc[VDISCARD]
+# endif
+# ifndef VWERASE
+extern cc_t termWerasChar;
+# else
+# define termWerasChar new_tc.c_cc[VWERASE]
+# endif
+# ifndef VREPRINT
+extern cc_t termRprntChar;
+# else
+# define termRprntChar new_tc.c_cc[VREPRINT]
+# endif
+# ifndef VLNEXT
+extern cc_t termLiteralNextChar;
+# else
+# define termLiteralNextChar new_tc.c_cc[VLNEXT]
+# endif
+# ifndef VSTART
+extern cc_t termStartChar;
+# else
+# define termStartChar new_tc.c_cc[VSTART]
+# endif
+# ifndef VSTOP
+extern cc_t termStopChar;
+# else
+# define termStopChar new_tc.c_cc[VSTOP]
+# endif
+# ifndef VEOL
+extern cc_t termForw1Char;
+# else
+# define termForw1Char new_tc.c_cc[VEOL]
+# endif
+# ifndef VEOL2
+extern cc_t termForw2Char;
+# else
+# define termForw2Char new_tc.c_cc[VEOL]
+# endif
+# ifndef VSTATUS
+extern cc_t termAytChar;
+#else
+# define termAytChar new_tc.c_cc[VSTATUS]
+#endif
+
+/* Ring buffer structures which are shared */
+
+extern Ring
+ netoring,
+ netiring,
+ ttyoring,
+ ttyiring;
+
+extern int resettermname;
+extern int linemode;
+#ifdef KLUDGELINEMODE
+extern int kludgelinemode;
+#endif
+extern int want_status_response;
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/main.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/main.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/main.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,370 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+static char *copyright[] = {
+ "@(#) Copyright (c) 1988, 1990, 1993\n"
+ "\tThe Regents of the University of California. All rights reserved.\n",
+ (char*)copyright
+};
+
+#include "telnet_locl.h"
+RCSID("$Id: main.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if KRB5
+#define FORWARD
+#endif
+
+/*
+ * Initialize variables.
+ */
+void
+tninit(void)
+{
+ init_terminal();
+
+ init_network();
+
+ init_telnet();
+
+ init_sys();
+}
+
+static void
+usage(int exit_code)
+{
+ fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
+#ifdef AUTHENTICATION
+ "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
+ "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
+#else
+ "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
+ "\n\t[-n tracefile]",
+#endif
+ "[-r] ",
+#ifdef ENCRYPTION
+ "[-x] [host-name [port]]"
+#else
+ "[host-name [port]]"
+#endif
+ );
+ exit(exit_code);
+}
+
+/*
+ * main. Parse arguments, invoke the protocol or command parser.
+ */
+
+
+#ifdef FORWARD
+int forward_option = 0; /* forward flags set from command line */
+#endif /* FORWARD */
+void
+set_forward_options(void)
+{
+#ifdef FORWARD
+ switch(forward_option) {
+ case 'f':
+ kerberos5_set_forward(1);
+ kerberos5_set_forwardable(0);
+ break;
+ case 'F':
+ kerberos5_set_forward(1);
+ kerberos5_set_forwardable(1);
+ break;
+ case 'G':
+ kerberos5_set_forward(0);
+ kerberos5_set_forwardable(0);
+ break;
+ default:
+ break;
+ }
+#endif
+}
+
+#ifdef KRB5
+#define Authenticator asn1_Authenticator
+#include <krb5.h>
+static void
+krb5_init(void)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_boolean ret_val;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return;
+
+#if defined(AUTHENTICATION) && defined(FORWARD)
+ krb5_appdefault_boolean(context, NULL,
+ NULL, "forward",
+ 0, &ret_val);
+ if (ret_val)
+ kerberos5_set_forward(1);
+ krb5_appdefault_boolean(context, NULL,
+ NULL, "forwardable",
+ 0, &ret_val);
+ if (ret_val)
+ kerberos5_set_forwardable(1);
+#endif
+#ifdef ENCRYPTION
+ krb5_appdefault_boolean(context, NULL,
+ NULL, "encrypt",
+ 0, &ret_val);
+ if (ret_val) {
+ encrypt_auto(1);
+ decrypt_auto(1);
+ wantencryption = 1;
+ EncryptVerbose(1);
+ }
+#endif
+
+ krb5_free_context(context);
+}
+#endif
+
+#if defined(AUTHENTICATION) && defined(KRB4)
+extern char *dest_realm, dst_realm_buf[];
+extern int dst_realm_sz;
+#endif
+
+int
+main(int argc, char **argv)
+{
+ int ch;
+ char *user;
+
+ setprogname(argv[0]);
+
+#ifdef KRB5
+ krb5_init();
+#endif
+
+ tninit(); /* Clear out things */
+
+ TerminalSaveState();
+
+ if ((prompt = strrchr(argv[0], '/')))
+ ++prompt;
+ else
+ prompt = argv[0];
+
+ user = NULL;
+
+ rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
+
+ /*
+ * if AUTHENTICATION and ENCRYPTION is set autologin will be
+ * se to true after the getopt switch; unless the -K option is
+ * passed
+ */
+ autologin = -1;
+
+ if (argc == 2 && strcmp(argv[1], "--version") == 0) {
+ print_version(NULL);
+ exit(0);
+ }
+ if (argc == 2 && strcmp(argv[1], "--help") == 0)
+ usage(0);
+
+
+ while((ch = getopt(argc, argv,
+ "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
+ switch(ch) {
+ case '8':
+ eight = 3; /* binary output and input */
+ break;
+ case '7':
+ eight = 0;
+ break;
+ case 'b':
+ binary = 3;
+ break;
+ case 'D': {
+ /* sometimes we don't want a mangled display */
+ char *p;
+ if((p = getenv("DISPLAY")))
+ env_define((unsigned char*)"DISPLAY", (unsigned char*)p);
+ break;
+ }
+ case 'E':
+ rlogin = escape = _POSIX_VDISABLE;
+ break;
+ case 'K':
+#ifdef AUTHENTICATION
+ autologin = 0;
+#endif
+ break;
+ case 'L':
+ eight |= 2; /* binary output only */
+ break;
+ case 'S':
+ {
+#ifdef HAVE_PARSETOS
+ extern int tos;
+
+ if ((tos = parsetos(optarg, "tcp")) < 0)
+ fprintf(stderr, "%s%s%s%s\n",
+ prompt, ": Bad TOS argument '",
+ optarg,
+ "; will try to use default TOS");
+#else
+ fprintf(stderr,
+ "%s: Warning: -S ignored, no parsetos() support.\n",
+ prompt);
+#endif
+ }
+ break;
+ case 'X':
+#ifdef AUTHENTICATION
+ auth_disable_name(optarg);
+#endif
+ break;
+ case 'a':
+ autologin = 1;
+ break;
+ case 'c':
+ skiprc = 1;
+ break;
+ case 'd':
+ debug = 1;
+ break;
+ case 'e':
+ set_escape_char(optarg);
+ break;
+ case 'f':
+ case 'F':
+ case 'G':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+ if (forward_option) {
+ fprintf(stderr,
+ "%s: Only one of -f, -F and -G allowed.\n",
+ prompt);
+ usage(1);
+ }
+ forward_option = ch;
+#else
+ fprintf(stderr,
+ "%s: Warning: -%c ignored, no Kerberos V5 support.\n",
+ prompt, ch);
+#endif
+ break;
+ case 'k':
+#if defined(AUTHENTICATION) && defined(KRB4)
+ {
+ dest_realm = dst_realm_buf;
+ strlcpy(dest_realm, optarg, dst_realm_sz);
+ }
+#else
+ fprintf(stderr,
+ "%s: Warning: -k ignored, no Kerberos V4 support.\n",
+ prompt);
+#endif
+ break;
+ case 'l':
+ if(autologin == 0){
+ fprintf(stderr, "%s: Warning: -K ignored\n", prompt);
+ autologin = -1;
+ }
+ user = optarg;
+ break;
+ case 'n':
+ SetNetTrace(optarg);
+ break;
+ case 'r':
+ rlogin = '~';
+ break;
+ case 'x':
+#ifdef ENCRYPTION
+ encrypt_auto(1);
+ decrypt_auto(1);
+ wantencryption = 1;
+ EncryptVerbose(1);
+#else
+ fprintf(stderr,
+ "%s: Warning: -x ignored, no ENCRYPT support.\n",
+ prompt);
+#endif
+ break;
+
+ case '?':
+ default:
+ usage(1);
+ /* NOTREACHED */
+ }
+ }
+
+ if (autologin == -1) { /* esc at magic.fi; force */
+#if defined(AUTHENTICATION)
+ autologin = 1;
+#endif
+#if defined(ENCRYPTION)
+ encrypt_auto(1);
+ decrypt_auto(1);
+ wantencryption = -1;
+#endif
+ }
+
+ if (autologin == -1)
+ autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc) {
+ char *args[7], **argp = args;
+
+ if (argc > 2)
+ usage(1);
+ *argp++ = prompt;
+ if (user) {
+ *argp++ = "-l";
+ *argp++ = user;
+ }
+ *argp++ = argv[0]; /* host */
+ if (argc > 1)
+ *argp++ = argv[1]; /* port */
+ *argp = 0;
+
+ if (setjmp(toplevel) != 0)
+ Exit(0);
+ if (tn(argp - args, args) == 1)
+ return (0);
+ else
+ return (1);
+ }
+ setjmp(toplevel);
+ for (;;) {
+ command(1, 0, 0);
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/network.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/network.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/network.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: network.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+Ring netoring, netiring;
+size_t netobufsize = 64*1024;
+size_t netibufsize = 64*1024;
+
+/*
+ * Initialize internal network data structures.
+ */
+
+void
+init_network(void)
+{
+ void *obuf, *ibuf;
+
+ if ((obuf = malloc(netobufsize)) == NULL)
+ exit(1);
+ if ((ibuf = malloc(netibufsize)) == NULL)
+ exit(1);
+
+ if (ring_init(&netoring, obuf, netobufsize) != 1) {
+ exit(1);
+ }
+ if (ring_init(&netiring, ibuf, netibufsize) != 1) {
+ exit(1);
+ }
+ NetTrace = stdout;
+}
+
+
+/*
+ * Check to see if any out-of-band data exists on a socket (for
+ * Telnet "synch" processing).
+ */
+
+int
+stilloob(void)
+{
+ static struct timeval timeout = { 0 };
+ fd_set excepts;
+ int value;
+
+ do {
+ FD_ZERO(&excepts);
+ if (net >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET(net, &excepts);
+ value = select(net+1, 0, 0, &excepts, &timeout);
+ } while ((value == -1) && (errno == EINTR));
+
+ if (value < 0) {
+ perror("select");
+ quit();
+ /* NOTREACHED */
+ }
+ if (FD_ISSET(net, &excepts)) {
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+
+/*
+ * setneturg()
+ *
+ * Sets "neturg" to the current location.
+ */
+
+void
+setneturg(void)
+{
+ ring_mark(&netoring);
+}
+
+
+/*
+ * netflush
+ * Send as much data as possible to the network,
+ * handling requests for urgent data.
+ *
+ * The return value indicates whether we did any
+ * useful work.
+ */
+
+
+int
+netflush(void)
+{
+ int n, n1;
+
+#if defined(ENCRYPTION)
+ if (encrypt_output)
+ ring_encrypt(&netoring, encrypt_output);
+#endif
+ if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
+ if (!ring_at_mark(&netoring)) {
+ n = send(net, (char *)netoring.consume, n, 0); /* normal write */
+ } else {
+ /*
+ * In 4.2 (and 4.3) systems, there is some question about
+ * what byte in a sendOOB operation is the "OOB" data.
+ * To make ourselves compatible, we only send ONE byte
+ * out of band, the one WE THINK should be OOB (though
+ * we really have more the TCP philosophy of urgent data
+ * rather than the Unix philosophy of OOB data).
+ */
+ n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
+ }
+ }
+ if (n < 0) {
+ if (errno != ENOBUFS && errno != EWOULDBLOCK) {
+ setcommandmode();
+ perror(hostname);
+ NetClose(net);
+ ring_clear_mark(&netoring);
+ longjmp(peerdied, -1);
+ /*NOTREACHED*/
+ }
+ n = 0;
+ }
+ if (netdata && n) {
+ Dump('>', netoring.consume, n);
+ }
+ if (n) {
+ ring_consumed(&netoring, n);
+ /*
+ * If we sent all, and more to send, then recurse to pick
+ * up the other half.
+ */
+ if ((n1 == n) && ring_full_consecutive(&netoring)) {
+ netflush();
+ }
+ return 1;
+ } else {
+ return 0;
+ }
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,321 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: ring.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ * full: [consume, supply)
+ * empty: [supply, consume)
+ *]]]
+ *
+ */
+
+/* Internal macros */
+
+#define ring_subtract(d,a,b) (((a)-(b) >= 0)? \
+ (a)-(b): (((a)-(b))+(d)->size))
+
+#define ring_increment(d,a,c) (((a)+(c) < (d)->top)? \
+ (a)+(c) : (((a)+(c))-(d)->size))
+
+#define ring_decrement(d,a,c) (((a)-(c) >= (d)->bottom)? \
+ (a)-(c) : (((a)-(c))-(d)->size))
+
+
+/*
+ * The following is a clock, used to determine full, empty, etc.
+ *
+ * There is some trickiness here. Since the ring buffers are initialized
+ * to ZERO on allocation, we need to make sure, when interpreting the
+ * clock, that when the times are EQUAL, then the buffer is FULL.
+ */
+static u_long ring_clock = 0;
+
+
+#define ring_empty(d) (((d)->consume == (d)->supply) && \
+ ((d)->consumetime >= (d)->supplytime))
+#define ring_full(d) (((d)->supply == (d)->consume) && \
+ ((d)->supplytime > (d)->consumetime))
+
+
+
+
+
+/* Buffer state transition routines */
+
+int
+ring_init(Ring *ring, unsigned char *buffer, int count)
+{
+ memset(ring, 0, sizeof *ring);
+
+ ring->size = count;
+
+ ring->supply = ring->consume = ring->bottom = buffer;
+
+ ring->top = ring->bottom+ring->size;
+
+#if defined(ENCRYPTION)
+ ring->clearto = 0;
+#endif
+
+ return 1;
+}
+
+/* Mark routines */
+
+/*
+ * Mark the most recently supplied byte.
+ */
+
+void
+ring_mark(Ring *ring)
+{
+ ring->mark = ring_decrement(ring, ring->supply, 1);
+}
+
+/*
+ * Is the ring pointing to the mark?
+ */
+
+int
+ring_at_mark(Ring *ring)
+{
+ if (ring->mark == ring->consume) {
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+/*
+ * Clear any mark set on the ring.
+ */
+
+void
+ring_clear_mark(Ring *ring)
+{
+ ring->mark = 0;
+}
+
+/*
+ * Add characters from current segment to ring buffer.
+ */
+void
+ring_supplied(Ring *ring, int count)
+{
+ ring->supply = ring_increment(ring, ring->supply, count);
+ ring->supplytime = ++ring_clock;
+}
+
+/*
+ * We have just consumed "c" bytes.
+ */
+void
+ring_consumed(Ring *ring, int count)
+{
+ if (count == 0) /* don't update anything */
+ return;
+
+ if (ring->mark &&
+ (ring_subtract(ring, ring->mark, ring->consume) < count)) {
+ ring->mark = 0;
+ }
+#if defined(ENCRYPTION)
+ if (ring->consume < ring->clearto &&
+ ring->clearto <= ring->consume + count)
+ ring->clearto = 0;
+ else if (ring->consume + count > ring->top &&
+ ring->bottom <= ring->clearto &&
+ ring->bottom + ((ring->consume + count) - ring->top))
+ ring->clearto = 0;
+#endif
+ ring->consume = ring_increment(ring, ring->consume, count);
+ ring->consumetime = ++ring_clock;
+ /*
+ * Try to encourage "ring_empty_consecutive()" to be large.
+ */
+ if (ring_empty(ring)) {
+ ring->consume = ring->supply = ring->bottom;
+ }
+}
+
+
+
+/* Buffer state query routines */
+
+
+/* Number of bytes that may be supplied */
+int
+ring_empty_count(Ring *ring)
+{
+ if (ring_empty(ring)) { /* if empty */
+ return ring->size;
+ } else {
+ return ring_subtract(ring, ring->consume, ring->supply);
+ }
+}
+
+/* number of CONSECUTIVE bytes that may be supplied */
+int
+ring_empty_consecutive(Ring *ring)
+{
+ if ((ring->consume < ring->supply) || ring_empty(ring)) {
+ /*
+ * if consume is "below" supply, or empty, then
+ * return distance to the top
+ */
+ return ring_subtract(ring, ring->top, ring->supply);
+ } else {
+ /*
+ * else, return what we may.
+ */
+ return ring_subtract(ring, ring->consume, ring->supply);
+ }
+}
+
+/* Return the number of bytes that are available for consuming
+ * (but don't give more than enough to get to cross over set mark)
+ */
+
+int
+ring_full_count(Ring *ring)
+{
+ if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+ if (ring_full(ring)) {
+ return ring->size; /* nothing consumed, but full */
+ } else {
+ return ring_subtract(ring, ring->supply, ring->consume);
+ }
+ } else {
+ return ring_subtract(ring, ring->mark, ring->consume);
+ }
+}
+
+/*
+ * Return the number of CONSECUTIVE bytes available for consuming.
+ * However, don't return more than enough to cross over set mark.
+ */
+int
+ring_full_consecutive(Ring *ring)
+{
+ if ((ring->mark == 0) || (ring->mark == ring->consume)) {
+ if ((ring->supply < ring->consume) || ring_full(ring)) {
+ return ring_subtract(ring, ring->top, ring->consume);
+ } else {
+ return ring_subtract(ring, ring->supply, ring->consume);
+ }
+ } else {
+ if (ring->mark < ring->consume) {
+ return ring_subtract(ring, ring->top, ring->consume);
+ } else { /* Else, distance to mark */
+ return ring_subtract(ring, ring->mark, ring->consume);
+ }
+ }
+}
+
+/*
+ * Move data into the "supply" portion of of the ring buffer.
+ */
+void
+ring_supply_data(Ring *ring, unsigned char *buffer, int count)
+{
+ int i;
+
+ while (count) {
+ i = min(count, ring_empty_consecutive(ring));
+ memmove(ring->supply, buffer, i);
+ ring_supplied(ring, i);
+ count -= i;
+ buffer += i;
+ }
+}
+
+#ifdef notdef
+
+/*
+ * Move data from the "consume" portion of the ring buffer
+ */
+void
+ring_consume_data(Ring *ring, unsigned char *buffer, int count)
+{
+ int i;
+
+ while (count) {
+ i = min(count, ring_full_consecutive(ring));
+ memmove(buffer, ring->consume, i);
+ ring_consumed(ring, i);
+ count -= i;
+ buffer += i;
+ }
+}
+#endif
+
+#if defined(ENCRYPTION)
+void
+ring_encrypt(Ring *ring, void (*encryptor)(unsigned char *, int))
+{
+ unsigned char *s, *c;
+
+ if (ring_empty(ring) || ring->clearto == ring->supply)
+ return;
+
+ if (!(c = ring->clearto))
+ c = ring->consume;
+
+ s = ring->supply;
+
+ if (s <= c) {
+ (*encryptor)(c, ring->top - c);
+ (*encryptor)(ring->bottom, s - ring->bottom);
+ } else
+ (*encryptor)(c, s - c);
+
+ ring->clearto = ring->supply;
+}
+
+void
+ring_clearto(Ring *ring)
+{
+ if (!ring_empty(ring))
+ ring->clearto = ring->supply;
+ else
+ ring->clearto = 0;
+}
+#endif
+
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/ring.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)ring.h 8.1 (Berkeley) 6/6/93
+ */
+
+/* $Id: ring.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+/*
+ * This defines a structure for a ring buffer.
+ *
+ * The circular buffer has two parts:
+ *(((
+ * full: [consume, supply)
+ * empty: [supply, consume)
+ *]]]
+ *
+ */
+typedef struct {
+ unsigned char *consume, /* where data comes out of */
+ *supply, /* where data comes in to */
+ *bottom, /* lowest address in buffer */
+ *top, /* highest address+1 in buffer */
+ *mark; /* marker (user defined) */
+#if defined(ENCRYPTION)
+ unsigned char *clearto; /* Data to this point is clear text */
+ unsigned char *encryyptedto; /* Data is encrypted to here */
+#endif
+ int size; /* size in bytes of buffer */
+ u_long consumetime, /* help us keep straight full, empty, etc. */
+ supplytime;
+} Ring;
+
+/* Here are some functions and macros to deal with the ring buffer */
+
+/* Initialization routine */
+extern int
+ ring_init (Ring *ring, unsigned char *buffer, int count);
+
+/* Data movement routines */
+extern void
+ ring_supply_data (Ring *ring, unsigned char *buffer, int count);
+#ifdef notdef
+extern void
+ ring_consume_data (Ring *ring, unsigned char *buffer, int count);
+#endif
+
+/* Buffer state transition routines */
+extern void
+ ring_supplied (Ring *ring, int count),
+ ring_consumed (Ring *ring, int count);
+
+/* Buffer state query routines */
+extern int
+ ring_empty_count (Ring *ring),
+ ring_empty_consecutive (Ring *ring),
+ ring_full_count (Ring *ring),
+ ring_full_consecutive (Ring *ring);
+
+#if defined(ENCRYPTION)
+extern void
+ ring_encrypt (Ring *ring, void (*func)(unsigned char *, int)),
+ ring_clearto (Ring *ring);
+#endif
+
+extern int ring_at_mark(Ring *ring);
+
+extern void
+ ring_clear_mark(Ring *ring),
+ ring_mark(Ring *ring);
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/sys_bsd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/sys_bsd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/sys_bsd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,979 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: sys_bsd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * The following routines try to encapsulate what is system dependent
+ * (at least between 4.x and dos) which is used in telnet.c.
+ */
+
+int
+ tout, /* Output file descriptor */
+ tin, /* Input file descriptor */
+ net;
+
+struct termios old_tc = { 0 };
+extern struct termios new_tc;
+
+# ifndef TCSANOW
+# ifdef TCSETS
+# define TCSANOW TCSETS
+# define TCSADRAIN TCSETSW
+# define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
+# else
+# ifdef TCSETA
+# define TCSANOW TCSETA
+# define TCSADRAIN TCSETAW
+# define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
+# else
+# define TCSANOW TIOCSETA
+# define TCSADRAIN TIOCSETAW
+# define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
+# endif
+# endif
+# define tcsetattr(f, a, t) ioctl(f, a, (char *)t)
+# define cfgetospeed(ptr) ((ptr)->c_cflag&CBAUD)
+# ifdef CIBAUD
+# define cfgetispeed(ptr) (((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
+# else
+# define cfgetispeed(ptr) cfgetospeed(ptr)
+# endif
+# endif /* TCSANOW */
+
+static fd_set ibits, obits, xbits;
+
+
+void
+init_sys(void)
+{
+ tout = fileno(stdout);
+ tin = fileno(stdin);
+ FD_ZERO(&ibits);
+ FD_ZERO(&obits);
+ FD_ZERO(&xbits);
+
+ errno = 0;
+}
+
+
+int
+TerminalWrite(char *buf, int n)
+{
+ return write(tout, buf, n);
+}
+
+int
+TerminalRead(unsigned char *buf, int n)
+{
+ return read(tin, buf, n);
+}
+
+/*
+ *
+ */
+
+int
+TerminalAutoFlush(void)
+{
+#if defined(LNOFLSH)
+ int flush;
+
+ ioctl(0, TIOCLGET, (char *)&flush);
+ return !(flush&LNOFLSH); /* if LNOFLSH, no autoflush */
+#else /* LNOFLSH */
+ return 1;
+#endif /* LNOFLSH */
+}
+
+/*
+ * TerminalSpecialChars()
+ *
+ * Look at an input character to see if it is a special character
+ * and decide what to do.
+ *
+ * Output:
+ *
+ * 0 Don't add this character.
+ * 1 Do add this character
+ */
+
+int
+TerminalSpecialChars(int c)
+{
+ if (c == termIntChar) {
+ intp();
+ return 0;
+ } else if (c == termQuitChar) {
+#ifdef KLUDGELINEMODE
+ if (kludgelinemode)
+ sendbrk();
+ else
+#endif
+ sendabort();
+ return 0;
+ } else if (c == termEofChar) {
+ if (my_want_state_is_will(TELOPT_LINEMODE)) {
+ sendeof();
+ return 0;
+ }
+ return 1;
+ } else if (c == termSuspChar) {
+ sendsusp();
+ return(0);
+ } else if (c == termFlushChar) {
+ xmitAO(); /* Transmit Abort Output */
+ return 0;
+ } else if (!MODE_LOCAL_CHARS(globalmode)) {
+ if (c == termKillChar) {
+ xmitEL();
+ return 0;
+ } else if (c == termEraseChar) {
+ xmitEC(); /* Transmit Erase Character */
+ return 0;
+ }
+ }
+ return 1;
+}
+
+
+/*
+ * Flush output to the terminal
+ */
+
+void
+TerminalFlushOutput(void)
+{
+#ifdef TIOCFLUSH
+ ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
+#else
+ ioctl(fileno(stdout), TCFLSH, (char *) 0);
+#endif
+}
+
+void
+TerminalSaveState(void)
+{
+ tcgetattr(0, &old_tc);
+
+ new_tc = old_tc;
+
+#ifndef VDISCARD
+ termFlushChar = CONTROL('O');
+#endif
+#ifndef VWERASE
+ termWerasChar = CONTROL('W');
+#endif
+#ifndef VREPRINT
+ termRprntChar = CONTROL('R');
+#endif
+#ifndef VLNEXT
+ termLiteralNextChar = CONTROL('V');
+#endif
+#ifndef VSTART
+ termStartChar = CONTROL('Q');
+#endif
+#ifndef VSTOP
+ termStopChar = CONTROL('S');
+#endif
+#ifndef VSTATUS
+ termAytChar = CONTROL('T');
+#endif
+}
+
+cc_t*
+tcval(int func)
+{
+ switch(func) {
+ case SLC_IP: return(&termIntChar);
+ case SLC_ABORT: return(&termQuitChar);
+ case SLC_EOF: return(&termEofChar);
+ case SLC_EC: return(&termEraseChar);
+ case SLC_EL: return(&termKillChar);
+ case SLC_XON: return(&termStartChar);
+ case SLC_XOFF: return(&termStopChar);
+ case SLC_FORW1: return(&termForw1Char);
+ case SLC_FORW2: return(&termForw2Char);
+# ifdef VDISCARD
+ case SLC_AO: return(&termFlushChar);
+# endif
+# ifdef VSUSP
+ case SLC_SUSP: return(&termSuspChar);
+# endif
+# ifdef VWERASE
+ case SLC_EW: return(&termWerasChar);
+# endif
+# ifdef VREPRINT
+ case SLC_RP: return(&termRprntChar);
+# endif
+# ifdef VLNEXT
+ case SLC_LNEXT: return(&termLiteralNextChar);
+# endif
+# ifdef VSTATUS
+ case SLC_AYT: return(&termAytChar);
+# endif
+
+ case SLC_SYNCH:
+ case SLC_BRK:
+ case SLC_EOR:
+ default:
+ return((cc_t *)0);
+ }
+}
+
+void
+TerminalDefaultChars(void)
+{
+ memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
+# ifndef VDISCARD
+ termFlushChar = CONTROL('O');
+# endif
+# ifndef VWERASE
+ termWerasChar = CONTROL('W');
+# endif
+# ifndef VREPRINT
+ termRprntChar = CONTROL('R');
+# endif
+# ifndef VLNEXT
+ termLiteralNextChar = CONTROL('V');
+# endif
+# ifndef VSTART
+ termStartChar = CONTROL('Q');
+# endif
+# ifndef VSTOP
+ termStopChar = CONTROL('S');
+# endif
+# ifndef VSTATUS
+ termAytChar = CONTROL('T');
+# endif
+}
+
+#ifdef notdef
+void
+TerminalRestoreState()
+{
+}
+#endif
+
+/*
+ * TerminalNewMode - set up terminal to a specific mode.
+ * MODE_ECHO: do local terminal echo
+ * MODE_FLOW: do local flow control
+ * MODE_TRAPSIG: do local mapping to TELNET IAC sequences
+ * MODE_EDIT: do local line editing
+ *
+ * Command mode:
+ * MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
+ * local echo
+ * local editing
+ * local xon/xoff
+ * local signal mapping
+ *
+ * Linemode:
+ * local/no editing
+ * Both Linemode and Single Character mode:
+ * local/remote echo
+ * local/no xon/xoff
+ * local/no signal mapping
+ */
+
+
+#ifdef SIGTSTP
+static RETSIGTYPE susp(int);
+#endif /* SIGTSTP */
+#ifdef SIGINFO
+static RETSIGTYPE ayt(int);
+#endif
+
+void
+TerminalNewMode(int f)
+{
+ static int prevmode = 0;
+ struct termios tmp_tc;
+ int onoff;
+ int old;
+ cc_t esc;
+
+ globalmode = f&~MODE_FORCE;
+ if (prevmode == f)
+ return;
+
+ /*
+ * Write any outstanding data before switching modes
+ * ttyflush() returns 0 only when there is no more data
+ * left to write out, it returns -1 if it couldn't do
+ * anything at all, otherwise it returns 1 + the number
+ * of characters left to write.
+ */
+ old = ttyflush(SYNCHing|flushout);
+ if (old < 0 || old > 1) {
+ tcgetattr(tin, &tmp_tc);
+ do {
+ /*
+ * Wait for data to drain, then flush again.
+ */
+ tcsetattr(tin, TCSADRAIN, &tmp_tc);
+ old = ttyflush(SYNCHing|flushout);
+ } while (old < 0 || old > 1);
+ }
+
+ old = prevmode;
+ prevmode = f&~MODE_FORCE;
+ tmp_tc = new_tc;
+
+ if (f&MODE_ECHO) {
+ tmp_tc.c_lflag |= ECHO;
+ tmp_tc.c_oflag |= ONLCR;
+ if (crlf)
+ tmp_tc.c_iflag |= ICRNL;
+ } else {
+ tmp_tc.c_lflag &= ~ECHO;
+ tmp_tc.c_oflag &= ~ONLCR;
+# ifdef notdef
+ if (crlf)
+ tmp_tc.c_iflag &= ~ICRNL;
+# endif
+ }
+
+ if ((f&MODE_FLOW) == 0) {
+ tmp_tc.c_iflag &= ~(IXOFF|IXON); /* Leave the IXANY bit alone */
+ } else {
+ if (restartany < 0) {
+ tmp_tc.c_iflag |= IXOFF|IXON; /* Leave the IXANY bit alone */
+ } else if (restartany > 0) {
+ tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
+ } else {
+ tmp_tc.c_iflag |= IXOFF|IXON;
+ tmp_tc.c_iflag &= ~IXANY;
+ }
+ }
+
+ if ((f&MODE_TRAPSIG) == 0) {
+ tmp_tc.c_lflag &= ~ISIG;
+ localchars = 0;
+ } else {
+ tmp_tc.c_lflag |= ISIG;
+ localchars = 1;
+ }
+
+ if (f&MODE_EDIT) {
+ tmp_tc.c_lflag |= ICANON;
+ } else {
+ tmp_tc.c_lflag &= ~ICANON;
+ tmp_tc.c_iflag &= ~ICRNL;
+ tmp_tc.c_cc[VMIN] = 1;
+ tmp_tc.c_cc[VTIME] = 0;
+ }
+
+ if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
+# ifdef VLNEXT
+ tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
+# endif
+ }
+
+ if (f&MODE_SOFT_TAB) {
+# ifdef OXTABS
+ tmp_tc.c_oflag |= OXTABS;
+# endif
+# ifdef TABDLY
+ tmp_tc.c_oflag &= ~TABDLY;
+ tmp_tc.c_oflag |= TAB3;
+# endif
+ } else {
+# ifdef OXTABS
+ tmp_tc.c_oflag &= ~OXTABS;
+# endif
+# ifdef TABDLY
+ tmp_tc.c_oflag &= ~TABDLY;
+# endif
+ }
+
+ if (f&MODE_LIT_ECHO) {
+# ifdef ECHOCTL
+ tmp_tc.c_lflag &= ~ECHOCTL;
+# endif
+ } else {
+# ifdef ECHOCTL
+ tmp_tc.c_lflag |= ECHOCTL;
+# endif
+ }
+
+ if (f == -1) {
+ onoff = 0;
+ } else {
+ if (f & MODE_INBIN)
+ tmp_tc.c_iflag &= ~ISTRIP;
+ else
+ tmp_tc.c_iflag |= ISTRIP;
+ if ((f & MODE_OUTBIN) || (f & MODE_OUT8)) {
+ tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+ tmp_tc.c_cflag |= CS8;
+ if(f & MODE_OUTBIN)
+ tmp_tc.c_oflag &= ~OPOST;
+ else
+ tmp_tc.c_oflag |= OPOST;
+ } else {
+ tmp_tc.c_cflag &= ~(CSIZE|PARENB);
+ tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
+ tmp_tc.c_oflag |= OPOST;
+ }
+ onoff = 1;
+ }
+
+ if (f != -1) {
+
+#ifdef SIGTSTP
+ signal(SIGTSTP, susp);
+#endif /* SIGTSTP */
+#ifdef SIGINFO
+ signal(SIGINFO, ayt);
+#endif
+#ifdef NOKERNINFO
+ tmp_tc.c_lflag |= NOKERNINFO;
+#endif
+ /*
+ * We don't want to process ^Y here. It's just another
+ * character that we'll pass on to the back end. It has
+ * to process it because it will be processed when the
+ * user attempts to read it, not when we send it.
+ */
+# ifdef VDSUSP
+ tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
+# endif
+ /*
+ * If the VEOL character is already set, then use VEOL2,
+ * otherwise use VEOL.
+ */
+ esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
+ if ((tmp_tc.c_cc[VEOL] != esc)
+# ifdef VEOL2
+ && (tmp_tc.c_cc[VEOL2] != esc)
+# endif
+ ) {
+ if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
+ tmp_tc.c_cc[VEOL] = esc;
+# ifdef VEOL2
+ else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
+ tmp_tc.c_cc[VEOL2] = esc;
+# endif
+ }
+ } else {
+ sigset_t sm;
+
+#ifdef SIGINFO
+ signal(SIGINFO, ayt_status);
+#endif
+#ifdef SIGTSTP
+ signal(SIGTSTP, SIG_DFL);
+ sigemptyset(&sm);
+ sigaddset(&sm, SIGTSTP);
+ sigprocmask(SIG_UNBLOCK, &sm, NULL);
+#endif /* SIGTSTP */
+ tmp_tc = old_tc;
+ }
+ if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
+ tcsetattr(tin, TCSANOW, &tmp_tc);
+
+ ioctl(tin, FIONBIO, (char *)&onoff);
+ ioctl(tout, FIONBIO, (char *)&onoff);
+
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define DECODE_BAUD
+#endif
+
+#ifdef DECODE_BAUD
+#ifndef B7200
+#define B7200 B4800
+#endif
+
+#ifndef B14400
+#define B14400 B9600
+#endif
+
+#ifndef B19200
+# define B19200 B14400
+#endif
+
+#ifndef B28800
+#define B28800 B19200
+#endif
+
+#ifndef B38400
+# define B38400 B28800
+#endif
+
+#ifndef B57600
+#define B57600 B38400
+#endif
+
+#ifndef B76800
+#define B76800 B57600
+#endif
+
+#ifndef B115200
+#define B115200 B76800
+#endif
+
+#ifndef B230400
+#define B230400 B115200
+#endif
+
+
+/*
+ * This code assumes that the values B0, B50, B75...
+ * are in ascending order. They do not have to be
+ * contiguous.
+ */
+struct termspeeds {
+ long speed;
+ long value;
+} termspeeds[] = {
+ { 0, B0 }, { 50, B50 }, { 75, B75 },
+ { 110, B110 }, { 134, B134 }, { 150, B150 },
+ { 200, B200 }, { 300, B300 }, { 600, B600 },
+ { 1200, B1200 }, { 1800, B1800 }, { 2400, B2400 },
+ { 4800, B4800 }, { 7200, B7200 }, { 9600, B9600 },
+ { 14400, B14400 }, { 19200, B19200 }, { 28800, B28800 },
+ { 38400, B38400 }, { 57600, B57600 }, { 115200, B115200 },
+ { 230400, B230400 }, { -1, B230400 }
+};
+#endif /* DECODE_BAUD */
+
+void
+TerminalSpeeds(long *input_speed, long *output_speed)
+{
+#ifdef DECODE_BAUD
+ struct termspeeds *tp;
+#endif /* DECODE_BAUD */
+ long in, out;
+
+ out = cfgetospeed(&old_tc);
+ in = cfgetispeed(&old_tc);
+ if (in == 0)
+ in = out;
+
+#ifdef DECODE_BAUD
+ tp = termspeeds;
+ while ((tp->speed != -1) && (tp->value < in))
+ tp++;
+ *input_speed = tp->speed;
+
+ tp = termspeeds;
+ while ((tp->speed != -1) && (tp->value < out))
+ tp++;
+ *output_speed = tp->speed;
+#else /* DECODE_BAUD */
+ *input_speed = in;
+ *output_speed = out;
+#endif /* DECODE_BAUD */
+}
+
+int
+TerminalWindowSize(long *rows, long *cols)
+{
+ struct winsize ws;
+
+ if (get_window_size (STDIN_FILENO, &ws) == 0) {
+ *rows = ws.ws_row;
+ *cols = ws.ws_col;
+ return 1;
+ } else
+ return 0;
+}
+
+int
+NetClose(int fd)
+{
+ return close(fd);
+}
+
+
+void
+NetNonblockingIO(int fd, int onoff)
+{
+ ioctl(fd, FIONBIO, (char *)&onoff);
+}
+
+
+/*
+ * Various signal handling routines.
+ */
+
+static RETSIGTYPE deadpeer(int),
+ intr(int), intr2(int), susp(int), sendwin(int);
+#ifdef SIGINFO
+static RETSIGTYPE ayt(int);
+#endif
+
+
+ /* ARGSUSED */
+static RETSIGTYPE
+deadpeer(int sig)
+{
+ setcommandmode();
+ longjmp(peerdied, -1);
+}
+
+int intr_happened = 0;
+int intr_waiting = 0;
+
+ /* ARGSUSED */
+static RETSIGTYPE
+intr(int sig)
+{
+ if (intr_waiting) {
+ intr_happened = 1;
+ return;
+ }
+ if (localchars) {
+ intp();
+ return;
+ }
+ setcommandmode();
+ longjmp(toplevel, -1);
+}
+
+ /* ARGSUSED */
+static RETSIGTYPE
+intr2(int sig)
+{
+ if (localchars) {
+#ifdef KLUDGELINEMODE
+ if (kludgelinemode)
+ sendbrk();
+ else
+#endif
+ sendabort();
+ return;
+ }
+}
+
+#ifdef SIGTSTP
+ /* ARGSUSED */
+static RETSIGTYPE
+susp(int sig)
+{
+ if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
+ return;
+ if (localchars)
+ sendsusp();
+}
+#endif
+
+#ifdef SIGWINCH
+ /* ARGSUSED */
+static RETSIGTYPE
+sendwin(int sig)
+{
+ if (connected) {
+ sendnaws();
+ }
+}
+#endif
+
+#ifdef SIGINFO
+ /* ARGSUSED */
+static RETSIGTYPE
+ayt(int sig)
+{
+ if (connected)
+ sendayt();
+ else
+ ayt_status(sig);
+}
+#endif
+
+
+void
+sys_telnet_init(void)
+{
+ signal(SIGINT, intr);
+ signal(SIGQUIT, intr2);
+ signal(SIGPIPE, deadpeer);
+#ifdef SIGWINCH
+ signal(SIGWINCH, sendwin);
+#endif
+#ifdef SIGTSTP
+ signal(SIGTSTP, susp);
+#endif
+#ifdef SIGINFO
+ signal(SIGINFO, ayt);
+#endif
+
+ setconnmode(0);
+
+ NetNonblockingIO(net, 1);
+
+
+#if defined(SO_OOBINLINE)
+ if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1)
+ perror("setsockopt (SO_OOBINLINE) (ignored)");
+#endif /* defined(SO_OOBINLINE) */
+}
+
+/*
+ * Process rings -
+ *
+ * This routine tries to fill up/empty our various rings.
+ *
+ * The parameter specifies whether this is a poll operation,
+ * or a block-until-something-happens operation.
+ *
+ * The return value is 1 if something happened, 0 if not.
+ */
+
+int
+process_rings(int netin,
+ int netout,
+ int netex,
+ int ttyin,
+ int ttyout,
+ int poll) /* If 0, then block until something to do */
+{
+ int c;
+ /* One wants to be a bit careful about setting returnValue
+ * to one, since a one implies we did some useful work,
+ * and therefore probably won't be called to block next
+ * time (TN3270 mode only).
+ */
+ int returnValue = 0;
+ static struct timeval TimeValue = { 0 };
+
+ if (net >= FD_SETSIZE
+ || tout >= FD_SETSIZE
+ || tin >= FD_SETSIZE)
+ errx (1, "fd too large");
+
+ if (netout) {
+ FD_SET(net, &obits);
+ }
+ if (ttyout) {
+ FD_SET(tout, &obits);
+ }
+ if (ttyin) {
+ FD_SET(tin, &ibits);
+ }
+ if (netin) {
+ FD_SET(net, &ibits);
+ }
+#if !defined(SO_OOBINLINE)
+ if (netex) {
+ FD_SET(net, &xbits);
+ }
+#endif
+ if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits,
+ (poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
+ if (c == -1) {
+ /*
+ * we can get EINTR if we are in line mode,
+ * and the user does an escape (TSTP), or
+ * some other signal generator.
+ */
+ if (errno == EINTR) {
+ return 0;
+ }
+ /* I don't like this, does it ever happen? */
+ printf("sleep(5) from telnet, after select\r\n");
+ sleep(5);
+ }
+ return 0;
+ }
+
+ /*
+ * Any urgent data?
+ */
+ if (FD_ISSET(net, &xbits)) {
+ FD_CLR(net, &xbits);
+ SYNCHing = 1;
+ ttyflush(1); /* flush already enqueued data */
+ }
+
+ /*
+ * Something to read from the network...
+ */
+ if (FD_ISSET(net, &ibits)) {
+ int canread;
+
+ FD_CLR(net, &ibits);
+ canread = ring_empty_consecutive(&netiring);
+#if !defined(SO_OOBINLINE)
+ /*
+ * In 4.2 (and some early 4.3) systems, the
+ * OOB indication and data handling in the kernel
+ * is such that if two separate TCP Urgent requests
+ * come in, one byte of TCP data will be overlaid.
+ * This is fatal for Telnet, but we try to live
+ * with it.
+ *
+ * In addition, in 4.2 (and...), a special protocol
+ * is needed to pick up the TCP Urgent data in
+ * the correct sequence.
+ *
+ * What we do is: if we think we are in urgent
+ * mode, we look to see if we are "at the mark".
+ * If we are, we do an OOB receive. If we run
+ * this twice, we will do the OOB receive twice,
+ * but the second will fail, since the second
+ * time we were "at the mark", but there wasn't
+ * any data there (the kernel doesn't reset
+ * "at the mark" until we do a normal read).
+ * Once we've read the OOB data, we go ahead
+ * and do normal reads.
+ *
+ * There is also another problem, which is that
+ * since the OOB byte we read doesn't put us
+ * out of OOB state, and since that byte is most
+ * likely the TELNET DM (data mark), we would
+ * stay in the TELNET SYNCH (SYNCHing) state.
+ * So, clocks to the rescue. If we've "just"
+ * received a DM, then we test for the
+ * presence of OOB data when the receive OOB
+ * fails (and AFTER we did the normal mode read
+ * to clear "at the mark").
+ */
+ if (SYNCHing) {
+ int atmark;
+ static int bogus_oob = 0, first = 1;
+
+ ioctl(net, SIOCATMARK, (char *)&atmark);
+ if (atmark) {
+ c = recv(net, netiring.supply, canread, MSG_OOB);
+ if ((c == -1) && (errno == EINVAL)) {
+ c = recv(net, netiring.supply, canread, 0);
+ if (clocks.didnetreceive < clocks.gotDM) {
+ SYNCHing = stilloob();
+ }
+ } else if (first && c > 0) {
+ /*
+ * Bogosity check. Systems based on 4.2BSD
+ * do not return an error if you do a second
+ * recv(MSG_OOB). So, we do one. If it
+ * succeeds and returns exactly the same
+ * data, then assume that we are running
+ * on a broken system and set the bogus_oob
+ * flag. (If the data was different, then
+ * we probably got some valid new data, so
+ * increment the count...)
+ */
+ int i;
+ i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
+ if (i == c &&
+ memcmp(netiring.supply, netiring.supply + c, i) == 0) {
+ bogus_oob = 1;
+ first = 0;
+ } else if (i < 0) {
+ bogus_oob = 0;
+ first = 0;
+ } else
+ c += i;
+ }
+ if (bogus_oob && c > 0) {
+ int i;
+ /*
+ * Bogosity. We have to do the read
+ * to clear the atmark to get out of
+ * an infinate loop.
+ */
+ i = read(net, netiring.supply + c, canread - c);
+ if (i > 0)
+ c += i;
+ }
+ } else {
+ c = recv(net, netiring.supply, canread, 0);
+ }
+ } else {
+ c = recv(net, netiring.supply, canread, 0);
+ }
+ settimer(didnetreceive);
+#else /* !defined(SO_OOBINLINE) */
+ c = recv(net, (char *)netiring.supply, canread, 0);
+#endif /* !defined(SO_OOBINLINE) */
+ if (c < 0 && errno == EWOULDBLOCK) {
+ c = 0;
+ } else if (c <= 0) {
+ return -1;
+ }
+ if (netdata) {
+ Dump('<', netiring.supply, c);
+ }
+ if (c)
+ ring_supplied(&netiring, c);
+ returnValue = 1;
+ }
+
+ /*
+ * Something to read from the tty...
+ */
+ if (FD_ISSET(tin, &ibits)) {
+ FD_CLR(tin, &ibits);
+ c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
+ if (c < 0 && errno == EIO)
+ c = 0;
+ if (c < 0 && errno == EWOULDBLOCK) {
+ c = 0;
+ } else {
+ /* EOF detection for line mode!!!! */
+ if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
+ /* must be an EOF... */
+ *ttyiring.supply = termEofChar;
+ c = 1;
+ }
+ if (c <= 0) {
+ return -1;
+ }
+ if (termdata) {
+ Dump('<', ttyiring.supply, c);
+ }
+ ring_supplied(&ttyiring, c);
+ }
+ returnValue = 1; /* did something useful */
+ }
+
+ if (FD_ISSET(net, &obits)) {
+ FD_CLR(net, &obits);
+ returnValue |= netflush();
+ }
+ if (FD_ISSET(tout, &obits)) {
+ FD_CLR(tout, &obits);
+ returnValue |= (ttyflush(SYNCHing|flushout) > 0);
+ }
+
+ return returnValue;
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.1
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.1 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1369 @@
+.\" Copyright (c) 1983, 1990, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)telnet.1 8.6 (Berkeley) 6/1/94
+.\"
+.Dd June 1, 1994
+.Dt TELNET 1
+.Os BSD 4.2
+.Sh NAME
+.Nm telnet
+.Nd user interface to the
+.Tn TELNET
+protocol
+.Sh SYNOPSIS
+.Nm telnet
+.Op Fl 78EFKLacdfrx
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl e Ar escapechar
+.Op Fl k Ar realm
+.Op Fl l Ar user
+.Op Fl n Ar tracefile
+.Oo
+.Ar host
+.Op port
+.Oc
+.Sh DESCRIPTION
+The
+.Nm telnet
+command
+is used to communicate with another host using the
+.Tn TELNET
+protocol.
+If
+.Nm telnet
+is invoked without the
+.Ar host
+argument, it enters command mode,
+indicated by its prompt
+.Pq Nm telnet\*[Gt] .
+In this mode, it accepts and executes the commands listed below.
+If it is invoked with arguments, it performs an
+.Ic open
+command with those arguments.
+.Pp
+Options:
+.Bl -tag -width indent
+.It Fl 8
+Specifies an 8-bit data path. This causes an attempt to
+negotiate the
+.Dv TELNET BINARY
+option on both input and output.
+.It Fl 7
+Do not try to negotiate
+.Dv TELNET BINARY
+option.
+.It Fl E
+Stops any character from being recognized as an escape character.
+.It Fl F
+If Kerberos V5 authentication is being used, the
+.Fl F
+option allows the local credentials to be forwarded
+to the remote system, including any credentials that
+have already been forwarded into the local environment.
+.It Fl K
+Specifies no automatic login to the remote system.
+.It Fl L
+Specifies an 8-bit data path on output. This causes the
+BINARY option to be negotiated on output.
+.It Fl S Ar tos
+Sets the IP type-of-service (TOS) option for the telnet
+connection to the value
+.Ar tos ,
+which can be a numeric TOS value
+or, on systems that support it, a symbolic
+TOS name found in the /etc/iptos file.
+.It Fl X Ar atype
+Disables the
+.Ar atype
+type of authentication.
+.It Fl a
+Attempt automatic login.
+Currently, this sends the user name via the
+.Ev USER
+variable
+of the
+.Ev ENVIRON
+option if supported by the remote system.
+The name used is that of the current user as returned by
+.Xr getlogin 2
+if it agrees with the current user ID,
+otherwise it is the name associated with the user ID.
+.It Fl c
+Disables the reading of the user's
+.Pa \&.telnetrc
+file. (See the
+.Ic toggle skiprc
+command on this man page.)
+.It Fl d
+Sets the initial value of the
+.Ic debug
+toggle to
+.Dv TRUE
+.It Fl e Ar escape char
+Sets the initial
+.Nm
+.Nm telnet
+escape character to
+.Ar escape char .
+If
+.Ar escape char
+is omitted, then
+there will be no escape character.
+.It Fl f
+If Kerberos V5 authentication is being used, the
+.Fl f
+option allows the local credentials to be forwarded to the remote system.
+.It Fl k Ar realm
+If Kerberos authentication is being used, the
+.Fl k
+option requests that telnet obtain tickets for the remote host in
+realm realm instead of the remote host's realm, as determined
+by
+.Xr krb_realmofhost 3 .
+.It Fl l Ar user
+When connecting to the remote system, if the remote system
+understands the
+.Ev ENVIRON
+option, then
+.Ar user
+will be sent to the remote system as the value for the variable USER.
+This option implies the
+.Fl a
+option.
+This option may also be used with the
+.Ic open
+command.
+.It Fl n Ar tracefile
+Opens
+.Ar tracefile
+for recording trace information.
+See the
+.Ic set tracefile
+command below.
+.It Fl r
+Specifies a user interface similar to
+.Xr rlogin 1 .
+In this
+mode, the escape character is set to the tilde (~) character,
+unless modified by the -e option.
+.It Fl x
+Turn on encryption of the data stream. When this option is turned on,
+.B telnet
+will exit with an error if authentication cannot be negotiated or if
+encryption cannot be turned on.
+.It Ar host
+Indicates the official name, an alias, or the Internet address
+of a remote host.
+.It Ar port
+Indicates a port number (address of an application). If a number is
+not specified, the default
+.Nm telnet
+port is used.
+.El
+.Pp
+When in rlogin mode, a line of the form ~. disconnects from the
+remote host; ~ is the telnet escape character.
+Similarly, the line ~^Z suspends the telnet session.
+The line ~^] escapes to the normal telnet escape prompt.
+.Pp
+Once a connection has been opened,
+.Nm telnet
+will attempt to enable the
+.Dv TELNET LINEMODE
+option.
+If this fails, then
+.Nm telnet
+will revert to one of two input modes:
+either \*(Lqcharacter at a time\*(Rq
+or \*(Lqold line by line\*(Rq
+depending on what the remote system supports.
+.Pp
+When
+.Dv LINEMODE
+is enabled, character processing is done on the
+local system, under the control of the remote system. When input
+editing or character echoing is to be disabled, the remote system
+will relay that information. The remote system will also relay
+changes to any special characters that happen on the remote
+system, so that they can take effect on the local system.
+.Pp
+In \*(Lqcharacter at a time\*(Rq mode, most
+text typed is immediately sent to the remote host for processing.
+.Pp
+In \*(Lqold line by line\*(Rq mode, all text is echoed locally,
+and (normally) only completed lines are sent to the remote host.
+The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used
+to turn off and on the local echo
+(this would mostly be used to enter passwords
+without the password being echoed).
+.Pp
+If the
+.Dv LINEMODE
+option is enabled, or if the
+.Ic localchars
+toggle is
+.Dv TRUE
+(the default for \*(Lqold line by line\*(Lq; see below),
+the user's
+.Ic quit ,
+.Ic intr ,
+and
+.Ic flush
+characters are trapped locally, and sent as
+.Tn TELNET
+protocol sequences to the remote side.
+If
+.Dv LINEMODE
+has ever been enabled, then the user's
+.Ic susp
+and
+.Ic eof
+are also sent as
+.Tn TELNET
+protocol sequences,
+and
+.Ic quit
+is sent as a
+.Dv TELNET ABORT
+instead of
+.Dv BREAK
+There are options (see
+.Ic toggle
+.Ic autoflush
+and
+.Ic toggle
+.Ic autosynch
+below)
+which cause this action to flush subsequent output to the terminal
+(until the remote host acknowledges the
+.Tn TELNET
+sequence) and flush previous terminal input
+(in the case of
+.Ic quit
+and
+.Ic intr ) .
+.Pp
+While connected to a remote host,
+.Nm telnet
+command mode may be entered by typing the
+.Nm telnet
+\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq).
+When in command mode, the normal terminal editing conventions are available.
+.Pp
+The following
+.Nm telnet
+commands are available.
+Only enough of each command to uniquely identify it need be typed
+(this is also true for arguments to the
+.Ic mode ,
+.Ic set ,
+.Ic toggle ,
+.Ic unset ,
+.Ic slc ,
+.Ic environ ,
+and
+.Ic display
+commands).
+.Pp
+.Bl -tag -width "mode type"
+.It Ic auth Ar argument ...
+The auth command manipulates the information sent through the
+.Dv TELNET AUTHENTICATE
+option. Valid arguments for the
+auth command are as follows:
+.Bl -tag -width "disable type"
+.It Ic disable Ar type
+Disables the specified type of authentication. To
+obtain a list of available types, use the
+.Ic auth disable ?\&
+command.
+.It Ic enable Ar type
+Enables the specified type of authentication. To
+obtain a list of available types, use the
+.Ic auth enable ?\&
+command.
+.It Ic status
+Lists the current status of the various types of
+authentication.
+.El
+.It Ic close
+Close a
+.Tn TELNET
+session and return to command mode.
+.It Ic display Ar argument ...
+Displays all, or some, of the
+.Ic set
+and
+.Ic toggle
+values (see below).
+.It Ic encrypt Ar argument ...
+The encrypt command manipulates the information sent through the
+.Dv TELNET ENCRYPT
+option.
+.Pp
+Note: Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside of the United States and Canada.
+.Pp
+Valid arguments for the encrypt command are as follows:
+.Bl -tag -width Ar
+.It Ic disable Ar type Xo
+.Op Cm input | output
+.Xc
+Disables the specified type of encryption. If you
+omit the input and output, both input and output
+are disabled. To obtain a list of available
+types, use the
+.Ic encrypt disable ?\&
+command.
+.It Ic enable Ar type Xo
+.Op Cm input | output
+.Xc
+Enables the specified type of encryption. If you
+omit input and output, both input and output are
+enabled. To obtain a list of available types, use the
+.Ic encrypt enable ?\&
+command.
+.It Ic input
+This is the same as the
+.Ic encrypt start input
+command.
+.It Ic -input
+This is the same as the
+.Ic encrypt stop input
+command.
+.It Ic output
+This is the same as the
+.Ic encrypt start output
+command.
+.It Ic -output
+This is the same as the
+.Ic encrypt stop output
+command.
+.It Ic start Op Cm input | output
+Attempts to start encryption. If you omit
+.Ic input
+and
+.Ic output ,
+both input and output are enabled. To
+obtain a list of available types, use the
+.Ic encrypt enable ?\&
+command.
+.It Ic status
+Lists the current status of encryption.
+.It Ic stop Op Cm input | output
+Stops encryption. If you omit input and output,
+encryption is on both input and output.
+.It Ic type Ar type
+Sets the default type of encryption to be used
+with later
+.Ic encrypt start
+or
+.Ic encrypt stop
+commands.
+.El
+.It Ic environ Ar arguments ...
+The
+.Ic environ
+command is used to manipulate the
+the variables that my be sent through the
+.Dv TELNET ENVIRON
+option.
+The initial set of variables is taken from the users
+environment, with only the
+.Ev DISPLAY
+and
+.Ev PRINTER
+variables being exported by default.
+The
+.Ev USER
+variable is also exported if the
+.Fl a
+or
+.Fl l
+options are used.
+.Pp
+Valid arguments for the
+.Ic environ
+command are:
+.Bl -tag -width Fl
+.It Ic define Ar variable value
+Define the variable
+.Ar variable
+to have a value of
+.Ar value .
+Any variables defined by this command are automatically exported.
+The
+.Ar value
+may be enclosed in single or double quotes so
+that tabs and spaces may be included.
+.It Ic undefine Ar variable
+Remove
+.Ar variable
+from the list of environment variables.
+.It Ic export Ar variable
+Mark the variable
+.Ar variable
+to be exported to the remote side.
+.It Ic unexport Ar variable
+Mark the variable
+.Ar variable
+to not be exported unless
+explicitly asked for by the remote side.
+.It Ic list
+List the current set of environment variables.
+Those marked with a
+.Cm *
+will be sent automatically,
+other variables will only be sent if explicitly requested.
+.It Ic ?\&
+Prints out help information for the
+.Ic environ
+command.
+.El
+.It Ic logout
+Sends the
+.Dv TELNET LOGOUT
+option to the remote side.
+This command is similar to a
+.Ic close
+command; however, if the remote side does not support the
+.Dv LOGOUT
+option, nothing happens.
+If, however, the remote side does support the
+.Dv LOGOUT
+option, this command should cause the remote side to close the
+.Tn TELNET
+connection.
+If the remote side also supports the concept of
+suspending a user's session for later reattachment,
+the logout argument indicates that you
+should terminate the session immediately.
+.It Ic mode Ar type
+.Ar Type
+is one of several options, depending on the state of the
+.Tn TELNET
+session.
+The remote host is asked for permission to go into the requested mode.
+If the remote host is capable of entering that mode, the requested
+mode will be entered.
+.Bl -tag -width Ar
+.It Ic character
+Disable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then enter \*(Lqcharacter at a time\*(Lq mode.
+.It Ic line
+Enable the
+.Dv TELNET LINEMODE
+option, or, if the remote side does not understand the
+.Dv LINEMODE
+option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
+.It Ic isig Pq Ic \-isig
+Attempt to enable (disable) the
+.Dv TRAPSIG
+mode of the
+.Dv LINEMODE
+option.
+This requires that the
+.Dv LINEMODE
+option be enabled.
+.It Ic edit Pq Ic \-edit
+Attempt to enable (disable) the
+.Dv EDIT
+mode of the
+.Dv LINEMODE
+option.
+This requires that the
+.Dv LINEMODE
+option be enabled.
+.It Ic softtabs Pq Ic \-softtabs
+Attempt to enable (disable) the
+.Dv SOFT_TAB
+mode of the
+.Dv LINEMODE
+option.
+This requires that the
+.Dv LINEMODE
+option be enabled.
+.It Ic litecho Pq Ic \-litecho
+Attempt to enable (disable) the
+.Dv LIT_ECHO
+mode of the
+.Dv LINEMODE
+option.
+This requires that the
+.Dv LINEMODE
+option be enabled.
+.It Ic ?\&
+Prints out help information for the
+.Ic mode
+command.
+.El
+.It Xo
+.Ic open Ar host
+.Op Fl l Ar user
+.Op Oo Fl Oc Ns Ar port
+.Xc
+Open a connection to the named host.
+If no port number
+is specified,
+.Nm telnet
+will attempt to contact a
+.Tn TELNET
+server at the default port.
+The host specification may be either a host name (see
+.Xr hosts 5 )
+or an Internet address specified in the \*(Lqdot notation\*(Rq (see
+.Xr inet 3 ) .
+The
+.Op Fl l
+option may be used to specify the user name
+to be passed to the remote system via the
+.Ev ENVIRON
+option.
+When connecting to a non-standard port,
+.Nm telnet
+omits any automatic initiation of
+.Tn TELNET
+options. When the port number is preceded by a minus sign,
+the initial option negotiation is done.
+After establishing a connection, the file
+.Pa \&.telnetrc
+in the
+users home directory is opened. Lines beginning with a # are
+comment lines. Blank lines are ignored. Lines that begin
+without white space are the start of a machine entry. The
+first thing on the line is the name of the machine that is
+being connected to. The rest of the line, and successive
+lines that begin with white space are assumed to be
+.Nm telnet
+commands and are processed as if they had been typed
+in manually to the
+.Nm telnet
+command prompt.
+.It Ic quit
+Close any open
+.Tn TELNET
+session and exit
+.Nm telnet .
+An end of file (in command mode) will also close a session and exit.
+.It Ic send Ar arguments
+Sends one or more special character sequences to the remote host.
+The following are the arguments which may be specified
+(more than one argument may be specified at a time):
+.Pp
+.Bl -tag -width escape
+.It Ic abort
+Sends the
+.Dv TELNET ABORT
+(Abort
+processes)
+sequence.
+.It Ic ao
+Sends the
+.Dv TELNET AO
+(Abort Output) sequence, which should cause the remote system to flush
+all output
+.Em from
+the remote system
+.Em to
+the user's terminal.
+.It Ic ayt
+Sends the
+.Dv TELNET AYT
+(Are You There)
+sequence, to which the remote system may or may not choose to respond.
+.It Ic brk
+Sends the
+.Dv TELNET BRK
+(Break) sequence, which may have significance to the remote
+system.
+.It Ic ec
+Sends the
+.Dv TELNET EC
+(Erase Character)
+sequence, which should cause the remote system to erase the last character
+entered.
+.It Ic el
+Sends the
+.Dv TELNET EL
+(Erase Line)
+sequence, which should cause the remote system to erase the line currently
+being entered.
+.It Ic eof
+Sends the
+.Dv TELNET EOF
+(End Of File)
+sequence.
+.It Ic eor
+Sends the
+.Dv TELNET EOR
+(End of Record)
+sequence.
+.It Ic escape
+Sends the current
+.Nm telnet
+escape character (initially \*(Lq^\*(Rq).
+.It Ic ga
+Sends the
+.Dv TELNET GA
+(Go Ahead)
+sequence, which likely has no significance to the remote system.
+.It Ic getstatus
+If the remote side supports the
+.Dv TELNET STATUS
+command,
+.Ic getstatus
+will send the subnegotiation to request that the server send
+its current option status.
+.It Ic ip
+Sends the
+.Dv TELNET IP
+(Interrupt Process) sequence, which should cause the remote
+system to abort the currently running process.
+.It Ic nop
+Sends the
+.Dv TELNET NOP
+(No OPeration)
+sequence.
+.It Ic susp
+Sends the
+.Dv TELNET SUSP
+(SUSPend process)
+sequence.
+.It Ic synch
+Sends the
+.Dv TELNET SYNCH
+sequence.
+This sequence causes the remote system to discard all previously typed
+(but not yet read) input.
+This sequence is sent as
+.Tn TCP
+urgent
+data (and may not work if the remote system is a
+.Bx 4.2
+system -- if
+it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal).
+.It Ic do Ar cmd
+.It Ic dont Ar cmd
+.It Ic will Ar cmd
+.It Ic wont Ar cmd
+Sends the
+.Dv TELNET DO
+.Ar cmd
+sequence.
+.Ar Cmd
+can be either a decimal number between 0 and 255,
+or a symbolic name for a specific
+.Dv TELNET
+command.
+.Ar Cmd
+can also be either
+.Ic help
+or
+.Ic ?\&
+to print out help information, including
+a list of known symbolic names.
+.It Ic ?\&
+Prints out help information for the
+.Ic send
+command.
+.El
+.It Ic set Ar argument value
+.It Ic unset Ar argument value
+The
+.Ic set
+command will set any one of a number of
+.Nm telnet
+variables to a specific value or to
+.Dv TRUE .
+The special value
+.Ic off
+turns off the function associated with
+the variable, this is equivalent to using the
+.Ic unset
+command.
+The
+.Ic unset
+command will disable or set to
+.Dv FALSE
+any of the specified functions.
+The values of variables may be interrogated with the
+.Ic display
+command.
+The variables which may be set or unset, but not toggled, are
+listed here. In addition, any of the variables for the
+.Ic toggle
+command may be explicitly set or unset using
+the
+.Ic set
+and
+.Ic unset
+commands.
+.Bl -tag -width escape
+.It Ic ayt
+If
+.Tn TELNET
+is in localchars mode, or
+.Dv LINEMODE
+is enabled, and the status character is typed, a
+.Dv TELNET AYT
+sequence (see
+.Ic send ayt
+preceding) is sent to the
+remote host. The initial value for the "Are You There"
+character is the terminal's status character.
+.It Ic echo
+This is the value (initially \*(Lq^E\*(Rq) which, when in
+\*(Lqline by line\*(Rq mode, toggles between doing local echoing
+of entered characters (for normal processing), and suppressing
+echoing of entered characters (for entering, say, a password).
+.It Ic eof
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Rq mode, entering this character
+as the first character on a line will cause this character to be
+sent to the remote system.
+The initial value of the eof character is taken to be the terminal's
+.Ic eof
+character.
+.It Ic erase
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Sy and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EC
+sequence (see
+.Ic send
+.Ic ec
+above)
+is sent to the remote system.
+The initial value for the erase character is taken to be
+the terminal's
+.Ic erase
+character.
+.It Ic escape
+This is the
+.Nm telnet
+escape character (initially \*(Lq^[\*(Rq) which causes entry
+into
+.Nm telnet
+command mode (when connected to a remote system).
+.It Ic flushoutput
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic flushoutput
+character is typed, a
+.Dv TELNET AO
+sequence (see
+.Ic send
+.Ic ao
+above)
+is sent to the remote host.
+The initial value for the flush character is taken to be
+the terminal's
+.Ic flush
+character.
+.It Ic forw1
+.It Ic forw2
+If
+.Tn TELNET
+is operating in
+.Dv LINEMODE ,
+these are the
+characters that, when typed, cause partial lines to be
+forwarded to the remote system. The initial value for
+the forwarding characters are taken from the terminal's
+eol and eol2 characters.
+.It Ic interrupt
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic interrupt
+character is typed, a
+.Dv TELNET IP
+sequence (see
+.Ic send
+.Ic ip
+above)
+is sent to the remote host.
+The initial value for the interrupt character is taken to be
+the terminal's
+.Ic intr
+character.
+.It Ic kill
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below),
+.Ic and
+if
+.Nm telnet
+is operating in \*(Lqcharacter at a time\*(Rq mode, then when this
+character is typed, a
+.Dv TELNET EL
+sequence (see
+.Ic send
+.Ic el
+above)
+is sent to the remote system.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic kill
+character.
+.It Ic lnext
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic lnext
+character.
+The initial value for the lnext character is taken to be
+the terminal's
+.Ic lnext
+character.
+.It Ic quit
+If
+.Nm telnet
+is in
+.Ic localchars
+mode (see
+.Ic toggle
+.Ic localchars
+below)
+and the
+.Ic quit
+character is typed, a
+.Dv TELNET BRK
+sequence (see
+.Ic send
+.Ic brk
+above)
+is sent to the remote host.
+The initial value for the quit character is taken to be
+the terminal's
+.Ic quit
+character.
+.It Ic reprint
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic reprint
+character.
+The initial value for the reprint character is taken to be
+the terminal's
+.Ic reprint
+character.
+.It Ic rlogin
+This is the rlogin escape character.
+If set, the normal
+.Tn TELNET
+escape character is ignored unless it is
+preceded by this character at the beginning of a line.
+This character, at the beginning of a line followed by
+a "." closes the connection; when followed by a ^Z it
+suspends the telnet command. The initial state is to
+disable the rlogin escape character.
+.It Ic start
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic start
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic start
+character.
+.It Ic stop
+If the
+.Dv TELNET TOGGLE-FLOW-CONTROL
+option has been enabled,
+then this character is taken to
+be the terminal's
+.Ic stop
+character.
+The initial value for the kill character is taken to be
+the terminal's
+.Ic stop
+character.
+.It Ic susp
+If
+.Nm telnet
+is in
+.Ic localchars
+mode, or
+.Dv LINEMODE
+is enabled, and the
+.Ic suspend
+character is typed, a
+.Dv TELNET SUSP
+sequence (see
+.Ic send
+.Ic susp
+above)
+is sent to the remote host.
+The initial value for the suspend character is taken to be
+the terminal's
+.Ic suspend
+character.
+.It Ic tracefile
+This is the file to which the output, caused by
+.Ic netdata
+or
+.Ic option
+tracing being
+.Dv TRUE ,
+will be written. If it is set to
+.Dq Fl ,
+then tracing information will be written to standard output (the default).
+.It Ic worderase
+If
+.Nm telnet
+is operating in
+.Dv LINEMODE
+or \*(Lqold line by line\*(Lq mode, then this character is taken to
+be the terminal's
+.Ic worderase
+character.
+The initial value for the worderase character is taken to be
+the terminal's
+.Ic worderase
+character.
+.It Ic ?\&
+Displays the legal
+.Ic set
+.Pq Ic unset
+commands.
+.El
+.It Ic slc Ar state
+The
+.Ic slc
+command (Set Local Characters) is used to set
+or change the state of the the special
+characters when the
+.Dv TELNET LINEMODE
+option has
+been enabled. Special characters are characters that get
+mapped to
+.Tn TELNET
+commands sequences (like
+.Ic ip
+or
+.Ic quit )
+or line editing characters (like
+.Ic erase
+and
+.Ic kill ) .
+By default, the local special characters are exported.
+.Bl -tag -width Fl
+.It Ic check
+Verify the current settings for the current special characters.
+The remote side is requested to send all the current special
+character settings, and if there are any discrepancies with
+the local side, the local side will switch to the remote value.
+.It Ic export
+Switch to the local defaults for the special characters. The
+local default characters are those of the local terminal at
+the time when
+.Nm telnet
+was started.
+.It Ic import
+Switch to the remote defaults for the special characters.
+The remote default characters are those of the remote system
+at the time when the
+.Tn TELNET
+connection was established.
+.It Ic ?\&
+Prints out help information for the
+.Ic slc
+command.
+.El
+.It Ic status
+Show the current status of
+.Nm telnet .
+This includes the peer one is connected to, as well
+as the current mode.
+.It Ic toggle Ar arguments ...
+Toggle (between
+.Dv TRUE
+and
+.Dv FALSE )
+various flags that control how
+.Nm telnet
+responds to events.
+These flags may be set explicitly to
+.Dv TRUE
+or
+.Dv FALSE
+using the
+.Ic set
+and
+.Ic unset
+commands listed above.
+More than one argument may be specified.
+The state of these flags may be interrogated with the
+.Ic display
+command.
+Valid arguments are:
+.Bl -tag -width Ar
+.It Ic authdebug
+Turns on debugging information for the authentication code.
+.It Ic autoflush
+If
+.Ic autoflush
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when the
+.Ic ao ,
+or
+.Ic quit
+characters are recognized (and transformed into
+.Tn TELNET
+sequences; see
+.Ic set
+above for details),
+.Nm telnet
+refuses to display any data on the user's terminal
+until the remote system acknowledges (via a
+.Dv TELNET TIMING MARK
+option)
+that it has processed those
+.Tn TELNET
+sequences.
+The initial value for this toggle is
+.Dv TRUE
+if the terminal user had not
+done an "stty noflsh", otherwise
+.Dv FALSE
+(see
+.Xr stty 1 ) .
+.It Ic autodecrypt
+When the
+.Dv TELNET ENCRYPT
+option is negotiated, by
+default the actual encryption (decryption) of the data
+stream does not start automatically. The autoencrypt
+(autodecrypt) command states that encryption of the
+output (input) stream should be enabled as soon as
+possible.
+.Pp
+Note: Because of export controls, the
+.Dv TELNET ENCRYPT
+option is not supported outside the United States and Canada.
+.It Ic autologin
+If the remote side supports the
+.Dv TELNET AUTHENTICATION
+option
+.Tn TELNET
+attempts to use it to perform automatic authentication. If the
+.Dv AUTHENTICATION
+option is not supported, the user's login
+name are propagated through the
+.Dv TELNET ENVIRON
+option.
+This command is the same as specifying
+.Ar a
+option on the
+.Ic open
+command.
+.It Ic autosynch
+If
+.Ic autosynch
+and
+.Ic localchars
+are both
+.Dv TRUE ,
+then when either the
+.Ic intr
+or
+.Ic quit
+characters is typed (see
+.Ic set
+above for descriptions of the
+.Ic intr
+and
+.Ic quit
+characters), the resulting
+.Tn TELNET
+sequence sent is followed by the
+.Dv TELNET SYNCH
+sequence.
+This procedure
+.Ic should
+cause the remote system to begin throwing away all previously
+typed input until both of the
+.Tn TELNET
+sequences have been read and acted upon.
+The initial value of this toggle is
+.Dv FALSE .
+.It Ic binary
+Enable or disable the
+.Dv TELNET BINARY
+option on both input and output.
+.It Ic inbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on input.
+.It Ic outbinary
+Enable or disable the
+.Dv TELNET BINARY
+option on output.
+.It Ic crlf
+If this is
+.Dv TRUE ,
+then carriage returns will be sent as
+.Li \*[Lt]CR\*[Gt]\*[Lt]LF\*[Gt] .
+If this is
+.Dv FALSE ,
+then carriage returns will be send as
+.Li \*[Lt]CR\*[Gt]\*[Lt]NUL\*[Gt] .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic crmod
+Toggle carriage return mode.
+When this mode is enabled, most carriage return characters received from
+the remote host will be mapped into a carriage return followed by
+a line feed.
+This mode does not affect those characters typed by the user, only
+those received from the remote host.
+This mode is not very useful unless the remote host
+only sends carriage return, but never line feed.
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic debug
+Toggles socket level debugging (useful only to the
+.Ic super user ) .
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic encdebug
+Turns on debugging information for the encryption code.
+.It Ic localchars
+If this is
+.Dv TRUE ,
+then the
+.Ic flush ,
+.Ic interrupt ,
+.Ic quit ,
+.Ic erase ,
+and
+.Ic kill
+characters (see
+.Ic set
+above) are recognized locally, and transformed into (hopefully) appropriate
+.Tn TELNET
+control sequences
+(respectively
+.Ic ao ,
+.Ic ip ,
+.Ic brk ,
+.Ic ec ,
+and
+.Ic el ;
+see
+.Ic send
+above).
+The initial value for this toggle is
+.Dv TRUE
+in \*(Lqold line by line\*(Rq mode,
+and
+.Dv FALSE
+in \*(Lqcharacter at a time\*(Rq mode.
+When the
+.Dv LINEMODE
+option is enabled, the value of
+.Ic localchars
+is ignored, and assumed to always be
+.Dv TRUE .
+If
+.Dv LINEMODE
+has ever been enabled, then
+.Ic quit
+is sent as
+.Ic abort ,
+and
+.Ic eof
+and
+.Ic suspend
+are sent as
+.Ic eof
+and
+.Ic susp ,
+see
+.Ic send
+above).
+.It Ic netdata
+Toggles the display of all network data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic options
+Toggles the display of some internal
+.Nm telnet
+protocol processing (having to do with
+.Tn TELNET
+options).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic prettydump
+When the
+.Ic netdata
+toggle is enabled, if
+.Ic prettydump
+is enabled the output from the
+.Ic netdata
+command will be formatted in a more user readable format.
+Spaces are put between each character in the output, and the
+beginning of any
+.Tn TELNET
+escape sequence is preceded by a '*' to aid in locating them.
+.It Ic skiprc
+When the skiprc toggle is
+.Dv TRUE ,
+.Tn TELNET
+skips the reading of the
+.Pa \&.telnetrc
+file in the users home
+directory when connections are opened. The initial
+value for this toggle is
+.Dv FALSE .
+.It Ic termdata
+Toggles the display of all terminal data (in hexadecimal format).
+The initial value for this toggle is
+.Dv FALSE .
+.It Ic verbose_encrypt
+When the
+.Ic verbose_encrypt
+toggle is
+.Dv TRUE ,
+.Tn TELNET
+prints out a message each time encryption is enabled or
+disabled. The initial value for this toggle is
+.Dv FALSE .
+Note: Because of export controls, data encryption
+is not supported outside of the United States and Canada.
+.It Ic \&?
+Displays the legal
+.Ic toggle
+commands.
+.El
+.It Ic z
+Suspend
+.Nm telnet .
+This command only works when the user is using the
+.Xr csh 1 .
+.It Ic \&! Op Ar command
+Execute a single command in a subshell on the local
+system. If
+.Ic command
+is omitted, then an interactive
+subshell is invoked.
+.It Ic ?\& Op Ar command
+Get help. With no arguments,
+.Nm telnet
+prints a help summary.
+If a command is specified,
+.Nm telnet
+will print the help information for just that command.
+.El
+.Sh ENVIRONMENT
+.Nm Telnet
+uses at least the
+.Ev HOME ,
+.Ev SHELL ,
+.Ev DISPLAY ,
+and
+.Ev TERM
+environment variables.
+Other environment variables may be propagated
+to the other side via the
+.Dv TELNET ENVIRON
+option.
+.Sh FILES
+.Bl -tag -width ~/.telnetrc -compact
+.It Pa ~/.telnetrc
+user customized telnet startup values
+.El
+.Sh HISTORY
+The
+.Nm Telnet
+command appeared in
+.Bx 4.2 .
+.Sh NOTES
+.Pp
+On some remote systems, echo has to be turned off manually when in
+\*(Lqold line by line\*(Rq mode.
+.Pp
+In \*(Lqold line by line\*(Rq mode or
+.Dv LINEMODE
+the terminal's
+.Ic eof
+character is only recognized (and sent to the remote system)
+when it is the first character on a line.
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2420 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: telnet.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#define strip(x) (eight ? (x) : ((x) & 0x7f))
+
+static unsigned char subbuffer[SUBBUFSIZE],
+ *subpointer, *subend; /* buffer for sub-options */
+#define SB_CLEAR() subpointer = subbuffer;
+#define SB_TERM() { subend = subpointer; SB_CLEAR(); }
+#define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \
+ *subpointer++ = (c); \
+ }
+
+#define SB_GET() ((*subpointer++)&0xff)
+#define SB_PEEK() ((*subpointer)&0xff)
+#define SB_EOF() (subpointer >= subend)
+#define SB_LEN() (subend - subpointer)
+
+char options[256]; /* The combined options */
+char do_dont_resp[256];
+char will_wont_resp[256];
+
+int
+ eight = 3,
+ binary = 0,
+ autologin = 0, /* Autologin anyone? */
+ skiprc = 0,
+ connected,
+ showoptions,
+ ISend, /* trying to send network data in */
+ debug = 0,
+ crmod,
+ netdata, /* Print out network data flow */
+ crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
+ telnetport,
+ wantencryption = 0,
+ SYNCHing, /* we are in TELNET SYNCH mode */
+ flushout, /* flush output */
+ autoflush = 0, /* flush output when interrupting? */
+ autosynch, /* send interrupt characters with SYNCH? */
+ localflow, /* we handle flow control locally */
+ restartany, /* if flow control enabled, restart on any character */
+ localchars, /* we recognize interrupt/quit */
+ donelclchars, /* the user has set "localchars" */
+ donebinarytoggle, /* the user has put us in binary */
+ dontlecho, /* do we suppress local echoing right now? */
+ globalmode;
+
+char *prompt = 0;
+
+int scheduler_lockout_tty = 0;
+
+cc_t escape;
+cc_t rlogin;
+#ifdef KLUDGELINEMODE
+cc_t echoc;
+#endif
+
+/*
+ * Telnet receiver states for fsm
+ */
+#define TS_DATA 0
+#define TS_IAC 1
+#define TS_WILL 2
+#define TS_WONT 3
+#define TS_DO 4
+#define TS_DONT 5
+#define TS_CR 6
+#define TS_SB 7 /* sub-option collection */
+#define TS_SE 8 /* looking for sub-option end */
+
+static int telrcv_state;
+#ifdef OLD_ENVIRON
+unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
+#else
+# define telopt_environ TELOPT_NEW_ENVIRON
+#endif
+
+jmp_buf toplevel;
+jmp_buf peerdied;
+
+int flushline;
+int linemode;
+
+#ifdef KLUDGELINEMODE
+int kludgelinemode = 1;
+#endif
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+Clocks clocks;
+
+static int is_unique(char *name, char **as, char **ae);
+
+
+/*
+ * Initialize telnet environment.
+ */
+
+void
+init_telnet(void)
+{
+ env_init();
+
+ SB_CLEAR();
+ memset(options, 0, sizeof options);
+
+ connected = ISend = localflow = donebinarytoggle = 0;
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+ auth_encrypt_connect(connected);
+#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
+ restartany = -1;
+
+ SYNCHing = 0;
+
+ /* Don't change NetTrace */
+
+ escape = CONTROL(']');
+ rlogin = _POSIX_VDISABLE;
+#ifdef KLUDGELINEMODE
+ echoc = CONTROL('E');
+#endif
+
+ flushline = 1;
+ telrcv_state = TS_DATA;
+}
+
+
+/*
+ * These routines are in charge of sending option negotiations
+ * to the other side.
+ *
+ * The basic idea is that we send the negotiation if either side
+ * is in disagreement as to what the current state should be.
+ */
+
+void
+send_do(int c, int init)
+{
+ if (init) {
+ if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
+ my_want_state_is_do(c))
+ return;
+ set_my_want_state_do(c);
+ do_dont_resp[c]++;
+ }
+ NET2ADD(IAC, DO);
+ NETADD(c);
+ printoption("SENT", DO, c);
+}
+
+void
+send_dont(int c, int init)
+{
+ if (init) {
+ if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
+ my_want_state_is_dont(c))
+ return;
+ set_my_want_state_dont(c);
+ do_dont_resp[c]++;
+ }
+ NET2ADD(IAC, DONT);
+ NETADD(c);
+ printoption("SENT", DONT, c);
+}
+
+void
+send_will(int c, int init)
+{
+ if (init) {
+ if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
+ my_want_state_is_will(c))
+ return;
+ set_my_want_state_will(c);
+ will_wont_resp[c]++;
+ }
+ NET2ADD(IAC, WILL);
+ NETADD(c);
+ printoption("SENT", WILL, c);
+}
+
+void
+send_wont(int c, int init)
+{
+ if (init) {
+ if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
+ my_want_state_is_wont(c))
+ return;
+ set_my_want_state_wont(c);
+ will_wont_resp[c]++;
+ }
+ NET2ADD(IAC, WONT);
+ NETADD(c);
+ printoption("SENT", WONT, c);
+}
+
+
+void
+willoption(int option)
+{
+ int new_state_ok = 0;
+
+ if (do_dont_resp[option]) {
+ --do_dont_resp[option];
+ if (do_dont_resp[option] && my_state_is_do(option))
+ --do_dont_resp[option];
+ }
+
+ if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
+
+ switch (option) {
+
+ case TELOPT_ECHO:
+ case TELOPT_BINARY:
+ case TELOPT_SGA:
+ settimer(modenegotiated);
+ /* FALL THROUGH */
+ case TELOPT_STATUS:
+#if defined(AUTHENTICATION)
+ case TELOPT_AUTHENTICATION:
+#endif
+#if defined(ENCRYPTION)
+ case TELOPT_ENCRYPT:
+#endif
+ new_state_ok = 1;
+ break;
+
+ case TELOPT_TM:
+ if (flushout)
+ flushout = 0;
+ /*
+ * Special case for TM. If we get back a WILL,
+ * pretend we got back a WONT.
+ */
+ set_my_want_state_dont(option);
+ set_my_state_dont(option);
+ return; /* Never reply to TM will's/wont's */
+
+ case TELOPT_LINEMODE:
+ default:
+ break;
+ }
+
+ if (new_state_ok) {
+ set_my_want_state_do(option);
+ send_do(option, 0);
+ setconnmode(0); /* possibly set new tty mode */
+ } else {
+ do_dont_resp[option]++;
+ send_dont(option, 0);
+ }
+ }
+ set_my_state_do(option);
+#if defined(ENCRYPTION)
+ if (option == TELOPT_ENCRYPT)
+ encrypt_send_support();
+#endif
+}
+
+void
+wontoption(int option)
+{
+ if (do_dont_resp[option]) {
+ --do_dont_resp[option];
+ if (do_dont_resp[option] && my_state_is_dont(option))
+ --do_dont_resp[option];
+ }
+
+ if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
+
+ switch (option) {
+
+#ifdef KLUDGELINEMODE
+ case TELOPT_SGA:
+ if (!kludgelinemode)
+ break;
+ /* FALL THROUGH */
+#endif
+ case TELOPT_ECHO:
+ settimer(modenegotiated);
+ break;
+
+ case TELOPT_TM:
+ if (flushout)
+ flushout = 0;
+ set_my_want_state_dont(option);
+ set_my_state_dont(option);
+ return; /* Never reply to TM will's/wont's */
+
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ encrypt_not();
+ break;
+#endif
+ default:
+ break;
+ }
+ set_my_want_state_dont(option);
+ if (my_state_is_do(option))
+ send_dont(option, 0);
+ setconnmode(0); /* Set new tty mode */
+ } else if (option == TELOPT_TM) {
+ /*
+ * Special case for TM.
+ */
+ if (flushout)
+ flushout = 0;
+ set_my_want_state_dont(option);
+ }
+ set_my_state_dont(option);
+}
+
+static void
+dooption(int option)
+{
+ int new_state_ok = 0;
+
+ if (will_wont_resp[option]) {
+ --will_wont_resp[option];
+ if (will_wont_resp[option] && my_state_is_will(option))
+ --will_wont_resp[option];
+ }
+
+ if (will_wont_resp[option] == 0) {
+ if (my_want_state_is_wont(option)) {
+
+ switch (option) {
+
+ case TELOPT_TM:
+ /*
+ * Special case for TM. We send a WILL, but pretend
+ * we sent WONT.
+ */
+ send_will(option, 0);
+ set_my_want_state_wont(TELOPT_TM);
+ set_my_state_wont(TELOPT_TM);
+ return;
+
+ case TELOPT_BINARY: /* binary mode */
+ case TELOPT_NAWS: /* window size */
+ case TELOPT_TSPEED: /* terminal speed */
+ case TELOPT_LFLOW: /* local flow control */
+ case TELOPT_TTYPE: /* terminal type option */
+ case TELOPT_SGA: /* no big deal */
+#if defined(ENCRYPTION)
+ case TELOPT_ENCRYPT: /* encryption variable option */
+#endif
+ new_state_ok = 1;
+ break;
+
+ case TELOPT_NEW_ENVIRON: /* New environment variable option */
+#ifdef OLD_ENVIRON
+ if (my_state_is_will(TELOPT_OLD_ENVIRON))
+ send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
+ goto env_common;
+ case TELOPT_OLD_ENVIRON: /* Old environment variable option */
+ if (my_state_is_will(TELOPT_NEW_ENVIRON))
+ break; /* Don't enable if new one is in use! */
+ env_common:
+ telopt_environ = option;
+#endif
+ new_state_ok = 1;
+ break;
+
+#if defined(AUTHENTICATION)
+ case TELOPT_AUTHENTICATION:
+ if (autologin)
+ new_state_ok = 1;
+ break;
+#endif
+
+ case TELOPT_XDISPLOC: /* X Display location */
+ if (env_getvalue((unsigned char *)"DISPLAY"))
+ new_state_ok = 1;
+ break;
+
+ case TELOPT_LINEMODE:
+#ifdef KLUDGELINEMODE
+ kludgelinemode = 0;
+ send_do(TELOPT_SGA, 1);
+#endif
+ set_my_want_state_will(TELOPT_LINEMODE);
+ send_will(option, 0);
+ set_my_state_will(TELOPT_LINEMODE);
+ slc_init();
+ return;
+
+ case TELOPT_ECHO: /* We're never going to echo... */
+ default:
+ break;
+ }
+
+ if (new_state_ok) {
+ set_my_want_state_will(option);
+ send_will(option, 0);
+ setconnmode(0); /* Set new tty mode */
+ } else {
+ will_wont_resp[option]++;
+ send_wont(option, 0);
+ }
+ } else {
+ /*
+ * Handle options that need more things done after the
+ * other side has acknowledged the option.
+ */
+ switch (option) {
+ case TELOPT_LINEMODE:
+#ifdef KLUDGELINEMODE
+ kludgelinemode = 0;
+ send_do(TELOPT_SGA, 1);
+#endif
+ set_my_state_will(option);
+ slc_init();
+ send_do(TELOPT_SGA, 0);
+ return;
+ }
+ }
+ }
+ set_my_state_will(option);
+}
+
+static void
+dontoption(int option)
+{
+
+ if (will_wont_resp[option]) {
+ --will_wont_resp[option];
+ if (will_wont_resp[option] && my_state_is_wont(option))
+ --will_wont_resp[option];
+ }
+
+ if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
+ switch (option) {
+ case TELOPT_LINEMODE:
+ linemode = 0; /* put us back to the default state */
+ break;
+#ifdef OLD_ENVIRON
+ case TELOPT_NEW_ENVIRON:
+ /*
+ * The new environ option wasn't recognized, try
+ * the old one.
+ */
+ send_will(TELOPT_OLD_ENVIRON, 1);
+ telopt_environ = TELOPT_OLD_ENVIRON;
+ break;
+#endif
+#if 0
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ encrypt_not();
+ break;
+#endif
+#endif
+ }
+ /* we always accept a DONT */
+ set_my_want_state_wont(option);
+ if (my_state_is_will(option))
+ send_wont(option, 0);
+ setconnmode(0); /* Set new tty mode */
+ }
+ set_my_state_wont(option);
+}
+
+/*
+ * Given a buffer returned by tgetent(), this routine will turn
+ * the pipe separated list of names in the buffer into an array
+ * of pointers to null terminated names. We toss out any bad,
+ * duplicate, or verbose names (names with spaces).
+ */
+
+static char *name_unknown = "UNKNOWN";
+static char *unknown[] = { 0, 0 };
+
+static char **
+mklist(char *buf, char *name)
+{
+ int n;
+ char c, *cp, **argvp, *cp2, **argv, **avt;
+
+ if (name) {
+ if ((int)strlen(name) > 40) {
+ name = 0;
+ unknown[0] = name_unknown;
+ } else {
+ unknown[0] = name;
+ strupr(name);
+ }
+ } else
+ unknown[0] = name_unknown;
+ /*
+ * Count up the number of names.
+ */
+ for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
+ if (*cp == '|')
+ n++;
+ }
+ /*
+ * Allocate an array to put the name pointers into
+ */
+ argv = (char **)malloc((n+3)*sizeof(char *));
+ if (argv == 0)
+ return(unknown);
+
+ /*
+ * Fill up the array of pointers to names.
+ */
+ *argv = 0;
+ argvp = argv+1;
+ n = 0;
+ for (cp = cp2 = buf; (c = *cp); cp++) {
+ if (c == '|' || c == ':') {
+ *cp++ = '\0';
+ /*
+ * Skip entries that have spaces or are over 40
+ * characters long. If this is our environment
+ * name, then put it up front. Otherwise, as
+ * long as this is not a duplicate name (case
+ * insensitive) add it to the list.
+ */
+ if (n || (cp - cp2 > 41))
+ ;
+ else if (name && (strncasecmp(name, cp2, cp-cp2) == 0))
+ *argv = cp2;
+ else if (is_unique(cp2, argv+1, argvp))
+ *argvp++ = cp2;
+ if (c == ':')
+ break;
+ /*
+ * Skip multiple delimiters. Reset cp2 to
+ * the beginning of the next name. Reset n,
+ * the flag for names with spaces.
+ */
+ while ((c = *cp) == '|')
+ cp++;
+ cp2 = cp;
+ n = 0;
+ }
+ /*
+ * Skip entries with spaces or non-ascii values.
+ * Convert lower case letters to upper case.
+ */
+#undef ISASCII
+#define ISASCII(c) (!((c)&0x80))
+ if ((c == ' ') || !ISASCII(c))
+ n = 1;
+ else if (islower((unsigned char)c))
+ *cp = toupper((unsigned char)c);
+ }
+
+ /*
+ * Check for an old V6 2 character name. If the second
+ * name points to the beginning of the buffer, and is
+ * only 2 characters long, move it to the end of the array.
+ */
+ if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
+ --argvp;
+ for (avt = &argv[1]; avt < argvp; avt++)
+ *avt = *(avt+1);
+ *argvp++ = buf;
+ }
+
+ /*
+ * Duplicate last name, for TTYPE option, and null
+ * terminate the array. If we didn't find a match on
+ * our terminal name, put that name at the beginning.
+ */
+ cp = *(argvp-1);
+ *argvp++ = cp;
+ *argvp = 0;
+
+ if (*argv == 0) {
+ if (name)
+ *argv = name;
+ else {
+ --argvp;
+ for (avt = argv; avt < argvp; avt++)
+ *avt = *(avt+1);
+ }
+ }
+ if (*argv)
+ return(argv);
+ else
+ return(unknown);
+}
+
+static int
+is_unique(char *name, char **as, char **ae)
+{
+ char **ap;
+ int n;
+
+ n = strlen(name) + 1;
+ for (ap = as; ap < ae; ap++)
+ if (strncasecmp(*ap, name, n) == 0)
+ return(0);
+ return (1);
+}
+
+static char termbuf[1024];
+
+static int
+telnet_setupterm(const char *tname, int fd, int *errp)
+{
+#ifdef HAVE_TGETENT
+ if (tgetent(termbuf, tname) == 1) {
+ termbuf[1023] = '\0';
+ if (errp)
+ *errp = 1;
+ return(0);
+ }
+ if (errp)
+ *errp = 0;
+ return(-1);
+#else
+ strlcpy(termbuf, tname, sizeof(termbuf));
+ if(errp) *errp = 1;
+ return 0;
+#endif
+}
+
+int resettermname = 1;
+
+static char *
+gettermname()
+{
+ char *tname;
+ static char **tnamep = 0;
+ static char **next;
+ int err;
+
+ if (resettermname) {
+ resettermname = 0;
+ if (tnamep && tnamep != unknown)
+ free(tnamep);
+ if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
+ telnet_setupterm(tname, 1, &err) == 0) {
+ tnamep = mklist(termbuf, tname);
+ } else {
+ if (tname && ((int)strlen(tname) <= 40)) {
+ unknown[0] = tname;
+ strupr(tname);
+ } else
+ unknown[0] = name_unknown;
+ tnamep = unknown;
+ }
+ next = tnamep;
+ }
+ if (*next == 0)
+ next = tnamep;
+ return(*next++);
+}
+/*
+ * suboption()
+ *
+ * Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ * Currently we recognize:
+ *
+ * Terminal type, send request.
+ * Terminal speed (send request).
+ * Local flow control (is request).
+ * Linemode
+ */
+
+static void
+suboption()
+{
+ unsigned char subchar;
+
+ printsub('<', subbuffer, SB_LEN()+2);
+ switch (subchar = SB_GET()) {
+ case TELOPT_TTYPE:
+ if (my_want_state_is_wont(TELOPT_TTYPE))
+ return;
+ if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
+ return;
+ } else {
+ char *name;
+ unsigned char temp[50];
+ int len;
+
+ name = gettermname();
+ len = strlen(name) + 4 + 2;
+ if (len < NETROOM()) {
+ snprintf((char *)temp, sizeof(temp),
+ "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+ TELQUAL_IS, name, IAC, SE);
+ ring_supply_data(&netoring, temp, len);
+ printsub('>', &temp[2], len-2);
+ } else {
+ ExitString("No room in buffer for terminal type.\n", 1);
+ /*NOTREACHED*/
+ }
+ }
+ break;
+ case TELOPT_TSPEED:
+ if (my_want_state_is_wont(TELOPT_TSPEED))
+ return;
+ if (SB_EOF())
+ return;
+ if (SB_GET() == TELQUAL_SEND) {
+ long output_speed, input_speed;
+ unsigned char temp[50];
+ int len;
+
+ TerminalSpeeds(&input_speed, &output_speed);
+
+ snprintf((char *)temp, sizeof(temp),
+ "%c%c%c%c%u,%u%c%c", IAC, SB, TELOPT_TSPEED,
+ TELQUAL_IS,
+ (unsigned)output_speed,
+ (unsigned)input_speed, IAC, SE);
+ len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
+
+ if (len < NETROOM()) {
+ ring_supply_data(&netoring, temp, len);
+ printsub('>', temp+2, len - 2);
+ }
+/*@*/ else printf("lm_will: not enough room in buffer\n");
+ }
+ break;
+ case TELOPT_LFLOW:
+ if (my_want_state_is_wont(TELOPT_LFLOW))
+ return;
+ if (SB_EOF())
+ return;
+ switch(SB_GET()) {
+ case LFLOW_RESTART_ANY:
+ restartany = 1;
+ break;
+ case LFLOW_RESTART_XON:
+ restartany = 0;
+ break;
+ case LFLOW_ON:
+ localflow = 1;
+ break;
+ case LFLOW_OFF:
+ localflow = 0;
+ break;
+ default:
+ return;
+ }
+ setcommandmode();
+ setconnmode(0);
+ break;
+
+ case TELOPT_LINEMODE:
+ if (my_want_state_is_wont(TELOPT_LINEMODE))
+ return;
+ if (SB_EOF())
+ return;
+ switch (SB_GET()) {
+ case WILL:
+ lm_will(subpointer, SB_LEN());
+ break;
+ case WONT:
+ lm_wont(subpointer, SB_LEN());
+ break;
+ case DO:
+ lm_do(subpointer, SB_LEN());
+ break;
+ case DONT:
+ lm_dont(subpointer, SB_LEN());
+ break;
+ case LM_SLC:
+ slc(subpointer, SB_LEN());
+ break;
+ case LM_MODE:
+ lm_mode(subpointer, SB_LEN(), 0);
+ break;
+ default:
+ break;
+ }
+ break;
+
+#ifdef OLD_ENVIRON
+ case TELOPT_OLD_ENVIRON:
+#endif
+ case TELOPT_NEW_ENVIRON:
+ if (SB_EOF())
+ return;
+ switch(SB_PEEK()) {
+ case TELQUAL_IS:
+ case TELQUAL_INFO:
+ if (my_want_state_is_dont(subchar))
+ return;
+ break;
+ case TELQUAL_SEND:
+ if (my_want_state_is_wont(subchar)) {
+ return;
+ }
+ break;
+ default:
+ return;
+ }
+ env_opt(subpointer, SB_LEN());
+ break;
+
+ case TELOPT_XDISPLOC:
+ if (my_want_state_is_wont(TELOPT_XDISPLOC))
+ return;
+ if (SB_EOF())
+ return;
+ if (SB_GET() == TELQUAL_SEND) {
+ unsigned char temp[50], *dp;
+ int len;
+
+ if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) {
+ /*
+ * Something happened, we no longer have a DISPLAY
+ * variable. So, turn off the option.
+ */
+ send_wont(TELOPT_XDISPLOC, 1);
+ break;
+ }
+ snprintf((char *)temp, sizeof(temp),
+ "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+ TELQUAL_IS, dp, IAC, SE);
+ len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
+
+ if (len < NETROOM()) {
+ ring_supply_data(&netoring, temp, len);
+ printsub('>', temp+2, len - 2);
+ }
+/*@*/ else printf("lm_will: not enough room in buffer\n");
+ }
+ break;
+
+#if defined(AUTHENTICATION)
+ case TELOPT_AUTHENTICATION: {
+ if (!autologin)
+ break;
+ if (SB_EOF())
+ return;
+ switch(SB_GET()) {
+ case TELQUAL_IS:
+ if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+ return;
+ auth_is(subpointer, SB_LEN());
+ break;
+ case TELQUAL_SEND:
+ if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+ return;
+ auth_send(subpointer, SB_LEN());
+ break;
+ case TELQUAL_REPLY:
+ if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
+ return;
+ auth_reply(subpointer, SB_LEN());
+ break;
+ case TELQUAL_NAME:
+ if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+ return;
+ auth_name(subpointer, SB_LEN());
+ break;
+ }
+ }
+ break;
+#endif
+#if defined(ENCRYPTION)
+ case TELOPT_ENCRYPT:
+ if (SB_EOF())
+ return;
+ switch(SB_GET()) {
+ case ENCRYPT_START:
+ if (my_want_state_is_dont(TELOPT_ENCRYPT))
+ return;
+ encrypt_start(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_END:
+ if (my_want_state_is_dont(TELOPT_ENCRYPT))
+ return;
+ encrypt_end();
+ break;
+ case ENCRYPT_SUPPORT:
+ if (my_want_state_is_wont(TELOPT_ENCRYPT))
+ return;
+ encrypt_support(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REQSTART:
+ if (my_want_state_is_wont(TELOPT_ENCRYPT))
+ return;
+ encrypt_request_start(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REQEND:
+ if (my_want_state_is_wont(TELOPT_ENCRYPT))
+ return;
+ /*
+ * We can always send an REQEND so that we cannot
+ * get stuck encrypting. We should only get this
+ * if we have been able to get in the correct mode
+ * anyhow.
+ */
+ encrypt_request_end();
+ break;
+ case ENCRYPT_IS:
+ if (my_want_state_is_dont(TELOPT_ENCRYPT))
+ return;
+ encrypt_is(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REPLY:
+ if (my_want_state_is_wont(TELOPT_ENCRYPT))
+ return;
+ encrypt_reply(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_ENC_KEYID:
+ if (my_want_state_is_dont(TELOPT_ENCRYPT))
+ return;
+ encrypt_enc_keyid(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_DEC_KEYID:
+ if (my_want_state_is_wont(TELOPT_ENCRYPT))
+ return;
+ encrypt_dec_keyid(subpointer, SB_LEN());
+ break;
+ default:
+ break;
+ }
+ break;
+#endif
+ default:
+ break;
+ }
+}
+
+static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
+
+void
+lm_will(unsigned char *cmd, int len)
+{
+ if (len < 1) {
+/*@*/ printf("lm_will: no command!!!\n"); /* Should not happen... */
+ return;
+ }
+ switch(cmd[0]) {
+ case LM_FORWARDMASK: /* We shouldn't ever get this... */
+ default:
+ str_lm[3] = DONT;
+ str_lm[4] = cmd[0];
+ if (NETROOM() > sizeof(str_lm)) {
+ ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+ printsub('>', &str_lm[2], sizeof(str_lm)-2);
+ }
+/*@*/ else printf("lm_will: not enough room in buffer\n");
+ break;
+ }
+}
+
+void
+lm_wont(unsigned char *cmd, int len)
+{
+ if (len < 1) {
+/*@*/ printf("lm_wont: no command!!!\n"); /* Should not happen... */
+ return;
+ }
+ switch(cmd[0]) {
+ case LM_FORWARDMASK: /* We shouldn't ever get this... */
+ default:
+ /* We are always DONT, so don't respond */
+ return;
+ }
+}
+
+void
+lm_do(unsigned char *cmd, int len)
+{
+ if (len < 1) {
+/*@*/ printf("lm_do: no command!!!\n"); /* Should not happen... */
+ return;
+ }
+ switch(cmd[0]) {
+ case LM_FORWARDMASK:
+ default:
+ str_lm[3] = WONT;
+ str_lm[4] = cmd[0];
+ if (NETROOM() > sizeof(str_lm)) {
+ ring_supply_data(&netoring, str_lm, sizeof(str_lm));
+ printsub('>', &str_lm[2], sizeof(str_lm)-2);
+ }
+/*@*/ else printf("lm_do: not enough room in buffer\n");
+ break;
+ }
+}
+
+void
+lm_dont(unsigned char *cmd, int len)
+{
+ if (len < 1) {
+/*@*/ printf("lm_dont: no command!!!\n"); /* Should not happen... */
+ return;
+ }
+ switch(cmd[0]) {
+ case LM_FORWARDMASK:
+ default:
+ /* we are always WONT, so don't respond */
+ break;
+ }
+}
+
+static unsigned char str_lm_mode[] = {
+ IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
+};
+
+void
+lm_mode(unsigned char *cmd, int len, int init)
+{
+ if (len != 1)
+ return;
+ if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
+ return;
+ if (*cmd&MODE_ACK)
+ return;
+ linemode = *cmd&(MODE_MASK&~MODE_ACK);
+ str_lm_mode[4] = linemode;
+ if (!init)
+ str_lm_mode[4] |= MODE_ACK;
+ if (NETROOM() > sizeof(str_lm_mode)) {
+ ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
+ printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
+ }
+/*@*/ else printf("lm_mode: not enough room in buffer\n");
+ setconnmode(0); /* set changed mode */
+}
+
+
+
+/*
+ * slc()
+ * Handle special character suboption of LINEMODE.
+ */
+
+struct spc {
+ cc_t val;
+ cc_t *valp;
+ char flags; /* Current flags & level */
+ char mylevel; /* Maximum level & flags */
+} spc_data[NSLC+1];
+
+#define SLC_IMPORT 0
+#define SLC_EXPORT 1
+#define SLC_RVALUE 2
+static int slc_mode = SLC_EXPORT;
+
+void
+slc_init()
+{
+ struct spc *spcp;
+
+ localchars = 1;
+ for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
+ spcp->val = 0;
+ spcp->valp = 0;
+ spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
+ }
+
+#define initfunc(func, flags) { \
+ spcp = &spc_data[func]; \
+ if ((spcp->valp = tcval(func))) { \
+ spcp->val = *spcp->valp; \
+ spcp->mylevel = SLC_VARIABLE|flags; \
+ } else { \
+ spcp->val = 0; \
+ spcp->mylevel = SLC_DEFAULT; \
+ } \
+ }
+
+ initfunc(SLC_SYNCH, 0);
+ /* No BRK */
+ initfunc(SLC_AO, 0);
+ initfunc(SLC_AYT, 0);
+ /* No EOR */
+ initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
+ initfunc(SLC_EOF, 0);
+ initfunc(SLC_SUSP, SLC_FLUSHIN);
+ initfunc(SLC_EC, 0);
+ initfunc(SLC_EL, 0);
+ initfunc(SLC_EW, 0);
+ initfunc(SLC_RP, 0);
+ initfunc(SLC_LNEXT, 0);
+ initfunc(SLC_XON, 0);
+ initfunc(SLC_XOFF, 0);
+ initfunc(SLC_FORW1, 0);
+ initfunc(SLC_FORW2, 0);
+ /* No FORW2 */
+
+ initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
+#undef initfunc
+
+ if (slc_mode == SLC_EXPORT)
+ slc_export();
+ else
+ slc_import(1);
+
+}
+
+void
+slcstate()
+{
+ printf("Special characters are %s values\n",
+ slc_mode == SLC_IMPORT ? "remote default" :
+ slc_mode == SLC_EXPORT ? "local" :
+ "remote");
+}
+
+void
+slc_mode_export()
+{
+ slc_mode = SLC_EXPORT;
+ if (my_state_is_will(TELOPT_LINEMODE))
+ slc_export();
+}
+
+void
+slc_mode_import(int def)
+{
+ slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
+ if (my_state_is_will(TELOPT_LINEMODE))
+ slc_import(def);
+}
+
+unsigned char slc_import_val[] = {
+ IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
+};
+unsigned char slc_import_def[] = {
+ IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
+};
+
+void
+slc_import(int def)
+{
+ if (NETROOM() > sizeof(slc_import_val)) {
+ if (def) {
+ ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
+ printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
+ } else {
+ ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
+ printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
+ }
+ }
+/*@*/ else printf("slc_import: not enough room\n");
+}
+
+void
+slc_export()
+{
+ struct spc *spcp;
+
+ TerminalDefaultChars();
+
+ slc_start_reply();
+ for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+ if (spcp->mylevel != SLC_NOSUPPORT) {
+ if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+ spcp->flags = SLC_NOSUPPORT;
+ else
+ spcp->flags = spcp->mylevel;
+ if (spcp->valp)
+ spcp->val = *spcp->valp;
+ slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+ }
+ }
+ slc_end_reply();
+ slc_update();
+ setconnmode(1); /* Make sure the character values are set */
+}
+
+void
+slc(unsigned char *cp, int len)
+{
+ struct spc *spcp;
+ int func,level;
+
+ slc_start_reply();
+
+ for (; len >= 3; len -=3, cp +=3) {
+
+ func = cp[SLC_FUNC];
+
+ if (func == 0) {
+ /*
+ * Client side: always ignore 0 function.
+ */
+ continue;
+ }
+ if (func > NSLC) {
+ if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
+ slc_add_reply(func, SLC_NOSUPPORT, 0);
+ continue;
+ }
+
+ spcp = &spc_data[func];
+
+ level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
+
+ if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
+ ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
+ continue;
+ }
+
+ if (level == (SLC_DEFAULT|SLC_ACK)) {
+ /*
+ * This is an error condition, the SLC_ACK
+ * bit should never be set for the SLC_DEFAULT
+ * level. Our best guess to recover is to
+ * ignore the SLC_ACK bit.
+ */
+ cp[SLC_FLAGS] &= ~SLC_ACK;
+ }
+
+ if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
+ spcp->val = (cc_t)cp[SLC_VALUE];
+ spcp->flags = cp[SLC_FLAGS]; /* include SLC_ACK */
+ continue;
+ }
+
+ level &= ~SLC_ACK;
+
+ if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
+ spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
+ spcp->val = (cc_t)cp[SLC_VALUE];
+ }
+ if (level == SLC_DEFAULT) {
+ if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
+ spcp->flags = spcp->mylevel;
+ else
+ spcp->flags = SLC_NOSUPPORT;
+ }
+ slc_add_reply(func, spcp->flags, spcp->val);
+ }
+ slc_end_reply();
+ if (slc_update())
+ setconnmode(1); /* set the new character values */
+}
+
+void
+slc_check()
+{
+ struct spc *spcp;
+
+ slc_start_reply();
+ for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+ if (spcp->valp && spcp->val != *spcp->valp) {
+ spcp->val = *spcp->valp;
+ if (spcp->val == (cc_t)(_POSIX_VDISABLE))
+ spcp->flags = SLC_NOSUPPORT;
+ else
+ spcp->flags = spcp->mylevel;
+ slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
+ }
+ }
+ slc_end_reply();
+ setconnmode(1);
+}
+
+
+unsigned char slc_reply[128];
+unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
+unsigned char *slc_replyp;
+
+void
+slc_start_reply()
+{
+ slc_replyp = slc_reply;
+ *slc_replyp++ = IAC;
+ *slc_replyp++ = SB;
+ *slc_replyp++ = TELOPT_LINEMODE;
+ *slc_replyp++ = LM_SLC;
+}
+
+void
+slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+{
+ /* A sequence of up to 6 bytes my be written for this member of the SLC
+ * suboption list by this function. The end of negotiation command,
+ * which is written by slc_end_reply(), will require 2 additional
+ * bytes. Do not proceed unless there is sufficient space for these
+ * items.
+ */
+ if (&slc_replyp[6+2] > slc_reply_eom)
+ return;
+ if ((*slc_replyp++ = func) == IAC)
+ *slc_replyp++ = IAC;
+ if ((*slc_replyp++ = flags) == IAC)
+ *slc_replyp++ = IAC;
+ if ((*slc_replyp++ = (unsigned char)value) == IAC)
+ *slc_replyp++ = IAC;
+}
+
+void
+slc_end_reply()
+{
+ int len;
+
+ /* The end of negotiation command requires 2 bytes. */
+ if (&slc_replyp[2] > slc_reply_eom)
+ return;
+ *slc_replyp++ = IAC;
+ *slc_replyp++ = SE;
+ len = slc_replyp - slc_reply;
+ if (len <= 6)
+ return;
+ if (NETROOM() > len) {
+ ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
+ printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
+ }
+/*@*/else printf("slc_end_reply: not enough room\n");
+}
+
+int
+slc_update()
+{
+ struct spc *spcp;
+ int need_update = 0;
+
+ for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
+ if (!(spcp->flags&SLC_ACK))
+ continue;
+ spcp->flags &= ~SLC_ACK;
+ if (spcp->valp && (*spcp->valp != spcp->val)) {
+ *spcp->valp = spcp->val;
+ need_update = 1;
+ }
+ }
+ return(need_update);
+}
+
+#ifdef OLD_ENVIRON
+# define old_env_var OLD_ENV_VAR
+# define old_env_value OLD_ENV_VALUE
+#endif
+
+void
+env_opt(unsigned char *buf, int len)
+{
+ unsigned char *ep = 0, *epc = 0;
+ int i;
+
+ switch(buf[0]&0xff) {
+ case TELQUAL_SEND:
+ env_opt_start();
+ if (len == 1) {
+ env_opt_add(NULL);
+ } else for (i = 1; i < len; i++) {
+ switch (buf[i]&0xff) {
+#ifdef OLD_ENVIRON
+ case OLD_ENV_VAR:
+ case OLD_ENV_VALUE:
+ /*
+ * Although OLD_ENV_VALUE is not legal, we will
+ * still recognize it, just in case it is an
+ * old server that has VAR & VALUE mixed up...
+ */
+ /* FALL THROUGH */
+#else
+ case NEW_ENV_VAR:
+#endif
+ case ENV_USERVAR:
+ if (ep) {
+ *epc = 0;
+ env_opt_add(ep);
+ }
+ ep = epc = &buf[i+1];
+ break;
+ case ENV_ESC:
+ i++;
+ /*FALL THROUGH*/
+ default:
+ if (epc)
+ *epc++ = buf[i];
+ break;
+ }
+ }
+ if (ep) {
+ *epc = 0;
+ env_opt_add(ep);
+ }
+ env_opt_end(1);
+ break;
+
+ case TELQUAL_IS:
+ case TELQUAL_INFO:
+ /* Ignore for now. We shouldn't get it anyway. */
+ break;
+
+ default:
+ break;
+ }
+}
+
+#define OPT_REPLY_SIZE (2 * SUBBUFSIZE)
+unsigned char *opt_reply;
+unsigned char *opt_replyp;
+unsigned char *opt_replyend;
+
+void
+env_opt_start()
+{
+ if (opt_reply) {
+ void *tmp = realloc (opt_reply, OPT_REPLY_SIZE);
+ if (tmp != NULL) {
+ opt_reply = tmp;
+ } else {
+ free (opt_reply);
+ opt_reply = NULL;
+ }
+ } else
+ opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
+ if (opt_reply == NULL) {
+/*@*/ printf("env_opt_start: malloc()/realloc() failed!!!\n");
+ opt_reply = opt_replyp = opt_replyend = NULL;
+ return;
+ }
+ opt_replyp = opt_reply;
+ opt_replyend = opt_reply + OPT_REPLY_SIZE;
+ *opt_replyp++ = IAC;
+ *opt_replyp++ = SB;
+ *opt_replyp++ = telopt_environ;
+ *opt_replyp++ = TELQUAL_IS;
+}
+
+void
+env_opt_start_info()
+{
+ env_opt_start();
+ if (opt_replyp)
+ opt_replyp[-1] = TELQUAL_INFO;
+}
+
+void
+env_opt_add(unsigned char *ep)
+{
+ unsigned char *vp, c;
+
+ if (opt_reply == NULL) /*XXX*/
+ return; /*XXX*/
+
+ if (ep == NULL || *ep == '\0') {
+ /* Send user defined variables first. */
+ env_default(1, 0);
+ while ((ep = env_default(0, 0)))
+ env_opt_add(ep);
+
+ /* Now add the list of well know variables. */
+ env_default(1, 1);
+ while ((ep = env_default(0, 1)))
+ env_opt_add(ep);
+ return;
+ }
+ vp = env_getvalue(ep);
+ if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
+ 2 * strlen((char *)ep) + 6 > opt_replyend)
+ {
+ int len;
+ void *tmp;
+ opt_replyend += OPT_REPLY_SIZE;
+ len = opt_replyend - opt_reply;
+ tmp = realloc(opt_reply, len);
+ if (tmp == NULL) {
+/*@*/ printf("env_opt_add: realloc() failed!!!\n");
+ opt_reply = opt_replyp = opt_replyend = NULL;
+ return;
+ }
+ opt_reply = tmp;
+ opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
+ opt_replyend = opt_reply + len;
+ }
+ if (opt_welldefined((char *)ep)) {
+#ifdef OLD_ENVIRON
+ if (telopt_environ == TELOPT_OLD_ENVIRON)
+ *opt_replyp++ = old_env_var;
+ else
+#endif
+ *opt_replyp++ = NEW_ENV_VAR;
+ } else
+ *opt_replyp++ = ENV_USERVAR;
+ for (;;) {
+ while ((c = *ep++)) {
+ if (opt_replyp + (2 + 2) > opt_replyend)
+ return;
+ switch(c&0xff) {
+ case IAC:
+ *opt_replyp++ = IAC;
+ break;
+ case NEW_ENV_VAR:
+ case NEW_ENV_VALUE:
+ case ENV_ESC:
+ case ENV_USERVAR:
+ *opt_replyp++ = ENV_ESC;
+ break;
+ }
+ *opt_replyp++ = c;
+ }
+ if ((ep = vp)) {
+ if (opt_replyp + (1 + 2 + 2) > opt_replyend)
+ return;
+#ifdef OLD_ENVIRON
+ if (telopt_environ == TELOPT_OLD_ENVIRON)
+ *opt_replyp++ = old_env_value;
+ else
+#endif
+ *opt_replyp++ = NEW_ENV_VALUE;
+ vp = NULL;
+ } else
+ break;
+ }
+}
+
+int
+opt_welldefined(char *ep)
+{
+ if ((strcmp(ep, "USER") == 0) ||
+ (strcmp(ep, "DISPLAY") == 0) ||
+ (strcmp(ep, "PRINTER") == 0) ||
+ (strcmp(ep, "SYSTEMTYPE") == 0) ||
+ (strcmp(ep, "JOB") == 0) ||
+ (strcmp(ep, "ACCT") == 0))
+ return(1);
+ return(0);
+}
+
+void
+env_opt_end(int emptyok)
+{
+ int len;
+
+ if (opt_replyp + 2 > opt_replyend)
+ return;
+ len = opt_replyp + 2 - opt_reply;
+ if (emptyok || len > 6) {
+ *opt_replyp++ = IAC;
+ *opt_replyp++ = SE;
+ if (NETROOM() > len) {
+ ring_supply_data(&netoring, opt_reply, len);
+ printsub('>', &opt_reply[2], len - 2);
+ }
+/*@*/ else printf("slc_end_reply: not enough room\n");
+ }
+ if (opt_reply) {
+ free(opt_reply);
+ opt_reply = opt_replyp = opt_replyend = NULL;
+ }
+}
+
+
+
+int
+telrcv(void)
+{
+ int c;
+ int scc;
+ unsigned char *sbp = NULL;
+ int count;
+ int returnValue = 0;
+
+ scc = 0;
+ count = 0;
+ while (TTYROOM() > 2) {
+ if (scc == 0) {
+ if (count) {
+ ring_consumed(&netiring, count);
+ returnValue = 1;
+ count = 0;
+ }
+ sbp = netiring.consume;
+ scc = ring_full_consecutive(&netiring);
+ if (scc == 0) {
+ /* No more data coming in */
+ break;
+ }
+ }
+
+ c = *sbp++ & 0xff, scc--; count++;
+#if defined(ENCRYPTION)
+ if (decrypt_input)
+ c = (*decrypt_input)(c);
+#endif
+
+ switch (telrcv_state) {
+
+ case TS_CR:
+ telrcv_state = TS_DATA;
+ if (c == '\0') {
+ break; /* Ignore \0 after CR */
+ }
+ else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
+ TTYADD(c);
+ break;
+ }
+ /* Else, fall through */
+
+ case TS_DATA:
+ if (c == IAC) {
+ telrcv_state = TS_IAC;
+ break;
+ }
+ /*
+ * The 'crmod' hack (see following) is needed
+ * since we can't set CRMOD on output only.
+ * Machines like MULTICS like to send \r without
+ * \n; since we must turn off CRMOD to get proper
+ * input, the mapping is done here (sigh).
+ */
+ if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
+ if (scc > 0) {
+ c = *sbp&0xff;
+#if defined(ENCRYPTION)
+ if (decrypt_input)
+ c = (*decrypt_input)(c);
+#endif
+ if (c == 0) {
+ sbp++, scc--; count++;
+ /* a "true" CR */
+ TTYADD('\r');
+ } else if (my_want_state_is_dont(TELOPT_ECHO) &&
+ (c == '\n')) {
+ sbp++, scc--; count++;
+ TTYADD('\n');
+ } else {
+#if defined(ENCRYPTION)
+ if (decrypt_input)
+ (*decrypt_input)(-1);
+#endif
+
+ TTYADD('\r');
+ if (crmod) {
+ TTYADD('\n');
+ }
+ }
+ } else {
+ telrcv_state = TS_CR;
+ TTYADD('\r');
+ if (crmod) {
+ TTYADD('\n');
+ }
+ }
+ } else {
+ TTYADD(c);
+ }
+ continue;
+
+ case TS_IAC:
+process_iac:
+ switch (c) {
+
+ case WILL:
+ telrcv_state = TS_WILL;
+ continue;
+
+ case WONT:
+ telrcv_state = TS_WONT;
+ continue;
+
+ case DO:
+ telrcv_state = TS_DO;
+ continue;
+
+ case DONT:
+ telrcv_state = TS_DONT;
+ continue;
+
+ case DM:
+ /*
+ * We may have missed an urgent notification,
+ * so make sure we flush whatever is in the
+ * buffer currently.
+ */
+ printoption("RCVD", IAC, DM);
+ SYNCHing = 1;
+ ttyflush(1);
+ SYNCHing = stilloob();
+ settimer(gotDM);
+ break;
+
+ case SB:
+ SB_CLEAR();
+ telrcv_state = TS_SB;
+ continue;
+
+
+ case IAC:
+ TTYADD(IAC);
+ break;
+
+ case NOP:
+ case GA:
+ default:
+ printoption("RCVD", IAC, c);
+ break;
+ }
+ telrcv_state = TS_DATA;
+ continue;
+
+ case TS_WILL:
+ printoption("RCVD", WILL, c);
+ willoption(c);
+ telrcv_state = TS_DATA;
+ continue;
+
+ case TS_WONT:
+ printoption("RCVD", WONT, c);
+ wontoption(c);
+ telrcv_state = TS_DATA;
+ continue;
+
+ case TS_DO:
+ printoption("RCVD", DO, c);
+ dooption(c);
+ if (c == TELOPT_NAWS) {
+ sendnaws();
+ } else if (c == TELOPT_LFLOW) {
+ localflow = 1;
+ setcommandmode();
+ setconnmode(0);
+ }
+ telrcv_state = TS_DATA;
+ continue;
+
+ case TS_DONT:
+ printoption("RCVD", DONT, c);
+ dontoption(c);
+ flushline = 1;
+ setconnmode(0); /* set new tty mode (maybe) */
+ telrcv_state = TS_DATA;
+ continue;
+
+ case TS_SB:
+ if (c == IAC) {
+ telrcv_state = TS_SE;
+ } else {
+ SB_ACCUM(c);
+ }
+ continue;
+
+ case TS_SE:
+ if (c != SE) {
+ if (c != IAC) {
+ /*
+ * This is an error. We only expect to get
+ * "IAC IAC" or "IAC SE". Several things may
+ * have happened. An IAC was not doubled, the
+ * IAC SE was left off, or another option got
+ * inserted into the suboption are all possibilities.
+ * If we assume that the IAC was not doubled,
+ * and really the IAC SE was left off, we could
+ * get into an infinite loop here. So, instead,
+ * we terminate the suboption, and process the
+ * partial suboption if we can.
+ */
+ SB_ACCUM(IAC);
+ SB_ACCUM(c);
+ subpointer -= 2;
+ SB_TERM();
+
+ printoption("In SUBOPTION processing, RCVD", IAC, c);
+ suboption(); /* handle sub-option */
+ telrcv_state = TS_IAC;
+ goto process_iac;
+ }
+ SB_ACCUM(c);
+ telrcv_state = TS_SB;
+ } else {
+ SB_ACCUM(IAC);
+ SB_ACCUM(SE);
+ subpointer -= 2;
+ SB_TERM();
+ suboption(); /* handle sub-option */
+ telrcv_state = TS_DATA;
+ }
+ }
+ }
+ if (count)
+ ring_consumed(&netiring, count);
+ return returnValue||count;
+}
+
+static int bol = 1, local = 0;
+
+int
+rlogin_susp(void)
+{
+ if (local) {
+ local = 0;
+ bol = 1;
+ command(0, "z\n", 2);
+ return(1);
+ }
+ return(0);
+}
+
+static int
+telsnd()
+{
+ int tcc;
+ int count;
+ int returnValue = 0;
+ unsigned char *tbp = NULL;
+
+ tcc = 0;
+ count = 0;
+ while (NETROOM() > 2) {
+ int sc;
+ int c;
+
+ if (tcc == 0) {
+ if (count) {
+ ring_consumed(&ttyiring, count);
+ returnValue = 1;
+ count = 0;
+ }
+ tbp = ttyiring.consume;
+ tcc = ring_full_consecutive(&ttyiring);
+ if (tcc == 0) {
+ break;
+ }
+ }
+ c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
+ if (rlogin != _POSIX_VDISABLE) {
+ if (bol) {
+ bol = 0;
+ if (sc == rlogin) {
+ local = 1;
+ continue;
+ }
+ } else if (local) {
+ local = 0;
+ if (sc == '.' || c == termEofChar) {
+ bol = 1;
+ command(0, "close\n", 6);
+ continue;
+ }
+ if (sc == termSuspChar) {
+ bol = 1;
+ command(0, "z\n", 2);
+ continue;
+ }
+ if (sc == escape) {
+ command(0, (char *)tbp, tcc);
+ bol = 1;
+ count += tcc;
+ tcc = 0;
+ flushline = 1;
+ break;
+ }
+ if (sc != rlogin) {
+ ++tcc;
+ --tbp;
+ --count;
+ c = sc = rlogin;
+ }
+ }
+ if ((sc == '\n') || (sc == '\r'))
+ bol = 1;
+ } else if (sc == escape) {
+ /*
+ * Double escape is a pass through of a single escape character.
+ */
+ if (tcc && strip(*tbp) == escape) {
+ tbp++;
+ tcc--;
+ count++;
+ bol = 0;
+ } else {
+ command(0, (char *)tbp, tcc);
+ bol = 1;
+ count += tcc;
+ tcc = 0;
+ flushline = 1;
+ break;
+ }
+ } else
+ bol = 0;
+#ifdef KLUDGELINEMODE
+ if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
+ if (tcc > 0 && strip(*tbp) == echoc) {
+ tcc--; tbp++; count++;
+ } else {
+ dontlecho = !dontlecho;
+ settimer(echotoggle);
+ setconnmode(0);
+ flushline = 1;
+ break;
+ }
+ }
+#endif
+ if (MODE_LOCAL_CHARS(globalmode)) {
+ if (TerminalSpecialChars(sc) == 0) {
+ bol = 1;
+ break;
+ }
+ }
+ if (my_want_state_is_wont(TELOPT_BINARY)) {
+ switch (c) {
+ case '\n':
+ /*
+ * If we are in CRMOD mode (\r ==> \n)
+ * on our local machine, then probably
+ * a newline (unix) is CRLF (TELNET).
+ */
+ if (MODE_LOCAL_CHARS(globalmode)) {
+ NETADD('\r');
+ }
+ NETADD('\n');
+ bol = flushline = 1;
+ break;
+ case '\r':
+ if (!crlf) {
+ NET2ADD('\r', '\0');
+ } else {
+ NET2ADD('\r', '\n');
+ }
+ bol = flushline = 1;
+ break;
+ case IAC:
+ NET2ADD(IAC, IAC);
+ break;
+ default:
+ NETADD(c);
+ break;
+ }
+ } else if (c == IAC) {
+ NET2ADD(IAC, IAC);
+ } else {
+ NETADD(c);
+ }
+ }
+ if (count)
+ ring_consumed(&ttyiring, count);
+ return returnValue||count; /* Non-zero if we did anything */
+}
+
+/*
+ * Scheduler()
+ *
+ * Try to do something.
+ *
+ * If we do something useful, return 1; else return 0.
+ *
+ */
+
+
+ int
+Scheduler(int block) /* should we block in the select ? */
+{
+ /* One wants to be a bit careful about setting returnValue
+ * to one, since a one implies we did some useful work,
+ * and therefore probably won't be called to block next
+ * time (TN3270 mode only).
+ */
+ int returnValue;
+ int netin, netout, netex, ttyin, ttyout;
+
+ /* Decide which rings should be processed */
+
+ netout = ring_full_count(&netoring) &&
+ (flushline ||
+ (my_want_state_is_wont(TELOPT_LINEMODE)
+#ifdef KLUDGELINEMODE
+ && (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
+#endif
+ ) ||
+ my_want_state_is_will(TELOPT_BINARY));
+ ttyout = ring_full_count(&ttyoring);
+
+ ttyin = ring_empty_count(&ttyiring);
+
+ netin = !ISend && ring_empty_count(&netiring);
+
+ netex = !SYNCHing;
+
+ /* If we have seen a signal recently, reset things */
+
+ if (scheduler_lockout_tty) {
+ ttyin = ttyout = 0;
+ }
+
+ /* Call to system code to process rings */
+
+ returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
+
+ /* Now, look at the input rings, looking for work to do. */
+
+ if (ring_full_count(&ttyiring)) {
+ returnValue |= telsnd();
+ }
+
+ if (ring_full_count(&netiring)) {
+ returnValue |= telrcv();
+ }
+ return returnValue;
+}
+
+extern int auth_has_failed; /* XXX should be somewhere else */
+
+/*
+ * Select from tty and network...
+ */
+void
+my_telnet(char *user)
+{
+ int printed_encrypt = 0;
+
+ sys_telnet_init();
+
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+ {
+ static char local_host[256] = { 0 };
+
+ if (!local_host[0]) {
+ /* XXX - should be k_gethostname? */
+ gethostname(local_host, sizeof(local_host));
+ local_host[sizeof(local_host)-1] = 0;
+ }
+ auth_encrypt_init(local_host, hostname, "TELNET", 0);
+ auth_encrypt_user(user);
+ }
+#endif
+ if (telnetport) {
+#if defined(AUTHENTICATION)
+ if (autologin)
+ send_will(TELOPT_AUTHENTICATION, 1);
+#endif
+#if defined(ENCRYPTION)
+ send_do(TELOPT_ENCRYPT, 1);
+ send_will(TELOPT_ENCRYPT, 1);
+#endif
+ send_do(TELOPT_SGA, 1);
+ send_will(TELOPT_TTYPE, 1);
+ send_will(TELOPT_NAWS, 1);
+ send_will(TELOPT_TSPEED, 1);
+ send_will(TELOPT_LFLOW, 1);
+ send_will(TELOPT_LINEMODE, 1);
+ send_will(TELOPT_NEW_ENVIRON, 1);
+ send_do(TELOPT_STATUS, 1);
+ if (env_getvalue((unsigned char *)"DISPLAY"))
+ send_will(TELOPT_XDISPLOC, 1);
+ if (binary)
+ tel_enter_binary(binary);
+ }
+
+#ifdef ENCRYPTION
+ /*
+ * Note: we assume a tie to the authentication option here. This
+ * is necessary so that authentication fails, we don't spin
+ * forever.
+ */
+ if (telnetport && wantencryption) {
+ time_t timeout = time(0) + 60;
+
+ send_do(TELOPT_ENCRYPT, 1);
+ send_will(TELOPT_ENCRYPT, 1);
+ while (1) {
+ if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) {
+ if (wantencryption == -1) {
+ break;
+ } else {
+ printf("\nServer refused to negotiate authentication,\n");
+ printf("which is required for encryption.\n");
+ Exit(1);
+ }
+ }
+ if (auth_has_failed) {
+ printf("\nAuthentication negotiation has failed,\n");
+ printf("which is required for encryption.\n");
+ Exit(1);
+ }
+ if (my_want_state_is_dont(TELOPT_ENCRYPT) ||
+ my_want_state_is_wont(TELOPT_ENCRYPT)) {
+ printf("\nServer refused to negotiate encryption.\n");
+ Exit(1);
+ }
+ if (encrypt_is_encrypting())
+ break;
+ if (time(0) > timeout) {
+ printf("\nEncryption could not be enabled.\n");
+ Exit(1);
+ }
+ if (printed_encrypt == 0) {
+ printed_encrypt = 1;
+ printf("Waiting for encryption to be negotiated...\n");
+ /*
+ * Turn on MODE_TRAPSIG and then turn off localchars
+ * so that ^C will cause telnet to exit.
+ */
+ TerminalNewMode(getconnmode()|MODE_TRAPSIG);
+ intr_waiting = 1;
+ }
+ if (intr_happened) {
+ printf("\nUser interrupt.\n");
+ Exit(1);
+ }
+ if (telnet_spin()) {
+ printf("\nServer disconnected.\n");
+ Exit(1);
+ }
+
+ }
+ if (printed_encrypt) {
+ printf("Encryption negotiated.\n");
+ intr_waiting = 0;
+ setconnmode(0);
+ }
+ }
+#endif
+
+ for (;;) {
+ int schedValue;
+
+ while ((schedValue = Scheduler(0)) != 0) {
+ if (schedValue == -1) {
+ setcommandmode();
+ return;
+ }
+ }
+
+ if (Scheduler(1) == -1) {
+ setcommandmode();
+ return;
+ }
+ }
+}
+
+/*
+ * netclear()
+ *
+ * We are about to do a TELNET SYNCH operation. Clear
+ * the path to the network.
+ *
+ * Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ * A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer. The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+
+static void
+netclear()
+{
+#if 0 /* XXX */
+ char *thisitem, *next;
+ char *good;
+#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
+ ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+ thisitem = netobuf;
+
+ while ((next = nextitem(thisitem)) <= netobuf.send) {
+ thisitem = next;
+ }
+
+ /* Now, thisitem is first before/at boundary. */
+
+ good = netobuf; /* where the good bytes go */
+
+ while (netoring.add > thisitem) {
+ if (wewant(thisitem)) {
+ int length;
+
+ next = thisitem;
+ do {
+ next = nextitem(next);
+ } while (wewant(next) && (nfrontp > next));
+ length = next-thisitem;
+ memmove(good, thisitem, length);
+ good += length;
+ thisitem = next;
+ } else {
+ thisitem = nextitem(thisitem);
+ }
+ }
+
+#endif /* 0 */
+}
+
+/*
+ * These routines add various telnet commands to the data stream.
+ */
+
+static void
+doflush()
+{
+ NET2ADD(IAC, DO);
+ NETADD(TELOPT_TM);
+ flushline = 1;
+ flushout = 1;
+ ttyflush(1); /* Flush/drop output */
+ /* do printoption AFTER flush, otherwise the output gets tossed... */
+ printoption("SENT", DO, TELOPT_TM);
+}
+
+void
+xmitAO(void)
+{
+ NET2ADD(IAC, AO);
+ printoption("SENT", IAC, AO);
+ if (autoflush) {
+ doflush();
+ }
+}
+
+
+void
+xmitEL(void)
+{
+ NET2ADD(IAC, EL);
+ printoption("SENT", IAC, EL);
+}
+
+void
+xmitEC(void)
+{
+ NET2ADD(IAC, EC);
+ printoption("SENT", IAC, EC);
+}
+
+
+int
+dosynch()
+{
+ netclear(); /* clear the path to the network */
+ NETADD(IAC);
+ setneturg();
+ NETADD(DM);
+ printoption("SENT", IAC, DM);
+ return 1;
+}
+
+int want_status_response = 0;
+
+int
+get_status()
+{
+ unsigned char tmp[16];
+ unsigned char *cp;
+
+ if (my_want_state_is_dont(TELOPT_STATUS)) {
+ printf("Remote side does not support STATUS option\n");
+ return 0;
+ }
+ cp = tmp;
+
+ *cp++ = IAC;
+ *cp++ = SB;
+ *cp++ = TELOPT_STATUS;
+ *cp++ = TELQUAL_SEND;
+ *cp++ = IAC;
+ *cp++ = SE;
+ if (NETROOM() >= cp - tmp) {
+ ring_supply_data(&netoring, tmp, cp-tmp);
+ printsub('>', tmp+2, cp - tmp - 2);
+ }
+ ++want_status_response;
+ return 1;
+}
+
+void
+intp(void)
+{
+ NET2ADD(IAC, IP);
+ printoption("SENT", IAC, IP);
+ flushline = 1;
+ if (autoflush) {
+ doflush();
+ }
+ if (autosynch) {
+ dosynch();
+ }
+}
+
+void
+sendbrk(void)
+{
+ NET2ADD(IAC, BREAK);
+ printoption("SENT", IAC, BREAK);
+ flushline = 1;
+ if (autoflush) {
+ doflush();
+ }
+ if (autosynch) {
+ dosynch();
+ }
+}
+
+void
+sendabort(void)
+{
+ NET2ADD(IAC, ABORT);
+ printoption("SENT", IAC, ABORT);
+ flushline = 1;
+ if (autoflush) {
+ doflush();
+ }
+ if (autosynch) {
+ dosynch();
+ }
+}
+
+void
+sendsusp(void)
+{
+ NET2ADD(IAC, SUSP);
+ printoption("SENT", IAC, SUSP);
+ flushline = 1;
+ if (autoflush) {
+ doflush();
+ }
+ if (autosynch) {
+ dosynch();
+ }
+}
+
+void
+sendeof(void)
+{
+ NET2ADD(IAC, xEOF);
+ printoption("SENT", IAC, xEOF);
+}
+
+void
+sendayt(void)
+{
+ NET2ADD(IAC, AYT);
+ printoption("SENT", IAC, AYT);
+}
+
+/*
+ * Send a window size update to the remote system.
+ */
+
+void
+sendnaws()
+{
+ long rows, cols;
+ unsigned char tmp[16];
+ unsigned char *cp;
+
+ if (my_state_is_wont(TELOPT_NAWS))
+ return;
+
+#undef PUTSHORT
+#define PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
+ if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
+
+ if (TerminalWindowSize(&rows, &cols) == 0) { /* Failed */
+ return;
+ }
+
+ cp = tmp;
+
+ *cp++ = IAC;
+ *cp++ = SB;
+ *cp++ = TELOPT_NAWS;
+ PUTSHORT(cp, cols);
+ PUTSHORT(cp, rows);
+ *cp++ = IAC;
+ *cp++ = SE;
+ if (NETROOM() >= cp - tmp) {
+ ring_supply_data(&netoring, tmp, cp-tmp);
+ printsub('>', tmp+2, cp - tmp - 2);
+ }
+}
+
+void
+tel_enter_binary(int rw)
+{
+ if (rw&1)
+ send_do(TELOPT_BINARY, 1);
+ if (rw&2)
+ send_will(TELOPT_BINARY, 1);
+}
+
+void
+tel_leave_binary(int rw)
+{
+ if (rw&1)
+ send_dont(TELOPT_BINARY, 1);
+ if (rw&2)
+ send_wont(TELOPT_BINARY, 1);
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/telnet_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: telnet_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+#include <errno.h>
+#include <setjmp.h>
+#ifdef HAVE_BSDSETJMP_H
+#include <bsdsetjmp.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/* termios.h *must* be included before curses.h, but not on Solaris 9,
+ at least, where we end up with
+ "/usr/include/term.h", line 1060: incomplete struct/union/enum termio: Ottyb
+*/
+#if defined HAVE_TERMIOS_H && !defined __sun
+#include <termios.h>
+#endif
+
+#if defined(HAVE_CURSES_H)
+#include <curses.h>
+#ifdef HAVE_TERM_H
+#include <term.h>
+#endif
+#elif defined(HAVE_TERMCAP_H)
+#include <termcap.h>
+#endif
+
+#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
+#include <sys/termio.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+/* not with SunOS 4 */
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IP_H
+#include <netinet/ip.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#ifdef _AIX
+struct sockaddr_dl; /* AIX fun */
+struct ether_addr;
+#endif
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#ifdef SOCKS
+#include <socks.h>
+#endif
+
+#if defined(AUTHENTICATION) || defined(ENCRYPTION)
+#include <libtelnet/auth.h>
+#include <libtelnet/encrypt.h>
+#endif
+#include <libtelnet/misc.h>
+#include <libtelnet/misc-proto.h>
+
+#define LINEMODE
+#ifndef KLUDGELINEMODE
+#define KLUDGELINEMODE
+#endif
+
+#include <err.h>
+#include <roken.h>
+
+#include "ring.h"
+#include "externs.h"
+#include "defines.h"
+#include "types.h"
+
+/* prototypes */
+
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/terminal.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/terminal.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/terminal.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 1988, 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnet_locl.h"
+
+RCSID("$Id: terminal.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+Ring ttyoring, ttyiring;
+unsigned char ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
+
+int termdata; /* Debugging flag */
+
+# ifndef VDISCARD
+cc_t termFlushChar;
+# endif
+# ifndef VLNEXT
+cc_t termLiteralNextChar;
+# endif
+# ifndef VSUSP
+cc_t termSuspChar;
+# endif
+# ifndef VWERASE
+cc_t termWerasChar;
+# endif
+# ifndef VREPRINT
+cc_t termRprntChar;
+# endif
+# ifndef VSTART
+cc_t termStartChar;
+# endif
+# ifndef VSTOP
+cc_t termStopChar;
+# endif
+# ifndef VEOL
+cc_t termForw1Char;
+# endif
+# ifndef VEOL2
+cc_t termForw2Char;
+# endif
+# ifndef VSTATUS
+cc_t termAytChar;
+# endif
+
+/*
+ * initialize the terminal data structures.
+ */
+
+void
+init_terminal(void)
+{
+ if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
+ exit(1);
+ }
+ if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
+ exit(1);
+ }
+ autoflush = TerminalAutoFlush();
+}
+
+
+/*
+ * Send as much data as possible to the terminal.
+ *
+ * Return value:
+ * -1: No useful work done, data waiting to go out.
+ * 0: No data was waiting, so nothing was done.
+ * 1: All waiting data was written out.
+ * n: All data - n was written out.
+ */
+
+
+int
+ttyflush(int drop)
+{
+ int n, n0, n1;
+
+ n0 = ring_full_count(&ttyoring);
+ if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
+ if (drop) {
+ TerminalFlushOutput();
+ /* we leave 'n' alone! */
+ } else {
+ n = TerminalWrite((char *)ttyoring.consume, n);
+ }
+ }
+ if (n > 0) {
+ if (termdata && n) {
+ Dump('>', ttyoring.consume, n);
+ }
+ /*
+ * If we wrote everything, and the full count is
+ * larger than what we wrote, then write the
+ * rest of the buffer.
+ */
+ if (n1 == n && n0 > n) {
+ n1 = n0 - n;
+ if (!drop)
+ n1 = TerminalWrite((char *)ttyoring.bottom, n1);
+ if (n1 > 0)
+ n += n1;
+ }
+ ring_consumed(&ttyoring, n);
+ }
+ if (n < 0)
+ return -1;
+ if (n == n0) {
+ if (n0)
+ return -1;
+ return 0;
+ }
+ return n0 - n + 1;
+}
+
+
+/*
+ * These routines decides on what the mode should be (based on the values
+ * of various global variables).
+ */
+
+
+int
+getconnmode(void)
+{
+ int mode = 0;
+
+ if (my_want_state_is_dont(TELOPT_ECHO))
+ mode |= MODE_ECHO;
+
+ if (localflow)
+ mode |= MODE_FLOW;
+
+ if ((eight & 1) || my_want_state_is_will(TELOPT_BINARY))
+ mode |= MODE_INBIN;
+
+ if (eight & 2)
+ mode |= MODE_OUT8;
+ if (his_want_state_is_will(TELOPT_BINARY))
+ mode |= MODE_OUTBIN;
+
+#ifdef KLUDGELINEMODE
+ if (kludgelinemode) {
+ if (my_want_state_is_dont(TELOPT_SGA)) {
+ mode |= (MODE_TRAPSIG|MODE_EDIT);
+ if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
+ mode &= ~MODE_ECHO;
+ }
+ }
+ return(mode);
+ }
+#endif
+ if (my_want_state_is_will(TELOPT_LINEMODE))
+ mode |= linemode;
+ return(mode);
+}
+
+ void
+setconnmode(force)
+ int force;
+{
+#ifdef ENCRYPTION
+ static int enc_passwd = 0;
+#endif
+ int newmode;
+
+ newmode = getconnmode()|(force?MODE_FORCE:0);
+
+ TerminalNewMode(newmode);
+
+#ifdef ENCRYPTION
+ if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
+ if (my_want_state_is_will(TELOPT_ENCRYPT)
+ && (enc_passwd == 0) && !encrypt_output) {
+ encrypt_request_start(0, 0);
+ enc_passwd = 1;
+ }
+ } else {
+ if (enc_passwd) {
+ encrypt_request_end();
+ enc_passwd = 0;
+ }
+ }
+#endif
+
+}
+
+
+ void
+setcommandmode()
+{
+ TerminalNewMode(-1);
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/types.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/types.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/types.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)types.h 8.1 (Berkeley) 6/6/93
+ */
+
+typedef struct {
+ char *modedescriptions;
+ char modetype;
+} Modelist;
+
+extern Modelist modelist[];
+
+typedef struct {
+ int
+ system, /* what the current time is */
+ echotoggle, /* last time user entered echo character */
+ modenegotiated, /* last time operating mode negotiated */
+ didnetreceive, /* last time we read data from network */
+ gotDM; /* when did we last see a data mark */
+} Clocks;
+
+extern Clocks clocks;
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet/utilities.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet/utilities.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet/utilities.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,864 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define TELOPTS
+#define TELCMDS
+#define SLC_NAMES
+
+#include "telnet_locl.h"
+
+RCSID("$Id: utilities.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+FILE *NetTrace = 0; /* Not in bss, since needs to stay */
+int prettydump;
+
+/*
+ * SetSockOpt()
+ *
+ * Compensate for differences in 4.2 and 4.3 systems.
+ */
+
+int
+SetSockOpt(int fd, int level, int option, int yesno)
+{
+#ifdef HAVE_SETSOCKOPT
+#ifndef NOT43
+ return setsockopt(fd, level, option,
+ (void *)&yesno, sizeof yesno);
+#else /* NOT43 */
+ if (yesno == 0) { /* Can't do that in 4.2! */
+ fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
+ option);
+ return -1;
+ }
+ return setsockopt(fd, level, option, 0, 0);
+#endif /* NOT43 */
+#else
+ return -1;
+#endif
+}
+
+/*
+ * The following are routines used to print out debugging information.
+ */
+
+char NetTraceFile[256] = "(standard output)";
+
+void
+SetNetTrace(char *file)
+{
+ if (NetTrace && NetTrace != stdout)
+ fclose(NetTrace);
+ if (file && (strcmp(file, "-") != 0)) {
+ NetTrace = fopen(file, "w");
+ if (NetTrace) {
+ strlcpy(NetTraceFile, file, sizeof(NetTraceFile));
+ return;
+ }
+ fprintf(stderr, "Cannot open %s.\n", file);
+ }
+ NetTrace = stdout;
+ strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
+}
+
+void
+Dump(char direction, unsigned char *buffer, int length)
+{
+# define BYTES_PER_LINE 32
+ unsigned char *pThis;
+ int offset;
+
+ offset = 0;
+
+ while (length) {
+ /* print one line */
+ fprintf(NetTrace, "%c 0x%x\t", direction, offset);
+ pThis = buffer;
+ if (prettydump) {
+ buffer = buffer + min(length, BYTES_PER_LINE/2);
+ while (pThis < buffer) {
+ fprintf(NetTrace, "%c%.2x",
+ (((*pThis)&0xff) == 0xff) ? '*' : ' ',
+ (*pThis)&0xff);
+ pThis++;
+ }
+ length -= BYTES_PER_LINE/2;
+ offset += BYTES_PER_LINE/2;
+ } else {
+ buffer = buffer + min(length, BYTES_PER_LINE);
+ while (pThis < buffer) {
+ fprintf(NetTrace, "%.2x", (*pThis)&0xff);
+ pThis++;
+ }
+ length -= BYTES_PER_LINE;
+ offset += BYTES_PER_LINE;
+ }
+ if (NetTrace == stdout) {
+ fprintf(NetTrace, "\r\n");
+ } else {
+ fprintf(NetTrace, "\n");
+ }
+ if (length < 0) {
+ fflush(NetTrace);
+ return;
+ }
+ /* find next unique line */
+ }
+ fflush(NetTrace);
+}
+
+
+void
+printoption(char *direction, int cmd, int option)
+{
+ if (!showoptions)
+ return;
+ if (cmd == IAC) {
+ if (TELCMD_OK(option))
+ fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
+ else
+ fprintf(NetTrace, "%s IAC %d", direction, option);
+ } else {
+ char *fmt;
+ fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
+ (cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
+ if (fmt) {
+ fprintf(NetTrace, "%s %s ", direction, fmt);
+ if (TELOPT_OK(option))
+ fprintf(NetTrace, "%s", TELOPT(option));
+ else if (option == TELOPT_EXOPL)
+ fprintf(NetTrace, "EXOPL");
+ else
+ fprintf(NetTrace, "%d", option);
+ } else
+ fprintf(NetTrace, "%s %d %d", direction, cmd, option);
+ }
+ if (NetTrace == stdout) {
+ fprintf(NetTrace, "\r\n");
+ fflush(NetTrace);
+ } else {
+ fprintf(NetTrace, "\n");
+ }
+ return;
+}
+
+void
+optionstatus(void)
+{
+ int i;
+
+ for (i = 0; i < 256; i++) {
+ if (do_dont_resp[i]) {
+ if (TELOPT_OK(i))
+ printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
+ else if (TELCMD_OK(i))
+ printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
+ else
+ printf("resp DO_DONT %d: %d\n", i,
+ do_dont_resp[i]);
+ if (my_want_state_is_do(i)) {
+ if (TELOPT_OK(i))
+ printf("want DO %s\n", TELOPT(i));
+ else if (TELCMD_OK(i))
+ printf("want DO %s\n", TELCMD(i));
+ else
+ printf("want DO %d\n", i);
+ } else {
+ if (TELOPT_OK(i))
+ printf("want DONT %s\n", TELOPT(i));
+ else if (TELCMD_OK(i))
+ printf("want DONT %s\n", TELCMD(i));
+ else
+ printf("want DONT %d\n", i);
+ }
+ } else {
+ if (my_state_is_do(i)) {
+ if (TELOPT_OK(i))
+ printf(" DO %s\n", TELOPT(i));
+ else if (TELCMD_OK(i))
+ printf(" DO %s\n", TELCMD(i));
+ else
+ printf(" DO %d\n", i);
+ }
+ }
+ if (will_wont_resp[i]) {
+ if (TELOPT_OK(i))
+ printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
+ else if (TELCMD_OK(i))
+ printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
+ else
+ printf("resp WILL_WONT %d: %d\n",
+ i, will_wont_resp[i]);
+ if (my_want_state_is_will(i)) {
+ if (TELOPT_OK(i))
+ printf("want WILL %s\n", TELOPT(i));
+ else if (TELCMD_OK(i))
+ printf("want WILL %s\n", TELCMD(i));
+ else
+ printf("want WILL %d\n", i);
+ } else {
+ if (TELOPT_OK(i))
+ printf("want WONT %s\n", TELOPT(i));
+ else if (TELCMD_OK(i))
+ printf("want WONT %s\n", TELCMD(i));
+ else
+ printf("want WONT %d\n", i);
+ }
+ } else {
+ if (my_state_is_will(i)) {
+ if (TELOPT_OK(i))
+ printf(" WILL %s\n", TELOPT(i));
+ else if (TELCMD_OK(i))
+ printf(" WILL %s\n", TELCMD(i));
+ else
+ printf(" WILL %d\n", i);
+ }
+ }
+ }
+
+}
+
+void
+printsub(int direction, unsigned char *pointer, int length)
+{
+ int i;
+ unsigned char buf[512];
+
+ if (showoptions || direction == 0 ||
+ (want_status_response && (pointer[0] == TELOPT_STATUS))) {
+ if (direction) {
+ fprintf(NetTrace, "%s IAC SB ",
+ (direction == '<')? "RCVD":"SENT");
+ if (length >= 3) {
+ int j;
+
+ i = pointer[length-2];
+ j = pointer[length-1];
+
+ if (i != IAC || j != SE) {
+ fprintf(NetTrace, "(terminated by ");
+ if (TELOPT_OK(i))
+ fprintf(NetTrace, "%s ", TELOPT(i));
+ else if (TELCMD_OK(i))
+ fprintf(NetTrace, "%s ", TELCMD(i));
+ else
+ fprintf(NetTrace, "%d ", i);
+ if (TELOPT_OK(j))
+ fprintf(NetTrace, "%s", TELOPT(j));
+ else if (TELCMD_OK(j))
+ fprintf(NetTrace, "%s", TELCMD(j));
+ else
+ fprintf(NetTrace, "%d", j);
+ fprintf(NetTrace, ", not IAC SE!) ");
+ }
+ }
+ length -= 2;
+ }
+ if (length < 1) {
+ fprintf(NetTrace, "(Empty suboption??\?)");
+ if (NetTrace == stdout)
+ fflush(NetTrace);
+ return;
+ }
+ switch (pointer[0]) {
+ case TELOPT_TTYPE:
+ fprintf(NetTrace, "TERMINAL-TYPE ");
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+ break;
+ case TELQUAL_SEND:
+ fprintf(NetTrace, "SEND");
+ break;
+ default:
+ fprintf(NetTrace,
+ "- unknown qualifier %d (0x%x).",
+ pointer[1], pointer[1]);
+ }
+ break;
+ case TELOPT_TSPEED:
+ fprintf(NetTrace, "TERMINAL-SPEED");
+ if (length < 2) {
+ fprintf(NetTrace, " (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ fprintf(NetTrace, " IS ");
+ fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
+ break;
+ default:
+ if (pointer[1] == 1)
+ fprintf(NetTrace, " SEND");
+ else
+ fprintf(NetTrace, " %d (unknown)", pointer[1]);
+ for (i = 2; i < length; i++)
+ fprintf(NetTrace, " ?%d?", pointer[i]);
+ break;
+ }
+ break;
+
+ case TELOPT_LFLOW:
+ fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
+ if (length < 2) {
+ fprintf(NetTrace, " (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case LFLOW_OFF:
+ fprintf(NetTrace, " OFF"); break;
+ case LFLOW_ON:
+ fprintf(NetTrace, " ON"); break;
+ case LFLOW_RESTART_ANY:
+ fprintf(NetTrace, " RESTART-ANY"); break;
+ case LFLOW_RESTART_XON:
+ fprintf(NetTrace, " RESTART-XON"); break;
+ default:
+ fprintf(NetTrace, " %d (unknown)", pointer[1]);
+ }
+ for (i = 2; i < length; i++)
+ fprintf(NetTrace, " ?%d?", pointer[i]);
+ break;
+
+ case TELOPT_NAWS:
+ fprintf(NetTrace, "NAWS");
+ if (length < 2) {
+ fprintf(NetTrace, " (empty suboption??\?)");
+ break;
+ }
+ if (length == 2) {
+ fprintf(NetTrace, " ?%d?", pointer[1]);
+ break;
+ }
+ fprintf(NetTrace, " %d %d (%d)",
+ pointer[1], pointer[2],
+ (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+ if (length == 4) {
+ fprintf(NetTrace, " ?%d?", pointer[3]);
+ break;
+ }
+ fprintf(NetTrace, " %d %d (%d)",
+ pointer[3], pointer[4],
+ (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+ for (i = 5; i < length; i++)
+ fprintf(NetTrace, " ?%d?", pointer[i]);
+ break;
+
+#if defined(AUTHENTICATION)
+ case TELOPT_AUTHENTICATION:
+ fprintf(NetTrace, "AUTHENTICATION");
+ if (length < 2) {
+ fprintf(NetTrace, " (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case TELQUAL_REPLY:
+ case TELQUAL_IS:
+ fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
+ "IS" : "REPLY");
+ if (AUTHTYPE_NAME_OK(pointer[2]))
+ fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
+ else
+ fprintf(NetTrace, "%d ", pointer[2]);
+ if (length < 3) {
+ fprintf(NetTrace, "(partial suboption??\?)");
+ break;
+ }
+ fprintf(NetTrace, "%s|%s",
+ ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ "CLIENT" : "SERVER",
+ ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ "MUTUAL" : "ONE-WAY");
+
+ auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+ fprintf(NetTrace, "%s", buf);
+ break;
+
+ case TELQUAL_SEND:
+ i = 2;
+ fprintf(NetTrace, " SEND ");
+ while (i < length) {
+ if (AUTHTYPE_NAME_OK(pointer[i]))
+ fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
+ else
+ fprintf(NetTrace, "%d ", pointer[i]);
+ if (++i >= length) {
+ fprintf(NetTrace, "(partial suboption??\?)");
+ break;
+ }
+ fprintf(NetTrace, "%s|%s ",
+ ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ "CLIENT" : "SERVER",
+ ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ "MUTUAL" : "ONE-WAY");
+ ++i;
+ }
+ break;
+
+ case TELQUAL_NAME:
+ i = 2;
+ fprintf(NetTrace, " NAME \"");
+ while (i < length)
+ putc(pointer[i++], NetTrace);
+ putc('"', NetTrace);
+ break;
+
+ default:
+ for (i = 2; i < length; i++)
+ fprintf(NetTrace, " ?%d?", pointer[i]);
+ break;
+ }
+ break;
+#endif
+
+#if defined(ENCRYPTION)
+ case TELOPT_ENCRYPT:
+ fprintf(NetTrace, "ENCRYPT");
+ if (length < 2) {
+ fprintf(NetTrace, " (empty suboption?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case ENCRYPT_START:
+ fprintf(NetTrace, " START");
+ break;
+
+ case ENCRYPT_END:
+ fprintf(NetTrace, " END");
+ break;
+
+ case ENCRYPT_REQSTART:
+ fprintf(NetTrace, " REQUEST-START");
+ break;
+
+ case ENCRYPT_REQEND:
+ fprintf(NetTrace, " REQUEST-END");
+ break;
+
+ case ENCRYPT_IS:
+ case ENCRYPT_REPLY:
+ fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
+ "IS" : "REPLY");
+ if (length < 3) {
+ fprintf(NetTrace, " (partial suboption?)");
+ break;
+ }
+ if (ENCTYPE_NAME_OK(pointer[2]))
+ fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
+ else
+ fprintf(NetTrace, " %d (unknown)", pointer[2]);
+
+ encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+ fprintf(NetTrace, "%s", buf);
+ break;
+
+ case ENCRYPT_SUPPORT:
+ i = 2;
+ fprintf(NetTrace, " SUPPORT ");
+ while (i < length) {
+ if (ENCTYPE_NAME_OK(pointer[i]))
+ fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
+ else
+ fprintf(NetTrace, "%d ", pointer[i]);
+ i++;
+ }
+ break;
+
+ case ENCRYPT_ENC_KEYID:
+ fprintf(NetTrace, " ENC_KEYID ");
+ goto encommon;
+
+ case ENCRYPT_DEC_KEYID:
+ fprintf(NetTrace, " DEC_KEYID ");
+ goto encommon;
+
+ default:
+ fprintf(NetTrace, " %d (unknown)", pointer[1]);
+ encommon:
+ for (i = 2; i < length; i++)
+ fprintf(NetTrace, " %d", pointer[i]);
+ break;
+ }
+ break;
+#endif
+
+ case TELOPT_LINEMODE:
+ fprintf(NetTrace, "LINEMODE ");
+ if (length < 2) {
+ fprintf(NetTrace, " (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case WILL:
+ fprintf(NetTrace, "WILL ");
+ goto common;
+ case WONT:
+ fprintf(NetTrace, "WONT ");
+ goto common;
+ case DO:
+ fprintf(NetTrace, "DO ");
+ goto common;
+ case DONT:
+ fprintf(NetTrace, "DONT ");
+ common:
+ if (length < 3) {
+ fprintf(NetTrace, "(no option??\?)");
+ break;
+ }
+ switch (pointer[2]) {
+ case LM_FORWARDMASK:
+ fprintf(NetTrace, "Forward Mask");
+ for (i = 3; i < length; i++)
+ fprintf(NetTrace, " %x", pointer[i]);
+ break;
+ default:
+ fprintf(NetTrace, "%d (unknown)", pointer[2]);
+ for (i = 3; i < length; i++)
+ fprintf(NetTrace, " %d", pointer[i]);
+ break;
+ }
+ break;
+
+ case LM_SLC:
+ fprintf(NetTrace, "SLC");
+ for (i = 2; i < length - 2; i += 3) {
+ if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+ fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
+ else
+ fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
+ switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+ case SLC_NOSUPPORT:
+ fprintf(NetTrace, " NOSUPPORT"); break;
+ case SLC_CANTCHANGE:
+ fprintf(NetTrace, " CANTCHANGE"); break;
+ case SLC_VARIABLE:
+ fprintf(NetTrace, " VARIABLE"); break;
+ case SLC_DEFAULT:
+ fprintf(NetTrace, " DEFAULT"); break;
+ }
+ fprintf(NetTrace, "%s%s%s",
+ pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+ pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+ pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+ if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+ SLC_FLUSHOUT| SLC_LEVELBITS))
+ fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
+ fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
+ if ((pointer[i+SLC_VALUE] == IAC) &&
+ (pointer[i+SLC_VALUE+1] == IAC))
+ i++;
+ }
+ for (; i < length; i++)
+ fprintf(NetTrace, " ?%d?", pointer[i]);
+ break;
+
+ case LM_MODE:
+ fprintf(NetTrace, "MODE ");
+ if (length < 3) {
+ fprintf(NetTrace, "(no mode??\?)");
+ break;
+ }
+ {
+ char tbuf[64];
+ snprintf(tbuf, sizeof(tbuf),
+ "%s%s%s%s%s",
+ pointer[2]&MODE_EDIT ? "|EDIT" : "",
+ pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+ pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+ pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+ pointer[2]&MODE_ACK ? "|ACK" : "");
+ fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
+ }
+ if (pointer[2]&~(MODE_MASK))
+ fprintf(NetTrace, " (0x%x)", pointer[2]);
+ for (i = 3; i < length; i++)
+ fprintf(NetTrace, " ?0x%x?", pointer[i]);
+ break;
+ default:
+ fprintf(NetTrace, "%d (unknown)", pointer[1]);
+ for (i = 2; i < length; i++)
+ fprintf(NetTrace, " %d", pointer[i]);
+ }
+ break;
+
+ case TELOPT_STATUS: {
+ char *cp;
+ int j, k;
+
+ fprintf(NetTrace, "STATUS");
+
+ switch (pointer[1]) {
+ default:
+ if (pointer[1] == TELQUAL_SEND)
+ fprintf(NetTrace, " SEND");
+ else
+ fprintf(NetTrace, " %d (unknown)", pointer[1]);
+ for (i = 2; i < length; i++)
+ fprintf(NetTrace, " ?%d?", pointer[i]);
+ break;
+ case TELQUAL_IS:
+ if (--want_status_response < 0)
+ want_status_response = 0;
+ if (NetTrace == stdout)
+ fprintf(NetTrace, " IS\r\n");
+ else
+ fprintf(NetTrace, " IS\n");
+
+ for (i = 2; i < length; i++) {
+ switch(pointer[i]) {
+ case DO: cp = "DO"; goto common2;
+ case DONT: cp = "DONT"; goto common2;
+ case WILL: cp = "WILL"; goto common2;
+ case WONT: cp = "WONT"; goto common2;
+ common2:
+ i++;
+ if (TELOPT_OK((int)pointer[i]))
+ fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
+ else
+ fprintf(NetTrace, " %s %d", cp, pointer[i]);
+
+ if (NetTrace == stdout)
+ fprintf(NetTrace, "\r\n");
+ else
+ fprintf(NetTrace, "\n");
+ break;
+
+ case SB:
+ fprintf(NetTrace, " SB ");
+ i++;
+ j = k = i;
+ while (j < length) {
+ if (pointer[j] == SE) {
+ if (j+1 == length)
+ break;
+ if (pointer[j+1] == SE)
+ j++;
+ else
+ break;
+ }
+ pointer[k++] = pointer[j++];
+ }
+ printsub(0, &pointer[i], k - i);
+ if (i < length) {
+ fprintf(NetTrace, " SE");
+ i = j;
+ } else
+ i = j - 1;
+
+ if (NetTrace == stdout)
+ fprintf(NetTrace, "\r\n");
+ else
+ fprintf(NetTrace, "\n");
+
+ break;
+
+ default:
+ fprintf(NetTrace, " %d", pointer[i]);
+ break;
+ }
+ }
+ break;
+ }
+ break;
+ }
+
+ case TELOPT_XDISPLOC:
+ fprintf(NetTrace, "X-DISPLAY-LOCATION ");
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+ break;
+ case TELQUAL_SEND:
+ fprintf(NetTrace, "SEND");
+ break;
+ default:
+ fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
+ pointer[1], pointer[1]);
+ }
+ break;
+
+ case TELOPT_NEW_ENVIRON:
+ fprintf(NetTrace, "NEW-ENVIRON ");
+#ifdef OLD_ENVIRON
+ goto env_common1;
+ case TELOPT_OLD_ENVIRON:
+ fprintf(NetTrace, "OLD-ENVIRON");
+ env_common1:
+#endif
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ fprintf(NetTrace, "IS ");
+ goto env_common;
+ case TELQUAL_SEND:
+ fprintf(NetTrace, "SEND ");
+ goto env_common;
+ case TELQUAL_INFO:
+ fprintf(NetTrace, "INFO ");
+ env_common:
+ {
+ int noquote = 2;
+ for (i = 2; i < length; i++ ) {
+ switch (pointer[i]) {
+ case NEW_ENV_VALUE:
+#ifdef OLD_ENVIRON
+ /* case NEW_ENV_OVAR: */
+ if (pointer[0] == TELOPT_OLD_ENVIRON) {
+ fprintf(NetTrace, "\" VAR " + noquote);
+ } else
+#endif /* OLD_ENVIRON */
+ fprintf(NetTrace, "\" VALUE " + noquote);
+ noquote = 2;
+ break;
+
+ case NEW_ENV_VAR:
+#ifdef OLD_ENVIRON
+ /* case OLD_ENV_VALUE: */
+ if (pointer[0] == TELOPT_OLD_ENVIRON) {
+ fprintf(NetTrace, "\" VALUE " + noquote);
+ } else
+#endif /* OLD_ENVIRON */
+ fprintf(NetTrace, "\" VAR " + noquote);
+ noquote = 2;
+ break;
+
+ case ENV_ESC:
+ fprintf(NetTrace, "\" ESC " + noquote);
+ noquote = 2;
+ break;
+
+ case ENV_USERVAR:
+ fprintf(NetTrace, "\" USERVAR " + noquote);
+ noquote = 2;
+ break;
+
+ default:
+ if (isprint(pointer[i]) && pointer[i] != '"') {
+ if (noquote) {
+ putc('"', NetTrace);
+ noquote = 0;
+ }
+ putc(pointer[i], NetTrace);
+ } else {
+ fprintf(NetTrace, "\" %03o " + noquote,
+ pointer[i]);
+ noquote = 2;
+ }
+ break;
+ }
+ }
+ if (!noquote)
+ putc('"', NetTrace);
+ break;
+ }
+ }
+ break;
+
+ default:
+ if (TELOPT_OK(pointer[0]))
+ fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
+ else
+ fprintf(NetTrace, "%d (unknown)", pointer[0]);
+ for (i = 1; i < length; i++)
+ fprintf(NetTrace, " %d", pointer[i]);
+ break;
+ }
+ if (direction) {
+ if (NetTrace == stdout)
+ fprintf(NetTrace, "\r\n");
+ else
+ fprintf(NetTrace, "\n");
+ }
+ if (NetTrace == stdout)
+ fflush(NetTrace);
+ }
+}
+
+/* EmptyTerminal - called to make sure that the terminal buffer is empty.
+ * Note that we consider the buffer to run all the
+ * way to the kernel (thus the select).
+ */
+
+void
+EmptyTerminal(void)
+{
+ fd_set outs;
+
+ FD_ZERO(&outs);
+
+ if (tout >= FD_SETSIZE)
+ ExitString("fd too large", 1);
+
+ if (TTYBYTES() == 0) {
+ FD_SET(tout, &outs);
+ select(tout+1, 0, &outs, 0,
+ (struct timeval *) 0); /* wait for TTLOWAT */
+ } else {
+ while (TTYBYTES()) {
+ ttyflush(0);
+ FD_SET(tout, &outs);
+ select(tout+1, 0, &outs, 0,
+ (struct timeval *) 0); /* wait for TTLOWAT */
+ }
+ }
+}
+
+void
+SetForExit(void)
+{
+ setconnmode(0);
+ do {
+ telrcv(); /* Process any incoming data */
+ EmptyTerminal();
+ } while (ring_full_count(&netiring)); /* While there is any */
+ setcommandmode();
+ fflush(stdout);
+ fflush(stderr);
+ setconnmode(0);
+ EmptyTerminal(); /* Flush the path to the tty */
+ setcommandmode();
+}
+
+void
+Exit(int returnCode)
+{
+ SetForExit();
+ exit(returnCode);
+}
+
+void
+ExitString(char *string, int returnCode)
+{
+ SetForExit();
+ fwrite(string, 1, strlen(string), stderr);
+ exit(returnCode);
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnet.state
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnet.state (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnet.state 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+
+ Three pieces of state need to be kept for each side of each option.
+ (You need the localside, sending WILL/WONT & receiving DO/DONT, and
+ the remoteside, sending DO/DONT and receiving WILL/WONT)
+
+ MY_STATE: What state am I in?
+ WANT_STATE: What state do I want?
+ WANT_RESP: How many requests have I initiated?
+
+ Default values:
+ MY_STATE = WANT_STATE = DONT
+ WANT_RESP = 0
+
+ The local setup will change based on the state of the Telnet
+ variables. When we are the originator, we can either make the
+ local setup changes at option request time (in which case if
+ the option is denied we need to change things back) or when
+ the option is acknowledged.
+
+ To initiate a switch to NEW_STATE:
+
+ if ((WANT_RESP == 0 && NEW_STATE == MY_STATE) ||
+ WANT_STATE == NEW_STATE) {
+ do nothing;
+ } else {
+ /*
+ * This is where the logic goes to change the local setup
+ * if we are doing so at request initiation
+ */
+ WANT_STATE = NEW_STATE;
+ send NEW_STATE;
+ WANT_RESP += 1;
+ }
+
+ When receiving NEW_STATE:
+
+ if (WANT_RESP) {
+ --WANT_RESP;
+ if (WANT_RESP && (NEW_STATE == MY_STATE))
+ --WANT_RESP;
+ }
+ if (WANT_RESP == 0) {
+ if (NEW_STATE != WANT_STATE) {
+ /*
+ * This is where the logic goes to decide if it is ok
+ * to switch to NEW_STATE, and if so, do any necessary
+ * local setup changes.
+ */
+ if (ok_to_switch_to NEW_STATE)
+ WANT_STATE = NEW_STATE;
+ else
+ WANT_RESP++;
+* if (MY_STATE != WANT_STATE)
+ reply with WANT_STATE;
+ } else {
+ /*
+ * This is where the logic goes to change the local setup
+ * if we are doing so at request acknowledgment
+ */
+ }
+ }
+ MY_STATE = NEW_STATE;
+
+* This if() line is not needed, it should be ok to always do the
+ "reply with WANT_STATE". With the if() line, asking to turn on
+ an option that the other side doesn't understand is:
+ Send DO option
+ Recv WONT option
+ Without the if() line, it is:
+ Send DO option
+ Recv WONT option
+ Send DONT option
+ If the other side does not expect to receive the latter case,
+ but generates the latter case, then there is a potential for
+ option negotiation loops. An implementation that does not expect
+ to get the second case should not generate it, an implementation
+ that does expect to get it may or may not generate it, and things
+ will still work. Being conservative in what we send, we have the
+ if() statement in, but we expect the other side to generate the
+ last response.
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+
+libexec_PROGRAMS = telnetd
+
+CHECK_LOCAL =
+
+telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \
+ utility.c global.c authenc.c defs.h ext.h telnetd.h
+
+man_MANS = telnetd.8
+
+LDADD = \
+ ../libtelnet/libtelnet.a \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_tgetent) \
+ $(LIB_logwtmp) \
+ $(LIB_logout) \
+ $(LIB_openpty) \
+ $(LIB_kdfs) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,850 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+libexec_PROGRAMS = telnetd$(EXEEXT)
+subdir = appl/telnet/telnetd
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am_telnetd_OBJECTS = telnetd.$(OBJEXT) state.$(OBJEXT) \
+ termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) \
+ utility.$(OBJEXT) global.$(OBJEXT) authenc.$(OBJEXT)
+telnetd_OBJECTS = $(am_telnetd_OBJECTS)
+telnetd_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(LIB_kdfs) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(telnetd_SOURCES)
+DIST_SOURCES = $(telnetd_SOURCES)
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CHECK_LOCAL =
+telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \
+ utility.c global.c authenc.c defs.h ext.h telnetd.h
+
+man_MANS = telnetd.8
+LDADD = \
+ ../libtelnet/libtelnet.a \
+ $(LIB_krb5) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(LIB_tgetent) \
+ $(LIB_logwtmp) \
+ $(LIB_logout) \
+ $(LIB_openpty) \
+ $(LIB_kdfs) \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnetd/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnetd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+telnetd$(EXEEXT): $(telnetd_OBJECTS) $(telnetd_DEPENDENCIES)
+ @rm -f telnetd$(EXEEXT)
+ $(LINK) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/authenc.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/authenc.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/authenc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: authenc.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef AUTHENTICATION
+
+int
+telnet_net_write(unsigned char *str, int len)
+{
+ if (nfrontp + len < netobuf + BUFSIZ) {
+ memmove(nfrontp, str, len);
+ nfrontp += len;
+ return(len);
+ }
+ return(0);
+}
+
+void
+net_encrypt(void)
+{
+#ifdef ENCRYPTION
+ char *s = (nclearto > nbackp) ? nclearto : nbackp;
+ if (s < nfrontp && encrypt_output) {
+ (*encrypt_output)((unsigned char *)s, nfrontp - s);
+ }
+ nclearto = nfrontp;
+#endif
+}
+
+int
+telnet_spin(void)
+{
+ return ttloop();
+}
+
+char *
+telnet_getenv(const char *val)
+{
+ return(getenv(val));
+}
+
+char *
+telnet_gets(char *prompt, char *result, int length, int echo)
+{
+ return NULL;
+}
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/defs.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/defs.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/defs.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)defs.h 8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * Telnet server defines
+ */
+
+#ifndef __DEFS_H__
+#define __DEFS_H__
+
+#ifndef BSD
+# define BSD 43
+#endif
+
+#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
+#define TELOPTS
+#define TELCMDS
+#define SLC_NAMES
+#endif
+
+#if !defined(TIOCSCTTY) && defined(TCSETCTTY)
+# define TIOCSCTTY TCSETCTTY
+#endif
+
+#ifndef TIOCPKT_FLUSHWRITE
+#define TIOCPKT_FLUSHWRITE 0x02
+#endif
+
+#ifndef TIOCPKT_NOSTOP
+#define TIOCPKT_NOSTOP 0x10
+#endif
+
+#ifndef TIOCPKT_DOSTOP
+#define TIOCPKT_DOSTOP 0x20
+#endif
+
+/*
+ * I/O data buffers defines
+ */
+#define NETSLOP 64
+#ifdef _CRAY
+#undef BUFSIZ
+#define BUFSIZ 2048
+#endif
+
+#define NIACCUM(c) { *netip++ = c; \
+ ncc++; \
+ }
+
+/* clock manipulations */
+#define settimer(x) (clocks.x = ++clocks.system)
+#define sequenceIs(x,y) (clocks.x < clocks.y)
+
+/*
+ * Structures of information for each special character function.
+ */
+typedef struct {
+ unsigned char flag; /* the flags for this function */
+ cc_t val; /* the value of the special character */
+} slcent, *Slcent;
+
+typedef struct {
+ slcent defset; /* the default settings */
+ slcent current; /* the current settings */
+ cc_t *sptr; /* a pointer to the char in */
+ /* system data structures */
+} slcfun, *Slcfun;
+
+#ifdef DIAGNOSTICS
+/*
+ * Diagnostics capabilities
+ */
+#define TD_REPORT 0x01 /* Report operations to client */
+#define TD_EXERCISE 0x02 /* Exercise client's implementation */
+#define TD_NETDATA 0x04 /* Display received data stream */
+#define TD_PTYDATA 0x08 /* Display data passed to pty */
+#define TD_OPTIONS 0x10 /* Report just telnet options */
+#endif /* DIAGNOSTICS */
+
+/*
+ * We keep track of each side of the option negotiation.
+ */
+
+#define MY_STATE_WILL 0x01
+#define MY_WANT_STATE_WILL 0x02
+#define MY_STATE_DO 0x04
+#define MY_WANT_STATE_DO 0x08
+
+/*
+ * Macros to check the current state of things
+ */
+
+#define my_state_is_do(opt) (options[opt]&MY_STATE_DO)
+#define my_state_is_will(opt) (options[opt]&MY_STATE_WILL)
+#define my_want_state_is_do(opt) (options[opt]&MY_WANT_STATE_DO)
+#define my_want_state_is_will(opt) (options[opt]&MY_WANT_STATE_WILL)
+
+#define my_state_is_dont(opt) (!my_state_is_do(opt))
+#define my_state_is_wont(opt) (!my_state_is_will(opt))
+#define my_want_state_is_dont(opt) (!my_want_state_is_do(opt))
+#define my_want_state_is_wont(opt) (!my_want_state_is_will(opt))
+
+#define set_my_state_do(opt) (options[opt] |= MY_STATE_DO)
+#define set_my_state_will(opt) (options[opt] |= MY_STATE_WILL)
+#define set_my_want_state_do(opt) (options[opt] |= MY_WANT_STATE_DO)
+#define set_my_want_state_will(opt) (options[opt] |= MY_WANT_STATE_WILL)
+
+#define set_my_state_dont(opt) (options[opt] &= ~MY_STATE_DO)
+#define set_my_state_wont(opt) (options[opt] &= ~MY_STATE_WILL)
+#define set_my_want_state_dont(opt) (options[opt] &= ~MY_WANT_STATE_DO)
+#define set_my_want_state_wont(opt) (options[opt] &= ~MY_WANT_STATE_WILL)
+
+/*
+ * Tricky code here. What we want to know is if the MY_STATE_WILL
+ * and MY_WANT_STATE_WILL bits have the same value. Since the two
+ * bits are adjacent, a little arithmatic will show that by adding
+ * in the lower bit, the upper bit will be set if the two bits were
+ * different, and clear if they were the same.
+ */
+#define my_will_wont_is_changing(opt) \
+ ((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
+
+#define my_do_dont_is_changing(opt) \
+ ((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
+
+/*
+ * Make everything symmetrical
+ */
+
+#define HIS_STATE_WILL MY_STATE_DO
+#define HIS_WANT_STATE_WILL MY_WANT_STATE_DO
+#define HIS_STATE_DO MY_STATE_WILL
+#define HIS_WANT_STATE_DO MY_WANT_STATE_WILL
+
+#define his_state_is_do my_state_is_will
+#define his_state_is_will my_state_is_do
+#define his_want_state_is_do my_want_state_is_will
+#define his_want_state_is_will my_want_state_is_do
+
+#define his_state_is_dont my_state_is_wont
+#define his_state_is_wont my_state_is_dont
+#define his_want_state_is_dont my_want_state_is_wont
+#define his_want_state_is_wont my_want_state_is_dont
+
+#define set_his_state_do set_my_state_will
+#define set_his_state_will set_my_state_do
+#define set_his_want_state_do set_my_want_state_will
+#define set_his_want_state_will set_my_want_state_do
+
+#define set_his_state_dont set_my_state_wont
+#define set_his_state_wont set_my_state_dont
+#define set_his_want_state_dont set_my_want_state_wont
+#define set_his_want_state_wont set_my_want_state_dont
+
+#define his_will_wont_is_changing my_do_dont_is_changing
+#define his_do_dont_is_changing my_will_wont_is_changing
+
+#endif /* __DEFS_H__ */
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/ext.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/ext.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/ext.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)ext.h 8.2 (Berkeley) 12/15/93
+ */
+
+/* $Id: ext.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __EXT_H__
+#define __EXT_H__
+
+/*
+ * Telnet server variable declarations
+ */
+extern char options[256];
+extern char do_dont_resp[256];
+extern char will_wont_resp[256];
+extern int flowmode; /* current flow control state */
+extern int restartany; /* restart output on any character state */
+#ifdef DIAGNOSTICS
+extern int diagnostic; /* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+extern int require_otp;
+#ifdef AUTHENTICATION
+extern int auth_level;
+#endif
+extern const char *new_login;
+
+extern slcfun slctab[NSLC + 1]; /* slc mapping table */
+
+extern char terminaltype[41];
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+extern char ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+extern char netibuf[BUFSIZ], *netip;
+
+extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+extern char *neturg; /* one past last bye of urgent data */
+
+extern int pcc, ncc;
+
+extern int ourpty, net;
+extern char *line;
+extern int SYNCHing; /* we are in TELNET SYNCH mode */
+
+int telnet_net_write (unsigned char *str, int len);
+void net_encrypt (void);
+int telnet_spin (void);
+char *telnet_getenv (const char *val);
+char *telnet_gets (char *prompt, char *result, int length, int echo);
+void get_slc_defaults (void);
+void telrcv (void);
+void send_do (int option, int init);
+void willoption (int option);
+void send_dont (int option, int init);
+void wontoption (int option);
+void send_will (int option, int init);
+void dooption (int option);
+void send_wont (int option, int init);
+void dontoption (int option);
+void suboption (void);
+void doclientstat (void);
+void send_status (void);
+void init_termbuf (void);
+void set_termbuf (void);
+int spcset (int func, cc_t *valp, cc_t **valpp);
+void set_utid (void);
+int getpty (int *ptynum);
+int tty_isecho (void);
+int tty_flowmode (void);
+int tty_restartany (void);
+void tty_setecho (int on);
+int tty_israw (void);
+void tty_binaryin (int on);
+void tty_binaryout (int on);
+int tty_isbinaryin (void);
+int tty_isbinaryout (void);
+int tty_issofttab (void);
+void tty_setsofttab (int on);
+int tty_islitecho (void);
+void tty_setlitecho (int on);
+int tty_iscrnl (void);
+void tty_tspeed (int val);
+void tty_rspeed (int val);
+void getptyslave (void);
+int cleanopen (char *);
+void startslave (const char *host, const char *, int autologin, char *autoname);
+void init_env (void);
+void start_login (const char *host, int autologin, char *name);
+void cleanup (int sig);
+int main (int argc, char **argv);
+int getterminaltype (char *name, size_t);
+void _gettermname (void);
+int terminaltypeok (char *s);
+void my_telnet (int f, int p, const char*, const char *, int, char*);
+void interrupt (void);
+void sendbrk (void);
+void sendsusp (void);
+void recv_ayt (void);
+void doeof (void);
+void flowstat (void);
+void clientstat (int code, int parm1, int parm2);
+int ttloop (void);
+int stilloob (int s);
+void ptyflush (void);
+char *nextitem (char *current);
+void netclear (void);
+void netflush (void);
+void writenet (const void *, size_t);
+void fatal (int f, char *msg);
+void fatalperror (int f, const char *msg);
+void fatalperror_errno (int f, const char *msg, int error);
+void edithost (char *pat, char *host);
+void putstr (char *s);
+void putchr (int cc);
+void putf (char *cp, char *where);
+void printoption (char *fmt, int option);
+void printsub (int direction, unsigned char *pointer, int length);
+void printdata (char *tag, char *ptr, int cnt);
+int login_tty(int t);
+
+#ifdef ENCRYPTION
+extern void (*encrypt_output) (unsigned char *, int);
+extern int (*decrypt_input) (int);
+extern char *nclearto;
+#endif
+
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+struct clocks_t{
+ int
+ system, /* what the current time is */
+ echotoggle, /* last time user entered echo character */
+ modenegotiated, /* last time operating mode negotiated */
+ didnetreceive, /* last time we read data from network */
+ ttypesubopt, /* ttype subopt is received */
+ tspeedsubopt, /* tspeed subopt is received */
+ environsubopt, /* environ subopt is received */
+ oenvironsubopt, /* old environ subopt is received */
+ xdisplocsubopt, /* xdisploc subopt is received */
+ baseline, /* time started to do timed action */
+ gotDM; /* when did we last see a data mark */
+};
+extern struct clocks_t clocks;
+
+extern int log_unauth;
+extern int no_warn;
+
+extern int def_tspeed, def_rspeed;
+#ifdef TIOCSWINSZ
+extern int def_row, def_col;
+#endif
+
+#ifdef STREAMSPTY
+extern int really_stream;
+#endif
+
+#ifndef USE_IM
+# ifdef CRAY
+# define USE_IM "Cray UNICOS (%h) (%t)"
+# endif
+# ifdef _AIX
+# define USE_IM "%s %v.%r (%h) (%t)"
+# endif
+# ifndef USE_IM
+# define USE_IM "%s %r (%h) (%t)"
+# endif
+#endif
+
+#define DEFAULT_IM "\r\n\r\n" USE_IM "\r\n\r\n\r\n"
+
+#endif /* __EXT_H__ */
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/global.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/global.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/global.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* a *lot* of ugly global definitions that really should be removed...
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: global.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Telnet server variable declarations
+ */
+char options[256];
+char do_dont_resp[256];
+char will_wont_resp[256];
+int linemode; /* linemode on/off */
+int flowmode; /* current flow control state */
+int restartany; /* restart output on any character state */
+#ifdef DIAGNOSTICS
+int diagnostic; /* telnet diagnostic capabilities */
+#endif /* DIAGNOSTICS */
+int require_otp;
+
+slcfun slctab[NSLC + 1]; /* slc mapping table */
+
+char terminaltype[41];
+
+/*
+ * I/O data buffers, pointers, and counters.
+ */
+char ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
+
+char netibuf[BUFSIZ], *netip;
+
+char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
+char *neturg; /* one past last bye of urgent data */
+
+int pcc, ncc;
+
+int ourpty, net;
+int SYNCHing; /* we are in TELNET SYNCH mode */
+
+/*
+ * The following are some clocks used to decide how to interpret
+ * the relationship between various variables.
+ */
+
+struct clocks_t clocks;
+
+
+/* whether to log unauthenticated login attempts */
+int log_unauth;
+
+/* do not print warning if connection is not encrypted */
+int no_warn;
+
+/*
+ * This function appends data to nfrontp and advances nfrontp.
+ */
+
+int
+output_data (const char *format, ...)
+{
+ va_list args;
+ int remaining, ret;
+
+ va_start(args, format);
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ ret = vsnprintf (nfrontp,
+ remaining,
+ format,
+ args);
+ nfrontp += min(ret, remaining-1);
+ va_end(args);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/slc.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/slc.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/slc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: slc.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * get_slc_defaults
+ *
+ * Initialize the slc mapping table.
+ */
+void
+get_slc_defaults(void)
+{
+ int i;
+
+ init_termbuf();
+
+ for (i = 1; i <= NSLC; i++) {
+ slctab[i].defset.flag =
+ spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
+ slctab[i].current.flag = SLC_NOSUPPORT;
+ slctab[i].current.val = 0;
+ }
+
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/state.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/state.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/state.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1360 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: state.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+unsigned char doopt[] = { IAC, DO, '%', 'c', 0 };
+unsigned char dont[] = { IAC, DONT, '%', 'c', 0 };
+unsigned char will[] = { IAC, WILL, '%', 'c', 0 };
+unsigned char wont[] = { IAC, WONT, '%', 'c', 0 };
+int not42 = 1;
+
+/*
+ * Buffer for sub-options, and macros
+ * for suboptions buffer manipulations
+ */
+unsigned char subbuffer[1024*64], *subpointer= subbuffer, *subend= subbuffer;
+
+#define SB_CLEAR() subpointer = subbuffer
+#define SB_TERM() { subend = subpointer; SB_CLEAR(); }
+#define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \
+ *subpointer++ = (c); \
+ }
+#define SB_GET() ((*subpointer++)&0xff)
+#define SB_EOF() (subpointer >= subend)
+#define SB_LEN() (subend - subpointer)
+
+#ifdef ENV_HACK
+unsigned char *subsave;
+#define SB_SAVE() subsave = subpointer;
+#define SB_RESTORE() subpointer = subsave;
+#endif
+
+
+/*
+ * State for recv fsm
+ */
+#define TS_DATA 0 /* base state */
+#define TS_IAC 1 /* look for double IAC's */
+#define TS_CR 2 /* CR-LF ->'s CR */
+#define TS_SB 3 /* throw away begin's... */
+#define TS_SE 4 /* ...end's (suboption negotiation) */
+#define TS_WILL 5 /* will option negotiation */
+#define TS_WONT 6 /* wont -''- */
+#define TS_DO 7 /* do -''- */
+#define TS_DONT 8 /* dont -''- */
+
+void
+telrcv(void)
+{
+ int c;
+ static int state = TS_DATA;
+
+ while (ncc > 0) {
+ if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
+ break;
+ c = *netip++ & 0377, ncc--;
+#ifdef ENCRYPTION
+ if (decrypt_input)
+ c = (*decrypt_input)(c);
+#endif
+ switch (state) {
+
+ case TS_CR:
+ state = TS_DATA;
+ /* Strip off \n or \0 after a \r */
+ if ((c == 0) || (c == '\n')) {
+ break;
+ }
+ /* FALL THROUGH */
+
+ case TS_DATA:
+ if (c == IAC) {
+ state = TS_IAC;
+ break;
+ }
+ /*
+ * We now map \r\n ==> \r for pragmatic reasons.
+ * Many client implementations send \r\n when
+ * the user hits the CarriageReturn key.
+ *
+ * We USED to map \r\n ==> \n, since \r\n says
+ * that we want to be in column 1 of the next
+ * printable line, and \n is the standard
+ * unix way of saying that (\r is only good
+ * if CRMOD is set, which it normally is).
+ */
+ if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
+ int nc = *netip;
+#ifdef ENCRYPTION
+ if (decrypt_input)
+ nc = (*decrypt_input)(nc & 0xff);
+#endif
+ {
+#ifdef ENCRYPTION
+ if (decrypt_input)
+ (void)(*decrypt_input)(-1);
+#endif
+ state = TS_CR;
+ }
+ }
+ *pfrontp++ = c;
+ break;
+
+ case TS_IAC:
+ gotiac: switch (c) {
+
+ /*
+ * Send the process on the pty side an
+ * interrupt. Do this with a NULL or
+ * interrupt char; depending on the tty mode.
+ */
+ case IP:
+ DIAG(TD_OPTIONS,
+ printoption("td: recv IAC", c));
+ interrupt();
+ break;
+
+ case BREAK:
+ DIAG(TD_OPTIONS,
+ printoption("td: recv IAC", c));
+ sendbrk();
+ break;
+
+ /*
+ * Are You There?
+ */
+ case AYT:
+ DIAG(TD_OPTIONS,
+ printoption("td: recv IAC", c));
+ recv_ayt();
+ break;
+
+ /*
+ * Abort Output
+ */
+ case AO:
+ {
+ DIAG(TD_OPTIONS,
+ printoption("td: recv IAC", c));
+ ptyflush(); /* half-hearted */
+ init_termbuf();
+
+ if (slctab[SLC_AO].sptr &&
+ *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
+ *pfrontp++ =
+ (unsigned char)*slctab[SLC_AO].sptr;
+ }
+
+ netclear(); /* clear buffer back */
+ output_data ("%c%c", IAC, DM);
+ neturg = nfrontp-1; /* off by one XXX */
+ DIAG(TD_OPTIONS,
+ printoption("td: send IAC", DM));
+ break;
+ }
+
+ /*
+ * Erase Character and
+ * Erase Line
+ */
+ case EC:
+ case EL:
+ {
+ cc_t ch;
+
+ DIAG(TD_OPTIONS,
+ printoption("td: recv IAC", c));
+ ptyflush(); /* half-hearted */
+ init_termbuf();
+ if (c == EC)
+ ch = *slctab[SLC_EC].sptr;
+ else
+ ch = *slctab[SLC_EL].sptr;
+ if (ch != (cc_t)(_POSIX_VDISABLE))
+ *pfrontp++ = (unsigned char)ch;
+ break;
+ }
+
+ /*
+ * Check for urgent data...
+ */
+ case DM:
+ DIAG(TD_OPTIONS,
+ printoption("td: recv IAC", c));
+ SYNCHing = stilloob(net);
+ settimer(gotDM);
+ break;
+
+
+ /*
+ * Begin option subnegotiation...
+ */
+ case SB:
+ state = TS_SB;
+ SB_CLEAR();
+ continue;
+
+ case WILL:
+ state = TS_WILL;
+ continue;
+
+ case WONT:
+ state = TS_WONT;
+ continue;
+
+ case DO:
+ state = TS_DO;
+ continue;
+
+ case DONT:
+ state = TS_DONT;
+ continue;
+ case EOR:
+ if (his_state_is_will(TELOPT_EOR))
+ doeof();
+ break;
+
+ /*
+ * Handle RFC 10xx Telnet linemode option additions
+ * to command stream (EOF, SUSP, ABORT).
+ */
+ case xEOF:
+ doeof();
+ break;
+
+ case SUSP:
+ sendsusp();
+ break;
+
+ case ABORT:
+ sendbrk();
+ break;
+
+ case IAC:
+ *pfrontp++ = c;
+ break;
+ }
+ state = TS_DATA;
+ break;
+
+ case TS_SB:
+ if (c == IAC) {
+ state = TS_SE;
+ } else {
+ SB_ACCUM(c);
+ }
+ break;
+
+ case TS_SE:
+ if (c != SE) {
+ if (c != IAC) {
+ /*
+ * bad form of suboption negotiation.
+ * handle it in such a way as to avoid
+ * damage to local state. Parse
+ * suboption buffer found so far,
+ * then treat remaining stream as
+ * another command sequence.
+ */
+
+ /* for DIAGNOSTICS */
+ SB_ACCUM(IAC);
+ SB_ACCUM(c);
+ subpointer -= 2;
+
+ SB_TERM();
+ suboption();
+ state = TS_IAC;
+ goto gotiac;
+ }
+ SB_ACCUM(c);
+ state = TS_SB;
+ } else {
+ /* for DIAGNOSTICS */
+ SB_ACCUM(IAC);
+ SB_ACCUM(SE);
+ subpointer -= 2;
+
+ SB_TERM();
+ suboption(); /* handle sub-option */
+ state = TS_DATA;
+ }
+ break;
+
+ case TS_WILL:
+ willoption(c);
+ state = TS_DATA;
+ continue;
+
+ case TS_WONT:
+ wontoption(c);
+ if (c==TELOPT_ENCRYPT && his_do_dont_is_changing(TELOPT_ENCRYPT) )
+ dontoption(c);
+ state = TS_DATA;
+ continue;
+
+ case TS_DO:
+ dooption(c);
+ state = TS_DATA;
+ continue;
+
+ case TS_DONT:
+ dontoption(c);
+ state = TS_DATA;
+ continue;
+
+ default:
+ syslog(LOG_ERR, "telnetd: panic state=%d\n", state);
+ printf("telnetd: panic state=%d\n", state);
+ exit(1);
+ }
+ }
+} /* end of telrcv */
+
+/*
+ * The will/wont/do/dont state machines are based on Dave Borman's
+ * Telnet option processing state machine.
+ *
+ * These correspond to the following states:
+ * my_state = the last negotiated state
+ * want_state = what I want the state to go to
+ * want_resp = how many requests I have sent
+ * All state defaults are negative, and resp defaults to 0.
+ *
+ * When initiating a request to change state to new_state:
+ *
+ * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
+ * do nothing;
+ * } else {
+ * want_state = new_state;
+ * send new_state;
+ * want_resp++;
+ * }
+ *
+ * When receiving new_state:
+ *
+ * if (want_resp) {
+ * want_resp--;
+ * if (want_resp && (new_state == my_state))
+ * want_resp--;
+ * }
+ * if ((want_resp == 0) && (new_state != want_state)) {
+ * if (ok_to_switch_to new_state)
+ * want_state = new_state;
+ * else
+ * want_resp++;
+ * send want_state;
+ * }
+ * my_state = new_state;
+ *
+ * Note that new_state is implied in these functions by the function itself.
+ * will and do imply positive new_state, wont and dont imply negative.
+ *
+ * Finally, there is one catch. If we send a negative response to a
+ * positive request, my_state will be the positive while want_state will
+ * remain negative. my_state will revert to negative when the negative
+ * acknowlegment arrives from the peer. Thus, my_state generally tells
+ * us not only the last negotiated state, but also tells us what the peer
+ * wants to be doing as well. It is important to understand this difference
+ * as we may wish to be processing data streams based on our desired state
+ * (want_state) or based on what the peer thinks the state is (my_state).
+ *
+ * This all works fine because if the peer sends a positive request, the data
+ * that we receive prior to negative acknowlegment will probably be affected
+ * by the positive state, and we can process it as such (if we can; if we
+ * can't then it really doesn't matter). If it is that important, then the
+ * peer probably should be buffering until this option state negotiation
+ * is complete.
+ *
+ */
+void
+send_do(int option, int init)
+{
+ if (init) {
+ if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
+ his_want_state_is_will(option))
+ return;
+ /*
+ * Special case for TELOPT_TM: We send a DO, but pretend
+ * that we sent a DONT, so that we can send more DOs if
+ * we want to.
+ */
+ if (option == TELOPT_TM)
+ set_his_want_state_wont(option);
+ else
+ set_his_want_state_will(option);
+ do_dont_resp[option]++;
+ }
+ output_data((const char *)doopt, option);
+
+ DIAG(TD_OPTIONS, printoption("td: send do", option));
+}
+
+#ifdef AUTHENTICATION
+extern void auth_request(void);
+#endif
+#ifdef ENCRYPTION
+extern void encrypt_send_support(void);
+#endif
+
+void
+willoption(int option)
+{
+ int changeok = 0;
+ void (*func)(void) = NULL;
+
+ /*
+ * process input from peer.
+ */
+
+ DIAG(TD_OPTIONS, printoption("td: recv will", option));
+
+ if (do_dont_resp[option]) {
+ do_dont_resp[option]--;
+ if (do_dont_resp[option] && his_state_is_will(option))
+ do_dont_resp[option]--;
+ }
+ if (do_dont_resp[option] == 0) {
+ if (his_want_state_is_wont(option)) {
+ switch (option) {
+
+ case TELOPT_BINARY:
+ init_termbuf();
+ tty_binaryin(1);
+ set_termbuf();
+ changeok++;
+ break;
+
+ case TELOPT_ECHO:
+ /*
+ * See comments below for more info.
+ */
+ not42 = 0; /* looks like a 4.2 system */
+ break;
+
+ case TELOPT_TM:
+ /*
+ * We never respond to a WILL TM, and
+ * we leave the state WONT.
+ */
+ return;
+
+ case TELOPT_LFLOW:
+ /*
+ * If we are going to support flow control
+ * option, then don't worry peer that we can't
+ * change the flow control characters.
+ */
+ slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+ slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
+ slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+ slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
+ case TELOPT_TTYPE:
+ case TELOPT_SGA:
+ case TELOPT_NAWS:
+ case TELOPT_TSPEED:
+ case TELOPT_XDISPLOC:
+ case TELOPT_NEW_ENVIRON:
+ case TELOPT_OLD_ENVIRON:
+ changeok++;
+ break;
+
+
+#ifdef AUTHENTICATION
+ case TELOPT_AUTHENTICATION:
+ func = auth_request;
+ changeok++;
+ break;
+#endif
+
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ func = encrypt_send_support;
+ changeok++;
+ break;
+#endif
+
+ default:
+ break;
+ }
+ if (changeok) {
+ set_his_want_state_will(option);
+ send_do(option, 0);
+ } else {
+ do_dont_resp[option]++;
+ send_dont(option, 0);
+ }
+ } else {
+ /*
+ * Option processing that should happen when
+ * we receive conformation of a change in
+ * state that we had requested.
+ */
+ switch (option) {
+ case TELOPT_ECHO:
+ not42 = 0; /* looks like a 4.2 system */
+ /*
+ * Egads, he responded "WILL ECHO". Turn
+ * it off right now!
+ */
+ send_dont(option, 1);
+ /*
+ * "WILL ECHO". Kludge upon kludge!
+ * A 4.2 client is now echoing user input at
+ * the tty. This is probably undesireable and
+ * it should be stopped. The client will
+ * respond WONT TM to the DO TM that we send to
+ * check for kludge linemode. When the WONT TM
+ * arrives, linemode will be turned off and a
+ * change propogated to the pty. This change
+ * will cause us to process the new pty state
+ * in localstat(), which will notice that
+ * linemode is off and send a WILL ECHO
+ * so that we are properly in character mode and
+ * all is well.
+ */
+ break;
+
+#ifdef AUTHENTICATION
+ case TELOPT_AUTHENTICATION:
+ func = auth_request;
+ break;
+#endif
+
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ func = encrypt_send_support;
+ break;
+#endif
+
+ case TELOPT_LFLOW:
+ func = flowstat;
+ break;
+ }
+ }
+ }
+ set_his_state_will(option);
+ if (func)
+ (*func)();
+} /* end of willoption */
+
+void
+send_dont(int option, int init)
+{
+ if (init) {
+ if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
+ his_want_state_is_wont(option))
+ return;
+ set_his_want_state_wont(option);
+ do_dont_resp[option]++;
+ }
+ output_data((const char *)dont, option);
+
+ DIAG(TD_OPTIONS, printoption("td: send dont", option));
+}
+
+void
+wontoption(int option)
+{
+ /*
+ * Process client input.
+ */
+
+ DIAG(TD_OPTIONS, printoption("td: recv wont", option));
+
+ if (do_dont_resp[option]) {
+ do_dont_resp[option]--;
+ if (do_dont_resp[option] && his_state_is_wont(option))
+ do_dont_resp[option]--;
+ }
+ if (do_dont_resp[option] == 0) {
+ if (his_want_state_is_will(option)) {
+ /* it is always ok to change to negative state */
+ switch (option) {
+ case TELOPT_ECHO:
+ not42 = 1; /* doesn't seem to be a 4.2 system */
+ break;
+
+ case TELOPT_BINARY:
+ init_termbuf();
+ tty_binaryin(0);
+ set_termbuf();
+ break;
+
+ case TELOPT_TM:
+ /*
+ * If we get a WONT TM, and had sent a DO TM,
+ * don't respond with a DONT TM, just leave it
+ * as is. Short circut the state machine to
+ * achive this.
+ */
+ set_his_want_state_wont(TELOPT_TM);
+ return;
+
+ case TELOPT_LFLOW:
+ /*
+ * If we are not going to support flow control
+ * option, then let peer know that we can't
+ * change the flow control characters.
+ */
+ slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
+ slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
+ slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
+ slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
+ break;
+
+#ifdef AUTHENTICATION
+ case TELOPT_AUTHENTICATION:
+ auth_finished(0, AUTH_REJECT);
+ break;
+#endif
+
+ /*
+ * For options that we might spin waiting for
+ * sub-negotiation, if the client turns off the
+ * option rather than responding to the request,
+ * we have to treat it here as if we got a response
+ * to the sub-negotiation, (by updating the timers)
+ * so that we'll break out of the loop.
+ */
+ case TELOPT_TTYPE:
+ settimer(ttypesubopt);
+ break;
+
+ case TELOPT_TSPEED:
+ settimer(tspeedsubopt);
+ break;
+
+ case TELOPT_XDISPLOC:
+ settimer(xdisplocsubopt);
+ break;
+
+ case TELOPT_OLD_ENVIRON:
+ settimer(oenvironsubopt);
+ break;
+
+ case TELOPT_NEW_ENVIRON:
+ settimer(environsubopt);
+ break;
+
+ default:
+ break;
+ }
+ set_his_want_state_wont(option);
+ if (his_state_is_will(option))
+ send_dont(option, 0);
+ } else {
+ switch (option) {
+ case TELOPT_TM:
+ break;
+
+#ifdef AUTHENTICATION
+ case TELOPT_AUTHENTICATION:
+ auth_finished(0, AUTH_REJECT);
+ break;
+#endif
+ default:
+ break;
+ }
+ }
+ }
+ set_his_state_wont(option);
+
+} /* end of wontoption */
+
+void
+send_will(int option, int init)
+{
+ if (init) {
+ if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
+ my_want_state_is_will(option))
+ return;
+ set_my_want_state_will(option);
+ will_wont_resp[option]++;
+ }
+ output_data ((const char *)will, option);
+
+ DIAG(TD_OPTIONS, printoption("td: send will", option));
+}
+
+/*
+ * When we get a DONT SGA, we will try once to turn it
+ * back on. If the other side responds DONT SGA, we
+ * leave it at that. This is so that when we talk to
+ * clients that understand KLUDGELINEMODE but not LINEMODE,
+ * we'll keep them in char-at-a-time mode.
+ */
+int turn_on_sga = 0;
+
+void
+dooption(int option)
+{
+ int changeok = 0;
+
+ /*
+ * Process client input.
+ */
+
+ DIAG(TD_OPTIONS, printoption("td: recv do", option));
+
+ if (will_wont_resp[option]) {
+ will_wont_resp[option]--;
+ if (will_wont_resp[option] && my_state_is_will(option))
+ will_wont_resp[option]--;
+ }
+ if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
+ switch (option) {
+ case TELOPT_ECHO:
+ {
+ init_termbuf();
+ tty_setecho(1);
+ set_termbuf();
+ }
+ changeok++;
+ break;
+
+ case TELOPT_BINARY:
+ init_termbuf();
+ tty_binaryout(1);
+ set_termbuf();
+ changeok++;
+ break;
+
+ case TELOPT_SGA:
+ turn_on_sga = 0;
+ changeok++;
+ break;
+
+ case TELOPT_STATUS:
+ changeok++;
+ break;
+
+ case TELOPT_TM:
+ /*
+ * Special case for TM. We send a WILL, but
+ * pretend we sent a WONT.
+ */
+ send_will(option, 0);
+ set_my_want_state_wont(option);
+ set_my_state_wont(option);
+ return;
+
+ case TELOPT_LOGOUT:
+ /*
+ * When we get a LOGOUT option, respond
+ * with a WILL LOGOUT, make sure that
+ * it gets written out to the network,
+ * and then just go away...
+ */
+ set_my_want_state_will(TELOPT_LOGOUT);
+ send_will(TELOPT_LOGOUT, 0);
+ set_my_state_will(TELOPT_LOGOUT);
+ netflush();
+ cleanup(0);
+ /* NOT REACHED */
+ break;
+
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ changeok++;
+ break;
+#endif
+ case TELOPT_LINEMODE:
+ case TELOPT_TTYPE:
+ case TELOPT_NAWS:
+ case TELOPT_TSPEED:
+ case TELOPT_LFLOW:
+ case TELOPT_XDISPLOC:
+#ifdef TELOPT_ENVIRON
+ case TELOPT_NEW_ENVIRON:
+#endif
+ case TELOPT_OLD_ENVIRON:
+ default:
+ break;
+ }
+ if (changeok) {
+ set_my_want_state_will(option);
+ send_will(option, 0);
+ } else {
+ will_wont_resp[option]++;
+ send_wont(option, 0);
+ }
+ }
+ set_my_state_will(option);
+
+} /* end of dooption */
+
+void
+send_wont(int option, int init)
+{
+ if (init) {
+ if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
+ my_want_state_is_wont(option))
+ return;
+ set_my_want_state_wont(option);
+ will_wont_resp[option]++;
+ }
+ output_data ((const char *)wont, option);
+
+ DIAG(TD_OPTIONS, printoption("td: send wont", option));
+}
+
+void
+dontoption(int option)
+{
+ /*
+ * Process client input.
+ */
+
+
+ DIAG(TD_OPTIONS, printoption("td: recv dont", option));
+
+ if (will_wont_resp[option]) {
+ will_wont_resp[option]--;
+ if (will_wont_resp[option] && my_state_is_wont(option))
+ will_wont_resp[option]--;
+ }
+ if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
+ switch (option) {
+ case TELOPT_BINARY:
+ init_termbuf();
+ tty_binaryout(0);
+ set_termbuf();
+ break;
+
+ case TELOPT_ECHO: /* we should stop echoing */
+ {
+ init_termbuf();
+ tty_setecho(0);
+ set_termbuf();
+ }
+ break;
+
+ case TELOPT_SGA:
+ set_my_want_state_wont(option);
+ if (my_state_is_will(option))
+ send_wont(option, 0);
+ set_my_state_wont(option);
+ if (turn_on_sga ^= 1)
+ send_will(option, 1);
+ return;
+
+ default:
+ break;
+ }
+
+ set_my_want_state_wont(option);
+ if (my_state_is_will(option))
+ send_wont(option, 0);
+ }
+ set_my_state_wont(option);
+
+} /* end of dontoption */
+
+#ifdef ENV_HACK
+int env_ovar = -1;
+int env_ovalue = -1;
+#else /* ENV_HACK */
+# define env_ovar OLD_ENV_VAR
+# define env_ovalue OLD_ENV_VALUE
+#endif /* ENV_HACK */
+
+/*
+ * suboption()
+ *
+ * Look at the sub-option buffer, and try to be helpful to the other
+ * side.
+ *
+ * Currently we recognize:
+ *
+ * Terminal type is
+ * Linemode
+ * Window size
+ * Terminal speed
+ */
+void
+suboption(void)
+{
+ int subchar;
+
+ DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
+
+ subchar = SB_GET();
+ switch (subchar) {
+ case TELOPT_TSPEED: {
+ int xspeed, rspeed;
+
+ if (his_state_is_wont(TELOPT_TSPEED)) /* Ignore if option disabled */
+ break;
+
+ settimer(tspeedsubopt);
+
+ if (SB_EOF() || SB_GET() != TELQUAL_IS)
+ return;
+
+ xspeed = atoi((char *)subpointer);
+
+ while (SB_GET() != ',' && !SB_EOF());
+ if (SB_EOF())
+ return;
+
+ rspeed = atoi((char *)subpointer);
+ clientstat(TELOPT_TSPEED, xspeed, rspeed);
+
+ break;
+
+ } /* end of case TELOPT_TSPEED */
+
+ case TELOPT_TTYPE: { /* Yaaaay! */
+ char *p;
+
+ if (his_state_is_wont(TELOPT_TTYPE)) /* Ignore if option disabled */
+ break;
+ settimer(ttypesubopt);
+
+ if (SB_EOF() || SB_GET() != TELQUAL_IS) {
+ return; /* ??? XXX but, this is the most robust */
+ }
+
+ p = terminaltype;
+
+ while ((p < (terminaltype + sizeof terminaltype-1)) &&
+ !SB_EOF()) {
+ int c;
+
+ c = SB_GET();
+ if (isupper(c)) {
+ c = tolower(c);
+ }
+ *p++ = c; /* accumulate name */
+ }
+ *p = 0;
+ break;
+ } /* end of case TELOPT_TTYPE */
+
+ case TELOPT_NAWS: {
+ int xwinsize, ywinsize;
+
+ if (his_state_is_wont(TELOPT_NAWS)) /* Ignore if option disabled */
+ break;
+
+ if (SB_EOF())
+ return;
+ xwinsize = SB_GET() << 8;
+ if (SB_EOF())
+ return;
+ xwinsize |= SB_GET();
+ if (SB_EOF())
+ return;
+ ywinsize = SB_GET() << 8;
+ if (SB_EOF())
+ return;
+ ywinsize |= SB_GET();
+ clientstat(TELOPT_NAWS, xwinsize, ywinsize);
+
+ break;
+
+ } /* end of case TELOPT_NAWS */
+
+ case TELOPT_STATUS: {
+ int mode;
+
+ if (SB_EOF())
+ break;
+ mode = SB_GET();
+ switch (mode) {
+ case TELQUAL_SEND:
+ if (my_state_is_will(TELOPT_STATUS))
+ send_status();
+ break;
+
+ case TELQUAL_IS:
+ break;
+
+ default:
+ break;
+ }
+ break;
+ } /* end of case TELOPT_STATUS */
+
+ case TELOPT_XDISPLOC: {
+ if (SB_EOF() || SB_GET() != TELQUAL_IS)
+ return;
+ settimer(xdisplocsubopt);
+ subpointer[SB_LEN()] = '\0';
+ esetenv("DISPLAY", (char *)subpointer, 1);
+ break;
+ } /* end of case TELOPT_XDISPLOC */
+
+#ifdef TELOPT_NEW_ENVIRON
+ case TELOPT_NEW_ENVIRON:
+#endif
+ case TELOPT_OLD_ENVIRON: {
+ int c;
+ char *cp, *varp, *valp;
+
+ if (SB_EOF())
+ return;
+ c = SB_GET();
+ if (c == TELQUAL_IS) {
+ if (subchar == TELOPT_OLD_ENVIRON)
+ settimer(oenvironsubopt);
+ else
+ settimer(environsubopt);
+ } else if (c != TELQUAL_INFO) {
+ return;
+ }
+
+#ifdef TELOPT_NEW_ENVIRON
+ if (subchar == TELOPT_NEW_ENVIRON) {
+ while (!SB_EOF()) {
+ c = SB_GET();
+ if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
+ break;
+ }
+ } else
+#endif
+ {
+#ifdef ENV_HACK
+ /*
+ * We only want to do this if we haven't already decided
+ * whether or not the other side has its VALUE and VAR
+ * reversed.
+ */
+ if (env_ovar < 0) {
+ int last = -1; /* invalid value */
+ int empty = 0;
+ int got_var = 0, got_value = 0, got_uservar = 0;
+
+ /*
+ * The other side might have its VALUE and VAR values
+ * reversed. To be interoperable, we need to determine
+ * which way it is. If the first recognized character
+ * is a VAR or VALUE, then that will tell us what
+ * type of client it is. If the fist recognized
+ * character is a USERVAR, then we continue scanning
+ * the suboption looking for two consecutive
+ * VAR or VALUE fields. We should not get two
+ * consecutive VALUE fields, so finding two
+ * consecutive VALUE or VAR fields will tell us
+ * what the client is.
+ */
+ SB_SAVE();
+ while (!SB_EOF()) {
+ c = SB_GET();
+ switch(c) {
+ case OLD_ENV_VAR:
+ if (last < 0 || last == OLD_ENV_VAR
+ || (empty && (last == OLD_ENV_VALUE)))
+ goto env_ovar_ok;
+ got_var++;
+ last = OLD_ENV_VAR;
+ break;
+ case OLD_ENV_VALUE:
+ if (last < 0 || last == OLD_ENV_VALUE
+ || (empty && (last == OLD_ENV_VAR)))
+ goto env_ovar_wrong;
+ got_value++;
+ last = OLD_ENV_VALUE;
+ break;
+ case ENV_USERVAR:
+ /* count strings of USERVAR as one */
+ if (last != ENV_USERVAR)
+ got_uservar++;
+ if (empty) {
+ if (last == OLD_ENV_VALUE)
+ goto env_ovar_ok;
+ if (last == OLD_ENV_VAR)
+ goto env_ovar_wrong;
+ }
+ last = ENV_USERVAR;
+ break;
+ case ENV_ESC:
+ if (!SB_EOF())
+ c = SB_GET();
+ /* FALL THROUGH */
+ default:
+ empty = 0;
+ continue;
+ }
+ empty = 1;
+ }
+ if (empty) {
+ if (last == OLD_ENV_VALUE)
+ goto env_ovar_ok;
+ if (last == OLD_ENV_VAR)
+ goto env_ovar_wrong;
+ }
+ /*
+ * Ok, the first thing was a USERVAR, and there
+ * are not two consecutive VAR or VALUE commands,
+ * and none of the VAR or VALUE commands are empty.
+ * If the client has sent us a well-formed option,
+ * then the number of VALUEs received should always
+ * be less than or equal to the number of VARs and
+ * USERVARs received.
+ *
+ * If we got exactly as many VALUEs as VARs and
+ * USERVARs, the client has the same definitions.
+ *
+ * If we got exactly as many VARs as VALUEs and
+ * USERVARS, the client has reversed definitions.
+ */
+ if (got_uservar + got_var == got_value) {
+ env_ovar_ok:
+ env_ovar = OLD_ENV_VAR;
+ env_ovalue = OLD_ENV_VALUE;
+ } else if (got_uservar + got_value == got_var) {
+ env_ovar_wrong:
+ env_ovar = OLD_ENV_VALUE;
+ env_ovalue = OLD_ENV_VAR;
+ DIAG(TD_OPTIONS, {
+ output_data("ENVIRON VALUE and VAR are reversed!\r\n");
+ });
+
+ }
+ }
+ SB_RESTORE();
+#endif
+
+ while (!SB_EOF()) {
+ c = SB_GET();
+ if ((c == env_ovar) || (c == ENV_USERVAR))
+ break;
+ }
+ }
+
+ if (SB_EOF())
+ return;
+
+ cp = varp = (char *)subpointer;
+ valp = 0;
+
+ while (!SB_EOF()) {
+ c = SB_GET();
+ if (subchar == TELOPT_OLD_ENVIRON) {
+ if (c == env_ovar)
+ c = NEW_ENV_VAR;
+ else if (c == env_ovalue)
+ c = NEW_ENV_VALUE;
+ }
+ switch (c) {
+
+ case NEW_ENV_VALUE:
+ *cp = '\0';
+ cp = valp = (char *)subpointer;
+ break;
+
+ case NEW_ENV_VAR:
+ case ENV_USERVAR:
+ *cp = '\0';
+ if (valp)
+ esetenv(varp, valp, 1);
+ else
+ unsetenv(varp);
+ cp = varp = (char *)subpointer;
+ valp = 0;
+ break;
+
+ case ENV_ESC:
+ if (SB_EOF())
+ break;
+ c = SB_GET();
+ /* FALL THROUGH */
+ default:
+ *cp++ = c;
+ break;
+ }
+ }
+ *cp = '\0';
+ if (valp)
+ esetenv(varp, valp, 1);
+ else
+ unsetenv(varp);
+ break;
+ } /* end of case TELOPT_NEW_ENVIRON */
+#ifdef AUTHENTICATION
+ case TELOPT_AUTHENTICATION:
+ if (SB_EOF())
+ break;
+ switch(SB_GET()) {
+ case TELQUAL_SEND:
+ case TELQUAL_REPLY:
+ /*
+ * These are sent by us and cannot be sent by
+ * the client.
+ */
+ break;
+ case TELQUAL_IS:
+ auth_is(subpointer, SB_LEN());
+ break;
+ case TELQUAL_NAME:
+ auth_name(subpointer, SB_LEN());
+ break;
+ }
+ break;
+#endif
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ if (SB_EOF())
+ break;
+ switch(SB_GET()) {
+ case ENCRYPT_SUPPORT:
+ encrypt_support(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_IS:
+ encrypt_is(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REPLY:
+ encrypt_reply(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_START:
+ encrypt_start(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_END:
+ if (require_encryption)
+ fatal(net, "Output encryption is not possible to turn off");
+ encrypt_end();
+ break;
+ case ENCRYPT_REQSTART:
+ encrypt_request_start(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_REQEND:
+ /*
+ * We can always send an REQEND so that we cannot
+ * get stuck encrypting. We should only get this
+ * if we have been able to get in the correct mode
+ * anyhow.
+ */
+ if (require_encryption)
+ fatal(net, "Input encryption is not possible to turn off");
+ encrypt_request_end();
+ break;
+ case ENCRYPT_ENC_KEYID:
+ encrypt_enc_keyid(subpointer, SB_LEN());
+ break;
+ case ENCRYPT_DEC_KEYID:
+ encrypt_dec_keyid(subpointer, SB_LEN());
+ break;
+ default:
+ break;
+ }
+ break;
+#endif
+
+ default:
+ break;
+ } /* end of switch */
+
+} /* end of suboption */
+
+void
+doclientstat(void)
+{
+ clientstat(TELOPT_LINEMODE, WILL, 0);
+}
+
+#undef ADD
+#define ADD(c) *ncp++ = c
+#define ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
+
+void
+send_status(void)
+{
+ unsigned char statusbuf[256];
+ unsigned char *ncp;
+ unsigned char i;
+
+ ncp = statusbuf;
+
+ netflush(); /* get rid of anything waiting to go out */
+
+ ADD(IAC);
+ ADD(SB);
+ ADD(TELOPT_STATUS);
+ ADD(TELQUAL_IS);
+
+ /*
+ * We check the want_state rather than the current state,
+ * because if we received a DO/WILL for an option that we
+ * don't support, and the other side didn't send a DONT/WONT
+ * in response to our WONT/DONT, then the "state" will be
+ * WILL/DO, and the "want_state" will be WONT/DONT. We
+ * need to go by the latter.
+ */
+ for (i = 0; i < (unsigned char)NTELOPTS; i++) {
+ if (my_want_state_is_will(i)) {
+ ADD(WILL);
+ ADD_DATA(i);
+ }
+ if (his_want_state_is_will(i)) {
+ ADD(DO);
+ ADD_DATA(i);
+ }
+ }
+
+ if (his_want_state_is_will(TELOPT_LFLOW)) {
+ ADD(SB);
+ ADD(TELOPT_LFLOW);
+ if (flowmode) {
+ ADD(LFLOW_ON);
+ } else {
+ ADD(LFLOW_OFF);
+ }
+ ADD(SE);
+
+ if (restartany >= 0) {
+ ADD(SB);
+ ADD(TELOPT_LFLOW);
+ if (restartany) {
+ ADD(LFLOW_RESTART_ANY);
+ } else {
+ ADD(LFLOW_RESTART_XON);
+ }
+ ADD(SE);
+ }
+ }
+
+
+ ADD(IAC);
+ ADD(SE);
+
+ writenet(statusbuf, ncp - statusbuf);
+ netflush(); /* Send it on its way */
+
+ DIAG(TD_OPTIONS,
+ {printsub('>', statusbuf, ncp - statusbuf); netflush();});
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/sys_term.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/sys_term.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/sys_term.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1899 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: sys_term.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
+# define PARENT_DOES_UTMP
+#endif
+
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+
+#ifdef HAVE_UTMPX_H
+struct utmpx wtmp;
+#elif defined(HAVE_UTMP_H)
+struct utmp wtmp;
+#endif /* HAVE_UTMPX_H */
+
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+int utmp_len = sizeof(wtmp.ut_host);
+#else
+int utmp_len = MaxHostNameLen;
+#endif
+
+#ifndef UTMP_FILE
+#ifdef _PATH_UTMP
+#define UTMP_FILE _PATH_UTMP
+#else
+#define UTMP_FILE "/etc/utmp"
+#endif
+#endif
+
+#if !defined(WTMP_FILE) && defined(_PATH_WTMP)
+#define WTMP_FILE _PATH_WTMP
+#endif
+
+#ifndef PARENT_DOES_UTMP
+#ifdef WTMP_FILE
+char wtmpf[] = WTMP_FILE;
+#else
+char wtmpf[] = "/usr/adm/wtmp";
+#endif
+char utmpf[] = UTMP_FILE;
+#else /* PARENT_DOES_UTMP */
+#ifdef WTMP_FILE
+char wtmpf[] = WTMP_FILE;
+#else
+char wtmpf[] = "/etc/wtmp";
+#endif
+#endif /* PARENT_DOES_UTMP */
+
+#ifdef HAVE_TMPDIR_H
+#include <tmpdir.h>
+#endif /* CRAY */
+
+#if !(defined(__sgi) || defined(__linux) || defined(_AIX)) && defined(HAVE_SYS_TTY)
+#include <sys/tty.h>
+#endif
+#ifdef t_erase
+#undef t_erase
+#undef t_kill
+#undef t_intrc
+#undef t_quitc
+#undef t_startc
+#undef t_stopc
+#undef t_eofc
+#undef t_brkc
+#undef t_suspc
+#undef t_dsuspc
+#undef t_rprntc
+#undef t_flushc
+#undef t_werasc
+#undef t_lnextc
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#else
+#ifdef HAVE_TERMIO_H
+#include <termio.h>
+#endif
+#endif
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+
+# ifndef TCSANOW
+# ifdef TCSETS
+# define TCSANOW TCSETS
+# define TCSADRAIN TCSETSW
+# define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
+# else
+# ifdef TCSETA
+# define TCSANOW TCSETA
+# define TCSADRAIN TCSETAW
+# define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
+# else
+# define TCSANOW TIOCSETA
+# define TCSADRAIN TIOCSETAW
+# define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
+# endif
+# endif
+# define tcsetattr(f, a, t) ioctl(f, a, t)
+# define cfsetospeed(tp, val) (tp)->c_cflag &= ~CBAUD; \
+(tp)->c_cflag |= (val)
+# define cfgetospeed(tp) ((tp)->c_cflag & CBAUD)
+# ifdef CIBAUD
+# define cfsetispeed(tp, val) (tp)->c_cflag &= ~CIBAUD; \
+ (tp)->c_cflag |= ((val)<<IBSHIFT)
+# define cfgetispeed(tp) (((tp)->c_cflag & CIBAUD)>>IBSHIFT)
+# else
+# define cfsetispeed(tp, val) (tp)->c_cflag &= ~CBAUD; \
+ (tp)->c_cflag |= (val)
+# define cfgetispeed(tp) ((tp)->c_cflag & CBAUD)
+# endif
+# endif /* TCSANOW */
+ struct termios termbuf, termbuf2; /* pty control structure */
+# ifdef STREAMSPTY
+ static int ttyfd = -1;
+ int really_stream = 0;
+# endif
+
+ const char *new_login = _PATH_LOGIN;
+
+/*
+ * init_termbuf()
+ * copy_termbuf(cp)
+ * set_termbuf()
+ *
+ * These three routines are used to get and set the "termbuf" structure
+ * to and from the kernel. init_termbuf() gets the current settings.
+ * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
+ * set_termbuf() writes the structure into the kernel.
+ */
+
+ void
+ init_termbuf(void)
+{
+# ifdef STREAMSPTY
+ if (really_stream)
+ tcgetattr(ttyfd, &termbuf);
+ else
+# endif
+ tcgetattr(ourpty, &termbuf);
+ termbuf2 = termbuf;
+}
+
+void
+set_termbuf(void)
+{
+ /*
+ * Only make the necessary changes.
+ */
+ if (memcmp(&termbuf, &termbuf2, sizeof(termbuf))) {
+# ifdef STREAMSPTY
+ if (really_stream)
+ tcsetattr(ttyfd, TCSANOW, &termbuf);
+ else
+# endif
+ tcsetattr(ourpty, TCSANOW, &termbuf);
+ }
+}
+
+
+/*
+ * spcset(func, valp, valpp)
+ *
+ * This function takes various special characters (func), and
+ * sets *valp to the current value of that character, and
+ * *valpp to point to where in the "termbuf" structure that
+ * value is kept.
+ *
+ * It returns the SLC_ level of support for this function.
+ */
+
+
+int
+spcset(int func, cc_t *valp, cc_t **valpp)
+{
+
+#define setval(a, b) *valp = termbuf.c_cc[a]; \
+ *valpp = &termbuf.c_cc[a]; \
+ return(b);
+#define defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
+
+ switch(func) {
+ case SLC_EOF:
+ setval(VEOF, SLC_VARIABLE);
+ case SLC_EC:
+ setval(VERASE, SLC_VARIABLE);
+ case SLC_EL:
+ setval(VKILL, SLC_VARIABLE);
+ case SLC_IP:
+ setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+ case SLC_ABORT:
+ setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
+ case SLC_XON:
+#ifdef VSTART
+ setval(VSTART, SLC_VARIABLE);
+#else
+ defval(0x13);
+#endif
+ case SLC_XOFF:
+#ifdef VSTOP
+ setval(VSTOP, SLC_VARIABLE);
+#else
+ defval(0x11);
+#endif
+ case SLC_EW:
+#ifdef VWERASE
+ setval(VWERASE, SLC_VARIABLE);
+#else
+ defval(0);
+#endif
+ case SLC_RP:
+#ifdef VREPRINT
+ setval(VREPRINT, SLC_VARIABLE);
+#else
+ defval(0);
+#endif
+ case SLC_LNEXT:
+#ifdef VLNEXT
+ setval(VLNEXT, SLC_VARIABLE);
+#else
+ defval(0);
+#endif
+ case SLC_AO:
+#if !defined(VDISCARD) && defined(VFLUSHO)
+# define VDISCARD VFLUSHO
+#endif
+#ifdef VDISCARD
+ setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
+#else
+ defval(0);
+#endif
+ case SLC_SUSP:
+#ifdef VSUSP
+ setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
+#else
+ defval(0);
+#endif
+#ifdef VEOL
+ case SLC_FORW1:
+ setval(VEOL, SLC_VARIABLE);
+#endif
+#ifdef VEOL2
+ case SLC_FORW2:
+ setval(VEOL2, SLC_VARIABLE);
+#endif
+ case SLC_AYT:
+#ifdef VSTATUS
+ setval(VSTATUS, SLC_VARIABLE);
+#else
+ defval(0);
+#endif
+
+ case SLC_BRK:
+ case SLC_SYNCH:
+ case SLC_EOR:
+ defval(0);
+
+ default:
+ *valp = 0;
+ *valpp = 0;
+ return(SLC_NOSUPPORT);
+ }
+}
+
+#ifdef _CRAY
+/*
+ * getnpty()
+ *
+ * Return the number of pty's configured into the system.
+ */
+int
+getnpty()
+{
+#ifdef _SC_CRAY_NPTY
+ int numptys;
+
+ if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
+ return numptys;
+ else
+#endif /* _SC_CRAY_NPTY */
+ return 128;
+}
+#endif /* CRAY */
+
+/*
+ * getpty()
+ *
+ * Allocate a pty. As a side effect, the external character
+ * array "line" contains the name of the slave side.
+ *
+ * Returns the file descriptor of the opened pty.
+ */
+
+static int ptyslavefd = -1;
+
+static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+char *line = Xline;
+
+#ifdef _CRAY
+char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+#endif /* CRAY */
+
+#if !defined(HAVE_PTSNAME) && defined(STREAMSPTY)
+static char *ptsname(int fd)
+{
+#ifdef HAVE_TTYNAME
+ return ttyname(fd);
+#else
+ return NULL;
+#endif
+}
+#endif
+
+int getpty(int *ptynum)
+{
+#if defined(HAVE_OPENPTY) || defined(__linux) || defined(__osf__) /* XXX */
+ {
+ int master;
+ int slave;
+ if(openpty(&master, &slave, line, 0, 0) == 0){
+ ptyslavefd = slave;
+ return master;
+ }
+ }
+#endif /* HAVE_OPENPTY .... */
+#ifdef HAVE__GETPTY
+ {
+ int master;
+ char *p;
+ p = _getpty(&master, O_RDWR, 0600, 1);
+ if(p == NULL)
+ return -1;
+ strlcpy(line, p, sizeof(Xline));
+ return master;
+ }
+#endif
+
+#ifdef STREAMSPTY
+ {
+ char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm",
+ "/dev/ptym/clone", 0 };
+
+ char **q;
+ int p;
+ for(q=clone; *q; q++){
+ p=open(*q, O_RDWR);
+ if(p >= 0){
+#ifdef HAVE_GRANTPT
+ grantpt(p);
+#endif
+#ifdef HAVE_UNLOCKPT
+ unlockpt(p);
+#endif
+ strlcpy(line, ptsname(p), sizeof(Xline));
+ really_stream = 1;
+ return p;
+ }
+ }
+ }
+#endif /* STREAMSPTY */
+#ifndef _CRAY
+ {
+ int p;
+ char *cp, *p1, *p2;
+ int i;
+
+#ifndef __hpux
+ snprintf(line, sizeof(Xline), "/dev/ptyXX");
+ p1 = &line[8];
+ p2 = &line[9];
+#else
+ snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
+ p1 = &line[13];
+ p2 = &line[14];
+#endif
+
+
+ for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) {
+ struct stat stb;
+
+ *p1 = *cp;
+ *p2 = '0';
+ /*
+ * This stat() check is just to keep us from
+ * looping through all 256 combinations if there
+ * aren't that many ptys available.
+ */
+ if (stat(line, &stb) < 0)
+ break;
+ for (i = 0; i < 16; i++) {
+ *p2 = "0123456789abcdef"[i];
+ p = open(line, O_RDWR);
+ if (p > 0) {
+#if SunOS == 40
+ int dummy;
+#endif
+
+#ifndef __hpux
+ line[5] = 't';
+#else
+ for (p1 = &line[8]; *p1; p1++)
+ *p1 = *(p1+1);
+ line[9] = 't';
+#endif
+ chown(line, 0, 0);
+ chmod(line, 0600);
+#if SunOS == 40
+ if (ioctl(p, TIOCGPGRP, &dummy) == 0
+ || errno != EIO) {
+ chmod(line, 0666);
+ close(p);
+ line[5] = 'p';
+ } else
+#endif /* SunOS == 40 */
+ return(p);
+ }
+ }
+ }
+ }
+#else /* CRAY */
+ {
+ extern lowpty, highpty;
+ struct stat sb;
+ int p;
+
+ for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
+ snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
+ p = open(myline, 2);
+ if (p < 0)
+ continue;
+ snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
+ /*
+ * Here are some shenanigans to make sure that there
+ * are no listeners lurking on the line.
+ */
+ if(stat(line, &sb) < 0) {
+ close(p);
+ continue;
+ }
+ if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
+ chown(line, 0, 0);
+ chmod(line, 0600);
+ close(p);
+ p = open(myline, 2);
+ if (p < 0)
+ continue;
+ }
+ /*
+ * Now it should be safe...check for accessability.
+ */
+ if (access(line, 6) == 0)
+ return(p);
+ else {
+ /* no tty side to pty so skip it */
+ close(p);
+ }
+ }
+ }
+#endif /* CRAY */
+ return(-1);
+}
+
+
+int
+tty_isecho(void)
+{
+ return (termbuf.c_lflag & ECHO);
+}
+
+int
+tty_flowmode(void)
+{
+ return((termbuf.c_iflag & IXON) ? 1 : 0);
+}
+
+int
+tty_restartany(void)
+{
+ return((termbuf.c_iflag & IXANY) ? 1 : 0);
+}
+
+void
+tty_setecho(int on)
+{
+ if (on)
+ termbuf.c_lflag |= ECHO;
+ else
+ termbuf.c_lflag &= ~ECHO;
+}
+
+int
+tty_israw(void)
+{
+ return(!(termbuf.c_lflag & ICANON));
+}
+
+void
+tty_binaryin(int on)
+{
+ if (on) {
+ termbuf.c_iflag &= ~ISTRIP;
+ } else {
+ termbuf.c_iflag |= ISTRIP;
+ }
+}
+
+void
+tty_binaryout(int on)
+{
+ if (on) {
+ termbuf.c_cflag &= ~(CSIZE|PARENB);
+ termbuf.c_cflag |= CS8;
+ termbuf.c_oflag &= ~OPOST;
+ } else {
+ termbuf.c_cflag &= ~CSIZE;
+ termbuf.c_cflag |= CS7|PARENB;
+ termbuf.c_oflag |= OPOST;
+ }
+}
+
+int
+tty_isbinaryin(void)
+{
+ return(!(termbuf.c_iflag & ISTRIP));
+}
+
+int
+tty_isbinaryout(void)
+{
+ return(!(termbuf.c_oflag&OPOST));
+}
+
+
+int
+tty_issofttab(void)
+{
+# ifdef OXTABS
+ return (termbuf.c_oflag & OXTABS);
+# endif
+# ifdef TABDLY
+ return ((termbuf.c_oflag & TABDLY) == TAB3);
+# endif
+}
+
+void
+tty_setsofttab(int on)
+{
+ if (on) {
+# ifdef OXTABS
+ termbuf.c_oflag |= OXTABS;
+# endif
+# ifdef TABDLY
+ termbuf.c_oflag &= ~TABDLY;
+ termbuf.c_oflag |= TAB3;
+# endif
+ } else {
+# ifdef OXTABS
+ termbuf.c_oflag &= ~OXTABS;
+# endif
+# ifdef TABDLY
+ termbuf.c_oflag &= ~TABDLY;
+ termbuf.c_oflag |= TAB0;
+# endif
+ }
+}
+
+int
+tty_islitecho(void)
+{
+# ifdef ECHOCTL
+ return (!(termbuf.c_lflag & ECHOCTL));
+# endif
+# ifdef TCTLECH
+ return (!(termbuf.c_lflag & TCTLECH));
+# endif
+# if !defined(ECHOCTL) && !defined(TCTLECH)
+ return (0); /* assumes ctl chars are echoed '^x' */
+# endif
+}
+
+void
+tty_setlitecho(int on)
+{
+# ifdef ECHOCTL
+ if (on)
+ termbuf.c_lflag &= ~ECHOCTL;
+ else
+ termbuf.c_lflag |= ECHOCTL;
+# endif
+# ifdef TCTLECH
+ if (on)
+ termbuf.c_lflag &= ~TCTLECH;
+ else
+ termbuf.c_lflag |= TCTLECH;
+# endif
+}
+
+int
+tty_iscrnl(void)
+{
+ return (termbuf.c_iflag & ICRNL);
+}
+
+/*
+ * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD).
+ */
+#if B4800 != 4800
+#define DECODE_BAUD
+#endif
+
+#ifdef DECODE_BAUD
+
+/*
+ * A table of available terminal speeds
+ */
+struct termspeeds {
+ int speed;
+ int value;
+} termspeeds[] = {
+ { 0, B0 }, { 50, B50 }, { 75, B75 },
+ { 110, B110 }, { 134, B134 }, { 150, B150 },
+ { 200, B200 }, { 300, B300 }, { 600, B600 },
+ { 1200, B1200 }, { 1800, B1800 }, { 2400, B2400 },
+ { 4800, B4800 },
+#ifdef B7200
+ { 7200, B7200 },
+#endif
+ { 9600, B9600 },
+#ifdef B14400
+ { 14400, B14400 },
+#endif
+#ifdef B19200
+ { 19200, B19200 },
+#endif
+#ifdef B28800
+ { 28800, B28800 },
+#endif
+#ifdef B38400
+ { 38400, B38400 },
+#endif
+#ifdef B57600
+ { 57600, B57600 },
+#endif
+#ifdef B115200
+ { 115200, B115200 },
+#endif
+#ifdef B230400
+ { 230400, B230400 },
+#endif
+ { -1, 0 }
+};
+#endif /* DECODE_BUAD */
+
+void
+tty_tspeed(int val)
+{
+#ifdef DECODE_BAUD
+ struct termspeeds *tp;
+
+ for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+ ;
+ if (tp->speed == -1) /* back up to last valid value */
+ --tp;
+ cfsetospeed(&termbuf, tp->value);
+#else /* DECODE_BUAD */
+ cfsetospeed(&termbuf, val);
+#endif /* DECODE_BUAD */
+}
+
+void
+tty_rspeed(int val)
+{
+#ifdef DECODE_BAUD
+ struct termspeeds *tp;
+
+ for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
+ ;
+ if (tp->speed == -1) /* back up to last valid value */
+ --tp;
+ cfsetispeed(&termbuf, tp->value);
+#else /* DECODE_BAUD */
+ cfsetispeed(&termbuf, val);
+#endif /* DECODE_BAUD */
+}
+
+#ifdef PARENT_DOES_UTMP
+extern struct utmp wtmp;
+extern char wtmpf[];
+
+extern void utmp_sig_init (void);
+extern void utmp_sig_reset (void);
+extern void utmp_sig_wait (void);
+extern void utmp_sig_notify (int);
+# endif /* PARENT_DOES_UTMP */
+
+#ifdef STREAMSPTY
+
+/* I_FIND seems to live a life of its own */
+static int my_find(int fd, char *module)
+{
+#if defined(I_FIND) && defined(I_LIST)
+ static int flag;
+ static struct str_list sl;
+ int n;
+ int i;
+
+ if(!flag){
+ n = ioctl(fd, I_LIST, 0);
+ if(n < 0){
+ perror("ioctl(fd, I_LIST, 0)");
+ return -1;
+ }
+ sl.sl_modlist=(struct str_mlist*)malloc(n * sizeof(struct str_mlist));
+ sl.sl_nmods = n;
+ n = ioctl(fd, I_LIST, &sl);
+ if(n < 0){
+ perror("ioctl(fd, I_LIST, n)");
+ return -1;
+ }
+ flag = 1;
+ }
+
+ for(i=0; i<sl.sl_nmods; i++)
+ if(!strcmp(sl.sl_modlist[i].l_name, module))
+ return 1;
+#endif
+ return 0;
+}
+
+static void maybe_push_modules(int fd, char **modules)
+{
+ char **p;
+ int err;
+
+ for(p=modules; *p; p++){
+ err = my_find(fd, *p);
+ if(err == 1)
+ break;
+ if(err < 0 && errno != EINVAL)
+ fatalperror(net, "my_find()");
+ /* module not pushed or does not exist */
+ }
+ /* p points to null or to an already pushed module, now push all
+ modules before this one */
+
+ for(p--; p >= modules; p--){
+ err = ioctl(fd, I_PUSH, *p);
+ if(err < 0 && errno != EINVAL)
+ fatalperror(net, "I_PUSH");
+ }
+}
+#endif
+
+/*
+ * getptyslave()
+ *
+ * Open the slave side of the pty, and do any initialization
+ * that is necessary. The return value is a file descriptor
+ * for the slave side.
+ */
+void getptyslave(void)
+{
+ int t = -1;
+
+ struct winsize ws;
+ /*
+ * Opening the slave side may cause initilization of the
+ * kernel tty structure. We need remember the state of
+ * if linemode was turned on
+ * terminal window size
+ * terminal speed
+ * so that we can re-set them if we need to.
+ */
+
+
+ /*
+ * Make sure that we don't have a controlling tty, and
+ * that we are the session (process group) leader.
+ */
+
+#ifdef HAVE_SETSID
+ if(setsid()<0)
+ fatalperror(net, "setsid()");
+#else
+# ifdef TIOCNOTTY
+ t = open(_PATH_TTY, O_RDWR);
+ if (t >= 0) {
+ ioctl(t, TIOCNOTTY, (char *)0);
+ close(t);
+ }
+# endif
+#endif
+
+# ifdef PARENT_DOES_UTMP
+ /*
+ * Wait for our parent to get the utmp stuff to get done.
+ */
+ utmp_sig_wait();
+# endif
+
+ t = cleanopen(line);
+ if (t < 0)
+ fatalperror(net, line);
+
+#ifdef STREAMSPTY
+ ttyfd = t;
+
+
+ /*
+ * Not all systems have (or need) modules ttcompat and pckt so
+ * don't flag it as a fatal error if they don't exist.
+ */
+
+ if (really_stream)
+ {
+ /* these are the streams modules that we want pushed. note
+ that they are in reverse order, ptem will be pushed
+ first. maybe_push_modules() will try to push all modules
+ before the first one that isn't already pushed. i.e if
+ ldterm is pushed, only ttcompat will be attempted.
+
+ all this is because we don't know which modules are
+ available, and we don't know which modules are already
+ pushed (via autopush, for instance).
+
+ */
+
+ char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
+ char *ptymodules[] = { "pckt", NULL };
+
+ maybe_push_modules(t, ttymodules);
+ maybe_push_modules(ourpty, ptymodules);
+ }
+#endif
+ /*
+ * set up the tty modes as we like them to be.
+ */
+ init_termbuf();
+# ifdef TIOCSWINSZ
+ if (def_row || def_col) {
+ memset(&ws, 0, sizeof(ws));
+ ws.ws_col = def_col;
+ ws.ws_row = def_row;
+ ioctl(t, TIOCSWINSZ, (char *)&ws);
+ }
+# endif
+
+ /*
+ * Settings for sgtty based systems
+ */
+
+ /*
+ * Settings for UNICOS (and HPUX)
+ */
+# if defined(_CRAY) || defined(__hpux)
+ termbuf.c_oflag = OPOST|ONLCR|TAB3;
+ termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
+ termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
+ termbuf.c_cflag = EXTB|HUPCL|CS8;
+# endif
+
+ /*
+ * Settings for all other termios/termio based
+ * systems, other than 4.4BSD. In 4.4BSD the
+ * kernel does the initial terminal setup.
+ */
+# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43)
+# ifndef OXTABS
+# define OXTABS 0
+# endif
+ termbuf.c_lflag |= ECHO;
+ termbuf.c_oflag |= ONLCR|OXTABS;
+ termbuf.c_iflag |= ICRNL;
+ termbuf.c_iflag &= ~IXOFF;
+# endif
+ tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
+ tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
+
+ /*
+ * Set the tty modes, and make this our controlling tty.
+ */
+ set_termbuf();
+ if (login_tty(t) == -1)
+ fatalperror(net, "login_tty");
+ if (net > 2)
+ close(net);
+ if (ourpty > 2) {
+ close(ourpty);
+ ourpty = -1;
+ }
+}
+
+#ifndef O_NOCTTY
+#define O_NOCTTY 0
+#endif
+/*
+ * Open the specified slave side of the pty,
+ * making sure that we have a clean tty.
+ */
+
+int cleanopen(char *line)
+{
+ int t;
+
+ if (ptyslavefd != -1)
+ return ptyslavefd;
+
+#ifdef STREAMSPTY
+ if (!really_stream)
+#endif
+ {
+ /*
+ * Make sure that other people can't open the
+ * slave side of the connection.
+ */
+ chown(line, 0, 0);
+ chmod(line, 0600);
+ }
+
+#ifdef HAVE_REVOKE
+ revoke(line);
+#endif
+
+ t = open(line, O_RDWR|O_NOCTTY);
+
+ if (t < 0)
+ return(-1);
+
+ /*
+ * Hangup anybody else using this ttyp, then reopen it for
+ * ourselves.
+ */
+# if !(defined(_CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY)
+ signal(SIGHUP, SIG_IGN);
+#ifdef HAVE_VHANGUP
+ vhangup();
+#else
+#endif
+ signal(SIGHUP, SIG_DFL);
+ t = open(line, O_RDWR|O_NOCTTY);
+ if (t < 0)
+ return(-1);
+# endif
+# if defined(_CRAY) && defined(TCVHUP)
+ {
+ int i;
+ signal(SIGHUP, SIG_IGN);
+ ioctl(t, TCVHUP, (char *)0);
+ signal(SIGHUP, SIG_DFL);
+
+ i = open(line, O_RDWR);
+
+ if (i < 0)
+ return(-1);
+ close(t);
+ t = i;
+ }
+# endif /* defined(CRAY) && defined(TCVHUP) */
+ return(t);
+}
+
+#if !defined(BSD4_4)
+
+int login_tty(int t)
+{
+# if defined(TIOCSCTTY) && !defined(__hpux)
+ if (ioctl(t, TIOCSCTTY, (char *)0) < 0)
+ fatalperror(net, "ioctl(sctty)");
+# ifdef _CRAY
+ /*
+ * Close the hard fd to /dev/ttypXXX, and re-open through
+ * the indirect /dev/tty interface.
+ */
+ close(t);
+ if ((t = open("/dev/tty", O_RDWR)) < 0)
+ fatalperror(net, "open(/dev/tty)");
+# endif
+# else
+ /*
+ * We get our controlling tty assigned as a side-effect
+ * of opening up a tty device. But on BSD based systems,
+ * this only happens if our process group is zero. The
+ * setsid() call above may have set our pgrp, so clear
+ * it out before opening the tty...
+ */
+#ifdef HAVE_SETPGID
+ setpgid(0, 0);
+#else
+ setpgrp(0, 0); /* if setpgid isn't available, setpgrp
+ probably takes arguments */
+#endif
+ close(open(line, O_RDWR));
+# endif
+ if (t != 0)
+ dup2(t, 0);
+ if (t != 1)
+ dup2(t, 1);
+ if (t != 2)
+ dup2(t, 2);
+ if (t > 2)
+ close(t);
+ return(0);
+}
+#endif /* BSD <= 43 */
+
+/*
+ * This comes from ../../bsd/tty.c and should not really be here.
+ */
+
+/*
+ * Clean the tty name. Return a pointer to the cleaned version.
+ */
+
+static char * clean_ttyname (char *) __attribute__((unused));
+
+static char *
+clean_ttyname (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
+ res += strlen(_PATH_DEV);
+ if (strncmp (res, "pty/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "ptym/", 5) == 0)
+ res += 5;
+ return res;
+}
+
+/*
+ * Generate a name usable as an `ut_id', typically without `tty'.
+ */
+
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+static char *
+make_id (char *tty)
+{
+ char *res = tty;
+
+ if (strncmp (res, "pts/", 4) == 0)
+ res += 4;
+ if (strncmp (res, "tty", 3) == 0)
+ res += 3;
+ return res;
+}
+#endif
+
+/*
+ * startslave(host)
+ *
+ * Given a hostname, do whatever
+ * is necessary to startup the login process on the slave side of the pty.
+ */
+
+/* ARGSUSED */
+void
+startslave(const char *host, const char *utmp_host,
+ int autologin, char *autoname)
+{
+ int i;
+
+#ifdef AUTHENTICATION
+ if (!autoname || !autoname[0])
+ autologin = 0;
+
+ if (autologin < auth_level) {
+ fatal(net, "Authorization failed");
+ exit(1);
+ }
+#endif
+
+ {
+ char *tbuf =
+ "\r\n*** Connection not encrypted! "
+ "Communication may be eavesdropped. ***\r\n";
+#ifdef ENCRYPTION
+ if (!no_warn && (encrypt_output == 0 || decrypt_input == 0))
+#endif
+ writenet(tbuf, strlen(tbuf));
+ }
+# ifdef PARENT_DOES_UTMP
+ utmp_sig_init();
+# endif /* PARENT_DOES_UTMP */
+
+ if ((i = fork()) < 0)
+ fatalperror(net, "fork");
+ if (i) {
+# ifdef PARENT_DOES_UTMP
+ /*
+ * Cray parent will create utmp entry for child and send
+ * signal to child to tell when done. Child waits for signal
+ * before doing anything important.
+ */
+ int pid = i;
+ void sigjob (int);
+
+ setpgrp();
+ utmp_sig_reset(); /* reset handler to default */
+ /*
+ * Create utmp entry for child
+ */
+ wtmp.ut_time = time(NULL);
+ wtmp.ut_type = LOGIN_PROCESS;
+ wtmp.ut_pid = pid;
+ strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user));
+ strncpy(wtmp.ut_host, utmp_host, sizeof(wtmp.ut_host));
+ strncpy(wtmp.ut_line, clean_ttyname(line), sizeof(wtmp.ut_line));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+ strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id));
+#endif
+
+ pututline(&wtmp);
+ endutent();
+ if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) {
+ write(i, &wtmp, sizeof(struct utmp));
+ close(i);
+ }
+#ifdef _CRAY
+ signal(WJSIGNAL, sigjob);
+#endif
+ utmp_sig_notify(pid);
+# endif /* PARENT_DOES_UTMP */
+ } else {
+ getptyslave();
+#if defined(DCE)
+ /* if we authenticated via K5, try and join the PAG */
+ kerberos5_dfspag();
+#endif
+ start_login(host, autologin, autoname);
+ /*NOTREACHED*/
+ }
+}
+
+char *envinit[3];
+extern char **environ;
+
+void
+init_env(void)
+{
+ char **envp;
+
+ envp = envinit;
+ if ((*envp = getenv("TZ")))
+ *envp++ -= 3;
+#if defined(_CRAY) || defined(__hpux)
+ else
+ *envp++ = "TZ=GMT0";
+#endif
+ *envp = 0;
+ environ = envinit;
+}
+
+/*
+ * scrub_env()
+ *
+ * We only accept the environment variables listed below.
+ */
+
+static void
+scrub_env(void)
+{
+ static const char *reject[] = {
+ "TERMCAP=/",
+ NULL
+ };
+
+ static const char *accept[] = {
+ "XAUTH=", "XAUTHORITY=", "DISPLAY=",
+ "TERM=",
+ "EDITOR=",
+ "PAGER=",
+ "PRINTER=",
+ "LOGNAME=",
+ "POSIXLY_CORRECT=",
+ "TERMCAP=",
+ NULL
+ };
+
+ char **cpp, **cpp2;
+ const char **p;
+
+ for (cpp2 = cpp = environ; *cpp; cpp++) {
+ int reject_it = 0;
+
+ for(p = reject; *p; p++)
+ if(strncmp(*cpp, *p, strlen(*p)) == 0) {
+ reject_it = 1;
+ break;
+ }
+ if (reject_it)
+ continue;
+
+ for(p = accept; *p; p++)
+ if(strncmp(*cpp, *p, strlen(*p)) == 0)
+ break;
+ if(*p != NULL)
+ *cpp2++ = *cpp;
+ }
+ *cpp2 = NULL;
+}
+
+
+struct arg_val {
+ int size;
+ int argc;
+ char **argv;
+};
+
+static void addarg(struct arg_val*, const char*);
+
+/*
+ * start_login(host)
+ *
+ * Assuming that we are now running as a child processes, this
+ * function will turn us into the login process.
+ */
+
+void
+start_login(const char *host, int autologin, char *name)
+{
+ struct arg_val argv;
+ char *user;
+ int save_errno;
+
+#ifdef ENCRYPTION
+ encrypt_output = NULL;
+ decrypt_input = NULL;
+#endif
+
+#ifdef HAVE_UTMPX_H
+ {
+ int pid = getpid();
+ struct utmpx utmpx;
+ struct timeval tv;
+ char *clean_tty;
+
+ /*
+ * Create utmp entry for child
+ */
+
+ clean_tty = clean_ttyname(line);
+ memset(&utmpx, 0, sizeof(utmpx));
+ strncpy(utmpx.ut_user, ".telnet", sizeof(utmpx.ut_user));
+ strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+ strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id));
+#endif
+ utmpx.ut_pid = pid;
+
+ utmpx.ut_type = LOGIN_PROCESS;
+
+ gettimeofday (&tv, NULL);
+ utmpx.ut_tv.tv_sec = tv.tv_sec;
+ utmpx.ut_tv.tv_usec = tv.tv_usec;
+
+ if (pututxline(&utmpx) == NULL)
+ fatal(net, "pututxline failed");
+ }
+#endif
+
+ scrub_env();
+
+ /*
+ * -h : pass on name of host.
+ * WARNING: -h is accepted by login if and only if
+ * getuid() == 0.
+ * -p : don't clobber the environment (so terminal type stays set).
+ *
+ * -f : force this login, he has already been authenticated
+ */
+
+ /* init argv structure */
+ argv.size=0;
+ argv.argc=0;
+ argv.argv=malloc(0); /*so we can call realloc later */
+ addarg(&argv, "login");
+ addarg(&argv, "-h");
+ addarg(&argv, host);
+ addarg(&argv, "-p");
+ if(name[0])
+ user = name;
+ else
+ user = getenv("USER");
+#ifdef AUTHENTICATION
+ if (auth_level < 0 || autologin != AUTH_VALID) {
+ if(!no_warn) {
+ printf("User not authenticated. ");
+ if (require_otp)
+ printf("Using one-time password\r\n");
+ else
+ printf("Using plaintext username and password\r\n");
+ }
+ if (require_otp) {
+ addarg(&argv, "-a");
+ addarg(&argv, "otp");
+ }
+ if(log_unauth)
+ syslog(LOG_INFO, "unauthenticated access from %s (%s)",
+ host, user ? user : "unknown user");
+ }
+ if (auth_level >= 0 && autologin == AUTH_VALID)
+ addarg(&argv, "-f");
+#endif
+ if(user){
+ addarg(&argv, "--");
+ addarg(&argv, strdup(user));
+ }
+ if (getenv("USER")) {
+ /*
+ * Assume that login will set the USER variable
+ * correctly. For SysV systems, this means that
+ * USER will no longer be set, just LOGNAME by
+ * login. (The problem is that if the auto-login
+ * fails, and the user then specifies a different
+ * account name, he can get logged in with both
+ * LOGNAME and USER in his environment, but the
+ * USER value will be wrong.
+ */
+ unsetenv("USER");
+ }
+ closelog();
+ /*
+ * This sleep(1) is in here so that telnetd can
+ * finish up with the tty. There's a race condition
+ * the login banner message gets lost...
+ */
+ sleep(1);
+
+ execv(new_login, argv.argv);
+ save_errno = errno;
+ syslog(LOG_ERR, "%s: %m", new_login);
+ fatalperror_errno(net, new_login, save_errno);
+ /*NOTREACHED*/
+}
+
+static void
+addarg(struct arg_val *argv, const char *val)
+{
+ if(argv->size <= argv->argc+1) {
+ argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10));
+ if (argv->argv == NULL)
+ fatal (net, "realloc: out of memory");
+ argv->size+=10;
+ }
+ if((argv->argv[argv->argc++] = strdup(val)) == NULL)
+ fatal (net, "strdup: out of memory");
+ argv->argv[argv->argc] = NULL;
+}
+
+
+/*
+ * rmut()
+ *
+ * This is the function called by cleanup() to
+ * remove the utmp entry for this person.
+ */
+
+#ifdef HAVE_UTMPX_H
+static void
+rmut(void)
+{
+ struct utmpx utmpx, *non_save_utxp;
+ char *clean_tty = clean_ttyname(line);
+
+ /*
+ * This updates the utmpx and utmp entries and make a wtmp/x entry
+ */
+
+ setutxent();
+ memset(&utmpx, 0, sizeof(utmpx));
+ strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
+ utmpx.ut_type = LOGIN_PROCESS;
+ non_save_utxp = getutxline(&utmpx);
+ if (non_save_utxp) {
+ struct utmpx *utxp;
+ struct timeval tv;
+ char user0;
+
+ utxp = malloc(sizeof(struct utmpx));
+ *utxp = *non_save_utxp;
+ user0 = utxp->ut_user[0];
+ utxp->ut_user[0] = '\0';
+ utxp->ut_type = DEAD_PROCESS;
+#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
+#ifdef _STRUCT___EXIT_STATUS
+ utxp->ut_exit.__e_termination = 0;
+ utxp->ut_exit.__e_exit = 0;
+#elif defined(__osf__) /* XXX */
+ utxp->ut_exit.ut_termination = 0;
+ utxp->ut_exit.ut_exit = 0;
+#else
+ utxp->ut_exit.e_termination = 0;
+ utxp->ut_exit.e_exit = 0;
+#endif
+#endif
+ gettimeofday (&tv, NULL);
+ utxp->ut_tv.tv_sec = tv.tv_sec;
+ utxp->ut_tv.tv_usec = tv.tv_usec;
+
+ pututxline(utxp);
+#ifdef WTMPX_FILE
+ utxp->ut_user[0] = user0;
+ updwtmpx(WTMPX_FILE, utxp);
+#elif defined(WTMP_FILE)
+ /* This is a strange system with a utmpx and a wtmp! */
+ {
+ int f = open(wtmpf, O_WRONLY|O_APPEND);
+ struct utmp wtmp;
+ if (f >= 0) {
+ strncpy(wtmp.ut_line, clean_tty, sizeof(wtmp.ut_line));
+ strncpy(wtmp.ut_name, "", sizeof(wtmp.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+ strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host));
+#endif
+ wtmp.ut_time = time(NULL);
+ write(f, &wtmp, sizeof(wtmp));
+ close(f);
+ }
+ }
+#endif
+ free (utxp);
+ }
+ endutxent();
+} /* end of rmut */
+#endif
+
+#if !defined(HAVE_UTMPX_H) && !(defined(_CRAY) || defined(__hpux)) && BSD <= 43
+static void
+rmut(void)
+{
+ int f;
+ int found = 0;
+ struct utmp *u, *utmp;
+ int nutmp;
+ struct stat statbf;
+ char *clean_tty = clean_ttyname(line);
+
+ f = open(utmpf, O_RDWR);
+ if (f >= 0) {
+ fstat(f, &statbf);
+ utmp = (struct utmp *)malloc((unsigned)statbf.st_size);
+ if (!utmp)
+ syslog(LOG_ERR, "utmp malloc failed");
+ if (statbf.st_size && utmp) {
+ nutmp = read(f, utmp, (int)statbf.st_size);
+ nutmp /= sizeof(struct utmp);
+
+ for (u = utmp ; u < &utmp[nutmp] ; u++) {
+ if (strncmp(u->ut_line,
+ clean_tty,
+ sizeof(u->ut_line)) ||
+ u->ut_name[0]==0)
+ continue;
+ lseek(f, ((long)u)-((long)utmp), L_SET);
+ strncpy(u->ut_name, "", sizeof(u->ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+ strncpy(u->ut_host, "", sizeof(u->ut_host));
+#endif
+ u->ut_time = time(NULL);
+ write(f, u, sizeof(wtmp));
+ found++;
+ }
+ }
+ close(f);
+ }
+ if (found) {
+ f = open(wtmpf, O_WRONLY|O_APPEND);
+ if (f >= 0) {
+ strncpy(wtmp.ut_line, clean_tty, sizeof(wtmp.ut_line));
+ strncpy(wtmp.ut_name, "", sizeof(wtmp.ut_name));
+#ifdef HAVE_STRUCT_UTMP_UT_HOST
+ strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host));
+#endif
+ wtmp.ut_time = time(NULL);
+ write(f, &wtmp, sizeof(wtmp));
+ close(f);
+ }
+ }
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ line[strlen("/dev/")] = 'p';
+ chmod(line, 0666);
+ chown(line, 0, 0);
+} /* end of rmut */
+#endif /* CRAY */
+
+#if defined(__hpux) && !defined(HAVE_UTMPX_H)
+static void
+rmut (char *line)
+{
+ struct utmp utmp;
+ struct utmp *utptr;
+ int fd; /* for /etc/wtmp */
+
+ utmp.ut_type = USER_PROCESS;
+ strncpy(utmp.ut_line, clean_ttyname(line), sizeof(utmp.ut_line));
+ setutent();
+ utptr = getutline(&utmp);
+ /* write it out only if it exists */
+ if (utptr) {
+ utptr->ut_type = DEAD_PROCESS;
+ utptr->ut_time = time(NULL);
+ pututline(utptr);
+ /* set wtmp entry if wtmp file exists */
+ if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) {
+ write(fd, utptr, sizeof(utmp));
+ close(fd);
+ }
+ }
+ endutent();
+
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ line[14] = line[13];
+ line[13] = line[12];
+ line[8] = 'm';
+ line[9] = '/';
+ line[10] = 'p';
+ line[11] = 't';
+ line[12] = 'y';
+ chmod(line, 0666);
+ chown(line, 0, 0);
+}
+#endif
+
+/*
+ * cleanup()
+ *
+ * This is the routine to call when we are all through, to
+ * clean up anything that needs to be cleaned up.
+ */
+
+#ifdef PARENT_DOES_UTMP
+
+void
+cleanup(int sig)
+{
+#ifdef _CRAY
+ static int incleanup = 0;
+ int t;
+ int child_status; /* status of child process as returned by waitpid */
+ int flags = WNOHANG|WUNTRACED;
+
+ /*
+ * 1: Pick up the zombie, if we are being called
+ * as the signal handler.
+ * 2: If we are a nested cleanup(), return.
+ * 3: Try to clean up TMPDIR.
+ * 4: Fill in utmp with shutdown of process.
+ * 5: Close down the network and pty connections.
+ * 6: Finish up the TMPDIR cleanup, if needed.
+ */
+ if (sig == SIGCHLD) {
+ while (waitpid(-1, &child_status, flags) > 0)
+ ; /* VOID */
+ /* Check if the child process was stopped
+ * rather than exited. We want cleanup only if
+ * the child has died.
+ */
+ if (WIFSTOPPED(child_status)) {
+ return;
+ }
+ }
+ t = sigblock(sigmask(SIGCHLD));
+ if (incleanup) {
+ sigsetmask(t);
+ return;
+ }
+ incleanup = 1;
+ sigsetmask(t);
+
+ t = cleantmp(&wtmp);
+ setutent(); /* just to make sure */
+#endif /* CRAY */
+ rmut(line);
+ close(ourpty);
+ shutdown(net, 2);
+#ifdef _CRAY
+ if (t == 0)
+ cleantmp(&wtmp);
+#endif /* CRAY */
+ exit(1);
+}
+
+#else /* PARENT_DOES_UTMP */
+
+void
+cleanup(int sig)
+{
+#if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
+ rmut();
+#ifdef HAVE_VHANGUP
+#ifndef __sgi
+ vhangup(); /* XXX */
+#endif
+#endif
+#else
+ char *p;
+
+ p = line + sizeof("/dev/") - 1;
+ if (logout(p))
+ logwtmp(p, "", "");
+ chmod(line, 0666);
+ chown(line, 0, 0);
+ *p = 'p';
+ chmod(line, 0666);
+ chown(line, 0, 0);
+#endif
+ shutdown(net, 2);
+ exit(1);
+}
+
+#endif /* PARENT_DOES_UTMP */
+
+#ifdef PARENT_DOES_UTMP
+/*
+ * _utmp_sig_rcv
+ * utmp_sig_init
+ * utmp_sig_wait
+ * These three functions are used to coordinate the handling of
+ * the utmp file between the server and the soon-to-be-login shell.
+ * The server actually creates the utmp structure, the child calls
+ * utmp_sig_wait(), until the server calls utmp_sig_notify() and
+ * signals the future-login shell to proceed.
+ */
+static int caught=0; /* NZ when signal intercepted */
+static void (*func)(); /* address of previous handler */
+
+void
+_utmp_sig_rcv(sig)
+ int sig;
+{
+ caught = 1;
+ signal(SIGUSR1, func);
+}
+
+void
+utmp_sig_init()
+{
+ /*
+ * register signal handler for UTMP creation
+ */
+ if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1)
+ fatalperror(net, "telnetd/signal");
+}
+
+void
+utmp_sig_reset()
+{
+ signal(SIGUSR1, func); /* reset handler to default */
+}
+
+# ifdef __hpux
+# define sigoff() /* do nothing */
+# define sigon() /* do nothing */
+# endif
+
+void
+utmp_sig_wait()
+{
+ /*
+ * Wait for parent to write our utmp entry.
+ */
+ sigoff();
+ while (caught == 0) {
+ pause(); /* wait until we get a signal (sigon) */
+ sigoff(); /* turn off signals while we check caught */
+ }
+ sigon(); /* turn on signals again */
+}
+
+void
+utmp_sig_notify(pid)
+{
+ kill(pid, SIGUSR1);
+}
+
+#ifdef _CRAY
+static int gotsigjob = 0;
+
+ /*ARGSUSED*/
+void
+sigjob(sig)
+ int sig;
+{
+ int jid;
+ struct jobtemp *jp;
+
+ while ((jid = waitjob(NULL)) != -1) {
+ if (jid == 0) {
+ return;
+ }
+ gotsigjob++;
+ jobend(jid, NULL, NULL);
+ }
+}
+
+/*
+ * jid_getutid:
+ * called by jobend() before calling cleantmp()
+ * to find the correct $TMPDIR to cleanup.
+ */
+
+struct utmp *
+jid_getutid(jid)
+ int jid;
+{
+ struct utmp *cur = NULL;
+
+ setutent(); /* just to make sure */
+ while (cur = getutent()) {
+ if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) {
+ return(cur);
+ }
+ }
+
+ return(0);
+}
+
+/*
+ * Clean up the TMPDIR that login created.
+ * The first time this is called we pick up the info
+ * from the utmp. If the job has already gone away,
+ * then we'll clean up and be done. If not, then
+ * when this is called the second time it will wait
+ * for the signal that the job is done.
+ */
+int
+cleantmp(wtp)
+ struct utmp *wtp;
+{
+ struct utmp *utp;
+ static int first = 1;
+ int mask, omask, ret;
+ extern struct utmp *getutid (const struct utmp *_Id);
+
+
+ mask = sigmask(WJSIGNAL);
+
+ if (first == 0) {
+ omask = sigblock(mask);
+ while (gotsigjob == 0)
+ sigpause(omask);
+ return(1);
+ }
+ first = 0;
+ setutent(); /* just to make sure */
+
+ utp = getutid(wtp);
+ if (utp == 0) {
+ syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+ return(-1);
+ }
+ /*
+ * Nothing to clean up if the user shell was never started.
+ */
+ if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0)
+ return(1);
+
+ /*
+ * Block the WJSIGNAL while we are in jobend().
+ */
+ omask = sigblock(mask);
+ ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user);
+ sigsetmask(omask);
+ return(ret);
+}
+
+int
+jobend(jid, path, user)
+ int jid;
+ char *path;
+ char *user;
+{
+ static int saved_jid = 0;
+ static int pty_saved_jid = 0;
+ static char saved_path[sizeof(wtmp.ut_tpath)+1];
+ static char saved_user[sizeof(wtmp.ut_user)+1];
+
+ /*
+ * this little piece of code comes into play
+ * only when ptyreconnect is used to reconnect
+ * to an previous session.
+ *
+ * this is the only time when the
+ * "saved_jid != jid" code is executed.
+ */
+
+ if ( saved_jid && saved_jid != jid ) {
+ if (!path) { /* called from signal handler */
+ pty_saved_jid = jid;
+ } else {
+ pty_saved_jid = saved_jid;
+ }
+ }
+
+ if (path) {
+ strlcpy(saved_path, path, sizeof(saved_path));
+ strlcpy(saved_user, user, sizeof(saved_user));
+ }
+ if (saved_jid == 0) {
+ saved_jid = jid;
+ return(0);
+ }
+
+ /* if the jid has changed, get the correct entry from the utmp file */
+
+ if ( saved_jid != jid ) {
+ struct utmp *utp = NULL;
+ struct utmp *jid_getutid();
+
+ utp = jid_getutid(pty_saved_jid);
+
+ if (utp == 0) {
+ syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR");
+ return(-1);
+ }
+
+ cleantmpdir(jid, utp->ut_tpath, utp->ut_user);
+ return(1);
+ }
+
+ cleantmpdir(jid, saved_path, saved_user);
+ return(1);
+}
+
+/*
+ * Fork a child process to clean up the TMPDIR
+ */
+cleantmpdir(jid, tpath, user)
+ int jid;
+ char *tpath;
+ char *user;
+{
+ switch(fork()) {
+ case -1:
+ syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n",
+ tpath);
+ break;
+ case 0:
+ execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, NULL);
+ syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n",
+ tpath, CLEANTMPCMD);
+ exit(1);
+ default:
+ /*
+ * Forget about child. We will exit, and
+ * /etc/init will pick it up.
+ */
+ break;
+ }
+}
+#endif /* CRAY */
+#endif /* defined(PARENT_DOES_UTMP) */
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.8
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.8 (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,536 @@
+.\" Copyright (c) 1983, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
+.\"
+.Dd September 19, 2006
+.Dt TELNETD 8
+.Os BSD 4.2
+.Sh NAME
+.Nm telnetd
+.Nd DARPA
+.Tn TELNET
+protocol server
+.Sh SYNOPSIS
+.Nm telnetd
+.Op Fl BeUhkln
+.Op Fl D Ar debugmode
+.Op Fl S Ar tos
+.Op Fl X Ar authtype
+.Op Fl a Ar authmode
+.Op Fl r Ns Ar lowpty-highpty
+.Op Fl u Ar len
+.Op Fl debug
+.Op Fl L Ar /bin/login
+.Op Fl y
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm telnetd
+command is a server which supports the
+.Tn DARPA
+standard
+.Tn TELNET
+virtual terminal protocol.
+.Nm Telnetd
+is normally invoked by the internet server (see
+.Xr inetd 8 )
+for requests to connect to the
+.Tn TELNET
+port as indicated by the
+.Pa /etc/services
+file (see
+.Xr services 5 ) .
+The
+.Fl debug
+option may be used to start up
+.Nm telnetd
+manually, instead of through
+.Xr inetd 8 .
+If started up this way,
+.Ar port
+may be specified to run
+.Nm telnetd
+on an alternate
+.Tn TCP
+port number.
+.Pp
+The
+.Nm telnetd
+command accepts the following options:
+.Bl -tag -width "-a authmode"
+.It Fl a Ar authmode
+This option may be used for specifying what mode should
+be used for authentication.
+Note that this option is only useful if
+.Nm telnetd
+has been compiled with support for the
+.Dv AUTHENTICATION
+option.
+There are several valid values for
+.Ar authmode :
+.Bl -tag -width debug
+.It debug
+Turns on authentication debugging code.
+.It user
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user,
+and is allowed access to the specified account
+without providing a password.
+.It valid
+Only allow connections when the remote user
+can provide valid authentication information
+to identify the remote user.
+The
+.Xr login 1
+command will provide any additional user verification
+needed if the remote user is not allowed automatic
+access to the specified account.
+.It other
+Only allow connections that supply some authentication information.
+This option is currently not supported
+by any of the existing authentication mechanisms,
+and is thus the same as specifying
+.Fl a
+.Cm valid .
+.It otp
+Only allow authenticated connections (as with
+.Fl a
+.Cm user )
+and also logins with one-time passwords (OTPs). This option will call
+login with an option so that only OTPs are accepted. The user can of
+course still type secret information at the prompt.
+.It none
+This is the default state.
+Authentication information is not required.
+If no or insufficient authentication information
+is provided, then the
+.Xr login 1
+program will provide the necessary user
+verification.
+.It off
+This disables the authentication code.
+All user verification will happen through the
+.Xr login 1
+program.
+.El
+.It Fl B
+Ignored.
+.It Fl D Ar debugmode
+This option may be used for debugging purposes.
+This allows
+.Nm telnetd
+to print out debugging information
+to the connection, allowing the user to see what
+.Nm telnetd
+is doing.
+There are several possible values for
+.Ar debugmode :
+.Bl -tag -width exercise
+.It Cm options
+Prints information about the negotiation of
+.Tn TELNET
+options.
+.It Cm report
+Prints the
+.Cm options
+information, plus some additional information
+about what processing is going on.
+.It Cm netdata
+Displays the data stream received by
+.Nm telnetd .
+.It Cm ptydata
+Displays data written to the pty.
+.It Cm exercise
+Has not been implemented yet.
+.El
+.It Fl e
+require encryption to be turned on (in both direction) by the client
+and disconnects if the client tries to turn the encryption off (in
+either direction).
+.It Fl h
+Disables the printing of host-specific information before
+login has been completed.
+.It Fl k
+.It Fl l
+Ignored.
+.It Fl n
+Disable
+.Dv TCP
+keep-alives. Normally
+.Nm telnetd
+enables the
+.Tn TCP
+keep-alive mechanism to probe connections that
+have been idle for some period of time to determine
+if the client is still there, so that idle connections
+from machines that have crashed or can no longer
+be reached may be cleaned up.
+.It Fl r Ar lowpty-highpty
+This option is only enabled when
+.Nm telnetd
+is compiled for
+.Dv UNICOS .
+It specifies an inclusive range of pseudo-terminal devices to
+use. If the system has sysconf variable
+.Dv _SC_CRAY_NPTY
+configured, the default pty search range is 0 to
+.Dv _SC_CRAY_NPTY ;
+otherwise, the default range is 0 to 128. Either
+.Ar lowpty
+or
+.Ar highpty
+may be omitted to allow changing
+either end of the search range. If
+.Ar lowpty
+is omitted, the - character is still required so that
+.Nm telnetd
+can differentiate
+.Ar highpty
+from
+.Ar lowpty .
+.It Fl S Ar tos
+.It Fl u Ar len
+This option is used to specify the size of the field
+in the
+.Dv utmp
+structure that holds the remote host name.
+If the resolved host name is longer than
+.Ar len ,
+the dotted decimal value will be used instead.
+This allows hosts with very long host names that
+overflow this field to still be uniquely identified.
+Specifying
+.Fl u0
+indicates that only dotted decimal addresses
+should be put into the
+.Pa utmp
+file.
+.It Fl U
+This option causes
+.Nm telnetd
+to refuse connections from addresses that
+cannot be mapped back into a symbolic name
+via the
+.Xr gethostbyaddr 3
+routine.
+.It Fl X Ar authtype
+This option is only valid if
+.Nm telnetd
+has been built with support for the authentication option.
+It disables the use of
+.Ar authtype
+authentication, and
+can be used to temporarily disable
+a specific authentication type without having to recompile
+.Nm telnetd .
+.It Fl L Ar pathname
+Specify pathname to an alternative login program.
+.It Fl y
+Makes
+.Nm
+not warn when a user is trying to login with a cleartext password.
+.El
+.Pp
+.Nm Telnetd
+operates by allocating a pseudo-terminal device (see
+.Xr pty 4 )
+for a client, then creating a login process which has
+the slave side of the pseudo-terminal as
+.Dv stdin ,
+.Dv stdout
+and
+.Dv stderr .
+.Nm Telnetd
+manipulates the master side of the pseudo-terminal,
+implementing the
+.Tn TELNET
+protocol and passing characters
+between the remote client and the login process.
+.Pp
+When a
+.Tn TELNET
+session is started up,
+.Nm telnetd
+sends
+.Tn TELNET
+options to the client side indicating
+a willingness to do the
+following
+.Tn TELNET
+options, which are described in more detail below:
+.Bd -literal -offset indent
+DO AUTHENTICATION
+WILL ENCRYPT
+DO TERMINAL TYPE
+DO TSPEED
+DO XDISPLOC
+DO NEW-ENVIRON
+DO ENVIRON
+WILL SUPPRESS GO AHEAD
+DO ECHO
+DO LINEMODE
+DO NAWS
+WILL STATUS
+DO LFLOW
+DO TIMING-MARK
+.Ed
+.Pp
+The pseudo-terminal allocated to the client is configured
+to operate in
+.Dq cooked
+mode, and with
+.Dv XTABS and
+.Dv CRMOD
+enabled (see
+.Xr tty 4 ) .
+.Pp
+.Nm Telnetd
+has support for enabling locally the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "WILL ECHO"
+When the
+.Dv LINEMODE
+option is enabled, a
+.Dv WILL ECHO
+or
+.Dv WONT ECHO
+will be sent to the client to indicate the
+current state of terminal echoing.
+When terminal echo is not desired, a
+.Dv WILL ECHO
+is sent to indicate that
+.Tn telnetd
+will take care of echoing any data that needs to be
+echoed to the terminal, and then nothing is echoed.
+When terminal echo is desired, a
+.Dv WONT ECHO
+is sent to indicate that
+.Tn telnetd
+will not be doing any terminal echoing, so the
+client should do any terminal echoing that is needed.
+.It "WILL BINARY"
+Indicates that the client is willing to send a
+8 bits of data, rather than the normal 7 bits
+of the Network Virtual Terminal.
+.It "WILL SGA"
+Indicates that it will not be sending
+.Dv IAC GA ,
+go ahead, commands.
+.It "WILL STATUS"
+Indicates a willingness to send the client, upon
+request, of the current status of all
+.Tn TELNET
+options.
+.It "WILL TIMING-MARK"
+Whenever a
+.Dv DO TIMING-MARK
+command is received, it is always responded
+to with a
+.Dv WILL TIMING-MARK
+.It "WILL LOGOUT"
+When a
+.Dv DO LOGOUT
+is received, a
+.Dv WILL LOGOUT
+is sent in response, and the
+.Tn TELNET
+session is shut down.
+.It "WILL ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.El
+.Pp
+.Nm Telnetd
+has support for enabling remotely the following
+.Tn TELNET
+options:
+.Bl -tag -width "DO AUTHENTICATION"
+.It "DO BINARY"
+Sent to indicate that
+.Tn telnetd
+is willing to receive an 8 bit data stream.
+.It "DO LFLOW"
+Requests that the client handle flow control
+characters remotely.
+.It "DO ECHO"
+This is not really supported, but is sent to identify a 4.2BSD
+.Xr telnet 1
+client, which will improperly respond with
+.Dv WILL ECHO .
+If a
+.Dv WILL ECHO
+is received, a
+.Dv DONT ECHO
+will be sent in response.
+.It "DO TERMINAL-TYPE"
+Indicates a desire to be able to request the
+name of the type of terminal that is attached
+to the client side of the connection.
+.It "DO SGA"
+Indicates that it does not need to receive
+.Dv IAC GA ,
+the go ahead command.
+.It "DO NAWS"
+Requests that the client inform the server when
+the window (display) size changes.
+.It "DO TERMINAL-SPEED"
+Indicates a desire to be able to request information
+about the speed of the serial line to which
+the client is attached.
+.It "DO XDISPLOC"
+Indicates a desire to be able to request the name
+of the X windows display that is associated with
+the telnet client.
+.It "DO NEW-ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1572.
+.It "DO ENVIRON"
+Indicates a desire to be able to request environment
+variable information, as described in RFC 1408.
+.It "DO LINEMODE"
+Only sent if
+.Nm telnetd
+is compiled with support for linemode, and
+requests that the client do line by line processing.
+.It "DO TIMING-MARK"
+Only sent if
+.Nm telnetd
+is compiled with support for both linemode and
+kludge linemode, and the client responded with
+.Dv WONT LINEMODE .
+If the client responds with
+.Dv WILL TM ,
+the it is assumed that the client supports
+kludge linemode.
+Note that the
+.Op Fl k
+option can be used to disable this.
+.It "DO AUTHENTICATION"
+Only sent if
+.Nm telnetd
+is compiled with support for authentication, and
+indicates a willingness to receive authentication
+information for automatic login.
+.It "DO ENCRYPT"
+Only sent if
+.Nm telnetd
+is compiled with support for data encryption, and
+indicates a willingness to decrypt
+the data stream.
+.El
+.Sh FILES
+.Bl -tag -width /etc/services -compact
+.It Pa /etc/services
+.It Pa /etc/inittab
+(UNICOS systems only)
+.It Pa /etc/iptos
+(if supported)
+.El
+.Sh "SEE ALSO"
+.Xr telnet 1 ,
+.Xr login 1
+.Sh STANDARDS
+.Bl -tag -compact -width RFC-1572
+.It Cm RFC-854
+.Tn TELNET
+PROTOCOL SPECIFICATION
+.It Cm RFC-855
+TELNET OPTION SPECIFICATIONS
+.It Cm RFC-856
+TELNET BINARY TRANSMISSION
+.It Cm RFC-857
+TELNET ECHO OPTION
+.It Cm RFC-858
+TELNET SUPPRESS GO AHEAD OPTION
+.It Cm RFC-859
+TELNET STATUS OPTION
+.It Cm RFC-860
+TELNET TIMING MARK OPTION
+.It Cm RFC-861
+TELNET EXTENDED OPTIONS - LIST OPTION
+.It Cm RFC-885
+TELNET END OF RECORD OPTION
+.It Cm RFC-1073
+Telnet Window Size Option
+.It Cm RFC-1079
+Telnet Terminal Speed Option
+.It Cm RFC-1091
+Telnet Terminal-Type Option
+.It Cm RFC-1096
+Telnet X Display Location Option
+.It Cm RFC-1123
+Requirements for Internet Hosts -- Application and Support
+.It Cm RFC-1184
+Telnet Linemode Option
+.It Cm RFC-1372
+Telnet Remote Flow Control Option
+.It Cm RFC-1416
+Telnet Authentication Option
+.It Cm RFC-1411
+Telnet Authentication: Kerberos Version 4
+.It Cm RFC-1412
+Telnet Authentication: SPX
+.It Cm RFC-1571
+Telnet Environment Option Interoperability Issues
+.It Cm RFC-1572
+Telnet Environment Option
+.El
+.Sh BUGS
+Some
+.Tn TELNET
+commands are only partially implemented.
+.Pp
+Because of bugs in the original 4.2 BSD
+.Xr telnet 1 ,
+.Nm telnetd
+performs some dubious protocol exchanges to try to discover if the remote
+client is, in fact, a 4.2 BSD
+.Xr telnet 1 .
+.Pp
+Binary mode
+has no common interpretation except between similar operating systems
+(Unix in this case).
+.Pp
+The terminal type name received from the remote client is converted to
+lower case.
+.Pp
+.Nm Telnetd
+never sends
+.Tn TELNET
+.Dv IAC GA
+(go ahead) commands.
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1401 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: telnetd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef _SC_CRAY_SECURE_SYS
+#include <sys/sysv.h>
+#include <sys/secdev.h>
+#include <sys/secparm.h>
+#include <sys/usrv.h>
+int secflag;
+char tty_dev[16];
+struct secdev dv;
+struct sysv sysv;
+struct socksec ss;
+#endif /* _SC_CRAY_SECURE_SYS */
+
+#ifdef AUTHENTICATION
+int auth_level = 0;
+#endif
+
+#ifdef KRB5
+#define Authenticator k5_Authenticator
+#include <krb5.h>
+#undef Authenticator
+#endif
+
+extern int utmp_len;
+int registerd_host_only = 0;
+#ifdef ENCRYPTION
+int require_encryption = 0;
+#endif
+
+#ifdef STREAMSPTY
+
+#ifdef _AIX
+#include <sys/termio.h>
+#endif
+# ifdef HAVE_SYS_STRTTY_H
+# include <sys/strtty.h>
+# endif
+# ifdef HAVE_SYS_STR_TTY_H
+# include <sys/str_tty.h>
+# endif
+/* make sure we don't get the bsd version */
+/* what is this here for? solaris? /joda */
+# ifdef HAVE_SYS_TTY_H
+# include "/usr/include/sys/tty.h"
+# endif
+# ifdef HAVE_SYS_PTYVAR_H
+# include <sys/ptyvar.h>
+# endif
+
+/*
+ * Because of the way ptyibuf is used with streams messages, we need
+ * ptyibuf+1 to be on a full-word boundary. The following wierdness
+ * is simply to make that happen.
+ */
+long ptyibufbuf[BUFSIZ/sizeof(long)+1];
+char *ptyibuf = ((char *)&ptyibufbuf[1])-1;
+char *ptyip = ((char *)&ptyibufbuf[1])-1;
+char ptyibuf2[BUFSIZ];
+unsigned char ctlbuf[BUFSIZ];
+struct strbuf strbufc, strbufd;
+
+int readstream(int, char*, int);
+
+#else /* ! STREAMPTY */
+
+/*
+ * I/O data buffers,
+ * pointers, and counters.
+ */
+char ptyibuf[BUFSIZ], *ptyip = ptyibuf;
+char ptyibuf2[BUFSIZ];
+
+#endif /* ! STREAMPTY */
+
+int hostinfo = 1; /* do we print login banner? */
+
+#ifdef _CRAY
+extern int newmap; /* nonzero if \n maps to ^M^J */
+int lowpty = 0, highpty; /* low, high pty numbers */
+#endif /* CRAY */
+
+int debug = 0;
+int keepalive = 1;
+char *progname;
+
+static void usage (int error_code);
+
+/*
+ * The string to pass to getopt(). We do it this way so
+ * that only the actual options that we support will be
+ * passed off to getopt().
+ */
+char valid_opts[] = "Bd:hklnS:u:UL:y"
+#ifdef AUTHENTICATION
+ "a:X:z"
+#endif
+#ifdef ENCRYPTION
+ "e"
+#endif
+#ifdef DIAGNOSTICS
+ "D:"
+#endif
+#ifdef _CRAY
+ "r:"
+#endif
+ ;
+
+static void doit(struct sockaddr*, int);
+
+int
+main(int argc, char **argv)
+{
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ int on = 1;
+ socklen_t sa_size;
+ int ch;
+#if defined(IPPROTO_IP) && defined(IP_TOS)
+ int tos = -1;
+#endif
+ pfrontp = pbackp = ptyobuf;
+ netip = netibuf;
+ nfrontp = nbackp = netobuf;
+
+ setprogname(argv[0]);
+
+ progname = *argv;
+#ifdef ENCRYPTION
+ nclearto = 0;
+#endif
+
+#ifdef _CRAY
+ /*
+ * Get number of pty's before trying to process options,
+ * which may include changing pty range.
+ */
+ highpty = getnpty();
+#endif /* CRAY */
+
+ if (argc == 2 && strcmp(argv[1], "--version") == 0) {
+ print_version(NULL);
+ exit(0);
+ }
+ if (argc == 2 && strcmp(argv[1], "--help") == 0)
+ usage(0);
+
+ while ((ch = getopt(argc, argv, valid_opts)) != -1) {
+ switch(ch) {
+
+#ifdef AUTHENTICATION
+ case 'a':
+ /*
+ * Check for required authentication level
+ */
+ if (strcmp(optarg, "debug") == 0) {
+ auth_debug_mode = 1;
+ } else if (strcasecmp(optarg, "none") == 0) {
+ auth_level = 0;
+ } else if (strcasecmp(optarg, "otp") == 0) {
+ auth_level = 0;
+ require_otp = 1;
+ } else if (strcasecmp(optarg, "other") == 0) {
+ auth_level = AUTH_OTHER;
+ } else if (strcasecmp(optarg, "user") == 0) {
+ auth_level = AUTH_USER;
+ } else if (strcasecmp(optarg, "valid") == 0) {
+ auth_level = AUTH_VALID;
+ } else if (strcasecmp(optarg, "off") == 0) {
+ /*
+ * This hack turns off authentication
+ */
+ auth_level = -1;
+ } else {
+ fprintf(stderr,
+ "telnetd: unknown authorization level for -a\n");
+ }
+ break;
+#endif /* AUTHENTICATION */
+
+ case 'B': /* BFTP mode is not supported any more */
+ break;
+ case 'd':
+ if (strcmp(optarg, "ebug") == 0) {
+ debug++;
+ break;
+ }
+ usage(1);
+ /* NOTREACHED */
+ break;
+
+#ifdef DIAGNOSTICS
+ case 'D':
+ /*
+ * Check for desired diagnostics capabilities.
+ */
+ if (!strcmp(optarg, "report")) {
+ diagnostic |= TD_REPORT|TD_OPTIONS;
+ } else if (!strcmp(optarg, "exercise")) {
+ diagnostic |= TD_EXERCISE;
+ } else if (!strcmp(optarg, "netdata")) {
+ diagnostic |= TD_NETDATA;
+ } else if (!strcmp(optarg, "ptydata")) {
+ diagnostic |= TD_PTYDATA;
+ } else if (!strcmp(optarg, "options")) {
+ diagnostic |= TD_OPTIONS;
+ } else {
+ usage(1);
+ /* NOT REACHED */
+ }
+ break;
+#endif /* DIAGNOSTICS */
+
+#ifdef ENCRYPTION
+ case 'e':
+ require_encryption = 1;
+ break;
+#endif
+
+ case 'h':
+ hostinfo = 0;
+ break;
+
+ case 'k': /* Linemode is not supported any more */
+ case 'l':
+ break;
+
+ case 'n':
+ keepalive = 0;
+ break;
+
+#ifdef _CRAY
+ case 'r':
+ {
+ char *strchr();
+ char *c;
+
+ /*
+ * Allow the specification of alterations
+ * to the pty search range. It is legal to
+ * specify only one, and not change the
+ * other from its default.
+ */
+ c = strchr(optarg, '-');
+ if (c) {
+ *c++ = '\0';
+ highpty = atoi(c);
+ }
+ if (*optarg != '\0')
+ lowpty = atoi(optarg);
+ if ((lowpty > highpty) || (lowpty < 0) ||
+ (highpty > 32767)) {
+ usage(1);
+ /* NOT REACHED */
+ }
+ break;
+ }
+#endif /* CRAY */
+
+ case 'S':
+#ifdef HAVE_PARSETOS
+ if ((tos = parsetos(optarg, "tcp")) < 0)
+ fprintf(stderr, "%s%s%s\n",
+ "telnetd: Bad TOS argument '", optarg,
+ "'; will try to use default TOS");
+#else
+ fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
+ "-S flag not supported\n");
+#endif
+ break;
+
+ case 'u': {
+ char *eptr;
+
+ utmp_len = strtol(optarg, &eptr, 0);
+ if (optarg == eptr)
+ fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg);
+ break;
+ }
+
+ case 'U':
+ registerd_host_only = 1;
+ break;
+
+#ifdef AUTHENTICATION
+ case 'X':
+ /*
+ * Check for invalid authentication types
+ */
+ auth_disable_name(optarg);
+ break;
+#endif
+ case 'y':
+ no_warn = 1;
+ break;
+#ifdef AUTHENTICATION
+ case 'z':
+ log_unauth = 1;
+ break;
+
+#endif /* AUTHENTICATION */
+
+ case 'L':
+ new_login = optarg;
+ break;
+
+ default:
+ fprintf(stderr, "telnetd: %c: unknown option\n", ch);
+ /* FALLTHROUGH */
+ case '?':
+ usage(0);
+ /* NOTREACHED */
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (debug) {
+ int port = 0;
+ struct servent *sp;
+
+ if (argc > 1) {
+ usage (1);
+ } else if (argc == 1) {
+ sp = roken_getservbyname (*argv, "tcp");
+ if (sp)
+ port = sp->s_port;
+ else
+ port = htons(atoi(*argv));
+ } else {
+#ifdef KRB5
+ port = krb5_getportbyname (NULL, "telnet", "tcp", 23);
+#else
+ port = k_getportbyname("telnet", "tcp", htons(23));
+#endif
+ }
+ mini_inetd (port);
+ } else if (argc > 0) {
+ usage(1);
+ /* NOT REACHED */
+ }
+
+#ifdef _SC_CRAY_SECURE_SYS
+ secflag = sysconf(_SC_CRAY_SECURE_SYS);
+
+ /*
+ * Get socket's security label
+ */
+ if (secflag) {
+ socklen_t szss = sizeof(ss);
+ int sock_multi;
+ socklen_t szi = sizeof(int);
+
+ memset(&dv, 0, sizeof(dv));
+
+ if (getsysv(&sysv, sizeof(struct sysv)) != 0)
+ fatalperror(net, "getsysv");
+
+ /*
+ * Get socket security label and set device values
+ * {security label to be set on ttyp device}
+ */
+#ifdef SO_SEC_MULTI /* 8.0 code */
+ if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
+ (void *)&ss, &szss) < 0) ||
+ (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
+ (void *)&sock_multi, &szi) < 0))
+ fatalperror(net, "getsockopt");
+ else {
+ dv.dv_actlvl = ss.ss_actlabel.lt_level;
+ dv.dv_actcmp = ss.ss_actlabel.lt_compart;
+ if (!sock_multi) {
+ dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
+ dv.dv_valcmp = dv.dv_actcmp;
+ } else {
+ dv.dv_minlvl = ss.ss_minlabel.lt_level;
+ dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
+ dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
+ }
+ dv.dv_devflg = 0;
+ }
+#else /* SO_SEC_MULTI */ /* 7.0 code */
+ if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
+ (void *)&ss, &szss) >= 0) {
+ dv.dv_actlvl = ss.ss_slevel;
+ dv.dv_actcmp = ss.ss_compart;
+ dv.dv_minlvl = ss.ss_minlvl;
+ dv.dv_maxlvl = ss.ss_maxlvl;
+ dv.dv_valcmp = ss.ss_maxcmp;
+ }
+#endif /* SO_SEC_MULTI */
+ }
+#endif /* _SC_CRAY_SECURE_SYS */
+
+ roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
+ sa_size = sizeof (__ss);
+ if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
+ fprintf(stderr, "%s: ", progname);
+ perror("getpeername");
+ _exit(1);
+ }
+ if (keepalive &&
+ setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
+ (void *)&on, sizeof (on)) < 0) {
+ syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+ }
+
+#if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ {
+# ifdef HAVE_GETTOSBYNAME
+ struct tosent *tp;
+ if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
+ tos = tp->t_tos;
+# endif
+ if (tos < 0)
+ tos = 020; /* Low Delay bit */
+ if (tos
+ && sa->sa_family == AF_INET
+ && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
+ (void *)&tos, sizeof(tos)) < 0)
+ && (errno != ENOPROTOOPT) )
+ syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
+ }
+#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
+ net = STDIN_FILENO;
+ doit(sa, sa_size);
+ /* NOTREACHED */
+ return 0;
+} /* end of main */
+
+static void
+usage(int exit_code)
+{
+ fprintf(stderr, "Usage: telnetd");
+ fprintf(stderr, " [--help]");
+ fprintf(stderr, " [--version]");
+#ifdef AUTHENTICATION
+ fprintf(stderr, " [-a (debug|other|otp|user|valid|off|none)]\n\t");
+#endif
+ fprintf(stderr, " [-debug]");
+#ifdef DIAGNOSTICS
+ fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
+#endif
+#ifdef AUTHENTICATION
+ fprintf(stderr, " [-edebug]");
+#endif
+ fprintf(stderr, " [-h]");
+ fprintf(stderr, " [-L login]");
+ fprintf(stderr, " [-n]");
+#ifdef _CRAY
+ fprintf(stderr, " [-r[lowpty]-[highpty]]");
+#endif
+ fprintf(stderr, "\n\t");
+#ifdef HAVE_GETTOSBYNAME
+ fprintf(stderr, " [-S tos]");
+#endif
+#ifdef AUTHENTICATION
+ fprintf(stderr, " [-X auth-type] [-y] [-z]");
+#endif
+ fprintf(stderr, " [-u utmp_hostname_length] [-U]");
+ fprintf(stderr, " [port]\n");
+ exit(exit_code);
+}
+
+/*
+ * getterminaltype
+ *
+ * Ask the other end to send along its terminal type and speed.
+ * Output is the variable terminaltype filled in.
+ */
+static unsigned char ttytype_sbbuf[] = {
+ IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
+};
+
+int
+getterminaltype(char *name, size_t name_sz)
+{
+ int retval = -1;
+
+ settimer(baseline);
+#ifdef AUTHENTICATION
+ /*
+ * Handle the Authentication option before we do anything else.
+ */
+ send_do(TELOPT_AUTHENTICATION, 1);
+ while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+ ttloop();
+ if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+ retval = auth_wait(name, name_sz);
+ }
+#endif
+
+#ifdef ENCRYPTION
+ send_will(TELOPT_ENCRYPT, 1);
+ send_do(TELOPT_ENCRYPT, 1); /* esc at magic.fi */
+#endif
+ send_do(TELOPT_TTYPE, 1);
+ send_do(TELOPT_TSPEED, 1);
+ send_do(TELOPT_XDISPLOC, 1);
+ send_do(TELOPT_NEW_ENVIRON, 1);
+ send_do(TELOPT_OLD_ENVIRON, 1);
+ while (
+#ifdef ENCRYPTION
+ his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+#endif
+ his_will_wont_is_changing(TELOPT_TTYPE) ||
+ his_will_wont_is_changing(TELOPT_TSPEED) ||
+ his_will_wont_is_changing(TELOPT_XDISPLOC) ||
+ his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
+ his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
+ ttloop();
+ }
+#ifdef ENCRYPTION
+ /*
+ * Wait for the negotiation of what type of encryption we can
+ * send with. If autoencrypt is not set, this will just return.
+ */
+ if (his_state_is_will(TELOPT_ENCRYPT)) {
+ encrypt_wait();
+ }
+ if (require_encryption) {
+
+ while (encrypt_delay())
+ if (telnet_spin())
+ fatal(net, "Failed while waiting for encryption");
+
+ if (!encrypt_is_encrypting())
+ fatal(net, "Encryption required but not turned on by client");
+ }
+#endif
+ if (his_state_is_will(TELOPT_TSPEED)) {
+ static unsigned char sb[] =
+ { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+
+ telnet_net_write (sb, sizeof sb);
+ DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+ }
+ if (his_state_is_will(TELOPT_XDISPLOC)) {
+ static unsigned char sb[] =
+ { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+
+ telnet_net_write (sb, sizeof sb);
+ DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+ }
+ if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+ static unsigned char sb[] =
+ { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+ telnet_net_write (sb, sizeof sb);
+ DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+ }
+ else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+ static unsigned char sb[] =
+ { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+
+ telnet_net_write (sb, sizeof sb);
+ DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+ }
+ if (his_state_is_will(TELOPT_TTYPE)) {
+
+ telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
+ DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+ sizeof ttytype_sbbuf - 2););
+ }
+ if (his_state_is_will(TELOPT_TSPEED)) {
+ while (sequenceIs(tspeedsubopt, baseline))
+ ttloop();
+ }
+ if (his_state_is_will(TELOPT_XDISPLOC)) {
+ while (sequenceIs(xdisplocsubopt, baseline))
+ ttloop();
+ }
+ if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+ while (sequenceIs(environsubopt, baseline))
+ ttloop();
+ }
+ if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+ while (sequenceIs(oenvironsubopt, baseline))
+ ttloop();
+ }
+ if (his_state_is_will(TELOPT_TTYPE)) {
+ char first[256], last[256];
+
+ while (sequenceIs(ttypesubopt, baseline))
+ ttloop();
+
+ /*
+ * If the other side has already disabled the option, then
+ * we have to just go with what we (might) have already gotten.
+ */
+ if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
+ strlcpy(first, terminaltype, sizeof(first));
+ for(;;) {
+ /*
+ * Save the unknown name, and request the next name.
+ */
+ strlcpy(last, terminaltype, sizeof(last));
+ _gettermname();
+ if (terminaltypeok(terminaltype))
+ break;
+ if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
+ his_state_is_wont(TELOPT_TTYPE)) {
+ /*
+ * We've hit the end. If this is the same as
+ * the first name, just go with it.
+ */
+ if (strncmp(first, terminaltype, sizeof(first)) == 0)
+ break;
+ /*
+ * Get the terminal name one more time, so that
+ * RFC1091 compliant telnets will cycle back to
+ * the start of the list.
+ */
+ _gettermname();
+ if (strncmp(first, terminaltype, sizeof(first)) != 0)
+ strlcpy(terminaltype, first, sizeof(terminaltype));
+ break;
+ }
+ }
+ }
+ }
+ return(retval);
+} /* end of getterminaltype */
+
+void
+_gettermname(void)
+{
+ /*
+ * If the client turned off the option,
+ * we can't send another request, so we
+ * just return.
+ */
+ if (his_state_is_wont(TELOPT_TTYPE))
+ return;
+ settimer(baseline);
+ telnet_net_write (ttytype_sbbuf, sizeof ttytype_sbbuf);
+ DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+ sizeof ttytype_sbbuf - 2););
+ while (sequenceIs(ttypesubopt, baseline))
+ ttloop();
+}
+
+int
+terminaltypeok(char *s)
+{
+ return 1;
+}
+
+
+char host_name[MaxHostNameLen];
+char remote_host_name[MaxHostNameLen];
+char remote_utmp_name[MaxHostNameLen];
+
+/*
+ * Get a pty, scan input lines.
+ */
+static void
+doit(struct sockaddr *who, int who_len)
+{
+ int level;
+ int ptynum;
+ char user_name[256];
+ int error;
+
+ /*
+ * Find an available pty to use.
+ */
+ ourpty = getpty(&ptynum);
+ if (ourpty < 0)
+ fatal(net, "All network ports in use");
+
+#ifdef _SC_CRAY_SECURE_SYS
+ /*
+ * set ttyp line security label
+ */
+ if (secflag) {
+ char slave_dev[16];
+
+ snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
+ if (setdevs(tty_dev, &dv) < 0)
+ fatal(net, "cannot set pty security");
+ snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
+ if (setdevs(slave_dev, &dv) < 0)
+ fatal(net, "cannot set tty security");
+ }
+#endif /* _SC_CRAY_SECURE_SYS */
+
+ error = getnameinfo_verified (who, who_len,
+ remote_host_name,
+ sizeof(remote_host_name),
+ NULL, 0,
+ registerd_host_only ? NI_NAMEREQD : 0);
+ if (error)
+ fatal(net, "Couldn't resolve your address into a host name.\r\n\
+Please contact your net administrator");
+
+ gethostname(host_name, sizeof (host_name));
+
+ strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name));
+
+ /* Only trim if too long (and possible) */
+ if (strlen(remote_utmp_name) > utmp_len) {
+ char *domain = strchr(host_name, '.');
+ char *p = strchr(remote_utmp_name, '.');
+ if (domain != NULL && p != NULL && (strcmp(p, domain) == 0))
+ *p = '\0'; /* remove domain part */
+ }
+
+ /*
+ * If hostname still doesn't fit utmp, use ipaddr.
+ */
+ if (strlen(remote_utmp_name) > utmp_len) {
+ error = getnameinfo (who, who_len,
+ remote_utmp_name,
+ sizeof(remote_utmp_name),
+ NULL, 0,
+ NI_NUMERICHOST);
+ if (error)
+ fatal(net, "Couldn't get numeric address\r\n");
+ }
+
+#ifdef AUTHENTICATION
+ auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1);
+#endif
+
+ init_env();
+
+ /* begin server processing */
+
+ /*
+ * Initialize the slc mapping table.
+ */
+
+ get_slc_defaults();
+
+ /*
+ * get terminal type.
+ */
+ *user_name = 0;
+ level = getterminaltype(user_name, sizeof(user_name));
+ esetenv("TERM", terminaltype[0] ? terminaltype : "network", 1);
+
+#ifdef _SC_CRAY_SECURE_SYS
+ if (secflag) {
+ if (setulvl(dv.dv_actlvl) < 0)
+ fatal(net,"cannot setulvl()");
+ if (setucmp(dv.dv_actcmp) < 0)
+ fatal(net, "cannot setucmp()");
+ }
+#endif /* _SC_CRAY_SECURE_SYS */
+
+ my_telnet(net, ourpty, remote_host_name, remote_utmp_name,
+ level, user_name);
+ /*NOTREACHED*/
+} /* end of doit */
+
+/* output contents of /etc/issue.net, or /etc/issue */
+static void
+show_issue(void)
+{
+ FILE *f;
+ char buf[128];
+ f = fopen(SYSCONFDIR "/issue.net", "r");
+ if(f == NULL)
+ f = fopen(SYSCONFDIR "/issue", "r");
+ if(f){
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ size_t len = strcspn(buf, "\r\n");
+ if(len == strlen(buf)) {
+ /* there's no newline */
+ writenet(buf, len);
+ } else {
+ /* replace newline with \r\n */
+ buf[len] = '\0';
+ writenet(buf, len);
+ writenet("\r\n", 2);
+ }
+ }
+ fclose(f);
+ }
+}
+
+/*
+ * Main loop. Select from pty and network, and
+ * hand data to telnet receiver finite state machine.
+ */
+void
+my_telnet(int f, int p, const char *host, const char *utmp_host,
+ int level, char *autoname)
+{
+ int on = 1;
+ char *he;
+ char *IM;
+ int nfd;
+ int startslave_called = 0;
+ time_t timeout;
+
+ /*
+ * Do some tests where it is desireable to wait for a response.
+ * Rather than doing them slowly, one at a time, do them all
+ * at once.
+ */
+ if (my_state_is_wont(TELOPT_SGA))
+ send_will(TELOPT_SGA, 1);
+ /*
+ * Is the client side a 4.2 (NOT 4.3) system? We need to know this
+ * because 4.2 clients are unable to deal with TCP urgent data.
+ *
+ * To find out, we send out a "DO ECHO". If the remote system
+ * answers "WILL ECHO" it is probably a 4.2 client, and we note
+ * that fact ("WILL ECHO" ==> that the client will echo what
+ * WE, the server, sends it; it does NOT mean that the client will
+ * echo the terminal input).
+ */
+ send_do(TELOPT_ECHO, 1);
+
+ /*
+ * Send along a couple of other options that we wish to negotiate.
+ */
+ send_do(TELOPT_NAWS, 1);
+ send_will(TELOPT_STATUS, 1);
+ flowmode = 1; /* default flow control state */
+ restartany = -1; /* uninitialized... */
+ send_do(TELOPT_LFLOW, 1);
+
+ /*
+ * Spin, waiting for a response from the DO ECHO. However,
+ * some REALLY DUMB telnets out there might not respond
+ * to the DO ECHO. So, we spin looking for NAWS, (most dumb
+ * telnets so far seem to respond with WONT for a DO that
+ * they don't understand...) because by the time we get the
+ * response, it will already have processed the DO ECHO.
+ * Kludge upon kludge.
+ */
+ while (his_will_wont_is_changing(TELOPT_NAWS))
+ ttloop();
+
+ /*
+ * But...
+ * The client might have sent a WILL NAWS as part of its
+ * startup code; if so, we'll be here before we get the
+ * response to the DO ECHO. We'll make the assumption
+ * that any implementation that understands about NAWS
+ * is a modern enough implementation that it will respond
+ * to our DO ECHO request; hence we'll do another spin
+ * waiting for the ECHO option to settle down, which is
+ * what we wanted to do in the first place...
+ */
+ if (his_want_state_is_will(TELOPT_ECHO) &&
+ his_state_is_will(TELOPT_NAWS)) {
+ while (his_will_wont_is_changing(TELOPT_ECHO))
+ ttloop();
+ }
+ /*
+ * On the off chance that the telnet client is broken and does not
+ * respond to the DO ECHO we sent, (after all, we did send the
+ * DO NAWS negotiation after the DO ECHO, and we won't get here
+ * until a response to the DO NAWS comes back) simulate the
+ * receipt of a will echo. This will also send a WONT ECHO
+ * to the client, since we assume that the client failed to
+ * respond because it believes that it is already in DO ECHO
+ * mode, which we do not want.
+ */
+ if (his_want_state_is_will(TELOPT_ECHO)) {
+ DIAG(TD_OPTIONS,
+ {output_data("td: simulating recv\r\n");
+ });
+ willoption(TELOPT_ECHO);
+ }
+
+ /*
+ * Finally, to clean things up, we turn on our echo. This
+ * will break stupid 4.2 telnets out of local terminal echo.
+ */
+
+ if (my_state_is_wont(TELOPT_ECHO))
+ send_will(TELOPT_ECHO, 1);
+
+#ifdef TIOCPKT
+#ifdef STREAMSPTY
+ if (!really_stream)
+#endif
+ /*
+ * Turn on packet mode
+ */
+ ioctl(p, TIOCPKT, (char *)&on);
+#endif
+
+
+ /*
+ * Call telrcv() once to pick up anything received during
+ * terminal type negotiation, 4.2/4.3 determination, and
+ * linemode negotiation.
+ */
+ telrcv();
+
+ ioctl(f, FIONBIO, (char *)&on);
+ ioctl(p, FIONBIO, (char *)&on);
+
+#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT)
+ setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
+ (void *)&on, sizeof on);
+#endif /* defined(SO_OOBINLINE) */
+
+#ifdef SIGTSTP
+ signal(SIGTSTP, SIG_IGN);
+#endif
+#ifdef SIGTTOU
+ /*
+ * Ignoring SIGTTOU keeps the kernel from blocking us
+ * in ttioct() in /sys/tty.c.
+ */
+ signal(SIGTTOU, SIG_IGN);
+#endif
+
+ signal(SIGCHLD, cleanup);
+
+#ifdef TIOCNOTTY
+ {
+ int t;
+ t = open(_PATH_TTY, O_RDWR);
+ if (t >= 0) {
+ ioctl(t, TIOCNOTTY, (char *)0);
+ close(t);
+ }
+ }
+#endif
+
+ show_issue();
+ /*
+ * Show banner that getty never gave.
+ *
+ * We put the banner in the pty input buffer. This way, it
+ * gets carriage return null processing, etc., just like all
+ * other pty --> client data.
+ */
+
+ if (getenv("USER"))
+ hostinfo = 0;
+
+ IM = DEFAULT_IM;
+ he = 0;
+ edithost(he, host_name);
+ if (hostinfo && *IM)
+ putf(IM, ptyibuf2);
+
+ if (pcc)
+ strncat(ptyibuf2, ptyip, pcc+1);
+ ptyip = ptyibuf2;
+ pcc = strlen(ptyip);
+
+ DIAG(TD_REPORT, {
+ output_data("td: Entering processing loop\r\n");
+ });
+
+
+ nfd = ((f > p) ? f : p) + 1;
+ timeout = time(NULL) + 5;
+ for (;;) {
+ fd_set ibits, obits, xbits;
+ int c;
+
+ /* wait for encryption to be turned on, but don't wait
+ indefinitely */
+ if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){
+ startslave_called = 1;
+ startslave(host, utmp_host, level, autoname);
+ }
+
+ if (ncc < 0 && pcc < 0)
+ break;
+
+ FD_ZERO(&ibits);
+ FD_ZERO(&obits);
+ FD_ZERO(&xbits);
+
+ if (f >= FD_SETSIZE
+ || p >= FD_SETSIZE)
+ fatal(net, "fd too large");
+
+ /*
+ * Never look for input if there's still
+ * stuff in the corresponding output buffer
+ */
+ if (nfrontp - nbackp || pcc > 0) {
+ FD_SET(f, &obits);
+ } else {
+ FD_SET(p, &ibits);
+ }
+ if (pfrontp - pbackp || ncc > 0) {
+ FD_SET(p, &obits);
+ } else {
+ FD_SET(f, &ibits);
+ }
+ if (!SYNCHing) {
+ FD_SET(f, &xbits);
+ }
+ if ((c = select(nfd, &ibits, &obits, &xbits,
+ (struct timeval *)0)) < 1) {
+ if (c == -1) {
+ if (errno == EINTR) {
+ continue;
+ }
+ }
+ sleep(5);
+ continue;
+ }
+
+ /*
+ * Any urgent data?
+ */
+ if (FD_ISSET(net, &xbits)) {
+ SYNCHing = 1;
+ }
+
+ /*
+ * Something to read from the network...
+ */
+ if (FD_ISSET(net, &ibits)) {
+#ifndef SO_OOBINLINE
+ /*
+ * In 4.2 (and 4.3 beta) systems, the
+ * OOB indication and data handling in the kernel
+ * is such that if two separate TCP Urgent requests
+ * come in, one byte of TCP data will be overlaid.
+ * This is fatal for Telnet, but we try to live
+ * with it.
+ *
+ * In addition, in 4.2 (and...), a special protocol
+ * is needed to pick up the TCP Urgent data in
+ * the correct sequence.
+ *
+ * What we do is: if we think we are in urgent
+ * mode, we look to see if we are "at the mark".
+ * If we are, we do an OOB receive. If we run
+ * this twice, we will do the OOB receive twice,
+ * but the second will fail, since the second
+ * time we were "at the mark", but there wasn't
+ * any data there (the kernel doesn't reset
+ * "at the mark" until we do a normal read).
+ * Once we've read the OOB data, we go ahead
+ * and do normal reads.
+ *
+ * There is also another problem, which is that
+ * since the OOB byte we read doesn't put us
+ * out of OOB state, and since that byte is most
+ * likely the TELNET DM (data mark), we would
+ * stay in the TELNET SYNCH (SYNCHing) state.
+ * So, clocks to the rescue. If we've "just"
+ * received a DM, then we test for the
+ * presence of OOB data when the receive OOB
+ * fails (and AFTER we did the normal mode read
+ * to clear "at the mark").
+ */
+ if (SYNCHing) {
+ int atmark;
+
+ ioctl(net, SIOCATMARK, (char *)&atmark);
+ if (atmark) {
+ ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
+ if ((ncc == -1) && (errno == EINVAL)) {
+ ncc = read(net, netibuf, sizeof (netibuf));
+ if (sequenceIs(didnetreceive, gotDM)) {
+ SYNCHing = stilloob(net);
+ }
+ }
+ } else {
+ ncc = read(net, netibuf, sizeof (netibuf));
+ }
+ } else {
+ ncc = read(net, netibuf, sizeof (netibuf));
+ }
+ settimer(didnetreceive);
+#else /* !defined(SO_OOBINLINE)) */
+ ncc = read(net, netibuf, sizeof (netibuf));
+#endif /* !defined(SO_OOBINLINE)) */
+ if (ncc < 0 && errno == EWOULDBLOCK)
+ ncc = 0;
+ else {
+ if (ncc <= 0) {
+ break;
+ }
+ netip = netibuf;
+ }
+ DIAG((TD_REPORT | TD_NETDATA), {
+ output_data("td: netread %d chars\r\n", ncc);
+ });
+ DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+ }
+
+ /*
+ * Something to read from the pty...
+ */
+ if (FD_ISSET(p, &ibits)) {
+#ifdef STREAMSPTY
+ if (really_stream)
+ pcc = readstream(p, ptyibuf, BUFSIZ);
+ else
+#endif
+ pcc = read(p, ptyibuf, BUFSIZ);
+
+ /*
+ * On some systems, if we try to read something
+ * off the master side before the slave side is
+ * opened, we get EIO.
+ */
+ if (pcc < 0 && (errno == EWOULDBLOCK ||
+#ifdef EAGAIN
+ errno == EAGAIN ||
+#endif
+ errno == EIO)) {
+ pcc = 0;
+ } else {
+ if (pcc <= 0)
+ break;
+ if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
+ netclear(); /* clear buffer back */
+#ifndef NO_URGENT
+ /*
+ * There are client telnets on some
+ * operating systems get screwed up
+ * royally if we send them urgent
+ * mode data.
+ */
+ output_data ("%c%c", IAC, DM);
+
+ neturg = nfrontp-1; /* off by one XXX */
+ DIAG(TD_OPTIONS,
+ printoption("td: send IAC", DM));
+
+#endif
+ }
+ if (his_state_is_will(TELOPT_LFLOW) &&
+ (ptyibuf[0] &
+ (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
+ int newflow =
+ ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+ if (newflow != flowmode) {
+ flowmode = newflow;
+ output_data("%c%c%c%c%c%c",
+ IAC, SB, TELOPT_LFLOW,
+ flowmode ? LFLOW_ON
+ : LFLOW_OFF,
+ IAC, SE);
+ DIAG(TD_OPTIONS, printsub('>',
+ (unsigned char *)nfrontp-4,
+ 4););
+ }
+ }
+ pcc--;
+ ptyip = ptyibuf+1;
+ }
+ }
+
+ while (pcc > 0) {
+ if ((&netobuf[BUFSIZ] - nfrontp) < 3)
+ break;
+ c = *ptyip++ & 0377, pcc--;
+ if (c == IAC)
+ *nfrontp++ = c;
+ *nfrontp++ = c;
+ if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+ if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+ *nfrontp++ = *ptyip++ & 0377;
+ pcc--;
+ } else
+ *nfrontp++ = '\0';
+ }
+ }
+
+ if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
+ netflush();
+ if (ncc > 0)
+ telrcv();
+ if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
+ ptyflush();
+ }
+ cleanup(0);
+}
+
+#ifndef TCSIG
+# ifdef TIOCSIG
+# define TCSIG TIOCSIG
+# endif
+#endif
+
+#ifdef STREAMSPTY
+
+ int flowison = -1; /* current state of flow: -1 is unknown */
+
+int
+readstream(int p, char *ibuf, int bufsize)
+{
+ int flags = 0;
+ int ret = 0;
+ struct termios *tsp;
+#if 0
+ struct termio *tp;
+#endif
+ struct iocblk *ip;
+ char vstop, vstart;
+ int ixon;
+ int newflow;
+
+ strbufc.maxlen = BUFSIZ;
+ strbufc.buf = (char *)ctlbuf;
+ strbufd.maxlen = bufsize-1;
+ strbufd.len = 0;
+ strbufd.buf = ibuf+1;
+ ibuf[0] = 0;
+
+ ret = getmsg(p, &strbufc, &strbufd, &flags);
+ if (ret < 0) /* error of some sort -- probably EAGAIN */
+ return(-1);
+
+ if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
+ /* data message */
+ if (strbufd.len > 0) { /* real data */
+ return(strbufd.len + 1); /* count header char */
+ } else {
+ /* nothing there */
+ errno = EAGAIN;
+ return(-1);
+ }
+ }
+
+ /*
+ * It's a control message. Return 1, to look at the flag we set
+ */
+
+ switch (ctlbuf[0]) {
+ case M_FLUSH:
+ if (ibuf[1] & FLUSHW)
+ ibuf[0] = TIOCPKT_FLUSHWRITE;
+ return(1);
+
+ case M_IOCTL:
+ ip = (struct iocblk *) (ibuf+1);
+
+ switch (ip->ioc_cmd) {
+#ifdef TCSETS
+ case TCSETS:
+ case TCSETSW:
+ case TCSETSF:
+ tsp = (struct termios *)
+ (ibuf+1 + sizeof(struct iocblk));
+ vstop = tsp->c_cc[VSTOP];
+ vstart = tsp->c_cc[VSTART];
+ ixon = tsp->c_iflag & IXON;
+ break;
+#endif
+#if 0
+ case TCSETA:
+ case TCSETAW:
+ case TCSETAF:
+ tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
+ vstop = tp->c_cc[VSTOP];
+ vstart = tp->c_cc[VSTART];
+ ixon = tp->c_iflag & IXON;
+ break;
+#endif
+ default:
+ errno = EAGAIN;
+ return(-1);
+ }
+
+ newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
+ if (newflow != flowison) { /* it's a change */
+ flowison = newflow;
+ ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
+ return(1);
+ }
+ }
+
+ /* nothing worth doing anything about */
+ errno = EAGAIN;
+ return(-1);
+}
+#endif /* STREAMSPTY */
+
+/*
+ * Send interrupt to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write intr char.
+ */
+void
+interrupt()
+{
+ ptyflush(); /* half-hearted */
+
+#if defined(STREAMSPTY) && defined(TIOCSIGNAL)
+ /* Streams PTY style ioctl to post a signal */
+ if (really_stream)
+ {
+ int sig = SIGINT;
+ ioctl(ourpty, TIOCSIGNAL, &sig);
+ ioctl(ourpty, I_FLUSH, FLUSHR);
+ }
+#else
+#ifdef TCSIG
+ ioctl(ourpty, TCSIG, (char *)SIGINT);
+#else /* TCSIG */
+ init_termbuf();
+ *pfrontp++ = slctab[SLC_IP].sptr ?
+ (unsigned char)*slctab[SLC_IP].sptr : '\177';
+#endif /* TCSIG */
+#endif
+}
+
+/*
+ * Send quit to process on other side of pty.
+ * If it is in raw mode, just write NULL;
+ * otherwise, write quit char.
+ */
+void
+sendbrk()
+{
+ ptyflush(); /* half-hearted */
+#ifdef TCSIG
+ ioctl(ourpty, TCSIG, (char *)SIGQUIT);
+#else /* TCSIG */
+ init_termbuf();
+ *pfrontp++ = slctab[SLC_ABORT].sptr ?
+ (unsigned char)*slctab[SLC_ABORT].sptr : '\034';
+#endif /* TCSIG */
+}
+
+void
+sendsusp()
+{
+#ifdef SIGTSTP
+ ptyflush(); /* half-hearted */
+# ifdef TCSIG
+ ioctl(ourpty, TCSIG, (char *)SIGTSTP);
+# else /* TCSIG */
+ *pfrontp++ = slctab[SLC_SUSP].sptr ?
+ (unsigned char)*slctab[SLC_SUSP].sptr : '\032';
+# endif /* TCSIG */
+#endif /* SIGTSTP */
+}
+
+/*
+ * When we get an AYT, if ^T is enabled, use that. Otherwise,
+ * just send back "[Yes]".
+ */
+void
+recv_ayt()
+{
+#if defined(SIGINFO) && defined(TCSIG)
+ if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
+ ioctl(ourpty, TCSIG, (char *)SIGINFO);
+ return;
+ }
+#endif
+ output_data("\r\n[Yes]\r\n");
+}
+
+void
+doeof()
+{
+ init_termbuf();
+
+ *pfrontp++ = slctab[SLC_EOF].sptr ?
+ (unsigned char)*slctab[SLC_EOF].sptr : '\004';
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/telnetd.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,251 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)telnetd.h 8.1 (Berkeley) 6/4/93
+ */
+
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif /* HAVE_SYS_RESOURCE_H */
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+/* including both <sys/ioctl.h> and <termios.h> in SunOS 4 generates a
+ lot of warnings */
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include <signal.h>
+#include <errno.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#include <ctype.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <termios.h>
+
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+
+#ifdef STREAMSPTY
+#ifdef HAVE_SAC_H
+#include <sac.h>
+#endif
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif
+
+# include <stropts.h>
+
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#ifdef __hpux
+#undef SE
+#endif
+#endif
+#ifdef HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+
+#endif /* STREAMSPTY */
+
+#undef NOERROR
+
+#include "defs.h"
+
+#ifndef _POSIX_VDISABLE
+# ifdef VDISABLE
+# define _POSIX_VDISABLE VDISABLE
+# else
+# define _POSIX_VDISABLE ((unsigned char)'\377')
+# endif
+#endif
+
+
+#ifdef HAVE_SYS_PTY_H
+#include <sys/pty.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_PTYIO_H
+#include <sys/ptyio.h>
+#endif
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include "ext.h"
+
+#ifdef SOCKS
+#include <socks.h>
+/* This doesn't belong here. */
+struct tm *localtime(const time_t *);
+struct hostent *gethostbyname(const char *);
+#endif
+
+#ifdef KRB4
+#include <krb.h>
+#endif
+
+#ifdef AUTHENTICATION
+#include <libtelnet/auth.h>
+#include <libtelnet/misc.h>
+#ifdef ENCRYPTION
+#include <libtelnet/encrypt.h>
+#endif
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+
+#include <roken.h>
+
+/* Don't use the system login, use our version instead */
+
+/* BINDIR should be defined somewhere else... */
+
+#ifndef BINDIR
+#define BINDIR "/usr/athena/bin"
+#endif
+
+#undef _PATH_LOGIN
+#define _PATH_LOGIN BINDIR "/login"
+
+/* fallbacks */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifdef DIAGNOSTICS
+#define DIAG(a,b) if (diagnostic & (a)) b
+#else
+#define DIAG(a,b)
+#endif
+
+/* other external variables */
+extern char **environ;
+
+/* prototypes */
+
+/* appends data to nfrontp and advances */
+int output_data (const char *format, ...)
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
+;
+
+#ifdef ENCRYPTION
+extern int require_encryption;
+#endif
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/termstat.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/termstat.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/termstat.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "telnetd.h"
+
+RCSID("$Id: termstat.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * local variables
+ */
+int def_tspeed = -1, def_rspeed = -1;
+#ifdef TIOCSWINSZ
+int def_row = 0, def_col = 0;
+#endif
+
+/*
+ * flowstat
+ *
+ * Check for changes to flow control
+ */
+void
+flowstat(void)
+{
+ if (his_state_is_will(TELOPT_LFLOW)) {
+ if (tty_flowmode() != flowmode) {
+ flowmode = tty_flowmode();
+ output_data("%c%c%c%c%c%c",
+ IAC, SB, TELOPT_LFLOW,
+ flowmode ? LFLOW_ON : LFLOW_OFF,
+ IAC, SE);
+ }
+ if (tty_restartany() != restartany) {
+ restartany = tty_restartany();
+ output_data("%c%c%c%c%c%c",
+ IAC, SB, TELOPT_LFLOW,
+ restartany ? LFLOW_RESTART_ANY
+ : LFLOW_RESTART_XON,
+ IAC, SE);
+ }
+ }
+}
+
+/*
+ * clientstat
+ *
+ * Process linemode related requests from the client.
+ * Client can request a change to only one of linemode, editmode or slc's
+ * at a time, and if using kludge linemode, then only linemode may be
+ * affected.
+ */
+void
+clientstat(int code, int parm1, int parm2)
+{
+ /*
+ * Get a copy of terminal characteristics.
+ */
+ init_termbuf();
+
+ /*
+ * Process request from client. code tells what it is.
+ */
+ switch (code) {
+ case TELOPT_NAWS:
+#ifdef TIOCSWINSZ
+ {
+ struct winsize ws;
+
+ def_col = parm1;
+ def_row = parm2;
+
+ /*
+ * Change window size as requested by client.
+ */
+
+ ws.ws_col = parm1;
+ ws.ws_row = parm2;
+ ioctl(ourpty, TIOCSWINSZ, (char *)&ws);
+ }
+#endif /* TIOCSWINSZ */
+
+ break;
+
+ case TELOPT_TSPEED:
+ {
+ def_tspeed = parm1;
+ def_rspeed = parm2;
+ /*
+ * Change terminal speed as requested by client.
+ * We set the receive speed first, so that if we can't
+ * store seperate receive and transmit speeds, the transmit
+ * speed will take precedence.
+ */
+ tty_rspeed(parm2);
+ tty_tspeed(parm1);
+ set_termbuf();
+
+ break;
+
+ } /* end of case TELOPT_TSPEED */
+
+ default:
+ /* What? */
+ break;
+ } /* end of switch */
+
+ netflush();
+
+}
Added: vendor-crypto/heimdal/dist/appl/telnet/telnetd/utility.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/telnet/telnetd/utility.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/telnet/telnetd/utility.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1163 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define PRINTOPTIONS
+#include "telnetd.h"
+
+RCSID("$Id: utility.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * utility functions performing io related tasks
+ */
+
+/*
+ * ttloop
+ *
+ * A small subroutine to flush the network output buffer, get some
+ * data from the network, and pass it through the telnet state
+ * machine. We also flush the pty input buffer (by dropping its data)
+ * if it becomes too full.
+ *
+ * return 0 if OK or 1 if interrupted by a signal.
+ */
+
+int
+ttloop(void)
+{
+ DIAG(TD_REPORT, {
+ output_data("td: ttloop\r\n");
+ });
+ if (nfrontp-nbackp)
+ netflush();
+ ncc = read(net, netibuf, sizeof netibuf);
+ if (ncc < 0) {
+ if (errno == EINTR)
+ return 1;
+ syslog(LOG_INFO, "ttloop: read: %m\n");
+ exit(1);
+ } else if (ncc == 0) {
+ syslog(LOG_INFO, "ttloop: peer died\n");
+ exit(1);
+ }
+ DIAG(TD_REPORT, {
+ output_data("td: ttloop read %d chars\r\n", ncc);
+ });
+ netip = netibuf;
+ telrcv(); /* state machine */
+ if (ncc > 0) {
+ pfrontp = pbackp = ptyobuf;
+ telrcv();
+ }
+ return 0;
+} /* end of ttloop */
+
+/*
+ * Check a descriptor to see if out of band data exists on it.
+ */
+int
+stilloob(int s)
+{
+ static struct timeval timeout = { 0 };
+ fd_set excepts;
+ int value;
+
+ if (s >= FD_SETSIZE)
+ fatal(ourpty, "fd too large");
+
+ do {
+ FD_ZERO(&excepts);
+ FD_SET(s, &excepts);
+ value = select(s+1, 0, 0, &excepts, &timeout);
+ } while ((value == -1) && (errno == EINTR));
+
+ if (value < 0) {
+ fatalperror(ourpty, "select");
+ }
+ if (FD_ISSET(s, &excepts)) {
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+void
+ptyflush(void)
+{
+ int n;
+
+ if ((n = pfrontp - pbackp) > 0) {
+ DIAG((TD_REPORT | TD_PTYDATA), {
+ output_data("td: ptyflush %d chars\r\n", n);
+ });
+ DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+ n = write(ourpty, pbackp, n);
+ }
+ if (n < 0) {
+ if (errno == EWOULDBLOCK || errno == EINTR)
+ return;
+ cleanup(0);
+ }
+ pbackp += n;
+ if (pbackp == pfrontp)
+ pbackp = pfrontp = ptyobuf;
+}
+
+/*
+ * nextitem()
+ *
+ * Return the address of the next "item" in the TELNET data
+ * stream. This will be the address of the next character if
+ * the current address is a user data character, or it will
+ * be the address of the character following the TELNET command
+ * if the current address is a TELNET IAC ("I Am a Command")
+ * character.
+ */
+char *
+nextitem(char *current)
+{
+ if ((*current&0xff) != IAC) {
+ return current+1;
+ }
+ switch (*(current+1)&0xff) {
+ case DO:
+ case DONT:
+ case WILL:
+ case WONT:
+ return current+3;
+ case SB:{
+ /* loop forever looking for the SE */
+ char *look = current+2;
+
+ for (;;) {
+ if ((*look++&0xff) == IAC) {
+ if ((*look++&0xff) == SE) {
+ return look;
+ }
+ }
+ }
+ }
+ default:
+ return current+2;
+ }
+}
+
+
+/*
+ * netclear()
+ *
+ * We are about to do a TELNET SYNCH operation. Clear
+ * the path to the network.
+ *
+ * Things are a bit tricky since we may have sent the first
+ * byte or so of a previous TELNET command into the network.
+ * So, we have to scan the network buffer from the beginning
+ * until we are up to where we want to be.
+ *
+ * A side effect of what we do, just to keep things
+ * simple, is to clear the urgent data pointer. The principal
+ * caller should be setting the urgent data pointer AFTER calling
+ * us in any case.
+ */
+void
+netclear(void)
+{
+ char *thisitem, *next;
+ char *good;
+#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
+ ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+
+#ifdef ENCRYPTION
+ thisitem = nclearto > netobuf ? nclearto : netobuf;
+#else
+ thisitem = netobuf;
+#endif
+
+ while ((next = nextitem(thisitem)) <= nbackp) {
+ thisitem = next;
+ }
+
+ /* Now, thisitem is first before/at boundary. */
+
+#ifdef ENCRYPTION
+ good = nclearto > netobuf ? nclearto : netobuf;
+#else
+ good = netobuf; /* where the good bytes go */
+#endif
+
+ while (nfrontp > thisitem) {
+ if (wewant(thisitem)) {
+ int length;
+
+ next = thisitem;
+ do {
+ next = nextitem(next);
+ } while (wewant(next) && (nfrontp > next));
+ length = next-thisitem;
+ memmove(good, thisitem, length);
+ good += length;
+ thisitem = next;
+ } else {
+ thisitem = nextitem(thisitem);
+ }
+ }
+
+ nbackp = netobuf;
+ nfrontp = good; /* next byte to be sent */
+ neturg = 0;
+} /* end of netclear */
+
+extern int not42;
+
+/*
+ * netflush
+ * Send as much data as possible to the network,
+ * handling requests for urgent data.
+ */
+void
+netflush(void)
+{
+ int n;
+
+ if ((n = nfrontp - nbackp) > 0) {
+ DIAG(TD_REPORT,
+ { n += output_data("td: netflush %d chars\r\n", n);
+ });
+#ifdef ENCRYPTION
+ if (encrypt_output) {
+ char *s = nclearto ? nclearto : nbackp;
+ if (nfrontp - s > 0) {
+ (*encrypt_output)((unsigned char *)s, nfrontp-s);
+ nclearto = nfrontp;
+ }
+ }
+#endif
+ /*
+ * if no urgent data, or if the other side appears to be an
+ * old 4.2 client (and thus unable to survive TCP urgent data),
+ * write the entire buffer in non-OOB mode.
+ */
+#if 1 /* remove this to make it work between solaris 2.6 and linux */
+ if ((neturg == 0) || (not42 == 0)) {
+#endif
+ n = write(net, nbackp, n); /* normal write */
+#if 1 /* remove this to make it work between solaris 2.6 and linux */
+ } else {
+ n = neturg - nbackp;
+ /*
+ * In 4.2 (and 4.3) systems, there is some question about
+ * what byte in a sendOOB operation is the "OOB" data.
+ * To make ourselves compatible, we only send ONE byte
+ * out of band, the one WE THINK should be OOB (though
+ * we really have more the TCP philosophy of urgent data
+ * rather than the Unix philosophy of OOB data).
+ */
+ if (n > 1) {
+ n = send(net, nbackp, n-1, 0); /* send URGENT all by itself */
+ } else {
+ n = send(net, nbackp, n, MSG_OOB); /* URGENT data */
+ }
+ }
+#endif
+ }
+ if (n < 0) {
+ if (errno == EWOULDBLOCK || errno == EINTR)
+ return;
+ cleanup(0);
+ }
+ nbackp += n;
+#ifdef ENCRYPTION
+ if (nbackp > nclearto)
+ nclearto = 0;
+#endif
+ if (nbackp >= neturg) {
+ neturg = 0;
+ }
+ if (nbackp == nfrontp) {
+ nbackp = nfrontp = netobuf;
+#ifdef ENCRYPTION
+ nclearto = 0;
+#endif
+ }
+ return;
+}
+
+
+/*
+ * writenet
+ *
+ * Just a handy little function to write a bit of raw data to the net.
+ * It will force a transmit of the buffer if necessary
+ *
+ * arguments
+ * ptr - A pointer to a character string to write
+ * len - How many bytes to write
+ */
+void
+writenet(const void *ptr, size_t len)
+{
+ /* flush buffer if no room for new data) */
+ while ((&netobuf[BUFSIZ] - nfrontp) < len) {
+ /* if this fails, don't worry, buffer is a little big */
+ netflush();
+ }
+ if ((&netobuf[BUFSIZ] - nfrontp) < len)
+ abort();
+
+ memmove(nfrontp, ptr, len);
+ nfrontp += len;
+}
+
+
+/*
+ * miscellaneous functions doing a variety of little jobs follow ...
+ */
+
+
+void fatal(int f, char *msg)
+{
+ char buf[BUFSIZ];
+
+ snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
+#ifdef ENCRYPTION
+ if (encrypt_output) {
+ /*
+ * Better turn off encryption first....
+ * Hope it flushes...
+ */
+ encrypt_send_end();
+ netflush();
+ }
+#endif
+ write(f, buf, (int)strlen(buf));
+ sleep(1); /*XXX*/
+ exit(1);
+}
+
+void
+fatalperror_errno(int f, const char *msg, int error)
+{
+ char buf[BUFSIZ];
+
+ snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(error));
+ fatal(f, buf);
+}
+
+void
+fatalperror(int f, const char *msg)
+{
+ fatalperror_errno(f, msg, errno);
+}
+
+char editedhost[32];
+
+void edithost(char *pat, char *host)
+{
+ char *res = editedhost;
+
+ if (!pat)
+ pat = "";
+ while (*pat) {
+ switch (*pat) {
+
+ case '#':
+ if (*host)
+ host++;
+ break;
+
+ case '@':
+ if (*host)
+ *res++ = *host++;
+ break;
+
+ default:
+ *res++ = *pat;
+ break;
+ }
+ if (res == &editedhost[sizeof editedhost - 1]) {
+ *res = '\0';
+ return;
+ }
+ pat++;
+ }
+ if (*host)
+ strlcpy (res, host,
+ sizeof editedhost - (res - editedhost));
+ else
+ *res = '\0';
+ editedhost[sizeof editedhost - 1] = '\0';
+}
+
+static char *putlocation;
+
+void
+putstr(char *s)
+{
+
+ while (*s)
+ putchr(*s++);
+}
+
+void
+putchr(int cc)
+{
+ *putlocation++ = cc;
+}
+
+static char fmtstr[] = { "%l:%M%P on %A, %d %B %Y" };
+
+void putf(char *cp, char *where)
+{
+#ifdef HAVE_UNAME
+ struct utsname name;
+#endif
+ char *slash;
+ time_t t;
+ char db[100];
+
+ /* if we don't have uname, set these to sensible values */
+ char *sysname = "Unix",
+ *machine = "",
+ *release = "",
+ *version = "";
+
+#ifdef HAVE_UNAME
+ uname(&name);
+ sysname=name.sysname;
+ machine=name.machine;
+ release=name.release;
+ version=name.version;
+#endif
+
+ putlocation = where;
+
+ while (*cp) {
+ if (*cp != '%') {
+ putchr(*cp++);
+ continue;
+ }
+ switch (*++cp) {
+
+ case 't':
+ slash = strchr(line+1, '/');
+ if (slash == (char *) 0)
+ putstr(line);
+ else
+ putstr(&slash[1]);
+ break;
+
+ case 'h':
+ putstr(editedhost);
+ break;
+
+ case 's':
+ putstr(sysname);
+ break;
+
+ case 'm':
+ putstr(machine);
+ break;
+
+ case 'r':
+ putstr(release);
+ break;
+
+ case 'v':
+ putstr(version);
+ break;
+
+ case 'd':
+ time(&t);
+ strftime(db, sizeof(db), fmtstr, localtime(&t));
+ putstr(db);
+ break;
+
+ case '%':
+ putchr('%');
+ break;
+ }
+ cp++;
+ }
+}
+
+#ifdef DIAGNOSTICS
+/*
+ * Print telnet options and commands in plain text, if possible.
+ */
+void
+printoption(char *fmt, int option)
+{
+ if (TELOPT_OK(option))
+ output_data("%s %s\r\n",
+ fmt,
+ TELOPT(option));
+ else if (TELCMD_OK(option))
+ output_data("%s %s\r\n",
+ fmt,
+ TELCMD(option));
+ else
+ output_data("%s %d\r\n",
+ fmt,
+ option);
+ return;
+}
+
+void
+printsub(int direction, unsigned char *pointer, int length)
+ /* '<' or '>' */
+ /* where suboption data sits */
+ /* length of suboption data */
+{
+ int i = 0;
+ unsigned char buf[512];
+
+ if (!(diagnostic & TD_OPTIONS))
+ return;
+
+ if (direction) {
+ output_data("td: %s suboption ",
+ direction == '<' ? "recv" : "send");
+ if (length >= 3) {
+ int j;
+
+ i = pointer[length-2];
+ j = pointer[length-1];
+
+ if (i != IAC || j != SE) {
+ output_data("(terminated by ");
+ if (TELOPT_OK(i))
+ output_data("%s ",
+ TELOPT(i));
+ else if (TELCMD_OK(i))
+ output_data("%s ",
+ TELCMD(i));
+ else
+ output_data("%d ",
+ i);
+ if (TELOPT_OK(j))
+ output_data("%s",
+ TELOPT(j));
+ else if (TELCMD_OK(j))
+ output_data("%s",
+ TELCMD(j));
+ else
+ output_data("%d",
+ j);
+ output_data(", not IAC SE!) ");
+ }
+ }
+ length -= 2;
+ }
+ if (length < 1) {
+ output_data("(Empty suboption??\?)");
+ return;
+ }
+ switch (pointer[0]) {
+ case TELOPT_TTYPE:
+ output_data("TERMINAL-TYPE ");
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ output_data("IS \"%.*s\"",
+ length-2,
+ (char *)pointer+2);
+ break;
+ case TELQUAL_SEND:
+ output_data("SEND");
+ break;
+ default:
+ output_data("- unknown qualifier %d (0x%x).",
+ pointer[1], pointer[1]);
+ }
+ break;
+ case TELOPT_TSPEED:
+ output_data("TERMINAL-SPEED");
+ if (length < 2) {
+ output_data(" (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ output_data(" IS %.*s", length-2, (char *)pointer+2);
+ break;
+ default:
+ if (pointer[1] == 1)
+ output_data(" SEND");
+ else
+ output_data(" %d (unknown)", pointer[1]);
+ for (i = 2; i < length; i++) {
+ output_data(" ?%d?", pointer[i]);
+ }
+ break;
+ }
+ break;
+
+ case TELOPT_LFLOW:
+ output_data("TOGGLE-FLOW-CONTROL");
+ if (length < 2) {
+ output_data(" (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case LFLOW_OFF:
+ output_data(" OFF");
+ break;
+ case LFLOW_ON:
+ output_data(" ON");
+ break;
+ case LFLOW_RESTART_ANY:
+ output_data(" RESTART-ANY");
+ break;
+ case LFLOW_RESTART_XON:
+ output_data(" RESTART-XON");
+ break;
+ default:
+ output_data(" %d (unknown)",
+ pointer[1]);
+ }
+ for (i = 2; i < length; i++) {
+ output_data(" ?%d?",
+ pointer[i]);
+ }
+ break;
+
+ case TELOPT_NAWS:
+ output_data("NAWS");
+ if (length < 2) {
+ output_data(" (empty suboption??\?)");
+ break;
+ }
+ if (length == 2) {
+ output_data(" ?%d?",
+ pointer[1]);
+ break;
+ }
+ output_data(" %u %u(%u)",
+ pointer[1],
+ pointer[2],
+ (((unsigned int)pointer[1])<<8) + pointer[2]);
+ if (length == 4) {
+ output_data(" ?%d?",
+ pointer[3]);
+ break;
+ }
+ output_data(" %u %u(%u)",
+ pointer[3],
+ pointer[4],
+ (((unsigned int)pointer[3])<<8) + pointer[4]);
+ for (i = 5; i < length; i++) {
+ output_data(" ?%d?",
+ pointer[i]);
+ }
+ break;
+
+ case TELOPT_LINEMODE:
+ output_data("LINEMODE ");
+ if (length < 2) {
+ output_data(" (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case WILL:
+ output_data("WILL ");
+ goto common;
+ case WONT:
+ output_data("WONT ");
+ goto common;
+ case DO:
+ output_data("DO ");
+ goto common;
+ case DONT:
+ output_data("DONT ");
+ common:
+ if (length < 3) {
+ output_data("(no option??\?)");
+ break;
+ }
+ switch (pointer[2]) {
+ case LM_FORWARDMASK:
+ output_data("Forward Mask");
+ for (i = 3; i < length; i++) {
+ output_data(" %x", pointer[i]);
+ }
+ break;
+ default:
+ output_data("%d (unknown)",
+ pointer[2]);
+ for (i = 3; i < length; i++) {
+ output_data(" %d",
+ pointer[i]);
+ }
+ break;
+ }
+ break;
+
+ case LM_SLC:
+ output_data("SLC");
+ for (i = 2; i < length - 2; i += 3) {
+ if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+ output_data(" %s",
+ SLC_NAME(pointer[i+SLC_FUNC]));
+ else
+ output_data(" %d",
+ pointer[i+SLC_FUNC]);
+ switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+ case SLC_NOSUPPORT:
+ output_data(" NOSUPPORT");
+ break;
+ case SLC_CANTCHANGE:
+ output_data(" CANTCHANGE");
+ break;
+ case SLC_VARIABLE:
+ output_data(" VARIABLE");
+ break;
+ case SLC_DEFAULT:
+ output_data(" DEFAULT");
+ break;
+ }
+ output_data("%s%s%s",
+ pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+ pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+ pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+ if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+ SLC_FLUSHOUT| SLC_LEVELBITS)) {
+ output_data("(0x%x)",
+ pointer[i+SLC_FLAGS]);
+ }
+ output_data(" %d;",
+ pointer[i+SLC_VALUE]);
+ if ((pointer[i+SLC_VALUE] == IAC) &&
+ (pointer[i+SLC_VALUE+1] == IAC))
+ i++;
+ }
+ for (; i < length; i++) {
+ output_data(" ?%d?",
+ pointer[i]);
+ }
+ break;
+
+ case LM_MODE:
+ output_data("MODE ");
+ if (length < 3) {
+ output_data("(no mode??\?)");
+ break;
+ }
+ {
+ char tbuf[32];
+ snprintf(tbuf,
+ sizeof(tbuf),
+ "%s%s%s%s%s",
+ pointer[2]&MODE_EDIT ? "|EDIT" : "",
+ pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+ pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+ pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+ pointer[2]&MODE_ACK ? "|ACK" : "");
+ output_data("%s",
+ tbuf[1] ? &tbuf[1] : "0");
+ }
+ if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+ output_data(" (0x%x)",
+ pointer[2]);
+ }
+ for (i = 3; i < length; i++) {
+ output_data(" ?0x%x?",
+ pointer[i]);
+ }
+ break;
+ default:
+ output_data("%d (unknown)",
+ pointer[1]);
+ for (i = 2; i < length; i++) {
+ output_data(" %d", pointer[i]);
+ }
+ }
+ break;
+
+ case TELOPT_STATUS: {
+ char *cp;
+ int j, k;
+
+ output_data("STATUS");
+
+ switch (pointer[1]) {
+ default:
+ if (pointer[1] == TELQUAL_SEND)
+ output_data(" SEND");
+ else
+ output_data(" %d (unknown)",
+ pointer[1]);
+ for (i = 2; i < length; i++) {
+ output_data(" ?%d?",
+ pointer[i]);
+ }
+ break;
+ case TELQUAL_IS:
+ output_data(" IS\r\n");
+
+ for (i = 2; i < length; i++) {
+ switch(pointer[i]) {
+ case DO: cp = "DO"; goto common2;
+ case DONT: cp = "DONT"; goto common2;
+ case WILL: cp = "WILL"; goto common2;
+ case WONT: cp = "WONT"; goto common2;
+ common2:
+ i++;
+ if (TELOPT_OK(pointer[i]))
+ output_data(" %s %s",
+ cp,
+ TELOPT(pointer[i]));
+ else
+ output_data(" %s %d",
+ cp,
+ pointer[i]);
+
+ output_data("\r\n");
+ break;
+
+ case SB:
+ output_data(" SB ");
+ i++;
+ j = k = i;
+ while (j < length) {
+ if (pointer[j] == SE) {
+ if (j+1 == length)
+ break;
+ if (pointer[j+1] == SE)
+ j++;
+ else
+ break;
+ }
+ pointer[k++] = pointer[j++];
+ }
+ printsub(0, &pointer[i], k - i);
+ if (i < length) {
+ output_data(" SE");
+ i = j;
+ } else
+ i = j - 1;
+
+ output_data("\r\n");
+
+ break;
+
+ default:
+ output_data(" %d",
+ pointer[i]);
+ break;
+ }
+ }
+ break;
+ }
+ break;
+ }
+
+ case TELOPT_XDISPLOC:
+ output_data("X-DISPLAY-LOCATION ");
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ output_data("IS \"%.*s\"",
+ length-2,
+ (char *)pointer+2);
+ break;
+ case TELQUAL_SEND:
+ output_data("SEND");
+ break;
+ default:
+ output_data("- unknown qualifier %d (0x%x).",
+ pointer[1], pointer[1]);
+ }
+ break;
+
+ case TELOPT_NEW_ENVIRON:
+ output_data("NEW-ENVIRON ");
+ goto env_common1;
+ case TELOPT_OLD_ENVIRON:
+ output_data("OLD-ENVIRON");
+ env_common1:
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ output_data("IS ");
+ goto env_common;
+ case TELQUAL_SEND:
+ output_data("SEND ");
+ goto env_common;
+ case TELQUAL_INFO:
+ output_data("INFO ");
+ env_common:
+ {
+ int noquote = 2;
+ for (i = 2; i < length; i++ ) {
+ switch (pointer[i]) {
+ case NEW_ENV_VAR:
+ output_data("\" VAR " + noquote);
+ noquote = 2;
+ break;
+
+ case NEW_ENV_VALUE:
+ output_data("\" VALUE " + noquote);
+ noquote = 2;
+ break;
+
+ case ENV_ESC:
+ output_data("\" ESC " + noquote);
+ noquote = 2;
+ break;
+
+ case ENV_USERVAR:
+ output_data("\" USERVAR " + noquote);
+ noquote = 2;
+ break;
+
+ default:
+ if (isprint(pointer[i]) && pointer[i] != '"') {
+ if (noquote) {
+ output_data ("\"");
+ noquote = 0;
+ }
+ output_data ("%c", pointer[i]);
+ } else {
+ output_data("\" %03o " + noquote,
+ pointer[i]);
+ noquote = 2;
+ }
+ break;
+ }
+ }
+ if (!noquote)
+ output_data ("\"");
+ break;
+ }
+ }
+ break;
+
+#ifdef AUTHENTICATION
+ case TELOPT_AUTHENTICATION:
+ output_data("AUTHENTICATION");
+
+ if (length < 2) {
+ output_data(" (empty suboption??\?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case TELQUAL_REPLY:
+ case TELQUAL_IS:
+ output_data(" %s ",
+ (pointer[1] == TELQUAL_IS) ?
+ "IS" : "REPLY");
+ if (AUTHTYPE_NAME_OK(pointer[2]))
+ output_data("%s ",
+ AUTHTYPE_NAME(pointer[2]));
+ else
+ output_data("%d ",
+ pointer[2]);
+ if (length < 3) {
+ output_data("(partial suboption??\?)");
+ break;
+ }
+ output_data("%s|%s",
+ ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ "CLIENT" : "SERVER",
+ ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ "MUTUAL" : "ONE-WAY");
+
+ auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+ output_data("%s",
+ buf);
+ break;
+
+ case TELQUAL_SEND:
+ i = 2;
+ output_data(" SEND ");
+ while (i < length) {
+ if (AUTHTYPE_NAME_OK(pointer[i]))
+ output_data("%s ",
+ AUTHTYPE_NAME(pointer[i]));
+ else
+ output_data("%d ",
+ pointer[i]);
+ if (++i >= length) {
+ output_data("(partial suboption??\?)");
+ break;
+ }
+ output_data("%s|%s ",
+ ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ "CLIENT" : "SERVER",
+ ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ "MUTUAL" : "ONE-WAY");
+ ++i;
+ }
+ break;
+
+ case TELQUAL_NAME:
+ i = 2;
+ output_data(" NAME \"%.*s\"",
+ length - 2,
+ pointer);
+ break;
+
+ default:
+ for (i = 2; i < length; i++) {
+ output_data(" ?%d?",
+ pointer[i]);
+ }
+ break;
+ }
+ break;
+#endif
+
+#ifdef ENCRYPTION
+ case TELOPT_ENCRYPT:
+ output_data("ENCRYPT");
+ if (length < 2) {
+ output_data(" (empty suboption?)");
+ break;
+ }
+ switch (pointer[1]) {
+ case ENCRYPT_START:
+ output_data(" START");
+ break;
+
+ case ENCRYPT_END:
+ output_data(" END");
+ break;
+
+ case ENCRYPT_REQSTART:
+ output_data(" REQUEST-START");
+ break;
+
+ case ENCRYPT_REQEND:
+ output_data(" REQUEST-END");
+ break;
+
+ case ENCRYPT_IS:
+ case ENCRYPT_REPLY:
+ output_data(" %s ",
+ (pointer[1] == ENCRYPT_IS) ?
+ "IS" : "REPLY");
+ if (length < 3) {
+ output_data(" (partial suboption?)");
+ break;
+ }
+ if (ENCTYPE_NAME_OK(pointer[2]))
+ output_data("%s ",
+ ENCTYPE_NAME(pointer[2]));
+ else
+ output_data(" %d (unknown)",
+ pointer[2]);
+
+ encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+ output_data("%s",
+ buf);
+ break;
+
+ case ENCRYPT_SUPPORT:
+ i = 2;
+ output_data(" SUPPORT ");
+ while (i < length) {
+ if (ENCTYPE_NAME_OK(pointer[i]))
+ output_data("%s ",
+ ENCTYPE_NAME(pointer[i]));
+ else
+ output_data("%d ",
+ pointer[i]);
+ i++;
+ }
+ break;
+
+ case ENCRYPT_ENC_KEYID:
+ output_data(" ENC_KEYID %d", pointer[1]);
+ goto encommon;
+
+ case ENCRYPT_DEC_KEYID:
+ output_data(" DEC_KEYID %d", pointer[1]);
+ goto encommon;
+
+ default:
+ output_data(" %d (unknown)", pointer[1]);
+ encommon:
+ for (i = 2; i < length; i++) {
+ output_data(" %d", pointer[i]);
+ }
+ break;
+ }
+ break;
+#endif
+
+ default:
+ if (TELOPT_OK(pointer[0]))
+ output_data("%s (unknown)",
+ TELOPT(pointer[0]));
+ else
+ output_data("%d (unknown)",
+ pointer[i]);
+ for (i = 1; i < length; i++) {
+ output_data(" %d", pointer[i]);
+ }
+ break;
+ }
+ output_data("\r\n");
+}
+
+/*
+ * Dump a data buffer in hex and ascii to the output data stream.
+ */
+void
+printdata(char *tag, char *ptr, int cnt)
+{
+ int i;
+ char xbuf[30];
+
+ while (cnt) {
+ /* flush net output buffer if no room for new data) */
+ if ((&netobuf[BUFSIZ] - nfrontp) < 80) {
+ netflush();
+ }
+
+ /* add a line of output */
+ output_data("%s: ", tag);
+ for (i = 0; i < 20 && cnt; i++) {
+ output_data("%02x", *ptr);
+ if (isprint((unsigned char)*ptr)) {
+ xbuf[i] = *ptr;
+ } else {
+ xbuf[i] = '.';
+ }
+ if (i % 2) {
+ output_data(" ");
+ }
+ cnt--;
+ ptr++;
+ }
+ xbuf[i] = '\0';
+ output_data(" %s\r\n", xbuf);
+ }
+}
+#endif /* DIAGNOSTICS */
Added: vendor-crypto/heimdal/dist/appl/test/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,42 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \
+ uu_server uu_client nt_gss_server nt_gss_client http_client
+
+tcp_client_SOURCES = tcp_client.c common.c test_locl.h
+
+tcp_server_SOURCES = tcp_server.c common.c test_locl.h
+
+gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
+ gss_common.h test_locl.h
+
+gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
+ gss_common.h test_locl.h
+
+http_client_SOURCES = http_client.c gss_common.c common.c \
+ gss_common.h test_locl.h
+
+uu_server_SOURCES = uu_server.c common.c test_locl.h
+
+uu_client_SOURCES = uu_client.c common.c test_locl.h
+
+gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
+
+gssapi_client_LDADD = $(gssapi_server_LDADD)
+
+http_client_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
+
+nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c nt_gss_common.h common.c
+
+nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c nt_gss_common.h
+
+nt_gss_client_LDADD = $(gssapi_server_LDADD)
+
+nt_gss_server_LDADD = $(nt_gss_client_LDADD)
+
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
Added: vendor-crypto/heimdal/dist/appl/test/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,856 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+noinst_PROGRAMS = tcp_client$(EXEEXT) tcp_server$(EXEEXT) \
+ gssapi_server$(EXEEXT) gssapi_client$(EXEEXT) \
+ uu_server$(EXEEXT) uu_client$(EXEEXT) nt_gss_server$(EXEEXT) \
+ nt_gss_client$(EXEEXT) http_client$(EXEEXT)
+subdir = appl/test
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_gssapi_client_OBJECTS = gssapi_client.$(OBJEXT) \
+ gss_common.$(OBJEXT) common.$(OBJEXT)
+gssapi_client_OBJECTS = $(am_gssapi_client_OBJECTS)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+am__DEPENDENCIES_3 = $(top_builddir)/lib/gssapi/libgssapi.la \
+ $(am__DEPENDENCIES_2)
+gssapi_client_DEPENDENCIES = $(am__DEPENDENCIES_3)
+am_gssapi_server_OBJECTS = gssapi_server.$(OBJEXT) \
+ gss_common.$(OBJEXT) common.$(OBJEXT)
+gssapi_server_OBJECTS = $(am_gssapi_server_OBJECTS)
+gssapi_server_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+ $(am__DEPENDENCIES_2)
+am_http_client_OBJECTS = http_client.$(OBJEXT) gss_common.$(OBJEXT) \
+ common.$(OBJEXT)
+http_client_OBJECTS = $(am_http_client_OBJECTS)
+http_client_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \
+ $(am__DEPENDENCIES_2)
+am_nt_gss_client_OBJECTS = nt_gss_client.$(OBJEXT) \
+ nt_gss_common.$(OBJEXT) common.$(OBJEXT)
+nt_gss_client_OBJECTS = $(am_nt_gss_client_OBJECTS)
+nt_gss_client_DEPENDENCIES = $(am__DEPENDENCIES_3)
+am_nt_gss_server_OBJECTS = nt_gss_server.$(OBJEXT) \
+ nt_gss_common.$(OBJEXT)
+nt_gss_server_OBJECTS = $(am_nt_gss_server_OBJECTS)
+am__DEPENDENCIES_4 = $(am__DEPENDENCIES_3)
+nt_gss_server_DEPENDENCIES = $(am__DEPENDENCIES_4)
+am_tcp_client_OBJECTS = tcp_client.$(OBJEXT) common.$(OBJEXT)
+tcp_client_OBJECTS = $(am_tcp_client_OBJECTS)
+tcp_client_LDADD = $(LDADD)
+tcp_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+am_tcp_server_OBJECTS = tcp_server.$(OBJEXT) common.$(OBJEXT)
+tcp_server_OBJECTS = $(am_tcp_server_OBJECTS)
+tcp_server_LDADD = $(LDADD)
+tcp_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+am_uu_client_OBJECTS = uu_client.$(OBJEXT) common.$(OBJEXT)
+uu_client_OBJECTS = $(am_uu_client_OBJECTS)
+uu_client_LDADD = $(LDADD)
+uu_client_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+am_uu_server_OBJECTS = uu_server.$(OBJEXT) common.$(OBJEXT)
+uu_server_OBJECTS = $(am_uu_server_OBJECTS)
+uu_server_LDADD = $(LDADD)
+uu_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
+ $(http_client_SOURCES) $(nt_gss_client_SOURCES) \
+ $(nt_gss_server_SOURCES) $(tcp_client_SOURCES) \
+ $(tcp_server_SOURCES) $(uu_client_SOURCES) \
+ $(uu_server_SOURCES)
+DIST_SOURCES = $(gssapi_client_SOURCES) $(gssapi_server_SOURCES) \
+ $(http_client_SOURCES) $(nt_gss_client_SOURCES) \
+ $(nt_gss_server_SOURCES) $(tcp_client_SOURCES) \
+ $(tcp_server_SOURCES) $(uu_client_SOURCES) \
+ $(uu_server_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+tcp_client_SOURCES = tcp_client.c common.c test_locl.h
+tcp_server_SOURCES = tcp_server.c common.c test_locl.h
+gssapi_server_SOURCES = gssapi_server.c gss_common.c common.c \
+ gss_common.h test_locl.h
+
+gssapi_client_SOURCES = gssapi_client.c gss_common.c common.c \
+ gss_common.h test_locl.h
+
+http_client_SOURCES = http_client.c gss_common.c common.c \
+ gss_common.h test_locl.h
+
+uu_server_SOURCES = uu_server.c common.c test_locl.h
+uu_client_SOURCES = uu_client.c common.c test_locl.h
+gssapi_server_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
+gssapi_client_LDADD = $(gssapi_server_LDADD)
+http_client_LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LDADD)
+nt_gss_client_SOURCES = nt_gss_client.c nt_gss_common.c nt_gss_common.h common.c
+nt_gss_server_SOURCES = nt_gss_server.c nt_gss_common.c nt_gss_common.h
+nt_gss_client_LDADD = $(gssapi_server_LDADD)
+nt_gss_server_LDADD = $(nt_gss_client_LDADD)
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/test/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps appl/test/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+gssapi_client$(EXEEXT): $(gssapi_client_OBJECTS) $(gssapi_client_DEPENDENCIES)
+ @rm -f gssapi_client$(EXEEXT)
+ $(LINK) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS)
+gssapi_server$(EXEEXT): $(gssapi_server_OBJECTS) $(gssapi_server_DEPENDENCIES)
+ @rm -f gssapi_server$(EXEEXT)
+ $(LINK) $(gssapi_server_OBJECTS) $(gssapi_server_LDADD) $(LIBS)
+http_client$(EXEEXT): $(http_client_OBJECTS) $(http_client_DEPENDENCIES)
+ @rm -f http_client$(EXEEXT)
+ $(LINK) $(http_client_OBJECTS) $(http_client_LDADD) $(LIBS)
+nt_gss_client$(EXEEXT): $(nt_gss_client_OBJECTS) $(nt_gss_client_DEPENDENCIES)
+ @rm -f nt_gss_client$(EXEEXT)
+ $(LINK) $(nt_gss_client_OBJECTS) $(nt_gss_client_LDADD) $(LIBS)
+nt_gss_server$(EXEEXT): $(nt_gss_server_OBJECTS) $(nt_gss_server_DEPENDENCIES)
+ @rm -f nt_gss_server$(EXEEXT)
+ $(LINK) $(nt_gss_server_OBJECTS) $(nt_gss_server_LDADD) $(LIBS)
+tcp_client$(EXEEXT): $(tcp_client_OBJECTS) $(tcp_client_DEPENDENCIES)
+ @rm -f tcp_client$(EXEEXT)
+ $(LINK) $(tcp_client_OBJECTS) $(tcp_client_LDADD) $(LIBS)
+tcp_server$(EXEEXT): $(tcp_server_OBJECTS) $(tcp_server_DEPENDENCIES)
+ @rm -f tcp_server$(EXEEXT)
+ $(LINK) $(tcp_server_OBJECTS) $(tcp_server_LDADD) $(LIBS)
+uu_client$(EXEEXT): $(uu_client_OBJECTS) $(uu_client_DEPENDENCIES)
+ @rm -f uu_client$(EXEEXT)
+ $(LINK) $(uu_client_OBJECTS) $(uu_client_LDADD) $(LIBS)
+uu_server$(EXEEXT): $(uu_server_OBJECTS) $(uu_server_DEPENDENCIES)
+ @rm -f uu_server$(EXEEXT)
+ $(LINK) $(uu_server_OBJECTS) $(uu_server_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/appl/test/common.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/common.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,174 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+
+RCSID("$Id: common.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int help_flag;
+static int version_flag;
+static char *port_str;
+static char *keytab_str;
+krb5_keytab keytab;
+char *service = SERVICE;
+char *mech = "krb5";
+int fork_flag;
+
+static struct getargs args[] = {
+ { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
+ { "service", 's', arg_string, &service, "service to use", "service" },
+ { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" },
+ { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
+ { "fork", 'f', arg_flag, &fork_flag, "do fork" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+server_usage(int code, struct getargs *args, int num_args)
+{
+ arg_printusage(args, num_args, NULL, "");
+ exit(code);
+}
+
+static void
+client_usage(int code, struct getargs *args, int num_args)
+{
+ arg_printusage(args, num_args, NULL, "host");
+ exit(code);
+}
+
+
+static int
+common_setup(krb5_context *context, int *argc, char **argv,
+ void (*usage)(int, struct getargs*, int))
+{
+ int port = 0;
+ *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
+
+ if(help_flag)
+ (*usage)(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(port_str){
+ struct servent *s = roken_getservbyname(port_str, "tcp");
+ if(s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ port = htons(port);
+ }
+ }
+
+ if (port == 0)
+ port = krb5_getportbyname (*context, PORT, "tcp", 4711);
+
+ return port;
+}
+
+int
+server_setup(krb5_context *context, int argc, char **argv)
+{
+ int port = common_setup(context, &argc, argv, server_usage);
+ krb5_error_code ret;
+
+ if(argv[argc] != NULL)
+ server_usage(1, args, num_args);
+ if (keytab_str != NULL)
+ ret = krb5_kt_resolve (*context, keytab_str, &keytab);
+ else
+ ret = krb5_kt_default (*context, &keytab);
+ if (ret)
+ krb5_err (*context, 1, ret, "krb5_kt_resolve/default");
+ return port;
+}
+
+int
+client_setup(krb5_context *context, int *argc, char **argv)
+{
+ int optind = *argc;
+ int port = common_setup(context, &optind, argv, client_usage);
+ if(*argc - optind != 1)
+ client_usage(1, args, num_args);
+ *argc = optind;
+ return port;
+}
+
+int
+client_doit (const char *hostname, int port, const char *service,
+ int (*func)(int, const char *hostname, const char *service))
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ char portstr[NI_MAXSERV];
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
+
+ error = getaddrinfo (hostname, portstr, &hints, &ai);
+ if (error) {
+ errx (1, "%s: %s", hostname, gai_strerror(error));
+ return -1;
+ }
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ int s;
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ freeaddrinfo (ai);
+ return (*func) (s, hostname, service);
+ }
+ warnx ("failed to contact %s", hostname);
+ freeaddrinfo (ai);
+ return 1;
+}
Added: vendor-crypto/heimdal/dist/appl/test/gss_common.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/gss_common.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/gss_common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "gss_common.h"
+RCSID("$Id: gss_common.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+void
+write_token (int sock, gss_buffer_t buf)
+{
+ uint32_t len, net_len;
+ OM_uint32 min_stat;
+
+ len = buf->length;
+
+ net_len = htonl(len);
+
+ if (net_write (sock, &net_len, 4) != 4)
+ err (1, "write");
+ if (net_write (sock, buf->value, len) != len)
+ err (1, "write");
+
+ gss_release_buffer (&min_stat, buf);
+}
+
+static void
+enet_read(int fd, void *buf, size_t len)
+{
+ ssize_t ret;
+
+ ret = net_read (fd, buf, len);
+ if (ret == 0)
+ errx (1, "EOF in read");
+ else if (ret < 0)
+ errx (1, "read");
+}
+
+void
+read_token (int sock, gss_buffer_t buf)
+{
+ uint32_t len, net_len;
+
+ enet_read (sock, &net_len, 4);
+ len = ntohl(net_len);
+ buf->length = len;
+ buf->value = emalloc(len);
+ enet_read (sock, buf->value, len);
+}
+
+void
+gss_print_errors (int min_stat)
+{
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ OM_uint32 ret;
+
+ do {
+ ret = gss_display_status (&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ fprintf (stderr, "%.*s\n", (int)status_string.length,
+ (char *)status_string.value);
+ gss_release_buffer (&new_stat, &status_string);
+ } while (!GSS_ERROR(ret) && msg_ctx != 0);
+}
+
+void
+gss_verr(int exitval, int status, const char *fmt, va_list ap)
+{
+ vwarnx (fmt, ap);
+ gss_print_errors (status);
+ exit (exitval);
+}
+
+void
+gss_err(int exitval, int status, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ gss_verr (exitval, status, fmt, args);
+ va_end(args);
+}
+
+gss_OID
+select_mech(const char *mech)
+{
+ if (strcasecmp(mech, "krb5") == 0)
+ return GSS_KRB5_MECHANISM;
+ else if (strcasecmp(mech, "spnego") == 0)
+ return GSS_SPNEGO_MECHANISM;
+ else if (strcasecmp(mech, "no-oid") == 0)
+ return GSS_C_NO_OID;
+ else
+ errx (1, "Unknown mechanism '%s' (spnego, krb5, no-oid)", mech);
+}
+
+void
+print_gss_name(const char *prefix, gss_name_t name)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc name_token;
+
+ maj_stat = gss_display_name (&min_stat,
+ name,
+ &name_token,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_display_name");
+
+ fprintf (stderr, "%s `%.*s'\n", prefix,
+ (int)name_token.length,
+ (char *)name_token.value);
+
+ gss_release_buffer (&min_stat, &name_token);
+
+}
Added: vendor-crypto/heimdal/dist/appl/test/gss_common.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/gss_common.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/gss_common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gss_common.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+void write_token (int sock, gss_buffer_t buf);
+void read_token (int sock, gss_buffer_t buf);
+
+void gss_print_errors (int min_stat);
+
+void gss_verr(int exitval, int status, const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 3, 0)));
+
+void gss_err(int exitval, int status, const char *fmt, ...)
+ __attribute__ ((format (printf, 3, 4)));
+
+gss_OID select_mech(const char *);
+
+void print_gss_name(const char *, gss_name_t);
Added: vendor-crypto/heimdal/dist/appl/test/gssapi_client.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/gssapi_client.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/gssapi_client.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,248 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "gss_common.h"
+RCSID("$Id: gssapi_client.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int
+do_trans (int sock, gss_ctx_id_t context_hdl)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc real_input_token, real_output_token;
+ gss_buffer_t input_token = &real_input_token,
+ output_token = &real_output_token;
+
+ /* get_mic */
+
+ input_token->length = 3;
+ input_token->value = strdup("hej");
+
+ maj_stat = gss_get_mic(&min_stat,
+ context_hdl,
+ GSS_C_QOP_DEFAULT,
+ input_token,
+ output_token);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_get_mic");
+
+ write_token (sock, input_token);
+ write_token (sock, output_token);
+
+ /* wrap */
+
+ input_token->length = 7;
+ input_token->value = "hemligt";
+
+ maj_stat = gss_wrap (&min_stat,
+ context_hdl,
+ 0,
+ GSS_C_QOP_DEFAULT,
+ input_token,
+ NULL,
+ output_token);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_wrap");
+
+ write_token (sock, output_token);
+
+ maj_stat = gss_wrap (&min_stat,
+ context_hdl,
+ 1,
+ GSS_C_QOP_DEFAULT,
+ input_token,
+ NULL,
+ output_token);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_wrap");
+
+ write_token (sock, output_token);
+
+ return 0;
+}
+
+static int
+proto (int sock, const char *hostname, const char *service)
+{
+ struct sockaddr_in remote, local;
+ socklen_t addrlen;
+
+ int context_established = 0;
+ gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+ gss_buffer_desc real_input_token, real_output_token;
+ gss_buffer_t input_token = &real_input_token,
+ output_token = &real_output_token;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t server;
+ gss_buffer_desc name_token;
+ struct gss_channel_bindings_struct input_chan_bindings;
+ u_char init_buf[4];
+ u_char acct_buf[4];
+ gss_OID mech_oid;
+ char *str;
+
+ mech_oid = select_mech(mech);
+
+ name_token.length = asprintf (&str,
+ "%s@%s", service, hostname);
+ if (str == NULL)
+ errx(1, "malloc - out of memory");
+ name_token.value = str;
+
+ maj_stat = gss_import_name (&min_stat,
+ &name_token,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &server);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat,
+ "Error importing name `%s@%s':\n", service, hostname);
+
+ addrlen = sizeof(local);
+ if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
+ || addrlen != sizeof(local))
+ err (1, "getsockname(%s)", hostname);
+
+ addrlen = sizeof(remote);
+ if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
+ || addrlen != sizeof(remote))
+ err (1, "getpeername(%s)", hostname);
+
+ input_token->length = 0;
+ output_token->length = 0;
+
+ input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
+ input_chan_bindings.initiator_address.length = 4;
+ init_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
+ init_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
+ init_buf[2] = (local.sin_addr.s_addr >> 8) & 0xFF;
+ init_buf[3] = (local.sin_addr.s_addr >> 0) & 0xFF;
+ input_chan_bindings.initiator_address.value = init_buf;
+
+ input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
+ input_chan_bindings.acceptor_address.length = 4;
+ acct_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
+ acct_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
+ acct_buf[2] = (remote.sin_addr.s_addr >> 8) & 0xFF;
+ acct_buf[3] = (remote.sin_addr.s_addr >> 0) & 0xFF;
+ input_chan_bindings.acceptor_address.value = acct_buf;
+
+#if 0
+ input_chan_bindings.application_data.value = emalloc(4);
+ * (unsigned short*)input_chan_bindings.application_data.value = local.sin_port;
+ * ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port;
+ input_chan_bindings.application_data.length = 4;
+#else
+ input_chan_bindings.application_data.length = 0;
+ input_chan_bindings.application_data.value = NULL;
+#endif
+
+ while(!context_established) {
+ maj_stat =
+ gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &context_hdl,
+ server,
+ mech_oid,
+ GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG
+ | GSS_C_DELEG_FLAG,
+ 0,
+ &input_chan_bindings,
+ input_token,
+ NULL,
+ output_token,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_init_sec_context");
+ if (output_token->length != 0)
+ write_token (sock, output_token);
+ if (GSS_ERROR(maj_stat)) {
+ if (context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&min_stat,
+ &context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ }
+ if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+ read_token (sock, input_token);
+ } else {
+ context_established = 1;
+ }
+
+ }
+ if (fork_flag) {
+ pid_t pid;
+ int pipefd[2];
+
+ if (pipe (pipefd) < 0)
+ err (1, "pipe");
+
+ pid = fork ();
+ if (pid < 0)
+ err (1, "fork");
+ if (pid != 0) {
+ gss_buffer_desc buf;
+
+ maj_stat = gss_export_sec_context (&min_stat,
+ &context_hdl,
+ &buf);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_export_sec_context");
+ write_token (pipefd[1], &buf);
+ exit (0);
+ } else {
+ gss_ctx_id_t context_hdl;
+ gss_buffer_desc buf;
+
+ close (pipefd[1]);
+ read_token (pipefd[0], &buf);
+ close (pipefd[0]);
+ maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_import_sec_context");
+ gss_release_buffer (&min_stat, &buf);
+ return do_trans (sock, context_hdl);
+ }
+ } else {
+ return do_trans (sock, context_hdl);
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context; /* XXX */
+ int port = client_setup(&context, &argc, argv);
+ return client_doit (argv[argc], port, service, proto);
+}
Added: vendor-crypto/heimdal/dist/appl/test/gssapi_server.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/gssapi_server.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/gssapi_server.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,334 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "gss_common.h"
+RCSID("$Id: gssapi_server.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+static int
+process_it(int sock,
+ gss_ctx_id_t context_hdl,
+ gss_name_t client_name
+ )
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc real_input_token, real_output_token;
+ gss_buffer_t input_token = &real_input_token,
+ output_token = &real_output_token;
+ gss_name_t server_name;
+ int conf_flag;
+
+ print_gss_name("User is", client_name);
+
+ maj_stat = gss_inquire_context(&min_stat,
+ context_hdl,
+ NULL,
+ &server_name,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_inquire_context");
+
+ print_gss_name("Server is", server_name);
+
+ maj_stat = gss_release_name(&min_stat, &server_name);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_release_name");
+
+ /* gss_verify_mic */
+
+ read_token (sock, input_token);
+ read_token (sock, output_token);
+
+ maj_stat = gss_verify_mic (&min_stat,
+ context_hdl,
+ input_token,
+ output_token,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_verify_mic");
+
+ fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
+ (char *)input_token->value);
+
+ gss_release_buffer (&min_stat, input_token);
+ gss_release_buffer (&min_stat, output_token);
+
+ /* gss_unwrap */
+
+ read_token (sock, input_token);
+
+ maj_stat = gss_unwrap (&min_stat,
+ context_hdl,
+ input_token,
+ output_token,
+ &conf_flag,
+ NULL);
+ if(GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_unwrap");
+
+ fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
+ (char *)output_token->value,
+ conf_flag ? "CONF" : "INT");
+
+ gss_release_buffer (&min_stat, input_token);
+ gss_release_buffer (&min_stat, output_token);
+
+ read_token (sock, input_token);
+
+ maj_stat = gss_unwrap (&min_stat,
+ context_hdl,
+ input_token,
+ output_token,
+ &conf_flag,
+ NULL);
+ if(GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_unwrap");
+
+ fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length,
+ (char *)output_token->value,
+ conf_flag ? "CONF" : "INT");
+
+ gss_release_buffer (&min_stat, input_token);
+ gss_release_buffer (&min_stat, output_token);
+
+ return 0;
+}
+
+static int
+proto (int sock, const char *service)
+{
+ struct sockaddr_in remote, local;
+ socklen_t addrlen;
+ gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+ gss_buffer_desc real_input_token, real_output_token;
+ gss_buffer_t input_token = &real_input_token,
+ output_token = &real_output_token;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t client_name;
+ struct gss_channel_bindings_struct input_chan_bindings;
+ gss_cred_id_t delegated_cred_handle = NULL;
+ krb5_ccache ccache;
+ u_char init_buf[4];
+ u_char acct_buf[4];
+ gss_OID mech_oid;
+ char *mech, *p;
+
+ addrlen = sizeof(local);
+ if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
+ || addrlen != sizeof(local))
+ err (1, "getsockname)");
+
+ addrlen = sizeof(remote);
+ if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
+ || addrlen != sizeof(remote))
+ err (1, "getpeername");
+
+ input_chan_bindings.initiator_addrtype = GSS_C_AF_INET;
+ input_chan_bindings.initiator_address.length = 4;
+ init_buf[0] = (remote.sin_addr.s_addr >> 24) & 0xFF;
+ init_buf[1] = (remote.sin_addr.s_addr >> 16) & 0xFF;
+ init_buf[2] = (remote.sin_addr.s_addr >> 8) & 0xFF;
+ init_buf[3] = (remote.sin_addr.s_addr >> 0) & 0xFF;
+
+ input_chan_bindings.initiator_address.value = init_buf;
+ input_chan_bindings.acceptor_addrtype = GSS_C_AF_INET;
+
+ input_chan_bindings.acceptor_address.length = 4;
+ acct_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF;
+ acct_buf[1] = (local.sin_addr.s_addr >> 16) & 0xFF;
+ acct_buf[2] = (local.sin_addr.s_addr >> 8) & 0xFF;
+ acct_buf[3] = (local.sin_addr.s_addr >> 0) & 0xFF;
+ input_chan_bindings.acceptor_address.value = acct_buf;
+ input_chan_bindings.application_data.value = emalloc(4);
+#if 0
+ * (unsigned short *)input_chan_bindings.application_data.value =
+ remote.sin_port;
+ * ((unsigned short *)input_chan_bindings.application_data.value + 1) =
+ local.sin_port;
+ input_chan_bindings.application_data.length = 4;
+#else
+ input_chan_bindings.application_data.length = 0;
+ input_chan_bindings.application_data.value = NULL;
+#endif
+
+ delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ do {
+ read_token (sock, input_token);
+ maj_stat =
+ gss_accept_sec_context (&min_stat,
+ &context_hdl,
+ GSS_C_NO_CREDENTIAL,
+ input_token,
+ &input_chan_bindings,
+ &client_name,
+ &mech_oid,
+ output_token,
+ NULL,
+ NULL,
+ &delegated_cred_handle);
+ if(GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_accept_sec_context");
+ if (output_token->length != 0)
+ write_token (sock, output_token);
+ if (GSS_ERROR(maj_stat)) {
+ if (context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&min_stat,
+ &context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ }
+ } while(maj_stat & GSS_S_CONTINUE_NEEDED);
+
+ p = (char *)mech_oid->elements;
+ if (mech_oid->length == GSS_KRB5_MECHANISM->length
+ && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0)
+ mech = "Kerberos 5";
+ else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length
+ && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0)
+ mech = "SPNEGO"; /* XXX Silly, wont show up */
+ else
+ mech = "Unknown";
+
+ printf("Using mech: %s\n", mech);
+
+ if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+ krb5_context context;
+
+ printf("Delegated cred found\n");
+
+ maj_stat = krb5_init_context(&context);
+ maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
+ maj_stat = gss_krb5_copy_ccache(&min_stat,
+ delegated_cred_handle,
+ ccache);
+ if (maj_stat == 0) {
+ krb5_principal p;
+ maj_stat = krb5_cc_get_principal(context, ccache, &p);
+ if (maj_stat == 0) {
+ char *name;
+ maj_stat = krb5_unparse_name(context, p, &name);
+ if (maj_stat == 0) {
+ printf("Delegated user is: `%s'\n", name);
+ free(name);
+ }
+ krb5_free_principal(context, p);
+ }
+ }
+ krb5_cc_close(context, ccache);
+ gss_release_cred(&min_stat, &delegated_cred_handle);
+ }
+
+ if (fork_flag) {
+ pid_t pid;
+ int pipefd[2];
+
+ if (pipe (pipefd) < 0)
+ err (1, "pipe");
+
+ pid = fork ();
+ if (pid < 0)
+ err (1, "fork");
+ if (pid != 0) {
+ gss_buffer_desc buf;
+
+ maj_stat = gss_export_sec_context (&min_stat,
+ &context_hdl,
+ &buf);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_export_sec_context");
+ write_token (pipefd[1], &buf);
+ exit (0);
+ } else {
+ gss_ctx_id_t context_hdl;
+ gss_buffer_desc buf;
+
+ close (pipefd[1]);
+ read_token (pipefd[0], &buf);
+ close (pipefd[0]);
+ maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_import_sec_context");
+ gss_release_buffer (&min_stat, &buf);
+ return process_it (sock, context_hdl, client_name);
+ }
+ } else {
+ return process_it (sock, context_hdl, client_name);
+ }
+}
+
+static int
+doit (int port, const char *service)
+{
+ int sock, sock2;
+ struct sockaddr_in my_addr;
+ int one = 1;
+
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+ if (sock < 0)
+ err (1, "socket");
+
+ memset (&my_addr, 0, sizeof(my_addr));
+ my_addr.sin_family = AF_INET;
+ my_addr.sin_port = port;
+ my_addr.sin_addr.s_addr = INADDR_ANY;
+
+ if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
+ (void *)&one, sizeof(one)) < 0)
+ warn ("setsockopt SO_REUSEADDR");
+
+ if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
+ err (1, "bind");
+
+ if (listen (sock, 1) < 0)
+ err (1, "listen");
+
+ sock2 = accept (sock, NULL, NULL);
+ if (sock2 < 0)
+ err (1, "accept");
+
+ return proto (sock2, service);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context = NULL; /* XXX */
+ int port = server_setup(&context, argc, argv);
+ return doit (port, service);
+}
Added: vendor-crypto/heimdal/dist/appl/test/http_client.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/http_client.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/http_client.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,504 @@
+/*
+ * Copyright (c) 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "gss_common.h"
+#include <base64.h>
+
+RCSID("$Id: http_client.c,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $");
+
+/*
+ * A simplistic client implementing draft-brezak-spnego-http-04.txt
+ */
+
+static int
+do_connect (const char *hostname, const char *port)
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ int s = -1;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = 0;
+
+ error = getaddrinfo (hostname, port, &hints, &ai);
+ if (error)
+ errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error));
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ break;
+ }
+ freeaddrinfo (ai);
+ if (a == NULL)
+ errx (1, "failed to contact %s", hostname);
+
+ return s;
+}
+
+static void
+fdprintf(int s, const char *fmt, ...)
+{
+ size_t len;
+ ssize_t ret;
+ va_list ap;
+ char *str, *buf;
+
+ va_start(ap, fmt);
+ vasprintf(&str, fmt, ap);
+ va_end(ap);
+
+ if (str == NULL)
+ errx(1, "vasprintf");
+
+ buf = str;
+ len = strlen(buf);
+ while (len) {
+ ret = write(s, buf, len);
+ if (ret == 0)
+ err(1, "connection closed");
+ else if (ret < 0)
+ err(1, "error");
+ len -= ret;
+ buf += ret;
+ }
+ free(str);
+}
+
+static int help_flag;
+static int version_flag;
+static int verbose_flag;
+static int mutual_flag = 1;
+static int delegate_flag;
+static char *port_str = "http";
+static char *gss_service = "HTTP";
+
+static struct getargs http_args[] = {
+ { "verbose", 'v', arg_flag, &verbose_flag, "verbose logging", },
+ { "port", 'p', arg_string, &port_str, "port to connect to", "port" },
+ { "delegate", 0, arg_flag, &delegate_flag, "gssapi delegate credential" },
+ { "gss-service", 's', arg_string, &gss_service, "gssapi service to use",
+ "service" },
+ { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" },
+ { "mutual", 0, arg_negative_flag, &mutual_flag, "no gssapi mutual auth" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_http_args = sizeof(http_args) / sizeof(http_args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(http_args, num_http_args, NULL, "host [page]");
+ exit(code);
+}
+
+/*
+ *
+ */
+
+struct http_req {
+ char *response;
+ char **headers;
+ int num_headers;
+ void *body;
+ size_t body_size;
+};
+
+
+static void
+http_req_zero(struct http_req *req)
+{
+ req->response = NULL;
+ req->headers = NULL;
+ req->num_headers = 0;
+ req->body = NULL;
+ req->body_size = 0;
+}
+
+static void
+http_req_free(struct http_req *req)
+{
+ int i;
+
+ free(req->response);
+ for (i = 0; i < req->num_headers; i++)
+ free(req->headers[i]);
+ free(req->headers);
+ free(req->body);
+ http_req_zero(req);
+}
+
+static const char *
+http_find_header(struct http_req *req, const char *header)
+{
+ int i, len = strlen(header);
+
+ for (i = 0; i < req->num_headers; i++) {
+ if (strncasecmp(header, req->headers[i], len) == 0) {
+ return req->headers[i] + len + 1;
+ }
+ }
+ return NULL;
+}
+
+
+static int
+http_query(const char *host, const char *page,
+ char **headers, int num_headers, struct http_req *req)
+{
+ enum { RESPONSE, HEADER, BODY } state;
+ ssize_t ret;
+ char in_buf[1024], *in_ptr = in_buf;
+ size_t in_len = 0;
+ int s, i;
+
+ http_req_zero(req);
+
+ s = do_connect(host, port_str);
+ if (s < 0)
+ errx(1, "connection failed");
+
+ fdprintf(s, "GET %s HTTP/1.0\r\n", page);
+ for (i = 0; i < num_headers; i++)
+ fdprintf(s, "%s\r\n", headers[i]);
+ fdprintf(s, "Host: %s\r\n\r\n", host);
+
+ state = RESPONSE;
+
+ while (1) {
+ ret = read (s, in_ptr, sizeof(in_buf) - in_len - 1);
+ if (ret == 0)
+ break;
+ else if (ret < 0)
+ err (1, "read: %lu", (unsigned long)ret);
+
+ in_buf[ret + in_len] = '\0';
+
+ if (state == HEADER || state == RESPONSE) {
+ char *p;
+
+ in_len += ret;
+ in_ptr += ret;
+
+ while (1) {
+ p = strstr(in_buf, "\r\n");
+
+ if (p == NULL) {
+ break;
+ } else if (p == in_buf) {
+ memmove(in_buf, in_buf + 2, sizeof(in_buf) - 2);
+ state = BODY;
+ in_len -= 2;
+ in_ptr -= 2;
+ break;
+ } else if (state == RESPONSE) {
+ req->response = strndup(in_buf, p - in_buf);
+ state = HEADER;
+ } else {
+ req->headers = realloc(req->headers,
+ (req->num_headers + 1) * sizeof(req->headers[0]));
+ req->headers[req->num_headers] = strndup(in_buf, p - in_buf);
+ if (req->headers[req->num_headers] == NULL)
+ errx(1, "strdup");
+ req->num_headers++;
+ }
+ memmove(in_buf, p + 2, sizeof(in_buf) - (p - in_buf) - 2);
+ in_len -= (p - in_buf) + 2;
+ in_ptr -= (p - in_buf) + 2;
+ }
+ }
+
+ if (state == BODY) {
+
+ req->body = erealloc(req->body, req->body_size + ret + 1);
+
+ memcpy((char *)req->body + req->body_size, in_buf, ret);
+ req->body_size += ret;
+ ((char *)req->body)[req->body_size] = '\0';
+
+ in_ptr = in_buf;
+ in_len = 0;
+ } else
+ abort();
+ }
+
+ if (verbose_flag) {
+ int i;
+ printf("response: %s\n", req->response);
+ for (i = 0; i < req->num_headers; i++)
+ printf("header[%d] %s\n", i, req->headers[i]);
+ printf("body: %.*s\n", (int)req->body_size, (char *)req->body);
+ }
+
+ close(s);
+ return 0;
+}
+
+
+int
+main(int argc, char **argv)
+{
+ struct http_req req;
+ const char *host, *page;
+ int i, done, print_body, gssapi_done, gssapi_started;
+ char *headers[10]; /* XXX */
+ int num_headers;
+ gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+ gss_name_t server = GSS_C_NO_NAME;
+ int optind = 0;
+ gss_OID mech_oid;
+ OM_uint32 flags;
+
+ setprogname(argv[0]);
+
+ if(getarg(http_args, num_http_args, argc, argv, &optind))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ mech_oid = select_mech(mech);
+
+ if (argc != 1 && argc != 2)
+ errx(1, "usage: %s host [page]", getprogname());
+ host = argv[0];
+ if (argc == 2)
+ page = argv[1];
+ else
+ page = "/";
+
+ flags = 0;
+ if (delegate_flag)
+ flags |= GSS_C_DELEG_FLAG;
+ if (mutual_flag)
+ flags |= GSS_C_MUTUAL_FLAG;
+
+ done = 0;
+ num_headers = 0;
+ gssapi_done = 1;
+ gssapi_started = 0;
+ do {
+ print_body = 0;
+
+ http_query(host, page, headers, num_headers, &req);
+ for (i = 0 ; i < num_headers; i++)
+ free(headers[i]);
+ num_headers = 0;
+
+ if (strstr(req.response, " 200 ") != NULL) {
+ print_body = 1;
+ done = 1;
+ } else if (strstr(req.response, " 401 ") != NULL) {
+ if (http_find_header(&req, "WWW-Authenticate:") == NULL)
+ errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
+ gssapi_done = 0;
+ }
+
+ if (!gssapi_done) {
+ const char *h = http_find_header(&req, "WWW-Authenticate:");
+ if (h == NULL)
+ errx(1, "Got %s but missed `WWW-Authenticate'", req.response);
+
+ if (strncasecmp(h, "Negotiate", 9) == 0) {
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input_token, output_token;
+
+ if (verbose_flag)
+ printf("Negotiate found\n");
+
+ if (server == GSS_C_NO_NAME) {
+ char *name;
+ asprintf(&name, "%s@%s", gss_service, host);
+ input_token.length = strlen(name);
+ input_token.value = name;
+
+ maj_stat = gss_import_name(&min_stat,
+ &input_token,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &server);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_inport_name");
+ free(name);
+ input_token.length = 0;
+ input_token.value = NULL;
+ }
+
+ i = 9;
+ while(h[i] && isspace((unsigned char)h[i]))
+ i++;
+ if (h[i] != '\0') {
+ int len = strlen(&h[i]);
+ if (len == 0)
+ errx(1, "invalid Negotiate token");
+ input_token.value = emalloc(len);
+ len = base64_decode(&h[i], input_token.value);
+ if (len < 0)
+ errx(1, "invalid base64 Negotiate token %s", &h[i]);
+ input_token.length = len;
+ } else {
+ if (gssapi_started)
+ errx(1, "Negotiate already started");
+ gssapi_started = 1;
+
+ input_token.length = 0;
+ input_token.value = NULL;
+ }
+
+ maj_stat =
+ gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &context_hdl,
+ server,
+ mech_oid,
+ flags,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+ NULL,
+ &output_token,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_init_sec_context");
+ else if (maj_stat & GSS_S_CONTINUE_NEEDED)
+ gssapi_done = 0;
+ else {
+ gss_name_t targ_name, src_name;
+ gss_buffer_desc name_buffer;
+ gss_OID mech_type;
+
+ gssapi_done = 1;
+
+ printf("Negotiate done: %s\n", mech);
+
+ maj_stat = gss_inquire_context(&min_stat,
+ context_hdl,
+ &src_name,
+ &targ_name,
+ NULL,
+ &mech_type,
+ NULL,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_inquire_context");
+
+ maj_stat = gss_display_name(&min_stat,
+ src_name,
+ &name_buffer,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_display_name");
+
+ printf("Source: %.*s\n",
+ (int)name_buffer.length,
+ (char *)name_buffer.value);
+
+ gss_release_buffer(&min_stat, &name_buffer);
+
+ maj_stat = gss_display_name(&min_stat,
+ targ_name,
+ &name_buffer,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_display_name");
+
+ printf("Target: %.*s\n",
+ (int)name_buffer.length,
+ (char *)name_buffer.value);
+
+ gss_release_name(&min_stat, &targ_name);
+ gss_release_buffer(&min_stat, &name_buffer);
+ }
+
+ if (output_token.length) {
+ char *neg_token;
+
+ base64_encode(output_token.value,
+ output_token.length,
+ &neg_token);
+
+ asprintf(&headers[0], "Authorization: Negotiate %s",
+ neg_token);
+
+ num_headers = 1;
+ free(neg_token);
+ gss_release_buffer(&min_stat, &output_token);
+ }
+ if (input_token.length)
+ free(input_token.value);
+
+ } else
+ done = 1;
+ } else
+ done = 1;
+
+ if (verbose_flag) {
+ printf("%s\n\n", req.response);
+
+ for (i = 0; i < req.num_headers; i++)
+ printf("%s\n", req.headers[i]);
+ printf("\n");
+ }
+ if (print_body || verbose_flag)
+ printf("%.*s\n", (int)req.body_size, (char *)req.body);
+
+ http_req_free(&req);
+ } while (!done);
+
+ if (gssapi_done == 0)
+ errx(1, "gssapi not done but http dance done");
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/appl/test/nt_gss_client.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/nt_gss_client.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/nt_gss_client.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "nt_gss_common.h"
+
+RCSID("$Id: nt_gss_client.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+/*
+ * This program tries to act as a client for the sample in `Sample
+ * SSPI Code' in Windows 2000 RC1 SDK.
+ */
+
+static int
+proto (int sock, const char *hostname, const char *service)
+{
+ struct sockaddr_in remote, local;
+ socklen_t addrlen;
+
+ int context_established = 0;
+ gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+ gss_buffer_t input_token, output_token;
+ gss_buffer_desc real_input_token, real_output_token;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t server;
+ gss_buffer_desc name_token;
+ char *str;
+
+ name_token.length = asprintf (&str,
+ "%s@%s", service, hostname);
+ if (str == NULL)
+ errx(1, "out of memory");
+ name_token.value = str;
+
+ maj_stat = gss_import_name (&min_stat,
+ &name_token,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &server);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat,
+ "Error importing name `%s@%s':\n", service, hostname);
+
+ addrlen = sizeof(local);
+ if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
+ || addrlen != sizeof(local))
+ err (1, "getsockname(%s)", hostname);
+
+ addrlen = sizeof(remote);
+ if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
+ || addrlen != sizeof(remote))
+ err (1, "getpeername(%s)", hostname);
+
+ input_token = &real_input_token;
+ output_token = &real_output_token;
+
+ input_token->length = 0;
+ output_token->length = 0;
+
+ while(!context_established) {
+ maj_stat =
+ gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &context_hdl,
+ server,
+ GSS_C_NO_OID,
+ GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ input_token,
+ NULL,
+ output_token,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_init_sec_context");
+ if (output_token->length != 0)
+ nt_write_token (sock, output_token);
+ if (GSS_ERROR(maj_stat)) {
+ if (context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&min_stat,
+ &context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ }
+ if (maj_stat & GSS_S_CONTINUE_NEEDED) {
+ nt_read_token (sock, input_token);
+ } else {
+ context_established = 1;
+ }
+
+ }
+
+ /* get_mic */
+
+ input_token->length = 3;
+ input_token->value = strdup("hej");
+
+ maj_stat = gss_get_mic(&min_stat,
+ context_hdl,
+ GSS_C_QOP_DEFAULT,
+ input_token,
+ output_token);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_get_mic");
+
+ nt_write_token (sock, input_token);
+ nt_write_token (sock, output_token);
+
+ /* wrap */
+
+ input_token->length = 7;
+ input_token->value = "hemligt";
+
+
+ maj_stat = gss_wrap (&min_stat,
+ context_hdl,
+ 1,
+ GSS_C_QOP_DEFAULT,
+ input_token,
+ NULL,
+ output_token);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_wrap");
+
+ nt_write_token (sock, output_token);
+
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context; /* XXX */
+ int port = client_setup(&context, &argc, argv);
+ return client_doit (argv[argc], port, service, proto);
+}
Added: vendor-crypto/heimdal/dist/appl/test/nt_gss_common.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/nt_gss_common.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/nt_gss_common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include "nt_gss_common.h"
+
+RCSID("$Id: nt_gss_common.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+/*
+ * These are functions that are needed to interoperate with the
+ * `Sample SSPI Code' in Windows 2000 RC1 SDK.
+ */
+
+/*
+ * Write the `gss_buffer_t' in `buf' onto the fd `sock', but remember that
+ * the length is written in little-endian-order.
+ */
+
+void
+nt_write_token (int sock, gss_buffer_t buf)
+{
+ unsigned char net_len[4];
+ uint32_t len;
+ OM_uint32 min_stat;
+
+ len = buf->length;
+
+ net_len[0] = (len >> 0) & 0xFF;
+ net_len[1] = (len >> 8) & 0xFF;
+ net_len[2] = (len >> 16) & 0xFF;
+ net_len[3] = (len >> 24) & 0xFF;
+
+ if (write (sock, net_len, 4) != 4)
+ err (1, "write");
+ if (write (sock, buf->value, len) != len)
+ err (1, "write");
+
+ gss_release_buffer (&min_stat, buf);
+}
+
+/*
+ *
+ */
+
+void
+nt_read_token (int sock, gss_buffer_t buf)
+{
+ unsigned char net_len[4];
+ uint32_t len;
+
+ if (read(sock, net_len, 4) != 4)
+ err (1, "read");
+ len = (net_len[0] << 0)
+ | (net_len[1] << 8)
+ | (net_len[2] << 16)
+ | (net_len[3] << 24);
+
+ buf->length = len;
+ buf->value = malloc(len);
+ if (read (sock, buf->value, len) != len)
+ err (1, "read");
+}
+
+void
+gss_print_errors (int min_stat)
+{
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ OM_uint32 ret;
+
+ do {
+ ret = gss_display_status (&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ fprintf (stderr, "%s\n", (char *)status_string.value);
+ gss_release_buffer (&new_stat, &status_string);
+ } while (!GSS_ERROR(ret) && msg_ctx != 0);
+}
+
+void
+gss_verr(int exitval, int status, const char *fmt, va_list ap)
+{
+ vwarnx (fmt, ap);
+ gss_print_errors (status);
+ exit (exitval);
+}
+
+void
+gss_err(int exitval, int status, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ gss_verr (exitval, status, fmt, args);
+ va_end(args);
+}
Added: vendor-crypto/heimdal/dist/appl/test/nt_gss_common.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/nt_gss_common.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/nt_gss_common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: nt_gss_common.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+void nt_write_token (int sock, gss_buffer_t buf);
+void nt_read_token (int sock, gss_buffer_t buf);
+
+void gss_print_errors (int min_stat);
+
+void gss_verr(int exitval, int status, const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 3, 0)));
+
+void gss_err(int exitval, int status, const char *fmt, ...)
+ __attribute__ ((format (printf, 3, 4)));
Added: vendor-crypto/heimdal/dist/appl/test/nt_gss_server.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/nt_gss_server.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/nt_gss_server.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,247 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+#include <gssapi.h>
+#include <krb5.h>
+#include "nt_gss_common.h"
+
+RCSID("$Id: nt_gss_server.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+/*
+ * This program tries to act as a server for the sample in `Sample
+ * SSPI Code' in Windows 2000 RC1 SDK.
+ *
+ * use --dump-auth to get a binary dump of the authorization data in the ticket
+ */
+
+static int help_flag;
+static int version_flag;
+static char *port_str;
+char *service = SERVICE;
+static char *auth_file;
+
+static struct getargs args[] = {
+ { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
+ { "service", 's', arg_string, &service, "service to use", "service" },
+ { "dump-auth", 0, arg_string, &auth_file, "dump authorization data",
+ "file" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static int
+proto (int sock, const char *service)
+{
+ struct sockaddr_in remote, local;
+ socklen_t addrlen;
+ gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+ gss_buffer_t input_token, output_token;
+ gss_buffer_desc real_input_token, real_output_token;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t client_name;
+ gss_buffer_desc name_token;
+
+ addrlen = sizeof(local);
+ if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
+ || addrlen != sizeof(local))
+ err (1, "getsockname)");
+
+ addrlen = sizeof(remote);
+ if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
+ || addrlen != sizeof(remote))
+ err (1, "getpeername");
+
+ input_token = &real_input_token;
+ output_token = &real_output_token;
+
+ do {
+ nt_read_token (sock, input_token);
+ maj_stat =
+ gss_accept_sec_context (&min_stat,
+ &context_hdl,
+ GSS_C_NO_CREDENTIAL,
+ input_token,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &client_name,
+ NULL,
+ output_token,
+ NULL,
+ NULL,
+ NULL);
+ if(GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_accept_sec_context");
+ if (output_token->length != 0)
+ nt_write_token (sock, output_token);
+ if (GSS_ERROR(maj_stat)) {
+ if (context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&min_stat,
+ &context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ }
+ } while(maj_stat & GSS_S_CONTINUE_NEEDED);
+
+ if (auth_file != NULL) {
+ int fd = open (auth_file, O_WRONLY | O_CREAT, 0666);
+#if 0
+ krb5_ticket *ticket;
+ krb5_data *data;
+
+ ticket = context_hdl->ticket;
+ data = &ticket->ticket.authorization_data->val[0].ad_data;
+
+ if(fd < 0)
+ err (1, "open %s", auth_file);
+ if (write (fd, data->data, data->length) != data->length)
+ errx (1, "write to %s failed", auth_file);
+#endif
+ if (close (fd))
+ err (1, "close %s", auth_file);
+ }
+
+ maj_stat = gss_display_name (&min_stat,
+ client_name,
+ &name_token,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ gss_err (1, min_stat, "gss_display_name");
+
+ fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
+ (char *)name_token.value);
+
+ /* write something back */
+
+ output_token->value = strdup ("hejsan");
+ output_token->length = strlen (output_token->value) + 1;
+ nt_write_token (sock, output_token);
+
+ output_token->value = strdup ("hoppsan");
+ output_token->length = strlen (output_token->value) + 1;
+ nt_write_token (sock, output_token);
+
+ return 0;
+}
+
+static int
+doit (int port, const char *service)
+{
+ int sock, sock2;
+ struct sockaddr_in my_addr;
+ int one = 1;
+
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+ if (sock < 0)
+ err (1, "socket");
+
+ memset (&my_addr, 0, sizeof(my_addr));
+ my_addr.sin_family = AF_INET;
+ my_addr.sin_port = port;
+ my_addr.sin_addr.s_addr = INADDR_ANY;
+
+ if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
+ (void *)&one, sizeof(one)) < 0)
+ warn ("setsockopt SO_REUSEADDR");
+
+ if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
+ err (1, "bind");
+
+ if (listen (sock, 1) < 0)
+ err (1, "listen");
+
+ sock2 = accept (sock, NULL, NULL);
+ if (sock2 < 0)
+ err (1, "accept");
+
+ return proto (sock2, service);
+}
+
+static void
+usage(int code, struct getargs *args, int num_args)
+{
+ arg_printusage(args, num_args, NULL, "");
+ exit(code);
+}
+
+static int
+common_setup(krb5_context *context, int *argc, char **argv,
+ void (*usage)(int, struct getargs*, int))
+{
+ int port = 0;
+ *argc = krb5_program_setup(context, *argc, argv, args, num_args, usage);
+
+ if(help_flag)
+ (*usage)(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(port_str){
+ struct servent *s = roken_getservbyname(port_str, "tcp");
+ if(s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "Bad port `%s'", port_str);
+ port = htons(port);
+ }
+ }
+
+ if (port == 0)
+ port = krb5_getportbyname (*context, PORT, "tcp", 4711);
+
+ return port;
+}
+
+static int
+setup(krb5_context *context, int argc, char **argv)
+{
+ int port = common_setup(context, &argc, argv, usage);
+ if(argv[argc] != NULL)
+ usage(1, args, num_args);
+ return port;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context = NULL; /* XXX */
+ int port = setup(&context, argc, argv);
+ return doit (port, service);
+}
Added: vendor-crypto/heimdal/dist/appl/test/tcp_client.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/tcp_client.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/tcp_client.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+RCSID("$Id: tcp_client.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+krb5_context context;
+
+static int
+proto (int sock, const char *hostname, const char *service)
+{
+ krb5_auth_context auth_context;
+ krb5_error_code status;
+ krb5_principal server;
+ krb5_data data;
+ krb5_data packet;
+ uint32_t len, net_len;
+
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_init");
+
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+ if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
+
+ status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sname_to_principal");
+
+ status = krb5_sendauth (context,
+ &auth_context,
+ &sock,
+ VERSION,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sendauth");
+
+ data.data = "hej";
+ data.length = 3;
+
+ krb5_data_zero (&packet);
+
+ status = krb5_mk_safe (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_mk_safe");
+
+ len = packet.length;
+ net_len = htonl(len);
+
+ if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+ if (krb5_net_write (context, &sock, packet.data, len) != len)
+ err (1, "krb5_net_write");
+
+ data.data = "hemligt";
+ data.length = 7;
+
+ krb5_data_free (&packet);
+
+ status = krb5_mk_priv (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_mk_priv");
+
+ len = packet.length;
+ net_len = htonl(len);
+
+ if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+ if (krb5_net_write (context, &sock, packet.data, len) != len)
+ err (1, "krb5_net_write");
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int port = client_setup(&context, &argc, argv);
+ return client_doit (argv[argc], port, service, proto);
+}
Added: vendor-crypto/heimdal/dist/appl/test/tcp_server.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/tcp_server.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/tcp_server.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+RCSID("$Id: tcp_server.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+krb5_context context;
+
+static int
+proto (int sock, const char *service)
+{
+ krb5_auth_context auth_context;
+ krb5_error_code status;
+ krb5_principal server;
+ krb5_ticket *ticket;
+ char *name;
+ char hostname[MAXHOSTNAMELEN];
+ krb5_data packet;
+ krb5_data data;
+ uint32_t len, net_len;
+ ssize_t n;
+
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_init");
+
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+
+ if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_setaddrs_from_fd");
+
+ if(gethostname (hostname, sizeof(hostname)) < 0)
+ krb5_err (context, 1, errno, "gethostname");
+
+ status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sname_to_principal");
+
+ status = krb5_recvauth (context,
+ &auth_context,
+ &sock,
+ VERSION,
+ server,
+ 0,
+ keytab,
+ &ticket);
+ if (status)
+ krb5_err (context, 1, status, "krb5_recvauth");
+
+ status = krb5_unparse_name (context,
+ ticket->client,
+ &name);
+ if (status)
+ krb5_err (context, 1, status, "krb5_unparse_name");
+
+ fprintf (stderr, "User is `%s'\n", name);
+ free (name);
+
+ krb5_data_zero (&data);
+ krb5_data_zero (&packet);
+
+ n = krb5_net_read (context, &sock, &net_len, 4);
+ if (n == 0)
+ krb5_errx (context, 1, "EOF in krb5_net_read");
+ if (n < 0)
+ krb5_err (context, 1, errno, "krb5_net_read");
+
+ len = ntohl(net_len);
+
+ krb5_data_alloc (&packet, len);
+
+ n = krb5_net_read (context, &sock, packet.data, len);
+ if (n == 0)
+ krb5_errx (context, 1, "EOF in krb5_net_read");
+ if (n < 0)
+ krb5_err (context, 1, errno, "krb5_net_read");
+
+ status = krb5_rd_safe (context,
+ auth_context,
+ &packet,
+ &data,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_rd_safe");
+
+ fprintf (stderr, "safe packet: %.*s\n", (int)data.length,
+ (char *)data.data);
+
+ n = krb5_net_read (context, &sock, &net_len, 4);
+ if (n == 0)
+ krb5_errx (context, 1, "EOF in krb5_net_read");
+ if (n < 0)
+ krb5_err (context, 1, errno, "krb5_net_read");
+
+ len = ntohl(net_len);
+
+ krb5_data_alloc (&packet, len);
+
+ n = krb5_net_read (context, &sock, packet.data, len);
+ if (n == 0)
+ krb5_errx (context, 1, "EOF in krb5_net_read");
+ if (n < 0)
+ krb5_err (context, 1, errno, "krb5_net_read");
+
+ status = krb5_rd_priv (context,
+ auth_context,
+ &packet,
+ &data,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_rd_priv");
+
+ fprintf (stderr, "priv packet: %.*s\n", (int)data.length,
+ (char *)data.data);
+
+ return 0;
+}
+
+static int
+doit (int port, const char *service)
+{
+ mini_inetd (port);
+
+ return proto (STDIN_FILENO, service);
+}
+
+int
+main(int argc, char **argv)
+{
+ int port = server_setup(&context, argc, argv);
+ return doit (port, service);
+}
Added: vendor-crypto/heimdal/dist/appl/test/test_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/test_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/test_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: test_locl.h,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <errno.h>
+#include <roken.h>
+#include <getarg.h>
+#include <err.h>
+#include <krb5.h>
+
+#define SERVICE "test"
+
+#define PORT "test"
+
+extern char *service;
+extern char *mech;
+extern krb5_keytab keytab;
+extern int fork_flag;
+int server_setup(krb5_context*, int, char**);
+int client_setup(krb5_context*, int*, char**);
+int client_doit (const char *hostname, int port, const char *service,
+ int (*func)(int, const char *hostname, const char *service));
Added: vendor-crypto/heimdal/dist/appl/test/uu_client.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/uu_client.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/uu_client.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+RCSID("$Id: uu_client.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+krb5_context context;
+
+static int
+proto (int sock, const char *hostname, const char *service)
+{
+ struct sockaddr_in remote, local;
+ socklen_t addrlen;
+ krb5_address remote_addr, local_addr;
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_auth_context auth_context;
+ krb5_error_code status;
+ krb5_principal client;
+ krb5_data data;
+ krb5_data packet;
+ krb5_creds mcred, cred;
+ krb5_ticket *ticket;
+
+ addrlen = sizeof(local);
+ if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
+ || addrlen != sizeof(local))
+ err (1, "getsockname(%s)", hostname);
+
+ addrlen = sizeof(remote);
+ if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
+ || addrlen != sizeof(remote))
+ err (1, "getpeername(%s)", hostname);
+
+ status = krb5_init_context(&context);
+ if (status)
+ errx(1, "krb5_init_context failed: %d", status);
+
+ status = krb5_cc_default (context, &ccache);
+ if (status)
+ krb5_err(context, 1, status, "krb5_cc_default");
+
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ krb5_err(context, 1, status, "krb5_auth_con_init");
+
+ local_addr.addr_type = AF_INET;
+ local_addr.address.length = sizeof(local.sin_addr);
+ local_addr.address.data = &local.sin_addr;
+
+ remote_addr.addr_type = AF_INET;
+ remote_addr.address.length = sizeof(remote.sin_addr);
+ remote_addr.address.data = &remote.sin_addr;
+
+ status = krb5_auth_con_setaddrs (context,
+ auth_context,
+ &local_addr,
+ &remote_addr);
+ if (status)
+ krb5_err(context, 1, status, "krb5_auth_con_setaddr");
+
+ krb5_cc_clear_mcred(&mcred);
+
+ status = krb5_cc_get_principal(context, ccache, &client);
+ if(status)
+ krb5_err(context, 1, status, "krb5_cc_get_principal");
+ status = krb5_make_principal(context, &mcred.server,
+ *krb5_princ_realm(context, client),
+ "krbtgt",
+ *krb5_princ_realm(context, client),
+ NULL);
+ if(status)
+ krb5_err(context, 1, status, "krb5_make_principal");
+ mcred.client = client;
+
+ status = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
+ if(status)
+ krb5_err(context, 1, status, "krb5_cc_retrieve_cred");
+
+ {
+ char *client_name;
+ krb5_data data;
+ status = krb5_unparse_name(context, cred.client, &client_name);
+ if(status)
+ krb5_err(context, 1, status, "krb5_unparse_name");
+ data.data = client_name;
+ data.length = strlen(client_name) + 1;
+ status = krb5_write_message(context, &sock, &data);
+ if(status)
+ krb5_err(context, 1, status, "krb5_write_message");
+ free(client_name);
+ }
+
+ status = krb5_write_message(context, &sock, &cred.ticket);
+ if(status)
+ krb5_err(context, 1, status, "krb5_write_message");
+
+ status = krb5_auth_con_setuserkey(context, auth_context, &cred.session);
+ if(status)
+ krb5_err(context, 1, status, "krb5_auth_con_setuserkey");
+
+ status = krb5_recvauth(context, &auth_context, &sock,
+ VERSION, client, 0, NULL, &ticket);
+
+ if (status)
+ krb5_err(context, 1, status, "krb5_recvauth");
+
+ if (ticket->ticket.authorization_data) {
+ AuthorizationData *authz;
+ int i;
+
+ printf("Authorization data:\n");
+
+ authz = ticket->ticket.authorization_data;
+ for (i = 0; i < authz->len; i++) {
+ printf("\ttype %d, length %lu\n",
+ authz->val[i].ad_type,
+ (unsigned long)authz->val[i].ad_data.length);
+ }
+ }
+
+ data.data = "hej";
+ data.length = 3;
+
+ krb5_data_zero (&packet);
+
+ status = krb5_mk_safe (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err(context, 1, status, "krb5_mk_safe");
+
+ status = krb5_write_message(context, &sock, &packet);
+ if(status)
+ krb5_err(context, 1, status, "krb5_write_message");
+
+ data.data = "hemligt";
+ data.length = 7;
+
+ krb5_data_free (&packet);
+
+ status = krb5_mk_priv (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err(context, 1, status, "krb5_mk_priv");
+
+ status = krb5_write_message(context, &sock, &packet);
+ if(status)
+ krb5_err(context, 1, status, "krb5_write_message");
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int port = client_setup(&context, &argc, argv);
+ return client_doit (argv[argc], port, service, proto);
+}
Added: vendor-crypto/heimdal/dist/appl/test/uu_server.c
===================================================================
--- vendor-crypto/heimdal/dist/appl/test/uu_server.c (rev 0)
+++ vendor-crypto/heimdal/dist/appl/test/uu_server.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 1997 - 2000, 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "test_locl.h"
+RCSID("$Id: uu_server.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+
+krb5_context context;
+
+static int
+proto (int sock, const char *service)
+{
+ struct sockaddr_in remote, local;
+ socklen_t addrlen;
+ krb5_address remote_addr, local_addr;
+ krb5_ccache ccache;
+ krb5_auth_context auth_context;
+ krb5_error_code status;
+ krb5_data packet;
+ krb5_data data;
+ krb5_data client_name;
+ krb5_creds in_creds, *out_creds;
+
+ addrlen = sizeof(local);
+ if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
+ || addrlen != sizeof(local))
+ err (1, "getsockname)");
+
+ addrlen = sizeof(remote);
+ if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
+ || addrlen != sizeof(remote))
+ err (1, "getpeername");
+
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ errx (1, "krb5_auth_con_init: %s",
+ krb5_get_err_text(context, status));
+
+ local_addr.addr_type = AF_INET;
+ local_addr.address.length = sizeof(local.sin_addr);
+ local_addr.address.data = &local.sin_addr;
+
+ remote_addr.addr_type = AF_INET;
+ remote_addr.address.length = sizeof(remote.sin_addr);
+ remote_addr.address.data = &remote.sin_addr;
+
+ status = krb5_auth_con_setaddrs (context,
+ auth_context,
+ &local_addr,
+ &remote_addr);
+ if (status)
+ errx (1, "krb5_auth_con_setaddr: %s",
+ krb5_get_err_text(context, status));
+
+ status = krb5_read_message(context, &sock, &client_name);
+ if(status)
+ krb5_err(context, 1, status, "krb5_read_message");
+
+ memset(&in_creds, 0, sizeof(in_creds));
+ status = krb5_cc_default(context, &ccache);
+ status = krb5_cc_get_principal(context, ccache, &in_creds.client);
+
+ status = krb5_read_message(context, &sock, &in_creds.second_ticket);
+ if(status)
+ krb5_err(context, 1, status, "krb5_read_message");
+
+ status = krb5_parse_name(context, client_name.data, &in_creds.server);
+ if(status)
+ krb5_err(context, 1, status, "krb5_parse_name");
+
+ status = krb5_get_credentials(context, KRB5_GC_USER_USER, ccache,
+ &in_creds, &out_creds);
+ if(status)
+ krb5_err(context, 1, status, "krb5_get_credentials");
+
+ status = krb5_cc_default(context, &ccache);
+
+ status = krb5_sendauth(context,
+ &auth_context,
+ &sock,
+ VERSION,
+ in_creds.client,
+ in_creds.server,
+ AP_OPTS_USE_SESSION_KEY,
+ NULL,
+ out_creds,
+ ccache,
+ NULL,
+ NULL,
+ NULL);
+
+ if (status)
+ krb5_err(context, 1, status, "krb5_sendauth");
+
+ {
+ char *str;
+ krb5_unparse_name(context, in_creds.server, &str);
+ printf ("User is `%s'\n", str);
+ free(str);
+ krb5_unparse_name(context, in_creds.client, &str);
+ printf ("Server is `%s'\n", str);
+ free(str);
+ }
+
+ krb5_data_zero (&data);
+ krb5_data_zero (&packet);
+
+ status = krb5_read_message(context, &sock, &packet);
+ if(status)
+ krb5_err(context, 1, status, "krb5_read_message");
+
+ status = krb5_rd_safe (context,
+ auth_context,
+ &packet,
+ &data,
+ NULL);
+ if (status)
+ errx (1, "krb5_rd_safe: %s",
+ krb5_get_err_text(context, status));
+
+ printf ("safe packet: %.*s\n", (int)data.length,
+ (char *)data.data);
+
+ status = krb5_read_message(context, &sock, &packet);
+ if(status)
+ krb5_err(context, 1, status, "krb5_read_message");
+
+ status = krb5_rd_priv (context,
+ auth_context,
+ &packet,
+ &data,
+ NULL);
+ if (status)
+ errx (1, "krb5_rd_priv: %s",
+ krb5_get_err_text(context, status));
+
+ printf ("priv packet: %.*s\n", (int)data.length,
+ (char *)data.data);
+
+ return 0;
+}
+
+static int
+doit (int port, const char *service)
+{
+ int sock, sock2;
+ struct sockaddr_in my_addr;
+ int one = 1;
+
+ sock = socket (AF_INET, SOCK_STREAM, 0);
+ if (sock < 0)
+ err (1, "socket");
+
+ memset (&my_addr, 0, sizeof(my_addr));
+ my_addr.sin_family = AF_INET;
+ my_addr.sin_port = port;
+ my_addr.sin_addr.s_addr = INADDR_ANY;
+
+ if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR,
+ (void *)&one, sizeof(one)) < 0)
+ warn ("setsockopt SO_REUSEADDR");
+
+ if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0)
+ err (1, "bind");
+
+ if (listen (sock, 1) < 0)
+ err (1, "listen");
+
+ sock2 = accept (sock, NULL, NULL);
+ if (sock2 < 0)
+ err (1, "accept");
+
+ return proto (sock2, service);
+}
+
+int
+main(int argc, char **argv)
+{
+ int port = server_setup(&context, argc, argv);
+ return doit (port, service);
+}
Added: vendor-crypto/heimdal/dist/autogen.sh
===================================================================
--- vendor-crypto/heimdal/dist/autogen.sh (rev 0)
+++ vendor-crypto/heimdal/dist/autogen.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+#!/bin/sh
+# to really generate all files you need to run "make distcheck" in a
+# object tree, but this will do if you have all parts of the required
+# tool-chain installed
+autoreconf -f -i || { echo "autoreconf failed: $?"; exit 1; }
Added: vendor-crypto/heimdal/dist/cf/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/cf/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/cf/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1232 @@
+2007-10-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: openssl might require -ldl too, so lets check that.
+
+2007-07-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common (check-local::): exit on failure to perform
+ test.
+
+2007-07-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common (check-local): also check that --help works.
+
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: depend on EVP_CIPHER_iv_length
+
+2007-06-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: Need absolute reference to the top source
+ directory and top build directory.
+
+2007-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * wflags.m4: Add --enable-developer and make it cause -Werror to
+ be included.
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: Merge from samba config.
+
+ * Makefile.am.common (makedir-in-tree): depend on INFO_DEPS.
+
+ * valgrind-suppressions: Unknown suppression in runtime link
+ editor
+
+2007-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: Add heimdal-lorikeet target distdir-in-tree
+
+2007-06-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * framework-security.m4: test for -framework Security
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: we have a fnmatch.h only if there is a working
+ implementation and a header file. If we do use roken, lets use our
+ own headerfile that does symbol renaming.
+
+2007-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * version-script.m4: check if ld supports --version-script
+
+2007-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: drop broken-getnameinfo.m4
+
+ * roken-frag.m4: drop test for broken getnameinfo, that old aix is
+ no longer relevant.
+
+2007-02-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * install-catman.sh: Stop overwriting cmd.
+
+2007-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * install-catman.sh: Use test instead of [.
+
+ * install-catman.sh: Use = instead of ==, make solaris more happy.
+
+2007-01-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: More headerfiles for iruserok prototype check.
+
+ * check-symbols.sh: Add fc_softc for AIX as ignore syms.
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Check if iruserok needs a prototype.
+
+2006-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-compile-et.m4: set automake symbol COM_ERR when we build
+ local com_err
+
+2006-11-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * valgrind-suppressions: We shouldn't be running /bin/ls under
+ valgrind, but for now, at least make it easier to see any other
+ warnings. From Andrew Bartlett.
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: Add target for valgrind debugging
+
+ * valgrind-suppressions: valgrind suppressions
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-lex.m4: Borrow test for autoconf cvs to help hpux hosts
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: provide uninstall hook for cat/manpages.
+
+ * install-catman.sh: provide uninstall command
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Add check for timegm.
+
+ * roken-frag.m4: Include sys/types.h for sys/socket.h and netdb.h.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common (install-build-headers): make this function
+ convoluted and deal with dist_, nodist, nobase and all its
+ friends.
+
+ * have-struct-field.m4: memset the structure to make sure that we
+ don't get compiler warnings.
+
+ * crypto.m4: OpenSSL_add_all_algorithms is not a openssl specific
+ requirement, hcrypto need to have to too.
+
+ * crypto.m4: Require openssl have OpenSSL_add_all_algorithms
+
+2006-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * autobuild.m4: Add autobuild, GPLed, but free to use in projects
+ not avaible under GPL or LGPL (just like autoconf).
+
+2006-09-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Add samba_SOCKET_WRAPPER fragment
+
+2006-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket-wrapper.m4: Add socket-wrapper test
+
+2006-05-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: Move up evp.h to please OpenSSL, from Douglas
+ E. Engert.
+
+2006-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Add check for fnmatch.h, its needed to be done
+ for the automake conditional below.
+
+2006-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: Require SHA256
+
+2006-01-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4 Check for <openssl/engine.h> if we are to consider
+ using OpenSSL, also check for <hcrypto/...> headers since
+ make_crypto.c assumes that the name of the files.
+
+2006-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: libdes is renamed to hcrypto
+
+ * crypto.m4: Remove support for old hash names.
+
+2005-10-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * install-catman.sh: Add variable INSTALL_CATPAGES that controls
+ if cat pages are installed, defaults to true. From Johnny Lam
+ <jlam at pkgsrc.org>.
+
+2005-09-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Check for <stdint.h> and uintptr_t
+
+2005-09-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Resolver check moved to rk_RESOLV, from Andrew
+ Bartlet <abartlet at samba.org>
+
+ * resolv.m4: Resolver checks, broken out so samba can use it From
+ Andrew Bartlet <abartlet at samba.org>
+
+2005-08-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: Check for res_ndestroy.
+
+2005-08-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: Add <sys/types.h>, OpenSSL 0.9.8 needs it for size_t.
+ From: Quanah Gibson-Mount <quanah at stanford.edu>
+
+2005-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-compile-et.m4: check that initialize_conf_error_table_r
+ have the right argument
+
+2005-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: allow symbols to start with ., aix uses this
+
+2005-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb-bigendian.m4: use ansi c prototypes
+
+ * krb-func-getcwd-broken.m4: use ansi c prototypes
+
+ * broken-snprintf.m4: use ansi c prototypes
+
+ * have-pragma-weak.m4: use ansi c declarations
+
+ * check-getpwnam_r-posix.m4: use ansi c declarations
+
+ * broken-realloc.m4: use ansi c declarations
+
+ * check-compile-et.m4: use ansi c declarations
+
+ * dlopen.m4: add headers and argument to dlopen
+
+ * c-function.m4: use ansi c declarations
+
+ * check-var.m4: use ansi c declarations
+
+ * pthreads.m4: disable threads on aix because of utmp/utmpx
+ problems
+
+ * broken-getaddrinfo.m4: check for brokenness in getaddrinfo on
+ AIX that can't handle "0" as port number.
+
+2005-06-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db.m4: Add an option to disable ndbm, from Stefan Metzmacher
+ <metze at samba.org>
+
+2005-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pthreads.m4: rework how pthreads support to turned on/off,
+ always run though the switch to figure out what the
+ linker/compiler flag are
+
+2005-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pthreads.m4: s/else if/elif/
+
+ * check-symbols.sh: AIX have a diffrent nm, use -B to get bsd like
+ output
+
+ * pthreads.m4: aix case: assume gcc handles -pthread, in the
+ non-gcc case, use the compiler as hint (xlc vs xlc_r) if this
+ environment handles threads or not
+
+2005-05-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: ignore weak symbols too
+
+2005-05-19 David Love <fx at gnu.org>
+
+ * check-getpwnam_r-posix.m4: define _POSIX_PTHREAD_SEMANTICS to
+ make solaris provide the right getpwname_r
+
+2005-05-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: am_conditional have_cgetent
+
+2005-05-10 David Love <fx at gnu.org>
+
+ * roken-frag.m4: Get daemon declared on Solaris (it's in unistd.h
+ but masked by a feature test), just to avoid a warning, since it
+ has int args.
+
+2005-05-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-var.m4: AC_CHECK_DECL and AC_CHECK_DECLS have a subtile
+ diffrence, the later defines HAVE_ cpp symbols, the first doesn't.
+
+2005-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: ignore N symbols too
+
+2005-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * broken-snprintf.m4: include checking if snprintf(NULL, 0, "")
+ works
+
+ * check-compile-et.m4: require compile_et to generate a
+ initialize_FOO_error_table_r (they are used in libkrb5), and
+ always check for initialize_error_table_r
+
+2005-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: add LIB_com_err
+
+2005-04-29 David Love <fx at gnu.org>
+
+ * roken-frag.m4: Check for correct vis.h.
+
+2005-04-28 David Love <fx at gnu.org>
+
+ * pthreads.m4: Set PTHREADS_LIBS on Irix.
+
+2005-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * broken-realloc.m4: use rk_realloc if realloc is broken, this
+ makes "host-tools" not beeing able to use realloc
+
+ * pthreads.m4: Add support for Solaris, Irix, and modern
+ Linux. From David Love <fx at gnu.org>
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: limit the units functions to
+ asn1_[A-Za-z0-9]*_units$
+
+2005-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: this lib include com_err, add -com_err to
+ CHECK_SYMBOLS
+
+ * check-symbols.sh: print the type so I don't need to ask for it
+
+2005-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: ignore filename symbols
+
+2005-04-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: assume symbols prefixed with _ is a sideeffekt
+ of the local linker and also just fine
+
+2005-03-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: include <sys/socket.h> for <netinet6/in6_var.h>
+
+2005-03-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sunos.m4: Match solaris 10. From: Joakim Fallsjo
+ <fallsjo at sanchin.se>
+
+2004-12-29 Love <lha at stacken.kth.se>
+
+ * check-symbols.sh: add -asn1compile symbols
+
+2004-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-symbols.sh: add exported symbols test
+
+ * Makefile.am.common: add CHECK_SYMBOLS tests, so that we don't
+ export to much stuff
+
+2004-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * make-proto.pl: add cpluscplus extern "C" support
+
+2004-07-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pthreads.m4: add -pthread to LIBS since libtool doesn't preserve
+ it for us when adding is as a dependency on libs
+
+2004-04-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * largefile.m4: like AC_SYS_LARGEFILE, but also add to CPPFLAGS
+
+2004-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-compile-et.m4: even more evil stuff for cross-compiling
+
+ * check-x.m4: use AC_RUN_IFELSE so we can handle cross compiling
+
+ * check-compile-et.m4: use AC_RUN_IFELSE so we can handle cross
+ compiling
+
+2004-04-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * make-proto.pl: if -E, add windows standard calling conv to
+ headerfile if needed
+
+ * win32.m4: add rk_WIN32_EXPORT
+
+2004-02-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * configure.in: rename AC_WFLAGS to rk_WFLAGS
+
+ * *.m4: overquote to pacify automake1.8
+
+2004-02-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-frag.m4: resolv.h is even more special
+
+ * roken-frag.m4: AC_CHECK_HEADERS(net/if.h netinet6/in6_var.h
+ sys/sysctl.h sys/proc.h, resolv.h) are all special and need extra
+ help
+
+ * test-package.m4: If there is a --with-PACKAGE=path but no
+ --with-PACKAGE-config, go seach for path/PACKEGE-config and use it
+ if it exists. Inspired by Harald Barth <haba at pdc.kth.se>
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: check for DES_, AES_, and if openssl UI_
+
+2003-08-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * vararray.m4: test for variable-length arrays
+
+ * roken-frag.m4: test for poll and poll.h
+
+2003-08-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: don't try doing local checks if CHECK_LOCAL
+ is set to no-check-local
+
+2003-08-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-compile-et.m4: check if compile_et support ``error_table N
+ M'' also, don't be overly aggressivly reset CFLAGS
+
+2003-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pthreads.m4: pthread test
+
+2003-05-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am.common: change install-data-local to
+ install-data-hook
+
+2003-05-05 Assar Westerlund <assar at kth.se>
+
+ * crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY
+
+2003-04-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: check if libcrypto needs -lnsl or -lsocket
+
+2003-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.m4: in the case where se don't link with kerberos 4, use
+ ${with_openssl_include} if its are set (not
+ ${with_openssl}/include) same for with_openssl_lib
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am.common: always define LIB_kafs
+
+2003-03-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-compile-et.m4: check if the output of compile_et needs
+ initialize_error_table_r
+
+2003-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-var.m4: add a check if the variable is avaible when we
+ include the headerfiles
+
+2002-12-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard
+ Chu
+
+2002-10-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * crypto.m4: do a better job at matching headers to libraries
+
+2002-10-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * sunos.m4: more quoting
+
+2002-09-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * make-proto.pl: check the processed string for closing ), not the
+ source
+
+2002-09-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * crypto.m4: use m4 macros for test cases, also test for older
+ hash names
+
+ * test-package.m4: include dep libraries in LIB_*
+
+ * crypto.m4: move krb4 test before test for openssl, and bail out
+ if krb4 is requested, but the crypto library is not the same as
+ krb4
+
+ * db.m4: filter contents of LDFLAGS
+
+2002-09-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * auth-modules.m4: rename to rk_AUTH_MODULES
+
+ * auth-modules.m4: only include modules explicitly asked for
+
+2002-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: test for res_nsearch
+
+2002-09-03 Assar Westerlund <assar at kth.se>
+
+ * roken-frag.m4: check for sys/mman.h and mmap (used by
+ parse_reply-test)
+
+2002-08-28 Assar Westerlund <assar at kth.se>
+
+ * krb-readline.m4: also add LIB_tgetent in the case of editline
+
+ * crypto.m4: define HAVE_OPENSSL even if we got to hear about it
+ by krb4
+
+2002-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * krb-readline.m4: add LIB_tgetent to LIB_readline if we have to
+
+ * sunos.m4: various sunos tests
+
+ * crypto.m4: try to extract the crypto compiler flags from
+ {INCLUDE,LIB}_krb4
+ (XXX this is really horrible)
+
+ * krb-readline.m4: don't add -rpath to LIB_readline (libtool
+ should to this for us), also don't append LIB_tgetent to
+ LIB_readline (TEST_PACKAGE should do this)
+
+ * test-package.m4: add the possibility to use a *-config program
+ to get flags; rename to rk_TEST_PACKAGE while here
+
+ * krb-bigendian.m4: move ENDIANESS_IN_SYS_PARAM_H tests here
+
+ * aix.m4: rename to rk_AIX
+
+ * telnet.m4: move telnet tests here
+
+ * aix.m4: restructure this somewhat
+
+ * dlopen.m4: test for dlopen suitable for AC_REQUIRE
+
+ * irix.m4: move some stuff here and rename to irix.m4
+
+ * krb-sys-nextstep.m4: move SGTTY stuff to read_pwd.c
+
+2002-08-28 Jacques Vidrine <nectar at kth.se>
+
+ * auth-modules.m4: do not build pam_krb4 on freebsd
+
+2002-08-26 Assar Westerlund <assar at kth.se>
+
+ * roken-frag.m4: test for the vis, strvis functions requiring
+ prototypes
+
+2002-08-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * need-proto.m4: missing comma
+
+2002-08-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: some rototilling
+
+ * need-proto.m4: use AS_TR_CPP
+
+2002-08-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: HAVE_TYPE instead of CHECK_TYPE ssize_t
+
+ * krb-version.m4: use PACKAGE_TARNAME and PACKAGE_STRING
+
+ * broken-getaddrinfo.m4: can't test for EAI_SERVICE here since AIX
+ is even more fsck:ed
+
+ * roken-frag.m4: test for altzone
+
+2002-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am.common: only define ROKEN_RENAME if do_roken_rename
+
+2002-08-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am.common: add ROKEN_RENAME variable
+
+2002-08-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * make-proto.pl: include <stdarg.h> to get va_list
+
+ * destdirs.m4: also define localstatedir and sysconfdir
+
+2002-08-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * crypto.m4: newer openssl seems to take the address of the
+ schedule parameter to des_cbc_encrypt, so we need to feed it a
+ variable, not just NULL (from Magnus Holmberg)
+
+2002-05-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * misc.m4: change \100 back to @; some m4's (probably some regex)
+ doesn't like this as a replacement regexp; the reason it was once
+ changed to \100 was probably because of some autoconf bug at the
+ time
+
+2002-05-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * broken2.m4 []-less is apparently the way to go
+
+2002-05-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * otp.m4: check db_type instead of precence of dbm_firstkey
+
+ * roken-frag.m4: don't AC_LIBOBJ more than one function at a time
+
+ * find-if-not-broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/
+
+ * broken2.m4: s/AC_LIBOBJ/rk_LIBOBJ/
+
+ * broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/
+
+ * misc.m4: automake can't handle macros passed to AC_LIBOBJ, so
+ add an alias to it called rk_LIBOBJ; this requires that the
+ relevant source are manually included in roken/Makefile.am
+
+ * aix.m4: ac_enable --diable-dynamic-afs
+
+ * roken-frag.m4: use AC_LIBOBJ
+
+ * krb-func-getcwd-broken.m4: use AC_LIBOBJ
+
+ * find-if-not-broken.m4: use AC_LIBOBJ
+
+ * broken2.m4: use AC_LIBOBJ
+
+ * broken.m4: use AC_LIBOBJ
+
+ * aix.m4: recognise aix5
+
+2002-05-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * crypto.m4: am-conditionalise HAVE_OPENSSL
+
+ * db.m4: make it possible to run this twice
+
+ * Makefile.am.common: also install nodist_include_HEADERS
+
+2002-05-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * make-proto.pl: make it possible to redefine the "private" regexp
+
+2002-05-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * db.m4: am_cond HAVE_*
+
+2002-04-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * krb-ipv6.m4: use AC_HELP_STRING; fix logic bug in AC_MSG_RESULT
+ call
+
+ * test-package.m4: use AC_HELP_STRING
+
+ * roken.m4: use AC_HELP_STRING
+
+ * osfc2.m4: use AC_HELP_STRING
+
+ * mips-abi.m4: use AC_HELP_STRING
+
+ * krb-bigendian.m4: use AC_HELP_STRING
+
+ * db.m4: rework this somewhat; check for db3/4 in subdirs, change
+ --with to --enable; it should really be possible to point it to
+ some directory --with-berkeley-db=/foo
+
+ * otp.m4: OTP test
+
+2002-04-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * destdirs.m4: define BINDIR et al
+
+2002-04-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * misc.m4: remove some stuff that is defined elsewhere
+
+ * make-proto.pl: optionally remove __P and parameter names
+
+2001-11-30 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: move ipv6 tests after -lsocket (to handle Solaris
+ 8)
+
+2001-09-29 Assar Westerlund <assar at sics.se>
+
+ * install-catman.sh: handle man pages without SYNOPSIS but looking
+ for both SYNOPSIS and DESCRIPTION
+
+2001-09-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: include freeaddrinfo if using getaddrinfo
+
+2001-09-13 Assar Westerlund <assar at sics.se>
+
+ * db.m4: test for the ndbm database really being a .db one
+ and use it when moving/removing database files
+
+2001-09-03 Assar Westerlund <assar at sics.se>
+
+ * db.m4: prefer ndbm.h to dbm.h
+ * roken-frag.m4: check for atexit and on_exit
+
+2001-09-02 Assar Westerlund <assar at sics.se>
+
+ * check-compile-et.m4: only add /usr/include/et to CPPFLAGS if
+ it's actually used
+
+2001-09-01 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (AUTOMAKE_OPTIONS): set 1.4b here so that
+ users are warned if using earlier automake versions
+
+ * find-func-no-libs2.m4: ignore "no" as a library - another
+ special case to make it easy to send the result from this macro
+ into another invocation
+
+2001-08-30 Assar Westerlund <assar at sics.se>
+
+ * db.m4: check for ndbm functions in db3 library too
+
+2001-08-29 Jacques Vidrine <n at nectar.com>
+
+ * check-compile-et.m4: Check for already-installed com_err.
+ * Makefile.am.common: Use the compile_et discovered at
+ configuration time.
+
+2001-08-29 Assar Westerlund <assar at sics.se>
+
+ * crypto.m4: use AC_WITH_ALL to allow separate specification of
+ include and lib
+ * with-all.m4: new macro for doing --with-foo, --with-foo-include,
+ and --with-foo-lib in a sensible way
+
+ * find-func-no-libs2.m4: handle both -llib and lib in the second
+ argument also yes -> "" as a library, to ease callers that send in
+ results from this macro (this might be a little bit unclean)
+
+2001-08-28 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: test for issetugid
+
+2001-08-24 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common: change one += to = to AM_CFLAGS to avoid an
+ error with recent automake
+
+2001-08-22 Assar Westerlund <assar at sics.se>
+
+ * crypto.m4: SHA1_CTX should be SHA_CTX
+
+2001-08-21 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: remove all winsock.h
+ for now, it does more harm than good under cygwin and if it should be
+ used, the correct conditional needs to be found
+ from <tol at stacken.kth.se>
+
+2001-08-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * check-var.m4: AC_TR_CPP -> AS_TR_CPP to make autoconf 2.52 happy
+
+2001-08-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * krb-ipv6.m4: add test for non-existant in6addr_loopback in AIX
+
+2001-08-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: test for getaddrinfo's that doesn't like numeric
+ services
+
+ * broken-getaddrinfo.m4: test for getaddrinfo's that doesn't like
+ numeric services
+
+2001-08-08 Assar Westerlund <assar at sics.se>
+
+ * db.m4: do a separate test for gdbm/ndbm.h and -lgdbm
+
+2001-08-05 Assar Westerlund <assar at sics.se>
+
+ * db.m4: ac_cv_funclib_\func can be yes
+ * db.m4: use AC_FIND_FUNC_NO_LIBS to test in libc
+ anset cache variables after first attempt at finding dbm_firstkey (how
+ should this be done?)
+ * db.m4: do not test for ndbm library when ndbm-db was found in libc
+ * db.m4: test for ndbm-compatability with db
+ * db.m4: add forgotten AC_SUBST
+ * db.m4: first steps towards a new db test
+
+ * roken-frag.m4: remove header files checked by rk_db
+
+2001-08-05 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: remove header files checked by rk_db
+
+2001-06-24 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: make sure of building getaddrinfo et al if
+ missing
+
+2001-06-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * install-catman.sh: try to install links to manpages
+
+2001-06-19 Assar Westerlund <assar at sics.se>
+
+ * broken-glob.m4: try to handle FreeBSD's GLOB_MAXPATH
+
+2001-06-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: test for getaddrinfo needs netdb.h on Tru64
+
+2001-06-17 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4 (AC_CHECK_HEADERS): test for random
+ * roken-frag.m4 (AC_CHECK_HEADERS): test for initstate and
+ setstate
+
+ * roken-frag.m4 (AC_BROKEN): test for
+ emalloc,ecalloc,erealloc,estrdup
+
+2001-05-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: bswap{16,32}
+
+2001-03-26 Assar Westerlund <assar at sics.se>
+
+ * broken-glob.m4: also test for GLOB_LIMIT
+ * krb-ipv6.m4: restore CFLAGS if v6 is not detected
+
+2001-02-20 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: check for getprogname, setprogname
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (LIB_kdfs): set. use it. from Ake Sandgren
+ <ake at cs.umu.se>
+
+2000-12-26 Assar Westerlund <assar at sics.se>
+
+ * krb-ipv6.m4: remove some dnl that weren't the correct with
+ modern autoconf
+
+2000-12-15 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4 (inet_ntoa, inet_ntop, inet_pton): add necessary
+ includes when testing
+ * broken2.m4: new variant of broken, with includes and arguments
+
+ * test-package.m4: s/ifval/m4_ifval/ to keep in sync with
+ autoconf. from Ake Sandgren <ake at cs.umu.se>
+ * check-var.m4: s/ifval/m4_ifval/ to keep in sync with autoconf.
+ from Ake Sandgren <ake at cs.umu.se>
+
+2000-12-13 Assar Westerlund <assar at sics.se>
+
+ * krb-irix.m4: need to set irix to no first. From Ake Sandgren
+ <ake at cs.umu.se>
+
+2000-12-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: move sa_len test to before test for broken
+ getnameinfo
+
+2000-12-12 Assar Westerlund <assar at sics.se>
+
+ * roken-frag.m4: only test for broken getnameinfo if it exists
+
+2000-12-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: ifaddrs.h
+
+2000-12-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: test for unvis, and vis.h
+
+ * roken-frag.m4: test for strvis*
+
+2000-12-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am.common: just warn if we fail to setuid a program
+
+ * broken-getnameinfo.m4: add more quotes
+
+ * roken-frag.m4: test for getifaddrs
+
+ * roken-frag.m4: test for broken AIX getnameinfo
+
+ * broken-getnameinfo.m4: test for broken getnameinfo
+
+2000-12-01 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common: add kludge for LIBS
+
+2000-11-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * check-man.m4: update this after recent changes
+
+ * Makefile.am.common: use install-catman.sh
+
+ * install-catman.sh: script to install preformatted manual pages
+
+ * Makefile.am.common: change cat handling
+
+2000-11-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: don't use AC_CONFIG_FILES here, since it doesn't
+ work with automake
+
+2000-11-15 Assar Westerlund <assar at sics.se>
+
+ * krb-readline.m4: link against the libtool-versions of
+ libeditline and libel_compat
+
+ * Makefile.am.common (INCLUDES): add $(INCLUDES_roken)
+ * roken-frag.m4 (CPPFLAGS_roken): rename to INCLUDES_roken
+
+2000-11-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * aix.m4: set aix
+
+2000-08-19 Assar Westerlund <assar at sics.se>
+
+ * krb-bigendian.m4: merge from arla: make it work better
+
+2000-08-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-frag.m4: check getsockname for proto compat
+
+2000-08-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am.common: add library for pidfile
+
+ * roken-frag.m4: tests for util.h and pidfile
+
+2000-07-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * check-var.m4: rename to rk_CHECK_VAR, transposing the arguments,
+ and making the second optional, AU_DEFINE AC_CHECK_VAR to
+ rk_CHECK_VAR
+
+ * roken-frag.m4: other roken tests
+
+ * db.m4: db tests
+
+2000-07-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * mips-abi.m4: AC_ERROR -> AC_MSG_ERROR
+
+ * check-netinet-ip-and-tcp.m4: use cache_check, and make this work
+ with new autoconf
+
+ * aix.m4: don't subst AFS_EXTRA_LD
+
+2000-07-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * check-var.m4: workaround feature of newer autoconf
+
+ * find-func-no-libs2.m4: use cleaner autoheader trick
+
+ * have-type.m4: use cleaner autoheader trick
+
+ * have-types.m4: use cleaner autoheader trick
+
+ * test-package.m4: add 6th parameter for now
+
+ * broken.m4: use cleaner autoheader trick
+
+ * retsigtype.m4: test for signal handler return type
+
+ * broken-realloc.m4: test for broken realloc
+
+2000-07-08 Assar Westerlund <assar at sics.se>
+
+ * roken.m4: set CPPFLAGS_roken and call AC_CONFIG_SUBDIRS
+
+2000-07-02 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (CP): set and use
+
+2000-04-05 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (INCLUDE_openldap, LIB_openldap): add
+
+2000-03-28 Assar Westerlund <assar at sics.se>
+
+ * krb-prog-yacc.m4: AC_MSG_WARNING should be AC_MSG_WARN
+
+ * shared-libs.m4: try to update to freebsd5 (and elf)
+
+2000-03-16 Assar Westerlund <assar at sics.se>
+
+ * krb-prog-yacc.m4: warn we do not find any yacc
+
+2000-01-08 Assar Westerlund <assar at sics.se>
+
+ * krb-bigendian.m4: new file, replacement for ac_c_bigendian
+
+2000-01-01 Assar Westerlund <assar at sics.se>
+
+ * krb-ipv6.m4: re-organize: test for type of stack first so that
+ we can find the libraries that we might have to link the test
+ program against. not linking the test program means we don't know
+ if the right stuff is in the libraries. also cosmetic changes to
+ make sure we print the checking for... nicely
+
+1999-12-21 Assar Westerlund <assar at sics.se>
+
+ * krb-ipv6.m4: try linking, not only compiling
+ * krb-ipv6.m4: add --without-ipv6 make sure we have `in6addr_any'
+ which we use in the code. This test avoids false positives on
+ OpenBSD
+
+1999-11-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * grok-type.m4: inttypes.h
+
+1999-11-05 Assar Westerlund <assar at sics.se>
+
+ * check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing
+
+1999-11-01 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (install-build-headers): use `cp' instead of
+ INSTALL_DATA for copying header files inside the build tree. The
+ user might have redefined INSTALL_DATA to specify owners and other
+ information.
+
+1999-10-30 Assar Westerlund <assar at sics.se>
+
+ * find-func-no-libs2.m4: add yet another argument to allow specify
+ linker flags that will be added _before_ the library when trying
+ to link
+
+ * find-func-no-libs.m4: add yet another argument to allow specify
+ linker flags that will be added _before_ the library when trying
+ to link
+
+1999-10-12 Assar Westerlund <assar at sics.se>
+
+ * find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument
+ `extra libs'
+
+ * find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra
+ libs'
+
+1999-09-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * capabilities.m4: sgi capabilities
+
+1999-07-29 Assar Westerlund <assar at sics.se>
+
+ * have-struct-field.m4: quote macros when undefining
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (install-build-headers): add dependencies
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * have-type.m4: try to get autoheader to co-operate
+
+ * have-type.m4: stolen from Arla
+
+ * krb-struct-sockaddr-sa-len.m4: not used any longer. removed.
+
+1999-06-13 Assar Westerlund <assar at sics.se>
+
+ * krb-struct-spwd.m4: consequent name of cache variables
+
+ * krb-func-getlogin.m4: new file for testing for posix (broken)
+ getlogin
+
+ * shared-libs.m4 (freebsd[34]): don't use ld -Bshareable
+
+1999-06-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * check-x.m4: extended test for X
+
+1999-05-14 Assar Westerlund <assar at sics.se>
+
+ * check-netinet-ip-and-tcp.m4: proper autoheader tricks
+
+ * check-netinet-ip-and-tcp.m4: new file for checking for
+ netinet/{ip,tcp}.h. These are special as they on Irix 6.5.3
+ require <standards.h> to be included in advance.
+
+ * check-xau.m4: we also need to check for XauFilename since it's
+ used by appl/kx. And on Irix 6.5 that function requires linking
+ with -lX11.
+
+1999-05-08 Assar Westerlund <assar at sics.se>
+
+ * krb-find-db.m4: try with more header files than ndbm.h
+
+1999-04-19 Assar Westerlund <assar at sics.se>
+
+ * test-package.m4: try to handle the case of --without-package
+ correctly
+
+1999-04-17 Assar Westerlund <assar at sics.se>
+
+ * make-aclocal: removed. Not used anymore, being replaced by
+ aclocal from automake.
+
+Thu Apr 15 14:17:26 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * make-proto.pl: handle __attribute__
+
+Fri Apr 9 20:37:18 1999 Assar Westerlund <assar at sics.se>
+
+ * shared-libs.m4: quote $@
+ (freebsd3): add install_symlink_command2
+
+Wed Apr 7 20:40:22 1999 Assar Westerlund <assar at sics.se>
+
+ * shared-libs.m4 (hpux): no library dependencies
+
+Mon Apr 5 16:13:08 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * test-package.m4: compile and link, rather than looking for
+ files; also export more information, so it's possible to add rpath
+ information
+
+Tue Mar 30 13:49:54 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am.common: CFLAGS -> AM_CFLAGS
+
+Mon Mar 29 16:51:12 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * check-xau.m4: check for XauWriteAuth before checking for
+ XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX
+ 6.5 that doesn't work with -lXau
+
+Sat Mar 27 18:03:58 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * osfc2.m4: --enable-osfc2
+
+Fri Mar 19 15:34:52 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * shared-libs.m4: move shared lib stuff here
+
+Wed Mar 24 23:24:51 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (install-build-headers): simplify loop
+
+Tue Mar 23 17:31:23 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's
+ posix or not
+
+Tue Mar 23 00:00:13 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am.common (install_build_headers): try to make it work
+ better when list of headers is empty. handle make rewriting the
+ filenames.
+
+ * Makefile.am.common: hesoid -> hesiod
+
+Sun Mar 21 14:48:03 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * grok-type.m4: <bind/bitypes.h>
+
+ * Makefile.am.common: fix for automake bug/feature; add more LIB_*
+
+ * test-package.m4: fix typo
+
+ * check-man.m4: fix some typos
+
+ * auth-modules.m4: tests for authentication modules
+
+Thu Mar 18 11:02:55 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am.common: make install-build-headers a multi
+ dependency target
+
+ * Makefile.am.common: remove include_dir hack
+
+ * Makefile.am.common: define LIB_kafs and LIB_gssapi
+
+ * krb-find-db.m4: subst DBLIB also
+
+ * check-xau.m4: test for Xau{Read,Write}Auth
+
+Wed Mar 10 19:29:20 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * wflags.m4: AC_WFLAGS
+
+Mon Mar 1 11:23:41 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * have-struct-field.m4: remove extra AC_MSG_RESULT
+
+ * proto-compat.m4: typo
+
+ * krb-func-getcwd-broken.m4: update to autoconf 2.13
+
+ * krb-find-db.m4: update to autoconf 2.13
+
+ * check-declaration.m4: typo
+
+ * have-pragma-weak.m4: update to autoconf 2.13
+
+ * have-struct-field.m4: better handling of types with spaces
+
+Mon Feb 22 20:05:06 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * broken-glob.m4: check for broken glob
+
+Sun Jan 31 06:50:33 1999 Assar Westerlund <assar at sics.se>
+
+ * krb-ipv6.m4: more magic for different v6 implementations. From
+ Jun-ichiro itojun Hagino <itojun at kame.net>
+
+Sun Nov 22 12:16:06 1998 Assar Westerlund <assar at sics.se>
+
+ * krb-struct-spwd.m4: new file
+
+Thu Jun 4 04:07:41 1998 Assar Westerlund <assar at sics.se>
+
+ * find-func-no-libs2.m4: new file
+
+Fri May 1 23:31:28 1998 Assar Westerlund <assar at sics.se>
+
+ * c-attribute.m4, c-function.m4: new files (from arla)
+
+Wed Mar 18 23:11:29 1998 Assar Westerlund <assar at sics.se>
+
+ * krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
+
+Thu Feb 26 02:37:49 1998 Assar Westerlund <assar at sics.se>
+
+ * make-proto.pl: should work with perl4
+
Added: vendor-crypto/heimdal/dist/cf/Makefile.am.common
===================================================================
--- vendor-crypto/heimdal/dist/cf/Makefile.am.common (rev 0)
+++ vendor-crypto/heimdal/dist/cf/Makefile.am.common 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,249 @@
+# $Id: Makefile.am.common,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+SUFFIXES = .et .h
+
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+
+if do_roken_rename
+ROKEN_RENAME = -DROKEN_RENAME
+endif
+
+AM_CFLAGS = $(WFLAGS)
+
+CP = cp
+
+## set build_HEADERZ to headers that should just be installed in build tree
+
+buildinclude = $(top_builddir)/include
+
+## these aren't detected by automake
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_crypt = @LIB_crypt@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_el_init = @LIB_el_init@
+LIB_getattr = @LIB_getattr@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_openpty = @LIB_openpty@
+LIB_pidfile = @LIB_pidfile@
+LIB_res_search = @LIB_res_search@
+LIB_setpcred = @LIB_setpcred@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LIB_com_err = @LIB_com_err@
+LIB_door_create = @LIB_door_create@
+
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+LIB_hesiod = @LIB_hesiod@
+
+INCLUDE_krb4 = @INCLUDE_krb4@
+LIB_krb4 = @LIB_krb4@
+
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
+INCLUDE_readline = @INCLUDE_readline@
+LIB_readline = @LIB_readline@
+
+LEXLIB = @LEXLIB@
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+SUFFIXES += .x .z
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+
+SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+
+NROFF_MAN = groff -mandoc -Tascii
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+## MAINTAINERCLEANFILES +=
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+
+if KRB5
+LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la
+LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+endif
+
+if DCE
+LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+endif
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
Added: vendor-crypto/heimdal/dist/cf/aix.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/aix.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/aix.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+dnl
+dnl $Id: aix.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([rk_AIX],[
+
+aix=no
+case "$host" in
+*-*-aix3*)
+ aix=3
+ ;;
+*-*-aix4*|*-*-aix5*)
+ aix=4
+ ;;
+esac
+
+AM_CONDITIONAL(AIX, test "$aix" != no)dnl
+AM_CONDITIONAL(AIX4, test "$aix" = 4)
+
+
+AC_ARG_ENABLE(dynamic-afs,
+ AS_HELP_STRING([--disable-dynamic-afs],
+ [do not use loaded AFS library with AIX]))
+
+if test "$aix" != no; then
+ if test "$enable_dynamic_afs" != no; then
+ AC_REQUIRE([rk_DLOPEN])
+ if test "$ac_cv_func_dlopen" = no; then
+ AC_FIND_FUNC_NO_LIBS(loadquery, ld)
+ fi
+ if test "$ac_cv_func_dlopen" != no; then
+ AIX_EXTRA_KAFS='$(LIB_dlopen)'
+ elif test "$ac_cv_func_loadquery" != no; then
+ AIX_EXTRA_KAFS='$(LIB_loadquery)'
+ else
+ AC_MSG_NOTICE([not using dynloaded AFS library])
+ AIX_EXTRA_KAFS=
+ enable_dynamic_afs=no
+ fi
+ else
+ AIX_EXTRA_KAFS=
+ fi
+fi
+
+AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl
+AC_SUBST(AIX_EXTRA_KAFS)dnl
+
+AH_BOTTOM([#if _AIX
+#define _ALL_SOURCE
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
+#endif])
+
+])
Added: vendor-crypto/heimdal/dist/cf/auth-modules.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/auth-modules.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/auth-modules.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+dnl $Id: auth-modules.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Figure what authentication modules should be built
+dnl
+dnl rk_AUTH_MODULES(module-list)
+
+AC_DEFUN([rk_AUTH_MODULES],[
+AC_MSG_CHECKING([which authentication modules should be built])
+
+z='m4_ifval([$1], $1, [sia pam afskauthlib])'
+LIB_AUTH_SUBDIRS=
+for i in $z; do
+case $i in
+sia)
+if test "$ac_cv_header_siad_h" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+;;
+pam)
+case "${host}" in
+*-*-freebsd*) ac_cv_want_pam_krb4=no ;;
+*) ac_cv_want_pam_krb4=yes ;;
+esac
+
+if test "$ac_cv_want_pam_krb4" = yes -a \
+ "$ac_cv_header_security_pam_modules_h" = yes -a \
+ "$enable_shared" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+;;
+afskauthlib)
+case "${host}" in
+*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+esac
+;;
+esac
+done
+if test "$LIB_AUTH_SUBDIRS"; then
+ AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
+else
+ AC_MSG_RESULT(none)
+fi
+
+AC_SUBST(LIB_AUTH_SUBDIRS)dnl
+])
Added: vendor-crypto/heimdal/dist/cf/autobuild.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/autobuild.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/autobuild.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,34 @@
+# autobuild.m4 serial 2 (autobuild-3.3)
+# Copyright (C) 2004 Simon Josefsson
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# This file can can be used in projects which are not available under
+# the GNU General Public License or the GNU Library General Public
+# License but which still want to provide support for Autobuild.
+
+# Usage: AB_INIT([MODE]).
+AC_DEFUN([AB_INIT],
+[
+ AC_REQUIRE([AC_CANONICAL_BUILD])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+
+ AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
+ AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
+ hostname=`hostname`
+ if test "$hostname"; then
+ AC_MSG_NOTICE([autobuild hostname... $hostname])
+ fi
+ ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
+ date=`date +%Y%m%d-%H%M%S`
+ if test "$?" != 0; then
+ date=`date`
+ fi
+ if test "$date"; then
+ AC_MSG_NOTICE([autobuild timestamp... $date])
+ fi
+])
Added: vendor-crypto/heimdal/dist/cf/broken-getaddrinfo.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/broken-getaddrinfo.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/broken-getaddrinfo.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,26 @@
+dnl $Id: broken-getaddrinfo.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl test if getaddrinfo can handle numeric services
+
+AC_DEFUN([rk_BROKEN_GETADDRINFO],[
+AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv,
+AC_RUN_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+int
+main(int argc, char **argv)
+{
+ struct addrinfo hints, *ai;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_family = PF_UNSPEC;
+ if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
+ return 1;
+ if(getaddrinfo(NULL, "0", &hints, &ai) != 0)
+ return 1;
+ return 0;
+}
+]])],[ac_cv_func_getaddrinfo_numserv=yes],[ac_cv_func_getaddrinfo_numserv=no]))])
Added: vendor-crypto/heimdal/dist/cf/broken-glob.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/broken-glob.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/broken-glob.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,29 @@
+dnl $Id: broken-glob.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl check for glob(3)
+dnl
+AC_DEFUN([AC_BROKEN_GLOB],[
+AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working,
+ac_cv_func_glob_working=yes
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <glob.h>]],[[
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
+#ifdef GLOB_MAXPATH
+GLOB_MAXPATH
+#else
+GLOB_LIMIT
+#endif
+,
+NULL, NULL);
+]])],[:],[ac_cv_func_glob_working=no]))
+
+if test "$ac_cv_func_glob_working" = yes; then
+ AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks
+ GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>
+#include <glob.h>],glob)
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/broken-realloc.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/broken-realloc.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/broken-realloc.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+dnl
+dnl $Id: broken-realloc.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Test for realloc that doesn't handle NULL as first parameter
+dnl
+AC_DEFUN([rk_BROKEN_REALLOC], [
+AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [
+ac_cv_func_realloc_broken=no
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stddef.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv)
+{
+ return realloc(NULL, 17) == NULL;
+}
+]])],[:], [ac_cv_func_realloc_broken=yes],[:])
+])
+if test "$ac_cv_func_realloc_broken" = yes ; then
+ AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.])
+fi
+AH_BOTTOM([#ifdef BROKEN_REALLOC
+#define realloc(X, Y) rk_realloc((X), (Y))
+#endif])
+])
Added: vendor-crypto/heimdal/dist/cf/broken-snprintf.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/broken-snprintf.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/broken-snprintf.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+dnl $Id: broken-snprintf.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+AC_DEFUN([AC_BROKEN_SNPRINTF], [
+AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
+ac_cv_func_snprintf_working=yes
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+int main(int argc, char **argv)
+{
+ char foo[[3]];
+ snprintf(foo, 2, "12");
+ return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2;
+}]])],[:],[ac_cv_func_snprintf_working=no],[:]))
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf])
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],snprintf)
+fi
+])
+
+AC_DEFUN([AC_BROKEN_VSNPRINTF],[
+AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working,
+ac_cv_func_vsnprintf_working=yes
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+int foo(int num, ...)
+{
+ char bar[[3]];
+ va_list arg;
+ va_start(arg, num);
+ vsnprintf(bar, 2, "%s", arg);
+ va_end(arg);
+ return strcmp(bar, "1");
+}
+
+int bar(int num, int len, ...)
+{
+ int r;
+ va_list arg;
+ va_start(arg, len);
+ r = vsnprintf(NULL, 0, "%s", arg);
+ va_end(arg);
+ return r != len;
+}
+
+int main(int argc, char **argv)
+{
+ return foo(0, "12") || bar(0, 2, "12");
+}]])],[:],[ac_cv_func_vsnprintf_working=no],[:]))
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf])
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/broken.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/broken.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/broken.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+dnl $Id: broken.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
+dnl libraries
+
+AC_DEFUN([AC_BROKEN],
+[AC_FOREACH([rk_func], [$1],
+ [AC_CHECK_FUNC(rk_func,
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1,
+ [Define if you have the function `]rk_func['.])],
+ [rk_LIBOBJ(rk_func)])])])
Added: vendor-crypto/heimdal/dist/cf/broken2.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/broken2.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/broken2.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+dnl $Id: broken2.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl AC_BROKEN but with more arguments
+
+dnl AC_BROKEN2(func, includes, arguments)
+AC_DEFUN([AC_BROKEN2],
+[AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_func_[]$1,
+[AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$1) || defined (__stub___$1)
+choke me
+#else
+$1($3);
+#endif
+]])], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])])
+if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+ rk_LIBOBJ($1)
+fi])
Added: vendor-crypto/heimdal/dist/cf/c-attribute.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/c-attribute.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/c-attribute.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+dnl
+dnl $Id: c-attribute.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+dnl
+dnl Test for __attribute__
+dnl
+
+AC_DEFUN([AC_C___ATTRIBUTE__], [
+AC_MSG_CHECKING(for __attribute__)
+AC_CACHE_VAL(ac_cv___attribute__, [
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h>
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+ exit(1);
+}
+]])],
+[ac_cv___attribute__=yes],
+[ac_cv___attribute__=no])])
+if test "$ac_cv___attribute__" = "yes"; then
+ AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
+fi
+AC_MSG_RESULT($ac_cv___attribute__)
+])
+
Added: vendor-crypto/heimdal/dist/cf/c-function.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/c-function.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/c-function.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,33 @@
+dnl
+dnl $Id: c-function.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+dnl
+dnl Test for __FUNCTION__
+dnl
+
+AC_DEFUN([AC_C___FUNCTION__], [
+AC_MSG_CHECKING(for __FUNCTION__)
+AC_CACHE_VAL(ac_cv___function__, [
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <string.h>
+
+static char *foo(void)
+{
+ return __FUNCTION__;
+}
+
+int main(int argc, char **argc)
+{
+ return strcmp(foo(), "foo") != 0;
+}
+]])],
+[ac_cv___function__=yes],
+[ac_cv___function__=no],
+[ac_cv___function__=no])])
+if test "$ac_cv___function__" = "yes"; then
+ AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__])
+fi
+AC_MSG_RESULT($ac_cv___function__)
+])
+
Added: vendor-crypto/heimdal/dist/cf/capabilities.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/capabilities.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/capabilities.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+dnl
+dnl $Id: capabilities.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+dnl
+dnl Test SGI capabilities
+dnl
+
+AC_DEFUN([KRB_CAPABILITIES],[
+
+AC_CHECK_HEADERS(capability.h sys/capability.h)
+
+AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
+])
Added: vendor-crypto/heimdal/dist/cf/check-compile-et.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-compile-et.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-compile-et.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,109 @@
+dnl $Id: check-compile-et.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl CHECK_COMPILE_ET
+AC_DEFUN([CHECK_COMPILE_ET], [
+
+AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
+
+krb_cv_compile_et="no"
+krb_cv_com_err_need_r=""
+krb_cv_compile_et_cross=no
+if test "${COMPILE_ET}" = "compile_et"; then
+
+dnl We have compile_et. Now let's see if it supports `prefix' and `index'.
+AC_MSG_CHECKING(whether compile_et has the features we need)
+cat > conftest_et.et <<'EOF'
+error_table test conf
+prefix CONFTEST
+index 1
+error_code CODE1, "CODE1"
+index 128
+error_code CODE2, "CODE2"
+end
+EOF
+if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
+ dnl XXX Some systems have <et/com_err.h>.
+ save_CPPFLAGS="${CPPFLAGS}"
+ if test -d "/usr/include/et"; then
+ CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
+ fi
+ dnl Check that the `prefix' and `index' directives were honored.
+ AC_RUN_IFELSE([
+#include <com_err.h>
+#include <string.h>
+#include "conftest_et.h"
+int main(int argc, char **argv){
+#ifndef ERROR_TABLE_BASE_conf
+#error compile_et does not handle error_table N M
+#endif
+return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
+ ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"],
+ [krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes] )
+fi
+AC_MSG_RESULT(${krb_cv_compile_et})
+if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then
+ AC_MSG_CHECKING([for if com_err generates a initialize_conf_error_table_r])
+ AC_EGREP_CPP([initialize_conf_error_table_r.*struct et_list],
+ [#include "conftest_et.h"],
+ [krb_cv_com_err_need_r="ok"])
+ if test X"$krb_cv_com_err_need_r" = X ; then
+ AC_MSG_RESULT(no)
+ krb_cv_compile_et=no
+ else
+ AC_MSG_RESULT(yes)
+ fi
+fi
+rm -fr conftest*
+fi
+
+if test "${krb_cv_compile_et_cross}" = yes ; then
+ krb_cv_com_err="cross"
+elif test "${krb_cv_compile_et}" = "yes"; then
+ dnl Since compile_et seems to work, let's check libcom_err
+ krb_cv_save_LIBS="${LIBS}"
+ LIBS="${LIBS} -lcom_err"
+ AC_MSG_CHECKING(for com_err)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <com_err.h>]],[[
+ const char *p;
+ p = error_message(0);
+ initialize_error_table_r(0,0,0,0);
+ ]])],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
+ AC_MSG_RESULT(${krb_cv_com_err})
+ LIBS="${krb_cv_save_LIBS}"
+else
+ dnl Since compile_et doesn't work, forget about libcom_err
+ krb_cv_com_err="no"
+fi
+
+dnl Only use the system's com_err if we found compile_et, libcom_err, and
+dnl com_err.h.
+if test "${krb_cv_com_err}" = "yes"; then
+ DIR_com_err=""
+ LIB_com_err="-lcom_err"
+ LIB_com_err_a=""
+ LIB_com_err_so=""
+ AC_MSG_NOTICE(Using the already-installed com_err)
+ localcomerr=no
+elif test "${krb_cv_com_err}" = "cross"; then
+ DIR_com_err="com_err"
+ LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
+ LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
+ LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
+ AC_MSG_NOTICE(Using our own com_err with toolchain compile_et)
+ localcomerr=yes
+else
+ COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
+ DIR_com_err="com_err"
+ LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
+ LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
+ LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
+ AC_MSG_NOTICE(Using our own com_err)
+ localcomerr=yes
+fi
+AM_CONDITIONAL(COM_ERR, test "$localcomerr" = yes)dnl
+AC_SUBST(DIR_com_err)
+AC_SUBST(LIB_com_err)
+AC_SUBST(LIB_com_err_a)
+AC_SUBST(LIB_com_err_so)
+
+])
Added: vendor-crypto/heimdal/dist/cf/check-getpwnam_r-posix.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-getpwnam_r-posix.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-getpwnam_r-posix.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+dnl $Id: check-getpwnam_r-posix.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl check for getpwnam_r, and if it's posix or not
+
+AC_DEFUN([AC_CHECK_GETPWNAM_R_POSIX],[
+AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+ AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix,
+ ac_libs="$LIBS"
+ LIBS="$LIBS $LIB_getpwnam_r"
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#define _POSIX_PTHREAD_SEMANTICS
+#include <pwd.h>
+int main(int argc, char **argv)
+{
+ struct passwd pw, *pwd;
+ return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+]])],[ac_cv_func_getpwnam_r_posix=yes],[ac_cv_func_getpwnam_r_posix=no],[:])
+LIBS="$ac_libs")
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+ AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.])
+fi
+fi
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/check-man.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-man.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-man.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+dnl $Id: check-man.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl check how to format manual pages
+dnl
+
+AC_DEFUN([rk_CHECK_MAN],
+[AC_PATH_PROG(NROFF, nroff)
+AC_PATH_PROG(GROFF, groff)
+AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format,
+[cat > conftest.1 << END
+.Dd January 1, 1970
+.Dt CONFTEST 1
+.Sh NAME
+.Nm conftest
+.Nd
+foobar
+END
+
+if test "$NROFF" ; then
+ for i in "-mdoc" "-mandoc"; do
+ if "$NROFF" $i conftest.1 2> /dev/null | \
+ grep Jan > /dev/null 2>&1 ; then
+ ac_cv_sys_man_format="$NROFF $i"
+ break
+ fi
+ done
+fi
+if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
+ for i in "-mdoc" "-mandoc"; do
+ if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
+ grep Jan > /dev/null 2>&1 ; then
+ ac_cv_sys_man_format="$GROFF -Tascii $i"
+ break
+ fi
+ done
+fi
+if test "$ac_cv_sys_man_format"; then
+ ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@"
+fi
+])
+if test "$ac_cv_sys_man_format"; then
+ CATMAN="$ac_cv_sys_man_format"
+ AC_SUBST(CATMAN)
+fi
+AM_CONDITIONAL(CATMAN, test "$CATMAN")
+AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext,
+[if grep _suffix /etc/man.conf > /dev/null 2>&1; then
+ ac_cv_sys_catman_ext=0
+else
+ ac_cv_sys_catman_ext=number
+fi
+])
+if test "$ac_cv_sys_catman_ext" = number; then
+ CATMANEXT='$$section'
+else
+ CATMANEXT=0
+fi
+AC_SUBST(CATMANEXT)
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/check-netinet-ip-and-tcp.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-netinet-ip-and-tcp.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-netinet-ip-and-tcp.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,33 @@
+dnl
+dnl $Id: check-netinet-ip-and-tcp.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
+dnl you have to include standards.h before including these files
+
+AC_DEFUN([CHECK_NETINET_IP_AND_TCP],
+[
+AC_CHECK_HEADERS(standards.h)
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+AC_CACHE_CHECK([for $i],ac_cv_header_$cv,
+[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+]])],
+[eval "ac_cv_header_$cv=yes"],
+[eval "ac_cv_header_$cv=no"])])
+ac_res=`eval echo \\$ac_cv_header_$cv`
+if test "$ac_res" = yes; then
+ ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
+fi
+done
+if false;then
+ AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h)
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/check-type-extra.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-type-extra.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-type-extra.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,23 @@
+dnl $Id: check-type-extra.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl ac_check_type + extra headers
+
+dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS)
+AC_DEFUN([AC_CHECK_TYPE_EXTRA],
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_type_$1,
+[AC_EGREP_CPP(dnl
+changequote(<<,>>)dnl
+<<$1[^a-zA-Z_0-9]>>dnl
+changequote([,]), [#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl
+AC_MSG_RESULT($ac_cv_type_$1)
+if test $ac_cv_type_$1 = no; then
+ AC_DEFINE($1, $2, [Define this to what the type $1 should be.])
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/check-var.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-var.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-var.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+dnl $Id: check-var.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl rk_CHECK_VAR(variable, includes)
+AC_DEFUN([rk_CHECK_VAR], [
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(ac_cv_var_$1, [
+m4_ifval([$2],[
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2
+ void * foo(void) { return &$1; }]],[[foo()]])],
+ [ac_cv_var_$1=yes],[ac_cv_var_$1=no])])
+if test "$ac_cv_var_$1" != yes ; then
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int $1;
+int foo(void) { return $1; }]],[[foo()]])],
+ [ac_cv_var_$1=yes],[ac_cv_var_$1=no])
+fi
+])
+ac_foo=`eval echo \\$ac_cv_var_$1`
+AC_MSG_RESULT($ac_foo)
+if test "$ac_foo" = yes; then
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1,
+ [Define if you have the `]$1[' variable.])
+ m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2]))
+fi
+])
+
+AC_WARNING_ENABLE([obsolete])
+AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
Added: vendor-crypto/heimdal/dist/cf/check-x.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-x.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-x.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+dnl
+dnl See if there is any X11 present
+dnl
+dnl $Id: check-x.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+AC_DEFUN([KRB_CHECK_X],[
+AC_PATH_XTRA
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+ AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[
+ ac_save_libs="$LIBS"
+ ac_save_cflags="$CFLAGS"
+ CFLAGS="$CFLAGS $X_CFLAGS"
+ krb_cv_sys_x_libs_rpath=""
+ krb_cv_sys_x_libs=""
+ for rflag in "" "-R" "-R " "-rpath "; do
+ if test "$rflag" = ""; then
+ foo="$X_LIBS"
+ else
+ foo=""
+ for flag in $X_LIBS; do
+ case $flag in
+ -L*)
+ foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+ ;;
+ *)
+ foo="$foo $flag"
+ ;;
+ esac
+ done
+ fi
+ LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
+ AC_RUN_IFELSE([
+ #include <X11/Xlib.h>
+ foo(void)
+ {
+ XOpenDisplay(NULL);
+ }
+ main(int argc, char **argv)
+ {
+ return 0;
+ }
+ ],krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:,
+ krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break)
+ done
+ LIBS="$ac_save_libs"
+ CFLAGS="$ac_save_cflags"
+ ])
+ X_LIBS="$krb_cv_sys_x_libs"
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/check-xau.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/check-xau.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/check-xau.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+dnl $Id: check-xau.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl check for Xau{Read,Write}Auth and XauFileName
+dnl
+AC_DEFUN([AC_CHECK_XAU],[
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+## check for XauWriteAuth first, so we detect the case where
+## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
+## could be done by checking for XauReadAuth in -lXau first, but this
+## breaks in IRIX 6.5
+
+AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau,[#include <X11/Xauth.h>],[0,0])
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau,[#include <X11/Xauth.h>],[0])
+LIBS="$LIB_XauReadAauth $LIBS"
+AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau,[#include <X11/Xauth.h>])
+LIBS="$ac_xxx"
+
+## set LIB_XauReadAuth to union of these tests, since this is what the
+## Makefiles are using
+case "$ac_cv_funclib_XauWriteAuth" in
+yes) ;;
+no) ;;
+*) if test "$ac_cv_funclib_XauReadAuth" = yes; then
+ if test "$ac_cv_funclib_XauFileName" = yes; then
+ LIB_XauReadAuth="$LIB_XauWriteAuth"
+ else
+ LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+ fi
+ else
+ if test "$ac_cv_funclib_XauFileName" = yes; then
+ LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+ else
+ LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+ fi
+ fi
+ ;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+ AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes")
+else
+ AC_SUBST(NEED_WRITEAUTH_TRUE)
+ AC_SUBST(NEED_WRITEAUTH_FALSE)
+ if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+ NEED_WRITEAUTH_TRUE=
+ NEED_WRITEAUTH_FALSE='#'
+ else
+ NEED_WRITEAUTH_TRUE='#'
+ NEED_WRITEAUTH_FALSE=
+ fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+])
Added: vendor-crypto/heimdal/dist/cf/crypto.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/crypto.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/crypto.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,177 @@
+dnl $Id: crypto.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl test for crypto libraries:
+dnl - libcrypto (from openssl)
+dnl - own-built libhcrypto
+
+m4_define([test_headers], [
+ #undef KRB5 /* makes md4.h et al unhappy */
+ #ifdef HAVE_OPENSSL
+ #ifdef HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+ #include <openssl/evp.h>
+ #include <openssl/md4.h>
+ #include <openssl/md5.h>
+ #include <openssl/sha.h>
+ #include <openssl/des.h>
+ #include <openssl/rc4.h>
+ #include <openssl/aes.h>
+ #include <openssl/engine.h>
+ #include <openssl/ui.h>
+ #include <openssl/rand.h>
+ #include <openssl/hmac.h>
+ #include <openssl/pkcs12.h>
+ #else
+ #include <hcrypto/evp.h>
+ #include <hcrypto/md4.h>
+ #include <hcrypto/md5.h>
+ #include <hcrypto/sha.h>
+ #include <hcrypto/des.h>
+ #include <hcrypto/rc4.h>
+ #include <hcrypto/aes.h>
+ #include <hcrypto/engine.h>
+ #include <hcrypto/hmac.h>
+ #include <hcrypto/pkcs12.h>
+ #endif
+ ])
+m4_define([test_body], [
+ void *schedule = 0;
+ MD4_CTX md4;
+ MD5_CTX md5;
+ SHA_CTX sha1;
+ SHA256_CTX sha256;
+
+ MD4_Init(&md4);
+ MD5_Init(&md5);
+ SHA1_Init(&sha1);
+ SHA256_Init(&sha256);
+ EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
+ #ifdef HAVE_OPENSSL
+ RAND_status();
+ UI_UTIL_read_pw_string(0,0,0,0);
+ #endif
+
+ OpenSSL_add_all_algorithms();
+ AES_encrypt(0,0,0);
+ DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
+ RC4(0, 0, 0, 0);])
+
+
+AC_DEFUN([KRB_CRYPTO],[
+crypto_lib=unknown
+AC_WITH_ALL([openssl])
+
+DIR_hcrypto=
+
+AC_MSG_CHECKING([for crypto library])
+
+openssl=no
+
+if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
+ save_CPPFLAGS="$CPPFLAGS"
+ save_LIBS="$LIBS"
+
+ cdirs= clibs=
+ for i in $LIB_krb4; do
+ case "$i" in
+ -L*) cdirs="$cdirs $i";;
+ -l*) clibs="$clibs $i";;
+ esac
+ done
+
+ ires=
+ for i in $INCLUDE_krb4; do
+ CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
+ for j in $cdirs; do
+ for k in $clibs; do
+ LIBS="$j $k $save_LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],
+ [test_body])],
+ [openssl=yes ires="$i" lres="$j $k"; break 3])
+ done
+ done
+ CFLAGS="$i $save_CFLAGS"
+ for j in $cdirs; do
+ for k in $clibs; do
+ LIBS="$j $k $save_LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])],
+ [openssl=no ires="$i" lres="$j $k"; break 3])
+ done
+ done
+ done
+
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+ if test "$ires" -a "$lres"; then
+ INCLUDE_hcrypto="$ires"
+ LIB_hcrypto="$lres"
+ crypto_lib=krb4
+ AC_MSG_RESULT([same as krb4])
+ LIB_hcrypto_a='$(LIB_hcrypto)'
+ LIB_hcrypto_so='$(LIB_hcrypto)'
+ LIB_hcrypto_appl='$(LIB_hcrypto)'
+ fi
+fi
+
+if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ INCLUDE_hcrypto=
+ LIB_hcrypto=
+ if test "$with_openssl_include" != ""; then
+ INCLUDE_hcrypto="-I${with_openssl_include}"
+ fi
+ if test "$with_openssl_lib" != ""; then
+ LIB_hcrypto="-L${with_openssl_lib}"
+ fi
+ CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}"
+ saved_LIB_hcrypto="$LIB_hcrypto"
+ for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do
+ LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres"
+ LIB_hcrypto_a="$LIB_hcrypto"
+ LIB_hcrypto_so="$LIB_hcrypto"
+ LIB_hcrypto_appl="$LIB_hcrypto"
+ LIBS="${LIBS} ${LIB_hcrypto}"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], [
+ crypto_lib=libcrypto openssl=yes
+ AC_MSG_RESULT([libcrypto])
+ ])
+ if test "$crypto_lib" = libcrypto ; then
+ break;
+ fi
+ done
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+fi
+
+if test "$crypto_lib" = "unknown"; then
+
+ DIR_hcrypto='hcrypto'
+ LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la'
+ LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a'
+ LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so'
+ LIB_hcrypto_appl="-lhcrypto"
+
+ AC_MSG_RESULT([included libhcrypto])
+
+fi
+
+if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
+ AC_MSG_ERROR([the crypto library used by krb4 lacks features
+required by Kerberos 5; to continue, you need to install a newer
+Kerberos 4 or configure --without-krb4])
+fi
+
+if test "$openssl" = "yes"; then
+ AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
+fi
+AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
+
+AC_SUBST(DIR_hcrypto)
+AC_SUBST(INCLUDE_hcrypto)
+AC_SUBST(LIB_hcrypto)
+AC_SUBST(LIB_hcrypto_a)
+AC_SUBST(LIB_hcrypto_so)
+AC_SUBST(LIB_hcrypto_appl)
+])
Added: vendor-crypto/heimdal/dist/cf/db.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/db.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/db.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,211 @@
+dnl $Id: db.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl tests for various db libraries
+dnl
+AC_DEFUN([rk_DB],[
+AC_ARG_ENABLE(berkeley-db,
+ AS_HELP_STRING([--disable-berkeley-db],
+ [if you don't want berkeley db]),[
+])
+
+AC_ARG_ENABLE(ndbm-db,
+ AS_HELP_STRING([--disable-ndbm-db],
+ [if you don't want ndbm db]),[
+])
+
+have_ndbm=no
+db_type=unknown
+
+if test "$enable_berkeley_db" != no; then
+
+ AC_CHECK_HEADERS([ \
+ db4/db.h \
+ db3/db.h \
+ db.h \
+ db_185.h \
+ ])
+
+dnl db_create is used by db3 and db4
+
+ AC_FIND_FUNC_NO_LIBS(db_create, db4 db3 db, [
+ #include <stdio.h>
+ #ifdef HAVE_DB4_DB_H
+ #include <db4/db.h>
+ #elif defined(HAVE_DB3_DB_H)
+ #include <db3/db.h>
+ #else
+ #include <db.h>
+ #endif
+ ],[NULL, NULL, 0])
+
+ if test "$ac_cv_func_db_create" = "yes"; then
+ db_type=db3
+ if test "$ac_cv_funclib_db_create" != "yes"; then
+ DBLIB="$ac_cv_funclib_db_create"
+ else
+ DBLIB=""
+ fi
+ AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4 library])
+ else
+
+dnl dbopen is used by db1/db2
+
+ AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [
+ #include <stdio.h>
+ #if defined(HAVE_DB2_DB_H)
+ #include <db2/db.h>
+ #elif defined(HAVE_DB_185_H)
+ #include <db_185.h>
+ #elif defined(HAVE_DB_H)
+ #include <db.h>
+ #else
+ #error no db.h
+ #endif
+ ],[NULL, 0, 0, 0, NULL])
+
+ if test "$ac_cv_func_dbopen" = "yes"; then
+ db_type=db1
+ if test "$ac_cv_funclib_dbopen" != "yes"; then
+ DBLIB="$ac_cv_funclib_dbopen"
+ else
+ DBLIB=""
+ fi
+ AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library])
+ fi
+ fi
+
+dnl test for ndbm compatability
+
+ if test "$ac_cv_func_dbm_firstkey" != yes; then
+ AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [
+ #include <stdio.h>
+ #define DB_DBM_HSEARCH 1
+ #include <db.h>
+ DBM *dbm;
+ ],[NULL])
+
+ if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+ if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+ LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+ else
+ LIB_NDBM=""
+ fi
+ AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db])
+ AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
+ else
+ $as_unset ac_cv_func_dbm_firstkey
+ $as_unset ac_cv_funclib_dbm_firstkey
+ fi
+ fi
+
+fi # berkeley db
+
+if test "$enable_ndbm_db" != "no"; then
+
+ if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
+
+ AC_CHECK_HEADERS([ \
+ dbm.h \
+ ndbm.h \
+ ])
+
+ AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [
+ #include <stdio.h>
+ #if defined(HAVE_NDBM_H)
+ #include <ndbm.h>
+ #elif defined(HAVE_DBM_H)
+ #include <dbm.h>
+ #endif
+ DBM *dbm;
+ ],[NULL])
+
+ if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+ if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+ LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+ else
+ LIB_NDBM=""
+ fi
+ AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
+ have_ndbm=yes
+ if test "$db_type" = "unknown"; then
+ db_type=ndbm
+ DBLIB="$LIB_NDBM"
+ fi
+ else
+
+ $as_unset ac_cv_func_dbm_firstkey
+ $as_unset ac_cv_funclib_dbm_firstkey
+
+ AC_CHECK_HEADERS([ \
+ gdbm/ndbm.h \
+ ])
+
+ AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [
+ #include <stdio.h>
+ #include <gdbm/ndbm.h>
+ DBM *dbm;
+ ],[NULL])
+
+ if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+ if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+ LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+ else
+ LIB_NDBM=""
+ fi
+ AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl
+ have_ndbm=yes
+ if test "$db_type" = "unknown"; then
+ db_type=ndbm
+ DBLIB="$LIB_NDBM"
+ fi
+ fi
+ fi
+ fi #enable_ndbm_db
+fi # unknown
+
+if test "$have_ndbm" = "yes"; then
+ AC_MSG_CHECKING([if ndbm is implemented with db])
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
+#elif defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#endif
+int main(int argc, char **argv)
+{
+ DBM *d;
+
+ d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+ if (d == NULL)
+ return 1;
+ dbm_close(d);
+ return 0;
+}]])],[
+ if test -f conftest.db; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)])
+ else
+ AC_MSG_RESULT([no])
+ fi],[AC_MSG_RESULT([no])])
+fi
+
+AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
+AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
+AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
+
+## it's probably not correct to include LDFLAGS here, but we might
+## need it, for now just add any possible -L
+z=""
+for i in $LDFLAGS; do
+ case "$i" in
+ -L*) z="$z $i";;
+ esac
+done
+DBLIB="$z $DBLIB"
+AC_SUBST(DBLIB)dnl
+AC_SUBST(LIB_NDBM)dnl
+])
Added: vendor-crypto/heimdal/dist/cf/destdirs.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/destdirs.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/destdirs.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+dnl
+dnl $Id: destdirs.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([rk_DESTDIRS], [
+# This is done by AC_OUTPUT but we need the result here.
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [
+ x="${rk_dir[]dir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+ AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])])
+])
Added: vendor-crypto/heimdal/dist/cf/dlopen.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/dlopen.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/dlopen.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,11 @@
+dnl
+dnl $Id: dlopen.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([rk_DLOPEN], [
+ AC_FIND_FUNC_NO_LIBS(dlopen, dl,[
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif],[0,0])
+ AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no)
+])
Added: vendor-crypto/heimdal/dist/cf/find-func-no-libs.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/find-func-no-libs.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/find-func-no-libs.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,9 @@
+dnl $Id: find-func-no-libs.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
+AC_DEFUN([AC_FIND_FUNC_NO_LIBS], [
+AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
Added: vendor-crypto/heimdal/dist/cf/find-func-no-libs2.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/find-func-no-libs2.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/find-func-no-libs2.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+dnl $Id: find-func-no-libs2.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Look for function in any of the specified libraries
+dnl
+
+dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
+AC_DEFUN([AC_FIND_FUNC_NO_LIBS2], [
+
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(ac_cv_funclib_$1,
+[
+if eval "test \"\$ac_cv_func_$1\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in $2; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS="$6 $ac_lib $5 $ac_save_LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$3]],[[$1($4)]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break])
+ done
+ eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
+ LIBS="$ac_save_LIBS"
+fi
+])
+
+eval "ac_res=\$ac_cv_funclib_$1"
+
+if false; then
+ AC_CHECK_FUNCS($1)
+dnl AC_CHECK_LIBS($2, foo)
+fi
+# $1
+eval "ac_tr_func=HAVE_[]upcase($1)"
+eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')"
+eval "LIB_$1=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_$1=yes"
+ eval "LIB_$1="
+ AC_DEFINE_UNQUOTED($ac_tr_func)
+ AC_MSG_RESULT([yes])
+ ;;
+ no)
+ eval "ac_cv_func_$1=no"
+ eval "LIB_$1="
+ AC_MSG_RESULT([no])
+ ;;
+ *)
+ eval "ac_cv_func_$1=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ AC_DEFINE_UNQUOTED($ac_tr_func)
+ AC_DEFINE_UNQUOTED($ac_tr_lib)
+ AC_MSG_RESULT([yes, in $ac_res])
+ ;;
+esac
+AC_SUBST(LIB_$1)
+])
Added: vendor-crypto/heimdal/dist/cf/find-func.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/find-func.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/find-func.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,9 @@
+dnl $Id: find-func.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl AC_FIND_FUNC(func, libraries, includes, arguments)
+AC_DEFUN([AC_FIND_FUNC], [
+AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4])
+if test -n "$LIB_$1"; then
+ LIBS="$LIB_$1 $LIBS"
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/find-if-not-broken.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/find-if-not-broken.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/find-if-not-broken.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+dnl $Id: find-if-not-broken.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Mix between AC_FIND_FUNC and AC_BROKEN
+dnl
+
+AC_DEFUN([AC_FIND_IF_NOT_BROKEN],
+[AC_FIND_FUNC([$1], [$2], [$3], [$4])
+if eval "test \"$ac_cv_func_$1\" != yes"; then
+ rk_LIBOBJ([$1])
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/framework-security.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/framework-security.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/framework-security.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,31 @@
+AC_DEFUN([rk_FRAMEWORK_SECURITY], [
+
+AC_MSG_CHECKING([for framework security])
+AC_CACHE_VAL(rk_cv_framework_security,
+[
+if test "$rk_cv_framework_security" != yes; then
+ ac_save_LIBS="$LIBS"
+ LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <Security/Security.h>
+]],
+[[SecKeychainSearchRef searchRef;
+SecKeychainSearchCreateFromAttributes(NULL,kSecCertificateItemClass,NULL, &searchRef);
+CFRelease(&searchRef);
+]])],[rk_cv_framework_security=yes])
+ LIBS="$ac_save_LIBS"
+fi
+])
+
+if test "$rk_cv_framework_security" = yes; then
+ AC_DEFINE(HAVE_FRAMEWORK_SECURITY, 1, [Have -framework Security])
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+AM_CONDITIONAL(FRAMEWORK_SECURITY, test "$rk_cv_framework_security" = yes)
+
+if test "$rk_cv_framework_security" = yes; then
+ AC_NEED_PROTO([#include <Security/Security.h>],SecKeyGetCSPHandle)
+fi
+
+])
Added: vendor-crypto/heimdal/dist/cf/have-pragma-weak.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/have-pragma-weak.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/have-pragma-weak.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,37 @@
+dnl $Id: have-pragma-weak.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+AC_DEFUN([AC_HAVE_PRAGMA_WEAK], [
+if test "${enable_shared}" = "yes"; then
+AC_MSG_CHECKING(for pragma weak)
+AC_CACHE_VAL(ac_have_pragma_weak, [
+ac_have_pragma_weak=no
+cat > conftest_foo.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+#pragma weak foo = _foo
+int _foo = 17;
+EOF
+cat > conftest_bar.$ac_ext <<'EOF'
+[#]line __oline__ "configure"
+#include "confdefs.h"
+extern int foo;
+
+int t(void) {
+ return foo;
+}
+
+int main(int argc, char **argv) {
+ return t();
+}
+EOF
+if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then
+ac_have_pragma_weak=yes
+fi
+rm -rf conftest*
+])
+if test "$ac_have_pragma_weak" = "yes"; then
+ AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl
+fi
+AC_MSG_RESULT($ac_have_pragma_weak)
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/have-struct-field.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/have-struct-field.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/have-struct-field.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,21 @@
+dnl $Id: have-struct-field.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl check for fields in a structure
+dnl
+dnl AC_HAVE_STRUCT_FIELD(struct, field, headers)
+
+AC_DEFUN([AC_HAVE_STRUCT_FIELD], [
+define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_]))
+AC_CACHE_CHECK([for $2 in $1], cache_val,[
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$3]],
+ [[$1 x; memset(&x, 0, sizeof(x)); x.$2]])],
+ [cache_val=yes],
+ [cache_val=no])
+])
+if test "$cache_val" = yes; then
+ define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
+ AC_DEFINE(foo, 1, [Define if $1 has field $2.])
+ undefine([foo])
+fi
+undefine([cache_val])
+])
Added: vendor-crypto/heimdal/dist/cf/have-type.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/have-type.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/have-type.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,30 @@
+dnl $Id: have-type.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl check for existance of a type
+
+dnl AC_HAVE_TYPE(TYPE,INCLUDES)
+AC_DEFUN([AC_HAVE_TYPE], [
+AC_REQUIRE([AC_HEADER_STDC])
+cv=`echo "$1" | sed 'y%./+- %__p__%'`
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL([ac_cv_type_$cv],
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+$2]],
+[[$1 foo;]])],
+[eval "ac_cv_type_$cv=yes"],
+[eval "ac_cv_type_$cv=no"]))dnl
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+AC_MSG_RESULT($ac_foo)
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ AC_CHECK_TYPES($1)
+fi
+ AC_DEFINE_UNQUOTED($ac_tr_hdr, 1, [Define if you have type `$1'])
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/have-types.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/have-types.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/have-types.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+dnl
+dnl $Id: have-types.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([AC_HAVE_TYPES], [
+for i in $1; do
+ AC_HAVE_TYPE($i)
+done
+if false;then
+ AC_CHECK_FUNCS($1)
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/install-catman.sh
===================================================================
--- vendor-crypto/heimdal/dist/cf/install-catman.sh (rev 0)
+++ vendor-crypto/heimdal/dist/cf/install-catman.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# $Id: install-catman.sh,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+#
+# install preformatted manual pages
+
+cmd="$1"; shift
+INSTALL_DATA="$1"; shift
+mkinstalldirs="$1"; shift
+srcdir="$1"; shift
+manbase="$1"; shift
+suffix="$1"; shift
+catinstall="${INSTALL_CATPAGES-yes}"
+
+for f in "$@"; do
+ base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'`
+ section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'`
+ mandir="$manbase/man$section"
+ catdir="$manbase/cat$section"
+ c="$base.cat$section"
+
+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then
+ if test "$cmd" = install ; then
+ if test \! -d "$catdir"; then
+ eval "$mkinstalldirs $catdir"
+ fi
+ eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
+ eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix"
+ elif test "$cmd" = uninstall ; then
+ eval "echo rm -f $catdir/$base.$suffix"
+ eval "rm -f $catdir/$base.$suffix"
+ fi
+ fi
+ for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do
+ if test "$link" = "$base" ; then
+ continue
+ fi
+ if test "$cmd" = install ; then
+ target="$mandir/$link.$section"
+ for lncmd in "ln -f $mandir/$base.$section $target" \
+ "ln -s $base.$section $target" \
+ "cp -f $mandir/$base.$section $target"
+ do
+ if eval "$lncmd"; then
+ eval echo "$lncmd"
+ break
+ fi
+ done
+ if test "$catinstall" = yes -a -f "$srcdir/$c"; then
+ target="$catdir/$link.$suffix"
+ for lncmd in "ln -f $catdir/$base.$suffix $target" \
+ "ln -fs $base.$suffix $target" \
+ "cp -f $catdir/$base.$suffix $target"
+ do
+ if eval "$lncmd"; then
+ eval echo "$lncmd"
+ break
+ fi
+ done
+ fi
+ elif test "$cmd" = uninstall ; then
+ target="$mandir/$link.$section"
+ eval "echo rm -f $target"
+ eval "rm -f $target"
+ if test "$catinstall" = yes; then
+ target="$catdir/$link.$suffix"
+ eval "echo rm -f $target"
+ eval "rm -f $target"
+ fi
+ fi
+ done
+done
Added: vendor-crypto/heimdal/dist/cf/irix.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/irix.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/irix.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,26 @@
+dnl
+dnl $Id: irix.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([rk_IRIX],
+[
+irix=no
+case "$host" in
+*-*-irix4*)
+ AC_DEFINE([IRIX4], 1,
+ [Define if you are running IRIX 4.])
+ irix=yes
+ ;;
+*-*-irix*)
+ irix=yes
+ ;;
+esac
+AM_CONDITIONAL(IRIX, test "$irix" != no)dnl
+
+AH_BOTTOM([
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
+])
+])
Added: vendor-crypto/heimdal/dist/cf/krb-bigendian.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-bigendian.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-bigendian.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+dnl
+dnl $Id: krb-bigendian.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+dnl check if this computer is little or big-endian
+dnl if we can figure it out at compile-time then don't define the cpp symbol
+dnl otherwise test for it and define it. also allow options for overriding
+dnl it when cross-compiling
+
+AC_DEFUN([KRB_C_BIGENDIAN], [
+AC_ARG_ENABLE(bigendian,
+ AS_HELP_STRING([--enable-bigendian],[the target is big endian]),
+krb_cv_c_bigendian=yes)
+AC_ARG_ENABLE(littleendian,
+ AS_HELP_STRING([--enable-littleendian],[the target is little endian]),
+krb_cv_c_bigendian=no)
+AC_CACHE_CHECK([whether byte order is known at compile time],
+krb_cv_c_bigendian_compile,
+[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+#include <sys/types.h>
+#include <sys/param.h>
+#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+#endif]])],[krb_cv_c_bigendian_compile=yes],[krb_cv_c_bigendian_compile=no])])
+AC_CACHE_CHECK(whether byte ordering is bigendian, krb_cv_c_bigendian,[
+ if test "$krb_cv_c_bigendian_compile" = "yes"; then
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+#include <sys/types.h>
+#include <sys/param.h>
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+#endif]])],[krb_cv_c_bigendian=yes],[krb_cv_c_bigendian=no])
+ else
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[main (int argc, char **argv) {
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long l;
+ char c[sizeof (long)];
+ } u;
+ u.l = 1;
+ exit (u.c[sizeof (long) - 1] == 1);
+ }]])],[krb_cv_c_bigendian=no],[krb_cv_c_bigendian=yes],
+ [AC_MSG_ERROR([specify either --enable-bigendian or --enable-littleendian])])
+ fi
+])
+if test "$krb_cv_c_bigendian" = "yes"; then
+ AC_DEFINE(WORDS_BIGENDIAN, 1, [define if target is big endian])dnl
+fi
+if test "$krb_cv_c_bigendian_compile" = "yes"; then
+ AC_DEFINE(ENDIANESS_IN_SYS_PARAM_H, 1, [define if sys/param.h defines the endiness])dnl
+fi
+AH_BOTTOM([
+#if ENDIANESS_IN_SYS_PARAM_H
+# include <sys/types.h>
+# include <sys/param.h>
+# if BYTE_ORDER == BIG_ENDIAN
+# define WORDS_BIGENDIAN 1
+# endif
+#endif
+])
+])
Added: vendor-crypto/heimdal/dist/cf/krb-func-getcwd-broken.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-func-getcwd-broken.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-func-getcwd-broken.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,41 @@
+dnl $Id: krb-func-getcwd-broken.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl test for broken getcwd in (SunOS braindamage)
+dnl
+
+AC_DEFUN([AC_KRB_FUNC_GETCWD_BROKEN], [
+if test "$ac_cv_func_getcwd" = yes; then
+AC_MSG_CHECKING(if getcwd is broken)
+AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
+ac_cv_func_getcwd_broken=no
+
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <errno.h>
+char *getcwd(char*, int);
+
+void *popen(char *cmd, char *mode)
+{
+ errno = ENOTTY;
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ char *ret;
+ ret = getcwd(0, 1024);
+ if(ret == 0 && errno == ENOTTY)
+ return 0;
+ return 1;
+}
+]])], [ac_cv_func_getcwd_broken=yes],[:],[:])
+])
+if test "$ac_cv_func_getcwd_broken" = yes; then
+ AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
+ AC_LIBOBJ(getcwd)
+ AC_MSG_RESULT($ac_cv_func_getcwd_broken)
+else
+ AC_MSG_RESULT([seems ok])
+fi
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/krb-func-getlogin.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-func-getlogin.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-func-getlogin.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,22 @@
+dnl
+dnl $Id: krb-func-getlogin.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl test for POSIX (broken) getlogin
+dnl
+
+
+AC_DEFUN([AC_FUNC_GETLOGIN], [
+AC_CHECK_FUNCS(getlogin setlogin)
+if test "$ac_cv_func_getlogin" = yes; then
+AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+ ac_cv_func_getlogin_posix=no
+else
+ ac_cv_func_getlogin_posix=yes
+fi
+])
+if test "$ac_cv_func_getlogin_posix" = yes; then
+ AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
+fi
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/krb-ipv6.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-ipv6.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-ipv6.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,149 @@
+dnl $Id: krb-ipv6.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl test for IPv6
+dnl
+AC_DEFUN([AC_KRB_IPV6], [
+AC_ARG_WITH(ipv6,
+ AS_HELP_STRING([--without-ipv6],[do not enable IPv6 support]),[
+if test "$withval" = "no"; then
+ ac_cv_lib_ipv6=no
+fi])
+save_CFLAGS="${CFLAGS}"
+AC_CACHE_CHECK([for IPv6 stack type], v6type,
+[dnl check for different v6 implementations (by itojun)
+v6type=unknown
+v6lib=none
+
+for i in v6d toshiba kame inria zeta linux; do
+ case $i in
+ v6d)
+ AC_EGREP_CPP(yes, [
+#include </usr/local/v6/include/sys/types.h>
+#ifdef __V6D__
+yes
+#endif],
+ [v6type=$i; v6lib=v6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-I/usr/local/v6/include $CFLAGS"])
+ ;;
+ toshiba)
+ AC_EGREP_CPP(yes, [
+#include <sys/param.h>
+#ifdef _TOSHIBA_INET6
+yes
+#endif],
+ [v6type=$i; v6lib=inet6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-DINET6 $CFLAGS"])
+ ;;
+ kame)
+ AC_EGREP_CPP(yes, [
+#include <netinet/in.h>
+#ifdef __KAME__
+yes
+#endif],
+ [v6type=$i; v6lib=inet6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-DINET6 $CFLAGS"])
+ ;;
+ inria)
+ AC_EGREP_CPP(yes, [
+#include <netinet/in.h>
+#ifdef IPV6_INRIA_VERSION
+yes
+#endif],
+ [v6type=$i; CFLAGS="-DINET6 $CFLAGS"])
+ ;;
+ zeta)
+ AC_EGREP_CPP(yes, [
+#include <sys/param.h>
+#ifdef _ZETA_MINAMI_INET6
+yes
+#endif],
+ [v6type=$i; v6lib=inet6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-DINET6 $CFLAGS"])
+ ;;
+ linux)
+ if test -d /usr/inet6; then
+ v6type=$i
+ v6lib=inet6
+ v6libdir=/usr/inet6
+ CFLAGS="-DINET6 $CFLAGS"
+ fi
+ ;;
+ esac
+ if test "$v6type" != "unknown"; then
+ break
+ fi
+done
+
+if test "$v6lib" != "none"; then
+ for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
+ if test -d $dir -a -f $dir/lib$v6lib.a; then
+ LIBS="-L$dir -l$v6lib $LIBS"
+ break
+ fi
+ done
+fi
+])
+
+AC_CACHE_CHECK([for IPv6], ac_cv_lib_ipv6, [
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+]],
+[[
+ struct sockaddr_in6 sin6;
+ int s;
+
+ s = socket(AF_INET6, SOCK_DGRAM, 0);
+
+ sin6.sin6_family = AF_INET6;
+ sin6.sin6_port = htons(17);
+ sin6.sin6_addr = in6addr_any;
+ bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
+]])],
+[ac_cv_lib_ipv6=yes],
+[ac_cv_lib_ipv6=no])])
+if test "$ac_cv_lib_ipv6" = yes; then
+ AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
+else
+ CFLAGS="${save_CFLAGS}"
+fi
+
+## test for AIX missing in6addr_loopback
+if test "$ac_cv_lib_ipv6" = yes; then
+ AC_CACHE_CHECK([for in6addr_loopback],[ac_cv_var_in6addr_loopback],[
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif]],[[
+struct sockaddr_in6 sin6;
+sin6.sin6_addr = in6addr_loopback;
+]])],[ac_cv_var_in6addr_loopback=yes],[ac_cv_var_in6addr_loopback=no])])
+ if test "$ac_cv_var_in6addr_loopback" = yes; then
+ AC_DEFINE(HAVE_IN6ADDR_LOOPBACK, 1,
+ [Define if you have the in6addr_loopback variable])
+ fi
+fi
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/krb-prog-ln-s.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-prog-ln-s.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-prog-ln-s.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+dnl $Id: krb-prog-ln-s.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Better test for ln -s, ln or cp
+dnl
+
+AC_DEFUN([AC_KRB_PROG_LN_S],
+[AC_MSG_CHECKING(for ln -s or something else)
+AC_CACHE_VAL(ac_cv_prog_LN_S,
+[rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+ rm -f conftestdata
+ ac_cv_prog_LN_S="ln -s"
+else
+ touch conftestdata1
+ if ln conftestdata1 conftestdata2; then
+ rm -f conftestdata*
+ ac_cv_prog_LN_S=ln
+ else
+ ac_cv_prog_LN_S=cp
+ fi
+fi])dnl
+LN_S="$ac_cv_prog_LN_S"
+AC_MSG_RESULT($ac_cv_prog_LN_S)
+AC_SUBST(LN_S)dnl
+])
+
Added: vendor-crypto/heimdal/dist/cf/krb-prog-ranlib.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-prog-ranlib.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-prog-ranlib.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,8 @@
+dnl $Id: krb-prog-ranlib.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Also look for EMXOMF for OS/2
+dnl
+
+AC_DEFUN([AC_KRB_PROG_RANLIB],
+[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)])
Added: vendor-crypto/heimdal/dist/cf/krb-prog-yacc.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-prog-yacc.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-prog-yacc.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+dnl $Id: krb-prog-yacc.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl We prefer byacc or yacc because they do not use `alloca'
+dnl
+
+AC_DEFUN([AC_KRB_PROG_YACC],
+[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')
+if test "$YACC" = ""; then
+ AC_MSG_WARN([yacc not found - some stuff will not build])
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/krb-readline.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-readline.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-readline.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,39 @@
+dnl $Id: krb-readline.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Tests for readline functions
+dnl
+
+dnl el_init
+
+AC_DEFUN([KRB_READLINE],[
+AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
+if test "$ac_cv_func_el_init" = yes ; then
+ AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
+ #include <histedit.h>]],
+ [[el_init("", NULL, NULL, NULL);]])],
+ [ac_cv_func_el_init_four=yes],
+ [ac_cv_func_el_init_four=no])])
+ if test "$ac_cv_func_el_init_four" = yes; then
+ AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.])
+ fi
+fi
+
+dnl readline
+
+ac_foo=no
+if test "$with_readline" = yes; then
+ :
+elif test "$ac_cv_func_readline" = yes; then
+ :
+elif test "$ac_cv_func_el_init" = yes; then
+ ac_foo=yes
+ LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
+else
+ LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
+fi
+AM_CONDITIONAL(el_compat, test "$ac_foo" = yes)
+AC_DEFINE(HAVE_READLINE, 1,
+ [Define if you have a readline compatible library.])dnl
+
+])
Added: vendor-crypto/heimdal/dist/cf/krb-struct-spwd.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-struct-spwd.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-struct-spwd.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,21 @@
+dnl $Id: krb-struct-spwd.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Test for `struct spwd'
+
+AC_DEFUN([AC_KRB_STRUCT_SPWD], [
+AC_MSG_CHECKING(for struct spwd)
+AC_CACHE_VAL(ac_cv_struct_spwd, [
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif]],[[struct spwd foo;]])],
+[ac_cv_struct_spwd=yes],
+[ac_cv_struct_spwd=no])
+])
+AC_MSG_RESULT($ac_cv_struct_spwd)
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+ AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd])
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/krb-struct-winsize.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-struct-winsize.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-struct-winsize.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+dnl $Id: krb-struct-winsize.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Search for struct winsize
+dnl
+
+AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [
+AC_MSG_CHECKING(for struct winsize)
+AC_CACHE_VAL(ac_cv_struct_winsize, [
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+AC_EGREP_HEADER(
+struct[[ ]]*winsize,dnl
+$i, ac_cv_struct_winsize=yes; break)dnl
+done
+])
+if test "$ac_cv_struct_winsize" = "yes"; then
+ AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h])
+fi
+AC_MSG_RESULT($ac_cv_struct_winsize)
+AC_EGREP_HEADER(ws_xpixel, termios.h,
+ AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel]))
+AC_EGREP_HEADER(ws_ypixel, termios.h,
+ AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
+])
Added: vendor-crypto/heimdal/dist/cf/krb-sys-aix.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-sys-aix.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-sys-aix.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+dnl $Id: krb-sys-aix.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl AIX have a very different syscall convention
+dnl
+AC_DEFUN([AC_KRB_SYS_AIX], [
+AC_MSG_CHECKING(for AIX)
+AC_CACHE_VAL(krb_cv_sys_aix,
+AC_EGREP_CPP(yes,
+[#ifdef _AIX
+ yes
+#endif
+], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) )
+AC_MSG_RESULT($krb_cv_sys_aix)
+])
Added: vendor-crypto/heimdal/dist/cf/krb-sys-nextstep.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-sys-nextstep.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-sys-nextstep.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+dnl $Id: krb-sys-nextstep.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl NEXTSTEP is not posix compliant by default,
+dnl you need a switch -posix to the compiler
+dnl
+
+AC_DEFUN([rk_SYS_NEXTSTEP], [
+AC_CACHE_CHECK(for NeXTSTEP, rk_cv_sys_nextstep, [
+AC_EGREP_CPP(yes,
+[#if defined(NeXT) && !defined(__APPLE__)
+ yes
+#endif
+], rk_cv_sys_nextstep=yes, rk_cv_sys_nextstep=no)])
+if test "$rk_cv_sys_nextstep" = "yes"; then
+ CFLAGS="$CFLAGS -posix"
+ LIBS="$LIBS -posix"
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/krb-version.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/krb-version.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/krb-version.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,24 @@
+dnl $Id: krb-version.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl output a C header-file with some version strings
+dnl
+
+AC_DEFUN([AC_KRB_VERSION],[
+cat > include/newversion.h.in <<FOOBAR
+const char *${PACKAGE_TARNAME}_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
+const char *${PACKAGE_TARNAME}_version = "$PACKAGE_STRING";
+FOOBAR
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+ echo "include/version.h is unchanged"
+ rm -f include/newversion.h.in
+else
+ echo "creating include/version.h"
+ User=${USER-${LOGNAME}}
+ Host=`(hostname || uname -n) 2>/dev/null | sed 1q`
+ Date=`date`
+ mv -f include/newversion.h.in include/version.h.in
+ sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/largefile.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/largefile.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/largefile.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+dnl $Id: largefile.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Figure out what flags we need for 64-bit file access, and also set
+dnl them on the command line.
+dnl
+AC_DEFUN([rk_SYS_LARGEFILE],[
+AC_REQUIRE([AC_SYS_LARGEFILE])dnl
+dnl need to set this on the command line, since it might otherwise break
+dnl with generated code, such as lex
+if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
+ CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
+fi
+if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then
+ CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/make-proto.pl
===================================================================
--- vendor-crypto/heimdal/dist/cf/make-proto.pl (rev 0)
+++ vendor-crypto/heimdal/dist/cf/make-proto.pl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,337 @@
+# Make prototypes from .c files
+# $Id: make-proto.pl,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+##use Getopt::Std;
+require 'getopts.pl';
+
+$brace = 0;
+$line = "";
+$debug = 0;
+$oproto = 1;
+$private_func_re = "^_";
+
+do Getopts('x:m:o:p:dqE:R:P:') || die "foo";
+
+if($opt_d) {
+ $debug = 1;
+}
+
+if($opt_q) {
+ $oproto = 0;
+}
+
+if($opt_R) {
+ $private_func_re = $opt_R;
+}
+%flags = (
+ 'multiline-proto' => 1,
+ 'header' => 1,
+ 'function-blocking' => 0,
+ 'gnuc-attribute' => 1,
+ 'cxx' => 1
+ );
+if($opt_m) {
+ foreach $i (split(/,/, $opt_m)) {
+ if($i eq "roken") {
+ $flags{"multiline-proto"} = 0;
+ $flags{"header"} = 0;
+ $flags{"function-blocking"} = 0;
+ $flags{"gnuc-attribute"} = 0;
+ $flags{"cxx"} = 0;
+ } else {
+ if(substr($i, 0, 3) eq "no-") {
+ $flags{substr($i, 3)} = 0;
+ } else {
+ $flags{$i} = 1;
+ }
+ }
+ }
+}
+
+if($opt_x) {
+ open(EXP, $opt_x);
+ while(<EXP>) {
+ chomp;
+ s/\#.*//g;
+ s/\s+/ /g;
+ if(/^([a-zA-Z0-9_]+)\s?(.*)$/) {
+ $exported{$1} = $2;
+ } else {
+ print $_, "\n";
+ }
+ }
+ close EXP;
+}
+
+while(<>) {
+ print $brace, " ", $_ if($debug);
+ if(/^\#if 0/) {
+ $if_0 = 1;
+ }
+ if($if_0 && /^\#endif/) {
+ $if_0 = 0;
+ }
+ if($if_0) { next }
+ if(/^\s*\#/) {
+ next;
+ }
+ if(/^\s*$/) {
+ $line = "";
+ next;
+ }
+ if(/\{/){
+ if (!/\}/) {
+ $brace++;
+ }
+ $_ = $line;
+ while(s/\*\//\ca/){
+ s/\/\*(.|\n)*\ca//;
+ }
+ s/^\s*//;
+ s/\s*$//;
+ s/\s+/ /g;
+ if($_ =~ /\)$/){
+ if(!/^static/ && !/^PRIVATE/){
+ if(/(.*)(__attribute__\s?\(.*\))/) {
+ $attr = $2;
+ $_ = $1;
+ } else {
+ $attr = "";
+ }
+ # remove outer ()
+ s/\s*\(/</;
+ s/\)\s?$/>/;
+ # remove , within ()
+ while(s/\(([^()]*),(.*)\)/($1\$$2)/g){}
+ s/\<\s*void\s*\>/<>/;
+ # remove parameter names
+ if($opt_P eq "remove") {
+ s/(\s*)([a-zA-Z0-9_]+)([,>])/$3/g;
+ s/\s+\*/*/g;
+ s/\(\*(\s*)([a-zA-Z0-9_]+)\)/(*)/g;
+ } elsif($opt_P eq "comment") {
+ s/([a-zA-Z0-9_]+)([,>])/\/\*$1\*\/$2/g;
+ s/\(\*([a-zA-Z0-9_]+)\)/(*\/\*$1\*\/)/g;
+ }
+ s/\<\>/<void>/;
+ # add newlines before parameters
+ if($flags{"multiline-proto"}) {
+ s/,\s*/,\n\t/g;
+ } else {
+ s/,\s*/, /g;
+ }
+ # fix removed ,
+ s/\$/,/g;
+ # match function name
+ /([a-zA-Z0-9_]+)\s*\</;
+ $f = $1;
+ if($oproto) {
+ $LP = "__P((";
+ $RP = "))";
+ } else {
+ $LP = "(";
+ $RP = ")";
+ }
+ # only add newline if more than one parameter
+ if($flags{"multiline-proto"} && /,/){
+ s/\</ $LP\n\t/;
+ }else{
+ s/\</ $LP/;
+ }
+ s/\>/$RP/;
+ # insert newline before function name
+ if($flags{"multiline-proto"}) {
+ s/(.*)\s([a-zA-Z0-9_]+ \Q$LP\E)/$1\n$2/;
+ }
+ if($attr ne "") {
+ $_ .= "\n $attr";
+ }
+ $_ = $_ . ";";
+ $funcs{$f} = $_;
+ }
+ }
+ $line = "";
+ }
+ if(/\}/){
+ $brace--;
+ }
+ if(/^\}/){
+ $brace = 0;
+ }
+ if($brace == 0) {
+ $line = $line . " " . $_;
+ }
+}
+
+sub foo {
+ local ($arg) = @_;
+ $_ = $arg;
+ s/.*\/([^\/]*)/$1/;
+ s/[^a-zA-Z0-9]/_/g;
+ "__" . $_ . "__";
+}
+
+if($opt_o) {
+ open(OUT, ">$opt_o");
+ $block = &foo($opt_o);
+} else {
+ $block = "__public_h__";
+}
+
+if($opt_p) {
+ open(PRIV, ">$opt_p");
+ $private = &foo($opt_p);
+} else {
+ $private = "__private_h__";
+}
+
+$public_h = "";
+$private_h = "";
+
+$public_h_header .= "/* This is a generated file */
+#ifndef $block
+#define $block
+
+";
+if ($oproto) {
+ $public_h_header .= "#ifdef __STDC__
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+";
+} else {
+ $public_h_header .= "#include <stdarg.h>
+
+";
+}
+$public_h_trailer = "";
+
+$private_h_header = "/* This is a generated file */
+#ifndef $private
+#define $private
+
+";
+if($oproto) {
+ $private_h_header .= "#ifdef __STDC__
+#include <stdarg.h>
+#ifndef __P
+#define __P(x) x
+#endif
+#else
+#ifndef __P
+#define __P(x) ()
+#endif
+#endif
+
+";
+} else {
+ $private_h_header .= "#include <stdarg.h>
+
+";
+}
+$private_h_trailer = "";
+
+foreach(sort keys %funcs){
+ if(/^(main)$/) { next }
+ if(!defined($exported{$_}) && /$private_func_re/) {
+ $private_h .= $funcs{$_} . "\n\n";
+ if($funcs{$_} =~ /__attribute__/) {
+ $private_attribute_seen = 1;
+ }
+ } else {
+ if($flags{"function-blocking"}) {
+ $fupper = uc $_;
+ if($exported{$_} =~ /proto/) {
+ $public_h .= "#if !defined(HAVE_$fupper) || defined(NEED_${fupper}_PROTO)\n";
+ } else {
+ $public_h .= "#ifndef HAVE_$fupper\n";
+ }
+ }
+ $public_h .= $funcs{$_} . "\n";
+ if($funcs{$_} =~ /__attribute__/) {
+ $public_attribute_seen = 1;
+ }
+ if($flags{"function-blocking"}) {
+ $public_h .= "#endif\n";
+ }
+ $public_h .= "\n";
+ }
+}
+
+if($flags{"gnuc-attribute"}) {
+ if ($public_attribute_seen) {
+ $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+";
+ }
+
+ if ($private_attribute_seen) {
+ $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+";
+ }
+}
+if($flags{"cxx"}) {
+ $public_h_header .= "#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+";
+ $public_h_trailer .= "#ifdef __cplusplus
+}
+#endif
+
+";
+
+}
+if ($opt_E) {
+ $public_h_header .= "#ifndef $opt_E
+#if defined(_WIN32)
+#define $opt_E _stdcall
+#else
+#define $opt_E
+#endif
+#endif
+
+";
+
+ $private_h_header .= "#ifndef $opt_E
+#if defined(_WIN32)
+#define $opt_E _stdcall
+#else
+#define $opt_E
+#endif
+#endif
+
+";
+}
+
+if ($public_h ne "" && $flags{"header"}) {
+ $public_h = $public_h_header . $public_h .
+ $public_h_trailer . "#endif /* $block */\n";
+}
+if ($private_h ne "" && $flags{"header"}) {
+ $private_h = $private_h_header . $private_h .
+ $private_h_trailer . "#endif /* $private */\n";
+}
+
+if($opt_o) {
+ print OUT $public_h;
+}
+if($opt_p) {
+ print PRIV $private_h;
+}
+
+close OUT;
+close PRIV;
Added: vendor-crypto/heimdal/dist/cf/mips-abi.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/mips-abi.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/mips-abi.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+dnl $Id: mips-abi.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
+dnl value.
+
+AC_DEFUN([AC_MIPS_ABI], [
+AC_ARG_WITH(mips_abi,
+ AS_HELP_STRING([--with-mips-abi=abi],[ABI to use for IRIX (32, n32, or 64)]))
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in
+ 32|o32) abi='-mabi=32'; abilibdirext='' ;;
+ n32|yes) abi='-mabi=n32'; abilibdirext='32' ;;
+ 64) abi='-mabi=64'; abilibdirext='64' ;;
+ no) abi=''; abilibdirext='';;
+ *) AC_MSG_ERROR("Invalid ABI specified") ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+dnl
+dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to
+dnl AC_MSG_RESULT
+dnl
+AC_MSG_CHECKING([if $CC supports the $abi option])
+AC_CACHE_VAL($ac_foo, [
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[eval $ac_foo=yes], [eval $ac_foo=no])dnl
+CFLAGS="$save_CFLAGS"
+])
+ac_res=`eval echo \\\$$ac_foo`
+AC_MSG_RESULT($ac_res)
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+ -mabi=32)
+ save_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -mabi=n32"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[ac_res=yes],[ac_res=no])dnl
+ CLAGS="$save_CFLAGS"
+ if test $ac_res = yes; then
+ # New GCC
+ AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
+ fi
+ # Old GCC
+ abi=''
+ abilibdirext=''
+ ;;
+ -mabi=n32|-mabi=64)
+ if test $with_mips_abi = yes; then
+ # Old GCC, default to O32
+ abi=''
+ abilibdirext=''
+ else
+ # Some broken GCC
+ AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI])
+ fi
+ ;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+ 32|o32) abi='-32'; abilibdirext='' ;;
+ n32|yes) abi='-n32'; abilibdirext='32' ;;
+ 64) abi='-64'; abilibdirext='64' ;;
+ no) abi=''; abilibdirext='';;
+ *) AC_MSG_ERROR("Invalid ABI specified") ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+])
Added: vendor-crypto/heimdal/dist/cf/misc.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/misc.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/misc.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+
+dnl $Id: misc.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+AC_DEFUN([upcase],[`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`])dnl
+AC_DEFUN([rk_LIBOBJ],[AC_LIBOBJ([$1])])dnl
+AC_DEFUN([rk_CONFIG_HEADER],[AH_TOP([#ifndef RCSID
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+])])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/need-proto.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/need-proto.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/need-proto.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,22 @@
+dnl $Id: need-proto.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Check if we need the prototype for a function
+dnl
+
+dnl AC_NEED_PROTO(includes, function)
+
+AC_DEFUN([AC_NEED_PROTO], [
+if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then
+AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto,
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1
+struct foo { int foo; } xx;
+extern int $2 (struct foo*);]],[[$2(&xx)]])],
+[eval "ac_cv_func_$2_noproto=yes"],
+[eval "ac_cv_func_$2_noproto=no"]))
+if test "$ac_cv_func_$2_noproto" = yes; then
+ AC_DEFINE(AS_TR_CPP(NEED_[]$2[]_PROTO), 1,
+ [define if the system is missing a prototype for $2()])
+fi
+fi
+])
Added: vendor-crypto/heimdal/dist/cf/osfc2.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/osfc2.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/osfc2.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+dnl $Id: osfc2.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl enable OSF C2 stuff
+
+AC_DEFUN([AC_CHECK_OSFC2],[
+AC_ARG_ENABLE(osfc2,
+ AS_HELP_STRING([--enable-osfc2],[enable some OSF C2 support]))
+LIB_security=
+if test "$enable_osfc2" = yes; then
+ AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.])
+ LIB_security=-lsecurity
+fi
+AC_SUBST(LIB_security)
+])
Added: vendor-crypto/heimdal/dist/cf/otp.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/otp.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/otp.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+dnl $Id: otp.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl check requirements for OTP library
+dnl
+AC_DEFUN([rk_OTP],[
+AC_REQUIRE([rk_DB])dnl
+AC_ARG_ENABLE(otp,
+ AS_HELP_STRING([--disable-otp],[if you don't want OTP support]))
+if test "$enable_otp" = yes -a "$db_type" = unknown; then
+ AC_MSG_ERROR([OTP requires a NDBM/DB compatible library])
+fi
+if test "$enable_otp" != no; then
+ if test "$db_type" != unknown; then
+ enable_otp=yes
+ else
+ enable_otp=no
+ fi
+fi
+if test "$enable_otp" = yes; then
+ AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.])
+ LIB_otp='$(top_builddir)/lib/otp/libotp.la'
+ AC_SUBST(LIB_otp)
+fi
+AC_MSG_CHECKING([whether to enable OTP library])
+AC_MSG_RESULT($enable_otp)
+AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl
+])
Added: vendor-crypto/heimdal/dist/cf/proto-compat.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/proto-compat.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/proto-compat.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,21 @@
+dnl $Id: proto-compat.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl
+dnl Check if the prototype of a function is compatible with another one
+dnl
+
+dnl AC_PROTO_COMPAT(includes, function, prototype)
+
+AC_DEFUN([AC_PROTO_COMPAT], [
+AC_CACHE_CHECK([if $2 is compatible with system prototype],
+ac_cv_func_$2_proto_compat,
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1]],[[$3]])],
+[eval "ac_cv_func_$2_proto_compat=yes"],
+[eval "ac_cv_func_$2_proto_compat=no"]))
+define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE])
+if test "$ac_cv_func_$2_proto_compat" = yes; then
+ AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with
+ $3])
+fi
+undefine([foo])
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/pthreads.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/pthreads.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/pthreads.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,75 @@
+dnl $Id: pthreads.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+AC_DEFUN([KRB_PTHREADS], [
+AC_MSG_CHECKING(if compiling threadsafe libraries)
+
+AC_ARG_ENABLE(pthread-support,
+ AS_HELP_STRING([--enable-pthread-support],
+ [if you want thread safe libraries]),
+ [],[enable_pthread_support=maybe])
+
+case "$host" in
+*-*-solaris2*)
+ native_pthread_support=yes
+ if test "$GCC" = yes; then
+ PTHREADS_CFLAGS=-pthreads
+ PTHREADS_LIBS=-pthreads
+ else
+ PTHREADS_CFLAGS=-mt
+ PTHREADS_LIBS=-mt
+ fi
+ ;;
+*-*-netbsd*)
+ native_pthread_support="if running netbsd 1.6T or newer"
+ dnl heim_threads.h knows this
+ PTHREADS_LIBS=""
+ ;;
+*-*-freebsd5*)
+ native_pthread_support=yes
+ ;;
+*-*-linux* | *-*-linux-gnu)
+ case `uname -r` in
+ 2.*)
+ native_pthread_support=yes
+ PTHREADS_CFLAGS=-pthread
+ PTHREADS_LIBS=-pthread
+ ;;
+ esac
+ ;;
+*-*-aix*)
+ dnl AIX is disabled since we don't handle the utmp/utmpx
+ dnl problems that aix causes when compiling with pthread support
+ native_pthread_support=no
+ ;;
+mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too
+ native_pthread_support=yes
+ PTHREADS_LIBS="-lpthread"
+ ;;
+*-*-darwin*)
+ native_pthread_support=yes
+ ;;
+*)
+ native_pthread_support=no
+ ;;
+esac
+
+if test "$enable_pthread_support" = maybe ; then
+ enable_pthread_support="$native_pthread_support"
+fi
+
+if test "$enable_pthread_support" != no; then
+ AC_DEFINE(ENABLE_PTHREAD_SUPPORT, 1,
+ [Define if you want have a thread safe libraries])
+ dnl This sucks, but libtool doesn't save the depenecy on -pthread
+ dnl for libraries.
+ LIBS="$PTHREADS_LIBS $LIBS"
+else
+ PTHREADS_CFLAGS=""
+ PTHREADS_LIBS=""
+fi
+
+AC_SUBST(PTHREADS_CFLAGS)
+AC_SUBST(PTHREADS_LIBS)
+
+AC_MSG_RESULT($enable_pthread_support)
+])
Added: vendor-crypto/heimdal/dist/cf/resolv.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/resolv.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/resolv.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,109 @@
+dnl stuff used by DNS resolv code in roken
+dnl
+dnl $Id: resolv.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([rk_RESOLV],[
+
+AC_CHECK_HEADERS([arpa/nameser.h])
+
+AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+])
+
+AC_FIND_FUNC(res_search, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0])
+
+AC_FIND_FUNC(res_nsearch, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0,0])
+
+AC_FIND_FUNC(res_ndestroy, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0])
+
+AC_FIND_FUNC(dn_expand, resolv,
+[
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+],
+[0,0,0,0,0])
+
+rk_CHECK_VAR(_res,
+[#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif])
+
+])
Added: vendor-crypto/heimdal/dist/cf/retsigtype.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/retsigtype.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/retsigtype.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+dnl
+dnl $Id: retsigtype.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Figure out return type of signal handlers, and define SIGRETURN macro
+dnl that can be used to return from one
+dnl
+AC_DEFUN([rk_RETSIGTYPE],[
+AC_TYPE_SIGNAL
+if test "$ac_cv_type_signal" = "void" ; then
+ AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if signal handlers return void.])
+fi
+AC_SUBST(VOID_RETSIGTYPE)
+AH_BOTTOM([#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif])
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/roken-frag.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/roken-frag.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/roken-frag.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,655 @@
+dnl $Id: roken-frag.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl some code to get roken working
+dnl
+dnl rk_ROKEN(subdir)
+dnl
+AC_DEFUN([rk_ROKEN], [
+
+AC_REQUIRE([rk_CONFIG_HEADER])
+
+DIR_roken=roken
+LIB_roken='$(top_builddir)/$1/libroken.la'
+INCLUDES_roken='-I$(top_builddir)/$1 -I$(top_srcdir)/$1'
+
+dnl Checks for programs
+AC_REQUIRE([AC_PROG_CC])
+AC_REQUIRE([AC_PROG_AWK])
+AC_REQUIRE([AC_OBJEXT])
+AC_REQUIRE([AC_EXEEXT])
+AC_REQUIRE([AC_PROG_LIBTOOL])
+
+AC_REQUIRE([AC_MIPS_ABI])
+
+dnl C characteristics
+
+AC_REQUIRE([AC_C___ATTRIBUTE__])
+AC_REQUIRE([AC_C_INLINE])
+AC_REQUIRE([AC_C_CONST])
+rk_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
+
+AC_REQUIRE([rk_DB])
+
+dnl C types
+
+AC_REQUIRE([AC_TYPE_SIZE_T])
+AC_HAVE_TYPE([ssize_t],[#include <unistd.h>])
+AC_REQUIRE([AC_TYPE_PID_T])
+AC_REQUIRE([AC_TYPE_UID_T])
+AC_HAVE_TYPE([long long])
+
+AC_REQUIRE([rk_RETSIGTYPE])
+
+dnl Checks for header files.
+AC_REQUIRE([AC_HEADER_STDC])
+AC_REQUIRE([AC_HEADER_TIME])
+
+AC_CHECK_HEADERS([\
+ arpa/inet.h \
+ config.h \
+ crypt.h \
+ dirent.h \
+ errno.h \
+ err.h \
+ fcntl.h \
+ fnmatch.h \
+ grp.h \
+ ifaddrs.h \
+ netinet/in.h \
+ netinet/in6.h \
+ netinet/in_systm.h \
+ netinet6/in6.h \
+ paths.h \
+ poll.h \
+ pwd.h \
+ rpcsvc/ypclnt.h \
+ shadow.h \
+ stdint.h \
+ sys/bswap.h \
+ sys/ioctl.h \
+ sys/mman.h \
+ sys/param.h \
+ sys/resource.h \
+ sys/sockio.h \
+ sys/stat.h \
+ sys/time.h \
+ sys/tty.h \
+ sys/types.h \
+ sys/uio.h \
+ sys/utsname.h \
+ sys/wait.h \
+ syslog.h \
+ termios.h \
+ unistd.h \
+ userconf.h \
+ usersec.h \
+ util.h \
+])
+
+AC_HAVE_TYPE([uintptr_t],[#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif])
+
+dnl Sunpro 5.2 has a vis.h which is something different.
+AC_CHECK_HEADERS(vis.h, , , [
+#include <vis.h>
+#ifndef VIS_SP
+#error invis
+#endif])
+
+AC_CHECK_HEADERS(netdb.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+])
+
+AC_CHECK_HEADERS(sys/socket.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+])
+
+AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif])
+
+AC_CHECK_HEADERS(netinet6/in6_var.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+])
+
+AC_CHECK_HEADERS(sys/sysctl.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+])
+
+AC_CHECK_HEADERS(sys/proc.h, , , [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+])
+
+AC_REQUIRE([CHECK_NETINET_IP_AND_TCP])
+
+AM_CONDITIONAL(have_err_h, test "$ac_cv_header_err_h" = yes)
+AM_CONDITIONAL(have_ifaddrs_h, test "$ac_cv_header_ifaddrs_h" = yes)
+AM_CONDITIONAL(have_vis_h, test "$ac_cv_header_vis_h" = yes)
+
+dnl Check for functions and libraries
+
+AC_FIND_FUNC(socket, socket)
+AC_FIND_FUNC(gethostbyname, nsl)
+AC_FIND_FUNC(syslog, syslog)
+
+AC_KRB_IPV6
+
+AC_FIND_FUNC(gethostbyname2, inet6 ip6)
+
+rk_RESOLV
+
+AC_BROKEN_SNPRINTF
+AC_BROKEN_VSNPRINTF
+
+AC_BROKEN_GLOB
+if test "$ac_cv_func_glob_working" != yes; then
+ AC_LIBOBJ(glob)
+fi
+AM_CONDITIONAL(have_glob_h, test "$ac_cv_func_glob_working" = yes)
+
+
+AC_CHECK_FUNCS([ \
+ asnprintf \
+ asprintf \
+ atexit \
+ cgetent \
+ getconfattr \
+ getprogname \
+ getrlimit \
+ getspnam \
+ initstate \
+ issetugid \
+ on_exit \
+ poll \
+ random \
+ setprogname \
+ setstate \
+ strsvis \
+ strunvis \
+ strvis \
+ strvisx \
+ svis \
+ sysconf \
+ sysctl \
+ uname \
+ unvis \
+ vasnprintf \
+ vasprintf \
+ vis \
+])
+
+if test "$ac_cv_func_cgetent" = no; then
+ AC_LIBOBJ(getcap)
+fi
+AM_CONDITIONAL(have_cgetent, test "$ac_cv_func_cgetent" = yes)
+
+AC_REQUIRE([AC_FUNC_GETLOGIN])
+
+AC_REQUIRE([AC_FUNC_MMAP])
+
+AC_FIND_FUNC_NO_LIBS(getsockopt,,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0,0,0])
+AC_FIND_FUNC_NO_LIBS(setsockopt,,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif],
+[0,0,0,0,0])
+
+AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+17)
+AC_NEED_PROTO([
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],
+hstrerror)
+
+AC_FOREACH([rk_func], [asprintf vasprintf asnprintf vasnprintf],
+ [AC_NEED_PROTO([
+ #include <stdio.h>
+ #include <string.h>],
+ rk_func)])
+
+AC_FIND_FUNC_NO_LIBS(bswap16,,
+[#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif],0)
+
+AC_FIND_FUNC_NO_LIBS(bswap32,,
+[#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif],0)
+
+AC_FIND_FUNC_NO_LIBS(pidfile,util,
+[#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif],0)
+
+AC_FIND_IF_NOT_BROKEN(getaddrinfo,,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],[0,0,0,0])
+
+AC_FIND_IF_NOT_BROKEN(getnameinfo,,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],[0,0,0,0,0,0,0])
+
+AC_FIND_IF_NOT_BROKEN(freeaddrinfo,,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],[0])
+
+AC_FIND_IF_NOT_BROKEN(gai_strerror,,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif],[0])
+
+AC_BROKEN([ \
+ chown \
+ copyhostent \
+ closefrom \
+ daemon \
+ ecalloc \
+ emalloc \
+ erealloc \
+ estrdup \
+ err \
+ errx \
+ fchown \
+ flock \
+ fnmatch \
+ freehostent \
+ getcwd \
+ getdtablesize \
+ getegid \
+ geteuid \
+ getgid \
+ gethostname \
+ getifaddrs \
+ getipnodebyaddr \
+ getipnodebyname \
+ getopt \
+ gettimeofday \
+ getuid \
+ getusershell \
+ initgroups \
+ innetgr \
+ iruserok \
+ localtime_r \
+ lstat \
+ memmove \
+ mkstemp \
+ putenv \
+ rcmd \
+ readv \
+ recvmsg \
+ sendmsg \
+ setegid \
+ setenv \
+ seteuid \
+ strcasecmp \
+ strdup \
+ strerror \
+ strftime \
+ strlcat \
+ strlcpy \
+ strlwr \
+ strncasecmp \
+ strndup \
+ strnlen \
+ strptime \
+ strsep \
+ strsep_copy \
+ strtok_r \
+ strupr \
+ swab \
+ timegm \
+ unsetenv \
+ verr \
+ verrx \
+ vsyslog \
+ vwarn \
+ vwarnx \
+ warn \
+ warnx \
+ writev \
+])
+
+AM_CONDITIONAL(have_fnmatch_h,
+ test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes)
+
+AC_FOREACH([rk_func], [strndup strsep strtok_r],
+ [AC_NEED_PROTO([#include <string.h>], rk_func)])
+
+AC_FOREACH([rk_func], [strsvis strunvis strvis strvisx svis unvis vis],
+[AC_NEED_PROTO([#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif], rk_func)])
+
+AC_BROKEN2(inet_aton,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif],
+[0,0])
+
+AC_BROKEN2(inet_ntop,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif],
+[0, 0, 0, 0])
+
+AC_BROKEN2(inet_pton,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif],
+[0,0,0])
+
+dnl
+dnl Check for sa_len in struct sockaddr,
+dnl needs to come before the getnameinfo test
+dnl
+AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include <sys/types.h>
+#include <sys/socket.h>])
+
+if test "$ac_cv_func_getaddrinfo" = "yes"; then
+ rk_BROKEN_GETADDRINFO
+ if test "$ac_cv_func_getaddrinfo_numserv" = no; then
+ AC_LIBOBJ(getaddrinfo)
+ AC_LIBOBJ(freeaddrinfo)
+ fi
+fi
+
+AC_NEED_PROTO([#include <stdlib.h>], setenv)
+AC_NEED_PROTO([#include <stdlib.h>], unsetenv)
+AC_NEED_PROTO([#include <unistd.h>], gethostname)
+AC_NEED_PROTO([#include <unistd.h>], mkstemp)
+AC_NEED_PROTO([#include <unistd.h>], getusershell)
+AC_NEED_PROTO([#include <unistd.h>], daemon)
+AC_NEED_PROTO([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif],
+iruserok)
+
+AC_NEED_PROTO([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif],
+inet_aton)
+
+AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl
+
+AC_REQUIRE([rk_BROKEN_REALLOC])dnl
+
+dnl AC_KRB_FUNC_GETCWD_BROKEN
+
+dnl
+dnl Checks for prototypes and declarations
+dnl
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+gethostbyname, struct hostent *gethostbyname(const char *))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+],
+getservbyname, struct servent *getservbyname(const char *, const char *))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+],
+getsockname, int getsockname(int, struct sockaddr*, socklen_t*))
+
+AC_PROTO_COMPAT([
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+],
+openlog, void openlog(const char *, int, int))
+
+AC_NEED_PROTO([
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+],
+crypt)
+
+dnl variables
+
+rk_CHECK_VAR(h_errno,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif])
+
+rk_CHECK_VAR(h_errlist,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif])
+
+rk_CHECK_VAR(h_nerr,
+[#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif])
+
+rk_CHECK_VAR([__progname],
+[#ifdef HAVE_ERR_H
+#include <err.h>
+#endif])
+
+AC_CHECK_DECLS([optarg, optind, opterr, optopt, environ],[],[][
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif])
+
+dnl
+dnl Check for fields in struct tm
+dnl
+
+AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include <time.h>])
+AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include <time.h>])
+
+dnl
+dnl or do we have a variable `timezone' ?
+dnl
+
+rk_CHECK_VAR(timezone,[#include <time.h>])
+rk_CHECK_VAR(altzone,[#include <time.h>])
+
+AC_HAVE_TYPE([sa_family_t],[
+#include <sys/types.h>
+#include <sys/socket.h>])
+AC_HAVE_TYPE([socklen_t],[
+#include <sys/types.h>
+#include <sys/socket.h>])
+AC_HAVE_TYPE([struct sockaddr], [
+#include <sys/types.h>
+#include <sys/socket.h>])
+AC_HAVE_TYPE([struct sockaddr_storage], [
+#include <sys/types.h>
+#include <sys/socket.h>])
+AC_HAVE_TYPE([struct addrinfo], [
+#include <sys/types.h>
+#include <netdb.h>])
+AC_HAVE_TYPE([struct ifaddrs], [#include <ifaddrs.h>])
+AC_HAVE_TYPE([struct iovec],[
+#include <sys/types.h>
+#include <sys/uio.h>
+])
+AC_HAVE_TYPE([struct msghdr],[
+#include <sys/types.h>
+#include <sys/socket.h>
+])
+
+dnl
+dnl Check for struct winsize
+dnl
+
+AC_KRB_STRUCT_WINSIZE
+
+dnl
+dnl Check for struct spwd
+dnl
+
+AC_KRB_STRUCT_SPWD
+
+#
+# Check if we want samba's socket wrapper
+#
+
+samba_SOCKET_WRAPPER
+
+dnl won't work with automake
+dnl moved to AC_OUTPUT in configure.in
+dnl AC_CONFIG_FILES($1/Makefile)
+
+LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
+
+AC_SUBST(DIR_roken)dnl
+AC_SUBST(LIB_roken)dnl
+AC_SUBST(INCLUDES_roken)dnl
+])
Added: vendor-crypto/heimdal/dist/cf/roken.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/roken.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/roken.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+dnl $Id: roken.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl try to look for an installed roken library with sufficient stuff
+dnl
+dnl set LIB_roken to the what we should link with
+dnl set DIR_roken to if the directory should be built
+dnl set CPPFLAGS_roken to stuff to add to CPPFLAGS
+
+dnl AC_ROKEN(version,directory-to-try,roken-dir,fallback-library,fallback-cppflags)
+AC_DEFUN([AC_ROKEN], [
+
+AC_ARG_WITH(roken,
+ AS_HELP_STRING([--with-roken=dir],[use the roken library in dir]),
+[if test "$withval" = "no"; then
+ AC_MSG_ERROR(roken is required)
+fi])
+
+save_CPPFLAGS="${CPPFLAGS}"
+
+case $with_roken in
+yes|"")
+ dirs="$2" ;;
+*)
+ dirs="$with_roken" ;;
+esac
+
+roken_installed=no
+
+for i in $dirs; do
+
+AC_MSG_CHECKING(for roken in $i)
+
+CPPFLAGS="-I$i/include ${CPPFLAGS}"
+
+AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
+#include <roken.h>
+#if ROKEN_VERSION < $1
+#error old roken version, should be $1
+fail
+#endif
+]])],[roken_installed=yes; break])
+
+AC_MSG_RESULT($roken_installed)
+
+done
+
+CPPFLAGS="$save_CPPFLAGS"
+
+if test "$roken_installed" != "yes"; then
+ DIR_roken="roken"
+ LIB_roken='$4'
+ CPPFLAGS_roken='$5'
+ AC_CONFIG_SUBDIRS(lib/roken)
+else
+ LIB_roken="$i/lib/libroken.la"
+ CPPFLAGS_roken="-I$i/include"
+fi
+
+LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
+
+AC_SUBST(LIB_roken)dnl
+AC_SUBST(DIR_roken)dnl
+AC_SUBST(CPPFLAGS_roken)dnl
+])
Added: vendor-crypto/heimdal/dist/cf/socket-wrapper.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/socket-wrapper.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/socket-wrapper.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+dnl $Id: socket-wrapper.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+AC_DEFUN([samba_SOCKET_WRAPPER], [
+
+AC_ARG_ENABLE(socket-wrapper,
+ AS_HELP_STRING([--enable-socket-wrapper],
+ [use sambas socket-wrapper for testing]))
+
+AM_CONDITIONAL(have_socket_wrapper, test "x$enable_socket_wrapper" = xyes)dnl
+
+if test "x$enable_socket_wrapper" = xyes ; then
+ AC_DEFINE(SOCKET_WRAPPER_REPLACE, 1,
+ [Define if you want to use samba socket wrappers.])
+fi
+
+])
Added: vendor-crypto/heimdal/dist/cf/sunos.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/sunos.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/sunos.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+dnl
+dnl $Id: sunos.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+AC_DEFUN([rk_SUNOS],[
+sunos=no
+case "$host" in
+*-*-sunos4*)
+ sunos=40
+ ;;
+*-*-solaris2.7)
+ sunos=57
+ ;;
+*-*-solaris2.[[89]] | *-*-solaris2.10)
+ sunos=58
+ ;;
+*-*-solaris2*)
+ sunos=50
+ ;;
+esac
+if test "$sunos" != no; then
+ AC_DEFINE_UNQUOTED(SunOS, $sunos,
+ [Define to what version of SunOS you are running.])
+fi
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/telnet.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/telnet.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/telnet.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+dnl
+dnl $Id: telnet.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl stuff used by telnet
+
+AC_DEFUN([rk_TELNET],[
+AC_DEFINE(AUTHENTICATION, 1,
+ [Define if you want authentication support in telnet.])dnl
+AC_DEFINE(ENCRYPTION, 1,
+ [Define if you want encryption support in telnet.])dnl
+AC_DEFINE(DES_ENCRYPTION, 1,
+ [Define if you want to use DES encryption in telnet.])dnl
+AC_DEFINE(DIAGNOSTICS, 1,
+ [Define this to enable diagnostics in telnet.])dnl
+AC_DEFINE(OLD_ENVIRON, 1,
+ [Define this to enable old environment option in telnet.])dnl
+if false; then
+ AC_DEFINE(ENV_HACK, 1,
+ [Define this if you want support for broken ENV_{VAR,VAL} telnets.])
+fi
+
+# Simple test for streamspty, based on the existance of getmsg(), alas
+# this breaks on SunOS4 which have streams but BSD-like ptys
+#
+# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
+
+case "$host" in
+*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[[01]]*)
+ ;;
+*)
+ AC_CHECK_FUNC(getmsg)
+ if test "$ac_cv_func_getmsg" = "yes"; then
+ AC_CACHE_CHECK([if getmsg works], ac_cv_func_getmsg_works,
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ #include <stdio.h>
+ #include <errno.h>
+
+ int main(int argc, char **argv)
+ {
+ int ret;
+ ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+ if(ret < 0 && errno == ENOSYS)
+ return 1;
+ return 0;
+ }
+ ]])], [ac_cv_func_getmsg_works=yes],
+ [ac_cv_func_getmsg_works=no],
+ [ac_cv_func_getmsg_works=no]))
+ if test "$ac_cv_func_getmsg_works" = "yes"; then
+ AC_DEFINE(HAVE_GETMSG, 1,
+ [Define if you have a working getmsg.])
+ AC_DEFINE(STREAMSPTY, 1,
+ [Define if you have streams ptys.])
+ fi
+ fi
+ ;;
+esac
+
+AH_BOTTOM([
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this to the default system lead string for telnetd
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+])
+])
Added: vendor-crypto/heimdal/dist/cf/test-package.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/test-package.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/test-package.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,133 @@
+dnl $Id: test-package.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
+dnl default locations, conditional, config-program)
+
+AC_DEFUN([rk_TEST_PACKAGE],[
+AC_ARG_WITH($1,
+ AS_HELP_STRING([--with-$1=dir],[use $1 in dir]))
+AC_ARG_WITH($1-lib,
+ AS_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]),
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi])
+AC_ARG_WITH($1-include,
+ AS_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]),
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi])
+AC_ARG_WITH($1-config,
+ AS_HELP_STRING([--with-$1-config=path],[config program for $1]))
+
+m4_ifval([$6],
+ m4_define([rk_pkgname], $6),
+ m4_define([rk_pkgname], AS_TR_CPP($1)))
+
+AC_MSG_CHECKING(for $1)
+
+case "$with_$1" in
+yes|"") d='$5' ;;
+no) d= ;;
+*) d="$with_$1" ;;
+esac
+
+header_dirs=
+lib_dirs=
+for i in $d; do
+ if test "$with_$1_include" = ""; then
+ if test -d "$i/include/$1"; then
+ header_dirs="$header_dirs $i/include/$1"
+ fi
+ if test -d "$i/include"; then
+ header_dirs="$header_dirs $i/include"
+ fi
+ fi
+ if test "$with_$1_lib" = ""; then
+ if test -d "$i/lib$abilibdirext"; then
+ lib_dirs="$lib_dirs $i/lib$abilibdirext"
+ fi
+ fi
+done
+
+if test "$with_$1_include"; then
+ header_dirs="$with_$1_include $header_dirs"
+fi
+if test "$with_$1_lib"; then
+ lib_dirs="$with_$1_lib $lib_dirs"
+fi
+
+if test "$with_$1_config" = ""; then
+ with_$1_config='$7'
+fi
+
+$1_cflags=
+$1_libs=
+
+case "$with_$1_config" in
+yes|no|""|"$7")
+ if test -f $with_$1/bin/$7 ; then
+ with_$1_config=$with_$1/bin/$7
+ fi
+ ;;
+esac
+
+case "$with_$1_config" in
+yes|no|"")
+ ;;
+*)
+ $1_cflags="`$with_$1_config --cflags 2>&1`"
+ $1_libs="`$with_$1_config --libs 2>&1`"
+ ;;
+esac
+
+found=no
+if test "$with_$1" != no; then
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ if test "$[]$1_cflags" -a "$[]$1_libs"; then
+ CFLAGS="$[]$1_cflags $save_CFLAGS"
+ LIBS="$[]$1_libs $save_LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[
+ INCLUDE_$1="$[]$1_cflags"
+ LIB_$1="$[]$1_libs"
+ AC_MSG_RESULT([from $with_$1_config])
+ found=yes])
+ fi
+ if test "$found" = no; then
+ ires= lres=
+ for i in $header_dirs; do
+ CFLAGS="-I$i $save_CFLAGS"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[ires=$i;break])
+ done
+ for i in $lib_dirs; do
+ LIBS="-L$i $3 $4 $save_LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[lres=$i;break])
+ done
+ if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
+ INCLUDE_$1="-I$ires"
+ LIB_$1="-L$lres $3 $4"
+ found=yes
+ AC_MSG_RESULT([headers $ires, libraries $lres])
+ fi
+ fi
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+fi
+
+if test "$found" = yes; then
+ AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.])
+ with_$1=yes
+else
+ with_$1=no
+ INCLUDE_$1=
+ LIB_$1=
+ AC_MSG_RESULT(no)
+fi
+
+AC_SUBST(INCLUDE_$1)
+AC_SUBST(LIB_$1)
+])
Added: vendor-crypto/heimdal/dist/cf/valgrind-suppressions
===================================================================
--- vendor-crypto/heimdal/dist/cf/valgrind-suppressions (rev 0)
+++ vendor-crypto/heimdal/dist/cf/valgrind-suppressions 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+# $Id: valgrind-suppressions,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+{
+ linux db init brokenness
+ Memcheck:Param
+ pwrite64(buf)
+ fun:do_pwrite64
+ fun:__os_io
+ fun:__memp_pgwrite
+ fun:__memp_fsync
+ fun:__bam_read_root
+ fun:__bam_open
+ fun:__db_dbopen
+ fun:__db_open
+ fun:DB_open
+}
+{
+ linux strerror
+ Memcheck:Leak
+ fun:_vgrZU_libcZdsoZa_malloc
+ fun:rwlock_add_to_list
+ fun:rwlock_have_already
+ fun:pthread_rwlock_rdlock
+ fun:__dcigettext
+ fun:dcgettext
+ fun:strerror_r
+ fun:strerror
+}
+{
+ linux db close brokenness
+ Memcheck:Param
+ pwrite64(buf)
+ fun:do_pwrite64
+ fun:__os_io
+ fun:__memp_pgwrite
+ fun:__memp_fsync
+ fun:__db_sync
+ fun:__db_close
+ fun:DB_close
+}
+{
+ GLIBC 2.1.2 getservbyname defect
+ Memcheck:Leak
+ fun:_vgrZU_libcZdsoZa_malloc
+ fun:strdup
+ obj:*
+ obj:*
+ fun:getservbyname_r@@GLIBC_2.1.2
+ fun:getservbyname
+}
+{
+ glibc getaddrinfo defect
+ Memcheck:Leak
+ fun:_vgrZU_libcZdsoZa_malloc
+ fun:__libc_res_nsend
+ fun:__libc_res_nquery
+ fun:__libc_res_nquerydomain
+ fun:__libc_res_nsearch
+ obj:*
+ fun:gaih_inet
+ fun:getaddrinfo
+}
+{
+ glibc dlopen failure called from /bin/ls
+ Memcheck:Addr4
+ obj:/lib/ld-2.3.6.so
+ obj:/lib/ld-2.3.6.so
+ obj:/lib/ld-2.3.6.so
+}
+{
+ Unknown suppression in runtime link editor
+ Memcheck:Cond
+ obj:/lib/ld-2.5.so
+ obj:/lib/ld-2.5.so
+ obj:/lib/ld-2.5.so
+ obj:/lib/ld-2.5.so
+}
+{
+ Unknown suppression in runtime link editor
+ Memcheck:Addr4
+ obj:/lib/ld-2.5.so
+ obj:/lib/ld-2.5.so
+ obj:/lib/ld-2.5.so
+ obj:/lib/ld-2.5.so
+}
Added: vendor-crypto/heimdal/dist/cf/vararray.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/vararray.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/vararray.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+dnl
+dnl $Id: vararray.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl Test for variable size arrays.
+dnl
+
+AC_DEFUN([rk_C_VARARRAY], [
+ AC_CACHE_CHECK([if the compiler supports variable-length arrays],[rk_cv_c_vararray],[
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x = 0; { int y[x]; }]])],
+ [rk_cv_c_vararray=yes],
+ [rk_cv_c_vararray=no])])
+ if test "$rk_cv_c_vararray" = yes; then
+ AC_DEFINE([HAVE_VARIABLE_LENGTH_ARRAY], [1],
+ [Define if your compiler supports variable-length arrays.])
+ fi
+])
Added: vendor-crypto/heimdal/dist/cf/version-script.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/version-script.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/version-script.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,40 @@
+dnl check if ld supports --version-script
+dnl
+AC_DEFUN([rk_VERSIONSCRIPT],[
+AC_CACHE_CHECK(for ld --version-script, rk_cv_version_script,[
+ rk_cv_version_script=no
+
+ cat > conftest.map <<EOF
+HEIM_GSS_V1 {
+ global: gss*;
+};
+HEIM_GSS_V1_1 {
+ global: gss_init_creds;
+} HEIM_GSS_V1;
+EOF
+cat > conftest.c <<EOF
+int gss_init_creds(int foo) { return 0; }
+EOF
+
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
+ -o conftest.so conftest.c
+ -Wl,--version-script,conftest.map]);
+ then
+ rk_cv_version_script=yes
+ fi
+rm -f conftest*
+])
+
+if test $rk_cv_version_script = yes ; then
+ doversioning=yes
+ LDFLAGS_VERSION_SCRIPT="-Wl,--version-script,"
+else
+ doversioning=no
+ LDFLAGS_VERSION_SCRIPT=
+fi
+AC_SUBST(VERSIONING)
+
+AM_CONDITIONAL(versionscript,test $doversioning = yes)
+AC_SUBST(LDFLAGS_VERSION_SCRIPT)
+
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/cf/wflags.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/wflags.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/wflags.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+dnl $Id: wflags.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+dnl set WFLAGS
+
+AC_DEFUN([rk_WFLAGS],[
+
+AC_ARG_ENABLE(developer,
+ AS_HELP_STRING([--enable-developer], [enable developer warnings]))
+if test "X$enable_developer" = Xyes; then
+ dwflags="-Werror"
+fi
+
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+if test -z "$WFLAGS" -a "$GCC" = "yes"; then
+ # -Wno-implicit-int for broken X11 headers
+ # leave these out for now:
+ # -Wcast-align doesn't work well on alpha osf/1
+ # -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
+ # -Wmissing-declarations -Wnested-externs
+ WFLAGS="ifelse($#, 0,-Wall, $1) $dwflags"
+ WFLAGS_NOUNUSED="-Wno-unused"
+ WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
+fi
+AC_SUBST(WFLAGS)dnl
+AC_SUBST(WFLAGS_NOUNUSED)dnl
+AC_SUBST(WFLAGS_NOIMPLICITINT)dnl
+])
Added: vendor-crypto/heimdal/dist/cf/win32.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/win32.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/win32.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+dnl $Id: win32.m4,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+dnl rk_WIN32_EXPORT buildsymbol symbol-that-export
+AC_DEFUN([rk_WIN32_EXPORT],[AH_TOP([#ifdef $1
+#ifndef $2
+#ifdef _WIN32_
+#define $2 _export _stdcall
+#else
+#define $2
+#endif
+#endif
+#endif
+])])
Added: vendor-crypto/heimdal/dist/cf/with-all.m4
===================================================================
--- vendor-crypto/heimdal/dist/cf/with-all.m4 (rev 0)
+++ vendor-crypto/heimdal/dist/cf/with-all.m4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,42 @@
+dnl
+dnl $Id: with-all.m4,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+dnl
+
+dnl AC_WITH_ALL(name)
+
+AC_DEFUN([AC_WITH_ALL], [
+AC_ARG_WITH($1,
+ AS_HELP_STRING([--with-$1=dir],
+ [use $1 in dir]))
+
+AC_ARG_WITH($1-lib,
+ AS_HELP_STRING([--with-$1-lib=dir],
+ [use $1 libraries in dir]),
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-lib])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi])
+
+AC_ARG_WITH($1-include,
+ AS_HELP_STRING([--with-$1-include=dir],
+ [use $1 headers in dir]),
+[if test "$withval" = "yes" -o "$withval" = "no"; then
+ AC_MSG_ERROR([No argument for --with-$1-include])
+elif test "X$with_$1" = "X"; then
+ with_$1=yes
+fi])
+
+case "$with_$1" in
+yes) ;;
+no) ;;
+"") ;;
+*) if test "$with_$1_include" = ""; then
+ with_$1_include="$with_$1/include"
+ fi
+ if test "$with_$1_lib" = ""; then
+ with_$1_lib="$with_$1/lib$abilibdirext"
+ fi
+ ;;
+esac
+])
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/compile
===================================================================
--- vendor-crypto/heimdal/dist/compile (rev 0)
+++ vendor-crypto/heimdal/dist/compile 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,142 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand `-c -o'.
+
+scriptversion=2005-05-14.22
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey at cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake at gnu.org> or send patches to
+# <automake-patches at gnu.org>.
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand `-c -o'.
+Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file `INSTALL'.
+
+Report bugs to <bug-automake at gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+esac
+
+ofile=
+cfile=
+eat=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as `compile cc -o foo foo.c'.
+ # So we strip `-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no `-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # `.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use `[/.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
Added: vendor-crypto/heimdal/dist/config.guess
===================================================================
--- vendor-crypto/heimdal/dist/config.guess (rev 0)
+++ vendor-crypto/heimdal/dist/config.guess 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1500 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+# Inc.
+
+timestamp='2006-07-02'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <per at bothner.com>.
+# Please send patches to <config-patches at gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches at gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi at noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep __ELF__ >/dev/null
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee at wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:SunOS:5.*:*)
+ echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[45])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep __LP64__ >/dev/null
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ case ${UNAME_MACHINE} in
+ pc98)
+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ i*:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ x86:Interix*:[3456]*)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ EM64T:Interix*:[3456]*)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ arm*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips
+ #undef mipsel
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mipsel
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+ /^CPU/{
+ s: ::g
+ p
+ }'`"
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef mips64
+ #undef mips64el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=mips64el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=mips64
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+ /^CPU/{
+ s: ::g
+ p
+ }'`"
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ # The BFD linker knows what the default object file format is, so
+ # first see if it will tell us. cd to the root directory to prevent
+ # problems with other programs or directories called `ld' in the path.
+ # Set LC_ALL=C to ensure ld outputs messages in English.
+ ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+ | sed -ne '/supported targets:/!d
+ s/[ ][ ]*/ /g
+ s/.*supported targets: *//
+ s/ .*//
+ p'`
+ case "$ld_supported_targets" in
+ elf32-i386)
+ TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+ ;;
+ a.out-i386-linux)
+ echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+ exit ;;
+ coff-i386)
+ echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+ exit ;;
+ "")
+ # Either a pre-BFD a.out linker (linux-gnuoldld) or
+ # one that does not give us useful --help.
+ echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+ exit ;;
+ esac
+ # Determine whether the default compiler is a.out or elf
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <features.h>
+ #ifdef __ELF__
+ # ifdef __GLIBC__
+ # if __GLIBC__ >= 2
+ LIBC=gnu
+ # else
+ LIBC=gnulibc1
+ # endif
+ # else
+ LIBC=gnulibc1
+ # endif
+ #else
+ #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+ LIBC=gnu
+ #else
+ LIBC=gnuaout
+ #endif
+ #endif
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+ /^LIBC/{
+ s: ::g
+ p
+ }'`"
+ test x"${LIBC}" != x && {
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit
+ }
+ test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+ ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i386.
+ echo i386-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel at ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes at openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf at swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green at stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green at stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches at gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
Added: vendor-crypto/heimdal/dist/config.sub
===================================================================
--- vendor-crypto/heimdal/dist/config.sub (rev 0)
+++ vendor-crypto/heimdal/dist/config.sub 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1616 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
+# Inc.
+
+timestamp='2006-09-20'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches at gnu.org>. Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches at gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray)
+ os=
+ basic_machine=$1
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64vr | mips64vrel \
+ | mips64orion | mips64orionel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | mt \
+ | msp430 \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu | strongarm \
+ | tahoe | thumb | tic4x | tic80 | tron \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | z8k)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tron-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | xstormy16-* | xtensa-* \
+ | ymp-* \
+ | z8k-*)
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16c)
+ basic_machine=cr16c-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
Added: vendor-crypto/heimdal/dist/configure
===================================================================
--- vendor-crypto/heimdal/dist/configure (rev 0)
+++ vendor-crypto/heimdal/dist/configure 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54327 @@
+#! /bin/sh
+# From configure.in Revision: 22513 .
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.61 for Heimdal 1.1.
+#
+# Report bugs to <heimdal-bugs at h5l.org>.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in
+ *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+as_nl='
+'
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+ if (eval ":") 2>/dev/null; then
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+
+ if test $as_have_required = yes && (eval ":
+(as_func_return () {
+ (exit \$1)
+}
+as_func_success () {
+ as_func_return 0
+}
+as_func_failure () {
+ as_func_return 1
+}
+as_func_ret_success () {
+ return 0
+}
+as_func_ret_failure () {
+ return 1
+}
+
+exitcode=0
+if as_func_success; then
+ :
+else
+ exitcode=1
+ echo as_func_success failed.
+fi
+
+if as_func_failure; then
+ exitcode=1
+ echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+ :
+else
+ exitcode=1
+ echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+ exitcode=1
+ echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+ :
+else
+ exitcode=1
+ echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+ as_lineno_1=\$LINENO
+ as_lineno_2=\$LINENO
+ test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+ test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+ :
+else
+ as_candidate_shells=
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ case $as_dir in
+ /*)
+ for as_base in sh bash ksh sh5; do
+ as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+ done;;
+ esac
+done
+IFS=$as_save_IFS
+
+
+ for as_shell in $as_candidate_shells $SHELL; do
+ # Try only shells that exist, to save several forks.
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in
+ *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+ CONFIG_SHELL=$as_shell
+ as_have_required=yes
+ if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in
+ *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+ (exit $1)
+}
+as_func_success () {
+ as_func_return 0
+}
+as_func_failure () {
+ as_func_return 1
+}
+as_func_ret_success () {
+ return 0
+}
+as_func_ret_failure () {
+ return 1
+}
+
+exitcode=0
+if as_func_success; then
+ :
+else
+ exitcode=1
+ echo as_func_success failed.
+fi
+
+if as_func_failure; then
+ exitcode=1
+ echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+ :
+else
+ exitcode=1
+ echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+ exitcode=1
+ echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+ :
+else
+ exitcode=1
+ echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+ break
+fi
+
+fi
+
+ done
+
+ if test "x$CONFIG_SHELL" != x; then
+ for as_var in BASH_ENV ENV
+ do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+ done
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+ if test $as_have_required = no; then
+ echo This script requires a shell more modern than all the
+ echo shells that I found on your system. Please install a
+ echo modern shell, or manually run the script under such a
+ echo shell if you do have one.
+ { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+ (exit \$1)
+}
+as_func_success () {
+ as_func_return 0
+}
+as_func_failure () {
+ as_func_return 1
+}
+as_func_ret_success () {
+ return 0
+}
+as_func_ret_failure () {
+ return 1
+}
+
+exitcode=0
+if as_func_success; then
+ :
+else
+ exitcode=1
+ echo as_func_success failed.
+fi
+
+if as_func_failure; then
+ exitcode=1
+ echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+ :
+else
+ exitcode=1
+ echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+ exitcode=1
+ echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+ :
+else
+ exitcode=1
+ echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+ echo No shell found that supports shell functions.
+ echo Please tell autoconf at gnu.org about your system,
+ echo including any error possibly output before this
+ echo message
+}
+
+
+
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+ # uniformly replaced by the line number. The first 'sed' inserts a
+ # line-number line after each line using $LINENO; the second 'sed'
+ # does the real work. The second script uses 'N' to pair each
+ # line-number line with the line containing $LINENO, and appends
+ # trailing '-' during substitution so that $LINENO is not a special
+ # case at line end.
+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+ # scripts with optimization help from Paolo Bonzini. Blame Lee
+ # E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+ { (exit 1); exit 1; }; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+ case `echo 'x\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ *) ECHO_C='\c';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir
+fi
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p=:
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+echo=${ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if (echo_test_string=`eval $cmd`) 2>/dev/null &&
+ echo_test_string=`eval $cmd` &&
+ (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+ then
+ break
+ fi
+ done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$echo" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ echo='print -r'
+ elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ echo='printf %s\n'
+ if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ echo="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ echo="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ echo=echo
+ fi
+ fi
+ fi
+ fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+tagnames=${tagnames+${tagnames},}CXX
+
+tagnames=${tagnames+${tagnames},}F77
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='Heimdal'
+PACKAGE_TARNAME='heimdal'
+PACKAGE_VERSION='1.1'
+PACKAGE_STRING='Heimdal 1.1'
+PACKAGE_BUGREPORT='heimdal-bugs at h5l.org'
+
+ac_unique_file="kuser/kinit.c"
+ac_default_prefix=/usr/heimdal
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='SHELL
+PATH_SEPARATOR
+PACKAGE_NAME
+PACKAGE_TARNAME
+PACKAGE_VERSION
+PACKAGE_STRING
+PACKAGE_BUGREPORT
+exec_prefix
+prefix
+program_transform_name
+bindir
+sbindir
+libexecdir
+datarootdir
+datadir
+sysconfdir
+sharedstatedir
+localstatedir
+includedir
+oldincludedir
+docdir
+infodir
+htmldir
+dvidir
+pdfdir
+psdir
+libdir
+localedir
+mandir
+DEFS
+ECHO_C
+ECHO_N
+ECHO_T
+LIBS
+build_alias
+host_alias
+target_alias
+INSTALL_PROGRAM
+INSTALL_SCRIPT
+INSTALL_DATA
+am__isrc
+CYGPATH_W
+PACKAGE
+VERSION
+ACLOCAL
+AUTOCONF
+AUTOMAKE
+AUTOHEADER
+MAKEINFO
+install_sh
+STRIP
+INSTALL_STRIP_PROGRAM
+mkdir_p
+AWK
+SET_MAKE
+am__leading_dot
+AMTAR
+am__tar
+am__untar
+MAINTAINER_MODE_TRUE
+MAINTAINER_MODE_FALSE
+MAINT
+CC
+CFLAGS
+LDFLAGS
+CPPFLAGS
+ac_ct_CC
+EXEEXT
+OBJEXT
+CPP
+build
+build_cpu
+build_vendor
+build_os
+host
+host_cpu
+host_vendor
+host_os
+CANONICAL_HOST
+YACC
+YFLAGS
+LEX
+LEX_OUTPUT_ROOT
+LEXLIB
+LN_S
+GREP
+EGREP
+ECHO
+AR
+RANLIB
+CXX
+CXXFLAGS
+ac_ct_CXX
+CXXCPP
+F77
+FFLAGS
+ac_ct_F77
+LIBTOOL
+ENABLE_SHARED_TRUE
+ENABLE_SHARED_FALSE
+VERSIONING
+versionscript_TRUE
+versionscript_FALSE
+LDFLAGS_VERSION_SCRIPT
+INCLUDE_openldap
+LIB_openldap
+OPENLDAP_MODULE_TRUE
+OPENLDAP_MODULE_FALSE
+PKINIT_TRUE
+PKINIT_FALSE
+DIR_hdbdir
+INCLUDE_krb4
+LIB_krb4
+KRB4_TRUE
+KRB4_FALSE
+KRB5_TRUE
+KRB5_FALSE
+do_roken_rename_TRUE
+do_roken_rename_FALSE
+LIB_kdb
+HAVE_OPENSSL_TRUE
+HAVE_OPENSSL_FALSE
+DIR_hcrypto
+INCLUDE_hcrypto
+LIB_hcrypto
+LIB_hcrypto_a
+LIB_hcrypto_so
+LIB_hcrypto_appl
+PTHREADS_CFLAGS
+PTHREADS_LIBS
+DCE_TRUE
+DCE_FALSE
+dpagaix_cflags
+dpagaix_ldadd
+dpagaix_ldflags
+LIB_db_create
+LIB_dbopen
+LIB_dbm_firstkey
+HAVE_DB1_TRUE
+HAVE_DB1_FALSE
+HAVE_DB3_TRUE
+HAVE_DB3_FALSE
+HAVE_NDBM_TRUE
+HAVE_NDBM_FALSE
+DBLIB
+LIB_NDBM
+WFLAGS
+WFLAGS_NOUNUSED
+WFLAGS_NOIMPLICITINT
+VOID_RETSIGTYPE
+have_err_h_TRUE
+have_err_h_FALSE
+have_ifaddrs_h_TRUE
+have_ifaddrs_h_FALSE
+have_vis_h_TRUE
+have_vis_h_FALSE
+LIB_socket
+LIB_gethostbyname
+LIB_syslog
+LIB_gethostbyname2
+LIB_res_search
+LIB_res_nsearch
+LIB_res_ndestroy
+LIB_dn_expand
+LIBOBJS
+have_glob_h_TRUE
+have_glob_h_FALSE
+have_cgetent_TRUE
+have_cgetent_FALSE
+LIB_getsockopt
+LIB_setsockopt
+LIB_hstrerror
+LIB_bswap16
+LIB_bswap32
+LIB_pidfile
+LIB_getaddrinfo
+LIB_getnameinfo
+LIB_freeaddrinfo
+LIB_gai_strerror
+have_fnmatch_h_TRUE
+have_fnmatch_h_FALSE
+LIB_crypt
+have_socket_wrapper_TRUE
+have_socket_wrapper_FALSE
+DIR_roken
+LIB_roken
+INCLUDES_roken
+LIBADD_roken
+LIB_otp
+OTP_TRUE
+OTP_FALSE
+LIB_security
+NROFF
+GROFF
+CATMAN
+CATMAN_TRUE
+CATMAN_FALSE
+CATMANEXT
+INCLUDE_readline
+LIB_readline
+INCLUDE_hesiod
+LIB_hesiod
+AIX_TRUE
+AIX_FALSE
+AIX4_TRUE
+AIX4_FALSE
+LIB_dlopen
+HAVE_DLOPEN_TRUE
+HAVE_DLOPEN_FALSE
+LIB_loadquery
+AIX_DYNAMIC_AFS_TRUE
+AIX_DYNAMIC_AFS_FALSE
+AIX_EXTRA_KAFS
+IRIX_TRUE
+IRIX_FALSE
+XMKMF
+X_CFLAGS
+X_PRE_LIBS
+X_LIBS
+X_EXTRA_LIBS
+HAVE_X_TRUE
+HAVE_X_FALSE
+LIB_XauWriteAuth
+LIB_XauReadAuth
+LIB_XauFileName
+NEED_WRITEAUTH_TRUE
+NEED_WRITEAUTH_FALSE
+LIB_logwtmp
+LIB_logout
+LIB_openpty
+LIB_tgetent
+LIB_getpwnam_r
+LIB_door_create
+KCM_TRUE
+KCM_FALSE
+FRAMEWORK_SECURITY_TRUE
+FRAMEWORK_SECURITY_FALSE
+LIB_el_init
+el_compat_TRUE
+el_compat_FALSE
+COMPILE_ET
+COM_ERR_TRUE
+COM_ERR_FALSE
+DIR_com_err
+LIB_com_err
+LIB_com_err_a
+LIB_com_err_so
+LIB_AUTH_SUBDIRS
+LTLIBOBJS'
+ac_subst_files=''
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+YACC
+YFLAGS
+CXX
+CXXFLAGS
+CCC
+CXXCPP
+F77
+FFLAGS
+XMKMF'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+ { (exit 1); exit 1; }; }
+ ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
+ eval enable_$ac_feature=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+ { (exit 1); exit 1; }; }
+ ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
+ eval enable_$ac_feature=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid package name: $ac_package" >&2
+ { (exit 1); exit 1; }; }
+ ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
+ eval with_$ac_package=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid package name: $ac_package" >&2
+ { (exit 1); exit 1; }; }
+ ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
+ eval with_$ac_package=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) { echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+ { (exit 1); exit 1; }; }
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+ { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+ { (exit 1); exit 1; }; }
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ { echo "$as_me: error: missing argument to $ac_option" >&2
+ { (exit 1); exit 1; }; }
+fi
+
+# Be sure to have absolute directory names.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+ { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used." >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ { echo "$as_me: error: Working directory cannot be determined" >&2
+ { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ { echo "$as_me: error: pwd does not report name of working directory" >&2
+ { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$0" ||
+$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$0" : 'X\(//\)[^/]' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+echo X"$0" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+ { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2
+ { (exit 1); exit 1; }; }
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures Heimdal 1.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/heimdal]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+X features:
+ --x-includes=DIR X include files are in DIR
+ --x-libraries=DIR X library files are in DIR
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of Heimdal 1.1:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-maintainer-mode enable make rules and dependencies not useful
+ (and sometimes confusing) to the casual installer
+ --disable-largefile omit support for large files
+ --enable-shared[=PKGS] build shared libraries [default=yes]
+ --enable-static[=PKGS] build static libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-libtool-lock avoid locking (might break parallel builds)
+ --enable-hdb-openldap-module
+ if you want support to build openldap hdb as shared
+ object
+ --disable-pk-init if you want disable to PK-INIT support
+ --enable-pthread-support
+ if you want thread safe libraries
+ --enable-dce if you want support for DCE/DFS PAG's
+ --disable-afs-support if you don't want support for AFS
+ --disable-berkeley-db if you don't want berkeley db
+ --disable-ndbm-db if you don't want ndbm db
+ --enable-developer enable developer warnings
+ --enable-socket-wrapper use sambas socket-wrapper for testing
+ --disable-otp if you don't want OTP support
+ --enable-osfc2 enable some OSF C2 support
+ --disable-mmap disable use of mmap
+ --disable-afs-string-to-key
+ disable use of weak AFS string-to-key functions
+ --enable-bigendian the target is big endian
+ --enable-littleendian the target is little endian
+ --disable-dynamic-afs do not use loaded AFS library with AIX
+ --enable-netinfo enable netinfo for configuration lookup
+ --enable-kcm enable Kerberos Credentials Manager
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64)
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-tags[=TAGS] include additional configurations [automatic]
+ --with-openldap=dir use openldap in dir
+ --with-openldap-lib=dir use openldap libraries in dir
+ --with-openldap-include=dir
+ use openldap headers in dir
+ --with-openldap-config=path
+ config program for openldap
+ --with-hdbdir Default location for KDC database
+ [default=/var/heimdal]
+ --with-openssl=dir use openssl in dir
+ --with-openssl-lib=dir use openssl libraries in dir
+ --with-openssl-include=dir
+ use openssl headers in dir
+ --without-ipv6 do not enable IPv6 support
+ --with-readline=dir use readline in dir
+ --with-readline-lib=dir use readline libraries in dir
+ --with-readline-include=dir
+ use readline headers in dir
+ --with-readline-config=path
+ config program for readline
+ --with-hesiod=dir use hesiod in dir
+ --with-hesiod-lib=dir use hesiod libraries in dir
+ --with-hesiod-include=dir
+ use hesiod headers in dir
+ --with-hesiod-config=path
+ config program for hesiod
+ --with-x use the X Window System
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+ YACC The `Yet Another C Compiler' implementation to use. Defaults to
+ the first program found out of: `bison -y', `byacc', `yacc'.
+ YFLAGS The list of arguments that will be passed by default to $YACC.
+ This script will default YFLAGS to the empty string to avoid a
+ default value of `-d' given by some make applications.
+ CXX C++ compiler command
+ CXXFLAGS C++ compiler flags
+ CXXCPP C++ preprocessor
+ F77 Fortran 77 compiler command
+ FFLAGS Fortran 77 compiler flags
+ XMKMF Path to xmkmf, Makefile generator for X Window System
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <heimdal-bugs at h5l.org>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" || continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+Heimdal configure 1.1
+generated by GNU Autoconf 2.61
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by Heimdal $as_me 1.1, which was
+generated by GNU Autoconf 2.61. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+ 2)
+ ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ ac_configure_args="$ac_configure_args '$ac_arg'"
+ ;;
+ esac
+ done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
+echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ *) $as_unset $ac_var ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ echo "$as_me: caught signal $ac_signal"
+ echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer explicitly selected file to automatically selected ones.
+if test -n "$CONFIG_SITE"; then
+ set x "$CONFIG_SITE"
+elif test "x$prefix" != xNONE; then
+ set x "$prefix/share/config.site" "$prefix/etc/config.site"
+else
+ set x "$ac_default_prefix/share/config.site" \
+ "$ac_default_prefix/etc/config.site"
+fi
+shift
+for ac_site_file
+do
+ if test -r "$ac_site_file"; then
+ { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file"
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special
+ # files actually), so we avoid doing that.
+ if test -f "$cache_file"; then
+ { echo "$as_me:$LINENO: loading cache $cache_file" >&5
+echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { echo "$as_me:$LINENO: creating cache $cache_file" >&5
+echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
+echo "$as_me: former value: $ac_old_val" >&2;}
+ { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
+echo "$as_me: current value: $ac_new_val" >&2;}
+ ac_cache_corrupted=:
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+ac_config_headers="$ac_config_headers include/config.h"
+
+
+am__api_version='1.10'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+ ./ | .// | /cC/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+done
+IFS=$as_save_IFS
+
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t $srcdir/configure conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken
+alias in your environment" >&5
+echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken
+alias in your environment" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+{ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+test "$program_prefix" != NONE &&
+ program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $. echo might interpret backslashes.
+# By default was `s,x,x', remove it if useless.
+cat <<\_ACEOF >conftest.sed
+s/[\\$]/&&/g;s/;s,x,x,$//
+_ACEOF
+program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
+rm -f conftest.sed
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+{ echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+echo $ECHO_N "checking for a thread-safe mkdir -p... $ECHO_C" >&6; }
+if test -z "$MKDIR_P"; then
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir (GNU coreutils) '* | \
+ 'mkdir (coreutils) '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+done
+IFS=$as_save_IFS
+
+fi
+
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ test -d ./--version && rmdir ./--version
+ MKDIR_P="$ac_install_sh -d"
+ fi
+fi
+{ echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+echo "${ECHO_T}$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+ [\\/$]* | ?:[\\/]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { echo "$as_me:$LINENO: result: $AWK" >&5
+echo "${ECHO_T}$AWK" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; }
+set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ SET_MAKE=
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ am__isrc=' -I$(srcdir)'
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='heimdal'
+ VERSION='1.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"}
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5
+echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6; }
+ # Check whether --enable-maintainer-mode was given.
+if test "${enable_maintainer_mode+set}" = set; then
+ enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
+else
+ USE_MAINTAINER_MODE=no
+fi
+
+ { echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5
+echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6; }
+ if test $USE_MAINTAINER_MODE = yes; then
+ MAINTAINER_MODE_TRUE=
+ MAINTAINER_MODE_FALSE='#'
+else
+ MAINTAINER_MODE_TRUE='#'
+ MAINTAINER_MODE_FALSE=
+fi
+
+ MAINT=$MAINTAINER_MODE_TRUE
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO: checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler --version >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler -v >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler -V >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; }
+ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+#
+# List of possible output files, starting from the most likely.
+# The algorithm is not robust to junk in `.', hence go to wildcards (a.*)
+# only as a last resort. b.out is created by i960 compilers.
+ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out'
+#
+# The IRIX 6 linker writes into existing files which may not be
+# executable, retaining their permissions. Remove them first so a
+# subsequent execution test works.
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+
+{ echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6; }
+if test -z "$ac_file"; then
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+ { (exit 77); exit 77; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+ if { ac_try='./$ac_file'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ fi
+fi
+{ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+rm -f a.out a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6; }
+
+{ echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; }
+if test "${ac_cv_objext+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_prog_cc_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ CFLAGS=""
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_prog_cc_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_prog_cc_c89=$ac_arg
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6; } ;;
+ xno)
+ { echo "$as_me:$LINENO: result: unsupported" >&5
+echo "${ECHO_T}unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test "x$CC" != xcc; then
+ { echo "$as_me:$LINENO: checking whether $CC and cc understand -c and -o together" >&5
+echo $ECHO_N "checking whether $CC and cc understand -c and -o together... $ECHO_C" >&6; }
+else
+ { echo "$as_me:$LINENO: checking whether cc understands -c and -o together" >&5
+echo $ECHO_N "checking whether cc understands -c and -o together... $ECHO_C" >&6; }
+fi
+set dummy $CC; ac_cc=`echo $2 |
+ sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+# Make sure it works both with $CC and with simple cc.
+# We do the test twice because some compilers refuse to overwrite an
+# existing .o file with -o, though they will create one.
+ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+rm -f conftest2.*
+if { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ test -f conftest2.$ac_objext && { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); };
+then
+ eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+ if test "x$CC" != xcc; then
+ # Test first that cc exists at all.
+ if { ac_try='cc -c conftest.$ac_ext >&5'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+ rm -f conftest2.*
+ if { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ test -f conftest2.$ac_objext && { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); };
+ then
+ # cc works too.
+ :
+ else
+ # cc exists but doesn't like -o.
+ eval ac_cv_prog_cc_${ac_cc}_c_o=no
+ fi
+ fi
+ fi
+else
+ eval ac_cv_prog_cc_${ac_cc}_c_o=no
+fi
+rm -f core conftest*
+
+fi
+if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define NO_MINUS_C_MINUS_O 1
+_ACEOF
+
+fi
+
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
+ # Losing compiler, so override with the script.
+ # FIXME: It is wrong to rewrite CC.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__CC in this case,
+ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+ CC="$am_aux_dir/compile $CC"
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+ { (exit 1); exit 1; }; }
+
+{ echo "$as_me:$LINENO: checking build system type" >&5
+echo $ECHO_N "checking build system type... $ECHO_C" >&6; }
+if test "${ac_cv_build+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+ { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+echo "${ECHO_T}$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+echo "$as_me: error: invalid value of canonical build" >&2;}
+ { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ echo "$as_me:$LINENO: checking host system type" >&5
+echo $ECHO_N "checking host system type... $ECHO_C" >&6; }
+if test "${ac_cv_host+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+echo "${ECHO_T}$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+echo "$as_me: error: invalid value of canonical host" >&2;}
+ { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+CANONICAL_HOST=$host
+
+
+
+
+
+
+ { echo "$as_me:$LINENO: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&5
+echo "$as_me: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&6;}
+ { echo "$as_me:$LINENO: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&5
+echo "$as_me: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&6;}
+ hostname=`hostname`
+ if test "$hostname"; then
+ { echo "$as_me:$LINENO: autobuild hostname... $hostname" >&5
+echo "$as_me: autobuild hostname... $hostname" >&6;}
+ fi
+
+ date=`date +%Y%m%d-%H%M%S`
+ if test "$?" != 0; then
+ date=`date`
+ fi
+ if test "$date"; then
+ { echo "$as_me:$LINENO: autobuild timestamp... $date" >&5
+echo "$as_me: autobuild timestamp... $date" >&6;}
+ fi
+
+
+
+# Check whether --enable-largefile was given.
+if test "${enable_largefile+set}" = set; then
+ enableval=$enable_largefile;
+fi
+
+if test "$enable_largefile" != no; then
+
+ { echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5
+echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_largefile_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_sys_largefile_CC=no
+ if test "$GCC" != yes; then
+ ac_save_CC=$CC
+ while :; do
+ # IRIX 6.2 and later do not support large files by default,
+ # so use the C compiler's -n32 option if that helps.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+ CC="$CC -n32"
+ rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_largefile_CC=' -n32'; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+ break
+ done
+ CC=$ac_save_CC
+ rm -f conftest.$ac_ext
+ fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5
+echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6; }
+ if test "$ac_cv_sys_largefile_CC" != no; then
+ CC=$CC$ac_cv_sys_largefile_CC
+ fi
+
+ { echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_file_offset_bits+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_file_offset_bits=no; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_file_offset_bits=64; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_file_offset_bits=unknown
+ break
+done
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5
+echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
+_ACEOF
+;;
+esac
+rm -f conftest*
+ if test $ac_cv_sys_file_offset_bits = unknown; then
+ { echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5
+echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_large_files+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_large_files=no; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_large_files=1; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_large_files=unknown
+ break
+done
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5
+echo "${ECHO_T}$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGE_FILES $ac_cv_sys_large_files
+_ACEOF
+;;
+esac
+rm -f conftest*
+ fi
+fi
+
+
+if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
+ CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
+fi
+if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then
+ CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
+fi
+
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _GNU_SOURCE 1
+_ACEOF
+
+
+
+
+
+for ac_prog in 'bison -y' byacc
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_YACC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$YACC"; then
+ ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_YACC="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+YACC=$ac_cv_prog_YACC
+if test -n "$YACC"; then
+ { echo "$as_me:$LINENO: result: $YACC" >&5
+echo "${ECHO_T}$YACC" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$YACC" && break
+done
+test -n "$YACC" || YACC="yacc"
+
+for ac_prog in flex lex
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_LEX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$LEX"; then
+ ac_cv_prog_LEX="$LEX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_LEX="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+LEX=$ac_cv_prog_LEX
+if test -n "$LEX"; then
+ { echo "$as_me:$LINENO: result: $LEX" >&5
+echo "${ECHO_T}$LEX" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$LEX" && break
+done
+test -n "$LEX" || LEX=":"
+
+if test "x$LEX" != "x:"; then
+ cat >conftest.l <<_ACEOF
+%%
+a { ECHO; }
+b { REJECT; }
+c { yymore (); }
+d { yyless (1); }
+e { yyless (input () != 0); }
+f { unput (yytext[0]); }
+. { BEGIN INITIAL; }
+%%
+#ifdef YYTEXT_POINTER
+extern char *yytext;
+#endif
+int
+main (void)
+{
+ return ! yylex () + ! yywrap ();
+}
+_ACEOF
+{ (ac_try="$LEX conftest.l"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$LEX conftest.l") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ echo "$as_me:$LINENO: checking lex output file root" >&5
+echo $ECHO_N "checking lex output file root... $ECHO_C" >&6; }
+if test "${ac_cv_prog_lex_root+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if test -f lex.yy.c; then
+ ac_cv_prog_lex_root=lex.yy
+elif test -f lexyy.c; then
+ ac_cv_prog_lex_root=lexyy
+else
+ { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5
+echo "$as_me: error: cannot find output from $LEX; giving up" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5
+echo "${ECHO_T}$ac_cv_prog_lex_root" >&6; }
+LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
+
+if test -z "${LEXLIB+set}"; then
+ { echo "$as_me:$LINENO: checking lex library" >&5
+echo $ECHO_N "checking lex library... $ECHO_C" >&6; }
+if test "${ac_cv_lib_lex+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ac_save_LIBS=$LIBS
+ ac_cv_lib_lex='none needed'
+ for ac_lib in '' -lfl -ll; do
+ LIBS="$ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+`cat $LEX_OUTPUT_ROOT.c`
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_lex=$ac_lib
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ test "$ac_cv_lib_lex" != 'none needed' && break
+ done
+ LIBS=$ac_save_LIBS
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_lex" >&5
+echo "${ECHO_T}$ac_cv_lib_lex" >&6; }
+ test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex
+fi
+
+
+{ echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5
+echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6; }
+if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # POSIX says lex can declare yytext either as a pointer or an array; the
+# default is implementation-dependent. Figure out which it is, since
+# not all implementations provide the %pointer and %array declarations.
+ac_cv_prog_lex_yytext_pointer=no
+ac_save_LIBS=$LIBS
+LIBS="$LEXLIB $ac_save_LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+#define YYTEXT_POINTER 1
+`cat $LEX_OUTPUT_ROOT.c`
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_prog_lex_yytext_pointer=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_save_LIBS
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5
+echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6; }
+if test $ac_cv_prog_lex_yytext_pointer = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define YYTEXT_POINTER 1
+_ACEOF
+
+fi
+rm -f conftest.l $LEX_OUTPUT_ROOT.c
+
+fi
+if test "$LEX" = :; then
+ LEX=${am_missing_run}flex
+fi
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { echo "$as_me:$LINENO: result: $AWK" >&5
+echo "${ECHO_T}$AWK" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ echo "$as_me:$LINENO: checking for ln -s or something else" >&5
+echo $ECHO_N "checking for ln -s or something else... $ECHO_C" >&6; }
+if test "${ac_cv_prog_LN_S+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ rm -f conftestdata
+if ln -s X conftestdata 2>/dev/null
+then
+ rm -f conftestdata
+ ac_cv_prog_LN_S="ln -s"
+else
+ touch conftestdata1
+ if ln conftestdata1 conftestdata2; then
+ rm -f conftestdata*
+ ac_cv_prog_LN_S=ln
+ else
+ ac_cv_prog_LN_S=cp
+ fi
+fi
+fi
+LN_S="$ac_cv_prog_LN_S"
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_LN_S" >&5
+echo "${ECHO_T}$ac_cv_prog_LN_S" >&6; }
+
+
+
+
+# Check whether --with-mips_abi was given.
+if test "${with_mips_abi+set}" = set; then
+ withval=$with_mips_abi;
+fi
+
+
+case "$host_os" in
+irix*)
+with_mips_abi="${with_mips_abi:-yes}"
+if test -n "$GCC"; then
+
+# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select
+# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs.
+#
+# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old
+# GCC and revert back to O32. The same goes if O32 is asked for - old
+# GCCs doesn't like the -mabi option, and new GCCs can't output O32.
+#
+# Don't you just love *all* the different SGI ABIs?
+
+case "${with_mips_abi}" in
+ 32|o32) abi='-mabi=32'; abilibdirext='' ;;
+ n32|yes) abi='-mabi=n32'; abilibdirext='32' ;;
+ 64) abi='-mabi=64'; abilibdirext='64' ;;
+ no) abi=''; abilibdirext='';;
+ *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5
+echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+if test -n "$abi" ; then
+ac_foo=krb_cv_gcc_`echo $abi | tr =- __`
+{ echo "$as_me:$LINENO: checking if $CC supports the $abi option" >&5
+echo $ECHO_N "checking if $CC supports the $abi option... $ECHO_C" >&6; }
+if { as_var=$ac_foo; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $abi"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+int x;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval $ac_foo=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval $ac_foo=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_extCFLAGS="$save_CFLAGS"
+
+fi
+
+ac_res=`eval echo \\\$$ac_foo`
+{ echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test $ac_res = no; then
+# Try to figure out why that failed...
+case $abi in
+ -mabi=32)
+ save_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -mabi=n32"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+int x;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_res=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_res=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CLAGS="$save_CFLAGS"
+ if test $ac_res = yes; then
+ # New GCC
+ { { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5
+echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ # Old GCC
+ abi=''
+ abilibdirext=''
+ ;;
+ -mabi=n32|-mabi=64)
+ if test $with_mips_abi = yes; then
+ # Old GCC, default to O32
+ abi=''
+ abilibdirext=''
+ else
+ # Some broken GCC
+ { { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5
+echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ ;;
+esac
+fi #if test $ac_res = no; then
+fi #if test -n "$abi" ; then
+else
+case "${with_mips_abi}" in
+ 32|o32) abi='-32'; abilibdirext='' ;;
+ n32|yes) abi='-n32'; abilibdirext='32' ;;
+ 64) abi='-64'; abilibdirext='64' ;;
+ no) abi=''; abilibdirext='';;
+ *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5
+echo "$as_me: error: \"Invalid ABI specified\"" >&2;}
+ { (exit 1); exit 1; }; } ;;
+esac
+fi #if test -n "$GCC"; then
+;;
+esac
+
+CC="$CC $abi"
+libdir="$libdir$abilibdirext"
+
+
+{ echo "$as_me:$LINENO: checking for __attribute__" >&5
+echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6; }
+if test "${ac_cv___attribute__+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+static void foo(void) __attribute__ ((noreturn));
+
+static void
+foo(void)
+{
+ exit(1);
+}
+
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv___attribute__=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv___attribute__=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if test "$ac_cv___attribute__" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE___ATTRIBUTE__ 1
+_ACEOF
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv___attribute__" >&5
+echo "${ECHO_T}$ac_cv___attribute__" >&6; }
+
+
+# Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then
+ enableval=$enable_shared; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi
+
+
+# Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then
+ enableval=$enable_static; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi
+
+
+# Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then
+ enableval=$enable_fast_install; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi
+
+
+{ echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
+echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; }
+if test "${lt_cv_path_SED+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+
+fi
+
+SED=$lt_cv_path_SED
+{ echo "$as_me:$LINENO: result: $SED" >&5
+echo "${ECHO_T}$SED" >&6; }
+
+{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
+echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Extract the first word of "grep ggrep" to use in msg output
+if test -z "$GREP"; then
+set dummy grep ggrep; ac_prog_name=$2
+if test "${ac_cv_path_GREP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_path_GREP_found=false
+# Loop through the user's path and test for each of PROGNAME-LIST
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+ # Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ ac_count=`expr $ac_count + 1`
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+
+ $ac_path_GREP_found && break 3
+ done
+done
+
+done
+IFS=$as_save_IFS
+
+
+fi
+
+GREP="$ac_cv_path_GREP"
+if test -z "$GREP"; then
+ { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
+echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
+echo "${ECHO_T}$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ # Extract the first word of "egrep" to use in msg output
+if test -z "$EGREP"; then
+set dummy egrep; ac_prog_name=$2
+if test "${ac_cv_path_EGREP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_path_EGREP_found=false
+# Loop through the user's path and test for each of PROGNAME-LIST
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+ # Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ ac_count=`expr $ac_count + 1`
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+
+ $ac_path_EGREP_found && break 3
+ done
+done
+
+done
+IFS=$as_save_IFS
+
+
+fi
+
+EGREP="$ac_cv_path_EGREP"
+if test -z "$EGREP"; then
+ { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
+echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+
+ fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
+echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; }
+else
+ { echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+ { (exit 1); exit 1; }; }
+{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+{ echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
+echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
+echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+{ echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
+echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6; }
+if test "${lt_cv_path_NM+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
+echo "${ECHO_T}$lt_cv_path_NM" >&6; }
+NM="$lt_cv_path_NM"
+
+{ echo "$as_me:$LINENO: checking whether ln -s works" >&5
+echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no, using $LN_S" >&5
+echo "${ECHO_T}no, using $LN_S" >&6; }
+fi
+
+{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
+echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix3*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+nto-qnx*)
+ lt_cv_deplibs_check_method=unknown
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
+echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+ enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 5679 "configure"' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
+echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ lt_cv_cc_needs_belf=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ lt_cv_cc_needs_belf=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
+echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; }
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *) LD="${LD-ld} -64" ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+
+{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_header_stdc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_header_stdc=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+
+
+
+
+
+
+
+
+
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in dlfcn.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+ if test -n "$CCC"; then
+ CXX=$CCC
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ { echo "$as_me:$LINENO: result: $CXX" >&5
+echo "${ECHO_T}$CXX" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$CXX" && break
+ done
+fi
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5
+echo "${ECHO_T}$ac_ct_CXX" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CXX" && break
+done
+
+ if test "x$ac_ct_CXX" = x; then
+ CXX="g++"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ CXX=$ac_ct_CXX
+ fi
+fi
+
+ fi
+fi
+# Provide some information about the compiler.
+echo "$as_me:$LINENO: checking for C++ compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler --version >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler -v >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler -V >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+
+{ echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6; }
+GXX=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5
+echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+ ac_cxx_werror_flag=yes
+ ac_cv_prog_cxx_g=no
+ CXXFLAGS="-g"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_prog_cxx_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ CXXFLAGS=""
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+ CXXFLAGS="-g"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_prog_cxx_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
+else
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+{ echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5
+echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6; }
+if test -z "$CXXCPP"; then
+ if test "${ac_cv_prog_CXXCPP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # Double quotes because CXXCPP needs to be expanded
+ for CXXCPP in "$CXX -E" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ break
+fi
+
+ done
+ ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+ CXXCPP=$ac_cv_prog_CXXCPP
+else
+ ac_cv_prog_CXXCPP=$CXXCPP
+fi
+{ echo "$as_me:$LINENO: result: $CXXCPP" >&5
+echo "${ECHO_T}$CXXCPP" >&6; }
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Broken: fails on valid input.
+continue
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ # Broken: success on invalid input.
+continue
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+fi
+
+
+ac_ext=f
+ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
+ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_f77_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$F77"; then
+ ac_cv_prog_F77="$F77" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_F77="$ac_tool_prefix$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+F77=$ac_cv_prog_F77
+if test -n "$F77"; then
+ { echo "$as_me:$LINENO: result: $F77" >&5
+echo "${ECHO_T}$F77" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$F77" && break
+ done
+fi
+if test -z "$F77"; then
+ ac_ct_F77=$F77
+ for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_F77"; then
+ ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_F77="$ac_prog"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_F77=$ac_cv_prog_ac_ct_F77
+if test -n "$ac_ct_F77"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_F77" >&5
+echo "${ECHO_T}$ac_ct_F77" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ test -n "$ac_ct_F77" && break
+done
+
+ if test "x$ac_ct_F77" = x; then
+ F77=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ F77=$ac_ct_F77
+ fi
+fi
+
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO: checking for Fortran 77 compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler --version >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler -v >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compiler -V >&5") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+rm -f a.out
+
+# If we don't use `.F' as extension, the preprocessor is not run on the
+# input file. (Note that this only needs to work for GNU compilers.)
+ac_save_ext=$ac_ext
+ac_ext=F
+{ echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6; }
+if test "${ac_cv_f77_compiler_gnu+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+ program main
+#ifndef __GNUC__
+ choke me
+#endif
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_f77_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_compiler_gnu=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_f77_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6; }
+ac_ext=$ac_save_ext
+ac_test_FFLAGS=${FFLAGS+set}
+ac_save_FFLAGS=$FFLAGS
+FFLAGS=
+{ echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5
+echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6; }
+if test "${ac_cv_prog_f77_g+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ FFLAGS=-g
+cat >conftest.$ac_ext <<_ACEOF
+ program main
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_f77_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_prog_f77_g=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_prog_f77_g=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5
+echo "${ECHO_T}$ac_cv_prog_f77_g" >&6; }
+if test "$ac_test_FFLAGS" = set; then
+ FFLAGS=$ac_save_FFLAGS
+elif test $ac_cv_prog_f77_g = yes; then
+ if test "x$ac_cv_f77_compiler_gnu" = xyes; then
+ FFLAGS="-g -O2"
+ else
+ FFLAGS="-g"
+ fi
+else
+ if test "x$ac_cv_f77_compiler_gnu" = xyes; then
+ FFLAGS="-O2"
+ else
+ FFLAGS=
+ fi
+fi
+
+G77=`test $ac_compiler_gnu = yes && echo yes`
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+
+# find the maximum length of command line arguments
+{ echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
+echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \
+ = "XX$teststring") >/dev/null 2>&1 &&
+ new_result=`expr "X$teststring" : ".*" 2>&1` &&
+ lt_cv_sys_max_cmd_len=$new_result &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on massive
+ # amounts of additional arguments before passing them to the linker.
+ # It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
+echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; }
+else
+ { echo "$as_me:$LINENO: result: none" >&5
+echo "${ECHO_T}none" >&6; }
+fi
+
+
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
+echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*) # Its linker distinguishes data from code symbols
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ ;;
+linux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDGIRSTW]'
+ lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+ lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'"
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris*)
+ symcode='[BDRT]'
+ ;;
+sco3.2v5*)
+ symcode='[DT]'
+ ;;
+sysv4.2uw2*)
+ symcode='[DT]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[ABDT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if grep ' nm_test_var$' "$nlist" >/dev/null; then
+ if grep ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+ cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ lt_ptr_t address;
+}
+lt_preloaded_symbols[] =
+{
+EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+ cat <<\EOF >> conftest.$ac_ext
+ {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -f conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ { echo "$as_me:$LINENO: result: failed" >&5
+echo "${ECHO_T}failed" >&6; }
+else
+ { echo "$as_me:$LINENO: result: ok" >&5
+echo "${ECHO_T}ok" >&6; }
+fi
+
+{ echo "$as_me:$LINENO: checking for objdir" >&5
+echo $ECHO_N "checking for objdir... $ECHO_C" >&6; }
+if test "${lt_cv_objdir+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
+echo "${ECHO_T}$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
+echo "${ECHO_T}$ac_ct_AR" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { echo "$as_me:$LINENO: result: $RANLIB" >&5
+echo "${ECHO_T}$RANLIB" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
+echo "${ECHO_T}$ac_ct_RANLIB" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet. If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
+echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ { echo "$as_me:$LINENO: checking for file" >&5
+echo $ECHO_N "checking for file... $ECHO_C" >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool at gnu.org
+
+EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+enable_dlopen=no
+enable_win32_dll=no
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+ enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then
+ withval=$with_pic; pic_mode="$withval"
+else
+ pic_mode=default
+fi
+
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+
+{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8072: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:8076: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic='-qnocommon'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic" >&6; }
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+
+{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_pic_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8340: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:8344: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_static_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_static_works=yes
+ fi
+ else
+ lt_prog_compiler_static_works=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works" >&6; }
+
+if test x"$lt_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8444: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:8448: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; }
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
+
+ runpath_var=
+ allow_undefined_flag=
+ enable_shared_with_static_runtimes=no
+ archive_cmds=
+ archive_expsym_cmds=
+ old_archive_From_new_cmds=
+ old_archive_from_expsyms_cmds=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ thread_safe_flag_spec=
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_direct=no
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ link_all_deplibs=unknown
+ hardcode_automatic=no
+ module_cmds=
+ module_expsym_cmds=
+ always_export_symbols=no
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ interix3*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct=yes
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+
+ hardcode_direct=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ *)
+ hardcode_direct=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ link_all_deplibs=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ openbsd*)
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ hardcode_libdir_separator=:
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+ no_undefined_flag='${wl}-z,text'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag='${wl}-z,text'
+ allow_undefined_flag='${wl}-z,nodefs'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $ld_shlibs" >&5
+echo "${ECHO_T}$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
+echo "${ECHO_T}$archive_cmds_need_lc" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ freebsd*) # from 4.6 on
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix3*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ shlibpath_overrides_runpath=no
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ shlibpath_overrides_runpath=yes
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" || \
+ test -n "$runpath_var" || \
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+{ echo "$as_me:$LINENO: result: $hardcode_action" >&5
+echo "${ECHO_T}$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+{ echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+ ;;
+ *)
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ esac
+fi
+
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dl_dlopen=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ { echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; }
+if test "${ac_cv_func_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define shl_load innocuous_shl_load
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shl_load (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shl_load
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_shl_load || defined __stub___shl_load
+choke me
+#endif
+
+int
+main ()
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_shl_load=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6; }
+if test $ac_cv_func_shl_load = yes; then
+ lt_cv_dlopen="shl_load"
+else
+ { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dld_shl_load=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dld_shl_load=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; }
+if test $ac_cv_lib_dld_shl_load = yes; then
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
+else
+ { echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; }
+if test "${ac_cv_func_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define dlopen innocuous_dlopen
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char dlopen (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dlopen
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_dlopen || defined __stub___dlopen
+choke me
+#endif
+
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_dlopen=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6; }
+if test $ac_cv_func_dlopen = yes; then
+ lt_cv_dlopen="dlopen"
+else
+ { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dl_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dl_dlopen=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
+if test $ac_cv_lib_dl_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_svld_dlopen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_svld_dlopen=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; }
+if test $ac_cv_lib_svld_dlopen = yes; then
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dld_dld_link=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dld_dld_link=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; }
+if test $ac_cv_lib_dld_dld_link = yes; then
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 10752 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6; }
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<EOF
+#line 10852 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ exit (status);
+}
+EOF
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; }
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+# Report which library types will actually be built
+{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6; }
+
+{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6; }
+
+{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; }
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+{ echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6; }
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler \
+ CC \
+ LD \
+ lt_prog_compiler_wl \
+ lt_prog_compiler_pic \
+ lt_prog_compiler_static \
+ lt_prog_compiler_no_builtin_flag \
+ export_dynamic_flag_spec \
+ thread_safe_flag_spec \
+ whole_archive_flag_spec \
+ enable_shared_with_static_runtimes \
+ old_archive_cmds \
+ old_archive_from_new_cmds \
+ predep_objects \
+ postdep_objects \
+ predeps \
+ postdeps \
+ compiler_lib_search_path \
+ archive_cmds \
+ archive_expsym_cmds \
+ postinstall_cmds \
+ postuninstall_cmds \
+ old_archive_from_expsyms_cmds \
+ allow_undefined_flag \
+ no_undefined_flag \
+ export_symbols_cmds \
+ hardcode_libdir_flag_spec \
+ hardcode_libdir_flag_spec_ld \
+ hardcode_libdir_separator \
+ hardcode_automatic \
+ module_cmds \
+ module_expsym_cmds \
+ lt_cv_prog_compiler_c_o \
+ exclude_expsyms \
+ include_expsyms; do
+
+ case $var in
+ old_archive_cmds | \
+ old_archive_from_new_cmds | \
+ archive_cmds | \
+ archive_expsym_cmds | \
+ module_cmds | \
+ module_expsym_cmds | \
+ old_archive_from_expsyms_cmds | \
+ export_symbols_cmds | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="${ofile}T"
+ trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+ $rm -f "$cfgfile"
+ { echo "$as_me:$LINENO: creating $ofile" >&5
+echo "$as_me: creating $ofile" >&6;}
+
+ cat <<__EOF__ >> "$cfgfile"
+#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# ### END LIBTOOL CONFIG
+
+__EOF__
+
+
+ case $host_os in
+ aix3*)
+ cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+EOF
+ ;;
+ esac
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" || \
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+# Check whether --with-tags was given.
+if test "${with_tags+set}" = set; then
+ withval=$with_tags; tagnames="$withval"
+fi
+
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+ if test ! -f "${ofile}"; then
+ { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;}
+ fi
+
+ if test -z "$LTCC"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+ if test -z "$LTCC"; then
+ { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;}
+ else
+ { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5
+echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;}
+ fi
+ fi
+ if test -z "$LTCFLAGS"; then
+ eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`"
+ fi
+
+ # Extract list of available tagged configurations in $ofile.
+ # Note that this assumes the entire list is on one line.
+ available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for tagname in $tagnames; do
+ IFS="$lt_save_ifs"
+ # Check whether tagname contains only valid characters
+ case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in
+ "") ;;
+ *) { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5
+echo "$as_me: error: invalid tag name: $tagname" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+ then
+ { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5
+echo "$as_me: error: tag name \"$tagname\" already exists" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ # Update the list of available tags.
+ if test -n "$tagname"; then
+ echo appending configuration tag \"$tagname\" to $ofile
+
+ case $tagname in
+ CXX)
+ if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_flag_spec_ld_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_shlibpath_var_CXX=unsupported
+hardcode_automatic_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+ $as_unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+ $as_unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+compiler_CXX=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+ lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+else
+ lt_prog_compiler_no_builtin_flag_CXX=
+fi
+
+if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; }
+else
+ { echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+ { (exit 1); exit 1; }; }
+{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+ grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_CXX=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
+ld_shlibs_CXX=yes
+case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_CXX=''
+ hardcode_direct_CXX=yes
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct_CXX=yes
+ else
+ # We have old collect2
+ hardcode_direct_CXX=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_CXX=yes
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ hardcode_libdir_separator_CXX=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols_CXX=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_CXX='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_CXX="-z nodefs"
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_CXX=' ${wl}-bernotok'
+ allow_undefined_flag_CXX=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_CXX='$convenience'
+ archive_cmds_need_lc_CXX=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_CXX=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ allow_undefined_flag_CXX=unsupported
+ always_export_symbols_CXX=no
+ enable_shared_with_static_runtimes_CXX=yes
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag_CXX='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag_CXX='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc_CXX=no
+ hardcode_direct_CXX=no
+ hardcode_automatic_CXX=yes
+ hardcode_shlibpath_var_CXX=unsupported
+ whole_archive_flag_spec_CXX=''
+ link_all_deplibs_CXX=yes
+
+ if test "$GXX" = yes ; then
+ lt_int_apple_cc_single_mod=no
+ output_verbose_link_cmd='echo'
+ if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+ lt_int_apple_cc_single_mod=yes
+ fi
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ archive_cmds_CXX='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ else
+ archive_cmds_CXX='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ fi
+ module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ freebsd[12]*)
+ # C++ shared libraries reported to be fairly broken before switch to ELF
+ ld_shlibs_CXX=no
+ ;;
+ freebsd-elf*)
+ archive_cmds_need_lc_CXX=no
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ ld_shlibs_CXX=yes
+ ;;
+ gnu*)
+ ;;
+ hpux9*)
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ hardcode_direct_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_libdir_flag_spec_ld_CXX='+b $libdir'
+ ;;
+ *)
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ ;;
+ *)
+ hardcode_direct_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ interix3*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+ fi
+ fi
+ link_all_deplibs_CXX=yes
+ ;;
+ esac
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc*)
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ archive_cmds_need_lc_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ esac
+ ;;
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ m88k*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ ld_shlibs_CXX=no
+ ;;
+ openbsd*)
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd='echo'
+ ;;
+ osf3*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ cxx*)
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -o $oldlib $oldobjs'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ cxx*)
+ allow_undefined_flag_CXX=' -expect_unresolved \*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+ $rm $lib.exp'
+
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+ psos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ archive_cmds_need_lc_CXX=yes
+ no_undefined_flag_CXX=' -zdefs'
+ archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_shlibpath_var_CXX=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The C++ compiler is used as linker so we must use $wl
+ # flag to pass the commands to the underlying system
+ # linker. We must also pass each convience library through
+ # to the system linker between allextract/defaultextract.
+ # The C++ compiler will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ link_all_deplibs_CXX=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
+ if $CC --version | grep -v '^2\.7' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+ fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
+ fi
+ ;;
+ esac
+ ;;
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag_CXX='${wl}-z,text'
+ archive_cmds_need_lc_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ # So that behaviour is only enabled if SCOABSPATH is set to a
+ # non-empty value in the environment. Most likely only useful for
+ # creating official distributions of packages.
+ # This is a hack until libtool officially supports absolute path
+ # names for shared libraries.
+ no_undefined_flag_CXX='${wl}-z,text'
+ allow_undefined_flag_CXX='${wl}-z,nodefs'
+ archive_cmds_need_lc_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_libdir_flag_spec_CXX='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+ export_dynamic_flag_spec_CXX='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ archive_cmds_CXX='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
+echo "${ECHO_T}$ld_shlibs_CXX" >&6; }
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+GCC_CXX="$GXX"
+LD_CXX="$LD"
+
+
+cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+EOF
+
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ # The `*' in the case matches for architectures that use `case' in
+ # $output_verbose_cmd can trigger glob expansion during the loop
+ # eval without this substitution.
+ output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
+
+ for p in `eval $output_verbose_link_cmd`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" \
+ || test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$compiler_lib_search_path_CXX"; then
+ compiler_lib_search_path_CXX="${prev}${p}"
+ else
+ compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$postdeps_CXX"; then
+ postdeps_CXX="${prev}${p}"
+ else
+ postdeps_CXX="${postdeps_CXX} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$predep_objects_CXX"; then
+ predep_objects_CXX="$p"
+ else
+ predep_objects_CXX="$predep_objects_CXX $p"
+ fi
+ else
+ if test -z "$postdep_objects_CXX"; then
+ postdep_objects_CXX="$p"
+ else
+ postdep_objects_CXX="$postdep_objects_CXX $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$rm -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+case $host_os in
+interix3*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ predep_objects_CXX=
+ postdep_objects_CXX=
+ postdeps_CXX=
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ postdeps_CXX='-lCstd -lCrun'
+ ;;
+ esac
+ ;;
+esac
+
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+
+lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
+
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ fi
+ ;;
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | os2* | pw32*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_CXX='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ lt_prog_compiler_pic_CXX=
+ ;;
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_CXX=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix4* | aix5*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ else
+ lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic_CXX='-qnocommon'
+ lt_prog_compiler_wl_CXX='-Wl,'
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ lt_prog_compiler_pic_CXX='+Z'
+ fi
+ ;;
+ aCC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux*)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ icpc* | ecpc*)
+ # Intel C++
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ pgCC*)
+ # Portland Group C++ compiler.
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-fpic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ lt_prog_compiler_pic_CXX='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd*)
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ lt_prog_compiler_wl_CXX='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ lt_prog_compiler_wl_CXX='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ lt_prog_compiler_pic_CXX='-pic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ lt_prog_compiler_can_build_shared_CXX=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6; }
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+
+{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_pic_works_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works_CXX=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13188: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:13192: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works_CXX=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_CXX" >&6; }
+
+if test x"$lt_prog_compiler_pic_works_CXX" = xyes; then
+ case $lt_prog_compiler_pic_CXX in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+ esac
+else
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_CXX=
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+ ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
+{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_static_works_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_static_works_CXX=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_static_works_CXX=yes
+ fi
+ else
+ lt_prog_compiler_static_works_CXX=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works_CXX" >&6; }
+
+if test x"$lt_prog_compiler_static_works_CXX" = xyes; then
+ :
+else
+ lt_prog_compiler_static_CXX=
+fi
+
+
+{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o_CXX=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13292: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:13296: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_CXX=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
+
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix4* | aix5*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ export_symbols_cmds_CXX="$ltdll_cmds"
+ ;;
+ cygwin* | mingw*)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ *)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+
+{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
+echo "${ECHO_T}$ld_shlibs_CXX" >&6; }
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_CXX=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_CXX in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_CXX
+ pic_flag=$lt_prog_compiler_pic_CXX
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+ allow_undefined_flag_CXX=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc_CXX=no
+ else
+ archive_cmds_need_lc_CXX=yes
+ fi
+ allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ freebsd*) # from 4.6 on
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix3*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ shlibpath_overrides_runpath=no
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ shlibpath_overrides_runpath=yes
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" || \
+ test -n "$runpath_var_CXX" || \
+ test "X$hardcode_automatic_CXX" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct_CXX" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
+ test "$hardcode_minus_L_CXX" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_CXX=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_CXX=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_CXX=unsupported
+fi
+{ echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5
+echo "${ECHO_T}$hardcode_action_CXX" >&6; }
+
+if test "$hardcode_action_CXX" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_CXX \
+ CC_CXX \
+ LD_CXX \
+ lt_prog_compiler_wl_CXX \
+ lt_prog_compiler_pic_CXX \
+ lt_prog_compiler_static_CXX \
+ lt_prog_compiler_no_builtin_flag_CXX \
+ export_dynamic_flag_spec_CXX \
+ thread_safe_flag_spec_CXX \
+ whole_archive_flag_spec_CXX \
+ enable_shared_with_static_runtimes_CXX \
+ old_archive_cmds_CXX \
+ old_archive_from_new_cmds_CXX \
+ predep_objects_CXX \
+ postdep_objects_CXX \
+ predeps_CXX \
+ postdeps_CXX \
+ compiler_lib_search_path_CXX \
+ archive_cmds_CXX \
+ archive_expsym_cmds_CXX \
+ postinstall_cmds_CXX \
+ postuninstall_cmds_CXX \
+ old_archive_from_expsyms_cmds_CXX \
+ allow_undefined_flag_CXX \
+ no_undefined_flag_CXX \
+ export_symbols_cmds_CXX \
+ hardcode_libdir_flag_spec_CXX \
+ hardcode_libdir_flag_spec_ld_CXX \
+ hardcode_libdir_separator_CXX \
+ hardcode_automatic_CXX \
+ module_cmds_CXX \
+ module_expsym_cmds_CXX \
+ lt_cv_prog_compiler_c_o_CXX \
+ exclude_expsyms_CXX \
+ include_expsyms_CXX; do
+
+ case $var in
+ old_archive_cmds_CXX | \
+ old_archive_from_new_cmds_CXX | \
+ archive_cmds_CXX | \
+ archive_expsym_cmds_CXX | \
+ module_cmds_CXX | \
+ module_expsym_cmds_CXX | \
+ old_archive_from_expsyms_cmds_CXX | \
+ export_symbols_cmds_CXX | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_CXX
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_CXX
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_CXX
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_CXX
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_CXX
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_CXX"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+
+ else
+ tagname=""
+ fi
+ ;;
+
+ F77)
+ if test -n "$F77" && test "X$F77" != "Xno"; then
+
+ac_ext=f
+ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
+ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_f77_compiler_gnu
+
+
+archive_cmds_need_lc_F77=no
+allow_undefined_flag_F77=
+always_export_symbols_F77=no
+archive_expsym_cmds_F77=
+export_dynamic_flag_spec_F77=
+hardcode_direct_F77=no
+hardcode_libdir_flag_spec_F77=
+hardcode_libdir_flag_spec_ld_F77=
+hardcode_libdir_separator_F77=
+hardcode_minus_L_F77=no
+hardcode_automatic_F77=no
+module_cmds_F77=
+module_expsym_cmds_F77=
+link_all_deplibs_F77=unknown
+old_archive_cmds_F77=$old_archive_cmds
+no_undefined_flag_F77=
+whole_archive_flag_spec_F77=
+enable_shared_with_static_runtimes_F77=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+objext_F77=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code=" subroutine t\n return\n end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=" program t\n end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+compiler_F77=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6; }
+
+{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+aix4* | aix5*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6; }
+
+{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; }
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+{ echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6; }
+
+GCC_F77="$G77"
+LD_F77="$LD"
+
+lt_prog_compiler_wl_F77=
+lt_prog_compiler_pic_F77=
+lt_prog_compiler_static_F77=
+
+{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_static_F77='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_F77='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_F77='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_F77='-fno-common'
+ ;;
+
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared_F77=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_F77=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_F77='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic_F77='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_F77='-Bstatic'
+ else
+ lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic_F77='-qnocommon'
+ lt_prog_compiler_wl_F77='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_F77='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_F77='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static_F77='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static_F77='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-fpic'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static_F77='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static_F77='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl_F77='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl_F77='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl_F77='-Qoption ld '
+ lt_prog_compiler_pic_F77='-PIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic_F77='-Kconform_pic'
+ lt_prog_compiler_static_F77='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_pic_F77='-KPIC'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl_F77='-Wl,'
+ lt_prog_compiler_can_build_shared_F77=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic_F77='-pic'
+ lt_prog_compiler_static_F77='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared_F77=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6; }
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_F77"; then
+
+{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_pic_works_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works_F77=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_F77"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:14862: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:14866: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works_F77=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_F77" >&6; }
+
+if test x"$lt_prog_compiler_pic_works_F77" = xyes; then
+ case $lt_prog_compiler_pic_F77 in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;;
+ esac
+else
+ lt_prog_compiler_pic_F77=
+ lt_prog_compiler_can_build_shared_F77=no
+fi
+
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_F77=
+ ;;
+ *)
+ lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77"
+ ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_F77 eval lt_tmp_static_flag=\"$lt_prog_compiler_static_F77\"
+{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_static_works_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_static_works_F77=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_static_works_F77=yes
+ fi
+ else
+ lt_prog_compiler_static_works_F77=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works_F77" >&6; }
+
+if test x"$lt_prog_compiler_static_works_F77" = xyes; then
+ :
+else
+ lt_prog_compiler_static_F77=
+fi
+
+
+{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
+if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o_F77=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:14966: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:14970: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_F77=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6; }
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
+
+ runpath_var=
+ allow_undefined_flag_F77=
+ enable_shared_with_static_runtimes_F77=no
+ archive_cmds_F77=
+ archive_expsym_cmds_F77=
+ old_archive_From_new_cmds_F77=
+ old_archive_from_expsyms_cmds_F77=
+ export_dynamic_flag_spec_F77=
+ whole_archive_flag_spec_F77=
+ thread_safe_flag_spec_F77=
+ hardcode_libdir_flag_spec_F77=
+ hardcode_libdir_flag_spec_ld_F77=
+ hardcode_libdir_separator_F77=
+ hardcode_direct_F77=no
+ hardcode_minus_L_F77=no
+ hardcode_shlibpath_var_F77=unsupported
+ link_all_deplibs_F77=unknown
+ hardcode_automatic_F77=no
+ module_cmds_F77=
+ module_expsym_cmds_F77=
+ always_export_symbols_F77=no
+ export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms_F77=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms_F77="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs_F77=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_F77='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_F77=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs_F77=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_minus_L_F77=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs_F77=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_F77=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ allow_undefined_flag_F77=unsupported
+ always_export_symbols_F77=no
+ enable_shared_with_static_runtimes_F77=yes
+ export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ interix3*)
+ hardcode_direct_F77=no
+ hardcode_shlibpath_var_F77=no
+ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_F77='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds_F77='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs_F77=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs_F77=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_F77=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs_F77" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec_F77=
+ export_dynamic_flag_spec_F77=
+ whole_archive_flag_spec_F77=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag_F77=unsupported
+ always_export_symbols_F77=yes
+ archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L_F77=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct_F77=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_F77=''
+ hardcode_direct_F77=yes
+ hardcode_libdir_separator_F77=':'
+ link_all_deplibs_F77=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct_F77=yes
+ else
+ # We have old collect2
+ hardcode_direct_F77=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_F77=yes
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_libdir_separator_F77=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols_F77=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_F77='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+ program main
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_f77_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_F77="-z nodefs"
+ archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+ program main
+
+ end
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_f77_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_F77=' ${wl}-bernotok'
+ allow_undefined_flag_F77=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_F77='$convenience'
+ archive_cmds_need_lc_F77=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_minus_L_F77=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs_F77=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec_F77=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec_F77=' '
+ allow_undefined_flag_F77=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds_F77='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path_F77='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes_F77=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag_F77='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc_F77=no
+ hardcode_direct_F77=no
+ hardcode_automatic_F77=yes
+ hardcode_shlibpath_var_F77=unsupported
+ whole_archive_flag_spec_F77=''
+ link_all_deplibs_F77=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds_F77='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs_F77=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs_F77=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes
+ hardcode_minus_L_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ hardcode_direct_F77=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_F77=yes
+ export_dynamic_flag_spec_F77='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+
+ hardcode_direct_F77=yes
+ export_dynamic_flag_spec_F77='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_F77=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_libdir_flag_spec_ld_F77='+b $libdir'
+ hardcode_direct_F77=no
+ hardcode_shlibpath_var_F77=no
+ ;;
+ *)
+ hardcode_direct_F77=yes
+ export_dynamic_flag_spec_F77='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_F77=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld_F77='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ link_all_deplibs_F77=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ newsos6)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ openbsd*)
+ hardcode_direct_F77=yes
+ hardcode_shlibpath_var_F77=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_F77='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ ;;
+ *)
+ archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_minus_L_F77=yes
+ allow_undefined_flag_F77=unsupported
+ archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag_F77=' -expect_unresolved \*'
+ archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_F77=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag_F77=' -expect_unresolved \*'
+ archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec_F77='-rpath $libdir'
+ fi
+ hardcode_libdir_separator_F77=:
+ ;;
+
+ solaris*)
+ no_undefined_flag_F77=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec_F77='-R$libdir'
+ hardcode_shlibpath_var_F77=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs_F77=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_direct_F77=yes
+ hardcode_minus_L_F77=yes
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds_F77='$CC -r -o $output$reload_objs'
+ hardcode_direct_F77=no
+ ;;
+ motorola)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_F77=no
+ export_dynamic_flag_spec_F77='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_F77=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs_F77=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+ no_undefined_flag_F77='${wl}-z,text'
+ archive_cmds_need_lc_F77=no
+ hardcode_shlibpath_var_F77=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_F77='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag_F77='${wl}-z,text'
+ allow_undefined_flag_F77='${wl}-z,nodefs'
+ archive_cmds_need_lc_F77=no
+ hardcode_shlibpath_var_F77=no
+ hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator_F77=':'
+ link_all_deplibs_F77=yes
+ export_dynamic_flag_spec_F77='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds_F77='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_F77='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_F77='-L$libdir'
+ hardcode_shlibpath_var_F77=no
+ ;;
+
+ *)
+ ld_shlibs_F77=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5
+echo "${ECHO_T}$ld_shlibs_F77" >&6; }
+test "$ld_shlibs_F77" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_F77" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_F77=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_F77 in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_F77
+ pic_flag=$lt_prog_compiler_pic_F77
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_F77
+ allow_undefined_flag_F77=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc_F77=no
+ else
+ archive_cmds_need_lc_F77=yes
+ fi
+ allow_undefined_flag_F77=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ freebsd*) # from 4.6 on
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix3*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ shlibpath_overrides_runpath=no
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ shlibpath_overrides_runpath=yes
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
+hardcode_action_F77=
+if test -n "$hardcode_libdir_flag_spec_F77" || \
+ test -n "$runpath_var_F77" || \
+ test "X$hardcode_automatic_F77" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct_F77" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no &&
+ test "$hardcode_minus_L_F77" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_F77=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_F77=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_F77=unsupported
+fi
+{ echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5
+echo "${ECHO_T}$hardcode_action_F77" >&6; }
+
+if test "$hardcode_action_F77" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_F77 \
+ CC_F77 \
+ LD_F77 \
+ lt_prog_compiler_wl_F77 \
+ lt_prog_compiler_pic_F77 \
+ lt_prog_compiler_static_F77 \
+ lt_prog_compiler_no_builtin_flag_F77 \
+ export_dynamic_flag_spec_F77 \
+ thread_safe_flag_spec_F77 \
+ whole_archive_flag_spec_F77 \
+ enable_shared_with_static_runtimes_F77 \
+ old_archive_cmds_F77 \
+ old_archive_from_new_cmds_F77 \
+ predep_objects_F77 \
+ postdep_objects_F77 \
+ predeps_F77 \
+ postdeps_F77 \
+ compiler_lib_search_path_F77 \
+ archive_cmds_F77 \
+ archive_expsym_cmds_F77 \
+ postinstall_cmds_F77 \
+ postuninstall_cmds_F77 \
+ old_archive_from_expsyms_cmds_F77 \
+ allow_undefined_flag_F77 \
+ no_undefined_flag_F77 \
+ export_symbols_cmds_F77 \
+ hardcode_libdir_flag_spec_F77 \
+ hardcode_libdir_flag_spec_ld_F77 \
+ hardcode_libdir_separator_F77 \
+ hardcode_automatic_F77 \
+ module_cmds_F77 \
+ module_expsym_cmds_F77 \
+ lt_cv_prog_compiler_c_o_F77 \
+ exclude_expsyms_F77 \
+ include_expsyms_F77; do
+
+ case $var in
+ old_archive_cmds_F77 | \
+ old_archive_from_new_cmds_F77 | \
+ archive_cmds_F77 | \
+ archive_expsym_cmds_F77 | \
+ module_cmds_F77 | \
+ module_expsym_cmds_F77 | \
+ old_archive_from_expsyms_cmds_F77 | \
+ export_symbols_cmds_F77 | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_F77
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_F77
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_F77
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_F77
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_F77
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_F77
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_F77
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_F77
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_F77
+archive_expsym_cmds=$lt_archive_expsym_cmds_F77
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_F77
+module_expsym_cmds=$lt_module_expsym_cmds_F77
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_F77
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_F77
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_F77
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_F77
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_F77
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_F77
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_F77
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_F77
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_F77
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_F77
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_F77
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_F77
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_F77
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_F77"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_F77
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_F77
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_F77
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_F77
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ else
+ tagname=""
+ fi
+ ;;
+
+ GCJ)
+ if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+objext_GCJ=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+compiler_GCJ=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+archive_cmds_need_lc_GCJ=no
+
+old_archive_cmds_GCJ=$old_archive_cmds
+
+
+lt_prog_compiler_no_builtin_flag_GCJ=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin'
+
+
+{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:17164: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:17168: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+lt_prog_compiler_wl_GCJ=
+lt_prog_compiler_pic_GCJ=
+lt_prog_compiler_static_GCJ=
+
+{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_static_GCJ='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4'
+ ;;
+
+ beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_GCJ='-fno-common'
+ ;;
+
+ interix3*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared_GCJ=no
+ enable_shared=no
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_GCJ=-Kconform_pic
+ fi
+ ;;
+
+ hpux*)
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_GCJ='-fPIC'
+ ;;
+ esac
+ ;;
+
+ *)
+ lt_prog_compiler_pic_GCJ='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ else
+ lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ darwin*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ case $cc_basename in
+ xlc*)
+ lt_prog_compiler_pic_GCJ='-qnocommon'
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ ;;
+ esac
+ ;;
+
+ mingw* | pw32* | os2*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_GCJ='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static_GCJ='-non_shared'
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ linux*)
+ case $cc_basename in
+ icc* | ecc*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-fpic'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static_GCJ='-non_shared'
+ ;;
+ esac
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static_GCJ='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl_GCJ='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl_GCJ='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl_GCJ='-Qoption ld '
+ lt_prog_compiler_pic_GCJ='-PIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic_GCJ='-Kconform_pic'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_pic_GCJ='-KPIC'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl_GCJ='-Wl,'
+ lt_prog_compiler_can_build_shared_GCJ=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic_GCJ='-pic'
+ lt_prog_compiler_static_GCJ='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared_GCJ=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6; }
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_GCJ"; then
+
+{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_pic_works_GCJ+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_pic_works_GCJ=no
+ ac_outfile=conftest.$ac_objext
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_GCJ"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:17432: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:17436: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_pic_works_GCJ=yes
+ fi
+ fi
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_GCJ" >&6; }
+
+if test x"$lt_prog_compiler_pic_works_GCJ" = xyes; then
+ case $lt_prog_compiler_pic_GCJ in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;;
+ esac
+else
+ lt_prog_compiler_pic_GCJ=
+ lt_prog_compiler_can_build_shared_GCJ=no
+fi
+
+fi
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_GCJ=
+ ;;
+ *)
+ lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ"
+ ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_GCJ eval lt_tmp_static_flag=\"$lt_prog_compiler_static_GCJ\"
+{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; }
+if test "${lt_prog_compiler_static_works_GCJ+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_prog_compiler_static_works_GCJ=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ printf "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_prog_compiler_static_works_GCJ=yes
+ fi
+ else
+ lt_prog_compiler_static_works_GCJ=yes
+ fi
+ fi
+ $rm conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works_GCJ" >&6; }
+
+if test x"$lt_prog_compiler_static_works_GCJ" = xyes; then
+ :
+else
+ lt_prog_compiler_static_GCJ=
+fi
+
+
+{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
+if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ lt_cv_prog_compiler_c_o_GCJ=no
+ $rm -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:17536: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:17540: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_GCJ=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $rm conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+ $rm out/* && rmdir out
+ cd ..
+ rmdir conftest
+ $rm conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6; }
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
+ hard_links=yes
+ $rm conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
+
+ runpath_var=
+ allow_undefined_flag_GCJ=
+ enable_shared_with_static_runtimes_GCJ=no
+ archive_cmds_GCJ=
+ archive_expsym_cmds_GCJ=
+ old_archive_From_new_cmds_GCJ=
+ old_archive_from_expsyms_cmds_GCJ=
+ export_dynamic_flag_spec_GCJ=
+ whole_archive_flag_spec_GCJ=
+ thread_safe_flag_spec_GCJ=
+ hardcode_libdir_flag_spec_GCJ=
+ hardcode_libdir_flag_spec_ld_GCJ=
+ hardcode_libdir_separator_GCJ=
+ hardcode_direct_GCJ=no
+ hardcode_minus_L_GCJ=no
+ hardcode_shlibpath_var_GCJ=unsupported
+ link_all_deplibs_GCJ=unknown
+ hardcode_automatic_GCJ=no
+ module_cmds_GCJ=
+ module_expsym_cmds_GCJ=
+ always_export_symbols_GCJ=no
+ export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms_GCJ=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms_GCJ="_GLOBAL_OFFSET_TABLE_"
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ extract_expsyms_cmds=
+ # Just being paranoid about ensuring that cc_basename is set.
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+ case $host_os in
+ cygwin* | mingw* | pw32*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ esac
+
+ ld_shlibs_GCJ=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_GCJ='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_GCJ=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>/dev/null` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix3* | aix4* | aix5*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs_GCJ=no
+ cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_minus_L_GCJ=yes
+
+ # Samuel A. Falvo II <kc5tja at dolphin.openprojects.net> reports
+ # that the semantics of dynamic libraries on AmigaOS, at least up
+ # to version 4, is to share data among multiple programs linked
+ # with the same dynamic library. Since this doesn't match the
+ # behavior of shared libraries on other platforms, we can't use
+ # them.
+ ld_shlibs_GCJ=no
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_GCJ=unsupported
+ # Joseph Beckenbach <jrb3 at best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ allow_undefined_flag_GCJ=unsupported
+ always_export_symbols_GCJ=no
+ enable_shared_with_static_runtimes_GCJ=yes
+ export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ interix3*)
+ hardcode_direct_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds_GCJ='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ linux*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ tmp_addflag=
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ esac
+ archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test $supports_anon_versioning = yes; then
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ $echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs_GCJ=no
+ cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs_GCJ=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs_GCJ=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs_GCJ" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec_GCJ=
+ export_dynamic_flag_spec_GCJ=
+ whole_archive_flag_spec_GCJ=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag_GCJ=unsupported
+ always_export_symbols_GCJ=yes
+ archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L_GCJ=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct_GCJ=unsupported
+ fi
+ ;;
+
+ aix4* | aix5*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+ export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_GCJ=''
+ hardcode_direct_GCJ=yes
+ hardcode_libdir_separator_GCJ=':'
+ link_all_deplibs_GCJ=yes
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ hardcode_direct_GCJ=yes
+ else
+ # We have old collect2
+ hardcode_direct_GCJ=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_GCJ=yes
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_libdir_separator_GCJ=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols_GCJ=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_GCJ='-berok'
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_GCJ="-z nodefs"
+ archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an empty executable.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`; fi
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_GCJ=' ${wl}-bernotok'
+ allow_undefined_flag_GCJ=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_GCJ='$convenience'
+ archive_cmds_need_lc_GCJ=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_minus_L_GCJ=yes
+ # see comment about different semantics on the GNU ld section
+ ld_shlibs_GCJ=no
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec_GCJ=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec_GCJ=' '
+ allow_undefined_flag_GCJ=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_From_new_cmds_GCJ='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes_GCJ=yes
+ ;;
+
+ darwin* | rhapsody*)
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress'
+ ;;
+ *) # Darwin 1.3 on
+ if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+ allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ else
+ case ${MACOSX_DEPLOYMENT_TARGET} in
+ 10.[012])
+ allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+ ;;
+ 10.*)
+ allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ archive_cmds_need_lc_GCJ=no
+ hardcode_direct_GCJ=no
+ hardcode_automatic_GCJ=yes
+ hardcode_shlibpath_var_GCJ=unsupported
+ whole_archive_flag_spec_GCJ=''
+ link_all_deplibs_GCJ=yes
+ if test "$GCC" = yes ; then
+ output_verbose_link_cmd='echo'
+ archive_cmds_GCJ='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+ module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ else
+ case $cc_basename in
+ xlc*)
+ output_verbose_link_cmd='echo'
+ archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+ module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+ # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+ archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ ;;
+ *)
+ ld_shlibs_GCJ=no
+ ;;
+ esac
+ fi
+ ;;
+
+ dgux*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs_GCJ=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes
+ hardcode_minus_L_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | kfreebsd*-gnu | dragonfly*)
+ archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ hardcode_direct_GCJ=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_GCJ=yes
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+
+ hardcode_direct_GCJ=yes
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_GCJ=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_libdir_flag_spec_ld_GCJ='+b $libdir'
+ hardcode_direct_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+ *)
+ hardcode_direct_GCJ=yes
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L_GCJ=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir'
+ fi
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ link_all_deplibs_GCJ=yes
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ newsos6)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ openbsd*)
+ hardcode_direct_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_GCJ='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ ;;
+ *)
+ archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_minus_L_GCJ=yes
+ allow_undefined_flag_GCJ=unsupported
+ archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag_GCJ=' -expect_unresolved \*'
+ archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_GCJ=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag_GCJ=' -expect_unresolved \*'
+ archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+ $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec_GCJ='-rpath $libdir'
+ fi
+ hardcode_libdir_separator_GCJ=:
+ ;;
+
+ solaris*)
+ no_undefined_flag_GCJ=' -z text'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+ else
+ wlarc=''
+ archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+ fi
+ hardcode_libdir_flag_spec_GCJ='-R$libdir'
+ hardcode_shlibpath_var_GCJ=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine linker options so we
+ # cannot just pass the convience library names through
+ # without $wl, iff we do not link with $LD.
+ # Luckily, gcc supports the same syntax we need for Sun Studio.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ case $wlarc in
+ '')
+ whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;;
+ *)
+ whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ esac ;;
+ esac
+ link_all_deplibs_GCJ=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_direct_GCJ=yes
+ hardcode_minus_L_GCJ=yes
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds_GCJ='$CC -r -o $output$reload_objs'
+ hardcode_direct_GCJ=no
+ ;;
+ motorola)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_GCJ=no
+ export_dynamic_flag_spec_GCJ='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var_GCJ=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs_GCJ=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+ no_undefined_flag_GCJ='${wl}-z,text'
+ archive_cmds_need_lc_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_GCJ='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag_GCJ='${wl}-z,text'
+ allow_undefined_flag_GCJ='${wl}-z,nodefs'
+ archive_cmds_need_lc_GCJ=no
+ hardcode_shlibpath_var_GCJ=no
+ hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator_GCJ=':'
+ link_all_deplibs_GCJ=yes
+ export_dynamic_flag_spec_GCJ='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds_GCJ='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds_GCJ='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec_GCJ='-L$libdir'
+ hardcode_shlibpath_var_GCJ=no
+ ;;
+
+ *)
+ ld_shlibs_GCJ=no
+ ;;
+ esac
+ fi
+
+{ echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5
+echo "${ECHO_T}$ld_shlibs_GCJ" >&6; }
+test "$ld_shlibs_GCJ" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_GCJ" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_GCJ=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_GCJ in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
+ $rm conftest*
+ printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_GCJ
+ pic_flag=$lt_prog_compiler_pic_GCJ
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ
+ allow_undefined_flag_GCJ=
+ if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+ (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ then
+ archive_cmds_need_lc_GCJ=no
+ else
+ archive_cmds_need_lc_GCJ=yes
+ fi
+ allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $rm conftest*
+ { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix4* | aix5*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $rm \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+ # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+ if test "$GCC" = yes; then
+ sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+ else
+ sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+ fi
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+kfreebsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ freebsd*) # from 4.6 on
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix3*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+knetbsd*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='GNU ld.so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+nto-qnx*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ shlibpath_overrides_runpath=no
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ shlibpath_overrides_runpath=yes
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
+hardcode_action_GCJ=
+if test -n "$hardcode_libdir_flag_spec_GCJ" || \
+ test -n "$runpath_var_GCJ" || \
+ test "X$hardcode_automatic_GCJ" = "Xyes" ; then
+
+ # We can hardcode non-existant directories.
+ if test "$hardcode_direct_GCJ" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no &&
+ test "$hardcode_minus_L_GCJ" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_GCJ=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_GCJ=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_GCJ=unsupported
+fi
+{ echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5
+echo "${ECHO_T}$hardcode_action_GCJ" >&6; }
+
+if test "$hardcode_action_GCJ" = relink; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_GCJ \
+ CC_GCJ \
+ LD_GCJ \
+ lt_prog_compiler_wl_GCJ \
+ lt_prog_compiler_pic_GCJ \
+ lt_prog_compiler_static_GCJ \
+ lt_prog_compiler_no_builtin_flag_GCJ \
+ export_dynamic_flag_spec_GCJ \
+ thread_safe_flag_spec_GCJ \
+ whole_archive_flag_spec_GCJ \
+ enable_shared_with_static_runtimes_GCJ \
+ old_archive_cmds_GCJ \
+ old_archive_from_new_cmds_GCJ \
+ predep_objects_GCJ \
+ postdep_objects_GCJ \
+ predeps_GCJ \
+ postdeps_GCJ \
+ compiler_lib_search_path_GCJ \
+ archive_cmds_GCJ \
+ archive_expsym_cmds_GCJ \
+ postinstall_cmds_GCJ \
+ postuninstall_cmds_GCJ \
+ old_archive_from_expsyms_cmds_GCJ \
+ allow_undefined_flag_GCJ \
+ no_undefined_flag_GCJ \
+ export_symbols_cmds_GCJ \
+ hardcode_libdir_flag_spec_GCJ \
+ hardcode_libdir_flag_spec_ld_GCJ \
+ hardcode_libdir_separator_GCJ \
+ hardcode_automatic_GCJ \
+ module_cmds_GCJ \
+ module_expsym_cmds_GCJ \
+ lt_cv_prog_compiler_c_o_GCJ \
+ exclude_expsyms_GCJ \
+ include_expsyms_GCJ; do
+
+ case $var in
+ old_archive_cmds_GCJ | \
+ old_archive_from_new_cmds_GCJ | \
+ archive_cmds_GCJ | \
+ archive_expsym_cmds_GCJ | \
+ module_cmds_GCJ | \
+ module_expsym_cmds_GCJ | \
+ old_archive_from_expsyms_cmds_GCJ | \
+ export_symbols_cmds_GCJ | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_GCJ
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_GCJ
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_GCJ
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_GCJ
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_GCJ
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_GCJ
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_GCJ
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_GCJ
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_GCJ
+archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_GCJ
+module_expsym_cmds=$lt_module_expsym_cmds_GCJ
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_GCJ
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_GCJ
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_GCJ
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_GCJ
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_GCJ
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_GCJ
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_GCJ
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_GCJ
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_GCJ
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_GCJ
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_GCJ
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_GCJ"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_GCJ
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_GCJ
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_GCJ
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_GCJ
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ else
+ tagname=""
+ fi
+ ;;
+
+ RC)
+
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+objext_RC=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+compiler_RC=$CC
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+lt_cv_prog_compiler_c_o_RC=yes
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+ # See if we are running on zsh, and set the options which allow our commands through
+ # without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+ # Now quote all the things that may contain metacharacters while being
+ # careful not to overquote the AC_SUBSTed values. We take copies of the
+ # variables and quote the copies for generation of the libtool script.
+ for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+ SED SHELL STRIP \
+ libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+ old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+ deplibs_check_method reload_flag reload_cmds need_locks \
+ lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+ lt_cv_sys_global_symbol_to_c_name_address \
+ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+ old_postinstall_cmds old_postuninstall_cmds \
+ compiler_RC \
+ CC_RC \
+ LD_RC \
+ lt_prog_compiler_wl_RC \
+ lt_prog_compiler_pic_RC \
+ lt_prog_compiler_static_RC \
+ lt_prog_compiler_no_builtin_flag_RC \
+ export_dynamic_flag_spec_RC \
+ thread_safe_flag_spec_RC \
+ whole_archive_flag_spec_RC \
+ enable_shared_with_static_runtimes_RC \
+ old_archive_cmds_RC \
+ old_archive_from_new_cmds_RC \
+ predep_objects_RC \
+ postdep_objects_RC \
+ predeps_RC \
+ postdeps_RC \
+ compiler_lib_search_path_RC \
+ archive_cmds_RC \
+ archive_expsym_cmds_RC \
+ postinstall_cmds_RC \
+ postuninstall_cmds_RC \
+ old_archive_from_expsyms_cmds_RC \
+ allow_undefined_flag_RC \
+ no_undefined_flag_RC \
+ export_symbols_cmds_RC \
+ hardcode_libdir_flag_spec_RC \
+ hardcode_libdir_flag_spec_ld_RC \
+ hardcode_libdir_separator_RC \
+ hardcode_automatic_RC \
+ module_cmds_RC \
+ module_expsym_cmds_RC \
+ lt_cv_prog_compiler_c_o_RC \
+ exclude_expsyms_RC \
+ include_expsyms_RC; do
+
+ case $var in
+ old_archive_cmds_RC | \
+ old_archive_from_new_cmds_RC | \
+ archive_cmds_RC | \
+ archive_expsym_cmds_RC | \
+ module_cmds_RC | \
+ module_expsym_cmds_RC | \
+ old_archive_from_expsyms_cmds_RC | \
+ export_symbols_cmds_RC | \
+ extract_expsyms_cmds | reload_cmds | finish_cmds | \
+ postinstall_cmds | postuninstall_cmds | \
+ old_postinstall_cmds | old_postuninstall_cmds | \
+ sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+ # Double-quote double-evaled strings.
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+ ;;
+ *)
+ eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+ ;;
+ esac
+ done
+
+ case $lt_echo in
+ *'\$0 --fallback-echo"')
+ lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+ ;;
+ esac
+
+cfgfile="$ofile"
+
+ cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_RC
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_RC
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_RC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_RC
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_RC
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_RC
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_RC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_RC
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_RC
+archive_expsym_cmds=$lt_archive_expsym_cmds_RC
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_RC
+module_expsym_cmds=$lt_module_expsym_cmds_RC
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_RC
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_RC
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_RC
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_RC
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_RC
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_RC
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_RC
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_RC
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_RC
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_RC
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_RC
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_RC"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_RC
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_RC
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_RC
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_RC
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+ # If there is no Makefile yet, we rely on a make rule to execute
+ # `config.status --recheck' to rerun these tests and create the
+ # libtool script then.
+ ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+ if test -f "$ltmain_in"; then
+ test -f Makefile && make "$ltmain"
+ fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+ ;;
+
+ *)
+ { { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5
+echo "$as_me: error: Unsupported tag name: $tagname" >&2;}
+ { (exit 1); exit 1; }; }
+ ;;
+ esac
+
+ # Append the new tag name to the list of available tags.
+ if test -n "$tagname" ; then
+ available_tags="$available_tags $tagname"
+ fi
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ # Now substitute the updated list of available tags.
+ if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+ mv "${ofile}T" "$ofile"
+ chmod +x "$ofile"
+ else
+ rm -f "${ofile}T"
+ { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5
+echo "$as_me: error: unable to update list of available tagged configurations." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+fi
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+# Prevent multiple expansion
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ if test "$enable_shared" = "yes"; then
+ ENABLE_SHARED_TRUE=
+ ENABLE_SHARED_FALSE='#'
+else
+ ENABLE_SHARED_TRUE='#'
+ ENABLE_SHARED_FALSE=
+fi
+
+
+{ echo "$as_me:$LINENO: checking for ld --version-script" >&5
+echo $ECHO_N "checking for ld --version-script... $ECHO_C" >&6; }
+if test "${rk_cv_version_script+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ rk_cv_version_script=no
+
+ cat > conftest.map <<EOF
+HEIM_GSS_V1 {
+ global: gss*;
+};
+HEIM_GSS_V1_1 {
+ global: gss_init_creds;
+} HEIM_GSS_V1;
+EOF
+cat > conftest.c <<EOF
+int gss_init_creds(int foo) { return 0; }
+EOF
+
+ if { ac_try='${CC-cc} $CFLAGS $LDFLAGS -shared
+ -o conftest.so conftest.c
+ -Wl,--version-script,conftest.map'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; };
+ then
+ rk_cv_version_script=yes
+ fi
+rm -f conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $rk_cv_version_script" >&5
+echo "${ECHO_T}$rk_cv_version_script" >&6; }
+
+if test $rk_cv_version_script = yes ; then
+ doversioning=yes
+ LDFLAGS_VERSION_SCRIPT="-Wl,--version-script,"
+else
+ doversioning=no
+ LDFLAGS_VERSION_SCRIPT=
+fi
+
+
+ if test $doversioning = yes; then
+ versionscript_TRUE=
+ versionscript_FALSE='#'
+else
+ versionscript_TRUE='#'
+ versionscript_FALSE=
+fi
+
+
+
+
+
+
+
+# Check whether --with-openldap was given.
+if test "${with_openldap+set}" = set; then
+ withval=$with_openldap;
+fi
+
+
+# Check whether --with-openldap-lib was given.
+if test "${with_openldap_lib+set}" = set; then
+ withval=$with_openldap_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-openldap-lib" >&5
+echo "$as_me: error: No argument for --with-openldap-lib" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_openldap" = "X"; then
+ with_openldap=yes
+fi
+fi
+
+
+# Check whether --with-openldap-include was given.
+if test "${with_openldap_include+set}" = set; then
+ withval=$with_openldap_include; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-openldap-include" >&5
+echo "$as_me: error: No argument for --with-openldap-include" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_openldap" = "X"; then
+ with_openldap=yes
+fi
+fi
+
+
+# Check whether --with-openldap-config was given.
+if test "${with_openldap_config+set}" = set; then
+ withval=$with_openldap_config;
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for openldap" >&5
+echo $ECHO_N "checking for openldap... $ECHO_C" >&6; }
+
+case "$with_openldap" in
+yes|"") d='' ;;
+no) d= ;;
+*) d="$with_openldap" ;;
+esac
+
+header_dirs=
+lib_dirs=
+for i in $d; do
+ if test "$with_openldap_include" = ""; then
+ if test -d "$i/include/openldap"; then
+ header_dirs="$header_dirs $i/include/openldap"
+ fi
+ if test -d "$i/include"; then
+ header_dirs="$header_dirs $i/include"
+ fi
+ fi
+ if test "$with_openldap_lib" = ""; then
+ if test -d "$i/lib$abilibdirext"; then
+ lib_dirs="$lib_dirs $i/lib$abilibdirext"
+ fi
+ fi
+done
+
+if test "$with_openldap_include"; then
+ header_dirs="$with_openldap_include $header_dirs"
+fi
+if test "$with_openldap_lib"; then
+ lib_dirs="$with_openldap_lib $lib_dirs"
+fi
+
+if test "$with_openldap_config" = ""; then
+ with_openldap_config=''
+fi
+
+openldap_cflags=
+openldap_libs=
+
+case "$with_openldap_config" in
+yes|no|""|"")
+ if test -f $with_openldap/bin/ ; then
+ with_openldap_config=$with_openldap/bin/
+ fi
+ ;;
+esac
+
+case "$with_openldap_config" in
+yes|no|"")
+ ;;
+*)
+ openldap_cflags="`$with_openldap_config --cflags 2>&1`"
+ openldap_libs="`$with_openldap_config --libs 2>&1`"
+ ;;
+esac
+
+found=no
+if test "$with_openldap" != no; then
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ if test "$openldap_cflags" -a "$openldap_libs"; then
+ CFLAGS="$openldap_cflags $save_CFLAGS"
+ LIBS="$openldap_libs $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <lber.h>
+#include <ldap.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+ INCLUDE_openldap="$openldap_cflags"
+ LIB_openldap="$openldap_libs"
+ { echo "$as_me:$LINENO: result: from $with_openldap_config" >&5
+echo "${ECHO_T}from $with_openldap_config" >&6; }
+ found=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ if test "$found" = no; then
+ ires= lres=
+ for i in $header_dirs; do
+ CFLAGS="-I$i $save_CFLAGS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <lber.h>
+#include <ldap.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ires=$i;break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+ for i in $lib_dirs; do
+ LIBS="-L$i -lldap -llber $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <lber.h>
+#include <ldap.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ lres=$i;break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then
+ INCLUDE_openldap="-I$ires"
+ LIB_openldap="-L$lres -lldap -llber "
+ found=yes
+ { echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
+echo "${ECHO_T}headers $ires, libraries $lres" >&6; }
+ fi
+ fi
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+fi
+
+if test "$found" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define OPENLDAP 1
+_ACEOF
+
+ with_openldap=yes
+else
+ with_openldap=no
+ INCLUDE_openldap=
+ LIB_openldap=
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+
+
+
+# Check whether --enable-hdb-openldap-module was given.
+if test "${enable_hdb_openldap_module+set}" = set; then
+ enableval=$enable_hdb_openldap_module;
+fi
+
+if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define OPENLDAP_MODULE 1
+_ACEOF
+
+fi
+ if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then
+ OPENLDAP_MODULE_TRUE=
+ OPENLDAP_MODULE_FALSE='#'
+else
+ OPENLDAP_MODULE_TRUE='#'
+ OPENLDAP_MODULE_FALSE=
+fi
+
+
+# Check whether --enable-pk-init was given.
+if test "${enable_pk_init+set}" = set; then
+ enableval=$enable_pk_init;
+fi
+
+if test "$enable_pk_init" != no ;then
+
+cat >>confdefs.h <<\_ACEOF
+#define PKINIT 1
+_ACEOF
+
+fi
+ if test "$enable_pk_init" != no; then
+ PKINIT_TRUE=
+ PKINIT_FALSE='#'
+else
+ PKINIT_TRUE='#'
+ PKINIT_FALSE=
+fi
+
+
+
+
+# Check whether --with-hdbdir was given.
+if test "${with_hdbdir+set}" = set; then
+ withval=$with_hdbdir;
+else
+ with_hdbdir=/var/heimdal
+fi
+
+DIR_hdbdir="$with_hdbdir"
+
+
+
+with_krb4=no
+
+
+ if false; then
+ KRB4_TRUE=
+ KRB4_FALSE='#'
+else
+ KRB4_TRUE='#'
+ KRB4_FALSE=
+fi
+
+
+ if true; then
+ KRB5_TRUE=
+ KRB5_FALSE='#'
+else
+ KRB5_TRUE='#'
+ KRB5_FALSE=
+fi
+
+ if true; then
+ do_roken_rename_TRUE=
+ do_roken_rename_FALSE='#'
+else
+ do_roken_rename_TRUE='#'
+ do_roken_rename_FALSE=
+fi
+
+
+
+cat >>confdefs.h <<\_ACEOF
+#define KRB5 1
+_ACEOF
+
+
+crypto_lib=unknown
+
+
+# Check whether --with-openssl was given.
+if test "${with_openssl+set}" = set; then
+ withval=$with_openssl;
+fi
+
+
+
+# Check whether --with-openssl-lib was given.
+if test "${with_openssl_lib+set}" = set; then
+ withval=$with_openssl_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-openssl-lib" >&5
+echo "$as_me: error: No argument for --with-openssl-lib" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_openssl" = "X"; then
+ with_openssl=yes
+fi
+fi
+
+
+
+# Check whether --with-openssl-include was given.
+if test "${with_openssl_include+set}" = set; then
+ withval=$with_openssl_include; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-openssl-include" >&5
+echo "$as_me: error: No argument for --with-openssl-include" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_openssl" = "X"; then
+ with_openssl=yes
+fi
+fi
+
+
+case "$with_openssl" in
+yes) ;;
+no) ;;
+"") ;;
+*) if test "$with_openssl_include" = ""; then
+ with_openssl_include="$with_openssl/include"
+ fi
+ if test "$with_openssl_lib" = ""; then
+ with_openssl_lib="$with_openssl/lib$abilibdirext"
+ fi
+ ;;
+esac
+
+
+DIR_hcrypto=
+
+{ echo "$as_me:$LINENO: checking for crypto library" >&5
+echo $ECHO_N "checking for crypto library... $ECHO_C" >&6; }
+
+openssl=no
+
+if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
+ save_CPPFLAGS="$CPPFLAGS"
+ save_LIBS="$LIBS"
+
+ cdirs= clibs=
+ for i in $LIB_krb4; do
+ case "$i" in
+ -L*) cdirs="$cdirs $i";;
+ -l*) clibs="$clibs $i";;
+ esac
+ done
+
+ ires=
+ for i in $INCLUDE_krb4; do
+ CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
+ for j in $cdirs; do
+ for k in $clibs; do
+ LIBS="$j $k $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #undef KRB5 /* makes md4.h et al unhappy */
+ #ifdef HAVE_OPENSSL
+ #ifdef HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+ #include <openssl/evp.h>
+ #include <openssl/md4.h>
+ #include <openssl/md5.h>
+ #include <openssl/sha.h>
+ #include <openssl/des.h>
+ #include <openssl/rc4.h>
+ #include <openssl/aes.h>
+ #include <openssl/engine.h>
+ #include <openssl/ui.h>
+ #include <openssl/rand.h>
+ #include <openssl/hmac.h>
+ #include <openssl/pkcs12.h>
+ #else
+ #include <hcrypto/evp.h>
+ #include <hcrypto/md4.h>
+ #include <hcrypto/md5.h>
+ #include <hcrypto/sha.h>
+ #include <hcrypto/des.h>
+ #include <hcrypto/rc4.h>
+ #include <hcrypto/aes.h>
+ #include <hcrypto/engine.h>
+ #include <hcrypto/hmac.h>
+ #include <hcrypto/pkcs12.h>
+ #endif
+
+int
+main ()
+{
+
+ void *schedule = 0;
+ MD4_CTX md4;
+ MD5_CTX md5;
+ SHA_CTX sha1;
+ SHA256_CTX sha256;
+
+ MD4_Init(&md4);
+ MD5_Init(&md5);
+ SHA1_Init(&sha1);
+ SHA256_Init(&sha256);
+ EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
+ #ifdef HAVE_OPENSSL
+ RAND_status();
+ UI_UTIL_read_pw_string(0,0,0,0);
+ #endif
+
+ OpenSSL_add_all_algorithms();
+ AES_encrypt(0,0,0);
+ DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
+ RC4(0, 0, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ openssl=yes ires="$i" lres="$j $k"; break 3
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ done
+ CFLAGS="$i $save_CFLAGS"
+ for j in $cdirs; do
+ for k in $clibs; do
+ LIBS="$j $k $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #undef KRB5 /* makes md4.h et al unhappy */
+ #ifdef HAVE_OPENSSL
+ #ifdef HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+ #include <openssl/evp.h>
+ #include <openssl/md4.h>
+ #include <openssl/md5.h>
+ #include <openssl/sha.h>
+ #include <openssl/des.h>
+ #include <openssl/rc4.h>
+ #include <openssl/aes.h>
+ #include <openssl/engine.h>
+ #include <openssl/ui.h>
+ #include <openssl/rand.h>
+ #include <openssl/hmac.h>
+ #include <openssl/pkcs12.h>
+ #else
+ #include <hcrypto/evp.h>
+ #include <hcrypto/md4.h>
+ #include <hcrypto/md5.h>
+ #include <hcrypto/sha.h>
+ #include <hcrypto/des.h>
+ #include <hcrypto/rc4.h>
+ #include <hcrypto/aes.h>
+ #include <hcrypto/engine.h>
+ #include <hcrypto/hmac.h>
+ #include <hcrypto/pkcs12.h>
+ #endif
+
+int
+main ()
+{
+
+ void *schedule = 0;
+ MD4_CTX md4;
+ MD5_CTX md5;
+ SHA_CTX sha1;
+ SHA256_CTX sha256;
+
+ MD4_Init(&md4);
+ MD5_Init(&md5);
+ SHA1_Init(&sha1);
+ SHA256_Init(&sha256);
+ EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
+ #ifdef HAVE_OPENSSL
+ RAND_status();
+ UI_UTIL_read_pw_string(0,0,0,0);
+ #endif
+
+ OpenSSL_add_all_algorithms();
+ AES_encrypt(0,0,0);
+ DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
+ RC4(0, 0, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ openssl=no ires="$i" lres="$j $k"; break 3
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ done
+ done
+
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+ if test "$ires" -a "$lres"; then
+ INCLUDE_hcrypto="$ires"
+ LIB_hcrypto="$lres"
+ crypto_lib=krb4
+ { echo "$as_me:$LINENO: result: same as krb4" >&5
+echo "${ECHO_T}same as krb4" >&6; }
+ LIB_hcrypto_a='$(LIB_hcrypto)'
+ LIB_hcrypto_so='$(LIB_hcrypto)'
+ LIB_hcrypto_appl='$(LIB_hcrypto)'
+ fi
+fi
+
+if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ INCLUDE_hcrypto=
+ LIB_hcrypto=
+ if test "$with_openssl_include" != ""; then
+ INCLUDE_hcrypto="-I${with_openssl_include}"
+ fi
+ if test "$with_openssl_lib" != ""; then
+ LIB_hcrypto="-L${with_openssl_lib}"
+ fi
+ CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}"
+ saved_LIB_hcrypto="$LIB_hcrypto"
+ for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do
+ LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres"
+ LIB_hcrypto_a="$LIB_hcrypto"
+ LIB_hcrypto_so="$LIB_hcrypto"
+ LIB_hcrypto_appl="$LIB_hcrypto"
+ LIBS="${LIBS} ${LIB_hcrypto}"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #undef KRB5 /* makes md4.h et al unhappy */
+ #ifdef HAVE_OPENSSL
+ #ifdef HAVE_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
+ #include <openssl/evp.h>
+ #include <openssl/md4.h>
+ #include <openssl/md5.h>
+ #include <openssl/sha.h>
+ #include <openssl/des.h>
+ #include <openssl/rc4.h>
+ #include <openssl/aes.h>
+ #include <openssl/engine.h>
+ #include <openssl/ui.h>
+ #include <openssl/rand.h>
+ #include <openssl/hmac.h>
+ #include <openssl/pkcs12.h>
+ #else
+ #include <hcrypto/evp.h>
+ #include <hcrypto/md4.h>
+ #include <hcrypto/md5.h>
+ #include <hcrypto/sha.h>
+ #include <hcrypto/des.h>
+ #include <hcrypto/rc4.h>
+ #include <hcrypto/aes.h>
+ #include <hcrypto/engine.h>
+ #include <hcrypto/hmac.h>
+ #include <hcrypto/pkcs12.h>
+ #endif
+
+int
+main ()
+{
+
+ void *schedule = 0;
+ MD4_CTX md4;
+ MD5_CTX md5;
+ SHA_CTX sha1;
+ SHA256_CTX sha256;
+
+ MD4_Init(&md4);
+ MD5_Init(&md5);
+ SHA1_Init(&sha1);
+ SHA256_Init(&sha256);
+ EVP_CIPHER_iv_length(((EVP_CIPHER*)0));
+ #ifdef HAVE_OPENSSL
+ RAND_status();
+ UI_UTIL_read_pw_string(0,0,0,0);
+ #endif
+
+ OpenSSL_add_all_algorithms();
+ AES_encrypt(0,0,0);
+ DES_cbc_encrypt(0, 0, 0, schedule, 0, 0);
+ RC4(0, 0, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+ crypto_lib=libcrypto openssl=yes
+ { echo "$as_me:$LINENO: result: libcrypto" >&5
+echo "${ECHO_T}libcrypto" >&6; }
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ if test "$crypto_lib" = libcrypto ; then
+ break;
+ fi
+ done
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+fi
+
+if test "$crypto_lib" = "unknown"; then
+
+ DIR_hcrypto='hcrypto'
+ LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la'
+ LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a'
+ LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so'
+ LIB_hcrypto_appl="-lhcrypto"
+
+ { echo "$as_me:$LINENO: result: included libhcrypto" >&5
+echo "${ECHO_T}included libhcrypto" >&6; }
+
+fi
+
+if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
+ { { echo "$as_me:$LINENO: error: the crypto library used by krb4 lacks features
+required by Kerberos 5; to continue, you need to install a newer
+Kerberos 4 or configure --without-krb4" >&5
+echo "$as_me: error: the crypto library used by krb4 lacks features
+required by Kerberos 5; to continue, you need to install a newer
+Kerberos 4 or configure --without-krb4" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+if test "$openssl" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_OPENSSL 1
+_ACEOF
+
+fi
+ if test "$openssl" = yes; then
+ HAVE_OPENSSL_TRUE=
+ HAVE_OPENSSL_FALSE='#'
+else
+ HAVE_OPENSSL_TRUE='#'
+ HAVE_OPENSSL_FALSE=
+fi
+
+
+
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking if compiling threadsafe libraries" >&5
+echo $ECHO_N "checking if compiling threadsafe libraries... $ECHO_C" >&6; }
+
+# Check whether --enable-pthread-support was given.
+if test "${enable_pthread_support+set}" = set; then
+ enableval=$enable_pthread_support;
+else
+ enable_pthread_support=maybe
+fi
+
+
+case "$host" in
+*-*-solaris2*)
+ native_pthread_support=yes
+ if test "$GCC" = yes; then
+ PTHREADS_CFLAGS=-pthreads
+ PTHREADS_LIBS=-pthreads
+ else
+ PTHREADS_CFLAGS=-mt
+ PTHREADS_LIBS=-mt
+ fi
+ ;;
+*-*-netbsd*)
+ native_pthread_support="if running netbsd 1.6T or newer"
+ PTHREADS_LIBS=""
+ ;;
+*-*-freebsd5*)
+ native_pthread_support=yes
+ ;;
+*-*-linux* | *-*-linux-gnu)
+ case `uname -r` in
+ 2.*)
+ native_pthread_support=yes
+ PTHREADS_CFLAGS=-pthread
+ PTHREADS_LIBS=-pthread
+ ;;
+ esac
+ ;;
+*-*-aix*)
+ native_pthread_support=no
+ ;;
+mips-sgi-irix6.[5-9]) # maybe works for earlier versions too
+ native_pthread_support=yes
+ PTHREADS_LIBS="-lpthread"
+ ;;
+*-*-darwin*)
+ native_pthread_support=yes
+ ;;
+*)
+ native_pthread_support=no
+ ;;
+esac
+
+if test "$enable_pthread_support" = maybe ; then
+ enable_pthread_support="$native_pthread_support"
+fi
+
+if test "$enable_pthread_support" != no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define ENABLE_PTHREAD_SUPPORT 1
+_ACEOF
+
+ LIBS="$PTHREADS_LIBS $LIBS"
+else
+ PTHREADS_CFLAGS=""
+ PTHREADS_LIBS=""
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: result: $enable_pthread_support" >&5
+echo "${ECHO_T}$enable_pthread_support" >&6; }
+
+
+# Check whether --enable-dce was given.
+if test "${enable_dce+set}" = set; then
+ enableval=$enable_dce;
+fi
+
+if test "$enable_dce" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define DCE 1
+_ACEOF
+
+fi
+ if test "$enable_dce" = yes; then
+ DCE_TRUE=
+ DCE_FALSE='#'
+else
+ DCE_TRUE='#'
+ DCE_FALSE=
+fi
+
+
+## XXX quite horrible:
+if test -f /etc/ibmcxx.cfg; then
+ dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[^=]*=\(.*\)/\1/;s/,/ /gp;}'`
+ dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[^=]*=\(.*\)/\1/;s/-q^,*//;s/,/ /gp;}'`
+ dpagaix_ldflags=
+else
+ dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
+ dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
+ dpagaix_ldflags="-Wl,-bI:dfspag.exp"
+fi
+
+
+
+
+# Check whether --enable-afs-support was given.
+if test "${enable_afs_support+set}" = set; then
+ enableval=$enable_afs_support;
+fi
+
+if test "$enable_afs_support" = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NO_AFS 1
+_ACEOF
+
+fi
+
+
+# Check whether --enable-berkeley-db was given.
+if test "${enable_berkeley_db+set}" = set; then
+ enableval=$enable_berkeley_db;
+
+fi
+
+
+# Check whether --enable-ndbm-db was given.
+if test "${enable_ndbm_db+set}" = set; then
+ enableval=$enable_ndbm_db;
+
+fi
+
+
+have_ndbm=no
+db_type=unknown
+
+if test "$enable_berkeley_db" != no; then
+
+
+
+
+
+for ac_header in \
+ db4/db.h \
+ db3/db.h \
+ db.h \
+ db_185.h \
+
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for db_create" >&5
+echo $ECHO_N "checking for db_create... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_db_create+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_db_create\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" db4 db3 db; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #ifdef HAVE_DB4_DB_H
+ #include <db4/db.h>
+ #elif defined(HAVE_DB3_DB_H)
+ #include <db3/db.h>
+ #else
+ #include <db.h>
+ #endif
+
+int
+main ()
+{
+db_create(NULL, NULL, 0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_db_create=$ac_lib; else ac_cv_funclib_db_create=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_db_create=\${ac_cv_funclib_db_create-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_db_create"
+
+if false; then
+
+for ac_func in db_create
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# db_create
+eval "ac_tr_func=HAVE_`echo db_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_db_create=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_db_create=yes"
+ eval "LIB_db_create="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_db_create=no"
+ eval "LIB_db_create="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_db_create=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+ if test "$ac_cv_func_db_create" = "yes"; then
+ db_type=db3
+ if test "$ac_cv_funclib_db_create" != "yes"; then
+ DBLIB="$ac_cv_funclib_db_create"
+ else
+ DBLIB=""
+ fi
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DB3 1
+_ACEOF
+
+ else
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for dbopen" >&5
+echo $ECHO_N "checking for dbopen... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_dbopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" db2 db; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #if defined(HAVE_DB2_DB_H)
+ #include <db2/db.h>
+ #elif defined(HAVE_DB_185_H)
+ #include <db_185.h>
+ #elif defined(HAVE_DB_H)
+ #include <db.h>
+ #else
+ #error no db.h
+ #endif
+
+int
+main ()
+{
+dbopen(NULL, 0, 0, 0, NULL)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dbopen"
+
+if false; then
+
+for ac_func in dbopen
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# dbopen
+eval "ac_tr_func=HAVE_`echo dbopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dbopen=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dbopen=yes"
+ eval "LIB_dbopen="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_dbopen=no"
+ eval "LIB_dbopen="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_dbopen=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+ if test "$ac_cv_func_dbopen" = "yes"; then
+ db_type=db1
+ if test "$ac_cv_funclib_dbopen" != "yes"; then
+ DBLIB="$ac_cv_funclib_dbopen"
+ else
+ DBLIB=""
+ fi
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DB1 1
+_ACEOF
+
+ fi
+ fi
+
+
+ if test "$ac_cv_func_dbm_firstkey" != yes; then
+
+
+{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
+echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in $ac_cv_funclib_dbopen $ac_cv_funclib_db_create; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #define DB_DBM_HSEARCH 1
+ #include <db.h>
+ DBM *dbm;
+
+int
+main ()
+{
+dbm_firstkey(NULL)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
+
+if false; then
+
+for ac_func in dbm_firstkey
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# dbm_firstkey
+eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dbm_firstkey=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "LIB_dbm_firstkey="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_dbm_firstkey=no"
+ eval "LIB_dbm_firstkey="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+ if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+ if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+ LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+ else
+ LIB_NDBM=""
+ fi
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DB_NDBM 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NEW_DB 1
+_ACEOF
+
+ else
+ $as_unset ac_cv_func_dbm_firstkey
+ $as_unset ac_cv_funclib_dbm_firstkey
+ fi
+ fi
+
+fi # berkeley db
+
+if test "$enable_ndbm_db" != "no"; then
+
+ if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then
+
+
+
+for ac_header in \
+ dbm.h \
+ ndbm.h \
+
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
+echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ndbm; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #if defined(HAVE_NDBM_H)
+ #include <ndbm.h>
+ #elif defined(HAVE_DBM_H)
+ #include <dbm.h>
+ #endif
+ DBM *dbm;
+
+int
+main ()
+{
+dbm_firstkey(NULL)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
+
+if false; then
+
+for ac_func in dbm_firstkey
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# dbm_firstkey
+eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dbm_firstkey=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "LIB_dbm_firstkey="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_dbm_firstkey=no"
+ eval "LIB_dbm_firstkey="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+ if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+ if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+ LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+ else
+ LIB_NDBM=""
+ fi
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NDBM 1
+_ACEOF
+ have_ndbm=yes
+ if test "$db_type" = "unknown"; then
+ db_type=ndbm
+ DBLIB="$LIB_NDBM"
+ fi
+ else
+
+ $as_unset ac_cv_func_dbm_firstkey
+ $as_unset ac_cv_funclib_dbm_firstkey
+
+
+for ac_header in \
+ gdbm/ndbm.h \
+
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5
+echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" gdbm; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #include <gdbm/ndbm.h>
+ DBM *dbm;
+
+int
+main ()
+{
+dbm_firstkey(NULL)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dbm_firstkey"
+
+if false; then
+
+for ac_func in dbm_firstkey
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# dbm_firstkey
+eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dbm_firstkey=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "LIB_dbm_firstkey="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_dbm_firstkey=no"
+ eval "LIB_dbm_firstkey="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_dbm_firstkey=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+ if test "$ac_cv_func_dbm_firstkey" = "yes"; then
+ if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then
+ LIB_NDBM="$ac_cv_funclib_dbm_firstkey"
+ else
+ LIB_NDBM=""
+ fi
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NDBM 1
+_ACEOF
+ have_ndbm=yes
+ if test "$db_type" = "unknown"; then
+ db_type=ndbm
+ DBLIB="$LIB_NDBM"
+ fi
+ fi
+ fi
+ fi #enable_ndbm_db
+fi # unknown
+
+if test "$have_ndbm" = "yes"; then
+ { echo "$as_me:$LINENO: checking if ndbm is implemented with db" >&5
+echo $ECHO_N "checking if ndbm is implemented with db... $ECHO_C" >&6; }
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <unistd.h>
+#include <fcntl.h>
+#if defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
+#elif defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#endif
+int main(int argc, char **argv)
+{
+ DBM *d;
+
+ d = dbm_open("conftest", O_RDWR | O_CREAT, 0666);
+ if (d == NULL)
+ return 1;
+ dbm_close(d);
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+ if test -f conftest.db; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NEW_DB 1
+_ACEOF
+
+ else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ fi
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+
+ if test "$db_type" = db1; then
+ HAVE_DB1_TRUE=
+ HAVE_DB1_FALSE='#'
+else
+ HAVE_DB1_TRUE='#'
+ HAVE_DB1_FALSE=
+fi
+ if test "$db_type" = db3; then
+ HAVE_DB3_TRUE=
+ HAVE_DB3_FALSE='#'
+else
+ HAVE_DB3_TRUE='#'
+ HAVE_DB3_FALSE=
+fi
+ if test "$db_type" = ndbm; then
+ HAVE_NDBM_TRUE=
+ HAVE_NDBM_FALSE='#'
+else
+ HAVE_NDBM_TRUE='#'
+ HAVE_NDBM_FALSE=
+fi
+
+## it's probably not correct to include LDFLAGS here, but we might
+## need it, for now just add any possible -L
+z=""
+for i in $LDFLAGS; do
+ case "$i" in
+ -L*) z="$z $i";;
+ esac
+done
+DBLIB="$z $DBLIB"
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for inline" >&5
+echo $ECHO_N "checking for inline... $ECHO_C" >&6; }
+if test "${ac_cv_c_inline+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_c_inline=$ac_kw
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
+echo "${ECHO_T}$ac_cv_c_inline" >&6; }
+
+
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+ ;;
+esac
+
+{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
+echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; }
+if test "${ac_cv_c_const+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this. */
+ typedef int charset[2];
+ const charset cs;
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *pcpcc;
+ char **ppc;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ pcpcc = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this. */
+ char *t;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ if (s) return 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* AIX XL C 1.02.0.0 rejects this saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; };
+ struct s *b; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ if (!foo) return 0;
+ }
+ return !cs[0] && !zero.x;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_c_const=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_c_const=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
+echo "${ECHO_T}$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define const
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking for size_t" >&5
+echo $ECHO_N "checking for size_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_size_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef size_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_size_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_size_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
+echo "${ECHO_T}$ac_cv_type_size_t" >&6; }
+if test $ac_cv_type_size_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking for pid_t" >&5
+echo $ECHO_N "checking for pid_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_pid_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef pid_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_pid_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_pid_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
+echo "${ECHO_T}$ac_cv_type_pid_t" >&6; }
+if test $ac_cv_type_pid_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define pid_t int
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
+echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6; }
+if test "${ac_cv_type_uid_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "uid_t" >/dev/null 2>&1; then
+ ac_cv_type_uid_t=yes
+else
+ ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
+echo "${ECHO_T}$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define uid_t int
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define gid_t int
+_ACEOF
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking return type of signal handlers" >&5
+echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6; }
+if test "${ac_cv_type_signal+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <signal.h>
+
+int
+main ()
+{
+return *(signal (0, 0)) (0) == 1;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_signal=int
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_signal=void
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
+echo "${ECHO_T}$ac_cv_type_signal" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+
+if test "$ac_cv_type_signal" = "void" ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define VOID_RETSIGTYPE 1
+_ACEOF
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
+if test "${ac_cv_header_time+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_header_time=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_header_time=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TIME_WITH_SYS_TIME 1
+_ACEOF
+
+fi
+
+
+
+for ac_header in standards.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+for i in netinet/ip.h netinet/tcp.h; do
+
+cv=`echo "$i" | sed 'y%./+-%__p_%'`
+
+{ echo "$as_me:$LINENO: checking for $i" >&5
+echo $ECHO_N "checking for $i... $ECHO_C" >&6; }
+if { as_var=ac_cv_header_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_STANDARDS_H
+#include <standards.h>
+#endif
+#include <$i>
+
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ eval "ac_cv_header_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_header_$cv=no"
+fi
+
+rm -f conftest.err conftest.$ac_ext
+fi
+ac_res=`eval echo '${'ac_cv_header_$cv'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+ac_res=`eval echo \\$ac_cv_header_$cv`
+if test "$ac_res" = yes; then
+ ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+done
+if false;then
+
+
+for ac_header in netinet/ip.h netinet/tcp.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+fi
+
+
+
+
+for ac_func in getlogin setlogin
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+if test "$ac_cv_func_getlogin" = yes; then
+{ echo "$as_me:$LINENO: checking if getlogin is posix" >&5
+echo $ECHO_N "checking if getlogin is posix... $ECHO_C" >&6; }
+if test "${ac_cv_func_getlogin_posix+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
+ ac_cv_func_getlogin_posix=no
+else
+ ac_cv_func_getlogin_posix=yes
+fi
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getlogin_posix" >&5
+echo "${ECHO_T}$ac_cv_func_getlogin_posix" >&6; }
+if test "$ac_cv_func_getlogin_posix" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define POSIX_GETLOGIN 1
+_ACEOF
+
+fi
+fi
+
+
+
+for ac_header in stdlib.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_func in getpagesize
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+{ echo "$as_me:$LINENO: checking for working mmap" >&5
+echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; }
+if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_func_mmap_fixed_mapped=no
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+/* malloc might have been renamed as rpl_malloc. */
+#undef malloc
+
+/* Thanks to Mike Haertel and Jim Avera for this test.
+ Here is a matrix of mmap possibilities:
+ mmap private not fixed
+ mmap private fixed at somewhere currently unmapped
+ mmap private fixed at somewhere already mapped
+ mmap shared not fixed
+ mmap shared fixed at somewhere currently unmapped
+ mmap shared fixed at somewhere already mapped
+ For private mappings, we should verify that changes cannot be read()
+ back from the file, nor mmap's back from the file at a different
+ address. (There have been systems where private was not correctly
+ implemented like the infamous i386 svr4.0, and systems where the
+ VM page cache was not coherent with the file system buffer cache
+ like early versions of FreeBSD and possibly contemporary NetBSD.)
+ For shared mappings, we should conversely verify that changes get
+ propagated back to all the places they're supposed to be.
+
+ Grep wants private fixed already mapped.
+ The main things grep needs to know about mmap are:
+ * does it exist and is it safe to write into the mmap'd area
+ * how to use it (BSD variants) */
+
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#if !defined STDC_HEADERS && !defined HAVE_STDLIB_H
+char *malloc ();
+#endif
+
+/* This mess was copied from the GNU getpagesize.h. */
+#ifndef HAVE_GETPAGESIZE
+/* Assume that all systems that can run configure have sys/param.h. */
+# ifndef HAVE_SYS_PARAM_H
+# define HAVE_SYS_PARAM_H 1
+# endif
+
+# ifdef _SC_PAGESIZE
+# define getpagesize() sysconf(_SC_PAGESIZE)
+# else /* no _SC_PAGESIZE */
+# ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+# ifdef EXEC_PAGESIZE
+# define getpagesize() EXEC_PAGESIZE
+# else /* no EXEC_PAGESIZE */
+# ifdef NBPG
+# define getpagesize() NBPG * CLSIZE
+# ifndef CLSIZE
+# define CLSIZE 1
+# endif /* no CLSIZE */
+# else /* no NBPG */
+# ifdef NBPC
+# define getpagesize() NBPC
+# else /* no NBPC */
+# ifdef PAGESIZE
+# define getpagesize() PAGESIZE
+# endif /* PAGESIZE */
+# endif /* no NBPC */
+# endif /* no NBPG */
+# endif /* no EXEC_PAGESIZE */
+# else /* no HAVE_SYS_PARAM_H */
+# define getpagesize() 8192 /* punt totally */
+# endif /* no HAVE_SYS_PARAM_H */
+# endif /* no _SC_PAGESIZE */
+
+#endif /* no HAVE_GETPAGESIZE */
+
+int
+main ()
+{
+ char *data, *data2, *data3;
+ int i, pagesize;
+ int fd;
+
+ pagesize = getpagesize ();
+
+ /* First, make a file with some known garbage in it. */
+ data = (char *) malloc (pagesize);
+ if (!data)
+ return 1;
+ for (i = 0; i < pagesize; ++i)
+ *(data + i) = rand ();
+ umask (0);
+ fd = creat ("conftest.mmap", 0600);
+ if (fd < 0)
+ return 1;
+ if (write (fd, data, pagesize) != pagesize)
+ return 1;
+ close (fd);
+
+ /* Next, try to mmap the file at a fixed address which already has
+ something else allocated at it. If we can, also make sure that
+ we see the same garbage. */
+ fd = open ("conftest.mmap", O_RDWR);
+ if (fd < 0)
+ return 1;
+ data2 = (char *) malloc (2 * pagesize);
+ if (!data2)
+ return 1;
+ data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1);
+ if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_FIXED, fd, 0L))
+ return 1;
+ for (i = 0; i < pagesize; ++i)
+ if (*(data + i) != *(data2 + i))
+ return 1;
+
+ /* Finally, make sure that changes to the mapped area do not
+ percolate back to the file as seen by read(). (This is a bug on
+ some variants of i386 svr4.0.) */
+ for (i = 0; i < pagesize; ++i)
+ *(data2 + i) = *(data2 + i) + 1;
+ data3 = (char *) malloc (pagesize);
+ if (!data3)
+ return 1;
+ if (read (fd, data3, pagesize) != pagesize)
+ return 1;
+ for (i = 0; i < pagesize; ++i)
+ if (*(data + i) != *(data3 + i))
+ return 1;
+ close (fd);
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_mmap_fixed_mapped=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_mmap_fixed_mapped=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
+echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; }
+if test $ac_cv_func_mmap_fixed_mapped = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MMAP 1
+_ACEOF
+
+fi
+rm -f conftest.mmap
+
+
+{ echo "$as_me:$LINENO: checking if realloc if broken" >&5
+echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6; }
+if test "${ac_cv_func_realloc_broken+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ac_cv_func_realloc_broken=no
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stddef.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv)
+{
+ return realloc(NULL, 17) == NULL;
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_realloc_broken=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_realloc_broken" >&5
+echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6; }
+if test "$ac_cv_func_realloc_broken" = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define BROKEN_REALLOC 1
+_ACEOF
+
+fi
+
+
+
+
+
+
+
+DIR_roken=roken
+LIB_roken='$(top_builddir)/lib/roken/libroken.la'
+INCLUDES_roken='-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-developer was given.
+if test "${enable_developer+set}" = set; then
+ enableval=$enable_developer;
+fi
+
+if test "X$enable_developer" = Xyes; then
+ dwflags="-Werror"
+fi
+
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+if test -z "$WFLAGS" -a "$GCC" = "yes"; then
+ # -Wno-implicit-int for broken X11 headers
+ # leave these out for now:
+ # -Wcast-align doesn't work well on alpha osf/1
+ # -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
+ # -Wmissing-declarations -Wnested-externs
+ WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $dwflags"
+ WFLAGS_NOUNUSED="-Wno-unused"
+ WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
+fi
+
+
+
+
+
+
+
+
+cv=`echo "ssize_t" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for ssize_t" >&5
+echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <unistd.h>
+int
+main ()
+{
+ssize_t foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo ssize_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for ssize_t" >&5
+echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_ssize_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef ssize_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_ssize_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_ssize_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
+echo "${ECHO_T}$ac_cv_type_ssize_t" >&6; }
+if test $ac_cv_type_ssize_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SSIZE_T 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+
+
+cv=`echo "long long" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+int
+main ()
+{
+long long foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
+if test "${ac_cv_type_long_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef long long ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_long_long=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_long_long=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
+echo "${ECHO_T}$ac_cv_type_long_long" >&6; }
+if test $ac_cv_type_long_long = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_LONG 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_header in \
+ arpa/inet.h \
+ config.h \
+ crypt.h \
+ dirent.h \
+ errno.h \
+ err.h \
+ fcntl.h \
+ fnmatch.h \
+ grp.h \
+ ifaddrs.h \
+ netinet/in.h \
+ netinet/in6.h \
+ netinet/in_systm.h \
+ netinet6/in6.h \
+ paths.h \
+ poll.h \
+ pwd.h \
+ rpcsvc/ypclnt.h \
+ shadow.h \
+ stdint.h \
+ sys/bswap.h \
+ sys/ioctl.h \
+ sys/mman.h \
+ sys/param.h \
+ sys/resource.h \
+ sys/sockio.h \
+ sys/stat.h \
+ sys/time.h \
+ sys/tty.h \
+ sys/types.h \
+ sys/uio.h \
+ sys/utsname.h \
+ sys/wait.h \
+ syslog.h \
+ termios.h \
+ unistd.h \
+ userconf.h \
+ usersec.h \
+ util.h \
+
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+cv=`echo "uintptr_t" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for uintptr_t" >&5
+echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+int
+main ()
+{
+uintptr_t foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo uintptr_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for uintptr_t" >&5
+echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_uintptr_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef uintptr_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_uintptr_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_uintptr_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uintptr_t" >&5
+echo "${ECHO_T}$ac_cv_type_uintptr_t" >&6; }
+if test $ac_cv_type_uintptr_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINTPTR_T 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+for ac_header in vis.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <vis.h>
+#ifndef VIS_SP
+#error invis
+#endif
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in netdb.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/socket.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in net/if.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in netinet6/in6_var.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/sysctl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/proc.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+ if test "$ac_cv_header_err_h" = yes; then
+ have_err_h_TRUE=
+ have_err_h_FALSE='#'
+else
+ have_err_h_TRUE='#'
+ have_err_h_FALSE=
+fi
+
+ if test "$ac_cv_header_ifaddrs_h" = yes; then
+ have_ifaddrs_h_TRUE=
+ have_ifaddrs_h_FALSE='#'
+else
+ have_ifaddrs_h_TRUE='#'
+ have_ifaddrs_h_FALSE=
+fi
+
+ if test "$ac_cv_header_vis_h" = yes; then
+ have_vis_h_TRUE=
+ have_vis_h_FALSE='#'
+else
+ have_vis_h_TRUE='#'
+ have_vis_h_FALSE=
+fi
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for socket" >&5
+echo $ECHO_N "checking for socket... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_socket+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_socket\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" socket; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+socket()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_socket"
+
+if false; then
+
+for ac_func in socket
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# socket
+eval "ac_tr_func=HAVE_`echo socket | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_socket=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_socket=yes"
+ eval "LIB_socket="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_socket=no"
+ eval "LIB_socket="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_socket=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_socket"; then
+ LIBS="$LIB_socket $LIBS"
+fi
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for gethostbyname" >&5
+echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_gethostbyname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" nsl; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+gethostbyname()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_gethostbyname"
+
+if false; then
+
+for ac_func in gethostbyname
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# gethostbyname
+eval "ac_tr_func=HAVE_`echo gethostbyname | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_gethostbyname=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_gethostbyname=yes"
+ eval "LIB_gethostbyname="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_gethostbyname=no"
+ eval "LIB_gethostbyname="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_gethostbyname=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_gethostbyname"; then
+ LIBS="$LIB_gethostbyname $LIBS"
+fi
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for syslog" >&5
+echo $ECHO_N "checking for syslog... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_syslog+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_syslog\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" syslog; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+syslog()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_syslog"
+
+if false; then
+
+for ac_func in syslog
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# syslog
+eval "ac_tr_func=HAVE_`echo syslog | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_syslog=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_syslog=yes"
+ eval "LIB_syslog="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_syslog=no"
+ eval "LIB_syslog="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_syslog=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_syslog"; then
+ LIBS="$LIB_syslog $LIBS"
+fi
+
+
+
+
+# Check whether --with-ipv6 was given.
+if test "${with_ipv6+set}" = set; then
+ withval=$with_ipv6;
+if test "$withval" = "no"; then
+ ac_cv_lib_ipv6=no
+fi
+fi
+
+save_CFLAGS="${CFLAGS}"
+{ echo "$as_me:$LINENO: checking for IPv6 stack type" >&5
+echo $ECHO_N "checking for IPv6 stack type... $ECHO_C" >&6; }
+if test "${v6type+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ v6type=unknown
+v6lib=none
+
+for i in v6d toshiba kame inria zeta linux; do
+ case $i in
+ v6d)
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include </usr/local/v6/include/sys/types.h>
+#ifdef __V6D__
+yes
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ v6type=$i; v6lib=v6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-I/usr/local/v6/include $CFLAGS"
+fi
+rm -f conftest*
+
+ ;;
+ toshiba)
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/param.h>
+#ifdef _TOSHIBA_INET6
+yes
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ v6type=$i; v6lib=inet6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-DINET6 $CFLAGS"
+fi
+rm -f conftest*
+
+ ;;
+ kame)
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <netinet/in.h>
+#ifdef __KAME__
+yes
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ v6type=$i; v6lib=inet6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-DINET6 $CFLAGS"
+fi
+rm -f conftest*
+
+ ;;
+ inria)
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <netinet/in.h>
+#ifdef IPV6_INRIA_VERSION
+yes
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ v6type=$i; CFLAGS="-DINET6 $CFLAGS"
+fi
+rm -f conftest*
+
+ ;;
+ zeta)
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/param.h>
+#ifdef _ZETA_MINAMI_INET6
+yes
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then
+ v6type=$i; v6lib=inet6;
+ v6libdir=/usr/local/v6/lib;
+ CFLAGS="-DINET6 $CFLAGS"
+fi
+rm -f conftest*
+
+ ;;
+ linux)
+ if test -d /usr/inet6; then
+ v6type=$i
+ v6lib=inet6
+ v6libdir=/usr/inet6
+ CFLAGS="-DINET6 $CFLAGS"
+ fi
+ ;;
+ esac
+ if test "$v6type" != "unknown"; then
+ break
+ fi
+done
+
+if test "$v6lib" != "none"; then
+ for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do
+ if test -d $dir -a -f $dir/lib$v6lib.a; then
+ LIBS="-L$dir -l$v6lib $LIBS"
+ break
+ fi
+ done
+fi
+
+fi
+{ echo "$as_me:$LINENO: result: $v6type" >&5
+echo "${ECHO_T}$v6type" >&6; }
+
+{ echo "$as_me:$LINENO: checking for IPv6" >&5
+echo $ECHO_N "checking for IPv6... $ECHO_C" >&6; }
+if test "${ac_cv_lib_ipv6+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+
+int
+main ()
+{
+
+ struct sockaddr_in6 sin6;
+ int s;
+
+ s = socket(AF_INET6, SOCK_DGRAM, 0);
+
+ sin6.sin6_family = AF_INET6;
+ sin6.sin6_port = htons(17);
+ sin6.sin6_addr = in6addr_any;
+ bind(s, (struct sockaddr *)&sin6, sizeof(sin6));
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_ipv6=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_ipv6=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ipv6" >&5
+echo "${ECHO_T}$ac_cv_lib_ipv6" >&6; }
+if test "$ac_cv_lib_ipv6" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_IPV6 1
+_ACEOF
+
+else
+ CFLAGS="${save_CFLAGS}"
+fi
+
+## test for AIX missing in6addr_loopback
+if test "$ac_cv_lib_ipv6" = yes; then
+ { echo "$as_me:$LINENO: checking for in6addr_loopback" >&5
+echo $ECHO_N "checking for in6addr_loopback... $ECHO_C" >&6; }
+if test "${ac_cv_var_in6addr_loopback+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+int
+main ()
+{
+
+struct sockaddr_in6 sin6;
+sin6.sin6_addr = in6addr_loopback;
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_in6addr_loopback=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_in6addr_loopback=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_var_in6addr_loopback" >&5
+echo "${ECHO_T}$ac_cv_var_in6addr_loopback" >&6; }
+ if test "$ac_cv_var_in6addr_loopback" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_IN6ADDR_LOOPBACK 1
+_ACEOF
+
+ fi
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for gethostbyname2" >&5
+echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_gethostbyname2+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" inet6 ip6; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+gethostbyname2()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_gethostbyname2=\${ac_cv_funclib_gethostbyname2-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_gethostbyname2"
+
+if false; then
+
+for ac_func in gethostbyname2
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# gethostbyname2
+eval "ac_tr_func=HAVE_`echo gethostbyname2 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_gethostbyname2=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_gethostbyname2=yes"
+ eval "LIB_gethostbyname2="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_gethostbyname2=no"
+ eval "LIB_gethostbyname2="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_gethostbyname2=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_gethostbyname2"; then
+ LIBS="$LIB_gethostbyname2 $LIBS"
+fi
+
+
+
+
+
+for ac_header in arpa/nameser.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in resolv.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for res_search" >&5
+echo $ECHO_N "checking for res_search... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_res_search+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_res_search\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int
+main ()
+{
+res_search(0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_res_search"
+
+if false; then
+
+for ac_func in res_search
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# res_search
+eval "ac_tr_func=HAVE_`echo res_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_res_search=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_res_search=yes"
+ eval "LIB_res_search="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_res_search=no"
+ eval "LIB_res_search="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_res_search=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_res_search"; then
+ LIBS="$LIB_res_search $LIBS"
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for res_nsearch" >&5
+echo $ECHO_N "checking for res_nsearch... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_res_nsearch+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int
+main ()
+{
+res_nsearch(0,0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_nsearch=$ac_lib; else ac_cv_funclib_res_nsearch=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_res_nsearch=\${ac_cv_funclib_res_nsearch-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_res_nsearch"
+
+if false; then
+
+for ac_func in res_nsearch
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# res_nsearch
+eval "ac_tr_func=HAVE_`echo res_nsearch | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_res_nsearch=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_res_nsearch=yes"
+ eval "LIB_res_nsearch="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_res_nsearch=no"
+ eval "LIB_res_nsearch="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_res_nsearch=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_res_nsearch"; then
+ LIBS="$LIB_res_nsearch $LIBS"
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for res_ndestroy" >&5
+echo $ECHO_N "checking for res_ndestroy... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_res_ndestroy+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_res_ndestroy\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int
+main ()
+{
+res_ndestroy(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_ndestroy=$ac_lib; else ac_cv_funclib_res_ndestroy=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_res_ndestroy=\${ac_cv_funclib_res_ndestroy-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_res_ndestroy"
+
+if false; then
+
+for ac_func in res_ndestroy
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# res_ndestroy
+eval "ac_tr_func=HAVE_`echo res_ndestroy | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_res_ndestroy=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_res_ndestroy=yes"
+ eval "LIB_res_ndestroy="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_res_ndestroy=no"
+ eval "LIB_res_ndestroy="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_res_ndestroy=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_res_ndestroy"; then
+ LIBS="$LIB_res_ndestroy $LIBS"
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for dn_expand" >&5
+echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_dn_expand+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int
+main ()
+{
+dn_expand(0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dn_expand"
+
+if false; then
+
+for ac_func in dn_expand
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# dn_expand
+eval "ac_tr_func=HAVE_`echo dn_expand | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dn_expand=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dn_expand=yes"
+ eval "LIB_dn_expand="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_dn_expand=no"
+ eval "LIB_dn_expand="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_dn_expand=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_dn_expand"; then
+ LIBS="$LIB_dn_expand $LIBS"
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for _res" >&5
+echo $ECHO_N "checking for _res... $ECHO_C" >&6; }
+if test "${ac_cv_var__res+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+ void * foo(void) { return &_res; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var__res=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var__res=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var__res" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int _res;
+int foo(void) { return _res; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var__res=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var__res=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var__res`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE__RES 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether _res is declared" >&5
+echo $ECHO_N "checking whether _res is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl__res+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+
+int
+main ()
+{
+#ifndef _res
+ (void) _res;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl__res=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl__res=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl__res" >&5
+echo "${ECHO_T}$ac_cv_have_decl__res" >&6; }
+if test $ac_cv_have_decl__res = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__RES 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__RES 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for working snprintf" >&5
+echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6; }
+if test "${ac_cv_func_snprintf_working+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_func_snprintf_working=yes
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+int main(int argc, char **argv)
+{
+ char foo[3];
+ snprintf(foo, 2, "12");
+ return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_snprintf_working=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_working" >&5
+echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6; }
+
+if test "$ac_cv_func_snprintf_working" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SNPRINTF 1
+_ACEOF
+
+fi
+if test "$ac_cv_func_snprintf_working" = yes; then
+
+if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then
+{ echo "$as_me:$LINENO: checking if snprintf needs a prototype" >&5
+echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_snprintf_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+struct foo { int foo; } xx;
+extern int snprintf (struct foo*);
+int
+main ()
+{
+snprintf(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_snprintf_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_snprintf_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6; }
+if test "$ac_cv_func_snprintf_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_SNPRINTF_PROTO 1
+_ACEOF
+
+fi
+fi
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for working vsnprintf" >&5
+echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6; }
+if test "${ac_cv_func_vsnprintf_working+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_func_vsnprintf_working=yes
+if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+int foo(int num, ...)
+{
+ char bar[3];
+ va_list arg;
+ va_start(arg, num);
+ vsnprintf(bar, 2, "%s", arg);
+ va_end(arg);
+ return strcmp(bar, "1");
+}
+
+int bar(int num, int len, ...)
+{
+ int r;
+ va_list arg;
+ va_start(arg, len);
+ r = vsnprintf(NULL, 0, "%s", arg);
+ va_end(arg);
+ return r != len;
+}
+
+int main(int argc, char **argv)
+{
+ return foo(0, "12") || bar(0, 2, "12");
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_vsnprintf_working=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_working" >&5
+echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6; }
+
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_VSNPRINTF 1
+_ACEOF
+
+fi
+if test "$ac_cv_func_vsnprintf_working" = yes; then
+
+if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then
+{ echo "$as_me:$LINENO: checking if vsnprintf needs a prototype" >&5
+echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+struct foo { int foo; } xx;
+extern int vsnprintf (struct foo*);
+int
+main ()
+{
+vsnprintf(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_vsnprintf_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_vsnprintf_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6; }
+if test "$ac_cv_func_vsnprintf_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_VSNPRINTF_PROTO 1
+_ACEOF
+
+fi
+fi
+
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for working glob" >&5
+echo $ECHO_N "checking for working glob... $ECHO_C" >&6; }
+if test "${ac_cv_func_glob_working+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_func_glob_working=yes
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <glob.h>
+int
+main ()
+{
+
+glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|
+#ifdef GLOB_MAXPATH
+GLOB_MAXPATH
+#else
+GLOB_LIMIT
+#endif
+,
+NULL, NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_glob_working=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_glob_working" >&5
+echo "${ECHO_T}$ac_cv_func_glob_working" >&6; }
+
+if test "$ac_cv_func_glob_working" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_GLOB 1
+_ACEOF
+
+fi
+if test "$ac_cv_func_glob_working" = yes; then
+
+if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then
+{ echo "$as_me:$LINENO: checking if glob needs a prototype" >&5
+echo $ECHO_N "checking if glob needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_glob_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+#include <glob.h>
+struct foo { int foo; } xx;
+extern int glob (struct foo*);
+int
+main ()
+{
+glob(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_glob_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_glob_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_glob_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_glob_noproto" >&6; }
+if test "$ac_cv_func_glob_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_GLOB_PROTO 1
+_ACEOF
+
+fi
+fi
+
+fi
+
+if test "$ac_cv_func_glob_working" != yes; then
+ case " $LIBOBJS " in
+ *" glob.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS glob.$ac_objext"
+ ;;
+esac
+
+fi
+ if test "$ac_cv_func_glob_working" = yes; then
+ have_glob_h_TRUE=
+ have_glob_h_FALSE='#'
+else
+ have_glob_h_TRUE='#'
+ have_glob_h_FALSE=
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_func in \
+ asnprintf \
+ asprintf \
+ atexit \
+ cgetent \
+ getconfattr \
+ getprogname \
+ getrlimit \
+ getspnam \
+ initstate \
+ issetugid \
+ on_exit \
+ poll \
+ random \
+ setprogname \
+ setstate \
+ strsvis \
+ strunvis \
+ strvis \
+ strvisx \
+ svis \
+ sysconf \
+ sysctl \
+ uname \
+ unvis \
+ vasnprintf \
+ vasprintf \
+ vis \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+if test "$ac_cv_func_cgetent" = no; then
+ case " $LIBOBJS " in
+ *" getcap.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getcap.$ac_objext"
+ ;;
+esac
+
+fi
+ if test "$ac_cv_func_cgetent" = yes; then
+ have_cgetent_TRUE=
+ have_cgetent_FALSE='#'
+else
+ have_cgetent_TRUE='#'
+ have_cgetent_FALSE=
+fi
+
+
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for getsockopt" >&5
+echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_getsockopt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int
+main ()
+{
+getsockopt(0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getsockopt"
+
+if false; then
+
+for ac_func in getsockopt
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# getsockopt
+eval "ac_tr_func=HAVE_`echo getsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getsockopt=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getsockopt=yes"
+ eval "LIB_getsockopt="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_getsockopt=no"
+ eval "LIB_getsockopt="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_getsockopt=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for setsockopt" >&5
+echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_setsockopt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+int
+main ()
+{
+setsockopt(0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_setsockopt"
+
+if false; then
+
+for ac_func in setsockopt
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# setsockopt
+eval "ac_tr_func=HAVE_`echo setsockopt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_setsockopt=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_setsockopt=yes"
+ eval "LIB_setsockopt="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_setsockopt=no"
+ eval "LIB_setsockopt="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_setsockopt=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for hstrerror" >&5
+echo $ECHO_N "checking for hstrerror... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_hstrerror+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" resolv; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int
+main ()
+{
+hstrerror(17)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_hstrerror"
+
+if false; then
+
+for ac_func in hstrerror
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# hstrerror
+eval "ac_tr_func=HAVE_`echo hstrerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_hstrerror=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_hstrerror=yes"
+ eval "LIB_hstrerror="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_hstrerror=no"
+ eval "LIB_hstrerror="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_hstrerror=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_hstrerror"; then
+ LIBS="$LIB_hstrerror $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_hstrerror\" != yes"; then
+ case " $LIBOBJS " in
+ *" hstrerror.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS hstrerror.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then
+{ echo "$as_me:$LINENO: checking if hstrerror needs a prototype" >&5
+echo $ECHO_N "checking if hstrerror needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_hstrerror_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+struct foo { int foo; } xx;
+extern int hstrerror (struct foo*);
+int
+main ()
+{
+hstrerror(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_hstrerror_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_hstrerror_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_hstrerror_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_hstrerror_noproto" >&6; }
+if test "$ac_cv_func_hstrerror_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_HSTRERROR_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+
+if test "$ac_cv_func_asprintf+set" != set -o "$ac_cv_func_asprintf" = yes; then
+{ echo "$as_me:$LINENO: checking if asprintf needs a prototype" >&5
+echo $ECHO_N "checking if asprintf needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_asprintf_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #include <string.h>
+struct foo { int foo; } xx;
+extern int asprintf (struct foo*);
+int
+main ()
+{
+asprintf(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_asprintf_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_asprintf_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_asprintf_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_asprintf_noproto" >&6; }
+if test "$ac_cv_func_asprintf_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_ASPRINTF_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_vasprintf+set" != set -o "$ac_cv_func_vasprintf" = yes; then
+{ echo "$as_me:$LINENO: checking if vasprintf needs a prototype" >&5
+echo $ECHO_N "checking if vasprintf needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_vasprintf_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #include <string.h>
+struct foo { int foo; } xx;
+extern int vasprintf (struct foo*);
+int
+main ()
+{
+vasprintf(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_vasprintf_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_vasprintf_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vasprintf_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_vasprintf_noproto" >&6; }
+if test "$ac_cv_func_vasprintf_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_VASPRINTF_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_asnprintf+set" != set -o "$ac_cv_func_asnprintf" = yes; then
+{ echo "$as_me:$LINENO: checking if asnprintf needs a prototype" >&5
+echo $ECHO_N "checking if asnprintf needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_asnprintf_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #include <string.h>
+struct foo { int foo; } xx;
+extern int asnprintf (struct foo*);
+int
+main ()
+{
+asnprintf(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_asnprintf_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_asnprintf_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_asnprintf_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_asnprintf_noproto" >&6; }
+if test "$ac_cv_func_asnprintf_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_ASNPRINTF_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_vasnprintf+set" != set -o "$ac_cv_func_vasnprintf" = yes; then
+{ echo "$as_me:$LINENO: checking if vasnprintf needs a prototype" >&5
+echo $ECHO_N "checking if vasnprintf needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #include <string.h>
+struct foo { int foo; } xx;
+extern int vasnprintf (struct foo*);
+int
+main ()
+{
+vasnprintf(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_vasnprintf_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_vasnprintf_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vasnprintf_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_vasnprintf_noproto" >&6; }
+if test "$ac_cv_func_vasnprintf_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_VASNPRINTF_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for bswap16" >&5
+echo $ECHO_N "checking for bswap16... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_bswap16+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif
+int
+main ()
+{
+bswap16(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap16=$ac_lib; else ac_cv_funclib_bswap16=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_bswap16=\${ac_cv_funclib_bswap16-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_bswap16"
+
+if false; then
+
+for ac_func in bswap16
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# bswap16
+eval "ac_tr_func=HAVE_`echo bswap16 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_bswap16=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_bswap16=yes"
+ eval "LIB_bswap16="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_bswap16=no"
+ eval "LIB_bswap16="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_bswap16=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for bswap32" >&5
+echo $ECHO_N "checking for bswap32... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_bswap32+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_BSWAP_H
+#include <sys/bswap.h>
+#endif
+int
+main ()
+{
+bswap32(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap32=$ac_lib; else ac_cv_funclib_bswap32=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_bswap32=\${ac_cv_funclib_bswap32-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_bswap32"
+
+if false; then
+
+for ac_func in bswap32
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# bswap32
+eval "ac_tr_func=HAVE_`echo bswap32 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_bswap32=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_bswap32=yes"
+ eval "LIB_bswap32="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_bswap32=no"
+ eval "LIB_bswap32="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_bswap32=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for pidfile" >&5
+echo $ECHO_N "checking for pidfile... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_pidfile+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" util; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+int
+main ()
+{
+pidfile(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_pidfile=$ac_lib; else ac_cv_funclib_pidfile=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_pidfile=\${ac_cv_funclib_pidfile-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_pidfile"
+
+if false; then
+
+for ac_func in pidfile
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# pidfile
+eval "ac_tr_func=HAVE_`echo pidfile | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_pidfile=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_pidfile=yes"
+ eval "LIB_pidfile="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_pidfile=no"
+ eval "LIB_pidfile="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_pidfile=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for getaddrinfo" >&5
+echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_getaddrinfo+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_getaddrinfo\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int
+main ()
+{
+getaddrinfo(0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getaddrinfo=$ac_lib; else ac_cv_funclib_getaddrinfo=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_getaddrinfo=\${ac_cv_funclib_getaddrinfo-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getaddrinfo"
+
+if false; then
+
+for ac_func in getaddrinfo
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# getaddrinfo
+eval "ac_tr_func=HAVE_`echo getaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getaddrinfo=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getaddrinfo=yes"
+ eval "LIB_getaddrinfo="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_getaddrinfo=no"
+ eval "LIB_getaddrinfo="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_getaddrinfo=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_getaddrinfo"; then
+ LIBS="$LIB_getaddrinfo $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_getaddrinfo\" != yes"; then
+ case " $LIBOBJS " in
+ *" getaddrinfo.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for getnameinfo" >&5
+echo $ECHO_N "checking for getnameinfo... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_getnameinfo+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_getnameinfo\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int
+main ()
+{
+getnameinfo(0,0,0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getnameinfo=$ac_lib; else ac_cv_funclib_getnameinfo=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_getnameinfo=\${ac_cv_funclib_getnameinfo-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getnameinfo"
+
+if false; then
+
+for ac_func in getnameinfo
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# getnameinfo
+eval "ac_tr_func=HAVE_`echo getnameinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getnameinfo=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getnameinfo=yes"
+ eval "LIB_getnameinfo="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_getnameinfo=no"
+ eval "LIB_getnameinfo="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_getnameinfo=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_getnameinfo"; then
+ LIBS="$LIB_getnameinfo $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_getnameinfo\" != yes"; then
+ case " $LIBOBJS " in
+ *" getnameinfo.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getnameinfo.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for freeaddrinfo" >&5
+echo $ECHO_N "checking for freeaddrinfo... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_freeaddrinfo+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_freeaddrinfo\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int
+main ()
+{
+freeaddrinfo(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_freeaddrinfo=$ac_lib; else ac_cv_funclib_freeaddrinfo=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_freeaddrinfo=\${ac_cv_funclib_freeaddrinfo-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_freeaddrinfo"
+
+if false; then
+
+for ac_func in freeaddrinfo
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# freeaddrinfo
+eval "ac_tr_func=HAVE_`echo freeaddrinfo | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_freeaddrinfo=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_freeaddrinfo=yes"
+ eval "LIB_freeaddrinfo="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_freeaddrinfo=no"
+ eval "LIB_freeaddrinfo="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_freeaddrinfo=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_freeaddrinfo"; then
+ LIBS="$LIB_freeaddrinfo $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_freeaddrinfo\" != yes"; then
+ case " $LIBOBJS " in
+ *" freeaddrinfo.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for gai_strerror" >&5
+echo $ECHO_N "checking for gai_strerror... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_gai_strerror+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_gai_strerror\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+int
+main ()
+{
+gai_strerror(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_gai_strerror=$ac_lib; else ac_cv_funclib_gai_strerror=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_gai_strerror=\${ac_cv_funclib_gai_strerror-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_gai_strerror"
+
+if false; then
+
+for ac_func in gai_strerror
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# gai_strerror
+eval "ac_tr_func=HAVE_`echo gai_strerror | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_gai_strerror=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_gai_strerror=yes"
+ eval "LIB_gai_strerror="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_gai_strerror=no"
+ eval "LIB_gai_strerror="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_gai_strerror=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test -n "$LIB_gai_strerror"; then
+ LIBS="$LIB_gai_strerror $LIBS"
+fi
+
+if eval "test \"$ac_cv_func_gai_strerror\" != yes"; then
+ case " $LIBOBJS " in
+ *" gai_strerror.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS gai_strerror.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for chown" >&5
+echo $ECHO_N "checking for chown... $ECHO_C" >&6; }
+if test "${ac_cv_func_chown+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define chown to an innocuous variant, in case <limits.h> declares chown.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define chown innocuous_chown
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char chown (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef chown
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char chown ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_chown || defined __stub___chown
+choke me
+#endif
+
+int
+main ()
+{
+return chown ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_chown=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_chown=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_chown" >&5
+echo "${ECHO_T}$ac_cv_func_chown" >&6; }
+if test $ac_cv_func_chown = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_CHOWN 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" chown.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS chown.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for copyhostent" >&5
+echo $ECHO_N "checking for copyhostent... $ECHO_C" >&6; }
+if test "${ac_cv_func_copyhostent+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define copyhostent to an innocuous variant, in case <limits.h> declares copyhostent.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define copyhostent innocuous_copyhostent
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char copyhostent (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef copyhostent
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char copyhostent ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_copyhostent || defined __stub___copyhostent
+choke me
+#endif
+
+int
+main ()
+{
+return copyhostent ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_copyhostent=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_copyhostent=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_copyhostent" >&5
+echo "${ECHO_T}$ac_cv_func_copyhostent" >&6; }
+if test $ac_cv_func_copyhostent = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_COPYHOSTENT 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" copyhostent.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS copyhostent.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for closefrom" >&5
+echo $ECHO_N "checking for closefrom... $ECHO_C" >&6; }
+if test "${ac_cv_func_closefrom+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define closefrom to an innocuous variant, in case <limits.h> declares closefrom.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define closefrom innocuous_closefrom
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char closefrom (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef closefrom
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char closefrom ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_closefrom || defined __stub___closefrom
+choke me
+#endif
+
+int
+main ()
+{
+return closefrom ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_closefrom=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_closefrom=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_closefrom" >&5
+echo "${ECHO_T}$ac_cv_func_closefrom" >&6; }
+if test $ac_cv_func_closefrom = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_CLOSEFROM 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" closefrom.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS closefrom.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for daemon" >&5
+echo $ECHO_N "checking for daemon... $ECHO_C" >&6; }
+if test "${ac_cv_func_daemon+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define daemon to an innocuous variant, in case <limits.h> declares daemon.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define daemon innocuous_daemon
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char daemon (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef daemon
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char daemon ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_daemon || defined __stub___daemon
+choke me
+#endif
+
+int
+main ()
+{
+return daemon ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_daemon=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_daemon=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5
+echo "${ECHO_T}$ac_cv_func_daemon" >&6; }
+if test $ac_cv_func_daemon = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DAEMON 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" daemon.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS daemon.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for ecalloc" >&5
+echo $ECHO_N "checking for ecalloc... $ECHO_C" >&6; }
+if test "${ac_cv_func_ecalloc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define ecalloc to an innocuous variant, in case <limits.h> declares ecalloc.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define ecalloc innocuous_ecalloc
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char ecalloc (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef ecalloc
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ecalloc ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_ecalloc || defined __stub___ecalloc
+choke me
+#endif
+
+int
+main ()
+{
+return ecalloc ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_ecalloc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_ecalloc=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_ecalloc" >&5
+echo "${ECHO_T}$ac_cv_func_ecalloc" >&6; }
+if test $ac_cv_func_ecalloc = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_ECALLOC 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" ecalloc.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS ecalloc.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for emalloc" >&5
+echo $ECHO_N "checking for emalloc... $ECHO_C" >&6; }
+if test "${ac_cv_func_emalloc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define emalloc to an innocuous variant, in case <limits.h> declares emalloc.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define emalloc innocuous_emalloc
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char emalloc (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef emalloc
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char emalloc ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_emalloc || defined __stub___emalloc
+choke me
+#endif
+
+int
+main ()
+{
+return emalloc ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_emalloc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_emalloc=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_emalloc" >&5
+echo "${ECHO_T}$ac_cv_func_emalloc" >&6; }
+if test $ac_cv_func_emalloc = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_EMALLOC 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" emalloc.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS emalloc.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for erealloc" >&5
+echo $ECHO_N "checking for erealloc... $ECHO_C" >&6; }
+if test "${ac_cv_func_erealloc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define erealloc to an innocuous variant, in case <limits.h> declares erealloc.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define erealloc innocuous_erealloc
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char erealloc (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef erealloc
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char erealloc ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_erealloc || defined __stub___erealloc
+choke me
+#endif
+
+int
+main ()
+{
+return erealloc ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_erealloc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_erealloc=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_erealloc" >&5
+echo "${ECHO_T}$ac_cv_func_erealloc" >&6; }
+if test $ac_cv_func_erealloc = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_EREALLOC 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" erealloc.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS erealloc.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for estrdup" >&5
+echo $ECHO_N "checking for estrdup... $ECHO_C" >&6; }
+if test "${ac_cv_func_estrdup+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define estrdup to an innocuous variant, in case <limits.h> declares estrdup.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define estrdup innocuous_estrdup
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char estrdup (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef estrdup
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char estrdup ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_estrdup || defined __stub___estrdup
+choke me
+#endif
+
+int
+main ()
+{
+return estrdup ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_estrdup=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_estrdup=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_estrdup" >&5
+echo "${ECHO_T}$ac_cv_func_estrdup" >&6; }
+if test $ac_cv_func_estrdup = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_ESTRDUP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" estrdup.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS estrdup.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for err" >&5
+echo $ECHO_N "checking for err... $ECHO_C" >&6; }
+if test "${ac_cv_func_err+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define err to an innocuous variant, in case <limits.h> declares err.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define err innocuous_err
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char err (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef err
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char err ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_err || defined __stub___err
+choke me
+#endif
+
+int
+main ()
+{
+return err ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_err=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_err=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_err" >&5
+echo "${ECHO_T}$ac_cv_func_err" >&6; }
+if test $ac_cv_func_err = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_ERR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" err.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS err.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for errx" >&5
+echo $ECHO_N "checking for errx... $ECHO_C" >&6; }
+if test "${ac_cv_func_errx+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define errx to an innocuous variant, in case <limits.h> declares errx.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define errx innocuous_errx
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char errx (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef errx
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char errx ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_errx || defined __stub___errx
+choke me
+#endif
+
+int
+main ()
+{
+return errx ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_errx=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_errx=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_errx" >&5
+echo "${ECHO_T}$ac_cv_func_errx" >&6; }
+if test $ac_cv_func_errx = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_ERRX 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" errx.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS errx.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for fchown" >&5
+echo $ECHO_N "checking for fchown... $ECHO_C" >&6; }
+if test "${ac_cv_func_fchown+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define fchown to an innocuous variant, in case <limits.h> declares fchown.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define fchown innocuous_fchown
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char fchown (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef fchown
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char fchown ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_fchown || defined __stub___fchown
+choke me
+#endif
+
+int
+main ()
+{
+return fchown ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_fchown=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_fchown=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_fchown" >&5
+echo "${ECHO_T}$ac_cv_func_fchown" >&6; }
+if test $ac_cv_func_fchown = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FCHOWN 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" fchown.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS fchown.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for flock" >&5
+echo $ECHO_N "checking for flock... $ECHO_C" >&6; }
+if test "${ac_cv_func_flock+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define flock to an innocuous variant, in case <limits.h> declares flock.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define flock innocuous_flock
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char flock (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef flock
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char flock ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_flock || defined __stub___flock
+choke me
+#endif
+
+int
+main ()
+{
+return flock ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_flock=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_flock=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_flock" >&5
+echo "${ECHO_T}$ac_cv_func_flock" >&6; }
+if test $ac_cv_func_flock = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FLOCK 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" flock.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS flock.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for fnmatch" >&5
+echo $ECHO_N "checking for fnmatch... $ECHO_C" >&6; }
+if test "${ac_cv_func_fnmatch+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define fnmatch to an innocuous variant, in case <limits.h> declares fnmatch.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define fnmatch innocuous_fnmatch
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char fnmatch (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef fnmatch
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char fnmatch ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_fnmatch || defined __stub___fnmatch
+choke me
+#endif
+
+int
+main ()
+{
+return fnmatch ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_fnmatch=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_fnmatch=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_fnmatch" >&5
+echo "${ECHO_T}$ac_cv_func_fnmatch" >&6; }
+if test $ac_cv_func_fnmatch = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FNMATCH 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" fnmatch.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS fnmatch.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for freehostent" >&5
+echo $ECHO_N "checking for freehostent... $ECHO_C" >&6; }
+if test "${ac_cv_func_freehostent+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define freehostent to an innocuous variant, in case <limits.h> declares freehostent.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define freehostent innocuous_freehostent
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char freehostent (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef freehostent
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char freehostent ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_freehostent || defined __stub___freehostent
+choke me
+#endif
+
+int
+main ()
+{
+return freehostent ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_freehostent=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_freehostent=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_freehostent" >&5
+echo "${ECHO_T}$ac_cv_func_freehostent" >&6; }
+if test $ac_cv_func_freehostent = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FREEHOSTENT 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" freehostent.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS freehostent.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getcwd" >&5
+echo $ECHO_N "checking for getcwd... $ECHO_C" >&6; }
+if test "${ac_cv_func_getcwd+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getcwd to an innocuous variant, in case <limits.h> declares getcwd.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getcwd innocuous_getcwd
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getcwd (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getcwd
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getcwd ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getcwd || defined __stub___getcwd
+choke me
+#endif
+
+int
+main ()
+{
+return getcwd ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getcwd=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getcwd=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getcwd" >&5
+echo "${ECHO_T}$ac_cv_func_getcwd" >&6; }
+if test $ac_cv_func_getcwd = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETCWD 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getcwd.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getcwd.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getdtablesize" >&5
+echo $ECHO_N "checking for getdtablesize... $ECHO_C" >&6; }
+if test "${ac_cv_func_getdtablesize+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getdtablesize to an innocuous variant, in case <limits.h> declares getdtablesize.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getdtablesize innocuous_getdtablesize
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getdtablesize (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getdtablesize
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getdtablesize ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getdtablesize || defined __stub___getdtablesize
+choke me
+#endif
+
+int
+main ()
+{
+return getdtablesize ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getdtablesize=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getdtablesize=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getdtablesize" >&5
+echo "${ECHO_T}$ac_cv_func_getdtablesize" >&6; }
+if test $ac_cv_func_getdtablesize = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETDTABLESIZE 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getdtablesize.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getdtablesize.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getegid" >&5
+echo $ECHO_N "checking for getegid... $ECHO_C" >&6; }
+if test "${ac_cv_func_getegid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getegid to an innocuous variant, in case <limits.h> declares getegid.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getegid innocuous_getegid
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getegid (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getegid
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getegid ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getegid || defined __stub___getegid
+choke me
+#endif
+
+int
+main ()
+{
+return getegid ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getegid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getegid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getegid" >&5
+echo "${ECHO_T}$ac_cv_func_getegid" >&6; }
+if test $ac_cv_func_getegid = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETEGID 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getegid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getegid.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for geteuid" >&5
+echo $ECHO_N "checking for geteuid... $ECHO_C" >&6; }
+if test "${ac_cv_func_geteuid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define geteuid to an innocuous variant, in case <limits.h> declares geteuid.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define geteuid innocuous_geteuid
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char geteuid (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef geteuid
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char geteuid ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_geteuid || defined __stub___geteuid
+choke me
+#endif
+
+int
+main ()
+{
+return geteuid ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_geteuid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_geteuid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_geteuid" >&5
+echo "${ECHO_T}$ac_cv_func_geteuid" >&6; }
+if test $ac_cv_func_geteuid = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETEUID 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" geteuid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS geteuid.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getgid" >&5
+echo $ECHO_N "checking for getgid... $ECHO_C" >&6; }
+if test "${ac_cv_func_getgid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getgid to an innocuous variant, in case <limits.h> declares getgid.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getgid innocuous_getgid
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getgid (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getgid
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getgid ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getgid || defined __stub___getgid
+choke me
+#endif
+
+int
+main ()
+{
+return getgid ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getgid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getgid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getgid" >&5
+echo "${ECHO_T}$ac_cv_func_getgid" >&6; }
+if test $ac_cv_func_getgid = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETGID 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getgid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getgid.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for gethostname" >&5
+echo $ECHO_N "checking for gethostname... $ECHO_C" >&6; }
+if test "${ac_cv_func_gethostname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define gethostname to an innocuous variant, in case <limits.h> declares gethostname.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define gethostname innocuous_gethostname
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char gethostname (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef gethostname
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostname ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_gethostname || defined __stub___gethostname
+choke me
+#endif
+
+int
+main ()
+{
+return gethostname ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_gethostname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_gethostname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostname" >&5
+echo "${ECHO_T}$ac_cv_func_gethostname" >&6; }
+if test $ac_cv_func_gethostname = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETHOSTNAME 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" gethostname.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS gethostname.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getifaddrs" >&5
+echo $ECHO_N "checking for getifaddrs... $ECHO_C" >&6; }
+if test "${ac_cv_func_getifaddrs+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getifaddrs to an innocuous variant, in case <limits.h> declares getifaddrs.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getifaddrs innocuous_getifaddrs
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getifaddrs (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getifaddrs
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getifaddrs ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getifaddrs || defined __stub___getifaddrs
+choke me
+#endif
+
+int
+main ()
+{
+return getifaddrs ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getifaddrs=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getifaddrs=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getifaddrs" >&5
+echo "${ECHO_T}$ac_cv_func_getifaddrs" >&6; }
+if test $ac_cv_func_getifaddrs = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETIFADDRS 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getifaddrs.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getifaddrs.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getipnodebyaddr" >&5
+echo $ECHO_N "checking for getipnodebyaddr... $ECHO_C" >&6; }
+if test "${ac_cv_func_getipnodebyaddr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getipnodebyaddr to an innocuous variant, in case <limits.h> declares getipnodebyaddr.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getipnodebyaddr innocuous_getipnodebyaddr
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getipnodebyaddr (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getipnodebyaddr
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getipnodebyaddr ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getipnodebyaddr || defined __stub___getipnodebyaddr
+choke me
+#endif
+
+int
+main ()
+{
+return getipnodebyaddr ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getipnodebyaddr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getipnodebyaddr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyaddr" >&5
+echo "${ECHO_T}$ac_cv_func_getipnodebyaddr" >&6; }
+if test $ac_cv_func_getipnodebyaddr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETIPNODEBYADDR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getipnodebyaddr.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getipnodebyaddr.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getipnodebyname" >&5
+echo $ECHO_N "checking for getipnodebyname... $ECHO_C" >&6; }
+if test "${ac_cv_func_getipnodebyname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getipnodebyname to an innocuous variant, in case <limits.h> declares getipnodebyname.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getipnodebyname innocuous_getipnodebyname
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getipnodebyname (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getipnodebyname
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getipnodebyname ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getipnodebyname || defined __stub___getipnodebyname
+choke me
+#endif
+
+int
+main ()
+{
+return getipnodebyname ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getipnodebyname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getipnodebyname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyname" >&5
+echo "${ECHO_T}$ac_cv_func_getipnodebyname" >&6; }
+if test $ac_cv_func_getipnodebyname = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETIPNODEBYNAME 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getipnodebyname.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getipnodebyname.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getopt" >&5
+echo $ECHO_N "checking for getopt... $ECHO_C" >&6; }
+if test "${ac_cv_func_getopt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getopt to an innocuous variant, in case <limits.h> declares getopt.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getopt innocuous_getopt
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getopt (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getopt
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getopt ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getopt || defined __stub___getopt
+choke me
+#endif
+
+int
+main ()
+{
+return getopt ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getopt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getopt=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getopt" >&5
+echo "${ECHO_T}$ac_cv_func_getopt" >&6; }
+if test $ac_cv_func_getopt = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETOPT 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getopt.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getopt.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for gettimeofday" >&5
+echo $ECHO_N "checking for gettimeofday... $ECHO_C" >&6; }
+if test "${ac_cv_func_gettimeofday+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define gettimeofday to an innocuous variant, in case <limits.h> declares gettimeofday.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define gettimeofday innocuous_gettimeofday
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char gettimeofday (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef gettimeofday
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gettimeofday ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_gettimeofday || defined __stub___gettimeofday
+choke me
+#endif
+
+int
+main ()
+{
+return gettimeofday ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_gettimeofday=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_gettimeofday=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_gettimeofday" >&5
+echo "${ECHO_T}$ac_cv_func_gettimeofday" >&6; }
+if test $ac_cv_func_gettimeofday = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETTIMEOFDAY 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" gettimeofday.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS gettimeofday.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getuid" >&5
+echo $ECHO_N "checking for getuid... $ECHO_C" >&6; }
+if test "${ac_cv_func_getuid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getuid to an innocuous variant, in case <limits.h> declares getuid.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getuid innocuous_getuid
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getuid (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getuid
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getuid ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getuid || defined __stub___getuid
+choke me
+#endif
+
+int
+main ()
+{
+return getuid ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getuid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getuid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getuid" >&5
+echo "${ECHO_T}$ac_cv_func_getuid" >&6; }
+if test $ac_cv_func_getuid = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETUID 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getuid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getuid.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for getusershell" >&5
+echo $ECHO_N "checking for getusershell... $ECHO_C" >&6; }
+if test "${ac_cv_func_getusershell+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getusershell to an innocuous variant, in case <limits.h> declares getusershell.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getusershell innocuous_getusershell
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getusershell (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getusershell
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getusershell ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getusershell || defined __stub___getusershell
+choke me
+#endif
+
+int
+main ()
+{
+return getusershell ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getusershell=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getusershell=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getusershell" >&5
+echo "${ECHO_T}$ac_cv_func_getusershell" >&6; }
+if test $ac_cv_func_getusershell = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GETUSERSHELL 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" getusershell.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getusershell.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for initgroups" >&5
+echo $ECHO_N "checking for initgroups... $ECHO_C" >&6; }
+if test "${ac_cv_func_initgroups+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define initgroups to an innocuous variant, in case <limits.h> declares initgroups.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define initgroups innocuous_initgroups
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char initgroups (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef initgroups
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char initgroups ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_initgroups || defined __stub___initgroups
+choke me
+#endif
+
+int
+main ()
+{
+return initgroups ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_initgroups=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_initgroups=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_initgroups" >&5
+echo "${ECHO_T}$ac_cv_func_initgroups" >&6; }
+if test $ac_cv_func_initgroups = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INITGROUPS 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" initgroups.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS initgroups.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for innetgr" >&5
+echo $ECHO_N "checking for innetgr... $ECHO_C" >&6; }
+if test "${ac_cv_func_innetgr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define innetgr to an innocuous variant, in case <limits.h> declares innetgr.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define innetgr innocuous_innetgr
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char innetgr (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef innetgr
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char innetgr ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_innetgr || defined __stub___innetgr
+choke me
+#endif
+
+int
+main ()
+{
+return innetgr ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_innetgr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_innetgr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_innetgr" >&5
+echo "${ECHO_T}$ac_cv_func_innetgr" >&6; }
+if test $ac_cv_func_innetgr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INNETGR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" innetgr.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS innetgr.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for iruserok" >&5
+echo $ECHO_N "checking for iruserok... $ECHO_C" >&6; }
+if test "${ac_cv_func_iruserok+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define iruserok to an innocuous variant, in case <limits.h> declares iruserok.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define iruserok innocuous_iruserok
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char iruserok (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef iruserok
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char iruserok ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_iruserok || defined __stub___iruserok
+choke me
+#endif
+
+int
+main ()
+{
+return iruserok ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_iruserok=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_iruserok=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_iruserok" >&5
+echo "${ECHO_T}$ac_cv_func_iruserok" >&6; }
+if test $ac_cv_func_iruserok = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_IRUSEROK 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" iruserok.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS iruserok.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for localtime_r" >&5
+echo $ECHO_N "checking for localtime_r... $ECHO_C" >&6; }
+if test "${ac_cv_func_localtime_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define localtime_r to an innocuous variant, in case <limits.h> declares localtime_r.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define localtime_r innocuous_localtime_r
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char localtime_r (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef localtime_r
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char localtime_r ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_localtime_r || defined __stub___localtime_r
+choke me
+#endif
+
+int
+main ()
+{
+return localtime_r ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_localtime_r=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_localtime_r=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_localtime_r" >&5
+echo "${ECHO_T}$ac_cv_func_localtime_r" >&6; }
+if test $ac_cv_func_localtime_r = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LOCALTIME_R 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" localtime_r.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS localtime_r.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for lstat" >&5
+echo $ECHO_N "checking for lstat... $ECHO_C" >&6; }
+if test "${ac_cv_func_lstat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define lstat to an innocuous variant, in case <limits.h> declares lstat.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define lstat innocuous_lstat
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char lstat (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef lstat
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char lstat ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_lstat || defined __stub___lstat
+choke me
+#endif
+
+int
+main ()
+{
+return lstat ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_lstat=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_lstat=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_lstat" >&5
+echo "${ECHO_T}$ac_cv_func_lstat" >&6; }
+if test $ac_cv_func_lstat = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LSTAT 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" lstat.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS lstat.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for memmove" >&5
+echo $ECHO_N "checking for memmove... $ECHO_C" >&6; }
+if test "${ac_cv_func_memmove+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define memmove to an innocuous variant, in case <limits.h> declares memmove.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define memmove innocuous_memmove
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char memmove (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef memmove
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char memmove ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_memmove || defined __stub___memmove
+choke me
+#endif
+
+int
+main ()
+{
+return memmove ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_memmove=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_memmove=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_memmove" >&5
+echo "${ECHO_T}$ac_cv_func_memmove" >&6; }
+if test $ac_cv_func_memmove = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_MEMMOVE 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" memmove.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS memmove.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for mkstemp" >&5
+echo $ECHO_N "checking for mkstemp... $ECHO_C" >&6; }
+if test "${ac_cv_func_mkstemp+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define mkstemp to an innocuous variant, in case <limits.h> declares mkstemp.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define mkstemp innocuous_mkstemp
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char mkstemp (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef mkstemp
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char mkstemp ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_mkstemp || defined __stub___mkstemp
+choke me
+#endif
+
+int
+main ()
+{
+return mkstemp ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_mkstemp=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_mkstemp=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp" >&5
+echo "${ECHO_T}$ac_cv_func_mkstemp" >&6; }
+if test $ac_cv_func_mkstemp = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_MKSTEMP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" mkstemp.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS mkstemp.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for putenv" >&5
+echo $ECHO_N "checking for putenv... $ECHO_C" >&6; }
+if test "${ac_cv_func_putenv+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define putenv to an innocuous variant, in case <limits.h> declares putenv.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define putenv innocuous_putenv
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char putenv (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef putenv
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char putenv ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_putenv || defined __stub___putenv
+choke me
+#endif
+
+int
+main ()
+{
+return putenv ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_putenv=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_putenv=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_putenv" >&5
+echo "${ECHO_T}$ac_cv_func_putenv" >&6; }
+if test $ac_cv_func_putenv = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_PUTENV 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" putenv.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS putenv.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for rcmd" >&5
+echo $ECHO_N "checking for rcmd... $ECHO_C" >&6; }
+if test "${ac_cv_func_rcmd+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define rcmd to an innocuous variant, in case <limits.h> declares rcmd.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define rcmd innocuous_rcmd
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char rcmd (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef rcmd
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char rcmd ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_rcmd || defined __stub___rcmd
+choke me
+#endif
+
+int
+main ()
+{
+return rcmd ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_rcmd=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_rcmd=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_rcmd" >&5
+echo "${ECHO_T}$ac_cv_func_rcmd" >&6; }
+if test $ac_cv_func_rcmd = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_RCMD 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" rcmd.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS rcmd.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for readv" >&5
+echo $ECHO_N "checking for readv... $ECHO_C" >&6; }
+if test "${ac_cv_func_readv+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define readv to an innocuous variant, in case <limits.h> declares readv.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define readv innocuous_readv
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char readv (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef readv
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char readv ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_readv || defined __stub___readv
+choke me
+#endif
+
+int
+main ()
+{
+return readv ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_readv=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_readv=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_readv" >&5
+echo "${ECHO_T}$ac_cv_func_readv" >&6; }
+if test $ac_cv_func_readv = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_READV 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" readv.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS readv.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for recvmsg" >&5
+echo $ECHO_N "checking for recvmsg... $ECHO_C" >&6; }
+if test "${ac_cv_func_recvmsg+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define recvmsg to an innocuous variant, in case <limits.h> declares recvmsg.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define recvmsg innocuous_recvmsg
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char recvmsg (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef recvmsg
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char recvmsg ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_recvmsg || defined __stub___recvmsg
+choke me
+#endif
+
+int
+main ()
+{
+return recvmsg ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_recvmsg=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_recvmsg=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_recvmsg" >&5
+echo "${ECHO_T}$ac_cv_func_recvmsg" >&6; }
+if test $ac_cv_func_recvmsg = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_RECVMSG 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" recvmsg.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS recvmsg.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for sendmsg" >&5
+echo $ECHO_N "checking for sendmsg... $ECHO_C" >&6; }
+if test "${ac_cv_func_sendmsg+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define sendmsg to an innocuous variant, in case <limits.h> declares sendmsg.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define sendmsg innocuous_sendmsg
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char sendmsg (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef sendmsg
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char sendmsg ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_sendmsg || defined __stub___sendmsg
+choke me
+#endif
+
+int
+main ()
+{
+return sendmsg ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_sendmsg=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_sendmsg=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_sendmsg" >&5
+echo "${ECHO_T}$ac_cv_func_sendmsg" >&6; }
+if test $ac_cv_func_sendmsg = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SENDMSG 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" sendmsg.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS sendmsg.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for setegid" >&5
+echo $ECHO_N "checking for setegid... $ECHO_C" >&6; }
+if test "${ac_cv_func_setegid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define setegid to an innocuous variant, in case <limits.h> declares setegid.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define setegid innocuous_setegid
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char setegid (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef setegid
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setegid ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_setegid || defined __stub___setegid
+choke me
+#endif
+
+int
+main ()
+{
+return setegid ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_setegid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_setegid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_setegid" >&5
+echo "${ECHO_T}$ac_cv_func_setegid" >&6; }
+if test $ac_cv_func_setegid = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SETEGID 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" setegid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS setegid.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for setenv" >&5
+echo $ECHO_N "checking for setenv... $ECHO_C" >&6; }
+if test "${ac_cv_func_setenv+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define setenv to an innocuous variant, in case <limits.h> declares setenv.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define setenv innocuous_setenv
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char setenv (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef setenv
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setenv ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_setenv || defined __stub___setenv
+choke me
+#endif
+
+int
+main ()
+{
+return setenv ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_setenv=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_setenv=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_setenv" >&5
+echo "${ECHO_T}$ac_cv_func_setenv" >&6; }
+if test $ac_cv_func_setenv = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SETENV 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" setenv.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS setenv.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for seteuid" >&5
+echo $ECHO_N "checking for seteuid... $ECHO_C" >&6; }
+if test "${ac_cv_func_seteuid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define seteuid to an innocuous variant, in case <limits.h> declares seteuid.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define seteuid innocuous_seteuid
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char seteuid (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef seteuid
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char seteuid ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_seteuid || defined __stub___seteuid
+choke me
+#endif
+
+int
+main ()
+{
+return seteuid ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_seteuid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_seteuid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_seteuid" >&5
+echo "${ECHO_T}$ac_cv_func_seteuid" >&6; }
+if test $ac_cv_func_seteuid = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SETEUID 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" seteuid.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS seteuid.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strcasecmp" >&5
+echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6; }
+if test "${ac_cv_func_strcasecmp+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strcasecmp to an innocuous variant, in case <limits.h> declares strcasecmp.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strcasecmp innocuous_strcasecmp
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strcasecmp (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strcasecmp
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strcasecmp ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strcasecmp || defined __stub___strcasecmp
+choke me
+#endif
+
+int
+main ()
+{
+return strcasecmp ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strcasecmp=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strcasecmp=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strcasecmp" >&5
+echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6; }
+if test $ac_cv_func_strcasecmp = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRCASECMP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strcasecmp.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strcasecmp.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strdup" >&5
+echo $ECHO_N "checking for strdup... $ECHO_C" >&6; }
+if test "${ac_cv_func_strdup+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strdup to an innocuous variant, in case <limits.h> declares strdup.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strdup innocuous_strdup
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strdup (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strdup
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strdup ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strdup || defined __stub___strdup
+choke me
+#endif
+
+int
+main ()
+{
+return strdup ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strdup=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strdup=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strdup" >&5
+echo "${ECHO_T}$ac_cv_func_strdup" >&6; }
+if test $ac_cv_func_strdup = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRDUP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strdup.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strdup.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strerror" >&5
+echo $ECHO_N "checking for strerror... $ECHO_C" >&6; }
+if test "${ac_cv_func_strerror+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strerror to an innocuous variant, in case <limits.h> declares strerror.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strerror innocuous_strerror
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strerror (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strerror
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strerror ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strerror || defined __stub___strerror
+choke me
+#endif
+
+int
+main ()
+{
+return strerror ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strerror=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strerror=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strerror" >&5
+echo "${ECHO_T}$ac_cv_func_strerror" >&6; }
+if test $ac_cv_func_strerror = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRERROR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strerror.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strerror.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strftime" >&5
+echo $ECHO_N "checking for strftime... $ECHO_C" >&6; }
+if test "${ac_cv_func_strftime+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strftime to an innocuous variant, in case <limits.h> declares strftime.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strftime innocuous_strftime
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strftime (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strftime
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strftime ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strftime || defined __stub___strftime
+choke me
+#endif
+
+int
+main ()
+{
+return strftime ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strftime=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strftime=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strftime" >&5
+echo "${ECHO_T}$ac_cv_func_strftime" >&6; }
+if test $ac_cv_func_strftime = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strftime.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strftime.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strlcat" >&5
+echo $ECHO_N "checking for strlcat... $ECHO_C" >&6; }
+if test "${ac_cv_func_strlcat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strlcat to an innocuous variant, in case <limits.h> declares strlcat.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strlcat innocuous_strlcat
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strlcat (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strlcat
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strlcat ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strlcat || defined __stub___strlcat
+choke me
+#endif
+
+int
+main ()
+{
+return strlcat ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strlcat=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strlcat=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strlcat" >&5
+echo "${ECHO_T}$ac_cv_func_strlcat" >&6; }
+if test $ac_cv_func_strlcat = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRLCAT 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strlcat.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strlcat.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strlcpy" >&5
+echo $ECHO_N "checking for strlcpy... $ECHO_C" >&6; }
+if test "${ac_cv_func_strlcpy+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strlcpy to an innocuous variant, in case <limits.h> declares strlcpy.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strlcpy innocuous_strlcpy
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strlcpy (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strlcpy
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strlcpy ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strlcpy || defined __stub___strlcpy
+choke me
+#endif
+
+int
+main ()
+{
+return strlcpy ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strlcpy=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strlcpy=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strlcpy" >&5
+echo "${ECHO_T}$ac_cv_func_strlcpy" >&6; }
+if test $ac_cv_func_strlcpy = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRLCPY 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strlcpy.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strlcpy.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strlwr" >&5
+echo $ECHO_N "checking for strlwr... $ECHO_C" >&6; }
+if test "${ac_cv_func_strlwr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strlwr to an innocuous variant, in case <limits.h> declares strlwr.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strlwr innocuous_strlwr
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strlwr (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strlwr
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strlwr ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strlwr || defined __stub___strlwr
+choke me
+#endif
+
+int
+main ()
+{
+return strlwr ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strlwr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strlwr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strlwr" >&5
+echo "${ECHO_T}$ac_cv_func_strlwr" >&6; }
+if test $ac_cv_func_strlwr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRLWR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strlwr.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strlwr.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strncasecmp" >&5
+echo $ECHO_N "checking for strncasecmp... $ECHO_C" >&6; }
+if test "${ac_cv_func_strncasecmp+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strncasecmp to an innocuous variant, in case <limits.h> declares strncasecmp.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strncasecmp innocuous_strncasecmp
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strncasecmp (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strncasecmp
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strncasecmp ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strncasecmp || defined __stub___strncasecmp
+choke me
+#endif
+
+int
+main ()
+{
+return strncasecmp ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strncasecmp=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strncasecmp=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strncasecmp" >&5
+echo "${ECHO_T}$ac_cv_func_strncasecmp" >&6; }
+if test $ac_cv_func_strncasecmp = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRNCASECMP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strncasecmp.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strncasecmp.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strndup" >&5
+echo $ECHO_N "checking for strndup... $ECHO_C" >&6; }
+if test "${ac_cv_func_strndup+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strndup to an innocuous variant, in case <limits.h> declares strndup.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strndup innocuous_strndup
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strndup (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strndup
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strndup ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strndup || defined __stub___strndup
+choke me
+#endif
+
+int
+main ()
+{
+return strndup ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strndup=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strndup=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strndup" >&5
+echo "${ECHO_T}$ac_cv_func_strndup" >&6; }
+if test $ac_cv_func_strndup = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRNDUP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strndup.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strndup.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strnlen" >&5
+echo $ECHO_N "checking for strnlen... $ECHO_C" >&6; }
+if test "${ac_cv_func_strnlen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strnlen to an innocuous variant, in case <limits.h> declares strnlen.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strnlen innocuous_strnlen
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strnlen (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strnlen
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strnlen ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strnlen || defined __stub___strnlen
+choke me
+#endif
+
+int
+main ()
+{
+return strnlen ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strnlen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strnlen=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strnlen" >&5
+echo "${ECHO_T}$ac_cv_func_strnlen" >&6; }
+if test $ac_cv_func_strnlen = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRNLEN 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strnlen.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strnlen.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strptime" >&5
+echo $ECHO_N "checking for strptime... $ECHO_C" >&6; }
+if test "${ac_cv_func_strptime+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strptime to an innocuous variant, in case <limits.h> declares strptime.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strptime innocuous_strptime
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strptime (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strptime
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strptime ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strptime || defined __stub___strptime
+choke me
+#endif
+
+int
+main ()
+{
+return strptime ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strptime=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strptime=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strptime" >&5
+echo "${ECHO_T}$ac_cv_func_strptime" >&6; }
+if test $ac_cv_func_strptime = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRPTIME 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strptime.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strptime.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strsep" >&5
+echo $ECHO_N "checking for strsep... $ECHO_C" >&6; }
+if test "${ac_cv_func_strsep+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strsep to an innocuous variant, in case <limits.h> declares strsep.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strsep innocuous_strsep
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strsep (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strsep
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strsep ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strsep || defined __stub___strsep
+choke me
+#endif
+
+int
+main ()
+{
+return strsep ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strsep=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strsep=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep" >&5
+echo "${ECHO_T}$ac_cv_func_strsep" >&6; }
+if test $ac_cv_func_strsep = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRSEP 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strsep.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strsep.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strsep_copy" >&5
+echo $ECHO_N "checking for strsep_copy... $ECHO_C" >&6; }
+if test "${ac_cv_func_strsep_copy+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strsep_copy to an innocuous variant, in case <limits.h> declares strsep_copy.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strsep_copy innocuous_strsep_copy
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strsep_copy (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strsep_copy
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strsep_copy ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strsep_copy || defined __stub___strsep_copy
+choke me
+#endif
+
+int
+main ()
+{
+return strsep_copy ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strsep_copy=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strsep_copy=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep_copy" >&5
+echo "${ECHO_T}$ac_cv_func_strsep_copy" >&6; }
+if test $ac_cv_func_strsep_copy = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRSEP_COPY 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strsep_copy.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strsep_copy.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strtok_r" >&5
+echo $ECHO_N "checking for strtok_r... $ECHO_C" >&6; }
+if test "${ac_cv_func_strtok_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strtok_r to an innocuous variant, in case <limits.h> declares strtok_r.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strtok_r innocuous_strtok_r
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strtok_r (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strtok_r
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strtok_r ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strtok_r || defined __stub___strtok_r
+choke me
+#endif
+
+int
+main ()
+{
+return strtok_r ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strtok_r=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strtok_r=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r" >&5
+echo "${ECHO_T}$ac_cv_func_strtok_r" >&6; }
+if test $ac_cv_func_strtok_r = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRTOK_R 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strtok_r.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strtok_r.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for strupr" >&5
+echo $ECHO_N "checking for strupr... $ECHO_C" >&6; }
+if test "${ac_cv_func_strupr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define strupr to an innocuous variant, in case <limits.h> declares strupr.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define strupr innocuous_strupr
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char strupr (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef strupr
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strupr ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_strupr || defined __stub___strupr
+choke me
+#endif
+
+int
+main ()
+{
+return strupr ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_strupr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_strupr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strupr" >&5
+echo "${ECHO_T}$ac_cv_func_strupr" >&6; }
+if test $ac_cv_func_strupr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUPR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" strupr.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS strupr.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for swab" >&5
+echo $ECHO_N "checking for swab... $ECHO_C" >&6; }
+if test "${ac_cv_func_swab+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define swab to an innocuous variant, in case <limits.h> declares swab.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define swab innocuous_swab
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char swab (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef swab
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char swab ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_swab || defined __stub___swab
+choke me
+#endif
+
+int
+main ()
+{
+return swab ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_swab=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_swab=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_swab" >&5
+echo "${ECHO_T}$ac_cv_func_swab" >&6; }
+if test $ac_cv_func_swab = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SWAB 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" swab.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS swab.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for timegm" >&5
+echo $ECHO_N "checking for timegm... $ECHO_C" >&6; }
+if test "${ac_cv_func_timegm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define timegm to an innocuous variant, in case <limits.h> declares timegm.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define timegm innocuous_timegm
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char timegm (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef timegm
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char timegm ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_timegm || defined __stub___timegm
+choke me
+#endif
+
+int
+main ()
+{
+return timegm ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_timegm=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_timegm=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_timegm" >&5
+echo "${ECHO_T}$ac_cv_func_timegm" >&6; }
+if test $ac_cv_func_timegm = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_TIMEGM 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" timegm.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS timegm.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for unsetenv" >&5
+echo $ECHO_N "checking for unsetenv... $ECHO_C" >&6; }
+if test "${ac_cv_func_unsetenv+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define unsetenv to an innocuous variant, in case <limits.h> declares unsetenv.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define unsetenv innocuous_unsetenv
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char unsetenv (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef unsetenv
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char unsetenv ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_unsetenv || defined __stub___unsetenv
+choke me
+#endif
+
+int
+main ()
+{
+return unsetenv ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_unsetenv=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_unsetenv=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv" >&5
+echo "${ECHO_T}$ac_cv_func_unsetenv" >&6; }
+if test $ac_cv_func_unsetenv = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UNSETENV 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" unsetenv.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS unsetenv.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for verr" >&5
+echo $ECHO_N "checking for verr... $ECHO_C" >&6; }
+if test "${ac_cv_func_verr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define verr to an innocuous variant, in case <limits.h> declares verr.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define verr innocuous_verr
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char verr (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef verr
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char verr ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_verr || defined __stub___verr
+choke me
+#endif
+
+int
+main ()
+{
+return verr ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_verr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_verr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_verr" >&5
+echo "${ECHO_T}$ac_cv_func_verr" >&6; }
+if test $ac_cv_func_verr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_VERR 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" verr.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS verr.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for verrx" >&5
+echo $ECHO_N "checking for verrx... $ECHO_C" >&6; }
+if test "${ac_cv_func_verrx+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define verrx to an innocuous variant, in case <limits.h> declares verrx.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define verrx innocuous_verrx
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char verrx (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef verrx
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char verrx ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_verrx || defined __stub___verrx
+choke me
+#endif
+
+int
+main ()
+{
+return verrx ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_verrx=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_verrx=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_verrx" >&5
+echo "${ECHO_T}$ac_cv_func_verrx" >&6; }
+if test $ac_cv_func_verrx = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_VERRX 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" verrx.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS verrx.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for vsyslog" >&5
+echo $ECHO_N "checking for vsyslog... $ECHO_C" >&6; }
+if test "${ac_cv_func_vsyslog+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define vsyslog to an innocuous variant, in case <limits.h> declares vsyslog.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define vsyslog innocuous_vsyslog
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char vsyslog (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef vsyslog
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char vsyslog ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_vsyslog || defined __stub___vsyslog
+choke me
+#endif
+
+int
+main ()
+{
+return vsyslog ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_vsyslog=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_vsyslog=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vsyslog" >&5
+echo "${ECHO_T}$ac_cv_func_vsyslog" >&6; }
+if test $ac_cv_func_vsyslog = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_VSYSLOG 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" vsyslog.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS vsyslog.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for vwarn" >&5
+echo $ECHO_N "checking for vwarn... $ECHO_C" >&6; }
+if test "${ac_cv_func_vwarn+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define vwarn to an innocuous variant, in case <limits.h> declares vwarn.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define vwarn innocuous_vwarn
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char vwarn (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef vwarn
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char vwarn ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_vwarn || defined __stub___vwarn
+choke me
+#endif
+
+int
+main ()
+{
+return vwarn ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_vwarn=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_vwarn=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vwarn" >&5
+echo "${ECHO_T}$ac_cv_func_vwarn" >&6; }
+if test $ac_cv_func_vwarn = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_VWARN 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" vwarn.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS vwarn.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for vwarnx" >&5
+echo $ECHO_N "checking for vwarnx... $ECHO_C" >&6; }
+if test "${ac_cv_func_vwarnx+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define vwarnx to an innocuous variant, in case <limits.h> declares vwarnx.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define vwarnx innocuous_vwarnx
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char vwarnx (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef vwarnx
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char vwarnx ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_vwarnx || defined __stub___vwarnx
+choke me
+#endif
+
+int
+main ()
+{
+return vwarnx ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_vwarnx=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_vwarnx=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vwarnx" >&5
+echo "${ECHO_T}$ac_cv_func_vwarnx" >&6; }
+if test $ac_cv_func_vwarnx = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_VWARNX 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" vwarnx.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS vwarnx.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for warn" >&5
+echo $ECHO_N "checking for warn... $ECHO_C" >&6; }
+if test "${ac_cv_func_warn+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define warn to an innocuous variant, in case <limits.h> declares warn.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define warn innocuous_warn
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char warn (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef warn
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char warn ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_warn || defined __stub___warn
+choke me
+#endif
+
+int
+main ()
+{
+return warn ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_warn=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_warn=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_warn" >&5
+echo "${ECHO_T}$ac_cv_func_warn" >&6; }
+if test $ac_cv_func_warn = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_WARN 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" warn.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS warn.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for warnx" >&5
+echo $ECHO_N "checking for warnx... $ECHO_C" >&6; }
+if test "${ac_cv_func_warnx+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define warnx to an innocuous variant, in case <limits.h> declares warnx.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define warnx innocuous_warnx
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char warnx (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef warnx
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char warnx ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_warnx || defined __stub___warnx
+choke me
+#endif
+
+int
+main ()
+{
+return warnx ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_warnx=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_warnx=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_warnx" >&5
+echo "${ECHO_T}$ac_cv_func_warnx" >&6; }
+if test $ac_cv_func_warnx = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_WARNX 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" warnx.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS warnx.$ac_objext"
+ ;;
+esac
+
+fi
+{ echo "$as_me:$LINENO: checking for writev" >&5
+echo $ECHO_N "checking for writev... $ECHO_C" >&6; }
+if test "${ac_cv_func_writev+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define writev to an innocuous variant, in case <limits.h> declares writev.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define writev innocuous_writev
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char writev (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef writev
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char writev ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_writev || defined __stub___writev
+choke me
+#endif
+
+int
+main ()
+{
+return writev ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_writev=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_writev=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_writev" >&5
+echo "${ECHO_T}$ac_cv_func_writev" >&6; }
+if test $ac_cv_func_writev = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_WRITEV 1
+_ACEOF
+
+else
+ case " $LIBOBJS " in
+ *" writev.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS writev.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+ if test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes; then
+ have_fnmatch_h_TRUE=
+ have_fnmatch_h_FALSE='#'
+else
+ have_fnmatch_h_TRUE='#'
+ have_fnmatch_h_FALSE=
+fi
+
+
+
+if test "$ac_cv_func_strndup+set" != set -o "$ac_cv_func_strndup" = yes; then
+{ echo "$as_me:$LINENO: checking if strndup needs a prototype" >&5
+echo $ECHO_N "checking if strndup needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strndup_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+struct foo { int foo; } xx;
+extern int strndup (struct foo*);
+int
+main ()
+{
+strndup(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strndup_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strndup_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strndup_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strndup_noproto" >&6; }
+if test "$ac_cv_func_strndup_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRNDUP_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then
+{ echo "$as_me:$LINENO: checking if strsep needs a prototype" >&5
+echo $ECHO_N "checking if strsep needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strsep_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+struct foo { int foo; } xx;
+extern int strsep (struct foo*);
+int
+main ()
+{
+strsep(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strsep_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strsep_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strsep_noproto" >&6; }
+if test "$ac_cv_func_strsep_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRSEP_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then
+{ echo "$as_me:$LINENO: checking if strtok_r needs a prototype" >&5
+echo $ECHO_N "checking if strtok_r needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strtok_r_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+struct foo { int foo; } xx;
+extern int strtok_r (struct foo*);
+int
+main ()
+{
+strtok_r(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strtok_r_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strtok_r_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strtok_r_noproto" >&6; }
+if test "$ac_cv_func_strtok_r_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRTOK_R_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+
+if test "$ac_cv_func_strsvis+set" != set -o "$ac_cv_func_strsvis" = yes; then
+{ echo "$as_me:$LINENO: checking if strsvis needs a prototype" >&5
+echo $ECHO_N "checking if strsvis needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strsvis_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int strsvis (struct foo*);
+int
+main ()
+{
+strsvis(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strsvis_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strsvis_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strsvis_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strsvis_noproto" >&6; }
+if test "$ac_cv_func_strsvis_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRSVIS_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_strunvis+set" != set -o "$ac_cv_func_strunvis" = yes; then
+{ echo "$as_me:$LINENO: checking if strunvis needs a prototype" >&5
+echo $ECHO_N "checking if strunvis needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strunvis_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int strunvis (struct foo*);
+int
+main ()
+{
+strunvis(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strunvis_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strunvis_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strunvis_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strunvis_noproto" >&6; }
+if test "$ac_cv_func_strunvis_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRUNVIS_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_strvis+set" != set -o "$ac_cv_func_strvis" = yes; then
+{ echo "$as_me:$LINENO: checking if strvis needs a prototype" >&5
+echo $ECHO_N "checking if strvis needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strvis_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int strvis (struct foo*);
+int
+main ()
+{
+strvis(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strvis_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strvis_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strvis_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strvis_noproto" >&6; }
+if test "$ac_cv_func_strvis_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRVIS_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_strvisx+set" != set -o "$ac_cv_func_strvisx" = yes; then
+{ echo "$as_me:$LINENO: checking if strvisx needs a prototype" >&5
+echo $ECHO_N "checking if strvisx needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_strvisx_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int strvisx (struct foo*);
+int
+main ()
+{
+strvisx(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_strvisx_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_strvisx_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_strvisx_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_strvisx_noproto" >&6; }
+if test "$ac_cv_func_strvisx_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_STRVISX_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_svis+set" != set -o "$ac_cv_func_svis" = yes; then
+{ echo "$as_me:$LINENO: checking if svis needs a prototype" >&5
+echo $ECHO_N "checking if svis needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_svis_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int svis (struct foo*);
+int
+main ()
+{
+svis(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_svis_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_svis_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_svis_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_svis_noproto" >&6; }
+if test "$ac_cv_func_svis_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_SVIS_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_unvis+set" != set -o "$ac_cv_func_unvis" = yes; then
+{ echo "$as_me:$LINENO: checking if unvis needs a prototype" >&5
+echo $ECHO_N "checking if unvis needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_unvis_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int unvis (struct foo*);
+int
+main ()
+{
+unvis(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_unvis_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_unvis_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_unvis_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_unvis_noproto" >&6; }
+if test "$ac_cv_func_unvis_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_UNVIS_PROTO 1
+_ACEOF
+
+fi
+fi
+
+if test "$ac_cv_func_vis+set" != set -o "$ac_cv_func_vis" = yes; then
+{ echo "$as_me:$LINENO: checking if vis needs a prototype" >&5
+echo $ECHO_N "checking if vis needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_vis_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_VIS_H
+#include <vis.h>
+#endif
+struct foo { int foo; } xx;
+extern int vis (struct foo*);
+int
+main ()
+{
+vis(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_vis_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_vis_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_vis_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_vis_noproto" >&6; }
+if test "$ac_cv_func_vis_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_VIS_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+{ echo "$as_me:$LINENO: checking for inet_aton" >&5
+echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6; }
+if test "${ac_cv_func_inet_aton+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+int
+main ()
+{
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_inet_aton) || defined (__stub___inet_aton)
+choke me
+#else
+inet_aton(0,0);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "ac_cv_func_inet_aton=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_inet_aton=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+if eval "test \"\${ac_cv_func_inet_aton}\" = yes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INET_ATON 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ case " $LIBOBJS " in
+ *" inet_aton.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS inet_aton.$ac_objext"
+ ;;
+esac
+
+fi
+
+{ echo "$as_me:$LINENO: checking for inet_ntop" >&5
+echo $ECHO_N "checking for inet_ntop... $ECHO_C" >&6; }
+if test "${ac_cv_func_inet_ntop+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+int
+main ()
+{
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_inet_ntop) || defined (__stub___inet_ntop)
+choke me
+#else
+inet_ntop(0, 0, 0, 0);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "ac_cv_func_inet_ntop=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_inet_ntop=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+if eval "test \"\${ac_cv_func_inet_ntop}\" = yes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INET_NTOP 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ case " $LIBOBJS " in
+ *" inet_ntop.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext"
+ ;;
+esac
+
+fi
+
+{ echo "$as_me:$LINENO: checking for inet_pton" >&5
+echo $ECHO_N "checking for inet_pton... $ECHO_C" >&6; }
+if test "${ac_cv_func_inet_pton+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+int
+main ()
+{
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_inet_pton) || defined (__stub___inet_pton)
+choke me
+#else
+inet_pton(0,0,0);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "ac_cv_func_inet_pton=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_inet_pton=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+if eval "test \"\${ac_cv_func_inet_pton}\" = yes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INET_PTON 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ case " $LIBOBJS " in
+ *" inet_pton.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for sa_len in struct sockaddr" >&5
+echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+struct sockaddr x; memset(&x, 0, sizeof(x)); x.sa_len
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_sockaddr_sa_len=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_sa_len" >&5
+echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6; }
+if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+
+
+if test "$ac_cv_func_getaddrinfo" = "yes"; then
+
+{ echo "$as_me:$LINENO: checking if getaddrinfo handles numeric services" >&5
+echo $ECHO_N "checking if getaddrinfo handles numeric services... $ECHO_C" >&6; }
+if test "${ac_cv_func_getaddrinfo_numserv+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+int
+main(int argc, char **argv)
+{
+ struct addrinfo hints, *ai;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_family = PF_UNSPEC;
+ if(getaddrinfo(NULL, "17", &hints, &ai) != 0)
+ return 1;
+ if(getaddrinfo(NULL, "0", &hints, &ai) != 0)
+ return 1;
+ return 0;
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_getaddrinfo_numserv=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_getaddrinfo_numserv=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo_numserv" >&5
+echo "${ECHO_T}$ac_cv_func_getaddrinfo_numserv" >&6; }
+ if test "$ac_cv_func_getaddrinfo_numserv" = no; then
+ case " $LIBOBJS " in
+ *" getaddrinfo.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext"
+ ;;
+esac
+
+ case " $LIBOBJS " in
+ *" freeaddrinfo.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS freeaddrinfo.$ac_objext"
+ ;;
+esac
+
+ fi
+fi
+
+
+if test "$ac_cv_func_setenv+set" != set -o "$ac_cv_func_setenv" = yes; then
+{ echo "$as_me:$LINENO: checking if setenv needs a prototype" >&5
+echo $ECHO_N "checking if setenv needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_setenv_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+struct foo { int foo; } xx;
+extern int setenv (struct foo*);
+int
+main ()
+{
+setenv(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_setenv_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_setenv_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_setenv_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_setenv_noproto" >&6; }
+if test "$ac_cv_func_setenv_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_SETENV_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$ac_cv_func_unsetenv+set" != set -o "$ac_cv_func_unsetenv" = yes; then
+{ echo "$as_me:$LINENO: checking if unsetenv needs a prototype" >&5
+echo $ECHO_N "checking if unsetenv needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_unsetenv_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+struct foo { int foo; } xx;
+extern int unsetenv (struct foo*);
+int
+main ()
+{
+unsetenv(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_unsetenv_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_unsetenv_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_unsetenv_noproto" >&6; }
+if test "$ac_cv_func_unsetenv_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_UNSETENV_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then
+{ echo "$as_me:$LINENO: checking if gethostname needs a prototype" >&5
+echo $ECHO_N "checking if gethostname needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_gethostname_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <unistd.h>
+struct foo { int foo; } xx;
+extern int gethostname (struct foo*);
+int
+main ()
+{
+gethostname(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_gethostname_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_gethostname_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostname_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_gethostname_noproto" >&6; }
+if test "$ac_cv_func_gethostname_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_GETHOSTNAME_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then
+{ echo "$as_me:$LINENO: checking if mkstemp needs a prototype" >&5
+echo $ECHO_N "checking if mkstemp needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_mkstemp_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <unistd.h>
+struct foo { int foo; } xx;
+extern int mkstemp (struct foo*);
+int
+main ()
+{
+mkstemp(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_mkstemp_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_mkstemp_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_mkstemp_noproto" >&6; }
+if test "$ac_cv_func_mkstemp_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_MKSTEMP_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then
+{ echo "$as_me:$LINENO: checking if getusershell needs a prototype" >&5
+echo $ECHO_N "checking if getusershell needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_getusershell_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <unistd.h>
+struct foo { int foo; } xx;
+extern int getusershell (struct foo*);
+int
+main ()
+{
+getusershell(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_getusershell_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_getusershell_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getusershell_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_getusershell_noproto" >&6; }
+if test "$ac_cv_func_getusershell_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_GETUSERSHELL_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$ac_cv_func_daemon+set" != set -o "$ac_cv_func_daemon" = yes; then
+{ echo "$as_me:$LINENO: checking if daemon needs a prototype" >&5
+echo $ECHO_N "checking if daemon needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_daemon_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <unistd.h>
+struct foo { int foo; } xx;
+extern int daemon (struct foo*);
+int
+main ()
+{
+daemon(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_daemon_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_daemon_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_daemon_noproto" >&6; }
+if test "$ac_cv_func_daemon_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_DAEMON_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$ac_cv_func_iruserok+set" != set -o "$ac_cv_func_iruserok" = yes; then
+{ echo "$as_me:$LINENO: checking if iruserok needs a prototype" >&5
+echo $ECHO_N "checking if iruserok needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_iruserok_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+struct foo { int foo; } xx;
+extern int iruserok (struct foo*);
+int
+main ()
+{
+iruserok(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_iruserok_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_iruserok_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_iruserok_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_iruserok_noproto" >&6; }
+if test "$ac_cv_func_iruserok_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_IRUSEROK_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+
+if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then
+{ echo "$as_me:$LINENO: checking if inet_aton needs a prototype" >&5
+echo $ECHO_N "checking if inet_aton needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_inet_aton_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+struct foo { int foo; } xx;
+extern int inet_aton (struct foo*);
+int
+main ()
+{
+inet_aton(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_inet_aton_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_inet_aton_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_inet_aton_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_inet_aton_noproto" >&6; }
+if test "$ac_cv_func_inet_aton_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_INET_ATON_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for crypt" >&5
+echo $ECHO_N "checking for crypt... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_crypt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_crypt\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" crypt; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+crypt()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_crypt"
+
+if false; then
+
+for ac_func in crypt
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# crypt
+eval "ac_tr_func=HAVE_`echo crypt | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_crypt=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_crypt=yes"
+ eval "LIB_crypt="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_crypt=no"
+ eval "LIB_crypt="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_crypt=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking if gethostbyname is compatible with system prototype" >&5
+echo $ECHO_N "checking if gethostbyname is compatible with system prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int
+main ()
+{
+struct hostent *gethostbyname(const char *)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_gethostbyname_proto_compat=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_gethostbyname_proto_compat=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname_proto_compat" >&5
+echo "${ECHO_T}$ac_cv_func_gethostbyname_proto_compat" >&6; }
+
+if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define GETHOSTBYNAME_PROTO_COMPATIBLE 1
+_ACEOF
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking if gethostbyaddr is compatible with system prototype" >&5
+echo $ECHO_N "checking if gethostbyaddr is compatible with system prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int
+main ()
+{
+struct hostent *gethostbyaddr(const void *, size_t, int)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_gethostbyaddr_proto_compat=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_gethostbyaddr_proto_compat=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5
+echo "${ECHO_T}$ac_cv_func_gethostbyaddr_proto_compat" >&6; }
+
+if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
+_ACEOF
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking if getservbyname is compatible with system prototype" >&5
+echo $ECHO_N "checking if getservbyname is compatible with system prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int
+main ()
+{
+struct servent *getservbyname(const char *, const char *)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_getservbyname_proto_compat=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_getservbyname_proto_compat=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getservbyname_proto_compat" >&5
+echo "${ECHO_T}$ac_cv_func_getservbyname_proto_compat" >&6; }
+
+if test "$ac_cv_func_getservbyname_proto_compat" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define GETSERVBYNAME_PROTO_COMPATIBLE 1
+_ACEOF
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking if getsockname is compatible with system prototype" >&5
+echo $ECHO_N "checking if getsockname is compatible with system prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+int
+main ()
+{
+int getsockname(int, struct sockaddr*, socklen_t*)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_getsockname_proto_compat=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_getsockname_proto_compat=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getsockname_proto_compat" >&5
+echo "${ECHO_T}$ac_cv_func_getsockname_proto_compat" >&6; }
+
+if test "$ac_cv_func_getsockname_proto_compat" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define GETSOCKNAME_PROTO_COMPATIBLE 1
+_ACEOF
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking if openlog is compatible with system prototype" >&5
+echo $ECHO_N "checking if openlog is compatible with system prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_openlog_proto_compat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+
+int
+main ()
+{
+void openlog(const char *, int, int)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_openlog_proto_compat=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_openlog_proto_compat=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_openlog_proto_compat" >&5
+echo "${ECHO_T}$ac_cv_func_openlog_proto_compat" >&6; }
+
+if test "$ac_cv_func_openlog_proto_compat" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define OPENLOG_PROTO_COMPATIBLE 1
+_ACEOF
+
+fi
+
+
+
+
+if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then
+{ echo "$as_me:$LINENO: checking if crypt needs a prototype" >&5
+echo $ECHO_N "checking if crypt needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_crypt_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+struct foo { int foo; } xx;
+extern int crypt (struct foo*);
+int
+main ()
+{
+crypt(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_crypt_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_crypt_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_crypt_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_crypt_noproto" >&6; }
+if test "$ac_cv_func_crypt_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_CRYPT_PROTO 1
+_ACEOF
+
+fi
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for h_errno" >&5
+echo $ECHO_N "checking for h_errno... $ECHO_C" >&6; }
+if test "${ac_cv_var_h_errno+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+ void * foo(void) { return &h_errno; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_h_errno=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_h_errno=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var_h_errno" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int h_errno;
+int foo(void) { return h_errno; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_h_errno=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_h_errno=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var_h_errno`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_H_ERRNO 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether h_errno is declared" >&5
+echo $ECHO_N "checking whether h_errno is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_h_errno+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int
+main ()
+{
+#ifndef h_errno
+ (void) h_errno;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_h_errno=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_h_errno=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errno" >&5
+echo "${ECHO_T}$ac_cv_have_decl_h_errno" >&6; }
+if test $ac_cv_have_decl_h_errno = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_ERRNO 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_ERRNO 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for h_errlist" >&5
+echo $ECHO_N "checking for h_errlist... $ECHO_C" >&6; }
+if test "${ac_cv_var_h_errlist+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+ void * foo(void) { return &h_errlist; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_h_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_h_errlist=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var_h_errlist" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int h_errlist;
+int foo(void) { return h_errlist; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_h_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_h_errlist=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var_h_errlist`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_H_ERRLIST 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether h_errlist is declared" >&5
+echo $ECHO_N "checking whether h_errlist is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_h_errlist+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int
+main ()
+{
+#ifndef h_errlist
+ (void) h_errlist;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_h_errlist=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_h_errlist=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errlist" >&5
+echo "${ECHO_T}$ac_cv_have_decl_h_errlist" >&6; }
+if test $ac_cv_have_decl_h_errlist = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_ERRLIST 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_ERRLIST 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for h_nerr" >&5
+echo $ECHO_N "checking for h_nerr... $ECHO_C" >&6; }
+if test "${ac_cv_var_h_nerr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+ void * foo(void) { return &h_nerr; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_h_nerr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_h_nerr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var_h_nerr" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int h_nerr;
+int foo(void) { return h_nerr; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_h_nerr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_h_nerr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var_h_nerr`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_H_NERR 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether h_nerr is declared" >&5
+echo $ECHO_N "checking whether h_nerr is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_h_nerr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+int
+main ()
+{
+#ifndef h_nerr
+ (void) h_nerr;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_h_nerr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_h_nerr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_nerr" >&5
+echo "${ECHO_T}$ac_cv_have_decl_h_nerr" >&6; }
+if test $ac_cv_have_decl_h_nerr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_NERR 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_NERR 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for __progname" >&5
+echo $ECHO_N "checking for __progname... $ECHO_C" >&6; }
+if test "${ac_cv_var___progname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_ERR_H
+#include <err.h>
+#endif
+ void * foo(void) { return &__progname; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var___progname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var___progname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var___progname" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int __progname;
+int foo(void) { return __progname; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var___progname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var___progname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var___progname`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE___PROGNAME 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether __progname is declared" >&5
+echo $ECHO_N "checking whether __progname is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl___progname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifdef HAVE_ERR_H
+#include <err.h>
+#endif
+
+int
+main ()
+{
+#ifndef __progname
+ (void) __progname;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl___progname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl___progname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl___progname" >&5
+echo "${ECHO_T}$ac_cv_have_decl___progname" >&6; }
+if test $ac_cv_have_decl___progname = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL___PROGNAME 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL___PROGNAME 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking whether optarg is declared" >&5
+echo $ECHO_N "checking whether optarg is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_optarg+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+#ifndef optarg
+ (void) optarg;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_optarg=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_optarg=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optarg" >&5
+echo "${ECHO_T}$ac_cv_have_decl_optarg" >&6; }
+if test $ac_cv_have_decl_optarg = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTARG 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTARG 0
+_ACEOF
+
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+fi
+{ echo "$as_me:$LINENO: checking whether optind is declared" >&5
+echo $ECHO_N "checking whether optind is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_optind+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+#ifndef optind
+ (void) optind;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_optind=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_optind=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optind" >&5
+echo "${ECHO_T}$ac_cv_have_decl_optind" >&6; }
+if test $ac_cv_have_decl_optind = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTIND 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTIND 0
+_ACEOF
+
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+fi
+{ echo "$as_me:$LINENO: checking whether opterr is declared" >&5
+echo $ECHO_N "checking whether opterr is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_opterr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+#ifndef opterr
+ (void) opterr;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_opterr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_opterr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_opterr" >&5
+echo "${ECHO_T}$ac_cv_have_decl_opterr" >&6; }
+if test $ac_cv_have_decl_opterr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTERR 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTERR 0
+_ACEOF
+
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+fi
+{ echo "$as_me:$LINENO: checking whether optopt is declared" >&5
+echo $ECHO_N "checking whether optopt is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_optopt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+#ifndef optopt
+ (void) optopt;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_optopt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_optopt=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optopt" >&5
+echo "${ECHO_T}$ac_cv_have_decl_optopt" >&6; }
+if test $ac_cv_have_decl_optopt = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTOPT 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OPTOPT 0
+_ACEOF
+
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+fi
+{ echo "$as_me:$LINENO: checking whether environ is declared" >&5
+echo $ECHO_N "checking whether environ is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_environ+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+#ifndef environ
+ (void) environ;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_environ=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_environ=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_environ" >&5
+echo "${ECHO_T}$ac_cv_have_decl_environ" >&6; }
+if test $ac_cv_have_decl_environ = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_ENVIRON 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_ENVIRON 0
+_ACEOF
+
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+fi
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for tm_gmtoff in struct tm" >&5
+echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+int
+main ()
+{
+struct tm x; memset(&x, 0, sizeof(x)); x.tm_gmtoff
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_tm_tm_gmtoff=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_tm_tm_gmtoff=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5
+echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6; }
+if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_TM_TM_GMTOFF 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for tm_zone in struct tm" >&5
+echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+int
+main ()
+{
+struct tm x; memset(&x, 0, sizeof(x)); x.tm_zone
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_tm_tm_zone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_tm_tm_zone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_zone" >&5
+echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6; }
+if test "$ac_cv_type_struct_tm_tm_zone" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_TM_TM_ZONE 1
+_ACEOF
+
+
+fi
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for timezone" >&5
+echo $ECHO_N "checking for timezone... $ECHO_C" >&6; }
+if test "${ac_cv_var_timezone+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+ void * foo(void) { return &timezone; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_timezone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_timezone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var_timezone" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int timezone;
+int foo(void) { return timezone; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_timezone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_timezone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var_timezone`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_TIMEZONE 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether timezone is declared" >&5
+echo $ECHO_N "checking whether timezone is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_timezone+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+
+int
+main ()
+{
+#ifndef timezone
+ (void) timezone;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_timezone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_timezone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_timezone" >&5
+echo "${ECHO_T}$ac_cv_have_decl_timezone" >&6; }
+if test $ac_cv_have_decl_timezone = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_TIMEZONE 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_TIMEZONE 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for altzone" >&5
+echo $ECHO_N "checking for altzone... $ECHO_C" >&6; }
+if test "${ac_cv_var_altzone+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+ void * foo(void) { return &altzone; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_altzone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_altzone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_var_altzone" != yes ; then
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+extern int altzone;
+int foo(void) { return altzone; }
+int
+main ()
+{
+foo()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_var_altzone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_var_altzone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+fi
+
+ac_foo=`eval echo \\$ac_cv_var_altzone`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_ALTZONE 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether altzone is declared" >&5
+echo $ECHO_N "checking whether altzone is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_altzone+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <time.h>
+
+int
+main ()
+{
+#ifndef altzone
+ (void) altzone;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_altzone=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_altzone=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_altzone" >&5
+echo "${ECHO_T}$ac_cv_have_decl_altzone" >&6; }
+if test $ac_cv_have_decl_altzone = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_ALTZONE 1
+_ACEOF
+
+
+else
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_ALTZONE 0
+_ACEOF
+
+
+fi
+
+
+fi
+
+
+
+
+cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for sa_family_t" >&5
+echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+sa_family_t foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for sa_family_t" >&5
+echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_sa_family_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef sa_family_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_sa_family_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_sa_family_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_sa_family_t" >&5
+echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6; }
+if test $ac_cv_type_sa_family_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SA_FAMILY_T 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "socklen_t" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for socklen_t" >&5
+echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+socklen_t foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for socklen_t" >&5
+echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_socklen_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef socklen_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_socklen_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_socklen_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
+echo "${ECHO_T}$ac_cv_type_socklen_t" >&6; }
+if test $ac_cv_type_socklen_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SOCKLEN_T 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for struct sockaddr" >&5
+echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+struct sockaddr foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for struct sockaddr" >&5
+echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_sockaddr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef struct sockaddr ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_sockaddr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_sockaddr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr" >&5
+echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6; }
+if test $ac_cv_type_struct_sockaddr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
+echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+struct sockaddr_storage foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
+echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef struct sockaddr_storage ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_sockaddr_storage=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_sockaddr_storage=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_storage" >&5
+echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6; }
+if test $ac_cv_type_struct_sockaddr_storage = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_STORAGE 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5
+echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <netdb.h>
+int
+main ()
+{
+struct addrinfo foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for struct addrinfo" >&5
+echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_addrinfo+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef struct addrinfo ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_addrinfo=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_addrinfo=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_addrinfo" >&5
+echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6; }
+if test $ac_cv_type_struct_addrinfo = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_ADDRINFO 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "struct ifaddrs" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for struct ifaddrs" >&5
+echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <ifaddrs.h>
+int
+main ()
+{
+struct ifaddrs foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo struct ifaddrs | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for struct ifaddrs" >&5
+echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_ifaddrs+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef struct ifaddrs ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_ifaddrs=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_ifaddrs=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_ifaddrs" >&5
+echo "${ECHO_T}$ac_cv_type_struct_ifaddrs" >&6; }
+if test $ac_cv_type_struct_ifaddrs = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_IFADDRS 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "struct iovec" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for struct iovec" >&5
+echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/uio.h>
+
+int
+main ()
+{
+struct iovec foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo struct iovec | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for struct iovec" >&5
+echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_iovec+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef struct iovec ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_iovec=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_iovec=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_iovec" >&5
+echo "${ECHO_T}$ac_cv_type_struct_iovec" >&6; }
+if test $ac_cv_type_struct_iovec = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_IOVEC 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+cv=`echo "struct msghdr" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for struct msghdr" >&5
+echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+struct msghdr foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo struct msghdr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for struct msghdr" >&5
+echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_msghdr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef struct msghdr ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_msghdr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_msghdr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_msghdr" >&5
+echo "${ECHO_T}$ac_cv_type_struct_msghdr" >&6; }
+if test $ac_cv_type_struct_msghdr = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_MSGHDR 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for struct winsize" >&5
+echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6; }
+if test "${ac_cv_struct_winsize+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ac_cv_struct_winsize=no
+for i in sys/termios.h sys/ioctl.h; do
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$i>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "struct[ ]*winsize" >/dev/null 2>&1; then
+ ac_cv_struct_winsize=yes; break
+fi
+rm -f conftest*
+done
+
+fi
+
+if test "$ac_cv_struct_winsize" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_WINSIZE 1
+_ACEOF
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_struct_winsize" >&5
+echo "${ECHO_T}$ac_cv_struct_winsize" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <termios.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ws_xpixel" >/dev/null 2>&1; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WS_XPIXEL 1
+_ACEOF
+
+fi
+rm -f conftest*
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <termios.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ws_ypixel" >/dev/null 2>&1; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WS_YPIXEL 1
+_ACEOF
+
+fi
+rm -f conftest*
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for struct spwd" >&5
+echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6; }
+if test "${ac_cv_struct_spwd+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <pwd.h>
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+int
+main ()
+{
+struct spwd foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_struct_spwd=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_struct_spwd=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+
+{ echo "$as_me:$LINENO: result: $ac_cv_struct_spwd" >&5
+echo "${ECHO_T}$ac_cv_struct_spwd" >&6; }
+
+if test "$ac_cv_struct_spwd" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_SPWD 1
+_ACEOF
+
+fi
+
+
+#
+# Check if we want samba's socket wrapper
+#
+
+
+
+# Check whether --enable-socket-wrapper was given.
+if test "${enable_socket_wrapper+set}" = set; then
+ enableval=$enable_socket_wrapper;
+fi
+
+
+ if test "x$enable_socket_wrapper" = xyes; then
+ have_socket_wrapper_TRUE=
+ have_socket_wrapper_FALSE='#'
+else
+ have_socket_wrapper_TRUE='#'
+ have_socket_wrapper_FALSE=
+fi
+
+if test "x$enable_socket_wrapper" = xyes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define SOCKET_WRAPPER_REPLACE 1
+_ACEOF
+
+fi
+
+
+
+
+LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)"
+
+
+LIBADD_roken="$LIB_roken"
+LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
+
+
+# Check whether --enable-otp was given.
+if test "${enable_otp+set}" = set; then
+ enableval=$enable_otp;
+fi
+
+if test "$enable_otp" = yes -a "$db_type" = unknown; then
+ { { echo "$as_me:$LINENO: error: OTP requires a NDBM/DB compatible library" >&5
+echo "$as_me: error: OTP requires a NDBM/DB compatible library" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test "$enable_otp" != no; then
+ if test "$db_type" != unknown; then
+ enable_otp=yes
+ else
+ enable_otp=no
+ fi
+fi
+if test "$enable_otp" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define OTP 1
+_ACEOF
+
+ LIB_otp='$(top_builddir)/lib/otp/libotp.la'
+
+fi
+{ echo "$as_me:$LINENO: checking whether to enable OTP library" >&5
+echo $ECHO_N "checking whether to enable OTP library... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $enable_otp" >&5
+echo "${ECHO_T}$enable_otp" >&6; }
+ if test "$enable_otp" = yes; then
+ OTP_TRUE=
+ OTP_FALSE='#'
+else
+ OTP_TRUE='#'
+ OTP_FALSE=
+fi
+
+
+
+# Check whether --enable-osfc2 was given.
+if test "${enable_osfc2+set}" = set; then
+ enableval=$enable_osfc2;
+fi
+
+LIB_security=
+if test "$enable_osfc2" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_OSFC2 1
+_ACEOF
+
+ LIB_security=-lsecurity
+fi
+
+
+
+# Check whether --enable-mmap was given.
+if test "${enable_mmap+set}" = set; then
+ enableval=$enable_mmap;
+fi
+
+if test "$enable_mmap" = "no"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NO_MMAP 1
+_ACEOF
+
+fi
+
+# Check whether --enable-afs-string-to-key was given.
+if test "${enable_afs_string_to_key+set}" = set; then
+ enableval=$enable_afs_string_to_key;
+else
+ enable_afs_string_to_key=yes
+fi
+
+
+if test "$enable_afs_string_to_key" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define ENABLE_AFS_STRING_TO_KEY 1
+_ACEOF
+
+fi
+
+
+# Extract the first word of "nroff", so it can be a program name with args.
+set dummy nroff; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_NROFF+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $NROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+NROFF=$ac_cv_path_NROFF
+if test -n "$NROFF"; then
+ { echo "$as_me:$LINENO: result: $NROFF" >&5
+echo "${ECHO_T}$NROFF" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+# Extract the first word of "groff", so it can be a program name with args.
+set dummy groff; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_GROFF+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $GROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GROFF=$ac_cv_path_GROFF
+if test -n "$GROFF"; then
+ { echo "$as_me:$LINENO: result: $GROFF" >&5
+echo "${ECHO_T}$GROFF" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+{ echo "$as_me:$LINENO: checking how to format man pages" >&5
+echo $ECHO_N "checking how to format man pages... $ECHO_C" >&6; }
+if test "${ac_cv_sys_man_format+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat > conftest.1 << END
+.Dd January 1, 1970
+.Dt CONFTEST 1
+.Sh NAME
+.Nm conftest
+.Nd
+foobar
+END
+
+if test "$NROFF" ; then
+ for i in "-mdoc" "-mandoc"; do
+ if "$NROFF" $i conftest.1 2> /dev/null | \
+ grep Jan > /dev/null 2>&1 ; then
+ ac_cv_sys_man_format="$NROFF $i"
+ break
+ fi
+ done
+fi
+if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then
+ for i in "-mdoc" "-mandoc"; do
+ if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \
+ grep Jan > /dev/null 2>&1 ; then
+ ac_cv_sys_man_format="$GROFF -Tascii $i"
+ break
+ fi
+ done
+fi
+if test "$ac_cv_sys_man_format"; then
+ ac_cv_sys_man_format="$ac_cv_sys_man_format \$< > \$@"
+fi
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_man_format" >&5
+echo "${ECHO_T}$ac_cv_sys_man_format" >&6; }
+if test "$ac_cv_sys_man_format"; then
+ CATMAN="$ac_cv_sys_man_format"
+
+fi
+ if test "$CATMAN"; then
+ CATMAN_TRUE=
+ CATMAN_FALSE='#'
+else
+ CATMAN_TRUE='#'
+ CATMAN_FALSE=
+fi
+
+{ echo "$as_me:$LINENO: checking extension of pre-formatted manual pages" >&5
+echo $ECHO_N "checking extension of pre-formatted manual pages... $ECHO_C" >&6; }
+if test "${ac_cv_sys_catman_ext+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if grep _suffix /etc/man.conf > /dev/null 2>&1; then
+ ac_cv_sys_catman_ext=0
+else
+ ac_cv_sys_catman_ext=number
+fi
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_catman_ext" >&5
+echo "${ECHO_T}$ac_cv_sys_catman_ext" >&6; }
+if test "$ac_cv_sys_catman_ext" = number; then
+ CATMANEXT='$$section'
+else
+ CATMANEXT=0
+fi
+
+
+
+
+
+# Check whether --with-readline was given.
+if test "${with_readline+set}" = set; then
+ withval=$with_readline;
+fi
+
+
+# Check whether --with-readline-lib was given.
+if test "${with_readline_lib+set}" = set; then
+ withval=$with_readline_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-readline-lib" >&5
+echo "$as_me: error: No argument for --with-readline-lib" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_readline" = "X"; then
+ with_readline=yes
+fi
+fi
+
+
+# Check whether --with-readline-include was given.
+if test "${with_readline_include+set}" = set; then
+ withval=$with_readline_include; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-readline-include" >&5
+echo "$as_me: error: No argument for --with-readline-include" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_readline" = "X"; then
+ with_readline=yes
+fi
+fi
+
+
+# Check whether --with-readline-config was given.
+if test "${with_readline_config+set}" = set; then
+ withval=$with_readline_config;
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for readline" >&5
+echo $ECHO_N "checking for readline... $ECHO_C" >&6; }
+
+case "$with_readline" in
+yes|"") d='' ;;
+no) d= ;;
+*) d="$with_readline" ;;
+esac
+
+header_dirs=
+lib_dirs=
+for i in $d; do
+ if test "$with_readline_include" = ""; then
+ if test -d "$i/include/readline"; then
+ header_dirs="$header_dirs $i/include/readline"
+ fi
+ if test -d "$i/include"; then
+ header_dirs="$header_dirs $i/include"
+ fi
+ fi
+ if test "$with_readline_lib" = ""; then
+ if test -d "$i/lib$abilibdirext"; then
+ lib_dirs="$lib_dirs $i/lib$abilibdirext"
+ fi
+ fi
+done
+
+if test "$with_readline_include"; then
+ header_dirs="$with_readline_include $header_dirs"
+fi
+if test "$with_readline_lib"; then
+ lib_dirs="$with_readline_lib $lib_dirs"
+fi
+
+if test "$with_readline_config" = ""; then
+ with_readline_config=''
+fi
+
+readline_cflags=
+readline_libs=
+
+case "$with_readline_config" in
+yes|no|""|"")
+ if test -f $with_readline/bin/ ; then
+ with_readline_config=$with_readline/bin/
+ fi
+ ;;
+esac
+
+case "$with_readline_config" in
+yes|no|"")
+ ;;
+*)
+ readline_cflags="`$with_readline_config --cflags 2>&1`"
+ readline_libs="`$with_readline_config --libs 2>&1`"
+ ;;
+esac
+
+found=no
+if test "$with_readline" != no; then
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ if test "$readline_cflags" -a "$readline_libs"; then
+ CFLAGS="$readline_cflags $save_CFLAGS"
+ LIBS="$readline_libs $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+ #include <readline.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+ INCLUDE_readline="$readline_cflags"
+ LIB_readline="$readline_libs"
+ { echo "$as_me:$LINENO: result: from $with_readline_config" >&5
+echo "${ECHO_T}from $with_readline_config" >&6; }
+ found=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ if test "$found" = no; then
+ ires= lres=
+ for i in $header_dirs; do
+ CFLAGS="-I$i $save_CFLAGS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+ #include <readline.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ires=$i;break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+ for i in $lib_dirs; do
+ LIBS="-L$i -lreadline $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+ #include <readline.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ lres=$i;break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ if test "$ires" -a "$lres" -a "$with_readline" != "no"; then
+ INCLUDE_readline="-I$ires"
+ LIB_readline="-L$lres -lreadline "
+ found=yes
+ { echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
+echo "${ECHO_T}headers $ires, libraries $lres" >&6; }
+ fi
+ fi
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+fi
+
+if test "$found" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define READLINE 1
+_ACEOF
+
+ with_readline=yes
+else
+ with_readline=no
+ INCLUDE_readline=
+ LIB_readline=
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+
+
+
+
+
+# Check whether --with-hesiod was given.
+if test "${with_hesiod+set}" = set; then
+ withval=$with_hesiod;
+fi
+
+
+# Check whether --with-hesiod-lib was given.
+if test "${with_hesiod_lib+set}" = set; then
+ withval=$with_hesiod_lib; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-lib" >&5
+echo "$as_me: error: No argument for --with-hesiod-lib" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_hesiod" = "X"; then
+ with_hesiod=yes
+fi
+fi
+
+
+# Check whether --with-hesiod-include was given.
+if test "${with_hesiod_include+set}" = set; then
+ withval=$with_hesiod_include; if test "$withval" = "yes" -o "$withval" = "no"; then
+ { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-include" >&5
+echo "$as_me: error: No argument for --with-hesiod-include" >&2;}
+ { (exit 1); exit 1; }; }
+elif test "X$with_hesiod" = "X"; then
+ with_hesiod=yes
+fi
+fi
+
+
+# Check whether --with-hesiod-config was given.
+if test "${with_hesiod_config+set}" = set; then
+ withval=$with_hesiod_config;
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for hesiod" >&5
+echo $ECHO_N "checking for hesiod... $ECHO_C" >&6; }
+
+case "$with_hesiod" in
+yes|"") d='' ;;
+no) d= ;;
+*) d="$with_hesiod" ;;
+esac
+
+header_dirs=
+lib_dirs=
+for i in $d; do
+ if test "$with_hesiod_include" = ""; then
+ if test -d "$i/include/hesiod"; then
+ header_dirs="$header_dirs $i/include/hesiod"
+ fi
+ if test -d "$i/include"; then
+ header_dirs="$header_dirs $i/include"
+ fi
+ fi
+ if test "$with_hesiod_lib" = ""; then
+ if test -d "$i/lib$abilibdirext"; then
+ lib_dirs="$lib_dirs $i/lib$abilibdirext"
+ fi
+ fi
+done
+
+if test "$with_hesiod_include"; then
+ header_dirs="$with_hesiod_include $header_dirs"
+fi
+if test "$with_hesiod_lib"; then
+ lib_dirs="$with_hesiod_lib $lib_dirs"
+fi
+
+if test "$with_hesiod_config" = ""; then
+ with_hesiod_config=''
+fi
+
+hesiod_cflags=
+hesiod_libs=
+
+case "$with_hesiod_config" in
+yes|no|""|"")
+ if test -f $with_hesiod/bin/ ; then
+ with_hesiod_config=$with_hesiod/bin/
+ fi
+ ;;
+esac
+
+case "$with_hesiod_config" in
+yes|no|"")
+ ;;
+*)
+ hesiod_cflags="`$with_hesiod_config --cflags 2>&1`"
+ hesiod_libs="`$with_hesiod_config --libs 2>&1`"
+ ;;
+esac
+
+found=no
+if test "$with_hesiod" != no; then
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ if test "$hesiod_cflags" -a "$hesiod_libs"; then
+ CFLAGS="$hesiod_cflags $save_CFLAGS"
+ LIBS="$hesiod_libs $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <hesiod.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+
+ INCLUDE_hesiod="$hesiod_cflags"
+ LIB_hesiod="$hesiod_libs"
+ { echo "$as_me:$LINENO: result: from $with_hesiod_config" >&5
+echo "${ECHO_T}from $with_hesiod_config" >&6; }
+ found=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ if test "$found" = no; then
+ ires= lres=
+ for i in $header_dirs; do
+ CFLAGS="-I$i $save_CFLAGS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <hesiod.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ires=$i;break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+ for i in $lib_dirs; do
+ LIBS="-L$i -lhesiod $save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <hesiod.h>
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ lres=$i;break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then
+ INCLUDE_hesiod="-I$ires"
+ LIB_hesiod="-L$lres -lhesiod "
+ found=yes
+ { echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5
+echo "${ECHO_T}headers $ires, libraries $lres" >&6; }
+ fi
+ fi
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+fi
+
+if test "$found" = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HESIOD 1
+_ACEOF
+
+ with_hesiod=yes
+else
+ with_hesiod=no
+ INCLUDE_hesiod=
+ LIB_hesiod=
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+
+
+
+
+# Check whether --enable-bigendian was given.
+if test "${enable_bigendian+set}" = set; then
+ enableval=$enable_bigendian; krb_cv_c_bigendian=yes
+fi
+
+# Check whether --enable-littleendian was given.
+if test "${enable_littleendian+set}" = set; then
+ enableval=$enable_littleendian; krb_cv_c_bigendian=no
+fi
+
+{ echo "$as_me:$LINENO: checking whether byte order is known at compile time" >&5
+echo $ECHO_N "checking whether byte order is known at compile time... $ECHO_C" >&6; }
+if test "${krb_cv_c_bigendian_compile+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+ bogus endian macros
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ krb_cv_c_bigendian_compile=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ krb_cv_c_bigendian_compile=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $krb_cv_c_bigendian_compile" >&5
+echo "${ECHO_T}$krb_cv_c_bigendian_compile" >&6; }
+{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
+echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; }
+if test "${krb_cv_c_bigendian+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ if test "$krb_cv_c_bigendian_compile" = "yes"; then
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ krb_cv_c_bigendian=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ krb_cv_c_bigendian=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ else
+ if test "$cross_compiling" = yes; then
+ { { echo "$as_me:$LINENO: error: specify either --enable-bigendian or --enable-littleendian" >&5
+echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2;}
+ { (exit 1); exit 1; }; }
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+main (int argc, char **argv) {
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long l;
+ char c[sizeof (long)];
+ } u;
+ u.l = 1;
+ exit (u.c[sizeof (long) - 1] == 1);
+ }
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ krb_cv_c_bigendian=no
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+krb_cv_c_bigendian=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+ fi
+
+fi
+{ echo "$as_me:$LINENO: result: $krb_cv_c_bigendian" >&5
+echo "${ECHO_T}$krb_cv_c_bigendian" >&6; }
+if test "$krb_cv_c_bigendian" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define WORDS_BIGENDIAN 1
+_ACEOF
+fi
+if test "$krb_cv_c_bigendian_compile" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define ENDIANESS_IN_SYS_PARAM_H 1
+_ACEOF
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for inline" >&5
+echo $ECHO_N "checking for inline... $ECHO_C" >&6; }
+if test "${ac_cv_c_inline+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_c_inline=$ac_kw
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
+echo "${ECHO_T}$ac_cv_c_inline" >&6; }
+
+
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+ ;;
+esac
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_dlopen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" dl; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+int
+main ()
+{
+dlopen(0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_dlopen"
+
+if false; then
+
+for ac_func in dlopen
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# dlopen
+eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_dlopen=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_dlopen=yes"
+ eval "LIB_dlopen="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_dlopen=no"
+ eval "LIB_dlopen="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_dlopen=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+ if test "$ac_cv_funclib_dlopen" != no; then
+ HAVE_DLOPEN_TRUE=
+ HAVE_DLOPEN_FALSE='#'
+else
+ HAVE_DLOPEN_TRUE='#'
+ HAVE_DLOPEN_FALSE=
+fi
+
+
+
+
+aix=no
+case "$host" in
+*-*-aix3*)
+ aix=3
+ ;;
+*-*-aix4*|*-*-aix5*)
+ aix=4
+ ;;
+esac
+
+ if test "$aix" != no; then
+ AIX_TRUE=
+ AIX_FALSE='#'
+else
+ AIX_TRUE='#'
+ AIX_FALSE=
+fi
+ if test "$aix" = 4; then
+ AIX4_TRUE=
+ AIX4_FALSE='#'
+else
+ AIX4_TRUE='#'
+ AIX4_FALSE=
+fi
+
+
+
+# Check whether --enable-dynamic-afs was given.
+if test "${enable_dynamic_afs+set}" = set; then
+ enableval=$enable_dynamic_afs;
+fi
+
+
+if test "$aix" != no; then
+ if test "$enable_dynamic_afs" != no; then
+
+ if test "$ac_cv_func_dlopen" = no; then
+
+
+
+{ echo "$as_me:$LINENO: checking for loadquery" >&5
+echo $ECHO_N "checking for loadquery... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_loadquery+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_loadquery\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" ld; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+loadquery()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_loadquery=$ac_lib; else ac_cv_funclib_loadquery=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_loadquery=\${ac_cv_funclib_loadquery-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_loadquery"
+
+if false; then
+
+for ac_func in loadquery
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# loadquery
+eval "ac_tr_func=HAVE_`echo loadquery | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_loadquery=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_loadquery=yes"
+ eval "LIB_loadquery="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_loadquery=no"
+ eval "LIB_loadquery="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_loadquery=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+ fi
+ if test "$ac_cv_func_dlopen" != no; then
+ AIX_EXTRA_KAFS='$(LIB_dlopen)'
+ elif test "$ac_cv_func_loadquery" != no; then
+ AIX_EXTRA_KAFS='$(LIB_loadquery)'
+ else
+ { echo "$as_me:$LINENO: not using dynloaded AFS library" >&5
+echo "$as_me: not using dynloaded AFS library" >&6;}
+ AIX_EXTRA_KAFS=
+ enable_dynamic_afs=no
+ fi
+ else
+ AIX_EXTRA_KAFS=
+ fi
+fi
+
+ if test "$enable_dynamic_afs" != no; then
+ AIX_DYNAMIC_AFS_TRUE=
+ AIX_DYNAMIC_AFS_FALSE='#'
+else
+ AIX_DYNAMIC_AFS_TRUE='#'
+ AIX_DYNAMIC_AFS_FALSE=
+fi
+
+
+
+
+
+
+irix=no
+case "$host" in
+*-*-irix4*)
+
+cat >>confdefs.h <<\_ACEOF
+#define IRIX4 1
+_ACEOF
+
+ irix=yes
+ ;;
+*-*-irix*)
+ irix=yes
+ ;;
+esac
+ if test "$irix" != no; then
+ IRIX_TRUE=
+ IRIX_FALSE='#'
+else
+ IRIX_TRUE='#'
+ IRIX_FALSE=
+fi
+
+
+
+
+
+sunos=no
+case "$host" in
+*-*-sunos4*)
+ sunos=40
+ ;;
+*-*-solaris2.7)
+ sunos=57
+ ;;
+*-*-solaris2.[89] | *-*-solaris2.10)
+ sunos=58
+ ;;
+*-*-solaris2*)
+ sunos=50
+ ;;
+esac
+if test "$sunos" != no; then
+
+cat >>confdefs.h <<_ACEOF
+#define SunOS $sunos
+_ACEOF
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for X" >&5
+echo $ECHO_N "checking for X... $ECHO_C" >&6; }
+
+
+# Check whether --with-x was given.
+if test "${with_x+set}" = set; then
+ withval=$with_x;
+fi
+
+# $have_x is `yes', `no', `disabled', or empty when we do not yet know.
+if test "x$with_x" = xno; then
+ # The user explicitly disabled X.
+ have_x=disabled
+else
+ case $x_includes,$x_libraries in #(
+ *\'*) { { echo "$as_me:$LINENO: error: Cannot use X directory names containing '" >&5
+echo "$as_me: error: Cannot use X directory names containing '" >&2;}
+ { (exit 1); exit 1; }; };; #(
+ *,NONE | NONE,*) if test "${ac_cv_have_x+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ # One or both of the vars are not set, and there is no cached value.
+ac_x_includes=no ac_x_libraries=no
+rm -f -r conftest.dir
+if mkdir conftest.dir; then
+ cd conftest.dir
+ cat >Imakefile <<'_ACEOF'
+incroot:
+ @echo incroot='${INCROOT}'
+usrlibdir:
+ @echo usrlibdir='${USRLIBDIR}'
+libdir:
+ @echo libdir='${LIBDIR}'
+_ACEOF
+ if (export CC; ${XMKMF-xmkmf}) >/dev/null 2>/dev/null && test -f Makefile; then
+ # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+ for ac_var in incroot usrlibdir libdir; do
+ eval "ac_im_$ac_var=\`\${MAKE-make} $ac_var 2>/dev/null | sed -n 's/^$ac_var=//p'\`"
+ done
+ # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR.
+ for ac_extension in a so sl; do
+ if test ! -f "$ac_im_usrlibdir/libX11.$ac_extension" &&
+ test -f "$ac_im_libdir/libX11.$ac_extension"; then
+ ac_im_usrlibdir=$ac_im_libdir; break
+ fi
+ done
+ # Screen out bogus values from the imake configuration. They are
+ # bogus both because they are the default anyway, and because
+ # using them would break gcc on systems where it needs fixed includes.
+ case $ac_im_incroot in
+ /usr/include) ac_x_includes= ;;
+ *) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes=$ac_im_incroot;;
+ esac
+ case $ac_im_usrlibdir in
+ /usr/lib | /lib) ;;
+ *) test -d "$ac_im_usrlibdir" && ac_x_libraries=$ac_im_usrlibdir ;;
+ esac
+ fi
+ cd ..
+ rm -f -r conftest.dir
+fi
+
+# Standard set of common directories for X headers.
+# Check X11 before X11Rn because it is often a symlink to the current release.
+ac_x_header_dirs='
+/usr/X11/include
+/usr/X11R6/include
+/usr/X11R5/include
+/usr/X11R4/include
+
+/usr/include/X11
+/usr/include/X11R6
+/usr/include/X11R5
+/usr/include/X11R4
+
+/usr/local/X11/include
+/usr/local/X11R6/include
+/usr/local/X11R5/include
+/usr/local/X11R4/include
+
+/usr/local/include/X11
+/usr/local/include/X11R6
+/usr/local/include/X11R5
+/usr/local/include/X11R4
+
+/usr/X386/include
+/usr/x386/include
+/usr/XFree86/include/X11
+
+/usr/include
+/usr/local/include
+/usr/unsupported/include
+/usr/athena/include
+/usr/local/x11r5/include
+/usr/lpp/Xamples/include
+
+/usr/openwin/include
+/usr/openwin/share/include'
+
+if test "$ac_x_includes" = no; then
+ # Guess where to find include files, by looking for Xlib.h.
+ # First, try using that file with no special directory specified.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <X11/Xlib.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ # We can compile using X headers with no special include directory.
+ac_x_includes=
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ for ac_dir in $ac_x_header_dirs; do
+ if test -r "$ac_dir/X11/Xlib.h"; then
+ ac_x_includes=$ac_dir
+ break
+ fi
+done
+fi
+
+rm -f conftest.err conftest.$ac_ext
+fi # $ac_x_includes = no
+
+if test "$ac_x_libraries" = no; then
+ # Check for the libraries.
+ # See if we find them without any special options.
+ # Don't add to $LIBS permanently.
+ ac_save_LIBS=$LIBS
+ LIBS="-lX11 $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <X11/Xlib.h>
+int
+main ()
+{
+XrmInitialize ()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ LIBS=$ac_save_LIBS
+# We can link X programs with no special library path.
+ac_x_libraries=
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ LIBS=$ac_save_LIBS
+for ac_dir in `echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g`
+do
+ # Don't even attempt the hair of trying to link an X program!
+ for ac_extension in a so sl; do
+ if test -r "$ac_dir/libX11.$ac_extension"; then
+ ac_x_libraries=$ac_dir
+ break 2
+ fi
+ done
+done
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi # $ac_x_libraries = no
+
+case $ac_x_includes,$ac_x_libraries in #(
+ no,* | *,no | *\'*)
+ # Didn't find X, or a directory has "'" in its name.
+ ac_cv_have_x="have_x=no";; #(
+ *)
+ # Record where we found X for the cache.
+ ac_cv_have_x="have_x=yes\
+ ac_x_includes='$ac_x_includes'\
+ ac_x_libraries='$ac_x_libraries'"
+esac
+fi
+;; #(
+ *) have_x=yes;;
+ esac
+ eval "$ac_cv_have_x"
+fi # $with_x != no
+
+if test "$have_x" != yes; then
+ { echo "$as_me:$LINENO: result: $have_x" >&5
+echo "${ECHO_T}$have_x" >&6; }
+ no_x=yes
+else
+ # If each of the values was on the command line, it overrides each guess.
+ test "x$x_includes" = xNONE && x_includes=$ac_x_includes
+ test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries
+ # Update the cache value to reflect the command line values.
+ ac_cv_have_x="have_x=yes\
+ ac_x_includes='$x_includes'\
+ ac_x_libraries='$x_libraries'"
+ { echo "$as_me:$LINENO: result: libraries $x_libraries, headers $x_includes" >&5
+echo "${ECHO_T}libraries $x_libraries, headers $x_includes" >&6; }
+fi
+
+
+if test "$no_x" = yes; then
+ # Not all programs may use this symbol, but it does not hurt to define it.
+
+cat >>confdefs.h <<\_ACEOF
+#define X_DISPLAY_MISSING 1
+_ACEOF
+
+ X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS=
+else
+ if test -n "$x_includes"; then
+ X_CFLAGS="$X_CFLAGS -I$x_includes"
+ fi
+
+ # It would also be nice to do this for all -L options, not just this one.
+ if test -n "$x_libraries"; then
+ X_LIBS="$X_LIBS -L$x_libraries"
+ # For Solaris; some versions of Sun CC require a space after -R and
+ # others require no space. Words are not sufficient . . . .
+ { echo "$as_me:$LINENO: checking whether -R must be followed by a space" >&5
+echo $ECHO_N "checking whether -R must be followed by a space... $ECHO_C" >&6; }
+ ac_xsave_LIBS=$LIBS; LIBS="$LIBS -R$x_libraries"
+ ac_xsave_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ X_LIBS="$X_LIBS -R$x_libraries"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ LIBS="$ac_xsave_LIBS -R $x_libraries"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ X_LIBS="$X_LIBS -R $x_libraries"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: result: neither works" >&5
+echo "${ECHO_T}neither works" >&6; }
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_c_werror_flag=$ac_xsave_c_werror_flag
+ LIBS=$ac_xsave_LIBS
+ fi
+
+ # Check for system-dependent libraries X programs must link with.
+ # Do this before checking for the system-independent R6 libraries
+ # (-lICE), since we may need -lsocket or whatever for X linking.
+
+ if test "$ISC" = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet"
+ else
+ # Martyn Johnson says this is needed for Ultrix, if the X
+ # libraries were built with DECnet support. And Karl Berry says
+ # the Alpha needs dnet_stub (dnet does not exist).
+ ac_xsave_LIBS="$LIBS"; LIBS="$LIBS $X_LIBS -lX11"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char XOpenDisplay ();
+int
+main ()
+{
+return XOpenDisplay ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ :
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet" >&5
+echo $ECHO_N "checking for dnet_ntoa in -ldnet... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldnet $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dnet_ntoa ();
+int
+main ()
+{
+return dnet_ntoa ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dnet_dnet_ntoa=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dnet_dnet_ntoa=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_dnet_ntoa" >&5
+echo "${ECHO_T}$ac_cv_lib_dnet_dnet_ntoa" >&6; }
+if test $ac_cv_lib_dnet_dnet_ntoa = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet"
+fi
+
+ if test $ac_cv_lib_dnet_dnet_ntoa = no; then
+ { echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet_stub" >&5
+echo $ECHO_N "checking for dnet_ntoa in -ldnet_stub... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldnet_stub $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dnet_ntoa ();
+int
+main ()
+{
+return dnet_ntoa ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dnet_stub_dnet_ntoa=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dnet_stub_dnet_ntoa=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5
+echo "${ECHO_T}$ac_cv_lib_dnet_stub_dnet_ntoa" >&6; }
+if test $ac_cv_lib_dnet_stub_dnet_ntoa = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub"
+fi
+
+ fi
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_xsave_LIBS"
+
+ # msh at cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT,
+ # to get the SysV transport functions.
+ # Chad R. Larson says the Pyramis MIS-ES running DC/OSx (SVR4)
+ # needs -lnsl.
+ # The nsl library prevents programs from opening the X display
+ # on Irix 5.2, according to T.E. Dickey.
+ # The functions gethostbyname, getservbyname, and inet_addr are
+ # in -lbsd on LynxOS 3.0.1/i386, according to Lars Hecking.
+ { echo "$as_me:$LINENO: checking for gethostbyname" >&5
+echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6; }
+if test "${ac_cv_func_gethostbyname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define gethostbyname to an innocuous variant, in case <limits.h> declares gethostbyname.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define gethostbyname innocuous_gethostbyname
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char gethostbyname (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef gethostbyname
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_gethostbyname || defined __stub___gethostbyname
+choke me
+#endif
+
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_gethostbyname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_gethostbyname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname" >&5
+echo "${ECHO_T}$ac_cv_func_gethostbyname" >&6; }
+
+ if test $ac_cv_func_gethostbyname = no; then
+ { echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5
+echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6; }
+if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_nsl_gethostbyname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_nsl_gethostbyname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5
+echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6; }
+if test $ac_cv_lib_nsl_gethostbyname = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl"
+fi
+
+ if test $ac_cv_lib_nsl_gethostbyname = no; then
+ { echo "$as_me:$LINENO: checking for gethostbyname in -lbsd" >&5
+echo $ECHO_N "checking for gethostbyname in -lbsd... $ECHO_C" >&6; }
+if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsd $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_bsd_gethostbyname=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_bsd_gethostbyname=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_bsd_gethostbyname" >&5
+echo "${ECHO_T}$ac_cv_lib_bsd_gethostbyname" >&6; }
+if test $ac_cv_lib_bsd_gethostbyname = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lbsd"
+fi
+
+ fi
+ fi
+
+ # lieder at skyler.mavd.honeywell.com says without -lsocket,
+ # socket/setsockopt and other routines are undefined under SCO ODT
+ # 2.0. But -lsocket is broken on IRIX 5.2 (and is not necessary
+ # on later versions), says Simon Leinen: it contains gethostby*
+ # variants that don't use the name server (or something). -lsocket
+ # must be given before -lnsl if both are needed. We assume that
+ # if connect needs -lnsl, so does gethostbyname.
+ { echo "$as_me:$LINENO: checking for connect" >&5
+echo $ECHO_N "checking for connect... $ECHO_C" >&6; }
+if test "${ac_cv_func_connect+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define connect to an innocuous variant, in case <limits.h> declares connect.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define connect innocuous_connect
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char connect (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef connect
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char connect ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_connect || defined __stub___connect
+choke me
+#endif
+
+int
+main ()
+{
+return connect ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_connect=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_connect=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_connect" >&5
+echo "${ECHO_T}$ac_cv_func_connect" >&6; }
+
+ if test $ac_cv_func_connect = no; then
+ { echo "$as_me:$LINENO: checking for connect in -lsocket" >&5
+echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6; }
+if test "${ac_cv_lib_socket_connect+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char connect ();
+int
+main ()
+{
+return connect ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_socket_connect=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_socket_connect=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_connect" >&5
+echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6; }
+if test $ac_cv_lib_socket_connect = yes; then
+ X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS"
+fi
+
+ fi
+
+ # Guillermo Gomez says -lposix is necessary on A/UX.
+ { echo "$as_me:$LINENO: checking for remove" >&5
+echo $ECHO_N "checking for remove... $ECHO_C" >&6; }
+if test "${ac_cv_func_remove+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define remove to an innocuous variant, in case <limits.h> declares remove.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define remove innocuous_remove
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char remove (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef remove
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char remove ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_remove || defined __stub___remove
+choke me
+#endif
+
+int
+main ()
+{
+return remove ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_remove=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_remove=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_remove" >&5
+echo "${ECHO_T}$ac_cv_func_remove" >&6; }
+
+ if test $ac_cv_func_remove = no; then
+ { echo "$as_me:$LINENO: checking for remove in -lposix" >&5
+echo $ECHO_N "checking for remove in -lposix... $ECHO_C" >&6; }
+if test "${ac_cv_lib_posix_remove+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lposix $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char remove ();
+int
+main ()
+{
+return remove ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_posix_remove=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_posix_remove=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_posix_remove" >&5
+echo "${ECHO_T}$ac_cv_lib_posix_remove" >&6; }
+if test $ac_cv_lib_posix_remove = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix"
+fi
+
+ fi
+
+ # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
+ { echo "$as_me:$LINENO: checking for shmat" >&5
+echo $ECHO_N "checking for shmat... $ECHO_C" >&6; }
+if test "${ac_cv_func_shmat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define shmat to an innocuous variant, in case <limits.h> declares shmat.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define shmat innocuous_shmat
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char shmat (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shmat
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shmat ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_shmat || defined __stub___shmat
+choke me
+#endif
+
+int
+main ()
+{
+return shmat ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_shmat=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_shmat=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_shmat" >&5
+echo "${ECHO_T}$ac_cv_func_shmat" >&6; }
+
+ if test $ac_cv_func_shmat = no; then
+ { echo "$as_me:$LINENO: checking for shmat in -lipc" >&5
+echo $ECHO_N "checking for shmat in -lipc... $ECHO_C" >&6; }
+if test "${ac_cv_lib_ipc_shmat+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lipc $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shmat ();
+int
+main ()
+{
+return shmat ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_ipc_shmat=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_ipc_shmat=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ipc_shmat" >&5
+echo "${ECHO_T}$ac_cv_lib_ipc_shmat" >&6; }
+if test $ac_cv_lib_ipc_shmat = yes; then
+ X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc"
+fi
+
+ fi
+ fi
+
+ # Check for libraries that X11R6 Xt/Xaw programs need.
+ ac_save_LDFLAGS=$LDFLAGS
+ test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries"
+ # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to
+ # check for ICE first), but we must link in the order -lSM -lICE or
+ # we get undefined symbols. So assume we have SM if we have ICE.
+ # These have to be linked with before -lX11, unlike the other
+ # libraries we check for below, so use a different variable.
+ # John Interrante, Karl Berry
+ { echo "$as_me:$LINENO: checking for IceConnectionNumber in -lICE" >&5
+echo $ECHO_N "checking for IceConnectionNumber in -lICE... $ECHO_C" >&6; }
+if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lICE $X_EXTRA_LIBS $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char IceConnectionNumber ();
+int
+main ()
+{
+return IceConnectionNumber ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_ICE_IceConnectionNumber=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_ICE_IceConnectionNumber=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5
+echo "${ECHO_T}$ac_cv_lib_ICE_IceConnectionNumber" >&6; }
+if test $ac_cv_lib_ICE_IceConnectionNumber = yes; then
+ X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
+fi
+
+ LDFLAGS=$ac_save_LDFLAGS
+
+fi
+
+
+# try to figure out if we need any additional ld flags, like -R
+# and yes, the autoconf X test is utterly broken
+if test "$no_x" != yes; then
+ { echo "$as_me:$LINENO: checking for special X linker flags" >&5
+echo $ECHO_N "checking for special X linker flags... $ECHO_C" >&6; }
+if test "${krb_cv_sys_x_libs_rpath+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ ac_save_libs="$LIBS"
+ ac_save_cflags="$CFLAGS"
+ CFLAGS="$CFLAGS $X_CFLAGS"
+ krb_cv_sys_x_libs_rpath=""
+ krb_cv_sys_x_libs=""
+ for rflag in "" "-R" "-R " "-rpath "; do
+ if test "$rflag" = ""; then
+ foo="$X_LIBS"
+ else
+ foo=""
+ for flag in $X_LIBS; do
+ case $flag in
+ -L*)
+ foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`"
+ ;;
+ *)
+ foo="$foo $flag"
+ ;;
+ esac
+ done
+ fi
+ LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
+ if test "$cross_compiling" = yes; then
+ krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break
+else
+ cat >conftest.$ac_ext <<_ACEOF
+
+ #include <X11/Xlib.h>
+ foo(void)
+ {
+ XOpenDisplay(NULL);
+ }
+ main(int argc, char **argv)
+ {
+ return 0;
+ }
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+:
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+ done
+ LIBS="$ac_save_libs"
+ CFLAGS="$ac_save_cflags"
+
+fi
+{ echo "$as_me:$LINENO: result: $krb_cv_sys_x_libs_rpath" >&5
+echo "${ECHO_T}$krb_cv_sys_x_libs_rpath" >&6; }
+ X_LIBS="$krb_cv_sys_x_libs"
+fi
+
+
+ if test "$no_x" != yes; then
+ HAVE_X_TRUE=
+ HAVE_X_FALSE='#'
+else
+ HAVE_X_TRUE='#'
+ HAVE_X_FALSE=
+fi
+
+
+
+save_CFLAGS="$CFLAGS"
+CFLAGS="$X_CFLAGS $CFLAGS"
+save_LIBS="$LIBS"
+LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS $X_LIBS"
+
+## check for XauWriteAuth first, so we detect the case where
+## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this
+## could be done by checking for XauReadAuth in -lXau first, but this
+## breaks in IRIX 6.5
+
+
+
+
+{ echo "$as_me:$LINENO: checking for XauWriteAuth" >&5
+echo $ECHO_N "checking for XauWriteAuth... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" X11 Xau; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <X11/Xauth.h>
+int
+main ()
+{
+XauWriteAuth(0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauWriteAuth"
+
+if false; then
+
+for ac_func in XauWriteAuth
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# XauWriteAuth
+eval "ac_tr_func=HAVE_`echo XauWriteAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauWriteAuth=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_XauWriteAuth=yes"
+ eval "LIB_XauWriteAuth="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_XauWriteAuth=no"
+ eval "LIB_XauWriteAuth="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_XauWriteAuth=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+ac_xxx="$LIBS"
+LIBS="$LIB_XauWriteAuth $LIBS"
+
+
+
+{ echo "$as_me:$LINENO: checking for XauReadAuth" >&5
+echo $ECHO_N "checking for XauReadAuth... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_XauReadAuth+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" X11 Xau; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <X11/Xauth.h>
+int
+main ()
+{
+XauReadAuth(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauReadAuth"
+
+if false; then
+
+for ac_func in XauReadAuth
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# XauReadAuth
+eval "ac_tr_func=HAVE_`echo XauReadAuth | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauReadAuth=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_XauReadAuth=yes"
+ eval "LIB_XauReadAuth="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_XauReadAuth=no"
+ eval "LIB_XauReadAuth="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_XauReadAuth=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+LIBS="$LIB_XauReadAauth $LIBS"
+
+
+
+{ echo "$as_me:$LINENO: checking for XauFileName" >&5
+echo $ECHO_N "checking for XauFileName... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_XauFileName+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" X11 Xau; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <X11/Xauth.h>
+int
+main ()
+{
+XauFileName()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_XauFileName"
+
+if false; then
+
+for ac_func in XauFileName
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# XauFileName
+eval "ac_tr_func=HAVE_`echo XauFileName | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_XauFileName=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_XauFileName=yes"
+ eval "LIB_XauFileName="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_XauFileName=no"
+ eval "LIB_XauFileName="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_XauFileName=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+LIBS="$ac_xxx"
+
+## set LIB_XauReadAuth to union of these tests, since this is what the
+## Makefiles are using
+case "$ac_cv_funclib_XauWriteAuth" in
+yes) ;;
+no) ;;
+*) if test "$ac_cv_funclib_XauReadAuth" = yes; then
+ if test "$ac_cv_funclib_XauFileName" = yes; then
+ LIB_XauReadAuth="$LIB_XauWriteAuth"
+ else
+ LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName"
+ fi
+ else
+ if test "$ac_cv_funclib_XauFileName" = yes; then
+ LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth"
+ else
+ LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName"
+ fi
+ fi
+ ;;
+esac
+
+if test "$AUTOMAKE" != ""; then
+ if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+ NEED_WRITEAUTH_TRUE=
+ NEED_WRITEAUTH_FALSE='#'
+else
+ NEED_WRITEAUTH_TRUE='#'
+ NEED_WRITEAUTH_FALSE=
+fi
+
+else
+
+
+ if test "$ac_cv_func_XauWriteAuth" != "yes"; then
+ NEED_WRITEAUTH_TRUE=
+ NEED_WRITEAUTH_FALSE='#'
+ else
+ NEED_WRITEAUTH_TRUE='#'
+ NEED_WRITEAUTH_FALSE=
+ fi
+fi
+CFLAGS=$save_CFLAGS
+LIBS=$save_LIBS
+LDFLAGS=$save_LDFLAGS
+
+
+
+{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
+echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; }
+if test "${ac_cv_c_const+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this. */
+ typedef int charset[2];
+ const charset cs;
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *pcpcc;
+ char **ppc;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ pcpcc = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this. */
+ char *t;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ if (s) return 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* AIX XL C 1.02.0.0 rejects this saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; };
+ struct s *b; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ if (!foo) return 0;
+ }
+ return !cs[0] && !zero.x;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_c_const=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_c_const=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
+echo "${ECHO_T}$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define const
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking for off_t" >&5
+echo $ECHO_N "checking for off_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_off_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef off_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_off_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_off_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5
+echo "${ECHO_T}$ac_cv_type_off_t" >&6; }
+if test $ac_cv_type_off_t = yes; then
+ :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define off_t long int
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking for mode_t" >&5
+echo $ECHO_N "checking for mode_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_mode_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+ ac_cv_type_mode_t=yes
+else
+ ac_cv_type_mode_t=no
+fi
+rm -f conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5
+echo "${ECHO_T}$ac_cv_type_mode_t" >&6; }
+if test $ac_cv_type_mode_t = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define mode_t unsigned short
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
+echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_sig_atomic_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <signal.h>
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
+ ac_cv_type_sig_atomic_t=yes
+else
+ ac_cv_type_sig_atomic_t=no
+fi
+rm -f conftest*
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
+echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6; }
+if test $ac_cv_type_sig_atomic_t = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define sig_atomic_t int
+_ACEOF
+
+fi
+
+
+
+cv=`echo "long long" | sed 'y%./+- %__p__%'`
+{ echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
+if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+
+int
+main ()
+{
+long long foo;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_type_$cv=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_type_$cv=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_foo=`eval echo \\$ac_cv_type_$cv`
+{ echo "$as_me:$LINENO: result: $ac_foo" >&5
+echo "${ECHO_T}$ac_foo" >&6; }
+if test "$ac_foo" = yes; then
+ ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
+if false; then
+ { echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
+if test "${ac_cv_type_long_long+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+typedef long long ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_long_long=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_long_long=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
+echo "${ECHO_T}$ac_cv_type_long_long" >&6; }
+if test $ac_cv_type_long_long = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_LONG 1
+_ACEOF
+
+
+fi
+
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define $ac_tr_hdr 1
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
+if test "${ac_cv_header_time+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_header_time=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_header_time=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TIME_WITH_SYS_TIME 1
+_ACEOF
+
+fi
+
+{ echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
+echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6; }
+if test "${ac_cv_struct_tm+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <time.h>
+
+int
+main ()
+{
+struct tm tm;
+ int *p = &tm.tm_sec;
+ return !p;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_struct_tm=time.h
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_struct_tm=sys/time.h
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
+echo "${ECHO_T}$ac_cv_struct_tm" >&6; }
+if test $ac_cv_struct_tm = sys/time.h; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TM_IN_SYS_TIME 1
+_ACEOF
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_header_stdc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_header_stdc=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then
+ :
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ :
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_header in \
+ arpa/ftp.h \
+ arpa/telnet.h \
+ bind/bitypes.h \
+ bsdsetjmp.h \
+ curses.h \
+ dlfcn.h \
+ fnmatch.h \
+ inttypes.h \
+ io.h \
+ libutil.h \
+ limits.h \
+ maillock.h \
+ netgroup.h \
+ netinet/in6_machtypes.h \
+ netinfo/ni.h \
+ pthread.h \
+ pty.h \
+ sac.h \
+ sgtty.h \
+ siad.h \
+ signal.h \
+ strings.h \
+ stropts.h \
+ sys/bitypes.h \
+ sys/category.h \
+ sys/file.h \
+ sys/filio.h \
+ sys/ioccom.h \
+ sys/mman.h \
+ sys/param.h \
+ sys/pty.h \
+ sys/ptyio.h \
+ sys/select.h \
+ sys/socket.h \
+ sys/str_tty.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/syscall.h \
+ sys/termio.h \
+ sys/timeb.h \
+ sys/times.h \
+ sys/types.h \
+ sys/un.h \
+ termcap.h \
+ termio.h \
+ termios.h \
+ time.h \
+ tmpdir.h \
+ udb.h \
+ util.h \
+ utmp.h \
+ utmpx.h \
+
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in term.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f conftest.err conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in net/if.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#if HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/ptyvar.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#if HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/strtty.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#if HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+#if HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in sys/ucred.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in security/pam_modules.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <security/pam_appl.h>
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+# Check whether --enable-netinfo was given.
+if test "${enable_netinfo+set}" = set; then
+ enableval=$enable_netinfo;
+fi
+
+
+if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_NETINFO 1
+_ACEOF
+
+fi
+
+
+
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for logwtmp" >&5
+echo $ECHO_N "checking for logwtmp... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_logwtmp+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" util; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+int
+main ()
+{
+logwtmp(0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_logwtmp"
+
+if false; then
+
+for ac_func in logwtmp
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# logwtmp
+eval "ac_tr_func=HAVE_`echo logwtmp | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_logwtmp=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_logwtmp=yes"
+ eval "LIB_logwtmp="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_logwtmp=no"
+ eval "LIB_logwtmp="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_logwtmp=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for logout" >&5
+echo $ECHO_N "checking for logout... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_logout+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_logout\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" util; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+int
+main ()
+{
+logout(0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_logout"
+
+if false; then
+
+for ac_func in logout
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# logout
+eval "ac_tr_func=HAVE_`echo logout | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_logout=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_logout=yes"
+ eval "LIB_logout="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_logout=no"
+ eval "LIB_logout="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_logout=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for openpty" >&5
+echo $ECHO_N "checking for openpty... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_openpty+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_openpty\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" util; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+int
+main ()
+{
+openpty(0,0,0,0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_openpty=$ac_lib; else ac_cv_funclib_openpty=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_openpty=\${ac_cv_funclib_openpty-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_openpty"
+
+if false; then
+
+for ac_func in openpty
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# openpty
+eval "ac_tr_func=HAVE_`echo openpty | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_openpty=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_openpty=yes"
+ eval "LIB_openpty="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_openpty=no"
+ eval "LIB_openpty="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_openpty=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for tgetent" >&5
+echo $ECHO_N "checking for tgetent... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_tgetent+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" termcap ncurses curses; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_TERMCAP_H
+#include <termcap.h>
+#endif
+#ifdef HAVE_CURSES_H
+#include <curses.h>
+#endif
+
+int
+main ()
+{
+tgetent(0,0)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_tgetent"
+
+if false; then
+
+for ac_func in tgetent
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# tgetent
+eval "ac_tr_func=HAVE_`echo tgetent | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_tgetent=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_tgetent=yes"
+ eval "LIB_tgetent="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_tgetent=no"
+ eval "LIB_tgetent="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_tgetent=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_func in \
+ _getpty \
+ _scrsize \
+ arc4random \
+ fcntl \
+ getpeereid \
+ getpeerucred \
+ grantpt \
+ mktime \
+ ptsname \
+ rand \
+ revoke \
+ select \
+ setitimer \
+ setpcred \
+ setpgid \
+ setproctitle \
+ setregid \
+ setresgid \
+ setresuid \
+ setreuid \
+ setsid \
+ setutent \
+ sigaction \
+ strstr \
+ ttyname \
+ ttyslot \
+ umask \
+ unlockpt \
+ vhangup \
+ yp_get_default_domain \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+
+for ac_header in stdlib.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_func in getpagesize
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+{ echo "$as_me:$LINENO: checking for working mmap" >&5
+echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; }
+if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_func_mmap_fixed_mapped=no
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+/* malloc might have been renamed as rpl_malloc. */
+#undef malloc
+
+/* Thanks to Mike Haertel and Jim Avera for this test.
+ Here is a matrix of mmap possibilities:
+ mmap private not fixed
+ mmap private fixed at somewhere currently unmapped
+ mmap private fixed at somewhere already mapped
+ mmap shared not fixed
+ mmap shared fixed at somewhere currently unmapped
+ mmap shared fixed at somewhere already mapped
+ For private mappings, we should verify that changes cannot be read()
+ back from the file, nor mmap's back from the file at a different
+ address. (There have been systems where private was not correctly
+ implemented like the infamous i386 svr4.0, and systems where the
+ VM page cache was not coherent with the file system buffer cache
+ like early versions of FreeBSD and possibly contemporary NetBSD.)
+ For shared mappings, we should conversely verify that changes get
+ propagated back to all the places they're supposed to be.
+
+ Grep wants private fixed already mapped.
+ The main things grep needs to know about mmap are:
+ * does it exist and is it safe to write into the mmap'd area
+ * how to use it (BSD variants) */
+
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#if !defined STDC_HEADERS && !defined HAVE_STDLIB_H
+char *malloc ();
+#endif
+
+/* This mess was copied from the GNU getpagesize.h. */
+#ifndef HAVE_GETPAGESIZE
+/* Assume that all systems that can run configure have sys/param.h. */
+# ifndef HAVE_SYS_PARAM_H
+# define HAVE_SYS_PARAM_H 1
+# endif
+
+# ifdef _SC_PAGESIZE
+# define getpagesize() sysconf(_SC_PAGESIZE)
+# else /* no _SC_PAGESIZE */
+# ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+# ifdef EXEC_PAGESIZE
+# define getpagesize() EXEC_PAGESIZE
+# else /* no EXEC_PAGESIZE */
+# ifdef NBPG
+# define getpagesize() NBPG * CLSIZE
+# ifndef CLSIZE
+# define CLSIZE 1
+# endif /* no CLSIZE */
+# else /* no NBPG */
+# ifdef NBPC
+# define getpagesize() NBPC
+# else /* no NBPC */
+# ifdef PAGESIZE
+# define getpagesize() PAGESIZE
+# endif /* PAGESIZE */
+# endif /* no NBPC */
+# endif /* no NBPG */
+# endif /* no EXEC_PAGESIZE */
+# else /* no HAVE_SYS_PARAM_H */
+# define getpagesize() 8192 /* punt totally */
+# endif /* no HAVE_SYS_PARAM_H */
+# endif /* no _SC_PAGESIZE */
+
+#endif /* no HAVE_GETPAGESIZE */
+
+int
+main ()
+{
+ char *data, *data2, *data3;
+ int i, pagesize;
+ int fd;
+
+ pagesize = getpagesize ();
+
+ /* First, make a file with some known garbage in it. */
+ data = (char *) malloc (pagesize);
+ if (!data)
+ return 1;
+ for (i = 0; i < pagesize; ++i)
+ *(data + i) = rand ();
+ umask (0);
+ fd = creat ("conftest.mmap", 0600);
+ if (fd < 0)
+ return 1;
+ if (write (fd, data, pagesize) != pagesize)
+ return 1;
+ close (fd);
+
+ /* Next, try to mmap the file at a fixed address which already has
+ something else allocated at it. If we can, also make sure that
+ we see the same garbage. */
+ fd = open ("conftest.mmap", O_RDWR);
+ if (fd < 0)
+ return 1;
+ data2 = (char *) malloc (2 * pagesize);
+ if (!data2)
+ return 1;
+ data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1);
+ if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_FIXED, fd, 0L))
+ return 1;
+ for (i = 0; i < pagesize; ++i)
+ if (*(data + i) != *(data2 + i))
+ return 1;
+
+ /* Finally, make sure that changes to the mapped area do not
+ percolate back to the file as seen by read(). (This is a bug on
+ some variants of i386 svr4.0.) */
+ for (i = 0; i < pagesize; ++i)
+ *(data2 + i) = *(data2 + i) + 1;
+ data3 = (char *) malloc (pagesize);
+ if (!data3)
+ return 1;
+ if (read (fd, data3, pagesize) != pagesize)
+ return 1;
+ for (i = 0; i < pagesize; ++i)
+ if (*(data + i) != *(data3 + i))
+ return 1;
+ close (fd);
+ return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_mmap_fixed_mapped=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_mmap_fixed_mapped=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
+echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; }
+if test $ac_cv_func_mmap_fixed_mapped = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MMAP 1
+_ACEOF
+
+fi
+rm -f conftest.mmap
+
+
+
+
+
+
+for ac_header in capability.h sys/capability.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------- ##
+## Report this to heimdal-bugs at h5l.org ##
+## ----------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+for ac_func in sgi_getcapabilitybyname cap_set_proc
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for getpwnam_r" >&5
+echo $ECHO_N "checking for getpwnam_r... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_getpwnam_r+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" c_r; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+getpwnam_r()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_getpwnam_r"
+
+if false; then
+
+for ac_func in getpwnam_r
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# getpwnam_r
+eval "ac_tr_func=HAVE_`echo getpwnam_r | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_getpwnam_r=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_getpwnam_r=yes"
+ eval "LIB_getpwnam_r="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_getpwnam_r=no"
+ eval "LIB_getpwnam_r="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_getpwnam_r=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test "$ac_cv_func_getpwnam_r" = yes; then
+ { echo "$as_me:$LINENO: checking if getpwnam_r is posix" >&5
+echo $ECHO_N "checking if getpwnam_r is posix... $ECHO_C" >&6; }
+if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_libs="$LIBS"
+ LIBS="$LIBS $LIB_getpwnam_r"
+ if test "$cross_compiling" = yes; then
+ :
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#define _POSIX_PTHREAD_SEMANTICS
+#include <pwd.h>
+int main(int argc, char **argv)
+{
+ struct passwd pw, *pwd;
+ return getpwnam_r("", &pw, NULL, 0, &pwd) < 0;
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_getpwnam_r_posix=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_getpwnam_r_posix=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+LIBS="$ac_libs"
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getpwnam_r_posix" >&5
+echo "${ECHO_T}$ac_cv_func_getpwnam_r_posix" >&6; }
+if test "$ac_cv_func_getpwnam_r_posix" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define POSIX_GETPWNAM_R 1
+_ACEOF
+
+fi
+fi
+
+
+if test "$enable_pthread_support" != no; then
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $PTHREADS_LIBS"
+
+
+
+{ echo "$as_me:$LINENO: checking for door_create" >&5
+echo $ECHO_N "checking for door_create... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_door_create+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_door_create\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" door; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+door_create()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_door_create=$ac_lib; else ac_cv_funclib_door_create=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_door_create=\${ac_cv_funclib_door_create-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_door_create"
+
+if false; then
+
+for ac_func in door_create
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# door_create
+eval "ac_tr_func=HAVE_`echo door_create | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_door_create=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_door_create=yes"
+ eval "LIB_door_create="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_door_create=no"
+ eval "LIB_door_create="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_door_create=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+ LIBS="$saved_LIBS"
+fi
+
+# Check whether --enable-kcm was given.
+if test "${enable_kcm+set}" = set; then
+ enableval=$enable_kcm;
+else
+ enable_kcm=yes
+fi
+
+
+if test "$enable_kcm" = yes ; then
+ if test "$ac_cv_header_sys_un_h" != yes -a "$ac_cv_funclib_door_create" != yes ; then
+ enable_kcm=no
+ fi
+fi
+if test "$enable_kcm" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_KCM 1
+_ACEOF
+
+fi
+ if test "$enable_kcm" = yes; then
+ KCM_TRUE=
+ KCM_FALSE='#'
+else
+ KCM_TRUE='#'
+ KCM_FALSE=
+fi
+
+
+
+
+
+
+for ac_func in getudbnam setlim
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_addr in struct utmp" >&5
+echo $ECHO_N "checking for ut_addr in struct utmp... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmp.h>
+int
+main ()
+{
+struct utmp x; memset(&x, 0, sizeof(x)); x.ut_addr
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmp_ut_addr=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmp_ut_addr=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_addr" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_addr" >&6; }
+if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMP_UT_ADDR 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_host in struct utmp" >&5
+echo $ECHO_N "checking for ut_host in struct utmp... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmp.h>
+int
+main ()
+{
+struct utmp x; memset(&x, 0, sizeof(x)); x.ut_host
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmp_ut_host=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmp_ut_host=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_host" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_host" >&6; }
+if test "$ac_cv_type_struct_utmp_ut_host" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMP_UT_HOST 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_id in struct utmp" >&5
+echo $ECHO_N "checking for ut_id in struct utmp... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmp.h>
+int
+main ()
+{
+struct utmp x; memset(&x, 0, sizeof(x)); x.ut_id
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmp_ut_id=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmp_ut_id=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_id" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_id" >&6; }
+if test "$ac_cv_type_struct_utmp_ut_id" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMP_UT_ID 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_pid in struct utmp" >&5
+echo $ECHO_N "checking for ut_pid in struct utmp... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmp.h>
+int
+main ()
+{
+struct utmp x; memset(&x, 0, sizeof(x)); x.ut_pid
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmp_ut_pid=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmp_ut_pid=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_pid" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_pid" >&6; }
+if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMP_UT_PID 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_type in struct utmp" >&5
+echo $ECHO_N "checking for ut_type in struct utmp... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmp.h>
+int
+main ()
+{
+struct utmp x; memset(&x, 0, sizeof(x)); x.ut_type
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmp_ut_type=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmp_ut_type=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_type" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_type" >&6; }
+if test "$ac_cv_type_struct_utmp_ut_type" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMP_UT_TYPE 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_user in struct utmp" >&5
+echo $ECHO_N "checking for ut_user in struct utmp... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmp.h>
+int
+main ()
+{
+struct utmp x; memset(&x, 0, sizeof(x)); x.ut_user
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmp_ut_user=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmp_ut_user=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_user" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_user" >&6; }
+if test "$ac_cv_type_struct_utmp_ut_user" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMP_UT_USER 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_exit in struct utmpx" >&5
+echo $ECHO_N "checking for ut_exit in struct utmpx... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmpx.h>
+int
+main ()
+{
+struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_exit
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmpx_ut_exit=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmpx_ut_exit=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_exit" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_exit" >&6; }
+if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMPX_UT_EXIT 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for ut_syslen in struct utmpx" >&5
+echo $ECHO_N "checking for ut_syslen in struct utmpx... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <utmpx.h>
+int
+main ()
+{
+struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_syslen
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_utmpx_ut_syslen=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_utmpx_ut_syslen=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5
+echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_syslen" >&6; }
+if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1
+_ACEOF
+
+
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for int8_t" >&5
+echo $ECHO_N "checking for int8_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_int8_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef int8_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_int8_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_int8_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_int8_t" >&5
+echo "${ECHO_T}$ac_cv_type_int8_t" >&6; }
+if test $ac_cv_type_int8_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT8_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for int16_t" >&5
+echo $ECHO_N "checking for int16_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_int16_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef int16_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_int16_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_int16_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_int16_t" >&5
+echo "${ECHO_T}$ac_cv_type_int16_t" >&6; }
+if test $ac_cv_type_int16_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT16_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for int32_t" >&5
+echo $ECHO_N "checking for int32_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_int32_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef int32_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_int32_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_int32_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_int32_t" >&5
+echo "${ECHO_T}$ac_cv_type_int32_t" >&6; }
+if test $ac_cv_type_int32_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT32_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for int64_t" >&5
+echo $ECHO_N "checking for int64_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_int64_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef int64_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_int64_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_int64_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_int64_t" >&5
+echo "${ECHO_T}$ac_cv_type_int64_t" >&6; }
+if test $ac_cv_type_int64_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_INT64_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for u_int8_t" >&5
+echo $ECHO_N "checking for u_int8_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_u_int8_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef u_int8_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_u_int8_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_u_int8_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int8_t" >&5
+echo "${ECHO_T}$ac_cv_type_u_int8_t" >&6; }
+if test $ac_cv_type_u_int8_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_U_INT8_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for u_int16_t" >&5
+echo $ECHO_N "checking for u_int16_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_u_int16_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef u_int16_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_u_int16_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_u_int16_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int16_t" >&5
+echo "${ECHO_T}$ac_cv_type_u_int16_t" >&6; }
+if test $ac_cv_type_u_int16_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_U_INT16_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for u_int32_t" >&5
+echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_u_int32_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef u_int32_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_u_int32_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_u_int32_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int32_t" >&5
+echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6; }
+if test $ac_cv_type_u_int32_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_U_INT32_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for u_int64_t" >&5
+echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_u_int64_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef u_int64_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_u_int64_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_u_int64_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int64_t" >&5
+echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6; }
+if test $ac_cv_type_u_int64_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_U_INT64_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for uint8_t" >&5
+echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_uint8_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef uint8_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_uint8_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_uint8_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uint8_t" >&5
+echo "${ECHO_T}$ac_cv_type_uint8_t" >&6; }
+if test $ac_cv_type_uint8_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT8_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for uint16_t" >&5
+echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_uint16_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef uint16_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_uint16_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_uint16_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uint16_t" >&5
+echo "${ECHO_T}$ac_cv_type_uint16_t" >&6; }
+if test $ac_cv_type_uint16_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT16_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for uint32_t" >&5
+echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_uint32_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef uint32_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_uint32_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_uint32_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5
+echo "${ECHO_T}$ac_cv_type_uint32_t" >&6; }
+if test $ac_cv_type_uint32_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT32_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for uint64_t" >&5
+echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_uint64_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+
+
+typedef uint64_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_uint64_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_uint64_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5
+echo "${ECHO_T}$ac_cv_type_uint64_t" >&6; }
+if test $ac_cv_type_uint64_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT64_T 1
+_ACEOF
+
+
+fi
+
+
+
+
+{ echo "$as_me:$LINENO: checking for framework security" >&5
+echo $ECHO_N "checking for framework security... $ECHO_C" >&6; }
+if test "${rk_cv_framework_security+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if test "$rk_cv_framework_security" != yes; then
+ ac_save_LIBS="$LIBS"
+ LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <Security/Security.h>
+
+int
+main ()
+{
+SecKeychainSearchRef searchRef;
+SecKeychainSearchCreateFromAttributes(NULL,kSecCertificateItemClass,NULL, &searchRef);
+CFRelease(&searchRef);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ rk_cv_framework_security=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+if test "$rk_cv_framework_security" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_FRAMEWORK_SECURITY 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+ if test "$rk_cv_framework_security" = yes; then
+ FRAMEWORK_SECURITY_TRUE=
+ FRAMEWORK_SECURITY_FALSE='#'
+else
+ FRAMEWORK_SECURITY_TRUE='#'
+ FRAMEWORK_SECURITY_FALSE=
+fi
+
+
+if test "$rk_cv_framework_security" = yes; then
+
+if test "$ac_cv_func_SecKeyGetCSPHandle+set" != set -o "$ac_cv_func_SecKeyGetCSPHandle" = yes; then
+{ echo "$as_me:$LINENO: checking if SecKeyGetCSPHandle needs a prototype" >&5
+echo $ECHO_N "checking if SecKeyGetCSPHandle needs a prototype... $ECHO_C" >&6; }
+if test "${ac_cv_func_SecKeyGetCSPHandle_noproto+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <Security/Security.h>
+struct foo { int foo; } xx;
+extern int SecKeyGetCSPHandle (struct foo*);
+int
+main ()
+{
+SecKeyGetCSPHandle(&xx)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "ac_cv_func_SecKeyGetCSPHandle_noproto=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "ac_cv_func_SecKeyGetCSPHandle_noproto=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_SecKeyGetCSPHandle_noproto" >&5
+echo "${ECHO_T}$ac_cv_func_SecKeyGetCSPHandle_noproto" >&6; }
+if test "$ac_cv_func_SecKeyGetCSPHandle_noproto" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_SECKEYGETCSPHANDLE_PROTO 1
+_ACEOF
+
+fi
+fi
+
+fi
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking for el_init" >&5
+echo $ECHO_N "checking for el_init... $ECHO_C" >&6; }
+if test "${ac_cv_funclib_el_init+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+if eval "test \"\$ac_cv_func_el_init\" != yes" ; then
+ ac_save_LIBS="$LIBS"
+ for ac_lib in "" edit; do
+ case "$ac_lib" in
+ "") ;;
+ yes) ac_lib="" ;;
+ no) continue ;;
+ -l*) ;;
+ *) ac_lib="-l$ac_lib" ;;
+ esac
+ LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+int
+main ()
+{
+el_init()
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ done
+ eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}"
+ LIBS="$ac_save_LIBS"
+fi
+
+fi
+
+
+eval "ac_res=\$ac_cv_funclib_el_init"
+
+if false; then
+
+for ac_func in el_init
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+fi
+# el_init
+eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`"
+eval "LIB_el_init=$ac_res"
+
+case "$ac_res" in
+ yes)
+ eval "ac_cv_func_el_init=yes"
+ eval "LIB_el_init="
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ;;
+ no)
+ eval "ac_cv_func_el_init=no"
+ eval "LIB_el_init="
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+ *)
+ eval "ac_cv_func_el_init=yes"
+ eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes"
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_func 1
+_ACEOF
+
+ cat >>confdefs.h <<_ACEOF
+#define $ac_tr_lib 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5
+echo "${ECHO_T}yes, in $ac_res" >&6; }
+ ;;
+esac
+
+
+if test "$ac_cv_func_el_init" = yes ; then
+ { echo "$as_me:$LINENO: checking for four argument el_init" >&5
+echo $ECHO_N "checking for four argument el_init... $ECHO_C" >&6; }
+if test "${ac_cv_func_el_init_four+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+ #include <histedit.h>
+int
+main ()
+{
+el_init("", NULL, NULL, NULL);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_func_el_init_four=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_el_init_four=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_el_init_four" >&5
+echo "${ECHO_T}$ac_cv_func_el_init_four" >&6; }
+ if test "$ac_cv_func_el_init_four" = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_FOUR_VALUED_EL_INIT 1
+_ACEOF
+
+ fi
+fi
+
+
+ac_foo=no
+if test "$with_readline" = yes; then
+ :
+elif test "$ac_cv_func_readline" = yes; then
+ :
+elif test "$ac_cv_func_el_init" = yes; then
+ ac_foo=yes
+ LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)"
+else
+ LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)"
+fi
+ if test "$ac_foo" = yes; then
+ el_compat_TRUE=
+ el_compat_FALSE='#'
+else
+ el_compat_TRUE='#'
+ el_compat_FALSE=
+fi
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_READLINE 1
+_ACEOF
+
+
+
+
+
+cat >>confdefs.h <<\_ACEOF
+#define AUTHENTICATION 1
+_ACEOF
+
+cat >>confdefs.h <<\_ACEOF
+#define ENCRYPTION 1
+_ACEOF
+
+cat >>confdefs.h <<\_ACEOF
+#define DES_ENCRYPTION 1
+_ACEOF
+
+cat >>confdefs.h <<\_ACEOF
+#define DIAGNOSTICS 1
+_ACEOF
+
+cat >>confdefs.h <<\_ACEOF
+#define OLD_ENVIRON 1
+_ACEOF
+if false; then
+
+cat >>confdefs.h <<\_ACEOF
+#define ENV_HACK 1
+_ACEOF
+
+fi
+
+# Simple test for streamspty, based on the existance of getmsg(), alas
+# this breaks on SunOS4 which have streams but BSD-like ptys
+#
+# And also something wierd has happend with dec-osf1, fallback to bsd-ptys
+
+case "$host" in
+*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[01]*)
+ ;;
+*)
+ { echo "$as_me:$LINENO: checking for getmsg" >&5
+echo $ECHO_N "checking for getmsg... $ECHO_C" >&6; }
+if test "${ac_cv_func_getmsg+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define getmsg to an innocuous variant, in case <limits.h> declares getmsg.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getmsg innocuous_getmsg
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getmsg (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getmsg
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getmsg ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getmsg || defined __stub___getmsg
+choke me
+#endif
+
+int
+main ()
+{
+return getmsg ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getmsg=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_func_getmsg=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getmsg" >&5
+echo "${ECHO_T}$ac_cv_func_getmsg" >&6; }
+
+ if test "$ac_cv_func_getmsg" = "yes"; then
+ { echo "$as_me:$LINENO: checking if getmsg works" >&5
+echo $ECHO_N "checking if getmsg works... $ECHO_C" >&6; }
+if test "${ac_cv_func_getmsg_works+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test "$cross_compiling" = yes; then
+ ac_cv_func_getmsg_works=no
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <stdio.h>
+ #include <errno.h>
+
+ int main(int argc, char **argv)
+ {
+ int ret;
+ ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
+ if(ret < 0 && errno == ENOSYS)
+ return 1;
+ return 0;
+ }
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_func_getmsg_works=yes
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_getmsg_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getmsg_works" >&5
+echo "${ECHO_T}$ac_cv_func_getmsg_works" >&6; }
+ if test "$ac_cv_func_getmsg_works" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_GETMSG 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define STREAMSPTY 1
+_ACEOF
+
+ fi
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+# Extract the first word of "compile_et", so it can be a program name with args.
+set dummy compile_et; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_COMPILE_ET+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$COMPILE_ET"; then
+ ac_cv_prog_COMPILE_ET="$COMPILE_ET" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_COMPILE_ET="compile_et"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+COMPILE_ET=$ac_cv_prog_COMPILE_ET
+if test -n "$COMPILE_ET"; then
+ { echo "$as_me:$LINENO: result: $COMPILE_ET" >&5
+echo "${ECHO_T}$COMPILE_ET" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+
+krb_cv_compile_et="no"
+krb_cv_com_err_need_r=""
+krb_cv_compile_et_cross=no
+if test "${COMPILE_ET}" = "compile_et"; then
+
+{ echo "$as_me:$LINENO: checking whether compile_et has the features we need" >&5
+echo $ECHO_N "checking whether compile_et has the features we need... $ECHO_C" >&6; }
+cat > conftest_et.et <<'EOF'
+error_table test conf
+prefix CONFTEST
+index 1
+error_code CODE1, "CODE1"
+index 128
+error_code CODE2, "CODE2"
+end
+EOF
+if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then
+ save_CPPFLAGS="${CPPFLAGS}"
+ if test -d "/usr/include/et"; then
+ CPPFLAGS="-I/usr/include/et ${CPPFLAGS}"
+ fi
+ if test "$cross_compiling" = yes; then
+ krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes
+else
+ cat >conftest.$ac_ext <<_ACEOF
+
+#include <com_err.h>
+#include <string.h>
+#include "conftest_et.h"
+int main(int argc, char **argv){
+#ifndef ERROR_TABLE_BASE_conf
+#error compile_et does not handle error_table N M
+#endif
+return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ krb_cv_compile_et="yes"
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+CPPFLAGS="${save_CPPFLAGS}"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ echo "$as_me:$LINENO: result: ${krb_cv_compile_et}" >&5
+echo "${ECHO_T}${krb_cv_compile_et}" >&6; }
+if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then
+ { echo "$as_me:$LINENO: checking for if com_err generates a initialize_conf_error_table_r" >&5
+echo $ECHO_N "checking for if com_err generates a initialize_conf_error_table_r... $ECHO_C" >&6; }
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include "conftest_et.h"
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "initialize_conf_error_table_r.*struct et_list" >/dev/null 2>&1; then
+ krb_cv_com_err_need_r="ok"
+fi
+rm -f conftest*
+
+ if test X"$krb_cv_com_err_need_r" = X ; then
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ krb_cv_compile_et=no
+ else
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ fi
+fi
+rm -fr conftest*
+fi
+
+if test "${krb_cv_compile_et_cross}" = yes ; then
+ krb_cv_com_err="cross"
+elif test "${krb_cv_compile_et}" = "yes"; then
+ krb_cv_save_LIBS="${LIBS}"
+ LIBS="${LIBS} -lcom_err"
+ { echo "$as_me:$LINENO: checking for com_err" >&5
+echo $ECHO_N "checking for com_err... $ECHO_C" >&6; }
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <com_err.h>
+int
+main ()
+{
+
+ const char *p;
+ p = error_message(0);
+ initialize_error_table_r(0,0,0,0);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ krb_cv_com_err="yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ { echo "$as_me:$LINENO: result: ${krb_cv_com_err}" >&5
+echo "${ECHO_T}${krb_cv_com_err}" >&6; }
+ LIBS="${krb_cv_save_LIBS}"
+else
+ krb_cv_com_err="no"
+fi
+
+if test "${krb_cv_com_err}" = "yes"; then
+ DIR_com_err=""
+ LIB_com_err="-lcom_err"
+ LIB_com_err_a=""
+ LIB_com_err_so=""
+ { echo "$as_me:$LINENO: Using the already-installed com_err" >&5
+echo "$as_me: Using the already-installed com_err" >&6;}
+ localcomerr=no
+elif test "${krb_cv_com_err}" = "cross"; then
+ DIR_com_err="com_err"
+ LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
+ LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
+ LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
+ { echo "$as_me:$LINENO: Using our own com_err with toolchain compile_et" >&5
+echo "$as_me: Using our own com_err with toolchain compile_et" >&6;}
+ localcomerr=yes
+else
+ COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et"
+ DIR_com_err="com_err"
+ LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la"
+ LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a"
+ LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so"
+ { echo "$as_me:$LINENO: Using our own com_err" >&5
+echo "$as_me: Using our own com_err" >&6;}
+ localcomerr=yes
+fi
+ if test "$localcomerr" = yes; then
+ COM_ERR_TRUE=
+ COM_ERR_FALSE='#'
+else
+ COM_ERR_TRUE='#'
+ COM_ERR_FALSE=
+fi
+
+
+
+
+
+
+
+
+{ echo "$as_me:$LINENO: checking which authentication modules should be built" >&5
+echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6; }
+
+z='sia afskauthlib'
+LIB_AUTH_SUBDIRS=
+for i in $z; do
+case $i in
+sia)
+if test "$ac_cv_header_siad_h" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
+fi
+;;
+pam)
+case "${host}" in
+*-*-freebsd*) ac_cv_want_pam_krb4=no ;;
+*) ac_cv_want_pam_krb4=yes ;;
+esac
+
+if test "$ac_cv_want_pam_krb4" = yes -a \
+ "$ac_cv_header_security_pam_modules_h" = yes -a \
+ "$enable_shared" = yes; then
+ LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
+fi
+;;
+afskauthlib)
+case "${host}" in
+*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
+esac
+;;
+esac
+done
+if test "$LIB_AUTH_SUBDIRS"; then
+ { echo "$as_me:$LINENO: result: $LIB_AUTH_SUBDIRS" >&5
+echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6; }
+else
+ { echo "$as_me:$LINENO: result: none" >&5
+echo "${ECHO_T}none" >&6; }
+fi
+
+
+
+
+# This is done by AC_OUTPUT but we need the result here.
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+
+ x="${bindir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+
+cat >>confdefs.h <<_ACEOF
+#define BINDIR "$x"
+_ACEOF
+
+ x="${libdir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+
+cat >>confdefs.h <<_ACEOF
+#define LIBDIR "$x"
+_ACEOF
+
+ x="${libexecdir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+
+cat >>confdefs.h <<_ACEOF
+#define LIBEXECDIR "$x"
+_ACEOF
+
+ x="${localstatedir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+
+cat >>confdefs.h <<_ACEOF
+#define LOCALSTATEDIR "$x"
+_ACEOF
+
+ x="${sbindir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+
+cat >>confdefs.h <<_ACEOF
+#define SBINDIR "$x"
+_ACEOF
+
+ x="${sysconfdir}"
+ eval y="$x"
+ while test "x$y" != "x$x"; do
+ x="$y"
+ eval y="$x"
+ done
+
+cat >>confdefs.h <<_ACEOF
+#define SYSCONFDIR "$x"
+_ACEOF
+
+
+
+
+
+# Check whether --enable-developer was given.
+if test "${enable_developer+set}" = set; then
+ enableval=$enable_developer;
+fi
+
+if test "X$enable_developer" = Xyes; then
+ dwflags="-Werror"
+fi
+
+WFLAGS_NOUNUSED=""
+WFLAGS_NOIMPLICITINT=""
+if test -z "$WFLAGS" -a "$GCC" = "yes"; then
+ # -Wno-implicit-int for broken X11 headers
+ # leave these out for now:
+ # -Wcast-align doesn't work well on alpha osf/1
+ # -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast
+ # -Wmissing-declarations -Wnested-externs
+ WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $dwflags"
+ WFLAGS_NOUNUSED="-Wno-unused"
+ WFLAGS_NOIMPLICITINT="-Wno-implicit-int"
+fi
+
+
+
+
+
+
+ac_config_files="$ac_config_files Makefile etc/Makefile include/Makefile include/gssapi/Makefile include/hcrypto/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/hcrypto/Makefile lib/editline/Makefile lib/hx509/Makefile lib/gssapi/Makefile lib/ntlm/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kcm/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/gssmask/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile tests/Makefile tests/can/Makefile tests/db/Makefile tests/kdc/Makefile tests/ldap/Makefile tests/gss/Makefile tests/java/Makefile tests/plugin/Makefile packages/Makefile packages/mac/Makefile packages/debian/Makefile doc/Makefile tools/Makefile"
+
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
+echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ *) $as_unset $ac_var ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes (double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \).
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ test "x$cache_file" != "x/dev/null" &&
+ { echo "$as_me:$LINENO: updating cache $cache_file" >&5
+echo "$as_me: updating cache $cache_file" >&6;}
+ cat confcache >$cache_file
+ else
+ { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${ENABLE_SHARED_TRUE}" && test -z "${ENABLE_SHARED_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"ENABLE_SHARED\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"ENABLE_SHARED\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${versionscript_TRUE}" && test -z "${versionscript_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"versionscript\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"versionscript\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${OPENLDAP_MODULE_TRUE}" && test -z "${OPENLDAP_MODULE_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"OPENLDAP_MODULE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"OPENLDAP_MODULE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${PKINIT_TRUE}" && test -z "${PKINIT_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"PKINIT\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"PKINIT\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"KRB4\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"KRB5\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"KRB5\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"do_roken_rename\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"do_roken_rename\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"HAVE_OPENSSL\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"DCE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"DCE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB1\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HAVE_DB1\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${HAVE_DB3_TRUE}" && test -z "${HAVE_DB3_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB3\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HAVE_DB3\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${HAVE_NDBM_TRUE}" && test -z "${HAVE_NDBM_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"HAVE_NDBM\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HAVE_NDBM\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_err_h_TRUE}" && test -z "${have_err_h_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_err_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_err_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_ifaddrs_h_TRUE}" && test -z "${have_ifaddrs_h_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_ifaddrs_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_ifaddrs_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_vis_h_TRUE}" && test -z "${have_vis_h_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_vis_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_vis_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_glob_h_TRUE}" && test -z "${have_glob_h_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_glob_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_glob_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_cgetent_TRUE}" && test -z "${have_cgetent_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_cgetent\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_cgetent\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_fnmatch_h_TRUE}" && test -z "${have_fnmatch_h_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_fnmatch_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_fnmatch_h\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${have_socket_wrapper_TRUE}" && test -z "${have_socket_wrapper_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"have_socket_wrapper\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"have_socket_wrapper\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"OTP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"OTP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${CATMAN_TRUE}" && test -z "${CATMAN_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"CATMAN\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"CATMAN\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${AIX_TRUE}" && test -z "${AIX_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"AIX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"AIX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${AIX4_TRUE}" && test -z "${AIX4_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"AIX4\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"AIX4\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${HAVE_DLOPEN_TRUE}" && test -z "${HAVE_DLOPEN_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"HAVE_DLOPEN\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HAVE_DLOPEN\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${AIX_DYNAMIC_AFS_TRUE}" && test -z "${AIX_DYNAMIC_AFS_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"AIX_DYNAMIC_AFS\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${IRIX_TRUE}" && test -z "${IRIX_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"IRIX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"IRIX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${HAVE_X_TRUE}" && test -z "${HAVE_X_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"HAVE_X\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HAVE_X\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${NEED_WRITEAUTH_TRUE}" && test -z "${NEED_WRITEAUTH_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"NEED_WRITEAUTH\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"NEED_WRITEAUTH\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${KCM_TRUE}" && test -z "${KCM_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"KCM\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"KCM\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${FRAMEWORK_SECURITY_TRUE}" && test -z "${FRAMEWORK_SECURITY_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"FRAMEWORK_SECURITY\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"FRAMEWORK_SECURITY\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"el_compat\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"el_compat\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+if test -z "${COM_ERR_TRUE}" && test -z "${COM_ERR_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"COM_ERR\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"COM_ERR\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+## --------------------- ##
+## M4sh Initialization. ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in
+ *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ as_unset=unset
+else
+ as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+as_nl='
+'
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+ LC_TELEPHONE LC_TIME
+do
+ if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+ eval $as_var=C; export $as_var
+ else
+ ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+ fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+ as_lineno_1=$LINENO
+ as_lineno_2=$LINENO
+ test "x$as_lineno_1" != "x$as_lineno_2" &&
+ test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+ # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+ # uniformly replaced by the line number. The first 'sed' inserts a
+ # line-number line after each line using $LINENO; the second 'sed'
+ # does the real work. The second script uses 'N' to pair each
+ # line-number line with the line containing $LINENO, and appends
+ # trailing '-' during substitution so that $LINENO is not a special
+ # case at line end.
+ # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+ # scripts with optimization help from Paolo Bonzini. Blame Lee
+ # E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+ { (exit 1); exit 1; }; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+ case `echo 'x\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ *) ECHO_C='\c';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir
+fi
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p=:
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by Heimdal $as_me 1.1, which was
+generated by GNU Autoconf 2.61. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTIONS] [FILE]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ -q, --quiet do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Report bugs to <bug-autoconf at gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+ac_cs_version="\\
+Heimdal config.status 1.1
+configured by $0, generated by GNU Autoconf 2.61,
+ with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2006 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If no file are specified by the user, then we need to provide default
+# value. By we need to know if files were specified by the user.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ echo "$ac_cs_version"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ { echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+ { (exit 1); exit 1; }; };;
+ --help | --hel | -h )
+ echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) { echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+ { (exit 1); exit 1; }; } ;;
+
+ *) ac_config_targets="$ac_config_targets $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+if \$ac_cs_recheck; then
+ echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
+ CONFIG_SHELL=$SHELL
+ export CONFIG_SHELL
+ exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;;
+ "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
+ "include/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES include/gssapi/Makefile" ;;
+ "include/hcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES include/hcrypto/Makefile" ;;
+ "include/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES include/kadm5/Makefile" ;;
+ "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
+ "lib/45/Makefile") CONFIG_FILES="$CONFIG_FILES lib/45/Makefile" ;;
+ "lib/auth/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;;
+ "lib/auth/afskauthlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/afskauthlib/Makefile" ;;
+ "lib/auth/pam/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/pam/Makefile" ;;
+ "lib/auth/sia/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/sia/Makefile" ;;
+ "lib/asn1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/asn1/Makefile" ;;
+ "lib/com_err/Makefile") CONFIG_FILES="$CONFIG_FILES lib/com_err/Makefile" ;;
+ "lib/hcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hcrypto/Makefile" ;;
+ "lib/editline/Makefile") CONFIG_FILES="$CONFIG_FILES lib/editline/Makefile" ;;
+ "lib/hx509/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hx509/Makefile" ;;
+ "lib/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile" ;;
+ "lib/ntlm/Makefile") CONFIG_FILES="$CONFIG_FILES lib/ntlm/Makefile" ;;
+ "lib/hdb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hdb/Makefile" ;;
+ "lib/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile" ;;
+ "lib/kafs/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kafs/Makefile" ;;
+ "lib/kdfs/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kdfs/Makefile" ;;
+ "lib/krb5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile" ;;
+ "lib/otp/Makefile") CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;;
+ "lib/roken/Makefile") CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;;
+ "lib/sl/Makefile") CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;;
+ "lib/vers/Makefile") CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;;
+ "kuser/Makefile") CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;;
+ "kpasswd/Makefile") CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;;
+ "kadmin/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/Makefile" ;;
+ "admin/Makefile") CONFIG_FILES="$CONFIG_FILES admin/Makefile" ;;
+ "kcm/Makefile") CONFIG_FILES="$CONFIG_FILES kcm/Makefile" ;;
+ "kdc/Makefile") CONFIG_FILES="$CONFIG_FILES kdc/Makefile" ;;
+ "appl/Makefile") CONFIG_FILES="$CONFIG_FILES appl/Makefile" ;;
+ "appl/afsutil/Makefile") CONFIG_FILES="$CONFIG_FILES appl/afsutil/Makefile" ;;
+ "appl/ftp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/Makefile" ;;
+ "appl/ftp/common/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/common/Makefile" ;;
+ "appl/ftp/ftp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/ftp/Makefile" ;;
+ "appl/ftp/ftpd/Makefile") CONFIG_FILES="$CONFIG_FILES appl/ftp/ftpd/Makefile" ;;
+ "appl/gssmask/Makefile") CONFIG_FILES="$CONFIG_FILES appl/gssmask/Makefile" ;;
+ "appl/kx/Makefile") CONFIG_FILES="$CONFIG_FILES appl/kx/Makefile" ;;
+ "appl/login/Makefile") CONFIG_FILES="$CONFIG_FILES appl/login/Makefile" ;;
+ "appl/otp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/otp/Makefile" ;;
+ "appl/popper/Makefile") CONFIG_FILES="$CONFIG_FILES appl/popper/Makefile" ;;
+ "appl/push/Makefile") CONFIG_FILES="$CONFIG_FILES appl/push/Makefile" ;;
+ "appl/rsh/Makefile") CONFIG_FILES="$CONFIG_FILES appl/rsh/Makefile" ;;
+ "appl/rcp/Makefile") CONFIG_FILES="$CONFIG_FILES appl/rcp/Makefile" ;;
+ "appl/su/Makefile") CONFIG_FILES="$CONFIG_FILES appl/su/Makefile" ;;
+ "appl/xnlock/Makefile") CONFIG_FILES="$CONFIG_FILES appl/xnlock/Makefile" ;;
+ "appl/telnet/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/Makefile" ;;
+ "appl/telnet/libtelnet/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/libtelnet/Makefile" ;;
+ "appl/telnet/telnet/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/telnet/Makefile" ;;
+ "appl/telnet/telnetd/Makefile") CONFIG_FILES="$CONFIG_FILES appl/telnet/telnetd/Makefile" ;;
+ "appl/test/Makefile") CONFIG_FILES="$CONFIG_FILES appl/test/Makefile" ;;
+ "appl/kf/Makefile") CONFIG_FILES="$CONFIG_FILES appl/kf/Makefile" ;;
+ "appl/dceutils/Makefile") CONFIG_FILES="$CONFIG_FILES appl/dceutils/Makefile" ;;
+ "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
+ "tests/can/Makefile") CONFIG_FILES="$CONFIG_FILES tests/can/Makefile" ;;
+ "tests/db/Makefile") CONFIG_FILES="$CONFIG_FILES tests/db/Makefile" ;;
+ "tests/kdc/Makefile") CONFIG_FILES="$CONFIG_FILES tests/kdc/Makefile" ;;
+ "tests/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES tests/ldap/Makefile" ;;
+ "tests/gss/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gss/Makefile" ;;
+ "tests/java/Makefile") CONFIG_FILES="$CONFIG_FILES tests/java/Makefile" ;;
+ "tests/plugin/Makefile") CONFIG_FILES="$CONFIG_FILES tests/plugin/Makefile" ;;
+ "packages/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Makefile" ;;
+ "packages/mac/Makefile") CONFIG_FILES="$CONFIG_FILES packages/mac/Makefile" ;;
+ "packages/debian/Makefile") CONFIG_FILES="$CONFIG_FILES packages/debian/Makefile" ;;
+ "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+ "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
+
+ *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+ { (exit 1); exit 1; }; };;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp=
+ trap 'exit_status=$?
+ { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+ trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} ||
+{
+ echo "$me: cannot create a temporary directory in ." >&2
+ { (exit 1); exit 1; }
+}
+
+#
+# Set up the sed scripts for CONFIG_FILES section.
+#
+
+# No need to generate the scripts if there are no CONFIG_FILES.
+# This happens for instance when ./config.status config.h
+if test -n "$CONFIG_FILES"; then
+
+_ACEOF
+
+
+
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ cat >conf$$subs.sed <<_ACEOF
+SHELL!$SHELL$ac_delim
+PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim
+PACKAGE_NAME!$PACKAGE_NAME$ac_delim
+PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim
+PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim
+PACKAGE_STRING!$PACKAGE_STRING$ac_delim
+PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim
+exec_prefix!$exec_prefix$ac_delim
+prefix!$prefix$ac_delim
+program_transform_name!$program_transform_name$ac_delim
+bindir!$bindir$ac_delim
+sbindir!$sbindir$ac_delim
+libexecdir!$libexecdir$ac_delim
+datarootdir!$datarootdir$ac_delim
+datadir!$datadir$ac_delim
+sysconfdir!$sysconfdir$ac_delim
+sharedstatedir!$sharedstatedir$ac_delim
+localstatedir!$localstatedir$ac_delim
+includedir!$includedir$ac_delim
+oldincludedir!$oldincludedir$ac_delim
+docdir!$docdir$ac_delim
+infodir!$infodir$ac_delim
+htmldir!$htmldir$ac_delim
+dvidir!$dvidir$ac_delim
+pdfdir!$pdfdir$ac_delim
+psdir!$psdir$ac_delim
+libdir!$libdir$ac_delim
+localedir!$localedir$ac_delim
+mandir!$mandir$ac_delim
+DEFS!$DEFS$ac_delim
+ECHO_C!$ECHO_C$ac_delim
+ECHO_N!$ECHO_N$ac_delim
+ECHO_T!$ECHO_T$ac_delim
+LIBS!$LIBS$ac_delim
+build_alias!$build_alias$ac_delim
+host_alias!$host_alias$ac_delim
+target_alias!$target_alias$ac_delim
+INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim
+INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim
+INSTALL_DATA!$INSTALL_DATA$ac_delim
+am__isrc!$am__isrc$ac_delim
+CYGPATH_W!$CYGPATH_W$ac_delim
+PACKAGE!$PACKAGE$ac_delim
+VERSION!$VERSION$ac_delim
+ACLOCAL!$ACLOCAL$ac_delim
+AUTOCONF!$AUTOCONF$ac_delim
+AUTOMAKE!$AUTOMAKE$ac_delim
+AUTOHEADER!$AUTOHEADER$ac_delim
+MAKEINFO!$MAKEINFO$ac_delim
+install_sh!$install_sh$ac_delim
+STRIP!$STRIP$ac_delim
+INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim
+mkdir_p!$mkdir_p$ac_delim
+AWK!$AWK$ac_delim
+SET_MAKE!$SET_MAKE$ac_delim
+am__leading_dot!$am__leading_dot$ac_delim
+AMTAR!$AMTAR$ac_delim
+am__tar!$am__tar$ac_delim
+am__untar!$am__untar$ac_delim
+MAINTAINER_MODE_TRUE!$MAINTAINER_MODE_TRUE$ac_delim
+MAINTAINER_MODE_FALSE!$MAINTAINER_MODE_FALSE$ac_delim
+MAINT!$MAINT$ac_delim
+CC!$CC$ac_delim
+CFLAGS!$CFLAGS$ac_delim
+LDFLAGS!$LDFLAGS$ac_delim
+CPPFLAGS!$CPPFLAGS$ac_delim
+ac_ct_CC!$ac_ct_CC$ac_delim
+EXEEXT!$EXEEXT$ac_delim
+OBJEXT!$OBJEXT$ac_delim
+CPP!$CPP$ac_delim
+build!$build$ac_delim
+build_cpu!$build_cpu$ac_delim
+build_vendor!$build_vendor$ac_delim
+build_os!$build_os$ac_delim
+host!$host$ac_delim
+host_cpu!$host_cpu$ac_delim
+host_vendor!$host_vendor$ac_delim
+host_os!$host_os$ac_delim
+CANONICAL_HOST!$CANONICAL_HOST$ac_delim
+YACC!$YACC$ac_delim
+YFLAGS!$YFLAGS$ac_delim
+LEX!$LEX$ac_delim
+LEX_OUTPUT_ROOT!$LEX_OUTPUT_ROOT$ac_delim
+LEXLIB!$LEXLIB$ac_delim
+LN_S!$LN_S$ac_delim
+GREP!$GREP$ac_delim
+EGREP!$EGREP$ac_delim
+ECHO!$ECHO$ac_delim
+AR!$AR$ac_delim
+RANLIB!$RANLIB$ac_delim
+CXX!$CXX$ac_delim
+CXXFLAGS!$CXXFLAGS$ac_delim
+ac_ct_CXX!$ac_ct_CXX$ac_delim
+CXXCPP!$CXXCPP$ac_delim
+F77!$F77$ac_delim
+FFLAGS!$FFLAGS$ac_delim
+ac_ct_F77!$ac_ct_F77$ac_delim
+_ACEOF
+
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
+ break
+ elif $ac_last_try; then
+ { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
+if test -n "$ac_eof"; then
+ ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
+ ac_eof=`expr $ac_eof + 1`
+fi
+
+cat >>$CONFIG_STATUS <<_ACEOF
+cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+_ACEOF
+sed '
+s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+s/^/s,@/; s/!/@,|#_!!_#|/
+:n
+t n
+s/'"$ac_delim"'$/,g/; t
+s/$/\\/; p
+N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
+' >>$CONFIG_STATUS <conf$$subs.sed
+rm -f conf$$subs.sed
+cat >>$CONFIG_STATUS <<_ACEOF
+CEOF$ac_eof
+_ACEOF
+
+
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ cat >conf$$subs.sed <<_ACEOF
+LIBTOOL!$LIBTOOL$ac_delim
+ENABLE_SHARED_TRUE!$ENABLE_SHARED_TRUE$ac_delim
+ENABLE_SHARED_FALSE!$ENABLE_SHARED_FALSE$ac_delim
+VERSIONING!$VERSIONING$ac_delim
+versionscript_TRUE!$versionscript_TRUE$ac_delim
+versionscript_FALSE!$versionscript_FALSE$ac_delim
+LDFLAGS_VERSION_SCRIPT!$LDFLAGS_VERSION_SCRIPT$ac_delim
+INCLUDE_openldap!$INCLUDE_openldap$ac_delim
+LIB_openldap!$LIB_openldap$ac_delim
+OPENLDAP_MODULE_TRUE!$OPENLDAP_MODULE_TRUE$ac_delim
+OPENLDAP_MODULE_FALSE!$OPENLDAP_MODULE_FALSE$ac_delim
+PKINIT_TRUE!$PKINIT_TRUE$ac_delim
+PKINIT_FALSE!$PKINIT_FALSE$ac_delim
+DIR_hdbdir!$DIR_hdbdir$ac_delim
+INCLUDE_krb4!$INCLUDE_krb4$ac_delim
+LIB_krb4!$LIB_krb4$ac_delim
+KRB4_TRUE!$KRB4_TRUE$ac_delim
+KRB4_FALSE!$KRB4_FALSE$ac_delim
+KRB5_TRUE!$KRB5_TRUE$ac_delim
+KRB5_FALSE!$KRB5_FALSE$ac_delim
+do_roken_rename_TRUE!$do_roken_rename_TRUE$ac_delim
+do_roken_rename_FALSE!$do_roken_rename_FALSE$ac_delim
+LIB_kdb!$LIB_kdb$ac_delim
+HAVE_OPENSSL_TRUE!$HAVE_OPENSSL_TRUE$ac_delim
+HAVE_OPENSSL_FALSE!$HAVE_OPENSSL_FALSE$ac_delim
+DIR_hcrypto!$DIR_hcrypto$ac_delim
+INCLUDE_hcrypto!$INCLUDE_hcrypto$ac_delim
+LIB_hcrypto!$LIB_hcrypto$ac_delim
+LIB_hcrypto_a!$LIB_hcrypto_a$ac_delim
+LIB_hcrypto_so!$LIB_hcrypto_so$ac_delim
+LIB_hcrypto_appl!$LIB_hcrypto_appl$ac_delim
+PTHREADS_CFLAGS!$PTHREADS_CFLAGS$ac_delim
+PTHREADS_LIBS!$PTHREADS_LIBS$ac_delim
+DCE_TRUE!$DCE_TRUE$ac_delim
+DCE_FALSE!$DCE_FALSE$ac_delim
+dpagaix_cflags!$dpagaix_cflags$ac_delim
+dpagaix_ldadd!$dpagaix_ldadd$ac_delim
+dpagaix_ldflags!$dpagaix_ldflags$ac_delim
+LIB_db_create!$LIB_db_create$ac_delim
+LIB_dbopen!$LIB_dbopen$ac_delim
+LIB_dbm_firstkey!$LIB_dbm_firstkey$ac_delim
+HAVE_DB1_TRUE!$HAVE_DB1_TRUE$ac_delim
+HAVE_DB1_FALSE!$HAVE_DB1_FALSE$ac_delim
+HAVE_DB3_TRUE!$HAVE_DB3_TRUE$ac_delim
+HAVE_DB3_FALSE!$HAVE_DB3_FALSE$ac_delim
+HAVE_NDBM_TRUE!$HAVE_NDBM_TRUE$ac_delim
+HAVE_NDBM_FALSE!$HAVE_NDBM_FALSE$ac_delim
+DBLIB!$DBLIB$ac_delim
+LIB_NDBM!$LIB_NDBM$ac_delim
+WFLAGS!$WFLAGS$ac_delim
+WFLAGS_NOUNUSED!$WFLAGS_NOUNUSED$ac_delim
+WFLAGS_NOIMPLICITINT!$WFLAGS_NOIMPLICITINT$ac_delim
+VOID_RETSIGTYPE!$VOID_RETSIGTYPE$ac_delim
+have_err_h_TRUE!$have_err_h_TRUE$ac_delim
+have_err_h_FALSE!$have_err_h_FALSE$ac_delim
+have_ifaddrs_h_TRUE!$have_ifaddrs_h_TRUE$ac_delim
+have_ifaddrs_h_FALSE!$have_ifaddrs_h_FALSE$ac_delim
+have_vis_h_TRUE!$have_vis_h_TRUE$ac_delim
+have_vis_h_FALSE!$have_vis_h_FALSE$ac_delim
+LIB_socket!$LIB_socket$ac_delim
+LIB_gethostbyname!$LIB_gethostbyname$ac_delim
+LIB_syslog!$LIB_syslog$ac_delim
+LIB_gethostbyname2!$LIB_gethostbyname2$ac_delim
+LIB_res_search!$LIB_res_search$ac_delim
+LIB_res_nsearch!$LIB_res_nsearch$ac_delim
+LIB_res_ndestroy!$LIB_res_ndestroy$ac_delim
+LIB_dn_expand!$LIB_dn_expand$ac_delim
+LIBOBJS!$LIBOBJS$ac_delim
+have_glob_h_TRUE!$have_glob_h_TRUE$ac_delim
+have_glob_h_FALSE!$have_glob_h_FALSE$ac_delim
+have_cgetent_TRUE!$have_cgetent_TRUE$ac_delim
+have_cgetent_FALSE!$have_cgetent_FALSE$ac_delim
+LIB_getsockopt!$LIB_getsockopt$ac_delim
+LIB_setsockopt!$LIB_setsockopt$ac_delim
+LIB_hstrerror!$LIB_hstrerror$ac_delim
+LIB_bswap16!$LIB_bswap16$ac_delim
+LIB_bswap32!$LIB_bswap32$ac_delim
+LIB_pidfile!$LIB_pidfile$ac_delim
+LIB_getaddrinfo!$LIB_getaddrinfo$ac_delim
+LIB_getnameinfo!$LIB_getnameinfo$ac_delim
+LIB_freeaddrinfo!$LIB_freeaddrinfo$ac_delim
+LIB_gai_strerror!$LIB_gai_strerror$ac_delim
+have_fnmatch_h_TRUE!$have_fnmatch_h_TRUE$ac_delim
+have_fnmatch_h_FALSE!$have_fnmatch_h_FALSE$ac_delim
+LIB_crypt!$LIB_crypt$ac_delim
+have_socket_wrapper_TRUE!$have_socket_wrapper_TRUE$ac_delim
+have_socket_wrapper_FALSE!$have_socket_wrapper_FALSE$ac_delim
+DIR_roken!$DIR_roken$ac_delim
+LIB_roken!$LIB_roken$ac_delim
+INCLUDES_roken!$INCLUDES_roken$ac_delim
+LIBADD_roken!$LIBADD_roken$ac_delim
+LIB_otp!$LIB_otp$ac_delim
+OTP_TRUE!$OTP_TRUE$ac_delim
+OTP_FALSE!$OTP_FALSE$ac_delim
+LIB_security!$LIB_security$ac_delim
+NROFF!$NROFF$ac_delim
+GROFF!$GROFF$ac_delim
+_ACEOF
+
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
+ break
+ elif $ac_last_try; then
+ { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
+if test -n "$ac_eof"; then
+ ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
+ ac_eof=`expr $ac_eof + 1`
+fi
+
+cat >>$CONFIG_STATUS <<_ACEOF
+cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+_ACEOF
+sed '
+s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+s/^/s,@/; s/!/@,|#_!!_#|/
+:n
+t n
+s/'"$ac_delim"'$/,g/; t
+s/$/\\/; p
+N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
+' >>$CONFIG_STATUS <conf$$subs.sed
+rm -f conf$$subs.sed
+cat >>$CONFIG_STATUS <<_ACEOF
+CEOF$ac_eof
+_ACEOF
+
+
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ cat >conf$$subs.sed <<_ACEOF
+CATMAN!$CATMAN$ac_delim
+CATMAN_TRUE!$CATMAN_TRUE$ac_delim
+CATMAN_FALSE!$CATMAN_FALSE$ac_delim
+CATMANEXT!$CATMANEXT$ac_delim
+INCLUDE_readline!$INCLUDE_readline$ac_delim
+LIB_readline!$LIB_readline$ac_delim
+INCLUDE_hesiod!$INCLUDE_hesiod$ac_delim
+LIB_hesiod!$LIB_hesiod$ac_delim
+AIX_TRUE!$AIX_TRUE$ac_delim
+AIX_FALSE!$AIX_FALSE$ac_delim
+AIX4_TRUE!$AIX4_TRUE$ac_delim
+AIX4_FALSE!$AIX4_FALSE$ac_delim
+LIB_dlopen!$LIB_dlopen$ac_delim
+HAVE_DLOPEN_TRUE!$HAVE_DLOPEN_TRUE$ac_delim
+HAVE_DLOPEN_FALSE!$HAVE_DLOPEN_FALSE$ac_delim
+LIB_loadquery!$LIB_loadquery$ac_delim
+AIX_DYNAMIC_AFS_TRUE!$AIX_DYNAMIC_AFS_TRUE$ac_delim
+AIX_DYNAMIC_AFS_FALSE!$AIX_DYNAMIC_AFS_FALSE$ac_delim
+AIX_EXTRA_KAFS!$AIX_EXTRA_KAFS$ac_delim
+IRIX_TRUE!$IRIX_TRUE$ac_delim
+IRIX_FALSE!$IRIX_FALSE$ac_delim
+XMKMF!$XMKMF$ac_delim
+X_CFLAGS!$X_CFLAGS$ac_delim
+X_PRE_LIBS!$X_PRE_LIBS$ac_delim
+X_LIBS!$X_LIBS$ac_delim
+X_EXTRA_LIBS!$X_EXTRA_LIBS$ac_delim
+HAVE_X_TRUE!$HAVE_X_TRUE$ac_delim
+HAVE_X_FALSE!$HAVE_X_FALSE$ac_delim
+LIB_XauWriteAuth!$LIB_XauWriteAuth$ac_delim
+LIB_XauReadAuth!$LIB_XauReadAuth$ac_delim
+LIB_XauFileName!$LIB_XauFileName$ac_delim
+NEED_WRITEAUTH_TRUE!$NEED_WRITEAUTH_TRUE$ac_delim
+NEED_WRITEAUTH_FALSE!$NEED_WRITEAUTH_FALSE$ac_delim
+LIB_logwtmp!$LIB_logwtmp$ac_delim
+LIB_logout!$LIB_logout$ac_delim
+LIB_openpty!$LIB_openpty$ac_delim
+LIB_tgetent!$LIB_tgetent$ac_delim
+LIB_getpwnam_r!$LIB_getpwnam_r$ac_delim
+LIB_door_create!$LIB_door_create$ac_delim
+KCM_TRUE!$KCM_TRUE$ac_delim
+KCM_FALSE!$KCM_FALSE$ac_delim
+FRAMEWORK_SECURITY_TRUE!$FRAMEWORK_SECURITY_TRUE$ac_delim
+FRAMEWORK_SECURITY_FALSE!$FRAMEWORK_SECURITY_FALSE$ac_delim
+LIB_el_init!$LIB_el_init$ac_delim
+el_compat_TRUE!$el_compat_TRUE$ac_delim
+el_compat_FALSE!$el_compat_FALSE$ac_delim
+COMPILE_ET!$COMPILE_ET$ac_delim
+COM_ERR_TRUE!$COM_ERR_TRUE$ac_delim
+COM_ERR_FALSE!$COM_ERR_FALSE$ac_delim
+DIR_com_err!$DIR_com_err$ac_delim
+LIB_com_err!$LIB_com_err$ac_delim
+LIB_com_err_a!$LIB_com_err_a$ac_delim
+LIB_com_err_so!$LIB_com_err_so$ac_delim
+LIB_AUTH_SUBDIRS!$LIB_AUTH_SUBDIRS$ac_delim
+LTLIBOBJS!$LTLIBOBJS$ac_delim
+_ACEOF
+
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 55; then
+ break
+ elif $ac_last_try; then
+ { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+ { (exit 1); exit 1; }; }
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
+if test -n "$ac_eof"; then
+ ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
+ ac_eof=`expr $ac_eof + 1`
+fi
+
+cat >>$CONFIG_STATUS <<_ACEOF
+cat >"\$tmp/subs-3.sed" <<\CEOF$ac_eof
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
+_ACEOF
+sed '
+s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+s/^/s,@/; s/!/@,|#_!!_#|/
+:n
+t n
+s/'"$ac_delim"'$/,g/; t
+s/$/\\/; p
+N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
+' >>$CONFIG_STATUS <conf$$subs.sed
+rm -f conf$$subs.sed
+cat >>$CONFIG_STATUS <<_ACEOF
+:end
+s/|#_!!_#|//g
+CEOF$ac_eof
+_ACEOF
+
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[ ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+fi # test -n "$CONFIG_FILES"
+
+
+for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5
+echo "$as_me: error: Invalid tag $ac_tag." >&2;}
+ { (exit 1); exit 1; }; };;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+ { (exit 1); exit 1; }; };;
+ esac
+ ac_file_inputs="$ac_file_inputs $ac_f"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input="Generated from "`IFS=:
+ echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure."
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+ fi
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$tmp/stdin";;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ { as_dir="$ac_dir"
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+echo "$as_me: error: cannot create directory $as_dir" >&2;}
+ { (exit 1); exit 1; }; }; }
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+ ac_MKDIR_P=$MKDIR_P
+ case $MKDIR_P in
+ [\\/$]* | ?:[\\/]* ) ;;
+ */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+case `sed -n '/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+' $ac_file_inputs` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF
+ sed "$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s&@configure_input@&$configure_input&;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" | sed -f "$tmp/subs-3.sed" >$tmp/out
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+ { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined." >&5
+echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined." >&2;}
+
+ rm -f "$tmp/stdin"
+ case $ac_file in
+ -) cat "$tmp/out"; rm -f "$tmp/out";;
+ *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;;
+ esac
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+_ACEOF
+
+# Transform confdefs.h into a sed script `conftest.defines', that
+# substitutes the proper values into config.h.in to produce config.h.
+rm -f conftest.defines conftest.tail
+# First, append a space to every undef/define line, to ease matching.
+echo 's/$/ /' >conftest.defines
+# Then, protect against being on the right side of a sed subst, or in
+# an unquoted here document, in config.status. If some macros were
+# called several times there might be several #defines for the same
+# symbol, which is useless. But do not sort them, since the last
+# AC_DEFINE must be honored.
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where
+# NAME is the cpp macro being defined, VALUE is the value it is being given.
+# PARAMS is the parameter list in the macro definition--in most cases, it's
+# just an empty string.
+ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*'
+ac_dB='\\)[ (].*,\\1define\\2'
+ac_dC=' '
+ac_dD=' ,'
+
+uniq confdefs.h |
+ sed -n '
+ t rset
+ :rset
+ s/^[ ]*#[ ]*define[ ][ ]*//
+ t ok
+ d
+ :ok
+ s/[\\&,]/\\&/g
+ s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p
+ s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p
+ ' >>conftest.defines
+
+# Remove the space that was appended to ease matching.
+# Then replace #undef with comments. This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+# (The regexp can be short, since the line contains either #define or #undef.)
+echo 's/ $//
+s,^[ #]*u.*,/* & */,' >>conftest.defines
+
+# Break up conftest.defines:
+ac_max_sed_lines=50
+
+# First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1"
+# Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2"
+# Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1"
+# et cetera.
+ac_in='$ac_file_inputs'
+ac_out='"$tmp/out1"'
+ac_nxt='"$tmp/out2"'
+
+while :
+do
+ # Write a here document:
+ cat >>$CONFIG_STATUS <<_ACEOF
+ # First, check the format of the line:
+ cat >"\$tmp/defines.sed" <<\\CEOF
+/^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def
+/^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def
+b
+:def
+_ACEOF
+ sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS
+ echo 'CEOF
+ sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS
+ ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in
+ sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail
+ grep . conftest.tail >/dev/null || break
+ rm -f conftest.defines
+ mv conftest.tail conftest.defines
+done
+rm -f conftest.defines conftest.tail
+
+echo "ac_result=$ac_in" >>$CONFIG_STATUS
+cat >>$CONFIG_STATUS <<\_ACEOF
+ if test x"$ac_file" != x-; then
+ echo "/* $configure_input */" >"$tmp/config.h"
+ cat "$ac_result" >>"$tmp/config.h"
+ if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then
+ { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f $ac_file
+ mv "$tmp/config.h" $ac_file
+ fi
+ else
+ echo "/* $configure_input */"
+ cat "$ac_result"
+ fi
+ rm -f "$tmp/out12"
+# Compute $ac_file's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $ac_file | $ac_file:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $ac_file" >`$as_dirname -- $ac_file ||
+$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X$ac_file : 'X\(//\)[^/]' \| \
+ X$ac_file : 'X\(//\)$' \| \
+ X$ac_file : 'X\(/\)' \| . 2>/dev/null ||
+echo X$ac_file |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+
+ esac
+
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || { (exit 1); exit 1; }
+fi
+
+
+
+cat > include/newversion.h.in <<EOF
+const char *heimdal_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
+const char *heimdal_version = "Heimdal 1.1";
+EOF
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+ echo "include/version.h is unchanged"
+ rm -f include/newversion.h.in
+else
+ echo "creating include/version.h"
+ User=${USER-${LOGNAME}}
+ Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
+ Date=`date`
+ mv -f include/newversion.h.in include/version.h.in
+ sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
Added: vendor-crypto/heimdal/dist/configure.in
===================================================================
--- vendor-crypto/heimdal/dist/configure.in (rev 0)
+++ vendor-crypto/heimdal/dist/configure.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,543 @@
+dnl Process this file with autoconf to produce a configure script.
+AC_REVISION($Revision: 1.1.1.3 $)
+AC_PREREQ([2.59])
+test -z "$CFLAGS" && CFLAGS="-g"
+AC_INIT([Heimdal],[1.1],[heimdal-bugs at h5l.org])
+AC_CONFIG_SRCDIR([kuser/kinit.c])
+AC_CONFIG_HEADERS(include/config.h)
+
+AM_INIT_AUTOMAKE([foreign no-dependencies 1.8])
+AM_MAINTAINER_MODE
+
+dnl Checks for programs.
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_PROG_CPP
+
+AC_PREFIX_DEFAULT(/usr/heimdal)
+
+test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
+
+AC_CANONICAL_HOST
+CANONICAL_HOST=$host
+AC_SUBST(CANONICAL_HOST)
+
+dnl Hints for autobuild
+AB_INIT
+
+rk_SYS_LARGEFILE
+
+dnl
+dnl this is needed to run the configure tests against glibc
+dnl
+AC_DEFINE([_GNU_SOURCE], 1,
+ [Define to enable extensions on glibc-based systems such as Linux.])
+
+AC_OBJEXT
+AC_EXEEXT
+
+dnl AC_KRB_PROG_YACC
+AC_PROG_YACC
+AM_PROG_LEX
+dnl AC_PROG_RANLIB
+AC_PROG_AWK
+AC_KRB_PROG_LN_S
+
+AC_MIPS_ABI
+CC="$CC $abi"
+libdir="$libdir$abilibdirext"
+
+AC_C___ATTRIBUTE__
+
+AC_PROG_LIBTOOL
+
+AM_CONDITIONAL(ENABLE_SHARED, test "$enable_shared" = "yes")
+rk_VERSIONSCRIPT
+
+rk_TEST_PACKAGE(openldap,
+[#include <lber.h>
+#include <ldap.h>],
+[-lldap -llber],,,OPENLDAP)
+
+AC_ARG_ENABLE(hdb-openldap-module,
+ AS_HELP_STRING([--enable-hdb-openldap-module],
+ [if you want support to build openldap hdb as shared object]))
+if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then
+ AC_DEFINE(OPENLDAP_MODULE, 1, [Define if you want support for hdb ldap module])
+fi
+AM_CONDITIONAL(OPENLDAP_MODULE, test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes)
+
+AC_ARG_ENABLE(pk-init,
+ AS_HELP_STRING([--disable-pk-init],
+ [if you want disable to PK-INIT support]))
+if test "$enable_pk_init" != no ;then
+ AC_DEFINE([PKINIT], 1, [Define to enable PKINIT.])
+fi
+AM_CONDITIONAL(PKINIT, test "$enable_pk_init" != no)
+
+
+dnl path where the hdb directory is stored
+AC_ARG_WITH([hdbdir],
+ [AC_HELP_STRING([--with-hdbdir],
+ [Default location for KDC database @<:@default=/var/heimdal@:>@])],
+ [],
+ [with_hdbdir=/var/heimdal])
+DIR_hdbdir="$with_hdbdir"
+AC_SUBST([DIR_hdbdir])
+
+
+dnl no kerberos4 any more
+with_krb4=no
+AC_SUBST(INCLUDE_krb4)
+AC_SUBST(LIB_krb4)
+AM_CONDITIONAL(KRB4, false)
+
+AM_CONDITIONAL(KRB5, true)
+AM_CONDITIONAL(do_roken_rename, true)
+
+AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl
+AC_SUBST(LIB_kdb)dnl
+
+KRB_CRYPTO
+
+KRB_PTHREADS
+
+AC_ARG_ENABLE(dce,
+ AS_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
+if test "$enable_dce" = yes; then
+ AC_DEFINE(DCE, 1, [Define if you want support for DCE/DFS PAG's.])
+fi
+AM_CONDITIONAL(DCE, test "$enable_dce" = yes)
+
+## XXX quite horrible:
+if test -f /etc/ibmcxx.cfg; then
+ dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[[^=]]*=\(.*\)/\1/;s/,/ /gp;}'`
+ dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[[^=]]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'`
+ dpagaix_ldflags=
+else
+ dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce"
+ dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r"
+ dpagaix_ldflags="-Wl,-bI:dfspag.exp"
+fi
+AC_SUBST(dpagaix_cflags)
+AC_SUBST(dpagaix_ldadd)
+AC_SUBST(dpagaix_ldflags)
+
+AC_ARG_ENABLE([afs-support],
+ AC_HELP_STRING([--disable-afs-support],
+ [if you don't want support for AFS]))
+if test "$enable_afs_support" = no; then
+ AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.])
+fi
+
+rk_DB
+
+dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
+
+rk_ROKEN(lib/roken)
+LIBADD_roken="$LIB_roken"
+AC_SUBST(LIBADD_roken)dnl
+LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
+
+rk_OTP
+
+AC_CHECK_OSFC2
+
+AC_ARG_ENABLE(mmap,
+ AS_HELP_STRING([--disable-mmap],[disable use of mmap]))
+if test "$enable_mmap" = "no"; then
+ AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
+fi
+
+AC_ARG_ENABLE(afs-string-to-key,
+ AS_HELP_STRING([--disable-afs-string-to-key],
+ [disable use of weak AFS string-to-key functions]),
+ [], [enable_afs_string_to_key=yes])
+
+if test "$enable_afs_string_to_key" = "yes"; then
+ AC_DEFINE(ENABLE_AFS_STRING_TO_KEY, 1, [Define if want to use the weak AFS string to key functions.])
+fi
+
+
+rk_CHECK_MAN
+
+rk_TEST_PACKAGE(readline,
+[#include <stdio.h>
+ #include <readline.h>],-lreadline,,, READLINE)
+
+rk_TEST_PACKAGE(hesiod,[#include <hesiod.h>],-lhesiod,,, HESIOD)
+
+KRB_C_BIGENDIAN
+AC_C_INLINE
+
+rk_AIX
+rk_IRIX
+rk_SUNOS
+
+KRB_CHECK_X
+
+AM_CONDITIONAL(HAVE_X, test "$no_x" != yes)
+
+AC_CHECK_XAU
+
+dnl AM_C_PROTOTYPES
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_TYPE_OFF_T
+AC_CHECK_TYPE_EXTRA(mode_t, unsigned short, [])
+AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include <signal.h>])
+AC_HAVE_TYPE([long long])
+AC_HEADER_TIME
+AC_STRUCT_TM
+
+dnl Checks for header files.
+AC_HEADER_STDC
+
+AC_CHECK_HEADERS([\
+ arpa/ftp.h \
+ arpa/telnet.h \
+ bind/bitypes.h \
+ bsdsetjmp.h \
+ curses.h \
+ dlfcn.h \
+ fnmatch.h \
+ inttypes.h \
+ io.h \
+ libutil.h \
+ limits.h \
+ maillock.h \
+ netgroup.h \
+ netinet/in6_machtypes.h \
+ netinfo/ni.h \
+ pthread.h \
+ pty.h \
+ sac.h \
+ sgtty.h \
+ siad.h \
+ signal.h \
+ strings.h \
+ stropts.h \
+ sys/bitypes.h \
+ sys/category.h \
+ sys/file.h \
+ sys/filio.h \
+ sys/ioccom.h \
+ sys/mman.h \
+ sys/param.h \
+ sys/pty.h \
+ sys/ptyio.h \
+ sys/select.h \
+ sys/socket.h \
+ sys/str_tty.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/syscall.h \
+ sys/termio.h \
+ sys/timeb.h \
+ sys/times.h \
+ sys/types.h \
+ sys/un.h \
+ termcap.h \
+ termio.h \
+ termios.h \
+ time.h \
+ tmpdir.h \
+ udb.h \
+ util.h \
+ utmp.h \
+ utmpx.h \
+])
+
+dnl On Solaris 8 there's a compilation warning for term.h because
+dnl it doesn't define `bool'.
+AC_CHECK_HEADERS(term.h, , , -)
+
+AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT
+#if HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif])
+
+AC_CHECK_HEADERS(sys/ptyvar.h, , , [AC_INCLUDES_DEFAULT
+#if HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif])
+
+AC_CHECK_HEADERS(sys/strtty.h, , , [AC_INCLUDES_DEFAULT
+#if HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+#if HAVE_SYS_STREAM_H
+#include <sys/stream.h>
+#endif])
+
+AC_CHECK_HEADERS(sys/ucred.h, , , [AC_INCLUDES_DEFAULT
+#if HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif])
+
+AC_CHECK_HEADERS(security/pam_modules.h, , , [AC_INCLUDES_DEFAULT
+#include <security/pam_appl.h>
+])
+
+AC_ARG_ENABLE(netinfo,
+ AS_HELP_STRING([--enable-netinfo],[enable netinfo for configuration lookup]))
+
+if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then
+ AC_DEFINE(HAVE_NETINFO, 1,
+ [Define if you want to use Netinfo instead of krb5.conf.])
+fi
+
+dnl export symbols
+rk_WIN32_EXPORT(BUILD_KRB5_LIB, KRB5_LIB_FUNCTION)
+rk_WIN32_EXPORT(BUILD_ROKEN_LIB, ROKEN_LIB_FUNCTION)
+
+dnl Checks for libraries.
+
+AC_FIND_FUNC_NO_LIBS(logwtmp, util,[
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+],[0,0,0])
+AC_FIND_FUNC_NO_LIBS(logout, util,[
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+],[0])
+AC_FIND_FUNC_NO_LIBS(openpty, util,[
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+],[0,0,0,0,0])
+
+AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses,[
+#ifdef HAVE_TERMCAP_H
+#include <termcap.h>
+#endif
+#ifdef HAVE_CURSES_H
+#include <curses.h>
+#endif
+],[0,0])
+
+dnl Checks for library functions.
+
+AC_CHECK_FUNCS([ \
+ _getpty \
+ _scrsize \
+ arc4random \
+ fcntl \
+ getpeereid \
+ getpeerucred \
+ grantpt \
+ mktime \
+ ptsname \
+ rand \
+ revoke \
+ select \
+ setitimer \
+ setpcred \
+ setpgid \
+ setproctitle \
+ setregid \
+ setresgid \
+ setresuid \
+ setreuid \
+ setsid \
+ setutent \
+ sigaction \
+ strstr \
+ ttyname \
+ ttyslot \
+ umask \
+ unlockpt \
+ vhangup \
+ yp_get_default_domain \
+])
+
+AC_FUNC_MMAP
+
+KRB_CAPABILITIES
+
+AC_CHECK_GETPWNAM_R_POSIX
+
+dnl detect doors on solaris
+if test "$enable_pthread_support" != no; then
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $PTHREADS_LIBS"
+ AC_FIND_FUNC_NO_LIBS(door_create, door)
+ LIBS="$saved_LIBS"
+fi
+
+AC_ARG_ENABLE(kcm,
+ AS_HELP_STRING([--enable-kcm],[enable Kerberos Credentials Manager]),
+,[enable_kcm=yes])
+
+if test "$enable_kcm" = yes ; then
+ if test "$ac_cv_header_sys_un_h" != yes -a "$ac_cv_funclib_door_create" != yes ; then
+ enable_kcm=no
+ fi
+fi
+if test "$enable_kcm" = yes; then
+ AC_DEFINE(HAVE_KCM, 1,
+ [Define if you want to use the Kerberos Credentials Manager.])
+fi
+AM_CONDITIONAL(KCM, test "$enable_kcm" = yes)
+
+
+
+dnl Cray stuff
+AC_CHECK_FUNCS(getudbnam setlim)
+
+dnl AC_KRB_FUNC_GETCWD_BROKEN
+
+dnl
+dnl Check for fields in struct utmp
+dnl
+
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, [#include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, [#include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, [#include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, [#include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, [#include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, [#include <utmp.h>])
+AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, [#include <utmpx.h>])
+AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, [#include <utmpx.h>])
+
+AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t,
+ u_int8_t, u_int16_t, u_int32_t, u_int64_t,
+ uint8_t, uint16_t, uint32_t, uint64_t],,,[
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+])
+
+rk_FRAMEWORK_SECURITY
+
+KRB_READLINE
+
+rk_TELNET
+
+dnl Some operating systems already have com_err and compile_et
+CHECK_COMPILE_ET
+
+rk_AUTH_MODULES([sia afskauthlib])
+
+rk_DESTDIRS
+
+rk_WFLAGS([-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs])
+
+
+AH_BOTTOM([#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif])
+
+AC_CONFIG_FILES(Makefile \
+ etc/Makefile \
+ include/Makefile \
+ include/gssapi/Makefile \
+ include/hcrypto/Makefile \
+ include/kadm5/Makefile \
+ lib/Makefile \
+ lib/45/Makefile \
+ lib/auth/Makefile \
+ lib/auth/afskauthlib/Makefile \
+ lib/auth/pam/Makefile \
+ lib/auth/sia/Makefile \
+ lib/asn1/Makefile \
+ lib/com_err/Makefile \
+ lib/hcrypto/Makefile \
+ lib/editline/Makefile \
+ lib/hx509/Makefile \
+ lib/gssapi/Makefile \
+ lib/ntlm/Makefile \
+ lib/hdb/Makefile \
+ lib/kadm5/Makefile \
+ lib/kafs/Makefile \
+ lib/kdfs/Makefile \
+ lib/krb5/Makefile \
+ lib/otp/Makefile \
+ lib/roken/Makefile \
+ lib/sl/Makefile \
+ lib/vers/Makefile \
+ kuser/Makefile \
+ kpasswd/Makefile \
+ kadmin/Makefile \
+ admin/Makefile \
+ kcm/Makefile \
+ kdc/Makefile \
+ appl/Makefile \
+ appl/afsutil/Makefile \
+ appl/ftp/Makefile \
+ appl/ftp/common/Makefile \
+ appl/ftp/ftp/Makefile \
+ appl/ftp/ftpd/Makefile \
+ appl/gssmask/Makefile \
+ appl/kx/Makefile \
+ appl/login/Makefile \
+ appl/otp/Makefile \
+ appl/popper/Makefile \
+ appl/push/Makefile \
+ appl/rsh/Makefile \
+ appl/rcp/Makefile \
+ appl/su/Makefile \
+ appl/xnlock/Makefile \
+ appl/telnet/Makefile \
+ appl/telnet/libtelnet/Makefile \
+ appl/telnet/telnet/Makefile \
+ appl/telnet/telnetd/Makefile \
+ appl/test/Makefile \
+ appl/kf/Makefile \
+ appl/dceutils/Makefile \
+ tests/Makefile \
+ tests/can/Makefile \
+ tests/db/Makefile \
+ tests/kdc/Makefile \
+ tests/ldap/Makefile \
+ tests/gss/Makefile \
+ tests/java/Makefile \
+ tests/plugin/Makefile \
+ packages/Makefile \
+ packages/mac/Makefile \
+ packages/debian/Makefile \
+ doc/Makefile \
+ tools/Makefile \
+)
+
+AC_OUTPUT
+
+dnl
+dnl This is the release version name-number[beta]
+dnl
+
+cat > include/newversion.h.in <<EOF
+const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
+const char *heimdal_version = "AC_PACKAGE_STRING";
+EOF
+
+if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then
+ echo "include/version.h is unchanged"
+ rm -f include/newversion.h.in
+else
+ echo "creating include/version.h"
+ User=${USER-${LOGNAME}}
+ Host=`(hostname || uname -n || echo unknown) 2>/dev/null | sed 1q`
+ Date=`date`
+ mv -f include/newversion.h.in include/version.h.in
+ sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h
+fi
Added: vendor-crypto/heimdal/dist/doc/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/doc/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/doc/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,85 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AUTOMAKE_OPTIONS = no-texinfo.tex
+
+MAKEINFOFLAGS = --no-split --css-include=$(srcdir)/heimdal.css
+
+TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles
+
+info_TEXINFOS = heimdal.texi hx509.texi
+
+dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]objdir[@],.,g' \
+ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
+
+krb5.dxy: krb5.din Makefile
+ $(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp
+ chmod +x krb5.dxy.tmp
+ mv krb5.dxy.tmp krb5.dxy
+
+ntlm.dxy: ntlm.din Makefile
+ $(dxy_subst) < $(srcdir)/ntlm.din > ntlm.dxy.tmp
+ chmod +x ntlm.dxy.tmp
+ mv ntlm.dxy.tmp ntlm.dxy
+
+hx509.dxy: hx509.din Makefile
+ $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp
+ chmod +x hx509.dxy.tmp
+ mv hx509.dxy.tmp hx509.dxy
+
+hcrypto.dxy: hcrypto.din Makefile
+ $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp
+ chmod +x hcrypto.dxy.tmp
+ mv hcrypto.dxy.tmp hcrypto.dxy
+
+
+texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \
+ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
+
+vars.texi: vars.tin Makefile
+ $(texi_subst) < $(srcdir)/vars.tin > vars.texi.tmp
+ chmod +x vars.texi.tmp
+ mv vars.texi.tmp vars.texi
+
+doxygen: krb5.dxy ntlm.dxy hx509.dxy hcrypto.dxy
+ doxygen krb5.dxy
+ doxygen ntlm.dxy
+ doxygen hx509.dxy
+ doxygen hcrypto.dxy
+
+heimdal_TEXINFOS = \
+ ack.texi \
+ apps.texi \
+ heimdal.texi \
+ install.texi \
+ intro.texi \
+ kerberos4.texi \
+ migration.texi \
+ misc.texi \
+ programming.texi \
+ setup.texi \
+ vars.texi \
+ whatis.texi \
+ win2k.texi
+
+EXTRA_DIST = \
+ krb5.din \
+ ntlm.din \
+ hx509.din \
+ hcrypto.din \
+ heimdal.css \
+ init-creds \
+ latin1.tex \
+ layman.asc \
+ doxytmpl.dxy \
+ vars.tin
+
+CLEANFILES = \
+ krb5.dxy* \
+ ntlm.dxy* \
+ hx509.dxy* \
+ hcrypto.dxy* \
+ vars.texi*
+
Added: vendor-crypto/heimdal/dist/doc/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/doc/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/doc/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,982 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(heimdal_TEXINFOS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common mdate-sh
+subdir = doc
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+INFO_DEPS = $(srcdir)/heimdal.info $(srcdir)/hx509.info
+am__TEXINFO_TEX_DIR = $(srcdir)
+DVIS = heimdal.dvi hx509.dvi
+PDFS = heimdal.pdf hx509.pdf
+PSS = heimdal.ps hx509.ps
+HTMLS = heimdal.html hx509.html
+TEXINFOS = heimdal.texi hx509.texi
+TEXI2PDF = $(TEXI2DVI) --pdf --batch
+MAKEINFOHTML = $(MAKEINFO) --html
+AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS)
+DVIPS = dvips
+am__installdirs = "$(DESTDIR)$(infodir)"
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+AUTOMAKE_OPTIONS = no-texinfo.tex
+MAKEINFOFLAGS = --no-split --css-include=$(srcdir)/heimdal.css
+TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles
+info_TEXINFOS = heimdal.texi hx509.texi
+dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]objdir[@],.,g' \
+ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
+
+texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \
+ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g'
+
+heimdal_TEXINFOS = \
+ ack.texi \
+ apps.texi \
+ heimdal.texi \
+ install.texi \
+ intro.texi \
+ kerberos4.texi \
+ migration.texi \
+ misc.texi \
+ programming.texi \
+ setup.texi \
+ vars.texi \
+ whatis.texi \
+ win2k.texi
+
+EXTRA_DIST = \
+ krb5.din \
+ ntlm.din \
+ hx509.din \
+ hcrypto.din \
+ heimdal.css \
+ init-creds \
+ latin1.tex \
+ layman.asc \
+ doxytmpl.dxy \
+ vars.tin
+
+CLEANFILES = \
+ krb5.dxy* \
+ ntlm.dxy* \
+ hx509.dxy* \
+ hcrypto.dxy* \
+ vars.texi*
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .html .info .pdf .ps .texi
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps doc/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+.texi.info:
+ restore=: && backupdir="$(am__leading_dot)am$$$$" && \
+ am__cwd=`pwd` && cd $(srcdir) && \
+ rm -rf $$backupdir && mkdir $$backupdir && \
+ if ($(MAKEINFO) --version) >/dev/null 2>&1; then \
+ for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \
+ if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \
+ done; \
+ else :; fi && \
+ cd "$$am__cwd"; \
+ if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
+ -o $@ $<; \
+ then \
+ rc=0; \
+ cd $(srcdir); \
+ else \
+ rc=$$?; \
+ cd $(srcdir) && \
+ $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \
+ fi; \
+ rm -rf $$backupdir; exit $$rc
+
+.texi.dvi:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
+ $(TEXI2DVI) $<
+
+.texi.pdf:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \
+ $(TEXI2PDF) $<
+
+.texi.html:
+ rm -rf $(@:.html=.htp)
+ if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
+ -o $(@:.html=.htp) $<; \
+ then \
+ rm -rf $@; \
+ if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
+ mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \
+ else \
+ if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \
+ rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \
+ exit 1; \
+ fi
+$(srcdir)/heimdal.info: heimdal.texi $(heimdal_TEXINFOS)
+heimdal.dvi: heimdal.texi $(heimdal_TEXINFOS)
+heimdal.pdf: heimdal.texi $(heimdal_TEXINFOS)
+heimdal.html: heimdal.texi $(heimdal_TEXINFOS)
+$(srcdir)/hx509.info: hx509.texi
+hx509.dvi: hx509.texi
+hx509.pdf: hx509.texi
+hx509.html: hx509.texi
+.dvi.ps:
+ TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \
+ $(DVIPS) -o $@ $<
+
+uninstall-dvi-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(DVIS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \
+ rm -f "$(DESTDIR)$(dvidir)/$$f"; \
+ done
+
+uninstall-html-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(HTMLS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \
+ rm -rf "$(DESTDIR)$(htmldir)/$$f"; \
+ done
+
+uninstall-info-am:
+ @$(PRE_UNINSTALL)
+ @if test -d '$(DESTDIR)$(infodir)' && \
+ (install-info --version && \
+ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
+ list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \
+ install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \
+ done; \
+ else :; fi
+ @$(NORMAL_UNINSTALL)
+ @list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \
+ (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \
+ echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \
+ rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \
+ else :; fi); \
+ done
+
+uninstall-pdf-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(PDFS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(pdfdir)/$$f"; \
+ done
+
+uninstall-ps-am:
+ @$(NORMAL_UNINSTALL)
+ @list='$(PSS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(psdir)/$$f"; \
+ done
+
+dist-info: $(INFO_DEPS)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ list='$(INFO_DEPS)'; \
+ for base in $$list; do \
+ case $$base in \
+ $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \
+ esac; \
+ if test -f $$base; then d=.; else d=$(srcdir); fi; \
+ base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \
+ for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \
+ if test -f $$file; then \
+ relfile=`expr "$$file" : "$$d/\(.*\)"`; \
+ test -f $(distdir)/$$relfile || \
+ cp -p $$file $(distdir)/$$relfile; \
+ else :; fi; \
+ done; \
+ done
+
+mostlyclean-aminfo:
+ -rm -rf heimdal.aux heimdal.cp heimdal.cps heimdal.fn heimdal.fns heimdal.ky \
+ heimdal.kys heimdal.log heimdal.pg heimdal.tmp heimdal.toc \
+ heimdal.tp heimdal.tps heimdal.vr heimdal.vrs heimdal.dvi \
+ heimdal.pdf heimdal.ps heimdal.html hx509.aux hx509.cp \
+ hx509.cps hx509.fn hx509.fns hx509.ky hx509.kys hx509.log \
+ hx509.pg hx509.tmp hx509.toc hx509.tp hx509.tps hx509.vr \
+ hx509.vrs hx509.dvi hx509.pdf hx509.ps hx509.html
+
+maintainer-clean-aminfo:
+ @list='$(INFO_DEPS)'; for i in $$list; do \
+ i_i=`echo "$$i" | sed 's|\.info$$||;s|$$|.i|'`; \
+ echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \
+ rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \
+ done
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-info dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(INFO_DEPS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(infodir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am: $(DVIS)
+
+html: html-am
+
+html-am: $(HTMLS)
+
+info: info-am
+
+info-am: $(INFO_DEPS)
+
+install-data-am: install-info-am
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-dvi-am: $(DVIS)
+ @$(NORMAL_INSTALL)
+ test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)"
+ @list='$(DVIS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(dvidir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(dvidir)/$$f"; \
+ done
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-html-am: $(HTMLS)
+ @$(NORMAL_INSTALL)
+ test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)"
+ @list='$(HTMLS)'; for p in $$list; do \
+ if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ if test -d "$$d$$p"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \
+ echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f"; \
+ else \
+ echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(htmldir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(htmldir)/$$f"; \
+ fi; \
+ done
+install-info: install-info-am
+
+install-info-am: $(INFO_DEPS)
+ @$(NORMAL_INSTALL)
+ test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+ list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ case $$file in \
+ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+ esac; \
+ if test -f $$file; then d=.; else d=$(srcdir); fi; \
+ file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \
+ for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \
+ $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \
+ if test -f $$ifile; then \
+ relfile=`echo "$$ifile" | sed 's|^.*/||'`; \
+ echo " $(INSTALL_DATA) '$$ifile' '$(DESTDIR)$(infodir)/$$relfile'"; \
+ $(INSTALL_DATA) "$$ifile" "$(DESTDIR)$(infodir)/$$relfile"; \
+ else : ; fi; \
+ done; \
+ done
+ @$(POST_INSTALL)
+ @if (install-info --version && \
+ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \
+ list='$(INFO_DEPS)'; \
+ for file in $$list; do \
+ relfile=`echo "$$file" | sed 's|^.*/||'`; \
+ echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\
+ install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\
+ done; \
+ else : ; fi
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am: $(PDFS)
+ @$(NORMAL_INSTALL)
+ test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)"
+ @list='$(PDFS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(pdfdir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(pdfdir)/$$f"; \
+ done
+install-ps: install-ps-am
+
+install-ps-am: $(PSS)
+ @$(NORMAL_INSTALL)
+ test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)"
+ @list='$(PSS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(psdir)/$$f'"; \
+ $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(psdir)/$$f"; \
+ done
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-aminfo \
+ maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-aminfo mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am: $(PDFS)
+
+ps: ps-am
+
+ps-am: $(PSS)
+
+uninstall-am: uninstall-dvi-am uninstall-html-am uninstall-info-am \
+ uninstall-pdf-am uninstall-ps-am
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook dist-info distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-aminfo \
+ maintainer-clean-generic mostlyclean mostlyclean-aminfo \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-dvi-am uninstall-hook \
+ uninstall-html-am uninstall-info-am uninstall-pdf-am \
+ uninstall-ps-am
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+krb5.dxy: krb5.din Makefile
+ $(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp
+ chmod +x krb5.dxy.tmp
+ mv krb5.dxy.tmp krb5.dxy
+
+ntlm.dxy: ntlm.din Makefile
+ $(dxy_subst) < $(srcdir)/ntlm.din > ntlm.dxy.tmp
+ chmod +x ntlm.dxy.tmp
+ mv ntlm.dxy.tmp ntlm.dxy
+
+hx509.dxy: hx509.din Makefile
+ $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp
+ chmod +x hx509.dxy.tmp
+ mv hx509.dxy.tmp hx509.dxy
+
+hcrypto.dxy: hcrypto.din Makefile
+ $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp
+ chmod +x hcrypto.dxy.tmp
+ mv hcrypto.dxy.tmp hcrypto.dxy
+
+vars.texi: vars.tin Makefile
+ $(texi_subst) < $(srcdir)/vars.tin > vars.texi.tmp
+ chmod +x vars.texi.tmp
+ mv vars.texi.tmp vars.texi
+
+doxygen: krb5.dxy ntlm.dxy hx509.dxy hcrypto.dxy
+ doxygen krb5.dxy
+ doxygen ntlm.dxy
+ doxygen hx509.dxy
+ doxygen hcrypto.dxy
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/doc/ack.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/ack.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/ack.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+ at c $Id: ack.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Acknowledgments, , Migration, Top
+ at comment node-name, next, previous, up
+ at appendix Acknowledgments
+
+Eric Young wrote ``libdes''. Heimdal used to use libdes, without it
+kth-krb would never have existed. Since there are no longer any Eric
+Young code left in the library, we renamed it to libhcrypto.
+
+All functions in libhcrypto have been re-implemented or used available
+public domain code. The core AES function where written by Vincent
+Rijmen, Antoon Bosselaers and Paulo Barreto. The core DES SBOX
+transformation was written by Richard Outerbridge. @code{imath} that
+is used for public key crypto support is written by Michael
+J. Fromberger.
+
+The University of California at Berkeley initially wrote @code{telnet},
+and @code{telnetd}. The authentication and encryption code of
+ at code{telnet} and @code{telnetd} was added by David Borman (then of Cray
+Research, Inc). The encryption code was removed when this was exported
+and then added back by Juha Eskelinen.
+
+The @code{popper} was also a Berkeley program initially.
+
+Some of the functions in @file{libroken} also come from Berkeley by way
+of NetBSD/FreeBSD.
+
+ at code{editline} was written by Simmule Turner and Rich Salz. Heimdal
+contains a modifed copy.
+
+The @code{getifaddrs} implementation for Linux was written by Hideaki
+YOSHIFUJI for the Usagi project.
+
+The @code{pkcs11.h} headerfile was written by the Scute project.
+
+Bugfixes, documentation, encouragement, and code has been contributed by:
+ at table @asis
+ at item Alexander Bostr\xF6m
+ at item Andreaw Bartlett
+ at item Bj\xF6rn Sandell
+ at item Brandon S. Allbery KF8NH
+ at item Brian A May
+ at item Chaskiel M Grundman
+ at item Cizzi Storm
+ at item Daniel Kouril
+ at item David Love
+ at item Derrick J Brashear
+ at item Douglas E Engert
+ at item Frank van der Linden
+ at item Jason McIntyre
+ at item Johan Ihr\xE9n
+ at item Jun-ichiro itojun Hagino
+ at item Ken Hornstein
+ at item Magnus Ahltorp
+ at item Marc Horowitz
+ at item Mario Strasser
+ at item Mark Eichin
+ at item Mattias Amnefelt
+ at item Michael B Allen
+ at item Michael Fromberger
+ at item Michal Vocu
+ at item Miroslav Ruda
+ at item Petr Holub
+ at item Phil Fisher
+ at item Rafal Malinowski
+ at item Richard Nyberg
+ at item \xC5ke Sandgren
+ at item and we hope that those not mentioned here will forgive us.
+ at end table
+
+All bugs were introduced by ourselves.
Added: vendor-crypto/heimdal/dist/doc/apps.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/apps.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/apps.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,244 @@
+ at c $Id: apps.texi,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Applications, Things in search for a better place, Setting up a realm, Top
+
+ at chapter Applications
+
+ at menu
+* Authentication modules::
+* AFS::
+ at end menu
+
+ at node Authentication modules, AFS, Applications, Applications
+ at section Authentication modules
+
+The problem of having different authentication mechanisms has been
+recognised by several vendors, and several solutions have appeared. In
+most cases these solutions involve some kind of shared modules that are
+loaded at run-time. Modules for some of these systems can be found in
+ at file{lib/auth}. Presently there are modules for Digital's SIA,
+and IRIX' @code{login} and @code{xdm} (in
+ at file{lib/auth/afskauthlib}).
+
+ at menu
+* Digital SIA::
+* IRIX::
+ at end menu
+
+ at node Digital SIA, IRIX, Authentication modules, Authentication modules
+ at subsection Digital SIA
+
+How to install the SIA module depends on which OS version you're
+running. Tru64 5.0 has a new command, @file{siacfg}, which makes this
+process quite simple. If you have this program, you should just be able
+to run:
+ at example
+siacfg -a KRB5 /usr/athena/lib/libsia_krb5.so
+ at end example
+
+On older versions, or if you want to do it by hand, you have to do the
+following (not tested by us on Tru64 5.0):
+
+ at itemize @bullet
+
+ at item
+Make sure @file{libsia_krb5.so} is available in
+ at file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you
+might want to put it in @file{/usr/shlib} or someplace else. If you do,
+you'll have to edit @file{krb5_matrix.conf} to reflect the new location
+(you will also have to do this if you installed in some other directory
+than @file{/usr/athena}). If you built with shared libraries, you will
+have to copy the shared @file{libkrb.so}, @file{libdes.so},
+ at file{libkadm.so}, and @file{libkafs.so} to a place where the loader can
+find them (such as @file{/usr/shlib}).
+ at item
+Copy (your possibly edited) @file{krb5_matrix.conf} to @file{/etc/sia}.
+ at item
+Apply @file{security.patch} to @file{/sbin/init.d/security}.
+ at item
+Turn on KRB5 security by issuing @kbd{rcmgr set SECURITY KRB5} and
+ at kbd{rcmgr set KRB5_MATRIX_CONF krb5_matrix.conf}.
+ at item
+Digital thinks you should reboot your machine, but that really shouldn't
+be necessary. It's usually sufficient just to run
+ at kbd{/sbin/init.d/security start} (and restart any applications that use
+SIA, like @code{xdm}.)
+ at end itemize
+
+Users with local passwords (like @samp{root}) should be able to login
+safely.
+
+When using Digital's xdm the @samp{KRB5CCNAME} environment variable isn't
+passed along as it should (since xdm zaps the environment). Instead you
+have to set @samp{KRB5CCNAME} to the correct value in
+ at file{/usr/lib/X11/xdm/Xsession}. Add a line similar to
+ at example
+KRB5CCNAME=FILE:/tmp/krb5cc`id -u`_`ps -o ppid= -p $$`; export KRB5CCNAME
+ at end example
+If you use CDE, @code{dtlogin} allows you to specify which additional
+environment variables it should export. To add @samp{KRB5CCNAME} to this
+list, edit @file{/usr/dt/config/Xconfig}, and look for the definition of
+ at samp{exportList}. You want to add something like:
+ at example
+Dtlogin.exportList: KRB5CCNAME
+ at end example
+
+ at subsubheading Notes to users with Enhanced security
+
+Digital's @samp{ENHANCED} (C2) security, and Kerberos solve two
+different problems. C2 deals with local security, adds better control of
+who can do what, auditing, and similar things. Kerberos deals with
+network security.
+
+To make C2 security work with Kerberos you will have to do the
+following.
+
+ at itemize @bullet
+ at item
+Replace all occurrences of @file{krb5_matrix.conf} with
+ at file{krb5+c2_matrix.conf} in the directions above.
+ at item
+You must enable ``vouching'' in the @samp{default} database. This will
+make the OSFC2 module trust other SIA modules, so you can login without
+giving your C2 password. To do this use @samp{edauth} to edit the
+default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a
+ at samp{d_accept_alternate_vouching} capability, if not already present.
+ at item
+For each user who does @emph{not} have a local C2 password, you should
+set the password expiration field to zero. You can do this for each
+user, or in the @samp{default} table. To do this use @samp{edauth} to
+set (or change) the @samp{u_exp} capability to @samp{u_exp#0}.
+ at item
+You also need to be aware that the shipped @file{login}, @file{rcp}, and
+ at file{rshd}, don't do any particular C2 magic (such as checking for
+various forms of disabled accounts), so if you rely on those features,
+you shouldn't use those programs. If you configure with
+ at samp{--enable-osfc2}, these programs will, however, set the login
+UID. Still: use at your own risk.
+ at end itemize
+
+At present @samp{su} does not accept the vouching flag, so it will not
+work as expected.
+
+Also, kerberised ftp will not work with C2 passwords. You can solve this
+by using both Digital's ftpd and our on different ports.
+
+ at strong{Remember}, if you do these changes you will get a system that
+most certainly does @emph{not} fulfil the requirements of a C2
+system. If C2 is what you want, for instance if someone else is forcing
+you to use it, you're out of luck. If you use enhanced security because
+you want a system that is more secure than it would otherwise be, you
+probably got an even more secure system. Passwords will not be sent in
+the clear, for instance.
+
+ at node IRIX, , Digital SIA, Authentication modules
+ at subsection IRIX
+
+The IRIX support is a module that is compatible with Transarc's
+ at file{afskauthlib.so}. It should work with all programs that use this
+library. This should include @command{login} and @command{xdm}.
+
+The interface is not very documented but it seems that you have to copy
+ at file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to
+ at file{/usr/lib}, or build your @file{afskauthlib.so} statically.
+
+The @file{afskauthlib.so} itself is able to reside in
+ at file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory
+(wherever that is).
+
+IRIX 6.4 and newer seem to have all programs (including @command{xdm} and
+ at command{login}) in the N32 object format, whereas in older versions they
+were O32. For it to work, the @file{afskauthlib.so} library has to be in
+the same object format as the program that tries to load it. This might
+require that you have to configure and build for O32 in addition to the
+default N32.
+
+Apart from this it should ``just work''; there are no configuration
+files.
+
+Note that recent Irix 6.5 versions (at least 6.5.22) have PAM,
+including a @file{pam_krb5.so} module. Not all relevant programs use
+PAM, though, e.g.@: @command{ssh}. In particular, for console
+graphical login you need to turn off @samp{visuallogin} and turn on
+ at samp{xdm} with @command{chkconfig}.
+
+ at node AFS, , Authentication modules, Applications
+ at section AFS
+
+ at cindex AFS
+AFS is a distributed filesystem that uses Kerberos for authentication.
+
+ at cindex OpenAFS
+ at cindex Arla
+For more information about AFS see OpenAFS
+ at url{http://www.openafs.org/} and Arla
+ at url{http://www.stacken.kth.se/projekt/arla/}.
+
+ at subsection How to get a KeyFile
+
+ at file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM}
+
+or you can extract it with kadmin
+
+ at example
+kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@@My.CELL.NAME
+ at end example
+
+You have to make sure you have a @code{des-cbc-md5} encryption type since that
+is the enctype that will be converted.
+
+ at subsection How to convert a srvtab to a KeyFile
+
+You need a @file{/usr/vice/etc/ThisCell} containing the cellname of your
+AFS-cell.
+
+ at file{ktutil copy krb4:/root/afs-srvtab AFSKEYFILE:/usr/afs/etc/KeyFile}.
+
+If keyfile already exists, this will add the new key in afs-srvtab to
+KeyFile.
+
+ at section Using 2b tokens with AFS
+
+ at subsection What is 2b ?
+
+2b is the name of the proposal that was implemented to give basic
+Kerberos 5 support to AFS in rxkad. It's not real Kerberos 5 support
+since it still uses fcrypt for data encryption and not Kerberos
+encryption types.
+
+Its only possible (in all cases) to do this for DES encryption types
+because only then the token (the AFS equivalent of a ticket) will be
+smaller than the maximum size that can fit in the token cache in the
+OpenAFS/Transarc client. It is a so tight fit that some extra wrapping
+on the ASN1/DER encoding is removed from the Kerberos ticket.
+
+2b uses a Kerberos 5 EncTicketPart instead of a Kerberos 4 ditto for
+the part of the ticket that is encrypted with the service's key. The
+client doesn't know what's inside the encrypted data so to the client
+it doesn't matter.
+
+To differentiate between Kerberos 4 tickets and Kerberos 5 tickets, 2b
+uses a special kvno, 213 for 2b tokens and 255 for Kerberos 5 tokens.
+
+Its a requirement that all AFS servers that support 2b also support
+native Kerberos 5 in rxkad.
+
+ at subsection Configuring a Heimdal kdc to use 2b tokens
+
+Support for 2b tokens in the kdc are turned on for specific principals
+by adding them to the string list option @code{[kdc]use_2b} in the
+kdc's @file{krb5.conf} file.
+
+ at example
+[kdc]
+ use_2b = @{
+ afs@@SU.SE = yes
+ afs/it.su.se@@SU.SE = yes
+ @}
+ at end example
+
+ at subsection Configuring AFS clients for 2b support
+
+There is no need to configure AFS clients for 2b support. The only
+software that needs to be installed/upgrade is a Kerberos 5 enabled
+ at file{afslog}.
Added: vendor-crypto/heimdal/dist/doc/doxytmpl.dxy
===================================================================
--- vendor-crypto/heimdal/dist/doc/doxytmpl.dxy (rev 0)
+++ vendor-crypto/heimdal/dist/doc/doxytmpl.dxy 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,257 @@
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+DOXYFILE_ENCODING = UTF-8
+CREATE_SUBDIRS = NO
+OUTPUT_LANGUAGE = English
+BRIEF_MEMBER_DESC = YES
+REPEAT_BRIEF = YES
+ABBREVIATE_BRIEF = "The $name class " \
+ "The $name widget " \
+ "The $name file " \
+ is \
+ provides \
+ specifies \
+ contains \
+ represents \
+ a \
+ an \
+ the
+ALWAYS_DETAILED_SEC = NO
+INLINE_INHERITED_MEMB = NO
+FULL_PATH_NAMES = YES
+STRIP_FROM_PATH = /Applications/
+STRIP_FROM_INC_PATH =
+SHORT_NAMES = NO
+JAVADOC_AUTOBRIEF = NO
+QT_AUTOBRIEF = NO
+MULTILINE_CPP_IS_BRIEF = NO
+DETAILS_AT_TOP = NO
+INHERIT_DOCS = YES
+SEPARATE_MEMBER_PAGES = NO
+TAB_SIZE = 8
+ALIASES =
+OPTIMIZE_OUTPUT_FOR_C = YES
+OPTIMIZE_OUTPUT_JAVA = NO
+BUILTIN_STL_SUPPORT = NO
+CPP_CLI_SUPPORT = NO
+DISTRIBUTE_GROUP_DOC = NO
+SUBGROUPING = YES
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+EXTRACT_ALL = NO
+EXTRACT_PRIVATE = NO
+EXTRACT_STATIC = NO
+EXTRACT_LOCAL_CLASSES = YES
+EXTRACT_LOCAL_METHODS = NO
+EXTRACT_ANON_NSPACES = NO
+HIDE_UNDOC_MEMBERS = YES
+HIDE_UNDOC_CLASSES = YES
+HIDE_FRIEND_COMPOUNDS = NO
+HIDE_IN_BODY_DOCS = NO
+INTERNAL_DOCS = NO
+CASE_SENSE_NAMES = NO
+HIDE_SCOPE_NAMES = NO
+SHOW_INCLUDE_FILES = YES
+INLINE_INFO = YES
+SORT_MEMBER_DOCS = YES
+SORT_BRIEF_DOCS = NO
+SORT_BY_SCOPE_NAME = NO
+GENERATE_TODOLIST = YES
+GENERATE_TESTLIST = YES
+GENERATE_BUGLIST = YES
+GENERATE_DEPRECATEDLIST= YES
+ENABLED_SECTIONS =
+MAX_INITIALIZER_LINES = 30
+SHOW_USED_FILES = YES
+SHOW_DIRECTORIES = NO
+FILE_VERSION_FILTER =
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+QUIET = YES
+WARNINGS = YES
+WARN_IF_DOC_ERROR = YES
+WARN_NO_PARAMDOC = YES
+WARN_FORMAT = "$file:$line: $text "
+WARN_LOGFILE =
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+INPUT_ENCODING = UTF-8
+FILE_PATTERNS = *.c \
+ *.cc \
+ *.cxx \
+ *.cpp \
+ *.c++ \
+ *.d \
+ *.java \
+ *.ii \
+ *.ixx \
+ *.ipp \
+ *.i++ \
+ *.inl \
+ *.h \
+ *.hh \
+ *.hxx \
+ *.hpp \
+ *.h++ \
+ *.idl \
+ *.odl \
+ *.cs \
+ *.php \
+ *.php3 \
+ *.inc \
+ *.m \
+ *.mm \
+ *.dox \
+ *.py
+RECURSIVE = YES
+EXCLUDE =
+EXCLUDE_SYMLINKS = NO
+EXCLUDE_PATTERNS = */.svn
+EXCLUDE_SYMBOLS =
+EXAMPLE_PATH =
+EXAMPLE_PATTERNS = *
+EXAMPLE_RECURSIVE = NO
+IMAGE_PATH =
+INPUT_FILTER =
+FILTER_PATTERNS =
+FILTER_SOURCE_FILES = NO
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+SOURCE_BROWSER = NO
+INLINE_SOURCES = NO
+STRIP_CODE_COMMENTS = YES
+REFERENCED_BY_RELATION = NO
+REFERENCES_RELATION = NO
+REFERENCES_LINK_SOURCE = YES
+USE_HTAGS = NO
+VERBATIM_HEADERS = NO
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+ALPHABETICAL_INDEX = NO
+COLS_IN_ALPHA_INDEX = 5
+IGNORE_PREFIX =
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+GENERATE_HTML = YES
+HTML_OUTPUT = html
+HTML_FILE_EXTENSION = .html
+HTML_STYLESHEET =
+HTML_ALIGN_MEMBERS = YES
+GENERATE_HTMLHELP = NO
+HTML_DYNAMIC_SECTIONS = NO
+CHM_FILE =
+HHC_LOCATION =
+GENERATE_CHI = NO
+BINARY_TOC = NO
+TOC_EXPAND = NO
+DISABLE_INDEX = NO
+ENUM_VALUES_PER_LINE = 4
+GENERATE_TREEVIEW = NO
+TREEVIEW_WIDTH = 250
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+GENERATE_LATEX = NO
+LATEX_OUTPUT = latex
+LATEX_CMD_NAME = latex
+MAKEINDEX_CMD_NAME = makeindex
+COMPACT_LATEX = NO
+PAPER_TYPE = a4wide
+EXTRA_PACKAGES =
+LATEX_HEADER =
+PDF_HYPERLINKS = NO
+USE_PDFLATEX = NO
+LATEX_BATCHMODE = NO
+LATEX_HIDE_INDICES = NO
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+GENERATE_RTF = NO
+RTF_OUTPUT = rtf
+COMPACT_RTF = NO
+RTF_HYPERLINKS = NO
+RTF_STYLESHEET_FILE =
+RTF_EXTENSIONS_FILE =
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+GENERATE_MAN = YES
+MAN_OUTPUT = man
+MAN_EXTENSION = .3
+MAN_LINKS = YES
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+GENERATE_XML = NO
+XML_OUTPUT = xml
+XML_SCHEMA =
+XML_DTD =
+XML_PROGRAMLISTING = YES
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+GENERATE_AUTOGEN_DEF = NO
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+GENERATE_PERLMOD = NO
+PERLMOD_LATEX = NO
+PERLMOD_PRETTY = YES
+PERLMOD_MAKEVAR_PREFIX =
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+ENABLE_PREPROCESSING = YES
+MACRO_EXPANSION = NO
+EXPAND_ONLY_PREDEF = NO
+SEARCH_INCLUDES = YES
+INCLUDE_PATH =
+INCLUDE_FILE_PATTERNS =
+PREDEFINED =
+EXPAND_AS_DEFINED =
+SKIP_FUNCTION_MACROS = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+TAGFILES =
+GENERATE_TAGFILE =
+ALLEXTERNALS = NO
+EXTERNAL_GROUPS = YES
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+CLASS_DIAGRAMS = NO
+MSCGEN_PATH = /Applications/Doxygen.app/Contents/Resources/
+HIDE_UNDOC_RELATIONS = YES
+HAVE_DOT = YES
+CLASS_GRAPH = YES
+COLLABORATION_GRAPH = YES
+GROUP_GRAPHS = YES
+UML_LOOK = NO
+TEMPLATE_RELATIONS = NO
+INCLUDE_GRAPH = YES
+INCLUDED_BY_GRAPH = YES
+CALL_GRAPH = NO
+CALLER_GRAPH = NO
+GRAPHICAL_HIERARCHY = YES
+DIRECTORY_GRAPH = YES
+DOT_IMAGE_FORMAT = png
+DOT_PATH = /Applications/Doxygen.app/Contents/Resources/
+DOTFILE_DIRS =
+DOT_GRAPH_MAX_NODES = 50
+MAX_DOT_GRAPH_DEPTH = 1000
+DOT_TRANSPARENT = NO
+DOT_MULTI_TARGETS = NO
+GENERATE_LEGEND = YES
+DOT_CLEANUP = YES
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+SEARCHENGINE = NO
Added: vendor-crypto/heimdal/dist/doc/hcrypto.din
===================================================================
--- vendor-crypto/heimdal/dist/doc/hcrypto.din (rev 0)
+++ vendor-crypto/heimdal/dist/doc/hcrypto.din 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+# Doxyfile 1.5.3
+
+PROJECT_NAME = "Heimdal crypto library"
+PROJECT_NUMBER = @PACKAGE_VERSION@
+OUTPUT_DIRECTORY = @objdir@/hcrypto
+INPUT = @srcdir@/../lib/hcrypto
+
+WARN_IF_UNDOCUMENTED = YES
+
+PERL_PATH = /usr/bin/perl
+
+HTML_HEADER = "@srcdir@/header.html"
+HTML_FOOTER = "@srcdir@/footer.html"
+
+ at INCLUDE = "@srcdir@/doxytmpl.dxy"
Added: vendor-crypto/heimdal/dist/doc/heimdal.css
===================================================================
--- vendor-crypto/heimdal/dist/doc/heimdal.css (rev 0)
+++ vendor-crypto/heimdal/dist/doc/heimdal.css 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+body {
+ color: black;
+ background-color: #fdfdfd;
+ font-family: serif;
+ max-width: 40em;
+}
+h1, h2, h3 {
+ font-family: sans-serif;
+ font-weight: bold;
+}
+h1 {
+ padding: 0.5em 0 0.5em 5%;
+ color: white;
+ background: #3366cc;
+ border-bottom: solid 1px black;
+}
+h1 {
+ font-size: 200%;
+}
+h2 {
+ font-size: 150%;
+}
+h3 {
+ font-size: 120%;
+}
+h4 {
+ font-weight: bold;
+}
+pre.example {
+ margin-left: 2em;
+ padding: 1em 0em;
+ border: 2px dashed #c0c0c0;
+ background: #f0f0f0;
+}
+a:link {
+ color: blue;
+ text-decoration: none;
+}
+a:visited {
+ color: red;
+ text-decoration: none
+}
+a:hover {
+ text-decoration: underline
+}
+span.literal {
+ font-family: monospace;
+}
+hr {
+ border-style: none;
+ background-color: black;
+ height: 1px;
+}
Added: vendor-crypto/heimdal/dist/doc/heimdal.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/heimdal.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/heimdal.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,370 @@
+\input texinfo @c -*- texinfo -*-
+ at c %**start of header
+ at c $Id: heimdal.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+ at setfilename heimdal.info
+ at settitle HEIMDAL
+ at iftex
+ at afourpaper
+ at end iftex
+ at c some sensible characters, please?
+ at tex
+\input latin1.tex
+ at end tex
+ at setchapternewpage on
+ at syncodeindex pg cp
+ at c %**end of header
+
+ at include vars.texi
+
+ at set UPDATED $Date: 2012-07-21 15:09:06 $
+ at set VERSION @value{PACKAGE_VERSION}
+ at set EDITION 1.0
+
+ at ifinfo
+ at dircategory Security
+ at direntry
+* Heimdal: (heimdal). The Kerberos 5 distribution from KTH
+ at end direntry
+ at end ifinfo
+
+ at c title page
+ at titlepage
+ at title Heimdal
+ at subtitle Kerberos 5 from KTH
+ at subtitle Edition @value{EDITION}, for version @value{VERSION}
+ at subtitle 2007
+ at author Johan Danielsson
+ at author Love H\xF6rnquist \xC5strand
+ at author Assar Westerlund
+ at author last updated @value{UPDATED}
+
+ at def@copynext{@vskip 20pt plus 1fil at penalty-1000}
+ at def@copyrightstart{}
+ at def@copyrightend{}
+ at page
+ at copyrightstart
+Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ at copynext
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America may
+require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ at copynext
+
+Copyright (c) 1988, 1990, 1993
+ The Regents of the University of California. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ at copynext
+
+Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or of the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+ software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+ explicit claim or by omission. Since few users ever read sources,
+ credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+ misrepresented as being the original software. Since few users
+ ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
+ at copynext
+
+IMath is Copyright 2002-2005 Michael J. Fromberger
+You may use it subject to the following Licensing Terms:
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+ at copynext
+
+Copyright (c) 2005 Doug Rabson
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ at copynext
+
+Copyright (c) 2005 Marko Kreen
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ at copynext
+
+Copyright (c) 2006,2007
+NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer as
+ the first lines of this file unmodified.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ at copyrightend
+ at end titlepage
+
+ at macro manpage{man, section}
+ at cite{\man\(\section\)}
+ at end macro
+
+ at c Less filling! Tastes great!
+ at iftex
+ at parindent=0pt
+ at global@parskip 6pt plus 1pt
+ at global@chapheadingskip = 15pt plus 4pt minus 2pt
+ at global@secheadingskip = 12pt plus 3pt minus 2pt
+ at global@subsecheadingskip = 9pt plus 2pt minus 2pt
+ at end iftex
+ at ifinfo
+ at paragraphindent 0
+ at end ifinfo
+
+ at ifnottex
+ at node Top, Introduction, (dir), (dir)
+ at top Heimdal
+ at end ifnottex
+
+This manual is last updated @value{UPDATED} for version
+ at value{VERSION} of Heimdal.
+
+ at menu
+* Introduction::
+* What is Kerberos?::
+* Building and Installing::
+* Setting up a realm::
+* Applications::
+* Things in search for a better place::
+* Kerberos 4 issues::
+* Windows 2000 compatability::
+* Programming with Kerberos::
+* Migration::
+* Acknowledgments::
+
+ at detailmenu
+ --- The Detailed Node Listing ---
+
+Setting up a realm
+
+* Configuration file::
+* Creating the database::
+* Modifying the database::
+* keytabs::
+* Serving Kerberos 4/524/kaserver::
+* Remote administration::
+* Password changing::
+* Testing clients and servers::
+* Slave Servers::
+* Incremental propagation::
+* Encryption types and salting::
+* Cross realm::
+* Transit policy::
+* Setting up DNS::
+* Using LDAP to store the database::
+* Providing Kerberos credentials to servers and programs::
+* Setting up PK-INIT::
+
+Applications
+
+* Authentication modules::
+* AFS::
+
+Authentication modules
+
+* Digital SIA::
+* IRIX::
+
+Kerberos 4 issues
+
+* Principal conversion issues::
+* Converting a version 4 database::
+* kaserver::
+
+Windows 2000 compatability
+
+* Configuring Windows 2000 to use a Heimdal KDC::
+* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC::
+* Create account mappings::
+* Encryption types::
+* Authorisation data::
+* Quirks of Windows 2000 KDC::
+* Useful links when reading about the Windows 2000::
+
+Programming with Kerberos
+
+* Kerberos 5 API Overview::
+* Walkthrough of a sample Kerberos 5 client::
+* Validating a password in a server application::
+* API differences to MIT Kerberos::
+* File formats::
+
+ at end detailmenu
+ at end menu
+
+ at include intro.texi
+ at include whatis.texi
+ at include install.texi
+ at include setup.texi
+ at include apps.texi
+ at include misc.texi
+ at include kerberos4.texi
+ at include win2k.texi
+ at include programming.texi
+ at include migration.texi
+ at include ack.texi
+
+ at c @shortcontents
+ at contents
+
+ at bye
Added: vendor-crypto/heimdal/dist/doc/hx509.din
===================================================================
--- vendor-crypto/heimdal/dist/doc/hx509.din (rev 0)
+++ vendor-crypto/heimdal/dist/doc/hx509.din 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+# Doxyfile 1.5.3
+
+PROJECT_NAME = Heimdal x509 library
+PROJECT_NUMBER = @PACKAGE_VERSION@
+OUTPUT_DIRECTORY = @objdir@/hx509
+INPUT = @srcdir@/../lib/hx509
+
+WARN_IF_UNDOCUMENTED = YES
+
+PERL_PATH = /usr/bin/perl
+
+HTML_HEADER = "@srcdir@/header.html"
+HTML_FOOTER = "@srcdir@/footer.html"
+
+ at INCLUDE = "@srcdir@/doxytmpl.dxy"
Added: vendor-crypto/heimdal/dist/doc/hx509.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/hx509.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/hx509.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,633 @@
+\input texinfo @c -*- texinfo -*-
+ at c %**start of header
+ at c $Id: hx509.texi,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+ at setfilename hx509.info
+ at settitle HX509
+ at iftex
+ at afourpaper
+ at end iftex
+ at c some sensible characters, please?
+ at tex
+\input latin1.tex
+ at end tex
+ at setchapternewpage on
+ at syncodeindex pg cp
+ at c %**end of header
+
+ at set UPDATED $Date: 2012-07-21 15:09:06 $
+ at set VERSION 1.0
+ at set EDITION 1.0
+
+ at ifinfo
+ at dircategory Security
+ at direntry
+* hx509: (hx509). The X.509 distribution from KTH
+ at end direntry
+ at end ifinfo
+
+ at c title page
+ at titlepage
+ at title HX509
+ at subtitle X.509 distribution from KTH
+ at subtitle Edition @value{EDITION}, for version @value{VERSION}
+ at subtitle 2007
+ at author Love H\xF6rnquist \xC5strand
+ at author last updated @value{UPDATED}
+
+ at def@copynext{@vskip 20pt plus 1fil at penalty-1000}
+ at def@copyrightstart{}
+ at def@copyrightend{}
+ at page
+ at copyrightstart
+Copyright (c) 1994-2007 Kungliga Tekniska H\xF6gskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ at copynext
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America may
+require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+ at copynext
+
+Copyright (c) 1988, 1990, 1993
+ The Regents of the University of California. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ at copynext
+
+Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or of the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+ software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+ explicit claim or by omission. Since few users ever read sources,
+ credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+ misrepresented as being the original software. Since few users
+ ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
+ at copynext
+
+IMath is Copyright 2002-2005 Michael J. Fromberger
+You may use it subject to the following Licensing Terms:
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+ at copyrightend
+ at end titlepage
+
+ at macro manpage{man, section}
+ at cite{\man\(\section\)}
+ at end macro
+
+ at c Less filling! Tastes great!
+ at iftex
+ at parindent=0pt
+ at global@parskip 6pt plus 1pt
+ at global@chapheadingskip = 15pt plus 4pt minus 2pt
+ at global@secheadingskip = 12pt plus 3pt minus 2pt
+ at global@subsecheadingskip = 9pt plus 2pt minus 2pt
+ at end iftex
+ at ifinfo
+ at paragraphindent 0
+ at end ifinfo
+
+ at ifnottex
+ at node Top, Introduction, (dir), (dir)
+ at top Heimdal
+ at end ifnottex
+
+This manual is last updated @value{UPDATED} for version
+ at value{VERSION} of hx509.
+
+ at menu
+* Introduction::
+* What is X.509 ?::
+* Setting up a CA::
+* CMS signing and encryption::
+
+ at detailmenu
+ --- The Detailed Node Listing ---
+
+Setting up a CA
+
+ at c * Issuing certificates::
+* Creating a CA certificate::
+* Issuing certificates::
+* Issuing CRLs::
+ at c * Issuing a proxy certificate::
+ at c * Creating a user certificate::
+ at c * Validating a certificate::
+ at c * Validating a certificate path::
+* Application requirements::
+
+CMS signing and encryption
+
+* CMS background::
+
+ at end detailmenu
+ at end menu
+
+ at node Introduction, What is X.509 ?, Top, Top
+ at chapter Introduction
+
+hx509 is a somewhat complete X.509 stack that can handle CMS messages
+(crypto system used in S/MIME and Kerberos PK-INIT) and basic
+certificate processing tasks, path construction, path validation, OCSP
+and CRL validation, PKCS10 message construction, CMS Encrypted (shared
+secret encrypted), CMS SignedData (certificate signed), and CMS
+EnvelopedData (certificate encrypted).
+
+hx509 can use PKCS11 tokens, PKCS12 files, PEM files, DER encoded files.
+
+ at node What is X.509 ?, Setting up a CA, Introduction, Top
+ at chapter What is X.509, PKIX, PKCS7 and CMS ?
+
+X.509 is from the beginning created by CCITT (later ITU) for the X.500
+directory service. But today when people are talking about X.509 they
+are commonly referring to IETF's PKIX Certificate and CRL Profile of the
+X.509 v3 certificate standard, as specified in RFC 3280.
+
+ITU continues to develop the X.509 standard together in a complicated
+dance with IETF.
+
+X.509 is public key based security system that have associated data
+stored within a so called certificate. From the beginning X.509 was a
+strict hierarchical system with one root. This didn't not work so over
+time X.509 got support for multiple policy roots, bridges, and mesh
+solutions. You can even use it as a peer to peer system, but this is not
+very common.
+
+ at section Type of certificates
+
+There are several flavors of certificate in X.509.
+
+ at itemize @bullet
+
+ at item Trust anchors
+
+Trust anchors are strictly not certificate, but commonly stored in
+certificate since they are easier to handle then. Trust anchor are the
+keys that you trust to validate other certificate. This is done by
+building a path from the certificate you wan to validate to to any of
+the trust anchors you have.
+
+ at item End Entity (EE) certificates
+
+End entity certificates is the most common type of certificate. End
+entity certificates can't issue certificate them-self and is used to
+authenticate and authorize user and services.
+
+ at item Certification Authority (CA) certificates
+
+Certificate authority are certificates that have the right to issue
+other certificate, they may be End entity certificates or Certificate
+Authority certificates. There is no limit to how many certificates a CA
+may issue, but there might other restrictions, like the maximum path
+depth.
+
+ at item Proxy certificates
+
+Remember that End Entity can't issue certificates by them own, it's not
+really true. There there is an extension called proxy certificates,
+defined in RFC3820, that allows certificates to be issued by end entity
+certificates. The service that receives the proxy certificates must have
+explicitly turned on support for proxy certificates, so their use is
+somewhat limited.
+
+Proxy certificates can be limited by policy stored in the certificate to
+what they can be used for. This allows users to delegate the proxy
+certificate to services (by sending over the certificate and private
+key) so the service can access services on behalf of the user.
+
+One example of this would be a print service. The user wants to print a
+large job in the middle of the night when the printer isn't used that
+much, so the user creates a proxy certificate with the policy that it
+can only be used to access files related to this print job, creates the
+print job description and send both the description and proxy
+certificate with key over to print service. Later at night will the
+print service, without the help of the user, access the files for the
+the print job using the proxy certificate and print the job. Because of
+the policy (limitation) in the proxy certificate, it can't be used for
+any other purposes.
+
+ at end itemize
+
+ at section Building a path
+
+Before validating a path the path must be constructed. Given a
+certificate (EE, CA, Proxy, or any other type), the path construction
+algorithm will try to find a path to one of the trust anchors.
+
+It start with looking at whom issued the certificate, by name or Key
+Identifier, and tries to find that certificate while at the same time
+evaluates the policy.
+
+ at node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top
+ at chapter Setting up a CA
+
+Do not let this chapter scare you off, it's just to give you an idea how
+to complicated setting up a CA can be. If you are just playing around,
+skip all this and go to the next chapter, @pxref{Creating a CA
+certificate}.
+
+Creating a CA certificate should be more the just creating a
+certificate, there is the policy of the CA. If it's just you and your
+friend that is playing around then it probably doesn't matter what the
+policy is. But then it comes to trust in an organisation, it will
+probably matter more whom your users and sysadmins will find it
+acceptable to trust.
+
+At the same time, try to keep thing simple, it's not very hard to run a
+Certificate authority and the process to get new certificates should
+simple.
+
+Fill all this in later.
+
+How do you trust your CA.
+
+What is the CA responsibility.
+
+Review of CA activity.
+
+How much process should it be to issue certificate.
+
+Who is allowed to issue certificates.
+
+Who is allowed to requests certificates.
+
+How to handle certificate revocation, issuing CRLs and maintain OCSP
+services.
+
+ at node Creating a CA certificate, Issuing certificates, Setting up a CA, Top
+ at section Creating a CA certificate
+
+This section describes how to create a CA certificate and what to think
+about.
+
+ at subsection Lifetime CA certificate
+
+You probably want to create a CA certificate with a long lifetime, 10
+years at the shortest. This because you don't want to push out the
+certificate (as a trust anchor) to all you users once again when the old
+one just expired. A trust anchor can't really expire, but not all
+software works that way.
+
+Keep in mind the security requirements might be different 10-20 years
+into the future. For example, SHA1 is going to be withdrawn in 2010, so
+make sure you have enough buffering in your choice of digest/hash
+algorithms, signature algorithms and key lengths.
+
+ at subsection Create a CA certificate
+
+This command below will create a CA certificate in the file ca.pem.
+
+ at example
+hxtool issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --generate-key=rsa \
+ --subject="CN=CertificateAuthority,DC=test,DC=h5l,DC=se" \
+ --lifetime=10years \
+ --certificate="FILE:ca.pem"
+ at end example
+
+ at subsection Extending lifetime of a CA certificate
+
+You just realised that your CA certificate is going to expire soon and
+that you need replace it with something else, the easiest way to do that
+is to extend the lifetime of your CA certificate.
+
+The example below will extend the CA certificate 10 years into the
+future. You should compare this new certificate if it contains all the
+special tweaks as the old certificate had.
+
+ at example
+hxtool issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --lifetime="10years" \
+ --template-certificate="FILE:ca.pem" \
+ --template-fields="serialNumber,notBefore,subject,SPKI" \
+ --ca-private-key=FILE:ca.pem \
+ --certificate="FILE:new-ca.pem"
+ at end example
+
+ at subsection Subordinate CA
+
+This example create a new subordinate certificate authority.
+
+ at example
+hxtool issue-certificate \
+ --ca-certificate=FILE:ca.pem \
+ --issue-ca \
+ --generate-key=rsa \
+ --subject="CN=CertificateAuthority,DC=dev,DC=test,DC=h5l,DC=se" \
+ --certificate="FILE:dev-ca.pem"
+ at end example
+
+
+ at node Issuing certificates, Issuing CRLs, Creating a CA certificate, Top
+ at section Issuing certificates
+
+First you'll create a CA certificate, after that you have to deal with
+your users and servers and issue certificate to them.
+
+CA can generate the key for the user.
+
+Can receive PKCS10 certificate requests from the users. PKCS10 is a
+request for a certificate. The user can specified what DN the user wants
+and what public key. To prove the user have the key, the whole request
+is signed by the private key of the user.
+
+ at subsection Name space management
+
+What people might want to see.
+
+Re-issue certificates just because people moved within the organization.
+
+Expose privacy information.
+
+Using Sub-component name (+ notation).
+
+ at subsection Certificate Revocation, CRL and OCSP
+
+Sonetimes people loose smartcard or computers and certificates have to
+be make not valid any more, this is called revoking certificates. There
+are two main protocols for doing this Certificate Revocations Lists
+(CRL) and Online Certificate Status Protocol (OCSP).
+
+If you know that the certificate is destroyed then there is no need to
+revoke the certificate because it can not be used by someone else.
+
+The main reason you as a CA administrator have to deal with CRLs however
+will be that some software require there to be CRLs. Example of this is
+Windows, so you have to deal with this somehow.
+
+ at node Issuing CRLs, Application requirements, Issuing certificates, Top
+ at section Issuing CRLs
+
+Create an empty CRL with not certificates revoked. Default expiration
+value is one year from now.
+
+ at example
+hxtool crl-sign \
+ --crl-file=crl.der \
+ --signer=FILE:ca.pem
+ at end example
+
+Create a CRL with all certificates in the directory
+ at file{/path/to/revoked/dir} included in the CRL as revoked. Also make
+it expire one month from now.
+
+ at example
+hxtool crl-sign \
+ --crl-file=crl.der \
+ --signer=FILE:ca.pem \
+ --lifetime='1 month' \
+ DIR:/path/to/revoked/dir
+ at end example
+
+ at node Application requirements, CMS signing and encryption, Issuing CRLs, Top
+ at section Application requirements
+
+Application have different requirements on certificates. This section
+tries to expand what they are and how to use hxtool to generate
+certificates for those services.
+
+ at subsection HTTPS - server
+
+ at example
+hxtool issue-certificate \
+ --subject="CN=www.test.h5l.se,DC=test,DC=h5l,DC=se" \
+ --type="https-server" \
+ --hostname="www.test.h5l.se" \
+ --hostname="www2.test.h5l.se" \
+ ...
+ at end example
+
+ at subsection HTTPS - client
+
+ at example
+hxtool issue-certificate \
+ --subject="UID=testus,DC=test,DC=h5l,DC=se" \
+ --type="https-client" \
+ ...
+ at end example
+
+ at subsection S/MIME - email
+
+There are two things that should be set in S/MIME certificates, one or
+more email addresses and an extended eku usage (EKU), emailProtection.
+
+The email address format used in S/MIME certificates is defined in
+RFC2822, section 3.4.1 and it should be an ``addr-spec''.
+
+There are two ways to specifify email address in certificates. The old
+ways is in the subject distinguished name, this should not be used. The
+new way is using a Subject Alternative Name (SAN).
+
+But even though email address is stored in certificates, they don't need
+to, email reader programs are required to accept certificates that
+doesn't have either of the two methods of storing email in certificates.
+In that case, they try to protect the user by printing the name of the
+certificate instead.
+
+S/MIME certificate can be used in another special way. They can be
+issued with a NULL subject distinguished name plus the email in SAN,
+this is a valid certificate. This is used when you wont want to share
+more information then you need to.
+
+hx509 issue-certificate supports adding the email SAN to certificate by
+using the --email option, --email also gives an implicit emailProtection
+eku. If you want to create an certificate without an email address, the
+option --type=email will add the emailProtection EKU.
+
+ at example
+hxtool issue-certificate \
+ --subject="UID=testus-email,DC=test,DC=h5l,DC=se" \
+ --type=email \
+ --email="testus@@test.h5l.se" \
+ ...
+ at end example
+
+An example of an certificate without and subject distinguished name with
+an email address in a SAN.
+
+ at example
+hxtool issue-certificate \
+ --subject="" \
+ --type=email \
+ --email="testus@@test.h5l.se" \
+ ...
+ at end example
+
+ at subsection PK-INIT
+
+How to create a certificate for a KDC.
+
+ at example
+hxtool issue-certificate \
+ --type="pkinit-kdc" \
+ --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \
+ --hostname kerberos.test.h5l.se \
+ --hostname pal.test.h5l.se \
+ ...
+ at end example
+
+How to create a certificate for a user.
+
+ at example
+hxtool issue-certificate \
+ --type="pkinit-client" \
+ --pk-init-principal="user@@TEST.H5L.SE" \
+ ...
+ at end example
+
+ at subsection XMPP/Jabber
+
+The jabber server certificate should have a dNSname that is the same as
+the user entered into the application, not the same as the host name of
+the machine.
+
+ at example
+hxtool issue-certificate \
+ --subject="CN=xmpp1.test.h5l.se,DC=test,DC=h5l,DC=se" \
+ --hostname="xmpp1.test.h5l.se" \
+ --hostname="test.h5l.se" \
+ ...
+ at end example
+
+The certificate may also contain a jabber identifier (JID) that, if the
+receiver allows it, authorises the server or client to use that JID.
+
+When storing a JID inside the certificate, both for server and client,
+it's stored inside a UTF8String within an otherName entity inside the
+subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5).
+
+To read more about the requirements, see RFC3920, Extensible Messaging
+and Presence Protocol (XMPP): Core.
+
+hxtool issue-certificate have support to add jid to the certificate
+using the option @kbd{--jid}.
+
+ at example
+hxtool issue-certificate \
+ --subject="CN=Love,DC=test,DC=h5l,DC=se" \
+ --jid="lha@@test.h5l.se" \
+ ...
+ at end example
+
+
+ at node CMS signing and encryption, CMS background, Application requirements, Top
+ at chapter CMS signing and encryption
+
+CMS is the Cryptographic Message System that among other, is used by
+S/MIME (secure email) and Kerberos PK-INIT. It's an extended version of
+the RSA, Inc standard PKCS7.
+
+ at node CMS background, , CMS signing and encryption, Top
+ at section CMS background
+
+
+ at c @shortcontents
+ at contents
+
+ at bye
Added: vendor-crypto/heimdal/dist/doc/init-creds
===================================================================
--- vendor-crypto/heimdal/dist/doc/init-creds (rev 0)
+++ vendor-crypto/heimdal/dist/doc/init-creds 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,374 @@
+Currently, getting an initial ticket for a user involves many function
+calls, especially when a full set of features including password
+expiration and challenge preauthentication is desired. In order to
+solve this problem, a new api is proposed.
+
+typedef struct _krb5_prompt {
+ char *prompt;
+ int hidden;
+ krb5_data *reply;
+} krb5_prompt;
+
+typedef int (*krb5_prompter_fct)(krb5_context context,
+ void *data,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[]);
+
+typedef struct _krb5_get_init_creds_opt {
+ krb5_flags flags;
+ krb5_deltat tkt_life;
+ krb5_deltat renew_life;
+ int forwardable;
+ int proxiable;
+ krb5_enctype *etype_list;
+ int etype_list_length;
+ krb5_address **address_list;
+ /* XXX the next three should not be used, as they may be
+ removed later */
+ krb5_preauthtype *preauth_list;
+ int preauth_list_length;
+ krb5_data *salt;
+} krb5_get_init_creds_opt;
+
+#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
+#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
+#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
+#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
+#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
+#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
+#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
+#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
+
+void krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt);
+
+void krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
+ krb5_deltat tkt_life);
+void krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
+ krb5_deltat renew_life);
+void krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
+ int forwardable);
+void krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
+ int proxiable);
+void krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
+ krb5_enctype *etype_list,
+ int etype_list_length);
+void krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
+ krb5_address **addresses);
+void krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+ krb5_preauthtype *preauth_list,
+ int preauth_list_length);
+void krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
+ krb5_data *salt);
+
+krb5_error_code
+krb5_get_init_creds_password(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ char *password,
+ krb5_prompter_fct prompter,
+ void *data,
+ krb5_deltat start_time,
+ char *in_tkt_service,
+ krb5_get_init_creds_opt *options);
+
+This function will attempt to acquire an initial ticket. The function
+will perform whatever tasks are necessary to do so. This may include
+changing an expired password, preauthentication.
+
+The arguments divide into two types. Some arguments are basically
+invariant and arbitrary across all initial tickets, and if not
+specified are determined by configuration or library defaults. Some
+arguments are different for each execution or application, and if not
+specified can be determined correctly from system configuration or
+environment. The former arguments are contained in a structure whose
+pointer is passed to the function. A bitmask specifies which elements
+of the structure should be used. In most cases, a NULL pointer can be
+used. The latter arguments are specified as individual arguments to
+the function.
+
+If a pointer to a credential is specified, the initial credential is
+filled in. If the caller only wishes to do a simple password check
+and will not be doing any other kerberos functions, then a NULL
+pointer may be specified, and the credential will be destroyed.
+
+If the client name is non-NULL, the initial ticket requested will be
+for that principal. Otherwise, the principal will be the username
+specified by the USER environment variable, or if the USER environment
+variable is not set, the username corresponding to the real user id of
+the caller.
+
+If the password is non-NULL, then this string is used as the password.
+Otherwise, the prompter function will be used to prompt the user for
+the password.
+
+If a prompter function is non-NULL, it will be used if additional user
+input is required, such as if the user's password has expired and
+needs to be changed, or if input preauthentication is necessary. If
+no function is specified and input is required, then the login will
+fail.
+
+ The context argument is the same as that passed to krb5_login.
+ The data argument is passed unmodified to the prompter
+ function and is intended to be used to pass application data
+ (such as a display handle) to the prompter function.
+
+ The banner argument, if non-NULL, will indicate what sort of
+ input is expected from the user (for example, "Password has
+ expired and must be changed" or "Enter Activcard response for
+ challenge 012345678"), and should be displayed accordingly.
+
+ The num_prompts argument indicates the number of values which
+ should be prompted for. If num_prompts == 0, then the banner
+ contains an informational message which should be displayed to
+ the user.
+
+ The prompts argument contains an array describing the values
+ for which the user should be prompted. The prompt member
+ indicates the prompt for each value ("Enter new
+ password"/"Enter it again", or "Challenge response"). The
+ hidden member is nonzero if the response should not be
+ displayed back to the user. The reply member is a pointer to
+ krb5_data structure which has already been allocated. The
+ prompter should fill in the structure with the NUL-terminated
+ response from the user.
+
+ If the response data does not fit, or if any other error
+ occurs, then the prompter function should return a non-zero
+ value which will be returned by the krb5_get_init_creds
+ function. Otherwise, zero should be returned.
+
+ The library function krb5_prompter_posix() implements
+ a prompter using a posix terminal for user in. This function
+ does not use the data argument.
+
+If the start_time is zero, then the requested ticket will be valid
+beginning immediately. Otherwise, the start_time indicates how far in
+the future the ticket should be postdated.
+
+If the in_tkt_service name is non-NULL, that principal name will be
+used as the server name for the initial ticket request. The realm of
+the name specified will be ignored and will be set to the realm of the
+client name. If no in_tkt_service name is specified,
+krbtgt/CLIENT-REALM at CLIENT-REALM will be used.
+
+For the rest of arguments, a configuration or library default will be
+used if no value is specified in the options structure.
+
+If a tkt_life is specified, that will be the lifetime of the ticket.
+The library default is 10 hours; there is no configuration variable
+(there should be, but it's not there now).
+
+If a renew_life is specified and non-zero, then the RENEWABLE option
+on the ticket will be set, and the value of the argument will be the
+the renewable lifetime. The configuration variable [libdefaults]
+"renew_lifetime" is the renewable lifetime if none is passed in. The
+library default is not to set the RENEWABLE option.
+
+If forwardable is specified, the FORWARDABLE option on the ticket will
+be set if and only if forwardable is non-zero. The configuration
+variable [libdefaults] "forwardable" is used if no value is passed in.
+The option will be set if and only if the variable is "y", "yes",
+"true", "t", "1", or "on", case insensitive. The library default is
+not to set the FORWARDABLE option.
+
+If proxiable is specified, the PROXIABLE option on the ticket will be
+set if and only if proxiable is non-zero. The configuration variable
+[libdefaults] "proxiable" is used if no value is passed in. The
+option will be set if and only if the variable is "y", "yes", "true",
+"t", "1", or "on", case insensitive. The library default is not to
+set the PROXIABLE option.
+
+If etype_list is specified, it will be used as the list of desired
+encryption algorithms in the request. The configuration variable
+[libdefaults] "default_tkt_enctypes" is used if no value is passed in.
+The library default is "des-cbc-md5 des-cbc-crc".
+
+If address_list is specified, it will be used as the list of addresses
+for which the ticket will be valid. The library default is to use all
+local non-loopback addresses. There is no configuration variable.
+
+If preauth_list is specified, it names preauth data types which will
+be included in the request. The library default is to interact with
+the kdc to determine the required preauth types. There is no
+configuration variable.
+
+If salt is specified, it specifies the salt which will be used when
+converting the password to a key. The library default is to interact
+with the kdc to determine the correct salt. There is no configuration
+variable.
+
+================================================================
+
+typedef struct _krb5_verify_init_creds_opt {
+ krb5_flags flags;
+ int ap_req_nofail;
+} krb5_verify_init_creds_opt;
+
+#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
+
+void krb5_verify_init_creds_opt_init(krb5_init_creds_opt *options);
+void krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_init_creds_opt *options,
+ int ap_req_nofail);
+
+krb5_error_code
+krb5_verify_init_creds(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal ap_req_server,
+ krb5_keytab ap_req_keytab,
+ krb5_ccache *ccache,
+ krb5_verify_init_creds_opt *options);
+
+This function will use the initial ticket in creds to make an AP_REQ
+and verify it to insure that the AS_REP has not been spoofed.
+
+If the ap_req_server name is non-NULL, then this service name will be
+used for the AP_REQ; otherwise, the default host key
+(host/hostname.domain at LOCAL-REALM) will be used.
+
+If ap_req_keytab is non-NULL, the service key for the verification
+will be read from that keytab; otherwise, the service key will be read
+from the default keytab.
+
+If the service of the ticket in creds is the same as the service name
+for the AP_REQ, then this ticket will be used directly. If the ticket
+is a tgt, then it will be used to obtain credentials for the service.
+Otherwise, the verification will fail, and return an error.
+
+Other failures of the AP_REQ verification may or may not be considered
+errors, as described below.
+
+If a pointer to a credential cache handle is specified, and the handle
+is NULL, a credential cache handle referring to all credentials
+obtained in the course of verifying the user will be returned. In
+order to avoid potential setuid race conditions and other problems
+related to file system access, this handle will refer to a memory
+credential cache. If the handle is non-NULL, then the credentials
+will be added to the existing ccache. If the caller only wishes to
+verify the password and will not be doing any other kerberos
+functions, then a NULL pointer may be specified, and the credentials
+will be deleted before the function returns.
+
+If ap_req_nofail is specified, then failures of the AP_REQ
+verification are considered errors if and only if ap_req_nofail is
+non-zero.
+
+Whether or not AP_REQ validation is performed and what failures mean
+depends on these inputs:
+
+ A) The appropriate keytab exists and contains the named key.
+
+ B) An AP_REQ request to the kdc succeeds, and the resulting AP_REQ
+can be decrypted and verified.
+
+ C) The administrator has specified in a configuration file that
+AP_REQ validation must succeed. This is basically a paranoid bit, and
+can be overridden by the application based on a command line flag or
+other application-specific info. This flag is especially useful if
+the admin is concerned that DNS might be spoofed while determining the
+host/FQDN name. The configuration variable [libdefaults]
+"verify_ap_req_nofail" is used if no value is passed in. The library
+default is not to set this option.
+
+Initial ticket verification will succeed if and only if:
+
+ - A && B or
+ - !A && !C
+
+================================================================
+
+For illustrative purposes, here's the invocations I expect some
+programs will use. Of course, error checking needs to be added.
+
+kinit:
+
+ /* Fill in client from the command line || existing ccache, and,
+ start_time, and options.{tkt_life,renew_life,forwardable,proxiable}
+ from the command line. Some or all may remain unset. */
+
+ krb5_get_init_creds(context, &creds, client,
+ krb5_initial_prompter_posix, NULL,
+ start_time, NULL, &options);
+ krb5_cc_store_cred(context, ccache, &creds);
+ krb5_free_cred_contents(context, &creds);
+
+login:
+
+ krb5_get_init_creds(context, &creds, client,
+ krb5_initial_prompter_posix, NULL,
+ 0, NULL, NULL);
+ krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
+ /* setuid */
+ krb5_cc_store_cred(context, ccache, &creds);
+ krb5_cc_copy(context, vcc, ccache);
+ krb5_free_cred_contents(context, &creds);
+ krb5_cc_destroy(context, vcc);
+
+xdm:
+
+ krb5_get_initial_creds(context, &creds, client,
+ krb5_initial_prompter_xt, (void *) &xtstuff,
+ 0, NULL, NULL);
+ krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
+ /* setuid */
+ krb5_cc_store_cred(context, ccache, &creds);
+ krb5_free_cred_contents(context, &creds);
+ krb5_cc_copy(context, vcc, ccache);
+ krb5_cc_destroy(context, vcc);
+
+passwd:
+
+ krb5_init_creds_opt_init(&options);
+ krb5_init_creds_opt_set_tkt_life = 300;
+ krb5_get_initial_creds(context, &creds, client,
+ krb5_initial_prompter_posix, NULL,
+ 0, "kadmin/changepw", &options);
+ /* change password */
+ krb5_free_cred_contents(context, &creds);
+
+pop3d (simple password validator when no user interation possible):
+
+ krb5_get_initial_creds(context, &creds, client,
+ NULL, NULL, 0, NULL, NULL);
+ krb5_verify_init_creds(context, &creds, NULL, NULL, &vcc, NULL);
+ krb5_cc_destroy(context, vcc);
+
+================================================================
+
+password expiration has a subtlety. When a password expires and is
+changed, there is a delay between when the master gets the new key
+(immediately), and the slaves (propogation interval). So, when
+getting an in_tkt, if the password is expired, the request should be
+reissued to the master (this kind of sucks if you have SAM, oh well).
+If this says expired, too, then the password should be changed, and
+then the initial ticket request should be issued to the master again.
+If the master times out, then a message that the password has expired
+and cannot be changed due to the master being unreachable should be
+displayed.
+
+================================================================
+
+get_init_creds reads config stuff from:
+
+[libdefaults]
+ varname1 = defvalue
+ REALM = {
+ varname1 = value
+ varname2 = value
+ }
+
+typedef struct _krb5_get_init_creds_opt {
+ krb5_flags flags;
+ krb5_deltat tkt_life; /* varname = "ticket_lifetime" */
+ krb5_deltat renew_life; /* varname = "renew_lifetime" */
+ int forwardable; /* varname = "forwardable" */
+ int proxiable; /* varname = "proxiable" */
+ krb5_enctype *etype_list; /* varname = "default_tkt_enctypes" */
+ int etype_list_length;
+ krb5_address **address_list; /* no varname */
+ krb5_preauthtype *preauth_list; /* no varname */
+ int preauth_list_length;
+ krb5_data *salt;
+} krb5_get_init_creds_opt;
+
+
Added: vendor-crypto/heimdal/dist/doc/install.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/install.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/install.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+ at c $Id: install.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Building and Installing, Setting up a realm, What is Kerberos?, Top
+ at comment node-name, next, previous, up
+ at chapter Building and Installing
+
+Heimdal uses GNU Autoconf to configure for specific hosts, and GNU
+Automake to manage makefiles. If this is new to you, the short
+instruction is to run the @code{configure} script in the top level
+directory, and when that finishes @code{make}.
+
+If you want to build the distribution in a different directory from the
+source directory, you will need a make that implements VPATH correctly,
+such as GNU make.
+
+You will need to build the distribution:
+
+ at itemize @bullet
+ at item
+A compiler that supports a ``loose'' ANSI C mode, such as @code{gcc}.
+ at item
+lex or flex
+ at item
+awk
+ at item
+yacc or bison
+ at item
+a socket library
+ at item
+NDBM or Berkeley DB for building the server side.
+ at end itemize
+
+When everything is built, you can install by doing @kbd{make
+install}. The default location for installation is @file{/usr/heimdal},
+but this can be changed by running @code{configure} with
+ at samp{--prefix=/some/other/place}.
+
+If you need to change the default behaviour, configure understands the
+following options:
+
+ at table @asis
+ at item @kbd{--without-berkeley-db}
+DB is preferred before NDBM, but if you for some reason want to use NDBM
+instead, you can use this option.
+
+ at item @kbd{--with-krb4=@file{dir}}
+Gives the location of Kerberos 4 libraries and headers. This enables
+Kerberos 4 support in the applications (telnet, rsh, popper, etc) and
+the KDC. It is automatically found if present under
+ at file{/usr/athena}. If you keep libraries and headers in different
+places, you can instead give the path to each with the
+ at kbd{--with-krb4-lib=@file{dir}}, and
+ at kbd{--with-krb4-include=@file{dir}} options.
+
+You will need a fairly recent version of our Kerberos 4 distribution for
+ at code{rshd} and @code{popper} to support version 4 clients.
+
+ at item @kbd{--enable-dce}
+Enables support for getting DCE credentials and tokens. See the README
+files in @file{appl/dceutils} for more information.
+
+ at item @kbd{--disable-otp}
+By default some of the application programs will build with support for
+one-time passwords (OTP). Use this option to disable that support.
+
+ at item @kbd{--enable-osfc2}
+Enable some C2 support for OSF/Digital Unix/Tru64. Use this option if
+you are running your OSF operating system in C2 mode.
+
+ at item @kbd{--with-readline=@file{dir}}
+Gives the path for the GNU Readline library, which will be used in some
+programs. If no readline library is found, the (simpler) editline
+library will be used instead.
+
+ at item @kbd{--with-hesiod=@file{dir}}
+Enables hesiod support in push.
+
+ at item @kbd{--enable-netinfo}
+Add support for using netinfo to lookup configuration information.
+Probably only useful (and working) on NextStep/Mac OS X.
+
+ at item @kbd{--without-ipv6}
+Disable the IPv6 support.
+
+ at item @kbd{--with-openldap}
+Compile Heimdal with support for storing the database in LDAP. Requires
+OpenLDAP @url{http://www.openldap.org}. See
+ at url{http://www.padl.com/Research/Heimdal.html} for more information.
+
+ at item @kbd{--enable-bigendian}
+ at item @kbd{--enable-littleendian}
+Normally, the build process will figure out by itself if the machine is
+big or little endian. It might fail in some cases when
+cross-compiling. If it does fail to figure it out, use the relevant of
+these two options.
+
+ at item @kbd{--with-mips-abi=@var{abi}}
+On Irix there are three different ABIs that can be used (@samp{32},
+ at samp{n32}, or @samp{64}). This option allows you to override the
+automatic selection.
+
+ at item @kbd{--disable-mmap}
+Do not use the mmap system call. Normally, configure detects if there
+is a working mmap and it is only used if there is one. Only try this
+option if it fails to work anyhow.
+
+ at end table
Added: vendor-crypto/heimdal/dist/doc/intro.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/intro.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/intro.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+ at c $Id: intro.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Introduction, What is Kerberos?, Top, Top
+ at c @node Introduction, What is Kerberos?, Top, Top
+ at comment node-name, next, previous, up
+ at chapter Introduction
+
+ at heading What is Heimdal?
+
+Heimdal is a free implementation of Kerberos 5. The goals are to:
+
+ at itemize @bullet
+ at item
+have an implementation that can be freely used by anyone
+ at item
+be protocol compatible with existing implementations and, if not in
+conflict, with RFC 4120 (and any future updated RFC). RFC 4120
+replaced RFC 1510.
+ at item
+be reasonably compatible with the M.I.T Kerberos V5 API
+ at item
+have support for Kerberos V5 over GSS-API (RFC1964)
+ at item
+include the most important and useful application programs (rsh, telnet,
+popper, etc.)
+ at item
+include enough backwards compatibility with Kerberos V4
+ at end itemize
+
+ at heading Status
+
+Heimdal has the following features (this does not mean any of this
+works):
+
+ at itemize @bullet
+ at item
+a stub generator and a library to encode/decode/whatever ASN.1/DER
+stuff
+ at item
+a @code{libkrb5} library that should be possible to get to work with
+simple applications
+ at item
+a GSS-API library
+ at item
+ at file{kinit}, @file{klist}, @file{kdestroy}
+ at item
+ at file{telnet}, @file{telnetd}
+ at item
+ at file{rsh}, @file{rshd}
+ at item
+ at file{popper}, @file{push} (a movemail equivalent)
+ at item
+ at file{ftp}, and @file{ftpd}
+ at item
+a library @file{libkafs} for authenticating to AFS and a program
+ at file{afslog} that uses it
+ at item
+some simple test programs
+ at item
+a KDC that supports most things; optionally, it may also support
+Kerberos V4 and kaserver,
+ at item
+simple programs for distributing databases between a KDC master and
+slaves
+ at item
+a password changing daemon @file{kpasswdd}, library functions for
+changing passwords and a simple client
+ at item
+some kind of administration system
+ at item
+Kerberos V4 support in many of the applications.
+ at end itemize
+
+ at heading Bug reports
+
+If you find bugs in this software, make sure it is a genuine bug and not
+just a part of the code that isn't implemented.
+
+Bug reports should be sent to @email{heimdal-bugs@@h5l.org}. Please
+include information on what machine and operating system (including
+version) you are running, what you are trying to do, what happens, what
+you think should have happened, an example for us to repeat, the output
+you get when trying the example, and a patch for the problem if you have
+one. Please make any patches with @code{diff -u} or @code{diff -c}.
+
+Suggestions, comments and other non bug reports are also welcome.
+
+ at heading Mailing list
+
+There are two mailing lists with talk about
+Heimdal. @email{heimdal-announce@@sics.se} is a low-volume announcement
+list, while @email{heimdal-discuss@@sics.se} is for general discussion.
+Send a message to @email{majordomo@@sics.se} to subscribe.
+
+ at heading Heimdal source code, binaries and the manual
+
+The source code for heimdal, links to binaries and the manual (this
+document) can be found on our web-page at
+ at url{http://www.pdc.kth.se/heimdal/}.
Added: vendor-crypto/heimdal/dist/doc/kerberos4.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/kerberos4.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/kerberos4.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,226 @@
+ at c $Id: kerberos4.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Kerberos 4 issues, Windows 2000 compatability, Things in search for a better place, Top
+ at comment node-name, next, previous, up
+ at chapter Kerberos 4 issues
+
+The KDC has built-in version 4 support. It is not enabled by default,
+see setup how to set it up.
+
+The KDC will also have kaserver emulation and be able to handle
+AFS-clients that use @code{klog}.
+
+ at menu
+* Principal conversion issues::
+* Converting a version 4 database::
+* kaserver::
+ at end menu
+
+ at node Principal conversion issues, Converting a version 4 database, Kerberos 4 issues, Kerberos 4 issues
+ at section Principal conversion issues
+
+First, Kerberos 4 and Kerberos 5 principals are different. A version 4
+principal consists of a name, an instance, and a realm. A version 5
+principal has one or more components, and a realm (the terms ``name''
+and ``instance'' are still used, for the first and second component,
+respectively). Also, in some cases the name of a version 4 principal
+differs from the first component of the corresponding version 5
+principal. One notable example is the ``host'' type principals, where
+the version 4 name is @samp{rcmd} (for ``remote command''), and the
+version 5 name is @samp{host}. For the class of principals that has a
+hostname as instance, there is an other major difference, Kerberos 4
+uses only the first component of the hostname, whereas Kerberos 5 uses
+the fully qualified hostname.
+
+Because of this it can be hard or impossible to correctly convert a
+version 4 principal to a version 5 principal @footnote{the other way is
+not always trivial either, but usually easier}. The biggest problem is
+to know if the conversion resulted in a valid principal. To give an
+example, suppose you want to convert the principal @samp{rcmd.foo}.
+
+The @samp{rcmd} name suggests that the instance is a hostname (even if
+there are exceptions to this rule). To correctly convert the instance
+ at samp{foo} to a hostname, you have to know which host it is referring
+to. You can to this by either guessing (from the realm) which domain
+name to append, or you have to have a list of possible hostnames. In the
+simplest cases you can cover most principals with the first rule. If you
+have several domains sharing a single realm this will not usually
+work. If the exceptions are few you can probably come by with a lookup
+table for the exceptions.
+
+In a complex scenario you will need some kind of host lookup mechanism.
+Using DNS for this is tempting, but DNS is error prone, slow and unsafe
+ at footnote{at least until secure DNS is commonly available}.
+
+Fortunately, the KDC has a trump on hand: it can easily tell if a
+principal exists in the database. The KDC will use
+ at code{krb5_425_conv_principal_ext} to convert principals when handling
+to version 4 requests.
+
+ at node Converting a version 4 database, kaserver , Principal conversion issues, Kerberos 4 issues
+ at section Converting a version 4 database
+
+If you want to convert an existing version 4 database, the principal
+conversion issue arises too.
+
+If you decide to convert your database once and for all, you will only
+have to do this conversion once. It is also possible to run a version 5
+KDC as a slave to a version 4 KDC. In this case this conversion will
+happen every time the database is propagated. When doing this
+conversion, there are a few things to look out for. If you have stale
+entries in the database, these entries will not be converted. This might
+be because these principals are not used anymore, or it might be just
+because the principal couldn't be converted.
+
+You might also see problems with a many-to-one mapping of
+principals. For instance, if you are using DNS lookups and you have two
+principals @samp{rcmd.foo} and @samp{rcmd.bar}, where `foo' is a CNAME
+for `bar', the resulting principals will be the same. Since the
+conversion function can't tell which is correct, these conflicts will
+have to be resolved manually.
+
+ at subsection Conversion example
+
+Given the following set of hosts and services:
+
+ at example
+foo.se rcmd
+mail.foo.se rcmd, pop
+ftp.bar.se rcmd, ftp
+ at end example
+
+you have a database that consists of the following principals:
+
+ at samp{rcmd.foo}, @samp{rcmd.mail}, @samp{pop.mail}, @samp{rcmd.ftp}, and
+ at samp{ftp.ftp}.
+
+lets say you also got these extra principals: @samp{rcmd.gone},
+ at samp{rcmd.old-mail}, where @samp{gone.foo.se} was a machine that has
+now passed away, and @samp{old-mail.foo.se} was an old mail machine that
+is now a CNAME for @samp{mail.foo.se}.
+
+When you convert this database you want the following conversions to be
+done:
+ at example
+rcmd.foo host/foo.se
+rcmd.mail host/mail.foo.se
+pop.mail pop/mail.foo.se
+rcmd.ftp host/ftp.bar.se
+ftp.ftp ftp/ftp.bar.se
+rcmd.gone @i{removed}
+rcmd.old-mail @i{removed}
+ at end example
+
+A @file{krb5.conf} that does this looks like:
+
+ at example
+[realms]
+ FOO.SE = @{
+ v4_name_convert = @{
+ host = @{
+ ftp = ftp
+ pop = pop
+ rcmd = host
+ @}
+ @}
+ v4_instance_convert = @{
+ foo = foo.se
+ ftp = ftp.bar.se
+ @}
+ default_domain = foo.se
+ @}
+ at end example
+
+The @samp{v4_name_convert} section says which names should be considered
+having an instance consisting of a hostname, and it also says how the
+names should be converted (for instance @samp{rcmd} should be converted
+to @samp{host}). The @samp{v4_instance_convert} section says how a
+hostname should be qualified (this is just a hosts-file in
+disguise). Host-instances that aren't covered by
+ at samp{v4_instance_convert} are qualified by appending the contents of
+the @samp{default_domain}.
+
+Actually, this example doesn't work. Or rather, it works to well. Since
+it has no way of knowing which hostnames are valid and which are not, it
+will happily convert @samp{rcmd.gone} to @samp{host/gone.foo.se}. This
+isn't a big problem, but if you have run your kerberos realm for a few
+years, chances are big that you have quite a few `junk' principals.
+
+If you don't want this you can remove the @samp{default_domain}
+statement, but then you will have to add entries for @emph{all} your hosts
+in the @samp{v4_instance_convert} section.
+
+Instead of doing this you can use DNS to convert instances. This is not
+a solution without problems, but it is probably easier than adding lots
+of static host entries.
+
+To enable DNS lookup you should turn on @samp{v4_instance_resolve} in
+the @samp{[libdefaults]} section.
+
+ at subsection Converting a database
+
+The database conversion is done with @samp{hprop}. You can run this
+command to propagate the database to the machine called
+ at samp{slave-server} (which should be running a @samp{hpropd}).
+
+ at example
+hprop --source=krb4-db --master-key=/.m slave-server
+ at end example
+
+This command can also be to use for converting the v4 database on the
+server:
+
+ at example
+hprop -n --source=krb4-db -d /var/kerberos/principal --master-key=/.m | hpropd -n
+ at end example
+
+ at section Version 4 Kadmin
+
+ at samp{kadmind} can act as a version 4 kadmind, and you can do most
+operations, but with some restrictions (since the version 4 kadmin
+protocol is, lets say, very ad hoc.) One example is that it only passes
+des keys when creating principals and changing passwords (modern kpasswd
+clients do send the password, so it's possible to to password quality
+checks). Because of this you can only create principals with des keys,
+and you can't set any flags or do any other fancy stuff.
+
+To get this to work, you have to add another entry to inetd (since
+version 4 uses port 751, not 749).
+
+ at emph{And then there are a many more things you can do; more on this in
+a later version of this manual. Until then, UTSL.}
+
+ at node kaserver, , Converting a version 4 database, Kerberos 4 issues
+ at section kaserver
+
+ at subsection kaserver emulation
+
+The Heimdal kdc can emulate a kaserver. The kaserver is a Kerberos 4
+server with pre-authentication using Rx as the on-wire protocol. The kdc
+contains a minimalistic Rx implementation.
+
+There are three parts of the kaserver; KAA (Authentication), KAT (Ticket
+Granting), and KAM (Maintenance). The KAA interface and KAT interface
+both passes over DES encrypted data-blobs (just like the
+Kerberos-protocol) and thus do not need any other protection. The KAM
+interface uses @code{rxkad} (Kerberos authentication layer for Rx) for
+security and data protection, and is used for example for changing
+passwords. This part is not implemented in the kdc.
+
+Another difference between the ka-protocol and the Kerberos 4 protocol
+is that the pass-phrase is salted with the cellname in the @code{string to
+key} function in the ka-protocol, while in the Kerberos 4 protocol there
+is no salting of the password at all. To make sure AFS-compatible keys
+are added to each principals when they are created or their password are
+changed, @samp{afs3-salt} should be added to
+ at samp{[kadmin]default_keys}.
+
+ at subsection Transarc AFS Windows client
+
+The Transarc Windows client uses Kerberos 4 to obtain tokens, and thus
+does not need a kaserver. The Windows client assumes that the Kerberos
+server is on the same machine as the AFS-database server. If you do not
+like to do that you can add a small program that runs on the database
+servers that forward all kerberos requests to the real kerberos
+server. A program that does this is @code{krb-forward}
+(@url{ftp://ftp.stacken.kth.se/pub/projekts/krb-forward}).
Added: vendor-crypto/heimdal/dist/doc/krb5.din
===================================================================
--- vendor-crypto/heimdal/dist/doc/krb5.din (rev 0)
+++ vendor-crypto/heimdal/dist/doc/krb5.din 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+# Doxyfile 1.5.3
+
+PROJECT_NAME = Heimdal Kerberos 5 library
+PROJECT_NUMBER = @PACKAGE_VERSION@
+OUTPUT_DIRECTORY = @objdir@/krb5
+INPUT = @srcdir@/../lib/krb5
+
+WARN_IF_UNDOCUMENTED = NO
+
+PERL_PATH = /usr/bin/perl
+
+HTML_HEADER = "@srcdir@/header.html"
+HTML_FOOTER = "@srcdir@/footer.html"
+
+ at INCLUDE = "@srcdir@/doxytmpl.dxy"
+
Added: vendor-crypto/heimdal/dist/doc/latin1.tex
===================================================================
--- vendor-crypto/heimdal/dist/doc/latin1.tex (rev 0)
+++ vendor-crypto/heimdal/dist/doc/latin1.tex 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts.
+% Jan Michael Rynning <jmr at nada.kth.se> 1990-10-12
+\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi}
+\global\catcode`\^^a0=\active \global\let^^a0=~ % no-break space
+\global\catcode`\^^a1=\active \global\def^^a1{!`} % inverted exclamation mark
+\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}} % cent sign
+\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}} % pound sign
+% currency sign, yen sign, broken bar
+\global\catcode`\^^a7=\active \global\let^^a7=\S % section sign
+\global\catcode`\^^a8=\active \global\def^^a8{\"{}} % diaeresis
+\global\catcode`\^^a9=\active \global\let^^a9=\copyright % copyright sign
+% feminine ordinal indicator, left angle quotation mark
+\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign
+\global\catcode`\^^ad=\active \global\let^^ad=\- % soft hyphen
+% registered trade mark sign
+\global\catcode`\^^af=\active \global\def^^af{\={}} % macron
+% ...
+\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm} % plus minus
+\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}}
+\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}}
+\global\catcode`\^^b4=\active \global\def^^b4{\'{}} % acute accent
+\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu} % mu
+\global\catcode`\^^b6=\active \global\let^^b6=\P % pilcroy
+\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}}
+\global\catcode`\^^b8=\active \global\def^^b8{\c{}} % cedilla
+\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}}
+% ...
+\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}}
+\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}}
+\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}}
+\global\catcode`\^^bf=\active \global\def^^bf{?`} % inverted question mark
+\global\catcode`\^^c0=\active \global\def^^c0{\`A}
+\global\catcode`\^^c1=\active \global\def^^c1{\'A}
+\global\catcode`\^^c2=\active \global\def^^c2{\^A}
+\global\catcode`\^^c3=\active \global\def^^c3{\~A}
+\global\catcode`\^^c4=\active \global\def^^c4{\"A} % capital a with diaeresis
+\global\catcode`\^^c5=\active \global\let^^c5=\AA % capital a with ring above
+\global\catcode`\^^c6=\active \global\let^^c6=\AE
+\global\catcode`\^^c7=\active \global\def^^c7{\c C}
+\global\catcode`\^^c8=\active \global\def^^c8{\`E}
+\global\catcode`\^^c9=\active \global\def^^c9{\'E}
+\global\catcode`\^^ca=\active \global\def^^ca{\^E}
+\global\catcode`\^^cb=\active \global\def^^cb{\"E}
+\global\catcode`\^^cc=\active \global\def^^cc{\`I}
+\global\catcode`\^^cd=\active \global\def^^cd{\'I}
+\global\catcode`\^^ce=\active \global\def^^ce{\^I}
+\global\catcode`\^^cf=\active \global\def^^cf{\"I}
+% capital eth
+\global\catcode`\^^d1=\active \global\def^^d1{\~N}
+\global\catcode`\^^d2=\active \global\def^^d2{\`O}
+\global\catcode`\^^d3=\active \global\def^^d3{\'O}
+\global\catcode`\^^d4=\active \global\def^^d4{\^O}
+\global\catcode`\^^d5=\active \global\def^^d5{\~O}
+\global\catcode`\^^d6=\active \global\def^^d6{\"O} % capital o with diaeresis
+\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign
+\global\catcode`\^^d8=\active \global\let^^d8=\O
+\global\catcode`\^^d9=\active \global\def^^d9{\`U}
+\global\catcode`\^^da=\active \global\def^^da{\'U}
+\global\catcode`\^^db=\active \global\def^^db{\^U}
+\global\catcode`\^^dc=\active \global\def^^dc{\"U}
+\global\catcode`\^^dd=\active \global\def^^dd{\'Y}
+% capital thorn
+\global\catcode`\^^df=\active \global\def^^df{\ss}
+\global\catcode`\^^e0=\active \global\def^^e0{\`a}
+\global\catcode`\^^e1=\active \global\def^^e1{\'a}
+\global\catcode`\^^e2=\active \global\def^^e2{\^a}
+\global\catcode`\^^e3=\active \global\def^^e3{\~a}
+\global\catcode`\^^e4=\active \global\def^^e4{\"a} % small a with diaeresis
+\global\catcode`\^^e5=\active \global\let^^e5=\aa % small a with ring above
+\global\catcode`\^^e6=\active \global\let^^e6=\ae
+\global\catcode`\^^e7=\active \global\def^^e7{\c c}
+\global\catcode`\^^e8=\active \global\def^^e8{\`e}
+\global\catcode`\^^e9=\active \global\def^^e9{\'e}
+\global\catcode`\^^ea=\active \global\def^^ea{\^e}
+\global\catcode`\^^eb=\active \global\def^^eb{\"e}
+\global\catcode`\^^ec=\active \global\def^^ec{\`\i}
+\global\catcode`\^^ed=\active \global\def^^ed{\'\i}
+\global\catcode`\^^ee=\active \global\def^^ee{\^\i}
+\global\catcode`\^^ef=\active \global\def^^ef{\"\i}
+% small eth
+\global\catcode`\^^f1=\active \global\def^^f1{\~n}
+\global\catcode`\^^f2=\active \global\def^^f2{\`o}
+\global\catcode`\^^f3=\active \global\def^^f3{\'o}
+\global\catcode`\^^f4=\active \global\def^^f4{\^o}
+\global\catcode`\^^f5=\active \global\def^^f5{\~o}
+\global\catcode`\^^f6=\active \global\def^^f6{\"o} % small o with diaeresis
+\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign
+\global\catcode`\^^f8=\active \global\let^^f8=\o
+\global\catcode`\^^f9=\active \global\def^^f9{\`u}
+\global\catcode`\^^fa=\active \global\def^^fa{\'u}
+\global\catcode`\^^fb=\active \global\def^^fb{\^u}
+\global\catcode`\^^fc=\active \global\def^^fc{\"u}
+\global\catcode`\^^fd=\active \global\def^^fd{\'y}
+% capital thorn
+\global\catcode`\^^ff=\active \global\def^^ff{\"y}
Added: vendor-crypto/heimdal/dist/doc/layman.asc
===================================================================
--- vendor-crypto/heimdal/dist/doc/layman.asc (rev 0)
+++ vendor-crypto/heimdal/dist/doc/layman.asc 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1855 @@
+A Layman's Guide to a Subset of ASN.1, BER, and DER
+
+An RSA Laboratories Technical Note
+Burton S. Kaliski Jr.
+Revised November 1, 1993
+
+
+Supersedes June 3, 1991 version, which was also published as
+NIST/OSI Implementors' Workshop document SEC-SIG-91-17.
+PKCS documents are available by electronic mail to
+<pkcs at rsa.com>.
+
+Copyright (C) 1991-1993 RSA Laboratories, a division of RSA
+Data Security, Inc. License to copy this document is granted
+provided that it is identified as "RSA Data Security, Inc.
+Public-Key Cryptography Standards (PKCS)" in all material
+mentioning or referencing this document.
+003-903015-110-000-000
+
+
+Abstract. This note gives a layman's introduction to a
+subset of OSI's Abstract Syntax Notation One (ASN.1), Basic
+Encoding Rules (BER), and Distinguished Encoding Rules
+(DER). The particular purpose of this note is to provide
+background material sufficient for understanding and
+implementing the PKCS family of standards.
+
+
+1. Introduction
+
+It is a generally accepted design principle that abstraction
+is a key to managing software development. With abstraction,
+a designer can specify a part of a system without concern
+for how the part is actually implemented or represented.
+Such a practice leaves the implementation open; it
+simplifies the specification; and it makes it possible to
+state "axioms" about the part that can be proved when the
+part is implemented, and assumed when the part is employed
+in another, higher-level part. Abstraction is the hallmark
+of most modern software specifications.
+
+One of the most complex systems today, and one that also
+involves a great deal of abstraction, is Open Systems
+Interconnection (OSI, described in X.200). OSI is an
+internationally standardized architecture that governs the
+interconnection of computers from the physical layer up to
+the user application layer. Objects at higher layers are
+defined abstractly and intended to be implemented with
+objects at lower layers. For instance, a service at one
+layer may require transfer of certain abstract objects
+between computers; a lower layer may provide transfer
+services for strings of ones and zeroes, using encoding
+rules to transform the abstract objects into such strings.
+OSI is called an open system because it supports many
+different implementations of the services at each layer.
+
+OSI's method of specifying abstract objects is called ASN.1
+(Abstract Syntax Notation One, defined in X.208), and one
+set of rules for representing such objects as strings of
+ones and zeros is called the BER (Basic Encoding Rules,
+defined in X.209). ASN.1 is a flexible notation that allows
+one to define a variety data types, from simple types such
+as integers and bit strings to structured types such as sets
+and sequences, as well as complex types defined in terms of
+others. BER describes how to represent or encode values of
+each ASN.1 type as a string of eight-bit octets. There is
+generally more than one way to BER-encode a given value.
+Another set of rules, called the Distinguished Encoding
+Rules (DER), which is a subset of BER, gives a unique
+encoding to each ASN.1 value.
+
+The purpose of this note is to describe a subset of ASN.1,
+BER and DER sufficient to understand and implement one OSI-
+based application, RSA Data Security, Inc.'s Public-Key
+Cryptography Standards. The features described include an
+overview of ASN.1, BER, and DER and an abridged list of
+ASN.1 types and their BER and DER encodings. Sections 2-4
+give an overview of ASN.1, BER, and DER, in that order.
+Section 5 lists some ASN.1 types, giving their notation,
+specific encoding rules, examples, and comments about their
+application to PKCS. Section 6 concludes with an example,
+X.500 distinguished names.
+
+Advanced features of ASN.1, such as macros, are not
+described in this note, as they are not needed to implement
+PKCS. For information on the other features, and for more
+detail generally, the reader is referred to CCITT
+Recommendations X.208 and X.209, which define ASN.1 and BER.
+
+Terminology and notation. In this note, an octet is an eight-
+bit unsigned integer. Bit 8 of the octet is the most
+significant and bit 1 is the least significant.
+
+The following meta-syntax is used for in describing ASN.1
+notation:
+
+ BIT monospace denotes literal characters in the type
+ and value notation; in examples, it generally
+ denotes an octet value in hexadecimal
+
+ n1 bold italics denotes a variable
+
+ [] bold square brackets indicate that a term is
+ optional
+
+ {} bold braces group related terms
+
+ | bold vertical bar delimits alternatives with a
+ group
+
+ ... bold ellipsis indicates repeated occurrences
+
+ = bold equals sign expresses terms as subterms
+
+
+2. Abstract Syntax Notation One
+
+Abstract Syntax Notation One, abbreviated ASN.1, is a
+notation for describing abstract types and values.
+
+In ASN.1, a type is a set of values. For some types, there
+are a finite number of values, and for other types there are
+an infinite number. A value of a given ASN.1 type is an
+element of the type's set. ASN.1 has four kinds of type:
+simple types, which are "atomic" and have no components;
+structured types, which have components; tagged types, which
+are derived from other types; and other types, which include
+the CHOICE type and the ANY type. Types and values can be
+given names with the ASN.1 assignment operator (::=) , and
+those names can be used in defining other types and values.
+
+Every ASN.1 type other than CHOICE and ANY has a tag, which
+consists of a class and a nonnegative tag number. ASN.1
+types are abstractly the same if and only if their tag
+numbers are the same. In other words, the name of an ASN.1
+type does not affect its abstract meaning, only the tag
+does. There are four classes of tag:
+
+ Universal, for types whose meaning is the same in all
+ applications; these types are only defined in
+ X.208.
+
+ Application, for types whose meaning is specific to an
+ application, such as X.500 directory services;
+ types in two different applications may have the
+ same application-specific tag and different
+ meanings.
+
+ Private, for types whose meaning is specific to a given
+ enterprise.
+
+ Context-specific, for types whose meaning is specific
+ to a given structured type; context-specific tags
+ are used to distinguish between component types
+ with the same underlying tag within the context of
+ a given structured type, and component types in
+ two different structured types may have the same
+ tag and different meanings.
+
+The types with universal tags are defined in X.208, which
+also gives the types' universal tag numbers. Types with
+other tags are defined in many places, and are always
+obtained by implicit or explicit tagging (see Section 2.3).
+Table 1 lists some ASN.1 types and their universal-class
+tags.
+
+ Type Tag number Tag number
+ (decimal) (hexadecimal)
+ INTEGER 2 02
+ BIT STRING 3 03
+ OCTET STRING 4 04
+ NULL 5 05
+ OBJECT IDENTIFIER 6 06
+ SEQUENCE and SEQUENCE OF 16 10
+ SET and SET OF 17 11
+ PrintableString 19 13
+ T61String 20 14
+ IA5String 22 16
+ UTCTime 23 17
+
+ Table 1. Some types and their universal-class tags.
+
+ASN.1 types and values are expressed in a flexible,
+programming-language-like notation, with the following
+special rules:
+
+ o Layout is not significant; multiple spaces and
+ line breaks can be considered as a single space.
+
+ o Comments are delimited by pairs of hyphens (--),
+ or a pair of hyphens and a line break.
+
+ o Identifiers (names of values and fields) and type
+ references (names of types) consist of upper- and
+ lower-case letters, digits, hyphens, and spaces;
+ identifiers begin with lower-case letters; type
+ references begin with upper-case letters.
+
+The following four subsections give an overview of simple
+types, structured types, implicitly and explicitly tagged
+types, and other types. Section 5 describes specific types
+in more detail.
+
+
+2.1 Simple types
+
+Simple types are those not consisting of components; they
+are the "atomic" types. ASN.1 defines several; the types
+that are relevant to the PKCS standards are the following:
+
+ BIT STRING, an arbitrary string of bits (ones and
+ zeroes).
+
+ IA5String, an arbitrary string of IA5 (ASCII)
+ characters.
+
+ INTEGER, an arbitrary integer.
+
+ NULL, a null value.
+
+ OBJECT IDENTIFIER, an object identifier, which is a
+ sequence of integer components that identify an
+ object such as an algorithm or attribute type.
+
+ OCTET STRING, an arbitrary string of octets (eight-bit
+ values).
+
+ PrintableString, an arbitrary string of printable
+ characters.
+
+ T61String, an arbitrary string of T.61 (eight-bit)
+ characters.
+
+ UTCTime, a "coordinated universal time" or Greenwich
+ Mean Time (GMT) value.
+
+Simple types fall into two categories: string types and non-
+string types. BIT STRING, IA5String, OCTET STRING,
+PrintableString, T61String, and UTCTime are string types.
+
+String types can be viewed, for the purposes of encoding, as
+consisting of components, where the components are
+substrings. This view allows one to encode a value whose
+length is not known in advance (e.g., an octet string value
+input from a file stream) with a constructed, indefinite-
+length encoding (see Section 3).
+
+The string types can be given size constraints limiting the
+length of values.
+
+
+2.2 Structured types
+
+Structured types are those consisting of components. ASN.1
+defines four, all of which are relevant to the PKCS
+standards:
+
+ SEQUENCE, an ordered collection of one or more types.
+
+ SEQUENCE OF, an ordered collection of zero or more
+ occurrences of a given type.
+
+ SET, an unordered collection of one or more types.
+
+ SET OF, an unordered collection of zero or more
+ occurrences of a given type.
+
+The structured types can have optional components, possibly
+with default values.
+
+
+2.3 Implicitly and explicitly tagged types
+
+Tagging is useful to distinguish types within an
+application; it is also commonly used to distinguish
+component types within a structured type. For instance,
+optional components of a SET or SEQUENCE type are typically
+given distinct context-specific tags to avoid ambiguity.
+
+There are two ways to tag a type: implicitly and explicitly.
+
+Implicitly tagged types are derived from other types by
+changing the tag of the underlying type. Implicit tagging is
+denoted by the ASN.1 keywords [class number] IMPLICIT (see
+Section 5.1).
+
+Explicitly tagged types are derived from other types by
+adding an outer tag to the underlying type. In effect,
+explicitly tagged types are structured types consisting of
+one component, the underlying type. Explicit tagging is
+denoted by the ASN.1 keywords [class number] EXPLICIT (see
+Section 5.2).
+
+The keyword [class number] alone is the same as explicit
+tagging, except when the "module" in which the ASN.1 type is
+defined has implicit tagging by default. ("Modules" are
+among the advanced features not described in this note.)
+
+For purposes of encoding, an implicitly tagged type is
+considered the same as the underlying type, except that the
+tag is different. An explicitly tagged type is considered
+like a structured type with one component, the underlying
+type. Implicit tags result in shorter encodings, but
+explicit tags may be necessary to avoid ambiguity if the tag
+of the underlying type is indeterminate (e.g., the
+underlying type is CHOICE or ANY).
+
+
+2.4 Other types
+
+Other types in ASN.1 include the CHOICE and ANY types. The
+CHOICE type denotes a union of one or more alternatives; the
+ANY type denotes an arbitrary value of an arbitrary type,
+where the arbitrary type is possibly defined in the
+registration of an object identifier or integer value.
+
+
+3. Basic Encoding Rules
+
+The Basic Encoding Rules for ASN.1, abbreviated BER, give
+one or more ways to represent any ASN.1 value as an octet
+string. (There are certainly other ways to represent ASN.1
+values, but BER is the standard for interchanging such
+values in OSI.)
+
+There are three methods to encode an ASN.1 value under BER,
+the choice of which depends on the type of value and whether
+the length of the value is known. The three methods are
+primitive, definite-length encoding; constructed, definite-
+length encoding; and constructed, indefinite-length
+encoding. Simple non-string types employ the primitive,
+definite-length method; structured types employ either of
+the constructed methods; and simple string types employ any
+of the methods, depending on whether the length of the value
+is known. Types derived by implicit tagging employ the
+method of the underlying type and types derived by explicit
+tagging employ the constructed methods.
+
+In each method, the BER encoding has three or four parts:
+
+ Identifier octets. These identify the class and tag
+ number of the ASN.1 value, and indicate whether
+ the method is primitive or constructed.
+
+ Length octets. For the definite-length methods, these
+ give the number of contents octets. For the
+ constructed, indefinite-length method, these
+ indicate that the length is indefinite.
+
+ Contents octets. For the primitive, definite-length
+ method, these give a concrete representation of
+ the value. For the constructed methods, these
+ give the concatenation of the BER encodings of the
+ components of the value.
+
+ End-of-contents octets. For the constructed, indefinite-
+ length method, these denote the end of the
+ contents. For the other methods, these are absent.
+
+The three methods of encoding are described in the following
+sections.
+
+
+3.1 Primitive, definite-length method
+
+This method applies to simple types and types derived from
+simple types by implicit tagging. It requires that the
+length of the value be known in advance. The parts of the
+BER encoding are as follows:
+
+Identifier octets. There are two forms: low tag number (for
+tag numbers between 0 and 30) and high tag number (for tag
+numbers 31 and greater).
+
+ Low-tag-number form. One octet. Bits 8 and 7 specify
+ the class (see Table 2), bit 6 has value "0,"
+ indicating that the encoding is primitive, and
+ bits 5-1 give the tag number.
+
+ Class Bit Bit
+ 8 7
+ universal 0 0
+ application 0 1
+ context-specific 1 0
+ private 1 1
+
+ Table 2. Class encoding in identifier octets.
+
+ High-tag-number form. Two or more octets. First octet
+ is as in low-tag-number form, except that bits 5-1
+ all have value "1." Second and following octets
+ give the tag number, base 128, most significant
+ digit first, with as few digits as possible, and
+ with the bit 8 of each octet except the last set
+ to "1."
+
+Length octets. There are two forms: short (for lengths
+between 0 and 127), and long definite (for lengths between 0
+and 21008-1).
+
+ Short form. One octet. Bit 8 has value "0" and bits 7-1
+ give the length.
+
+ Long form. Two to 127 octets. Bit 8 of first octet has
+ value "1" and bits 7-1 give the number of
+ additional length octets. Second and following
+ octets give the length, base 256, most significant
+ digit first.
+
+Contents octets. These give a concrete representation of the
+value (or the value of the underlying type, if the type is
+derived by implicit tagging). Details for particular types
+are given in Section 5.
+
+
+3.2 Constructed, definite-length method
+
+This method applies to simple string types, structured
+types, types derived simple string types and structured
+types by implicit tagging, and types derived from anything
+by explicit tagging. It requires that the length of the
+value be known in advance. The parts of the BER encoding are
+as follows:
+
+Identifier octets. As described in Section 3.1, except that
+bit 6 has value "1," indicating that the encoding is
+constructed.
+
+Length octets. As described in Section 3.1.
+
+Contents octets. The concatenation of the BER encodings of
+the components of the value:
+
+ o For simple string types and types derived from
+ them by implicit tagging, the concatenation of the
+ BER encodings of consecutive substrings of the
+ value (underlying value for implicit tagging).
+
+ o For structured types and types derived from them
+ by implicit tagging, the concatenation of the BER
+ encodings of components of the value (underlying
+ value for implicit tagging).
+
+ o For types derived from anything by explicit
+ tagging, the BER encoding of the underlying value.
+
+Details for particular types are given in Section 5.
+
+
+3.3 Constructed, indefinite-length method
+
+This method applies to simple string types, structured
+types, types derived simple string types and structured
+types by implicit tagging, and types derived from anything
+by explicit tagging. It does not require that the length of
+the value be known in advance. The parts of the BER encoding
+are as follows:
+
+Identifier octets. As described in Section 3.2.
+
+Length octets. One octet, 80.
+
+Contents octets. As described in Section 3.2.
+
+End-of-contents octets. Two octets, 00 00.
+
+Since the end-of-contents octets appear where an ordinary
+BER encoding might be expected (e.g., in the contents octets
+of a sequence value), the 00 and 00 appear as identifier and
+length octets, respectively. Thus the end-of-contents octets
+is really the primitive, definite-length encoding of a value
+with universal class, tag number 0, and length 0.
+
+
+4. Distinguished Encoding Rules
+
+The Distinguished Encoding Rules for ASN.1, abbreviated DER,
+are a subset of BER, and give exactly one way to represent
+any ASN.1 value as an octet string. DER is intended for
+applications in which a unique octet string encoding is
+needed, as is the case when a digital signature is computed
+on an ASN.1 value. DER is defined in Section 8.7 of X.509.
+
+DER adds the following restrictions to the rules given in
+Section 3:
+
+ 1. When the length is between 0 and 127, the short
+ form of length must be used
+
+ 2. When the length is 128 or greater, the long form
+ of length must be used, and the length must be
+ encoded in the minimum number of octets.
+
+ 3. For simple string types and implicitly tagged
+ types derived from simple string types, the
+ primitive, definite-length method must be
+ employed.
+
+ 4. For structured types, implicitly tagged types
+ derived from structured types, and explicitly
+ tagged types derived from anything, the
+ constructed, definite-length method must be
+ employed.
+
+Other restrictions are defined for particular types (such as
+BIT STRING, SEQUENCE, SET, and SET OF), and can be found in
+Section 5.
+
+
+5. Notation and encodings for some types
+
+This section gives the notation for some ASN.1 types and
+describes how to encode values of those types under both BER
+and DER.
+
+The types described are those presented in Section 2. They
+are listed alphabetically here.
+
+Each description includes ASN.1 notation, BER encoding, and
+DER encoding. The focus of the encodings is primarily on the
+contents octets; the tag and length octets follow Sections 3
+and 4. The descriptions also explain where each type is used
+in PKCS and related standards. ASN.1 notation is generally
+only for types, although for the type OBJECT IDENTIFIER,
+value notation is given as well.
+
+
+5.1 Implicitly tagged types
+
+An implicitly tagged type is a type derived from another
+type by changing the tag of the underlying type.
+
+Implicit tagging is used for optional SEQUENCE components
+with underlying type other than ANY throughout PKCS, and for
+the extendedCertificate alternative of PKCS #7's
+ExtendedCertificateOrCertificate type.
+
+ASN.1 notation:
+
+[[class] number] IMPLICIT Type
+
+class = UNIVERSAL | APPLICATION | PRIVATE
+
+where Type is a type, class is an optional class name, and
+number is the tag number within the class, a nonnegative
+integer.
+
+In ASN.1 "modules" whose default tagging method is implicit
+tagging, the notation [[class] number] Type is also
+acceptable, and the keyword IMPLICIT is implied. (See
+Section 2.3.) For definitions stated outside a module, the
+explicit inclusion of the keyword IMPLICIT is preferable to
+prevent ambiguity.
+
+If the class name is absent, then the tag is context-
+specific. Context-specific tags can only appear in a
+component of a structured or CHOICE type.
+
+Example: PKCS #8's PrivateKeyInfo type has an optional
+attributes component with an implicit, context-specific tag:
+
+PrivateKeyInfo ::= SEQUENCE {
+ version Version,
+ privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ privateKey PrivateKey,
+ attributes [0] IMPLICIT Attributes OPTIONAL }
+
+Here the underlying type is Attributes, the class is absent
+(i.e., context-specific), and the tag number within the
+class is 0.
+
+BER encoding. Primitive or constructed, depending on the
+underlying type. Contents octets are as for the BER encoding
+of the underlying value.
+
+Example: The BER encoding of the attributes component of a
+PrivateKeyInfo value is as follows:
+
+ o the identifier octets are 80 if the underlying
+ Attributes value has a primitive BER encoding and
+ a0 if the underlying Attributes value has a
+ constructed BER encoding
+
+ o the length and contents octets are the same as the
+ length and contents octets of the BER encoding of
+ the underlying Attributes value
+
+DER encoding. Primitive or constructed, depending on the
+underlying type. Contents octets are as for the DER encoding
+of the underlying value.
+
+
+5.2 Explicitly tagged types
+
+Explicit tagging denotes a type derived from another type by
+adding an outer tag to the underlying type.
+
+Explicit tagging is used for optional SEQUENCE components
+with underlying type ANY throughout PKCS, and for the
+version component of X.509's Certificate type.
+
+ASN.1 notation:
+
+[[class] number] EXPLICIT Type
+
+class = UNIVERSAL | APPLICATION | PRIVATE
+
+where Type is a type, class is an optional class name, and
+number is the tag number within the class, a nonnegative
+integer.
+
+If the class name is absent, then the tag is context-
+specific. Context-specific tags can only appear in a
+component of a SEQUENCE, SET or CHOICE type.
+
+In ASN.1 "modules" whose default tagging method is explicit
+tagging, the notation [[class] number] Type is also
+acceptable, and the keyword EXPLICIT is implied. (See
+Section 2.3.) For definitions stated outside a module, the
+explicit inclusion of the keyword EXPLICIT is preferable to
+prevent ambiguity.
+
+Example 1: PKCS #7's ContentInfo type has an optional
+content component with an explicit, context-specific tag:
+
+ContentInfo ::= SEQUENCE {
+ contentType ContentType,
+ content
+ [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
+
+Here the underlying type is ANY DEFINED BY contentType, the
+class is absent (i.e., context-specific), and the tag number
+within the class is 0.
+
+Example 2: X.509's Certificate type has a version component
+with an explicit, context-specific tag, where the EXPLICIT
+keyword is omitted:
+
+Certificate ::= ...
+ version [0] Version DEFAULT v1988,
+...
+
+The tag is explicit because the default tagging method for
+the ASN.1 "module" in X.509 that defines the Certificate
+type is explicit tagging.
+
+BER encoding. Constructed. Contents octets are the BER
+encoding of the underlying value.
+
+Example: the BER encoding of the content component of a
+ContentInfo value is as follows:
+
+ o identifier octets are a0
+
+ o length octets represent the length of the BER
+ encoding of the underlying ANY DEFINED BY
+ contentType value
+
+ o contents octets are the BER encoding of the
+ underlying ANY DEFINED BY contentType value
+
+DER encoding. Constructed. Contents octets are the DER
+encoding of the underlying value.
+
+
+5.3 ANY
+
+The ANY type denotes an arbitrary value of an arbitrary
+type, where the arbitrary type is possibly defined in the
+registration of an object identifier or associated with an
+integer index.
+
+The ANY type is used for content of a particular content
+type in PKCS #7's ContentInfo type, for parameters of a
+particular algorithm in X.509's AlgorithmIdentifier type,
+and for attribute values in X.501's Attribute and
+AttributeValueAssertion types. The Attribute type is used by
+PKCS #6, #7, #8, #9 and #10, and the AttributeValueAssertion
+type is used in X.501 distinguished names.
+
+ASN.1 notation:
+
+ANY [DEFINED BY identifier]
+
+where identifier is an optional identifier.
+
+In the ANY form, the actual type is indeterminate.
+
+The ANY DEFINED BY identifier form can only appear in a
+component of a SEQUENCE or SET type for which identifier
+identifies some other component, and that other component
+has type INTEGER or OBJECT IDENTIFIER (or a type derived
+from either of those by tagging). In that form, the actual
+type is determined by the value of the other component,
+either in the registration of the object identifier value,
+or in a table of integer values.
+
+Example: X.509's AlgorithmIdentifier type has a component of
+type ANY:
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+Here the actual type of the parameter component depends on
+the value of the algorithm component. The actual type would
+be defined in the registration of object identifier values
+for the algorithm component.
+
+BER encoding. Same as the BER encoding of the actual value.
+
+Example: The BER encoding of the value of the parameter
+component is the BER encoding of the value of the actual
+type as defined in the registration of object identifier
+values for the algorithm component.
+
+DER encoding. Same as the DER encoding of the actual value.
+
+
+5.4 BIT STRING
+
+The BIT STRING type denotes an arbitrary string of bits
+(ones and zeroes). A BIT STRING value can have any length,
+including zero. This type is a string type.
+
+The BIT STRING type is used for digital signatures on
+extended certificates in PKCS #6's ExtendedCertificate type,
+for digital signatures on certificates in X.509's
+Certificate type, and for public keys in certificates in
+X.509's SubjectPublicKeyInfo type.
+
+ASN.1 notation:
+
+BIT STRING
+
+Example: X.509's SubjectPublicKeyInfo type has a component
+of type BIT STRING:
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ publicKey BIT STRING }
+
+BER encoding. Primitive or constructed. In a primitive
+encoding, the first contents octet gives the number of bits
+by which the length of the bit string is less than the next
+multiple of eight (this is called the "number of unused
+bits"). The second and following contents octets give the
+value of the bit string, converted to an octet string. The
+conversion process is as follows:
+
+ 1. The bit string is padded after the last bit with
+ zero to seven bits of any value to make the length
+ of the bit string a multiple of eight. If the
+ length of the bit string is a multiple of eight
+ already, no padding is done.
+
+ 2. The padded bit string is divided into octets. The
+ first eight bits of the padded bit string become
+ the first octet, bit 8 to bit 1, and so on through
+ the last eight bits of the padded bit string.
+
+In a constructed encoding, the contents octets give the
+concatenation of the BER encodings of consecutive substrings
+of the bit string, where each substring except the last has
+a length that is a multiple of eight bits.
+
+Example: The BER encoding of the BIT STRING value
+"011011100101110111" can be any of the following, among
+others, depending on the choice of padding bits, the form of
+length octets, and whether the encoding is primitive or
+constructed:
+
+03 04 06 6e 5d c0 DER encoding
+
+03 04 06 6e 5d e0 padded with "100000"
+
+03 81 04 06 6e 5d c0 long form of length octets
+
+23 09 constructed encoding: "0110111001011101" + "11"
+ 03 03 00 6e 5d
+ 03 02 06 c0
+
+DER encoding. Primitive. The contents octects are as for a
+primitive BER encoding, except that the bit string is padded
+with zero-valued bits.
+
+Example: The DER encoding of the BIT STRING value
+"011011100101110111" is
+
+03 04 06 6e 5d c0
+
+
+5.5 CHOICE
+
+The CHOICE type denotes a union of one or more alternatives.
+
+The CHOICE type is used to represent the union of an
+extended certificate and an X.509 certificate in PKCS #7's
+ExtendedCertificateOrCertificate type.
+
+ASN.1 notation:
+
+CHOICE {
+ [identifier1] Type1,
+ ...,
+ [identifiern] Typen }
+
+where identifier1 , ..., identifiern are optional, distinct
+identifiers for the alternatives, and Type1, ..., Typen are
+the types of the alternatives. The identifiers are primarily
+for documentation; they do not affect values of the type or
+their encodings in any way.
+
+The types must have distinct tags. This requirement is
+typically satisfied with explicit or implicit tagging on
+some of the alternatives.
+
+Example: PKCS #7's ExtendedCertificateOrCertificate type is
+a CHOICE type:
+
+ExtendedCertificateOrCertificate ::= CHOICE {
+ certificate Certificate, -- X.509
+ extendedCertificate [0] IMPLICIT ExtendedCertificate
+}
+
+Here the identifiers for the alternatives are certificate
+and extendedCertificate, and the types of the alternatives
+are Certificate and [0] IMPLICIT ExtendedCertificate.
+
+BER encoding. Same as the BER encoding of the chosen
+alternative. The fact that the alternatives have distinct
+tags makes it possible to distinguish between their BER
+encodings.
+
+Example: The identifier octets for the BER encoding are 30
+if the chosen alternative is certificate, and a0 if the
+chosen alternative is extendedCertificate.
+
+DER encoding. Same as the DER encoding of the chosen
+alternative.
+
+
+5.6 IA5String
+
+The IA5String type denotes an arbtrary string of IA5
+characters. IA5 stands for International Alphabet 5, which
+is the same as ASCII. The character set includes non-
+printing control characters. An IA5String value can have any
+length, including zero. This type is a string type.
+
+The IA5String type is used in PKCS #9's electronic-mail
+address, unstructured-name, and unstructured-address
+attributes.
+
+ASN.1 notation:
+
+IA5String
+
+BER encoding. Primitive or constructed. In a primitive
+encoding, the contents octets give the characters in the IA5
+string, encoded in ASCII. In a constructed encoding, the
+contents octets give the concatenation of the BER encodings
+of consecutive substrings of the IA5 string.
+
+Example: The BER encoding of the IA5String value
+"test1 at rsa.com" can be any of the following, among others,
+depending on the form of length octets and whether the
+encoding is primitive or constructed:
+
+16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d DER encoding
+
+16 81 0d long form of length octets
+ 74 65 73 74 31 40 72 73 61 2e 63 6f 6d
+
+36 13 constructed encoding: "test1" + "@" + "rsa.com"
+ 16 05 74 65 73 74 31
+ 16 01 40
+ 16 07 72 73 61 2e 63 6f 6d
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+Example: The DER encoding of the IA5String value
+"test1 at rsa.com" is
+
+16 0d 74 65 73 74 31 40 72 73 61 2e 63 6f 6d
+
+
+5.7 INTEGER
+
+The INTEGER type denotes an arbitrary integer. INTEGER
+values can be positive, negative, or zero, and can have any
+magnitude.
+
+The INTEGER type is used for version numbers throughout
+PKCS, cryptographic values such as modulus, exponent, and
+primes in PKCS #1's RSAPublicKey and RSAPrivateKey types and
+PKCS #3's DHParameter type, a message-digest iteration count
+in PKCS #5's PBEParameter type, and version numbers and
+serial numbers in X.509's Certificate type.
+
+ASN.1 notation:
+
+INTEGER [{ identifier1(value1) ... identifiern(valuen) }]
+
+where identifier1, ..., identifiern are optional distinct
+identifiers and value1, ..., valuen are optional integer
+values. The identifiers, when present, are associated with
+values of the type.
+
+Example: X.509's Version type is an INTEGER type with
+identified values:
+
+Version ::= INTEGER { v1988(0) }
+
+The identifier v1988 is associated with the value 0. X.509's
+Certificate type uses the identifier v1988 to give a default
+value of 0 for the version component:
+
+Certificate ::= ...
+ version Version DEFAULT v1988,
+...
+
+BER encoding. Primitive. Contents octets give the value of
+the integer, base 256, in two's complement form, most
+significant digit first, with the minimum number of octets.
+The value 0 is encoded as a single 00 octet.
+
+Some example BER encodings (which also happen to be DER
+encodings) are given in Table 3.
+
+ Integer BER encoding
+ value
+ 0 02 01 00
+ 127 02 01 7F
+ 128 02 02 00 80
+ 256 02 02 01 00
+ -128 02 01 80
+ -129 02 02 FF 7F
+
+ Table 3. Example BER encodings of INTEGER values.
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+
+5.8 NULL
+
+The NULL type denotes a null value.
+
+The NULL type is used for algorithm parameters in several
+places in PKCS.
+
+ASN.1 notation:
+
+NULL
+
+BER encoding. Primitive. Contents octets are empty.
+
+Example: The BER encoding of a NULL value can be either of
+the following, as well as others, depending on the form of
+the length octets:
+
+05 00
+
+05 81 00
+
+DER encoding. Primitive. Contents octets are empty; the DER
+encoding of a NULL value is always 05 00.
+
+
+5.9 OBJECT IDENTIFIER
+
+The OBJECT IDENTIFIER type denotes an object identifier, a
+sequence of integer components that identifies an object
+such as an algorithm, an attribute type, or perhaps a
+registration authority that defines other object
+identifiers. An OBJECT IDENTIFIER value can have any number
+of components, and components can generally have any
+nonnegative value. This type is a non-string type.
+
+OBJECT IDENTIFIER values are given meanings by registration
+authorities. Each registration authority is responsible for
+all sequences of components beginning with a given sequence.
+A registration authority typically delegates responsibility
+for subsets of the sequences in its domain to other
+registration authorities, or for particular types of object.
+There are always at least two components.
+
+The OBJECT IDENTIFIER type is used to identify content in
+PKCS #7's ContentInfo type, to identify algorithms in
+X.509's AlgorithmIdentifier type, and to identify attributes
+in X.501's Attribute and AttributeValueAssertion types. The
+Attribute type is used by PKCS #6, #7, #8, #9, and #10, and
+the AttributeValueAssertion type is used in X.501
+distinguished names. OBJECT IDENTIFIER values are defined
+throughout PKCS.
+
+ASN.1 notation:
+
+OBJECT IDENTIFIER
+
+The ASN.1 notation for values of the OBJECT IDENTIFIER type
+is
+
+{ [identifier] component1 ... componentn }
+
+componenti = identifieri | identifieri (valuei) | valuei
+
+where identifier, identifier1, ..., identifiern are
+identifiers, and value1, ..., valuen are optional integer
+values.
+
+The form without identifier is the "complete" value with all
+its components; the form with identifier abbreviates the
+beginning components with another object identifier value.
+The identifiers identifier1, ..., identifiern are intended
+primarily for documentation, but they must correspond to the
+integer value when both are present. These identifiers can
+appear without integer values only if they are among a small
+set of identifiers defined in X.208.
+
+Example: The following values both refer to the object
+identifier assigned to RSA Data Security, Inc.:
+
+{ iso(1) member-body(2) 840 113549 }
+{ 1 2 840 113549 }
+
+(In this example, which gives ASN.1 value notation, the
+object identifier values are decimal, not hexadecimal.)
+Table 4 gives some other object identifier values and their
+meanings.
+
+ Object identifier value Meaning
+ { 1 2 } ISO member bodies
+ { 1 2 840 } US (ANSI)
+ { 1 2 840 113549 } RSA Data Security, Inc.
+ { 1 2 840 113549 1 } RSA Data Security, Inc. PKCS
+ { 2 5 } directory services (X.500)
+ { 2 5 8 } directory services-algorithms
+
+ Table 4. Some object identifier values and their meanings.
+
+BER encoding. Primitive. Contents octets are as follows,
+where value1, ..., valuen denote the integer values of the
+components in the complete object identifier:
+
+ 1. The first octet has value 40 * value1 + value2.
+ (This is unambiguous, since value1 is limited to
+ values 0, 1, and 2; value2 is limited to the range
+ 0 to 39 when value1 is 0 or 1; and, according to
+ X.208, n is always at least 2.)
+
+ 2. The following octets, if any, encode value3, ...,
+ valuen. Each value is encoded base 128, most
+ significant digit first, with as few digits as
+ possible, and the most significant bit of each
+ octet except the last in the value's encoding set
+ to "1."
+
+Example: The first octet of the BER encoding of RSA Data
+Security, Inc.'s object identifier is 40 * 1 + 2 = 42 =
+2a16. The encoding of 840 = 6 * 128 + 4816 is 86 48 and the
+encoding of 113549 = 6 * 1282 + 7716 * 128 + d16 is 86 f7
+0d. This leads to the following BER encoding:
+
+06 06 2a 86 48 86 f7 0d
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+
+5.10 OCTET STRING
+
+The OCTET STRING type denotes an arbitrary string of octets
+(eight-bit values). An OCTET STRING value can have any
+length, including zero. This type is a string type.
+
+The OCTET STRING type is used for salt values in PKCS #5's
+PBEParameter type, for message digests, encrypted message
+digests, and encrypted content in PKCS #7, and for private
+keys and encrypted private keys in PKCS #8.
+
+ASN.1 notation:
+
+OCTET STRING [SIZE ({size | size1..size2})]
+
+where size, size1, and size2 are optional size constraints.
+In the OCTET STRING SIZE (size) form, the octet string must
+have size octets. In the OCTET STRING SIZE (size1..size2)
+form, the octet string must have between size1 and size2
+octets. In the OCTET STRING form, the octet string can have
+any size.
+
+Example: PKCS #5's PBEParameter type has a component of type
+OCTET STRING:
+
+PBEParameter ::= SEQUENCE {
+ salt OCTET STRING SIZE(8),
+ iterationCount INTEGER }
+
+Here the size of the salt component is always eight octets.
+
+BER encoding. Primitive or constructed. In a primitive
+encoding, the contents octets give the value of the octet
+string, first octet to last octet. In a constructed
+encoding, the contents octets give the concatenation of the
+BER encodings of substrings of the OCTET STRING value.
+
+Example: The BER encoding of the OCTET STRING value 01 23 45
+67 89 ab cd ef can be any of the following, among others,
+depending on the form of length octets and whether the
+encoding is primitive or constructed:
+
+04 08 01 23 45 67 89 ab cd ef DER encoding
+
+04 81 08 01 23 45 67 89 ab cd ef long form of length octets
+
+24 0c constructed encoding: 01 ... 67 + 89 ... ef
+ 04 04 01 23 45 67
+ 04 04 89 ab cd ef
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+Example: The BER encoding of the OCTET STRING value 01 23 45
+67 89 ab cd ef is
+
+04 08 01 23 45 67 89 ab cd ef
+
+
+5.11 PrintableString
+
+The PrintableString type denotes an arbitrary string of
+printable characters from the following character set:
+
+ A, B, ..., Z
+ a, b, ..., z
+ 0, 1, ..., 9
+ (space) ' ( ) + , - . / : = ?
+
+This type is a string type.
+
+The PrintableString type is used in PKCS #9's challenge-
+password and unstructuerd-address attributes, and in several
+X.521 distinguished names attributes.
+
+ASN.1 notation:
+
+PrintableString
+
+BER encoding. Primitive or constructed. In a primitive
+encoding, the contents octets give the characters in the
+printable string, encoded in ASCII. In a constructed
+encoding, the contents octets give the concatenation of the
+BER encodings of consecutive substrings of the string.
+
+Example: The BER encoding of the PrintableString value "Test
+User 1" can be any of the following, among others, depending
+on the form of length octets and whether the encoding is
+primitive or constructed:
+
+13 0b 54 65 73 74 20 55 73 65 72 20 31 DER encoding
+
+13 81 0b long form of length octets
+ 54 65 73 74 20 55 73 65 72 20 31
+
+33 0f constructed encoding: "Test " + "User 1"
+ 13 05 54 65 73 74 20
+ 13 06 55 73 65 72 20 31
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+Example: The DER encoding of the PrintableString value "Test
+User 1" is
+
+13 0b 54 65 73 74 20 55 73 65 72 20 31
+
+
+5.12 SEQUENCE
+
+The SEQUENCE type denotes an ordered collection of one or
+more types.
+
+The SEQUENCE type is used throughout PKCS and related
+standards.
+
+ASN.1 notation:
+
+SEQUENCE {
+ [identifier1] Type1 [{OPTIONAL | DEFAULT value1}],
+ ...,
+ [identifiern] Typen [{OPTIONAL | DEFAULT valuen}]}
+
+where identifier1 , ..., identifiern are optional, distinct
+identifiers for the components, Type1, ..., Typen are the
+types of the components, and value1, ..., valuen are optional
+default values for the components. The identifiers are
+primarily for documentation; they do not affect values of
+the type or their encodings in any way.
+
+The OPTIONAL qualifier indicates that the value of a
+component is optional and need not be present in the
+sequence. The DEFAULT qualifier also indicates that the
+value of a component is optional, and assigns a default
+value to the component when the component is absent.
+
+The types of any consecutive series of components with the
+OPTIONAL or DEFAULT qualifier, as well as of any component
+immediately following that series, must have distinct tags.
+This requirement is typically satisfied with explicit or
+implicit tagging on some of the components.
+
+Example: X.509's Validity type is a SEQUENCE type with two
+components:
+
+Validity ::= SEQUENCE {
+ start UTCTime,
+ end UTCTime }
+
+Here the identifiers for the components are start and end,
+and the types of the components are both UTCTime.
+
+BER encoding. Constructed. Contents octets are the
+concatenation of the BER encodings of the values of the
+components of the sequence, in order of definition, with the
+following rules for components with the OPTIONAL and DEFAULT
+qualifiers:
+
+ o if the value of a component with the OPTIONAL or
+ DEFAULT qualifier is absent from the sequence,
+ then the encoding of that component is not
+ included in the contents octets
+
+ o if the value of a component with the DEFAULT
+ qualifier is the default value, then the encoding
+ of that component may or may not be included in
+ the contents octets
+
+DER encoding. Constructed. Contents octets are the same as
+the BER encoding, except that if the value of a component
+with the DEFAULT qualifier is the default value, the
+encoding of that component is not included in the contents
+octets.
+
+
+5.13 SEQUENCE OF
+
+The SEQUENCE OF type denotes an ordered collection of zero
+or more occurrences of a given type.
+
+The SEQUENCE OF type is used in X.501 distinguished names.
+
+ASN.1 notation:
+
+SEQUENCE OF Type
+
+where Type is a type.
+
+Example: X.501's RDNSequence type consists of zero or more
+occurences of the RelativeDistinguishedName type, most
+significant occurrence first:
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+BER encoding. Constructed. Contents octets are the
+concatenation of the BER encodings of the values of the
+occurrences in the collection, in order of occurence.
+
+DER encoding. Constructed. Contents octets are the
+concatenation of the DER encodings of the values of the
+occurrences in the collection, in order of occurence.
+
+
+5.14 SET
+
+The SET type denotes an unordered collection of one or more
+types.
+
+The SET type is not used in PKCS.
+
+ASN.1 notation:
+
+SET {
+ [identifier1] Type1 [{OPTIONAL | DEFAULT value1}],
+ ...,
+ [identifiern] Typen [{OPTIONAL | DEFAULT valuen}]}
+
+where identifier1, ..., identifiern are optional, distinct
+identifiers for the components, Type1, ..., Typen are the
+types of the components, and value1, ..., valuen are
+optional default values for the components. The identifiers
+are primarily for documentation; they do not affect values
+of the type or their encodings in any way.
+
+The OPTIONAL qualifier indicates that the value of a
+component is optional and need not be present in the set.
+The DEFAULT qualifier also indicates that the value of a
+component is optional, and assigns a default value to the
+component when the component is absent.
+
+The types must have distinct tags. This requirement is
+typically satisfied with explicit or implicit tagging on
+some of the components.
+
+BER encoding. Constructed. Contents octets are the
+concatenation of the BER encodings of the values of the
+components of the set, in any order, with the following
+rules for components with the OPTIONAL and DEFAULT
+qualifiers:
+
+ o if the value of a component with the OPTIONAL or
+ DEFAULT qualifier is absent from the set, then the
+ encoding of that component is not included in the
+ contents octets
+
+ o if the value of a component with the DEFAULT
+ qualifier is the default value, then the encoding
+ of that component may or may not be included in
+ the contents octets
+
+DER encoding. Constructed. Contents octets are the same as
+for the BER encoding, except that:
+
+ 1. If the value of a component with the DEFAULT
+ qualifier is the default value, the encoding of
+ that component is not included.
+
+ 2. There is an order to the components, namely
+ ascending order by tag.
+
+
+5.15 SET OF
+
+The SET OF type denotes an unordered collection of zero or
+more occurrences of a given type.
+
+The SET OF type is used for sets of attributes in PKCS #6,
+#7, #8, #9 and #10, for sets of message-digest algorithm
+identifiers, signer information, and recipient information
+in PKCS #7, and in X.501 distinguished names.
+
+ASN.1 notation:
+
+SET OF Type
+
+where Type is a type.
+
+Example: X.501's RelativeDistinguishedName type consists of
+zero or more occurrences of the AttributeValueAssertion
+type, where the order is unimportant:
+
+RelativeDistinguishedName ::=
+ SET OF AttributeValueAssertion
+
+BER encoding. Constructed. Contents octets are the
+concatenation of the BER encodings of the values of the
+occurrences in the collection, in any order.
+
+DER encoding. Constructed. Contents octets are the same as
+for the BER encoding, except that there is an order, namely
+ascending lexicographic order of BER encoding. Lexicographic
+comparison of two different BER encodings is done as
+follows: Logically pad the shorter BER encoding after the
+last octet with dummy octets that are smaller in value than
+any normal octet. Scan the BER encodings from left to right
+until a difference is found. The smaller-valued BER encoding
+is the one with the smaller-valued octet at the point of
+difference.
+
+
+5.16 T61String
+
+The T61String type denotes an arbtrary string of T.61
+characters. T.61 is an eight-bit extension to the ASCII
+character set. Special "escape" sequences specify the
+interpretation of subsequent character values as, for
+example, Japanese; the initial interpretation is Latin. The
+character set includes non-printing control characters. The
+T61String type allows only the Latin and Japanese character
+interepretations, and implementors' agreements for directory
+names exclude control characters [NIST92]. A T61String value
+can have any length, including zero. This type is a string
+type.
+
+The T61String type is used in PKCS #9's unstructured-address
+and challenge-password attributes, and in several X.521
+attributes.
+
+ASN.1 notation:
+
+T61String
+
+BER encoding. Primitive or constructed. In a primitive
+encoding, the contents octets give the characters in the
+T.61 string, encoded in ASCII. In a constructed encoding,
+the contents octets give the concatenation of the BER
+encodings of consecutive substrings of the T.61 string.
+
+Example: The BER encoding of the T61String value "cl'es
+publiques" (French for "public keys") can be any of the
+following, among others, depending on the form of length
+octets and whether the encoding is primitive or constructed:
+
+14 0f DER encoding
+ 63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
+
+14 81 0f long form of length octets
+ 63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
+
+34 15 constructed encoding: "cl'es" + " " + "publiques"
+ 14 05 63 6c c2 65 73
+ 14 01 20
+ 14 09 70 75 62 6c 69 71 75 65 73
+
+The eight-bit character c2 is a T.61 prefix that adds an
+acute accent (') to the next character.
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+Example: The DER encoding of the T61String value "cl'es
+publiques" is
+
+14 0f 63 6c c2 65 73 20 70 75 62 6c 69 71 75 65 73
+
+
+5.17 UTCTime
+
+The UTCTime type denotes a "coordinated universal time" or
+Greenwich Mean Time (GMT) value. A UTCTime value includes
+the local time precise to either minutes or seconds, and an
+offset from GMT in hours and minutes. It takes any of the
+following forms:
+
+YYMMDDhhmmZ
+YYMMDDhhmm+hh'mm'
+YYMMDDhhmm-hh'mm'
+YYMMDDhhmmssZ
+YYMMDDhhmmss+hh'mm'
+YYMMDDhhmmss-hh'mm'
+
+where:
+
+ YY is the least significant two digits of the year
+
+ MM is the month (01 to 12)
+
+ DD is the day (01 to 31)
+
+ hh is the hour (00 to 23)
+
+ mm are the minutes (00 to 59)
+
+ ss are the seconds (00 to 59)
+
+ Z indicates that local time is GMT, + indicates that
+ local time is later than GMT, and - indicates that
+ local time is earlier than GMT
+
+ hh' is the absolute value of the offset from GMT in
+ hours
+
+ mm' is the absolute value of the offset from GMT in
+ minutes
+
+This type is a string type.
+
+The UTCTime type is used for signing times in PKCS #9's
+signing-time attribute and for certificate validity periods
+in X.509's Validity type.
+
+ASN.1 notation:
+
+UTCTime
+
+BER encoding. Primitive or constructed. In a primitive
+encoding, the contents octets give the characters in the
+string, encoded in ASCII. In a constructed encoding, the
+contents octets give the concatenation of the BER encodings
+of consecutive substrings of the string. (The constructed
+encoding is not particularly interesting, since UTCTime
+values are so short, but the constructed encoding is
+permitted.)
+
+Example: The time this sentence was originally written was
+4:45:40 p.m. Pacific Daylight Time on May 6, 1991, which can
+be represented with either of the following UTCTime values,
+among others:
+
+"910506164540-0700"
+
+"910506234540Z"
+
+These values have the following BER encodings, among others:
+
+17 0d 39 31 30 35 30 36 32 33 34 35 34 30 5a
+
+17 11 39 31 30 35 30 36 31 36 34 35 34 30 2D 30 37 30
+ 30
+
+DER encoding. Primitive. Contents octets are as for a
+primitive BER encoding.
+
+
+6. An example
+
+This section gives an example of ASN.1 notation and DER
+encoding: the X.501 type Name.
+
+
+6.1 Abstract notation
+
+This section gives the ASN.1 notation for the X.501 type
+Name.
+
+Name ::= CHOICE {
+ RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+RelativeDistinguishedName ::=
+ SET OF AttributeValueAssertion
+
+AttributeValueAssertion ::= SEQUENCE {
+ AttributeType,
+ AttributeValue }
+
+AttributeType ::= OBJECT IDENTIFIER
+
+AttributeValue ::= ANY
+
+The Name type identifies an object in an X.500 directory.
+Name is a CHOICE type consisting of one alternative:
+RDNSequence. (Future revisions of X.500 may have other
+alternatives.)
+
+The RDNSequence type gives a path through an X.500 directory
+tree starting at the root. RDNSequence is a SEQUENCE OF type
+consisting of zero or more occurences of
+RelativeDistinguishedName.
+
+The RelativeDistinguishedName type gives a unique name to an
+object relative to the object superior to it in the
+directory tree. RelativeDistinguishedName is a SET OF type
+consisting of zero or more occurrences of
+AttributeValueAssertion.
+
+The AttributeValueAssertion type assigns a value to some
+attribute of a relative distinguished name, such as country
+name or common name. AttributeValueAssertion is a SEQUENCE
+type consisting of two components, an AttributeType type and
+an AttributeValue type.
+
+The AttributeType type identifies an attribute by object
+identifier. The AttributeValue type gives an arbitrary
+attribute value. The actual type of the attribute value is
+determined by the attribute type.
+
+
+6.2 DER encoding
+
+This section gives an example of a DER encoding of a value
+of type Name, working from the bottom up.
+
+The name is that of the Test User 1 from the PKCS examples
+[Kal93]. The name is represented by the following path:
+
+ (root)
+ |
+ countryName = "US"
+ |
+ organizationName = "Example Organization"
+ |
+ commonName = "Test User 1"
+
+Each level corresponds to one RelativeDistinguishedName
+value, each of which happens for this name to consist of one
+AttributeValueAssertion value. The AttributeType value is
+before the equals sign, and the AttributeValue value (a
+printable string for the given attribute types) is after the
+equals sign.
+
+The countryName, organizationName, and commonUnitName are
+attribute types defined in X.520 as:
+
+attributeType OBJECT IDENTIFIER ::=
+ { joint-iso-ccitt(2) ds(5) 4 }
+
+countryName OBJECT IDENTIFIER ::= { attributeType 6 }
+organizationName OBJECT IDENTIFIER ::=
+ { attributeType 10 }
+commonUnitName OBJECT IDENTIFIER ::=
+ { attributeType 3 }
+
+
+6.2.1 AttributeType
+
+The three AttributeType values are OCTET STRING values, so
+their DER encoding follows the primitive, definite-length
+method:
+
+06 03 55 04 06 countryName
+
+06 03 55 04 0a organizationName
+
+06 03 55 04 03 commonName
+
+The identifier octets follow the low-tag form, since the tag
+is 6 for OBJECT IDENTIFIER. Bits 8 and 7 have value "0,"
+indicating universal class, and bit 6 has value "0,"
+indicating that the encoding is primitive. The length octets
+follow the short form. The contents octets are the
+concatenation of three octet strings derived from
+subidentifiers (in decimal): 40 * 2 + 5 = 85 = 5516; 4; and
+6, 10, or 3.
+
+
+6.2.2 AttributeValue
+
+The three AttributeValue values are PrintableString values,
+so their encodings follow the primitive, definite-length
+method:
+
+13 02 55 53 "US"
+
+13 14 "Example Organization"
+ 45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61
+ 74 69 6f 6e
+
+13 0b "Test User 1"
+ 54 65 73 74 20 55 73 65 72 20 31
+
+The identifier octets follow the low-tag-number form, since
+the tag for PrintableString, 19 (decimal), is between 0 and
+30. Bits 8 and 7 have value "0" since PrintableString is in
+the universal class. Bit 6 has value "0" since the encoding
+is primitive. The length octets follow the short form, and
+the contents octets are the ASCII representation of the
+attribute value.
+
+
+6.2.3 AttributeValueAssertion
+
+The three AttributeValueAssertion values are SEQUENCE
+values, so their DER encodings follow the constructed,
+definite-length method:
+
+30 09 countryName = "US"
+ 06 03 55 04 06
+ 13 02 55 53
+
+30 1b organizationName = "Example Organizaiton"
+ 06 03 55 04 0a
+ 13 14 ... 6f 6e
+
+30 12 commonName = "Test User 1"
+ 06 03 55 04 0b
+ 13 0b ... 20 31
+
+The identifier octets follow the low-tag-number form, since
+the tag for SEQUENCE, 16 (decimal), is between 0 and 30.
+Bits 8 and 7 have value "0" since SEQUENCE is in the
+universal class. Bit 6 has value "1" since the encoding is
+constructed. The length octets follow the short form, and
+the contents octets are the concatenation of the DER
+encodings of the attributeType and attributeValue
+components.
+
+
+6.2.4 RelativeDistinguishedName
+
+The three RelativeDistinguishedName values are SET OF
+values, so their DER encodings follow the constructed,
+definite-length method:
+
+31 0b
+ 30 09 ... 55 53
+
+31 1d
+ 30 1b ... 6f 6e
+
+31 14
+ 30 12 ... 20 31
+
+The identifier octets follow the low-tag-number form, since
+the tag for SET OF, 17 (decimal), is between 0 and 30. Bits
+8 and 7 have value "0" since SET OF is in the universal
+class Bit 6 has value "1" since the encoding is constructed.
+The lengths octets follow the short form, and the contents
+octets are the DER encodings of the respective
+AttributeValueAssertion values, since there is only one
+value in each set.
+
+
+6.2.5 RDNSequence
+
+The RDNSequence value is a SEQUENCE OF value, so its DER
+encoding follows the constructed, definite-length method:
+
+30 42
+ 31 0b ... 55 53
+ 31 1d ... 6f 6e
+ 31 14 ... 20 31
+
+The identifier octets follow the low-tag-number form, since
+the tag for SEQUENCE OF, 16 (decimal), is between 0 and 30.
+Bits 8 and 7 have value "0" since SEQUENCE OF is in the
+universal class. Bit 6 has value "1" since the encoding is
+constructed. The lengths octets follow the short form, and
+the contents octets are the concatenation of the DER
+encodings of the three RelativeDistinguishedName values, in
+order of occurrence.
+
+
+6.2.6 Name
+
+The Name value is a CHOICE value, so its DER encoding is the
+same as that of the RDNSequence value:
+
+30 42
+ 31 0b
+ 30 09
+ 06 03 55 04 06 attributeType = countryName
+ 13 02 55 53 attributeValue = "US"
+ 31 1d
+ 30 1b
+ 06 03 55 04 0a attributeType = organizationName
+ 13 14 attributeValue = "Example Organization"
+ 45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61
+ 74 69 6f 6e
+
+ 31 14
+ 30 12
+ 06 03 55 04 03 attributeType = commonName
+ 13 0b attributeValue = "Test User 1"
+ 54 65 73 74 20 55 73 65 72 20 31
+
+
+References
+
+PKCS #1 RSA Laboratories. PKCS #1: RSA Encryption
+ Standard. Version 1.5, November 1993.
+
+PKCS #3 RSA Laboratories. PKCS #3: Diffie-Hellman Key-
+ Agreement Standard. Version 1.4, November 1993.
+
+PKCS #5 RSA Laboratories. PKCS #5: Password-Based
+ Encryption Standard. Version 1.5, November 1993.
+
+PKCS #6 RSA Laboratories. PKCS #6: Extended-Certificate
+ Syntax Standard. Version 1.5, November 1993.
+
+PKCS #7 RSA Laboratories. PKCS #7: Cryptographic Message
+ Syntax Standard. Version 1.5, November 1993.
+
+PKCS #8 RSA Laboratories. PKCS #8: Private-Key Information
+ Syntax Standard. Version 1.2, November 1993.
+
+PKCS #9 RSA Laboratories. PKCS #9: Selected Attribute
+ Types. Version 1.1, November 1993.
+
+PKCS #10 RSA Laboratories. PKCS #10: Certification Request
+ Syntax Standard. Version 1.0, November 1993.
+
+X.200 CCITT. Recommendation X.200: Reference Model of
+ Open Systems Interconnection for CCITT
+ Applications. 1984.
+
+X.208 CCITT. Recommendation X.208: Specification of
+ Abstract Syntax Notation One (ASN.1). 1988.
+
+X.209 CCITT. Recommendation X.209: Specification of
+ Basic Encoding Rules for Abstract Syntax Notation
+ One (ASN.1). 1988.
+
+X.500 CCITT. Recommendation X.500: The
+ Directory--Overview of Concepts, Models and
+ Services. 1988.
+
+X.501 CCITT. Recommendation X.501: The Directory--
+ Models. 1988.
+
+X.509 CCITT. Recommendation X.509: The Directory--
+ Authentication Framework. 1988.
+
+X.520 CCITT. Recommendation X.520: The Directory--
+ Selected Attribute Types. 1988.
+
+[Kal93] Burton S. Kaliski Jr. Some Examples of the PKCS
+ Standards. RSA Laboratories, November 1993.
+
+[NIST92] NIST. Special Publication 500-202: Stable
+ Implementation Agreements for Open Systems
+ Interconnection Protocols. Part 11 (Directory
+ Services Protocols). December 1992.
+
+
+Revision history
+
+
+June 3, 1991 version
+
+The June 3, 1991 version is part of the initial public
+release of PKCS. It was published as NIST/OSI Implementors'
+Workshop document SEC-SIG-91-17.
+
+
+November 1, 1993 version
+
+The November 1, 1993 version incorporates several editorial
+changes, including the addition of a revision history. It is
+updated to be consistent with the following versions of the
+PKCS documents:
+
+ PKCS #1: RSA Encryption Standard. Version 1.5, November
+ 1993.
+
+ PKCS #3: Diffie-Hellman Key-Agreement Standard. Version
+ 1.4, November 1993.
+
+ PKCS #5: Password-Based Encryption Standard. Version
+ 1.5, November 1993.
+
+ PKCS #6: Extended-Certificate Syntax Standard. Version
+ 1.5, November 1993.
+
+ PKCS #7: Cryptographic Message Syntax Standard. Version
+ 1.5, November 1993.
+
+ PKCS #8: Private-Key Information Syntax Standard.
+ Version 1.2, November 1993.
+
+ PKCS #9: Selected Attribute Types. Version 1.1,
+ November 1993.
+
+ PKCS #10: Certification Request Syntax Standard.
+ Version 1.0, November 1993.
+
+The following substantive changes were made:
+
+ Section 5: Description of T61String type is added.
+
+ Section 6: Names are changed, consistent with other
+ PKCS examples.
+
+
+Author's address
+
+Burton S. Kaliski Jr., Ph.D.
+Chief Scientist
+RSA Laboratories (415) 595-7703
+100 Marine Parkway (415) 595-4126 (fax)
+Redwood City, CA 94065 USA burt at rsa.com
Added: vendor-crypto/heimdal/dist/doc/mdate-sh
===================================================================
--- vendor-crypto/heimdal/dist/doc/mdate-sh (rev 0)
+++ vendor-crypto/heimdal/dist/doc/mdate-sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+#!/bin/sh
+# Get modification time of a file or directory and pretty-print it.
+# Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc.
+# written by Ulrich Drepper <drepper at gnu.ai.mit.edu>, June 1995
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Prevent date giving response in another language.
+LANG=C
+export LANG
+LC_ALL=C
+export LC_ALL
+LC_TIME=C
+export LC_TIME
+
+# Get the extended ls output of the file or directory.
+# On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below.
+if ls -L /dev/null 1>/dev/null 2>&1; then
+ set - x`ls -L -l -d $1`
+else
+ set - x`ls -l -d $1`
+fi
+# The month is at least the fourth argument
+# (3 shifts here, the next inside the loop).
+shift
+shift
+shift
+
+# Find the month. Next argument is day, followed by the year or time.
+month=
+until test $month
+do
+ shift
+ case $1 in
+ Jan) month=January; nummonth=1;;
+ Feb) month=February; nummonth=2;;
+ Mar) month=March; nummonth=3;;
+ Apr) month=April; nummonth=4;;
+ May) month=May; nummonth=5;;
+ Jun) month=June; nummonth=6;;
+ Jul) month=July; nummonth=7;;
+ Aug) month=August; nummonth=8;;
+ Sep) month=September; nummonth=9;;
+ Oct) month=October; nummonth=10;;
+ Nov) month=November; nummonth=11;;
+ Dec) month=December; nummonth=12;;
+ esac
+done
+
+day=$2
+
+# Here we have to deal with the problem that the ls output gives either
+# the time of day or the year.
+case $3 in
+ *:*) set `date`; eval year=\$$#
+ case $2 in
+ Jan) nummonthtod=1;;
+ Feb) nummonthtod=2;;
+ Mar) nummonthtod=3;;
+ Apr) nummonthtod=4;;
+ May) nummonthtod=5;;
+ Jun) nummonthtod=6;;
+ Jul) nummonthtod=7;;
+ Aug) nummonthtod=8;;
+ Sep) nummonthtod=9;;
+ Oct) nummonthtod=10;;
+ Nov) nummonthtod=11;;
+ Dec) nummonthtod=12;;
+ esac
+ # For the first six month of the year the time notation can also
+ # be used for files modified in the last year.
+ if (expr $nummonth \> $nummonthtod) > /dev/null;
+ then
+ year=`expr $year - 1`
+ fi;;
+ *) year=$3;;
+esac
+
+# The result.
+echo $day $month $year
Added: vendor-crypto/heimdal/dist/doc/migration.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/migration.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/migration.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,43 @@
+ at c $Id: migration.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Migration, Acknowledgments, Programming with Kerberos, Top
+ at chapter Migration
+
+ at section General issues
+
+When migrating from a Kerberos 4 KDC.
+
+ at section Order in what to do things:
+
+ at itemize @bullet
+
+ at item Convert the database, check all principals that hprop complains
+about.
+
+ at samp{hprop -n --source=<NNN>| hpropd -n}
+
+Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
+
+ at item Run a Kerberos 5 slave for a while.
+
+ at c XXX Add you slave first to your kdc list in you kdc.
+
+ at item Figure out if it does everything you want it to.
+
+Make sure that all things that you use works for you.
+
+ at item Let a small number of controlled users use Kerberos 5 tools.
+
+Find a sample population of your users and check what programs they use,
+you can also check the kdc-log to check what ticket are checked out.
+
+ at item Burn the bridge and change the master.
+ at item Let all users use the Kerberos 5 tools by default.
+ at item Turn off services that do not need Kerberos 4 authentication.
+
+Things that might be hard to get away is old programs with support for
+Kerberos 4. Example applications are old Eudora installations using
+KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
+kdc.
+
+ at end itemize
Added: vendor-crypto/heimdal/dist/doc/misc.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/misc.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/misc.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+ at c $Id: misc.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Things in search for a better place, Kerberos 4 issues, Applications, Top
+ at chapter Things in search for a better place
+
+ at section Making things work on Ciscos
+
+Modern versions of Cisco IOS has some support for authenticating via
+Kerberos 5. This can be used both by having the router get a ticket when
+you login (boring), and by using Kerberos authenticated telnet to access
+your router (less boring). The following has been tested on IOS
+11.2(12), things might be different with other versions. Old versions
+are known to have bugs.
+
+To make this work, you will first have to configure your router to use
+Kerberos (this is explained in the documentation). A sample
+configuration looks like the following:
+
+ at example
+aaa new-model
+aaa authentication login default krb5-telnet krb5 enable
+aaa authorization exec krb5-instance
+kerberos local-realm FOO.SE
+kerberos srvtab entry host/router.foo.se 0 891725446 4 1 8 012345678901234567
+kerberos server FOO.SE 10.0.0.1
+kerberos instance map admin 15
+ at end example
+
+This tells you (among other things) that when logging in, the router
+should try to authenticate with kerberised telnet, and if that fails try
+to verify a plain text password via a Kerberos ticket exchange (as
+opposed to a local database, RADIUS or something similar), and if that
+fails try the local enable password. If you're not careful when you
+specify the `login default' authentication mechanism, you might not be
+able to login at all. The `instance map' and `authorization exec' lines
+says that people with `admin' instances should be given `enabled' shells
+when logging in.
+
+The numbers after the principal on the `srvtab' line are principal type,
+time stamp (in seconds since 1970), key version number (4), keytype (1 ==
+des), key length (always 8 with des), and then the key.
+
+To make the Heimdal KDC produce tickets that the Cisco can decode you
+might have to turn on the @samp{encode_as_rep_as_tgs_rep} flag in the
+KDC. You will also have to specify that the router can't handle anything
+but @samp{des-cbc-crc}. This can be done with the @samp{del_enctype}
+command of @samp{kadmin}.
+
+This all fine and so, but unless you have an IOS version with encryption
+(available only in the U.S) it doesn't really solve any problems. Sure
+you don't have to send your password over the wire, but since the telnet
+connection isn't protected it's still possible for someone to steal your
+session. This won't be fixed until someone adds integrity to the telnet
+protocol.
+
+A working solution would be to hook up a machine with a real operating
+system to the console of the Cisco and then use it as a backwards
+terminal server.
Added: vendor-crypto/heimdal/dist/doc/ntlm.din
===================================================================
--- vendor-crypto/heimdal/dist/doc/ntlm.din (rev 0)
+++ vendor-crypto/heimdal/dist/doc/ntlm.din 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+# Doxyfile 1.5.3
+
+PROJECT_NAME = Heimdal ntlm library
+PROJECT_NUMBER = @PACKAGE_VERSION@
+OUTPUT_DIRECTORY = @objdir@/ntlm
+INPUT = @srcdir@/../lib/ntlm
+
+WARN_IF_UNDOCUMENTED = YES
+
+PERL_PATH = /usr/bin/perl
+
+HTML_HEADER = "@srcdir@/header.html"
+HTML_FOOTER = "@srcdir@/footer.html"
+
+ at INCLUDE = "@srcdir@/doxytmpl.dxy"
Added: vendor-crypto/heimdal/dist/doc/programming.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/programming.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/programming.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,642 @@
+ at c $Id: programming.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Programming with Kerberos, Migration, Windows 2000 compatability, Top
+ at chapter Programming with Kerberos
+
+First you need to know how the Kerberos model works, go read the
+introduction text (@pxref{What is Kerberos?}).
+
+ at menu
+* Kerberos 5 API Overview::
+* Walkthrough of a sample Kerberos 5 client::
+* Validating a password in a server application::
+* API differences to MIT Kerberos::
+* File formats::
+ at end menu
+
+ at node Kerberos 5 API Overview, Walkthrough of a sample Kerberos 5 client, Programming with Kerberos, Programming with Kerberos
+ at section Kerberos 5 API Overview
+
+All functions are documented in manual pages. This section tries to
+give an overview of the major components used in Kerberos library, and
+point to where to look for a specific function.
+
+ at subsection Kerberos context
+
+A kerberos context (@code{krb5_context}) holds all per thread state. All global variables that
+are context specific are stored in this structure, including default
+encryption types, credential cache (for example, a ticket file), and default realms.
+
+See the manual pages for @manpage{krb5_context,3} and
+ at manpage{krb5_init_context,3}.
+
+ at subsection Kerberos authentication context
+
+Kerberos authentication context (@code{krb5_auth_context}) holds all
+context related to an authenticated connection, in a similar way to the
+kerberos context that holds the context for the thread or process.
+
+The @code{krb5_auth_context} is used by various functions that are
+directly related to authentication between the server/client. Example of
+data that this structure contains are various flags, addresses of client
+and server, port numbers, keyblocks (and subkeys), sequence numbers,
+replay cache, and checksum types.
+
+See the manual page for @manpage{krb5_auth_context,3}.
+
+ at subsection Kerberos principal
+
+The Kerberos principal is the structure that identifies a user or
+service in Kerberos. The structure that holds the principal is the
+ at code{krb5_principal}. There are function to extract the realm and
+elements of the principal, but most applications have no reason to
+inspect the content of the structure.
+
+The are several ways to create a principal (with different degree of
+portability), and one way to free it.
+
+See manual page for @manpage{krb5_principal,3} for more information
+about the functions.
+
+ at subsection Credential cache
+
+A credential cache holds the tickets for a user. A given user can have
+several credential caches, one for each realm where the user have the
+initial tickets (the first krbtgt).
+
+The credential cache data can be stored internally in different way, each of them for
+different proposes. File credential (FILE) caches and processes based
+(KCM) caches are for permanent storage. While memory caches (MEMORY)
+are local caches to the local process.
+
+Caches are opened with @manpage{krb5_cc_resolve,3} or created with
+ at manpage{krb5_cc_gen_unique,3}.
+
+If the cache needs to be opened again (using
+ at manpage{krb5_cc_resolve,3}) @manpage{krb5_cc_close,3} will close the
+handle, but not the remove the cache. @manpage{krb5_cc_destroy,3} will
+zero out the cache, remove the cache so it can no longer be
+referenced.
+
+See also manual page for @manpage{krb5_ccache,3}
+
+ at subsection Kerberos errors
+
+Kerberos errors are based on the com_err library. All error codes are
+32-bit signed numbers, the first 24 bits define what subsystem the
+error originates from, and last 8 bits are 255 error codes within the
+library. Each error code have fixed string associated with it. For
+example, the error-code -1765328383 have the symbolic name
+KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in
+database has expired''.
+
+This is a great improvement compared to just getting one of the unix
+error-codes back. However, Heimdal have an extention to pass back
+customised errors messages. Instead of getting ``Key table entry not
+found'', the user might back ``failed to find
+host/host.example.com@@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab
+(des-cbc-crc)''. This improves the chance that the user find the
+cause of the error so you should use the customised error message
+whenever it's available.
+
+See also manual page for @manpage{krb5_get_error_string,3} and
+ at manpage{krb5_get_err_text,3}.
+
+ at subsection Keytab management
+
+A keytab is a storage for locally stored keys. Heimdal includes keytab
+support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's,
+and for storing keys in memory.
+
+Keytabs are used for servers and long-running services.
+
+See also manual page for @manpage{krb5_keytab,3}
+
+ at subsection Kerberos crypto
+
+Heimdal includes a implementation of the Kerberos crypto framework,
+all crypto operations.
+
+See also manual page for @manpage{krb5_crypto_init,3},
+ at manpage{krb5_keyblock,3}, @manpage{krb5_create_checksum,3},
+and @manpage{krb5_encrypt,3}.
+
+ at node Walkthrough of a sample Kerberos 5 client, Validating a password in a server application, Kerberos 5 API Overview, Programming with Kerberos
+ at section Walkthrough of a sample Kerberos 5 client
+
+This example contains parts of a sample TCP Kerberos 5 clients, if you
+want a real working client, please look in @file{appl/test} directory in
+the Heimdal distribution.
+
+All Kerberos error-codes that are returned from kerberos functions in
+this program are passed to @code{krb5_err}, that will print a
+descriptive text of the error code and exit. Graphical programs can
+convert error-code to a human readable error-string with the
+ at manpage{krb5_get_err_text,3} function.
+
+Note that you should not use any Kerberos function before
+ at code{krb5_init_context()} have completed successfully. That is the
+reason @code{err()} is used when @code{krb5_init_context()} fails.
+
+First the client needs to call @code{krb5_init_context} to initialise
+the Kerberos 5 library. This is only needed once per thread
+in the program. If the function returns a non-zero value it indicates
+that either the Kerberos implementation is failing or it's disabled on
+this host.
+
+ at example
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+@{
+ krb5_context context;
+
+ if (krb5_context(&context))
+ errx (1, "krb5_context");
+ at end example
+
+Now the client wants to connect to the host at the other end. The
+preferred way of doing this is using @manpage{getaddrinfo,3} (for
+operating system that have this function implemented), since getaddrinfo
+is neutral to the address type and can use any protocol that is available.
+
+ at example
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ error = getaddrinfo (hostname, "pop3", &hints, &ai);
+ if (error)
+ errx (1, "%s: %s", hostname, gai_strerror(error));
+
+ for (a = ai; a != NULL; a = a->ai_next) @{
+ int s;
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) @{
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ @}
+ freeaddrinfo (ai);
+ ai = NULL;
+ @}
+ if (ai) @{
+ freeaddrinfo (ai);
+ errx ("failed to contact %s", hostname);
+ @}
+ at end example
+
+Before authenticating, an authentication context needs to be
+created. This context keeps all information for one (to be) authenticated
+connection (see @manpage{krb5_auth_context,3}).
+
+ at example
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_init");
+ at end example
+
+For setting the address in the authentication there is a help function
+ at code{krb5_auth_con_setaddrs_from_fd} that does everything that is needed
+when given a connected file descriptor to the socket.
+
+ at example
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+ if (status)
+ krb5_err (context, 1, status,
+ "krb5_auth_con_setaddrs_from_fd");
+ at end example
+
+The next step is to build a server principal for the service we want
+to connect to. (See also @manpage{krb5_sname_to_principal,3}.)
+
+ at example
+ status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sname_to_principal");
+ at end example
+
+The client principal is not passed to @manpage{krb5_sendauth,3}
+function, this causes the @code{krb5_sendauth} function to try to figure it
+out itself.
+
+The server program is using the function @manpage{krb5_recvauth,3} to
+receive the Kerberos 5 authenticator.
+
+In this case, mutual authentication will be tried. That means that the server
+will authenticate to the client. Using mutual authentication
+is good since it enables the user to verify that they are talking to the
+right server (a server that knows the key).
+
+If you are using a non-blocking socket you will need to do all work of
+ at code{krb5_sendauth} yourself. Basically you need to send over the
+authenticator from @manpage{krb5_mk_req,3} and, in case of mutual
+authentication, verifying the result from the server with
+ at manpage{krb5_rd_rep,3}.
+
+ at example
+ status = krb5_sendauth (context,
+ &auth_context,
+ &sock,
+ VERSION,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sendauth");
+ at end example
+
+Once authentication has been performed, it is time to send some
+data. First we create a krb5_data structure, then we sign it with
+ at manpage{krb5_mk_safe,3} using the @code{auth_context} that contains the
+session-key that was exchanged in the
+ at manpage{krb5_sendauth,3}/@manpage{krb5_recvauth,3} authentication
+sequence.
+
+ at example
+ data.data = "hej";
+ data.length = 3;
+
+ krb5_data_zero (&packet);
+
+ status = krb5_mk_safe (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_mk_safe");
+ at end example
+
+And send it over the network.
+
+ at example
+ len = packet.length;
+ net_len = htonl(len);
+
+ if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+ if (krb5_net_write (context, &sock, packet.data, len) != len)
+ err (1, "krb5_net_write");
+ at end example
+
+To send encrypted (and signed) data @manpage{krb5_mk_priv,3} should be
+used instead. @manpage{krb5_mk_priv,3} works the same way as
+ at manpage{krb5_mk_safe,3}, with the exception that it encrypts the data
+in addition to signing it.
+
+ at example
+ data.data = "hemligt";
+ data.length = 7;
+
+ krb5_data_free (&packet);
+
+ status = krb5_mk_priv (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_mk_priv");
+ at end example
+
+And send it over the network.
+
+ at example
+ len = packet.length;
+ net_len = htonl(len);
+
+ if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+ if (krb5_net_write (context, &sock, packet.data, len) != len)
+ err (1, "krb5_net_write");
+
+ at end example
+
+The server is using @manpage{krb5_rd_safe,3} and
+ at manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet.
+
+ at node Validating a password in a server application, API differences to MIT Kerberos, Walkthrough of a sample Kerberos 5 client, Programming with Kerberos
+ at section Validating a password in an application
+
+See the manual page for @manpage{krb5_verify_user,3}.
+
+ at node API differences to MIT Kerberos, File formats, Validating a password in a server application, Programming with Kerberos
+ at section API differences to MIT Kerberos
+
+This section is somewhat disorganised, but so far there is no overall
+structure to the differences, though some of the have their root in
+that Heimdal uses an ASN.1 compiler and MIT doesn't.
+
+ at subsection Principal and realms
+
+Heimdal stores the realm as a @code{krb5_realm}, that is a @code{char *}.
+MIT Kerberos uses a @code{krb5_data} to store a realm.
+
+In Heimdal @code{krb5_principal} doesn't contain the component
+ at code{name_type}; it's instead stored in component
+ at code{name.name_type}. To get and set the nametype in Heimdal, use
+ at manpage{krb5_principal_get_type,3} and
+ at manpage{krb5_principal_set_type,3}.
+
+For more information about principal and realms, see
+ at manpage{krb5_principal,3}.
+
+ at subsection Error messages
+
+To get the error string, Heimdal uses
+ at manpage{krb5_get_error_string,3} or, if @code{NULL} is returned,
+ at manpage{krb5_get_err_text,3}. This is to return custom error messages
+(like ``Can't find host/datan.example.com@@EXAMPLE.COM in
+/etc/krb5.conf.'' instead of a ``Key table entry not found'' that
+ at manpage{error_message,3} returns.
+
+Heimdal uses a threadsafe(r) version of the com_err interface; the
+global @code{com_err} table isn't initialised. Then
+ at manpage{error_message,3} returns quite a boring error string (just
+the error code itself).
+
+
+ at c @node Why you should use GSS-API for new applications, Walkthrough of a sample GSS-API client, Validating a password in a server application, Programming with Kerberos
+ at c @section Why you should use GSS-API for new applications
+ at c
+ at c SSPI, bah, bah, microsoft, bah, bah, almost GSS-API.
+ at c
+ at c It would also be possible for other mechanisms then Kerberos, but that
+ at c doesn't exist any other GSS-API implementations today.
+ at c
+ at c @node Walkthrough of a sample GSS-API client, , Why you should use GSS-API for new applications, Programming with Kerberos
+ at c @section Walkthrough of a sample GSS-API client
+ at c
+ at c Write about how gssapi_clent.c works.
+
+ at node File formats, , API differences to MIT Kerberos, Programming with Kerberos
+ at section File formats
+
+This section documents the diffrent file formats that are used in
+Heimdal and other Kerberos implementations.
+
+ at subsection keytab
+
+The keytab binary format is not a standard format. The format has
+evolved and may continue to. It is however understood by several
+Kerberos implementations including Heimdal, MIT, Sun's Java ktab and
+are created by the ktpass.exe utility from Windows. So it has
+established itself as the defacto format for storing Kerberos keys.
+
+The following C-like structure definitions illustrate the MIT keytab
+file format. All values are in network byte order. All text is ASCII.
+
+ at example
+ keytab @{
+ uint16_t file_format_version; /* 0x502 */
+ keytab_entry entries[*];
+ @};
+
+ keytab_entry @{
+ int32_t size;
+ uint16_t num_components; /* subtract 1 if version 0x501 */
+ counted_octet_string realm;
+ counted_octet_string components[num_components];
+ uint32_t name_type; /* not present if version 0x501 */
+ uint32_t timestamp;
+ uint8_t vno8;
+ keyblock key;
+ uint32_t vno; /* only present if >= 4 bytes left in entry */
+ @};
+
+ counted_octet_string @{
+ uint16_t length;
+ uint8_t data[length];
+ @};
+
+ keyblock @{
+ uint16_t type;
+ counted_octet_string;
+ @};
+ at end example
+
+All numbers are stored in network byteorder (big endian) format.
+
+The keytab file format begins with the 16 bit file_format_version which
+at the time this document was authored is 0x502. The format of older
+keytabs is described at the end of this document.
+
+The file_format_version is immediately followed by an array of
+keytab_entry structures which are prefixed with a 32 bit size indicating
+the number of bytes that follow in the entry. Note that the size should be
+evaluated as signed. This is because a negative value indicates that the
+entry is in fact empty (e.g. it has been deleted) and that the negative
+value of that negative value (which is of course a positive value) is
+the offset to the next keytab_entry. Based on these size values alone
+the entire keytab file can be traversed.
+
+The size is followed by a 16 bit num_components field indicating the
+number of counted_octet_string components in the components array.
+
+The num_components field is followed by a counted_octet_string
+representing the realm of the principal.
+
+A counted_octet_string is simply an array of bytes prefixed with a 16
+bit length. For the realm and name components, the counted_octet_string
+bytes are ASCII encoded text with no zero terminator.
+
+Following the realm is the components array that represents the name of
+the principal. The text of these components may be joined with slashs
+to construct the typical SPN representation. For example, the service
+principal HTTP/www.foo.net@@FOO.NET would consist of name components
+"HTTP" followed by "www.foo.net".
+
+Following the components array is the 32 bit name_type (e.g. 1 is
+KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In
+practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL.
+
+The 32 bit timestamp indicates the time the key was established for that
+principal. The value represents the number of seconds since Jan 1, 1970.
+
+The 8 bit vno8 field is the version number of the key. This value is
+overridden by the 32 bit vno field if it is present. The vno8 field is
+filled with the lower 8 bits of the 32 bit protocol kvno field.
+
+The keyblock structure consists of a 16 bit value indicating the
+encryption type and is a counted_octet_string containing the key. The
+encryption type is the same as the Kerberos standard (e.g. 3 is
+des-cbc-md5, 23 is arcfour-hmac-md5, etc).
+
+The last field of the keytab_entry structure is optional. If the size of
+the keytab_entry indicates that there are at least 4 bytes remaining,
+a 32 bit value representing the key version number is present. This
+value supersedes the 8 bit vno8 value preceeding the keyblock.
+
+Older keytabs with a file_format_version of 0x501 are different in
+three ways:
+
+ at table @asis
+ at item All integers are in host byte order [1].
+ at item The num_components field is 1 too large (i.e. after decoding, decrement by 1).
+ at item The 32 bit name_type field is not present.
+ at end table
+
+[1] The file_format_version field should really be treated as two
+separate 8 bit quantities representing the major and minor version
+number respectively.
+
+ at subsection Heimdal database dump file
+
+Format of the Heimdal text dump file as of Heimdal 0.6.3:
+
+Each line in the dump file is one entry in the database.
+
+Each field of a line is separated by one or more spaces, with the
+exception of fields consisting of principals containing spaces, where
+space can be quoted with \ and \ is quoted by \.
+
+Fields and their types are:
+
+ at example
+ Quoted princial (quote character is \) [string]
+ Keys [keys]
+ Created by [event]
+ Modified by [event optional]
+ Valid start time [time optional]
+ Valid end time [time optional]
+ Password end valid time [time optional]
+ Max lifetime of ticket [time optional]
+ Max renew time of ticket [integer optional]
+ Flags [hdb flags]
+ Generation number [generation optional]
+ Extensions [extentions optional]
+ at end example
+
+Fields following these silently are ignored.
+
+All optional fields will be skipped if they fail to parse (or comprise
+the optional field marker of "-", w/o quotes).
+
+Example:
+
+ at example
+fred@@EXAMPLE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin@@EXAMPLE.COM 20041221112428:fred@@EXAMPLE.COM - - - 86400 604800 126 20020415130120:793707:28 -
+ at end example
+
+Encoding of types are as follows:
+
+ at table @asis
+ at item keys
+
+ at example
+kvno:[masterkvno:keytype:keydata:salt]@{zero or more separated by :@}
+ at end example
+
+kvno is the key version number.
+
+keydata is hex-encoded
+
+masterkvno is the kvno of the database master key. If this field is
+empty, the kadmin load and merge operations will encrypt the key data
+with the master key if there is one. Otherwise the key data will be
+imported asis.
+
+salt is encoded as "-" (no/default salt) or
+
+ at example
+salt-type /
+salt-type / "string"
+salt-type / hex-encoded-data
+ at end example
+
+keytype is the protocol enctype number; see enum ENCTYPE in
+include/krb5_asn1.h for values.
+
+Example:
+ at example
+27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:-
+ at end example
+
+
+ at example
+kvno=27,@{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt@}...
+ at end example
+
+ at item time
+
+Format of the time is: YYYYmmddHHMMSS, corresponding to strftime
+format "%Y%m%d%k%M%S".
+
+Time is expressed in UTC.
+
+Time can be optional (using -), when the time 0 is used.
+
+Example:
+
+ at example
+20041221112428
+ at end example
+
+ at item event
+
+ at example
+ time:principal
+ at end example
+
+time is as given in format time
+
+principal is a string. Not quoting it may not work in earlier
+versions of Heimdal.
+
+Example:
+ at example
+20041221112428:bloggs@@EXAMPLE.COM
+ at end example
+
+ at item hdb flags
+
+Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each
+bit in the integer is the same as the bit in the specification.
+
+ at item generation:
+
+ at example
+time:usec:gen
+ at end example
+
+
+usec is a the microsecond, integer.
+gen is generation number, integer.
+
+The generation can be defaulted (using '-') or the empty string
+
+ at item extensions:
+
+ at example
+first-hex-encoded-HDB-Extension[:second-...]
+ at end example
+
+HDB-extension is encoded the DER encoded HDB-Extension from
+lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that
+unknown entires needs to be preserved even thought the ASN.1 data
+content might be unknown. There is a critical flag in the data to show
+to the KDC that the entry MUST be understod if the entry is to be
+used.
+
+ at end table
Added: vendor-crypto/heimdal/dist/doc/setup.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/setup.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/setup.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1455 @@
+ at c $Id: setup.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Setting up a realm, Applications, Building and Installing, Top
+
+ at chapter Setting up a realm
+
+A
+ at cindex realm
+realm is an administrative domain. The name of a Kerberos realm is
+usually the Internet domain name in uppercase. Call your realm the same
+as your Internet domain name if you do not have strong reasons for not
+doing so. It will make life easier for you and everyone else.
+
+ at menu
+* Configuration file::
+* Creating the database::
+* Modifying the database::
+* Checking the setup::
+* keytabs::
+* Serving Kerberos 4/524/kaserver::
+* Remote administration::
+* Password changing::
+* Testing clients and servers::
+* Slave Servers::
+* Incremental propagation::
+* Encryption types and salting::
+* Cross realm::
+* Transit policy::
+* Setting up DNS::
+* Using LDAP to store the database::
+* Providing Kerberos credentials to servers and programs::
+* Setting up PK-INIT::
+ at end menu
+
+ at node Configuration file, Creating the database, Setting up a realm, Setting up a realm
+ at section Configuration file
+
+To setup a realm you will first have to create a configuration file:
+ at file{/etc/krb5.conf}. The @file{krb5.conf} file can contain many
+configuration options, some of which are described here.
+
+There is a sample @file{krb5.conf} supplied with the distribution.
+
+The configuration file is a hierarchical structure consisting of
+sections, each containing a list of bindings (either variable
+assignments or subsections). A section starts with
+ at samp{[@samp{section-name}]}. A binding consists of a left hand side, an equal sign
+(@samp{=}) and a right hand side (the left hand side tag must be
+separated from the equal sign with some whitespace). Subsections have a
+ at samp{@{} as the first non-whitespace character after the equal sign. All
+other bindings are treated as variable assignments. The value of a
+variable extends to the end of the line.
+
+ at example
+[section1]
+ a-subsection = @{
+ var = value1
+ other-var = value with @{@}
+ sub-sub-section = @{
+ var = 123
+ @}
+ @}
+ var = some other value
+[section2]
+ var = yet another value
+ at end example
+
+In this manual, names of sections and bindings will be given as strings
+separated by slashes (@samp{/}). The @samp{other-var} variable will thus
+be @samp{section1/a-subsection/other-var}.
+
+For in-depth information about the contents of the configuration file, refer to
+the @file{krb5.conf} manual page. Some of the more important sections
+are briefly described here.
+
+The @samp{libdefaults} section contains a list of library configuration
+parameters, such as the default realm and the timeout for KDC
+responses. The @samp{realms} section contains information about specific
+realms, such as where they hide their KDC at . This section serves the same
+purpose as the Kerberos 4 @file{krb.conf} file, but can contain more
+information. Finally the @samp{domain_realm} section contains a list of
+mappings from domains to realms, equivalent to the Kerberos 4
+ at file{krb.realms} file.
+
+To continue with the realm setup, you will have to create a configuration file,
+with contents similar to the following.
+
+ at example
+[libdefaults]
+ default_realm = MY.REALM
+[realms]
+ MY.REALM = @{
+ kdc = my.kdc my.slave.kdc
+ kdc = my.third.kdc
+ @}
+[domain_realm]
+ .my.domain = MY.REALM
+
+ at end example
+
+If you use a realm name equal to your domain name, you can omit the
+ at samp{libdefaults}, and @samp{domain_realm}, sections. If you have a DNS
+SRV-record for your realm, or your Kerberos server has DNS CNAME
+ at samp{kerberos.my.realm}, you can omit the @samp{realms} section too.
+
+ at node Creating the database, Modifying the database, Configuration file, Setting up a realm
+ at section Creating the database
+
+The database library will look for the database in the directory
+ at file{@value{dbdir}}, so you should probably create that directory.
+Make sure the directory has restrictive permissions.
+
+ at example
+# mkdir /var/heimdal
+ at end example
+
+The keys of all the principals are stored in the database. If you
+choose to, these can be encrypted with a master key. You do not have to
+remember this key (or password), but just to enter it once and it will
+be stored in a file (@file{/var/heimdal/m-key}). If you want to have a
+master key, run @samp{kstash} to create this master key:
+
+ at example
+# kstash
+Master key:
+Verifying password - Master key:
+ at end example
+
+If you want to generate a random master key you can use the
+ at kbd{--random-key} flag to kstash. This will make sure you have a good key
+on which attackers can't do a dictionary attack.
+
+If you have a master key, make sure you make a backup of your master
+key file; without it backups of the database are of no use.
+
+To initialise the database use the @command{kadmin} program, with the
+ at kbd{-l} option (to enable local database mode). First issue a
+ at kbd{init MY.REALM} command. This will create the database and insert
+default principals for that realm. You can have more than one realm in
+one database, so @samp{init} does not destroy any old database.
+
+Before creating the database, @samp{init} will ask you some questions
+about maximum ticket lifetimes.
+
+After creating the database you should probably add yourself to it. You
+do this with the @samp{add} command. It takes as argument the name of a
+principal. The principal should contain a realm, so if you haven't set up
+a default realm, you will need to explicitly include the realm.
+
+ at example
+# kadmin -l
+kadmin> init MY.REALM
+Realm max ticket life [unlimited]:
+Realm max renewable ticket life [unlimited]:
+kadmin> add me
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Attributes []:
+Password:
+Verifying password - Password:
+ at end example
+
+Now start the KDC and try getting a ticket.
+
+ at example
+# kdc &
+# kinit me
+me@@MY.REALMS's Password:
+# klist
+Credentials cache: /tmp/krb5cc_0
+ Principal: me@@MY.REALM
+
+ Issued Expires Principal
+Aug 25 07:25:55 Aug 25 17:25:55 krbtgt/MY.REALM@@MY.REALM
+ at end example
+
+If you are curious you can use the @samp{dump} command to list all the
+entries in the database. It should look something similar to the
+following example (note that the entries here are truncated for
+typographical reasons):
+
+ at smallexample
+kadmin> dump
+me@@MY.REALM 1:0:1:0b01d3cb7c293b57:-:0:7:8aec316b9d1629e3baf8 ...
+kadmin/admin@@MY.REALM 1:0:1:e5c8a2675b37a443:-:0:7:cb913ebf85 ...
+krbtgt/MY.REALM@@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
+kadmin/changepw@@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
+ at end smallexample
+
+ at node Modifying the database, Checking the setup, Creating the database, Setting up a realm
+ at section Modifying the database
+
+All modifications of principals are done with with kadmin.
+
+A principal has several attributes and lifetimes associated with it.
+
+Principals are added, renamed, modified, and deleted with the kadmin
+commands @samp{add}, @samp{rename}, @samp{modify}, @samp{delete}.
+Both interactive editing and command line flags can be used (use --help
+to list the available options).
+
+There are different kinds of types for the fields in the database;
+attributes, absolute time times and relative times.
+
+ at subsection Attributes
+
+When doing interactive editing, attributes are listed with @samp{?}.
+
+The attributes are given in a comma (@samp{,}) separated list.
+Attributes are removed from the list by prefixing them with @samp{-}.
+
+ at smallexample
+kadmin> modify me
+Max ticket life [1 day]:
+Max renewable life [1 week]:
+Principal expiration time [never]:
+Password expiration time [never]:
+Attributes [disallow-renewable]: requires-pre-auth,-disallow-renewable
+kadmin> get me
+ Principal: me@@MY.REALM
+[...]
+ Attributes: requires-pre-auth
+ at end smallexample
+
+ at subsection Absolute times
+
+The format for absolute times are any of the following:
+
+ at smallexample
+never
+now
+YYYY-mm-dd
+YYYY-mm-dd HH:MM:SS
+ at end smallexample
+
+
+ at subsection Relative times
+
+The format for relative times are any of the following combined:
+
+ at smallexample
+N year
+M month
+O day
+P hour
+Q minute
+R second
+ at end smallexample
+
+ at c Describe more of kadmin commands here...
+
+ at node Checking the setup, keytabs, Modifying the database, Setting up a realm
+ at section Checking the setup
+
+There are two tools that can check the consistency of the Kerberos
+configuration file and the Kerberos database.
+
+The Kerberos configuration file is checked using
+ at command{verify_krb5_conf}. The tool checks for common errors, but
+commonly there are several uncommon configuration entries that are
+never added to the tool and thus generates ``unknown entry'' warnings.
+This is usually nothing to worry about.
+
+The database check is built into the kadmin tool. It will check for
+common configuration error that will cause problems later. Common
+check are for existence and flags on important principals. The
+database check by run by the following command :
+
+ at example
+kadmin check REALM.EXAMPLE.ORG
+ at end example
+
+ at node keytabs, Serving Kerberos 4/524/kaserver, Checking the setup, Setting up a realm
+ at section keytabs
+
+To extract a service ticket from the database and put it in a keytab, you
+need to first create the principal in the database with @samp{ank}
+(using the @kbd{--random-key} flag to get a random key) and then
+extract it with @samp{ext_keytab}.
+
+ at example
+kadmin> add --random-key host/my.host.name
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Attributes []:
+kadmin> ext host/my.host.name
+kadmin> exit
+# ktutil list
+Version Type Principal
+ 1 des-cbc-md5 host/my.host.name@@MY.REALM
+ 1 des-cbc-md4 host/my.host.name@@MY.REALM
+ 1 des-cbc-crc host/my.host.name@@MY.REALM
+ 1 des3-cbc-sha1 host/my.host.name@@MY.REALM
+ at end example
+
+ at node Serving Kerberos 4/524/kaserver, Remote administration, keytabs, Setting up a realm
+ at section Serving Kerberos 4/524/kaserver
+
+Heimdal can be configured to support 524, Kerberos 4 or kaserver. All
+these services are turned off by default. Kerberos 4 is always
+supported by the KDC, but the Kerberos 4 client support also depends
+on Kerberos 4 support having been included at compile-time, using
+ at kbd{--with-krb4=dir}.
+
+ at subsection 524
+
+524 is a service that allows the KDC to convert Kerberos 5 tickets to
+Kerberos 4 tickets for backward compatibility. See also Using 2b
+tokens with AFS in @xref{Things in search for a better place}.
+
+524 can be turned on by adding this to the configuration file
+
+ at example
+[kdc]
+ enable-524 = yes
+ at end example
+
+ at subsection Kerberos 4
+
+Kerberos 4 is the predecessor to to Kerberos 5. It only supports
+single DES at . You should only enable Kerberos 4 support if you have
+needs for compatibility with an installed base of Kerberos 4
+clients/servers.
+
+Kerberos 4 can be turned on by adding this to the configuration file
+
+ at example
+[kdc]
+ enable-kerberos4 = yes
+ at end example
+
+ at subsection kaserver
+
+Kaserver is a Kerberos 4 that is used in AFS at . The protocol has some
+extra features over plain Kerberos 4, but like Kerberos 4, only uses
+single DES at .
+
+You should only enable Kaserver support if you have needs for
+compatibility with an installed base of AFS machines.
+
+Kaserver can be turned on by adding this to the configuration file
+
+ at example
+[kdc]
+ enable-kaserver = yes
+ at end example
+
+ at node Remote administration, Password changing, Serving Kerberos 4/524/kaserver, Setting up a realm
+ at section Remote administration
+
+The administration server, @command{kadmind}, can be started by
+ at command{inetd} (which isn't recommended) or run as a normal daemon. If you
+want to start it from @command{inetd} you should add a line similar to the
+one below to your @file{/etc/inetd.conf}.
+
+ at example
+kerberos-adm stream tcp nowait root /usr/heimdal/libexec/kadmind kadmind
+ at end example
+
+You might need to add @samp{kerberos-adm} to your @file{/etc/services}
+as @samp{749/tcp}.
+
+Access to the administration server is controlled by an ACL file,
+(default @file{/var/heimdal/kadmind.acl}.) The file has the following
+syntax:
+ at smallexample
+principal [priv1,priv2,...] [glob-pattern]
+ at end smallexample
+
+The matching is from top to bottom for matching principals (and if given,
+glob-pattern). When there is a match, the access rights of that line are
+applied.
+
+The privileges you can assign to a principal are: @samp{add},
+ at samp{change-password} (or @samp{cpw} for short), @samp{delete},
+ at samp{get}, @samp{list}, and @samp{modify}, or the special privilege
+ at samp{all}. All of these roughly correspond to the different commands
+in @command{kadmin}.
+
+If a @var{glob-pattern} is given on a line, it restricts the access
+rights for the principal to only apply for subjects that match the
+pattern. The patterns are of the same type as those used in shell
+globbing, see @url{none,,fnmatch(3)}.
+
+In the example below @samp{lha/admin} can change every principal in the
+database. @samp{jimmy/admin} can only modify principals that belong to
+the realm @samp{E.KTH.SE}. @samp{mille/admin} is working at the
+help desk, so he should only be able to change the passwords for single
+component principals (ordinary users). He will not be able to change any
+ at samp{/admin} principal.
+
+ at example
+lha/admin@@E.KTH.SE all
+jimmy/admin@@E.KTH.SE all *@@E.KTH.SE
+jimmy/admin@@E.KTH.SE all */*@@E.KTH.SE
+mille/admin@@E.KTH.SE change-password *@@E.KTH.SE
+ at end example
+
+ at node Password changing, Testing clients and servers, Remote administration, Setting up a realm
+ at section Password changing
+
+To allow users to change their passwords, you should run @command{kpasswdd}.
+It is not run from @command{inetd}.
+
+You might need to add @samp{kpasswd} to your @file{/etc/services} as
+ at samp{464/udp}.
+
+ at subsection Password quality assurance
+
+It is important that users have good passwords, both to make it harder
+to guess them and to avoid off-line attacks (although
+pre-authentication provides some defence against off-line attacks).
+To ensure that the users choose good passwords, you can enable
+password quality controls in @command{kpasswdd} and @command{kadmind}.
+The controls themselves are done in a shared library or an external
+program that is used by @command{kpasswdd}. To configure in these
+controls, add lines similar to the following to your
+ at file{/etc/krb5.conf}:
+
+ at example
+[password_quality]
+ policies = external-check builtin:minimum-length module:policyname
+ external_program = /bin/false
+ policy_libraries = @var{library1.so} @var{library2.so}
+ at end example
+
+In @samp{[password_quality]policies} the module name is optional if
+the policy name is unique in all modules (members of
+ at samp{policy_libraries}).
+
+The built-in polices are
+
+ at itemize @bullet
+
+ at item external-check
+
+Executes the program specified by @samp{[password_quality]external_program}.
+
+A number of key/value pairs are passed as input to the program, one per
+line, ending with the string @samp{end}. The key/value lines are of
+the form
+ at example
+principal: @var{principal}
+new-password: @var{password}
+ at end example
+where @var{password} is the password to check for the previous
+ at var{principal}.
+
+If the external application approves the password, it should return
+ at samp{APPROVED} on standard out and exit with exit code 0. If it
+doesn't approve the password, an one line error message explaining the
+problem should be returned on standard error and the application
+should exit with exit code 0. In case of a fatal error, the
+application should, if possible, print an error message on standard
+error and exit with a non-zero error code.
+
+ at item minimum-length
+
+The minimum length password quality check reads the configuration file
+stanza @samp{[password_quality]min_length} and requires the password
+to be at least this length.
+
+ at item character-class
+
+The character-class password quality check reads the configuration
+file stanza @samp{[password_quality]min_classes}. The policy requires
+the password to have characters from at least that many character
+classes. Default value if not given is 3.
+
+The four different characters classes are, uppercase, lowercase,
+number, special characters.
+
+ at end itemize
+
+If you want to write your own shared object to check password
+policies, see the manual page @manpage{kadm5_pwcheck,3}.
+
+Code for a password quality checking function that uses the cracklib
+library can be found in @file{lib/kadm5/sample_password_check.c} in
+the source code distribution. It requires that the cracklib library
+be built with the patch available at
+ at url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
+
+A sample policy external program is included in
+ at file{lib/kadm5/check-cracklib.pl}.
+
+If no password quality checking function is configured, the only check
+performed is that the password is at least six characters long.
+
+To check the password policy settings, use the command
+ at command{password-quality} in @command{kadmin} program. The password
+verification is only performed locally, on the client. It may be
+convenient to set the environment variable @samp{KRB5_CONFIG} to point
+to a test version of @file{krb5.conf} while you're testing the
+ at samp{[password_quality]} stanza that way.
+
+ at node Testing clients and servers, Slave Servers, Password changing, Setting up a realm
+ at section Testing clients and servers
+
+Now you should be able to run all the clients and servers. Refer to the
+appropriate man pages for information on how to use them.
+
+ at node Slave Servers, Incremental propagation, Testing clients and servers, Setting up a realm
+ at section Slave servers, Incremental propagation, Testing clients and servers, Setting up a realm
+
+It is desirable to have at least one backup (slave) server in case the
+master server fails. It is possible to have any number of such slave
+servers but more than three usually doesn't buy much more redundancy.
+
+All Kerberos servers for a realm must have the same database so that
+they present the same service to the users. The
+ at pindex hprop
+ at command{hprop} program, running on the master, will propagate the database
+to the slaves, running
+ at pindex hpropd
+ at command{hpropd} processes.
+
+Every slave needs a database directory, the master key (if it was used
+for the database) and a keytab with the principal
+ at samp{hprop/@var{hostname}}. Add the principal with the
+ at pindex ktutil
+ at command{ktutil} command and start
+ at pindex hpropd
+ at command{hpropd}, as follows:
+
+ at example
+slave# ktutil get -p foo/admin hprop/`hostname`
+slave# mkdir /var/heimdal
+slave# hpropd
+ at end example
+
+The master will use the principal @samp{kadmin/hprop} to authenticate to
+the slaves. This principal should be added when running @kbd{kadmin -l
+init} but if you do not have it in your database for whatever reason,
+please add it with @kbd{kadmin -l add}.
+
+Then run
+ at pindex hprop
+ at code{hprop} on the master:
+
+ at example
+master# hprop slave
+ at end example
+
+This was just an hands-on example to make sure that everything was
+working properly. Doing it manually is of course the wrong way, and to
+automate this you will want to start
+ at pindex hpropd
+ at command{hpropd} from @command{inetd} on the slave(s) and regularly run
+ at pindex hprop
+ at command{hprop} on the master to regularly propagate the database.
+Starting the propagation once an hour from @command{cron} is probably a
+good idea.
+
+ at node Incremental propagation, Encryption types and salting, Slave Servers, Setting up a realm
+ at section Incremental propagation
+
+There is also a newer, and still somewhat experimental, mechanism for
+doing incremental propagation in Heimdal. Instead of sending the whole
+database regularly, it sends the changes as they happen on the master to
+the slaves. The master keeps track of all the changes by assigning a
+version number to every change to the database. The slaves know which
+was the latest version they saw and in this way it can be determined if
+they are in sync or not. A log of all the changes is kept on the master,
+and when a slave is at an older version than the oldest one in the
+log, the whole database has to be sent.
+
+Protocol-wise, all the slaves connect to the master and as a greeting
+tell it the latest version that they have (@samp{IHAVE} message). The
+master then responds by sending all the changes between that version and
+the current version at the master (a series of @samp{FORYOU} messages)
+or the whole database in a @samp{TELLYOUEVERYTHING} message. There is
+also a keep-alive protocol that makes sure all slaves are up and running.
+
+ at subsection Configuring incremental propagation
+
+The program that runs on the master is @command{ipropd-master} and all
+clients run @command{ipropd-slave}.
+
+Create the file @file{/var/heimdal/slaves} on the master containing all
+the slaves that the database should be propagated to. Each line contains
+the full name of the principal (for example
+ at samp{iprop/hemligare.foo.se@@FOO.SE}).
+
+You should already have @samp{iprop/tcp} defined as 2121, in your
+ at file{/etc/services}. Otherwise, or if you need to use a different port
+for some peculiar reason, you can use the @kbd{--port} option. This is
+useful when you have multiple realms to distribute from one server.
+
+Then you need to create those principals that you added in the
+configuration file. Create one @samp{iprop/hostname} for the master and
+for every slave.
+
+
+ at example
+master# /usr/heimdal/sbin/ktutil get iprop/`hostname`
+ at end example
+
+The next step is to start the @command{ipropd-master} process on the master
+server. The @command{ipropd-master} listens on the UNIX domain socket
+ at file{/var/heimdal/signal} to know when changes have been made to the
+database so they can be propagated to the slaves. There is also a
+safety feature of testing the version number regularly (every 30
+seconds) to see if it has been modified by some means that do not raise
+this signal. Then, start @command{ipropd-slave} on all the slaves:
+
+ at example
+master# /usr/heimdal/libexec/ipropd-master &
+slave# /usr/heimdal/libexec/ipropd-slave master &
+ at end example
+
+To manage the iprop log file you should use the @command{iprop-log}
+command. With it you can dump, truncate and replay the logfile.
+
+ at node Encryption types and salting, Cross realm, Incremental propagation, Setting up a realm
+ at section Encryption types and salting
+ at cindex Salting
+ at cindex Encryption types
+
+The encryption types that the KDC is going to assign by default is
+possible to change. Since the keys used for user authentication is
+salted the encryption types are described together with the salt
+strings.
+
+Salting is used to make it harder to pre-calculate all possible
+keys. Using a salt increases the search space to make it almost
+impossible to pre-calculate all keys. Salting is the process of mixing a
+public string (the salt) with the password, then sending it through an
+encryption type specific string-to-key function that will output the
+fixed size encryption key.
+
+In Kerberos 5 the salt is determined by the encryption type, except in
+some special cases.
+
+In @code{des} there is the Kerberos 4 salt
+(none at all) or the afs-salt (using the cell (realm in
+AFS lingo)).
+
+In @code{arcfour} (the encryption type that Microsoft Windows 2000 uses)
+there is no salt. This is to be compatible with NTLM keys in Windows
+NT 4.
+
+ at code{[kadmin]default_keys} in @file{krb5.conf} controls
+what salting to use.
+
+The syntax of @code{[kadmin]default_keys} is
+ at samp{[etype:]salt-type[:salt-string]}. @samp{etype} is the encryption
+type (des-cbc-crc, arcfour-hmac-md5, aes256-cts-hmac-sha1-96),
+ at code{salt-type} is the type of salt (pw-salt or afs3-salt), and the
+salt-string is the string that will be used as salt (remember that if
+the salt is appended/prepended, the empty salt "" is the same thing as
+no salt at all).
+
+Common types of salting include
+
+ at itemize @bullet
+ at item @code{v4} (or @code{des:pw-salt:})
+
+The Kerberos 4 salting is using no salt at all. Reason there is colon
+at the end of the salt string is that it makes the salt the empty
+string (same as no salt).
+
+ at item @code{v5} (or @code{pw-salt})
+
+ at code{pw-salt} uses the default salt for each encryption type is
+specified for. If the encryption type @samp{etype} isn't given, all
+default encryption will be used.
+
+ at item @code{afs3-salt}
+
+ at code{afs3-salt} is the salt that is used with Transarc kaserver. It's
+the cell name appended to the password.
+
+ at end itemize
+
+ at node Cross realm, Transit policy, Encryption types and salting, Setting up a realm
+ at section Cross realm
+ at cindex Cross realm
+
+Suppose you reside in the realm @samp{MY.REALM}, how do you
+authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in
+ at samp{MY.REALM} allows you to communicate with Kerberised services in that
+realm. However, the computer in the other realm does not have a secret
+key shared with the Kerberos server in your realm.
+
+It is possible to share keys between two realms that trust each
+other. When a client program, such as @command{telnet} or @command{ssh},
+finds that the other computer is in a different realm, it will try to
+get a ticket granting ticket for that other realm, but from the local
+Kerberos server. With that ticket granting ticket, it will then obtain
+service tickets from the Kerberos server in the other realm.
+
+For a two way trust between @samp{MY.REALM} and @samp{OTHER.REALM}
+add the following principals to each realm. The principals should be
+ at samp{krbtgt/OTHER.REALM@@MY.REALM} and
+ at samp{krbtgt/MY.REALM@@OTHER.REALM} in @samp{MY.REALM}, and
+ at samp{krbtgt/MY.REALM@@OTHER.REALM} and
+ at samp{krbtgt/OTHER.REALM@@MY.REALM}in @samp{OTHER.REALM}.
+
+In Kerberos 5 the trust can be configured to be one way. So that
+users from @samp{MY.REALM} can authenticate to services in
+ at samp{OTHER.REALM}, but not the opposite. In the example above, the
+ at samp{krbtgt/MY.REALM@@OTHER.REALM} then should be removed.
+
+The two principals must have the same key, key version number, and the
+same set of encryption types. Remember to transfer the two keys in a
+safe manner.
+
+ at example
+vr$ klist
+Credentials cache: FILE:/tmp/krb5cc_913.console
+ Principal: lha@@E.KTH.SE
+
+ Issued Expires Principal
+May 3 13:55:52 May 3 23:55:54 krbtgt/E.KTH.SE@@E.KTH.SE
+
+vr$ telnet -l lha hummel.it.su.se
+Trying 2001:6b0:5:1095:250:fcff:fe24:dbf...
+Connected to hummel.it.su.se.
+Escape character is '^]'.
+Waiting for encryption to be negotiated...
+[ Trying mutual KERBEROS5 (host/hummel.it.su.se@@SU.SE)... ]
+[ Kerberos V5 accepts you as ``lha@@E.KTH.SE'' ]
+Encryption negotiated.
+Last login: Sat May 3 14:11:47 from vr.l.nxs.se
+hummel$ exit
+
+vr$ klist
+Credentials cache: FILE:/tmp/krb5cc_913.console
+ Principal: lha@@E.KTH.SE
+
+ Issued Expires Principal
+May 3 13:55:52 May 3 23:55:54 krbtgt/E.KTH.SE@@E.KTH.SE
+May 3 13:55:56 May 3 23:55:54 krbtgt/SU.SE@@E.KTH.SE
+May 3 14:10:54 May 3 23:55:54 host/hummel.it.su.se@@SU.SE
+
+ at end example
+
+ at node Transit policy, Setting up DNS, Cross realm, Setting up a realm
+ at section Transit policy
+ at cindex Transit policy
+
+If you want to use cross realm authentication through an intermediate
+realm, it must be explicitly allowed by either the KDCs or the server
+receiving the request. This is done in @file{krb5.conf} in the
+ at code{[capaths]} section.
+
+When the ticket transits through a realm to another realm, the
+destination realm adds its peer to the "transited-realms" field in the
+ticket. The field is unordered, since there is no way to know if
+know if one of the transited-realms changed the order of the list.
+
+The syntax for @code{[capaths]} section:
+
+ at example
+[capaths]
+ CLIENT-REALM = @{
+ SERVER-REALM = PERMITTED-CROSS-REALMS ...
+ @}
+ at end example
+
+The realm @code{STACKEN.KTH.SE} allows clients from @code{SU.SE} and
+ at code{DSV.SU.SE} to cross it. Since @code{STACKEN.KTH.SE} only has
+direct cross realm setup with @code{KTH.SE}, and @code{DSV.SU.SE} only
+has direct cross realm setup with @code{SU.SE} they need to use both
+ at code{SU.SE} and @code{KTH.SE} as transit realms.
+
+ at example
+[capaths]
+ SU.SE = @{
+ STACKEN.KTH.SE = KTH.SE
+ @}
+ DSV.SU.SE = @{
+ STACKEN.KTH.SE = SU.SE KTH.SE
+ @}
+
+ at end example
+
+The order of the @code{PERMITTED-CROSS-REALMS} is not important when
+doing transit cross realm verification.
+
+However, the order is important when the @code{[capaths]} section is used
+to figure out the intermediate realm to go to when doing multi-realm
+transit. When figuring out the next realm, the first realm of the list
+of @code{PERMITTED-CROSS-REALMS} is chosen. This is done in both the
+client kerberos library and the KDC.
+
+ at c To test the cross realm configuration, use:
+ at c kmumble transit-check client server transit-realms ...
+
+ at node Setting up DNS, Using LDAP to store the database, Transit policy, Setting up a realm
+ at section Setting up DNS
+ at cindex Setting up DNS
+
+ at subsection Using DNS to find KDC
+
+If there is information about where to find the KDC or kadmind for a
+realm in the @file{krb5.conf} for a realm, that information will be
+preferred, and DNS will not be queried.
+
+Heimdal will try to use DNS to find the KDCs for a realm. First it
+will try to find a @code{SRV} resource record (RR) for the realm. If no
+SRV RRs are found, it will fall back to looking for an @code{A} RR for
+a machine named kerberos.REALM, and then kerberos-1.REALM, etc
+
+Adding this information to DNS minimises the client configuration (in
+the common case, resulting in no configuration needed) and allows the
+system administrator to change the number of KDCs and on what machines
+they are running without caring about clients.
+
+The downside of using DNS is that the client might be fooled to use the
+wrong server if someone fakes DNS replies/data, but storing the IP
+addresses of the KDC on all the clients makes it very hard to change
+the infrastructure.
+
+An example of the configuration for the realm @code{EXAMPLE.COM}:
+
+ at example
+
+$ORIGIN example.com.
+_kerberos._tcp SRV 10 1 88 kerberos.example.com.
+_kerberos._udp SRV 10 1 88 kerberos.example.com.
+_kerberos._tcp SRV 10 1 88 kerberos-1.example.com.
+_kerberos._udp SRV 10 1 88 kerberos-1.example.com.
+_kpasswd._udp SRV 10 1 464 kerberos.example.com.
+_kerberos-adm._tcp SRV 10 1 749 kerberos.example.com.
+
+ at end example
+
+More information about DNS SRV resource records can be found in
+RFC-2782 (A DNS RR for specifying the location of services (DNS SRV)).
+
+ at subsection Using DNS to map hostname to Kerberos realm
+
+Heimdal also supports a way to lookup a realm from a hostname. This to
+minimise configuration needed on clients. Using this has the drawback
+that clients can be redirected by an attacker to realms within the
+same cross realm trust and made to believe they are talking to the
+right server (since Kerberos authentication will succeed).
+
+An example configuration that informs clients that for the realms
+it.example.com and srv.example.com, they should use the realm
+EXAMPLE.COM:
+
+ at example
+
+$ORIGIN example.com.
+_kerberos.it TXT "EXAMPLE.COM"
+_kerberos.srv TXT "EXAMPLE.COM"
+
+ at end example
+
+ at node Using LDAP to store the database, Providing Kerberos credentials to servers and programs, Setting up DNS, Setting up a realm
+ at section Using LDAP to store the database
+ at cindex Using the LDAP backend
+
+This document describes how to install the LDAP backend for
+Heimdal. Note that before attempting to configure such an
+installation, you should be aware of the implications of storing
+private information (such as users' keys) in a directory service
+primarily designed for public information. Nonetheless, with a
+suitable authorisation policy, it is possible to set this up in a
+secure fashion. A knowledge of LDAP, Kerberos, and C is necessary to
+install this backend. The HDB schema was devised by Leif Johansson.
+
+Requirements:
+
+ at itemize @bullet
+
+ at item
+A current release of Heimdal, configured with
+ at code{--with-openldap=/usr/local} (adjust according to where you have
+installed OpenLDAP).
+
+You can verify that you manage to configure LDAP support by running
+ at file{kdc --builtin-hdb}, and checking that @samp{ldap:} is one entry
+in the list.
+
+Its also possible to configure the ldap backend as a shared module,
+see option --hdb-openldap-module to configure.
+
+ at item
+OpenLDAP 2.0.x. Configure OpenLDAP with @kbd{--enable-local} to enable the
+local transport. (A patch to support SASL EXTERNAL authentication is
+necessary in order to use OpenLDAP 2.1.x.)
+
+ at item
+Add the hdb schema to the LDAP server, it's included in the source-tree
+in @file{lib/hdb/hdb.schema}. Example from slapd.conf:
+
+ at example
+include /usr/local/etc/openldap/schema/hdb.schema
+ at end example
+
+ at item
+Configure the LDAP server ACLs to accept writes from clients over the
+local transport. For example:
+
+ at example
+access to *
+ by dn.exact="uid=heimdal,dc=services,dc=example,dc=com" write
+ ...
+
+sasl-regexp "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
+ "uid=heimdal,dc=services,dc=example,dc=com"
+
+ at end example
+
+The sasl-regexp is for mapping between the SASL/EXTERNAL and a user in
+a tree. The user that the key is mapped to should be have a
+krb5Principal aux object with krb5PrincipalName set so that the
+``creator'' and ``modifier'' is right in @file{kadmin}.
+
+Another option is to create an admins group and add the dn to that
+group.
+
+Since Heimdal talks to the LDAP server over a UNIX domain socket, and
+uses external sasl authentication, it's not possible to require
+security layer quality (ssf in cyrus-sasl lingo). So that requirement
+has to be turned off in OpenLDAP @command{slapd} configuration file
+ at file{slapd.conf}.
+
+ at example
+sasl-secprops minssf=0
+ at end example
+
+ at item
+
+Start @command{slapd} with the local listener (as well as the default TCP/IP
+listener on port 389) as follows:
+
+ at example
+ slapd -h "ldapi:/// ldap:///"
+ at end example
+
+Note: These is a bug in @command{slapd} where it appears to corrupt the krb5Key
+binary attribute on shutdown. This may be related to our use of the V3
+schema definition syntax instead of the old UMich-style, V2 syntax.
+
+ at item
+You should specify the distinguished name under which your
+principals will be stored in @file{krb5.conf}. Also you need to
+enter the path to the kadmin acl file:
+
+
+ at example
+[kdc]
+ database = @{
+ dbname = ldap:ou=KerberosPrincipals,dc=example,dc=com
+ hdb-ldap-structural-object = inetOrgPerson
+ acl_file = /path/to/kadmind.acl
+ mkey_file = /path/to/mkey
+ @}
+ at end example
+
+ at samp{mkey_file} can be excluded if you feel that you trust your ldap
+directory to have the raw keys inside it. The
+hdb-ldap-structural-object is not necessary if you do not need Samba
+comatibility.
+
+
+
+ at item
+Once you have built Heimdal and started the LDAP server, run kadmin
+(as usual) to initialise the database. Note that the instructions for
+stashing a master key are as per any Heimdal installation.
+
+ at example
+kdc# kadmin -l
+kadmin> init EXAMPLE.COM
+Realm max ticket life [unlimited]:
+Realm max renewable ticket life [unlimited]:
+kadmin> ank lukeh
+Max ticket life [1 day]:
+Max renewable life [1 week]:
+Principal expiration time [never]:
+Password expiration time [never]:
+Attributes []:
+lukeh@@EXAMPLE.COM's Password:
+Verifying password - lukeh@@EXAMPLE.COM's Password:
+kadmin> exit
+ at end example
+
+Verify that the principal database has indeed been stored in the
+directory with the following command:
+
+ at example
+kdc# ldapsearch -L -h localhost -D cn=manager \
+ -w secret -b ou=KerberosPrincipals,dc=example,dc=com \
+ 'objectclass=krb5KDCEntry'
+ at end example
+
+ at item
+Now consider adding indexes to the database to speed up the access, at
+least theses should be added to slapd.conf.
+
+ at example
+index objectClass eq
+index cn eq,sub,pres
+index uid eq,sub,pres
+index displayName eq,sub,pres
+index krb5PrincipalName eq
+ at end example
+
+ at end itemize
+
+ at subsection Troubleshooting guide
+
+ at url{https://sec.miljovern.no/bin/view/Info/TroubleshootingGuide}
+
+
+ at subsection Using Samba LDAP password database
+ at cindex Samba
+
+ at c @node Using Samba LDAP password database, Providing Kerberos credentials to servers and programs, Using LDAP to store the database, Setting up a realm
+ at c @section Using Samba LDAP password database
+
+The Samba domain and the Kerberos realm can have different names since
+arcfour's string to key functions principal/realm independent. So now
+will be your first and only chance name your Kerberos realm without
+needing to deal with old configuration files.
+
+First, you should set up Samba and get that working with LDAP backend.
+
+Now you can proceed as in @xref{Using LDAP to store the database}.
+Heimdal will pick up the Samba LDAP entries if they are in the same
+search space as the Kerberos entries.
+
+ at node Providing Kerberos credentials to servers and programs, Setting up PK-INIT, Using LDAP to store the database, Setting up a realm
+ at section Providing Kerberos credentials to servers and programs
+
+Some services require Kerberos credentials when they start to make
+connections to other services or need to use them when they have started.
+
+The easiest way to get tickets for a service is to store the key in a
+keytab. Both ktutil get and kadmin ext can be used to get a
+keytab. ktutil get is better in that way it changes the key/password
+for the user. This is also the problem with ktutil. If ktutil is used
+for the same service principal on several hosts, they keytab will only
+be useful on the last host. In that case, run the extract command on
+one host and then securely copy the keytab around to all other hosts
+that need it.
+
+ at example
+host# ktutil -k /etc/krb5-service.keytab \
+ get -p lha/admin@@EXAMPLE.ORG service-principal@@EXAMPLE.ORG
+lha/admin@@EXAMPLE.ORG's Password:
+ at end example
+
+To get a Kerberos credential file for the service, use kinit in the
+ at kbd{--keytab} mode. This will not ask for a password but instead fetch the
+key from the keytab.
+
+ at example
+service@@host$ kinit --cache=/var/run/service_krb5_cache \
+ --keytab=/etc/krb5-service.keytab \
+ service-principal@@EXAMPLE.ORG
+ at end example
+
+Long running services might need credentials longer then the
+expiration time of the tickets. kinit can run in a mode that refreshes
+the tickets before they expire. This is useful for services that write
+into AFS and other distributed file systems using Kerberos. To run the
+long running script, just append the program and arguments (if any)
+after the principal. kinit will stop refreshing credentials and remove
+the credentials when the script-to-start-service exits.
+
+ at example
+service@@host$ kinit --cache=/var/run/service_krb5_cache \
+ --keytab=/etc/krb5-service.keytab \
+ service-principal@@EXAMPLE.ORG \
+ script-to-start-service argument1 argument2
+ at end example
+
+
+ at node Setting up PK-INIT, , Providing Kerberos credentials to servers and programs, Setting up a realm
+ at section Setting up PK-INIT
+
+PK-INIT is levering the existing PKI infrastructure to use
+certificates to get the initial ticket, that is usually the krbtgt.
+
+To use PK-INIT you must first have a PKI, so if you don't have one,
+it is time to create it. Note that you should read the whole chapter
+of the document to see the requirements on the CA software.
+
+There needs to exist a mapping between the certificate and what
+principals that certificate is allowed to use. There are several ways
+to do this. The administrator can use a configuration file, storing
+the principal in the SubjectAltName extension of the certificate, or store the
+mapping in the principals entry in the kerberos database.
+
+ at section Certificates
+
+This section documents the requirements on the KDC and client
+certificates and the format used in the id-pkinit-san OtherName
+extention.
+
+ at subsection KDC certificate
+
+The certificate for the KDC have serveral requirements.
+
+First the certificate should have an Extended Key Usage (EKU)
+id-pkkdcekuoid (1.3.6.1.5.2.3.5) set. Second there must be a
+subjectAltName otherName using oid id-pkinit-san (1.3.6.1.5.2.2) in
+the type field and a DER encoded KRB5PrincipalName that matches the
+name of the TGS of the target realm.
+
+Both of these two requirements are not required by the standard to be
+checked by the client if it have external information what the
+certificate the KDC is supposed to be used. So it's in the interest of
+minimum amount of configuration on the clients they should be included.
+
+Remember that if the client would accept any certificate as the KDC's
+certificate, the client could be fooled into trusting something that
+isn't a KDC and thus expose the user to giving away information (like
+password or other private information) that it is supposed to secret.
+
+Also, if the certificate has a nameConstraints extention with a
+Generalname with dNSName or iPAdress it must match the hostname or
+adress of the KDC.
+
+ at subsection Client certificate
+
+The client certificate may need to have a EKU id-pkekuoid
+(1.3.6.1.5.2.3.4) set depending on the certifiate on the KDC.
+
+It possible to store the principal (if allowed by the KDC) in the
+certificate and thus delegate responsibility to do the mapping between
+certificates and principals to the CA.
+
+ at subsubsection Using KRB5PrincipalName in id-pkinit-san
+
+OtherName extention in the GeneralName is used to do the
+mapping between certifiate and principal in the certifiate or storing
+the krbtgt principal in the KDC certificate.
+
+The principal is stored in a SubjectAltName in the certificate using
+OtherName. The oid in the type is id-pkinit-san.
+
+ at example
+id-pkinit-san OBJECT IDENTIFIER ::= @{ iso (1) org (3) dod (6)
+internet (1) security (5) kerberosv5 (2) 2 @}
+ at end example
+
+The data part of the OtherName is filled with the following DER
+encoded ASN.1 structure:
+
+ at example
+KRB5PrincipalName ::= SEQUENCE @{
+ realm [0] Realm,
+ principalName [1] PrincipalName
+@}
+ at end example
+
+where Realm and PrincipalName is defined by the Kerberos ASN.1 specification.
+
+ at section Naming certificate using hx509
+
+hx509 is the X.509 software used in Heimdal to handle
+certificates. hx509 uses different syntaxes to specify the different
+formats the certificates are stored in and what formats they exist in.
+
+There are several formats that can be used, PEM, embedded into PKCS12
+files, embedded into PKCS11 devices and raw DER encoded certificates.
+Below is a list of types to use.
+
+
+ at table @asis
+
+ at item DIR:
+
+DIR is reading all certificates in a directory that is DER or PEM
+formatted.
+
+The main feature of DIR is that the directory is read on demand when
+iterating over certificates, that way applictions can for some cases
+avoid to store all certificates in memory. It's very useful for tests
+that iterate over larger amount of certificates.
+
+Syntax is:
+
+ at example
+DIR:/path/to/der/files
+ at end example
+
+ at item FILE:
+
+FILE: is used to have the lib pick up a certificate chain and a
+private key. The file can be either a PEM (openssl) file or a raw DER
+encoded certificate. If it's a PEM file it can contain several keys and
+certificates and the code will try to match the private key and
+certificate together.
+
+Its useful to have one PEM file that contains all the trust anchors.
+
+Syntax is:
+
+ at example
+FILE:certificate.pem,private-key.key,other-cert.pem,....
+ at end example
+
+ at item PKCS11:
+
+PKCS11: is used to handle smartcards via PKCS11 drivers, for example
+soft-token, opensc, or muscle. The default is to use all slots on the
+device/token.
+
+Syntax is:
+
+ at example
+PKCS11:shared-object.so
+ at end example
+
+ at item PKCS12:
+
+PKCS12: is used to handle PKCS12 files. PKCS12 files commonly have the
+extension pfx or p12.
+
+Syntax is:
+
+ at example
+PKCS12:/path/to/file.pfx
+ at end example
+
+ at end table
+
+ at section Configure the Kerberos software
+
+First configure the client's trust anchors and what parameters to
+verify, see subsection below how to do that. Now you can use kinit to
+get yourself tickets. One example how that can look like is:
+
+ at example
+$ kinit -C FILE:$HOME/.certs/lha.crt,$HOME/.certs/lha.key lha@@EXAMPLE.ORG
+Enter your private key passphrase:
+: lha@@nutcracker ; klist
+Credentials cache: FILE:/tmp/krb5cc_19100a
+ Principal: lha@@EXAMPLE.ORG
+
+ Issued Expires Principal
+Apr 20 02:08:08 Apr 20 12:08:08 krbtgt/EXAMPLE.ORG@@EXAMPLE.ORG
+ at end example
+
+Using PKCS11 it can look like this instead:
+
+ at example
+$ kinit -C PKCS11:/tmp/pkcs11/lib/soft-pkcs11.so lha@@EXAMPLE.ORG
+PIN code for SoftToken (slot):
+$ klist
+Credentials cache: API:4
+ Principal: lha@@EXAMPLE.ORG
+
+ Issued Expires Principal
+Mar 26 23:40:10 Mar 27 09:40:10 krbtgt/EXAMPLE.ORG@@EXAMPLE.ORG
+ at end example
+
+
+Write about the kdc.
+
+ at section Configure the client
+
+ at example
+[appdefaults]
+ pkinit_anchors = FILE:/path/to/trust-anchors.pem
+
+[realms]
+ EXAMPLE.COM = @{
+ pkinit_require_eku = true
+ pkinit_require_krbtgt_otherName = true
+ pkinit_win2k = no
+ pkinit_win2k_require_binding = yes
+ @}
+
+ at end example
+
+ at section Configure the KDC
+
+ at example
+[kdc]
+ enable-pkinit = yes
+ pkinit_identity = FILE:/secure/kdc.crt,/secure/kdc.key
+ pkinit_anchors = FILE:/path/to/trust-anchors.pem
+ pkinit_pool = PKCS12:/path/to/useful-intermediate-certs.pfx
+ pkinit_pool = FILE:/path/to/other-useful-intermediate-certs.pem
+ pkinit_allow_proxy_certificate = false
+ pkinit_win2k_require_binding = yes
+ at end example
+
+ at subsection Using pki-mapping file
+
+Note that the file name is space sensitive.
+
+ at example
+# cat /var/heimdal/pki-mapping
+# comments starts with #
+lha@@EXAMPLE.ORG:C=SE,O=Stockholm universitet,CN=Love,UID=lha
+lha@@EXAMPLE.ORG:CN=Love,UID=lha
+ at end example
+
+ at subsection Using the Kerberos database
+
+ at section Use hxtool to create certificates
+
+ at subsection Generate certificates
+
+First you need to generate a CA certificate, change the --subject to
+something appropriate, the CA certificate will be valid for 10 years.
+
+You need to change --subject in the command below.
+
+ at example
+hxtool issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --generate-key=rsa \
+ --subject="CN=CA,DC=test,DC=h5l,DC=se" \
+ --lifetime=10years \
+ --certificate="FILE:ca.pem"
+ at end example
+
+The KDC needs to have a certificate, so generate a certificate of the
+type ``pkinit-kdc'' and set the PK-INIT specifial SubjectAltName to the
+name of the krbtgt of the realm.
+
+You need to change --subject and --pk-init-principal in the command below.
+
+ at example
+hxtool issue-certificate \
+ --ca-certificate=FILE:ca.pem \
+ --generate-key=rsa \
+ --type="pkinit-kdc" \
+ --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \
+ --subject="uid=kdc,DC=test,DC=h5l,DC=se" \
+ --certificate="FILE:kdc.pem"
+ at end example
+
+The users also needs to have a certificate, so generate a certificate
+of the type ``pkinit-client''. The client doesn't need to have the PK-INIT
+SubjectAltName set, you can have the Subject DN in the ACL file
+(pki-mapping) instead.
+
+You need to change --subject and --pk-init-principal in the command below.
+
+ at example
+hxtool issue-certificate \
+ --ca-certificate=FILE:ca.pem \
+ --generate-key=rsa \
+ --type="pkinit-client" \
+ --pk-init-principal="lha@@TEST.H5L.SE" \
+ --subject="uid=lha,DC=test,DC=h5l,DC=se" \
+ --certificate="FILE:user.pem"
+ at end example
+
+ at subsection Validate the certificate
+
+hxtool also contains a tool that will validate certificates according to
+rules from the PKIX document. These checks are not complete, but a good test
+to check if you got all of the basic bits right in your certificates.
+
+ at example
+hxtool validate FILE:user.pem
+ at end example
+
+ at section Use OpenSSL to create certificates
+
+This section tries to give the CA owners hints how to create
+certificates using OpenSSL (or CA software based on OpenSSL).
+
+ at subsection Using OpenSSL to create certificates with krb5PrincipalName
+
+To make OpenSSL create certificates with krb5PrincipalName use
+ at file{openssl.cnf} as described below. To see a complete example of
+creating client and KDC certificates, see the test-data generation
+script @file{lib/hx509/data/gen-req.sh} in the source-tree. The
+certicates it creates are used to test the PK-INIT functionality in
+ at file{tests/kdc/check-kdc.in}.
+
+To use this example you have to use OpenSSL 0.9.8a or later.
+
+ at example
+
+[user_certificate]
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
+
+[princ_name]
+realm = EXP:0, GeneralString:MY.REALM
+principal_name = EXP:1, SEQUENCE:principal_seq
+
+[principal_seq]
+name_type = EXP:0, INTEGER:1
+name_string = EXP:1, SEQUENCE:principals
+
+[principals]
+princ1 = GeneralString:userid
+
+ at end example
+
+Command usage
+
+ at example
+openssl x509 -extensions user_certificate
+openssl ca -extensions user_certificate
+ at end example
+
+
+ at c --- ms certificate
+ at c
+ at c [ new_oids ]
+ at c msCertificateTemplateName = 1.3.6.1.4.1.311.20.2
+ at c
+ at c
+ at c [ req_smartcard ]
+ at c keyUsage = digitalSignature, keyEncipherment
+ at c extendedKeyUsage = msSmartcardLogin, clientAuth
+ at c msCertificateTemplateName = ASN1:BMP:SmartcardLogon
+ at c subjectAltName = otherName:msUPN;UTF8:lukeh at dsg.padl.com
+ at c #subjectAltName = email:copy
+
+
+ at section Using PK-INIT with Windows
+
+ at subsection Client configration
+
+Clients using a Windows KDC with PK-INIT need configuration since
+windows uses pre-standard format and this can't be autodetected.
+
+The pkinit_win2k_require_binding option requires the reply for the KDC
+to be of the new, secure, type that binds the request to reply. Before
+clients should fake the reply from the KDC. To use this option you
+have to apply a fix from Microsoft.
+
+ at example
+[realms]
+ MY.MS.REALM = @{
+ pkinit_win2k = yes
+ pkinit_win2k_require_binding = no
+ @}
+ at end example
+
+ at subsection Certificates
+
+The client certificates need to have the extended keyusage ``Microsoft
+Smartcardlogin'' (openssl have the oid shortname msSmartcardLogin).
+
+See Microsoft Knowledge Base Article - 281245 ``Guidelines for Enabling
+Smart Card Logon with Third-Party Certification Authorities'' for a
+more extensive description of how set setup an external CA to it
+includes all information that will make a Windows KDC happy.
+
+ at subsection Configure Windows 2000 CA
+
+To enable Microsoft Smartcardlogin> for certificates in your Windows
+2000 CA, you want to look at Microsoft Knowledge Base Article -
+313274 ``HOW TO: Configure a Certification Authority to Issue
+Smart Card Certificates in Windows''.
Added: vendor-crypto/heimdal/dist/doc/vars.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/vars.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/vars.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7 @@
+
+ at c
+ at c Variables depending on installation
+ at c
+
+ at set dbdir /var/heimdal
+ at set PACKAGE_VERSION 1.1
Added: vendor-crypto/heimdal/dist/doc/vars.tin
===================================================================
--- vendor-crypto/heimdal/dist/doc/vars.tin (rev 0)
+++ vendor-crypto/heimdal/dist/doc/vars.tin 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7 @@
+
+ at c
+ at c Variables depending on installation
+ at c
+
+ at set dbdir @dbdir@
+ at set PACKAGE_VERSION @PACKAGE_VERSION@
Added: vendor-crypto/heimdal/dist/doc/whatis.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/whatis.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/whatis.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,161 @@
+ at c $Id: whatis.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node What is Kerberos?, Building and Installing, Introduction, Top
+ at chapter What is Kerberos?
+
+ at quotation
+ at flushleft
+ Now this Cerberus had three heads of dogs,
+ the tail of a dragon, and on his back the
+ heads of all sorts of snakes.
+ --- Pseudo-Apollodorus Library 2.5.12
+ at end flushleft
+ at end quotation
+
+Kerberos is a system for authenticating users and services on a network.
+It is built upon the assumption that the network is ``unsafe''. For
+example, data sent over the network can be eavesdropped and altered, and
+addresses can also be faked. Therefore they cannot be used for
+authentication purposes.
+ at cindex authentication
+
+Kerberos is a trusted third-party service. That means that there is a
+third party (the kerberos server) that is trusted by all the entities on
+the network (users and services, usually called @dfn{principals}). All
+principals share a secret password (or key) with the kerberos server and
+this enables principals to verify that the messages from the kerberos
+server are authentic. Thus trusting the kerberos server, users and
+services can authenticate each other.
+
+ at section Basic mechanism
+
+ at ifinfo
+ at macro sub{arg}
+<\arg\>
+ at end macro
+ at end ifinfo
+
+ at tex
+ at def@xsub#1{$_{#1}$}
+ at global@let at sub=@xsub
+ at end tex
+
+ at ifhtml
+ at macro sub{arg}
+ at html
+<sub>\arg\</sub>
+ at end html
+ at end macro
+ at end ifhtml
+
+ at c ifdocbook
+ at c macro sub{arg}
+ at c docbook
+ at c <subscript>\arg\</subscript>
+ at c end docbook
+ at c end macro
+ at c end ifdocbook
+
+ at quotation
+ at strong{Note} This discussion is about Kerberos version 4, but version
+5 works similarly.
+ at end quotation
+
+In Kerberos, principals use @dfn{tickets} to prove that they are who
+they claim to be. In the following example, @var{A} is the initiator of
+the authentication exchange, usually a user, and @var{B} is the service
+that @var{A} wishes to use.
+
+To obtain a ticket for a specific service, @var{A} sends a ticket
+request to the kerberos server. The request contains @var{A}'s and
+ at var{B}'s names (along with some other fields). The kerberos server
+checks that both @var{A} and @var{B} are valid principals.
+
+Having verified the validity of the principals, it creates a packet
+containing @var{A}'s and @var{B}'s names, @var{A}'s network address
+(@var{A at sub{addr}}), the current time (@var{t at sub{issue}}), the lifetime
+of the ticket (@var{life}), and a secret @dfn{session key}
+ at cindex session key
+(@var{K at sub{AB}}). This packet is encrypted with @var{B}'s secret key
+(@var{K at sub{B}}). The actual ticket (@var{T at sub{AB}}) looks like this:
+(@{@var{A}, @var{B}, @var{A at sub{addr}}, @var{t at sub{issue}}, @var{life},
+ at var{K at sub{AB}}@}@var{K at sub{B}}).
+
+The reply to @var{A} consists of the ticket (@var{T at sub{AB}}), @var{B}'s
+name, the current time, the lifetime of the ticket, and the session key, all
+encrypted in @var{A}'s secret key (@{@var{B}, @var{t at sub{issue}},
+ at var{life}, @var{K at sub{AB}}, @var{T at sub{AB}}@}@var{K at sub{A}}). @var{A}
+decrypts the reply and retains it for later use.
+
+ at sp 1
+
+Before sending a message to @var{B}, @var{A} creates an authenticator
+consisting of @var{A}'s name, @var{A}'s address, the current time, and a
+``checksum'' chosen by @var{A}, all encrypted with the secret session
+key (@{@var{A}, @var{A at sub{addr}}, @var{t at sub{current}},
+ at var{checksum}@}@var{K at sub{AB}}). This is sent together with the ticket
+received from the kerberos server to @var{B}. Upon reception, @var{B}
+decrypts the ticket using @var{B}'s secret key. Since the ticket
+contains the session key that the authenticator was encrypted with,
+ at var{B} can now also decrypt the authenticator. To verify that @var{A}
+really is @var{A}, @var{B} now has to compare the contents of the ticket
+with that of the authenticator. If everything matches, @var{B} now
+considers @var{A} as properly authenticated.
+
+ at c (here we should have some more explanations)
+
+ at section Different attacks
+
+ at subheading Impersonating A
+
+An impostor, @var{C} could steal the authenticator and the ticket as it
+is transmitted across the network, and use them to impersonate
+ at var{A}. The address in the ticket and the authenticator was added to
+make it more difficult to perform this attack. To succeed @var{C} will
+have to either use the same machine as @var{A} or fake the source
+addresses of the packets. By including the time stamp in the
+authenticator, @var{C} does not have much time in which to mount the
+attack.
+
+ at subheading Impersonating B
+
+ at var{C} can hijack @var{B}'s network address, and when @var{A} sends
+her credentials, @var{C} just pretend to verify them. @var{C} can't
+be sure that she is talking to @var{A}.
+
+ at section Defence strategies
+
+It would be possible to add a @dfn{replay cache}
+ at cindex replay cache
+to the server side. The idea is to save the authenticators sent during
+the last few minutes, so that @var{B} can detect when someone is trying
+to retransmit an already used message. This is somewhat impractical
+(mostly regarding efficiency), and is not part of Kerberos 4; MIT
+Kerberos 5 contains it.
+
+To authenticate @var{B}, @var{A} might request that @var{B} sends
+something back that proves that @var{B} has access to the session
+key. An example of this is the checksum that @var{A} sent as part of the
+authenticator. One typical procedure is to add one to the checksum,
+encrypt it with the session key and send it back to @var{A}. This is
+called @dfn{mutual authentication}.
+
+The session key can also be used to add cryptographic checksums to the
+messages sent between @var{A} and @var{B} (known as @dfn{message
+integrity}). Encryption can also be added (@dfn{message
+confidentiality}). This is probably the best approach in all cases.
+ at cindex integrity
+ at cindex confidentiality
+
+ at section Further reading
+
+The original paper on Kerberos from 1988 is @cite{Kerberos: An
+Authentication Service for Open Network Systems}, by Jennifer Steiner,
+Clifford Neuman and Jeffrey I. Schiller.
+
+A less technical description can be found in @cite{Designing an
+Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also
+from 1988.
+
+These documents can be found on our web-page at
+ at url{http://www.pdc.kth.se/kth-krb/}.
Added: vendor-crypto/heimdal/dist/doc/win2k.texi
===================================================================
--- vendor-crypto/heimdal/dist/doc/win2k.texi (rev 0)
+++ vendor-crypto/heimdal/dist/doc/win2k.texi 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,306 @@
+ at c $Id: win2k.texi,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+ at node Windows 2000 compatability, Programming with Kerberos, Kerberos 4 issues, Top
+ at comment node-name, next, previous, up
+ at chapter Windows 2000 compatability
+
+Windows 2000 (formerly known as Windows NT 5) from Microsoft implements
+Kerberos 5. Their implementation, however, has some quirks,
+peculiarities, and bugs. This chapter is a short summary of the things
+that we have found out while trying to test Heimdal against Windows
+2000. Another big problem with the Kerberos implementation in Windows
+2000 is that the available documentation is more focused on getting
+things to work rather than how they work, and not that useful in figuring
+out how things really work.
+
+This information should apply to Heimdal @value{VERSION} and Windows
+2000 Professional. It's of course subject to change all the time and
+mostly consists of our not so inspired guesses. Hopefully it's still
+somewhat useful.
+
+ at menu
+* Configuring Windows 2000 to use a Heimdal KDC::
+* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC::
+* Create account mappings::
+* Encryption types::
+* Authorisation data::
+* Quirks of Windows 2000 KDC::
+* Useful links when reading about the Windows 2000::
+ at end menu
+
+ at node Configuring Windows 2000 to use a Heimdal KDC, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability, Windows 2000 compatability
+ at comment node-name, next, precious, up
+ at section Configuring Windows 2000 to use a Heimdal KDC
+
+You need the command line program called @command{ksetup.exe} which is available
+in the file @file{SUPPORT/TOOLS/SUPPORT.CAB} on the Windows 2000 Professional
+CD-ROM. This program is used to configure the Kerberos settings on a
+Workstation.
+
+ at command{Ksetup} store the domain information under the registry key:
+ at code{HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains}.
+
+Use the @command{kadmin} program in Heimdal to create a host principal in the
+Kerberos realm.
+
+ at example
+unix% kadmin
+kadmin> ank --password=password host/datan.example.com
+ at end example
+
+The name @samp{datan.example.com} should be replaced with DNS name of
+the workstation.
+
+You must configure the workstation as a member of a workgroup, as opposed
+to a member in an NT domain, and specify the KDC server of the realm
+as follows:
+ at example
+C:> ksetup /setdomain EXAMPLE.COM
+C:> ksetup /addkdc EXAMPLE.COM kdc.example.com
+ at end example
+
+Set the machine password, i.e.@: create the local keytab:
+ at example
+C:> ksetup /SetComputerPassword password
+ at end example
+
+The password used in @kbd{ksetup /setmachpassword} must be the same
+as the password used in the @kbd{kadmin ank} command.
+
+The workstation must now be rebooted.
+
+A mapping between local NT users and Kerberos principals must be specified.
+You have two choices. First:
+
+ at example
+C:> ksetup /mapuser user@@MY.REALM nt_user
+ at end example
+
+This will map a user to a specific principal; this allows you to have
+other usernames in the realm than in your NT user database. (Don't ask
+me why on earth you would want that at enddots{})
+
+You can also say:
+ at example
+C:> ksetup /mapuser * *
+ at end example
+The Windows machine will now map any user to the corresponding principal,
+for example @samp{nisse} to the principal @samp{nisse@@MY.REALM}.
+(This is most likely what you want.)
+
+ at node Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Create account mappings, Configuring Windows 2000 to use a Heimdal KDC, Windows 2000 compatability
+ at comment node-name, next, precious, up
+ at section Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
+
+See also the Step-by-Step guide from Microsoft, referenced below.
+
+Install Windows 2000, and create a new controller (Active Directory
+Server) for the domain.
+
+By default the trust will be non-transitive. This means that only users
+directly from the trusted domain may authenticate. This can be changed
+to transitive by using the @command{netdom.exe} tool. @command{netdom.exe}
+can also be used to add the trust between two realms.
+
+You need to tell Windows 2000 on what hosts to find the KDCs for the
+non-Windows realm with @command{ksetup}, see @xref{Configuring Windows 2000
+to use a Heimdal KDC}.
+
+This needs to be done on all computers that want enable cross-realm
+login with @code{Mapped Names}. @c XXX probably shouldn't be @code
+
+Then you need to add the inter-realm keys on the Windows KDC at . Start the
+Domain Tree Management tool (found in Programs, Administrative tools,
+Active Directory Domains and Trusts).
+
+Right click on Properties of your domain, select the Trust tab. Press
+Add on the appropriate trust windows and enter domain name and
+password. When prompted if this is a non-Windows Kerberos realm, press
+OK.
+
+Do not forget to add trusts in both directions (if that's what you want).
+
+If you want to use @command{netdom.exe} instead of the Domain Tree
+Management tool, you do it like this:
+
+ at example
+netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
+ at end example
+
+You also need to add the inter-realm keys to the Heimdal KDC. Make sure
+you have matching encryption types (DES, Arcfour and AES in case of Longhorn)
+
+Another issue is salting. Since Windows 2000 does not seem to
+understand Kerberos 4 salted hashes you might need to turn off anything
+similar to the following if you have it, at least while adding the
+principals that are going to share keys with Windows 2000.
+
+ at example
+[kadmin]
+ default_keys = v5 v4
+ at end example
+
+So remove v4 from default keys.
+
+What you probably want to use is this:
+
+ at example
+[kadmin]
+ default_keys = des-cbc-crc:pw-salt arcfour-hmac-md5:pw-salt
+ at end example
+
+ at c XXX check this
+ at c It is definitely not supported in base 2003. I haven't been able to
+ at c get SP1 installed here, but it is supposed to work in that.
+
+Once that is also done, you can add the required inter-realm keys:
+
+ at example
+kadmin add krbtgt/NT.REALM.EXAMPLE.COM@@EXAMPLE.COM
+kadmin add krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM
+ at end example
+
+Use the same passwords for both keys.
+
+Do not forget to reboot before trying the new realm-trust (after
+running @command{ksetup}). It looks like it might work, but packets are
+never sent to the non-Windows KDC.
+
+ at node Create account mappings, Encryption types, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability
+ at comment node-name, next, precious, up
+ at section Create account mappings
+
+Start the @code{Active Directory Users and Computers} tool. Select the
+View menu, that is in the left corner just below the real menu (or press
+Alt-V), and select Advanced Features. Right click on the user that you
+are going to do a name mapping for and choose Name mapping.
+
+Click on the Kerberos Names tab and add a new principal from the
+non-Windows domain.
+
+ at c XXX check entry name then I have network again
+This adds @samp{authorizationNames} entry to the users LDAP entry to
+the Active Directory LDAP catalog. When you create users by script you
+can add this entry instead.
+
+ at node Encryption types, Authorisation data, Create account mappings, Windows 2000 compatability
+ at comment node-name, next, previous, up
+ at section Encryption types
+
+Windows 2000 supports both the standard DES encryptions (@samp{des-cbc-crc} and
+ at samp{des-cbc-md5}) and its own proprietary encryption that is based on MD4 and
+RC4 that is documented in and is supposed to be described in
+ at file{draft-brezak-win2k-krb-rc4-hmac-03.txt}. New users will get both
+MD4 and DES keys. Users that are converted from a NT4 database, will
+only have MD4 passwords and will need a password change to get a DES
+key.
+
+ at node Authorisation data, Quirks of Windows 2000 KDC, Encryption types, Windows 2000 compatability
+ at comment node-name, next, previous, up
+ at section Authorisation data
+
+The Windows 2000 KDC also adds extra authorisation data in tickets.
+It is at this point unclear what triggers it to do this. The format of
+this data is only available under a ``secret'' license from Microsoft,
+which prohibits you implementing it.
+
+A simple way of getting hold of the data to be able to understand it
+better is described here.
+
+ at enumerate
+ at item Find the client example on using the SSPI in the SDK documentation.
+ at item Change ``AuthSamp'' in the source code to lowercase.
+ at item Build the program.
+ at item Add the ``authsamp'' principal with a known password to the
+database. Make sure it has a DES key.
+ at item Run @kbd{ktutil add} to add the key for that principal to a
+keytab.
+ at item Run @kbd{appl/test/nt_gss_server -p 2000 -s authsamp
+ at kbd{--dump-auth}=@var{file}} where @var{file} is an appropriate file.
+ at item It should authenticate and dump for you the authorisation data in
+the file.
+ at item The tool @kbd{lib/asn1/asn1_print} is somewhat useful for
+analysing the data.
+ at end enumerate
+
+ at node Quirks of Windows 2000 KDC, Useful links when reading about the Windows 2000, Authorisation data, Windows 2000 compatability
+ at comment node-name, next, previous, up
+ at section Quirks of Windows 2000 KDC
+
+There are some issues with salts and Windows 2000. Using an empty salt---which is the only one that Kerberos 4 supported, and is therefore known
+as a Kerberos 4 compatible salt---does not work, as far as we can tell
+from out experiments and users' reports. Therefore, you have to make
+sure you keep around keys with all the different types of salts that are
+required. Microsoft have fixed this issue post Windows 2003.
+
+Microsoft seems also to have forgotten to implement the checksum
+algorithms @samp{rsa-md4-des} and @samp{rsa-md5-des}. This can make Name
+mapping (@pxref{Create account mappings}) fail if a @samp{des-cbc-md5} key
+is used. To make the KDC return only @samp{des-cbc-crc} you must delete
+the @samp{des-cbc-md5} key from the kdc using the @kbd{kadmin
+del_enctype} command.
+
+ at example
+kadmin del_enctype lha des-cbc-md5
+ at end example
+
+You should also add the following entries to the @file{krb5.conf} file:
+
+ at example
+[libdefaults]
+ default_etypes = des-cbc-crc
+ default_etypes_des = des-cbc-crc
+ at end example
+
+These configuration options will make sure that no checksums of the
+unsupported types are generated.
+
+ at node Useful links when reading about the Windows 2000, , Quirks of Windows 2000 KDC, Windows 2000 compatability
+ at comment node-name, next, previous, up
+ at section Useful links when reading about the Windows 2000
+
+See also our paper presented at the 2001 Usenix Annual Technical
+Conference, available in the proceedings or at
+ at uref{http://www.usenix.org/publications/library/proceedings/usenix01/freenix01/westerlund.html}.
+
+There are lots of texts about Kerberos on Microsoft's web site, here is a
+short list of the interesting documents that we have managed to find.
+
+ at itemize @bullet
+
+ at item Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability:
+ at uref{http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx}.
+Kerberos GSS-API (in Windows-eze SSPI), Windows as a client in a
+non-Windows KDC realm, adding unix clients to a Windows 2000 KDC, and
+adding cross-realm trust (@pxref{Inter-Realm keys (trust) between Windows 2000
+and a Heimdal KDC}).
+
+ at item Windows 2000 Kerberos Authentication:
+ at uref{www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/kerberos.mspx}.
+White paper that describes how Kerberos is used in Windows 2000.
+
+ at item Overview of Kerberos:
+ at uref{http://support.microsoft.com/support/kb/articles/Q248/7/58.ASP}.
+Links to useful other links.
+
+ at c @item Klist for Windows:
+ at c @uref{http://msdn.microsoft.com/library/periodic/period00/security0500.htm}.
+ at c Describes where to get a klist for Windows 2000.
+
+ at item Event logging for Kerberos:
+ at uref{http://support.microsoft.com/support/kb/articles/Q262/1/77.ASP}.
+Basically it say that you can add a registry key
+ at code{HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\LogLevel}
+with value DWORD equal to 1, and then you'll get logging in the Event
+Logger.
+
+ at c @item Access to the Active Directory through LDAP:
+ at c @uref{http://msdn.microsoft.com/library/techart/kerberossamp.htm}
+
+ at end itemize
+
+Other useful programs include these:
+
+ at itemize @bullet
+ at item pwdump2
+ at uref{http://www.bindview.com/Support/RAZOR/Utilities/Windows/pwdump2_readme.cfm}@end itemize
Added: vendor-crypto/heimdal/dist/etc/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/etc/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/etc/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+EXTRA_DIST = services.append
Added: vendor-crypto/heimdal/dist/etc/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/etc/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/etc/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,658 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = etc
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+EXTRA_DIST = services.append
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps etc/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps etc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/etc/services.append
===================================================================
--- vendor-crypto/heimdal/dist/etc/services.append (rev 0)
+++ vendor-crypto/heimdal/dist/etc/services.append 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,29 @@
+#
+# $Id: services.append,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+#
+# Kerberos services
+#
+kerberos 88/udp kerberos-sec # Kerberos v5 UDP
+kerberos 88/tcp kerberos-sec # Kerberos v5 TCP
+kpasswd 464/udp # password changing
+kpasswd 464/tcp # password changing
+klogin 543/tcp # Kerberos authenticated rlogin
+kshell 544/tcp krcmd # and remote shell
+ekshell 545/tcp # Kerberos encrypted remote shell -kfall
+ekshell2 2106/tcp # What U of Colorado @ Boulder uses?
+kerberos-adm 749/udp # v5 kadmin
+kerberos-adm 749/tcp # v5 kadmin
+kerberos-iv 750/udp kdc # Kerberos authentication--udp
+kerberos-iv 750/tcp kdc # Kerberos authentication--tcp
+kerberos_master 751/udp # v4 kadmin
+kerberos_master 751/tcp # v4 kadmin
+krb_prop 754/tcp hprop # Kerberos slave propagation
+kpop 1109/tcp # Pop with Kerberos
+eklogin 2105/tcp # Kerberos encrypted rlogin
+rkinit 2108/tcp # Kerberos remote kinit
+kf 2110/tcp # forward credentials
+kx 2111/tcp # X over kerberos
+kip 2112/tcp # IP over kerberos
+kauth 2120/tcp # Remote kauth
+iprop 2121/tcp # incremental propagation
+krb524 4444/udp # MIT 5->4
Added: vendor-crypto/heimdal/dist/include/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/include/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/include/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = kadm5 hcrypto gssapi
+
+noinst_PROGRAMS = bits make_crypto
+CHECK_LOCAL = no-check-local
+
+AM_CPPFLAGS += -DHOST=\"$(CANONICAL_HOST)\"
+
+nodist_include_HEADERS = krb5-types.h
+nodist_noinst_HEADERS = crypto-headers.h
+
+krb5-types.h: bits$(EXEEXT)
+ ./bits$(EXEEXT) krb5-types.h
+
+crypto-headers.h: make_crypto$(EXEEXT)
+ ./make_crypto$(EXEEXT) crypto-headers.h
+
+CLEANFILES = \
+ cms_asn1.h \
+ der-protos.h \
+ digest_asn1.h \
+ hdb-protos.h \
+ heim_asn1.h \
+ heim_threads.h \
+ hex.h \
+ hx509-protos.h \
+ hx509.h \
+ hx509_err.h \
+ kx509_asn1.h \
+ kx509_err.h \
+ k524_err.h \
+ kdc-protos.h \
+ kdc.h \
+ krb5_asn1.h \
+ krb5_ccapi.h \
+ parse_bytes.h \
+ pkcs12_asn1.h \
+ pkcs8_asn1.h \
+ pkcs9_asn1.h \
+ pkinit_asn1.h \
+ rfc2459_asn1.h \
+ rtbl.h \
+ test-mem.h \
+ vers.h \
+ vis.h \
+ asn1.h \
+ asn1_err.h \
+ base64.h \
+ com_err.h \
+ com_right.h \
+ crypto-headers.h \
+ der.h \
+ editline.h \
+ err.h \
+ getarg.h \
+ glob.h \
+ gssapi.h \
+ hdb.h \
+ hdb_asn1.h \
+ hdb_err.h \
+ heim_err.h \
+ heimntlm.h \
+ heimntlm-protos.h \
+ kafs.h \
+ krb_err.h \
+ krb5-protos.h \
+ krb5-private.h \
+ krb5-types.h \
+ krb5.h \
+ krb5_err.h \
+ otp.h \
+ parse_time.h \
+ parse_units.h \
+ resolve.h \
+ roken-common.h \
+ roken.h \
+ sl.h \
+ windc_plugin.h \
+ locate_plugin.h \
+ xdbm.h
+
+DISTCLEANFILES = \
+ version.h \
+ version.h.in
Added: vendor-crypto/heimdal/dist/include/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/include/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/include/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,996 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/config.h.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT)
+subdir = include
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+bits_SOURCES = bits.c
+bits_OBJECTS = bits.$(OBJEXT)
+bits_LDADD = $(LDADD)
+make_crypto_SOURCES = make_crypto.c
+make_crypto_OBJECTS = make_crypto.$(OBJEXT)
+make_crypto_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = bits.c make_crypto.c
+DIST_SOURCES = bits.c make_crypto.c
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(includedir)"
+nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(nodist_include_HEADERS) $(nodist_noinst_HEADERS)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -DHOST=\"$(CANONICAL_HOST)\"
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SUBDIRS = kadm5 hcrypto gssapi
+CHECK_LOCAL = no-check-local
+nodist_include_HEADERS = krb5-types.h
+nodist_noinst_HEADERS = crypto-headers.h
+CLEANFILES = \
+ cms_asn1.h \
+ der-protos.h \
+ digest_asn1.h \
+ hdb-protos.h \
+ heim_asn1.h \
+ heim_threads.h \
+ hex.h \
+ hx509-protos.h \
+ hx509.h \
+ hx509_err.h \
+ kx509_asn1.h \
+ kx509_err.h \
+ k524_err.h \
+ kdc-protos.h \
+ kdc.h \
+ krb5_asn1.h \
+ krb5_ccapi.h \
+ parse_bytes.h \
+ pkcs12_asn1.h \
+ pkcs8_asn1.h \
+ pkcs9_asn1.h \
+ pkinit_asn1.h \
+ rfc2459_asn1.h \
+ rtbl.h \
+ test-mem.h \
+ vers.h \
+ vis.h \
+ asn1.h \
+ asn1_err.h \
+ base64.h \
+ com_err.h \
+ com_right.h \
+ crypto-headers.h \
+ der.h \
+ editline.h \
+ err.h \
+ getarg.h \
+ glob.h \
+ gssapi.h \
+ hdb.h \
+ hdb_asn1.h \
+ hdb_err.h \
+ heim_err.h \
+ heimntlm.h \
+ heimntlm-protos.h \
+ kafs.h \
+ krb_err.h \
+ krb5-protos.h \
+ krb5-private.h \
+ krb5-types.h \
+ krb5.h \
+ krb5_err.h \
+ otp.h \
+ parse_time.h \
+ parse_units.h \
+ resolve.h \
+ roken-common.h \
+ roken.h \
+ sl.h \
+ windc_plugin.h \
+ locate_plugin.h \
+ xdbm.h
+
+DISTCLEANFILES = \
+ version.h \
+ version.h.in
+
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps include/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+config.h: stamp-h1
+ @if test ! -f $@; then \
+ rm -f stamp-h1; \
+ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+ else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status include/config.h
+$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_srcdir) && $(AUTOHEADER)
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES)
+ @rm -f bits$(EXEEXT)
+ $(LINK) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
+make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES)
+ @rm -f make_crypto$(EXEEXT)
+ $(LINK) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile $(PROGRAMS) $(HEADERS) config.h all-local
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool clean-noinstPROGRAMS ctags \
+ ctags-recursive dist-hook distclean distclean-compile \
+ distclean-generic distclean-hdr distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man \
+ install-nodist_includeHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-recursive uninstall uninstall-am uninstall-hook \
+ uninstall-nodist_includeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+krb5-types.h: bits$(EXEEXT)
+ ./bits$(EXEEXT) krb5-types.h
+
+crypto-headers.h: make_crypto$(EXEEXT)
+ ./make_crypto$(EXEEXT) crypto-headers.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/include/bits.c
===================================================================
--- vendor-crypto/heimdal/dist/include/bits.c (rev 0)
+++ vendor-crypto/heimdal/dist/include/bits.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 1997-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: bits.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#define BITSIZE(TYPE) \
+{ \
+ int b = 0; TYPE x = 1, zero = 0; const char *pre = "u"; \
+ char tmp[128], tmp2[128]; \
+ while(x){ x <<= 1; b++; if(x < zero) pre=""; } \
+ if(b >= len){ \
+ int tabs; \
+ sprintf(tmp, "%sint%d_t" , pre, len); \
+ sprintf(tmp2, "typedef %s %s;", #TYPE, tmp); \
+ tabs = 5 - strlen(tmp2) / 8; \
+ fprintf(f, "%s", tmp2); \
+ while(tabs-- > 0) fprintf(f, "\t"); \
+ fprintf(f, "/* %2d bits */\n", b); \
+ return; \
+ } \
+}
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+static void
+try_signed(FILE *f, int len) __attribute__ ((unused));
+
+static void
+try_unsigned(FILE *f, int len) __attribute__ ((unused));
+
+static int
+print_bt(FILE *f, int flag) __attribute__ ((unused));
+
+static void
+try_signed(FILE *f, int len)
+{
+ BITSIZE(signed char);
+ BITSIZE(short);
+ BITSIZE(int);
+ BITSIZE(long);
+#ifdef HAVE_LONG_LONG
+ BITSIZE(long long);
+#endif
+ fprintf(f, "/* There is no %d bit type */\n", len);
+}
+
+static void
+try_unsigned(FILE *f, int len)
+{
+ BITSIZE(unsigned char);
+ BITSIZE(unsigned short);
+ BITSIZE(unsigned int);
+ BITSIZE(unsigned long);
+#ifdef HAVE_LONG_LONG
+ BITSIZE(unsigned long long);
+#endif
+ fprintf(f, "/* There is no %d bit type */\n", len);
+}
+
+static int
+print_bt(FILE *f, int flag)
+{
+ if(flag == 0){
+ fprintf(f, "/* For compatibility with various type definitions */\n");
+ fprintf(f, "#ifndef __BIT_TYPES_DEFINED__\n");
+ fprintf(f, "#define __BIT_TYPES_DEFINED__\n");
+ fprintf(f, "\n");
+ }
+ return 1;
+}
+
+int main(int argc, char **argv)
+{
+ FILE *f;
+ int flag;
+ const char *fn, *hb;
+
+ if (argc > 1 && strcmp(argv[1], "--version") == 0) {
+ printf("some version");
+ return 0;
+ }
+
+ if(argc < 2){
+ fn = "bits.h";
+ hb = "__BITS_H__";
+ f = stdout;
+ } else {
+ char *p;
+ fn = argv[1];
+ p = malloc(strlen(fn) + 5);
+ sprintf(p, "__%s__", fn);
+ hb = p;
+ for(; *p; p++){
+ if(!isalnum((unsigned char)*p))
+ *p = '_';
+ }
+ f = fopen(argv[1], "w");
+ }
+ fprintf(f, "/* %s -- this file was generated for %s by\n", fn, HOST);
+ fprintf(f, " %*s %s */\n\n", (int)strlen(fn), "",
+ "$Id: bits.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+ fprintf(f, "#ifndef %s\n", hb);
+ fprintf(f, "#define %s\n", hb);
+ fprintf(f, "\n");
+#ifdef HAVE_INTTYPES_H
+ fprintf(f, "#include <inttypes.h>\n");
+#endif
+#ifdef HAVE_SYS_TYPES_H
+ fprintf(f, "#include <sys/types.h>\n");
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+ fprintf(f, "#include <sys/bitypes.h>\n");
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+ fprintf(f, "#include <bind/bitypes.h>\n");
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+ fprintf(f, "#include <netinet/in6_machtypes.h>\n");
+#endif
+#ifdef HAVE_SOCKLEN_T
+ fprintf(f, "#include <sys/socket.h>\n");
+#endif
+ fprintf(f, "\n");
+
+ flag = 0;
+#ifndef HAVE_INT8_T
+ flag = print_bt(f, flag);
+ try_signed (f, 8);
+#endif /* HAVE_INT8_T */
+#ifndef HAVE_INT16_T
+ flag = print_bt(f, flag);
+ try_signed (f, 16);
+#endif /* HAVE_INT16_T */
+#ifndef HAVE_INT32_T
+ flag = print_bt(f, flag);
+ try_signed (f, 32);
+#endif /* HAVE_INT32_T */
+#ifndef HAVE_INT64_T
+ flag = print_bt(f, flag);
+ try_signed (f, 64);
+#endif /* HAVE_INT64_T */
+
+#ifndef HAVE_UINT8_T
+ flag = print_bt(f, flag);
+ try_unsigned (f, 8);
+#endif /* HAVE_UINT8_T */
+#ifndef HAVE_UINT16_T
+ flag = print_bt(f, flag);
+ try_unsigned (f, 16);
+#endif /* HAVE_UINT16_T */
+#ifndef HAVE_UINT32_T
+ flag = print_bt(f, flag);
+ try_unsigned (f, 32);
+#endif /* HAVE_UINT32_T */
+#ifndef HAVE_UINT64_T
+ flag = print_bt(f, flag);
+ try_unsigned (f, 64);
+#endif /* HAVE_UINT64_T */
+
+#define X(S) fprintf(f, "typedef uint" #S "_t u_int" #S "_t;\n")
+#ifndef HAVE_U_INT8_T
+ flag = print_bt(f, flag);
+ X(8);
+#endif /* HAVE_U_INT8_T */
+#ifndef HAVE_U_INT16_T
+ flag = print_bt(f, flag);
+ X(16);
+#endif /* HAVE_U_INT16_T */
+#ifndef HAVE_U_INT32_T
+ flag = print_bt(f, flag);
+ X(32);
+#endif /* HAVE_U_INT32_T */
+#ifndef HAVE_U_INT64_T
+ flag = print_bt(f, flag);
+ X(64);
+#endif /* HAVE_U_INT64_T */
+
+ if(flag){
+ fprintf(f, "\n");
+ fprintf(f, "#endif /* __BIT_TYPES_DEFINED__ */\n\n");
+ }
+#ifdef KRB5
+ fprintf(f, "\n");
+#if defined(HAVE_SOCKLEN_T)
+ fprintf(f, "typedef socklen_t krb5_socklen_t;\n");
+#else
+ fprintf(f, "typedef int krb5_socklen_t;\n");
+#endif
+#if defined(HAVE_SSIZE_T)
+#ifdef HAVE_UNISTD_H
+ fprintf(f, "#include <unistd.h>\n");
+#endif
+ fprintf(f, "typedef ssize_t krb5_ssize_t;\n");
+#else
+ fprintf(f, "typedef int krb5_ssize_t;\n");
+#endif
+ fprintf(f, "\n");
+#endif /* KRB5 */
+ fprintf(f, "#endif /* %s */\n", hb);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/include/config.h.in
===================================================================
--- vendor-crypto/heimdal/dist/include/config.h.in (rev 0)
+++ vendor-crypto/heimdal/dist/include/config.h.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1472 @@
+/* include/config.h.in. Generated from configure.in by autoheader. */
+
+#ifndef RCSID
+#define RCSID(msg) \
+static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
+#endif
+
+/* Maximum values on all known systems */
+#define MaxHostNameLen (64+4)
+#define MaxPathLen (1024+4)
+
+
+
+#ifdef BUILD_KRB5_LIB
+#ifndef KRB5_LIB_FUNCTION
+#ifdef _WIN32_
+#define KRB5_LIB_FUNCTION _export _stdcall
+#else
+#define KRB5_LIB_FUNCTION
+#endif
+#endif
+#endif
+
+
+#ifdef BUILD_ROKEN_LIB
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32_
+#define ROKEN_LIB_FUNCTION _export _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+#endif
+
+
+/* Define if you want authentication support in telnet. */
+#undef AUTHENTICATION
+
+/* path to bin */
+#undef BINDIR
+
+/* Define if realloc(NULL) doesn't work. */
+#undef BROKEN_REALLOC
+
+/* Define if you want support for DCE/DFS PAG's. */
+#undef DCE
+
+/* Define if you want to use DES encryption in telnet. */
+#undef DES_ENCRYPTION
+
+/* Define this to enable diagnostics in telnet. */
+#undef DIAGNOSTICS
+
+/* Define if want to use the weak AFS string to key functions. */
+#undef ENABLE_AFS_STRING_TO_KEY
+
+/* Define if you want have a thread safe libraries */
+#undef ENABLE_PTHREAD_SUPPORT
+
+/* Define if you want encryption support in telnet. */
+#undef ENCRYPTION
+
+/* define if sys/param.h defines the endiness */
+#undef ENDIANESS_IN_SYS_PARAM_H
+
+/* Define this if you want support for broken ENV_{VAR,VAL} telnets. */
+#undef ENV_HACK
+
+/* define if prototype of gethostbyaddr is compatible with struct hostent
+ *gethostbyaddr(const void *, size_t, int) */
+#undef GETHOSTBYADDR_PROTO_COMPATIBLE
+
+/* define if prototype of gethostbyname is compatible with struct hostent
+ *gethostbyname(const char *) */
+#undef GETHOSTBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of getservbyname is compatible with struct servent
+ *getservbyname(const char *, const char *) */
+#undef GETSERVBYNAME_PROTO_COMPATIBLE
+
+/* define if prototype of getsockname is compatible with int getsockname(int,
+ struct sockaddr*, socklen_t*) */
+#undef GETSOCKNAME_PROTO_COMPATIBLE
+
+/* Define if you have the `altzone' variable. */
+#undef HAVE_ALTZONE
+
+/* Define to 1 if you have the `arc4random' function. */
+#undef HAVE_ARC4RANDOM
+
+/* Define to 1 if you have the <arpa/ftp.h> header file. */
+#undef HAVE_ARPA_FTP_H
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <arpa/nameser.h> header file. */
+#undef HAVE_ARPA_NAMESER_H
+
+/* Define to 1 if you have the <arpa/telnet.h> header file. */
+#undef HAVE_ARPA_TELNET_H
+
+/* Define to 1 if you have the `asnprintf' function. */
+#undef HAVE_ASNPRINTF
+
+/* Define to 1 if you have the `asprintf' function. */
+#undef HAVE_ASPRINTF
+
+/* Define to 1 if you have the `atexit' function. */
+#undef HAVE_ATEXIT
+
+/* Define to 1 if you have the <bind/bitypes.h> header file. */
+#undef HAVE_BIND_BITYPES_H
+
+/* Define to 1 if you have the <bsdsetjmp.h> header file. */
+#undef HAVE_BSDSETJMP_H
+
+/* Define to 1 if you have the `bswap16' function. */
+#undef HAVE_BSWAP16
+
+/* Define to 1 if you have the `bswap32' function. */
+#undef HAVE_BSWAP32
+
+/* Define to 1 if you have the <capability.h> header file. */
+#undef HAVE_CAPABILITY_H
+
+/* Define to 1 if you have the `cap_set_proc' function. */
+#undef HAVE_CAP_SET_PROC
+
+/* Define to 1 if you have the `cgetent' function. */
+#undef HAVE_CGETENT
+
+/* Define if you have the function `chown'. */
+#undef HAVE_CHOWN
+
+/* Define if you have the function `closefrom'. */
+#undef HAVE_CLOSEFROM
+
+/* Define to 1 if you have the <config.h> header file. */
+#undef HAVE_CONFIG_H
+
+/* Define if you have the function `copyhostent'. */
+#undef HAVE_COPYHOSTENT
+
+/* Define to 1 if you have the `crypt' function. */
+#undef HAVE_CRYPT
+
+/* Define to 1 if you have the <crypt.h> header file. */
+#undef HAVE_CRYPT_H
+
+/* Define to 1 if you have the <curses.h> header file. */
+#undef HAVE_CURSES_H
+
+/* Define if you have the function `daemon'. */
+#undef HAVE_DAEMON
+
+/* define if you have a berkeley db1/2 library */
+#undef HAVE_DB1
+
+/* define if you have a berkeley db3/4 library */
+#undef HAVE_DB3
+
+/* Define to 1 if you have the <db3/db.h> header file. */
+#undef HAVE_DB3_DB_H
+
+/* Define to 1 if you have the <db4/db.h> header file. */
+#undef HAVE_DB4_DB_H
+
+/* Define to 1 if you have the `dbm_firstkey' function. */
+#undef HAVE_DBM_FIRSTKEY
+
+/* Define to 1 if you have the <dbm.h> header file. */
+#undef HAVE_DBM_H
+
+/* Define to 1 if you have the `dbopen' function. */
+#undef HAVE_DBOPEN
+
+/* Define to 1 if you have the <db_185.h> header file. */
+#undef HAVE_DB_185_H
+
+/* Define to 1 if you have the `db_create' function. */
+#undef HAVE_DB_CREATE
+
+/* Define to 1 if you have the <db.h> header file. */
+#undef HAVE_DB_H
+
+/* define if you have ndbm compat in db */
+#undef HAVE_DB_NDBM
+
+/* Define to 1 if you have the declaration of `altzone', and to 0 if you
+ don't. */
+#undef HAVE_DECL_ALTZONE
+
+/* Define to 1 if you have the declaration of `environ', and to 0 if you
+ don't. */
+#undef HAVE_DECL_ENVIRON
+
+/* Define to 1 if you have the declaration of `h_errlist', and to 0 if you
+ don't. */
+#undef HAVE_DECL_H_ERRLIST
+
+/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
+ don't. */
+#undef HAVE_DECL_H_ERRNO
+
+/* Define to 1 if you have the declaration of `h_nerr', and to 0 if you don't.
+ */
+#undef HAVE_DECL_H_NERR
+
+/* Define to 1 if you have the declaration of `optarg', and to 0 if you don't.
+ */
+#undef HAVE_DECL_OPTARG
+
+/* Define to 1 if you have the declaration of `opterr', and to 0 if you don't.
+ */
+#undef HAVE_DECL_OPTERR
+
+/* Define to 1 if you have the declaration of `optind', and to 0 if you don't.
+ */
+#undef HAVE_DECL_OPTIND
+
+/* Define to 1 if you have the declaration of `optopt', and to 0 if you don't.
+ */
+#undef HAVE_DECL_OPTOPT
+
+/* Define to 1 if you have the declaration of `timezone', and to 0 if you
+ don't. */
+#undef HAVE_DECL_TIMEZONE
+
+/* Define to 1 if you have the declaration of `_res', and to 0 if you don't.
+ */
+#undef HAVE_DECL__RES
+
+/* Define to 1 if you have the declaration of `__progname', and to 0 if you
+ don't. */
+#undef HAVE_DECL___PROGNAME
+
+/* Define to 1 if you have the <dirent.h> header file. */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the `dlopen' function. */
+#undef HAVE_DLOPEN
+
+/* Define to 1 if you have the `dn_expand' function. */
+#undef HAVE_DN_EXPAND
+
+/* Define to 1 if you have the `door_create' function. */
+#undef HAVE_DOOR_CREATE
+
+/* Define if you have the function `ecalloc'. */
+#undef HAVE_ECALLOC
+
+/* Define to 1 if you have the `el_init' function. */
+#undef HAVE_EL_INIT
+
+/* Define if you have the function `emalloc'. */
+#undef HAVE_EMALLOC
+
+/* Define if you have the function `erealloc'. */
+#undef HAVE_EREALLOC
+
+/* Define if you have the function `err'. */
+#undef HAVE_ERR
+
+/* Define to 1 if you have the <errno.h> header file. */
+#undef HAVE_ERRNO_H
+
+/* Define if you have the function `errx'. */
+#undef HAVE_ERRX
+
+/* Define to 1 if you have the <err.h> header file. */
+#undef HAVE_ERR_H
+
+/* Define if you have the function `estrdup'. */
+#undef HAVE_ESTRDUP
+
+/* Define if you have the function `fchown'. */
+#undef HAVE_FCHOWN
+
+/* Define to 1 if you have the `fcntl' function. */
+#undef HAVE_FCNTL
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define if you have the function `flock'. */
+#undef HAVE_FLOCK
+
+/* Define if you have the function `fnmatch'. */
+#undef HAVE_FNMATCH
+
+/* Define to 1 if you have the <fnmatch.h> header file. */
+#undef HAVE_FNMATCH_H
+
+/* Define if el_init takes four arguments. */
+#undef HAVE_FOUR_VALUED_EL_INIT
+
+/* Have -framework Security */
+#undef HAVE_FRAMEWORK_SECURITY
+
+/* Define to 1 if you have the `freeaddrinfo' function. */
+#undef HAVE_FREEADDRINFO
+
+/* Define if you have the function `freehostent'. */
+#undef HAVE_FREEHOSTENT
+
+/* Define to 1 if you have the `gai_strerror' function. */
+#undef HAVE_GAI_STRERROR
+
+/* Define to 1 if you have the <gdbm/ndbm.h> header file. */
+#undef HAVE_GDBM_NDBM_H
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getconfattr' function. */
+#undef HAVE_GETCONFATTR
+
+/* Define if you have the function `getcwd'. */
+#undef HAVE_GETCWD
+
+/* Define if you have the function `getdtablesize'. */
+#undef HAVE_GETDTABLESIZE
+
+/* Define if you have the function `getegid'. */
+#undef HAVE_GETEGID
+
+/* Define if you have the function `geteuid'. */
+#undef HAVE_GETEUID
+
+/* Define if you have the function `getgid'. */
+#undef HAVE_GETGID
+
+/* Define to 1 if you have the `gethostbyname' function. */
+#undef HAVE_GETHOSTBYNAME
+
+/* Define to 1 if you have the `gethostbyname2' function. */
+#undef HAVE_GETHOSTBYNAME2
+
+/* Define if you have the function `gethostname'. */
+#undef HAVE_GETHOSTNAME
+
+/* Define if you have the function `getifaddrs'. */
+#undef HAVE_GETIFADDRS
+
+/* Define if you have the function `getipnodebyaddr'. */
+#undef HAVE_GETIPNODEBYADDR
+
+/* Define if you have the function `getipnodebyname'. */
+#undef HAVE_GETIPNODEBYNAME
+
+/* Define to 1 if you have the `getlogin' function. */
+#undef HAVE_GETLOGIN
+
+/* Define if you have a working getmsg. */
+#undef HAVE_GETMSG
+
+/* Define to 1 if you have the `getnameinfo' function. */
+#undef HAVE_GETNAMEINFO
+
+/* Define if you have the function `getopt'. */
+#undef HAVE_GETOPT
+
+/* Define to 1 if you have the `getpagesize' function. */
+#undef HAVE_GETPAGESIZE
+
+/* Define to 1 if you have the `getpeereid' function. */
+#undef HAVE_GETPEEREID
+
+/* Define to 1 if you have the `getpeerucred' function. */
+#undef HAVE_GETPEERUCRED
+
+/* Define to 1 if you have the `getprogname' function. */
+#undef HAVE_GETPROGNAME
+
+/* Define to 1 if you have the `getpwnam_r' function. */
+#undef HAVE_GETPWNAM_R
+
+/* Define to 1 if you have the `getrlimit' function. */
+#undef HAVE_GETRLIMIT
+
+/* Define to 1 if you have the `getsockopt' function. */
+#undef HAVE_GETSOCKOPT
+
+/* Define to 1 if you have the `getspnam' function. */
+#undef HAVE_GETSPNAM
+
+/* Define if you have the function `gettimeofday'. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `getudbnam' function. */
+#undef HAVE_GETUDBNAM
+
+/* Define if you have the function `getuid'. */
+#undef HAVE_GETUID
+
+/* Define if you have the function `getusershell'. */
+#undef HAVE_GETUSERSHELL
+
+/* define if you have a glob() that groks GLOB_BRACE, GLOB_NOCHECK,
+ GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT */
+#undef HAVE_GLOB
+
+/* Define to 1 if you have the `grantpt' function. */
+#undef HAVE_GRANTPT
+
+/* Define to 1 if you have the <grp.h> header file. */
+#undef HAVE_GRP_H
+
+/* Define to 1 if you have the `hstrerror' function. */
+#undef HAVE_HSTRERROR
+
+/* Define if you have the `h_errlist' variable. */
+#undef HAVE_H_ERRLIST
+
+/* Define if you have the `h_errno' variable. */
+#undef HAVE_H_ERRNO
+
+/* Define if you have the `h_nerr' variable. */
+#undef HAVE_H_NERR
+
+/* Define to 1 if you have the <ifaddrs.h> header file. */
+#undef HAVE_IFADDRS_H
+
+/* Define if you have the in6addr_loopback variable */
+#undef HAVE_IN6ADDR_LOOPBACK
+
+/* define */
+#undef HAVE_INET_ATON
+
+/* define */
+#undef HAVE_INET_NTOP
+
+/* define */
+#undef HAVE_INET_PTON
+
+/* Define if you have the function `initgroups'. */
+#undef HAVE_INITGROUPS
+
+/* Define to 1 if you have the `initstate' function. */
+#undef HAVE_INITSTATE
+
+/* Define if you have the function `innetgr'. */
+#undef HAVE_INNETGR
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int64_t'. */
+#undef HAVE_INT64_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <io.h> header file. */
+#undef HAVE_IO_H
+
+/* Define if you have IPv6. */
+#undef HAVE_IPV6
+
+/* Define if you have the function `iruserok'. */
+#undef HAVE_IRUSEROK
+
+/* Define to 1 if you have the `issetugid' function. */
+#undef HAVE_ISSETUGID
+
+/* Define if you want to use the Kerberos Credentials Manager. */
+#undef HAVE_KCM
+
+/* Define to 1 if you have the <libutil.h> header file. */
+#undef HAVE_LIBUTIL_H
+
+/* Define to 1 if you have the <limits.h> header file. */
+#undef HAVE_LIMITS_H
+
+/* Define to 1 if you have the `loadquery' function. */
+#undef HAVE_LOADQUERY
+
+/* Define if you have the function `localtime_r'. */
+#undef HAVE_LOCALTIME_R
+
+/* Define to 1 if you have the `logout' function. */
+#undef HAVE_LOGOUT
+
+/* Define to 1 if you have the `logwtmp' function. */
+#undef HAVE_LOGWTMP
+
+/* Define to 1 if the system has the type `long long'. */
+#undef HAVE_LONG_LONG
+
+/* Define if you have the function `lstat'. */
+#undef HAVE_LSTAT
+
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
+/* Define if you have the function `memmove'. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define if you have the function `mkstemp'. */
+#undef HAVE_MKSTEMP
+
+/* Define to 1 if you have the `mktime' function. */
+#undef HAVE_MKTIME
+
+/* Define to 1 if you have a working `mmap' system call. */
+#undef HAVE_MMAP
+
+/* define if you have a ndbm library */
+#undef HAVE_NDBM
+
+/* Define to 1 if you have the <ndbm.h> header file. */
+#undef HAVE_NDBM_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <netgroup.h> header file. */
+#undef HAVE_NETGROUP_H
+
+/* Define to 1 if you have the <netinet6/in6.h> header file. */
+#undef HAVE_NETINET6_IN6_H
+
+/* Define to 1 if you have the <netinet6/in6_var.h> header file. */
+#undef HAVE_NETINET6_IN6_VAR_H
+
+/* Define to 1 if you have the <netinet/in6.h> header file. */
+#undef HAVE_NETINET_IN6_H
+
+/* Define to 1 if you have the <netinet/in6_machtypes.h> header file. */
+#undef HAVE_NETINET_IN6_MACHTYPES_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+#undef HAVE_NETINET_IN_SYSTM_H
+
+/* Define to 1 if you have the <netinet/ip.h> header file. */
+#undef HAVE_NETINET_IP_H
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#undef HAVE_NETINET_TCP_H
+
+/* Define if you want to use Netinfo instead of krb5.conf. */
+#undef HAVE_NETINFO
+
+/* Define to 1 if you have the <netinfo/ni.h> header file. */
+#undef HAVE_NETINFO_NI_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#undef HAVE_NET_IF_H
+
+/* Define if NDBM really is DB (creates files *.db) */
+#undef HAVE_NEW_DB
+
+/* Define to 1 if you have the `on_exit' function. */
+#undef HAVE_ON_EXIT
+
+/* Define to 1 if you have the `openpty' function. */
+#undef HAVE_OPENPTY
+
+/* define to use openssl's libcrypto */
+#undef HAVE_OPENSSL
+
+/* Define to enable basic OSF C2 support. */
+#undef HAVE_OSFC2
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define to 1 if you have the `pidfile' function. */
+#undef HAVE_PIDFILE
+
+/* Define to 1 if you have the `poll' function. */
+#undef HAVE_POLL
+
+/* Define to 1 if you have the <poll.h> header file. */
+#undef HAVE_POLL_H
+
+/* Define to 1 if you have the <pthread.h> header file. */
+#undef HAVE_PTHREAD_H
+
+/* Define to 1 if you have the `ptsname' function. */
+#undef HAVE_PTSNAME
+
+/* Define to 1 if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define if you have the function `putenv'. */
+#undef HAVE_PUTENV
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
+/* Define to 1 if you have the `rand' function. */
+#undef HAVE_RAND
+
+/* Define to 1 if you have the `random' function. */
+#undef HAVE_RANDOM
+
+/* Define if you have the function `rcmd'. */
+#undef HAVE_RCMD
+
+/* Define if you have a readline compatible library. */
+#undef HAVE_READLINE
+
+/* Define if you have the function `readv'. */
+#undef HAVE_READV
+
+/* Define if you have the function `recvmsg'. */
+#undef HAVE_RECVMSG
+
+/* Define to 1 if you have the <resolv.h> header file. */
+#undef HAVE_RESOLV_H
+
+/* Define to 1 if you have the `res_ndestroy' function. */
+#undef HAVE_RES_NDESTROY
+
+/* Define to 1 if you have the `res_nsearch' function. */
+#undef HAVE_RES_NSEARCH
+
+/* Define to 1 if you have the `res_search' function. */
+#undef HAVE_RES_SEARCH
+
+/* Define to 1 if you have the `revoke' function. */
+#undef HAVE_REVOKE
+
+/* Define to 1 if you have the <rpcsvc/ypclnt.h> header file. */
+#undef HAVE_RPCSVC_YPCLNT_H
+
+/* Define to 1 if you have the <sac.h> header file. */
+#undef HAVE_SAC_H
+
+/* Define to 1 if the system has the type `sa_family_t'. */
+#undef HAVE_SA_FAMILY_T
+
+/* Define to 1 if you have the <security/pam_modules.h> header file. */
+#undef HAVE_SECURITY_PAM_MODULES_H
+
+/* Define to 1 if you have the `select' function. */
+#undef HAVE_SELECT
+
+/* Define if you have the function `sendmsg'. */
+#undef HAVE_SENDMSG
+
+/* Define if you have the function `setegid'. */
+#undef HAVE_SETEGID
+
+/* Define if you have the function `setenv'. */
+#undef HAVE_SETENV
+
+/* Define if you have the function `seteuid'. */
+#undef HAVE_SETEUID
+
+/* Define to 1 if you have the `setitimer' function. */
+#undef HAVE_SETITIMER
+
+/* Define to 1 if you have the `setlim' function. */
+#undef HAVE_SETLIM
+
+/* Define to 1 if you have the `setlogin' function. */
+#undef HAVE_SETLOGIN
+
+/* Define to 1 if you have the `setpcred' function. */
+#undef HAVE_SETPCRED
+
+/* Define to 1 if you have the `setpgid' function. */
+#undef HAVE_SETPGID
+
+/* Define to 1 if you have the `setproctitle' function. */
+#undef HAVE_SETPROCTITLE
+
+/* Define to 1 if you have the `setprogname' function. */
+#undef HAVE_SETPROGNAME
+
+/* Define to 1 if you have the `setregid' function. */
+#undef HAVE_SETREGID
+
+/* Define to 1 if you have the `setresgid' function. */
+#undef HAVE_SETRESGID
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
+/* Define to 1 if you have the `setreuid' function. */
+#undef HAVE_SETREUID
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the `setsockopt' function. */
+#undef HAVE_SETSOCKOPT
+
+/* Define to 1 if you have the `setstate' function. */
+#undef HAVE_SETSTATE
+
+/* Define to 1 if you have the `setutent' function. */
+#undef HAVE_SETUTENT
+
+/* Define to 1 if you have the `sgi_getcapabilitybyname' function. */
+#undef HAVE_SGI_GETCAPABILITYBYNAME
+
+/* Define to 1 if you have the <sgtty.h> header file. */
+#undef HAVE_SGTTY_H
+
+/* Define to 1 if you have the <shadow.h> header file. */
+#undef HAVE_SHADOW_H
+
+/* Define to 1 if you have the <siad.h> header file. */
+#undef HAVE_SIAD_H
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if you have the <signal.h> header file. */
+#undef HAVE_SIGNAL_H
+
+/* define if you have a working snprintf */
+#undef HAVE_SNPRINTF
+
+/* Define to 1 if you have the `socket' function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if the system has the type `socklen_t'. */
+#undef HAVE_SOCKLEN_T
+
+/* Define to 1 if the system has the type `ssize_t'. */
+#undef HAVE_SSIZE_T
+
+/* Define to 1 if you have the <standards.h> header file. */
+#undef HAVE_STANDARDS_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define if you have the function `strcasecmp'. */
+#undef HAVE_STRCASECMP
+
+/* Define if you have the function `strdup'. */
+#undef HAVE_STRDUP
+
+/* Define if you have the function `strerror'. */
+#undef HAVE_STRERROR
+
+/* Define if you have the function `strftime'. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define if you have the function `strlcat'. */
+#undef HAVE_STRLCAT
+
+/* Define if you have the function `strlcpy'. */
+#undef HAVE_STRLCPY
+
+/* Define if you have the function `strlwr'. */
+#undef HAVE_STRLWR
+
+/* Define if you have the function `strncasecmp'. */
+#undef HAVE_STRNCASECMP
+
+/* Define if you have the function `strndup'. */
+#undef HAVE_STRNDUP
+
+/* Define if you have the function `strnlen'. */
+#undef HAVE_STRNLEN
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#undef HAVE_STROPTS_H
+
+/* Define if you have the function `strptime'. */
+#undef HAVE_STRPTIME
+
+/* Define if you have the function `strsep'. */
+#undef HAVE_STRSEP
+
+/* Define if you have the function `strsep_copy'. */
+#undef HAVE_STRSEP_COPY
+
+/* Define to 1 if you have the `strstr' function. */
+#undef HAVE_STRSTR
+
+/* Define to 1 if you have the `strsvis' function. */
+#undef HAVE_STRSVIS
+
+/* Define if you have the function `strtok_r'. */
+#undef HAVE_STRTOK_R
+
+/* Define to 1 if the system has the type `struct addrinfo'. */
+#undef HAVE_STRUCT_ADDRINFO
+
+/* Define to 1 if the system has the type `struct ifaddrs'. */
+#undef HAVE_STRUCT_IFADDRS
+
+/* Define to 1 if the system has the type `struct iovec'. */
+#undef HAVE_STRUCT_IOVEC
+
+/* Define to 1 if the system has the type `struct msghdr'. */
+#undef HAVE_STRUCT_MSGHDR
+
+/* Define to 1 if the system has the type `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR
+
+/* Define if struct sockaddr has field sa_len. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Define to 1 if the system has the type `struct sockaddr_storage'. */
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* define if you have struct spwd */
+#undef HAVE_STRUCT_SPWD
+
+/* Define if struct tm has field tm_gmtoff. */
+#undef HAVE_STRUCT_TM_TM_GMTOFF
+
+/* Define if struct tm has field tm_zone. */
+#undef HAVE_STRUCT_TM_TM_ZONE
+
+/* Define if struct utmpx has field ut_exit. */
+#undef HAVE_STRUCT_UTMPX_UT_EXIT
+
+/* Define if struct utmpx has field ut_syslen. */
+#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
+
+/* Define if struct utmp has field ut_addr. */
+#undef HAVE_STRUCT_UTMP_UT_ADDR
+
+/* Define if struct utmp has field ut_host. */
+#undef HAVE_STRUCT_UTMP_UT_HOST
+
+/* Define if struct utmp has field ut_id. */
+#undef HAVE_STRUCT_UTMP_UT_ID
+
+/* Define if struct utmp has field ut_pid. */
+#undef HAVE_STRUCT_UTMP_UT_PID
+
+/* Define if struct utmp has field ut_type. */
+#undef HAVE_STRUCT_UTMP_UT_TYPE
+
+/* Define if struct utmp has field ut_user. */
+#undef HAVE_STRUCT_UTMP_UT_USER
+
+/* define if struct winsize is declared in sys/termios.h */
+#undef HAVE_STRUCT_WINSIZE
+
+/* Define to 1 if you have the `strunvis' function. */
+#undef HAVE_STRUNVIS
+
+/* Define if you have the function `strupr'. */
+#undef HAVE_STRUPR
+
+/* Define to 1 if you have the `strvis' function. */
+#undef HAVE_STRVIS
+
+/* Define to 1 if you have the `strvisx' function. */
+#undef HAVE_STRVISX
+
+/* Define to 1 if you have the `svis' function. */
+#undef HAVE_SVIS
+
+/* Define if you have the function `swab'. */
+#undef HAVE_SWAB
+
+/* Define to 1 if you have the `sysconf' function. */
+#undef HAVE_SYSCONF
+
+/* Define to 1 if you have the `sysctl' function. */
+#undef HAVE_SYSCTL
+
+/* Define to 1 if you have the `syslog' function. */
+#undef HAVE_SYSLOG
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define to 1 if you have the <sys/bitypes.h> header file. */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the <sys/bswap.h> header file. */
+#undef HAVE_SYS_BSWAP_H
+
+/* Define to 1 if you have the <sys/capability.h> header file. */
+#undef HAVE_SYS_CAPABILITY_H
+
+/* Define to 1 if you have the <sys/category.h> header file. */
+#undef HAVE_SYS_CATEGORY_H
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#undef HAVE_SYS_FILE_H
+
+/* Define to 1 if you have the <sys/filio.h> header file. */
+#undef HAVE_SYS_FILIO_H
+
+/* Define to 1 if you have the <sys/ioccom.h> header file. */
+#undef HAVE_SYS_IOCCOM_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#undef HAVE_SYS_MMAN_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* Define to 1 if you have the <sys/proc.h> header file. */
+#undef HAVE_SYS_PROC_H
+
+/* Define to 1 if you have the <sys/ptyio.h> header file. */
+#undef HAVE_SYS_PTYIO_H
+
+/* Define to 1 if you have the <sys/ptyvar.h> header file. */
+#undef HAVE_SYS_PTYVAR_H
+
+/* Define to 1 if you have the <sys/pty.h> header file. */
+#undef HAVE_SYS_PTY_H
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/stream.h> header file. */
+#undef HAVE_SYS_STREAM_H
+
+/* Define to 1 if you have the <sys/stropts.h> header file. */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define to 1 if you have the <sys/strtty.h> header file. */
+#undef HAVE_SYS_STRTTY_H
+
+/* Define to 1 if you have the <sys/str_tty.h> header file. */
+#undef HAVE_SYS_STR_TTY_H
+
+/* Define to 1 if you have the <sys/syscall.h> header file. */
+#undef HAVE_SYS_SYSCALL_H
+
+/* Define to 1 if you have the <sys/sysctl.h> header file. */
+#undef HAVE_SYS_SYSCTL_H
+
+/* Define to 1 if you have the <sys/termio.h> header file. */
+#undef HAVE_SYS_TERMIO_H
+
+/* Define to 1 if you have the <sys/timeb.h> header file. */
+#undef HAVE_SYS_TIMEB_H
+
+/* Define to 1 if you have the <sys/times.h> header file. */
+#undef HAVE_SYS_TIMES_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/tty.h> header file. */
+#undef HAVE_SYS_TTY_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/ucred.h> header file. */
+#undef HAVE_SYS_UCRED_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#undef HAVE_SYS_UN_H
+
+/* Define to 1 if you have the <sys/utsname.h> header file. */
+#undef HAVE_SYS_UTSNAME_H
+
+/* Define to 1 if you have the <sys/wait.h> header file. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define to 1 if you have the <termcap.h> header file. */
+#undef HAVE_TERMCAP_H
+
+/* Define to 1 if you have the <termios.h> header file. */
+#undef HAVE_TERMIOS_H
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define to 1 if you have the <term.h> header file. */
+#undef HAVE_TERM_H
+
+/* Define to 1 if you have the `tgetent' function. */
+#undef HAVE_TGETENT
+
+/* Define if you have the function `timegm'. */
+#undef HAVE_TIMEGM
+
+/* Define if you have the `timezone' variable. */
+#undef HAVE_TIMEZONE
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* Define to 1 if you have the <tmpdir.h> header file. */
+#undef HAVE_TMPDIR_H
+
+/* Define to 1 if you have the `ttyname' function. */
+#undef HAVE_TTYNAME
+
+/* Define to 1 if you have the `ttyslot' function. */
+#undef HAVE_TTYSLOT
+
+/* Define to 1 if you have the <udb.h> header file. */
+#undef HAVE_UDB_H
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#undef HAVE_UINT16_T
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#undef HAVE_UINT32_T
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#undef HAVE_UINT64_T
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#undef HAVE_UINT8_T
+
+/* Define to 1 if the system has the type `uintptr_t'. */
+#undef HAVE_UINTPTR_T
+
+/* Define to 1 if you have the `umask' function. */
+#undef HAVE_UMASK
+
+/* Define to 1 if you have the `uname' function. */
+#undef HAVE_UNAME
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `unlockpt' function. */
+#undef HAVE_UNLOCKPT
+
+/* Define if you have the function `unsetenv'. */
+#undef HAVE_UNSETENV
+
+/* Define to 1 if you have the `unvis' function. */
+#undef HAVE_UNVIS
+
+/* Define to 1 if you have the <userconf.h> header file. */
+#undef HAVE_USERCONF_H
+
+/* Define to 1 if you have the <usersec.h> header file. */
+#undef HAVE_USERSEC_H
+
+/* Define to 1 if you have the <util.h> header file. */
+#undef HAVE_UTIL_H
+
+/* Define to 1 if you have the <utmpx.h> header file. */
+#undef HAVE_UTMPX_H
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#undef HAVE_UTMP_H
+
+/* Define to 1 if the system has the type `u_int16_t'. */
+#undef HAVE_U_INT16_T
+
+/* Define to 1 if the system has the type `u_int32_t'. */
+#undef HAVE_U_INT32_T
+
+/* Define to 1 if the system has the type `u_int64_t'. */
+#undef HAVE_U_INT64_T
+
+/* Define to 1 if the system has the type `u_int8_t'. */
+#undef HAVE_U_INT8_T
+
+/* Define to 1 if you have the `vasnprintf' function. */
+#undef HAVE_VASNPRINTF
+
+/* Define to 1 if you have the `vasprintf' function. */
+#undef HAVE_VASPRINTF
+
+/* Define if you have the function `verr'. */
+#undef HAVE_VERR
+
+/* Define if you have the function `verrx'. */
+#undef HAVE_VERRX
+
+/* Define to 1 if you have the `vhangup' function. */
+#undef HAVE_VHANGUP
+
+/* Define to 1 if you have the `vis' function. */
+#undef HAVE_VIS
+
+/* Define to 1 if you have the <vis.h> header file. */
+#undef HAVE_VIS_H
+
+/* define if you have a working vsnprintf */
+#undef HAVE_VSNPRINTF
+
+/* Define if you have the function `vsyslog'. */
+#undef HAVE_VSYSLOG
+
+/* Define if you have the function `vwarn'. */
+#undef HAVE_VWARN
+
+/* Define if you have the function `vwarnx'. */
+#undef HAVE_VWARNX
+
+/* Define if you have the function `warn'. */
+#undef HAVE_WARN
+
+/* Define if you have the function `warnx'. */
+#undef HAVE_WARNX
+
+/* Define if you have the function `writev'. */
+#undef HAVE_WRITEV
+
+/* define if struct winsize has ws_xpixel */
+#undef HAVE_WS_XPIXEL
+
+/* define if struct winsize has ws_ypixel */
+#undef HAVE_WS_YPIXEL
+
+/* Define to 1 if you have the `XauFileName' function. */
+#undef HAVE_XAUFILENAME
+
+/* Define to 1 if you have the `XauReadAuth' function. */
+#undef HAVE_XAUREADAUTH
+
+/* Define to 1 if you have the `XauWriteAuth' function. */
+#undef HAVE_XAUWRITEAUTH
+
+/* Define to 1 if you have the `yp_get_default_domain' function. */
+#undef HAVE_YP_GET_DEFAULT_DOMAIN
+
+/* Define to 1 if you have the `_getpty' function. */
+#undef HAVE__GETPTY
+
+/* Define if you have the `_res' variable. */
+#undef HAVE__RES
+
+/* Define to 1 if you have the `_scrsize' function. */
+#undef HAVE__SCRSIZE
+
+/* define if your compiler has __attribute__ */
+#undef HAVE___ATTRIBUTE__
+
+/* Define if you have the `__progname' variable. */
+#undef HAVE___PROGNAME
+
+/* Define if you have the hesiod package. */
+#undef HESIOD
+
+/* Define if you are running IRIX 4. */
+#undef IRIX4
+
+/* Enable Kerberos 5 support in applications. */
+#undef KRB5
+
+/* path to lib */
+#undef LIBDIR
+
+/* path to libexec */
+#undef LIBEXECDIR
+
+/* path to localstate */
+#undef LOCALSTATEDIR
+
+/* define if the system is missing a prototype for asnprintf() */
+#undef NEED_ASNPRINTF_PROTO
+
+/* define if the system is missing a prototype for asprintf() */
+#undef NEED_ASPRINTF_PROTO
+
+/* define if the system is missing a prototype for crypt() */
+#undef NEED_CRYPT_PROTO
+
+/* define if the system is missing a prototype for daemon() */
+#undef NEED_DAEMON_PROTO
+
+/* define if the system is missing a prototype for gethostname() */
+#undef NEED_GETHOSTNAME_PROTO
+
+/* define if the system is missing a prototype for getusershell() */
+#undef NEED_GETUSERSHELL_PROTO
+
+/* define if the system is missing a prototype for glob() */
+#undef NEED_GLOB_PROTO
+
+/* define if the system is missing a prototype for hstrerror() */
+#undef NEED_HSTRERROR_PROTO
+
+/* define if the system is missing a prototype for inet_aton() */
+#undef NEED_INET_ATON_PROTO
+
+/* define if the system is missing a prototype for iruserok() */
+#undef NEED_IRUSEROK_PROTO
+
+/* define if the system is missing a prototype for mkstemp() */
+#undef NEED_MKSTEMP_PROTO
+
+/* define if the system is missing a prototype for SecKeyGetCSPHandle() */
+#undef NEED_SECKEYGETCSPHANDLE_PROTO
+
+/* define if the system is missing a prototype for setenv() */
+#undef NEED_SETENV_PROTO
+
+/* define if the system is missing a prototype for snprintf() */
+#undef NEED_SNPRINTF_PROTO
+
+/* define if the system is missing a prototype for strndup() */
+#undef NEED_STRNDUP_PROTO
+
+/* define if the system is missing a prototype for strsep() */
+#undef NEED_STRSEP_PROTO
+
+/* define if the system is missing a prototype for strsvis() */
+#undef NEED_STRSVIS_PROTO
+
+/* define if the system is missing a prototype for strtok_r() */
+#undef NEED_STRTOK_R_PROTO
+
+/* define if the system is missing a prototype for strunvis() */
+#undef NEED_STRUNVIS_PROTO
+
+/* define if the system is missing a prototype for strvisx() */
+#undef NEED_STRVISX_PROTO
+
+/* define if the system is missing a prototype for strvis() */
+#undef NEED_STRVIS_PROTO
+
+/* define if the system is missing a prototype for svis() */
+#undef NEED_SVIS_PROTO
+
+/* define if the system is missing a prototype for unsetenv() */
+#undef NEED_UNSETENV_PROTO
+
+/* define if the system is missing a prototype for unvis() */
+#undef NEED_UNVIS_PROTO
+
+/* define if the system is missing a prototype for vasnprintf() */
+#undef NEED_VASNPRINTF_PROTO
+
+/* define if the system is missing a prototype for vasprintf() */
+#undef NEED_VASPRINTF_PROTO
+
+/* define if the system is missing a prototype for vis() */
+#undef NEED_VIS_PROTO
+
+/* define if the system is missing a prototype for vsnprintf() */
+#undef NEED_VSNPRINTF_PROTO
+
+/* Define if you don't wan't support for AFS. */
+#undef NO_AFS
+
+/* Define to 1 if your C compiler doesn't accept -c and -o together. */
+#undef NO_MINUS_C_MINUS_O
+
+/* Define if you don't want to use mmap. */
+#undef NO_MMAP
+
+/* Define this to enable old environment option in telnet. */
+#undef OLD_ENVIRON
+
+/* Define if you have the openldap package. */
+#undef OPENLDAP
+
+/* Define if you want support for hdb ldap module */
+#undef OPENLDAP_MODULE
+
+/* define if prototype of openlog is compatible with void openlog(const char
+ *, int, int) */
+#undef OPENLOG_PROTO_COMPATIBLE
+
+/* Define if you want OTP support in applications. */
+#undef OTP
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to enable PKINIT. */
+#undef PKINIT
+
+/* Define if getlogin has POSIX flavour (and not BSD). */
+#undef POSIX_GETLOGIN
+
+/* Define if getpwnam_r has POSIX flavour. */
+#undef POSIX_GETPWNAM_R
+
+/* Define if you have the readline package. */
+#undef READLINE
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* path to sbin */
+#undef SBINDIR
+
+/* Define if you want to use samba socket wrappers. */
+#undef SOCKET_WRAPPER_REPLACE
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define if you have streams ptys. */
+#undef STREAMSPTY
+
+/* path to sysconf */
+#undef SYSCONFDIR
+
+/* Define to what version of SunOS you are running. */
+#undef SunOS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+#undef TM_IN_SYS_TIME
+
+/* Version number of package */
+#undef VERSION
+
+/* Define if signal handlers return void. */
+#undef VOID_RETSIGTYPE
+
+/* define if target is big endian */
+#undef WORDS_BIGENDIAN
+
+/* Define to 1 if the X Window System is missing or not being used. */
+#undef X_DISPLAY_MISSING
+
+/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
+ `char[]'. */
+#undef YYTEXT_POINTER
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define to enable extensions on glibc-based systems such as Linux. */
+#undef _GNU_SOURCE
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define this to what the type mode_t should be. */
+#undef mode_t
+
+/* Define to `long int' if <sys/types.h> does not define. */
+#undef off_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define this to what the type sig_atomic_t should be. */
+#undef sig_atomic_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+#ifdef ROKEN_RENAME
+#include "roken_rename.h"
+#endif
+
+#ifdef VOID_RETSIGTYPE
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+#ifdef BROKEN_REALLOC
+#define realloc(X, Y) rk_realloc((X), (Y))
+#endif
+
+
+#if ENDIANESS_IN_SYS_PARAM_H
+# include <sys/types.h>
+# include <sys/param.h>
+# if BYTE_ORDER == BIG_ENDIAN
+# define WORDS_BIGENDIAN 1
+# endif
+#endif
+
+
+#if _AIX
+#define _ALL_SOURCE
+/* XXX this is gross, but kills about a gazillion warnings */
+struct ether_addr;
+struct sockaddr;
+struct sockaddr_dl;
+struct sockaddr_in;
+#endif
+
+
+/* IRIX 4 braindamage */
+#if IRIX == 4 && !defined(__STDC__)
+#define __STDC__ 0
+#endif
+
+
+
+#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
+#define AUTHENTICATION 1
+#endif
+
+/* Set this to the default system lead string for telnetd
+ * can contain %-escapes: %s=sysname, %m=machine, %r=os-release
+ * %v=os-version, %t=tty, %h=hostname, %d=date and time
+ */
+#undef USE_IM
+
+/* Used with login -p */
+#undef LOGIN_ARGS
+
+/* set this to a sensible login */
+#ifndef LOGIN_PATH
+#define LOGIN_PATH BINDIR "/login"
+#endif
+
Added: vendor-crypto/heimdal/dist/include/gssapi/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/include/gssapi/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/include/gssapi/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h
+
Added: vendor-crypto/heimdal/dist/include/gssapi/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/include/gssapi/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/include/gssapi/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,659 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = include/gssapi
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/gssapi/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps include/gssapi/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/include/hcrypto/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/include/hcrypto/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/include/hcrypto/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,23 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+CLEANFILES = \
+ aes.h \
+ bn.h \
+ des.h \
+ dh.h \
+ dsa.h \
+ engine.h \
+ evp.h \
+ hmac.h \
+ md2.h \
+ md4.h \
+ md5.h \
+ pkcs12.h \
+ rand.h \
+ rc2.h \
+ rc4.h \
+ rsa.h \
+ sha.h \
+ ui.h
Added: vendor-crypto/heimdal/dist/include/hcrypto/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/include/hcrypto/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/include/hcrypto/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,678 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:09 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = include/hcrypto
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CLEANFILES = \
+ aes.h \
+ bn.h \
+ des.h \
+ dh.h \
+ dsa.h \
+ engine.h \
+ evp.h \
+ hmac.h \
+ md2.h \
+ md4.h \
+ md5.h \
+ pkcs12.h \
+ rand.h \
+ rc2.h \
+ rc4.h \
+ rsa.h \
+ sha.h \
+ ui.h
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/hcrypto/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps include/hcrypto/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/include/kadm5/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/include/kadm5/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/include/kadm5/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h
Added: vendor-crypto/heimdal/dist/include/kadm5/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/include/kadm5/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/include/kadm5/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,659 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = include/kadm5
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/kadm5/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps include/kadm5/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/include/make_crypto.c
===================================================================
--- vendor-crypto/heimdal/dist/include/make_crypto.c (rev 0)
+++ vendor-crypto/heimdal/dist/include/make_crypto.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2002 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: make_crypto.c,v 1.1.1.3 2012-07-21 15:09:09 laffer1 Exp $");
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+int
+main(int argc, char **argv)
+{
+ char *p;
+ FILE *f;
+ if(argc != 2) {
+ fprintf(stderr, "Usage: make_crypto file\n");
+ exit(1);
+ }
+ if (strcmp(argv[1], "--version") == 0) {
+ printf("some version");
+ return 0;
+ }
+ f = fopen(argv[1], "w");
+ if(f == NULL) {
+ perror(argv[1]);
+ exit(1);
+ }
+ for(p = argv[1]; *p; p++)
+ if(!isalnum((unsigned char)*p))
+ *p = '_';
+ fprintf(f, "#ifndef __%s__\n", argv[1]);
+ fprintf(f, "#define __%s__\n", argv[1]);
+#ifdef HAVE_OPENSSL
+ fputs("#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY\n", f);
+ fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f);
+ fputs("#endif\n", f);
+ fputs("#include <openssl/evp.h>\n", f);
+ fputs("#include <openssl/des.h>\n", f);
+ fputs("#include <openssl/rc4.h>\n", f);
+ fputs("#include <openssl/rc2.h>\n", f);
+ fputs("#include <openssl/md2.h>\n", f);
+ fputs("#include <openssl/md4.h>\n", f);
+ fputs("#include <openssl/md5.h>\n", f);
+ fputs("#include <openssl/sha.h>\n", f);
+ fputs("#include <openssl/aes.h>\n", f);
+ fputs("#include <openssl/ui.h>\n", f);
+ fputs("#include <openssl/rand.h>\n", f);
+ fputs("#include <openssl/engine.h>\n", f);
+ fputs("#include <openssl/pkcs12.h>\n", f);
+ fputs("#include <openssl/pem.h>\n", f);
+ fputs("#include <openssl/hmac.h>\n", f);
+ fputs("#ifndef BN_is_negative\n", f);
+ fputs("#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)\n", f);
+ fputs("#define BN_is_negative(bn) ((bn)->neg != 0)\n", f);
+ fputs("#endif\n", f);
+#else
+ fputs("#ifdef KRB5\n", f);
+ fputs("#include <krb5-types.h>\n", f);
+ fputs("#endif\n", f);
+ fputs("#include <hcrypto/evp.h>\n", f);
+ fputs("#include <hcrypto/des.h>\n", f);
+ fputs("#include <hcrypto/md2.h>\n", f);
+ fputs("#include <hcrypto/md4.h>\n", f);
+ fputs("#include <hcrypto/md5.h>\n", f);
+ fputs("#include <hcrypto/sha.h>\n", f);
+ fputs("#include <hcrypto/rc4.h>\n", f);
+ fputs("#include <hcrypto/rc2.h>\n", f);
+ fputs("#include <hcrypto/aes.h>\n", f);
+ fputs("#include <hcrypto/ui.h>\n", f);
+ fputs("#include <hcrypto/rand.h>\n", f);
+ fputs("#include <hcrypto/engine.h>\n", f);
+ fputs("#include <hcrypto/pkcs12.h>\n", f);
+ fputs("#include <hcrypto/hmac.h>\n", f);
+#endif
+ fprintf(f, "#endif /* __%s__ */\n", argv[1]);
+ fclose(f);
+ exit(0);
+}
Added: vendor-crypto/heimdal/dist/install-sh
===================================================================
--- vendor-crypto/heimdal/dist/install-sh (rev 0)
+++ vendor-crypto/heimdal/dist/install-sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,507 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2006-10-14.15
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" "" $nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+if test -z "$doit"; then
+ doit_exec=exec
+else
+ doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+posix_glob=
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chmodcmd=$chmodprog
+chowncmd=
+chgrpcmd=
+stripcmd=
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=
+dst=
+dir_arg=
+dstarg=
+no_target_directory=
+
+usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+ or: $0 [OPTION]... SRCFILES... DIRECTORY
+ or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+ or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+-c (ignored)
+-d create directories instead of installing files.
+-g GROUP $chgrpprog installed files to GROUP.
+-m MODE $chmodprog installed files to MODE.
+-o USER $chownprog installed files to USER.
+-s $stripprog installed files.
+-t DIRECTORY install into DIRECTORY.
+-T report an error if DSTFILE is a directory.
+--help display this help and exit.
+--version display version info and exit.
+
+Environment variables override the default commands:
+ CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+ case $1 in
+ -c) shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ --help) echo "$usage"; exit $?;;
+
+ -m) mode=$2
+ shift
+ shift
+ case $mode in
+ *' '* | *' '* | *'
+'* | *'*'* | *'?'* | *'['*)
+ echo "$0: invalid mode: $mode" >&2
+ exit 1;;
+ esac
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd=$stripprog
+ shift
+ continue;;
+
+ -t) dstarg=$2
+ shift
+ shift
+ continue;;
+
+ -T) no_target_directory=true
+ shift
+ continue;;
+
+ --version) echo "$0 $scriptversion"; exit $?;;
+
+ --) shift
+ break;;
+
+ -*) echo "$0: invalid option: $1" >&2
+ exit 1;;
+
+ *) break;;
+ esac
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dstarg"; then
+ # When -d is used, all remaining arguments are directories to create.
+ # When -t is used, the destination is already specified.
+ # Otherwise, the last argument is the destination. Remove it from $@.
+ for arg
+ do
+ if test -n "$dstarg"; then
+ # $@ is not empty: it contains at least $arg.
+ set fnord "$@" "$dstarg"
+ shift # fnord
+ fi
+ shift # arg
+ dstarg=$arg
+ done
+fi
+
+if test $# -eq 0; then
+ if test -z "$dir_arg"; then
+ echo "$0: no input file specified." >&2
+ exit 1
+ fi
+ # It's OK to call `install-sh -d' without argument.
+ # This can happen when creating conditional directories.
+ exit 0
+fi
+
+if test -z "$dir_arg"; then
+ trap '(exit $?); exit' 1 2 13 15
+
+ # Set umask so as not to create temps with too-generous modes.
+ # However, 'strip' requires both read and write access to temps.
+ case $mode in
+ # Optimize common cases.
+ *644) cp_umask=133;;
+ *755) cp_umask=22;;
+
+ *[0-7])
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw='% 200'
+ fi
+ cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+ *)
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw=,u+rw
+ fi
+ cp_umask=$mode$u_plus_rw;;
+ esac
+fi
+
+for src
+do
+ # Protect names starting with `-'.
+ case $src in
+ -*) src=./$src ;;
+ esac
+
+ if test -n "$dir_arg"; then
+ dst=$src
+ dstdir=$dst
+ test -d "$dstdir"
+ dstdir_status=$?
+ else
+
+ # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+ # might cause directories to be created, which would be especially bad
+ # if $src (and thus $dsttmp) contains '*'.
+ if test ! -f "$src" && test ! -d "$src"; then
+ echo "$0: $src does not exist." >&2
+ exit 1
+ fi
+
+ if test -z "$dstarg"; then
+ echo "$0: no destination specified." >&2
+ exit 1
+ fi
+
+ dst=$dstarg
+ # Protect names starting with `-'.
+ case $dst in
+ -*) dst=./$dst ;;
+ esac
+
+ # If destination is a directory, append the input filename; won't work
+ # if double slashes aren't ignored.
+ if test -d "$dst"; then
+ if test -n "$no_target_directory"; then
+ echo "$0: $dstarg: Is a directory" >&2
+ exit 1
+ fi
+ dstdir=$dst
+ dst=$dstdir/`basename "$src"`
+ dstdir_status=0
+ else
+ # Prefer dirname, but fall back on a substitute if dirname fails.
+ dstdir=`
+ (dirname "$dst") 2>/dev/null ||
+ expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$dst" : 'X\(//\)[^/]' \| \
+ X"$dst" : 'X\(//\)$' \| \
+ X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+ echo X"$dst" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'
+ `
+
+ test -d "$dstdir"
+ dstdir_status=$?
+ fi
+ fi
+
+ obsolete_mkdir_used=false
+
+ if test $dstdir_status != 0; then
+ case $posix_mkdir in
+ '')
+ # Create intermediate dirs using mode 755 as modified by the umask.
+ # This is like FreeBSD 'install' as of 1997-10-28.
+ umask=`umask`
+ case $stripcmd.$umask in
+ # Optimize common cases.
+ *[2367][2367]) mkdir_umask=$umask;;
+ .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+ *[0-7])
+ mkdir_umask=`expr $umask + 22 \
+ - $umask % 100 % 40 + $umask % 20 \
+ - $umask % 10 % 4 + $umask % 2
+ `;;
+ *) mkdir_umask=$umask,go-w;;
+ esac
+
+ # With -d, create the new directory with the user-specified mode.
+ # Otherwise, rely on $mkdir_umask.
+ if test -n "$dir_arg"; then
+ mkdir_mode=-m$mode
+ else
+ mkdir_mode=
+ fi
+
+ posix_mkdir=false
+ case $umask in
+ *[123567][0-7][0-7])
+ # POSIX mkdir -p sets u+wx bits regardless of umask, which
+ # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+ ;;
+ *)
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+ if (umask $mkdir_umask &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writeable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ ls_ld_tmpdir=`ls -ld "$tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/d" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+ fi
+ trap '' 0;;
+ esac;;
+ esac
+
+ if
+ $posix_mkdir && (
+ umask $mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+ )
+ then :
+ else
+
+ # The umask is ridiculous, or mkdir does not conform to POSIX,
+ # or it failed possibly due to a race condition. Create the
+ # directory the slow way, step by step, checking for races as we go.
+
+ case $dstdir in
+ /*) prefix=/ ;;
+ -*) prefix=./ ;;
+ *) prefix= ;;
+ esac
+
+ case $posix_glob in
+ '')
+ if (set -f) 2>/dev/null; then
+ posix_glob=true
+ else
+ posix_glob=false
+ fi ;;
+ esac
+
+ oIFS=$IFS
+ IFS=/
+ $posix_glob && set -f
+ set fnord $dstdir
+ shift
+ $posix_glob && set +f
+ IFS=$oIFS
+
+ prefixes=
+
+ for d
+ do
+ test -z "$d" && continue
+
+ prefix=$prefix$d
+ if test -d "$prefix"; then
+ prefixes=
+ else
+ if $posix_mkdir; then
+ (umask=$mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+ # Don't fail if two instances are running concurrently.
+ test -d "$prefix" || exit 1
+ else
+ case $prefix in
+ *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) qprefix=$prefix;;
+ esac
+ prefixes="$prefixes '$qprefix'"
+ fi
+ fi
+ prefix=$prefix/
+ done
+
+ if test -n "$prefixes"; then
+ # Don't fail if two instances are running concurrently.
+ (umask $mkdir_umask &&
+ eval "\$doit_exec \$mkdirprog $prefixes") ||
+ test -d "$dstdir" || exit 1
+ obsolete_mkdir_used=true
+ fi
+ fi
+ fi
+
+ if test -n "$dir_arg"; then
+ { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+ { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+ else
+
+ # Make a couple of temp file names in the proper directory.
+ dsttmp=$dstdir/_inst.$$_
+ rmtmp=$dstdir/_rm.$$_
+
+ # Trap to clean up those temp files at exit.
+ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+ # Copy the file name to the temp name.
+ (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+ # and set any options; do chmod last to preserve setuid bits.
+ #
+ # If any of these fail, we abort the whole thing. If we want to
+ # ignore errors from any of these, just make sure not to ignore
+ # errors from the above "$doit $cpprog $src $dsttmp" command.
+ #
+ { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+ && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+ && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+ && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+ # Now rename the file to the real destination.
+ { $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \
+ || {
+ # The rename failed, perhaps because mv can't rename something else
+ # to itself, or perhaps because mv is so ancient that it does not
+ # support -f.
+
+ # Now remove or move aside any old file at destination location.
+ # We try this two ways since rm can't unlink itself on some
+ # systems and the destination file might be busy for other
+ # reasons. In this case, the final cleanup might fail but the new
+ # file should still install successfully.
+ {
+ if test -f "$dst"; then
+ $doit $rmcmd -f "$dst" 2>/dev/null \
+ || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \
+ && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\
+ || {
+ echo "$0: cannot unlink or rename $dst" >&2
+ (exit 1); exit 1
+ }
+ else
+ :
+ fi
+ } &&
+
+ # Now rename the file to the real destination.
+ $doit $mvcmd "$dsttmp" "$dst"
+ }
+ } || exit 1
+
+ trap '' 0
+ fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
Added: vendor-crypto/heimdal/dist/kadmin/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1044 @@
+2007-12-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadmin.c: Use hdb_db_dir().
+
+ * kadmind.c: Use hdb_db_dir().
+
+2007-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c: Clear error string, just to be sure.
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadmin-commands.in: modify --pkinit-acl
+
+ * mod.c: add pk-init command
+
+2007-02-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadmin.8: document kadmin add_enctype functionallity.
+
+ * Makefile.am: Add new command, add_enctype.
+
+ * kadmin-commands.in: Add new command, add_enctype.
+
+ * add_enctype.c: Add support for adding a random key enctype to a
+ principal.
+
+2007-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mod.c: add setting and displaying aliases
+
+ * get.c: add setting and displaying aliases
+
+ * kadmin-commands.in: add setting and displaying aliases
+
+2006-12-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c: Make str2time_t parser more robust.
+
+ * Makefile.am: Add test_util test program.
+
+ * test_util.c: Test str2time_t parser.
+
+2006-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add-random-users.c: Use strcspn to remove \n from fgets
+ result. Prompted by change by Ray Lai of OpenBSD via Bj\xF6rn
+ Sandell.
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mod.c: Try to not leak memory.
+
+ * check.c: Try to not leak memory.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: split build files into dist_ and noinst_ SOURCES
+
+2006-08-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadmin.c (help): use sl_slc_help().
+
+2006-08-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c: Add KRB5_KDB_ALLOW_DIGEST
+
+2006-07-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * get.c (format_field): optionally print issuer and anchor.
+
+2006-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check.c: Check if afs at REALM and afs/cellname at REALM both exists.
+
+2006-06-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * util.c (kdb_attrs): Add KRB5_KDB_ALLOW_KERBEROS4
+
+2006-06-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mod.c (do_mod_entry): Add setting 1 delegation entry
+
+2006-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * server.c: Less shadowing.
+
+2006-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: kadmin_SOURCES += add check.c
+
+ * kadmin_locl.h: Avoid shadowing.
+
+ * kadmin.8: Document the new check command.
+
+ * kadmin-commands.in: Add check command
+
+ * check.c: Check database for strange configurations on default
+ principals.
+
+2006-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * server.c (kadm_get_privs): one less "pointer targets in passing
+ argument differ in signedness" warning.
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * dump-format.txt: Moved to info documentation.
+
+ * Rename u_intXX_t to uintXX_t
+
+2006-05-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadmin.8: spelling, update .Dd
+
+2006-04-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add-random-users.c: Catch empty file case. From Tobias
+ Stoeckmann.
+
+2006-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * random_password.c (generate_password): memory leak in error
+ condition case From Coverity NetBSD CID#1887
+
+2006-02-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cpw.c (cpw_entry): make sure ret have a defined value
+
+ * del.c (del_entry): make sure ret have a defined value
+
+ * mod.c: Return error code so that toplevel function can catch
+ them.
+
+2006-01-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cpw.c (cpw_entry): return 1 on failure.
+
+ * rename.c (rename_entry): return 1 on failure.
+
+ * del.c (del_entry): return 1 on failure.
+
+ * ank.c (add_new_key): return 1 on failure.
+
+ * get.c: Add printing of pkinit-acls. Don't print password by
+ default. Return 1 on failure processing any of the principals.
+
+ * util.c (foreach_principal): If any of calls to `func' failes,
+ the first error is returned when all principals are processed.
+
+2005-12-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadmin-commands.in: Add ank as an alias to add, it lost in
+ transition to slc, from M\xE5ns Nilsson.
+
+2005-09-14 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * dump-format.txt: Add extensions, fill in missing fields.
+
+2005-09-08 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * init.c (create_random_entry): create principal with random
+ password even though its disabled. From Andrew Bartlet
+ <abartlet at samba.org>
+
+2005-09-01 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadm_conn.c: Use socket_set_reuseaddr and socket_set_ipv6only.
+
+2005-08-11 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * get.c: Remove structure that is never used (sneaked in the large
+ TL_DATA patch).
+
+ * kadmin-commands.in: Rename password-quality to
+ verify-password-quality.
+
+ * get.c: Indent.
+
+ * server.c: Avoid shadowing exp().
+
+ * load.c: Parse extensions.
+
+ * kadmin_locl.h: Include <hex.h>.
+
+ * get.c: Extend struct field_name to have a subvalue and a
+ extra_mask. Use that to implement printing of KADM5_TL_DATA
+ options and fix a dependency bug (keys needed principal to print
+ the salting).
+
+2005-07-08 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * lower amount of shadow and const warnings
+
+2005-06-07 David Love <fx at gnu.org>
+
+ * dump-format.txt: Clarify, spelling and add examples.
+
+2005-05-30 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * util.c (kdb_attrs): add ok-as-delegate
+
+ * get.c (getit): init data.mask to 0. Problem found by Andrew
+ Bartlett <abartlet at samba.org>
+
+2005-05-09 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.c (main): catch -2 as EOF
+
+2005-05-03 Dave Love <d.love at dl.ac.uk>
+
+ * init.c (init): Don't disable forwardable for kadmin/changepw.
+
+2005-05-02 Dave Love <d.love at dl.ac.uk>
+
+ * kadmin.c (help): Don't use non-constant initializer for `fake'.
+
+2005-04-20 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * util.c (foreach_principal): initialize ret to make sure it have
+ a value
+
+2005-04-04 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.c: add verifier libraries with
+ kadm5_add_passwd_quality_verifier
+
+ * kadmin.c: add verifier libraries with
+ kadm5_add_passwd_quality_verifier
+
+ * load.c: max-life and max-renew is of unsigned int in asn1
+ compiler, use that for the parser too
+
+2005-03-26 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.8: List of attributes, from James F. Hranicky
+ <jfh at cise.ufl.edu>
+
+2005-01-19 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * dump.c (dump): handle errors
+
+2005-01-08 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * dump-format.txt: text dump format
+
+2004-12-08 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.8: use keeps around options, from OpenBSD
+
+ * kadmin.8: use keeps around options, "improve" spelling, from
+ openbsd
+
+2004-11-01 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * get.c (getit): always free columns
+
+ * ank.c (add_one_principal): catch error from
+ UI_UTIL_read_pw_string
+
+2004-10-31 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * del_enctype.c (del_enctype): fix off-by-one error in del_enctype
+ From: <ragge at ludd.luth.se>
+
+2004-08-13 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * get.c: print keytypes on long format
+
+2004-07-06 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * get.c (format_field): allow mod_name to be optional
+
+ * ext.c (do_ext_keytab): if there isn't any keydata, try using
+ kadm5_randkey_principal
+
+2004-07-02 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * load.c: make merge/load work again
+
+ * del.c: fix usage string
+
+ * ank.c: fix slc lossage
+
+2004-06-28 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.c: use kadm5_ad_init_with_password_ctx
+
+2004-06-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmin.8: document get -o and stash
+
+ * get.c: implement output column selection, similar to ps -o
+
+ * kadmin-commands.in: make get -l the default again, and add
+ column selection flag; sync list with get
+
+2004-06-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmin-commands.in: mod needs default kvno of -1
+
+2004-06-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmin: convert to use slc; also add stash subcommand
+
+2004-06-15 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.c (main): keytab mode requires principal name
+
+2004-06-12 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.c: drop keyfile, not used, found by
+ Elrond <elrond at samba-tng.org>
+
+ * kadmin.c: if keyfile is set, pass in to libkadm5 bug pointed out
+ by Elrond <elrond at samba-tng.org>
+
+2004-05-31 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.c: add --ad flag, XXX rewrite the init kadm5 interface
+
+2004-05-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * nuke kerberos 4 kadmin goo
+
+2004-05-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * util.c (str2time_t): fix end-of-day logic, from Duncan
+ McEwan/Mark Davies.
+
+2004-04-29 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * version4.c (handle_v4): make sure length is longer then 2,
+ Pointed out by Evgeny Demidov <demidov at gleg.net>
+
+ * kadmind.c: make kerberos4 support default turned off
+
+2004-03-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmin.8: update manpage
+
+ * mod.c: allow wildcarding principals, and make parameters a work
+ same as if prompted
+
+2004-03-08 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.8: document password-quality
+
+ * kadmin_locl.h: add prototype for password_quality
+
+ * kadmin.c: add password-quality/pwq command
+
+ * Makefile.am: kadmin_SOURCES += pw_quality.c
+
+ * pw_quality.c: test run the password quality function
+
+2004-03-07 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * ank.c (add_one_principal): even though the principal is disabled
+ (creation of random key/keydata), create it with a random password
+
+2003-12-07 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * init.c (create_random_entry): print error message on failure
+
+ * ank.c (add_one_principal): pass right argument to
+ kadm5_free_principal_ent From Panasas, Inc
+
+2003-11-18 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.c (main): move opening the logfile to after reading
+ kdc.conf move the loading of hdb keytab ops closer to where its
+ used From: Jeffrey Hutzelman <jhutz at cmu.edu>
+
+2003-10-04 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * util.c (str2time_t): allow whitespace between date and time
+ From: Bob Beck <beck at cvs.openbsd.org> and adharw at yahoo.com
+
+2003-09-03 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * ank.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * cpw.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+2003-08-21 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * get.c (print_entry_terse): handle error when unparsing name
+
+2003-08-18 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.c (main): use krb5_prepend_config_files_default, now all
+ options in kdc.conf is parsed, not just [kdc]key-file=
+
+ * kadmin.c (main): use krb5_prepend_config_files_default, now all
+ options in kdc.conf is parsed, not just [kdc]key-file=
+
+2003-04-14 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * util.c: cast argument to tolower to unsigned char, from
+ Christian Biere <christianbiere at gmx.de> via NetBSD
+
+2003-04-06 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.8: s/kerberos/Kerberos/
+
+2003-03-31 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmin.8: initialises -> initializes, from Perry E. Metzger"
+ <perry at piermont.com>
+
+ * kadmin.c: principal, not pricipal. From Thomas Klausner
+ <wiz at netbsd.org>
+
+2003-02-04 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * kadmind.8: spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
+
+ * kadmin.8: spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
+
+2003-01-29 Love H\xF6rquist \xC5strand <lha at it.su.se>
+
+ * server.c (kadmind_dispatch): kadm_chpass: require the password
+ to pass the password quality check in case the user changes the
+ user's own password kadm_chpass_with_key: disallow the user to
+ change it own password to a key, since that password might violate
+ the password quality check.
+
+2002-12-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * util.c (get_response): print a newline if interrupted
+
+ * mod.c (mod_entry): check return value from edit_entry
+
+ * ank.c (add_one_principal): check return value from edit_entry
+
+ * ank.c (add_one_principal): don't continue if create_principal
+ fails
+
+ * init.c: check return value from edit_deltat
+
+ * init.c: add --help
+
+2002-10-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * version4.c: speling (from Tomas Olsson)
+
+2002-10-23 Assar Westerlund <assar at kth.se>
+
+ * version4.c (decode_packet): check the length of the version
+ string and that rlen has a reasonable value
+
+2002-10-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * version4.c: check size of rlen
+
+2002-09-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * server.c: constify match_appl_version()
+
+ * version4.c: change some lingering krb_err_base
+
+2002-09-09 Jacques Vidrine <nectar at kth.se>
+
+ * server.c (kadmind_dispatch): while decoding arguments for
+ kadm_chpass_with_key, sanity check the number of keys given.
+ Potential problem pointed out by
+ Sebastian Krahmer <krahmer at suse.de>.
+
+2002-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * load.c (parse_generation): return if there is no generation
+ (spotted by Daniel Kouril)
+
+2002-06-07 Jacques Vidrine <n at nectar.com>
+
+ * ank.c: do not attempt to free uninitialized pointer when
+ kadm5_randkey_principal fails.
+
+2002-06-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * util.c: remove unused variable; reported by Hans Insulander
+
+2002-03-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmind.8: clarify some acl wording, and add an example file
+
+2002-02-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * ext.c: no need to use the "modify" keytab anymore
+
+2001-09-20 Assar Westerlund <assar at sics.se>
+
+ * add-random-users.c: allocate several buffers for the list of
+ words, instead of one strdup per word (running under efence does
+ not work very well otherwise)
+
+2001-09-13 Assar Westerlund <assar at sics.se>
+
+ * add-random-users.c: allow specifying the number of users to
+ create
+
+2001-08-24 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: rename variable name to avoid error from current
+ automake
+
+2001-08-22 Assar Westerlund <assar at sics.se>
+
+ * kadmin_locl.h: include libutil.h if it exists
+
+2001-08-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * util.c: do something to handle C-c in prompts
+
+ * load.c: remove unused etypes code, and add parsing of the
+ generation field
+
+ * ank.c: add a --use-defaults option to just use default values
+ without questions
+
+ * kadmin.c: add "del" alias for delete
+
+ * cpw.c: call this operation "passwd" in usage
+
+ * kadmin_locl.h: prototype for set_defaults
+
+ * util.c (edit_entry): move setting of default values to a
+ separate function, set_defaults
+
+2001-08-01 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmin.c: print help message on bad options
+
+2001-07-31 Assar Westerlund <assar at sics.se>
+
+ * add-random-users.c (main): handle --version
+
+2001-07-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * load.c: increase line buffer to 8k
+
+2001-06-12 Assar Westerlund <assar at sics.se>
+
+ * ext.c (ext_keytab): use the default modify keytab per default
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
+
+2001-05-15 Assar Westerlund <assar at sics.se>
+
+ * kadmin.c (main): some error cleaning required
+
+2001-05-14 Assar Westerlund <assar at sics.se>
+
+ * kadmind.c: new krb5_config_parse_file
+ * kadmin.c: new krb5_config_parse_file
+ * kadm_conn.c: update to new krb5_sockaddr2address
+
+2001-05-07 Assar Westerlund <assar at sics.se>
+
+ * kadmin_locl.h (foreach_principal): update prototype
+ * get.c (getit): new foreach_principal
+ * ext.c (ext_keytab): new foreach_principal
+ * del.c (del_entry): new foreach_principal
+ * cpw.c (cpw_entry): new foreach_principal
+ * util.c (foreach_principal): add `funcname' and try printing the
+ error string
+
+2001-05-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * rename.c: fix argument number test
+
+2001-04-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * del_enctype.c: fix argument count check after getarg change;
+ spotted by mark at MCS.VUW.AC.NZ
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * kadmind.c (main): use a `struct sockaddr_storage' to be able to
+ store all types of addresses
+
+2001-02-07 Assar Westerlund <assar at sics.se>
+
+ * kadmin.c: add --keytab / _K, from Leif Johansson
+ <leifj at it.su.se>
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * kadm_conn.c (spawn_child): close the newly created socket in the
+ packet, it's not used. from <shadow at dementia.org>
+ * version4.c (decode_packet): check success of
+ krb5_425_conv_principal. from <shadow at dementia.org>
+
+2001-01-12 Assar Westerlund <assar at sics.se>
+
+ * util.c (parse_attributes): make empty string mean no attributes,
+ specifying the empty string at the command line should give you no
+ attributes, but just pressing return at the prompt gives you
+ default attributes
+ (edit_entry): only pick up values from the default principal if they
+ aren't set in the principal being edited
+
+2001-01-04 Assar Westerlund <assar at sics.se>
+
+ * load.c (doit): print an error and bail out if storing an entry
+ in the database fails. The most likely reason for it failing is
+ out-of-space.
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * kadmind.c (main): handle krb5_init_context failure consistently
+ * kadmin.c (main): handle krb5_init_context failure consistently
+ * add-random-users.c (add_user): handle krb5_init_context failure
+ consistently
+
+ * kadm_conn.c (spawn_child): use a struct sockaddr_storage
+
+2000-12-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * get.c: avoid asprintf'ing NULL strings
+
+2000-12-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * load.c: fix option parsing
+
+2000-11-16 Assar Westerlund <assar at sics.se>
+
+ * kadm_conn.c (wait_for_connection): check for fd's being too
+ large to select on
+
+2000-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * get.c: don't try to print modifier name if it isn't set (from
+ Jacques A. Vidrine" <n at nectar.com>)
+
+2000-09-19 Assar Westerlund <assar at sics.se>
+
+ * server.c (kadmind_loop): send in keytab to v4 handling function
+ * version4.c: allow the specification of what keytab to use
+
+ * get.c (print_entry_long): actually print the actual saltvalue
+ used if it's not the default
+
+2000-09-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmin.c: add option parsing, and add `privs' as an alias for
+ `privileges'
+
+ * init.c: complain if there's no realm name specified
+
+ * rename.c: add option parsing
+
+ * load.c: add option parsing
+
+ * get.c: make `get' and `list' aliases to each other, but with
+ different defaults
+
+ * del_enctype.c: add option parsing
+
+ * del.c: add option parsing
+
+ * ank.c: calling the command `add' make more sense from an english
+ pov
+
+ * Makefile.am: add kadmin manpage
+
+ * kadmin.8: short manpage
+
+ * kadmin.c: `quit' should be a alias for `exit', not `help'
+
+2000-08-27 Assar Westerlund <assar at sics.se>
+
+ * server.c (handle_v5): do not try to perform stupid stunts when
+ printing errors
+
+2000-08-19 Assar Westerlund <assar at sics.se>
+
+ * util.c (str2time_t): add alias for `now'.
+
+2000-08-18 Assar Westerlund <assar at sics.se>
+
+ * server.c (handle_v5): accept any kadmin/admin@* principal as the
+ server
+ * kadmind.c: remove extra prototype of kadmind_loop
+ * kadmin_locl.h (kadmind_loop): add prototype
+
+ * init.c (usage): print init-usage and not add-dito
+
+2000-08-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmind.c: use roken_getsockname
+
+2000-08-07 Assar Westerlund <assar at sics.se>
+
+ * kadmind.c, kadm_conn.c: use socklen_t instead of int where
+ appropriate. From <thorpej at netbsd.org>
+
+2000-08-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: link with pidfile library
+
+ * kadmind.c: write a pid file, and setup password quality
+ functions
+
+ * kadmin_locl.h: util.h
+
+2000-07-27 Assar Westerlund <assar at sics.se>
+
+ * version4.c (decode_packet): be totally consistent with the
+ prototype of des_cbc_cksum
+ * kadmind.c: use sa_size instead of sa_len, some systems define
+ this to emulate anonymous unions
+ * kadm_conn.c: use sa_size instead of sa_len, some systems define
+ this to emulate anonymous unions
+
+2000-07-24 Assar Westerlund <assar at sics.se>
+
+ * kadmin.c (commands): add quit
+ * load.c (doit): truncate the log since there's no way of knowing
+ what changes are going to be added
+
+2000-07-23 Assar Westerlund <assar at sics.se>
+
+ * util.c (str2time_t): be more careful with strptime that might
+ zero out the `struct tm'
+
+2000-07-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadm_conn.c: make the parent process wait for children and
+ terminate after receiving a signal, also terminate on SIGINT
+
+2000-07-22 Assar Westerlund <assar at sics.se>
+
+ * version4.c: map both princ_expire_time and pw_expiration to v4
+ principal expiration
+
+2000-07-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * version4.c (handle_v4): check for termination
+
+ * server.c (v5_loop): check for termination
+
+ * kadm_conn.c (wait_term): if we're doing something, set just set
+ a flag otherwise exit rightaway
+
+ * server.c: use krb5_read_priv_message; (v5_loop): check for EOF
+
+2000-07-21 Assar Westerlund <assar at sics.se>
+
+ * kadm_conn.c: remove sys/select.h. make signal handlers
+ type-correct and static
+
+ * kadmin_locl.h: add limits.h and sys/select.h
+
+2000-07-20 Assar Westerlund <assar at sics.se>
+
+ * init.c (init): also create `kadmin/hprop'
+ * kadmind.c: ports is a string argument
+ * kadm_conn.c (start_server): fix printf format
+
+ * kadmin_locl.h: add <sys/select.h>
+ * kadm_conn.c: remove sys/select.h. make signal handlers
+ type-correct and static
+
+ * kadmin_locl.h: add limits.h and sys/select.h
+
+2000-07-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadm_conn.c: put all processes in a new process group
+
+ * server.c (v5_loop): use krb5_{read,write}_priv_message
+
+2000-07-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * version4.c: change log strings to match the v5 counterparts
+
+ * mod.c: allow setting kvno
+
+ * kadmind.c: if stdin is not a socket create and listen to sockets
+
+ * kadm_conn.c: socket creation functions
+
+ * util.c (deltat2str): treat 0 and INT_MAX as never
+
+2000-07-08 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (INCLUDES): add ../lib/krb5
+ * kadmin_locl.h: add krb5_locl.h (since we just use some stuff
+ from there)
+
+2000-06-07 Assar Westerlund <assar at sics.se>
+
+ * add-random-users.c: new testing program that adds a number of
+ randomly generated users
+
+2000-04-12 Assar Westerlund <assar at sics.se>
+
+ * cpw.c (do_cpw_entry): call set_password if no argument is given,
+ it will prompt for the password.
+ * kadmin.c: make help only print the commands that are actually
+ available.
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * del_enctype.c (del_enctype): set ignore correctly
+
+2000-04-02 Assar Westerlund <assar at sics.se>
+
+ * kadmin.c (main): make parse errors a fatal error
+ * init.c (init): create changepw/kerberos with disallow-tgt and
+ pwchange attributes
+
+2000-03-23 Assar Westerlund <assar at sics.se>
+
+ * util.c (hex2n, parse_des_key): add
+ * server.c (kadmind_dispatch): add kadm_chpass_with_key
+ * cpw.c: add --key
+ * ank.c: add --key
+
+2000-02-16 Assar Westerlund <assar at sics.se>
+
+ * load.c (doit): check return value from parse_hdbflags2int
+ correctly
+
+2000-01-25 Assar Westerlund <assar at sics.se>
+
+ * load.c: checking all parsing for errors and all memory
+ allocations also
+
+2000-01-02 Assar Westerlund <assar at sics.se>
+
+ * server.c: check initial flag in ticket and allow users to change
+ their own password if it's set
+ * ext.c (do_ext_keytab): set timestamp
+
+1999-12-14 Assar Westerlund <assar at sics.se>
+
+ * del_enctype.c (usage): don't use arg_printusage
+
+1999-11-25 Assar Westerlund <assar at sics.se>
+
+ * del_enctype.c (del_enctype): try not to leak memory
+
+ * version4.c (kadm_ser_mod): use kadm5_s_modify_principal (no
+ _with_key)
+
+ * kadmin.c: add `del_enctype'
+
+ * del_enctype.c (del_enctype): new function for deleting enctypes
+ from a principal
+
+ * Makefile.am (kadmin_SOURCES): add del_enctype.c
+
+1999-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * server.c: cope with old clients
+
+ * kadmin_locl.h: remove version string
+
+1999-10-17 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (kadmin_LDADD): add LIB_dlopen
+
+1999-10-01 Assar Westerlund <assar at sics.se>
+
+ * ank.c (add_one_principal): `password' can cactually be NULL in
+ the overwrite code, check for it.
+
+1999-09-20 Assar Westerlund <assar at sics.se>
+
+ * mod.c (mod_entry): print the correct principal name in error
+ messages. From Love <lha at e.kth.se>
+
+1999-09-10 Assar Westerlund <assar at sics.se>
+
+ * init.c (init): also create `changepw/kerberos'
+
+ * version4.c: only create you loose packets when we fail decoding
+ and not when an operation is not performed for some reason
+ (decode_packet): read the service key from the hdb
+ (dispatch, decode_packet): return proper error messages
+
+ * version4.c (kadm_ser_cpw): add password quality functions
+
+1999-08-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * server.c (handle_v5): give more informative message if
+ KRB5_KT_NOTFOUND
+
+1999-08-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * kadmind.c: use HDB keytabs
+
+1999-08-25 Assar Westerlund <assar at sics.se>
+
+ * cpw.c (set_password): use correct variable. From Love
+ <lha at e.kth.se>
+
+ * server.c (v5_loop): use correct error code
+
+ * ank.c (add_one_principal): initialize `default_ent'
+
+1999-08-21 Assar Westerlund <assar at sics.se>
+
+ * random_password.c: new file, stolen from krb4
+
+ * kadmin_locl.h: add prototype for random_password
+
+ * cpw.c: add support for --random-password
+
+ * ank.c: add support for --random-password
+
+ * Makefile.am (kadmin_SOURCES): add random_password.c
+
+1999-08-19 Assar Westerlund <assar at sics.se>
+
+ * util.c (edit_timet): break when we manage to parse the time not
+ the inverse.
+
+ * mod.c: add parsing of lots of options. From Love
+ <lha at stacken.kth.se>
+
+ * ank.c: add setting of expiration and password expiration
+
+ * kadmin_locl.h: update util.c prototypes
+
+ * util.c: move-around. clean-up, rename, make consistent (and
+ some other weird stuff). based on patches from Love
+ <lha at stacken.kth.se>
+
+ * version4.c (kadm_ser_cpw): initialize password
+ (handle_v4): remove unused variable `ret'
+
+1999-08-16 Assar Westerlund <assar at sics.se>
+
+ * version4.c (handle_v4): more error checking and more correct
+ error messages
+
+ * server.c (v5_loop, kadmind_loop): more error checking and more
+ correct error messages
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * util.c (str2timeval, edit_time): functions for parsing and
+ editing times. Based on patches from Love <lha at stacken.kth.se>.
+ (edit_entry): call new functions
+
+ * mod.c (mod_entry): allow modifying expiration times
+
+ * kadmin_locl.h (str2timeval): add prototype
+
+ * ank.c (add_one_principal): allow setting expiration times
+
+1999-07-03 Assar Westerlund <assar at sics.se>
+
+ * server.c (v5_loop): handle data allocation with krb5_data_alloc
+ and check return value
+
+1999-06-23 Assar Westerlund <assar at sics.se>
+
+ * version4.c (kadm_ser_cpw): read the key in the strange order
+ it's sent
+
+ * util.c (edit_entry): look at default
+ (edit_time): always set mask even if value == 0
+
+ * kadmin_locl.h (edit_entry): update
+
+ * ank.c: make ank use the values of the default principal for
+ prompting
+
+ * version4.c (values_to_ent): convert key data correctly
+
+1999-05-23 Assar Westerlund <assar at sics.se>
+
+ * init.c (create_random_entry): more correct setting of mask
+
+1999-05-21 Assar Westerlund <assar at sics.se>
+
+ * server.c (handle_v5): read sendauth version correctly.
+
+1999-05-14 Assar Westerlund <assar at sics.se>
+
+ * version4.c (error_code): try to handle really old krb4
+ distributions
+
+1999-05-11 Assar Westerlund <assar at sics.se>
+
+ * init.c (init): initialize realm_max_life and realm_max_rlife
+
+1999-05-07 Assar Westerlund <assar at sics.se>
+
+ * ank.c (add_new_key): initialize more variables
+
+1999-05-04 Assar Westerlund <assar at sics.se>
+
+ * version4.c (kadm_ser_cpw): always allow a user to change her
+ password
+ (kadm_ser_*): make logging work
+ clean-up and restructure
+
+ * kadmin_locl.h (set_entry): add prototype
+
+ * kadmin.c (usage): update usage string
+
+ * init.c (init): new arguments realm-max-ticket-life and
+ realm-max-renewable-life
+
+ * util.c (edit_time, edit_attributes): don't do anything if it's
+ already set
+ (set_entry): new function
+
+ * ank.c (add_new_key): new options for setting max-ticket-life,
+ max-renewable-life, and attributes
+
+ * server.c (v5_loop): remove unused variable
+
+ * kadmin_locl.h: add prototypes
+
+ * version4.c: re-insert krb_err.h and other miss
+
+ * server.c (kadmind_loop): break-up and restructure
+
+ * version4.c: add ACL checks more error code checks restructure
+
+1999-05-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * load.c: check for (un-)encrypted keys
+
+ * dump.c: use hdb_print_entry
+
+ * version4.c: version 4 support
+
+ * Makefile.am: link with krb4
+
+ * kadmin_locl.h: include <sys/un.h>
+
+ * server.c: move from lib/kadm5, and add basic support for krb4
+ kadmin protocol
+
+ * kadmind.c: move recvauth to kadmind_loop()
Added: vendor-crypto/heimdal/dist/kadmin/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,94 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+
+sbin_PROGRAMS = kadmin
+
+libexec_PROGRAMS = kadmind
+
+SLC = $(top_builddir)/lib/sl/slc
+
+man_MANS = kadmin.8 kadmind.8
+
+noinst_PROGRAMS = add_random_users
+
+dist_kadmin_SOURCES = \
+ ank.c \
+ add_enctype.c \
+ check.c \
+ cpw.c \
+ del.c \
+ del_enctype.c \
+ dump.c \
+ ext.c \
+ get.c \
+ init.c \
+ kadmin.c \
+ load.c \
+ mod.c \
+ rename.c \
+ stash.c \
+ util.c \
+ pw_quality.c \
+ random_password.c \
+ kadmin_locl.h
+
+nodist_kadmin_SOURCES = \
+ kadmin-commands.c \
+ kadmin-commands.h
+
+$(kadmin_OBJECTS): kadmin-commands.h
+
+CLEANFILES = kadmin-commands.h kadmin-commands.c
+
+kadmin-commands.c kadmin-commands.h: kadmin-commands.in
+ $(SLC) $(srcdir)/kadmin-commands.in
+
+kadmind_SOURCES = \
+ kadmind.c \
+ server.c \
+ kadmin_locl.h \
+ $(version4_c) \
+ kadm_conn.c
+
+add_random_users_SOURCES = add-random-users.c
+
+test_util_SOURCES = test_util.c util.c
+
+TESTS = test_util
+
+check_PROGRAMS = $(TESTS)
+
+LDADD_common = \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(LDADD_common) \
+ $(LIB_pidfile) \
+ $(LIB_dlopen)
+
+kadmin_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_readline) \
+ $(LDADD_common) \
+ $(LIB_dlopen)
+
+add_random_users_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(LDADD_common) \
+ $(LIB_dlopen)
+
+test_util_LDADD = $(kadmin_LDADD)
+
+EXTRA_DIST = $(man_MANS) kadmin-commands.in
Added: vendor-crypto/heimdal/dist/kadmin/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1069 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+sbin_PROGRAMS = kadmin$(EXEEXT)
+libexec_PROGRAMS = kadmind$(EXEEXT)
+noinst_PROGRAMS = add_random_users$(EXEEXT)
+TESTS = test_util$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = kadmin
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__EXEEXT_1 = test_util$(EXEEXT)
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \
+ "$(DESTDIR)$(man8dir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
+am_add_random_users_OBJECTS = add-random-users.$(OBJEXT)
+add_random_users_OBJECTS = $(am_add_random_users_OBJECTS)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+add_random_users_DEPENDENCIES = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_1)
+dist_kadmin_OBJECTS = ank.$(OBJEXT) add_enctype.$(OBJEXT) \
+ check.$(OBJEXT) cpw.$(OBJEXT) del.$(OBJEXT) \
+ del_enctype.$(OBJEXT) dump.$(OBJEXT) ext.$(OBJEXT) \
+ get.$(OBJEXT) init.$(OBJEXT) kadmin.$(OBJEXT) load.$(OBJEXT) \
+ mod.$(OBJEXT) rename.$(OBJEXT) stash.$(OBJEXT) util.$(OBJEXT) \
+ pw_quality.$(OBJEXT) random_password.$(OBJEXT)
+nodist_kadmin_OBJECTS = kadmin-commands.$(OBJEXT)
+kadmin_OBJECTS = $(dist_kadmin_OBJECTS) $(nodist_kadmin_OBJECTS)
+kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
+am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) \
+ kadm_conn.$(OBJEXT)
+kadmind_OBJECTS = $(am_kadmind_OBJECTS)
+kadmind_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_test_util_OBJECTS = test_util.$(OBJEXT) util.$(OBJEXT)
+test_util_OBJECTS = $(am_test_util_OBJECTS)
+am__DEPENDENCIES_3 = $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1)
+test_util_DEPENDENCIES = $(am__DEPENDENCIES_3)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \
+ $(nodist_kadmin_SOURCES) $(kadmind_SOURCES) \
+ $(test_util_SOURCES)
+DIST_SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \
+ $(kadmind_SOURCES) $(test_util_SOURCES)
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SLC = $(top_builddir)/lib/sl/slc
+man_MANS = kadmin.8 kadmind.8
+dist_kadmin_SOURCES = \
+ ank.c \
+ add_enctype.c \
+ check.c \
+ cpw.c \
+ del.c \
+ del_enctype.c \
+ dump.c \
+ ext.c \
+ get.c \
+ init.c \
+ kadmin.c \
+ load.c \
+ mod.c \
+ rename.c \
+ stash.c \
+ util.c \
+ pw_quality.c \
+ random_password.c \
+ kadmin_locl.h
+
+nodist_kadmin_SOURCES = \
+ kadmin-commands.c \
+ kadmin-commands.h
+
+CLEANFILES = kadmin-commands.h kadmin-commands.c
+kadmind_SOURCES = \
+ kadmind.c \
+ server.c \
+ kadmin_locl.h \
+ $(version4_c) \
+ kadm_conn.c
+
+add_random_users_SOURCES = add-random-users.c
+test_util_SOURCES = test_util.c util.c
+LDADD_common = \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(LDADD_common) \
+ $(LIB_pidfile) \
+ $(LIB_dlopen)
+
+kadmin_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_readline) \
+ $(LDADD_common) \
+ $(LIB_dlopen)
+
+add_random_users_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5clnt.la \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(LDADD_common) \
+ $(LIB_dlopen)
+
+test_util_LDADD = $(kadmin_LDADD)
+EXTRA_DIST = $(man_MANS) kadmin-commands.in
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kadmin/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps kadmin/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+ done
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES)
+ @rm -f add_random_users$(EXEEXT)
+ $(LINK) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS)
+kadmin$(EXEEXT): $(kadmin_OBJECTS) $(kadmin_DEPENDENCIES)
+ @rm -f kadmin$(EXEEXT)
+ $(LINK) $(kadmin_OBJECTS) $(kadmin_LDADD) $(LIBS)
+kadmind$(EXEEXT): $(kadmind_OBJECTS) $(kadmind_DEPENDENCIES)
+ @rm -f kadmind$(EXEEXT)
+ $(LINK) $(kadmind_OBJECTS) $(kadmind_LDADD) $(LIBS)
+test_util$(EXEEXT): $(test_util_OBJECTS) $(test_util_DEPENDENCIES)
+ @rm -f test_util$(EXEEXT)
+ $(LINK) $(test_util_OBJECTS) $(test_util_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool clean-noinstPROGRAMS clean-sbinPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS uninstall-man \
+ uninstall-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-checkPROGRAMS clean-generic \
+ clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
+ clean-sbinPROGRAMS ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-hook \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
+ uninstall-sbinPROGRAMS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(kadmin_OBJECTS): kadmin-commands.h
+
+kadmin-commands.c kadmin-commands.h: kadmin-commands.in
+ $(SLC) $(srcdir)/kadmin-commands.in
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/kadmin/add-random-users.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/add-random-users.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/add-random-users.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id: add-random-users.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#define WORDS_FILENAME "/usr/share/dict/words"
+
+#define NUSERS 1000
+
+#define WORDBUF_SIZE 65535
+
+static unsigned
+read_words (const char *filename, char ***ret_w)
+{
+ unsigned n, alloc;
+ FILE *f;
+ char buf[256];
+ char **w = NULL;
+ char *wbuf = NULL, *wptr = NULL, *wend = NULL;
+
+ f = fopen (filename, "r");
+ if (f == NULL)
+ err (1, "cannot open %s", filename);
+ alloc = n = 0;
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ size_t len;
+
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (n >= alloc) {
+ alloc = max(alloc + 16, alloc * 2);
+ w = erealloc (w, alloc * sizeof(char **));
+ }
+ len = strlen(buf);
+ if (wptr + len + 1 >= wend) {
+ wptr = wbuf = emalloc (WORDBUF_SIZE);
+ wend = wbuf + WORDBUF_SIZE;
+ }
+ memmove (wptr, buf, len + 1);
+ w[n++] = wptr;
+ wptr += len + 1;
+ }
+ if (n == 0)
+ errx(1, "%s is an empty file, no words to try", filename);
+ *ret_w = w;
+ return n;
+}
+
+static void
+add_user (krb5_context context, void *kadm_handle,
+ unsigned nwords, char **words)
+{
+ kadm5_principal_ent_rec princ;
+ char name[64];
+ int r1, r2;
+ krb5_error_code ret;
+ int mask;
+
+ r1 = rand();
+ r2 = rand();
+
+ snprintf (name, sizeof(name), "%s%d", words[r1 % nwords], r2 % 1000);
+
+ mask = KADM5_PRINCIPAL;
+
+ memset(&princ, 0, sizeof(princ));
+ ret = krb5_parse_name(context, name, &princ.principal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = kadm5_create_principal (kadm_handle, &princ, mask, name);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_create_principal");
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ printf ("%s\n", name);
+}
+
+static void
+add_users (const char *filename, unsigned n)
+{
+ krb5_error_code ret;
+ int i;
+ void *kadm_handle;
+ krb5_context context;
+ unsigned nwords;
+ char **words;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+ ret = kadm5_s_init_with_password_ctx(context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ NULL, 0, 0,
+ &kadm_handle);
+ if(ret)
+ krb5_err(context, 1, ret, "kadm5_init_with_password");
+
+ nwords = read_words (filename, &words);
+
+ for (i = 0; i < n; ++i)
+ add_user (context, kadm_handle, nwords, words);
+ kadm5_destroy(kadm_handle);
+ krb5_free_context(context);
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[filename [n]]");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+ int n = NUSERS;
+ const char *filename = WORDS_FILENAME;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+ if (help_flag)
+ usage (0);
+ if (version_flag) {
+ print_version(NULL);
+ return 0;
+ }
+ srand (0);
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc > 0) {
+ if (argc > 1)
+ n = atoi(argv[1]);
+ filename = argv[0];
+ }
+
+ add_users (filename, n);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/add_enctype.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/add_enctype.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/add_enctype.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 1999-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: add_enctype.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * del_enctype principal enctypes...
+ */
+
+int
+add_enctype(struct add_enctype_options*opt, int argc, char **argv)
+{
+ kadm5_principal_ent_rec princ;
+ krb5_principal princ_ent = NULL;
+ krb5_error_code ret;
+ const char *princ_name;
+ int i, j;
+ krb5_key_data *new_key_data;
+ int n_etypes;
+ krb5_enctype *etypes;
+
+ if (!opt->random_key_flag) {
+ krb5_warnx (context, "only random key is supported now");
+ return 0;
+ }
+
+ memset (&princ, 0, sizeof(princ));
+ princ_name = argv[0];
+ n_etypes = argc - 1;
+ etypes = malloc (n_etypes * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_warnx (context, "out of memory");
+ return 0;
+ }
+ argv++;
+ for (i = 0; i < n_etypes; ++i) {
+ ret = krb5_string_to_enctype (context, argv[i], &etypes[i]);
+ if (ret) {
+ krb5_warnx (context, "bad enctype \"%s\"", argv[i]);
+ goto out2;
+ }
+ }
+
+ ret = krb5_parse_name(context, princ_name, &princ_ent);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
+ goto out2;
+ }
+
+ ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
+ KADM5_PRINCIPAL | KADM5_KEY_DATA);
+ if (ret) {
+ krb5_free_principal (context, princ_ent);
+ krb5_warnx (context, "no such principal: %s", princ_name);
+ goto out2;
+ }
+
+ new_key_data = malloc((princ.n_key_data + n_etypes)
+ * sizeof(*new_key_data));
+ if (new_key_data == NULL) {
+ krb5_warnx (context, "out of memory");
+ goto out;
+ }
+
+ for (i = 0; i < princ.n_key_data; ++i) {
+ krb5_key_data *key = &princ.key_data[i];
+
+ for (j = 0; j < n_etypes; ++j) {
+ if (etypes[j] == key->key_data_type[0]) {
+ krb5_warnx(context, "enctype %d already exists",
+ (int)etypes[j]);
+ goto out;
+ }
+ }
+ new_key_data[i] = *key;
+ }
+
+ for (i = 0; i < n_etypes; ++i) {
+ int n = princ.n_key_data + i;
+ krb5_keyblock keyblock;
+
+ memset(&new_key_data[n], 0, sizeof(new_key_data[n]));
+ new_key_data[n].key_data_ver = 2;
+ new_key_data[n].key_data_kvno = 0;
+
+ ret = krb5_generate_random_keyblock (context, etypes[i], &keyblock);
+ if (ret) {
+ krb5_warnx(context, "genernate enctype %d failed", (int)etypes[i]);
+ while (--i >= 0)
+ free(new_key_data[--n].key_data_contents[0]);
+ goto out;
+ }
+
+ /* key */
+ new_key_data[n].key_data_type[0] = etypes[i];
+ new_key_data[n].key_data_contents[0] = malloc(keyblock.keyvalue.length);
+ if (new_key_data[n].key_data_contents[0] == NULL) {
+ ret = ENOMEM;
+ krb5_warn(context, ret, "out of memory");
+ while (--i >= 0)
+ free(new_key_data[--n].key_data_contents[0]);
+ goto out;
+ }
+ new_key_data[n].key_data_length[0] = keyblock.keyvalue.length;
+ memcpy(new_key_data[n].key_data_contents[0],
+ keyblock.keyvalue.data,
+ keyblock.keyvalue.length);
+ krb5_free_keyblock_contents(context, &keyblock);
+
+ /* salt */
+ new_key_data[n].key_data_type[1] = KRB5_PW_SALT;
+ new_key_data[n].key_data_length[1] = 0;
+ new_key_data[n].key_data_contents[1] = NULL;
+
+ }
+
+ free (princ.key_data);
+ princ.n_key_data += n_etypes;
+ princ.key_data = new_key_data;
+ new_key_data = NULL;
+
+ ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
+ if (ret)
+ krb5_warn(context, ret, "kadm5_modify_principal");
+out:
+ krb5_free_principal (context, princ_ent);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+out2:
+ free (etypes);
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/ank.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/ank.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/ank.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: ank.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * fetch the default principal corresponding to `princ'
+ */
+
+static krb5_error_code
+get_default (kadm5_server_context *context,
+ krb5_principal princ,
+ kadm5_principal_ent_t default_ent)
+{
+ krb5_error_code ret;
+ krb5_principal def_principal;
+ krb5_realm *realm = krb5_princ_realm(context->context, princ);
+
+ ret = krb5_make_principal (context->context, &def_principal,
+ *realm, "default", NULL);
+ if (ret)
+ return ret;
+ ret = kadm5_get_principal (context, def_principal, default_ent,
+ KADM5_PRINCIPAL_NORMAL_MASK);
+ krb5_free_principal (context->context, def_principal);
+ return ret;
+}
+
+/*
+ * Add the principal `name' to the database.
+ * Prompt for all data not given by the input parameters.
+ */
+
+static krb5_error_code
+add_one_principal (const char *name,
+ int rand_key,
+ int rand_password,
+ int use_defaults,
+ char *password,
+ krb5_key_data *key_data,
+ const char *max_ticket_life,
+ const char *max_renewable_life,
+ const char *attributes,
+ const char *expiration,
+ const char *pw_expiration)
+{
+ krb5_error_code ret;
+ kadm5_principal_ent_rec princ, defrec;
+ kadm5_principal_ent_rec *default_ent = NULL;
+ krb5_principal princ_ent = NULL;
+ int mask = 0;
+ int default_mask = 0;
+ char pwbuf[1024];
+
+ memset(&princ, 0, sizeof(princ));
+ ret = krb5_parse_name(context, name, &princ_ent);
+ if (ret) {
+ krb5_warn(context, ret, "krb5_parse_name");
+ return ret;
+ }
+ princ.principal = princ_ent;
+ mask |= KADM5_PRINCIPAL;
+
+ ret = set_entry(context, &princ, &mask,
+ max_ticket_life, max_renewable_life,
+ expiration, pw_expiration, attributes);
+ if (ret)
+ goto out;
+
+ default_ent = &defrec;
+ ret = get_default (kadm_handle, princ_ent, default_ent);
+ if (ret) {
+ default_ent = NULL;
+ default_mask = 0;
+ } else {
+ default_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
+ KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION;
+ }
+
+ if(use_defaults)
+ set_defaults(&princ, &mask, default_ent, default_mask);
+ else
+ if(edit_entry(&princ, &mask, default_ent, default_mask))
+ goto out;
+ if(rand_key || key_data) {
+ princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ mask |= KADM5_ATTRIBUTES;
+ random_password (pwbuf, sizeof(pwbuf));
+ password = pwbuf;
+ } else if (rand_password) {
+ random_password (pwbuf, sizeof(pwbuf));
+ password = pwbuf;
+ } else if(password == NULL) {
+ char *princ_name;
+ char *prompt;
+
+ krb5_unparse_name(context, princ_ent, &princ_name);
+ asprintf (&prompt, "%s's Password: ", princ_name);
+ free (princ_name);
+ ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
+ free (prompt);
+ if (ret) {
+ krb5_set_error_string(context, "failed to verify password");
+ ret = KRB5_LIBOS_BADPWDMATCH;
+ goto out;
+ }
+ password = pwbuf;
+ }
+
+ ret = kadm5_create_principal(kadm_handle, &princ, mask, password);
+ if(ret) {
+ krb5_warn(context, ret, "kadm5_create_principal");
+ goto out;
+ }
+ if(rand_key) {
+ krb5_keyblock *new_keys;
+ int n_keys, i;
+ ret = kadm5_randkey_principal(kadm_handle, princ_ent,
+ &new_keys, &n_keys);
+ if(ret){
+ krb5_warn(context, ret, "kadm5_randkey_principal");
+ n_keys = 0;
+ }
+ for(i = 0; i < n_keys; i++)
+ krb5_free_keyblock_contents(context, &new_keys[i]);
+ if (n_keys > 0)
+ free(new_keys);
+ kadm5_get_principal(kadm_handle, princ_ent, &princ,
+ KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
+ princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+ princ.kvno = 1;
+ kadm5_modify_principal(kadm_handle, &princ,
+ KADM5_ATTRIBUTES | KADM5_KVNO);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ } else if (key_data) {
+ ret = kadm5_chpass_principal_with_key (kadm_handle, princ_ent,
+ 3, key_data);
+ if (ret) {
+ krb5_warn(context, ret, "kadm5_chpass_principal_with_key");
+ }
+ kadm5_get_principal(kadm_handle, princ_ent, &princ,
+ KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
+ princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+ kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ } else if (rand_password) {
+ char *princ_name;
+
+ krb5_unparse_name(context, princ_ent, &princ_name);
+ printf ("added %s with password \"%s\"\n", princ_name, password);
+ free (princ_name);
+ }
+out:
+ if (princ_ent)
+ krb5_free_principal (context, princ_ent);
+ if(default_ent)
+ kadm5_free_principal_ent (kadm_handle, default_ent);
+ if (password != NULL)
+ memset (password, 0, strlen(password));
+ return ret;
+}
+
+/*
+ * parse the string `key_string' into `key', returning 0 iff succesful.
+ */
+
+/*
+ * the ank command
+ */
+
+/*
+ * Parse arguments and add all the principals.
+ */
+
+int
+add_new_key(struct add_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ int i;
+ int num;
+ krb5_key_data key_data[3];
+ krb5_key_data *kdp = NULL;
+
+ num = 0;
+ if (opt->random_key_flag)
+ ++num;
+ if (opt->random_password_flag)
+ ++num;
+ if (opt->password_string)
+ ++num;
+ if (opt->key_string)
+ ++num;
+
+ if (num > 1) {
+ fprintf (stderr, "give only one of "
+ "--random-key, --random-password, --password, --key\n");
+ return 1;
+ }
+
+ if (opt->key_string) {
+ const char *error;
+
+ if (parse_des_key (opt->key_string, key_data, &error)) {
+ fprintf (stderr, "failed parsing key \"%s\": %s\n",
+ opt->key_string, error);
+ return 1;
+ }
+ kdp = key_data;
+ }
+
+ for(i = 0; i < argc; i++) {
+ ret = add_one_principal (argv[i],
+ opt->random_key_flag,
+ opt->random_password_flag,
+ opt->use_defaults_flag,
+ opt->password_string,
+ kdp,
+ opt->max_ticket_life_string,
+ opt->max_renewable_life_string,
+ opt->attributes_string,
+ opt->expiration_time_string,
+ opt->pw_expiration_time_string);
+ if (ret) {
+ krb5_warn (context, ret, "adding %s", argv[i]);
+ break;
+ }
+ }
+ if (kdp) {
+ int16_t dummy = 3;
+ kadm5_free_key_data (kadm_handle, &dummy, key_data);
+ }
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/check.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/check.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/check.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Check database for strange configurations on default principals
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: check.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int
+get_check_entry(const char *name, kadm5_principal_ent_rec *ent)
+{
+ krb5_error_code ret;
+ krb5_principal principal;
+
+ ret = krb5_parse_name(context, name, &principal);
+ if (ret) {
+ krb5_warn(context, ret, "krb5_unparse_name: %s", name);
+ return 1;
+ }
+
+ memset(ent, 0, sizeof(*ent));
+ ret = kadm5_get_principal(kadm_handle, principal, ent, 0);
+ krb5_free_principal(context, principal);
+ if(ret)
+ return 1;
+
+ return 0;
+}
+
+
+static int
+do_check_entry(krb5_principal principal, void *data)
+{
+ krb5_error_code ret;
+ kadm5_principal_ent_rec princ;
+ char *name;
+ int i;
+
+ ret = krb5_unparse_name(context, principal, &name);
+ if (ret)
+ return 1;
+
+ memset (&princ, 0, sizeof(princ));
+ ret = kadm5_get_principal(kadm_handle, principal, &princ,
+ KADM5_PRINCIPAL | KADM5_KEY_DATA);
+ if(ret) {
+ krb5_warn(context, ret, "Failed to get principal: %s", name);
+ free(name);
+ return 0;
+ }
+
+ for (i = 0; i < princ.n_key_data; i++) {
+ size_t keysize;
+ ret = krb5_enctype_keysize(context,
+ princ.key_data[i].key_data_type[0],
+ &keysize);
+ if (ret == 0 && keysize != princ.key_data[i].key_data_length[0]) {
+ krb5_warnx(context,
+ "Principal %s enctype %d, wrong length: %lu\n",
+ name, princ.key_data[i].key_data_type[0],
+ (unsigned long)princ.key_data[i].key_data_length);
+ }
+ }
+
+ free(name);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+
+ return 0;
+}
+
+int
+check(void *opt, int argc, char **argv)
+{
+ kadm5_principal_ent_rec ent;
+ krb5_error_code ret;
+ char *realm = NULL, *p, *p2;
+ int found;
+
+ if (argc == 0) {
+ ret = krb5_get_default_realm(context, &realm);
+ if (ret) {
+ krb5_warn(context, ret, "krb5_get_default_realm");
+ goto fail;
+ }
+ } else {
+ realm = strdup(argv[0]);
+ if (realm == NULL) {
+ krb5_warnx(context, "malloc");
+ goto fail;
+ }
+ }
+
+ /*
+ * Check krbtgt/REALM at REALM
+ *
+ * For now, just check existance
+ */
+
+ if (asprintf(&p, "%s/%s@%s", KRB5_TGS_NAME, realm, realm) == -1) {
+ krb5_warn(context, errno, "asprintf");
+ goto fail;
+ }
+
+ ret = get_check_entry(p, &ent);
+ if (ret) {
+ printf("%s doesn't exist, are you sure %s is a realm in your database",
+ p, realm);
+ free(p);
+ goto fail;
+ }
+ free(p);
+
+ kadm5_free_principal_ent(kadm_handle, &ent);
+
+ /*
+ * Check kadmin/admin at REALM
+ */
+
+ if (asprintf(&p, "kadmin/admin@%s", realm) == -1) {
+ krb5_warn(context, errno, "asprintf");
+ goto fail;
+ }
+
+ ret = get_check_entry(p, &ent);
+ if (ret) {
+ printf("%s doesn't exist, "
+ "there is no way to do remote administration", p);
+ free(p);
+ goto fail;
+ }
+ free(p);
+
+ kadm5_free_principal_ent(kadm_handle, &ent);
+
+ /*
+ * Check kadmin/changepw at REALM
+ */
+
+ if (asprintf(&p, "kadmin/changepw@%s", realm) == -1) {
+ krb5_warn(context, errno, "asprintf");
+ goto fail;
+ }
+
+ ret = get_check_entry(p, &ent);
+ if (ret) {
+ printf("%s doesn't exist, "
+ "there is no way to do change password", p);
+ free(p);
+ goto fail;
+ }
+ free(p);
+
+ kadm5_free_principal_ent(kadm_handle, &ent);
+
+ /*
+ * Check for duplicate afs keys
+ */
+
+ p2 = strdup(realm);
+ if (p2 == NULL) {
+ krb5_warn(context, errno, "malloc");
+ free(p);
+ goto fail;
+ }
+ strlwr(p2);
+
+ if (asprintf(&p, "afs/%s@%s", p2, realm) == -1) {
+ krb5_warn(context, errno, "asprintf");
+ free(p2);
+ goto fail;
+ }
+ free(p2);
+
+ ret = get_check_entry(p, &ent);
+ free(p);
+ if (ret == 0) {
+ kadm5_free_principal_ent(kadm_handle, &ent);
+ found = 1;
+ } else
+ found = 0;
+
+ if (asprintf(&p, "afs@%s", realm) == -1) {
+ krb5_warn(context, errno, "asprintf");
+ goto fail;
+ }
+
+ ret = get_check_entry(p, &ent);
+ free(p);
+ if (ret == 0) {
+ kadm5_free_principal_ent(kadm_handle, &ent);
+ if (found) {
+ krb5_warnx(context, "afs at REALM and afs/cellname at REALM both exists");
+ goto fail;
+ }
+ }
+
+ foreach_principal("*", do_check_entry, "check", NULL);
+
+ free(realm);
+ return 0;
+fail:
+ free(realm);
+ return 1;
+}
Added: vendor-crypto/heimdal/dist/kadmin/cpw.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/cpw.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/cpw.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,184 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: cpw.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct cpw_entry_data {
+ int random_key;
+ int random_password;
+ char *password;
+ krb5_key_data *key_data;
+};
+
+static int
+set_random_key (krb5_principal principal)
+{
+ krb5_error_code ret;
+ int i;
+ krb5_keyblock *keys;
+ int num_keys;
+
+ ret = kadm5_randkey_principal(kadm_handle, principal, &keys, &num_keys);
+ if(ret)
+ return ret;
+ for(i = 0; i < num_keys; i++)
+ krb5_free_keyblock_contents(context, &keys[i]);
+ free(keys);
+ return 0;
+}
+
+static int
+set_random_password (krb5_principal principal)
+{
+ krb5_error_code ret;
+ char pw[128];
+
+ random_password (pw, sizeof(pw));
+ ret = kadm5_chpass_principal(kadm_handle, principal, pw);
+ if (ret == 0) {
+ char *princ_name;
+
+ krb5_unparse_name(context, principal, &princ_name);
+
+ printf ("%s's password set to \"%s\"\n", princ_name, pw);
+ free (princ_name);
+ }
+ memset (pw, 0, sizeof(pw));
+ return ret;
+}
+
+static int
+set_password (krb5_principal principal, char *password)
+{
+ krb5_error_code ret = 0;
+ char pwbuf[128];
+
+ if(password == NULL) {
+ char *princ_name;
+ char *prompt;
+
+ krb5_unparse_name(context, principal, &princ_name);
+ asprintf(&prompt, "%s's Password: ", princ_name);
+ free (princ_name);
+ ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
+ free (prompt);
+ if(ret){
+ return 0; /* XXX error code? */
+ }
+ password = pwbuf;
+ }
+ if(ret == 0)
+ ret = kadm5_chpass_principal(kadm_handle, principal, password);
+ memset(pwbuf, 0, sizeof(pwbuf));
+ return ret;
+}
+
+static int
+set_key_data (krb5_principal principal, krb5_key_data *key_data)
+{
+ krb5_error_code ret;
+
+ ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
+ 3, key_data);
+ return ret;
+}
+
+static int
+do_cpw_entry(krb5_principal principal, void *data)
+{
+ struct cpw_entry_data *e = data;
+
+ if (e->random_key)
+ return set_random_key (principal);
+ else if (e->random_password)
+ return set_random_password (principal);
+ else if (e->key_data)
+ return set_key_data (principal, e->key_data);
+ else
+ return set_password (principal, e->password);
+}
+
+int
+cpw_entry(struct passwd_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ int i;
+ struct cpw_entry_data data;
+ int num;
+ krb5_key_data key_data[3];
+
+ data.random_key = opt->random_key_flag;
+ data.random_password = opt->random_password_flag;
+ data.password = opt->password_string;
+ data.key_data = NULL;
+
+ num = 0;
+ if (data.random_key)
+ ++num;
+ if (data.random_password)
+ ++num;
+ if (data.password)
+ ++num;
+ if (opt->key_string)
+ ++num;
+
+ if (num > 1) {
+ fprintf (stderr, "give only one of "
+ "--random-key, --random-password, --password, --key\n");
+ return 1;
+ }
+
+ if (opt->key_string) {
+ const char *error;
+
+ if (parse_des_key (opt->key_string, key_data, &error)) {
+ fprintf (stderr, "failed parsing key \"%s\": %s\n",
+ opt->key_string, error);
+ return 1;
+ }
+ data.key_data = key_data;
+ }
+
+ for(i = 0; i < argc; i++)
+ ret = foreach_principal(argv[i], do_cpw_entry, "cpw", &data);
+
+ if (data.key_data) {
+ int16_t dummy;
+ kadm5_free_key_data (kadm_handle, &dummy, key_data);
+ }
+
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/del.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/del.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/del.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: del.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int
+do_del_entry(krb5_principal principal, void *data)
+{
+ return kadm5_delete_principal(kadm_handle, principal);
+}
+
+int
+del_entry(void *opt, int argc, char **argv)
+{
+ int i;
+ krb5_error_code ret = 0;
+
+ for(i = 0; i < argc; i++) {
+ ret = foreach_principal(argv[i], do_del_entry, "del", NULL);
+ if (ret)
+ break;
+ }
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/del_enctype.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/del_enctype.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/del_enctype.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 1999-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: del_enctype.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * del_enctype principal enctypes...
+ */
+
+int
+del_enctype(void *opt, int argc, char **argv)
+{
+ kadm5_principal_ent_rec princ;
+ krb5_principal princ_ent = NULL;
+ krb5_error_code ret;
+ const char *princ_name;
+ int i, j, k;
+ krb5_key_data *new_key_data;
+ int n_etypes;
+ krb5_enctype *etypes;
+
+ memset (&princ, 0, sizeof(princ));
+ princ_name = argv[0];
+ n_etypes = argc - 1;
+ etypes = malloc (n_etypes * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_warnx (context, "out of memory");
+ return 0;
+ }
+ argv++;
+ for (i = 0; i < n_etypes; ++i) {
+ ret = krb5_string_to_enctype (context, argv[i], &etypes[i]);
+ if (ret) {
+ krb5_warnx (context, "bad enctype \"%s\"", argv[i]);
+ goto out2;
+ }
+ }
+
+ ret = krb5_parse_name(context, princ_name, &princ_ent);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_parse_name %s", princ_name);
+ goto out2;
+ }
+
+ ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
+ KADM5_PRINCIPAL | KADM5_KEY_DATA);
+ if (ret) {
+ krb5_free_principal (context, princ_ent);
+ krb5_warnx (context, "no such principal: %s", princ_name);
+ goto out2;
+ }
+
+ new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data));
+ if (new_key_data == NULL) {
+ krb5_warnx (context, "out of memory");
+ goto out;
+ }
+
+ for (i = 0, j = 0; i < princ.n_key_data; ++i) {
+ krb5_key_data *key = &princ.key_data[i];
+ int docopy = 1;
+
+ for (k = 0; k < n_etypes; ++k)
+ if (etypes[k] == key->key_data_type[0]) {
+ docopy = 0;
+ break;
+ }
+ if (docopy) {
+ new_key_data[j++] = *key;
+ } else {
+ int16_t ignore = 1;
+
+ kadm5_free_key_data (kadm_handle, &ignore, key);
+ }
+ }
+
+ free (princ.key_data);
+ princ.n_key_data = j;
+ princ.key_data = new_key_data;
+
+ ret = kadm5_modify_principal (kadm_handle, &princ, KADM5_KEY_DATA);
+ if (ret)
+ krb5_warn(context, ret, "kadm5_modify_principal");
+out:
+ krb5_free_principal (context, princ_ent);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+out2:
+ free (etypes);
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/dump.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/dump.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/dump.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+#include <kadm5/private.h>
+
+RCSID("$Id: dump.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+extern int local_flag;
+
+int
+dump(struct dump_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ FILE *f;
+ HDB *db = NULL;
+
+ if(!local_flag) {
+ krb5_warnx(context, "dump is only available in local (-l) mode");
+ return 0;
+ }
+
+ db = _kadm5_s_get_db(kadm_handle);
+
+ if(argc == 0)
+ f = stdout;
+ else
+ f = fopen(argv[0], "w");
+
+ if(f == NULL) {
+ krb5_warn(context, errno, "open: %s", argv[0]);
+ goto out;
+ }
+ ret = db->hdb_open(context, db, O_RDONLY, 0600);
+ if(ret) {
+ krb5_warn(context, ret, "hdb_open");
+ goto out;
+ }
+
+ hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0,
+ hdb_print_entry, f);
+
+ db->hdb_close(context, db);
+out:
+ if(f && f != stdout)
+ fclose(f);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/ext.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/ext.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/ext.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: ext.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct ext_keytab_data {
+ krb5_keytab keytab;
+};
+
+static int
+do_ext_keytab(krb5_principal principal, void *data)
+{
+ krb5_error_code ret;
+ kadm5_principal_ent_rec princ;
+ struct ext_keytab_data *e = data;
+ krb5_keytab_entry *keys = NULL;
+ krb5_keyblock *k = NULL;
+ int i, n_k;
+
+ ret = kadm5_get_principal(kadm_handle, principal, &princ,
+ KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA);
+ if(ret)
+ return ret;
+
+ if (princ.n_key_data) {
+ keys = malloc(sizeof(*keys) * princ.n_key_data);
+ if (keys == NULL) {
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ for (i = 0; i < princ.n_key_data; i++) {
+ krb5_key_data *kd = &princ.key_data[i];
+
+ keys[i].principal = princ.principal;
+ keys[i].vno = kd->key_data_kvno;
+ keys[i].keyblock.keytype = kd->key_data_type[0];
+ keys[i].keyblock.keyvalue.length = kd->key_data_length[0];
+ keys[i].keyblock.keyvalue.data = kd->key_data_contents[0];
+ keys[i].timestamp = time(NULL);
+ }
+
+ n_k = princ.n_key_data;
+ } else {
+ ret = kadm5_randkey_principal(kadm_handle, principal, &k, &n_k);
+ if (ret) {
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ return ret;
+ }
+ keys = malloc(sizeof(*keys) * n_k);
+ if (keys == NULL) {
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ for (i = 0; i < n_k; i++) {
+ keys[i].principal = principal;
+ keys[i].vno = princ.kvno + 1; /* XXX get entry again */
+ keys[i].keyblock = k[i];
+ keys[i].timestamp = time(NULL);
+ }
+ }
+
+ for(i = 0; i < n_k; i++) {
+ ret = krb5_kt_add_entry(context, e->keytab, &keys[i]);
+ if(ret)
+ krb5_warn(context, ret, "krb5_kt_add_entry(%d)", i);
+ }
+
+ if (k) {
+ memset(k, 0, n_k * sizeof(*k));
+ free(k);
+ }
+ if (keys)
+ free(keys);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ return 0;
+}
+
+int
+ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ int i;
+ struct ext_keytab_data data;
+
+ if (opt->keytab_string == NULL)
+ ret = krb5_kt_default(context, &data.keytab);
+ else
+ ret = krb5_kt_resolve(context, opt->keytab_string, &data.keytab);
+
+ if(ret){
+ krb5_warn(context, ret, "krb5_kt_resolve");
+ return 1;
+ }
+
+ for(i = 0; i < argc; i++) {
+ ret = foreach_principal(argv[i], do_ext_keytab, "ext", &data);
+ if (ret)
+ break;
+ }
+
+ krb5_kt_close(context, data.keytab);
+
+ return ret != 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/get.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/get.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/get.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,498 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+#include <parse_units.h>
+#include <rtbl.h>
+
+RCSID("$Id: get.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static struct field_name {
+ const char *fieldname;
+ unsigned int fieldvalue;
+ unsigned int subvalue;
+ uint32_t extra_mask;
+ const char *default_header;
+ const char *def_longheader;
+ unsigned int flags;
+} field_names[] = {
+ { "principal", KADM5_PRINCIPAL, 0, 0, "Principal", "Principal", 0 },
+ { "princ_expire_time", KADM5_PRINC_EXPIRE_TIME, 0, 0, "Expiration", "Principal expires", 0 },
+ { "pw_expiration", KADM5_PW_EXPIRATION, 0, 0, "PW-exp", "Password expires", 0 },
+ { "last_pwd_change", KADM5_LAST_PWD_CHANGE, 0, 0, "PW-change", "Last password change", 0 },
+ { "max_life", KADM5_MAX_LIFE, 0, 0, "Max life", "Max ticket life", 0 },
+ { "max_rlife", KADM5_MAX_RLIFE, 0, 0, "Max renew", "Max renewable life", 0 },
+ { "mod_time", KADM5_MOD_TIME, 0, 0, "Mod time", "Last modified", 0 },
+ { "mod_name", KADM5_MOD_NAME, 0, 0, "Modifier", "Modifier", 0 },
+ { "attributes", KADM5_ATTRIBUTES, 0, 0, "Attributes", "Attributes", 0 },
+ { "kvno", KADM5_KVNO, 0, 0, "Kvno", "Kvno", RTBL_ALIGN_RIGHT },
+ { "mkvno", KADM5_MKVNO, 0, 0, "Mkvno", "Mkvno", RTBL_ALIGN_RIGHT },
+ { "last_success", KADM5_LAST_SUCCESS, 0, 0, "Last login", "Last successful login", 0 },
+ { "last_failed", KADM5_LAST_FAILED, 0, 0, "Last fail", "Last failed login", 0 },
+ { "fail_auth_count", KADM5_FAIL_AUTH_COUNT, 0, 0, "Fail count", "Failed login count", RTBL_ALIGN_RIGHT },
+ { "policy", KADM5_POLICY, 0, 0, "Policy", "Policy", 0 },
+ { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
+ { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
+ { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
+ { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
+ { NULL }
+};
+
+struct field_info {
+ struct field_name *ff;
+ char *header;
+ struct field_info *next;
+};
+
+struct get_entry_data {
+ void (*format)(struct get_entry_data*, kadm5_principal_ent_t);
+ rtbl_t table;
+ uint32_t mask;
+ uint32_t extra_mask;
+ struct field_info *chead, **ctail;
+};
+
+static int
+add_column(struct get_entry_data *data, struct field_name *ff, const char *header)
+{
+ struct field_info *f = malloc(sizeof(*f));
+ if (f == NULL)
+ return ENOMEM;
+ f->ff = ff;
+ if(header)
+ f->header = strdup(header);
+ else
+ f->header = NULL;
+ f->next = NULL;
+ *data->ctail = f;
+ data->ctail = &f->next;
+ data->mask |= ff->fieldvalue;
+ data->extra_mask |= ff->extra_mask;
+ if(data->table != NULL)
+ rtbl_add_column_by_id(data->table, ff->fieldvalue,
+ header ? header : ff->default_header, ff->flags);
+ return 0;
+}
+
+/*
+ * return 0 iff `salt' actually is the same as the current salt in `k'
+ */
+
+static int
+cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
+{
+ if (salt->salttype != k->key_data_type[1])
+ return 1;
+ if (salt->saltvalue.length != k->key_data_length[1])
+ return 1;
+ return memcmp (salt->saltvalue.data, k->key_data_contents[1],
+ salt->saltvalue.length);
+}
+
+static void
+format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
+{
+ krb5_error_code ret;
+ char *s;
+
+ ret = krb5_enctype_to_string (context,
+ k->key_data_type[0],
+ &s);
+ if (ret)
+ asprintf (&s, "unknown(%d)", k->key_data_type[0]);
+ strlcpy(buf, s, buf_len);
+ free(s);
+
+ strlcat(buf, "(", buf_len);
+
+ ret = krb5_salttype_to_string (context,
+ k->key_data_type[0],
+ k->key_data_type[1],
+ &s);
+ if (ret)
+ asprintf (&s, "unknown(%d)", k->key_data_type[1]);
+ strlcat(buf, s, buf_len);
+ free(s);
+
+ if (cmp_salt(def_salt, k) == 0)
+ s = strdup("");
+ else if(k->key_data_length[1] == 0)
+ s = strdup("()");
+ else
+ asprintf (&s, "(%.*s)", k->key_data_length[1],
+ (char *)k->key_data_contents[1]);
+ strlcat(buf, s, buf_len);
+ free(s);
+
+ strlcat(buf, ")", buf_len);
+}
+
+static void
+format_field(kadm5_principal_ent_t princ, unsigned int field,
+ unsigned int subfield, char *buf, size_t buf_len, int condensed)
+{
+ switch(field) {
+ case KADM5_PRINCIPAL:
+ if(condensed)
+ krb5_unparse_name_fixed_short(context, princ->principal, buf, buf_len);
+ else
+ krb5_unparse_name_fixed(context, princ->principal, buf, buf_len);
+ break;
+
+ case KADM5_PRINC_EXPIRE_TIME:
+ time_t2str(princ->princ_expire_time, buf, buf_len, !condensed);
+ break;
+
+ case KADM5_PW_EXPIRATION:
+ time_t2str(princ->pw_expiration, buf, buf_len, !condensed);
+ break;
+
+ case KADM5_LAST_PWD_CHANGE:
+ time_t2str(princ->last_pwd_change, buf, buf_len, !condensed);
+ break;
+
+ case KADM5_MAX_LIFE:
+ deltat2str(princ->max_life, buf, buf_len);
+ break;
+
+ case KADM5_MAX_RLIFE:
+ deltat2str(princ->max_renewable_life, buf, buf_len);
+ break;
+
+ case KADM5_MOD_TIME:
+ time_t2str(princ->mod_date, buf, buf_len, !condensed);
+ break;
+
+ case KADM5_MOD_NAME:
+ if (princ->mod_name == NULL)
+ strlcpy(buf, "unknown", buf_len);
+ else if(condensed)
+ krb5_unparse_name_fixed_short(context, princ->mod_name, buf, buf_len);
+ else
+ krb5_unparse_name_fixed(context, princ->mod_name, buf, buf_len);
+ break;
+ case KADM5_ATTRIBUTES:
+ attributes2str (princ->attributes, buf, buf_len);
+ break;
+ case KADM5_KVNO:
+ snprintf(buf, buf_len, "%d", princ->kvno);
+ break;
+ case KADM5_MKVNO:
+ snprintf(buf, buf_len, "%d", princ->mkvno);
+ break;
+ case KADM5_LAST_SUCCESS:
+ time_t2str(princ->last_success, buf, buf_len, !condensed);
+ break;
+ case KADM5_LAST_FAILED:
+ time_t2str(princ->last_failed, buf, buf_len, !condensed);
+ break;
+ case KADM5_FAIL_AUTH_COUNT:
+ snprintf(buf, buf_len, "%d", princ->fail_auth_count);
+ break;
+ case KADM5_POLICY:
+ if(princ->policy != NULL)
+ strlcpy(buf, princ->policy, buf_len);
+ else
+ strlcpy(buf, "none", buf_len);
+ break;
+ case KADM5_KEY_DATA:{
+ krb5_salt def_salt;
+ int i;
+ char buf2[1024];
+ krb5_get_pw_salt (context, princ->principal, &def_salt);
+
+ *buf = '\0';
+ for (i = 0; i < princ->n_key_data; ++i) {
+ format_keytype(&princ->key_data[i], &def_salt, buf2, sizeof(buf2));
+ if(i > 0)
+ strlcat(buf, ", ", buf_len);
+ strlcat(buf, buf2, buf_len);
+ }
+ krb5_free_salt (context, def_salt);
+ break;
+ }
+ case KADM5_TL_DATA: {
+ krb5_tl_data *tl;
+
+ for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next)
+ if (tl->tl_data_type == subfield)
+ break;
+ if (tl == NULL) {
+ strlcpy(buf, "", buf_len);
+ break;
+ }
+
+ switch (subfield) {
+ case KRB5_TL_PASSWORD:
+ snprintf(buf, buf_len, "\"%.*s\"",
+ (int)tl->tl_data_length,
+ (const char *)tl->tl_data_contents);
+ break;
+ case KRB5_TL_PKINIT_ACL: {
+ HDB_Ext_PKINIT_acl acl;
+ size_t size;
+ int i, ret;
+
+ ret = decode_HDB_Ext_PKINIT_acl(tl->tl_data_contents,
+ tl->tl_data_length,
+ &acl,
+ &size);
+ if (ret) {
+ snprintf(buf, buf_len, "failed to decode ACL");
+ break;
+ }
+
+ buf[0] = '\0';
+ for (i = 0; i < acl.len; i++) {
+ strlcat(buf, "subject: ", buf_len);
+ strlcat(buf, acl.val[i].subject, buf_len);
+ if (acl.val[i].issuer) {
+ strlcat(buf, " issuer:", buf_len);
+ strlcat(buf, *acl.val[i].issuer, buf_len);
+ }
+ if (acl.val[i].anchor) {
+ strlcat(buf, " anchor:", buf_len);
+ strlcat(buf, *acl.val[i].anchor, buf_len);
+ }
+ if (i + 1 < acl.len)
+ strlcat(buf, ", ", buf_len);
+ }
+ free_HDB_Ext_PKINIT_acl(&acl);
+ break;
+ }
+ case KRB5_TL_ALIASES: {
+ HDB_Ext_Aliases alias;
+ size_t size;
+ int i, ret;
+
+ ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
+ tl->tl_data_length,
+ &alias,
+ &size);
+ if (ret) {
+ snprintf(buf, buf_len, "failed to decode alias");
+ break;
+ }
+ buf[0] = '\0';
+ for (i = 0; i < alias.aliases.len; i++) {
+ char *p;
+ ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
+ if (ret)
+ break;
+ if (i < 0)
+ strlcat(buf, " ", buf_len);
+ strlcat(buf, p, buf_len);
+ free(p);
+ }
+ free_HDB_Ext_Aliases(&alias);
+ break;
+ }
+ default:
+ snprintf(buf, buf_len, "unknown type %d", subfield);
+ break;
+ }
+ break;
+ }
+ default:
+ strlcpy(buf, "<unknown>", buf_len);
+ break;
+ }
+}
+
+static void
+print_entry_short(struct get_entry_data *data, kadm5_principal_ent_t princ)
+{
+ char buf[1024];
+ struct field_info *f;
+
+ for(f = data->chead; f != NULL; f = f->next) {
+ format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 1);
+ rtbl_add_column_entry_by_id(data->table, f->ff->fieldvalue, buf);
+ }
+}
+
+static void
+print_entry_long(struct get_entry_data *data, kadm5_principal_ent_t princ)
+{
+ char buf[1024];
+ struct field_info *f;
+ int width = 0;
+
+ for(f = data->chead; f != NULL; f = f->next) {
+ int w = strlen(f->header ? f->header : f->ff->def_longheader);
+ if(w > width)
+ width = w;
+ }
+ for(f = data->chead; f != NULL; f = f->next) {
+ format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 0);
+ printf("%*s: %s\n", width, f->header ? f->header : f->ff->def_longheader, buf);
+ }
+ printf("\n");
+}
+
+static int
+do_get_entry(krb5_principal principal, void *data)
+{
+ kadm5_principal_ent_rec princ;
+ krb5_error_code ret;
+ struct get_entry_data *e = data;
+
+ memset(&princ, 0, sizeof(princ));
+ ret = kadm5_get_principal(kadm_handle, principal,
+ &princ,
+ e->mask | e->extra_mask);
+ if(ret)
+ return ret;
+ else {
+ (e->format)(e, &princ);
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ }
+ return 0;
+}
+
+static void
+free_columns(struct get_entry_data *data)
+{
+ struct field_info *f, *next;
+ for(f = data->chead; f != NULL; f = next) {
+ free(f->header);
+ next = f->next;
+ free(f);
+ }
+ data->chead = NULL;
+ data->ctail = &data->chead;
+}
+
+static int
+setup_columns(struct get_entry_data *data, const char *column_info)
+{
+ char buf[1024], *q;
+ char *field, *header;
+ struct field_name *f;
+
+ while(strsep_copy(&column_info, ",", buf, sizeof(buf)) != -1) {
+ q = buf;
+ field = strsep(&q, "=");
+ header = strsep(&q, "=");
+ for(f = field_names; f->fieldname != NULL; f++) {
+ if(strcasecmp(field, f->fieldname) == 0) {
+ add_column(data, f, header);
+ break;
+ }
+ }
+ if(f->fieldname == NULL) {
+ krb5_warnx(context, "unknown field name \"%s\"", field);
+ free_columns(data);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+#define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
+#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
+#define DEFAULT_COLUMNS_TERSE "principal="
+
+static int
+getit(struct get_options *opt, const char *name, int argc, char **argv)
+{
+ int i;
+ krb5_error_code ret;
+ struct get_entry_data data;
+
+ if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1))
+ opt->long_flag = 0;
+ if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1))
+ opt->short_flag = 0;
+ if(opt->terse_flag == -1 && (opt->long_flag == 1 || opt->short_flag == 1))
+ opt->terse_flag = 0;
+ if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0)
+ opt->short_flag = 1;
+
+ data.table = NULL;
+ data.chead = NULL;
+ data.ctail = &data.chead;
+ data.mask = 0;
+ data.extra_mask = 0;
+
+ if(opt->short_flag || opt->terse_flag) {
+ data.table = rtbl_create();
+ rtbl_set_separator(data.table, " ");
+ data.format = print_entry_short;
+ } else
+ data.format = print_entry_long;
+ if(opt->column_info_string == NULL) {
+ if(opt->long_flag)
+ ret = setup_columns(&data, DEFAULT_COLUMNS_LONG);
+ else if(opt->short_flag)
+ ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT);
+ else {
+ ret = setup_columns(&data, DEFAULT_COLUMNS_TERSE);
+ rtbl_set_flags(data.table, RTBL_HEADER_STYLE_NONE);
+ }
+ } else
+ ret = setup_columns(&data, opt->column_info_string);
+
+ if(ret != 0) {
+ if(data.table != NULL)
+ rtbl_destroy(data.table);
+ return 0;
+ }
+
+ for(i = 0; i < argc; i++)
+ ret = foreach_principal(argv[i], do_get_entry, "get", &data);
+
+ if(data.table != NULL) {
+ rtbl_format(data.table, stdout);
+ rtbl_destroy(data.table);
+ }
+ free_columns(&data);
+ return ret != 0;
+}
+
+int
+get_entry(struct get_options *opt, int argc, char **argv)
+{
+ return getit(opt, "get", argc, argv);
+}
+
+int
+list_princs(struct list_options *opt, int argc, char **argv)
+{
+ if(sizeof(struct get_options) != sizeof(struct list_options)) {
+ krb5_warnx(context, "programmer error: sizeof(struct get_options) != sizeof(struct list_options)");
+ return 0;
+ }
+ return getit((struct get_options*)opt, "list", argc, argv);
+}
Added: vendor-crypto/heimdal/dist/kadmin/init.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/init.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/init.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,248 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+#include <kadm5/private.h>
+
+RCSID("$Id: init.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static kadm5_ret_t
+create_random_entry(krb5_principal princ,
+ unsigned max_life,
+ unsigned max_rlife,
+ uint32_t attributes)
+{
+ kadm5_principal_ent_rec ent;
+ kadm5_ret_t ret;
+ int mask = 0;
+ krb5_keyblock *keys;
+ int n_keys, i;
+ char *name;
+ const char *password;
+ char pwbuf[512];
+
+ random_password(pwbuf, sizeof(pwbuf));
+ password = pwbuf;
+
+ ret = krb5_unparse_name(context, princ, &name);
+ if (ret) {
+ krb5_warn(context, ret, "failed to unparse principal name");
+ return ret;
+ }
+
+ memset(&ent, 0, sizeof(ent));
+ ent.principal = princ;
+ mask |= KADM5_PRINCIPAL;
+ if (max_life) {
+ ent.max_life = max_life;
+ mask |= KADM5_MAX_LIFE;
+ }
+ if (max_rlife) {
+ ent.max_renewable_life = max_rlife;
+ mask |= KADM5_MAX_RLIFE;
+ }
+ ent.attributes |= attributes | KRB5_KDB_DISALLOW_ALL_TIX;
+ mask |= KADM5_ATTRIBUTES;
+
+ /* Create the entry with a random password */
+ ret = kadm5_create_principal(kadm_handle, &ent, mask, password);
+ if(ret) {
+ krb5_warn(context, ret, "create_random_entry(%s): randkey failed",
+ name);
+ goto out;
+ }
+
+ /* Replace the string2key based keys with real random bytes */
+ ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys);
+ if(ret) {
+ krb5_warn(context, ret, "create_random_entry*%s): randkey failed",
+ name);
+ goto out;
+ }
+ for(i = 0; i < n_keys; i++)
+ krb5_free_keyblock_contents(context, &keys[i]);
+ free(keys);
+ ret = kadm5_get_principal(kadm_handle, princ, &ent,
+ KADM5_PRINCIPAL | KADM5_ATTRIBUTES);
+ if(ret) {
+ krb5_warn(context, ret, "create_random_entry(%s): "
+ "unable to get principal", name);
+ goto out;
+ }
+ ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
+ ent.kvno = 1;
+ ret = kadm5_modify_principal(kadm_handle, &ent,
+ KADM5_ATTRIBUTES|KADM5_KVNO);
+ kadm5_free_principal_ent (kadm_handle, &ent);
+ if(ret) {
+ krb5_warn(context, ret, "create_random_entry(%s): "
+ "unable to modify principal", name);
+ goto out;
+ }
+ out:
+ free(name);
+ return ret;
+}
+
+extern int local_flag;
+
+int
+init(struct init_options *opt, int argc, char **argv)
+{
+ kadm5_ret_t ret;
+ int i;
+ HDB *db;
+ krb5_deltat max_life, max_rlife;
+
+ if(!local_flag) {
+ krb5_warnx(context, "init is only available in local (-l) mode");
+ return 0;
+ }
+
+ if (opt->realm_max_ticket_life_string) {
+ if (str2deltat (opt->realm_max_ticket_life_string, &max_life) != 0) {
+ krb5_warnx (context, "unable to parse \"%s\"",
+ opt->realm_max_ticket_life_string);
+ return 0;
+ }
+ }
+ if (opt->realm_max_renewable_life_string) {
+ if (str2deltat (opt->realm_max_renewable_life_string, &max_rlife) != 0) {
+ krb5_warnx (context, "unable to parse \"%s\"",
+ opt->realm_max_renewable_life_string);
+ return 0;
+ }
+ }
+
+ db = _kadm5_s_get_db(kadm_handle);
+
+ ret = db->hdb_open(context, db, O_RDWR | O_CREAT, 0600);
+ if(ret){
+ krb5_warn(context, ret, "hdb_open");
+ return 0;
+ }
+ db->hdb_close(context, db);
+ for(i = 0; i < argc; i++){
+ krb5_principal princ;
+ const char *realm = argv[i];
+
+ /* Create `krbtgt/REALM' */
+ ret = krb5_make_principal(context, &princ, realm,
+ KRB5_TGS_NAME, realm, NULL);
+ if(ret)
+ return 0;
+ if (opt->realm_max_ticket_life_string == NULL) {
+ max_life = 0;
+ if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
+ krb5_free_principal(context, princ);
+ return 0;
+ }
+ }
+ if (opt->realm_max_renewable_life_string == NULL) {
+ max_rlife = 0;
+ if(edit_deltat("Realm max renewable ticket life", &max_rlife,
+ NULL, 0)) {
+ krb5_free_principal(context, princ);
+ return 0;
+ }
+ }
+ create_random_entry(princ, max_life, max_rlife, 0);
+ krb5_free_principal(context, princ);
+
+ /* Create `kadmin/changepw' */
+ krb5_make_principal(context, &princ, realm,
+ "kadmin", "changepw", NULL);
+ /*
+ * The Windows XP (at least) password changing protocol
+ * request the `kadmin/changepw' ticket with `renewable_ok,
+ * renewable, forwardable' and so fails if we disallow
+ * forwardable here.
+ */
+ create_random_entry(princ, 5*60, 5*60,
+ KRB5_KDB_DISALLOW_TGT_BASED|
+ KRB5_KDB_PWCHANGE_SERVICE|
+ KRB5_KDB_DISALLOW_POSTDATED|
+ KRB5_KDB_DISALLOW_RENEWABLE|
+ KRB5_KDB_DISALLOW_PROXIABLE|
+ KRB5_KDB_REQUIRES_PRE_AUTH);
+ krb5_free_principal(context, princ);
+
+ /* Create `kadmin/admin' */
+ krb5_make_principal(context, &princ, realm,
+ "kadmin", "admin", NULL);
+ create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH);
+ krb5_free_principal(context, princ);
+
+ /* Create `changepw/kerberos' (for v4 compat) */
+ krb5_make_principal(context, &princ, realm,
+ "changepw", "kerberos", NULL);
+ create_random_entry(princ, 60*60, 60*60,
+ KRB5_KDB_DISALLOW_TGT_BASED|
+ KRB5_KDB_PWCHANGE_SERVICE);
+
+ krb5_free_principal(context, princ);
+
+ /* Create `kadmin/hprop' for database propagation */
+ krb5_make_principal(context, &princ, realm,
+ "kadmin", "hprop", NULL);
+ create_random_entry(princ, 60*60, 60*60,
+ KRB5_KDB_REQUIRES_PRE_AUTH|
+ KRB5_KDB_DISALLOW_TGT_BASED);
+ krb5_free_principal(context, princ);
+
+ /* Create `default' */
+ {
+ kadm5_principal_ent_rec ent;
+ int mask = 0;
+
+ memset (&ent, 0, sizeof(ent));
+ mask |= KADM5_PRINCIPAL;
+ krb5_make_principal(context, &ent.principal, realm,
+ "default", NULL);
+ mask |= KADM5_MAX_LIFE;
+ ent.max_life = 24 * 60 * 60;
+ mask |= KADM5_MAX_RLIFE;
+ ent.max_renewable_life = 7 * ent.max_life;
+ ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
+ mask |= KADM5_ATTRIBUTES;
+
+ ret = kadm5_create_principal(kadm_handle, &ent, mask, "");
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_create_principal");
+
+ krb5_free_principal(context, ent.principal);
+ }
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/kadm_conn.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadm_conn.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadm_conn.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 2000 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
+RCSID("$Id: kadm_conn.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct kadm_port {
+ char *port;
+ unsigned short def_port;
+ struct kadm_port *next;
+} *kadm_ports;
+
+static void
+add_kadm_port(krb5_context context, const char *service, unsigned int port)
+{
+ struct kadm_port *p;
+ p = malloc(sizeof(*p));
+ if(p == NULL) {
+ krb5_warnx(context, "failed to allocate %lu bytes\n",
+ (unsigned long)sizeof(*p));
+ return;
+ }
+
+ p->port = strdup(service);
+ p->def_port = port;
+
+ p->next = kadm_ports;
+ kadm_ports = p;
+}
+
+static void
+add_standard_ports (krb5_context context)
+{
+ add_kadm_port(context, "kerberos-adm", 749);
+}
+
+/*
+ * parse the set of space-delimited ports in `str' and add them.
+ * "+" => all the standard ones
+ * otherwise it's port|service[/protocol]
+ */
+
+void
+parse_ports(krb5_context context, const char *str)
+{
+ char p[128];
+
+ while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
+ if(strcmp(p, "+") == 0)
+ add_standard_ports(context);
+ else
+ add_kadm_port(context, p, 0);
+ }
+}
+
+static pid_t pgrp;
+sig_atomic_t term_flag, doing_useful_work;
+
+static RETSIGTYPE
+sigchld(int sig)
+{
+ int status;
+ waitpid(-1, &status, 0);
+ SIGRETURN(0);
+}
+
+static RETSIGTYPE
+terminate(int sig)
+{
+ if(getpid() == pgrp) {
+ /* parent */
+ term_flag = 1;
+ signal(sig, SIG_IGN);
+ killpg(pgrp, sig);
+ } else {
+ /* child */
+ if(doing_useful_work)
+ term_flag = 1;
+ else
+ exit(0);
+ }
+ SIGRETURN(0);
+}
+
+static int
+spawn_child(krb5_context context, int *socks, int num_socks, int this_sock)
+{
+ int e, i;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ socklen_t sa_size = sizeof(__ss);
+ int s;
+ pid_t pid;
+ krb5_address addr;
+ char buf[128];
+ size_t buf_len;
+
+ s = accept(socks[this_sock], sa, &sa_size);
+ if(s < 0) {
+ krb5_warn(context, errno, "accept");
+ return 1;
+ }
+ e = krb5_sockaddr2address(context, sa, &addr);
+ if(e)
+ krb5_warn(context, e, "krb5_sockaddr2address");
+ else {
+ e = krb5_print_address (&addr, buf, sizeof(buf),
+ &buf_len);
+ if(e)
+ krb5_warn(context, e, "krb5_print_address");
+ else
+ krb5_warnx(context, "connection from %s", buf);
+ krb5_free_address(context, &addr);
+ }
+
+ pid = fork();
+ if(pid == 0) {
+ for(i = 0; i < num_socks; i++)
+ close(socks[i]);
+ dup2(s, STDIN_FILENO);
+ dup2(s, STDOUT_FILENO);
+ if(s != STDIN_FILENO && s != STDOUT_FILENO)
+ close(s);
+ return 0;
+ } else {
+ close(s);
+ }
+ return 1;
+}
+
+static int
+wait_for_connection(krb5_context context,
+ int *socks, int num_socks)
+{
+ int i, e;
+ fd_set orig_read_set, read_set;
+ int max_fd = -1;
+
+ FD_ZERO(&orig_read_set);
+
+ for(i = 0; i < num_socks; i++) {
+ if (socks[i] >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET(socks[i], &orig_read_set);
+ max_fd = max(max_fd, socks[i]);
+ }
+
+ pgrp = getpid();
+
+ if(setpgid(0, pgrp) < 0)
+ err(1, "setpgid");
+
+ signal(SIGTERM, terminate);
+ signal(SIGINT, terminate);
+ signal(SIGCHLD, sigchld);
+
+ while (term_flag == 0) {
+ read_set = orig_read_set;
+ e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
+ if(e < 0) {
+ if(errno != EINTR)
+ krb5_warn(context, errno, "select");
+ } else if(e == 0)
+ krb5_warnx(context, "select returned 0");
+ else {
+ for(i = 0; i < num_socks; i++) {
+ if(FD_ISSET(socks[i], &read_set))
+ if(spawn_child(context, socks, num_socks, i) == 0)
+ return 0;
+ }
+ }
+ }
+ signal(SIGCHLD, SIG_IGN);
+ while(1) {
+ int status;
+ pid_t pid;
+ pid = waitpid(-1, &status, 0);
+ if(pid == -1 && errno == ECHILD)
+ break;
+ }
+ exit(0);
+}
+
+
+int
+start_server(krb5_context context)
+{
+ int e;
+ struct kadm_port *p;
+
+ int *socks = NULL, *tmp;
+ int num_socks = 0;
+ int i;
+
+ for(p = kadm_ports; p; p = p->next) {
+ struct addrinfo hints, *ai, *ap;
+ char portstr[32];
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
+
+ e = getaddrinfo(NULL, p->port, &hints, &ai);
+ if(e) {
+ snprintf(portstr, sizeof(portstr), "%u", p->def_port);
+ e = getaddrinfo(NULL, portstr, &hints, &ai);
+ }
+
+ if(e) {
+ krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
+ "%s", portstr);
+ continue;
+ }
+ i = 0;
+ for(ap = ai; ap; ap = ap->ai_next)
+ i++;
+ tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
+ if(tmp == NULL) {
+ krb5_warnx(context, "failed to reallocate %lu bytes",
+ (unsigned long)(num_socks + i) * sizeof(*socks));
+ continue;
+ }
+ socks = tmp;
+ for(ap = ai; ap; ap = ap->ai_next) {
+ int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
+ if(s < 0) {
+ krb5_warn(context, errno, "socket");
+ continue;
+ }
+
+ socket_set_reuseaddr(s, 1);
+ socket_set_ipv6only(s, 1);
+
+ if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) {
+ krb5_warn(context, errno, "bind");
+ close(s);
+ continue;
+ }
+ if (listen (s, SOMAXCONN) < 0) {
+ krb5_warn(context, errno, "listen");
+ close(s);
+ continue;
+ }
+ socks[num_socks++] = s;
+ }
+ freeaddrinfo (ai);
+ }
+ if(num_socks == 0)
+ krb5_errx(context, 1, "no sockets to listen to - exiting");
+ return wait_for_connection(context, socks, num_socks);
+}
Added: vendor-crypto/heimdal/dist/kadmin/kadmin-commands.in
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadmin-commands.in (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadmin-commands.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,420 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: kadmin-commands.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+command = {
+ name = "stash"
+ name = "kstash"
+ option = {
+ long = "enctype"
+ short = "e"
+ type = "string"
+ help = "encryption type"
+ default = "des3-cbc-sha1"
+ }
+ option = {
+ long = "key-file"
+ short = "k"
+ type = "string"
+ argument = "file"
+ help = "master key file"
+ }
+ option = {
+ long = "convert-file"
+ type = "flag"
+ help = "just convert keyfile to new format"
+ }
+ option = {
+ long = "master-key-fd"
+ type = "integer"
+ argument = "fd"
+ help = "filedescriptor to read passphrase from"
+ default = "-1"
+ }
+ help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
+}
+command = {
+ name = "dump"
+ option = {
+ long = "decrypt"
+ short = "d"
+ type = "flag"
+ help = "decrypt keys"
+ }
+ argument = "[dump-file]"
+ min_args = "0"
+ max_args = "1"
+ help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
+}
+
+command = {
+ name = "init"
+ option = {
+ long = "realm-max-ticket-life"
+ type = "string"
+ help = "realm max ticket lifetime"
+ }
+ option = {
+ long = "realm-max-renewable-life"
+ type = "string"
+ help = "realm max renewable lifetime"
+ }
+ argument = "realm..."
+ min_args = "1"
+ help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
+}
+command = {
+ name = "load"
+ argument = "file"
+ min_args = "1"
+ max_args = "1"
+ help = "Loads a previously dumped file. Local (-l) mode only."
+}
+command = {
+ name = "merge"
+ argument = "file"
+ min_args = "1"
+ max_args = "1"
+ help = "Merges the contents of a dump file into the database. Local (-l) mode only."
+}
+command = {
+ name = "add"
+ name = "ank"
+ name = "add_new_key"
+ function = "add_new_key"
+ option = {
+ long = "random-key"
+ short = "r"
+ type = "flag"
+ help = "set random key"
+ }
+ option = {
+ long = "random-password"
+ type = "flag"
+ help = "set random password"
+ }
+ option = {
+ long = "password"
+ short = "p"
+ type = "string"
+ help = "principal's password"
+ }
+ option = {
+ long = "key"
+ type = "string"
+ help = "DES-key in hex"
+ }
+ option = {
+ long = "max-ticket-life"
+ type = "string"
+ argument ="lifetime"
+ help = "max ticket lifetime"
+ }
+ option = {
+ long = "max-renewable-life"
+ type = "string"
+ argument = "lifetime"
+ help = "max renewable life"
+ }
+ option = {
+ long = "attributes"
+ type = "string"
+ argument = "attributes"
+ help = "principal attributes"
+ }
+ option = {
+ long = "expiration-time"
+ type = "string"
+ argument = "time"
+ help = "principal expiration time"
+ }
+ option = {
+ long = "pw-expiration-time"
+ type = "string"
+ argument = "time"
+ help = "password expiration time"
+ }
+ option = {
+ long = "use-defaults"
+ type = "flag"
+ help = "use default values"
+ }
+ argument = "principal..."
+ min_args = "1"
+ help = "Adds a principal to the database."
+}
+command = {
+ name = "passwd"
+ name = "cpw"
+ name = "change_password"
+ function = "cpw_entry"
+ option = {
+ long = "random-key"
+ short = "r"
+ type = "flag"
+ help = "set random key"
+ }
+ option = {
+ long = "random-password"
+ type = "flag"
+ help = "set random password"
+ }
+ option = {
+ long = "password"
+ short = "p"
+ type = "string"
+ help = "princial's password"
+ }
+ option = {
+ long = "key"
+ type = "string"
+ help = "DES key in hex"
+ }
+ argument = "principal..."
+ min_args = "1"
+ help = "Changes the password of one or more principals matching the expressions."
+}
+command = {
+ name = "delete"
+ name = "del"
+ name = "del_entry"
+ function = "del_entry"
+ argument = "principal..."
+ min_args = "1"
+ help = "Deletes all principals matching the expressions."
+}
+command = {
+ name = "del_enctype"
+ argument = "principal enctype..."
+ min_args = "2"
+ help = "Delete all the mentioned enctypes for principal."
+}
+command = {
+ name = "add_enctype"
+ option = {
+ long = "random-key"
+ short = "r"
+ type = "flag"
+ help = "set random key"
+ }
+ argument = "principal enctype..."
+ min_args = "2"
+ help = "Add new enctypes for principal."
+}
+command = {
+ name = "ext_keytab"
+ option = {
+ long = "keytab"
+ short = "k"
+ type = "string"
+ help = "keytab to use"
+ }
+ argument = "principal..."
+ min_args = "1"
+ help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
+}
+command = {
+ name = "get"
+ name = "get_entry"
+ function = "get_entry"
+ /* XXX sync options with "list" */
+ option = {
+ long = "long"
+ short = "l"
+ type = "flag"
+ help = "long format"
+ default = "-1"
+ }
+ option = {
+ long = "short"
+ short = "s"
+ type = "flag"
+ help = "short format"
+ }
+ option = {
+ long = "terse"
+ short = "t"
+ type = "flag"
+ help = "terse format"
+ }
+ option = {
+ long = "column-info"
+ short = "o"
+ type = "string"
+ help = "columns to print for short output"
+ }
+ argument = "principal..."
+ min_args = "1"
+ help = "Shows information about principals matching the expressions."
+}
+command = {
+ name = "rename"
+ function = "rename_entry"
+ argument = "from to"
+ min_args = "2"
+ max_args = "2"
+ help = "Renames a principal."
+}
+command = {
+ name = "modify"
+ function = "mod_entry"
+ option = {
+ long = "max-ticket-life"
+ type = "string"
+ argument ="lifetime"
+ help = "max ticket lifetime"
+ }
+ option = {
+ long = "max-renewable-life"
+ type = "string"
+ argument = "lifetime"
+ help = "max renewable life"
+ }
+ option = {
+ long = "attributes"
+ short = "a"
+ type = "string"
+ argument = "attributes"
+ help = "principal attributes"
+ }
+ option = {
+ long = "expiration-time"
+ type = "string"
+ argument = "time"
+ help = "principal expiration time"
+ }
+ option = {
+ long = "pw-expiration-time"
+ type = "string"
+ argument = "time"
+ help = "password expiration time"
+ }
+ option = {
+ long = "kvno"
+ type = "integer"
+ help = "key version number"
+ default = "-1"
+ }
+ option = {
+ long = "constrained-delegation"
+ type = "strings"
+ argument = "principal"
+ help = "allowed target principals"
+ }
+ option = {
+ long = "alias"
+ type = "strings"
+ argument = "principal"
+ help = "aliases"
+ }
+ option = {
+ long = "pkinit-acl"
+ type = "strings"
+ argument = "subject dn"
+ help = "aliases"
+ }
+ argument = "principal"
+ min_args = "1"
+ max_args = "1"
+ help = "Modifies some attributes of the specified principal."
+}
+command = {
+ name = "privileges"
+ name = "privs"
+ function = "get_privs"
+ help = "Shows which operations you are allowed to perform."
+}
+command = {
+ name = "list"
+ function = "list_princs"
+ /* XXX sync options with "get" */
+ option = {
+ long = "long"
+ short = "l"
+ type = "flag"
+ help = "long format"
+ }
+ option = {
+ long = "short"
+ short = "s"
+ type = "flag"
+ help = "short format"
+ }
+ option = {
+ long = "terse"
+ short = "t"
+ type = "flag"
+ help = "terse format"
+ default = "-1"
+ }
+ option = {
+ long = "column-info"
+ short = "o"
+ type = "string"
+ help = "columns to print for short output"
+ }
+ argument = "principal..."
+ min_args = "1"
+ help = "Lists principals in a terse format. Equivalent to \"get -t\"."
+}
+command = {
+ name = "verify-password-quality"
+ name = "pwq"
+ function = "password_quality"
+ argument = "principal password"
+ min_args = "2"
+ max_args = "2"
+ help = "Try run the password quality function locally (not doing RPC out to server)."
+}
+command = {
+ name = "check"
+ function = "check"
+ argument = "[realm]"
+ min_args = "0"
+ max_args = "1"
+ help = "Check the realm (if not given, the default realm) for configuration errors."
+}
+command = {
+ name = "help"
+ name = "?"
+ argument = "[command]"
+ min_args = "0"
+ max_args = "1"
+ help = "Help! I need somebody."
+}
+command = {
+ name = "exit"
+ name = "quit"
+ function = "exit_kadmin"
+ help = "Quits."
+}
Added: vendor-crypto/heimdal/dist/kadmin/kadmin.8
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadmin.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadmin.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,414 @@
+.\" Copyright (c) 2000 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kadmin.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd Feb 22, 2007
+.Dt KADMIN 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kadmin
+.Nd Kerberos administration utility
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl p Ar string \*(Ba Xo
+.Fl -principal= Ns Ar string
+.Xc
+.Oc
+.Oo Fl K Ar string \*(Ba Xo
+.Fl -keytab= Ns Ar string
+.Xc
+.Oc
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl k Ar file \*(Ba Xo
+.Fl -key-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl r Ar realm \*(Ba Xo
+.Fl -realm= Ns Ar realm
+.Xc
+.Oc
+.Oo Fl a Ar host \*(Ba Xo
+.Fl -admin-server= Ns Ar host
+.Xc
+.Oc
+.Oo Fl s Ar port number \*(Ba Xo
+.Fl -server-port= Ns Ar port number
+.Xc
+.Oc
+.Op Fl l | Fl -local
+.Op Fl h | Fl -help
+.Op Fl v | Fl -version
+.Op Ar command
+.Ek
+.Sh DESCRIPTION
+The
+.Nm
+program is used to make modifications to the Kerberos database, either remotely via the
+.Xr kadmind 8
+daemon, or locally (with the
+.Fl l
+option).
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl p Ar string ,
+.Fl -principal= Ns Ar string
+.Xc
+principal to authenticate as
+.It Xo
+.Fl K Ar string ,
+.Fl -keytab= Ns Ar string
+.Xc
+keytab for authentication principal
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+location of config file
+.It Xo
+.Fl k Ar file ,
+.Fl -key-file= Ns Ar file
+.Xc
+location of master key file
+.It Xo
+.Fl r Ar realm ,
+.Fl -realm= Ns Ar realm
+.Xc
+realm to use
+.It Xo
+.Fl a Ar host ,
+.Fl -admin-server= Ns Ar host
+.Xc
+server to contact
+.It Xo
+.Fl s Ar port number ,
+.Fl -server-port= Ns Ar port number
+.Xc
+port to use
+.It Xo
+.Fl l ,
+.Fl -local
+.Xc
+local admin mode
+.El
+.Pp
+If no
+.Ar command
+is given on the command line,
+.Nm
+will prompt for commands to process. Some of the commands that take
+one or more principals as argument
+.Ns ( Nm delete ,
+.Nm ext_keytab ,
+.Nm get ,
+.Nm modify ,
+and
+.Nm passwd )
+will accept a glob style wildcard, and perform the operation on all
+matching principals.
+.Pp
+Commands include:
+.\" not using a list here, since groff apparently gets confused
+.\" with nested Xo/Xc
+.Bd -ragged -offset indent
+.Nm add
+.Op Fl r | Fl -random-key
+.Op Fl -random-password
+.Oo Fl p Ar string \*(Ba Xo
+.Fl -password= Ns Ar string
+.Xc
+.Oc
+.Op Fl -key= Ns Ar string
+.Op Fl -max-ticket-life= Ns Ar lifetime
+.Op Fl -max-renewable-life= Ns Ar lifetime
+.Op Fl -attributes= Ns Ar attributes
+.Op Fl -expiration-time= Ns Ar time
+.Op Fl -pw-expiration-time= Ns Ar time
+.Ar principal...
+.Pp
+.Bd -ragged -offset indent
+Adds a new principal to the database. The options not passed on the
+command line will be promped for.
+.Ed
+.Pp
+.Nm add_enctype
+.Op Fl r | Fl -random-key
+.Ar principal enctypes...
+.Pp
+.Bd -ragged -offset indent
+Adds a new encryption type to the principal, only random key are
+supported.
+.Ed
+.Pp
+.Nm delete
+.Ar principal...
+.Pp
+.Bd -ragged -offset indent
+Removes a principal.
+.Ed
+.Pp
+.Nm del_enctype
+.Ar principal enctypes...
+.Pp
+.Bd -ragged -offset indent
+Removes some enctypes from a principal; this can be useful if the
+service belonging to the principal is known to not handle certain
+enctypes.
+.Ed
+.Pp
+.Nm ext_keytab
+.Oo Fl k Ar string \*(Ba Xo
+.Fl -keytab= Ns Ar string
+.Xc
+.Oc
+.Ar principal...
+.Pp
+.Bd -ragged -offset indent
+Creates a keytab with the keys of the specified principals.
+.Ed
+.Pp
+.Nm get
+.Op Fl l | Fl -long
+.Op Fl s | Fl -short
+.Op Fl t | Fl -terse
+.Op Fl o Ar string | Fl -column-info= Ns Ar string
+.Ar principal...
+.Pp
+.Bd -ragged -offset indent
+Lists the matching principals, short prints the result as a table,
+while long format produces a more verbose output. Which columns to
+print can be selected with the
+.Fl o
+option. The argument is a comma separated list of column names
+optionally appended with an equal sign
+.Pq Sq =
+and a column header. Which columns are printed by default differ
+slightly between short and long output.
+.Pp
+The default terse output format is similar to
+.Fl s o Ar principal= ,
+just printing the names of matched principals.
+.Pp
+Possible column names include:
+.Li principal ,
+.Li princ_expire_time ,
+.Li pw_expiration ,
+.Li last_pwd_change ,
+.Li max_life ,
+.Li max_rlife ,
+.Li mod_time ,
+.Li mod_name ,
+.Li attributes ,
+.Li kvno ,
+.Li mkvno ,
+.Li last_success ,
+.Li last_failed ,
+.Li fail_auth_count ,
+.Li policy ,
+and
+.Li keytypes .
+.Ed
+.Pp
+.Nm modify
+.Oo Fl a Ar attributes \*(Ba Xo
+.Fl -attributes= Ns Ar attributes
+.Xc
+.Oc
+.Op Fl -max-ticket-life= Ns Ar lifetime
+.Op Fl -max-renewable-life= Ns Ar lifetime
+.Op Fl -expiration-time= Ns Ar time
+.Op Fl -pw-expiration-time= Ns Ar time
+.Op Fl -kvno= Ns Ar number
+.Ar principal...
+.Pp
+.Bd -ragged -offset indent
+Modifies certain attributes of a principal. If run without command
+line options, you will be prompted. With command line options, it will
+only change the ones specified.
+.Pp
+Possible attributes are:
+.Li new-princ ,
+.Li support-desmd5 ,
+.Li pwchange-service ,
+.Li disallow-svr ,
+.Li requires-pw-change ,
+.Li requires-hw-auth ,
+.Li requires-pre-auth ,
+.Li disallow-all-tix ,
+.Li disallow-dup-skey ,
+.Li disallow-proxiable ,
+.Li disallow-renewable ,
+.Li disallow-tgt-based ,
+.Li disallow-forwardable ,
+.Li disallow-postdated
+.Pp
+Attributes may be negated with a "-", e.g.,
+.Pp
+kadmin -l modify -a -disallow-proxiable user
+.Ed
+.Pp
+.Nm passwd
+.Op Fl r | Fl -random-key
+.Op Fl -random-password
+.Oo Fl p Ar string \*(Ba Xo
+.Fl -password= Ns Ar string
+.Xc
+.Oc
+.Op Fl -key= Ns Ar string
+.Ar principal...
+.Pp
+.Bd -ragged -offset indent
+Changes the password of an existing principal.
+.Ed
+.Pp
+.Nm password-quality
+.Ar principal
+.Ar password
+.Pp
+.Bd -ragged -offset indent
+Run the password quality check function locally.
+You can run this on the host that is configured to run the kadmind
+process to verify that your configuration file is correct.
+The verification is done locally, if kadmin is run in remote mode,
+no rpc call is done to the server.
+.Ed
+.Pp
+.Nm privileges
+.Pp
+.Bd -ragged -offset indent
+Lists the operations you are allowed to perform. These include
+.Li add ,
+.Li add_enctype ,
+.Li change-password ,
+.Li delete ,
+.Li del_enctype ,
+.Li get ,
+.Li list ,
+and
+.Li modify .
+.Ed
+.Pp
+.Nm rename
+.Ar from to
+.Pp
+.Bd -ragged -offset indent
+Renames a principal. This is normally transparent, but since keys are
+salted with the principal name, they will have a non-standard salt,
+and clients which are unable to cope with this will fail. Kerberos 4
+suffers from this.
+.Ed
+.Pp
+.Nm check
+.Op Ar realm
+.Pp
+.Bd -ragged -offset indent
+Check database for strange configurations on important principals. If
+no realm is given, the default realm is used.
+.Ed
+.Pp
+.Ed
+.Pp
+When running in local mode, the following commands can also be used:
+.Bd -ragged -offset indent
+.Nm dump
+.Op Fl d | Fl -decrypt
+.Op Ar dump-file
+.Pp
+.Bd -ragged -offset indent
+Writes the database in
+.Dq human readable
+form to the specified file, or standard out. If the database is
+encrypted, the dump will also have encrypted keys, unless
+.Fl -decrypt
+is used.
+.Ed
+.Pp
+.Nm init
+.Op Fl -realm-max-ticket-life= Ns Ar string
+.Op Fl -realm-max-renewable-life= Ns Ar string
+.Ar realm
+.Pp
+.Bd -ragged -offset indent
+Initializes the Kerberos database with entries for a new realm. It's
+possible to have more than one realm served by one server.
+.Ed
+.Pp
+.Nm load
+.Ar file
+.Pp
+.Bd -ragged -offset indent
+Reads a previously dumped database, and re-creates that database from
+scratch.
+.Ed
+.Pp
+.Nm merge
+.Ar file
+.Pp
+.Bd -ragged -offset indent
+Similar to
+.Nm load
+but just modifies the database with the entries in the dump file.
+.Ed
+.Pp
+.Nm stash
+.Oo Fl e Ar enctype \*(Ba Xo
+.Fl -enctype= Ns Ar enctype
+.Xc
+.Oc
+.Oo Fl k Ar keyfile \*(Ba Xo
+.Fl -key-file= Ns Ar keyfile
+.Xc
+.Oc
+.Op Fl -convert-file
+.Op Fl -master-key-fd= Ns Ar fd
+.Pp
+.Bd -ragged -offset indent
+Writes the Kerberos master key to a file used by the KDC.
+.Ed
+.Pp
+.Ed
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kadmind 8 ,
+.Xr kdc 8
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/kadmin/kadmin.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadmin.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadmin.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+#include <sl.h>
+
+RCSID("$Id: kadmin.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static char *config_file;
+static char *keyfile;
+int local_flag;
+static int ad_flag;
+static int help_flag;
+static int version_flag;
+static char *realm;
+static char *admin_server;
+static int server_port = 0;
+static char *client_name;
+static char *keytab;
+static char *check_library = NULL;
+static char *check_function = NULL;
+static getarg_strings policy_libraries = { 0, NULL };
+
+static struct getargs args[] = {
+ { "principal", 'p', arg_string, &client_name,
+ "principal to authenticate as" },
+ { "keytab", 'K', arg_string, &keytab,
+ "keytab for authentication principal" },
+ {
+ "config-file", 'c', arg_string, &config_file,
+ "location of config file", "file"
+ },
+ {
+ "key-file", 'k', arg_string, &keyfile,
+ "location of master key file", "file"
+ },
+ {
+ "realm", 'r', arg_string, &realm,
+ "realm to use", "realm"
+ },
+ {
+ "admin-server", 'a', arg_string, &admin_server,
+ "server to contact", "host"
+ },
+ {
+ "server-port", 's', arg_integer, &server_port,
+ "port to use", "port number"
+ },
+ { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" },
+#ifdef HAVE_DLOPEN
+ { "check-library", 0, arg_string, &check_library,
+ "library to load password check function from", "library" },
+ { "check-function", 0, arg_string, &check_function,
+ "password check function to load", "function" },
+ { "policy-libraries", 0, arg_strings, &policy_libraries,
+ "password check function to load", "function" },
+#endif
+ { "local", 'l', arg_flag, &local_flag, "local admin mode" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 'v', arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+
+krb5_context context;
+void *kadm_handle;
+
+int
+help(void *opt, int argc, char **argv)
+{
+ sl_slc_help(commands, argc, argv);
+ return 0;
+}
+
+static int exit_seen = 0;
+
+int
+exit_kadmin (void *opt, int argc, char **argv)
+{
+ exit_seen = 1;
+ return 0;
+}
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "[command]");
+ exit (ret);
+}
+
+int
+get_privs(void *opt, int argc, char **argv)
+{
+ uint32_t privs;
+ char str[128];
+ kadm5_ret_t ret;
+
+ ret = kadm5_get_privs(kadm_handle, &privs);
+ if(ret)
+ krb5_warn(context, ret, "kadm5_get_privs");
+ else{
+ ret =_kadm5_privs_to_string(privs, str, sizeof(str));
+ printf("%s\n", str);
+ }
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ char **files;
+ kadm5_config_params conf;
+ int optidx = 0;
+ int exit_status = 0;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (config_file == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if(ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ memset(&conf, 0, sizeof(conf));
+ if(realm) {
+ krb5_set_default_realm(context, realm); /* XXX should be fixed
+ some other way */
+ conf.realm = realm;
+ conf.mask |= KADM5_CONFIG_REALM;
+ }
+
+ if (admin_server) {
+ conf.admin_server = admin_server;
+ conf.mask |= KADM5_CONFIG_ADMIN_SERVER;
+ }
+
+ if (server_port) {
+ conf.kadmind_port = htons(server_port);
+ conf.mask |= KADM5_CONFIG_KADMIND_PORT;
+ }
+
+ if (keyfile) {
+ conf.stash_file = keyfile;
+ conf.mask |= KADM5_CONFIG_STASH_FILE;
+ }
+
+ if(local_flag) {
+ int i;
+
+ kadm5_setup_passwd_quality_check (context,
+ check_library, check_function);
+
+ for (i = 0; i < policy_libraries.num_strings; i++) {
+ ret = kadm5_add_passwd_quality_verifier(context,
+ policy_libraries.strings[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+ }
+ ret = kadm5_add_passwd_quality_verifier(context, NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+
+ ret = kadm5_s_init_with_password_ctx(context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ } else if (ad_flag) {
+ if (client_name == NULL)
+ krb5_errx(context, 1, "keytab mode require principal name");
+ ret = kadm5_ad_init_with_password_ctx(context,
+ client_name,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ } else if (keytab) {
+ if (client_name == NULL)
+ krb5_errx(context, 1, "keytab mode require principal name");
+ ret = kadm5_c_init_with_skey_ctx(context,
+ client_name,
+ keytab,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ } else
+ ret = kadm5_c_init_with_password_ctx(context,
+ client_name,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+
+ if(ret)
+ krb5_err(context, 1, ret, "kadm5_init_with_password");
+
+ signal(SIGINT, SIG_IGN); /* ignore signals for now, the sl command
+ parser will handle SIGINT its own way;
+ we should really take care of this in
+ each function, f.i `get' might be
+ interruptable, but not `create' */
+ if (argc != 0) {
+ ret = sl_command (commands, argc, argv);
+ if(ret == -1)
+ krb5_warnx (context, "unrecognized command: %s", argv[0]);
+ else if (ret == -2)
+ ret = 0;
+ if(ret != 0)
+ exit_status = 1;
+ } else {
+ while(!exit_seen) {
+ ret = sl_command_loop(commands, "kadmin> ", NULL);
+ if (ret == -2)
+ exit_seen = 1;
+ else if (ret != 0)
+ exit_status = 1;
+ }
+ }
+
+ kadm5_destroy(kadm_handle);
+ krb5_free_context(context);
+ return exit_status;
+}
Added: vendor-crypto/heimdal/dist/kadmin/kadmin_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadmin_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadmin_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: kadmin_locl.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+ * $FreeBSD$
+ */
+
+#ifndef __ADMIN_LOCL_H__
+#define __ADMIN_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <krb5.h>
+#include <krb5_locl.h>
+#include <hdb.h>
+#include <hdb_err.h>
+#include <hex.h>
+#include <kadm5/admin.h>
+#include <kadm5/private.h>
+#include <kadm5/kadm5_err.h>
+#include <parse_time.h>
+#include <getarg.h>
+
+extern krb5_context context;
+extern void * kadm_handle;
+
+#undef ALLOC
+#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
+
+/* util.c */
+
+void attributes2str(krb5_flags, char *, size_t);
+int str2attributes(const char *, krb5_flags *);
+int parse_attributes (const char *, krb5_flags *, int *, int);
+int edit_attributes (const char *, krb5_flags *, int *, int);
+
+void time_t2str(time_t, char *, size_t, int);
+int str2time_t (const char *, time_t *);
+int parse_timet (const char *, krb5_timestamp *, int *, int);
+int edit_timet (const char *, krb5_timestamp *, int *,
+ int);
+
+void deltat2str(unsigned, char *, size_t);
+int str2deltat(const char *, krb5_deltat *);
+int parse_deltat (const char *, krb5_deltat *, int *, int);
+int edit_deltat (const char *, krb5_deltat *, int *, int);
+
+int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
+void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
+int set_entry(krb5_context, kadm5_principal_ent_t, int *,
+ const char *, const char *, const char *,
+ const char *, const char *);
+int
+foreach_principal(const char *, int (*)(krb5_principal, void*),
+ const char *, void *);
+
+int parse_des_key (const char *, krb5_key_data *, const char **);
+
+/* server.c */
+
+krb5_error_code
+kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
+
+/* random_password.c */
+
+void
+random_password(char *, size_t);
+
+/* kadm_conn.c */
+
+extern sig_atomic_t term_flag, doing_useful_work;
+
+void parse_ports(krb5_context, const char*);
+int start_server(krb5_context);
+
+/* server.c */
+
+krb5_error_code
+kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
+
+#endif /* __ADMIN_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/kadmin/kadmind.8
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadmind.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadmind.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,178 @@
+.\" Copyright (c) 2002 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kadmind.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd December 8, 2004
+.Dt KADMIND 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kadmind
+.Nd "server for administrative access to Kerberos database"
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl k Ar file \*(Ba Xo
+.Fl -key-file= Ns Ar file
+.Xc
+.Oc
+.Op Fl -keytab= Ns Ar keytab
+.Oo Fl r Ar realm \*(Ba Xo
+.Fl -realm= Ns Ar realm
+.Xc
+.Oc
+.Op Fl d | Fl -debug
+.Oo Fl p Ar port \*(Ba Xo
+.Fl -ports= Ns Ar port
+.Xc
+.Oc
+.Ek
+.Sh DESCRIPTION
+.Nm
+listens for requests for changes to the Kerberos database and performs
+these, subject to permissions. When starting, if stdin is a socket it
+assumes that it has been started by
+.Xr inetd 8 ,
+otherwise it behaves as a daemon, forking processes for each new
+connection. The
+.Fl -debug
+option causes
+.Nm
+to accept exactly one connection, which is useful for debugging.
+.Pp
+The
+.Xr kpasswdd 8
+daemon is responsible for the Kerberos 5 password changing protocol
+(used by
+.Xr kpasswd 1 )
+.
+.Pp
+This daemon should only be run on the master server, and not on any
+slaves.
+.Pp
+Principals are always allowed to change their own password and list
+their own principal. Apart from that, doing any operation requires
+permission explicitly added in the ACL file
+.Pa /var/heimdal/kadmind.acl .
+The format of this file is:
+.Bd -ragged
+.Va principal
+.Va rights
+.Op Va principal-pattern
+.Ed
+.Pp
+Where rights is any (comma separated) combination of:
+.Bl -bullet -compact
+.It
+change-password or cpw
+.It
+list
+.It
+delete
+.It
+modify
+.It
+add
+.It
+get
+.It
+all
+.El
+.Pp
+And the optional
+.Ar principal-pattern
+restricts the rights to operations on principals that match the
+glob-style pattern.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+location of config file
+.It Xo
+.Fl k Ar file ,
+.Fl -key-file= Ns Ar file
+.Xc
+location of master key file
+.It Xo
+.Fl -keytab= Ns Ar keytab
+.Xc
+what keytab to use
+.It Xo
+.Fl r Ar realm ,
+.Fl -realm= Ns Ar realm
+.Xc
+realm to use
+.It Xo
+.Fl d ,
+.Fl -debug
+.Xc
+enable debugging
+.It Xo
+.Fl p Ar port ,
+.Fl -ports= Ns Ar port
+.Xc
+ports to listen to. By default, if run as a daemon, it listens to port
+749, but you can add any number of ports with this option. The port
+string is a whitespace separated list of port specifications, with the
+special string
+.Dq +
+representing the default port.
+.El
+.\".Sh ENVIRONMENT
+.Sh FILES
+.Pa /var/heimdal/kadmind.acl
+.Sh EXAMPLES
+This will cause
+.Nm
+to listen to port 4711 in addition to any
+compiled in defaults:
+.Pp
+.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &"
+.Pp
+This acl file will grant Joe all rights, and allow Mallory to view and
+add host principals.
+.Bd -literal -offset indent
+joe/admin at EXAMPLE.COM all
+mallory/admin at EXAMPLE.COM add,get host/*@EXAMPLE.COM
+.Ed
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kpasswd 1 ,
+.Xr kadmin 8 ,
+.Xr kdc 8 ,
+.Xr kpasswdd 8
Added: vendor-crypto/heimdal/dist/kadmin/kadmind.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/kadmind.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/kadmind.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id: kadmind.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static char *check_library = NULL;
+static char *check_function = NULL;
+static getarg_strings policy_libraries = { 0, NULL };
+static char *config_file;
+static char *keytab_str = "HDB:";
+static int help_flag;
+static int version_flag;
+static int debug_flag;
+static char *port_str;
+char *realm;
+
+static struct getargs args[] = {
+ {
+ "config-file", 'c', arg_string, &config_file,
+ "location of config file", "file"
+ },
+ {
+ "keytab", 0, arg_string, &keytab_str,
+ "what keytab to use", "keytab"
+ },
+ { "realm", 'r', arg_string, &realm,
+ "realm to use", "realm"
+ },
+#ifdef HAVE_DLOPEN
+ { "check-library", 0, arg_string, &check_library,
+ "library to load password check function from", "library" },
+ { "check-function", 0, arg_string, &check_function,
+ "password check function to load", "function" },
+ { "policy-libraries", 0, arg_strings, &policy_libraries,
+ "password check function to load", "function" },
+#endif
+ { "debug", 'd', arg_flag, &debug_flag,
+ "enable debugging"
+ },
+ { "ports", 'p', arg_string, &port_str,
+ "ports to listen to", "port" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 'v', arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+krb5_context context;
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ char **files;
+ int optidx = 0;
+ int e, i;
+ krb5_log_facility *logfacility;
+ krb5_keytab keytab;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ while((e = getarg(args, num_args, argc, argv, &optidx)))
+ warnx("error at argument `%s'", argv[optidx]);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (config_file == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if(ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ ret = krb5_openlog(context, "kadmind", &logfacility);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_openlog");
+ ret = krb5_set_warn_dest(context, logfacility);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_set_warn_dest");
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ kadm5_setup_passwd_quality_check (context, check_library, check_function);
+
+ for (i = 0; i < policy_libraries.num_strings; i++) {
+ ret = kadm5_add_passwd_quality_verifier(context,
+ policy_libraries.strings[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+ }
+ ret = kadm5_add_passwd_quality_verifier(context, NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+
+ {
+ int fd = 0;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ socklen_t sa_size = sizeof(__ss);
+ krb5_auth_context ac = NULL;
+ int debug_port;
+
+ if(debug_flag) {
+ if(port_str == NULL)
+ debug_port = krb5_getportbyname (context, "kerberos-adm",
+ "tcp", 749);
+ else
+ debug_port = htons(atoi(port_str));
+ mini_inetd(debug_port);
+ } else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
+ errno == ENOTSOCK) {
+ parse_ports(context, port_str ? port_str : "+");
+ pidfile(NULL);
+ start_server(context);
+ }
+ if(realm)
+ krb5_set_default_realm(context, realm); /* XXX */
+ kadmind_loop(context, ac, keytab, fd);
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/load.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/load.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/load.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,569 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+#include <kadm5/private.h>
+
+RCSID("$Id: load.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct entry {
+ char *principal;
+ char *key;
+ char *max_life;
+ char *max_renew;
+ char *created;
+ char *modified;
+ char *valid_start;
+ char *valid_end;
+ char *pw_end;
+ char *flags;
+ char *generation;
+ char *extensions;
+};
+
+static char *
+skip_next(char *p)
+{
+ while(*p && !isspace((unsigned char)*p))
+ p++;
+ *p++ = 0;
+ while(*p && isspace((unsigned char)*p))
+ p++;
+ return p;
+}
+
+/*
+ * Parse the time in `s', returning:
+ * -1 if error parsing
+ * 0 if none present
+ * 1 if parsed ok
+ */
+
+static int
+parse_time_string(time_t *t, const char *s)
+{
+ int year, month, date, hour, minute, second;
+ struct tm tm;
+
+ if(strcmp(s, "-") == 0)
+ return 0;
+ if(sscanf(s, "%04d%02d%02d%02d%02d%02d",
+ &year, &month, &date, &hour, &minute, &second) != 6)
+ return -1;
+ tm.tm_year = year - 1900;
+ tm.tm_mon = month - 1;
+ tm.tm_mday = date;
+ tm.tm_hour = hour;
+ tm.tm_min = minute;
+ tm.tm_sec = second;
+ tm.tm_isdst = 0;
+ *t = timegm(&tm);
+ return 1;
+}
+
+/*
+ * parse time, allocating space in *t if it's there
+ */
+
+static int
+parse_time_string_alloc (time_t **t, const char *s)
+{
+ time_t tmp;
+ int ret;
+
+ *t = NULL;
+ ret = parse_time_string (&tmp, s);
+ if (ret == 1) {
+ *t = malloc (sizeof (**t));
+ if (*t == NULL)
+ krb5_errx (context, 1, "malloc: out of memory");
+ **t = tmp;
+ }
+ return ret;
+}
+
+/*
+ * see parse_time_string for calling convention
+ */
+
+static int
+parse_integer(unsigned int *u, const char *s)
+{
+ if(strcmp(s, "-") == 0)
+ return 0;
+ if (sscanf(s, "%u", u) != 1)
+ return -1;
+ return 1;
+}
+
+static int
+parse_integer_alloc (unsigned int **u, const char *s)
+{
+ unsigned int tmp;
+ int ret;
+
+ *u = NULL;
+ ret = parse_integer (&tmp, s);
+ if (ret == 1) {
+ *u = malloc (sizeof (**u));
+ if (*u == NULL)
+ krb5_errx (context, 1, "malloc: out of memory");
+ **u = tmp;
+ }
+ return ret;
+}
+
+/*
+ * Parse dumped keys in `str' and store them in `ent'
+ * return -1 if parsing failed
+ */
+
+static int
+parse_keys(hdb_entry *ent, char *str)
+{
+ krb5_error_code ret;
+ int tmp;
+ char *p;
+ int i;
+
+ p = strsep(&str, ":");
+ if (sscanf(p, "%d", &tmp) != 1)
+ return 1;
+ ent->kvno = tmp;
+ p = strsep(&str, ":");
+ while(p){
+ Key *key;
+ key = realloc(ent->keys.val,
+ (ent->keys.len + 1) * sizeof(*ent->keys.val));
+ if(key == NULL)
+ krb5_errx (context, 1, "realloc: out of memory");
+ ent->keys.val = key;
+ key = ent->keys.val + ent->keys.len;
+ ent->keys.len++;
+ memset(key, 0, sizeof(*key));
+ if(sscanf(p, "%d", &tmp) == 1) {
+ key->mkvno = malloc(sizeof(*key->mkvno));
+ *key->mkvno = tmp;
+ } else
+ key->mkvno = NULL;
+ p = strsep(&str, ":");
+ if (sscanf(p, "%d", &tmp) != 1)
+ return 1;
+ key->key.keytype = tmp;
+ p = strsep(&str, ":");
+ ret = krb5_data_alloc(&key->key.keyvalue, (strlen(p) - 1) / 2 + 1);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_data_alloc");
+ for(i = 0; i < strlen(p); i += 2) {
+ if(sscanf(p + i, "%02x", &tmp) != 1)
+ return 1;
+ ((u_char*)key->key.keyvalue.data)[i / 2] = tmp;
+ }
+ p = strsep(&str, ":");
+ if(strcmp(p, "-") != 0){
+ unsigned type;
+ size_t p_len;
+
+ if(sscanf(p, "%u/", &type) != 1)
+ return 1;
+ p = strchr(p, '/');
+ if(p == NULL)
+ return 1;
+ p++;
+ p_len = strlen(p);
+
+ key->salt = malloc(sizeof(*key->salt));
+ if (key->salt == NULL)
+ krb5_errx (context, 1, "malloc: out of memory");
+ key->salt->type = type;
+
+ if (p_len) {
+ if(*p == '\"') {
+ ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_data_copy");
+ } else {
+ ret = krb5_data_alloc(&key->salt->salt,
+ (p_len - 1) / 2 + 1);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_data_alloc");
+ for(i = 0; i < p_len; i += 2){
+ if (sscanf(p + i, "%02x", &tmp) != 1)
+ return 1;
+ ((u_char*)key->salt->salt.data)[i / 2] = tmp;
+ }
+ }
+ } else
+ krb5_data_zero (&key->salt->salt);
+ }
+ p = strsep(&str, ":");
+ }
+ return 0;
+}
+
+/*
+ * see parse_time_string for calling convention
+ */
+
+static int
+parse_event(Event *ev, char *s)
+{
+ krb5_error_code ret;
+ char *p;
+
+ if(strcmp(s, "-") == 0)
+ return 0;
+ memset(ev, 0, sizeof(*ev));
+ p = strsep(&s, ":");
+ if(parse_time_string(&ev->time, p) != 1)
+ return -1;
+ p = strsep(&s, ":");
+ ret = krb5_parse_name(context, p, &ev->principal);
+ if (ret)
+ return -1;
+ return 1;
+}
+
+static int
+parse_event_alloc (Event **ev, char *s)
+{
+ Event tmp;
+ int ret;
+
+ *ev = NULL;
+ ret = parse_event (&tmp, s);
+ if (ret == 1) {
+ *ev = malloc (sizeof (**ev));
+ if (*ev == NULL)
+ krb5_errx (context, 1, "malloc: out of memory");
+ **ev = tmp;
+ }
+ return ret;
+}
+
+static int
+parse_hdbflags2int(HDBFlags *f, const char *s)
+{
+ int ret;
+ unsigned int tmp;
+
+ ret = parse_integer (&tmp, s);
+ if (ret == 1)
+ *f = int2HDBFlags (tmp);
+ return ret;
+}
+
+static int
+parse_generation(char *str, GENERATION **gen)
+{
+ char *p;
+ int v;
+
+ if(strcmp(str, "-") == 0 || *str == '\0') {
+ *gen = NULL;
+ return 0;
+ }
+ *gen = calloc(1, sizeof(**gen));
+
+ p = strsep(&str, ":");
+ if(parse_time_string(&(*gen)->time, p) != 1)
+ return -1;
+ p = strsep(&str, ":");
+ if(sscanf(p, "%d", &v) != 1)
+ return -1;
+ (*gen)->usec = v;
+ p = strsep(&str, ":");
+ if(sscanf(p, "%d", &v) != 1)
+ return -1;
+ (*gen)->gen = v - 1; /* XXX gets bumped in _hdb_store */
+ return 0;
+}
+
+static int
+parse_extensions(char *str, HDB_extensions **e)
+{
+ char *p;
+ int ret;
+
+ if(strcmp(str, "-") == 0 || *str == '\0') {
+ *e = NULL;
+ return 0;
+ }
+ *e = calloc(1, sizeof(**e));
+
+ p = strsep(&str, ":");
+
+ while (p) {
+ HDB_extension ext;
+ ssize_t len;
+ void *d;
+
+ len = strlen(p);
+ d = malloc(len);
+
+ len = hex_decode(p, d, len);
+ if (len < 0)
+ return -1;
+
+ ret = decode_HDB_extension(d, len, &ext, NULL);
+ free(d);
+ if (ret)
+ return -1;
+ d = realloc((*e)->val, ((*e)->len + 1) * sizeof((*e)->val[0]));
+ if (d == NULL)
+ abort();
+ (*e)->val = d;
+ (*e)->val[(*e)->len] = ext;
+ (*e)->len++;
+
+ p = strsep(&str, ":");
+ }
+
+ return 0;
+}
+
+
+/*
+ * Parse the dump file in `filename' and create the database (merging
+ * iff merge)
+ */
+
+static int
+doit(const char *filename, int mergep)
+{
+ krb5_error_code ret;
+ FILE *f;
+ char s[8192]; /* XXX should fix this properly */
+ char *p;
+ int line;
+ int flags = O_RDWR;
+ struct entry e;
+ hdb_entry_ex ent;
+ HDB *db = _kadm5_s_get_db(kadm_handle);
+
+ f = fopen(filename, "r");
+ if(f == NULL){
+ krb5_warn(context, errno, "fopen(%s)", filename);
+ return 1;
+ }
+ ret = kadm5_log_truncate (kadm_handle);
+ if (ret) {
+ fclose (f);
+ krb5_warn(context, ret, "kadm5_log_truncate");
+ return 1;
+ }
+
+ if(!mergep)
+ flags |= O_CREAT | O_TRUNC;
+ ret = db->hdb_open(context, db, flags, 0600);
+ if(ret){
+ krb5_warn(context, ret, "hdb_open");
+ fclose(f);
+ return 1;
+ }
+ line = 0;
+ ret = 0;
+ while(fgets(s, sizeof(s), f) != NULL) {
+ ret = 0;
+ line++;
+
+ p = s;
+ while (isspace((unsigned char)*p))
+ p++;
+
+ e.principal = p;
+ for(p = s; *p; p++){
+ if(*p == '\\')
+ p++;
+ else if(isspace((unsigned char)*p)) {
+ *p = 0;
+ break;
+ }
+ }
+ p = skip_next(p);
+
+ e.key = p;
+ p = skip_next(p);
+
+ e.created = p;
+ p = skip_next(p);
+
+ e.modified = p;
+ p = skip_next(p);
+
+ e.valid_start = p;
+ p = skip_next(p);
+
+ e.valid_end = p;
+ p = skip_next(p);
+
+ e.pw_end = p;
+ p = skip_next(p);
+
+ e.max_life = p;
+ p = skip_next(p);
+
+ e.max_renew = p;
+ p = skip_next(p);
+
+ e.flags = p;
+ p = skip_next(p);
+
+ e.generation = p;
+ p = skip_next(p);
+
+ e.extensions = p;
+ p = skip_next(p);
+
+ memset(&ent, 0, sizeof(ent));
+ ret = krb5_parse_name(context, e.principal, &ent.entry.principal);
+ if(ret) {
+ fprintf(stderr, "%s:%d:%s (%s)\n",
+ filename,
+ line,
+ krb5_get_err_text(context, ret),
+ e.principal);
+ continue;
+ }
+
+ if (parse_keys(&ent.entry, e.key)) {
+ fprintf (stderr, "%s:%d:error parsing keys (%s)\n",
+ filename, line, e.key);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+
+ if (parse_event(&ent.entry.created_by, e.created) == -1) {
+ fprintf (stderr, "%s:%d:error parsing created event (%s)\n",
+ filename, line, e.created);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+ if (parse_event_alloc (&ent.entry.modified_by, e.modified) == -1) {
+ fprintf (stderr, "%s:%d:error parsing event (%s)\n",
+ filename, line, e.modified);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+ if (parse_time_string_alloc (&ent.entry.valid_start, e.valid_start) == -1) {
+ fprintf (stderr, "%s:%d:error parsing time (%s)\n",
+ filename, line, e.valid_start);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+ if (parse_time_string_alloc (&ent.entry.valid_end, e.valid_end) == -1) {
+ fprintf (stderr, "%s:%d:error parsing time (%s)\n",
+ filename, line, e.valid_end);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+ if (parse_time_string_alloc (&ent.entry.pw_end, e.pw_end) == -1) {
+ fprintf (stderr, "%s:%d:error parsing time (%s)\n",
+ filename, line, e.pw_end);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+
+ if (parse_integer_alloc (&ent.entry.max_life, e.max_life) == -1) {
+ fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
+ filename, line, e.max_life);
+ hdb_free_entry (context, &ent);
+ continue;
+
+ }
+ if (parse_integer_alloc (&ent.entry.max_renew, e.max_renew) == -1) {
+ fprintf (stderr, "%s:%d:error parsing lifetime (%s)\n",
+ filename, line, e.max_renew);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+
+ if (parse_hdbflags2int (&ent.entry.flags, e.flags) != 1) {
+ fprintf (stderr, "%s:%d:error parsing flags (%s)\n",
+ filename, line, e.flags);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+
+ if(parse_generation(e.generation, &ent.entry.generation) == -1) {
+ fprintf (stderr, "%s:%d:error parsing generation (%s)\n",
+ filename, line, e.generation);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+
+ if(parse_extensions(e.extensions, &ent.entry.extensions) == -1) {
+ fprintf (stderr, "%s:%d:error parsing extension (%s)\n",
+ filename, line, e.extensions);
+ hdb_free_entry (context, &ent);
+ continue;
+ }
+
+ ret = db->hdb_store(context, db, HDB_F_REPLACE, &ent);
+ hdb_free_entry (context, &ent);
+ if (ret) {
+ krb5_warn(context, ret, "db_store");
+ break;
+ }
+ }
+ db->hdb_close(context, db);
+ fclose(f);
+ return ret != 0;
+}
+
+
+extern int local_flag;
+
+static int
+loadit(int mergep, const char *name, int argc, char **argv)
+{
+ if(!local_flag) {
+ krb5_warnx(context, "%s is only available in local (-l) mode", name);
+ return 0;
+ }
+
+ return doit(argv[0], mergep);
+}
+
+int
+load(void *opt, int argc, char **argv)
+{
+ return loadit(0, "load", argc, argv);
+}
+
+int
+merge(void *opt, int argc, char **argv)
+{
+ return loadit(1, "merge", argc, argv);
+}
Added: vendor-crypto/heimdal/dist/kadmin/mod.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/mod.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/mod.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,261 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: mod.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static void
+add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
+{
+ krb5_tl_data *tl, **ptl;
+
+ tl = ecalloc(1, sizeof(*tl));
+ tl->tl_data_next = NULL;
+ tl->tl_data_type = KRB5_TL_EXTENSION;
+ tl->tl_data_length = data->length;
+ tl->tl_data_contents = data->data;
+
+ princ->n_tl_data++;
+ ptl = &princ->tl_data;
+ while (*ptl != NULL)
+ ptl = &(*ptl)->tl_data_next;
+ *ptl = tl;
+
+ return;
+}
+
+static void
+add_constrained_delegation(krb5_context context,
+ kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
+{
+ krb5_error_code ret;
+ HDB_extension ext;
+ krb5_data buf;
+ size_t size;
+
+ memset(&ext, 0, sizeof(ext));
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to;
+
+ if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+ ext.data.u.allowed_to_delegate_to.val = NULL;
+ ext.data.u.allowed_to_delegate_to.len = 0;
+ } else {
+ krb5_principal p;
+ int i;
+
+ ext.data.u.allowed_to_delegate_to.val =
+ calloc(strings->num_strings,
+ sizeof(ext.data.u.allowed_to_delegate_to.val[0]));
+ ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
+
+ for (i = 0; i < strings->num_strings; i++) {
+ ret = krb5_parse_name(context, strings->strings[i], &p);
+ ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
+ krb5_free_principal(context, p);
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ free_HDB_extension(&ext);
+ if (ret)
+ abort();
+ if (buf.length != size)
+ abort();
+
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
+
+static void
+add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
+{
+ krb5_error_code ret;
+ HDB_extension ext;
+ krb5_data buf;
+ krb5_principal p;
+ size_t size;
+ int i;
+
+ memset(&ext, 0, sizeof(ext));
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_aliases;
+ ext.data.u.aliases.case_insensitive = 0;
+
+ if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+ ext.data.u.aliases.aliases.val = NULL;
+ ext.data.u.aliases.aliases.len = 0;
+ } else {
+ ext.data.u.aliases.aliases.val =
+ calloc(strings->num_strings,
+ sizeof(ext.data.u.aliases.aliases.val[0]));
+ ext.data.u.aliases.aliases.len = strings->num_strings;
+
+ for (i = 0; i < strings->num_strings; i++) {
+ ret = krb5_parse_name(context, strings->strings[i], &p);
+ ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+ krb5_free_principal(context, p);
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ free_HDB_extension(&ext);
+ if (ret)
+ abort();
+ if (buf.length != size)
+ abort();
+
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
+
+static void
+add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ,
+ struct getarg_strings *strings)
+{
+ krb5_error_code ret;
+ HDB_extension ext;
+ krb5_data buf;
+ size_t size;
+ int i;
+
+ memset(&ext, 0, sizeof(ext));
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_pkinit_acl;
+ ext.data.u.aliases.case_insensitive = 0;
+
+ if (strings->num_strings == 1 && strings->strings[0][0] == '\0') {
+ ext.data.u.pkinit_acl.val = NULL;
+ ext.data.u.pkinit_acl.len = 0;
+ } else {
+ ext.data.u.pkinit_acl.val =
+ calloc(strings->num_strings,
+ sizeof(ext.data.u.pkinit_acl.val[0]));
+ ext.data.u.pkinit_acl.len = strings->num_strings;
+
+ for (i = 0; i < strings->num_strings; i++) {
+ ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]);
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(HDB_extension, buf.data, buf.length,
+ &ext, &size, ret);
+ free_HDB_extension(&ext);
+ if (ret)
+ abort();
+ if (buf.length != size)
+ abort();
+
+ add_tl(princ, KRB5_TL_EXTENSION, &buf);
+}
+
+static int
+do_mod_entry(krb5_principal principal, void *data)
+{
+ krb5_error_code ret;
+ kadm5_principal_ent_rec princ;
+ int mask = 0;
+ struct modify_options *e = data;
+
+ memset (&princ, 0, sizeof(princ));
+ ret = kadm5_get_principal(kadm_handle, principal, &princ,
+ KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+ KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
+ KADM5_PRINC_EXPIRE_TIME |
+ KADM5_PW_EXPIRATION);
+ if(ret)
+ return ret;
+
+ if(e->max_ticket_life_string ||
+ e->max_renewable_life_string ||
+ e->expiration_time_string ||
+ e->pw_expiration_time_string ||
+ e->attributes_string ||
+ e->kvno_integer != -1 ||
+ e->constrained_delegation_strings.num_strings ||
+ e->alias_strings.num_strings ||
+ e->pkinit_acl_strings.num_strings) {
+ ret = set_entry(context, &princ, &mask,
+ e->max_ticket_life_string,
+ e->max_renewable_life_string,
+ e->expiration_time_string,
+ e->pw_expiration_time_string,
+ e->attributes_string);
+ if(e->kvno_integer != -1) {
+ princ.kvno = e->kvno_integer;
+ mask |= KADM5_KVNO;
+ }
+ if (e->constrained_delegation_strings.num_strings) {
+ add_constrained_delegation(context, &princ,
+ &e->constrained_delegation_strings);
+ mask |= KADM5_TL_DATA;
+ }
+ if (e->alias_strings.num_strings) {
+ add_aliases(context, &princ, &e->alias_strings);
+ mask |= KADM5_TL_DATA;
+ }
+ if (e->pkinit_acl_strings.num_strings) {
+ add_pkinit_acl(context, &princ, &e->pkinit_acl_strings);
+ mask |= KADM5_TL_DATA;
+ }
+
+ } else
+ ret = edit_entry(&princ, &mask, NULL, 0);
+ if(ret == 0) {
+ ret = kadm5_modify_principal(kadm_handle, &princ, mask);
+ if(ret)
+ krb5_warn(context, ret, "kadm5_modify_principal");
+ }
+
+ kadm5_free_principal_ent(kadm_handle, &princ);
+ return ret;
+}
+
+int
+mod_entry(struct modify_options *opt, int argc, char **argv)
+{
+ krb5_error_code ret = 0;
+ int i;
+
+ for(i = 0; i < argc; i++) {
+ ret = foreach_principal(argv[i], do_mod_entry, "mod", opt);
+ if (ret)
+ break;
+ }
+ return ret != 0;
+}
+
Added: vendor-crypto/heimdal/dist/kadmin/pw_quality.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/pw_quality.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/pw_quality.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2003-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: pw_quality.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+int
+password_quality(void *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_principal principal;
+ krb5_data pw_data;
+ const char *s;
+
+ ret = krb5_parse_name(context, argv[0], &principal);
+ if(ret){
+ krb5_warn(context, ret, "krb5_parse_name(%s)", argv[0]);
+ return 0;
+ }
+ pw_data.data = argv[1];
+ pw_data.length = strlen(argv[1]);
+
+ s = kadm5_check_password_quality (context, principal, &pw_data);
+ if (s)
+ krb5_warnx(context, "kadm5_check_password_quality: %s", s);
+
+ krb5_free_principal(context, principal);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/random_password.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/random_password.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/random_password.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id: random_password.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+/* This file defines some a function that generates a random password,
+ that can be used when creating a large amount of principals (such
+ as for a batch of students). Since this is a political matter, you
+ should think about how secure generated passwords has to be.
+
+ Both methods defined here will give you at least 55 bits of
+ entropy.
+ */
+
+/* If you want OTP-style passwords, define OTP_STYLE */
+
+#ifdef OTP_STYLE
+#include <otp.h>
+#else
+static void generate_password(char **pw, int num_classes, ...);
+#endif
+
+void
+random_password(char *pw, size_t len)
+{
+#ifdef OTP_STYLE
+ {
+ OtpKey newkey;
+
+ krb5_generate_random_block(&newkey, sizeof(newkey));
+ otp_print_stddict (newkey, pw, len);
+ strlwr(pw);
+ }
+#else
+ char *pass;
+ generate_password(&pass, 3,
+ "abcdefghijklmnopqrstuvwxyz", 7,
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2,
+ "@$%&*()-+=:,/<>1234567890", 1);
+ strlcpy(pw, pass, len);
+ memset(pass, 0, strlen(pass));
+ free(pass);
+#endif
+}
+
+/* some helper functions */
+
+#ifndef OTP_STYLE
+/* return a random value in range 0-127 */
+static int
+RND(unsigned char *key, int keylen, int *left)
+{
+ if(*left == 0){
+ krb5_generate_random_block(key, keylen);
+ *left = keylen;
+ }
+ (*left)--;
+ return ((unsigned char*)key)[*left];
+}
+
+/* This a helper function that generates a random password with a
+ number of characters from a set of character classes.
+
+ If there are n classes, and the size of each class is Pi, and the
+ number of characters from each class is Ni, the number of possible
+ passwords are (given that the character classes are disjoint):
+
+ n n
+ ----- / ---- \
+ | | Ni | \ |
+ | | Pi | \ Ni| !
+ | | ---- * | / |
+ | | Ni! | /___ |
+ i=1 \ i=1 /
+
+ Since it uses the RND function above, neither the size of each
+ class, nor the total length of the generated password should be
+ larger than 127 (without fixing RND).
+
+ */
+static void
+generate_password(char **pw, int num_classes, ...)
+{
+ struct {
+ const char *str;
+ int len;
+ int freq;
+ } *classes;
+ va_list ap;
+ int len, i;
+ unsigned char rbuf[8]; /* random buffer */
+ int rleft = 0;
+
+ *pw = NULL;
+
+ classes = malloc(num_classes * sizeof(*classes));
+ if(classes == NULL)
+ return;
+ va_start(ap, num_classes);
+ len = 0;
+ for(i = 0; i < num_classes; i++){
+ classes[i].str = va_arg(ap, const char*);
+ classes[i].len = strlen(classes[i].str);
+ classes[i].freq = va_arg(ap, int);
+ len += classes[i].freq;
+ }
+ va_end(ap);
+ *pw = malloc(len + 1);
+ if(*pw == NULL) {
+ free(classes);
+ return;
+ }
+ for(i = 0; i < len; i++) {
+ int j;
+ int x = RND(rbuf, sizeof(rbuf), &rleft) % (len - i);
+ int t = 0;
+ for(j = 0; j < num_classes; j++) {
+ if(x < t + classes[j].freq) {
+ (*pw)[i] = classes[j].str[RND(rbuf, sizeof(rbuf), &rleft)
+ % classes[j].len];
+ classes[j].freq--;
+ break;
+ }
+ t += classes[j].freq;
+ }
+ }
+ (*pw)[len] = '\0';
+ memset(rbuf, 0, sizeof(rbuf));
+ free(classes);
+}
+#endif
Added: vendor-crypto/heimdal/dist/kadmin/rename.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/rename.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/rename.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: rename.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+int
+rename_entry(void *opt, int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_principal princ1, princ2;
+
+ ret = krb5_parse_name(context, argv[0], &princ1);
+ if(ret){
+ krb5_warn(context, ret, "krb5_parse_name(%s)", argv[0]);
+ return ret != 0;
+ }
+ ret = krb5_parse_name(context, argv[1], &princ2);
+ if(ret){
+ krb5_free_principal(context, princ1);
+ krb5_warn(context, ret, "krb5_parse_name(%s)", argv[1]);
+ return ret != 0;
+ }
+ ret = kadm5_rename_principal(kadm_handle, princ1, princ2);
+ if(ret)
+ krb5_warn(context, ret, "rename");
+ krb5_free_principal(context, princ1);
+ krb5_free_principal(context, princ2);
+ return ret != 0;
+}
+
Added: vendor-crypto/heimdal/dist/kadmin/server.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/server.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/server.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,577 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include <krb5-private.h>
+
+RCSID("$Id: server.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static kadm5_ret_t
+kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
+ krb5_data *in, krb5_data *out)
+{
+ kadm5_ret_t ret;
+ int32_t cmd, mask, tmp;
+ kadm5_server_context *context = kadm_handle;
+ char client[128], name[128], name2[128];
+ char *op = "";
+ krb5_principal princ, princ2;
+ kadm5_principal_ent_rec ent;
+ char *password, *expression;
+ krb5_keyblock *new_keys;
+ int n_keys;
+ char **princs;
+ int n_princs;
+ krb5_storage *sp;
+
+ krb5_unparse_name_fixed(context->context, context->caller,
+ client, sizeof(client));
+
+ sp = krb5_storage_from_data(in);
+
+ krb5_ret_int32(sp, &cmd);
+ switch(cmd){
+ case kadm_get:{
+ op = "GET";
+ ret = krb5_ret_principal(sp, &princ);
+ if(ret)
+ goto fail;
+ ret = krb5_ret_int32(sp, &mask);
+ if(ret){
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ);
+ if(ret){
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ if(ret == 0){
+ kadm5_store_principal_ent(sp, &ent);
+ kadm5_free_principal_ent(kadm_handle, &ent);
+ }
+ krb5_free_principal(context->context, princ);
+ break;
+ }
+ case kadm_delete:{
+ op = "DELETE";
+ ret = krb5_ret_principal(sp, &princ);
+ if(ret)
+ goto fail;
+ krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ);
+ if(ret){
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ ret = kadm5_delete_principal(kadm_handle, princ);
+ krb5_free_principal(context->context, princ);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ break;
+ }
+ case kadm_create:{
+ op = "CREATE";
+ ret = kadm5_ret_principal_ent(sp, &ent);
+ if(ret)
+ goto fail;
+ ret = krb5_ret_int32(sp, &mask);
+ if(ret){
+ kadm5_free_principal_ent(context->context, &ent);
+ goto fail;
+ }
+ ret = krb5_ret_string(sp, &password);
+ if(ret){
+ kadm5_free_principal_ent(context->context, &ent);
+ goto fail;
+ }
+ krb5_unparse_name_fixed(context->context, ent.principal,
+ name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD,
+ ent.principal);
+ if(ret){
+ kadm5_free_principal_ent(context->context, &ent);
+ memset(password, 0, strlen(password));
+ free(password);
+ goto fail;
+ }
+ ret = kadm5_create_principal(kadm_handle, &ent,
+ mask, password);
+ kadm5_free_principal_ent(kadm_handle, &ent);
+ memset(password, 0, strlen(password));
+ free(password);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ break;
+ }
+ case kadm_modify:{
+ op = "MODIFY";
+ ret = kadm5_ret_principal_ent(sp, &ent);
+ if(ret)
+ goto fail;
+ ret = krb5_ret_int32(sp, &mask);
+ if(ret){
+ kadm5_free_principal_ent(context, &ent);
+ goto fail;
+ }
+ krb5_unparse_name_fixed(context->context, ent.principal,
+ name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY,
+ ent.principal);
+ if(ret){
+ kadm5_free_principal_ent(context, &ent);
+ goto fail;
+ }
+ ret = kadm5_modify_principal(kadm_handle, &ent, mask);
+ kadm5_free_principal_ent(kadm_handle, &ent);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ break;
+ }
+ case kadm_rename:{
+ op = "RENAME";
+ ret = krb5_ret_principal(sp, &princ);
+ if(ret)
+ goto fail;
+ ret = krb5_ret_principal(sp, &princ2);
+ if(ret){
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
+ krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2));
+ krb5_warnx(context->context, "%s: %s %s -> %s",
+ client, op, name, name2);
+ ret = _kadm5_acl_check_permission(context,
+ KADM5_PRIV_ADD,
+ princ2)
+ || _kadm5_acl_check_permission(context,
+ KADM5_PRIV_DELETE,
+ princ);
+ if(ret){
+ krb5_free_principal(context->context, princ);
+ krb5_free_principal(context->context, princ2);
+ goto fail;
+ }
+ ret = kadm5_rename_principal(kadm_handle, princ, princ2);
+ krb5_free_principal(context->context, princ);
+ krb5_free_principal(context->context, princ2);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ break;
+ }
+ case kadm_chpass:{
+ op = "CHPASS";
+ ret = krb5_ret_principal(sp, &princ);
+ if(ret)
+ goto fail;
+ ret = krb5_ret_string(sp, &password);
+ if(ret){
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+
+ /*
+ * The change is allowed if at least one of:
+
+ * a) it's for the principal him/herself and this was an
+ * initial ticket, but then, check with the password quality
+ * function.
+ * b) the user is on the CPW ACL.
+ */
+
+ if (initial
+ && krb5_principal_compare (context->context, context->caller,
+ princ))
+ {
+ krb5_data pwd_data;
+ const char *pwd_reason;
+
+ pwd_data.data = password;
+ pwd_data.length = strlen(password);
+
+ pwd_reason = kadm5_check_password_quality (context->context,
+ princ, &pwd_data);
+ if (pwd_reason != NULL)
+ ret = KADM5_PASS_Q_DICT;
+ else
+ ret = 0;
+ } else
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
+
+ if(ret) {
+ krb5_free_principal(context->context, princ);
+ memset(password, 0, strlen(password));
+ free(password);
+ goto fail;
+ }
+ ret = kadm5_chpass_principal(kadm_handle, princ, password);
+ krb5_free_principal(context->context, princ);
+ memset(password, 0, strlen(password));
+ free(password);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ break;
+ }
+ case kadm_chpass_with_key:{
+ int i;
+ krb5_key_data *key_data;
+ int n_key_data;
+
+ op = "CHPASS_WITH_KEY";
+ ret = krb5_ret_principal(sp, &princ);
+ if(ret)
+ goto fail;
+ ret = krb5_ret_int32(sp, &n_key_data);
+ if (ret) {
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ /* n_key_data will be squeezed into an int16_t below. */
+ if (n_key_data < 0 || n_key_data >= 1 << 16 ||
+ n_key_data > UINT_MAX/sizeof(*key_data)) {
+ ret = ERANGE;
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+
+ key_data = malloc (n_key_data * sizeof(*key_data));
+ if (key_data == NULL) {
+ ret = ENOMEM;
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+
+ for (i = 0; i < n_key_data; ++i) {
+ ret = kadm5_ret_key_data (sp, &key_data[i]);
+ if (ret) {
+ int16_t dummy = i;
+
+ kadm5_free_key_data (context, &dummy, key_data);
+ free (key_data);
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ }
+
+ krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+
+ /*
+ * The change is only allowed if the user is on the CPW ACL,
+ * this it to force password quality check on the user.
+ */
+
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
+ if(ret) {
+ int16_t dummy = n_key_data;
+
+ kadm5_free_key_data (context, &dummy, key_data);
+ free (key_data);
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ ret = kadm5_chpass_principal_with_key(kadm_handle, princ,
+ n_key_data, key_data);
+ {
+ int16_t dummy = n_key_data;
+ kadm5_free_key_data (context, &dummy, key_data);
+ }
+ free (key_data);
+ krb5_free_principal(context->context, princ);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ break;
+ }
+ case kadm_randkey:{
+ op = "RANDKEY";
+ ret = krb5_ret_principal(sp, &princ);
+ if(ret)
+ goto fail;
+ krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
+ krb5_warnx(context->context, "%s: %s %s", client, op, name);
+ /*
+ * The change is allowed if at least one of:
+ * a) it's for the principal him/herself and this was an initial ticket
+ * b) the user is on the CPW ACL.
+ */
+
+ if (initial
+ && krb5_principal_compare (context->context, context->caller,
+ princ))
+ ret = 0;
+ else
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
+
+ if(ret) {
+ krb5_free_principal(context->context, princ);
+ goto fail;
+ }
+ ret = kadm5_randkey_principal(kadm_handle, princ,
+ &new_keys, &n_keys);
+ krb5_free_principal(context->context, princ);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ if(ret == 0){
+ int i;
+ krb5_store_int32(sp, n_keys);
+ for(i = 0; i < n_keys; i++){
+ krb5_store_keyblock(sp, new_keys[i]);
+ krb5_free_keyblock_contents(context->context, &new_keys[i]);
+ }
+ }
+ break;
+ }
+ case kadm_get_privs:{
+ uint32_t privs;
+ ret = kadm5_get_privs(kadm_handle, &privs);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ if(ret == 0)
+ krb5_store_uint32(sp, privs);
+ break;
+ }
+ case kadm_get_princs:{
+ op = "LIST";
+ ret = krb5_ret_int32(sp, &tmp);
+ if(ret)
+ goto fail;
+ if(tmp){
+ ret = krb5_ret_string(sp, &expression);
+ if(ret)
+ goto fail;
+ }else
+ expression = NULL;
+ krb5_warnx(context->context, "%s: %s %s", client, op,
+ expression ? expression : "*");
+ ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL);
+ if(ret){
+ free(expression);
+ goto fail;
+ }
+ ret = kadm5_get_principals(kadm_handle, expression, &princs, &n_princs);
+ free(expression);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, ret);
+ if(ret == 0){
+ int i;
+ krb5_store_int32(sp, n_princs);
+ for(i = 0; i < n_princs; i++)
+ krb5_store_string(sp, princs[i]);
+ kadm5_free_name_list(kadm_handle, princs, &n_princs);
+ }
+ break;
+ }
+ default:
+ krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd);
+ krb5_storage_free(sp);
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, KADM5_FAILURE);
+ break;
+ }
+ krb5_storage_to_data(sp, out);
+ krb5_storage_free(sp);
+ return 0;
+fail:
+ krb5_warn(context->context, ret, "%s", op);
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ krb5_store_int32(sp, ret);
+ krb5_storage_to_data(sp, out);
+ krb5_storage_free(sp);
+ return 0;
+}
+
+static void
+v5_loop (krb5_context context,
+ krb5_auth_context ac,
+ krb5_boolean initial,
+ void *kadm_handle,
+ int fd)
+{
+ krb5_error_code ret;
+ krb5_data in, out;
+
+ for (;;) {
+ doing_useful_work = 0;
+ if(term_flag)
+ exit(0);
+ ret = krb5_read_priv_message(context, ac, &fd, &in);
+ if(ret == HEIM_ERR_EOF)
+ exit(0);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_read_priv_message");
+ doing_useful_work = 1;
+ kadmind_dispatch(kadm_handle, initial, &in, &out);
+ krb5_data_free(&in);
+ ret = krb5_write_priv_message(context, ac, &fd, &out);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_write_priv_message");
+ }
+}
+
+static krb5_boolean
+match_appl_version(const void *data, const char *appl_version)
+{
+ unsigned minor;
+ if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
+ return 0;
+ *(unsigned*)data = minor;
+ return 1;
+}
+
+static void
+handle_v5(krb5_context context,
+ krb5_auth_context ac,
+ krb5_keytab keytab,
+ int len,
+ int fd)
+{
+ krb5_error_code ret;
+ u_char version[sizeof(KRB5_SENDAUTH_VERSION)];
+ krb5_ticket *ticket;
+ char *server_name;
+ char *client;
+ void *kadm_handle;
+ ssize_t n;
+ krb5_boolean initial;
+
+ unsigned kadm_version;
+ kadm5_config_params realm_params;
+
+ if (len != sizeof(KRB5_SENDAUTH_VERSION))
+ krb5_errx(context, 1, "bad sendauth len %d", len);
+ n = krb5_net_read(context, &fd, version, len);
+ if (n < 0)
+ krb5_err (context, 1, errno, "reading sendauth version");
+ if (n == 0)
+ krb5_errx (context, 1, "EOF reading sendauth version");
+ if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0)
+ krb5_errx(context, 1, "bad sendauth version %.8s", version);
+
+ ret = krb5_recvauth_match_version(context, &ac, &fd,
+ match_appl_version, &kadm_version,
+ NULL, KRB5_RECVAUTH_IGNORE_VERSION,
+ keytab, &ticket);
+ if(ret == KRB5_KT_NOTFOUND)
+ krb5_errx(context, 1, "krb5_recvauth: key not found");
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_recvauth");
+
+ ret = krb5_unparse_name (context, ticket->server, &server_name);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name");
+
+ if (strncmp (server_name, KADM5_ADMIN_SERVICE,
+ strlen(KADM5_ADMIN_SERVICE)) != 0)
+ krb5_errx (context, 1, "ticket for strange principal (%s)",
+ server_name);
+
+ free (server_name);
+
+ memset(&realm_params, 0, sizeof(realm_params));
+
+ if(kadm_version == 1) {
+ krb5_data params;
+ ret = krb5_read_priv_message(context, ac, &fd, ¶ms);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_read_priv_message");
+ _kadm5_unmarshal_params(context, ¶ms, &realm_params);
+ }
+
+ initial = ticket->ticket.flags.initial;
+ ret = krb5_unparse_name(context, ticket->client, &client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name");
+ krb5_free_ticket (context, ticket);
+ ret = kadm5_init_with_password_ctx(context,
+ client,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &realm_params,
+ 0, 0,
+ &kadm_handle);
+ if(ret)
+ krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
+ v5_loop (context, ac, initial, kadm_handle, fd);
+}
+
+krb5_error_code
+kadmind_loop(krb5_context context,
+ krb5_auth_context ac,
+ krb5_keytab keytab,
+ int fd)
+{
+ unsigned char tmp[4];
+ ssize_t n;
+ unsigned long len;
+
+ n = krb5_net_read(context, &fd, tmp, 4);
+ if(n == 0)
+ exit(0);
+ if(n < 0)
+ krb5_err(context, 1, errno, "read");
+ _krb5_get_int(tmp, &len, 4);
+ /* this v4 test could probably also go away */
+ if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
+ unsigned char v4reply[] = {
+ 0x00, 0x0c,
+ 'K', 'Y', 'O', 'U', 'L', 'O', 'S', 'E',
+ 0x95, 0xb7, 0xa7, 0x08 /* KADM_BAD_VER */
+ };
+ krb5_net_write(context, &fd, v4reply, sizeof(v4reply));
+ krb5_errx(context, 1, "packet appears to be version 4");
+ } else {
+ handle_v5(context, ac, keytab, len, fd);
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/stash.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/stash.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/stash.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include "kadmin-commands.h"
+
+RCSID("$Id: stash.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+extern int local_flag;
+
+int
+stash(struct stash_options *opt, int argc, char **argv)
+{
+ char buf[1024];
+ krb5_error_code ret;
+ krb5_enctype enctype;
+ hdb_master_key mkey;
+
+ if(!local_flag) {
+ krb5_warnx(context, "stash is only available in local (-l) mode");
+ return 0;
+ }
+
+ ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype);
+ if(ret) {
+ krb5_warn(context, ret, "%s", opt->enctype_string);
+ return 0;
+ }
+
+ if(opt->key_file_string == NULL) {
+ asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context));
+ if (opt->key_file_string == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = hdb_read_master_key(context, opt->key_file_string, &mkey);
+ if(ret && ret != ENOENT) {
+ krb5_warn(context, ret, "reading master key from %s",
+ opt->key_file_string);
+ return 0;
+ }
+
+ if (opt->convert_file_flag) {
+ if (ret)
+ krb5_warn(context, ret, "reading master key from %s",
+ opt->key_file_string);
+ return 0;
+ } else {
+ krb5_keyblock key;
+ krb5_salt salt;
+ salt.salttype = KRB5_PW_SALT;
+ /* XXX better value? */
+ salt.saltvalue.data = NULL;
+ salt.saltvalue.length = 0;
+ if(opt->master_key_fd_integer != -1) {
+ ssize_t n;
+ n = read(opt->master_key_fd_integer, buf, sizeof(buf));
+ if(n == 0)
+ krb5_warnx(context, "end of file reading passphrase");
+ else if(n < 0)
+ krb5_warn(context, errno, "reading passphrase");
+ buf[n] = '\0';
+ buf[strcspn(buf, "\r\n")] = '\0';
+ } else {
+ if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) {
+ hdb_free_master_key(context, mkey);
+ return 0;
+ }
+ }
+ ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
+ ret = hdb_add_master_key(context, &key, &mkey);
+ krb5_free_keyblock_contents(context, &key);
+ }
+
+ {
+ char *new, *old;
+ asprintf(&old, "%s.old", opt->key_file_string);
+ asprintf(&new, "%s.new", opt->key_file_string);
+ if(old == NULL || new == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ if(unlink(new) < 0 && errno != ENOENT) {
+ ret = errno;
+ goto out;
+ }
+ krb5_warnx(context, "writing key to \"%s\"", opt->key_file_string);
+ ret = hdb_write_master_key(context, new, mkey);
+ if(ret)
+ unlink(new);
+ else {
+ unlink(old);
+ if(link(opt->key_file_string, old) < 0 && errno != ENOENT) {
+ ret = errno;
+ unlink(new);
+ } else if(rename(new, opt->key_file_string) < 0) {
+ ret = errno;
+ }
+ }
+ out:
+ free(old);
+ free(new);
+ if(ret)
+ krb5_warn(context, errno, "writing master key file");
+ }
+
+ hdb_free_master_key(context, mkey);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kadmin/test_util.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/test_util.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/test_util.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "kadmin_locl.h"
+
+RCSID("$Id: test_util.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_context context;
+void *kadm_handle;
+
+struct {
+ const char *str;
+ int ret;
+ time_t t;
+} ts[] = {
+ { "2006-12-22 18:09:00", 0, 1166810940 },
+ { "2006-12-22", 0, 1166831999 },
+ { "2006-12-22 23:59:59", 0, 1166831999 }
+};
+
+static int
+test_time(void)
+{
+ int i, errors = 0;
+
+ for (i = 0; i < sizeof(ts)/sizeof(ts[0]); i++) {
+ time_t t;
+ int ret;
+
+ ret = str2time_t (ts[i].str, &t);
+ if (ret != ts[i].ret) {
+ printf("%d: %d is wrong ret\n", i, ret);
+ errors++;
+ }
+ else if (t != ts[i].t) {
+ printf("%d: %d is wrong time\n", i, (int)t);
+ errors++;
+ }
+ }
+
+ return errors;
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = 0;
+ ret += test_time();
+
+ krb5_free_context(context);
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/kadmin/util.c
===================================================================
--- vendor-crypto/heimdal/dist/kadmin/util.c (rev 0)
+++ vendor-crypto/heimdal/dist/kadmin/util.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,664 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadmin_locl.h"
+#include <parse_units.h>
+
+RCSID("$Id: util.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * util.c - functions for parsing, unparsing, and editing different
+ * types of data used in kadmin.
+ */
+
+static int
+get_response(const char *prompt, const char *def, char *buf, size_t len);
+
+/*
+ * attributes
+ */
+
+struct units kdb_attrs[] = {
+ { "allow-digest", KRB5_KDB_ALLOW_DIGEST },
+ { "allow-kerberos4", KRB5_KDB_ALLOW_KERBEROS4 },
+ { "trusted-for-delegation", KRB5_KDB_TRUSTED_FOR_DELEGATION },
+ { "ok-as-delegate", KRB5_KDB_OK_AS_DELEGATE },
+ { "new-princ", KRB5_KDB_NEW_PRINC },
+ { "support-desmd5", KRB5_KDB_SUPPORT_DESMD5 },
+ { "pwchange-service", KRB5_KDB_PWCHANGE_SERVICE },
+ { "disallow-svr", KRB5_KDB_DISALLOW_SVR },
+ { "requires-pw-change", KRB5_KDB_REQUIRES_PWCHANGE },
+ { "requires-hw-auth", KRB5_KDB_REQUIRES_HW_AUTH },
+ { "requires-pre-auth", KRB5_KDB_REQUIRES_PRE_AUTH },
+ { "disallow-all-tix", KRB5_KDB_DISALLOW_ALL_TIX },
+ { "disallow-dup-skey", KRB5_KDB_DISALLOW_DUP_SKEY },
+ { "disallow-proxiable", KRB5_KDB_DISALLOW_PROXIABLE },
+ { "disallow-renewable", KRB5_KDB_DISALLOW_RENEWABLE },
+ { "disallow-tgt-based", KRB5_KDB_DISALLOW_TGT_BASED },
+ { "disallow-forwardable", KRB5_KDB_DISALLOW_FORWARDABLE },
+ { "disallow-postdated", KRB5_KDB_DISALLOW_POSTDATED },
+ { NULL }
+};
+
+/*
+ * convert the attributes in `attributes' into a printable string
+ * in `str, len'
+ */
+
+void
+attributes2str(krb5_flags attributes, char *str, size_t len)
+{
+ unparse_flags (attributes, kdb_attrs, str, len);
+}
+
+/*
+ * convert the string in `str' into attributes in `flags'
+ * return 0 if parsed ok, else -1.
+ */
+
+int
+str2attributes(const char *str, krb5_flags *flags)
+{
+ int res;
+
+ res = parse_flags (str, kdb_attrs, *flags);
+ if (res < 0)
+ return res;
+ else {
+ *flags = res;
+ return 0;
+ }
+}
+
+/*
+ * try to parse the string `resp' into attributes in `attr', also
+ * setting the `bit' in `mask' if attributes are given and valid.
+ */
+
+int
+parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit)
+{
+ krb5_flags tmp = *attr;
+
+ if (str2attributes(resp, &tmp) == 0) {
+ *attr = tmp;
+ if (mask)
+ *mask |= bit;
+ return 0;
+ } else if(*resp == '?') {
+ print_flags_table (kdb_attrs, stderr);
+ } else {
+ fprintf (stderr, "Unable to parse \"%s\"\n", resp);
+ }
+ return -1;
+}
+
+/*
+ * allow the user to edit the attributes in `attr', prompting with `prompt'
+ */
+
+int
+edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit)
+{
+ char buf[1024], resp[1024];
+
+ if (mask && (*mask & bit))
+ return 0;
+
+ attributes2str(*attr, buf, sizeof(buf));
+ for (;;) {
+ if(get_response("Attributes", buf, resp, sizeof(resp)) != 0)
+ return 1;
+ if (resp[0] == '\0')
+ break;
+ if (parse_attributes (resp, attr, mask, bit) == 0)
+ break;
+ }
+ return 0;
+}
+
+/*
+ * time_t
+ * the special value 0 means ``never''
+ */
+
+/*
+ * Convert the time `t' to a string representation in `str' (of max
+ * size `len'). If include_time also include time, otherwise just
+ * date.
+ */
+
+void
+time_t2str(time_t t, char *str, size_t len, int include_time)
+{
+ if(t) {
+ if(include_time)
+ strftime(str, len, "%Y-%m-%d %H:%M:%S UTC", gmtime(&t));
+ else
+ strftime(str, len, "%Y-%m-%d", gmtime(&t));
+ } else
+ snprintf(str, len, "never");
+}
+
+/*
+ * Convert the time representation in `str' to a time in `time'.
+ * Return 0 if succesful, else -1.
+ */
+
+int
+str2time_t (const char *str, time_t *t)
+{
+ const char *p;
+ struct tm tm, tm2;
+
+ memset (&tm, 0, sizeof (tm));
+ memset (&tm2, 0, sizeof (tm2));
+
+ if(strcasecmp(str, "never") == 0) {
+ *t = 0;
+ return 0;
+ }
+
+ if(strcasecmp(str, "now") == 0) {
+ *t = time(NULL);
+ return 0;
+ }
+
+ p = strptime (str, "%Y-%m-%d", &tm);
+
+ if (p == NULL)
+ return -1;
+
+ while(isspace((unsigned char)*p))
+ p++;
+
+ /* XXX this is really a bit optimistic, we should really complain
+ if there was a problem parsing the time */
+ if(p[0] != '\0' && strptime (p, "%H:%M:%S", &tm2) != NULL) {
+ tm.tm_hour = tm2.tm_hour;
+ tm.tm_min = tm2.tm_min;
+ tm.tm_sec = tm2.tm_sec;
+ } else {
+ /* Do it on the end of the day */
+ tm.tm_hour = 23;
+ tm.tm_min = 59;
+ tm.tm_sec = 59;
+ }
+
+ *t = tm2time (tm, 0);
+ return 0;
+}
+
+/*
+ * try to parse the time in `resp' storing it in `value'
+ */
+
+int
+parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit)
+{
+ time_t tmp;
+
+ if (str2time_t(resp, &tmp) == 0) {
+ *value = tmp;
+ if(mask)
+ *mask |= bit;
+ return 0;
+ }
+ if(*resp != '?')
+ fprintf (stderr, "Unable to parse time \"%s\"\n", resp);
+ fprintf (stderr, "Print date on format YYYY-mm-dd [hh:mm:ss]\n");
+ return -1;
+}
+
+/*
+ * allow the user to edit the time in `value'
+ */
+
+int
+edit_timet (const char *prompt, krb5_timestamp *value, int *mask, int bit)
+{
+ char buf[1024], resp[1024];
+
+ if (mask && (*mask & bit))
+ return 0;
+
+ time_t2str (*value, buf, sizeof (buf), 0);
+
+ for (;;) {
+ if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
+ return 1;
+ if (parse_timet (resp, value, mask, bit) == 0)
+ break;
+ }
+ return 0;
+}
+
+/*
+ * deltat
+ * the special value 0 means ``unlimited''
+ */
+
+/*
+ * convert the delta_t value in `t' into a printable form in `str, len'
+ */
+
+void
+deltat2str(unsigned t, char *str, size_t len)
+{
+ if(t == 0 || t == INT_MAX)
+ snprintf(str, len, "unlimited");
+ else
+ unparse_time(t, str, len);
+}
+
+/*
+ * parse the delta value in `str', storing result in `*delta'
+ * return 0 if ok, else -1
+ */
+
+int
+str2deltat(const char *str, krb5_deltat *delta)
+{
+ int res;
+
+ if(strcasecmp(str, "unlimited") == 0) {
+ *delta = 0;
+ return 0;
+ }
+ res = parse_time(str, "day");
+ if (res < 0)
+ return res;
+ else {
+ *delta = res;
+ return 0;
+ }
+}
+
+/*
+ * try to parse the string in `resp' into a deltad in `value'
+ * `mask' will get the bit `bit' set if a value was given.
+ */
+
+int
+parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit)
+{
+ krb5_deltat tmp;
+
+ if (str2deltat(resp, &tmp) == 0) {
+ *value = tmp;
+ if (mask)
+ *mask |= bit;
+ return 0;
+ } else if(*resp == '?') {
+ print_time_table (stderr);
+ } else {
+ fprintf (stderr, "Unable to parse time \"%s\"\n", resp);
+ }
+ return -1;
+}
+
+/*
+ * allow the user to edit the deltat in `value'
+ */
+
+int
+edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit)
+{
+ char buf[1024], resp[1024];
+
+ if (mask && (*mask & bit))
+ return 0;
+
+ deltat2str(*value, buf, sizeof(buf));
+ for (;;) {
+ if(get_response(prompt, buf, resp, sizeof(resp)) != 0)
+ return 1;
+ if (parse_deltat (resp, value, mask, bit) == 0)
+ break;
+ }
+ return 0;
+}
+
+/*
+ * allow the user to edit `ent'
+ */
+
+void
+set_defaults(kadm5_principal_ent_t ent, int *mask,
+ kadm5_principal_ent_t default_ent, int default_mask)
+{
+ if (default_ent
+ && (default_mask & KADM5_MAX_LIFE)
+ && !(*mask & KADM5_MAX_LIFE))
+ ent->max_life = default_ent->max_life;
+
+ if (default_ent
+ && (default_mask & KADM5_MAX_RLIFE)
+ && !(*mask & KADM5_MAX_RLIFE))
+ ent->max_renewable_life = default_ent->max_renewable_life;
+
+ if (default_ent
+ && (default_mask & KADM5_PRINC_EXPIRE_TIME)
+ && !(*mask & KADM5_PRINC_EXPIRE_TIME))
+ ent->princ_expire_time = default_ent->princ_expire_time;
+
+ if (default_ent
+ && (default_mask & KADM5_PW_EXPIRATION)
+ && !(*mask & KADM5_PW_EXPIRATION))
+ ent->pw_expiration = default_ent->pw_expiration;
+
+ if (default_ent
+ && (default_mask & KADM5_ATTRIBUTES)
+ && !(*mask & KADM5_ATTRIBUTES))
+ ent->attributes = default_ent->attributes & ~KRB5_KDB_DISALLOW_ALL_TIX;
+}
+
+int
+edit_entry(kadm5_principal_ent_t ent, int *mask,
+ kadm5_principal_ent_t default_ent, int default_mask)
+{
+
+ set_defaults(ent, mask, default_ent, default_mask);
+
+ if(edit_deltat ("Max ticket life", &ent->max_life, mask,
+ KADM5_MAX_LIFE) != 0)
+ return 1;
+
+ if(edit_deltat ("Max renewable life", &ent->max_renewable_life, mask,
+ KADM5_MAX_RLIFE) != 0)
+ return 1;
+
+ if(edit_timet ("Principal expiration time", &ent->princ_expire_time, mask,
+ KADM5_PRINC_EXPIRE_TIME) != 0)
+ return 1;
+
+ if(edit_timet ("Password expiration time", &ent->pw_expiration, mask,
+ KADM5_PW_EXPIRATION) != 0)
+ return 1;
+
+ if(edit_attributes ("Attributes", &ent->attributes, mask,
+ KADM5_ATTRIBUTES) != 0)
+ return 1;
+
+ return 0;
+}
+
+/*
+ * Parse the arguments, set the fields in `ent' and the `mask' for the
+ * entries having been set.
+ * Return 1 on failure and 0 on success.
+ */
+
+int
+set_entry(krb5_context context,
+ kadm5_principal_ent_t ent,
+ int *mask,
+ const char *max_ticket_life,
+ const char *max_renewable_life,
+ const char *expiration,
+ const char *pw_expiration,
+ const char *attributes)
+{
+ if (max_ticket_life != NULL) {
+ if (parse_deltat (max_ticket_life, &ent->max_life,
+ mask, KADM5_MAX_LIFE)) {
+ krb5_warnx (context, "unable to parse `%s'", max_ticket_life);
+ return 1;
+ }
+ }
+ if (max_renewable_life != NULL) {
+ if (parse_deltat (max_renewable_life, &ent->max_renewable_life,
+ mask, KADM5_MAX_RLIFE)) {
+ krb5_warnx (context, "unable to parse `%s'", max_renewable_life);
+ return 1;
+ }
+ }
+
+ if (expiration) {
+ if (parse_timet (expiration, &ent->princ_expire_time,
+ mask, KADM5_PRINC_EXPIRE_TIME)) {
+ krb5_warnx (context, "unable to parse `%s'", expiration);
+ return 1;
+ }
+ }
+ if (pw_expiration) {
+ if (parse_timet (pw_expiration, &ent->pw_expiration,
+ mask, KADM5_PW_EXPIRATION)) {
+ krb5_warnx (context, "unable to parse `%s'", pw_expiration);
+ return 1;
+ }
+ }
+ if (attributes != NULL) {
+ if (parse_attributes (attributes, &ent->attributes,
+ mask, KADM5_ATTRIBUTES)) {
+ krb5_warnx (context, "unable to parse `%s'", attributes);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+/*
+ * Does `string' contain any globing characters?
+ */
+
+static int
+is_expression(const char *string)
+{
+ const char *p;
+ int quote = 0;
+
+ for(p = string; *p; p++) {
+ if(quote) {
+ quote = 0;
+ continue;
+ }
+ if(*p == '\\')
+ quote++;
+ else if(strchr("[]*?", *p) != NULL)
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Loop over all principals matching exp. If any of calls to `func'
+ * failes, the first error is returned when all principals are
+ * processed.
+ */
+int
+foreach_principal(const char *exp_str,
+ int (*func)(krb5_principal, void*),
+ const char *funcname,
+ void *data)
+{
+ char **princs;
+ int num_princs;
+ int i;
+ krb5_error_code saved_ret = 0, ret = 0;
+ krb5_principal princ_ent;
+ int is_expr;
+
+ /* if this isn't an expression, there is no point in wading
+ through the whole database looking for matches */
+ is_expr = is_expression(exp_str);
+ if(is_expr)
+ ret = kadm5_get_principals(kadm_handle, exp_str, &princs, &num_princs);
+ if(!is_expr || ret == KADM5_AUTH_LIST) {
+ /* we might be able to perform the requested opreration even
+ if we're not allowed to list principals */
+ num_princs = 1;
+ princs = malloc(sizeof(*princs));
+ if(princs == NULL)
+ return ENOMEM;
+ princs[0] = strdup(exp_str);
+ if(princs[0] == NULL){
+ free(princs);
+ return ENOMEM;
+ }
+ } else if(ret) {
+ krb5_warn(context, ret, "kadm5_get_principals");
+ return ret;
+ }
+ for(i = 0; i < num_princs; i++) {
+ ret = krb5_parse_name(context, princs[i], &princ_ent);
+ if(ret){
+ krb5_warn(context, ret, "krb5_parse_name(%s)", princs[i]);
+ continue;
+ }
+ ret = (*func)(princ_ent, data);
+ if(ret) {
+ krb5_clear_error_string(context);
+ krb5_warn(context, ret, "%s %s", funcname, princs[i]);
+ if (saved_ret == 0)
+ saved_ret = ret;
+ }
+ krb5_free_principal(context, princ_ent);
+ }
+ if (ret == 0 && saved_ret != 0)
+ ret = saved_ret;
+ kadm5_free_name_list(kadm_handle, princs, &num_princs);
+ return ret;
+}
+
+/*
+ * prompt with `prompt' and default value `def', and store the reply
+ * in `buf, len'
+ */
+
+#include <setjmp.h>
+
+static jmp_buf jmpbuf;
+
+static void
+interrupt(int sig)
+{
+ longjmp(jmpbuf, 1);
+}
+
+static int
+get_response(const char *prompt, const char *def, char *buf, size_t len)
+{
+ char *p;
+ void (*osig)(int);
+
+ osig = signal(SIGINT, interrupt);
+ if(setjmp(jmpbuf)) {
+ signal(SIGINT, osig);
+ fprintf(stderr, "\n");
+ return 1;
+ }
+
+ fprintf(stderr, "%s [%s]:", prompt, def);
+ if(fgets(buf, len, stdin) == NULL) {
+ int save_errno = errno;
+ if(ferror(stdin))
+ krb5_err(context, 1, save_errno, "<stdin>");
+ signal(SIGINT, osig);
+ return 1;
+ }
+ p = strchr(buf, '\n');
+ if(p)
+ *p = '\0';
+ if(strcmp(buf, "") == 0)
+ strlcpy(buf, def, len);
+ signal(SIGINT, osig);
+ return 0;
+}
+
+/*
+ * return [0, 16) or -1
+ */
+
+static int
+hex2n (char c)
+{
+ static char hexdigits[] = "0123456789abcdef";
+ const char *p;
+
+ p = strchr (hexdigits, tolower((unsigned char)c));
+ if (p == NULL)
+ return -1;
+ else
+ return p - hexdigits;
+}
+
+/*
+ * convert a key in a readable format into a keyblock.
+ * return 0 iff succesful, otherwise `err' should point to an error message
+ */
+
+int
+parse_des_key (const char *key_string, krb5_key_data *key_data,
+ const char **error)
+{
+ const char *p = key_string;
+ unsigned char bits[8];
+ int i;
+
+ if (strlen (key_string) != 16) {
+ *error = "bad length, should be 16 for DES key";
+ return 1;
+ }
+ for (i = 0; i < 8; ++i) {
+ int d1, d2;
+
+ d1 = hex2n(p[2 * i]);
+ d2 = hex2n(p[2 * i + 1]);
+ if (d1 < 0 || d2 < 0) {
+ *error = "non-hex character";
+ return 1;
+ }
+ bits[i] = (d1 << 4) | d2;
+ }
+ for (i = 0; i < 3; ++i) {
+ key_data[i].key_data_ver = 2;
+ key_data[i].key_data_kvno = 0;
+ /* key */
+ key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
+ key_data[i].key_data_length[0] = 8;
+ key_data[i].key_data_contents[0] = malloc(8);
+ if (key_data[i].key_data_contents[0] == NULL) {
+ *error = "malloc";
+ return ENOMEM;
+ }
+ memcpy (key_data[i].key_data_contents[0], bits, 8);
+ /* salt */
+ key_data[i].key_data_type[1] = KRB5_PW_SALT;
+ key_data[i].key_data_length[1] = 0;
+ key_data[i].key_data_contents[1] = NULL;
+ }
+ key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
+ key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kcm/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/kcm/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+
+libexec_PROGRAMS = kcm
+
+kcm_SOURCES = \
+ acl.c \
+ acquire.c \
+ cache.c \
+ client.c \
+ config.c \
+ connect.c \
+ cursor.c \
+ events.c \
+ glue.c \
+ headers.h \
+ kcm_locl.h \
+ kcm_protos.h \
+ log.c \
+ main.c \
+ protocol.c \
+ renew.c
+
+$(srcdir)/kcm_protos.h:
+ cd $(srcdir); perl ../cf/make-proto.pl -o kcm_protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm_protos.h
+
+$(kcm_OBJECTS): $(srcdir)/kcm_protos.h
+
+man_MANS = kcm.8
+
+LDADD = $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(LIB_door_create) \
+ $(LIB_pidfile)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/kcm/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/kcm/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,868 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+libexec_PROGRAMS = kcm$(EXEEXT)
+subdir = kcm
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am_kcm_OBJECTS = acl.$(OBJEXT) acquire.$(OBJEXT) cache.$(OBJEXT) \
+ client.$(OBJEXT) config.$(OBJEXT) connect.$(OBJEXT) \
+ cursor.$(OBJEXT) events.$(OBJEXT) glue.$(OBJEXT) log.$(OBJEXT) \
+ main.$(OBJEXT) protocol.$(OBJEXT) renew.$(OBJEXT)
+kcm_OBJECTS = $(am_kcm_OBJECTS)
+kcm_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+kcm_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(kcm_SOURCES)
+DIST_SOURCES = $(kcm_SOURCES)
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+kcm_SOURCES = \
+ acl.c \
+ acquire.c \
+ cache.c \
+ client.c \
+ config.c \
+ connect.c \
+ cursor.c \
+ events.c \
+ glue.c \
+ headers.h \
+ kcm_locl.h \
+ kcm_protos.h \
+ log.c \
+ main.c \
+ protocol.c \
+ renew.c
+
+man_MANS = kcm.8
+LDADD = $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(LIB_door_create) \
+ $(LIB_pidfile)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kcm/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps kcm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+kcm$(EXEEXT): $(kcm_OBJECTS) $(kcm_DEPENDENCIES)
+ @rm -f kcm$(EXEEXT)
+ $(LINK) $(kcm_OBJECTS) $(kcm_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(srcdir)/kcm_protos.h:
+ cd $(srcdir); perl ../cf/make-proto.pl -o kcm_protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm_protos.h
+
+$(kcm_OBJECTS): $(srcdir)/kcm_protos.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/kcm/acl.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/acl.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/acl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: acl.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+kcm_access(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ kcm_ccache ccache)
+{
+ int read_p = 0;
+ int write_p = 0;
+ uint16_t mask;
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ switch (opcode) {
+ case KCM_OP_INITIALIZE:
+ case KCM_OP_DESTROY:
+ case KCM_OP_STORE:
+ case KCM_OP_REMOVE_CRED:
+ case KCM_OP_SET_FLAGS:
+ case KCM_OP_CHOWN:
+ case KCM_OP_CHMOD:
+ case KCM_OP_GET_INITIAL_TICKET:
+ case KCM_OP_GET_TICKET:
+ write_p = 1;
+ read_p = 0;
+ break;
+ case KCM_OP_NOOP:
+ case KCM_OP_GET_NAME:
+ case KCM_OP_RESOLVE:
+ case KCM_OP_GEN_NEW:
+ case KCM_OP_RETRIEVE:
+ case KCM_OP_GET_PRINCIPAL:
+ case KCM_OP_GET_FIRST:
+ case KCM_OP_GET_NEXT:
+ case KCM_OP_END_GET:
+ case KCM_OP_MAX:
+ write_p = 0;
+ read_p = 1;
+ break;
+ }
+
+ if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM) {
+ /* System caches cannot be reinitialized or destroyed by users */
+ if (opcode == KCM_OP_INITIALIZE ||
+ opcode == KCM_OP_DESTROY ||
+ opcode == KCM_OP_REMOVE_CRED) {
+ ret = KRB5_FCC_PERM;
+ goto out;
+ }
+
+ /* Let root always read system caches */
+ if (client->uid == 0) {
+ ret = 0;
+ goto out;
+ }
+ }
+
+ mask = 0;
+
+ /* Root may do whatever they like */
+ if (client->uid == ccache->uid || CLIENT_IS_ROOT(client)) {
+ if (read_p)
+ mask |= S_IRUSR;
+ if (write_p)
+ mask |= S_IWUSR;
+ } else if (client->gid == ccache->gid || CLIENT_IS_ROOT(client)) {
+ if (read_p)
+ mask |= S_IRGRP;
+ if (write_p)
+ mask |= S_IWGRP;
+ } else {
+ if (read_p)
+ mask |= S_IROTH;
+ if (write_p)
+ mask |= S_IWOTH;
+ }
+
+ ret = ((ccache->mode & mask) == mask) ? 0 : KRB5_FCC_PERM;
+
+out:
+ if (ret) {
+ kcm_log(2, "Process %d is not permitted to call %s on cache %s",
+ client->pid, kcm_op2string(opcode), ccache->name);
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_chmod(krb5_context context,
+ kcm_client *client,
+ kcm_ccache ccache,
+ uint16_t mode)
+{
+ KCM_ASSERT_VALID(ccache);
+
+ /* System cache mode can only be set at startup */
+ if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM)
+ return KRB5_FCC_PERM;
+
+ if (ccache->uid != client->uid)
+ return KRB5_FCC_PERM;
+
+ if (ccache->gid != client->gid)
+ return KRB5_FCC_PERM;
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ ccache->mode = mode;
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return 0;
+}
+
+krb5_error_code
+kcm_chown(krb5_context context,
+ kcm_client *client,
+ kcm_ccache ccache,
+ uid_t uid,
+ gid_t gid)
+{
+ KCM_ASSERT_VALID(ccache);
+
+ /* System cache owner can only be set at startup */
+ if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM)
+ return KRB5_FCC_PERM;
+
+ if (ccache->uid != client->uid)
+ return KRB5_FCC_PERM;
+
+ if (ccache->gid != client->gid)
+ return KRB5_FCC_PERM;
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ ccache->uid = uid;
+ ccache->gid = gid;
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/acquire.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/acquire.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/acquire.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,531 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: acquire.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static krb5_error_code
+change_pw_and_update_keytab(krb5_context context, kcm_ccache ccache);
+
+/*
+ * Get a new ticket using a keytab/cached key and swap it into
+ * an existing redentials cache
+ */
+
+krb5_error_code
+kcm_ccache_acquire(krb5_context context,
+ kcm_ccache ccache,
+ krb5_creds **credp)
+{
+ krb5_error_code ret = 0;
+ krb5_creds cred;
+ krb5_const_realm realm;
+ krb5_get_init_creds_opt opt;
+ krb5_ccache_data ccdata;
+ char *in_tkt_service = NULL;
+ int done = 0;
+
+ memset(&cred, 0, sizeof(cred));
+
+ KCM_ASSERT_VALID(ccache);
+
+ /* We need a cached key or keytab to acquire credentials */
+ if (ccache->flags & KCM_FLAGS_USE_CACHED_KEY) {
+ if (ccache->key.keyblock.keyvalue.length == 0)
+ krb5_abortx(context,
+ "kcm_ccache_acquire: KCM_FLAGS_USE_CACHED_KEY without key");
+ } else if (ccache->flags & KCM_FLAGS_USE_KEYTAB) {
+ if (ccache->key.keytab == NULL)
+ krb5_abortx(context,
+ "kcm_ccache_acquire: KCM_FLAGS_USE_KEYTAB without keytab");
+ } else {
+ kcm_log(0, "Cannot acquire initial credentials for cache %s without key",
+ ccache->name);
+ return KRB5_FCC_INTERNAL;
+ }
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ /* Fake up an internal ccache */
+ kcm_internal_ccache(context, ccache, &ccdata);
+
+ /* Now, actually acquire the creds */
+ if (ccache->server != NULL) {
+ ret = krb5_unparse_name(context, ccache->server, &in_tkt_service);
+ if (ret) {
+ kcm_log(0, "Failed to unparse service principal name for cache %s: %s",
+ ccache->name, krb5_get_err_text(context, ret));
+ return ret;
+ }
+ }
+
+ realm = krb5_principal_get_realm(context, ccache->client);
+
+ krb5_get_init_creds_opt_init(&opt);
+ krb5_get_init_creds_opt_set_default_flags(context, "kcm", realm, &opt);
+ if (ccache->tkt_life != 0)
+ krb5_get_init_creds_opt_set_tkt_life(&opt, ccache->tkt_life);
+ if (ccache->renew_life != 0)
+ krb5_get_init_creds_opt_set_renew_life(&opt, ccache->renew_life);
+
+ if (ccache->flags & KCM_FLAGS_USE_CACHED_KEY) {
+ ret = krb5_get_init_creds_keyblock(context,
+ &cred,
+ ccache->client,
+ &ccache->key.keyblock,
+ 0,
+ in_tkt_service,
+ &opt);
+ } else {
+ /* loosely based on lib/krb5/init_creds_pw.c */
+ while (!done) {
+ ret = krb5_get_init_creds_keytab(context,
+ &cred,
+ ccache->client,
+ ccache->key.keytab,
+ 0,
+ in_tkt_service,
+ &opt);
+ switch (ret) {
+ case KRB5KDC_ERR_KEY_EXPIRED:
+ if (in_tkt_service != NULL &&
+ strcmp(in_tkt_service, "kadmin/changepw") == 0) {
+ goto out;
+ }
+
+ ret = change_pw_and_update_keytab(context, ccache);
+ if (ret)
+ goto out;
+ break;
+ case 0:
+ default:
+ done = 1;
+ break;
+ }
+ }
+ }
+
+ if (ret) {
+ kcm_log(0, "Failed to acquire credentials for cache %s: %s",
+ ccache->name, krb5_get_err_text(context, ret));
+ if (in_tkt_service != NULL)
+ free(in_tkt_service);
+ goto out;
+ }
+
+ if (in_tkt_service != NULL)
+ free(in_tkt_service);
+
+ /* Swap them in */
+ kcm_ccache_remove_creds_internal(context, ccache);
+
+ ret = kcm_ccache_store_cred_internal(context, ccache, &cred, 0, credp);
+ if (ret) {
+ kcm_log(0, "Failed to store credentials for cache %s: %s",
+ ccache->name, krb5_get_err_text(context, ret));
+ krb5_free_cred_contents(context, &cred);
+ goto out;
+ }
+
+out:
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
+static krb5_error_code
+change_pw(krb5_context context,
+ kcm_ccache ccache,
+ char *cpn,
+ char *newpw)
+{
+ krb5_error_code ret;
+ krb5_creds cpw_cred;
+ int result_code;
+ krb5_data result_code_string;
+ krb5_data result_string;
+ krb5_get_init_creds_opt options;
+
+ memset(&cpw_cred, 0, sizeof(cpw_cred));
+
+ krb5_get_init_creds_opt_init(&options);
+ krb5_get_init_creds_opt_set_tkt_life(&options, 60);
+ krb5_get_init_creds_opt_set_forwardable(&options, FALSE);
+ krb5_get_init_creds_opt_set_proxiable(&options, FALSE);
+
+ krb5_data_zero(&result_code_string);
+ krb5_data_zero(&result_string);
+
+ ret = krb5_get_init_creds_keytab(context,
+ &cpw_cred,
+ ccache->client,
+ ccache->key.keytab,
+ 0,
+ "kadmin/changepw",
+ &options);
+ if (ret) {
+ kcm_log(0, "Failed to acquire password change credentials "
+ "for principal %s: %s",
+ cpn, krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ ret = krb5_set_password(context,
+ &cpw_cred,
+ newpw,
+ ccache->client,
+ &result_code,
+ &result_code_string,
+ &result_string);
+ if (ret) {
+ kcm_log(0, "Failed to change password for principal %s: %s",
+ cpn, krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ if (result_code) {
+ kcm_log(0, "Failed to change password for principal %s: %.*s",
+ cpn,
+ (int)result_string.length,
+ result_string.length > 0 ? (char *)result_string.data : "");
+ goto out;
+ }
+
+out:
+ krb5_data_free(&result_string);
+ krb5_data_free(&result_code_string);
+ krb5_free_cred_contents(context, &cpw_cred);
+
+ return ret;
+}
+
+struct kcm_keyseed_data {
+ krb5_salt salt;
+ const char *password;
+};
+
+static krb5_error_code
+kcm_password_key_proc(krb5_context context,
+ krb5_enctype etype,
+ krb5_salt salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+ struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed;
+
+ /* we may be called multiple times */
+ krb5_free_salt(context, s->salt);
+ krb5_data_zero(&s->salt.saltvalue);
+
+ /* stash the salt */
+ s->salt.salttype = salt.salttype;
+
+ ret = krb5_data_copy(&s->salt.saltvalue,
+ salt.saltvalue.data,
+ salt.saltvalue.length);
+ if (ret)
+ return ret;
+
+ *key = (krb5_keyblock *)malloc(sizeof(**key));
+ if (*key == NULL) {
+ return ENOMEM;
+ }
+
+ ret = krb5_string_to_key_salt(context, etype, s->password,
+ s->salt, *key);
+ if (ret) {
+ free(*key);
+ *key = NULL;
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+get_salt_and_kvno(krb5_context context,
+ kcm_ccache ccache,
+ krb5_enctype *etypes,
+ char *cpn,
+ char *newpw,
+ krb5_salt *salt,
+ unsigned *kvno)
+{
+ krb5_error_code ret;
+ krb5_creds creds;
+ krb5_ccache_data ccdata;
+ krb5_flags options = 0;
+ krb5_kdc_rep reply;
+ struct kcm_keyseed_data s;
+
+ memset(&creds, 0, sizeof(creds));
+ memset(&reply, 0, sizeof(reply));
+
+ s.password = NULL;
+ s.salt.salttype = (int)ETYPE_NULL;
+ krb5_data_zero(&s.salt.saltvalue);
+
+ *kvno = 0;
+ kcm_internal_ccache(context, ccache, &ccdata);
+ s.password = newpw;
+
+ /* Do an AS-REQ to determine salt and key version number */
+ ret = krb5_copy_principal(context, ccache->client, &creds.client);
+ if (ret)
+ return ret;
+
+ /* Yes, get a ticket to ourselves */
+ ret = krb5_copy_principal(context, ccache->client, &creds.server);
+ if (ret) {
+ krb5_free_principal(context, creds.client);
+ return ret;
+ }
+
+ ret = krb5_get_in_tkt(context,
+ options,
+ NULL,
+ etypes,
+ NULL,
+ kcm_password_key_proc,
+ &s,
+ NULL,
+ NULL,
+ &creds,
+ &ccdata,
+ &reply);
+ if (ret) {
+ kcm_log(0, "Failed to get self ticket for principal %s: %s",
+ cpn, krb5_get_err_text(context, ret));
+ krb5_free_salt(context, s.salt);
+ } else {
+ *salt = s.salt; /* retrieve stashed salt */
+ if (reply.kdc_rep.enc_part.kvno != NULL)
+ *kvno = *(reply.kdc_rep.enc_part.kvno);
+ }
+ /* ccache may have been modified but it will get trashed anyway */
+
+ krb5_free_cred_contents(context, &creds);
+ krb5_free_kdc_rep(context, &reply);
+
+ return ret;
+}
+
+static krb5_error_code
+update_keytab_entry(krb5_context context,
+ kcm_ccache ccache,
+ krb5_enctype etype,
+ char *cpn,
+ char *spn,
+ char *newpw,
+ krb5_salt salt,
+ unsigned kvno)
+{
+ krb5_error_code ret;
+ krb5_keytab_entry entry;
+ krb5_data pw;
+
+ memset(&entry, 0, sizeof(entry));
+
+ pw.data = (char *)newpw;
+ pw.length = strlen(newpw);
+
+ ret = krb5_string_to_key_data_salt(context, etype, pw,
+ salt, &entry.keyblock);
+ if (ret) {
+ kcm_log(0, "String to key conversion failed for principal %s "
+ "and etype %d: %s",
+ cpn, etype, krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ if (spn == NULL) {
+ ret = krb5_copy_principal(context, ccache->client,
+ &entry.principal);
+ if (ret) {
+ kcm_log(0, "Failed to copy principal name %s: %s",
+ cpn, krb5_get_err_text(context, ret));
+ return ret;
+ }
+ } else {
+ ret = krb5_parse_name(context, spn, &entry.principal);
+ if (ret) {
+ kcm_log(0, "Failed to parse SPN alias %s: %s",
+ spn, krb5_get_err_text(context, ret));
+ return ret;
+ }
+ }
+
+ entry.vno = kvno;
+ entry.timestamp = time(NULL);
+
+ ret = krb5_kt_add_entry(context, ccache->key.keytab, &entry);
+ if (ret) {
+ kcm_log(0, "Failed to update keytab for principal %s "
+ "and etype %d: %s",
+ cpn, etype, krb5_get_err_text(context, ret));
+ }
+
+ krb5_kt_free_entry(context, &entry);
+
+ return ret;
+}
+
+static krb5_error_code
+update_keytab_entries(krb5_context context,
+ kcm_ccache ccache,
+ krb5_enctype *etypes,
+ char *cpn,
+ char *spn,
+ char *newpw,
+ krb5_salt salt,
+ unsigned kvno)
+{
+ krb5_error_code ret = 0;
+ int i;
+
+ for (i = 0; etypes[i] != ETYPE_NULL; i++) {
+ ret = update_keytab_entry(context, ccache, etypes[i],
+ cpn, spn, newpw, salt, kvno);
+ if (ret)
+ break;
+ }
+
+ return ret;
+}
+
+static void
+generate_random_pw(krb5_context context,
+ char *buf,
+ size_t bufsiz)
+{
+ unsigned char x[512], *p;
+ size_t i;
+
+ memset(x, 0, sizeof(x));
+ krb5_generate_random_block(x, sizeof(x));
+ p = x;
+
+ for (i = 0; i < bufsiz; i++) {
+ while (isprint(*p) == 0)
+ p++;
+
+ if (p - x >= sizeof(x)) {
+ krb5_generate_random_block(x, sizeof(x));
+ p = x;
+ }
+ buf[i] = (char)*p++;
+ }
+ buf[bufsiz - 1] = '\0';
+ memset(x, 0, sizeof(x));
+}
+
+static krb5_error_code
+change_pw_and_update_keytab(krb5_context context,
+ kcm_ccache ccache)
+{
+ char newpw[121];
+ krb5_error_code ret;
+ unsigned kvno;
+ krb5_salt salt;
+ krb5_enctype *etypes = NULL;
+ int i;
+ char *cpn = NULL;
+ char **spns = NULL;
+
+ krb5_data_zero(&salt.saltvalue);
+
+ ret = krb5_unparse_name(context, ccache->client, &cpn);
+ if (ret) {
+ kcm_log(0, "Failed to unparse name: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ ret = krb5_get_default_in_tkt_etypes(context, &etypes);
+ if (ret) {
+ kcm_log(0, "Failed to determine default encryption types: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ /* Generate a random password (there is no set keys protocol) */
+ generate_random_pw(context, newpw, sizeof(newpw));
+
+ /* Change it */
+ ret = change_pw(context, ccache, cpn, newpw);
+ if (ret)
+ goto out;
+
+ /* Do an AS-REQ to determine salt and key version number */
+ ret = get_salt_and_kvno(context, ccache, etypes, cpn, newpw,
+ &salt, &kvno);
+ if (ret) {
+ kcm_log(0, "Failed to determine salting principal for principal %s: %s",
+ cpn, krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ /* Add canonical name */
+ ret = update_keytab_entries(context, ccache, etypes, cpn,
+ NULL, newpw, salt, kvno);
+ if (ret)
+ goto out;
+
+ /* Add SPN aliases, if any */
+ spns = krb5_config_get_strings(context, NULL, "kcm",
+ "system_ccache", "spn_aliases", NULL);
+ if (spns != NULL) {
+ for (i = 0; spns[i] != NULL; i++) {
+ ret = update_keytab_entries(context, ccache, etypes, cpn,
+ spns[i], newpw, salt, kvno);
+ if (ret)
+ goto out;
+ }
+ }
+
+ kcm_log(0, "Changed expired password for principal %s in cache %s",
+ cpn, ccache->name);
+
+out:
+ if (cpn != NULL)
+ free(cpn);
+ if (spns != NULL)
+ krb5_config_free_strings(spns);
+ if (etypes != NULL)
+ free(etypes);
+ krb5_free_salt(context, salt);
+ memset(newpw, 0, sizeof(newpw));
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/cache.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/cache.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/cache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,636 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: cache.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static HEIMDAL_MUTEX ccache_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static kcm_ccache_data *ccache_head = NULL;
+static unsigned int ccache_nextid = 0;
+
+char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid)
+{
+ unsigned n;
+ char *name;
+
+ HEIMDAL_MUTEX_lock(&ccache_mutex);
+ n = ++ccache_nextid;
+ HEIMDAL_MUTEX_unlock(&ccache_mutex);
+
+ asprintf(&name, "%d:%u", uid, n);
+
+ return name;
+}
+
+static krb5_error_code
+kcm_ccache_resolve_internal(krb5_context context,
+ const char *name,
+ kcm_ccache *ccache)
+{
+ kcm_ccache p;
+ krb5_error_code ret;
+
+ *ccache = NULL;
+
+ ret = KRB5_FCC_NOFILE;
+
+ HEIMDAL_MUTEX_lock(&ccache_mutex);
+
+ for (p = ccache_head; p != NULL; p = p->next) {
+ if ((p->flags & KCM_FLAGS_VALID) == 0)
+ continue;
+ if (strcmp(p->name, name) == 0) {
+ ret = 0;
+ break;
+ }
+ }
+
+ if (ret == 0) {
+ kcm_retain_ccache(context, p);
+ *ccache = p;
+ }
+
+ HEIMDAL_MUTEX_unlock(&ccache_mutex);
+
+ return ret;
+}
+
+krb5_error_code kcm_debug_ccache(krb5_context context)
+{
+ kcm_ccache p;
+
+ for (p = ccache_head; p != NULL; p = p->next) {
+ char *cpn = NULL, *spn = NULL;
+ int ncreds = 0;
+ struct kcm_creds *k;
+
+ if ((p->flags & KCM_FLAGS_VALID) == 0) {
+ kcm_log(7, "cache %08x: empty slot");
+ continue;
+ }
+
+ KCM_ASSERT_VALID(p);
+
+ for (k = p->creds; k != NULL; k = k->next)
+ ncreds++;
+
+ if (p->client != NULL)
+ krb5_unparse_name(context, p->client, &cpn);
+ if (p->server != NULL)
+ krb5_unparse_name(context, p->server, &spn);
+
+ kcm_log(7, "cache %08x: name %s refcnt %d flags %04x mode %04o "
+ "uid %d gid %d client %s server %s ncreds %d",
+ p, p->name, p->refcnt, p->flags, p->mode, p->uid, p->gid,
+ (cpn == NULL) ? "<none>" : cpn,
+ (spn == NULL) ? "<none>" : spn,
+ ncreds);
+
+ if (cpn != NULL)
+ free(cpn);
+ if (spn != NULL)
+ free(spn);
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+kcm_ccache_destroy_internal(krb5_context context, const char *name)
+{
+ kcm_ccache *p;
+ krb5_error_code ret;
+
+ ret = KRB5_FCC_NOFILE;
+
+ HEIMDAL_MUTEX_lock(&ccache_mutex);
+ for (p = &ccache_head; *p != NULL; p = &(*p)->next) {
+ if (((*p)->flags & KCM_FLAGS_VALID) == 0)
+ continue;
+ if (strcmp((*p)->name, name) == 0) {
+ ret = 0;
+ break;
+ }
+ }
+
+ if (ret)
+ goto out;
+
+ kcm_release_ccache(context, p);
+
+out:
+ HEIMDAL_MUTEX_unlock(&ccache_mutex);
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_ccache_alloc(krb5_context context,
+ const char *name,
+ kcm_ccache *ccache)
+{
+ kcm_ccache slot = NULL, p;
+ krb5_error_code ret;
+ int new_slot = 0;
+
+ *ccache = NULL;
+
+ /* First, check for duplicates */
+ HEIMDAL_MUTEX_lock(&ccache_mutex);
+ ret = 0;
+ for (p = ccache_head; p != NULL; p = p->next) {
+ if (p->flags & KCM_FLAGS_VALID) {
+ if (strcmp(p->name, name) == 0) {
+ ret = KRB5_CC_WRITE;
+ break;
+ }
+ } else if (slot == NULL)
+ slot = p;
+ }
+
+ if (ret)
+ goto out;
+
+ /*
+ * Then try and find an empty slot
+ * XXX we need to recycle slots for this to actually do anything
+ */
+ if (slot == NULL) {
+ for (; p != NULL; p = p->next) {
+ if ((p->flags & KCM_FLAGS_VALID) == 0) {
+ slot = p;
+ break;
+ }
+ }
+
+ if (slot == NULL) {
+ slot = (kcm_ccache_data *)malloc(sizeof(*slot));
+ if (slot == NULL) {
+ ret = KRB5_CC_NOMEM;
+ goto out;
+ }
+ slot->next = ccache_head;
+ HEIMDAL_MUTEX_init(&slot->mutex);
+ new_slot = 1;
+ }
+ }
+
+ slot->name = strdup(name);
+ if (slot->name == NULL) {
+ ret = KRB5_CC_NOMEM;
+ goto out;
+ }
+
+ slot->refcnt = 1;
+ slot->flags = KCM_FLAGS_VALID;
+ slot->mode = S_IRUSR | S_IWUSR;
+ slot->uid = -1;
+ slot->gid = -1;
+ slot->client = NULL;
+ slot->server = NULL;
+ slot->creds = NULL;
+ slot->n_cursor = 0;
+ slot->cursors = NULL;
+ slot->key.keytab = NULL;
+ slot->tkt_life = 0;
+ slot->renew_life = 0;
+
+ if (new_slot)
+ ccache_head = slot;
+
+ *ccache = slot;
+
+ HEIMDAL_MUTEX_unlock(&ccache_mutex);
+ return 0;
+
+out:
+ HEIMDAL_MUTEX_unlock(&ccache_mutex);
+ if (new_slot && slot != NULL) {
+ HEIMDAL_MUTEX_destroy(&slot->mutex);
+ free(slot);
+ }
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_remove_creds_internal(krb5_context context,
+ kcm_ccache ccache)
+{
+ struct kcm_creds *k;
+ struct kcm_cursor *c;
+
+ k = ccache->creds;
+ while (k != NULL) {
+ struct kcm_creds *old;
+
+ krb5_free_cred_contents(context, &k->cred);
+ old = k;
+ k = k->next;
+ free(old);
+ }
+ ccache->creds = NULL;
+
+ /* remove anything that would have pointed into the creds too */
+
+ ccache->n_cursor = 0;
+
+ c = ccache->cursors;
+ while (c != NULL) {
+ struct kcm_cursor *old;
+
+ old = c;
+ c = c->next;
+ free(old);
+ }
+ ccache->cursors = NULL;
+
+ return 0;
+}
+
+krb5_error_code
+kcm_ccache_remove_creds(krb5_context context,
+ kcm_ccache ccache)
+{
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ ret = kcm_ccache_remove_creds_internal(context, ccache);
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_zero_ccache_data_internal(krb5_context context,
+ kcm_ccache_data *cache)
+{
+ if (cache->client != NULL) {
+ krb5_free_principal(context, cache->client);
+ cache->client = NULL;
+ }
+
+ if (cache->server != NULL) {
+ krb5_free_principal(context, cache->server);
+ cache->server = NULL;
+ }
+
+ kcm_ccache_remove_creds_internal(context, cache);
+
+ return 0;
+}
+
+krb5_error_code
+kcm_zero_ccache_data(krb5_context context,
+ kcm_ccache cache)
+{
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(cache);
+
+ HEIMDAL_MUTEX_lock(&cache->mutex);
+ ret = kcm_zero_ccache_data_internal(context, cache);
+ HEIMDAL_MUTEX_unlock(&cache->mutex);
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_free_ccache_data_internal(krb5_context context,
+ kcm_ccache_data *cache)
+{
+ KCM_ASSERT_VALID(cache);
+
+ if (cache->name != NULL) {
+ free(cache->name);
+ cache->name = NULL;
+ }
+
+ if (cache->flags & KCM_FLAGS_USE_KEYTAB) {
+ krb5_kt_close(context, cache->key.keytab);
+ cache->key.keytab = NULL;
+ } else if (cache->flags & KCM_FLAGS_USE_CACHED_KEY) {
+ krb5_free_keyblock_contents(context, &cache->key.keyblock);
+ krb5_keyblock_zero(&cache->key.keyblock);
+ }
+
+ cache->flags = 0;
+ cache->mode = 0;
+ cache->uid = -1;
+ cache->gid = -1;
+
+ kcm_zero_ccache_data_internal(context, cache);
+
+ cache->tkt_life = 0;
+ cache->renew_life = 0;
+
+ cache->next = NULL;
+ cache->refcnt = 0;
+
+ HEIMDAL_MUTEX_unlock(&cache->mutex);
+ HEIMDAL_MUTEX_destroy(&cache->mutex);
+
+ return 0;
+}
+
+krb5_error_code
+kcm_retain_ccache(krb5_context context,
+ kcm_ccache ccache)
+{
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ ccache->refcnt++;
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return 0;
+}
+
+krb5_error_code
+kcm_release_ccache(krb5_context context,
+ kcm_ccache *ccache)
+{
+ kcm_ccache c = *ccache;
+ krb5_error_code ret = 0;
+
+ KCM_ASSERT_VALID(c);
+
+ HEIMDAL_MUTEX_lock(&c->mutex);
+ if (c->refcnt == 1) {
+ ret = kcm_free_ccache_data_internal(context, c);
+ if (ret == 0)
+ free(c);
+ } else {
+ c->refcnt--;
+ HEIMDAL_MUTEX_unlock(&c->mutex);
+ }
+
+ *ccache = NULL;
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_gen_new(krb5_context context,
+ pid_t pid,
+ uid_t uid,
+ gid_t gid,
+ kcm_ccache *ccache)
+{
+ krb5_error_code ret;
+ char *name;
+
+ name = kcm_ccache_nextid(pid, uid, gid);
+ if (name == NULL) {
+ return KRB5_CC_NOMEM;
+ }
+
+ ret = kcm_ccache_new(context, name, ccache);
+
+ free(name);
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_new(krb5_context context,
+ const char *name,
+ kcm_ccache *ccache)
+{
+ krb5_error_code ret;
+
+ ret = kcm_ccache_alloc(context, name, ccache);
+ if (ret == 0) {
+ /*
+ * one reference is held by the linked list,
+ * one by the caller
+ */
+ kcm_retain_ccache(context, *ccache);
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_resolve(krb5_context context,
+ const char *name,
+ kcm_ccache *ccache)
+{
+ krb5_error_code ret;
+
+ ret = kcm_ccache_resolve_internal(context, name, ccache);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_destroy(krb5_context context,
+ const char *name)
+{
+ krb5_error_code ret;
+
+ ret = kcm_ccache_destroy_internal(context, name);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_destroy_if_empty(krb5_context context,
+ kcm_ccache ccache)
+{
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ if (ccache->creds == NULL) {
+ ret = kcm_ccache_destroy_internal(context, ccache->name);
+ } else
+ ret = 0;
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_store_cred(krb5_context context,
+ kcm_ccache ccache,
+ krb5_creds *creds,
+ int copy)
+{
+ krb5_error_code ret;
+ krb5_creds *tmp;
+
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ ret = kcm_ccache_store_cred_internal(context, ccache, creds, copy, &tmp);
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_store_cred_internal(krb5_context context,
+ kcm_ccache ccache,
+ krb5_creds *creds,
+ int copy,
+ krb5_creds **credp)
+{
+ struct kcm_creds **c;
+ krb5_error_code ret;
+
+ for (c = &ccache->creds; *c != NULL; c = &(*c)->next)
+ ;
+
+ *c = (struct kcm_creds *)malloc(sizeof(struct kcm_creds));
+ if (*c == NULL) {
+ return KRB5_CC_NOMEM;
+ }
+
+ *credp = &(*c)->cred;
+
+ if (copy) {
+ ret = krb5_copy_creds_contents(context, creds, *credp);
+ if (ret) {
+ free(*c);
+ *c = NULL;
+ }
+ } else {
+ **credp = *creds;
+ ret = 0;
+ }
+
+ (*c)->next = NULL;
+
+ return ret;
+}
+
+static void
+remove_cred(krb5_context context,
+ struct kcm_creds **c)
+{
+ struct kcm_creds *cred;
+
+ cred = *c;
+
+ *c = cred->next;
+
+ krb5_free_cred_contents(context, &cred->cred);
+ free(cred);
+}
+
+krb5_error_code
+kcm_ccache_remove_cred_internal(krb5_context context,
+ kcm_ccache ccache,
+ krb5_flags whichfields,
+ const krb5_creds *mcreds)
+{
+ krb5_error_code ret;
+ struct kcm_creds **c;
+
+ ret = KRB5_CC_NOTFOUND;
+
+ for (c = &ccache->creds; *c != NULL; c = &(*c)->next) {
+ if (krb5_compare_creds(context, whichfields, mcreds, &(*c)->cred)) {
+ remove_cred(context, c);
+ ret = 0;
+ }
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_remove_cred(krb5_context context,
+ kcm_ccache ccache,
+ krb5_flags whichfields,
+ const krb5_creds *mcreds)
+{
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ ret = kcm_ccache_remove_cred_internal(context, ccache, whichfields, mcreds);
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_retrieve_cred_internal(krb5_context context,
+ kcm_ccache ccache,
+ krb5_flags whichfields,
+ const krb5_creds *mcreds,
+ krb5_creds **creds)
+{
+ krb5_boolean match;
+ struct kcm_creds *c;
+ krb5_error_code ret;
+
+ memset(creds, 0, sizeof(*creds));
+
+ ret = KRB5_CC_END;
+
+ match = FALSE;
+ for (c = ccache->creds; c != NULL; c = c->next) {
+ match = krb5_compare_creds(context, whichfields, mcreds, &c->cred);
+ if (match)
+ break;
+ }
+
+ if (match) {
+ ret = 0;
+ *creds = &c->cred;
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_retrieve_cred(krb5_context context,
+ kcm_ccache ccache,
+ krb5_flags whichfields,
+ const krb5_creds *mcreds,
+ krb5_creds **credp)
+{
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ ret = kcm_ccache_retrieve_cred_internal(context, ccache,
+ whichfields, mcreds, credp);
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kcm/client.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/client.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/client.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+#include <pwd.h>
+
+RCSID("$Id: client.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+kcm_ccache_resolve_client(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ const char *name,
+ kcm_ccache *ccache)
+{
+ krb5_error_code ret;
+
+ ret = kcm_ccache_resolve(context, name, ccache);
+ if (ret) {
+ kcm_log(1, "Failed to resolve cache %s: %s",
+ name, krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ ret = kcm_access(context, client, opcode, *ccache);
+ if (ret) {
+ ret = KRB5_FCC_NOFILE; /* don't disclose */
+ kcm_release_ccache(context, ccache);
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_destroy_client(krb5_context context,
+ kcm_client *client,
+ const char *name)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+
+ ret = kcm_ccache_resolve(context, name, &ccache);
+ if (ret) {
+ kcm_log(1, "Failed to resolve cache %s: %s",
+ name, krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ ret = kcm_access(context, client, KCM_OP_DESTROY, ccache);
+ if (ret) {
+ kcm_release_ccache(context, &ccache);
+ return ret;
+ }
+
+ ret = kcm_ccache_destroy(context, ccache->name);
+ if (ret == 0) {
+ /* don't leave any events dangling */
+ kcm_cleanup_events(context, ccache);
+ }
+
+ kcm_release_ccache(context, &ccache);
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_new_client(krb5_context context,
+ kcm_client *client,
+ const char *name,
+ kcm_ccache *ccache_p)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+
+ /* We insist the ccache name starts with UID or UID: */
+ if (name_constraints != 0) {
+ char prefix[64];
+ size_t prefix_len;
+ int bad = 1;
+
+ snprintf(prefix, sizeof(prefix), "%ld:", (long)client->uid);
+ prefix_len = strlen(prefix);
+
+ if (strncmp(name, prefix, prefix_len) == 0)
+ bad = 0;
+ else {
+ prefix[prefix_len - 1] = '\0';
+ if (strcmp(name, prefix) == 0)
+ bad = 0;
+ }
+
+ /* Allow root to create badly-named ccaches */
+ if (bad && !CLIENT_IS_ROOT(client))
+ return KRB5_CC_BADNAME;
+ }
+
+ ret = kcm_ccache_resolve(context, name, &ccache);
+ if (ret == 0) {
+ if ((ccache->uid != client->uid ||
+ ccache->gid != client->gid) && !CLIENT_IS_ROOT(client))
+ return KRB5_FCC_PERM;
+ } else if (ret != KRB5_FCC_NOFILE && !(CLIENT_IS_ROOT(client) && ret == KRB5_FCC_PERM)) {
+ return ret;
+ }
+
+ if (ret == KRB5_FCC_NOFILE) {
+ ret = kcm_ccache_new(context, name, &ccache);
+ if (ret) {
+ kcm_log(1, "Failed to initialize cache %s: %s",
+ name, krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ /* bind to current client */
+ ccache->uid = client->uid;
+ ccache->gid = client->gid;
+ } else {
+ ret = kcm_zero_ccache_data(context, ccache);
+ if (ret) {
+ kcm_log(1, "Failed to empty cache %s: %s",
+ name, krb5_get_err_text(context, ret));
+ kcm_release_ccache(context, &ccache);
+ return ret;
+ }
+ kcm_cleanup_events(context, ccache);
+ }
+
+ ret = kcm_access(context, client, KCM_OP_INITIALIZE, ccache);
+ if (ret) {
+ kcm_release_ccache(context, &ccache);
+ kcm_ccache_destroy(context, name);
+ return ret;
+ }
+
+ /*
+ * Finally, if the user is root and the cache was created under
+ * another user's name, chown the cache to that user and their
+ * default gid.
+ */
+ if (CLIENT_IS_ROOT(client)) {
+ unsigned long uid;
+ int matches = sscanf(name,"%ld:",&uid);
+ if (matches == 0)
+ matches = sscanf(name,"%ld",&uid);
+ if (matches == 1) {
+ struct passwd *pwd = getpwuid(uid);
+ if (pwd != NULL) {
+ gid_t gid = pwd->pw_gid;
+ kcm_chown(context, client, ccache, uid, gid);
+ }
+ }
+ }
+
+ *ccache_p = ccache;
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/config.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/config.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/config.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,390 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+#include <getarg.h>
+#include <parse_bytes.h>
+
+RCSID("$Id: config.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static const char *config_file; /* location of kcm config file */
+
+size_t max_request = 0; /* maximal size of a request */
+char *socket_path = NULL;
+char *door_path = NULL;
+
+static char *max_request_str; /* `max_request' as a string */
+
+int detach_from_console = -1;
+#define DETACH_IS_DEFAULT FALSE
+
+static const char *system_cache_name = NULL;
+static const char *system_keytab = NULL;
+static const char *system_principal = NULL;
+static const char *system_server = NULL;
+static const char *system_perms = NULL;
+static const char *system_user = NULL;
+static const char *system_group = NULL;
+
+static const char *renew_life = NULL;
+static const char *ticket_life = NULL;
+
+int disallow_getting_krbtgt = -1;
+int name_constraints = -1;
+
+static int help_flag;
+static int version_flag;
+
+static struct getargs args[] = {
+ {
+ "cache-name", 0, arg_string, &system_cache_name,
+ "system cache name", "cachename"
+ },
+ {
+ "config-file", 'c', arg_string, &config_file,
+ "location of config file", "file"
+ },
+ {
+ "group", 'g', arg_string, &system_group,
+ "system cache group", "group"
+ },
+ {
+ "max-request", 0, arg_string, &max_request,
+ "max size for a kcm-request", "size"
+ },
+#if DETACH_IS_DEFAULT
+ {
+ "detach", 'D', arg_negative_flag, &detach_from_console,
+ "don't detach from console"
+ },
+#else
+ {
+ "detach", 0 , arg_flag, &detach_from_console,
+ "detach from console"
+ },
+#endif
+ { "help", 'h', arg_flag, &help_flag },
+ {
+ "system-principal", 'k', arg_string, &system_principal,
+ "system principal name", "principal"
+ },
+ {
+ "lifetime", 'l', arg_string, &ticket_life,
+ "lifetime of system tickets", "time"
+ },
+ {
+ "mode", 'm', arg_string, &system_perms,
+ "octal mode of system cache", "mode"
+ },
+ {
+ "name-constraints", 'n', arg_negative_flag, &name_constraints,
+ "disable credentials cache name constraints"
+ },
+ {
+ "disallow-getting-krbtgt", 0, arg_flag, &disallow_getting_krbtgt,
+ "disable fetching krbtgt from the cache"
+ },
+ {
+ "renewable-life", 'r', arg_string, &renew_life,
+ "renewable lifetime of system tickets", "time"
+ },
+ {
+ "socket-path", 's', arg_string, &socket_path,
+ "path to kcm domain socket", "path"
+ },
+#ifdef HAVE_DOOR_CREATE
+ {
+ "door-path", 's', arg_string, &door_path,
+ "path to kcm door", "path"
+ },
+#endif
+ {
+ "server", 'S', arg_string, &system_server,
+ "server to get system ticket for", "principal"
+ },
+ {
+ "keytab", 't', arg_string, &system_keytab,
+ "system keytab name", "keytab"
+ },
+ {
+ "user", 'u', arg_string, &system_user,
+ "system cache owner", "user"
+ },
+ { "version", 'v', arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "");
+ exit (ret);
+}
+
+static int parse_owners(kcm_ccache ccache)
+{
+ uid_t uid = 0;
+ gid_t gid = 0;
+ struct passwd *pw;
+ struct group *gr;
+ int uid_p = 0;
+ int gid_p = 0;
+
+ if (system_user != NULL) {
+ if (isdigit((unsigned char)system_user[0])) {
+ pw = getpwuid(atoi(system_user));
+ } else {
+ pw = getpwnam(system_user);
+ }
+ if (pw == NULL) {
+ return errno;
+ }
+
+ system_user = strdup(pw->pw_name);
+ if (system_user == NULL) {
+ return ENOMEM;
+ }
+
+ uid = pw->pw_uid; uid_p = 1;
+ gid = pw->pw_gid; gid_p = 1;
+ }
+
+ if (system_group != NULL) {
+ if (isdigit((unsigned char)system_group[0])) {
+ gr = getgrgid(atoi(system_group));
+ } else {
+ gr = getgrnam(system_group);
+ }
+ if (gr == NULL) {
+ return errno;
+ }
+
+ gid = gr->gr_gid; gid_p = 1;
+ }
+
+ if (uid_p)
+ ccache->uid = uid;
+ else
+ ccache->uid = 0; /* geteuid() XXX */
+
+ if (gid_p)
+ ccache->gid = gid;
+ else
+ ccache->gid = 0; /* getegid() XXX */
+
+ return 0;
+}
+
+static const char *
+kcm_system_config_get_string(const char *string)
+{
+ return krb5_config_get_string(kcm_context, NULL, "kcm",
+ "system_ccache", string, NULL);
+}
+
+static krb5_error_code
+ccache_init_system(void)
+{
+ kcm_ccache ccache;
+ krb5_error_code ret;
+
+ if (system_cache_name == NULL)
+ system_cache_name = kcm_system_config_get_string("cc_name");
+
+ ret = kcm_ccache_new(kcm_context,
+ system_cache_name ? system_cache_name : "SYSTEM",
+ &ccache);
+ if (ret)
+ return ret;
+
+ ccache->flags |= KCM_FLAGS_OWNER_IS_SYSTEM;
+ ccache->flags |= KCM_FLAGS_USE_KEYTAB;
+
+ ret = parse_owners(ccache);
+ if (ret)
+ return ret;
+
+ ret = krb5_parse_name(kcm_context, system_principal, &ccache->client);
+ if (ret) {
+ kcm_release_ccache(kcm_context, &ccache);
+ return ret;
+ }
+
+ if (system_server == NULL)
+ system_server = kcm_system_config_get_string("server");
+
+ if (system_server != NULL) {
+ ret = krb5_parse_name(kcm_context, system_server, &ccache->server);
+ if (ret) {
+ kcm_release_ccache(kcm_context, &ccache);
+ return ret;
+ }
+ }
+
+ if (system_keytab == NULL)
+ system_keytab = kcm_system_config_get_string("keytab_name");
+
+ if (system_keytab != NULL) {
+ ret = krb5_kt_resolve(kcm_context, system_keytab, &ccache->key.keytab);
+ } else {
+ ret = krb5_kt_default(kcm_context, &ccache->key.keytab);
+ }
+ if (ret) {
+ kcm_release_ccache(kcm_context, &ccache);
+ return ret;
+ }
+
+ if (renew_life == NULL)
+ renew_life = kcm_system_config_get_string("renew_life");
+
+ if (renew_life == NULL)
+ renew_life = "1 month";
+
+ if (renew_life != NULL) {
+ ccache->renew_life = parse_time(renew_life, "s");
+ if (ccache->renew_life < 0) {
+ kcm_release_ccache(kcm_context, &ccache);
+ return EINVAL;
+ }
+ }
+
+ if (ticket_life == NULL)
+ ticket_life = kcm_system_config_get_string("ticket_life");
+
+ if (ticket_life != NULL) {
+ ccache->tkt_life = parse_time(ticket_life, "s");
+ if (ccache->tkt_life < 0) {
+ kcm_release_ccache(kcm_context, &ccache);
+ return EINVAL;
+ }
+ }
+
+ if (system_perms == NULL)
+ system_perms = kcm_system_config_get_string("mode");
+
+ if (system_perms != NULL) {
+ int mode;
+
+ if (sscanf(system_perms, "%o", &mode) != 1)
+ return EINVAL;
+
+ ccache->mode = mode;
+ }
+
+ if (disallow_getting_krbtgt == -1) {
+ disallow_getting_krbtgt =
+ krb5_config_get_bool_default(kcm_context, NULL, FALSE, "kcm",
+ "disallow-getting-krbtgt", NULL);
+ }
+
+ /* enqueue default actions for credentials cache */
+ ret = kcm_ccache_enqueue_default(kcm_context, ccache, NULL);
+
+ kcm_release_ccache(kcm_context, &ccache); /* retained by event queue */
+
+ return ret;
+}
+
+void
+kcm_configure(int argc, char **argv)
+{
+ krb5_error_code ret;
+ int optind = 0;
+ const char *p;
+
+ while(getarg(args, num_args, argc, argv, &optind))
+ warnx("error at argument `%s'", argv[optind]);
+
+ if(help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 0)
+ usage(1);
+
+ {
+ char **files;
+
+ if(config_file == NULL)
+ config_file = _PATH_KCM_CONF;
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(kcm_context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(kcm_context, files);
+ krb5_free_config_files(files);
+ if(ret)
+ krb5_err(kcm_context, 1, ret, "reading configuration files");
+ }
+
+ if(max_request_str)
+ max_request = parse_bytes(max_request_str, NULL);
+
+ if(max_request == 0){
+ p = krb5_config_get_string (kcm_context,
+ NULL,
+ "kcm",
+ "max-request",
+ NULL);
+ if(p)
+ max_request = parse_bytes(p, NULL);
+ }
+
+ if (system_principal == NULL) {
+ system_principal = kcm_system_config_get_string("principal");
+ }
+
+ if (system_principal != NULL) {
+ ret = ccache_init_system();
+ if (ret)
+ krb5_err(kcm_context, 1, ret, "initializing system ccache");
+ }
+
+ if(detach_from_console == -1)
+ detach_from_console = krb5_config_get_bool_default(kcm_context, NULL,
+ DETACH_IS_DEFAULT,
+ "kcm",
+ "detach", NULL);
+ kcm_openlog();
+ if(max_request == 0)
+ max_request = 64 * 1024;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/connect.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/connect.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/connect.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,688 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: connect.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct descr {
+ int s;
+ int type;
+ char *path;
+ unsigned char *buf;
+ size_t size;
+ size_t len;
+ time_t timeout;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa;
+ socklen_t sock_len;
+ kcm_client peercred;
+};
+
+static void
+init_descr(struct descr *d)
+{
+ memset(d, 0, sizeof(*d));
+ d->sa = (struct sockaddr *)&d->__ss;
+ d->s = -1;
+}
+
+/*
+ * re-initialize all `n' ->sa in `d'.
+ */
+
+static void
+reinit_descrs (struct descr *d, int n)
+{
+ int i;
+
+ for (i = 0; i < n; ++i)
+ d[i].sa = (struct sockaddr *)&d[i].__ss;
+}
+
+/*
+ * Update peer credentials from socket.
+ *
+ * SCM_CREDS can only be updated the first time there is read data to
+ * read from the filedescriptor, so if we read do it before this
+ * point, the cred data might not be is not there yet.
+ */
+
+static int
+update_client_creds(int s, kcm_client *peer)
+{
+#ifdef GETPEERUCRED
+ /* Solaris 10 */
+ {
+ ucred_t *peercred;
+
+ if (getpeerucred(s, &peercred) != 0) {
+ peer->uid = ucred_geteuid(peercred);
+ peer->gid = ucred_getegid(peercred);
+ peer->pid = 0;
+ ucred_free(peercred);
+ return 0;
+ }
+ }
+#endif
+#ifdef GETPEEREID
+ /* FreeBSD, OpenBSD */
+ {
+ uid_t uid;
+ gid_t gid;
+
+ if (getpeereid(s, &uid, &gid) == 0) {
+ peer->uid = uid;
+ peer->gid = gid;
+ peer->pid = 0;
+ return 0;
+ }
+ }
+#endif
+#ifdef SO_PEERCRED
+ /* Linux */
+ {
+ struct ucred pc;
+ socklen_t pclen = sizeof(pc);
+
+ if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) {
+ peer->uid = pc.uid;
+ peer->gid = pc.gid;
+ peer->pid = pc.pid;
+ return 0;
+ }
+ }
+#endif
+#if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)
+ {
+ struct xucred peercred;
+ socklen_t peercredlen = sizeof(peercred);
+
+ if (getsockopt(s, LOCAL_PEERCRED, 1,
+ (void *)&peercred, &peercredlen) == 0
+ && peercred.cr_version == XUCRED_VERSION)
+ {
+ peer->uid = peercred.cr_uid;
+ peer->gid = peercred.cr_gid;
+ peer->pid = 0;
+ return 0;
+ }
+ }
+#endif
+#if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
+ /* NetBSD */
+ if (peer->uid == -1) {
+ struct msghdr msg;
+ socklen_t crmsgsize;
+ void *crmsg;
+ struct cmsghdr *cmp;
+ struct sockcred *sc;
+
+ memset(&msg, 0, sizeof(msg));
+ crmsgsize = CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX));
+ if (crmsgsize == 0)
+ return 1 ;
+
+ crmsg = malloc(crmsgsize);
+ if (crmsg == NULL)
+ goto failed_scm_creds;
+
+ memset(crmsg, 0, crmsgsize);
+
+ msg.msg_control = crmsg;
+ msg.msg_controllen = crmsgsize;
+
+ if (recvmsg(s, &msg, 0) < 0) {
+ free(crmsg);
+ goto failed_scm_creds;
+ }
+
+ if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) {
+ free(crmsg);
+ goto failed_scm_creds;
+ }
+
+ cmp = CMSG_FIRSTHDR(&msg);
+ if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) {
+ free(crmsg);
+ goto failed_scm_creds;
+ }
+
+ sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
+
+ peer->uid = sc->sc_euid;
+ peer->gid = sc->sc_egid;
+ peer->pid = 0;
+
+ free(crmsg);
+ return 0;
+ } else {
+ /* we already got the cred, just return it */
+ return 0;
+ }
+ failed_scm_creds:
+#endif
+ krb5_warn(kcm_context, errno, "failed to determine peer identity");
+ return 1;
+}
+
+
+/*
+ * Create the socket (family, type, port) in `d'
+ */
+
+static void
+init_socket(struct descr *d)
+{
+ struct sockaddr_un un;
+ struct sockaddr *sa = (struct sockaddr *)&un;
+ krb5_socklen_t sa_size = sizeof(un);
+
+ init_descr (d);
+
+ un.sun_family = AF_UNIX;
+
+ if (socket_path != NULL)
+ d->path = socket_path;
+ else
+ d->path = _PATH_KCM_SOCKET;
+
+ strlcpy(un.sun_path, d->path, sizeof(un.sun_path));
+
+ d->s = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (d->s < 0){
+ krb5_warn(kcm_context, errno, "socket(%d, %d, 0)", AF_UNIX, SOCK_STREAM);
+ d->s = -1;
+ return;
+ }
+#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
+ {
+ int one = 1;
+ setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
+ }
+#endif
+#ifdef LOCAL_CREDS
+ {
+ int one = 1;
+ setsockopt(d->s, 0, LOCAL_CREDS, (void *)&one, sizeof(one));
+ }
+#endif
+
+ d->type = SOCK_STREAM;
+
+ unlink(d->path);
+
+ if (bind(d->s, sa, sa_size) < 0) {
+ krb5_warn(kcm_context, errno, "bind %s", un.sun_path);
+ close(d->s);
+ d->s = -1;
+ return;
+ }
+
+ if (listen(d->s, SOMAXCONN) < 0) {
+ krb5_warn(kcm_context, errno, "listen %s", un.sun_path);
+ close(d->s);
+ d->s = -1;
+ return;
+ }
+
+ chmod(d->path, 0777);
+
+ return;
+}
+
+/*
+ * Allocate descriptors for all the sockets that we should listen on
+ * and return the number of them.
+ */
+
+static int
+init_sockets(struct descr **desc)
+{
+ struct descr *d;
+ size_t num = 0;
+
+ d = (struct descr *)malloc(sizeof(*d));
+ if (d == NULL) {
+ krb5_errx(kcm_context, 1, "malloc failed");
+ }
+
+ init_socket(d);
+ if (d->s != -1) {
+ kcm_log(5, "listening on domain socket %s", d->path);
+ num++;
+ }
+
+ reinit_descrs (d, num);
+ *desc = d;
+
+ return num;
+}
+
+/*
+ * handle the request in `buf, len', from `addr' (or `from' as a string),
+ * sending a reply in `reply'.
+ */
+
+static int
+process_request(unsigned char *buf,
+ size_t len,
+ krb5_data *reply,
+ kcm_client *client)
+{
+ krb5_data request;
+
+ if (len < 4) {
+ kcm_log(1, "malformed request from process %d (too short)",
+ client->pid);
+ return -1;
+ }
+
+ if (buf[0] != KCM_PROTOCOL_VERSION_MAJOR ||
+ buf[1] != KCM_PROTOCOL_VERSION_MINOR) {
+ kcm_log(1, "incorrect protocol version %d.%d from process %d",
+ buf[0], buf[1], client->pid);
+ return -1;
+ }
+
+ buf += 2;
+ len -= 2;
+
+ /* buf is now pointing at opcode */
+
+ request.data = buf;
+ request.length = len;
+
+ return kcm_dispatch(kcm_context, client, &request, reply);
+}
+
+/*
+ * Handle the request in `buf, len' to socket `d'
+ */
+
+static void
+do_request(void *buf, size_t len, struct descr *d)
+{
+ krb5_error_code ret;
+ krb5_data reply;
+
+ reply.length = 0;
+
+ ret = process_request(buf, len, &reply, &d->peercred);
+ if (reply.length != 0) {
+ unsigned char len[4];
+ struct msghdr msghdr;
+ struct iovec iov[2];
+
+ kcm_log(5, "sending %lu bytes to process %d",
+ (unsigned long)reply.length,
+ (int)d->peercred.pid);
+
+ memset (&msghdr, 0, sizeof(msghdr));
+ msghdr.msg_name = NULL;
+ msghdr.msg_namelen = 0;
+ msghdr.msg_iov = iov;
+ msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
+#if 0
+ msghdr.msg_control = NULL;
+ msghdr.msg_controllen = 0;
+#endif
+
+ len[0] = (reply.length >> 24) & 0xff;
+ len[1] = (reply.length >> 16) & 0xff;
+ len[2] = (reply.length >> 8) & 0xff;
+ len[3] = reply.length & 0xff;
+
+ iov[0].iov_base = (void*)len;
+ iov[0].iov_len = 4;
+ iov[1].iov_base = reply.data;
+ iov[1].iov_len = reply.length;
+
+ if (sendmsg (d->s, &msghdr, 0) < 0) {
+ kcm_log (0, "sendmsg(%d): %d %s", (int)d->peercred.pid,
+ errno, strerror(errno));
+ krb5_data_free(&reply);
+ return;
+ }
+
+ krb5_data_free(&reply);
+ }
+
+ if (ret) {
+ kcm_log(0, "Failed processing %lu byte request from process %d",
+ (unsigned long)len, d->peercred.pid);
+ }
+}
+
+static void
+clear_descr(struct descr *d)
+{
+ if(d->buf)
+ memset(d->buf, 0, d->size);
+ d->len = 0;
+ if(d->s != -1)
+ close(d->s);
+ d->s = -1;
+}
+
+#define STREAM_TIMEOUT 4
+
+/*
+ * accept a new stream connection on `d[parent]' and store it in `d[child]'
+ */
+
+static void
+add_new_stream (struct descr *d, int parent, int child)
+{
+ int s;
+
+ if (child == -1)
+ return;
+
+ d[child].peercred.pid = -1;
+ d[child].peercred.uid = -1;
+ d[child].peercred.gid = -1;
+
+ d[child].sock_len = sizeof(d[child].__ss);
+ s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
+ if(s < 0) {
+ krb5_warn(kcm_context, errno, "accept");
+ return;
+ }
+
+ if (s >= FD_SETSIZE) {
+ krb5_warnx(kcm_context, "socket FD too large");
+ close (s);
+ return;
+ }
+
+ d[child].s = s;
+ d[child].timeout = time(NULL) + STREAM_TIMEOUT;
+ d[child].type = SOCK_STREAM;
+}
+
+/*
+ * Grow `d' to handle at least `n'.
+ * Return != 0 if fails
+ */
+
+static int
+grow_descr (struct descr *d, size_t n)
+{
+ if (d->size - d->len < n) {
+ unsigned char *tmp;
+ size_t grow;
+
+ grow = max(1024, d->len + n);
+ if (d->size + grow > max_request) {
+ kcm_log(0, "Request exceeds max request size (%lu bytes).",
+ (unsigned long)d->size + grow);
+ clear_descr(d);
+ return -1;
+ }
+ tmp = realloc (d->buf, d->size + grow);
+ if (tmp == NULL) {
+ kcm_log(0, "Failed to re-allocate %lu bytes.",
+ (unsigned long)d->size + grow);
+ clear_descr(d);
+ return -1;
+ }
+ d->size += grow;
+ d->buf = tmp;
+ }
+ return 0;
+}
+
+/*
+ * Handle incoming data to the stream socket in `d[index]'
+ */
+
+static void
+handle_stream(struct descr *d, int index, int min_free)
+{
+ unsigned char buf[1024];
+ int n;
+ int ret = 0;
+
+ if (d[index].timeout == 0) {
+ add_new_stream (d, index, min_free);
+ return;
+ }
+
+ if (update_client_creds(d[index].s, &d[index].peercred)) {
+ krb5_warnx(kcm_context, "failed to update peer identity");
+ clear_descr(d + index);
+ return;
+ }
+
+ if (d[index].peercred.uid == -1) {
+ krb5_warnx(kcm_context, "failed to determine peer identity");
+ clear_descr (d + index);
+ return;
+ }
+
+ n = recvfrom(d[index].s, buf, sizeof(buf), 0, NULL, NULL);
+ if (n < 0) {
+ krb5_warn(kcm_context, errno, "recvfrom");
+ return;
+ } else if (n == 0) {
+ krb5_warnx(kcm_context, "connection closed before end of data "
+ "after %lu bytes from process %ld",
+ (unsigned long) d[index].len, (long) d[index].peercred.pid);
+ clear_descr (d + index);
+ return;
+ }
+ if (grow_descr (&d[index], n))
+ return;
+ memcpy(d[index].buf + d[index].len, buf, n);
+ d[index].len += n;
+ if (d[index].len > 4) {
+ krb5_storage *sp;
+ int32_t len;
+
+ sp = krb5_storage_from_mem(d[index].buf, d[index].len);
+ if (sp == NULL) {
+ kcm_log (0, "krb5_storage_from_mem failed");
+ ret = -1;
+ } else {
+ krb5_ret_int32(sp, &len);
+ krb5_storage_free(sp);
+ if (d[index].len - 4 >= len) {
+ memmove(d[index].buf, d[index].buf + 4, d[index].len - 4);
+ ret = 1;
+ } else
+ ret = 0;
+ }
+ }
+ if (ret < 0)
+ return;
+ else if (ret == 1) {
+ do_request(d[index].buf, d[index].len, &d[index]);
+ clear_descr(d + index);
+ }
+}
+
+#ifdef HAVE_DOOR_CREATE
+
+static void
+kcm_door_server(void *cookie, char *argp, size_t arg_size,
+ door_desc_t *dp, uint_t n_desc)
+{
+ kcm_client peercred;
+ door_cred_t cred;
+ krb5_error_code ret;
+ krb5_data reply;
+ size_t length;
+ char *p;
+
+ reply.length = 0;
+
+ p = NULL;
+ length = 0;
+
+ if (door_cred(&cred) != 0) {
+ kcm_log(0, "door_cred failed with %s", strerror(errno));
+ goto out;
+ }
+
+ peercred.uid = cred.dc_euid;
+ peercred.gid = cred.dc_egid;
+ peercred.pid = cred.dc_pid;
+
+ ret = process_request((unsigned char*)argp, arg_size, &reply, &peercred);
+ if (reply.length != 0) {
+ p = alloca(reply.length); /* XXX don't use alloca */
+ if (p) {
+ memcpy(p, reply.data, reply.length);
+ length = reply.length;
+ }
+ krb5_data_free(&reply);
+ }
+
+ out:
+ door_return(p, length, NULL, 0);
+}
+
+static void
+kcm_setup_door(void)
+{
+ int fd, ret;
+ char *path;
+
+ fd = door_create(kcm_door_server, NULL, 0);
+ if (fd < 0)
+ krb5_err(kcm_context, 1, errno, "Failed to create door");
+
+ if (door_path != NULL)
+ path = door_path;
+ else
+ path = _PATH_KCM_DOOR;
+
+ unlink(path);
+ ret = open(path, O_RDWR | O_CREAT, 0666);
+ if (ret < 0)
+ krb5_err(kcm_context, 1, errno, "Failed to create/open door");
+ close(ret);
+
+ ret = fattach(fd, path);
+ if (ret < 0)
+ krb5_err(kcm_context, 1, errno, "Failed to attach door");
+
+}
+#endif /* HAVE_DOOR_CREATE */
+
+
+void
+kcm_loop(void)
+{
+ struct descr *d;
+ int ndescr;
+
+#ifdef HAVE_DOOR_CREATE
+ kcm_setup_door();
+#endif
+
+ ndescr = init_sockets(&d);
+ if (ndescr <= 0) {
+ krb5_warnx(kcm_context, "No sockets!");
+#ifndef HAVE_DOOR_CREATE
+ exit(1);
+#endif
+ }
+ while (exit_flag == 0){
+ struct timeval tmout;
+ fd_set fds;
+ int min_free = -1;
+ int max_fd = 0;
+ int i;
+
+ FD_ZERO(&fds);
+ for(i = 0; i < ndescr; i++) {
+ if (d[i].s >= 0){
+ if(d[i].type == SOCK_STREAM &&
+ d[i].timeout && d[i].timeout < time(NULL)) {
+ kcm_log(1, "Stream connection from %d expired after %lu bytes",
+ d[i].peercred.pid, (unsigned long)d[i].len);
+ clear_descr(&d[i]);
+ continue;
+ }
+ if (max_fd < d[i].s)
+ max_fd = d[i].s;
+ if (max_fd >= FD_SETSIZE)
+ krb5_errx(kcm_context, 1, "fd too large");
+ FD_SET(d[i].s, &fds);
+ } else if (min_free < 0 || i < min_free)
+ min_free = i;
+ }
+ if (min_free == -1) {
+ struct descr *tmp;
+ tmp = realloc(d, (ndescr + 4) * sizeof(*d));
+ if(tmp == NULL)
+ krb5_warnx(kcm_context, "No memory");
+ else {
+ d = tmp;
+ reinit_descrs (d, ndescr);
+ memset(d + ndescr, 0, 4 * sizeof(*d));
+ for(i = ndescr; i < ndescr + 4; i++)
+ init_descr (&d[i]);
+ min_free = ndescr;
+ ndescr += 4;
+ }
+ }
+
+ tmout.tv_sec = STREAM_TIMEOUT;
+ tmout.tv_usec = 0;
+ switch (select(max_fd + 1, &fds, 0, 0, &tmout)){
+ case 0:
+ kcm_run_events(kcm_context, time(NULL));
+ break;
+ case -1:
+ if (errno != EINTR)
+ krb5_warn(kcm_context, errno, "select");
+ break;
+ default:
+ for(i = 0; i < ndescr; i++) {
+ if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) {
+ if (d[i].type == SOCK_STREAM)
+ handle_stream(d, i, min_free);
+ }
+ }
+ kcm_run_events(kcm_context, time(NULL));
+ break;
+ }
+ }
+ if (d->path != NULL)
+ unlink(d->path);
+ free(d);
+}
+
Added: vendor-crypto/heimdal/dist/kcm/cursor.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/cursor.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/cursor.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: cursor.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+kcm_cursor_new(krb5_context context,
+ pid_t pid,
+ kcm_ccache ccache,
+ uint32_t *cursor)
+{
+ kcm_cursor **p;
+ krb5_error_code ret;
+
+ *cursor = 0;
+
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ for (p = &ccache->cursors; *p != NULL; p = &(*p)->next)
+ ;
+
+ *p = (kcm_cursor *)malloc(sizeof(kcm_cursor));
+ if (*p == NULL) {
+ ret = KRB5_CC_NOMEM;
+ goto out;
+ }
+
+ (*p)->pid = pid;
+ (*p)->key = ++ccache->n_cursor;
+ (*p)->credp = ccache->creds;
+ (*p)->next = NULL;
+
+ *cursor = (*p)->key;
+
+ ret = 0;
+
+out:
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_cursor_find(krb5_context context,
+ pid_t pid,
+ kcm_ccache ccache,
+ uint32_t key,
+ kcm_cursor **cursor)
+{
+ kcm_cursor *p;
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ if (key == 0)
+ return KRB5_CC_NOTFOUND;
+
+ ret = KRB5_CC_END;
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ for (p = ccache->cursors; p != NULL; p = p->next) {
+ if (p->key == key) {
+ if (p->pid != pid)
+ ret = KRB5_FCC_PERM;
+ else
+ ret = 0;
+ break;
+ }
+ }
+
+ if (ret == 0)
+ *cursor = p;
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_cursor_delete(krb5_context context,
+ pid_t pid,
+ kcm_ccache ccache,
+ uint32_t key)
+{
+ kcm_cursor **p;
+ krb5_error_code ret;
+
+ KCM_ASSERT_VALID(ccache);
+
+ if (key == 0)
+ return KRB5_CC_NOTFOUND;
+
+ ret = KRB5_CC_END;
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ for (p = &ccache->cursors; *p != NULL; p = &(*p)->next) {
+ if ((*p)->key == key) {
+ if ((*p)->pid != pid)
+ ret = KRB5_FCC_PERM;
+ else
+ ret = 0;
+ break;
+ }
+ }
+
+ if (ret == 0) {
+ kcm_cursor *x = *p;
+
+ *p = x->next;
+ free(x);
+ }
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/events.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/events.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/events.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,440 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: events.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/* thread-safe in case we multi-thread later */
+static HEIMDAL_MUTEX events_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static kcm_event *events_head = NULL;
+static time_t last_run = 0;
+
+static char *action_strings[] = {
+ "NONE", "ACQUIRE_CREDS", "RENEW_CREDS",
+ "DESTROY_CREDS", "DESTROY_EMPTY_CACHE" };
+
+krb5_error_code
+kcm_enqueue_event(krb5_context context,
+ kcm_event *event)
+{
+ krb5_error_code ret;
+
+ if (event->action == KCM_EVENT_NONE) {
+ return 0;
+ }
+
+ HEIMDAL_MUTEX_lock(&events_mutex);
+ ret = kcm_enqueue_event_internal(context, event);
+ HEIMDAL_MUTEX_unlock(&events_mutex);
+
+ return ret;
+}
+
+static void
+print_times(time_t time, char buf[64])
+{
+ if (time)
+ strftime(buf, 64, "%m-%dT%H:%M", gmtime(&time));
+ else
+ strlcpy(buf, "never", 64);
+}
+
+static void
+log_event(kcm_event *event, char *msg)
+{
+ char fire_time[64], expire_time[64];
+
+ print_times(event->fire_time, fire_time);
+ print_times(event->expire_time, expire_time);
+
+ kcm_log(7, "%s event %08x: fire_time %s fire_count %d expire_time %s "
+ "backoff_time %d action %s cache %s",
+ msg, event, fire_time, event->fire_count, expire_time,
+ event->backoff_time, action_strings[event->action],
+ event->ccache->name);
+}
+
+krb5_error_code
+kcm_enqueue_event_internal(krb5_context context,
+ kcm_event *event)
+{
+ kcm_event **e;
+
+ if (event->action == KCM_EVENT_NONE)
+ return 0;
+
+ for (e = &events_head; *e != NULL; e = &(*e)->next)
+ ;
+
+ *e = (kcm_event *)malloc(sizeof(kcm_event));
+ if (*e == NULL) {
+ return KRB5_CC_NOMEM;
+ }
+
+ (*e)->valid = 1;
+ (*e)->fire_time = event->fire_time;
+ (*e)->fire_count = 0;
+ (*e)->expire_time = event->expire_time;
+ (*e)->backoff_time = event->backoff_time;
+
+ (*e)->action = event->action;
+
+ kcm_retain_ccache(context, event->ccache);
+ (*e)->ccache = event->ccache;
+ (*e)->next = NULL;
+
+ log_event(*e, "enqueuing");
+
+ return 0;
+}
+
+/*
+ * Dump events list on SIGUSR2
+ */
+krb5_error_code
+kcm_debug_events(krb5_context context)
+{
+ kcm_event *e;
+
+ for (e = events_head; e != NULL; e = e->next)
+ log_event(e, "debug");
+
+ return 0;
+}
+
+krb5_error_code
+kcm_enqueue_event_relative(krb5_context context,
+ kcm_event *event)
+{
+ krb5_error_code ret;
+ kcm_event e;
+
+ e = *event;
+ e.backoff_time = e.fire_time;
+ e.fire_time += time(NULL);
+
+ ret = kcm_enqueue_event(context, &e);
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_remove_event_internal(krb5_context context,
+ kcm_event **e)
+{
+ kcm_event *next;
+
+ next = (*e)->next;
+
+ (*e)->valid = 0;
+ (*e)->fire_time = 0;
+ (*e)->fire_count = 0;
+ (*e)->expire_time = 0;
+ (*e)->backoff_time = 0;
+ kcm_release_ccache(context, &(*e)->ccache);
+ (*e)->next = NULL;
+ free(*e);
+
+ *e = next;
+
+ return 0;
+}
+
+static int
+is_primary_credential_p(krb5_context context,
+ kcm_ccache ccache,
+ krb5_creds *newcred)
+{
+ krb5_flags whichfields;
+
+ if (ccache->client == NULL)
+ return 0;
+
+ if (newcred->client == NULL ||
+ !krb5_principal_compare(context, ccache->client, newcred->client))
+ return 0;
+
+ /* XXX just checks whether it's the first credential in the cache */
+ if (ccache->creds == NULL)
+ return 0;
+
+ whichfields = KRB5_TC_MATCH_KEYTYPE | KRB5_TC_MATCH_FLAGS_EXACT |
+ KRB5_TC_MATCH_TIMES_EXACT | KRB5_TC_MATCH_AUTHDATA |
+ KRB5_TC_MATCH_2ND_TKT | KRB5_TC_MATCH_IS_SKEY;
+
+ return krb5_compare_creds(context, whichfields, newcred, &ccache->creds->cred);
+}
+
+/*
+ * Setup default events for a new credential
+ */
+static krb5_error_code
+kcm_ccache_make_default_event(krb5_context context,
+ kcm_event *event,
+ krb5_creds *newcred)
+{
+ krb5_error_code ret = 0;
+ kcm_ccache ccache = event->ccache;
+
+ event->fire_time = 0;
+ event->expire_time = 0;
+ event->backoff_time = KCM_EVENT_DEFAULT_BACKOFF_TIME;
+
+ if (newcred == NULL) {
+ /* no creds, must be acquire creds request */
+ if ((ccache->flags & KCM_MASK_KEY_PRESENT) == 0) {
+ kcm_log(0, "Cannot acquire credentials without a key");
+ return KRB5_FCC_INTERNAL;
+ }
+
+ event->fire_time = time(NULL); /* right away */
+ event->action = KCM_EVENT_ACQUIRE_CREDS;
+ } else if (is_primary_credential_p(context, ccache, newcred)) {
+ if (newcred->flags.b.renewable) {
+ event->action = KCM_EVENT_RENEW_CREDS;
+ ccache->flags |= KCM_FLAGS_RENEWABLE;
+ } else {
+ if (ccache->flags & KCM_MASK_KEY_PRESENT)
+ event->action = KCM_EVENT_ACQUIRE_CREDS;
+ else
+ event->action = KCM_EVENT_NONE;
+ ccache->flags &= ~(KCM_FLAGS_RENEWABLE);
+ }
+ /* requeue with some slop factor */
+ event->fire_time = newcred->times.endtime - KCM_EVENT_QUEUE_INTERVAL;
+ } else {
+ event->action = KCM_EVENT_NONE;
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_ccache_enqueue_default(krb5_context context,
+ kcm_ccache ccache,
+ krb5_creds *newcred)
+{
+ kcm_event event;
+ krb5_error_code ret;
+
+ memset(&event, 0, sizeof(event));
+ event.ccache = ccache;
+
+ ret = kcm_ccache_make_default_event(context, &event, newcred);
+ if (ret)
+ return ret;
+
+ ret = kcm_enqueue_event_internal(context, &event);
+ if (ret)
+ return ret;
+
+ return 0;
+}
+
+krb5_error_code
+kcm_remove_event(krb5_context context,
+ kcm_event *event)
+{
+ krb5_error_code ret;
+ kcm_event **e;
+ int found = 0;
+
+ log_event(event, "removing");
+
+ HEIMDAL_MUTEX_lock(&events_mutex);
+ for (e = &events_head; *e != NULL; e = &(*e)->next) {
+ if (event == *e) {
+ *e = event->next;
+ found++;
+ break;
+ }
+ }
+
+ if (!found) {
+ ret = KRB5_CC_NOTFOUND;
+ goto out;
+ }
+
+ ret = kcm_remove_event_internal(context, &event);
+
+out:
+ HEIMDAL_MUTEX_unlock(&events_mutex);
+
+ return ret;
+}
+
+krb5_error_code
+kcm_cleanup_events(krb5_context context,
+ kcm_ccache ccache)
+{
+ kcm_event **e;
+
+ KCM_ASSERT_VALID(ccache);
+
+ HEIMDAL_MUTEX_lock(&events_mutex);
+
+ for (e = &events_head; *e != NULL; e = &(*e)->next) {
+ if ((*e)->valid && (*e)->ccache == ccache) {
+ kcm_remove_event_internal(context, e);
+ }
+ if (*e == NULL)
+ break;
+ }
+
+ HEIMDAL_MUTEX_unlock(&events_mutex);
+
+ return 0;
+}
+
+static krb5_error_code
+kcm_fire_event(krb5_context context,
+ kcm_event **e)
+{
+ kcm_event *event;
+ krb5_error_code ret;
+ krb5_creds *credp = NULL;
+ int oneshot = 1;
+
+ event = *e;
+
+ switch (event->action) {
+ case KCM_EVENT_ACQUIRE_CREDS:
+ ret = kcm_ccache_acquire(context, event->ccache, &credp);
+ oneshot = 0;
+ break;
+ case KCM_EVENT_RENEW_CREDS:
+ ret = kcm_ccache_refresh(context, event->ccache, &credp);
+ if (ret == KRB5KRB_AP_ERR_TKT_EXPIRED) {
+ ret = kcm_ccache_acquire(context, event->ccache, &credp);
+ }
+ oneshot = 0;
+ break;
+ case KCM_EVENT_DESTROY_CREDS:
+ ret = kcm_ccache_destroy(context, event->ccache->name);
+ break;
+ case KCM_EVENT_DESTROY_EMPTY_CACHE:
+ ret = kcm_ccache_destroy_if_empty(context, event->ccache);
+ break;
+ default:
+ ret = KRB5_FCC_INTERNAL;
+ break;
+ }
+
+ event->fire_count++;
+
+ if (ret) {
+ /* Reschedule failed event for another time */
+ event->fire_time += event->backoff_time;
+ if (event->backoff_time < KCM_EVENT_MAX_BACKOFF_TIME)
+ event->backoff_time *= 2;
+
+ /* Remove it if it would never get executed */
+ if (event->expire_time &&
+ event->fire_time > event->expire_time)
+ kcm_remove_event_internal(context, e);
+ } else {
+ if (!oneshot) {
+ char *cpn;
+
+ if (krb5_unparse_name(context, event->ccache->client,
+ &cpn))
+ cpn = NULL;
+
+ kcm_log(0, "%s credentials in cache %s for principal %s",
+ (event->action == KCM_EVENT_ACQUIRE_CREDS) ?
+ "Acquired" : "Renewed",
+ event->ccache->name,
+ (cpn != NULL) ? cpn : "<none>");
+
+ if (cpn != NULL)
+ free(cpn);
+
+ /* Succeeded, but possibly replaced with another event */
+ ret = kcm_ccache_make_default_event(context, event, credp);
+ if (ret || event->action == KCM_EVENT_NONE)
+ oneshot = 1;
+ else
+ log_event(event, "requeuing");
+ }
+ if (oneshot)
+ kcm_remove_event_internal(context, e);
+ }
+
+ return ret;
+}
+
+krb5_error_code
+kcm_run_events(krb5_context context,
+ time_t now)
+{
+ krb5_error_code ret;
+ kcm_event **e;
+
+ HEIMDAL_MUTEX_lock(&events_mutex);
+
+ /* Only run event queue every N seconds */
+ if (now < last_run + KCM_EVENT_QUEUE_INTERVAL) {
+ HEIMDAL_MUTEX_unlock(&events_mutex);
+ return 0;
+ }
+
+ /* go through events list, fire and expire */
+ for (e = &events_head; *e != NULL; e = &(*e)->next) {
+ if ((*e)->valid == 0)
+ continue;
+
+ if (now >= (*e)->fire_time) {
+ ret = kcm_fire_event(context, e);
+ if (ret) {
+ kcm_log(1, "Could not fire event for cache %s: %s",
+ (*e)->ccache->name, krb5_get_err_text(context, ret));
+ }
+ } else if ((*e)->expire_time && now >= (*e)->expire_time) {
+ ret = kcm_remove_event_internal(context, e);
+ if (ret) {
+ kcm_log(1, "Could not expire event for cache %s: %s",
+ (*e)->ccache->name, krb5_get_err_text(context, ret));
+ }
+ }
+
+ if (*e == NULL)
+ break;
+ }
+
+ last_run = now;
+
+ HEIMDAL_MUTEX_unlock(&events_mutex);
+
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/glue.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,279 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: glue.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * Server-side loopback glue for credentials cache operations; this
+ * must be initialized with kcm_internal_ccache(), it is not for real
+ * use. This entire file assumes the cache is locked, it does not do
+ * any concurrency checking for multithread applications.
+ */
+
+#define KCMCACHE(X) ((kcm_ccache)(X)->data.data)
+#define CACHENAME(X) (KCMCACHE(X)->name)
+
+static const char *
+kcmss_get_name(krb5_context context,
+ krb5_ccache id)
+{
+ return CACHENAME(id);
+}
+
+static krb5_error_code
+kcmss_resolve(krb5_context context, krb5_ccache *id, const char *res)
+{
+ return KRB5_FCC_INTERNAL;
+}
+
+static krb5_error_code
+kcmss_gen_new(krb5_context context, krb5_ccache *id)
+{
+ return KRB5_FCC_INTERNAL;
+}
+
+static krb5_error_code
+kcmss_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ ret = kcm_zero_ccache_data_internal(context, c);
+ if (ret)
+ return ret;
+
+ ret = krb5_copy_principal(context, primary_principal,
+ &c->client);
+
+ return ret;
+}
+
+static krb5_error_code
+kcmss_close(krb5_context context,
+ krb5_ccache id)
+{
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ id->data.data = NULL;
+ id->data.length = 0;
+
+ return 0;
+}
+
+static krb5_error_code
+kcmss_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ ret = kcm_ccache_destroy(context, CACHENAME(id));
+
+ return ret;
+}
+
+static krb5_error_code
+kcmss_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+ krb5_creds *tmp;
+
+ KCM_ASSERT_VALID(c);
+
+ ret = kcm_ccache_store_cred_internal(context, c, creds, 1, &tmp);
+
+ return ret;
+}
+
+static krb5_error_code
+kcmss_retrieve(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ const krb5_creds *mcred,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+ krb5_creds *credp;
+
+ KCM_ASSERT_VALID(c);
+
+ ret = kcm_ccache_retrieve_cred_internal(context, c, which,
+ mcred, &credp);
+ if (ret)
+ return ret;
+
+ ret = krb5_copy_creds_contents(context, credp, creds);
+ if (ret)
+ return ret;
+
+ return 0;
+}
+
+static krb5_error_code
+kcmss_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ ret = krb5_copy_principal(context, c->client,
+ principal);
+
+ return ret;
+}
+
+static krb5_error_code
+kcmss_get_first (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ *cursor = c->creds;
+
+ return (*cursor == NULL) ? KRB5_CC_END : 0;
+}
+
+static krb5_error_code
+kcmss_get_next (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ ret = krb5_copy_creds_contents(context,
+ &((struct kcm_creds *)cursor)->cred,
+ creds);
+ if (ret)
+ return ret;
+
+ *cursor = ((struct kcm_creds *)cursor)->next;
+ if (*cursor == 0)
+ ret = KRB5_CC_END;
+
+ return ret;
+}
+
+static krb5_error_code
+kcmss_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ *cursor = NULL;
+ return 0;
+}
+
+static krb5_error_code
+kcmss_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *cred)
+{
+ krb5_error_code ret;
+ kcm_ccache c = KCMCACHE(id);
+
+ KCM_ASSERT_VALID(c);
+
+ ret = kcm_ccache_remove_cred_internal(context, c, which, cred);
+
+ return ret;
+}
+
+static krb5_error_code
+kcmss_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ return 0;
+}
+
+static krb5_error_code
+kcmss_get_version(krb5_context context,
+ krb5_ccache id)
+{
+ return 0;
+}
+
+static const krb5_cc_ops krb5_kcmss_ops = {
+ "KCM",
+ kcmss_get_name,
+ kcmss_resolve,
+ kcmss_gen_new,
+ kcmss_initialize,
+ kcmss_destroy,
+ kcmss_close,
+ kcmss_store_cred,
+ kcmss_retrieve,
+ kcmss_get_principal,
+ kcmss_get_first,
+ kcmss_get_next,
+ kcmss_end_get,
+ kcmss_remove_cred,
+ kcmss_set_flags,
+ kcmss_get_version
+};
+
+krb5_error_code
+kcm_internal_ccache(krb5_context context,
+ kcm_ccache c,
+ krb5_ccache id)
+{
+ id->ops = &krb5_kcmss_ops;
+ id->data.length = sizeof(*c);
+ id->data.data = c;
+
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/headers.h
===================================================================
--- vendor-crypto/heimdal/dist/kcm/headers.h (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/headers.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __HEADERS_H__
+#define __HEADERS_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <stdarg.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+#ifdef HAVE_SYS_UCRED_H
+#include <sys/ucred.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_GETPEERUCRED
+#include <ucred.h>
+#endif
+#ifdef HAVE_DOOR_CREATE
+#include <door.h>
+#include <alloca.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#include <base64.h>
+#include <parse_units.h>
+#include <krb5.h>
+#include <krb5_locl.h>
+
+#endif /* __HEADERS_H__ */
+
Added: vendor-crypto/heimdal/dist/kcm/kcm.8
===================================================================
--- vendor-crypto/heimdal/dist/kcm/kcm.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/kcm.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,224 @@
+.\" Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kcm.8,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd May 29, 2005
+.Dt KCM 8
+.Os Heimdal
+.Sh NAME
+.Nm kcm
+.Nd
+is a process based credential cache for Kerberos tickets.
+.Sh SYNOPSIS
+.Nm
+.Op Fl -cache-name= Ns Ar cachename
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl g Ar group \*(Ba Xo
+.Fl -group= Ns Ar group
+.Xc
+.Oc
+.Op Fl -max-request= Ns Ar size
+.Op Fl -disallow-getting-krbtgt
+.Op Fl -detach
+.Op Fl h | Fl -help
+.Oo Fl k Ar principal \*(Ba Xo
+.Fl -system-principal= Ns Ar principal
+.Xc
+.Oc
+.Oo Fl l Ar time \*(Ba Xo
+.Fl -lifetime= Ns Ar time
+.Xc
+.Oc
+.Oo Fl m Ar mode \*(Ba Xo
+.Fl -mode= Ns Ar mode
+.Xc
+.Oc
+.Op Fl n | Fl -no-name-constraints
+.Oo Fl r Ar time \*(Ba Xo
+.Fl -renewable-life= Ns Ar time
+.Xc
+.Oc
+.Oo Fl s Ar path \*(Ba Xo
+.Fl -socket-path= Ns Ar path
+.Xc
+.Oc
+.Oo Xo
+.Fl -door-path= Ns Ar path
+.Xc
+.Oc
+.Oo Fl S Ar principal \*(Ba Xo
+.Fl -server= Ns Ar principal
+.Xc
+.Oc
+.Oo Fl t Ar keytab \*(Ba Xo
+.Fl -keytab= Ns Ar keytab
+.Xc
+.Oc
+.Oo Fl u Ar user \*(Ba Xo
+.Fl -user= Ns Ar user
+.Xc
+.Oc
+.Op Fl v | Fl -version
+.Sh DESCRIPTION
+.Nm
+is a process based credential cache.
+To use it, set the
+.Ev KRB5CCNAME
+enviroment variable to
+.Ql KCM: Ns Ar uid
+or add the stanza
+.Bd -literal
+
+[libdefaults]
+ default_cc_name = KCM:%{uid}
+
+.Ed
+to the
+.Pa /etc/krb5.conf
+configuration file and make sure
+.Nm kcm
+is started in the system startup files.
+.Pp
+The
+.Nm
+daemon can hold the credentials for all users in the system. Access
+control is done with Unix-like permissions. The daemon checks the
+access on all operations based on the uid and gid of the user. The
+tickets are renewed as long as is permitted by the KDC's policy.
+.Pp
+The
+.Nm
+daemon can also keep a SYSTEM credential that server processes can
+use to access services. One example of usage might be an nss_ldap
+module that quickly needs to get credentials and doesn't want to renew
+the ticket itself.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl -cache-name= Ns Ar cachename
+.Xc
+system cache name
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+location of config file
+.It Xo
+.Fl g Ar group ,
+.Fl -group= Ns Ar group
+.Xc
+system cache group
+.It Xo
+.Fl -max-request= Ns Ar size
+.Xc
+max size for a kcm-request
+.It Xo
+.Fl -disallow-getting-krbtgt
+.Xc
+disallow extracting any krbtgt from the
+.Nm kcm
+daemon.
+.It Xo
+.Fl -detach
+.Xc
+detach from console
+.It Xo
+.Fl h ,
+.Fl -help
+.Xc
+.It Xo
+.Fl k Ar principal ,
+.Fl -system-principal= Ns Ar principal
+.Xc
+system principal name
+.It Xo
+.Fl l Ar time ,
+.Fl -lifetime= Ns Ar time
+.Xc
+lifetime of system tickets
+.It Xo
+.Fl m Ar mode ,
+.Fl -mode= Ns Ar mode
+.Xc
+octal mode of system cache
+.It Xo
+.Fl n ,
+.Fl -no-name-constraints
+.Xc
+disable credentials cache name constraints
+.It Xo
+.Fl r Ar time ,
+.Fl -renewable-life= Ns Ar time
+.Xc
+renewable lifetime of system tickets
+.It Xo
+.Fl s Ar path ,
+.Fl -socket-path= Ns Ar path
+.Xc
+path to kcm domain socket
+.It Xo
+.Fl -door-path= Ns Ar path
+.Xc
+path to kcm door socket
+.It Xo
+.Fl S Ar principal ,
+.Fl -server= Ns Ar principal
+.Xc
+server to get system ticket for
+.It Xo
+.Fl t Ar keytab ,
+.Fl -keytab= Ns Ar keytab
+.Xc
+system keytab name
+.It Xo
+.Fl u Ar user ,
+.Fl -user= Ns Ar user
+.Xc
+system cache owner
+.It Xo
+.Fl v ,
+.Fl -version
+.Xc
+.El
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.\".Sh SEE ALSO
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/kcm/kcm_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/kcm/kcm_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/kcm_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: kcm_locl.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+ */
+
+#ifndef __KCM_LOCL_H__
+#define __KCM_LOCL_H__
+
+#include "headers.h"
+
+#include <kcm.h>
+
+#define KCM_LOG_REQUEST(_context, _client, _opcode) do { \
+ kcm_log(1, "%s request by process %d/uid %d", \
+ kcm_op2string(_opcode), (_client)->pid, (_client)->uid); \
+ } while (0)
+
+#define KCM_LOG_REQUEST_NAME(_context, _client, _opcode, _name) do { \
+ kcm_log(1, "%s request for cache %s by process %d/uid %d", \
+ kcm_op2string(_opcode), (_name), (_client)->pid, (_client)->uid); \
+ } while (0)
+
+/* Cache management */
+
+#define KCM_FLAGS_VALID 0x0001
+#define KCM_FLAGS_USE_KEYTAB 0x0002
+#define KCM_FLAGS_RENEWABLE 0x0004
+#define KCM_FLAGS_OWNER_IS_SYSTEM 0x0008
+#define KCM_FLAGS_USE_CACHED_KEY 0x0010
+
+#define KCM_MASK_KEY_PRESENT ( KCM_FLAGS_USE_KEYTAB | \
+ KCM_FLAGS_USE_CACHED_KEY )
+
+struct kcm_ccache_data;
+struct kcm_creds;
+
+typedef struct kcm_cursor {
+ pid_t pid;
+ uint32_t key;
+ struct kcm_creds *credp; /* pointer to next credential */
+ struct kcm_cursor *next;
+} kcm_cursor;
+
+typedef struct kcm_ccache_data {
+ char *name;
+ unsigned refcnt;
+ uint16_t flags;
+ uint16_t mode;
+ uid_t uid;
+ gid_t gid;
+ krb5_principal client; /* primary client principal */
+ krb5_principal server; /* primary server principal (TGS if NULL) */
+ struct kcm_creds {
+ krb5_creds cred; /* XXX would be useful for have ACLs on creds */
+ struct kcm_creds *next;
+ } *creds;
+ uint32_t n_cursor;
+ kcm_cursor *cursors;
+ krb5_deltat tkt_life;
+ krb5_deltat renew_life;
+ union {
+ krb5_keytab keytab;
+ krb5_keyblock keyblock;
+ } key;
+ HEIMDAL_MUTEX mutex;
+ struct kcm_ccache_data *next;
+} kcm_ccache_data;
+
+#define KCM_ASSERT_VALID(_ccache) do { \
+ if (((_ccache)->flags & KCM_FLAGS_VALID) == 0) \
+ krb5_abortx(context, "kcm_free_ccache_data: ccache invalid"); \
+ else if ((_ccache)->refcnt == 0) \
+ krb5_abortx(context, "kcm_free_ccache_data: ccache refcnt == 0"); \
+ } while (0)
+
+typedef kcm_ccache_data *kcm_ccache;
+
+/* Event management */
+
+typedef struct kcm_event {
+ int valid;
+ time_t fire_time;
+ unsigned fire_count;
+ time_t expire_time;
+ time_t backoff_time;
+ enum {
+ KCM_EVENT_NONE = 0,
+ KCM_EVENT_ACQUIRE_CREDS,
+ KCM_EVENT_RENEW_CREDS,
+ KCM_EVENT_DESTROY_CREDS,
+ KCM_EVENT_DESTROY_EMPTY_CACHE
+ } action;
+ kcm_ccache ccache;
+ struct kcm_event *next;
+} kcm_event;
+
+/* wakeup interval for event queue */
+#define KCM_EVENT_QUEUE_INTERVAL 60
+#define KCM_EVENT_DEFAULT_BACKOFF_TIME 5
+#define KCM_EVENT_MAX_BACKOFF_TIME (12 * 60 * 60)
+
+
+/* Request format is LENGTH | MAJOR | MINOR | OPERATION | request */
+/* Response format is LENGTH | STATUS | response */
+
+typedef struct kcm_client {
+ pid_t pid;
+ uid_t uid;
+ gid_t gid;
+} kcm_client;
+
+#define CLIENT_IS_ROOT(client) ((client)->uid == 0)
+
+/* Dispatch table */
+/* passed in OPERATION | ... ; returns STATUS | ... */
+typedef krb5_error_code (*kcm_method)(krb5_context, kcm_client *, kcm_operation, krb5_storage *, krb5_storage *);
+
+struct kcm_op {
+ const char *name;
+ kcm_method method;
+};
+
+#define DEFAULT_LOG_DEST "0/FILE:" LOCALSTATEDIR "/log/kcmd.log"
+#define _PATH_KCM_CONF SYSCONFDIR "/kcm.conf"
+
+extern krb5_context kcm_context;
+extern char *socket_path;
+extern char *door_path;
+extern size_t max_request;
+extern sig_atomic_t exit_flag;
+extern int name_constraints;
+extern int detach_from_console;
+extern int disallow_getting_krbtgt;
+
+#if 0
+extern const krb5_cc_ops krb5_kcmss_ops;
+#endif
+
+#include <kcm_protos.h>
+
+#endif /* __KCM_LOCL_H__ */
+
Added: vendor-crypto/heimdal/dist/kcm/kcm_protos.h
===================================================================
--- vendor-crypto/heimdal/dist/kcm/kcm_protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/kcm_protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,288 @@
+/* This is a generated file */
+#ifndef __kcm_protos_h__
+#define __kcm_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+krb5_error_code
+kcm_access (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ kcm_operation /*opcode*/,
+ kcm_ccache /*ccache*/);
+
+krb5_error_code
+kcm_ccache_acquire (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_creds **/*credp*/);
+
+krb5_error_code
+kcm_ccache_destroy (
+ krb5_context /*context*/,
+ const char */*name*/);
+
+krb5_error_code
+kcm_ccache_destroy_client (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ const char */*name*/);
+
+krb5_error_code
+kcm_ccache_destroy_if_empty (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/);
+
+krb5_error_code
+kcm_ccache_enqueue_default (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_creds */*newcred*/);
+
+krb5_error_code
+kcm_ccache_gen_new (
+ krb5_context /*context*/,
+ pid_t /*pid*/,
+ uid_t /*uid*/,
+ gid_t /*gid*/,
+ kcm_ccache */*ccache*/);
+
+krb5_error_code
+kcm_ccache_new (
+ krb5_context /*context*/,
+ const char */*name*/,
+ kcm_ccache */*ccache*/);
+
+krb5_error_code
+kcm_ccache_new_client (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ const char */*name*/,
+ kcm_ccache */*ccache_p*/);
+
+char *kcm_ccache_nextid (
+ pid_t /*pid*/,
+ uid_t /*uid*/,
+ gid_t /*gid*/);
+
+krb5_error_code
+kcm_ccache_refresh (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_creds **/*credp*/);
+
+krb5_error_code
+kcm_ccache_remove_cred (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/);
+
+krb5_error_code
+kcm_ccache_remove_cred_internal (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/);
+
+krb5_error_code
+kcm_ccache_remove_creds (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/);
+
+krb5_error_code
+kcm_ccache_remove_creds_internal (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/);
+
+krb5_error_code
+kcm_ccache_resolve (
+ krb5_context /*context*/,
+ const char */*name*/,
+ kcm_ccache */*ccache*/);
+
+krb5_error_code
+kcm_ccache_resolve_client (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ kcm_operation /*opcode*/,
+ const char */*name*/,
+ kcm_ccache */*ccache*/);
+
+krb5_error_code
+kcm_ccache_retrieve_cred (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/,
+ krb5_creds **/*credp*/);
+
+krb5_error_code
+kcm_ccache_retrieve_cred_internal (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/,
+ krb5_creds **/*creds*/);
+
+krb5_error_code
+kcm_ccache_store_cred (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ int /*copy*/);
+
+krb5_error_code
+kcm_ccache_store_cred_internal (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ int /*copy*/,
+ krb5_creds **/*credp*/);
+
+krb5_error_code
+kcm_chmod (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ kcm_ccache /*ccache*/,
+ uint16_t /*mode*/);
+
+krb5_error_code
+kcm_chown (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ kcm_ccache /*ccache*/,
+ uid_t /*uid*/,
+ gid_t /*gid*/);
+
+krb5_error_code
+kcm_cleanup_events (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/);
+
+void
+kcm_configure (
+ int /*argc*/,
+ char **/*argv*/);
+
+krb5_error_code
+kcm_cursor_delete (
+ krb5_context /*context*/,
+ pid_t /*pid*/,
+ kcm_ccache /*ccache*/,
+ uint32_t /*key*/);
+
+krb5_error_code
+kcm_cursor_find (
+ krb5_context /*context*/,
+ pid_t /*pid*/,
+ kcm_ccache /*ccache*/,
+ uint32_t /*key*/,
+ kcm_cursor **/*cursor*/);
+
+krb5_error_code
+kcm_cursor_new (
+ krb5_context /*context*/,
+ pid_t /*pid*/,
+ kcm_ccache /*ccache*/,
+ uint32_t */*cursor*/);
+
+krb5_error_code
+kcm_debug_ccache (krb5_context /*context*/);
+
+krb5_error_code
+kcm_debug_events (krb5_context /*context*/);
+
+krb5_error_code
+kcm_dispatch (
+ krb5_context /*context*/,
+ kcm_client */*client*/,
+ krb5_data */*req_data*/,
+ krb5_data */*resp_data*/);
+
+krb5_error_code
+kcm_enqueue_event (
+ krb5_context /*context*/,
+ kcm_event */*event*/);
+
+krb5_error_code
+kcm_enqueue_event_internal (
+ krb5_context /*context*/,
+ kcm_event */*event*/);
+
+krb5_error_code
+kcm_enqueue_event_relative (
+ krb5_context /*context*/,
+ kcm_event */*event*/);
+
+krb5_error_code
+kcm_internal_ccache (
+ krb5_context /*context*/,
+ kcm_ccache /*c*/,
+ krb5_ccache /*id*/);
+
+void
+kcm_log (
+ int /*level*/,
+ const char */*fmt*/,
+ ...);
+
+char*
+kcm_log_msg (
+ int /*level*/,
+ const char */*fmt*/,
+ ...);
+
+char*
+kcm_log_msg_va (
+ int /*level*/,
+ const char */*fmt*/,
+ va_list /*ap*/);
+
+void
+kcm_loop (void);
+
+const char *kcm_op2string (kcm_operation /*opcode*/);
+
+void
+kcm_openlog (void);
+
+krb5_error_code
+kcm_release_ccache (
+ krb5_context /*context*/,
+ kcm_ccache */*ccache*/);
+
+krb5_error_code
+kcm_remove_event (
+ krb5_context /*context*/,
+ kcm_event */*event*/);
+
+krb5_error_code
+kcm_retain_ccache (
+ krb5_context /*context*/,
+ kcm_ccache /*ccache*/);
+
+krb5_error_code
+kcm_run_events (
+ krb5_context /*context*/,
+ time_t /*now*/);
+
+krb5_error_code
+kcm_zero_ccache_data (
+ krb5_context /*context*/,
+ kcm_ccache /*cache*/);
+
+krb5_error_code
+kcm_zero_ccache_data_internal (
+ krb5_context /*context*/,
+ kcm_ccache_data */*cache*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __kcm_protos_h__ */
Added: vendor-crypto/heimdal/dist/kcm/log.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/log.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/log.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: log.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static krb5_log_facility *logf;
+
+void
+kcm_openlog(void)
+{
+ char **s = NULL, **p;
+ krb5_initlog(kcm_context, "kcm", &logf);
+ s = krb5_config_get_strings(kcm_context, NULL, "kcm", "logging", NULL);
+ if(s == NULL)
+ s = krb5_config_get_strings(kcm_context, NULL, "logging", "kcm", NULL);
+ if(s){
+ for(p = s; *p; p++)
+ krb5_addlog_dest(kcm_context, logf, *p);
+ krb5_config_free_strings(s);
+ }else
+ krb5_addlog_dest(kcm_context, logf, DEFAULT_LOG_DEST);
+ krb5_set_warn_dest(kcm_context, logf);
+}
+
+char*
+kcm_log_msg_va(int level, const char *fmt, va_list ap)
+{
+ char *msg;
+ krb5_vlog_msg(kcm_context, logf, &msg, level, fmt, ap);
+ return msg;
+}
+
+char*
+kcm_log_msg(int level, const char *fmt, ...)
+{
+ va_list ap;
+ char *s;
+ va_start(ap, fmt);
+ s = kcm_log_msg_va(level, fmt, ap);
+ va_end(ap);
+ return s;
+}
+
+void
+kcm_log(int level, const char *fmt, ...)
+{
+ va_list ap;
+ char *s;
+ va_start(ap, fmt);
+ s = kcm_log_msg_va(level, fmt, ap);
+ if(s) free(s);
+ va_end(ap);
+}
Added: vendor-crypto/heimdal/dist/kcm/main.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/main.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/main.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1997-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: main.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+sig_atomic_t exit_flag = 0;
+
+krb5_context kcm_context = NULL;
+
+static RETSIGTYPE
+sigterm(int sig)
+{
+ exit_flag = 1;
+}
+
+static RETSIGTYPE
+sigusr1(int sig)
+{
+ kcm_debug_ccache(kcm_context);
+}
+
+static RETSIGTYPE
+sigusr2(int sig)
+{
+ kcm_debug_events(kcm_context);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&kcm_context);
+ if (ret) {
+ errx (1, "krb5_init_context failed: %d", ret);
+ return ret;
+ }
+
+ kcm_configure(argc, argv);
+
+#ifdef HAVE_SIGACTION
+ {
+ struct sigaction sa;
+
+ sa.sa_flags = 0;
+ sa.sa_handler = sigterm;
+ sigemptyset(&sa.sa_mask);
+
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+
+ sa.sa_handler = sigusr1;
+ sigaction(SIGUSR1, &sa, NULL);
+
+ sa.sa_handler = sigusr2;
+ sigaction(SIGUSR2, &sa, NULL);
+
+ sa.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &sa, NULL);
+ }
+#else
+ signal(SIGINT, sigterm);
+ signal(SIGTERM, sigterm);
+ signal(SIGUSR1, sigusr1);
+ signal(SIGUSR2, sigusr2);
+ signal(SIGPIPE, SIG_IGN);
+#endif
+ if (detach_from_console)
+ daemon(0, 0);
+ pidfile(NULL);
+ kcm_loop();
+ krb5_free_context(kcm_context);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kcm/protocol.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/protocol.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/protocol.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1046 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: protocol.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static krb5_error_code
+kcm_op_noop(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ KCM_LOG_REQUEST(context, client, opcode);
+
+ return 0;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Response:
+ * NameZ
+ *
+ */
+static krb5_error_code
+kcm_op_get_name(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+
+{
+ krb5_error_code ret;
+ char *name = NULL;
+ kcm_ccache ccache;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_store_stringz(response, ccache->name);
+ if (ret) {
+ kcm_release_ccache(context, &ccache);
+ free(name);
+ return ret;
+ }
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+ return 0;
+}
+
+/*
+ * Request:
+ *
+ * Response:
+ * NameZ
+ */
+static krb5_error_code
+kcm_op_gen_new(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ char *name;
+
+ KCM_LOG_REQUEST(context, client, opcode);
+
+ name = kcm_ccache_nextid(client->pid, client->uid, client->gid);
+ if (name == NULL) {
+ return KRB5_CC_NOMEM;
+ }
+
+ ret = krb5_store_stringz(response, name);
+ free(name);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Principal
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_initialize(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ kcm_ccache ccache;
+ krb5_principal principal;
+ krb5_error_code ret;
+ char *name;
+#if 0
+ kcm_event event;
+#endif
+
+ KCM_LOG_REQUEST(context, client, opcode);
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ ret = krb5_ret_principal(request, &principal);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_new_client(context, client, name, &ccache);
+ if (ret) {
+ free(name);
+ krb5_free_principal(context, principal);
+ return ret;
+ }
+
+ ccache->client = principal;
+
+ free(name);
+
+#if 0
+ /*
+ * Create a new credentials cache. To mitigate DoS attacks we will
+ * expire it in 30 minutes unless it has some credentials added
+ * to it
+ */
+
+ event.fire_time = 30 * 60;
+ event.expire_time = 0;
+ event.backoff_time = 0;
+ event.action = KCM_EVENT_DESTROY_EMPTY_CACHE;
+ event.ccache = ccache;
+
+ ret = kcm_enqueue_event_relative(context, &event);
+#endif
+
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_destroy(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = kcm_ccache_destroy_client(context, client, name);
+
+ free(name);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Creds
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_store(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_creds creds;
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_creds(request, &creds);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ krb5_free_cred_contents(context, &creds);
+ return ret;
+ }
+
+ ret = kcm_ccache_store_cred(context, ccache, &creds, 0);
+ if (ret) {
+ free(name);
+ krb5_free_cred_contents(context, &creds);
+ kcm_release_ccache(context, &ccache);
+ return ret;
+ }
+
+ kcm_ccache_enqueue_default(context, ccache, &creds);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return 0;
+}
+
+/*
+ * Request:
+ * NameZ
+ * WhichFields
+ * MatchCreds
+ *
+ * Response:
+ * Creds
+ *
+ */
+static krb5_error_code
+kcm_op_retrieve(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ uint32_t flags;
+ krb5_creds mcreds;
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+ krb5_creds *credp;
+ int free_creds = 0;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &flags);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_ret_creds_tag(request, &mcreds);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ if (disallow_getting_krbtgt &&
+ mcreds.server->name.name_string.len == 2 &&
+ strcmp(mcreds.server->name.name_string.val[0], KRB5_TGS_NAME) == 0)
+ {
+ free(name);
+ krb5_free_cred_contents(context, &mcreds);
+ return KRB5_FCC_PERM;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ krb5_free_cred_contents(context, &mcreds);
+ return ret;
+ }
+
+ ret = kcm_ccache_retrieve_cred(context, ccache, flags,
+ &mcreds, &credp);
+ if (ret && ((flags & KRB5_GC_CACHED) == 0)) {
+ krb5_ccache_data ccdata;
+
+ /* try and acquire */
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ /* Fake up an internal ccache */
+ kcm_internal_ccache(context, ccache, &ccdata);
+
+ /* glue cc layer will store creds */
+ ret = krb5_get_credentials(context, 0, &ccdata, &mcreds, &credp);
+ if (ret == 0)
+ free_creds = 1;
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+ }
+
+ if (ret == 0) {
+ ret = krb5_store_creds(response, credp);
+ }
+
+ free(name);
+ krb5_free_cred_contents(context, &mcreds);
+ kcm_release_ccache(context, &ccache);
+
+ if (free_creds)
+ krb5_free_cred_contents(context, credp);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ *
+ * Response:
+ * Principal
+ */
+static krb5_error_code
+kcm_op_get_principal(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ if (ccache->client == NULL)
+ ret = KRB5_CC_NOTFOUND;
+ else
+ ret = krb5_store_principal(response, ccache->client);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return 0;
+}
+
+/*
+ * Request:
+ * NameZ
+ *
+ * Response:
+ * Cursor
+ *
+ */
+static krb5_error_code
+kcm_op_get_first(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ uint32_t cursor;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_cursor_new(context, client->pid, ccache, &cursor);
+ if (ret) {
+ kcm_release_ccache(context, &ccache);
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_store_int32(response, cursor);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Cursor
+ *
+ * Response:
+ * Creds
+ */
+static krb5_error_code
+kcm_op_get_next(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+ uint32_t cursor;
+ kcm_cursor *c;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &cursor);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_cursor_find(context, client->pid, ccache, cursor, &c);
+ if (ret) {
+ kcm_release_ccache(context, &ccache);
+ free(name);
+ return ret;
+ }
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+ if (c->credp == NULL) {
+ ret = KRB5_CC_END;
+ } else {
+ ret = krb5_store_creds(response, &c->credp->cred);
+ c->credp = c->credp->next;
+ }
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Cursor
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_end_get(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ uint32_t cursor;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &cursor);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_cursor_delete(context, client->pid, ccache, cursor);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * WhichFields
+ * MatchCreds
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_remove_cred(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ uint32_t whichfields;
+ krb5_creds mcreds;
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &whichfields);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_ret_creds_tag(request, &mcreds);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ krb5_free_cred_contents(context, &mcreds);
+ return ret;
+ }
+
+ ret = kcm_ccache_remove_cred(context, ccache, whichfields, &mcreds);
+
+ /* XXX need to remove any events that match */
+
+ free(name);
+ krb5_free_cred_contents(context, &mcreds);
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Flags
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_set_flags(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ uint32_t flags;
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &flags);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ /* we don't really support any flags yet */
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return 0;
+}
+
+/*
+ * Request:
+ * NameZ
+ * UID
+ * GID
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_chown(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ uint32_t uid;
+ uint32_t gid;
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &uid);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_ret_uint32(request, &gid);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_chown(context, client, ccache, uid, gid);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Mode
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_op_chmod(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ uint16_t mode;
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint16(request, &mode);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_chmod(context, client, ccache, mode);
+
+ free(name);
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Protocol extensions for moving ticket acquisition responsibility
+ * from client to KCM follow.
+ */
+
+/*
+ * Request:
+ * NameZ
+ * ServerPrincipalPresent
+ * ServerPrincipal OPTIONAL
+ * Key
+ *
+ * Repsonse:
+ *
+ */
+static krb5_error_code
+kcm_op_get_initial_ticket(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+ int8_t not_tgt = 0;
+ krb5_principal server = NULL;
+ krb5_keyblock key;
+
+ krb5_keyblock_zero(&key);
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_int8(request, ¬_tgt);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ if (not_tgt) {
+ ret = krb5_ret_principal(request, &server);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+ }
+
+ ret = krb5_ret_keyblock(request, &key);
+ if (ret) {
+ free(name);
+ if (server != NULL)
+ krb5_free_principal(context, server);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret == 0) {
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ if (ccache->server != NULL) {
+ krb5_free_principal(context, ccache->server);
+ ccache->server = NULL;
+ }
+
+ krb5_free_keyblock(context, &ccache->key.keyblock);
+
+ ccache->server = server;
+ ccache->key.keyblock = key;
+ ccache->flags |= KCM_FLAGS_USE_CACHED_KEY;
+
+ ret = kcm_ccache_enqueue_default(context, ccache, NULL);
+ if (ret) {
+ ccache->server = NULL;
+ krb5_keyblock_zero(&ccache->key.keyblock);
+ ccache->flags &= ~(KCM_FLAGS_USE_CACHED_KEY);
+ }
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+ }
+
+ free(name);
+
+ if (ret != 0) {
+ krb5_free_principal(context, server);
+ krb5_free_keyblock(context, &key);
+ }
+
+ kcm_release_ccache(context, &ccache);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * ServerPrincipal
+ * KDCFlags
+ * EncryptionType
+ *
+ * Repsonse:
+ *
+ */
+static krb5_error_code
+kcm_op_get_ticket(krb5_context context,
+ kcm_client *client,
+ kcm_operation opcode,
+ krb5_storage *request,
+ krb5_storage *response)
+{
+ krb5_error_code ret;
+ kcm_ccache ccache;
+ char *name;
+ krb5_principal server = NULL;
+ krb5_ccache_data ccdata;
+ krb5_creds in, *out;
+ krb5_kdc_flags flags;
+
+ memset(&in, 0, sizeof(in));
+
+ ret = krb5_ret_stringz(request, &name);
+ if (ret)
+ return ret;
+
+ KCM_LOG_REQUEST_NAME(context, client, opcode, name);
+
+ ret = krb5_ret_uint32(request, &flags.i);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_ret_int32(request, &in.session.keytype);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = krb5_ret_principal(request, &server);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = kcm_ccache_resolve_client(context, client, opcode,
+ name, &ccache);
+ if (ret) {
+ krb5_free_principal(context, server);
+ free(name);
+ return ret;
+ }
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ /* Fake up an internal ccache */
+ kcm_internal_ccache(context, ccache, &ccdata);
+
+ in.client = ccache->client;
+ in.server = server;
+ in.times.endtime = 0;
+
+ /* glue cc layer will store creds */
+ ret = krb5_get_credentials_with_flags(context, 0, flags,
+ &ccdata, &in, &out);
+
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ if (ret == 0)
+ krb5_free_cred_contents(context, out);
+
+ free(name);
+
+ return ret;
+}
+
+static struct kcm_op kcm_ops[] = {
+ { "NOOP", kcm_op_noop },
+ { "GET_NAME", kcm_op_get_name },
+ { "RESOLVE", kcm_op_noop },
+ { "GEN_NEW", kcm_op_gen_new },
+ { "INITIALIZE", kcm_op_initialize },
+ { "DESTROY", kcm_op_destroy },
+ { "STORE", kcm_op_store },
+ { "RETRIEVE", kcm_op_retrieve },
+ { "GET_PRINCIPAL", kcm_op_get_principal },
+ { "GET_FIRST", kcm_op_get_first },
+ { "GET_NEXT", kcm_op_get_next },
+ { "END_GET", kcm_op_end_get },
+ { "REMOVE_CRED", kcm_op_remove_cred },
+ { "SET_FLAGS", kcm_op_set_flags },
+ { "CHOWN", kcm_op_chown },
+ { "CHMOD", kcm_op_chmod },
+ { "GET_INITIAL_TICKET", kcm_op_get_initial_ticket },
+ { "GET_TICKET", kcm_op_get_ticket }
+};
+
+
+const char *kcm_op2string(kcm_operation opcode)
+{
+ if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0]))
+ return "Unknown operation";
+
+ return kcm_ops[opcode].name;
+}
+
+krb5_error_code
+kcm_dispatch(krb5_context context,
+ kcm_client *client,
+ krb5_data *req_data,
+ krb5_data *resp_data)
+{
+ krb5_error_code ret;
+ kcm_method method;
+ krb5_storage *req_sp = NULL;
+ krb5_storage *resp_sp = NULL;
+ uint16_t opcode;
+
+ resp_sp = krb5_storage_emem();
+ if (resp_sp == NULL) {
+ return ENOMEM;
+ }
+
+ if (client->pid == -1) {
+ kcm_log(0, "Client had invalid process number");
+ ret = KRB5_FCC_INTERNAL;
+ goto out;
+ }
+
+ req_sp = krb5_storage_from_data(req_data);
+ if (req_sp == NULL) {
+ kcm_log(0, "Process %d: failed to initialize storage from data",
+ client->pid);
+ ret = KRB5_CC_IO;
+ goto out;
+ }
+
+ ret = krb5_ret_uint16(req_sp, &opcode);
+ if (ret) {
+ kcm_log(0, "Process %d: didn't send a message", client->pid);
+ goto out;
+ }
+
+ if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0])) {
+ kcm_log(0, "Process %d: invalid operation code %d",
+ client->pid, opcode);
+ ret = KRB5_FCC_INTERNAL;
+ goto out;
+ }
+ method = kcm_ops[opcode].method;
+
+ /* seek past place for status code */
+ krb5_storage_seek(resp_sp, 4, SEEK_SET);
+
+ ret = (*method)(context, client, opcode, req_sp, resp_sp);
+
+out:
+ if (req_sp != NULL) {
+ krb5_storage_free(req_sp);
+ }
+
+ krb5_storage_seek(resp_sp, 0, SEEK_SET);
+ krb5_store_int32(resp_sp, ret);
+
+ ret = krb5_storage_to_data(resp_sp, resp_data);
+ krb5_storage_free(resp_sp);
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/kcm/renew.c
===================================================================
--- vendor-crypto/heimdal/dist/kcm/renew.c (rev 0)
+++ vendor-crypto/heimdal/dist/kcm/renew.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kcm_locl.h"
+
+RCSID("$Id: renew.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+kcm_ccache_refresh(krb5_context context,
+ kcm_ccache ccache,
+ krb5_creds **credp)
+{
+ krb5_error_code ret;
+ krb5_creds in, *out;
+ krb5_kdc_flags flags;
+ krb5_const_realm realm;
+ krb5_ccache_data ccdata;
+
+ memset(&in, 0, sizeof(in));
+
+ KCM_ASSERT_VALID(ccache);
+
+ if (ccache->client == NULL) {
+ /* no primary principal */
+ kcm_log(0, "Refresh credentials requested but no client principal");
+ return KRB5_CC_NOTFOUND;
+ }
+
+ HEIMDAL_MUTEX_lock(&ccache->mutex);
+
+ /* Fake up an internal ccache */
+ kcm_internal_ccache(context, ccache, &ccdata);
+
+ /* Find principal */
+ in.client = ccache->client;
+
+ if (ccache->server != NULL) {
+ ret = krb5_copy_principal(context, ccache->server, &in.server);
+ if (ret) {
+ kcm_log(0, "Failed to copy service principal: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ } else {
+ realm = krb5_principal_get_realm(context, in.client);
+ ret = krb5_make_principal(context, &in.server, realm,
+ KRB5_TGS_NAME, realm, NULL);
+ if (ret) {
+ kcm_log(0, "Failed to make TGS principal for realm %s: %s",
+ realm, krb5_get_err_text(context, ret));
+ goto out;
+ }
+ }
+
+ if (ccache->tkt_life)
+ in.times.endtime = time(NULL) + ccache->tkt_life;
+ if (ccache->renew_life)
+ in.times.renew_till = time(NULL) + ccache->renew_life;
+
+ flags.i = 0;
+ flags.b.renewable = TRUE;
+ flags.b.renew = TRUE;
+
+ ret = krb5_get_kdc_cred(context,
+ &ccdata,
+ flags,
+ NULL,
+ NULL,
+ &in,
+ &out);
+ if (ret) {
+ kcm_log(0, "Failed to renew credentials for cache %s: %s",
+ ccache->name, krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ /* Swap them in */
+ kcm_ccache_remove_creds_internal(context, ccache);
+
+ ret = kcm_ccache_store_cred_internal(context, ccache, out, 0, credp);
+ if (ret) {
+ kcm_log(0, "Failed to store credentials for cache %s: %s",
+ ccache->name, krb5_get_err_text(context, ret));
+ krb5_free_creds(context, out);
+ goto out;
+ }
+
+ free(out); /* but not contents */
+
+out:
+ HEIMDAL_MUTEX_unlock(&ccache->mutex);
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/kdc/524.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/524.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/524.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,400 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: 524.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#include <krb5-v4compat.h>
+
+/*
+ * fetch the server from `t', returning the name in malloced memory in
+ * `spn' and the entry itself in `server'
+ */
+
+static krb5_error_code
+fetch_server (krb5_context context,
+ krb5_kdc_configuration *config,
+ const Ticket *t,
+ char **spn,
+ hdb_entry_ex **server,
+ const char *from)
+{
+ krb5_error_code ret;
+ krb5_principal sprinc;
+
+ ret = _krb5_principalname2krb5_principal(context, &sprinc,
+ t->sname, t->realm);
+ if (ret) {
+ kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ ret = krb5_unparse_name(context, sprinc, spn);
+ if (ret) {
+ krb5_free_principal(context, sprinc);
+ kdc_log(context, config, 0, "krb5_unparse_name: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER,
+ NULL, server);
+ krb5_free_principal(context, sprinc);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Request to convert ticket from %s for unknown principal %s: %s",
+ from, *spn, krb5_get_err_text(context, ret));
+ if (ret == HDB_ERR_NOENTRY)
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ return ret;
+ }
+ return 0;
+}
+
+static krb5_error_code
+log_524 (krb5_context context,
+ krb5_kdc_configuration *config,
+ const EncTicketPart *et,
+ const char *from,
+ const char *spn)
+{
+ krb5_principal client;
+ char *cpn;
+ krb5_error_code ret;
+
+ ret = _krb5_principalname2krb5_principal(context, &client,
+ et->cname, et->crealm);
+ if (ret) {
+ kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
+ krb5_get_err_text (context, ret));
+ return ret;
+ }
+ ret = krb5_unparse_name(context, client, &cpn);
+ if (ret) {
+ krb5_free_principal(context, client);
+ kdc_log(context, config, 0, "krb5_unparse_name: %s",
+ krb5_get_err_text (context, ret));
+ return ret;
+ }
+ kdc_log(context, config, 1, "524-REQ %s from %s for %s", cpn, from, spn);
+ free(cpn);
+ krb5_free_principal(context, client);
+ return 0;
+}
+
+static krb5_error_code
+verify_flags (krb5_context context,
+ krb5_kdc_configuration *config,
+ const EncTicketPart *et,
+ const char *spn)
+{
+ if(et->endtime < kdc_time){
+ kdc_log(context, config, 0, "Ticket expired (%s)", spn);
+ return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ }
+ if(et->flags.invalid){
+ kdc_log(context, config, 0, "Ticket not valid (%s)", spn);
+ return KRB5KRB_AP_ERR_TKT_NYV;
+ }
+ return 0;
+}
+
+/*
+ * set the `et->caddr' to the most appropriate address to use, where
+ * `addr' is the address the request was received from.
+ */
+
+static krb5_error_code
+set_address (krb5_context context,
+ krb5_kdc_configuration *config,
+ EncTicketPart *et,
+ struct sockaddr *addr,
+ const char *from)
+{
+ krb5_error_code ret;
+ krb5_address *v4_addr;
+
+ v4_addr = malloc (sizeof(*v4_addr));
+ if (v4_addr == NULL)
+ return ENOMEM;
+
+ ret = krb5_sockaddr2address(context, addr, v4_addr);
+ if(ret) {
+ free (v4_addr);
+ kdc_log(context, config, 0, "Failed to convert address (%s)", from);
+ return ret;
+ }
+
+ if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) {
+ kdc_log(context, config, 0, "Incorrect network address (%s)", from);
+ krb5_free_address(context, v4_addr);
+ free (v4_addr);
+ return KRB5KRB_AP_ERR_BADADDR;
+ }
+ if(v4_addr->addr_type == KRB5_ADDRESS_INET) {
+ /* we need to collapse the addresses in the ticket to a
+ single address; best guess is to use the address the
+ connection came from */
+
+ if (et->caddr != NULL) {
+ free_HostAddresses(et->caddr);
+ } else {
+ et->caddr = malloc (sizeof (*et->caddr));
+ if (et->caddr == NULL) {
+ krb5_free_address(context, v4_addr);
+ free(v4_addr);
+ return ENOMEM;
+ }
+ }
+ et->caddr->val = v4_addr;
+ et->caddr->len = 1;
+ } else {
+ krb5_free_address(context, v4_addr);
+ free(v4_addr);
+ }
+ return 0;
+}
+
+
+static krb5_error_code
+encrypt_v4_ticket(krb5_context context,
+ krb5_kdc_configuration *config,
+ void *buf,
+ size_t len,
+ krb5_keyblock *skey,
+ EncryptedData *reply)
+{
+ krb5_crypto crypto;
+ krb5_error_code ret;
+ ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto);
+ if (ret) {
+ free(buf);
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ ret = krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_TICKET,
+ buf,
+ len,
+ 0,
+ reply);
+ krb5_crypto_destroy(context, crypto);
+ if(ret) {
+ kdc_log(context, config, 0, "Failed to encrypt data: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ return 0;
+}
+
+static krb5_error_code
+encode_524_response(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *spn, const EncTicketPart et,
+ const Ticket *t, hdb_entry_ex *server,
+ EncryptedData *ticket, int *kvno)
+{
+ krb5_error_code ret;
+ int use_2b;
+ size_t len;
+
+ use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL);
+ if(use_2b) {
+ ASN1_MALLOC_ENCODE(EncryptedData,
+ ticket->cipher.data, ticket->cipher.length,
+ &t->enc_part, &len, ret);
+
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Failed to encode v4 (2b) ticket (%s)", spn);
+ return ret;
+ }
+
+ ticket->etype = 0;
+ ticket->kvno = NULL;
+ *kvno = 213; /* 2b's use this magic kvno */
+ } else {
+ unsigned char buf[MAX_KTXT_LEN + 4 * 4];
+ Key *skey;
+
+ if (!config->enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) {
+ kdc_log(context, config, 0, "524 cross-realm %s -> %s disabled", et.crealm,
+ t->realm);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ ret = _kdc_encode_v4_ticket(context, config,
+ buf + sizeof(buf) - 1, sizeof(buf),
+ &et, &t->sname, &len);
+ if(ret){
+ kdc_log(context, config, 0,
+ "Failed to encode v4 ticket (%s)", spn);
+ return ret;
+ }
+ ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
+ if(ret){
+ kdc_log(context, config, 0,
+ "no suitable DES key for server (%s)", spn);
+ return ret;
+ }
+ ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len,
+ &skey->key, ticket);
+ if(ret){
+ kdc_log(context, config, 0,
+ "Failed to encrypt v4 ticket (%s)", spn);
+ return ret;
+ }
+ *kvno = server->entry.kvno;
+ }
+
+ return 0;
+}
+
+/*
+ * process a 5->4 request, based on `t', and received `from, addr',
+ * returning the reply in `reply'
+ */
+
+krb5_error_code
+_kdc_do_524(krb5_context context,
+ krb5_kdc_configuration *config,
+ const Ticket *t, krb5_data *reply,
+ const char *from, struct sockaddr *addr)
+{
+ krb5_error_code ret = 0;
+ krb5_crypto crypto;
+ hdb_entry_ex *server = NULL;
+ Key *skey;
+ krb5_data et_data;
+ EncTicketPart et;
+ EncryptedData ticket;
+ krb5_storage *sp;
+ char *spn = NULL;
+ unsigned char buf[MAX_KTXT_LEN + 4 * 4];
+ size_t len;
+ int kvno = 0;
+
+ if(!config->enable_524) {
+ ret = KRB5KDC_ERR_POLICY;
+ kdc_log(context, config, 0,
+ "Rejected ticket conversion request from %s", from);
+ goto out;
+ }
+
+ ret = fetch_server (context, config, t, &spn, &server, from);
+ if (ret) {
+ goto out;
+ }
+
+ ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey);
+ if(ret){
+ kdc_log(context, config, 0,
+ "No suitable key found for server (%s) from %s", spn, from);
+ goto out;
+ }
+ ret = krb5_crypto_init(context, &skey->key, 0, &crypto);
+ if (ret) {
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_TICKET,
+ &t->enc_part,
+ &et_data);
+ krb5_crypto_destroy(context, crypto);
+ if(ret){
+ kdc_log(context, config, 0,
+ "Failed to decrypt ticket from %s for %s", from, spn);
+ goto out;
+ }
+ ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length,
+ &et, &len);
+ krb5_data_free(&et_data);
+ if(ret){
+ kdc_log(context, config, 0,
+ "Failed to decode ticket from %s for %s", from, spn);
+ goto out;
+ }
+
+ ret = log_524 (context, config, &et, from, spn);
+ if (ret) {
+ free_EncTicketPart(&et);
+ goto out;
+ }
+
+ ret = verify_flags (context, config, &et, spn);
+ if (ret) {
+ free_EncTicketPart(&et);
+ goto out;
+ }
+
+ ret = set_address (context, config, &et, addr, from);
+ if (ret) {
+ free_EncTicketPart(&et);
+ goto out;
+ }
+
+ ret = encode_524_response(context, config, spn, et, t,
+ server, &ticket, &kvno);
+ free_EncTicketPart(&et);
+
+ out:
+ /* make reply */
+ memset(buf, 0, sizeof(buf));
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp) {
+ krb5_store_int32(sp, ret);
+ if(ret == 0){
+ krb5_store_int32(sp, kvno);
+ krb5_store_data(sp, ticket.cipher);
+ /* Aargh! This is coded as a KTEXT_ST. */
+ krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
+ krb5_store_int32(sp, 0); /* mbz */
+ free_EncryptedData(&ticket);
+ }
+ ret = krb5_storage_to_data(sp, reply);
+ reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
+ krb5_storage_free(sp);
+ } else
+ krb5_data_zero(reply);
+ if(spn)
+ free(spn);
+ if(server)
+ _kdc_free_ent (context, server);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kdc/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/kdc/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,122 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+
+lib_LTLIBRARIES = libkdc.la
+
+bin_PROGRAMS = string2key
+
+sbin_PROGRAMS = kstash
+
+libexec_PROGRAMS = hprop hpropd kdc
+
+noinst_PROGRAMS = kdc-replay
+
+man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
+
+hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h
+hpropd_SOURCES = hpropd.c hprop.h
+
+kstash_SOURCES = kstash.c headers.h
+
+string2key_SOURCES = string2key.c headers.h
+
+kdc_SOURCES = connect.c \
+ config.c \
+ main.c
+
+libkdc_la_SOURCES = \
+ kdc-private.h \
+ kdc-protos.h \
+ default_config.c \
+ set_dbinfo.c \
+ digest.c \
+ kdc_locl.h \
+ kerberos5.c \
+ krb5tgs.c \
+ pkinit.c \
+ log.c \
+ misc.c \
+ 524.c \
+ kerberos4.c \
+ kaserver.c \
+ kx509.c \
+ process.c \
+ windc.c \
+ rx.h
+
+
+$(libkdc_la_OBJECTS): $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
+
+libkdc_la_LDFLAGS = -version-info 2:0:0
+
+if versionscript
+libkdc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+$(libkdc_la_OBJECTS): $(srcdir)/version-script.map
+
+$(srcdir)/kdc-protos.h:
+ cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -o kdc-protos.h $(libkdc_la_SOURCES) || rm -f kdc-protos.h
+
+$(srcdir)/kdc-private.h:
+ cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -p kdc-private.h $(libkdc_la_SOURCES) || rm -f kdc-private.h
+
+
+hprop_LDADD = \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_kdb) $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+hpropd_LDADD = \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_kdb) $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+if PKINIT
+LIB_pkinit = $(top_builddir)/lib/hx509/libhx509.la
+endif
+
+libkdc_la_LIBADD = \
+ $(LIB_pkinit) \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_kdb) $(LIB_krb4) \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+LDADD = $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile)
+kdc_replay_LDADD = $(kdc_LDADD)
+
+include_HEADERS = kdc.h kdc-protos.h
+
+krb5dir = $(includedir)/krb5
+krb5_HEADERS = windc_plugin.h
+
+build_HEADERZ = $(krb5_HEADERS) # XXX
+
+EXTRA_DIST = $(man_MANS) version-script.map
Added: vendor-crypto/heimdal/dist/kdc/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/kdc/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1151 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(krb5_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = string2key$(EXEEXT)
+sbin_PROGRAMS = kstash$(EXEEXT)
+libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT)
+noinst_PROGRAMS = kdc-replay$(EXEEXT)
+ at versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+subdir = kdc
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \
+ "$(DESTDIR)$(krb5dir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libkdc_la_DEPENDENCIES = $(LIB_pkinit) \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_libkdc_la_OBJECTS = default_config.lo set_dbinfo.lo digest.lo \
+ kerberos5.lo krb5tgs.lo pkinit.lo log.lo misc.lo 524.lo \
+ kerberos4.lo kaserver.lo kx509.lo process.lo windc.lo
+libkdc_la_OBJECTS = $(am_libkdc_la_OBJECTS)
+libkdc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libkdc_la_LDFLAGS) $(LDFLAGS) -o $@
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) \
+ $(sbin_PROGRAMS)
+am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT) \
+ v4_dump.$(OBJEXT)
+hprop_OBJECTS = $(am_hprop_OBJECTS)
+hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_hpropd_OBJECTS = hpropd.$(OBJEXT)
+hpropd_OBJECTS = $(am_hpropd_OBJECTS)
+hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_kdc_OBJECTS = connect.$(OBJEXT) config.$(OBJEXT) main.$(OBJEXT)
+kdc_OBJECTS = $(am_kdc_OBJECTS)
+am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+kdc_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_1)
+kdc_replay_SOURCES = kdc-replay.c
+kdc_replay_OBJECTS = kdc-replay.$(OBJEXT)
+am__DEPENDENCIES_3 = libkdc.la $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_1)
+kdc_replay_DEPENDENCIES = $(am__DEPENDENCIES_3)
+am_kstash_OBJECTS = kstash.$(OBJEXT)
+kstash_OBJECTS = $(am_kstash_OBJECTS)
+kstash_LDADD = $(LDADD)
+kstash_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_string2key_OBJECTS = string2key.$(OBJEXT)
+string2key_OBJECTS = $(am_string2key_OBJECTS)
+string2key_LDADD = $(LDADD)
+string2key_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libkdc_la_SOURCES) $(hprop_SOURCES) $(hpropd_SOURCES) \
+ $(kdc_SOURCES) kdc-replay.c $(kstash_SOURCES) \
+ $(string2key_SOURCES)
+DIST_SOURCES = $(libkdc_la_SOURCES) $(hprop_SOURCES) $(hpropd_SOURCES) \
+ $(kdc_SOURCES) kdc-replay.c $(kstash_SOURCES) \
+ $(string2key_SOURCES)
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+krb5HEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS) $(krb5_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+lib_LTLIBRARIES = libkdc.la
+man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8
+hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h
+hpropd_SOURCES = hpropd.c hprop.h
+kstash_SOURCES = kstash.c headers.h
+string2key_SOURCES = string2key.c headers.h
+kdc_SOURCES = connect.c \
+ config.c \
+ main.c
+
+libkdc_la_SOURCES = \
+ kdc-private.h \
+ kdc-protos.h \
+ default_config.c \
+ set_dbinfo.c \
+ digest.c \
+ kdc_locl.h \
+ kerberos5.c \
+ krb5tgs.c \
+ pkinit.c \
+ log.c \
+ misc.c \
+ 524.c \
+ kerberos4.c \
+ kaserver.c \
+ kx509.c \
+ process.c \
+ windc.c \
+ rx.h
+
+libkdc_la_LDFLAGS = -version-info 2:0:0 $(am__append_1)
+hprop_LDADD = \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_kdb) $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+hpropd_LDADD = \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_kdb) $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+ at PKINIT_TRUE@LIB_pkinit = $(top_builddir)/lib/hx509/libhx509.la
+libkdc_la_LIBADD = \
+ $(LIB_pkinit) \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_kdb) $(LIB_krb4) \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+LDADD = $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken) \
+ $(DBLIB)
+
+kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile)
+kdc_replay_LDADD = $(kdc_LDADD)
+include_HEADERS = kdc.h kdc-protos.h
+krb5dir = $(includedir)/krb5
+krb5_HEADERS = windc_plugin.h
+build_HEADERZ = $(krb5_HEADERS) # XXX
+EXTRA_DIST = $(man_MANS) version-script.map
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kdc/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps kdc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libkdc.la: $(libkdc_la_OBJECTS) $(libkdc_la_DEPENDENCIES)
+ $(libkdc_la_LINK) -rpath $(libdir) $(libkdc_la_OBJECTS) $(libkdc_la_LIBADD) $(LIBS)
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+ done
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+hprop$(EXEEXT): $(hprop_OBJECTS) $(hprop_DEPENDENCIES)
+ @rm -f hprop$(EXEEXT)
+ $(LINK) $(hprop_OBJECTS) $(hprop_LDADD) $(LIBS)
+hpropd$(EXEEXT): $(hpropd_OBJECTS) $(hpropd_DEPENDENCIES)
+ @rm -f hpropd$(EXEEXT)
+ $(LINK) $(hpropd_OBJECTS) $(hpropd_LDADD) $(LIBS)
+kdc$(EXEEXT): $(kdc_OBJECTS) $(kdc_DEPENDENCIES)
+ @rm -f kdc$(EXEEXT)
+ $(LINK) $(kdc_OBJECTS) $(kdc_LDADD) $(LIBS)
+kdc-replay$(EXEEXT): $(kdc_replay_OBJECTS) $(kdc_replay_DEPENDENCIES)
+ @rm -f kdc-replay$(EXEEXT)
+ $(LINK) $(kdc_replay_OBJECTS) $(kdc_replay_LDADD) $(LIBS)
+kstash$(EXEEXT): $(kstash_OBJECTS) $(kstash_DEPENDENCIES)
+ @rm -f kstash$(EXEEXT)
+ $(LINK) $(kstash_OBJECTS) $(kstash_LDADD) $(LIBS)
+string2key$(EXEEXT): $(string2key_OBJECTS) $(string2key_DEPENDENCIES)
+ @rm -f string2key$(EXEEXT)
+ $(LINK) $(string2key_OBJECTS) $(string2key_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-krb5HEADERS: $(krb5_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)"
+ @list='$(krb5_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \
+ $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \
+ done
+
+uninstall-krb5HEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(krb5_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \
+ rm -f "$(DESTDIR)$(krb5dir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
+ all-local
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(krb5dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
+ clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS install-krb5HEADERS \
+ install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libLTLIBRARIES \
+ install-libexecPROGRAMS install-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
+ uninstall-krb5HEADERS uninstall-libLTLIBRARIES \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libexecPROGRAMS clean-libtool clean-noinstPROGRAMS \
+ clean-sbinPROGRAMS ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-includeHEADERS install-info install-info-am \
+ install-krb5HEADERS install-libLTLIBRARIES \
+ install-libexecPROGRAMS install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-binPROGRAMS uninstall-hook uninstall-includeHEADERS \
+ uninstall-krb5HEADERS uninstall-libLTLIBRARIES \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \
+ uninstall-sbinPROGRAMS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(libkdc_la_OBJECTS): $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
+$(libkdc_la_OBJECTS): $(srcdir)/version-script.map
+
+$(srcdir)/kdc-protos.h:
+ cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -o kdc-protos.h $(libkdc_la_SOURCES) || rm -f kdc-protos.h
+
+$(srcdir)/kdc-private.h:
+ cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -p kdc-private.h $(libkdc_la_SOURCES) || rm -f kdc-private.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/kdc/config.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/config.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/config.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,322 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+#include <getarg.h>
+#include <parse_bytes.h>
+
+RCSID("$Id: config.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct dbinfo {
+ char *realm;
+ char *dbname;
+ char *mkey_file;
+ struct dbinfo *next;
+};
+
+static char *config_file; /* location of kdc config file */
+
+static int require_preauth = -1; /* 1 == require preauth for all principals */
+static char *max_request_str; /* `max_request' as a string */
+
+static int disable_des = -1;
+static int enable_v4 = -1;
+static int enable_kaserver = -1;
+static int enable_524 = -1;
+static int enable_v4_cross_realm = -1;
+
+static int builtin_hdb_flag;
+static int help_flag;
+static int version_flag;
+
+static struct getarg_strings addresses_str; /* addresses to listen on */
+
+static char *v4_realm;
+
+static struct getargs args[] = {
+ {
+ "config-file", 'c', arg_string, &config_file,
+ "location of config file", "file"
+ },
+ {
+ "require-preauth", 'p', arg_negative_flag, &require_preauth,
+ "don't require pa-data in as-reqs"
+ },
+ {
+ "max-request", 0, arg_string, &max_request,
+ "max size for a kdc-request", "size"
+ },
+ { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" },
+ { "524", 0, arg_negative_flag, &enable_524,
+ "don't respond to 524 requests"
+ },
+ {
+ "kaserver", 'K', arg_flag, &enable_kaserver,
+ "enable kaserver support"
+ },
+ { "kerberos4", 0, arg_flag, &enable_v4,
+ "respond to kerberos 4 requests"
+ },
+ {
+ "v4-realm", 'r', arg_string, &v4_realm,
+ "realm to serve v4-requests for"
+ },
+ { "kerberos4-cross-realm", 0, arg_flag,
+ &enable_v4_cross_realm,
+ "respond to kerberos 4 requests from foreign realms"
+ },
+ { "ports", 'P', arg_string, &port_str,
+ "ports to listen to", "portspec"
+ },
+#if DETACH_IS_DEFAULT
+ {
+ "detach", 'D', arg_negative_flag, &detach_from_console,
+ "don't detach from console"
+ },
+#else
+ {
+ "detach", 0 , arg_flag, &detach_from_console,
+ "detach from console"
+ },
+#endif
+ { "addresses", 0, arg_strings, &addresses_str,
+ "addresses to listen on", "list of addresses" },
+ { "disable-des", 0, arg_flag, &disable_des,
+ "disable DES" },
+ { "builtin-hdb", 0, arg_flag, &builtin_hdb_flag,
+ "list builtin hdb backends"},
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 'v', arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "");
+ exit (ret);
+}
+
+static void
+add_one_address (krb5_context context, const char *str, int first)
+{
+ krb5_error_code ret;
+ krb5_addresses tmp;
+
+ ret = krb5_parse_address (context, str, &tmp);
+ if (ret)
+ krb5_err (context, 1, ret, "parse_address `%s'", str);
+ if (first)
+ krb5_copy_addresses(context, &tmp, &explicit_addresses);
+ else
+ krb5_append_addresses(context, &explicit_addresses, &tmp);
+ krb5_free_addresses (context, &tmp);
+}
+
+krb5_kdc_configuration *
+configure(krb5_context context, int argc, char **argv)
+{
+ krb5_kdc_configuration *config;
+ krb5_error_code ret;
+ int optidx = 0;
+ const char *p;
+
+ while(getarg(args, num_args, argc, argv, &optidx))
+ warnx("error at argument `%s'", argv[optidx]);
+
+ if(help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if (builtin_hdb_flag) {
+ char *list;
+ ret = hdb_list_builtin(context, &list);
+ if (ret)
+ krb5_err(context, 1, ret, "listing builtin hdb backends");
+ printf("builtin hdb backends: %s\n", list);
+ free(list);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 0)
+ usage(1);
+
+ {
+ char **files;
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (config_file == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if(ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+ }
+
+ ret = krb5_kdc_get_config(context, &config);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kdc_default_config");
+
+ kdc_openlog(context, config);
+
+ ret = krb5_kdc_set_dbinfo(context, config);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
+
+ if(max_request_str)
+ max_request = parse_bytes(max_request_str, NULL);
+
+ if(max_request == 0){
+ p = krb5_config_get_string (context,
+ NULL,
+ "kdc",
+ "max-request",
+ NULL);
+ if(p)
+ max_request = parse_bytes(p, NULL);
+ }
+
+ if(require_preauth != -1)
+ config->require_preauth = require_preauth;
+
+ if(port_str == NULL){
+ p = krb5_config_get_string(context, NULL, "kdc", "ports", NULL);
+ if (p != NULL)
+ port_str = strdup(p);
+ }
+
+ explicit_addresses.len = 0;
+
+ if (addresses_str.num_strings) {
+ int i;
+
+ for (i = 0; i < addresses_str.num_strings; ++i)
+ add_one_address (context, addresses_str.strings[i], i == 0);
+ free_getarg_strings (&addresses_str);
+ } else {
+ char **foo = krb5_config_get_strings (context, NULL,
+ "kdc", "addresses", NULL);
+
+ if (foo != NULL) {
+ add_one_address (context, *foo++, TRUE);
+ while (*foo)
+ add_one_address (context, *foo++, FALSE);
+ }
+ }
+
+ if(enable_v4 != -1)
+ config->enable_v4 = enable_v4;
+
+ if(enable_v4_cross_realm != -1)
+ config->enable_v4_cross_realm = enable_v4_cross_realm;
+
+ if(enable_524 != -1)
+ config->enable_524 = enable_524;
+
+ if(enable_http == -1)
+ enable_http = krb5_config_get_bool(context, NULL, "kdc",
+ "enable-http", NULL);
+
+ if(request_log == NULL)
+ request_log = krb5_config_get_string(context, NULL,
+ "kdc",
+ "kdc-request-log",
+ NULL);
+
+ if (krb5_config_get_string(context, NULL, "kdc",
+ "enforce-transited-policy", NULL))
+ krb5_errx(context, 1, "enforce-transited-policy deprecated, "
+ "use [kdc]transited-policy instead");
+
+ if (enable_kaserver != -1)
+ config->enable_kaserver = enable_kaserver;
+
+ if(detach_from_console == -1)
+ detach_from_console = krb5_config_get_bool_default(context, NULL,
+ DETACH_IS_DEFAULT,
+ "kdc",
+ "detach", NULL);
+
+ if(max_request == 0)
+ max_request = 64 * 1024;
+
+ if (port_str == NULL)
+ port_str = "+";
+
+ if (v4_realm)
+ config->v4_realm = v4_realm;
+
+ if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4))
+ krb5_errx(context, 1, "Kerberos 4 enabled but no realm configured");
+
+ if(disable_des == -1)
+ disable_des = krb5_config_get_bool_default(context, NULL,
+ FALSE,
+ "kdc",
+ "disable-des", NULL);
+ if(disable_des) {
+ krb5_enctype_disable(context, ETYPE_DES_CBC_CRC);
+ krb5_enctype_disable(context, ETYPE_DES_CBC_MD4);
+ krb5_enctype_disable(context, ETYPE_DES_CBC_MD5);
+ krb5_enctype_disable(context, ETYPE_DES_CBC_NONE);
+ krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE);
+ krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE);
+
+ kdc_log(context, config,
+ 0, "DES was disabled, turned off Kerberos V4, 524 "
+ "and kaserver");
+ config->enable_v4 = 0;
+ config->enable_524 = 0;
+ config->enable_kaserver = 0;
+ }
+
+ krb5_kdc_windc_init(context);
+
+ return config;
+}
Added: vendor-crypto/heimdal/dist/kdc/connect.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/connect.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/connect.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,900 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: connect.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+/* Should we enable the HTTP hack? */
+int enable_http = -1;
+
+/* Log over requests to the KDC */
+const char *request_log;
+
+/* A string describing on what ports to listen */
+const char *port_str;
+
+krb5_addresses explicit_addresses;
+
+size_t max_request; /* maximal size of a request */
+
+/*
+ * a tuple describing on what to listen
+ */
+
+struct port_desc{
+ int family;
+ int type;
+ int port;
+};
+
+/* the current ones */
+
+static struct port_desc *ports;
+static int num_ports;
+
+/*
+ * add `family, port, protocol' to the list with duplicate suppresion.
+ */
+
+static void
+add_port(krb5_context context,
+ int family, int port, const char *protocol)
+{
+ int type;
+ int i;
+
+ if(strcmp(protocol, "udp") == 0)
+ type = SOCK_DGRAM;
+ else if(strcmp(protocol, "tcp") == 0)
+ type = SOCK_STREAM;
+ else
+ return;
+ for(i = 0; i < num_ports; i++){
+ if(ports[i].type == type
+ && ports[i].port == port
+ && ports[i].family == family)
+ return;
+ }
+ ports = realloc(ports, (num_ports + 1) * sizeof(*ports));
+ if (ports == NULL)
+ krb5_err (context, 1, errno, "realloc");
+ ports[num_ports].family = family;
+ ports[num_ports].type = type;
+ ports[num_ports].port = port;
+ num_ports++;
+}
+
+/*
+ * add a triple but with service -> port lookup
+ * (this prints warnings for stuff that does not exist)
+ */
+
+static void
+add_port_service(krb5_context context,
+ int family, const char *service, int port,
+ const char *protocol)
+{
+ port = krb5_getportbyname (context, service, protocol, port);
+ add_port (context, family, port, protocol);
+}
+
+/*
+ * add the port with service -> port lookup or string -> number
+ * (no warning is printed)
+ */
+
+static void
+add_port_string (krb5_context context,
+ int family, const char *str, const char *protocol)
+{
+ struct servent *sp;
+ int port;
+
+ sp = roken_getservbyname (str, protocol);
+ if (sp != NULL) {
+ port = sp->s_port;
+ } else {
+ char *end;
+
+ port = htons(strtol(str, &end, 0));
+ if (end == str)
+ return;
+ }
+ add_port (context, family, port, protocol);
+}
+
+/*
+ * add the standard collection of ports for `family'
+ */
+
+static void
+add_standard_ports (krb5_context context,
+ krb5_kdc_configuration *config,
+ int family)
+{
+ add_port_service(context, family, "kerberos", 88, "udp");
+ add_port_service(context, family, "kerberos", 88, "tcp");
+ add_port_service(context, family, "kerberos-sec", 88, "udp");
+ add_port_service(context, family, "kerberos-sec", 88, "tcp");
+ if(enable_http)
+ add_port_service(context, family, "http", 80, "tcp");
+ if(config->enable_524) {
+ add_port_service(context, family, "krb524", 4444, "udp");
+ add_port_service(context, family, "krb524", 4444, "tcp");
+ }
+ if(config->enable_v4) {
+ add_port_service(context, family, "kerberos-iv", 750, "udp");
+ add_port_service(context, family, "kerberos-iv", 750, "tcp");
+ }
+ if (config->enable_kaserver)
+ add_port_service(context, family, "afs3-kaserver", 7004, "udp");
+ if(config->enable_kx509) {
+ add_port_service(context, family, "kca_service", 9878, "udp");
+ add_port_service(context, family, "kca_service", 9878, "tcp");
+ }
+
+}
+
+/*
+ * parse the set of space-delimited ports in `str' and add them.
+ * "+" => all the standard ones
+ * otherwise it's port|service[/protocol]
+ */
+
+static void
+parse_ports(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *str)
+{
+ char *pos = NULL;
+ char *p;
+ char *str_copy = strdup (str);
+
+ p = strtok_r(str_copy, " \t", &pos);
+ while(p != NULL) {
+ if(strcmp(p, "+") == 0) {
+#ifdef HAVE_IPV6
+ add_standard_ports(context, config, AF_INET6);
+#endif
+ add_standard_ports(context, config, AF_INET);
+ } else {
+ char *q = strchr(p, '/');
+ if(q){
+ *q++ = 0;
+#ifdef HAVE_IPV6
+ add_port_string(context, AF_INET6, p, q);
+#endif
+ add_port_string(context, AF_INET, p, q);
+ }else {
+#ifdef HAVE_IPV6
+ add_port_string(context, AF_INET6, p, "udp");
+ add_port_string(context, AF_INET6, p, "tcp");
+#endif
+ add_port_string(context, AF_INET, p, "udp");
+ add_port_string(context, AF_INET, p, "tcp");
+ }
+ }
+
+ p = strtok_r(NULL, " \t", &pos);
+ }
+ free (str_copy);
+}
+
+/*
+ * every socket we listen on
+ */
+
+struct descr {
+ int s;
+ int type;
+ int port;
+ unsigned char *buf;
+ size_t size;
+ size_t len;
+ time_t timeout;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa;
+ socklen_t sock_len;
+ char addr_string[128];
+};
+
+static void
+init_descr(struct descr *d)
+{
+ memset(d, 0, sizeof(*d));
+ d->sa = (struct sockaddr *)&d->__ss;
+ d->s = -1;
+}
+
+/*
+ * re-initialize all `n' ->sa in `d'.
+ */
+
+static void
+reinit_descrs (struct descr *d, int n)
+{
+ int i;
+
+ for (i = 0; i < n; ++i)
+ d[i].sa = (struct sockaddr *)&d[i].__ss;
+}
+
+/*
+ * Create the socket (family, type, port) in `d'
+ */
+
+static void
+init_socket(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, krb5_address *a, int family, int type, int port)
+{
+ krb5_error_code ret;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ krb5_socklen_t sa_size = sizeof(__ss);
+
+ init_descr (d);
+
+ ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
+ if (ret) {
+ krb5_warn(context, ret, "krb5_addr2sockaddr");
+ close(d->s);
+ d->s = -1;
+ return;
+ }
+
+ if (sa->sa_family != family)
+ return;
+
+ d->s = socket(family, type, 0);
+ if(d->s < 0){
+ krb5_warn(context, errno, "socket(%d, %d, 0)", family, type);
+ d->s = -1;
+ return;
+ }
+#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR)
+ {
+ int one = 1;
+ setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
+ }
+#endif
+ d->type = type;
+ d->port = port;
+
+ if(bind(d->s, sa, sa_size) < 0){
+ char a_str[256];
+ size_t len;
+
+ krb5_print_address (a, a_str, sizeof(a_str), &len);
+ krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
+ close(d->s);
+ d->s = -1;
+ return;
+ }
+ if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){
+ char a_str[256];
+ size_t len;
+
+ krb5_print_address (a, a_str, sizeof(a_str), &len);
+ krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
+ close(d->s);
+ d->s = -1;
+ return;
+ }
+}
+
+/*
+ * Allocate descriptors for all the sockets that we should listen on
+ * and return the number of them.
+ */
+
+static int
+init_sockets(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr **desc)
+{
+ krb5_error_code ret;
+ int i, j;
+ struct descr *d;
+ int num = 0;
+ krb5_addresses addresses;
+
+ if (explicit_addresses.len) {
+ addresses = explicit_addresses;
+ } else {
+ ret = krb5_get_all_server_addrs (context, &addresses);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
+ }
+ parse_ports(context, config, port_str);
+ d = malloc(addresses.len * num_ports * sizeof(*d));
+ if (d == NULL)
+ krb5_errx(context, 1, "malloc(%lu) failed",
+ (unsigned long)num_ports * sizeof(*d));
+
+ for (i = 0; i < num_ports; i++){
+ for (j = 0; j < addresses.len; ++j) {
+ init_socket(context, config, &d[num], &addresses.val[j],
+ ports[i].family, ports[i].type, ports[i].port);
+ if(d[num].s != -1){
+ char a_str[80];
+ size_t len;
+
+ krb5_print_address (&addresses.val[j], a_str,
+ sizeof(a_str), &len);
+
+ kdc_log(context, config, 5, "listening on %s port %u/%s",
+ a_str,
+ ntohs(ports[i].port),
+ (ports[i].type == SOCK_STREAM) ? "tcp" : "udp");
+ /* XXX */
+ num++;
+ }
+ }
+ }
+ krb5_free_addresses (context, &addresses);
+ d = realloc(d, num * sizeof(*d));
+ if (d == NULL && num != 0)
+ krb5_errx(context, 1, "realloc(%lu) failed",
+ (unsigned long)num * sizeof(*d));
+ reinit_descrs (d, num);
+ *desc = d;
+ return num;
+}
+
+/*
+ *
+ */
+
+static const char *
+descr_type(struct descr *d)
+{
+ if (d->type == SOCK_DGRAM)
+ return "udp";
+ else if (d->type == SOCK_STREAM)
+ return "tcp";
+ return "unknown";
+}
+
+static void
+addr_to_string(krb5_context context,
+ struct sockaddr *addr, size_t addr_len, char *str, size_t len)
+{
+ krb5_address a;
+ if(krb5_sockaddr2address(context, addr, &a) == 0) {
+ if(krb5_print_address(&a, str, len, &len) == 0) {
+ krb5_free_address(context, &a);
+ return;
+ }
+ krb5_free_address(context, &a);
+ }
+ snprintf(str, len, "<family=%d>", addr->sa_family);
+}
+
+/*
+ *
+ */
+
+static void
+send_reply(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_boolean prependlength,
+ struct descr *d,
+ krb5_data *reply)
+{
+ kdc_log(context, config, 5,
+ "sending %lu bytes to %s", (unsigned long)reply->length,
+ d->addr_string);
+ if(prependlength){
+ unsigned char l[4];
+ l[0] = (reply->length >> 24) & 0xff;
+ l[1] = (reply->length >> 16) & 0xff;
+ l[2] = (reply->length >> 8) & 0xff;
+ l[3] = reply->length & 0xff;
+ if(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len) < 0) {
+ kdc_log (context, config,
+ 0, "sendto(%s): %s", d->addr_string, strerror(errno));
+ return;
+ }
+ }
+ if(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len) < 0) {
+ kdc_log (context, config,
+ 0, "sendto(%s): %s", d->addr_string, strerror(errno));
+ return;
+ }
+}
+
+/*
+ * Handle the request in `buf, len' to socket `d'
+ */
+
+static void
+do_request(krb5_context context,
+ krb5_kdc_configuration *config,
+ void *buf, size_t len, krb5_boolean prependlength,
+ struct descr *d)
+{
+ krb5_error_code ret;
+ krb5_data reply;
+ int datagram_reply = (d->type == SOCK_DGRAM);
+
+ krb5_kdc_update_time(NULL);
+
+ krb5_data_zero(&reply);
+ ret = krb5_kdc_process_request(context, config,
+ buf, len, &reply, &prependlength,
+ d->addr_string, d->sa,
+ datagram_reply);
+ if(request_log)
+ krb5_kdc_save_request(context, request_log, buf, len, &reply, d->sa);
+ if(reply.length){
+ send_reply(context, config, prependlength, d, &reply);
+ krb5_data_free(&reply);
+ }
+ if(ret)
+ kdc_log(context, config, 0,
+ "Failed processing %lu byte request from %s",
+ (unsigned long)len, d->addr_string);
+}
+
+/*
+ * Handle incoming data to the UDP socket in `d'
+ */
+
+static void
+handle_udp(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d)
+{
+ unsigned char *buf;
+ int n;
+
+ buf = malloc(max_request);
+ if(buf == NULL){
+ kdc_log(context, config, 0, "Failed to allocate %lu bytes", (unsigned long)max_request);
+ return;
+ }
+
+ d->sock_len = sizeof(d->__ss);
+ n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len);
+ if(n < 0)
+ krb5_warn(context, errno, "recvfrom");
+ else {
+ addr_to_string (context, d->sa, d->sock_len,
+ d->addr_string, sizeof(d->addr_string));
+ do_request(context, config, buf, n, FALSE, d);
+ }
+ free (buf);
+}
+
+static void
+clear_descr(struct descr *d)
+{
+ if(d->buf)
+ memset(d->buf, 0, d->size);
+ d->len = 0;
+ if(d->s != -1)
+ close(d->s);
+ d->s = -1;
+}
+
+
+/* remove HTTP %-quoting from buf */
+static int
+de_http(char *buf)
+{
+ unsigned char *p, *q;
+ for(p = q = (unsigned char *)buf; *p; p++, q++) {
+ if(*p == '%' && isxdigit(p[1]) && isxdigit(p[2])) {
+ unsigned int x;
+ if(sscanf((char *)p + 1, "%2x", &x) != 1)
+ return -1;
+ *q = x;
+ p += 2;
+ } else
+ *q = *p;
+ }
+ *q = '\0';
+ return 0;
+}
+
+#define TCP_TIMEOUT 4
+
+/*
+ * accept a new TCP connection on `d[parent]' and store it in `d[child]'
+ */
+
+static void
+add_new_tcp (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, int parent, int child)
+{
+ int s;
+
+ if (child == -1)
+ return;
+
+ d[child].sock_len = sizeof(d[child].__ss);
+ s = accept(d[parent].s, d[child].sa, &d[child].sock_len);
+ if(s < 0) {
+ krb5_warn(context, errno, "accept");
+ return;
+ }
+
+ if (s >= FD_SETSIZE) {
+ krb5_warnx(context, "socket FD too large");
+ close (s);
+ return;
+ }
+
+ d[child].s = s;
+ d[child].timeout = time(NULL) + TCP_TIMEOUT;
+ d[child].type = SOCK_STREAM;
+ addr_to_string (context,
+ d[child].sa, d[child].sock_len,
+ d[child].addr_string, sizeof(d[child].addr_string));
+}
+
+/*
+ * Grow `d' to handle at least `n'.
+ * Return != 0 if fails
+ */
+
+static int
+grow_descr (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, size_t n)
+{
+ if (d->size - d->len < n) {
+ unsigned char *tmp;
+ size_t grow;
+
+ grow = max(1024, d->len + n);
+ if (d->size + grow > max_request) {
+ kdc_log(context, config, 0, "Request exceeds max request size (%lu bytes).",
+ (unsigned long)d->size + grow);
+ clear_descr(d);
+ return -1;
+ }
+ tmp = realloc (d->buf, d->size + grow);
+ if (tmp == NULL) {
+ kdc_log(context, config, 0, "Failed to re-allocate %lu bytes.",
+ (unsigned long)d->size + grow);
+ clear_descr(d);
+ return -1;
+ }
+ d->size += grow;
+ d->buf = tmp;
+ }
+ return 0;
+}
+
+/*
+ * Try to handle the TCP data at `d->buf, d->len'.
+ * Return -1 if failed, 0 if succesful, and 1 if data is complete.
+ */
+
+static int
+handle_vanilla_tcp (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d)
+{
+ krb5_storage *sp;
+ uint32_t len;
+
+ sp = krb5_storage_from_mem(d->buf, d->len);
+ if (sp == NULL) {
+ kdc_log (context, config, 0, "krb5_storage_from_mem failed");
+ return -1;
+ }
+ krb5_ret_uint32(sp, &len);
+ krb5_storage_free(sp);
+ if(d->len - 4 >= len) {
+ memmove(d->buf, d->buf + 4, d->len - 4);
+ d->len -= 4;
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Try to handle the TCP/HTTP data at `d->buf, d->len'.
+ * Return -1 if failed, 0 if succesful, and 1 if data is complete.
+ */
+
+static int
+handle_http_tcp (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d)
+{
+ char *s, *p, *t;
+ void *data;
+ char *proto;
+ int len;
+
+ s = (char *)d->buf;
+
+ p = strstr(s, "\r\n");
+ if (p == NULL) {
+ kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
+ return -1;
+ }
+ *p = 0;
+
+ p = NULL;
+ t = strtok_r(s, " \t", &p);
+ if (t == NULL) {
+ kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
+ return -1;
+ }
+ t = strtok_r(NULL, " \t", &p);
+ if(t == NULL) {
+ kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
+ return -1;
+ }
+ data = malloc(strlen(t));
+ if (data == NULL) {
+ kdc_log(context, config, 0, "Failed to allocate %lu bytes",
+ (unsigned long)strlen(t));
+ return -1;
+ }
+ if(*t == '/')
+ t++;
+ if(de_http(t) != 0) {
+ kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
+ kdc_log(context, config, 5, "HTTP request: %s", t);
+ free(data);
+ return -1;
+ }
+ proto = strtok_r(NULL, " \t", &p);
+ if (proto == NULL) {
+ kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string);
+ free(data);
+ return -1;
+ }
+ len = base64_decode(t, data);
+ if(len <= 0){
+ const char *msg =
+ " 404 Not found\r\n"
+ "Server: Heimdal/" VERSION "\r\n"
+ "Cache-Control: no-cache\r\n"
+ "Pragma: no-cache\r\n"
+ "Content-type: text/html\r\n"
+ "Content-transfer-encoding: 8bit\r\n\r\n"
+ "<TITLE>404 Not found</TITLE>\r\n"
+ "<H1>404 Not found</H1>\r\n"
+ "That page doesn't exist, maybe you are looking for "
+ "<A HREF=\"http://www.h5l.org/\">Heimdal</A>?\r\n";
+ kdc_log(context, config, 0, "HTTP request from %s is non KDC request", d->addr_string);
+ kdc_log(context, config, 5, "HTTP request: %s", t);
+ free(data);
+ if (write(d->s, proto, strlen(proto)) < 0) {
+ kdc_log(context, config, 0, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(errno));
+ return -1;
+ }
+ if (write(d->s, msg, strlen(msg)) < 0) {
+ kdc_log(context, config, 0, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(errno));
+ return -1;
+ }
+ return -1;
+ }
+ {
+ const char *msg =
+ " 200 OK\r\n"
+ "Server: Heimdal/" VERSION "\r\n"
+ "Cache-Control: no-cache\r\n"
+ "Pragma: no-cache\r\n"
+ "Content-type: application/octet-stream\r\n"
+ "Content-transfer-encoding: binary\r\n\r\n";
+ if (write(d->s, proto, strlen(proto)) < 0) {
+ kdc_log(context, config, 0, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(errno));
+ return -1;
+ }
+ if (write(d->s, msg, strlen(msg)) < 0) {
+ kdc_log(context, config, 0, "HTTP write failed: %s: %s",
+ d->addr_string, strerror(errno));
+ return -1;
+ }
+ }
+ memcpy(d->buf, data, len);
+ d->len = len;
+ free(data);
+ return 1;
+}
+
+/*
+ * Handle incoming data to the TCP socket in `d[index]'
+ */
+
+static void
+handle_tcp(krb5_context context,
+ krb5_kdc_configuration *config,
+ struct descr *d, int idx, int min_free)
+{
+ unsigned char buf[1024];
+ int n;
+ int ret = 0;
+
+ if (d[idx].timeout == 0) {
+ add_new_tcp (context, config, d, idx, min_free);
+ return;
+ }
+
+ n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL);
+ if(n < 0){
+ krb5_warn(context, errno, "recvfrom failed from %s to %s/%d",
+ d[idx].addr_string, descr_type(d + idx),
+ ntohs(d[idx].port));
+ return;
+ } else if (n == 0) {
+ krb5_warnx(context, "connection closed before end of data after %lu "
+ "bytes from %s to %s/%d", (unsigned long)d[idx].len,
+ d[idx].addr_string, descr_type(d + idx),
+ ntohs(d[idx].port));
+ clear_descr (d + idx);
+ return;
+ }
+ if (grow_descr (context, config, &d[idx], n))
+ return;
+ memcpy(d[idx].buf + d[idx].len, buf, n);
+ d[idx].len += n;
+ if(d[idx].len > 4 && d[idx].buf[0] == 0) {
+ ret = handle_vanilla_tcp (context, config, &d[idx]);
+ } else if(enable_http &&
+ d[idx].len >= 4 &&
+ strncmp((char *)d[idx].buf, "GET ", 4) == 0 &&
+ strncmp((char *)d[idx].buf + d[idx].len - 4,
+ "\r\n\r\n", 4) == 0) {
+ ret = handle_http_tcp (context, config, &d[idx]);
+ if (ret < 0)
+ clear_descr (d + idx);
+ } else if (d[idx].len > 4) {
+ kdc_log (context, config,
+ 0, "TCP data of strange type from %s to %s/%d",
+ d[idx].addr_string, descr_type(d + idx),
+ ntohs(d[idx].port));
+ if (d[idx].buf[0] & 0x80) {
+ krb5_data reply;
+
+ kdc_log (context, config, 0, "TCP extension not supported");
+
+ ret = krb5_mk_error(context,
+ KRB5KRB_ERR_FIELD_TOOLONG,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &reply);
+ if (ret == 0) {
+ send_reply(context, config, TRUE, d + idx, &reply);
+ krb5_data_free(&reply);
+ }
+ }
+ clear_descr(d + idx);
+ return;
+ }
+ if (ret < 0)
+ return;
+ else if (ret == 1) {
+ do_request(context, config,
+ d[idx].buf, d[idx].len, TRUE, &d[idx]);
+ clear_descr(d + idx);
+ }
+}
+
+void
+loop(krb5_context context,
+ krb5_kdc_configuration *config)
+{
+ struct descr *d;
+ int ndescr;
+
+ ndescr = init_sockets(context, config, &d);
+ if(ndescr <= 0)
+ krb5_errx(context, 1, "No sockets!");
+ kdc_log(context, config, 0, "KDC started");
+ while(exit_flag == 0){
+ struct timeval tmout;
+ fd_set fds;
+ int min_free = -1;
+ int max_fd = 0;
+ int i;
+
+ FD_ZERO(&fds);
+ for(i = 0; i < ndescr; i++) {
+ if(d[i].s >= 0){
+ if(d[i].type == SOCK_STREAM &&
+ d[i].timeout && d[i].timeout < time(NULL)) {
+ kdc_log(context, config, 1,
+ "TCP-connection from %s expired after %lu bytes",
+ d[i].addr_string, (unsigned long)d[i].len);
+ clear_descr(&d[i]);
+ continue;
+ }
+ if(max_fd < d[i].s)
+ max_fd = d[i].s;
+ if (max_fd >= FD_SETSIZE)
+ krb5_errx(context, 1, "fd too large");
+ FD_SET(d[i].s, &fds);
+ } else if(min_free < 0 || i < min_free)
+ min_free = i;
+ }
+ if(min_free == -1){
+ struct descr *tmp;
+ tmp = realloc(d, (ndescr + 4) * sizeof(*d));
+ if(tmp == NULL)
+ krb5_warnx(context, "No memory");
+ else {
+ d = tmp;
+ reinit_descrs (d, ndescr);
+ memset(d + ndescr, 0, 4 * sizeof(*d));
+ for(i = ndescr; i < ndescr + 4; i++)
+ init_descr (&d[i]);
+ min_free = ndescr;
+ ndescr += 4;
+ }
+ }
+
+ tmout.tv_sec = TCP_TIMEOUT;
+ tmout.tv_usec = 0;
+ switch(select(max_fd + 1, &fds, 0, 0, &tmout)){
+ case 0:
+ break;
+ case -1:
+ if (errno != EINTR)
+ krb5_warn(context, errno, "select");
+ break;
+ default:
+ for(i = 0; i < ndescr; i++)
+ if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) {
+ if(d[i].type == SOCK_DGRAM)
+ handle_udp(context, config, &d[i]);
+ else if(d[i].type == SOCK_STREAM)
+ handle_tcp(context, config, d, i, min_free);
+ }
+ }
+ }
+ if(exit_flag == SIGXCPU)
+ kdc_log(context, config, 0, "CPU time limit exceeded");
+ else if(exit_flag == SIGINT || exit_flag == SIGTERM)
+ kdc_log(context, config, 0, "Terminated");
+ else
+ kdc_log(context, config, 0, "Unexpected exit reason: %d", exit_flag);
+ free (d);
+}
Added: vendor-crypto/heimdal/dist/kdc/default_config.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/default_config.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/default_config.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,285 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+#include <getarg.h>
+#include <parse_bytes.h>
+
+RCSID("$Id: default_config.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
+{
+ krb5_kdc_configuration *c;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ c->require_preauth = TRUE;
+ c->kdc_warn_pwexpire = 0;
+ c->encode_as_rep_as_tgs_rep = FALSE;
+ c->check_ticket_addresses = TRUE;
+ c->allow_null_ticket_addresses = TRUE;
+ c->allow_anonymous = FALSE;
+ c->trpolicy = TRPOLICY_ALWAYS_CHECK;
+ c->enable_v4 = FALSE;
+ c->enable_kaserver = FALSE;
+ c->enable_524 = FALSE;
+ c->enable_v4_cross_realm = FALSE;
+ c->enable_pkinit = FALSE;
+ c->pkinit_princ_in_cert = TRUE;
+ c->pkinit_require_binding = TRUE;
+ c->db = NULL;
+ c->num_db = 0;
+ c->logf = NULL;
+
+ c->require_preauth =
+ krb5_config_get_bool_default(context, NULL,
+ c->require_preauth,
+ "kdc", "require-preauth", NULL);
+ c->enable_v4 =
+ krb5_config_get_bool_default(context, NULL,
+ c->enable_v4,
+ "kdc", "enable-kerberos4", NULL);
+ c->enable_v4_cross_realm =
+ krb5_config_get_bool_default(context, NULL,
+ c->enable_v4_cross_realm,
+ "kdc",
+ "enable-kerberos4-cross-realm", NULL);
+ c->enable_524 =
+ krb5_config_get_bool_default(context, NULL,
+ c->enable_v4,
+ "kdc", "enable-524", NULL);
+ c->enable_digest =
+ krb5_config_get_bool_default(context, NULL,
+ FALSE,
+ "kdc", "enable-digest", NULL);
+
+ {
+ const char *digests;
+
+ digests = krb5_config_get_string(context, NULL,
+ "kdc",
+ "digests_allowed", NULL);
+ if (digests == NULL)
+ digests = "ntlm-v2";
+ c->digests_allowed = parse_flags(digests,_kdc_digestunits, 0);
+ if (c->digests_allowed == -1) {
+ kdc_log(context, c, 0,
+ "unparsable digest units (%s), turning off digest",
+ digests);
+ c->enable_digest = 0;
+ } else if (c->digests_allowed == 0) {
+ kdc_log(context, c, 0,
+ "no digest enable, turning digest off",
+ digests);
+ c->enable_digest = 0;
+ }
+ }
+
+ c->enable_kx509 =
+ krb5_config_get_bool_default(context, NULL,
+ FALSE,
+ "kdc", "enable-kx509", NULL);
+
+ if (c->enable_kx509) {
+ c->kx509_template =
+ krb5_config_get_string(context, NULL,
+ "kdc", "kx509_template", NULL);
+ c->kx509_ca =
+ krb5_config_get_string(context, NULL,
+ "kdc", "kx509_ca", NULL);
+ if (c->kx509_ca == NULL || c->kx509_template == NULL) {
+ kdc_log(context, c, 0,
+ "missing kx509 configuration, turning off");
+ c->enable_kx509 = FALSE;
+ }
+ }
+
+ c->check_ticket_addresses =
+ krb5_config_get_bool_default(context, NULL,
+ c->check_ticket_addresses,
+ "kdc",
+ "check-ticket-addresses", NULL);
+ c->allow_null_ticket_addresses =
+ krb5_config_get_bool_default(context, NULL,
+ c->allow_null_ticket_addresses,
+ "kdc",
+ "allow-null-ticket-addresses", NULL);
+
+ c->allow_anonymous =
+ krb5_config_get_bool_default(context, NULL,
+ c->allow_anonymous,
+ "kdc",
+ "allow-anonymous", NULL);
+
+ c->max_datagram_reply_length =
+ krb5_config_get_int_default(context,
+ NULL,
+ 1400,
+ "kdc",
+ "max-kdc-datagram-reply-length",
+ NULL);
+
+ {
+ const char *trpolicy_str;
+
+ trpolicy_str =
+ krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc",
+ "transited-policy", NULL);
+ if(strcasecmp(trpolicy_str, "always-check") == 0) {
+ c->trpolicy = TRPOLICY_ALWAYS_CHECK;
+ } else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) {
+ c->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
+ } else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) {
+ c->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
+ } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) {
+ /* default */
+ } else {
+ kdc_log(context, c, 0,
+ "unknown transited-policy: %s, "
+ "reverting to default (always-check)",
+ trpolicy_str);
+ }
+ }
+
+ {
+ const char *p;
+ p = krb5_config_get_string (context, NULL,
+ "kdc",
+ "v4-realm",
+ NULL);
+ if(p != NULL) {
+ c->v4_realm = strdup(p);
+ if (c->v4_realm == NULL)
+ krb5_errx(context, 1, "out of memory");
+ } else {
+ c->v4_realm = NULL;
+ }
+ }
+
+ c->enable_kaserver =
+ krb5_config_get_bool_default(context,
+ NULL,
+ c->enable_kaserver,
+ "kdc", "enable-kaserver", NULL);
+
+
+ c->encode_as_rep_as_tgs_rep =
+ krb5_config_get_bool_default(context, NULL,
+ c->encode_as_rep_as_tgs_rep,
+ "kdc",
+ "encode_as_rep_as_tgs_rep", NULL);
+
+ c->kdc_warn_pwexpire =
+ krb5_config_get_time_default (context, NULL,
+ c->kdc_warn_pwexpire,
+ "kdc", "kdc_warn_pwexpire", NULL);
+
+
+#ifdef PKINIT
+ c->enable_pkinit =
+ krb5_config_get_bool_default(context,
+ NULL,
+ c->enable_pkinit,
+ "kdc",
+ "enable-pkinit",
+ NULL);
+ if (c->enable_pkinit) {
+ const char *user_id, *anchors, *ocsp_file;
+ char **pool_list, **revoke_list;
+
+ user_id =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_identity", NULL);
+ if (user_id == NULL)
+ krb5_errx(context, 1, "pkinit enabled but no identity");
+
+ anchors = krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_anchors", NULL);
+ if (anchors == NULL)
+ krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
+
+ pool_list =
+ krb5_config_get_strings(context, NULL,
+ "kdc", "pkinit_pool", NULL);
+
+ revoke_list =
+ krb5_config_get_strings(context, NULL,
+ "kdc", "pkinit_revoke", NULL);
+
+ ocsp_file =
+ krb5_config_get_string(context, NULL,
+ "kdc", "pkinit_kdc_ocsp", NULL);
+ if (ocsp_file) {
+ c->pkinit_kdc_ocsp_file = strdup(ocsp_file);
+ if (c->pkinit_kdc_ocsp_file == NULL)
+ krb5_errx(context, 1, "out of memory");
+ }
+
+ _kdc_pk_initialize(context, c, user_id, anchors,
+ pool_list, revoke_list);
+
+ krb5_config_free_strings(pool_list);
+ krb5_config_free_strings(revoke_list);
+
+ c->pkinit_princ_in_cert =
+ krb5_config_get_bool_default(context, NULL,
+ c->pkinit_princ_in_cert,
+ "kdc",
+ "pkinit_principal_in_certificate",
+ NULL);
+
+ c->pkinit_require_binding =
+ krb5_config_get_bool_default(context, NULL,
+ c->pkinit_require_binding,
+ "kdc",
+ "pkinit_win2k_require_binding",
+ NULL);
+ }
+
+ c->pkinit_dh_min_bits =
+ krb5_config_get_int_default(context, NULL,
+ 0,
+ "kdc", "pkinit_dh_min_bits", NULL);
+
+#endif
+
+ *config = c;
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/digest.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/digest.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/digest.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1456 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+#include <hex.h>
+
+RCSID("$Id: digest.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+#define MS_CHAP_V2 0x20
+#define CHAP_MD5 0x10
+#define DIGEST_MD5 0x08
+#define NTLM_V2 0x04
+#define NTLM_V1_SESSION 0x02
+#define NTLM_V1 0x01
+
+const struct units _kdc_digestunits[] = {
+ {"ms-chap-v2", 1U << 5},
+ {"chap-md5", 1U << 4},
+ {"digest-md5", 1U << 3},
+ {"ntlm-v2", 1U << 2},
+ {"ntlm-v1-session", 1U << 1},
+ {"ntlm-v1", 1U << 0},
+ {NULL, 0}
+};
+
+
+static krb5_error_code
+get_digest_key(krb5_context context,
+ krb5_kdc_configuration *config,
+ hdb_entry_ex *server,
+ krb5_crypto *crypto)
+{
+ krb5_error_code ret;
+ krb5_enctype enctype;
+ Key *key;
+
+ ret = _kdc_get_preferred_key(context,
+ config,
+ server,
+ "digest-service",
+ &enctype,
+ &key);
+ if (ret)
+ return ret;
+ return krb5_crypto_init(context, &key->key, 0, crypto);
+}
+
+/*
+ *
+ */
+
+static char *
+get_ntlm_targetname(krb5_context context,
+ hdb_entry_ex *client)
+{
+ char *targetname, *p;
+
+ targetname = strdup(krb5_principal_get_realm(context,
+ client->entry.principal));
+ if (targetname == NULL)
+ return NULL;
+
+ p = strchr(targetname, '.');
+ if (p)
+ *p = '\0';
+
+ strupr(targetname);
+ return targetname;
+}
+
+static krb5_error_code
+fill_targetinfo(krb5_context context,
+ char *targetname,
+ hdb_entry_ex *client,
+ krb5_data *data)
+{
+ struct ntlm_targetinfo ti;
+ krb5_error_code ret;
+ struct ntlm_buf d;
+ krb5_principal p;
+ const char *str;
+
+ memset(&ti, 0, sizeof(ti));
+
+ ti.domainname = targetname;
+ p = client->entry.principal;
+ str = krb5_principal_get_comp_string(context, p, 0);
+ if (str != NULL &&
+ (strcmp("host", str) == 0 ||
+ strcmp("ftp", str) == 0 ||
+ strcmp("imap", str) == 0 ||
+ strcmp("pop", str) == 0 ||
+ strcmp("smtp", str)))
+ {
+ str = krb5_principal_get_comp_string(context, p, 1);
+ ti.dnsservername = rk_UNCONST(str);
+ }
+
+ ret = heim_ntlm_encode_targetinfo(&ti, 1, &d);
+ if (ret)
+ return ret;
+
+ data->data = d.data;
+ data->length = d.length;
+
+ return 0;
+}
+
+
+static const unsigned char ms_chap_v2_magic1[39] = {
+ 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
+ 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
+ 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
+ 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
+};
+static const unsigned char ms_chap_v2_magic2[41] = {
+ 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
+ 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
+ 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
+ 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
+ 0x6E
+};
+static const unsigned char ms_rfc3079_magic1[27] = {
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
+};
+
+/*
+ *
+ */
+
+static krb5_error_code
+get_password_entry(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *username,
+ char **password)
+{
+ krb5_principal clientprincipal;
+ krb5_error_code ret;
+ hdb_entry_ex *user;
+ HDB *db;
+
+ /* get username */
+ ret = krb5_parse_name(context, username, &clientprincipal);
+ if (ret)
+ return ret;
+
+ ret = _kdc_db_fetch(context, config, clientprincipal,
+ HDB_F_GET_CLIENT, &db, &user);
+ krb5_free_principal(context, clientprincipal);
+ if (ret)
+ return ret;
+
+ ret = hdb_entry_get_password(context, db, &user->entry, password);
+ if (ret || password == NULL) {
+ if (ret == 0) {
+ ret = EINVAL;
+ krb5_set_error_string(context, "password missing");
+ }
+ memset(user, 0, sizeof(*user));
+ }
+ _kdc_free_ent (context, user);
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_do_digest(krb5_context context,
+ krb5_kdc_configuration *config,
+ const DigestREQ *req, krb5_data *reply,
+ const char *from, struct sockaddr *addr)
+{
+ krb5_error_code ret = 0;
+ krb5_ticket *ticket = NULL;
+ krb5_auth_context ac = NULL;
+ krb5_keytab id = NULL;
+ krb5_crypto crypto = NULL;
+ DigestReqInner ireq;
+ DigestRepInner r;
+ DigestREP rep;
+ krb5_flags ap_req_options;
+ krb5_data buf;
+ size_t size;
+ krb5_storage *sp = NULL;
+ Checksum res;
+ hdb_entry_ex *server = NULL, *user = NULL;
+ hdb_entry_ex *client = NULL;
+ char *client_name = NULL, *password = NULL;
+ krb5_data serverNonce;
+
+ if(!config->enable_digest) {
+ kdc_log(context, config, 0,
+ "Rejected digest request (disabled) from %s", from);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ krb5_data_zero(&buf);
+ krb5_data_zero(reply);
+ krb5_data_zero(&serverNonce);
+ memset(&ireq, 0, sizeof(ireq));
+ memset(&r, 0, sizeof(r));
+ memset(&rep, 0, sizeof(rep));
+
+ kdc_log(context, config, 0, "Digest request from %s", from);
+
+ ret = krb5_kt_resolve(context, "HDB:", &id);
+ if (ret) {
+ kdc_log(context, config, 0, "Can't open database for digest");
+ goto out;
+ }
+
+ ret = krb5_rd_req(context,
+ &ac,
+ &req->apReq,
+ NULL,
+ id,
+ &ap_req_options,
+ &ticket);
+ if (ret)
+ goto out;
+
+ /* check the server principal in the ticket matches digest/R at R */
+ {
+ krb5_principal principal = NULL;
+ const char *p, *r;
+
+ ret = krb5_ticket_get_server(context, ticket, &principal);
+ if (ret)
+ goto out;
+
+ ret = EINVAL;
+ krb5_set_error_string(context, "Wrong digest server principal used");
+ p = krb5_principal_get_comp_string(context, principal, 0);
+ if (p == NULL) {
+ krb5_free_principal(context, principal);
+ goto out;
+ }
+ if (strcmp(p, KRB5_DIGEST_NAME) != 0) {
+ krb5_free_principal(context, principal);
+ goto out;
+ }
+
+ p = krb5_principal_get_comp_string(context, principal, 1);
+ if (p == NULL) {
+ krb5_free_principal(context, principal);
+ goto out;
+ }
+ r = krb5_principal_get_realm(context, principal);
+ if (r == NULL) {
+ krb5_free_principal(context, principal);
+ goto out;
+ }
+ if (strcmp(p, r) != 0) {
+ krb5_free_principal(context, principal);
+ goto out;
+ }
+ krb5_clear_error_string(context);
+
+ ret = _kdc_db_fetch(context, config, principal,
+ HDB_F_GET_SERVER, NULL, &server);
+ if (ret)
+ goto out;
+
+ krb5_free_principal(context, principal);
+ }
+
+ /* check the client is allowed to do digest auth */
+ {
+ krb5_principal principal = NULL;
+
+ ret = krb5_ticket_get_client(context, ticket, &principal);
+ if (ret)
+ goto out;
+
+ ret = krb5_unparse_name(context, principal, &client_name);
+ if (ret) {
+ krb5_free_principal(context, principal);
+ goto out;
+ }
+
+ ret = _kdc_db_fetch(context, config, principal,
+ HDB_F_GET_CLIENT, NULL, &client);
+ krb5_free_principal(context, principal);
+ if (ret)
+ goto out;
+
+ if (client->entry.flags.allow_digest == 0) {
+ kdc_log(context, config, 0,
+ "Client %s tried to use digest "
+ "but is not allowed to",
+ client_name);
+ krb5_set_error_string(context,
+ "Client is not permitted to use digest");
+ ret = KRB5KDC_ERR_POLICY;
+ goto out;
+ }
+ }
+
+ /* unpack request */
+ {
+ krb5_keyblock *key;
+
+ ret = krb5_auth_con_getremotesubkey(context, ac, &key);
+ if (ret)
+ goto out;
+ if (key == NULL) {
+ krb5_set_error_string(context, "digest: remote subkey not found");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ goto out;
+ }
+
+ ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
+ &req->innerReq, &buf);
+ krb5_crypto_destroy(context, crypto);
+ crypto = NULL;
+ if (ret)
+ goto out;
+
+ ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
+ krb5_data_free(&buf);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode digest inner request");
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "Valid digest request from %s (%s)",
+ client_name, from);
+
+ /*
+ * Process the inner request
+ */
+
+ switch (ireq.element) {
+ case choice_DigestReqInner_init: {
+ unsigned char server_nonce[16], identifier;
+
+ RAND_pseudo_bytes(&identifier, sizeof(identifier));
+ RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
+
+ server_nonce[0] = kdc_time & 0xff;
+ server_nonce[1] = (kdc_time >> 8) & 0xff;
+ server_nonce[2] = (kdc_time >> 16) & 0xff;
+ server_nonce[3] = (kdc_time >> 24) & 0xff;
+
+ r.element = choice_DigestRepInner_initReply;
+
+ hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
+ if (r.u.initReply.nonce == NULL) {
+ krb5_set_error_string(context, "Failed to decode server nonce");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+ ret = krb5_store_stringz(sp, ireq.u.init.type);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ if (ireq.u.init.channel) {
+ char *s;
+
+ asprintf(&s, "%s-%s:%s", r.u.initReply.nonce,
+ ireq.u.init.channel->cb_type,
+ ireq.u.init.channel->cb_binding);
+ if (s == NULL) {
+ krb5_set_error_string(context, "Failed to allocate "
+ "channel binding");
+ ret = ENOMEM;
+ goto out;
+ }
+ free(r.u.initReply.nonce);
+ r.u.initReply.nonce = s;
+ }
+
+ ret = krb5_store_stringz(sp, r.u.initReply.nonce);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ if (strcasecmp(ireq.u.init.type, "CHAP") == 0) {
+ r.u.initReply.identifier =
+ malloc(sizeof(*r.u.initReply.identifier));
+ if (r.u.initReply.identifier == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
+ if (*r.u.initReply.identifier == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ } else
+ r.u.initReply.identifier = NULL;
+
+ if (ireq.u.init.hostname) {
+ ret = krb5_store_stringz(sp, *ireq.u.init.hostname);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ ret = krb5_storage_to_data(sp, &buf);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ ret = get_digest_key(context, config, server, &crypto);
+ if (ret)
+ goto out;
+
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_DIGEST_OPAQUE,
+ 0,
+ buf.data,
+ buf.length,
+ &res);
+ krb5_crypto_destroy(context, crypto);
+ crypto = NULL;
+ krb5_data_free(&buf);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
+ free_Checksum(&res);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to encode "
+ "checksum in digest request");
+ goto out;
+ }
+ if (size != buf.length)
+ krb5_abortx(context, "ASN1 internal error");
+
+ hex_encode(buf.data, buf.length, &r.u.initReply.opaque);
+ free(buf.data);
+ if (r.u.initReply.opaque == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "Digest %s init request successful from %s",
+ ireq.u.init.type, from);
+
+ break;
+ }
+ case choice_DigestReqInner_digestRequest: {
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+ ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce);
+
+ if (ireq.u.digestRequest.hostname) {
+ ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ buf.length = strlen(ireq.u.digestRequest.opaque);
+ buf.data = malloc(buf.length);
+ if (buf.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
+ if (ret <= 0) {
+ krb5_set_error_string(context, "Failed to decode opaque");
+ ret = ENOMEM;
+ goto out;
+ }
+ buf.length = ret;
+
+ ret = decode_Checksum(buf.data, buf.length, &res, NULL);
+ free(buf.data);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode digest Checksum");
+ goto out;
+ }
+
+ ret = krb5_storage_to_data(sp, &buf);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
+ serverNonce.data = malloc(serverNonce.length);
+ if (serverNonce.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ /*
+ * CHAP does the checksum of the raw nonce, but do it for all
+ * types, since we need to check the timestamp.
+ */
+ {
+ ssize_t ssize;
+
+ ssize = hex_decode(ireq.u.digestRequest.serverNonce,
+ serverNonce.data, serverNonce.length);
+ if (ssize <= 0) {
+ krb5_set_error_string(context, "Failed to decode serverNonce");
+ ret = ENOMEM;
+ goto out;
+ }
+ serverNonce.length = ssize;
+ }
+
+ ret = get_digest_key(context, config, server, &crypto);
+ if (ret)
+ goto out;
+
+ ret = krb5_verify_checksum(context, crypto,
+ KRB5_KU_DIGEST_OPAQUE,
+ buf.data, buf.length, &res);
+ krb5_crypto_destroy(context, crypto);
+ crypto = NULL;
+ if (ret)
+ goto out;
+
+ /* verify time */
+ {
+ unsigned char *p = serverNonce.data;
+ uint32_t t;
+
+ if (serverNonce.length < 4) {
+ krb5_set_error_string(context, "server nonce too short");
+ ret = EINVAL;
+ goto out;
+ }
+ t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
+
+ if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
+ krb5_set_error_string(context, "time screw in server nonce ");
+ ret = EINVAL;
+ goto out;
+ }
+ }
+
+ if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
+ MD5_CTX ctx;
+ unsigned char md[MD5_DIGEST_LENGTH];
+ char *mdx;
+ char id;
+
+ if ((config->digests_allowed & CHAP_MD5) == 0) {
+ kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
+ goto out;
+ }
+
+ if (ireq.u.digestRequest.identifier == NULL) {
+ krb5_set_error_string(context, "Identifier missing "
+ "from CHAP request");
+ ret = EINVAL;
+ goto out;
+ }
+
+ if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
+ krb5_set_error_string(context, "failed to decode identifier");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = get_password_entry(context, config,
+ ireq.u.digestRequest.username,
+ &password);
+ if (ret)
+ goto out;
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, &id, 1);
+ MD5_Update(&ctx, password, strlen(password));
+ MD5_Update(&ctx, serverNonce.data, serverNonce.length);
+ MD5_Final(md, &ctx);
+
+ hex_encode(md, sizeof(md), &mdx);
+ if (mdx == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ r.element = choice_DigestRepInner_response;
+
+ ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
+ free(mdx);
+ if (ret == 0) {
+ r.u.response.success = TRUE;
+ } else {
+ kdc_log(context, config, 0,
+ "CHAP reply mismatch for %s",
+ ireq.u.digestRequest.username);
+ r.u.response.success = FALSE;
+ }
+
+ } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
+ MD5_CTX ctx;
+ unsigned char md[MD5_DIGEST_LENGTH];
+ char *mdx;
+ char *A1, *A2;
+
+ if ((config->digests_allowed & DIGEST_MD5) == 0) {
+ kdc_log(context, config, 0, "Digest SASL MD5 not allowed");
+ goto out;
+ }
+
+ if (ireq.u.digestRequest.nonceCount == NULL)
+ goto out;
+ if (ireq.u.digestRequest.clientNonce == NULL)
+ goto out;
+ if (ireq.u.digestRequest.qop == NULL)
+ goto out;
+ if (ireq.u.digestRequest.realm == NULL)
+ goto out;
+
+ ret = get_password_entry(context, config,
+ ireq.u.digestRequest.username,
+ &password);
+ if (ret)
+ goto failed;
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, ireq.u.digestRequest.username,
+ strlen(ireq.u.digestRequest.username));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.realm,
+ strlen(*ireq.u.digestRequest.realm));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, password, strlen(password));
+ MD5_Final(md, &ctx);
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, md, sizeof(md));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
+ strlen(ireq.u.digestRequest.serverNonce));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
+ strlen(*ireq.u.digestRequest.nonceCount));
+ if (ireq.u.digestRequest.authid) {
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.authid,
+ strlen(*ireq.u.digestRequest.authid));
+ }
+ MD5_Final(md, &ctx);
+ hex_encode(md, sizeof(md), &A1);
+ if (A1 == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto failed;
+ }
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.uri,
+ strlen(*ireq.u.digestRequest.uri));
+
+ /* conf|int */
+ if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
+ static char conf_zeros[] = ":00000000000000000000000000000000";
+ MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
+ }
+
+ MD5_Final(md, &ctx);
+ hex_encode(md, sizeof(md), &A2);
+ if (A2 == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ free(A1);
+ goto failed;
+ }
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, A1, strlen(A2));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
+ strlen(ireq.u.digestRequest.serverNonce));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
+ strlen(*ireq.u.digestRequest.nonceCount));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,
+ strlen(*ireq.u.digestRequest.clientNonce));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, *ireq.u.digestRequest.qop,
+ strlen(*ireq.u.digestRequest.qop));
+ MD5_Update(&ctx, ":", 1);
+ MD5_Update(&ctx, A2, strlen(A2));
+
+ MD5_Final(md, &ctx);
+
+ free(A1);
+ free(A2);
+
+ hex_encode(md, sizeof(md), &mdx);
+ if (mdx == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ r.element = choice_DigestRepInner_response;
+ ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
+ free(mdx);
+ if (ret == 0) {
+ r.u.response.success = TRUE;
+ } else {
+ kdc_log(context, config, 0,
+ "DIGEST-MD5 reply mismatch for %s",
+ ireq.u.digestRequest.username);
+ r.u.response.success = FALSE;
+ }
+
+ } else if (strcasecmp(ireq.u.digestRequest.type, "MS-CHAP-V2") == 0) {
+ unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH];
+ krb5_principal clientprincipal = NULL;
+ char *mdx;
+ const char *username;
+ struct ntlm_buf answer;
+ Key *key = NULL;
+ SHA_CTX ctx;
+
+ if ((config->digests_allowed & MS_CHAP_V2) == 0) {
+ kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
+ goto failed;
+ }
+
+ if (ireq.u.digestRequest.clientNonce == NULL) {
+ krb5_set_error_string(context,
+ "MS-CHAP-V2 clientNonce missing");
+ ret = EINVAL;
+ goto failed;
+ }
+ if (serverNonce.length != 16) {
+ krb5_set_error_string(context,
+ "MS-CHAP-V2 serverNonce wrong length");
+ ret = EINVAL;
+ goto failed;
+ }
+
+ /* strip of the domain component */
+ username = strchr(ireq.u.digestRequest.username, '\\');
+ if (username == NULL)
+ username = ireq.u.digestRequest.username;
+ else
+ username++;
+
+ /* ChallangeHash */
+ SHA1_Init(&ctx);
+ {
+ ssize_t ssize;
+ krb5_data clientNonce;
+
+ clientNonce.length = strlen(*ireq.u.digestRequest.clientNonce);
+ clientNonce.data = malloc(clientNonce.length);
+ if (clientNonce.data == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+
+ ssize = hex_decode(*ireq.u.digestRequest.clientNonce,
+ clientNonce.data, clientNonce.length);
+ if (ssize != 16) {
+ krb5_set_error_string(context,
+ "Failed to decode clientNonce");
+ ret = ENOMEM;
+ goto out;
+ }
+ SHA1_Update(&ctx, clientNonce.data, ssize);
+ free(clientNonce.data);
+ }
+ SHA1_Update(&ctx, serverNonce.data, serverNonce.length);
+ SHA1_Update(&ctx, username, strlen(username));
+ SHA1_Final(challange, &ctx);
+
+ /* NtPasswordHash */
+ ret = krb5_parse_name(context, username, &clientprincipal);
+ if (ret)
+ goto failed;
+
+ ret = _kdc_db_fetch(context, config, clientprincipal,
+ HDB_F_GET_CLIENT, NULL, &user);
+ krb5_free_principal(context, clientprincipal);
+ if (ret) {
+ krb5_set_error_string(context,
+ "MS-CHAP-V2 user %s not in database",
+ username);
+ goto failed;
+ }
+
+ ret = hdb_enctype2key(context, &user->entry,
+ ETYPE_ARCFOUR_HMAC_MD5, &key);
+ if (ret) {
+ krb5_set_error_string(context,
+ "MS-CHAP-V2 missing arcfour key %s",
+ username);
+ goto failed;
+ }
+
+ /* ChallengeResponse */
+ ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
+ key->key.keyvalue.length,
+ challange, &answer);
+ if (ret) {
+ krb5_set_error_string(context, "NTLM missing arcfour key");
+ goto failed;
+ }
+
+ hex_encode(answer.data, answer.length, &mdx);
+ if (mdx == NULL) {
+ free(answer.data);
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ r.element = choice_DigestRepInner_response;
+ ret = strcasecmp(mdx, ireq.u.digestRequest.responseData);
+ if (ret == 0) {
+ r.u.response.success = TRUE;
+ } else {
+ kdc_log(context, config, 0,
+ "MS-CHAP-V2 hash mismatch for %s",
+ ireq.u.digestRequest.username);
+ r.u.response.success = FALSE;
+ }
+ free(mdx);
+
+ if (r.u.response.success) {
+ unsigned char hashhash[MD4_DIGEST_LENGTH];
+
+ /* hashhash */
+ {
+ MD4_CTX hctx;
+
+ MD4_Init(&hctx);
+ MD4_Update(&hctx, key->key.keyvalue.data,
+ key->key.keyvalue.length);
+ MD4_Final(hashhash, &hctx);
+ }
+
+ /* GenerateAuthenticatorResponse */
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, hashhash, sizeof(hashhash));
+ SHA1_Update(&ctx, answer.data, answer.length);
+ SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1));
+ SHA1_Final(md, &ctx);
+
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, md, sizeof(md));
+ SHA1_Update(&ctx, challange, 8);
+ SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
+ SHA1_Final(md, &ctx);
+
+ r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
+ if (r.u.response.rsp == NULL) {
+ free(answer.data);
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ hex_encode(md, sizeof(md), r.u.response.rsp);
+ if (r.u.response.rsp == NULL) {
+ free(answer.data);
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ /* get_master, rfc 3079 3.4 */
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */
+ SHA1_Update(&ctx, answer.data, answer.length);
+ SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
+ SHA1_Final(md, &ctx);
+
+ free(answer.data);
+
+ r.u.response.session_key =
+ calloc(1, sizeof(*r.u.response.session_key));
+ if (r.u.response.session_key == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = krb5_data_copy(r.u.response.session_key, md, 16);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ } else {
+ r.element = choice_DigestRepInner_error;
+ asprintf(&r.u.error.reason, "Unsupported digest type %s",
+ ireq.u.digestRequest.type);
+ if (r.u.error.reason == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ r.u.error.code = EINVAL;
+ }
+
+ kdc_log(context, config, 0, "Digest %s request successful %s",
+ ireq.u.digestRequest.type, ireq.u.digestRequest.username);
+
+ break;
+ }
+ case choice_DigestReqInner_ntlmInit:
+
+ if ((config->digests_allowed & (NTLM_V1|NTLM_V1_SESSION|NTLM_V2)) == 0) {
+ kdc_log(context, config, 0, "NTLM not allowed");
+ goto failed;
+ }
+
+ r.element = choice_DigestRepInner_ntlmInitReply;
+
+ r.u.ntlmInitReply.flags = NTLM_NEG_UNICODE;
+
+ if ((ireq.u.ntlmInit.flags & NTLM_NEG_UNICODE) == 0) {
+ kdc_log(context, config, 0, "NTLM client have no unicode");
+ goto failed;
+ }
+
+ if (ireq.u.ntlmInit.flags & NTLM_NEG_NTLM)
+ r.u.ntlmInitReply.flags |= NTLM_NEG_NTLM;
+ else {
+ kdc_log(context, config, 0, "NTLM client doesn't support NTLM");
+ goto failed;
+ }
+
+ r.u.ntlmInitReply.flags |=
+ NTLM_NEG_TARGET |
+ NTLM_TARGET_DOMAIN |
+ NTLM_ENC_128;
+
+#define ALL \
+ NTLM_NEG_SIGN| \
+ NTLM_NEG_SEAL| \
+ NTLM_NEG_ALWAYS_SIGN| \
+ NTLM_NEG_NTLM2_SESSION| \
+ NTLM_NEG_KEYEX
+
+ r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL));
+
+#undef ALL
+
+ r.u.ntlmInitReply.targetname =
+ get_ntlm_targetname(context, client);
+ if (r.u.ntlmInitReply.targetname == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ r.u.ntlmInitReply.challange.data = malloc(8);
+ if (r.u.ntlmInitReply.challange.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ r.u.ntlmInitReply.challange.length = 8;
+ if (RAND_bytes(r.u.ntlmInitReply.challange.data,
+ r.u.ntlmInitReply.challange.length) != 1)
+ {
+ krb5_set_error_string(context, "out of random error");
+ ret = ENOMEM;
+ goto out;
+ }
+ /* XXX fix targetinfo */
+ ALLOC(r.u.ntlmInitReply.targetinfo);
+ if (r.u.ntlmInitReply.targetinfo == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = fill_targetinfo(context,
+ r.u.ntlmInitReply.targetname,
+ client,
+ r.u.ntlmInitReply.targetinfo);
+ if (ret) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ /*
+ * Save data encryted in opaque for the second part of the
+ * ntlm authentication
+ */
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+
+ ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
+ if (ret != 8) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "storage write challange");
+ goto out;
+ }
+ ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ ret = krb5_storage_to_data(sp, &buf);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ ret = get_digest_key(context, config, server, &crypto);
+ if (ret)
+ goto out;
+
+ ret = krb5_encrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE,
+ buf.data, buf.length, &r.u.ntlmInitReply.opaque);
+ krb5_data_free(&buf);
+ krb5_crypto_destroy(context, crypto);
+ crypto = NULL;
+ if (ret)
+ goto out;
+
+ kdc_log(context, config, 0, "NTLM init from %s", from);
+
+ break;
+
+ case choice_DigestReqInner_ntlmRequest: {
+ krb5_principal clientprincipal;
+ unsigned char sessionkey[16];
+ unsigned char challange[8];
+ uint32_t flags;
+ Key *key = NULL;
+ int version;
+
+ r.element = choice_DigestRepInner_ntlmResponse;
+ r.u.ntlmResponse.success = 0;
+ r.u.ntlmResponse.flags = 0;
+ r.u.ntlmResponse.sessionkey = NULL;
+ r.u.ntlmResponse.tickets = NULL;
+
+ /* get username */
+ ret = krb5_parse_name(context,
+ ireq.u.ntlmRequest.username,
+ &clientprincipal);
+ if (ret)
+ goto failed;
+
+ ret = _kdc_db_fetch(context, config, clientprincipal,
+ HDB_F_GET_CLIENT, NULL, &user);
+ krb5_free_principal(context, clientprincipal);
+ if (ret) {
+ krb5_set_error_string(context, "NTLM user %s not in database",
+ ireq.u.ntlmRequest.username);
+ goto failed;
+ }
+
+ ret = get_digest_key(context, config, server, &crypto);
+ if (ret)
+ goto failed;
+
+ ret = krb5_decrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE,
+ ireq.u.ntlmRequest.opaque.data,
+ ireq.u.ntlmRequest.opaque.length, &buf);
+ krb5_crypto_destroy(context, crypto);
+ crypto = NULL;
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Failed to decrypt nonce from %s", from);
+ goto failed;
+ }
+
+ sp = krb5_storage_from_data(&buf);
+ if (sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+
+ ret = krb5_storage_read(sp, challange, sizeof(challange));
+ if (ret != sizeof(challange)) {
+ krb5_set_error_string(context, "NTLM storage read challange");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = krb5_ret_uint32(sp, &flags);
+ if (ret) {
+ krb5_set_error_string(context, "NTLM storage read flags");
+ goto out;
+ }
+ krb5_data_free(&buf);
+
+ if ((flags & NTLM_NEG_NTLM) == 0) {
+ ret = EINVAL;
+ krb5_set_error_string(context, "NTLM not negotiated");
+ goto out;
+ }
+
+ ret = hdb_enctype2key(context, &user->entry,
+ ETYPE_ARCFOUR_HMAC_MD5, &key);
+ if (ret) {
+ krb5_set_error_string(context, "NTLM missing arcfour key");
+ goto out;
+ }
+
+ /* check if this is NTLMv2 */
+ if (ireq.u.ntlmRequest.ntlm.length != 24) {
+ struct ntlm_buf infotarget, answer;
+ char *targetname;
+
+ if ((config->digests_allowed & NTLM_V2) == 0) {
+ kdc_log(context, config, 0, "NTLM v2 not allowed");
+ goto out;
+ }
+
+ version = 2;
+
+ targetname = get_ntlm_targetname(context, client);
+ if (targetname == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ answer.length = ireq.u.ntlmRequest.ntlm.length;
+ answer.data = ireq.u.ntlmRequest.ntlm.data;
+
+ ret = heim_ntlm_verify_ntlm2(key->key.keyvalue.data,
+ key->key.keyvalue.length,
+ ireq.u.ntlmRequest.username,
+ targetname,
+ 0,
+ challange,
+ &answer,
+ &infotarget,
+ sessionkey);
+ free(targetname);
+ if (ret) {
+ krb5_set_error_string(context, "NTLM v2 verify failed");
+ goto failed;
+ }
+
+ /* XXX verify infotarget matches client (checksum ?) */
+
+ free(infotarget.data);
+ /* */
+
+ } else {
+ struct ntlm_buf answer;
+
+ version = 1;
+
+ if (flags & NTLM_NEG_NTLM2_SESSION) {
+ unsigned char sessionhash[MD5_DIGEST_LENGTH];
+ MD5_CTX md5ctx;
+
+ if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
+ kdc_log(context, config, 0, "NTLM v1-session not allowed");
+ ret = EINVAL;
+ goto failed;
+ }
+
+ if (ireq.u.ntlmRequest.lm.length != 24) {
+ krb5_set_error_string(context, "LM hash have wrong length "
+ "for NTLM session key");
+ ret = EINVAL;
+ goto failed;
+ }
+
+ MD5_Init(&md5ctx);
+ MD5_Update(&md5ctx, challange, sizeof(challange));
+ MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8);
+ MD5_Final(sessionhash, &md5ctx);
+ memcpy(challange, sessionhash, sizeof(challange));
+ } else {
+ if ((config->digests_allowed & NTLM_V1) == 0) {
+ kdc_log(context, config, 0, "NTLM v1 not allowed");
+ goto failed;
+ }
+ }
+
+ ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data,
+ key->key.keyvalue.length,
+ challange, &answer);
+ if (ret) {
+ krb5_set_error_string(context, "NTLM missing arcfour key");
+ goto failed;
+ }
+
+ if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
+ memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
+ {
+ free(answer.data);
+ ret = EINVAL;
+ krb5_set_error_string(context, "NTLM hash mismatch");
+ goto failed;
+ }
+ free(answer.data);
+
+ {
+ MD4_CTX ctx;
+
+ MD4_Init(&ctx);
+ MD4_Update(&ctx,
+ key->key.keyvalue.data, key->key.keyvalue.length);
+ MD4_Final(sessionkey, &ctx);
+ }
+ }
+
+ if (ireq.u.ntlmRequest.sessionkey) {
+ unsigned char masterkey[MD4_DIGEST_LENGTH];
+ RC4_KEY rc4;
+ size_t len;
+
+ if ((flags & NTLM_NEG_KEYEX) == 0) {
+ krb5_set_error_string(context,
+ "NTLM client failed to neg key "
+ "exchange but still sent key");
+ ret = EINVAL;
+ goto failed;
+ }
+
+ len = ireq.u.ntlmRequest.sessionkey->length;
+ if (len != sizeof(masterkey)){
+ krb5_set_error_string(context,
+ "NTLM master key wrong length: %lu",
+ (unsigned long)len);
+ goto failed;
+ }
+
+ RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
+
+ RC4(&rc4, sizeof(masterkey),
+ ireq.u.ntlmRequest.sessionkey->data,
+ masterkey);
+ memset(&rc4, 0, sizeof(rc4));
+
+ r.u.ntlmResponse.sessionkey =
+ malloc(sizeof(*r.u.ntlmResponse.sessionkey));
+ if (r.u.ntlmResponse.sessionkey == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+
+ ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
+ masterkey, sizeof(masterkey));
+ if (ret) {
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+ }
+
+ r.u.ntlmResponse.success = 1;
+ kdc_log(context, config, 0, "NTLM version %d successful for %s",
+ version, ireq.u.ntlmRequest.username);
+ break;
+ }
+ case choice_DigestReqInner_supportedMechs:
+
+ kdc_log(context, config, 0, "digest supportedMechs from %s", from);
+
+ r.element = choice_DigestRepInner_supportedMechs;
+ memset(&r.u.supportedMechs, 0, sizeof(r.u.supportedMechs));
+
+ if (config->digests_allowed & NTLM_V1)
+ r.u.supportedMechs.ntlm_v1 = 1;
+ if (config->digests_allowed & NTLM_V1_SESSION)
+ r.u.supportedMechs.ntlm_v1_session = 1;
+ if (config->digests_allowed & NTLM_V2)
+ r.u.supportedMechs.ntlm_v2 = 1;
+ if (config->digests_allowed & DIGEST_MD5)
+ r.u.supportedMechs.digest_md5 = 1;
+ if (config->digests_allowed & CHAP_MD5)
+ r.u.supportedMechs.chap_md5 = 1;
+ if (config->digests_allowed & MS_CHAP_V2)
+ r.u.supportedMechs.ms_chap_v2 = 1;
+ break;
+
+ default: {
+ char *s;
+ krb5_set_error_string(context, "unknown operation to digest");
+ ret = EINVAL;
+
+ failed:
+
+ s = krb5_get_error_message(context, ret);
+ if (s == NULL) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "Digest failed with: %s", s);
+
+ r.element = choice_DigestRepInner_error;
+ r.u.error.reason = strdup("unknown error");
+ krb5_free_error_string(context, s);
+ if (r.u.error.reason == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ r.u.error.code = EINVAL;
+ break;
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to encode inner digest reply");
+ goto out;
+ }
+ if (size != buf.length)
+ krb5_abortx(context, "ASN1 internal error");
+
+ krb5_auth_con_addflags(context, ac, KRB5_AUTH_CONTEXT_USE_SUBKEY, NULL);
+
+ ret = krb5_mk_rep (context, ac, &rep.apRep);
+ if (ret)
+ goto out;
+
+ {
+ krb5_keyblock *key;
+
+ ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
+ if (ret)
+ goto out;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ goto out;
+ }
+
+ ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
+ buf.data, buf.length, 0,
+ &rep.innerRep);
+
+ ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to encode digest reply");
+ goto out;
+ }
+ if (size != reply->length)
+ krb5_abortx(context, "ASN1 internal error");
+
+
+out:
+ if (ac)
+ krb5_auth_con_free(context, ac);
+ if (ret)
+ krb5_warn(context, ret, "Digest request from %s failed", from);
+ if (ticket)
+ krb5_free_ticket(context, ticket);
+ if (id)
+ krb5_kt_close(context, id);
+ if (crypto)
+ krb5_crypto_destroy(context, crypto);
+ if (sp)
+ krb5_storage_free(sp);
+ if (user)
+ _kdc_free_ent (context, user);
+ if (server)
+ _kdc_free_ent (context, server);
+ if (client)
+ _kdc_free_ent (context, client);
+ if (password) {
+ memset(password, 0, strlen(password));
+ free (password);
+ }
+ if (client_name)
+ free (client_name);
+ krb5_data_free(&buf);
+ krb5_data_free(&serverNonce);
+ free_DigestREP(&rep);
+ free_DigestRepInner(&r);
+ free_DigestReqInner(&ireq);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kdc/headers.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/headers.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/headers.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: headers.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+ * $FreeBSD$
+ */
+
+#ifndef __HEADERS_H__
+#define __HEADERS_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <stdarg.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#include <base64.h>
+#include <parse_units.h>
+#include <krb5.h>
+#include <krb5_locl.h>
+#include <digest_asn1.h>
+#include <kx509_asn1.h>
+#include <hdb.h>
+#include <hdb_err.h>
+#include <der.h>
+
+#include <heimntlm.h>
+#include <windc_plugin.h>
+
+#undef ALLOC
+#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
+#undef ALLOC_SEQ
+#define ALLOC_SEQ(X, N) do { (X)->len = (N); \
+(X)->val = calloc((X)->len, sizeof(*(X)->val)); } while(0)
+
+#endif /* __HEADERS_H__ */
Added: vendor-crypto/heimdal/dist/kdc/hprop.8
===================================================================
--- vendor-crypto/heimdal/dist/kdc/hprop.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/hprop.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,190 @@
+.\" Copyright (c) 2000 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: hprop.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd December 8, 2004
+.Dt HPROP 8
+.Os HEIMDAL
+.Sh NAME
+.Nm hprop
+.Nd propagate the KDC database
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl m Ar file \*(Ba Xo
+.Fl -master-key= Ns Pa file
+.Xc
+.Oc
+.Oo Fl d Ar file \*(Ba Xo
+.Fl -database= Ns Pa file
+.Xc
+.Oc
+.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -v4-realm= Ns Ar string
+.Xc
+.Oc
+.Oo Fl c Ar cell \*(Ba Xo
+.Fl -cell= Ns Ar cell
+.Xc
+.Oc
+.Op Fl S | Fl -kaspecials
+.Oo Fl k Ar keytab \*(Ba Xo
+.Fl -keytab= Ns Ar keytab
+.Xc
+.Oc
+.Oo Fl R Ar string \*(Ba Xo
+.Fl -v5-realm= Ns Ar string
+.Xc
+.Oc
+.Op Fl D | Fl -decrypt
+.Op Fl E | Fl -encrypt
+.Op Fl n | Fl -stdout
+.Op Fl v | Fl -verbose
+.Op Fl -version
+.Op Fl h | Fl -help
+.Op Ar host Ns Op : Ns Ar port
+.Ar ...
+.Ek
+.Sh DESCRIPTION
+.Nm
+takes a principal database in a specified format and converts it into
+a stream of Heimdal database records. This stream can either be
+written to standard out, or (more commonly) be propagated to a
+.Xr hpropd 8
+server running on a different machine.
+.Pp
+If propagating, it connects to all
+.Ar hosts
+specified on the command by opening a TCP connection to port 754
+(service hprop) and sends the database in encrypted form.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl m Ar file ,
+.Fl -master-key= Ns Pa file
+.Xc
+Where to find the master key to encrypt or decrypt keys with.
+.It Xo
+.Fl d Ar file ,
+.Fl -database= Ns Pa file
+.Xc
+The database to be propagated.
+.It Xo
+.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
+.Xc
+Specifies the type of the source database. Alternatives include:
+.Pp
+.Bl -tag -width krb4-dump -compact -offset indent
+.It heimdal
+a Heimdal database
+.It mit-dump
+a MIT Kerberos 5 dump file
+.It krb4-dump
+a Kerberos 4 dump file
+.It kaserver
+an AFS kaserver database
+.El
+.It Xo
+.Fl k Ar keytab ,
+.Fl -keytab= Ns Ar keytab
+.Xc
+The keytab to use for fetching the key to be used for authenticating
+to the propagation daemon(s). The key
+.Pa kadmin/hprop
+is used from this keytab. The default is to fetch the key from the
+KDC database.
+.It Xo
+.Fl R Ar string ,
+.Fl -v5-realm= Ns Ar string
+.Xc
+Local realm override.
+.It Xo
+.Fl D ,
+.Fl -decrypt
+.Xc
+The encryption keys in the database can either be in clear, or
+encrypted with a master key. This option transmits the database with
+unencrypted keys.
+.It Xo
+.Fl E ,
+.Fl -encrypt
+.Xc
+This option transmits the database with encrypted keys.
+.It Xo
+.Fl n ,
+.Fl -stdout
+.Xc
+Dump the database on stdout, in a format that can be fed to hpropd.
+.El
+.Pp
+The following options are only valid if
+.Nm hprop
+is compiled with support for Kerberos 4 (kaserver).
+.Bl -tag -width Ds
+.It Xo
+.Fl r Ar string ,
+.Fl -v4-realm= Ns Ar string
+.Xc
+v4 realm to use.
+.It Xo
+.Fl c Ar cell ,
+.Fl -cell= Ns Ar cell
+.Xc
+The AFS cell name, used if reading a kaserver database.
+.It Xo
+.Fl S ,
+.Fl -kaspecials
+.Xc
+Also dump the principals marked as special in the kaserver database.
+.It Xo
+.Fl K ,
+.Fl -ka-db
+.Xc
+Deprecated, identical to
+.Sq --source=kaserver .
+.El
+.Sh EXAMPLES
+The following will propagate a database to another machine (which
+should run
+.Xr hpropd 8 ):
+.Bd -literal -offset indent
+$ hprop slave-1 slave-2
+.Ed
+.Pp
+Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
+.Bd -literal -offset indent
+$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
+.Ed
+.Sh SEE ALSO
+.Xr hpropd 8
Added: vendor-crypto/heimdal/dist/kdc/hprop.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/hprop.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/hprop.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,807 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hprop.h"
+
+RCSID("$Id: hprop.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int version_flag;
+static int help_flag;
+static const char *ktname = HPROP_KEYTAB;
+static const char *database;
+static char *mkeyfile;
+static int to_stdout;
+static int verbose_flag;
+static int encrypt_flag;
+static int decrypt_flag;
+static hdb_master_key mkey5;
+
+static char *source_type;
+
+static char *afs_cell;
+static char *v4_realm;
+
+static int kaspecials_flag;
+static int ka_use_null_salt;
+
+static char *local_realm=NULL;
+
+static int
+open_socket(krb5_context context, const char *hostname, const char *port)
+{
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ error = getaddrinfo (hostname, port, &hints, &ai);
+ if (error) {
+ warnx ("%s: %s", hostname, gai_strerror(error));
+ return -1;
+ }
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ int s;
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ freeaddrinfo (ai);
+ return s;
+ }
+ warnx ("failed to contact %s", hostname);
+ freeaddrinfo (ai);
+ return -1;
+}
+
+krb5_error_code
+v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata)
+{
+ krb5_error_code ret;
+ struct prop_data *pd = appdata;
+ krb5_data data;
+
+ if(encrypt_flag) {
+ ret = hdb_seal_keys_mkey(context, &entry->entry, mkey5);
+ if (ret) {
+ krb5_warn(context, ret, "hdb_seal_keys_mkey");
+ return ret;
+ }
+ }
+ if(decrypt_flag) {
+ ret = hdb_unseal_keys_mkey(context, &entry->entry, mkey5);
+ if (ret) {
+ krb5_warn(context, ret, "hdb_unseal_keys_mkey");
+ return ret;
+ }
+ }
+
+ ret = hdb_entry2value(context, &entry->entry, &data);
+ if(ret) {
+ krb5_warn(context, ret, "hdb_entry2value");
+ return ret;
+ }
+
+ if(to_stdout)
+ ret = krb5_write_message(context, &pd->sock, &data);
+ else
+ ret = krb5_write_priv_message(context, pd->auth_context,
+ &pd->sock, &data);
+ krb5_data_free(&data);
+ return ret;
+}
+
+int
+v4_prop(void *arg, struct v4_principal *p)
+{
+ struct prop_data *pd = arg;
+ hdb_entry_ex ent;
+ krb5_error_code ret;
+
+ memset(&ent, 0, sizeof(ent));
+
+ ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm,
+ &ent.entry.principal);
+ if(ret) {
+ krb5_warn(pd->context, ret,
+ "krb5_425_conv_principal %s.%s@%s",
+ p->name, p->instance, v4_realm);
+ return 0;
+ }
+
+ if(verbose_flag) {
+ char *s;
+ krb5_unparse_name_short(pd->context, ent.entry.principal, &s);
+ krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s);
+ free(s);
+ }
+
+ ent.entry.kvno = p->kvno;
+ ent.entry.keys.len = 3;
+ ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val));
+ if (ent.entry.keys.val == NULL)
+ krb5_errx(pd->context, ENOMEM, "malloc");
+ if(p->mkvno != -1) {
+ ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno));
+ if (ent.entry.keys.val[0].mkvno == NULL)
+ krb5_errx(pd->context, ENOMEM, "malloc");
+ *(ent.entry.keys.val[0].mkvno) = p->mkvno;
+ } else
+ ent.entry.keys.val[0].mkvno = NULL;
+ ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt));
+ if (ent.entry.keys.val[0].salt == NULL)
+ krb5_errx(pd->context, ENOMEM, "calloc");
+ ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT;
+ ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
+ krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ);
+ memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8);
+
+ copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]);
+ ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
+ copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]);
+ ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
+
+ {
+ int life = _krb5_krb_life_to_time(0, p->max_life);
+ if(life == NEVERDATE){
+ ent.entry.max_life = NULL;
+ } else {
+ /* clean up lifetime a bit */
+ if(life > 86400)
+ life = (life + 86399) / 86400 * 86400;
+ else if(life > 3600)
+ life = (life + 3599) / 3600 * 3600;
+ ALLOC(ent.entry.max_life);
+ *ent.entry.max_life = life;
+ }
+ }
+
+ ALLOC(ent.entry.valid_end);
+ *ent.entry.valid_end = p->exp_date;
+
+ ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal,
+ v4_realm,
+ "kadmin",
+ "hprop",
+ NULL);
+ if(ret){
+ krb5_warn(pd->context, ret, "krb5_make_principal");
+ ret = 0;
+ goto out;
+ }
+ ent.entry.created_by.time = time(NULL);
+ ALLOC(ent.entry.modified_by);
+ ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance,
+ v4_realm, &ent.entry.modified_by->principal);
+ if(ret){
+ krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm);
+ ent.entry.modified_by->principal = NULL;
+ ret = 0;
+ goto out;
+ }
+ ent.entry.modified_by->time = p->mod_date;
+
+ ent.entry.flags.forwardable = 1;
+ ent.entry.flags.renewable = 1;
+ ent.entry.flags.proxiable = 1;
+ ent.entry.flags.postdate = 1;
+ ent.entry.flags.client = 1;
+ ent.entry.flags.server = 1;
+
+ /* special case password changing service */
+ if(strcmp(p->name, "changepw") == 0 &&
+ strcmp(p->instance, "kerberos") == 0) {
+ ent.entry.flags.forwardable = 0;
+ ent.entry.flags.renewable = 0;
+ ent.entry.flags.proxiable = 0;
+ ent.entry.flags.postdate = 0;
+ ent.entry.flags.initial = 1;
+ ent.entry.flags.change_pw = 1;
+ }
+
+ ret = v5_prop(pd->context, NULL, &ent, pd);
+
+ if (strcmp (p->name, "krbtgt") == 0
+ && strcmp (v4_realm, p->instance) != 0) {
+ krb5_free_principal (pd->context, ent.entry.principal);
+ ret = krb5_425_conv_principal (pd->context, p->name,
+ v4_realm, p->instance,
+ &ent.entry.principal);
+ if (ret == 0)
+ ret = v5_prop (pd->context, NULL, &ent, pd);
+ }
+
+ out:
+ hdb_free_entry(pd->context, &ent);
+ return ret;
+}
+
+#include "kadb.h"
+
+/* read a `ka_entry' from `fd' at offset `pos' */
+static void
+read_block(krb5_context context, int fd, int32_t pos, void *buf, size_t len)
+{
+ krb5_error_code ret;
+#ifdef HAVE_PREAD
+ if((ret = pread(fd, buf, len, 64 + pos)) < 0)
+ krb5_err(context, 1, errno, "pread(%u)", 64 + pos);
+#else
+ if(lseek(fd, 64 + pos, SEEK_SET) == (off_t)-1)
+ krb5_err(context, 1, errno, "lseek(%u)", 64 + pos);
+ ret = read(fd, buf, len);
+ if(ret < 0)
+ krb5_err(context, 1, errno, "read(%lu)", (unsigned long)len);
+#endif
+ if(ret != len)
+ krb5_errx(context, 1, "read(%lu) = %u", (unsigned long)len, ret);
+}
+
+static int
+ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent)
+{
+ int32_t flags = ntohl(ent->flags);
+ krb5_error_code ret;
+ hdb_entry_ex hdb;
+
+ if(!kaspecials_flag
+ && (flags & KAFNORMAL) == 0) /* remove special entries */
+ return 0;
+ memset(&hdb, 0, sizeof(hdb));
+ ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance,
+ v4_realm, &hdb.entry.principal);
+ if(ret) {
+ krb5_warn(pd->context, ret,
+ "krb5_425_conv_principal (%s.%s@%s)",
+ ent->name, ent->instance, v4_realm);
+ return 0;
+ }
+ hdb.entry.kvno = ntohl(ent->kvno);
+ hdb.entry.keys.len = 3;
+ hdb.entry.keys.val =
+ malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val));
+ if (hdb.entry.keys.val == NULL)
+ krb5_errx(pd->context, ENOMEM, "malloc");
+ hdb.entry.keys.val[0].mkvno = NULL;
+ hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt));
+ if (hdb.entry.keys.val[0].salt == NULL)
+ krb5_errx(pd->context, ENOMEM, "calloc");
+ if (ka_use_null_salt) {
+ hdb.entry.keys.val[0].salt->type = hdb_pw_salt;
+ hdb.entry.keys.val[0].salt->salt.data = NULL;
+ hdb.entry.keys.val[0].salt->salt.length = 0;
+ } else {
+ hdb.entry.keys.val[0].salt->type = hdb_afs3_salt;
+ hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell);
+ if (hdb.entry.keys.val[0].salt->salt.data == NULL)
+ krb5_errx(pd->context, ENOMEM, "strdup");
+ hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell);
+ }
+
+ hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5;
+ krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue,
+ ent->key,
+ sizeof(ent->key));
+ copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]);
+ hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4;
+ copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]);
+ hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC;
+
+ ALLOC(hdb.entry.max_life);
+ *hdb.entry.max_life = ntohl(ent->max_life);
+
+ if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) {
+ ALLOC(hdb.entry.valid_end);
+ *hdb.entry.valid_end = ntohl(ent->valid_end);
+ }
+
+ if (ntohl(ent->pw_change) != NEVERDATE &&
+ ent->pw_expire != 255 &&
+ ent->pw_expire != 0) {
+ ALLOC(hdb.entry.pw_end);
+ *hdb.entry.pw_end = ntohl(ent->pw_change)
+ + 24 * 60 * 60 * ent->pw_expire;
+ }
+
+ ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal,
+ v4_realm,
+ "kadmin",
+ "hprop",
+ NULL);
+ hdb.entry.created_by.time = time(NULL);
+
+ if(ent->mod_ptr){
+ struct ka_entry mod;
+ ALLOC(hdb.entry.modified_by);
+ read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod));
+
+ krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm,
+ &hdb.entry.modified_by->principal);
+ hdb.entry.modified_by->time = ntohl(ent->mod_time);
+ memset(&mod, 0, sizeof(mod));
+ }
+
+ hdb.entry.flags.forwardable = 1;
+ hdb.entry.flags.renewable = 1;
+ hdb.entry.flags.proxiable = 1;
+ hdb.entry.flags.postdate = 1;
+ /* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */
+ if (strcmp(ent->name, "krbtgt") == 0 &&
+ (flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL))
+ flags &= ~(KAFNOTGS|KAFNOSEAL);
+
+ hdb.entry.flags.client = (flags & KAFNOTGS) == 0;
+ hdb.entry.flags.server = (flags & KAFNOSEAL) == 0;
+
+ ret = v5_prop(pd->context, NULL, &hdb, pd);
+ hdb_free_entry(pd->context, &hdb);
+ return ret;
+}
+
+static int
+ka_dump(struct prop_data *pd, const char *file)
+{
+ struct ka_header header;
+ int i;
+ int fd = open(file, O_RDONLY);
+
+ if(fd < 0)
+ krb5_err(pd->context, 1, errno, "open(%s)", file);
+ read_block(pd->context, fd, 0, &header, sizeof(header));
+ if(header.version1 != header.version2)
+ krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld",
+ (long)ntohl(header.version1), (long)ntohl(header.version2));
+ if(ntohl(header.version1) != 5)
+ krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)",
+ (long)ntohl(header.version1));
+ for(i = 0; i < ntohl(header.hashsize); i++){
+ int32_t pos = ntohl(header.hash[i]);
+ while(pos){
+ struct ka_entry ent;
+ read_block(pd->context, fd, pos, &ent, sizeof(ent));
+ ka_convert(pd, fd, &ent);
+ pos = ntohl(ent.next);
+ }
+ }
+ return 0;
+}
+
+
+
+struct getargs args[] = {
+ { "master-key", 'm', arg_string, &mkeyfile, "v5 master key file", "file" },
+ { "database", 'd', arg_string, &database, "database", "file" },
+ { "source", 0, arg_string, &source_type, "type of database to read",
+ "heimdal"
+ "|mit-dump"
+ "|krb4-dump"
+ "|kaserver"
+ },
+
+ { "v4-realm", 'r', arg_string, &v4_realm, "v4 realm to use" },
+ { "cell", 'c', arg_string, &afs_cell, "name of AFS cell" },
+ { "kaspecials", 'S', arg_flag, &kaspecials_flag, "dump KASPECIAL keys"},
+ { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
+ { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use" },
+ { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys" },
+ { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys" },
+ { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout" },
+ { "verbose", 'v', arg_flag, &verbose_flag },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "[host[:port]] ...");
+ exit (ret);
+}
+
+static void
+get_creds(krb5_context context, krb5_ccache *cache)
+{
+ krb5_keytab keytab;
+ krb5_principal client;
+ krb5_error_code ret;
+ krb5_get_init_creds_opt *init_opts;
+ krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP;
+ krb5_creds creds;
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret) krb5_err(context, 1, ret, "krb5_kt_register");
+
+ ret = krb5_kt_resolve(context, ktname, &keytab);
+ if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ ret = krb5_make_principal(context, &client, NULL,
+ "kadmin", HPROP_NAME, NULL);
+ if(ret) krb5_err(context, 1, ret, "krb5_make_principal");
+
+ ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
+ if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+ krb5_get_init_creds_opt_set_preauth_list(init_opts, &preauth, 1);
+
+ ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, 0, NULL, init_opts);
+ if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
+
+ krb5_get_init_creds_opt_free(context, init_opts);
+
+ ret = krb5_kt_close(context, keytab);
+ if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
+ if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ ret = krb5_cc_initialize(context, *cache, client);
+ if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ krb5_free_principal(context, client);
+
+ ret = krb5_cc_store_cred(context, *cache, &creds);
+ if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
+
+ krb5_free_cred_contents(context, &creds);
+}
+
+enum hprop_source {
+ HPROP_HEIMDAL = 1,
+ HPROP_KRB4_DUMP,
+ HPROP_KASERVER,
+ HPROP_MIT_DUMP
+};
+
+#define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER)
+
+struct {
+ int type;
+ const char *name;
+} types[] = {
+ { HPROP_HEIMDAL, "heimdal" },
+ { HPROP_KRB4_DUMP, "krb4-dump" },
+ { HPROP_KASERVER, "kaserver" },
+ { HPROP_MIT_DUMP, "mit-dump" }
+};
+
+static int
+parse_source_type(const char *s)
+{
+ int i;
+ for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) {
+ if(strstr(types[i].name, s) == types[i].name)
+ return types[i].type;
+ }
+ return 0;
+}
+
+static int
+iterate (krb5_context context,
+ const char *database_name,
+ HDB *db,
+ int type,
+ struct prop_data *pd)
+{
+ int ret;
+
+ switch(type) {
+ case HPROP_KRB4_DUMP:
+ ret = v4_prop_dump(pd, database_name);
+ if(ret)
+ krb5_warnx(context, "v4_prop_dump: %s",
+ krb5_get_err_text(context, ret));
+ break;
+ case HPROP_KASERVER:
+ ret = ka_dump(pd, database_name);
+ if(ret)
+ krb5_warn(context, ret, "ka_dump");
+ break;
+ case HPROP_MIT_DUMP:
+ ret = mit_prop_dump(pd, database_name);
+ if (ret)
+ krb5_warnx(context, "mit_prop_dump: %s",
+ krb5_get_err_text(context, ret));
+ break;
+ case HPROP_HEIMDAL:
+ ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
+ if(ret)
+ krb5_warn(context, ret, "hdb_foreach");
+ break;
+ default:
+ krb5_errx(context, 1, "unknown prop type: %d", type);
+ }
+ return ret;
+}
+
+static int
+dump_database (krb5_context context, int type,
+ const char *database_name, HDB *db)
+{
+ krb5_error_code ret;
+ struct prop_data pd;
+ krb5_data data;
+
+ pd.context = context;
+ pd.auth_context = NULL;
+ pd.sock = STDOUT_FILENO;
+
+ ret = iterate (context, database_name, db, type, &pd);
+ if (ret)
+ krb5_errx(context, 1, "iterate failure");
+ krb5_data_zero (&data);
+ ret = krb5_write_message (context, &pd.sock, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_write_message");
+
+ return 0;
+}
+
+static int
+propagate_database (krb5_context context, int type,
+ const char *database_name,
+ HDB *db, krb5_ccache ccache,
+ int optidx, int argc, char **argv)
+{
+ krb5_principal server;
+ krb5_error_code ret;
+ int i, failed = 0;
+
+ for(i = optidx; i < argc; i++){
+ krb5_auth_context auth_context;
+ int fd;
+ struct prop_data pd;
+ krb5_data data;
+
+ char *port, portstr[NI_MAXSERV];
+ char *host = argv[i];
+
+ port = strchr(host, ':');
+ if(port == NULL) {
+ snprintf(portstr, sizeof(portstr), "%u",
+ ntohs(krb5_getportbyname (context, "hprop", "tcp",
+ HPROP_PORT)));
+ port = portstr;
+ } else
+ *port++ = '\0';
+
+ fd = open_socket(context, host, port);
+ if(fd < 0) {
+ failed++;
+ krb5_warn (context, errno, "connect %s", host);
+ continue;
+ }
+
+ ret = krb5_sname_to_principal(context, argv[i],
+ HPROP_NAME, KRB5_NT_SRV_HST, &server);
+ if(ret) {
+ failed++;
+ krb5_warn(context, ret, "krb5_sname_to_principal(%s)", host);
+ close(fd);
+ continue;
+ }
+
+ if (local_realm) {
+ krb5_realm my_realm;
+ krb5_get_default_realm(context,&my_realm);
+
+ free (*krb5_princ_realm(context, server));
+ krb5_princ_set_realm(context,server,&my_realm);
+ }
+
+ auth_context = NULL;
+ ret = krb5_sendauth(context,
+ &auth_context,
+ &fd,
+ HPROP_VERSION,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
+ NULL, /* in_data */
+ NULL, /* in_creds */
+ ccache,
+ NULL,
+ NULL,
+ NULL);
+
+ krb5_free_principal(context, server);
+
+ if(ret) {
+ failed++;
+ krb5_warn(context, ret, "krb5_sendauth (%s)", host);
+ close(fd);
+ goto next_host;
+ }
+
+ pd.context = context;
+ pd.auth_context = auth_context;
+ pd.sock = fd;
+
+ ret = iterate (context, database_name, db, type, &pd);
+ if (ret) {
+ krb5_warnx(context, "iterate to host %s failed", host);
+ failed++;
+ goto next_host;
+ }
+
+ krb5_data_zero (&data);
+ ret = krb5_write_priv_message(context, auth_context, &fd, &data);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_write_priv_message");
+ failed++;
+ goto next_host;
+ }
+
+ ret = krb5_read_priv_message(context, auth_context, &fd, &data);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_read_priv_message: %s", host);
+ failed++;
+ goto next_host;
+ } else
+ krb5_data_free (&data);
+
+ next_host:
+ krb5_auth_con_free(context, auth_context);
+ close(fd);
+ }
+ if (failed)
+ return 1;
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache ccache = NULL;
+ HDB *db = NULL;
+ int optidx = 0;
+
+ int type, exit_code;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+
+ if(help_flag)
+ usage(0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ ret = krb5_init_context(&context);
+ if(ret)
+ exit(1);
+
+ if(local_realm)
+ krb5_set_default_realm(context, local_realm);
+
+ if(v4_realm == NULL) {
+ ret = krb5_get_default_realm(context, &v4_realm);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_get_default_realm");
+ }
+
+ if(afs_cell == NULL) {
+ afs_cell = strdup(v4_realm);
+ if(afs_cell == NULL)
+ krb5_errx(context, 1, "out of memory");
+ strlwr(afs_cell);
+ }
+
+
+ if(encrypt_flag && decrypt_flag)
+ krb5_errx(context, 1,
+ "only one of `--encrypt' and `--decrypt' is meaningful");
+
+ if(source_type != NULL) {
+ type = parse_source_type(source_type);
+ if(type == 0)
+ krb5_errx(context, 1, "unknown source type `%s'", source_type);
+ } else
+ type = HPROP_HEIMDAL;
+
+ if(!to_stdout)
+ get_creds(context, &ccache);
+
+ if(decrypt_flag || encrypt_flag) {
+ ret = hdb_read_master_key(context, mkeyfile, &mkey5);
+ if(ret && ret != ENOENT)
+ krb5_err(context, 1, ret, "hdb_read_master_key");
+ if(ret)
+ krb5_errx(context, 1, "No master key file found");
+ }
+
+ if (IS_TYPE_V4(type) && v4_realm == NULL)
+ krb5_errx(context, 1, "Its a Kerberos 4 database "
+ "but no realm configured");
+
+ switch(type) {
+ case HPROP_KASERVER:
+ if (database == NULL)
+ database = DEFAULT_DATABASE;
+ ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE,
+ "hprop",
+ "afs_uses_null_salt",
+ NULL);
+
+ break;
+ case HPROP_KRB4_DUMP:
+ if (database == NULL)
+ krb5_errx(context, 1, "no dump file specified");
+
+ break;
+ case HPROP_MIT_DUMP:
+ if (database == NULL)
+ krb5_errx(context, 1, "no dump file specified");
+ break;
+ case HPROP_HEIMDAL:
+ ret = hdb_create (context, &db, database);
+ if(ret)
+ krb5_err(context, 1, ret, "hdb_create: %s", database);
+ ret = db->hdb_open(context, db, O_RDONLY, 0);
+ if(ret)
+ krb5_err(context, 1, ret, "db->hdb_open");
+ break;
+ default:
+ krb5_errx(context, 1, "unknown dump type `%d'", type);
+ break;
+ }
+
+ if (to_stdout)
+ exit_code = dump_database (context, type, database, db);
+ else
+ exit_code = propagate_database (context, type, database,
+ db, ccache, optidx, argc, argv);
+
+ if(ccache != NULL)
+ krb5_cc_destroy(context, ccache);
+
+ if(db != NULL)
+ (*db->hdb_destroy)(context, db);
+
+ krb5_free_context(context);
+ return exit_code;
+}
Added: vendor-crypto/heimdal/dist/kdc/hprop.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/hprop.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/hprop.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hprop.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef __HPROP_H__
+#define __HPROP_H__
+
+#include "headers.h"
+
+struct prop_data{
+ krb5_context context;
+ krb5_auth_context auth_context;
+ int sock;
+};
+
+#define HPROP_VERSION "hprop-0.0"
+#define HPROP_NAME "hprop"
+#define HPROP_KEYTAB "HDB:"
+#define HPROP_PORT 754
+
+#ifndef NEVERDATE
+#define NEVERDATE ((1U << 31) - 1)
+#endif
+
+krb5_error_code v5_prop(krb5_context, HDB*, hdb_entry_ex*, void*);
+int mit_prop_dump(void*, const char*);
+
+struct v4_principal {
+ char name[64];
+ char instance[64];
+ DES_cblock key;
+ int kvno;
+ int mkvno;
+ time_t exp_date;
+ time_t mod_date;
+ char mod_name[64];
+ char mod_instance[64];
+ int max_life;
+};
+
+int v4_prop(void*, struct v4_principal*);
+int v4_prop_dump(void *arg, const char*);
+
+#endif /* __HPROP_H__ */
Added: vendor-crypto/heimdal/dist/kdc/hpropd.8
===================================================================
--- vendor-crypto/heimdal/dist/kdc/hpropd.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/hpropd.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: hpropd.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd August 27, 1997
+.Dt HPROPD 8
+.Os HEIMDAL
+.Sh NAME
+.Nm hpropd
+.Nd receive a propagated database
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl d Ar file \*(Ba Xo
+.Fl -database= Ns Ar file
+.Xc
+.Oc
+.Op Fl n | Fl -stdin
+.Op Fl -print
+.Op Fl i | Fl -no-inetd
+.Oo Fl k Ar keytab \*(Ba Xo
+.Fl -keytab= Ns Ar keytab
+.Xc
+.Oc
+.Op Fl 4 | Fl -v4dump
+.Ek
+.Sh DESCRIPTION
+.Nm
+receives a database sent by
+.Nm hprop .
+and writes it as a local database.
+.Pp
+By default,
+.Nm
+expects to be started from
+.Nm inetd
+if stdin is a socket and expects to receive the dumped database over
+stdin otherwise.
+If the database is sent over the network, it is authenticated and
+encrypted.
+Only connections authenticated with the principal
+.Nm kadmin Ns / Ns Nm hprop
+are accepted.
+.Pp
+Options supported:
+.Bl -tag -width Ds
+.It Xo
+.Fl d Ar file ,
+.Fl -database= Ns Ar file
+.Xc
+database
+.It Xo
+.Fl n ,
+.Fl -stdin
+.Xc
+read from stdin
+.It Xo
+.Fl -print
+.Xc
+print dump to stdout
+.It Xo
+.Fl i ,
+.Fl -no-inetd
+.Xc
+not started from inetd
+.It Xo
+.Fl k Ar keytab ,
+.Fl -keytab= Ns Ar keytab
+.Xc
+keytab to use for authentication
+.It Xo
+.Fl 4 ,
+.Fl -v4dump
+.Xc
+create v4 type DB
+.El
+.Sh SEE ALSO
+.Xr hprop 8
Added: vendor-crypto/heimdal/dist/kdc/hpropd.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/hpropd.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/hpropd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hprop.h"
+
+RCSID("$Id: hpropd.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int inetd_flag = -1;
+static int help_flag;
+static int version_flag;
+static int print_dump;
+static const char *database;
+static int from_stdin;
+static char *local_realm;
+static char *ktname = NULL;
+
+struct getargs args[] = {
+ { "database", 'd', arg_string, &database, "database", "file" },
+ { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" },
+ { "print", 0, arg_flag, &print_dump, "print dump to stdout" },
+ { "inetd", 'i', arg_negative_flag, &inetd_flag,
+ "Not started from inetd" },
+ { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
+ { "realm", 'r', arg_string, &local_realm, "realm to use" },
+ { "version", 0, arg_flag, &version_flag, NULL, NULL },
+ { "help", 'h', arg_flag, &help_flag, NULL, NULL}
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_auth_context ac = NULL;
+ krb5_principal c1, c2;
+ krb5_authenticator authent;
+ krb5_keytab keytab;
+ int fd;
+ HDB *db;
+ int optidx = 0;
+ char *tmp_db;
+ krb5_log_facility *fac;
+ int nprincs;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if(ret)
+ exit(1);
+
+ ret = krb5_openlog(context, "hpropd", &fac);
+ if(ret)
+ ;
+ krb5_set_warn_dest(context, fac);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+
+ if(local_realm != NULL)
+ krb5_set_default_realm(context, local_realm);
+
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 0)
+ usage(1);
+
+ if (database == NULL)
+ database = hdb_default_db(context);
+
+ if(from_stdin)
+ fd = STDIN_FILENO;
+ else {
+ struct sockaddr_storage ss;
+ struct sockaddr *sa = (struct sockaddr *)&ss;
+ socklen_t sin_len = sizeof(ss);
+ char addr_name[256];
+ krb5_ticket *ticket;
+ char *server;
+
+ fd = STDIN_FILENO;
+ if (inetd_flag == -1) {
+ if (getpeername (fd, sa, &sin_len) < 0)
+ inetd_flag = 0;
+ else
+ inetd_flag = 1;
+ }
+ if (!inetd_flag) {
+ mini_inetd (krb5_getportbyname (context, "hprop", "tcp",
+ HPROP_PORT));
+ }
+ sin_len = sizeof(ss);
+ if(getpeername(fd, sa, &sin_len) < 0)
+ krb5_err(context, 1, errno, "getpeername");
+
+ if (inet_ntop(sa->sa_family,
+ socket_get_address (sa),
+ addr_name,
+ sizeof(addr_name)) == NULL)
+ strlcpy (addr_name, "unknown address",
+ sizeof(addr_name));
+
+ krb5_log(context, fac, 0, "Connection from %s", addr_name);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
+ if (ktname != NULL) {
+ ret = krb5_kt_resolve(context, ktname, &keytab);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_kt_resolve %s", ktname);
+ } else {
+ ret = krb5_kt_default (context, &keytab);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_kt_default");
+ }
+
+ ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL,
+ 0, keytab, &ticket);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_recvauth");
+
+ ret = krb5_unparse_name(context, ticket->server, &server);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+ if (strncmp(server, "hprop/", 5) != 0)
+ krb5_errx(context, 1, "ticket not for hprop (%s)", server);
+
+ free(server);
+ krb5_free_ticket (context, ticket);
+
+ ret = krb5_auth_con_getauthenticator(context, ac, &authent);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator");
+
+ ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_make_principal");
+ _krb5_principalname2krb5_principal(context, &c2,
+ authent->cname, authent->crealm);
+ if(!krb5_principal_compare(context, c1, c2)) {
+ char *s;
+ ret = krb5_unparse_name(context, c2, &s);
+ if (ret)
+ s = "unparseable name";
+ krb5_errx(context, 1, "Unauthorized connection from %s", s);
+ }
+ krb5_free_principal(context, c1);
+ krb5_free_principal(context, c2);
+
+ ret = krb5_kt_close(context, keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+ }
+
+ if(!print_dump) {
+ asprintf(&tmp_db, "%s~", database);
+
+ ret = hdb_create(context, &db, tmp_db);
+ if(ret)
+ krb5_err(context, 1, ret, "hdb_create(%s)", tmp_db);
+ ret = db->hdb_open(context, db, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ if(ret)
+ krb5_err(context, 1, ret, "hdb_open(%s)", tmp_db);
+ }
+
+ nprincs = 0;
+ while(1){
+ krb5_data data;
+ hdb_entry_ex entry;
+
+ if(from_stdin) {
+ ret = krb5_read_message(context, &fd, &data);
+ if(ret != 0 && ret != HEIM_ERR_EOF)
+ krb5_err(context, 1, ret, "krb5_read_message");
+ } else {
+ ret = krb5_read_priv_message(context, ac, &fd, &data);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_read_priv_message");
+ }
+
+ if(ret == HEIM_ERR_EOF || data.length == 0) {
+ if(!from_stdin) {
+ data.data = NULL;
+ data.length = 0;
+ krb5_write_priv_message(context, ac, &fd, &data);
+ }
+ if(!print_dump) {
+ ret = db->hdb_rename(context, db, database);
+ if(ret)
+ krb5_err(context, 1, ret, "db_rename");
+ ret = db->hdb_close(context, db);
+ if(ret)
+ krb5_err(context, 1, ret, "db_close");
+ }
+ break;
+ }
+ memset(&entry, 0, sizeof(entry));
+ ret = hdb_value2entry(context, &data, &entry.entry);
+ krb5_data_free(&data);
+ if(ret)
+ krb5_err(context, 1, ret, "hdb_value2entry");
+ if(print_dump)
+ hdb_print_entry(context, db, &entry, stdout);
+ else {
+ ret = db->hdb_store(context, db, 0, &entry);
+ if(ret == HDB_ERR_EXISTS) {
+ char *s;
+ ret = krb5_unparse_name(context, entry.entry.principal, &s);
+ if (ret)
+ s = strdup("unparseable name");
+ krb5_warnx(context, "Entry exists: %s", s);
+ free(s);
+ } else if(ret)
+ krb5_err(context, 1, ret, "db_store");
+ else
+ nprincs++;
+ }
+ hdb_free_entry(context, &entry);
+ }
+ if (!print_dump)
+ krb5_log(context, fac, 0, "Received %d principals", nprincs);
+ exit(0);
+}
Added: vendor-crypto/heimdal/dist/kdc/kadb.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kadb.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kadb.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadb.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef __kadb_h__
+#define __kadb_h__
+
+#define HASHSIZE 8191
+
+struct ka_header {
+ int32_t version1; /* file format version, should
+ match version2 */
+ int32_t size;
+ int32_t free_ptr;
+ int32_t eof_ptr;
+ int32_t kvno_ptr;
+ int32_t stats[8];
+ int32_t admin_accounts;
+ int32_t special_keys_version;
+ int32_t hashsize; /* allocated size of hash */
+ int32_t hash[HASHSIZE];
+ int32_t version2;
+};
+
+struct ka_entry {
+ int32_t flags; /* see below */
+ int32_t next; /* next in hash list */
+ int32_t valid_end; /* expiration date */
+ int32_t mod_time; /* time last modified */
+ int32_t mod_ptr; /* pointer to modifier */
+ int32_t pw_change; /* last pw change */
+ int32_t max_life; /* max ticket life */
+ int32_t kvno;
+ int32_t foo2[2]; /* huh? */
+ char name[64];
+ char instance[64];
+ char key[8];
+ u_char pw_expire; /* # days before password expires */
+ u_char spare;
+ u_char attempts;
+ u_char locktime;
+};
+
+#define KAFNORMAL (1<<0)
+#define KAFADMIN (1<<2) /* an administrator */
+#define KAFNOTGS (1<<3) /* ! allow principal to get or use TGT */
+#define KAFNOSEAL (1<<5) /* ! allow principal as server in GetTicket */
+#define KAFNOCPW (1<<6) /* ! allow principal to change its own key */
+#define KAFSPECIAL (1<<8) /* set if special AuthServer principal */
+
+#define DEFAULT_DATABASE "/usr/afs/db/kaserver.DB0"
+
+#endif /* __kadb_h__ */
Added: vendor-crypto/heimdal/dist/kdc/kaserver.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kaserver.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kaserver.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,951 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: kaserver.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#include <krb5-v4compat.h>
+#include <rx.h>
+
+#define KA_AUTHENTICATION_SERVICE 731
+#define KA_TICKET_GRANTING_SERVICE 732
+#define KA_MAINTENANCE_SERVICE 733
+
+#define AUTHENTICATE_OLD 1
+#define CHANGEPASSWORD 2
+#define GETTICKET_OLD 3
+#define SETPASSWORD 4
+#define SETFIELDS 5
+#define CREATEUSER 6
+#define DELETEUSER 7
+#define GETENTRY 8
+#define LISTENTRY 9
+#define GETSTATS 10
+#define DEBUG 11
+#define GETPASSWORD 12
+#define GETRANDOMKEY 13
+#define AUTHENTICATE 21
+#define AUTHENTICATE_V2 22
+#define GETTICKET 23
+
+/* XXX - Where do we get these? */
+
+#define RXGEN_OPCODE (-455)
+
+#define KADATABASEINCONSISTENT (180480L)
+#define KAEXIST (180481L)
+#define KAIO (180482L)
+#define KACREATEFAIL (180483L)
+#define KANOENT (180484L)
+#define KAEMPTY (180485L)
+#define KABADNAME (180486L)
+#define KABADINDEX (180487L)
+#define KANOAUTH (180488L)
+#define KAANSWERTOOLONG (180489L)
+#define KABADREQUEST (180490L)
+#define KAOLDINTERFACE (180491L)
+#define KABADARGUMENT (180492L)
+#define KABADCMD (180493L)
+#define KANOKEYS (180494L)
+#define KAREADPW (180495L)
+#define KABADKEY (180496L)
+#define KAUBIKINIT (180497L)
+#define KAUBIKCALL (180498L)
+#define KABADPROTOCOL (180499L)
+#define KANOCELLS (180500L)
+#define KANOCELL (180501L)
+#define KATOOMANYUBIKS (180502L)
+#define KATOOMANYKEYS (180503L)
+#define KABADTICKET (180504L)
+#define KAUNKNOWNKEY (180505L)
+#define KAKEYCACHEINVALID (180506L)
+#define KABADSERVER (180507L)
+#define KABADUSER (180508L)
+#define KABADCPW (180509L)
+#define KABADCREATE (180510L)
+#define KANOTICKET (180511L)
+#define KAASSOCUSER (180512L)
+#define KANOTSPECIAL (180513L)
+#define KACLOCKSKEW (180514L)
+#define KANORECURSE (180515L)
+#define KARXFAIL (180516L)
+#define KANULLPASSWORD (180517L)
+#define KAINTERNALERROR (180518L)
+#define KAPWEXPIRED (180519L)
+#define KAREUSED (180520L)
+#define KATOOSOON (180521L)
+#define KALOCKED (180522L)
+
+
+static krb5_error_code
+decode_rx_header (krb5_storage *sp,
+ struct rx_header *h)
+{
+ krb5_error_code ret;
+
+ ret = krb5_ret_uint32(sp, &h->epoch);
+ if (ret) return ret;
+ ret = krb5_ret_uint32(sp, &h->connid);
+ if (ret) return ret;
+ ret = krb5_ret_uint32(sp, &h->callid);
+ if (ret) return ret;
+ ret = krb5_ret_uint32(sp, &h->seqno);
+ if (ret) return ret;
+ ret = krb5_ret_uint32(sp, &h->serialno);
+ if (ret) return ret;
+ ret = krb5_ret_uint8(sp, &h->type);
+ if (ret) return ret;
+ ret = krb5_ret_uint8(sp, &h->flags);
+ if (ret) return ret;
+ ret = krb5_ret_uint8(sp, &h->status);
+ if (ret) return ret;
+ ret = krb5_ret_uint8(sp, &h->secindex);
+ if (ret) return ret;
+ ret = krb5_ret_uint16(sp, &h->reserved);
+ if (ret) return ret;
+ ret = krb5_ret_uint16(sp, &h->serviceid);
+ if (ret) return ret;
+
+ return 0;
+}
+
+static krb5_error_code
+encode_rx_header (struct rx_header *h,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+
+ ret = krb5_store_uint32(sp, h->epoch);
+ if (ret) return ret;
+ ret = krb5_store_uint32(sp, h->connid);
+ if (ret) return ret;
+ ret = krb5_store_uint32(sp, h->callid);
+ if (ret) return ret;
+ ret = krb5_store_uint32(sp, h->seqno);
+ if (ret) return ret;
+ ret = krb5_store_uint32(sp, h->serialno);
+ if (ret) return ret;
+ ret = krb5_store_uint8(sp, h->type);
+ if (ret) return ret;
+ ret = krb5_store_uint8(sp, h->flags);
+ if (ret) return ret;
+ ret = krb5_store_uint8(sp, h->status);
+ if (ret) return ret;
+ ret = krb5_store_uint8(sp, h->secindex);
+ if (ret) return ret;
+ ret = krb5_store_uint16(sp, h->reserved);
+ if (ret) return ret;
+ ret = krb5_store_uint16(sp, h->serviceid);
+ if (ret) return ret;
+
+ return 0;
+}
+
+static void
+init_reply_header (struct rx_header *hdr,
+ struct rx_header *reply_hdr,
+ u_char type,
+ u_char flags)
+{
+ reply_hdr->epoch = hdr->epoch;
+ reply_hdr->connid = hdr->connid;
+ reply_hdr->callid = hdr->callid;
+ reply_hdr->seqno = 1;
+ reply_hdr->serialno = 1;
+ reply_hdr->type = type;
+ reply_hdr->flags = flags;
+ reply_hdr->status = 0;
+ reply_hdr->secindex = 0;
+ reply_hdr->reserved = 0;
+ reply_hdr->serviceid = hdr->serviceid;
+}
+
+/*
+ * Create an error `reply\xB4 using for the packet `hdr' with the error
+ * `error\xB4 code.
+ */
+static void
+make_error_reply (struct rx_header *hdr,
+ uint32_t error,
+ krb5_data *reply)
+
+{
+ struct rx_header reply_hdr;
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return;
+ ret = encode_rx_header (&reply_hdr, sp);
+ if (ret)
+ return;
+ krb5_store_int32(sp, error);
+ krb5_storage_to_data (sp, reply);
+ krb5_storage_free (sp);
+}
+
+static krb5_error_code
+krb5_ret_xdr_data(krb5_storage *sp,
+ krb5_data *data)
+{
+ int ret;
+ int size;
+ ret = krb5_ret_int32(sp, &size);
+ if(ret)
+ return ret;
+ if(size < 0)
+ return ERANGE;
+ data->length = size;
+ if (size) {
+ u_char foo[4];
+ size_t pad = (4 - size % 4) % 4;
+
+ data->data = malloc(size);
+ if (data->data == NULL)
+ return ENOMEM;
+ ret = krb5_storage_read(sp, data->data, size);
+ if(ret != size)
+ return (ret < 0)? errno : KRB5_CC_END;
+ if (pad) {
+ ret = krb5_storage_read(sp, foo, pad);
+ if (ret != pad)
+ return (ret < 0)? errno : KRB5_CC_END;
+ }
+ } else
+ data->data = NULL;
+ return 0;
+}
+
+static krb5_error_code
+krb5_store_xdr_data(krb5_storage *sp,
+ krb5_data data)
+{
+ u_char zero[4] = {0, 0, 0, 0};
+ int ret;
+ size_t pad;
+
+ ret = krb5_store_int32(sp, data.length);
+ if(ret < 0)
+ return ret;
+ ret = krb5_storage_write(sp, data.data, data.length);
+ if(ret != data.length){
+ if(ret < 0)
+ return errno;
+ return KRB5_CC_END;
+ }
+ pad = (4 - data.length % 4) % 4;
+ if (pad) {
+ ret = krb5_storage_write(sp, zero, pad);
+ if (ret != pad) {
+ if (ret < 0)
+ return errno;
+ return KRB5_CC_END;
+ }
+ }
+ return 0;
+}
+
+
+static krb5_error_code
+create_reply_ticket (krb5_context context,
+ struct rx_header *hdr,
+ Key *skey,
+ char *name, char *instance, char *realm,
+ struct sockaddr_in *addr,
+ int life,
+ int kvno,
+ int32_t max_seq_len,
+ const char *sname, const char *sinstance,
+ uint32_t challenge,
+ const char *label,
+ krb5_keyblock *key,
+ krb5_data *reply)
+{
+ krb5_error_code ret;
+ krb5_data ticket;
+ krb5_keyblock session;
+ krb5_storage *sp;
+ krb5_data enc_data;
+ struct rx_header reply_hdr;
+ char zero[8];
+ size_t pad;
+ unsigned fyrtiosjuelva;
+
+ /* create the ticket */
+
+ krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session);
+
+ _krb5_krb_create_ticket(context,
+ 0,
+ name,
+ instance,
+ realm,
+ addr->sin_addr.s_addr,
+ &session,
+ life,
+ kdc_time,
+ sname,
+ sinstance,
+ &skey->key,
+ &ticket);
+
+ /* create the encrypted part of the reply */
+ sp = krb5_storage_emem ();
+ krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva));
+ fyrtiosjuelva &= 0xffffffff;
+ krb5_store_int32 (sp, fyrtiosjuelva);
+ krb5_store_int32 (sp, challenge);
+ krb5_storage_write (sp, session.keyvalue.data, 8);
+ krb5_free_keyblock_contents(context, &session);
+ krb5_store_int32 (sp, kdc_time);
+ krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life));
+ krb5_store_int32 (sp, kvno);
+ krb5_store_int32 (sp, ticket.length);
+ krb5_store_stringz (sp, name);
+ krb5_store_stringz (sp, instance);
+#if 1 /* XXX - Why shouldn't the realm go here? */
+ krb5_store_stringz (sp, "");
+#else
+ krb5_store_stringz (sp, realm);
+#endif
+ krb5_store_stringz (sp, sname);
+ krb5_store_stringz (sp, sinstance);
+ krb5_storage_write (sp, ticket.data, ticket.length);
+ krb5_storage_write (sp, label, strlen(label));
+
+ /* pad to DES block */
+ memset (zero, 0, sizeof(zero));
+ pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8;
+ krb5_storage_write (sp, zero, pad);
+
+ krb5_storage_to_data (sp, &enc_data);
+ krb5_storage_free (sp);
+
+ if (enc_data.length > max_seq_len) {
+ krb5_data_free (&enc_data);
+ make_error_reply (hdr, KAANSWERTOOLONG, reply);
+ return 0;
+ }
+
+ /* encrypt it */
+ {
+ DES_key_schedule schedule;
+ DES_cblock deskey;
+
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+ DES_set_key (&deskey, &schedule);
+ DES_pcbc_encrypt (enc_data.data,
+ enc_data.data,
+ enc_data.length,
+ &schedule,
+ &deskey,
+ DES_ENCRYPT);
+ memset (&schedule, 0, sizeof(schedule));
+ memset (&deskey, 0, sizeof(deskey));
+ }
+
+ /* create the reply packet */
+ init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST);
+ sp = krb5_storage_emem ();
+ ret = encode_rx_header (&reply_hdr, sp);
+ krb5_store_int32 (sp, max_seq_len);
+ krb5_store_xdr_data (sp, enc_data);
+ krb5_data_free (&enc_data);
+ krb5_storage_to_data (sp, reply);
+ krb5_storage_free (sp);
+ return 0;
+}
+
+static krb5_error_code
+unparse_auth_args (krb5_storage *sp,
+ char **name,
+ char **instance,
+ time_t *start_time,
+ time_t *end_time,
+ krb5_data *request,
+ int32_t *max_seq_len)
+{
+ krb5_data data;
+ int32_t tmp;
+
+ krb5_ret_xdr_data (sp, &data);
+ *name = malloc(data.length + 1);
+ if (*name == NULL)
+ return ENOMEM;
+ memcpy (*name, data.data, data.length);
+ (*name)[data.length] = '\0';
+ krb5_data_free (&data);
+
+ krb5_ret_xdr_data (sp, &data);
+ *instance = malloc(data.length + 1);
+ if (*instance == NULL) {
+ free (*name);
+ return ENOMEM;
+ }
+ memcpy (*instance, data.data, data.length);
+ (*instance)[data.length] = '\0';
+ krb5_data_free (&data);
+
+ krb5_ret_int32 (sp, &tmp);
+ *start_time = tmp;
+ krb5_ret_int32 (sp, &tmp);
+ *end_time = tmp;
+ krb5_ret_xdr_data (sp, request);
+ krb5_ret_int32 (sp, max_seq_len);
+ /* ignore the rest */
+ return 0;
+}
+
+static void
+do_authenticate (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct rx_header *hdr,
+ krb5_storage *sp,
+ struct sockaddr_in *addr,
+ const char *from,
+ krb5_data *reply)
+{
+ krb5_error_code ret;
+ char *name = NULL;
+ char *instance = NULL;
+ time_t start_time;
+ time_t end_time;
+ krb5_data request;
+ int32_t max_seq_len;
+ hdb_entry_ex *client_entry = NULL;
+ hdb_entry_ex *server_entry = NULL;
+ Key *ckey = NULL;
+ Key *skey = NULL;
+ krb5_storage *reply_sp;
+ time_t max_life;
+ uint8_t life;
+ int32_t chal;
+ char client_name[256];
+ char server_name[256];
+
+ krb5_data_zero (&request);
+
+ ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time,
+ &request, &max_seq_len);
+ if (ret != 0 || request.length < 8) {
+ make_error_reply (hdr, KABADREQUEST, reply);
+ goto out;
+ }
+
+ snprintf (client_name, sizeof(client_name), "%s.%s@%s",
+ name, instance, config->v4_realm);
+ snprintf (server_name, sizeof(server_name), "%s.%s@%s",
+ "krbtgt", config->v4_realm, config->v4_realm);
+
+ kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s",
+ client_name, from, server_name);
+
+ ret = _kdc_db_fetch4 (context, config, name, instance,
+ config->v4_realm, HDB_F_GET_CLIENT,
+ &client_entry);
+ if (ret) {
+ kdc_log(context, config, 0, "Client not found in database: %s: %s",
+ client_name, krb5_get_err_text(context, ret));
+ make_error_reply (hdr, KANOENT, reply);
+ goto out;
+ }
+
+ ret = _kdc_db_fetch4 (context, config, "krbtgt",
+ config->v4_realm, config->v4_realm,
+ HDB_F_GET_KRBTGT, &server_entry);
+ if (ret) {
+ kdc_log(context, config, 0, "Server not found in database: %s: %s",
+ server_name, krb5_get_err_text(context, ret));
+ make_error_reply (hdr, KANOENT, reply);
+ goto out;
+ }
+
+ ret = _kdc_check_flags (context, config,
+ client_entry, client_name,
+ server_entry, server_name,
+ TRUE);
+ if (ret) {
+ make_error_reply (hdr, KAPWEXPIRED, reply);
+ goto out;
+ }
+
+ /* find a DES key */
+ ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey);
+ if(ret){
+ kdc_log(context, config, 0, "no suitable DES key for client");
+ make_error_reply (hdr, KANOKEYS, reply);
+ goto out;
+ }
+
+ /* find a DES key */
+ ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
+ if(ret){
+ kdc_log(context, config, 0, "no suitable DES key for server");
+ make_error_reply (hdr, KANOKEYS, reply);
+ goto out;
+ }
+
+ {
+ DES_cblock key;
+ DES_key_schedule schedule;
+
+ /* try to decode the `request' */
+ memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
+ DES_set_key (&key, &schedule);
+ DES_pcbc_encrypt (request.data,
+ request.data,
+ request.length,
+ &schedule,
+ &key,
+ DES_DECRYPT);
+ memset (&schedule, 0, sizeof(schedule));
+ memset (&key, 0, sizeof(key));
+ }
+
+ /* check for the magic label */
+ if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) {
+ kdc_log(context, config, 0, "preauth failed for %s", client_name);
+ make_error_reply (hdr, KABADREQUEST, reply);
+ goto out;
+ }
+
+ reply_sp = krb5_storage_from_mem (request.data, 4);
+ krb5_ret_int32 (reply_sp, &chal);
+ krb5_storage_free (reply_sp);
+
+ if (abs(chal - kdc_time) > context->max_skew) {
+ make_error_reply (hdr, KACLOCKSKEW, reply);
+ goto out;
+ }
+
+ /* life */
+ max_life = end_time - kdc_time;
+ /* end_time - kdc_time can sometimes be non-positive due to slight
+ time skew between client and server. Let's make sure it is postive */
+ if(max_life < 1)
+ max_life = 1;
+ if (client_entry->entry.max_life)
+ max_life = min(max_life, *client_entry->entry.max_life);
+ if (server_entry->entry.max_life)
+ max_life = min(max_life, *server_entry->entry.max_life);
+
+ life = krb_time_to_life(kdc_time, kdc_time + max_life);
+
+ create_reply_ticket (context,
+ hdr, skey,
+ name, instance, config->v4_realm,
+ addr, life, server_entry->entry.kvno,
+ max_seq_len,
+ "krbtgt", config->v4_realm,
+ chal + 1, "tgsT",
+ &ckey->key, reply);
+
+ out:
+ if (request.length) {
+ memset (request.data, 0, request.length);
+ krb5_data_free (&request);
+ }
+ if (name)
+ free (name);
+ if (instance)
+ free (instance);
+ if (client_entry)
+ _kdc_free_ent (context, client_entry);
+ if (server_entry)
+ _kdc_free_ent (context, server_entry);
+}
+
+static krb5_error_code
+unparse_getticket_args (krb5_storage *sp,
+ int *kvno,
+ char **auth_domain,
+ krb5_data *ticket,
+ char **name,
+ char **instance,
+ krb5_data *times,
+ int32_t *max_seq_len)
+{
+ krb5_data data;
+ int32_t tmp;
+
+ krb5_ret_int32 (sp, &tmp);
+ *kvno = tmp;
+
+ krb5_ret_xdr_data (sp, &data);
+ *auth_domain = malloc(data.length + 1);
+ if (*auth_domain == NULL)
+ return ENOMEM;
+ memcpy (*auth_domain, data.data, data.length);
+ (*auth_domain)[data.length] = '\0';
+ krb5_data_free (&data);
+
+ krb5_ret_xdr_data (sp, ticket);
+
+ krb5_ret_xdr_data (sp, &data);
+ *name = malloc(data.length + 1);
+ if (*name == NULL) {
+ free (*auth_domain);
+ return ENOMEM;
+ }
+ memcpy (*name, data.data, data.length);
+ (*name)[data.length] = '\0';
+ krb5_data_free (&data);
+
+ krb5_ret_xdr_data (sp, &data);
+ *instance = malloc(data.length + 1);
+ if (*instance == NULL) {
+ free (*auth_domain);
+ free (*name);
+ return ENOMEM;
+ }
+ memcpy (*instance, data.data, data.length);
+ (*instance)[data.length] = '\0';
+ krb5_data_free (&data);
+
+ krb5_ret_xdr_data (sp, times);
+
+ krb5_ret_int32 (sp, max_seq_len);
+ /* ignore the rest */
+ return 0;
+}
+
+static void
+do_getticket (krb5_context context,
+ krb5_kdc_configuration *config,
+ struct rx_header *hdr,
+ krb5_storage *sp,
+ struct sockaddr_in *addr,
+ const char *from,
+ krb5_data *reply)
+{
+ krb5_error_code ret;
+ int kvno;
+ char *auth_domain = NULL;
+ krb5_data aticket;
+ char *name = NULL;
+ char *instance = NULL;
+ krb5_data times;
+ int32_t max_seq_len;
+ hdb_entry_ex *server_entry = NULL;
+ hdb_entry_ex *client_entry = NULL;
+ hdb_entry_ex *krbtgt_entry = NULL;
+ Key *kkey = NULL;
+ Key *skey = NULL;
+ DES_cblock key;
+ DES_key_schedule schedule;
+ DES_cblock session;
+ time_t max_life;
+ int8_t life;
+ time_t start_time, end_time;
+ char server_name[256];
+ char client_name[256];
+ struct _krb5_krb_auth_data ad;
+
+ krb5_data_zero (&aticket);
+ krb5_data_zero (×);
+
+ memset(&ad, 0, sizeof(ad));
+
+ unparse_getticket_args (sp, &kvno, &auth_domain, &aticket,
+ &name, &instance, ×, &max_seq_len);
+ if (times.length < 8) {
+ make_error_reply (hdr, KABADREQUEST, reply);
+ goto out;
+
+ }
+
+ snprintf (server_name, sizeof(server_name),
+ "%s.%s@%s", name, instance, config->v4_realm);
+
+ ret = _kdc_db_fetch4 (context, config, name, instance,
+ config->v4_realm, HDB_F_GET_SERVER, &server_entry);
+ if (ret) {
+ kdc_log(context, config, 0, "Server not found in database: %s: %s",
+ server_name, krb5_get_err_text(context, ret));
+ make_error_reply (hdr, KANOENT, reply);
+ goto out;
+ }
+
+ ret = _kdc_db_fetch4 (context, config, "krbtgt",
+ config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Server not found in database: %s.%s@%s: %s",
+ "krbtgt", config->v4_realm, config->v4_realm,
+ krb5_get_err_text(context, ret));
+ make_error_reply (hdr, KANOENT, reply);
+ goto out;
+ }
+
+ /* find a DES key */
+ ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey);
+ if(ret){
+ kdc_log(context, config, 0, "no suitable DES key for krbtgt");
+ make_error_reply (hdr, KANOKEYS, reply);
+ goto out;
+ }
+
+ /* find a DES key */
+ ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
+ if(ret){
+ kdc_log(context, config, 0, "no suitable DES key for server");
+ make_error_reply (hdr, KANOKEYS, reply);
+ goto out;
+ }
+
+ /* decrypt the incoming ticket */
+ memcpy (&key, kkey->key.keyvalue.data, sizeof(key));
+
+ /* unpack the ticket */
+ {
+ char *sname = NULL;
+ char *sinstance = NULL;
+
+ ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key,
+ config->v4_realm, &sname,
+ &sinstance, &ad);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "kaserver: decomp failed for %s.%s with %d",
+ sname, sinstance, ret);
+ make_error_reply (hdr, KABADTICKET, reply);
+ goto out;
+ }
+
+ if (strcmp (sname, "krbtgt") != 0
+ || strcmp (sinstance, config->v4_realm) != 0) {
+ kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s",
+ sname, sinstance,
+ ad.pname, ad.pinst, ad.prealm);
+ make_error_reply (hdr, KABADTICKET, reply);
+ free(sname);
+ free(sinstance);
+ goto out;
+ }
+ free(sname);
+ free(sinstance);
+
+ if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) {
+ kdc_log(context, config, 0, "TGT expired: %s.%s@%s",
+ ad.pname, ad.pinst, ad.prealm);
+ make_error_reply (hdr, KABADTICKET, reply);
+ goto out;
+ }
+ }
+
+ snprintf (client_name, sizeof(client_name),
+ "%s.%s@%s", ad.pname, ad.pinst, ad.prealm);
+
+ kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s",
+ client_name, from, server_name);
+
+ ret = _kdc_db_fetch4 (context, config,
+ ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT,
+ &client_entry);
+ if(ret && ret != HDB_ERR_NOENTRY) {
+ kdc_log(context, config, 0,
+ "Client not found in database: (krb4) %s: %s",
+ client_name, krb5_get_err_text(context, ret));
+ make_error_reply (hdr, KANOENT, reply);
+ goto out;
+ }
+ if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
+ kdc_log(context, config, 0,
+ "Local client not found in database: (krb4) "
+ "%s", client_name);
+ make_error_reply (hdr, KANOENT, reply);
+ goto out;
+ }
+
+ ret = _kdc_check_flags (context, config,
+ client_entry, client_name,
+ server_entry, server_name,
+ FALSE);
+ if (ret) {
+ make_error_reply (hdr, KAPWEXPIRED, reply);
+ goto out;
+ }
+
+ /* decrypt the times */
+ memcpy(&session, ad.session.keyvalue.data, sizeof(session));
+ DES_set_key (&session, &schedule);
+ DES_ecb_encrypt (times.data,
+ times.data,
+ &schedule,
+ DES_DECRYPT);
+ memset (&schedule, 0, sizeof(schedule));
+ memset (&session, 0, sizeof(session));
+
+ /* and extract them */
+ {
+ krb5_storage *tsp;
+ int32_t tmp;
+
+ tsp = krb5_storage_from_mem (times.data, times.length);
+ krb5_ret_int32 (tsp, &tmp);
+ start_time = tmp;
+ krb5_ret_int32 (tsp, &tmp);
+ end_time = tmp;
+ krb5_storage_free (tsp);
+ }
+
+ /* life */
+ max_life = end_time - kdc_time;
+ /* end_time - kdc_time can sometimes be non-positive due to slight
+ time skew between client and server. Let's make sure it is postive */
+ if(max_life < 1)
+ max_life = 1;
+ if (krbtgt_entry->entry.max_life)
+ max_life = min(max_life, *krbtgt_entry->entry.max_life);
+ if (server_entry->entry.max_life)
+ max_life = min(max_life, *server_entry->entry.max_life);
+ /* if this is a cross realm request, the client_entry will likely
+ be NULL */
+ if (client_entry && client_entry->entry.max_life)
+ max_life = min(max_life, *client_entry->entry.max_life);
+
+ life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
+
+ create_reply_ticket (context,
+ hdr, skey,
+ ad.pname, ad.pinst, ad.prealm,
+ addr, life, server_entry->entry.kvno,
+ max_seq_len,
+ name, instance,
+ 0, "gtkt",
+ &ad.session, reply);
+
+ out:
+ _krb5_krb_free_auth_data(context, &ad);
+ if (aticket.length) {
+ memset (aticket.data, 0, aticket.length);
+ krb5_data_free (&aticket);
+ }
+ if (times.length) {
+ memset (times.data, 0, times.length);
+ krb5_data_free (×);
+ }
+ if (auth_domain)
+ free (auth_domain);
+ if (name)
+ free (name);
+ if (instance)
+ free (instance);
+ if (krbtgt_entry)
+ _kdc_free_ent (context, krbtgt_entry);
+ if (server_entry)
+ _kdc_free_ent (context, server_entry);
+}
+
+krb5_error_code
+_kdc_do_kaserver(krb5_context context,
+ krb5_kdc_configuration *config,
+ unsigned char *buf,
+ size_t len,
+ krb5_data *reply,
+ const char *from,
+ struct sockaddr_in *addr)
+{
+ krb5_error_code ret = 0;
+ struct rx_header hdr;
+ uint32_t op;
+ krb5_storage *sp;
+
+ if (len < RX_HEADER_SIZE)
+ return -1;
+ sp = krb5_storage_from_mem (buf, len);
+
+ ret = decode_rx_header (sp, &hdr);
+ if (ret)
+ goto out;
+ buf += RX_HEADER_SIZE;
+ len -= RX_HEADER_SIZE;
+
+ switch (hdr.type) {
+ case HT_DATA :
+ break;
+ case HT_ACK :
+ case HT_BUSY :
+ case HT_ABORT :
+ case HT_ACKALL :
+ case HT_CHAL :
+ case HT_RESP :
+ case HT_DEBUG :
+ default:
+ /* drop */
+ goto out;
+ }
+
+
+ if (hdr.serviceid != KA_AUTHENTICATION_SERVICE
+ && hdr.serviceid != KA_TICKET_GRANTING_SERVICE) {
+ ret = -1;
+ goto out;
+ }
+
+ ret = krb5_ret_uint32(sp, &op);
+ if (ret)
+ goto out;
+ switch (op) {
+ case AUTHENTICATE :
+ case AUTHENTICATE_V2 :
+ do_authenticate (context, config, &hdr, sp, addr, from, reply);
+ break;
+ case GETTICKET :
+ do_getticket (context, config, &hdr, sp, addr, from, reply);
+ break;
+ case AUTHENTICATE_OLD :
+ case CHANGEPASSWORD :
+ case GETTICKET_OLD :
+ case SETPASSWORD :
+ case SETFIELDS :
+ case CREATEUSER :
+ case DELETEUSER :
+ case GETENTRY :
+ case LISTENTRY :
+ case GETSTATS :
+ case DEBUG :
+ case GETPASSWORD :
+ case GETRANDOMKEY :
+ default :
+ make_error_reply (&hdr, RXGEN_OPCODE, reply);
+ break;
+ }
+
+out:
+ krb5_storage_free (sp);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kdc/kdc-private.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kdc-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kdc-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,286 @@
+/* This is a generated file */
+#ifndef __kdc_private_h__
+#define __kdc_private_h__
+
+#include <stdarg.h>
+
+krb5_error_code
+_kdc_add_KRB5SignedPath (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ hdb_entry_ex */*krbtgt*/,
+ krb5_enctype /*enctype*/,
+ krb5_const_principal /*server*/,
+ KRB5SignedPathPrincipals */*principals*/,
+ EncTicketPart */*tkt*/);
+
+krb5_error_code
+_kdc_add_inital_verified_cas (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ pk_client_params */*params*/,
+ EncTicketPart */*tkt*/);
+
+krb5_error_code
+_kdc_as_rep (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ KDC_REQ */*req*/,
+ const krb5_data */*req_buffer*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*from_addr*/,
+ int /*datagram_reply*/);
+
+krb5_boolean
+_kdc_check_addresses (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ HostAddresses */*addresses*/,
+ const struct sockaddr */*from*/);
+
+krb5_error_code
+_kdc_check_flags (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ hdb_entry_ex */*client_ex*/,
+ const char */*client_name*/,
+ hdb_entry_ex */*server_ex*/,
+ const char */*server_name*/,
+ krb5_boolean /*is_as_req*/);
+
+krb5_error_code
+_kdc_db_fetch (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ krb5_const_principal /*principal*/,
+ unsigned /*flags*/,
+ HDB **/*db*/,
+ hdb_entry_ex **/*h*/);
+
+krb5_error_code
+_kdc_db_fetch4 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ unsigned /*flags*/,
+ hdb_entry_ex **/*ent*/);
+
+krb5_error_code
+_kdc_do_524 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const Ticket */*t*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*addr*/);
+
+krb5_error_code
+_kdc_do_digest (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const DigestREQ */*req*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*addr*/);
+
+krb5_error_code
+_kdc_do_kaserver (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ unsigned char */*buf*/,
+ size_t /*len*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr_in */*addr*/);
+
+krb5_error_code
+_kdc_do_kx509 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const Kx509Request */*req*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*addr*/);
+
+krb5_error_code
+_kdc_do_version4 (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ unsigned char */*buf*/,
+ size_t /*len*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr_in */*addr*/);
+
+krb5_error_code
+_kdc_encode_reply (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ KDC_REP */*rep*/,
+ const EncTicketPart */*et*/,
+ EncKDCRepPart */*ek*/,
+ krb5_enctype /*etype*/,
+ int /*skvno*/,
+ const EncryptionKey */*skey*/,
+ int /*ckvno*/,
+ const EncryptionKey */*ckey*/,
+ const char **/*e_text*/,
+ krb5_data */*reply*/);
+
+krb5_error_code
+_kdc_encode_v4_ticket (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ void */*buf*/,
+ size_t /*len*/,
+ const EncTicketPart */*et*/,
+ const PrincipalName */*service*/,
+ size_t */*size*/);
+
+krb5_error_code
+_kdc_find_etype (
+ krb5_context /*context*/,
+ const hdb_entry_ex */*princ*/,
+ krb5_enctype */*etypes*/,
+ unsigned /*len*/,
+ Key **/*ret_key*/,
+ krb5_enctype */*ret_etype*/);
+
+const PA_DATA*
+_kdc_find_padata (
+ const KDC_REQ */*req*/,
+ int */*start*/,
+ int /*type*/);
+
+void
+_kdc_fix_time (time_t **/*t*/);
+
+void
+_kdc_free_ent (
+ krb5_context /*context*/,
+ hdb_entry_ex */*ent*/);
+
+krb5_error_code
+_kdc_get_des_key (
+ krb5_context /*context*/,
+ hdb_entry_ex */*principal*/,
+ krb5_boolean /*is_server*/,
+ krb5_boolean /*prefer_afs_key*/,
+ Key **/*ret_key*/);
+
+krb5_error_code
+_kdc_get_preferred_key (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ hdb_entry_ex */*h*/,
+ const char */*name*/,
+ krb5_enctype */*enctype*/,
+ Key **/*key*/);
+
+void
+_kdc_log_timestamp (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const char */*type*/,
+ KerberosTime /*authtime*/,
+ KerberosTime */*starttime*/,
+ KerberosTime /*endtime*/,
+ KerberosTime */*renew_till*/);
+
+krb5_error_code
+_kdc_make_anonymous_principalname (PrincipalName */*pn*/);
+
+int
+_kdc_maybe_version4 (
+ unsigned char */*buf*/,
+ int /*len*/);
+
+krb5_error_code
+_kdc_pac_generate (
+ krb5_context /*context*/,
+ hdb_entry_ex */*client*/,
+ krb5_pac */*pac*/);
+
+krb5_error_code
+_kdc_pac_verify (
+ krb5_context /*context*/,
+ const krb5_principal /*client_principal*/,
+ hdb_entry_ex */*client*/,
+ hdb_entry_ex */*server*/,
+ krb5_pac */*pac*/);
+
+krb5_error_code
+_kdc_pk_check_client (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const hdb_entry_ex */*client*/,
+ pk_client_params */*client_params*/,
+ char **/*subject_name*/);
+
+void
+_kdc_pk_free_client_param (
+ krb5_context /*context*/,
+ pk_client_params */*client_params*/);
+
+krb5_error_code
+_kdc_pk_initialize (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const char */*user_id*/,
+ const char */*anchors*/,
+ char **/*pool*/,
+ char **/*revoke_list*/);
+
+krb5_error_code
+_kdc_pk_mk_pa_reply (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ pk_client_params */*client_params*/,
+ const hdb_entry_ex */*client*/,
+ const KDC_REQ */*req*/,
+ const krb5_data */*req_buffer*/,
+ krb5_keyblock **/*reply_key*/,
+ METHOD_DATA */*md*/);
+
+krb5_error_code
+_kdc_pk_rd_padata (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ const KDC_REQ */*req*/,
+ const PA_DATA */*pa*/,
+ pk_client_params **/*ret_params*/);
+
+krb5_error_code
+_kdc_tgs_rep (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ KDC_REQ */*req*/,
+ krb5_data */*data*/,
+ const char */*from*/,
+ struct sockaddr */*from_addr*/,
+ int /*datagram_reply*/);
+
+krb5_error_code
+_kdc_tkt_add_if_relevant_ad (
+ krb5_context /*context*/,
+ EncTicketPart */*tkt*/,
+ int /*type*/,
+ const krb5_data */*data*/);
+
+krb5_error_code
+_kdc_try_kx509_request (
+ void */*ptr*/,
+ size_t /*len*/,
+ Kx509Request */*req*/,
+ size_t */*size*/);
+
+krb5_error_code
+_kdc_windc_client_access (
+ krb5_context /*context*/,
+ struct hdb_entry_ex */*client*/,
+ KDC_REQ */*req*/);
+
+#endif /* __kdc_private_h__ */
Added: vendor-crypto/heimdal/dist/kdc/kdc-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kdc-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kdc-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+/* This is a generated file */
+#ifndef __kdc_protos_h__
+#define __kdc_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void
+kdc_log (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ int /*level*/,
+ const char */*fmt*/,
+ ...);
+
+char*
+kdc_log_msg (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ int /*level*/,
+ const char */*fmt*/,
+ ...);
+
+char*
+kdc_log_msg_va (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ int /*level*/,
+ const char */*fmt*/,
+ va_list /*ap*/);
+
+void
+kdc_openlog (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/);
+
+krb5_error_code
+krb5_kdc_get_config (
+ krb5_context /*context*/,
+ krb5_kdc_configuration **/*config*/);
+
+int
+krb5_kdc_process_krb5_request (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ unsigned char */*buf*/,
+ size_t /*len*/,
+ krb5_data */*reply*/,
+ const char */*from*/,
+ struct sockaddr */*addr*/,
+ int /*datagram_reply*/);
+
+int
+krb5_kdc_process_request (
+ krb5_context /*context*/,
+ krb5_kdc_configuration */*config*/,
+ unsigned char */*buf*/,
+ size_t /*len*/,
+ krb5_data */*reply*/,
+ krb5_boolean */*prependlength*/,
+ const char */*from*/,
+ struct sockaddr */*addr*/,
+ int /*datagram_reply*/);
+
+int
+krb5_kdc_save_request (
+ krb5_context /*context*/,
+ const char */*fn*/,
+ const unsigned char */*buf*/,
+ size_t /*len*/,
+ const krb5_data */*reply*/,
+ const struct sockaddr */*sa*/);
+
+krb5_error_code
+krb5_kdc_set_dbinfo (
+ krb5_context /*context*/,
+ struct krb5_kdc_configuration */*c*/);
+
+void
+krb5_kdc_update_time (struct timeval */*tv*/);
+
+krb5_error_code
+krb5_kdc_windc_init (krb5_context /*context*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __kdc_protos_h__ */
Added: vendor-crypto/heimdal/dist/kdc/kdc-replay.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kdc-replay.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kdc-replay.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,197 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: kdc-replay.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int version_flag;
+static int help_flag;
+
+struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag }
+};
+
+const static int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int ret)
+{
+ arg_printusage (args, num_args, NULL, "kdc-request-log-file");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_kdc_configuration *config;
+ krb5_storage *sp;
+ int fd, optidx = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+
+ if(help_flag)
+ usage(0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed to parse configuration file");
+
+ ret = krb5_kdc_get_config(context, &config);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kdc_default_config");
+
+ kdc_openlog(context, config);
+
+ ret = krb5_kdc_set_dbinfo(context, config);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
+
+ if (argc != 2)
+ errx(1, "argc != 2");
+
+ printf("kdc replay\n");
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0)
+ err(1, "open: %s", argv[1]);
+
+ sp = krb5_storage_from_fd(fd);
+ if (sp == NULL)
+ krb5_errx(context, 1, "krb5_storage_from_fd");
+
+ while(1) {
+ struct sockaddr_storage sa;
+ krb5_socklen_t salen = sizeof(sa);
+ struct timeval tv;
+ krb5_address a;
+ krb5_data d, r;
+ uint32_t t, clty, tag;
+ char astr[80];
+
+ ret = krb5_ret_uint32(sp, &t);
+ if (ret == HEIM_ERR_EOF)
+ break;
+ else if (ret)
+ krb5_errx(context, 1, "krb5_ret_uint32(version)");
+ if (t != 1)
+ krb5_errx(context, 1, "version not 1");
+ ret = krb5_ret_uint32(sp, &t);
+ if (ret)
+ krb5_errx(context, 1, "krb5_ret_uint32(time)");
+ ret = krb5_ret_address(sp, &a);
+ if (ret)
+ krb5_errx(context, 1, "krb5_ret_address");
+ ret = krb5_ret_data(sp, &d);
+ if (ret)
+ krb5_errx(context, 1, "krb5_ret_data");
+ ret = krb5_ret_uint32(sp, &clty);
+ if (ret)
+ krb5_errx(context, 1, "krb5_ret_uint32(class|type)");
+ ret = krb5_ret_uint32(sp, &tag);
+ if (ret)
+ krb5_errx(context, 1, "krb5_ret_uint32(tag)");
+
+
+ ret = krb5_addr2sockaddr (context, &a, (struct sockaddr *)&sa,
+ &salen, 88);
+ if (ret == KRB5_PROG_ATYPE_NOSUPP)
+ goto out;
+ else if (ret)
+ krb5_err(context, 1, ret, "krb5_addr2sockaddr");
+
+ ret = krb5_print_address(&a, astr, sizeof(astr), NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_print_address");
+
+ printf("processing request from %s, %lu bytes\n",
+ astr, (unsigned long)d.length);
+
+ r.length = 0;
+ r.data = NULL;
+
+ tv.tv_sec = t;
+ tv.tv_usec = 0;
+
+ krb5_kdc_update_time(&tv);
+ krb5_set_real_time(context, tv.tv_sec, 0);
+
+ ret = krb5_kdc_process_request(context, config, d.data, d.length,
+ &r, NULL, astr,
+ (struct sockaddr *)&sa, 0);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kdc_process_request");
+
+ if (r.length) {
+ Der_class cl;
+ Der_type ty;
+ unsigned int tag2;
+ ret = der_get_tag (r.data, r.length,
+ &cl, &ty, &tag2, NULL);
+ if (MAKE_TAG(cl, ty, 0) != clty)
+ krb5_errx(context, 1, "class|type mismatch: %d != %d",
+ (int)MAKE_TAG(cl, ty, 0), (int)clty);
+ if (tag != tag2)
+ krb5_errx(context, 1, "tag mismatch");
+
+ krb5_data_free(&r);
+ } else {
+ if (clty != 0xffffffff)
+ krb5_errx(context, 1, "clty not invalid");
+ if (tag != 0xffffffff)
+ krb5_errx(context, 1, "tag not invalid");
+ }
+
+ out:
+ krb5_data_free(&d);
+ krb5_free_address(context, &a);
+ }
+
+ krb5_storage_free(sp);
+ krb5_free_context(context);
+
+ printf("done\n");
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/kdc.8
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kdc.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kdc.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,262 @@
+.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kdc.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd August 24, 2006
+.Dt KDC 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kdc
+.Nd Kerberos 5 server
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Op Fl p | Fl -no-require-preauth
+.Op Fl -max-request= Ns Ar size
+.Op Fl H | Fl -enable-http
+.Op Fl -no-524
+.Op Fl -kerberos4
+.Op Fl -kerberos4-cross-realm
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -v4-realm= Ns Ar string
+.Xc
+.Oc
+.Op Fl K | Fl -kaserver
+.Oo Fl P Ar portspec \*(Ba Xo
+.Fl -ports= Ns Ar portspec
+.Xc
+.Oc
+.Op Fl -detach
+.Op Fl -disable-DES
+.Op Fl -addresses= Ns Ar list of addresses
+.Ek
+.Sh DESCRIPTION
+.Nm
+serves requests for tickets.
+When it starts, it first checks the flags passed, any options that are
+not specified with a command line flag are taken from a config file,
+or from a default compiled-in value.
+.Pp
+Options supported:
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+Specifies the location of the config file, the default is
+.Pa /var/heimdal/kdc.conf .
+This is the only value that can't be specified in the config file.
+.It Xo
+.Fl p ,
+.Fl -no-require-preauth
+.Xc
+Turn off the requirement for pre-autentication in the initial AS-REQ
+for all principals.
+The use of pre-authentication makes it more difficult to do offline
+password attacks.
+You might want to turn it off if you have clients
+that don't support pre-authentication.
+Since the version 4 protocol doesn't support any pre-authentication,
+serving version 4 clients is just about the same as not requiring
+pre-athentication.
+The default is to require pre-authentication.
+Adding the require-preauth per principal is a more flexible way of
+handling this.
+.It Xo
+.Fl -max-request= Ns Ar size
+.Xc
+Gives an upper limit on the size of the requests that the kdc is
+willing to handle.
+.It Xo
+.Fl H ,
+.Fl -enable-http
+.Xc
+Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
+.It Xo
+.Fl -no-524
+.Xc
+don't respond to 524 requests
+.It Xo
+.Fl -kerberos4
+.Xc
+respond to Kerberos 4 requests
+.It Xo
+.Fl -kerberos4-cross-realm
+.Xc
+respond to Kerberos 4 requests from foreign realms.
+This is a known security hole and should not be enabled unless you
+understand the consequences and are willing to live with them.
+.It Xo
+.Fl r Ar string ,
+.Fl -v4-realm= Ns Ar string
+.Xc
+What realm this server should act as when dealing with version 4
+requests.
+The database can contain any number of realms, but since the version 4
+protocol doesn't contain a realm for the server, it must be explicitly
+specified.
+The default is whatever is returned by
+.Fn krb_get_lrealm .
+This option is only availabe if the KDC has been compiled with version
+4 support.
+.It Xo
+.Fl K ,
+.Fl -kaserver
+.Xc
+Enable kaserver emulation (in case it's compiled in).
+.It Xo
+.Fl P Ar portspec ,
+.Fl -ports= Ns Ar portspec
+.Xc
+Specifies the set of ports the KDC should listen on.
+It is given as a
+white-space separated list of services or port numbers.
+.It Fl -addresses= Ns Ar list of addresses
+The list of addresses to listen for requests on.
+By default, the kdc will listen on all the locally configured
+addresses.
+If only a subset is desired, or the automatic detection fails, this
+option might be used.
+.It Fl -detach
+detach from pty and run as a daemon.
+.It Fl -disable-DES
+disable add des encryption types, makes the kdc not use them.
+.El
+.Pp
+All activities are logged to one or more destinations, see
+.Xr krb5.conf 5 ,
+and
+.Xr krb5_openlog 3 .
+The entity used for logging is
+.Nm kdc .
+.Sh CONFIGURATION FILE
+The configuration file has the same syntax as
+.Xr krb5.conf 5 ,
+but will be read before
+.Pa /etc/krb5.conf ,
+so it may override settings found there.
+Options specific to the KDC only are found in the
+.Dq [kdc]
+section.
+All the command-line options can preferably be added in the
+configuration file.
+The only difference is the pre-authentication flag, which has to be
+specified as:
+.Pp
+.Dl require-preauth = no
+.Pp
+(in fact you can specify the option as
+.Fl -require-preauth=no ) .
+.Pp
+And there are some configuration options which do not have
+command-line equivalents:
+.Bl -tag -width "xxx" -offset indent
+.It Li enable-digest = Va boolean
+turn on support for digest processing in the KDC.
+The default is FALSE.
+.It Li check-ticket-addresses = Va boolean
+Check the addresses in the ticket when processing TGS requests.
+The default is TRUE.
+.It Li allow-null-ticket-addresses = Va boolean
+Permit tickets with no addresses.
+This option is only relevant when check-ticket-addresses is TRUE.
+.It Li allow-anonymous = Va boolean
+Permit anonymous tickets with no addresses.
+.It Li max-kdc-datagram-reply-length = Va number
+Maximum packet size the UDP rely that the KDC will transmit, instead
+the KDC sends back a reply telling the client to use TCP instead.
+.It Li transited-policy = Xo
+.Li always-check \*(Ba
+.Li allow-per-principal |
+.Li always-honour-request
+.Xc
+This controls how KDC requests with the
+.Li disable-transited-check
+flag are handled. It can be one of:
+.Bl -tag -width "xxx" -offset indent
+.It Li always-check
+Always check transited encoding, this is the default.
+.It Li allow-per-principal
+Currently this is identical to
+.Li always-check .
+In a future release, it will be possible to mark a principal as able
+to handle unchecked requests.
+.It Li always-honour-request
+Always do what the client asked.
+In a future release, it will be possible to force a check per
+principal.
+.El
+.It encode_as_rep_as_tgs_rep = Va boolean
+Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code.
+The Heimdal clients allow both.
+.It kdc_warn_pwexpire = Va time
+How long before password/principal expiration the KDC should start
+sending out warning messages.
+.El
+.Pp
+The configuration file is only read when the
+.Nm
+is started.
+If changes made to the configuration file are to take effect, the
+.Nm
+needs to be restarted.
+.Pp
+An example of a config file:
+.Bd -literal -offset indent
+[kdc]
+ require-preauth = no
+ v4-realm = FOO.SE
+.Ed
+.Sh BUGS
+If the machine running the KDC has new addresses added to it, the KDC
+will have to be restarted to listen to them.
+The reason it doesn't just listen to wildcarded (like INADDR_ANY)
+addresses, is that the replies has to come from the same address they
+were sent to, and most OS:es doesn't pass this information to the
+application.
+If your normal mode of operation require that you add and remove
+addresses, the best option is probably to listen to a wildcarded TCP
+socket, and make sure your clients use TCP to connect.
+For instance, this will listen to IPv4 TCP port 88 only:
+.Bd -literal -offset indent
+kdc --addresses=0.0.0.0 --ports="88/tcp"
+.Ed
+.Pp
+There should be a way to specify protocol, port, and address triplets,
+not just addresses and protocol, port tuples.
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/kdc/kdc.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kdc.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kdc.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ *
+ * Copyright (c) 2005 Andrew Bartlett <abartlet at samba.org>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: kdc.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+ */
+
+#ifndef __KDC_H__
+#define __KDC_H__
+
+#include <krb5.h>
+
+enum krb5_kdc_trpolicy {
+ TRPOLICY_ALWAYS_CHECK,
+ TRPOLICY_ALLOW_PER_PRINCIPAL,
+ TRPOLICY_ALWAYS_HONOUR_REQUEST
+};
+
+typedef struct krb5_kdc_configuration {
+ krb5_boolean require_preauth; /* require preauth for all principals */
+ time_t kdc_warn_pwexpire; /* time before expiration to print a warning */
+
+ struct HDB **db;
+ int num_db;
+
+ krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
+
+ krb5_boolean check_ticket_addresses;
+ krb5_boolean allow_null_ticket_addresses;
+ krb5_boolean allow_anonymous;
+ enum krb5_kdc_trpolicy trpolicy;
+
+ char *v4_realm;
+ krb5_boolean enable_v4;
+ krb5_boolean enable_v4_cross_realm;
+ krb5_boolean enable_v4_per_principal;
+
+ krb5_boolean enable_kaserver;
+
+ krb5_boolean enable_524;
+
+ krb5_boolean enable_pkinit;
+ krb5_boolean pkinit_princ_in_cert;
+ char *pkinit_kdc_ocsp_file;
+ int pkinit_dh_min_bits;
+ int pkinit_require_binding;
+
+ krb5_log_facility *logf;
+
+ int enable_digest;
+ int digests_allowed;
+
+ size_t max_datagram_reply_length;
+
+ int enable_kx509;
+ const char *kx509_template;
+ const char *kx509_ca;
+
+} krb5_kdc_configuration;
+
+#include <kdc-protos.h>
+
+#endif
Added: vendor-crypto/heimdal/dist/kdc/kdc_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kdc_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kdc_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * $Id: kdc_locl.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+ */
+
+#ifndef __KDC_LOCL_H__
+#define __KDC_LOCL_H__
+
+#include "headers.h"
+#include "kdc.h"
+
+typedef struct pk_client_params pk_client_params;
+#include <kdc-private.h>
+
+extern sig_atomic_t exit_flag;
+extern size_t max_request;
+extern const char *request_log;
+extern const char *port_str;
+extern krb5_addresses explicit_addresses;
+
+extern int enable_http;
+
+#define DETACH_IS_DEFAULT FALSE
+
+extern int detach_from_console;
+
+extern const struct units _kdc_digestunits[];
+
+#define KDC_LOG_FILE "kdc.log"
+
+extern struct timeval _kdc_now;
+#define kdc_time (_kdc_now.tv_sec)
+
+void
+loop(krb5_context context, krb5_kdc_configuration *config);
+
+krb5_kdc_configuration *
+configure(krb5_context context, int argc, char **argv);
+
+#endif /* __KDC_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/kdc/kerberos4.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kerberos4.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kerberos4.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,805 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+#include <krb5-v4compat.h>
+
+RCSID("$Id: kerberos4.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#ifndef swap32
+static uint32_t
+swap32(uint32_t x)
+{
+ return ((x << 24) & 0xff000000) |
+ ((x << 8) & 0xff0000) |
+ ((x >> 8) & 0xff00) |
+ ((x >> 24) & 0xff);
+}
+#endif /* swap32 */
+
+int
+_kdc_maybe_version4(unsigned char *buf, int len)
+{
+ return len > 0 && *buf == 4;
+}
+
+static void
+make_err_reply(krb5_context context, krb5_data *reply,
+ int code, const char *msg)
+{
+ _krb5_krb_cr_err_reply(context, "", "", "",
+ kdc_time, code, msg, reply);
+}
+
+struct valid_princ_ctx {
+ krb5_kdc_configuration *config;
+ unsigned flags;
+};
+
+static krb5_boolean
+valid_princ(krb5_context context,
+ void *funcctx,
+ krb5_principal princ)
+{
+ struct valid_princ_ctx *ctx = funcctx;
+ krb5_error_code ret;
+ char *s;
+ hdb_entry_ex *ent;
+
+ ret = krb5_unparse_name(context, princ, &s);
+ if (ret)
+ return FALSE;
+ ret = _kdc_db_fetch(context, ctx->config, princ, ctx->flags, NULL, &ent);
+ if (ret) {
+ kdc_log(context, ctx->config, 7, "Lookup %s failed: %s", s,
+ krb5_get_err_text (context, ret));
+ free(s);
+ return FALSE;
+ }
+ kdc_log(context, ctx->config, 7, "Lookup %s succeeded", s);
+ free(s);
+ _kdc_free_ent(context, ent);
+ return TRUE;
+}
+
+krb5_error_code
+_kdc_db_fetch4(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *name, const char *instance, const char *realm,
+ unsigned flags,
+ hdb_entry_ex **ent)
+{
+ krb5_principal p;
+ krb5_error_code ret;
+ struct valid_princ_ctx ctx;
+
+ ctx.config = config;
+ ctx.flags = flags;
+
+ ret = krb5_425_conv_principal_ext2(context, name, instance, realm,
+ valid_princ, &ctx, 0, &p);
+ if(ret)
+ return ret;
+ ret = _kdc_db_fetch(context, config, p, flags, NULL, ent);
+ krb5_free_principal(context, p);
+ return ret;
+}
+
+#define RCHECK(X, L) if(X){make_err_reply(context, reply, KFAILURE, "Packet too short"); goto L;}
+
+/*
+ * Process the v4 request in `buf, len' (received from `addr'
+ * (with string `from').
+ * Return an error code and a reply in `reply'.
+ */
+
+krb5_error_code
+_kdc_do_version4(krb5_context context,
+ krb5_kdc_configuration *config,
+ unsigned char *buf,
+ size_t len,
+ krb5_data *reply,
+ const char *from,
+ struct sockaddr_in *addr)
+{
+ krb5_storage *sp;
+ krb5_error_code ret;
+ hdb_entry_ex *client = NULL, *server = NULL;
+ Key *ckey, *skey;
+ int8_t pvno;
+ int8_t msg_type;
+ int lsb;
+ char *name = NULL, *inst = NULL, *realm = NULL;
+ char *sname = NULL, *sinst = NULL;
+ int32_t req_time;
+ time_t max_life;
+ uint8_t life;
+ char client_name[256];
+ char server_name[256];
+
+ if(!config->enable_v4) {
+ kdc_log(context, config, 0,
+ "Rejected version 4 request from %s", from);
+ make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR,
+ "Function not enabled");
+ return 0;
+ }
+
+ sp = krb5_storage_from_mem(buf, len);
+ RCHECK(krb5_ret_int8(sp, &pvno), out);
+ if(pvno != 4){
+ kdc_log(context, config, 0,
+ "Protocol version mismatch (krb4) (%d)", pvno);
+ make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch");
+ goto out;
+ }
+ RCHECK(krb5_ret_int8(sp, &msg_type), out);
+ lsb = msg_type & 1;
+ msg_type &= ~1;
+ switch(msg_type){
+ case AUTH_MSG_KDC_REQUEST: {
+ krb5_data ticket, cipher;
+ krb5_keyblock session;
+
+ krb5_data_zero(&ticket);
+ krb5_data_zero(&cipher);
+
+ RCHECK(krb5_ret_stringz(sp, &name), out1);
+ RCHECK(krb5_ret_stringz(sp, &inst), out1);
+ RCHECK(krb5_ret_stringz(sp, &realm), out1);
+ RCHECK(krb5_ret_int32(sp, &req_time), out1);
+ if(lsb)
+ req_time = swap32(req_time);
+ RCHECK(krb5_ret_uint8(sp, &life), out1);
+ RCHECK(krb5_ret_stringz(sp, &sname), out1);
+ RCHECK(krb5_ret_stringz(sp, &sinst), out1);
+ snprintf (client_name, sizeof(client_name),
+ "%s.%s@%s", name, inst, realm);
+ snprintf (server_name, sizeof(server_name),
+ "%s.%s@%s", sname, sinst, config->v4_realm);
+
+ kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s",
+ client_name, from, server_name);
+
+ ret = _kdc_db_fetch4(context, config, name, inst, realm,
+ HDB_F_GET_CLIENT, &client);
+ if(ret) {
+ kdc_log(context, config, 0, "Client not found in database: %s: %s",
+ client_name, krb5_get_err_text(context, ret));
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ "principal unknown");
+ goto out1;
+ }
+ ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm,
+ HDB_F_GET_SERVER, &server);
+ if(ret){
+ kdc_log(context, config, 0, "Server not found in database: %s: %s",
+ server_name, krb5_get_err_text(context, ret));
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ "principal unknown");
+ goto out1;
+ }
+
+ ret = _kdc_check_flags (context, config,
+ client, client_name,
+ server, server_name,
+ TRUE);
+ if (ret) {
+ /* good error code? */
+ make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
+ "operation not allowed");
+ goto out1;
+ }
+
+ if (config->enable_v4_per_principal &&
+ client->entry.flags.allow_kerberos4 == 0)
+ {
+ kdc_log(context, config, 0,
+ "Per principal Kerberos 4 flag not turned on for %s",
+ client_name);
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "allow kerberos4 flag required");
+ goto out1;
+ }
+
+ /*
+ * There's no way to do pre-authentication in v4 and thus no
+ * good error code to return if preauthentication is required.
+ */
+
+ if (config->require_preauth
+ || client->entry.flags.require_preauth
+ || server->entry.flags.require_preauth) {
+ kdc_log(context, config, 0,
+ "Pre-authentication required for v4-request: "
+ "%s for %s",
+ client_name, server_name);
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "preauth required");
+ goto out1;
+ }
+
+ ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
+ if(ret){
+ kdc_log(context, config, 0, "no suitable DES key for client");
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "no suitable DES key for client");
+ goto out1;
+ }
+
+#if 0
+ /* this is not necessary with the new code in libkrb */
+ /* find a properly salted key */
+ while(ckey->salt == NULL || ckey->salt->salt.length != 0)
+ ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey);
+ if(ret){
+ kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
+ name, inst, realm);
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "No version-4 salted key in database");
+ goto out1;
+ }
+#endif
+
+ ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
+ if(ret){
+ kdc_log(context, config, 0, "no suitable DES key for server");
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "no suitable DES key for server");
+ goto out1;
+ }
+
+ max_life = _krb5_krb_life_to_time(0, life);
+ if(client->entry.max_life)
+ max_life = min(max_life, *client->entry.max_life);
+ if(server->entry.max_life)
+ max_life = min(max_life, *server->entry.max_life);
+
+ life = krb_time_to_life(kdc_time, kdc_time + max_life);
+
+ ret = krb5_generate_random_keyblock(context,
+ ETYPE_DES_PCBC_NONE,
+ &session);
+ if (ret) {
+ make_err_reply(context, reply, KFAILURE,
+ "Not enough random i KDC");
+ goto out1;
+ }
+
+ ret = _krb5_krb_create_ticket(context,
+ 0,
+ name,
+ inst,
+ config->v4_realm,
+ addr->sin_addr.s_addr,
+ &session,
+ life,
+ kdc_time,
+ sname,
+ sinst,
+ &skey->key,
+ &ticket);
+ if (ret) {
+ krb5_free_keyblock_contents(context, &session);
+ make_err_reply(context, reply, KFAILURE,
+ "failed to create v4 ticket");
+ goto out1;
+ }
+
+ ret = _krb5_krb_create_ciph(context,
+ &session,
+ sname,
+ sinst,
+ config->v4_realm,
+ life,
+ server->entry.kvno % 255,
+ &ticket,
+ kdc_time,
+ &ckey->key,
+ &cipher);
+ krb5_free_keyblock_contents(context, &session);
+ krb5_data_free(&ticket);
+ if (ret) {
+ make_err_reply(context, reply, KFAILURE,
+ "Failed to create v4 cipher");
+ goto out1;
+ }
+
+ ret = _krb5_krb_create_auth_reply(context,
+ name,
+ inst,
+ realm,
+ req_time,
+ 0,
+ client->entry.pw_end ? *client->entry.pw_end : 0,
+ client->entry.kvno % 256,
+ &cipher,
+ reply);
+ krb5_data_free(&cipher);
+
+ out1:
+ break;
+ }
+ case AUTH_MSG_APPL_REQUEST: {
+ struct _krb5_krb_auth_data ad;
+ int8_t kvno;
+ int8_t ticket_len;
+ int8_t req_len;
+ krb5_data auth;
+ int32_t address;
+ size_t pos;
+ krb5_principal tgt_princ = NULL;
+ hdb_entry_ex *tgt = NULL;
+ Key *tkey;
+ time_t max_end, actual_end, issue_time;
+
+ memset(&ad, 0, sizeof(ad));
+ krb5_data_zero(&auth);
+
+ RCHECK(krb5_ret_int8(sp, &kvno), out2);
+ RCHECK(krb5_ret_stringz(sp, &realm), out2);
+
+ ret = krb5_425_conv_principal(context, "krbtgt", realm,
+ config->v4_realm,
+ &tgt_princ);
+ if(ret){
+ kdc_log(context, config, 0,
+ "Converting krbtgt principal (krb4): %s",
+ krb5_get_err_text(context, ret));
+ make_err_reply(context, reply, KFAILURE,
+ "Failed to convert v4 principal (krbtgt)");
+ goto out2;
+ }
+
+ ret = _kdc_db_fetch(context, config, tgt_princ,
+ HDB_F_GET_KRBTGT, NULL, &tgt);
+ if(ret){
+ char *s;
+ s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not "
+ "found in database (krb4): krbtgt.%s@%s: %s",
+ realm, config->v4_realm,
+ krb5_get_err_text(context, ret));
+ make_err_reply(context, reply, KFAILURE, s);
+ free(s);
+ goto out2;
+ }
+
+ if(tgt->entry.kvno % 256 != kvno){
+ kdc_log(context, config, 0,
+ "tgs-req (krb4) with old kvno %d (current %d) for "
+ "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
+ realm, config->v4_realm);
+ make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
+ "old krbtgt kvno used");
+ goto out2;
+ }
+
+ ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey);
+ if(ret){
+ kdc_log(context, config, 0,
+ "no suitable DES key for krbtgt (krb4)");
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "no suitable DES key for krbtgt");
+ goto out2;
+ }
+
+ RCHECK(krb5_ret_int8(sp, &ticket_len), out2);
+ RCHECK(krb5_ret_int8(sp, &req_len), out2);
+
+ pos = krb5_storage_seek(sp, ticket_len + req_len, SEEK_CUR);
+
+ auth.data = buf;
+ auth.length = pos;
+
+ if (config->check_ticket_addresses)
+ address = addr->sin_addr.s_addr;
+ else
+ address = 0;
+
+ ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm,
+ config->v4_realm,
+ address, &tkey->key, &ad);
+ if(ret){
+ kdc_log(context, config, 0, "krb_rd_req: %d", ret);
+ make_err_reply(context, reply, ret, "failed to parse request");
+ goto out2;
+ }
+
+ RCHECK(krb5_ret_int32(sp, &req_time), out2);
+ if(lsb)
+ req_time = swap32(req_time);
+ RCHECK(krb5_ret_uint8(sp, &life), out2);
+ RCHECK(krb5_ret_stringz(sp, &sname), out2);
+ RCHECK(krb5_ret_stringz(sp, &sinst), out2);
+ snprintf (server_name, sizeof(server_name),
+ "%s.%s@%s",
+ sname, sinst, config->v4_realm);
+ snprintf (client_name, sizeof(client_name),
+ "%s.%s@%s",
+ ad.pname, ad.pinst, ad.prealm);
+
+ kdc_log(context, config, 0, "TGS-REQ (krb4) %s from %s for %s",
+ client_name, from, server_name);
+
+ if(strcmp(ad.prealm, realm)){
+ kdc_log(context, config, 0,
+ "Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ "Can't hop realms");
+ goto out2;
+ }
+
+ if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) {
+ kdc_log(context, config, 0,
+ "krb4 Cross-realm %s -> %s disabled",
+ realm, config->v4_realm);
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ "Can't hop realms");
+ goto out2;
+ }
+
+ if(strcmp(sname, "changepw") == 0){
+ kdc_log(context, config, 0,
+ "Bad request for changepw ticket (krb4)");
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
+ "Can't authorize password change based on TGT");
+ goto out2;
+ }
+
+ ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm,
+ HDB_F_GET_CLIENT, &client);
+ if(ret && ret != HDB_ERR_NOENTRY) {
+ char *s;
+ s = kdc_log_msg(context, config, 0,
+ "Client not found in database: (krb4) %s: %s",
+ client_name, krb5_get_err_text(context, ret));
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
+ free(s);
+ goto out2;
+ }
+ if (client == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
+ char *s;
+ s = kdc_log_msg(context, config, 0,
+ "Local client not found in database: (krb4) "
+ "%s", client_name);
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
+ free(s);
+ goto out2;
+ }
+
+ ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm,
+ HDB_F_GET_SERVER, &server);
+ if(ret){
+ char *s;
+ s = kdc_log_msg(context, config, 0,
+ "Server not found in database (krb4): %s: %s",
+ server_name, krb5_get_err_text(context, ret));
+ make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
+ free(s);
+ goto out2;
+ }
+
+ ret = _kdc_check_flags (context, config,
+ client, client_name,
+ server, server_name,
+ FALSE);
+ if (ret) {
+ make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
+ "operation not allowed");
+ goto out2;
+ }
+
+ ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
+ if(ret){
+ kdc_log(context, config, 0,
+ "no suitable DES key for server (krb4)");
+ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
+ "no suitable DES key for server");
+ goto out2;
+ }
+
+ max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life);
+ max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life));
+ if(server->entry.max_life)
+ max_end = min(max_end, kdc_time + *server->entry.max_life);
+ if(client && client->entry.max_life)
+ max_end = min(max_end, kdc_time + *client->entry.max_life);
+ life = min(life, krb_time_to_life(kdc_time, max_end));
+
+ issue_time = kdc_time;
+ actual_end = _krb5_krb_life_to_time(issue_time, life);
+ while (actual_end > max_end && life > 1) {
+ /* move them into the next earlier lifetime bracket */
+ life--;
+ actual_end = _krb5_krb_life_to_time(issue_time, life);
+ }
+ if (actual_end > max_end) {
+ /* if life <= 1 and it's still too long, backdate the ticket */
+ issue_time -= actual_end - max_end;
+ }
+
+ {
+ krb5_data ticket, cipher;
+ krb5_keyblock session;
+
+ krb5_data_zero(&ticket);
+ krb5_data_zero(&cipher);
+
+ ret = krb5_generate_random_keyblock(context,
+ ETYPE_DES_PCBC_NONE,
+ &session);
+ if (ret) {
+ make_err_reply(context, reply, KFAILURE,
+ "Not enough random i KDC");
+ goto out2;
+ }
+
+ ret = _krb5_krb_create_ticket(context,
+ 0,
+ ad.pname,
+ ad.pinst,
+ ad.prealm,
+ addr->sin_addr.s_addr,
+ &session,
+ life,
+ issue_time,
+ sname,
+ sinst,
+ &skey->key,
+ &ticket);
+ if (ret) {
+ krb5_free_keyblock_contents(context, &session);
+ make_err_reply(context, reply, KFAILURE,
+ "failed to create v4 ticket");
+ goto out2;
+ }
+
+ ret = _krb5_krb_create_ciph(context,
+ &session,
+ sname,
+ sinst,
+ config->v4_realm,
+ life,
+ server->entry.kvno % 255,
+ &ticket,
+ issue_time,
+ &ad.session,
+ &cipher);
+ krb5_free_keyblock_contents(context, &session);
+ if (ret) {
+ make_err_reply(context, reply, KFAILURE,
+ "failed to create v4 cipher");
+ goto out2;
+ }
+
+ ret = _krb5_krb_create_auth_reply(context,
+ ad.pname,
+ ad.pinst,
+ ad.prealm,
+ req_time,
+ 0,
+ 0,
+ 0,
+ &cipher,
+ reply);
+ krb5_data_free(&cipher);
+ }
+ out2:
+ _krb5_krb_free_auth_data(context, &ad);
+ if(tgt_princ)
+ krb5_free_principal(context, tgt_princ);
+ if(tgt)
+ _kdc_free_ent(context, tgt);
+ break;
+ }
+ case AUTH_MSG_ERR_REPLY:
+ break;
+ default:
+ kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s",
+ msg_type, from);
+
+ make_err_reply(context, reply, KFAILURE, "Unknown message type");
+ }
+ out:
+ if(name)
+ free(name);
+ if(inst)
+ free(inst);
+ if(realm)
+ free(realm);
+ if(sname)
+ free(sname);
+ if(sinst)
+ free(sinst);
+ if(client)
+ _kdc_free_ent(context, client);
+ if(server)
+ _kdc_free_ent(context, server);
+ krb5_storage_free(sp);
+ return 0;
+}
+
+krb5_error_code
+_kdc_encode_v4_ticket(krb5_context context,
+ krb5_kdc_configuration *config,
+ void *buf, size_t len, const EncTicketPart *et,
+ const PrincipalName *service, size_t *size)
+{
+ krb5_storage *sp;
+ krb5_error_code ret;
+ char name[40], inst[40], realm[40];
+ char sname[40], sinst[40];
+
+ {
+ krb5_principal princ;
+ _krb5_principalname2krb5_principal(context,
+ &princ,
+ *service,
+ et->crealm);
+ ret = krb5_524_conv_principal(context,
+ princ,
+ sname,
+ sinst,
+ realm);
+ krb5_free_principal(context, princ);
+ if(ret)
+ return ret;
+
+ _krb5_principalname2krb5_principal(context,
+ &princ,
+ et->cname,
+ et->crealm);
+
+ ret = krb5_524_conv_principal(context,
+ princ,
+ name,
+ inst,
+ realm);
+ krb5_free_principal(context, princ);
+ }
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_emem();
+
+ krb5_store_int8(sp, 0); /* flags */
+ krb5_store_stringz(sp, name);
+ krb5_store_stringz(sp, inst);
+ krb5_store_stringz(sp, realm);
+ {
+ unsigned char tmp[4] = { 0, 0, 0, 0 };
+ int i;
+ if(et->caddr){
+ for(i = 0; i < et->caddr->len; i++)
+ if(et->caddr->val[i].addr_type == AF_INET &&
+ et->caddr->val[i].address.length == 4){
+ memcpy(tmp, et->caddr->val[i].address.data, 4);
+ break;
+ }
+ }
+ krb5_storage_write(sp, tmp, sizeof(tmp));
+ }
+
+ if((et->key.keytype != ETYPE_DES_CBC_MD5 &&
+ et->key.keytype != ETYPE_DES_CBC_MD4 &&
+ et->key.keytype != ETYPE_DES_CBC_CRC) ||
+ et->key.keyvalue.length != 8)
+ return -1;
+ krb5_storage_write(sp, et->key.keyvalue.data, 8);
+
+ {
+ time_t start = et->starttime ? *et->starttime : et->authtime;
+ krb5_store_int8(sp, krb_time_to_life(start, et->endtime));
+ krb5_store_int32(sp, start);
+ }
+
+ krb5_store_stringz(sp, sname);
+ krb5_store_stringz(sp, sinst);
+
+ {
+ krb5_data data;
+ krb5_storage_to_data(sp, &data);
+ krb5_storage_free(sp);
+ *size = (data.length + 7) & ~7; /* pad to 8 bytes */
+ if(*size > len)
+ return -1;
+ memset((unsigned char*)buf - *size + 1, 0, *size);
+ memcpy((unsigned char*)buf - *size + 1, data.data, data.length);
+ krb5_data_free(&data);
+ }
+ return 0;
+}
+
+krb5_error_code
+_kdc_get_des_key(krb5_context context,
+ hdb_entry_ex *principal, krb5_boolean is_server,
+ krb5_boolean prefer_afs_key, Key **ret_key)
+{
+ Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL;
+ int i;
+ krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5,
+ ETYPE_DES_CBC_MD4,
+ ETYPE_DES_CBC_CRC };
+
+ for(i = 0;
+ i < sizeof(etypes)/sizeof(etypes[0])
+ && (v5_key == NULL || v4_key == NULL ||
+ afs_key == NULL || server_key == NULL);
+ ++i) {
+ Key *key = NULL;
+ while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) {
+ if(key->salt == NULL) {
+ if(v5_key == NULL)
+ v5_key = key;
+ } else if(key->salt->type == hdb_pw_salt &&
+ key->salt->salt.length == 0) {
+ if(v4_key == NULL)
+ v4_key = key;
+ } else if(key->salt->type == hdb_afs3_salt) {
+ if(afs_key == NULL)
+ afs_key = key;
+ } else if(server_key == NULL)
+ server_key = key;
+ }
+ }
+
+ if(prefer_afs_key) {
+ if(afs_key)
+ *ret_key = afs_key;
+ else if(v4_key)
+ *ret_key = v4_key;
+ else if(v5_key)
+ *ret_key = v5_key;
+ else if(is_server && server_key)
+ *ret_key = server_key;
+ else
+ return KRB4ET_KDC_NULL_KEY;
+ } else {
+ if(v4_key)
+ *ret_key = v4_key;
+ else if(afs_key)
+ *ret_key = afs_key;
+ else if(v5_key)
+ *ret_key = v5_key;
+ else if(is_server && server_key)
+ *ret_key = server_key;
+ else
+ return KRB4ET_KDC_NULL_KEY;
+ }
+
+ if((*ret_key)->key.keyvalue.length == 0)
+ return KRB4ET_KDC_NULL_KEY;
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/kdc/kerberos5.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kerberos5.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kerberos5.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1852 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: kerberos5.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#define MAX_TIME ((time_t)((1U << 31) - 1))
+
+void
+_kdc_fix_time(time_t **t)
+{
+ if(*t == NULL){
+ ALLOC(*t);
+ **t = MAX_TIME;
+ }
+ if(**t == 0) **t = MAX_TIME; /* fix for old clients */
+}
+
+static int
+realloc_method_data(METHOD_DATA *md)
+{
+ PA_DATA *pa;
+ pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
+ if(pa == NULL)
+ return ENOMEM;
+ md->val = pa;
+ md->len++;
+ return 0;
+}
+
+static void
+set_salt_padata (METHOD_DATA *md, Salt *salt)
+{
+ if (salt) {
+ realloc_method_data(md);
+ md->val[md->len - 1].padata_type = salt->type;
+ der_copy_octet_string(&salt->salt,
+ &md->val[md->len - 1].padata_value);
+ }
+}
+
+const PA_DATA*
+_kdc_find_padata(const KDC_REQ *req, int *start, int type)
+{
+ if (req->padata == NULL)
+ return NULL;
+
+ while(*start < req->padata->len){
+ (*start)++;
+ if(req->padata->val[*start - 1].padata_type == type)
+ return &req->padata->val[*start - 1];
+ }
+ return NULL;
+}
+
+/*
+ * Detect if `key' is the using the the precomputed `default_salt'.
+ */
+
+static krb5_boolean
+is_default_salt_p(const krb5_salt *default_salt, const Key *key)
+{
+ if (key->salt == NULL)
+ return TRUE;
+ if (default_salt->salttype != key->salt->type)
+ return FALSE;
+ if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
+ return FALSE;
+ return TRUE;
+}
+
+/*
+ * return the first appropriate key of `princ' in `ret_key'. Look for
+ * all the etypes in (`etypes', `len'), stopping as soon as we find
+ * one, but preferring one that has default salt
+ */
+
+krb5_error_code
+_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
+ krb5_enctype *etypes, unsigned len,
+ Key **ret_key, krb5_enctype *ret_etype)
+{
+ int i;
+ krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+ krb5_salt def_salt;
+
+ krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
+
+ for(i = 0; ret != 0 && i < len ; i++) {
+ Key *key = NULL;
+
+ if (krb5_enctype_valid(context, etypes[i]) != 0)
+ continue;
+
+ while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
+ if (key->key.keyvalue.length == 0) {
+ ret = KRB5KDC_ERR_NULL_KEY;
+ continue;
+ }
+ *ret_key = key;
+ *ret_etype = etypes[i];
+ ret = 0;
+ if (is_default_salt_p(&def_salt, key)) {
+ krb5_free_salt (context, def_salt);
+ return ret;
+ }
+ }
+ }
+ krb5_free_salt (context, def_salt);
+ return ret;
+}
+
+krb5_error_code
+_kdc_make_anonymous_principalname (PrincipalName *pn)
+{
+ pn->name_type = KRB5_NT_PRINCIPAL;
+ pn->name_string.len = 1;
+ pn->name_string.val = malloc(sizeof(*pn->name_string.val));
+ if (pn->name_string.val == NULL)
+ return ENOMEM;
+ pn->name_string.val[0] = strdup("anonymous");
+ if (pn->name_string.val[0] == NULL) {
+ free(pn->name_string.val);
+ pn->name_string.val = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+void
+_kdc_log_timestamp(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *type,
+ KerberosTime authtime, KerberosTime *starttime,
+ KerberosTime endtime, KerberosTime *renew_till)
+{
+ char authtime_str[100], starttime_str[100],
+ endtime_str[100], renewtime_str[100];
+
+ krb5_format_time(context, authtime,
+ authtime_str, sizeof(authtime_str), TRUE);
+ if (starttime)
+ krb5_format_time(context, *starttime,
+ starttime_str, sizeof(starttime_str), TRUE);
+ else
+ strlcpy(starttime_str, "unset", sizeof(starttime_str));
+ krb5_format_time(context, endtime,
+ endtime_str, sizeof(endtime_str), TRUE);
+ if (renew_till)
+ krb5_format_time(context, *renew_till,
+ renewtime_str, sizeof(renewtime_str), TRUE);
+ else
+ strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
+
+ kdc_log(context, config, 5,
+ "%s authtime: %s starttime: %s endtime: %s renew till: %s",
+ type, authtime_str, starttime_str, endtime_str, renewtime_str);
+}
+
+static void
+log_patypes(krb5_context context,
+ krb5_kdc_configuration *config,
+ METHOD_DATA *padata)
+{
+ struct rk_strpool *p = NULL;
+ char *str;
+ int i;
+
+ for (i = 0; i < padata->len; i++) {
+ switch(padata->val[i].padata_type) {
+ case KRB5_PADATA_PK_AS_REQ:
+ p = rk_strpoolprintf(p, "PK-INIT(ietf)");
+ break;
+ case KRB5_PADATA_PK_AS_REQ_WIN:
+ p = rk_strpoolprintf(p, "PK-INIT(win2k)");
+ break;
+ case KRB5_PADATA_PA_PK_OCSP_RESPONSE:
+ p = rk_strpoolprintf(p, "OCSP");
+ break;
+ case KRB5_PADATA_ENC_TIMESTAMP:
+ p = rk_strpoolprintf(p, "encrypted-timestamp");
+ break;
+ default:
+ p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type);
+ break;
+ }
+ if (p && i + 1 < padata->len)
+ p = rk_strpoolprintf(p, ", ");
+ if (p == NULL) {
+ kdc_log(context, config, 0, "out of memory");
+ return;
+ }
+ }
+ if (p == NULL)
+ p = rk_strpoolprintf(p, "none");
+
+ str = rk_strpoolcollect(p);
+ kdc_log(context, config, 0, "Client sent patypes: %s", str);
+ free(str);
+}
+
+/*
+ *
+ */
+
+
+krb5_error_code
+_kdc_encode_reply(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek,
+ krb5_enctype etype,
+ int skvno, const EncryptionKey *skey,
+ int ckvno, const EncryptionKey *ckey,
+ const char **e_text,
+ krb5_data *reply)
+{
+ unsigned char *buf;
+ size_t buf_size;
+ size_t len;
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
+ if(ret) {
+ kdc_log(context, config, 0, "Failed to encode ticket: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ return KRB5KRB_ERR_GENERIC;
+ }
+
+ ret = krb5_crypto_init(context, skey, etype, &crypto);
+ if (ret) {
+ free(buf);
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ ret = krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_TICKET,
+ buf,
+ len,
+ skvno,
+ &rep->ticket.enc_part);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+ if(ret) {
+ kdc_log(context, config, 0, "Failed to encrypt data: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+
+ if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
+ ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
+ else
+ ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
+ if(ret) {
+ kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ return KRB5KRB_ERR_GENERIC;
+ }
+ ret = krb5_crypto_init(context, ckey, 0, &crypto);
+ if (ret) {
+ free(buf);
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ if(rep->msg_type == krb_as_rep) {
+ krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_AS_REP_ENC_PART,
+ buf,
+ len,
+ ckvno,
+ &rep->enc_part);
+ free(buf);
+ ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
+ } else {
+ krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_TGS_REP_ENC_PART_SESSION,
+ buf,
+ len,
+ ckvno,
+ &rep->enc_part);
+ free(buf);
+ ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
+ }
+ krb5_crypto_destroy(context, crypto);
+ if(ret) {
+ kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
+ krb5_get_err_text(context, ret));
+ return ret;
+ }
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ return KRB5KRB_ERR_GENERIC;
+ }
+ reply->data = buf;
+ reply->length = buf_size;
+ return 0;
+}
+
+/*
+ * Return 1 if the client have only older enctypes, this is for
+ * determining if the server should send ETYPE_INFO2 or not.
+ */
+
+static int
+older_enctype(krb5_enctype enctype)
+{
+ switch (enctype) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ case ETYPE_DES3_CBC_SHA1:
+ case ETYPE_ARCFOUR_HMAC_MD5:
+ case ETYPE_ARCFOUR_HMAC_MD5_56:
+ /*
+ * The following three is "old" windows enctypes and is needed for
+ * windows 2000 hosts.
+ */
+ case ETYPE_ARCFOUR_MD4:
+ case ETYPE_ARCFOUR_HMAC_OLD:
+ case ETYPE_ARCFOUR_HMAC_OLD_EXP:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+static int
+only_older_enctype_p(const KDC_REQ *req)
+{
+ int i;
+
+ for(i = 0; i < req->req_body.etype.len; i++) {
+ if (!older_enctype(req->req_body.etype.val[i]))
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
+{
+ ent->etype = key->key.keytype;
+ if(key->salt){
+#if 0
+ ALLOC(ent->salttype);
+
+ if(key->salt->type == hdb_pw_salt)
+ *ent->salttype = 0; /* or 1? or NULL? */
+ else if(key->salt->type == hdb_afs3_salt)
+ *ent->salttype = 2;
+ else {
+ kdc_log(context, config, 0, "unknown salt-type: %d",
+ key->salt->type);
+ return KRB5KRB_ERR_GENERIC;
+ }
+ /* according to `the specs', we can't send a salt if
+ we have AFS3 salted key, but that requires that you
+ *know* what cell you are using (e.g by assuming
+ that the cell is the same as the realm in lower
+ case) */
+#elif 0
+ ALLOC(ent->salttype);
+ *ent->salttype = key->salt->type;
+#else
+ /*
+ * We shouldn't sent salttype since it is incompatible with the
+ * specification and it breaks windows clients. The afs
+ * salting problem is solved by using KRB5-PADATA-AFS3-SALT
+ * implemented in Heimdal 0.7 and later.
+ */
+ ent->salttype = NULL;
+#endif
+ krb5_copy_data(context, &key->salt->salt,
+ &ent->salt);
+ } else {
+ /* we return no salt type at all, as that should indicate
+ * the default salt type and make everybody happy. some
+ * systems (like w2k) dislike being told the salt type
+ * here. */
+
+ ent->salttype = NULL;
+ ent->salt = NULL;
+ }
+ return 0;
+}
+
+static krb5_error_code
+get_pa_etype_info(krb5_context context,
+ krb5_kdc_configuration *config,
+ METHOD_DATA *md, hdb_entry *client,
+ ENCTYPE *etypes, unsigned int etypes_len)
+{
+ krb5_error_code ret = 0;
+ int i, j;
+ unsigned int n = 0;
+ ETYPE_INFO pa;
+ unsigned char *buf;
+ size_t len;
+
+
+ pa.len = client->keys.len;
+ if(pa.len > UINT_MAX/sizeof(*pa.val))
+ return ERANGE;
+ pa.val = malloc(pa.len * sizeof(*pa.val));
+ if(pa.val == NULL)
+ return ENOMEM;
+ memset(pa.val, 0, pa.len * sizeof(*pa.val));
+
+ for(i = 0; i < client->keys.len; i++) {
+ for (j = 0; j < n; j++)
+ if (pa.val[j].etype == client->keys.val[i].key.keytype)
+ goto skip1;
+ for(j = 0; j < etypes_len; j++) {
+ if(client->keys.val[i].key.keytype == etypes[j]) {
+ if (krb5_enctype_valid(context, etypes[j]) != 0)
+ continue;
+ if (!older_enctype(etypes[j]))
+ continue;
+ if (n >= pa.len)
+ krb5_abortx(context, "internal error: n >= p.len");
+ if((ret = make_etype_info_entry(context,
+ &pa.val[n++],
+ &client->keys.val[i])) != 0) {
+ free_ETYPE_INFO(&pa);
+ return ret;
+ }
+ break;
+ }
+ }
+ skip1:;
+ }
+ for(i = 0; i < client->keys.len; i++) {
+ /* already added? */
+ for(j = 0; j < etypes_len; j++) {
+ if(client->keys.val[i].key.keytype == etypes[j])
+ goto skip2;
+ }
+ if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
+ continue;
+ if (!older_enctype(etypes[j]))
+ continue;
+ if (n >= pa.len)
+ krb5_abortx(context, "internal error: n >= p.len");
+ if((ret = make_etype_info_entry(context,
+ &pa.val[n++],
+ &client->keys.val[i])) != 0) {
+ free_ETYPE_INFO(&pa);
+ return ret;
+ }
+ skip2:;
+ }
+
+ if(n < pa.len) {
+ /* stripped out dups, newer enctypes, and not valid enctypes */
+ pa.len = n;
+ }
+
+ ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
+ free_ETYPE_INFO(&pa);
+ if(ret)
+ return ret;
+ ret = realloc_method_data(md);
+ if(ret) {
+ free(buf);
+ return ret;
+ }
+ md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
+ md->val[md->len - 1].padata_value.length = len;
+ md->val[md->len - 1].padata_value.data = buf;
+ return 0;
+}
+
+/*
+ *
+ */
+
+extern int _krb5_AES_string_to_default_iterator;
+
+static krb5_error_code
+make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
+{
+ ent->etype = key->key.keytype;
+ if(key->salt) {
+ ALLOC(ent->salt);
+ if (ent->salt == NULL)
+ return ENOMEM;
+ *ent->salt = malloc(key->salt->salt.length + 1);
+ if (*ent->salt == NULL) {
+ free(ent->salt);
+ ent->salt = NULL;
+ return ENOMEM;
+ }
+ memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
+ (*ent->salt)[key->salt->salt.length] = '\0';
+ } else
+ ent->salt = NULL;
+
+ ent->s2kparams = NULL;
+
+ switch (key->key.keytype) {
+ case ETYPE_AES128_CTS_HMAC_SHA1_96:
+ case ETYPE_AES256_CTS_HMAC_SHA1_96:
+ ALLOC(ent->s2kparams);
+ if (ent->s2kparams == NULL)
+ return ENOMEM;
+ ent->s2kparams->length = 4;
+ ent->s2kparams->data = malloc(ent->s2kparams->length);
+ if (ent->s2kparams->data == NULL) {
+ free(ent->s2kparams);
+ ent->s2kparams = NULL;
+ return ENOMEM;
+ }
+ _krb5_put_int(ent->s2kparams->data,
+ _krb5_AES_string_to_default_iterator,
+ ent->s2kparams->length);
+ break;
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ /* Check if this was a AFS3 salted key */
+ if(key->salt && key->salt->type == hdb_afs3_salt){
+ ALLOC(ent->s2kparams);
+ if (ent->s2kparams == NULL)
+ return ENOMEM;
+ ent->s2kparams->length = 1;
+ ent->s2kparams->data = malloc(ent->s2kparams->length);
+ if (ent->s2kparams->data == NULL) {
+ free(ent->s2kparams);
+ ent->s2kparams = NULL;
+ return ENOMEM;
+ }
+ _krb5_put_int(ent->s2kparams->data,
+ 1,
+ ent->s2kparams->length);
+ }
+ break;
+ default:
+ break;
+ }
+ return 0;
+}
+
+/*
+ * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
+ * database (client supported enctypes first, then the unsupported
+ * enctypes).
+ */
+
+static krb5_error_code
+get_pa_etype_info2(krb5_context context,
+ krb5_kdc_configuration *config,
+ METHOD_DATA *md, hdb_entry *client,
+ ENCTYPE *etypes, unsigned int etypes_len)
+{
+ krb5_error_code ret = 0;
+ int i, j;
+ unsigned int n = 0;
+ ETYPE_INFO2 pa;
+ unsigned char *buf;
+ size_t len;
+
+ pa.len = client->keys.len;
+ if(pa.len > UINT_MAX/sizeof(*pa.val))
+ return ERANGE;
+ pa.val = malloc(pa.len * sizeof(*pa.val));
+ if(pa.val == NULL)
+ return ENOMEM;
+ memset(pa.val, 0, pa.len * sizeof(*pa.val));
+
+ for(i = 0; i < client->keys.len; i++) {
+ for (j = 0; j < n; j++)
+ if (pa.val[j].etype == client->keys.val[i].key.keytype)
+ goto skip1;
+ for(j = 0; j < etypes_len; j++) {
+ if(client->keys.val[i].key.keytype == etypes[j]) {
+ if (krb5_enctype_valid(context, etypes[j]) != 0)
+ continue;
+ if (n >= pa.len)
+ krb5_abortx(context, "internal error: n >= p.len");
+ if((ret = make_etype_info2_entry(&pa.val[n++],
+ &client->keys.val[i])) != 0) {
+ free_ETYPE_INFO2(&pa);
+ return ret;
+ }
+ break;
+ }
+ }
+ skip1:;
+ }
+ /* send enctypes that the client doesn't know about too */
+ for(i = 0; i < client->keys.len; i++) {
+ /* already added? */
+ for(j = 0; j < etypes_len; j++) {
+ if(client->keys.val[i].key.keytype == etypes[j])
+ goto skip2;
+ }
+ if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
+ continue;
+ if (n >= pa.len)
+ krb5_abortx(context, "internal error: n >= p.len");
+ if((ret = make_etype_info2_entry(&pa.val[n++],
+ &client->keys.val[i])) != 0) {
+ free_ETYPE_INFO2(&pa);
+ return ret;
+ }
+ skip2:;
+ }
+
+ if(n < pa.len) {
+ /* stripped out dups, and not valid enctypes */
+ pa.len = n;
+ }
+
+ ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
+ free_ETYPE_INFO2(&pa);
+ if(ret)
+ return ret;
+ ret = realloc_method_data(md);
+ if(ret) {
+ free(buf);
+ return ret;
+ }
+ md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
+ md->val[md->len - 1].padata_value.length = len;
+ md->val[md->len - 1].padata_value.data = buf;
+ return 0;
+}
+
+/*
+ *
+ */
+
+static void
+log_as_req(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_enctype cetype,
+ krb5_enctype setype,
+ const KDC_REQ_BODY *b)
+{
+ krb5_error_code ret;
+ struct rk_strpool *p = NULL;
+ char *str;
+ int i;
+
+ for (i = 0; i < b->etype.len; i++) {
+ ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
+ if (ret == 0) {
+ p = rk_strpoolprintf(p, "%s", str);
+ free(str);
+ } else
+ p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
+ if (p && i + 1 < b->etype.len)
+ p = rk_strpoolprintf(p, ", ");
+ if (p == NULL) {
+ kdc_log(context, config, 0, "out of memory");
+ return;
+ }
+ }
+ if (p == NULL)
+ p = rk_strpoolprintf(p, "no encryption types");
+
+ str = rk_strpoolcollect(p);
+ kdc_log(context, config, 0, "Client supported enctypes: %s", str);
+ free(str);
+
+ {
+ char *cet;
+ char *set;
+
+ ret = krb5_enctype_to_string(context, cetype, &cet);
+ if(ret == 0) {
+ ret = krb5_enctype_to_string(context, setype, &set);
+ if (ret == 0) {
+ kdc_log(context, config, 5, "Using %s/%s", cet, set);
+ free(set);
+ }
+ free(cet);
+ }
+ if (ret != 0)
+ kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype);
+ }
+
+ {
+ char fixedstr[128];
+ unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
+ fixedstr, sizeof(fixedstr));
+ if(*fixedstr)
+ kdc_log(context, config, 2, "Requested flags: %s", fixedstr);
+ }
+}
+
+/*
+ * verify the flags on `client' and `server', returning 0
+ * if they are OK and generating an error messages and returning
+ * and error code otherwise.
+ */
+
+krb5_error_code
+_kdc_check_flags(krb5_context context,
+ krb5_kdc_configuration *config,
+ hdb_entry_ex *client_ex, const char *client_name,
+ hdb_entry_ex *server_ex, const char *server_name,
+ krb5_boolean is_as_req)
+{
+ if(client_ex != NULL) {
+ hdb_entry *client = &client_ex->entry;
+
+ /* check client */
+ if (client->flags.invalid) {
+ kdc_log(context, config, 0,
+ "Client (%s) has invalid bit set", client_name);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ if(!client->flags.client){
+ kdc_log(context, config, 0,
+ "Principal may not act as client -- %s", client_name);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ if (client->valid_start && *client->valid_start > kdc_time) {
+ char starttime_str[100];
+ krb5_format_time(context, *client->valid_start,
+ starttime_str, sizeof(starttime_str), TRUE);
+ kdc_log(context, config, 0,
+ "Client not yet valid until %s -- %s",
+ starttime_str, client_name);
+ return KRB5KDC_ERR_CLIENT_NOTYET;
+ }
+
+ if (client->valid_end && *client->valid_end < kdc_time) {
+ char endtime_str[100];
+ krb5_format_time(context, *client->valid_end,
+ endtime_str, sizeof(endtime_str), TRUE);
+ kdc_log(context, config, 0,
+ "Client expired at %s -- %s",
+ endtime_str, client_name);
+ return KRB5KDC_ERR_NAME_EXP;
+ }
+
+ if (client->pw_end && *client->pw_end < kdc_time
+ && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
+ char pwend_str[100];
+ krb5_format_time(context, *client->pw_end,
+ pwend_str, sizeof(pwend_str), TRUE);
+ kdc_log(context, config, 0,
+ "Client's key has expired at %s -- %s",
+ pwend_str, client_name);
+ return KRB5KDC_ERR_KEY_EXPIRED;
+ }
+ }
+
+ /* check server */
+
+ if (server_ex != NULL) {
+ hdb_entry *server = &server_ex->entry;
+
+ if (server->flags.invalid) {
+ kdc_log(context, config, 0,
+ "Server has invalid flag set -- %s", server_name);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ if(!server->flags.server){
+ kdc_log(context, config, 0,
+ "Principal may not act as server -- %s", server_name);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ if(!is_as_req && server->flags.initial) {
+ kdc_log(context, config, 0,
+ "AS-REQ is required for server -- %s", server_name);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ if (server->valid_start && *server->valid_start > kdc_time) {
+ char starttime_str[100];
+ krb5_format_time(context, *server->valid_start,
+ starttime_str, sizeof(starttime_str), TRUE);
+ kdc_log(context, config, 0,
+ "Server not yet valid until %s -- %s",
+ starttime_str, server_name);
+ return KRB5KDC_ERR_SERVICE_NOTYET;
+ }
+
+ if (server->valid_end && *server->valid_end < kdc_time) {
+ char endtime_str[100];
+ krb5_format_time(context, *server->valid_end,
+ endtime_str, sizeof(endtime_str), TRUE);
+ kdc_log(context, config, 0,
+ "Server expired at %s -- %s",
+ endtime_str, server_name);
+ return KRB5KDC_ERR_SERVICE_EXP;
+ }
+
+ if (server->pw_end && *server->pw_end < kdc_time) {
+ char pwend_str[100];
+ krb5_format_time(context, *server->pw_end,
+ pwend_str, sizeof(pwend_str), TRUE);
+ kdc_log(context, config, 0,
+ "Server's key has expired at -- %s",
+ pwend_str, server_name);
+ return KRB5KDC_ERR_KEY_EXPIRED;
+ }
+ }
+ return 0;
+}
+
+/*
+ * Return TRUE if `from' is part of `addresses' taking into consideration
+ * the configuration variables that tells us how strict we should be about
+ * these checks
+ */
+
+krb5_boolean
+_kdc_check_addresses(krb5_context context,
+ krb5_kdc_configuration *config,
+ HostAddresses *addresses, const struct sockaddr *from)
+{
+ krb5_error_code ret;
+ krb5_address addr;
+ krb5_boolean result;
+ krb5_boolean only_netbios = TRUE;
+ int i;
+
+ if(config->check_ticket_addresses == 0)
+ return TRUE;
+
+ if(addresses == NULL)
+ return config->allow_null_ticket_addresses;
+
+ for (i = 0; i < addresses->len; ++i) {
+ if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+ only_netbios = FALSE;
+ }
+ }
+
+ /* Windows sends it's netbios name, which I can only assume is
+ * used for the 'allowed workstations' check. This is painful,
+ * but we still want to check IP addresses if they happen to be
+ * present.
+ */
+
+ if(only_netbios)
+ return config->allow_null_ticket_addresses;
+
+ ret = krb5_sockaddr2address (context, from, &addr);
+ if(ret)
+ return FALSE;
+
+ result = krb5_address_search(context, &addr, addresses);
+ krb5_free_address (context, &addr);
+ return result;
+}
+
+/*
+ *
+ */
+
+static krb5_boolean
+send_pac_p(krb5_context context, KDC_REQ *req)
+{
+ krb5_error_code ret;
+ PA_PAC_REQUEST pacreq;
+ const PA_DATA *pa;
+ int i = 0;
+
+ pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
+ if (pa == NULL)
+ return TRUE;
+
+ ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
+ pa->padata_value.length,
+ &pacreq,
+ NULL);
+ if (ret)
+ return TRUE;
+ i = pacreq.include_pac;
+ free_PA_PAC_REQUEST(&pacreq);
+ if (i == 0)
+ return FALSE;
+ return TRUE;
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_as_rep(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REQ *req,
+ const krb5_data *req_buffer,
+ krb5_data *reply,
+ const char *from,
+ struct sockaddr *from_addr,
+ int datagram_reply)
+{
+ KDC_REQ_BODY *b = &req->req_body;
+ AS_REP rep;
+ KDCOptions f = b->kdc_options;
+ hdb_entry_ex *client = NULL, *server = NULL;
+ krb5_enctype cetype, setype, sessionetype;
+ krb5_data e_data;
+ EncTicketPart et;
+ EncKDCRepPart ek;
+ krb5_principal client_princ = NULL, server_princ = NULL;
+ char *client_name = NULL, *server_name = NULL;
+ krb5_error_code ret = 0;
+ const char *e_text = NULL;
+ krb5_crypto crypto;
+ Key *ckey, *skey;
+ EncryptionKey *reply_key;
+ int flags = 0;
+#ifdef PKINIT
+ pk_client_params *pkp = NULL;
+#endif
+
+ memset(&rep, 0, sizeof(rep));
+ krb5_data_zero(&e_data);
+
+ if (f.canonicalize)
+ flags |= HDB_F_CANON;
+
+ if(b->sname == NULL){
+ ret = KRB5KRB_ERR_GENERIC;
+ e_text = "No server in request";
+ } else{
+ ret = _krb5_principalname2krb5_principal (context,
+ &server_princ,
+ *(b->sname),
+ b->realm);
+ if (ret == 0)
+ ret = krb5_unparse_name(context, server_princ, &server_name);
+ }
+ if (ret) {
+ kdc_log(context, config, 0,
+ "AS-REQ malformed server name from %s", from);
+ goto out;
+ }
+
+ if(b->cname == NULL){
+ ret = KRB5KRB_ERR_GENERIC;
+ e_text = "No client in request";
+ } else {
+
+ if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+ if (b->cname->name_string.len != 1) {
+ kdc_log(context, config, 0,
+ "AS-REQ malformed canon request from %s, "
+ "enterprise name with %d name components",
+ from, b->cname->name_string.len);
+ ret = KRB5_PARSE_MALFORMED;
+ goto out;
+ }
+ ret = krb5_parse_name(context, b->cname->name_string.val[0],
+ &client_princ);
+ if (ret)
+ goto out;
+ } else {
+ ret = _krb5_principalname2krb5_principal (context,
+ &client_princ,
+ *(b->cname),
+ b->realm);
+ if (ret)
+ goto out;
+ }
+ ret = krb5_unparse_name(context, client_princ, &client_name);
+ }
+ if (ret) {
+ kdc_log(context, config, 0,
+ "AS-REQ malformed client name from %s", from);
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
+ client_name, from, server_name);
+
+ ret = _kdc_db_fetch(context, config, client_princ,
+ HDB_F_GET_CLIENT | flags, NULL, &client);
+ if(ret){
+ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
+ krb5_get_err_text(context, ret));
+ ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ goto out;
+ }
+
+ ret = _kdc_db_fetch(context, config, server_princ,
+ HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
+ NULL, &server);
+ if(ret){
+ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name,
+ krb5_get_err_text(context, ret));
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ goto out;
+ }
+
+ ret = _kdc_windc_client_access(context, client, req);
+ if(ret)
+ goto out;
+
+ ret = _kdc_check_flags(context, config,
+ client, client_name,
+ server, server_name,
+ TRUE);
+ if(ret)
+ goto out;
+
+ memset(&et, 0, sizeof(et));
+ memset(&ek, 0, sizeof(ek));
+
+ if(req->padata){
+ int i;
+ const PA_DATA *pa;
+ int found_pa = 0;
+
+ log_patypes(context, config, req->padata);
+
+#ifdef PKINIT
+ kdc_log(context, config, 5,
+ "Looking for PKINIT pa-data -- %s", client_name);
+
+ e_text = "No PKINIT PA found";
+
+ i = 0;
+ if ((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ)))
+ ;
+ if (pa == NULL) {
+ i = 0;
+ if((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN)))
+ ;
+ }
+ if (pa) {
+ char *client_cert = NULL;
+
+ ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp);
+ if (ret) {
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ kdc_log(context, config, 5,
+ "Failed to decode PKINIT PA-DATA -- %s",
+ client_name);
+ goto ts_enc;
+ }
+ if (ret == 0 && pkp == NULL)
+ goto ts_enc;
+
+ ret = _kdc_pk_check_client(context,
+ config,
+ client,
+ pkp,
+ &client_cert);
+ if (ret) {
+ e_text = "PKINIT certificate not allowed to "
+ "impersonate principal";
+ _kdc_pk_free_client_param(context, pkp);
+
+ kdc_log(context, config, 0, "%s", e_text);
+ pkp = NULL;
+ goto out;
+ }
+ found_pa = 1;
+ et.flags.pre_authent = 1;
+ kdc_log(context, config, 0,
+ "PKINIT pre-authentication succeeded -- %s using %s",
+ client_name, client_cert);
+ free(client_cert);
+ if (pkp)
+ goto preauth_done;
+ }
+ ts_enc:
+#endif
+ kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s",
+ client_name);
+
+ i = 0;
+ e_text = "No ENC-TS found";
+ while((pa = _kdc_find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){
+ krb5_data ts_data;
+ PA_ENC_TS_ENC p;
+ size_t len;
+ EncryptedData enc_data;
+ Key *pa_key;
+ char *str;
+
+ found_pa = 1;
+
+ ret = decode_EncryptedData(pa->padata_value.data,
+ pa->padata_value.length,
+ &enc_data,
+ &len);
+ if (ret) {
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s",
+ client_name);
+ goto out;
+ }
+
+ ret = hdb_enctype2key(context, &client->entry,
+ enc_data.etype, &pa_key);
+ if(ret){
+ char *estr;
+ e_text = "No key matches pa-data";
+ ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+ if(krb5_enctype_to_string(context, enc_data.etype, &estr))
+ estr = NULL;
+ if(estr == NULL)
+ kdc_log(context, config, 5,
+ "No client key matching pa-data (%d) -- %s",
+ enc_data.etype, client_name);
+ else
+ kdc_log(context, config, 5,
+ "No client key matching pa-data (%s) -- %s",
+ estr, client_name);
+ free(estr);
+
+ free_EncryptedData(&enc_data);
+ continue;
+ }
+
+ try_next_key:
+ ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
+ if (ret) {
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ free_EncryptedData(&enc_data);
+ continue;
+ }
+
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_PA_ENC_TIMESTAMP,
+ &enc_data,
+ &ts_data);
+ krb5_crypto_destroy(context, crypto);
+ if(ret){
+ krb5_error_code ret2;
+ ret2 = krb5_enctype_to_string(context,
+ pa_key->key.keytype, &str);
+ if (ret2)
+ str = NULL;
+ kdc_log(context, config, 5,
+ "Failed to decrypt PA-DATA -- %s "
+ "(enctype %s) error %s",
+ client_name,
+ str ? str : "unknown enctype",
+ krb5_get_err_text(context, ret));
+ free(str);
+
+ if(hdb_next_enctype2key(context, &client->entry,
+ enc_data.etype, &pa_key) == 0)
+ goto try_next_key;
+ e_text = "Failed to decrypt PA-DATA";
+
+ free_EncryptedData(&enc_data);
+ ret = KRB5KDC_ERR_PREAUTH_FAILED;
+ continue;
+ }
+ free_EncryptedData(&enc_data);
+ ret = decode_PA_ENC_TS_ENC(ts_data.data,
+ ts_data.length,
+ &p,
+ &len);
+ krb5_data_free(&ts_data);
+ if(ret){
+ e_text = "Failed to decode PA-ENC-TS-ENC";
+ ret = KRB5KDC_ERR_PREAUTH_FAILED;
+ kdc_log(context, config,
+ 5, "Failed to decode PA-ENC-TS_ENC -- %s",
+ client_name);
+ continue;
+ }
+ free_PA_ENC_TS_ENC(&p);
+ if (abs(kdc_time - p.patimestamp) > context->max_skew) {
+ char client_time[100];
+
+ krb5_format_time(context, p.patimestamp,
+ client_time, sizeof(client_time), TRUE);
+
+ ret = KRB5KRB_AP_ERR_SKEW;
+ kdc_log(context, config, 0,
+ "Too large time skew, "
+ "client time %s is out by %u > %u seconds -- %s",
+ client_time,
+ (unsigned)abs(kdc_time - p.patimestamp),
+ context->max_skew,
+ client_name);
+#if 0
+ /* This code is from samba, needs testing */
+ /*
+ * the following is needed to make windows clients
+ * to retry using the timestamp in the error message
+ *
+ * this is maybe a bug in windows to not trying when e_text
+ * is present...
+ */
+ e_text = NULL;
+#else
+ e_text = "Too large time skew";
+#endif
+ goto out;
+ }
+ et.flags.pre_authent = 1;
+
+ ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str);
+ if (ret)
+ str = NULL;
+
+ kdc_log(context, config, 2,
+ "ENC-TS Pre-authentication succeeded -- %s using %s",
+ client_name, str ? str : "unknown enctype");
+ free(str);
+ break;
+ }
+#ifdef PKINIT
+ preauth_done:
+#endif
+ if(found_pa == 0 && config->require_preauth)
+ goto use_pa;
+ /* We come here if we found a pa-enc-timestamp, but if there
+ was some problem with it, other than too large skew */
+ if(found_pa && et.flags.pre_authent == 0){
+ kdc_log(context, config, 0, "%s -- %s", e_text, client_name);
+ e_text = NULL;
+ goto out;
+ }
+ }else if (config->require_preauth
+ || client->entry.flags.require_preauth
+ || server->entry.flags.require_preauth) {
+ METHOD_DATA method_data;
+ PA_DATA *pa;
+ unsigned char *buf;
+ size_t len;
+
+ use_pa:
+ method_data.len = 0;
+ method_data.val = NULL;
+
+ ret = realloc_method_data(&method_data);
+ pa = &method_data.val[method_data.len-1];
+ pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
+ pa->padata_value.length = 0;
+ pa->padata_value.data = NULL;
+
+#ifdef PKINIT
+ ret = realloc_method_data(&method_data);
+ pa = &method_data.val[method_data.len-1];
+ pa->padata_type = KRB5_PADATA_PK_AS_REQ;
+ pa->padata_value.length = 0;
+ pa->padata_value.data = NULL;
+
+ ret = realloc_method_data(&method_data);
+ pa = &method_data.val[method_data.len-1];
+ pa->padata_type = KRB5_PADATA_PK_AS_REQ_WIN;
+ pa->padata_value.length = 0;
+ pa->padata_value.data = NULL;
+#endif
+
+ /*
+ * RFC4120 requires:
+ * - If the client only knows about old enctypes, then send
+ * both info replies (we send 'info' first in the list).
+ * - If the client is 'modern', because it knows about 'new'
+ * enctype types, then only send the 'info2' reply.
+ */
+
+ /* XXX check ret */
+ if (only_older_enctype_p(req))
+ ret = get_pa_etype_info(context, config,
+ &method_data, &client->entry,
+ b->etype.val, b->etype.len);
+ /* XXX check ret */
+ ret = get_pa_etype_info2(context, config, &method_data,
+ &client->entry, b->etype.val, b->etype.len);
+
+
+ ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
+ free_METHOD_DATA(&method_data);
+
+ e_data.data = buf;
+ e_data.length = len;
+ e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
+
+ ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
+
+ kdc_log(context, config, 0,
+ "No preauth found, returning PREAUTH-REQUIRED -- %s",
+ client_name);
+ goto out;
+ }
+
+ /*
+ * Find the client key (for preauth ENC-TS verification and reply
+ * encryption). Then the best encryption type for the KDC and
+ * last the best session key that shared between the client and
+ * KDC runtime enctypes.
+ */
+
+ ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
+ &ckey, &cetype);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Client (%s) has no support for etypes", client_name);
+ goto out;
+ }
+
+ ret = _kdc_get_preferred_key(context, config,
+ server, server_name,
+ &setype, &skey);
+ if(ret)
+ goto out;
+
+ /*
+ * Select a session enctype from the list of the crypto systems
+ * supported enctype, is supported by the client and is one of the
+ * enctype of the enctype of the krbtgt.
+ *
+ * The later is used as a hint what enctype all KDC are supporting
+ * to make sure a newer version of KDC wont generate a session
+ * enctype that and older version of a KDC in the same realm can't
+ * decrypt.
+ *
+ * But if the KDC admin is paranoid and doesn't want to have "no
+ * the best" enctypes on the krbtgt, lets save the best pick from
+ * the client list and hope that that will work for any other
+ * KDCs.
+ */
+ {
+ const krb5_enctype *p;
+ krb5_enctype clientbest = ETYPE_NULL;
+ int i, j;
+
+ p = krb5_kerberos_enctypes(context);
+
+ sessionetype = ETYPE_NULL;
+
+ for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
+ continue;
+
+ for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
+ Key *dummy;
+ /* check with client */
+ if (p[i] != b->etype.val[j])
+ continue;
+ /* save best of union of { client, crypto system } */
+ if (clientbest == ETYPE_NULL)
+ clientbest = p[i];
+ /* check with krbtgt */
+ ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
+ if (ret)
+ continue;
+ sessionetype = p[i];
+ }
+ }
+ /* if krbtgt had no shared keys with client, pick clients best */
+ if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
+ sessionetype = clientbest;
+ } else if (sessionetype == ETYPE_NULL) {
+ kdc_log(context, config, 0,
+ "Client (%s) from %s has no common enctypes with KDC"
+ "to use for the session key",
+ client_name, from);
+ goto out;
+ }
+ }
+
+ log_as_req(context, config, cetype, setype, b);
+
+ if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
+ || (f.request_anonymous && !config->allow_anonymous)) {
+ ret = KRB5KDC_ERR_BADOPTION;
+ kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
+ goto out;
+ }
+
+ rep.pvno = 5;
+ rep.msg_type = krb_as_rep;
+ copy_Realm(&client->entry.principal->realm, &rep.crealm);
+ if (f.request_anonymous)
+ _kdc_make_anonymous_principalname (&rep.cname);
+ else
+ _krb5_principal2principalname(&rep.cname,
+ client->entry.principal);
+ rep.ticket.tkt_vno = 5;
+ copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
+ _krb5_principal2principalname(&rep.ticket.sname,
+ server->entry.principal);
+ /* java 1.6 expects the name to be the same type, lets allow that
+ * uncomplicated name-types. */
+#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
+ if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
+ rep.ticket.sname.name_type = b->sname->name_type;
+#undef CNT
+
+ et.flags.initial = 1;
+ if(client->entry.flags.forwardable && server->entry.flags.forwardable)
+ et.flags.forwardable = f.forwardable;
+ else if (f.forwardable) {
+ ret = KRB5KDC_ERR_POLICY;
+ kdc_log(context, config, 0,
+ "Ticket may not be forwardable -- %s", client_name);
+ goto out;
+ }
+ if(client->entry.flags.proxiable && server->entry.flags.proxiable)
+ et.flags.proxiable = f.proxiable;
+ else if (f.proxiable) {
+ ret = KRB5KDC_ERR_POLICY;
+ kdc_log(context, config, 0,
+ "Ticket may not be proxiable -- %s", client_name);
+ goto out;
+ }
+ if(client->entry.flags.postdate && server->entry.flags.postdate)
+ et.flags.may_postdate = f.allow_postdate;
+ else if (f.allow_postdate){
+ ret = KRB5KDC_ERR_POLICY;
+ kdc_log(context, config, 0,
+ "Ticket may not be postdatable -- %s", client_name);
+ goto out;
+ }
+
+ /* check for valid set of addresses */
+ if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ kdc_log(context, config, 0,
+ "Bad address list requested -- %s", client_name);
+ goto out;
+ }
+
+ ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
+ if (ret)
+ goto out;
+ copy_PrincipalName(&rep.cname, &et.cname);
+ copy_Realm(&rep.crealm, &et.crealm);
+
+ {
+ time_t start;
+ time_t t;
+
+ start = et.authtime = kdc_time;
+
+ if(f.postdated && req->req_body.from){
+ ALLOC(et.starttime);
+ start = *et.starttime = *req->req_body.from;
+ et.flags.invalid = 1;
+ et.flags.postdated = 1; /* XXX ??? */
+ }
+ _kdc_fix_time(&b->till);
+ t = *b->till;
+
+ /* be careful not overflowing */
+
+ if(client->entry.max_life)
+ t = start + min(t - start, *client->entry.max_life);
+ if(server->entry.max_life)
+ t = start + min(t - start, *server->entry.max_life);
+#if 0
+ t = min(t, start + realm->max_life);
+#endif
+ et.endtime = t;
+ if(f.renewable_ok && et.endtime < *b->till){
+ f.renewable = 1;
+ if(b->rtime == NULL){
+ ALLOC(b->rtime);
+ *b->rtime = 0;
+ }
+ if(*b->rtime < *b->till)
+ *b->rtime = *b->till;
+ }
+ if(f.renewable && b->rtime){
+ t = *b->rtime;
+ if(t == 0)
+ t = MAX_TIME;
+ if(client->entry.max_renew)
+ t = start + min(t - start, *client->entry.max_renew);
+ if(server->entry.max_renew)
+ t = start + min(t - start, *server->entry.max_renew);
+#if 0
+ t = min(t, start + realm->max_renew);
+#endif
+ ALLOC(et.renew_till);
+ *et.renew_till = t;
+ et.flags.renewable = 1;
+ }
+ }
+
+ if (f.request_anonymous)
+ et.flags.anonymous = 1;
+
+ if(b->addresses){
+ ALLOC(et.caddr);
+ copy_HostAddresses(b->addresses, et.caddr);
+ }
+
+ et.transited.tr_type = DOMAIN_X500_COMPRESS;
+ krb5_data_zero(&et.transited.contents);
+
+ copy_EncryptionKey(&et.key, &ek.key);
+
+ /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
+ * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
+ * incapable of correctly decoding SEQUENCE OF's of zero length.
+ *
+ * To fix this, always send at least one no-op last_req
+ *
+ * If there's a pw_end or valid_end we will use that,
+ * otherwise just a dummy lr.
+ */
+ ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val));
+ if (ek.last_req.val == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ ek.last_req.len = 0;
+ if (client->entry.pw_end
+ && (config->kdc_warn_pwexpire == 0
+ || kdc_time + config->kdc_warn_pwexpire >= *client->entry.pw_end)) {
+ ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME;
+ ek.last_req.val[ek.last_req.len].lr_value = *client->entry.pw_end;
+ ++ek.last_req.len;
+ }
+ if (client->entry.valid_end) {
+ ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
+ ek.last_req.val[ek.last_req.len].lr_value = *client->entry.valid_end;
+ ++ek.last_req.len;
+ }
+ if (ek.last_req.len == 0) {
+ ek.last_req.val[ek.last_req.len].lr_type = LR_NONE;
+ ek.last_req.val[ek.last_req.len].lr_value = 0;
+ ++ek.last_req.len;
+ }
+ ek.nonce = b->nonce;
+ if (client->entry.valid_end || client->entry.pw_end) {
+ ALLOC(ek.key_expiration);
+ if (client->entry.valid_end) {
+ if (client->entry.pw_end)
+ *ek.key_expiration = min(*client->entry.valid_end,
+ *client->entry.pw_end);
+ else
+ *ek.key_expiration = *client->entry.valid_end;
+ } else
+ *ek.key_expiration = *client->entry.pw_end;
+ } else
+ ek.key_expiration = NULL;
+ ek.flags = et.flags;
+ ek.authtime = et.authtime;
+ if (et.starttime) {
+ ALLOC(ek.starttime);
+ *ek.starttime = *et.starttime;
+ }
+ ek.endtime = et.endtime;
+ if (et.renew_till) {
+ ALLOC(ek.renew_till);
+ *ek.renew_till = *et.renew_till;
+ }
+ copy_Realm(&rep.ticket.realm, &ek.srealm);
+ copy_PrincipalName(&rep.ticket.sname, &ek.sname);
+ if(et.caddr){
+ ALLOC(ek.caddr);
+ copy_HostAddresses(et.caddr, ek.caddr);
+ }
+
+ ALLOC(rep.padata);
+ rep.padata->len = 0;
+ rep.padata->val = NULL;
+
+ reply_key = &ckey->key;
+#if PKINIT
+ if (pkp) {
+ ret = _kdc_pk_mk_pa_reply(context, config, pkp, client,
+ req, req_buffer,
+ &reply_key, rep.padata);
+ if (ret)
+ goto out;
+ ret = _kdc_add_inital_verified_cas(context,
+ config,
+ pkp,
+ &et);
+ if (ret)
+ goto out;
+ }
+#endif
+
+ set_salt_padata (rep.padata, ckey->salt);
+
+ /* Add signing of alias referral */
+ if (f.canonicalize) {
+ PA_ClientCanonicalized canon;
+ krb5_data data;
+ PA_DATA pa;
+ krb5_crypto crypto;
+ size_t len;
+
+ memset(&canon, 0, sizeof(canon));
+
+ canon.names.requested_name = *b->cname;
+ canon.names.real_name = client->entry.principal->name;
+
+ ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
+ &canon.names, &len, ret);
+ if (ret)
+ goto out;
+ if (data.length != len)
+ krb5_abortx(context, "internal asn.1 error");
+
+ /* sign using "returned session key" */
+ ret = krb5_crypto_init(context, &et.key, 0, &crypto);
+ if (ret) {
+ free(data.data);
+ goto out;
+ }
+
+ ret = krb5_create_checksum(context, crypto,
+ KRB5_KU_CANONICALIZED_NAMES, 0,
+ data.data, data.length,
+ &canon.canon_checksum);
+ free(data.data);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length,
+ &canon, &len, ret);
+ free_Checksum(&canon.canon_checksum);
+ if (ret)
+ goto out;
+ if (data.length != len)
+ krb5_abortx(context, "internal asn.1 error");
+
+ pa.padata_type = KRB5_PADATA_CLIENT_CANONICALIZED;
+ pa.padata_value = data;
+ ret = add_METHOD_DATA(rep.padata, &pa);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ if (rep.padata->len == 0) {
+ free(rep.padata);
+ rep.padata = NULL;
+ }
+
+ /* Add the PAC */
+ if (send_pac_p(context, req)) {
+ krb5_pac p = NULL;
+ krb5_data data;
+
+ ret = _kdc_pac_generate(context, client, &p);
+ if (ret) {
+ kdc_log(context, config, 0, "PAC generation failed for -- %s",
+ client_name);
+ goto out;
+ }
+ if (p != NULL) {
+ ret = _krb5_pac_sign(context, p, et.authtime,
+ client->entry.principal,
+ &skey->key, /* Server key */
+ &skey->key, /* FIXME: should be krbtgt key */
+ &data);
+ krb5_pac_free(context, p);
+ if (ret) {
+ kdc_log(context, config, 0, "PAC signing failed for -- %s",
+ client_name);
+ goto out;
+ }
+
+ ret = _kdc_tkt_add_if_relevant_ad(context, &et,
+ KRB5_AUTHDATA_WIN2K_PAC,
+ &data);
+ krb5_data_free(&data);
+ if (ret)
+ goto out;
+ }
+ }
+
+ _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime,
+ et.endtime, et.renew_till);
+
+ /* do this as the last thing since this signs the EncTicketPart */
+ ret = _kdc_add_KRB5SignedPath(context,
+ config,
+ server,
+ setype,
+ NULL,
+ NULL,
+ &et);
+ if (ret)
+ goto out;
+
+ ret = _kdc_encode_reply(context, config,
+ &rep, &et, &ek, setype, server->entry.kvno,
+ &skey->key, client->entry.kvno,
+ reply_key, &e_text, reply);
+ free_EncTicketPart(&et);
+ free_EncKDCRepPart(&ek);
+ if (ret)
+ goto out;
+
+ /* */
+ if (datagram_reply && reply->length > config->max_datagram_reply_length) {
+ krb5_data_free(reply);
+ ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
+ e_text = "Reply packet too large";
+ }
+
+out:
+ free_AS_REP(&rep);
+ if(ret){
+ krb5_mk_error(context,
+ ret,
+ e_text,
+ (e_data.data ? &e_data : NULL),
+ client_princ,
+ server_princ,
+ NULL,
+ NULL,
+ reply);
+ ret = 0;
+ }
+#ifdef PKINIT
+ if (pkp)
+ _kdc_pk_free_client_param(context, pkp);
+#endif
+ if (e_data.data)
+ free(e_data.data);
+ if (client_princ)
+ krb5_free_principal(context, client_princ);
+ free(client_name);
+ if (server_princ)
+ krb5_free_principal(context, server_princ);
+ free(server_name);
+ if(client)
+ _kdc_free_ent(context, client);
+ if(server)
+ _kdc_free_ent(context, server);
+ return ret;
+}
+
+/*
+ * Add the AuthorizationData `data\xB4 of `type\xB4 to the last element in
+ * the sequence of authorization_data in `tkt\xB4 wrapped in an IF_RELEVANT
+ */
+
+krb5_error_code
+_kdc_tkt_add_if_relevant_ad(krb5_context context,
+ EncTicketPart *tkt,
+ int type,
+ const krb5_data *data)
+{
+ krb5_error_code ret;
+ size_t size;
+
+ if (tkt->authorization_data == NULL) {
+ tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
+ if (tkt->authorization_data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ }
+
+ /* add the entry to the last element */
+ {
+ AuthorizationData ad = { 0, NULL };
+ AuthorizationDataElement ade;
+
+ ade.ad_type = type;
+ ade.ad_data = *data;
+
+ ret = add_AuthorizationData(&ad, &ade);
+ if (ret) {
+ krb5_set_error_string(context, "add AuthorizationData failed");
+ return ret;
+ }
+
+ ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+
+ ASN1_MALLOC_ENCODE(AuthorizationData,
+ ade.ad_data.data, ade.ad_data.length,
+ &ad, &size, ret);
+ free_AuthorizationData(&ad);
+ if (ret) {
+ krb5_set_error_string(context, "ASN.1 encode of "
+ "AuthorizationData failed");
+ return ret;
+ }
+ if (ade.ad_data.length != size)
+ krb5_abortx(context, "internal asn.1 encoder error");
+
+ ret = add_AuthorizationData(tkt->authorization_data, &ade);
+ der_free_octet_string(&ade.ad_data);
+ if (ret) {
+ krb5_set_error_string(context, "add AuthorizationData failed");
+ return ret;
+ }
+ }
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/krb5tgs.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/krb5tgs.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/krb5tgs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1914 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: krb5tgs.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * return the realm of a krbtgt-ticket or NULL
+ */
+
+static Realm
+get_krbtgt_realm(const PrincipalName *p)
+{
+ if(p->name_string.len == 2
+ && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0)
+ return p->name_string.val[1];
+ else
+ return NULL;
+}
+
+/*
+ * The KDC might add a signed path to the ticket authorization data
+ * field. This is to avoid server impersonating clients and the
+ * request constrained delegation.
+ *
+ * This is done by storing a KRB5_AUTHDATA_IF_RELEVANT with a single
+ * entry of type KRB5SignedPath.
+ */
+
+static krb5_error_code
+find_KRB5SignedPath(krb5_context context,
+ const AuthorizationData *ad,
+ krb5_data *data)
+{
+ AuthorizationData child;
+ krb5_error_code ret;
+ int pos;
+
+ if (ad == NULL || ad->len == 0)
+ return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+
+ pos = ad->len - 1;
+
+ if (ad->val[pos].ad_type != KRB5_AUTHDATA_IF_RELEVANT)
+ return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+
+ ret = decode_AuthorizationData(ad->val[pos].ad_data.data,
+ ad->val[pos].ad_data.length,
+ &child,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode "
+ "IF_RELEVANT with %d", ret);
+ return ret;
+ }
+
+ if (child.len != 1) {
+ free_AuthorizationData(&child);
+ return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+ }
+
+ if (child.val[0].ad_type != KRB5_AUTHDATA_SIGNTICKET) {
+ free_AuthorizationData(&child);
+ return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+ }
+
+ if (data)
+ ret = der_copy_octet_string(&child.val[0].ad_data, data);
+ free_AuthorizationData(&child);
+ return ret;
+}
+
+krb5_error_code
+_kdc_add_KRB5SignedPath(krb5_context context,
+ krb5_kdc_configuration *config,
+ hdb_entry_ex *krbtgt,
+ krb5_enctype enctype,
+ krb5_const_principal server,
+ KRB5SignedPathPrincipals *principals,
+ EncTicketPart *tkt)
+{
+ krb5_error_code ret;
+ KRB5SignedPath sp;
+ krb5_data data;
+ krb5_crypto crypto = NULL;
+ size_t size;
+
+ if (server && principals) {
+ ret = add_KRB5SignedPathPrincipals(principals, server);
+ if (ret)
+ return ret;
+ }
+
+ {
+ KRB5SignedPathData spd;
+
+ spd.encticket = *tkt;
+ spd.delegated = principals;
+
+ ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length,
+ &spd, &size, ret);
+ if (ret)
+ return ret;
+ if (data.length != size)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ }
+
+ {
+ Key *key;
+ ret = hdb_enctype2key(context, &krbtgt->entry, enctype, &key);
+ if (ret == 0)
+ ret = krb5_crypto_init(context, &key->key, 0, &crypto);
+ if (ret) {
+ free(data.data);
+ return ret;
+ }
+ }
+
+ /*
+ * Fill in KRB5SignedPath
+ */
+
+ sp.etype = enctype;
+ sp.delegated = principals;
+
+ ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, 0,
+ data.data, data.length, &sp.cksum);
+ krb5_crypto_destroy(context, crypto);
+ free(data.data);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(KRB5SignedPath, data.data, data.length, &sp, &size, ret);
+ free_Checksum(&sp.cksum);
+ if (ret)
+ return ret;
+ if (data.length != size)
+ krb5_abortx(context, "internal asn.1 encoder error");
+
+
+ /*
+ * Add IF-RELEVANT(KRB5SignedPath) to the last slot in
+ * authorization data field.
+ */
+
+ ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
+ KRB5_AUTHDATA_SIGNTICKET, &data);
+ krb5_data_free(&data);
+
+ return ret;
+}
+
+static krb5_error_code
+check_KRB5SignedPath(krb5_context context,
+ krb5_kdc_configuration *config,
+ hdb_entry_ex *krbtgt,
+ EncTicketPart *tkt,
+ KRB5SignedPathPrincipals **delegated,
+ int require_signedpath)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ krb5_crypto crypto = NULL;
+
+ *delegated = NULL;
+
+ ret = find_KRB5SignedPath(context, tkt->authorization_data, &data);
+ if (ret == 0) {
+ KRB5SignedPathData spd;
+ KRB5SignedPath sp;
+ AuthorizationData *ad;
+ size_t size;
+
+ ret = decode_KRB5SignedPath(data.data, data.length, &sp, NULL);
+ krb5_data_free(&data);
+ if (ret)
+ return ret;
+
+ spd.encticket = *tkt;
+ /* the KRB5SignedPath is the last entry */
+ ad = spd.encticket.authorization_data;
+ if (--ad->len == 0)
+ spd.encticket.authorization_data = NULL;
+ spd.delegated = sp.delegated;
+
+ ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length,
+ &spd, &size, ret);
+ ad->len++;
+ spd.encticket.authorization_data = ad;
+ if (ret) {
+ free_KRB5SignedPath(&sp);
+ return ret;
+ }
+ if (data.length != size)
+ krb5_abortx(context, "internal asn.1 encoder error");
+
+ {
+ Key *key;
+ ret = hdb_enctype2key(context, &krbtgt->entry, sp.etype, &key);
+ if (ret == 0)
+ ret = krb5_crypto_init(context, &key->key, 0, &crypto);
+ if (ret) {
+ free(data.data);
+ free_KRB5SignedPath(&sp);
+ return ret;
+ }
+ }
+ ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH,
+ data.data, data.length,
+ &sp.cksum);
+ krb5_crypto_destroy(context, crypto);
+ free(data.data);
+ if (ret) {
+ free_KRB5SignedPath(&sp);
+ return ret;
+ }
+
+ if (sp.delegated) {
+
+ *delegated = malloc(sizeof(*sp.delegated));
+ if (*delegated == NULL) {
+ free_KRB5SignedPath(&sp);
+ return ENOMEM;
+ }
+
+ ret = copy_KRB5SignedPathPrincipals(*delegated, sp.delegated);
+ if (ret) {
+ free_KRB5SignedPath(&sp);
+ free(*delegated);
+ *delegated = NULL;
+ return ret;
+ }
+ }
+ free_KRB5SignedPath(&sp);
+
+ } else {
+ if (require_signedpath)
+ return KRB5KDC_ERR_BADOPTION;
+ }
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+check_PAC(krb5_context context,
+ krb5_kdc_configuration *config,
+ const krb5_principal client_principal,
+ hdb_entry_ex *client,
+ hdb_entry_ex *server,
+ const EncryptionKey *server_key,
+ const EncryptionKey *krbtgt_key,
+ EncTicketPart *tkt,
+ krb5_data *rspac,
+ int *require_signedpath)
+{
+ AuthorizationData *ad = tkt->authorization_data;
+ unsigned i, j;
+ krb5_error_code ret;
+
+ if (ad == NULL || ad->len == 0)
+ return 0;
+
+ for (i = 0; i < ad->len; i++) {
+ AuthorizationData child;
+
+ if (ad->val[i].ad_type != KRB5_AUTHDATA_IF_RELEVANT)
+ continue;
+
+ ret = decode_AuthorizationData(ad->val[i].ad_data.data,
+ ad->val[i].ad_data.length,
+ &child,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode "
+ "IF_RELEVANT with %d", ret);
+ return ret;
+ }
+ for (j = 0; j < child.len; j++) {
+
+ if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) {
+ krb5_pac pac;
+
+ /* Found PAC */
+ ret = krb5_pac_parse(context,
+ child.val[j].ad_data.data,
+ child.val[j].ad_data.length,
+ &pac);
+ free_AuthorizationData(&child);
+ if (ret)
+ return ret;
+
+ ret = krb5_pac_verify(context, pac, tkt->authtime,
+ client_principal,
+ krbtgt_key, NULL);
+ if (ret) {
+ krb5_pac_free(context, pac);
+ return ret;
+ }
+
+ ret = _kdc_pac_verify(context, client_principal,
+ client, server, &pac);
+ if (ret) {
+ krb5_pac_free(context, pac);
+ return ret;
+ }
+ *require_signedpath = 0;
+
+ ret = _krb5_pac_sign(context, pac, tkt->authtime,
+ client_principal,
+ server_key, krbtgt_key, rspac);
+
+ krb5_pac_free(context, pac);
+
+ return ret;
+ }
+ }
+ free_AuthorizationData(&child);
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+check_tgs_flags(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et)
+{
+ KDCOptions f = b->kdc_options;
+
+ if(f.validate){
+ if(!tgt->flags.invalid || tgt->starttime == NULL){
+ kdc_log(context, config, 0,
+ "Bad request to validate ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ if(*tgt->starttime > kdc_time){
+ kdc_log(context, config, 0,
+ "Early request to validate ticket");
+ return KRB5KRB_AP_ERR_TKT_NYV;
+ }
+ /* XXX tkt = tgt */
+ et->flags.invalid = 0;
+ }else if(tgt->flags.invalid){
+ kdc_log(context, config, 0,
+ "Ticket-granting ticket has INVALID flag set");
+ return KRB5KRB_AP_ERR_TKT_INVALID;
+ }
+
+ if(f.forwardable){
+ if(!tgt->flags.forwardable){
+ kdc_log(context, config, 0,
+ "Bad request for forwardable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ et->flags.forwardable = 1;
+ }
+ if(f.forwarded){
+ if(!tgt->flags.forwardable){
+ kdc_log(context, config, 0,
+ "Request to forward non-forwardable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ et->flags.forwarded = 1;
+ et->caddr = b->addresses;
+ }
+ if(tgt->flags.forwarded)
+ et->flags.forwarded = 1;
+
+ if(f.proxiable){
+ if(!tgt->flags.proxiable){
+ kdc_log(context, config, 0,
+ "Bad request for proxiable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ et->flags.proxiable = 1;
+ }
+ if(f.proxy){
+ if(!tgt->flags.proxiable){
+ kdc_log(context, config, 0,
+ "Request to proxy non-proxiable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ et->flags.proxy = 1;
+ et->caddr = b->addresses;
+ }
+ if(tgt->flags.proxy)
+ et->flags.proxy = 1;
+
+ if(f.allow_postdate){
+ if(!tgt->flags.may_postdate){
+ kdc_log(context, config, 0,
+ "Bad request for post-datable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ et->flags.may_postdate = 1;
+ }
+ if(f.postdated){
+ if(!tgt->flags.may_postdate){
+ kdc_log(context, config, 0,
+ "Bad request for postdated ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ if(b->from)
+ *et->starttime = *b->from;
+ et->flags.postdated = 1;
+ et->flags.invalid = 1;
+ }else if(b->from && *b->from > kdc_time + context->max_skew){
+ kdc_log(context, config, 0, "Ticket cannot be postdated");
+ return KRB5KDC_ERR_CANNOT_POSTDATE;
+ }
+
+ if(f.renewable){
+ if(!tgt->flags.renewable){
+ kdc_log(context, config, 0,
+ "Bad request for renewable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ et->flags.renewable = 1;
+ ALLOC(et->renew_till);
+ _kdc_fix_time(&b->rtime);
+ *et->renew_till = *b->rtime;
+ }
+ if(f.renew){
+ time_t old_life;
+ if(!tgt->flags.renewable || tgt->renew_till == NULL){
+ kdc_log(context, config, 0,
+ "Request to renew non-renewable ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+ old_life = tgt->endtime;
+ if(tgt->starttime)
+ old_life -= *tgt->starttime;
+ else
+ old_life -= tgt->authtime;
+ et->endtime = *et->starttime + old_life;
+ if (et->renew_till != NULL)
+ et->endtime = min(*et->renew_till, et->endtime);
+ }
+
+#if 0
+ /* checks for excess flags */
+ if(f.request_anonymous && !config->allow_anonymous){
+ kdc_log(context, config, 0,
+ "Request for anonymous ticket");
+ return KRB5KDC_ERR_BADOPTION;
+ }
+#endif
+ return 0;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+check_constrained_delegation(krb5_context context,
+ krb5_kdc_configuration *config,
+ hdb_entry_ex *client,
+ krb5_const_principal server)
+{
+ const HDB_Ext_Constrained_delegation_acl *acl;
+ krb5_error_code ret;
+ int i;
+
+ ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ if (acl) {
+ for (i = 0; i < acl->len; i++) {
+ if (krb5_principal_compare(context, server, &acl->val[i]) == TRUE)
+ return 0;
+ }
+ }
+ kdc_log(context, config, 0,
+ "Bad request for constrained delegation");
+ return KRB5KDC_ERR_BADOPTION;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+verify_flags (krb5_context context,
+ krb5_kdc_configuration *config,
+ const EncTicketPart *et,
+ const char *pstr)
+{
+ if(et->endtime < kdc_time){
+ kdc_log(context, config, 0, "Ticket expired (%s)", pstr);
+ return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ }
+ if(et->flags.invalid){
+ kdc_log(context, config, 0, "Ticket not valid (%s)", pstr);
+ return KRB5KRB_AP_ERR_TKT_NYV;
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+fix_transited_encoding(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_boolean check_policy,
+ const TransitedEncoding *tr,
+ EncTicketPart *et,
+ const char *client_realm,
+ const char *server_realm,
+ const char *tgt_realm)
+{
+ krb5_error_code ret = 0;
+ char **realms, **tmp;
+ int num_realms;
+ int i;
+
+ switch (tr->tr_type) {
+ case DOMAIN_X500_COMPRESS:
+ break;
+ case 0:
+ /*
+ * Allow empty content of type 0 because that is was Microsoft
+ * generates in their TGT.
+ */
+ if (tr->contents.length == 0)
+ break;
+ kdc_log(context, config, 0,
+ "Transited type 0 with non empty content");
+ return KRB5KDC_ERR_TRTYPE_NOSUPP;
+ default:
+ kdc_log(context, config, 0,
+ "Unknown transited type: %u", tr->tr_type);
+ return KRB5KDC_ERR_TRTYPE_NOSUPP;
+ }
+
+ ret = krb5_domain_x500_decode(context,
+ tr->contents,
+ &realms,
+ &num_realms,
+ client_realm,
+ server_realm);
+ if(ret){
+ krb5_warn(context, ret,
+ "Decoding transited encoding");
+ return ret;
+ }
+ if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
+ /* not us, so add the previous realm to transited set */
+ if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ ret = ERANGE;
+ goto free_realms;
+ }
+ tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
+ if(tmp == NULL){
+ ret = ENOMEM;
+ goto free_realms;
+ }
+ realms = tmp;
+ realms[num_realms] = strdup(tgt_realm);
+ if(realms[num_realms] == NULL){
+ ret = ENOMEM;
+ goto free_realms;
+ }
+ num_realms++;
+ }
+ if(num_realms == 0) {
+ if(strcmp(client_realm, server_realm))
+ kdc_log(context, config, 0,
+ "cross-realm %s -> %s", client_realm, server_realm);
+ } else {
+ size_t l = 0;
+ char *rs;
+ for(i = 0; i < num_realms; i++)
+ l += strlen(realms[i]) + 2;
+ rs = malloc(l);
+ if(rs != NULL) {
+ *rs = '\0';
+ for(i = 0; i < num_realms; i++) {
+ if(i > 0)
+ strlcat(rs, ", ", l);
+ strlcat(rs, realms[i], l);
+ }
+ kdc_log(context, config, 0,
+ "cross-realm %s -> %s via [%s]",
+ client_realm, server_realm, rs);
+ free(rs);
+ }
+ }
+ if(check_policy) {
+ ret = krb5_check_transited(context, client_realm,
+ server_realm,
+ realms, num_realms, NULL);
+ if(ret) {
+ krb5_warn(context, ret, "cross-realm %s -> %s",
+ client_realm, server_realm);
+ goto free_realms;
+ }
+ et->flags.transited_policy_checked = 1;
+ }
+ et->transited.tr_type = DOMAIN_X500_COMPRESS;
+ ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents);
+ if(ret)
+ krb5_warn(context, ret, "Encoding transited encoding");
+ free_realms:
+ for(i = 0; i < num_realms; i++)
+ free(realms[i]);
+ free(realms);
+ return ret;
+}
+
+
+static krb5_error_code
+tgs_make_reply(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REQ_BODY *b,
+ krb5_const_principal tgt_name,
+ const EncTicketPart *tgt,
+ const EncryptionKey *serverkey,
+ const krb5_keyblock *sessionkey,
+ krb5_kvno kvno,
+ AuthorizationData *auth_data,
+ hdb_entry_ex *server,
+ const char *server_name,
+ hdb_entry_ex *client,
+ krb5_principal client_principal,
+ hdb_entry_ex *krbtgt,
+ krb5_enctype krbtgt_etype,
+ KRB5SignedPathPrincipals *spp,
+ const krb5_data *rspac,
+ const char **e_text,
+ krb5_data *reply)
+{
+ KDC_REP rep;
+ EncKDCRepPart ek;
+ EncTicketPart et;
+ KDCOptions f = b->kdc_options;
+ krb5_error_code ret;
+
+ memset(&rep, 0, sizeof(rep));
+ memset(&et, 0, sizeof(et));
+ memset(&ek, 0, sizeof(ek));
+
+ rep.pvno = 5;
+ rep.msg_type = krb_tgs_rep;
+
+ et.authtime = tgt->authtime;
+ _kdc_fix_time(&b->till);
+ et.endtime = min(tgt->endtime, *b->till);
+ ALLOC(et.starttime);
+ *et.starttime = kdc_time;
+
+ ret = check_tgs_flags(context, config, b, tgt, &et);
+ if(ret)
+ goto out;
+
+ /* We should check the transited encoding if:
+ 1) the request doesn't ask not to be checked
+ 2) globally enforcing a check
+ 3) principal requires checking
+ 4) we allow non-check per-principal, but principal isn't marked as allowing this
+ 5) we don't globally allow this
+ */
+
+#define GLOBAL_FORCE_TRANSITED_CHECK \
+ (config->trpolicy == TRPOLICY_ALWAYS_CHECK)
+#define GLOBAL_ALLOW_PER_PRINCIPAL \
+ (config->trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL)
+#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK \
+ (config->trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST)
+
+/* these will consult the database in future release */
+#define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0
+#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0
+
+ ret = fix_transited_encoding(context, config,
+ !f.disable_transited_check ||
+ GLOBAL_FORCE_TRANSITED_CHECK ||
+ PRINCIPAL_FORCE_TRANSITED_CHECK(server) ||
+ !((GLOBAL_ALLOW_PER_PRINCIPAL &&
+ PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) ||
+ GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK),
+ &tgt->transited, &et,
+ *krb5_princ_realm(context, client_principal),
+ *krb5_princ_realm(context, server->entry.principal),
+ *krb5_princ_realm(context, krbtgt->entry.principal));
+ if(ret)
+ goto out;
+
+ copy_Realm(krb5_princ_realm(context, server->entry.principal),
+ &rep.ticket.realm);
+ _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal);
+ copy_Realm(&tgt_name->realm, &rep.crealm);
+/*
+ if (f.request_anonymous)
+ _kdc_make_anonymous_principalname (&rep.cname);
+ else */
+
+ copy_PrincipalName(&tgt_name->name, &rep.cname);
+ rep.ticket.tkt_vno = 5;
+
+ ek.caddr = et.caddr;
+ if(et.caddr == NULL)
+ et.caddr = tgt->caddr;
+
+ {
+ time_t life;
+ life = et.endtime - *et.starttime;
+ if(client && client->entry.max_life)
+ life = min(life, *client->entry.max_life);
+ if(server->entry.max_life)
+ life = min(life, *server->entry.max_life);
+ et.endtime = *et.starttime + life;
+ }
+ if(f.renewable_ok && tgt->flags.renewable &&
+ et.renew_till == NULL && et.endtime < *b->till){
+ et.flags.renewable = 1;
+ ALLOC(et.renew_till);
+ *et.renew_till = *b->till;
+ }
+ if(et.renew_till){
+ time_t renew;
+ renew = *et.renew_till - et.authtime;
+ if(client && client->entry.max_renew)
+ renew = min(renew, *client->entry.max_renew);
+ if(server->entry.max_renew)
+ renew = min(renew, *server->entry.max_renew);
+ *et.renew_till = et.authtime + renew;
+ }
+
+ if(et.renew_till){
+ *et.renew_till = min(*et.renew_till, *tgt->renew_till);
+ *et.starttime = min(*et.starttime, *et.renew_till);
+ et.endtime = min(et.endtime, *et.renew_till);
+ }
+
+ *et.starttime = min(*et.starttime, et.endtime);
+
+ if(*et.starttime == et.endtime){
+ ret = KRB5KDC_ERR_NEVER_VALID;
+ goto out;
+ }
+ if(et.renew_till && et.endtime == *et.renew_till){
+ free(et.renew_till);
+ et.renew_till = NULL;
+ et.flags.renewable = 0;
+ }
+
+ et.flags.pre_authent = tgt->flags.pre_authent;
+ et.flags.hw_authent = tgt->flags.hw_authent;
+ et.flags.anonymous = tgt->flags.anonymous;
+ et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
+
+ if (auth_data) {
+ /* XXX Check enc-authorization-data */
+ et.authorization_data = calloc(1, sizeof(*et.authorization_data));
+ if (et.authorization_data == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = copy_AuthorizationData(auth_data, et.authorization_data);
+ if (ret)
+ goto out;
+
+ /* Filter out type KRB5SignedPath */
+ ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
+ if (ret == 0) {
+ if (et.authorization_data->len == 1) {
+ free_AuthorizationData(et.authorization_data);
+ free(et.authorization_data);
+ et.authorization_data = NULL;
+ } else {
+ AuthorizationData *ad = et.authorization_data;
+ free_AuthorizationDataElement(&ad->val[ad->len - 1]);
+ ad->len--;
+ }
+ }
+ }
+
+ if(rspac->length) {
+ /*
+ * No not need to filter out the any PAC from the
+ * auth_data since it's signed by the KDC.
+ */
+ ret = _kdc_tkt_add_if_relevant_ad(context, &et,
+ KRB5_AUTHDATA_WIN2K_PAC,
+ rspac);
+ if (ret)
+ goto out;
+ }
+
+ ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key);
+ if (ret)
+ goto out;
+ et.crealm = tgt->crealm;
+ et.cname = tgt_name->name;
+
+ ek.key = et.key;
+ /* MIT must have at least one last_req */
+ ek.last_req.len = 1;
+ ek.last_req.val = calloc(1, sizeof(*ek.last_req.val));
+ if (ek.last_req.val == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ ek.nonce = b->nonce;
+ ek.flags = et.flags;
+ ek.authtime = et.authtime;
+ ek.starttime = et.starttime;
+ ek.endtime = et.endtime;
+ ek.renew_till = et.renew_till;
+ ek.srealm = rep.ticket.realm;
+ ek.sname = rep.ticket.sname;
+
+ _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime,
+ et.endtime, et.renew_till);
+
+ /* Don't sign cross realm tickets, they can't be checked anyway */
+ {
+ char *r = get_krbtgt_realm(&ek.sname);
+
+ if (r == NULL || strcmp(r, ek.srealm) == 0) {
+ ret = _kdc_add_KRB5SignedPath(context,
+ config,
+ krbtgt,
+ krbtgt_etype,
+ NULL,
+ spp,
+ &et);
+ if (ret)
+ goto out;
+ }
+ }
+
+ /* It is somewhat unclear where the etype in the following
+ encryption should come from. What we have is a session
+ key in the passed tgt, and a list of preferred etypes
+ *for the new ticket*. Should we pick the best possible
+ etype, given the keytype in the tgt, or should we look
+ at the etype list here as well? What if the tgt
+ session key is DES3 and we want a ticket with a (say)
+ CAST session key. Should the DES3 etype be added to the
+ etype list, even if we don't want a session key with
+ DES3? */
+ ret = _kdc_encode_reply(context, config,
+ &rep, &et, &ek, et.key.keytype,
+ kvno,
+ serverkey, 0, &tgt->key, e_text, reply);
+out:
+ free_TGS_REP(&rep);
+ free_TransitedEncoding(&et.transited);
+ if(et.starttime)
+ free(et.starttime);
+ if(et.renew_till)
+ free(et.renew_till);
+ if(et.authorization_data) {
+ free_AuthorizationData(et.authorization_data);
+ free(et.authorization_data);
+ }
+ free_LastReq(&ek.last_req);
+ memset(et.key.keyvalue.data, 0, et.key.keyvalue.length);
+ free_EncryptionKey(&et.key);
+ return ret;
+}
+
+static krb5_error_code
+tgs_check_authenticator(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_auth_context ac,
+ KDC_REQ_BODY *b,
+ const char **e_text,
+ krb5_keyblock *key)
+{
+ krb5_authenticator auth;
+ size_t len;
+ unsigned char *buf;
+ size_t buf_size;
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ krb5_auth_con_getauthenticator(context, ac, &auth);
+ if(auth->cksum == NULL){
+ kdc_log(context, config, 0, "No authenticator in request");
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ goto out;
+ }
+ /*
+ * according to RFC1510 it doesn't need to be keyed,
+ * but according to the latest draft it needs to.
+ */
+ if (
+#if 0
+!krb5_checksum_is_keyed(context, auth->cksum->cksumtype)
+ ||
+#endif
+ !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) {
+ kdc_log(context, config, 0, "Bad checksum type in authenticator: %d",
+ auth->cksum->cksumtype);
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ goto out;
+ }
+
+ /* XXX should not re-encode this */
+ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
+ if(ret){
+ kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ if(buf_size != len) {
+ free(buf);
+ kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
+ *e_text = "KDC internal error";
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free(buf);
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ ret = krb5_verify_checksum(context,
+ crypto,
+ KRB5_KU_TGS_REQ_AUTH_CKSUM,
+ buf,
+ len,
+ auth->cksum);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+ if(ret){
+ kdc_log(context, config, 0,
+ "Failed to verify authenticator checksum: %s",
+ krb5_get_err_text(context, ret));
+ }
+out:
+ free_Authenticator(auth);
+ free(auth);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static const char *
+find_rpath(krb5_context context, Realm crealm, Realm srealm)
+{
+ const char *new_realm = krb5_config_get_string(context,
+ NULL,
+ "capaths",
+ crealm,
+ srealm,
+ NULL);
+ return new_realm;
+}
+
+
+static krb5_boolean
+need_referral(krb5_context context, krb5_principal server, krb5_realm **realms)
+{
+ if(server->name.name_type != KRB5_NT_SRV_INST ||
+ server->name.name_string.len != 2)
+ return FALSE;
+
+ return _krb5_get_host_realm_int(context, server->name.name_string.val[1],
+ FALSE, realms) == 0;
+}
+
+static krb5_error_code
+tgs_parse_request(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REQ_BODY *b,
+ const PA_DATA *tgs_req,
+ hdb_entry_ex **krbtgt,
+ krb5_enctype *krbtgt_etype,
+ krb5_ticket **ticket,
+ const char **e_text,
+ const char *from,
+ const struct sockaddr *from_addr,
+ time_t **csec,
+ int **cusec,
+ AuthorizationData **auth_data)
+{
+ krb5_ap_req ap_req;
+ krb5_error_code ret;
+ krb5_principal princ;
+ krb5_auth_context ac = NULL;
+ krb5_flags ap_req_options;
+ krb5_flags verify_ap_req_flags;
+ krb5_crypto crypto;
+ Key *tkey;
+
+ *auth_data = NULL;
+ *csec = NULL;
+ *cusec = NULL;
+
+ memset(&ap_req, 0, sizeof(ap_req));
+ ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req);
+ if(ret){
+ kdc_log(context, config, 0, "Failed to decode AP-REQ: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ if(!get_krbtgt_realm(&ap_req.ticket.sname)){
+ /* XXX check for ticket.sname == req.sname */
+ kdc_log(context, config, 0, "PA-DATA is not a ticket-granting ticket");
+ ret = KRB5KDC_ERR_POLICY; /* ? */
+ goto out;
+ }
+
+ _krb5_principalname2krb5_principal(context,
+ &princ,
+ ap_req.ticket.sname,
+ ap_req.ticket.realm);
+
+ ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, NULL, krbtgt);
+
+ if(ret) {
+ char *p;
+ ret = krb5_unparse_name(context, princ, &p);
+ if (ret != 0)
+ p = "<unparse_name failed>";
+ krb5_free_principal(context, princ);
+ kdc_log(context, config, 0,
+ "Ticket-granting ticket not found in database: %s: %s",
+ p, krb5_get_err_text(context, ret));
+ if (ret == 0)
+ free(p);
+ ret = KRB5KRB_AP_ERR_NOT_US;
+ goto out;
+ }
+
+ if(ap_req.ticket.enc_part.kvno &&
+ *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
+ char *p;
+
+ ret = krb5_unparse_name (context, princ, &p);
+ krb5_free_principal(context, princ);
+ if (ret != 0)
+ p = "<unparse_name failed>";
+ kdc_log(context, config, 0,
+ "Ticket kvno = %d, DB kvno = %d (%s)",
+ *ap_req.ticket.enc_part.kvno,
+ (*krbtgt)->entry.kvno,
+ p);
+ if (ret == 0)
+ free (p);
+ ret = KRB5KRB_AP_ERR_BADKEYVER;
+ goto out;
+ }
+
+ *krbtgt_etype = ap_req.ticket.enc_part.etype;
+
+ ret = hdb_enctype2key(context, &(*krbtgt)->entry,
+ ap_req.ticket.enc_part.etype, &tkey);
+ if(ret){
+ char *str = NULL, *p = NULL;
+
+ krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str);
+ krb5_unparse_name(context, princ, &p);
+ kdc_log(context, config, 0,
+ "No server key with enctype %s found for %s",
+ str ? str : "<unknown enctype>",
+ p ? p : "<unparse_name failed>");
+ free(str);
+ free(p);
+ ret = KRB5KRB_AP_ERR_BADKEYVER;
+ goto out;
+ }
+
+ if (b->kdc_options.validate)
+ verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID;
+ else
+ verify_ap_req_flags = 0;
+
+ ret = krb5_verify_ap_req2(context,
+ &ac,
+ &ap_req,
+ princ,
+ &tkey->key,
+ verify_ap_req_flags,
+ &ap_req_options,
+ ticket,
+ KRB5_KU_TGS_REQ_AUTH);
+
+ krb5_free_principal(context, princ);
+ if(ret) {
+ kdc_log(context, config, 0, "Failed to verify AP-REQ: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ {
+ krb5_authenticator auth;
+
+ ret = krb5_auth_con_getauthenticator(context, ac, &auth);
+ if (ret == 0) {
+ *csec = malloc(sizeof(**csec));
+ if (*csec == NULL) {
+ krb5_free_authenticator(context, &auth);
+ kdc_log(context, config, 0, "malloc failed");
+ goto out;
+ }
+ **csec = auth->ctime;
+ *cusec = malloc(sizeof(**cusec));
+ if (*cusec == NULL) {
+ krb5_free_authenticator(context, &auth);
+ kdc_log(context, config, 0, "malloc failed");
+ goto out;
+ }
+ **cusec = auth->cusec;
+ krb5_free_authenticator(context, &auth);
+ }
+ }
+
+ ret = tgs_check_authenticator(context, config,
+ ac, b, e_text, &(*ticket)->ticket.key);
+ if (ret) {
+ krb5_auth_con_free(context, ac);
+ goto out;
+ }
+
+ if (b->enc_authorization_data) {
+ unsigned usage = KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY;
+ krb5_keyblock *subkey;
+ krb5_data ad;
+
+ ret = krb5_auth_con_getremotesubkey(context,
+ ac,
+ &subkey);
+ if(ret){
+ krb5_auth_con_free(context, ac);
+ kdc_log(context, config, 0, "Failed to get remote subkey: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ if(subkey == NULL){
+ usage = KRB5_KU_TGS_REQ_AUTH_DAT_SESSION;
+ ret = krb5_auth_con_getkey(context, ac, &subkey);
+ if(ret) {
+ krb5_auth_con_free(context, ac);
+ kdc_log(context, config, 0, "Failed to get session key: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ }
+ if(subkey == NULL){
+ krb5_auth_con_free(context, ac);
+ kdc_log(context, config, 0,
+ "Failed to get key for enc-authorization-data");
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
+ goto out;
+ }
+ ret = krb5_crypto_init(context, subkey, 0, &crypto);
+ if (ret) {
+ krb5_auth_con_free(context, ac);
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ usage,
+ b->enc_authorization_data,
+ &ad);
+ krb5_crypto_destroy(context, crypto);
+ if(ret){
+ krb5_auth_con_free(context, ac);
+ kdc_log(context, config, 0,
+ "Failed to decrypt enc-authorization-data");
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
+ goto out;
+ }
+ krb5_free_keyblock(context, subkey);
+ ALLOC(*auth_data);
+ if (*auth_data == NULL) {
+ krb5_auth_con_free(context, ac);
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
+ goto out;
+ }
+ ret = decode_AuthorizationData(ad.data, ad.length, *auth_data, NULL);
+ if(ret){
+ krb5_auth_con_free(context, ac);
+ free(*auth_data);
+ *auth_data = NULL;
+ kdc_log(context, config, 0, "Failed to decode authorization data");
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
+ goto out;
+ }
+ }
+
+ krb5_auth_con_free(context, ac);
+
+out:
+ free_AP_REQ(&ap_req);
+
+ return ret;
+}
+
+static krb5_error_code
+tgs_build_reply(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REQ *req,
+ KDC_REQ_BODY *b,
+ hdb_entry_ex *krbtgt,
+ krb5_enctype krbtgt_etype,
+ krb5_ticket *ticket,
+ krb5_data *reply,
+ const char *from,
+ const char **e_text,
+ AuthorizationData *auth_data,
+ const struct sockaddr *from_addr,
+ int datagram_reply)
+{
+ krb5_error_code ret;
+ krb5_principal cp = NULL, sp = NULL;
+ krb5_principal client_principal = NULL;
+ char *spn = NULL, *cpn = NULL;
+ hdb_entry_ex *server = NULL, *client = NULL;
+ EncTicketPart *tgt = &ticket->ticket;
+ KRB5SignedPathPrincipals *spp = NULL;
+ const EncryptionKey *ekey;
+ krb5_keyblock sessionkey;
+ krb5_kvno kvno;
+ krb5_data rspac;
+ int cross_realm = 0;
+
+ PrincipalName *s;
+ Realm r;
+ int nloop = 0;
+ EncTicketPart adtkt;
+ char opt_str[128];
+ int require_signedpath = 0;
+
+ memset(&sessionkey, 0, sizeof(sessionkey));
+ memset(&adtkt, 0, sizeof(adtkt));
+ krb5_data_zero(&rspac);
+
+ s = b->sname;
+ r = b->realm;
+
+ if(b->kdc_options.enc_tkt_in_skey){
+ Ticket *t;
+ hdb_entry_ex *uu;
+ krb5_principal p;
+ Key *uukey;
+
+ if(b->additional_tickets == NULL ||
+ b->additional_tickets->len == 0){
+ ret = KRB5KDC_ERR_BADOPTION; /* ? */
+ kdc_log(context, config, 0,
+ "No second ticket present in request");
+ goto out;
+ }
+ t = &b->additional_tickets->val[0];
+ if(!get_krbtgt_realm(&t->sname)){
+ kdc_log(context, config, 0,
+ "Additional ticket is not a ticket-granting ticket");
+ ret = KRB5KDC_ERR_POLICY;
+ goto out;
+ }
+ _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
+ ret = _kdc_db_fetch(context, config, p,
+ HDB_F_GET_CLIENT|HDB_F_GET_SERVER,
+ NULL, &uu);
+ krb5_free_principal(context, p);
+ if(ret){
+ if (ret == HDB_ERR_NOENTRY)
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ goto out;
+ }
+ ret = hdb_enctype2key(context, &uu->entry,
+ t->enc_part.etype, &uukey);
+ if(ret){
+ _kdc_free_ent(context, uu);
+ ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
+ goto out;
+ }
+ ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0);
+ _kdc_free_ent(context, uu);
+ if(ret)
+ goto out;
+
+ ret = verify_flags(context, config, &adtkt, spn);
+ if (ret)
+ goto out;
+
+ s = &adtkt.cname;
+ r = adtkt.crealm;
+ }
+
+ _krb5_principalname2krb5_principal(context, &sp, *s, r);
+ ret = krb5_unparse_name(context, sp, &spn);
+ if (ret)
+ goto out;
+ _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm);
+ ret = krb5_unparse_name(context, cp, &cpn);
+ if (ret)
+ goto out;
+ unparse_flags (KDCOptions2int(b->kdc_options),
+ asn1_KDCOptions_units(),
+ opt_str, sizeof(opt_str));
+ if(*opt_str)
+ kdc_log(context, config, 0,
+ "TGS-REQ %s from %s for %s [%s]",
+ cpn, from, spn, opt_str);
+ else
+ kdc_log(context, config, 0,
+ "TGS-REQ %s from %s for %s", cpn, from, spn);
+
+ /*
+ * Fetch server
+ */
+
+server_lookup:
+ ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server);
+
+ if(ret){
+ const char *new_rlm;
+ Realm req_rlm;
+ krb5_realm *realms;
+
+ if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+ if(nloop++ < 2) {
+ new_rlm = find_rpath(context, tgt->crealm, req_rlm);
+ if(new_rlm) {
+ kdc_log(context, config, 5, "krbtgt for realm %s "
+ "not found, trying %s",
+ req_rlm, new_rlm);
+ krb5_free_principal(context, sp);
+ free(spn);
+ krb5_make_principal(context, &sp, r,
+ KRB5_TGS_NAME, new_rlm, NULL);
+ ret = krb5_unparse_name(context, sp, &spn);
+ if (ret)
+ goto out;
+ auth_data = NULL; /* ms don't handle AD in referals */
+ goto server_lookup;
+ }
+ }
+ } else if(need_referral(context, sp, &realms)) {
+ if (strcmp(realms[0], sp->realm) != 0) {
+ kdc_log(context, config, 5,
+ "Returning a referral to realm %s for "
+ "server %s that was not found",
+ realms[0], spn);
+ krb5_free_principal(context, sp);
+ free(spn);
+ krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
+ realms[0], NULL);
+ ret = krb5_unparse_name(context, sp, &spn);
+ if (ret)
+ goto out;
+ krb5_free_host_realm(context, realms);
+ auth_data = NULL; /* ms don't handle AD in referals */
+ goto server_lookup;
+ }
+ krb5_free_host_realm(context, realms);
+ }
+ kdc_log(context, config, 0,
+ "Server not found in database: %s: %s", spn,
+ krb5_get_err_text(context, ret));
+ if (ret == HDB_ERR_NOENTRY)
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ goto out;
+ }
+
+ ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client);
+ if(ret) {
+ const char *krbtgt_realm;
+
+ /*
+ * If the client belongs to the same realm as our krbtgt, it
+ * should exist in the local database.
+ *
+ */
+
+ krbtgt_realm =
+ krb5_principal_get_comp_string(context,
+ krbtgt->entry.principal, 1);
+
+ if(strcmp(krb5_principal_get_realm(context, cp), krbtgt_realm) == 0) {
+ if (ret == HDB_ERR_NOENTRY)
+ ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ kdc_log(context, config, 1, "Client no longer in database: %s",
+ cpn);
+ goto out;
+ }
+
+ kdc_log(context, config, 1, "Client not found in database: %s: %s",
+ cpn, krb5_get_err_text(context, ret));
+
+ cross_realm = 1;
+ }
+
+ /*
+ * Check that service is in the same realm as the krbtgt. If it's
+ * not the same, it's someone that is using a uni-directional trust
+ * backward.
+ */
+
+ if (strcmp(krb5_principal_get_realm(context, sp),
+ krb5_principal_get_comp_string(context,
+ krbtgt->entry.principal,
+ 1)) != 0) {
+ char *tpn;
+ ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn);
+ kdc_log(context, config, 0,
+ "Request with wrong krbtgt: %s",
+ (ret == 0) ? tpn : "<unknown>");
+ if(ret == 0)
+ free(tpn);
+ ret = KRB5KRB_AP_ERR_NOT_US;
+ goto out;
+ }
+
+ /*
+ *
+ */
+
+ client_principal = cp;
+
+ if (client) {
+ const PA_DATA *sdata;
+ int i = 0;
+
+ sdata = _kdc_find_padata(req, &i, KRB5_PADATA_S4U2SELF);
+ if (sdata) {
+ krb5_crypto crypto;
+ krb5_data datack;
+ PA_S4U2Self self;
+ char *selfcpn = NULL;
+ const char *str;
+
+ ret = decode_PA_S4U2Self(sdata->padata_value.data,
+ sdata->padata_value.length,
+ &self, NULL);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to decode PA-S4U2Self");
+ goto out;
+ }
+
+ ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
+ if (ret)
+ goto out;
+
+ ret = krb5_crypto_init(context, &tgt->key, 0, &crypto);
+ if (ret) {
+ free_PA_S4U2Self(&self);
+ krb5_data_free(&datack);
+ kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ ret = krb5_verify_checksum(context,
+ crypto,
+ KRB5_KU_OTHER_CKSUM,
+ datack.data,
+ datack.length,
+ &self.cksum);
+ krb5_data_free(&datack);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free_PA_S4U2Self(&self);
+ kdc_log(context, config, 0,
+ "krb5_verify_checksum failed for S4U2Self: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ ret = _krb5_principalname2krb5_principal(context,
+ &client_principal,
+ self.name,
+ self.realm);
+ free_PA_S4U2Self(&self);
+ if (ret)
+ goto out;
+
+ ret = krb5_unparse_name(context, client_principal, &selfcpn);
+ if (ret)
+ goto out;
+
+ /*
+ * Check that service doing the impersonating is
+ * requesting a ticket to it-self.
+ */
+ if (krb5_principal_compare(context, cp, sp) != TRUE) {
+ kdc_log(context, config, 0, "S4U2Self: %s is not allowed "
+ "to impersonate some other user "
+ "(tried for user %s to service %s)",
+ cpn, selfcpn, spn);
+ free(selfcpn);
+ ret = KRB5KDC_ERR_BADOPTION; /* ? */
+ goto out;
+ }
+
+ /*
+ * If the service isn't trusted for authentication to
+ * delegation, remove the forward flag.
+ */
+
+ if (client->entry.flags.trusted_for_delegation) {
+ str = "[forwardable]";
+ } else {
+ b->kdc_options.forwardable = 0;
+ str = "";
+ }
+ kdc_log(context, config, 0, "s4u2self %s impersonating %s to "
+ "service %s %s", cpn, selfcpn, spn, str);
+ free(selfcpn);
+ }
+ }
+
+ /*
+ * Constrained delegation
+ */
+
+ if (client != NULL
+ && b->additional_tickets != NULL
+ && b->additional_tickets->len != 0
+ && b->kdc_options.enc_tkt_in_skey == 0)
+ {
+ Key *clientkey;
+ Ticket *t;
+ char *str;
+
+ t = &b->additional_tickets->val[0];
+
+ ret = hdb_enctype2key(context, &client->entry,
+ t->enc_part.etype, &clientkey);
+ if(ret){
+ ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
+ goto out;
+ }
+
+ ret = krb5_decrypt_ticket(context, t, &clientkey->key, &adtkt, 0);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "failed to decrypt ticket for "
+ "constrained delegation from %s to %s ", spn, cpn);
+ goto out;
+ }
+
+ /* check that ticket is valid */
+
+ if (adtkt.flags.forwardable == 0) {
+ kdc_log(context, config, 0,
+ "Missing forwardable flag on ticket for "
+ "constrained delegation from %s to %s ", spn, cpn);
+ ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
+ goto out;
+ }
+
+ ret = check_constrained_delegation(context, config, client, sp);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "constrained delegation from %s to %s not allowed",
+ spn, cpn);
+ goto out;
+ }
+
+ ret = _krb5_principalname2krb5_principal(context,
+ &client_principal,
+ adtkt.cname,
+ adtkt.crealm);
+ if (ret)
+ goto out;
+
+ ret = krb5_unparse_name(context, client_principal, &str);
+ if (ret)
+ goto out;
+
+ ret = verify_flags(context, config, &adtkt, str);
+ if (ret) {
+ free(str);
+ goto out;
+ }
+
+ /*
+ * Check KRB5SignedPath in authorization data and add new entry to
+ * make sure servers can't fake a ticket to us.
+ */
+
+ ret = check_KRB5SignedPath(context,
+ config,
+ krbtgt,
+ &adtkt,
+ &spp,
+ 1);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "KRB5SignedPath check from service %s failed "
+ "for delegation to %s for client %s "
+ "from %s failed with %s",
+ spn, str, cpn, from, krb5_get_err_text(context, ret));
+ free(str);
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "constrained delegation for %s "
+ "from %s to %s", str, cpn, spn);
+ free(str);
+
+ /*
+ * Also require that the KDC have issue the service's krbtgt
+ * used to do the request.
+ */
+ require_signedpath = 1;
+ }
+
+ /*
+ * Check flags
+ */
+
+ ret = _kdc_check_flags(context, config,
+ client, cpn,
+ server, spn,
+ FALSE);
+ if(ret)
+ goto out;
+
+ if((b->kdc_options.validate || b->kdc_options.renew) &&
+ !krb5_principal_compare(context,
+ krbtgt->entry.principal,
+ server->entry.principal)){
+ kdc_log(context, config, 0, "Inconsistent request.");
+ ret = KRB5KDC_ERR_SERVER_NOMATCH;
+ goto out;
+ }
+
+ /* check for valid set of addresses */
+ if(!_kdc_check_addresses(context, config, tgt->caddr, from_addr)) {
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ kdc_log(context, config, 0, "Request from wrong address");
+ goto out;
+ }
+
+ /*
+ * Select enctype, return key and kvno.
+ */
+
+ {
+ krb5_enctype etype;
+
+ if(b->kdc_options.enc_tkt_in_skey) {
+ int i;
+ ekey = &adtkt.key;
+ for(i = 0; i < b->etype.len; i++)
+ if (b->etype.val[i] == adtkt.key.keytype)
+ break;
+ if(i == b->etype.len) {
+ krb5_clear_error_string(context);
+ return KRB5KDC_ERR_ETYPE_NOSUPP;
+ }
+ etype = b->etype.val[i];
+ kvno = 0;
+ } else {
+ Key *skey;
+
+ ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len,
+ &skey, &etype);
+ if(ret) {
+ kdc_log(context, config, 0,
+ "Server (%s) has no support for etypes", spp);
+ return ret;
+ }
+ ekey = &skey->key;
+ kvno = server->entry.kvno;
+ }
+
+ ret = krb5_generate_random_keyblock(context, etype, &sessionkey);
+ if (ret)
+ goto out;
+ }
+
+ /* check PAC if not cross realm and if there is one */
+ if (!cross_realm) {
+ Key *tkey;
+
+ ret = hdb_enctype2key(context, &krbtgt->entry,
+ krbtgt_etype, &tkey);
+ if(ret) {
+ kdc_log(context, config, 0,
+ "Failed to find key for krbtgt PAC check");
+ goto out;
+ }
+
+ ret = check_PAC(context, config, client_principal,
+ client, server, ekey, &tkey->key,
+ tgt, &rspac, &require_signedpath);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Verify PAC failed for %s (%s) from %s with %s",
+ spn, cpn, from, krb5_get_err_text(context, ret));
+ goto out;
+ }
+ }
+
+ /* also check the krbtgt for signature */
+ ret = check_KRB5SignedPath(context,
+ config,
+ krbtgt,
+ tgt,
+ &spp,
+ require_signedpath);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "KRB5SignedPath check failed for %s (%s) from %s with %s",
+ spn, cpn, from, krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ /*
+ *
+ */
+
+ ret = tgs_make_reply(context,
+ config,
+ b,
+ client_principal,
+ tgt,
+ ekey,
+ &sessionkey,
+ kvno,
+ auth_data,
+ server,
+ spn,
+ client,
+ cp,
+ krbtgt,
+ krbtgt_etype,
+ spp,
+ &rspac,
+ e_text,
+ reply);
+
+out:
+ free(spn);
+ free(cpn);
+
+ krb5_data_free(&rspac);
+ krb5_free_keyblock_contents(context, &sessionkey);
+ if(server)
+ _kdc_free_ent(context, server);
+ if(client)
+ _kdc_free_ent(context, client);
+
+ if (client_principal && client_principal != cp)
+ krb5_free_principal(context, client_principal);
+ if (cp)
+ krb5_free_principal(context, cp);
+ if (sp)
+ krb5_free_principal(context, sp);
+
+ free_EncTicketPart(&adtkt);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_tgs_rep(krb5_context context,
+ krb5_kdc_configuration *config,
+ KDC_REQ *req,
+ krb5_data *data,
+ const char *from,
+ struct sockaddr *from_addr,
+ int datagram_reply)
+{
+ AuthorizationData *auth_data = NULL;
+ krb5_error_code ret;
+ int i = 0;
+ const PA_DATA *tgs_req;
+
+ hdb_entry_ex *krbtgt = NULL;
+ krb5_ticket *ticket = NULL;
+ const char *e_text = NULL;
+ krb5_enctype krbtgt_etype = ETYPE_NULL;
+
+ time_t *csec = NULL;
+ int *cusec = NULL;
+
+ if(req->padata == NULL){
+ ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
+ kdc_log(context, config, 0,
+ "TGS-REQ from %s without PA-DATA", from);
+ goto out;
+ }
+
+ tgs_req = _kdc_find_padata(req, &i, KRB5_PADATA_TGS_REQ);
+
+ if(tgs_req == NULL){
+ ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+
+ kdc_log(context, config, 0,
+ "TGS-REQ from %s without PA-TGS-REQ", from);
+ goto out;
+ }
+ ret = tgs_parse_request(context, config,
+ &req->req_body, tgs_req,
+ &krbtgt,
+ &krbtgt_etype,
+ &ticket,
+ &e_text,
+ from, from_addr,
+ &csec, &cusec,
+ &auth_data);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Failed parsing TGS-REQ from %s", from);
+ goto out;
+ }
+
+ ret = tgs_build_reply(context,
+ config,
+ req,
+ &req->req_body,
+ krbtgt,
+ krbtgt_etype,
+ ticket,
+ data,
+ from,
+ &e_text,
+ auth_data,
+ from_addr,
+ datagram_reply);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Failed building TGS-REP to %s", from);
+ goto out;
+ }
+
+ /* */
+ if (datagram_reply && data->length > config->max_datagram_reply_length) {
+ krb5_data_free(data);
+ ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
+ e_text = "Reply packet too large";
+ }
+
+out:
+ if(ret && data->data == NULL){
+ krb5_mk_error(context,
+ ret,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ csec,
+ cusec,
+ data);
+ }
+ free(csec);
+ free(cusec);
+ if (ticket)
+ krb5_free_ticket(context, ticket);
+ if(krbtgt)
+ _kdc_free_ent(context, krbtgt);
+
+ if (auth_data) {
+ free_AuthorizationData(auth_data);
+ free(auth_data);
+ }
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/kstash.8
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kstash.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kstash.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+.\" Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kstash.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd April 10, 2007
+.Dt KSTASH 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kstash
+.Nd "store the KDC master password in a file"
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl e Ar string \*(Ba Xo
+.Fl -enctype= Ns Ar string
+.Xc
+.Oc
+.Oo Fl k Ar file \*(Ba Xo
+.Fl -key-file= Ns Ar file
+.Xc
+.Oc
+.Op Fl -convert-file
+.Op Fl -random-key
+.Op Fl -master-key-fd= Ns Ar fd
+.Op Fl -random-key
+.Op Fl h | Fl -help
+.Op Fl -version
+.Ek
+.Sh DESCRIPTION
+.Nm
+reads the Kerberos master key and stores it in a file that will be
+used by the KDC.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl e Ar string ,
+.Fl -enctype= Ns Ar string
+.Xc
+the encryption type to use, defaults to DES3-CBC-SHA1.
+.It Xo
+.Fl k Ar file ,
+.Fl -key-file= Ns Ar file
+.Xc
+the name of the master key file.
+.It Xo
+.Fl -convert-file
+.Xc
+don't ask for a new master key, just read an old master key file, and
+write it back in the new keyfile format.
+.It Xo
+.Fl -random-key
+.Xc
+generate a random master key.
+.It Xo
+.Fl -master-key-fd= Ns Ar fd
+.Xc
+filedescriptor to read passphrase from, if not specified the
+passphrase will be read from the terminal.
+.El
+.\".Sh ENVIRONMENT
+.Sh FILES
+.Pa /var/heimdal/m-key
+is the default keyfile if no other keyfile is specified.
+The format of a Heimdal master key is the same as a keytab, so
+.Nm ktutil
+list can be used to list the content of the file.
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kdc 8
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/kdc/kstash.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kstash.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kstash.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "headers.h"
+
+RCSID("$Id: kstash.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_context context;
+
+static char *keyfile;
+static int convert_flag;
+static int help_flag;
+static int version_flag;
+
+static int master_key_fd = -1;
+static int random_key_flag;
+
+static const char *enctype_str = "des3-cbc-sha1";
+
+static struct getargs args[] = {
+ { "enctype", 'e', arg_string, &enctype_str, "encryption type" },
+ { "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
+ { "convert-file", 0, arg_flag, &convert_flag,
+ "just convert keyfile to new format" },
+ { "master-key-fd", 0, arg_integer, &master_key_fd,
+ "filedescriptor to read passphrase from", "fd" },
+ { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" },
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main(int argc, char **argv)
+{
+ char buf[1024];
+ krb5_error_code ret;
+
+ krb5_enctype enctype;
+
+ hdb_master_key mkey;
+
+ krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ if (master_key_fd != -1 && random_key_flag)
+ krb5_errx(context, 1, "random-key and master-key-fd "
+ "is mutual exclusive");
+
+ if (keyfile == NULL)
+ asprintf(&keyfile, "%s/m-key", hdb_db_dir(context));
+
+ ret = krb5_string_to_enctype(context, enctype_str, &enctype);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_string_to_enctype");
+
+ ret = hdb_read_master_key(context, keyfile, &mkey);
+ if(ret && ret != ENOENT)
+ krb5_err(context, 1, ret, "reading master key from %s", keyfile);
+
+ if (convert_flag) {
+ if (ret)
+ krb5_err(context, 1, ret, "reading master key from %s", keyfile);
+ } else {
+ krb5_keyblock key;
+ krb5_salt salt;
+ salt.salttype = KRB5_PW_SALT;
+ /* XXX better value? */
+ salt.saltvalue.data = NULL;
+ salt.saltvalue.length = 0;
+ if (random_key_flag) {
+ ret = krb5_generate_random_keyblock(context, enctype, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ } else {
+ if(master_key_fd != -1) {
+ ssize_t n;
+ n = read(master_key_fd, buf, sizeof(buf));
+ if(n <= 0)
+ krb5_err(context, 1, errno, "failed to read passphrase");
+ buf[n] = '\0';
+ buf[strcspn(buf, "\r\n")] = '\0';
+
+ } else {
+ if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
+ exit(1);
+ }
+ krb5_string_to_key_salt(context, enctype, buf, salt, &key);
+ }
+ ret = hdb_add_master_key(context, &key, &mkey);
+
+ krb5_free_keyblock_contents(context, &key);
+
+ }
+
+ {
+ char *new, *old;
+ asprintf(&old, "%s.old", keyfile);
+ asprintf(&new, "%s.new", keyfile);
+ if(unlink(new) < 0 && errno != ENOENT) {
+ ret = errno;
+ goto out;
+ }
+ krb5_warnx(context, "writing key to `%s'", keyfile);
+ ret = hdb_write_master_key(context, new, mkey);
+ if(ret)
+ unlink(new);
+ else {
+ unlink(old);
+ if(link(keyfile, old) < 0 && errno != ENOENT) {
+ ret = errno;
+ unlink(new);
+ } else if(rename(new, keyfile) < 0) {
+ ret = errno;
+ }
+ }
+ out:
+ free(old);
+ free(new);
+ if(ret)
+ krb5_warn(context, errno, "writing master key file");
+ }
+
+ hdb_free_master_key(context, mkey);
+
+ exit(ret != 0);
+}
Added: vendor-crypto/heimdal/dist/kdc/kx509.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/kx509.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/kx509.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,460 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+#include <hex.h>
+#include <rfc2459_asn1.h>
+#include <hx509.h>
+
+RCSID("$Id: kx509.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
+{
+ if (len < 4)
+ return -1;
+ if (memcmp("\x00\x00\x02\x00", ptr, 4) != 0)
+ return -1;
+ return decode_Kx509Request(((unsigned char *)ptr) + 4, len - 4, req, size);
+}
+
+/*
+ *
+ */
+
+static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
+
+static krb5_error_code
+verify_req_hash(krb5_context context,
+ const Kx509Request *req,
+ krb5_keyblock *key)
+{
+ unsigned char digest[SHA_DIGEST_LENGTH];
+ HMAC_CTX ctx;
+
+ if (req->pk_hash.length != sizeof(digest)) {
+ krb5_set_error_string(context, "pk-hash have wrong length: %lu",
+ (unsigned long)req->pk_hash.length);
+ return KRB5KDC_ERR_PREAUTH_FAILED;
+ }
+
+ HMAC_CTX_init(&ctx);
+ HMAC_Init_ex(&ctx,
+ key->keyvalue.data, key->keyvalue.length,
+ EVP_sha1(), NULL);
+ if (sizeof(digest) != HMAC_size(&ctx))
+ krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509");
+ HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
+ HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length);
+ HMAC_Final(&ctx, digest, 0);
+ HMAC_CTX_cleanup(&ctx);
+
+ if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
+ krb5_set_error_string(context, "pk-hash is not correct");
+ return KRB5KDC_ERR_PREAUTH_FAILED;
+ }
+ return 0;
+}
+
+static krb5_error_code
+calculate_reply_hash(krb5_context context,
+ krb5_keyblock *key,
+ Kx509Response *rep)
+{
+ HMAC_CTX ctx;
+
+ HMAC_CTX_init(&ctx);
+
+ HMAC_Init_ex(&ctx,
+ key->keyvalue.data, key->keyvalue.length,
+ EVP_sha1(), NULL);
+ rep->hash->length = HMAC_size(&ctx);
+ rep->hash->data = malloc(rep->hash->length);
+ if (rep->hash->data == NULL) {
+ HMAC_CTX_cleanup(&ctx);
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+
+ HMAC_Update(&ctx, version_2_0, sizeof(version_2_0));
+ if (rep->error_code) {
+ int32_t t = *rep->error_code;
+ do {
+ unsigned char p = (t & 0xff);
+ HMAC_Update(&ctx, &p, 1);
+ t >>= 8;
+ } while (t);
+ }
+ if (rep->certificate)
+ HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
+ if (rep->e_text)
+ HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
+
+ HMAC_Final(&ctx, rep->hash->data, 0);
+ HMAC_CTX_cleanup(&ctx);
+
+ return 0;
+}
+
+/*
+ * Build a certifate for `principal\xB4 that will expire at `endtime\xB4.
+ */
+
+static krb5_error_code
+build_certificate(krb5_context context,
+ krb5_kdc_configuration *config,
+ const krb5_data *key,
+ time_t endtime,
+ krb5_principal principal,
+ krb5_data *certificate)
+{
+ hx509_context hxctx = NULL;
+ hx509_ca_tbs tbs = NULL;
+ hx509_env env = NULL;
+ hx509_cert cert = NULL;
+ hx509_cert signer = NULL;
+ int ret;
+
+ if (krb5_principal_get_comp_string(context, principal, 1) != NULL) {
+ kdc_log(context, config, 0, "Principal is not a user");
+ return EINVAL;
+ }
+
+ ret = hx509_context_init(&hxctx);
+ if (ret)
+ goto out;
+
+ ret = hx509_env_init(hxctx, &env);
+ if (ret)
+ goto out;
+
+ ret = hx509_env_add(hxctx, env, "principal-name",
+ krb5_principal_get_comp_string(context, principal, 0));
+ if (ret)
+ goto out;
+
+ {
+ hx509_certs certs;
+ hx509_query *q;
+
+ ret = hx509_certs_init(hxctx, config->kx509_ca, 0,
+ NULL, &certs);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to load CA %s",
+ config->kx509_ca);
+ goto out;
+ }
+ ret = hx509_query_alloc(hxctx, &q);
+ if (ret) {
+ hx509_certs_free(&certs);
+ goto out;
+ }
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN);
+
+ ret = hx509_certs_find(hxctx, certs, q, &signer);
+ hx509_query_free(hxctx, q);
+ hx509_certs_free(&certs);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to find a CA in %s",
+ config->kx509_ca);
+ goto out;
+ }
+ }
+
+ ret = hx509_ca_tbs_init(hxctx, &tbs);
+ if (ret)
+ goto out;
+
+ {
+ SubjectPublicKeyInfo spki;
+ heim_any any;
+
+ memset(&spki, 0, sizeof(spki));
+
+ spki.subjectPublicKey.data = key->data;
+ spki.subjectPublicKey.length = key->length * 8;
+
+ ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(),
+ &spki.algorithm.algorithm);
+
+ any.data = "\x05\x00";
+ any.length = 2;
+ spki.algorithm.parameters = &any;
+
+ ret = hx509_ca_tbs_set_spki(hxctx, tbs, &spki);
+ der_free_oid(&spki.algorithm.algorithm);
+ if (ret)
+ goto out;
+ }
+
+ {
+ hx509_certs certs;
+ hx509_cert template;
+
+ ret = hx509_certs_init(hxctx, config->kx509_template, 0,
+ NULL, &certs);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to load template %s",
+ config->kx509_template);
+ goto out;
+ }
+ ret = hx509_get_one_cert(hxctx, certs, &template);
+ hx509_certs_free(&certs);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to find template in %s",
+ config->kx509_template);
+ goto out;
+ }
+ ret = hx509_ca_tbs_set_template(hxctx, tbs,
+ HX509_CA_TEMPLATE_SUBJECT|
+ HX509_CA_TEMPLATE_KU|
+ HX509_CA_TEMPLATE_EKU,
+ template);
+ hx509_cert_free(template);
+ if (ret)
+ goto out;
+ }
+
+ hx509_ca_tbs_set_notAfter(hxctx, tbs, endtime);
+
+ hx509_ca_tbs_subject_expand(hxctx, tbs, env);
+ hx509_env_free(&env);
+
+ ret = hx509_ca_sign(hxctx, tbs, signer, &cert);
+ hx509_cert_free(signer);
+ if (ret)
+ goto out;
+
+ hx509_ca_tbs_free(&tbs);
+
+ ret = hx509_cert_binary(hxctx, cert, certificate);
+ hx509_cert_free(cert);
+ if (ret)
+ goto out;
+
+ hx509_context_free(&hxctx);
+
+ return 0;
+out:
+ if (env)
+ hx509_env_free(&env);
+ if (tbs)
+ hx509_ca_tbs_free(&tbs);
+ if (signer)
+ hx509_cert_free(signer);
+ if (hxctx)
+ hx509_context_free(&hxctx);
+ krb5_set_error_string(context, "cert creation failed");
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_do_kx509(krb5_context context,
+ krb5_kdc_configuration *config,
+ const Kx509Request *req, krb5_data *reply,
+ const char *from, struct sockaddr *addr)
+{
+ krb5_error_code ret;
+ krb5_ticket *ticket = NULL;
+ krb5_flags ap_req_options;
+ krb5_auth_context ac = NULL;
+ krb5_keytab id = NULL;
+ krb5_principal sprincipal = NULL, cprincipal = NULL;
+ char *cname = NULL;
+ Kx509Response rep;
+ size_t size;
+ krb5_keyblock *key = NULL;
+
+ krb5_data_zero(reply);
+ memset(&rep, 0, sizeof(rep));
+
+ if(!config->enable_kx509) {
+ kdc_log(context, config, 0,
+ "Rejected kx509 request (disabled) from %s", from);
+ return KRB5KDC_ERR_POLICY;
+ }
+
+ kdc_log(context, config, 0, "Kx509 request from %s", from);
+
+ ret = krb5_kt_resolve(context, "HDB:", &id);
+ if (ret) {
+ kdc_log(context, config, 0, "Can't open database for digest");
+ goto out;
+ }
+
+ ret = krb5_rd_req(context,
+ &ac,
+ &req->authenticator,
+ NULL,
+ id,
+ &ap_req_options,
+ &ticket);
+ if (ret)
+ goto out;
+
+ ret = krb5_ticket_get_client(context, ticket, &cprincipal);
+ if (ret)
+ goto out;
+
+ ret = krb5_unparse_name(context, cprincipal, &cname);
+ if (ret)
+ goto out;
+
+ /* verify server principal */
+
+ ret = krb5_sname_to_principal(context, NULL, "kca_service",
+ KRB5_NT_UNKNOWN, &sprincipal);
+ if (ret)
+ goto out;
+
+ {
+ krb5_principal principal = NULL;
+
+ ret = krb5_ticket_get_server(context, ticket, &principal);
+ if (ret)
+ goto out;
+
+ ret = krb5_principal_compare(context, sprincipal, principal);
+ krb5_free_principal(context, principal);
+ if (ret != TRUE) {
+ ret = KRB5KDC_ERR_SERVER_NOMATCH;
+ krb5_set_error_string(context,
+ "User %s used wrong Kx509 service principal",
+ cname);
+ goto out;
+ }
+ }
+
+ ret = krb5_auth_con_getkey(context, ac, &key);
+ if (ret || key == NULL) {
+ krb5_set_error_string(context, "Kx509 can't get session key");
+ goto out;
+ }
+
+ ret = verify_req_hash(context, req, key);
+ if (ret)
+ goto out;
+
+ /* Verify that the key is encoded RSA key */
+ {
+ RSAPublicKey key;
+ size_t size;
+
+ ret = decode_RSAPublicKey(req->pk_key.data, req->pk_key.length,
+ &key, &size);
+ if (ret)
+ goto out;
+ free_RSAPublicKey(&key);
+ if (size != req->pk_key.length)
+ ;
+ }
+
+ ALLOC(rep.certificate);
+ if (rep.certificate == NULL)
+ goto out;
+ krb5_data_zero(rep.certificate);
+ ALLOC(rep.hash);
+ if (rep.hash == NULL)
+ goto out;
+ krb5_data_zero(rep.hash);
+
+ ret = build_certificate(context, config, &req->pk_key,
+ krb5_ticket_get_endtime(context, ticket),
+ cprincipal, rep.certificate);
+ if (ret)
+ goto out;
+
+ ret = calculate_reply_hash(context, key, &rep);
+ if (ret)
+ goto out;
+
+ /*
+ * Encode reply, [ version | Kx509Response ]
+ */
+
+ {
+ krb5_data data;
+
+ ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
+ &size, ret);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to encode kx509 reply");
+ goto out;
+ }
+ if (size != data.length)
+ krb5_abortx(context, "ASN1 internal error");
+
+ ret = krb5_data_alloc(reply, data.length + sizeof(version_2_0));
+ if (ret) {
+ free(data.data);
+ goto out;
+ }
+ memcpy(reply->data, version_2_0, sizeof(version_2_0));
+ memcpy(((unsigned char *)reply->data) + sizeof(version_2_0),
+ data.data, data.length);
+ free(data.data);
+ }
+
+ kdc_log(context, config, 0, "Successful Kx509 request for %s", cname);
+
+out:
+ if (ac)
+ krb5_auth_con_free(context, ac);
+ if (ret)
+ krb5_warn(context, ret, "Kx509 request from %s failed", from);
+ if (ticket)
+ krb5_free_ticket(context, ticket);
+ if (id)
+ krb5_kt_close(context, id);
+ if (sprincipal)
+ krb5_free_principal(context, sprincipal);
+ if (cprincipal)
+ krb5_free_principal(context, cprincipal);
+ if (key)
+ krb5_free_keyblock (context, key);
+ if (cname)
+ free(cname);
+ free_Kx509Response(&rep);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/log.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/log.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/log.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+RCSID("$Id: log.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+void
+kdc_openlog(krb5_context context,
+ krb5_kdc_configuration *config)
+{
+ char **s = NULL, **p;
+ krb5_initlog(context, "kdc", &config->logf);
+ s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL);
+ if(s == NULL)
+ s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL);
+ if(s){
+ for(p = s; *p; p++)
+ krb5_addlog_dest(context, config->logf, *p);
+ krb5_config_free_strings(s);
+ }else {
+ char *s;
+ asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE);
+ krb5_addlog_dest(context, config->logf, s);
+ free(s);
+ }
+ krb5_set_warn_dest(context, config->logf);
+}
+
+char*
+kdc_log_msg_va(krb5_context context,
+ krb5_kdc_configuration *config,
+ int level, const char *fmt, va_list ap)
+{
+ char *msg;
+ krb5_vlog_msg(context, config->logf, &msg, level, fmt, ap);
+ return msg;
+}
+
+char*
+kdc_log_msg(krb5_context context,
+ krb5_kdc_configuration *config,
+ int level, const char *fmt, ...)
+{
+ va_list ap;
+ char *s;
+ va_start(ap, fmt);
+ s = kdc_log_msg_va(context, config, level, fmt, ap);
+ va_end(ap);
+ return s;
+}
+
+void
+kdc_log(krb5_context context,
+ krb5_kdc_configuration *config,
+ int level, const char *fmt, ...)
+{
+ va_list ap;
+ char *s;
+ va_start(ap, fmt);
+ s = kdc_log_msg_va(context, config, level, fmt, ap);
+ if(s) free(s);
+ va_end(ap);
+}
Added: vendor-crypto/heimdal/dist/kdc/main.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/main.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/main.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+RCSID("$Id: main.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+sig_atomic_t exit_flag = 0;
+
+int detach_from_console = -1;
+
+static RETSIGTYPE
+sigterm(int sig)
+{
+ exit_flag = sig;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_kdc_configuration *config;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret == KRB5_CONFIG_BADFORMAT)
+ errx (1, "krb5_init_context failed to parse configuration file");
+ else if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if (ret)
+ errx (1, "krb5_kt_register(HDB) failed: %d", ret);
+
+ config = configure(context, argc, argv);
+
+#ifdef HAVE_SIGACTION
+ {
+ struct sigaction sa;
+
+ sa.sa_flags = 0;
+ sa.sa_handler = sigterm;
+ sigemptyset(&sa.sa_mask);
+
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+ sigaction(SIGXCPU, &sa, NULL);
+
+ sa.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &sa, NULL);
+ }
+#else
+ signal(SIGINT, sigterm);
+ signal(SIGTERM, sigterm);
+ signal(SIGXCPU, sigterm);
+ signal(SIGPIPE, SIG_IGN);
+#endif
+ if (detach_from_console)
+ daemon(0, 0);
+ pidfile(NULL);
+ loop(context, config);
+ krb5_free_context(context);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/misc.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/misc.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/misc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: misc.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct timeval _kdc_now;
+
+krb5_error_code
+_kdc_db_fetch(krb5_context context,
+ krb5_kdc_configuration *config,
+ krb5_const_principal principal,
+ unsigned flags,
+ HDB **db,
+ hdb_entry_ex **h)
+{
+ hdb_entry_ex *ent;
+ krb5_error_code ret;
+ int i;
+
+ ent = calloc (1, sizeof (*ent));
+ if (ent == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+
+ for(i = 0; i < config->num_db; i++) {
+ ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to open database: %s",
+ krb5_get_err_text(context, ret));
+ continue;
+ }
+ ret = config->db[i]->hdb_fetch(context,
+ config->db[i],
+ principal,
+ flags | HDB_F_DECRYPT,
+ ent);
+ config->db[i]->hdb_close(context, config->db[i]);
+ if(ret == 0) {
+ if (db)
+ *db = config->db[i];
+ *h = ent;
+ return 0;
+ }
+ }
+ free(ent);
+ krb5_set_error_string(context, "no such entry found in hdb");
+ return HDB_ERR_NOENTRY;
+}
+
+void
+_kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
+{
+ hdb_free_entry (context, ent);
+ free (ent);
+}
+
+/*
+ * Use the order list of preferred encryption types and sort the
+ * available keys and return the most preferred key.
+ */
+
+krb5_error_code
+_kdc_get_preferred_key(krb5_context context,
+ krb5_kdc_configuration *config,
+ hdb_entry_ex *h,
+ const char *name,
+ krb5_enctype *enctype,
+ Key **key)
+{
+ const krb5_enctype *p;
+ krb5_error_code ret;
+ int i;
+
+ p = krb5_kerberos_enctypes(context);
+
+ for (i = 0; p[i] != ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
+ continue;
+ ret = hdb_enctype2key(context, &h->entry, p[i], key);
+ if (ret == 0) {
+ *enctype = p[i];
+ return 0;
+ }
+ }
+
+ krb5_set_error_string(context, "No valid kerberos key found for %s", name);
+ return EINVAL;
+}
+
Added: vendor-crypto/heimdal/dist/kdc/mit_dump.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/mit_dump.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/mit_dump.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,373 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hprop.h"
+
+RCSID("$Id: mit_dump.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+can have any number of princ stanzas.
+format is as follows (only \n indicates newlines)
+princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38)
+%d\t (strlen of principal e.g. shadow/foo at ANDREW.CMU.EDU)
+%d\t (number of tl_data)
+%d\t (number of key data, e.g. how many keys for this user)
+%d\t (extra data length)
+%s\t (principal name)
+%d\t (attributes)
+%d\t (max lifetime, seconds)
+%d\t (max renewable life, seconds)
+%d\t (expiration, seconds since epoch or 2145830400 for never)
+%d\t (password expiration, seconds, 0 for never)
+%d\t (last successful auth, seconds since epoch)
+%d\t (last failed auth, per above)
+%d\t (failed auth count)
+foreach tl_data 0 to number of tl_data - 1 as above
+ %d\t%d\t (data type, data length)
+ foreach tl_data 0 to length-1
+ %02x (tl data contents[element n])
+ except if tl_data length is 0
+ %d (always -1)
+ \t
+foreach key 0 to number of keys - 1 as above
+ %d\t%d\t (key data version, kvno)
+ foreach version 0 to key data version - 1 (a key or a salt)
+ %d\t%d\t(data type for this key, data length for this key)
+ foreach key data length 0 to length-1
+ %02x (key data contents[element n])
+ except if key_data length is 0
+ %d (always -1)
+ \t
+foreach extra data length 0 to length - 1
+ %02x (extra data part)
+unless no extra data
+ %d (always -1)
+;\n
+
+*/
+
+static int
+hex_to_octet_string(const char *ptr, krb5_data *data)
+{
+ int i;
+ unsigned int v;
+ for(i = 0; i < data->length; i++) {
+ if(sscanf(ptr + 2 * i, "%02x", &v) != 1)
+ return -1;
+ ((unsigned char*)data->data)[i] = v;
+ }
+ return 2 * i;
+}
+
+static char *
+nexttoken(char **p)
+{
+ char *q;
+ do {
+ q = strsep(p, " \t");
+ } while(q && *q == '\0');
+ return q;
+}
+
+static size_t
+getdata(char **p, unsigned char *buf, size_t len)
+{
+ size_t i;
+ int v;
+ char *q = nexttoken(p);
+ i = 0;
+ while(*q && i < len) {
+ if(sscanf(q, "%02x", &v) != 1)
+ break;
+ buf[i++] = v;
+ q += 2;
+ }
+ return i;
+}
+
+static int
+getint(char **p)
+{
+ int val;
+ char *q = nexttoken(p);
+ sscanf(q, "%d", &val);
+ return val;
+}
+
+#include <kadm5/admin.h>
+
+static void
+attr_to_flags(unsigned attr, HDBFlags *flags)
+{
+ flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
+ flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
+ flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
+ flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
+ flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
+ /* DUP_SKEY */
+ flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
+ flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
+ /* HW_AUTH */
+ flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
+ flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
+ flags->client = 1; /* XXX */
+}
+
+#define KRB5_KDB_SALTTYPE_NORMAL 0
+#define KRB5_KDB_SALTTYPE_V4 1
+#define KRB5_KDB_SALTTYPE_NOREALM 2
+#define KRB5_KDB_SALTTYPE_ONLYREALM 3
+#define KRB5_KDB_SALTTYPE_SPECIAL 4
+#define KRB5_KDB_SALTTYPE_AFS3 5
+
+static krb5_error_code
+fix_salt(krb5_context context, hdb_entry *ent, int key_num)
+{
+ krb5_error_code ret;
+ Salt *salt = ent->keys.val[key_num].salt;
+ /* fix salt type */
+ switch((int)salt->type) {
+ case KRB5_KDB_SALTTYPE_NORMAL:
+ salt->type = KRB5_PADATA_PW_SALT;
+ break;
+ case KRB5_KDB_SALTTYPE_V4:
+ krb5_data_free(&salt->salt);
+ salt->type = KRB5_PADATA_PW_SALT;
+ break;
+ case KRB5_KDB_SALTTYPE_NOREALM:
+ {
+ size_t len;
+ int i;
+ char *p;
+
+ len = 0;
+ for (i = 0; i < ent->principal->name.name_string.len; ++i)
+ len += strlen(ent->principal->name.name_string.val[i]);
+ ret = krb5_data_alloc (&salt->salt, len);
+ if (ret)
+ return ret;
+ p = salt->salt.data;
+ for (i = 0; i < ent->principal->name.name_string.len; ++i) {
+ memcpy (p,
+ ent->principal->name.name_string.val[i],
+ strlen(ent->principal->name.name_string.val[i]));
+ p += strlen(ent->principal->name.name_string.val[i]);
+ }
+
+ salt->type = KRB5_PADATA_PW_SALT;
+ break;
+ }
+ case KRB5_KDB_SALTTYPE_ONLYREALM:
+ krb5_data_free(&salt->salt);
+ ret = krb5_data_copy(&salt->salt,
+ ent->principal->realm,
+ strlen(ent->principal->realm));
+ if(ret)
+ return ret;
+ salt->type = KRB5_PADATA_PW_SALT;
+ break;
+ case KRB5_KDB_SALTTYPE_SPECIAL:
+ salt->type = KRB5_PADATA_PW_SALT;
+ break;
+ case KRB5_KDB_SALTTYPE_AFS3:
+ krb5_data_free(&salt->salt);
+ ret = krb5_data_copy(&salt->salt,
+ ent->principal->realm,
+ strlen(ent->principal->realm));
+ if(ret)
+ return ret;
+ salt->type = KRB5_PADATA_AFS3_SALT;
+ break;
+ default:
+ abort();
+ }
+ return 0;
+}
+
+int
+mit_prop_dump(void *arg, const char *file)
+{
+ krb5_error_code ret;
+ char line [2048];
+ FILE *f;
+ int lineno = 0;
+ struct hdb_entry_ex ent;
+
+ struct prop_data *pd = arg;
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return errno;
+
+ while(fgets(line, sizeof(line), f)) {
+ char *p = line, *q;
+
+ int i;
+
+ int num_tl_data;
+ int num_key_data;
+ int extra_data_length;
+ int attributes;
+
+ int tmp;
+
+ lineno++;
+
+ memset(&ent, 0, sizeof(ent));
+
+ q = nexttoken(&p);
+ if(strcmp(q, "kdb5_util") == 0) {
+ int major;
+ q = nexttoken(&p); /* load_dump */
+ if(strcmp(q, "load_dump"))
+ errx(1, "line %d: unknown version", lineno);
+ q = nexttoken(&p); /* load_dump */
+ if(strcmp(q, "version"))
+ errx(1, "line %d: unknown version", lineno);
+ q = nexttoken(&p); /* x.0 */
+ if(sscanf(q, "%d", &major) != 1)
+ errx(1, "line %d: unknown version", lineno);
+ if(major != 4)
+ errx(1, "unknown dump file format, got %d, expected 4", major);
+ continue;
+ } else if(strcmp(q, "princ") != 0) {
+ warnx("line %d: not a principal", lineno);
+ continue;
+ }
+ tmp = getint(&p);
+ if(tmp != 38) {
+ warnx("line %d: bad base length %d != 38", lineno, tmp);
+ continue;
+ }
+ q = nexttoken(&p); /* length of principal */
+ num_tl_data = getint(&p); /* number of tl-data */
+ num_key_data = getint(&p); /* number of key-data */
+ extra_data_length = getint(&p); /* length of extra data */
+ q = nexttoken(&p); /* principal name */
+ krb5_parse_name(pd->context, q, &ent.entry.principal);
+ attributes = getint(&p); /* attributes */
+ attr_to_flags(attributes, &ent.entry.flags);
+ tmp = getint(&p); /* max life */
+ if(tmp != 0) {
+ ALLOC(ent.entry.max_life);
+ *ent.entry.max_life = tmp;
+ }
+ tmp = getint(&p); /* max renewable life */
+ if(tmp != 0) {
+ ALLOC(ent.entry.max_renew);
+ *ent.entry.max_renew = tmp;
+ }
+ tmp = getint(&p); /* expiration */
+ if(tmp != 0 && tmp != 2145830400) {
+ ALLOC(ent.entry.valid_end);
+ *ent.entry.valid_end = tmp;
+ }
+ tmp = getint(&p); /* pw expiration */
+ if(tmp != 0) {
+ ALLOC(ent.entry.pw_end);
+ *ent.entry.pw_end = tmp;
+ }
+ q = nexttoken(&p); /* last auth */
+ q = nexttoken(&p); /* last failed auth */
+ q = nexttoken(&p); /* fail auth count */
+ for(i = 0; i < num_tl_data; i++) {
+ unsigned long val;
+ int tl_type, tl_length;
+ unsigned char *buf;
+ krb5_principal princ;
+
+ tl_type = getint(&p); /* data type */
+ tl_length = getint(&p); /* data length */
+
+#define mit_KRB5_TL_LAST_PWD_CHANGE 1
+#define mit_KRB5_TL_MOD_PRINC 2
+ switch(tl_type) {
+ case mit_KRB5_TL_MOD_PRINC:
+ buf = malloc(tl_length);
+ if (buf == NULL)
+ errx(ENOMEM, "malloc");
+ getdata(&p, buf, tl_length); /* data itself */
+ val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
+ ret = krb5_parse_name(pd->context, (char *)buf + 4, &princ);
+ free(buf);
+ ALLOC(ent.entry.modified_by);
+ ent.entry.modified_by->time = val;
+ ent.entry.modified_by->principal = princ;
+ break;
+ default:
+ nexttoken(&p);
+ break;
+ }
+ }
+ ALLOC_SEQ(&ent.entry.keys, num_key_data);
+ for(i = 0; i < num_key_data; i++) {
+ int key_versions;
+ key_versions = getint(&p); /* key data version */
+ ent.entry.kvno = getint(&p); /* XXX kvno */
+
+ ALLOC(ent.entry.keys.val[i].mkvno);
+ *ent.entry.keys.val[i].mkvno = 0;
+
+ /* key version 0 -- actual key */
+ ent.entry.keys.val[i].key.keytype = getint(&p); /* key type */
+ tmp = getint(&p); /* key length */
+ /* the first two bytes of the key is the key length --
+ skip it */
+ krb5_data_alloc(&ent.entry.keys.val[i].key.keyvalue, tmp - 2);
+ q = nexttoken(&p); /* key itself */
+ hex_to_octet_string(q + 4, &ent.entry.keys.val[i].key.keyvalue);
+
+ if(key_versions > 1) {
+ /* key version 1 -- optional salt */
+ ALLOC(ent.entry.keys.val[i].salt);
+ ent.entry.keys.val[i].salt->type = getint(&p); /* salt type */
+ tmp = getint(&p); /* salt length */
+ if(tmp > 0) {
+ krb5_data_alloc(&ent.entry.keys.val[i].salt->salt, tmp - 2);
+ q = nexttoken(&p); /* salt itself */
+ hex_to_octet_string(q + 4,
+ &ent.entry.keys.val[i].salt->salt);
+ } else {
+ ent.entry.keys.val[i].salt->salt.length = 0;
+ ent.entry.keys.val[i].salt->salt.data = NULL;
+ tmp = getint(&p); /* -1, if no data. */
+ }
+ fix_salt(pd->context, &ent.entry, i);
+ }
+ }
+ q = nexttoken(&p); /* extra data */
+ v5_prop(pd->context, NULL, &ent, arg);
+ }
+ fclose(f);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/pkinit.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/pkinit.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/pkinit.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1673 @@
+/*
+ * Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: pkinit.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+#ifdef PKINIT
+
+#include <heim_asn1.h>
+#include <rfc2459_asn1.h>
+#include <cms_asn1.h>
+#include <pkinit_asn1.h>
+
+#include <hx509.h>
+#include "crypto-headers.h"
+
+/* XXX copied from lib/krb5/pkinit.c */
+struct krb5_pk_identity {
+ hx509_context hx509ctx;
+ hx509_verify_ctx verify_ctx;
+ hx509_certs certs;
+ hx509_certs anchors;
+ hx509_certs certpool;
+ hx509_revoke_ctx revoke;
+};
+
+enum pkinit_type {
+ PKINIT_COMPAT_WIN2K = 1,
+ PKINIT_COMPAT_27 = 3
+};
+
+struct pk_client_params {
+ enum pkinit_type type;
+ BIGNUM *dh_public_key;
+ hx509_cert cert;
+ unsigned nonce;
+ DH *dh;
+ EncryptionKey reply_key;
+ char *dh_group_name;
+ hx509_peer_info peer;
+ hx509_certs client_anchors;
+};
+
+struct pk_principal_mapping {
+ unsigned int len;
+ struct pk_allowed_princ {
+ krb5_principal principal;
+ char *subject;
+ } *val;
+};
+
+static struct krb5_pk_identity *kdc_identity;
+static struct pk_principal_mapping principal_mappings;
+static struct krb5_dh_moduli **moduli;
+
+static struct {
+ krb5_data data;
+ time_t expire;
+ time_t next_update;
+} ocsp;
+
+/*
+ *
+ */
+
+static krb5_error_code
+pk_check_pkauthenticator_win2k(krb5_context context,
+ PKAuthenticator_Win2k *a,
+ const KDC_REQ *req)
+{
+ krb5_timestamp now;
+
+ krb5_timeofday (context, &now);
+
+ /* XXX cusec */
+ if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
+ krb5_clear_error_string(context);
+ return KRB5KRB_AP_ERR_SKEW;
+ }
+ return 0;
+}
+
+static krb5_error_code
+pk_check_pkauthenticator(krb5_context context,
+ PKAuthenticator *a,
+ const KDC_REQ *req)
+{
+ u_char *buf = NULL;
+ size_t buf_size;
+ krb5_error_code ret;
+ size_t len;
+ krb5_timestamp now;
+ Checksum checksum;
+
+ krb5_timeofday (context, &now);
+
+ /* XXX cusec */
+ if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) {
+ krb5_clear_error_string(context);
+ return KRB5KRB_AP_ERR_SKEW;
+ }
+
+ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ if (buf_size != len)
+ krb5_abortx(context, "Internal error in ASN.1 encoder");
+
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_SHA1,
+ buf,
+ len,
+ &checksum);
+ free(buf);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ if (a->paChecksum == NULL) {
+ krb5_clear_error_string(context);
+ ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
+ goto out;
+ }
+
+ if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
+ krb5_clear_error_string(context);
+ ret = KRB5KRB_ERR_GENERIC;
+ }
+
+out:
+ free_Checksum(&checksum);
+
+ return ret;
+}
+
+void
+_kdc_pk_free_client_param(krb5_context context,
+ pk_client_params *client_params)
+{
+ if (client_params->cert)
+ hx509_cert_free(client_params->cert);
+ if (client_params->dh)
+ DH_free(client_params->dh);
+ if (client_params->dh_public_key)
+ BN_free(client_params->dh_public_key);
+ krb5_free_keyblock_contents(context, &client_params->reply_key);
+ if (client_params->dh_group_name)
+ free(client_params->dh_group_name);
+ if (client_params->peer)
+ hx509_peer_info_free(client_params->peer);
+ if (client_params->client_anchors)
+ hx509_certs_free(&client_params->client_anchors);
+ memset(client_params, 0, sizeof(*client_params));
+ free(client_params);
+}
+
+static krb5_error_code
+generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
+ krb5_enctype enctype, krb5_keyblock *reply_key)
+{
+ unsigned char *dh_gen_key = NULL;
+ krb5_keyblock key;
+ krb5_error_code ret;
+ size_t dh_gen_keylen, size;
+
+ memset(&key, 0, sizeof(key));
+
+ if (!DH_generate_key(client_params->dh)) {
+ krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ if (client_params->dh_public_key == NULL) {
+ krb5_set_error_string(context, "dh_public_key");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ dh_gen_keylen = DH_size(client_params->dh);
+ size = BN_num_bytes(client_params->dh->p);
+ if (size < dh_gen_keylen)
+ size = dh_gen_keylen;
+
+ dh_gen_key = malloc(size);
+ if (dh_gen_key == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ memset(dh_gen_key, 0, size - dh_gen_keylen);
+
+ dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
+ client_params->dh_public_key,
+ client_params->dh);
+ if (dh_gen_keylen == -1) {
+ krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ ret = _krb5_pk_octetstring2key(context,
+ enctype,
+ dh_gen_key, dh_gen_keylen,
+ NULL, NULL,
+ reply_key);
+
+ out:
+ if (dh_gen_key)
+ free(dh_gen_key);
+ if (key.keyvalue.data)
+ krb5_free_keyblock_contents(context, &key);
+
+ return ret;
+}
+
+static BIGNUM *
+integer_to_BN(krb5_context context, const char *field, heim_integer *f)
+{
+ BIGNUM *bn;
+
+ bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
+ if (bn == NULL) {
+ krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
+ return NULL;
+ }
+ BN_set_negative(bn, f->negative);
+ return bn;
+}
+
+static krb5_error_code
+get_dh_param(krb5_context context,
+ krb5_kdc_configuration *config,
+ SubjectPublicKeyInfo *dh_key_info,
+ pk_client_params *client_params)
+{
+ DomainParameters dhparam;
+ DH *dh = NULL;
+ krb5_error_code ret;
+
+ memset(&dhparam, 0, sizeof(dhparam));
+
+ if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
+ krb5_set_error_string(context,
+ "PKINIT invalid oid in clientPublicValue");
+ return KRB5_BADMSGTYPE;
+ }
+
+ if (dh_key_info->algorithm.parameters == NULL) {
+ krb5_set_error_string(context, "PKINIT missing algorithm parameter "
+ "in clientPublicValue");
+ return KRB5_BADMSGTYPE;
+ }
+
+ ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data,
+ dh_key_info->algorithm.parameters->length,
+ &dhparam,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Can't decode algorithm "
+ "parameters in clientPublicValue");
+ goto out;
+ }
+
+ if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
+ ret = KRB5_BADMSGTYPE;
+ krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
+ "to 8 bit boundary");
+ goto out;
+ }
+
+
+ ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
+ &dhparam.p, &dhparam.g, &dhparam.q, moduli,
+ &client_params->dh_group_name);
+ if (ret) {
+ /* XXX send back proposal of better group */
+ goto out;
+ }
+
+ dh = DH_new();
+ if (dh == NULL) {
+ krb5_set_error_string(context, "Cannot create DH structure");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = KRB5_BADMSGTYPE;
+ dh->p = integer_to_BN(context, "DH prime", &dhparam.p);
+ if (dh->p == NULL)
+ goto out;
+ dh->g = integer_to_BN(context, "DH base", &dhparam.g);
+ if (dh->g == NULL)
+ goto out;
+ dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
+ if (dh->g == NULL)
+ goto out;
+
+ {
+ heim_integer glue;
+ size_t size;
+
+ ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data,
+ dh_key_info->subjectPublicKey.length / 8,
+ &glue,
+ &size);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ client_params->dh_public_key = integer_to_BN(context,
+ "subjectPublicKey",
+ &glue);
+ der_free_heim_integer(&glue);
+ if (client_params->dh_public_key == NULL)
+ goto out;
+ }
+
+ client_params->dh = dh;
+ dh = NULL;
+ ret = 0;
+
+ out:
+ if (dh)
+ DH_free(dh);
+ free_DomainParameters(&dhparam);
+ return ret;
+}
+
+krb5_error_code
+_kdc_pk_rd_padata(krb5_context context,
+ krb5_kdc_configuration *config,
+ const KDC_REQ *req,
+ const PA_DATA *pa,
+ pk_client_params **ret_params)
+{
+ pk_client_params *client_params;
+ krb5_error_code ret;
+ heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
+ krb5_data eContent = { 0, NULL };
+ krb5_data signed_content = { 0, NULL };
+ const char *type = "unknown type";
+ int have_data = 0;
+
+ *ret_params = NULL;
+
+ if (!config->enable_pkinit) {
+ kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled");
+ krb5_clear_error_string(context);
+ return 0;
+ }
+
+ hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec);
+
+ client_params = calloc(1, sizeof(*client_params));
+ if (client_params == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
+ PA_PK_AS_REQ_Win2k r;
+
+ type = "PK-INIT-Win2k";
+
+ ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
+ pa->padata_value.length,
+ &r,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Can't decode "
+ "PK-AS-REQ-Win2k: %d", ret);
+ goto out;
+ }
+
+ ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
+ &contentInfoOid,
+ &signed_content,
+ &have_data);
+ free_PA_PK_AS_REQ_Win2k(&r);
+ if (ret) {
+ krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
+ goto out;
+ }
+
+ } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
+ PA_PK_AS_REQ r;
+
+ type = "PK-INIT-IETF";
+
+ ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
+ pa->padata_value.length,
+ &r,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
+ goto out;
+ }
+
+ /* XXX look at r.kdcPkId */
+ if (r.trustedCertifiers) {
+ ExternalPrincipalIdentifiers *edi = r.trustedCertifiers;
+ unsigned int i;
+
+ ret = hx509_certs_init(kdc_identity->hx509ctx,
+ "MEMORY:client-anchors",
+ 0, NULL,
+ &client_params->client_anchors);
+ if (ret) {
+ krb5_set_error_string(context, "Can't allocate client anchors: %d", ret);
+ goto out;
+
+ }
+ for (i = 0; i < edi->len; i++) {
+ IssuerAndSerialNumber iasn;
+ hx509_query *q;
+ hx509_cert cert;
+ size_t size;
+
+ if (edi->val[i].issuerAndSerialNumber == NULL)
+ continue;
+
+ ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
+ if (ret) {
+ krb5_set_error_string(context,
+ "Failed to allocate hx509_query");
+ goto out;
+ }
+
+ ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data,
+ edi->val[i].issuerAndSerialNumber->length,
+ &iasn,
+ &size);
+ if (ret) {
+ hx509_query_free(kdc_identity->hx509ctx, q);
+ continue;
+ }
+ ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber);
+ free_IssuerAndSerialNumber(&iasn);
+ if (ret)
+ continue;
+
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
+ &cert);
+ hx509_query_free(kdc_identity->hx509ctx, q);
+ if (ret)
+ continue;
+ hx509_certs_add(kdc_identity->hx509ctx,
+ client_params->client_anchors, cert);
+ hx509_cert_free(cert);
+ }
+ }
+
+ ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
+ &contentInfoOid,
+ &signed_content,
+ &have_data);
+ free_PA_PK_AS_REQ(&r);
+ if (ret) {
+ krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
+ goto out;
+ }
+
+ } else {
+ krb5_clear_error_string(context);
+ ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+ goto out;
+ }
+
+ ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
+ if (ret != 0) {
+ krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
+ "type oid");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ if (!have_data) {
+ krb5_set_error_string(context,
+ "PK-AS-REQ-Win2k no signed auth pack");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ {
+ hx509_certs signer_certs;
+
+ ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
+ kdc_identity->verify_ctx,
+ signed_content.data,
+ signed_content.length,
+ NULL,
+ kdc_identity->certpool,
+ &eContentType,
+ &eContent,
+ &signer_certs);
+ if (ret) {
+ char *s = hx509_get_error_string(kdc_identity->hx509ctx, ret);
+ krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d",
+ s, ret);
+ free(s);
+ goto out;
+ }
+
+ ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
+ &client_params->cert);
+ hx509_certs_free(&signer_certs);
+ if (ret)
+ goto out;
+ }
+
+ /* Signature is correct, now verify the signed message */
+ if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
+ der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
+ {
+ krb5_set_error_string(context, "got wrong oid for pkauthdata");
+ ret = KRB5_BADMSGTYPE;
+ goto out;
+ }
+
+ if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
+ AuthPack_Win2k ap;
+
+ ret = decode_AuthPack_Win2k(eContent.data,
+ eContent.length,
+ &ap,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
+ goto out;
+ }
+
+ ret = pk_check_pkauthenticator_win2k(context,
+ &ap.pkAuthenticator,
+ req);
+ if (ret) {
+ free_AuthPack_Win2k(&ap);
+ goto out;
+ }
+
+ client_params->type = PKINIT_COMPAT_WIN2K;
+ client_params->nonce = ap.pkAuthenticator.nonce;
+
+ if (ap.clientPublicValue) {
+ krb5_set_error_string(context, "DH not supported for windows");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ free_AuthPack_Win2k(&ap);
+
+ } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
+ AuthPack ap;
+
+ ret = decode_AuthPack(eContent.data,
+ eContent.length,
+ &ap,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
+ free_AuthPack(&ap);
+ goto out;
+ }
+
+ ret = pk_check_pkauthenticator(context,
+ &ap.pkAuthenticator,
+ req);
+ if (ret) {
+ free_AuthPack(&ap);
+ goto out;
+ }
+
+ client_params->type = PKINIT_COMPAT_27;
+ client_params->nonce = ap.pkAuthenticator.nonce;
+
+ if (ap.clientPublicValue) {
+ ret = get_dh_param(context, config,
+ ap.clientPublicValue, client_params);
+ if (ret) {
+ free_AuthPack(&ap);
+ goto out;
+ }
+ }
+
+ if (ap.supportedCMSTypes) {
+ ret = hx509_peer_info_alloc(kdc_identity->hx509ctx,
+ &client_params->peer);
+ if (ret) {
+ free_AuthPack(&ap);
+ goto out;
+ }
+ ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx,
+ client_params->peer,
+ ap.supportedCMSTypes->val,
+ ap.supportedCMSTypes->len);
+ if (ret) {
+ free_AuthPack(&ap);
+ goto out;
+ }
+ }
+ free_AuthPack(&ap);
+ } else
+ krb5_abortx(context, "internal pkinit error");
+
+ kdc_log(context, config, 0, "PK-INIT request of type %s", type);
+
+out:
+ if (ret)
+ krb5_warn(context, ret, "PKINIT");
+
+ if (signed_content.data)
+ free(signed_content.data);
+ krb5_data_free(&eContent);
+ der_free_oid(&eContentType);
+ der_free_oid(&contentInfoOid);
+ if (ret)
+ _kdc_pk_free_client_param(context, client_params);
+ else
+ *ret_params = client_params;
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
+{
+ integer->length = BN_num_bytes(bn);
+ integer->data = malloc(integer->length);
+ if (integer->data == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ BN_bn2bin(bn, integer->data);
+ integer->negative = BN_is_negative(bn);
+ return 0;
+}
+
+static krb5_error_code
+pk_mk_pa_reply_enckey(krb5_context context,
+ krb5_kdc_configuration *config,
+ pk_client_params *client_params,
+ const KDC_REQ *req,
+ const krb5_data *req_buffer,
+ krb5_keyblock *reply_key,
+ ContentInfo *content_info)
+{
+ const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
+ krb5_error_code ret;
+ krb5_data buf, signed_data;
+ size_t size;
+ int do_win2k = 0;
+
+ krb5_data_zero(&buf);
+ krb5_data_zero(&signed_data);
+
+ /*
+ * If the message client is a win2k-type but it send pa data
+ * 09-binding it expects a IETF (checksum) reply so there can be
+ * no replay attacks.
+ */
+
+ switch (client_params->type) {
+ case PKINIT_COMPAT_WIN2K: {
+ int i = 0;
+ if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
+ && config->pkinit_require_binding == 0)
+ {
+ do_win2k = 1;
+ }
+ break;
+ }
+ case PKINIT_COMPAT_27:
+ break;
+ default:
+ krb5_abortx(context, "internal pkinit error");
+ }
+
+ if (do_win2k) {
+ ReplyKeyPack_Win2k kp;
+ memset(&kp, 0, sizeof(kp));
+
+ envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
+ sdAlg = oid_id_pkcs7_data();
+
+ ret = copy_EncryptionKey(reply_key, &kp.replyKey);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ kp.nonce = client_params->nonce;
+
+ ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k,
+ buf.data, buf.length,
+ &kp, &size,ret);
+ free_ReplyKeyPack_Win2k(&kp);
+ } else {
+ krb5_crypto ascrypto;
+ ReplyKeyPack kp;
+ memset(&kp, 0, sizeof(kp));
+
+ sdAlg = oid_id_pkrkeydata();
+
+ ret = copy_EncryptionKey(reply_key, &kp.replyKey);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ ret = krb5_crypto_init(context, reply_key, 0, &ascrypto);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ ret = krb5_create_checksum(context, ascrypto, 6, 0,
+ req_buffer->data, req_buffer->length,
+ &kp.asChecksum);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ ret = krb5_crypto_destroy(context, ascrypto);
+ if (ret) {
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret);
+ free_ReplyKeyPack(&kp);
+ }
+ if (ret) {
+ krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack "
+ "failed (%d)", ret);
+ goto out;
+ }
+ if (buf.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ {
+ hx509_query *q;
+ hx509_cert cert;
+
+ ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
+ if (ret)
+ goto out;
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
+ &cert);
+ hx509_query_free(kdc_identity->hx509ctx, q);
+ if (ret)
+ goto out;
+
+ ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
+ 0,
+ sdAlg,
+ buf.data,
+ buf.length,
+ NULL,
+ cert,
+ client_params->peer,
+ client_params->client_anchors,
+ kdc_identity->certpool,
+ &signed_data);
+ hx509_cert_free(cert);
+ }
+
+ krb5_data_free(&buf);
+ if (ret)
+ goto out;
+
+ if (client_params->type == PKINIT_COMPAT_WIN2K) {
+ ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(),
+ &signed_data,
+ &buf);
+ if (ret)
+ goto out;
+ krb5_data_free(&signed_data);
+ signed_data = buf;
+ }
+
+ ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
+ 0,
+ client_params->cert,
+ signed_data.data, signed_data.length,
+ envelopedAlg,
+ oid_id_pkcs7_signedData(), &buf);
+ if (ret)
+ goto out;
+
+ ret = _krb5_pk_mk_ContentInfo(context,
+ &buf,
+ oid_id_pkcs7_envelopedData(),
+ content_info);
+out:
+ krb5_data_free(&buf);
+ krb5_data_free(&signed_data);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+pk_mk_pa_reply_dh(krb5_context context,
+ DH *kdc_dh,
+ pk_client_params *client_params,
+ krb5_keyblock *reply_key,
+ ContentInfo *content_info,
+ hx509_cert *kdc_cert)
+{
+ KDCDHKeyInfo dh_info;
+ krb5_data signed_data, buf;
+ ContentInfo contentinfo;
+ krb5_error_code ret;
+ size_t size;
+ heim_integer i;
+
+ memset(&contentinfo, 0, sizeof(contentinfo));
+ memset(&dh_info, 0, sizeof(dh_info));
+ krb5_data_zero(&buf);
+ krb5_data_zero(&signed_data);
+
+ *kdc_cert = NULL;
+
+ ret = BN_to_integer(context, kdc_dh->pub_key, &i);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
+ if (ret) {
+ krb5_set_error_string(context, "ASN.1 encoding of "
+ "DHPublicKey failed (%d)", ret);
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ if (buf.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ dh_info.subjectPublicKey.length = buf.length * 8;
+ dh_info.subjectPublicKey.data = buf.data;
+
+ dh_info.nonce = client_params->nonce;
+
+ ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
+ ret);
+ if (ret) {
+ krb5_set_error_string(context, "ASN.1 encoding of "
+ "KdcDHKeyInfo failed (%d)", ret);
+ goto out;
+ }
+ if (buf.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ /*
+ * Create the SignedData structure and sign the KdcDHKeyInfo
+ * filled in above
+ */
+
+ {
+ hx509_query *q;
+ hx509_cert cert;
+
+ ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
+ if (ret)
+ goto out;
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
+ &cert);
+ hx509_query_free(kdc_identity->hx509ctx, q);
+ if (ret)
+ goto out;
+
+ ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
+ 0,
+ oid_id_pkdhkeydata(),
+ buf.data,
+ buf.length,
+ NULL,
+ cert,
+ client_params->peer,
+ client_params->client_anchors,
+ kdc_identity->certpool,
+ &signed_data);
+ *kdc_cert = cert;
+ }
+ if (ret)
+ goto out;
+
+ ret = _krb5_pk_mk_ContentInfo(context,
+ &signed_data,
+ oid_id_pkcs7_signedData(),
+ content_info);
+ if (ret)
+ goto out;
+
+ out:
+ if (ret && *kdc_cert) {
+ hx509_cert_free(*kdc_cert);
+ *kdc_cert = NULL;
+ }
+
+ krb5_data_free(&buf);
+ krb5_data_free(&signed_data);
+ free_KDCDHKeyInfo(&dh_info);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_pk_mk_pa_reply(krb5_context context,
+ krb5_kdc_configuration *config,
+ pk_client_params *client_params,
+ const hdb_entry_ex *client,
+ const KDC_REQ *req,
+ const krb5_data *req_buffer,
+ krb5_keyblock **reply_key,
+ METHOD_DATA *md)
+{
+ krb5_error_code ret;
+ void *buf;
+ size_t len, size;
+ krb5_enctype enctype;
+ int pa_type;
+ hx509_cert kdc_cert = NULL;
+ int i;
+
+ if (!config->enable_pkinit) {
+ krb5_clear_error_string(context);
+ return 0;
+ }
+
+ if (req->req_body.etype.len > 0) {
+ for (i = 0; i < req->req_body.etype.len; i++)
+ if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0)
+ break;
+ if (req->req_body.etype.len <= i) {
+ ret = KRB5KRB_ERR_GENERIC;
+ krb5_set_error_string(context,
+ "No valid enctype available from client");
+ goto out;
+ }
+ enctype = req->req_body.etype.val[i];
+ } else
+ enctype = ETYPE_DES3_CBC_SHA1;
+
+ if (client_params->type == PKINIT_COMPAT_27) {
+ PA_PK_AS_REP rep;
+ const char *type, *other = "";
+
+ memset(&rep, 0, sizeof(rep));
+
+ pa_type = KRB5_PADATA_PK_AS_REP;
+
+ if (client_params->dh == NULL) {
+ ContentInfo info;
+
+ type = "enckey";
+
+ rep.element = choice_PA_PK_AS_REP_encKeyPack;
+
+ ret = krb5_generate_random_keyblock(context, enctype,
+ &client_params->reply_key);
+ if (ret) {
+ free_PA_PK_AS_REP(&rep);
+ goto out;
+ }
+ ret = pk_mk_pa_reply_enckey(context,
+ config,
+ client_params,
+ req,
+ req_buffer,
+ &client_params->reply_key,
+ &info);
+ if (ret) {
+ free_PA_PK_AS_REP(&rep);
+ goto out;
+ }
+ ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
+ rep.u.encKeyPack.length, &info, &size,
+ ret);
+ free_ContentInfo(&info);
+ if (ret) {
+ krb5_set_error_string(context, "encoding of Key ContentInfo "
+ "failed %d", ret);
+ free_PA_PK_AS_REP(&rep);
+ goto out;
+ }
+ if (rep.u.encKeyPack.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ } else {
+ ContentInfo info;
+
+ type = "dh";
+ if (client_params->dh_group_name)
+ other = client_params->dh_group_name;
+
+ rep.element = choice_PA_PK_AS_REP_dhInfo;
+
+ ret = generate_dh_keyblock(context, client_params, enctype,
+ &client_params->reply_key);
+ if (ret)
+ return ret;
+
+ ret = pk_mk_pa_reply_dh(context, client_params->dh,
+ client_params,
+ &client_params->reply_key,
+ &info,
+ &kdc_cert);
+
+ ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data,
+ rep.u.dhInfo.dhSignedData.length, &info, &size,
+ ret);
+ free_ContentInfo(&info);
+ if (ret) {
+ krb5_set_error_string(context, "encoding of Key ContentInfo "
+ "failed %d", ret);
+ free_PA_PK_AS_REP(&rep);
+ goto out;
+ }
+ if (rep.u.encKeyPack.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ }
+ if (ret) {
+ free_PA_PK_AS_REP(&rep);
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
+ free_PA_PK_AS_REP(&rep);
+ if (ret) {
+ krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d",
+ ret);
+ goto out;
+ }
+ if (len != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ kdc_log(context, config, 0, "PK-INIT using %s %s", type, other);
+
+ } else if (client_params->type == PKINIT_COMPAT_WIN2K) {
+ PA_PK_AS_REP_Win2k rep;
+ ContentInfo info;
+
+ if (client_params->dh) {
+ krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ memset(&rep, 0, sizeof(rep));
+
+ pa_type = KRB5_PADATA_PK_AS_REP_19;
+ rep.element = choice_PA_PK_AS_REP_encKeyPack;
+
+ ret = krb5_generate_random_keyblock(context, enctype,
+ &client_params->reply_key);
+ if (ret) {
+ free_PA_PK_AS_REP_Win2k(&rep);
+ goto out;
+ }
+ ret = pk_mk_pa_reply_enckey(context,
+ config,
+ client_params,
+ req,
+ req_buffer,
+ &client_params->reply_key,
+ &info);
+ if (ret) {
+ free_PA_PK_AS_REP_Win2k(&rep);
+ goto out;
+ }
+ ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data,
+ rep.u.encKeyPack.length, &info, &size,
+ ret);
+ free_ContentInfo(&info);
+ if (ret) {
+ krb5_set_error_string(context, "encoding of Key ContentInfo "
+ "failed %d", ret);
+ free_PA_PK_AS_REP_Win2k(&rep);
+ goto out;
+ }
+ if (rep.u.encKeyPack.length != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
+ free_PA_PK_AS_REP_Win2k(&rep);
+ if (ret) {
+ krb5_set_error_string(context,
+ "encode PA-PK-AS-REP-Win2k failed %d", ret);
+ goto out;
+ }
+ if (len != size)
+ krb5_abortx(context, "Internal ASN.1 encoder error");
+
+ } else
+ krb5_abortx(context, "PK-INIT internal error");
+
+
+ ret = krb5_padata_add(context, md, pa_type, buf, len);
+ if (ret) {
+ krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret);
+ free(buf);
+ goto out;
+ }
+
+ if (config->pkinit_kdc_ocsp_file) {
+
+ if (ocsp.expire == 0 && ocsp.next_update > kdc_time) {
+ struct stat sb;
+ int fd;
+
+ krb5_data_free(&ocsp.data);
+
+ ocsp.expire = 0;
+ ocsp.next_update = kdc_time + 60 * 5;
+
+ fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
+ if (fd < 0) {
+ kdc_log(context, config, 0,
+ "PK-INIT failed to open ocsp data file %d", errno);
+ goto out_ocsp;
+ }
+ ret = fstat(fd, &sb);
+ if (ret) {
+ ret = errno;
+ close(fd);
+ kdc_log(context, config, 0,
+ "PK-INIT failed to stat ocsp data %d", ret);
+ goto out_ocsp;
+ }
+
+ ret = krb5_data_alloc(&ocsp.data, sb.st_size);
+ if (ret) {
+ close(fd);
+ kdc_log(context, config, 0,
+ "PK-INIT failed to stat ocsp data %d", ret);
+ goto out_ocsp;
+ }
+ ocsp.data.length = sb.st_size;
+ ret = read(fd, ocsp.data.data, sb.st_size);
+ close(fd);
+ if (ret != sb.st_size) {
+ kdc_log(context, config, 0,
+ "PK-INIT failed to read ocsp data %d", errno);
+ goto out_ocsp;
+ }
+
+ ret = hx509_ocsp_verify(kdc_identity->hx509ctx,
+ kdc_time,
+ kdc_cert,
+ 0,
+ ocsp.data.data, ocsp.data.length,
+ &ocsp.expire);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "PK-INIT failed to verify ocsp data %d", ret);
+ krb5_data_free(&ocsp.data);
+ ocsp.expire = 0;
+ } else if (ocsp.expire > 180) {
+ ocsp.expire -= 180; /* refetch the ocsp before it expire */
+ ocsp.next_update = ocsp.expire;
+ } else {
+ ocsp.next_update = kdc_time;
+ }
+ out_ocsp:
+ ret = 0;
+ }
+
+ if (ocsp.expire != 0 && ocsp.expire > kdc_time) {
+
+ ret = krb5_padata_add(context, md,
+ KRB5_PADATA_PA_PK_OCSP_RESPONSE,
+ ocsp.data.data, ocsp.data.length);
+ if (ret) {
+ krb5_set_error_string(context,
+ "Failed adding OCSP response %d", ret);
+ goto out;
+ }
+ }
+ }
+
+out:
+ if (kdc_cert)
+ hx509_cert_free(kdc_cert);
+
+ if (ret == 0)
+ *reply_key = &client_params->reply_key;
+ return ret;
+}
+
+static int
+match_rfc_san(krb5_context context,
+ krb5_kdc_configuration *config,
+ hx509_context hx509ctx,
+ hx509_cert client_cert,
+ krb5_const_principal match)
+{
+ hx509_octet_string_list list;
+ int ret, i, found = 0;
+
+ memset(&list, 0 , sizeof(list));
+
+ ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
+ client_cert,
+ oid_id_pkinit_san(),
+ &list);
+ if (ret)
+ goto out;
+
+ for (i = 0; !found && i < list.len; i++) {
+ krb5_principal_data principal;
+ KRB5PrincipalName kn;
+ size_t size;
+
+ ret = decode_KRB5PrincipalName(list.val[i].data,
+ list.val[i].length,
+ &kn, &size);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Decoding kerberos name in certificate failed: %s",
+ krb5_get_err_text(context, ret));
+ break;
+ }
+ if (size != list.val[i].length) {
+ kdc_log(context, config, 0,
+ "Decoding kerberos name have extra bits on the end");
+ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
+ }
+
+ principal.name = kn.principalName;
+ principal.realm = kn.realm;
+
+ if (krb5_principal_compare(context, &principal, match) == TRUE)
+ found = 1;
+ free_KRB5PrincipalName(&kn);
+ }
+
+out:
+ hx509_free_octet_string_list(&list);
+ if (ret)
+ return ret;
+
+ if (!found)
+ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
+
+ return 0;
+}
+
+static int
+match_ms_upn_san(krb5_context context,
+ krb5_kdc_configuration *config,
+ hx509_context hx509ctx,
+ hx509_cert client_cert,
+ krb5_const_principal match)
+{
+ hx509_octet_string_list list;
+ krb5_principal principal = NULL;
+ int ret, found = 0;
+ MS_UPN_SAN upn;
+ size_t size;
+
+ memset(&list, 0 , sizeof(list));
+
+ ret = hx509_cert_find_subjectAltName_otherName(hx509ctx,
+ client_cert,
+ oid_id_pkinit_ms_san(),
+ &list);
+ if (ret)
+ goto out;
+
+ if (list.len != 1) {
+ kdc_log(context, config, 0,
+ "More then one PK-INIT MS UPN SAN");
+ goto out;
+ }
+
+ ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size);
+ if (ret) {
+ kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed");
+ goto out;
+ }
+
+ kdc_log(context, config, 0, "found MS UPN SAN: %s", upn);
+
+ ret = krb5_parse_name(context, upn, &principal);
+ free_MS_UPN_SAN(&upn);
+ if (ret) {
+ kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN");
+ goto out;
+ }
+
+ /*
+ * This is very wrong, but will do for now, should really and a
+ * plugin to the windc layer to very this ACL.
+ */
+ strupr(principal->realm);
+
+ if (krb5_principal_compare(context, principal, match) == TRUE)
+ found = 1;
+
+out:
+ if (principal)
+ krb5_free_principal(context, principal);
+ hx509_free_octet_string_list(&list);
+ if (ret)
+ return ret;
+
+ if (!found)
+ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
+
+ return 0;
+}
+
+krb5_error_code
+_kdc_pk_check_client(krb5_context context,
+ krb5_kdc_configuration *config,
+ const hdb_entry_ex *client,
+ pk_client_params *client_params,
+ char **subject_name)
+{
+ const HDB_Ext_PKINIT_acl *acl;
+ krb5_error_code ret;
+ hx509_name name;
+ int i;
+
+ ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx,
+ client_params->cert,
+ &name);
+ if (ret)
+ return ret;
+
+ ret = hx509_name_to_string(name, subject_name);
+ hx509_name_free(&name);
+ if (ret)
+ return ret;
+
+ kdc_log(context, config, 0,
+ "Trying to authorize PK-INIT subject DN %s",
+ *subject_name);
+
+ if (config->pkinit_princ_in_cert) {
+ ret = match_rfc_san(context, config,
+ kdc_identity->hx509ctx,
+ client_params->cert,
+ client->entry.principal);
+ if (ret == 0) {
+ kdc_log(context, config, 5,
+ "Found matching PK-INIT SAN in certificate");
+ return 0;
+ }
+ ret = match_ms_upn_san(context, config,
+ kdc_identity->hx509ctx,
+ client_params->cert,
+ client->entry.principal);
+ if (ret == 0) {
+ kdc_log(context, config, 5,
+ "Found matching MS UPN SAN in certificate");
+ return 0;
+ }
+ }
+
+ ret = hdb_entry_get_pkinit_acl(&client->entry, &acl);
+ if (ret == 0 && acl != NULL) {
+ /*
+ * Cheat here and compare the generated name with the string
+ * and not the reverse.
+ */
+ for (i = 0; i < acl->len; i++) {
+ if (strcmp(*subject_name, acl->val[0].subject) != 0)
+ continue;
+
+ /* Don't support isser and anchor checking right now */
+ if (acl->val[0].issuer)
+ continue;
+ if (acl->val[0].anchor)
+ continue;
+
+ kdc_log(context, config, 5,
+ "Found matching PK-INIT database ACL");
+ return 0;
+ }
+ }
+
+ for (i = 0; i < principal_mappings.len; i++) {
+ krb5_boolean b;
+
+ b = krb5_principal_compare(context,
+ client->entry.principal,
+ principal_mappings.val[i].principal);
+ if (b == FALSE)
+ continue;
+ if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0)
+ continue;
+ kdc_log(context, config, 5,
+ "Found matching PK-INIT FILE ACL");
+ return 0;
+ }
+
+ krb5_set_error_string(context,
+ "PKINIT no matching principals for %s",
+ *subject_name);
+
+ kdc_log(context, config, 5,
+ "PKINIT no matching principals for %s",
+ *subject_name);
+
+ free(*subject_name);
+ *subject_name = NULL;
+
+ return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
+}
+
+static krb5_error_code
+add_principal_mapping(krb5_context context,
+ const char *principal_name,
+ const char * subject)
+{
+ struct pk_allowed_princ *tmp;
+ krb5_principal principal;
+ krb5_error_code ret;
+
+ tmp = realloc(principal_mappings.val,
+ (principal_mappings.len + 1) * sizeof(*tmp));
+ if (tmp == NULL)
+ return ENOMEM;
+ principal_mappings.val = tmp;
+
+ ret = krb5_parse_name(context, principal_name, &principal);
+ if (ret)
+ return ret;
+
+ principal_mappings.val[principal_mappings.len].principal = principal;
+
+ principal_mappings.val[principal_mappings.len].subject = strdup(subject);
+ if (principal_mappings.val[principal_mappings.len].subject == NULL) {
+ krb5_free_principal(context, principal);
+ return ENOMEM;
+ }
+ principal_mappings.len++;
+
+ return 0;
+}
+
+krb5_error_code
+_kdc_add_inital_verified_cas(krb5_context context,
+ krb5_kdc_configuration *config,
+ pk_client_params *params,
+ EncTicketPart *tkt)
+{
+ AD_INITIAL_VERIFIED_CAS cas;
+ krb5_error_code ret;
+ krb5_data data;
+ size_t size;
+
+ memset(&cas, 0, sizeof(cas));
+
+ /* XXX add CAs to cas here */
+
+ ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length,
+ &cas, &size, ret);
+ if (ret)
+ return ret;
+ if (data.length != size)
+ krb5_abortx(context, "internal asn.1 encoder error");
+
+ ret = _kdc_tkt_add_if_relevant_ad(context, tkt,
+ KRB5_AUTHDATA_INITIAL_VERIFIED_CAS,
+ &data);
+ krb5_data_free(&data);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static void
+load_mappings(krb5_context context, const char *fn)
+{
+ krb5_error_code ret;
+ char buf[1024];
+ unsigned long lineno = 0;
+ FILE *f;
+
+ f = fopen(fn, "r");
+ if (f == NULL)
+ return;
+
+ while (fgets(buf, sizeof(buf), f) != NULL) {
+ char *subject_name, *p;
+
+ buf[strcspn(buf, "\n")] = '\0';
+ lineno++;
+
+ p = buf + strspn(buf, " \t");
+
+ if (*p == '#' || *p == '\0')
+ continue;
+
+ subject_name = strchr(p, ':');
+ if (subject_name == NULL) {
+ krb5_warnx(context, "pkinit mapping file line %lu "
+ "missing \":\" :%s",
+ lineno, buf);
+ continue;
+ }
+ *subject_name++ = '\0';
+
+ ret = add_principal_mapping(context, p, subject_name);
+ if (ret) {
+ krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n",
+ lineno, buf);
+ continue;
+ }
+ }
+
+ fclose(f);
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+_kdc_pk_initialize(krb5_context context,
+ krb5_kdc_configuration *config,
+ const char *user_id,
+ const char *anchors,
+ char **pool,
+ char **revoke_list)
+{
+ const char *file;
+ char *fn = NULL;
+ krb5_error_code ret;
+
+ file = krb5_config_get_string(context, NULL,
+ "libdefaults", "moduli", NULL);
+
+ ret = _krb5_parse_moduli(context, file, &moduli);
+ if (ret)
+ krb5_err(context, 1, ret, "PKINIT: failed to load modidi file");
+
+ principal_mappings.len = 0;
+ principal_mappings.val = NULL;
+
+ ret = _krb5_pk_load_id(context,
+ &kdc_identity,
+ user_id,
+ anchors,
+ pool,
+ revoke_list,
+ NULL,
+ NULL,
+ NULL);
+ if (ret) {
+ krb5_warn(context, ret, "PKINIT: ");
+ config->enable_pkinit = 0;
+ return ret;
+ }
+
+ {
+ hx509_query *q;
+ hx509_cert cert;
+
+ ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
+ if (ret) {
+ krb5_warnx(context, "PKINIT: out of memory");
+ return ENOMEM;
+ }
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ ret = hx509_certs_find(kdc_identity->hx509ctx,
+ kdc_identity->certs,
+ q,
+ &cert);
+ hx509_query_free(kdc_identity->hx509ctx, q);
+ if (ret == 0) {
+ if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert,
+ oid_id_pkkdcekuoid(), 0))
+ krb5_warnx(context, "WARNING Found KDC certificate "
+ "is missing the PK-INIT KDC EKU, this is bad for "
+ "interoperability.");
+ hx509_cert_free(cert);
+ } else
+ krb5_warnx(context, "PKINIT: failed to find a signing "
+ "certifiate with a public key");
+ }
+
+ ret = krb5_config_get_bool_default(context,
+ NULL,
+ FALSE,
+ "kdc",
+ "pkinit_allow_proxy_certificate",
+ NULL);
+ _krb5_pk_allow_proxy_certificate(kdc_identity, ret);
+
+ file = krb5_config_get_string(context,
+ NULL,
+ "kdc",
+ "pkinit_mappings_file",
+ NULL);
+ if (file == NULL) {
+ asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context));
+ file = fn;
+ }
+
+ load_mappings(context, file);
+ if (fn)
+ free(fn);
+
+ return 0;
+}
+
+#endif /* PKINIT */
Added: vendor-crypto/heimdal/dist/kdc/process.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/process.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/process.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,219 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: process.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ *
+ */
+
+void
+krb5_kdc_update_time(struct timeval *tv)
+{
+ if (tv == NULL)
+ gettimeofday(&_kdc_now, NULL);
+ else
+ _kdc_now = *tv;
+}
+
+/*
+ * handle the request in `buf, len', from `addr' (or `from' as a string),
+ * sending a reply in `reply'.
+ */
+
+int
+krb5_kdc_process_request(krb5_context context,
+ krb5_kdc_configuration *config,
+ unsigned char *buf,
+ size_t len,
+ krb5_data *reply,
+ krb5_boolean *prependlength,
+ const char *from,
+ struct sockaddr *addr,
+ int datagram_reply)
+{
+ KDC_REQ req;
+ Ticket ticket;
+ DigestREQ digestreq;
+ Kx509Request kx509req;
+ krb5_error_code ret;
+ size_t i;
+
+ if(decode_AS_REQ(buf, len, &req, &i) == 0){
+ krb5_data req_buffer;
+
+ req_buffer.data = buf;
+ req_buffer.length = len;
+
+ ret = _kdc_as_rep(context, config, &req, &req_buffer,
+ reply, from, addr, datagram_reply);
+ free_AS_REQ(&req);
+ return ret;
+ }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
+ ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply);
+ free_TGS_REQ(&req);
+ return ret;
+ }else if(decode_Ticket(buf, len, &ticket, &i) == 0){
+ ret = _kdc_do_524(context, config, &ticket, reply, from, addr);
+ free_Ticket(&ticket);
+ return ret;
+ }else if(decode_DigestREQ(buf, len, &digestreq, &i) == 0){
+ ret = _kdc_do_digest(context, config, &digestreq, reply, from, addr);
+ free_DigestREQ(&digestreq);
+ return ret;
+ } else if (_kdc_try_kx509_request(buf, len, &kx509req, &i) == 0) {
+ ret = _kdc_do_kx509(context, config, &kx509req, reply, from, addr);
+ free_Kx509Request(&kx509req);
+ return ret;
+ } else if(_kdc_maybe_version4(buf, len)){
+ *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */
+ _kdc_do_version4(context, config, buf, len, reply, from,
+ (struct sockaddr_in*)addr);
+ return 0;
+ } else if (config->enable_kaserver) {
+ ret = _kdc_do_kaserver(context, config, buf, len, reply, from,
+ (struct sockaddr_in*)addr);
+ return ret;
+ }
+
+ return -1;
+}
+
+/*
+ * handle the request in `buf, len', from `addr' (or `from' as a string),
+ * sending a reply in `reply'.
+ *
+ * This only processes krb5 requests
+ */
+
+int
+krb5_kdc_process_krb5_request(krb5_context context,
+ krb5_kdc_configuration *config,
+ unsigned char *buf,
+ size_t len,
+ krb5_data *reply,
+ const char *from,
+ struct sockaddr *addr,
+ int datagram_reply)
+{
+ KDC_REQ req;
+ krb5_error_code ret;
+ size_t i;
+
+ if(decode_AS_REQ(buf, len, &req, &i) == 0){
+ krb5_data req_buffer;
+
+ req_buffer.data = buf;
+ req_buffer.length = len;
+
+ ret = _kdc_as_rep(context, config, &req, &req_buffer,
+ reply, from, addr, datagram_reply);
+ free_AS_REQ(&req);
+ return ret;
+ }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){
+ ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply);
+ free_TGS_REQ(&req);
+ return ret;
+ }
+ return -1;
+}
+
+/*
+ *
+ */
+
+int
+krb5_kdc_save_request(krb5_context context,
+ const char *fn,
+ const unsigned char *buf,
+ size_t len,
+ const krb5_data *reply,
+ const struct sockaddr *sa)
+{
+ krb5_storage *sp;
+ krb5_address a;
+ int fd, ret;
+ uint32_t t;
+ krb5_data d;
+
+ memset(&a, 0, sizeof(a));
+
+ d.data = rk_UNCONST(buf);
+ d.length = len;
+ t = _kdc_now.tv_sec;
+
+ fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600);
+ if (fd < 0) {
+ krb5_set_error_string(context, "Failed to open: %s", fn);
+ return errno;
+ }
+
+ sp = krb5_storage_from_fd(fd);
+ close(fd);
+ if (sp == NULL) {
+ krb5_set_error_string(context, "Storage failed to open fd");
+ return ENOMEM;
+ }
+
+ ret = krb5_sockaddr2address(context, sa, &a);
+ if (ret)
+ goto out;
+
+ krb5_store_uint32(sp, 1);
+ krb5_store_uint32(sp, t);
+ krb5_store_address(sp, a);
+ krb5_store_data(sp, d);
+ {
+ Der_class cl;
+ Der_type ty;
+ unsigned int tag;
+ ret = der_get_tag (reply->data, reply->length,
+ &cl, &ty, &tag, NULL);
+ if (ret) {
+ krb5_store_uint32(sp, 0xffffffff);
+ krb5_store_uint32(sp, 0xffffffff);
+ } else {
+ krb5_store_uint32(sp, MAKE_TAG(cl, ty, 0));
+ krb5_store_uint32(sp, tag);
+ }
+ }
+
+ krb5_free_address(context, &a);
+out:
+ krb5_storage_free(sp);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/rx.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/rx.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/rx.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: rx.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef __RX_H__
+#define __RX_H__
+
+/* header of a RPC packet */
+
+enum rx_header_type {
+ HT_DATA = 1,
+ HT_ACK = 2,
+ HT_BUSY = 3,
+ HT_ABORT = 4,
+ HT_ACKALL = 5,
+ HT_CHAL = 6,
+ HT_RESP = 7,
+ HT_DEBUG = 8
+};
+
+/* For flags in header */
+
+enum rx_header_flag {
+ HF_CLIENT_INITIATED = 1,
+ HF_REQ_ACK = 2,
+ HF_LAST = 4,
+ HF_MORE = 8
+};
+
+struct rx_header {
+ uint32_t epoch;
+ uint32_t connid; /* And channel ID */
+ uint32_t callid;
+ uint32_t seqno;
+ uint32_t serialno;
+ u_char type;
+ u_char flags;
+ u_char status;
+ u_char secindex;
+ uint16_t reserved; /* ??? verifier? */
+ uint16_t serviceid;
+/* This should be the other way around according to everything but */
+/* tcpdump */
+};
+
+#define RX_HEADER_SIZE 28
+
+#endif /* __RX_H__ */
Added: vendor-crypto/heimdal/dist/kdc/set_dbinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/set_dbinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/set_dbinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: set_dbinfo.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c)
+{
+ struct hdb_dbinfo *info, *d;
+ krb5_error_code ret;
+ int i;
+
+ /* fetch the databases */
+ ret = hdb_get_dbinfo(context, &info);
+ if (ret)
+ return ret;
+
+ d = NULL;
+ while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
+ void *ptr;
+
+ ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db));
+ if (ptr == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+ c->db = ptr;
+
+ ret = hdb_create(context, &c->db[c->num_db],
+ hdb_dbinfo_get_dbname(context, d));
+ if(ret)
+ goto out;
+
+ ret = hdb_set_master_keyfile(context, c->db[c->num_db],
+ hdb_dbinfo_get_mkey_file(context, d));
+ if (ret)
+ goto out;
+
+ c->num_db++;
+
+ kdc_log(context, c, 0, "label: %s",
+ hdb_dbinfo_get_label(context, d));
+ kdc_log(context, c, 0, "\tdbname: %s",
+ hdb_dbinfo_get_dbname(context, d));
+ kdc_log(context, c, 0, "\tmkey_file: %s",
+ hdb_dbinfo_get_mkey_file(context, d));
+ kdc_log(context, c, 0, "\tacl_file: %s",
+ hdb_dbinfo_get_acl_file(context, d));
+ }
+ hdb_free_dbinfo(context, &info);
+
+ return 0;
+out:
+ for (i = 0; i < c->num_db; i++)
+ if (c->db[i] && c->db[i]->hdb_destroy)
+ (*c->db[i]->hdb_destroy)(context, c->db[i]);
+ c->num_db = 0;
+ free(c->db);
+ c->db = NULL;
+
+ hdb_free_dbinfo(context, &info);
+
+ return ret;
+}
+
+
Added: vendor-crypto/heimdal/dist/kdc/string2key.8
===================================================================
--- vendor-crypto/heimdal/dist/kdc/string2key.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/string2key.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,110 @@
+.\" Copyright (c) 2000 - 2002 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: string2key.8,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd March 4, 2000
+.Dt STRING2KEY 8
+.Os HEIMDAL
+.Sh NAME
+.Nm string2key
+.Nd map a password into a key
+.Sh SYNOPSIS
+.Nm
+.Op Fl 5 | Fl -version5
+.Op Fl 4 | Fl -version4
+.Op Fl a | Fl -afs
+.Oo Fl c Ar cell \*(Ba Xo
+.Fl -cell= Ns Ar cell
+.Xc
+.Oc
+.Oo Fl w Ar password \*(Ba Xo
+.Fl -password= Ns Ar password
+.Xc
+.Oc
+.Oo Fl p Ar principal \*(Ba Xo
+.Fl -principal= Ns Ar principal
+.Xc
+.Oc
+.Oo Fl k Ar string \*(Ba Xo
+.Fl -keytype= Ns Ar string
+.Xc
+.Oc
+.Ar password
+.Sh DESCRIPTION
+.Nm
+performs the string-to-key function.
+This is useful when you want to handle the raw key instead of the password.
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl 5 ,
+.Fl -version5
+.Xc
+Output Kerberos v5 string-to-key
+.It Xo
+.Fl 4 ,
+.Fl -version4
+.Xc
+Output Kerberos v4 string-to-key
+.It Xo
+.Fl a ,
+.Fl -afs
+.Xc
+Output AFS string-to-key
+.It Xo
+.Fl c Ar cell ,
+.Fl -cell= Ns Ar cell
+.Xc
+AFS cell to use
+.It Xo
+.Fl w Ar password ,
+.Fl -password= Ns Ar password
+.Xc
+Password to use
+.It Xo
+.Fl p Ar principal ,
+.Fl -principal= Ns Ar principal
+.Xc
+Kerberos v5 principal to use
+.It Xo
+.Fl k Ar string ,
+.Fl -keytype= Ns Ar string
+.Xc
+Keytype
+.It Xo
+.Fl -version
+.Xc
+print version
+.It Xo
+.Fl -help
+.Xc
+.El
Added: vendor-crypto/heimdal/dist/kdc/string2key.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/string2key.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/string2key.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,201 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "headers.h"
+#include <getarg.h>
+
+RCSID("$Id: string2key.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+int version5;
+int version4;
+int afs;
+char *principal;
+char *cell;
+char *password;
+const char *keytype_str = "des3-cbc-sha1";
+int version;
+int help;
+
+struct getargs args[] = {
+ { "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key" },
+ { "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key" },
+ { "afs", 'a', arg_flag, &afs, "Output AFS string-to-key" },
+ { "cell", 'c', arg_string, &cell, "AFS cell to use", "cell" },
+ { "password", 'w', arg_string, &password, "Password to use", "password" },
+ { "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" },
+ { "keytype", 'k', arg_string, &keytype_str, "Keytype" },
+ { "version", 0, arg_flag, &version, "print version" },
+ { "help", 0, arg_flag, &help, NULL }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int status)
+{
+ arg_printusage (args, num_args, NULL, "password");
+ exit(status);
+}
+
+static void
+tokey(krb5_context context,
+ krb5_enctype enctype,
+ const char *pw,
+ krb5_salt salt,
+ const char *label)
+{
+ krb5_error_code ret;
+ int i;
+ krb5_keyblock key;
+ char *e;
+
+ ret = krb5_string_to_key_salt(context, enctype, pw, salt, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_string_to_key_salt");
+ ret = krb5_enctype_to_string(context, enctype, &e);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_enctype_to_string");
+ printf(label, e);
+ printf(": ");
+ for(i = 0; i < key.keyvalue.length; i++)
+ printf("%02x", ((unsigned char*)key.keyvalue.data)[i]);
+ printf("\n");
+ krb5_free_keyblock_contents(context, &key);
+ free(e);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_principal princ;
+ krb5_salt salt;
+ int optidx;
+ char buf[1024];
+ krb5_enctype etype;
+ krb5_error_code ret;
+
+ optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help)
+ usage(0);
+
+ if(version){
+ print_version (NULL);
+ return 0;
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc > 1)
+ usage(1);
+
+ if(!version5 && !version4 && !afs)
+ version5 = 1;
+
+ ret = krb5_string_to_enctype(context, keytype_str, &etype);
+ if(ret) {
+ krb5_keytype keytype;
+ int *etypes;
+ unsigned num;
+ char *str;
+ ret = krb5_string_to_keytype(context, keytype_str, &keytype);
+ if(ret)
+ krb5_err(context, 1, ret, "%s", keytype_str);
+ ret = krb5_keytype_to_enctypes(context, keytype, &num, &etypes);
+ if(ret)
+ krb5_err(context, 1, ret, "%s", keytype_str);
+ if(num == 0)
+ krb5_errx(context, 1, "there are no encryption types for that keytype");
+ etype = etypes[0];
+ krb5_enctype_to_string(context, etype, &str);
+ keytype_str = str;
+ if(num > 1 && version5)
+ krb5_warnx(context, "ambiguous keytype, using %s", keytype_str);
+ }
+
+ if((etype != ETYPE_DES_CBC_CRC &&
+ etype != ETYPE_DES_CBC_MD4 &&
+ etype != ETYPE_DES_CBC_MD5) &&
+ (afs || version4)) {
+ if(!version5) {
+ etype = ETYPE_DES_CBC_CRC;
+ } else {
+ krb5_errx(context, 1,
+ "DES is the only valid keytype for AFS and Kerberos 4");
+ }
+ }
+
+ if(version5 && principal == NULL){
+ printf("Kerberos v5 principal: ");
+ if(fgets(buf, sizeof(buf), stdin) == NULL)
+ return 1;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ principal = estrdup(buf);
+ }
+ if(afs && cell == NULL){
+ printf("AFS cell: ");
+ if(fgets(buf, sizeof(buf), stdin) == NULL)
+ return 1;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ cell = estrdup(buf);
+ }
+ if(argv[0])
+ password = argv[0];
+ if(password == NULL){
+ if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 0))
+ return 1;
+ password = buf;
+ }
+
+ if(version5){
+ krb5_parse_name(context, principal, &princ);
+ krb5_get_pw_salt(context, princ, &salt);
+ tokey(context, etype, password, salt, "Kerberos 5 (%s)");
+ krb5_free_salt(context, salt);
+ }
+ if(version4){
+ salt.salttype = KRB5_PW_SALT;
+ salt.saltvalue.length = 0;
+ salt.saltvalue.data = NULL;
+ tokey(context, ETYPE_DES_CBC_MD5, password, salt, "Kerberos 4");
+ }
+ if(afs){
+ salt.salttype = KRB5_AFS3_SALT;
+ salt.saltvalue.length = strlen(cell);
+ salt.saltvalue.data = cell;
+ tokey(context, ETYPE_DES_CBC_MD5, password, salt, "AFS");
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/v4_dump.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/v4_dump.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/v4_dump.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hprop.h"
+
+RCSID("$Id: v4_dump.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static time_t
+time_parse(const char *cp)
+{
+ char wbuf[5];
+ struct tm tp;
+ int local;
+
+ memset(&tp, 0, sizeof(tp)); /* clear out the struct */
+
+ /* new format is YYYYMMDDHHMM UTC,
+ old format is YYMMDDHHMM local time */
+ if (strlen(cp) > 10) { /* new format */
+ strlcpy(wbuf, cp, sizeof(wbuf));
+ tp.tm_year = atoi(wbuf) - 1900;
+ cp += 4;
+ local = 0;
+ } else {
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ wbuf[2] = '\0';
+ tp.tm_year = atoi(wbuf);
+ if(tp.tm_year < 38)
+ tp.tm_year += 100;
+ local = 1;
+ }
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ wbuf[2] = 0;
+ tp.tm_mon = atoi(wbuf) - 1;
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_mday = atoi(wbuf);
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_hour = atoi(wbuf);
+
+ wbuf[0] = *cp++;
+ wbuf[1] = *cp++;
+ tp.tm_min = atoi(wbuf);
+
+ return(tm2time(tp, local));
+}
+
+/* convert a version 4 dump file */
+int
+v4_prop_dump(void *arg, const char *file)
+{
+ char buf [1024];
+ FILE *f;
+ int lineno = 0;
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return errno;
+
+ while(fgets(buf, sizeof(buf), f)) {
+ int ret;
+ unsigned long key[2]; /* yes, long */
+ char exp_date[64], mod_date[64];
+ struct v4_principal pr;
+ int attributes;
+
+ memset(&pr, 0, sizeof(pr));
+ errno = 0;
+ lineno++;
+ ret = sscanf(buf, "%63s %63s %d %d %d %d %lx %lx %63s %63s %63s %63s",
+ pr.name, pr.instance,
+ &pr.max_life, &pr.mkvno, &pr.kvno,
+ &attributes,
+ &key[0], &key[1],
+ exp_date, mod_date,
+ pr.mod_name, pr.mod_instance);
+ if(ret != 12){
+ warnx("Line %d malformed (ignored)", lineno);
+ continue;
+ }
+ if(attributes != 0) {
+ warnx("Line %d (%s.%s) has non-zero attributes - skipping",
+ lineno, pr.name, pr.instance);
+ continue;
+ }
+ pr.key[0] = (key[0] >> 24) & 0xff;
+ pr.key[1] = (key[0] >> 16) & 0xff;
+ pr.key[2] = (key[0] >> 8) & 0xff;
+ pr.key[3] = (key[0] >> 0) & 0xff;
+ pr.key[4] = (key[1] >> 24) & 0xff;
+ pr.key[5] = (key[1] >> 16) & 0xff;
+ pr.key[6] = (key[1] >> 8) & 0xff;
+ pr.key[7] = (key[1] >> 0) & 0xff;
+ pr.exp_date = time_parse(exp_date);
+ pr.mod_date = time_parse(mod_date);
+ if (pr.instance[0] == '*')
+ pr.instance[0] = '\0';
+ if (pr.mod_name[0] == '*')
+ pr.mod_name[0] = '\0';
+ if (pr.mod_instance[0] == '*')
+ pr.mod_instance[0] = '\0';
+ v4_prop(arg, &pr);
+ memset(&pr, 0, sizeof(pr));
+ }
+ fclose(f);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kdc/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/kdc/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+HEIMDAL_KDC_1.0 {
+ global:
+ kdc_log;
+ kdc_log_msg;
+ kdc_log_msg_va;
+ kdc_openlog;
+ krb5_kdc_windc_init;
+ krb5_kdc_get_config;
+ krb5_kdc_set_dbinfo;
+ krb5_kdc_process_krb5_request;
+ krb5_kdc_process_request;
+ krb5_kdc_save_request;
+ krb5_kdc_update_time;
+ local:
+ *;
+};
Added: vendor-crypto/heimdal/dist/kdc/windc.c
===================================================================
--- vendor-crypto/heimdal/dist/kdc/windc.c (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/windc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id: windc.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static krb5plugin_windc_ftable *windcft;
+static void *windcctx;
+
+/*
+ * Pick the first WINDC module that we find.
+ */
+
+krb5_error_code
+krb5_kdc_windc_init(krb5_context context)
+{
+ struct krb5_plugin *list = NULL, *e;
+ krb5_error_code ret;
+
+ ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list);
+ if(ret != 0 || list == NULL)
+ return 0;
+
+ for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
+
+ windcft = _krb5_plugin_get_symbol(e);
+ if (windcft->minor_version < KRB5_WINDC_PLUGING_MINOR)
+ continue;
+
+ (*windcft->init)(context, &windcctx);
+ break;
+ }
+ if (e == NULL) {
+ _krb5_plugin_free(list);
+ krb5_set_error_string(context, "Did not find any WINDC plugin");
+ windcft = NULL;
+ return ENOENT;
+ }
+
+ return 0;
+}
+
+
+krb5_error_code
+_kdc_pac_generate(krb5_context context,
+ hdb_entry_ex *client,
+ krb5_pac *pac)
+{
+ *pac = NULL;
+ if (windcft == NULL)
+ return 0;
+ return (windcft->pac_generate)(windcctx, context, client, pac);
+}
+
+krb5_error_code
+_kdc_pac_verify(krb5_context context,
+ const krb5_principal client_principal,
+ hdb_entry_ex *client,
+ hdb_entry_ex *server,
+ krb5_pac *pac)
+{
+ if (windcft == NULL) {
+ krb5_set_error_string(context, "Can't verify PAC, no function");
+ return EINVAL;
+ }
+ return (windcft->pac_verify)(windcctx, context,
+ client_principal, client, server, pac);
+}
+
+krb5_error_code
+_kdc_windc_client_access(krb5_context context,
+ struct hdb_entry_ex *client,
+ KDC_REQ *req)
+{
+ if (windcft == NULL)
+ return 0;
+ return (windcft->client_access)(windcctx, context, client, req);
+}
Added: vendor-crypto/heimdal/dist/kdc/windc_plugin.h
===================================================================
--- vendor-crypto/heimdal/dist/kdc/windc_plugin.h (rev 0)
+++ vendor-crypto/heimdal/dist/kdc/windc_plugin.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: windc_plugin.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H
+#define HEIMDAL_KRB5_PAC_PLUGIN_H 1
+
+#include <krb5.h>
+
+/*
+ * The PAC generate function should allocate a krb5_pac using
+ * krb5_pac_init and fill in the PAC structure for the principal using
+ * krb5_pac_add_buffer.
+ *
+ * The PAC verify function should verify all components in the PAC
+ * using krb5_pac_get_types and krb5_pac_get_buffer for all types.
+ *
+ * Check client access function check if the client is authorized.
+ */
+
+struct hdb_entry_ex;
+
+typedef krb5_error_code
+(*krb5plugin_windc_pac_generate)(void *, krb5_context,
+ struct hdb_entry_ex *, krb5_pac *);
+
+typedef krb5_error_code
+(*krb5plugin_windc_pac_verify)(void *, krb5_context,
+ const krb5_principal,
+ struct hdb_entry_ex *,
+ struct hdb_entry_ex *,
+ krb5_pac *);
+
+typedef krb5_error_code
+(*krb5plugin_windc_client_access)(
+ void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *);
+
+
+#define KRB5_WINDC_PLUGING_MINOR 2
+
+typedef struct krb5plugin_windc_ftable {
+ int minor_version;
+ krb5_error_code (*init)(krb5_context, void **);
+ void (*fini)(void *);
+ krb5plugin_windc_pac_generate pac_generate;
+ krb5plugin_windc_pac_verify pac_verify;
+ krb5plugin_windc_client_access client_access;
+} krb5plugin_windc_ftable;
+
+#endif /* HEIMDAL_KRB5_PAC_PLUGIN_H */
+
Added: vendor-crypto/heimdal/dist/kpasswd/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,33 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_hcrypto)
+
+man_MANS = kpasswd.1 kpasswdd.8
+
+bin_PROGRAMS = kpasswd
+
+kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
+
+libexec_PROGRAMS = kpasswdd
+
+noinst_PROGRAMS = kpasswd-generator
+
+kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
+
+kpasswdd_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(LDADD) \
+ $(LIB_pidfile) \
+ $(LIB_dlopen) \
+ $(DBLIB)
+
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
Added: vendor-crypto/heimdal/dist/kpasswd/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,956 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = kpasswd$(EXEEXT)
+libexec_PROGRAMS = kpasswdd$(EXEEXT)
+noinst_PROGRAMS = kpasswd-generator$(EXEEXT)
+subdir = kpasswd
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
+am_kpasswd_OBJECTS = kpasswd.$(OBJEXT)
+kpasswd_OBJECTS = $(am_kpasswd_OBJECTS)
+kpasswd_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+kpasswd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+kpasswd_generator_SOURCES = kpasswd-generator.c
+kpasswd_generator_OBJECTS = kpasswd-generator.$(OBJEXT)
+kpasswd_generator_LDADD = $(LDADD)
+kpasswd_generator_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+am_kpasswdd_OBJECTS = kpasswdd.$(OBJEXT)
+kpasswdd_OBJECTS = $(am_kpasswdd_OBJECTS)
+am__DEPENDENCIES_2 = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES)
+DIST_SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c \
+ $(kpasswdd_SOURCES)
+man1dir = $(mandir)/man1
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_hcrypto)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+man_MANS = kpasswd.1 kpasswdd.8
+kpasswd_SOURCES = kpasswd.c kpasswd_locl.h
+kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
+kpasswdd_LDADD = \
+ $(top_builddir)/lib/kadm5/libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(LDADD) \
+ $(LIB_pidfile) \
+ $(LIB_dlopen) \
+ $(DBLIB)
+
+LDADD = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kpasswd/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps kpasswd/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES)
+ @rm -f kpasswd$(EXEEXT)
+ $(LINK) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS)
+kpasswd-generator$(EXEEXT): $(kpasswd_generator_OBJECTS) $(kpasswd_generator_DEPENDENCIES)
+ @rm -f kpasswd-generator$(EXEEXT)
+ $(LINK) $(kpasswd_generator_OBJECTS) $(kpasswd_generator_LDADD) $(LIBS)
+kpasswdd$(EXEEXT): $(kpasswdd_OBJECTS) $(kpasswdd_DEPENDENCIES)
+ @rm -f kpasswdd$(EXEEXT)
+ $(LINK) $(kpasswdd_OBJECTS) $(kpasswdd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-binPROGRAMS install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man1 install-man8 \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-binPROGRAMS uninstall-hook uninstall-libexecPROGRAMS \
+ uninstall-man uninstall-man1 uninstall-man8
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/kpasswd/kpasswd-generator.c
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/kpasswd-generator.c (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/kpasswd-generator.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 2000 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kpasswd_locl.h"
+
+RCSID("$Id: kpasswd-generator.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static unsigned
+read_words (const char *filename, char ***ret_w)
+{
+ unsigned n, alloc;
+ FILE *f;
+ char buf[256];
+ char **w = NULL;
+
+ f = fopen (filename, "r");
+ if (f == NULL)
+ err (1, "cannot open %s", filename);
+ alloc = n = 0;
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (n >= alloc) {
+ alloc += 16;
+ w = erealloc (w, alloc * sizeof(char **));
+ }
+ w[n++] = estrdup (buf);
+ }
+ *ret_w = w;
+ if (n == 0)
+ errx(1, "%s is an empty file, no words to try", filename);
+ return n;
+}
+
+static int
+nop_prompter (krb5_context context,
+ void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[])
+{
+ return 0;
+}
+
+static void
+generate_requests (const char *filename, unsigned nreq)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int i;
+ char **words;
+ unsigned nwords;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ nwords = read_words (filename, &words);
+
+ for (i = 0; i < nreq; ++i) {
+ char *name = words[rand() % nwords];
+ krb5_get_init_creds_opt *opt;
+ krb5_creds cred;
+ krb5_principal principal;
+ int result_code;
+ krb5_data result_code_string, result_string;
+ char *old_pwd, *new_pwd;
+
+ krb5_get_init_creds_opt_alloc (context, &opt);
+ krb5_get_init_creds_opt_set_tkt_life (opt, 300);
+ krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
+ krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
+
+ ret = krb5_parse_name (context, name, &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s", name);
+
+ asprintf (&old_pwd, "%s", name);
+ asprintf (&new_pwd, "%s2", name);
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ old_pwd,
+ nop_prompter,
+ NULL,
+ 0,
+ "kadmin/changepw",
+ opt);
+ if( ret == KRB5KRB_AP_ERR_BAD_INTEGRITY
+ || ret == KRB5KRB_AP_ERR_MODIFIED) {
+ char *tmp;
+
+ tmp = new_pwd;
+ new_pwd = old_pwd;
+ old_pwd = tmp;
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ old_pwd,
+ nop_prompter,
+ NULL,
+ 0,
+ "kadmin/changepw",
+ opt);
+ }
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_init_creds_password");
+
+ krb5_free_principal (context, principal);
+
+ ret = krb5_change_password (context, &cred, new_pwd,
+ &result_code,
+ &result_code_string,
+ &result_string);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_change_password");
+
+ free (old_pwd);
+ free (new_pwd);
+ krb5_free_cred_contents (context, &cred);
+ krb5_get_init_creds_opt_free(context, opt);
+ }
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "file [number]");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optind = 0;
+ int nreq;
+ char *end;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ usage(1);
+ if (help_flag)
+ usage (0);
+ if (version_flag) {
+ print_version(NULL);
+ return 0;
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 2)
+ usage (1);
+ srand (0);
+ nreq = strtol (argv[1], &end, 0);
+ if (argv[1] == end || *end != '\0')
+ usage (1);
+ generate_requests (argv[0], nreq);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kpasswd/kpasswd.1
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/kpasswd.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/kpasswd.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,68 @@
+.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kpasswd.1,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd January 5, 2005
+.Dt KPASSWD 1
+.Os HEIMDAL
+.Sh NAME
+.Nm kpasswd
+.Nd Kerberos 5 password changing program
+.Sh SYNOPSIS
+.Nm
+.Op Fl -admin-principal= Ns Ar principal
+.Oo Fl c Ar cache \*(Ba Xo
+.Fl -cache= Ns Ar cache
+.Xc
+.Oc
+.Op Ar principal ...
+.Sh DESCRIPTION
+.Nm
+is the client for changing passwords.
+.Pp
+If administrator principal is given that principal is used to change
+the password.
+.Pp
+Multiple passwords for different users can be changed at the same time,
+then the administrator principal will be used.
+If the administrator isn't specified on the command prompt, the
+principal of the default credential cache will be used.
+.Pp
+If a credential cache is given, the
+.Fl -admin-principal
+flag is ignored and use the default name of the credential cache is
+used instead.
+.Sh DIAGNOSTICS
+If the password quality check fails or some other error occurs, an
+explanation is printed.
+.Sh SEE ALSO
+.Xr kpasswdd 8
Added: vendor-crypto/heimdal/dist/kpasswd/kpasswd.c
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/kpasswd.c (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/kpasswd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,247 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kpasswd_locl.h"
+RCSID("$Id: kpasswd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int version_flag;
+static int help_flag;
+static char *admin_principal_str;
+static char *cred_cache_str;
+
+static struct getargs args[] = {
+ { "admin-principal", 0, arg_string, &admin_principal_str },
+ { "cache", 'c', arg_string, &cred_cache_str },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret, struct getargs *a, int num_args)
+{
+ arg_printusage (a, num_args, NULL, "[principal ...]");
+ exit (ret);
+}
+
+static int
+change_password(krb5_context context,
+ krb5_principal principal,
+ krb5_ccache id)
+{
+ krb5_data result_code_string, result_string;
+ int result_code;
+ krb5_error_code ret;
+ char pwbuf[BUFSIZ];
+ char *msg, *name;
+
+ krb5_data_zero (&result_code_string);
+ krb5_data_zero (&result_string);
+
+ name = msg = NULL;
+ if (principal == NULL)
+ asprintf(&msg, "New password: ");
+ else {
+ ret = krb5_unparse_name(context, principal, &name);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ asprintf(&msg, "New password for %s: ", name);
+ }
+
+ if (msg == NULL)
+ krb5_errx (context, 1, "out of memory");
+
+ ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1);
+ free(msg);
+ if (name)
+ free(name);
+ if (ret != 0) {
+ return 1;
+ }
+
+ ret = krb5_set_password_using_ccache (context, id, pwbuf,
+ principal,
+ &result_code,
+ &result_code_string,
+ &result_string);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_set_password_using_ccache");
+ return 1;
+ }
+
+ printf ("%s%s%.*s\n", krb5_passwd_result_to_string(context, result_code),
+ result_string.length > 0 ? " : " : "",
+ (int)result_string.length,
+ result_string.length > 0 ? (char *)result_string.data : "");
+
+ krb5_data_free (&result_code_string);
+ krb5_data_free (&result_string);
+
+ return ret != 0;
+}
+
+
+int
+main (int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_principal principal;
+ int optind = 0;
+ krb5_get_init_creds_opt *opt;
+ krb5_ccache id = NULL;
+ int exit_value;
+
+ optind = krb5_program_setup(&context, argc, argv,
+ args, sizeof(args) / sizeof(args[0]), usage);
+
+ if (help_flag)
+ usage (0, args, sizeof(args) / sizeof(args[0]));
+
+ if(version_flag){
+ print_version (NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_get_init_creds_opt_alloc (context, &opt);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+
+ krb5_get_init_creds_opt_set_tkt_life (opt, 300);
+ krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
+ krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
+
+ if (cred_cache_str) {
+ ret = krb5_cc_resolve(context, cred_cache_str, &id);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_resolve");
+ } else {
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_gen_new");
+ }
+
+ if (cred_cache_str == NULL) {
+ krb5_principal admin_principal = NULL;
+ krb5_creds cred;
+
+ if (admin_principal_str) {
+ ret = krb5_parse_name (context, admin_principal_str,
+ &admin_principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name");
+ } else if (argc == 1) {
+ ret = krb5_parse_name (context, argv[0], &admin_principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name");
+ } else {
+ ret = krb5_get_default_principal (context, &admin_principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_default_principal");
+ }
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ admin_principal,
+ NULL,
+ krb5_prompter_posix,
+ NULL,
+ 0,
+ "kadmin/changepw",
+ opt);
+ switch (ret) {
+ case 0:
+ break;
+ case KRB5_LIBOS_PWDINTR :
+ return 1;
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY :
+ case KRB5KRB_AP_ERR_MODIFIED :
+ krb5_errx(context, 1, "Password incorrect");
+ break;
+ default:
+ krb5_err(context, 1, ret, "krb5_get_init_creds");
+ }
+
+ krb5_get_init_creds_opt_free(context, opt);
+
+ ret = krb5_cc_initialize(context, id, admin_principal);
+ krb5_free_principal(context, admin_principal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_store_cred(context, id, &cred);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_store_cred");
+
+ krb5_free_cred_contents (context, &cred);
+ }
+
+ if (argc == 0) {
+ exit_value = change_password(context, NULL, id);
+ } else {
+ exit_value = 0;
+
+ while (argc-- > 0) {
+
+ ret = krb5_parse_name (context, argv[0], &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name");
+
+ ret = change_password(context, principal, id);
+ if (ret)
+ exit_value = 1;
+ krb5_free_principal(context, principal);
+ argv++;
+ }
+ }
+
+ if (cred_cache_str == NULL) {
+ ret = krb5_cc_destroy(context, id);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_destroy");
+ } else {
+ ret = krb5_cc_close(context, id);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_close");
+ }
+
+ krb5_free_context (context);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kpasswd/kpasswd_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/kpasswd_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/kpasswd_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kpasswd_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __KPASSWD_LOCL_H__
+#define __KPASSWD_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#include <krb5.h>
+#include "crypto-headers.h" /* for des_read_pw_string */
+
+#endif /* __KPASSWD_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/kpasswd/kpasswdd.8
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/kpasswdd.8 (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/kpasswdd.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,96 @@
+.\" $Id: kpasswdd.8,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd April 19, 1999
+.Dt KPASSWDD 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kpasswdd
+.Nd Kerberos 5 password changing server
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Op Fl -addresses= Ns Ar address
+.Op Fl -check-library= Ns Ar library
+.Op Fl -check-function= Ns Ar function
+.Oo Fl k Ar kspec \*(Ba Xo
+.Fl -keytab= Ns Ar kspec
+.Xc
+.Oc
+.Oo Fl r Ar realm \*(Ba Xo
+.Fl -realm= Ns Ar realm
+.Xc
+.Oc
+.Oo Fl p Ar string \*(Ba Xo
+.Fl -port= Ns Ar string
+.Xc
+.Oc
+.Op Fl -version
+.Op Fl -help
+.Ek
+.Sh DESCRIPTION
+.Nm
+serves request for password changes. It listens on UDP port 464
+(service kpasswd) and processes requests when they arrive. It changes
+the database directly and should thus only run on the master KDC.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl -addresses= Ns Ar address
+.Xc
+For each till the argument is given, add the address to what kpasswdd
+should listen too.
+.It Xo
+.Fl -check-library= Ns Ar library
+.Xc
+If your system has support for dynamic loading of shared libraries,
+you can use an external function to check password quality. This
+option specifies which library to load.
+.It Xo
+.Fl -check-function= Ns Ar function
+.Xc
+This is the function to call in the loaded library. The function
+should look like this:
+.Pp
+.Ft const char *
+.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
+.Pp
+.Fa context
+is an initialized context;
+.Fa principal
+is the one who tries to change passwords, and
+.Fa password
+is the new password. Note that the password (in
+.Fa password->data )
+is not zero terminated.
+.It Xo
+.Fl k Ar kspec ,
+.Fl -keytab= Ns Ar kspec
+.Xc
+Keytab to get authentication key from.
+.It Xo
+.Fl r Ar realm ,
+.Fl -realm= Ns Ar realm
+.Xc
+Default realm.
+.It Xo
+.Fl p Ar string ,
+.Fl -port= Ns Ar string
+.Xc
+Port to listen on (default service kpasswd - 464).
+.El
+.Sh DIAGNOSTICS
+If an error occurs, the error message is returned to the user and/or
+logged to syslog.
+.Sh BUGS
+The default password quality checks are too basic.
+.Sh SEE ALSO
+.Xr kpasswd 1 ,
+.Xr kdc 8
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh SEE ALSO
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
Added: vendor-crypto/heimdal/dist/kpasswd/kpasswdd.c
===================================================================
--- vendor-crypto/heimdal/dist/kpasswd/kpasswdd.c (rev 0)
+++ vendor-crypto/heimdal/dist/kpasswd/kpasswdd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,859 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kpasswd_locl.h"
+RCSID("$Id: kpasswdd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <kadm5/admin.h>
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+#include <hdb.h>
+#include <kadm5/private.h>
+
+static krb5_context context;
+static krb5_log_facility *log_facility;
+
+static struct getarg_strings addresses_str;
+krb5_addresses explicit_addresses;
+
+static sig_atomic_t exit_flag = 0;
+
+static void
+add_one_address (const char *str, int first)
+{
+ krb5_error_code ret;
+ krb5_addresses tmp;
+
+ ret = krb5_parse_address (context, str, &tmp);
+ if (ret)
+ krb5_err (context, 1, ret, "parse_address `%s'", str);
+ if (first)
+ krb5_copy_addresses(context, &tmp, &explicit_addresses);
+ else
+ krb5_append_addresses(context, &explicit_addresses, &tmp);
+ krb5_free_addresses (context, &tmp);
+}
+
+static void
+send_reply (int s,
+ struct sockaddr *sa,
+ int sa_size,
+ krb5_data *ap_rep,
+ krb5_data *rest)
+{
+ struct msghdr msghdr;
+ struct iovec iov[3];
+ uint16_t len, ap_rep_len;
+ u_char header[6];
+ u_char *p;
+
+ if (ap_rep)
+ ap_rep_len = ap_rep->length;
+ else
+ ap_rep_len = 0;
+
+ len = 6 + ap_rep_len + rest->length;
+ p = header;
+ *p++ = (len >> 8) & 0xFF;
+ *p++ = (len >> 0) & 0xFF;
+ *p++ = 0;
+ *p++ = 1;
+ *p++ = (ap_rep_len >> 8) & 0xFF;
+ *p++ = (ap_rep_len >> 0) & 0xFF;
+
+ memset (&msghdr, 0, sizeof(msghdr));
+ msghdr.msg_name = (void *)sa;
+ msghdr.msg_namelen = sa_size;
+ msghdr.msg_iov = iov;
+ msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
+#if 0
+ msghdr.msg_control = NULL;
+ msghdr.msg_controllen = 0;
+#endif
+
+ iov[0].iov_base = (char *)header;
+ iov[0].iov_len = 6;
+ if (ap_rep_len) {
+ iov[1].iov_base = ap_rep->data;
+ iov[1].iov_len = ap_rep->length;
+ } else {
+ iov[1].iov_base = NULL;
+ iov[1].iov_len = 0;
+ }
+ iov[2].iov_base = rest->data;
+ iov[2].iov_len = rest->length;
+
+ if (sendmsg (s, &msghdr, 0) < 0)
+ krb5_warn (context, errno, "sendmsg");
+}
+
+static int
+make_result (krb5_data *data,
+ uint16_t result_code,
+ const char *expl)
+{
+ char *str;
+ krb5_data_zero (data);
+
+ data->length = asprintf (&str,
+ "%c%c%s",
+ (result_code >> 8) & 0xFF,
+ result_code & 0xFF,
+ expl);
+
+ if (str == NULL) {
+ krb5_warnx (context, "Out of memory generating error reply");
+ return 1;
+ }
+ data->data = str;
+ return 0;
+}
+
+static void
+reply_error (krb5_realm realm,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ krb5_error_code error_code,
+ uint16_t result_code,
+ const char *expl)
+{
+ krb5_error_code ret;
+ krb5_data error_data;
+ krb5_data e_data;
+ krb5_principal server = NULL;
+
+ if (make_result(&e_data, result_code, expl))
+ return;
+
+ if (realm) {
+ ret = krb5_make_principal (context, &server, realm,
+ "kadmin", "changepw", NULL);
+ if (ret) {
+ krb5_data_free (&e_data);
+ return;
+ }
+ }
+
+ ret = krb5_mk_error (context,
+ error_code,
+ NULL,
+ &e_data,
+ NULL,
+ server,
+ NULL,
+ NULL,
+ &error_data);
+ if (server)
+ krb5_free_principal(context, server);
+ krb5_data_free (&e_data);
+ if (ret) {
+ krb5_warn (context, ret, "Could not even generate error reply");
+ return;
+ }
+ send_reply (s, sa, sa_size, NULL, &error_data);
+ krb5_data_free (&error_data);
+}
+
+static void
+reply_priv (krb5_auth_context auth_context,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ uint16_t result_code,
+ const char *expl)
+{
+ krb5_error_code ret;
+ krb5_data krb_priv_data;
+ krb5_data ap_rep_data;
+ krb5_data e_data;
+
+ ret = krb5_mk_rep (context,
+ auth_context,
+ &ap_rep_data);
+ if (ret) {
+ krb5_warn (context, ret, "Could not even generate error reply");
+ return;
+ }
+
+ if (make_result(&e_data, result_code, expl))
+ return;
+
+ ret = krb5_mk_priv (context,
+ auth_context,
+ &e_data,
+ &krb_priv_data,
+ NULL);
+ krb5_data_free (&e_data);
+ if (ret) {
+ krb5_warn (context, ret, "Could not even generate error reply");
+ return;
+ }
+ send_reply (s, sa, sa_size, &ap_rep_data, &krb_priv_data);
+ krb5_data_free (&ap_rep_data);
+ krb5_data_free (&krb_priv_data);
+}
+
+/*
+ * Change the password for `principal', sending the reply back on `s'
+ * (`sa', `sa_size') to `pwd_data'.
+ */
+
+static void
+change (krb5_auth_context auth_context,
+ krb5_principal admin_principal,
+ uint16_t version,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ krb5_data *in_data)
+{
+ krb5_error_code ret;
+ char *client = NULL, *admin = NULL;
+ const char *pwd_reason;
+ kadm5_config_params conf;
+ void *kadm5_handle = NULL;
+ krb5_principal principal;
+ krb5_data *pwd_data = NULL;
+ char *tmp;
+ ChangePasswdDataMS chpw;
+
+ memset (&conf, 0, sizeof(conf));
+ memset(&chpw, 0, sizeof(chpw));
+
+ if (version == KRB5_KPASSWD_VERS_CHANGEPW) {
+ ret = krb5_copy_data(context, in_data, &pwd_data);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_copy_data");
+ reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
+ "out out memory copying password");
+ return;
+ }
+ principal = admin_principal;
+ } else if (version == KRB5_KPASSWD_VERS_SETPW) {
+ size_t len;
+
+ ret = decode_ChangePasswdDataMS(in_data->data, in_data->length,
+ &chpw, &len);
+ if (ret) {
+ krb5_warn (context, ret, "decode_ChangePasswdDataMS");
+ reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
+ "malformed ChangePasswdData");
+ return;
+ }
+
+
+ ret = krb5_copy_data(context, &chpw.newpasswd, &pwd_data);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_copy_data");
+ reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED,
+ "out out memory copying password");
+ goto out;
+ }
+
+ if (chpw.targname == NULL && chpw.targrealm != NULL) {
+ krb5_warn (context, ret, "kadm5_init_with_password_ctx");
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_MALFORMED,
+ "targrealm but not targname");
+ goto out;
+ }
+
+ if (chpw.targname) {
+ krb5_principal_data princ;
+
+ princ.name = *chpw.targname;
+ princ.realm = *chpw.targrealm;
+ if (princ.realm == NULL) {
+ ret = krb5_get_default_realm(context, &princ.realm);
+
+ if (ret) {
+ krb5_warnx (context,
+ "kadm5_init_with_password_ctx: "
+ "failed to allocate realm");
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_SOFTERROR,
+ "failed to allocate realm");
+ goto out;
+ }
+ }
+ ret = krb5_copy_principal(context, &princ, &principal);
+ if (*chpw.targrealm == NULL)
+ free(princ.realm);
+ if (ret) {
+ krb5_warn(context, ret, "krb5_copy_principal");
+ reply_priv(auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_HARDERROR,
+ "failed to allocate principal");
+ goto out;
+ }
+ } else
+ principal = admin_principal;
+ } else {
+ krb5_warnx (context, "kadm5_init_with_password_ctx: unknown proto");
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_HARDERROR,
+ "Unknown protocol used");
+ return;
+ }
+
+ ret = krb5_unparse_name (context, admin_principal, &admin);
+ if (ret) {
+ krb5_warn (context, ret, "unparse_name failed");
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_HARDERROR, "out of memory error");
+ goto out;
+ }
+
+ conf.realm = principal->realm;
+ conf.mask |= KADM5_CONFIG_REALM;
+
+ ret = kadm5_init_with_password_ctx(context,
+ admin,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm5_handle);
+ if (ret) {
+ krb5_warn (context, ret, "kadm5_init_with_password_ctx");
+ reply_priv (auth_context, s, sa, sa_size, 2,
+ "Internal error");
+ goto out;
+ }
+
+ ret = krb5_unparse_name(context, principal, &client);
+ if (ret) {
+ krb5_warn (context, ret, "unparse_name failed");
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_HARDERROR, "out of memory error");
+ goto out;
+ }
+
+ /*
+ * Check password quality if not changing as administrator
+ */
+
+ if (krb5_principal_compare(context, admin_principal, principal) == TRUE) {
+
+ pwd_reason = kadm5_check_password_quality (context, principal,
+ pwd_data);
+ if (pwd_reason != NULL ) {
+ krb5_warnx (context,
+ "%s didn't pass password quality check with error: %s",
+ client, pwd_reason);
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_SOFTERROR, pwd_reason);
+ goto out;
+ }
+ krb5_warnx (context, "Changing password for %s", client);
+ } else {
+ ret = _kadm5_acl_check_permission(kadm5_handle, KADM5_PRIV_CPW,
+ principal);
+ if (ret) {
+ krb5_warn (context, ret,
+ "Check ACL failed for %s for changing %s password",
+ admin, client);
+ reply_priv (auth_context, s, sa, sa_size,
+ KRB5_KPASSWD_HARDERROR, "permission denied");
+ goto out;
+ }
+ krb5_warnx (context, "%s is changing password for %s", admin, client);
+ }
+
+ ret = krb5_data_realloc(pwd_data, pwd_data->length + 1);
+ if (ret) {
+ krb5_warn (context, ret, "malloc: out of memory");
+ reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR,
+ "Internal error");
+ goto out;
+ }
+ tmp = pwd_data->data;
+ tmp[pwd_data->length - 1] = '\0';
+
+ ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, tmp);
+ krb5_free_data (context, pwd_data);
+ pwd_data = NULL;
+ if (ret) {
+ char *str = krb5_get_error_message(context, ret);
+ krb5_warnx(context, "kadm5_s_chpass_principal_cond: %s", str);
+ reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR,
+ str ? str : "Internal error");
+ krb5_free_error_string(context, str);
+ goto out;
+ }
+ reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS,
+ "Password changed");
+out:
+ free_ChangePasswdDataMS(&chpw);
+ if (admin)
+ free(admin);
+ if (client)
+ free(client);
+ if (pwd_data)
+ krb5_free_data(context, pwd_data);
+ if (kadm5_handle)
+ kadm5_destroy (kadm5_handle);
+}
+
+static int
+verify (krb5_auth_context *auth_context,
+ krb5_realm *realms,
+ krb5_keytab keytab,
+ krb5_ticket **ticket,
+ krb5_data *out_data,
+ uint16_t *version,
+ int s,
+ struct sockaddr *sa,
+ int sa_size,
+ u_char *msg,
+ size_t len)
+{
+ krb5_error_code ret;
+ uint16_t pkt_len, pkt_ver, ap_req_len;
+ krb5_data ap_req_data;
+ krb5_data krb_priv_data;
+ krb5_realm *r;
+
+ pkt_len = (msg[0] << 8) | (msg[1]);
+ pkt_ver = (msg[2] << 8) | (msg[3]);
+ ap_req_len = (msg[4] << 8) | (msg[5]);
+ if (pkt_len != len) {
+ krb5_warnx (context, "Strange len: %ld != %ld",
+ (long)pkt_len, (long)len);
+ reply_error (NULL, s, sa, sa_size, 0, 1, "Bad request");
+ return 1;
+ }
+ if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW &&
+ pkt_ver != KRB5_KPASSWD_VERS_SETPW) {
+ krb5_warnx (context, "Bad version (%d)", pkt_ver);
+ reply_error (NULL, s, sa, sa_size, 0, 1, "Wrong program version");
+ return 1;
+ }
+ *version = pkt_ver;
+
+ ap_req_data.data = msg + 6;
+ ap_req_data.length = ap_req_len;
+
+ ret = krb5_rd_req (context,
+ auth_context,
+ &ap_req_data,
+ NULL,
+ keytab,
+ NULL,
+ ticket);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_rd_req");
+ reply_error (NULL, s, sa, sa_size, ret, 3, "Authentication failed");
+ return 1;
+ }
+
+ /* verify realm and principal */
+ for (r = realms; *r != NULL; r++) {
+ krb5_principal principal;
+ krb5_boolean same;
+
+ ret = krb5_make_principal (context,
+ &principal,
+ *r,
+ "kadmin",
+ "changepw",
+ NULL);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_make_principal");
+
+ same = krb5_principal_compare(context, principal, (*ticket)->server);
+ krb5_free_principal(context, principal);
+ if (same == TRUE)
+ break;
+ }
+ if (*r == NULL) {
+ char *str;
+ krb5_unparse_name(context, (*ticket)->server, &str);
+ krb5_warnx (context, "client used not valid principal %s", str);
+ free(str);
+ reply_error (NULL, s, sa, sa_size, ret, 1,
+ "Bad request");
+ goto out;
+ }
+
+ if (strcmp((*ticket)->server->realm, (*ticket)->client->realm) != 0) {
+ krb5_warnx (context, "server realm (%s) not same a client realm (%s)",
+ (*ticket)->server->realm, (*ticket)->client->realm);
+ reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 1,
+ "Bad request");
+ goto out;
+ }
+
+ if (!(*ticket)->ticket.flags.initial) {
+ krb5_warnx (context, "initial flag not set");
+ reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 1,
+ "Bad request");
+ goto out;
+ }
+ krb_priv_data.data = msg + 6 + ap_req_len;
+ krb_priv_data.length = len - 6 - ap_req_len;
+
+ ret = krb5_rd_priv (context,
+ *auth_context,
+ &krb_priv_data,
+ out_data,
+ NULL);
+
+ if (ret) {
+ krb5_warn (context, ret, "krb5_rd_priv");
+ reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 3,
+ "Bad request");
+ goto out;
+ }
+ return 0;
+out:
+ krb5_free_ticket (context, *ticket);
+ ticket = NULL;
+ return 1;
+}
+
+static void
+process (krb5_realm *realms,
+ krb5_keytab keytab,
+ int s,
+ krb5_address *this_addr,
+ struct sockaddr *sa,
+ int sa_size,
+ u_char *msg,
+ int len)
+{
+ krb5_error_code ret;
+ krb5_auth_context auth_context = NULL;
+ krb5_data out_data;
+ krb5_ticket *ticket;
+ krb5_address other_addr;
+ uint16_t version;
+
+
+ krb5_data_zero (&out_data);
+
+ ret = krb5_auth_con_init (context, &auth_context);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_auth_con_init");
+ return;
+ }
+
+ krb5_auth_con_setflags (context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+ ret = krb5_sockaddr2address (context, sa, &other_addr);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_sockaddr2address");
+ goto out;
+ }
+
+ ret = krb5_auth_con_setaddrs (context,
+ auth_context,
+ this_addr,
+ &other_addr);
+ krb5_free_address (context, &other_addr);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_auth_con_setaddr");
+ goto out;
+ }
+
+ if (verify (&auth_context, realms, keytab, &ticket, &out_data,
+ &version, s, sa, sa_size, msg, len) == 0) {
+ change (auth_context,
+ ticket->client,
+ version,
+ s,
+ sa, sa_size,
+ &out_data);
+ memset (out_data.data, 0, out_data.length);
+ krb5_free_ticket (context, ticket);
+ }
+
+out:
+ krb5_data_free (&out_data);
+ krb5_auth_con_free (context, auth_context);
+}
+
+static int
+doit (krb5_keytab keytab, int port)
+{
+ krb5_error_code ret;
+ int *sockets;
+ int maxfd;
+ krb5_realm *realms;
+ krb5_addresses addrs;
+ unsigned n, i;
+ fd_set real_fdset;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+
+ ret = krb5_get_default_realms(context, &realms);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_default_realms");
+
+ if (explicit_addresses.len) {
+ addrs = explicit_addresses;
+ } else {
+ ret = krb5_get_all_server_addrs (context, &addrs);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
+ }
+ n = addrs.len;
+
+ sockets = malloc (n * sizeof(*sockets));
+ if (sockets == NULL)
+ krb5_errx (context, 1, "out of memory");
+ maxfd = -1;
+ FD_ZERO(&real_fdset);
+ for (i = 0; i < n; ++i) {
+ krb5_socklen_t sa_size = sizeof(__ss);
+
+ krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port);
+
+ sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0);
+ if (sockets[i] < 0)
+ krb5_err (context, 1, errno, "socket");
+ if (bind (sockets[i], sa, sa_size) < 0) {
+ char str[128];
+ size_t len;
+ int save_errno = errno;
+
+ ret = krb5_print_address (&addrs.val[i], str, sizeof(str), &len);
+ if (ret)
+ strlcpy(str, "unknown address", sizeof(str));
+ krb5_warn (context, save_errno, "bind(%s)", str);
+ continue;
+ }
+ maxfd = max (maxfd, sockets[i]);
+ if (maxfd >= FD_SETSIZE)
+ krb5_errx (context, 1, "fd too large");
+ FD_SET(sockets[i], &real_fdset);
+ }
+ if (maxfd == -1)
+ krb5_errx (context, 1, "No sockets!");
+
+ while(exit_flag == 0) {
+ int ret;
+ fd_set fdset = real_fdset;
+
+ ret = select (maxfd + 1, &fdset, NULL, NULL, NULL);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ krb5_err (context, 1, errno, "select");
+ }
+ for (i = 0; i < n; ++i)
+ if (FD_ISSET(sockets[i], &fdset)) {
+ u_char buf[BUFSIZ];
+ socklen_t addrlen = sizeof(__ss);
+
+ ret = recvfrom (sockets[i], buf, sizeof(buf), 0,
+ sa, &addrlen);
+ if (ret < 0) {
+ if(errno == EINTR)
+ break;
+ else
+ krb5_err (context, 1, errno, "recvfrom");
+ }
+
+ process (realms, keytab, sockets[i],
+ &addrs.val[i],
+ sa, addrlen,
+ buf, ret);
+ }
+ }
+
+ for (i = 0; i < n; ++i)
+ close(sockets[i]);
+ free(sockets);
+
+ krb5_free_addresses (context, &addrs);
+ krb5_free_host_realm (context, realms);
+ krb5_free_context (context);
+ return 0;
+}
+
+static RETSIGTYPE
+sigterm(int sig)
+{
+ exit_flag = 1;
+}
+
+static const char *check_library = NULL;
+static const char *check_function = NULL;
+static getarg_strings policy_libraries = { 0, NULL };
+static char *keytab_str = "HDB:";
+static char *realm_str;
+static int version_flag;
+static int help_flag;
+static char *port_str;
+static char *config_file;
+
+struct getargs args[] = {
+#ifdef HAVE_DLOPEN
+ { "check-library", 0, arg_string, &check_library,
+ "library to load password check function from", "library" },
+ { "check-function", 0, arg_string, &check_function,
+ "password check function to load", "function" },
+ { "policy-libraries", 0, arg_strings, &policy_libraries,
+ "password check function to load", "function" },
+#endif
+ { "addresses", 0, arg_strings, &addresses_str,
+ "addresses to listen on", "list of addresses" },
+ { "keytab", 'k', arg_string, &keytab_str,
+ "keytab to get authentication key from", "kspec" },
+ { "config-file", 'c', arg_string, &config_file },
+ { "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
+ { "port", 'p', arg_string, &port_str, "port" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main (int argc, char **argv)
+{
+ int optind;
+ krb5_keytab keytab;
+ krb5_error_code ret;
+ char **files;
+ int port, i;
+
+ optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (config_file == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if (ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ if(realm_str)
+ krb5_set_default_realm(context, realm_str);
+
+ krb5_openlog (context, "kpasswdd", &log_facility);
+ krb5_set_warn_dest(context, log_facility);
+
+ if (port_str != NULL) {
+ struct servent *s = roken_getservbyname (port_str, "udp");
+
+ if (s != NULL)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ krb5_errx (context, 1, "bad port `%s'", port_str);
+ port = htons(port);
+ }
+ } else
+ port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "%s", keytab_str);
+
+ kadm5_setup_passwd_quality_check (context, check_library, check_function);
+
+ for (i = 0; i < policy_libraries.num_strings; i++) {
+ ret = kadm5_add_passwd_quality_verifier(context,
+ policy_libraries.strings[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+ }
+ ret = kadm5_add_passwd_quality_verifier(context, NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier");
+
+
+ explicit_addresses.len = 0;
+
+ if (addresses_str.num_strings) {
+ int i;
+
+ for (i = 0; i < addresses_str.num_strings; ++i)
+ add_one_address (addresses_str.strings[i], i == 0);
+ free_getarg_strings (&addresses_str);
+ } else {
+ char **foo = krb5_config_get_strings (context, NULL,
+ "kdc", "addresses", NULL);
+
+ if (foo != NULL) {
+ add_one_address (*foo++, TRUE);
+ while (*foo)
+ add_one_address (*foo++, FALSE);
+ }
+ }
+
+#ifdef HAVE_SIGACTION
+ {
+ struct sigaction sa;
+
+ sa.sa_flags = 0;
+ sa.sa_handler = sigterm;
+ sigemptyset(&sa.sa_mask);
+
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+ }
+#else
+ signal(SIGINT, sigterm);
+ signal(SIGTERM, sigterm);
+#endif
+
+ pidfile(NULL);
+
+ return doit (keytab, port);
+}
Added: vendor-crypto/heimdal/dist/krb5.conf
===================================================================
--- vendor-crypto/heimdal/dist/krb5.conf (rev 0)
+++ vendor-crypto/heimdal/dist/krb5.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,26 @@
+[libdefaults]
+ default_realm = MY.REALM
+ clockskew = 300
+ v4_instance_resolve = false
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ ftp = ftp
+ }
+ plain = {
+ something = something-else
+ }
+ }
+
+[realms]
+ MY.REALM = {
+ kdc = MY.COMPUTER
+ }
+ OTHER.REALM = {
+ v4_instance_convert = {
+ kerberos = kerberos
+ computer = computer.some.other.domain
+ }
+ }
+[domain_realm]
+ .my.domain = MY.REALM
Added: vendor-crypto/heimdal/dist/kuser/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/kuser/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+
+man_MANS = \
+ kinit.1 \
+ klist.1 \
+ kdestroy.1 \
+ kgetcred.1 \
+ kimpersonate.1
+
+SLC = $(top_builddir)/lib/sl/slc
+
+bin_PROGRAMS = kinit klist kdestroy kgetcred
+libexec_PROGRAMS = kdigest kimpersonate
+
+noinst_PROGRAMS = kverify kdecode_ticket generate-requests copy_cred_cache
+
+kinit_LDADD = \
+ $(LIB_kafs) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+kdestroy_LDADD = $(kinit_LDADD)
+
+klist_LDADD = $(kinit_LDADD)
+
+kimpersonate_LDADD = $(kinit_LDADD)
+
+dist_kdigest_SOURCES = kdigest.c
+nodist_kdigest_SOURCES = kdigest-commands.c
+
+kdigest_LDADD = \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_roken)
+
+$(kdigest_OBJECTS): kdigest-commands.h
+
+CLEANFILES = kdigest-commands.h kdigest-commands.c
+
+kdigest-commands.c kdigest-commands.h: kdigest-commands.in
+ $(SLC) $(srcdir)/kdigest-commands.in
+
+LDADD = \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+# make sure install-exec-hook doesn't have any commands in Makefile.am.common
+install-exec-hook:
+ (cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
+
+EXTRA_DIST = $(man_MANS) kuser_locl.h kdigest-commands.in copy_cred_cache.1
+
Added: vendor-crypto/heimdal/dist/kuser/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/kuser/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1002 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = kinit$(EXEEXT) klist$(EXEEXT) kdestroy$(EXEEXT) \
+ kgetcred$(EXEEXT)
+libexec_PROGRAMS = kdigest$(EXEEXT) kimpersonate$(EXEEXT)
+noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) \
+ generate-requests$(EXEEXT) copy_cred_cache$(EXEEXT)
+subdir = kuser
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(man1dir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
+copy_cred_cache_SOURCES = copy_cred_cache.c
+copy_cred_cache_OBJECTS = copy_cred_cache.$(OBJEXT)
+copy_cred_cache_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+copy_cred_cache_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+generate_requests_SOURCES = generate-requests.c
+generate_requests_OBJECTS = generate-requests.$(OBJEXT)
+generate_requests_LDADD = $(LDADD)
+generate_requests_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+kdecode_ticket_SOURCES = kdecode_ticket.c
+kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT)
+kdecode_ticket_LDADD = $(LDADD)
+kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+kdestroy_SOURCES = kdestroy.c
+kdestroy_OBJECTS = kdestroy.$(OBJEXT)
+am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \
+ $(am__DEPENDENCIES_1)
+am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+kdestroy_DEPENDENCIES = $(am__DEPENDENCIES_3)
+dist_kdigest_OBJECTS = kdigest.$(OBJEXT)
+nodist_kdigest_OBJECTS = kdigest-commands.$(OBJEXT)
+kdigest_OBJECTS = $(dist_kdigest_OBJECTS) $(nodist_kdigest_OBJECTS)
+kdigest_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1)
+kgetcred_SOURCES = kgetcred.c
+kgetcred_OBJECTS = kgetcred.$(OBJEXT)
+kgetcred_LDADD = $(LDADD)
+kgetcred_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+kimpersonate_SOURCES = kimpersonate.c
+kimpersonate_OBJECTS = kimpersonate.$(OBJEXT)
+kimpersonate_DEPENDENCIES = $(am__DEPENDENCIES_3)
+kinit_SOURCES = kinit.c
+kinit_OBJECTS = kinit.$(OBJEXT)
+kinit_DEPENDENCIES = $(am__DEPENDENCIES_2) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+klist_SOURCES = klist.c
+klist_OBJECTS = klist.$(OBJEXT)
+klist_DEPENDENCIES = $(am__DEPENDENCIES_3)
+kverify_SOURCES = kverify.c
+kverify_OBJECTS = kverify.$(OBJEXT)
+kverify_LDADD = $(LDADD)
+kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \
+ kdestroy.c $(dist_kdigest_SOURCES) $(nodist_kdigest_SOURCES) \
+ kgetcred.c kimpersonate.c kinit.c klist.c kverify.c
+DIST_SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \
+ kdestroy.c $(dist_kdigest_SOURCES) kgetcred.c kimpersonate.c \
+ kinit.c klist.c kverify.c
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+man_MANS = \
+ kinit.1 \
+ klist.1 \
+ kdestroy.1 \
+ kgetcred.1 \
+ kimpersonate.1
+
+SLC = $(top_builddir)/lib/sl/slc
+kinit_LDADD = \
+ $(LIB_kafs) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+kdestroy_LDADD = $(kinit_LDADD)
+klist_LDADD = $(kinit_LDADD)
+kimpersonate_LDADD = $(kinit_LDADD)
+dist_kdigest_SOURCES = kdigest.c
+nodist_kdigest_SOURCES = kdigest-commands.c
+kdigest_LDADD = \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_roken)
+
+CLEANFILES = kdigest-commands.h kdigest-commands.c
+LDADD = \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+EXTRA_DIST = $(man_MANS) kuser_locl.h kdigest-commands.in copy_cred_cache.1
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kuser/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps kuser/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+copy_cred_cache$(EXEEXT): $(copy_cred_cache_OBJECTS) $(copy_cred_cache_DEPENDENCIES)
+ @rm -f copy_cred_cache$(EXEEXT)
+ $(LINK) $(copy_cred_cache_OBJECTS) $(copy_cred_cache_LDADD) $(LIBS)
+generate-requests$(EXEEXT): $(generate_requests_OBJECTS) $(generate_requests_DEPENDENCIES)
+ @rm -f generate-requests$(EXEEXT)
+ $(LINK) $(generate_requests_OBJECTS) $(generate_requests_LDADD) $(LIBS)
+kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES)
+ @rm -f kdecode_ticket$(EXEEXT)
+ $(LINK) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS)
+kdestroy$(EXEEXT): $(kdestroy_OBJECTS) $(kdestroy_DEPENDENCIES)
+ @rm -f kdestroy$(EXEEXT)
+ $(LINK) $(kdestroy_OBJECTS) $(kdestroy_LDADD) $(LIBS)
+kdigest$(EXEEXT): $(kdigest_OBJECTS) $(kdigest_DEPENDENCIES)
+ @rm -f kdigest$(EXEEXT)
+ $(LINK) $(kdigest_OBJECTS) $(kdigest_LDADD) $(LIBS)
+kgetcred$(EXEEXT): $(kgetcred_OBJECTS) $(kgetcred_DEPENDENCIES)
+ @rm -f kgetcred$(EXEEXT)
+ $(LINK) $(kgetcred_OBJECTS) $(kgetcred_LDADD) $(LIBS)
+kimpersonate$(EXEEXT): $(kimpersonate_OBJECTS) $(kimpersonate_DEPENDENCIES)
+ @rm -f kimpersonate$(EXEEXT)
+ $(LINK) $(kimpersonate_OBJECTS) $(kimpersonate_LDADD) $(LIBS)
+kinit$(EXEEXT): $(kinit_OBJECTS) $(kinit_DEPENDENCIES)
+ @rm -f kinit$(EXEEXT)
+ $(LINK) $(kinit_OBJECTS) $(kinit_LDADD) $(LIBS)
+klist$(EXEEXT): $(klist_OBJECTS) $(klist_DEPENDENCIES)
+ @rm -f klist$(EXEEXT)
+ $(LINK) $(klist_OBJECTS) $(klist_LDADD) $(LIBS)
+kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES)
+ @rm -f kverify$(EXEEXT)
+ $(LINK) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
+ uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-binPROGRAMS install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libexecPROGRAMS install-man install-man1 install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-libexecPROGRAMS uninstall-man \
+ uninstall-man1
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(kdigest_OBJECTS): kdigest-commands.h
+
+kdigest-commands.c kdigest-commands.h: kdigest-commands.in
+ $(SLC) $(srcdir)/kdigest-commands.in
+
+# make sure install-exec-hook doesn't have any commands in Makefile.am.common
+install-exec-hook:
+ (cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth)
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/kuser/copy_cred_cache.1
===================================================================
--- vendor-crypto/heimdal/dist/kuser/copy_cred_cache.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/copy_cred_cache.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,97 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: copy_cred_cache.1,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd April 24, 2004
+.Dt COPY_CRED_CACHE 1
+.Os HEIMDAL
+.Sh NAME
+.Nm copy_cred_cache
+.Nd
+copy credentials from one cache to another
+.Sh SYNOPSIS
+.Nm
+.Op Fl -krbtgt-only
+.Op Fl -service= Ns Ar principal
+.Op Fl -enctype= Ns Ar enctype
+.Op Fl -flags= Ns Ar ticketflags
+.Op Fl -valid-for= Ns Ar time
+.Op Fl -fcache-version= Ns Ar integer
+.Op Aq Ar from-cache
+.Aq Ar to-cache
+.Sh DESCRIPTION
+.Nm
+copies credentials from
+.Aq Ar from-cache
+(or the default cache) to
+.Aq Ar to-cache .
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Fl -krbtgt-only
+Copies only krbtgt credentials for the client's realm. This is
+equivalent to
+.Fl -service= Ns Li krbtgt/ Ns Ao Ar CLIENTREALM Ac Ns Li @ Ns Ao Ar CLIENTREALM Ac .
+.It Fl -service= Ns Ar principal
+Copies only credentials matching this service principal.
+.It Fl -enctype= Ns Ar enctype
+Copies only credentials a matching enctype.
+.It Fl -flags= Ns Ar ticketflags
+Copies only credentials with these ticket flags set.
+.It Fl -valid-for= Ns Ar time
+Copies only credentials that are valid for at least this long. This
+does not take renewable creds into account.
+.It Fl -fcache-version= Ns Ar integer
+The created cache, If a standard
+.Li FILE
+cache is created, it will have this file format version.
+.El
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.Sh EXAMPLES
+To copy only credentials that are valid for at least one day and with
+the
+.Li initial
+flag set, try something like:
+.Bd -literal -offset indent
+$ copy_cred_cache --valid-for=1d --flags=initial FILE:/some/cache
+.Ed
+.Sh DIAGNOSTICS
+The
+.Nm
+utility exits 0 on success, and \*[Gt]0 if an error occurs, or of no
+credentials where actually copied.
+.\".Sh SEE ALSO
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/kuser/copy_cred_cache.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/copy_cred_cache.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/copy_cred_cache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: copy_cred_cache.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#include <krb5.h>
+#include <roken.h>
+#include <getarg.h>
+#include <parse_units.h>
+#include <parse_time.h>
+
+static int krbtgt_only_flag;
+static char *service_string;
+static char *enctype_string;
+static char *flags_string;
+static char *valid_string;
+static int fcache_version;
+static int help_flag;
+static int version_flag;
+
+static struct getargs args[] = {
+ { "krbtgt-only", 0, arg_flag, &krbtgt_only_flag,
+ "only copy local krbtgt" },
+ { "service", 0, arg_string, &service_string,
+ "limit to this service", "principal" },
+ { "enctype", 0, arg_string, &enctype_string,
+ "limit to this enctype", "enctype" },
+ { "flags", 0, arg_string, &flags_string,
+ "limit to these flags", "ticketflags" },
+ { "valid-for", 0, arg_string, &valid_string,
+ "limit to creds valid for at least this long", "time" },
+ { "fcache-version", 0, arg_integer, &fcache_version,
+ "file cache version to create" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 'h', arg_flag, &help_flag }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage(args,
+ sizeof(args) / sizeof(*args),
+ NULL,
+ "[from-cache] to-cache");
+ exit(ret);
+}
+
+static int32_t
+bitswap32(int32_t b)
+{
+ int32_t r = 0;
+ int i;
+ for (i = 0; i < 32; i++) {
+ r = r << 1 | (b & 1);
+ b = b >> 1;
+ }
+ return r;
+}
+
+static void
+parse_ticket_flags(krb5_context context,
+ const char *string, krb5_ticket_flags *ret_flags)
+{
+ TicketFlags ff;
+ int flags = parse_flags(string, asn1_TicketFlags_units(), 0);
+ if (flags == -1) /* XXX */
+ krb5_errx(context, 1, "bad flags specified: \"%s\"", string);
+
+ memset(&ff, 0, sizeof(ff));
+ ff.proxy = 1;
+ if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff))
+ ret_flags->i = flags;
+ else
+ ret_flags->i = bitswap32(flags);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ int optidx = 0;
+ const char *from_name, *to_name;
+ krb5_ccache from_ccache, to_ccache;
+ krb5_flags whichfields = 0;
+ krb5_creds mcreds;
+ unsigned int matched;
+
+ setprogname(argv[0]);
+
+ memset(&mcreds, 0, sizeof(mcreds));
+
+ if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage(0);
+
+ if (version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc < 1 || argc > 2)
+ usage(1);
+
+ if (krb5_init_context(&context))
+ errx(1, "krb5_init_context failed");
+
+ if (service_string) {
+ ret = krb5_parse_name(context, service_string, &mcreds.server);
+ if (ret)
+ krb5_err(context, 1, ret, "%s", service_string);
+ }
+ if (enctype_string) {
+ krb5_enctype enctype;
+ ret = krb5_string_to_enctype(context, enctype_string, &enctype);
+ if (ret)
+ krb5_err(context, 1, ret, "%s", enctype_string);
+ whichfields |= KRB5_TC_MATCH_KEYTYPE;
+ mcreds.session.keytype = enctype;
+ }
+ if (flags_string) {
+ parse_ticket_flags(context, flags_string, &mcreds.flags);
+ whichfields |= KRB5_TC_MATCH_FLAGS;
+ }
+ if (valid_string) {
+ time_t t = parse_time(valid_string, "s");
+ if(t < 0)
+ errx(1, "unknown time \"%s\"", valid_string);
+ mcreds.times.endtime = time(NULL) + t;
+ whichfields |= KRB5_TC_MATCH_TIMES;
+ }
+ if (fcache_version)
+ krb5_set_fcache_version(context, fcache_version);
+
+ if (argc == 1) {
+ from_name = krb5_cc_default_name(context);
+ to_name = argv[0];
+ } else {
+ from_name = argv[0];
+ to_name = argv[1];
+ }
+
+ ret = krb5_cc_resolve(context, from_name, &from_ccache);
+ if (ret)
+ krb5_err(context, 1, ret, "%s", from_name);
+
+ if (krbtgt_only_flag) {
+ krb5_principal client;
+ ret = krb5_cc_get_principal(context, from_ccache, &client);
+ if (ret)
+ krb5_err(context, 1, ret, "getting default principal");
+ ret = krb5_make_principal(context, &mcreds.server,
+ krb5_principal_get_realm(context, client),
+ KRB5_TGS_NAME,
+ krb5_principal_get_realm(context, client),
+ NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "constructing krbtgt principal");
+ krb5_free_principal(context, client);
+ }
+ ret = krb5_cc_resolve(context, to_name, &to_ccache);
+ if (ret)
+ krb5_err(context, 1, ret, "%s", to_name);
+
+ ret = krb5_cc_copy_cache_match(context, from_ccache, to_ccache,
+ whichfields, &mcreds, &matched);
+ if (ret)
+ krb5_err(context, 1, ret, "copying cred cache");
+
+ krb5_cc_close(context, from_ccache);
+ if(matched == 0)
+ krb5_cc_destroy(context, to_ccache);
+ else
+ krb5_cc_close(context, to_ccache);
+ krb5_free_context(context);
+ return matched == 0;
+}
Added: vendor-crypto/heimdal/dist/kuser/generate-requests.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/generate-requests.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/generate-requests.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2000 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: generate-requests.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static krb5_error_code
+null_key_proc (krb5_context context,
+ krb5_enctype type,
+ krb5_salt salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ return ENOTTY;
+}
+
+static unsigned
+read_words (const char *filename, char ***ret_w)
+{
+ unsigned n, alloc;
+ FILE *f;
+ char buf[256];
+ char **w = NULL;
+
+ f = fopen (filename, "r");
+ if (f == NULL)
+ err (1, "cannot open %s", filename);
+ alloc = n = 0;
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (n >= alloc) {
+ alloc += 16;
+ w = erealloc (w, alloc * sizeof(char **));
+ }
+ w[n++] = estrdup (buf);
+ }
+ *ret_w = w;
+ if (n == 0)
+ errx(1, "%s is an empty file, no words to try", filename);
+ return n;
+}
+
+static void
+generate_requests (const char *filename, unsigned nreq)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_creds cred;
+ int i;
+ char **words;
+ unsigned nwords;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ nwords = read_words (filename, &words);
+
+ for (i = 0; i < nreq; ++i) {
+ char *name = words[rand() % nwords];
+ krb5_realm *client_realm;
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_parse_name (context, name, &cred.client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s", name);
+ client_realm = krb5_princ_realm (context, cred.client);
+
+ ret = krb5_make_principal(context, &cred.server, *client_realm,
+ KRB5_TGS_NAME, *client_realm, NULL);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_make_principal");
+
+ ret = krb5_get_in_cred (context, 0, NULL, NULL, NULL, NULL,
+ null_key_proc, NULL, NULL, NULL,
+ &cred, NULL);
+ krb5_free_cred_contents (context, &cred);
+ }
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "file number");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+ int nreq;
+ char *end;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 2)
+ usage (1);
+ srand (0);
+ nreq = strtol (argv[1], &end, 0);
+ if (argv[1] == end || *end != '\0')
+ usage (1);
+ generate_requests (argv[0], nreq);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kuser/kdecode_ticket.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kdecode_ticket.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kdecode_ticket.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: kdecode_ticket.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static char *etype_str;
+static int version_flag;
+static int help_flag;
+
+static void
+print_and_decode_tkt (krb5_context context,
+ krb5_data *ticket,
+ krb5_principal server,
+ krb5_enctype enctype)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ krb5_data dec_data;
+ size_t len;
+ EncTicketPart decr_part;
+ krb5_keyblock key;
+ Ticket tkt;
+
+ ret = decode_Ticket (ticket->data, ticket->length, &tkt, &len);
+ if (ret)
+ krb5_err (context, 1, ret, "decode_Ticket");
+
+ ret = krb5_string_to_key (context, enctype, "foo", server, &key);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_string_to_key");
+
+ ret = krb5_crypto_init(context, &key, 0, &crypto);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_crypto_init");
+
+ ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET,
+ &tkt.enc_part, &dec_data);
+ krb5_crypto_destroy (context, crypto);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_decrypt_EncryptedData");
+ ret = krb5_decode_EncTicketPart (context, dec_data.data, dec_data.length,
+ &decr_part, &len);
+ krb5_data_free (&dec_data);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_decode_EncTicketPart");
+}
+
+struct getargs args[] = {
+ { "enctype", 'e', arg_string, &etype_str,
+ "encryption type to use", "enctype"},
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "service");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache cache;
+ krb5_creds in, *out;
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx(1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 1)
+ usage (1);
+
+ ret = krb5_cc_default(context, &cache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_default");
+
+ memset(&in, 0, sizeof(in));
+
+ if (etype_str) {
+ krb5_enctype enctype;
+
+ ret = krb5_string_to_enctype(context, etype_str, &enctype);
+ if (ret)
+ krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
+ in.session.keytype = enctype;
+ }
+
+ ret = krb5_cc_get_principal(context, cache, &in.client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_get_principal");
+
+ ret = krb5_parse_name(context, argv[0], &in.server);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
+
+ in.times.endtime = 0;
+ ret = krb5_get_credentials(context, 0, cache, &in, &out);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_credentials");
+
+ print_and_decode_tkt (context, &out->ticket, out->server,
+ out->session.keytype);
+
+ krb5_free_cred_contents(context, out);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kuser/kdestroy.1
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kdestroy.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kdestroy.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,71 @@
+.\" Copyright (c) 1997, 1999, 2001, 2004, 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kdestroy.1,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd April 27, 2006
+.Dt KDESTROY 1
+.Os HEIMDAL
+.Sh NAME
+.Nm kdestroy
+.Nd remove one credental or destroy the current ticket file
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Op Fl c Ar cachefile
+.Op Fl -credential= Ns Ar principal
+.Op Fl -cache= Ns Ar cachefile
+.Op Fl -no-unlog
+.Op Fl -no-delete-v4
+.Op Fl -version
+.Op Fl -help
+.Ek
+.Sh DESCRIPTION
+.Nm
+remove one or the current set of tickets.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Fl credential= Ns Ar principal
+remove
+.Fa principal
+from the credential cache if it exists.
+.It Fl c Ar cachefile
+.It Fl cache= Ns Ar cachefile
+The cache file to remove.
+.It Fl -no-unlog
+Do not remove AFS tokens.
+.It Fl -no-delete-v4
+Do not remove v4 tickets.
+.El
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr klist 1
Added: vendor-crypto/heimdal/dist/kuser/kdestroy.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kdestroy.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kdestroy.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+RCSID("$Id: kdestroy.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static const char *cache;
+static const char *credential;
+static int help_flag;
+static int version_flag;
+static int unlog_flag = 1;
+static int dest_tkt_flag = 1;
+
+struct getargs args[] = {
+ { "credential", 0, arg_string, &credential,
+ "remove one credential", "principal" },
+ { "cache", 'c', arg_string, &cache, "cache to destroy", "cache" },
+ { "unlog", 0, arg_negative_flag, &unlog_flag,
+ "do not destroy tokens", NULL },
+ { "delete-v4", 0, arg_negative_flag, &dest_tkt_flag,
+ "do not destroy v4 tickets", NULL },
+ { "version", 0, arg_flag, &version_flag, NULL, NULL },
+ { "help", 'h', arg_flag, &help_flag, NULL, NULL}
+};
+
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage (int status)
+{
+ arg_printusage (args, num_args, NULL, "");
+ exit (status);
+}
+
+int
+main (int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache ccache;
+ int optidx = 0;
+ int exit_val = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 0)
+ usage (1);
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if(cache == NULL) {
+ cache = krb5_cc_default_name(context);
+ if (cache == NULL) {
+ warnx ("krb5_cc_default_name: %s", krb5_get_err_text(context, ret));
+ exit(1);
+ }
+ }
+
+ ret = krb5_cc_resolve(context,
+ cache,
+ &ccache);
+
+ if (ret == 0) {
+ if (credential) {
+ krb5_creds mcred;
+
+ krb5_cc_clear_mcred(&mcred);
+
+ ret = krb5_parse_name(context, credential, &mcred.server);
+ if (ret)
+ krb5_err(context, 1, ret,
+ "Can't parse principal %s", credential);
+
+ ret = krb5_cc_remove_cred(context, ccache, 0, &mcred);
+ if (ret)
+ krb5_err(context, 1, ret,
+ "Failed to remove principal %s", credential);
+
+ krb5_cc_close(context, ccache);
+ krb5_free_principal(context, mcred.server);
+ krb5_free_context(context);
+ return 0;
+ }
+
+ ret = krb5_cc_destroy (context, ccache);
+ if (ret) {
+ warnx ("krb5_cc_destroy: %s", krb5_get_err_text(context, ret));
+ exit_val = 1;
+ }
+ } else {
+ warnx ("krb5_cc_resolve(%s): %s", cache,
+ krb5_get_err_text(context, ret));
+ exit_val = 1;
+ }
+
+ krb5_free_context (context);
+
+ if (unlog_flag && k_hasafs ()) {
+ if (k_unlog ())
+ exit_val = 1;
+ }
+
+ return exit_val;
+}
Added: vendor-crypto/heimdal/dist/kuser/kdigest-commands.in
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kdigest-commands.in (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kdigest-commands.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,280 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: kdigest-commands.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+command = {
+ name = "digest-probe"
+ option = {
+ long = "realm"
+ type = "string"
+ help = "Kerberos realm to communicate with"
+ }
+ help = "probe what mech is allowed/supported for this server"
+}
+command = {
+ name = "digest-server-init"
+ option = {
+ long = "type"
+ type = "string"
+ help = "digest type"
+ default = "sasl"
+ }
+ option = {
+ long = "kerberos-realm"
+ type = "string"
+ argument = "realm"
+ help = ""
+ }
+ option = {
+ long = "digest"
+ type = "string"
+ argument = "digest-type"
+ help = "digest type to use in the algorithm"
+ }
+ option = {
+ long = "cb-type"
+ type = "string"
+ argument = "type"
+ help = "type of channel bindings"
+ }
+ option = {
+ long = "cb-value"
+ type = "string"
+ argument = "value"
+ help = "value of channel bindings"
+ }
+ option = {
+ long = "hostname"
+ type = "string"
+ argument = "hostname"
+ help = "hostname of the server"
+ }
+ option = {
+ long = "realm"
+ type = "string"
+ help = "Kerberos realm to communicate with"
+ }
+ help = "Sets up a digest context and return initial parameters"
+}
+command = {
+ name = "digest-server-request"
+ option = {
+ long = "type"
+ type = "string"
+ help = "digest type"
+ default = "sasl"
+ }
+ option = {
+ long = "kerberos-realm"
+ type = "string"
+ argument = "realm"
+ help = ""
+ }
+ option = {
+ long = "username"
+ type = "string"
+ argument = "name"
+ help = "digest type"
+ }
+ option = {
+ long = "server-nonce"
+ type = "string"
+ argument = "nonce"
+ help = ""
+ }
+ option = {
+ long = "server-identifier"
+ type = "string"
+ argument = "nonce"
+ help = ""
+ }
+ option = {
+ long = "client-nonce"
+ type = "string"
+ argument = "nonce"
+ help = ""
+ }
+ option = {
+ long = "client-response"
+ type = "string"
+ argument = "response"
+ help = ""
+ }
+ option = {
+ long = "opaque"
+ type = "string"
+ argument = "string"
+ help = ""
+ }
+ option = {
+ long = "authentication-name"
+ type = "string"
+ argument = "name"
+ help = ""
+ }
+ option = {
+ long = "realm"
+ type = "string"
+ argument = "realm"
+ help = ""
+ }
+ option = {
+ long = "method"
+ type = "string"
+ argument = "method"
+ help = ""
+ }
+ option = {
+ long = "uri"
+ type = "string"
+ argument = "uri"
+ help = ""
+ }
+ option = {
+ long = "nounce-count"
+ type = "string"
+ argument = "count"
+ help = ""
+ }
+ option = {
+ long = "qop"
+ type = "string"
+ argument = "qop"
+ help = ""
+ }
+ option = {
+ long = "ccache"
+ type = "string"
+ argument = "ccache"
+ help = "Where the the credential cache is created when the KDC returns tickets"
+ }
+ help = "Completes digest negotiation and return final parameters"
+}
+command = {
+ name = "digest-client-request"
+ option = {
+ long = "type"
+ type = "string"
+ help = "digest type"
+ default = "sasl"
+ }
+ option = {
+ long = "username"
+ type = "string"
+ argument = "name"
+ help = "digest type"
+ }
+ option = {
+ long = "password"
+ type = "string"
+ argument = "password"
+ }
+ option = {
+ long = "server-nonce"
+ type = "string"
+ argument = "nonce"
+ help = ""
+ }
+ option = {
+ long = "server-identifier"
+ type = "string"
+ argument = "nonce"
+ help = ""
+ }
+ option = {
+ long = "client-nonce"
+ type = "string"
+ argument = "nonce"
+ help = ""
+ }
+ option = {
+ long = "opaque"
+ type = "string"
+ argument = "string"
+ help = ""
+ }
+ option = {
+ long = "realm"
+ type = "string"
+ argument = "realm"
+ help = ""
+ }
+ option = {
+ long = "method"
+ type = "string"
+ argument = "method"
+ help = ""
+ }
+ option = {
+ long = "uri"
+ type = "string"
+ argument = "uri"
+ help = ""
+ }
+ option = {
+ long = "nounce-count"
+ type = "string"
+ argument = "count"
+ help = ""
+ }
+ option = {
+ long = "qop"
+ type = "string"
+ argument = "qop"
+ help = ""
+ }
+ help = "Client part of a digest exchange"
+}
+command = {
+ name = "ntlm-server-init"
+ option = {
+ long = "version"
+ type = "integer"
+ help = "ntlm version"
+ default = "1"
+ }
+ option = {
+ long = "kerberos-realm"
+ type = "string"
+ help = "Kerberos realm to communicate with"
+ }
+ help = "Sets up a digest context and return initial parameters"
+}
+command = {
+ name = "help"
+ name = "?"
+ argument = "[command]"
+ min_args = "0"
+ max_args = "1"
+ help = "Help! I need somebody."
+}
Added: vendor-crypto/heimdal/dist/kuser/kdigest.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kdigest.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kdigest.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,551 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+RCSID("$Id: kdigest.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+#include <kdigest-commands.h>
+#include <hex.h>
+#include <base64.h>
+#include <heimntlm.h>
+#include "crypto-headers.h"
+
+static int version_flag = 0;
+static int help_flag = 0;
+static char *ccache_string;
+static krb5_ccache id;
+
+static struct getargs args[] = {
+ {"ccache", 0, arg_string, &ccache_string, "credential cache", NULL },
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "");
+ exit (ret);
+}
+
+static krb5_context context;
+
+int
+digest_probe(struct digest_probe_options *opt,
+ int argc, char ** argv)
+{
+ krb5_error_code ret;
+ krb5_realm realm;
+ unsigned flags;
+
+ realm = opt->realm_string;
+
+ if (realm == NULL)
+ errx(1, "realm missing");
+
+ ret = krb5_digest_probe(context, realm, id, &flags);
+ if (ret)
+ krb5_err(context, 1, ret, "digest_probe");
+
+ printf("flags: %u\n", flags);
+
+ return 0;
+}
+
+int
+digest_server_init(struct digest_server_init_options *opt,
+ int argc, char ** argv)
+{
+ krb5_error_code ret;
+ krb5_digest digest;
+
+ ret = krb5_digest_alloc(context, &digest);
+ if (ret)
+ krb5_err(context, 1, ret, "digest_alloc");
+
+ ret = krb5_digest_set_type(context, digest, opt->type_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_type");
+
+ if (opt->cb_type_string && opt->cb_value_string) {
+ ret = krb5_digest_set_server_cb(context, digest,
+ opt->cb_type_string,
+ opt->cb_value_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_server_cb");
+ }
+ ret = krb5_digest_init_request(context,
+ digest,
+ opt->kerberos_realm_string,
+ id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_init_request");
+
+ printf("type=%s\n", opt->type_string);
+ printf("server-nonce=%s\n",
+ krb5_digest_get_server_nonce(context, digest));
+ {
+ const char *s = krb5_digest_get_identifier(context, digest);
+ if (s)
+ printf("identifier=%s\n", s);
+ }
+ printf("opaque=%s\n", krb5_digest_get_opaque(context, digest));
+
+ return 0;
+}
+
+int
+digest_server_request(struct digest_server_request_options *opt,
+ int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_digest digest;
+ const char *status, *rsp;
+ krb5_data session_key;
+
+ if (opt->server_nonce_string == NULL)
+ errx(1, "server nonce missing");
+ if (opt->type_string == NULL)
+ errx(1, "type missing");
+ if (opt->opaque_string == NULL)
+ errx(1, "opaque missing");
+ if (opt->client_response_string == NULL)
+ errx(1, "client response missing");
+
+ ret = krb5_digest_alloc(context, &digest);
+ if (ret)
+ krb5_err(context, 1, ret, "digest_alloc");
+
+ if (strcasecmp(opt->type_string, "CHAP") == 0) {
+ if (opt->server_identifier_string == NULL)
+ errx(1, "server identifier missing");
+
+ ret = krb5_digest_set_identifier(context, digest,
+ opt->server_identifier_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_type");
+ }
+
+ ret = krb5_digest_set_type(context, digest, opt->type_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_type");
+
+ ret = krb5_digest_set_username(context, digest, opt->username_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_username");
+
+ ret = krb5_digest_set_server_nonce(context, digest,
+ opt->server_nonce_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_server_nonce");
+
+ if(opt->client_nonce_string) {
+ ret = krb5_digest_set_client_nonce(context, digest,
+ opt->client_nonce_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_client_nonce");
+ }
+
+
+ ret = krb5_digest_set_opaque(context, digest, opt->opaque_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_opaque");
+
+ ret = krb5_digest_set_responseData(context, digest,
+ opt->client_response_string);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_set_responseData");
+
+ ret = krb5_digest_request(context, digest,
+ opt->kerberos_realm_string, id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_request");
+
+ status = krb5_digest_rep_get_status(context, digest) ? "ok" : "failed";
+ rsp = krb5_digest_get_rsp(context, digest);
+
+ printf("status=%s\n", status);
+ if (rsp)
+ printf("rsp=%s\n", rsp);
+ printf("tickets=no\n");
+
+ ret = krb5_digest_get_session_key(context, digest, &session_key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_digest_get_session_key");
+
+ if (session_key.length) {
+ char *key;
+ hex_encode(session_key.data, session_key.length, &key);
+ if (key == NULL)
+ krb5_errx(context, 1, "hex_encode");
+ krb5_data_free(&session_key);
+ printf("session-key=%s\n", key);
+ free(key);
+ }
+
+ return 0;
+}
+
+static void
+client_chap(const void *server_nonce, size_t snoncelen,
+ unsigned char server_identifier,
+ const char *password)
+{
+ MD5_CTX ctx;
+ unsigned char md[MD5_DIGEST_LENGTH];
+ char *h;
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, &server_identifier, 1);
+ MD5_Update(&ctx, password, strlen(password));
+ MD5_Update(&ctx, server_nonce, snoncelen);
+ MD5_Final(md, &ctx);
+
+ hex_encode(md, 16, &h);
+
+ printf("responseData=%s\n", h);
+ free(h);
+}
+
+static const unsigned char ms_chap_v2_magic1[39] = {
+ 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
+ 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
+ 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
+ 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74
+};
+static const unsigned char ms_chap_v2_magic2[41] = {
+ 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
+ 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
+ 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
+ 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
+ 0x6E
+};
+static const unsigned char ms_rfc3079_magic1[27] = {
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
+};
+
+static void
+client_mschapv2(const void *server_nonce, size_t snoncelen,
+ const void *client_nonce, size_t cnoncelen,
+ const char *username,
+ const char *password)
+{
+ SHA_CTX ctx;
+ MD4_CTX hctx;
+ unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH];
+ unsigned char hmd[MD4_DIGEST_LENGTH];
+ struct ntlm_buf answer;
+ int i, len, ret;
+ char *h;
+
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, client_nonce, cnoncelen);
+ SHA1_Update(&ctx, server_nonce, snoncelen);
+ SHA1_Update(&ctx, username, strlen(username));
+ SHA1_Final(md, &ctx);
+
+ MD4_Init(&hctx);
+ len = strlen(password);
+ for (i = 0; i < len; i++) {
+ MD4_Update(&hctx, &password[i], 1);
+ MD4_Update(&hctx, &password[len], 1);
+ }
+ MD4_Final(hmd, &hctx);
+
+ /* ChallengeResponse */
+ ret = heim_ntlm_calculate_ntlm1(hmd, sizeof(hmd), md, &answer);
+ if (ret)
+ errx(1, "heim_ntlm_calculate_ntlm1");
+
+ hex_encode(answer.data, answer.length, &h);
+ printf("responseData=%s\n", h);
+ free(h);
+
+ /* PasswordHash */
+ MD4_Init(&hctx);
+ MD4_Update(&hctx, hmd, sizeof(hmd));
+ MD4_Final(hmd, &hctx);
+
+ /* GenerateAuthenticatorResponse */
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, hmd, sizeof(hmd));
+ SHA1_Update(&ctx, answer.data, answer.length);
+ SHA1_Update(&ctx, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1));
+ SHA1_Final(md, &ctx);
+
+ /* ChallengeHash */
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, client_nonce, cnoncelen);
+ SHA1_Update(&ctx, server_nonce, snoncelen);
+ SHA1_Update(&ctx, username, strlen(username));
+ SHA1_Final(challange, &ctx);
+
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, md, sizeof(md));
+ SHA1_Update(&ctx, challange, 8);
+ SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2));
+ SHA1_Final(md, &ctx);
+
+ hex_encode(md, sizeof(md), &h);
+ printf("AuthenticatorResponse=%s\n", h);
+ free(h);
+
+ /* get_master, rfc 3079 3.4 */
+ SHA1_Init(&ctx);
+ SHA1_Update(&ctx, hmd, sizeof(hmd));
+ SHA1_Update(&ctx, answer.data, answer.length);
+ SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1));
+ SHA1_Final(md, &ctx);
+
+ free(answer.data);
+
+ hex_encode(md, 16, &h);
+ printf("session-key=%s\n", h);
+ free(h);
+}
+
+
+int
+digest_client_request(struct digest_client_request_options *opt,
+ int argc, char **argv)
+{
+ char *server_nonce, *client_nonce = NULL, server_identifier;
+ ssize_t snoncelen, cnoncelen = 0;
+
+ if (opt->server_nonce_string == NULL)
+ errx(1, "server nonce missing");
+ if (opt->password_string == NULL)
+ errx(1, "password missing");
+
+ if (opt->opaque_string == NULL)
+ errx(1, "opaque missing");
+
+ snoncelen = strlen(opt->server_nonce_string);
+ server_nonce = malloc(snoncelen);
+ if (server_nonce == NULL)
+ errx(1, "server_nonce");
+
+ snoncelen = hex_decode(opt->server_nonce_string, server_nonce, snoncelen);
+ if (snoncelen <= 0)
+ errx(1, "server nonce wrong");
+
+ if (opt->client_nonce_string) {
+ cnoncelen = strlen(opt->client_nonce_string);
+ client_nonce = malloc(cnoncelen);
+ if (client_nonce == NULL)
+ errx(1, "client_nonce");
+
+ cnoncelen = hex_decode(opt->client_nonce_string,
+ client_nonce, cnoncelen);
+ if (cnoncelen <= 0)
+ errx(1, "client nonce wrong");
+ }
+
+ if (opt->server_identifier_string) {
+ int ret;
+
+ ret = hex_decode(opt->server_identifier_string, &server_identifier, 1);
+ if (ret != 1)
+ errx(1, "server identifier wrong length");
+ }
+
+ if (strcasecmp(opt->type_string, "CHAP") == 0) {
+ if (opt->server_identifier_string == NULL)
+ errx(1, "server identifier missing");
+
+ client_chap(server_nonce, snoncelen, server_identifier,
+ opt->password_string);
+
+ } else if (strcasecmp(opt->type_string, "MS-CHAP-V2") == 0) {
+ if (opt->client_nonce_string == NULL)
+ errx(1, "client nonce missing");
+ if (opt->username_string == NULL)
+ errx(1, "client nonce missing");
+
+ client_mschapv2(server_nonce, snoncelen,
+ client_nonce, cnoncelen,
+ opt->username_string,
+ opt->password_string);
+ }
+
+
+ return 0;
+}
+
+#include <heimntlm.h>
+
+int
+ntlm_server_init(struct ntlm_server_init_options *opt,
+ int argc, char ** argv)
+{
+ krb5_error_code ret;
+ krb5_ntlm ntlm;
+ struct ntlm_type2 type2;
+ krb5_data challange, opaque;
+ struct ntlm_buf data;
+ char *s;
+
+ memset(&type2, 0, sizeof(type2));
+
+ ret = krb5_ntlm_alloc(context, &ntlm);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ntlm_alloc");
+
+ ret = krb5_ntlm_init_request(context,
+ ntlm,
+ opt->kerberos_realm_string,
+ id,
+ NTLM_NEG_UNICODE|NTLM_NEG_NTLM,
+ "NUTCRACKER",
+ "L");
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ntlm_init_request");
+
+ /*
+ *
+ */
+
+ ret = krb5_ntlm_init_get_challange(context, ntlm, &challange);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ntlm_init_get_challange");
+
+ if (challange.length != sizeof(type2.challange))
+ krb5_errx(context, 1, "ntlm challange have wrong length");
+ memcpy(type2.challange, challange.data, sizeof(type2.challange));
+ krb5_data_free(&challange);
+
+ ret = krb5_ntlm_init_get_flags(context, ntlm, &type2.flags);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags");
+
+ krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname);
+ type2.targetinfo.data = "\x00\x00";
+ type2.targetinfo.length = 2;
+
+ ret = heim_ntlm_encode_type2(&type2, &data);
+ if (ret)
+ krb5_errx(context, 1, "heim_ntlm_encode_type2");
+
+ free(type2.targetname);
+
+ /*
+ *
+ */
+
+ base64_encode(data.data, data.length, &s);
+ free(data.data);
+ printf("type2=%s\n", s);
+ free(s);
+
+ /*
+ *
+ */
+
+ ret = krb5_ntlm_init_get_opaque(context, ntlm, &opaque);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ntlm_init_get_opaque");
+
+ base64_encode(opaque.data, opaque.length, &s);
+ krb5_data_free(&opaque);
+ printf("opaque=%s\n", s);
+ free(s);
+
+ /*
+ *
+ */
+
+ krb5_ntlm_free(context, ntlm);
+
+ return 0;
+}
+
+
+/*
+ *
+ */
+
+int
+help(void *opt, int argc, char **argv)
+{
+ sl_slc_help(commands, argc, argv);
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context (&context);
+ if (ret == KRB5_CONFIG_BADFORMAT)
+ errx (1, "krb5_init_context failed to parse configuration file");
+ else if (ret)
+ errx(1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc == 0) {
+ help(NULL, argc, argv);
+ return 1;
+ }
+
+ if (ccache_string) {
+ ret = krb5_cc_resolve(context, ccache_string, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_resolve");
+ }
+
+ ret = sl_command (commands, argc, argv);
+ if (ret == -1) {
+ help(NULL, argc, argv);
+ return 1;
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kuser/kgetcred.1
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kgetcred.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kgetcred.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kgetcred.1,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd March 12, 2004
+.Dt KGETCRED 1
+.Os HEIMDAL
+.Sh NAME
+.Nm kgetcred
+.Nd "get a ticket for a particular service"
+.Sh SYNOPSIS
+.Nm
+.Op Fl -canonicalize
+.Oo Fl c cache \*(Ba Xo
+.Fl -cache= Ns Ar cache
+.Xc
+.Oc
+.Oo Fl e Ar enctype \*(Ba Xo
+.Fl -enctype= Ns Ar enctype
+.Xc
+.Oc
+.Op Fl -no-transit-check
+.Op Fl -version
+.Op Fl -help
+.Ar service
+.Sh DESCRIPTION
+.Nm
+obtains a ticket for a service.
+Usually tickets for services are obtained automatically when needed
+but sometimes for some odd reason you want to obtain a particular
+ticket or of a special type.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl -canonicalize
+.Xc
+requests that the KDC canonicalize the principal.
+.It Xo
+.Fl c Ar cache ,
+.Fl -cache= Ns Ar cache
+.Xc
+the credential cache to use.
+.It Xo
+.Fl e Ar enctype ,
+.Fl -enctype= Ns Ar enctype
+.Xc
+encryption type to use.
+.It Xo
+.Fl -no-transit-check
+.Xc
+requests that the KDC doesn't do trasnit checking.
+.It Xo
+.Fl -version
+.Xc
+.It Xo
+.Fl -help
+.Xc
+.El
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr klist 1
Added: vendor-crypto/heimdal/dist/kuser/kgetcred.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kgetcred.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kgetcred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,228 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: kgetcred.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static char *cache_str;
+static char *out_cache_str;
+static char *delegation_cred_str;
+static char *etype_str;
+static int transit_flag = 1;
+static int forwardable_flag;
+static char *impersonate_str;
+static char *nametype_str;
+static int version_flag;
+static int help_flag;
+
+struct getargs args[] = {
+ { "cache", 'c', arg_string, &cache_str,
+ "credential cache to use", "cache"},
+ { "out-cache", 0, arg_string, &out_cache_str,
+ "credential cache to store credential in", "cache"},
+ { "delegation-credential-cache",0,arg_string, &delegation_cred_str,
+ "where to find the ticket use for delegation", "cache"},
+ { "forwardable", 0, arg_flag, &forwardable_flag,
+ "forwardable ticket requested"},
+ { "transit-check", 0, arg_negative_flag, &transit_flag },
+ { "enctype", 'e', arg_string, &etype_str,
+ "encryption type to use", "enctype"},
+ { "impersonate", 0, arg_string, &impersonate_str,
+ "client to impersonate", "principal"},
+ { "name-type", 0, arg_string, &nametype_str },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "service");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache cache;
+ krb5_creds *out;
+ int optidx = 0;
+ krb5_get_creds_opt opt;
+ krb5_principal server;
+ krb5_principal impersonate = NULL;
+
+ setprogname (argv[0]);
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx(1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 1)
+ usage (1);
+
+ if(cache_str) {
+ ret = krb5_cc_resolve(context, cache_str, &cache);
+ if (ret)
+ krb5_err (context, 1, ret, "%s", cache_str);
+ } else {
+ ret = krb5_cc_default (context, &cache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_resolve");
+ }
+
+ ret = krb5_get_creds_opt_alloc(context, &opt);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_creds_opt_alloc");
+
+ if (etype_str) {
+ krb5_enctype enctype;
+
+ ret = krb5_string_to_enctype(context, etype_str, &enctype);
+ if (ret)
+ krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
+ krb5_get_creds_opt_set_enctype(context, opt, enctype);
+ }
+
+ if (impersonate_str) {
+ ret = krb5_parse_name(context, impersonate_str, &impersonate);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s", impersonate_str);
+ krb5_get_creds_opt_set_impersonate(context, opt, impersonate);
+ krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE);
+ }
+
+ if (out_cache_str)
+ krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE);
+
+ if (forwardable_flag)
+ krb5_get_creds_opt_add_options(context, opt, KRB5_GC_FORWARDABLE);
+ if (!transit_flag)
+ krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_TRANSIT_CHECK);
+
+ if (delegation_cred_str) {
+ krb5_ccache id;
+ krb5_creds c, mc;
+ Ticket ticket;
+
+ krb5_cc_clear_mcred(&mc);
+ ret = krb5_cc_get_principal(context, cache, &mc.server);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_get_principal");
+
+ ret = krb5_cc_resolve(context, delegation_cred_str, &id);
+ if(ret)
+ krb5_err (context, 1, ret, "krb5_cc_resolve");
+
+ ret = krb5_cc_retrieve_cred(context, id, 0, &mc, &c);
+ if(ret)
+ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
+
+ ret = decode_Ticket(c.ticket.data, c.ticket.length, &ticket, NULL);
+ if (ret) {
+ krb5_clear_error_string(context);
+ krb5_err (context, 1, ret, "decode_Ticket");
+ }
+ krb5_free_cred_contents(context, &c);
+
+ ret = krb5_get_creds_opt_set_ticket(context, opt, &ticket);
+ if(ret)
+ krb5_err (context, 1, ret, "krb5_get_creds_opt_set_ticket");
+ free_Ticket(&ticket);
+
+ krb5_cc_close (context, id);
+ krb5_free_principal(context, mc.server);
+
+ krb5_get_creds_opt_add_options(context, opt,
+ KRB5_GC_CONSTRAINED_DELEGATION);
+ }
+
+ ret = krb5_parse_name(context, argv[0], &server);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
+
+ if (nametype_str) {
+ ret = krb5_parse_nametype(context, nametype_str,
+ &server->name.name_type);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_nametype");
+ }
+
+ ret = krb5_get_creds(context, opt, cache, server, &out);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_creds");
+
+ if (out_cache_str) {
+ krb5_ccache id;
+
+ ret = krb5_cc_resolve(context, out_cache_str, &id);
+ if(ret)
+ krb5_err (context, 1, ret, "krb5_cc_resolve");
+
+ ret = krb5_cc_initialize(context, id, out->client);
+ if(ret)
+ krb5_err (context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_store_cred(context, id, out);
+ if(ret)
+ krb5_err (context, 1, ret, "krb5_cc_store_cred");
+ krb5_cc_close (context, id);
+ }
+
+ krb5_free_creds(context, out);
+ krb5_free_principal(context, server);
+ krb5_get_creds_opt_free(context, opt);
+ krb5_cc_close (context, cache);
+ krb5_free_context (context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kuser/kimpersonate.1
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kimpersonate.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kimpersonate.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,152 @@
+.\" Copyright (c) 2002 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kimpersonate.1,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd September 18, 2006
+.Dt KERBEROS 1
+.Os Heimdal
+.Sh NAME
+.Nm kimpersonate
+.Nd
+impersonate a user when there exist a srvtab, keyfile or KeyFile
+.Sh SYNOPSIS
+.Nm
+.Oo Fl s Ar string \*(Ba Xo
+.Fl -server= Ns Ar string Oc
+.Xc
+.Oo Fl c Ar string \*(Ba Xo
+.Fl -client= Ns Ar string Oc
+.Xc
+.Oo Fl k Ar string \*(Ba Xo
+.Fl -keytab= Ns Ar string Oc
+.Xc
+.Op Fl 5 | Fl -krb5
+.Oo Fl e Ar integer \*(Ba Xo
+.Fl -expire-time= Ns Ar integer Oc
+.Xc
+.Oo Fl a Ar string \*(Ba Xo
+.Fl -client-address= Ns Ar string Oc
+.Xc
+.Oo Fl t Ar string \*(Ba Xo
+.Fl -enc-type= Ns Ar string Oc
+.Xc
+.Oo Fl f Ar string \*(Ba Xo
+.Fl -ticket-flags= Ns Ar string Oc
+.Xc
+.Op Fl -verbose
+.Op Fl -version
+.Op Fl -help
+.Sh DESCRIPTION
+The
+.Nm
+program creates a "fake" ticket using the service-key of the service.
+The service key can be read from a Kerberos 5 keytab, AFS KeyFile or
+(if compiled with support for Kerberos 4) a Kerberos 4 srvtab.
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl s Ar string Ns ,
+.Fl -server= Ns Ar string
+.Xc
+name of server principal
+.It Xo
+.Fl c Ar string Ns ,
+.Fl -client= Ns Ar string
+.Xc
+name of client principal
+.It Xo
+.Fl k Ar string Ns ,
+.Fl -keytab= Ns Ar string
+.Xc
+name of keytab file
+.It Xo
+.Fl 5 Ns ,
+.Fl -krb5
+.Xc
+create a Kerberos 5 ticket
+.It Xo
+.Fl e Ar integer Ns ,
+.Fl -expire-time= Ns Ar integer
+.Xc
+lifetime of ticket in seconds
+.It Xo
+.Fl a Ar string Ns ,
+.Fl -client-address= Ns Ar string
+.Xc
+address of client
+.It Xo
+.Fl t Ar string Ns ,
+.Fl -enc-type= Ns Ar string
+.Xc
+encryption type
+.It Xo
+.Fl f Ar string Ns ,
+.Fl -ticket-flags= Ns Ar string
+.Xc
+ticket flags for krb5 ticket
+.It Xo
+.Fl -verbose
+.Xc
+Verbose output
+.It Xo
+.Fl -version
+.Xc
+Print version
+.It Xo
+.Fl -help
+.Xc
+.El
+.Sh FILES
+Uses
+.Pa /etc/krb5.keytab,
+.Pa /etc/srvtab
+and
+.Pa /usr/afs/etc/KeyFile
+when avalible and the the
+.Fl k
+is used with appropriate prefix.
+.Sh EXAMPLES
+.Nm
+can be used in
+.Nm samba
+root preexec option
+or for debugging.
+.Nm
+-s host/hummel.e.kth.se at E.KTH.SE -c lha at E.KTH.SE -5
+will create a Kerberos 5 ticket for lha at E.KTH.SE for the host
+hummel.e.kth.se if there exists a keytab entry for it in
+.Pa /etc/krb5.keytab .
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr klist 1
+.Sh AUTHORS
+Love Hornquist Astrand <lha at kth.se>
Added: vendor-crypto/heimdal/dist/kuser/kimpersonate.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kimpersonate.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kimpersonate.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,330 @@
+/*
+ * Copyright (c) 2000 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+RCSID("$Id: kimpersonate.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+#include <parse_units.h>
+
+static char *client_principal_str = NULL;
+static krb5_principal client_principal;
+static char *server_principal_str = NULL;
+static krb5_principal server_principal;
+
+static char *ccache_str = NULL;
+
+static char *ticket_flags_str = NULL;
+static TicketFlags ticket_flags;
+static char *keytab_file = NULL;
+static char *enc_type = "des-cbc-md5";
+static int expiration_time = 3600;
+static struct getarg_strings client_addresses;
+static int version_flag = 0;
+static int help_flag = 0;
+static int use_krb5 = 1;
+
+/*
+ *
+ */
+
+static void
+encode_ticket (krb5_context context,
+ EncryptionKey *skey,
+ krb5_enctype etype,
+ int skvno,
+ krb5_creds *cred)
+{
+ size_t len, size;
+ char *buf;
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ EncryptedData enc_part;
+ EncTicketPart et;
+ Ticket ticket;
+
+ memset (&enc_part, 0, sizeof(enc_part));
+ memset (&ticket, 0, sizeof(ticket));
+
+ /*
+ * Set up `enc_part'
+ */
+
+ et.flags = cred->flags.b;
+ et.key = cred->session;
+ et.crealm = *krb5_princ_realm (context, cred->client);
+ copy_PrincipalName(&cred->client->name, &et.cname);
+ {
+ krb5_data empty_string;
+
+ krb5_data_zero(&empty_string);
+ et.transited.tr_type = DOMAIN_X500_COMPRESS;
+ et.transited.contents = empty_string;
+ }
+ et.authtime = cred->times.authtime;
+ et.starttime = NULL;
+ et.endtime = cred->times.endtime;
+ et.renew_till = NULL;
+ et.caddr = &cred->addresses;
+ et.authorization_data = NULL; /* XXX allow random authorization_data */
+
+ /*
+ * Encrypt `enc_part' of ticket with service key
+ */
+
+ ASN1_MALLOC_ENCODE(EncTicketPart, buf, len, &et, &size, ret);
+ if (ret)
+ krb5_err(context, 1, ret, "EncTicketPart");
+
+ krb5_crypto_init(context, skey, etype, &crypto);
+ krb5_encrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_TICKET,
+ buf,
+ len,
+ skvno,
+ &ticket.enc_part);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+
+ /*
+ * Encode ticket
+ */
+
+ ticket.tkt_vno = 5;
+ ticket.realm = *krb5_princ_realm (context, cred->server);
+ copy_PrincipalName(&cred->server->name, &ticket.sname);
+
+ ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
+ if(ret)
+ krb5_err (context, 1, ret, "encode_Ticket");
+
+ krb5_data_copy(&cred->ticket, buf, len);
+}
+
+/*
+ *
+ */
+
+static int
+create_krb5_tickets (krb5_context context, krb5_keytab kt)
+{
+ krb5_error_code ret;
+ krb5_keytab_entry entry;
+ krb5_creds cred;
+ krb5_enctype etype;
+ krb5_ccache ccache;
+
+ memset (&cred, 0, sizeof(cred));
+
+ ret = krb5_string_to_enctype (context, enc_type, &etype);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_string_to_enctype");
+ ret = krb5_kt_get_entry (context, kt, server_principal,
+ 0, etype, &entry);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_kt_get_entry");
+
+ /*
+ * setup cred
+ */
+
+
+ ret = krb5_copy_principal (context, client_principal, &cred.client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_copy_principal");
+ ret = krb5_copy_principal (context, server_principal, &cred.server);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_copy_principal");
+ krb5_generate_random_keyblock(context, etype, &cred.session);
+
+ cred.times.authtime = time(NULL);
+ cred.times.starttime = time(NULL);
+ cred.times.endtime = time(NULL) + expiration_time;
+ cred.times.renew_till = 0;
+ krb5_data_zero(&cred.second_ticket);
+
+ ret = krb5_get_all_client_addrs (context, &cred.addresses);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
+ cred.flags.b = ticket_flags;
+
+
+ /*
+ * Encode encrypted part of ticket
+ */
+
+ encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);
+
+ /*
+ * Write to cc
+ */
+
+ if (ccache_str) {
+ ret = krb5_cc_resolve(context, ccache_str, &ccache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_resolve");
+ } else {
+ ret = krb5_cc_default (context, &ccache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_default");
+ }
+
+ ret = krb5_cc_initialize (context, ccache, cred.client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_store_cred (context, ccache, &cred);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_store_cred");
+
+ krb5_free_cred_contents (context, &cred);
+ krb5_cc_close (context, ccache);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static void
+setup_env (krb5_context context, krb5_keytab *kt)
+{
+ krb5_error_code ret;
+
+ if (keytab_file)
+ ret = krb5_kt_resolve (context, keytab_file, kt);
+ else
+ ret = krb5_kt_default (context, kt);
+ if (ret)
+ krb5_err (context, 1, ret, "resolving keytab");
+
+ if (client_principal_str == NULL)
+ krb5_errx (context, 1, "missing client principal");
+ ret = krb5_parse_name (context, client_principal_str, &client_principal);
+ if (ret)
+ krb5_err (context, 1, ret, "resolvning client name");
+
+ if (server_principal_str == NULL)
+ krb5_errx (context, 1, "missing server principal");
+ ret = krb5_parse_name (context, server_principal_str, &server_principal);
+ if (ret)
+ krb5_err (context, 1, ret, "resolvning client name");
+
+ if (ticket_flags_str) {
+ int ticket_flags_int;
+
+ ticket_flags_int = parse_flags(ticket_flags_str,
+ asn1_TicketFlags_units(), 0);
+ if (ticket_flags_int <= 0) {
+ krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str);
+ print_flags_table (asn1_TicketFlags_units(), stderr);
+ exit (1);
+ }
+ if (ticket_flags_int)
+ ticket_flags = int2TicketFlags (ticket_flags_int);
+ }
+}
+
+/*
+ *
+ */
+
+struct getargs args[] = {
+ { "ccache", 0, arg_string, &ccache_str,
+ "name of kerberos 5 credential cache", "cache-name"},
+ { "server", 's', arg_string, &server_principal_str,
+ "name of server principal" },
+ { "client", 'c', arg_string, &client_principal_str,
+ "name of client principal" },
+ { "keytab", 'k', arg_string, &keytab_file,
+ "name of keytab file" },
+ { "krb5", '5', arg_flag, &use_krb5,
+ "create a kerberos 5 ticket"},
+ { "expire-time", 'e', arg_integer, &expiration_time,
+ "lifetime of ticket in seconds" },
+ { "client-addresses", 'a', arg_strings, &client_addresses,
+ "addresses of client" },
+ { "enc-type", 't', arg_string, &enc_type,
+ "encryption type" },
+ { "ticket-flags", 'f', arg_string, &ticket_flags_str,
+ "ticket flags for krb5 ticket" },
+ { "version", 0, arg_flag, &version_flag, "Print version",
+ NULL },
+ { "help", 0, arg_flag, &help_flag, NULL,
+ NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main (int argc, char **argv)
+{
+ int optind = 0;
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_keytab kt;
+
+ setprogname (argv[0]);
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx(1, "krb5_init_context failed: %u", ret);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version(NULL);
+ return 0;
+ }
+
+ setup_env (context, &kt);
+
+ if (use_krb5)
+ create_krb5_tickets (context, kt);
+
+ krb5_kt_close (context, kt);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/kuser/kinit.1
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kinit.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kinit.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,291 @@
+.\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kinit.1,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd April 25, 2006
+.Dt KINIT 1
+.Os HEIMDAL
+.Sh NAME
+.Nm kinit
+.Nm kauth
+.Nd acquire initial tickets
+.Sh SYNOPSIS
+.Nm kinit
+.Op Fl 4 | Fl -524init
+.Op Fl 9 | Fl -524convert
+.Op Fl -afslog
+.Oo Fl c Ar cachename \*(Ba Xo
+.Fl -cache= Ns Ar cachename
+.Xc
+.Oc
+.Op Fl f | Fl -forwardable
+.Oo Fl t Ar keytabname \*(Ba Xo
+.Fl -keytab= Ns Ar keytabname
+.Xc
+.Oc
+.Oo Fl l Ar time \*(Ba Xo
+.Fl -lifetime= Ns Ar time
+.Xc
+.Oc
+.Op Fl p | Fl -proxiable
+.Op Fl R | Fl -renew
+.Op Fl -renewable
+.Oo Fl r Ar time \*(Ba Xo
+.Fl -renewable-life= Ns Ar time
+.Xc
+.Oc
+.Oo Fl S Ar principal \*(Ba Xo
+.Fl -server= Ns Ar principal
+.Xc
+.Oc
+.Oo Fl s Ar time \*(Ba Xo
+.Fl -start-time= Ns Ar time
+.Xc
+.Oc
+.Op Fl k | Fl -use-keytab
+.Op Fl v | Fl -validate
+.Oo Fl e Ar enctypes \*(Ba Xo
+.Fl -enctypes= Ns Ar enctypes
+.Xc
+.Oc
+.Oo Fl a Ar addresses \*(Ba Xo
+.Fl -extra-addresses= Ns Ar addresses
+.Xc
+.Oc
+.Op Fl -password-file= Ns Ar filename
+.Op Fl -fcache-version= Ns Ar version-number
+.Op Fl A | Fl -no-addresses
+.Op Fl -anonymous
+.Op Fl -version
+.Op Fl -help
+.Op Ar principal Op Ar command
+.Sh DESCRIPTION
+.Nm
+is used to authenticate to the Kerberos server as
+.Ar principal ,
+or if none is given, a system generated default (typically your login
+name at the default realm), and acquire a ticket granting ticket that
+can later be used to obtain tickets for other services.
+.Pp
+If you have compiled
+.Nm kinit
+with Kerberos 4 support and you have a
+Kerberos 4 server,
+.Nm
+will detect this and get you Kerberos 4 tickets.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar cachename
+.Fl -cache= Ns Ar cachename
+.Xc
+The credentials cache to put the acquired ticket in, if other than
+default.
+.It Xo
+.Fl f ,
+.Fl -forwardable
+.Xc
+Get ticket that can be forwarded to another host.
+.It Xo
+.Fl t Ar keytabname ,
+.Fl -keytab= Ns Ar keytabname
+.Xc
+Don't ask for a password, but instead get the key from the specified
+keytab.
+.It Xo
+.Fl l Ar time ,
+.Fl -lifetime= Ns Ar time
+.Xc
+Specifies the lifetime of the ticket.
+The argument can either be in seconds, or a more human readable string
+like
+.Sq 1h .
+.It Xo
+.Fl p ,
+.Fl -proxiable
+.Xc
+Request tickets with the proxiable flag set.
+.It Xo
+.Fl R ,
+.Fl -renew
+.Xc
+Try to renew ticket.
+The ticket must have the
+.Sq renewable
+flag set, and must not be expired.
+.It Fl -renewable
+The same as
+.Fl -renewable-life ,
+with an infinite time.
+.It Xo
+.Fl r Ar time ,
+.Fl -renewable-life= Ns Ar time
+.Xc
+The max renewable ticket life.
+.It Xo
+.Fl S Ar principal ,
+.Fl -server= Ns Ar principal
+.Xc
+Get a ticket for a service other than krbtgt/LOCAL.REALM.
+.It Xo
+.Fl s Ar time ,
+.Fl -start-time= Ns Ar time
+.Xc
+Obtain a ticket that starts to be valid
+.Ar time
+(which can really be a generic time specification, like
+.Sq 1h )
+seconds into the future.
+.It Xo
+.Fl k ,
+.Fl -use-keytab
+.Xc
+The same as
+.Fl -keytab ,
+but with the default keytab name (normally
+.Ar FILE:/etc/krb5.keytab ) .
+.It Xo
+.Fl v ,
+.Fl -validate
+.Xc
+Try to validate an invalid ticket.
+.It Xo
+.Fl e ,
+.Fl -enctypes= Ns Ar enctypes
+.Xc
+Request tickets with this particular enctype.
+.It Xo
+.Fl -password-file= Ns Ar filename
+.Xc
+read the password from the first line of
+.Ar filename .
+If the
+.Ar filename
+is
+.Ar STDIN ,
+the password will be read from the standard input.
+.It Xo
+.Fl -fcache-version= Ns Ar version-number
+.Xc
+Create a credentials cache of version
+.Ar version-number .
+.It Xo
+.Fl a ,
+.Fl -extra-addresses= Ns Ar enctypes
+.Xc
+Adds a set of addresses that will, in addition to the systems local
+addresses, be put in the ticket.
+This can be useful if all addresses a client can use can't be
+automatically figured out.
+One such example is if the client is behind a firewall.
+Also settable via
+.Li libdefaults/extra_addresses
+in
+.Xr krb5.conf 5 .
+.It Xo
+.Fl A ,
+.Fl -no-addresses
+.Xc
+Request a ticket with no addresses.
+.It Xo
+.Fl -anonymous
+.Xc
+Request an anonymous ticket (which means that the ticket will be
+issued to an anonymous principal, typically
+.Dq anonymous at REALM ) .
+.El
+.Pp
+The following options are only available if
+.Nm
+has been compiled with support for Kerberos 4.
+.Bl -tag -width Ds
+.It Xo
+.Fl 4 ,
+.Fl -524init
+.Xc
+Try to convert the obtained Kerberos 5 krbtgt to a version 4
+compatible ticket.
+It will store this ticket in the default Kerberos 4 ticket file.
+.It Xo
+.Fl 9 ,
+.Fl -524convert
+.Xc
+only convert ticket to version 4
+.It Fl -afslog
+Gets AFS tickets, converts them to version 4 format, and stores them
+in the kernel.
+Only useful if you have AFS.
+.El
+.Pp
+The
+.Ar forwardable ,
+.Ar proxiable ,
+.Ar ticket_life ,
+and
+.Ar renewable_life
+options can be set to a default value from the
+.Dv appdefaults
+section in krb5.conf, see
+.Xr krb5_appdefault 3 .
+.Pp
+If a
+.Ar command
+is given,
+.Nm kinit
+will set up new credentials caches, and AFS PAG, and then run the given
+command.
+When it finishes the credentials will be removed.
+.Sh ENVIRONMENT
+.Bl -tag -width Ds
+.It Ev KRB5CCNAME
+Specifies the default credentials cache.
+.It Ev KRB5_CONFIG
+The file name of
+.Pa krb5.conf ,
+the default being
+.Pa /etc/krb5.conf .
+.It Ev KRBTKFILE
+Specifies the Kerberos 4 ticket file to store version 4 tickets in.
+.El
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh DIAGNOSTICS
+.Sh SEE ALSO
+.Xr kdestroy 1 ,
+.Xr klist 1 ,
+.Xr krb5_appdefault 3 ,
+.Xr krb5.conf 5
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
+.\".Sh BUGS
Added: vendor-crypto/heimdal/dist/kuser/kinit.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kinit.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kinit.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,852 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+RCSID("$Id: kinit.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#include "krb5-v4compat.h"
+
+#include "heimntlm.h"
+
+int forwardable_flag = -1;
+int proxiable_flag = -1;
+int renewable_flag = -1;
+int renew_flag = 0;
+int pac_flag = -1;
+int validate_flag = 0;
+int version_flag = 0;
+int help_flag = 0;
+int addrs_flag = -1;
+struct getarg_strings extra_addresses;
+int anonymous_flag = 0;
+char *lifetime = NULL;
+char *renew_life = NULL;
+char *server_str = NULL;
+char *cred_cache = NULL;
+char *start_str = NULL;
+struct getarg_strings etype_str;
+int use_keytab = 0;
+char *keytab_str = NULL;
+int do_afslog = -1;
+int get_v4_tgt = -1;
+int convert_524 = 0;
+int fcache_version;
+char *password_file = NULL;
+char *pk_user_id = NULL;
+char *pk_x509_anchors = NULL;
+int pk_use_enckey = 0;
+static int canonicalize_flag = 0;
+static char *ntlm_domain;
+
+static char *krb4_cc_name;
+
+static struct getargs args[] = {
+ /*
+ * used by MIT
+ * a: ~A
+ * V: verbose
+ * F: ~f
+ * P: ~p
+ * C: v4 cache name?
+ * 5:
+ */
+ { "524init", '4', arg_flag, &get_v4_tgt,
+ "obtain version 4 TGT" },
+
+ { "524convert", '9', arg_flag, &convert_524,
+ "only convert ticket to version 4" },
+
+ { "afslog", 0 , arg_flag, &do_afslog,
+ "obtain afs tokens" },
+
+ { "cache", 'c', arg_string, &cred_cache,
+ "credentials cache", "cachename" },
+
+ { "forwardable", 'f', arg_flag, &forwardable_flag,
+ "get forwardable tickets"},
+
+ { "keytab", 't', arg_string, &keytab_str,
+ "keytab to use", "keytabname" },
+
+ { "lifetime", 'l', arg_string, &lifetime,
+ "lifetime of tickets", "time"},
+
+ { "proxiable", 'p', arg_flag, &proxiable_flag,
+ "get proxiable tickets" },
+
+ { "renew", 'R', arg_flag, &renew_flag,
+ "renew TGT" },
+
+ { "renewable", 0, arg_flag, &renewable_flag,
+ "get renewable tickets" },
+
+ { "renewable-life", 'r', arg_string, &renew_life,
+ "renewable lifetime of tickets", "time" },
+
+ { "server", 'S', arg_string, &server_str,
+ "server to get ticket for", "principal" },
+
+ { "start-time", 's', arg_string, &start_str,
+ "when ticket gets valid", "time" },
+
+ { "use-keytab", 'k', arg_flag, &use_keytab,
+ "get key from keytab" },
+
+ { "validate", 'v', arg_flag, &validate_flag,
+ "validate TGT" },
+
+ { "enctypes", 'e', arg_strings, &etype_str,
+ "encryption types to use", "enctypes" },
+
+ { "fcache-version", 0, arg_integer, &fcache_version,
+ "file cache version to create" },
+
+ { "addresses", 'A', arg_negative_flag, &addrs_flag,
+ "request a ticket with no addresses" },
+
+ { "extra-addresses",'a', arg_strings, &extra_addresses,
+ "include these extra addresses", "addresses" },
+
+ { "anonymous", 0, arg_flag, &anonymous_flag,
+ "request an anonymous ticket" },
+
+ { "request-pac", 0, arg_flag, &pac_flag,
+ "request a Windows PAC" },
+
+ { "password-file", 0, arg_string, &password_file,
+ "read the password from a file" },
+
+ { "canonicalize",0, arg_flag, &canonicalize_flag,
+ "canonicalize client principal" },
+#ifdef PKINIT
+ { "pk-user", 'C', arg_string, &pk_user_id,
+ "principal's public/private/certificate identifier", "id" },
+
+ { "x509-anchors", 'D', arg_string, &pk_x509_anchors,
+ "directory with CA certificates", "directory" },
+
+ { "pk-use-enckey", 0, arg_flag, &pk_use_enckey,
+ "Use RSA encrypted reply (instead of DH)" },
+#endif
+ { "ntlm-domain", 0, arg_string, &ntlm_domain,
+ "NTLM domain", "domain" },
+
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[principal [command]]");
+ exit (ret);
+}
+
+static krb5_error_code
+get_server(krb5_context context,
+ krb5_principal client,
+ const char *server,
+ krb5_principal *princ)
+{
+ krb5_realm *client_realm;
+ if(server)
+ return krb5_parse_name(context, server, princ);
+
+ client_realm = krb5_princ_realm (context, client);
+ return krb5_make_principal(context, princ, *client_realm,
+ KRB5_TGS_NAME, *client_realm, NULL);
+}
+
+static krb5_error_code
+do_524init(krb5_context context, krb5_ccache ccache,
+ krb5_creds *creds, const char *server)
+{
+ krb5_error_code ret;
+
+ struct credentials c;
+ krb5_creds in_creds, *real_creds;
+
+ if(creds != NULL)
+ real_creds = creds;
+ else {
+ krb5_principal client;
+ krb5_cc_get_principal(context, ccache, &client);
+ memset(&in_creds, 0, sizeof(in_creds));
+ ret = get_server(context, client, server, &in_creds.server);
+ if(ret) {
+ krb5_free_principal(context, client);
+ return ret;
+ }
+ in_creds.client = client;
+ ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
+ krb5_free_principal(context, client);
+ krb5_free_principal(context, in_creds.server);
+ if(ret)
+ return ret;
+ }
+ ret = krb524_convert_creds_kdc_ccache(context, ccache, real_creds, &c);
+ if(ret)
+ krb5_warn(context, ret, "converting creds");
+ else {
+ krb5_error_code tret = _krb5_krb_tf_setup(context, &c, NULL, 0);
+ if(tret)
+ krb5_warn(context, tret, "saving v4 creds");
+ }
+
+ if(creds == NULL)
+ krb5_free_creds(context, real_creds);
+ memset(&c, 0, sizeof(c));
+
+ return ret;
+}
+
+static int
+renew_validate(krb5_context context,
+ int renew,
+ int validate,
+ krb5_ccache cache,
+ const char *server,
+ krb5_deltat life)
+{
+ krb5_error_code ret;
+ krb5_creds in, *out = NULL;
+ krb5_kdc_flags flags;
+
+ memset(&in, 0, sizeof(in));
+
+ ret = krb5_cc_get_principal(context, cache, &in.client);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_cc_get_principal");
+ return ret;
+ }
+ ret = get_server(context, in.client, server, &in.server);
+ if(ret) {
+ krb5_warn(context, ret, "get_server");
+ goto out;
+ }
+
+ if (renew) {
+ /*
+ * no need to check the error here, it's only to be
+ * friendly to the user
+ */
+ krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out);
+ }
+
+ flags.i = 0;
+ flags.b.renewable = flags.b.renew = renew;
+ flags.b.validate = validate;
+
+ if (forwardable_flag != -1)
+ flags.b.forwardable = forwardable_flag;
+ else if (out)
+ flags.b.forwardable = out->flags.b.forwardable;
+
+ if (proxiable_flag != -1)
+ flags.b.proxiable = proxiable_flag;
+ else if (out)
+ flags.b.proxiable = out->flags.b.proxiable;
+
+ if (anonymous_flag != -1)
+ flags.b.request_anonymous = anonymous_flag;
+ if(life)
+ in.times.endtime = time(NULL) + life;
+
+ if (out) {
+ krb5_free_creds (context, out);
+ out = NULL;
+ }
+
+
+ ret = krb5_get_kdc_cred(context,
+ cache,
+ flags,
+ NULL,
+ NULL,
+ &in,
+ &out);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_get_kdc_cred");
+ goto out;
+ }
+ ret = krb5_cc_initialize(context, cache, in.client);
+ if(ret) {
+ krb5_free_creds (context, out);
+ krb5_warn(context, ret, "krb5_cc_initialize");
+ goto out;
+ }
+ ret = krb5_cc_store_cred(context, cache, out);
+
+ if(ret == 0 && server == NULL) {
+ /* only do this if it's a general renew-my-tgt request */
+ if(get_v4_tgt)
+ do_524init(context, cache, out, NULL);
+ if(do_afslog && k_hasafs())
+ krb5_afslog(context, cache, NULL, NULL);
+ }
+
+ krb5_free_creds (context, out);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_cc_store_cred");
+ goto out;
+ }
+out:
+ krb5_free_cred_contents(context, &in);
+ return ret;
+}
+
+static krb5_error_code
+store_ntlmkey(krb5_context context, krb5_ccache id,
+ const char *domain, krb5_const_principal client,
+ struct ntlm_buf *buf)
+{
+ krb5_error_code ret;
+ krb5_creds cred;
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_make_principal(context, &cred.server,
+ krb5_principal_get_realm(context, client),
+ "@ntlm-key", domain, NULL);
+ if (ret)
+ goto out;
+ ret = krb5_copy_principal(context, client, &cred.client);
+ if (ret)
+ goto out;
+
+ cred.times.authtime = time(NULL);
+ cred.times.endtime = time(NULL) + 3600 * 24 * 30; /* XXX */
+ cred.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
+ ret = krb5_data_copy(&cred.session.keyvalue, buf->data, buf->length);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_store_cred(context, id, &cred);
+
+out:
+ krb5_free_cred_contents (context, &cred);
+ return 0;
+}
+
+static krb5_error_code
+get_new_tickets(krb5_context context,
+ krb5_principal principal,
+ krb5_ccache ccache,
+ krb5_deltat ticket_life,
+ int interactive)
+{
+ krb5_error_code ret;
+ krb5_get_init_creds_opt *opt;
+ krb5_creds cred;
+ char passwd[256];
+ krb5_deltat start_time = 0;
+ krb5_deltat renew = 0;
+ char *renewstr = NULL;
+ krb5_enctype *enctype = NULL;
+ struct ntlm_buf ntlmkey;
+ krb5_ccache tempccache;
+
+ memset(&ntlmkey, 0, sizeof(ntlmkey));
+ passwd[0] = '\0';
+
+ if (password_file) {
+ FILE *f;
+
+ if (strcasecmp("STDIN", password_file) == 0)
+ f = stdin;
+ else
+ f = fopen(password_file, "r");
+ if (f == NULL)
+ krb5_errx(context, 1, "Failed to open the password file %s",
+ password_file);
+
+ if (fgets(passwd, sizeof(passwd), f) == NULL)
+ krb5_errx(context, 1,
+ "Failed to read password from file %s", password_file);
+ if (f != stdin)
+ fclose(f);
+ passwd[strcspn(passwd, "\n")] = '\0';
+ }
+
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_get_init_creds_opt_alloc (context, &opt);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+
+ krb5_get_init_creds_opt_set_default_flags(context, "kinit",
+ krb5_principal_get_realm(context, principal), opt);
+
+ if(forwardable_flag != -1)
+ krb5_get_init_creds_opt_set_forwardable (opt, forwardable_flag);
+ if(proxiable_flag != -1)
+ krb5_get_init_creds_opt_set_proxiable (opt, proxiable_flag);
+ if(anonymous_flag != -1)
+ krb5_get_init_creds_opt_set_anonymous (opt, anonymous_flag);
+ if (pac_flag != -1)
+ krb5_get_init_creds_opt_set_pac_request(context, opt,
+ pac_flag ? TRUE : FALSE);
+ if (canonicalize_flag)
+ krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
+ if (pk_user_id) {
+ ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
+ principal,
+ pk_user_id,
+ pk_x509_anchors,
+ NULL,
+ NULL,
+ pk_use_enckey ? 2 : 0,
+ krb5_prompter_posix,
+ NULL,
+ passwd);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit");
+ }
+
+ if (addrs_flag != -1)
+ krb5_get_init_creds_opt_set_addressless(context, opt,
+ addrs_flag ? FALSE : TRUE);
+
+ if (renew_life == NULL && renewable_flag)
+ renewstr = "1 month";
+ if (renew_life)
+ renewstr = renew_life;
+ if (renewstr) {
+ renew = parse_time (renewstr, "s");
+ if (renew < 0)
+ errx (1, "unparsable time: %s", renewstr);
+
+ krb5_get_init_creds_opt_set_renew_life (opt, renew);
+ }
+
+ if(ticket_life != 0)
+ krb5_get_init_creds_opt_set_tkt_life (opt, ticket_life);
+
+ if(start_str) {
+ int tmp = parse_time (start_str, "s");
+ if (tmp < 0)
+ errx (1, "unparsable time: %s", start_str);
+
+ start_time = tmp;
+ }
+
+ if(etype_str.num_strings) {
+ int i;
+
+ enctype = malloc(etype_str.num_strings * sizeof(*enctype));
+ if(enctype == NULL)
+ errx(1, "out of memory");
+ for(i = 0; i < etype_str.num_strings; i++) {
+ ret = krb5_string_to_enctype(context,
+ etype_str.strings[i],
+ &enctype[i]);
+ if(ret)
+ errx(1, "unrecognized enctype: %s", etype_str.strings[i]);
+ }
+ krb5_get_init_creds_opt_set_etype_list(opt, enctype,
+ etype_str.num_strings);
+ }
+
+ if(use_keytab || keytab_str) {
+ krb5_keytab kt;
+ if(keytab_str)
+ ret = krb5_kt_resolve(context, keytab_str, &kt);
+ else
+ ret = krb5_kt_default(context, &kt);
+ if (ret)
+ krb5_err (context, 1, ret, "resolving keytab");
+ ret = krb5_get_init_creds_keytab (context,
+ &cred,
+ principal,
+ kt,
+ start_time,
+ server_str,
+ opt);
+ krb5_kt_close(context, kt);
+ } else if (pk_user_id) {
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ passwd,
+ krb5_prompter_posix,
+ NULL,
+ start_time,
+ server_str,
+ opt);
+ } else if (!interactive) {
+ krb5_warnx(context, "Not interactive, failed to get initial ticket");
+ krb5_get_init_creds_opt_free(context, opt);
+ return 0;
+ } else {
+
+ if (passwd[0] == '\0') {
+ char *p, *prompt;
+
+ krb5_unparse_name (context, principal, &p);
+ asprintf (&prompt, "%s's Password: ", p);
+ free (p);
+
+ if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+ memset(passwd, 0, sizeof(passwd));
+ exit(1);
+ }
+ free (prompt);
+ }
+
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ passwd,
+ krb5_prompter_posix,
+ NULL,
+ start_time,
+ server_str,
+ opt);
+ }
+ krb5_get_init_creds_opt_free(context, opt);
+ if (ntlm_domain && passwd[0])
+ heim_ntlm_nt_key(passwd, &ntlmkey);
+ memset(passwd, 0, sizeof(passwd));
+
+ switch(ret){
+ case 0:
+ break;
+ case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */
+ exit(1);
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ case KRB5KRB_AP_ERR_MODIFIED:
+ case KRB5KDC_ERR_PREAUTH_FAILED:
+ krb5_errx(context, 1, "Password incorrect");
+ break;
+ case KRB5KRB_AP_ERR_V4_REPLY:
+ krb5_errx(context, 1, "Looks like a Kerberos 4 reply");
+ break;
+ default:
+ krb5_err(context, 1, ret, "krb5_get_init_creds");
+ }
+
+ if(ticket_life != 0) {
+ if(abs(cred.times.endtime - cred.times.starttime - ticket_life) > 30) {
+ char life[64];
+ unparse_time_approx(cred.times.endtime - cred.times.starttime,
+ life, sizeof(life));
+ krb5_warnx(context, "NOTICE: ticket lifetime is %s", life);
+ }
+ }
+ if(renew_life) {
+ if(abs(cred.times.renew_till - cred.times.starttime - renew) > 30) {
+ char life[64];
+ unparse_time_approx(cred.times.renew_till - cred.times.starttime,
+ life, sizeof(life));
+ krb5_warnx(context, "NOTICE: ticket renewable lifetime is %s",
+ life);
+ }
+ }
+
+ ret = krb5_cc_new_unique(context, krb5_cc_get_type(context, ccache),
+ NULL, &tempccache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_new_unique");
+
+ ret = krb5_cc_initialize (context, tempccache, cred.client);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_store_cred (context, tempccache, &cred);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_store_cred");
+
+ krb5_free_cred_contents (context, &cred);
+
+ ret = krb5_cc_move(context, tempccache, ccache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_move");
+
+ if (ntlm_domain && ntlmkey.data)
+ store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey);
+
+ if (enctype)
+ free(enctype);
+
+ return 0;
+}
+
+static time_t
+ticket_lifetime(krb5_context context, krb5_ccache cache,
+ krb5_principal client, const char *server)
+{
+ krb5_creds in_cred, *cred;
+ krb5_error_code ret;
+ time_t timeout;
+
+ memset(&in_cred, 0, sizeof(in_cred));
+
+ ret = krb5_cc_get_principal(context, cache, &in_cred.client);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_cc_get_principal");
+ return 0;
+ }
+ ret = get_server(context, in_cred.client, server, &in_cred.server);
+ if(ret) {
+ krb5_free_principal(context, in_cred.client);
+ krb5_warn(context, ret, "get_server");
+ return 0;
+ }
+
+ ret = krb5_get_credentials(context, KRB5_GC_CACHED,
+ cache, &in_cred, &cred);
+ krb5_free_principal(context, in_cred.client);
+ krb5_free_principal(context, in_cred.server);
+ if(ret) {
+ krb5_warn(context, ret, "krb5_get_credentials");
+ return 0;
+ }
+ timeout = cred->times.endtime - cred->times.starttime;
+ if (timeout < 0)
+ timeout = 0;
+ krb5_free_creds(context, cred);
+ return timeout;
+}
+
+struct renew_ctx {
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_principal principal;
+ krb5_deltat ticket_life;
+};
+
+static time_t
+renew_func(void *ptr)
+{
+ struct renew_ctx *ctx = ptr;
+ krb5_error_code ret;
+ time_t expire;
+ int new_tickets = 0;
+
+ if (renewable_flag) {
+ ret = renew_validate(ctx->context, renewable_flag, validate_flag,
+ ctx->ccache, server_str, ctx->ticket_life);
+ if (ret)
+ new_tickets = 1;
+ } else
+ new_tickets = 1;
+
+ if (new_tickets)
+ get_new_tickets(ctx->context, ctx->principal,
+ ctx->ccache, ctx->ticket_life, 0);
+
+ if(get_v4_tgt || convert_524)
+ do_524init(ctx->context, ctx->ccache, NULL, server_str);
+ if(do_afslog && k_hasafs())
+ krb5_afslog(ctx->context, ctx->ccache, NULL, NULL);
+
+ expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal,
+ server_str) / 2;
+ return expire + 1;
+}
+
+int
+main (int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_principal principal;
+ int optidx = 0;
+ krb5_deltat ticket_life = 0;
+ int parseflags = 0;
+
+ setprogname (argv[0]);
+
+ ret = krb5_init_context (&context);
+ if (ret == KRB5_CONFIG_BADFORMAT)
+ errx (1, "krb5_init_context failed to parse configuration file");
+ else if (ret)
+ errx(1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (canonicalize_flag)
+ parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
+
+ if (argv[0]) {
+ ret = krb5_parse_name_flags (context, argv[0], parseflags, &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name");
+ } else {
+ ret = krb5_get_default_principal (context, &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_default_principal");
+ }
+
+ if(fcache_version)
+ krb5_set_fcache_version(context, fcache_version);
+
+ if(renewable_flag == -1)
+ /* this seems somewhat pointless, but whatever */
+ krb5_appdefault_boolean(context, "kinit",
+ krb5_principal_get_realm(context, principal),
+ "renewable", FALSE, &renewable_flag);
+ if(get_v4_tgt == -1)
+ krb5_appdefault_boolean(context, "kinit",
+ krb5_principal_get_realm(context, principal),
+ "krb4_get_tickets", FALSE, &get_v4_tgt);
+ if(do_afslog == -1)
+ krb5_appdefault_boolean(context, "kinit",
+ krb5_principal_get_realm(context, principal),
+ "afslog", TRUE, &do_afslog);
+
+ if(cred_cache)
+ ret = krb5_cc_resolve(context, cred_cache, &ccache);
+ else {
+ if(argc > 1) {
+ char s[1024];
+ ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache);
+ if(ret)
+ krb5_err(context, 1, ret, "creating cred cache");
+ snprintf(s, sizeof(s), "%s:%s",
+ krb5_cc_get_type(context, ccache),
+ krb5_cc_get_name(context, ccache));
+ setenv("KRB5CCNAME", s, 1);
+ if (get_v4_tgt) {
+ int fd;
+ if (asprintf(&krb4_cc_name, "%s_XXXXXX", TKT_ROOT) < 0)
+ krb5_errx(context, 1, "out of memory");
+ if((fd = mkstemp(krb4_cc_name)) >= 0) {
+ close(fd);
+ setenv("KRBTKFILE", krb4_cc_name, 1);
+ } else {
+ free(krb4_cc_name);
+ krb4_cc_name = NULL;
+ }
+ }
+ } else {
+ ret = krb5_cc_cache_match(context, principal, NULL, &ccache);
+ if (ret)
+ ret = krb5_cc_default (context, &ccache);
+ }
+ }
+ if (ret)
+ krb5_err (context, 1, ret, "resolving credentials cache");
+
+ if(argc > 1 && k_hasafs ())
+ k_setpag();
+
+ if (lifetime) {
+ int tmp = parse_time (lifetime, "s");
+ if (tmp < 0)
+ errx (1, "unparsable time: %s", lifetime);
+
+ ticket_life = tmp;
+ }
+
+ if(addrs_flag == 0 && extra_addresses.num_strings > 0)
+ krb5_errx(context, 1, "specifying both extra addresses and "
+ "no addresses makes no sense");
+ {
+ int i;
+ krb5_addresses addresses;
+ memset(&addresses, 0, sizeof(addresses));
+ for(i = 0; i < extra_addresses.num_strings; i++) {
+ ret = krb5_parse_address(context, extra_addresses.strings[i],
+ &addresses);
+ if (ret == 0) {
+ krb5_add_extra_addresses(context, &addresses);
+ krb5_free_addresses(context, &addresses);
+ }
+ }
+ free_getarg_strings(&extra_addresses);
+ }
+
+ if(renew_flag || validate_flag) {
+ ret = renew_validate(context, renew_flag, validate_flag,
+ ccache, server_str, ticket_life);
+ exit(ret != 0);
+ }
+
+ if(!convert_524)
+ get_new_tickets(context, principal, ccache, ticket_life, 1);
+
+ if(get_v4_tgt || convert_524)
+ do_524init(context, ccache, NULL, server_str);
+ if(do_afslog && k_hasafs())
+ krb5_afslog(context, ccache, NULL, NULL);
+ if(argc > 1) {
+ struct renew_ctx ctx;
+ time_t timeout;
+
+ timeout = ticket_lifetime(context, ccache, principal, server_str) / 2;
+
+ ctx.context = context;
+ ctx.ccache = ccache;
+ ctx.principal = principal;
+ ctx.ticket_life = ticket_life;
+
+ ret = simple_execvp_timed(argv[1], argv+1,
+ renew_func, &ctx, timeout);
+#define EX_NOEXEC 126
+#define EX_NOTFOUND 127
+ if(ret == EX_NOEXEC)
+ krb5_warnx(context, "permission denied: %s", argv[1]);
+ else if(ret == EX_NOTFOUND)
+ krb5_warnx(context, "command not found: %s", argv[1]);
+
+ krb5_cc_destroy(context, ccache);
+ _krb5_krb_dest_tkt(context, krb4_cc_name);
+ if(k_hasafs())
+ k_unlog();
+ } else {
+ krb5_cc_close (context, ccache);
+ ret = 0;
+ }
+ krb5_free_principal(context, principal);
+ krb5_free_context (context);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/kuser/klist.1
===================================================================
--- vendor-crypto/heimdal/dist/kuser/klist.1 (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/klist.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,154 @@
+.\" Copyright (c) 2000 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: klist.1,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd October 6, 2005
+.Dt KLIST 1
+.Os HEIMDAL
+.Sh NAME
+.Nm klist
+.Nd list Kerberos credentials
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Oo Fl c Ar cache \*(Ba Xo
+.Fl -cache= Ns Ar cache
+.Xc
+.Oc
+.Op Fl s | Fl t | Fl -test
+.Op Fl T | Fl -tokens
+.Op Fl 5 | Fl -v5
+.Op Fl v | Fl -verbose
+.Op Fl l | Fl -list-caches
+.Op Fl f
+.Op Fl -version
+.Op Fl -help
+.Ek
+.Sh DESCRIPTION
+.Nm
+reads and displays the current tickets in the credential cache (also
+known as the ticket file).
+.Pp
+Options supported:
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar cache ,
+.Fl -cache= Ns Ar cache
+.Xc
+credential cache to list
+.It Xo
+.Fl s ,
+.Fl t ,
+.Fl -test
+.Xc
+Test for there being an active and valid TGT for the local realm of
+the user in the credential cache.
+.It Xo
+.Fl T ,
+.Fl -tokens
+.Xc
+display AFS tokens
+.It Xo
+.Fl 5 ,
+.Fl -v5
+.Xc
+display v5 cred cache (this is the default)
+.It Fl f
+Include ticket flags in short form, each character stands for a
+specific flag, as follows:
+.Bl -tag -width XXX -compact -offset indent
+.It F
+forwardable
+.It f
+forwarded
+.It P
+proxiable
+.It p
+proxied
+.It D
+postdate-able
+.It d
+postdated
+.It R
+renewable
+.It I
+initial
+.It i
+invalid
+.It A
+pre-authenticated
+.It H
+hardware authenticated
+.El
+.Pp
+This information is also output with the
+.Fl -verbose
+option, but in a more verbose way.
+.It Xo
+.Fl v ,
+.Fl -verbose
+.Xc
+Verbose output. Include all possible information:
+.Bl -tag -width XXXX -offset indent
+.It Server
+the principal the ticket is for
+.It Ticket etype
+the encryption type used in the ticket, followed by the key version of
+the ticket, if it is available
+.It Session key
+the encryption type of the session key, if it's different from the
+encryption type of the ticket
+.It Auth time
+the time the authentication exchange took place
+.It Start time
+the time that this ticket is valid from (only printed if it's
+different from the auth time)
+.It End time
+when the ticket expires, if it has already expired this is also noted
+.It Renew till
+the maximum possible end time of any ticket derived from this one
+.It Ticket flags
+the flags set on the ticket
+.It Addresses
+the set of addresses from which this ticket is valid
+.El
+.It Xo
+.Fl l ,
+.Fl -list-caches
+.Xc
+List the credential caches for the current users, not all cache types
+supports listing multiple caches.
+.Pp
+.El
+.Sh SEE ALSO
+.Xr kdestroy 1 ,
+.Xr kinit 1
Added: vendor-crypto/heimdal/dist/kuser/klist.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/klist.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/klist.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,639 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+#include "rtbl.h"
+
+RCSID("$Id: klist.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static char*
+printable_time(time_t t)
+{
+ static char s[128];
+ strlcpy(s, ctime(&t)+ 4, sizeof(s));
+ s[15] = 0;
+ return s;
+}
+
+static char*
+printable_time_long(time_t t)
+{
+ static char s[128];
+ strlcpy(s, ctime(&t)+ 4, sizeof(s));
+ s[20] = 0;
+ return s;
+}
+
+#define COL_ISSUED " Issued"
+#define COL_EXPIRES " Expires"
+#define COL_FLAGS "Flags"
+#define COL_PRINCIPAL " Principal"
+#define COL_PRINCIPAL_KVNO " Principal (kvno)"
+#define COL_CACHENAME " Cache name"
+
+static void
+print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
+{
+ char *str;
+ krb5_error_code ret;
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+
+
+ if(cred->times.starttime)
+ rtbl_add_column_entry(ct, COL_ISSUED,
+ printable_time(cred->times.starttime));
+ else
+ rtbl_add_column_entry(ct, COL_ISSUED,
+ printable_time(cred->times.authtime));
+
+ if(cred->times.endtime > sec)
+ rtbl_add_column_entry(ct, COL_EXPIRES,
+ printable_time(cred->times.endtime));
+ else
+ rtbl_add_column_entry(ct, COL_EXPIRES, ">>>Expired<<<");
+ ret = krb5_unparse_name (context, cred->server, &str);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+ rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
+ if(do_flags) {
+ char s[16], *sp = s;
+ if(cred->flags.b.forwardable)
+ *sp++ = 'F';
+ if(cred->flags.b.forwarded)
+ *sp++ = 'f';
+ if(cred->flags.b.proxiable)
+ *sp++ = 'P';
+ if(cred->flags.b.proxy)
+ *sp++ = 'p';
+ if(cred->flags.b.may_postdate)
+ *sp++ = 'D';
+ if(cred->flags.b.postdated)
+ *sp++ = 'd';
+ if(cred->flags.b.renewable)
+ *sp++ = 'R';
+ if(cred->flags.b.initial)
+ *sp++ = 'I';
+ if(cred->flags.b.invalid)
+ *sp++ = 'i';
+ if(cred->flags.b.pre_authent)
+ *sp++ = 'A';
+ if(cred->flags.b.hw_authent)
+ *sp++ = 'H';
+ *sp++ = '\0';
+ rtbl_add_column_entry(ct, COL_FLAGS, s);
+ }
+ free(str);
+}
+
+static void
+print_cred_verbose(krb5_context context, krb5_creds *cred)
+{
+ int j;
+ char *str;
+ krb5_error_code ret;
+ int first_flag;
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+
+ ret = krb5_unparse_name(context, cred->server, &str);
+ if(ret)
+ exit(1);
+ printf("Server: %s\n", str);
+ free (str);
+
+ ret = krb5_unparse_name(context, cred->client, &str);
+ if(ret)
+ exit(1);
+ printf("Client: %s\n", str);
+ free (str);
+
+ {
+ Ticket t;
+ size_t len;
+ char *s;
+
+ decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
+ ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
+ printf("Ticket etype: ");
+ if (ret == 0) {
+ printf("%s", s);
+ free(s);
+ } else {
+ printf("unknown(%d)", t.enc_part.etype);
+ }
+ if(t.enc_part.kvno)
+ printf(", kvno %d", *t.enc_part.kvno);
+ printf("\n");
+ if(cred->session.keytype != t.enc_part.etype) {
+ ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
+ if(ret)
+ krb5_warn(context, ret, "session keytype");
+ else {
+ printf("Session key: %s\n", str);
+ free(str);
+ }
+ }
+ free_Ticket(&t);
+ printf("Ticket length: %lu\n", (unsigned long)cred->ticket.length);
+ }
+ printf("Auth time: %s\n", printable_time_long(cred->times.authtime));
+ if(cred->times.authtime != cred->times.starttime)
+ printf("Start time: %s\n", printable_time_long(cred->times.starttime));
+ printf("End time: %s", printable_time_long(cred->times.endtime));
+ if(sec > cred->times.endtime)
+ printf(" (expired)");
+ printf("\n");
+ if(cred->flags.b.renewable)
+ printf("Renew till: %s\n",
+ printable_time_long(cred->times.renew_till));
+ printf("Ticket flags: ");
+#define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; }
+#define PRINT_FLAG(f) PRINT_FLAG2(f, f)
+ first_flag = 1;
+ PRINT_FLAG(forwardable);
+ PRINT_FLAG(forwarded);
+ PRINT_FLAG(proxiable);
+ PRINT_FLAG(proxy);
+ PRINT_FLAG2(may_postdate, may-postdate);
+ PRINT_FLAG(postdated);
+ PRINT_FLAG(invalid);
+ PRINT_FLAG(renewable);
+ PRINT_FLAG(initial);
+ PRINT_FLAG2(pre_authent, pre-authenticated);
+ PRINT_FLAG2(hw_authent, hw-authenticated);
+ PRINT_FLAG2(transited_policy_checked, transited-policy-checked);
+ PRINT_FLAG2(ok_as_delegate, ok-as-delegate);
+ PRINT_FLAG(anonymous);
+ printf("\n");
+ printf("Addresses: ");
+ if (cred->addresses.len != 0) {
+ for(j = 0; j < cred->addresses.len; j++){
+ char buf[128];
+ size_t len;
+ if(j) printf(", ");
+ ret = krb5_print_address(&cred->addresses.val[j],
+ buf, sizeof(buf), &len);
+
+ if(ret == 0)
+ printf("%s", buf);
+ }
+ } else {
+ printf("addressless");
+ }
+ printf("\n\n");
+}
+
+/*
+ * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
+ */
+
+static void
+print_tickets (krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal principal,
+ int do_verbose,
+ int do_flags,
+ int do_hidden)
+{
+ krb5_error_code ret;
+ char *str;
+ krb5_cc_cursor cursor;
+ krb5_creds creds;
+ int32_t sec, usec;
+
+ rtbl_t ct = NULL;
+
+ ret = krb5_unparse_name (context, principal, &str);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name");
+
+ printf ("%17s: %s:%s\n",
+ "Credentials cache",
+ krb5_cc_get_type(context, ccache),
+ krb5_cc_get_name(context, ccache));
+ printf ("%17s: %s\n", "Principal", str);
+ free (str);
+
+ if(do_verbose)
+ printf ("%17s: %d\n", "Cache version",
+ krb5_cc_get_version(context, ccache));
+
+ krb5_get_kdc_sec_offset(context, &sec, &usec);
+
+ if (do_verbose && sec != 0) {
+ char buf[BUFSIZ];
+ int val;
+ int sig;
+
+ val = sec;
+ sig = 1;
+ if (val < 0) {
+ sig = -1;
+ val = -val;
+ }
+
+ unparse_time (val, buf, sizeof(buf));
+
+ printf ("%17s: %s%s\n", "KDC time offset",
+ sig == -1 ? "-" : "", buf);
+ }
+
+ printf("\n");
+
+ ret = krb5_cc_start_seq_get (context, ccache, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
+
+ if(!do_verbose) {
+ ct = rtbl_create();
+ rtbl_add_column(ct, COL_ISSUED, 0);
+ rtbl_add_column(ct, COL_EXPIRES, 0);
+ if(do_flags)
+ rtbl_add_column(ct, COL_FLAGS, 0);
+ rtbl_add_column(ct, COL_PRINCIPAL, 0);
+ rtbl_set_separator(ct, " ");
+ }
+ while ((ret = krb5_cc_next_cred (context,
+ ccache,
+ &cursor,
+ &creds)) == 0) {
+ const char *str;
+ str = krb5_principal_get_comp_string(context, creds.server, 0);
+ if (!do_hidden && str && str[0] == '@') {
+ ;
+ }else if(do_verbose){
+ print_cred_verbose(context, &creds);
+ }else{
+ print_cred(context, &creds, ct, do_flags);
+ }
+ krb5_free_cred_contents (context, &creds);
+ }
+ if(ret != KRB5_CC_END)
+ krb5_err(context, 1, ret, "krb5_cc_get_next");
+ ret = krb5_cc_end_seq_get (context, ccache, &cursor);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_end_seq_get");
+ if(!do_verbose) {
+ rtbl_format(ct, stdout);
+ rtbl_destroy(ct);
+ }
+}
+
+/*
+ * Check if there's a tgt for the realm of `principal' and ccache and
+ * if so return 0, else 1
+ */
+
+static int
+check_for_tgt (krb5_context context,
+ krb5_ccache ccache,
+ krb5_principal principal,
+ time_t *expiration)
+{
+ krb5_error_code ret;
+ krb5_creds pattern;
+ krb5_creds creds;
+ krb5_realm *client_realm;
+ int expired;
+
+ krb5_cc_clear_mcred(&pattern);
+
+ client_realm = krb5_princ_realm (context, principal);
+
+ ret = krb5_make_principal (context, &pattern.server,
+ *client_realm, KRB5_TGS_NAME, *client_realm,
+ NULL);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_make_principal");
+ pattern.client = principal;
+
+ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
+ krb5_free_principal (context, pattern.server);
+ if (ret) {
+ if (ret == KRB5_CC_END)
+ return 1;
+ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
+ }
+
+ expired = time(NULL) > creds.times.endtime;
+
+ if (expiration)
+ *expiration = creds.times.endtime;
+
+ krb5_free_cred_contents (context, &creds);
+
+ return expired;
+}
+
+/*
+ * Print a list of all AFS tokens
+ */
+
+static void
+display_tokens(int do_verbose)
+{
+ uint32_t i;
+ unsigned char t[4096];
+ struct ViceIoctl parms;
+
+ parms.in = (void *)&i;
+ parms.in_size = sizeof(i);
+ parms.out = (void *)t;
+ parms.out_size = sizeof(t);
+
+ for (i = 0;; i++) {
+ int32_t size_secret_tok, size_public_tok;
+ unsigned char *cell;
+ struct ClearToken ct;
+ unsigned char *r = t;
+ struct timeval tv;
+ char buf1[20], buf2[20];
+
+ if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
+ if(errno == EDOM)
+ break;
+ continue;
+ }
+ if(parms.out_size > sizeof(t))
+ continue;
+ if(parms.out_size < sizeof(size_secret_tok))
+ continue;
+ t[min(parms.out_size,sizeof(t)-1)] = 0;
+ memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
+ /* dont bother about the secret token */
+ r += size_secret_tok + sizeof(size_secret_tok);
+ if (parms.out_size < (r - t) + sizeof(size_public_tok))
+ continue;
+ memcpy(&size_public_tok, r, sizeof(size_public_tok));
+ r += sizeof(size_public_tok);
+ if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
+ continue;
+ memcpy(&ct, r, size_public_tok);
+ r += size_public_tok;
+ /* there is a int32_t with length of cellname, but we dont read it */
+ r += sizeof(int32_t);
+ cell = r;
+
+ gettimeofday (&tv, NULL);
+ strlcpy (buf1, printable_time(ct.BeginTimestamp),
+ sizeof(buf1));
+ if (do_verbose || tv.tv_sec < ct.EndTimestamp)
+ strlcpy (buf2, printable_time(ct.EndTimestamp),
+ sizeof(buf2));
+ else
+ strlcpy (buf2, ">>> Expired <<<", sizeof(buf2));
+
+ printf("%s %s ", buf1, buf2);
+
+ if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
+ printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
+ else
+ printf("Tokens for %s", cell);
+ if (do_verbose)
+ printf(" (%d)", ct.AuthHandle);
+ putchar('\n');
+ }
+}
+
+/*
+ * display the ccache in `cred_cache'
+ */
+
+static int
+display_v5_ccache (const char *cred_cache, int do_test, int do_verbose,
+ int do_flags, int do_hidden)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_principal principal;
+ int exit_status = 0;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if(cred_cache) {
+ ret = krb5_cc_resolve(context, cred_cache, &ccache);
+ if (ret)
+ krb5_err (context, 1, ret, "%s", cred_cache);
+ } else {
+ ret = krb5_cc_default (context, &ccache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_resolve");
+ }
+
+ ret = krb5_cc_get_principal (context, ccache, &principal);
+ if (ret) {
+ if(ret == ENOENT) {
+ if (!do_test)
+ krb5_warnx(context, "No ticket file: %s",
+ krb5_cc_get_name(context, ccache));
+ return 1;
+ } else
+ krb5_err (context, 1, ret, "krb5_cc_get_principal");
+ }
+ if (do_test)
+ exit_status = check_for_tgt (context, ccache, principal, NULL);
+ else
+ print_tickets (context, ccache, principal, do_verbose,
+ do_flags, do_hidden);
+
+ ret = krb5_cc_close (context, ccache);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_close");
+
+ krb5_free_principal (context, principal);
+ krb5_free_context (context);
+ return exit_status;
+}
+
+/*
+ *
+ */
+
+static int
+list_caches(void)
+{
+ krb5_cc_cache_cursor cursor;
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_ccache id;
+ rtbl_t ct;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_cc_cache_get_first (context, NULL, &cursor);
+ if (ret == KRB5_CC_NOSUPP)
+ return 0;
+ else if (ret)
+ krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
+
+ ct = rtbl_create();
+ rtbl_add_column(ct, COL_PRINCIPAL, 0);
+ rtbl_add_column(ct, COL_CACHENAME, 0);
+ rtbl_add_column(ct, COL_EXPIRES, 0);
+ rtbl_set_prefix(ct, " ");
+ rtbl_set_column_prefix(ct, COL_PRINCIPAL, "");
+
+ while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
+ krb5_principal principal;
+ char *name;
+
+ ret = krb5_cc_get_principal(context, id, &principal);
+ if (ret == 0) {
+ time_t t;
+ int expired = check_for_tgt (context, id, principal, &t);
+
+ ret = krb5_unparse_name(context, principal, &name);
+ if (ret == 0) {
+ rtbl_add_column_entry(ct, COL_PRINCIPAL, name);
+ rtbl_add_column_entry(ct, COL_CACHENAME,
+ krb5_cc_get_name(context, id));
+ rtbl_add_column_entry(ct, COL_EXPIRES,
+ expired ? ">>> Expired <<<" :
+ printable_time(t));
+ free(name);
+ krb5_free_principal(context, principal);
+ }
+ }
+ krb5_cc_close(context, id);
+ }
+
+ krb5_cc_cache_end_seq_get(context, cursor);
+
+ rtbl_format(ct, stdout);
+ rtbl_destroy(ct);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int version_flag = 0;
+static int help_flag = 0;
+static int do_verbose = 0;
+static int do_list_caches = 0;
+static int do_test = 0;
+static int do_tokens = 0;
+static int do_v5 = 1;
+static char *cred_cache;
+static int do_flags = 0;
+static int do_hidden = 0;
+
+static struct getargs args[] = {
+ { NULL, 'f', arg_flag, &do_flags },
+ { "cache", 'c', arg_string, &cred_cache,
+ "credentials cache to list", "cache" },
+ { "test", 't', arg_flag, &do_test,
+ "test for having tickets", NULL },
+ { NULL, 's', arg_flag, &do_test },
+ { "tokens", 'T', arg_flag, &do_tokens,
+ "display AFS tokens", NULL },
+ { "v5", '5', arg_flag, &do_v5,
+ "display v5 cred cache", NULL},
+ { "list-caches", 'l', arg_flag, &do_list_caches,
+ "verbose output", NULL },
+ { "verbose", 'v', arg_flag, &do_verbose,
+ "verbose output", NULL },
+ { "hidden", 0, arg_flag, &do_hidden,
+ "display hidden credentials", NULL },
+ { NULL, 'a', arg_flag, &do_verbose },
+ { NULL, 'n', arg_flag, &do_verbose },
+ { "version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ { "help", 0, arg_flag, &help_flag,
+ NULL, NULL}
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main (int argc, char **argv)
+{
+ int optidx = 0;
+ int exit_status = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 0)
+ usage (1);
+
+ if (do_list_caches) {
+ exit_status = list_caches();
+ return exit_status;
+ }
+
+ if (do_v5)
+ exit_status = display_v5_ccache (cred_cache, do_test,
+ do_verbose, do_flags, do_hidden);
+
+ if (!do_test) {
+ if (do_tokens && k_hasafs ()) {
+ if (do_v5)
+ printf ("\n");
+ display_tokens (do_verbose);
+ }
+ }
+
+ return exit_status;
+}
Added: vendor-crypto/heimdal/dist/kuser/kuser_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kuser_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kuser_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kuser_locl.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef __KUSER_LOCL_H__
+#define __KUSER_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#include <roken.h>
+#include <getarg.h>
+#include <parse_time.h>
+#include <err.h>
+#include <krb5.h>
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif
+#include <kafs.h>
+#include "crypto-headers.h" /* for des_read_pw_string */
+
+#endif /* __KUSER_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/kuser/kverify.c
===================================================================
--- vendor-crypto/heimdal/dist/kuser/kverify.c (rev 0)
+++ vendor-crypto/heimdal/dist/kuser/kverify.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 1997 - 2005, 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kuser_locl.h"
+
+RCSID("$Id: kverify.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int help_flag = 0;
+static int version_flag = 0;
+
+static struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[principal]");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_creds cred;
+ krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
+ krb5_get_init_creds_opt *get_options;
+ krb5_verify_init_creds_opt verify_options;
+ krb5_principal principal = NULL;
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_get_init_creds_opt_alloc (context, &get_options);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+
+ krb5_get_init_creds_opt_set_preauth_list (get_options,
+ pre_auth_types,
+ 1);
+
+ krb5_verify_init_creds_opt_init (&verify_options);
+
+ if (argc) {
+ ret = krb5_parse_name(context, argv[0], &principal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name: %s", argv[0]);
+ }
+
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ NULL,
+ krb5_prompter_posix,
+ NULL,
+ 0,
+ NULL,
+ get_options);
+ if (ret)
+ errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret));
+
+ ret = krb5_verify_init_creds (context,
+ &cred,
+ NULL,
+ NULL,
+ NULL,
+ &verify_options);
+ if (ret)
+ errx (1, "krb5_verify_init_creds: %s",
+ krb5_get_err_text(context, ret));
+ krb5_free_cred_contents (context, &cred);
+ krb5_free_context (context);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/45/45_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/45/45_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/45/45_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __45_LOCL_H__
+#define __45_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+#include <krb5.h>
+#include <krb.h>
+#include <prot.h>
+
+#endif /* __45_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/45/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/45/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/45/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,11 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+lib_LIBRARIES = @EXTRA_LIB45@
+
+EXTRA_LIBRARIES = lib45.a
+
+lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
Added: vendor-crypto/heimdal/dist/lib/45/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/45/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/45/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,787 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = lib/45
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)"
+libLIBRARIES_INSTALL = $(INSTALL_DATA)
+LIBRARIES = $(lib_LIBRARIES)
+ARFLAGS = cru
+lib45_a_AR = $(AR) $(ARFLAGS)
+lib45_a_LIBADD =
+am_lib45_a_OBJECTS = get_ad_tkt.$(OBJEXT) mk_req.$(OBJEXT)
+lib45_a_OBJECTS = $(am_lib45_a_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(lib45_a_SOURCES)
+DIST_SOURCES = $(lib45_a_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+lib_LIBRARIES = @EXTRA_LIB45@
+EXTRA_LIBRARIES = lib45.a
+lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/45/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/45/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLIBRARIES: $(lib_LIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(libLIBRARIES_INSTALL) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(libLIBRARIES_INSTALL) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+ @$(POST_INSTALL)
+ @list='$(lib_LIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ p=$(am__strip_dir) \
+ echo " $(RANLIB) '$(DESTDIR)$(libdir)/$$p'"; \
+ $(RANLIB) "$(DESTDIR)$(libdir)/$$p"; \
+ else :; fi; \
+ done
+
+uninstall-libLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLIBRARIES:
+ -test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES)
+lib45.a: $(lib45_a_OBJECTS) $(lib45_a_DEPENDENCIES)
+ -rm -f lib45.a
+ $(lib45_a_AR) lib45.a $(lib45_a_OBJECTS) $(lib45_a_LIBADD)
+ $(RANLIB) lib45.a
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LIBRARIES) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libLIBRARIES clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook \
+ uninstall-libLIBRARIES
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/45/get_ad_tkt.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/45/get_ad_tkt.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/45/get_ad_tkt.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1997, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "45_locl.h"
+
+RCSID("$Id: get_ad_tkt.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/* get an additional version 4 ticket via the 524 protocol */
+
+#ifndef NEVERDATE
+#define NEVERDATE ((unsigned long)0x7fffffffL)
+#endif
+
+int
+get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime)
+{
+ krb5_error_code ret;
+ int code;
+ krb5_context context;
+ krb5_ccache id;
+ krb5_creds in_creds, *out_creds;
+ CREDENTIALS cred;
+ time_t now;
+ char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
+
+ ret = krb5_init_context(&context);
+ if(ret)
+ return KFAILURE;
+ ret = krb5_cc_default(context, &id);
+ if(ret){
+ krb5_free_context(context);
+ return KFAILURE;
+ }
+ memset(&in_creds, 0, sizeof(in_creds));
+ now = time(NULL);
+ in_creds.times.endtime = krb_life_to_time(time(NULL), lifetime);
+ if(in_creds.times.endtime == NEVERDATE)
+ in_creds.times.endtime = 0;
+ ret = krb5_cc_get_principal(context, id, &in_creds.client);
+ if(ret){
+ krb5_cc_close(context, id);
+ krb5_free_context(context);
+ return KFAILURE;
+ }
+ ret = krb5_524_conv_principal(context, in_creds.client,
+ pname, pinst, prealm);
+ if(ret){
+ krb5_free_principal(context, in_creds.client);
+ krb5_cc_close(context, id);
+ krb5_free_context(context);
+ return KFAILURE;
+ }
+ ret = krb5_425_conv_principal(context, service, sinstance, realm,
+ &in_creds.server);
+ if(ret){
+ krb5_free_principal(context, in_creds.client);
+ krb5_cc_close(context, id);
+ krb5_free_context(context);
+ return KFAILURE;
+ }
+ ret = krb5_get_credentials(context,
+ 0,
+ id,
+ &in_creds,
+ &out_creds);
+ krb5_free_principal(context, in_creds.client);
+ krb5_free_principal(context, in_creds.server);
+ if(ret){
+ krb5_cc_close(context, id);
+ krb5_free_context(context);
+ return KFAILURE;
+ }
+ ret = krb524_convert_creds_kdc_ccache(context, id, out_creds, &cred);
+ krb5_cc_close(context, id);
+ krb5_free_context(context);
+ krb5_free_creds(context, out_creds);
+ if(ret)
+ return KFAILURE;
+ code = save_credentials(cred.service, cred.instance, cred.realm,
+ cred.session, cred.lifetime, cred.kvno,
+ &cred.ticket_st, now);
+ if(code == NO_TKT_FIL)
+ code = tf_setup(&cred, pname, pinst);
+ memset(&cred.session, 0, sizeof(cred.session));
+ return code;
+}
Added: vendor-crypto/heimdal/dist/lib/45/mk_req.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/45/mk_req.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/45/mk_req.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* implementation of krb_mk_req that uses 524 protocol */
+
+#include "45_locl.h"
+
+RCSID("$Id: mk_req.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int lifetime = 255;
+
+static void
+build_request(KTEXT req,
+ const char *name, const char *inst, const char *realm,
+ uint32_t checksum)
+{
+ struct timeval tv;
+ krb5_storage *sp;
+ krb5_data data;
+ sp = krb5_storage_emem();
+ krb5_store_stringz(sp, name);
+ krb5_store_stringz(sp, inst);
+ krb5_store_stringz(sp, realm);
+ krb5_store_int32(sp, checksum);
+ gettimeofday(&tv, NULL);
+ krb5_store_int8(sp, tv.tv_usec / 5000);
+ krb5_store_int32(sp, tv.tv_sec);
+ krb5_storage_to_data(sp, &data);
+ krb5_storage_free(sp);
+ memcpy(req->dat, data.data, data.length);
+ req->length = (data.length + 7) & ~7;
+ krb5_data_free(&data);
+}
+
+#ifdef KRB_MK_REQ_CONST
+int
+krb_mk_req(KTEXT authent,
+ const char *service, const char *instance, const char *realm,
+ int32_t checksum)
+#else
+int
+krb_mk_req(KTEXT authent,
+ char *service, char *instance, char *realm,
+ int32_t checksum)
+
+#endif
+{
+ CREDENTIALS cr;
+ KTEXT_ST req;
+ krb5_storage *sp;
+ int code;
+ /* XXX get user realm */
+ const char *myrealm = realm;
+ krb5_data a;
+
+ code = krb_get_cred(service, instance, realm, &cr);
+ if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
+ code = get_ad_tkt((char *)service,
+ (char *)instance, (char *)realm, lifetime);
+ if(code == KSUCCESS)
+ code = krb_get_cred(service, instance, realm, &cr);
+ }
+
+ if(code)
+ return code;
+
+ sp = krb5_storage_emem();
+
+ krb5_store_int8(sp, KRB_PROT_VERSION);
+ krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
+
+ krb5_store_int8(sp, cr.kvno);
+ krb5_store_stringz(sp, realm);
+ krb5_store_int8(sp, cr.ticket_st.length);
+
+ build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
+ encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
+
+ krb5_store_int8(sp, req.length);
+
+ krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
+ krb5_storage_write(sp, req.dat, req.length);
+ krb5_storage_to_data(sp, &a);
+ krb5_storage_free(sp);
+ memcpy(authent->dat, a.data, a.length);
+ authent->length = a.length;
+ krb5_data_free(&a);
+
+ memset(&cr, 0, sizeof(cr));
+ memset(&req, 0, sizeof(req));
+
+ return KSUCCESS;
+}
+
+/*
+ * krb_set_lifetime sets the default lifetime for additional tickets
+ * obtained via krb_mk_req().
+ *
+ * It returns the previous value of the default lifetime.
+ */
+
+int
+krb_set_lifetime(int newval)
+{
+ int olife = lifetime;
+
+ lifetime = newval;
+ return(olife);
+}
Added: vendor-crypto/heimdal/dist/lib/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,22 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+if KRB4
+dir_45 = 45
+endif
+if OTP
+dir_otp = otp
+endif
+if DCE
+dir_dce = kdfs
+endif
+if COM_ERR
+dir_com_err = com_err
+endif
+if !HAVE_OPENSSL
+dir_hcrypto = hcrypto
+endif
+
+SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \
+ krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce)
Added: vendor-crypto/heimdal/dist/lib/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,823 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = lib
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = roken vers editline com_err sl asn1 hcrypto hx509 krb5 \
+ ntlm kafs gssapi hdb kadm5 auth 45 otp kdfs
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ at KRB4_TRUE@dir_45 = 45
+ at OTP_TRUE@dir_otp = otp
+ at DCE_TRUE@dir_dce = kdfs
+ at COM_ERR_TRUE@dir_com_err = com_err
+ at HAVE_OPENSSL_FALSE@dir_hcrypto = hcrypto
+SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \
+ krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce)
+
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/asn1/CMS.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/CMS.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/CMS.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,157 @@
+-- From RFC 3369 --
+-- $Id: CMS.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ --
+
+CMS DEFINITIONS ::= BEGIN
+
+IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
+ Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
+ heim_any, heim_any_set FROM heim;
+
+id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs7(7) }
+
+id-pkcs7-data OBJECT IDENTIFIER ::= { id-pkcs7 1 }
+id-pkcs7-signedData OBJECT IDENTIFIER ::= { id-pkcs7 2 }
+id-pkcs7-envelopedData OBJECT IDENTIFIER ::= { id-pkcs7 3 }
+id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= { id-pkcs7 4 }
+id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 }
+id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 }
+
+CMSVersion ::= INTEGER {
+ CMSVersion_v0(0),
+ CMSVersion_v1(1),
+ CMSVersion_v2(2),
+ CMSVersion_v3(3),
+ CMSVersion_v4(4)
+}
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+
+ContentType ::= OBJECT IDENTIFIER
+MessageDigest ::= OCTET STRING
+
+ContentInfo ::= SEQUENCE {
+ contentType ContentType,
+ content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType
+}
+
+EncapsulatedContentInfo ::= SEQUENCE {
+ eContentType ContentType,
+ eContent [0] EXPLICIT OCTET STRING OPTIONAL
+}
+
+CertificateSet ::= SET OF heim_any
+
+CertificateList ::= Certificate
+
+CertificateRevocationLists ::= SET OF CertificateList
+
+IssuerAndSerialNumber ::= SEQUENCE {
+ issuer Name,
+ serialNumber CertificateSerialNumber
+}
+
+-- RecipientIdentifier is same as SignerIdentifier,
+-- lets glue them togheter and save some bytes and share code for them
+
+CMSIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+SignerIdentifier ::= CMSIdentifier
+RecipientIdentifier ::= CMSIdentifier
+
+--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
+--- to store space and share code
+
+CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX)
+
+SignatureValue ::= OCTET STRING
+
+SignerInfo ::= SEQUENCE {
+ version CMSVersion,
+ sid SignerIdentifier,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ signedAttrs [0] IMPLICIT -- CMSAttributes --
+ SET OF Attribute OPTIONAL,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature SignatureValue,
+ unsignedAttrs [1] IMPLICIT -- CMSAttributes --
+ SET OF Attribute OPTIONAL
+}
+
+SignerInfos ::= SET OF SignerInfo
+
+SignedData ::= SEQUENCE {
+ version CMSVersion,
+ digestAlgorithms DigestAlgorithmIdentifiers,
+ encapContentInfo EncapsulatedContentInfo,
+ certificates [0] IMPLICIT -- CertificateSet --
+ SET OF heim_any OPTIONAL,
+ crls [1] IMPLICIT -- CertificateRevocationLists --
+ heim_any OPTIONAL,
+ signerInfos SignerInfos
+}
+
+OriginatorInfo ::= SEQUENCE {
+ certs [0] IMPLICIT -- CertificateSet --
+ SET OF heim_any OPTIONAL,
+ crls [1] IMPLICIT --CertificateRevocationLists --
+ heim_any OPTIONAL
+}
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+EncryptedKey ::= OCTET STRING
+
+KeyTransRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 0 or 2
+ rid RecipientIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey
+}
+
+RecipientInfo ::= KeyTransRecipientInfo
+
+RecipientInfos ::= SET OF RecipientInfo
+
+EncryptedContent ::= OCTET STRING
+
+EncryptedContentInfo ::= SEQUENCE {
+ contentType ContentType,
+ contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+ encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
+}
+
+UnprotectedAttributes ::= SET OF Attribute -- SIZE (1..MAX)
+
+CMSEncryptedData ::= SEQUENCE {
+ version CMSVersion,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
+ heim_any OPTIONAL
+}
+
+EnvelopedData ::= SEQUENCE {
+ version CMSVersion,
+ originatorInfo [0] IMPLICIT -- OriginatorInfo -- heim_any OPTIONAL,
+ recipientInfos RecipientInfos,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
+ heim_any OPTIONAL
+}
+
+-- Data ::= OCTET STRING
+
+CMSRC2CBCParameter ::= SEQUENCE {
+ rc2ParameterVersion INTEGER (0..4294967295),
+ iv OCTET STRING -- exactly 8 octets
+}
+
+CMSCBCParameter ::= OCTET STRING
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1649 @@
+2008-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * asn1-common.h gen.c der.c gen_encode.c: add and use der_{malloc,free}
+
+2007-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * libasn1.h: remove, not used.
+
+2007-12-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add DigestTypes, add --seq to antoher type.
+
+ * digest.asn1: Add supportedMechs request.
+
+2007-10-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: Some "old" windows enctypes. From Andy Polyakov.
+
+2007-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Fold in pk-init-alg-agilty.
+
+ * pkinit.asn1: Fold in pk-init-alg-agilty.
+
+2007-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: Passe object id is its part of the module defintion
+ statement.
+
+2007-07-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-gen.c: test SEQ OF SIZE (...)
+
+ * Makefile.am: Include more sizeof tests.
+
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * try to avoid aliasing of pointers enum {} vs int
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test.asn1: Test SIZE attribute for SEQ and OCTET STRING
+
+ * parse.y (OctetStringType): add SIZE to OCTET STRING.
+
+ * Makefile.am: New library version.
+
+2007-07-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: Re-add size limits.
+
+ * k5.asn1: Add size limits from RFC 4120.
+
+ * gen_decode.c: Check range on SEQ OF and OCTET STRING.
+
+ * asn1_err.et (min|max|exact) constraints.
+
+ * parse.y: Parse size limitations to SEQ OF.
+
+2007-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add AuthorityInfoAccessSyntax.
+
+ * rfc2459.asn1: Add AuthorityInfoAccessSyntax.
+
+ * rfc2459.asn1: Add authorityInfoAccess, rename proxyCertInfo.
+
+ * Makefile.am: Add authorityInfoAccess, rename proxyCertInfo.
+
+2007-06-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_get.c (der_get_time): avoid using wrapping of octet_string
+ and realloc.
+
+ * der_get.c: No need to undef timetm, we don't use it any more.
+
+ * timegm.c: Fix spelling caused by too much query-replace.
+
+ * gen.c: Include <limits.h> for UINT_MAX.
+
+ * gen_decode.c: Check for multipication overrun.
+
+ * gen_encode.c: Paranoia check in buffer overun in output
+ function.
+
+ * check-der.c: Test boolean.
+
+ * check-der.c: test universal strings.
+
+ * check-der.c: Test failure cases for der_get_tag.
+
+ * check-der.c: test dates from last century.
+
+ * check-der.c: Move zero length integercheck to a better place.
+
+ * check-der.c: Test zero length integer.
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: Init data to something.
+
+2007-06-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: Add KRB5-AUTHDATA-INITIAL-VERIFIED-CAS.
+
+2007-06-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pkinit.asn1: Make the pkinit nonce signed (like the kerberos
+ nonce).
+
+2007-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: Free more memory.
+
+ * der_format.c: Don't accect zero length hex numbers.
+
+ * check-der.c: Also free right memory.
+
+ * main.c: Close asn1 file when done.
+
+ * check-der.c: more check for der_parse_hex_heim_integer
+
+ * der_format.c (der_parse_hex_heim_integer): check length before
+ reading data.
+
+ * check-gen.c (test_authenticator): free memory
+
+2007-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add MS-UPN-SAN
+
+ * pkinit.asn1: add MS-UPN-SAN
+
+ * rfc2459.asn1: Do evil things to handle IMPLICIT encoded
+ structures. Add id-ms-client-authentication.
+
+2007-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add asn1_id_ms_cert_enroll_domaincontroller.x
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c: Add struct units; as a forward declaration. Pointed out
+ by Marcus Watts.
+
+ * rfc2459.asn1: Netscape extentions
+
+ * Makefile.am: add U.S. Federal PKI Common Policy Framework
+
+ * rfc2459.asn1: add U.S. Federal PKI Common Policy Framework
+
+2007-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_seq.c: Handle the case of resize to 0 and realloc that
+ returns NULL.
+
+ * check-gen.c (check_seq): free seq.
+
+2007-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c (test_heim_oid_format_same): avoid leaking memory in
+ the non failure case too
+
+2007-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: remove extra ^Q
+
+2007-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_get.c: Allow trailing NULs. We allow this since MIT Kerberos
+ sends an strings in the NEED_PREAUTH case that includes a trailing
+ NUL.
+
+2007-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+
+ * Makefile.am: Add PA-ClientCanonicalized and friends.
+
+ * k5.asn1: Add PA-ClientCanonicalized and friends.
+
+2007-02-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: Drop one over INT_MAX test-case.
+
+2007-02-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pkinit.asn1: add id-pkinit-ms-eku
+
+ * pkinit.asn1: fill in more bits of id-pkinit-ms-san
+
+2007-02-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * digest.asn1: rename hash-a1 to session key
+
+2007-02-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * digest.asn1: Add elements to send in requestResponse to KDC and
+ get status of the request.
+
+2007-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: seq rules for CRLDistributionPoints
+
+2007-01-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add CRLDistributionPoints and friends
+
+2007-01-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: check BMPstring oddlength more
+
+ * check-der.c: Test for NUL char in string in GENERAL STRING.
+
+ * der_get.c: Check for NUL characters in string and return
+ ASN1_BAD_CHARACTER error-code if we find them.
+
+ * asn1_err.et: Add BAD_CHARACTER error.
+
+2007-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add id-at-streetAddress.
+
+ * rfc2459.asn1: Add id-at-streetAddress.
+
+2007-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: Add PKIXXmppAddr and id-pkix-on-xmppAddr.
+
+2006-12-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add id-pkix-kp oids.
+
+ * rfc2459.asn1: Add id-pkix-kp oids.
+
+2006-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_encode.c: Named bit strings have this horrible, disgusting,
+ compress bits until they are no longer really there but stuff in
+ an initial octet anyway encoding scheme. Try to get it right and
+ calculate the initial octet runtime instead of compiletime.
+
+ * check-gen.c: Check all other silly bitstring combinations.
+
+ * Makefile.am: Add --sequence=Extensions to rfc2459.
+
+2006-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kx509.asn1: Add kx509.
+
+ * Makefile.am: Add kx509.
+
+ * Add VisibleString parsing
+
+2006-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add ntlm files.
+
+ * digest.asn1: Add bits for handling NTLM.
+
+2006-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add pkix proxy cert policy lang oids
+
+ * rfc2459.asn1: add pkix proxy cert policy lang oids
+
+2006-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: unbreak id-pe-proxyCertInfo
+
+ * rfc2459.asn1: Add id-pkix-on-dnsSRV and related oids
+
+2006-11-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add explicit depenency to LIB_roken for libasn1.la,
+ make AIX happy.
+
+2006-11-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_format.c (der_print_heim_oid): oid with zero length is
+ invalid, fail to print.
+
+2006-11-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_format.c (der_print_heim_oid): use delim when printing.
+
+2006-11-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: Make KRB5-PADATA-S4U2SELF pa type 129.
+
+2006-10-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * asn1_err.et: add EXTRA_DATA
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-gen.c: avoid leaking memory
+
+ * check-der.c: avoid leaking memory
+
+ * der_format.c (der_parse_heim_oid): avoid leaking memory
+
+ * check-common.c: Print size_t as (unsigned long) and cast.
+
+ * check-common.c: Try to align data, IA64's gets upset if its
+ unaligned.
+
+ * lex.l: add missing */
+
+ * lex.c: need %e for hpux lex
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: remove dups from gen_files_test, add check-timegm.
+
+ * Makefile.am: include more test.asn1 built files
+
+ * Makefile.am: More files, now for make check.
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add missing files
+
+ * Makefile.am (asn1_compile_SOURCES): add gen_locl.h
+
+ * check-timegm.c: Add check for _der_timegm.
+
+ * der_get.c (generalizedtime2time): always use _der_timegm.
+
+ * timegm.c: make more strict
+
+ * der_locl.h: Rename timegm to _der_timegm.
+
+2006-10-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * timegm.c: vJust fail if tm_mon is out of range for now XXXX this
+ is wrong.
+
+2006-10-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: extra depencies on der-protos.h
+
+2006-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: Prefix primitive types with der_.
+
+ * timegm.c: rename the buildin timegm to _der_timegm
+
+ * heim_asn1.h: move prototype away from here.
+
+ * der_format.c: Add der_parse_heim_oid
+
+ * gen_free.c: prefix primitive types with der_
+
+ * der_copy.c: prefix primitive types with der_
+
+ * gen_length.c: prefix primitive types with der_
+
+ * der_length.c: prefix primitive types with der_
+
+ * der_cmp.c: prefix primitive types with der_
+
+ * gen_free.c: prefix primitive types with der_
+
+ * der_free.c: prefix primitive types with der_
+
+ * gen_copy.c: prefix primitive types with der_
+
+ * der_copy.c: rename copy_ to der_copy_
+
+ * Makefile.am: Add der-protos.h to nodist_include_HEADERS.
+
+ * der.h: use newly built <der-protos.h>
+
+ * Makefile.am: Generate der prototypes.
+
+ * gen.c: move any definitions here.
+
+ * asn1-common.h: move any definitions here.
+
+ * der.h: remove der_parse_oid prototype, it was never implemented.
+
+ * der.h: New der_print_heim_oid signature. Test
+ der_parse_heim_oid
+
+ * check-der.c: New der_print_heim_oid signature. Test
+ der_parse_heim_oid
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lex.l: Grow an even larger output table size.
+
+ * Makefile.am: split build files into dist_ and noinst_ SOURCES
+
+2006-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_seq.c: In generation of remove_TYPE: if you just removed the
+ last element, you must not memmove memory beyond the array. From
+ Andrew Bartlett
+
+2006-10-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lex.l: Grow (%p, %a, %n) tables for Solaris 10 lex. From Harald
+ Barth.
+
+2006-09-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type): drop unused variable realtype.
+
+2006-09-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add KRB5SignedPath and friends.
+
+ * k5.asn1: Add KRB5SignedPath and friends.
+
+ * Makefile.am: Add new sequence generation for GeneralNames.
+
+2006-09-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * CMS.asn1 (CMSVersion): rename versions from v0 to CMSVersion_v0,
+ ...
+
+2006-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add TESTSeqOf for testing sequence generation code.
+
+ * check-gen.c: Add sequence tests.
+
+ * test.asn1: Add TESTSeqOf for testing sequence generation code.
+
+ * gen_seq.c: fix warning.
+
+ * gen_seq.c: make generated data work
+
+ * setchgpw2.asn1: enctype is part of the krb5 module now, use that
+ instead of locally defining it.
+
+ * Makefile.am: asn1_compile += gen_seq.c
+
+ * gen_locl.h: add new prototypes, remove unused ones.
+
+ * gen.c: Generate sequence function.
+
+ * main.c: add --sequence
+
+ * gen_seq.c: Add generated add_ and remove_ for "SEQUENCE OF
+ TType". I'm tried of writing realloc(foo->data,
+ sizeof(foo->data[0]) + (foo->len + 1)); Only generated for those
+ type that is enabled by the command flag --sequence.
+
+2006-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * digest.asn1 (DigestRequest): add authid
+
+ * digest.asn1: Comment describing on how to communicate the sasl
+ int/conf mode.
+
+2006-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * digest.asn1: Add some missing fields needed for digest.
+
+2006-08-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * digest.asn1: Tweak to make consisten and more easier to use.
+
+2006-07-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Remove CMS symmetric encryption support. Add
+ DigestProtocol.
+
+ * digest.asn1: DigestProtocol
+
+ * k5.asn1: Remove CMS symmetric encryption support.
+
+2006-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c (check_fail_heim_integer): disable test
+
+ * der_get.c (der_get_heim_integer): revert part of previous
+
+ * der_get.c (der_get_heim_integer): Add more checks
+
+ * asn1_print.c: Add printing of bignums and use der_print_heim_oid
+
+ * check-der.c (test_heim_oid_format_same): add printing on failure
+
+ * check-der.c: Add one check for heim_int, add checking for oid
+ printing
+
+2006-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Impersonation support bits (and sort)
+
+ * k5.asn1: Impersonation support bits.
+
+2006-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_format.c (der_parse_hex_heim_integer): avoid shadowing.
+
+2006-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add ExternalPrincipalIdentifiers, shared between
+ several elements.
+
+ * pkinit.asn1: Add ExternalPrincipalIdentifiers, shared between
+ several elements.
+
+2006-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: Add missing ;'s, found by bison on a SuSE 8.2 machine.
+
+2006-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add definitions from RFC 3820, Proxy Certificate
+ Profile.
+
+ * rfc2459.asn1: Add definitions from RFC 3820, Proxy Certificate
+ Profile.
+
+2006-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: Add id-Userid
+
+ * Makefile.am: Add UID and email
+
+ * pkcs9.asn1: Add id-pkcs9-emailAddress
+
+ * Makefile.am: Add attribute type oids from X520 and RFC 2247 DC
+ oid
+
+ * rfc2459.asn1: Add attribute type oids from X520 and RFC 2247 DC
+ oid
+
+2006-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add sha-1 and sha-2
+
+ * rfc2459.asn1: add sha-1 and sha-2
+
+2006-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add id-pkcs1-sha256WithRSAEncryption and friends
+
+ * rfc2459.asn1: Add id-pkcs1-sha256WithRSAEncryption and friends
+
+ * CMS.asn1: Turn CMSRC2CBCParameter.rc2ParameterVersion into a
+ constrained integer
+
+2006-04-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hash.c (hashtabnew): check for NULL before setting structure.
+ Coverity, NetBSD CID#4
+
+2006-03-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: gen_files_rfc2459 += asn1_ExtKeyUsage.x
+
+ * rfc2459.asn1: Add ExtKeyUsage.
+
+ * gen.c (generate_header_of_codefile): remove unused variable.
+
+2006-03-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c: Put all the IMPORTed headers into the headerfile to avoid
+ hidden depencies.
+
+2006-03-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add id-pkinit-ms-san.
+
+ * pkinit.asn1: Add id-pkinit-ms-san.
+
+ * k5.asn1 (PADATA-TYPE): Add KRB5-PADATA-PA-PK-OCSP-RESPONSE
+
+2006-03-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add pkinit-san.
+
+ * pkinit.asn1: Rename id-pksan to id-pkinit-san
+
+2006-03-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c (init_generate): Nothing in the generated files needs
+ timegm(), so no need to provide a prototype for it.
+
+2006-02-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pkinit.asn1: paChecksum is now OPTIONAL so it can be upgraded to
+ something better then SHA1
+
+2006-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * extra.c: Stub-generator now generates alloc statements for
+ tagless ANY OPTIONAL, remove workaround.
+
+ * check-gen.c: check for "tagless ANY OPTIONAL"
+
+ * test.asn1: check for "tagless ANY OPTIONAL"
+
+2006-01-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der.h: UniversalString and BMPString are both implemented.
+
+ * der.h: Remove , after the last element of enum.
+
+ * asn1_gen.c: Spelling.
+
+2006-01-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_length.c (length_heim_integer): Try handle negative length
+ of integers better.
+
+ * der_get.c (der_get_heim_integer): handle negative integers.
+
+ * check-der.c: check heim_integer.
+
+2006-01-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Its cRLReason, not cRLReasons
+
+ * canthandle.asn1: "Allocation is done on CONTEXT tags" works just
+ fine.
+
+ * rfc2459.asn1: Add CRL structures and OIDs.
+
+ * Makefile.am: Add CRL and TESTAlloc structures and OIDs.
+
+ * check-gen.c: Check OPTIONAL context-tagless elements.
+
+ * test.asn1: Check OPTIONAL context-tagless elements.
+
+ * der_cmp.c (heim_integer_cmp): make it work with negative
+ numbers.
+
+2006-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: check that der_parse_hex_heim_integer() handles odd
+ length numbers.
+
+ * der_format.c (der_parse_hex_heim_integer): make more resiliant
+ to errors, handle odd length numbers.
+
+2006-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add RSAPrivateKey
+
+ * rfc2459.asn1: Add RSAPrivateKey.
+
+2006-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_copy.c (copy_heim_integer): copy the negative flag
+
+2005-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: Drop ExceptionSpec for now, its not used.
+
+2005-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test.asn1: Add test string for constraints.
+
+ * symbol.h: Add support for part of the Constraint-s
+
+ * gen.c: Set new constraints pointer in Type to NULL for inline
+ constructed types.
+
+ * parse.y: Add support for parsing part of the Constraint-s
+
+2005-10-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add some X9.57 (DSA) oids, sort lines
+
+ * rfc2459.asn1: Add some X9.57 (DSA) oids.
+
+2005-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Remove pk-init-19 support.
+
+ * pkinit.asn1: Fix comment
+
+ * check-der.c: Add tests for parse and print functions for
+ heim_integer.
+
+ * Makefile.am: Add parse and print functions for heim_integer.
+
+ * der_format.c: Add parse and print functions for heim_integer.
+
+ * der.h: Add parse and print functions for heim_integer.
+
+2005-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (gen_files_rfc2459) += asn1_DHPublicKey.x
+
+ * rfc2459.asn1: Add DHPublicKey, and INTEGER to for storing the DH
+ public key in the SubjectPublicKeyInfo.subjectPublicKey BIT
+ STRING.
+
+2005-09-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c: TSequenceOf/TSetOf: Increase the length of the
+ array after successful decoding the next element, so that the
+ array don't contain heap-data.
+
+2005-09-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: Avoid empty array initiators.
+
+ * pkcs8.asn1 (PKCS8PrivateKeyInfo): Inline SET OF to avoid
+ compiler "feature"
+
+ * check-common.c: Avoid signedness warnings.
+
+ * check-common.h: Makes bytes native platform signed to avoid
+ casting everywhere
+
+ * check-der.c: Don't depend on malloc(very-very-larger-value) will
+ fail. Cast to unsigned long before printing size_t.
+
+ * check-gen.c: Don't depend on malloc(very-very-larger-value) will
+ fail.
+
+ * check-gen.c: Fix signedness warnings.
+
+ * lex.l: unput() have to hanppen in actions for flex 2.5.31, can
+ do them in user code sesction, so move up handle_comment and
+ handle_string into action, not much sharing was done anyway.
+
+2005-09-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c (test_one_int): len and len_len is size_t
+
+2005-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_encode.c: Change name of oldret for each instance its used
+ to avoid shadow warning. From: Stefan Metzmacher
+ <metze at samba.org>.
+
+ * gen_length.c: Change name of oldret for each instance its used
+ to avoid shadow warning. From: Stefan Metzmacher
+ <metze at samba.org>.
+
+ * gen_decode.c: Change name of oldret for each instance its used
+ to avoid shadow warning. From: Stefan Metzmacher
+ <metze at samba.org>.
+
+ * parse.y: Const poision yyerror.
+
+ * gen.c: Const poision.
+
+2005-08-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: Add KRB5-PADATA-PK-AS-09-BINDING, client send
+ this (with an empty pa-data.padata-value) to tell the KDC that the
+ client support the binding the PA-REP to the AS-REQ packet. This
+ is to fix the problem lack of binding the AS-REQ to the PK-AS-REP
+ in pre PK-INIT-27. The nonce is replaced with a asCheckSum.
+
+2005-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * canthandle.asn1: Allocation is done on CONTEXT tags.
+
+ * asn1_gen.c: rename optind to optidx to avoid shadow warnings
+
+2005-07-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: add id-rsadsi-rc2-cbc
+
+ * Makefile.am: add another oid for rc2
+
+2005-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: Make variable initiation constant by moving them to
+ global context
+
+ * check-gen.c: change to c89 comment
+
+2005-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: remove duplicate asn1_CMSAttributes.x
+
+2005-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * asn1_print.c: rename optind to optidx
+
+ * Makefile.am: Update to pkinit-27
+
+ * pkinit.asn1: Update to pkinit-27
+
+2005-07-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: make it work for non c99 compilers too
+
+ * check-der.c: start testing BIT STRING
+
+ * der_cmp.c (heim_bit_string_cmp): try handle corner cases better
+
+ * gen_free.c (free_type): free bignum integers
+
+2005-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add PKCS12-OctetString
+
+ * pkcs12.asn1: add PKCS12-OctetString
+
+ * Makefile.am: add new files
+
+ * rfc2459.asn1: include SET OF in Attribute to make the type more
+ useful
+
+ * CMS.asn1: handle IMPLICIT and share some common structures
+
+2005-07-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: Include enough workarounds that this even might
+ work.
+
+ * check-gen.c: Two implicit tests, one with all structures inlined
+
+ * test.asn1: fix workaround for IMPLICIT CONS case
+
+ * canthandle.asn1: fix workaround for IMPLICIT CONS case
+
+ * asn1_print.c: hint that there are IMPLICIT content when we find
+ it
+
+ * check-gen.c: Added #ifdef out test for IMPLICIT tagging.
+
+ * Makefile.am: test several IMPLICIT tag level deep
+
+ * test.asn1: test several IMPLICIT tag level deep
+
+ * test.asn1: tests for IMPLICIT
+
+ * Makefile.am: tests for IMPLICIT
+
+ * canthandle.asn1: Expand on what is wrong with the IMPLICIT
+ tagging
+
+ * rfc2459.asn1: some of the structure are in the IMPLICIT TAGS
+ module
+
+2005-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * asn1_print.c: print size_t by casting to unsigned long and use
+ right printf format tags are unsigned integers
+
+ * gen.c (generate_constant): oid elements are unsigned
+
+ * gen_decode.c (decode_type): tagdatalen should be an size_t.
+
+ * extra.c (decode_heim_any): tag is unsigned int.
+
+ * der_get.c (der_match_tag): tag is unsigned int.
+
+ * gen_length.c (length_type): cast size_t argument to unsigned
+ long and use appropriate printf format
+
+ * check-der.c (check_fail_bitstring): check for length overflow
+
+ * der_get.c: rewrite integer overflow tests w/o SIZE_T_MAX
+
+ * check-common.c (generic_decode_fail): only copy in if checklen
+ its less then 0xffffff and larger than 0.
+
+ * gen_decode.c (find_tag): find external references, we can't
+ handle those, so tell user that instead of crashing
+
+2005-07-18 Dave Love <fx at gnu.org>
+
+ * extra.c (free_heim_any_set): Fix return.
+
+ * gen_decode.c (find_tag): Fix return in TType case.
+
+2005-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_encode.c (TChoice): add () to make sure variable expression
+ is evaluated correctly
+
+ * gen_length.c (TChoice): add () to make sure variable expression
+ is evaluated correctly
+
+ * k5.asn1: reapply 1.43 that got lost in the merge: rename pvno to
+ krb5-pvno
+
+2005-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type): TChoice: set the label
+
+ * check-gen.c (cmp_Name): do at least some checking
+
+ * gen_locl.h: rename function filename() to get_filename() to
+ avoid shadowing
+
+ * lex.l: rename function filename() to get_filename() to avoid
+ shadowing
+
+ * gen.c: rename function filename() to get_filename() to avoid
+ shadowing
+
+ * check-der.c: add failure checks for large oid elements
+
+ * check-gen.c: add failure checks for tag (and large tags)
+
+ * der_get.c: Check for integer overflows in tags and oid elements.
+
+2005-07-10 Assar Westerlund <assar at kth.se>
+
+ * gen_decode.c: Fix decoding of choices to select which branch to
+ try based on the tag and return an error if that branch fails.
+
+ * check-gen.c: Fix short choice test cases.
+
+2005-07-09 Assar Westerlund <assar at kth.se>
+
+ * symbol.c:
+ * parse.y:
+ * main.c:
+ * lex.l:
+ * gen_length.c:
+ * gen_free.c:
+ * gen_encode.c:
+ * gen_decode.c:
+ * gen_copy.c:
+ * gen.c:
+ * extra.c:
+ * check-gen.c:
+ * check-der.c:
+ * check-common.c:
+ * asn1_print.c:
+ * asn1_gen.c:
+ Use emalloc, ecalloc, and estrdup.
+ Check return value from asprintf.
+ Make sure that malloc(0) returning NULL is not treated as an
+ error.
+
+2005-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-gen.c: test cases for CHOICE, its too liberal right now,
+ it don't fail hard on failure on after it successfully decoded the
+ first tag in a choice branch
+
+ * asn1_gen.c: calculate the basename for the output file,
+ pretty-print tag number
+
+ * test.gen: sample for asn1_gen
+
+ * check-gen.c: check errors in SEQUENCE
+
+ * Makefile.am: build asn1_gen, TESTSeq and new, and class/type/tag
+ string<->num converter.
+
+ * test.asn1: TESTSeq, for testing SEQUENCE
+
+ * asn1_gen.c: generator for asn1 data
+
+ * asn1_print.c: use class/type/tag string<->num converter.
+
+ * der.c: Add class/type/tag string<->num converter.
+
+ * der.h: Add class/type/tag string<->num converter.
+ Prototypes/structures for new time bits.
+
+2005-07-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_get.c (der_get_unsigned) check for length overflow
+ (der_get_integer) ditto
+ (der_get_general_string) ditto
+
+ * der_get.c: check for overruns using SIZE_T_MAX
+
+ * check-der.c: check BIT STRING and OBJECT IDENTIFIER error cases
+
+ * check-common.c (generic_decode_fail): allocate 4K for the over
+ sized memory test
+
+ * der_get.c (der_get_oid): check for integer overruns and
+ unterminated oid correctly
+
+ * check-common.h (map_alloc, generic_decode_fail): prototypes
+
+ * check-common.c (map_alloc): make input buffer const
+ (generic_decode_fail): verify decoding failures
+
+2005-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_encode.c: split up the printf for SET OF, also use the
+ generate name for the symbol in the SET OF, if not, the name might
+ contain non valid variable name characters (like -)
+
+2005-07-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: move pkcs12 defines into their own namespace
+
+ * pkcs12.asn1: move pkcs12 defines into their own namespace
+
+ * pkcs9.asn1: add PKCS9-friendlyName with workaround for SET OF
+ bug
+
+ * heim_asn1.h: reuse heim_octet_string for heim_any types
+
+ * main.c: use optidx, handle the case where name is missing and
+ use base of filename then
+
+ * asn1-common.h: include ASN1_MALLOC_ENCODE
+
+ * gen_decode.c: use less context so lower indentention level, add
+ missing {} where needed
+
+2005-07-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_copy.c: Use a global variable to keep track of if the 'goto
+ fail' was used, and use that to only generate the label if needed.
+
+ * asn1_print.c: do indefinite form loop detection and stop after
+ 10000 recursive indefinite forms, stops crashing due to running
+ out of stack
+
+ * asn1_print.c: catch badly formated indefinite length data
+ (missing EndOfContent tag) add (negative) indent flag to speed up
+ testing
+
+2005-07-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * canthandle.asn1: Can't handle primitives in CHOICE
+
+ * gen_decode.c: Check if malloc failes
+
+ * gen_copy.c: Make sure to free memory on failure
+
+ * gen_decode.c: Check if malloc failes, rename "reallen" to
+ tagdatalen since that is what it is.
+
+2005-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * prefix Der_class with ASN1_C_ to avoid problems with system
+ headerfiles that pollute the name space
+
+2005-05-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pkcs12.asn1: add PKCS12CertBag
+
+ * pkcs9.asn1: add pkcs9 certtype x509 certificate
+
+ * Makefile.am: add pkcs12 certbag and pkcs9 certtype x509
+ certificate
+
+ * pkcs12.asn1: split off PKCS12Attributes from SafeBag so it can
+ be reused
+
+ * Makefile.am: add PKCS12Attributes
+
+2005-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * canthandle.asn1: fix tags in example
+
+2005-05-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pkinit.asn1: Let the Windows nonce be an int32 (signed), if not
+ it will fail when using Windows PK-INIT.
+
+2005-05-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add pkcs12-PBEParams
+
+ * pkcs12.asn1: add pkcs12-PBEParams
+
+ * parse.y: objid_element: exit when the condition fails
+
+2005-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_glue.c: 1.8: switch the units variable to a
+ function. gcc-4.1 needs the size of the structure if its defined
+ as extern struct units foo_units[] an we don't want to include
+ <parse_units.h> in the generate headerfile
+
+2005-03-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add the des-ede3-cbc oid that ansi x9.52 uses
+
+ * rfc2459.asn1: add the des-ede3-cbc oid that ansi x9.52 uses
+
+ * Makefile.am: add oids for x509
+
+ * rfc2459.asn1: add oids now when the compiler can handle them
+
+2005-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add pkcs9 files
+
+ * pkcs9.asn1: add small number of oids from pkcs9
+
+2005-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add a bunch of pkcs1/pkcs2/pkcs3/aes oids
+
+ * rfc2459.asn1: add a bunch of pkcs1/pkcs2/pkcs3/aes oids
+
+2005-03-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: merge pa-numbers
+
+2005-03-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add oid's
+
+ * rfc2459.asn1: add encryption oids
+
+ * CMS.asn1: add signedAndEnvelopedData oid
+
+ * pkcs12.asn1: add pkcs12 oids
+
+ * CMS.asn1: add pkcs7 oids
+
+2005-03-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c (generate_header_of_codefile): break out the header
+ section generation
+ (generate_constant): generate a function that return the oid
+ inside a heim_oid
+
+ * parse.y: fix the ordering of the oid's
+
+ * parse.y: handle OBJECT IDENTIFIER as value construct
+
+2005-02-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Preserve content of CHOICE element that is unknown if ellipsis
+ was used when defining the structure
+
+2005-02-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: use ANS1_TAILQ macros
+
+ * *.[ch]: use ASN1_TAILQ macros
+
+ * asn1_queue.h: inline bsd sys/queue.h and rename TAILQ to
+ ASN1_TAILQ to avoid problems with name polluting headerfiles
+
+2005-01-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c: pull in <krb5-types.h>
+
+2005-01-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Add BMPString and UniversalString
+
+ * k5.asn1 (EtypeList): make INTEGER constrained (use krb5int32)
+
+2005-01-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: add GeneralNames
+
+2004-11-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c: use unsigned integer for len of SequenceOf/SetOf and
+ bitstring names
+
+2004-11-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: switch to krb5int32 and krb5uint32
+
+ * Unify that three integer types TInteger TUInteger and TBigInteger.
+ Start to use constrained integers where appropriate.
+
+2004-10-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * CMS.asn1: remove no longer used commented out elements
+
+ * gen_glue.c: make units structures const
+
+2004-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lex.l: handle hex number with [a-fA-F] in them
+
+2004-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_free.c: free _save for CHOICE too
+
+ * rfc2459.asn1: use Name and not heim_any
+
+ * gen_decode.c: if malloc for _save failes, goto fail so we free
+ the structure
+
+ * gen_copy.c: copy _save for CHOICE too
+
+ * gen.c: add _save for CHOICE too
+
+ * CMS.asn1: RecipientIdentifier and SignerIdentifier is the same
+ name is CMSIdentifier and add glue for that so we can share code
+ use Name and not heim_any
+
+2004-10-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: drop AlgorithmIdentifierNonOpt add
+ {RC2CBC,}CBCParameter here where they belong
+
+ * CMS.asn1: add {RC2CBC,}CBCParameter here where they belong
+
+ * rfc2459.asn1: drop AlgorithmIdentifierNonOpt
+
+ * rfc2459.asn1: stop using AlgorithmIdentifierNonOpt hint that we
+ really want to use Name and some MS stuff
+
+2004-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * asn1_print.c: handle end of content, this is part BER support,
+ however, OCTET STRING need some tweeking too.
+
+ * der.h: add UT_EndOfContent
+
+ * test.asn1: test asn1 spec file
+
+ * check-gen.c: check larget tags
+
+ * Makefile.am: add test asn1 spec file that we can use for testing
+ constructs that doesn't exists in already existing spec (like
+ large tags)
+
+ * der_put.c (der_put_tag): make sure there are space for the head
+ tag when we are dealing with large tags (>30)
+
+ * check-gen.c: add test for tag length
+
+ * check-common.c: export the map_ functions for OVERRUN/UNDERRUN
+ detection restore the SIGSEGV handler when test is done
+
+ * check-common.h: export the map_ functions for OVERRUN/UNDERRUN
+ detection
+
+ * gen_decode.c: check that the tag-length is not longer the length
+ use forwstr on some more places
+
+ * parse.y: revert part of 1.14.2.21, multiple IMPORT isn't allowed
+
+ * pkinit.asn1: correct usage of IMPORT
+
+ * CMS.asn1: correct usage of IMPORT
+
+ * pkcs8.asn1: pkcs8, encrypting private key
+
+ * pkcs12.asn1: pkcs12, key/crl/certificate file transport PDU
+
+ * Makefile.am: add pkcs8 and pkcs12
+
+ * der_free.c: reset length when freing primitives
+
+ * CMS.asn1: add EncryptedData
+
+2004-08-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type): if the entry is already optional
+ when parsing a tag and we allocate the structure, not pass down
+ optional since that will case the subtype's decode_type also to
+ allocate an entry. and we'll leak an entry. Bug from Luke Howard
+ <lukeh at padl.com>. While here, use calloc.
+
+2004-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: shift the last added etypes one step so rc2 doesn't
+ stomp on cram-md5
+
+2004-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * k5.asn1: add ETYPE_AESNNN_CBC_NONE
+
+ * CMS.asn1: add CMS symmetrical parameters moved to k5.asn1
+
+ * k5.asn1: add CMS symmetrical parameters here, more nametypes
+ enctype rc2-cbc
+
+2004-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c: free data on decode failure
+
+2004-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add CBCParameter and RC2CBCParameter
+
+ * CMS.asn1: add CBCParameter and RC2CBCParameter
+
+2004-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-der.c: add simple test for oid's, used to trigger malloc
+ bugs in you have picky malloc (like valgrind/purify/third)
+
+ * der_get.c (der_get_oid): handle all oid components being smaller
+ then 127 and allocate one extra element since first byte is split
+ to to elements.
+
+2004-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * canthandle.asn1: one thing handled
+
+ * gen_decode.c: handle OPTIONAL CONS-tag-less elements
+
+ * der_length.c (length_len): since length is no longer the same as
+ an unsigned, do the length counting here. ("unsigned" is zero
+ padded when most significate bit is set, length is not)
+
+2004-04-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * canthandle.asn1: document by example what the encoder can't
+ handle right now
+
+ * Makefile.am: add more stuff needed whem implementing x509
+ preserve TBSCertificate
+
+ * rfc2459.asn1: add more stuff needed whem implementing x509
+
+ * CMS.asn1: move some type to rfc2459.asn1 where they belong (and
+ import them)
+
+ * gen.c: preserve the raw data when asked too
+
+ * gen_decode.c: preserve the raw data when asked too
+
+ * gen_copy.c: preserve the raw data when asked too
+
+ * gen_free.c: preserve the raw data when asked too
+
+ * gen_locl.h: add preserve_type
+
+ * heim_asn1.h: add heim_any_cmp
+
+ * main.c: add flag --preserve-binary=Symbol1,Symbol2,... that make
+ the compiler generate stubs to save the raw data, its not used
+ right now when generating the stat
+
+ * k5.asn1: Windows uses PADATA 15 for the request too
+
+ * extra.c: add heim_any_cmp
+
+ * der_put.c: implement UTCtime correctly
+
+ * der_locl.h: remove #ifdef HAVE_TIMEGM\ntimegm\n#endif here from
+ der.h so one day der.h can get installed
+
+ * der_length.c: implement UTCtime correctly
+
+ * der_get.c: implement UTCtime correctly, prefix dce_fix with
+ _heim_fix
+
+ * der_copy.c: make copy_bit_string work again
+
+ * der_cmp.c: add octet_string, integer, bit_string cmp functions
+
+ * der.h: hide away more symbols, add more _cmp functions
+
+2004-03-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add more pkix types make k5 use rfc150 bitstrings,
+ everything else use der bitstrings
+
+ * main.c: as a compile time option, handle no rfc1510 bitstrings
+
+ * gen_locl.h: rfc1510 bitstrings flag
+
+ * gen_length.c: as a compile time option, handle no rfc1510
+ bitstrings
+
+ * gen_encode.c: as a compile time option, handle no rfc1510
+ bitstrings
+
+ * gen_decode.c: handle no rfc1510 bitstrings
+
+ * check-gen.c: test for bitstrings
+
+ * rfc2459.asn1: add Certificates and KeyUsage
+
+2004-02-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pkinit.asn1: use Name from PKIX
+
+ * rfc2459.asn1: add more silly string types to DirectoryString
+
+ * gen_encode.c: add checks for data overflow when encoding
+ TBitString with members encode SET OF correctly by bytewise
+ sorting the members
+
+ * gen_decode.c: add checks for data overrun when encoding
+ TBitString with members
+
+ * der_put.c: add _heim_der_set_sort
+
+ * der_cmp.c: rename oid_cmp to heim_oid_cmp
+
+ * der.h: rename oid_cmp to heim_oid_cmp, add _heim_der_set_sort
+
+ * check-gen.c: add check for Name and (commented out) heim_integer
+
+ * check-der.c: test for "der_length.c: Fix len_unsigned for
+ certain negative integers, it got the length wrong" , from
+ Panasas, Inc.
+
+ * der_length.c: Fix len_unsigned for certain negative integers, it
+ got the length wrong, fix from Panasas, Inc.
+
+ rename len_int and len_unsigned to _heim_\&
+
+ * gen_length.c: 1.14: (length_type): TSequenceOf: add up the size
+ of all the elements, don't use just the size of the last element.
+
+2004-02-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: include defintion of Name
+
+ * pkinit.asn1: no need for ContentType, its cms internal
+
+ * CMS.asn1: move ContentInfo to CMS
+
+ * pkinit.asn1: update to pk-init-18, move ContentInfo to CMS
+
+ * Makefile.am: align with pk-init-18, move contentinfo to cms
+
+2004-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_get.c: rewrite previous commit
+
+ * der_get.c (der_get_heim_integer): handle positive integer
+ starting with 0
+
+ * der_length.c (der_put_heim_integer): try handle negative
+ integers better (?)
+
+ * der_put.c (der_put_heim_integer): try handle negative integers
+ better
+
+ * der_get.c (der_get_heim_integer): dont abort on negative integer just
+ return ASN1_OVERRUN for now
+
+ * parse.y: add ia5string, and printablestring
+
+ * gen_length.c: add ia5string, and printablestring
+
+ * gen_free.c: add ia5string, and printablestring
+
+ * gen_decode.c: add ia5string, and printablestring
+
+ * gen_copy.c: add ia5string, and printablestring
+
+ * gen.c: add ia5string, printablestring, and utf8string change
+ implemetation of heim_integer and store the data as bigendian byte
+ array with a external flag for signedness
+
+ * der_put.c: add ia5string, printablestring, and utf8string change
+ implemetation of heim_integer and store the data as bigendian byte
+ array with a external flag for signedness
+
+ * der_length.c: add ia5string, printablestring, and utf8string
+ change implemetation of heim_integer and store the data as
+ bigendian byte array with a external flag for signedness
+
+ * der_get.c: add ia5string, printablestring, and utf8string change
+ implemetation of heim_integer and store the data as bigendian byte
+ array with a external flag for signedness
+
+ * der_free.c: add ia5string, printablestring, and utf8string
+
+ * der_copy.c: add ia5string, printablestring, and utf8string
+
+ * der.h: add ia5string, printablestring, and utf8string
+
+ * asn1-common.h: add signedness flag to heim_integer, add
+ ia5string and printablestring
+
+2004-02-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rfc2459.asn1: use BIGINTEGER where appropriate
+
+ * setchgpw2.asn1: spelling and add op-req again
+
+2004-02-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: clean up better
+
+2004-02-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type): TTag, don't overshare the reallen
+ variable
+
+ * Makefile.am: adapt to log file name change
+
+ * gen.c: genereate log file name based on base name
+
+2003-11-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: += asn1_AlgorithmIdentifierNonOpt.x
+
+ * rfc2459.asn1: add AlgorithmIdentifierNonOpt and use it where
+ it's needed, make DomainParameters.validationParms heim_any as a
+ hack. Both are workarounds for the problem with heimdal's asn1
+ compiler have with decoing context tagless OPTIONALs.
+
+ * pkinit.asn1: don't import AlgorithmIdentifier
+
+2003-11-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_put.c (der_put_bit_string): make it work somewhat better
+ (should really prune off all trailing zeros)
+
+ * gen_encode.c (encode_type): bit string is not a constructed type
+
+ * der_length.c (length_bit_string): calculate right length for
+ bitstrings
+
+2003-11-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_cmp.c (oid_cmp): compare the whole array, not just
+ length/sizeof(component)
+
+ * check-common.c: mmap the scratch areas, mprotect before and
+ after, align data to the edge of the mprotect()ed area to provoke
+ bugs
+
+ * Makefile.am: add DomainParameters, ValidationParms
+
+ * rfc2459.asn1: add DomainParameters, ValidationParms
+
+ * check-der.c: add free function
+
+ * check-common.h: add free function
+
+ * check-common.c: add free function
+
+ * check-gen.c: check KRB-ERROR
+
+ * asn1_print.c: check end of tag_names loop into APPL class tags
+
+2003-11-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_put.c (der_put_generalized_time): check size, not *size
+
+2003-11-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type/TBitString): skip over
+ skipped-bits-in-last-octet octet
+
+ * gen_glue.c (generate_units): generate units in reverse order to
+ keep unparse_units happy
+
+2003-11-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: generate all silly pkinit files
+
+ * pkinit.asn1: make it work again, add strange ms structures
+
+ * k5.asn1: PROV-SRV-LOCATION, PacketCable provisioning server
+ location, PKT-SP-SEC-I09-030728
+
+ * asn1-common.h: add bit string
+
+ * der_put.c: add bit string and utctime
+
+ * gen.c: add bit string and utctime
+
+ * gen_copy.c: add bit string and utctime
+
+ * der_copy.c: add bit string
+
+ * gen_decode.c: add utctime and bitstring
+
+ * gen_encode.c: add utctime and bitstring
+
+ * gen_free.c: add utctime and bitstring
+
+ * gen_glue.c: don't generate glue for member-less bit strings
+
+ * der_cmp.c: compare function for oids
+
+ * gen_length.c: add utc time, make bit string work for bits
+ strings w/o any members
+
+ * der_cmp.c: compare function for oids
+
+ * der.h: update boolean prototypes add utctime and bit_string
+
+ * der_free.c: add free_bit_string
+
+ * der_get.c: add bit string and utctime
+
+ * der_length.c: add bit string and utctime, fix memory leak in
+ length_generalized_time
+
+ * CMS.asn1: make EncryptedContentInfo.encryptedContent a OCTET
+ STRING to make the generator do the right thing with IMPLICIT
+ mumble OPTIONAL, make CertificateSet a heim_any_set
+
+ * extra.c, heim_asn1.h: add any_set, instead of just consuming one
+ der object, its consumes the rest of the data avaible
+
+ * extra.c, heim_asn1.h: extern implementation of ANY, decoder
+ needs to have hack removed when generator handles tagless optional
+ data
+
+ * pkinit.asn1: add KdcDHKeyInfo-Win2k
+
+2003-11-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * der_copy.c (copy_oid): copy all components
+
+ * parse.y: parse UTCTime, allow multiple IMPORT
+
+ * symbol.h: add TUTCTime
+
+ * rfc2459.asn1: update
+
+ * x509.asn1: update
+
+ * pkinit.asn1: update
+
+ * CMS.asn1: new file
+
+ * asn1_print.c: print some more lengths, check length before
+ steping out in the void, parse SET, only go down CONTEXT of type
+ CONS (not PRIM)
+
+2003-09-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_encode.c (TChoice, TSequence): code element in reverse
+ order...
+
+2003-09-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen.c: store NULL's as int's for now
+
+ * parse.y: remove dup of type def of UsefulType
+
+2003-09-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type): if malloc failes, return ENOMEM
+
+2003-09-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: kw_UTF8String is a token put tag around the OID
+
+ * asn1_print.c (UT_Integer): when the integer is larger then int
+ can handle, just print BIG INT and its size
+
+2003-09-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gen_decode.c (decode_type): TTag, try to generate prettier code
+ in the non optional case, also remember to update length
+
+2003-01-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * gen_decode.c: add flag to decode broken DCE BER encoding
+
+ * gen_locl.h: add flag to decode broken DCE BER encoding
+
+ * main.c: add flag to decode broken DCE BER encoding
+
Added: vendor-crypto/heimdal/dist/lib/asn1/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,610 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+YFLAGS = -d -t
+
+lib_LTLIBRARIES = libasn1.la
+libasn1_la_LDFLAGS = -version-info 8:0:0
+
+libasn1_la_LIBADD = \
+ @LIB_com_err@ \
+ $(LIBADD_roken)
+
+BUILT_SOURCES = \
+ $(gen_files_rfc2459:.x=.c) \
+ $(gen_files_cms:.x=.c) \
+ $(gen_files_k5:.x=.c) \
+ $(gen_files_pkinit:.x=.c) \
+ $(gen_files_pkcs8:.x=.c) \
+ $(gen_files_pkcs9:.x=.c) \
+ $(gen_files_pkcs12:.x=.c) \
+ $(gen_files_digest:.x=.c) \
+ $(gen_files_kx509:.x=.c) \
+ asn1_err.h \
+ asn1_err.c
+
+gen_files_k5 = \
+ asn1_AD_AND_OR.x \
+ asn1_AD_IF_RELEVANT.x \
+ asn1_AD_KDCIssued.x \
+ asn1_AD_MANDATORY_FOR_KDC.x \
+ asn1_AD_LoginAlias.x \
+ asn1_APOptions.x \
+ asn1_AP_REP.x \
+ asn1_AP_REQ.x \
+ asn1_AS_REP.x \
+ asn1_AS_REQ.x \
+ asn1_AUTHDATA_TYPE.x \
+ asn1_Authenticator.x \
+ asn1_AuthorizationData.x \
+ asn1_AuthorizationDataElement.x \
+ asn1_CKSUMTYPE.x \
+ asn1_ChangePasswdDataMS.x \
+ asn1_Checksum.x \
+ asn1_ENCTYPE.x \
+ asn1_ETYPE_INFO.x \
+ asn1_ETYPE_INFO2.x \
+ asn1_ETYPE_INFO2_ENTRY.x \
+ asn1_ETYPE_INFO_ENTRY.x \
+ asn1_EncAPRepPart.x \
+ asn1_EncASRepPart.x \
+ asn1_EncKDCRepPart.x \
+ asn1_EncKrbCredPart.x \
+ asn1_EncKrbPrivPart.x \
+ asn1_EncTGSRepPart.x \
+ asn1_EncTicketPart.x \
+ asn1_EncryptedData.x \
+ asn1_EncryptionKey.x \
+ asn1_EtypeList.x \
+ asn1_HostAddress.x \
+ asn1_HostAddresses.x \
+ asn1_KDCOptions.x \
+ asn1_KDC_REP.x \
+ asn1_KDC_REQ.x \
+ asn1_KDC_REQ_BODY.x \
+ asn1_KRB_CRED.x \
+ asn1_KRB_ERROR.x \
+ asn1_KRB_PRIV.x \
+ asn1_KRB_SAFE.x \
+ asn1_KRB_SAFE_BODY.x \
+ asn1_KerberosString.x \
+ asn1_KerberosTime.x \
+ asn1_KrbCredInfo.x \
+ asn1_LR_TYPE.x \
+ asn1_LastReq.x \
+ asn1_MESSAGE_TYPE.x \
+ asn1_METHOD_DATA.x \
+ asn1_NAME_TYPE.x \
+ asn1_PADATA_TYPE.x \
+ asn1_PA_DATA.x \
+ asn1_PA_ENC_SAM_RESPONSE_ENC.x \
+ asn1_PA_ENC_TS_ENC.x \
+ asn1_PA_PAC_REQUEST.x \
+ asn1_PA_S4U2Self.x \
+ asn1_PA_SAM_CHALLENGE_2.x \
+ asn1_PA_SAM_CHALLENGE_2_BODY.x \
+ asn1_PA_SAM_REDIRECT.x \
+ asn1_PA_SAM_RESPONSE_2.x \
+ asn1_PA_SAM_TYPE.x \
+ asn1_PA_ClientCanonicalized.x \
+ asn1_PA_ClientCanonicalizedNames.x \
+ asn1_PA_SvrReferralData.x \
+ asn1_PROV_SRV_LOCATION.x \
+ asn1_Principal.x \
+ asn1_PrincipalName.x \
+ asn1_Realm.x \
+ asn1_SAMFlags.x \
+ asn1_TGS_REP.x \
+ asn1_TGS_REQ.x \
+ asn1_TYPED_DATA.x \
+ asn1_Ticket.x \
+ asn1_TicketFlags.x \
+ asn1_TransitedEncoding.x \
+ asn1_TypedData.x \
+ asn1_krb5int32.x \
+ asn1_krb5uint32.x \
+ asn1_KRB5SignedPathData.x \
+ asn1_KRB5SignedPathPrincipals.x \
+ asn1_KRB5SignedPath.x
+
+gen_files_cms = \
+ asn1_CMSAttributes.x \
+ asn1_CMSCBCParameter.x \
+ asn1_CMSEncryptedData.x \
+ asn1_CMSIdentifier.x \
+ asn1_CMSRC2CBCParameter.x \
+ asn1_CMSVersion.x \
+ asn1_CertificateList.x \
+ asn1_CertificateRevocationLists.x \
+ asn1_CertificateSet.x \
+ asn1_ContentEncryptionAlgorithmIdentifier.x \
+ asn1_ContentInfo.x \
+ asn1_ContentType.x \
+ asn1_DigestAlgorithmIdentifier.x \
+ asn1_DigestAlgorithmIdentifiers.x \
+ asn1_EncapsulatedContentInfo.x \
+ asn1_EncryptedContent.x \
+ asn1_EncryptedContentInfo.x \
+ asn1_EncryptedKey.x \
+ asn1_EnvelopedData.x \
+ asn1_IssuerAndSerialNumber.x \
+ asn1_KeyEncryptionAlgorithmIdentifier.x \
+ asn1_KeyTransRecipientInfo.x \
+ asn1_MessageDigest.x \
+ asn1_OriginatorInfo.x \
+ asn1_RecipientIdentifier.x \
+ asn1_RecipientInfo.x \
+ asn1_RecipientInfos.x \
+ asn1_SignatureAlgorithmIdentifier.x \
+ asn1_SignatureValue.x \
+ asn1_SignedData.x \
+ asn1_SignerIdentifier.x \
+ asn1_SignerInfo.x \
+ asn1_SignerInfos.x \
+ asn1_id_pkcs7.x \
+ asn1_id_pkcs7_data.x \
+ asn1_id_pkcs7_digestedData.x \
+ asn1_id_pkcs7_encryptedData.x \
+ asn1_id_pkcs7_envelopedData.x \
+ asn1_id_pkcs7_signedAndEnvelopedData.x \
+ asn1_id_pkcs7_signedData.x \
+ asn1_UnprotectedAttributes.x
+
+gen_files_rfc2459 = \
+ asn1_Version.x \
+ asn1_id_pkcs_1.x \
+ asn1_id_pkcs1_rsaEncryption.x \
+ asn1_id_pkcs1_md2WithRSAEncryption.x \
+ asn1_id_pkcs1_md5WithRSAEncryption.x \
+ asn1_id_pkcs1_sha1WithRSAEncryption.x \
+ asn1_id_pkcs1_sha256WithRSAEncryption.x \
+ asn1_id_pkcs1_sha384WithRSAEncryption.x \
+ asn1_id_pkcs1_sha512WithRSAEncryption.x \
+ asn1_id_heim_rsa_pkcs1_x509.x \
+ asn1_id_pkcs_2.x \
+ asn1_id_pkcs2_md2.x \
+ asn1_id_pkcs2_md4.x \
+ asn1_id_pkcs2_md5.x \
+ asn1_id_rsa_digestAlgorithm.x \
+ asn1_id_rsa_digest_md2.x \
+ asn1_id_rsa_digest_md4.x \
+ asn1_id_rsa_digest_md5.x \
+ asn1_id_pkcs_3.x \
+ asn1_id_pkcs3_rc2_cbc.x \
+ asn1_id_pkcs3_rc4.x \
+ asn1_id_pkcs3_des_ede3_cbc.x \
+ asn1_id_rsadsi_encalg.x \
+ asn1_id_rsadsi_rc2_cbc.x \
+ asn1_id_rsadsi_des_ede3_cbc.x \
+ asn1_id_secsig_sha_1.x \
+ asn1_id_nistAlgorithm.x \
+ asn1_id_nist_aes_algs.x \
+ asn1_id_aes_128_cbc.x \
+ asn1_id_aes_192_cbc.x \
+ asn1_id_aes_256_cbc.x \
+ asn1_id_nist_sha_algs.x \
+ asn1_id_sha256.x \
+ asn1_id_sha224.x \
+ asn1_id_sha384.x \
+ asn1_id_sha512.x \
+ asn1_id_dhpublicnumber.x \
+ asn1_id_x9_57.x \
+ asn1_id_dsa.x \
+ asn1_id_dsa_with_sha1.x \
+ asn1_id_x520_at.x \
+ asn1_id_at_commonName.x \
+ asn1_id_at_surname.x \
+ asn1_id_at_serialNumber.x \
+ asn1_id_at_countryName.x \
+ asn1_id_at_localityName.x \
+ asn1_id_at_streetAddress.x \
+ asn1_id_at_stateOrProvinceName.x \
+ asn1_id_at_organizationName.x \
+ asn1_id_at_organizationalUnitName.x \
+ asn1_id_at_name.x \
+ asn1_id_at_givenName.x \
+ asn1_id_at_initials.x \
+ asn1_id_at_generationQualifier.x \
+ asn1_id_at_pseudonym.x \
+ asn1_id_Userid.x \
+ asn1_id_domainComponent.x \
+ asn1_id_x509_ce.x \
+ asn1_id_uspkicommon_card_id.x \
+ asn1_id_uspkicommon_piv_interim.x \
+ asn1_id_netscape.x \
+ asn1_id_netscape_cert_comment.x \
+ asn1_id_ms_cert_enroll_domaincontroller.x \
+ asn1_id_ms_client_authentication.x \
+ asn1_AlgorithmIdentifier.x \
+ asn1_AttributeType.x \
+ asn1_AttributeValue.x \
+ asn1_TeletexStringx.x \
+ asn1_DirectoryString.x \
+ asn1_Attribute.x \
+ asn1_AttributeTypeAndValue.x \
+ asn1_AuthorityInfoAccessSyntax.x \
+ asn1_AccessDescription.x \
+ asn1_RelativeDistinguishedName.x \
+ asn1_RDNSequence.x \
+ asn1_Name.x \
+ asn1_CertificateSerialNumber.x \
+ asn1_Time.x \
+ asn1_Validity.x \
+ asn1_UniqueIdentifier.x \
+ asn1_SubjectPublicKeyInfo.x \
+ asn1_Extension.x \
+ asn1_Extensions.x \
+ asn1_TBSCertificate.x \
+ asn1_Certificate.x \
+ asn1_Certificates.x \
+ asn1_ValidationParms.x \
+ asn1_DomainParameters.x \
+ asn1_DHPublicKey.x \
+ asn1_OtherName.x \
+ asn1_GeneralName.x \
+ asn1_GeneralNames.x \
+ asn1_id_x509_ce_keyUsage.x \
+ asn1_KeyUsage.x \
+ asn1_id_x509_ce_authorityKeyIdentifier.x \
+ asn1_KeyIdentifier.x \
+ asn1_AuthorityKeyIdentifier.x \
+ asn1_id_x509_ce_subjectKeyIdentifier.x \
+ asn1_SubjectKeyIdentifier.x \
+ asn1_id_x509_ce_basicConstraints.x \
+ asn1_BasicConstraints.x \
+ asn1_id_x509_ce_nameConstraints.x \
+ asn1_BaseDistance.x \
+ asn1_GeneralSubtree.x \
+ asn1_GeneralSubtrees.x \
+ asn1_NameConstraints.x \
+ asn1_id_x509_ce_privateKeyUsagePeriod.x \
+ asn1_id_x509_ce_certificatePolicies.x \
+ asn1_id_x509_ce_policyMappings.x \
+ asn1_id_x509_ce_subjectAltName.x \
+ asn1_id_x509_ce_issuerAltName.x \
+ asn1_id_x509_ce_subjectDirectoryAttributes.x \
+ asn1_id_x509_ce_policyConstraints.x \
+ asn1_id_x509_ce_extKeyUsage.x \
+ asn1_ExtKeyUsage.x \
+ asn1_id_x509_ce_cRLDistributionPoints.x \
+ asn1_id_x509_ce_deltaCRLIndicator.x \
+ asn1_id_x509_ce_issuingDistributionPoint.x \
+ asn1_id_x509_ce_holdInstructionCode.x \
+ asn1_id_x509_ce_invalidityDate.x \
+ asn1_id_x509_ce_certificateIssuer.x \
+ asn1_id_x509_ce_inhibitAnyPolicy.x \
+ asn1_DistributionPointReasonFlags.x \
+ asn1_DistributionPointName.x \
+ asn1_DistributionPoint.x \
+ asn1_CRLDistributionPoints.x \
+ asn1_DSASigValue.x \
+ asn1_DSAPublicKey.x \
+ asn1_DSAParams.x \
+ asn1_RSAPublicKey.x \
+ asn1_RSAPrivateKey.x \
+ asn1_DigestInfo.x \
+ asn1_TBSCRLCertList.x \
+ asn1_CRLCertificateList.x \
+ asn1_id_x509_ce_cRLNumber.x \
+ asn1_id_x509_ce_freshestCRL.x \
+ asn1_id_x509_ce_cRLReason.x \
+ asn1_CRLReason.x \
+ asn1_PKIXXmppAddr.x \
+ asn1_id_pkix.x \
+ asn1_id_pkix_on.x \
+ asn1_id_pkix_on_dnsSRV.x \
+ asn1_id_pkix_on_xmppAddr.x \
+ asn1_id_pkix_kp.x \
+ asn1_id_pkix_kp_serverAuth.x \
+ asn1_id_pkix_kp_clientAuth.x \
+ asn1_id_pkix_kp_emailProtection.x \
+ asn1_id_pkix_kp_timeStamping.x \
+ asn1_id_pkix_kp_OCSPSigning.x \
+ asn1_id_pkix_pe.x \
+ asn1_id_pkix_pe_authorityInfoAccess.x \
+ asn1_id_pkix_pe_proxyCertInfo.x \
+ asn1_id_pkix_ppl.x \
+ asn1_id_pkix_ppl_anyLanguage.x \
+ asn1_id_pkix_ppl_inheritAll.x \
+ asn1_id_pkix_ppl_independent.x \
+ asn1_ProxyPolicy.x \
+ asn1_ProxyCertInfo.x
+
+gen_files_pkinit = \
+ asn1_id_pkinit.x \
+ asn1_id_pkauthdata.x \
+ asn1_id_pkdhkeydata.x \
+ asn1_id_pkrkeydata.x \
+ asn1_id_pkekuoid.x \
+ asn1_id_pkkdcekuoid.x \
+ asn1_id_pkinit_san.x \
+ asn1_id_pkinit_ms_eku.x \
+ asn1_id_pkinit_ms_san.x \
+ asn1_MS_UPN_SAN.x \
+ asn1_DHNonce.x \
+ asn1_KDFAlgorithmId.x \
+ asn1_TrustedCA.x \
+ asn1_ExternalPrincipalIdentifier.x \
+ asn1_ExternalPrincipalIdentifiers.x \
+ asn1_PA_PK_AS_REQ.x \
+ asn1_PKAuthenticator.x \
+ asn1_AuthPack.x \
+ asn1_TD_TRUSTED_CERTIFIERS.x \
+ asn1_TD_INVALID_CERTIFICATES.x \
+ asn1_KRB5PrincipalName.x \
+ asn1_AD_INITIAL_VERIFIED_CAS.x \
+ asn1_DHRepInfo.x \
+ asn1_PA_PK_AS_REP.x \
+ asn1_KDCDHKeyInfo.x \
+ asn1_ReplyKeyPack.x \
+ asn1_TD_DH_PARAMETERS.x \
+ asn1_PKAuthenticator_Win2k.x \
+ asn1_AuthPack_Win2k.x \
+ asn1_TrustedCA_Win2k.x \
+ asn1_PA_PK_AS_REQ_Win2k.x \
+ asn1_PA_PK_AS_REP_Win2k.x \
+ asn1_KDCDHKeyInfo_Win2k.x \
+ asn1_ReplyKeyPack_Win2k.x \
+ asn1_PkinitSuppPubInfo.x
+
+gen_files_pkcs12 = \
+ asn1_id_pkcs_12.x \
+ asn1_id_pkcs_12PbeIds.x \
+ asn1_id_pbeWithSHAAnd128BitRC4.x \
+ asn1_id_pbeWithSHAAnd40BitRC4.x \
+ asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \
+ asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \
+ asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \
+ asn1_id_pbewithSHAAnd40BitRC2_CBC.x \
+ asn1_id_pkcs12_bagtypes.x \
+ asn1_id_pkcs12_keyBag.x \
+ asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \
+ asn1_id_pkcs12_certBag.x \
+ asn1_id_pkcs12_crlBag.x \
+ asn1_id_pkcs12_secretBag.x \
+ asn1_id_pkcs12_safeContentsBag.x \
+ asn1_PKCS12_MacData.x \
+ asn1_PKCS12_PFX.x \
+ asn1_PKCS12_AuthenticatedSafe.x \
+ asn1_PKCS12_CertBag.x \
+ asn1_PKCS12_Attribute.x \
+ asn1_PKCS12_Attributes.x \
+ asn1_PKCS12_SafeBag.x \
+ asn1_PKCS12_SafeContents.x \
+ asn1_PKCS12_OctetString.x \
+ asn1_PKCS12_PBEParams.x
+
+gen_files_pkcs8 = \
+ asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \
+ asn1_PKCS8PrivateKey.x \
+ asn1_PKCS8PrivateKeyInfo.x \
+ asn1_PKCS8Attributes.x \
+ asn1_PKCS8EncryptedPrivateKeyInfo.x \
+ asn1_PKCS8EncryptedData.x
+
+gen_files_pkcs9 = \
+ asn1_id_pkcs_9.x \
+ asn1_id_pkcs9_contentType.x \
+ asn1_id_pkcs9_emailAddress.x \
+ asn1_id_pkcs9_messageDigest.x \
+ asn1_id_pkcs9_signingTime.x \
+ asn1_id_pkcs9_countersignature.x \
+ asn1_id_pkcs_9_at_friendlyName.x \
+ asn1_id_pkcs_9_at_localKeyId.x \
+ asn1_id_pkcs_9_at_certTypes.x \
+ asn1_id_pkcs_9_at_certTypes_x509.x \
+ asn1_PKCS9_BMPString.x \
+ asn1_PKCS9_friendlyName.x
+
+gen_files_test = \
+ asn1_TESTAlloc.x \
+ asn1_TESTAllocInner.x \
+ asn1_TESTCONTAINING.x \
+ asn1_TESTCONTAININGENCODEDBY.x \
+ asn1_TESTCONTAININGENCODEDBY2.x \
+ asn1_TESTChoice1.x \
+ asn1_TESTChoice2.x \
+ asn1_TESTDer.x \
+ asn1_TESTENCODEDBY.x \
+ asn1_TESTImplicit.x \
+ asn1_TESTImplicit2.x \
+ asn1_TESTInteger.x \
+ asn1_TESTInteger2.x \
+ asn1_TESTInteger3.x \
+ asn1_TESTLargeTag.x \
+ asn1_TESTSeq.x \
+ asn1_TESTUSERCONSTRAINED.x \
+ asn1_TESTSeqOf.x \
+ asn1_TESTOSSize1.x \
+ asn1_TESTSeqSizeOf1.x \
+ asn1_TESTSeqSizeOf2.x \
+ asn1_TESTSeqSizeOf3.x \
+ asn1_TESTSeqSizeOf4.x
+
+gen_files_digest = \
+ asn1_DigestError.x \
+ asn1_DigestInit.x \
+ asn1_DigestInitReply.x \
+ asn1_DigestREP.x \
+ asn1_DigestREQ.x \
+ asn1_DigestRepInner.x \
+ asn1_DigestReqInner.x \
+ asn1_DigestRequest.x \
+ asn1_DigestResponse.x \
+ asn1_DigestTypes.x \
+ asn1_NTLMInit.x \
+ asn1_NTLMInitReply.x \
+ asn1_NTLMRequest.x \
+ asn1_NTLMResponse.x
+
+gen_files_kx509 = \
+ asn1_Kx509Response.x \
+ asn1_Kx509Request.x
+
+noinst_PROGRAMS = asn1_compile asn1_print asn1_gen
+
+TESTS = check-der check-gen check-timegm
+check_PROGRAMS = $(TESTS)
+
+asn1_gen_SOURCES = asn1_gen.c
+asn1_print_SOURCES = asn1_print.c
+check_der_SOURCES = check-der.c check-common.c check-common.h
+
+dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h
+nodist_check_gen_SOURCES = $(gen_files_test:.x=.c)
+
+asn1_compile_SOURCES = \
+ asn1-common.h \
+ asn1_queue.h \
+ der.h \
+ gen.c \
+ gen_copy.c \
+ gen_decode.c \
+ gen_encode.c \
+ gen_free.c \
+ gen_glue.c \
+ gen_length.c \
+ gen_locl.h \
+ gen_seq.c \
+ hash.c \
+ hash.h \
+ lex.l \
+ lex.h \
+ main.c \
+ parse.y \
+ symbol.c \
+ symbol.h
+
+dist_libasn1_la_SOURCES = \
+ der-protos.h \
+ der_locl.h \
+ der.c \
+ der.h \
+ der_get.c \
+ der_put.c \
+ der_free.c \
+ der_length.c \
+ der_copy.c \
+ der_cmp.c \
+ der_format.c \
+ heim_asn1.h \
+ extra.c \
+ timegm.c
+
+nodist_libasn1_la_SOURCES = $(BUILT_SOURCES)
+
+asn1_compile_LDADD = \
+ $(LIB_roken) $(LEXLIB)
+
+check_der_LDADD = \
+ libasn1.la \
+ $(LIB_roken)
+
+check_gen_LDADD = $(check_der_LDADD)
+asn1_print_LDADD = $(check_der_LDADD)
+asn1_gen_LDADD = $(check_der_LDADD)
+check_timegm_LDADD = $(check_der_LDADD)
+
+CLEANFILES = \
+ $(BUILT_SOURCES) \
+ $(gen_files_rfc2459) \
+ $(gen_files_cms) \
+ $(gen_files_k5) \
+ $(gen_files_pkinit) \
+ $(gen_files_pkcs8) \
+ $(gen_files_pkcs9) \
+ $(gen_files_pkcs12) \
+ $(gen_files_digest) \
+ $(gen_files_kx509) \
+ $(gen_files_test) $(nodist_check_gen_SOURCES) \
+ rfc2459_asn1_files rfc2459_asn1.h \
+ cms_asn1_files cms_asn1.h \
+ krb5_asn1_files krb5_asn1.h \
+ pkinit_asn1_files pkinit_asn1.h \
+ pkcs8_asn1_files pkcs8_asn1.h \
+ pkcs9_asn1_files pkcs9_asn1.h \
+ pkcs12_asn1_files pkcs12_asn1.h \
+ digest_asn1_files digest_asn1.h \
+ kx509_asn1_files kx509_asn1.h \
+ test_asn1_files test_asn1.h
+
+dist_include_HEADERS = der.h heim_asn1.h der-protos.h
+
+nodist_include_HEADERS = asn1_err.h
+nodist_include_HEADERS += krb5_asn1.h
+nodist_include_HEADERS += pkinit_asn1.h
+nodist_include_HEADERS += cms_asn1.h
+nodist_include_HEADERS += rfc2459_asn1.h
+nodist_include_HEADERS += pkcs8_asn1.h
+nodist_include_HEADERS += pkcs9_asn1.h
+nodist_include_HEADERS += pkcs12_asn1.h
+nodist_include_HEADERS += digest_asn1.h
+nodist_include_HEADERS += kx509_asn1.h
+
+$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h
+$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h
+$(check_gen_OBJECTS): test_asn1.h
+$(asn1_print_OBJECTS): krb5_asn1.h
+
+parse.h: parse.c
+
+$(gen_files_k5) krb5_asn1.h: krb5_asn1_files
+$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files
+$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files
+$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files
+$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files
+$(gen_files_digest) digest_asn1.h: digest_asn1_files
+$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files
+$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files
+$(gen_files_cms) cms_asn1.h: cms_asn1_files
+$(gen_files_test) test_asn1.h: test_asn1_files
+
+rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
+ ./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
+
+cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
+
+krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
+ ./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1)
+
+pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1)
+
+pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1)
+
+pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1)
+
+pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1)
+
+digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1)
+
+kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1)
+
+test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1
+ ./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1)
+
+EXTRA_DIST = \
+ asn1_err.et \
+ canthandle.asn1 \
+ CMS.asn1 \
+ digest.asn1 \
+ k5.asn1 \
+ kx509.asn1 \
+ test.asn1 \
+ setchgpw2.asn1 \
+ pkcs12.asn1 \
+ pkcs8.asn1 \
+ pkcs9.asn1 \
+ pkinit.asn1 \
+ rfc2459.asn1 \
+ test.gen
+
+$(srcdir)/der-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
Added: vendor-crypto/heimdal/dist/lib/asn1/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1801 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
+ parse.h
+noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) \
+ asn1_gen$(EXEEXT)
+TESTS = check-der$(EXEEXT) check-gen$(EXEEXT) check-timegm$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = lib/asn1
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \
+ "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libasn1_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+dist_libasn1_la_OBJECTS = der.lo der_get.lo der_put.lo der_free.lo \
+ der_length.lo der_copy.lo der_cmp.lo der_format.lo extra.lo \
+ timegm.lo
+am__objects_1 = asn1_Version.lo asn1_id_pkcs_1.lo \
+ asn1_id_pkcs1_rsaEncryption.lo \
+ asn1_id_pkcs1_md2WithRSAEncryption.lo \
+ asn1_id_pkcs1_md5WithRSAEncryption.lo \
+ asn1_id_pkcs1_sha1WithRSAEncryption.lo \
+ asn1_id_pkcs1_sha256WithRSAEncryption.lo \
+ asn1_id_pkcs1_sha384WithRSAEncryption.lo \
+ asn1_id_pkcs1_sha512WithRSAEncryption.lo \
+ asn1_id_heim_rsa_pkcs1_x509.lo asn1_id_pkcs_2.lo \
+ asn1_id_pkcs2_md2.lo asn1_id_pkcs2_md4.lo asn1_id_pkcs2_md5.lo \
+ asn1_id_rsa_digestAlgorithm.lo asn1_id_rsa_digest_md2.lo \
+ asn1_id_rsa_digest_md4.lo asn1_id_rsa_digest_md5.lo \
+ asn1_id_pkcs_3.lo asn1_id_pkcs3_rc2_cbc.lo \
+ asn1_id_pkcs3_rc4.lo asn1_id_pkcs3_des_ede3_cbc.lo \
+ asn1_id_rsadsi_encalg.lo asn1_id_rsadsi_rc2_cbc.lo \
+ asn1_id_rsadsi_des_ede3_cbc.lo asn1_id_secsig_sha_1.lo \
+ asn1_id_nistAlgorithm.lo asn1_id_nist_aes_algs.lo \
+ asn1_id_aes_128_cbc.lo asn1_id_aes_192_cbc.lo \
+ asn1_id_aes_256_cbc.lo asn1_id_nist_sha_algs.lo \
+ asn1_id_sha256.lo asn1_id_sha224.lo asn1_id_sha384.lo \
+ asn1_id_sha512.lo asn1_id_dhpublicnumber.lo asn1_id_x9_57.lo \
+ asn1_id_dsa.lo asn1_id_dsa_with_sha1.lo asn1_id_x520_at.lo \
+ asn1_id_at_commonName.lo asn1_id_at_surname.lo \
+ asn1_id_at_serialNumber.lo asn1_id_at_countryName.lo \
+ asn1_id_at_localityName.lo asn1_id_at_streetAddress.lo \
+ asn1_id_at_stateOrProvinceName.lo \
+ asn1_id_at_organizationName.lo \
+ asn1_id_at_organizationalUnitName.lo asn1_id_at_name.lo \
+ asn1_id_at_givenName.lo asn1_id_at_initials.lo \
+ asn1_id_at_generationQualifier.lo asn1_id_at_pseudonym.lo \
+ asn1_id_Userid.lo asn1_id_domainComponent.lo \
+ asn1_id_x509_ce.lo asn1_id_uspkicommon_card_id.lo \
+ asn1_id_uspkicommon_piv_interim.lo asn1_id_netscape.lo \
+ asn1_id_netscape_cert_comment.lo \
+ asn1_id_ms_cert_enroll_domaincontroller.lo \
+ asn1_id_ms_client_authentication.lo \
+ asn1_AlgorithmIdentifier.lo asn1_AttributeType.lo \
+ asn1_AttributeValue.lo asn1_TeletexStringx.lo \
+ asn1_DirectoryString.lo asn1_Attribute.lo \
+ asn1_AttributeTypeAndValue.lo \
+ asn1_AuthorityInfoAccessSyntax.lo asn1_AccessDescription.lo \
+ asn1_RelativeDistinguishedName.lo asn1_RDNSequence.lo \
+ asn1_Name.lo asn1_CertificateSerialNumber.lo asn1_Time.lo \
+ asn1_Validity.lo asn1_UniqueIdentifier.lo \
+ asn1_SubjectPublicKeyInfo.lo asn1_Extension.lo \
+ asn1_Extensions.lo asn1_TBSCertificate.lo asn1_Certificate.lo \
+ asn1_Certificates.lo asn1_ValidationParms.lo \
+ asn1_DomainParameters.lo asn1_DHPublicKey.lo asn1_OtherName.lo \
+ asn1_GeneralName.lo asn1_GeneralNames.lo \
+ asn1_id_x509_ce_keyUsage.lo asn1_KeyUsage.lo \
+ asn1_id_x509_ce_authorityKeyIdentifier.lo \
+ asn1_KeyIdentifier.lo asn1_AuthorityKeyIdentifier.lo \
+ asn1_id_x509_ce_subjectKeyIdentifier.lo \
+ asn1_SubjectKeyIdentifier.lo \
+ asn1_id_x509_ce_basicConstraints.lo asn1_BasicConstraints.lo \
+ asn1_id_x509_ce_nameConstraints.lo asn1_BaseDistance.lo \
+ asn1_GeneralSubtree.lo asn1_GeneralSubtrees.lo \
+ asn1_NameConstraints.lo \
+ asn1_id_x509_ce_privateKeyUsagePeriod.lo \
+ asn1_id_x509_ce_certificatePolicies.lo \
+ asn1_id_x509_ce_policyMappings.lo \
+ asn1_id_x509_ce_subjectAltName.lo \
+ asn1_id_x509_ce_issuerAltName.lo \
+ asn1_id_x509_ce_subjectDirectoryAttributes.lo \
+ asn1_id_x509_ce_policyConstraints.lo \
+ asn1_id_x509_ce_extKeyUsage.lo asn1_ExtKeyUsage.lo \
+ asn1_id_x509_ce_cRLDistributionPoints.lo \
+ asn1_id_x509_ce_deltaCRLIndicator.lo \
+ asn1_id_x509_ce_issuingDistributionPoint.lo \
+ asn1_id_x509_ce_holdInstructionCode.lo \
+ asn1_id_x509_ce_invalidityDate.lo \
+ asn1_id_x509_ce_certificateIssuer.lo \
+ asn1_id_x509_ce_inhibitAnyPolicy.lo \
+ asn1_DistributionPointReasonFlags.lo \
+ asn1_DistributionPointName.lo asn1_DistributionPoint.lo \
+ asn1_CRLDistributionPoints.lo asn1_DSASigValue.lo \
+ asn1_DSAPublicKey.lo asn1_DSAParams.lo asn1_RSAPublicKey.lo \
+ asn1_RSAPrivateKey.lo asn1_DigestInfo.lo \
+ asn1_TBSCRLCertList.lo asn1_CRLCertificateList.lo \
+ asn1_id_x509_ce_cRLNumber.lo asn1_id_x509_ce_freshestCRL.lo \
+ asn1_id_x509_ce_cRLReason.lo asn1_CRLReason.lo \
+ asn1_PKIXXmppAddr.lo asn1_id_pkix.lo asn1_id_pkix_on.lo \
+ asn1_id_pkix_on_dnsSRV.lo asn1_id_pkix_on_xmppAddr.lo \
+ asn1_id_pkix_kp.lo asn1_id_pkix_kp_serverAuth.lo \
+ asn1_id_pkix_kp_clientAuth.lo \
+ asn1_id_pkix_kp_emailProtection.lo \
+ asn1_id_pkix_kp_timeStamping.lo asn1_id_pkix_kp_OCSPSigning.lo \
+ asn1_id_pkix_pe.lo asn1_id_pkix_pe_authorityInfoAccess.lo \
+ asn1_id_pkix_pe_proxyCertInfo.lo asn1_id_pkix_ppl.lo \
+ asn1_id_pkix_ppl_anyLanguage.lo asn1_id_pkix_ppl_inheritAll.lo \
+ asn1_id_pkix_ppl_independent.lo asn1_ProxyPolicy.lo \
+ asn1_ProxyCertInfo.lo
+am__objects_2 = asn1_CMSAttributes.lo asn1_CMSCBCParameter.lo \
+ asn1_CMSEncryptedData.lo asn1_CMSIdentifier.lo \
+ asn1_CMSRC2CBCParameter.lo asn1_CMSVersion.lo \
+ asn1_CertificateList.lo asn1_CertificateRevocationLists.lo \
+ asn1_CertificateSet.lo \
+ asn1_ContentEncryptionAlgorithmIdentifier.lo \
+ asn1_ContentInfo.lo asn1_ContentType.lo \
+ asn1_DigestAlgorithmIdentifier.lo \
+ asn1_DigestAlgorithmIdentifiers.lo \
+ asn1_EncapsulatedContentInfo.lo asn1_EncryptedContent.lo \
+ asn1_EncryptedContentInfo.lo asn1_EncryptedKey.lo \
+ asn1_EnvelopedData.lo asn1_IssuerAndSerialNumber.lo \
+ asn1_KeyEncryptionAlgorithmIdentifier.lo \
+ asn1_KeyTransRecipientInfo.lo asn1_MessageDigest.lo \
+ asn1_OriginatorInfo.lo asn1_RecipientIdentifier.lo \
+ asn1_RecipientInfo.lo asn1_RecipientInfos.lo \
+ asn1_SignatureAlgorithmIdentifier.lo asn1_SignatureValue.lo \
+ asn1_SignedData.lo asn1_SignerIdentifier.lo asn1_SignerInfo.lo \
+ asn1_SignerInfos.lo asn1_id_pkcs7.lo asn1_id_pkcs7_data.lo \
+ asn1_id_pkcs7_digestedData.lo asn1_id_pkcs7_encryptedData.lo \
+ asn1_id_pkcs7_envelopedData.lo \
+ asn1_id_pkcs7_signedAndEnvelopedData.lo \
+ asn1_id_pkcs7_signedData.lo asn1_UnprotectedAttributes.lo
+am__objects_3 = asn1_AD_AND_OR.lo asn1_AD_IF_RELEVANT.lo \
+ asn1_AD_KDCIssued.lo asn1_AD_MANDATORY_FOR_KDC.lo \
+ asn1_AD_LoginAlias.lo asn1_APOptions.lo asn1_AP_REP.lo \
+ asn1_AP_REQ.lo asn1_AS_REP.lo asn1_AS_REQ.lo \
+ asn1_AUTHDATA_TYPE.lo asn1_Authenticator.lo \
+ asn1_AuthorizationData.lo asn1_AuthorizationDataElement.lo \
+ asn1_CKSUMTYPE.lo asn1_ChangePasswdDataMS.lo asn1_Checksum.lo \
+ asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO2.lo \
+ asn1_ETYPE_INFO2_ENTRY.lo asn1_ETYPE_INFO_ENTRY.lo \
+ asn1_EncAPRepPart.lo asn1_EncASRepPart.lo \
+ asn1_EncKDCRepPart.lo asn1_EncKrbCredPart.lo \
+ asn1_EncKrbPrivPart.lo asn1_EncTGSRepPart.lo \
+ asn1_EncTicketPart.lo asn1_EncryptedData.lo \
+ asn1_EncryptionKey.lo asn1_EtypeList.lo asn1_HostAddress.lo \
+ asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \
+ asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \
+ asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \
+ asn1_KRB_SAFE_BODY.lo asn1_KerberosString.lo \
+ asn1_KerberosTime.lo asn1_KrbCredInfo.lo asn1_LR_TYPE.lo \
+ asn1_LastReq.lo asn1_MESSAGE_TYPE.lo asn1_METHOD_DATA.lo \
+ asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo asn1_PA_DATA.lo \
+ asn1_PA_ENC_SAM_RESPONSE_ENC.lo asn1_PA_ENC_TS_ENC.lo \
+ asn1_PA_PAC_REQUEST.lo asn1_PA_S4U2Self.lo \
+ asn1_PA_SAM_CHALLENGE_2.lo asn1_PA_SAM_CHALLENGE_2_BODY.lo \
+ asn1_PA_SAM_REDIRECT.lo asn1_PA_SAM_RESPONSE_2.lo \
+ asn1_PA_SAM_TYPE.lo asn1_PA_ClientCanonicalized.lo \
+ asn1_PA_ClientCanonicalizedNames.lo asn1_PA_SvrReferralData.lo \
+ asn1_PROV_SRV_LOCATION.lo asn1_Principal.lo \
+ asn1_PrincipalName.lo asn1_Realm.lo asn1_SAMFlags.lo \
+ asn1_TGS_REP.lo asn1_TGS_REQ.lo asn1_TYPED_DATA.lo \
+ asn1_Ticket.lo asn1_TicketFlags.lo asn1_TransitedEncoding.lo \
+ asn1_TypedData.lo asn1_krb5int32.lo asn1_krb5uint32.lo \
+ asn1_KRB5SignedPathData.lo asn1_KRB5SignedPathPrincipals.lo \
+ asn1_KRB5SignedPath.lo
+am__objects_4 = asn1_id_pkinit.lo asn1_id_pkauthdata.lo \
+ asn1_id_pkdhkeydata.lo asn1_id_pkrkeydata.lo \
+ asn1_id_pkekuoid.lo asn1_id_pkkdcekuoid.lo \
+ asn1_id_pkinit_san.lo asn1_id_pkinit_ms_eku.lo \
+ asn1_id_pkinit_ms_san.lo asn1_MS_UPN_SAN.lo asn1_DHNonce.lo \
+ asn1_KDFAlgorithmId.lo asn1_TrustedCA.lo \
+ asn1_ExternalPrincipalIdentifier.lo \
+ asn1_ExternalPrincipalIdentifiers.lo asn1_PA_PK_AS_REQ.lo \
+ asn1_PKAuthenticator.lo asn1_AuthPack.lo \
+ asn1_TD_TRUSTED_CERTIFIERS.lo asn1_TD_INVALID_CERTIFICATES.lo \
+ asn1_KRB5PrincipalName.lo asn1_AD_INITIAL_VERIFIED_CAS.lo \
+ asn1_DHRepInfo.lo asn1_PA_PK_AS_REP.lo asn1_KDCDHKeyInfo.lo \
+ asn1_ReplyKeyPack.lo asn1_TD_DH_PARAMETERS.lo \
+ asn1_PKAuthenticator_Win2k.lo asn1_AuthPack_Win2k.lo \
+ asn1_TrustedCA_Win2k.lo asn1_PA_PK_AS_REQ_Win2k.lo \
+ asn1_PA_PK_AS_REP_Win2k.lo asn1_KDCDHKeyInfo_Win2k.lo \
+ asn1_ReplyKeyPack_Win2k.lo asn1_PkinitSuppPubInfo.lo
+am__objects_5 = asn1_PKCS8PrivateKeyAlgorithmIdentifier.lo \
+ asn1_PKCS8PrivateKey.lo asn1_PKCS8PrivateKeyInfo.lo \
+ asn1_PKCS8Attributes.lo asn1_PKCS8EncryptedPrivateKeyInfo.lo \
+ asn1_PKCS8EncryptedData.lo
+am__objects_6 = asn1_id_pkcs_9.lo asn1_id_pkcs9_contentType.lo \
+ asn1_id_pkcs9_emailAddress.lo asn1_id_pkcs9_messageDigest.lo \
+ asn1_id_pkcs9_signingTime.lo asn1_id_pkcs9_countersignature.lo \
+ asn1_id_pkcs_9_at_friendlyName.lo \
+ asn1_id_pkcs_9_at_localKeyId.lo asn1_id_pkcs_9_at_certTypes.lo \
+ asn1_id_pkcs_9_at_certTypes_x509.lo asn1_PKCS9_BMPString.lo \
+ asn1_PKCS9_friendlyName.lo
+am__objects_7 = asn1_id_pkcs_12.lo asn1_id_pkcs_12PbeIds.lo \
+ asn1_id_pbeWithSHAAnd128BitRC4.lo \
+ asn1_id_pbeWithSHAAnd40BitRC4.lo \
+ asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.lo \
+ asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.lo \
+ asn1_id_pbeWithSHAAnd128BitRC2_CBC.lo \
+ asn1_id_pbewithSHAAnd40BitRC2_CBC.lo \
+ asn1_id_pkcs12_bagtypes.lo asn1_id_pkcs12_keyBag.lo \
+ asn1_id_pkcs12_pkcs8ShroudedKeyBag.lo \
+ asn1_id_pkcs12_certBag.lo asn1_id_pkcs12_crlBag.lo \
+ asn1_id_pkcs12_secretBag.lo asn1_id_pkcs12_safeContentsBag.lo \
+ asn1_PKCS12_MacData.lo asn1_PKCS12_PFX.lo \
+ asn1_PKCS12_AuthenticatedSafe.lo asn1_PKCS12_CertBag.lo \
+ asn1_PKCS12_Attribute.lo asn1_PKCS12_Attributes.lo \
+ asn1_PKCS12_SafeBag.lo asn1_PKCS12_SafeContents.lo \
+ asn1_PKCS12_OctetString.lo asn1_PKCS12_PBEParams.lo
+am__objects_8 = asn1_DigestError.lo asn1_DigestInit.lo \
+ asn1_DigestInitReply.lo asn1_DigestREP.lo asn1_DigestREQ.lo \
+ asn1_DigestRepInner.lo asn1_DigestReqInner.lo \
+ asn1_DigestRequest.lo asn1_DigestResponse.lo \
+ asn1_DigestTypes.lo asn1_NTLMInit.lo asn1_NTLMInitReply.lo \
+ asn1_NTLMRequest.lo asn1_NTLMResponse.lo
+am__objects_9 = asn1_Kx509Response.lo asn1_Kx509Request.lo
+am__objects_10 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \
+ $(am__objects_4) $(am__objects_5) $(am__objects_6) \
+ $(am__objects_7) $(am__objects_8) $(am__objects_9) asn1_err.lo
+nodist_libasn1_la_OBJECTS = $(am__objects_10)
+libasn1_la_OBJECTS = $(dist_libasn1_la_OBJECTS) \
+ $(nodist_libasn1_la_OBJECTS)
+libasn1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libasn1_la_LDFLAGS) $(LDFLAGS) -o $@
+am__EXEEXT_1 = check-der$(EXEEXT) check-gen$(EXEEXT) \
+ check-timegm$(EXEEXT)
+PROGRAMS = $(noinst_PROGRAMS)
+am_asn1_compile_OBJECTS = gen.$(OBJEXT) gen_copy.$(OBJEXT) \
+ gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \
+ gen_glue.$(OBJEXT) gen_length.$(OBJEXT) gen_seq.$(OBJEXT) \
+ hash.$(OBJEXT) lex.$(OBJEXT) main.$(OBJEXT) parse.$(OBJEXT) \
+ symbol.$(OBJEXT)
+asn1_compile_OBJECTS = $(am_asn1_compile_OBJECTS)
+asn1_compile_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_asn1_gen_OBJECTS = asn1_gen.$(OBJEXT)
+asn1_gen_OBJECTS = $(am_asn1_gen_OBJECTS)
+am__DEPENDENCIES_2 = libasn1.la $(am__DEPENDENCIES_1)
+asn1_gen_DEPENDENCIES = $(am__DEPENDENCIES_2)
+am_asn1_print_OBJECTS = asn1_print.$(OBJEXT)
+asn1_print_OBJECTS = $(am_asn1_print_OBJECTS)
+asn1_print_DEPENDENCIES = $(am__DEPENDENCIES_2)
+am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT)
+check_der_OBJECTS = $(am_check_der_OBJECTS)
+check_der_DEPENDENCIES = libasn1.la $(am__DEPENDENCIES_1)
+dist_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT)
+am__objects_11 = asn1_TESTAlloc.$(OBJEXT) \
+ asn1_TESTAllocInner.$(OBJEXT) asn1_TESTCONTAINING.$(OBJEXT) \
+ asn1_TESTCONTAININGENCODEDBY.$(OBJEXT) \
+ asn1_TESTCONTAININGENCODEDBY2.$(OBJEXT) \
+ asn1_TESTChoice1.$(OBJEXT) asn1_TESTChoice2.$(OBJEXT) \
+ asn1_TESTDer.$(OBJEXT) asn1_TESTENCODEDBY.$(OBJEXT) \
+ asn1_TESTImplicit.$(OBJEXT) asn1_TESTImplicit2.$(OBJEXT) \
+ asn1_TESTInteger.$(OBJEXT) asn1_TESTInteger2.$(OBJEXT) \
+ asn1_TESTInteger3.$(OBJEXT) asn1_TESTLargeTag.$(OBJEXT) \
+ asn1_TESTSeq.$(OBJEXT) asn1_TESTUSERCONSTRAINED.$(OBJEXT) \
+ asn1_TESTSeqOf.$(OBJEXT) asn1_TESTOSSize1.$(OBJEXT) \
+ asn1_TESTSeqSizeOf1.$(OBJEXT) asn1_TESTSeqSizeOf2.$(OBJEXT) \
+ asn1_TESTSeqSizeOf3.$(OBJEXT) asn1_TESTSeqSizeOf4.$(OBJEXT)
+nodist_check_gen_OBJECTS = $(am__objects_11)
+check_gen_OBJECTS = $(dist_check_gen_OBJECTS) \
+ $(nodist_check_gen_OBJECTS)
+check_gen_DEPENDENCIES = $(am__DEPENDENCIES_2)
+check_timegm_SOURCES = check-timegm.c
+check_timegm_OBJECTS = check-timegm.$(OBJEXT)
+check_timegm_DEPENDENCIES = $(am__DEPENDENCIES_2)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+ at MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
+LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
+LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
+YLWRAP = $(top_srcdir)/ylwrap
+ at MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
+YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
+SOURCES = $(dist_libasn1_la_SOURCES) $(nodist_libasn1_la_SOURCES) \
+ $(asn1_compile_SOURCES) $(asn1_gen_SOURCES) \
+ $(asn1_print_SOURCES) $(check_der_SOURCES) \
+ $(dist_check_gen_SOURCES) $(nodist_check_gen_SOURCES) \
+ check-timegm.c
+DIST_SOURCES = $(dist_libasn1_la_SOURCES) $(asn1_compile_SOURCES) \
+ $(asn1_gen_SOURCES) $(asn1_print_SOURCES) $(check_der_SOURCES) \
+ $(dist_check_gen_SOURCES) check-timegm.c
+dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = -d -t
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+lib_LTLIBRARIES = libasn1.la
+libasn1_la_LDFLAGS = -version-info 8:0:0
+libasn1_la_LIBADD = \
+ @LIB_com_err@ \
+ $(LIBADD_roken)
+
+BUILT_SOURCES = \
+ $(gen_files_rfc2459:.x=.c) \
+ $(gen_files_cms:.x=.c) \
+ $(gen_files_k5:.x=.c) \
+ $(gen_files_pkinit:.x=.c) \
+ $(gen_files_pkcs8:.x=.c) \
+ $(gen_files_pkcs9:.x=.c) \
+ $(gen_files_pkcs12:.x=.c) \
+ $(gen_files_digest:.x=.c) \
+ $(gen_files_kx509:.x=.c) \
+ asn1_err.h \
+ asn1_err.c
+
+gen_files_k5 = \
+ asn1_AD_AND_OR.x \
+ asn1_AD_IF_RELEVANT.x \
+ asn1_AD_KDCIssued.x \
+ asn1_AD_MANDATORY_FOR_KDC.x \
+ asn1_AD_LoginAlias.x \
+ asn1_APOptions.x \
+ asn1_AP_REP.x \
+ asn1_AP_REQ.x \
+ asn1_AS_REP.x \
+ asn1_AS_REQ.x \
+ asn1_AUTHDATA_TYPE.x \
+ asn1_Authenticator.x \
+ asn1_AuthorizationData.x \
+ asn1_AuthorizationDataElement.x \
+ asn1_CKSUMTYPE.x \
+ asn1_ChangePasswdDataMS.x \
+ asn1_Checksum.x \
+ asn1_ENCTYPE.x \
+ asn1_ETYPE_INFO.x \
+ asn1_ETYPE_INFO2.x \
+ asn1_ETYPE_INFO2_ENTRY.x \
+ asn1_ETYPE_INFO_ENTRY.x \
+ asn1_EncAPRepPart.x \
+ asn1_EncASRepPart.x \
+ asn1_EncKDCRepPart.x \
+ asn1_EncKrbCredPart.x \
+ asn1_EncKrbPrivPart.x \
+ asn1_EncTGSRepPart.x \
+ asn1_EncTicketPart.x \
+ asn1_EncryptedData.x \
+ asn1_EncryptionKey.x \
+ asn1_EtypeList.x \
+ asn1_HostAddress.x \
+ asn1_HostAddresses.x \
+ asn1_KDCOptions.x \
+ asn1_KDC_REP.x \
+ asn1_KDC_REQ.x \
+ asn1_KDC_REQ_BODY.x \
+ asn1_KRB_CRED.x \
+ asn1_KRB_ERROR.x \
+ asn1_KRB_PRIV.x \
+ asn1_KRB_SAFE.x \
+ asn1_KRB_SAFE_BODY.x \
+ asn1_KerberosString.x \
+ asn1_KerberosTime.x \
+ asn1_KrbCredInfo.x \
+ asn1_LR_TYPE.x \
+ asn1_LastReq.x \
+ asn1_MESSAGE_TYPE.x \
+ asn1_METHOD_DATA.x \
+ asn1_NAME_TYPE.x \
+ asn1_PADATA_TYPE.x \
+ asn1_PA_DATA.x \
+ asn1_PA_ENC_SAM_RESPONSE_ENC.x \
+ asn1_PA_ENC_TS_ENC.x \
+ asn1_PA_PAC_REQUEST.x \
+ asn1_PA_S4U2Self.x \
+ asn1_PA_SAM_CHALLENGE_2.x \
+ asn1_PA_SAM_CHALLENGE_2_BODY.x \
+ asn1_PA_SAM_REDIRECT.x \
+ asn1_PA_SAM_RESPONSE_2.x \
+ asn1_PA_SAM_TYPE.x \
+ asn1_PA_ClientCanonicalized.x \
+ asn1_PA_ClientCanonicalizedNames.x \
+ asn1_PA_SvrReferralData.x \
+ asn1_PROV_SRV_LOCATION.x \
+ asn1_Principal.x \
+ asn1_PrincipalName.x \
+ asn1_Realm.x \
+ asn1_SAMFlags.x \
+ asn1_TGS_REP.x \
+ asn1_TGS_REQ.x \
+ asn1_TYPED_DATA.x \
+ asn1_Ticket.x \
+ asn1_TicketFlags.x \
+ asn1_TransitedEncoding.x \
+ asn1_TypedData.x \
+ asn1_krb5int32.x \
+ asn1_krb5uint32.x \
+ asn1_KRB5SignedPathData.x \
+ asn1_KRB5SignedPathPrincipals.x \
+ asn1_KRB5SignedPath.x
+
+gen_files_cms = \
+ asn1_CMSAttributes.x \
+ asn1_CMSCBCParameter.x \
+ asn1_CMSEncryptedData.x \
+ asn1_CMSIdentifier.x \
+ asn1_CMSRC2CBCParameter.x \
+ asn1_CMSVersion.x \
+ asn1_CertificateList.x \
+ asn1_CertificateRevocationLists.x \
+ asn1_CertificateSet.x \
+ asn1_ContentEncryptionAlgorithmIdentifier.x \
+ asn1_ContentInfo.x \
+ asn1_ContentType.x \
+ asn1_DigestAlgorithmIdentifier.x \
+ asn1_DigestAlgorithmIdentifiers.x \
+ asn1_EncapsulatedContentInfo.x \
+ asn1_EncryptedContent.x \
+ asn1_EncryptedContentInfo.x \
+ asn1_EncryptedKey.x \
+ asn1_EnvelopedData.x \
+ asn1_IssuerAndSerialNumber.x \
+ asn1_KeyEncryptionAlgorithmIdentifier.x \
+ asn1_KeyTransRecipientInfo.x \
+ asn1_MessageDigest.x \
+ asn1_OriginatorInfo.x \
+ asn1_RecipientIdentifier.x \
+ asn1_RecipientInfo.x \
+ asn1_RecipientInfos.x \
+ asn1_SignatureAlgorithmIdentifier.x \
+ asn1_SignatureValue.x \
+ asn1_SignedData.x \
+ asn1_SignerIdentifier.x \
+ asn1_SignerInfo.x \
+ asn1_SignerInfos.x \
+ asn1_id_pkcs7.x \
+ asn1_id_pkcs7_data.x \
+ asn1_id_pkcs7_digestedData.x \
+ asn1_id_pkcs7_encryptedData.x \
+ asn1_id_pkcs7_envelopedData.x \
+ asn1_id_pkcs7_signedAndEnvelopedData.x \
+ asn1_id_pkcs7_signedData.x \
+ asn1_UnprotectedAttributes.x
+
+gen_files_rfc2459 = \
+ asn1_Version.x \
+ asn1_id_pkcs_1.x \
+ asn1_id_pkcs1_rsaEncryption.x \
+ asn1_id_pkcs1_md2WithRSAEncryption.x \
+ asn1_id_pkcs1_md5WithRSAEncryption.x \
+ asn1_id_pkcs1_sha1WithRSAEncryption.x \
+ asn1_id_pkcs1_sha256WithRSAEncryption.x \
+ asn1_id_pkcs1_sha384WithRSAEncryption.x \
+ asn1_id_pkcs1_sha512WithRSAEncryption.x \
+ asn1_id_heim_rsa_pkcs1_x509.x \
+ asn1_id_pkcs_2.x \
+ asn1_id_pkcs2_md2.x \
+ asn1_id_pkcs2_md4.x \
+ asn1_id_pkcs2_md5.x \
+ asn1_id_rsa_digestAlgorithm.x \
+ asn1_id_rsa_digest_md2.x \
+ asn1_id_rsa_digest_md4.x \
+ asn1_id_rsa_digest_md5.x \
+ asn1_id_pkcs_3.x \
+ asn1_id_pkcs3_rc2_cbc.x \
+ asn1_id_pkcs3_rc4.x \
+ asn1_id_pkcs3_des_ede3_cbc.x \
+ asn1_id_rsadsi_encalg.x \
+ asn1_id_rsadsi_rc2_cbc.x \
+ asn1_id_rsadsi_des_ede3_cbc.x \
+ asn1_id_secsig_sha_1.x \
+ asn1_id_nistAlgorithm.x \
+ asn1_id_nist_aes_algs.x \
+ asn1_id_aes_128_cbc.x \
+ asn1_id_aes_192_cbc.x \
+ asn1_id_aes_256_cbc.x \
+ asn1_id_nist_sha_algs.x \
+ asn1_id_sha256.x \
+ asn1_id_sha224.x \
+ asn1_id_sha384.x \
+ asn1_id_sha512.x \
+ asn1_id_dhpublicnumber.x \
+ asn1_id_x9_57.x \
+ asn1_id_dsa.x \
+ asn1_id_dsa_with_sha1.x \
+ asn1_id_x520_at.x \
+ asn1_id_at_commonName.x \
+ asn1_id_at_surname.x \
+ asn1_id_at_serialNumber.x \
+ asn1_id_at_countryName.x \
+ asn1_id_at_localityName.x \
+ asn1_id_at_streetAddress.x \
+ asn1_id_at_stateOrProvinceName.x \
+ asn1_id_at_organizationName.x \
+ asn1_id_at_organizationalUnitName.x \
+ asn1_id_at_name.x \
+ asn1_id_at_givenName.x \
+ asn1_id_at_initials.x \
+ asn1_id_at_generationQualifier.x \
+ asn1_id_at_pseudonym.x \
+ asn1_id_Userid.x \
+ asn1_id_domainComponent.x \
+ asn1_id_x509_ce.x \
+ asn1_id_uspkicommon_card_id.x \
+ asn1_id_uspkicommon_piv_interim.x \
+ asn1_id_netscape.x \
+ asn1_id_netscape_cert_comment.x \
+ asn1_id_ms_cert_enroll_domaincontroller.x \
+ asn1_id_ms_client_authentication.x \
+ asn1_AlgorithmIdentifier.x \
+ asn1_AttributeType.x \
+ asn1_AttributeValue.x \
+ asn1_TeletexStringx.x \
+ asn1_DirectoryString.x \
+ asn1_Attribute.x \
+ asn1_AttributeTypeAndValue.x \
+ asn1_AuthorityInfoAccessSyntax.x \
+ asn1_AccessDescription.x \
+ asn1_RelativeDistinguishedName.x \
+ asn1_RDNSequence.x \
+ asn1_Name.x \
+ asn1_CertificateSerialNumber.x \
+ asn1_Time.x \
+ asn1_Validity.x \
+ asn1_UniqueIdentifier.x \
+ asn1_SubjectPublicKeyInfo.x \
+ asn1_Extension.x \
+ asn1_Extensions.x \
+ asn1_TBSCertificate.x \
+ asn1_Certificate.x \
+ asn1_Certificates.x \
+ asn1_ValidationParms.x \
+ asn1_DomainParameters.x \
+ asn1_DHPublicKey.x \
+ asn1_OtherName.x \
+ asn1_GeneralName.x \
+ asn1_GeneralNames.x \
+ asn1_id_x509_ce_keyUsage.x \
+ asn1_KeyUsage.x \
+ asn1_id_x509_ce_authorityKeyIdentifier.x \
+ asn1_KeyIdentifier.x \
+ asn1_AuthorityKeyIdentifier.x \
+ asn1_id_x509_ce_subjectKeyIdentifier.x \
+ asn1_SubjectKeyIdentifier.x \
+ asn1_id_x509_ce_basicConstraints.x \
+ asn1_BasicConstraints.x \
+ asn1_id_x509_ce_nameConstraints.x \
+ asn1_BaseDistance.x \
+ asn1_GeneralSubtree.x \
+ asn1_GeneralSubtrees.x \
+ asn1_NameConstraints.x \
+ asn1_id_x509_ce_privateKeyUsagePeriod.x \
+ asn1_id_x509_ce_certificatePolicies.x \
+ asn1_id_x509_ce_policyMappings.x \
+ asn1_id_x509_ce_subjectAltName.x \
+ asn1_id_x509_ce_issuerAltName.x \
+ asn1_id_x509_ce_subjectDirectoryAttributes.x \
+ asn1_id_x509_ce_policyConstraints.x \
+ asn1_id_x509_ce_extKeyUsage.x \
+ asn1_ExtKeyUsage.x \
+ asn1_id_x509_ce_cRLDistributionPoints.x \
+ asn1_id_x509_ce_deltaCRLIndicator.x \
+ asn1_id_x509_ce_issuingDistributionPoint.x \
+ asn1_id_x509_ce_holdInstructionCode.x \
+ asn1_id_x509_ce_invalidityDate.x \
+ asn1_id_x509_ce_certificateIssuer.x \
+ asn1_id_x509_ce_inhibitAnyPolicy.x \
+ asn1_DistributionPointReasonFlags.x \
+ asn1_DistributionPointName.x \
+ asn1_DistributionPoint.x \
+ asn1_CRLDistributionPoints.x \
+ asn1_DSASigValue.x \
+ asn1_DSAPublicKey.x \
+ asn1_DSAParams.x \
+ asn1_RSAPublicKey.x \
+ asn1_RSAPrivateKey.x \
+ asn1_DigestInfo.x \
+ asn1_TBSCRLCertList.x \
+ asn1_CRLCertificateList.x \
+ asn1_id_x509_ce_cRLNumber.x \
+ asn1_id_x509_ce_freshestCRL.x \
+ asn1_id_x509_ce_cRLReason.x \
+ asn1_CRLReason.x \
+ asn1_PKIXXmppAddr.x \
+ asn1_id_pkix.x \
+ asn1_id_pkix_on.x \
+ asn1_id_pkix_on_dnsSRV.x \
+ asn1_id_pkix_on_xmppAddr.x \
+ asn1_id_pkix_kp.x \
+ asn1_id_pkix_kp_serverAuth.x \
+ asn1_id_pkix_kp_clientAuth.x \
+ asn1_id_pkix_kp_emailProtection.x \
+ asn1_id_pkix_kp_timeStamping.x \
+ asn1_id_pkix_kp_OCSPSigning.x \
+ asn1_id_pkix_pe.x \
+ asn1_id_pkix_pe_authorityInfoAccess.x \
+ asn1_id_pkix_pe_proxyCertInfo.x \
+ asn1_id_pkix_ppl.x \
+ asn1_id_pkix_ppl_anyLanguage.x \
+ asn1_id_pkix_ppl_inheritAll.x \
+ asn1_id_pkix_ppl_independent.x \
+ asn1_ProxyPolicy.x \
+ asn1_ProxyCertInfo.x
+
+gen_files_pkinit = \
+ asn1_id_pkinit.x \
+ asn1_id_pkauthdata.x \
+ asn1_id_pkdhkeydata.x \
+ asn1_id_pkrkeydata.x \
+ asn1_id_pkekuoid.x \
+ asn1_id_pkkdcekuoid.x \
+ asn1_id_pkinit_san.x \
+ asn1_id_pkinit_ms_eku.x \
+ asn1_id_pkinit_ms_san.x \
+ asn1_MS_UPN_SAN.x \
+ asn1_DHNonce.x \
+ asn1_KDFAlgorithmId.x \
+ asn1_TrustedCA.x \
+ asn1_ExternalPrincipalIdentifier.x \
+ asn1_ExternalPrincipalIdentifiers.x \
+ asn1_PA_PK_AS_REQ.x \
+ asn1_PKAuthenticator.x \
+ asn1_AuthPack.x \
+ asn1_TD_TRUSTED_CERTIFIERS.x \
+ asn1_TD_INVALID_CERTIFICATES.x \
+ asn1_KRB5PrincipalName.x \
+ asn1_AD_INITIAL_VERIFIED_CAS.x \
+ asn1_DHRepInfo.x \
+ asn1_PA_PK_AS_REP.x \
+ asn1_KDCDHKeyInfo.x \
+ asn1_ReplyKeyPack.x \
+ asn1_TD_DH_PARAMETERS.x \
+ asn1_PKAuthenticator_Win2k.x \
+ asn1_AuthPack_Win2k.x \
+ asn1_TrustedCA_Win2k.x \
+ asn1_PA_PK_AS_REQ_Win2k.x \
+ asn1_PA_PK_AS_REP_Win2k.x \
+ asn1_KDCDHKeyInfo_Win2k.x \
+ asn1_ReplyKeyPack_Win2k.x \
+ asn1_PkinitSuppPubInfo.x
+
+gen_files_pkcs12 = \
+ asn1_id_pkcs_12.x \
+ asn1_id_pkcs_12PbeIds.x \
+ asn1_id_pbeWithSHAAnd128BitRC4.x \
+ asn1_id_pbeWithSHAAnd40BitRC4.x \
+ asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \
+ asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \
+ asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \
+ asn1_id_pbewithSHAAnd40BitRC2_CBC.x \
+ asn1_id_pkcs12_bagtypes.x \
+ asn1_id_pkcs12_keyBag.x \
+ asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \
+ asn1_id_pkcs12_certBag.x \
+ asn1_id_pkcs12_crlBag.x \
+ asn1_id_pkcs12_secretBag.x \
+ asn1_id_pkcs12_safeContentsBag.x \
+ asn1_PKCS12_MacData.x \
+ asn1_PKCS12_PFX.x \
+ asn1_PKCS12_AuthenticatedSafe.x \
+ asn1_PKCS12_CertBag.x \
+ asn1_PKCS12_Attribute.x \
+ asn1_PKCS12_Attributes.x \
+ asn1_PKCS12_SafeBag.x \
+ asn1_PKCS12_SafeContents.x \
+ asn1_PKCS12_OctetString.x \
+ asn1_PKCS12_PBEParams.x
+
+gen_files_pkcs8 = \
+ asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \
+ asn1_PKCS8PrivateKey.x \
+ asn1_PKCS8PrivateKeyInfo.x \
+ asn1_PKCS8Attributes.x \
+ asn1_PKCS8EncryptedPrivateKeyInfo.x \
+ asn1_PKCS8EncryptedData.x
+
+gen_files_pkcs9 = \
+ asn1_id_pkcs_9.x \
+ asn1_id_pkcs9_contentType.x \
+ asn1_id_pkcs9_emailAddress.x \
+ asn1_id_pkcs9_messageDigest.x \
+ asn1_id_pkcs9_signingTime.x \
+ asn1_id_pkcs9_countersignature.x \
+ asn1_id_pkcs_9_at_friendlyName.x \
+ asn1_id_pkcs_9_at_localKeyId.x \
+ asn1_id_pkcs_9_at_certTypes.x \
+ asn1_id_pkcs_9_at_certTypes_x509.x \
+ asn1_PKCS9_BMPString.x \
+ asn1_PKCS9_friendlyName.x
+
+gen_files_test = \
+ asn1_TESTAlloc.x \
+ asn1_TESTAllocInner.x \
+ asn1_TESTCONTAINING.x \
+ asn1_TESTCONTAININGENCODEDBY.x \
+ asn1_TESTCONTAININGENCODEDBY2.x \
+ asn1_TESTChoice1.x \
+ asn1_TESTChoice2.x \
+ asn1_TESTDer.x \
+ asn1_TESTENCODEDBY.x \
+ asn1_TESTImplicit.x \
+ asn1_TESTImplicit2.x \
+ asn1_TESTInteger.x \
+ asn1_TESTInteger2.x \
+ asn1_TESTInteger3.x \
+ asn1_TESTLargeTag.x \
+ asn1_TESTSeq.x \
+ asn1_TESTUSERCONSTRAINED.x \
+ asn1_TESTSeqOf.x \
+ asn1_TESTOSSize1.x \
+ asn1_TESTSeqSizeOf1.x \
+ asn1_TESTSeqSizeOf2.x \
+ asn1_TESTSeqSizeOf3.x \
+ asn1_TESTSeqSizeOf4.x
+
+gen_files_digest = \
+ asn1_DigestError.x \
+ asn1_DigestInit.x \
+ asn1_DigestInitReply.x \
+ asn1_DigestREP.x \
+ asn1_DigestREQ.x \
+ asn1_DigestRepInner.x \
+ asn1_DigestReqInner.x \
+ asn1_DigestRequest.x \
+ asn1_DigestResponse.x \
+ asn1_DigestTypes.x \
+ asn1_NTLMInit.x \
+ asn1_NTLMInitReply.x \
+ asn1_NTLMRequest.x \
+ asn1_NTLMResponse.x
+
+gen_files_kx509 = \
+ asn1_Kx509Response.x \
+ asn1_Kx509Request.x
+
+asn1_gen_SOURCES = asn1_gen.c
+asn1_print_SOURCES = asn1_print.c
+check_der_SOURCES = check-der.c check-common.c check-common.h
+dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h
+nodist_check_gen_SOURCES = $(gen_files_test:.x=.c)
+asn1_compile_SOURCES = \
+ asn1-common.h \
+ asn1_queue.h \
+ der.h \
+ gen.c \
+ gen_copy.c \
+ gen_decode.c \
+ gen_encode.c \
+ gen_free.c \
+ gen_glue.c \
+ gen_length.c \
+ gen_locl.h \
+ gen_seq.c \
+ hash.c \
+ hash.h \
+ lex.l \
+ lex.h \
+ main.c \
+ parse.y \
+ symbol.c \
+ symbol.h
+
+dist_libasn1_la_SOURCES = \
+ der-protos.h \
+ der_locl.h \
+ der.c \
+ der.h \
+ der_get.c \
+ der_put.c \
+ der_free.c \
+ der_length.c \
+ der_copy.c \
+ der_cmp.c \
+ der_format.c \
+ heim_asn1.h \
+ extra.c \
+ timegm.c
+
+nodist_libasn1_la_SOURCES = $(BUILT_SOURCES)
+asn1_compile_LDADD = \
+ $(LIB_roken) $(LEXLIB)
+
+check_der_LDADD = \
+ libasn1.la \
+ $(LIB_roken)
+
+check_gen_LDADD = $(check_der_LDADD)
+asn1_print_LDADD = $(check_der_LDADD)
+asn1_gen_LDADD = $(check_der_LDADD)
+check_timegm_LDADD = $(check_der_LDADD)
+CLEANFILES = \
+ $(BUILT_SOURCES) \
+ $(gen_files_rfc2459) \
+ $(gen_files_cms) \
+ $(gen_files_k5) \
+ $(gen_files_pkinit) \
+ $(gen_files_pkcs8) \
+ $(gen_files_pkcs9) \
+ $(gen_files_pkcs12) \
+ $(gen_files_digest) \
+ $(gen_files_kx509) \
+ $(gen_files_test) $(nodist_check_gen_SOURCES) \
+ rfc2459_asn1_files rfc2459_asn1.h \
+ cms_asn1_files cms_asn1.h \
+ krb5_asn1_files krb5_asn1.h \
+ pkinit_asn1_files pkinit_asn1.h \
+ pkcs8_asn1_files pkcs8_asn1.h \
+ pkcs9_asn1_files pkcs9_asn1.h \
+ pkcs12_asn1_files pkcs12_asn1.h \
+ digest_asn1_files digest_asn1.h \
+ kx509_asn1_files kx509_asn1.h \
+ test_asn1_files test_asn1.h
+
+dist_include_HEADERS = der.h heim_asn1.h der-protos.h
+nodist_include_HEADERS = asn1_err.h krb5_asn1.h pkinit_asn1.h \
+ cms_asn1.h rfc2459_asn1.h pkcs8_asn1.h pkcs9_asn1.h \
+ pkcs12_asn1.h digest_asn1.h kx509_asn1.h
+EXTRA_DIST = \
+ asn1_err.et \
+ canthandle.asn1 \
+ CMS.asn1 \
+ digest.asn1 \
+ k5.asn1 \
+ kx509.asn1 \
+ test.asn1 \
+ setchgpw2.asn1 \
+ pkcs12.asn1 \
+ pkcs8.asn1 \
+ pkcs9.asn1 \
+ pkinit.asn1 \
+ rfc2459.asn1 \
+ test.gen
+
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/asn1/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/asn1/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES)
+ $(libasn1_la_LINK) -rpath $(libdir) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS)
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+asn1_compile$(EXEEXT): $(asn1_compile_OBJECTS) $(asn1_compile_DEPENDENCIES)
+ @rm -f asn1_compile$(EXEEXT)
+ $(LINK) $(asn1_compile_OBJECTS) $(asn1_compile_LDADD) $(LIBS)
+asn1_gen$(EXEEXT): $(asn1_gen_OBJECTS) $(asn1_gen_DEPENDENCIES)
+ @rm -f asn1_gen$(EXEEXT)
+ $(LINK) $(asn1_gen_OBJECTS) $(asn1_gen_LDADD) $(LIBS)
+asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES)
+ @rm -f asn1_print$(EXEEXT)
+ $(LINK) $(asn1_print_OBJECTS) $(asn1_print_LDADD) $(LIBS)
+check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES)
+ @rm -f check-der$(EXEEXT)
+ $(LINK) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS)
+check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES)
+ @rm -f check-gen$(EXEEXT)
+ $(LINK) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS)
+check-timegm$(EXEEXT): $(check_timegm_OBJECTS) $(check_timegm_DEPENDENCIES)
+ @rm -f check-timegm$(EXEEXT)
+ $(LINK) $(check_timegm_OBJECTS) $(check_timegm_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+.l.c:
+ $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
+
+.y.c:
+ $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-dist_includeHEADERS: $(dist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-dist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -rm -f lex.c
+ -rm -f parse.c
+ -rm -f parse.h
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_includeHEADERS \
+ install-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \
+ uninstall-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dist_includeHEADERS \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man \
+ install-nodist_includeHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-dist_includeHEADERS \
+ uninstall-hook uninstall-libLTLIBRARIES \
+ uninstall-nodist_includeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h
+$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h
+$(check_gen_OBJECTS): test_asn1.h
+$(asn1_print_OBJECTS): krb5_asn1.h
+
+parse.h: parse.c
+
+$(gen_files_k5) krb5_asn1.h: krb5_asn1_files
+$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files
+$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files
+$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files
+$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files
+$(gen_files_digest) digest_asn1.h: digest_asn1_files
+$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files
+$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files
+$(gen_files_cms) cms_asn1.h: cms_asn1_files
+$(gen_files_test) test_asn1.h: test_asn1_files
+
+rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
+ ./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
+
+cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
+
+krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1
+ ./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1)
+
+pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1)
+
+pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1)
+
+pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1)
+
+pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1)
+
+digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1)
+
+kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1
+ ./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1)
+
+test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1
+ ./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1)
+
+$(srcdir)/der-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/asn1/asn1-common.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/asn1-common.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/asn1-common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+/* $Id: asn1-common.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#include <stddef.h>
+#include <time.h>
+
+#ifndef __asn1_common_definitions__
+#define __asn1_common_definitions__
+
+typedef struct heim_integer {
+ size_t length;
+ void *data;
+ int negative;
+} heim_integer;
+
+typedef struct heim_octet_string {
+ size_t length;
+ void *data;
+} heim_octet_string;
+
+typedef char *heim_general_string;
+typedef char *heim_utf8_string;
+typedef char *heim_printable_string;
+typedef char *heim_ia5_string;
+
+typedef struct heim_bmp_string {
+ size_t length;
+ uint16_t *data;
+} heim_bmp_string;
+
+typedef struct heim_universal_string {
+ size_t length;
+ uint32_t *data;
+} heim_universal_string;
+
+typedef char *heim_visible_string;
+
+typedef struct heim_oid {
+ size_t length;
+ unsigned *components;
+} heim_oid;
+
+typedef struct heim_bit_string {
+ size_t length;
+ void *data;
+} heim_bit_string;
+
+typedef struct heim_octet_string heim_any;
+typedef struct heim_octet_string heim_any_set;
+
+#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \
+ do { \
+ (BL) = length_##T((S)); \
+ (B) = malloc((BL)); \
+ if((B) == NULL) { \
+ (R) = ENOMEM; \
+ } else { \
+ (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \
+ (S), (L)); \
+ if((R) != 0) { \
+ free((B)); \
+ (B) = NULL; \
+ } \
+ } \
+ } while (0)
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/asn1/asn1_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/asn1_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/asn1_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+#
+# Error messages for the asn.1 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: asn1_err.et,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $"
+
+error_table asn1
+prefix ASN1
+error_code BAD_TIMEFORMAT, "ASN.1 failed call to system time library"
+error_code MISSING_FIELD, "ASN.1 structure is missing a required field"
+error_code MISPLACED_FIELD, "ASN.1 unexpected field number"
+error_code TYPE_MISMATCH, "ASN.1 type numbers are inconsistent"
+error_code OVERFLOW, "ASN.1 value too large"
+error_code OVERRUN, "ASN.1 encoding ended unexpectedly"
+error_code BAD_ID, "ASN.1 identifier doesn't match expected value"
+error_code BAD_LENGTH, "ASN.1 length doesn't match expected value"
+error_code BAD_FORMAT, "ASN.1 badly-formatted encoding"
+error_code PARSE_ERROR, "ASN.1 parse error"
+error_code EXTRA_DATA, "ASN.1 extra data past end of end structure"
+error_code BAD_CHARACTER, "ASN.1 invalid character in string"
+error_code MIN_CONSTRAINT, "ASN.1 too few elements"
+error_code MAX_CONSTRAINT, "ASN.1 too many elements"
+error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
+end
Added: vendor-crypto/heimdal/dist/lib/asn1/asn1_gen.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/asn1_gen.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/asn1_gen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include <com_err.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <getarg.h>
+#include <hex.h>
+#include <err.h>
+
+RCSID("$Id: asn1_gen.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int
+doit(const char *fn)
+{
+ char buf[2048];
+ char *fnout;
+ const char *bname;
+ unsigned long line = 0;
+ FILE *f, *fout;
+ size_t offset = 0;
+
+ f = fopen(fn, "r");
+ if (f == NULL)
+ err(1, "fopen");
+
+ bname = strrchr(fn, '/');
+ if (bname)
+ bname++;
+ else
+ bname = fn;
+
+ asprintf(&fnout, "%s.out", bname);
+ if (fnout == NULL)
+ errx(1, "malloc");
+
+ fout = fopen(fnout, "w");
+ if (fout == NULL)
+ err(1, "fopen: output file");
+
+ while (fgets(buf, sizeof(buf), f) != NULL) {
+ char *ptr, *class, *type, *tag, *length, *data, *foo;
+ int ret, l, c, ty, ta;
+ unsigned char p[6], *pdata;
+ size_t sz;
+
+ line++;
+
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (buf[0] == '#' || buf[0] == '\0')
+ continue;
+
+ ptr = buf;
+ while (isspace((unsigned char)*ptr))
+ ptr++;
+
+ class = strtok_r(ptr, " \t\n", &foo);
+ if (class == NULL) errx(1, "class missing on line %lu", line);
+ type = strtok_r(NULL, " \t\n", &foo);
+ if (type == NULL) errx(1, "type missing on line %lu", line);
+ tag = strtok_r(NULL, " \t\n", &foo);
+ if (tag == NULL) errx(1, "tag missing on line %lu", line);
+ length = strtok_r(NULL, " \t\n", &foo);
+ if (length == NULL) errx(1, "length missing on line %lu", line);
+ data = strtok_r(NULL, " \t\n", &foo);
+
+ c = der_get_class_num(class);
+ if (c == -1) errx(1, "no valid class on line %lu", line);
+ ty = der_get_type_num(type);
+ if (ty == -1) errx(1, "no valid type on line %lu", line);
+ ta = der_get_tag_num(tag);
+ if (ta == -1)
+ ta = atoi(tag);
+
+ l = atoi(length);
+
+ printf("line: %3lu offset: %3lu class: %d type: %d "
+ "tag: %3d length: %3d %s\n",
+ line, (unsigned long)offset, c, ty, ta, l,
+ data ? "<have data>" : "<no data>");
+
+ ret = der_put_length_and_tag(p + sizeof(p) - 1, sizeof(p),
+ l,
+ c,
+ ty,
+ ta,
+ &sz);
+ if (ret)
+ errx(1, "der_put_length_and_tag: %d", ret);
+
+ if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1)
+ err(1, "fwrite length/tag failed");
+ offset += sz;
+
+ if (data) {
+ size_t datalen;
+
+ datalen = strlen(data) / 2;
+ pdata = emalloc(sz);
+
+ if (hex_decode(data, pdata, datalen) != datalen)
+ errx(1, "failed to decode data");
+
+ if (fwrite(pdata, datalen, 1, fout) != 1)
+ err(1, "fwrite data failed");
+ offset += datalen;
+
+ free(pdata);
+ }
+ }
+ printf("line: eof offset: %lu\n", (unsigned long)offset);
+
+ fclose(fout);
+ fclose(f);
+ return 0;
+}
+
+
+static int version_flag;
+static int help_flag;
+struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "parse-file");
+ exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ argv += optidx;
+ argc -= optidx;
+ if (argc != 1)
+ usage (1);
+
+ return doit (argv[0]);
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/asn1_print.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/asn1_print.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/asn1_print.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,304 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include <com_err.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <getarg.h>
+#include <err.h>
+#include <der.h>
+
+RCSID("$Id: asn1_print.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int indent_flag = 1;
+
+static unsigned long indefinite_form_loop;
+static unsigned long indefinite_form_loop_max = 10000;
+
+static size_t
+loop (unsigned char *buf, size_t len, int indent)
+{
+ unsigned char *start_buf = buf;
+
+ while (len > 0) {
+ int ret;
+ Der_class class;
+ Der_type type;
+ unsigned int tag;
+ size_t sz;
+ size_t length;
+ size_t loop_length = 0;
+ int end_tag = 0;
+ const char *tagname;
+
+ ret = der_get_tag (buf, len, &class, &type, &tag, &sz);
+ if (ret)
+ errx (1, "der_get_tag: %s", error_message (ret));
+ if (sz > len)
+ errx (1, "unreasonable length (%u) > %u",
+ (unsigned)sz, (unsigned)len);
+ buf += sz;
+ len -= sz;
+ if (indent_flag) {
+ int i;
+ for (i = 0; i < indent; ++i)
+ printf (" ");
+ }
+ printf ("%s %s ", der_get_class_name(class), der_get_type_name(type));
+ tagname = der_get_tag_name(tag);
+ if (class == ASN1_C_UNIV && tagname != NULL)
+ printf ("%s = ", tagname);
+ else
+ printf ("tag %d = ", tag);
+ ret = der_get_length (buf, len, &length, &sz);
+ if (ret)
+ errx (1, "der_get_tag: %s", error_message (ret));
+ if (sz > len)
+ errx (1, "unreasonable tag length (%u) > %u",
+ (unsigned)sz, (unsigned)len);
+ buf += sz;
+ len -= sz;
+ if (length == ASN1_INDEFINITE) {
+ if ((class == ASN1_C_UNIV && type == PRIM && tag == UT_OctetString) ||
+ (class == ASN1_C_CONTEXT && type == CONS) ||
+ (class == ASN1_C_UNIV && type == CONS && tag == UT_Sequence) ||
+ (class == ASN1_C_UNIV && type == CONS && tag == UT_Set)) {
+ printf("*INDEFINITE FORM*");
+ } else {
+ fflush(stdout);
+ errx(1, "indef form used on unsupported object");
+ }
+ end_tag = 1;
+ if (indefinite_form_loop > indefinite_form_loop_max)
+ errx(1, "indefinite form used recursively more then %lu "
+ "times, aborting", indefinite_form_loop_max);
+ indefinite_form_loop++;
+ length = len;
+ } else if (length > len) {
+ printf("\n");
+ fflush(stdout);
+ errx (1, "unreasonable inner length (%u) > %u",
+ (unsigned)length, (unsigned)len);
+ }
+ if (class == ASN1_C_CONTEXT || class == ASN1_C_APPL) {
+ printf ("%lu bytes [%u]", (unsigned long)length, tag);
+ if (type == CONS) {
+ printf("\n");
+ loop_length = loop (buf, length, indent + 2);
+ } else {
+ printf(" IMPLICIT content\n");
+ }
+ } else if (class == ASN1_C_UNIV) {
+ switch (tag) {
+ case UT_EndOfContent:
+ printf (" INDEFINITE length was %lu\n",
+ (unsigned long)(buf - start_buf));
+ break;
+ case UT_Set :
+ case UT_Sequence :
+ printf ("%lu bytes {\n", (unsigned long)length);
+ loop_length = loop (buf, length, indent + 2);
+ if (indent_flag) {
+ int i;
+ for (i = 0; i < indent; ++i)
+ printf (" ");
+ printf ("}\n");
+ } else
+ printf ("} indent = %d\n", indent / 2);
+ break;
+ case UT_Integer : {
+ int val;
+
+ if (length <= sizeof(val)) {
+ ret = der_get_integer (buf, length, &val, NULL);
+ if (ret)
+ errx (1, "der_get_integer: %s", error_message (ret));
+ printf ("integer %d\n", val);
+ } else {
+ heim_integer vali;
+ char *p;
+
+ ret = der_get_heim_integer(buf, length, &vali, NULL);
+ if (ret)
+ errx (1, "der_get_heim_integer: %s",
+ error_message (ret));
+ ret = der_print_hex_heim_integer(&vali, &p);
+ if (ret)
+ errx (1, "der_print_hex_heim_integer: %s",
+ error_message (ret));
+ printf ("BIG NUM integer: length %lu %s\n",
+ (unsigned long)length, p);
+ free(p);
+ }
+ break;
+ }
+ case UT_OctetString : {
+ heim_octet_string str;
+ int i;
+ unsigned char *uc;
+
+ ret = der_get_octet_string (buf, length, &str, NULL);
+ if (ret)
+ errx (1, "der_get_octet_string: %s", error_message (ret));
+ printf ("(length %lu), ", (unsigned long)length);
+ uc = (unsigned char *)str.data;
+ for (i = 0; i < min(16,length); ++i)
+ printf ("%02x", uc[i]);
+ printf ("\n");
+ free (str.data);
+ break;
+ }
+ case UT_GeneralizedTime :
+ case UT_GeneralString :
+ case UT_PrintableString :
+ case UT_VisibleString : {
+ heim_general_string str;
+
+ ret = der_get_general_string (buf, length, &str, NULL);
+ if (ret)
+ errx (1, "der_get_general_string: %s",
+ error_message (ret));
+ printf ("\"%s\"\n", str);
+ free (str);
+ break;
+ }
+ case UT_OID: {
+ heim_oid o;
+ char *p;
+
+ ret = der_get_oid(buf, length, &o, NULL);
+ if (ret)
+ errx (1, "der_get_oid: %s", error_message (ret));
+ ret = der_print_heim_oid(&o, '.', &p);
+ der_free_oid(&o);
+ if (ret)
+ errx (1, "der_print_heim_oid: %s", error_message (ret));
+ printf("%s\n", p);
+ free(p);
+
+ break;
+ }
+ case UT_Enumerated: {
+ int num;
+
+ ret = der_get_integer (buf, length, &num, NULL);
+ if (ret)
+ errx (1, "der_get_enum: %s", error_message (ret));
+
+ printf("%u\n", num);
+ break;
+ }
+ default :
+ printf ("%lu bytes\n", (unsigned long)length);
+ break;
+ }
+ }
+ if (end_tag) {
+ if (loop_length == 0)
+ errx(1, "zero length INDEFINITE data ? indent = %d\n",
+ indent / 2);
+ if (loop_length < length)
+ length = loop_length;
+ if (indefinite_form_loop == 0)
+ errx(1, "internal error in indefinite form loop detection");
+ indefinite_form_loop--;
+ } else if (loop_length)
+ errx(1, "internal error for INDEFINITE form");
+ buf += length;
+ len -= length;
+ }
+ return 0;
+}
+
+static int
+doit (const char *filename)
+{
+ int fd = open (filename, O_RDONLY);
+ struct stat sb;
+ unsigned char *buf;
+ size_t len;
+ int ret;
+
+ if(fd < 0)
+ err (1, "opening %s for read", filename);
+ if (fstat (fd, &sb) < 0)
+ err (1, "stat %s", filename);
+ len = sb.st_size;
+ buf = emalloc (len);
+ if (read (fd, buf, len) != len)
+ errx (1, "read failed");
+ close (fd);
+ ret = loop (buf, len, 0);
+ free (buf);
+ return 0;
+}
+
+
+static int version_flag;
+static int help_flag;
+struct getargs args[] = {
+ { "indent", 0, arg_negative_flag, &indent_flag },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "dump-file");
+ exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname (argv[0]);
+ initialize_asn1_error_table ();
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ argv += optidx;
+ argc -= optidx;
+ if (argc != 1)
+ usage (1);
+ return doit (argv[0]);
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/asn1_queue.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/asn1_queue.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/asn1_queue.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,167 @@
+/* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */
+/* $Id: asn1_queue.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+/*
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)queue.h 8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef _ASN1_QUEUE_H_
+#define _ASN1_QUEUE_H_
+
+/*
+ * Tail queue definitions.
+ */
+#define ASN1_TAILQ_HEAD(name, type) \
+struct name { \
+ struct type *tqh_first; /* first element */ \
+ struct type **tqh_last; /* addr of last next element */ \
+}
+
+#define ASN1_TAILQ_HEAD_INITIALIZER(head) \
+ { NULL, &(head).tqh_first }
+#define ASN1_TAILQ_ENTRY(type) \
+struct { \
+ struct type *tqe_next; /* next element */ \
+ struct type **tqe_prev; /* address of previous next element */ \
+}
+
+/*
+ * Tail queue functions.
+ */
+#if defined(_KERNEL) && defined(QUEUEDEBUG)
+#define QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field) \
+ if ((head)->tqh_first && \
+ (head)->tqh_first->field.tqe_prev != &(head)->tqh_first) \
+ panic("ASN1_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__);
+#define QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field) \
+ if (*(head)->tqh_last != NULL) \
+ panic("ASN1_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__);
+#define QUEUEDEBUG_ASN1_TAILQ_OP(elm, field) \
+ if ((elm)->field.tqe_next && \
+ (elm)->field.tqe_next->field.tqe_prev != \
+ &(elm)->field.tqe_next) \
+ panic("ASN1_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\
+ if (*(elm)->field.tqe_prev != (elm)) \
+ panic("ASN1_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__);
+#define QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field) \
+ if ((elm)->field.tqe_next == NULL && \
+ (head)->tqh_last != &(elm)->field.tqe_next) \
+ panic("ASN1_TAILQ_PREREMOVE head %p elm %p %s:%d", \
+ (head), (elm), __FILE__, __LINE__);
+#define QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field) \
+ (elm)->field.tqe_next = (void *)1L; \
+ (elm)->field.tqe_prev = (void *)1L;
+#else
+#define QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field)
+#define QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field)
+#define QUEUEDEBUG_ASN1_TAILQ_OP(elm, field)
+#define QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field)
+#define QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field)
+#endif
+
+#define ASN1_TAILQ_INIT(head) do { \
+ (head)->tqh_first = NULL; \
+ (head)->tqh_last = &(head)->tqh_first; \
+} while (/*CONSTCOND*/0)
+
+#define ASN1_TAILQ_INSERT_HEAD(head, elm, field) do { \
+ QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD((head), (elm), field) \
+ if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
+ (head)->tqh_first->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (head)->tqh_first = (elm); \
+ (elm)->field.tqe_prev = &(head)->tqh_first; \
+} while (/*CONSTCOND*/0)
+
+#define ASN1_TAILQ_INSERT_TAIL(head, elm, field) do { \
+ QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL((head), (elm), field) \
+ (elm)->field.tqe_next = NULL; \
+ (elm)->field.tqe_prev = (head)->tqh_last; \
+ *(head)->tqh_last = (elm); \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+} while (/*CONSTCOND*/0)
+
+#define ASN1_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
+ QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field) \
+ if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+ (elm)->field.tqe_next->field.tqe_prev = \
+ &(elm)->field.tqe_next; \
+ else \
+ (head)->tqh_last = &(elm)->field.tqe_next; \
+ (listelm)->field.tqe_next = (elm); \
+ (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
+} while (/*CONSTCOND*/0)
+
+#define ASN1_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
+ QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field) \
+ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
+ (elm)->field.tqe_next = (listelm); \
+ *(listelm)->field.tqe_prev = (elm); \
+ (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
+} while (/*CONSTCOND*/0)
+
+#define ASN1_TAILQ_REMOVE(head, elm, field) do { \
+ QUEUEDEBUG_ASN1_TAILQ_PREREMOVE((head), (elm), field) \
+ QUEUEDEBUG_ASN1_TAILQ_OP((elm), field) \
+ if (((elm)->field.tqe_next) != NULL) \
+ (elm)->field.tqe_next->field.tqe_prev = \
+ (elm)->field.tqe_prev; \
+ else \
+ (head)->tqh_last = (elm)->field.tqe_prev; \
+ *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
+ QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE((elm), field); \
+} while (/*CONSTCOND*/0)
+
+#define ASN1_TAILQ_FOREACH(var, head, field) \
+ for ((var) = ((head)->tqh_first); \
+ (var); \
+ (var) = ((var)->field.tqe_next))
+
+#define ASN1_TAILQ_FOREACH_REVERSE(var, head, headname, field) \
+ for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \
+ (var); \
+ (var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last)))
+
+/*
+ * Tail queue access methods.
+ */
+#define ASN1_TAILQ_EMPTY(head) ((head)->tqh_first == NULL)
+#define ASN1_TAILQ_FIRST(head) ((head)->tqh_first)
+#define ASN1_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
+
+#define ASN1_TAILQ_LAST(head, headname) \
+ (*(((struct headname *)((head)->tqh_last))->tqh_last))
+#define ASN1_TAILQ_PREV(elm, headname, field) \
+ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+
+
+#endif /* !_ASN1_QUEUE_H_ */
Added: vendor-crypto/heimdal/dist/lib/asn1/canthandle.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/canthandle.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/canthandle.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,34 @@
+-- $Id: canthandle.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ --
+
+CANTHANDLE DEFINITIONS ::= BEGIN
+
+-- Code the tag [1] but not the [ CONTEXT CONS UT_Sequence ] for Kaka2
+-- Workaround: use inline the structure directly
+-- Code the tag [2] but it should be primitive since KAKA3 is
+-- Workaround: use the INTEGER type directly
+
+Kaka2 ::= SEQUENCE {
+ kaka2-1 [0] INTEGER
+}
+
+Kaka3 ::= INTEGER
+
+Foo ::= SEQUENCE {
+ kaka1 [0] IMPLICIT INTEGER OPTIONAL,
+ kaka2 [1] IMPLICIT Kaka2 OPTIONAL,
+ kaka3 [2] IMPLICIT Kaka3 OPTIONAL
+}
+
+-- Don't code kaka if it's 1
+-- Workaround is to use OPTIONAL and check for in the encoder stubs
+
+Bar ::= SEQUENCE {
+ kaka [0] INTEGER DEFAULT 1
+}
+
+-- Can't handle primitives in SET OF
+-- Workaround is to define a type that is only an integer and use that
+
+Baz ::= SET OF INTEGER
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/check-common.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/check-common.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/check-common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,376 @@
+/*
+ * Copyright (c) 1999 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <err.h>
+#include <roken.h>
+
+#include "check-common.h"
+
+RCSID("$Id: check-common.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct map_page {
+ void *start;
+ size_t size;
+ void *data_start;
+ size_t data_size;
+ enum map_type type;
+};
+
+/* #undef HAVE_MMAP */
+
+void *
+map_alloc(enum map_type type, const void *buf,
+ size_t size, struct map_page **map)
+{
+#ifndef HAVE_MMAP
+ unsigned char *p;
+ size_t len = size + sizeof(long) * 2;
+ int i;
+
+ *map = ecalloc(1, sizeof(**map));
+
+ p = emalloc(len);
+ (*map)->type = type;
+ (*map)->start = p;
+ (*map)->size = len;
+ (*map)->data_start = p + sizeof(long);
+ for (i = sizeof(long); i > 0; i--)
+ p[sizeof(long) - i] = 0xff - i;
+ for (i = sizeof(long); i > 0; i--)
+ p[len - i] = 0xff - i;
+#else
+ unsigned char *p;
+ int flags, ret, fd;
+ size_t pagesize = getpagesize();
+
+ *map = ecalloc(1, sizeof(**map));
+
+ (*map)->type = type;
+
+#ifdef MAP_ANON
+ flags = MAP_ANON;
+ fd = -1;
+#else
+ flags = 0;
+ fd = open ("/dev/zero", O_RDONLY);
+ if(fd < 0)
+ err (1, "open /dev/zero");
+#endif
+ flags |= MAP_PRIVATE;
+
+ (*map)->size = size + pagesize - (size % pagesize) + pagesize * 2;
+
+ p = (unsigned char *)mmap(0, (*map)->size, PROT_READ | PROT_WRITE,
+ flags, fd, 0);
+ if (p == (unsigned char *)MAP_FAILED)
+ err (1, "mmap");
+
+ (*map)->start = p;
+
+ ret = mprotect (p, pagesize, 0);
+ if (ret < 0)
+ err (1, "mprotect");
+
+ ret = mprotect (p + (*map)->size - pagesize, pagesize, 0);
+ if (ret < 0)
+ err (1, "mprotect");
+
+ switch (type) {
+ case OVERRUN:
+ (*map)->data_start = p + (*map)->size - pagesize - size;
+ break;
+ case UNDERRUN:
+ (*map)->data_start = p + pagesize;
+ break;
+ default:
+ abort();
+ }
+#endif
+ (*map)->data_size = size;
+ if (buf)
+ memcpy((*map)->data_start, buf, size);
+ return (*map)->data_start;
+}
+
+void
+map_free(struct map_page *map, const char *test_name, const char *map_name)
+{
+#ifndef HAVE_MMAP
+ unsigned char *p = map->start;
+ int i;
+
+ for (i = sizeof(long); i > 0; i--)
+ if (p[sizeof(long) - i] != 0xff - i)
+ errx(1, "%s: %s underrun %d\n", test_name, map_name, i);
+ for (i = sizeof(long); i > 0; i--)
+ if (p[map->size - i] != 0xff - i)
+ errx(1, "%s: %s overrun %lu\n", test_name, map_name,
+ (unsigned long)map->size - i);
+ free(map->start);
+#else
+ int ret;
+
+ ret = munmap (map->start, map->size);
+ if (ret < 0)
+ err (1, "munmap");
+#endif
+ free(map);
+}
+
+static void
+print_bytes (unsigned const char *buf, size_t len)
+{
+ int i;
+
+ for (i = 0; i < len; ++i)
+ printf ("%02x ", buf[i]);
+}
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+
+static char *current_test = "<uninit>";
+static char *current_state = "<uninit>";
+
+static RETSIGTYPE
+segv_handler(int sig)
+{
+ int fd;
+ char msg[] = "SIGSEGV i current test: ";
+
+ fd = open("/dev/stdout", O_WRONLY, 0600);
+ if (fd >= 0) {
+ write(fd, msg, sizeof(msg));
+ write(fd, current_test, strlen(current_test));
+ write(fd, " ", 1);
+ write(fd, current_state, strlen(current_state));
+ write(fd, "\n", 1);
+ close(fd);
+ }
+ _exit(1);
+}
+
+int
+generic_test (const struct test_case *tests,
+ unsigned ntests,
+ size_t data_size,
+ int (*encode)(unsigned char *, size_t, void *, size_t *),
+ int (*length)(void *),
+ int (*decode)(unsigned char *, size_t, void *, size_t *),
+ int (*free_data)(void *),
+ int (*cmp)(void *a, void *b))
+{
+ unsigned char *buf, *buf2;
+ int i;
+ int failures = 0;
+ void *data;
+ struct map_page *data_map, *buf_map, *buf2_map;
+
+ struct sigaction sa, osa;
+
+ for (i = 0; i < ntests; ++i) {
+ int ret;
+ size_t sz, consumed_sz, length_sz, buf_sz;
+
+ current_test = tests[i].name;
+
+ current_state = "init";
+
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+#ifdef SA_RESETHAND
+ sa.sa_flags |= SA_RESETHAND;
+#endif
+ sa.sa_handler = segv_handler;
+ sigaction (SIGSEGV, &sa, &osa);
+
+ data = map_alloc(OVERRUN, NULL, data_size, &data_map);
+
+ buf_sz = tests[i].byte_len;
+ buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
+
+ current_state = "encode";
+ ret = (*encode) (buf + buf_sz - 1, buf_sz,
+ tests[i].val, &sz);
+ if (ret != 0) {
+ printf ("encoding of %s failed %d\n", tests[i].name, ret);
+ ++failures;
+ continue;
+ }
+ if (sz != tests[i].byte_len) {
+ printf ("encoding of %s has wrong len (%lu != %lu)\n",
+ tests[i].name,
+ (unsigned long)sz, (unsigned long)tests[i].byte_len);
+ ++failures;
+ continue;
+ }
+
+ current_state = "length";
+ length_sz = (*length) (tests[i].val);
+ if (sz != length_sz) {
+ printf ("length for %s is bad (%lu != %lu)\n",
+ tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
+ ++failures;
+ continue;
+ }
+
+ current_state = "memcmp";
+ if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
+ printf ("encoding of %s has bad bytes:\n"
+ "correct: ", tests[i].name);
+ print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
+ printf ("\nactual: ");
+ print_bytes (buf, sz);
+ printf ("\n");
+ ++failures;
+ continue;
+ }
+
+ buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
+
+ current_state = "decode";
+ ret = (*decode) (buf2, sz, data, &consumed_sz);
+ if (ret != 0) {
+ printf ("decoding of %s failed %d\n", tests[i].name, ret);
+ ++failures;
+ continue;
+ }
+ if (sz != consumed_sz) {
+ printf ("different length decoding %s (%ld != %ld)\n",
+ tests[i].name,
+ (unsigned long)sz, (unsigned long)consumed_sz);
+ ++failures;
+ continue;
+ }
+ current_state = "cmp";
+ if ((*cmp)(data, tests[i].val) != 0) {
+ printf ("%s: comparison failed\n", tests[i].name);
+ ++failures;
+ continue;
+ }
+ current_state = "free";
+ if (free_data)
+ (*free_data)(data);
+
+ current_state = "free";
+ map_free(buf_map, tests[i].name, "encode");
+ map_free(buf2_map, tests[i].name, "decode");
+ map_free(data_map, tests[i].name, "data");
+
+ sigaction (SIGSEGV, &osa, NULL);
+ }
+ current_state = "done";
+ return failures;
+}
+
+/*
+ * check for failures
+ *
+ * a test size (byte_len) of -1 means that the test tries to trigger a
+ * integer overflow (and later a malloc of to little memory), just
+ * allocate some memory and hope that is enough for that test.
+ */
+
+int
+generic_decode_fail (const struct test_case *tests,
+ unsigned ntests,
+ size_t data_size,
+ int (*decode)(unsigned char *, size_t, void *, size_t *))
+{
+ unsigned char *buf;
+ int i;
+ int failures = 0;
+ void *data;
+ struct map_page *data_map, *buf_map;
+
+ struct sigaction sa, osa;
+
+ for (i = 0; i < ntests; ++i) {
+ int ret;
+ size_t sz;
+ const void *bytes;
+
+ current_test = tests[i].name;
+
+ current_state = "init";
+
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+#ifdef SA_RESETHAND
+ sa.sa_flags |= SA_RESETHAND;
+#endif
+ sa.sa_handler = segv_handler;
+ sigaction (SIGSEGV, &sa, &osa);
+
+ data = map_alloc(OVERRUN, NULL, data_size, &data_map);
+
+ if (tests[i].byte_len < 0xffffff && tests[i].byte_len >= 0) {
+ sz = tests[i].byte_len;
+ bytes = tests[i].bytes;
+ } else {
+ sz = 4096;
+ bytes = NULL;
+ }
+
+ buf = map_alloc(OVERRUN, bytes, sz, &buf_map);
+
+ if (tests[i].byte_len == -1)
+ memset(buf, 0, sz);
+
+ current_state = "decode";
+ ret = (*decode) (buf, tests[i].byte_len, data, &sz);
+ if (ret == 0) {
+ printf ("sucessfully decoded %s\n", tests[i].name);
+ ++failures;
+ continue;
+ }
+
+ current_state = "free";
+ if (buf)
+ map_free(buf_map, tests[i].name, "encode");
+ map_free(data_map, tests[i].name, "data");
+
+ sigaction (SIGSEGV, &osa, NULL);
+ }
+ current_state = "done";
+ return failures;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/check-common.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/check-common.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/check-common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1999 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+struct test_case {
+ void *val;
+ int byte_len;
+ const char *bytes;
+ char *name;
+};
+
+typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *);
+typedef int (*generic_length)(void *);
+typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *);
+typedef int (*generic_free)(void *);
+
+int
+generic_test (const struct test_case *tests,
+ unsigned ntests,
+ size_t data_size,
+ int (*encode)(unsigned char *, size_t, void *, size_t *),
+ int (*length)(void *),
+ int (*decode)(unsigned char *, size_t, void *, size_t *),
+ int (*free_data)(void *),
+ int (*cmp)(void *a, void *b));
+
+int
+generic_decode_fail(const struct test_case *tests,
+ unsigned ntests,
+ size_t data_size,
+ int (*decode)(unsigned char *, size_t, void *, size_t *));
+
+
+struct map_page;
+
+enum map_type { OVERRUN, UNDERRUN };
+
+struct map_page;
+
+void * map_alloc(enum map_type, const void *, size_t, struct map_page **);
+void map_free(struct map_page *, const char *, const char *);
Added: vendor-crypto/heimdal/dist/lib/asn1/check-der.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/check-der.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/check-der.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1089 @@
+/*
+ * Copyright (c) 1999 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include <err.h>
+#include <roken.h>
+
+#include <asn1-common.h>
+#include <asn1_err.h>
+#include <der.h>
+
+#include "check-common.h"
+
+RCSID("$Id: check-der.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int
+cmp_integer (void *a, void *b)
+{
+ int *ia = (int *)a;
+ int *ib = (int *)b;
+
+ return *ib - *ia;
+}
+
+static int
+test_integer (void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\x00"},
+ {NULL, 1, "\x7f"},
+ {NULL, 2, "\x00\x80"},
+ {NULL, 2, "\x01\x00"},
+ {NULL, 1, "\x80"},
+ {NULL, 2, "\xff\x7f"},
+ {NULL, 1, "\xff"},
+ {NULL, 2, "\xff\x01"},
+ {NULL, 2, "\x00\xff"},
+ {NULL, 4, "\x7f\xff\xff\xff"}
+ };
+
+ int values[] = {0, 127, 128, 256, -128, -129, -1, -255, 255,
+ 0x7fffffff};
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "integer %d", values[i]);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(int),
+ (generic_encode)der_put_integer,
+ (generic_length) der_length_integer,
+ (generic_decode)der_get_integer,
+ (generic_free)NULL,
+ cmp_integer);
+
+ for (i = 0; i < ntests; ++i)
+ free (tests[i].name);
+ return ret;
+}
+
+static int
+test_one_int(int val)
+{
+ int ret, dval;
+ unsigned char *buf;
+ size_t len_len, len;
+
+ len = _heim_len_int(val);
+
+ buf = emalloc(len + 2);
+
+ buf[0] = '\xff';
+ buf[len + 1] = '\xff';
+ memset(buf + 1, 0, len);
+
+ ret = der_put_integer(buf + 1 + len - 1, len, &val, &len_len);
+ if (ret) {
+ printf("integer %d encode failed %d\n", val, ret);
+ return 1;
+ }
+ if (len != len_len) {
+ printf("integer %d encode fail with %d len %lu, result len %lu\n",
+ val, ret, (unsigned long)len, (unsigned long)len_len);
+ return 1;
+ }
+
+ ret = der_get_integer(buf + 1, len, &dval, &len_len);
+ if (ret) {
+ printf("integer %d decode failed %d\n", val, ret);
+ return 1;
+ }
+ if (len != len_len) {
+ printf("integer %d decoded diffrent len %lu != %lu",
+ val, (unsigned long)len, (unsigned long)len_len);
+ return 1;
+ }
+ if (val != dval) {
+ printf("decode decoded to diffrent value %d != %d",
+ val, dval);
+ return 1;
+ }
+
+ if (buf[0] != (unsigned char)'\xff') {
+ printf("precanary dead %d\n", val);
+ return 1;
+ }
+ if (buf[len + 1] != (unsigned char)'\xff') {
+ printf("postecanary dead %d\n", val);
+ return 1;
+ }
+ free(buf);
+ return 0;
+}
+
+static int
+test_integer_more (void)
+{
+ int i, n1, n2, n3, n4, n5, n6;
+
+ n2 = 0;
+ for (i = 0; i < (sizeof(int) * 8); i++) {
+ n1 = 0x01 << i;
+ n2 = n2 | n1;
+ n3 = ~n1;
+ n4 = ~n2;
+ n5 = (-1) & ~(0x3f << i);
+ n6 = (-1) & ~(0x7f << i);
+
+ test_one_int(n1);
+ test_one_int(n2);
+ test_one_int(n3);
+ test_one_int(n4);
+ test_one_int(n5);
+ test_one_int(n6);
+ }
+ return 0;
+}
+
+static int
+cmp_unsigned (void *a, void *b)
+{
+ return *(unsigned int*)b - *(unsigned int*)a;
+}
+
+static int
+test_unsigned (void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\x00"},
+ {NULL, 1, "\x7f"},
+ {NULL, 2, "\x00\x80"},
+ {NULL, 2, "\x01\x00"},
+ {NULL, 2, "\x02\x00"},
+ {NULL, 3, "\x00\x80\x00"},
+ {NULL, 5, "\x00\x80\x00\x00\x00"},
+ {NULL, 4, "\x7f\xff\xff\xff"}
+ };
+
+ unsigned int values[] = {0, 127, 128, 256, 512, 32768,
+ 0x80000000, 0x7fffffff};
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "unsigned %u", values[i]);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(int),
+ (generic_encode)der_put_unsigned,
+ (generic_length)der_length_unsigned,
+ (generic_decode)der_get_unsigned,
+ (generic_free)NULL,
+ cmp_unsigned);
+ for (i = 0; i < ntests; ++i)
+ free (tests[i].name);
+ return ret;
+}
+
+static int
+cmp_octet_string (void *a, void *b)
+{
+ heim_octet_string *oa = (heim_octet_string *)a;
+ heim_octet_string *ob = (heim_octet_string *)b;
+
+ if (oa->length != ob->length)
+ return ob->length - oa->length;
+
+ return (memcmp (oa->data, ob->data, oa->length));
+}
+
+static int
+test_octet_string (void)
+{
+ heim_octet_string s1 = {8, "\x01\x23\x45\x67\x89\xab\xcd\xef"};
+
+ struct test_case tests[] = {
+ {NULL, 8, "\x01\x23\x45\x67\x89\xab\xcd\xef"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+ int ret;
+
+ tests[0].val = &s1;
+ asprintf (&tests[0].name, "a octet string");
+ if (tests[0].name == NULL)
+ errx(1, "malloc");
+
+ ret = generic_test (tests, ntests, sizeof(heim_octet_string),
+ (generic_encode)der_put_octet_string,
+ (generic_length)der_length_octet_string,
+ (generic_decode)der_get_octet_string,
+ (generic_free)der_free_octet_string,
+ cmp_octet_string);
+ free(tests[0].name);
+ return ret;
+}
+
+static int
+cmp_bmp_string (void *a, void *b)
+{
+ heim_bmp_string *oa = (heim_bmp_string *)a;
+ heim_bmp_string *ob = (heim_bmp_string *)b;
+
+ return der_heim_bmp_string_cmp(oa, ob);
+}
+
+static uint16_t bmp_d1[] = { 32 };
+static uint16_t bmp_d2[] = { 32, 32 };
+
+static int
+test_bmp_string (void)
+{
+ heim_bmp_string s1 = { 1, bmp_d1 };
+ heim_bmp_string s2 = { 2, bmp_d2 };
+
+ struct test_case tests[] = {
+ {NULL, 2, "\x00\x20"},
+ {NULL, 4, "\x00\x20\x00\x20"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+ int ret;
+
+ tests[0].val = &s1;
+ asprintf (&tests[0].name, "a bmp string");
+ if (tests[0].name == NULL)
+ errx(1, "malloc");
+ tests[1].val = &s2;
+ asprintf (&tests[1].name, "second bmp string");
+ if (tests[1].name == NULL)
+ errx(1, "malloc");
+
+ ret = generic_test (tests, ntests, sizeof(heim_bmp_string),
+ (generic_encode)der_put_bmp_string,
+ (generic_length)der_length_bmp_string,
+ (generic_decode)der_get_bmp_string,
+ (generic_free)der_free_bmp_string,
+ cmp_bmp_string);
+ free(tests[0].name);
+ free(tests[1].name);
+ return ret;
+}
+
+static int
+cmp_universal_string (void *a, void *b)
+{
+ heim_universal_string *oa = (heim_universal_string *)a;
+ heim_universal_string *ob = (heim_universal_string *)b;
+
+ return der_heim_universal_string_cmp(oa, ob);
+}
+
+static uint32_t universal_d1[] = { 32 };
+static uint32_t universal_d2[] = { 32, 32 };
+
+static int
+test_universal_string (void)
+{
+ heim_universal_string s1 = { 1, universal_d1 };
+ heim_universal_string s2 = { 2, universal_d2 };
+
+ struct test_case tests[] = {
+ {NULL, 4, "\x00\x00\x00\x20"},
+ {NULL, 8, "\x00\x00\x00\x20\x00\x00\x00\x20"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+ int ret;
+
+ tests[0].val = &s1;
+ asprintf (&tests[0].name, "a universal string");
+ if (tests[0].name == NULL)
+ errx(1, "malloc");
+ tests[1].val = &s2;
+ asprintf (&tests[1].name, "second universal string");
+ if (tests[1].name == NULL)
+ errx(1, "malloc");
+
+ ret = generic_test (tests, ntests, sizeof(heim_universal_string),
+ (generic_encode)der_put_universal_string,
+ (generic_length)der_length_universal_string,
+ (generic_decode)der_get_universal_string,
+ (generic_free)der_free_universal_string,
+ cmp_universal_string);
+ free(tests[0].name);
+ free(tests[1].name);
+ return ret;
+}
+
+static int
+cmp_general_string (void *a, void *b)
+{
+ char **sa = (char **)a;
+ char **sb = (char **)b;
+
+ return strcmp (*sa, *sb);
+}
+
+static int
+test_general_string (void)
+{
+ char *s1 = "Test User 1";
+
+ struct test_case tests[] = {
+ {NULL, 11, "\x54\x65\x73\x74\x20\x55\x73\x65\x72\x20\x31"}
+ };
+ int ret, ntests = sizeof(tests) / sizeof(*tests);
+
+ tests[0].val = &s1;
+ asprintf (&tests[0].name, "the string \"%s\"", s1);
+ if (tests[0].name == NULL)
+ errx(1, "malloc");
+
+ ret = generic_test (tests, ntests, sizeof(unsigned char *),
+ (generic_encode)der_put_general_string,
+ (generic_length)der_length_general_string,
+ (generic_decode)der_get_general_string,
+ (generic_free)der_free_general_string,
+ cmp_general_string);
+ free(tests[0].name);
+ return ret;
+}
+
+static int
+cmp_generalized_time (void *a, void *b)
+{
+ time_t *ta = (time_t *)a;
+ time_t *tb = (time_t *)b;
+
+ return *tb - *ta;
+}
+
+static int
+test_generalized_time (void)
+{
+ struct test_case tests[] = {
+ {NULL, 15, "19700101000000Z"},
+ {NULL, 15, "19851106210627Z"}
+ };
+ time_t values[] = {0, 500159187};
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "time %d", (int)values[i]);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(time_t),
+ (generic_encode)der_put_generalized_time,
+ (generic_length)der_length_generalized_time,
+ (generic_decode)der_get_generalized_time,
+ (generic_free)NULL,
+ cmp_generalized_time);
+ for (i = 0; i < ntests; ++i)
+ free(tests[i].name);
+ return ret;
+}
+
+static int
+test_cmp_oid (void *a, void *b)
+{
+ return der_heim_oid_cmp((heim_oid *)a, (heim_oid *)b);
+}
+
+static unsigned oid_comp1[] = { 1, 1, 1 };
+static unsigned oid_comp2[] = { 1, 1 };
+static unsigned oid_comp3[] = { 6, 15, 1 };
+static unsigned oid_comp4[] = { 6, 15 };
+
+static int
+test_oid (void)
+{
+ struct test_case tests[] = {
+ {NULL, 2, "\x29\x01"},
+ {NULL, 1, "\x29"},
+ {NULL, 2, "\xff\x01"},
+ {NULL, 1, "\xff"}
+ };
+ heim_oid values[] = {
+ { 3, oid_comp1 },
+ { 2, oid_comp2 },
+ { 3, oid_comp3 },
+ { 2, oid_comp4 }
+ };
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "oid %d", i);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(heim_oid),
+ (generic_encode)der_put_oid,
+ (generic_length)der_length_oid,
+ (generic_decode)der_get_oid,
+ (generic_free)der_free_oid,
+ test_cmp_oid);
+ for (i = 0; i < ntests; ++i)
+ free(tests[i].name);
+ return ret;
+}
+
+static int
+test_cmp_bit_string (void *a, void *b)
+{
+ return der_heim_bit_string_cmp((heim_bit_string *)a, (heim_bit_string *)b);
+}
+
+static int
+test_bit_string (void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\x00"}
+ };
+ heim_bit_string values[] = {
+ { 0, "" }
+ };
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "bit_string %d", i);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(heim_bit_string),
+ (generic_encode)der_put_bit_string,
+ (generic_length)der_length_bit_string,
+ (generic_decode)der_get_bit_string,
+ (generic_free)der_free_bit_string,
+ test_cmp_bit_string);
+ for (i = 0; i < ntests; ++i)
+ free(tests[i].name);
+ return ret;
+}
+
+static int
+test_cmp_heim_integer (void *a, void *b)
+{
+ return der_heim_integer_cmp((heim_integer *)a, (heim_integer *)b);
+}
+
+static int
+test_heim_integer (void)
+{
+ struct test_case tests[] = {
+ {NULL, 2, "\xfe\x01"},
+ {NULL, 2, "\xef\x01"},
+ {NULL, 3, "\xff\x00\xff"},
+ {NULL, 3, "\xff\x01\x00"},
+ {NULL, 1, "\x00"},
+ {NULL, 1, "\x01"},
+ {NULL, 2, "\x00\x80"}
+ };
+
+ heim_integer values[] = {
+ { 2, "\x01\xff", 1 },
+ { 2, "\x10\xff", 1 },
+ { 2, "\xff\x01", 1 },
+ { 2, "\xff\x00", 1 },
+ { 0, "", 0 },
+ { 1, "\x01", 0 },
+ { 1, "\x80", 0 }
+ };
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(tests[0]);
+ size_t size;
+ heim_integer i2;
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "heim_integer %d", i);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(heim_integer),
+ (generic_encode)der_put_heim_integer,
+ (generic_length)der_length_heim_integer,
+ (generic_decode)der_get_heim_integer,
+ (generic_free)der_free_heim_integer,
+ test_cmp_heim_integer);
+ for (i = 0; i < ntests; ++i)
+ free (tests[i].name);
+ if (ret)
+ return ret;
+
+ /* test zero length integer (BER format) */
+ ret = der_get_heim_integer(NULL, 0, &i2, &size);
+ if (ret)
+ errx(1, "der_get_heim_integer");
+ if (i2.length != 0)
+ errx(1, "der_get_heim_integer wrong length");
+ der_free_heim_integer(&i2);
+
+ return 0;
+}
+
+static int
+test_cmp_boolean (void *a, void *b)
+{
+ return !!*(int *)a != !!*(int *)b;
+}
+
+static int
+test_boolean (void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\xff"},
+ {NULL, 1, "\x00"}
+ };
+
+ int values[] = { 1, 0 };
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(tests[0]);
+ size_t size;
+ heim_integer i2;
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "heim_boolean %d", i);
+ if (tests[i].name == NULL)
+ errx(1, "malloc");
+ }
+
+ ret = generic_test (tests, ntests, sizeof(int),
+ (generic_encode)der_put_boolean,
+ (generic_length)der_length_boolean,
+ (generic_decode)der_get_boolean,
+ (generic_free)NULL,
+ test_cmp_boolean);
+ for (i = 0; i < ntests; ++i)
+ free (tests[i].name);
+ if (ret)
+ return ret;
+
+ /* test zero length integer (BER format) */
+ ret = der_get_heim_integer(NULL, 0, &i2, &size);
+ if (ret)
+ errx(1, "der_get_heim_integer");
+ if (i2.length != 0)
+ errx(1, "der_get_heim_integer wrong length");
+ der_free_heim_integer(&i2);
+
+ return 0;
+}
+
+static int
+check_fail_unsigned(void)
+{
+ struct test_case tests[] = {
+ {NULL, sizeof(unsigned) + 1,
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01", "data overrun" }
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(unsigned),
+ (generic_decode)der_get_unsigned);
+}
+
+static int
+check_fail_integer(void)
+{
+ struct test_case tests[] = {
+ {NULL, sizeof(int) + 1,
+ "\x01\x01\x01\x01\x01\x01\x01\x01\x01", "data overrun" }
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(int),
+ (generic_decode)der_get_integer);
+}
+
+static int
+check_fail_length(void)
+{
+ struct test_case tests[] = {
+ {NULL, 0, "", "empty input data"},
+ {NULL, 1, "\x82", "internal length overrun" }
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(size_t),
+ (generic_decode)der_get_length);
+}
+
+static int
+check_fail_boolean(void)
+{
+ struct test_case tests[] = {
+ {NULL, 0, "", "empty input data"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(int),
+ (generic_decode)der_get_boolean);
+}
+
+static int
+check_fail_general_string(void)
+{
+ struct test_case tests[] = {
+ { NULL, 3, "A\x00i", "NUL char in string"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(heim_general_string),
+ (generic_decode)der_get_general_string);
+}
+
+static int
+check_fail_bmp_string(void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\x00", "odd (1) length bmpstring"},
+ {NULL, 3, "\x00\x00\x00", "odd (3) length bmpstring"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(heim_bmp_string),
+ (generic_decode)der_get_bmp_string);
+}
+
+static int
+check_fail_universal_string(void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\x00", "x & 3 == 1 universal string"},
+ {NULL, 2, "\x00\x00", "x & 3 == 2 universal string"},
+ {NULL, 3, "\x00\x00\x00", "x & 3 == 3 universal string"},
+ {NULL, 5, "\x00\x00\x00\x00\x00", "x & 3 == 1 universal string"},
+ {NULL, 6, "\x00\x00\x00\x00\x00\x00", "x & 3 == 2 universal string"},
+ {NULL, 7, "\x00\x00\x00\x00\x00\x00\x00", "x & 3 == 3 universal string"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(heim_universal_string),
+ (generic_decode)der_get_universal_string);
+}
+
+static int
+check_fail_heim_integer(void)
+{
+#if 0
+ struct test_case tests[] = {
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(heim_integer),
+ (generic_decode)der_get_heim_integer);
+#else
+ return 0;
+#endif
+}
+
+static int
+check_fail_generalized_time(void)
+{
+ struct test_case tests[] = {
+ {NULL, 1, "\x00", "no time"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(time_t),
+ (generic_decode)der_get_generalized_time);
+}
+
+static int
+check_fail_oid(void)
+{
+ struct test_case tests[] = {
+ {NULL, 0, "", "empty input data"},
+ {NULL, 2, "\x00\x80", "last byte continuation" },
+ {NULL, 11, "\x00\x81\x80\x80\x80\x80\x80\x80\x80\x80\x00",
+ "oid element overflow" }
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(heim_oid),
+ (generic_decode)der_get_oid);
+}
+
+static int
+check_fail_bitstring(void)
+{
+ struct test_case tests[] = {
+ {NULL, 0, "", "empty input data"},
+ {NULL, 1, "\x08", "larger then 8 bits trailer"},
+ {NULL, 1, "\x01", "to few bytes for bits"},
+ {NULL, -2, "\x00", "length overrun"},
+ {NULL, -1, "", "length to short"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(heim_bit_string),
+ (generic_decode)der_get_bit_string);
+}
+
+static int
+check_heim_integer_same(const char *p, const char *norm_p, heim_integer *i)
+{
+ heim_integer i2;
+ char *str;
+ int ret;
+
+ ret = der_print_hex_heim_integer(i, &str);
+ if (ret)
+ errx(1, "der_print_hex_heim_integer: %d", ret);
+
+ if (strcmp(str, norm_p) != 0)
+ errx(1, "der_print_hex_heim_integer: %s != %s", str, p);
+
+ ret = der_parse_hex_heim_integer(str, &i2);
+ if (ret)
+ errx(1, "der_parse_hex_heim_integer: %d", ret);
+
+ if (der_heim_integer_cmp(i, &i2) != 0)
+ errx(1, "der_heim_integer_cmp: p %s", p);
+
+ der_free_heim_integer(&i2);
+ free(str);
+
+ ret = der_parse_hex_heim_integer(p, &i2);
+ if (ret)
+ errx(1, "der_parse_hex_heim_integer: %d", ret);
+
+ if (der_heim_integer_cmp(i, &i2) != 0)
+ errx(1, "der_heim_integer_cmp: norm");
+
+ der_free_heim_integer(&i2);
+
+ return 0;
+}
+
+static int
+test_heim_int_format(void)
+{
+ heim_integer i = { 1, "\x10", 0 };
+ heim_integer i2 = { 1, "\x10", 1 };
+ heim_integer i3 = { 1, "\01", 0 };
+ char *p =
+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
+ "FFFFFFFF" "FFFFFFFF";
+ heim_integer bni = {
+ 128,
+ "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC9\x0F\xDA\xA2"
+ "\x21\x68\xC2\x34\xC4\xC6\x62\x8B\x80\xDC\x1C\xD1"
+ "\x29\x02\x4E\x08\x8A\x67\xCC\x74\x02\x0B\xBE\xA6"
+ "\x3B\x13\x9B\x22\x51\x4A\x08\x79\x8E\x34\x04\xDD"
+ "\xEF\x95\x19\xB3\xCD\x3A\x43\x1B\x30\x2B\x0A\x6D"
+ "\xF2\x5F\x14\x37\x4F\xE1\x35\x6D\x6D\x51\xC2\x45"
+ "\xE4\x85\xB5\x76\x62\x5E\x7E\xC6\xF4\x4C\x42\xE9"
+ "\xA6\x37\xED\x6B\x0B\xFF\x5C\xB6\xF4\x06\xB7\xED"
+ "\xEE\x38\x6B\xFB\x5A\x89\x9F\xA5\xAE\x9F\x24\x11"
+ "\x7C\x4B\x1F\xE6\x49\x28\x66\x51\xEC\xE6\x53\x81"
+ "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
+ 0
+ };
+ heim_integer f;
+ int ret = 0;
+
+ ret += check_heim_integer_same(p, p, &bni);
+ ret += check_heim_integer_same("10", "10", &i);
+ ret += check_heim_integer_same("00000010", "10", &i);
+ ret += check_heim_integer_same("-10", "-10", &i2);
+ ret += check_heim_integer_same("-00000010", "-10", &i2);
+ ret += check_heim_integer_same("01", "01", &i3);
+ ret += check_heim_integer_same("1", "01", &i3);
+
+ {
+ int r;
+ r = der_parse_hex_heim_integer("-", &f);
+ if (r == 0) {
+ der_free_heim_integer(&f);
+ ret++;
+ }
+ /* used to cause UMR */
+ r = der_parse_hex_heim_integer("00", &f);
+ if (r == 0)
+ der_free_heim_integer(&f);
+ else
+ ret++;
+ }
+
+ return ret;
+}
+
+static int
+test_heim_oid_format_same(const char *str, const heim_oid *oid)
+{
+ int ret;
+ char *p;
+ heim_oid o2;
+
+ ret = der_print_heim_oid(oid, ' ', &p);
+ if (ret) {
+ printf("fail to print oid: %s\n", str);
+ return 1;
+ }
+ ret = strcmp(p, str);
+ if (ret) {
+ printf("oid %s != formated oid %s\n", str, p);
+ free(p);
+ return ret;
+ }
+
+ ret = der_parse_heim_oid(p, " ", &o2);
+ if (ret) {
+ printf("failed to parse %s\n", p);
+ free(p);
+ return ret;
+ }
+ free(p);
+ ret = der_heim_oid_cmp(&o2, oid);
+ der_free_oid(&o2);
+
+ return ret;
+}
+
+static unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
+
+static int
+test_heim_oid_format(void)
+{
+ heim_oid sha1 = { 6, sha1_oid_tree };
+ int ret = 0;
+
+ ret += test_heim_oid_format_same("1 3 14 3 2 26", &sha1);
+
+ return ret;
+}
+
+static int
+check_trailing_nul(void)
+{
+ int i, ret;
+ struct {
+ int fail;
+ const unsigned char *p;
+ size_t len;
+ const char *s;
+ size_t size;
+ } foo[] = {
+ { 1, (const unsigned char *)"foo\x00o", 5, NULL, 0 },
+ { 1, (const unsigned char *)"\x00o", 2, NULL, 0 },
+ { 0, (const unsigned char *)"\x00\x00\x00\x00\x00", 5, "", 5 },
+ { 0, (const unsigned char *)"\x00", 1, "", 1 },
+ { 0, (const unsigned char *)"", 0, "", 0 },
+ { 0, (const unsigned char *)"foo\x00\x00", 5, "foo", 5 },
+ { 0, (const unsigned char *)"foo\0", 4, "foo", 4 },
+ { 0, (const unsigned char *)"foo", 3, "foo", 3 }
+ };
+
+ for (i = 0; i < sizeof(foo)/sizeof(foo[0]); i++) {
+ char *s;
+ size_t size;
+ ret = der_get_general_string(foo[i].p, foo[i].len, &s, &size);
+ if (foo[i].fail) {
+ if (ret == 0)
+ errx(1, "check %d NULL didn't fail", i);
+ continue;
+ }
+ if (ret)
+ errx(1, "NULL check %d der_get_general_string failed", i);
+ if (foo[i].size != size)
+ errx(1, "NUL check i = %d size failed", i);
+ if (strcmp(foo[i].s, s) != 0)
+ errx(1, "NUL check i = %d content failed", i);
+ free(s);
+ }
+ return 0;
+}
+
+static int
+test_misc_cmp(void)
+{
+ int ret;
+
+ /* diffrent lengths are diffrent */
+ {
+ const heim_octet_string os1 = { 1, "a" } , os2 = { 0, NULL };
+ ret = der_heim_octet_string_cmp(&os1, &os2);
+ if (ret == 0)
+ return 1;
+ }
+ /* diffrent data are diffrent */
+ {
+ const heim_octet_string os1 = { 1, "a" } , os2 = { 1, "b" };
+ ret = der_heim_octet_string_cmp(&os1, &os2);
+ if (ret == 0)
+ return 1;
+ }
+ /* diffrent lengths are diffrent */
+ {
+ const heim_bit_string bs1 = { 8, "a" } , bs2 = { 7, "a" };
+ ret = der_heim_bit_string_cmp(&bs1, &bs2);
+ if (ret == 0)
+ return 1;
+ }
+ /* diffrent data are diffrent */
+ {
+ const heim_bit_string bs1 = { 7, "\x0f" } , bs2 = { 7, "\x02" };
+ ret = der_heim_bit_string_cmp(&bs1, &bs2);
+ if (ret == 0)
+ return 1;
+ }
+ /* diffrent lengths are diffrent */
+ {
+ uint16_t data = 1;
+ heim_bmp_string bs1 = { 1, NULL } , bs2 = { 0, NULL };
+ bs1.data = &data;
+ ret = der_heim_bmp_string_cmp(&bs1, &bs2);
+ if (ret == 0)
+ return 1;
+ }
+ /* diffrent lengths are diffrent */
+ {
+ uint32_t data;
+ heim_universal_string us1 = { 1, NULL } , us2 = { 0, NULL };
+ us1.data = &data;
+ ret = der_heim_universal_string_cmp(&us1, &us2);
+ if (ret == 0)
+ return 1;
+ }
+ /* same */
+ {
+ uint32_t data = (uint32_t)'a';
+ heim_universal_string us1 = { 1, NULL } , us2 = { 1, NULL };
+ us1.data = &data;
+ us2.data = &data;
+ ret = der_heim_universal_string_cmp(&us1, &us2);
+ if (ret != 0)
+ return 1;
+ }
+
+ return 0;
+}
+
+static int
+corner_generalized_time(void)
+{
+ const char *str = "760520140000Z";
+ size_t size;
+ time_t t;
+ int ret;
+
+ ret = der_get_generalized_time((const unsigned char*)str, strlen(str),
+ &t, &size);
+ if (ret)
+ return 1;
+ return 0;
+}
+
+static int
+corner_tag(void)
+{
+ struct {
+ int ok;
+ const char *ptr;
+ size_t len;
+ } tests[] = {
+ { 1, "\x00", 1 },
+ { 0, "\xff", 1 },
+ { 0, "\xff\xff\xff\xff\xff\xff\xff\xff", 8 }
+ };
+ int i, ret;
+ Der_class cl;
+ Der_type ty;
+ unsigned int tag;
+ size_t size;
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
+ ret = der_get_tag((const unsigned char*)tests[i].ptr,
+ tests[i].len, &cl, &ty, &tag, &size);
+ if (ret) {
+ if (tests[i].ok)
+ errx(1, "failed while shouldn't");
+ } else {
+ if (!tests[i].ok)
+ errx(1, "passed while shouldn't");
+ }
+ }
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret = 0;
+
+ ret += test_integer ();
+ ret += test_integer_more();
+ ret += test_unsigned ();
+ ret += test_octet_string ();
+ ret += test_bmp_string ();
+ ret += test_universal_string ();
+ ret += test_general_string ();
+ ret += test_generalized_time ();
+ ret += test_oid ();
+ ret += test_bit_string();
+ ret += test_heim_integer();
+ ret += test_boolean();
+
+ ret += check_fail_unsigned();
+ ret += check_fail_integer();
+ ret += check_fail_length();
+ ret += check_fail_boolean();
+ ret += check_fail_general_string();
+ ret += check_fail_bmp_string();
+ ret += check_fail_universal_string();
+ ret += check_fail_heim_integer();
+ ret += check_fail_generalized_time();
+ ret += check_fail_oid();
+ ret += check_fail_bitstring();
+ ret += test_heim_int_format();
+ ret += test_heim_oid_format();
+ ret += check_trailing_nul();
+ ret += test_misc_cmp();
+ ret += corner_generalized_time();
+ ret += corner_tag();
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/check-gen.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/check-gen.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/check-gen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,955 @@
+/*
+ * Copyright (c) 1999 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <err.h>
+#include <roken.h>
+
+#include <asn1-common.h>
+#include <asn1_err.h>
+#include <der.h>
+#include <krb5_asn1.h>
+#include <heim_asn1.h>
+#include <rfc2459_asn1.h>
+#include <test_asn1.h>
+
+#include "check-common.h"
+
+RCSID("$Id: check-gen.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static char *lha_principal[] = { "lha" };
+static char *lharoot_princ[] = { "lha", "root" };
+static char *datan_princ[] = { "host", "nutcracker.e.kth.se" };
+static char *nada_tgt_principal[] = { "krbtgt", "NADA.KTH.SE" };
+
+
+#define IF_OPT_COMPARE(ac,bc,e) \
+ if (((ac)->e == NULL && (bc)->e != NULL) || (((ac)->e != NULL && (bc)->e == NULL))) return 1; if ((ab)->e)
+#define COMPARE_OPT_STRING(ac,bc,e) \
+ do { if (strcmp(*(ac)->e, *(bc)->e) != 0) return 1; } while(0)
+#define COMPARE_OPT_OCTECT_STRING(ac,bc,e) \
+ do { if ((ac)->e->length != (bc)->e->length || memcmp((ac)->e->data, (bc)->e->data, (ac)->e->length) != 0) return 1; } while(0)
+#define COMPARE_STRING(ac,bc,e) \
+ do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0)
+#define COMPARE_INTEGER(ac,bc,e) \
+ do { if ((ac)->e != (bc)->e) return 1; } while(0)
+#define COMPARE_MEM(ac,bc,e,len) \
+ do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0)
+
+static int
+cmp_principal (void *a, void *b)
+{
+ Principal *pa = a;
+ Principal *pb = b;
+ int i;
+
+ COMPARE_STRING(pa,pb,realm);
+ COMPARE_INTEGER(pa,pb,name.name_type);
+ COMPARE_INTEGER(pa,pb,name.name_string.len);
+
+ for (i = 0; i < pa->name.name_string.len; i++)
+ COMPARE_STRING(pa,pb,name.name_string.val[i]);
+
+ return 0;
+}
+
+static int
+test_principal (void)
+{
+
+ struct test_case tests[] = {
+ { NULL, 29,
+ "\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b"
+ "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45"
+ },
+ { NULL, 35,
+ "\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b"
+ "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55"
+ "\x2e\x53\x45"
+ },
+ { NULL, 54,
+ "\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b"
+ "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65"
+ "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e"
+ "\x4b\x54\x48\x2e\x53\x45"
+ }
+ };
+
+
+ Principal values[] = {
+ { { KRB5_NT_PRINCIPAL, { 1, lha_principal } }, "SU.SE" },
+ { { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } }, "SU.SE" },
+ { { KRB5_NT_SRV_HST, { 2, datan_princ } }, "E.KTH.SE" }
+ };
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "Principal %d", i);
+ }
+
+ ret = generic_test (tests, ntests, sizeof(Principal),
+ (generic_encode)encode_Principal,
+ (generic_length)length_Principal,
+ (generic_decode)decode_Principal,
+ (generic_free)free_Principal,
+ cmp_principal);
+ for (i = 0; i < ntests; ++i)
+ free (tests[i].name);
+
+ return ret;
+}
+
+static int
+cmp_authenticator (void *a, void *b)
+{
+ Authenticator *aa = a;
+ Authenticator *ab = b;
+ int i;
+
+ COMPARE_INTEGER(aa,ab,authenticator_vno);
+ COMPARE_STRING(aa,ab,crealm);
+
+ COMPARE_INTEGER(aa,ab,cname.name_type);
+ COMPARE_INTEGER(aa,ab,cname.name_string.len);
+
+ for (i = 0; i < aa->cname.name_string.len; i++)
+ COMPARE_STRING(aa,ab,cname.name_string.val[i]);
+
+ return 0;
+}
+
+static int
+test_authenticator (void)
+{
+ struct test_case tests[] = {
+ { NULL, 63,
+ "\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08"
+ "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0"
+ "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61"
+ "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30"
+ "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a"
+ },
+ { NULL, 67,
+ "\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05"
+ "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01"
+ "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72"
+ "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f"
+ "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33"
+ "\x39\x5a"
+ }
+ };
+
+ Authenticator values[] = {
+ { 5, "E.KTH.SE", { KRB5_NT_PRINCIPAL, { 1, lha_principal } },
+ NULL, 10, 99, NULL, NULL, NULL },
+ { 5, "SU.SE", { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } },
+ NULL, 292, 999, NULL, NULL, NULL }
+ };
+ int i, ret;
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ for (i = 0; i < ntests; ++i) {
+ tests[i].val = &values[i];
+ asprintf (&tests[i].name, "Authenticator %d", i);
+ }
+
+ ret = generic_test (tests, ntests, sizeof(Authenticator),
+ (generic_encode)encode_Authenticator,
+ (generic_length)length_Authenticator,
+ (generic_decode)decode_Authenticator,
+ (generic_free)free_Authenticator,
+ cmp_authenticator);
+ for (i = 0; i < ntests; ++i)
+ free(tests[i].name);
+
+ return ret;
+}
+
+static int
+cmp_KRB_ERROR (void *a, void *b)
+{
+ KRB_ERROR *aa = a;
+ KRB_ERROR *ab = b;
+ int i;
+
+ COMPARE_INTEGER(aa,ab,pvno);
+ COMPARE_INTEGER(aa,ab,msg_type);
+
+ IF_OPT_COMPARE(aa,ab,ctime) {
+ COMPARE_INTEGER(aa,ab,ctime);
+ }
+ IF_OPT_COMPARE(aa,ab,cusec) {
+ COMPARE_INTEGER(aa,ab,cusec);
+ }
+ COMPARE_INTEGER(aa,ab,stime);
+ COMPARE_INTEGER(aa,ab,susec);
+ COMPARE_INTEGER(aa,ab,error_code);
+
+ IF_OPT_COMPARE(aa,ab,crealm) {
+ COMPARE_OPT_STRING(aa,ab,crealm);
+ }
+#if 0
+ IF_OPT_COMPARE(aa,ab,cname) {
+ COMPARE_OPT_STRING(aa,ab,cname);
+ }
+#endif
+ COMPARE_STRING(aa,ab,realm);
+
+ COMPARE_INTEGER(aa,ab,sname.name_string.len);
+ for (i = 0; i < aa->sname.name_string.len; i++)
+ COMPARE_STRING(aa,ab,sname.name_string.val[i]);
+
+ IF_OPT_COMPARE(aa,ab,e_text) {
+ COMPARE_OPT_STRING(aa,ab,e_text);
+ }
+ IF_OPT_COMPARE(aa,ab,e_data) {
+ /* COMPARE_OPT_OCTECT_STRING(aa,ab,e_data); */
+ }
+
+ return 0;
+}
+
+static int
+test_krb_error (void)
+{
+ struct test_case tests[] = {
+ { NULL, 127,
+ "\x7e\x7d\x30\x7b\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11"
+ "\x18\x0f\x32\x30\x30\x33\x31\x31\x32\x34\x30\x30\x31\x31\x31\x39"
+ "\x5a\xa5\x05\x02\x03\x04\xed\xa5\xa6\x03\x02\x01\x1f\xa7\x0d\x1b"
+ "\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45\xa8\x10\x30\x0e"
+ "\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61\xa9\x0d"
+ "\x1b\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45\xaa\x20\x30"
+ "\x1e\xa0\x03\x02\x01\x01\xa1\x17\x30\x15\x1b\x06\x6b\x72\x62\x74"
+ "\x67\x74\x1b\x0b\x4e\x41\x44\x41\x2e\x4b\x54\x48\x2e\x53\x45",
+ "KRB-ERROR Test 1"
+ }
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+ KRB_ERROR e1;
+ PrincipalName lhaprincipalname = { 1, { 1, lha_principal } };
+ PrincipalName tgtprincipalname = { 1, { 2, nada_tgt_principal } };
+ char *realm = "NADA.KTH.SE";
+
+ e1.pvno = 5;
+ e1.msg_type = 30;
+ e1.ctime = NULL;
+ e1.cusec = NULL;
+ e1.stime = 1069632679;
+ e1.susec = 322981;
+ e1.error_code = 31;
+ e1.crealm = &realm;
+ e1.cname = &lhaprincipalname;
+ e1.realm = "NADA.KTH.SE";
+ e1.sname = tgtprincipalname;
+ e1.e_text = NULL;
+ e1.e_data = NULL;
+
+ tests[0].val = &e1;
+
+ return generic_test (tests, ntests, sizeof(KRB_ERROR),
+ (generic_encode)encode_KRB_ERROR,
+ (generic_length)length_KRB_ERROR,
+ (generic_decode)decode_KRB_ERROR,
+ (generic_free)free_KRB_ERROR,
+ cmp_KRB_ERROR);
+}
+
+static int
+cmp_Name (void *a, void *b)
+{
+ Name *aa = a;
+ Name *ab = b;
+
+ COMPARE_INTEGER(aa,ab,element);
+
+ return 0;
+}
+
+static int
+test_Name (void)
+{
+ struct test_case tests[] = {
+ { NULL, 35,
+ "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76"
+ "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48"
+ "\x4f\x4c\x4d",
+ "Name CN=Love+L=STOCKHOLM"
+ },
+ { NULL, 35,
+ "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76"
+ "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48"
+ "\x4f\x4c\x4d",
+ "Name L=STOCKHOLM+CN=Love"
+ }
+ };
+
+ int ntests = sizeof(tests) / sizeof(*tests);
+ Name n1, n2;
+ RelativeDistinguishedName rdn1[1];
+ RelativeDistinguishedName rdn2[1];
+ AttributeTypeAndValue atv1[2];
+ AttributeTypeAndValue atv2[2];
+ unsigned cmp_CN[] = { 2, 5, 4, 3 };
+ unsigned cmp_L[] = { 2, 5, 4, 7 };
+
+ /* n1 */
+ n1.element = choice_Name_rdnSequence;
+ n1.u.rdnSequence.val = rdn1;
+ n1.u.rdnSequence.len = sizeof(rdn1)/sizeof(rdn1[0]);
+ rdn1[0].val = atv1;
+ rdn1[0].len = sizeof(atv1)/sizeof(atv1[0]);
+
+ atv1[0].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]);
+ atv1[0].type.components = cmp_CN;
+ atv1[0].value.element = choice_DirectoryString_printableString;
+ atv1[0].value.u.printableString = "Love";
+
+ atv1[1].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]);
+ atv1[1].type.components = cmp_L;
+ atv1[1].value.element = choice_DirectoryString_printableString;
+ atv1[1].value.u.printableString = "STOCKHOLM";
+
+ /* n2 */
+ n2.element = choice_Name_rdnSequence;
+ n2.u.rdnSequence.val = rdn2;
+ n2.u.rdnSequence.len = sizeof(rdn2)/sizeof(rdn2[0]);
+ rdn2[0].val = atv2;
+ rdn2[0].len = sizeof(atv2)/sizeof(atv2[0]);
+
+ atv2[0].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]);
+ atv2[0].type.components = cmp_L;
+ atv2[0].value.element = choice_DirectoryString_printableString;
+ atv2[0].value.u.printableString = "STOCKHOLM";
+
+ atv2[1].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]);
+ atv2[1].type.components = cmp_CN;
+ atv2[1].value.element = choice_DirectoryString_printableString;
+ atv2[1].value.u.printableString = "Love";
+
+ /* */
+ tests[0].val = &n1;
+ tests[1].val = &n2;
+
+ return generic_test (tests, ntests, sizeof(Name),
+ (generic_encode)encode_Name,
+ (generic_length)length_Name,
+ (generic_decode)decode_Name,
+ (generic_free)free_Name,
+ cmp_Name);
+}
+
+static int
+cmp_KeyUsage (void *a, void *b)
+{
+ KeyUsage *aa = a;
+ KeyUsage *ab = b;
+
+ return KeyUsage2int(*aa) != KeyUsage2int(*ab);
+}
+
+static int
+test_bit_string (void)
+{
+ struct test_case tests[] = {
+ { NULL, 4,
+ "\x03\x02\x07\x80",
+ "bitstring 1"
+ },
+ { NULL, 4,
+ "\x03\x02\x05\xa0",
+ "bitstring 2"
+ },
+ { NULL, 5,
+ "\x03\x03\x07\x00\x80",
+ "bitstring 3"
+ },
+ { NULL, 3,
+ "\x03\x01\x00",
+ "bitstring 4"
+ }
+ };
+
+ int ntests = sizeof(tests) / sizeof(*tests);
+ KeyUsage ku1, ku2, ku3, ku4;
+
+ memset(&ku1, 0, sizeof(ku1));
+ ku1.digitalSignature = 1;
+ tests[0].val = &ku1;
+
+ memset(&ku2, 0, sizeof(ku2));
+ ku2.digitalSignature = 1;
+ ku2.keyEncipherment = 1;
+ tests[1].val = &ku2;
+
+ memset(&ku3, 0, sizeof(ku3));
+ ku3.decipherOnly = 1;
+ tests[2].val = &ku3;
+
+ memset(&ku4, 0, sizeof(ku4));
+ tests[3].val = &ku4;
+
+
+ return generic_test (tests, ntests, sizeof(KeyUsage),
+ (generic_encode)encode_KeyUsage,
+ (generic_length)length_KeyUsage,
+ (generic_decode)decode_KeyUsage,
+ (generic_free)free_KeyUsage,
+ cmp_KeyUsage);
+}
+
+static int
+cmp_TESTLargeTag (void *a, void *b)
+{
+ TESTLargeTag *aa = a;
+ TESTLargeTag *ab = b;
+
+ COMPARE_INTEGER(aa,ab,foo);
+ return 0;
+}
+
+static int
+test_large_tag (void)
+{
+ struct test_case tests[] = {
+ { NULL, 8, "\x30\x06\xbf\x7f\x03\x02\x01\x01", "large tag 1" }
+ };
+
+ int ntests = sizeof(tests) / sizeof(*tests);
+ TESTLargeTag lt1;
+
+ memset(<1, 0, sizeof(lt1));
+ lt1.foo = 1;
+
+ tests[0].val = <1;
+
+ return generic_test (tests, ntests, sizeof(TESTLargeTag),
+ (generic_encode)encode_TESTLargeTag,
+ (generic_length)length_TESTLargeTag,
+ (generic_decode)decode_TESTLargeTag,
+ (generic_free)free_TESTLargeTag,
+ cmp_TESTLargeTag);
+}
+
+struct test_data {
+ int ok;
+ size_t len;
+ size_t expected_len;
+ void *data;
+};
+
+static int
+check_tag_length(void)
+{
+ struct test_data td[] = {
+ { 1, 3, 3, "\x02\x01\x00"},
+ { 1, 3, 3, "\x02\x01\x7f"},
+ { 1, 4, 4, "\x02\x02\x00\x80"},
+ { 1, 4, 4, "\x02\x02\x01\x00"},
+ { 1, 4, 4, "\x02\x02\x02\x00"},
+ { 0, 3, 0, "\x02\x02\x00"},
+ { 0, 3, 0, "\x02\x7f\x7f"},
+ { 0, 4, 0, "\x02\x03\x00\x80"},
+ { 0, 4, 0, "\x02\x7f\x01\x00"},
+ { 0, 5, 0, "\x02\xff\x7f\x02\x00"}
+ };
+ size_t sz;
+ krb5uint32 values[] = {0, 127, 128, 256, 512,
+ 0, 127, 128, 256, 512 };
+ krb5uint32 u;
+ int i, ret, failed = 0;
+ void *buf;
+
+ for (i = 0; i < sizeof(td)/sizeof(td[0]); i++) {
+ struct map_page *page;
+
+ buf = map_alloc(OVERRUN, td[i].data, td[i].len, &page);
+
+ ret = decode_krb5uint32(buf, td[i].len, &u, &sz);
+ if (ret) {
+ if (td[i].ok) {
+ printf("failed with tag len test %d\n", i);
+ failed = 1;
+ }
+ } else {
+ if (td[i].ok == 0) {
+ printf("failed with success for tag len test %d\n", i);
+ failed = 1;
+ }
+ if (td[i].expected_len != sz) {
+ printf("wrong expected size for tag test %d\n", i);
+ failed = 1;
+ }
+ if (values[i] != u) {
+ printf("wrong value for tag test %d\n", i);
+ failed = 1;
+ }
+ }
+ map_free(page, "test", "decode");
+ }
+ return failed;
+}
+
+static int
+cmp_TESTChoice (void *a, void *b)
+{
+ return 0;
+}
+
+static int
+test_choice (void)
+{
+ struct test_case tests[] = {
+ { NULL, 5, "\xa1\x03\x02\x01\x01", "large choice 1" },
+ { NULL, 5, "\xa2\x03\x02\x01\x02", "large choice 2" }
+ };
+
+ int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
+ TESTChoice1 c1;
+ TESTChoice1 c2_1;
+ TESTChoice2 c2_2;
+
+ memset(&c1, 0, sizeof(c1));
+ c1.element = choice_TESTChoice1_i1;
+ c1.u.i1 = 1;
+ tests[0].val = &c1;
+
+ memset(&c2_1, 0, sizeof(c2_1));
+ c2_1.element = choice_TESTChoice1_i2;
+ c2_1.u.i2 = 2;
+ tests[1].val = &c2_1;
+
+ ret += generic_test (tests, ntests, sizeof(TESTChoice1),
+ (generic_encode)encode_TESTChoice1,
+ (generic_length)length_TESTChoice1,
+ (generic_decode)decode_TESTChoice1,
+ (generic_free)free_TESTChoice1,
+ cmp_TESTChoice);
+
+ memset(&c2_2, 0, sizeof(c2_2));
+ c2_2.element = choice_TESTChoice2_asn1_ellipsis;
+ c2_2.u.asn1_ellipsis.data = "\xa2\x03\x02\x01\x02";
+ c2_2.u.asn1_ellipsis.length = 5;
+ tests[1].val = &c2_2;
+
+ ret += generic_test (tests, ntests, sizeof(TESTChoice2),
+ (generic_encode)encode_TESTChoice2,
+ (generic_length)length_TESTChoice2,
+ (generic_decode)decode_TESTChoice2,
+ (generic_free)free_TESTChoice2,
+ cmp_TESTChoice);
+
+ return ret;
+}
+
+static int
+cmp_TESTImplicit (void *a, void *b)
+{
+ TESTImplicit *aa = a;
+ TESTImplicit *ab = b;
+
+ COMPARE_INTEGER(aa,ab,ti1);
+ COMPARE_INTEGER(aa,ab,ti2.foo);
+ COMPARE_INTEGER(aa,ab,ti3);
+ return 0;
+}
+
+/*
+UNIV CONS Sequence 14
+ CONTEXT PRIM 0 1 00
+ CONTEXT CONS 1 6
+ CONTEXT CONS 127 3
+ UNIV PRIM Integer 1 02
+ CONTEXT PRIM 2 1 03
+*/
+
+static int
+test_implicit (void)
+{
+ struct test_case tests[] = {
+ { NULL, 16,
+ "\x30\x0e\x80\x01\x00\xa1\x06\xbf"
+ "\x7f\x03\x02\x01\x02\x82\x01\x03",
+ "implicit 1" }
+ };
+
+ int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
+ TESTImplicit c0;
+
+ memset(&c0, 0, sizeof(c0));
+ c0.ti1 = 0;
+ c0.ti2.foo = 2;
+ c0.ti3 = 3;
+ tests[0].val = &c0;
+
+ ret += generic_test (tests, ntests, sizeof(TESTImplicit),
+ (generic_encode)encode_TESTImplicit,
+ (generic_length)length_TESTImplicit,
+ (generic_decode)decode_TESTImplicit,
+ (generic_free)free_TESTImplicit,
+ cmp_TESTImplicit);
+
+#ifdef IMPLICIT_TAGGING_WORKS
+ ret += generic_test (tests, ntests, sizeof(TESTImplicit2),
+ (generic_encode)encode_TESTImplicit2,
+ (generic_length)length_TESTImplicit2,
+ (generic_decode)decode_TESTImplicit2,
+ (generic_free)free_TESTImplicit2,
+ cmp_TESTImplicit);
+
+#endif /* IMPLICIT_TAGGING_WORKS */
+ return ret;
+}
+
+static int
+cmp_TESTAlloc (void *a, void *b)
+{
+ TESTAlloc *aa = a;
+ TESTAlloc *ab = b;
+
+ IF_OPT_COMPARE(aa,ab,tagless) {
+ COMPARE_INTEGER(aa,ab,tagless->ai);
+ }
+
+ COMPARE_INTEGER(aa,ab,three);
+
+ IF_OPT_COMPARE(aa,ab,tagless2) {
+ COMPARE_OPT_OCTECT_STRING(aa, ab, tagless2);
+ }
+
+ return 0;
+}
+
+/*
+UNIV CONS Sequence 12
+ UNIV CONS Sequence 5
+ CONTEXT CONS 0 3
+ UNIV PRIM Integer 1 01
+ CONTEXT CONS 1 3
+ UNIV PRIM Integer 1 03
+
+UNIV CONS Sequence 5
+ CONTEXT CONS 1 3
+ UNIV PRIM Integer 1 03
+
+UNIV CONS Sequence 8
+ CONTEXT CONS 1 3
+ UNIV PRIM Integer 1 04
+ UNIV PRIM Integer 1 05
+
+*/
+
+static int
+test_taglessalloc (void)
+{
+ struct test_case tests[] = {
+ { NULL, 14,
+ "\x30\x0c\x30\x05\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x03",
+ "alloc 1" },
+ { NULL, 7,
+ "\x30\x05\xa1\x03\x02\x01\x03",
+ "alloc 2" },
+ { NULL, 10,
+ "\x30\x08\xa1\x03\x02\x01\x04\x02\x01\x05",
+ "alloc 3" }
+ };
+
+ int ret = 0, ntests = sizeof(tests) / sizeof(*tests);
+ TESTAlloc c1, c2, c3;
+ heim_any any3;
+
+ memset(&c1, 0, sizeof(c1));
+ c1.tagless = ecalloc(1, sizeof(*c1.tagless));
+ c1.tagless->ai = 1;
+ c1.three = 3;
+ tests[0].val = &c1;
+
+ memset(&c2, 0, sizeof(c2));
+ c2.tagless = NULL;
+ c2.three = 3;
+ tests[1].val = &c2;
+
+ memset(&c3, 0, sizeof(c3));
+ c3.tagless = NULL;
+ c3.three = 4;
+ c3.tagless2 = &any3;
+ any3.data = "\x02\x01\x05";
+ any3.length = 3;
+ tests[2].val = &c3;
+
+ ret += generic_test (tests, ntests, sizeof(TESTAlloc),
+ (generic_encode)encode_TESTAlloc,
+ (generic_length)length_TESTAlloc,
+ (generic_decode)decode_TESTAlloc,
+ (generic_free)free_TESTAlloc,
+ cmp_TESTAlloc);
+
+ free(c1.tagless);
+
+ return ret;
+}
+
+
+static int
+check_fail_largetag(void)
+{
+ struct test_case tests[] = {
+ {NULL, 14, "\x30\x0c\xbf\x87\xff\xff\xff\xff\xff\x7f\x03\x02\x01\x01",
+ "tag overflow"},
+ {NULL, 0, "", "empty buffer"},
+ {NULL, 7, "\x30\x05\xa1\x03\x02\x02\x01",
+ "one too short" },
+ {NULL, 7, "\x30\x04\xa1\x03\x02\x02\x01"
+ "two too short" },
+ {NULL, 7, "\x30\x03\xa1\x03\x02\x02\x01",
+ "three too short" },
+ {NULL, 7, "\x30\x02\xa1\x03\x02\x02\x01",
+ "four too short" },
+ {NULL, 7, "\x30\x01\xa1\x03\x02\x02\x01",
+ "five too short" },
+ {NULL, 7, "\x30\x00\xa1\x03\x02\x02\x01",
+ "six too short" },
+ {NULL, 7, "\x30\x05\xa1\x04\x02\x02\x01",
+ "inner one too long" },
+ {NULL, 7, "\x30\x00\xa1\x02\x02\x02\x01",
+ "inner one too short" },
+ {NULL, 8, "\x30\x05\xbf\x7f\x03\x02\x02\x01",
+ "inner one too short"},
+ {NULL, 8, "\x30\x06\xbf\x64\x03\x02\x01\x01",
+ "wrong tag"},
+ {NULL, 10, "\x30\x08\xbf\x9a\x9b\x38\x03\x02\x01\x01",
+ "still wrong tag"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(TESTLargeTag),
+ (generic_decode)decode_TESTLargeTag);
+}
+
+
+static int
+check_fail_sequence(void)
+{
+ struct test_case tests[] = {
+ {NULL, 0, "", "empty buffer"},
+ {NULL, 24,
+ "\x30\x16\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01"
+ "\x02\x01\x01\xa2\x03\x02\x01\x01"
+ "missing one byte from the end, internal length ok"},
+ {NULL, 25,
+ "\x30\x18\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01"
+ "\x02\x01\x01\xa2\x03\x02\x01\x01",
+ "inner length one byte too long"},
+ {NULL, 24,
+ "\x30\x17\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01"
+ "\x01\x02\x01\x01\xa2\x03\x02\x01\x01",
+ "correct buffer but missing one too short"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(TESTSeq),
+ (generic_decode)decode_TESTSeq);
+}
+
+static int
+check_fail_choice(void)
+{
+ struct test_case tests[] = {
+ {NULL, 6,
+ "\xa1\x02\x02\x01\x01",
+ "one too short"},
+ {NULL, 6,
+ "\xa1\x03\x02\x02\x01",
+ "one too short inner"}
+ };
+ int ntests = sizeof(tests) / sizeof(*tests);
+
+ return generic_decode_fail(tests, ntests, sizeof(TESTChoice1),
+ (generic_decode)decode_TESTChoice1);
+}
+
+static int
+check_seq(void)
+{
+ TESTSeqOf seq;
+ TESTInteger i;
+ int ret;
+
+ seq.val = NULL;
+ seq.len = 0;
+
+ ret = add_TESTSeqOf(&seq, &i);
+ if (ret) { printf("failed adding\n"); goto out; }
+ ret = add_TESTSeqOf(&seq, &i);
+ if (ret) { printf("failed adding\n"); goto out; }
+ ret = add_TESTSeqOf(&seq, &i);
+ if (ret) { printf("failed adding\n"); goto out; }
+ ret = add_TESTSeqOf(&seq, &i);
+ if (ret) { printf("failed adding\n"); goto out; }
+
+ ret = remove_TESTSeqOf(&seq, seq.len - 1);
+ if (ret) { printf("failed removing\n"); goto out; }
+ ret = remove_TESTSeqOf(&seq, 2);
+ if (ret) { printf("failed removing\n"); goto out; }
+ ret = remove_TESTSeqOf(&seq, 0);
+ if (ret) { printf("failed removing\n"); goto out; }
+ ret = remove_TESTSeqOf(&seq, 0);
+ if (ret) { printf("failed removing\n"); goto out; }
+ ret = remove_TESTSeqOf(&seq, 0);
+ if (ret == 0) {
+ printf("can remove from empty list");
+ return 1;
+ }
+
+ if (seq.len != 0) {
+ printf("seq not empty!");
+ return 1;
+ }
+ free_TESTSeqOf(&seq);
+ ret = 0;
+
+out:
+
+ return ret;
+}
+
+#define test_seq_of(type, ok, ptr) \
+{ \
+ heim_octet_string os; \
+ size_t size; \
+ type decode; \
+ ASN1_MALLOC_ENCODE(type, os.data, os.length, ptr, &size, ret); \
+ if (ret) \
+ return ret; \
+ if (os.length != size) \
+ abort(); \
+ ret = decode_##type(os.data, os.length, &decode, &size); \
+ free(os.data); \
+ if (ret) { \
+ if (ok) \
+ return 1; \
+ } else { \
+ free_##type(&decode); \
+ if (!ok) \
+ return 1; \
+ if (size != 0) \
+ return 1; \
+ } \
+ return 0; \
+}
+
+static int
+check_seq_of_size(void)
+{
+ TESTInteger integers[4] = { 1, 2, 3, 4 };
+ int ret;
+
+ {
+ TESTSeqSizeOf1 ssof1f1 = { 1, integers };
+ TESTSeqSizeOf1 ssof1ok1 = { 2, integers };
+ TESTSeqSizeOf1 ssof1f2 = { 3, integers };
+
+ test_seq_of(TESTSeqSizeOf1, 0, &ssof1f1);
+ test_seq_of(TESTSeqSizeOf1, 1, &ssof1ok1);
+ test_seq_of(TESTSeqSizeOf1, 0, &ssof1f2);
+ }
+ {
+ TESTSeqSizeOf2 ssof2f1 = { 0, NULL };
+ TESTSeqSizeOf2 ssof2ok1 = { 1, integers };
+ TESTSeqSizeOf2 ssof2ok2 = { 2, integers };
+ TESTSeqSizeOf2 ssof2f2 = { 3, integers };
+
+ test_seq_of(TESTSeqSizeOf2, 0, &ssof2f1);
+ test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok1);
+ test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok2);
+ test_seq_of(TESTSeqSizeOf2, 0, &ssof2f2);
+ }
+ {
+ TESTSeqSizeOf3 ssof3f1 = { 0, NULL };
+ TESTSeqSizeOf3 ssof3ok1 = { 1, integers };
+ TESTSeqSizeOf3 ssof3ok2 = { 2, integers };
+
+ test_seq_of(TESTSeqSizeOf3, 0, &ssof3f1);
+ test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok1);
+ test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok2);
+ }
+ {
+ TESTSeqSizeOf4 ssof4ok1 = { 0, NULL };
+ TESTSeqSizeOf4 ssof4ok2 = { 1, integers };
+ TESTSeqSizeOf4 ssof4ok3 = { 2, integers };
+ TESTSeqSizeOf4 ssof4f1 = { 3, integers };
+
+ test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok1);
+ test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok2);
+ test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok3);
+ test_seq_of(TESTSeqSizeOf4, 0, &ssof4f1);
+ }
+
+ return 0;
+}
+
+
+
+int
+main(int argc, char **argv)
+{
+ int ret = 0;
+
+ ret += test_principal ();
+ ret += test_authenticator();
+ ret += test_krb_error();
+ ret += test_Name();
+ ret += test_bit_string();
+
+ ret += check_tag_length();
+ ret += test_large_tag();
+ ret += test_choice();
+
+ ret += test_implicit();
+ ret += test_taglessalloc();
+
+ ret += check_fail_largetag();
+ ret += check_fail_sequence();
+ ret += check_fail_choice();
+
+ ret += check_seq();
+ ret += check_seq_of_size();
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/check-timegm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/check-timegm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/check-timegm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <der_locl.h>
+
+RCSID("$Id: check-timegm.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int
+test_timegm(void)
+{
+ int ret = 0;
+ struct tm tm;
+ time_t t;
+
+ memset(&tm, 0, sizeof(tm));
+ tm.tm_year = 106;
+ tm.tm_mon = 9;
+ tm.tm_mday = 1;
+ tm.tm_hour = 10;
+ tm.tm_min = 3;
+
+ t = _der_timegm(&tm);
+ if (t != 1159696980)
+ ret += 1;
+
+ tm.tm_mday = 0;
+ t = _der_timegm(&tm);
+ if (t != -1)
+ ret += 1;
+
+ return ret;
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret = 0;
+
+ ret += test_timegm();
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,567 @@
+/* This is a generated file */
+#ifndef __der_protos_h__
+#define __der_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int
+copy_heim_any (
+ const heim_any */*from*/,
+ heim_any */*to*/);
+
+int
+copy_heim_any_set (
+ const heim_any_set */*from*/,
+ heim_any_set */*to*/);
+
+int
+decode_heim_any (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_any */*data*/,
+ size_t */*size*/);
+
+int
+decode_heim_any_set (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_any_set */*data*/,
+ size_t */*size*/);
+
+int
+der_copy_bit_string (
+ const heim_bit_string */*from*/,
+ heim_bit_string */*to*/);
+
+int
+der_copy_bmp_string (
+ const heim_bmp_string */*from*/,
+ heim_bmp_string */*to*/);
+
+int
+der_copy_general_string (
+ const heim_general_string */*from*/,
+ heim_general_string */*to*/);
+
+int
+der_copy_heim_integer (
+ const heim_integer */*from*/,
+ heim_integer */*to*/);
+
+int
+der_copy_ia5_string (
+ const heim_printable_string */*from*/,
+ heim_printable_string */*to*/);
+
+int
+der_copy_octet_string (
+ const heim_octet_string */*from*/,
+ heim_octet_string */*to*/);
+
+int
+der_copy_oid (
+ const heim_oid */*from*/,
+ heim_oid */*to*/);
+
+int
+der_copy_printable_string (
+ const heim_printable_string */*from*/,
+ heim_printable_string */*to*/);
+
+int
+der_copy_universal_string (
+ const heim_universal_string */*from*/,
+ heim_universal_string */*to*/);
+
+int
+der_copy_utf8string (
+ const heim_utf8_string */*from*/,
+ heim_utf8_string */*to*/);
+
+int
+der_copy_visible_string (
+ const heim_visible_string */*from*/,
+ heim_visible_string */*to*/);
+
+void
+der_free_bit_string (heim_bit_string */*k*/);
+
+void
+der_free_bmp_string (heim_bmp_string */*k*/);
+
+void
+der_free_general_string (heim_general_string */*str*/);
+
+void
+der_free_heim_integer (heim_integer */*k*/);
+
+void
+der_free_ia5_string (heim_ia5_string */*str*/);
+
+void
+der_free_octet_string (heim_octet_string */*k*/);
+
+void
+der_free_oid (heim_oid */*k*/);
+
+void
+der_free_printable_string (heim_printable_string */*str*/);
+
+void
+der_free_universal_string (heim_universal_string */*k*/);
+
+void
+der_free_utf8string (heim_utf8_string */*str*/);
+
+void
+der_free_visible_string (heim_visible_string */*str*/);
+
+int
+der_get_bit_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_bit_string */*data*/,
+ size_t */*size*/);
+
+int
+der_get_bmp_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_bmp_string */*data*/,
+ size_t */*size*/);
+
+int
+der_get_boolean (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ int */*data*/,
+ size_t */*size*/);
+
+const char *
+der_get_class_name (unsigned /*num*/);
+
+int
+der_get_class_num (const char */*name*/);
+
+int
+der_get_general_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_general_string */*str*/,
+ size_t */*size*/);
+
+int
+der_get_generalized_time (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ time_t */*data*/,
+ size_t */*size*/);
+
+int
+der_get_heim_integer (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_integer */*data*/,
+ size_t */*size*/);
+
+int
+der_get_ia5_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_ia5_string */*str*/,
+ size_t */*size*/);
+
+int
+der_get_integer (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ int */*ret*/,
+ size_t */*size*/);
+
+int
+der_get_length (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ size_t */*val*/,
+ size_t */*size*/);
+
+int
+der_get_octet_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_octet_string */*data*/,
+ size_t */*size*/);
+
+int
+der_get_oid (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_oid */*data*/,
+ size_t */*size*/);
+
+int
+der_get_printable_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_printable_string */*str*/,
+ size_t */*size*/);
+
+int
+der_get_tag (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ Der_class */*class*/,
+ Der_type */*type*/,
+ unsigned int */*tag*/,
+ size_t */*size*/);
+
+const char *
+der_get_tag_name (unsigned /*num*/);
+
+int
+der_get_tag_num (const char */*name*/);
+
+const char *
+der_get_type_name (unsigned /*num*/);
+
+int
+der_get_type_num (const char */*name*/);
+
+int
+der_get_universal_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_universal_string */*data*/,
+ size_t */*size*/);
+
+int
+der_get_unsigned (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ unsigned */*ret*/,
+ size_t */*size*/);
+
+int
+der_get_utctime (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ time_t */*data*/,
+ size_t */*size*/);
+
+int
+der_get_utf8string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_utf8_string */*str*/,
+ size_t */*size*/);
+
+int
+der_get_visible_string (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ heim_visible_string */*str*/,
+ size_t */*size*/);
+
+int
+der_heim_bit_string_cmp (
+ const heim_bit_string */*p*/,
+ const heim_bit_string */*q*/);
+
+int
+der_heim_bmp_string_cmp (
+ const heim_bmp_string */*p*/,
+ const heim_bmp_string */*q*/);
+
+int
+der_heim_integer_cmp (
+ const heim_integer */*p*/,
+ const heim_integer */*q*/);
+
+int
+der_heim_octet_string_cmp (
+ const heim_octet_string */*p*/,
+ const heim_octet_string */*q*/);
+
+int
+der_heim_oid_cmp (
+ const heim_oid */*p*/,
+ const heim_oid */*q*/);
+
+int
+der_heim_universal_string_cmp (
+ const heim_universal_string */*p*/,
+ const heim_universal_string */*q*/);
+
+size_t
+der_length_bit_string (const heim_bit_string */*k*/);
+
+size_t
+der_length_bmp_string (const heim_bmp_string */*data*/);
+
+size_t
+der_length_boolean (const int */*k*/);
+
+size_t
+der_length_enumerated (const unsigned */*data*/);
+
+size_t
+der_length_general_string (const heim_general_string */*data*/);
+
+size_t
+der_length_generalized_time (const time_t */*t*/);
+
+size_t
+der_length_heim_integer (const heim_integer */*k*/);
+
+size_t
+der_length_ia5_string (const heim_ia5_string */*data*/);
+
+size_t
+der_length_integer (const int */*data*/);
+
+size_t
+der_length_len (size_t /*len*/);
+
+size_t
+der_length_octet_string (const heim_octet_string */*k*/);
+
+size_t
+der_length_oid (const heim_oid */*k*/);
+
+size_t
+der_length_printable_string (const heim_printable_string */*data*/);
+
+size_t
+der_length_universal_string (const heim_universal_string */*data*/);
+
+size_t
+der_length_unsigned (const unsigned */*data*/);
+
+size_t
+der_length_utctime (const time_t */*t*/);
+
+size_t
+der_length_utf8string (const heim_utf8_string */*data*/);
+
+size_t
+der_length_visible_string (const heim_visible_string */*data*/);
+
+int
+der_match_tag (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ Der_class /*class*/,
+ Der_type /*type*/,
+ unsigned int /*tag*/,
+ size_t */*size*/);
+
+int
+der_match_tag_and_length (
+ const unsigned char */*p*/,
+ size_t /*len*/,
+ Der_class /*class*/,
+ Der_type /*type*/,
+ unsigned int /*tag*/,
+ size_t */*length_ret*/,
+ size_t */*size*/);
+
+int
+der_parse_heim_oid (
+ const char */*str*/,
+ const char */*sep*/,
+ heim_oid */*data*/);
+
+int
+der_parse_hex_heim_integer (
+ const char */*p*/,
+ heim_integer */*data*/);
+
+int
+der_print_heim_oid (
+ const heim_oid */*oid*/,
+ char /*delim*/,
+ char **/*str*/);
+
+int
+der_print_hex_heim_integer (
+ const heim_integer */*data*/,
+ char **/*p*/);
+
+int
+der_put_bit_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_bit_string */*data*/,
+ size_t */*size*/);
+
+int
+der_put_bmp_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_bmp_string */*data*/,
+ size_t */*size*/);
+
+int
+der_put_boolean (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const int */*data*/,
+ size_t */*size*/);
+
+int
+der_put_general_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_general_string */*str*/,
+ size_t */*size*/);
+
+int
+der_put_generalized_time (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const time_t */*data*/,
+ size_t */*size*/);
+
+int
+der_put_heim_integer (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_integer */*data*/,
+ size_t */*size*/);
+
+int
+der_put_ia5_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_ia5_string */*str*/,
+ size_t */*size*/);
+
+int
+der_put_integer (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const int */*v*/,
+ size_t */*size*/);
+
+int
+der_put_length (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ size_t /*val*/,
+ size_t */*size*/);
+
+int
+der_put_length_and_tag (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ size_t /*len_val*/,
+ Der_class /*class*/,
+ Der_type /*type*/,
+ unsigned int /*tag*/,
+ size_t */*size*/);
+
+int
+der_put_octet_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_octet_string */*data*/,
+ size_t */*size*/);
+
+int
+der_put_oid (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_oid */*data*/,
+ size_t */*size*/);
+
+int
+der_put_printable_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_printable_string */*str*/,
+ size_t */*size*/);
+
+int
+der_put_tag (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ Der_class /*class*/,
+ Der_type /*type*/,
+ unsigned int /*tag*/,
+ size_t */*size*/);
+
+int
+der_put_universal_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_universal_string */*data*/,
+ size_t */*size*/);
+
+int
+der_put_unsigned (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const unsigned */*v*/,
+ size_t */*size*/);
+
+int
+der_put_utctime (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const time_t */*data*/,
+ size_t */*size*/);
+
+int
+der_put_utf8string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_utf8_string */*str*/,
+ size_t */*size*/);
+
+int
+der_put_visible_string (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_visible_string */*str*/,
+ size_t */*size*/);
+
+int
+encode_heim_any (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_any */*data*/,
+ size_t */*size*/);
+
+int
+encode_heim_any_set (
+ unsigned char */*p*/,
+ size_t /*len*/,
+ const heim_any_set */*data*/,
+ size_t */*size*/);
+
+void
+free_heim_any (heim_any */*data*/);
+
+void
+free_heim_any_set (heim_any_set */*data*/);
+
+int
+heim_any_cmp (
+ const heim_any_set */*p*/,
+ const heim_any_set */*q*/);
+
+size_t
+length_heim_any (const heim_any */*data*/);
+
+size_t
+length_heim_any_set (const heim_any */*data*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __der_protos_h__ */
Added: vendor-crypto/heimdal/dist/lib/asn1/der.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include <com_err.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <getarg.h>
+#include <err.h>
+
+RCSID("$Id: der.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+
+static const char *class_names[] = {
+ "UNIV", /* 0 */
+ "APPL", /* 1 */
+ "CONTEXT", /* 2 */
+ "PRIVATE" /* 3 */
+};
+
+static const char *type_names[] = {
+ "PRIM", /* 0 */
+ "CONS" /* 1 */
+};
+
+static const char *tag_names[] = {
+ "EndOfContent", /* 0 */
+ "Boolean", /* 1 */
+ "Integer", /* 2 */
+ "BitString", /* 3 */
+ "OctetString", /* 4 */
+ "Null", /* 5 */
+ "ObjectID", /* 6 */
+ NULL, /* 7 */
+ NULL, /* 8 */
+ NULL, /* 9 */
+ "Enumerated", /* 10 */
+ NULL, /* 11 */
+ NULL, /* 12 */
+ NULL, /* 13 */
+ NULL, /* 14 */
+ NULL, /* 15 */
+ "Sequence", /* 16 */
+ "Set", /* 17 */
+ NULL, /* 18 */
+ "PrintableString", /* 19 */
+ NULL, /* 20 */
+ NULL, /* 21 */
+ "IA5String", /* 22 */
+ "UTCTime", /* 23 */
+ "GeneralizedTime", /* 24 */
+ NULL, /* 25 */
+ "VisibleString", /* 26 */
+ "GeneralString", /* 27 */
+ NULL, /* 28 */
+ NULL, /* 29 */
+ "BMPString" /* 30 */
+};
+
+static int
+get_type(const char *name, const char *list[], unsigned len)
+{
+ unsigned i;
+ for (i = 0; i < len; i++)
+ if (list[i] && strcasecmp(list[i], name) == 0)
+ return i;
+ return -1;
+}
+
+#define SIZEOF_ARRAY(a) (sizeof((a))/sizeof((a)[0]))
+
+const char *
+der_get_class_name(unsigned num)
+{
+ if (num >= SIZEOF_ARRAY(class_names))
+ return NULL;
+ return class_names[num];
+}
+
+int
+der_get_class_num(const char *name)
+{
+ return get_type(name, class_names, SIZEOF_ARRAY(class_names));
+}
+
+const char *
+der_get_type_name(unsigned num)
+{
+ if (num >= SIZEOF_ARRAY(type_names))
+ return NULL;
+ return type_names[num];
+}
+
+int
+der_get_type_num(const char *name)
+{
+ return get_type(name, type_names, SIZEOF_ARRAY(type_names));
+}
+
+const char *
+der_get_tag_name(unsigned num)
+{
+ if (num >= SIZEOF_ARRAY(tag_names))
+ return NULL;
+ return tag_names[num];
+}
+
+int
+der_get_tag_num(const char *name)
+{
+ return get_type(name, tag_names, SIZEOF_ARRAY(tag_names));
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: der.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __DER_H__
+#define __DER_H__
+
+typedef enum {
+ ASN1_C_UNIV = 0,
+ ASN1_C_APPL = 1,
+ ASN1_C_CONTEXT = 2,
+ ASN1_C_PRIVATE = 3
+} Der_class;
+
+typedef enum {PRIM = 0, CONS = 1} Der_type;
+
+#define MAKE_TAG(CLASS, TYPE, TAG) (((CLASS) << 6) | ((TYPE) << 5) | (TAG))
+
+/* Universal tags */
+
+enum {
+ UT_EndOfContent = 0,
+ UT_Boolean = 1,
+ UT_Integer = 2,
+ UT_BitString = 3,
+ UT_OctetString = 4,
+ UT_Null = 5,
+ UT_OID = 6,
+ UT_Enumerated = 10,
+ UT_UTF8String = 12,
+ UT_Sequence = 16,
+ UT_Set = 17,
+ UT_PrintableString = 19,
+ UT_IA5String = 22,
+ UT_UTCTime = 23,
+ UT_GeneralizedTime = 24,
+ UT_UniversalString = 25,
+ UT_VisibleString = 26,
+ UT_GeneralString = 27,
+ UT_BMPString = 30,
+ /* unsupported types */
+ UT_ObjectDescriptor = 7,
+ UT_External = 8,
+ UT_Real = 9,
+ UT_EmbeddedPDV = 11,
+ UT_RelativeOID = 13,
+ UT_NumericString = 18,
+ UT_TeletexString = 20,
+ UT_VideotexString = 21,
+ UT_GraphicString = 25
+};
+
+#define ASN1_INDEFINITE 0xdce0deed
+
+typedef struct heim_der_time_t {
+ time_t dt_sec;
+ unsigned long dt_nsec;
+} heim_der_time_t;
+
+typedef struct heim_ber_time_t {
+ time_t bt_sec;
+ unsigned bt_nsec;
+ int bt_zone;
+} heim_ber_time_t;
+
+#include <der-protos.h>
+
+int _heim_fix_dce(size_t reallen, size_t *len);
+int _heim_der_set_sort(const void *, const void *);
+int _heim_time2generalizedtime (time_t, heim_octet_string *, int);
+
+#endif /* __DER_H__ */
Added: vendor-crypto/heimdal/dist/lib/asn1/der_cmp.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_cmp.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_cmp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2003-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+int
+der_heim_oid_cmp(const heim_oid *p, const heim_oid *q)
+{
+ if (p->length != q->length)
+ return p->length - q->length;
+ return memcmp(p->components,
+ q->components,
+ p->length * sizeof(*p->components));
+}
+
+int
+der_heim_octet_string_cmp(const heim_octet_string *p,
+ const heim_octet_string *q)
+{
+ if (p->length != q->length)
+ return p->length - q->length;
+ return memcmp(p->data, q->data, p->length);
+}
+
+int
+der_heim_bit_string_cmp(const heim_bit_string *p,
+ const heim_bit_string *q)
+{
+ int i, r1, r2;
+ if (p->length != q->length)
+ return p->length - q->length;
+ i = memcmp(p->data, q->data, p->length / 8);
+ if (i)
+ return i;
+ if ((p->length % 8) == 0)
+ return 0;
+ i = (p->length / 8);
+ r1 = ((unsigned char *)p->data)[i];
+ r2 = ((unsigned char *)q->data)[i];
+ i = 8 - (p->length % 8);
+ r1 = r1 >> i;
+ r2 = r2 >> i;
+ return r1 - r2;
+}
+
+int
+der_heim_integer_cmp(const heim_integer *p,
+ const heim_integer *q)
+{
+ if (p->negative != q->negative)
+ return q->negative - p->negative;
+ if (p->length != q->length)
+ return p->length - q->length;
+ return memcmp(p->data, q->data, p->length);
+}
+
+int
+der_heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q)
+{
+ if (p->length != q->length)
+ return p->length - q->length;
+ return memcmp(p->data, q->data, q->length * sizeof(q->data[0]));
+}
+
+int
+der_heim_universal_string_cmp(const heim_universal_string *p,
+ const heim_universal_string *q)
+{
+ if (p->length != q->length)
+ return p->length - q->length;
+ return memcmp(p->data, q->data, q->length * sizeof(q->data[0]));
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der_copy.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_copy.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_copy.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+RCSID("$Id: der_copy.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+int
+der_copy_general_string (const heim_general_string *from,
+ heim_general_string *to)
+{
+ *to = strdup(*from);
+ if(*to == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+int
+der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
+{
+ return der_copy_general_string(from, to);
+}
+
+int
+der_copy_printable_string (const heim_printable_string *from,
+ heim_printable_string *to)
+{
+ return der_copy_general_string(from, to);
+}
+
+int
+der_copy_ia5_string (const heim_printable_string *from,
+ heim_printable_string *to)
+{
+ return der_copy_general_string(from, to);
+}
+
+int
+der_copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to)
+{
+ to->length = from->length;
+ to->data = malloc(to->length * sizeof(to->data[0]));
+ if(to->length != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, to->length * sizeof(to->data[0]));
+ return 0;
+}
+
+int
+der_copy_universal_string (const heim_universal_string *from,
+ heim_universal_string *to)
+{
+ to->length = from->length;
+ to->data = malloc(to->length * sizeof(to->data[0]));
+ if(to->length != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, to->length * sizeof(to->data[0]));
+ return 0;
+}
+
+int
+der_copy_visible_string (const heim_visible_string *from,
+ heim_visible_string *to)
+{
+ return der_copy_general_string(from, to);
+}
+
+int
+der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to)
+{
+ to->length = from->length;
+ to->data = malloc(to->length);
+ if(to->length != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, to->length);
+ return 0;
+}
+
+int
+der_copy_heim_integer (const heim_integer *from, heim_integer *to)
+{
+ to->length = from->length;
+ to->data = malloc(to->length);
+ if(to->length != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, to->length);
+ to->negative = from->negative;
+ return 0;
+}
+
+int
+der_copy_oid (const heim_oid *from, heim_oid *to)
+{
+ to->length = from->length;
+ to->components = malloc(to->length * sizeof(*to->components));
+ if (to->length != 0 && to->components == NULL)
+ return ENOMEM;
+ memcpy(to->components, from->components,
+ to->length * sizeof(*to->components));
+ return 0;
+}
+
+int
+der_copy_bit_string (const heim_bit_string *from, heim_bit_string *to)
+{
+ size_t len;
+
+ len = (from->length + 7) / 8;
+ to->length = from->length;
+ to->data = malloc(len);
+ if(len != 0 && to->data == NULL)
+ return ENOMEM;
+ memcpy(to->data, from->data, len);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der_format.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_format.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_format.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include <hex.h>
+
+RCSID("$Id: der_format.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+int
+der_parse_hex_heim_integer (const char *p, heim_integer *data)
+{
+ ssize_t len;
+
+ data->length = 0;
+ data->negative = 0;
+ data->data = NULL;
+
+ if (*p == '-') {
+ p++;
+ data->negative = 1;
+ }
+
+ len = strlen(p);
+ if (len <= 0) {
+ data->data = NULL;
+ data->length = 0;
+ return EINVAL;
+ }
+
+ data->length = (len / 2) + 1;
+ data->data = malloc(data->length);
+ if (data->data == NULL) {
+ data->length = 0;
+ return ENOMEM;
+ }
+
+ len = hex_decode(p, data->data, data->length);
+ if (len < 0) {
+ free(data->data);
+ data->data = NULL;
+ data->length = 0;
+ return EINVAL;
+ }
+
+ {
+ unsigned char *q = data->data;
+ while(len > 0 && *q == 0) {
+ q++;
+ len--;
+ }
+ data->length = len;
+ memmove(data->data, q, len);
+ }
+ return 0;
+}
+
+int
+der_print_hex_heim_integer (const heim_integer *data, char **p)
+{
+ ssize_t len;
+ char *q;
+
+ len = hex_encode(data->data, data->length, p);
+ if (len < 0)
+ return ENOMEM;
+
+ if (data->negative) {
+ len = asprintf(&q, "-%s", *p);
+ free(*p);
+ if (len < 0)
+ return ENOMEM;
+ *p = q;
+ }
+ return 0;
+}
+
+int
+der_print_heim_oid (const heim_oid *oid, char delim, char **str)
+{
+ struct rk_strpool *p = NULL;
+ int i;
+
+ if (oid->length == 0)
+ return EINVAL;
+
+ for (i = 0; i < oid->length ; i++) {
+ p = rk_strpoolprintf(p, "%d", oid->components[i]);
+ if (p && i < oid->length - 1)
+ p = rk_strpoolprintf(p, "%c", delim);
+ if (p == NULL) {
+ *str = NULL;
+ return ENOMEM;
+ }
+ }
+
+ *str = rk_strpoolcollect(p);
+ if (*str == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+int
+der_parse_heim_oid (const char *str, const char *sep, heim_oid *data)
+{
+ char *s, *w, *brkt, *endptr;
+ unsigned int *c;
+ long l;
+
+ data->length = 0;
+ data->components = NULL;
+
+ if (sep == NULL)
+ sep = ".";
+
+ s = strdup(str);
+
+ for (w = strtok_r(s, sep, &brkt);
+ w != NULL;
+ w = strtok_r(NULL, sep, &brkt)) {
+
+ c = realloc(data->components,
+ (data->length + 1) * sizeof(data->components[0]));
+ if (c == NULL) {
+ der_free_oid(data);
+ free(s);
+ return ENOMEM;
+ }
+ data->components = c;
+
+ l = strtol(w, &endptr, 10);
+ if (*endptr != '\0' || l < 0 || l > INT_MAX) {
+ der_free_oid(data);
+ free(s);
+ return EINVAL;
+ }
+ data->components[data->length++] = l;
+ }
+ free(s);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der_free.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_free.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_free.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+RCSID("$Id: der_free.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+void
+der_free_general_string (heim_general_string *str)
+{
+ free(*str);
+ *str = NULL;
+}
+
+void
+der_free_utf8string (heim_utf8_string *str)
+{
+ free(*str);
+ *str = NULL;
+}
+
+void
+der_free_printable_string (heim_printable_string *str)
+{
+ free(*str);
+ *str = NULL;
+}
+
+void
+der_free_ia5_string (heim_ia5_string *str)
+{
+ free(*str);
+ *str = NULL;
+}
+
+void
+der_free_bmp_string (heim_bmp_string *k)
+{
+ free(k->data);
+ k->data = NULL;
+ k->length = 0;
+}
+
+void
+der_free_universal_string (heim_universal_string *k)
+{
+ free(k->data);
+ k->data = NULL;
+ k->length = 0;
+}
+
+void
+der_free_visible_string (heim_visible_string *str)
+{
+ free(*str);
+ *str = NULL;
+}
+
+void
+der_free_octet_string (heim_octet_string *k)
+{
+ free(k->data);
+ k->data = NULL;
+ k->length = 0;
+}
+
+void
+der_free_heim_integer (heim_integer *k)
+{
+ free(k->data);
+ k->data = NULL;
+ k->length = 0;
+}
+
+void
+der_free_oid (heim_oid *k)
+{
+ free(k->components);
+ k->components = NULL;
+ k->length = 0;
+}
+
+void
+der_free_bit_string (heim_bit_string *k)
+{
+ free(k->data);
+ k->data = NULL;
+ k->length = 0;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der_get.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_get.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_get.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,546 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+RCSID("$Id: der_get.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <version.h>
+
+/*
+ * All decoding functions take a pointer `p' to first position in
+ * which to read, from the left, `len' which means the maximum number
+ * of characters we are able to read, `ret' were the value will be
+ * returned and `size' where the number of used bytes is stored.
+ * Either 0 or an error code is returned.
+ */
+
+int
+der_get_unsigned (const unsigned char *p, size_t len,
+ unsigned *ret, size_t *size)
+{
+ unsigned val = 0;
+ size_t oldlen = len;
+
+ if (len == sizeof(unsigned) + 1 && p[0] == 0)
+ ;
+ else if (len > sizeof(unsigned))
+ return ASN1_OVERRUN;
+
+ while (len--)
+ val = val * 256 + *p++;
+ *ret = val;
+ if(size) *size = oldlen;
+ return 0;
+}
+
+int
+der_get_integer (const unsigned char *p, size_t len,
+ int *ret, size_t *size)
+{
+ int val = 0;
+ size_t oldlen = len;
+
+ if (len > sizeof(int))
+ return ASN1_OVERRUN;
+
+ if (len > 0) {
+ val = (signed char)*p++;
+ while (--len)
+ val = val * 256 + *p++;
+ }
+ *ret = val;
+ if(size) *size = oldlen;
+ return 0;
+}
+
+int
+der_get_length (const unsigned char *p, size_t len,
+ size_t *val, size_t *size)
+{
+ size_t v;
+
+ if (len <= 0)
+ return ASN1_OVERRUN;
+ --len;
+ v = *p++;
+ if (v < 128) {
+ *val = v;
+ if(size) *size = 1;
+ } else {
+ int e;
+ size_t l;
+ unsigned tmp;
+
+ if(v == 0x80){
+ *val = ASN1_INDEFINITE;
+ if(size) *size = 1;
+ return 0;
+ }
+ v &= 0x7F;
+ if (len < v)
+ return ASN1_OVERRUN;
+ e = der_get_unsigned (p, v, &tmp, &l);
+ if(e) return e;
+ *val = tmp;
+ if(size) *size = l + 1;
+ }
+ return 0;
+}
+
+int
+der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size)
+{
+ if(len < 1)
+ return ASN1_OVERRUN;
+ if(*p != 0)
+ *data = 1;
+ else
+ *data = 0;
+ *size = 1;
+ return 0;
+}
+
+int
+der_get_general_string (const unsigned char *p, size_t len,
+ heim_general_string *str, size_t *size)
+{
+ const unsigned char *p1;
+ char *s;
+
+ p1 = memchr(p, 0, len);
+ if (p1 != NULL) {
+ /*
+ * Allow trailing NULs. We allow this since MIT Kerberos sends
+ * an strings in the NEED_PREAUTH case that includes a
+ * trailing NUL.
+ */
+ while (p1 - p < len && *p1 == '\0')
+ p1++;
+ if (p1 - p != len)
+ return ASN1_BAD_CHARACTER;
+ }
+ if (len > len + 1)
+ return ASN1_BAD_LENGTH;
+
+ s = malloc (len + 1);
+ if (s == NULL)
+ return ENOMEM;
+ memcpy (s, p, len);
+ s[len] = '\0';
+ *str = s;
+ if(size) *size = len;
+ return 0;
+}
+
+int
+der_get_utf8string (const unsigned char *p, size_t len,
+ heim_utf8_string *str, size_t *size)
+{
+ return der_get_general_string(p, len, str, size);
+}
+
+int
+der_get_printable_string (const unsigned char *p, size_t len,
+ heim_printable_string *str, size_t *size)
+{
+ return der_get_general_string(p, len, str, size);
+}
+
+int
+der_get_ia5_string (const unsigned char *p, size_t len,
+ heim_ia5_string *str, size_t *size)
+{
+ return der_get_general_string(p, len, str, size);
+}
+
+int
+der_get_bmp_string (const unsigned char *p, size_t len,
+ heim_bmp_string *data, size_t *size)
+{
+ size_t i;
+
+ if (len & 1)
+ return ASN1_BAD_FORMAT;
+ data->length = len / 2;
+ if (data->length > UINT_MAX/sizeof(data->data[0]))
+ return ERANGE;
+ data->data = malloc(data->length * sizeof(data->data[0]));
+ if (data->data == NULL && data->length != 0)
+ return ENOMEM;
+
+ for (i = 0; i < data->length; i++) {
+ data->data[i] = (p[0] << 8) | p[1];
+ p += 2;
+ }
+ if (size) *size = len;
+
+ return 0;
+}
+
+int
+der_get_universal_string (const unsigned char *p, size_t len,
+ heim_universal_string *data, size_t *size)
+{
+ size_t i;
+
+ if (len & 3)
+ return ASN1_BAD_FORMAT;
+ data->length = len / 4;
+ if (data->length > UINT_MAX/sizeof(data->data[0]))
+ return ERANGE;
+ data->data = malloc(data->length * sizeof(data->data[0]));
+ if (data->data == NULL && data->length != 0)
+ return ENOMEM;
+
+ for (i = 0; i < data->length; i++) {
+ data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ p += 4;
+ }
+ if (size) *size = len;
+ return 0;
+}
+
+int
+der_get_visible_string (const unsigned char *p, size_t len,
+ heim_visible_string *str, size_t *size)
+{
+ return der_get_general_string(p, len, str, size);
+}
+
+int
+der_get_octet_string (const unsigned char *p, size_t len,
+ heim_octet_string *data, size_t *size)
+{
+ data->length = len;
+ data->data = malloc(len);
+ if (data->data == NULL && data->length != 0)
+ return ENOMEM;
+ memcpy (data->data, p, len);
+ if(size) *size = len;
+ return 0;
+}
+
+int
+der_get_heim_integer (const unsigned char *p, size_t len,
+ heim_integer *data, size_t *size)
+{
+ data->length = 0;
+ data->negative = 0;
+ data->data = NULL;
+
+ if (len == 0) {
+ if (size)
+ *size = 0;
+ return 0;
+ }
+ if (p[0] & 0x80) {
+ unsigned char *q;
+ int carry = 1;
+ data->negative = 1;
+
+ data->length = len;
+
+ if (p[0] == 0xff) {
+ p++;
+ data->length--;
+ }
+ data->data = malloc(data->length);
+ if (data->data == NULL) {
+ data->length = 0;
+ if (size)
+ *size = 0;
+ return ENOMEM;
+ }
+ q = &((unsigned char*)data->data)[data->length - 1];
+ p += data->length - 1;
+ while (q >= (unsigned char*)data->data) {
+ *q = *p ^ 0xff;
+ if (carry)
+ carry = !++*q;
+ p--;
+ q--;
+ }
+ } else {
+ data->negative = 0;
+ data->length = len;
+
+ if (p[0] == 0) {
+ p++;
+ data->length--;
+ }
+ data->data = malloc(data->length);
+ if (data->data == NULL && data->length != 0) {
+ data->length = 0;
+ if (size)
+ *size = 0;
+ return ENOMEM;
+ }
+ memcpy(data->data, p, data->length);
+ }
+ if (size)
+ *size = len;
+ return 0;
+}
+
+static int
+generalizedtime2time (const char *s, time_t *t)
+{
+ struct tm tm;
+
+ memset(&tm, 0, sizeof(tm));
+ if (sscanf (s, "%04d%02d%02d%02d%02d%02dZ",
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
+ &tm.tm_min, &tm.tm_sec) != 6) {
+ if (sscanf (s, "%02d%02d%02d%02d%02d%02dZ",
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
+ &tm.tm_min, &tm.tm_sec) != 6)
+ return ASN1_BAD_TIMEFORMAT;
+ if (tm.tm_year < 50)
+ tm.tm_year += 2000;
+ else
+ tm.tm_year += 1900;
+ }
+ tm.tm_year -= 1900;
+ tm.tm_mon -= 1;
+ *t = _der_timegm (&tm);
+ return 0;
+}
+
+static int
+der_get_time (const unsigned char *p, size_t len,
+ time_t *data, size_t *size)
+{
+ char *times;
+ int e;
+
+ if (len > len + 1 || len == 0)
+ return ASN1_BAD_LENGTH;
+
+ times = malloc(len + 1);
+ if (times == NULL)
+ return ENOMEM;
+ memcpy(times, p, len);
+ times[len] = '\0';
+ e = generalizedtime2time(times, data);
+ free (times);
+ if(size) *size = len;
+ return e;
+}
+
+int
+der_get_generalized_time (const unsigned char *p, size_t len,
+ time_t *data, size_t *size)
+{
+ return der_get_time(p, len, data, size);
+}
+
+int
+der_get_utctime (const unsigned char *p, size_t len,
+ time_t *data, size_t *size)
+{
+ return der_get_time(p, len, data, size);
+}
+
+int
+der_get_oid (const unsigned char *p, size_t len,
+ heim_oid *data, size_t *size)
+{
+ size_t n;
+ size_t oldlen = len;
+
+ if (len < 1)
+ return ASN1_OVERRUN;
+
+ if (len > len + 1)
+ return ASN1_BAD_LENGTH;
+
+ if (len + 1 > UINT_MAX/sizeof(data->components[0]))
+ return ERANGE;
+
+ data->components = malloc((len + 1) * sizeof(data->components[0]));
+ if (data->components == NULL)
+ return ENOMEM;
+ data->components[0] = (*p) / 40;
+ data->components[1] = (*p) % 40;
+ --len;
+ ++p;
+ for (n = 2; len > 0; ++n) {
+ unsigned u = 0, u1;
+
+ do {
+ --len;
+ u1 = u * 128 + (*p++ % 128);
+ /* check that we don't overflow the element */
+ if (u1 < u) {
+ der_free_oid(data);
+ return ASN1_OVERRUN;
+ }
+ u = u1;
+ } while (len > 0 && p[-1] & 0x80);
+ data->components[n] = u;
+ }
+ if (n > 2 && p[-1] & 0x80) {
+ der_free_oid (data);
+ return ASN1_OVERRUN;
+ }
+ data->length = n;
+ if (size)
+ *size = oldlen;
+ return 0;
+}
+
+int
+der_get_tag (const unsigned char *p, size_t len,
+ Der_class *class, Der_type *type,
+ unsigned int *tag, size_t *size)
+{
+ size_t ret = 0;
+ if (len < 1)
+ return ASN1_OVERRUN;
+ *class = (Der_class)(((*p) >> 6) & 0x03);
+ *type = (Der_type)(((*p) >> 5) & 0x01);
+ *tag = (*p) & 0x1f;
+ p++; len--; ret++;
+ if(*tag == 0x1f) {
+ unsigned int continuation;
+ unsigned int tag1;
+ *tag = 0;
+ do {
+ if(len < 1)
+ return ASN1_OVERRUN;
+ continuation = *p & 128;
+ tag1 = *tag * 128 + (*p % 128);
+ /* check that we don't overflow the tag */
+ if (tag1 < *tag)
+ return ASN1_OVERFLOW;
+ *tag = tag1;
+ p++; len--; ret++;
+ } while(continuation);
+ }
+ if(size) *size = ret;
+ return 0;
+}
+
+int
+der_match_tag (const unsigned char *p, size_t len,
+ Der_class class, Der_type type,
+ unsigned int tag, size_t *size)
+{
+ size_t l;
+ Der_class thisclass;
+ Der_type thistype;
+ unsigned int thistag;
+ int e;
+
+ e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
+ if (e) return e;
+ if (class != thisclass || type != thistype)
+ return ASN1_BAD_ID;
+ if(tag > thistag)
+ return ASN1_MISPLACED_FIELD;
+ if(tag < thistag)
+ return ASN1_MISSING_FIELD;
+ if(size) *size = l;
+ return 0;
+}
+
+int
+der_match_tag_and_length (const unsigned char *p, size_t len,
+ Der_class class, Der_type type, unsigned int tag,
+ size_t *length_ret, size_t *size)
+{
+ size_t l, ret = 0;
+ int e;
+
+ e = der_match_tag (p, len, class, type, tag, &l);
+ if (e) return e;
+ p += l;
+ len -= l;
+ ret += l;
+ e = der_get_length (p, len, length_ret, &l);
+ if (e) return e;
+ p += l;
+ len -= l;
+ ret += l;
+ if(size) *size = ret;
+ return 0;
+}
+
+/*
+ * Old versions of DCE was based on a very early beta of the MIT code,
+ * which used MAVROS for ASN.1 encoding. MAVROS had the interesting
+ * feature that it encoded data in the forward direction, which has
+ * it's problems, since you have no idea how long the data will be
+ * until after you're done. MAVROS solved this by reserving one byte
+ * for length, and later, if the actual length was longer, it reverted
+ * to indefinite, BER style, lengths. The version of MAVROS used by
+ * the DCE people could apparently generate correct X.509 DER encodings, and
+ * did this by making space for the length after encoding, but
+ * unfortunately this feature wasn't used with Kerberos.
+ */
+
+int
+_heim_fix_dce(size_t reallen, size_t *len)
+{
+ if(reallen == ASN1_INDEFINITE)
+ return 1;
+ if(*len < reallen)
+ return -1;
+ *len = reallen;
+ return 0;
+}
+
+int
+der_get_bit_string (const unsigned char *p, size_t len,
+ heim_bit_string *data, size_t *size)
+{
+ if (len < 1)
+ return ASN1_OVERRUN;
+ if (p[0] > 7)
+ return ASN1_BAD_FORMAT;
+ if (len - 1 == 0 && p[0] != 0)
+ return ASN1_BAD_FORMAT;
+ /* check if any of the three upper bits are set
+ * any of them will cause a interger overrun */
+ if ((len - 1) >> (sizeof(len) * 8 - 3))
+ return ASN1_OVERRUN;
+ data->length = (len - 1) * 8;
+ data->data = malloc(len - 1);
+ if (data->data == NULL && (len - 1) != 0)
+ return ENOMEM;
+ memcpy (data->data, p + 1, len - 1);
+ data->length -= p[0];
+ if(size) *size = len;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der_length.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_length.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_length.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+RCSID("$Id: der_length.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+size_t
+_heim_len_unsigned (unsigned val)
+{
+ size_t ret = 0;
+ int last_val_gt_128;
+
+ do {
+ ++ret;
+ last_val_gt_128 = (val >= 128);
+ val /= 256;
+ } while (val);
+
+ if(last_val_gt_128)
+ ret++;
+
+ return ret;
+}
+
+size_t
+_heim_len_int (int val)
+{
+ unsigned char q;
+ size_t ret = 0;
+
+ if (val >= 0) {
+ do {
+ q = val % 256;
+ ret++;
+ val /= 256;
+ } while(val);
+ if(q >= 128)
+ ret++;
+ } else {
+ val = ~val;
+ do {
+ q = ~(val % 256);
+ ret++;
+ val /= 256;
+ } while(val);
+ if(q < 128)
+ ret++;
+ }
+ return ret;
+}
+
+static size_t
+len_oid (const heim_oid *oid)
+{
+ size_t ret = 1;
+ int n;
+
+ for (n = 2; n < oid->length; ++n) {
+ unsigned u = oid->components[n];
+
+ do {
+ ++ret;
+ u /= 128;
+ } while(u > 0);
+ }
+ return ret;
+}
+
+size_t
+der_length_len (size_t len)
+{
+ if (len < 128)
+ return 1;
+ else {
+ int ret = 0;
+ do {
+ ++ret;
+ len /= 256;
+ } while (len);
+ return ret + 1;
+ }
+}
+
+size_t
+der_length_integer (const int *data)
+{
+ return _heim_len_int (*data);
+}
+
+size_t
+der_length_unsigned (const unsigned *data)
+{
+ return _heim_len_unsigned(*data);
+}
+
+size_t
+der_length_enumerated (const unsigned *data)
+{
+ return _heim_len_int (*data);
+}
+
+size_t
+der_length_general_string (const heim_general_string *data)
+{
+ return strlen(*data);
+}
+
+size_t
+der_length_utf8string (const heim_utf8_string *data)
+{
+ return strlen(*data);
+}
+
+size_t
+der_length_printable_string (const heim_printable_string *data)
+{
+ return strlen(*data);
+}
+
+size_t
+der_length_ia5_string (const heim_ia5_string *data)
+{
+ return strlen(*data);
+}
+
+size_t
+der_length_bmp_string (const heim_bmp_string *data)
+{
+ return data->length * 2;
+}
+
+size_t
+der_length_universal_string (const heim_universal_string *data)
+{
+ return data->length * 4;
+}
+
+size_t
+der_length_visible_string (const heim_visible_string *data)
+{
+ return strlen(*data);
+}
+
+size_t
+der_length_octet_string (const heim_octet_string *k)
+{
+ return k->length;
+}
+
+size_t
+der_length_heim_integer (const heim_integer *k)
+{
+ if (k->length == 0)
+ return 1;
+ if (k->negative)
+ return k->length + (((~(((unsigned char *)k->data)[0])) & 0x80) ? 0 : 1);
+ else
+ return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0);
+}
+
+size_t
+der_length_oid (const heim_oid *k)
+{
+ return len_oid (k);
+}
+
+size_t
+der_length_generalized_time (const time_t *t)
+{
+ heim_octet_string k;
+ size_t ret;
+
+ _heim_time2generalizedtime (*t, &k, 1);
+ ret = k.length;
+ free(k.data);
+ return ret;
+}
+
+size_t
+der_length_utctime (const time_t *t)
+{
+ heim_octet_string k;
+ size_t ret;
+
+ _heim_time2generalizedtime (*t, &k, 0);
+ ret = k.length;
+ free(k.data);
+ return ret;
+}
+
+size_t
+der_length_boolean (const int *k)
+{
+ return 1;
+}
+
+size_t
+der_length_bit_string (const heim_bit_string *k)
+{
+ return (k->length + 7) / 8 + 1;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/der_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1997 - 2002, 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: der_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __DER_LOCL_H__
+#define __DER_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <ctype.h>
+#include <time.h>
+#include <errno.h>
+#include <roken.h>
+
+#include <asn1-common.h>
+#include <asn1_err.h>
+#include <der.h>
+
+time_t _der_timegm (struct tm *);
+size_t _heim_len_unsigned (unsigned);
+size_t _heim_len_int (int);
+
+#endif /* __DER_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/asn1/der_put.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/der_put.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/der_put.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,483 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+RCSID("$Id: der_put.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * All encoding functions take a pointer `p' to first position in
+ * which to write, from the right, `len' which means the maximum
+ * number of characters we are able to write. The function returns
+ * the number of characters written in `size' (if non-NULL).
+ * The return value is 0 or an error.
+ */
+
+int
+der_put_unsigned (unsigned char *p, size_t len, const unsigned *v, size_t *size)
+{
+ unsigned char *base = p;
+ unsigned val = *v;
+
+ if (val) {
+ while (len > 0 && val) {
+ *p-- = val % 256;
+ val /= 256;
+ --len;
+ }
+ if (val != 0)
+ return ASN1_OVERFLOW;
+ else {
+ if(p[1] >= 128) {
+ if(len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 0;
+ }
+ *size = base - p;
+ return 0;
+ }
+ } else if (len < 1)
+ return ASN1_OVERFLOW;
+ else {
+ *p = 0;
+ *size = 1;
+ return 0;
+ }
+}
+
+int
+der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size)
+{
+ unsigned char *base = p;
+ int val = *v;
+
+ if(val >= 0) {
+ do {
+ if(len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = val % 256;
+ len--;
+ val /= 256;
+ } while(val);
+ if(p[1] >= 128) {
+ if(len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 0;
+ len--;
+ }
+ } else {
+ val = ~val;
+ do {
+ if(len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = ~(val % 256);
+ len--;
+ val /= 256;
+ } while(val);
+ if(p[1] < 128) {
+ if(len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 0xff;
+ len--;
+ }
+ }
+ *size = base - p;
+ return 0;
+}
+
+
+int
+der_put_length (unsigned char *p, size_t len, size_t val, size_t *size)
+{
+ if (len < 1)
+ return ASN1_OVERFLOW;
+
+ if (val < 128) {
+ *p = val;
+ *size = 1;
+ } else {
+ size_t l = 0;
+
+ while(val > 0) {
+ if(len < 2)
+ return ASN1_OVERFLOW;
+ *p-- = val % 256;
+ val /= 256;
+ len--;
+ l++;
+ }
+ *p = 0x80 | l;
+ if(size)
+ *size = l + 1;
+ }
+ return 0;
+}
+
+int
+der_put_boolean(unsigned char *p, size_t len, const int *data, size_t *size)
+{
+ if(len < 1)
+ return ASN1_OVERFLOW;
+ if(*data != 0)
+ *p = 0xff;
+ else
+ *p = 0;
+ *size = 1;
+ return 0;
+}
+
+int
+der_put_general_string (unsigned char *p, size_t len,
+ const heim_general_string *str, size_t *size)
+{
+ size_t slen = strlen(*str);
+
+ if (len < slen)
+ return ASN1_OVERFLOW;
+ p -= slen;
+ len -= slen;
+ memcpy (p+1, *str, slen);
+ *size = slen;
+ return 0;
+}
+
+int
+der_put_utf8string (unsigned char *p, size_t len,
+ const heim_utf8_string *str, size_t *size)
+{
+ return der_put_general_string(p, len, str, size);
+}
+
+int
+der_put_printable_string (unsigned char *p, size_t len,
+ const heim_printable_string *str, size_t *size)
+{
+ return der_put_general_string(p, len, str, size);
+}
+
+int
+der_put_ia5_string (unsigned char *p, size_t len,
+ const heim_ia5_string *str, size_t *size)
+{
+ return der_put_general_string(p, len, str, size);
+}
+
+int
+der_put_bmp_string (unsigned char *p, size_t len,
+ const heim_bmp_string *data, size_t *size)
+{
+ size_t i;
+ if (len / 2 < data->length)
+ return ASN1_OVERFLOW;
+ p -= data->length * 2;
+ len -= data->length * 2;
+ for (i = 0; i < data->length; i++) {
+ p[1] = (data->data[i] >> 8) & 0xff;
+ p[2] = data->data[i] & 0xff;
+ p += 2;
+ }
+ if (size) *size = data->length * 2;
+ return 0;
+}
+
+int
+der_put_universal_string (unsigned char *p, size_t len,
+ const heim_universal_string *data, size_t *size)
+{
+ size_t i;
+ if (len / 4 < data->length)
+ return ASN1_OVERFLOW;
+ p -= data->length * 4;
+ len -= data->length * 4;
+ for (i = 0; i < data->length; i++) {
+ p[1] = (data->data[i] >> 24) & 0xff;
+ p[2] = (data->data[i] >> 16) & 0xff;
+ p[3] = (data->data[i] >> 8) & 0xff;
+ p[4] = data->data[i] & 0xff;
+ p += 4;
+ }
+ if (size) *size = data->length * 4;
+ return 0;
+}
+
+int
+der_put_visible_string (unsigned char *p, size_t len,
+ const heim_visible_string *str, size_t *size)
+{
+ return der_put_general_string(p, len, str, size);
+}
+
+int
+der_put_octet_string (unsigned char *p, size_t len,
+ const heim_octet_string *data, size_t *size)
+{
+ if (len < data->length)
+ return ASN1_OVERFLOW;
+ p -= data->length;
+ len -= data->length;
+ memcpy (p+1, data->data, data->length);
+ *size = data->length;
+ return 0;
+}
+
+int
+der_put_heim_integer (unsigned char *p, size_t len,
+ const heim_integer *data, size_t *size)
+{
+ unsigned char *buf = data->data;
+ int hibitset = 0;
+
+ if (data->length == 0) {
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 0;
+ if (size)
+ *size = 1;
+ return 0;
+ }
+ if (len < data->length)
+ return ASN1_OVERFLOW;
+
+ len -= data->length;
+
+ if (data->negative) {
+ int i, carry;
+ for (i = data->length - 1, carry = 1; i >= 0; i--) {
+ *p = buf[i] ^ 0xff;
+ if (carry)
+ carry = !++*p;
+ p--;
+ }
+ if (p[1] < 128) {
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 0xff;
+ len--;
+ hibitset = 1;
+ }
+ } else {
+ p -= data->length;
+ memcpy(p + 1, buf, data->length);
+
+ if (p[1] >= 128) {
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ p[0] = 0;
+ len--;
+ hibitset = 1;
+ }
+ }
+ if (size)
+ *size = data->length + hibitset;
+ return 0;
+}
+
+int
+der_put_generalized_time (unsigned char *p, size_t len,
+ const time_t *data, size_t *size)
+{
+ heim_octet_string k;
+ size_t l;
+ int e;
+
+ e = _heim_time2generalizedtime (*data, &k, 1);
+ if (e)
+ return e;
+ e = der_put_octet_string(p, len, &k, &l);
+ free(k.data);
+ if(e)
+ return e;
+ if(size)
+ *size = l;
+ return 0;
+}
+
+int
+der_put_utctime (unsigned char *p, size_t len,
+ const time_t *data, size_t *size)
+{
+ heim_octet_string k;
+ size_t l;
+ int e;
+
+ e = _heim_time2generalizedtime (*data, &k, 0);
+ if (e)
+ return e;
+ e = der_put_octet_string(p, len, &k, &l);
+ free(k.data);
+ if(e)
+ return e;
+ if(size)
+ *size = l;
+ return 0;
+}
+
+int
+der_put_oid (unsigned char *p, size_t len,
+ const heim_oid *data, size_t *size)
+{
+ unsigned char *base = p;
+ int n;
+
+ for (n = data->length - 1; n >= 2; --n) {
+ unsigned u = data->components[n];
+
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = u % 128;
+ u /= 128;
+ --len;
+ while (u > 0) {
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 128 + u % 128;
+ u /= 128;
+ --len;
+ }
+ }
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = 40 * data->components[0] + data->components[1];
+ *size = base - p;
+ return 0;
+}
+
+int
+der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
+ unsigned int tag, size_t *size)
+{
+ if (tag <= 30) {
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p = MAKE_TAG(class, type, tag);
+ *size = 1;
+ } else {
+ size_t ret = 0;
+ unsigned int continuation = 0;
+
+ do {
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = tag % 128 | continuation;
+ len--;
+ ret++;
+ tag /= 128;
+ continuation = 0x80;
+ } while(tag > 0);
+ if (len < 1)
+ return ASN1_OVERFLOW;
+ *p-- = MAKE_TAG(class, type, 0x1f);
+ ret++;
+ *size = ret;
+ }
+ return 0;
+}
+
+int
+der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val,
+ Der_class class, Der_type type,
+ unsigned int tag, size_t *size)
+{
+ size_t ret = 0;
+ size_t l;
+ int e;
+
+ e = der_put_length (p, len, len_val, &l);
+ if(e)
+ return e;
+ p -= l;
+ len -= l;
+ ret += l;
+ e = der_put_tag (p, len, class, type, tag, &l);
+ if(e)
+ return e;
+ p -= l;
+ len -= l;
+ ret += l;
+ *size = ret;
+ return 0;
+}
+
+int
+_heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
+{
+ struct tm *tm;
+ const size_t len = gtimep ? 15 : 13;
+
+ s->data = malloc(len + 1);
+ if (s->data == NULL)
+ return ENOMEM;
+ s->length = len;
+ tm = gmtime (&t);
+ if (gtimep)
+ snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ",
+ tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+ else
+ snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ",
+ tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
+ tm->tm_hour, tm->tm_min, tm->tm_sec);
+
+ return 0;
+}
+
+int
+der_put_bit_string (unsigned char *p, size_t len,
+ const heim_bit_string *data, size_t *size)
+{
+ size_t data_size = (data->length + 7) / 8;
+ if (len < data_size + 1)
+ return ASN1_OVERFLOW;
+ p -= data_size + 1;
+ len -= data_size + 1;
+ memcpy (p+2, data->data, data_size);
+ if (data->length && (data->length % 8) != 0)
+ p[1] = 8 - (data->length % 8);
+ else
+ p[1] = 0;
+ *size = data_size + 1;
+ return 0;
+}
+
+int
+_heim_der_set_sort(const void *a1, const void *a2)
+{
+ const struct heim_octet_string *s1 = a1, *s2 = a2;
+ int ret;
+
+ ret = memcmp(s1->data, s2->data,
+ s1->length < s2->length ? s1->length : s2->length);
+ if(ret)
+ return ret;
+ return s1->length - s2->length;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/digest.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/digest.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/digest.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,164 @@
+-- $Id: digest.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+DIGEST DEFINITIONS ::=
+BEGIN
+
+IMPORTS EncryptedData, Principal FROM krb5;
+
+DigestTypes ::= BIT STRING {
+ ntlm-v1(0),
+ ntlm-v1-session(1),
+ ntlm-v2(2),
+ digest-md5(3),
+ chap-md5(4),
+ ms-chap-v2(5)
+}
+
+DigestInit ::= SEQUENCE {
+ type UTF8String, -- http, sasl, chap, cram-md5 --
+ channel [0] SEQUENCE {
+ cb-type UTF8String,
+ cb-binding UTF8String
+ } OPTIONAL,
+ hostname [1] UTF8String OPTIONAL -- for chap/cram-md5
+}
+
+DigestInitReply ::= SEQUENCE {
+ nonce UTF8String, -- service nonce/challange
+ opaque UTF8String, -- server state
+ identifier [0] UTF8String OPTIONAL
+}
+
+
+DigestRequest ::= SEQUENCE {
+ type UTF8String, -- http, sasl-md5, chap, cram-md5 --
+ digest UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
+ username UTF8String, -- username user used
+ responseData UTF8String, -- client response
+ authid [0] UTF8String OPTIONAL,
+ authentication-user [1] Principal OPTIONAL, -- principal to get key from
+ realm [2] UTF8String OPTIONAL,
+ method [3] UTF8String OPTIONAL,
+ uri [4] UTF8String OPTIONAL,
+ serverNonce UTF8String, -- same as "DigestInitReply.nonce"
+ clientNonce [5] UTF8String OPTIONAL,
+ nonceCount [6] UTF8String OPTIONAL,
+ qop [7] UTF8String OPTIONAL,
+ identifier [8] UTF8String OPTIONAL,
+ hostname [9] UTF8String OPTIONAL,
+ opaque UTF8String -- same as "DigestInitReply.opaque"
+}
+-- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
+-- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
+
+
+DigestError ::= SEQUENCE {
+ reason UTF8String,
+ code INTEGER (-2147483648..2147483647)
+}
+
+DigestResponse ::= SEQUENCE {
+ success BOOLEAN,
+ rsp [0] UTF8String OPTIONAL,
+ tickets [1] SEQUENCE OF OCTET STRING OPTIONAL,
+ channel [2] SEQUENCE {
+ cb-type UTF8String,
+ cb-binding UTF8String
+ } OPTIONAL,
+ session-key [3] OCTET STRING OPTIONAL
+}
+
+NTLMInit ::= SEQUENCE {
+ flags [0] INTEGER (0..4294967295),
+ hostname [1] UTF8String OPTIONAL,
+ domain [1] UTF8String OPTIONAL
+}
+
+NTLMInitReply ::= SEQUENCE {
+ flags [0] INTEGER (0..4294967295),
+ opaque [1] OCTET STRING,
+ targetname [2] UTF8String,
+ challange [3] OCTET STRING,
+ targetinfo [4] OCTET STRING OPTIONAL
+}
+
+NTLMRequest ::= SEQUENCE {
+ flags [0] INTEGER (0..4294967295),
+ opaque [1] OCTET STRING,
+ username [2] UTF8String,
+ targetname [3] UTF8String,
+ targetinfo [4] OCTET STRING OPTIONAL,
+ lm [5] OCTET STRING,
+ ntlm [6] OCTET STRING,
+ sessionkey [7] OCTET STRING OPTIONAL
+}
+
+NTLMResponse ::= SEQUENCE {
+ success [0] BOOLEAN,
+ flags [1] INTEGER (0..4294967295),
+ sessionkey [2] OCTET STRING OPTIONAL,
+ tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
+}
+
+DigestReqInner ::= CHOICE {
+ init [0] DigestInit,
+ digestRequest [1] DigestRequest,
+ ntlmInit [2] NTLMInit,
+ ntlmRequest [3] NTLMRequest,
+ supportedMechs [4] NULL
+}
+
+DigestREQ ::= [APPLICATION 128] SEQUENCE {
+ apReq [0] OCTET STRING,
+ innerReq [1] EncryptedData
+}
+
+DigestRepInner ::= CHOICE {
+ error [0] DigestError,
+ initReply [1] DigestInitReply,
+ response [2] DigestResponse,
+ ntlmInitReply [3] NTLMInitReply,
+ ntlmResponse [4] NTLMResponse,
+ supportedMechs [5] DigestTypes,
+ ...
+}
+
+DigestREP ::= [APPLICATION 129] SEQUENCE {
+ apRep [0] OCTET STRING,
+ innerRep [1] EncryptedData
+}
+
+
+-- HTTP
+
+-- md5
+-- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
+-- md5-sess
+-- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
+
+-- qop == auth
+-- A2 = Method ":" digest-uri-value
+-- qop == auth-int
+-- A2 = Method ":" digest-uri-value ":" H(entity-body)
+
+-- request-digest = HEX(KD(HEX(H(A1)),
+-- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
+-- no "qop"
+-- request-digest = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
+
+
+-- SASL:
+-- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
+-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
+-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
+
+-- A2 = "AUTHENTICATE:", ":", digest-uri-value
+-- qop == auth-int,auth-conf
+-- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
+
+-- response-value = HEX( KD ( HEX(H(A1)),
+-- { unq(nonce-value), ":" nc-value, ":",
+-- unq(cnonce-value), ":", qop-value, ":",
+-- HEX(H(A2)) }))
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/extra.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/extra.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/extra.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+#include "heim_asn1.h"
+
+RCSID("$Id: extra.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+int
+encode_heim_any(unsigned char *p, size_t len,
+ const heim_any *data, size_t *size)
+{
+ if (data->length > len)
+ return ASN1_OVERFLOW;
+ p -= data->length;
+ len -= data->length;
+ memcpy (p+1, data->data, data->length);
+ *size = data->length;
+ return 0;
+}
+
+int
+decode_heim_any(const unsigned char *p, size_t len,
+ heim_any *data, size_t *size)
+{
+ size_t len_len, length, l;
+ Der_class thisclass;
+ Der_type thistype;
+ unsigned int thistag;
+ int e;
+
+ memset(data, 0, sizeof(*data));
+
+ e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
+ if (e) return e;
+ if (l > len)
+ return ASN1_OVERFLOW;
+ e = der_get_length(p + l, len - l, &length, &len_len);
+ if (e) return e;
+ if (length + len_len + l > len)
+ return ASN1_OVERFLOW;
+
+ data->data = malloc(length + len_len + l);
+ if (data->data == NULL)
+ return ENOMEM;
+ data->length = length + len_len + l;
+ memcpy(data->data, p, length + len_len + l);
+
+ if (size)
+ *size = length + len_len + l;
+
+ return 0;
+}
+
+void
+free_heim_any(heim_any *data)
+{
+ free(data->data);
+ data->data = NULL;
+}
+
+size_t
+length_heim_any(const heim_any *data)
+{
+ return data->length;
+}
+
+int
+copy_heim_any(const heim_any *from, heim_any *to)
+{
+ to->data = malloc(from->length);
+ if (to->data == NULL && from->length != 0)
+ return ENOMEM;
+ memcpy(to->data, from->data, from->length);
+ to->length = from->length;
+ return 0;
+}
+
+int
+encode_heim_any_set(unsigned char *p, size_t len,
+ const heim_any_set *data, size_t *size)
+{
+ return encode_heim_any(p, len, data, size);
+}
+
+
+int
+decode_heim_any_set(const unsigned char *p, size_t len,
+ heim_any_set *data, size_t *size)
+{
+ memset(data, 0, sizeof(*data));
+ data->data = malloc(len);
+ if (data->data == NULL && len != 0)
+ return ENOMEM;
+ data->length = len;
+ memcpy(data->data, p, len);
+ if (size) *size = len;
+ return 0;
+}
+
+void
+free_heim_any_set(heim_any_set *data)
+{
+ free_heim_any(data);
+}
+
+size_t
+length_heim_any_set(const heim_any *data)
+{
+ return length_heim_any(data);
+}
+
+int
+copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
+{
+ return copy_heim_any(from, to);
+}
+
+int
+heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
+{
+ if (p->length != q->length)
+ return p->length - q->length;
+ return memcmp(p->data, q->data, p->length);
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/gen.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,797 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+FILE *headerfile, *codefile, *logfile;
+
+#define STEM "asn1"
+
+static const char *orig_filename;
+static char *header;
+static const char *headerbase = STEM;
+
+/*
+ * list of all IMPORTs
+ */
+
+struct import {
+ const char *module;
+ struct import *next;
+};
+
+static struct import *imports = NULL;
+
+void
+add_import (const char *module)
+{
+ struct import *tmp = emalloc (sizeof(*tmp));
+
+ tmp->module = module;
+ tmp->next = imports;
+ imports = tmp;
+
+ fprintf (headerfile, "#include <%s_asn1.h>\n", module);
+}
+
+const char *
+get_filename (void)
+{
+ return orig_filename;
+}
+
+void
+init_generate (const char *filename, const char *base)
+{
+ char *fn;
+
+ orig_filename = filename;
+ if (base != NULL) {
+ headerbase = strdup(base);
+ if (headerbase == NULL)
+ errx(1, "strdup");
+ }
+ asprintf(&header, "%s.h", headerbase);
+ if (header == NULL)
+ errx(1, "malloc");
+ headerfile = fopen (header, "w");
+ if (headerfile == NULL)
+ err (1, "open %s", header);
+ fprintf (headerfile,
+ "/* Generated from %s */\n"
+ "/* Do not edit */\n\n",
+ filename);
+ fprintf (headerfile,
+ "#ifndef __%s_h__\n"
+ "#define __%s_h__\n\n", headerbase, headerbase);
+ fprintf (headerfile,
+ "#include <stddef.h>\n"
+ "#include <time.h>\n\n");
+ fprintf (headerfile,
+ "#ifndef __asn1_common_definitions__\n"
+ "#define __asn1_common_definitions__\n\n");
+ fprintf (headerfile,
+ "typedef struct heim_integer {\n"
+ " size_t length;\n"
+ " void *data;\n"
+ " int negative;\n"
+ "} heim_integer;\n\n");
+ fprintf (headerfile,
+ "typedef struct heim_octet_string {\n"
+ " size_t length;\n"
+ " void *data;\n"
+ "} heim_octet_string;\n\n");
+ fprintf (headerfile,
+ "typedef char *heim_general_string;\n\n"
+ );
+ fprintf (headerfile,
+ "typedef char *heim_utf8_string;\n\n"
+ );
+ fprintf (headerfile,
+ "typedef char *heim_printable_string;\n\n"
+ );
+ fprintf (headerfile,
+ "typedef char *heim_ia5_string;\n\n"
+ );
+ fprintf (headerfile,
+ "typedef struct heim_bmp_string {\n"
+ " size_t length;\n"
+ " uint16_t *data;\n"
+ "} heim_bmp_string;\n\n");
+ fprintf (headerfile,
+ "typedef struct heim_universal_string {\n"
+ " size_t length;\n"
+ " uint32_t *data;\n"
+ "} heim_universal_string;\n\n");
+ fprintf (headerfile,
+ "typedef char *heim_visible_string;\n\n"
+ );
+ fprintf (headerfile,
+ "typedef struct heim_oid {\n"
+ " size_t length;\n"
+ " unsigned *components;\n"
+ "} heim_oid;\n\n");
+ fprintf (headerfile,
+ "typedef struct heim_bit_string {\n"
+ " size_t length;\n"
+ " void *data;\n"
+ "} heim_bit_string;\n\n");
+ fprintf (headerfile,
+ "typedef struct heim_octet_string heim_any;\n"
+ "typedef struct heim_octet_string heim_any_set;\n\n");
+ fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n"
+ " do { \\\n"
+ " (BL) = length_##T((S)); \\\n"
+ " (B) = malloc((BL)); \\\n"
+ " if((B) == NULL) { \\\n"
+ " (R) = ENOMEM; \\\n"
+ " } else { \\\n"
+ " (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
+ " (S), (L)); \\\n"
+ " if((R) != 0) { \\\n"
+ " free((B)); \\\n"
+ " (B) = NULL; \\\n"
+ " } \\\n"
+ " } \\\n"
+ " } while (0)\n\n",
+ headerfile);
+ fprintf (headerfile, "struct units;\n\n");
+ fprintf (headerfile, "#endif\n\n");
+ asprintf(&fn, "%s_files", base);
+ if (fn == NULL)
+ errx(1, "malloc");
+ logfile = fopen(fn, "w");
+ if (logfile == NULL)
+ err (1, "open %s", fn);
+}
+
+void
+close_generate (void)
+{
+ fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
+
+ fclose (headerfile);
+ fprintf (logfile, "\n");
+ fclose (logfile);
+}
+
+void
+gen_assign_defval(const char *var, struct value *val)
+{
+ switch(val->type) {
+ case stringvalue:
+ fprintf(codefile, "if((%s = strdup(\"%s\")) == NULL)\nreturn ENOMEM;\n", var, val->u.stringvalue);
+ break;
+ case integervalue:
+ fprintf(codefile, "%s = %d;\n", var, val->u.integervalue);
+ break;
+ case booleanvalue:
+ if(val->u.booleanvalue)
+ fprintf(codefile, "%s = TRUE;\n", var);
+ else
+ fprintf(codefile, "%s = FALSE;\n", var);
+ break;
+ default:
+ abort();
+ }
+}
+
+void
+gen_compare_defval(const char *var, struct value *val)
+{
+ switch(val->type) {
+ case stringvalue:
+ fprintf(codefile, "if(strcmp(%s, \"%s\") != 0)\n", var, val->u.stringvalue);
+ break;
+ case integervalue:
+ fprintf(codefile, "if(%s != %d)\n", var, val->u.integervalue);
+ break;
+ case booleanvalue:
+ if(val->u.booleanvalue)
+ fprintf(codefile, "if(!%s)\n", var);
+ else
+ fprintf(codefile, "if(%s)\n", var);
+ break;
+ default:
+ abort();
+ }
+}
+
+static void
+generate_header_of_codefile(const char *name)
+{
+ char *filename;
+
+ if (codefile != NULL)
+ abort();
+
+ asprintf (&filename, "%s_%s.x", STEM, name);
+ if (filename == NULL)
+ errx(1, "malloc");
+ codefile = fopen (filename, "w");
+ if (codefile == NULL)
+ err (1, "fopen %s", filename);
+ fprintf(logfile, "%s ", filename);
+ free(filename);
+ fprintf (codefile,
+ "/* Generated from %s */\n"
+ "/* Do not edit */\n\n"
+ "#include <stdio.h>\n"
+ "#include <stdlib.h>\n"
+ "#include <time.h>\n"
+ "#include <string.h>\n"
+ "#include <errno.h>\n"
+ "#include <limits.h>\n"
+ "#include <krb5-types.h>\n",
+ orig_filename);
+
+ fprintf (codefile,
+ "#include <%s.h>\n",
+ headerbase);
+ fprintf (codefile,
+ "#include <asn1_err.h>\n"
+ "#include <der.h>\n"
+ "#include <parse_units.h>\n\n");
+
+}
+
+static void
+close_codefile(void)
+{
+ if (codefile == NULL)
+ abort();
+
+ fclose(codefile);
+ codefile = NULL;
+}
+
+
+void
+generate_constant (const Symbol *s)
+{
+ switch(s->value->type) {
+ case booleanvalue:
+ break;
+ case integervalue:
+ fprintf (headerfile, "enum { %s = %d };\n\n",
+ s->gen_name, s->value->u.integervalue);
+ break;
+ case nullvalue:
+ break;
+ case stringvalue:
+ break;
+ case objectidentifiervalue: {
+ struct objid *o, **list;
+ int i, len;
+
+ generate_header_of_codefile(s->gen_name);
+
+ len = 0;
+ for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
+ len++;
+ list = emalloc(sizeof(*list) * len);
+
+ i = 0;
+ for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
+ list[i++] = o;
+
+ fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name);
+ for (i = len - 1 ; i >= 0; i--) {
+ o = list[i];
+ fprintf(headerfile, "%s(%d) ",
+ o->label ? o->label : "label-less", o->value);
+ }
+
+ fprintf (headerfile, "} */\n");
+ fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n",
+ s->gen_name);
+
+ fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {",
+ s->gen_name, len);
+ for (i = len - 1 ; i >= 0; i--) {
+ fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : "");
+ }
+ fprintf(codefile, "};\n");
+
+ fprintf (codefile, "static const heim_oid oid_%s_variable = "
+ "{ %d, oid_%s_variable_num };\n\n",
+ s->gen_name, len, s->gen_name);
+
+ fprintf (codefile, "const heim_oid *oid_%s(void)\n"
+ "{\n"
+ "return &oid_%s_variable;\n"
+ "}\n\n",
+ s->gen_name, s->gen_name);
+
+ close_codefile();
+
+ break;
+ }
+ default:
+ abort();
+ }
+}
+
+static void
+space(int level)
+{
+ while(level-- > 0)
+ fprintf(headerfile, " ");
+}
+
+static const char *
+last_member_p(struct member *m)
+{
+ struct member *n = ASN1_TAILQ_NEXT(m, members);
+ if (n == NULL)
+ return "";
+ if (n->ellipsis && ASN1_TAILQ_NEXT(n, members) == NULL)
+ return "";
+ return ",";
+}
+
+static struct member *
+have_ellipsis(Type *t)
+{
+ struct member *m;
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ if (m->ellipsis)
+ return m;
+ }
+ return NULL;
+}
+
+static void
+define_asn1 (int level, Type *t)
+{
+ switch (t->type) {
+ case TType:
+ fprintf (headerfile, "%s", t->symbol->name);
+ break;
+ case TInteger:
+ if(t->members == NULL) {
+ fprintf (headerfile, "INTEGER");
+ if (t->range)
+ fprintf (headerfile, " (%d..%d)",
+ t->range->min, t->range->max);
+ } else {
+ Member *m;
+ fprintf (headerfile, "INTEGER {\n");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ space (level + 1);
+ fprintf(headerfile, "%s(%d)%s\n", m->gen_name, m->val,
+ last_member_p(m));
+ }
+ space(level);
+ fprintf (headerfile, "}");
+ }
+ break;
+ case TBoolean:
+ fprintf (headerfile, "BOOLEAN");
+ break;
+ case TOctetString:
+ fprintf (headerfile, "OCTET STRING");
+ break;
+ case TEnumerated :
+ case TBitString: {
+ Member *m;
+
+ space(level);
+ if(t->type == TBitString)
+ fprintf (headerfile, "BIT STRING {\n");
+ else
+ fprintf (headerfile, "ENUMERATED {\n");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ space(level + 1);
+ fprintf (headerfile, "%s(%d)%s\n", m->name, m->val,
+ last_member_p(m));
+ }
+ space(level);
+ fprintf (headerfile, "}");
+ break;
+ }
+ case TChoice:
+ case TSet:
+ case TSequence: {
+ Member *m;
+ int max_width = 0;
+
+ if(t->type == TChoice)
+ fprintf(headerfile, "CHOICE {\n");
+ else if(t->type == TSet)
+ fprintf(headerfile, "SET {\n");
+ else
+ fprintf(headerfile, "SEQUENCE {\n");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ if(strlen(m->name) > max_width)
+ max_width = strlen(m->name);
+ }
+ max_width += 3;
+ if(max_width < 16) max_width = 16;
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ int width = max_width;
+ space(level + 1);
+ if (m->ellipsis) {
+ fprintf (headerfile, "...");
+ } else {
+ width -= fprintf(headerfile, "%s", m->name);
+ fprintf(headerfile, "%*s", width, "");
+ define_asn1(level + 1, m->type);
+ if(m->optional)
+ fprintf(headerfile, " OPTIONAL");
+ }
+ if(last_member_p(m))
+ fprintf (headerfile, ",");
+ fprintf (headerfile, "\n");
+ }
+ space(level);
+ fprintf (headerfile, "}");
+ break;
+ }
+ case TSequenceOf:
+ fprintf (headerfile, "SEQUENCE OF ");
+ define_asn1 (0, t->subtype);
+ break;
+ case TSetOf:
+ fprintf (headerfile, "SET OF ");
+ define_asn1 (0, t->subtype);
+ break;
+ case TGeneralizedTime:
+ fprintf (headerfile, "GeneralizedTime");
+ break;
+ case TGeneralString:
+ fprintf (headerfile, "GeneralString");
+ break;
+ case TTag: {
+ const char *classnames[] = { "UNIVERSAL ", "APPLICATION ",
+ "" /* CONTEXT */, "PRIVATE " };
+ if(t->tag.tagclass != ASN1_C_UNIV)
+ fprintf (headerfile, "[%s%d] ",
+ classnames[t->tag.tagclass],
+ t->tag.tagvalue);
+ if(t->tag.tagenv == TE_IMPLICIT)
+ fprintf (headerfile, "IMPLICIT ");
+ define_asn1 (level, t->subtype);
+ break;
+ }
+ case TUTCTime:
+ fprintf (headerfile, "UTCTime");
+ break;
+ case TUTF8String:
+ space(level);
+ fprintf (headerfile, "UTF8String");
+ break;
+ case TPrintableString:
+ space(level);
+ fprintf (headerfile, "PrintableString");
+ break;
+ case TIA5String:
+ space(level);
+ fprintf (headerfile, "IA5String");
+ break;
+ case TBMPString:
+ space(level);
+ fprintf (headerfile, "BMPString");
+ break;
+ case TUniversalString:
+ space(level);
+ fprintf (headerfile, "UniversalString");
+ break;
+ case TVisibleString:
+ space(level);
+ fprintf (headerfile, "VisibleString");
+ break;
+ case TOID :
+ space(level);
+ fprintf(headerfile, "OBJECT IDENTIFIER");
+ break;
+ case TNull:
+ space(level);
+ fprintf (headerfile, "NULL");
+ break;
+ default:
+ abort ();
+ }
+}
+
+static void
+define_type (int level, const char *name, Type *t, int typedefp, int preservep)
+{
+ switch (t->type) {
+ case TType:
+ space(level);
+ fprintf (headerfile, "%s %s;\n", t->symbol->gen_name, name);
+ break;
+ case TInteger:
+ space(level);
+ if(t->members) {
+ Member *m;
+ fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ space (level + 1);
+ fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val,
+ last_member_p(m));
+ }
+ fprintf (headerfile, "} %s;\n", name);
+ } else if (t->range == NULL) {
+ fprintf (headerfile, "heim_integer %s;\n", name);
+ } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
+ fprintf (headerfile, "int %s;\n", name);
+ } else if (t->range->min == 0 && t->range->max == UINT_MAX) {
+ fprintf (headerfile, "unsigned int %s;\n", name);
+ } else if (t->range->min == 0 && t->range->max == INT_MAX) {
+ fprintf (headerfile, "unsigned int %s;\n", name);
+ } else
+ errx(1, "%s: unsupported range %d -> %d",
+ name, t->range->min, t->range->max);
+ break;
+ case TBoolean:
+ space(level);
+ fprintf (headerfile, "int %s;\n", name);
+ break;
+ case TOctetString:
+ space(level);
+ fprintf (headerfile, "heim_octet_string %s;\n", name);
+ break;
+ case TBitString: {
+ Member *m;
+ Type i;
+ struct range range = { 0, INT_MAX };
+
+ i.type = TInteger;
+ i.range = ⦥
+ i.members = NULL;
+ i.constraint = NULL;
+
+ space(level);
+ if(ASN1_TAILQ_EMPTY(t->members))
+ fprintf (headerfile, "heim_bit_string %s;\n", name);
+ else {
+ fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *n;
+
+ asprintf (&n, "%s:1", m->gen_name);
+ if (n == NULL)
+ errx(1, "malloc");
+ define_type (level + 1, n, &i, FALSE, FALSE);
+ free (n);
+ }
+ space(level);
+ fprintf (headerfile, "} %s;\n\n", name);
+ }
+ break;
+ }
+ case TEnumerated: {
+ Member *m;
+
+ space(level);
+ fprintf (headerfile, "enum %s {\n", typedefp ? name : "");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ space(level + 1);
+ if (m->ellipsis)
+ fprintf (headerfile, "/* ... */\n");
+ else
+ fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val,
+ last_member_p(m));
+ }
+ space(level);
+ fprintf (headerfile, "} %s;\n\n", name);
+ break;
+ }
+ case TSet:
+ case TSequence: {
+ Member *m;
+
+ space(level);
+ fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ if (t->type == TSequence && preservep) {
+ space(level + 1);
+ fprintf(headerfile, "heim_octet_string _save;\n");
+ }
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ if (m->ellipsis) {
+ ;
+ } else if (m->optional) {
+ char *n;
+
+ asprintf (&n, "*%s", m->gen_name);
+ if (n == NULL)
+ errx(1, "malloc");
+ define_type (level + 1, n, m->type, FALSE, FALSE);
+ free (n);
+ } else
+ define_type (level + 1, m->gen_name, m->type, FALSE, FALSE);
+ }
+ space(level);
+ fprintf (headerfile, "} %s;\n", name);
+ break;
+ }
+ case TSetOf:
+ case TSequenceOf: {
+ Type i;
+ struct range range = { 0, INT_MAX };
+
+ i.type = TInteger;
+ i.range = ⦥
+ i.members = NULL;
+ i.constraint = NULL;
+
+ space(level);
+ fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ define_type (level + 1, "len", &i, FALSE, FALSE);
+ define_type (level + 1, "*val", t->subtype, FALSE, FALSE);
+ space(level);
+ fprintf (headerfile, "} %s;\n", name);
+ break;
+ }
+ case TGeneralizedTime:
+ space(level);
+ fprintf (headerfile, "time_t %s;\n", name);
+ break;
+ case TGeneralString:
+ space(level);
+ fprintf (headerfile, "heim_general_string %s;\n", name);
+ break;
+ case TTag:
+ define_type (level, name, t->subtype, typedefp, preservep);
+ break;
+ case TChoice: {
+ int first = 1;
+ Member *m;
+
+ space(level);
+ fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
+ if (preservep) {
+ space(level + 1);
+ fprintf(headerfile, "heim_octet_string _save;\n");
+ }
+ space(level + 1);
+ fprintf (headerfile, "enum {\n");
+ m = have_ellipsis(t);
+ if (m) {
+ space(level + 2);
+ fprintf (headerfile, "%s = 0,\n", m->label);
+ first = 0;
+ }
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ space(level + 2);
+ if (m->ellipsis)
+ fprintf (headerfile, "/* ... */\n");
+ else
+ fprintf (headerfile, "%s%s%s\n", m->label,
+ first ? " = 1" : "",
+ last_member_p(m));
+ first = 0;
+ }
+ space(level + 1);
+ fprintf (headerfile, "} element;\n");
+ space(level + 1);
+ fprintf (headerfile, "union {\n");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ if (m->ellipsis) {
+ space(level + 2);
+ fprintf(headerfile, "heim_octet_string asn1_ellipsis;\n");
+ } else if (m->optional) {
+ char *n;
+
+ asprintf (&n, "*%s", m->gen_name);
+ if (n == NULL)
+ errx(1, "malloc");
+ define_type (level + 2, n, m->type, FALSE, FALSE);
+ free (n);
+ } else
+ define_type (level + 2, m->gen_name, m->type, FALSE, FALSE);
+ }
+ space(level + 1);
+ fprintf (headerfile, "} u;\n");
+ space(level);
+ fprintf (headerfile, "} %s;\n", name);
+ break;
+ }
+ case TUTCTime:
+ space(level);
+ fprintf (headerfile, "time_t %s;\n", name);
+ break;
+ case TUTF8String:
+ space(level);
+ fprintf (headerfile, "heim_utf8_string %s;\n", name);
+ break;
+ case TPrintableString:
+ space(level);
+ fprintf (headerfile, "heim_printable_string %s;\n", name);
+ break;
+ case TIA5String:
+ space(level);
+ fprintf (headerfile, "heim_ia5_string %s;\n", name);
+ break;
+ case TBMPString:
+ space(level);
+ fprintf (headerfile, "heim_bmp_string %s;\n", name);
+ break;
+ case TUniversalString:
+ space(level);
+ fprintf (headerfile, "heim_universal_string %s;\n", name);
+ break;
+ case TVisibleString:
+ space(level);
+ fprintf (headerfile, "heim_visible_string %s;\n", name);
+ break;
+ case TOID :
+ space(level);
+ fprintf (headerfile, "heim_oid %s;\n", name);
+ break;
+ case TNull:
+ space(level);
+ fprintf (headerfile, "int %s;\n", name);
+ break;
+ default:
+ abort ();
+ }
+}
+
+static void
+generate_type_header (const Symbol *s)
+{
+ int preservep = preserve_type(s->name) ? TRUE : FALSE;
+
+ fprintf (headerfile, "/*\n");
+ fprintf (headerfile, "%s ::= ", s->name);
+ define_asn1 (0, s->type);
+ fprintf (headerfile, "\n*/\n\n");
+
+ fprintf (headerfile, "typedef ");
+ define_type (0, s->gen_name, s->type, TRUE, preservep);
+
+ fprintf (headerfile, "\n");
+}
+
+
+void
+generate_type (const Symbol *s)
+{
+ generate_header_of_codefile(s->gen_name);
+
+ generate_type_header (s);
+ generate_type_encode (s);
+ generate_type_decode (s);
+ generate_type_free (s);
+ generate_type_length (s);
+ generate_type_copy (s);
+ generate_type_seq (s);
+ generate_glue (s->type, s->gen_name);
+ fprintf(headerfile, "\n\n");
+ close_codefile();
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_copy.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_copy.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_copy.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen_copy.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int used_fail;
+
+static void
+copy_primitive (const char *typename, const char *from, const char *to)
+{
+ fprintf (codefile, "if(der_copy_%s(%s, %s)) goto fail;\n",
+ typename, from, to);
+ used_fail++;
+}
+
+static void
+copy_type (const char *from, const char *to, const Type *t, int preserve)
+{
+ switch (t->type) {
+ case TType:
+#if 0
+ copy_type (from, to, t->symbol->type, preserve);
+#endif
+ fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n",
+ t->symbol->gen_name, from, to);
+ used_fail++;
+ break;
+ case TInteger:
+ if (t->range == NULL && t->members == NULL) {
+ copy_primitive ("heim_integer", from, to);
+ break;
+ }
+ case TBoolean:
+ case TEnumerated :
+ fprintf(codefile, "*(%s) = *(%s);\n", to, from);
+ break;
+ case TOctetString:
+ copy_primitive ("octet_string", from, to);
+ break;
+ case TBitString:
+ if (ASN1_TAILQ_EMPTY(t->members))
+ copy_primitive ("bit_string", from, to);
+ else
+ fprintf(codefile, "*(%s) = *(%s);\n", to, from);
+ break;
+ case TSet:
+ case TSequence:
+ case TChoice: {
+ Member *m, *have_ellipsis = NULL;
+
+ if(t->members == NULL)
+ break;
+
+ if ((t->type == TSequence || t->type == TChoice) && preserve) {
+ fprintf(codefile,
+ "{ int ret;\n"
+ "ret = der_copy_octet_string(&(%s)->_save, &(%s)->_save);\n"
+ "if (ret) goto fail;\n"
+ "}\n",
+ from, to);
+ used_fail++;
+ }
+
+ if(t->type == TChoice) {
+ fprintf(codefile, "(%s)->element = (%s)->element;\n", to, from);
+ fprintf(codefile, "switch((%s)->element) {\n", from);
+ }
+
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *fs;
+ char *ts;
+
+ if (m->ellipsis) {
+ have_ellipsis = m;
+ continue;
+ }
+
+ if(t->type == TChoice)
+ fprintf(codefile, "case %s:\n", m->label);
+
+ asprintf (&fs, "%s(%s)->%s%s",
+ m->optional ? "" : "&", from,
+ t->type == TChoice ? "u." : "", m->gen_name);
+ if (fs == NULL)
+ errx(1, "malloc");
+ asprintf (&ts, "%s(%s)->%s%s",
+ m->optional ? "" : "&", to,
+ t->type == TChoice ? "u." : "", m->gen_name);
+ if (ts == NULL)
+ errx(1, "malloc");
+ if(m->optional){
+ fprintf(codefile, "if(%s) {\n", fs);
+ fprintf(codefile, "%s = malloc(sizeof(*%s));\n", ts, ts);
+ fprintf(codefile, "if(%s == NULL) goto fail;\n", ts);
+ used_fail++;
+ }
+ copy_type (fs, ts, m->type, FALSE);
+ if(m->optional){
+ fprintf(codefile, "}else\n");
+ fprintf(codefile, "%s = NULL;\n", ts);
+ }
+ free (fs);
+ free (ts);
+ if(t->type == TChoice)
+ fprintf(codefile, "break;\n");
+ }
+ if(t->type == TChoice) {
+ if (have_ellipsis) {
+ fprintf(codefile, "case %s: {\n"
+ "int ret;\n"
+ "ret=der_copy_octet_string(&(%s)->u.%s, &(%s)->u.%s);\n"
+ "if (ret) goto fail;\n"
+ "break;\n"
+ "}\n",
+ have_ellipsis->label,
+ from, have_ellipsis->gen_name,
+ to, have_ellipsis->gen_name);
+ used_fail++;
+ }
+ fprintf(codefile, "}\n");
+ }
+ break;
+ }
+ case TSetOf:
+ case TSequenceOf: {
+ char *f;
+ char *T;
+
+ fprintf (codefile, "if(((%s)->val = "
+ "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n",
+ to, from, to, from);
+ fprintf (codefile, "goto fail;\n");
+ used_fail++;
+ fprintf(codefile,
+ "for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n",
+ to, to, from, to);
+ asprintf(&f, "&(%s)->val[(%s)->len]", from, to);
+ if (f == NULL)
+ errx(1, "malloc");
+ asprintf(&T, "&(%s)->val[(%s)->len]", to, to);
+ if (T == NULL)
+ errx(1, "malloc");
+ copy_type(f, T, t->subtype, FALSE);
+ fprintf(codefile, "}\n");
+ free(f);
+ free(T);
+ break;
+ }
+ case TGeneralizedTime:
+ fprintf(codefile, "*(%s) = *(%s);\n", to, from);
+ break;
+ case TGeneralString:
+ copy_primitive ("general_string", from, to);
+ break;
+ case TUTCTime:
+ fprintf(codefile, "*(%s) = *(%s);\n", to, from);
+ break;
+ case TUTF8String:
+ copy_primitive ("utf8string", from, to);
+ break;
+ case TPrintableString:
+ copy_primitive ("printable_string", from, to);
+ break;
+ case TIA5String:
+ copy_primitive ("ia5_string", from, to);
+ break;
+ case TBMPString:
+ copy_primitive ("bmp_string", from, to);
+ break;
+ case TUniversalString:
+ copy_primitive ("universal_string", from, to);
+ break;
+ case TVisibleString:
+ copy_primitive ("visible_string", from, to);
+ break;
+ case TTag:
+ copy_type (from, to, t->subtype, preserve);
+ break;
+ case TOID:
+ copy_primitive ("oid", from, to);
+ break;
+ case TNull:
+ break;
+ default :
+ abort ();
+ }
+}
+
+void
+generate_type_copy (const Symbol *s)
+{
+ int preserve = preserve_type(s->name) ? TRUE : FALSE;
+
+ used_fail = 0;
+
+ fprintf (headerfile,
+ "int copy_%s (const %s *, %s *);\n",
+ s->gen_name, s->gen_name, s->gen_name);
+
+ fprintf (codefile, "int\n"
+ "copy_%s(const %s *from, %s *to)\n"
+ "{\n"
+ "memset(to, 0, sizeof(*to));\n",
+ s->gen_name, s->gen_name, s->gen_name);
+ copy_type ("from", "to", s->type, preserve);
+ fprintf (codefile, "return 0;\n");
+
+ if (used_fail)
+ fprintf (codefile, "fail:\n"
+ "free_%s(to);\n"
+ "return ENOMEM;\n",
+ s->gen_name);
+
+ fprintf(codefile,
+ "}\n\n");
+}
+
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_decode.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_decode.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_decode.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,720 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+#include "lex.h"
+
+RCSID("$Id: gen_decode.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+decode_primitive (const char *typename, const char *name, const char *forwstr)
+{
+#if 0
+ fprintf (codefile,
+ "e = decode_%s(p, len, %s, &l);\n"
+ "%s;\n",
+ typename,
+ name,
+ forwstr);
+#else
+ fprintf (codefile,
+ "e = der_get_%s(p, len, %s, &l);\n"
+ "if(e) %s;\np += l; len -= l; ret += l;\n",
+ typename,
+ name,
+ forwstr);
+#endif
+}
+
+static int
+is_primitive_type(int type)
+{
+ switch(type) {
+ case TInteger:
+ case TBoolean:
+ case TOctetString:
+ case TBitString:
+ case TEnumerated:
+ case TGeneralizedTime:
+ case TGeneralString:
+ case TOID:
+ case TUTCTime:
+ case TUTF8String:
+ case TPrintableString:
+ case TIA5String:
+ case TBMPString:
+ case TUniversalString:
+ case TVisibleString:
+ case TNull:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+static void
+find_tag (const Type *t,
+ Der_class *cl, Der_type *ty, unsigned *tag)
+{
+ switch (t->type) {
+ case TBitString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_BitString;
+ break;
+ case TBoolean:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_Boolean;
+ break;
+ case TChoice:
+ errx(1, "Cannot have recursive CHOICE");
+ case TEnumerated:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_Enumerated;
+ break;
+ case TGeneralString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_GeneralString;
+ break;
+ case TGeneralizedTime:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_GeneralizedTime;
+ break;
+ case TIA5String:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_IA5String;
+ break;
+ case TInteger:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_Integer;
+ break;
+ case TNull:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_Null;
+ break;
+ case TOID:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_OID;
+ break;
+ case TOctetString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_OctetString;
+ break;
+ case TPrintableString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_PrintableString;
+ break;
+ case TSequence:
+ case TSequenceOf:
+ *cl = ASN1_C_UNIV;
+ *ty = CONS;
+ *tag = UT_Sequence;
+ break;
+ case TSet:
+ case TSetOf:
+ *cl = ASN1_C_UNIV;
+ *ty = CONS;
+ *tag = UT_Set;
+ break;
+ case TTag:
+ *cl = t->tag.tagclass;
+ *ty = is_primitive_type(t->subtype->type) ? PRIM : CONS;
+ *tag = t->tag.tagvalue;
+ break;
+ case TType:
+ if ((t->symbol->stype == Stype && t->symbol->type == NULL)
+ || t->symbol->stype == SUndefined) {
+ error_message("%s is imported or still undefined, "
+ " can't generate tag checking data in CHOICE "
+ "without this information",
+ t->symbol->name);
+ exit(1);
+ }
+ find_tag(t->symbol->type, cl, ty, tag);
+ return;
+ case TUTCTime:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_UTCTime;
+ break;
+ case TUTF8String:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_UTF8String;
+ break;
+ case TBMPString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_BMPString;
+ break;
+ case TUniversalString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_UniversalString;
+ break;
+ case TVisibleString:
+ *cl = ASN1_C_UNIV;
+ *ty = PRIM;
+ *tag = UT_VisibleString;
+ break;
+ default:
+ abort();
+ }
+}
+
+static void
+range_check(const char *name,
+ const char *length,
+ const char *forwstr,
+ struct range *r)
+{
+ if (r->min == r->max + 2 || r->min < r->max)
+ fprintf (codefile,
+ "if ((%s)->%s > %d) {\n"
+ "e = ASN1_MAX_CONSTRAINT; %s;\n"
+ "}\n",
+ name, length, r->max, forwstr);
+ if (r->min - 1 == r->max || r->min < r->max)
+ fprintf (codefile,
+ "if ((%s)->%s < %d) {\n"
+ "e = ASN1_MIN_CONSTRAINT; %s;\n"
+ "}\n",
+ name, length, r->min, forwstr);
+ if (r->max == r->min)
+ fprintf (codefile,
+ "if ((%s)->%s != %d) {\n"
+ "e = ASN1_EXACT_CONSTRAINT; %s;\n"
+ "}\n",
+ name, length, r->min, forwstr);
+}
+
+static int
+decode_type (const char *name, const Type *t, int optional,
+ const char *forwstr, const char *tmpstr)
+{
+ switch (t->type) {
+ case TType: {
+ if (optional)
+ fprintf(codefile,
+ "%s = calloc(1, sizeof(*%s));\n"
+ "if (%s == NULL) %s;\n",
+ name, name, name, forwstr);
+ fprintf (codefile,
+ "e = decode_%s(p, len, %s, &l);\n",
+ t->symbol->gen_name, name);
+ if (optional) {
+ fprintf (codefile,
+ "if(e) {\n"
+ "free(%s);\n"
+ "%s = NULL;\n"
+ "} else {\n"
+ "p += l; len -= l; ret += l;\n"
+ "}\n",
+ name, name);
+ } else {
+ fprintf (codefile,
+ "if(e) %s;\n",
+ forwstr);
+ fprintf (codefile,
+ "p += l; len -= l; ret += l;\n");
+ }
+ break;
+ }
+ case TInteger:
+ if(t->members) {
+ fprintf(codefile,
+ "{\n"
+ "int enumint;\n");
+ decode_primitive ("integer", "&enumint", forwstr);
+ fprintf(codefile,
+ "*%s = enumint;\n"
+ "}\n",
+ name);
+ } else if (t->range == NULL) {
+ decode_primitive ("heim_integer", name, forwstr);
+ } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
+ decode_primitive ("integer", name, forwstr);
+ } else if (t->range->min == 0 && t->range->max == UINT_MAX) {
+ decode_primitive ("unsigned", name, forwstr);
+ } else if (t->range->min == 0 && t->range->max == INT_MAX) {
+ decode_primitive ("unsigned", name, forwstr);
+ } else
+ errx(1, "%s: unsupported range %d -> %d",
+ name, t->range->min, t->range->max);
+ break;
+ case TBoolean:
+ decode_primitive ("boolean", name, forwstr);
+ break;
+ case TEnumerated:
+ decode_primitive ("enumerated", name, forwstr);
+ break;
+ case TOctetString:
+ decode_primitive ("octet_string", name, forwstr);
+ if (t->range)
+ range_check(name, "length", forwstr, t->range);
+ break;
+ case TBitString: {
+ Member *m;
+ int pos = 0;
+
+ if (ASN1_TAILQ_EMPTY(t->members)) {
+ decode_primitive ("bit_string", name, forwstr);
+ break;
+ }
+ fprintf(codefile,
+ "if (len < 1) return ASN1_OVERRUN;\n"
+ "p++; len--; ret++;\n");
+ fprintf(codefile,
+ "do {\n"
+ "if (len < 1) break;\n");
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ while (m->val / 8 > pos / 8) {
+ fprintf (codefile,
+ "p++; len--; ret++;\n"
+ "if (len < 1) break;\n");
+ pos += 8;
+ }
+ fprintf (codefile,
+ "(%s)->%s = (*p >> %d) & 1;\n",
+ name, m->gen_name, 7 - m->val % 8);
+ }
+ fprintf(codefile,
+ "} while(0);\n");
+ fprintf (codefile,
+ "p += len; ret += len;\n");
+ break;
+ }
+ case TSequence: {
+ Member *m;
+
+ if (t->members == NULL)
+ break;
+
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *s;
+
+ if (m->ellipsis)
+ continue;
+
+ asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
+ name, m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name);
+ free (s);
+ }
+
+ break;
+ }
+ case TSet: {
+ Member *m;
+ unsigned int memno;
+
+ if(t->members == NULL)
+ break;
+
+ fprintf(codefile, "{\n");
+ fprintf(codefile, "unsigned int members = 0;\n");
+ fprintf(codefile, "while(len > 0) {\n");
+ fprintf(codefile,
+ "Der_class class;\n"
+ "Der_type type;\n"
+ "int tag;\n"
+ "e = der_get_tag (p, len, &class, &type, &tag, NULL);\n"
+ "if(e) %s;\n", forwstr);
+ fprintf(codefile, "switch (MAKE_TAG(class, type, tag)) {\n");
+ memno = 0;
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *s;
+
+ assert(m->type->type == TTag);
+
+ fprintf(codefile, "case MAKE_TAG(%s, %s, %s):\n",
+ classname(m->type->tag.tagclass),
+ is_primitive_type(m->type->subtype->type) ? "PRIM" : "CONS",
+ valuename(m->type->tag.tagclass, m->type->tag.tagvalue));
+
+ asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ if(m->optional)
+ fprintf(codefile,
+ "%s = calloc(1, sizeof(*%s));\n"
+ "if (%s == NULL) { e = ENOMEM; %s; }\n",
+ s, s, s, forwstr);
+ decode_type (s, m->type, 0, forwstr, m->gen_name);
+ free (s);
+
+ fprintf(codefile, "members |= (1 << %d);\n", memno);
+ memno++;
+ fprintf(codefile, "break;\n");
+ }
+ fprintf(codefile,
+ "default:\n"
+ "return ASN1_MISPLACED_FIELD;\n"
+ "break;\n");
+ fprintf(codefile, "}\n");
+ fprintf(codefile, "}\n");
+ memno = 0;
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *s;
+
+ asprintf (&s, "%s->%s", name, m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ fprintf(codefile, "if((members & (1 << %d)) == 0)\n", memno);
+ if(m->optional)
+ fprintf(codefile, "%s = NULL;\n", s);
+ else if(m->defval)
+ gen_assign_defval(s, m->defval);
+ else
+ fprintf(codefile, "return ASN1_MISSING_FIELD;\n");
+ free(s);
+ memno++;
+ }
+ fprintf(codefile, "}\n");
+ break;
+ }
+ case TSetOf:
+ case TSequenceOf: {
+ char *n;
+ char *sname;
+
+ fprintf (codefile,
+ "{\n"
+ "size_t %s_origlen = len;\n"
+ "size_t %s_oldret = ret;\n"
+ "size_t %s_olen = 0;\n"
+ "void *%s_tmp;\n"
+ "ret = 0;\n"
+ "(%s)->len = 0;\n"
+ "(%s)->val = NULL;\n",
+ tmpstr,
+ tmpstr,
+ tmpstr,
+ tmpstr,
+ name,
+ name);
+
+ fprintf (codefile,
+ "while(ret < %s_origlen) {\n"
+ "size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n"
+ "if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n"
+ "%s_olen = %s_nlen;\n"
+ "%s_tmp = realloc((%s)->val, %s_olen);\n"
+ "if (%s_tmp == NULL) { e = ENOMEM; %s; }\n"
+ "(%s)->val = %s_tmp;\n",
+ tmpstr,
+ tmpstr, tmpstr, name,
+ tmpstr, tmpstr, forwstr,
+ tmpstr, tmpstr,
+ tmpstr, name, tmpstr,
+ tmpstr, forwstr,
+ name, tmpstr);
+
+ asprintf (&n, "&(%s)->val[(%s)->len]", name, name);
+ if (n == NULL)
+ errx(1, "malloc");
+ asprintf (&sname, "%s_s_of", tmpstr);
+ if (sname == NULL)
+ errx(1, "malloc");
+ decode_type (n, t->subtype, 0, forwstr, sname);
+ fprintf (codefile,
+ "(%s)->len++;\n"
+ "len = %s_origlen - ret;\n"
+ "}\n"
+ "ret += %s_oldret;\n"
+ "}\n",
+ name,
+ tmpstr, tmpstr);
+ if (t->range)
+ range_check(name, "len", forwstr, t->range);
+ free (n);
+ free (sname);
+ break;
+ }
+ case TGeneralizedTime:
+ decode_primitive ("generalized_time", name, forwstr);
+ break;
+ case TGeneralString:
+ decode_primitive ("general_string", name, forwstr);
+ break;
+ case TTag:{
+ char *tname;
+
+ fprintf(codefile,
+ "{\n"
+ "size_t %s_datalen, %s_oldlen;\n",
+ tmpstr, tmpstr);
+ if(dce_fix)
+ fprintf(codefile,
+ "int dce_fix;\n");
+ fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, "
+ "&%s_datalen, &l);\n",
+ classname(t->tag.tagclass),
+ is_primitive_type(t->subtype->type) ? "PRIM" : "CONS",
+ valuename(t->tag.tagclass, t->tag.tagvalue),
+ tmpstr);
+ if(optional) {
+ fprintf(codefile,
+ "if(e) {\n"
+ "%s = NULL;\n"
+ "} else {\n"
+ "%s = calloc(1, sizeof(*%s));\n"
+ "if (%s == NULL) { e = ENOMEM; %s; }\n",
+ name, name, name, name, forwstr);
+ } else {
+ fprintf(codefile, "if(e) %s;\n", forwstr);
+ }
+ fprintf (codefile,
+ "p += l; len -= l; ret += l;\n"
+ "%s_oldlen = len;\n",
+ tmpstr);
+ if(dce_fix)
+ fprintf (codefile,
+ "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
+ "{ e = ASN1_BAD_FORMAT; %s; }\n",
+ tmpstr, forwstr);
+ else
+ fprintf(codefile,
+ "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
+ "len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
+ asprintf (&tname, "%s_Tag", tmpstr);
+ if (tname == NULL)
+ errx(1, "malloc");
+ decode_type (name, t->subtype, 0, forwstr, tname);
+ if(dce_fix)
+ fprintf(codefile,
+ "if(dce_fix){\n"
+ "e = der_match_tag_and_length (p, len, "
+ "(Der_class)0,(Der_type)0, UT_EndOfContent, "
+ "&%s_datalen, &l);\n"
+ "if(e) %s;\np += l; len -= l; ret += l;\n"
+ "} else \n", tmpstr, forwstr);
+ fprintf(codefile,
+ "len = %s_oldlen - %s_datalen;\n",
+ tmpstr, tmpstr);
+ if(optional)
+ fprintf(codefile,
+ "}\n");
+ fprintf(codefile,
+ "}\n");
+ free(tname);
+ break;
+ }
+ case TChoice: {
+ Member *m, *have_ellipsis = NULL;
+ const char *els = "";
+
+ if (t->members == NULL)
+ break;
+
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ const Type *tt = m->type;
+ char *s;
+ Der_class cl;
+ Der_type ty;
+ unsigned tag;
+
+ if (m->ellipsis) {
+ have_ellipsis = m;
+ continue;
+ }
+
+ find_tag(tt, &cl, &ty, &tag);
+
+ fprintf(codefile,
+ "%sif (der_match_tag(p, len, %s, %s, %s, NULL) == 0) {\n",
+ els,
+ classname(cl),
+ ty ? "CONS" : "PRIM",
+ valuename(cl, tag));
+ asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
+ name, m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name);
+ fprintf(codefile,
+ "(%s)->element = %s;\n",
+ name, m->label);
+ free(s);
+ fprintf(codefile,
+ "}\n");
+ els = "else ";
+ }
+ if (have_ellipsis) {
+ fprintf(codefile,
+ "else {\n"
+ "(%s)->u.%s.data = calloc(1, len);\n"
+ "if ((%s)->u.%s.data == NULL) {\n"
+ "e = ENOMEM; %s;\n"
+ "}\n"
+ "(%s)->u.%s.length = len;\n"
+ "memcpy((%s)->u.%s.data, p, len);\n"
+ "(%s)->element = %s;\n"
+ "p += len;\n"
+ "ret += len;\n"
+ "len -= len;\n"
+ "}\n",
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name,
+ forwstr,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->label);
+ } else {
+ fprintf(codefile,
+ "else {\n"
+ "e = ASN1_PARSE_ERROR;\n"
+ "%s;\n"
+ "}\n",
+ forwstr);
+ }
+ break;
+ }
+ case TUTCTime:
+ decode_primitive ("utctime", name, forwstr);
+ break;
+ case TUTF8String:
+ decode_primitive ("utf8string", name, forwstr);
+ break;
+ case TPrintableString:
+ decode_primitive ("printable_string", name, forwstr);
+ break;
+ case TIA5String:
+ decode_primitive ("ia5_string", name, forwstr);
+ break;
+ case TBMPString:
+ decode_primitive ("bmp_string", name, forwstr);
+ break;
+ case TUniversalString:
+ decode_primitive ("universal_string", name, forwstr);
+ break;
+ case TVisibleString:
+ decode_primitive ("visible_string", name, forwstr);
+ break;
+ case TNull:
+ fprintf (codefile, "/* NULL */\n");
+ break;
+ case TOID:
+ decode_primitive ("oid", name, forwstr);
+ break;
+ default :
+ abort ();
+ }
+ return 0;
+}
+
+void
+generate_type_decode (const Symbol *s)
+{
+ int preserve = preserve_type(s->name) ? TRUE : FALSE;
+
+ fprintf (headerfile,
+ "int "
+ "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
+ s->gen_name, s->gen_name);
+
+ fprintf (codefile, "int\n"
+ "decode_%s(const unsigned char *p,"
+ " size_t len, %s *data, size_t *size)\n"
+ "{\n",
+ s->gen_name, s->gen_name);
+
+ switch (s->type->type) {
+ case TInteger:
+ case TBoolean:
+ case TOctetString:
+ case TOID:
+ case TGeneralizedTime:
+ case TGeneralString:
+ case TUTF8String:
+ case TPrintableString:
+ case TIA5String:
+ case TBMPString:
+ case TUniversalString:
+ case TVisibleString:
+ case TUTCTime:
+ case TNull:
+ case TEnumerated:
+ case TBitString:
+ case TSequence:
+ case TSequenceOf:
+ case TSet:
+ case TSetOf:
+ case TTag:
+ case TType:
+ case TChoice:
+ fprintf (codefile,
+ "size_t ret = 0;\n"
+ "size_t l;\n"
+ "int e;\n");
+ if (preserve)
+ fprintf (codefile, "const unsigned char *begin = p;\n");
+
+ fprintf (codefile, "\n");
+ fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
+
+ decode_type ("data", s->type, 0, "goto fail", "Top");
+ if (preserve)
+ fprintf (codefile,
+ "data->_save.data = calloc(1, ret);\n"
+ "if (data->_save.data == NULL) { \n"
+ "e = ENOMEM; goto fail; \n"
+ "}\n"
+ "data->_save.length = ret;\n"
+ "memcpy(data->_save.data, begin, ret);\n");
+ fprintf (codefile,
+ "if(size) *size = ret;\n"
+ "return 0;\n");
+ fprintf (codefile,
+ "fail:\n"
+ "free_%s(data);\n"
+ "return e;\n",
+ s->gen_name);
+ break;
+ default:
+ abort ();
+ }
+ fprintf (codefile, "}\n\n");
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_encode.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_encode.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_encode.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,557 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen_encode.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+encode_primitive (const char *typename, const char *name)
+{
+ fprintf (codefile,
+ "e = der_put_%s(p, len, %s, &l);\n"
+ "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
+ typename,
+ name);
+}
+
+const char *
+classname(Der_class class)
+{
+ const char *cn[] = { "ASN1_C_UNIV", "ASN1_C_APPL",
+ "ASN1_C_CONTEXT", "ASN1_C_PRIV" };
+ if(class < ASN1_C_UNIV || class > ASN1_C_PRIVATE)
+ return "???";
+ return cn[class];
+}
+
+
+const char *
+valuename(Der_class class, int value)
+{
+ static char s[32];
+ struct {
+ int value;
+ const char *s;
+ } *p, values[] = {
+#define X(Y) { Y, #Y }
+ X(UT_BMPString),
+ X(UT_BitString),
+ X(UT_Boolean),
+ X(UT_EmbeddedPDV),
+ X(UT_Enumerated),
+ X(UT_External),
+ X(UT_GeneralString),
+ X(UT_GeneralizedTime),
+ X(UT_GraphicString),
+ X(UT_IA5String),
+ X(UT_Integer),
+ X(UT_Null),
+ X(UT_NumericString),
+ X(UT_OID),
+ X(UT_ObjectDescriptor),
+ X(UT_OctetString),
+ X(UT_PrintableString),
+ X(UT_Real),
+ X(UT_RelativeOID),
+ X(UT_Sequence),
+ X(UT_Set),
+ X(UT_TeletexString),
+ X(UT_UTCTime),
+ X(UT_UTF8String),
+ X(UT_UniversalString),
+ X(UT_VideotexString),
+ X(UT_VisibleString),
+#undef X
+ { -1, NULL }
+ };
+ if(class == ASN1_C_UNIV) {
+ for(p = values; p->value != -1; p++)
+ if(p->value == value)
+ return p->s;
+ }
+ snprintf(s, sizeof(s), "%d", value);
+ return s;
+}
+
+static int
+encode_type (const char *name, const Type *t, const char *tmpstr)
+{
+ int constructed = 1;
+
+ switch (t->type) {
+ case TType:
+#if 0
+ encode_type (name, t->symbol->type);
+#endif
+ fprintf (codefile,
+ "e = encode_%s(p, len, %s, &l);\n"
+ "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
+ t->symbol->gen_name, name);
+ break;
+ case TInteger:
+ if(t->members) {
+ fprintf(codefile,
+ "{\n"
+ "int enumint = (int)*%s;\n",
+ name);
+ encode_primitive ("integer", "&enumint");
+ fprintf(codefile, "}\n;");
+ } else if (t->range == NULL) {
+ encode_primitive ("heim_integer", name);
+ } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
+ encode_primitive ("integer", name);
+ } else if (t->range->min == 0 && t->range->max == UINT_MAX) {
+ encode_primitive ("unsigned", name);
+ } else if (t->range->min == 0 && t->range->max == INT_MAX) {
+ encode_primitive ("unsigned", name);
+ } else
+ errx(1, "%s: unsupported range %d -> %d",
+ name, t->range->min, t->range->max);
+ constructed = 0;
+ break;
+ case TBoolean:
+ encode_primitive ("boolean", name);
+ constructed = 0;
+ break;
+ case TOctetString:
+ encode_primitive ("octet_string", name);
+ constructed = 0;
+ break;
+ case TBitString: {
+ Member *m;
+ int pos;
+
+ if (ASN1_TAILQ_EMPTY(t->members)) {
+ encode_primitive("bit_string", name);
+ constructed = 0;
+ break;
+ }
+
+ fprintf (codefile, "{\n"
+ "unsigned char c = 0;\n");
+ if (!rfc1510_bitstring)
+ fprintf (codefile,
+ "int rest = 0;\n"
+ "int bit_set = 0;\n");
+#if 0
+ pos = t->members->prev->val;
+ /* fix for buggy MIT (and OSF?) code */
+ if (pos > 31)
+ abort ();
+#endif
+ /*
+ * It seems that if we do not always set pos to 31 here, the MIT
+ * code will do the wrong thing.
+ *
+ * I hate ASN.1 (and DER), but I hate it even more when everybody
+ * has to screw it up differently.
+ */
+ pos = ASN1_TAILQ_LAST(t->members, memhead)->val;
+ if (rfc1510_bitstring) {
+ if (pos < 31)
+ pos = 31;
+ }
+
+ ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
+ while (m->val / 8 < pos / 8) {
+ if (!rfc1510_bitstring)
+ fprintf (codefile,
+ "if (c != 0 || bit_set) {\n");
+ fprintf (codefile,
+ "if (len < 1) return ASN1_OVERFLOW;\n"
+ "*p-- = c; len--; ret++;\n");
+ if (!rfc1510_bitstring)
+ fprintf (codefile,
+ "if (!bit_set) {\n"
+ "rest = 0;\n"
+ "while(c) { \n"
+ "if (c & 1) break;\n"
+ "c = c >> 1;\n"
+ "rest++;\n"
+ "}\n"
+ "bit_set = 1;\n"
+ "}\n"
+ "}\n");
+ fprintf (codefile,
+ "c = 0;\n");
+ pos -= 8;
+ }
+ fprintf (codefile,
+ "if((%s)->%s) {\n"
+ "c |= 1<<%d;\n",
+ name, m->gen_name, 7 - m->val % 8);
+ fprintf (codefile,
+ "}\n");
+ }
+
+ if (!rfc1510_bitstring)
+ fprintf (codefile,
+ "if (c != 0 || bit_set) {\n");
+ fprintf (codefile,
+ "if (len < 1) return ASN1_OVERFLOW;\n"
+ "*p-- = c; len--; ret++;\n");
+ if (!rfc1510_bitstring)
+ fprintf (codefile,
+ "if (!bit_set) {\n"
+ "rest = 0;\n"
+ "if(c) { \n"
+ "while(c) { \n"
+ "if (c & 1) break;\n"
+ "c = c >> 1;\n"
+ "rest++;\n"
+ "}\n"
+ "}\n"
+ "}\n"
+ "}\n");
+
+ fprintf (codefile,
+ "if (len < 1) return ASN1_OVERFLOW;\n"
+ "*p-- = %s;\n"
+ "len -= 1;\n"
+ "ret += 1;\n"
+ "}\n\n",
+ rfc1510_bitstring ? "0" : "rest");
+ constructed = 0;
+ break;
+ }
+ case TEnumerated : {
+ encode_primitive ("enumerated", name);
+ constructed = 0;
+ break;
+ }
+
+ case TSet:
+ case TSequence: {
+ Member *m;
+
+ if (t->members == NULL)
+ break;
+
+ ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
+ char *s;
+
+ if (m->ellipsis)
+ continue;
+
+ asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ fprintf(codefile, "/* %s */\n", m->name);
+ if (m->optional)
+ fprintf (codefile,
+ "if(%s) ",
+ s);
+ else if(m->defval)
+ gen_compare_defval(s + 1, m->defval);
+ fprintf (codefile, "{\n");
+ fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
+ fprintf (codefile, "ret = 0;\n");
+ encode_type (s, m->type, m->gen_name);
+ fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
+ fprintf (codefile, "}\n");
+ free (s);
+ }
+ break;
+ }
+ case TSetOf: {
+
+ fprintf(codefile,
+ "{\n"
+ "struct heim_octet_string *val;\n"
+ "size_t elen, totallen = 0;\n"
+ "int eret;\n");
+
+ fprintf(codefile,
+ "if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
+ "return ERANGE;\n",
+ name);
+
+ fprintf(codefile,
+ "val = malloc(sizeof(val[0]) * (%s)->len);\n"
+ "if (val == NULL && (%s)->len != 0) return ENOMEM;\n",
+ name, name);
+
+ fprintf(codefile,
+ "for(i = 0; i < (%s)->len; i++) {\n",
+ name);
+
+ fprintf(codefile,
+ "ASN1_MALLOC_ENCODE(%s, val[i].data, "
+ "val[i].length, &(%s)->val[i], &elen, eret);\n",
+ t->subtype->symbol->gen_name,
+ name);
+
+ fprintf(codefile,
+ "if(eret) {\n"
+ "i--;\n"
+ "while (i >= 0) {\n"
+ "free(val[i].data);\n"
+ "i--;\n"
+ "}\n"
+ "free(val);\n"
+ "return eret;\n"
+ "}\n"
+ "totallen += elen;\n"
+ "}\n");
+
+ fprintf(codefile,
+ "if (totallen > len) {\n"
+ "for (i = 0; i < (%s)->len; i++) {\n"
+ "free(val[i].data);\n"
+ "}\n"
+ "free(val);\n"
+ "return ASN1_OVERFLOW;\n"
+ "}\n",
+ name);
+
+ fprintf(codefile,
+ "qsort(val, (%s)->len, sizeof(val[0]), _heim_der_set_sort);\n",
+ name);
+
+ fprintf (codefile,
+ "for(i = (%s)->len - 1; i >= 0; --i) {\n"
+ "p -= val[i].length;\n"
+ "ret += val[i].length;\n"
+ "memcpy(p + 1, val[i].data, val[i].length);\n"
+ "free(val[i].data);\n"
+ "}\n"
+ "free(val);\n"
+ "}\n",
+ name);
+ break;
+ }
+ case TSequenceOf: {
+ char *n;
+ char *sname;
+
+ fprintf (codefile,
+ "for(i = (%s)->len - 1; i >= 0; --i) {\n"
+ "size_t %s_for_oldret = ret;\n"
+ "ret = 0;\n",
+ name, tmpstr);
+ asprintf (&n, "&(%s)->val[i]", name);
+ if (n == NULL)
+ errx(1, "malloc");
+ asprintf (&sname, "%s_S_Of", tmpstr);
+ if (sname == NULL)
+ errx(1, "malloc");
+ encode_type (n, t->subtype, sname);
+ fprintf (codefile,
+ "ret += %s_for_oldret;\n"
+ "}\n",
+ tmpstr);
+ free (n);
+ free (sname);
+ break;
+ }
+ case TGeneralizedTime:
+ encode_primitive ("generalized_time", name);
+ constructed = 0;
+ break;
+ case TGeneralString:
+ encode_primitive ("general_string", name);
+ constructed = 0;
+ break;
+ case TTag: {
+ char *tname;
+ int c;
+ asprintf (&tname, "%s_tag", tmpstr);
+ if (tname == NULL)
+ errx(1, "malloc");
+ c = encode_type (name, t->subtype, tname);
+ fprintf (codefile,
+ "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n"
+ "if (e) return e;\np -= l; len -= l; ret += l;\n\n",
+ classname(t->tag.tagclass),
+ c ? "CONS" : "PRIM",
+ valuename(t->tag.tagclass, t->tag.tagvalue));
+ free (tname);
+ break;
+ }
+ case TChoice:{
+ Member *m, *have_ellipsis = NULL;
+ char *s;
+
+ if (t->members == NULL)
+ break;
+
+ fprintf(codefile, "\n");
+
+ asprintf (&s, "(%s)", name);
+ if (s == NULL)
+ errx(1, "malloc");
+ fprintf(codefile, "switch(%s->element) {\n", s);
+
+ ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
+ char *s2;
+
+ if (m->ellipsis) {
+ have_ellipsis = m;
+ continue;
+ }
+
+ fprintf (codefile, "case %s: {", m->label);
+ asprintf(&s2, "%s(%s)->u.%s", m->optional ? "" : "&",
+ s, m->gen_name);
+ if (s2 == NULL)
+ errx(1, "malloc");
+ if (m->optional)
+ fprintf (codefile, "if(%s) {\n", s2);
+ fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr);
+ fprintf (codefile, "ret = 0;\n");
+ constructed = encode_type (s2, m->type, m->gen_name);
+ fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
+ if(m->optional)
+ fprintf (codefile, "}\n");
+ fprintf(codefile, "break;\n");
+ fprintf(codefile, "}\n");
+ free (s2);
+ }
+ free (s);
+ if (have_ellipsis) {
+ fprintf(codefile,
+ "case %s: {\n"
+ "if (len < (%s)->u.%s.length)\n"
+ "return ASN1_OVERFLOW;\n"
+ "p -= (%s)->u.%s.length;\n"
+ "ret += (%s)->u.%s.length;\n"
+ "memcpy(p + 1, (%s)->u.%s.data, (%s)->u.%s.length);\n"
+ "break;\n"
+ "}\n",
+ have_ellipsis->label,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name,
+ name, have_ellipsis->gen_name);
+ }
+ fprintf(codefile, "};\n");
+ break;
+ }
+ case TOID:
+ encode_primitive ("oid", name);
+ constructed = 0;
+ break;
+ case TUTCTime:
+ encode_primitive ("utctime", name);
+ constructed = 0;
+ break;
+ case TUTF8String:
+ encode_primitive ("utf8string", name);
+ constructed = 0;
+ break;
+ case TPrintableString:
+ encode_primitive ("printable_string", name);
+ constructed = 0;
+ break;
+ case TIA5String:
+ encode_primitive ("ia5_string", name);
+ constructed = 0;
+ break;
+ case TBMPString:
+ encode_primitive ("bmp_string", name);
+ constructed = 0;
+ break;
+ case TUniversalString:
+ encode_primitive ("universal_string", name);
+ constructed = 0;
+ break;
+ case TVisibleString:
+ encode_primitive ("visible_string", name);
+ constructed = 0;
+ break;
+ case TNull:
+ fprintf (codefile, "/* NULL */\n");
+ constructed = 0;
+ break;
+ default:
+ abort ();
+ }
+ return constructed;
+}
+
+void
+generate_type_encode (const Symbol *s)
+{
+ fprintf (headerfile,
+ "int "
+ "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
+ s->gen_name, s->gen_name);
+
+ fprintf (codefile, "int\n"
+ "encode_%s(unsigned char *p, size_t len,"
+ " const %s *data, size_t *size)\n"
+ "{\n",
+ s->gen_name, s->gen_name);
+
+ switch (s->type->type) {
+ case TInteger:
+ case TBoolean:
+ case TOctetString:
+ case TGeneralizedTime:
+ case TGeneralString:
+ case TUTCTime:
+ case TUTF8String:
+ case TPrintableString:
+ case TIA5String:
+ case TBMPString:
+ case TUniversalString:
+ case TVisibleString:
+ case TNull:
+ case TBitString:
+ case TEnumerated:
+ case TOID:
+ case TSequence:
+ case TSequenceOf:
+ case TSet:
+ case TSetOf:
+ case TTag:
+ case TType:
+ case TChoice:
+ fprintf (codefile,
+ "size_t ret = 0;\n"
+ "size_t l;\n"
+ "int i, e;\n\n");
+ fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */
+
+ encode_type("data", s->type, "Top");
+
+ fprintf (codefile, "*size = ret;\n"
+ "return 0;\n");
+ break;
+ default:
+ abort ();
+ }
+ fprintf (codefile, "}\n\n");
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_free.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_free.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_free.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen_free.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+free_primitive (const char *typename, const char *name)
+{
+ fprintf (codefile, "der_free_%s(%s);\n", typename, name);
+}
+
+static void
+free_type (const char *name, const Type *t, int preserve)
+{
+ switch (t->type) {
+ case TType:
+#if 0
+ free_type (name, t->symbol->type, preserve);
+#endif
+ fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name);
+ break;
+ case TInteger:
+ if (t->range == NULL && t->members == NULL) {
+ free_primitive ("heim_integer", name);
+ break;
+ }
+ case TBoolean:
+ case TEnumerated :
+ case TNull:
+ case TGeneralizedTime:
+ case TUTCTime:
+ break;
+ case TBitString:
+ if (ASN1_TAILQ_EMPTY(t->members))
+ free_primitive("bit_string", name);
+ break;
+ case TOctetString:
+ free_primitive ("octet_string", name);
+ break;
+ case TChoice:
+ case TSet:
+ case TSequence: {
+ Member *m, *have_ellipsis = NULL;
+
+ if (t->members == NULL)
+ break;
+
+ if ((t->type == TSequence || t->type == TChoice) && preserve)
+ fprintf(codefile, "der_free_octet_string(&data->_save);\n");
+
+ if(t->type == TChoice)
+ fprintf(codefile, "switch((%s)->element) {\n", name);
+
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *s;
+
+ if (m->ellipsis){
+ have_ellipsis = m;
+ continue;
+ }
+
+ if(t->type == TChoice)
+ fprintf(codefile, "case %s:\n", m->label);
+ asprintf (&s, "%s(%s)->%s%s",
+ m->optional ? "" : "&", name,
+ t->type == TChoice ? "u." : "", m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ if(m->optional)
+ fprintf(codefile, "if(%s) {\n", s);
+ free_type (s, m->type, FALSE);
+ if(m->optional)
+ fprintf(codefile,
+ "free(%s);\n"
+ "%s = NULL;\n"
+ "}\n",s, s);
+ free (s);
+ if(t->type == TChoice)
+ fprintf(codefile, "break;\n");
+ }
+
+ if(t->type == TChoice) {
+ if (have_ellipsis)
+ fprintf(codefile,
+ "case %s:\n"
+ "der_free_octet_string(&(%s)->u.%s);\n"
+ "break;",
+ have_ellipsis->label,
+ name, have_ellipsis->gen_name);
+ fprintf(codefile, "}\n");
+ }
+ break;
+ }
+ case TSetOf:
+ case TSequenceOf: {
+ char *n;
+
+ fprintf (codefile, "while((%s)->len){\n", name);
+ asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name);
+ if (n == NULL)
+ errx(1, "malloc");
+ free_type(n, t->subtype, FALSE);
+ fprintf(codefile,
+ "(%s)->len--;\n"
+ "}\n",
+ name);
+ fprintf(codefile,
+ "free((%s)->val);\n"
+ "(%s)->val = NULL;\n", name, name);
+ free(n);
+ break;
+ }
+ case TGeneralString:
+ free_primitive ("general_string", name);
+ break;
+ case TUTF8String:
+ free_primitive ("utf8string", name);
+ break;
+ case TPrintableString:
+ free_primitive ("printable_string", name);
+ break;
+ case TIA5String:
+ free_primitive ("ia5_string", name);
+ break;
+ case TBMPString:
+ free_primitive ("bmp_string", name);
+ break;
+ case TUniversalString:
+ free_primitive ("universal_string", name);
+ break;
+ case TVisibleString:
+ free_primitive ("visible_string", name);
+ break;
+ case TTag:
+ free_type (name, t->subtype, preserve);
+ break;
+ case TOID :
+ free_primitive ("oid", name);
+ break;
+ default :
+ abort ();
+ }
+}
+
+void
+generate_type_free (const Symbol *s)
+{
+ int preserve = preserve_type(s->name) ? TRUE : FALSE;
+
+ fprintf (headerfile,
+ "void free_%s (%s *);\n",
+ s->gen_name, s->gen_name);
+
+ fprintf (codefile, "void\n"
+ "free_%s(%s *data)\n"
+ "{\n",
+ s->gen_name, s->gen_name);
+
+ free_type ("data", s->type, preserve);
+ fprintf (codefile, "}\n\n");
+}
+
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1997, 1999, 2000, 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen_glue.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+generate_2int (const Type *t, const char *gen_name)
+{
+ Member *m;
+
+ fprintf (headerfile,
+ "unsigned %s2int(%s);\n",
+ gen_name, gen_name);
+
+ fprintf (codefile,
+ "unsigned %s2int(%s f)\n"
+ "{\n"
+ "unsigned r = 0;\n",
+ gen_name, gen_name);
+
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ fprintf (codefile, "if(f.%s) r |= (1U << %d);\n",
+ m->gen_name, m->val);
+ }
+ fprintf (codefile, "return r;\n"
+ "}\n\n");
+}
+
+static void
+generate_int2 (const Type *t, const char *gen_name)
+{
+ Member *m;
+
+ fprintf (headerfile,
+ "%s int2%s(unsigned);\n",
+ gen_name, gen_name);
+
+ fprintf (codefile,
+ "%s int2%s(unsigned n)\n"
+ "{\n"
+ "\t%s flags;\n\n",
+ gen_name, gen_name, gen_name);
+
+ if(t->members) {
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n",
+ m->gen_name, m->val);
+ }
+ }
+ fprintf (codefile, "\treturn flags;\n"
+ "}\n\n");
+}
+
+/*
+ * This depends on the bit string being declared in increasing order
+ */
+
+static void
+generate_units (const Type *t, const char *gen_name)
+{
+ Member *m;
+
+ fprintf (headerfile,
+ "const struct units * asn1_%s_units(void);",
+ gen_name);
+
+ fprintf (codefile,
+ "static struct units %s_units[] = {\n",
+ gen_name);
+
+ if(t->members) {
+ ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
+ fprintf (codefile,
+ "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val);
+ }
+ }
+
+ fprintf (codefile,
+ "\t{NULL,\t0}\n"
+ "};\n\n");
+
+ fprintf (codefile,
+ "const struct units * asn1_%s_units(void){\n"
+ "return %s_units;\n"
+ "}\n\n",
+ gen_name, gen_name);
+
+
+}
+
+void
+generate_glue (const Type *t, const char *gen_name)
+{
+ switch(t->type) {
+ case TTag:
+ generate_glue(t->subtype, gen_name);
+ break;
+ case TBitString :
+ if (!ASN1_TAILQ_EMPTY(t->members)) {
+ generate_2int (t, gen_name);
+ generate_int2 (t, gen_name);
+ generate_units (t, gen_name);
+ }
+ break;
+ default :
+ break;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_length.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_length.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_length.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,283 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen_length.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+length_primitive (const char *typename,
+ const char *name,
+ const char *variable)
+{
+ fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
+}
+
+static size_t
+length_tag(unsigned int tag)
+{
+ size_t len = 0;
+
+ if(tag <= 30)
+ return 1;
+ while(tag) {
+ tag /= 128;
+ len++;
+ }
+ return len + 1;
+}
+
+
+static int
+length_type (const char *name, const Type *t,
+ const char *variable, const char *tmpstr)
+{
+ switch (t->type) {
+ case TType:
+#if 0
+ length_type (name, t->symbol->type);
+#endif
+ fprintf (codefile, "%s += length_%s(%s);\n",
+ variable, t->symbol->gen_name, name);
+ break;
+ case TInteger:
+ if(t->members) {
+ fprintf(codefile,
+ "{\n"
+ "int enumint = *%s;\n", name);
+ length_primitive ("integer", "&enumint", variable);
+ fprintf(codefile, "}\n");
+ } else if (t->range == NULL) {
+ length_primitive ("heim_integer", name, variable);
+ } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
+ length_primitive ("integer", name, variable);
+ } else if (t->range->min == 0 && t->range->max == UINT_MAX) {
+ length_primitive ("unsigned", name, variable);
+ } else if (t->range->min == 0 && t->range->max == INT_MAX) {
+ length_primitive ("unsigned", name, variable);
+ } else
+ errx(1, "%s: unsupported range %d -> %d",
+ name, t->range->min, t->range->max);
+
+ break;
+ case TBoolean:
+ fprintf (codefile, "%s += 1;\n", variable);
+ break;
+ case TEnumerated :
+ length_primitive ("enumerated", name, variable);
+ break;
+ case TOctetString:
+ length_primitive ("octet_string", name, variable);
+ break;
+ case TBitString: {
+ if (ASN1_TAILQ_EMPTY(t->members))
+ length_primitive("bit_string", name, variable);
+ else {
+ if (!rfc1510_bitstring) {
+ Member *m;
+ int pos = ASN1_TAILQ_LAST(t->members, memhead)->val;
+
+ fprintf(codefile,
+ "do {\n");
+ ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
+ while (m->val / 8 < pos / 8) {
+ pos -= 8;
+ }
+ fprintf (codefile,
+ "if((%s)->%s) { %s += %d; break; }\n",
+ name, m->gen_name, variable, (pos + 8) / 8);
+ }
+ fprintf(codefile,
+ "} while(0);\n");
+ fprintf (codefile, "%s += 1;\n", variable);
+ } else {
+ fprintf (codefile, "%s += 5;\n", variable);
+ }
+ }
+ break;
+ }
+ case TSet:
+ case TSequence:
+ case TChoice: {
+ Member *m, *have_ellipsis = NULL;
+
+ if (t->members == NULL)
+ break;
+
+ if(t->type == TChoice)
+ fprintf (codefile, "switch((%s)->element) {\n", name);
+
+ ASN1_TAILQ_FOREACH(m, t->members, members) {
+ char *s;
+
+ if (m->ellipsis) {
+ have_ellipsis = m;
+ continue;
+ }
+
+ if(t->type == TChoice)
+ fprintf(codefile, "case %s:\n", m->label);
+
+ asprintf (&s, "%s(%s)->%s%s",
+ m->optional ? "" : "&", name,
+ t->type == TChoice ? "u." : "", m->gen_name);
+ if (s == NULL)
+ errx(1, "malloc");
+ if (m->optional)
+ fprintf (codefile, "if(%s)", s);
+ else if(m->defval)
+ gen_compare_defval(s + 1, m->defval);
+ fprintf (codefile, "{\n"
+ "size_t %s_oldret = %s;\n"
+ "%s = 0;\n", tmpstr, variable, variable);
+ length_type (s, m->type, "ret", m->gen_name);
+ fprintf (codefile, "ret += %s_oldret;\n", tmpstr);
+ fprintf (codefile, "}\n");
+ free (s);
+ if(t->type == TChoice)
+ fprintf(codefile, "break;\n");
+ }
+ if(t->type == TChoice) {
+ if (have_ellipsis)
+ fprintf(codefile,
+ "case %s:\n"
+ "ret += (%s)->u.%s.length;\n"
+ "break;\n",
+ have_ellipsis->label,
+ name,
+ have_ellipsis->gen_name);
+ fprintf (codefile, "}\n"); /* switch */
+ }
+ break;
+ }
+ case TSetOf:
+ case TSequenceOf: {
+ char *n;
+ char *sname;
+
+ fprintf (codefile,
+ "{\n"
+ "int %s_oldret = %s;\n"
+ "int i;\n"
+ "%s = 0;\n",
+ tmpstr, variable, variable);
+
+ fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name);
+ fprintf (codefile, "int %s_for_oldret = %s;\n"
+ "%s = 0;\n", tmpstr, variable, variable);
+ asprintf (&n, "&(%s)->val[i]", name);
+ if (n == NULL)
+ errx(1, "malloc");
+ asprintf (&sname, "%s_S_Of", tmpstr);
+ if (sname == NULL)
+ errx(1, "malloc");
+ length_type(n, t->subtype, variable, sname);
+ fprintf (codefile, "%s += %s_for_oldret;\n",
+ variable, tmpstr);
+ fprintf (codefile, "}\n");
+
+ fprintf (codefile,
+ "%s += %s_oldret;\n"
+ "}\n", variable, tmpstr);
+ free(n);
+ free(sname);
+ break;
+ }
+ case TGeneralizedTime:
+ length_primitive ("generalized_time", name, variable);
+ break;
+ case TGeneralString:
+ length_primitive ("general_string", name, variable);
+ break;
+ case TUTCTime:
+ length_primitive ("utctime", name, variable);
+ break;
+ case TUTF8String:
+ length_primitive ("utf8string", name, variable);
+ break;
+ case TPrintableString:
+ length_primitive ("printable_string", name, variable);
+ break;
+ case TIA5String:
+ length_primitive ("ia5_string", name, variable);
+ break;
+ case TBMPString:
+ length_primitive ("bmp_string", name, variable);
+ break;
+ case TUniversalString:
+ length_primitive ("universal_string", name, variable);
+ break;
+ case TVisibleString:
+ length_primitive ("visible_string", name, variable);
+ break;
+ case TNull:
+ fprintf (codefile, "/* NULL */\n");
+ break;
+ case TTag:{
+ char *tname;
+ asprintf(&tname, "%s_tag", tmpstr);
+ if (tname == NULL)
+ errx(1, "malloc");
+ length_type (name, t->subtype, variable, tname);
+ fprintf (codefile, "ret += %lu + der_length_len (ret);\n",
+ (unsigned long)length_tag(t->tag.tagvalue));
+ free(tname);
+ break;
+ }
+ case TOID:
+ length_primitive ("oid", name, variable);
+ break;
+ default :
+ abort ();
+ }
+ return 0;
+}
+
+void
+generate_type_length (const Symbol *s)
+{
+ fprintf (headerfile,
+ "size_t length_%s(const %s *);\n",
+ s->gen_name, s->gen_name);
+
+ fprintf (codefile,
+ "size_t\n"
+ "length_%s(const %s *data)\n"
+ "{\n"
+ "size_t ret = 0;\n",
+ s->gen_name, s->gen_name);
+
+ length_type ("data", s->type, "ret", "Top");
+ fprintf (codefile, "return ret;\n}\n\n");
+}
+
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gen_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __GEN_LOCL_H__
+#define __GEN_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <ctype.h>
+#include <time.h>
+#include <errno.h>
+#include <err.h>
+#include <roken.h>
+#include "hash.h"
+#include "symbol.h"
+#include "asn1-common.h"
+#include "der.h"
+
+void generate_type (const Symbol *);
+void generate_constant (const Symbol *);
+void generate_type_encode (const Symbol *);
+void generate_type_decode (const Symbol *);
+void generate_type_free (const Symbol *);
+void generate_type_length (const Symbol *);
+void generate_type_copy (const Symbol *);
+void generate_type_seq (const Symbol *);
+void generate_glue (const Type *, const char*);
+
+const char *classname(Der_class);
+const char *valuename(Der_class, int);
+
+void gen_compare_defval(const char *, struct value *);
+void gen_assign_defval(const char *, struct value *);
+
+
+void init_generate (const char *, const char *);
+const char *get_filename (void);
+void close_generate(void);
+void add_import(const char *);
+int yyparse(void);
+
+int preserve_type(const char *);
+int seq_type(const char *);
+
+extern FILE *headerfile, *codefile, *logfile;
+extern int dce_fix;
+extern int rfc1510_bitstring;
+
+extern int error_flag;
+
+#endif /* __GEN_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/asn1/gen_seq.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/gen_seq.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/gen_seq.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: gen_seq.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+void
+generate_type_seq (const Symbol *s)
+{
+ char *subname;
+ Type *type;
+
+ if (!seq_type(s->name))
+ return;
+ type = s->type;
+ while(type->type == TTag)
+ type = type->subtype;
+
+ if (type->type != TSequenceOf) {
+ printf("%s not seq of %d\n", s->name, (int)type->type);
+ return;
+ }
+
+ /*
+ * Require the subtype to be a type so we can name it and use
+ * copy_/free_
+ */
+
+ if (type->subtype->type != TType) {
+ fprintf(stderr, "%s subtype is not a type, can't generate "
+ "sequence code for this case: %d\n",
+ s->name, (int)type->subtype->type);
+ exit(1);
+ }
+
+ subname = type->subtype->symbol->gen_name;
+
+ fprintf (headerfile,
+ "int add_%s (%s *, const %s *);\n"
+ "int remove_%s (%s *, unsigned int);\n",
+ s->gen_name, s->gen_name, subname,
+ s->gen_name, s->gen_name);
+
+ fprintf (codefile, "int\n"
+ "add_%s(%s *data, const %s *element)\n"
+ "{\n",
+ s->gen_name, s->gen_name, subname);
+
+ fprintf (codefile,
+ "int ret;\n"
+ "void *ptr;\n"
+ "\n"
+ "ptr = realloc(data->val, \n"
+ "\t(data->len + 1) * sizeof(data->val[0]));\n"
+ "if (ptr == NULL) return ENOMEM;\n"
+ "data->val = ptr;\n\n"
+ "ret = copy_%s(element, &data->val[data->len]);\n"
+ "if (ret) return ret;\n"
+ "data->len++;\n"
+ "return 0;\n",
+ subname);
+
+ fprintf (codefile, "}\n\n");
+
+ fprintf (codefile, "int\n"
+ "remove_%s(%s *data, unsigned int element)\n"
+ "{\n",
+ s->gen_name, s->gen_name);
+
+ fprintf (codefile,
+ "void *ptr;\n"
+ "\n"
+ "if (data->len == 0 || element >= data->len)\n"
+ "\treturn ASN1_OVERRUN;\n"
+ "free_%s(&data->val[element]);\n"
+ "data->len--;\n"
+ /* don't move if its the last element */
+ "if (element < data->len)\n"
+ "\tmemmove(&data->val[element], &data->val[element + 1], \n"
+ "\t\tsizeof(data->val[0]) * data->len);\n"
+ /* resize but don't care about failures since it doesn't matter */
+ "ptr = realloc(data->val, data->len * sizeof(data->val[0]));\n"
+ "if (ptr != NULL || data->len == 0) data->val = ptr;\n"
+ "return 0;\n",
+ subname);
+
+ fprintf (codefile, "}\n\n");
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/hash.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/hash.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/hash.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,206 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Hash table functions
+ */
+
+#include "gen_locl.h"
+
+RCSID("$Id: hash.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static Hashentry *_search(Hashtab * htab, /* The hash table */
+ void *ptr); /* And key */
+
+Hashtab *
+hashtabnew(int sz,
+ int (*cmp) (void *, void *),
+ unsigned (*hash) (void *))
+{
+ Hashtab *htab;
+ int i;
+
+ assert(sz > 0);
+
+ htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *));
+ if (htab == NULL)
+ return NULL;
+
+ for (i = 0; i < sz; ++i)
+ htab->tab[i] = NULL;
+
+ htab->cmp = cmp;
+ htab->hash = hash;
+ htab->sz = sz;
+ return htab;
+}
+
+/* Intern search function */
+
+static Hashentry *
+_search(Hashtab * htab, void *ptr)
+{
+ Hashentry *hptr;
+
+ assert(htab && ptr);
+
+ for (hptr = htab->tab[(*htab->hash) (ptr) % htab->sz];
+ hptr;
+ hptr = hptr->next)
+ if ((*htab->cmp) (ptr, hptr->ptr) == 0)
+ break;
+ return hptr;
+}
+
+/* Search for element in hash table */
+
+void *
+hashtabsearch(Hashtab * htab, void *ptr)
+{
+ Hashentry *tmp;
+
+ tmp = _search(htab, ptr);
+ return tmp ? tmp->ptr : tmp;
+}
+
+/* add element to hash table */
+/* if already there, set new value */
+/* !NULL if succesful */
+
+void *
+hashtabadd(Hashtab * htab, void *ptr)
+{
+ Hashentry *h = _search(htab, ptr);
+ Hashentry **tabptr;
+
+ assert(htab && ptr);
+
+ if (h)
+ free((void *) h->ptr);
+ else {
+ h = (Hashentry *) malloc(sizeof(Hashentry));
+ if (h == NULL) {
+ return NULL;
+ }
+ tabptr = &htab->tab[(*htab->hash) (ptr) % htab->sz];
+ h->next = *tabptr;
+ *tabptr = h;
+ h->prev = tabptr;
+ if (h->next)
+ h->next->prev = &h->next;
+ }
+ h->ptr = ptr;
+ return h;
+}
+
+/* delete element with key key. Iff freep, free Hashentry->ptr */
+
+int
+_hashtabdel(Hashtab * htab, void *ptr, int freep)
+{
+ Hashentry *h;
+
+ assert(htab && ptr);
+
+ h = _search(htab, ptr);
+ if (h) {
+ if (freep)
+ free(h->ptr);
+ if ((*(h->prev) = h->next))
+ h->next->prev = h->prev;
+ free(h);
+ return 0;
+ } else
+ return -1;
+}
+
+/* Do something for each element */
+
+void
+hashtabforeach(Hashtab * htab, int (*func) (void *ptr, void *arg),
+ void *arg)
+{
+ Hashentry **h, *g;
+
+ assert(htab);
+
+ for (h = htab->tab; h < &htab->tab[htab->sz]; ++h)
+ for (g = *h; g; g = g->next)
+ if ((*func) (g->ptr, arg))
+ return;
+}
+
+/* standard hash-functions for strings */
+
+unsigned
+hashadd(const char *s)
+{ /* Standard hash function */
+ unsigned i;
+
+ assert(s);
+
+ for (i = 0; *s; ++s)
+ i += *s;
+ return i;
+}
+
+unsigned
+hashcaseadd(const char *s)
+{ /* Standard hash function */
+ unsigned i;
+
+ assert(s);
+
+ for (i = 0; *s; ++s)
+ i += toupper((unsigned char)*s);
+ return i;
+}
+
+#define TWELVE (sizeof(unsigned))
+#define SEVENTYFIVE (6*sizeof(unsigned))
+#define HIGH_BITS (~((unsigned)(~0) >> TWELVE))
+
+unsigned
+hashjpw(const char *ss)
+{ /* another hash function */
+ unsigned h = 0;
+ unsigned g;
+ const unsigned char *s = (const unsigned char *)ss;
+
+ for (; *s; ++s) {
+ h = (h << TWELVE) + *s;
+ if ((g = h & HIGH_BITS))
+ h = (h ^ (g >> SEVENTYFIVE)) & ~HIGH_BITS;
+ }
+ return h;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/hash.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/hash.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/hash.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * hash.h. Header file for hash table functions
+ */
+
+/* $Id: hash.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+struct hashentry { /* Entry in bucket */
+ struct hashentry **prev;
+ struct hashentry *next;
+ void *ptr;
+};
+
+typedef struct hashentry Hashentry;
+
+struct hashtab { /* Hash table */
+ int (*cmp)(void *, void *); /* Compare function */
+ unsigned (*hash)(void *); /* hash function */
+ int sz; /* Size */
+ Hashentry *tab[1]; /* The table */
+};
+
+typedef struct hashtab Hashtab;
+
+/* prototypes */
+
+Hashtab *hashtabnew(int sz,
+ int (*cmp)(void *, void *),
+ unsigned (*hash)(void *)); /* Make new hash table */
+
+void *hashtabsearch(Hashtab *htab, /* The hash table */
+ void *ptr); /* The key */
+
+
+void *hashtabadd(Hashtab *htab, /* The hash table */
+ void *ptr); /* The element */
+
+int _hashtabdel(Hashtab *htab, /* The table */
+ void *ptr, /* Key */
+ int freep); /* Free data part? */
+
+void hashtabforeach(Hashtab *htab,
+ int (*func)(void *ptr, void *arg),
+ void *arg);
+
+unsigned hashadd(const char *s); /* Standard hash function */
+unsigned hashcaseadd(const char *s); /* Standard hash function */
+unsigned hashjpw(const char *s); /* another hash function */
+
+/* macros */
+
+ /* Don't free space */
+#define hashtabdel(htab,key) _hashtabdel(htab,key,FALSE)
+
+#define hashtabfree(htab,key) _hashtabdel(htab,key,TRUE) /* Do! */
Added: vendor-crypto/heimdal/dist/lib/asn1/heim_asn1.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/heim_asn1.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/heim_asn1.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2003-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __HEIM_ANY_H__
+#define __HEIM_ANY_H__ 1
+
+int encode_heim_any(unsigned char *, size_t, const heim_any *, size_t *);
+int decode_heim_any(const unsigned char *, size_t, heim_any *, size_t *);
+void free_heim_any(heim_any *);
+size_t length_heim_any(const heim_any *);
+int copy_heim_any(const heim_any *, heim_any *);
+
+int encode_heim_any_set(unsigned char *, size_t,
+ const heim_any_set *, size_t *);
+int decode_heim_any_set(const unsigned char *, size_t,
+ heim_any_set *,size_t *);
+void free_heim_any_set(heim_any_set *);
+size_t length_heim_any_set(const heim_any_set *);
+int copy_heim_any_set(const heim_any_set *, heim_any_set *);
+int heim_any_cmp(const heim_any_set *, const heim_any_set *);
+
+#endif /* __HEIM_ANY_H__ */
Added: vendor-crypto/heimdal/dist/lib/asn1/k5.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/k5.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/k5.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,659 @@
+-- $Id: k5.asn1,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+KERBEROS5 DEFINITIONS ::=
+BEGIN
+
+NAME-TYPE ::= INTEGER {
+ KRB5_NT_UNKNOWN(0), -- Name type not known
+ KRB5_NT_PRINCIPAL(1), -- Just the name of the principal as in
+ KRB5_NT_SRV_INST(2), -- Service and other unique instance (krbtgt)
+ KRB5_NT_SRV_HST(3), -- Service with host name as instance
+ KRB5_NT_SRV_XHST(4), -- Service with host as remaining components
+ KRB5_NT_UID(5), -- Unique ID
+ KRB5_NT_X500_PRINCIPAL(6), -- PKINIT
+ KRB5_NT_SMTP_NAME(7), -- Name in form of SMTP email name
+ KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN
+ KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID
+ KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name
+ KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID
+}
+
+-- message types
+
+MESSAGE-TYPE ::= INTEGER {
+ krb-as-req(10), -- Request for initial authentication
+ krb-as-rep(11), -- Response to KRB_AS_REQ request
+ krb-tgs-req(12), -- Request for authentication based on TGT
+ krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
+ krb-ap-req(14), -- application request to server
+ krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
+ krb-safe(20), -- Safe (checksummed) application message
+ krb-priv(21), -- Private (encrypted) application message
+ krb-cred(22), -- Private (encrypted) message to forward credentials
+ krb-error(30) -- Error response
+}
+
+
+-- pa-data types
+
+PADATA-TYPE ::= INTEGER {
+ KRB5-PADATA-NONE(0),
+ KRB5-PADATA-TGS-REQ(1),
+ KRB5-PADATA-AP-REQ(1),
+ KRB5-PADATA-ENC-TIMESTAMP(2),
+ KRB5-PADATA-PW-SALT(3),
+ KRB5-PADATA-ENC-UNIX-TIME(5),
+ KRB5-PADATA-SANDIA-SECUREID(6),
+ KRB5-PADATA-SESAME(7),
+ KRB5-PADATA-OSF-DCE(8),
+ KRB5-PADATA-CYBERSAFE-SECUREID(9),
+ KRB5-PADATA-AFS3-SALT(10),
+ KRB5-PADATA-ETYPE-INFO(11),
+ KRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
+ KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
+ KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
+ KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
+ KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
+ KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
+ KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
+ KRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
+ KRB5-PADATA-ETYPE-INFO2(19),
+ KRB5-PADATA-USE-SPECIFIED-KVNO(20),
+ KRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
+ KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
+ KRB5-PADATA-GET-FROM-TYPED-DATA(22),
+ KRB5-PADATA-SAM-ETYPE-INFO(23),
+ KRB5-PADATA-SERVER-REFERRAL(25),
+ KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName
+ KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
+ KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
+ KRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific
+ KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER
+ KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
+ KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak at exchange.microsoft.com
+ KRB5-PADATA-S4U2SELF(129),
+ KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to
+ -- tell KDC that is supports
+ -- the asCheckSum in the
+ -- PK-AS-REP
+ KRB5-PADATA-CLIENT-CANONICALIZED(133) --
+}
+
+AUTHDATA-TYPE ::= INTEGER {
+ KRB5-AUTHDATA-IF-RELEVANT(1),
+ KRB5-AUTHDATA-INTENDED-FOR_SERVER(2),
+ KRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
+ KRB5-AUTHDATA-KDC-ISSUED(4),
+ KRB5-AUTHDATA-AND-OR(5),
+ KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
+ KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
+ KRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
+ KRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
+ KRB5-AUTHDATA-OSF-DCE(64),
+ KRB5-AUTHDATA-SESAME(65),
+ KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
+ KRB5-AUTHDATA-WIN2K-PAC(128),
+ KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
+ KRB5-AUTHDATA-SIGNTICKET(-17)
+}
+
+-- checksumtypes
+
+CKSUMTYPE ::= INTEGER {
+ CKSUMTYPE_NONE(0),
+ CKSUMTYPE_CRC32(1),
+ CKSUMTYPE_RSA_MD4(2),
+ CKSUMTYPE_RSA_MD4_DES(3),
+ CKSUMTYPE_DES_MAC(4),
+ CKSUMTYPE_DES_MAC_K(5),
+ CKSUMTYPE_RSA_MD4_DES_K(6),
+ CKSUMTYPE_RSA_MD5(7),
+ CKSUMTYPE_RSA_MD5_DES(8),
+ CKSUMTYPE_RSA_MD5_DES3(9),
+ CKSUMTYPE_SHA1_OTHER(10),
+ CKSUMTYPE_HMAC_SHA1_DES3(12),
+ CKSUMTYPE_SHA1(14),
+ CKSUMTYPE_HMAC_SHA1_96_AES_128(15),
+ CKSUMTYPE_HMAC_SHA1_96_AES_256(16),
+ CKSUMTYPE_GSSAPI(0x8003),
+ CKSUMTYPE_HMAC_MD5(-138), -- unofficial microsoft number
+ CKSUMTYPE_HMAC_MD5_ENC(-1138) -- even more unofficial
+}
+
+--enctypes
+ENCTYPE ::= INTEGER {
+ ETYPE_NULL(0),
+ ETYPE_DES_CBC_CRC(1),
+ ETYPE_DES_CBC_MD4(2),
+ ETYPE_DES_CBC_MD5(3),
+ ETYPE_DES3_CBC_MD5(5),
+ ETYPE_OLD_DES3_CBC_SHA1(7),
+ ETYPE_SIGN_DSA_GENERATE(8),
+ ETYPE_ENCRYPT_RSA_PRIV(9),
+ ETYPE_ENCRYPT_RSA_PUB(10),
+ ETYPE_DES3_CBC_SHA1(16), -- with key derivation
+ ETYPE_AES128_CTS_HMAC_SHA1_96(17),
+ ETYPE_AES256_CTS_HMAC_SHA1_96(18),
+ ETYPE_ARCFOUR_HMAC_MD5(23),
+ ETYPE_ARCFOUR_HMAC_MD5_56(24),
+ ETYPE_ENCTYPE_PK_CROSS(48),
+-- some "old" windows types
+ ETYPE_ARCFOUR_MD4(-128),
+ ETYPE_ARCFOUR_HMAC_OLD(-133),
+ ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
+-- these are for Heimdal internal use
+ ETYPE_DES_CBC_NONE(-0x1000),
+ ETYPE_DES3_CBC_NONE(-0x1001),
+ ETYPE_DES_CFB64_NONE(-0x1002),
+ ETYPE_DES_PCBC_NONE(-0x1003),
+ ETYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh at padl.com
+ ETYPE_CRAM_MD5_NONE(-0x1005) -- private use, lukeh at padl.com
+}
+
+
+
+
+-- this is sugar to make something ASN1 does not have: unsigned
+
+krb5uint32 ::= INTEGER (0..4294967295)
+krb5int32 ::= INTEGER (-2147483648..2147483647)
+
+KerberosString ::= GeneralString
+
+Realm ::= GeneralString
+PrincipalName ::= SEQUENCE {
+ name-type[0] NAME-TYPE,
+ name-string[1] SEQUENCE OF GeneralString
+}
+
+-- this is not part of RFC1510
+Principal ::= SEQUENCE {
+ name[0] PrincipalName,
+ realm[1] Realm
+}
+
+HostAddress ::= SEQUENCE {
+ addr-type[0] krb5int32,
+ address[1] OCTET STRING
+}
+
+-- This is from RFC1510.
+--
+-- HostAddresses ::= SEQUENCE OF SEQUENCE {
+-- addr-type[0] krb5int32,
+-- address[1] OCTET STRING
+-- }
+
+-- This seems much better.
+HostAddresses ::= SEQUENCE OF HostAddress
+
+
+KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
+
+AuthorizationDataElement ::= SEQUENCE {
+ ad-type[0] krb5int32,
+ ad-data[1] OCTET STRING
+}
+
+AuthorizationData ::= SEQUENCE OF AuthorizationDataElement
+
+APOptions ::= BIT STRING {
+ reserved(0),
+ use-session-key(1),
+ mutual-required(2)
+}
+
+TicketFlags ::= BIT STRING {
+ reserved(0),
+ forwardable(1),
+ forwarded(2),
+ proxiable(3),
+ proxy(4),
+ may-postdate(5),
+ postdated(6),
+ invalid(7),
+ renewable(8),
+ initial(9),
+ pre-authent(10),
+ hw-authent(11),
+ transited-policy-checked(12),
+ ok-as-delegate(13),
+ anonymous(14)
+}
+
+KDCOptions ::= BIT STRING {
+ reserved(0),
+ forwardable(1),
+ forwarded(2),
+ proxiable(3),
+ proxy(4),
+ allow-postdate(5),
+ postdated(6),
+ unused7(7),
+ renewable(8),
+ unused9(9),
+ unused10(10),
+ unused11(11),
+ request-anonymous(14),
+ canonicalize(15),
+ constrained-delegation(16), -- ms extension
+ disable-transited-check(26),
+ renewable-ok(27),
+ enc-tkt-in-skey(28),
+ renew(30),
+ validate(31)
+}
+
+LR-TYPE ::= INTEGER {
+ LR_NONE(0), -- no information
+ LR_INITIAL_TGT(1), -- last initial TGT request
+ LR_INITIAL(2), -- last initial request
+ LR_ISSUE_USE_TGT(3), -- time of newest TGT used
+ LR_RENEWAL(4), -- time of last renewal
+ LR_REQUEST(5), -- time of last request (of any type)
+ LR_PW_EXPTIME(6), -- expiration time of password
+ LR_ACCT_EXPTIME(7) -- expiration time of account
+}
+
+LastReq ::= SEQUENCE OF SEQUENCE {
+ lr-type[0] LR-TYPE,
+ lr-value[1] KerberosTime
+}
+
+
+EncryptedData ::= SEQUENCE {
+ etype[0] ENCTYPE, -- EncryptionType
+ kvno[1] krb5int32 OPTIONAL,
+ cipher[2] OCTET STRING -- ciphertext
+}
+
+EncryptionKey ::= SEQUENCE {
+ keytype[0] krb5int32,
+ keyvalue[1] OCTET STRING
+}
+
+-- encoded Transited field
+TransitedEncoding ::= SEQUENCE {
+ tr-type[0] krb5int32, -- must be registered
+ contents[1] OCTET STRING
+}
+
+Ticket ::= [APPLICATION 1] SEQUENCE {
+ tkt-vno[0] krb5int32,
+ realm[1] Realm,
+ sname[2] PrincipalName,
+ enc-part[3] EncryptedData
+}
+-- Encrypted part of ticket
+EncTicketPart ::= [APPLICATION 3] SEQUENCE {
+ flags[0] TicketFlags,
+ key[1] EncryptionKey,
+ crealm[2] Realm,
+ cname[3] PrincipalName,
+ transited[4] TransitedEncoding,
+ authtime[5] KerberosTime,
+ starttime[6] KerberosTime OPTIONAL,
+ endtime[7] KerberosTime,
+ renew-till[8] KerberosTime OPTIONAL,
+ caddr[9] HostAddresses OPTIONAL,
+ authorization-data[10] AuthorizationData OPTIONAL
+}
+
+Checksum ::= SEQUENCE {
+ cksumtype[0] CKSUMTYPE,
+ checksum[1] OCTET STRING
+}
+
+Authenticator ::= [APPLICATION 2] SEQUENCE {
+ authenticator-vno[0] krb5int32,
+ crealm[1] Realm,
+ cname[2] PrincipalName,
+ cksum[3] Checksum OPTIONAL,
+ cusec[4] krb5int32,
+ ctime[5] KerberosTime,
+ subkey[6] EncryptionKey OPTIONAL,
+ seq-number[7] krb5uint32 OPTIONAL,
+ authorization-data[8] AuthorizationData OPTIONAL
+}
+
+PA-DATA ::= SEQUENCE {
+ -- might be encoded AP-REQ
+ padata-type[1] PADATA-TYPE,
+ padata-value[2] OCTET STRING
+}
+
+ETYPE-INFO-ENTRY ::= SEQUENCE {
+ etype[0] ENCTYPE,
+ salt[1] OCTET STRING OPTIONAL,
+ salttype[2] krb5int32 OPTIONAL
+}
+
+ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
+
+ETYPE-INFO2-ENTRY ::= SEQUENCE {
+ etype[0] ENCTYPE,
+ salt[1] KerberosString OPTIONAL,
+ s2kparams[2] OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
+
+METHOD-DATA ::= SEQUENCE OF PA-DATA
+
+TypedData ::= SEQUENCE {
+ data-type[0] krb5int32,
+ data-value[1] OCTET STRING OPTIONAL
+}
+
+TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
+
+KDC-REQ-BODY ::= SEQUENCE {
+ kdc-options[0] KDCOptions,
+ cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ
+ realm[2] Realm, -- Server's realm
+ -- Also client's in AS-REQ
+ sname[3] PrincipalName OPTIONAL,
+ from[4] KerberosTime OPTIONAL,
+ till[5] KerberosTime OPTIONAL,
+ rtime[6] KerberosTime OPTIONAL,
+ nonce[7] krb5int32,
+ etype[8] SEQUENCE OF ENCTYPE, -- EncryptionType,
+ -- in preference order
+ addresses[9] HostAddresses OPTIONAL,
+ enc-authorization-data[10] EncryptedData OPTIONAL,
+ -- Encrypted AuthorizationData encoding
+ additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
+}
+
+KDC-REQ ::= SEQUENCE {
+ pvno[1] krb5int32,
+ msg-type[2] MESSAGE-TYPE,
+ padata[3] METHOD-DATA OPTIONAL,
+ req-body[4] KDC-REQ-BODY
+}
+
+AS-REQ ::= [APPLICATION 10] KDC-REQ
+TGS-REQ ::= [APPLICATION 12] KDC-REQ
+
+-- padata-type ::= PA-ENC-TIMESTAMP
+-- padata-value ::= EncryptedData - PA-ENC-TS-ENC
+
+PA-ENC-TS-ENC ::= SEQUENCE {
+ patimestamp[0] KerberosTime, -- client's time
+ pausec[1] krb5int32 OPTIONAL
+}
+
+-- draft-brezak-win2k-krb-authz-01
+PA-PAC-REQUEST ::= SEQUENCE {
+ include-pac[0] BOOLEAN -- Indicates whether a PAC
+ -- should be included or not
+}
+
+-- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf
+PROV-SRV-LOCATION ::= GeneralString
+
+KDC-REP ::= SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE,
+ padata[2] METHOD-DATA OPTIONAL,
+ crealm[3] Realm,
+ cname[4] PrincipalName,
+ ticket[5] Ticket,
+ enc-part[6] EncryptedData
+}
+
+AS-REP ::= [APPLICATION 11] KDC-REP
+TGS-REP ::= [APPLICATION 13] KDC-REP
+
+EncKDCRepPart ::= SEQUENCE {
+ key[0] EncryptionKey,
+ last-req[1] LastReq,
+ nonce[2] krb5int32,
+ key-expiration[3] KerberosTime OPTIONAL,
+ flags[4] TicketFlags,
+ authtime[5] KerberosTime,
+ starttime[6] KerberosTime OPTIONAL,
+ endtime[7] KerberosTime,
+ renew-till[8] KerberosTime OPTIONAL,
+ srealm[9] Realm,
+ sname[10] PrincipalName,
+ caddr[11] HostAddresses OPTIONAL,
+ encrypted-pa-data[12] METHOD-DATA OPTIONAL
+}
+
+EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
+EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
+
+AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE,
+ ap-options[2] APOptions,
+ ticket[3] Ticket,
+ authenticator[4] EncryptedData
+}
+
+AP-REP ::= [APPLICATION 15] SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE,
+ enc-part[2] EncryptedData
+}
+
+EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
+ ctime[0] KerberosTime,
+ cusec[1] krb5int32,
+ subkey[2] EncryptionKey OPTIONAL,
+ seq-number[3] krb5uint32 OPTIONAL
+}
+
+KRB-SAFE-BODY ::= SEQUENCE {
+ user-data[0] OCTET STRING,
+ timestamp[1] KerberosTime OPTIONAL,
+ usec[2] krb5int32 OPTIONAL,
+ seq-number[3] krb5uint32 OPTIONAL,
+ s-address[4] HostAddress OPTIONAL,
+ r-address[5] HostAddress OPTIONAL
+}
+
+KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE,
+ safe-body[2] KRB-SAFE-BODY,
+ cksum[3] Checksum
+}
+
+KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE,
+ enc-part[3] EncryptedData
+}
+EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
+ user-data[0] OCTET STRING,
+ timestamp[1] KerberosTime OPTIONAL,
+ usec[2] krb5int32 OPTIONAL,
+ seq-number[3] krb5uint32 OPTIONAL,
+ s-address[4] HostAddress OPTIONAL, -- sender's addr
+ r-address[5] HostAddress OPTIONAL -- recip's addr
+}
+
+KRB-CRED ::= [APPLICATION 22] SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE, -- KRB_CRED
+ tickets[2] SEQUENCE OF Ticket,
+ enc-part[3] EncryptedData
+}
+
+KrbCredInfo ::= SEQUENCE {
+ key[0] EncryptionKey,
+ prealm[1] Realm OPTIONAL,
+ pname[2] PrincipalName OPTIONAL,
+ flags[3] TicketFlags OPTIONAL,
+ authtime[4] KerberosTime OPTIONAL,
+ starttime[5] KerberosTime OPTIONAL,
+ endtime[6] KerberosTime OPTIONAL,
+ renew-till[7] KerberosTime OPTIONAL,
+ srealm[8] Realm OPTIONAL,
+ sname[9] PrincipalName OPTIONAL,
+ caddr[10] HostAddresses OPTIONAL
+}
+
+EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
+ ticket-info[0] SEQUENCE OF KrbCredInfo,
+ nonce[1] krb5int32 OPTIONAL,
+ timestamp[2] KerberosTime OPTIONAL,
+ usec[3] krb5int32 OPTIONAL,
+ s-address[4] HostAddress OPTIONAL,
+ r-address[5] HostAddress OPTIONAL
+}
+
+KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
+ pvno[0] krb5int32,
+ msg-type[1] MESSAGE-TYPE,
+ ctime[2] KerberosTime OPTIONAL,
+ cusec[3] krb5int32 OPTIONAL,
+ stime[4] KerberosTime,
+ susec[5] krb5int32,
+ error-code[6] krb5int32,
+ crealm[7] Realm OPTIONAL,
+ cname[8] PrincipalName OPTIONAL,
+ realm[9] Realm, -- Correct realm
+ sname[10] PrincipalName, -- Correct name
+ e-text[11] GeneralString OPTIONAL,
+ e-data[12] OCTET STRING OPTIONAL
+}
+
+ChangePasswdDataMS ::= SEQUENCE {
+ newpasswd[0] OCTET STRING,
+ targname[1] PrincipalName OPTIONAL,
+ targrealm[2] Realm OPTIONAL
+}
+
+EtypeList ::= SEQUENCE OF krb5int32
+ -- the client's proposed enctype list in
+ -- decreasing preference order, favorite choice first
+
+krb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number
+
+-- transited encodings
+
+DOMAIN-X500-COMPRESS krb5int32 ::= 1
+
+-- authorization data primitives
+
+AD-IF-RELEVANT ::= AuthorizationData
+
+AD-KDCIssued ::= SEQUENCE {
+ ad-checksum[0] Checksum,
+ i-realm[1] Realm OPTIONAL,
+ i-sname[2] PrincipalName OPTIONAL,
+ elements[3] AuthorizationData
+}
+
+AD-AND-OR ::= SEQUENCE {
+ condition-count[0] INTEGER,
+ elements[1] AuthorizationData
+}
+
+AD-MANDATORY-FOR-KDC ::= AuthorizationData
+
+-- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2
+
+PA-SAM-TYPE ::= INTEGER {
+ PA_SAM_TYPE_ENIGMA(1), -- Enigma Logic
+ PA_SAM_TYPE_DIGI_PATH(2), -- Digital Pathways
+ PA_SAM_TYPE_SKEY_K0(3), -- S/key where KDC has key 0
+ PA_SAM_TYPE_SKEY(4), -- Traditional S/Key
+ PA_SAM_TYPE_SECURID(5), -- Security Dynamics
+ PA_SAM_TYPE_CRYPTOCARD(6) -- CRYPTOCard
+}
+
+PA-SAM-REDIRECT ::= HostAddresses
+
+SAMFlags ::= BIT STRING {
+ use-sad-as-key(0),
+ send-encrypted-sad(1),
+ must-pk-encrypt-sad(2)
+}
+
+PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
+ sam-type[0] krb5int32,
+ sam-flags[1] SAMFlags,
+ sam-type-name[2] GeneralString OPTIONAL,
+ sam-track-id[3] GeneralString OPTIONAL,
+ sam-challenge-label[4] GeneralString OPTIONAL,
+ sam-challenge[5] GeneralString OPTIONAL,
+ sam-response-prompt[6] GeneralString OPTIONAL,
+ sam-pk-for-sad[7] EncryptionKey OPTIONAL,
+ sam-nonce[8] krb5int32,
+ sam-etype[9] krb5int32,
+ ...
+}
+
+PA-SAM-CHALLENGE-2 ::= SEQUENCE {
+ sam-body[0] PA-SAM-CHALLENGE-2-BODY,
+ sam-cksum[1] SEQUENCE OF Checksum, -- (1..MAX)
+ ...
+}
+
+PA-SAM-RESPONSE-2 ::= SEQUENCE {
+ sam-type[0] krb5int32,
+ sam-flags[1] SAMFlags,
+ sam-track-id[2] GeneralString OPTIONAL,
+ sam-enc-nonce-or-sad[3] EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC
+ sam-nonce[4] krb5int32,
+ ...
+}
+
+PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
+ sam-nonce[0] krb5int32,
+ sam-sad[1] GeneralString OPTIONAL,
+ ...
+}
+
+PA-S4U2Self ::= SEQUENCE {
+ name[0] PrincipalName,
+ realm[1] Realm,
+ cksum[2] Checksum,
+ auth[3] GeneralString
+}
+
+KRB5SignedPathPrincipals ::= SEQUENCE OF Principal
+
+-- never encoded on the wire, just used to checksum over
+KRB5SignedPathData ::= SEQUENCE {
+ encticket[0] EncTicketPart,
+ delegated[1] KRB5SignedPathPrincipals OPTIONAL
+}
+
+KRB5SignedPath ::= SEQUENCE {
+ -- DERcoded KRB5SignedPathData
+ -- krbtgt key (etype), KeyUsage = XXX
+ etype[0] ENCTYPE,
+ cksum[1] Checksum,
+ -- srvs delegated though
+ delegated[2] KRB5SignedPathPrincipals OPTIONAL
+}
+
+PA-ClientCanonicalizedNames ::= SEQUENCE{
+ requested-name [0] PrincipalName,
+ real-name [1] PrincipalName
+}
+
+PA-ClientCanonicalized ::= SEQUENCE {
+ names [0] PA-ClientCanonicalizedNames,
+ canon-checksum [1] Checksum
+}
+
+AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD --
+ login-alias [0] PrincipalName,
+ checksum [1] Checksum
+}
+
+-- old ms referral
+PA-SvrReferralData ::= SEQUENCE {
+ referred-name [1] PrincipalName OPTIONAL,
+ referred-realm [0] Realm
+}
+
+END
+
+-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
Added: vendor-crypto/heimdal/dist/lib/asn1/kx509.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/kx509.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/kx509.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,20 @@
+-- $Id: kx509.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+KX509 DEFINITIONS ::=
+BEGIN
+
+Kx509Request ::= SEQUENCE {
+ authenticator OCTET STRING,
+ pk-hash OCTET STRING,
+ pk-key OCTET STRING
+}
+
+Kx509Response ::= SEQUENCE {
+ error-code[0] INTEGER (-2147483648..2147483647)
+ OPTIONAL -- DEFAULT 0 --,
+ hash[1] OCTET STRING OPTIONAL,
+ certificate[2] OCTET STRING OPTIONAL,
+ e-text[3] VisibleString OPTIONAL
+}
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/lex.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/lex.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/lex.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2693 @@
+
+#line 3 "lex.c"
+
+#define YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 33
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if __STDC_VERSION__ >= 199901L
+
+/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
+ * if you want the limit (max/min) macros for int types.
+ */
+#ifndef __STDC_LIMIT_MACROS
+#define __STDC_LIMIT_MACROS 1
+#endif
+
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index. If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition. This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state. The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart(yyin )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+/* The state buf must be large enough to hold one state per character in the main buffer.
+ */
+#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int yyleng;
+
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+ #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ *yy_cp = (yy_hold_char); \
+ YY_RESTORE_YY_MORE_OFFSET \
+ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } \
+ while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr) )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+ {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ int yy_bs_lineno; /**< The line count. */
+ int yy_bs_column; /**< The column count. */
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+ /* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
+#define YY_BUFFER_EOF_PENDING 2
+
+ };
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+ : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 0; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin. A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart (FILE *input_file );
+void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
+YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
+void yy_delete_buffer (YY_BUFFER_STATE b );
+void yy_flush_buffer (YY_BUFFER_STATE b );
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
+void yypop_buffer_state (void );
+
+static void yyensure_buffer_stack (void );
+static void yy_load_buffer_state (void );
+static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
+
+#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
+YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
+YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
+
+void *yyalloc (yy_size_t );
+void *yyrealloc (void *,yy_size_t );
+void yyfree (void * );
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){ \
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ }
+
+#define yy_set_bol(at_bol) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){\
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ }
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+typedef unsigned char YY_CHAR;
+
+FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int yylineno;
+
+int yylineno = 1;
+
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[] );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION \
+ (yytext_ptr) = yy_bp; \
+ yyleng = (size_t) (yy_cp - yy_bp); \
+ (yy_hold_char) = *yy_cp; \
+ *yy_cp = '\0'; \
+ (yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 95
+#define YY_END_OF_BUFFER 96
+/* This struct is not used in this scanner,
+ but its presence is necessary. */
+struct yy_trans_info
+ {
+ flex_int32_t yy_verify;
+ flex_int32_t yy_nxt;
+ };
+static yyconst flex_int16_t yy_accept[568] =
+ { 0,
+ 0, 0, 96, 94, 90, 91, 87, 81, 81, 94,
+ 94, 88, 88, 94, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 82, 83, 85, 88, 88, 93, 86,
+ 0, 0, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 10, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 51, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 92, 88, 84,
+
+ 89, 3, 89, 89, 89, 7, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 22, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 44, 45, 89, 89, 89, 89, 89, 89,
+ 89, 55, 89, 89, 89, 89, 89, 89, 89, 63,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 30, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+
+ 47, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 60, 89, 89, 64, 89, 89, 89, 68, 69,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 80, 89, 89, 89, 89, 6, 89, 89, 89, 89,
+ 13, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 29, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 50,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 72, 89, 89, 89, 89, 89,
+ 89, 89, 1, 89, 89, 89, 89, 89, 89, 12,
+
+ 89, 89, 89, 89, 89, 89, 89, 89, 24, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 49, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 65, 66, 89,
+ 89, 89, 73, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 9, 89, 89, 89, 89, 18, 89,
+ 89, 21, 89, 89, 26, 89, 89, 89, 89, 89,
+ 89, 89, 37, 38, 89, 89, 41, 89, 89, 89,
+ 89, 89, 89, 54, 89, 57, 58, 89, 89, 89,
+ 89, 89, 89, 89, 75, 89, 89, 89, 89, 89,
+
+ 89, 89, 89, 89, 89, 89, 89, 89, 20, 89,
+ 25, 89, 28, 89, 89, 89, 89, 89, 36, 39,
+ 40, 89, 89, 89, 89, 52, 89, 89, 89, 89,
+ 62, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 5, 8, 11, 14, 89, 89, 89, 89, 89,
+ 89, 89, 89, 34, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 67, 89, 89, 74, 89, 89, 89,
+ 89, 89, 89, 15, 89, 17, 89, 23, 89, 89,
+ 89, 89, 35, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 76, 89, 89, 89, 89, 4, 16,
+
+ 19, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 42, 43, 89, 89, 89, 89, 89,
+ 61, 89, 89, 89, 89, 89, 89, 27, 31, 89,
+ 33, 89, 48, 89, 56, 89, 89, 71, 89, 89,
+ 79, 89, 89, 46, 89, 89, 89, 89, 78, 2,
+ 32, 89, 59, 70, 77, 53, 0
+ } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 1, 4, 1, 1, 1, 1, 1, 5,
+ 5, 6, 1, 5, 7, 8, 9, 10, 11, 12,
+ 12, 13, 14, 15, 12, 16, 12, 17, 5, 1,
+ 18, 1, 1, 1, 19, 20, 21, 22, 23, 24,
+ 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
+ 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
+ 45, 1, 46, 1, 47, 1, 48, 49, 50, 51,
+
+ 52, 53, 54, 55, 56, 57, 29, 58, 59, 60,
+ 61, 62, 29, 63, 64, 65, 66, 67, 29, 68,
+ 29, 69, 5, 5, 5, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1
+ } ;
+
+static yyconst flex_int32_t yy_meta[70] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 2, 1, 1, 3,
+ 3, 3, 3, 3, 3, 3, 1, 1, 3, 3,
+ 3, 3, 3, 3, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 1, 1, 2, 3, 3, 3,
+ 3, 3, 3, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2
+ } ;
+
+static yyconst flex_int16_t yy_base[570] =
+ { 0,
+ 0, 0, 636, 637, 637, 637, 637, 637, 63, 627,
+ 628, 70, 77, 616, 74, 72, 76, 609, 65, 81,
+ 49, 0, 92, 91, 32, 101, 97, 608, 103, 113,
+ 99, 574, 602, 637, 637, 637, 156, 163, 620, 637,
+ 0, 609, 0, 589, 595, 590, 585, 597, 583, 586,
+ 586, 0, 101, 599, 108, 593, 596, 122, 124, 585,
+ 581, 553, 564, 597, 587, 575, 115, 575, 565, 574,
+ 575, 545, 575, 564, 0, 563, 543, 561, 558, 558,
+ 124, 540, 161, 119, 551, 558, 561, 581, 566, 551,
+ 555, 530, 560, 160, 530, 91, 547, 637, 0, 637,
+
+ 125, 0, 554, 550, 555, 0, 544, 550, 543, 551,
+ 540, 542, 145, 166, 552, 541, 0, 542, 549, 156,
+ 548, 533, 538, 516, 505, 529, 533, 157, 534, 525,
+ 539, 546, 0, 521, 529, 506, 534, 533, 528, 502,
+ 515, 0, 515, 514, 510, 489, 518, 528, 507, 0,
+ 522, 517, 505, 505, 504, 517, 516, 486, 159, 499,
+ 520, 468, 482, 477, 506, 499, 494, 502, 497, 495,
+ 461, 502, 505, 502, 485, 488, 482, 500, 479, 485,
+ 494, 493, 491, 479, 485, 475, 164, 487, 0, 446,
+ 453, 442, 468, 478, 468, 464, 483, 170, 488, 463,
+
+ 0, 436, 477, 459, 463, 445, 471, 486, 469, 472,
+ 425, 0, 451, 465, 0, 455, 467, 420, 0, 0,
+ 477, 418, 450, 442, 457, 423, 441, 425, 415, 426,
+ 0, 436, 454, 451, 452, 0, 407, 450, 447, 444,
+ 0, 434, 429, 437, 433, 435, 439, 437, 423, 420,
+ 436, 418, 418, 422, 0, 405, 396, 388, 423, 180,
+ 411, 426, 415, 423, 408, 429, 436, 386, 403, 0,
+ 408, 374, 402, 410, 404, 397, 386, 406, 400, 406,
+ 388, 366, 401, 375, 0, 403, 389, 365, 358, 359,
+ 356, 362, 0, 398, 399, 379, 360, 383, 376, 0,
+
+ 390, 393, 379, 372, 371, 385, 385, 387, 0, 378,
+ 367, 376, 383, 343, 350, 343, 374, 370, 374, 358,
+ 371, 372, 356, 368, 353, 362, 338, 0, 368, 364,
+ 353, 352, 345, 359, 332, 340, 358, 0, 0, 322,
+ 355, 308, 0, 338, 322, 310, 308, 319, 318, 331,
+ 330, 340, 306, 0, 342, 332, 336, 335, 0, 334,
+ 338, 0, 321, 320, 0, 337, 326, 151, 318, 294,
+ 326, 314, 0, 0, 314, 327, 0, 328, 283, 315,
+ 309, 315, 292, 0, 319, 0, 0, 284, 318, 317,
+ 279, 315, 300, 317, 0, 279, 286, 265, 295, 324,
+
+ 303, 308, 274, 291, 288, 293, 292, 290, 0, 299,
+ 0, 294, 0, 255, 250, 253, 263, 293, 0, 0,
+ 0, 277, 251, 289, 247, 0, 247, 283, 257, 261,
+ 0, 253, 274, 240, 274, 243, 244, 264, 235, 262,
+ 265, 0, 0, 0, 260, 273, 270, 262, 271, 262,
+ 228, 238, 226, 0, 252, 260, 230, 258, 221, 233,
+ 250, 244, 247, 0, 241, 215, 0, 223, 239, 210,
+ 211, 230, 240, 0, 249, 0, 233, 0, 242, 212,
+ 216, 210, 0, 232, 204, 231, 206, 198, 233, 194,
+ 231, 230, 200, 0, 190, 191, 197, 220, 0, 0,
+
+ 0, 213, 190, 211, 188, 215, 192, 218, 184, 187,
+ 204, 178, 218, 215, 178, 174, 180, 175, 196, 190,
+ 178, 175, 176, 0, 0, 191, 174, 165, 180, 166,
+ 0, 194, 166, 163, 158, 163, 197, 0, 0, 156,
+ 0, 171, 0, 148, 0, 152, 188, 0, 150, 155,
+ 0, 166, 153, 0, 143, 148, 162, 143, 0, 0,
+ 0, 101, 0, 0, 0, 0, 637, 223, 69
+ } ;
+
+static yyconst flex_int16_t yy_def[570] =
+ { 0,
+ 567, 1, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 567, 567, 567, 567, 567, 567, 567,
+ 569, 567, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 567, 569, 567,
+
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+ 568, 568, 568, 568, 568, 568, 0, 567, 567
+ } ;
+
+static yyconst flex_int16_t yy_nxt[707] =
+ { 0,
+ 4, 5, 6, 7, 8, 4, 9, 10, 11, 12,
+ 13, 13, 13, 13, 13, 13, 14, 4, 15, 16,
+ 17, 18, 19, 20, 21, 22, 23, 22, 22, 22,
+ 24, 25, 26, 27, 22, 28, 29, 30, 31, 32,
+ 33, 22, 22, 22, 34, 35, 4, 22, 22, 22,
+ 22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
+ 22, 22, 22, 22, 22, 22, 22, 22, 22, 36,
+ 71, 99, 37, 38, 38, 38, 38, 38, 38, 38,
+ 38, 38, 38, 38, 38, 38, 38, 38, 38, 38,
+ 38, 38, 38, 44, 48, 57, 58, 72, 49, 60,
+
+ 62, 53, 50, 45, 51, 54, 59, 46, 55, 69,
+ 64, 63, 47, 65, 52, 78, 61, 70, 79, 109,
+ 73, 74, 66, 67, 75, 84, 80, 88, 68, 85,
+ 93, 89, 81, 110, 76, 129, 94, 41, 112, 113,
+ 86, 163, 116, 117, 119, 87, 144, 166, 90, 77,
+ 145, 130, 131, 149, 164, 91, 150, 120, 95, 82,
+ 118, 121, 167, 566, 92, 38, 38, 38, 38, 38,
+ 38, 38, 38, 38, 38, 38, 38, 38, 38, 147,
+ 160, 177, 178, 161, 179, 185, 194, 414, 186, 195,
+ 148, 223, 180, 224, 264, 253, 565, 564, 225, 254,
+
+ 318, 563, 319, 562, 561, 265, 415, 560, 559, 558,
+ 557, 556, 555, 554, 553, 552, 551, 550, 549, 548,
+ 547, 546, 545, 41, 43, 43, 544, 543, 542, 541,
+ 540, 539, 538, 537, 536, 535, 534, 533, 532, 531,
+ 530, 529, 528, 527, 526, 525, 524, 523, 522, 521,
+ 520, 519, 518, 517, 516, 515, 514, 513, 512, 511,
+ 510, 509, 508, 507, 506, 505, 504, 503, 502, 501,
+ 500, 499, 498, 497, 496, 495, 494, 493, 492, 491,
+ 490, 489, 488, 487, 486, 485, 484, 483, 482, 481,
+ 480, 479, 478, 477, 476, 475, 474, 473, 472, 471,
+
+ 470, 469, 468, 467, 466, 465, 464, 463, 462, 461,
+ 460, 459, 458, 457, 456, 455, 454, 453, 452, 451,
+ 450, 449, 448, 447, 446, 445, 444, 443, 442, 441,
+ 440, 439, 438, 437, 436, 435, 434, 433, 432, 431,
+ 430, 429, 428, 427, 426, 425, 424, 423, 422, 421,
+ 420, 419, 418, 417, 416, 413, 412, 411, 410, 409,
+ 408, 407, 406, 405, 404, 403, 402, 401, 400, 399,
+ 398, 397, 396, 395, 394, 393, 392, 391, 390, 389,
+ 388, 387, 386, 385, 384, 383, 382, 381, 380, 379,
+ 378, 377, 376, 375, 374, 373, 372, 371, 370, 369,
+
+ 368, 367, 366, 365, 364, 363, 362, 361, 360, 359,
+ 358, 357, 356, 355, 354, 353, 352, 351, 350, 349,
+ 348, 347, 346, 345, 344, 343, 342, 341, 340, 339,
+ 338, 337, 336, 335, 334, 333, 332, 331, 330, 329,
+ 328, 327, 326, 325, 324, 323, 322, 321, 320, 317,
+ 316, 315, 314, 313, 312, 311, 310, 309, 308, 307,
+ 306, 305, 304, 303, 302, 301, 300, 299, 298, 297,
+ 296, 295, 294, 293, 292, 291, 290, 289, 288, 287,
+ 286, 285, 284, 283, 282, 281, 280, 279, 278, 277,
+ 276, 275, 274, 273, 272, 271, 270, 269, 268, 267,
+
+ 266, 263, 262, 261, 260, 259, 258, 257, 256, 255,
+ 252, 251, 250, 249, 248, 247, 246, 245, 244, 243,
+ 242, 241, 240, 239, 238, 237, 236, 235, 234, 233,
+ 232, 231, 230, 229, 228, 227, 226, 222, 221, 220,
+ 219, 218, 217, 216, 215, 214, 213, 212, 211, 210,
+ 209, 208, 207, 206, 205, 204, 203, 202, 201, 200,
+ 199, 198, 197, 196, 193, 192, 191, 190, 189, 188,
+ 187, 184, 183, 182, 181, 176, 175, 174, 173, 172,
+ 171, 170, 169, 168, 165, 162, 159, 158, 157, 156,
+ 155, 154, 153, 152, 151, 146, 143, 142, 141, 140,
+
+ 139, 138, 137, 136, 135, 134, 133, 132, 128, 127,
+ 126, 125, 124, 123, 122, 115, 114, 111, 108, 107,
+ 106, 105, 104, 103, 102, 101, 100, 98, 97, 96,
+ 83, 56, 42, 40, 39, 567, 3, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+
+ 567, 567, 567, 567, 567, 567
+ } ;
+
+static yyconst flex_int16_t yy_chk[707] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 9,
+ 25, 569, 9, 9, 9, 9, 9, 9, 9, 12,
+ 12, 12, 12, 12, 12, 12, 13, 13, 13, 13,
+ 13, 13, 13, 15, 16, 19, 19, 25, 16, 20,
+
+ 21, 17, 16, 15, 16, 17, 19, 15, 17, 24,
+ 23, 21, 15, 23, 16, 27, 20, 24, 27, 53,
+ 26, 26, 23, 23, 26, 29, 27, 30, 23, 29,
+ 31, 30, 27, 53, 26, 67, 31, 12, 55, 55,
+ 29, 96, 58, 58, 59, 29, 81, 101, 30, 26,
+ 81, 67, 67, 84, 96, 30, 84, 59, 31, 27,
+ 58, 59, 101, 562, 30, 37, 37, 37, 37, 37,
+ 37, 37, 38, 38, 38, 38, 38, 38, 38, 83,
+ 94, 113, 113, 94, 114, 120, 128, 368, 120, 128,
+ 83, 159, 114, 159, 198, 187, 558, 557, 159, 187,
+
+ 260, 556, 260, 555, 553, 198, 368, 552, 550, 549,
+ 547, 546, 544, 542, 540, 537, 536, 535, 534, 533,
+ 532, 530, 529, 37, 568, 568, 528, 527, 526, 523,
+ 522, 521, 520, 519, 518, 517, 516, 515, 514, 513,
+ 512, 511, 510, 509, 508, 507, 506, 505, 504, 503,
+ 502, 498, 497, 496, 495, 493, 492, 491, 490, 489,
+ 488, 487, 486, 485, 484, 482, 481, 480, 479, 477,
+ 475, 473, 472, 471, 470, 469, 468, 466, 465, 463,
+ 462, 461, 460, 459, 458, 457, 456, 455, 453, 452,
+ 451, 450, 449, 448, 447, 446, 445, 441, 440, 439,
+
+ 438, 437, 436, 435, 434, 433, 432, 430, 429, 428,
+ 427, 425, 424, 423, 422, 418, 417, 416, 415, 414,
+ 412, 410, 408, 407, 406, 405, 404, 403, 402, 401,
+ 400, 399, 398, 397, 396, 394, 393, 392, 391, 390,
+ 389, 388, 385, 383, 382, 381, 380, 379, 378, 376,
+ 375, 372, 371, 370, 369, 367, 366, 364, 363, 361,
+ 360, 358, 357, 356, 355, 353, 352, 351, 350, 349,
+ 348, 347, 346, 345, 344, 342, 341, 340, 337, 336,
+ 335, 334, 333, 332, 331, 330, 329, 327, 326, 325,
+ 324, 323, 322, 321, 320, 319, 318, 317, 316, 315,
+
+ 314, 313, 312, 311, 310, 308, 307, 306, 305, 304,
+ 303, 302, 301, 299, 298, 297, 296, 295, 294, 292,
+ 291, 290, 289, 288, 287, 286, 284, 283, 282, 281,
+ 280, 279, 278, 277, 276, 275, 274, 273, 272, 271,
+ 269, 268, 267, 266, 265, 264, 263, 262, 261, 259,
+ 258, 257, 256, 254, 253, 252, 251, 250, 249, 248,
+ 247, 246, 245, 244, 243, 242, 240, 239, 238, 237,
+ 235, 234, 233, 232, 230, 229, 228, 227, 226, 225,
+ 224, 223, 222, 221, 218, 217, 216, 214, 213, 211,
+ 210, 209, 208, 207, 206, 205, 204, 203, 202, 200,
+
+ 199, 197, 196, 195, 194, 193, 192, 191, 190, 188,
+ 186, 185, 184, 183, 182, 181, 180, 179, 178, 177,
+ 176, 175, 174, 173, 172, 171, 170, 169, 168, 167,
+ 166, 165, 164, 163, 162, 161, 160, 158, 157, 156,
+ 155, 154, 153, 152, 151, 149, 148, 147, 146, 145,
+ 144, 143, 141, 140, 139, 138, 137, 136, 135, 134,
+ 132, 131, 130, 129, 127, 126, 125, 124, 123, 122,
+ 121, 119, 118, 116, 115, 112, 111, 110, 109, 108,
+ 107, 105, 104, 103, 97, 95, 93, 92, 91, 90,
+ 89, 88, 87, 86, 85, 82, 80, 79, 78, 77,
+
+ 76, 74, 73, 72, 71, 70, 69, 68, 66, 65,
+ 64, 63, 62, 61, 60, 57, 56, 54, 51, 50,
+ 49, 48, 47, 46, 45, 44, 42, 39, 33, 32,
+ 28, 18, 14, 11, 10, 3, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+ 567, 567, 567, 567, 567, 567, 567, 567, 567, 567,
+
+ 567, 567, 567, 567, 567, 567
+ } ;
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+extern int yy_flex_debug;
+int yy_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "lex.l"
+#line 2 "lex.l"
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: lex.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#undef ECHO
+#include "symbol.h"
+#include "parse.h"
+#include "lex.h"
+#include "gen_locl.h"
+
+static unsigned lineno = 1;
+
+#undef ECHO
+
+static void unterminated(const char *, unsigned);
+
+/* This is for broken old lexes (solaris 10 and hpux) */
+#line 855 "lex.c"
+
+#define INITIAL 0
+
+#ifndef YY_NO_UNISTD_H
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+#endif
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+static int yy_init_globals (void );
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap (void );
+#else
+extern int yywrap (void );
+#endif
+#endif
+
+ static void yyunput (int c,char *buf_ptr );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#endif
+
+/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ { \
+ int c = '*'; \
+ size_t n; \
+ for ( n = 0; n < max_size && \
+ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ buf[n] = (char) c; \
+ if ( c == '\n' ) \
+ buf[n++] = (char) c; \
+ if ( c == EOF && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ result = n; \
+ } \
+ else \
+ { \
+ errno=0; \
+ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
+ { \
+ if( errno != EINTR) \
+ { \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ break; \
+ } \
+ errno=0; \
+ clearerr(yyin); \
+ } \
+ }\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int yylex (void);
+
+#define YY_DECL int yylex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+ YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+#line 68 "lex.l"
+
+#line 1010 "lex.c"
+
+ if ( !(yy_init) )
+ {
+ (yy_init) = 1;
+
+#ifdef YY_USER_INIT
+ YY_USER_INIT;
+#endif
+
+ if ( ! (yy_start) )
+ (yy_start) = 1; /* first start state */
+
+ if ( ! yyin )
+ yyin = stdin;
+
+ if ( ! yyout )
+ yyout = stdout;
+
+ if ( ! YY_CURRENT_BUFFER ) {
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_load_buffer_state( );
+ }
+
+ while ( 1 ) /* loops until end-of-file is reached */
+ {
+ yy_cp = (yy_c_buf_p);
+
+ /* Support of yytext. */
+ *yy_cp = (yy_hold_char);
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = (yy_start);
+yy_match:
+ do
+ {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 568 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ ++yy_cp;
+ }
+ while ( yy_base[yy_current_state] != 637 );
+
+yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if ( yy_act == 0 )
+ { /* have to back up */
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+do_action: /* This label is used only to access EOF actions. */
+
+ switch ( yy_act )
+ { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = (yy_hold_char);
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ goto yy_find_action;
+
+case 1:
+YY_RULE_SETUP
+#line 69 "lex.l"
+{ return kw_ABSENT; }
+ YY_BREAK
+case 2:
+YY_RULE_SETUP
+#line 70 "lex.l"
+{ return kw_ABSTRACT_SYNTAX; }
+ YY_BREAK
+case 3:
+YY_RULE_SETUP
+#line 71 "lex.l"
+{ return kw_ALL; }
+ YY_BREAK
+case 4:
+YY_RULE_SETUP
+#line 72 "lex.l"
+{ return kw_APPLICATION; }
+ YY_BREAK
+case 5:
+YY_RULE_SETUP
+#line 73 "lex.l"
+{ return kw_AUTOMATIC; }
+ YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 74 "lex.l"
+{ return kw_BEGIN; }
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 75 "lex.l"
+{ return kw_BIT; }
+ YY_BREAK
+case 8:
+YY_RULE_SETUP
+#line 76 "lex.l"
+{ return kw_BMPString; }
+ YY_BREAK
+case 9:
+YY_RULE_SETUP
+#line 77 "lex.l"
+{ return kw_BOOLEAN; }
+ YY_BREAK
+case 10:
+YY_RULE_SETUP
+#line 78 "lex.l"
+{ return kw_BY; }
+ YY_BREAK
+case 11:
+YY_RULE_SETUP
+#line 79 "lex.l"
+{ return kw_CHARACTER; }
+ YY_BREAK
+case 12:
+YY_RULE_SETUP
+#line 80 "lex.l"
+{ return kw_CHOICE; }
+ YY_BREAK
+case 13:
+YY_RULE_SETUP
+#line 81 "lex.l"
+{ return kw_CLASS; }
+ YY_BREAK
+case 14:
+YY_RULE_SETUP
+#line 82 "lex.l"
+{ return kw_COMPONENT; }
+ YY_BREAK
+case 15:
+YY_RULE_SETUP
+#line 83 "lex.l"
+{ return kw_COMPONENTS; }
+ YY_BREAK
+case 16:
+YY_RULE_SETUP
+#line 84 "lex.l"
+{ return kw_CONSTRAINED; }
+ YY_BREAK
+case 17:
+YY_RULE_SETUP
+#line 85 "lex.l"
+{ return kw_CONTAINING; }
+ YY_BREAK
+case 18:
+YY_RULE_SETUP
+#line 86 "lex.l"
+{ return kw_DEFAULT; }
+ YY_BREAK
+case 19:
+YY_RULE_SETUP
+#line 87 "lex.l"
+{ return kw_DEFINITIONS; }
+ YY_BREAK
+case 20:
+YY_RULE_SETUP
+#line 88 "lex.l"
+{ return kw_EMBEDDED; }
+ YY_BREAK
+case 21:
+YY_RULE_SETUP
+#line 89 "lex.l"
+{ return kw_ENCODED; }
+ YY_BREAK
+case 22:
+YY_RULE_SETUP
+#line 90 "lex.l"
+{ return kw_END; }
+ YY_BREAK
+case 23:
+YY_RULE_SETUP
+#line 91 "lex.l"
+{ return kw_ENUMERATED; }
+ YY_BREAK
+case 24:
+YY_RULE_SETUP
+#line 92 "lex.l"
+{ return kw_EXCEPT; }
+ YY_BREAK
+case 25:
+YY_RULE_SETUP
+#line 93 "lex.l"
+{ return kw_EXPLICIT; }
+ YY_BREAK
+case 26:
+YY_RULE_SETUP
+#line 94 "lex.l"
+{ return kw_EXPORTS; }
+ YY_BREAK
+case 27:
+YY_RULE_SETUP
+#line 95 "lex.l"
+{ return kw_EXTENSIBILITY; }
+ YY_BREAK
+case 28:
+YY_RULE_SETUP
+#line 96 "lex.l"
+{ return kw_EXTERNAL; }
+ YY_BREAK
+case 29:
+YY_RULE_SETUP
+#line 97 "lex.l"
+{ return kw_FALSE; }
+ YY_BREAK
+case 30:
+YY_RULE_SETUP
+#line 98 "lex.l"
+{ return kw_FROM; }
+ YY_BREAK
+case 31:
+YY_RULE_SETUP
+#line 99 "lex.l"
+{ return kw_GeneralString; }
+ YY_BREAK
+case 32:
+YY_RULE_SETUP
+#line 100 "lex.l"
+{ return kw_GeneralizedTime; }
+ YY_BREAK
+case 33:
+YY_RULE_SETUP
+#line 101 "lex.l"
+{ return kw_GraphicString; }
+ YY_BREAK
+case 34:
+YY_RULE_SETUP
+#line 102 "lex.l"
+{ return kw_IA5String; }
+ YY_BREAK
+case 35:
+YY_RULE_SETUP
+#line 103 "lex.l"
+{ return kw_IDENTIFIER; }
+ YY_BREAK
+case 36:
+YY_RULE_SETUP
+#line 104 "lex.l"
+{ return kw_IMPLICIT; }
+ YY_BREAK
+case 37:
+YY_RULE_SETUP
+#line 105 "lex.l"
+{ return kw_IMPLIED; }
+ YY_BREAK
+case 38:
+YY_RULE_SETUP
+#line 106 "lex.l"
+{ return kw_IMPORTS; }
+ YY_BREAK
+case 39:
+YY_RULE_SETUP
+#line 107 "lex.l"
+{ return kw_INCLUDES; }
+ YY_BREAK
+case 40:
+YY_RULE_SETUP
+#line 108 "lex.l"
+{ return kw_INSTANCE; }
+ YY_BREAK
+case 41:
+YY_RULE_SETUP
+#line 109 "lex.l"
+{ return kw_INTEGER; }
+ YY_BREAK
+case 42:
+YY_RULE_SETUP
+#line 110 "lex.l"
+{ return kw_INTERSECTION; }
+ YY_BREAK
+case 43:
+YY_RULE_SETUP
+#line 111 "lex.l"
+{ return kw_ISO646String; }
+ YY_BREAK
+case 44:
+YY_RULE_SETUP
+#line 112 "lex.l"
+{ return kw_MAX; }
+ YY_BREAK
+case 45:
+YY_RULE_SETUP
+#line 113 "lex.l"
+{ return kw_MIN; }
+ YY_BREAK
+case 46:
+YY_RULE_SETUP
+#line 114 "lex.l"
+{ return kw_MINUS_INFINITY; }
+ YY_BREAK
+case 47:
+YY_RULE_SETUP
+#line 115 "lex.l"
+{ return kw_NULL; }
+ YY_BREAK
+case 48:
+YY_RULE_SETUP
+#line 116 "lex.l"
+{ return kw_NumericString; }
+ YY_BREAK
+case 49:
+YY_RULE_SETUP
+#line 117 "lex.l"
+{ return kw_OBJECT; }
+ YY_BREAK
+case 50:
+YY_RULE_SETUP
+#line 118 "lex.l"
+{ return kw_OCTET; }
+ YY_BREAK
+case 51:
+YY_RULE_SETUP
+#line 119 "lex.l"
+{ return kw_OF; }
+ YY_BREAK
+case 52:
+YY_RULE_SETUP
+#line 120 "lex.l"
+{ return kw_OPTIONAL; }
+ YY_BREAK
+case 53:
+YY_RULE_SETUP
+#line 121 "lex.l"
+{ return kw_ObjectDescriptor; }
+ YY_BREAK
+case 54:
+YY_RULE_SETUP
+#line 122 "lex.l"
+{ return kw_PATTERN; }
+ YY_BREAK
+case 55:
+YY_RULE_SETUP
+#line 123 "lex.l"
+{ return kw_PDV; }
+ YY_BREAK
+case 56:
+YY_RULE_SETUP
+#line 124 "lex.l"
+{ return kw_PLUS_INFINITY; }
+ YY_BREAK
+case 57:
+YY_RULE_SETUP
+#line 125 "lex.l"
+{ return kw_PRESENT; }
+ YY_BREAK
+case 58:
+YY_RULE_SETUP
+#line 126 "lex.l"
+{ return kw_PRIVATE; }
+ YY_BREAK
+case 59:
+YY_RULE_SETUP
+#line 127 "lex.l"
+{ return kw_PrintableString; }
+ YY_BREAK
+case 60:
+YY_RULE_SETUP
+#line 128 "lex.l"
+{ return kw_REAL; }
+ YY_BREAK
+case 61:
+YY_RULE_SETUP
+#line 129 "lex.l"
+{ return kw_RELATIVE_OID; }
+ YY_BREAK
+case 62:
+YY_RULE_SETUP
+#line 130 "lex.l"
+{ return kw_SEQUENCE; }
+ YY_BREAK
+case 63:
+YY_RULE_SETUP
+#line 131 "lex.l"
+{ return kw_SET; }
+ YY_BREAK
+case 64:
+YY_RULE_SETUP
+#line 132 "lex.l"
+{ return kw_SIZE; }
+ YY_BREAK
+case 65:
+YY_RULE_SETUP
+#line 133 "lex.l"
+{ return kw_STRING; }
+ YY_BREAK
+case 66:
+YY_RULE_SETUP
+#line 134 "lex.l"
+{ return kw_SYNTAX; }
+ YY_BREAK
+case 67:
+YY_RULE_SETUP
+#line 135 "lex.l"
+{ return kw_T61String; }
+ YY_BREAK
+case 68:
+YY_RULE_SETUP
+#line 136 "lex.l"
+{ return kw_TAGS; }
+ YY_BREAK
+case 69:
+YY_RULE_SETUP
+#line 137 "lex.l"
+{ return kw_TRUE; }
+ YY_BREAK
+case 70:
+YY_RULE_SETUP
+#line 138 "lex.l"
+{ return kw_TYPE_IDENTIFIER; }
+ YY_BREAK
+case 71:
+YY_RULE_SETUP
+#line 139 "lex.l"
+{ return kw_TeletexString; }
+ YY_BREAK
+case 72:
+YY_RULE_SETUP
+#line 140 "lex.l"
+{ return kw_UNION; }
+ YY_BREAK
+case 73:
+YY_RULE_SETUP
+#line 141 "lex.l"
+{ return kw_UNIQUE; }
+ YY_BREAK
+case 74:
+YY_RULE_SETUP
+#line 142 "lex.l"
+{ return kw_UNIVERSAL; }
+ YY_BREAK
+case 75:
+YY_RULE_SETUP
+#line 143 "lex.l"
+{ return kw_UTCTime; }
+ YY_BREAK
+case 76:
+YY_RULE_SETUP
+#line 144 "lex.l"
+{ return kw_UTF8String; }
+ YY_BREAK
+case 77:
+YY_RULE_SETUP
+#line 145 "lex.l"
+{ return kw_UniversalString; }
+ YY_BREAK
+case 78:
+YY_RULE_SETUP
+#line 146 "lex.l"
+{ return kw_VideotexString; }
+ YY_BREAK
+case 79:
+YY_RULE_SETUP
+#line 147 "lex.l"
+{ return kw_VisibleString; }
+ YY_BREAK
+case 80:
+YY_RULE_SETUP
+#line 148 "lex.l"
+{ return kw_WITH; }
+ YY_BREAK
+case 81:
+YY_RULE_SETUP
+#line 149 "lex.l"
+{ return *yytext; }
+ YY_BREAK
+case 82:
+YY_RULE_SETUP
+#line 150 "lex.l"
+{ return *yytext; }
+ YY_BREAK
+case 83:
+YY_RULE_SETUP
+#line 151 "lex.l"
+{ return *yytext; }
+ YY_BREAK
+case 84:
+YY_RULE_SETUP
+#line 152 "lex.l"
+{ return EEQUAL; }
+ YY_BREAK
+case 85:
+YY_RULE_SETUP
+#line 153 "lex.l"
+{
+ int c, start_lineno = lineno;
+ int f = 0;
+ while((c = input()) != EOF) {
+ if(f && c == '-')
+ break;
+ if(c == '-') {
+ f = 1;
+ continue;
+ }
+ if(c == '\n') {
+ lineno++;
+ break;
+ }
+ f = 0;
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
+ YY_BREAK
+case 86:
+YY_RULE_SETUP
+#line 172 "lex.l"
+{
+ int c, start_lineno = lineno;
+ int level = 1;
+ int seen_star = 0;
+ int seen_slash = 0;
+ while((c = input()) != EOF) {
+ if(c == '/') {
+ if(seen_star) {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ seen_slash = 1;
+ continue;
+ }
+ if(seen_star && c == '/') {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ if(c == '*') {
+ if(seen_slash) {
+ level++;
+ seen_star = seen_slash = 0;
+ continue;
+ }
+ seen_star = 1;
+ continue;
+ }
+ seen_star = seen_slash = 0;
+ if(c == '\n') {
+ lineno++;
+ continue;
+ }
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
+ YY_BREAK
+case 87:
+YY_RULE_SETUP
+#line 212 "lex.l"
+{
+ int start_lineno = lineno;
+ int c;
+ char buf[1024];
+ char *p = buf;
+ int f = 0;
+ int skip_ws = 0;
+
+ while((c = input()) != EOF) {
+ if(isspace(c) && skip_ws) {
+ if(c == '\n')
+ lineno++;
+ continue;
+ }
+ skip_ws = 0;
+
+ if(c == '"') {
+ if(f) {
+ *p++ = '"';
+ f = 0;
+ } else
+ f = 1;
+ continue;
+ }
+ if(f == 1) {
+ unput(c);
+ break;
+ }
+ if(c == '\n') {
+ lineno++;
+ while(p > buf && isspace((unsigned char)p[-1]))
+ p--;
+ skip_ws = 1;
+ continue;
+ }
+ *p++ = c;
+ }
+ if(c == EOF)
+ unterminated("string", start_lineno);
+ *p++ = '\0';
+ fprintf(stderr, "string -- %s\n", buf);
+ yylval.name = estrdup(buf);
+ return STRING;
+ }
+ YY_BREAK
+case 88:
+YY_RULE_SETUP
+#line 257 "lex.l"
+{ char *e, *y = yytext;
+ yylval.constant = strtol((const char *)yytext,
+ &e, 0);
+ if(e == y)
+ error_message("malformed constant (%s)", yytext);
+ else
+ return NUMBER;
+ }
+ YY_BREAK
+case 89:
+YY_RULE_SETUP
+#line 265 "lex.l"
+{
+ yylval.name = estrdup ((const char *)yytext);
+ return IDENTIFIER;
+ }
+ YY_BREAK
+case 90:
+YY_RULE_SETUP
+#line 269 "lex.l"
+;
+ YY_BREAK
+case 91:
+/* rule 91 can match eol */
+YY_RULE_SETUP
+#line 270 "lex.l"
+{ ++lineno; }
+ YY_BREAK
+case 92:
+YY_RULE_SETUP
+#line 271 "lex.l"
+{ return ELLIPSIS; }
+ YY_BREAK
+case 93:
+YY_RULE_SETUP
+#line 272 "lex.l"
+{ return RANGE; }
+ YY_BREAK
+case 94:
+YY_RULE_SETUP
+#line 273 "lex.l"
+{ error_message("Ignoring char(%c)\n", *yytext); }
+ YY_BREAK
+case 95:
+YY_RULE_SETUP
+#line 274 "lex.l"
+ECHO;
+ YY_BREAK
+#line 1679 "lex.c"
+case YY_STATE_EOF(INITIAL):
+ yyterminate();
+
+ case YY_END_OF_BUFFER:
+ {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = (yy_hold_char);
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between YY_CURRENT_BUFFER and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+ if ( yy_next_state )
+ {
+ /* Consume the NUL. */
+ yy_cp = ++(yy_c_buf_p);
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else
+ {
+ yy_cp = (yy_c_buf_p);
+ goto yy_find_action;
+ }
+ }
+
+ else switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_END_OF_FILE:
+ {
+ (yy_did_buffer_switch_on_eof) = 0;
+
+ if ( yywrap( ) )
+ {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else
+ {
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) =
+ (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ (yy_c_buf_p) =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found" );
+ } /* end of action switch */
+ } /* end of scanning one token */
+} /* end of yylex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+ register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+ register char *source = (yytext_ptr);
+ register int number_to_move, i;
+ int ret_val;
+
+ if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed" );
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ { /* Don't try to fill the buffer, so this is an EOF. */
+ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else
+ {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+ for ( i = 0; i < number_to_move; ++i )
+ *(dest++) = *(source++);
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+ else
+ {
+ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+ { /* Not enough room in the buffer - grow it. */
+
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+ int yy_c_buf_p_offset =
+ (int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+ if ( b->yy_is_our_buffer )
+ {
+ int new_size = b->yy_buf_size * 2;
+
+ if ( new_size <= 0 )
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
+
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ }
+ else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
+
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow" );
+
+ (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+ num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ number_to_move - 1;
+
+ }
+
+ if ( num_to_read > YY_READ_BUF_SIZE )
+ num_to_read = YY_READ_BUF_SIZE;
+
+ /* Read in more data. */
+ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+ (yy_n_chars), num_to_read );
+
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ if ( (yy_n_chars) == 0 )
+ {
+ if ( number_to_move == YY_MORE_ADJ )
+ {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart(yyin );
+ }
+
+ else
+ {
+ ret_val = EOB_ACT_LAST_MATCH;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
+
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
+
+ (yy_n_chars) += number_to_move;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+ (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+ return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+ static yy_state_type yy_get_previous_state (void)
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = (yy_start);
+
+ for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 568 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ }
+
+ return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ * next_state = yy_try_NUL_trans( current_state );
+ */
+ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
+{
+ register int yy_is_jam;
+ register char *yy_cp = (yy_c_buf_p);
+
+ register YY_CHAR yy_c = 1;
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 568 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ yy_is_jam = (yy_current_state == 567);
+
+ return yy_is_jam ? 0 : yy_current_state;
+}
+
+ static void yyunput (int c, register char * yy_bp )
+{
+ register char *yy_cp;
+
+ yy_cp = (yy_c_buf_p);
+
+ /* undo effects of setting up yytext */
+ *yy_cp = (yy_hold_char);
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = (yy_n_chars) + 2;
+ register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+ register char *source =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+ while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ *--dest = *--source;
+
+ yy_cp += (int) (dest - source);
+ yy_bp += (int) (dest - source);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ YY_FATAL_ERROR( "flex scanner push-back overflow" );
+ }
+
+ *--yy_cp = (char) c;
+
+ (yytext_ptr) = yy_bp;
+ (yy_hold_char) = *yy_cp;
+ (yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+ static int yyinput (void)
+#else
+ static int input (void)
+#endif
+
+{
+ int c;
+
+ *(yy_c_buf_p) = (yy_hold_char);
+
+ if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ /* This was really a NUL. */
+ *(yy_c_buf_p) = '\0';
+
+ else
+ { /* need more input */
+ int offset = (yy_c_buf_p) - (yytext_ptr);
+ ++(yy_c_buf_p);
+
+ switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart(yyin );
+
+ /*FALLTHROUGH*/
+
+ case EOB_ACT_END_OF_FILE:
+ {
+ if ( yywrap( ) )
+ return 0;
+
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+#ifdef __cplusplus
+ return yyinput();
+#else
+ return input();
+#endif
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) = (yytext_ptr) + offset;
+ break;
+ }
+ }
+ }
+
+ c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
+ *(yy_c_buf_p) = '\0'; /* preserve yytext */
+ (yy_hold_char) = *++(yy_c_buf_p);
+
+ return c;
+}
+#endif /* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+ void yyrestart (FILE * input_file )
+{
+
+ if ( ! YY_CURRENT_BUFFER ){
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+ yy_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
+{
+
+ /* TODO. We should be able to replace this entire function body
+ * with
+ * yypop_buffer_state();
+ * yypush_buffer_state(new_buffer);
+ */
+ yyensure_buffer_stack ();
+ if ( YY_CURRENT_BUFFER == new_buffer )
+ return;
+
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ yy_load_buffer_state( );
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void yy_load_buffer_state (void)
+{
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+ (yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
+{
+ YY_BUFFER_STATE b;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_buf_size = size;
+
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_is_our_buffer = 1;
+
+ yy_init_buffer(b,file );
+
+ return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with yy_create_buffer()
+ *
+ */
+ void yy_delete_buffer (YY_BUFFER_STATE b )
+{
+
+ if ( ! b )
+ return;
+
+ if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+ if ( b->yy_is_our_buffer )
+ yyfree((void *) b->yy_ch_buf );
+
+ yyfree((void *) b );
+}
+
+#ifndef __cplusplus
+extern int isatty (int );
+#endif /* __cplusplus */
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a yyrestart() or at EOF.
+ */
+ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
+
+{
+ int oerrno = errno;
+
+ yy_flush_buffer(b );
+
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
+
+ /* If b is the current buffer, then yy_init_buffer was _probably_
+ * called from yyrestart() or through yy_get_next_buffer.
+ * In that case, we don't want to reset the lineno or column.
+ */
+ if (b != YY_CURRENT_BUFFER){
+ b->yy_bs_lineno = 1;
+ b->yy_bs_column = 0;
+ }
+
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+
+ errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+ void yy_flush_buffer (YY_BUFFER_STATE b )
+{
+ if ( ! b )
+ return;
+
+ b->yy_n_chars = 0;
+
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+ b->yy_buf_pos = &b->yy_ch_buf[0];
+
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ if ( b == YY_CURRENT_BUFFER )
+ yy_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ * the current state. This function will allocate the stack
+ * if necessary.
+ * @param new_buffer The new state.
+ *
+ */
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+ if (new_buffer == NULL)
+ return;
+
+ yyensure_buffer_stack();
+
+ /* This block is copied from yy_switch_to_buffer. */
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ /* Only push if top exists. Otherwise, replace top. */
+ if (YY_CURRENT_BUFFER)
+ (yy_buffer_stack_top)++;
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+ /* copied from yy_switch_to_buffer. */
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ * The next element becomes the new top.
+ *
+ */
+void yypop_buffer_state (void)
+{
+ if (!YY_CURRENT_BUFFER)
+ return;
+
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ if ((yy_buffer_stack_top) > 0)
+ --(yy_buffer_stack_top);
+
+ if (YY_CURRENT_BUFFER) {
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+ }
+}
+
+/* Allocates the stack if it does not exist.
+ * Guarantees space for at least one push.
+ */
+static void yyensure_buffer_stack (void)
+{
+ int num_to_alloc;
+
+ if (!(yy_buffer_stack)) {
+
+ /* First allocation is just for 2 elements, since we don't know if this
+ * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ * immediate realloc on the next call.
+ */
+ num_to_alloc = 1;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ (num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+ (yy_buffer_stack_max) = num_to_alloc;
+ (yy_buffer_stack_top) = 0;
+ return;
+ }
+
+ if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+ /* Increase the buffer to prepare for a possible push. */
+ int grow_size = 8 /* arbitrary grow size */;
+
+ num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+ ((yy_buffer_stack),
+ num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ /* zero only the new slots.*/
+ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+ (yy_buffer_stack_max) = num_to_alloc;
+ }
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
+{
+ YY_BUFFER_STATE b;
+
+ if ( size < 2 ||
+ base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ base[size-1] != YY_END_OF_BUFFER_CHAR )
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer(b );
+
+ return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to yylex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ * yy_scan_bytes() instead.
+ */
+YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
+{
+
+ return yy_scan_bytes(yystr,strlen(yystr) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
+{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
+
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = _yybytes_len + 2;
+ buf = (char *) yyalloc(n );
+ if ( ! buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+ for ( i = 0; i < _yybytes_len; ++i )
+ buf[i] = yybytes[i];
+
+ buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+
+ b = yy_scan_buffer(buf,n );
+ if ( ! b )
+ YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
+
+ return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ yytext[yyleng] = (yy_hold_char); \
+ (yy_c_buf_p) = yytext + yyless_macro_arg; \
+ (yy_hold_char) = *(yy_c_buf_p); \
+ *(yy_c_buf_p) = '\0'; \
+ yyleng = yyless_macro_arg; \
+ } \
+ while ( 0 )
+
+/* Accessor methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int yyget_lineno (void)
+{
+
+ return yylineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *yyget_in (void)
+{
+ return yyin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *yyget_out (void)
+{
+ return yyout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int yyget_leng (void)
+{
+ return yyleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *yyget_text (void)
+{
+ return yytext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void yyset_lineno (int line_number )
+{
+
+ yylineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see yy_switch_to_buffer
+ */
+void yyset_in (FILE * in_str )
+{
+ yyin = in_str ;
+}
+
+void yyset_out (FILE * out_str )
+{
+ yyout = out_str ;
+}
+
+int yyget_debug (void)
+{
+ return yy_flex_debug;
+}
+
+void yyset_debug (int bdebug )
+{
+ yy_flex_debug = bdebug ;
+}
+
+static int yy_init_globals (void)
+{
+ /* Initialization is the same as for the non-reentrant scanner.
+ * This function is called from yylex_destroy(), so don't allocate here.
+ */
+
+ (yy_buffer_stack) = 0;
+ (yy_buffer_stack_top) = 0;
+ (yy_buffer_stack_max) = 0;
+ (yy_c_buf_p) = (char *) 0;
+ (yy_init) = 0;
+ (yy_start) = 0;
+
+/* Defined in main.c */
+#ifdef YY_STDINIT
+ yyin = stdin;
+ yyout = stdout;
+#else
+ yyin = (FILE *) 0;
+ yyout = (FILE *) 0;
+#endif
+
+ /* For future reference: Set errno on error, since we are called by
+ * yylex_init()
+ */
+ return 0;
+}
+
+/* yylex_destroy is for both reentrant and non-reentrant scanners. */
+int yylex_destroy (void)
+{
+
+ /* Pop the buffer stack, destroying each element. */
+ while(YY_CURRENT_BUFFER){
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ yypop_buffer_state();
+ }
+
+ /* Destroy the stack itself. */
+ yyfree((yy_buffer_stack) );
+ (yy_buffer_stack) = NULL;
+
+ /* Reset the globals. This is important in a non-reentrant scanner so the next time
+ * yylex() is called, initialization will occur. */
+ yy_init_globals( );
+
+ return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+ register int i;
+ for ( i = 0; i < n; ++i )
+ s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+ register int n;
+ for ( n = 0; s[n]; ++n )
+ ;
+
+ return n;
+}
+#endif
+
+void *yyalloc (yy_size_t size )
+{
+ return (void *) malloc( size );
+}
+
+void *yyrealloc (void * ptr, yy_size_t size )
+{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *) realloc( (char *) ptr, size );
+}
+
+void yyfree (void * ptr )
+{
+ free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#line 274 "lex.l"
+
+
+
+#ifndef yywrap /* XXX */
+int
+yywrap ()
+{
+ return 1;
+}
+#endif
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", get_filename(), lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ error_flag++;
+}
+
+static void
+unterminated(const char *type, unsigned start_lineno)
+{
+ error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
+}
+
Added: vendor-crypto/heimdal/dist/lib/asn1/lex.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/lex.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/lex.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: lex.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#include <roken.h>
+
+void error_message (const char *, ...)
+__attribute__ ((format (printf, 1, 2)));
+extern int error_flag;
+
+int yylex(void);
Added: vendor-crypto/heimdal/dist/lib/asn1/lex.l
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/lex.l (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/lex.l 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,300 @@
+%{
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: lex.l,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#undef ECHO
+#include "symbol.h"
+#include "parse.h"
+#include "lex.h"
+#include "gen_locl.h"
+
+static unsigned lineno = 1;
+
+#undef ECHO
+
+static void unterminated(const char *, unsigned);
+
+%}
+
+/* This is for broken old lexes (solaris 10 and hpux) */
+%e 2000
+%p 5000
+%a 5000
+%n 1000
+%o 10000
+
+%%
+ABSENT { return kw_ABSENT; }
+ABSTRACT-SYNTAX { return kw_ABSTRACT_SYNTAX; }
+ALL { return kw_ALL; }
+APPLICATION { return kw_APPLICATION; }
+AUTOMATIC { return kw_AUTOMATIC; }
+BEGIN { return kw_BEGIN; }
+BIT { return kw_BIT; }
+BMPString { return kw_BMPString; }
+BOOLEAN { return kw_BOOLEAN; }
+BY { return kw_BY; }
+CHARACTER { return kw_CHARACTER; }
+CHOICE { return kw_CHOICE; }
+CLASS { return kw_CLASS; }
+COMPONENT { return kw_COMPONENT; }
+COMPONENTS { return kw_COMPONENTS; }
+CONSTRAINED { return kw_CONSTRAINED; }
+CONTAINING { return kw_CONTAINING; }
+DEFAULT { return kw_DEFAULT; }
+DEFINITIONS { return kw_DEFINITIONS; }
+EMBEDDED { return kw_EMBEDDED; }
+ENCODED { return kw_ENCODED; }
+END { return kw_END; }
+ENUMERATED { return kw_ENUMERATED; }
+EXCEPT { return kw_EXCEPT; }
+EXPLICIT { return kw_EXPLICIT; }
+EXPORTS { return kw_EXPORTS; }
+EXTENSIBILITY { return kw_EXTENSIBILITY; }
+EXTERNAL { return kw_EXTERNAL; }
+FALSE { return kw_FALSE; }
+FROM { return kw_FROM; }
+GeneralString { return kw_GeneralString; }
+GeneralizedTime { return kw_GeneralizedTime; }
+GraphicString { return kw_GraphicString; }
+IA5String { return kw_IA5String; }
+IDENTIFIER { return kw_IDENTIFIER; }
+IMPLICIT { return kw_IMPLICIT; }
+IMPLIED { return kw_IMPLIED; }
+IMPORTS { return kw_IMPORTS; }
+INCLUDES { return kw_INCLUDES; }
+INSTANCE { return kw_INSTANCE; }
+INTEGER { return kw_INTEGER; }
+INTERSECTION { return kw_INTERSECTION; }
+ISO646String { return kw_ISO646String; }
+MAX { return kw_MAX; }
+MIN { return kw_MIN; }
+MINUS-INFINITY { return kw_MINUS_INFINITY; }
+NULL { return kw_NULL; }
+NumericString { return kw_NumericString; }
+OBJECT { return kw_OBJECT; }
+OCTET { return kw_OCTET; }
+OF { return kw_OF; }
+OPTIONAL { return kw_OPTIONAL; }
+ObjectDescriptor { return kw_ObjectDescriptor; }
+PATTERN { return kw_PATTERN; }
+PDV { return kw_PDV; }
+PLUS-INFINITY { return kw_PLUS_INFINITY; }
+PRESENT { return kw_PRESENT; }
+PRIVATE { return kw_PRIVATE; }
+PrintableString { return kw_PrintableString; }
+REAL { return kw_REAL; }
+RELATIVE_OID { return kw_RELATIVE_OID; }
+SEQUENCE { return kw_SEQUENCE; }
+SET { return kw_SET; }
+SIZE { return kw_SIZE; }
+STRING { return kw_STRING; }
+SYNTAX { return kw_SYNTAX; }
+T61String { return kw_T61String; }
+TAGS { return kw_TAGS; }
+TRUE { return kw_TRUE; }
+TYPE-IDENTIFIER { return kw_TYPE_IDENTIFIER; }
+TeletexString { return kw_TeletexString; }
+UNION { return kw_UNION; }
+UNIQUE { return kw_UNIQUE; }
+UNIVERSAL { return kw_UNIVERSAL; }
+UTCTime { return kw_UTCTime; }
+UTF8String { return kw_UTF8String; }
+UniversalString { return kw_UniversalString; }
+VideotexString { return kw_VideotexString; }
+VisibleString { return kw_VisibleString; }
+WITH { return kw_WITH; }
+[-,;{}()|] { return *yytext; }
+"[" { return *yytext; }
+"]" { return *yytext; }
+::= { return EEQUAL; }
+-- {
+ int c, start_lineno = lineno;
+ int f = 0;
+ while((c = input()) != EOF) {
+ if(f && c == '-')
+ break;
+ if(c == '-') {
+ f = 1;
+ continue;
+ }
+ if(c == '\n') {
+ lineno++;
+ break;
+ }
+ f = 0;
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
+\/\* {
+ int c, start_lineno = lineno;
+ int level = 1;
+ int seen_star = 0;
+ int seen_slash = 0;
+ while((c = input()) != EOF) {
+ if(c == '/') {
+ if(seen_star) {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ seen_slash = 1;
+ continue;
+ }
+ if(seen_star && c == '/') {
+ if(--level == 0)
+ break;
+ seen_star = 0;
+ continue;
+ }
+ if(c == '*') {
+ if(seen_slash) {
+ level++;
+ seen_star = seen_slash = 0;
+ continue;
+ }
+ seen_star = 1;
+ continue;
+ }
+ seen_star = seen_slash = 0;
+ if(c == '\n') {
+ lineno++;
+ continue;
+ }
+ }
+ if(c == EOF)
+ unterminated("comment", start_lineno);
+ }
+"\"" {
+ int start_lineno = lineno;
+ int c;
+ char buf[1024];
+ char *p = buf;
+ int f = 0;
+ int skip_ws = 0;
+
+ while((c = input()) != EOF) {
+ if(isspace(c) && skip_ws) {
+ if(c == '\n')
+ lineno++;
+ continue;
+ }
+ skip_ws = 0;
+
+ if(c == '"') {
+ if(f) {
+ *p++ = '"';
+ f = 0;
+ } else
+ f = 1;
+ continue;
+ }
+ if(f == 1) {
+ unput(c);
+ break;
+ }
+ if(c == '\n') {
+ lineno++;
+ while(p > buf && isspace((unsigned char)p[-1]))
+ p--;
+ skip_ws = 1;
+ continue;
+ }
+ *p++ = c;
+ }
+ if(c == EOF)
+ unterminated("string", start_lineno);
+ *p++ = '\0';
+ fprintf(stderr, "string -- %s\n", buf);
+ yylval.name = estrdup(buf);
+ return STRING;
+ }
+
+-?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext;
+ yylval.constant = strtol((const char *)yytext,
+ &e, 0);
+ if(e == y)
+ error_message("malformed constant (%s)", yytext);
+ else
+ return NUMBER;
+ }
+[A-Za-z][-A-Za-z0-9_]* {
+ yylval.name = estrdup ((const char *)yytext);
+ return IDENTIFIER;
+ }
+[ \t] ;
+\n { ++lineno; }
+\.\.\. { return ELLIPSIS; }
+\.\. { return RANGE; }
+. { error_message("Ignoring char(%c)\n", *yytext); }
+%%
+
+#ifndef yywrap /* XXX */
+int
+yywrap ()
+{
+ return 1;
+}
+#endif
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", get_filename(), lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ error_flag++;
+}
+
+static void
+unterminated(const char *type, unsigned start_lineno)
+{
+ error_message("unterminated %s, possibly started on line %d\n", type, start_lineno);
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/main.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/main.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/main.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 1997-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+#include <getarg.h>
+#include "lex.h"
+
+RCSID("$Id: main.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+extern FILE *yyin;
+
+static getarg_strings preserve;
+static getarg_strings seq;
+
+int
+preserve_type(const char *p)
+{
+ int i;
+ for (i = 0; i < preserve.num_strings; i++)
+ if (strcmp(preserve.strings[i], p) == 0)
+ return 1;
+ return 0;
+}
+
+int
+seq_type(const char *p)
+{
+ int i;
+ for (i = 0; i < seq.num_strings; i++)
+ if (strcmp(seq.strings[i], p) == 0)
+ return 1;
+ return 0;
+}
+
+int dce_fix;
+int rfc1510_bitstring;
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+ { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
+ { "decode-dce-ber", 0, arg_flag, &dce_fix },
+ { "preserve-binary", 0, arg_strings, &preserve },
+ { "sequence", 0, arg_strings, &seq },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "[asn1-file [name]]");
+ exit(code);
+}
+
+int error_flag;
+
+int
+main(int argc, char **argv)
+{
+ int ret;
+ const char *file;
+ const char *name = NULL;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ if (argc == optidx) {
+ file = "stdin";
+ name = "stdin";
+ yyin = stdin;
+ } else {
+ file = argv[optidx];
+ yyin = fopen (file, "r");
+ if (yyin == NULL)
+ err (1, "open %s", file);
+ if (argc == optidx + 1) {
+ char *p;
+ name = estrdup(file);
+ p = strrchr(name, '.');
+ if (p)
+ *p = '\0';
+ } else
+ name = argv[optidx + 1];
+ }
+
+ init_generate (file, name);
+ initsym ();
+ ret = yyparse ();
+ if(ret != 0 || error_flag != 0)
+ exit(1);
+ close_generate ();
+ if (argc != optidx)
+ fclose(yyin);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/parse.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/parse.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/parse.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2831 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+ simplifying the original so-called "semantic" parser. */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+ infringing on user name space. This should be done even for local
+ variables, as they might otherwise be expanded by user macros.
+ There are some unavoidable exceptions within include files to
+ define necessary library symbols; they are noted "INFRINGES ON
+ USER NAME SPACE" below. */
+
+/* Identify Bison output. */
+#define YYBISON 1
+
+/* Bison version. */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name. */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers. */
+#define YYPURE 0
+
+/* Using locations. */
+#define YYLSP_NEEDED 0
+
+
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ kw_ABSENT = 258,
+ kw_ABSTRACT_SYNTAX = 259,
+ kw_ALL = 260,
+ kw_APPLICATION = 261,
+ kw_AUTOMATIC = 262,
+ kw_BEGIN = 263,
+ kw_BIT = 264,
+ kw_BMPString = 265,
+ kw_BOOLEAN = 266,
+ kw_BY = 267,
+ kw_CHARACTER = 268,
+ kw_CHOICE = 269,
+ kw_CLASS = 270,
+ kw_COMPONENT = 271,
+ kw_COMPONENTS = 272,
+ kw_CONSTRAINED = 273,
+ kw_CONTAINING = 274,
+ kw_DEFAULT = 275,
+ kw_DEFINITIONS = 276,
+ kw_EMBEDDED = 277,
+ kw_ENCODED = 278,
+ kw_END = 279,
+ kw_ENUMERATED = 280,
+ kw_EXCEPT = 281,
+ kw_EXPLICIT = 282,
+ kw_EXPORTS = 283,
+ kw_EXTENSIBILITY = 284,
+ kw_EXTERNAL = 285,
+ kw_FALSE = 286,
+ kw_FROM = 287,
+ kw_GeneralString = 288,
+ kw_GeneralizedTime = 289,
+ kw_GraphicString = 290,
+ kw_IA5String = 291,
+ kw_IDENTIFIER = 292,
+ kw_IMPLICIT = 293,
+ kw_IMPLIED = 294,
+ kw_IMPORTS = 295,
+ kw_INCLUDES = 296,
+ kw_INSTANCE = 297,
+ kw_INTEGER = 298,
+ kw_INTERSECTION = 299,
+ kw_ISO646String = 300,
+ kw_MAX = 301,
+ kw_MIN = 302,
+ kw_MINUS_INFINITY = 303,
+ kw_NULL = 304,
+ kw_NumericString = 305,
+ kw_OBJECT = 306,
+ kw_OCTET = 307,
+ kw_OF = 308,
+ kw_OPTIONAL = 309,
+ kw_ObjectDescriptor = 310,
+ kw_PATTERN = 311,
+ kw_PDV = 312,
+ kw_PLUS_INFINITY = 313,
+ kw_PRESENT = 314,
+ kw_PRIVATE = 315,
+ kw_PrintableString = 316,
+ kw_REAL = 317,
+ kw_RELATIVE_OID = 318,
+ kw_SEQUENCE = 319,
+ kw_SET = 320,
+ kw_SIZE = 321,
+ kw_STRING = 322,
+ kw_SYNTAX = 323,
+ kw_T61String = 324,
+ kw_TAGS = 325,
+ kw_TRUE = 326,
+ kw_TYPE_IDENTIFIER = 327,
+ kw_TeletexString = 328,
+ kw_UNION = 329,
+ kw_UNIQUE = 330,
+ kw_UNIVERSAL = 331,
+ kw_UTCTime = 332,
+ kw_UTF8String = 333,
+ kw_UniversalString = 334,
+ kw_VideotexString = 335,
+ kw_VisibleString = 336,
+ kw_WITH = 337,
+ RANGE = 338,
+ EEQUAL = 339,
+ ELLIPSIS = 340,
+ IDENTIFIER = 341,
+ referencename = 342,
+ STRING = 343,
+ NUMBER = 344
+ };
+#endif
+/* Tokens. */
+#define kw_ABSENT 258
+#define kw_ABSTRACT_SYNTAX 259
+#define kw_ALL 260
+#define kw_APPLICATION 261
+#define kw_AUTOMATIC 262
+#define kw_BEGIN 263
+#define kw_BIT 264
+#define kw_BMPString 265
+#define kw_BOOLEAN 266
+#define kw_BY 267
+#define kw_CHARACTER 268
+#define kw_CHOICE 269
+#define kw_CLASS 270
+#define kw_COMPONENT 271
+#define kw_COMPONENTS 272
+#define kw_CONSTRAINED 273
+#define kw_CONTAINING 274
+#define kw_DEFAULT 275
+#define kw_DEFINITIONS 276
+#define kw_EMBEDDED 277
+#define kw_ENCODED 278
+#define kw_END 279
+#define kw_ENUMERATED 280
+#define kw_EXCEPT 281
+#define kw_EXPLICIT 282
+#define kw_EXPORTS 283
+#define kw_EXTENSIBILITY 284
+#define kw_EXTERNAL 285
+#define kw_FALSE 286
+#define kw_FROM 287
+#define kw_GeneralString 288
+#define kw_GeneralizedTime 289
+#define kw_GraphicString 290
+#define kw_IA5String 291
+#define kw_IDENTIFIER 292
+#define kw_IMPLICIT 293
+#define kw_IMPLIED 294
+#define kw_IMPORTS 295
+#define kw_INCLUDES 296
+#define kw_INSTANCE 297
+#define kw_INTEGER 298
+#define kw_INTERSECTION 299
+#define kw_ISO646String 300
+#define kw_MAX 301
+#define kw_MIN 302
+#define kw_MINUS_INFINITY 303
+#define kw_NULL 304
+#define kw_NumericString 305
+#define kw_OBJECT 306
+#define kw_OCTET 307
+#define kw_OF 308
+#define kw_OPTIONAL 309
+#define kw_ObjectDescriptor 310
+#define kw_PATTERN 311
+#define kw_PDV 312
+#define kw_PLUS_INFINITY 313
+#define kw_PRESENT 314
+#define kw_PRIVATE 315
+#define kw_PrintableString 316
+#define kw_REAL 317
+#define kw_RELATIVE_OID 318
+#define kw_SEQUENCE 319
+#define kw_SET 320
+#define kw_SIZE 321
+#define kw_STRING 322
+#define kw_SYNTAX 323
+#define kw_T61String 324
+#define kw_TAGS 325
+#define kw_TRUE 326
+#define kw_TYPE_IDENTIFIER 327
+#define kw_TeletexString 328
+#define kw_UNION 329
+#define kw_UNIQUE 330
+#define kw_UNIVERSAL 331
+#define kw_UTCTime 332
+#define kw_UTF8String 333
+#define kw_UniversalString 334
+#define kw_VideotexString 335
+#define kw_VisibleString 336
+#define kw_WITH 337
+#define RANGE 338
+#define EEQUAL 339
+#define ELLIPSIS 340
+#define IDENTIFIER 341
+#define referencename 342
+#define STRING 343
+#define NUMBER 344
+
+
+
+
+/* Copy the first part of user declarations. */
+#line 36 "parse.y"
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "symbol.h"
+#include "lex.h"
+#include "gen_locl.h"
+#include "der.h"
+
+RCSID("$Id: parse.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static Type *new_type (Typetype t);
+static struct constraint_spec *new_constraint_spec(enum ctype);
+static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
+void yyerror (const char *);
+static struct objid *new_objid(const char *label, int value);
+static void add_oid_to_tail(struct objid *, struct objid *);
+static void fix_labels(Symbol *s);
+
+struct string_list {
+ char *string;
+ struct string_list *next;
+};
+
+
+
+/* Enabling traces. */
+#ifndef YYDEBUG
+# define YYDEBUG 1
+#endif
+
+/* Enabling verbose error messages. */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table. */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 65 "parse.y"
+{
+ int constant;
+ struct value *value;
+ struct range *range;
+ char *name;
+ Type *type;
+ Member *member;
+ struct objid *objid;
+ char *defval;
+ struct string_list *sl;
+ struct tagtype tag;
+ struct memhead *members;
+ struct constraint_spec *constraint_spec;
+}
+/* Line 193 of yacc.c. */
+#line 318 "parse.c"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations. */
+
+
+/* Line 216 of yacc.c. */
+#line 331 "parse.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+# define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+# define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# else
+# define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+# if ENABLE_NLS
+# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+# define YY_(msgid) dgettext ("bison-runtime", msgid)
+# endif
+# endif
+# ifndef YY_
+# define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E. */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions. */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+ int i;
+#endif
+{
+ return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols. */
+
+# ifdef YYSTACK_USE_ALLOCA
+# if YYSTACK_USE_ALLOCA
+# ifdef __GNUC__
+# define YYSTACK_ALLOC __builtin_alloca
+# elif defined __BUILTIN_VA_ARG_INCR
+# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+# elif defined _AIX
+# define YYSTACK_ALLOC __alloca
+# elif defined _MSC_VER
+# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+# define alloca _alloca
+# else
+# define YYSTACK_ALLOC alloca
+# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# endif
+# endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+ /* Pacify GCC's `empty if-body' warning. */
+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+# ifndef YYSTACK_ALLOC_MAXIMUM
+ /* The OS might guarantee only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
+ to allow for a few compiler-allocated temporary stack slots. */
+# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+# endif
+# else
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
+# ifndef YYSTACK_ALLOC_MAXIMUM
+# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+# endif
+# if (defined __cplusplus && ! defined _STDLIB_H \
+ && ! ((defined YYMALLOC || defined malloc) \
+ && (defined YYFREE || defined free)))
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# ifndef YYFREE
+# define YYFREE free
+# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+ && (! defined __cplusplus \
+ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member. */
+union yyalloc
+{
+ yytype_int16 yyss;
+ YYSTYPE yyvs;
+ };
+
+/* The size of the maximum gap between one aligned stack and the next. */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+ N elements. */
+# define YYSTACK_BYTES(N) \
+ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+ + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO. The source and destination do
+ not overlap. */
+# ifndef YYCOPY
+# if defined __GNUC__ && 1 < __GNUC__
+# define YYCOPY(To, From, Count) \
+ __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+# else
+# define YYCOPY(To, From, Count) \
+ do \
+ { \
+ YYSIZE_T yyi; \
+ for (yyi = 0; yyi < (Count); yyi++) \
+ (To)[yyi] = (From)[yyi]; \
+ } \
+ while (YYID (0))
+# endif
+# endif
+
+/* Relocate STACK from its old location to the new one. The
+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
+ elements in the stack, and YYPTR gives the new location of the
+ stack. Advance YYPTR to a properly aligned location for the next
+ stack. */
+# define YYSTACK_RELOCATE(Stack) \
+ do \
+ { \
+ YYSIZE_T yynewbytes; \
+ YYCOPY (&yyptr->Stack, Stack, yysize); \
+ Stack = &yyptr->Stack; \
+ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+ yyptr += yynewbytes / sizeof (*yyptr); \
+ } \
+ while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL 6
+/* YYLAST -- Last index in YYTABLE. */
+#define YYLAST 195
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS 98
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS 68
+/* YYNRULES -- Number of rules. */
+#define YYNRULES 136
+/* YYNRULES -- Number of states. */
+#define YYNSTATES 214
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
+#define YYUNDEFTOK 2
+#define YYMAXUTOK 344
+
+#define YYTRANSLATE(YYX) \
+ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
+static const yytype_uint8 yytranslate[] =
+{
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 92, 93, 2, 2, 91, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 90,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 96, 2, 97, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 94, 2, 95, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
+ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
+ 25, 26, 27, 28, 29, 30, 31, 32, 33, 34,
+ 35, 36, 37, 38, 39, 40, 41, 42, 43, 44,
+ 45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
+ 55, 56, 57, 58, 59, 60, 61, 62, 63, 64,
+ 65, 66, 67, 68, 69, 70, 71, 72, 73, 74,
+ 75, 76, 77, 78, 79, 80, 81, 82, 83, 84,
+ 85, 86, 87, 88, 89
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+ YYRHS. */
+static const yytype_uint16 yyprhs[] =
+{
+ 0, 0, 3, 13, 16, 19, 22, 23, 26, 27,
+ 30, 31, 35, 36, 38, 39, 41, 44, 49, 51,
+ 54, 56, 58, 62, 64, 68, 70, 72, 74, 76,
+ 78, 80, 82, 84, 86, 88, 90, 92, 94, 96,
+ 98, 100, 102, 104, 110, 116, 122, 126, 128, 131,
+ 136, 138, 142, 146, 151, 156, 158, 161, 167, 170,
+ 174, 176, 177, 180, 185, 189, 194, 199, 203, 207,
+ 212, 214, 216, 218, 220, 222, 225, 229, 231, 233,
+ 235, 238, 242, 248, 253, 257, 262, 263, 265, 267,
+ 269, 270, 272, 274, 279, 281, 283, 285, 287, 289,
+ 291, 293, 295, 297, 301, 305, 308, 310, 313, 317,
+ 319, 323, 328, 330, 331, 335, 336, 339, 344, 346,
+ 348, 350, 352, 354, 356, 358, 360, 362, 364, 366,
+ 368, 370, 372, 374, 376, 378, 380
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yytype_int16 yyrhs[] =
+{
+ 99, 0, -1, 86, 151, 21, 100, 101, 84, 8,
+ 102, 24, -1, 27, 70, -1, 38, 70, -1, 7,
+ 70, -1, -1, 29, 39, -1, -1, 103, 107, -1,
+ -1, 40, 104, 90, -1, -1, 105, -1, -1, 106,
+ -1, 105, 106, -1, 109, 32, 86, 151, -1, 108,
+ -1, 108, 107, -1, 110, -1, 143, -1, 86, 91,
+ 109, -1, 86, -1, 86, 84, 111, -1, 112, -1,
+ 130, -1, 133, -1, 120, -1, 113, -1, 144, -1,
+ 129, -1, 118, -1, 115, -1, 123, -1, 121, -1,
+ 122, -1, 125, -1, 126, -1, 127, -1, 128, -1,
+ 139, -1, 11, -1, 92, 155, 83, 155, 93, -1,
+ 92, 155, 83, 46, 93, -1, 92, 47, 83, 155,
+ 93, -1, 92, 155, 93, -1, 43, -1, 43, 114,
+ -1, 43, 94, 116, 95, -1, 117, -1, 116, 91,
+ 117, -1, 116, 91, 85, -1, 86, 92, 163, 93,
+ -1, 25, 94, 119, 95, -1, 116, -1, 9, 67,
+ -1, 9, 67, 94, 149, 95, -1, 51, 37, -1,
+ 52, 67, 124, -1, 49, -1, -1, 66, 114, -1,
+ 64, 94, 146, 95, -1, 64, 94, 95, -1, 64,
+ 124, 53, 111, -1, 65, 94, 146, 95, -1, 65,
+ 94, 95, -1, 65, 53, 111, -1, 14, 94, 146,
+ 95, -1, 131, -1, 132, -1, 86, -1, 34, -1,
+ 77, -1, 111, 134, -1, 92, 135, 93, -1, 136,
+ -1, 137, -1, 138, -1, 19, 111, -1, 23, 12,
+ 155, -1, 19, 111, 23, 12, 155, -1, 18, 12,
+ 94, 95, -1, 140, 142, 111, -1, 96, 141, 89,
+ 97, -1, -1, 76, -1, 6, -1, 60, -1, -1,
+ 27, -1, 38, -1, 86, 111, 84, 155, -1, 145,
+ -1, 33, -1, 78, -1, 61, -1, 81, -1, 36,
+ -1, 10, -1, 79, -1, 148, -1, 146, 91, 148,
+ -1, 146, 91, 85, -1, 86, 111, -1, 147, -1,
+ 147, 54, -1, 147, 20, 155, -1, 150, -1, 149,
+ 91, 150, -1, 86, 92, 89, 93, -1, 152, -1,
+ -1, 94, 153, 95, -1, -1, 154, 153, -1, 86,
+ 92, 89, 93, -1, 86, -1, 89, -1, 156, -1,
+ 157, -1, 161, -1, 160, -1, 162, -1, 165, -1,
+ 164, -1, 158, -1, 159, -1, 86, -1, 88, -1,
+ 71, -1, 31, -1, 163, -1, 89, -1, 49, -1,
+ 152, -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+static const yytype_uint16 yyrline[] =
+{
+ 0, 233, 233, 240, 241, 243, 245, 248, 250, 253,
+ 254, 257, 258, 261, 262, 265, 266, 269, 280, 281,
+ 284, 285, 288, 294, 302, 312, 313, 314, 317, 318,
+ 319, 320, 321, 322, 323, 324, 325, 326, 327, 328,
+ 329, 330, 333, 340, 350, 358, 366, 377, 382, 388,
+ 396, 402, 407, 411, 424, 432, 435, 442, 450, 456,
+ 465, 473, 474, 479, 485, 493, 502, 508, 516, 524,
+ 531, 532, 535, 546, 551, 558, 574, 580, 583, 584,
+ 587, 593, 601, 611, 617, 630, 639, 642, 646, 650,
+ 657, 660, 664, 671, 682, 685, 690, 695, 700, 705,
+ 710, 715, 723, 729, 734, 745, 756, 762, 768, 776,
+ 782, 789, 802, 803, 806, 813, 816, 827, 831, 842,
+ 848, 849, 852, 853, 854, 855, 856, 859, 862, 865,
+ 876, 884, 890, 898, 906, 909, 914
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+ "$end", "error", "$undefined", "kw_ABSENT", "kw_ABSTRACT_SYNTAX",
+ "kw_ALL", "kw_APPLICATION", "kw_AUTOMATIC", "kw_BEGIN", "kw_BIT",
+ "kw_BMPString", "kw_BOOLEAN", "kw_BY", "kw_CHARACTER", "kw_CHOICE",
+ "kw_CLASS", "kw_COMPONENT", "kw_COMPONENTS", "kw_CONSTRAINED",
+ "kw_CONTAINING", "kw_DEFAULT", "kw_DEFINITIONS", "kw_EMBEDDED",
+ "kw_ENCODED", "kw_END", "kw_ENUMERATED", "kw_EXCEPT", "kw_EXPLICIT",
+ "kw_EXPORTS", "kw_EXTENSIBILITY", "kw_EXTERNAL", "kw_FALSE", "kw_FROM",
+ "kw_GeneralString", "kw_GeneralizedTime", "kw_GraphicString",
+ "kw_IA5String", "kw_IDENTIFIER", "kw_IMPLICIT", "kw_IMPLIED",
+ "kw_IMPORTS", "kw_INCLUDES", "kw_INSTANCE", "kw_INTEGER",
+ "kw_INTERSECTION", "kw_ISO646String", "kw_MAX", "kw_MIN",
+ "kw_MINUS_INFINITY", "kw_NULL", "kw_NumericString", "kw_OBJECT",
+ "kw_OCTET", "kw_OF", "kw_OPTIONAL", "kw_ObjectDescriptor", "kw_PATTERN",
+ "kw_PDV", "kw_PLUS_INFINITY", "kw_PRESENT", "kw_PRIVATE",
+ "kw_PrintableString", "kw_REAL", "kw_RELATIVE_OID", "kw_SEQUENCE",
+ "kw_SET", "kw_SIZE", "kw_STRING", "kw_SYNTAX", "kw_T61String", "kw_TAGS",
+ "kw_TRUE", "kw_TYPE_IDENTIFIER", "kw_TeletexString", "kw_UNION",
+ "kw_UNIQUE", "kw_UNIVERSAL", "kw_UTCTime", "kw_UTF8String",
+ "kw_UniversalString", "kw_VideotexString", "kw_VisibleString", "kw_WITH",
+ "RANGE", "EEQUAL", "ELLIPSIS", "IDENTIFIER", "referencename", "STRING",
+ "NUMBER", "';'", "','", "'('", "')'", "'{'", "'}'", "'['", "']'",
+ "$accept", "ModuleDefinition", "TagDefault", "ExtensionDefault",
+ "ModuleBody", "Imports", "SymbolsImported", "SymbolsFromModuleList",
+ "SymbolsFromModule", "AssignmentList", "Assignment", "referencenames",
+ "TypeAssignment", "Type", "BuiltinType", "BooleanType", "range",
+ "IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType",
+ "Enumerations", "BitStringType", "ObjectIdentifierType",
+ "OctetStringType", "NullType", "size", "SequenceType", "SequenceOfType",
+ "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType",
+ "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec",
+ "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint",
+ "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment",
+ "CharacterStringType", "RestrictedCharactedStringType",
+ "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList",
+ "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value",
+ "BuiltinValue", "ReferencedValue", "DefinedValue", "Valuereference",
+ "CharacterStringValue", "BooleanValue", "IntegerValue", "SignedNumber",
+ "NullValue", "ObjectIdentifierValue", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+ token YYLEX-NUM. */
+static const yytype_uint16 yytoknum[] =
+{
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
+ 265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
+ 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
+ 285, 286, 287, 288, 289, 290, 291, 292, 293, 294,
+ 295, 296, 297, 298, 299, 300, 301, 302, 303, 304,
+ 305, 306, 307, 308, 309, 310, 311, 312, 313, 314,
+ 315, 316, 317, 318, 319, 320, 321, 322, 323, 324,
+ 325, 326, 327, 328, 329, 330, 331, 332, 333, 334,
+ 335, 336, 337, 338, 339, 340, 341, 342, 343, 344,
+ 59, 44, 40, 41, 123, 125, 91, 93
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
+static const yytype_uint8 yyr1[] =
+{
+ 0, 98, 99, 100, 100, 100, 100, 101, 101, 102,
+ 102, 103, 103, 104, 104, 105, 105, 106, 107, 107,
+ 108, 108, 109, 109, 110, 111, 111, 111, 112, 112,
+ 112, 112, 112, 112, 112, 112, 112, 112, 112, 112,
+ 112, 112, 113, 114, 114, 114, 114, 115, 115, 115,
+ 116, 116, 116, 117, 118, 119, 120, 120, 121, 122,
+ 123, 124, 124, 125, 125, 126, 127, 127, 128, 129,
+ 130, 130, 131, 132, 132, 133, 134, 135, 136, 136,
+ 137, 137, 137, 138, 139, 140, 141, 141, 141, 141,
+ 142, 142, 142, 143, 144, 145, 145, 145, 145, 145,
+ 145, 145, 146, 146, 146, 147, 148, 148, 148, 149,
+ 149, 150, 151, 151, 152, 153, 153, 154, 154, 154,
+ 155, 155, 156, 156, 156, 156, 156, 157, 158, 159,
+ 160, 161, 161, 162, 163, 164, 165
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
+static const yytype_uint8 yyr2[] =
+{
+ 0, 2, 9, 2, 2, 2, 0, 2, 0, 2,
+ 0, 3, 0, 1, 0, 1, 2, 4, 1, 2,
+ 1, 1, 3, 1, 3, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 5, 5, 5, 3, 1, 2, 4,
+ 1, 3, 3, 4, 4, 1, 2, 5, 2, 3,
+ 1, 0, 2, 4, 3, 4, 4, 3, 3, 4,
+ 1, 1, 1, 1, 1, 2, 3, 1, 1, 1,
+ 2, 3, 5, 4, 3, 4, 0, 1, 1, 1,
+ 0, 1, 1, 4, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 3, 3, 2, 1, 2, 3, 1,
+ 3, 4, 1, 0, 3, 0, 2, 4, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+ STATE-NUM when YYTABLE doesn't specify something else to do. Zero
+ means the default is an error. */
+static const yytype_uint8 yydefact[] =
+{
+ 0, 113, 0, 115, 0, 112, 1, 118, 119, 0,
+ 115, 6, 0, 114, 116, 0, 0, 0, 8, 0,
+ 5, 3, 4, 0, 0, 117, 7, 0, 10, 14,
+ 0, 0, 23, 0, 13, 15, 0, 2, 0, 9,
+ 18, 20, 21, 0, 11, 16, 0, 0, 100, 42,
+ 0, 0, 95, 73, 99, 47, 60, 0, 0, 97,
+ 61, 0, 74, 96, 101, 98, 0, 72, 86, 0,
+ 25, 29, 33, 32, 28, 35, 36, 34, 37, 38,
+ 39, 40, 31, 26, 70, 71, 27, 41, 90, 30,
+ 94, 19, 22, 113, 56, 0, 0, 0, 0, 48,
+ 58, 61, 0, 0, 0, 0, 0, 24, 88, 89,
+ 87, 0, 0, 0, 75, 91, 92, 0, 17, 0,
+ 0, 0, 106, 102, 0, 55, 50, 0, 132, 0,
+ 135, 131, 129, 130, 134, 136, 0, 120, 121, 127,
+ 128, 123, 122, 124, 133, 126, 125, 0, 59, 62,
+ 64, 0, 0, 68, 67, 0, 0, 93, 0, 0,
+ 0, 0, 77, 78, 79, 84, 0, 0, 109, 105,
+ 0, 69, 0, 107, 0, 0, 54, 0, 0, 46,
+ 49, 63, 65, 66, 85, 0, 80, 0, 76, 0,
+ 0, 57, 104, 103, 108, 0, 52, 51, 0, 0,
+ 0, 0, 0, 81, 0, 110, 53, 45, 44, 43,
+ 83, 0, 111, 82
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const yytype_int16 yydefgoto[] =
+{
+ -1, 2, 18, 24, 30, 31, 33, 34, 35, 39,
+ 40, 36, 41, 69, 70, 71, 99, 72, 125, 126,
+ 73, 127, 74, 75, 76, 77, 104, 78, 79, 80,
+ 81, 82, 83, 84, 85, 86, 114, 161, 162, 163,
+ 164, 87, 88, 111, 117, 42, 89, 90, 121, 122,
+ 123, 167, 168, 4, 135, 9, 10, 136, 137, 138,
+ 139, 140, 141, 142, 143, 144, 145, 146
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+ STATE-NUM. */
+#define YYPACT_NINF -113
+static const yytype_int16 yypact[] =
+{
+ -74, -67, 38, -69, 23, -113, -113, -44, -113, -41,
+ -69, 4, -26, -113, -113, -3, 1, 10, 52, -10,
+ -113, -113, -113, 45, 13, -113, -113, 77, -35, 15,
+ 64, 19, 17, 20, 15, -113, 85, -113, 25, -113,
+ 19, -113, -113, 15, -113, -113, 27, 47, -113, -113,
+ 26, 29, -113, -113, -113, -30, -113, 89, 61, -113,
+ -57, -47, -113, -113, -113, -113, 82, -113, -4, -68,
+ -113, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -113, -17, -113,
+ -113, -113, -113, -67, 35, 33, 46, 51, 46, -113,
+ -113, 69, 44, -73, 88, 82, -72, 56, -113, -113,
+ -113, 49, 93, 7, -113, -113, -113, 82, -113, 58,
+ 82, -76, -13, -113, 57, 59, -113, 60, -113, 68,
+ -113, -113, -113, -113, -113, -113, -75, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -63, -113, -113,
+ -113, -62, 82, 56, -113, -46, 65, -113, 141, 82,
+ 142, 63, -113, -113, -113, 56, 66, -38, -113, 56,
+ -16, -113, 93, -113, 76, -7, -113, 93, 81, -113,
+ -113, -113, 56, -113, -113, 72, -19, 93, -113, 83,
+ 58, -113, -113, -113, -113, 78, -113, -113, 80, 84,
+ 87, 62, 162, -113, 90, -113, -113, -113, -113, -113,
+ -113, 93, -113, -113
+};
+
+/* YYPGOTO[NTERM-NUM]. */
+static const yytype_int16 yypgoto[] =
+{
+ -113, -113, -113, -113, -113, -113, -113, -113, 150, 136,
+ -113, 143, -113, -65, -113, -113, 86, -113, 91, 16,
+ -113, -113, -113, -113, -113, -113, 92, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+ -113, -113, -113, -113, -113, -113, -113, -113, -60, -113,
+ 22, -113, -5, 97, 2, 184, -113, -112, -113, -113,
+ -113, -113, -113, -113, -113, 21, -113, -113
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
+ positive, shift that token. If negative, reduce the rule which
+ number is the opposite. If zero, do what YYDEFACT says.
+ If YYTABLE_NINF, syntax error. */
+#define YYTABLE_NINF -13
+static const yytype_int16 yytable[] =
+{
+ 157, 107, 108, 5, 202, 29, 105, 172, 178, 102,
+ 115, 15, 1, 120, 120, 170, 112, 7, 179, 171,
+ 8, 116, 150, 154, 113, 158, 159, 3, 175, 170,
+ 160, 16, 180, 181, 47, 48, 49, 103, 6, 50,
+ 153, 173, 17, 151, 11, 170, 155, 106, 12, 183,
+ 51, -12, 165, 190, 13, 169, 109, 191, 52, 53,
+ 194, 54, 97, 19, 98, 198, 200, 20, 55, 192,
+ 120, 21, 110, 113, 56, 203, 57, 58, 196, 124,
+ 22, 23, 128, 25, 26, 28, 59, 182, 37, 60,
+ 61, 47, 48, 49, 186, 5, 50, 27, 129, 213,
+ 130, 32, 62, 63, 64, 38, 65, 51, 43, 66,
+ 44, 67, 128, 93, 94, 52, 53, 46, 54, 120,
+ 95, 68, 131, 96, 128, 55, 100, 199, 101, 119,
+ 130, 56, 124, 57, 58, 102, 97, 132, 156, 133,
+ 134, 152, 130, 59, 166, 3, 60, 61, 113, 174,
+ 175, 177, 131, 185, 187, 176, 188, 210, 189, 62,
+ 63, 64, 184, 65, 131, 134, 201, 132, 67, 133,
+ 134, 206, 204, 207, 211, 3, 91, 208, 68, 132,
+ 209, 133, 134, 212, 45, 205, 92, 3, 149, 147,
+ 118, 197, 193, 148, 14, 195
+};
+
+static const yytype_uint8 yycheck[] =
+{
+ 112, 66, 6, 1, 23, 40, 53, 20, 83, 66,
+ 27, 7, 86, 86, 86, 91, 84, 86, 93, 95,
+ 89, 38, 95, 95, 92, 18, 19, 94, 91, 91,
+ 23, 27, 95, 95, 9, 10, 11, 94, 0, 14,
+ 105, 54, 38, 103, 21, 91, 106, 94, 92, 95,
+ 25, 86, 117, 91, 95, 120, 60, 95, 33, 34,
+ 172, 36, 92, 89, 94, 177, 178, 70, 43, 85,
+ 86, 70, 76, 92, 49, 187, 51, 52, 85, 86,
+ 70, 29, 31, 93, 39, 8, 61, 152, 24, 64,
+ 65, 9, 10, 11, 159, 93, 14, 84, 47, 211,
+ 49, 86, 77, 78, 79, 86, 81, 25, 91, 84,
+ 90, 86, 31, 86, 67, 33, 34, 32, 36, 86,
+ 94, 96, 71, 94, 31, 43, 37, 46, 67, 94,
+ 49, 49, 86, 51, 52, 66, 92, 86, 89, 88,
+ 89, 53, 49, 61, 86, 94, 64, 65, 92, 92,
+ 91, 83, 71, 12, 12, 95, 93, 95, 92, 77,
+ 78, 79, 97, 81, 71, 89, 94, 86, 86, 88,
+ 89, 93, 89, 93, 12, 94, 40, 93, 96, 86,
+ 93, 88, 89, 93, 34, 190, 43, 94, 102, 98,
+ 93, 175, 170, 101, 10, 174
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+ symbol of state STATE-NUM. */
+static const yytype_uint8 yystos[] =
+{
+ 0, 86, 99, 94, 151, 152, 0, 86, 89, 153,
+ 154, 21, 92, 95, 153, 7, 27, 38, 100, 89,
+ 70, 70, 70, 29, 101, 93, 39, 84, 8, 40,
+ 102, 103, 86, 104, 105, 106, 109, 24, 86, 107,
+ 108, 110, 143, 91, 90, 106, 32, 9, 10, 11,
+ 14, 25, 33, 34, 36, 43, 49, 51, 52, 61,
+ 64, 65, 77, 78, 79, 81, 84, 86, 96, 111,
+ 112, 113, 115, 118, 120, 121, 122, 123, 125, 126,
+ 127, 128, 129, 130, 131, 132, 133, 139, 140, 144,
+ 145, 107, 109, 86, 67, 94, 94, 92, 94, 114,
+ 37, 67, 66, 94, 124, 53, 94, 111, 6, 60,
+ 76, 141, 84, 92, 134, 27, 38, 142, 151, 94,
+ 86, 146, 147, 148, 86, 116, 117, 119, 31, 47,
+ 49, 71, 86, 88, 89, 152, 155, 156, 157, 158,
+ 159, 160, 161, 162, 163, 164, 165, 116, 124, 114,
+ 95, 146, 53, 111, 95, 146, 89, 155, 18, 19,
+ 23, 135, 136, 137, 138, 111, 86, 149, 150, 111,
+ 91, 95, 20, 54, 92, 91, 95, 83, 83, 93,
+ 95, 95, 111, 95, 97, 12, 111, 12, 93, 92,
+ 91, 95, 85, 148, 155, 163, 85, 117, 155, 46,
+ 155, 94, 23, 155, 89, 150, 93, 93, 93, 93,
+ 95, 12, 93, 155
+};
+
+#define yyerrok (yyerrstatus = 0)
+#define yyclearin (yychar = YYEMPTY)
+#define YYEMPTY (-2)
+#define YYEOF 0
+
+#define YYACCEPT goto yyacceptlab
+#define YYABORT goto yyabortlab
+#define YYERROR goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror. This remains here temporarily
+ to ease the transition to the new meaning of YYERROR, for GCC.
+ Once GCC version 2 has supplanted version 1, this can go. */
+
+#define YYFAIL goto yyerrlab
+
+#define YYRECOVERING() (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value) \
+do \
+ if (yychar == YYEMPTY && yylen == 1) \
+ { \
+ yychar = (Token); \
+ yylval = (Value); \
+ yytoken = YYTRANSLATE (yychar); \
+ YYPOPSTACK (1); \
+ goto yybackup; \
+ } \
+ else \
+ { \
+ yyerror (YY_("syntax error: cannot back up")); \
+ YYERROR; \
+ } \
+while (YYID (0))
+
+
+#define YYTERROR 1
+#define YYERRCODE 256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (YYID (N)) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+ This macro was not mandated originally: define only if we know
+ we won't break user code: when these are the locations we know. */
+
+#ifndef YY_LOCATION_PRINT
+# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+# define YY_LOCATION_PRINT(File, Loc) \
+ fprintf (File, "%d.%d-%d.%d", \
+ (Loc).first_line, (Loc).first_column, \
+ (Loc).last_line, (Loc).last_column)
+# else
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments. */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested. */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+# define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args) \
+do { \
+ if (yydebug) \
+ YYFPRINTF Args; \
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
+do { \
+ if (yydebug) \
+ { \
+ YYFPRINTF (stderr, "%s ", Title); \
+ yy_symbol_print (stderr, \
+ Type, Value); \
+ YYFPRINTF (stderr, "\n"); \
+ } \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (!yyvaluep)
+ return;
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+ YYUSE (yyoutput);
+# endif
+ switch (yytype)
+ {
+ default:
+ break;
+ }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (yytype < YYNTOKENS)
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+ else
+ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+ YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included). |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+ yytype_int16 *bottom;
+ yytype_int16 *top;
+#endif
+{
+ YYFPRINTF (stderr, "Stack now");
+ for (; bottom <= top; ++bottom)
+ YYFPRINTF (stderr, " %d", *bottom);
+ YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top) \
+do { \
+ if (yydebug) \
+ yy_stack_print ((Bottom), (Top)); \
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced. |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+ YYSTYPE *yyvsp;
+ int yyrule;
+#endif
+{
+ int yynrhs = yyr2[yyrule];
+ int yyi;
+ unsigned long int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+ yyrule - 1, yylno);
+ /* The symbols being reduced. */
+ for (yyi = 0; yyi < yynrhs; yyi++)
+ {
+ fprintf (stderr, " $%d = ", yyi + 1);
+ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+ &(yyvsp[(yyi + 1) - (yynrhs)])
+ );
+ fprintf (stderr, "\n");
+ }
+}
+
+# define YY_REDUCE_PRINT(Rule) \
+do { \
+ if (yydebug) \
+ yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace. It is left uninitialized so that
+ multiple parsers can coexist. */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks. */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+ if the built-in stack extension method is used).
+
+ Do not make this value too large; the results are undefined if
+ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ evaluated with infinite-precision integer arithmetic. */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+# if defined __GLIBC__ && defined _STRING_H
+# define yystrlen strlen
+# else
+/* Return the length of YYSTR. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+ const char *yystr;
+#endif
+{
+ YYSIZE_T yylen;
+ for (yylen = 0; yystr[yylen]; yylen++)
+ continue;
+ return yylen;
+}
+# endif
+# endif
+
+# ifndef yystpcpy
+# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+# define yystpcpy stpcpy
+# else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+ YYDEST. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+ char *yydest;
+ const char *yysrc;
+#endif
+{
+ char *yyd = yydest;
+ const char *yys = yysrc;
+
+ while ((*yyd++ = *yys++) != '\0')
+ continue;
+
+ return yyd - 1;
+}
+# endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+ quotes and backslashes, so that it's suitable for yyerror. The
+ heuristic is that double-quoting is unnecessary unless the string
+ contains an apostrophe, a comma, or backslash (other than
+ backslash-backslash). YYSTR is taken from yytname. If YYRES is
+ null, do not copy; instead, return the length of what the result
+ would have been. */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+ if (*yystr == '"')
+ {
+ YYSIZE_T yyn = 0;
+ char const *yyp = yystr;
+
+ for (;;)
+ switch (*++yyp)
+ {
+ case '\'':
+ case ',':
+ goto do_not_strip_quotes;
+
+ case '\\':
+ if (*++yyp != '\\')
+ goto do_not_strip_quotes;
+ /* Fall through. */
+ default:
+ if (yyres)
+ yyres[yyn] = *yyp;
+ yyn++;
+ break;
+
+ case '"':
+ if (yyres)
+ yyres[yyn] = '\0';
+ return yyn;
+ }
+ do_not_strip_quotes: ;
+ }
+
+ if (! yyres)
+ return yystrlen (yystr);
+
+ return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+ YYCHAR while in state YYSTATE. Return the number of bytes copied,
+ including the terminating null byte. If YYRESULT is null, do not
+ copy anything; just return the number of bytes that would be
+ copied. As a special case, return 0 if an ordinary "syntax error"
+ message will do. Return YYSIZE_MAXIMUM if overflow occurs during
+ size calculation. */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+ int yyn = yypact[yystate];
+
+ if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+ return 0;
+ else
+ {
+ int yytype = YYTRANSLATE (yychar);
+ YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+ YYSIZE_T yysize = yysize0;
+ YYSIZE_T yysize1;
+ int yysize_overflow = 0;
+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ int yyx;
+
+# if 0
+ /* This is so xgettext sees the translatable formats that are
+ constructed on the fly. */
+ YY_("syntax error, unexpected %s");
+ YY_("syntax error, unexpected %s, expecting %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+ char *yyfmt;
+ char const *yyf;
+ static char const yyunexpected[] = "syntax error, unexpected %s";
+ static char const yyexpecting[] = ", expecting %s";
+ static char const yyor[] = " or %s";
+ char yyformat[sizeof yyunexpected
+ + sizeof yyexpecting - 1
+ + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+ * (sizeof yyor - 1))];
+ char const *yyprefix = yyexpecting;
+
+ /* Start YYX at -YYN if negative to avoid negative indexes in
+ YYCHECK. */
+ int yyxbegin = yyn < 0 ? -yyn : 0;
+
+ /* Stay within bounds of both yycheck and yytname. */
+ int yychecklim = YYLAST - yyn + 1;
+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+ int yycount = 1;
+
+ yyarg[0] = yytname[yytype];
+ yyfmt = yystpcpy (yyformat, yyunexpected);
+
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+ {
+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ {
+ yycount = 1;
+ yysize = yysize0;
+ yyformat[sizeof yyunexpected - 1] = '\0';
+ break;
+ }
+ yyarg[yycount++] = yytname[yyx];
+ yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+ yyfmt = yystpcpy (yyfmt, yyprefix);
+ yyprefix = yyor;
+ }
+
+ yyf = YY_(yyformat);
+ yysize1 = yysize + yystrlen (yyf);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+
+ if (yysize_overflow)
+ return YYSIZE_MAXIMUM;
+
+ if (yyresult)
+ {
+ /* Avoid sprintf, as that infringes on the user's name space.
+ Don't have undefined behavior even if the translation
+ produced a string with the wrong number of "%s"s. */
+ char *yyp = yyresult;
+ int yyi = 0;
+ while ((*yyp = *yyf) != '\0')
+ {
+ if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+ {
+ yyp += yytnamerr (yyp, yyarg[yyi++]);
+ yyf += 2;
+ }
+ else
+ {
+ yyp++;
+ yyf++;
+ }
+ }
+ }
+ return yysize;
+ }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol. |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
+ int yytype;
+ YYSTYPE *yyvaluep;
+#endif
+{
+ YYUSE (yyvaluep);
+
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+ switch (yytype)
+ {
+
+ default:
+ break;
+ }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes. */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The look-ahead symbol. */
+int yychar;
+
+/* The semantic value of the look-ahead symbol. */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far. */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse. |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+ void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+ int yystate;
+ int yyn;
+ int yyresult;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
+ /* Look-ahead token as an internal (translated) token number. */
+ int yytoken = 0;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+ /* Three stacks and their tools:
+ `yyss': related to states,
+ `yyvs': related to semantic values,
+ `yyls': related to locations.
+
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss = yyssa;
+ yytype_int16 *yyssp;
+
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs = yyvsa;
+ YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
+
+ YYSIZE_T yystacksize = YYINITDEPTH;
+
+ /* The variables used to return semantic value and location from the
+ action routines. */
+ YYSTYPE yyval;
+
+
+ /* The number of symbols on the RHS of the reduced rule.
+ Keep to zero when no symbol should be popped. */
+ int yylen = 0;
+
+ YYDPRINTF ((stderr, "Starting parse\n"));
+
+ yystate = 0;
+ yyerrstatus = 0;
+ yynerrs = 0;
+ yychar = YYEMPTY; /* Cause a token to be read. */
+
+ /* Initialize stack pointers.
+ Waste one element of value and location stack
+ so that they stay on the same level as the state stack.
+ The wasted elements are never initialized. */
+
+ yyssp = yyss;
+ yyvsp = yyvs;
+
+ goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate. |
+`------------------------------------------------------------*/
+ yynewstate:
+ /* In all cases, when you get here, the value and location stacks
+ have just been pushed. So pushing a state here evens the stacks. */
+ yyssp++;
+
+ yysetstate:
+ *yyssp = yystate;
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ {
+ /* Get the current used size of the three stacks, in elements. */
+ YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+ {
+ /* Give user a chance to reallocate the stack. Use copies of
+ these so that the &'s don't force the real ones into
+ memory. */
+ YYSTYPE *yyvs1 = yyvs;
+ yytype_int16 *yyss1 = yyss;
+
+
+ /* Each stack pointer address is followed by the size of the
+ data in use in that stack, in bytes. This used to be a
+ conditional around just the two extra args, but that might
+ be undefined if yyoverflow is a macro. */
+ yyoverflow (YY_("memory exhausted"),
+ &yyss1, yysize * sizeof (*yyssp),
+ &yyvs1, yysize * sizeof (*yyvsp),
+
+ &yystacksize);
+
+ yyss = yyss1;
+ yyvs = yyvs1;
+ }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+ goto yyexhaustedlab;
+# else
+ /* Extend the stack our own way. */
+ if (YYMAXDEPTH <= yystacksize)
+ goto yyexhaustedlab;
+ yystacksize *= 2;
+ if (YYMAXDEPTH < yystacksize)
+ yystacksize = YYMAXDEPTH;
+
+ {
+ yytype_int16 *yyss1 = yyss;
+ union yyalloc *yyptr =
+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+ if (! yyptr)
+ goto yyexhaustedlab;
+ YYSTACK_RELOCATE (yyss);
+ YYSTACK_RELOCATE (yyvs);
+
+# undef YYSTACK_RELOCATE
+ if (yyss1 != yyssa)
+ YYSTACK_FREE (yyss1);
+ }
+# endif
+#endif /* no yyoverflow */
+
+ yyssp = yyss + yysize - 1;
+ yyvsp = yyvs + yysize - 1;
+
+
+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+ (unsigned long int) yystacksize));
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ YYABORT;
+ }
+
+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+ goto yybackup;
+
+/*-----------.
+| yybackup. |
+`-----------*/
+yybackup:
+
+ /* Do appropriate processing given the current state. Read a
+ look-ahead token if we need one and don't already have one. */
+
+ /* First try to decide what to do without reference to look-ahead token. */
+ yyn = yypact[yystate];
+ if (yyn == YYPACT_NINF)
+ goto yydefault;
+
+ /* Not known => get a look-ahead token if don't already have one. */
+
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ if (yychar == YYEMPTY)
+ {
+ YYDPRINTF ((stderr, "Reading a token: "));
+ yychar = YYLEX;
+ }
+
+ if (yychar <= YYEOF)
+ {
+ yychar = yytoken = YYEOF;
+ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+ else
+ {
+ yytoken = YYTRANSLATE (yychar);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+ }
+
+ /* If the proper action on seeing token YYTOKEN is to reduce or to
+ detect an error, take that action. */
+ yyn += yytoken;
+ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+ goto yydefault;
+ yyn = yytable[yyn];
+ if (yyn <= 0)
+ {
+ if (yyn == 0 || yyn == YYTABLE_NINF)
+ goto yyerrlab;
+ yyn = -yyn;
+ goto yyreduce;
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ /* Count tokens shifted since error; after three, turn off error
+ status. */
+ if (yyerrstatus)
+ yyerrstatus--;
+
+ /* Shift the look-ahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+ /* Discard the shifted token unless it is eof. */
+ if (yychar != YYEOF)
+ yychar = YYEMPTY;
+
+ yystate = yyn;
+ *++yyvsp = yylval;
+
+ goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state. |
+`-----------------------------------------------------------*/
+yydefault:
+ yyn = yydefact[yystate];
+ if (yyn == 0)
+ goto yyerrlab;
+ goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction. |
+`-----------------------------*/
+yyreduce:
+ /* yyn is the number of a rule to reduce with. */
+ yylen = yyr2[yyn];
+
+ /* If YYLEN is nonzero, implement the default value of the action:
+ `$$ = $1'.
+
+ Otherwise, the following line sets YYVAL to garbage.
+ This behavior is undocumented and Bison
+ users should not rely upon it. Assigning to YYVAL
+ unconditionally makes the parser a bit smaller, and it avoids a
+ GCC warning that YYVAL may be used uninitialized. */
+ yyval = yyvsp[1-yylen];
+
+
+ YY_REDUCE_PRINT (yyn);
+ switch (yyn)
+ {
+ case 2:
+#line 235 "parse.y"
+ {
+ checkundefined();
+ }
+ break;
+
+ case 4:
+#line 242 "parse.y"
+ { error_message("implicit tagging is not supported"); }
+ break;
+
+ case 5:
+#line 244 "parse.y"
+ { error_message("automatic tagging is not supported"); }
+ break;
+
+ case 7:
+#line 249 "parse.y"
+ { error_message("no extensibility options supported"); }
+ break;
+
+ case 17:
+#line 270 "parse.y"
+ {
+ struct string_list *sl;
+ for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) {
+ Symbol *s = addsym(sl->string);
+ s->stype = Stype;
+ }
+ add_import((yyvsp[(3) - (4)].name));
+ }
+ break;
+
+ case 22:
+#line 289 "parse.y"
+ {
+ (yyval.sl) = emalloc(sizeof(*(yyval.sl)));
+ (yyval.sl)->string = (yyvsp[(1) - (3)].name);
+ (yyval.sl)->next = (yyvsp[(3) - (3)].sl);
+ }
+ break;
+
+ case 23:
+#line 295 "parse.y"
+ {
+ (yyval.sl) = emalloc(sizeof(*(yyval.sl)));
+ (yyval.sl)->string = (yyvsp[(1) - (1)].name);
+ (yyval.sl)->next = NULL;
+ }
+ break;
+
+ case 24:
+#line 303 "parse.y"
+ {
+ Symbol *s = addsym ((yyvsp[(1) - (3)].name));
+ s->stype = Stype;
+ s->type = (yyvsp[(3) - (3)].type);
+ fix_labels(s);
+ generate_type (s);
+ }
+ break;
+
+ case 42:
+#line 334 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean,
+ TE_EXPLICIT, new_type(TBoolean));
+ }
+ break;
+
+ case 43:
+#line 341 "parse.y"
+ {
+ if((yyvsp[(2) - (5)].value)->type != integervalue)
+ error_message("Non-integer used in first part of range");
+ if((yyvsp[(2) - (5)].value)->type != integervalue)
+ error_message("Non-integer in second part of range");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
+ (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
+ }
+ break;
+
+ case 44:
+#line 351 "parse.y"
+ {
+ if((yyvsp[(2) - (5)].value)->type != integervalue)
+ error_message("Non-integer in first part of range");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue;
+ (yyval.range)->max = (yyvsp[(2) - (5)].value)->u.integervalue - 1;
+ }
+ break;
+
+ case 45:
+#line 359 "parse.y"
+ {
+ if((yyvsp[(4) - (5)].value)->type != integervalue)
+ error_message("Non-integer in second part of range");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(4) - (5)].value)->u.integervalue + 2;
+ (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue;
+ }
+ break;
+
+ case 46:
+#line 367 "parse.y"
+ {
+ if((yyvsp[(2) - (3)].value)->type != integervalue)
+ error_message("Non-integer used in limit");
+ (yyval.range) = ecalloc(1, sizeof(*(yyval.range)));
+ (yyval.range)->min = (yyvsp[(2) - (3)].value)->u.integervalue;
+ (yyval.range)->max = (yyvsp[(2) - (3)].value)->u.integervalue;
+ }
+ break;
+
+ case 47:
+#line 378 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer,
+ TE_EXPLICIT, new_type(TInteger));
+ }
+ break;
+
+ case 48:
+#line 383 "parse.y"
+ {
+ (yyval.type) = new_type(TInteger);
+ (yyval.type)->range = (yyvsp[(2) - (2)].range);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 49:
+#line 389 "parse.y"
+ {
+ (yyval.type) = new_type(TInteger);
+ (yyval.type)->members = (yyvsp[(3) - (4)].members);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 50:
+#line 397 "parse.y"
+ {
+ (yyval.members) = emalloc(sizeof(*(yyval.members)));
+ ASN1_TAILQ_INIT((yyval.members));
+ ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
+ }
+ break;
+
+ case 51:
+#line 403 "parse.y"
+ {
+ ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
+ (yyval.members) = (yyvsp[(1) - (3)].members);
+ }
+ break;
+
+ case 52:
+#line 408 "parse.y"
+ { (yyval.members) = (yyvsp[(1) - (3)].members); }
+ break;
+
+ case 53:
+#line 412 "parse.y"
+ {
+ (yyval.member) = emalloc(sizeof(*(yyval.member)));
+ (yyval.member)->name = (yyvsp[(1) - (4)].name);
+ (yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name));
+ output_name ((yyval.member)->gen_name);
+ (yyval.member)->val = (yyvsp[(3) - (4)].constant);
+ (yyval.member)->optional = 0;
+ (yyval.member)->ellipsis = 0;
+ (yyval.member)->type = NULL;
+ }
+ break;
+
+ case 54:
+#line 425 "parse.y"
+ {
+ (yyval.type) = new_type(TInteger);
+ (yyval.type)->members = (yyvsp[(3) - (4)].members);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 56:
+#line 436 "parse.y"
+ {
+ (yyval.type) = new_type(TBitString);
+ (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members));
+ ASN1_TAILQ_INIT((yyval.type)->members);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 57:
+#line 443 "parse.y"
+ {
+ (yyval.type) = new_type(TBitString);
+ (yyval.type)->members = (yyvsp[(4) - (5)].members);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 58:
+#line 451 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID,
+ TE_EXPLICIT, new_type(TOID));
+ }
+ break;
+
+ case 59:
+#line 457 "parse.y"
+ {
+ Type *t = new_type(TOctetString);
+ t->range = (yyvsp[(3) - (3)].range);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString,
+ TE_EXPLICIT, t);
+ }
+ break;
+
+ case 60:
+#line 466 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null,
+ TE_EXPLICIT, new_type(TNull));
+ }
+ break;
+
+ case 61:
+#line 473 "parse.y"
+ { (yyval.range) = NULL; }
+ break;
+
+ case 62:
+#line 475 "parse.y"
+ { (yyval.range) = (yyvsp[(2) - (2)].range); }
+ break;
+
+ case 63:
+#line 480 "parse.y"
+ {
+ (yyval.type) = new_type(TSequence);
+ (yyval.type)->members = (yyvsp[(3) - (4)].members);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 64:
+#line 486 "parse.y"
+ {
+ (yyval.type) = new_type(TSequence);
+ (yyval.type)->members = NULL;
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 65:
+#line 494 "parse.y"
+ {
+ (yyval.type) = new_type(TSequenceOf);
+ (yyval.type)->range = (yyvsp[(2) - (4)].range);
+ (yyval.type)->subtype = (yyvsp[(4) - (4)].type);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 66:
+#line 503 "parse.y"
+ {
+ (yyval.type) = new_type(TSet);
+ (yyval.type)->members = (yyvsp[(3) - (4)].members);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 67:
+#line 509 "parse.y"
+ {
+ (yyval.type) = new_type(TSet);
+ (yyval.type)->members = NULL;
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 68:
+#line 517 "parse.y"
+ {
+ (yyval.type) = new_type(TSetOf);
+ (yyval.type)->subtype = (yyvsp[(3) - (3)].type);
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type));
+ }
+ break;
+
+ case 69:
+#line 525 "parse.y"
+ {
+ (yyval.type) = new_type(TChoice);
+ (yyval.type)->members = (yyvsp[(3) - (4)].members);
+ }
+ break;
+
+ case 72:
+#line 536 "parse.y"
+ {
+ Symbol *s = addsym((yyvsp[(1) - (1)].name));
+ (yyval.type) = new_type(TType);
+ if(s->stype != Stype && s->stype != SUndefined)
+ error_message ("%s is not a type\n", (yyvsp[(1) - (1)].name));
+ else
+ (yyval.type)->symbol = s;
+ }
+ break;
+
+ case 73:
+#line 547 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
+ TE_EXPLICIT, new_type(TGeneralizedTime));
+ }
+ break;
+
+ case 74:
+#line 552 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime,
+ TE_EXPLICIT, new_type(TUTCTime));
+ }
+ break;
+
+ case 75:
+#line 559 "parse.y"
+ {
+ /* if (Constraint.type == contentConstrant) {
+ assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
+ if (Constraint.u.constraint.type) {
+ assert((Constraint.u.constraint.type.length % 8) == 0);
+ }
+ }
+ if (Constraint.u.constraint.encoding) {
+ type == der-oid|ber-oid
+ }
+ */
+ }
+ break;
+
+ case 76:
+#line 575 "parse.y"
+ {
+ (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec);
+ }
+ break;
+
+ case 80:
+#line 588 "parse.y"
+ {
+ (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
+ (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type);
+ (yyval.constraint_spec)->u.content.encoding = NULL;
+ }
+ break;
+
+ case 81:
+#line 594 "parse.y"
+ {
+ if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
+ (yyval.constraint_spec)->u.content.type = NULL;
+ (yyval.constraint_spec)->u.content.encoding = (yyvsp[(3) - (3)].value);
+ }
+ break;
+
+ case 82:
+#line 602 "parse.y"
+ {
+ if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS);
+ (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (5)].type);
+ (yyval.constraint_spec)->u.content.encoding = (yyvsp[(5) - (5)].value);
+ }
+ break;
+
+ case 83:
+#line 612 "parse.y"
+ {
+ (yyval.constraint_spec) = new_constraint_spec(CT_USER);
+ }
+ break;
+
+ case 84:
+#line 618 "parse.y"
+ {
+ (yyval.type) = new_type(TTag);
+ (yyval.type)->tag = (yyvsp[(1) - (3)].tag);
+ (yyval.type)->tag.tagenv = (yyvsp[(2) - (3)].constant);
+ if((yyvsp[(3) - (3)].type)->type == TTag && (yyvsp[(2) - (3)].constant) == TE_IMPLICIT) {
+ (yyval.type)->subtype = (yyvsp[(3) - (3)].type)->subtype;
+ free((yyvsp[(3) - (3)].type));
+ } else
+ (yyval.type)->subtype = (yyvsp[(3) - (3)].type);
+ }
+ break;
+
+ case 85:
+#line 631 "parse.y"
+ {
+ (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant);
+ (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant);
+ (yyval.tag).tagenv = TE_EXPLICIT;
+ }
+ break;
+
+ case 86:
+#line 639 "parse.y"
+ {
+ (yyval.constant) = ASN1_C_CONTEXT;
+ }
+ break;
+
+ case 87:
+#line 643 "parse.y"
+ {
+ (yyval.constant) = ASN1_C_UNIV;
+ }
+ break;
+
+ case 88:
+#line 647 "parse.y"
+ {
+ (yyval.constant) = ASN1_C_APPL;
+ }
+ break;
+
+ case 89:
+#line 651 "parse.y"
+ {
+ (yyval.constant) = ASN1_C_PRIVATE;
+ }
+ break;
+
+ case 90:
+#line 657 "parse.y"
+ {
+ (yyval.constant) = TE_EXPLICIT;
+ }
+ break;
+
+ case 91:
+#line 661 "parse.y"
+ {
+ (yyval.constant) = TE_EXPLICIT;
+ }
+ break;
+
+ case 92:
+#line 665 "parse.y"
+ {
+ (yyval.constant) = TE_IMPLICIT;
+ }
+ break;
+
+ case 93:
+#line 672 "parse.y"
+ {
+ Symbol *s;
+ s = addsym ((yyvsp[(1) - (4)].name));
+
+ s->stype = SValue;
+ s->value = (yyvsp[(4) - (4)].value);
+ generate_constant (s);
+ }
+ break;
+
+ case 95:
+#line 686 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString,
+ TE_EXPLICIT, new_type(TGeneralString));
+ }
+ break;
+
+ case 96:
+#line 691 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String,
+ TE_EXPLICIT, new_type(TUTF8String));
+ }
+ break;
+
+ case 97:
+#line 696 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString,
+ TE_EXPLICIT, new_type(TPrintableString));
+ }
+ break;
+
+ case 98:
+#line 701 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString,
+ TE_EXPLICIT, new_type(TVisibleString));
+ }
+ break;
+
+ case 99:
+#line 706 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String,
+ TE_EXPLICIT, new_type(TIA5String));
+ }
+ break;
+
+ case 100:
+#line 711 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString,
+ TE_EXPLICIT, new_type(TBMPString));
+ }
+ break;
+
+ case 101:
+#line 716 "parse.y"
+ {
+ (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString,
+ TE_EXPLICIT, new_type(TUniversalString));
+ }
+ break;
+
+ case 102:
+#line 724 "parse.y"
+ {
+ (yyval.members) = emalloc(sizeof(*(yyval.members)));
+ ASN1_TAILQ_INIT((yyval.members));
+ ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
+ }
+ break;
+
+ case 103:
+#line 730 "parse.y"
+ {
+ ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
+ (yyval.members) = (yyvsp[(1) - (3)].members);
+ }
+ break;
+
+ case 104:
+#line 735 "parse.y"
+ {
+ struct member *m = ecalloc(1, sizeof(*m));
+ m->name = estrdup("...");
+ m->gen_name = estrdup("asn1_ellipsis");
+ m->ellipsis = 1;
+ ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), m, members);
+ (yyval.members) = (yyvsp[(1) - (3)].members);
+ }
+ break;
+
+ case 105:
+#line 746 "parse.y"
+ {
+ (yyval.member) = emalloc(sizeof(*(yyval.member)));
+ (yyval.member)->name = (yyvsp[(1) - (2)].name);
+ (yyval.member)->gen_name = estrdup((yyvsp[(1) - (2)].name));
+ output_name ((yyval.member)->gen_name);
+ (yyval.member)->type = (yyvsp[(2) - (2)].type);
+ (yyval.member)->ellipsis = 0;
+ }
+ break;
+
+ case 106:
+#line 757 "parse.y"
+ {
+ (yyval.member) = (yyvsp[(1) - (1)].member);
+ (yyval.member)->optional = 0;
+ (yyval.member)->defval = NULL;
+ }
+ break;
+
+ case 107:
+#line 763 "parse.y"
+ {
+ (yyval.member) = (yyvsp[(1) - (2)].member);
+ (yyval.member)->optional = 1;
+ (yyval.member)->defval = NULL;
+ }
+ break;
+
+ case 108:
+#line 769 "parse.y"
+ {
+ (yyval.member) = (yyvsp[(1) - (3)].member);
+ (yyval.member)->optional = 0;
+ (yyval.member)->defval = (yyvsp[(3) - (3)].value);
+ }
+ break;
+
+ case 109:
+#line 777 "parse.y"
+ {
+ (yyval.members) = emalloc(sizeof(*(yyval.members)));
+ ASN1_TAILQ_INIT((yyval.members));
+ ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members);
+ }
+ break;
+
+ case 110:
+#line 783 "parse.y"
+ {
+ ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members);
+ (yyval.members) = (yyvsp[(1) - (3)].members);
+ }
+ break;
+
+ case 111:
+#line 790 "parse.y"
+ {
+ (yyval.member) = emalloc(sizeof(*(yyval.member)));
+ (yyval.member)->name = (yyvsp[(1) - (4)].name);
+ (yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name));
+ output_name ((yyval.member)->gen_name);
+ (yyval.member)->val = (yyvsp[(3) - (4)].constant);
+ (yyval.member)->optional = 0;
+ (yyval.member)->ellipsis = 0;
+ (yyval.member)->type = NULL;
+ }
+ break;
+
+ case 113:
+#line 803 "parse.y"
+ { (yyval.objid) = NULL; }
+ break;
+
+ case 114:
+#line 807 "parse.y"
+ {
+ (yyval.objid) = (yyvsp[(2) - (3)].objid);
+ }
+ break;
+
+ case 115:
+#line 813 "parse.y"
+ {
+ (yyval.objid) = NULL;
+ }
+ break;
+
+ case 116:
+#line 817 "parse.y"
+ {
+ if ((yyvsp[(2) - (2)].objid)) {
+ (yyval.objid) = (yyvsp[(2) - (2)].objid);
+ add_oid_to_tail((yyvsp[(2) - (2)].objid), (yyvsp[(1) - (2)].objid));
+ } else {
+ (yyval.objid) = (yyvsp[(1) - (2)].objid);
+ }
+ }
+ break;
+
+ case 117:
+#line 828 "parse.y"
+ {
+ (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant));
+ }
+ break;
+
+ case 118:
+#line 832 "parse.y"
+ {
+ Symbol *s = addsym((yyvsp[(1) - (1)].name));
+ if(s->stype != SValue ||
+ s->value->type != objectidentifiervalue) {
+ error_message("%s is not an object identifier\n",
+ s->name);
+ exit(1);
+ }
+ (yyval.objid) = s->value->u.objectidentifiervalue;
+ }
+ break;
+
+ case 119:
+#line 843 "parse.y"
+ {
+ (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant));
+ }
+ break;
+
+ case 129:
+#line 866 "parse.y"
+ {
+ Symbol *s = addsym((yyvsp[(1) - (1)].name));
+ if(s->stype != SValue)
+ error_message ("%s is not a value\n",
+ s->name);
+ else
+ (yyval.value) = s->value;
+ }
+ break;
+
+ case 130:
+#line 877 "parse.y"
+ {
+ (yyval.value) = emalloc(sizeof(*(yyval.value)));
+ (yyval.value)->type = stringvalue;
+ (yyval.value)->u.stringvalue = (yyvsp[(1) - (1)].name);
+ }
+ break;
+
+ case 131:
+#line 885 "parse.y"
+ {
+ (yyval.value) = emalloc(sizeof(*(yyval.value)));
+ (yyval.value)->type = booleanvalue;
+ (yyval.value)->u.booleanvalue = 0;
+ }
+ break;
+
+ case 132:
+#line 891 "parse.y"
+ {
+ (yyval.value) = emalloc(sizeof(*(yyval.value)));
+ (yyval.value)->type = booleanvalue;
+ (yyval.value)->u.booleanvalue = 0;
+ }
+ break;
+
+ case 133:
+#line 899 "parse.y"
+ {
+ (yyval.value) = emalloc(sizeof(*(yyval.value)));
+ (yyval.value)->type = integervalue;
+ (yyval.value)->u.integervalue = (yyvsp[(1) - (1)].constant);
+ }
+ break;
+
+ case 135:
+#line 910 "parse.y"
+ {
+ }
+ break;
+
+ case 136:
+#line 915 "parse.y"
+ {
+ (yyval.value) = emalloc(sizeof(*(yyval.value)));
+ (yyval.value)->type = objectidentifiervalue;
+ (yyval.value)->u.objectidentifiervalue = (yyvsp[(1) - (1)].objid);
+ }
+ break;
+
+
+/* Line 1267 of yacc.c. */
+#line 2523 "parse.c"
+ default: break;
+ }
+ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+
+ *++yyvsp = yyval;
+
+
+ /* Now `shift' the result of the reduction. Determine what state
+ that goes to, based on the state we popped back to and the rule
+ number reduced by. */
+
+ yyn = yyr1[yyn];
+
+ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+ yystate = yytable[yystate];
+ else
+ yystate = yydefgoto[yyn - YYNTOKENS];
+
+ goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+ /* If not already recovering from an error, report this error. */
+ if (!yyerrstatus)
+ {
+ ++yynerrs;
+#if ! YYERROR_VERBOSE
+ yyerror (YY_("syntax error"));
+#else
+ {
+ YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+ if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+ {
+ YYSIZE_T yyalloc = 2 * yysize;
+ if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+ yyalloc = YYSTACK_ALLOC_MAXIMUM;
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+ yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+ if (yymsg)
+ yymsg_alloc = yyalloc;
+ else
+ {
+ yymsg = yymsgbuf;
+ yymsg_alloc = sizeof yymsgbuf;
+ }
+ }
+
+ if (0 < yysize && yysize <= yymsg_alloc)
+ {
+ (void) yysyntax_error (yymsg, yystate, yychar);
+ yyerror (yymsg);
+ }
+ else
+ {
+ yyerror (YY_("syntax error"));
+ if (yysize != 0)
+ goto yyexhaustedlab;
+ }
+ }
+#endif
+ }
+
+
+
+ if (yyerrstatus == 3)
+ {
+ /* If just tried and failed to reuse look-ahead token after an
+ error, discard it. */
+
+ if (yychar <= YYEOF)
+ {
+ /* Return failure if at end of input. */
+ if (yychar == YYEOF)
+ YYABORT;
+ }
+ else
+ {
+ yydestruct ("Error: discarding",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
+ }
+ }
+
+ /* Else will try to reuse look-ahead token after shifting the error
+ token. */
+ goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR. |
+`---------------------------------------------------*/
+yyerrorlab:
+
+ /* Pacify compilers like GCC when the user code never invokes
+ YYERROR and the label yyerrorlab therefore never appears in user
+ code. */
+ if (/*CONSTCOND*/ 0)
+ goto yyerrorlab;
+
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYERROR. */
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+ yystate = *yyssp;
+ goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR. |
+`-------------------------------------------------------------*/
+yyerrlab1:
+ yyerrstatus = 3; /* Each real token shifted decrements this. */
+
+ for (;;)
+ {
+ yyn = yypact[yystate];
+ if (yyn != YYPACT_NINF)
+ {
+ yyn += YYTERROR;
+ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+ {
+ yyn = yytable[yyn];
+ if (0 < yyn)
+ break;
+ }
+ }
+
+ /* Pop the current state because it cannot handle the error token. */
+ if (yyssp == yyss)
+ YYABORT;
+
+
+ yydestruct ("Error: popping",
+ yystos[yystate], yyvsp);
+ YYPOPSTACK (1);
+ yystate = *yyssp;
+ YY_STACK_PRINT (yyss, yyssp);
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ *++yyvsp = yylval;
+
+
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+ yystate = yyn;
+ goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here. |
+`-------------------------------------*/
+yyacceptlab:
+ yyresult = 0;
+ goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here. |
+`-----------------------------------*/
+yyabortlab:
+ yyresult = 1;
+ goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here. |
+`-------------------------------------------------*/
+yyexhaustedlab:
+ yyerror (YY_("memory exhausted"));
+ yyresult = 2;
+ /* Fall through. */
+#endif
+
+yyreturn:
+ if (yychar != YYEOF && yychar != YYEMPTY)
+ yydestruct ("Cleanup: discarding lookahead",
+ yytoken, &yylval);
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYABORT or YYACCEPT. */
+ YYPOPSTACK (yylen);
+ YY_STACK_PRINT (yyss, yyssp);
+ while (yyssp != yyss)
+ {
+ yydestruct ("Cleanup: popping",
+ yystos[*yyssp], yyvsp);
+ YYPOPSTACK (1);
+ }
+#ifndef yyoverflow
+ if (yyss != yyssa)
+ YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+#endif
+ /* Make sure YYID is used. */
+ return YYID (yyresult);
+}
+
+
+#line 922 "parse.y"
+
+
+void
+yyerror (const char *s)
+{
+ error_message ("%s\n", s);
+}
+
+static Type *
+new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
+{
+ Type *t;
+ if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
+ t = oldtype;
+ oldtype = oldtype->subtype; /* XXX */
+ } else
+ t = new_type (TTag);
+
+ t->tag.tagclass = tagclass;
+ t->tag.tagvalue = tagvalue;
+ t->tag.tagenv = tagenv;
+ t->subtype = oldtype;
+ return t;
+}
+
+static struct objid *
+new_objid(const char *label, int value)
+{
+ struct objid *s;
+ s = emalloc(sizeof(*s));
+ s->label = label;
+ s->value = value;
+ s->next = NULL;
+ return s;
+}
+
+static void
+add_oid_to_tail(struct objid *head, struct objid *tail)
+{
+ struct objid *o;
+ o = head;
+ while (o->next)
+ o = o->next;
+ o->next = tail;
+}
+
+static Type *
+new_type (Typetype tt)
+{
+ Type *t = ecalloc(1, sizeof(*t));
+ t->type = tt;
+ return t;
+}
+
+static struct constraint_spec *
+new_constraint_spec(enum ctype ct)
+{
+ struct constraint_spec *c = ecalloc(1, sizeof(*c));
+ c->ctype = ct;
+ return c;
+}
+
+static void fix_labels2(Type *t, const char *prefix);
+static void fix_labels1(struct memhead *members, const char *prefix)
+{
+ Member *m;
+
+ if(members == NULL)
+ return;
+ ASN1_TAILQ_FOREACH(m, members, members) {
+ asprintf(&m->label, "%s_%s", prefix, m->gen_name);
+ if (m->label == NULL)
+ errx(1, "malloc");
+ if(m->type != NULL)
+ fix_labels2(m->type, m->label);
+ }
+}
+
+static void fix_labels2(Type *t, const char *prefix)
+{
+ for(; t; t = t->subtype)
+ fix_labels1(t->members, prefix);
+}
+
+static void
+fix_labels(Symbol *s)
+{
+ char *p;
+ asprintf(&p, "choice_%s", s->gen_name);
+ if (p == NULL)
+ errx(1, "malloc");
+ fix_labels2(s->type, p);
+ free(p);
+}
+
Added: vendor-crypto/heimdal/dist/lib/asn1/parse.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/parse.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/parse.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,249 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ kw_ABSENT = 258,
+ kw_ABSTRACT_SYNTAX = 259,
+ kw_ALL = 260,
+ kw_APPLICATION = 261,
+ kw_AUTOMATIC = 262,
+ kw_BEGIN = 263,
+ kw_BIT = 264,
+ kw_BMPString = 265,
+ kw_BOOLEAN = 266,
+ kw_BY = 267,
+ kw_CHARACTER = 268,
+ kw_CHOICE = 269,
+ kw_CLASS = 270,
+ kw_COMPONENT = 271,
+ kw_COMPONENTS = 272,
+ kw_CONSTRAINED = 273,
+ kw_CONTAINING = 274,
+ kw_DEFAULT = 275,
+ kw_DEFINITIONS = 276,
+ kw_EMBEDDED = 277,
+ kw_ENCODED = 278,
+ kw_END = 279,
+ kw_ENUMERATED = 280,
+ kw_EXCEPT = 281,
+ kw_EXPLICIT = 282,
+ kw_EXPORTS = 283,
+ kw_EXTENSIBILITY = 284,
+ kw_EXTERNAL = 285,
+ kw_FALSE = 286,
+ kw_FROM = 287,
+ kw_GeneralString = 288,
+ kw_GeneralizedTime = 289,
+ kw_GraphicString = 290,
+ kw_IA5String = 291,
+ kw_IDENTIFIER = 292,
+ kw_IMPLICIT = 293,
+ kw_IMPLIED = 294,
+ kw_IMPORTS = 295,
+ kw_INCLUDES = 296,
+ kw_INSTANCE = 297,
+ kw_INTEGER = 298,
+ kw_INTERSECTION = 299,
+ kw_ISO646String = 300,
+ kw_MAX = 301,
+ kw_MIN = 302,
+ kw_MINUS_INFINITY = 303,
+ kw_NULL = 304,
+ kw_NumericString = 305,
+ kw_OBJECT = 306,
+ kw_OCTET = 307,
+ kw_OF = 308,
+ kw_OPTIONAL = 309,
+ kw_ObjectDescriptor = 310,
+ kw_PATTERN = 311,
+ kw_PDV = 312,
+ kw_PLUS_INFINITY = 313,
+ kw_PRESENT = 314,
+ kw_PRIVATE = 315,
+ kw_PrintableString = 316,
+ kw_REAL = 317,
+ kw_RELATIVE_OID = 318,
+ kw_SEQUENCE = 319,
+ kw_SET = 320,
+ kw_SIZE = 321,
+ kw_STRING = 322,
+ kw_SYNTAX = 323,
+ kw_T61String = 324,
+ kw_TAGS = 325,
+ kw_TRUE = 326,
+ kw_TYPE_IDENTIFIER = 327,
+ kw_TeletexString = 328,
+ kw_UNION = 329,
+ kw_UNIQUE = 330,
+ kw_UNIVERSAL = 331,
+ kw_UTCTime = 332,
+ kw_UTF8String = 333,
+ kw_UniversalString = 334,
+ kw_VideotexString = 335,
+ kw_VisibleString = 336,
+ kw_WITH = 337,
+ RANGE = 338,
+ EEQUAL = 339,
+ ELLIPSIS = 340,
+ IDENTIFIER = 341,
+ referencename = 342,
+ STRING = 343,
+ NUMBER = 344
+ };
+#endif
+/* Tokens. */
+#define kw_ABSENT 258
+#define kw_ABSTRACT_SYNTAX 259
+#define kw_ALL 260
+#define kw_APPLICATION 261
+#define kw_AUTOMATIC 262
+#define kw_BEGIN 263
+#define kw_BIT 264
+#define kw_BMPString 265
+#define kw_BOOLEAN 266
+#define kw_BY 267
+#define kw_CHARACTER 268
+#define kw_CHOICE 269
+#define kw_CLASS 270
+#define kw_COMPONENT 271
+#define kw_COMPONENTS 272
+#define kw_CONSTRAINED 273
+#define kw_CONTAINING 274
+#define kw_DEFAULT 275
+#define kw_DEFINITIONS 276
+#define kw_EMBEDDED 277
+#define kw_ENCODED 278
+#define kw_END 279
+#define kw_ENUMERATED 280
+#define kw_EXCEPT 281
+#define kw_EXPLICIT 282
+#define kw_EXPORTS 283
+#define kw_EXTENSIBILITY 284
+#define kw_EXTERNAL 285
+#define kw_FALSE 286
+#define kw_FROM 287
+#define kw_GeneralString 288
+#define kw_GeneralizedTime 289
+#define kw_GraphicString 290
+#define kw_IA5String 291
+#define kw_IDENTIFIER 292
+#define kw_IMPLICIT 293
+#define kw_IMPLIED 294
+#define kw_IMPORTS 295
+#define kw_INCLUDES 296
+#define kw_INSTANCE 297
+#define kw_INTEGER 298
+#define kw_INTERSECTION 299
+#define kw_ISO646String 300
+#define kw_MAX 301
+#define kw_MIN 302
+#define kw_MINUS_INFINITY 303
+#define kw_NULL 304
+#define kw_NumericString 305
+#define kw_OBJECT 306
+#define kw_OCTET 307
+#define kw_OF 308
+#define kw_OPTIONAL 309
+#define kw_ObjectDescriptor 310
+#define kw_PATTERN 311
+#define kw_PDV 312
+#define kw_PLUS_INFINITY 313
+#define kw_PRESENT 314
+#define kw_PRIVATE 315
+#define kw_PrintableString 316
+#define kw_REAL 317
+#define kw_RELATIVE_OID 318
+#define kw_SEQUENCE 319
+#define kw_SET 320
+#define kw_SIZE 321
+#define kw_STRING 322
+#define kw_SYNTAX 323
+#define kw_T61String 324
+#define kw_TAGS 325
+#define kw_TRUE 326
+#define kw_TYPE_IDENTIFIER 327
+#define kw_TeletexString 328
+#define kw_UNION 329
+#define kw_UNIQUE 330
+#define kw_UNIVERSAL 331
+#define kw_UTCTime 332
+#define kw_UTF8String 333
+#define kw_UniversalString 334
+#define kw_VideotexString 335
+#define kw_VisibleString 336
+#define kw_WITH 337
+#define RANGE 338
+#define EEQUAL 339
+#define ELLIPSIS 340
+#define IDENTIFIER 341
+#define referencename 342
+#define STRING 343
+#define NUMBER 344
+
+
+
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 65 "parse.y"
+{
+ int constant;
+ struct value *value;
+ struct range *range;
+ char *name;
+ Type *type;
+ Member *member;
+ struct objid *objid;
+ char *defval;
+ struct string_list *sl;
+ struct tagtype tag;
+ struct memhead *members;
+ struct constraint_spec *constraint_spec;
+}
+/* Line 1529 of yacc.c. */
+#line 242 "parse.h"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+extern YYSTYPE yylval;
+
Added: vendor-crypto/heimdal/dist/lib/asn1/parse.y
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/parse.y (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/parse.y 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1015 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: parse.y,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+%{
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "symbol.h"
+#include "lex.h"
+#include "gen_locl.h"
+#include "der.h"
+
+RCSID("$Id: parse.y,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static Type *new_type (Typetype t);
+static struct constraint_spec *new_constraint_spec(enum ctype);
+static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
+void yyerror (const char *);
+static struct objid *new_objid(const char *label, int value);
+static void add_oid_to_tail(struct objid *, struct objid *);
+static void fix_labels(Symbol *s);
+
+struct string_list {
+ char *string;
+ struct string_list *next;
+};
+
+%}
+
+%union {
+ int constant;
+ struct value *value;
+ struct range *range;
+ char *name;
+ Type *type;
+ Member *member;
+ struct objid *objid;
+ char *defval;
+ struct string_list *sl;
+ struct tagtype tag;
+ struct memhead *members;
+ struct constraint_spec *constraint_spec;
+}
+
+%token kw_ABSENT
+%token kw_ABSTRACT_SYNTAX
+%token kw_ALL
+%token kw_APPLICATION
+%token kw_AUTOMATIC
+%token kw_BEGIN
+%token kw_BIT
+%token kw_BMPString
+%token kw_BOOLEAN
+%token kw_BY
+%token kw_CHARACTER
+%token kw_CHOICE
+%token kw_CLASS
+%token kw_COMPONENT
+%token kw_COMPONENTS
+%token kw_CONSTRAINED
+%token kw_CONTAINING
+%token kw_DEFAULT
+%token kw_DEFINITIONS
+%token kw_EMBEDDED
+%token kw_ENCODED
+%token kw_END
+%token kw_ENUMERATED
+%token kw_EXCEPT
+%token kw_EXPLICIT
+%token kw_EXPORTS
+%token kw_EXTENSIBILITY
+%token kw_EXTERNAL
+%token kw_FALSE
+%token kw_FROM
+%token kw_GeneralString
+%token kw_GeneralizedTime
+%token kw_GraphicString
+%token kw_IA5String
+%token kw_IDENTIFIER
+%token kw_IMPLICIT
+%token kw_IMPLIED
+%token kw_IMPORTS
+%token kw_INCLUDES
+%token kw_INSTANCE
+%token kw_INTEGER
+%token kw_INTERSECTION
+%token kw_ISO646String
+%token kw_MAX
+%token kw_MIN
+%token kw_MINUS_INFINITY
+%token kw_NULL
+%token kw_NumericString
+%token kw_OBJECT
+%token kw_OCTET
+%token kw_OF
+%token kw_OPTIONAL
+%token kw_ObjectDescriptor
+%token kw_PATTERN
+%token kw_PDV
+%token kw_PLUS_INFINITY
+%token kw_PRESENT
+%token kw_PRIVATE
+%token kw_PrintableString
+%token kw_REAL
+%token kw_RELATIVE_OID
+%token kw_SEQUENCE
+%token kw_SET
+%token kw_SIZE
+%token kw_STRING
+%token kw_SYNTAX
+%token kw_T61String
+%token kw_TAGS
+%token kw_TRUE
+%token kw_TYPE_IDENTIFIER
+%token kw_TeletexString
+%token kw_UNION
+%token kw_UNIQUE
+%token kw_UNIVERSAL
+%token kw_UTCTime
+%token kw_UTF8String
+%token kw_UniversalString
+%token kw_VideotexString
+%token kw_VisibleString
+%token kw_WITH
+
+%token RANGE
+%token EEQUAL
+%token ELLIPSIS
+
+%token <name> IDENTIFIER referencename
+%token <name> STRING
+
+%token <constant> NUMBER
+%type <constant> SignedNumber
+%type <constant> Class tagenv
+
+%type <value> Value
+%type <value> BuiltinValue
+%type <value> IntegerValue
+%type <value> BooleanValue
+%type <value> ObjectIdentifierValue
+%type <value> CharacterStringValue
+%type <value> NullValue
+%type <value> DefinedValue
+%type <value> ReferencedValue
+%type <value> Valuereference
+
+%type <type> Type
+%type <type> BuiltinType
+%type <type> BitStringType
+%type <type> BooleanType
+%type <type> ChoiceType
+%type <type> ConstrainedType
+%type <type> EnumeratedType
+%type <type> IntegerType
+%type <type> NullType
+%type <type> OctetStringType
+%type <type> SequenceType
+%type <type> SequenceOfType
+%type <type> SetType
+%type <type> SetOfType
+%type <type> TaggedType
+%type <type> ReferencedType
+%type <type> DefinedType
+%type <type> UsefulType
+%type <type> ObjectIdentifierType
+%type <type> CharacterStringType
+%type <type> RestrictedCharactedStringType
+
+%type <tag> Tag
+
+%type <member> ComponentType
+%type <member> NamedBit
+%type <member> NamedNumber
+%type <member> NamedType
+%type <members> ComponentTypeList
+%type <members> Enumerations
+%type <members> NamedBitList
+%type <members> NamedNumberList
+
+%type <objid> objid objid_list objid_element objid_opt
+%type <range> range size
+
+%type <sl> referencenames
+
+%type <constraint_spec> Constraint
+%type <constraint_spec> ConstraintSpec
+%type <constraint_spec> GeneralConstraint
+%type <constraint_spec> ContentsConstraint
+%type <constraint_spec> UserDefinedConstraint
+
+
+
+%start ModuleDefinition
+
+%%
+
+ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault
+ EEQUAL kw_BEGIN ModuleBody kw_END
+ {
+ checkundefined();
+ }
+ ;
+
+TagDefault : kw_EXPLICIT kw_TAGS
+ | kw_IMPLICIT kw_TAGS
+ { error_message("implicit tagging is not supported"); }
+ | kw_AUTOMATIC kw_TAGS
+ { error_message("automatic tagging is not supported"); }
+ | /* empty */
+ ;
+
+ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
+ { error_message("no extensibility options supported"); }
+ | /* empty */
+ ;
+
+ModuleBody : /* Exports */ Imports AssignmentList
+ | /* empty */
+ ;
+
+Imports : kw_IMPORTS SymbolsImported ';'
+ | /* empty */
+ ;
+
+SymbolsImported : SymbolsFromModuleList
+ | /* empty */
+ ;
+
+SymbolsFromModuleList: SymbolsFromModule
+ | SymbolsFromModuleList SymbolsFromModule
+ ;
+
+SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
+ {
+ struct string_list *sl;
+ for(sl = $1; sl != NULL; sl = sl->next) {
+ Symbol *s = addsym(sl->string);
+ s->stype = Stype;
+ }
+ add_import($3);
+ }
+ ;
+
+AssignmentList : Assignment
+ | Assignment AssignmentList
+ ;
+
+Assignment : TypeAssignment
+ | ValueAssignment
+ ;
+
+referencenames : IDENTIFIER ',' referencenames
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->string = $1;
+ $$->next = $3;
+ }
+ | IDENTIFIER
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->string = $1;
+ $$->next = NULL;
+ }
+ ;
+
+TypeAssignment : IDENTIFIER EEQUAL Type
+ {
+ Symbol *s = addsym ($1);
+ s->stype = Stype;
+ s->type = $3;
+ fix_labels(s);
+ generate_type (s);
+ }
+ ;
+
+Type : BuiltinType
+ | ReferencedType
+ | ConstrainedType
+ ;
+
+BuiltinType : BitStringType
+ | BooleanType
+ | CharacterStringType
+ | ChoiceType
+ | EnumeratedType
+ | IntegerType
+ | NullType
+ | ObjectIdentifierType
+ | OctetStringType
+ | SequenceType
+ | SequenceOfType
+ | SetType
+ | SetOfType
+ | TaggedType
+ ;
+
+BooleanType : kw_BOOLEAN
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_Boolean,
+ TE_EXPLICIT, new_type(TBoolean));
+ }
+ ;
+
+range : '(' Value RANGE Value ')'
+ {
+ if($2->type != integervalue)
+ error_message("Non-integer used in first part of range");
+ if($2->type != integervalue)
+ error_message("Non-integer in second part of range");
+ $$ = ecalloc(1, sizeof(*$$));
+ $$->min = $2->u.integervalue;
+ $$->max = $4->u.integervalue;
+ }
+ | '(' Value RANGE kw_MAX ')'
+ {
+ if($2->type != integervalue)
+ error_message("Non-integer in first part of range");
+ $$ = ecalloc(1, sizeof(*$$));
+ $$->min = $2->u.integervalue;
+ $$->max = $2->u.integervalue - 1;
+ }
+ | '(' kw_MIN RANGE Value ')'
+ {
+ if($4->type != integervalue)
+ error_message("Non-integer in second part of range");
+ $$ = ecalloc(1, sizeof(*$$));
+ $$->min = $4->u.integervalue + 2;
+ $$->max = $4->u.integervalue;
+ }
+ | '(' Value ')'
+ {
+ if($2->type != integervalue)
+ error_message("Non-integer used in limit");
+ $$ = ecalloc(1, sizeof(*$$));
+ $$->min = $2->u.integervalue;
+ $$->max = $2->u.integervalue;
+ }
+ ;
+
+
+IntegerType : kw_INTEGER
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_Integer,
+ TE_EXPLICIT, new_type(TInteger));
+ }
+ | kw_INTEGER range
+ {
+ $$ = new_type(TInteger);
+ $$->range = $2;
+ $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
+ }
+ | kw_INTEGER '{' NamedNumberList '}'
+ {
+ $$ = new_type(TInteger);
+ $$->members = $3;
+ $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
+ }
+ ;
+
+NamedNumberList : NamedNumber
+ {
+ $$ = emalloc(sizeof(*$$));
+ ASN1_TAILQ_INIT($$);
+ ASN1_TAILQ_INSERT_HEAD($$, $1, members);
+ }
+ | NamedNumberList ',' NamedNumber
+ {
+ ASN1_TAILQ_INSERT_TAIL($1, $3, members);
+ $$ = $1;
+ }
+ | NamedNumberList ',' ELLIPSIS
+ { $$ = $1; } /* XXX used for Enumerations */
+ ;
+
+NamedNumber : IDENTIFIER '(' SignedNumber ')'
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->name = $1;
+ $$->gen_name = estrdup($1);
+ output_name ($$->gen_name);
+ $$->val = $3;
+ $$->optional = 0;
+ $$->ellipsis = 0;
+ $$->type = NULL;
+ }
+ ;
+
+EnumeratedType : kw_ENUMERATED '{' Enumerations '}'
+ {
+ $$ = new_type(TInteger);
+ $$->members = $3;
+ $$ = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, $$);
+ }
+ ;
+
+Enumerations : NamedNumberList /* XXX */
+ ;
+
+BitStringType : kw_BIT kw_STRING
+ {
+ $$ = new_type(TBitString);
+ $$->members = emalloc(sizeof(*$$->members));
+ ASN1_TAILQ_INIT($$->members);
+ $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
+ }
+ | kw_BIT kw_STRING '{' NamedBitList '}'
+ {
+ $$ = new_type(TBitString);
+ $$->members = $4;
+ $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
+ }
+ ;
+
+ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_OID,
+ TE_EXPLICIT, new_type(TOID));
+ }
+ ;
+OctetStringType : kw_OCTET kw_STRING size
+ {
+ Type *t = new_type(TOctetString);
+ t->range = $3;
+ $$ = new_tag(ASN1_C_UNIV, UT_OctetString,
+ TE_EXPLICIT, t);
+ }
+ ;
+
+NullType : kw_NULL
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_Null,
+ TE_EXPLICIT, new_type(TNull));
+ }
+ ;
+
+size :
+ { $$ = NULL; }
+ | kw_SIZE range
+ { $$ = $2; }
+ ;
+
+
+SequenceType : kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}'
+ {
+ $$ = new_type(TSequence);
+ $$->members = $3;
+ $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
+ }
+ | kw_SEQUENCE '{' '}'
+ {
+ $$ = new_type(TSequence);
+ $$->members = NULL;
+ $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
+ }
+ ;
+
+SequenceOfType : kw_SEQUENCE size kw_OF Type
+ {
+ $$ = new_type(TSequenceOf);
+ $$->range = $2;
+ $$->subtype = $4;
+ $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
+ }
+ ;
+
+SetType : kw_SET '{' /* ComponentTypeLists */ ComponentTypeList '}'
+ {
+ $$ = new_type(TSet);
+ $$->members = $3;
+ $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
+ }
+ | kw_SET '{' '}'
+ {
+ $$ = new_type(TSet);
+ $$->members = NULL;
+ $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
+ }
+ ;
+
+SetOfType : kw_SET kw_OF Type
+ {
+ $$ = new_type(TSetOf);
+ $$->subtype = $3;
+ $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
+ }
+ ;
+
+ChoiceType : kw_CHOICE '{' /* AlternativeTypeLists */ ComponentTypeList '}'
+ {
+ $$ = new_type(TChoice);
+ $$->members = $3;
+ }
+ ;
+
+ReferencedType : DefinedType
+ | UsefulType
+ ;
+
+DefinedType : IDENTIFIER
+ {
+ Symbol *s = addsym($1);
+ $$ = new_type(TType);
+ if(s->stype != Stype && s->stype != SUndefined)
+ error_message ("%s is not a type\n", $1);
+ else
+ $$->symbol = s;
+ }
+ ;
+
+UsefulType : kw_GeneralizedTime
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
+ TE_EXPLICIT, new_type(TGeneralizedTime));
+ }
+ | kw_UTCTime
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_UTCTime,
+ TE_EXPLICIT, new_type(TUTCTime));
+ }
+ ;
+
+ConstrainedType : Type Constraint
+ {
+ /* if (Constraint.type == contentConstrant) {
+ assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
+ if (Constraint.u.constraint.type) {
+ assert((Constraint.u.constraint.type.length % 8) == 0);
+ }
+ }
+ if (Constraint.u.constraint.encoding) {
+ type == der-oid|ber-oid
+ }
+ */
+ }
+ ;
+
+
+Constraint : '(' ConstraintSpec ')'
+ {
+ $$ = $2;
+ }
+ ;
+
+ConstraintSpec : GeneralConstraint
+ ;
+
+GeneralConstraint: ContentsConstraint
+ | UserDefinedConstraint
+ ;
+
+ContentsConstraint: kw_CONTAINING Type
+ {
+ $$ = new_constraint_spec(CT_CONTENTS);
+ $$->u.content.type = $2;
+ $$->u.content.encoding = NULL;
+ }
+ | kw_ENCODED kw_BY Value
+ {
+ if ($3->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ $$ = new_constraint_spec(CT_CONTENTS);
+ $$->u.content.type = NULL;
+ $$->u.content.encoding = $3;
+ }
+ | kw_CONTAINING Type kw_ENCODED kw_BY Value
+ {
+ if ($5->type != objectidentifiervalue)
+ error_message("Non-OID used in ENCODED BY constraint");
+ $$ = new_constraint_spec(CT_CONTENTS);
+ $$->u.content.type = $2;
+ $$->u.content.encoding = $5;
+ }
+ ;
+
+UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}'
+ {
+ $$ = new_constraint_spec(CT_USER);
+ }
+ ;
+
+TaggedType : Tag tagenv Type
+ {
+ $$ = new_type(TTag);
+ $$->tag = $1;
+ $$->tag.tagenv = $2;
+ if($3->type == TTag && $2 == TE_IMPLICIT) {
+ $$->subtype = $3->subtype;
+ free($3);
+ } else
+ $$->subtype = $3;
+ }
+ ;
+
+Tag : '[' Class NUMBER ']'
+ {
+ $$.tagclass = $2;
+ $$.tagvalue = $3;
+ $$.tagenv = TE_EXPLICIT;
+ }
+ ;
+
+Class : /* */
+ {
+ $$ = ASN1_C_CONTEXT;
+ }
+ | kw_UNIVERSAL
+ {
+ $$ = ASN1_C_UNIV;
+ }
+ | kw_APPLICATION
+ {
+ $$ = ASN1_C_APPL;
+ }
+ | kw_PRIVATE
+ {
+ $$ = ASN1_C_PRIVATE;
+ }
+ ;
+
+tagenv : /* */
+ {
+ $$ = TE_EXPLICIT;
+ }
+ | kw_EXPLICIT
+ {
+ $$ = TE_EXPLICIT;
+ }
+ | kw_IMPLICIT
+ {
+ $$ = TE_IMPLICIT;
+ }
+ ;
+
+
+ValueAssignment : IDENTIFIER Type EEQUAL Value
+ {
+ Symbol *s;
+ s = addsym ($1);
+
+ s->stype = SValue;
+ s->value = $4;
+ generate_constant (s);
+ }
+ ;
+
+CharacterStringType: RestrictedCharactedStringType
+ ;
+
+RestrictedCharactedStringType: kw_GeneralString
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_GeneralString,
+ TE_EXPLICIT, new_type(TGeneralString));
+ }
+ | kw_UTF8String
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_UTF8String,
+ TE_EXPLICIT, new_type(TUTF8String));
+ }
+ | kw_PrintableString
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_PrintableString,
+ TE_EXPLICIT, new_type(TPrintableString));
+ }
+ | kw_VisibleString
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_VisibleString,
+ TE_EXPLICIT, new_type(TVisibleString));
+ }
+ | kw_IA5String
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_IA5String,
+ TE_EXPLICIT, new_type(TIA5String));
+ }
+ | kw_BMPString
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_BMPString,
+ TE_EXPLICIT, new_type(TBMPString));
+ }
+ | kw_UniversalString
+ {
+ $$ = new_tag(ASN1_C_UNIV, UT_UniversalString,
+ TE_EXPLICIT, new_type(TUniversalString));
+ }
+
+ ;
+
+ComponentTypeList: ComponentType
+ {
+ $$ = emalloc(sizeof(*$$));
+ ASN1_TAILQ_INIT($$);
+ ASN1_TAILQ_INSERT_HEAD($$, $1, members);
+ }
+ | ComponentTypeList ',' ComponentType
+ {
+ ASN1_TAILQ_INSERT_TAIL($1, $3, members);
+ $$ = $1;
+ }
+ | ComponentTypeList ',' ELLIPSIS
+ {
+ struct member *m = ecalloc(1, sizeof(*m));
+ m->name = estrdup("...");
+ m->gen_name = estrdup("asn1_ellipsis");
+ m->ellipsis = 1;
+ ASN1_TAILQ_INSERT_TAIL($1, m, members);
+ $$ = $1;
+ }
+ ;
+
+NamedType : IDENTIFIER Type
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->name = $1;
+ $$->gen_name = estrdup($1);
+ output_name ($$->gen_name);
+ $$->type = $2;
+ $$->ellipsis = 0;
+ }
+ ;
+
+ComponentType : NamedType
+ {
+ $$ = $1;
+ $$->optional = 0;
+ $$->defval = NULL;
+ }
+ | NamedType kw_OPTIONAL
+ {
+ $$ = $1;
+ $$->optional = 1;
+ $$->defval = NULL;
+ }
+ | NamedType kw_DEFAULT Value
+ {
+ $$ = $1;
+ $$->optional = 0;
+ $$->defval = $3;
+ }
+ ;
+
+NamedBitList : NamedBit
+ {
+ $$ = emalloc(sizeof(*$$));
+ ASN1_TAILQ_INIT($$);
+ ASN1_TAILQ_INSERT_HEAD($$, $1, members);
+ }
+ | NamedBitList ',' NamedBit
+ {
+ ASN1_TAILQ_INSERT_TAIL($1, $3, members);
+ $$ = $1;
+ }
+ ;
+
+NamedBit : IDENTIFIER '(' NUMBER ')'
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->name = $1;
+ $$->gen_name = estrdup($1);
+ output_name ($$->gen_name);
+ $$->val = $3;
+ $$->optional = 0;
+ $$->ellipsis = 0;
+ $$->type = NULL;
+ }
+ ;
+
+objid_opt : objid
+ | /* empty */ { $$ = NULL; }
+ ;
+
+objid : '{' objid_list '}'
+ {
+ $$ = $2;
+ }
+ ;
+
+objid_list : /* empty */
+ {
+ $$ = NULL;
+ }
+ | objid_element objid_list
+ {
+ if ($2) {
+ $$ = $2;
+ add_oid_to_tail($2, $1);
+ } else {
+ $$ = $1;
+ }
+ }
+ ;
+
+objid_element : IDENTIFIER '(' NUMBER ')'
+ {
+ $$ = new_objid($1, $3);
+ }
+ | IDENTIFIER
+ {
+ Symbol *s = addsym($1);
+ if(s->stype != SValue ||
+ s->value->type != objectidentifiervalue) {
+ error_message("%s is not an object identifier\n",
+ s->name);
+ exit(1);
+ }
+ $$ = s->value->u.objectidentifiervalue;
+ }
+ | NUMBER
+ {
+ $$ = new_objid(NULL, $1);
+ }
+ ;
+
+Value : BuiltinValue
+ | ReferencedValue
+ ;
+
+BuiltinValue : BooleanValue
+ | CharacterStringValue
+ | IntegerValue
+ | ObjectIdentifierValue
+ | NullValue
+ ;
+
+ReferencedValue : DefinedValue
+ ;
+
+DefinedValue : Valuereference
+ ;
+
+Valuereference : IDENTIFIER
+ {
+ Symbol *s = addsym($1);
+ if(s->stype != SValue)
+ error_message ("%s is not a value\n",
+ s->name);
+ else
+ $$ = s->value;
+ }
+ ;
+
+CharacterStringValue: STRING
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->type = stringvalue;
+ $$->u.stringvalue = $1;
+ }
+ ;
+
+BooleanValue : kw_TRUE
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->type = booleanvalue;
+ $$->u.booleanvalue = 0;
+ }
+ | kw_FALSE
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->type = booleanvalue;
+ $$->u.booleanvalue = 0;
+ }
+ ;
+
+IntegerValue : SignedNumber
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->type = integervalue;
+ $$->u.integervalue = $1;
+ }
+ ;
+
+SignedNumber : NUMBER
+ ;
+
+NullValue : kw_NULL
+ {
+ }
+ ;
+
+ObjectIdentifierValue: objid
+ {
+ $$ = emalloc(sizeof(*$$));
+ $$->type = objectidentifiervalue;
+ $$->u.objectidentifiervalue = $1;
+ }
+ ;
+
+%%
+
+void
+yyerror (const char *s)
+{
+ error_message ("%s\n", s);
+}
+
+static Type *
+new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
+{
+ Type *t;
+ if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
+ t = oldtype;
+ oldtype = oldtype->subtype; /* XXX */
+ } else
+ t = new_type (TTag);
+
+ t->tag.tagclass = tagclass;
+ t->tag.tagvalue = tagvalue;
+ t->tag.tagenv = tagenv;
+ t->subtype = oldtype;
+ return t;
+}
+
+static struct objid *
+new_objid(const char *label, int value)
+{
+ struct objid *s;
+ s = emalloc(sizeof(*s));
+ s->label = label;
+ s->value = value;
+ s->next = NULL;
+ return s;
+}
+
+static void
+add_oid_to_tail(struct objid *head, struct objid *tail)
+{
+ struct objid *o;
+ o = head;
+ while (o->next)
+ o = o->next;
+ o->next = tail;
+}
+
+static Type *
+new_type (Typetype tt)
+{
+ Type *t = ecalloc(1, sizeof(*t));
+ t->type = tt;
+ return t;
+}
+
+static struct constraint_spec *
+new_constraint_spec(enum ctype ct)
+{
+ struct constraint_spec *c = ecalloc(1, sizeof(*c));
+ c->ctype = ct;
+ return c;
+}
+
+static void fix_labels2(Type *t, const char *prefix);
+static void fix_labels1(struct memhead *members, const char *prefix)
+{
+ Member *m;
+
+ if(members == NULL)
+ return;
+ ASN1_TAILQ_FOREACH(m, members, members) {
+ asprintf(&m->label, "%s_%s", prefix, m->gen_name);
+ if (m->label == NULL)
+ errx(1, "malloc");
+ if(m->type != NULL)
+ fix_labels2(m->type, m->label);
+ }
+}
+
+static void fix_labels2(Type *t, const char *prefix)
+{
+ for(; t; t = t->subtype)
+ fix_labels1(t->members, prefix);
+}
+
+static void
+fix_labels(Symbol *s)
+{
+ char *p;
+ asprintf(&p, "choice_%s", s->gen_name);
+ if (p == NULL)
+ errx(1, "malloc");
+ fix_labels2(s->type, p);
+ free(p);
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/pkcs12.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/pkcs12.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/pkcs12.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+-- $Id: pkcs12.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ --
+
+PKCS12 DEFINITIONS ::=
+
+BEGIN
+
+IMPORTS ContentInfo FROM cms
+ DigestInfo FROM rfc2459
+ heim_any, heim_any_set FROM heim;
+
+-- The PFX PDU
+
+id-pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+ rsadsi(113549) pkcs(1) pkcs-12(12) }
+
+id-pkcs-12PbeIds OBJECT IDENTIFIER ::= { id-pkcs-12 1}
+id-pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 1}
+id-pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 2}
+id-pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 3}
+id-pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 4}
+id-pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 5}
+id-pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 6}
+
+id-pkcs12-bagtypes OBJECT IDENTIFIER ::= { id-pkcs-12 10 1}
+
+id-pkcs12-keyBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 1 }
+id-pkcs12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 2 }
+id-pkcs12-certBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 3 }
+id-pkcs12-crlBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 4 }
+id-pkcs12-secretBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 5 }
+id-pkcs12-safeContentsBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 6 }
+
+
+PKCS12-MacData ::= SEQUENCE {
+ mac DigestInfo,
+ macSalt OCTET STRING,
+ iterations INTEGER OPTIONAL
+}
+
+PKCS12-PFX ::= SEQUENCE {
+ version INTEGER,
+ authSafe ContentInfo,
+ macData PKCS12-MacData OPTIONAL
+}
+
+PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
+ -- Data if unencrypted
+ -- EncryptedData if password-encrypted
+ -- EnvelopedData if public key-encrypted
+
+PKCS12-Attribute ::= SEQUENCE {
+ attrId OBJECT IDENTIFIER,
+ attrValues -- SET OF -- heim_any_set
+}
+
+PKCS12-Attributes ::= SET OF PKCS12-Attribute
+
+PKCS12-SafeBag ::= SEQUENCE {
+ bagId OBJECT IDENTIFIER,
+ bagValue [0] heim_any,
+ bagAttributes PKCS12-Attributes OPTIONAL
+}
+
+PKCS12-SafeContents ::= SEQUENCE OF PKCS12-SafeBag
+
+PKCS12-CertBag ::= SEQUENCE {
+ certType OBJECT IDENTIFIER,
+ certValue [0] heim_any
+}
+
+PKCS12-PBEParams ::= SEQUENCE {
+ salt OCTET STRING,
+ iterations INTEGER (0..4294967295) OPTIONAL
+}
+
+PKCS12-OctetString ::= OCTET STRING
+
+-- KeyBag ::= PrivateKeyInfo
+-- PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/pkcs8.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/pkcs8.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/pkcs8.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,30 @@
+-- $Id: pkcs8.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ --
+
+PKCS8 DEFINITIONS ::=
+
+BEGIN
+
+IMPORTS Attribute, AlgorithmIdentifier FROM rfc2459
+ heim_any, heim_any_set FROM heim;
+
+PKCS8PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+
+PKCS8PrivateKey ::= OCTET STRING
+
+PKCS8Attributes ::= SET OF Attribute
+
+PKCS8PrivateKeyInfo ::= SEQUENCE {
+ version INTEGER,
+ privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier,
+ privateKey PKCS8PrivateKey,
+ attributes [0] IMPLICIT SET OF Attribute OPTIONAL
+}
+
+PKCS8EncryptedData ::= OCTET STRING
+
+PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE {
+ encryptionAlgorithm AlgorithmIdentifier,
+ encryptedData PKCS8EncryptedData
+}
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/pkcs9.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/pkcs9.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/pkcs9.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+-- $Id: pkcs9.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ --
+
+PKCS9 DEFINITIONS ::=
+
+BEGIN
+
+-- The PFX PDU
+
+id-pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+ rsadsi(113549) pkcs(1) pkcs-9(9) }
+
+id-pkcs9-emailAddress OBJECT IDENTIFIER ::= {id-pkcs-9 1 }
+id-pkcs9-contentType OBJECT IDENTIFIER ::= {id-pkcs-9 3 }
+id-pkcs9-messageDigest OBJECT IDENTIFIER ::= {id-pkcs-9 4 }
+id-pkcs9-signingTime OBJECT IDENTIFIER ::= {id-pkcs-9 5 }
+id-pkcs9-countersignature OBJECT IDENTIFIER ::= {id-pkcs-9 6 }
+
+id-pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {id-pkcs-9 20}
+id-pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {id-pkcs-9 21}
+id-pkcs-9-at-certTypes OBJECT IDENTIFIER ::= {id-pkcs-9 22}
+id-pkcs-9-at-certTypes-x509 OBJECT IDENTIFIER ::= {id-pkcs-9-at-certTypes 1}
+
+PKCS9-BMPString ::= BMPString
+
+PKCS9-friendlyName ::= SET OF PKCS9-BMPString
+
+END
+
Added: vendor-crypto/heimdal/dist/lib/asn1/pkinit.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/pkinit.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/pkinit.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,182 @@
+-- $Id: pkinit.asn1,v 1.1.1.2 2012-07-21 15:09:08 laffer1 Exp $ --
+
+PKINIT DEFINITIONS ::= BEGIN
+
+IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5
+ IssuerAndSerialNumber, ContentInfo FROM cms
+ SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459
+ heim_any FROM heim;
+
+id-pkinit OBJECT IDENTIFIER ::=
+ { iso (1) org (3) dod (6) internet (1) security (5)
+ kerberosv5 (2) pkinit (3) }
+
+id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 }
+id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 }
+id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 }
+id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 }
+id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 }
+
+id-pkinit-san OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+ x509-sanan(2) }
+
+id-pkinit-ms-eku OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) private(4)
+ enterprise(1) microsoft(311) 20 2 2 }
+
+id-pkinit-ms-san OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) private(4)
+ enterprise(1) microsoft(311) 20 2 3 }
+
+MS-UPN-SAN ::= UTF8String
+
+pa-pk-as-req INTEGER ::= 16
+pa-pk-as-rep INTEGER ::= 17
+
+td-trusted-certifiers INTEGER ::= 104
+td-invalid-certificates INTEGER ::= 105
+td-dh-parameters INTEGER ::= 109
+
+DHNonce ::= OCTET STRING
+
+KDFAlgorithmId ::= SEQUENCE {
+ kdf-id [0] OBJECT IDENTIFIER,
+ ...
+}
+
+TrustedCA ::= SEQUENCE {
+ caName [0] IMPLICIT OCTET STRING,
+ certificateSerialNumber [1] INTEGER OPTIONAL,
+ subjectKeyIdentifier [2] OCTET STRING OPTIONAL,
+ ...
+}
+
+ExternalPrincipalIdentifier ::= SEQUENCE {
+ subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
+ issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
+ subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL,
+ ...
+}
+
+ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier
+
+PA-PK-AS-REQ ::= SEQUENCE {
+ signedAuthPack [0] IMPLICIT OCTET STRING,
+ trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL,
+ kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL,
+ ...
+}
+
+PKAuthenticator ::= SEQUENCE {
+ cusec [0] INTEGER -- (0..999999) --,
+ ctime [1] KerberosTime,
+ nonce [2] INTEGER (0..4294967295),
+ paChecksum [3] OCTET STRING OPTIONAL,
+ ...
+}
+
+AuthPack ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+ supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
+ clientDHNonce [3] DHNonce OPTIONAL,
+ ...,
+ supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
+ ...
+}
+
+TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers
+TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers
+
+KRB5PrincipalName ::= SEQUENCE {
+ realm [0] Realm,
+ principalName [1] PrincipalName
+}
+
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
+
+DHRepInfo ::= SEQUENCE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ serverDHNonce [1] DHNonce OPTIONAL,
+ ...,
+ kdf [2] KDFAlgorithmId OPTIONAL,
+ ...
+}
+
+PA-PK-AS-REP ::= CHOICE {
+ dhInfo [0] DHRepInfo,
+ encKeyPack [1] IMPLICIT OCTET STRING,
+ ...
+}
+
+KDCDHKeyInfo ::= SEQUENCE {
+ subjectPublicKey [0] BIT STRING,
+ nonce [1] INTEGER (0..4294967295),
+ dhKeyExpiration [2] KerberosTime OPTIONAL,
+ ...
+}
+
+ReplyKeyPack ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ asChecksum [1] Checksum,
+ ...
+}
+
+TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+
+
+-- Windows compat glue --
+
+PKAuthenticator-Win2k ::= SEQUENCE {
+ kdcName [0] PrincipalName,
+ kdcRealm [1] Realm,
+ cusec [2] INTEGER (0..4294967295),
+ ctime [3] KerberosTime,
+ nonce [4] INTEGER (-2147483648..2147483647)
+}
+
+AuthPack-Win2k ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator-Win2k,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL
+}
+
+
+TrustedCA-Win2k ::= CHOICE {
+ caName [1] heim_any,
+ issuerAndSerial [2] IssuerAndSerialNumber
+}
+
+PA-PK-AS-REQ-Win2k ::= SEQUENCE {
+ signed-auth-pack [0] IMPLICIT OCTET STRING,
+ trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
+ kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL,
+ encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL
+}
+
+PA-PK-AS-REP-Win2k ::= CHOICE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ encKeyPack [1] IMPLICIT OCTET STRING
+}
+
+
+KDCDHKeyInfo-Win2k ::= SEQUENCE {
+ nonce [0] INTEGER (-2147483648..2147483647),
+ subjectPublicKey [2] BIT STRING
+}
+
+ReplyKeyPack-Win2k ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ nonce [1] INTEGER (-2147483648..2147483647),
+ ...
+}
+
+PkinitSuppPubInfo ::= SEQUENCE {
+ enctype [0] INTEGER (-2147483648..2147483647),
+ as-REQ [1] OCTET STRING,
+ pk-as-rep [2] OCTET STRING,
+ ticket [3] Ticket,
+ ...
+}
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/rfc2459.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/rfc2459.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/rfc2459.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,506 @@
+-- $Id: rfc2459.asn1,v 1.1.1.2 2012-07-21 15:09:08 laffer1 Exp $ --
+-- Definitions from rfc2459/rfc3280
+
+RFC2459 DEFINITIONS ::= BEGIN
+
+IMPORTS heim_any FROM heim;
+
+Version ::= INTEGER {
+ rfc3280_version_1(0),
+ rfc3280_version_2(1),
+ rfc3280_version_3(2)
+}
+
+id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+ rsadsi(113549) pkcs(1) 1 }
+id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
+id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
+id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
+id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
+id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
+id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
+id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
+
+id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
+
+id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+ rsadsi(113549) pkcs(1) 2 }
+id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
+id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
+id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
+
+id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
+{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
+
+id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
+id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
+id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
+
+id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+ rsadsi(113549) pkcs(1) 3 }
+
+id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
+id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
+id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
+
+id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+ rsadsi(113549) 3 }
+
+id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
+id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
+
+id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+ oiw(14) secsig(3) algorithm(2) 26 }
+
+id-nistAlgorithm OBJECT IDENTIFIER ::= {
+ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
+
+id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
+
+id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
+id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
+id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
+
+id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
+
+id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
+id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
+id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
+id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
+
+id-dhpublicnumber OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) ansi-x942(10046)
+ number-type(2) 1 }
+
+id-x9-57 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) ansi-x942(10046)
+ 4 }
+
+id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
+id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
+
+-- x.520 names types
+
+id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
+id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
+id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
+id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
+id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
+id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
+id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
+id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
+id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
+id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
+id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
+id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
+id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
+id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
+-- RFC 2247
+id-Userid OBJECT IDENTIFIER ::=
+ { 0 9 2342 19200300 100 1 1 }
+id-domainComponent OBJECT IDENTIFIER ::=
+ { 0 9 2342 19200300 100 1 25 }
+
+
+-- rfc3280
+
+id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters heim_any OPTIONAL
+}
+
+AttributeType ::= OBJECT IDENTIFIER
+
+AttributeValue ::= heim_any
+
+TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
+
+DirectoryString ::= CHOICE {
+ ia5String IA5String,
+ teletexString TeletexStringx,
+ printableString PrintableString,
+ universalString UniversalString,
+ utf8String UTF8String,
+ bmpString BMPString
+}
+
+Attribute ::= SEQUENCE {
+ type AttributeType,
+ value SET OF -- AttributeValue -- heim_any
+}
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value DirectoryString
+}
+
+RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+Name ::= CHOICE {
+ rdnSequence RDNSequence
+}
+
+CertificateSerialNumber ::= INTEGER
+
+Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime
+}
+
+Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time
+}
+
+UniqueIdentifier ::= BIT STRING
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING
+}
+
+Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
+ extnValue OCTET STRING
+}
+
+Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+TBSCertificate ::= SEQUENCE {
+ version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
+ serialNumber CertificateSerialNumber,
+ signature AlgorithmIdentifier,
+ issuer Name,
+ validity Validity,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
+ -- If present, version shall be v2 or v3
+ subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
+ -- If present, version shall be v2 or v3
+ extensions [3] EXPLICIT Extensions OPTIONAL
+ -- If present, version shall be v3
+}
+
+Certificate ::= SEQUENCE {
+ tbsCertificate TBSCertificate,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING
+}
+
+Certificates ::= SEQUENCE OF Certificate
+
+ValidationParms ::= SEQUENCE {
+ seed BIT STRING,
+ pgenCounter INTEGER
+}
+
+DomainParameters ::= SEQUENCE {
+ p INTEGER, -- odd prime, p=jq +1
+ g INTEGER, -- generator, g
+ q INTEGER, -- factor of p-1
+ j INTEGER OPTIONAL, -- subgroup factor
+ validationParms ValidationParms OPTIONAL -- ValidationParms
+}
+
+DHPublicKey ::= INTEGER
+
+OtherName ::= SEQUENCE {
+ type-id OBJECT IDENTIFIER,
+ value [0] EXPLICIT heim_any
+}
+
+GeneralName ::= CHOICE {
+ otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
+ type-id OBJECT IDENTIFIER,
+ value [0] EXPLICIT heim_any
+ },
+ rfc822Name [1] IMPLICIT IA5String,
+ dNSName [2] IMPLICIT IA5String,
+-- x400Address [3] IMPLICIT ORAddress,--
+ directoryName [4] IMPLICIT -- Name -- CHOICE {
+ rdnSequence RDNSequence
+ },
+-- ediPartyName [5] IMPLICIT EDIPartyName, --
+ uniformResourceIdentifier [6] IMPLICIT IA5String,
+ iPAddress [7] IMPLICIT OCTET STRING,
+ registeredID [8] IMPLICIT OBJECT IDENTIFIER
+}
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
+
+KeyUsage ::= BIT STRING {
+ digitalSignature (0),
+ nonRepudiation (1),
+ keyEncipherment (2),
+ dataEncipherment (3),
+ keyAgreement (4),
+ keyCertSign (5),
+ cRLSign (6),
+ encipherOnly (7),
+ decipherOnly (8)
+}
+
+id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
+
+KeyIdentifier ::= OCTET STRING
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+ keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
+ authorityCertIssuer [1] IMPLICIT -- GeneralName --
+ SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
+ authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
+}
+
+id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
+
+BasicConstraints ::= SEQUENCE {
+ cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
+ pathLenConstraint INTEGER (0..4294967295) OPTIONAL
+}
+
+id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
+
+BaseDistance ::= INTEGER -- (0..MAX) --
+
+GeneralSubtree ::= SEQUENCE {
+ base GeneralName,
+ minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
+ maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
+}
+
+GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
+
+NameConstraints ::= SEQUENCE {
+ permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
+ excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
+}
+
+id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
+id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
+id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
+id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
+id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
+id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
+id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
+
+id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
+
+ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
+
+id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
+id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
+id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
+id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
+id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
+id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
+id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
+
+DistributionPointReasonFlags ::= BIT STRING {
+ unused (0),
+ keyCompromise (1),
+ cACompromise (2),
+ affiliationChanged (3),
+ superseded (4),
+ cessationOfOperation (5),
+ certificateHold (6),
+ privilegeWithdrawn (7),
+ aACompromise (8)
+}
+
+DistributionPointName ::= CHOICE {
+ fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
+ nameRelativeToCRLIssuer [1] RelativeDistinguishedName
+}
+
+DistributionPoint ::= SEQUENCE {
+ distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
+ reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
+ cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
+}
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+
+-- rfc3279
+
+DSASigValue ::= SEQUENCE {
+ r INTEGER,
+ s INTEGER
+}
+
+DSAPublicKey ::= INTEGER
+
+DSAParams ::= SEQUENCE {
+ p INTEGER,
+ q INTEGER,
+ g INTEGER
+}
+
+-- really pkcs1
+
+RSAPublicKey ::= SEQUENCE {
+ modulus INTEGER, -- n
+ publicExponent INTEGER -- e
+}
+
+RSAPrivateKey ::= SEQUENCE {
+ version INTEGER (0..4294967295),
+ modulus INTEGER, -- n
+ publicExponent INTEGER, -- e
+ privateExponent INTEGER, -- d
+ prime1 INTEGER, -- p
+ prime2 INTEGER, -- q
+ exponent1 INTEGER, -- d mod (p-1)
+ exponent2 INTEGER, -- d mod (q-1)
+ coefficient INTEGER -- (inverse of q) mod p
+}
+
+DigestInfo ::= SEQUENCE {
+ digestAlgorithm AlgorithmIdentifier,
+ digest OCTET STRING
+}
+
+-- some ms ext
+
+-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
+
+-- UNICODESTRING (0x1E tag)
+
+-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
+
+-- TemplateVersion ::= INTEGER (0..4294967295)
+
+-- CertificateTemplate ::= SEQUENCE {
+-- templateID OBJECT IDENTIFIER,
+-- templateMajorVersion TemplateVersion,
+-- templateMinorVersion TemplateVersion OPTIONAL
+-- }
+
+
+--
+-- CRL
+--
+
+TBSCRLCertList ::= SEQUENCE {
+ version Version OPTIONAL, -- if present, MUST be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, MUST be v2
+ } OPTIONAL,
+ crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ -- if present, MUST be v2
+}
+
+
+CRLCertificateList ::= SEQUENCE {
+ tbsCertList TBSCRLCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING
+}
+
+id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
+id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
+id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
+
+CRLReason ::= ENUMERATED {
+ unspecified (0),
+ keyCompromise (1),
+ cACompromise (2),
+ affiliationChanged (3),
+ superseded (4),
+ cessationOfOperation (5),
+ certificateHold (6),
+ removeFromCRL (8),
+ privilegeWithdrawn (9),
+ aACompromise (10)
+}
+
+PKIXXmppAddr ::= UTF8String
+
+id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
+
+id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
+id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
+id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
+
+id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
+id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
+id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
+id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
+id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
+
+id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+
+id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
+
+AccessDescription ::= SEQUENCE {
+ accessMethod OBJECT IDENTIFIER,
+ accessLocation GeneralName
+}
+
+AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- RFC 3820 Proxy Certificate Profile
+
+id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
+
+id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
+
+id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
+id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
+id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
+
+ProxyPolicy ::= SEQUENCE {
+ policyLanguage OBJECT IDENTIFIER,
+ policy OCTET STRING OPTIONAL
+}
+
+ProxyCertInfo ::= SEQUENCE {
+ pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
+ proxyPolicy ProxyPolicy
+}
+
+--- U.S. Federal PKI Common Policy Framework
+-- Card Authentication key
+id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
+id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
+
+--- Netscape extentions
+
+id-netscape OBJECT IDENTIFIER ::=
+ { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
+id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
+
+--- MS extentions
+
+id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
+ { 1 3 6 1 4 1 311 20 2 }
+
+id-ms-client-authentication OBJECT IDENTIFIER ::=
+ { 1 3 6 1 5 5 7 3 2 }
+
+-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/setchgpw2.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/setchgpw2.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/setchgpw2.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,193 @@
+-- $Id: setchgpw2.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+SETCHGPW2 DEFINITIONS ::=
+BEGIN
+
+IMPORTS PrincipalName, Realm, ENCTYPE FROM krb5;
+
+ProtocolErrorCode ::= ENUMERATED {
+ generic-error(0),
+ unsupported-major-version(1),
+ unsupported-minor-version(2),
+ unsupported-operation(3),
+ authorization-failed(4),
+ initial-ticket-required(5),
+ target-principal-unknown(6),
+ ...
+}
+
+Key ::= SEQUENCE {
+ enc-type[0] INTEGER,
+ key[1] OCTET STRING,
+ ...
+}
+
+Language-Tag ::= UTF8String -- Constrained by RFC3066
+
+LangTaggedText ::= SEQUENCE {
+ language[0] Language-Tag OPTIONAL,
+ text[1] UTF8String,
+ ...
+}
+
+-- NULL Op
+
+Req-null ::= NULL
+Rep-null ::= NULL
+Err-null ::= NULL
+
+-- Change password
+Req-change-pw ::= SEQUENCE {
+ old-pw[0] UTF8String,
+ new-pw[1] UTF8String OPTIONAL,
+ etypes[2] SEQUENCE OF ENCTYPE OPTIONAL,
+ ...
+}
+
+Rep-change-pw ::= SEQUENCE {
+ info-text[0] UTF8String OPTIONAL,
+ new-pw[1] UTF8String OPTIONAL,
+ etypes[2] SEQUENCE OF ENCTYPE OPTIONAL
+}
+
+Err-change-pw ::= SEQUENCE {
+ help-text[0] UTF8String OPTIONAL,
+ code[1] ENUMERATED {
+ generic(0),
+ wont-generate-new-pw(1),
+ old-pw-incorrect(2),
+ new-pw-rejected-geneneric(3),
+ pw-change-too-short(4),
+ ...
+ },
+ suggested-new-pw[2] UTF8String OPTIONAL,
+ ...
+}
+
+-- Change/Set keys
+Req-set-keys ::= SEQUENCE {
+ etypes[0] SEQUENCE OF ENCTYPE,
+ entropy[1] OCTET STRING,
+ ...
+}
+
+Rep-set-keys ::= SEQUENCE {
+ info-text[0] UTF8String OPTIONAL,
+ kvno[1] INTEGER,
+ keys[2] SEQUENCE OF Key,
+ aliases[3] SEQUENCE OF SEQUENCE {
+ name[0] PrincipalName,
+ realm[1] Realm OPTIONAL,
+ ...
+ },
+ ...
+}
+
+Err-set-keys ::= SEQUENCE {
+ help-text[0] UTF8String OPTIONAL,
+ enctypes[1] SEQUENCE OF ENCTYPE OPTIONAL,
+ code[1] ENUMERATED {
+ etype-no-support(0),
+ ...
+ },
+ ...
+}
+
+-- Get password policy
+Req-get-pw-policy ::= NULL
+
+Rep-get-pw-policy ::= SEQUENCE {
+ help-text[0] UTF8String OPTIONAL,
+ policy-name[1] UTF8String OPTIONAL,
+ description[2] UTF8String OPTIONAL,
+ ...
+}
+
+Err-get-pw-policy ::= NULL
+
+-- Get principal aliases
+Req-get-princ-aliases ::= NULL
+
+Rep-get-princ-aliases ::= SEQUENCE {
+ help-text[0] UTF8String OPTIONAL,
+ aliases[1] SEQUENCE OF SEQUENCE {
+ name[0] PrincipalName,
+ realm[1] Realm OPTIONAL,
+ ...
+ } OPTIONAL,
+ ...
+}
+
+Err-get-princ-aliases ::= NULL
+
+-- Get list of encryption types supported by KDC for new types
+Req-get-supported-etypes ::= NULL
+
+Rep-get-supported-etypes ::= SEQUENCE OF ENCTYPE
+
+Err-get-supported-etypes ::= NULL
+
+-- Choice switch
+
+Op-req ::= CHOICE {
+ null[0] Req-null,
+ change-pw[1] Req-change-pw,
+ set-keys[2] Req-set-keys,
+ get-pw-policy[3] Req-get-pw-policy,
+ get-princ-aliases[4] Req-get-princ-aliases,
+ get-supported-etypes[5] Req-get-supported-etypes,
+ ...
+}
+
+Op-rep ::= CHOICE {
+ null[0] Rep-null,
+ change-pw[1] Rep-change-pw,
+ set-keys[2] Rep-set-keys,
+ get-pw-policy[3] Rep-get-pw-policy,
+ get-princ-aliases[4] Rep-get-princ-aliases,
+ get-supported-etypes[5] Rep-get-supported-etypes,
+ ...
+}
+
+Op-error ::= CHOICE {
+ null[0] Err-null,
+ change-pw[1] Err-change-pw,
+ set-keys[2] Err-set-keys,
+ get-pw-policy[3] Err-get-pw-policy,
+ get-princ-aliases[4] Err-get-princ-aliases,
+ get-supported-etypes[5] Err-get-supported-etypes,
+ ...
+}
+
+
+Request ::= [ APPLICATION 0 ] SEQUENCE {
+ pvno-major[0] INTEGER DEFAULT 2,
+ pvno-minor[1] INTEGER DEFAULT 0,
+ languages[2] SEQUENCE OF Language-Tag OPTIONAL,
+ targ-name[3] PrincipalName OPTIONAL,
+ targ-realm[4] Realm OPTIONAL,
+ operation[5] Op-Req,
+ ...
+}
+
+Response ::= [ APPLICATION 1 ] SEQUENCE {
+ pvno-major[0] INTEGER DEFAULT 2,
+ pvno-minor[1] INTEGER DEFAULT 0,
+ language[2] Language-Tag DEFAULT "i-default",
+ result[3] Op-rep OPTIONAL,
+ ...
+}
+
+Error-Response ::= [ APPLICATION 2 ] SEQUENCE {
+ pvno-major[0] INTEGER DEFAULT 2,
+ pvno-minor[1] INTEGER DEFAULT 0,
+ language[2] Language-Tag DEFAULT "i-default",
+ error-code[3] ProtocolErrorCode,
+ help-text[4] UTF8String OPTIONAL,
+ op-error[5] Op-error OP-ERROR,
+ ...
+}
+
+END
+
+-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' setchgpw2.asn1
Added: vendor-crypto/heimdal/dist/lib/asn1/symbol.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/symbol.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/symbol.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gen_locl.h"
+#include "lex.h"
+
+RCSID("$Id: symbol.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static Hashtab *htab;
+
+static int
+cmp(void *a, void *b)
+{
+ Symbol *s1 = (Symbol *) a;
+ Symbol *s2 = (Symbol *) b;
+
+ return strcmp(s1->name, s2->name);
+}
+
+static unsigned
+hash(void *a)
+{
+ Symbol *s = (Symbol *) a;
+
+ return hashjpw(s->name);
+}
+
+void
+initsym(void)
+{
+ htab = hashtabnew(101, cmp, hash);
+}
+
+
+void
+output_name(char *s)
+{
+ char *p;
+
+ for (p = s; *p; ++p)
+ if (*p == '-')
+ *p = '_';
+}
+
+Symbol *
+addsym(char *name)
+{
+ Symbol key, *s;
+
+ key.name = name;
+ s = (Symbol *) hashtabsearch(htab, (void *) &key);
+ if (s == NULL) {
+ s = (Symbol *) emalloc(sizeof(*s));
+ s->name = name;
+ s->gen_name = estrdup(name);
+ output_name(s->gen_name);
+ s->stype = SUndefined;
+ hashtabadd(htab, s);
+ }
+ return s;
+}
+
+static int
+checkfunc(void *ptr, void *arg)
+{
+ Symbol *s = ptr;
+ if (s->stype == SUndefined) {
+ error_message("%s is still undefined\n", s->name);
+ *(int *) arg = 1;
+ }
+ return 0;
+}
+
+int
+checkundefined(void)
+{
+ int f = 0;
+ hashtabforeach(htab, checkfunc, &f);
+ return f;
+}
Added: vendor-crypto/heimdal/dist/lib/asn1/symbol.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/symbol.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/symbol.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: symbol.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef _SYMBOL_H
+#define _SYMBOL_H
+
+#include "asn1_queue.h"
+
+enum typetype {
+ TBitString,
+ TBoolean,
+ TChoice,
+ TEnumerated,
+ TGeneralString,
+ TGeneralizedTime,
+ TIA5String,
+ TInteger,
+ TNull,
+ TOID,
+ TOctetString,
+ TPrintableString,
+ TSequence,
+ TSequenceOf,
+ TSet,
+ TSetOf,
+ TTag,
+ TType,
+ TUTCTime,
+ TUTF8String,
+ TBMPString,
+ TUniversalString,
+ TVisibleString
+};
+
+typedef enum typetype Typetype;
+
+struct type;
+
+struct value {
+ enum { booleanvalue,
+ nullvalue,
+ integervalue,
+ stringvalue,
+ objectidentifiervalue
+ } type;
+ union {
+ int booleanvalue;
+ int integervalue;
+ char *stringvalue;
+ struct objid *objectidentifiervalue;
+ } u;
+};
+
+struct member {
+ char *name;
+ char *gen_name;
+ char *label;
+ int val;
+ int optional;
+ int ellipsis;
+ struct type *type;
+ ASN1_TAILQ_ENTRY(member) members;
+ struct value *defval;
+};
+
+typedef struct member Member;
+
+ASN1_TAILQ_HEAD(memhead, member);
+
+struct symbol;
+
+struct tagtype {
+ int tagclass;
+ int tagvalue;
+ enum { TE_IMPLICIT, TE_EXPLICIT } tagenv;
+};
+
+struct range {
+ int min;
+ int max;
+};
+
+enum ctype { CT_CONTENTS, CT_USER } ;
+
+struct constraint_spec;
+
+struct type {
+ Typetype type;
+ struct memhead *members;
+ struct symbol *symbol;
+ struct type *subtype;
+ struct tagtype tag;
+ struct range *range;
+ struct constraint_spec *constraint;
+};
+
+typedef struct type Type;
+
+struct constraint_spec {
+ enum ctype ctype;
+ union {
+ struct {
+ Type *type;
+ struct value *encoding;
+ } content;
+ } u;
+};
+
+struct objid {
+ const char *label;
+ int value;
+ struct objid *next;
+};
+
+struct symbol {
+ char *name;
+ char *gen_name;
+ enum { SUndefined, SValue, Stype } stype;
+ struct value *value;
+ Type *type;
+};
+
+typedef struct symbol Symbol;
+
+void initsym (void);
+Symbol *addsym (char *);
+void output_name (char *);
+int checkundefined(void);
+#endif
Added: vendor-crypto/heimdal/dist/lib/asn1/test.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/test.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/test.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+-- $Id: test.asn1,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ --
+
+TEST DEFINITIONS ::=
+
+BEGIN
+
+IMPORTS heim_any FROM heim;
+
+TESTLargeTag ::= SEQUENCE {
+ foo[127] INTEGER (-2147483648..2147483647)
+}
+
+TESTSeq ::= SEQUENCE {
+ tag0[0] INTEGER (-2147483648..2147483647),
+ tag1[1] TESTLargeTag,
+ tagless INTEGER (-2147483648..2147483647),
+ tag3[2] INTEGER (-2147483648..2147483647)
+}
+
+TESTChoice1 ::= CHOICE {
+ i1[1] INTEGER (-2147483648..2147483647),
+ i2[2] INTEGER (-2147483648..2147483647),
+ ...
+}
+
+TESTChoice2 ::= CHOICE {
+ i1[1] INTEGER (-2147483648..2147483647),
+ ...
+}
+
+TESTInteger ::= INTEGER (-2147483648..2147483647)
+
+TESTInteger2 ::= [4] IMPLICIT TESTInteger
+TESTInteger3 ::= [5] IMPLICIT TESTInteger2
+
+TESTImplicit ::= SEQUENCE {
+ ti1[0] IMPLICIT INTEGER (-2147483648..2147483647),
+ ti2[1] IMPLICIT SEQUENCE {
+ foo[127] INTEGER (-2147483648..2147483647)
+ },
+ ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647)
+}
+
+TESTImplicit2 ::= SEQUENCE {
+ ti1[0] IMPLICIT TESTInteger,
+ ti2[1] IMPLICIT TESTLargeTag,
+ ti3[2] IMPLICIT TESTInteger3
+}
+
+TESTAllocInner ::= SEQUENCE {
+ ai[0] TESTInteger
+}
+
+TESTAlloc ::= SEQUENCE {
+ tagless TESTAllocInner OPTIONAL,
+ three [1] INTEGER (-2147483648..2147483647),
+ tagless2 heim_any OPTIONAL
+}
+
+
+TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
+TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
+ { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
+)
+
+TESTDer OBJECT IDENTIFIER ::= {
+ joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1)
+}
+
+TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY
+ { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
+)
+
+TESTCONTAININGENCODEDBY2 ::= OCTET STRING (
+ CONTAINING INTEGER ENCODED BY TESTDer
+)
+
+
+TESTValue1 INTEGER ::= 1
+
+TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
+-- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger })
+-- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER })
+-- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 })
+
+TESTSeqOf ::= SEQUENCE OF TESTInteger
+
+TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger
+TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger
+TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger
+TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
+
+TESTOSSize1 ::= OCTET STRING SIZE (1..2)
+
+END
Added: vendor-crypto/heimdal/dist/lib/asn1/test.gen
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/test.gen (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/test.gen 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+# $Id: test.gen,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+# Sample for TESTSeq in test.asn1
+#
+
+UNIV CONS Sequence 23
+ CONTEXT CONS 0 3
+ UNIV PRIM Integer 1 01
+ CONTEXT CONS 1 8
+ UNIV CONS Sequence 6
+ CONTEXT CONS 127 3
+ UNIV PRIM Integer 1 01
+ UNIV PRIM Integer 1 01
+ CONTEXT CONS 2 3
+ UNIV PRIM Integer 1 01
Added: vendor-crypto/heimdal/dist/lib/asn1/timegm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/asn1/timegm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/asn1/timegm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "der_locl.h"
+
+RCSID("$Id: timegm.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int
+is_leap(unsigned y)
+{
+ y += 1900;
+ return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
+}
+
+/*
+ * This is a simplifed version of timegm(3) that doesn't accept out of
+ * bound values that timegm(3) normally accepts but those are not
+ * valid in asn1 encodings.
+ */
+
+time_t
+_der_timegm (struct tm *tm)
+{
+ static const unsigned ndays[2][12] ={
+ {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
+ {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
+ time_t res = 0;
+ unsigned i;
+
+ if (tm->tm_year < 0)
+ return -1;
+ if (tm->tm_mon < 0 || tm->tm_mon > 11)
+ return -1;
+ if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
+ return -1;
+ if (tm->tm_hour < 0 || tm->tm_hour > 23)
+ return -1;
+ if (tm->tm_min < 0 || tm->tm_min > 59)
+ return -1;
+ if (tm->tm_sec < 0 || tm->tm_sec > 59)
+ return -1;
+
+ for (i = 70; i < tm->tm_year; ++i)
+ res += is_leap(i) ? 366 : 365;
+
+ for (i = 0; i < tm->tm_mon; ++i)
+ res += ndays[is_leap(tm->tm_year)][i];
+ res += tm->tm_mday - 1;
+ res *= 24;
+ res += tm->tm_hour;
+ res *= 60;
+ res += tm->tm_min;
+ res *= 60;
+ res += tm->tm_sec;
+ return res;
+}
Added: vendor-crypto/heimdal/dist/lib/auth/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,206 @@
+2007-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sia/Makefile.am: One EXTRA_DIST is enought, from dave love.
+
+ * pam/Makefile.am: Add SRCS to EXTRA_DIST
+
+ * afskauthlib/Makefile.am: SRCS
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pam/Makefile.am: use libtool to build binaries
+
+2005-05-02 Dave Love <fx at gnu.org>
+
+ * afskauthlib/Makefile.am (afskauthlib.so): Use libtool.
+ (.c.o): Use CC (like SIA module), not COMPILE.
+
+2005-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sia/sia.c: fix getpw*_r calls, they return 0 even when the entry
+ isn't found and instead make it with setting return pointer to
+ NULL. From Luke Mewburn <lukem at NetBSD.org>
+
+2004-09-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * afskauthlib/verify.c: use krb5_appdefault_boolean instead of
+ krb5_config_get_bool
+
+2003-09-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sia/sia.c: Add support for AFS when using Kerberos 5, From:
+ Sergio.Gelato at astro.su.se
+
+2003-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * pam/Makefile.am: XXX inline COMPILE since automake wont add it
+
+ * afskauthlib/verify.c (verify_krb5): use krb5_cc_clear_mcred
+
+2003-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sia/Makefile.am: inline COMPILE since (modern) automake doesn't
+ add it by itself for some reason
+
+2003-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskauthlib/Makefile.am: always includes kafs now that its built
+
+2003-03-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sia/Makefile.am: libkafs is always built now, lets include it
+
+2002-05-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * pam/Makefile.am: set SUFFIXES with +=
+
+2001-10-27 Assar Westerlund <assar at sics.se>
+
+ * pam/Makefile.am: actually build the pam module
+
+2001-09-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * sia/Makefile.am: also don't compress krb5 library, at least
+ siacfg fails with compressed libraries
+
+2001-09-13 Assar Westerlund <assar at sics.se>
+
+ * sia/sia.c: move krb5_error_code inside a ifdef KRB5
+ * sia/sia_locl.h: move roken.h earlier to grab definition of
+ socklen_t
+
+2001-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * sia/krb5_matrix.conf: athena -> heimdal
+
+2001-07-17 Assar Westerlund <assar at sics.se>
+
+ * sia/Makefile.am: use make-rpath to sort rpath arguments
+
+2001-07-15 Assar Westerlund <assar at sics.se>
+
+ * afskauthlib/Makefile.am: use LIB_des, so that we link with
+ libcrypto/libdes from krb4
+
+2001-07-12 Assar Westerlund <assar at sics.se>
+
+ * sia/Makefile.am: use $(CC) instead of ld for linking
+
+2001-07-06 Assar Westerlund <assar at sics.se>
+
+ * sia/Makefile.am: use LDFLAGS, and conditional libdes
+
+2001-03-06 Assar Westerlund <assar at sics.se>
+
+ * sia/Makefile.am: make sure of using -rpath and not -R when
+ calling ld
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * pam/pam.c (psyslog): do not log to console
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * sia/Makefile.am (libsia_krb5.so): actually run ld in the case
+ shared library case
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * sia/sia.c (siad_ses_init): handle krb5_init_context failure
+ consistently
+ * afskauthlib/verify.c (verify_krb5): handle krb5_init_context
+ failure consistently
+
+2000-11-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * afskauthlib/Makefile.am: use libtool
+
+ * afskauthlib/Makefile.am: work with krb4 only
+
+2000-07-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * sia/Makefile.am: don't compress library, since 5.0 seems to have
+ a problem with this
+
+2000-07-02 Assar Westerlund <assar at sics.se>
+
+ * afskauthlib/verify.c: fixes for pag setting
+
+1999-12-30 Assar Westerlund <assar at sics.se>
+
+ * sia/Makefile.am: try to link with shared libraries if we don't
+ find any static ones
+
+1999-12-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * sia/sia.c: don't use string concatenation with TKT_ROOT
+
+1999-11-15 Assar Westerlund <assar at sics.se>
+
+ * */lib/Makefile.in: set LIBNAME. From Enrico Scholz
+ <Enrico.Scholz at informatik.tu-chemnitz.de>
+
+1999-10-17 Assar Westerlund <assar at sics.se>
+
+ * afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4
+
+1999-10-03 Assar Westerlund <assar at sics.se>
+
+ * afskauthlib/verify.c (verify_krb5): update to new
+ krb524_convert_creds_kdc
+
+1999-09-28 Assar Westerlund <assar at sics.se>
+
+ * sia/sia.c (doauth): use krb5_get_local_realms and
+ krb5_verify_user_lrealm
+
+ * afskauthlib/verify.c (verify_krb5): remove krb5_kuserok. use
+ krb5_verify_user_lrealm
+
+1999-08-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * pam/Makefile.in: link with res_search/dn_expand libraries
+
+1999-08-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * afskauthlib/verify.c: make this compile w/o krb4
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * afskauthlib/verify.c: incorporate patches from Miroslav Ruda
+ <ruda at ics.muni.cz>
+
+Thu Apr 8 14:35:34 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * sia/sia.c: remove definition of KRB_VERIFY_USER (moved to
+ config.h)
+
+ * sia/Makefile.am: make it build w/o krb4
+
+ * afskauthlib/verify.c: add krb5 support
+
+ * afskauthlib/Makefile.am: build afskauthlib.so
+
+Wed Apr 7 14:06:22 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * sia/sia.c: make it compile w/o krb4
+
+ * sia/Makefile.am: make it compile w/o krb4
+
+Thu Apr 1 18:09:23 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h
+
+Sun Mar 21 14:08:30 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * sia/Makefile.in: add posix_getpw.c
+
+ * sia/Makefile.am: makefile for sia
+
+ * sia/posix_getpw.c: move from sia.c
+
+ * sia/sia_locl.h: merge with krb5 version
+
+ * sia/sia.c: merge with krb5 version
+
+ * sia/sia5.c: remove unused variables
Added: vendor-crypto/heimdal/dist/lib/auth/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = @LIB_AUTH_SUBDIRS@
+DIST_SUBDIRS = afskauthlib pam sia
Added: vendor-crypto/heimdal/dist/lib/auth/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,815 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+subdir = lib/auth
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SUBDIRS = @LIB_AUTH_SUBDIRS@
+DIST_SUBDIRS = afskauthlib pam sia
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/auth/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,51 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+DEFS = @DEFS@
+
+foodir = $(libdir)
+foo_DATA = afskauthlib.so
+
+SUFFIXES += .c .o
+
+SRCS = verify.c
+OBJS = verify.o
+
+CLEANFILES = $(foo_DATA) $(OBJS) so_locations
+
+afskauthlib.so: $(OBJS)
+ $(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS)
+
+.c.o:
+ $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
+ -c `test -f '$<' || echo '$(srcdir)/'`$<
+
+KAFS = $(top_builddir)/lib/kafs/libkafs.la
+
+if KRB5
+L = \
+ $(KAFS) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/roken/libroken.la \
+ -lc
+
+else
+
+L = \
+ $(KAFS) \
+ $(LIB_krb4) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/roken/libroken.la \
+ -lc
+endif
+
+$(OBJS): $(top_builddir)/include/config.h
+
+EXTRA_DIST = $(SRCS)
Added: vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/afskauthlib/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,723 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = lib/auth/afskauthlib
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(foodir)"
+fooDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(foo_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+foodir = $(libdir)
+foo_DATA = afskauthlib.so
+SRCS = verify.c
+OBJS = verify.o
+CLEANFILES = $(foo_DATA) $(OBJS) so_locations
+KAFS = $(top_builddir)/lib/kafs/libkafs.la
+ at KRB5_FALSE@L = \
+ at KRB5_FALSE@ $(KAFS) \
+ at KRB5_FALSE@ $(LIB_krb4) \
+ at KRB5_FALSE@ $(LIB_hcrypto) \
+ at KRB5_FALSE@ $(top_builddir)/lib/roken/libroken.la \
+ at KRB5_FALSE@ -lc
+
+ at KRB5_TRUE@L = \
+ at KRB5_TRUE@ $(KAFS) \
+ at KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
+ at KRB5_TRUE@ $(LIB_krb4) \
+ at KRB5_TRUE@ $(LIB_hcrypto) \
+ at KRB5_TRUE@ $(top_builddir)/lib/roken/libroken.la \
+ at KRB5_TRUE@ -lc
+
+EXTRA_DIST = $(SRCS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/afskauthlib/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/auth/afskauthlib/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-fooDATA: $(foo_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
+ @list='$(foo_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
+ $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
+ done
+
+uninstall-fooDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(foo_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
+ rm -f "$(DESTDIR)$(foodir)/$$f"; \
+ done
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(foodir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-fooDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-fooDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-fooDATA \
+ install-html install-html-am install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am uninstall uninstall-am uninstall-fooDATA \
+ uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+afskauthlib.so: $(OBJS)
+ $(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS)
+
+.c.o:
+ $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
+ -c `test -f '$<' || echo '$(srcdir)/'`$<
+
+$(OBJS): $(top_builddir)/include/config.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/auth/afskauthlib/verify.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/afskauthlib/verify.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/afskauthlib/verify.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,307 @@
+/*
+ * Copyright (c) 1995-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verify.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#include <kafs.h>
+#endif
+#include <roken.h>
+
+#ifdef KRB5
+static char krb5ccname[128];
+#endif
+#ifdef KRB4
+static char krbtkfile[128];
+#endif
+
+/*
+ In some cases is afs_gettktstring called twice (once before
+ afs_verify and once after afs_verify).
+ In some cases (rlogin with access allowed via .rhosts)
+ afs_verify is not called!
+ So we can't rely on correct value in krbtkfile in some
+ cases!
+*/
+
+static int correct_tkfilename=0;
+static int pag_set=0;
+
+#ifdef KRB4
+static void
+set_krbtkfile(uid_t uid)
+{
+ snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
+ krb_set_tkt_string (krbtkfile);
+ correct_tkfilename = 1;
+}
+#endif
+
+/* XXX this has to be the default cache name, since the KRB5CCNAME
+ * environment variable isn't exported by login/xdm
+ */
+
+#ifdef KRB5
+static void
+set_krb5ccname(uid_t uid)
+{
+ snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid);
+#ifdef KRB4
+ snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid);
+#endif
+ correct_tkfilename = 1;
+}
+#endif
+
+static void
+set_spec_krbtkfile(void)
+{
+ int fd;
+#ifdef KRB4
+ snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT);
+ fd = mkstemp(krbtkfile);
+ close(fd);
+ unlink(krbtkfile);
+ krb_set_tkt_string (krbtkfile);
+#endif
+#ifdef KRB5
+ snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX");
+ fd=mkstemp(krb5ccname+5);
+ close(fd);
+ unlink(krb5ccname+5);
+#endif
+}
+
+#ifdef KRB5
+static int
+verify_krb5(struct passwd *pwd,
+ char *password,
+ int32_t *exp,
+ int quiet)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_ccache ccache;
+ krb5_principal principal;
+
+ ret = krb5_init_context(&context);
+ if (ret) {
+ syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret);
+ goto out;
+ }
+
+ ret = krb5_parse_name (context, pwd->pw_name, &principal);
+ if (ret) {
+ syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ set_krb5ccname(pwd->pw_uid);
+ ret = krb5_cc_resolve(context, krb5ccname, &ccache);
+ if(ret) {
+ syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ ret = krb5_verify_user_lrealm(context,
+ principal,
+ ccache,
+ password,
+ TRUE,
+ NULL);
+ if(ret) {
+ syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s",
+ krb5_get_err_text(context, ret));
+ goto out;
+ }
+
+ if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) {
+ syslog(LOG_AUTH|LOG_DEBUG, "chown: %s",
+ krb5_get_err_text(context, errno));
+ goto out;
+ }
+
+#ifdef KRB4
+ {
+ krb5_realm realm = NULL;
+ krb5_boolean get_v4_tgt;
+
+ krb5_get_default_realm(context, &realm);
+ krb5_appdefault_boolean(context, "afskauthlib",
+ realm,
+ "krb4_get_tickets", FALSE, &get_v4_tgt);
+ if (get_v4_tgt) {
+ CREDENTIALS c;
+ krb5_creds mcred, cred;
+
+ krb5_cc_clear_mcred(&mcred);
+
+ krb5_make_principal(context, &mcred.server, realm,
+ "krbtgt",
+ realm,
+ NULL);
+ ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
+ if(ret == 0) {
+ ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c);
+ if(ret)
+ krb5_warn(context, ret, "converting creds");
+ else {
+ set_krbtkfile(pwd->pw_uid);
+ tf_setup(&c, c.pname, c.pinst);
+ }
+ memset(&c, 0, sizeof(c));
+ krb5_free_cred_contents(context, &cred);
+ } else
+ syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s",
+ krb5_get_err_text(context, ret));
+
+ krb5_free_principal(context, mcred.server);
+ }
+ free (realm);
+ if (!pag_set && k_hasafs()) {
+ k_setpag();
+ pag_set = 1;
+ }
+
+ if (pag_set)
+ krb5_afslog_uid_home(context, ccache, NULL, NULL,
+ pwd->pw_uid, pwd->pw_dir);
+ }
+#endif
+ out:
+ if(ret && !quiet)
+ printf ("%s\n", krb5_get_err_text (context, ret));
+ return ret;
+}
+#endif
+
+#ifdef KRB4
+static int
+verify_krb4(struct passwd *pwd,
+ char *password,
+ int32_t *exp,
+ int quiet)
+{
+ int ret = 1;
+ char lrealm[REALM_SZ];
+
+ if (krb_get_lrealm (lrealm, 1) != KFAILURE) {
+ set_krbtkfile(pwd->pw_uid);
+ ret = krb_verify_user (pwd->pw_name, "", lrealm, password,
+ KRB_VERIFY_SECURE, NULL);
+ if (ret == KSUCCESS) {
+ if (!pag_set && k_hasafs()) {
+ k_setpag ();
+ pag_set = 1;
+ }
+ if (pag_set)
+ krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir);
+ } else if (!quiet)
+ printf ("%s\n", krb_get_err_text (ret));
+ }
+ return ret;
+}
+#endif
+
+int
+afs_verify(char *name,
+ char *password,
+ int32_t *exp,
+ int quiet)
+{
+ int ret = 1;
+ struct passwd *pwd = k_getpwnam (name);
+
+ if(pwd == NULL)
+ return 1;
+
+ if (!pag_set && k_hasafs()) {
+ k_setpag();
+ pag_set=1;
+ }
+
+ if (ret)
+ ret = unix_verify_user (name, password);
+#ifdef KRB5
+ if (ret)
+ ret = verify_krb5(pwd, password, exp, quiet);
+#endif
+#ifdef KRB4
+ if(ret)
+ ret = verify_krb4(pwd, password, exp, quiet);
+#endif
+ return ret;
+}
+
+char *
+afs_gettktstring (void)
+{
+ char *ptr;
+ struct passwd *pwd;
+
+ if (!correct_tkfilename) {
+ ptr = getenv("LOGNAME");
+ if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) {
+ set_krb5ccname(pwd->pw_uid);
+#ifdef KRB4
+ set_krbtkfile(pwd->pw_uid);
+ if (!pag_set && k_hasafs()) {
+ k_setpag();
+ pag_set=1;
+ }
+#endif
+ } else {
+ set_spec_krbtkfile();
+ }
+ }
+#ifdef KRB5
+ esetenv("KRB5CCNAME",krb5ccname,1);
+#endif
+#ifdef KRB4
+ esetenv("KRBTKFILE",krbtkfile,1);
+ return krbtkfile;
+#else
+ return "";
+#endif
+}
Added: vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+DEFS = @DEFS@
+
+## this is horribly ugly, but automake/libtool doesn't allow us to
+## unconditionally build shared libraries, and it does not allow us to
+## link with non-installed libraries
+
+if KRB4
+KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
+KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
+
+L = \
+ $(KAFS) \
+ $(top_builddir)/lib/krb/.libs/libkrb.a \
+ $(LIB_hcrypto_a) \
+ $(top_builddir)/lib/roken/.libs/libroken.a \
+ -lc
+
+L_shared = \
+ $(KAFS_S) \
+ $(top_builddir)/lib/krb/.libs/libkrb.so \
+ $(LIB_hcrypto_so) \
+ $(top_builddir)/lib/roken/.libs/libroken.so \
+ $(LIB_getpwnam_r) \
+ -lc
+
+MOD = pam_krb4.so
+
+endif
+
+foodir = $(libdir)
+foo_DATA = $(MOD)
+
+LDFLAGS = @LDFLAGS@
+
+SRCS = pam.c
+OBJS = pam.o
+
+pam_krb4.so: $(OBJS)
+ @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
+ echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
+ $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
+ elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
+ echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
+ $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
+ else \
+ echo "missing libraries"; exit 1; \
+ fi
+
+CLEANFILES = $(MOD) $(OBJS)
+
+SUFFIXES += .c .o
+
+# XXX inline COMPILE since automake wont add it
+
+.c.o:
+ $(LIBTOOL) --mode=compile --tag=CC $(CC) \
+ $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
+ -c `test -f '$<' || echo '$(srcdir)/'`$<
+
+EXTRA_DIST = pam.conf.add $(SRCS)
Added: vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/pam/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,733 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = lib/auth/pam
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(foodir)"
+fooDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(foo_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ at KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
+ at KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
+ at KRB4_TRUE@L = \
+ at KRB4_TRUE@ $(KAFS) \
+ at KRB4_TRUE@ $(top_builddir)/lib/krb/.libs/libkrb.a \
+ at KRB4_TRUE@ $(LIB_hcrypto_a) \
+ at KRB4_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.a \
+ at KRB4_TRUE@ -lc
+
+ at KRB4_TRUE@L_shared = \
+ at KRB4_TRUE@ $(KAFS_S) \
+ at KRB4_TRUE@ $(top_builddir)/lib/krb/.libs/libkrb.so \
+ at KRB4_TRUE@ $(LIB_hcrypto_so) \
+ at KRB4_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.so \
+ at KRB4_TRUE@ $(LIB_getpwnam_r) \
+ at KRB4_TRUE@ -lc
+
+ at KRB4_TRUE@MOD = pam_krb4.so
+foodir = $(libdir)
+foo_DATA = $(MOD)
+SRCS = pam.c
+OBJS = pam.o
+CLEANFILES = $(MOD) $(OBJS)
+EXTRA_DIST = pam.conf.add $(SRCS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/pam/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/auth/pam/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-fooDATA: $(foo_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
+ @list='$(foo_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
+ $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
+ done
+
+uninstall-fooDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(foo_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
+ rm -f "$(DESTDIR)$(foodir)/$$f"; \
+ done
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(foodir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-fooDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-fooDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-fooDATA \
+ install-html install-html-am install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am uninstall uninstall-am uninstall-fooDATA \
+ uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+pam_krb4.so: $(OBJS)
+ @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
+ echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \
+ $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \
+ elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
+ echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \
+ $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \
+ else \
+ echo "missing libraries"; exit 1; \
+ fi
+
+# XXX inline COMPILE since automake wont add it
+
+.c.o:
+ $(LIBTOOL) --mode=compile --tag=CC $(CC) \
+ $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
+ -c `test -f '$<' || echo '$(srcdir)/'`$<
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/auth/pam/pam.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/pam/pam.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/pam/pam.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,443 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include<config.h>
+RCSID("$Id: pam.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <syslog.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
+#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
+#endif
+
+#include <netinet/in.h>
+#include <krb.h>
+#include <kafs.h>
+
+#if 0
+/* Debugging PAM modules is a royal pain, truss helps. */
+#define DEBUG(msg) (access(msg " at line", __LINE__))
+#endif
+
+static void
+psyslog(int level, const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ openlog("pam_krb4", LOG_PID, LOG_AUTH);
+ vsyslog(level, format, args);
+ va_end(args);
+ closelog();
+}
+
+enum {
+ KRB4_DEBUG,
+ KRB4_USE_FIRST_PASS,
+ KRB4_TRY_FIRST_PASS,
+ KRB4_IGNORE_ROOT,
+ KRB4_NO_VERIFY,
+ KRB4_REAFSLOG,
+ KRB4_CTRLS /* Number of ctrl arguments defined. */
+};
+
+#define KRB4_DEFAULTS 0
+
+static int ctrl_flags = KRB4_DEFAULTS;
+#define ctrl_on(x) (krb4_args[x].flag & ctrl_flags)
+#define ctrl_off(x) (!ctrl_on(x))
+
+typedef struct
+{
+ const char *token;
+ unsigned int flag;
+} krb4_ctrls_t;
+
+static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
+{
+ /* KRB4_DEBUG */ { "debug", 0x01 },
+ /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
+ /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
+ /* KRB4_IGNORE_ROOT */ { "ignore_root", 0x08 },
+ /* KRB4_NO_VERIFY */ { "no_verify", 0x10 },
+ /* KRB4_REAFSLOG */ { "reafslog", 0x20 },
+};
+
+static void
+parse_ctrl(int argc, const char **argv)
+{
+ int i, j;
+
+ ctrl_flags = KRB4_DEFAULTS;
+ for (i = 0; i < argc; i++)
+ {
+ for (j = 0; j < KRB4_CTRLS; j++)
+ if (strcmp(argv[i], krb4_args[j].token) == 0)
+ break;
+
+ if (j >= KRB4_CTRLS)
+ psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
+ else
+ ctrl_flags |= krb4_args[j].flag;
+ }
+}
+
+static void
+pdeb(const char *format, ...)
+{
+ va_list args;
+ if (ctrl_off(KRB4_DEBUG))
+ return;
+ va_start(args, format);
+ openlog("pam_krb4", LOG_PID, LOG_AUTH);
+ vsyslog(LOG_DEBUG, format, args);
+ va_end(args);
+ closelog();
+}
+
+#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
+
+static void
+set_tkt_string(uid_t uid)
+{
+ char buf[128];
+
+ snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
+ krb_set_tkt_string(buf);
+
+#if 0
+ /* pam_set_data+pam_get_data are not guaranteed to work, grr. */
+ pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
+ if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
+ {
+ pam_putenv(pamh, var);
+ }
+#endif
+
+ /* We don't want to inherit this variable.
+ * If we still do, it must have a sane value. */
+ if (getenv("KRBTKFILE") != 0)
+ {
+ char *var = malloc(sizeof(buf));
+ snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
+ putenv(var);
+ /* free(var); XXX */
+ }
+}
+
+static int
+verify_pass(pam_handle_t *pamh,
+ const char *name,
+ const char *inst,
+ const char *pass)
+{
+ char realm[REALM_SZ];
+ int ret, krb_verify, old_euid, old_ruid;
+
+ krb_get_lrealm(realm, 1);
+ if (ctrl_on(KRB4_NO_VERIFY))
+ krb_verify = KRB_VERIFY_SECURE_FAIL;
+ else
+ krb_verify = KRB_VERIFY_SECURE;
+ old_ruid = getuid();
+ old_euid = geteuid();
+ setreuid(0, 0);
+ ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
+ pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
+ name, inst, realm, krb_verify,
+ krb_get_err_text(ret));
+ setreuid(old_ruid, old_euid);
+ if (getuid() != old_ruid || geteuid() != old_euid)
+ {
+ psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
+ old_ruid, old_euid, __LINE__);
+ exit(1);
+ }
+
+ switch(ret) {
+ case KSUCCESS:
+ return PAM_SUCCESS;
+ case KDC_PR_UNKNOWN:
+ return PAM_USER_UNKNOWN;
+ case SKDC_CANT:
+ case SKDC_RETRY:
+ case RD_AP_TIME:
+ return PAM_AUTHINFO_UNAVAIL;
+ default:
+ return PAM_AUTH_ERR;
+ }
+}
+
+static int
+krb4_auth(pam_handle_t *pamh,
+ int flags,
+ const char *name,
+ const char *inst,
+ struct pam_conv *conv)
+{
+ struct pam_response *resp;
+ char prompt[128];
+ struct pam_message msg, *pmsg = &msg;
+ int ret;
+
+ if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
+ {
+ char *pass = 0;
+ ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
+ if (ret != PAM_SUCCESS)
+ {
+ psyslog(LOG_ERR , "pam_get_item returned error to get-password");
+ return ret;
+ }
+ else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
+ return PAM_SUCCESS;
+ else if (ctrl_on(KRB4_USE_FIRST_PASS))
+ return PAM_AUTHTOK_RECOVERY_ERR; /* Wrong password! */
+ else
+ /* We tried the first password but it didn't work, cont. */;
+ }
+
+ msg.msg_style = PAM_PROMPT_ECHO_OFF;
+ if (*inst == 0)
+ snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
+ else
+ snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
+ msg.msg = prompt;
+
+ ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
+ if (ret != PAM_SUCCESS)
+ return ret;
+
+ ret = verify_pass(pamh, name, inst, resp->resp);
+ if (ret == PAM_SUCCESS)
+ {
+ memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
+ free(resp->resp);
+ free(resp);
+ }
+ else
+ {
+ pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
+ /* free(resp->resp); XXX */
+ /* free(resp); XXX */
+ }
+
+ return ret;
+}
+
+int
+pam_sm_authenticate(pam_handle_t *pamh,
+ int flags,
+ int argc,
+ const char **argv)
+{
+ char *user;
+ int ret;
+ struct pam_conv *conv;
+ struct passwd *pw;
+ uid_t uid = -1;
+ const char *name, *inst;
+ char realm[REALM_SZ];
+ realm[0] = 0;
+
+ parse_ctrl(argc, argv);
+ ENTRY("pam_sm_authenticate");
+
+ ret = pam_get_user(pamh, &user, "login: ");
+ if (ret != PAM_SUCCESS)
+ return ret;
+
+ if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
+ return PAM_AUTHINFO_UNAVAIL;
+
+ ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
+ if (ret != PAM_SUCCESS)
+ return ret;
+
+ pw = getpwnam(user);
+ if (pw != 0)
+ {
+ uid = pw->pw_uid;
+ set_tkt_string(uid);
+ }
+
+ if (strcmp(user, "root") == 0 && getuid() != 0)
+ {
+ pw = getpwuid(getuid());
+ if (pw != 0)
+ {
+ name = strdup(pw->pw_name);
+ inst = "root";
+ }
+ }
+ else
+ {
+ name = user;
+ inst = "";
+ }
+
+ ret = krb4_auth(pamh, flags, name, inst, conv);
+
+ /*
+ * The realm was lost inside krb_verify_user() so we can't simply do
+ * a krb_kuserok() when inst != "".
+ */
+ if (ret == PAM_SUCCESS && inst[0] != 0)
+ {
+ uid_t old_euid = geteuid();
+ uid_t old_ruid = getuid();
+
+ setreuid(0, 0); /* To read ticket file. */
+ if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
+ ret = PAM_SERVICE_ERR;
+ else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
+ {
+ setreuid(0, uid); /* To read ~/.klogin. */
+ if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
+ ret = PAM_PERM_DENIED;
+ }
+
+ if (ret != PAM_SUCCESS)
+ {
+ dest_tkt(); /* Passwd known, ok to kill ticket. */
+ psyslog(LOG_NOTICE,
+ "%s.%s@%s is not allowed to log in as %s",
+ name, inst, realm, user);
+ }
+
+ setreuid(old_ruid, old_euid);
+ if (getuid() != old_ruid || geteuid() != old_euid)
+ {
+ psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
+ old_ruid, old_euid, __LINE__);
+ exit(1);
+ }
+ }
+
+ if (ret == PAM_SUCCESS)
+ {
+ psyslog(LOG_INFO,
+ "%s.%s@%s authenticated as user %s",
+ name, inst, realm, user);
+ if (chown(tkt_string(), uid, -1) == -1)
+ {
+ dest_tkt();
+ psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
+ exit(1);
+ }
+ }
+
+ /*
+ * Kludge alert!!! Sun dtlogin unlock screen fails to call
+ * pam_setcred(3) with PAM_REFRESH_CRED after a successful
+ * authentication attempt, sic.
+ *
+ * This hack is designed as a workaround to that problem.
+ */
+ if (ctrl_on(KRB4_REAFSLOG))
+ if (ret == PAM_SUCCESS)
+ pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
+
+ return ret;
+}
+
+int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ parse_ctrl(argc, argv);
+ ENTRY("pam_sm_setcred");
+
+ switch (flags & ~PAM_SILENT) {
+ case 0:
+ case PAM_ESTABLISH_CRED:
+ if (k_hasafs())
+ k_setpag();
+ /* Fall through, fill PAG with credentials below. */
+ case PAM_REINITIALIZE_CRED:
+ case PAM_REFRESH_CRED:
+ if (k_hasafs())
+ {
+ void *user = 0;
+
+ if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
+ {
+ struct passwd *pw = getpwnam((char *)user);
+ if (pw != 0)
+ krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
+ pw->pw_uid, pw->pw_dir);
+ }
+ }
+ break;
+ case PAM_DELETE_CRED:
+ dest_tkt();
+ if (k_hasafs())
+ k_unlog();
+ break;
+ default:
+ psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
+ break;
+ }
+
+ return PAM_SUCCESS;
+}
+
+int
+pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ parse_ctrl(argc, argv);
+ ENTRY("pam_sm_open_session");
+
+ return PAM_SUCCESS;
+}
+
+
+int
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
+{
+ parse_ctrl(argc, argv);
+ ENTRY("pam_sm_close_session");
+
+ /* This isn't really kosher, but it's handy. */
+ pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
+
+ return PAM_SUCCESS;
+}
Added: vendor-crypto/heimdal/dist/lib/auth/pam/pam.conf.add
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/pam/pam.conf.add (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/pam/pam.conf.add 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,97 @@
+To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
+
+--- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998
++++ /etc/pam.conf Tue Feb 15 19:39:12 2000
+@@ -4,15 +4,19 @@
+ #
+ # Authentication management
+ #
++login auth sufficient /usr/athena/lib/pam_krb4.so
+ login auth required /usr/lib/security/pam_unix.so.1
+ login auth required /usr/lib/security/pam_dial_auth.so.1
+ #
+ rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
+ rlogin auth required /usr/lib/security/pam_unix.so.1
+ #
++dtlogin auth sufficient /usr/athena/lib/pam_krb4.so
+ dtlogin auth required /usr/lib/security/pam_unix.so.1
+ #
+ rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
++# Reafslog is for dtlogin lock display
++other auth sufficient /usr/athena/lib/pam_krb4.so reafslog
+ other auth required /usr/lib/security/pam_unix.so.1
+ #
+ # Account management
+@@ -24,6 +28,8 @@
+ #
+ # Session management
+ #
++dtlogin session required /usr/athena/lib/pam_krb4.so
++login session required /usr/athena/lib/pam_krb4.so
+ other session required /usr/lib/security/pam_unix.so.1
+ #
+ # Password management
+---------------------------------------------------------------------------
+To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches:
+
+--- /etc/pam.d/login~ Tue Dec 7 12:01:35 1999
++++ /etc/pam.d/login Wed May 31 16:27:55 2000
+@@ -1,9 +1,12 @@
+ #%PAM-1.0
++# Updated to work with kerberos
++auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1
+ auth required /lib/security/pam_securetty.so
+ auth required /lib/security/pam_pwdb.so shadow nullok
+ auth required /lib/security/pam_nologin.so
+ account required /lib/security/pam_pwdb.so
+ password required /lib/security/pam_cracklib.so
+ password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
++session required /usr/athena/lib/pam_krb4.so.1.0.1
+ session required /lib/security/pam_pwdb.so
+ session optional /lib/security/pam_console.so
+--- /etc/pam.d/xdm~ Wed May 31 16:33:54 2000
++++ /etc/pam.d/xdm Wed May 31 16:28:29 2000
+@@ -1,8 +1,11 @@
+ #%PAM-1.0
++# Updated to work with kerberos
++auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1
+ auth required /lib/security/pam_pwdb.so shadow nullok
+ auth required /lib/security/pam_nologin.so
+ account required /lib/security/pam_pwdb.so
+ password required /lib/security/pam_cracklib.so
+ password required /lib/security/pam_pwdb.so shadow nullok use_authtok
++session required /usr/athena/lib/pam_krb4.so.1.0.1
+ session required /lib/security/pam_pwdb.so
+ session optional /lib/security/pam_console.so
+--- /etc/pam.d/gdm~ Wed May 31 16:33:54 2000
++++ /etc/pam.d/gdm Wed May 31 16:34:28 2000
+@@ -1,8 +1,11 @@
+ #%PAM-1.0
++# Updated to work with kerberos
++auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1
+ auth required /lib/security/pam_pwdb.so shadow nullok
+ auth required /lib/security/pam_nologin.so
+ account required /lib/security/pam_pwdb.so
+ password required /lib/security/pam_cracklib.so
+ password required /lib/security/pam_pwdb.so shadow nullok use_authtok
++session required /usr/athena/lib/pam_krb4.so.1.0.1
+ session required /lib/security/pam_pwdb.so
+ session optional /lib/security/pam_console.so
+
+--------------------------------------------------------------------------
+
+This stuff may work under some other system.
+
+# To get this to work, you will have to add entries to /etc/pam.conf
+#
+# To make login kerberos-aware, you might change pam.conf to look
+# like:
+
+# login authorization
+login auth sufficient /lib/security/pam_krb4.so
+login auth required /lib/security/pam_securetty.so
+login auth required /lib/security/pam_unix_auth.so
+login account required /lib/security/pam_unix_acct.so
+login password required /lib/security/pam_unix_passwd.so
+login session required /lib/security/pam_krb4.so
+login session required /lib/security/pam_unix_session.so
Added: vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,116 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4)
+
+WFLAGS += $(WFLAGS_NOIMPLICITINT)
+
+DEFS = @DEFS@
+
+## this is horribly ugly, but automake/libtool doesn't allow us to
+## unconditionally build shared libraries, and it does not allow us to
+## link with non-installed libraries
+
+KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a
+KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so
+
+if KRB5
+L = \
+ $(KAFS) \
+ $(top_builddir)/lib/krb5/.libs/libkrb5.a \
+ $(top_builddir)/lib/asn1/.libs/libasn1.a \
+ $(LIB_krb4) \
+ $(LIB_hcrypto_a) \
+ $(LIB_com_err_a) \
+ $(top_builddir)/lib/roken/.libs/libroken.a \
+ $(LIB_getpwnam_r) \
+ -lc
+
+L_shared = \
+ $(KAFS_S) \
+ $(top_builddir)/lib/krb5/.libs/libkrb5.so \
+ $(top_builddir)/lib/asn1/.libs/libasn1.so \
+ $(LIB_krb4) \
+ $(LIB_hcrypto_so) \
+ $(LIB_com_err_so) \
+ $(top_builddir)/lib/roken/.libs/libroken.so \
+ $(LIB_getpwnam_r) \
+ -lc
+
+MOD = libsia_krb5.so
+
+else
+
+L = \
+ $(KAFS) \
+ $(top_builddir)/lib/kadm/.libs/libkadm.a \
+ $(top_builddir)/lib/krb/.libs/libkrb.a \
+ $(LIB_hcrypto_a) \
+ $(top_builddir)/lib/com_err/.libs/libcom_err.a \
+ $(top_builddir)/lib/roken/.libs/libroken.a \
+ $(LIB_getpwnam_r) \
+ -lc
+
+L_shared = \
+ $(KAFS_S) \
+ $(top_builddir)/lib/kadm/.libs/libkadm.so \
+ $(top_builddir)/lib/krb/.libs/libkrb.so \
+ $(LIB_hcrypto_so) \
+ $(top_builddir)/lib/com_err/.libs/libcom_err.so \
+ $(top_builddir)/lib/roken/.libs/libroken.so \
+ $(LIB_getpwnam_r) \
+ -lc
+
+MOD = libsia_krb4.so
+
+endif
+
+foodir = $(libdir)
+foo_DATA = $(MOD)
+
+LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\*
+
+SRCS = sia.c posix_getpw.c sia_locl.h
+OBJS = sia.o posix_getpw.o
+
+libsia_krb5.so: $(OBJS)
+ @if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
+ elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
+ else \
+ echo "missing libraries"; exit 1; \
+ fi
+ ostrip -x $@
+
+libsia_krb4.so: $(OBJS)
+ @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
+ elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
+ else \
+ echo "missing libraries"; exit 1; \
+ fi
+ ostrip -x $@
+
+CLEANFILES = $(MOD) $(OBJS) so_locations
+
+SUFFIXES += .c .o
+
+# XXX inline COMPILE since automake wont add it
+
+.c.o:
+ $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
+ -c `test -f '$<' || echo '$(srcdir)/'`$<
+
+EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \
+ krb4_matrix.conf krb4+c2_matrix.conf \
+ krb5_matrix.conf krb5+c2_matrix.conf \
+ security.patch \
+ make-rpath $(SRCS)
Added: vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,778 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = lib/auth/sia
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(foodir)"
+fooDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(foo_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\*
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a
+KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so
+ at KRB5_FALSE@L = \
+ at KRB5_FALSE@ $(KAFS) \
+ at KRB5_FALSE@ $(top_builddir)/lib/kadm/.libs/libkadm.a \
+ at KRB5_FALSE@ $(top_builddir)/lib/krb/.libs/libkrb.a \
+ at KRB5_FALSE@ $(LIB_hcrypto_a) \
+ at KRB5_FALSE@ $(top_builddir)/lib/com_err/.libs/libcom_err.a \
+ at KRB5_FALSE@ $(top_builddir)/lib/roken/.libs/libroken.a \
+ at KRB5_FALSE@ $(LIB_getpwnam_r) \
+ at KRB5_FALSE@ -lc
+
+ at KRB5_TRUE@L = \
+ at KRB5_TRUE@ $(KAFS) \
+ at KRB5_TRUE@ $(top_builddir)/lib/krb5/.libs/libkrb5.a \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/.libs/libasn1.a \
+ at KRB5_TRUE@ $(LIB_krb4) \
+ at KRB5_TRUE@ $(LIB_hcrypto_a) \
+ at KRB5_TRUE@ $(LIB_com_err_a) \
+ at KRB5_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.a \
+ at KRB5_TRUE@ $(LIB_getpwnam_r) \
+ at KRB5_TRUE@ -lc
+
+ at KRB5_FALSE@L_shared = \
+ at KRB5_FALSE@ $(KAFS_S) \
+ at KRB5_FALSE@ $(top_builddir)/lib/kadm/.libs/libkadm.so \
+ at KRB5_FALSE@ $(top_builddir)/lib/krb/.libs/libkrb.so \
+ at KRB5_FALSE@ $(LIB_hcrypto_so) \
+ at KRB5_FALSE@ $(top_builddir)/lib/com_err/.libs/libcom_err.so \
+ at KRB5_FALSE@ $(top_builddir)/lib/roken/.libs/libroken.so \
+ at KRB5_FALSE@ $(LIB_getpwnam_r) \
+ at KRB5_FALSE@ -lc
+
+ at KRB5_TRUE@L_shared = \
+ at KRB5_TRUE@ $(KAFS_S) \
+ at KRB5_TRUE@ $(top_builddir)/lib/krb5/.libs/libkrb5.so \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/.libs/libasn1.so \
+ at KRB5_TRUE@ $(LIB_krb4) \
+ at KRB5_TRUE@ $(LIB_hcrypto_so) \
+ at KRB5_TRUE@ $(LIB_com_err_so) \
+ at KRB5_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.so \
+ at KRB5_TRUE@ $(LIB_getpwnam_r) \
+ at KRB5_TRUE@ -lc
+
+ at KRB5_FALSE@MOD = libsia_krb4.so
+ at KRB5_TRUE@MOD = libsia_krb5.so
+foodir = $(libdir)
+foo_DATA = $(MOD)
+SRCS = sia.c posix_getpw.c sia_locl.h
+OBJS = sia.o posix_getpw.o
+CLEANFILES = $(MOD) $(OBJS) so_locations
+EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \
+ krb4_matrix.conf krb4+c2_matrix.conf \
+ krb5_matrix.conf krb5+c2_matrix.conf \
+ security.patch \
+ make-rpath $(SRCS)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/sia/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/auth/sia/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-fooDATA: $(foo_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
+ @list='$(foo_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
+ $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
+ done
+
+uninstall-fooDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(foo_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
+ rm -f "$(DESTDIR)$(foodir)/$$f"; \
+ done
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(foodir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-fooDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-fooDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-fooDATA \
+ install-html install-html-am install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am uninstall uninstall-am uninstall-fooDATA \
+ uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+libsia_krb5.so: $(OBJS)
+ @if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
+ elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
+ else \
+ echo "missing libraries"; exit 1; \
+ fi
+ ostrip -x $@
+
+libsia_krb4.so: $(OBJS)
+ @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \
+ elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \
+ echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \
+ $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \
+ else \
+ echo "missing libraries"; exit 1; \
+ fi
+ ostrip -x $@
+
+# XXX inline COMPILE since automake wont add it
+
+.c.o:
+ $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \
+ -c `test -f '$<' || echo '$(srcdir)/'`$<
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/auth/sia/krb4+c2_matrix.conf
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/krb4+c2_matrix.conf (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/krb4+c2_matrix.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+# Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+# $Id: krb4+c2_matrix.conf,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# sia matrix configuration file (Kerberos 4 + C2)
+
+siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so)
Added: vendor-crypto/heimdal/dist/lib/auth/sia/krb4_matrix.conf
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/krb4_matrix.conf (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/krb4_matrix.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+# Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+# $Id: krb4_matrix.conf,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# sia matrix configuration file (Kerberos 4 + BSD)
+
+siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_invoker=(BSD,libc.so)
+siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)
+siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_estab=(BSD,libc.so)
+siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chg_finger=(BSD,libc.so)
+siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chg_shell=(BSD,libc.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so)
+
Added: vendor-crypto/heimdal/dist/lib/auth/sia/krb5+c2_matrix.conf
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/krb5+c2_matrix.conf (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/krb5+c2_matrix.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+# $Id: krb5+c2_matrix.conf,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# sia matrix configuration file (Kerberos 5 + C2)
+
+siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
+siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so)
Added: vendor-crypto/heimdal/dist/lib/auth/sia/krb5_matrix.conf
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/krb5_matrix.conf (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/krb5_matrix.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+# $Id: krb5_matrix.conf,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# sia matrix configuration file (Kerberos 5 + BSD)
+
+siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_invoker=(BSD,libc.so)
+siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)
+siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_estab=(BSD,libc.so)
+siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
+siad_ses_reauthent=(BSD,libc.so)
+siad_chg_finger=(BSD,libc.so)
+siad_chg_password=(BSD,libc.so)
+siad_chg_shell=(BSD,libc.so)
+siad_getpwent=(BSD,libc.so)
+siad_getpwuid=(BSD,libc.so)
+siad_getpwnam=(BSD,libc.so)
+siad_setpwent=(BSD,libc.so)
+siad_endpwent=(BSD,libc.so)
+siad_getgrent=(BSD,libc.so)
+siad_getgrgid=(BSD,libc.so)
+siad_getgrnam=(BSD,libc.so)
+siad_setgrent=(BSD,libc.so)
+siad_endgrent=(BSD,libc.so)
+siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so)
+siad_chk_user=(BSD,libc.so)
Added: vendor-crypto/heimdal/dist/lib/auth/sia/make-rpath
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/make-rpath (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/make-rpath 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,34 @@
+#!/bin/sh
+# $Id: make-rpath,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+rlist=
+rest=
+while test $# -gt 0; do
+case $1 in
+-R|-rpath)
+ if test "$rlist"; then
+ rlist="${rlist}:$2"
+ else
+ rlist="$2"
+ fi
+ shift 2
+ ;;
+-R*)
+ d=`echo $1 | sed 's,^-R,,'`
+ if test "$rlist"; then
+ rlist="${rlist}:${d}"
+ else
+ rlist="${d}"
+ fi
+ shift
+ ;;
+*)
+ rest="${rest} $1"
+ shift
+ ;;
+esac
+done
+rpath=
+if test "$rlist"; then
+ rpath="-rpath $rlist "
+fi
+echo "${rpath}${rest}"
Added: vendor-crypto/heimdal/dist/lib/auth/sia/posix_getpw.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/posix_getpw.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/posix_getpw.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "sia_locl.h"
+
+RCSID("$Id: posix_getpw.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef POSIX_GETPWNAM_R
+/*
+ * These functions translate from the old Digital UNIX 3.x interface
+ * to POSIX.1c.
+ */
+
+int
+posix_getpwnam_r(const char *name, struct passwd *pwd,
+ char *buffer, int len, struct passwd **result)
+{
+ int ret = getpwnam_r(name, pwd, buffer, len);
+ if(ret == 0)
+ *result = pwd;
+ else{
+ *result = NULL;
+ ret = _Geterrno();
+ if(ret == 0){
+ ret = ERANGE;
+ _Seterrno(ret);
+ }
+ }
+ return ret;
+}
+
+int
+posix_getpwuid_r(uid_t uid, struct passwd *pwd,
+ char *buffer, int len, struct passwd **result)
+{
+ int ret = getpwuid_r(uid, pwd, buffer, len);
+ if(ret == 0)
+ *result = pwd;
+ else{
+ *result = NULL;
+ ret = _Geterrno();
+ if(ret == 0){
+ ret = ERANGE;
+ _Seterrno(ret);
+ }
+ }
+ return ret;
+}
+#endif /* POSIX_GETPWNAM_R */
Added: vendor-crypto/heimdal/dist/lib/auth/sia/security.patch
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/security.patch (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/security.patch 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,11 @@
+--- /sbin/init.d/security~ Tue Aug 20 22:44:09 1996
++++ /sbin/init.d/security Fri Nov 1 14:52:56 1996
+@@ -49,7 +49,7 @@
+ SECURITY=BASE
+ fi
+ ;;
+- BASE)
++ BASE|KRB4)
+ ;;
+ *)
+ echo "security configuration set to default (BASE)."
Added: vendor-crypto/heimdal/dist/lib/auth/sia/sia.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/sia.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/sia.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,703 @@
+/*
+ * Copyright (c) 1995-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "sia_locl.h"
+
+RCSID("$Id: sia.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int
+siad_init(void)
+{
+ return SIADSUCCESS;
+}
+
+int
+siad_chk_invoker(void)
+{
+ SIA_DEBUG(("DEBUG", "siad_chk_invoker"));
+ return SIADFAIL;
+}
+
+int
+siad_ses_init(SIAENTITY *entity, int pkgind)
+{
+ struct state *s = malloc(sizeof(*s));
+
+ SIA_DEBUG(("DEBUG", "siad_ses_init"));
+ if(s == NULL)
+ return SIADFAIL;
+ memset(s, 0, sizeof(*s));
+#ifdef SIA_KRB5
+ {
+ krb5_error_code ret;
+ ret = krb5_init_context(&s->context);
+ if (ret)
+ return SIADFAIL;
+ }
+#endif
+ entity->mech[pkgind] = (int*)s;
+ return SIADSUCCESS;
+}
+
+static int
+setup_name(SIAENTITY *e, prompt_t *p)
+{
+ SIA_DEBUG(("DEBUG", "setup_name"));
+ e->name = malloc(SIANAMEMIN + 1);
+ if(e->name == NULL){
+ SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1));
+ return SIADFAIL;
+ }
+ p->prompt = (unsigned char*)"login: ";
+ p->result = (unsigned char*)e->name;
+ p->min_result_length = 1;
+ p->max_result_length = SIANAMEMIN;
+ p->control_flags = 0;
+ return SIADSUCCESS;
+}
+
+static int
+setup_password(SIAENTITY *e, prompt_t *p)
+{
+ SIA_DEBUG(("DEBUG", "setup_password"));
+ e->password = malloc(SIAMXPASSWORD + 1);
+ if(e->password == NULL){
+ SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1));
+ return SIADFAIL;
+ }
+ p->prompt = (unsigned char*)"Password: ";
+ p->result = (unsigned char*)e->password;
+ p->min_result_length = 0;
+ p->max_result_length = SIAMXPASSWORD;
+ p->control_flags = SIARESINVIS;
+ return SIADSUCCESS;
+}
+
+
+static int
+doauth(SIAENTITY *entity, int pkgind, char *name)
+{
+ struct passwd pw, *pwd;
+ char pwbuf[1024];
+ struct state *s = (struct state*)entity->mech[pkgind];
+#ifdef SIA_KRB5
+ krb5_realm *realms, *r;
+ krb5_principal principal;
+ krb5_ccache ccache;
+ krb5_error_code ret;
+#endif
+#ifdef SIA_KRB4
+ char realm[REALM_SZ];
+ char *toname, *toinst;
+ int ret;
+ struct passwd fpw, *fpwd;
+ char fpwbuf[1024];
+ int secure;
+#endif
+
+ if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0 || pwd == NULL){
+ SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name));
+ return SIADFAIL;
+ }
+
+#ifdef SIA_KRB5
+ ret = krb5_get_default_realms(s->context, &realms);
+
+ for (r = realms; *r != NULL; ++r) {
+ krb5_make_principal (s->context, &principal, *r, entity->name, NULL);
+
+ if(krb5_kuserok(s->context, principal, entity->name))
+ break;
+ }
+ krb5_free_host_realm (s->context, realms);
+ if (*r == NULL)
+ return SIADFAIL;
+
+ sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid());
+ ret = krb5_cc_resolve(s->context, s->ticket, &ccache);
+ if(ret)
+ return SIADFAIL;
+#endif
+
+#ifdef SIA_KRB4
+ snprintf(s->ticket, sizeof(s->ticket),
+ "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
+ krb_get_lrealm(realm, 1);
+ toname = name;
+ toinst = "";
+ if(entity->authtype == SIA_A_SUAUTH){
+ uid_t ouid;
+#ifdef HAVE_SIAENTITY_OUID
+ ouid = entity->ouid;
+#else
+ ouid = getuid();
+#endif
+ if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0 || fpwd == NULL){
+ SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
+ return SIADFAIL;
+ }
+ snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d",
+ TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid());
+ if(strcmp(pwd->pw_name, "root") == 0){
+ toname = fpwd->pw_name;
+ toinst = pwd->pw_name;
+ }
+ }
+ if(entity->authtype == SIA_A_REAUTH)
+ snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string());
+
+ krb_set_tkt_string(s->ticket);
+
+ setuid(0); /* XXX fix for fix in tf_util.c */
+ if(krb_kuserok(toname, toinst, realm, name)){
+ SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s",
+ toname, toinst, realm, name));
+ return SIADFAIL;
+ }
+#endif
+#ifdef SIA_KRB5
+ ret = krb5_verify_user_lrealm(s->context, principal, ccache,
+ entity->password, 1, NULL);
+ if(ret){
+ /* if this is most likely a local user (such as
+ root), just silently return failure when the
+ principal doesn't exist */
+ if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN &&
+ ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+ SIALOG("WARNING", "krb5_verify_user(%s): %s",
+ entity->name, error_message(ret));
+ return SIADFAIL;
+ }
+#endif
+#ifdef SIA_KRB4
+ if (getuid () == 0)
+ secure = KRB_VERIFY_SECURE;
+ else
+ secure = KRB_VERIFY_NOT_SECURE;
+
+ ret = krb_verify_user(toname, toinst, realm,
+ entity->password, secure, NULL);
+ if(ret){
+ SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret)));
+ if(ret != KDC_PR_UNKNOWN)
+ /* since this is most likely a local user (such as
+ root), just silently return failure when the
+ principal doesn't exist */
+ SIALOG("WARNING", "krb_verify_user(%s.%s): %s",
+ toname, toinst, krb_get_err_text(ret));
+ return SIADFAIL;
+ }
+#endif
+ if(sia_make_entity_pwd(pwd, entity) == SIAFAIL)
+ return SIADFAIL;
+ s->valid = 1;
+ return SIADSUCCESS;
+}
+
+
+static int
+common_auth(sia_collect_func_t *collect,
+ SIAENTITY *entity,
+ int siastat,
+ int pkgind)
+{
+ prompt_t prompts[2], *pr;
+ char *name;
+
+ SIA_DEBUG(("DEBUG", "common_auth"));
+ if((siastat == SIADSUCCESS) && (geteuid() == 0))
+ return SIADSUCCESS;
+ if(entity == NULL) {
+ SIA_DEBUG(("DEBUG", "entity == NULL"));
+ return SIADFAIL | SIADSTOP;
+ }
+ name = entity->name;
+ if(entity->acctname)
+ name = entity->acctname;
+
+ if((collect != NULL) && entity->colinput) {
+ int num;
+ pr = prompts;
+ if(name == NULL){
+ if(setup_name(entity, pr) != SIADSUCCESS)
+ return SIADFAIL;
+ pr++;
+ }
+ if(entity->password == NULL){
+ if(setup_password(entity, pr) != SIADSUCCESS)
+ return SIADFAIL;
+ pr++;
+ }
+ num = pr - prompts;
+ if(num == 1){
+ if((*collect)(240, SIAONELINER, (unsigned char*)"", num,
+ prompts) != SIACOLSUCCESS){
+ SIA_DEBUG(("DEBUG", "collect failed"));
+ return SIADFAIL | SIADSTOP;
+ }
+ } else if(num > 0){
+ if((*collect)(0, SIAFORM, (unsigned char*)"", num,
+ prompts) != SIACOLSUCCESS){
+ SIA_DEBUG(("DEBUG", "collect failed"));
+ return SIADFAIL | SIADSTOP;
+ }
+ }
+ }
+ if(name == NULL)
+ name = entity->name;
+ if(name == NULL || name[0] == '\0'){
+ SIA_DEBUG(("DEBUG", "name is null"));
+ return SIADFAIL;
+ }
+
+ if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){
+ SIA_DEBUG(("DEBUG", "entity->password is null"));
+ return SIADFAIL;
+ }
+
+ return doauth(entity, pkgind, name);
+}
+
+
+int
+siad_ses_authent(sia_collect_func_t *collect,
+ SIAENTITY *entity,
+ int siastat,
+ int pkgind)
+{
+ SIA_DEBUG(("DEBUG", "siad_ses_authent"));
+ return common_auth(collect, entity, siastat, pkgind);
+}
+
+int
+siad_ses_estab(sia_collect_func_t *collect,
+ SIAENTITY *entity, int pkgind)
+{
+ SIA_DEBUG(("DEBUG", "siad_ses_estab"));
+ return SIADFAIL;
+}
+
+int
+siad_ses_launch(sia_collect_func_t *collect,
+ SIAENTITY *entity,
+ int pkgind)
+{
+ static char env[MaxPathLen];
+ struct state *s = (struct state*)entity->mech[pkgind];
+ SIA_DEBUG(("DEBUG", "siad_ses_launch"));
+ if(s->valid){
+#ifdef SIA_KRB5
+ chown(s->ticket + sizeof("FILE:") - 1,
+ entity->pwd->pw_uid,
+ entity->pwd->pw_gid);
+ snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket);
+#endif
+#ifdef SIA_KRB4
+ chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
+ snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket);
+#endif
+ putenv(env);
+ }
+#ifdef SIA_KRB5
+ if (k_hasafs()) {
+ char cell[64];
+ krb5_ccache ccache;
+ if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) {
+ k_setpag();
+ if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
+ krb5_afslog(s->context, ccache, cell, 0);
+ krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir);
+ }
+ }
+#endif
+#ifdef SIA_KRB4
+ if (k_hasafs()) {
+ char cell[64];
+ k_setpag();
+ if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0)
+ krb_afslog(cell, 0);
+ krb_afslog_home(0, 0, entity->pwd->pw_dir);
+ }
+#endif
+ return SIADSUCCESS;
+}
+
+int
+siad_ses_release(SIAENTITY *entity, int pkgind)
+{
+ SIA_DEBUG(("DEBUG", "siad_ses_release"));
+ if(entity->mech[pkgind]){
+#ifdef SIA_KRB5
+ struct state *s = (struct state*)entity->mech[pkgind];
+ krb5_free_context(s->context);
+#endif
+ free(entity->mech[pkgind]);
+ }
+ return SIADSUCCESS;
+}
+
+int
+siad_ses_suauthent(sia_collect_func_t *collect,
+ SIAENTITY *entity,
+ int siastat,
+ int pkgind)
+{
+ SIA_DEBUG(("DEBUG", "siad_ses_suauth"));
+ if(geteuid() != 0)
+ return SIADFAIL;
+ if(entity->name == NULL)
+ return SIADFAIL;
+ if(entity->name[0] == '\0') {
+ free(entity->name);
+ entity->name = strdup("root");
+ if (entity->name == NULL)
+ return SIADFAIL;
+ }
+ return common_auth(collect, entity, siastat, pkgind);
+}
+
+int
+siad_ses_reauthent (sia_collect_func_t *collect,
+ SIAENTITY *entity,
+ int siastat,
+ int pkgind)
+{
+ int ret;
+ SIA_DEBUG(("DEBUG", "siad_ses_reauthent"));
+ if(entity == NULL || entity->name == NULL)
+ return SIADFAIL;
+ ret = common_auth(collect, entity, siastat, pkgind);
+ if((ret & SIADSUCCESS)){
+ /* launch isn't (always?) called when doing reauth, so we must
+ duplicate some code here... */
+ struct state *s = (struct state*)entity->mech[pkgind];
+ chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid);
+#ifdef SIA_KRB5
+ if (k_hasafs()) {
+ char cell[64];
+ krb5_ccache ccache;
+ if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) {
+ k_setpag();
+ if(k_afs_cell_of_file(entity->pwd->pw_dir,
+ cell, sizeof(cell)) == 0)
+ krb5_afslog(s->context, ccache, cell, 0);
+ krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir);
+ }
+ }
+#endif
+#ifdef SIA_KRB4
+ if(k_hasafs()) {
+ char cell[64];
+ if(k_afs_cell_of_file(entity->pwd->pw_dir,
+ cell, sizeof(cell)) == 0)
+ krb_afslog(cell, 0);
+ krb_afslog_home(0, 0, entity->pwd->pw_dir);
+ }
+#endif
+ }
+ return ret;
+}
+
+int
+siad_chg_finger (sia_collect_func_t *collect,
+ const char *username,
+ int argc,
+ char *argv[])
+{
+ SIA_DEBUG(("DEBUG", "siad_chg_finger"));
+ return SIADFAIL;
+}
+
+#ifdef SIA_KRB5
+int
+siad_chg_password (sia_collect_func_t *collect,
+ const char *username,
+ int argc,
+ char *argv[])
+{
+ return SIADFAIL;
+}
+#endif
+
+#ifdef SIA_KRB4
+static void
+sia_message(sia_collect_func_t *collect, int rendition,
+ const char *title, const char *message)
+{
+ prompt_t prompt;
+ prompt.prompt = (unsigned char*)message;
+ (*collect)(0, rendition, (unsigned char*)title, 1, &prompt);
+}
+
+static int
+init_change(sia_collect_func_t *collect, krb_principal *princ)
+{
+ prompt_t prompt;
+ char old_pw[MAX_KPW_LEN+1];
+ char *msg;
+ char tktstring[128];
+ int ret;
+
+ SIA_DEBUG(("DEBUG", "init_change"));
+ prompt.prompt = (unsigned char*)"Old password: ";
+ prompt.result = (unsigned char*)old_pw;
+ prompt.min_result_length = 0;
+ prompt.max_result_length = sizeof(old_pw) - 1;
+ prompt.control_flags = SIARESINVIS;
+ asprintf(&msg, "Changing password for %s", krb_unparse_name(princ));
+ if(msg == NULL){
+ SIA_DEBUG(("DEBUG", "out of memory"));
+ return SIADFAIL;
+ }
+ ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt);
+ free(msg);
+ SIA_DEBUG(("DEBUG", "ret = %d", ret));
+ if(ret != SIACOLSUCCESS)
+ return SIADFAIL;
+ snprintf(tktstring, sizeof(tktstring),
+ "%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
+ krb_set_tkt_string(tktstring);
+
+ ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm,
+ PWSERV_NAME, KADM_SINST, 1, old_pw);
+ if (ret != KSUCCESS) {
+ SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret)));
+ if (ret == INTK_BADPW)
+ sia_message(collect, SIAWARNING, "", "Incorrect old password.");
+ else
+ sia_message(collect, SIAWARNING, "", "Kerberos error.");
+ memset(old_pw, 0, sizeof(old_pw));
+ return SIADFAIL;
+ }
+ if(chown(tktstring, getuid(), -1) < 0){
+ dest_tkt();
+ return SIADFAIL;
+ }
+ memset(old_pw, 0, sizeof(old_pw));
+ return SIADSUCCESS;
+}
+
+int
+siad_chg_password (sia_collect_func_t *collect,
+ const char *username,
+ int argc,
+ char *argv[])
+{
+ prompt_t prompts[2];
+ krb_principal princ;
+ int ret;
+ char new_pw1[MAX_KPW_LEN+1];
+ char new_pw2[MAX_KPW_LEN+1];
+ static struct et_list *et_list;
+
+ setprogname(argv[0]);
+
+ SIA_DEBUG(("DEBUG", "siad_chg_password"));
+ if(collect == NULL)
+ return SIADFAIL;
+
+ if(username == NULL)
+ username = getlogin();
+
+ ret = krb_parse_name(username, &princ);
+ if(ret)
+ return SIADFAIL;
+ if(princ.realm[0] == '\0')
+ krb_get_lrealm(princ.realm, 1);
+
+ if(et_list == NULL) {
+ initialize_kadm_error_table_r(&et_list);
+ initialize_krb_error_table_r(&et_list);
+ }
+
+ ret = init_change(collect, &princ);
+ if(ret != SIADSUCCESS)
+ return ret;
+
+again:
+ prompts[0].prompt = (unsigned char*)"New password: ";
+ prompts[0].result = (unsigned char*)new_pw1;
+ prompts[0].min_result_length = MIN_KPW_LEN;
+ prompts[0].max_result_length = sizeof(new_pw1) - 1;
+ prompts[0].control_flags = SIARESINVIS;
+ prompts[1].prompt = (unsigned char*)"Verify new password: ";
+ prompts[1].result = (unsigned char*)new_pw2;
+ prompts[1].min_result_length = MIN_KPW_LEN;
+ prompts[1].max_result_length = sizeof(new_pw2) - 1;
+ prompts[1].control_flags = SIARESINVIS;
+ if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) !=
+ SIACOLSUCCESS) {
+ dest_tkt();
+ return SIADFAIL;
+ }
+ if(strcmp(new_pw1, new_pw2) != 0){
+ sia_message(collect, SIAWARNING, "", "Password mismatch.");
+ goto again;
+ }
+ ret = kadm_check_pw(new_pw1);
+ if(ret) {
+ sia_message(collect, SIAWARNING, "", com_right(et_list, ret));
+ goto again;
+ }
+
+ memset(new_pw2, 0, sizeof(new_pw2));
+ ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm);
+ if (ret != KADM_SUCCESS)
+ sia_message(collect, SIAWARNING, "Error initing kadmin connection",
+ com_right(et_list, ret));
+ else {
+ des_cblock newkey;
+ char *pw_msg; /* message from server */
+
+ des_string_to_key(new_pw1, &newkey);
+ ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg);
+ memset(newkey, 0, sizeof(newkey));
+
+ if (ret == KADM_INSECURE_PW)
+ sia_message(collect, SIAWARNING, "Insecure password", pw_msg);
+ else if (ret != KADM_SUCCESS)
+ sia_message(collect, SIAWARNING, "Error changing password",
+ com_right(et_list, ret));
+ }
+ memset(new_pw1, 0, sizeof(new_pw1));
+
+ if (ret != KADM_SUCCESS)
+ sia_message(collect, SIAWARNING, "", "Password NOT changed.");
+ else
+ sia_message(collect, SIAINFO, "", "Password changed.");
+
+ dest_tkt();
+ if(ret)
+ return SIADFAIL;
+ return SIADSUCCESS;
+}
+#endif
+
+int
+siad_chg_shell (sia_collect_func_t *collect,
+ const char *username,
+ int argc,
+ char *argv[])
+{
+ return SIADFAIL;
+}
+
+int
+siad_getpwent(struct passwd *result,
+ char *buf,
+ int bufsize,
+ struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_getpwuid (uid_t uid,
+ struct passwd *result,
+ char *buf,
+ int bufsize,
+ struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_getpwnam (const char *name,
+ struct passwd *result,
+ char *buf,
+ int bufsize,
+ struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_setpwent (struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_endpwent (struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_getgrent(struct group *result,
+ char *buf,
+ int bufsize,
+ struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_getgrgid (gid_t gid,
+ struct group *result,
+ char *buf,
+ int bufsize,
+ struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_getgrnam (const char *name,
+ struct group *result,
+ char *buf,
+ int bufsize,
+ struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_setgrent (struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_endgrent (struct sia_context *context)
+{
+ return SIADFAIL;
+}
+
+int
+siad_chk_user (const char *logname, int checkflag)
+{
+ if(checkflag != CHGPASSWD)
+ return SIADFAIL;
+ return SIADSUCCESS;
+}
Added: vendor-crypto/heimdal/dist/lib/auth/sia/sia_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/auth/sia/sia_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/auth/sia/sia_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+/* $Id: sia_locl.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __sia_locl_h__
+#define __sia_locl_h__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+#include <siad.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <roken.h>
+
+#ifdef KRB5
+#define SIA_KRB5
+#elif defined(KRB4)
+#define SIA_KRB4
+#endif
+
+#ifdef SIA_KRB5
+#include <krb5.h>
+#include <com_err.h>
+#endif
+#ifdef SIA_KRB4
+#include <krb.h>
+#include <krb_err.h>
+#include <kadm.h>
+#include <kadm_err.h>
+#endif
+#ifdef KRB4
+#include <kafs.h>
+#endif
+
+#ifndef POSIX_GETPWNAM_R
+
+#define getpwnam_r posix_getpwnam_r
+#define getpwuid_r posix_getpwuid_r
+
+#endif /* POSIX_GETPWNAM_R */
+
+#ifndef DEBUG
+#define SIA_DEBUG(X)
+#else
+#define SIA_DEBUG(X) SIALOG X
+#endif
+
+struct state{
+#ifdef SIA_KRB5
+ krb5_context context;
+ krb5_auth_context auth_context;
+#endif
+ char ticket[MaxPathLen];
+ int valid;
+};
+
+#endif /* __sia_locl_h__ */
Added: vendor-crypto/heimdal/dist/lib/com_err/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,235 @@
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: split source files in dist and nodist.
+
+2007-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Only do roken rename for the library.
+
+2007-07-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: use version script.
+
+ * version-script.map: use version script.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: New library version.
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (compile_et_SOURCES): add lex.h
+
+2005-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * com_err.3: Document the _r functions.
+
+2005-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * com_err.h: Include <stdarg.h> for va_list to help AIX 5.2.
+
+2005-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: rename base to base_id since flex defines a function
+ with the argument base
+
+ * compile_et.h: rename base to base_id since flex defines a
+ function with the argument base
+
+ * compile_et.c: rename base to base_id since flex defines a
+ function with the argument base
+
+ * parse.y (name2number): rename base to num to avoid shadowing
+
+ * compile_et.c: rename optind to optidx
+
+2005-05-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse.y: check allocation errors
+
+ * lex.l: check allocation errors correctly
+
+ * compile_et.h: include <err.h>
+
+ * (main): compile_et.c: use strlcpy
+
+2005-04-29 Dave Love <fx at gnu.org>
+
+ * Makefile.am (LDADD): Add libcom_err.la
+
+2005-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * include strlcpy and *printf and use them
+
+2005-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * com_right.h: de-__P
+
+ * com_err.h: de-__P
+
+2002-08-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * compile_et.c: don't add comma after last enum member
+
+2002-08-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * compile_et.c: just declare er_list directly instead of including
+ com_right in generated header files
+
+2002-03-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libcom_err_la_LDFLAGS): set version to 2:1:1
+
+2002-03-10 Assar Westerlund <assar at sics.se>
+
+ * com_err.c (error_message): do not call strerror with a negative error
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 2:0:1
+
+2001-05-11 Assar Westerlund <assar at sics.se>
+
+ * com_err.h (add_to_error_table): add prototype
+ * com_err.c (add_to_error_table): new function, from Derrick J
+ Brashear <shadow at dementia.org>
+
+2001-05-06 Assar Westerlund <assar at sics.se>
+
+ * com_err.h: add printf formats for gcc
+
+2001-02-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * error.c (initialize_error_table_r): put table at end of the list
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * com_err.c (default_proc): add printf attributes
+
+2000-08-16 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 1:1:0
+
+2000-07-31 Assar Westerlund <assar at sics.se>
+
+ * com_right.h (initialize_error_table_r): fix prototype
+
+2000-04-05 Assar Westerlund <assar at sics.se>
+
+ * com_err.c (_et_lit): explicitly initialize it to NULL to make
+ dyld on Darwin/MacOS X happy
+
+2000-01-16 Assar Westerlund <assar at sics.se>
+
+ * com_err.h: remove __P definition (now in com_right.h). this
+ file always includes com_right.h so that's where it should reside.
+ * com_right.h: moved __P here and added it to the function
+ prototypes
+ * com_err.h (error_table_name): add __P
+
+1999-07-03 Assar Westerlund <assar at sics.se>
+
+ * parse.y (statement): use asprintf
+
+1999-06-13 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: make it solaris make vpath-safe
+
+Thu Apr 1 11:13:53 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * compile_et.c: use getargs
+
+Sat Mar 20 00:16:30 1999 Assar Westerlund <assar at sics.se>
+
+ * compile_et.c: static-ize
+
+Thu Mar 18 11:22:13 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: include Makefile.am.common
+
+Tue Mar 16 22:30:05 1999 Assar Westerlund <assar at sics.se>
+
+ * parse.y: use YYACCEPT instead of return
+
+Sat Mar 13 22:22:56 1999 Assar Westerlund <assar at sics.se>
+
+ * compile_et.c (generate_h): cast when calling is* to get rid of a
+ warning
+
+Thu Mar 11 15:00:51 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * parse.y: prototype for error_message
+
+Sun Nov 22 10:39:02 1998 Assar Westerlund <assar at sics.se>
+
+ * compile_et.h: include ctype and roken
+
+ * compile_et.c: include err.h
+ (generate_h): remove unused variable
+
+ * Makefile.in (WFLAGS): set
+
+Fri Nov 20 06:58:59 1998 Assar Westerlund <assar at sics.se>
+
+ * lex.l: undef ECHO to work around AIX lex bug
+
+Sun Sep 27 02:23:59 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * com_err.c (error_message): try to pass code to strerror, to see
+ if it might be an errno code (this if broken, but some MIT code
+ seems to expect this behaviour)
+
+Sat Sep 26 17:42:39 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * compile_et.c: <foo_err.h> -> "foo_err.h"
+
+Tue Jun 30 17:17:36 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add str{cpy,cat}_truncate
+
+Mon May 25 05:24:39 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:50:17 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add symlink magic for linux
+
+Sun Apr 5 09:22:11 1998 Assar Westerlund <assar at sics.se>
+
+ * parse.y: define alloca to malloc in case we're using bison but
+ don't have alloca
+
+Tue Mar 24 05:13:01 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: link with snprintf (From Derrick J Brashear
+ <shadow at dementia.org>)
+
+Fri Feb 27 05:01:42 1998 Assar Westerlund <assar at sics.se>
+
+ * parse.y: initialize ec->next
+
+Thu Feb 26 02:22:25 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: @LEXLIB@
+
+Sat Feb 21 15:18:54 1998 assar westerlund <assar at sics.se>
+
+ * Makefile.in: set YACC and LEX
+
+Tue Feb 17 22:20:27 1998 Bjoern Groenvall <bg at sics.se>
+
+ * com_right.h: Change typedefs so that one may mix MIT compile_et
+ generated code with krb4 dito.
+
+Tue Feb 17 16:30:55 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * compile_et.c (generate): Always return a value.
+
+ * parse.y: Files don't have to end with `end'.
+
+Mon Feb 16 16:09:20 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * lex.l (getstring): Replace getc() with input().
+
+ * Makefile.am: Fixes for new compile_et.
Added: vendor-crypto/heimdal/dist/lib/com_err/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,39 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+YFLAGS = -d
+
+lib_LTLIBRARIES = libcom_err.la
+libcom_err_la_LDFLAGS = -version-info 2:3:1
+
+if versionscript
+libcom_err_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+
+bin_PROGRAMS = compile_et
+
+include_HEADERS = com_err.h com_right.h
+
+compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h
+
+libcom_err_la_CPPFLAGS = $(ROKEN_RENAME)
+dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
+
+if do_roken_rename
+nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c
+endif
+
+$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
+
+compile_et_LDADD = \
+ libcom_err.la \
+ $(LIB_roken) \
+ $(LEXLIB)
+
+snprintf.c:
+ $(LN_S) $(srcdir)/../roken/snprintf.c .
+strlcpy.c:
+ $(LN_S) $(srcdir)/../roken/strlcpy.c .
+
+EXTRA_DIST = version-script.map
Added: vendor-crypto/heimdal/dist/lib/com_err/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,910 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
+ parse.h
+ at versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+bin_PROGRAMS = compile_et$(EXEEXT)
+subdir = lib/com_err
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libcom_err_la_LIBADD =
+dist_libcom_err_la_OBJECTS = libcom_err_la-error.lo \
+ libcom_err_la-com_err.lo
+ at do_roken_rename_TRUE@nodist_libcom_err_la_OBJECTS = \
+ at do_roken_rename_TRUE@ libcom_err_la-snprintf.lo \
+ at do_roken_rename_TRUE@ libcom_err_la-strlcpy.lo
+libcom_err_la_OBJECTS = $(dist_libcom_err_la_OBJECTS) \
+ $(nodist_libcom_err_la_OBJECTS)
+libcom_err_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libcom_err_la_LDFLAGS) $(LDFLAGS) -o $@
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \
+ lex.$(OBJEXT)
+compile_et_OBJECTS = $(am_compile_et_OBJECTS)
+am__DEPENDENCIES_1 =
+compile_et_DEPENDENCIES = libcom_err.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+ at MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
+LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
+LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
+YLWRAP = $(top_srcdir)/ylwrap
+ at MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
+YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
+SOURCES = $(dist_libcom_err_la_SOURCES) \
+ $(nodist_libcom_err_la_SOURCES) $(compile_et_SOURCES)
+DIST_SOURCES = $(dist_libcom_err_la_SOURCES) $(compile_et_SOURCES)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = -d
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+lib_LTLIBRARIES = libcom_err.la
+libcom_err_la_LDFLAGS = -version-info 2:3:1 $(am__append_1)
+include_HEADERS = com_err.h com_right.h
+compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h
+libcom_err_la_CPPFLAGS = $(ROKEN_RENAME)
+dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
+ at do_roken_rename_TRUE@nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c
+compile_et_LDADD = \
+ libcom_err.la \
+ $(LIB_roken) \
+ $(LEXLIB)
+
+EXTRA_DIST = version-script.map
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/com_err/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/com_err/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES)
+ $(libcom_err_la_LINK) -rpath $(libdir) $(libcom_err_la_OBJECTS) $(libcom_err_la_LIBADD) $(LIBS)
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+parse.h: parse.c
+ @if test ! -f $@; then \
+ rm -f parse.c; \
+ $(MAKE) $(AM_MAKEFLAGS) parse.c; \
+ else :; fi
+compile_et$(EXEEXT): $(compile_et_OBJECTS) $(compile_et_DEPENDENCIES)
+ @rm -f compile_et$(EXEEXT)
+ $(LINK) $(compile_et_OBJECTS) $(compile_et_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+libcom_err_la-error.lo: error.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c
+
+libcom_err_la-com_err.lo: com_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c
+
+libcom_err_la-snprintf.lo: snprintf.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
+
+libcom_err_la-strlcpy.lo: strlcpy.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c
+
+.l.c:
+ $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
+
+.y.c:
+ $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -rm -f lex.c
+ -rm -f parse.c
+ -rm -f parse.h
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-includeHEADERS install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s
+
+snprintf.c:
+ $(LN_S) $(srcdir)/../roken/snprintf.c .
+strlcpy.c:
+ $(LN_S) $(srcdir)/../roken/strlcpy.c .
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/com_err/com_err.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/com_err.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/com_err.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,172 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: com_err.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <roken.h>
+#include "com_err.h"
+
+struct et_list *_et_list = NULL;
+
+
+const char *
+error_message (long code)
+{
+ static char msg[128];
+ const char *p = com_right(_et_list, code);
+ if (p == NULL) {
+ if (code < 0)
+ snprintf(msg, sizeof(msg), "Unknown error %ld", code);
+ else
+ p = strerror(code);
+ }
+ if (p != NULL && *p != '\0') {
+ strlcpy(msg, p, sizeof(msg));
+ } else
+ snprintf(msg, sizeof(msg), "Unknown error %ld", code);
+ return msg;
+}
+
+int
+init_error_table(const char **msgs, long base, int count)
+{
+ initialize_error_table_r(&_et_list, msgs, count, base);
+ return 0;
+}
+
+static void
+default_proc (const char *whoami, long code, const char *fmt, va_list args)
+ __attribute__((__format__(__printf__, 3, 0)));
+
+static void
+default_proc (const char *whoami, long code, const char *fmt, va_list args)
+{
+ if (whoami)
+ fprintf(stderr, "%s: ", whoami);
+ if (code)
+ fprintf(stderr, "%s ", error_message(code));
+ if (fmt)
+ vfprintf(stderr, fmt, args);
+ fprintf(stderr, "\r\n"); /* ??? */
+}
+
+static errf com_err_hook = default_proc;
+
+void
+com_err_va (const char *whoami,
+ long code,
+ const char *fmt,
+ va_list args)
+{
+ (*com_err_hook) (whoami, code, fmt, args);
+}
+
+void
+com_err (const char *whoami,
+ long code,
+ const char *fmt,
+ ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ com_err_va (whoami, code, fmt, ap);
+ va_end(ap);
+}
+
+errf
+set_com_err_hook (errf new)
+{
+ errf old = com_err_hook;
+
+ if (new)
+ com_err_hook = new;
+ else
+ com_err_hook = default_proc;
+
+ return old;
+}
+
+errf
+reset_com_err_hook (void)
+{
+ return set_com_err_hook(NULL);
+}
+
+#define ERRCODE_RANGE 8 /* # of bits to shift table number */
+#define BITS_PER_CHAR 6 /* # bits to shift per character in name */
+
+static const char char_set[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+
+static char buf[6];
+
+const char *
+error_table_name(int num)
+{
+ int ch;
+ int i;
+ char *p;
+
+ /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
+ p = buf;
+ num >>= ERRCODE_RANGE;
+ /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
+ num &= 077777777;
+ /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
+ for (i = 4; i >= 0; i--) {
+ ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
+ if (ch != 0)
+ *p++ = char_set[ch-1];
+ }
+ *p = '\0';
+ return(buf);
+}
+
+void
+add_to_error_table(struct et_list *new_table)
+{
+ struct et_list *et;
+
+ for (et = _et_list; et; et = et->next) {
+ if (et->table->base == new_table->table->base)
+ return;
+ }
+
+ new_table->next = _et_list;
+ _et_list = new_table;
+}
Added: vendor-crypto/heimdal/dist/lib/com_err/com_err.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/com_err.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/com_err.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: com_err.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+/* MIT compatible com_err library */
+
+#ifndef __COM_ERR_H__
+#define __COM_ERR_H__
+
+#include <com_right.h>
+#include <stdarg.h>
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(X)
+#endif
+
+typedef void (*errf) (const char *, long, const char *, va_list);
+
+const char * error_message (long);
+int init_error_table (const char**, long, int);
+
+void com_err_va (const char *, long, const char *, va_list)
+ __attribute__((format(printf, 3, 0)));
+
+void com_err (const char *, long, const char *, ...)
+ __attribute__((format(printf, 3, 4)));
+
+errf set_com_err_hook (errf);
+errf reset_com_err_hook (void);
+
+const char *error_table_name (int num);
+
+void add_to_error_table (struct et_list *new_table);
+
+#endif /* __COM_ERR_H__ */
Added: vendor-crypto/heimdal/dist/lib/com_err/com_right.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/com_right.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/com_right.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: com_right.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __COM_RIGHT_H__
+#define __COM_RIGHT_H__
+
+#ifdef __STDC__
+#include <stdarg.h>
+#endif
+
+struct error_table {
+ char const * const * msgs;
+ long base;
+ int n_msgs;
+};
+struct et_list {
+ struct et_list *next;
+ struct error_table *table;
+};
+extern struct et_list *_et_list;
+
+const char *com_right (struct et_list *list, long code);
+void initialize_error_table_r (struct et_list **, const char **, int, long);
+void free_error_table (struct et_list *);
+
+#endif /* __COM_RIGHT_H__ */
Added: vendor-crypto/heimdal/dist/lib/com_err/compile_et.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/compile_et.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/compile_et.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,236 @@
+/*
+ * Copyright (c) 1998-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#undef ROKEN_RENAME
+#include "compile_et.h"
+#include <getarg.h>
+
+RCSID("$Id: compile_et.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <roken.h>
+#include <err.h>
+#include "parse.h"
+
+int numerror;
+extern FILE *yyin;
+
+extern void yyparse(void);
+
+long base_id;
+int number;
+char *prefix;
+char *id_str;
+
+char name[128];
+char Basename[128];
+
+#ifdef YYDEBUG
+extern int yydebug = 1;
+#endif
+
+char *filename;
+char hfn[128];
+char cfn[128];
+
+struct error_code *codes = NULL;
+
+static int
+generate_c(void)
+{
+ int n;
+ struct error_code *ec;
+
+ FILE *c_file = fopen(cfn, "w");
+ if(c_file == NULL)
+ return 1;
+
+ fprintf(c_file, "/* Generated from %s */\n", filename);
+ if(id_str)
+ fprintf(c_file, "/* %s */\n", id_str);
+ fprintf(c_file, "\n");
+ fprintf(c_file, "#include <stddef.h>\n");
+ fprintf(c_file, "#include <com_err.h>\n");
+ fprintf(c_file, "#include \"%s\"\n", hfn);
+ fprintf(c_file, "\n");
+
+ fprintf(c_file, "static const char *%s_error_strings[] = {\n", name);
+
+ for(ec = codes, n = 0; ec; ec = ec->next, n++) {
+ while(n < ec->number) {
+ fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
+ n, name, n);
+ n++;
+
+ }
+ fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string);
+ }
+
+ fprintf(c_file, "\tNULL\n");
+ fprintf(c_file, "};\n");
+ fprintf(c_file, "\n");
+ fprintf(c_file, "#define num_errors %d\n", number);
+ fprintf(c_file, "\n");
+ fprintf(c_file,
+ "void initialize_%s_error_table_r(struct et_list **list)\n",
+ name);
+ fprintf(c_file, "{\n");
+ fprintf(c_file,
+ " initialize_error_table_r(list, %s_error_strings, "
+ "num_errors, ERROR_TABLE_BASE_%s);\n", name, name);
+ fprintf(c_file, "}\n");
+ fprintf(c_file, "\n");
+ fprintf(c_file, "void initialize_%s_error_table(void)\n", name);
+ fprintf(c_file, "{\n");
+ fprintf(c_file,
+ " init_error_table(%s_error_strings, ERROR_TABLE_BASE_%s, "
+ "num_errors);\n", name, name);
+ fprintf(c_file, "}\n");
+
+ fclose(c_file);
+ return 0;
+}
+
+static int
+generate_h(void)
+{
+ struct error_code *ec;
+ char fn[128];
+ FILE *h_file = fopen(hfn, "w");
+ char *p;
+
+ if(h_file == NULL)
+ return 1;
+
+ snprintf(fn, sizeof(fn), "__%s__", hfn);
+ for(p = fn; *p; p++)
+ if(!isalnum((unsigned char)*p))
+ *p = '_';
+
+ fprintf(h_file, "/* Generated from %s */\n", filename);
+ if(id_str)
+ fprintf(h_file, "/* %s */\n", id_str);
+ fprintf(h_file, "\n");
+ fprintf(h_file, "#ifndef %s\n", fn);
+ fprintf(h_file, "#define %s\n", fn);
+ fprintf(h_file, "\n");
+ fprintf(h_file, "struct et_list;\n");
+ fprintf(h_file, "\n");
+ fprintf(h_file,
+ "void initialize_%s_error_table_r(struct et_list **);\n",
+ name);
+ fprintf(h_file, "\n");
+ fprintf(h_file, "void initialize_%s_error_table(void);\n", name);
+ fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n",
+ name, name);
+ fprintf(h_file, "\n");
+ fprintf(h_file, "typedef enum %s_error_number{\n", name);
+
+ for(ec = codes; ec; ec = ec->next) {
+ fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number,
+ (ec->next != NULL) ? "," : "");
+ }
+
+ fprintf(h_file, "} %s_error_number;\n", name);
+ fprintf(h_file, "\n");
+ fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id);
+ fprintf(h_file, "\n");
+ fprintf(h_file, "#endif /* %s */\n", fn);
+
+
+ fclose(h_file);
+ return 0;
+}
+
+static int
+generate(void)
+{
+ return generate_c() || generate_h();
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "error-table");
+ exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *p;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(optidx == argc)
+ usage(1);
+ filename = argv[optidx];
+ yyin = fopen(filename, "r");
+ if(yyin == NULL)
+ err(1, "%s", filename);
+
+
+ p = strrchr(filename, '/');
+ if(p)
+ p++;
+ else
+ p = filename;
+ strlcpy(Basename, p, sizeof(Basename));
+
+ Basename[strcspn(Basename, ".")] = '\0';
+
+ snprintf(hfn, sizeof(hfn), "%s.h", Basename);
+ snprintf(cfn, sizeof(cfn), "%s.c", Basename);
+
+ yyparse();
+ if(numerror)
+ return 1;
+
+ return generate();
+}
Added: vendor-crypto/heimdal/dist/lib/com_err/compile_et.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/compile_et.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/compile_et.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: compile_et.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __COMPILE_ET_H__
+#define __COMPILE_ET_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <err.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <roken.h>
+
+extern long base_id;
+extern int number;
+extern char *prefix;
+extern char name[128];
+extern char *id_str;
+extern char *filename;
+extern int numerror;
+
+struct error_code {
+ unsigned number;
+ char *name;
+ char *string;
+ struct error_code *next, **tail;
+};
+
+extern struct error_code *codes;
+
+#define APPEND(L, V) \
+do { \
+ if((L) == NULL) { \
+ (L) = (V); \
+ (L)->tail = &(V)->next; \
+ (L)->next = NULL; \
+ }else{ \
+ *(L)->tail = (V); \
+ (L)->tail = &(V)->next; \
+ } \
+}while(0)
+
+#endif /* __COMPILE_ET_H__ */
Added: vendor-crypto/heimdal/dist/lib/com_err/error.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/error.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/error.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: error.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <com_right.h>
+
+const char *
+com_right(struct et_list *list, long code)
+{
+ struct et_list *p;
+ for (p = list; p; p = p->next) {
+ if (code >= p->table->base && code < p->table->base + p->table->n_msgs)
+ return p->table->msgs[code - p->table->base];
+ }
+ return NULL;
+}
+
+struct foobar {
+ struct et_list etl;
+ struct error_table et;
+};
+
+void
+initialize_error_table_r(struct et_list **list,
+ const char **messages,
+ int num_errors,
+ long base)
+{
+ struct et_list *et, **end;
+ struct foobar *f;
+ for (end = list, et = *list; et; end = &et->next, et = et->next)
+ if (et->table->msgs == messages)
+ return;
+ f = malloc(sizeof(*f));
+ if (f == NULL)
+ return;
+ et = &f->etl;
+ et->table = &f->et;
+ et->table->msgs = messages;
+ et->table->n_msgs = num_errors;
+ et->table->base = base;
+ et->next = NULL;
+ *end = et;
+}
+
+
+void
+free_error_table(struct et_list *et)
+{
+ while(et){
+ struct et_list *p = et;
+ et = et->next;
+ free(p);
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/com_err/lex.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/lex.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/lex.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1896 @@
+
+#line 3 "lex.c"
+
+#define YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 33
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if __STDC_VERSION__ >= 199901L
+
+/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
+ * if you want the limit (max/min) macros for int types.
+ */
+#ifndef __STDC_LIMIT_MACROS
+#define __STDC_LIMIT_MACROS 1
+#endif
+
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index. If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition. This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state. The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart(yyin )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+/* The state buf must be large enough to hold one state per character in the main buffer.
+ */
+#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int yyleng;
+
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+ #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ *yy_cp = (yy_hold_char); \
+ YY_RESTORE_YY_MORE_OFFSET \
+ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } \
+ while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr) )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+ {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ int yy_bs_lineno; /**< The line count. */
+ int yy_bs_column; /**< The column count. */
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+ /* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
+#define YY_BUFFER_EOF_PENDING 2
+
+ };
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+ : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 0; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin. A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart (FILE *input_file );
+void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
+YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
+void yy_delete_buffer (YY_BUFFER_STATE b );
+void yy_flush_buffer (YY_BUFFER_STATE b );
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
+void yypop_buffer_state (void );
+
+static void yyensure_buffer_stack (void );
+static void yy_load_buffer_state (void );
+static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
+
+#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
+YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
+YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
+
+void *yyalloc (yy_size_t );
+void *yyrealloc (void *,yy_size_t );
+void yyfree (void * );
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){ \
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ }
+
+#define yy_set_bol(at_bol) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){\
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ }
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+typedef unsigned char YY_CHAR;
+
+FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int yylineno;
+
+int yylineno = 1;
+
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[] );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION \
+ (yytext_ptr) = yy_bp; \
+ yyleng = (size_t) (yy_cp - yy_bp); \
+ (yy_hold_char) = *yy_cp; \
+ *yy_cp = '\0'; \
+ (yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 16
+#define YY_END_OF_BUFFER 17
+/* This struct is not used in this scanner,
+ but its presence is necessary. */
+struct yy_trans_info
+ {
+ flex_int32_t yy_verify;
+ flex_int32_t yy_nxt;
+ };
+static yyconst flex_int16_t yy_accept[46] =
+ { 0,
+ 0, 0, 17, 15, 11, 12, 13, 10, 9, 14,
+ 14, 14, 14, 10, 9, 14, 3, 14, 14, 1,
+ 7, 14, 14, 8, 14, 14, 14, 14, 14, 14,
+ 14, 6, 14, 14, 5, 14, 14, 14, 14, 14,
+ 14, 4, 14, 2, 0
+ } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 1, 4, 5, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 1, 1, 1,
+ 1, 1, 1, 1, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 1, 1, 1, 1, 8, 1, 9, 10, 11, 12,
+
+ 13, 14, 7, 7, 15, 7, 7, 16, 7, 17,
+ 18, 19, 7, 20, 7, 21, 7, 7, 7, 22,
+ 7, 7, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1
+ } ;
+
+static yyconst flex_int32_t yy_meta[23] =
+ { 0,
+ 1, 1, 2, 1, 1, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+ 3, 3
+ } ;
+
+static yyconst flex_int16_t yy_base[48] =
+ { 0,
+ 0, 0, 56, 57, 57, 57, 57, 0, 49, 0,
+ 12, 13, 34, 0, 47, 0, 0, 40, 31, 0,
+ 0, 38, 36, 0, 30, 34, 32, 25, 22, 28,
+ 34, 0, 19, 13, 0, 22, 30, 26, 26, 18,
+ 12, 0, 14, 0, 57, 34, 23
+ } ;
+
+static yyconst flex_int16_t yy_def[48] =
+ { 0,
+ 45, 1, 45, 45, 45, 45, 45, 46, 47, 47,
+ 47, 47, 47, 46, 47, 47, 47, 47, 47, 47,
+ 47, 47, 47, 47, 47, 47, 47, 47, 47, 47,
+ 47, 47, 47, 47, 47, 47, 47, 47, 47, 47,
+ 47, 47, 47, 47, 0, 45, 45
+ } ;
+
+static yyconst flex_int16_t yy_nxt[80] =
+ { 0,
+ 4, 5, 6, 7, 8, 9, 10, 10, 10, 10,
+ 10, 10, 11, 10, 12, 10, 10, 10, 13, 10,
+ 10, 10, 17, 36, 21, 16, 44, 43, 18, 22,
+ 42, 19, 20, 37, 14, 41, 14, 40, 39, 38,
+ 35, 34, 33, 32, 31, 30, 29, 28, 27, 26,
+ 25, 24, 15, 23, 15, 45, 3, 45, 45, 45,
+ 45, 45, 45, 45, 45, 45, 45, 45, 45, 45,
+ 45, 45, 45, 45, 45, 45, 45, 45, 45
+ } ;
+
+static yyconst flex_int16_t yy_chk[80] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 11, 34, 12, 47, 43, 41, 11, 12,
+ 40, 11, 11, 34, 46, 39, 46, 38, 37, 36,
+ 33, 31, 30, 29, 28, 27, 26, 25, 23, 22,
+ 19, 18, 15, 13, 9, 3, 45, 45, 45, 45,
+ 45, 45, 45, 45, 45, 45, 45, 45, 45, 45,
+ 45, 45, 45, 45, 45, 45, 45, 45, 45
+ } ;
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+extern int yy_flex_debug;
+int yy_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "lex.l"
+#line 2 "lex.l"
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This is to handle the definition of this symbol in some AIX
+ * headers, which will conflict with the definition that lex will
+ * generate for it. It's only a problem for AIX lex.
+ */
+
+#undef ECHO
+
+#include "compile_et.h"
+#include "parse.h"
+#include "lex.h"
+
+RCSID("$Id: lex.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static unsigned lineno = 1;
+static int getstring(void);
+
+#define YY_NO_UNPUT
+
+#undef ECHO
+
+#line 536 "lex.c"
+
+#define INITIAL 0
+
+#ifndef YY_NO_UNISTD_H
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+#endif
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+static int yy_init_globals (void );
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap (void );
+#else
+extern int yywrap (void );
+#endif
+#endif
+
+ static void yyunput (int c,char *buf_ptr );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#endif
+
+/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ { \
+ int c = '*'; \
+ size_t n; \
+ for ( n = 0; n < max_size && \
+ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ buf[n] = (char) c; \
+ if ( c == '\n' ) \
+ buf[n++] = (char) c; \
+ if ( c == EOF && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ result = n; \
+ } \
+ else \
+ { \
+ errno=0; \
+ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
+ { \
+ if( errno != EINTR) \
+ { \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ break; \
+ } \
+ errno=0; \
+ clearerr(yyin); \
+ } \
+ }\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int yylex (void);
+
+#define YY_DECL int yylex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+ YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+#line 59 "lex.l"
+
+#line 691 "lex.c"
+
+ if ( !(yy_init) )
+ {
+ (yy_init) = 1;
+
+#ifdef YY_USER_INIT
+ YY_USER_INIT;
+#endif
+
+ if ( ! (yy_start) )
+ (yy_start) = 1; /* first start state */
+
+ if ( ! yyin )
+ yyin = stdin;
+
+ if ( ! yyout )
+ yyout = stdout;
+
+ if ( ! YY_CURRENT_BUFFER ) {
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_load_buffer_state( );
+ }
+
+ while ( 1 ) /* loops until end-of-file is reached */
+ {
+ yy_cp = (yy_c_buf_p);
+
+ /* Support of yytext. */
+ *yy_cp = (yy_hold_char);
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = (yy_start);
+yy_match:
+ do
+ {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 46 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ ++yy_cp;
+ }
+ while ( yy_base[yy_current_state] != 57 );
+
+yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if ( yy_act == 0 )
+ { /* have to back up */
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+do_action: /* This label is used only to access EOF actions. */
+
+ switch ( yy_act )
+ { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = (yy_hold_char);
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ goto yy_find_action;
+
+case 1:
+YY_RULE_SETUP
+#line 60 "lex.l"
+{ return ET; }
+ YY_BREAK
+case 2:
+YY_RULE_SETUP
+#line 61 "lex.l"
+{ return ET; }
+ YY_BREAK
+case 3:
+YY_RULE_SETUP
+#line 62 "lex.l"
+{ return EC; }
+ YY_BREAK
+case 4:
+YY_RULE_SETUP
+#line 63 "lex.l"
+{ return EC; }
+ YY_BREAK
+case 5:
+YY_RULE_SETUP
+#line 64 "lex.l"
+{ return PREFIX; }
+ YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 65 "lex.l"
+{ return INDEX; }
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 66 "lex.l"
+{ return ID; }
+ YY_BREAK
+case 8:
+YY_RULE_SETUP
+#line 67 "lex.l"
+{ return END; }
+ YY_BREAK
+case 9:
+YY_RULE_SETUP
+#line 68 "lex.l"
+{ yylval.number = atoi(yytext); return NUMBER; }
+ YY_BREAK
+case 10:
+YY_RULE_SETUP
+#line 69 "lex.l"
+;
+ YY_BREAK
+case 11:
+YY_RULE_SETUP
+#line 70 "lex.l"
+;
+ YY_BREAK
+case 12:
+/* rule 12 can match eol */
+YY_RULE_SETUP
+#line 71 "lex.l"
+{ lineno++; }
+ YY_BREAK
+case 13:
+YY_RULE_SETUP
+#line 72 "lex.l"
+{ return getstring(); }
+ YY_BREAK
+case 14:
+YY_RULE_SETUP
+#line 73 "lex.l"
+{ yylval.string = strdup(yytext); return STRING; }
+ YY_BREAK
+case 15:
+YY_RULE_SETUP
+#line 74 "lex.l"
+{ return *yytext; }
+ YY_BREAK
+case 16:
+YY_RULE_SETUP
+#line 75 "lex.l"
+ECHO;
+ YY_BREAK
+#line 855 "lex.c"
+case YY_STATE_EOF(INITIAL):
+ yyterminate();
+
+ case YY_END_OF_BUFFER:
+ {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = (yy_hold_char);
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between YY_CURRENT_BUFFER and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+ if ( yy_next_state )
+ {
+ /* Consume the NUL. */
+ yy_cp = ++(yy_c_buf_p);
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else
+ {
+ yy_cp = (yy_c_buf_p);
+ goto yy_find_action;
+ }
+ }
+
+ else switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_END_OF_FILE:
+ {
+ (yy_did_buffer_switch_on_eof) = 0;
+
+ if ( yywrap( ) )
+ {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else
+ {
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) =
+ (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ (yy_c_buf_p) =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found" );
+ } /* end of action switch */
+ } /* end of scanning one token */
+} /* end of yylex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+ register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+ register char *source = (yytext_ptr);
+ register int number_to_move, i;
+ int ret_val;
+
+ if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed" );
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ { /* Don't try to fill the buffer, so this is an EOF. */
+ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else
+ {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+ for ( i = 0; i < number_to_move; ++i )
+ *(dest++) = *(source++);
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+ else
+ {
+ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+ { /* Not enough room in the buffer - grow it. */
+
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+ int yy_c_buf_p_offset =
+ (int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+ if ( b->yy_is_our_buffer )
+ {
+ int new_size = b->yy_buf_size * 2;
+
+ if ( new_size <= 0 )
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
+
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ }
+ else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
+
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow" );
+
+ (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+ num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ number_to_move - 1;
+
+ }
+
+ if ( num_to_read > YY_READ_BUF_SIZE )
+ num_to_read = YY_READ_BUF_SIZE;
+
+ /* Read in more data. */
+ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+ (yy_n_chars), num_to_read );
+
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ if ( (yy_n_chars) == 0 )
+ {
+ if ( number_to_move == YY_MORE_ADJ )
+ {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart(yyin );
+ }
+
+ else
+ {
+ ret_val = EOB_ACT_LAST_MATCH;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
+
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
+
+ (yy_n_chars) += number_to_move;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+ (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+ return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+ static yy_state_type yy_get_previous_state (void)
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = (yy_start);
+
+ for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 46 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ }
+
+ return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ * next_state = yy_try_NUL_trans( current_state );
+ */
+ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
+{
+ register int yy_is_jam;
+ register char *yy_cp = (yy_c_buf_p);
+
+ register YY_CHAR yy_c = 1;
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 46 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ yy_is_jam = (yy_current_state == 45);
+
+ return yy_is_jam ? 0 : yy_current_state;
+}
+
+ static void yyunput (int c, register char * yy_bp )
+{
+ register char *yy_cp;
+
+ yy_cp = (yy_c_buf_p);
+
+ /* undo effects of setting up yytext */
+ *yy_cp = (yy_hold_char);
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = (yy_n_chars) + 2;
+ register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+ register char *source =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+ while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ *--dest = *--source;
+
+ yy_cp += (int) (dest - source);
+ yy_bp += (int) (dest - source);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ YY_FATAL_ERROR( "flex scanner push-back overflow" );
+ }
+
+ *--yy_cp = (char) c;
+
+ (yytext_ptr) = yy_bp;
+ (yy_hold_char) = *yy_cp;
+ (yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+ static int yyinput (void)
+#else
+ static int input (void)
+#endif
+
+{
+ int c;
+
+ *(yy_c_buf_p) = (yy_hold_char);
+
+ if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ /* This was really a NUL. */
+ *(yy_c_buf_p) = '\0';
+
+ else
+ { /* need more input */
+ int offset = (yy_c_buf_p) - (yytext_ptr);
+ ++(yy_c_buf_p);
+
+ switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart(yyin );
+
+ /*FALLTHROUGH*/
+
+ case EOB_ACT_END_OF_FILE:
+ {
+ if ( yywrap( ) )
+ return 0;
+
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+#ifdef __cplusplus
+ return yyinput();
+#else
+ return input();
+#endif
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) = (yytext_ptr) + offset;
+ break;
+ }
+ }
+ }
+
+ c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
+ *(yy_c_buf_p) = '\0'; /* preserve yytext */
+ (yy_hold_char) = *++(yy_c_buf_p);
+
+ return c;
+}
+#endif /* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+ void yyrestart (FILE * input_file )
+{
+
+ if ( ! YY_CURRENT_BUFFER ){
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+ yy_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
+{
+
+ /* TODO. We should be able to replace this entire function body
+ * with
+ * yypop_buffer_state();
+ * yypush_buffer_state(new_buffer);
+ */
+ yyensure_buffer_stack ();
+ if ( YY_CURRENT_BUFFER == new_buffer )
+ return;
+
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ yy_load_buffer_state( );
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void yy_load_buffer_state (void)
+{
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+ (yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
+{
+ YY_BUFFER_STATE b;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_buf_size = size;
+
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_is_our_buffer = 1;
+
+ yy_init_buffer(b,file );
+
+ return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with yy_create_buffer()
+ *
+ */
+ void yy_delete_buffer (YY_BUFFER_STATE b )
+{
+
+ if ( ! b )
+ return;
+
+ if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+ if ( b->yy_is_our_buffer )
+ yyfree((void *) b->yy_ch_buf );
+
+ yyfree((void *) b );
+}
+
+#ifndef __cplusplus
+extern int isatty (int );
+#endif /* __cplusplus */
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a yyrestart() or at EOF.
+ */
+ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
+
+{
+ int oerrno = errno;
+
+ yy_flush_buffer(b );
+
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
+
+ /* If b is the current buffer, then yy_init_buffer was _probably_
+ * called from yyrestart() or through yy_get_next_buffer.
+ * In that case, we don't want to reset the lineno or column.
+ */
+ if (b != YY_CURRENT_BUFFER){
+ b->yy_bs_lineno = 1;
+ b->yy_bs_column = 0;
+ }
+
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+
+ errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+ void yy_flush_buffer (YY_BUFFER_STATE b )
+{
+ if ( ! b )
+ return;
+
+ b->yy_n_chars = 0;
+
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+ b->yy_buf_pos = &b->yy_ch_buf[0];
+
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ if ( b == YY_CURRENT_BUFFER )
+ yy_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ * the current state. This function will allocate the stack
+ * if necessary.
+ * @param new_buffer The new state.
+ *
+ */
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+ if (new_buffer == NULL)
+ return;
+
+ yyensure_buffer_stack();
+
+ /* This block is copied from yy_switch_to_buffer. */
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ /* Only push if top exists. Otherwise, replace top. */
+ if (YY_CURRENT_BUFFER)
+ (yy_buffer_stack_top)++;
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+ /* copied from yy_switch_to_buffer. */
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ * The next element becomes the new top.
+ *
+ */
+void yypop_buffer_state (void)
+{
+ if (!YY_CURRENT_BUFFER)
+ return;
+
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ if ((yy_buffer_stack_top) > 0)
+ --(yy_buffer_stack_top);
+
+ if (YY_CURRENT_BUFFER) {
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+ }
+}
+
+/* Allocates the stack if it does not exist.
+ * Guarantees space for at least one push.
+ */
+static void yyensure_buffer_stack (void)
+{
+ int num_to_alloc;
+
+ if (!(yy_buffer_stack)) {
+
+ /* First allocation is just for 2 elements, since we don't know if this
+ * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ * immediate realloc on the next call.
+ */
+ num_to_alloc = 1;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ (num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+ (yy_buffer_stack_max) = num_to_alloc;
+ (yy_buffer_stack_top) = 0;
+ return;
+ }
+
+ if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+ /* Increase the buffer to prepare for a possible push. */
+ int grow_size = 8 /* arbitrary grow size */;
+
+ num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+ ((yy_buffer_stack),
+ num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ /* zero only the new slots.*/
+ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+ (yy_buffer_stack_max) = num_to_alloc;
+ }
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
+{
+ YY_BUFFER_STATE b;
+
+ if ( size < 2 ||
+ base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ base[size-1] != YY_END_OF_BUFFER_CHAR )
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer(b );
+
+ return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to yylex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ * yy_scan_bytes() instead.
+ */
+YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
+{
+
+ return yy_scan_bytes(yystr,strlen(yystr) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
+{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
+
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = _yybytes_len + 2;
+ buf = (char *) yyalloc(n );
+ if ( ! buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+ for ( i = 0; i < _yybytes_len; ++i )
+ buf[i] = yybytes[i];
+
+ buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+
+ b = yy_scan_buffer(buf,n );
+ if ( ! b )
+ YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
+
+ return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ yytext[yyleng] = (yy_hold_char); \
+ (yy_c_buf_p) = yytext + yyless_macro_arg; \
+ (yy_hold_char) = *(yy_c_buf_p); \
+ *(yy_c_buf_p) = '\0'; \
+ yyleng = yyless_macro_arg; \
+ } \
+ while ( 0 )
+
+/* Accessor methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int yyget_lineno (void)
+{
+
+ return yylineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *yyget_in (void)
+{
+ return yyin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *yyget_out (void)
+{
+ return yyout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int yyget_leng (void)
+{
+ return yyleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *yyget_text (void)
+{
+ return yytext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void yyset_lineno (int line_number )
+{
+
+ yylineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see yy_switch_to_buffer
+ */
+void yyset_in (FILE * in_str )
+{
+ yyin = in_str ;
+}
+
+void yyset_out (FILE * out_str )
+{
+ yyout = out_str ;
+}
+
+int yyget_debug (void)
+{
+ return yy_flex_debug;
+}
+
+void yyset_debug (int bdebug )
+{
+ yy_flex_debug = bdebug ;
+}
+
+static int yy_init_globals (void)
+{
+ /* Initialization is the same as for the non-reentrant scanner.
+ * This function is called from yylex_destroy(), so don't allocate here.
+ */
+
+ (yy_buffer_stack) = 0;
+ (yy_buffer_stack_top) = 0;
+ (yy_buffer_stack_max) = 0;
+ (yy_c_buf_p) = (char *) 0;
+ (yy_init) = 0;
+ (yy_start) = 0;
+
+/* Defined in main.c */
+#ifdef YY_STDINIT
+ yyin = stdin;
+ yyout = stdout;
+#else
+ yyin = (FILE *) 0;
+ yyout = (FILE *) 0;
+#endif
+
+ /* For future reference: Set errno on error, since we are called by
+ * yylex_init()
+ */
+ return 0;
+}
+
+/* yylex_destroy is for both reentrant and non-reentrant scanners. */
+int yylex_destroy (void)
+{
+
+ /* Pop the buffer stack, destroying each element. */
+ while(YY_CURRENT_BUFFER){
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ yypop_buffer_state();
+ }
+
+ /* Destroy the stack itself. */
+ yyfree((yy_buffer_stack) );
+ (yy_buffer_stack) = NULL;
+
+ /* Reset the globals. This is important in a non-reentrant scanner so the next time
+ * yylex() is called, initialization will occur. */
+ yy_init_globals( );
+
+ return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+ register int i;
+ for ( i = 0; i < n; ++i )
+ s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+ register int n;
+ for ( n = 0; s[n]; ++n )
+ ;
+
+ return n;
+}
+#endif
+
+void *yyalloc (yy_size_t size )
+{
+ return (void *) malloc( size );
+}
+
+void *yyrealloc (void * ptr, yy_size_t size )
+{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *) realloc( (char *) ptr, size );
+}
+
+void yyfree (void * ptr )
+{
+ free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#line 75 "lex.l"
+
+
+
+#ifndef yywrap /* XXX */
+int
+yywrap ()
+{
+ return 1;
+}
+#endif
+
+static int
+getstring(void)
+{
+ char x[128];
+ int i = 0;
+ int c;
+ int quote = 0;
+ while(i < sizeof(x) - 1 && (c = input()) != EOF){
+ if(quote) {
+ x[i++] = c;
+ quote = 0;
+ continue;
+ }
+ if(c == '\n'){
+ error_message("unterminated string");
+ lineno++;
+ break;
+ }
+ if(c == '\\'){
+ quote++;
+ continue;
+ }
+ if(c == '\"')
+ break;
+ x[i++] = c;
+ }
+ x[i] = '\0';
+ yylval.string = strdup(x);
+ if (yylval.string == NULL)
+ err(1, "malloc");
+ return STRING;
+}
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d:", filename, lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ numerror++;
+}
+
Added: vendor-crypto/heimdal/dist/lib/com_err/lex.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/lex.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/lex.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: lex.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+void error_message (const char *, ...)
+__attribute__ ((format (printf, 1, 2)));
+
+int yylex(void);
Added: vendor-crypto/heimdal/dist/lib/com_err/lex.l
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/lex.l (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/lex.l 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,128 @@
+%{
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This is to handle the definition of this symbol in some AIX
+ * headers, which will conflict with the definition that lex will
+ * generate for it. It's only a problem for AIX lex.
+ */
+
+#undef ECHO
+
+#include "compile_et.h"
+#include "parse.h"
+#include "lex.h"
+
+RCSID("$Id: lex.l,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static unsigned lineno = 1;
+static int getstring(void);
+
+#define YY_NO_UNPUT
+
+#undef ECHO
+
+%}
+
+
+%%
+et { return ET; }
+error_table { return ET; }
+ec { return EC; }
+error_code { return EC; }
+prefix { return PREFIX; }
+index { return INDEX; }
+id { return ID; }
+end { return END; }
+[0-9]+ { yylval.number = atoi(yytext); return NUMBER; }
+#[^\n]* ;
+[ \t] ;
+\n { lineno++; }
+\" { return getstring(); }
+[a-zA-Z0-9_]+ { yylval.string = strdup(yytext); return STRING; }
+. { return *yytext; }
+%%
+
+#ifndef yywrap /* XXX */
+int
+yywrap ()
+{
+ return 1;
+}
+#endif
+
+static int
+getstring(void)
+{
+ char x[128];
+ int i = 0;
+ int c;
+ int quote = 0;
+ while(i < sizeof(x) - 1 && (c = input()) != EOF){
+ if(quote) {
+ x[i++] = c;
+ quote = 0;
+ continue;
+ }
+ if(c == '\n'){
+ error_message("unterminated string");
+ lineno++;
+ break;
+ }
+ if(c == '\\'){
+ quote++;
+ continue;
+ }
+ if(c == '\"')
+ break;
+ x[i++] = c;
+ }
+ x[i] = '\0';
+ yylval.string = strdup(x);
+ if (yylval.string == NULL)
+ err(1, "malloc");
+ return STRING;
+}
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d:", filename, lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ numerror++;
+}
Added: vendor-crypto/heimdal/dist/lib/com_err/parse.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/parse.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/parse.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1716 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+ simplifying the original so-called "semantic" parser. */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+ infringing on user name space. This should be done even for local
+ variables, as they might otherwise be expanded by user macros.
+ There are some unavoidable exceptions within include files to
+ define necessary library symbols; they are noted "INFRINGES ON
+ USER NAME SPACE" below. */
+
+/* Identify Bison output. */
+#define YYBISON 1
+
+/* Bison version. */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name. */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers. */
+#define YYPURE 0
+
+/* Using locations. */
+#define YYLSP_NEEDED 0
+
+
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ ET = 258,
+ INDEX = 259,
+ PREFIX = 260,
+ EC = 261,
+ ID = 262,
+ END = 263,
+ STRING = 264,
+ NUMBER = 265
+ };
+#endif
+/* Tokens. */
+#define ET 258
+#define INDEX 259
+#define PREFIX 260
+#define EC 261
+#define ID 262
+#define END 263
+#define STRING 264
+#define NUMBER 265
+
+
+
+
+/* Copy the first part of user declarations. */
+#line 1 "parse.y"
+
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "compile_et.h"
+#include "lex.h"
+
+RCSID("$Id: parse.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+void yyerror (char *s);
+static long name2number(const char *str);
+
+extern char *yytext;
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+
+
+/* Enabling traces. */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages. */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table. */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 53 "parse.y"
+{
+ char *string;
+ int number;
+}
+/* Line 193 of yacc.c. */
+#line 173 "parse.c"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations. */
+
+
+/* Line 216 of yacc.c. */
+#line 186 "parse.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+# define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+# define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# else
+# define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+# if ENABLE_NLS
+# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+# define YY_(msgid) dgettext ("bison-runtime", msgid)
+# endif
+# endif
+# ifndef YY_
+# define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E. */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions. */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+ int i;
+#endif
+{
+ return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols. */
+
+# ifdef YYSTACK_USE_ALLOCA
+# if YYSTACK_USE_ALLOCA
+# ifdef __GNUC__
+# define YYSTACK_ALLOC __builtin_alloca
+# elif defined __BUILTIN_VA_ARG_INCR
+# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+# elif defined _AIX
+# define YYSTACK_ALLOC __alloca
+# elif defined _MSC_VER
+# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+# define alloca _alloca
+# else
+# define YYSTACK_ALLOC alloca
+# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# endif
+# endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+ /* Pacify GCC's `empty if-body' warning. */
+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+# ifndef YYSTACK_ALLOC_MAXIMUM
+ /* The OS might guarantee only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
+ to allow for a few compiler-allocated temporary stack slots. */
+# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+# endif
+# else
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
+# ifndef YYSTACK_ALLOC_MAXIMUM
+# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+# endif
+# if (defined __cplusplus && ! defined _STDLIB_H \
+ && ! ((defined YYMALLOC || defined malloc) \
+ && (defined YYFREE || defined free)))
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# ifndef YYFREE
+# define YYFREE free
+# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+ && (! defined __cplusplus \
+ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member. */
+union yyalloc
+{
+ yytype_int16 yyss;
+ YYSTYPE yyvs;
+ };
+
+/* The size of the maximum gap between one aligned stack and the next. */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+ N elements. */
+# define YYSTACK_BYTES(N) \
+ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+ + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO. The source and destination do
+ not overlap. */
+# ifndef YYCOPY
+# if defined __GNUC__ && 1 < __GNUC__
+# define YYCOPY(To, From, Count) \
+ __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+# else
+# define YYCOPY(To, From, Count) \
+ do \
+ { \
+ YYSIZE_T yyi; \
+ for (yyi = 0; yyi < (Count); yyi++) \
+ (To)[yyi] = (From)[yyi]; \
+ } \
+ while (YYID (0))
+# endif
+# endif
+
+/* Relocate STACK from its old location to the new one. The
+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
+ elements in the stack, and YYPTR gives the new location of the
+ stack. Advance YYPTR to a properly aligned location for the next
+ stack. */
+# define YYSTACK_RELOCATE(Stack) \
+ do \
+ { \
+ YYSIZE_T yynewbytes; \
+ YYCOPY (&yyptr->Stack, Stack, yysize); \
+ Stack = &yyptr->Stack; \
+ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+ yyptr += yynewbytes / sizeof (*yyptr); \
+ } \
+ while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL 9
+/* YYLAST -- Last index in YYTABLE. */
+#define YYLAST 23
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS 12
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS 7
+/* YYNRULES -- Number of rules. */
+#define YYNRULES 15
+/* YYNRULES -- Number of states. */
+#define YYNSTATES 24
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
+#define YYUNDEFTOK 2
+#define YYMAXUTOK 265
+
+#define YYTRANSLATE(YYX) \
+ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
+static const yytype_uint8 yytranslate[] =
+{
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 11, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
+ 5, 6, 7, 8, 9, 10
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+ YYRHS. */
+static const yytype_uint8 yyprhs[] =
+{
+ 0, 0, 3, 4, 7, 10, 12, 15, 18, 22,
+ 24, 27, 30, 33, 35, 40
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yytype_int8 yyrhs[] =
+{
+ 13, 0, -1, -1, 14, 17, -1, 15, 16, -1,
+ 16, -1, 7, 9, -1, 3, 9, -1, 3, 9,
+ 9, -1, 18, -1, 17, 18, -1, 4, 10, -1,
+ 5, 9, -1, 5, -1, 6, 9, 11, 9, -1,
+ 8, -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+static const yytype_uint8 yyrline[] =
+{
+ 0, 64, 64, 65, 68, 69, 72, 78, 84, 93,
+ 94, 97, 101, 109, 116, 136
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+ "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID",
+ "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id",
+ "et", "statements", "statement", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+ token YYLEX-NUM. */
+static const yytype_uint16 yytoknum[] =
+{
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
+ 265, 44
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
+static const yytype_uint8 yyr1[] =
+{
+ 0, 12, 13, 13, 14, 14, 15, 16, 16, 17,
+ 17, 18, 18, 18, 18, 18
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
+static const yytype_uint8 yyr2[] =
+{
+ 0, 2, 0, 2, 2, 1, 2, 2, 3, 1,
+ 2, 2, 2, 1, 4, 1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+ STATE-NUM when YYTABLE doesn't specify something else to do. Zero
+ means the default is an error. */
+static const yytype_uint8 yydefact[] =
+{
+ 2, 0, 0, 0, 0, 0, 5, 7, 6, 1,
+ 0, 13, 0, 15, 3, 9, 4, 8, 11, 12,
+ 0, 10, 0, 14
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const yytype_int8 yydefgoto[] =
+{
+ -1, 3, 4, 5, 6, 14, 15
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+ STATE-NUM. */
+#define YYPACT_NINF -5
+static const yytype_int8 yypact[] =
+{
+ 0, -3, -1, 5, -4, 6, -5, 1, -5, -5,
+ 2, 4, 7, -5, -4, -5, -5, -5, -5, -5,
+ 3, -5, 8, -5
+};
+
+/* YYPGOTO[NTERM-NUM]. */
+static const yytype_int8 yypgoto[] =
+{
+ -5, -5, -5, -5, 10, -5, 9
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
+ positive, shift that token. If negative, reduce the rule which
+ number is the opposite. If zero, do what YYDEFACT says.
+ If YYTABLE_NINF, syntax error. */
+#define YYTABLE_NINF -1
+static const yytype_uint8 yytable[] =
+{
+ 10, 11, 12, 1, 13, 9, 7, 2, 8, 1,
+ 17, 0, 18, 19, 22, 16, 20, 23, 0, 0,
+ 0, 0, 0, 21
+};
+
+static const yytype_int8 yycheck[] =
+{
+ 4, 5, 6, 3, 8, 0, 9, 7, 9, 3,
+ 9, -1, 10, 9, 11, 5, 9, 9, -1, -1,
+ -1, -1, -1, 14
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+ symbol of state STATE-NUM. */
+static const yytype_uint8 yystos[] =
+{
+ 0, 3, 7, 13, 14, 15, 16, 9, 9, 0,
+ 4, 5, 6, 8, 17, 18, 16, 9, 10, 9,
+ 9, 18, 11, 9
+};
+
+#define yyerrok (yyerrstatus = 0)
+#define yyclearin (yychar = YYEMPTY)
+#define YYEMPTY (-2)
+#define YYEOF 0
+
+#define YYACCEPT goto yyacceptlab
+#define YYABORT goto yyabortlab
+#define YYERROR goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror. This remains here temporarily
+ to ease the transition to the new meaning of YYERROR, for GCC.
+ Once GCC version 2 has supplanted version 1, this can go. */
+
+#define YYFAIL goto yyerrlab
+
+#define YYRECOVERING() (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value) \
+do \
+ if (yychar == YYEMPTY && yylen == 1) \
+ { \
+ yychar = (Token); \
+ yylval = (Value); \
+ yytoken = YYTRANSLATE (yychar); \
+ YYPOPSTACK (1); \
+ goto yybackup; \
+ } \
+ else \
+ { \
+ yyerror (YY_("syntax error: cannot back up")); \
+ YYERROR; \
+ } \
+while (YYID (0))
+
+
+#define YYTERROR 1
+#define YYERRCODE 256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (YYID (N)) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+ This macro was not mandated originally: define only if we know
+ we won't break user code: when these are the locations we know. */
+
+#ifndef YY_LOCATION_PRINT
+# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+# define YY_LOCATION_PRINT(File, Loc) \
+ fprintf (File, "%d.%d-%d.%d", \
+ (Loc).first_line, (Loc).first_column, \
+ (Loc).last_line, (Loc).last_column)
+# else
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments. */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested. */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+# define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args) \
+do { \
+ if (yydebug) \
+ YYFPRINTF Args; \
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
+do { \
+ if (yydebug) \
+ { \
+ YYFPRINTF (stderr, "%s ", Title); \
+ yy_symbol_print (stderr, \
+ Type, Value); \
+ YYFPRINTF (stderr, "\n"); \
+ } \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (!yyvaluep)
+ return;
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+ YYUSE (yyoutput);
+# endif
+ switch (yytype)
+ {
+ default:
+ break;
+ }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (yytype < YYNTOKENS)
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+ else
+ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+ YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included). |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+ yytype_int16 *bottom;
+ yytype_int16 *top;
+#endif
+{
+ YYFPRINTF (stderr, "Stack now");
+ for (; bottom <= top; ++bottom)
+ YYFPRINTF (stderr, " %d", *bottom);
+ YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top) \
+do { \
+ if (yydebug) \
+ yy_stack_print ((Bottom), (Top)); \
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced. |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+ YYSTYPE *yyvsp;
+ int yyrule;
+#endif
+{
+ int yynrhs = yyr2[yyrule];
+ int yyi;
+ unsigned long int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+ yyrule - 1, yylno);
+ /* The symbols being reduced. */
+ for (yyi = 0; yyi < yynrhs; yyi++)
+ {
+ fprintf (stderr, " $%d = ", yyi + 1);
+ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+ &(yyvsp[(yyi + 1) - (yynrhs)])
+ );
+ fprintf (stderr, "\n");
+ }
+}
+
+# define YY_REDUCE_PRINT(Rule) \
+do { \
+ if (yydebug) \
+ yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace. It is left uninitialized so that
+ multiple parsers can coexist. */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks. */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+ if the built-in stack extension method is used).
+
+ Do not make this value too large; the results are undefined if
+ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ evaluated with infinite-precision integer arithmetic. */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+# if defined __GLIBC__ && defined _STRING_H
+# define yystrlen strlen
+# else
+/* Return the length of YYSTR. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+ const char *yystr;
+#endif
+{
+ YYSIZE_T yylen;
+ for (yylen = 0; yystr[yylen]; yylen++)
+ continue;
+ return yylen;
+}
+# endif
+# endif
+
+# ifndef yystpcpy
+# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+# define yystpcpy stpcpy
+# else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+ YYDEST. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+ char *yydest;
+ const char *yysrc;
+#endif
+{
+ char *yyd = yydest;
+ const char *yys = yysrc;
+
+ while ((*yyd++ = *yys++) != '\0')
+ continue;
+
+ return yyd - 1;
+}
+# endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+ quotes and backslashes, so that it's suitable for yyerror. The
+ heuristic is that double-quoting is unnecessary unless the string
+ contains an apostrophe, a comma, or backslash (other than
+ backslash-backslash). YYSTR is taken from yytname. If YYRES is
+ null, do not copy; instead, return the length of what the result
+ would have been. */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+ if (*yystr == '"')
+ {
+ YYSIZE_T yyn = 0;
+ char const *yyp = yystr;
+
+ for (;;)
+ switch (*++yyp)
+ {
+ case '\'':
+ case ',':
+ goto do_not_strip_quotes;
+
+ case '\\':
+ if (*++yyp != '\\')
+ goto do_not_strip_quotes;
+ /* Fall through. */
+ default:
+ if (yyres)
+ yyres[yyn] = *yyp;
+ yyn++;
+ break;
+
+ case '"':
+ if (yyres)
+ yyres[yyn] = '\0';
+ return yyn;
+ }
+ do_not_strip_quotes: ;
+ }
+
+ if (! yyres)
+ return yystrlen (yystr);
+
+ return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+ YYCHAR while in state YYSTATE. Return the number of bytes copied,
+ including the terminating null byte. If YYRESULT is null, do not
+ copy anything; just return the number of bytes that would be
+ copied. As a special case, return 0 if an ordinary "syntax error"
+ message will do. Return YYSIZE_MAXIMUM if overflow occurs during
+ size calculation. */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+ int yyn = yypact[yystate];
+
+ if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+ return 0;
+ else
+ {
+ int yytype = YYTRANSLATE (yychar);
+ YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+ YYSIZE_T yysize = yysize0;
+ YYSIZE_T yysize1;
+ int yysize_overflow = 0;
+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ int yyx;
+
+# if 0
+ /* This is so xgettext sees the translatable formats that are
+ constructed on the fly. */
+ YY_("syntax error, unexpected %s");
+ YY_("syntax error, unexpected %s, expecting %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+ char *yyfmt;
+ char const *yyf;
+ static char const yyunexpected[] = "syntax error, unexpected %s";
+ static char const yyexpecting[] = ", expecting %s";
+ static char const yyor[] = " or %s";
+ char yyformat[sizeof yyunexpected
+ + sizeof yyexpecting - 1
+ + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+ * (sizeof yyor - 1))];
+ char const *yyprefix = yyexpecting;
+
+ /* Start YYX at -YYN if negative to avoid negative indexes in
+ YYCHECK. */
+ int yyxbegin = yyn < 0 ? -yyn : 0;
+
+ /* Stay within bounds of both yycheck and yytname. */
+ int yychecklim = YYLAST - yyn + 1;
+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+ int yycount = 1;
+
+ yyarg[0] = yytname[yytype];
+ yyfmt = yystpcpy (yyformat, yyunexpected);
+
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+ {
+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ {
+ yycount = 1;
+ yysize = yysize0;
+ yyformat[sizeof yyunexpected - 1] = '\0';
+ break;
+ }
+ yyarg[yycount++] = yytname[yyx];
+ yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+ yyfmt = yystpcpy (yyfmt, yyprefix);
+ yyprefix = yyor;
+ }
+
+ yyf = YY_(yyformat);
+ yysize1 = yysize + yystrlen (yyf);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+
+ if (yysize_overflow)
+ return YYSIZE_MAXIMUM;
+
+ if (yyresult)
+ {
+ /* Avoid sprintf, as that infringes on the user's name space.
+ Don't have undefined behavior even if the translation
+ produced a string with the wrong number of "%s"s. */
+ char *yyp = yyresult;
+ int yyi = 0;
+ while ((*yyp = *yyf) != '\0')
+ {
+ if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+ {
+ yyp += yytnamerr (yyp, yyarg[yyi++]);
+ yyf += 2;
+ }
+ else
+ {
+ yyp++;
+ yyf++;
+ }
+ }
+ }
+ return yysize;
+ }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol. |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
+ int yytype;
+ YYSTYPE *yyvaluep;
+#endif
+{
+ YYUSE (yyvaluep);
+
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+ switch (yytype)
+ {
+
+ default:
+ break;
+ }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes. */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The look-ahead symbol. */
+int yychar;
+
+/* The semantic value of the look-ahead symbol. */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far. */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse. |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+ void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+ int yystate;
+ int yyn;
+ int yyresult;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
+ /* Look-ahead token as an internal (translated) token number. */
+ int yytoken = 0;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+ /* Three stacks and their tools:
+ `yyss': related to states,
+ `yyvs': related to semantic values,
+ `yyls': related to locations.
+
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss = yyssa;
+ yytype_int16 *yyssp;
+
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs = yyvsa;
+ YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
+
+ YYSIZE_T yystacksize = YYINITDEPTH;
+
+ /* The variables used to return semantic value and location from the
+ action routines. */
+ YYSTYPE yyval;
+
+
+ /* The number of symbols on the RHS of the reduced rule.
+ Keep to zero when no symbol should be popped. */
+ int yylen = 0;
+
+ YYDPRINTF ((stderr, "Starting parse\n"));
+
+ yystate = 0;
+ yyerrstatus = 0;
+ yynerrs = 0;
+ yychar = YYEMPTY; /* Cause a token to be read. */
+
+ /* Initialize stack pointers.
+ Waste one element of value and location stack
+ so that they stay on the same level as the state stack.
+ The wasted elements are never initialized. */
+
+ yyssp = yyss;
+ yyvsp = yyvs;
+
+ goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate. |
+`------------------------------------------------------------*/
+ yynewstate:
+ /* In all cases, when you get here, the value and location stacks
+ have just been pushed. So pushing a state here evens the stacks. */
+ yyssp++;
+
+ yysetstate:
+ *yyssp = yystate;
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ {
+ /* Get the current used size of the three stacks, in elements. */
+ YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+ {
+ /* Give user a chance to reallocate the stack. Use copies of
+ these so that the &'s don't force the real ones into
+ memory. */
+ YYSTYPE *yyvs1 = yyvs;
+ yytype_int16 *yyss1 = yyss;
+
+
+ /* Each stack pointer address is followed by the size of the
+ data in use in that stack, in bytes. This used to be a
+ conditional around just the two extra args, but that might
+ be undefined if yyoverflow is a macro. */
+ yyoverflow (YY_("memory exhausted"),
+ &yyss1, yysize * sizeof (*yyssp),
+ &yyvs1, yysize * sizeof (*yyvsp),
+
+ &yystacksize);
+
+ yyss = yyss1;
+ yyvs = yyvs1;
+ }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+ goto yyexhaustedlab;
+# else
+ /* Extend the stack our own way. */
+ if (YYMAXDEPTH <= yystacksize)
+ goto yyexhaustedlab;
+ yystacksize *= 2;
+ if (YYMAXDEPTH < yystacksize)
+ yystacksize = YYMAXDEPTH;
+
+ {
+ yytype_int16 *yyss1 = yyss;
+ union yyalloc *yyptr =
+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+ if (! yyptr)
+ goto yyexhaustedlab;
+ YYSTACK_RELOCATE (yyss);
+ YYSTACK_RELOCATE (yyvs);
+
+# undef YYSTACK_RELOCATE
+ if (yyss1 != yyssa)
+ YYSTACK_FREE (yyss1);
+ }
+# endif
+#endif /* no yyoverflow */
+
+ yyssp = yyss + yysize - 1;
+ yyvsp = yyvs + yysize - 1;
+
+
+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+ (unsigned long int) yystacksize));
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ YYABORT;
+ }
+
+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+ goto yybackup;
+
+/*-----------.
+| yybackup. |
+`-----------*/
+yybackup:
+
+ /* Do appropriate processing given the current state. Read a
+ look-ahead token if we need one and don't already have one. */
+
+ /* First try to decide what to do without reference to look-ahead token. */
+ yyn = yypact[yystate];
+ if (yyn == YYPACT_NINF)
+ goto yydefault;
+
+ /* Not known => get a look-ahead token if don't already have one. */
+
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ if (yychar == YYEMPTY)
+ {
+ YYDPRINTF ((stderr, "Reading a token: "));
+ yychar = YYLEX;
+ }
+
+ if (yychar <= YYEOF)
+ {
+ yychar = yytoken = YYEOF;
+ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+ else
+ {
+ yytoken = YYTRANSLATE (yychar);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+ }
+
+ /* If the proper action on seeing token YYTOKEN is to reduce or to
+ detect an error, take that action. */
+ yyn += yytoken;
+ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+ goto yydefault;
+ yyn = yytable[yyn];
+ if (yyn <= 0)
+ {
+ if (yyn == 0 || yyn == YYTABLE_NINF)
+ goto yyerrlab;
+ yyn = -yyn;
+ goto yyreduce;
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ /* Count tokens shifted since error; after three, turn off error
+ status. */
+ if (yyerrstatus)
+ yyerrstatus--;
+
+ /* Shift the look-ahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+ /* Discard the shifted token unless it is eof. */
+ if (yychar != YYEOF)
+ yychar = YYEMPTY;
+
+ yystate = yyn;
+ *++yyvsp = yylval;
+
+ goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state. |
+`-----------------------------------------------------------*/
+yydefault:
+ yyn = yydefact[yystate];
+ if (yyn == 0)
+ goto yyerrlab;
+ goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction. |
+`-----------------------------*/
+yyreduce:
+ /* yyn is the number of a rule to reduce with. */
+ yylen = yyr2[yyn];
+
+ /* If YYLEN is nonzero, implement the default value of the action:
+ `$$ = $1'.
+
+ Otherwise, the following line sets YYVAL to garbage.
+ This behavior is undocumented and Bison
+ users should not rely upon it. Assigning to YYVAL
+ unconditionally makes the parser a bit smaller, and it avoids a
+ GCC warning that YYVAL may be used uninitialized. */
+ yyval = yyvsp[1-yylen];
+
+
+ YY_REDUCE_PRINT (yyn);
+ switch (yyn)
+ {
+ case 6:
+#line 73 "parse.y"
+ {
+ id_str = (yyvsp[(2) - (2)].string);
+ }
+ break;
+
+ case 7:
+#line 79 "parse.y"
+ {
+ base_id = name2number((yyvsp[(2) - (2)].string));
+ strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name));
+ free((yyvsp[(2) - (2)].string));
+ }
+ break;
+
+ case 8:
+#line 85 "parse.y"
+ {
+ base_id = name2number((yyvsp[(2) - (3)].string));
+ strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name));
+ free((yyvsp[(2) - (3)].string));
+ free((yyvsp[(3) - (3)].string));
+ }
+ break;
+
+ case 11:
+#line 98 "parse.y"
+ {
+ number = (yyvsp[(2) - (2)].number);
+ }
+ break;
+
+ case 12:
+#line 102 "parse.y"
+ {
+ free(prefix);
+ asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string));
+ if (prefix == NULL)
+ errx(1, "malloc");
+ free((yyvsp[(2) - (2)].string));
+ }
+ break;
+
+ case 13:
+#line 110 "parse.y"
+ {
+ prefix = realloc(prefix, 1);
+ if (prefix == NULL)
+ errx(1, "malloc");
+ *prefix = '\0';
+ }
+ break;
+
+ case 14:
+#line 117 "parse.y"
+ {
+ struct error_code *ec = malloc(sizeof(*ec));
+
+ if (ec == NULL)
+ errx(1, "malloc");
+
+ ec->next = NULL;
+ ec->number = number;
+ if(prefix && *prefix != '\0') {
+ asprintf (&ec->name, "%s%s", prefix, (yyvsp[(2) - (4)].string));
+ if (ec->name == NULL)
+ errx(1, "malloc");
+ free((yyvsp[(2) - (4)].string));
+ } else
+ ec->name = (yyvsp[(2) - (4)].string);
+ ec->string = (yyvsp[(4) - (4)].string);
+ APPEND(codes, ec);
+ number++;
+ }
+ break;
+
+ case 15:
+#line 137 "parse.y"
+ {
+ YYACCEPT;
+ }
+ break;
+
+
+/* Line 1267 of yacc.c. */
+#line 1470 "parse.c"
+ default: break;
+ }
+ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+
+ *++yyvsp = yyval;
+
+
+ /* Now `shift' the result of the reduction. Determine what state
+ that goes to, based on the state we popped back to and the rule
+ number reduced by. */
+
+ yyn = yyr1[yyn];
+
+ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+ yystate = yytable[yystate];
+ else
+ yystate = yydefgoto[yyn - YYNTOKENS];
+
+ goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+ /* If not already recovering from an error, report this error. */
+ if (!yyerrstatus)
+ {
+ ++yynerrs;
+#if ! YYERROR_VERBOSE
+ yyerror (YY_("syntax error"));
+#else
+ {
+ YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+ if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+ {
+ YYSIZE_T yyalloc = 2 * yysize;
+ if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+ yyalloc = YYSTACK_ALLOC_MAXIMUM;
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+ yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+ if (yymsg)
+ yymsg_alloc = yyalloc;
+ else
+ {
+ yymsg = yymsgbuf;
+ yymsg_alloc = sizeof yymsgbuf;
+ }
+ }
+
+ if (0 < yysize && yysize <= yymsg_alloc)
+ {
+ (void) yysyntax_error (yymsg, yystate, yychar);
+ yyerror (yymsg);
+ }
+ else
+ {
+ yyerror (YY_("syntax error"));
+ if (yysize != 0)
+ goto yyexhaustedlab;
+ }
+ }
+#endif
+ }
+
+
+
+ if (yyerrstatus == 3)
+ {
+ /* If just tried and failed to reuse look-ahead token after an
+ error, discard it. */
+
+ if (yychar <= YYEOF)
+ {
+ /* Return failure if at end of input. */
+ if (yychar == YYEOF)
+ YYABORT;
+ }
+ else
+ {
+ yydestruct ("Error: discarding",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
+ }
+ }
+
+ /* Else will try to reuse look-ahead token after shifting the error
+ token. */
+ goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR. |
+`---------------------------------------------------*/
+yyerrorlab:
+
+ /* Pacify compilers like GCC when the user code never invokes
+ YYERROR and the label yyerrorlab therefore never appears in user
+ code. */
+ if (/*CONSTCOND*/ 0)
+ goto yyerrorlab;
+
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYERROR. */
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+ yystate = *yyssp;
+ goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR. |
+`-------------------------------------------------------------*/
+yyerrlab1:
+ yyerrstatus = 3; /* Each real token shifted decrements this. */
+
+ for (;;)
+ {
+ yyn = yypact[yystate];
+ if (yyn != YYPACT_NINF)
+ {
+ yyn += YYTERROR;
+ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+ {
+ yyn = yytable[yyn];
+ if (0 < yyn)
+ break;
+ }
+ }
+
+ /* Pop the current state because it cannot handle the error token. */
+ if (yyssp == yyss)
+ YYABORT;
+
+
+ yydestruct ("Error: popping",
+ yystos[yystate], yyvsp);
+ YYPOPSTACK (1);
+ yystate = *yyssp;
+ YY_STACK_PRINT (yyss, yyssp);
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ *++yyvsp = yylval;
+
+
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+ yystate = yyn;
+ goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here. |
+`-------------------------------------*/
+yyacceptlab:
+ yyresult = 0;
+ goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here. |
+`-----------------------------------*/
+yyabortlab:
+ yyresult = 1;
+ goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here. |
+`-------------------------------------------------*/
+yyexhaustedlab:
+ yyerror (YY_("memory exhausted"));
+ yyresult = 2;
+ /* Fall through. */
+#endif
+
+yyreturn:
+ if (yychar != YYEOF && yychar != YYEMPTY)
+ yydestruct ("Cleanup: discarding lookahead",
+ yytoken, &yylval);
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYABORT or YYACCEPT. */
+ YYPOPSTACK (yylen);
+ YY_STACK_PRINT (yyss, yyssp);
+ while (yyssp != yyss)
+ {
+ yydestruct ("Cleanup: popping",
+ yystos[*yyssp], yyvsp);
+ YYPOPSTACK (1);
+ }
+#ifndef yyoverflow
+ if (yyss != yyssa)
+ YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+#endif
+ /* Make sure YYID is used. */
+ return YYID (yyresult);
+}
+
+
+#line 142 "parse.y"
+
+
+static long
+name2number(const char *str)
+{
+ const char *p;
+ long num = 0;
+ const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789_";
+ if(strlen(str) > 4) {
+ yyerror("table name too long");
+ return 0;
+ }
+ for(p = str; *p; p++){
+ char *q = strchr(x, *p);
+ if(q == NULL) {
+ yyerror("invalid character in table name");
+ return 0;
+ }
+ num = (num << 6) + (q - x) + 1;
+ }
+ num <<= 8;
+ if(num > 0x7fffffff)
+ num = -(0xffffffff - num + 1);
+ return num;
+}
+
+void
+yyerror (char *s)
+{
+ error_message ("%s\n", s);
+}
+
Added: vendor-crypto/heimdal/dist/lib/com_err/parse.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/parse.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/parse.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ ET = 258,
+ INDEX = 259,
+ PREFIX = 260,
+ EC = 261,
+ ID = 262,
+ END = 263,
+ STRING = 264,
+ NUMBER = 265
+ };
+#endif
+/* Tokens. */
+#define ET 258
+#define INDEX 259
+#define PREFIX 260
+#define EC 261
+#define ID 262
+#define END 263
+#define STRING 264
+#define NUMBER 265
+
+
+
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 53 "parse.y"
+{
+ char *string;
+ int number;
+}
+/* Line 1529 of yacc.c. */
+#line 74 "parse.h"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+extern YYSTYPE yylval;
+
Added: vendor-crypto/heimdal/dist/lib/com_err/parse.y
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/parse.y (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/parse.y 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,173 @@
+%{
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "compile_et.h"
+#include "lex.h"
+
+RCSID("$Id: parse.y,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+void yyerror (char *s);
+static long name2number(const char *str);
+
+extern char *yytext;
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+ char *string;
+ int number;
+}
+
+%token ET INDEX PREFIX EC ID END
+%token <string> STRING
+%token <number> NUMBER
+
+%%
+
+file : /* */
+ | header statements
+ ;
+
+header : id et
+ | et
+ ;
+
+id : ID STRING
+ {
+ id_str = $2;
+ }
+ ;
+
+et : ET STRING
+ {
+ base_id = name2number($2);
+ strlcpy(name, $2, sizeof(name));
+ free($2);
+ }
+ | ET STRING STRING
+ {
+ base_id = name2number($2);
+ strlcpy(name, $3, sizeof(name));
+ free($2);
+ free($3);
+ }
+ ;
+
+statements : statement
+ | statements statement
+ ;
+
+statement : INDEX NUMBER
+ {
+ number = $2;
+ }
+ | PREFIX STRING
+ {
+ free(prefix);
+ asprintf (&prefix, "%s_", $2);
+ if (prefix == NULL)
+ errx(1, "malloc");
+ free($2);
+ }
+ | PREFIX
+ {
+ prefix = realloc(prefix, 1);
+ if (prefix == NULL)
+ errx(1, "malloc");
+ *prefix = '\0';
+ }
+ | EC STRING ',' STRING
+ {
+ struct error_code *ec = malloc(sizeof(*ec));
+
+ if (ec == NULL)
+ errx(1, "malloc");
+
+ ec->next = NULL;
+ ec->number = number;
+ if(prefix && *prefix != '\0') {
+ asprintf (&ec->name, "%s%s", prefix, $2);
+ if (ec->name == NULL)
+ errx(1, "malloc");
+ free($2);
+ } else
+ ec->name = $2;
+ ec->string = $4;
+ APPEND(codes, ec);
+ number++;
+ }
+ | END
+ {
+ YYACCEPT;
+ }
+ ;
+
+%%
+
+static long
+name2number(const char *str)
+{
+ const char *p;
+ long num = 0;
+ const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789_";
+ if(strlen(str) > 4) {
+ yyerror("table name too long");
+ return 0;
+ }
+ for(p = str; *p; p++){
+ char *q = strchr(x, *p);
+ if(q == NULL) {
+ yyerror("invalid character in table name");
+ return 0;
+ }
+ num = (num << 6) + (q - x) + 1;
+ }
+ num <<= 8;
+ if(num > 0x7fffffff)
+ num = -(0xffffffff - num + 1);
+ return num;
+}
+
+void
+yyerror (char *s)
+{
+ error_message ("%s\n", s);
+}
Added: vendor-crypto/heimdal/dist/lib/com_err/roken_rename.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/roken_rename.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/roken_rename.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken_rename.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#ifndef HAVE_SNPRINTF
+#define snprintf _com_err_snprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _com_err_vsnprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _com_err_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _com_err_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _com_err_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _com_err_vasnprintf
+#endif
+#ifndef HAVE_STRLCPY
+#define strlcpy _com_err_strlcpy
+#endif
+
+
+#endif /* __roken_rename_h__ */
Added: vendor-crypto/heimdal/dist/lib/com_err/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/lib/com_err/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/lib/com_err/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+HEIMDAL_COM_ERR_1.0 {
+ global:
+ com_right;
+ free_error_table;
+ initialize_error_table_r;
+ add_to_error_table;
+ com_err;
+ com_err_va;
+ error_message;
+ error_table_name;
+ init_error_table;
+ reset_com_err_hook;
+ set_com_err_hook;
+ local:
+ *;
+};
Added: vendor-crypto/heimdal/dist/lib/gssapi/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2863 @@
+2008-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: Test source name (and make the acceptor in ntlm gss
+ mech useful).
+
+2007-12-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/init_sec_context.c: Don't confuse target name and source
+ name, make regressiont tests pass again.
+
+2007-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm: clean up name handling
+
+2007-12-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/init_sec_context.c: Use credential if it was passed in.
+
+ * ntlm/acquire_cred.c: Check if there is initial creds with
+ _gss_ntlm_get_user_cred().
+
+ * ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that
+ return the user info so it can be used by external modules.
+
+ * ntlm/inquire_cred.c: use the right error code.
+
+ * ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no
+ credential, ntlm have (not yet) a default credential.
+
+ * mech/gss_release_oid_set.c: Avoid trying to deref NULL, from
+ Phil Fisher.
+
+2007-12-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_acquire_cred.c: Always try to fetch cred (even with
+ GSS_C_NO_NAME).
+
+2007-08-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags.
+
+2007-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * spnego/compat.c (_gss_spnego_internal_delete_sec_context):
+ release ctx->target_name too From Rafal Malinowski.
+
+2007-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't
+ have dlopen. From Rune of Chalmers.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_duplicate_name.c: New signature of _gss_find_mn.
+
+ * mech/gss_init_sec_context.c: New signature of _gss_find_mn.
+
+ * mech/gss_acquire_cred.c: New signature of _gss_find_mn.
+
+ * mech/name.h: New signature of _gss_find_mn.
+
+ * mech/gss_canonicalize_name.c: New signature of _gss_find_mn.
+
+ * mech/gss_compare_name.c: New signature of _gss_find_mn.
+
+ * mech/gss_add_cred.c: New signature of _gss_find_mn.
+
+ * mech/gss_names.c (_gss_find_mn): Return an error code for
+ caller.
+
+ * spnego/accept_sec_context.c: remove checks that are done by the
+ previous function.
+
+ * Makefile.am: New library version.
+
+2007-07-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from
+ Rafal Malinowski.
+
+ * spnego/spnego.asn1: Indent and make NegTokenInit and
+ NegTokenResp extendable.
+
+2007-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred.
+
+ * mech/gss_display_status.c: Provide message for GSS_S_COMPLETE.
+
+ * mech/context.c: If the canned string is "", its no use to the
+ user, make it fall back to the default error string.
+
+2007-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_display_name.c (gss_display_name): no name ->
+ fail. From Rafal Malinswski.
+
+ * spnego/accept_sec_context.c: Wrap name in a spnego_name instead
+ of just a copy of the underlaying object. From Rafal Malinswski.
+
+ * spnego/accept_sec_context.c: Handle underlaying mech not
+ returning mn.
+
+ * mech/gss_accept_sec_context.c: Handle underlaying mech not
+ returning mn.
+
+ * spnego/accept_sec_context.c: Make sure src_name is always set to
+ GSS_C_NO_NAME when returning.
+
+ * krb5/acquire_cred.c (acquire_acceptor_cred): don't claim
+ everything is well on failure. From Phil Fisher.
+
+ * mech/gss_duplicate_name.c: catch error (and ignore it)
+
+ * ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess.
+
+ * mech/gss_accept_sec_context.c: Only wrap the delegated cred if
+ we got a delegated mech cred. From Rafal Malinowski.
+
+ * spnego/accept_sec_context.c: Only wrap the delegated cred if we
+ are going to return it to the consumer. From Rafal Malinowski.
+
+ * spnego/accept_sec_context.c: Fixed memory leak pointed out by
+ Rafal Malinowski, also while here moved to use NegotiationToken
+ for decoding.
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/prf.c (_gsskrb5_pseudo_random): add missing break.
+
+ * krb5/release_name.c: Set *minor_status unconditionallty, its
+ done later anyway.
+
+ * spnego/accept_sec_context.c: Init get_mic to 0.
+
+ * mech/gss_set_cred_option.c: Free memory in failure case, found
+ by beam.
+
+ * mech/gss_inquire_context.c: Handle mech_type being NULL.
+
+ * mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL.
+
+ * mech/gss_krb5.c: Free memory in error case, found by beam.
+
+2007-06-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/inquire_context.c: Use ctx->gssflags for flags.
+
+ * krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is
+ not ment for machine consumption.
+
+2007-06-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/digest.c (kdc_alloc): free memory on failure, pointed out
+ by Rafal Malinowski.
+
+ * ntlm/digest.c (kdc_destroy): free context when done, pointed out
+ by Rafal Malinowski.
+
+ * spnego/context_stubs.c (_gss_spnego_display_name): if input_name
+ is null, fail. From Rafal Malinowski.
+
+2007-06-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/digest.c: Free memory when done.
+
+2007-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: Test both with and without keyex.
+
+ * ntlm/digest.c: If we didn't set session key, don't expect one
+ back.
+
+ * test_ntlm.c: Set keyex flag and calculate session key.
+
+2007-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * spnego/accept_sec_context.c: Use the return value before is
+ overwritten by later calls. From Rafal Malinowski
+
+ * krb5/release_cred.c: Give an minor_status argument to
+ gss_release_oid_set. From Rafal Malinowski
+
+2007-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/accept_sec_context.c: Catch errors and return the up the
+ stack.
+
+ * test_kcred.c: more testing of lifetimes
+
+2007-05-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Drop the gss oid_set function for the krb5 mech,
+ use the mech glue versions instead. Pointed out by Rafal
+ Malinowski.
+
+ * krb5: Use gss oid_set functions from mechglue
+
+2007-05-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/accept_sec_context.c: Set session key only if we are
+ returned a session key. Found by David Love.
+
+2007-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/prf.c: switched MIN to min to make compile on solaris,
+ pointed out by David Love.
+
+2007-05-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/inquire_cred_by_mech.c: Fill in all of the variables if
+ they are passed in. Pointed out by Phil Fisher.
+
+2007-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/inquire_cred.c: Fix copy and paste error, bug spotted by
+ from Phil Fisher.
+
+ * mech: dont keep track of gc_usage, just figure it out at
+ gss_inquire_cred() time
+
+ * mech/gss_mech_switch.c (add_builtin): ok for
+ __gss_mech_initialize() to return NULL
+
+ * test_kcred.c: more correct tests
+
+ * spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a
+ spnego_name.
+
+ * ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now,
+ need to find default cred and friends.
+
+ * krb5/inquire_cred_by_mech.c: reimplement
+
+2007-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/acquire_cred.c: drop unused variable.
+
+ * ntlm/acquire_cred.c: Reimplement.
+
+ * Makefile.am: add ntlm/digest.c
+
+ * ntlm: split out backend ntlm server processing
+
+2007-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free
+ credcache when done
+
+2007-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @
+
+ * ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm
+ creds from the krb5 credential cache.
+
+2007-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/delete_sec_context.c: free the key stored in the context
+
+ * ntlm/ntlm.h: switch password for a key
+
+ * test_oid.c: Switch oid to one that is exported.
+
+2007-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/init_sec_context.c: move where hash is calculated to make
+ it easier to add ccache support.
+
+ * Makefile.am: Add version-script.map to EXTRA_DIST.
+
+2007-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Unconfuse newer versions of automake that doesn't
+ know the diffrence between depenences and setting variables. foo:
+ vs foo=.
+
+ * test_ntlm.c: delete sec context when done.
+
+ * version-script.map: export more symbols.
+
+ * Makefile.am: add version script if ld supports it
+
+ * version-script.map: add version script if ld supports it
+
+2007-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: test_acquire_cred need test_common.[ch]
+
+ * test_acquire_cred.c: add more test options.
+
+ * krb5/external.c: add GSS_KRB5_CCACHE_NAME_X
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X
+
+ * krb5/set_sec_context_option.c: refactor code, implement
+ GSS_KRB5_CCACHE_NAME_X
+
+ * mech/gss_krb5.c: reimplement gss_krb5_ccache_name
+
+2007-04-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * spnego/cred_stubs.c: Need to import spnego name before we can
+ use it as a gss_name_t.
+
+ * test_acquire_cred.c: use this test as part of the regression
+ suite.
+
+ * mech/gss_acquire_cred.c (gss_acquire_cred): dont init
+ cred->gc_mc every time in the loop.
+
+2007-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add test_common.h
+
+2007-02-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: Add link for
+ gsskrb5_register_acceptor_identity.
+
+2007-02-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/copy_ccache.c: Try to leak less memory in the failure case.
+
+2007-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_display_status.c: Use right printf formater.
+
+ * test_*.[ch]: split out the error printing function and try to
+ return better errors
+
+2007-01-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on
+ GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
+
+ This is because Kerberos always support INT|CONF, matches behavior
+ with MS and MIT. The creates problems for the GSS-SPNEGO mech.
+
+2007-01-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/prf.c: constrain desired_output_len
+
+ * krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random
+
+ * mech/gss_pseudo_random.c: Catch error from underlaying mech on
+ failure.
+
+ * Makefile.am: Add krb5/prf.c
+
+ * krb5/prf.c: gss_pseudo_random for krb5
+
+ * test_context.c: Checks for gss_pseudo_random.
+
+ * krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG
+
+ * Makefile.am: Add mech/gss_pseudo_random.c
+
+ * gssapi/gssapi.h: try to load pseudo_random
+
+ * mech/gss_mech_switch.c: try to load pseudo_random
+
+ * mech/gss_pseudo_random.c: Add gss_pseudo_random.
+
+ * gssapi_mech.h: Add hook for gm_pseudo_random.
+
+2007-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Don't assume bufer from gss_display_status is
+ ok.
+
+ * mech/gss_wrap_size_limit.c: Reset out variables.
+
+ * mech/gss_wrap.c: Reset out variables.
+
+ * mech/gss_verify_mic.c: Reset out variables.
+
+ * mech/gss_utils.c: Reset out variables.
+
+ * mech/gss_release_oid_set.c: Reset out variables.
+
+ * mech/gss_release_cred.c: Reset out variables.
+
+ * mech/gss_release_buffer.c: Reset variables.
+
+ * mech/gss_oid_to_str.c: Reset out variables.
+
+ * mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables.
+
+ * mech/gss_mech_switch.c: Reset out variables.
+
+ * mech/gss_inquire_sec_context_by_oid.c: Reset out variables.
+
+ * mech/gss_inquire_names_for_mech.c: Reset out variables.
+
+ * mech/gss_inquire_cred_by_oid.c: Reset out variables.
+
+ * mech/gss_inquire_cred_by_oid.c: Reset out variables.
+
+ * mech/gss_inquire_cred_by_mech.c: Reset out variables.
+
+ * mech/gss_inquire_cred.c: Reset out variables, fix memory leak.
+
+ * mech/gss_inquire_context.c: Reset out variables.
+
+ * mech/gss_init_sec_context.c: Zero out outbuffer on failure.
+
+ * mech/gss_import_name.c: Reset out variables.
+
+ * mech/gss_import_name.c: Reset out variables.
+
+ * mech/gss_get_mic.c: Reset out variables.
+
+ * mech/gss_export_name.c: Reset out variables.
+
+ * mech/gss_encapsulate_token.c: Reset out variables.
+
+ * mech/gss_duplicate_oid.c: Reset out variables.
+
+ * mech/gss_duplicate_oid.c: Reset out variables.
+
+ * mech/gss_duplicate_name.c: Reset out variables.
+
+ * mech/gss_display_status.c: Reset out variables.
+
+ * mech/gss_display_name.c: Reset out variables.
+
+ * mech/gss_delete_sec_context.c: Reset out variables using propper
+ macros.
+
+ * mech/gss_decapsulate_token.c: Reset out variables using propper
+ macros.
+
+ * mech/gss_add_cred.c: Reset out variables.
+
+ * mech/gss_acquire_cred.c: Reset out variables.
+
+ * mech/gss_accept_sec_context.c: Reset out variables using propper
+ macros.
+
+ * mech/gss_init_sec_context.c: Reset out variables.
+
+ * mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a
+ gss_buffer_t
+
+2007-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech: sprinkel _gss_mg_error
+
+ * mech/gss_display_status.c (gss_display_status): use
+ _gss_mg_get_error to fetch the error from underlaying mech, if it
+ failes, let do the regular dance for GSS-CODE version and a
+ generic print-the-error code for MECH-CODE.
+
+ * mech/gss_oid_to_str.c: Don't include the NUL in the length of
+ the string.
+
+ * mech/context.h: Protoypes for _gss_mg_.
+
+ * mech/context.c: Glue to catch the error from the lower gss-api
+ layer and save that for later so gss_display_status() can show the
+ error.
+
+ * gss.c: Detect NTLM.
+
+2007-01-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_accept_sec_context.c: spelling
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Include build (private) prototypes header files.
+
+ * Makefile.am (ntlmsrc): add ntlm/ntlm-private.h
+
+2006-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/accept_sec_context.c: Pass signseal argument to
+ _gss_ntlm_set_key.
+
+ * ntlm/init_sec_context.c: Pass signseal argument to
+ _gss_ntlm_set_key.
+
+ * ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument
+
+ * test_ntlm.c: add ntlmv2 test
+
+ * ntlm/ntlm.h: break out struct ntlmv2_key;
+
+ * ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys.
+
+ * ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI.
+
+ * ntlm/ntlm.h: NTLMv2 keys.
+
+ * ntlm/crypto.c: NTLMv2 sign and verify.
+
+2006-12-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/accept_sec_context.c: Don't send targetinfo now.
+
+ * ntlm/init_sec_context.c: Build ntlmv2 answer buffer.
+
+ * ntlm/init_sec_context.c: Leak less memory.
+
+ * ntlm/init_sec_context.c: Announce that we support key exchange.
+
+ * ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2
+ session security (disable because missing sign and seal).
+
+2006-12-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/accept_sec_context.c: split RC4 send and recv keystreams
+
+ * ntlm/init_sec_context.c: split RC4 send and recv keystreams
+
+ * ntlm/ntlm.h: split RC4 send and recv keystreams
+
+ * ntlm/crypto.c: Implement SEAL.
+
+ * ntlm/crypto.c: move gss_wrap/gss_unwrap here
+
+ * test_context.c: request INT and CONF from the gss layer, test
+ get and verify MIC.
+
+ * ntlm/ntlm.h: add crypto bits.
+
+ * ntlm/accept_sec_context.c: Save session master key.
+
+ * Makefile.am: Move get and verify mic to the same file (crypto.c)
+ since they share code.
+
+ * ntlm/crypto.c: Move get and verify mic to the same file since
+ they share code, implement NTLM v1 and dummy signatures.
+
+ * ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and
+ GSS_C_INTEG_FLAG, save the session master key
+
+ * spnego/accept_sec_context.c: try using gss_accept_sec_context()
+ on the opportunistic token instead of guessing the acceptor name
+ and do gss_acquire_cred, this make SPNEGO work like before.
+
+2006-12-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/init_sec_context.c: Calculate the NTLM version 1 "master"
+ key.
+
+ * spnego/accept_sec_context.c: Resurect negHints for the acceptor
+ sends first packet.
+
+ * Makefile.am: Add "windows" versions of the NegTokenInitWin and
+ friends.
+
+ * test_context.c: add --wrapunwrap flag
+
+ * spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to
+ compat.c, use the sequence types of MechTypeList, make
+ add_mech_type() static.
+
+ * spnego/accept_sec_context.c: move
+ _gss_spnego_indicate_mechtypelist() to compat.c
+
+ * Makefile.am: Generate sequence code for MechTypeList
+
+ * spnego: check that the generated acceptor mechlist is acceptable too
+
+ * spnego/init_sec_context.c: Abstract out the initiator filter
+ function, it will be needed for the acceptor too.
+
+ * spnego/accept_sec_context.c: Abstract out the initiator filter
+ function, it will be needed for the acceptor too. Remove negHints.
+
+ * test_context.c: allow asserting return mech
+
+ * ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx
+
+ * ntlm/acquire_cred.c: Check that the KDC seem to there and
+ answering us, we can't do better then that wen checking if we will
+ accept the credential.
+
+ * ntlm/get_mic.c: return GSS_S_UNAVAILABLE
+
+ * mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid
+
+ * mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid
+
+ * spnego/spnego.asn1: Its very sad, but NegHints its are not part
+ of the NegTokenInit, this makes SPNEGO acceptor life a lot harder.
+
+ * spnego: try harder to handle names better. handle missing
+ acceptor and initator creds better (ie dont propose/accept mech
+ that there are no credentials for) split NegTokenInit and
+ NegTokenResp in acceptor
+
+2006-12-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/import_name.c: Allocate the buffer from the right length.
+
+2006-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm/init_sec_context.c (init_sec_context): Tell the other side
+ what domain we think we are talking to.
+
+ * ntlm/delete_sec_context.c: free username and password
+
+ * ntlm/release_name.c (_gss_ntlm_release_name): free name.
+
+ * ntlm/import_name.c (_gss_ntlm_import_name): add support for
+ GSS_C_NT_HOSTBASED_SERVICE names
+
+ * ntlm/ntlm.h: Add ntlm_name.
+
+ * test_context.c: allow testing of ntlm.
+
+ * gssapi_mech.h: add __gss_ntlm_initialize
+
+ * ntlm/accept_sec_context.c (handle_type3): verify that the kdc
+ approved of the ntlm exchange too
+
+ * mech/gss_mech_switch.c: Add the builtin ntlm mech
+
+ * test_ntlm.c: NTLM test app.
+
+ * mech/gss_accept_sec_context.c: Add detection of NTLMSSP.
+
+ * gssapi/gssapi.h: add ntlm mech oid
+
+ * ntlm/external.c: Switch OID to the ms ntlmssp oid
+
+ * Makefile.am: Add ntlm gss-api module.
+
+ * ntlm/accept_sec_context.c: Catch more error errors.
+
+ * ntlm/accept_sec_context.c: Check after a credential to use.
+
+2006-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X):
+ don't fail on success. Bug report from Stefan Metzmacher.
+
+2006-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/init_sec_context.c (init_auth): only turn on
+ GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
+ From Stefan Metzmacher.
+
+2006-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h
+ spnego_asn1.h.
+
+2006-11-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a
+ context argument.
+
+2006-11-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Test that token keys are the same, return
+ actual_mech.
+
+2006-11-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open.
+
+ * spnego/accept_sec_context.c: Use ASN.1 encoder functions to
+ encode CHOICE structure now that we can handle it.
+
+ * spnego/init_sec_context.c: Use ASN.1 encoder functions to encode
+ CHOICE structure now that we can handle it.
+
+ * spnego/accept_sec_context.c (_gss_spnego_accept_sec_context):
+ send back ad accept_completed when the security context is ->open,
+ w/o this the client doesn't know that the server have completed
+ the transaction.
+
+ * test_context.c: Add delegate flag and check that the delegated
+ cred works.
+
+ * spnego/init_sec_context.c: Keep track of the opportunistic token
+ in the inital message, it might be a complete gss-api context, in
+ that case we'll get back accept_completed without any token. With
+ this change, krb5 w/o mutual authentication works.
+
+ * spnego/accept_sec_context.c: Use ASN.1 encoder functions to
+ encode CHOICE structure now that we can handle it.
+
+ * spnego/accept_sec_context.c: Filter out SPNEGO from the out
+ supported mechs list and make sure we don't select that for the
+ preferred mechamism.
+
+2006-11-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the
+ cred finding to its own function
+
+ * krb5/wrap.c: Better error strings, from Andrew Bartlet.
+
+2006-11-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Create our own krb5_context.
+
+ * krb5: Switch from using a specific error message context in the
+ TLS to have a whole krb5_context in TLS. This have some
+ interestion side-effekts for the configruration setting options
+ since they operate on per-thread basis now.
+
+ * mech/gss_set_cred_option.c: When calling ->gm_set_cred_option
+ and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet.
+
+2006-11-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Help solaris make even more.
+
+ * Makefile.am: Help solaris make.
+
+2006-11-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: remove include $(srcdir)/Makefile-digest.am for now
+
+ * mech/gss_accept_sec_context.c: Try better guessing what is mech
+ we are going to select by looking harder at the input_token, idea
+ from Luke Howard's mechglue branch.
+
+ * Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
+
+ * mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes
+
+ * gssapi/gssapi.h: GSS_KRB5_S_
+
+ * krb5/gsskrb5_locl.h: Include <gkrb5_err.h>.
+
+ * gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes.
+
+ * Makefile.am: Build and install gkrb5_err.h
+
+ * krb5/gkrb5_err.et: Move the GSS_KRB5_S error here.
+
+2006-11-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_krb5.c: Add gsskrb5_set_default_realm.
+
+ * krb5/set_sec_context_option.c: Support
+ GSS_KRB5_SET_DEFAULT_REALM_X.
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X
+
+ * krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X
+
+2006-11-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: rename krb5_[gs]et_time_wrap to
+ krb5_[gs]et_max_time_skew
+
+ * krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context
+ no longer used, bye bye
+
+ * mech/gss_krb5.c: No depenency of the krb5 gssapi mech.
+
+ * mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use
+ _gsskrb5_decode_om_uint32. From Andrew Bartlet.
+
+ * mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for
+ now.
+
+ * spnego/spnego_locl.h: Include <roken.h> for compatiblity.
+
+ * krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in
+ DCE-STYLE, don't try to use to. From Andrew Bartlett.
+
+ * test_context.c: test wrap/unwrap, add flag for dce-style and
+ mutual auth, also support multi-roundtrip sessions
+
+ * krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro.
+
+ * krb5/accept_sec_context.c (gsskrb5_acceptor_start): use
+ krb5_rd_req_ctx
+
+ * mech/gss_krb5.c (gsskrb5_get_subkey): return the per message
+ token subkey
+
+ * krb5/inquire_sec_context_by_oid.c: check if there is any key at
+ all
+
+2006-11-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/inquire_sec_context_by_oid.c: Set more error strings, use
+ right enum for acceptor subkey. From Andrew Bartlett.
+
+2006-11-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Test gsskrb5_extract_service_keyblock, needed in
+ PAC valication. From Andrew Bartlett
+
+ * mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context
+ and keyblock extraction functions.
+
+ * gssapi/gssapi_krb5.h: Add extraction of keyblock function, from
+ Andrew Bartlett.
+
+ * krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
+
+2006-11-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Rename various routines and constants from
+ canonize to canonicalize. From Andrew Bartlett
+
+ * mech/gss_krb5.c: Rename various routines and constants from
+ canonize to canonicalize. From Andrew Bartlett
+
+ * krb5/set_sec_context_option.c: Rename various routines and
+ constants from canonize to canonicalize. From Andrew Bartlett
+
+ * krb5/external.c: Rename various routines and constants from
+ canonize to canonicalize. From Andrew Bartlett
+
+ * gssapi/gssapi_krb5.h: Rename various routines and constants from
+ canonize to canonicalize. From Andrew Bartlett
+
+2006-10-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need
+ to free ccache
+
+2006-10-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c (loop): free target_name
+
+ * mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc'
+
+ * mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc'
+
+ * krb5/init_sec_context.c: Avoid leaking memory.
+
+ * mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the
+ ->elements memory.
+
+ * test_context.c: make compile
+
+ * krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context.
+
+ * krb5/set_cred_option.c (import_cred): free sp
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_add_oid_set_member.c: Use old implementation of
+ gss_add_oid_set_member, it leaks less memory.
+
+ * krb5/test_cfx.c: free krb5_crypto.
+
+ * krb5/test_cfx.c: free krb5_context
+
+ * mech/gss_release_name.c (gss_release_name): free input_name
+ it-self.
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Call setprogname.
+
+ * mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context.
+
+ * gssapi/gssapi_krb5.h: add
+ gsskrb5_extract_authtime_from_sec_context
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/inquire_sec_context_by_oid.c: Add get_authtime.
+
+ * krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X
+
+ * krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X.
+
+ * mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc
+
+ * gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and
+ gsskrb5_set_send_to_kdc
+
+ * krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X
+
+ * Makefile.am: more files
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/
+
+ * test_context.c: Allow specifing mech.
+
+ * krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
+
+ * gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to
+ GSS_SASL_DIGEST_MD5_MECHANISM
+
+2006-10-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gssapi.asn1: Make it into a heim_any_set, its doesn't
+ except a tag.
+
+ * mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
+
+ * krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and
+ GSS_KRB5_GET_SUBKEY_X
+
+ * krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X,
+ GSS_KRB5_GET_SUBKEY_X
+
+2006-10-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_context.c: Support switching on name type oid's
+
+ * test_context.c: add test for dns canon flag
+
+ * mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize.
+
+ * gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic
+
+ * gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize.
+
+ * krb5/set_sec_context_option.c: implement
+ GSS_KRB5_SET_DNS_CANONIZE_X
+
+ * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X
+
+ * krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X
+
+ * mech/gss_krb5.c: add bits to make lucid context work
+
+2006-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_oid_to_str.c: Prefix der primitives with der_.
+
+ * krb5/inquire_sec_context_by_oid.c: Prefix der primitives with
+ der_.
+
+ * krb5/encapsulate.c: Prefix der primitives with der_.
+
+ * mech/gss_oid_to_str.c: New der_print_heim_oid signature.
+
+2006-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add test_context
+
+ * krb5/inquire_sec_context_by_oid.c: Make it work.
+
+ * test_oid.c: Test lucid oid.
+
+ * gssapi/gssapi.h: Add OM_uint64_t.
+
+ * krb5/inquire_sec_context_by_oid.c: Add lucid interface.
+
+ * krb5/external.c: Add lucid interface, renumber oids to my
+ delegated space.
+
+ * mech/gss_krb5.c: Add lucid interface.
+
+ * gssapi/gssapi_krb5.h: Add lucid interface.
+
+ * spnego/spnego_locl.h: Maybe include <netdb.h>.
+
+2006-10-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined.
+
+2006-10-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: install gssapi_krb5.H and gssapi_spnego.h
+
+ * gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
+
+ * gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
+
+ * Makefile.am: Drop some -I no longer needed.
+
+ * gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here.
+
+ * krb5: reference all include files using 'krb5/'
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: Add file inclusion protection.
+
+ * gssapi/gssapi.h: Correct header file inclusion protection.
+
+ * gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to
+ lib/gssapi/gssapi/ to please automake.
+
+ * spnego/spnego_locl.h: Maybe include <sys/types.h>.
+
+ * mech/mech_locl.h: Include <roken.h>.
+
+ * Makefile.am: split build files into dist_ and noinst_ SOURCES
+
+2006-10-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss.c: #if 0 out unused code.
+
+ * mech/gss_mech_switch.c: Cast argument to ctype(3) functions
+ to (unsigned char).
+
+2006-10-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/name.h: remove <sys/queue.h>
+
+ * mech/mech_switch.h: remove <sys/queue.h>
+
+ * mech/cred.h: remove <sys/queue.h>
+
+2006-10-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/arcfour.c: Thinker more with header lengths.
+
+ * krb5/arcfour.c: Improve the calcucation of header
+ lengths. DCE-STYLE data is also padded so remove if (1 || ...)
+ code.
+
+ * krb5/wrap.c (_gsskrb5_wrap_size_limit): use
+ _gssapi_wrap_size_arcfour for arcfour
+
+ * krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here.
+
+ * Makefile.am: Split all mech to diffrent mechsrc variables.
+
+ * spnego/context_stubs.c: Make internal function static (and
+ rename).
+
+2006-10-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald
+ Barth.
+
+ * spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN.
+
+2006-09-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/arcfour.c: Add wrap support, interrop with itself but not
+ w2k3s-sp1
+
+ * krb5/gsskrb5_locl.h: move the arcfour specific stuff to the
+ arcfour header.
+
+ * krb5/arcfour.c: Support DCE-style unwrap, tested with
+ w2k3server-sp1.
+
+ * mech/gss_accept_sec_context.c (gss_accept_sec_context): if the
+ token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its
+ a DCE-style kerberos 5 connection. XXX this needs to be made
+ better in cause we get another GSS-API protocol violating
+ protocol. It should be possible to detach the Kerberos DCE-style
+ since it starts with a AP-REQ PDU, but that have to wait for now.
+
+2006-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: Add GSS_C flags from
+ draft-brezak-win2k-krb-rc4-hmac-04.txt.
+
+ * krb5/delete_sec_context.c: Free service_keyblock and fwd_data,
+ indent.
+
+ * krb5/accept_sec_context.c: Merge of the acceptor part from the
+ samba patch by Stefan Metzmacher and Andrew Bartlet.
+
+ * krb5/init_sec_context.c: Add GSS_C_DCE_STYLE.
+
+ * krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the
+ initiator part from the samba patch by Stefan Metzmacher and
+ Andrew Bartlet (still missing DCE/RPC support)
+
+2006-08-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss.c (help): use sl_slc_help().
+
+2006-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss-commands.in: rename command to supported-mechanisms
+
+ * Makefile.am: Make gss objects depend on the slc built
+ gss-commands.h
+
+2006-07-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss-commands.in: add slc commands for gss
+
+ * krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init()
+
+ * Makefile.am: Add test_cfx
+
+ * krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
+
+ * krb5/set_sec_context_option.c: catch
+ GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
+
+ * krb5/accept_sec_context.c: reimplement
+ gsskrb5_register_acceptor_identity
+
+ * mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity
+
+ * mech/gss_inquire_mechs_for_name.c: call _gss_load_mech
+
+ * mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech
+
+ * mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run
+ only once, this have the side effect that _gss_mechs and
+ _gss_mech_oids is only initialized once, so if just the users of
+ these two global variables calls _gss_load_mech() first, it will
+ act as a barrier and make sure the variables are never changed and
+ we don't need to lock them.
+
+ * mech/utils.h: no need to mark functions extern.
+
+ * mech/name.h: no need to mark _gss_find_mn extern.
+
+2006-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/cfx.c: Redo the wrap length calculations.
+
+ * krb5/test_cfx.c: test max_wrap_size in cfx.c
+
+ * mech/gss_display_status.c: Handle more error codes.
+
+2006-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h"
+
+ * mech/mechqueue.h: Add SLIST macros.
+
+ * krb5/inquire_context.c: Don't free return values on success.
+
+ * krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided
+ is the default cred, acquire the acceptor cred and initator cred
+ in two diffrent steps and then query them for the information,
+ this way, the code wont fail if there are no keytab, but there is
+ a credential cache.
+
+ * mech/gss_inquire_cred.c: move the check if we found any cred
+ where it matter for both cases
+ (default cred and provided cred)
+
+ * mech/gss_init_sec_context.c: If the desired mechanism can't
+ convert the name to a MN, fail with GSS_S_BAD_NAME rather then a
+ NULL de-reference.
+
+2006-07-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * spnego/external.c: readd gss_spnego_inquire_names_for_mech
+
+ * spnego/spnego_locl.h: reimplement
+ gss_spnego_inquire_names_for_mech add support function
+ _gss_spnego_supported_mechs
+
+ * spnego/context_stubs.h: reimplement
+ gss_spnego_inquire_names_for_mech add support function
+ _gss_spnego_supported_mechs
+
+ * spnego/context_stubs.c: drop gss_spnego_indicate_mechs
+
+ * mech/gss_indicate_mechs.c: if the underlaying mech doesn't
+ support gss_indicate_mechs, use the oid in the mechswitch
+ structure
+
+ * spnego/external.c: let the mech glue layer implement
+ gss_indicate_mechs
+
+ * spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about
+ desired_mechs, get our own list with indicate_mechs and remove
+ ourself.
+
+2006-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * spnego/external.c: remove gss_spnego_inquire_names_for_mech, let
+ the mechglue layer implement it
+
+ * spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let
+ the mechglue layer implement it
+
+ * spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let
+ the mechglue layer implement it
+
+2006-07-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_set_cred_option.c: fix argument to gss_release_cred
+
+2006-06-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/init_sec_context.c: Make work on compilers that are
+ somewhat more picky then gcc4 (like gcc2.95)
+
+ * krb5/init_sec_context.c (do_delegation): use KDCOptions2int to
+ convert fwd_flags to an integer, since otherwise int2KDCOptions in
+ krb5_get_forwarded_creds wont do the right thing.
+
+ * mech/gss_set_cred_option.c (gss_set_cred_option): free memory on
+ failure
+
+ * krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option):
+ init global kerberos context
+
+ * krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global
+ kerberos context
+
+ * mech/gss_accept_sec_context.c: Insert the delegated sub cred on
+ the delegated cred handle, not cred handle
+
+ * mech/gss_accept_sec_context.c (gss_accept_sec_context): handle
+ the case where ret_flags == NULL
+
+ * mech/gss_mech_switch.c (add_builtin): set
+ _gss_mech_switch->gm_mech_oid
+
+ * mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs
+
+ * test_cred.c (gss_print_errors): don't try to print error when
+ gss_display_status failed
+
+ * Makefile.am: Add mech/gss_release_oid.c
+
+ * mech/gss_release_oid.c: Add gss_release_oid, reverse of
+ gss_duplicate_oid
+
+ * spnego/compat.c: preferred_mech_type was allocated with
+ gss_duplicate_oid in one place and assigned static varianbles a
+ the second place. change that static assignement to
+ gss_duplicate_oid and bring back gss_release_oid.
+
+ * spnego/compat.c (_gss_spnego_delete_sec_context): don't release
+ preferred_mech_type and negotiated_mech_type, they where never
+ allocated from the begining.
+
+2006-06-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mech/gss_import_name.c (gss_import_name): avoid
+ type-punned/strict aliasing rules
+
+ * mech/gss_add_cred.c: avoid type-punned/strict aliasing rules
+
+ * gssapi.h: Make gss_name_t an opaque type.
+
+ * krb5: make gss_name_t an opaque type
+
+ * krb5/set_cred_option.c: Add
+
+ * mech/gss_set_cred_option.c (gss_set_cred_option): support the
+ case where *cred_handle == NULL
+
+ * mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is
+ GSS_C_NO_CREDENTIAL on failure.
+
+ * mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is
+ NO_OID_SET, there is a need to load the mechs, so always do that.
+
+2006-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X
+ to instead pass a fullname to the credential, then resolve and
+ copy out the content, and then close the cred.
+
+ * mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead
+ pass a fullname to the credential, then resolve and copy out the
+ content, and then close the cred.
+
+ * krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X
+ interface needs to be re-done, currently its utterly broken.
+
+ * mech/gss_set_cred_option.c: Make work.
+
+ * krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option
+
+ * mech/gss_krb5.c (gss_krb5_import_cred): implement
+
+ * Makefile.am: Add gss_set_{sec_context,cred}_option and sort
+
+ * mech/gss_set_{sec_context,cred}_option.c: add
+
+ * gssapi.h: Add GSS_KRB5_IMPORT_CRED_X
+
+ * test_*.c: make compile again
+
+ * Makefile.am: Add lib dependencies and test programs
+
+ * spnego: remove dependency on libkrb5
+
+ * mech: Bug fixes, cleanup, compiler warnings, restructure code.
+
+ * spnego: Rename gss_context_id_t and gss_cred_id_t to local names
+
+ * krb5: repro copy the krb5 files here
+
+ * mech: import Doug Rabson mechglue from freebsd
+
+ * spnego: Import Luke Howard's SPNEGO from the mechglue branch
+
+2006-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: Add oid_to_str.
+
+ * Makefile.am: add oid_to_str and test_oid
+
+ * oid_to_str.c: Add gss_oid_to_str
+
+ * test_oid.c: Add test for gss_oid_to_str()
+
+2006-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * verify_mic.c: Less pointer signedness warnings.
+
+ * unwrap.c: Less pointer signedness warnings.
+
+ * arcfour.c: Less pointer signedness warnings.
+
+ * gssapi_locl.h: Use const void * to instead of unsigned char * to
+ avoid pointer signedness warnings.
+
+ * encapsulate.c: Use const void * to instead of unsigned char * to
+ avoid pointer signedness warnings.
+
+ * decapsulate.c: Use const void * to instead of unsigned char * to
+ avoid pointer signedness warnings.
+
+ * decapsulate.c: Less pointer signedness warnings.
+
+ * cfx.c: Less pointer signedness warnings.
+
+ * init_sec_context.c: Less pointer signedness warnings (partly by
+ using the new asn.1 CHOICE decoder)
+
+ * import_sec_context.c: Less pointer signedness warnings.
+
+2006-05-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From
+ Andrew Abartlet.
+
+2006-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * get_mic.c (mic_des3): make sure message_buffer doesn't point to
+ free()ed memory on failure. Pointed out by IBM checker.
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Rename u_intXX_t to uintXX_t
+
+2006-05-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: Less pointer signedness warnings.
+
+ * arcfour.c: Avoid pointer signedness warnings.
+
+ * gssapi_locl.h (gssapi_decode_*): make data argument const void *
+
+ * 8003.c (gssapi_decode_*): make data argument const void *
+
+2006-04-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * export_sec_context.c: Export sequence order element. From Wynn
+ Wilkes <wynn.wilkes at quest.com>.
+
+ * import_sec_context.c: Import sequence order element. From Wynn
+ Wilkes <wynn.wilkes at quest.com>.
+
+ * sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export):
+ New functions, used by {import,export}_sec_context. From Wynn
+ Wilkes <wynn.wilkes at quest.com>.
+
+ * test_sequence.c: Add test for import/export sequence.
+
+2006-04-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a
+ standard conformance failure, but much better then a crash.
+
+2006-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * get_mic.c (get_mic*)_: make sure message_token is cleaned on
+ error, found by IBM checker.
+
+ * wrap.c (wrap*): Reset output_buffer on error, found by IBM
+ checker.
+
+2006-02-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and
+ GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names.
+
+2006-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * delete_sec_context.c (gss_delete_sec_context): if the context
+ handle is GSS_C_NO_CONTEXT, don't fall over.
+
+2005-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: Replace gss_krb5_import_ccache with
+ gss_krb5_import_cred and add more references
+
+2005-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred,
+ it can handle keytabs too.
+
+ * add_cred.c (gss_add_cred): avoid deadlock
+
+ * context_time.c (gssapi_lifetime_left): define the 0 lifetime as
+ GSS_C_INDEFINITE.
+
+2005-12-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * acquire_cred.c (acquire_acceptor_cred): only check if principal
+ exists if we got called with principal as an argument.
+
+ * acquire_cred.c (acquire_acceptor_cred): check that the acceptor
+ exists in the keytab before returning ok.
+
+2005-11-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew
+ Bartlett.
+
+2005-11-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_kcred.c: Rename gss_krb5_import_ccache to
+ gss_krb5_import_cred.
+
+ * copy_ccache.c: Rename gss_krb5_import_ccache to
+ gss_krb5_import_cred and let it grow code to handle keytabs too.
+
+2005-11-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c: Change sematics of ok-as-delegate to match
+ windows if
+ [gssapi]realm/ok-as-delegate=true is set, otherwise keep old
+ sematics.
+
+ * release_cred.c (gss_release_cred): use
+ GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be
+ krb5_cc_destroy-ed
+
+ * acquire_cred.c (acquire_initiator_cred):
+ GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
+
+ * accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite
+ to use gss_krb5_import_ccache
+
+2005-11-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.c: Remove signedness warnings.
+
+2005-10-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy
+ by reference.
+
+ * copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy
+ of the ccache, make a reference by getting the name and resolving
+ the name. This way the cache is shared, this flipp side is of
+ course that if someone calls krb5_cc_destroy the cache is lost for
+ everyone.
+
+ * test_kcred.c: Remove memory leaks.
+
+2005-10-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: build test_kcred
+
+ * gss_acquire_cred.3: Document gss_krb5_import_ccache
+
+ * gssapi.3: Sort and add gss_krb5_import_ccache.
+
+ * acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code
+ used to extract lifetime from a credential cache
+
+ * gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract
+ lifetime from a credential cache.
+
+ * gssapi.h: add gss_krb5_import_ccache, reverse of
+ gss_krb5_copy_ccache
+
+ * copy_ccache.c: add gss_krb5_import_ccache, reverse of
+ gss_krb5_copy_ccache
+
+ * test_kcred.c: test gss_krb5_import_ccache
+
+2005-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match
+ to find a matching creditial cache, if that failes, fallback to
+ the default cache.
+
+2005-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi_locl.h: Add gssapi_krb5_set_status and
+ gssapi_krb5_clear_status
+
+ * init_sec_context.c (spnego_reply): Don't pass back raw Kerberos
+ errors, use GSS-API errors instead. From Michael B Allen.
+
+ * display_status.c: Add gssapi_krb5_clear_status,
+ gssapi_krb5_set_status for handling error messages.
+
+2005-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * external.c: Use rk_UNCONST to avoid const warning.
+
+ * display_status.c: Constify strings to avoid warnings.
+
+2005-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c: avoid warnings, update (c)
+
+2005-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c (spnego_initial): use NegotiationToken
+ encoder now that we have one with the new asn1. compiler.
+
+ * Makefile.am: the new asn.1 compiler includes the modules name in
+ the depend file
+
+2005-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * decapsulate.c: use rk_UNCONST
+
+ * ccache_name.c: rename to avoid shadowing
+
+ * gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name
+
+ * process_context_token.c: use rk_UNCONST to unconstify
+
+ * test_cred.c: rename optind to optidx
+
+2005-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c (init_auth): honor ok-as-delegate if local
+ configuration approves
+
+ * gssapi_locl.h: prototype for _gss_check_compat
+
+ * compat.c: export check_compat as _gss_check_compat
+
+2005-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
+ problems with system headerfiles that pollute the name space.
+
+ * accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
+ problems with system headerfiles that pollute the name space.
+
+2005-05-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c (init_auth): set
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility),
+ also while here, use krb5_auth_con_addflags
+
+2005-05-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap
+ length. From: Tom Maher <tmaher at eecs.berkeley.edu>
+
+2005-05-02 Dave Love <fx at gnu.org>
+
+ * test_cred.c (main): Call setprogname.
+
+2005-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * prefix all sequence symbols with _, they are not part of the
+ GSS-API api. By comment from Wynn Wilkes <wynnw at vintela.com>
+
+2005-04-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c: break out the processing of the delegated
+ credential to a separate function to make error handling easier,
+ move the credential handling to after other setup is done
+
+ * test_sequence.c: make less verbose in case of success
+
+ * Makefile.am: add test_sequence to TESTS
+
+2005-04-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum
+ isn't NULL From: Nicolas Pouvesle <npouvesle at tenablesecurity.com>
+
+2005-03-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: use $(LIB_roken)
+
+2005-03-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * display_status.c (gssapi_krb5_set_error_string): pass in the
+ krb5_context to krb5_free_error_string
+
+2005-03-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * display_status.c (gssapi_krb5_set_error_string): don't misuse
+ the krb5_get_error_string api
+
+2005-03-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * compat.c (_gss_DES3_get_mic_compat): don't unlock mutex
+ here. Bug reported by Stefan Metzmacher <metze at samba.org>
+
+2005-02-21 Luke Howard <lukeh at padl.com>
+
+ * init_sec_context.c: don't call krb5_get_credentials() with
+ KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
+ growing indefinitely as no key is found with KEYTYPE_NULL
+
+ * compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is
+ no longer used (however the mechListMIC behaviour is broken,
+ rfc2478bis support requires the code in the mechglue branch)
+
+ * init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
+
+ * gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
+
+2005-01-05 Luke Howard <lukeh at padl.com>
+
+ * 8003.c: use symbolic name for checksum type
+
+ * accept_sec_context.c: allow client to indicate
+ that subkey should be used
+
+ * acquire_cred.c: plug leak
+
+ * get_mic.c: use gss_krb5_get_subkey() instead
+ of gss_krb5_get_{local,remote}key(), support
+ KEYTYPE_ARCFOUR_56
+
+ * gssapi_local.c: use gss_krb5_get_subkey(),
+ support KEYTYPE_ARCFOUR_56
+
+ * import_sec_context.c: plug leak
+
+ * unwrap.c: use gss_krb5_get_subkey(),
+ support KEYTYPE_ARCFOUR_56
+
+ * verify_mic.c: use gss_krb5_get_subkey(),
+ support KEYTYPE_ARCFOUR_56
+
+ * wrap.c: use gss_krb5_get_subkey(),
+ support KEYTYPE_ARCFOUR_56
+
+2004-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and
+ gss_release_cred to avoid deadlock, from Luke Howard
+ <lukeh at padl.com>.
+
+2004-09-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context
+ was renamed to gsskrb5_extract_authz_data_from_sec_context
+
+2004-08-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * unwrap.c: mutex buglet, From: Luke Howard <lukeh at PADL.COM>
+
+ * arcfour.c: mutex buglet, From: Luke Howard <lukeh at PADL.COM>
+
+2004-05-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.3: spelling from Josef El-Rayes <josef at FreeBSD.org> while
+ here, write some text about the SPNEGO situation
+
+2004-04-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/
+
+2004-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke
+ Howard <lukeh at padl.com>
+
+ * init_sec_context.c (spnego_reply): use
+ _gss_spnego_require_mechlist_mic to figure out if we need to check
+ MechListMIC; From: Luke Howard <lukeh at padl.com>
+
+ * accept_sec_context.c (send_accept): use
+ _gss_spnego_require_mechlist_mic to figure out if we need to send
+ MechListMIC; From: Luke Howard <lukeh at padl.com>
+
+ * gssapi_locl.h: add _gss_spnego_require_mechlist_mic
+ From: Luke Howard <lukeh at padl.com>
+
+ * compat.c: add _gss_spnego_require_mechlist_mic for compatibility
+ with MS SPNEGO, From: Luke Howard <lukeh at padl.com>
+
+2004-04-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is
+ an enctype, not keytype
+
+ * accept_sec_context.c: use ASN1_MALLOC_ENCODE
+
+ * init_sec_context.c: avoid the malloc loop and just allocate the
+ propper amount of data
+
+ * init_sec_context.c (spnego_initial): handle mech_token better
+
+2004-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: add gss_krb5_get_tkt_flags
+
+ * Makefile.am: add ticket_flags.c
+
+ * ticket_flags.c: Get ticket-flags from acceptor ticket From: Luke
+ Howard <lukeh at PADL.COM>
+
+ * gss_acquire_cred.3: document gss_krb5_get_tkt_flags
+
+2004-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * acquire_cred.c (gss_acquire_cred): check usage before even
+ bothering to process it, add both keytab and initial tgt if
+ requested
+
+ * wrap.c: support cfx, try to handle acceptor asserted subkey
+
+ * unwrap.c: support cfx, try to handle acceptor asserted subkey
+
+ * verify_mic.c: support cfx
+
+ * get_mic.c: support cfx
+
+ * test_sequence.c: handle changed signature of
+ gssapi_msg_order_create
+
+ * import_sec_context.c: handle acceptor asserted subkey
+
+ * init_sec_context.c: handle acceptor asserted subkey
+
+ * accept_sec_context.c: handle acceptor asserted subkey
+
+ * sequence.c: add dummy use_64 argument to gssapi_msg_order_create
+
+ * gssapi_locl.h: add partial support for CFX
+
+ * Makefile.am (noinst_PROGRAMS) += test_cred
+
+ * test_cred.c: gssapi credential testing
+
+ * test_acquire_cred.c: fix comment
+
+2004-03-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.h: drop structures for message formats, no longer used
+
+ * arcfour.c: comment describing message formats
+
+ * accept_sec_context.c (spnego_accept_sec_context): make sure the
+ length of the choice element doesn't overrun us
+
+ * init_sec_context.c (spnego_reply): make sure the length of the
+ choice element doesn't overrun us
+
+ * spnego.asn1: move NegotiationToken to avoid warning
+
+ * spnego.asn1: uncomment NegotiationToken
+
+ * Makefile.am: spnego_files += asn1_NegotiationToken.x
+
+2004-01-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: add gss_krb5_ccache_name
+
+ * Makefile.am (libgssapi_la_SOURCES): += ccache_name.c
+
+ * ccache_name.c (gss_krb5_ccache_name): help function enable to
+ set krb5 name, using out_name argument makes function no longer
+ thread-safe
+
+ * gssapi.3: add missing gss_krb5_ references
+
+ * gss_acquire_cred.3: document gss_krb5_ccache_name
+
+2003-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: make rrc a modulus operation if its longer then the
+ length of the message, noticed by Sam Hartman
+
+2003-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c: use krb5_auth_con_addflags
+
+2003-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: Wrap token id was in wrong order, found by Sam Hartman
+
+2003-12-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: add AcceptorSubkey (but no code understand it yet) ignore
+ unknown token flags
+
+2003-11-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c: Don't require timestamp to be set on
+ delegated token, its already protected by the outer token (and
+ windows doesn't alway send it) Pointed out by Zi-Bin Yang
+ <zbyang at decru.com> on heimdal-discuss
+
+2003-11-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: fix {} error, pointed out by Liqiang Zhu
+
+2003-11-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: Sequence number should be stored in bigendian order From:
+ Luke Howard <lukeh at padl.com>
+
+2003-11-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * delete_sec_context.c (gss_delete_sec_context): don't free
+ ticket, krb5_free_ticket does that now
+
+2003-11-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: checksum the header last in MIC token, update to -03
+ From: Luke Howard <lukeh at padl.com>
+
+2003-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add_cred.c: If its a MEMORY cc, make a copy. We need to do this
+ since now gss_release_cred will destroy the cred. This should be
+ really be solved a better way.
+
+ * acquire_cred.c (gss_release_cred): if its a mcc, destroy it
+ rather the just release it Found by: "Zi-Bin Yang"
+ <zbyang at decru.com>
+
+ * acquire_cred.c (acquire_initiator_cred): use kret instead of ret
+ where appropriate
+
+2003-09-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: spelling
+ From: jmc <jmc at prioris.mini.pw.edu.pl>
+
+2003-09-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: - EC and RRC are big-endian, not little-endian - The
+ default is now to rotate regardless of GSS_C_DCE_STYLE. There are
+ no longer any references to GSS_C_DCE_STYLE. - rrc_rotate()
+ avoids allocating memory on the heap if rrc <= 256
+ From: Luke Howard <lukeh at padl.com>
+
+2003-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.[ch]: rrc_rotate() was untested and broken, fix it.
+ Set and verify wrap Token->Filler.
+ Correct token ID for wrap tokens,
+ were accidentally swapped with delete tokens.
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-09-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.[ch]: no ASN.1-ish header on per-message tokens
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.h: remove depenency on gss_arcfour_mic_token and
+ gss_arcfour_warp_token
+
+ * arcfour.c: remove depenency on gss_arcfour_mic_token and
+ gss_arcfour_warp_token
+
+2003-09-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * 8003.c: remove #if 0'ed code
+
+2003-09-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c (gsskrb5_accept_sec_context): set sequence
+ number when not requesting mutual auth From: Luke Howard
+ <lukeh at PADL.COM>
+
+ * init_sec_context.c (init_auth): set sequence number when not
+ requesting mutual auth From: Luke Howard <lukeh at PADL.COM>
+
+2003-09-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.c (*): set minor_status
+ (gss_wrap): set conf_state to conf_req_flags on success
+ From: Luke Howard <lukeh at PADL.COM>
+
+ * wrap.c (gss_wrap_size_limit): use existing function From: Luke
+ Howard <lukeh at PADL.COM>
+
+2003-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * indicate_mechs.c (gss_indicate_mechs): in case of error, free
+ mech_set
+
+ * indicate_mechs.c (gss_indicate_mechs): add SPNEGO
+
+2003-09-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c (spnego_initial): catch errors and return
+ them
+
+ * init_sec_context.c (spnego_initial): add #if 0 out version of
+ the CHOICE branch encoding, also where here, free no longer used
+ memory
+
+2003-09-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM
+
+ * accept_sec_context.c: SPNEGO doesn't include gss wrapping on
+ SubsequentContextToken like the Kerberos 5 mech does.
+
+ * init_sec_context.c (spnego_reply): SPNEGO doesn't include gss
+ wrapping on SubsequentContextToken like the Kerberos 5 mech
+ does. Lets check for it anyway.
+
+ * accept_sec_context.c: Add support for SPNEGO on the initator
+ side. Implementation initially from Assar Westerlund, passes
+ though quite a lot of hands before I commited it.
+
+ * init_sec_context.c: Add support for SPNEGO on the initator side.
+ Tested with ldap server on a Windows 2000 DC. Implementation
+ initially from Assar Westerlund, passes though quite a lot of
+ hands before I commited it.
+
+ * gssapi.h: export GSS_SPNEGO_MECHANISM
+
+ * gssapi_locl.h: include spnego_as.h add prototype for
+ gssapi_krb5_get_mech
+
+ * decapsulate.c (gssapi_krb5_get_mech): make non static
+
+ * Makefile.am: build SPNEGO file
+
+2003-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * external.c: SPENGO and IAKERB oids
+
+ * spnego.asn1: SPENGO ASN1
+
+2003-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.c: RRC also need to be zero before wraping them
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-09-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * encapsulate.c (gssapi_krb5_encap_length): don't return void
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * verify_mic.c: switch from the des_ to the DES_ api
+
+ * get_mic.c: switch from the des_ to the DES_ api
+
+ * unwrap.c: switch from the des_ to the DES_ api
+
+ * wrap.c: switch from the des_ to the DES_ api
+
+ * cfx.c: EC is not included in the checksum since the length might
+ change depending on the data. From: Luke Howard <lukeh at PADL.COM>
+
+ * acquire_cred.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+2003-09-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * copy_ccache.c: rename
+ gss_krb5_extract_authz_data_from_sec_context to
+ gsskrb5_extract_authz_data_from_sec_context
+
+ * gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to
+ gsskrb5_extract_authz_data_from_sec_context
+
+2003-08-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
+ check that we have a ticket before we start to use it
+
+ * gss_acquire_cred.3: document
+ gss_krb5_extract_authz_data_from_sec_context
+
+ * gssapi.h (gss_krb5_extract_authz_data_from_sec_context):
+ return the kerberos authorizationdata, from idea of Luke Howard
+
+ * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
+ return the kerberos authorizationdata, from idea of Luke Howard
+
+ * verify_mic.c (gss_verify_mic_internal): switch type and key
+ argument
+
+2003-08-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-08-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.c (arcfour_mic_cksum): use free_Checksum to free the
+ checksum
+
+ * arcfour.h: swap two last arguments to verify_mic for consistency
+ with des3
+
+ * wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h:
+ prefix cfx symbols with _gssapi_
+
+ * arcfour.c: release the right buffer
+
+ * arcfour.c: rename token structure in consistency with rest of
+ GSS-API From: Luke Howard <lukeh at PADL.COM>
+
+ * unwrap.c (unwrap_des3): use _gssapi_verify_pad
+ (unwrap_des): use _gssapi_verify_pad
+
+ * arcfour.c (_gssapi_wrap_arcfour): set the correct padding
+ (_gssapi_unwrap_arcfour): verify and strip padding
+
+ * gssapi_locl.h: added _gssapi_verify_pad
+
+ * decapsulate.c (_gssapi_verify_pad): verify padding of a gss
+ wrapped message and return its length
+
+ * arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard
+ <lukeh at PADL.COM>
+
+ * arcfour.c: use right seal alg, inherit keytype from parent key
+
+ * arcfour.c: include the confounder in the checksum use the right
+ key usage number for warped/unwraped tokens
+
+ * gssapi.h: add gss_krb5_nt_general_name as an mit compat glue
+ (same as GSS_KRB5_NT_PRINCIPAL_NAME)
+
+ * unwrap.c: hook in arcfour unwrap
+
+ * wrap.c: hook in arcfour wrap
+
+ * verify_mic.c: hook in arcfour verify_mic
+
+ * get_mic.c: hook in arcfour get_mic
+
+ * arcfour.c: implement wrap/unwarp
+
+ * gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32
+
+ * 8003.c: add gssapi_{en,de}code_be_om_uint32
+
+2003-08-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right
+ area. Swap filler check, it was reversed.
+
+ * Makefile.am (libgssapi_la_SOURCES): += arcfour.c
+
+ * gssapi_locl.h: include "arcfour.h"
+
+ * arcfour.c: arcfour gss-api mech, get_mic/verify_mic working
+
+ * arcfour.h: arcfour gss-api mech, get_mic/verify_mic working
+
+2003-08-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi_locl.h: always include cfx.h add prototype for
+ _gssapi_decapsulate
+
+ * cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt
+ from Luke Howard <lukeh at PADL.COM>
+
+ * decapsulate.c: add _gssapi_decapsulate, from Luke Howard
+ <lukeh at PADL.COM>
+
+2003-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * unwrap.c: encap/decap now takes a oid if the enctype/keytype is
+ arcfour, return error add hook for cfx
+
+ * verify_mic.c: encap/decap now takes a oid if the enctype/keytype
+ is arcfour, return error add hook for cfx
+
+ * get_mic.c: encap/decap now takes a oid if the enctype/keytype is
+ arcfour, return error add hook for cfx
+
+ * accept_sec_context.c: encap/decap now takes a oid
+
+ * init_sec_context.c: encap/decap now takes a oid
+
+ * gssapi_locl.h: include cfx.h if we need it lifetime is a
+ OM_uint32, depend on gssapi interface add all new encap/decap
+ functions
+
+ * decapsulate.c: add decap functions that doesn't take the token
+ type also make all decap function take the oid mech that they
+ should use
+
+ * encapsulate.c: add encap functions that doesn't take the token
+ type also make all encap function take the oid mech that they
+ should use
+
+ * sequence.c (elem_insert): fix a off by one index counter
+
+ * inquire_cred.c (gss_inquire_cred): handle cred_handle being
+ GSS_C_NO_CREDENTIAL and use the default cred then.
+
+2003-08-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: break out extensions and document
+ gsskrb5_register_acceptor_identity
+
+2003-08-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_acquire_cred.c (print_time): time is returned in seconds
+ from now, not unix time
+
+2003-08-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * compat.c (check_compat): avoid leaking principal when finding a
+ match
+
+ * address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is
+ a krb5_socklen_t
+
+ * acquire_cred.c (gss_acquire_cred): 4th argument to
+ gss_test_oid_set_member is a int
+
+2003-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c (repl_mutual): don't set kerberos error where
+ there was no kerberos error
+
+ * gssapi_locl.h: Add destruction/creation prototypes and structure
+ for the thread specific storage.
+
+ * display_status.c: use thread specific storage to set/get the
+ kerberos error message
+
+ * init.c: Provide locking around the creation of the global
+ krb5_context. Add destruction/creation functions for the thread
+ specific storage that the error string handling is using.
+
+2003-07-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: add missing prototype and missing .Ft
+ arguments
+
+2003-06-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * verify_mic.c: reorder code so sequence numbers can can be used
+
+ * unwrap.c: reorder code so sequence numbers can can be used
+
+ * sequence.c: remove unused function, indent, add
+ gssapi_msg_order_f that filter gss flags to gss_msg_order flags
+
+ * gssapi_locl.h: prototypes for
+ gssapi_{encode_om_uint32,decode_om_uint32} add sequence number
+ verifier prototypes
+
+ * delete_sec_context.c: destroy sequence number verifier
+
+ * init_sec_context.c: remember to free data use sequence number
+ verifier
+
+ * accept_sec_context.c: don't clear output_token twice remember to
+ free data use sequence number verifier
+
+ * 8003.c: export and rename encode_om_uint32/decode_om_uint32 and
+ start to use them
+
+2003-06-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: can't have sequence.c in two different places
+
+2003-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_sequence.c: check rollover, print summery
+
+ * wrap.c (sub_wrap_size): gss_wrap_size_limit() has
+ req_output_size and max_input_size around the wrong way -- it
+ returns the output token size for a given input size, rather than
+ the maximum input size for a given output token size.
+
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-06-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi_locl.h: add prototypes for sequence.c
+
+ * Makefile.am (libgssapi_la_SOURCES): add sequence.c
+ (test_sequence): build
+
+ * sequence.c: sequence number checks, order and replay
+ * test_sequence.c: sequence number checks, order and replay
+
+2003-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * accept_sec_context.c (gss_accept_sec_context): make sure time is
+ returned in seconds from now, not in kerberos time
+
+ * acquire_cred.c (gss_aquire_cred): make sure time is returned in
+ seconds from now, not in kerberos time
+
+ * init_sec_context.c (init_auth): if the cred is expired before we
+ tries to create a token, fail so the peer doesn't need reject us
+ (*): make sure time is returned in seconds from now,
+ not in kerberos time
+ (repl_mutual): remember to unlock the context mutex
+
+ * context_time.c (gss_context_time): remove unused variable
+
+ * verify_mic.c: make sure minor_status is always set, pointed out
+ by Luke Howard <lukeh at PADL.COM>
+
+2003-05-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * *.[ch]: do some basic locking (no reference counting so contexts
+ can be removed while still used)
+ - don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
+ - make sure all lifetime are returned in seconds left until expired,
+ not in unix epoch
+
+ * gss_acquire_cred.3: document argument lifetime_rec to function
+ gss_inquire_context
+
+2003-05-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_acquire_cred.c: test gss_add_cred more then once
+
+2003-05-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.h: if __cplusplus, wrap the extern variable (just to be
+ safe) and functions in extern "C" { }
+
+2003-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.3: more about the des3 mic mess
+
+ * verify_mic.c (verify_mic_des3): always check if the mic is the
+ correct mic or the mic that old heimdal would have generated
+
+2003-04-28 Jacques Vidrine <nectar at kth.se>
+
+ * verify_mic.c (verify_mic_des3): If MIC verification fails,
+ retry using the `old' MIC computation (with zero IV).
+
+2003-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: more about difference between comparing IN
+ and MN
+
+ * gss_acquire_cred.3: more about name type and access control
+
+2003-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: document gss_context_time
+
+ * context_time.c: if lifetime of context have expired, set
+ time_rec to 0 and return GSS_S_CONTEXT_EXPIRED
+
+ * gssapi.3: document [gssapi]correct_des3_mic
+ [gssapi]broken_des3_mic
+
+ * gss_acquire_cred.3: document gss_krb5_compat_des3_mic
+
+ * compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3
+ mic compat
+ (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
+
+ * gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off
+ des3 mic compat
+ (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
+ gss_krb5_compat_des3_mic exists
+
+2003-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: (libgssapi_la_LDFLAGS): update major
+ version of gssapi for incompatiblity in 3des getmic support
+
+2003-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not
+ ./libgssapi.la (make make -jN work)
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.3: spelling
+
+ * gss_acquire_cred.3: Change .Fd #include <header.h> to .In
+ header.h, from Thomas Klausner <wiz at netbsd.org>
+
+
+2003-04-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: spelling
+
+ * Makefile.am: remove stuff that sneaked in with last commit
+
+ * acquire_cred.c (acquire_initiator_cred): if the requested name
+ isn't in the ccache, also check keytab. Extact the krbtgt for the
+ default realm to check how long the credentials will last.
+
+ * add_cred.c (gss_add_cred): don't create a new ccache, just open
+ the old one; better check if output handle is compatible with new
+ (copied) handle
+
+ * test_acquire_cred.c: test gss_add_cred too
+
+2003-04-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: build test_acquire_cred
+
+ * test_acquire_cred.c: simple gss_acquire_cred test
+
+2003-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: s/gssapi/GSS-API/
+
+2003-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: document v1 interface (and that they are
+ obsolete)
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: list supported mechanism and nametypes
+
+2003-03-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_acquire_cred.3: text about gss_display_name
+
+ * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
+ (libgssapi_la_SOURCES): add all new functions
+
+ * gssapi.3: now that we have a functions, uncomment the missing
+ ones
+
+ * gss_acquire_cred.3: now that we have a functions, uncomment the
+ missing ones
+
+ * process_context_token.c: implement gss_process_context_token
+
+ * inquire_names_for_mech.c: implement gss_inquire_names_for_mech
+
+ * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
+
+ * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
+
+ * add_cred.c: implement gss_add_cred
+
+ * acquire_cred.c (gss_acquire_cred): more testing of input
+ argument, make sure output arguments are ok, since we don't know
+ the time_rec (for now), set it to time_req
+
+ * export_sec_context.c: send lifetime, also set minor_status
+
+ * get_mic.c: set minor_status
+
+ * import_sec_context.c (gss_import_sec_context): add error
+ checking, pick up lifetime (if there is no lifetime, use
+ GSS_C_INDEFINITE)
+
+ * init_sec_context.c: take care to set export value to something
+ sane before we start so caller will have harmless values in them
+ if then function fails
+
+ * release_buffer.c (gss_release_buffer): set minor_status
+
+ * wrap.c: make sure minor_status get set
+
+ * verify_mic.c (gss_verify_mic_internal): rename verify_mic to
+ gss_verify_mic_internal and let it take the type as an argument,
+ (gss_verify_mic): call gss_verify_mic_internal
+ set minor_status
+
+ * unwrap.c: set minor_status
+
+ * test_oid_set_member.c (gss_test_oid_set_member): use
+ gss_oid_equal
+
+ * release_oid_set.c (gss_release_oid_set): set minor_status
+
+ * release_name.c (gss_release_name): set minor_status
+
+ * release_cred.c (gss_release_cred): set minor_status
+
+ * add_oid_set_member.c (gss_add_oid_set_member): set minor_status
+
+ * compare_name.c (gss_compare_name): set minor_status
+
+ * compat.c (check_compat): make sure ret have a defined value
+
+ * context_time.c (gss_context_time): set minor_status
+
+ * copy_ccache.c (gss_krb5_copy_ccache): set minor_status
+
+ * create_emtpy_oid_set.c (gss_create_empty_oid_set): set
+ minor_status
+
+ * delete_sec_context.c (gss_delete_sec_context): set minor_status
+
+ * display_name.c (gss_display_name): set minor_status
+
+ * display_status.c (gss_display_status): use gss_oid_equal, handle
+ supplementary errors
+
+ * duplicate_name.c (gss_duplicate_name): set minor_status
+
+ * inquire_context.c (gss_inquire_context): set lifetime_rec now
+ when we know it, set minor_status
+
+ * inquire_cred.c (gss_inquire_cred): take care to set export value
+ to something sane before we start so caller will have harmless
+ values in them if the function fails
+
+ * accept_sec_context.c (gss_accept_sec_context): take care to set
+ export value to something sane before we start so caller will have
+ harmless values in them if then function fails, set lifetime from
+ ticket expiration date
+
+ * indicate_mechs.c (gss_indicate_mechs): use
+ gss_create_empty_oid_set and gss_add_oid_set_member
+
+ * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
+ since there is no ticket transfered in the exported context
+
+ * export_name.c (gss_export_name): export name with
+ GSS_C_NT_EXPORT_NAME wrapping, not just the principal
+
+ * import_name.c (import_export_name): new function, parses a
+ GSS_C_NT_EXPORT_NAME
+ (import_krb5_name): factor out common code of parsing krb5 name
+ (gss_oid_equal): rename from oid_equal
+
+ * gssapi_locl.h: add prototypes for gss_oid_equal and
+ gss_verify_mic_internal
+
+ * gssapi.h: comment out the argument names
+
+2003-03-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gssapi.3: add LIST OF FUNCTIONS and copyright/license
+
+ * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
+
+ * Makefile.am: man_MANS += gss_aquire_cred.3
+
+2003-03-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss_aquire_cred.3: the gssapi api manpage
+
+2003-03-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * inquire_context.c: (gss_inquire_context): rename argument open
+ to open_context
+
+ * gssapi.h (gss_inquire_context): rename argument open to open_context
+
+2003-02-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_sec_context.c (do_delegation): remove unused variable
+ subkey
+
+ * gssapi.3: all 0.5.x version had broken token delegation
+
+2003-02-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * (init_auth): only generate one subkey
+
+2003-01-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
+ to rfc (and mit kerberos), provide backward compat hook
+
+ * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
+ mit kerberos), provide backward compat hook
+
+ * init_sec_context.c (init_auth): check if we need compat for
+ older get_mic/verify_mic
+
+ * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
+
+ * gssapi.h (more_flags): add COMPAT_OLD_DES3
+
+ * Makefile.am: add gssapi.3 and compat.c
+
+ * gssapi.3: add gssapi COMPATIBILITY documentation
+
+ * accept_sec_context.c (gss_accept_sec_context): check if we need
+ compat for older get_mic/verify_mic
+
+ * compat.c: check for compatiblity with other heimdal's 3des
+ get_mic/verify_mic
+
+2002-10-31 Johan Danielsson <joda at pdc.kth.se>
+
+ * check return value from gssapi_krb5_init
+
+ * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
+
+2002-09-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
+
+ * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
+
+2002-09-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * init_sec_context.c: we need to generate a local subkey here
+
+2002-08-20 Jacques Vidrine <n at nectar.com>
+
+ * acquire_cred.c, inquire_cred.c, release_cred.c: Use default
+ credential resolution if gss_acquire_cred is called with
+ GSS_C_NO_NAME.
+
+2002-06-20 Jacques Vidrine <n at nectar.com>
+
+ * import_name.c: Compare name types by value if pointers do
+ not match. Reported by: "Douglas E. Engert" <deengert at anl.gov>
+
+2002-05-20 Jacques Vidrine <n at nectar.com>
+
+ * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
+ the qop_state parameter. from Doug Rabson <dfr at nlsystems.com>
+
+2002-05-09 Jacques Vidrine <n at nectar.com>
+
+ * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
+
+2002-05-08 Jacques Vidrine <n at nectar.com>
+
+ * acquire_cred.c: initialize gssapi; handle null desired_name
+
+2002-03-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: remove non-functional stuff accidentally committed
+
+2002-03-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
+ * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
+ bindings
+
+2001-10-31 Jacques Vidrine <n at nectar.com>
+
+ * get_mic.c (mic_des3): MIC computation using DES3/SHA1
+ was bogusly appending the message buffer to the result,
+ overwriting a heap buffer in the process.
+
+2001-08-29 Assar Westerlund <assar at sics.se>
+
+ * 8003.c (gssapi_krb5_verify_8003_checksum,
+ gssapi_krb5_create_8003_checksum): make more consistent by always
+ returning an gssapi error and setting minor status. update
+ callers
+
+2001-08-28 Jacques Vidrine <n at nectar.com>
+
+ * accept_sec_context.c: Create a cache for delegated credentials
+ when needed.
+
+2001-08-28 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
+
+2001-08-23 Assar Westerlund <assar at sics.se>
+
+ * *.c: handle minor_status more consistently
+
+ * display_status.c (gss_display_status): handle krb5_get_err_text
+ failing
+
+2001-08-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * gssapi_locl.h: fix prototype for gssapi_krb5_init
+
+2001-08-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * accept_sec_context.c (gsskrb5_register_acceptor_identity): init
+ context and check return value from kt_resolve
+
+ * init.c: return error code
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
+
+2001-07-12 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LIBADD): add required library
+ dependencies
+
+2001-07-06 Assar Westerlund <assar at sics.se>
+
+ * accept_sec_context.c (gsskrb5_register_acceptor_identity): set
+ the keytab to be used for gss_acquire_cred too'
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
+
+2001-06-18 Assar Westerlund <assar at sics.se>
+
+ * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
+ and gss_krb5_get_remotekey
+ * verify_mic.c: update krb5_auth_con function names use
+ gss_krb5_get_remotekey
+ * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
+ and gss_krb5_get_remotekey
+ * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
+ add prototypes
+ * get_mic.c: update krb5_auth_con function names. use
+ gss_krb5_get_localkey
+ * accept_sec_context.c: update krb5_auth_con function names
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 3:1:2
+
+2001-05-14 Assar Westerlund <assar at sics.se>
+
+ * address_to_krb5addr.c: adapt to new address functions
+
+2001-05-11 Assar Westerlund <assar at sics.se>
+
+ * try to return the error string from libkrb5 where applicable
+
+2001-05-08 Assar Westerlund <assar at sics.se>
+
+ * delete_sec_context.c (gss_delete_sec_context): remember to free
+ the memory used by the ticket itself. from <tmartin at mirapoint.com>
+
+2001-05-04 Assar Westerlund <assar at sics.se>
+
+ * gssapi_locl.h: add config.h for completeness
+ * gssapi.h: remove config.h, this is an installed header file
+ sys/types.h is not needed either
+
+2001-03-12 Assar Westerlund <assar at sics.se>
+
+ * acquire_cred.c (gss_acquire_cred): remove memory leaks. from
+ Jason R Thorpe <thorpej at zembu.com>
+
+2001-02-18 Assar Westerlund <assar at sics.se>
+
+ * accept_sec_context.c (gss_accept_sec_context): either return
+ gss_name NULL-ed or set
+
+ * import_name.c: set minor_status in some cases where it was not
+ done
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * wrap.c: use krb5_generate_random_block for the confounders
+
+2001-01-30 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
+ * acquire_cred.c, init_sec_context.c, release_cred.c: add support
+ for getting creds from a keytab, from fvdl at netbsd.org
+
+ * copy_ccache.c: add gss_krb5_copy_ccache
+
+2001-01-27 Assar Westerlund <assar at sics.se>
+
+ * get_mic.c: cast parameters to des function to non-const pointers
+ to handle the case where these functions actually take non-const
+ des_cblock *
+
+2001-01-09 Assar Westerlund <assar at sics.se>
+
+ * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
+ instead of krb5_rd_cred
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
+
+2000-12-08 Assar Westerlund <assar at sics.se>
+
+ * wrap.c (wrap_des3): use the checksum as ivec when encrypting the
+ sequence number
+ * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
+ the sequence number
+ * init_sec_context.c (init_auth): always zero fwd_data
+
+2000-12-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * accept_sec_context.c: de-pointerise auth_context parameter to
+ krb5_mk_rep
+
+2000-11-15 Assar Westerlund <assar at sics.se>
+
+ * init_sec_context.c (init_auth): update to new
+ krb5_build_authenticator
+
+2000-09-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
+
+2000-08-27 Assar Westerlund <assar at sics.se>
+
+ * init_sec_context.c: actually pay attention to `time_req'
+ * init_sec_context.c: re-organize. leak less memory.
+ * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
+ update prototypes add assert.h
+ * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
+ add
+ * verify_mic.c: re-organize and add 3DES code
+ * wrap.c: re-organize and add 3DES code
+ * unwrap.c: re-organize and add 3DES code
+ * get_mic.c: re-organize and add 3DES code
+ * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
+ let the caller do that. fix the callers.
+
+2000-08-16 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 2:1:1
+
+2000-07-29 Assar Westerlund <assar at sics.se>
+
+ * decapsulate.c (gssapi_krb5_verify_header): sanity-check length
+
+2000-07-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: bump version to 2:0:1
+
+2000-07-22 Assar Westerlund <assar at sics.se>
+
+ * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
+ details from rfc2744
+
+2000-06-29 Assar Westerlund <assar at sics.se>
+
+ * address_to_krb5addr.c (gss_address_to_krb5addr): actually use
+ `int' instead of `sa_family_t' for the address family.
+
+2000-06-21 Assar Westerlund <assar at sics.se>
+
+ * add support for token delegation. From Daniel Kouril
+ <kouril at ics.muni.cz> and Miroslav Ruda <ruda at ics.muni.cz>
+
+2000-05-15 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
+
+2000-04-12 Assar Westerlund <assar at sics.se>
+
+ * release_oid_set.c (gss_release_oid_set): clear set for
+ robustness. From GOMBAS Gabor <gombasg at inf.elte.hu>
+ * release_name.c (gss_release_name): reset input_name for
+ robustness. From GOMBAS Gabor <gombasg at inf.elte.hu>
+ * release_buffer.c (gss_release_buffer): set value to NULL to be
+ more robust. From GOMBAS Gabor <gombasg at inf.elte.hu>
+ * add_oid_set_member.c (gss_add_oid_set_member): actually check if
+ the oid is a member first. leave the oid_set unchanged if realloc
+ fails.
+
+2000-02-13 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 1:0:1
+
+2000-02-12 Assar Westerlund <assar at sics.se>
+
+ * gssapi_locl.h: add flags for import/export
+ * import_sec_context.c (import_sec_context: add flags for what
+ fields are included. do not include the authenticator for now.
+ * export_sec_context.c (export_sec_context: add flags for what
+ fields are included. do not include the authenticator for now.
+ * accept_sec_context.c (gss_accept_sec_context): set target in
+ context_handle
+
+2000-02-11 Assar Westerlund <assar at sics.se>
+
+ * delete_sec_context.c (gss_delete_sec_context): set context to
+ GSS_C_NO_CONTEXT
+
+ * Makefile.am: add {export,import}_sec_context.c
+ * export_sec_context.c: new file
+ * import_sec_context.c: new file
+ * accept_sec_context.c (gss_accept_sec_context): set trans flag
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 0:5:0
+
+2000-01-26 Assar Westerlund <assar at sics.se>
+
+ * delete_sec_context.c (gss_delete_sec_context): handle a NULL
+ output_token
+
+ * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some
+ changes to libdes calls to make them more portable.
+ * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
+ some changes to libdes calls to make them more portable.
+ * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some
+ changes to libdes calls to make them more portable.
+ * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some
+ changes to libdes calls to make them more portable.
+ * 8003.c: update to pseudo-standard APIs for md4,md5,sha.
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 0:4:0
+
+1999-12-26 Assar Westerlund <assar at sics.se>
+
+ * accept_sec_context.c (gss_accept_sec_context): always set
+ `output_token'
+ * init_sec_context.c (init_auth): always initialize `output_token'
+ * delete_sec_context.c (gss_delete_sec_context): always set
+ `output_token'
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 0:3:0
+
+1999-10-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 0:2:0
+
+1999-09-21 Assar Westerlund <assar at sics.se>
+
+ * init_sec_context.c (gss_init_sec_context): initialize `ticket'
+
+ * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick.
+
+ * delete_sec_context.c (gss_delete_sec_context): free ticket
+
+ * accept_sec_context.c (gss_accept_sec_context): stove away
+ `krb5_ticket' in context so that ugly programs such as
+ gss_nt_server can get at it. uck.
+
+1999-09-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * accept_sec_context.c: set minor_status
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * display_status.c (calling_error, routine_error): right shift the
+ code to make it possible to index into the arrays
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * gssapi.h (GSS_C_AF_INET6): add
+
+ * import_name.c (import_hostbased_name): set minor_status
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 0:1:0
+
+Wed Apr 7 14:05:15 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * display_status.c: set minor_status
+
+ * init_sec_context.c: set minor_status
+
+ * lib/gssapi/init.c: remove donep (check gssapi_krb5_context
+ directly)
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,313 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AUTOMAKE_OPTIONS = subdir-objects
+
+AM_CPPFLAGS += -I$(srcdir)/../krb5 \
+ -I$(srcdir) \
+ -I$(srcdir)/mech \
+ $(INCLUDE_hcrypto) \
+ $(INCLUDE_krb4)
+
+lib_LTLIBRARIES = libgssapi.la
+
+krb5src = \
+ krb5/8003.c \
+ krb5/accept_sec_context.c \
+ krb5/acquire_cred.c \
+ krb5/add_cred.c \
+ krb5/address_to_krb5addr.c \
+ krb5/arcfour.c \
+ krb5/canonicalize_name.c \
+ krb5/ccache_name.c \
+ krb5/cfx.c \
+ krb5/cfx.h \
+ krb5/compare_name.c \
+ krb5/compat.c \
+ krb5/context_time.c \
+ krb5/copy_ccache.c \
+ krb5/decapsulate.c \
+ krb5/delete_sec_context.c \
+ krb5/display_name.c \
+ krb5/display_status.c \
+ krb5/duplicate_name.c \
+ krb5/encapsulate.c \
+ krb5/export_name.c \
+ krb5/export_sec_context.c \
+ krb5/external.c \
+ krb5/get_mic.c \
+ krb5/gsskrb5_locl.h \
+ krb5/gsskrb5-private.h \
+ krb5/import_name.c \
+ krb5/import_sec_context.c \
+ krb5/indicate_mechs.c \
+ krb5/init.c \
+ krb5/init_sec_context.c \
+ krb5/inquire_context.c \
+ krb5/inquire_cred.c \
+ krb5/inquire_cred_by_mech.c \
+ krb5/inquire_cred_by_oid.c \
+ krb5/inquire_mechs_for_name.c \
+ krb5/inquire_names_for_mech.c \
+ krb5/inquire_sec_context_by_oid.c \
+ krb5/process_context_token.c \
+ krb5/prf.c \
+ krb5/release_buffer.c \
+ krb5/release_cred.c \
+ krb5/release_name.c \
+ krb5/sequence.c \
+ krb5/set_cred_option.c \
+ krb5/set_sec_context_option.c \
+ krb5/ticket_flags.c \
+ krb5/unwrap.c \
+ krb5/v1.c \
+ krb5/verify_mic.c \
+ krb5/wrap.c
+
+mechsrc = \
+ mech/context.h \
+ mech/context.c \
+ mech/cred.h \
+ mech/gss_accept_sec_context.c \
+ mech/gss_acquire_cred.c \
+ mech/gss_add_cred.c \
+ mech/gss_add_oid_set_member.c \
+ mech/gss_buffer_set.c \
+ mech/gss_canonicalize_name.c \
+ mech/gss_compare_name.c \
+ mech/gss_context_time.c \
+ mech/gss_create_empty_oid_set.c \
+ mech/gss_decapsulate_token.c \
+ mech/gss_delete_sec_context.c \
+ mech/gss_display_name.c \
+ mech/gss_display_status.c \
+ mech/gss_duplicate_name.c \
+ mech/gss_duplicate_oid.c \
+ mech/gss_encapsulate_token.c \
+ mech/gss_export_name.c \
+ mech/gss_export_sec_context.c \
+ mech/gss_get_mic.c \
+ mech/gss_import_name.c \
+ mech/gss_import_sec_context.c \
+ mech/gss_indicate_mechs.c \
+ mech/gss_init_sec_context.c \
+ mech/gss_inquire_context.c \
+ mech/gss_inquire_cred.c \
+ mech/gss_inquire_cred_by_mech.c \
+ mech/gss_inquire_cred_by_oid.c \
+ mech/gss_inquire_mechs_for_name.c \
+ mech/gss_inquire_names_for_mech.c \
+ mech/gss_krb5.c \
+ mech/gss_mech_switch.c \
+ mech/gss_names.c \
+ mech/gss_oid_equal.c \
+ mech/gss_oid_to_str.c \
+ mech/gss_process_context_token.c \
+ mech/gss_pseudo_random.c \
+ mech/gss_release_buffer.c \
+ mech/gss_release_cred.c \
+ mech/gss_release_name.c \
+ mech/gss_release_oid.c \
+ mech/gss_release_oid_set.c \
+ mech/gss_seal.c \
+ mech/gss_set_cred_option.c \
+ mech/gss_set_sec_context_option.c \
+ mech/gss_sign.c \
+ mech/gss_test_oid_set_member.c \
+ mech/gss_unseal.c \
+ mech/gss_unwrap.c \
+ mech/gss_utils.c \
+ mech/gss_verify.c \
+ mech/gss_verify_mic.c \
+ mech/gss_wrap.c \
+ mech/gss_wrap_size_limit.c \
+ mech/gss_inquire_sec_context_by_oid.c \
+ mech/mech_switch.h \
+ mech/mechqueue.h \
+ mech/mech_locl.h \
+ mech/name.h \
+ mech/utils.h
+
+spnegosrc = \
+ spnego/accept_sec_context.c \
+ spnego/compat.c \
+ spnego/context_stubs.c \
+ spnego/cred_stubs.c \
+ spnego/external.c \
+ spnego/init_sec_context.c \
+ spnego/spnego_locl.h \
+ spnego/spnego-private.h
+
+ntlmsrc = \
+ ntlm/accept_sec_context.c \
+ ntlm/acquire_cred.c \
+ ntlm/add_cred.c \
+ ntlm/canonicalize_name.c \
+ ntlm/compare_name.c \
+ ntlm/context_time.c \
+ ntlm/crypto.c \
+ ntlm/delete_sec_context.c \
+ ntlm/display_name.c \
+ ntlm/display_status.c \
+ ntlm/duplicate_name.c \
+ ntlm/export_name.c \
+ ntlm/export_sec_context.c \
+ ntlm/external.c \
+ ntlm/ntlm.h \
+ ntlm/ntlm-private.h \
+ ntlm/import_name.c \
+ ntlm/import_sec_context.c \
+ ntlm/indicate_mechs.c \
+ ntlm/init_sec_context.c \
+ ntlm/inquire_context.c \
+ ntlm/inquire_cred.c \
+ ntlm/inquire_cred_by_mech.c \
+ ntlm/inquire_mechs_for_name.c \
+ ntlm/inquire_names_for_mech.c \
+ ntlm/process_context_token.c \
+ ntlm/release_cred.c \
+ ntlm/release_name.c \
+ ntlm/digest.c
+
+$(srcdir)/ntlm/ntlm-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
+
+dist_libgssapi_la_SOURCES = \
+ $(krb5src) \
+ $(mechsrc) \
+ $(ntlmsrc) \
+ $(spnegosrc)
+
+nodist_libgssapi_la_SOURCES = \
+ gkrb5_err.c \
+ gkrb5_err.h \
+ $(BUILT_SOURCES)
+
+libgssapi_la_LDFLAGS = -version-info 2:0:0
+
+if versionscript
+libgssapi_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+
+libgssapi_la_LIBADD = \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_com_err) \
+ $(LIB_hcrypto) \
+ $(LIBADD_roken)
+
+man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
+
+include_HEADERS = gssapi.h
+noinst_HEADERS = \
+ gssapi_mech.h \
+ ntlm/ntlm-private.h \
+ spnego/spnego-private.h \
+ krb5/gsskrb5-private.h
+nobase_include_HEADERS = \
+ gssapi/gssapi.h \
+ gssapi/gssapi_krb5.h \
+ gssapi/gssapi_spnego.h
+
+gssapidir = $(includedir)/gssapi
+nodist_gssapi_HEADERS = gkrb5_err.h
+
+gssapi_files = asn1_GSSAPIContextToken.x
+
+spnego_files = \
+ asn1_ContextFlags.x \
+ asn1_MechType.x \
+ asn1_MechTypeList.x \
+ asn1_NegotiationToken.x \
+ asn1_NegotiationTokenWin.x \
+ asn1_NegHints.x \
+ asn1_NegTokenInit.x \
+ asn1_NegTokenInitWin.x \
+ asn1_NegTokenResp.x
+
+$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h
+$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h
+$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h
+
+$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
+
+BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
+
+CLEANFILES = $(BUILT_SOURCES) \
+ gkrb5_err.h gkrb5_err.c \
+ $(spnego_files) spnego_asn1.h spnego_asn1_files \
+ $(gssapi_files) gssapi_asn1.h gssapi_asn1_files \
+ gss-commands.h gss-commands.c
+
+$(spnego_files) spnego_asn1.h: spnego_asn1_files
+$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files
+
+spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1
+ ../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1
+
+gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1
+ ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1
+
+$(srcdir)/krb5/gsskrb5-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h
+
+$(srcdir)/spnego/spnego-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p spnego/spnego-private.h $(spnegosrc) || rm -f spnego/spnego-private.h
+
+
+TESTS = test_oid test_names test_cfx
+# test_sequence
+
+test_cfx_SOURCES = krb5/test_cfx.c
+
+check_PROGRAMS = test_acquire_cred $(TESTS)
+
+bin_PROGRAMS = gss
+noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm
+
+test_context_SOURCES = test_context.c test_common.c test_common.h
+test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
+test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
+
+test_ntlm_LDADD = \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(LDADD)
+
+LDADD = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_roken)
+
+# gss
+
+dist_gss_SOURCES = gss.c
+nodist_gss_SOURCES = gss-commands.c gss-commands.h
+
+gss_LDADD = libgssapi.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_readline) \
+ $(LIB_roken)
+
+SLC = $(top_builddir)/lib/sl/slc
+
+gss-commands.c gss-commands.h: gss-commands.in
+ $(SLC) $(srcdir)/gss-commands.in
+
+$(gss_OBJECTS): gss-commands.h
+
+EXTRA_DIST = \
+ $(man_MANS) \
+ krb5/gkrb5_err.et \
+ mech/gssapi.asn1 \
+ spnego/spnego.asn1 \
+ version-script.map \
+ gss-commands.in
+
+# to help stupid solaris make
+
+$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h
+
+gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
+ $(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
Added: vendor-crypto/heimdal/dist/lib/gssapi/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1960 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(nobase_include_HEADERS) \
+ $(noinst_HEADERS) $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+ at versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+TESTS = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
+check_PROGRAMS = test_acquire_cred$(EXEEXT) $(am__EXEEXT_1)
+bin_PROGRAMS = gss$(EXEEXT)
+noinst_PROGRAMS = test_cred$(EXEEXT) test_kcred$(EXEEXT) \
+ test_context$(EXEEXT) test_ntlm$(EXEEXT)
+subdir = lib/gssapi
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
+ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
+ "$(DESTDIR)$(gssapidir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libgssapi_la_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am__dirstamp = $(am__leading_dot)dirstamp
+am__objects_1 = krb5/8003.lo krb5/accept_sec_context.lo \
+ krb5/acquire_cred.lo krb5/add_cred.lo \
+ krb5/address_to_krb5addr.lo krb5/arcfour.lo \
+ krb5/canonicalize_name.lo krb5/ccache_name.lo krb5/cfx.lo \
+ krb5/compare_name.lo krb5/compat.lo krb5/context_time.lo \
+ krb5/copy_ccache.lo krb5/decapsulate.lo \
+ krb5/delete_sec_context.lo krb5/display_name.lo \
+ krb5/display_status.lo krb5/duplicate_name.lo \
+ krb5/encapsulate.lo krb5/export_name.lo \
+ krb5/export_sec_context.lo krb5/external.lo krb5/get_mic.lo \
+ krb5/import_name.lo krb5/import_sec_context.lo \
+ krb5/indicate_mechs.lo krb5/init.lo krb5/init_sec_context.lo \
+ krb5/inquire_context.lo krb5/inquire_cred.lo \
+ krb5/inquire_cred_by_mech.lo krb5/inquire_cred_by_oid.lo \
+ krb5/inquire_mechs_for_name.lo krb5/inquire_names_for_mech.lo \
+ krb5/inquire_sec_context_by_oid.lo \
+ krb5/process_context_token.lo krb5/prf.lo \
+ krb5/release_buffer.lo krb5/release_cred.lo \
+ krb5/release_name.lo krb5/sequence.lo krb5/set_cred_option.lo \
+ krb5/set_sec_context_option.lo krb5/ticket_flags.lo \
+ krb5/unwrap.lo krb5/v1.lo krb5/verify_mic.lo krb5/wrap.lo
+am__objects_2 = mech/context.lo mech/gss_accept_sec_context.lo \
+ mech/gss_acquire_cred.lo mech/gss_add_cred.lo \
+ mech/gss_add_oid_set_member.lo mech/gss_buffer_set.lo \
+ mech/gss_canonicalize_name.lo mech/gss_compare_name.lo \
+ mech/gss_context_time.lo mech/gss_create_empty_oid_set.lo \
+ mech/gss_decapsulate_token.lo mech/gss_delete_sec_context.lo \
+ mech/gss_display_name.lo mech/gss_display_status.lo \
+ mech/gss_duplicate_name.lo mech/gss_duplicate_oid.lo \
+ mech/gss_encapsulate_token.lo mech/gss_export_name.lo \
+ mech/gss_export_sec_context.lo mech/gss_get_mic.lo \
+ mech/gss_import_name.lo mech/gss_import_sec_context.lo \
+ mech/gss_indicate_mechs.lo mech/gss_init_sec_context.lo \
+ mech/gss_inquire_context.lo mech/gss_inquire_cred.lo \
+ mech/gss_inquire_cred_by_mech.lo \
+ mech/gss_inquire_cred_by_oid.lo \
+ mech/gss_inquire_mechs_for_name.lo \
+ mech/gss_inquire_names_for_mech.lo mech/gss_krb5.lo \
+ mech/gss_mech_switch.lo mech/gss_names.lo \
+ mech/gss_oid_equal.lo mech/gss_oid_to_str.lo \
+ mech/gss_process_context_token.lo mech/gss_pseudo_random.lo \
+ mech/gss_release_buffer.lo mech/gss_release_cred.lo \
+ mech/gss_release_name.lo mech/gss_release_oid.lo \
+ mech/gss_release_oid_set.lo mech/gss_seal.lo \
+ mech/gss_set_cred_option.lo mech/gss_set_sec_context_option.lo \
+ mech/gss_sign.lo mech/gss_test_oid_set_member.lo \
+ mech/gss_unseal.lo mech/gss_unwrap.lo mech/gss_utils.lo \
+ mech/gss_verify.lo mech/gss_verify_mic.lo mech/gss_wrap.lo \
+ mech/gss_wrap_size_limit.lo \
+ mech/gss_inquire_sec_context_by_oid.lo
+am__objects_3 = ntlm/accept_sec_context.lo ntlm/acquire_cred.lo \
+ ntlm/add_cred.lo ntlm/canonicalize_name.lo \
+ ntlm/compare_name.lo ntlm/context_time.lo ntlm/crypto.lo \
+ ntlm/delete_sec_context.lo ntlm/display_name.lo \
+ ntlm/display_status.lo ntlm/duplicate_name.lo \
+ ntlm/export_name.lo ntlm/export_sec_context.lo \
+ ntlm/external.lo ntlm/import_name.lo \
+ ntlm/import_sec_context.lo ntlm/indicate_mechs.lo \
+ ntlm/init_sec_context.lo ntlm/inquire_context.lo \
+ ntlm/inquire_cred.lo ntlm/inquire_cred_by_mech.lo \
+ ntlm/inquire_mechs_for_name.lo ntlm/inquire_names_for_mech.lo \
+ ntlm/process_context_token.lo ntlm/release_cred.lo \
+ ntlm/release_name.lo ntlm/digest.lo
+am__objects_4 = spnego/accept_sec_context.lo spnego/compat.lo \
+ spnego/context_stubs.lo spnego/cred_stubs.lo \
+ spnego/external.lo spnego/init_sec_context.lo
+dist_libgssapi_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
+ $(am__objects_3) $(am__objects_4)
+am__objects_5 = asn1_ContextFlags.lo asn1_MechType.lo \
+ asn1_MechTypeList.lo asn1_NegotiationToken.lo \
+ asn1_NegotiationTokenWin.lo asn1_NegHints.lo \
+ asn1_NegTokenInit.lo asn1_NegTokenInitWin.lo \
+ asn1_NegTokenResp.lo
+am__objects_6 = asn1_GSSAPIContextToken.lo
+am__objects_7 = $(am__objects_5) $(am__objects_6)
+nodist_libgssapi_la_OBJECTS = gkrb5_err.lo $(am__objects_7)
+libgssapi_la_OBJECTS = $(dist_libgssapi_la_OBJECTS) \
+ $(nodist_libgssapi_la_OBJECTS)
+libgssapi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libgssapi_la_LDFLAGS) $(LDFLAGS) -o $@
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+am__EXEEXT_1 = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
+dist_gss_OBJECTS = gss.$(OBJEXT)
+nodist_gss_OBJECTS = gss-commands.$(OBJEXT)
+gss_OBJECTS = $(dist_gss_OBJECTS) $(nodist_gss_OBJECTS)
+gss_DEPENDENCIES = libgssapi.la $(top_builddir)/lib/sl/libsl.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am_test_acquire_cred_OBJECTS = test_acquire_cred.$(OBJEXT) \
+ test_common.$(OBJEXT)
+test_acquire_cred_OBJECTS = $(am_test_acquire_cred_OBJECTS)
+test_acquire_cred_LDADD = $(LDADD)
+test_acquire_cred_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+am_test_cfx_OBJECTS = krb5/test_cfx.$(OBJEXT)
+test_cfx_OBJECTS = $(am_test_cfx_OBJECTS)
+test_cfx_LDADD = $(LDADD)
+test_cfx_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+am_test_context_OBJECTS = test_context.$(OBJEXT) test_common.$(OBJEXT)
+test_context_OBJECTS = $(am_test_context_OBJECTS)
+test_context_LDADD = $(LDADD)
+test_context_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+test_cred_SOURCES = test_cred.c
+test_cred_OBJECTS = test_cred.$(OBJEXT)
+test_cred_LDADD = $(LDADD)
+test_cred_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+test_kcred_SOURCES = test_kcred.c
+test_kcred_OBJECTS = test_kcred.$(OBJEXT)
+test_kcred_LDADD = $(LDADD)
+test_kcred_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+test_names_SOURCES = test_names.c
+test_names_OBJECTS = test_names.$(OBJEXT)
+test_names_LDADD = $(LDADD)
+test_names_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+am_test_ntlm_OBJECTS = test_ntlm.$(OBJEXT) test_common.$(OBJEXT)
+test_ntlm_OBJECTS = $(am_test_ntlm_OBJECTS)
+am__DEPENDENCIES_2 = libgssapi.la $(top_builddir)/lib/krb5/libkrb5.la \
+ $(am__DEPENDENCIES_1)
+test_ntlm_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(am__DEPENDENCIES_2)
+test_oid_SOURCES = test_oid.c
+test_oid_OBJECTS = test_oid.$(OBJEXT)
+test_oid_LDADD = $(LDADD)
+test_oid_DEPENDENCIES = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(dist_libgssapi_la_SOURCES) $(nodist_libgssapi_la_SOURCES) \
+ $(dist_gss_SOURCES) $(nodist_gss_SOURCES) \
+ $(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
+ $(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
+ $(test_ntlm_SOURCES) test_oid.c
+DIST_SOURCES = $(dist_libgssapi_la_SOURCES) $(dist_gss_SOURCES) \
+ $(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \
+ $(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \
+ $(test_ntlm_SOURCES) test_oid.c
+man3dir = $(mandir)/man3
+man5dir = $(mandir)/man5
+MANS = $(man_MANS)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nobase_includeHEADERS_INSTALL = $(install_sh_DATA)
+nodist_gssapiHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \
+ $(nodist_gssapi_HEADERS) $(noinst_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ -I$(srcdir)/../krb5 -I$(srcdir) -I$(srcdir)/mech \
+ $(INCLUDE_hcrypto) $(INCLUDE_krb4)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+AUTOMAKE_OPTIONS = subdir-objects
+lib_LTLIBRARIES = libgssapi.la
+krb5src = \
+ krb5/8003.c \
+ krb5/accept_sec_context.c \
+ krb5/acquire_cred.c \
+ krb5/add_cred.c \
+ krb5/address_to_krb5addr.c \
+ krb5/arcfour.c \
+ krb5/canonicalize_name.c \
+ krb5/ccache_name.c \
+ krb5/cfx.c \
+ krb5/cfx.h \
+ krb5/compare_name.c \
+ krb5/compat.c \
+ krb5/context_time.c \
+ krb5/copy_ccache.c \
+ krb5/decapsulate.c \
+ krb5/delete_sec_context.c \
+ krb5/display_name.c \
+ krb5/display_status.c \
+ krb5/duplicate_name.c \
+ krb5/encapsulate.c \
+ krb5/export_name.c \
+ krb5/export_sec_context.c \
+ krb5/external.c \
+ krb5/get_mic.c \
+ krb5/gsskrb5_locl.h \
+ krb5/gsskrb5-private.h \
+ krb5/import_name.c \
+ krb5/import_sec_context.c \
+ krb5/indicate_mechs.c \
+ krb5/init.c \
+ krb5/init_sec_context.c \
+ krb5/inquire_context.c \
+ krb5/inquire_cred.c \
+ krb5/inquire_cred_by_mech.c \
+ krb5/inquire_cred_by_oid.c \
+ krb5/inquire_mechs_for_name.c \
+ krb5/inquire_names_for_mech.c \
+ krb5/inquire_sec_context_by_oid.c \
+ krb5/process_context_token.c \
+ krb5/prf.c \
+ krb5/release_buffer.c \
+ krb5/release_cred.c \
+ krb5/release_name.c \
+ krb5/sequence.c \
+ krb5/set_cred_option.c \
+ krb5/set_sec_context_option.c \
+ krb5/ticket_flags.c \
+ krb5/unwrap.c \
+ krb5/v1.c \
+ krb5/verify_mic.c \
+ krb5/wrap.c
+
+mechsrc = \
+ mech/context.h \
+ mech/context.c \
+ mech/cred.h \
+ mech/gss_accept_sec_context.c \
+ mech/gss_acquire_cred.c \
+ mech/gss_add_cred.c \
+ mech/gss_add_oid_set_member.c \
+ mech/gss_buffer_set.c \
+ mech/gss_canonicalize_name.c \
+ mech/gss_compare_name.c \
+ mech/gss_context_time.c \
+ mech/gss_create_empty_oid_set.c \
+ mech/gss_decapsulate_token.c \
+ mech/gss_delete_sec_context.c \
+ mech/gss_display_name.c \
+ mech/gss_display_status.c \
+ mech/gss_duplicate_name.c \
+ mech/gss_duplicate_oid.c \
+ mech/gss_encapsulate_token.c \
+ mech/gss_export_name.c \
+ mech/gss_export_sec_context.c \
+ mech/gss_get_mic.c \
+ mech/gss_import_name.c \
+ mech/gss_import_sec_context.c \
+ mech/gss_indicate_mechs.c \
+ mech/gss_init_sec_context.c \
+ mech/gss_inquire_context.c \
+ mech/gss_inquire_cred.c \
+ mech/gss_inquire_cred_by_mech.c \
+ mech/gss_inquire_cred_by_oid.c \
+ mech/gss_inquire_mechs_for_name.c \
+ mech/gss_inquire_names_for_mech.c \
+ mech/gss_krb5.c \
+ mech/gss_mech_switch.c \
+ mech/gss_names.c \
+ mech/gss_oid_equal.c \
+ mech/gss_oid_to_str.c \
+ mech/gss_process_context_token.c \
+ mech/gss_pseudo_random.c \
+ mech/gss_release_buffer.c \
+ mech/gss_release_cred.c \
+ mech/gss_release_name.c \
+ mech/gss_release_oid.c \
+ mech/gss_release_oid_set.c \
+ mech/gss_seal.c \
+ mech/gss_set_cred_option.c \
+ mech/gss_set_sec_context_option.c \
+ mech/gss_sign.c \
+ mech/gss_test_oid_set_member.c \
+ mech/gss_unseal.c \
+ mech/gss_unwrap.c \
+ mech/gss_utils.c \
+ mech/gss_verify.c \
+ mech/gss_verify_mic.c \
+ mech/gss_wrap.c \
+ mech/gss_wrap_size_limit.c \
+ mech/gss_inquire_sec_context_by_oid.c \
+ mech/mech_switch.h \
+ mech/mechqueue.h \
+ mech/mech_locl.h \
+ mech/name.h \
+ mech/utils.h
+
+spnegosrc = \
+ spnego/accept_sec_context.c \
+ spnego/compat.c \
+ spnego/context_stubs.c \
+ spnego/cred_stubs.c \
+ spnego/external.c \
+ spnego/init_sec_context.c \
+ spnego/spnego_locl.h \
+ spnego/spnego-private.h
+
+ntlmsrc = \
+ ntlm/accept_sec_context.c \
+ ntlm/acquire_cred.c \
+ ntlm/add_cred.c \
+ ntlm/canonicalize_name.c \
+ ntlm/compare_name.c \
+ ntlm/context_time.c \
+ ntlm/crypto.c \
+ ntlm/delete_sec_context.c \
+ ntlm/display_name.c \
+ ntlm/display_status.c \
+ ntlm/duplicate_name.c \
+ ntlm/export_name.c \
+ ntlm/export_sec_context.c \
+ ntlm/external.c \
+ ntlm/ntlm.h \
+ ntlm/ntlm-private.h \
+ ntlm/import_name.c \
+ ntlm/import_sec_context.c \
+ ntlm/indicate_mechs.c \
+ ntlm/init_sec_context.c \
+ ntlm/inquire_context.c \
+ ntlm/inquire_cred.c \
+ ntlm/inquire_cred_by_mech.c \
+ ntlm/inquire_mechs_for_name.c \
+ ntlm/inquire_names_for_mech.c \
+ ntlm/process_context_token.c \
+ ntlm/release_cred.c \
+ ntlm/release_name.c \
+ ntlm/digest.c
+
+dist_libgssapi_la_SOURCES = \
+ $(krb5src) \
+ $(mechsrc) \
+ $(ntlmsrc) \
+ $(spnegosrc)
+
+nodist_libgssapi_la_SOURCES = \
+ gkrb5_err.c \
+ gkrb5_err.h \
+ $(BUILT_SOURCES)
+
+libgssapi_la_LDFLAGS = -version-info 2:0:0 $(am__append_1)
+libgssapi_la_LIBADD = \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_com_err) \
+ $(LIB_hcrypto) \
+ $(LIBADD_roken)
+
+man_MANS = gssapi.3 gss_acquire_cred.3 mech/mech.5
+include_HEADERS = gssapi.h
+noinst_HEADERS = \
+ gssapi_mech.h \
+ ntlm/ntlm-private.h \
+ spnego/spnego-private.h \
+ krb5/gsskrb5-private.h
+
+nobase_include_HEADERS = \
+ gssapi/gssapi.h \
+ gssapi/gssapi_krb5.h \
+ gssapi/gssapi_spnego.h
+
+gssapidir = $(includedir)/gssapi
+nodist_gssapi_HEADERS = gkrb5_err.h
+gssapi_files = asn1_GSSAPIContextToken.x
+spnego_files = \
+ asn1_ContextFlags.x \
+ asn1_MechType.x \
+ asn1_MechTypeList.x \
+ asn1_NegotiationToken.x \
+ asn1_NegotiationTokenWin.x \
+ asn1_NegHints.x \
+ asn1_NegTokenInit.x \
+ asn1_NegTokenInitWin.x \
+ asn1_NegTokenResp.x
+
+BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c)
+CLEANFILES = $(BUILT_SOURCES) \
+ gkrb5_err.h gkrb5_err.c \
+ $(spnego_files) spnego_asn1.h spnego_asn1_files \
+ $(gssapi_files) gssapi_asn1.h gssapi_asn1_files \
+ gss-commands.h gss-commands.c
+
+# test_sequence
+test_cfx_SOURCES = krb5/test_cfx.c
+test_context_SOURCES = test_context.c test_common.c test_common.h
+test_ntlm_SOURCES = test_ntlm.c test_common.c test_common.h
+test_acquire_cred_SOURCES = test_acquire_cred.c test_common.c test_common.h
+test_ntlm_LDADD = \
+ $(top_builddir)/lib/ntlm/libheimntlm.la \
+ $(LDADD)
+
+LDADD = libgssapi.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_roken)
+
+
+# gss
+dist_gss_SOURCES = gss.c
+nodist_gss_SOURCES = gss-commands.c gss-commands.h
+gss_LDADD = libgssapi.la \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(LIB_readline) \
+ $(LIB_roken)
+
+SLC = $(top_builddir)/lib/sl/slc
+EXTRA_DIST = \
+ $(man_MANS) \
+ krb5/gkrb5_err.et \
+ mech/gssapi.asn1 \
+ spnego/spnego.asn1 \
+ version-script.map \
+ gss-commands.in
+
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/gssapi/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/gssapi/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+krb5/$(am__dirstamp):
+ @$(MKDIR_P) krb5
+ @: > krb5/$(am__dirstamp)
+krb5/8003.lo: krb5/$(am__dirstamp)
+krb5/accept_sec_context.lo: krb5/$(am__dirstamp)
+krb5/acquire_cred.lo: krb5/$(am__dirstamp)
+krb5/add_cred.lo: krb5/$(am__dirstamp)
+krb5/address_to_krb5addr.lo: krb5/$(am__dirstamp)
+krb5/arcfour.lo: krb5/$(am__dirstamp)
+krb5/canonicalize_name.lo: krb5/$(am__dirstamp)
+krb5/ccache_name.lo: krb5/$(am__dirstamp)
+krb5/cfx.lo: krb5/$(am__dirstamp)
+krb5/compare_name.lo: krb5/$(am__dirstamp)
+krb5/compat.lo: krb5/$(am__dirstamp)
+krb5/context_time.lo: krb5/$(am__dirstamp)
+krb5/copy_ccache.lo: krb5/$(am__dirstamp)
+krb5/decapsulate.lo: krb5/$(am__dirstamp)
+krb5/delete_sec_context.lo: krb5/$(am__dirstamp)
+krb5/display_name.lo: krb5/$(am__dirstamp)
+krb5/display_status.lo: krb5/$(am__dirstamp)
+krb5/duplicate_name.lo: krb5/$(am__dirstamp)
+krb5/encapsulate.lo: krb5/$(am__dirstamp)
+krb5/export_name.lo: krb5/$(am__dirstamp)
+krb5/export_sec_context.lo: krb5/$(am__dirstamp)
+krb5/external.lo: krb5/$(am__dirstamp)
+krb5/get_mic.lo: krb5/$(am__dirstamp)
+krb5/import_name.lo: krb5/$(am__dirstamp)
+krb5/import_sec_context.lo: krb5/$(am__dirstamp)
+krb5/indicate_mechs.lo: krb5/$(am__dirstamp)
+krb5/init.lo: krb5/$(am__dirstamp)
+krb5/init_sec_context.lo: krb5/$(am__dirstamp)
+krb5/inquire_context.lo: krb5/$(am__dirstamp)
+krb5/inquire_cred.lo: krb5/$(am__dirstamp)
+krb5/inquire_cred_by_mech.lo: krb5/$(am__dirstamp)
+krb5/inquire_cred_by_oid.lo: krb5/$(am__dirstamp)
+krb5/inquire_mechs_for_name.lo: krb5/$(am__dirstamp)
+krb5/inquire_names_for_mech.lo: krb5/$(am__dirstamp)
+krb5/inquire_sec_context_by_oid.lo: krb5/$(am__dirstamp)
+krb5/process_context_token.lo: krb5/$(am__dirstamp)
+krb5/prf.lo: krb5/$(am__dirstamp)
+krb5/release_buffer.lo: krb5/$(am__dirstamp)
+krb5/release_cred.lo: krb5/$(am__dirstamp)
+krb5/release_name.lo: krb5/$(am__dirstamp)
+krb5/sequence.lo: krb5/$(am__dirstamp)
+krb5/set_cred_option.lo: krb5/$(am__dirstamp)
+krb5/set_sec_context_option.lo: krb5/$(am__dirstamp)
+krb5/ticket_flags.lo: krb5/$(am__dirstamp)
+krb5/unwrap.lo: krb5/$(am__dirstamp)
+krb5/v1.lo: krb5/$(am__dirstamp)
+krb5/verify_mic.lo: krb5/$(am__dirstamp)
+krb5/wrap.lo: krb5/$(am__dirstamp)
+mech/$(am__dirstamp):
+ @$(MKDIR_P) mech
+ @: > mech/$(am__dirstamp)
+mech/context.lo: mech/$(am__dirstamp)
+mech/gss_accept_sec_context.lo: mech/$(am__dirstamp)
+mech/gss_acquire_cred.lo: mech/$(am__dirstamp)
+mech/gss_add_cred.lo: mech/$(am__dirstamp)
+mech/gss_add_oid_set_member.lo: mech/$(am__dirstamp)
+mech/gss_buffer_set.lo: mech/$(am__dirstamp)
+mech/gss_canonicalize_name.lo: mech/$(am__dirstamp)
+mech/gss_compare_name.lo: mech/$(am__dirstamp)
+mech/gss_context_time.lo: mech/$(am__dirstamp)
+mech/gss_create_empty_oid_set.lo: mech/$(am__dirstamp)
+mech/gss_decapsulate_token.lo: mech/$(am__dirstamp)
+mech/gss_delete_sec_context.lo: mech/$(am__dirstamp)
+mech/gss_display_name.lo: mech/$(am__dirstamp)
+mech/gss_display_status.lo: mech/$(am__dirstamp)
+mech/gss_duplicate_name.lo: mech/$(am__dirstamp)
+mech/gss_duplicate_oid.lo: mech/$(am__dirstamp)
+mech/gss_encapsulate_token.lo: mech/$(am__dirstamp)
+mech/gss_export_name.lo: mech/$(am__dirstamp)
+mech/gss_export_sec_context.lo: mech/$(am__dirstamp)
+mech/gss_get_mic.lo: mech/$(am__dirstamp)
+mech/gss_import_name.lo: mech/$(am__dirstamp)
+mech/gss_import_sec_context.lo: mech/$(am__dirstamp)
+mech/gss_indicate_mechs.lo: mech/$(am__dirstamp)
+mech/gss_init_sec_context.lo: mech/$(am__dirstamp)
+mech/gss_inquire_context.lo: mech/$(am__dirstamp)
+mech/gss_inquire_cred.lo: mech/$(am__dirstamp)
+mech/gss_inquire_cred_by_mech.lo: mech/$(am__dirstamp)
+mech/gss_inquire_cred_by_oid.lo: mech/$(am__dirstamp)
+mech/gss_inquire_mechs_for_name.lo: mech/$(am__dirstamp)
+mech/gss_inquire_names_for_mech.lo: mech/$(am__dirstamp)
+mech/gss_krb5.lo: mech/$(am__dirstamp)
+mech/gss_mech_switch.lo: mech/$(am__dirstamp)
+mech/gss_names.lo: mech/$(am__dirstamp)
+mech/gss_oid_equal.lo: mech/$(am__dirstamp)
+mech/gss_oid_to_str.lo: mech/$(am__dirstamp)
+mech/gss_process_context_token.lo: mech/$(am__dirstamp)
+mech/gss_pseudo_random.lo: mech/$(am__dirstamp)
+mech/gss_release_buffer.lo: mech/$(am__dirstamp)
+mech/gss_release_cred.lo: mech/$(am__dirstamp)
+mech/gss_release_name.lo: mech/$(am__dirstamp)
+mech/gss_release_oid.lo: mech/$(am__dirstamp)
+mech/gss_release_oid_set.lo: mech/$(am__dirstamp)
+mech/gss_seal.lo: mech/$(am__dirstamp)
+mech/gss_set_cred_option.lo: mech/$(am__dirstamp)
+mech/gss_set_sec_context_option.lo: mech/$(am__dirstamp)
+mech/gss_sign.lo: mech/$(am__dirstamp)
+mech/gss_test_oid_set_member.lo: mech/$(am__dirstamp)
+mech/gss_unseal.lo: mech/$(am__dirstamp)
+mech/gss_unwrap.lo: mech/$(am__dirstamp)
+mech/gss_utils.lo: mech/$(am__dirstamp)
+mech/gss_verify.lo: mech/$(am__dirstamp)
+mech/gss_verify_mic.lo: mech/$(am__dirstamp)
+mech/gss_wrap.lo: mech/$(am__dirstamp)
+mech/gss_wrap_size_limit.lo: mech/$(am__dirstamp)
+mech/gss_inquire_sec_context_by_oid.lo: mech/$(am__dirstamp)
+ntlm/$(am__dirstamp):
+ @$(MKDIR_P) ntlm
+ @: > ntlm/$(am__dirstamp)
+ntlm/accept_sec_context.lo: ntlm/$(am__dirstamp)
+ntlm/acquire_cred.lo: ntlm/$(am__dirstamp)
+ntlm/add_cred.lo: ntlm/$(am__dirstamp)
+ntlm/canonicalize_name.lo: ntlm/$(am__dirstamp)
+ntlm/compare_name.lo: ntlm/$(am__dirstamp)
+ntlm/context_time.lo: ntlm/$(am__dirstamp)
+ntlm/crypto.lo: ntlm/$(am__dirstamp)
+ntlm/delete_sec_context.lo: ntlm/$(am__dirstamp)
+ntlm/display_name.lo: ntlm/$(am__dirstamp)
+ntlm/display_status.lo: ntlm/$(am__dirstamp)
+ntlm/duplicate_name.lo: ntlm/$(am__dirstamp)
+ntlm/export_name.lo: ntlm/$(am__dirstamp)
+ntlm/export_sec_context.lo: ntlm/$(am__dirstamp)
+ntlm/external.lo: ntlm/$(am__dirstamp)
+ntlm/import_name.lo: ntlm/$(am__dirstamp)
+ntlm/import_sec_context.lo: ntlm/$(am__dirstamp)
+ntlm/indicate_mechs.lo: ntlm/$(am__dirstamp)
+ntlm/init_sec_context.lo: ntlm/$(am__dirstamp)
+ntlm/inquire_context.lo: ntlm/$(am__dirstamp)
+ntlm/inquire_cred.lo: ntlm/$(am__dirstamp)
+ntlm/inquire_cred_by_mech.lo: ntlm/$(am__dirstamp)
+ntlm/inquire_mechs_for_name.lo: ntlm/$(am__dirstamp)
+ntlm/inquire_names_for_mech.lo: ntlm/$(am__dirstamp)
+ntlm/process_context_token.lo: ntlm/$(am__dirstamp)
+ntlm/release_cred.lo: ntlm/$(am__dirstamp)
+ntlm/release_name.lo: ntlm/$(am__dirstamp)
+ntlm/digest.lo: ntlm/$(am__dirstamp)
+spnego/$(am__dirstamp):
+ @$(MKDIR_P) spnego
+ @: > spnego/$(am__dirstamp)
+spnego/accept_sec_context.lo: spnego/$(am__dirstamp)
+spnego/compat.lo: spnego/$(am__dirstamp)
+spnego/context_stubs.lo: spnego/$(am__dirstamp)
+spnego/cred_stubs.lo: spnego/$(am__dirstamp)
+spnego/external.lo: spnego/$(am__dirstamp)
+spnego/init_sec_context.lo: spnego/$(am__dirstamp)
+libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES)
+ $(libgssapi_la_LINK) -rpath $(libdir) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+gss$(EXEEXT): $(gss_OBJECTS) $(gss_DEPENDENCIES)
+ @rm -f gss$(EXEEXT)
+ $(LINK) $(gss_OBJECTS) $(gss_LDADD) $(LIBS)
+test_acquire_cred$(EXEEXT): $(test_acquire_cred_OBJECTS) $(test_acquire_cred_DEPENDENCIES)
+ @rm -f test_acquire_cred$(EXEEXT)
+ $(LINK) $(test_acquire_cred_OBJECTS) $(test_acquire_cred_LDADD) $(LIBS)
+krb5/test_cfx.$(OBJEXT): krb5/$(am__dirstamp)
+test_cfx$(EXEEXT): $(test_cfx_OBJECTS) $(test_cfx_DEPENDENCIES)
+ @rm -f test_cfx$(EXEEXT)
+ $(LINK) $(test_cfx_OBJECTS) $(test_cfx_LDADD) $(LIBS)
+test_context$(EXEEXT): $(test_context_OBJECTS) $(test_context_DEPENDENCIES)
+ @rm -f test_context$(EXEEXT)
+ $(LINK) $(test_context_OBJECTS) $(test_context_LDADD) $(LIBS)
+test_cred$(EXEEXT): $(test_cred_OBJECTS) $(test_cred_DEPENDENCIES)
+ @rm -f test_cred$(EXEEXT)
+ $(LINK) $(test_cred_OBJECTS) $(test_cred_LDADD) $(LIBS)
+test_kcred$(EXEEXT): $(test_kcred_OBJECTS) $(test_kcred_DEPENDENCIES)
+ @rm -f test_kcred$(EXEEXT)
+ $(LINK) $(test_kcred_OBJECTS) $(test_kcred_LDADD) $(LIBS)
+test_names$(EXEEXT): $(test_names_OBJECTS) $(test_names_DEPENDENCIES)
+ @rm -f test_names$(EXEEXT)
+ $(LINK) $(test_names_OBJECTS) $(test_names_LDADD) $(LIBS)
+test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES)
+ @rm -f test_ntlm$(EXEEXT)
+ $(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
+test_oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES)
+ @rm -f test_oid$(EXEEXT)
+ $(LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+ -rm -f krb5/8003.$(OBJEXT)
+ -rm -f krb5/8003.lo
+ -rm -f krb5/accept_sec_context.$(OBJEXT)
+ -rm -f krb5/accept_sec_context.lo
+ -rm -f krb5/acquire_cred.$(OBJEXT)
+ -rm -f krb5/acquire_cred.lo
+ -rm -f krb5/add_cred.$(OBJEXT)
+ -rm -f krb5/add_cred.lo
+ -rm -f krb5/address_to_krb5addr.$(OBJEXT)
+ -rm -f krb5/address_to_krb5addr.lo
+ -rm -f krb5/arcfour.$(OBJEXT)
+ -rm -f krb5/arcfour.lo
+ -rm -f krb5/canonicalize_name.$(OBJEXT)
+ -rm -f krb5/canonicalize_name.lo
+ -rm -f krb5/ccache_name.$(OBJEXT)
+ -rm -f krb5/ccache_name.lo
+ -rm -f krb5/cfx.$(OBJEXT)
+ -rm -f krb5/cfx.lo
+ -rm -f krb5/compare_name.$(OBJEXT)
+ -rm -f krb5/compare_name.lo
+ -rm -f krb5/compat.$(OBJEXT)
+ -rm -f krb5/compat.lo
+ -rm -f krb5/context_time.$(OBJEXT)
+ -rm -f krb5/context_time.lo
+ -rm -f krb5/copy_ccache.$(OBJEXT)
+ -rm -f krb5/copy_ccache.lo
+ -rm -f krb5/decapsulate.$(OBJEXT)
+ -rm -f krb5/decapsulate.lo
+ -rm -f krb5/delete_sec_context.$(OBJEXT)
+ -rm -f krb5/delete_sec_context.lo
+ -rm -f krb5/display_name.$(OBJEXT)
+ -rm -f krb5/display_name.lo
+ -rm -f krb5/display_status.$(OBJEXT)
+ -rm -f krb5/display_status.lo
+ -rm -f krb5/duplicate_name.$(OBJEXT)
+ -rm -f krb5/duplicate_name.lo
+ -rm -f krb5/encapsulate.$(OBJEXT)
+ -rm -f krb5/encapsulate.lo
+ -rm -f krb5/export_name.$(OBJEXT)
+ -rm -f krb5/export_name.lo
+ -rm -f krb5/export_sec_context.$(OBJEXT)
+ -rm -f krb5/export_sec_context.lo
+ -rm -f krb5/external.$(OBJEXT)
+ -rm -f krb5/external.lo
+ -rm -f krb5/get_mic.$(OBJEXT)
+ -rm -f krb5/get_mic.lo
+ -rm -f krb5/import_name.$(OBJEXT)
+ -rm -f krb5/import_name.lo
+ -rm -f krb5/import_sec_context.$(OBJEXT)
+ -rm -f krb5/import_sec_context.lo
+ -rm -f krb5/indicate_mechs.$(OBJEXT)
+ -rm -f krb5/indicate_mechs.lo
+ -rm -f krb5/init.$(OBJEXT)
+ -rm -f krb5/init.lo
+ -rm -f krb5/init_sec_context.$(OBJEXT)
+ -rm -f krb5/init_sec_context.lo
+ -rm -f krb5/inquire_context.$(OBJEXT)
+ -rm -f krb5/inquire_context.lo
+ -rm -f krb5/inquire_cred.$(OBJEXT)
+ -rm -f krb5/inquire_cred.lo
+ -rm -f krb5/inquire_cred_by_mech.$(OBJEXT)
+ -rm -f krb5/inquire_cred_by_mech.lo
+ -rm -f krb5/inquire_cred_by_oid.$(OBJEXT)
+ -rm -f krb5/inquire_cred_by_oid.lo
+ -rm -f krb5/inquire_mechs_for_name.$(OBJEXT)
+ -rm -f krb5/inquire_mechs_for_name.lo
+ -rm -f krb5/inquire_names_for_mech.$(OBJEXT)
+ -rm -f krb5/inquire_names_for_mech.lo
+ -rm -f krb5/inquire_sec_context_by_oid.$(OBJEXT)
+ -rm -f krb5/inquire_sec_context_by_oid.lo
+ -rm -f krb5/prf.$(OBJEXT)
+ -rm -f krb5/prf.lo
+ -rm -f krb5/process_context_token.$(OBJEXT)
+ -rm -f krb5/process_context_token.lo
+ -rm -f krb5/release_buffer.$(OBJEXT)
+ -rm -f krb5/release_buffer.lo
+ -rm -f krb5/release_cred.$(OBJEXT)
+ -rm -f krb5/release_cred.lo
+ -rm -f krb5/release_name.$(OBJEXT)
+ -rm -f krb5/release_name.lo
+ -rm -f krb5/sequence.$(OBJEXT)
+ -rm -f krb5/sequence.lo
+ -rm -f krb5/set_cred_option.$(OBJEXT)
+ -rm -f krb5/set_cred_option.lo
+ -rm -f krb5/set_sec_context_option.$(OBJEXT)
+ -rm -f krb5/set_sec_context_option.lo
+ -rm -f krb5/test_cfx.$(OBJEXT)
+ -rm -f krb5/ticket_flags.$(OBJEXT)
+ -rm -f krb5/ticket_flags.lo
+ -rm -f krb5/unwrap.$(OBJEXT)
+ -rm -f krb5/unwrap.lo
+ -rm -f krb5/v1.$(OBJEXT)
+ -rm -f krb5/v1.lo
+ -rm -f krb5/verify_mic.$(OBJEXT)
+ -rm -f krb5/verify_mic.lo
+ -rm -f krb5/wrap.$(OBJEXT)
+ -rm -f krb5/wrap.lo
+ -rm -f mech/context.$(OBJEXT)
+ -rm -f mech/context.lo
+ -rm -f mech/gss_accept_sec_context.$(OBJEXT)
+ -rm -f mech/gss_accept_sec_context.lo
+ -rm -f mech/gss_acquire_cred.$(OBJEXT)
+ -rm -f mech/gss_acquire_cred.lo
+ -rm -f mech/gss_add_cred.$(OBJEXT)
+ -rm -f mech/gss_add_cred.lo
+ -rm -f mech/gss_add_oid_set_member.$(OBJEXT)
+ -rm -f mech/gss_add_oid_set_member.lo
+ -rm -f mech/gss_buffer_set.$(OBJEXT)
+ -rm -f mech/gss_buffer_set.lo
+ -rm -f mech/gss_canonicalize_name.$(OBJEXT)
+ -rm -f mech/gss_canonicalize_name.lo
+ -rm -f mech/gss_compare_name.$(OBJEXT)
+ -rm -f mech/gss_compare_name.lo
+ -rm -f mech/gss_context_time.$(OBJEXT)
+ -rm -f mech/gss_context_time.lo
+ -rm -f mech/gss_create_empty_oid_set.$(OBJEXT)
+ -rm -f mech/gss_create_empty_oid_set.lo
+ -rm -f mech/gss_decapsulate_token.$(OBJEXT)
+ -rm -f mech/gss_decapsulate_token.lo
+ -rm -f mech/gss_delete_sec_context.$(OBJEXT)
+ -rm -f mech/gss_delete_sec_context.lo
+ -rm -f mech/gss_display_name.$(OBJEXT)
+ -rm -f mech/gss_display_name.lo
+ -rm -f mech/gss_display_status.$(OBJEXT)
+ -rm -f mech/gss_display_status.lo
+ -rm -f mech/gss_duplicate_name.$(OBJEXT)
+ -rm -f mech/gss_duplicate_name.lo
+ -rm -f mech/gss_duplicate_oid.$(OBJEXT)
+ -rm -f mech/gss_duplicate_oid.lo
+ -rm -f mech/gss_encapsulate_token.$(OBJEXT)
+ -rm -f mech/gss_encapsulate_token.lo
+ -rm -f mech/gss_export_name.$(OBJEXT)
+ -rm -f mech/gss_export_name.lo
+ -rm -f mech/gss_export_sec_context.$(OBJEXT)
+ -rm -f mech/gss_export_sec_context.lo
+ -rm -f mech/gss_get_mic.$(OBJEXT)
+ -rm -f mech/gss_get_mic.lo
+ -rm -f mech/gss_import_name.$(OBJEXT)
+ -rm -f mech/gss_import_name.lo
+ -rm -f mech/gss_import_sec_context.$(OBJEXT)
+ -rm -f mech/gss_import_sec_context.lo
+ -rm -f mech/gss_indicate_mechs.$(OBJEXT)
+ -rm -f mech/gss_indicate_mechs.lo
+ -rm -f mech/gss_init_sec_context.$(OBJEXT)
+ -rm -f mech/gss_init_sec_context.lo
+ -rm -f mech/gss_inquire_context.$(OBJEXT)
+ -rm -f mech/gss_inquire_context.lo
+ -rm -f mech/gss_inquire_cred.$(OBJEXT)
+ -rm -f mech/gss_inquire_cred.lo
+ -rm -f mech/gss_inquire_cred_by_mech.$(OBJEXT)
+ -rm -f mech/gss_inquire_cred_by_mech.lo
+ -rm -f mech/gss_inquire_cred_by_oid.$(OBJEXT)
+ -rm -f mech/gss_inquire_cred_by_oid.lo
+ -rm -f mech/gss_inquire_mechs_for_name.$(OBJEXT)
+ -rm -f mech/gss_inquire_mechs_for_name.lo
+ -rm -f mech/gss_inquire_names_for_mech.$(OBJEXT)
+ -rm -f mech/gss_inquire_names_for_mech.lo
+ -rm -f mech/gss_inquire_sec_context_by_oid.$(OBJEXT)
+ -rm -f mech/gss_inquire_sec_context_by_oid.lo
+ -rm -f mech/gss_krb5.$(OBJEXT)
+ -rm -f mech/gss_krb5.lo
+ -rm -f mech/gss_mech_switch.$(OBJEXT)
+ -rm -f mech/gss_mech_switch.lo
+ -rm -f mech/gss_names.$(OBJEXT)
+ -rm -f mech/gss_names.lo
+ -rm -f mech/gss_oid_equal.$(OBJEXT)
+ -rm -f mech/gss_oid_equal.lo
+ -rm -f mech/gss_oid_to_str.$(OBJEXT)
+ -rm -f mech/gss_oid_to_str.lo
+ -rm -f mech/gss_process_context_token.$(OBJEXT)
+ -rm -f mech/gss_process_context_token.lo
+ -rm -f mech/gss_pseudo_random.$(OBJEXT)
+ -rm -f mech/gss_pseudo_random.lo
+ -rm -f mech/gss_release_buffer.$(OBJEXT)
+ -rm -f mech/gss_release_buffer.lo
+ -rm -f mech/gss_release_cred.$(OBJEXT)
+ -rm -f mech/gss_release_cred.lo
+ -rm -f mech/gss_release_name.$(OBJEXT)
+ -rm -f mech/gss_release_name.lo
+ -rm -f mech/gss_release_oid.$(OBJEXT)
+ -rm -f mech/gss_release_oid.lo
+ -rm -f mech/gss_release_oid_set.$(OBJEXT)
+ -rm -f mech/gss_release_oid_set.lo
+ -rm -f mech/gss_seal.$(OBJEXT)
+ -rm -f mech/gss_seal.lo
+ -rm -f mech/gss_set_cred_option.$(OBJEXT)
+ -rm -f mech/gss_set_cred_option.lo
+ -rm -f mech/gss_set_sec_context_option.$(OBJEXT)
+ -rm -f mech/gss_set_sec_context_option.lo
+ -rm -f mech/gss_sign.$(OBJEXT)
+ -rm -f mech/gss_sign.lo
+ -rm -f mech/gss_test_oid_set_member.$(OBJEXT)
+ -rm -f mech/gss_test_oid_set_member.lo
+ -rm -f mech/gss_unseal.$(OBJEXT)
+ -rm -f mech/gss_unseal.lo
+ -rm -f mech/gss_unwrap.$(OBJEXT)
+ -rm -f mech/gss_unwrap.lo
+ -rm -f mech/gss_utils.$(OBJEXT)
+ -rm -f mech/gss_utils.lo
+ -rm -f mech/gss_verify.$(OBJEXT)
+ -rm -f mech/gss_verify.lo
+ -rm -f mech/gss_verify_mic.$(OBJEXT)
+ -rm -f mech/gss_verify_mic.lo
+ -rm -f mech/gss_wrap.$(OBJEXT)
+ -rm -f mech/gss_wrap.lo
+ -rm -f mech/gss_wrap_size_limit.$(OBJEXT)
+ -rm -f mech/gss_wrap_size_limit.lo
+ -rm -f ntlm/accept_sec_context.$(OBJEXT)
+ -rm -f ntlm/accept_sec_context.lo
+ -rm -f ntlm/acquire_cred.$(OBJEXT)
+ -rm -f ntlm/acquire_cred.lo
+ -rm -f ntlm/add_cred.$(OBJEXT)
+ -rm -f ntlm/add_cred.lo
+ -rm -f ntlm/canonicalize_name.$(OBJEXT)
+ -rm -f ntlm/canonicalize_name.lo
+ -rm -f ntlm/compare_name.$(OBJEXT)
+ -rm -f ntlm/compare_name.lo
+ -rm -f ntlm/context_time.$(OBJEXT)
+ -rm -f ntlm/context_time.lo
+ -rm -f ntlm/crypto.$(OBJEXT)
+ -rm -f ntlm/crypto.lo
+ -rm -f ntlm/delete_sec_context.$(OBJEXT)
+ -rm -f ntlm/delete_sec_context.lo
+ -rm -f ntlm/digest.$(OBJEXT)
+ -rm -f ntlm/digest.lo
+ -rm -f ntlm/display_name.$(OBJEXT)
+ -rm -f ntlm/display_name.lo
+ -rm -f ntlm/display_status.$(OBJEXT)
+ -rm -f ntlm/display_status.lo
+ -rm -f ntlm/duplicate_name.$(OBJEXT)
+ -rm -f ntlm/duplicate_name.lo
+ -rm -f ntlm/export_name.$(OBJEXT)
+ -rm -f ntlm/export_name.lo
+ -rm -f ntlm/export_sec_context.$(OBJEXT)
+ -rm -f ntlm/export_sec_context.lo
+ -rm -f ntlm/external.$(OBJEXT)
+ -rm -f ntlm/external.lo
+ -rm -f ntlm/import_name.$(OBJEXT)
+ -rm -f ntlm/import_name.lo
+ -rm -f ntlm/import_sec_context.$(OBJEXT)
+ -rm -f ntlm/import_sec_context.lo
+ -rm -f ntlm/indicate_mechs.$(OBJEXT)
+ -rm -f ntlm/indicate_mechs.lo
+ -rm -f ntlm/init_sec_context.$(OBJEXT)
+ -rm -f ntlm/init_sec_context.lo
+ -rm -f ntlm/inquire_context.$(OBJEXT)
+ -rm -f ntlm/inquire_context.lo
+ -rm -f ntlm/inquire_cred.$(OBJEXT)
+ -rm -f ntlm/inquire_cred.lo
+ -rm -f ntlm/inquire_cred_by_mech.$(OBJEXT)
+ -rm -f ntlm/inquire_cred_by_mech.lo
+ -rm -f ntlm/inquire_mechs_for_name.$(OBJEXT)
+ -rm -f ntlm/inquire_mechs_for_name.lo
+ -rm -f ntlm/inquire_names_for_mech.$(OBJEXT)
+ -rm -f ntlm/inquire_names_for_mech.lo
+ -rm -f ntlm/process_context_token.$(OBJEXT)
+ -rm -f ntlm/process_context_token.lo
+ -rm -f ntlm/release_cred.$(OBJEXT)
+ -rm -f ntlm/release_cred.lo
+ -rm -f ntlm/release_name.$(OBJEXT)
+ -rm -f ntlm/release_name.lo
+ -rm -f spnego/accept_sec_context.$(OBJEXT)
+ -rm -f spnego/accept_sec_context.lo
+ -rm -f spnego/compat.$(OBJEXT)
+ -rm -f spnego/compat.lo
+ -rm -f spnego/context_stubs.$(OBJEXT)
+ -rm -f spnego/context_stubs.lo
+ -rm -f spnego/cred_stubs.$(OBJEXT)
+ -rm -f spnego/cred_stubs.lo
+ -rm -f spnego/external.$(OBJEXT)
+ -rm -f spnego/external.lo
+ -rm -f spnego/init_sec_context.$(OBJEXT)
+ -rm -f spnego/init_sec_context.lo
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c -o $@ $<
+
+.c.obj:
+ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+ -rm -rf krb5/.libs krb5/_libs
+ -rm -rf mech/.libs mech/_libs
+ -rm -rf ntlm/.libs ntlm/_libs
+ -rm -rf spnego/.libs spnego/_libs
+install-man3: $(man3_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+uninstall-man3:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+install-man5: $(man5_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nobase_includeHEADERS: $(nobase_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @$(am__vpath_adj_setup) \
+ list='$(nobase_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ $(am__vpath_adj) \
+ echo " $(nobase_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nobase_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nobase_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @$(am__vpath_adj_setup) \
+ list='$(nobase_include_HEADERS)'; for p in $$list; do \
+ $(am__vpath_adj) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nodist_gssapiHEADERS: $(nodist_gssapi_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(gssapidir)" || $(MKDIR_P) "$(DESTDIR)$(gssapidir)"
+ @list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_gssapiHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(gssapidir)/$$f'"; \
+ $(nodist_gssapiHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(gssapidir)/$$f"; \
+ done
+
+uninstall-nodist_gssapiHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(gssapidir)/$$f'"; \
+ rm -f "$(DESTDIR)$(gssapidir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
+ all-local
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(gssapidir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -rm -f krb5/$(am__dirstamp)
+ -rm -f mech/$(am__dirstamp)
+ -rm -f ntlm/$(am__dirstamp)
+ -rm -f spnego/$(am__dirstamp)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS install-man \
+ install-nobase_includeHEADERS install-nodist_gssapiHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man3 install-man5
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-man \
+ uninstall-nobase_includeHEADERS uninstall-nodist_gssapiHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man3 uninstall-man5
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
+ clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-binPROGRAMS install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-includeHEADERS install-info \
+ install-info-am install-libLTLIBRARIES install-man \
+ install-man3 install-man5 install-nobase_includeHEADERS \
+ install-nodist_gssapiHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-man uninstall-man3 \
+ uninstall-man5 uninstall-nobase_includeHEADERS \
+ uninstall-nodist_gssapiHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(srcdir)/ntlm/ntlm-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h
+
+$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h
+$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h
+$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h
+
+$(libgssapi_la_OBJECTS): $(srcdir)/version-script.map
+
+$(spnego_files) spnego_asn1.h: spnego_asn1_files
+$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files
+
+spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1
+ ../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1
+
+gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1
+ ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1
+
+$(srcdir)/krb5/gsskrb5-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h
+
+$(srcdir)/spnego/spnego-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p spnego/spnego-private.h $(spnegosrc) || rm -f spnego/spnego-private.h
+
+gss-commands.c gss-commands.h: gss-commands.in
+ $(SLC) $(srcdir)/gss-commands.in
+
+$(gss_OBJECTS): gss-commands.h
+
+# to help stupid solaris make
+
+$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h
+
+gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
+ $(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/gssapi/gss-commands.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gss-commands.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gss-commands.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: gss-commands.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+command = {
+ name = "supported-mechanisms"
+ help = "Print the supported mechanisms"
+}
+command = {
+ name = "help"
+ name = "?"
+ argument = "[command]"
+ min_args = "0"
+ max_args = "1"
+ help = "Help! I need somebody."
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/gss.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gss.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gss.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,205 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <gssapi.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#include <rtbl.h>
+#include <gss-commands.h>
+#include <krb5.h>
+
+RCSID("$Id: gss.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "service at host");
+ exit (ret);
+}
+
+#define COL_OID "OID"
+#define COL_NAME "Name"
+
+int
+supported_mechanisms(void *argptr, int argc, char **argv)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_OID_set mechs;
+ rtbl_t ct;
+ size_t i;
+
+ maj_stat = gss_indicate_mechs(&min_stat, &mechs);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_indicate_mechs failed");
+
+ printf("Supported mechanisms:\n");
+
+ ct = rtbl_create();
+ if (ct == NULL)
+ errx(1, "rtbl_create");
+
+ rtbl_set_separator(ct, " ");
+ rtbl_add_column(ct, COL_OID, 0);
+ rtbl_add_column(ct, COL_NAME, 0);
+
+ for (i = 0; i < mechs->count; i++) {
+ gss_buffer_desc name;
+
+ maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &name);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_oid_to_str failed");
+
+ rtbl_add_column_entryv(ct, COL_OID, "%.*s",
+ (int)name.length, (char *)name.value);
+ gss_release_buffer(&min_stat, &name);
+
+ if (gss_oid_equal(&mechs->elements[i], GSS_KRB5_MECHANISM))
+ rtbl_add_column_entry(ct, COL_NAME, "Kerberos 5");
+ else if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
+ rtbl_add_column_entry(ct, COL_NAME, "SPNEGO");
+ else if (gss_oid_equal(&mechs->elements[i], GSS_NTLM_MECHANISM))
+ rtbl_add_column_entry(ct, COL_NAME, "NTLM");
+ }
+ gss_release_oid_set(&min_stat, &mechs);
+
+ rtbl_format(ct, stdout);
+ rtbl_destroy(ct);
+
+ return 0;
+}
+
+#if 0
+/*
+ *
+ */
+
+#define DOVEDOT_MAJOR_VERSION 1
+#define DOVEDOT_MINOR_VERSION 0
+
+/*
+ S: MECH mech mech-parameters
+ S: MECH mech mech-parameters
+ S: VERSION major minor
+ S: CPID pid
+ S: CUID pid
+ S: ...
+ S: DONE
+ C: VERSION major minor
+ C: CPID pid
+
+ C: AUTH id method service= resp=
+ C: CONT id message
+
+ S: OK id user=
+ S: FAIL id reason=
+ S: CONTINUE id message
+*/
+
+int
+dovecot_server(void *argptr, int argc, char **argv)
+{
+ krb5_storage *sp;
+ int fd = 0;
+
+ sp = krb5_storage_from_fd(fd);
+ if (sp == NULL)
+ errx(1, "krb5_storage_from_fd");
+
+ krb5_store_stringnl(sp, "MECH\tGSSAPI");
+ krb5_store_stringnl(sp, "VERSION\t1\t0");
+ krb5_store_stringnl(sp, "DONE");
+
+ while (1) {
+ char *cmd;
+ if (krb5_ret_stringnl(sp, &cmd) != 0)
+ break;
+ printf("cmd: %s\n", cmd);
+ free(cmd);
+ }
+ return 0;
+}
+#endif
+
+/*
+ *
+ */
+
+int
+help(void *opt, int argc, char **argv)
+{
+ sl_slc_help(commands, argc, argv);
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc == 0) {
+ help(NULL, argc, argv);
+ return 1;
+ }
+
+ return sl_command (commands, argc, argv);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/gss_acquire_cred.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gss_acquire_cred.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gss_acquire_cred.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,688 @@
+.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: gss_acquire_cred.3,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd October 26, 2005
+.Dt GSS_ACQUIRE_CRED 3
+.Os HEIMDAL
+.Sh NAME
+.Nm gss_accept_sec_context ,
+.Nm gss_acquire_cred ,
+.Nm gss_add_cred ,
+.Nm gss_add_oid_set_member ,
+.Nm gss_canonicalize_name ,
+.Nm gss_compare_name ,
+.Nm gss_context_time ,
+.Nm gss_create_empty_oid_set ,
+.Nm gss_delete_sec_context ,
+.Nm gss_display_name ,
+.Nm gss_display_status ,
+.Nm gss_duplicate_name ,
+.Nm gss_export_name ,
+.Nm gss_export_sec_context ,
+.Nm gss_get_mic ,
+.Nm gss_import_name ,
+.Nm gss_import_sec_context ,
+.Nm gss_indicate_mechs ,
+.Nm gss_init_sec_context ,
+.Nm gss_inquire_context ,
+.Nm gss_inquire_cred ,
+.Nm gss_inquire_cred_by_mech ,
+.Nm gss_inquire_mechs_for_name ,
+.Nm gss_inquire_names_for_mech ,
+.Nm gss_krb5_ccache_name ,
+.Nm gss_krb5_compat_des3_mic ,
+.Nm gss_krb5_copy_ccache ,
+.Nm gss_krb5_import_cred
+.Nm gsskrb5_extract_authz_data_from_sec_context ,
+.Nm gsskrb5_register_acceptor_identity ,
+.Nm gss_krb5_import_ccache ,
+.Nm gss_krb5_get_tkt_flags ,
+.Nm gss_process_context_token ,
+.Nm gss_release_buffer ,
+.Nm gss_release_cred ,
+.Nm gss_release_name ,
+.Nm gss_release_oid_set ,
+.Nm gss_seal ,
+.Nm gss_sign ,
+.Nm gss_test_oid_set_member ,
+.Nm gss_unseal ,
+.Nm gss_unwrap ,
+.Nm gss_verify ,
+.Nm gss_verify_mic ,
+.Nm gss_wrap ,
+.Nm gss_wrap_size_limit
+.Nd Generic Security Service Application Program Interface library
+.Sh LIBRARY
+GSS-API library (libgssapi, -lgssapi)
+.Sh SYNOPSIS
+.In gssapi.h
+.Pp
+.Ft OM_uint32
+.Fo gss_accept_sec_context
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t * context_handle"
+.Fa "const gss_cred_id_t acceptor_cred_handle"
+.Fa "const gss_buffer_t input_token_buffer"
+.Fa "const gss_channel_bindings_t input_chan_bindings"
+.Fa "gss_name_t * src_name"
+.Fa "gss_OID * mech_type"
+.Fa "gss_buffer_t output_token"
+.Fa "OM_uint32 * ret_flags"
+.Fa "OM_uint32 * time_rec"
+.Fa "gss_cred_id_t * delegated_cred_handle"
+.Fc
+.Pp
+.Ft OM_uint32
+.Fo gss_acquire_cred
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t desired_name"
+.Fa "OM_uint32 time_req"
+.Fa "const gss_OID_set desired_mechs"
+.Fa "gss_cred_usage_t cred_usage"
+.Fa "gss_cred_id_t * output_cred_handle"
+.Fa "gss_OID_set * actual_mechs"
+.Fa "OM_uint32 * time_rec"
+.Fc
+.Ft OM_uint32
+.Fo gss_add_cred
+.Fa "OM_uint32 *minor_status"
+.Fa "const gss_cred_id_t input_cred_handle"
+.Fa "const gss_name_t desired_name"
+.Fa "const gss_OID desired_mech"
+.Fa "gss_cred_usage_t cred_usage"
+.Fa "OM_uint32 initiator_time_req"
+.Fa "OM_uint32 acceptor_time_req"
+.Fa "gss_cred_id_t *output_cred_handle"
+.Fa "gss_OID_set *actual_mechs"
+.Fa "OM_uint32 *initiator_time_rec"
+.Fa "OM_uint32 *acceptor_time_rec"
+.Fc
+.Ft OM_uint32
+.Fo gss_add_oid_set_member
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_OID member_oid"
+.Fa "gss_OID_set * oid_set"
+.Fc
+.Ft OM_uint32
+.Fo gss_canonicalize_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t input_name"
+.Fa "const gss_OID mech_type"
+.Fa "gss_name_t * output_name"
+.Fc
+.Ft OM_uint32
+.Fo gss_compare_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t name1"
+.Fa "const gss_name_t name2"
+.Fa "int * name_equal"
+.Fc
+.Ft OM_uint32
+.Fo gss_context_time
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "OM_uint32 * time_rec"
+.Fc
+.Ft OM_uint32
+.Fo gss_create_empty_oid_set
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_OID_set * oid_set"
+.Fc
+.Ft OM_uint32
+.Fo gss_delete_sec_context
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t * context_handle"
+.Fa "gss_buffer_t output_token"
+.Fc
+.Ft OM_uint32
+.Fo gss_display_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t input_name"
+.Fa "gss_buffer_t output_name_buffer"
+.Fa "gss_OID * output_name_type"
+.Fc
+.Ft OM_uint32
+.Fo gss_display_status
+.Fa "OM_uint32 *minor_status"
+.Fa "OM_uint32 status_value"
+.Fa "int status_type"
+.Fa "const gss_OID mech_type"
+.Fa "OM_uint32 *message_context"
+.Fa "gss_buffer_t status_string"
+.Fc
+.Ft OM_uint32
+.Fo gss_duplicate_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t src_name"
+.Fa "gss_name_t * dest_name"
+.Fc
+.Ft OM_uint32
+.Fo gss_export_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t input_name"
+.Fa "gss_buffer_t exported_name"
+.Fc
+.Ft OM_uint32
+.Fo gss_export_sec_context
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t * context_handle"
+.Fa "gss_buffer_t interprocess_token"
+.Fc
+.Ft OM_uint32
+.Fo gss_get_mic
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_qop_t qop_req"
+.Fa "const gss_buffer_t message_buffer"
+.Fa "gss_buffer_t message_token"
+.Fc
+.Ft OM_uint32
+.Fo gss_import_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_buffer_t input_name_buffer"
+.Fa "const gss_OID input_name_type"
+.Fa "gss_name_t * output_name"
+.Fc
+.Ft OM_uint32
+.Fo gss_import_sec_context
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_buffer_t interprocess_token"
+.Fa "gss_ctx_id_t * context_handle"
+.Fc
+.Ft OM_uint32
+.Fo gss_indicate_mechs
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_OID_set * mech_set"
+.Fc
+.Ft OM_uint32
+.Fo gss_init_sec_context
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_cred_id_t initiator_cred_handle"
+.Fa "gss_ctx_id_t * context_handle"
+.Fa "const gss_name_t target_name"
+.Fa "const gss_OID mech_type"
+.Fa "OM_uint32 req_flags"
+.Fa "OM_uint32 time_req"
+.Fa "const gss_channel_bindings_t input_chan_bindings"
+.Fa "const gss_buffer_t input_token"
+.Fa "gss_OID * actual_mech_type"
+.Fa "gss_buffer_t output_token"
+.Fa "OM_uint32 * ret_flags"
+.Fa "OM_uint32 * time_rec"
+.Fc
+.Ft OM_uint32
+.Fo gss_inquire_context
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "gss_name_t * src_name"
+.Fa "gss_name_t * targ_name"
+.Fa "OM_uint32 * lifetime_rec"
+.Fa "gss_OID * mech_type"
+.Fa "OM_uint32 * ctx_flags"
+.Fa "int * locally_initiated"
+.Fa "int * open_context"
+.Fc
+.Ft OM_uint32
+.Fo gss_inquire_cred
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_cred_id_t cred_handle"
+.Fa "gss_name_t * name"
+.Fa "OM_uint32 * lifetime"
+.Fa "gss_cred_usage_t * cred_usage"
+.Fa "gss_OID_set * mechanisms"
+.Fc
+.Ft OM_uint32
+.Fo gss_inquire_cred_by_mech
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_cred_id_t cred_handle"
+.Fa "const gss_OID mech_type"
+.Fa "gss_name_t * name"
+.Fa "OM_uint32 * initiator_lifetime"
+.Fa "OM_uint32 * acceptor_lifetime"
+.Fa "gss_cred_usage_t * cred_usage"
+.Fc
+.Ft OM_uint32
+.Fo gss_inquire_mechs_for_name
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_name_t input_name"
+.Fa "gss_OID_set * mech_types"
+.Fc
+.Ft OM_uint32
+.Fo gss_inquire_names_for_mech
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_OID mechanism"
+.Fa "gss_OID_set * name_types"
+.Fc
+.Ft OM_uint32
+.Fo gss_krb5_ccache_name
+.Fa "OM_uint32 *minor"
+.Fa "const char *name"
+.Fa "const char **old_name"
+.Fc
+.Ft OM_uint32
+.Fo gss_krb5_copy_ccache
+.Fa "OM_uint32 *minor"
+.Fa "gss_cred_id_t cred"
+.Fa "krb5_ccache out"
+.Fc
+.Ft OM_uint32
+.Fo gss_krb5_import_cred
+.Fa "OM_uint32 *minor_status"
+.Fa "krb5_ccache id"
+.Fa "krb5_principal keytab_principal"
+.Fa "krb5_keytab keytab"
+.Fa "gss_cred_id_t *cred"
+.Fc
+.Ft OM_uint32
+.Fo gss_krb5_compat_des3_mic
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "int onoff"
+.Fc
+.Ft OM_uint32
+.Fo gsskrb5_extract_authz_data_from_sec_context
+.Fa "OM_uint32 *minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "int ad_type"
+.Fa "gss_buffer_t ad_data"
+.Fc
+.Ft OM_uint32
+.Fo gsskrb5_register_acceptor_identity
+.Fa "const char *identity"
+.Fc
+.Ft OM_uint32
+.Fo gss_krb5_import_cache
+.Fa "OM_uint32 *minor"
+.Fa "krb5_ccache id"
+.Fa "krb5_keytab keytab"
+.Fa "gss_cred_id_t *cred"
+.Fc
+.Ft OM_uint32
+.Fo gss_krb5_get_tkt_flags
+.Fa "OM_uint32 *minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "OM_uint32 *tkt_flags"
+.Fc
+.Ft OM_uint32
+.Fo gss_process_context_token
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "const gss_buffer_t token_buffer"
+.Fc
+.Ft OM_uint32
+.Fo gss_release_buffer
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_buffer_t buffer"
+.Fc
+.Ft OM_uint32
+.Fo gss_release_cred
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_cred_id_t * cred_handle"
+.Fc
+.Ft OM_uint32
+.Fo gss_release_name
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_name_t * input_name"
+.Fc
+.Ft OM_uint32
+.Fo gss_release_oid_set
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_OID_set * set"
+.Fc
+.Ft OM_uint32
+.Fo gss_seal
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "int conf_req_flag"
+.Fa "int qop_req"
+.Fa "gss_buffer_t input_message_buffer"
+.Fa "int * conf_state"
+.Fa "gss_buffer_t output_message_buffer"
+.Fc
+.Ft OM_uint32
+.Fo gss_sign
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "int qop_req"
+.Fa "gss_buffer_t message_buffer"
+.Fa "gss_buffer_t message_token"
+.Fc
+.Ft OM_uint32
+.Fo gss_test_oid_set_member
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_OID member"
+.Fa "const gss_OID_set set"
+.Fa "int * present"
+.Fc
+.Ft OM_uint32
+.Fo gss_unseal
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "gss_buffer_t input_message_buffer"
+.Fa "gss_buffer_t output_message_buffer"
+.Fa "int * conf_state"
+.Fa "int * qop_state"
+.Fc
+.Ft OM_uint32
+.Fo gss_unwrap
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "const gss_buffer_t input_message_buffer"
+.Fa "gss_buffer_t output_message_buffer"
+.Fa "int * conf_state"
+.Fa "gss_qop_t * qop_state"
+.Fc
+.Ft OM_uint32
+.Fo gss_verify
+.Fa "OM_uint32 * minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "gss_buffer_t message_buffer"
+.Fa "gss_buffer_t token_buffer"
+.Fa "int * qop_state"
+.Fc
+.Ft OM_uint32
+.Fo gss_verify_mic
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "const gss_buffer_t message_buffer"
+.Fa "const gss_buffer_t token_buffer"
+.Fa "gss_qop_t * qop_state"
+.Fc
+.Ft OM_uint32
+.Fo gss_wrap
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "int conf_req_flag"
+.Fa "gss_qop_t qop_req"
+.Fa "const gss_buffer_t input_message_buffer"
+.Fa "int * conf_state"
+.Fa "gss_buffer_t output_message_buffer"
+.Fc
+.Ft OM_uint32
+.Fo gss_wrap_size_limit
+.Fa "OM_uint32 * minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "int conf_req_flag"
+.Fa "gss_qop_t qop_req"
+.Fa "OM_uint32 req_output_size"
+.Fa "OM_uint32 * max_input_size"
+.Fc
+.Sh DESCRIPTION
+Generic Security Service API (GSS-API) version 2, and its C binding,
+is described in
+.Li RFC2743
+and
+.Li RFC2744 .
+Version 1 (deprecated) of the C binding is described in
+.Li RFC1509 .
+.Pp
+Heimdals GSS-API implementation supports the following mechanisms
+.Bl -bullet
+.It
+.Li GSS_KRB5_MECHANISM
+.It
+.Li GSS_SPNEGO_MECHANISM
+.El
+.Pp
+GSS-API have generic name types that all mechanism are supposed to
+implement (if possible):
+.Bl -bullet
+.It
+.Li GSS_C_NT_USER_NAME
+.It
+.Li GSS_C_NT_MACHINE_UID_NAME
+.It
+.Li GSS_C_NT_STRING_UID_NAME
+.It
+.Li GSS_C_NT_HOSTBASED_SERVICE
+.It
+.Li GSS_C_NT_ANONYMOUS
+.It
+.Li GSS_C_NT_EXPORT_NAME
+.El
+.Pp
+GSS-API implementations that supports Kerberos 5 have some additional
+name types:
+.Bl -bullet
+.It
+.Li GSS_KRB5_NT_PRINCIPAL_NAME
+.It
+.Li GSS_KRB5_NT_USER_NAME
+.It
+.Li GSS_KRB5_NT_MACHINE_UID_NAME
+.It
+.Li GSS_KRB5_NT_STRING_UID_NAME
+.El
+.Pp
+In GSS-API, names have two forms, internal names and contiguous string
+names.
+.Bl -bullet
+.It
+.Li Internal name and mechanism name
+.Pp
+Internal names are implementation specific representation of
+a GSS-API name.
+.Li Mechanism names
+special form of internal names corresponds to one and only one mechanism.
+.Pp
+In GSS-API an internal name is stored in a
+.Dv gss_name_t .
+.It
+.Li Contiguous string name and exported name
+.Pp
+Contiguous string names are gssapi names stored in a
+.Dv OCTET STRING
+that together with a name type identifier (OID) uniquely specifies a
+gss-name.
+A special form of the contiguous string name is the exported name that
+have a OID embedded in the string to make it unique.
+Exported name have the nametype
+.Dv GSS_C_NT_EXPORT_NAME .
+.Pp
+In GSS-API an contiguous string name is stored in a
+.Dv gss_buffer_t .
+.Pp
+Exported names also have the property that they are specified by the
+mechanism itself and compatible between diffrent GSS-API
+implementations.
+.El
+.Sh ACCESS CONTROL
+There are two ways of comparing GSS-API names, either comparing two
+internal names with each other or two contiguous string names with
+either other.
+.Pp
+To compare two internal names with each other, import (if needed) the
+names with
+.Fn gss_import_name
+into the GSS-API implementation and the compare the imported name with
+.Fn gss_compare_name .
+.Pp
+Importing names can be slow, so when its possible to store exported
+names in the access control list, comparing contiguous string name
+might be better.
+.Pp
+when comparing contiguous string name, first export them into a
+.Dv GSS_C_NT_EXPORT_NAME
+name with
+.Fn gss_export_name
+and then compare with
+.Xr memcmp 3 .
+.Pp
+Note that there are might be a difference between the two methods of
+comparing names.
+The first (using
+.Fn gss_compare_name )
+will compare to (unauthenticated) names are the same.
+The second will compare if a mechanism will authenticate them as the
+same principal.
+.Pp
+For example, if
+.Fn gss_import_name
+name was used with
+.Dv GSS_C_NO_OID
+the default syntax is used for all mechanism the GSS-API
+implementation supports.
+When compare the imported name of
+.Dv GSS_C_NO_OID
+it may match serveral mechanism names (MN).
+.Pp
+The resulting name from
+.Fn gss_display_name
+must not be used for acccess control.
+.Sh FUNCTIONS
+.Fn gss_display_name
+takes the gss name in
+.Fa input_name
+and puts a printable form in
+.Fa output_name_buffer .
+.Fa output_name_buffer
+should be freed when done using
+.Fn gss_release_buffer .
+.Fa output_name_type
+can either be
+.Dv NULL
+or a pointer to a
+.Li gss_OID
+and will in the latter case contain the OID type of the name.
+The name must only be used for printing.
+If access control is needed, see section
+.Sx ACCESS CONTROL .
+.Pp
+.Fn gss_inquire_context
+returns information about the context.
+Information is available even after the context have expired.
+.Fa lifetime_rec
+argument is set to
+.Dv GSS_C_INDEFINITE
+(dont expire) or the number of seconds that the context is still valid.
+A value of 0 means that the context is expired.
+.Fa mech_type
+argument should be considered readonly and must not be released.
+.Fa src_name
+and
+.Fn dest_name
+are both mechanims names and must be released with
+.Fn gss_release_name
+when no longer used.
+.Pp
+.Nm gss_context_time
+will return the amount of time (in seconds) of the context is still
+valid.
+If its expired
+.Fa time_rec
+will be set to 0 and
+.Dv GSS_S_CONTEXT_EXPIRED
+returned.
+.Pp
+.Fn gss_sign ,
+.Fn gss_verify ,
+.Fn gss_seal ,
+and
+.Fn gss_unseal
+are part of the GSS-API V1 interface and are obsolete.
+The functions should not be used for new applications.
+They are provided so that version 1 applications can link against the
+library.
+.Sh EXTENSIONS
+.Fn gss_krb5_ccache_name
+sets the internal kerberos 5 credential cache name to
+.Fa name .
+The old name is returned in
+.Fa old_name ,
+and must not be freed.
+The data allocated for
+.Fa old_name
+is free upon next call to
+.Fn gss_krb5_ccache_name .
+This function is not threadsafe if
+.Fa old_name
+argument is used.
+.Pp
+.Fn gss_krb5_copy_ccache
+will extract the krb5 credentials that are transferred from the
+initiator to the acceptor when using token delegation in the Kerberos
+mechanism.
+The acceptor receives the delegated token in the last argument to
+.Fn gss_accept_sec_context .
+.Pp
+.Fn gss_krb5_import_cred
+will import the krb5 credentials (both keytab and/or credential cache)
+into gss credential so it can be used withing GSS-API.
+The
+.Fa ccache
+is copied by reference and thus shared, so if the credential is destroyed
+with
+.Fa krb5_cc_destroy ,
+all users of thep
+.Fa gss_cred_id_t
+returned by
+.Fn gss_krb5_import_ccache
+will fail.
+.Pp
+.Fn gsskrb5_register_acceptor_identity
+sets the Kerberos 5 filebased keytab that the acceptor will use. The
+.Fa identifier
+is the file name.
+.Pp
+.Fn gsskrb5_extract_authz_data_from_sec_context
+extracts the Kerberos authorizationdata that may be stored within the
+context.
+Tha caller must free the returned buffer
+.Fa ad_data
+with
+.Fn gss_release_buffer
+upon success.
+.Pp
+.Fn gss_krb5_get_tkt_flags
+return the ticket flags for the kerberos ticket receive when
+authenticating the initiator.
+Only valid on the acceptor context.
+.Pp
+.Fn gss_krb5_compat_des3_mic
+turns on or off the compatibility with older version of Heimdal using
+des3 get and verify mic, this is way to programmatically set the
+[gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see
+COMPATIBILITY section in
+.Xr gssapi 3 ) .
+If the CPP symbol
+.Dv GSS_C_KRB5_COMPAT_DES3_MIC
+is present,
+.Fn gss_krb5_compat_des3_mic
+exists.
+.Fn gss_krb5_compat_des3_mic
+will be removed in a later version of the GSS-API library.
+.Sh SEE ALSO
+.Xr gssapi 3 ,
+.Xr krb5 3 ,
+.Xr krb5_ccache 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,809 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gssapi.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef GSSAPI_GSSAPI_H_
+#define GSSAPI_GSSAPI_H_
+
+/*
+ * First, include stddef.h to get size_t defined.
+ */
+#include <stddef.h>
+
+#include <krb5-types.h>
+
+/*
+ * Now define the three implementation-dependent types.
+ */
+
+typedef uint32_t OM_uint32;
+typedef uint64_t OM_uint64;
+
+typedef uint32_t gss_uint32;
+
+struct gss_name_t_desc_struct;
+typedef struct gss_name_t_desc_struct *gss_name_t;
+
+struct gss_ctx_id_t_desc_struct;
+typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
+
+typedef struct gss_OID_desc_struct {
+ OM_uint32 length;
+ void *elements;
+} gss_OID_desc, *gss_OID;
+
+typedef struct gss_OID_set_desc_struct {
+ size_t count;
+ gss_OID elements;
+} gss_OID_set_desc, *gss_OID_set;
+
+typedef int gss_cred_usage_t;
+
+struct gss_cred_id_t_desc_struct;
+typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
+
+typedef struct gss_buffer_desc_struct {
+ size_t length;
+ void *value;
+} gss_buffer_desc, *gss_buffer_t;
+
+typedef struct gss_channel_bindings_struct {
+ OM_uint32 initiator_addrtype;
+ gss_buffer_desc initiator_address;
+ OM_uint32 acceptor_addrtype;
+ gss_buffer_desc acceptor_address;
+ gss_buffer_desc application_data;
+} *gss_channel_bindings_t;
+
+/* GGF extension data types */
+typedef struct gss_buffer_set_desc_struct {
+ size_t count;
+ gss_buffer_desc *elements;
+} gss_buffer_set_desc, *gss_buffer_set_t;
+
+/*
+ * For now, define a QOP-type as an OM_uint32
+ */
+typedef OM_uint32 gss_qop_t;
+
+/*
+ * Flag bits for context-level services.
+ */
+#define GSS_C_DELEG_FLAG 1
+#define GSS_C_MUTUAL_FLAG 2
+#define GSS_C_REPLAY_FLAG 4
+#define GSS_C_SEQUENCE_FLAG 8
+#define GSS_C_CONF_FLAG 16
+#define GSS_C_INTEG_FLAG 32
+#define GSS_C_ANON_FLAG 64
+#define GSS_C_PROT_READY_FLAG 128
+#define GSS_C_TRANS_FLAG 256
+
+#define GSS_C_DCE_STYLE 4096
+#define GSS_C_IDENTIFY_FLAG 8192
+#define GSS_C_EXTENDED_ERROR_FLAG 16384
+
+/*
+ * Credential usage options
+ */
+#define GSS_C_BOTH 0
+#define GSS_C_INITIATE 1
+#define GSS_C_ACCEPT 2
+
+/*
+ * Status code types for gss_display_status
+ */
+#define GSS_C_GSS_CODE 1
+#define GSS_C_MECH_CODE 2
+
+/*
+ * The constant definitions for channel-bindings address families
+ */
+#define GSS_C_AF_UNSPEC 0
+#define GSS_C_AF_LOCAL 1
+#define GSS_C_AF_INET 2
+#define GSS_C_AF_IMPLINK 3
+#define GSS_C_AF_PUP 4
+#define GSS_C_AF_CHAOS 5
+#define GSS_C_AF_NS 6
+#define GSS_C_AF_NBS 7
+#define GSS_C_AF_ECMA 8
+#define GSS_C_AF_DATAKIT 9
+#define GSS_C_AF_CCITT 10
+#define GSS_C_AF_SNA 11
+#define GSS_C_AF_DECnet 12
+#define GSS_C_AF_DLI 13
+#define GSS_C_AF_LAT 14
+#define GSS_C_AF_HYLINK 15
+#define GSS_C_AF_APPLETALK 16
+#define GSS_C_AF_BSC 17
+#define GSS_C_AF_DSS 18
+#define GSS_C_AF_OSI 19
+#define GSS_C_AF_X25 21
+#define GSS_C_AF_INET6 24
+
+#define GSS_C_AF_NULLADDR 255
+
+/*
+ * Various Null values
+ */
+#define GSS_C_NO_NAME ((gss_name_t) 0)
+#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
+#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
+#define GSS_C_NO_OID ((gss_OID) 0)
+#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
+#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
+#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
+#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
+#define GSS_C_EMPTY_BUFFER {0, NULL}
+
+/*
+ * Some alternate names for a couple of the above
+ * values. These are defined for V1 compatibility.
+ */
+#define GSS_C_NULL_OID GSS_C_NO_OID
+#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET
+
+/*
+ * Define the default Quality of Protection for per-message
+ * services. Note that an implementation that offers multiple
+ * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero
+ * (as done here) to mean "default protection", or to a specific
+ * explicit QOP value. However, a value of 0 should always be
+ * interpreted by a GSSAPI implementation as a request for the
+ * default protection level.
+ */
+#define GSS_C_QOP_DEFAULT 0
+
+#define GSS_KRB5_CONF_C_QOP_DES 0x0100
+#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200
+
+/*
+ * Expiration time of 2^32-1 seconds means infinite lifetime for a
+ * credential or security context
+ */
+#define GSS_C_INDEFINITE 0xfffffffful
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x01"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
+ * GSS_C_NT_USER_NAME should be initialized to point
+ * to that gss_OID_desc.
+ */
+extern gss_OID GSS_C_NT_USER_NAME;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x02"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+ * The constant GSS_C_NT_MACHINE_UID_NAME should be
+ * initialized to point to that gss_OID_desc.
+ */
+extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x03"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+ * The constant GSS_C_NT_STRING_UID_NAME should be
+ * initialized to point to that gss_OID_desc.
+ */
+extern gss_OID GSS_C_NT_STRING_UID_NAME;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
+ * corresponding to an object-identifier value of
+ * {iso(1) org(3) dod(6) internet(1) security(5)
+ * nametypes(6) gss-host-based-services(2)). The constant
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
+ * to that gss_OID_desc. This is a deprecated OID value, and
+ * implementations wishing to support hostbased-service names
+ * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
+ * defined below, to identify such names;
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
+ * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
+ * parameter, but should not be emitted by GSS-API
+ * implementations
+ */
+extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x04"}, corresponding to an
+ * object-identifier value of {iso(1) member-body(2)
+ * Unites States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) service_name(4)}. The constant
+ * GSS_C_NT_HOSTBASED_SERVICE should be initialized
+ * to point to that gss_OID_desc.
+ */
+extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
+ * corresponding to an object identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 3(gss-anonymous-name)}. The constant
+ * and GSS_C_NT_ANONYMOUS should be initialized to point
+ * to that gss_OID_desc.
+ */
+extern gss_OID GSS_C_NT_ANONYMOUS;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
+ * corresponding to an object-identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 4(gss-api-exported-name)}. The constant
+ * GSS_C_NT_EXPORT_NAME should be initialized to point
+ * to that gss_OID_desc.
+ */
+extern gss_OID GSS_C_NT_EXPORT_NAME;
+
+/*
+ * Digest mechanism
+ */
+
+extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM;
+
+/*
+ * NTLM mechanism
+ */
+
+extern gss_OID GSS_NTLM_MECHANISM;
+
+/* Major status codes */
+
+#define GSS_S_COMPLETE 0
+
+/*
+ * Some "helper" definitions to make the status code macros obvious.
+ */
+#define GSS_C_CALLING_ERROR_OFFSET 24
+#define GSS_C_ROUTINE_ERROR_OFFSET 16
+#define GSS_C_SUPPLEMENTARY_OFFSET 0
+#define GSS_C_CALLING_ERROR_MASK 0377ul
+#define GSS_C_ROUTINE_ERROR_MASK 0377ul
+#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
+
+/*
+ * The macros that test status codes for error conditions.
+ * Note that the GSS_ERROR() macro has changed slightly from
+ * the V1 GSSAPI so that it now evaluates its argument
+ * only once.
+ */
+#define GSS_CALLING_ERROR(x) \
+ (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
+#define GSS_ROUTINE_ERROR(x) \
+ (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
+#define GSS_SUPPLEMENTARY_INFO(x) \
+ (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
+#define GSS_ERROR(x) \
+ (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
+ (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
+
+/*
+ * Now the actual status code definitions
+ */
+
+/*
+ * Calling errors:
+ */
+#define GSS_S_CALL_INACCESSIBLE_READ \
+ (1ul << GSS_C_CALLING_ERROR_OFFSET)
+#define GSS_S_CALL_INACCESSIBLE_WRITE \
+ (2ul << GSS_C_CALLING_ERROR_OFFSET)
+#define GSS_S_CALL_BAD_STRUCTURE \
+ (3ul << GSS_C_CALLING_ERROR_OFFSET)
+
+/*
+ * Routine errors:
+ */
+#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
+
+#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_MIC GSS_S_BAD_SIG
+#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
+
+/*
+ * Supplementary info bits:
+ */
+#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
+#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
+#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
+#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
+#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
+
+/*
+ * Finally, function prototypes for the GSS-API routines.
+ */
+
+OM_uint32 gss_acquire_cred
+ (OM_uint32 * /*minor_status*/,
+ const gss_name_t /*desired_name*/,
+ OM_uint32 /*time_req*/,
+ const gss_OID_set /*desired_mechs*/,
+ gss_cred_usage_t /*cred_usage*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * /*time_rec*/
+ );
+
+OM_uint32 gss_release_cred
+ (OM_uint32 * /*minor_status*/,
+ gss_cred_id_t * /*cred_handle*/
+ );
+
+OM_uint32 gss_init_sec_context
+ (OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_name_t /*target_name*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 /*req_flags*/,
+ OM_uint32 /*time_req*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ const gss_buffer_t /*input_token*/,
+ gss_OID * /*actual_mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * /*time_rec*/
+ );
+
+OM_uint32 gss_accept_sec_context
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_cred_id_t /*acceptor_cred_handle*/,
+ const gss_buffer_t /*input_token_buffer*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ gss_name_t * /*src_name*/,
+ gss_OID * /*mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * /*time_rec*/,
+ gss_cred_id_t * /*delegated_cred_handle*/
+ );
+
+OM_uint32 gss_process_context_token
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*token_buffer*/
+ );
+
+OM_uint32 gss_delete_sec_context
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t /*output_token*/
+ );
+
+OM_uint32 gss_context_time
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ OM_uint32 * /*time_rec*/
+ );
+
+OM_uint32 gss_get_mic
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*message_token*/
+ );
+
+OM_uint32 gss_verify_mic
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t * /*qop_state*/
+ );
+
+OM_uint32 gss_wrap
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t /*output_message_buffer*/
+ );
+
+OM_uint32 gss_unwrap
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ gss_qop_t * /*qop_state*/
+ );
+
+OM_uint32 gss_display_status
+ (OM_uint32 * /*minor_status*/,
+ OM_uint32 /*status_value*/,
+ int /*status_type*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 * /*message_context*/,
+ gss_buffer_t /*status_string*/
+ );
+
+OM_uint32 gss_indicate_mechs
+ (OM_uint32 * /*minor_status*/,
+ gss_OID_set * /*mech_set*/
+ );
+
+OM_uint32 gss_compare_name
+ (OM_uint32 * /*minor_status*/,
+ const gss_name_t /*name1*/,
+ const gss_name_t /*name2*/,
+ int * /*name_equal*/
+ );
+
+OM_uint32 gss_display_name
+ (OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t /*output_name_buffer*/,
+ gss_OID * /*output_name_type*/
+ );
+
+OM_uint32 gss_import_name
+ (OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*input_name_buffer*/,
+ const gss_OID /*input_name_type*/,
+ gss_name_t * /*output_name*/
+ );
+
+OM_uint32 gss_export_name
+ (OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t /*exported_name*/
+ );
+
+OM_uint32 gss_release_name
+ (OM_uint32 * /*minor_status*/,
+ gss_name_t * /*input_name*/
+ );
+
+OM_uint32 gss_release_buffer
+ (OM_uint32 * /*minor_status*/,
+ gss_buffer_t /*buffer*/
+ );
+
+OM_uint32 gss_release_oid_set
+ (OM_uint32 * /*minor_status*/,
+ gss_OID_set * /*set*/
+ );
+
+OM_uint32 gss_inquire_cred
+ (OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*lifetime*/,
+ gss_cred_usage_t * /*cred_usage*/,
+ gss_OID_set * /*mechanisms*/
+ );
+
+OM_uint32 gss_inquire_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_name_t * /*src_name*/,
+ gss_name_t * /*targ_name*/,
+ OM_uint32 * /*lifetime_rec*/,
+ gss_OID * /*mech_type*/,
+ OM_uint32 * /*ctx_flags*/,
+ int * /*locally_initiated*/,
+ int * /*open_context*/
+ );
+
+OM_uint32 gss_wrap_size_limit (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ OM_uint32 /*req_output_size*/,
+ OM_uint32 * /*max_input_size*/
+ );
+
+OM_uint32 gss_add_cred (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*input_cred_handle*/,
+ const gss_name_t /*desired_name*/,
+ const gss_OID /*desired_mech*/,
+ gss_cred_usage_t /*cred_usage*/,
+ OM_uint32 /*initiator_time_req*/,
+ OM_uint32 /*acceptor_time_req*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * /*initiator_time_rec*/,
+ OM_uint32 * /*acceptor_time_rec*/
+ );
+
+OM_uint32 gss_inquire_cred_by_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*initiator_lifetime*/,
+ OM_uint32 * /*acceptor_lifetime*/,
+ gss_cred_usage_t * /*cred_usage*/
+ );
+
+OM_uint32 gss_export_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t /*interprocess_token*/
+ );
+
+OM_uint32 gss_import_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*interprocess_token*/,
+ gss_ctx_id_t * /*context_handle*/
+ );
+
+OM_uint32 gss_create_empty_oid_set (
+ OM_uint32 * /*minor_status*/,
+ gss_OID_set * /*oid_set*/
+ );
+
+OM_uint32 gss_add_oid_set_member (
+ OM_uint32 * /*minor_status*/,
+ const gss_OID /*member_oid*/,
+ gss_OID_set * /*oid_set*/
+ );
+
+OM_uint32 gss_test_oid_set_member (
+ OM_uint32 * /*minor_status*/,
+ const gss_OID /*member*/,
+ const gss_OID_set /*set*/,
+ int * /*present*/
+ );
+
+OM_uint32 gss_inquire_names_for_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_OID /*mechanism*/,
+ gss_OID_set * /*name_types*/
+ );
+
+OM_uint32 gss_inquire_mechs_for_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_OID_set * /*mech_types*/
+ );
+
+OM_uint32 gss_canonicalize_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * /*output_name*/
+ );
+
+OM_uint32 gss_duplicate_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*src_name*/,
+ gss_name_t * /*dest_name*/
+ );
+
+OM_uint32 gss_duplicate_oid (
+ OM_uint32 * /* minor_status */,
+ gss_OID /* src_oid */,
+ gss_OID * /* dest_oid */
+ );
+OM_uint32
+gss_release_oid
+ (OM_uint32 * /*minor_status*/,
+ gss_OID * /* oid */
+ );
+
+OM_uint32
+gss_oid_to_str(
+ OM_uint32 * /*minor_status*/,
+ gss_OID /* oid */,
+ gss_buffer_t /* str */
+ );
+
+OM_uint32
+gss_inquire_sec_context_by_oid(
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set
+ );
+
+OM_uint32
+gss_set_sec_context_option (OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value);
+
+OM_uint32
+gss_set_cred_option (OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID object,
+ const gss_buffer_t value);
+
+int
+gss_oid_equal(const gss_OID a, const gss_OID b);
+
+OM_uint32
+gss_create_empty_buffer_set
+ (OM_uint32 * minor_status,
+ gss_buffer_set_t *buffer_set);
+
+OM_uint32
+gss_add_buffer_set_member
+ (OM_uint32 * minor_status,
+ const gss_buffer_t member_buffer,
+ gss_buffer_set_t *buffer_set);
+
+OM_uint32
+gss_release_buffer_set
+ (OM_uint32 * minor_status,
+ gss_buffer_set_t *buffer_set);
+
+OM_uint32
+gss_inquire_cred_by_oid(OM_uint32 *minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+
+/*
+ * RFC 4401
+ */
+
+#define GSS_C_PRF_KEY_FULL 0
+#define GSS_C_PRF_KEY_PARTIAL 1
+
+OM_uint32
+gss_pseudo_random
+ (OM_uint32 *minor_status,
+ gss_ctx_id_t context,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out
+ );
+
+/*
+ * The following routines are obsolete variants of gss_get_mic,
+ * gss_verify_mic, gss_wrap and gss_unwrap. They should be
+ * provided by GSSAPI V2 implementations for backwards
+ * compatibility with V1 applications. Distinct entrypoints
+ * (as opposed to #defines) should be provided, both to allow
+ * GSSAPI V1 applications to link against GSSAPI V2 implementations,
+ * and to retain the slight parameter type differences between the
+ * obsolete versions of these routines and their current forms.
+ */
+
+OM_uint32 gss_sign
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*qop_req*/,
+ gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*message_token*/
+ );
+
+OM_uint32 gss_verify
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*token_buffer*/,
+ int * /*qop_state*/
+ );
+
+OM_uint32 gss_seal
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ int /*qop_req*/,
+ gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t /*output_message_buffer*/
+ );
+
+OM_uint32 gss_unseal
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ int * /*qop_state*/
+ );
+
+/*
+ *
+ */
+
+OM_uint32
+gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+
+OM_uint32
+gss_encapsulate_token(gss_buffer_t /* input_token */,
+ gss_OID /* oid */,
+ gss_buffer_t /* output_token */);
+
+OM_uint32
+gss_decapsulate_token(gss_buffer_t /* input_token */,
+ gss_OID /* oid */,
+ gss_buffer_t /* output_token */);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <gssapi/gssapi_krb5.h>
+#include <gssapi/gssapi_spnego.h>
+
+#endif /* GSSAPI_GSSAPI_H_ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_krb5.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_krb5.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_krb5.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gssapi_krb5.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef GSSAPI_KRB5_H_
+#define GSSAPI_KRB5_H_
+
+#include <gssapi/gssapi.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This is for kerberos5 names.
+ */
+
+extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
+extern gss_OID GSS_KRB5_NT_USER_NAME;
+extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME;
+extern gss_OID GSS_KRB5_NT_STRING_UID_NAME;
+
+extern gss_OID GSS_KRB5_MECHANISM;
+
+/* for compatibility with MIT api */
+
+#define gss_mech_krb5 GSS_KRB5_MECHANISM
+#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
+
+/* Extensions set contexts options */
+extern gss_OID GSS_KRB5_COPY_CCACHE_X;
+extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X;
+extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X;
+extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X;
+extern gss_OID GSS_KRB5_SEND_TO_KDC_X;
+extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
+extern gss_OID GSS_KRB5_CCACHE_NAME_X;
+/* Extensions inquire context */
+extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
+extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
+extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO;
+extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X;
+extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X;
+extern gss_OID GSS_KRB5_GET_SUBKEY_X;
+extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X;
+extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X;
+extern gss_OID GSS_KRB5_GET_AUTHTIME_X;
+extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X;
+/* Extensions creds */
+extern gss_OID GSS_KRB5_IMPORT_CRED_X;
+extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X;
+
+/*
+ * kerberos mechanism specific functions
+ */
+
+struct krb5_keytab_data;
+struct krb5_ccache_data;
+struct Principal;
+
+OM_uint32
+gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
+ const char * /*name */,
+ const char ** /*out_name */);
+
+OM_uint32 gsskrb5_register_acceptor_identity
+ (const char */*identity*/);
+
+OM_uint32 gss_krb5_copy_ccache
+ (OM_uint32 */*minor*/,
+ gss_cred_id_t /*cred*/,
+ struct krb5_ccache_data */*out*/);
+
+OM_uint32
+gss_krb5_import_cred(OM_uint32 */*minor*/,
+ struct krb5_ccache_data * /*in*/,
+ struct Principal * /*keytab_principal*/,
+ struct krb5_keytab_data * /*keytab*/,
+ gss_cred_id_t */*out*/);
+
+OM_uint32 gss_krb5_get_tkt_flags
+ (OM_uint32 */*minor*/,
+ gss_ctx_id_t /*context_handle*/,
+ OM_uint32 */*tkt_flags*/);
+
+OM_uint32
+gsskrb5_extract_authz_data_from_sec_context
+ (OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*ad_type*/,
+ gss_buffer_t /*ad_data*/);
+
+OM_uint32
+gsskrb5_set_dns_canonicalize(int);
+
+struct gsskrb5_send_to_kdc {
+ void *func;
+ void *ptr;
+};
+
+OM_uint32
+gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *);
+
+OM_uint32
+gsskrb5_set_default_realm(const char *);
+
+OM_uint32
+gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *);
+
+struct EncryptionKey;
+
+OM_uint32
+gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ struct EncryptionKey **out);
+OM_uint32
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ struct EncryptionKey **out);
+OM_uint32
+gsskrb5_get_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ struct EncryptionKey **out);
+
+/*
+ * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
+ * do GSS content token handling in-kernel.
+ */
+
+typedef struct gss_krb5_lucid_key {
+ OM_uint32 type;
+ OM_uint32 length;
+ void * data;
+} gss_krb5_lucid_key_t;
+
+typedef struct gss_krb5_rfc1964_keydata {
+ OM_uint32 sign_alg;
+ OM_uint32 seal_alg;
+ gss_krb5_lucid_key_t ctx_key;
+} gss_krb5_rfc1964_keydata_t;
+
+typedef struct gss_krb5_cfx_keydata {
+ OM_uint32 have_acceptor_subkey;
+ gss_krb5_lucid_key_t ctx_key;
+ gss_krb5_lucid_key_t acceptor_subkey;
+} gss_krb5_cfx_keydata_t;
+
+typedef struct gss_krb5_lucid_context_v1 {
+ OM_uint32 version;
+ OM_uint32 initiate;
+ OM_uint32 endtime;
+ OM_uint64 send_seq;
+ OM_uint64 recv_seq;
+ OM_uint32 protocol;
+ gss_krb5_rfc1964_keydata_t rfc1964_kd;
+ gss_krb5_cfx_keydata_t cfx_kd;
+} gss_krb5_lucid_context_v1_t;
+
+typedef struct gss_krb5_lucid_context_version {
+ OM_uint32 version; /* Structure version number */
+} gss_krb5_lucid_context_version_t;
+
+/*
+ * Function declarations
+ */
+
+OM_uint32
+gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ OM_uint32 version,
+ void **kctx);
+
+
+OM_uint32
+gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
+ void *kctx);
+
+
+OM_uint32
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
+ gss_cred_id_t cred,
+ OM_uint32 num_enctypes,
+ int32_t *enctypes);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GSSAPI_SPNEGO_H_ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_spnego.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_spnego.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gssapi/gssapi_spnego.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gssapi_spnego.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef GSSAPI_SPNEGO_H_
+#define GSSAPI_SPNEGO_H_
+
+#include <gssapi.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * RFC2478, SPNEGO:
+ * The security mechanism of the initial
+ * negotiation token is identified by the Object Identifier
+ * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
+ */
+extern gss_OID GSS_SPNEGO_MECHANISM;
+#define gss_mech_spnego GSS_SPNEGO_MECHANISM
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GSSAPI_SPNEGO_H_ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/gssapi.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gssapi.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gssapi.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,177 @@
+.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: gssapi.3,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd April 20, 2005
+.Dt GSSAPI 3
+.Os
+.Sh NAME
+.Nm gssapi
+.Nd Generic Security Service Application Program Interface library
+.Sh LIBRARY
+GSS-API Library (libgssapi, -lgssapi)
+.Sh DESCRIPTION
+The Generic Security Service Application Program Interface (GSS-API)
+provides security services to callers in a generic fashion,
+supportable with a range of underlying mechanisms and technologies and
+hence allowing source-level portability of applications to different
+environments.
+.Pp
+The GSS-API implementation in Heimdal implements the Kerberos 5 and
+the SPNEGO GSS-API security mechanisms.
+.Sh LIST OF FUNCTIONS
+These functions constitute the gssapi library,
+.Em libgssapi .
+Declarations for these functions may be obtained from the include file
+.Pa gssapi.h .
+.sp 2
+.nf
+.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u
+\fIName/Page\fP \fIDescription\fP
+.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC
+.sp 5p
+gss_accept_sec_context.3
+gss_acquire_cred.3
+gss_add_cred.3
+gss_add_oid_set_member.3
+gss_canonicalize_name.3
+gss_compare_name.3
+gss_context_time.3
+gss_create_empty_oid_set.3
+gss_delete_sec_context.3
+gss_display_name.3
+gss_display_status.3
+gss_duplicate_name.3
+gss_export_name.3
+gss_export_sec_context.3
+gss_get_mic.3
+gss_import_name.3
+gss_import_sec_context.3
+gss_indicate_mechs.3
+gss_init_sec_context.3
+gss_inquire_context.3
+gss_inquire_cred.3
+gss_inquire_cred_by_mech.3
+gss_inquire_mechs_for_name.3
+gss_inquire_names_for_mech.3
+gss_krb5_ccache_name.3
+gss_krb5_compat_des3_mic.3
+gss_krb5_copy_ccache.3
+gss_krb5_extract_authz_data_from_sec_context.3
+gss_krb5_import_ccache.3
+gss_process_context_token.3
+gss_release_buffer.3
+gss_release_cred.3
+gss_release_name.3
+gss_release_oid_set.3
+gss_seal.3
+gss_sign.3
+gss_test_oid_set_member.3
+gss_unseal.3
+gss_unwrap.3
+gss_verify.3
+gss_verify_mic.3
+gss_wrap.3
+gss_wrap_size_limit.3
+.ta
+.Fi
+.Sh COMPATIBILITY
+The
+.Nm Heimdal
+GSS-API implementation had a bug in releases before 0.6 that made it
+fail to inter-operate when using DES3 with other GSS-API
+implementations when using
+.Fn gss_get_mic
+/
+.Fn gss_verify_mic .
+It is possible to modify the behavior of the generator of the MIC with
+the
+.Pa krb5.conf
+configuration file so that old clients/servers will still
+work.
+.Pp
+New clients/servers will try both the old and new MIC in Heimdal 0.6.
+In 0.7 it will check only if configured - the compatibility code will
+be removed in 0.8.
+.Pp
+Heimdal 0.6 still generates by default the broken GSS-API DES3 mic,
+this will change in 0.7 to generate correct des3 mic.
+.Pp
+To turn on compatibility with older clients and servers, change the
+.Nm [gssapi]
+.Ar broken_des3_mic
+in
+.Pa krb5.conf
+that contains a list of globbing expressions that will be matched
+against the server name.
+To turn off generation of the old (incompatible) mic of the MIC use
+.Nm [gssapi]
+.Ar correct_des3_mic .
+.Pp
+If a match for a entry is in both
+.Nm [gssapi]
+.Ar correct_des3_mic
+and
+.Nm [gssapi]
+.Ar broken_des3_mic ,
+the later will override.
+.Pp
+This config option modifies behaviour for both clients and servers.
+.Pp
+Microsoft implemented SPNEGO to Windows2000, however, they manage to
+get it wrong, their implementation didn't fill in the MechListMIC in
+the reply token with the right content.
+There is a work around for this problem, but not all implementation
+support it.
+.Pp
+Heimdal defaults to correct SPNEGO when the the kerberos
+implementation uses CFX, or when it is configured by the user.
+To turn on compatibility with peers, use option
+.Nm [gssapi]
+.Ar require_mechlist_mic .
+.Sh EXAMPLES
+.Bd -literal -offset indent
+[gssapi]
+ broken_des3_mic = cvs/*@SU.SE
+ broken_des3_mic = host/*@E.KTH.SE
+ correct_des3_mic = host/*@SU.SE
+ require_mechlist_mic = host/*@SU.SE
+.Ed
+.Sh BUGS
+All of 0.5.x versions of
+.Nm heimdal
+had broken token delegations in the client side, the server side was
+correct.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/gssapi/gssapi.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gssapi.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gssapi.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gssapi.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef GSSAPI_H_
+#define GSSAPI_H_
+
+#include <gssapi/gssapi.h>
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/gssapi/gssapi_mech.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/gssapi_mech.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/gssapi_mech.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,359 @@
+/*-
+ * Copyright (c) 2005 Doug Rabson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef GSSAPI_MECH_H
+#define GSSAPI_MECH_H 1
+
+#include <gssapi.h>
+
+typedef OM_uint32 _gss_acquire_cred_t
+ (OM_uint32 *, /* minor_status */
+ const gss_name_t, /* desired_name */
+ OM_uint32, /* time_req */
+ const gss_OID_set, /* desired_mechs */
+ gss_cred_usage_t, /* cred_usage */
+ gss_cred_id_t *, /* output_cred_handle */
+ gss_OID_set *, /* actual_mechs */
+ OM_uint32 * /* time_rec */
+ );
+
+typedef OM_uint32 _gss_release_cred_t
+ (OM_uint32 *, /* minor_status */
+ gss_cred_id_t * /* cred_handle */
+ );
+
+typedef OM_uint32 _gss_init_sec_context_t
+ (OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* initiator_cred_handle */
+ gss_ctx_id_t *, /* context_handle */
+ const gss_name_t, /* target_name */
+ const gss_OID, /* mech_type */
+ OM_uint32, /* req_flags */
+ OM_uint32, /* time_req */
+ const gss_channel_bindings_t,
+ /* input_chan_bindings */
+ const gss_buffer_t, /* input_token */
+ gss_OID *, /* actual_mech_type */
+ gss_buffer_t, /* output_token */
+ OM_uint32 *, /* ret_flags */
+ OM_uint32 * /* time_rec */
+ );
+
+typedef OM_uint32 _gss_accept_sec_context_t
+ (OM_uint32 *, /* minor_status */
+ gss_ctx_id_t *, /* context_handle */
+ const gss_cred_id_t, /* acceptor_cred_handle */
+ const gss_buffer_t, /* input_token_buffer */
+ const gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_name_t *, /* src_name */
+ gss_OID *, /* mech_type */
+ gss_buffer_t, /* output_token */
+ OM_uint32 *, /* ret_flags */
+ OM_uint32 *, /* time_rec */
+ gss_cred_id_t * /* delegated_cred_handle */
+ );
+
+typedef OM_uint32 _gss_process_context_token_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ const gss_buffer_t /* token_buffer */
+ );
+
+typedef OM_uint32 _gss_delete_sec_context_t
+ (OM_uint32 *, /* minor_status */
+ gss_ctx_id_t *, /* context_handle */
+ gss_buffer_t /* output_token */
+ );
+
+typedef OM_uint32 _gss_context_time_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ OM_uint32 * /* time_rec */
+ );
+
+typedef OM_uint32 _gss_get_mic_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ gss_qop_t, /* qop_req */
+ const gss_buffer_t, /* message_buffer */
+ gss_buffer_t /* message_token */
+ );
+
+typedef OM_uint32 _gss_verify_mic_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ const gss_buffer_t, /* message_buffer */
+ const gss_buffer_t, /* token_buffer */
+ gss_qop_t * /* qop_state */
+ );
+
+typedef OM_uint32 _gss_wrap_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ const gss_buffer_t, /* input_message_buffer */
+ int *, /* conf_state */
+ gss_buffer_t /* output_message_buffer */
+ );
+
+typedef OM_uint32 _gss_unwrap_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ const gss_buffer_t, /* input_message_buffer */
+ gss_buffer_t, /* output_message_buffer */
+ int *, /* conf_state */
+ gss_qop_t * /* qop_state */
+ );
+
+typedef OM_uint32 _gss_display_status_t
+ (OM_uint32 *, /* minor_status */
+ OM_uint32, /* status_value */
+ int, /* status_type */
+ const gss_OID, /* mech_type */
+ OM_uint32 *, /* message_context */
+ gss_buffer_t /* status_string */
+ );
+
+typedef OM_uint32 _gss_indicate_mechs_t
+ (OM_uint32 *, /* minor_status */
+ gss_OID_set * /* mech_set */
+ );
+
+typedef OM_uint32 _gss_compare_name_t
+ (OM_uint32 *, /* minor_status */
+ const gss_name_t, /* name1 */
+ const gss_name_t, /* name2 */
+ int * /* name_equal */
+ );
+
+typedef OM_uint32 _gss_display_name_t
+ (OM_uint32 *, /* minor_status */
+ const gss_name_t, /* input_name */
+ gss_buffer_t, /* output_name_buffer */
+ gss_OID * /* output_name_type */
+ );
+
+typedef OM_uint32 _gss_import_name_t
+ (OM_uint32 *, /* minor_status */
+ const gss_buffer_t, /* input_name_buffer */
+ const gss_OID, /* input_name_type */
+ gss_name_t * /* output_name */
+ );
+
+typedef OM_uint32 _gss_export_name_t
+ (OM_uint32 *, /* minor_status */
+ const gss_name_t, /* input_name */
+ gss_buffer_t /* exported_name */
+ );
+
+typedef OM_uint32 _gss_release_name_t
+ (OM_uint32 *, /* minor_status */
+ gss_name_t * /* input_name */
+ );
+
+typedef OM_uint32 _gss_inquire_cred_t
+ (OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* cred_handle */
+ gss_name_t *, /* name */
+ OM_uint32 *, /* lifetime */
+ gss_cred_usage_t *, /* cred_usage */
+ gss_OID_set * /* mechanisms */
+ );
+
+typedef OM_uint32 _gss_inquire_context_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ gss_name_t *, /* src_name */
+ gss_name_t *, /* targ_name */
+ OM_uint32 *, /* lifetime_rec */
+ gss_OID *, /* mech_type */
+ OM_uint32 *, /* ctx_flags */
+ int *, /* locally_initiated */
+ int * /* open */
+ );
+
+typedef OM_uint32 _gss_wrap_size_limit_t
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ gss_qop_t, /* qop_req */
+ OM_uint32, /* req_output_size */
+ OM_uint32 * /* max_input_size */
+ );
+
+typedef OM_uint32 _gss_add_cred_t (
+ OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* input_cred_handle */
+ const gss_name_t, /* desired_name */
+ const gss_OID, /* desired_mech */
+ gss_cred_usage_t, /* cred_usage */
+ OM_uint32, /* initiator_time_req */
+ OM_uint32, /* acceptor_time_req */
+ gss_cred_id_t *, /* output_cred_handle */
+ gss_OID_set *, /* actual_mechs */
+ OM_uint32 *, /* initiator_time_rec */
+ OM_uint32 * /* acceptor_time_rec */
+ );
+
+typedef OM_uint32 _gss_inquire_cred_by_mech_t (
+ OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* cred_handle */
+ const gss_OID, /* mech_type */
+ gss_name_t *, /* name */
+ OM_uint32 *, /* initiator_lifetime */
+ OM_uint32 *, /* acceptor_lifetime */
+ gss_cred_usage_t * /* cred_usage */
+ );
+
+typedef OM_uint32 _gss_export_sec_context_t (
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t *, /* context_handle */
+ gss_buffer_t /* interprocess_token */
+ );
+
+typedef OM_uint32 _gss_import_sec_context_t (
+ OM_uint32 *, /* minor_status */
+ const gss_buffer_t, /* interprocess_token */
+ gss_ctx_id_t * /* context_handle */
+ );
+
+typedef OM_uint32 _gss_inquire_names_for_mech_t (
+ OM_uint32 *, /* minor_status */
+ const gss_OID, /* mechanism */
+ gss_OID_set * /* name_types */
+ );
+
+typedef OM_uint32 _gss_inquire_mechs_for_name_t (
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* input_name */
+ gss_OID_set * /* mech_types */
+ );
+
+typedef OM_uint32 _gss_canonicalize_name_t (
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* input_name */
+ const gss_OID, /* mech_type */
+ gss_name_t * /* output_name */
+ );
+
+typedef OM_uint32 _gss_duplicate_name_t (
+ OM_uint32 *, /* minor_status */
+ const gss_name_t, /* src_name */
+ gss_name_t * /* dest_name */
+ );
+
+typedef OM_uint32 _gss_inquire_sec_context_by_oid (
+ OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set
+ );
+
+typedef OM_uint32 _gss_inquire_cred_by_oid (
+ OM_uint32 *minor_status,
+ const gss_cred_id_t cred,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set
+ );
+
+typedef OM_uint32 _gss_set_sec_context_option (
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value
+ );
+
+typedef OM_uint32 _gss_set_cred_option (
+ OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value
+ );
+
+
+typedef OM_uint32 _gss_pseudo_random(
+ OM_uint32 *minor_status,
+ gss_ctx_id_t context,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out
+ );
+
+#define GMI_VERSION 1
+
+typedef struct gssapi_mech_interface_desc {
+ unsigned gm_version;
+ const char *gm_name;
+ gss_OID_desc gm_mech_oid;
+ _gss_acquire_cred_t *gm_acquire_cred;
+ _gss_release_cred_t *gm_release_cred;
+ _gss_init_sec_context_t *gm_init_sec_context;
+ _gss_accept_sec_context_t *gm_accept_sec_context;
+ _gss_process_context_token_t *gm_process_context_token;
+ _gss_delete_sec_context_t *gm_delete_sec_context;
+ _gss_context_time_t *gm_context_time;
+ _gss_get_mic_t *gm_get_mic;
+ _gss_verify_mic_t *gm_verify_mic;
+ _gss_wrap_t *gm_wrap;
+ _gss_unwrap_t *gm_unwrap;
+ _gss_display_status_t *gm_display_status;
+ _gss_indicate_mechs_t *gm_indicate_mechs;
+ _gss_compare_name_t *gm_compare_name;
+ _gss_display_name_t *gm_display_name;
+ _gss_import_name_t *gm_import_name;
+ _gss_export_name_t *gm_export_name;
+ _gss_release_name_t *gm_release_name;
+ _gss_inquire_cred_t *gm_inquire_cred;
+ _gss_inquire_context_t *gm_inquire_context;
+ _gss_wrap_size_limit_t *gm_wrap_size_limit;
+ _gss_add_cred_t *gm_add_cred;
+ _gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech;
+ _gss_export_sec_context_t *gm_export_sec_context;
+ _gss_import_sec_context_t *gm_import_sec_context;
+ _gss_inquire_names_for_mech_t *gm_inquire_names_for_mech;
+ _gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name;
+ _gss_canonicalize_name_t *gm_canonicalize_name;
+ _gss_duplicate_name_t *gm_duplicate_name;
+ _gss_inquire_sec_context_by_oid *gm_inquire_sec_context_by_oid;
+ _gss_inquire_cred_by_oid *gm_inquire_cred_by_oid;
+ _gss_set_sec_context_option *gm_set_sec_context_option;
+ _gss_set_cred_option *gm_set_cred_option;
+ _gss_pseudo_random *gm_pseudo_random;
+} gssapi_mech_interface_desc, *gssapi_mech_interface;
+
+gssapi_mech_interface
+__gss_get_mechanism(gss_OID /* oid */);
+
+gssapi_mech_interface __gss_spnego_initialize(void);
+gssapi_mech_interface __gss_krb5_initialize(void);
+gssapi_mech_interface __gss_ntlm_initialize(void);
+
+#endif /* GSSAPI_MECH_H */
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/8003.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/8003.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/8003.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,248 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: 8003.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+krb5_error_code
+_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p)
+{
+ p[0] = (n >> 0) & 0xFF;
+ p[1] = (n >> 8) & 0xFF;
+ p[2] = (n >> 16) & 0xFF;
+ p[3] = (n >> 24) & 0xFF;
+ return 0;
+}
+
+krb5_error_code
+_gsskrb5_encode_be_om_uint32(OM_uint32 n, u_char *p)
+{
+ p[0] = (n >> 24) & 0xFF;
+ p[1] = (n >> 16) & 0xFF;
+ p[2] = (n >> 8) & 0xFF;
+ p[3] = (n >> 0) & 0xFF;
+ return 0;
+}
+
+krb5_error_code
+_gsskrb5_decode_om_uint32(const void *ptr, OM_uint32 *n)
+{
+ const u_char *p = ptr;
+ *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
+ return 0;
+}
+
+krb5_error_code
+_gsskrb5_decode_be_om_uint32(const void *ptr, OM_uint32 *n)
+{
+ const u_char *p = ptr;
+ *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
+ return 0;
+}
+
+static krb5_error_code
+hash_input_chan_bindings (const gss_channel_bindings_t b,
+ u_char *p)
+{
+ u_char num[4];
+ MD5_CTX md5;
+
+ MD5_Init(&md5);
+ _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num);
+ MD5_Update (&md5, num, sizeof(num));
+ _gsskrb5_encode_om_uint32 (b->initiator_address.length, num);
+ MD5_Update (&md5, num, sizeof(num));
+ if (b->initiator_address.length)
+ MD5_Update (&md5,
+ b->initiator_address.value,
+ b->initiator_address.length);
+ _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num);
+ MD5_Update (&md5, num, sizeof(num));
+ _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num);
+ MD5_Update (&md5, num, sizeof(num));
+ if (b->acceptor_address.length)
+ MD5_Update (&md5,
+ b->acceptor_address.value,
+ b->acceptor_address.length);
+ _gsskrb5_encode_om_uint32 (b->application_data.length, num);
+ MD5_Update (&md5, num, sizeof(num));
+ if (b->application_data.length)
+ MD5_Update (&md5,
+ b->application_data.value,
+ b->application_data.length);
+ MD5_Final (p, &md5);
+ return 0;
+}
+
+/*
+ * create a checksum over the chanel bindings in
+ * `input_chan_bindings', `flags' and `fwd_data' and return it in
+ * `result'
+ */
+
+OM_uint32
+_gsskrb5_create_8003_checksum (
+ OM_uint32 *minor_status,
+ const gss_channel_bindings_t input_chan_bindings,
+ OM_uint32 flags,
+ const krb5_data *fwd_data,
+ Checksum *result)
+{
+ u_char *p;
+
+ /*
+ * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value
+ * field's format) */
+ result->cksumtype = CKSUMTYPE_GSSAPI;
+ if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
+ result->checksum.length = 24 + 4 + fwd_data->length;
+ else
+ result->checksum.length = 24;
+ result->checksum.data = malloc (result->checksum.length);
+ if (result->checksum.data == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = result->checksum.data;
+ _gsskrb5_encode_om_uint32 (16, p);
+ p += 4;
+ if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
+ memset (p, 0, 16);
+ } else {
+ hash_input_chan_bindings (input_chan_bindings, p);
+ }
+ p += 16;
+ _gsskrb5_encode_om_uint32 (flags, p);
+ p += 4;
+
+ if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
+
+ *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */
+ *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */
+ *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */
+ *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */
+ memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
+
+ p += fwd_data->length;
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * verify the checksum in `cksum' over `input_chan_bindings'
+ * returning `flags' and `fwd_data'
+ */
+
+OM_uint32
+_gsskrb5_verify_8003_checksum(
+ OM_uint32 *minor_status,
+ const gss_channel_bindings_t input_chan_bindings,
+ const Checksum *cksum,
+ OM_uint32 *flags,
+ krb5_data *fwd_data)
+{
+ unsigned char hash[16];
+ unsigned char *p;
+ OM_uint32 length;
+ int DlgOpt;
+ static unsigned char zeros[16];
+
+ if (cksum == NULL) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+
+ /* XXX should handle checksums > 24 bytes */
+ if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+
+ p = cksum->checksum.data;
+ _gsskrb5_decode_om_uint32(p, &length);
+ if(length != sizeof(hash)) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+
+ p += 4;
+
+ if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
+ && memcmp(p, zeros, sizeof(zeros)) != 0) {
+ if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+ if(memcmp(hash, p, sizeof(hash)) != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+ }
+
+ p += sizeof(hash);
+
+ _gsskrb5_decode_om_uint32(p, flags);
+ p += 4;
+
+ if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
+ if(cksum->checksum.length < 28) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+
+ DlgOpt = (p[0] << 0) | (p[1] << 8);
+ p += 2;
+ if (DlgOpt != 1) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+
+ fwd_data->length = (p[0] << 0) | (p[1] << 8);
+ p += 2;
+ if(cksum->checksum.length < 28 + fwd_data->length) {
+ *minor_status = 0;
+ return GSS_S_BAD_BINDINGS;
+ }
+ fwd_data->data = malloc(fwd_data->length);
+ if (fwd_data->data == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(fwd_data->data, p, fwd_data->length);
+ }
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/accept_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/accept_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,801 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: accept_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
+krb5_keytab _gsskrb5_keytab;
+
+OM_uint32
+_gsskrb5_register_acceptor_identity (const char *identity)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ ret = _gsskrb5_init(&context);
+ if(ret)
+ return GSS_S_FAILURE;
+
+ HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
+
+ if(_gsskrb5_keytab != NULL) {
+ krb5_kt_close(context, _gsskrb5_keytab);
+ _gsskrb5_keytab = NULL;
+ }
+ if (identity == NULL) {
+ ret = krb5_kt_default(context, &_gsskrb5_keytab);
+ } else {
+ char *p;
+
+ asprintf(&p, "FILE:%s", identity);
+ if(p == NULL) {
+ HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
+ return GSS_S_FAILURE;
+ }
+ ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab);
+ free(p);
+ }
+ HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
+ if(ret)
+ return GSS_S_FAILURE;
+ return GSS_S_COMPLETE;
+}
+
+void
+_gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx)
+{
+ krb5_keyblock *key;
+ int acceptor = (ctx->more_flags & LOCAL) == 0;
+
+ *is_cfx = 0;
+
+ if (acceptor) {
+ if (ctx->auth_context->local_subkey)
+ key = ctx->auth_context->local_subkey;
+ else
+ key = ctx->auth_context->remote_subkey;
+ } else {
+ if (ctx->auth_context->remote_subkey)
+ key = ctx->auth_context->remote_subkey;
+ else
+ key = ctx->auth_context->local_subkey;
+ }
+ if (key == NULL)
+ key = ctx->auth_context->keyblock;
+
+ if (key == NULL)
+ return;
+
+ switch (key->keytype) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ case ETYPE_DES3_CBC_MD5:
+ case ETYPE_DES3_CBC_SHA1:
+ case ETYPE_ARCFOUR_HMAC_MD5:
+ case ETYPE_ARCFOUR_HMAC_MD5_56:
+ break;
+ default :
+ *is_cfx = 1;
+ if ((acceptor && ctx->auth_context->local_subkey) ||
+ (!acceptor && ctx->auth_context->remote_subkey))
+ ctx->more_flags |= ACCEPTOR_SUBKEY;
+ break;
+ }
+}
+
+
+static OM_uint32
+gsskrb5_accept_delegated_token
+(OM_uint32 * minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ gss_cred_id_t * delegated_cred_handle
+ )
+{
+ krb5_ccache ccache = NULL;
+ krb5_error_code kret;
+ int32_t ac_flags, ret = GSS_S_COMPLETE;
+
+ *minor_status = 0;
+
+ /* XXX Create a new delegated_cred_handle? */
+ if (delegated_cred_handle == NULL) {
+ kret = krb5_cc_default (context, &ccache);
+ } else {
+ *delegated_cred_handle = NULL;
+ kret = krb5_cc_gen_new (context, &krb5_mcc_ops, &ccache);
+ }
+ if (kret) {
+ ctx->flags &= ~GSS_C_DELEG_FLAG;
+ goto out;
+ }
+
+ kret = krb5_cc_initialize(context, ccache, ctx->source);
+ if (kret) {
+ ctx->flags &= ~GSS_C_DELEG_FLAG;
+ goto out;
+ }
+
+ krb5_auth_con_removeflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_DO_TIME,
+ &ac_flags);
+ kret = krb5_rd_cred2(context,
+ ctx->auth_context,
+ ccache,
+ &ctx->fwd_data);
+ krb5_auth_con_setflags(context,
+ ctx->auth_context,
+ ac_flags);
+ if (kret) {
+ ctx->flags &= ~GSS_C_DELEG_FLAG;
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ goto out;
+ }
+
+ if (delegated_cred_handle) {
+ gsskrb5_cred handle;
+
+ ret = _gsskrb5_import_cred(minor_status,
+ ccache,
+ NULL,
+ NULL,
+ delegated_cred_handle);
+ if (ret != GSS_S_COMPLETE)
+ goto out;
+
+ handle = (gsskrb5_cred) *delegated_cred_handle;
+
+ handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
+ krb5_cc_close(context, ccache);
+ ccache = NULL;
+ }
+
+out:
+ if (ccache) {
+ /* Don't destroy the default cred cache */
+ if (delegated_cred_handle == NULL)
+ krb5_cc_close(context, ccache);
+ else
+ krb5_cc_destroy(context, ccache);
+ }
+ return ret;
+}
+
+static OM_uint32
+gsskrb5_acceptor_ready(OM_uint32 * minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ gss_cred_id_t *delegated_cred_handle)
+{
+ OM_uint32 ret;
+ int32_t seq_number;
+ int is_cfx = 0;
+
+ krb5_auth_getremoteseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
+
+ _gsskrb5i_is_cfx(ctx, &is_cfx);
+
+ ret = _gssapi_msg_order_create(minor_status,
+ &ctx->order,
+ _gssapi_msg_order_f(ctx->flags),
+ seq_number, 0, is_cfx);
+ if (ret)
+ return ret;
+
+ /*
+ * If requested, set local sequence num to remote sequence if this
+ * isn't a mutual authentication context
+ */
+ if (!(ctx->flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(ctx->flags)) {
+ krb5_auth_con_setlocalseqnumber(context,
+ ctx->auth_context,
+ seq_number);
+ }
+
+ /*
+ * We should handle the delegation ticket, in case it's there
+ */
+ if (ctx->fwd_data.length > 0 && (ctx->flags & GSS_C_DELEG_FLAG)) {
+ ret = gsskrb5_accept_delegated_token(minor_status,
+ ctx,
+ context,
+ delegated_cred_handle);
+ if (ret)
+ return ret;
+ } else {
+ /* Well, looks like it wasn't there after all */
+ ctx->flags &= ~GSS_C_DELEG_FLAG;
+ }
+
+ ctx->state = ACCEPTOR_READY;
+ ctx->more_flags |= OPEN;
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+gsskrb5_acceptor_start(OM_uint32 * minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t * delegated_cred_handle)
+{
+ krb5_error_code kret;
+ OM_uint32 ret = GSS_S_COMPLETE;
+ krb5_data indata;
+ krb5_flags ap_options;
+ krb5_keytab keytab = NULL;
+ int is_cfx = 0;
+ const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle;
+
+ /*
+ * We may, or may not, have an escapsulation.
+ */
+ ret = _gsskrb5_decapsulate (minor_status,
+ input_token_buffer,
+ &indata,
+ "\x01\x00",
+ GSS_KRB5_MECHANISM);
+
+ if (ret) {
+ /* Assume that there is no OID wrapping. */
+ indata.length = input_token_buffer->length;
+ indata.data = input_token_buffer->value;
+ }
+
+ /*
+ * We need to get our keytab
+ */
+ if (acceptor_cred == NULL) {
+ if (_gsskrb5_keytab != NULL)
+ keytab = _gsskrb5_keytab;
+ } else if (acceptor_cred->keytab != NULL) {
+ keytab = acceptor_cred->keytab;
+ }
+
+ /*
+ * We need to check the ticket and create the AP-REP packet
+ */
+
+ {
+ krb5_rd_req_in_ctx in = NULL;
+ krb5_rd_req_out_ctx out = NULL;
+
+ kret = krb5_rd_req_in_ctx_alloc(context, &in);
+ if (kret == 0)
+ kret = krb5_rd_req_in_set_keytab(context, in, keytab);
+ if (kret) {
+ if (in)
+ krb5_rd_req_in_ctx_free(context, in);
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+
+ kret = krb5_rd_req_ctx(context,
+ &ctx->auth_context,
+ &indata,
+ (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal,
+ in, &out);
+ krb5_rd_req_in_ctx_free(context, in);
+ if (kret) {
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+
+ /*
+ * We need to remember some data on the context_handle.
+ */
+ kret = krb5_rd_req_out_get_ap_req_options(context, out,
+ &ap_options);
+ if (kret == 0)
+ kret = krb5_rd_req_out_get_ticket(context, out,
+ &ctx->ticket);
+ if (kret == 0)
+ kret = krb5_rd_req_out_get_keyblock(context, out,
+ &ctx->service_keyblock);
+ ctx->lifetime = ctx->ticket->ticket.endtime;
+
+ krb5_rd_req_out_ctx_free(context, out);
+ if (kret) {
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+ }
+
+
+ /*
+ * We need to copy the principal names to the context and the
+ * calling layer.
+ */
+ kret = krb5_copy_principal(context,
+ ctx->ticket->client,
+ &ctx->source);
+ if (kret) {
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ }
+
+ kret = krb5_copy_principal(context,
+ ctx->ticket->server,
+ &ctx->target);
+ if (kret) {
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+
+ /*
+ * We need to setup some compat stuff, this assumes that
+ * context_handle->target is already set.
+ */
+ ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
+ if (ret)
+ return ret;
+
+ if (src_name != NULL) {
+ kret = krb5_copy_principal (context,
+ ctx->ticket->client,
+ (gsskrb5_name*)src_name);
+ if (kret) {
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+ }
+
+ /*
+ * We need to get the flags out of the 8003 checksum.
+ */
+ {
+ krb5_authenticator authenticator;
+
+ kret = krb5_auth_con_getauthenticator(context,
+ ctx->auth_context,
+ &authenticator);
+ if(kret) {
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+
+ if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) {
+ ret = _gsskrb5_verify_8003_checksum(minor_status,
+ input_chan_bindings,
+ authenticator->cksum,
+ &ctx->flags,
+ &ctx->fwd_data);
+
+ krb5_free_authenticator(context, &authenticator);
+ if (ret) {
+ return ret;
+ }
+ } else {
+ krb5_crypto crypto;
+
+ kret = krb5_crypto_init(context,
+ ctx->auth_context->keyblock,
+ 0, &crypto);
+ if(kret) {
+ krb5_free_authenticator(context, &authenticator);
+
+ ret = GSS_S_FAILURE;
+ *minor_status = kret;
+ return ret;
+ }
+
+ /*
+ * Windows accepts Samba3's use of a kerberos, rather than
+ * GSSAPI checksum here
+ */
+
+ kret = krb5_verify_checksum(context,
+ crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
+ authenticator->cksum);
+ krb5_free_authenticator(context, &authenticator);
+ krb5_crypto_destroy(context, crypto);
+
+ if(kret) {
+ ret = GSS_S_BAD_SIG;
+ *minor_status = kret;
+ return ret;
+ }
+
+ /*
+ * Samba style get some flags (but not DCE-STYLE)
+ */
+ ctx->flags =
+ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ }
+ }
+
+ if(ctx->flags & GSS_C_MUTUAL_FLAG) {
+ krb5_data outbuf;
+
+ _gsskrb5i_is_cfx(ctx, &is_cfx);
+
+ if (is_cfx != 0
+ || (ap_options & AP_OPTS_USE_SUBKEY)) {
+ kret = krb5_auth_con_addflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY,
+ NULL);
+ ctx->more_flags |= ACCEPTOR_SUBKEY;
+ }
+
+ kret = krb5_mk_rep(context,
+ ctx->auth_context,
+ &outbuf);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (IS_DCE_STYLE(ctx)) {
+ output_token->length = outbuf.length;
+ output_token->value = outbuf.data;
+ } else {
+ ret = _gsskrb5_encapsulate(minor_status,
+ &outbuf,
+ output_token,
+ "\x02\x00",
+ GSS_KRB5_MECHANISM);
+ krb5_data_free (&outbuf);
+ if (ret)
+ return ret;
+ }
+ }
+
+ ctx->flags |= GSS_C_TRANS_FLAG;
+
+ /* Remember the flags */
+
+ ctx->lifetime = ctx->ticket->ticket.endtime;
+ ctx->more_flags |= OPEN;
+
+ if (mech_type)
+ *mech_type = GSS_KRB5_MECHANISM;
+
+ if (time_rec) {
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ ctx->lifetime,
+ time_rec);
+ if (ret) {
+ return ret;
+ }
+ }
+
+ /*
+ * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from
+ * the client.
+ */
+ if (IS_DCE_STYLE(ctx)) {
+ /*
+ * Return flags to caller, but we haven't processed
+ * delgations yet
+ */
+ if (ret_flags)
+ *ret_flags = (ctx->flags & ~GSS_C_DELEG_FLAG);
+
+ ctx->state = ACCEPTOR_WAIT_FOR_DCESTYLE;
+ return GSS_S_CONTINUE_NEEDED;
+ }
+
+ ret = gsskrb5_acceptor_ready(minor_status, ctx, context,
+ delegated_cred_handle);
+
+ if (ret_flags)
+ *ret_flags = ctx->flags;
+
+ return ret;
+}
+
+static OM_uint32
+acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t * delegated_cred_handle)
+{
+ OM_uint32 ret;
+ krb5_error_code kret;
+ krb5_data inbuf;
+ int32_t r_seq_number, l_seq_number;
+
+ /*
+ * We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP
+ */
+
+ inbuf.length = input_token_buffer->length;
+ inbuf.data = input_token_buffer->value;
+
+ /*
+ * We need to remeber the old remote seq_number, then check if the
+ * client has replied with our local seq_number, and then reset
+ * the remote seq_number to the old value
+ */
+ {
+ kret = krb5_auth_con_getlocalseqnumber(context,
+ ctx->auth_context,
+ &l_seq_number);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_auth_getremoteseqnumber(context,
+ ctx->auth_context,
+ &r_seq_number);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_auth_con_setremoteseqnumber(context,
+ ctx->auth_context,
+ l_seq_number);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ /*
+ * We need to verify the AP_REP, but we need to flag that this is
+ * DCE_STYLE, so don't check the timestamps this time, but put the
+ * flag DO_TIME back afterward.
+ */
+ {
+ krb5_ap_rep_enc_part *repl;
+ int32_t auth_flags;
+
+ krb5_auth_con_removeflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_DO_TIME,
+ &auth_flags);
+
+ kret = krb5_rd_rep(context, ctx->auth_context, &inbuf, &repl);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ krb5_free_ap_rep_enc_part(context, repl);
+ krb5_auth_con_setflags(context, ctx->auth_context, auth_flags);
+ }
+
+ /* We need to check the liftime */
+ {
+ OM_uint32 lifetime_rec;
+
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ ctx->lifetime,
+ &lifetime_rec);
+ if (ret) {
+ return ret;
+ }
+ if (lifetime_rec == 0) {
+ return GSS_S_CONTEXT_EXPIRED;
+ }
+
+ if (time_rec) *time_rec = lifetime_rec;
+ }
+
+ /* We need to give the caller the flags which are in use */
+ if (ret_flags) *ret_flags = ctx->flags;
+
+ if (src_name) {
+ kret = krb5_copy_principal(context,
+ ctx->source,
+ (gsskrb5_name*)src_name);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ /*
+ * After the krb5_rd_rep() the remote and local seq_number should
+ * be the same, because the client just replies the seq_number
+ * from our AP-REP in its AP-REP, but then the client uses the
+ * seq_number from its AP-REQ for GSS_wrap()
+ */
+ {
+ int32_t tmp_r_seq_number, tmp_l_seq_number;
+
+ kret = krb5_auth_getremoteseqnumber(context,
+ ctx->auth_context,
+ &tmp_r_seq_number);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_auth_con_getlocalseqnumber(context,
+ ctx->auth_context,
+ &tmp_l_seq_number);
+ if (kret) {
+
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ * Here we check if the client has responsed with our local seq_number,
+ */
+ if (tmp_r_seq_number != tmp_l_seq_number) {
+ return GSS_S_UNSEQ_TOKEN;
+ }
+ }
+
+ /*
+ * We need to reset the remote seq_number, because the client will use,
+ * the old one for the GSS_wrap() calls
+ */
+ {
+ kret = krb5_auth_con_setremoteseqnumber(context,
+ ctx->auth_context,
+ r_seq_number);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ return gsskrb5_acceptor_ready(minor_status, ctx, context,
+ delegated_cred_handle);
+}
+
+
+OM_uint32
+_gsskrb5_accept_sec_context(OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t * delegated_cred_handle)
+{
+ krb5_context context;
+ OM_uint32 ret;
+ gsskrb5_ctx ctx;
+
+ GSSAPI_KRB5_INIT(&context);
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (src_name != NULL)
+ *src_name = NULL;
+ if (mech_type)
+ *mech_type = GSS_KRB5_MECHANISM;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ ret = _gsskrb5_create_ctx(minor_status,
+ context_handle,
+ context,
+ input_chan_bindings,
+ ACCEPTOR_START);
+ if (ret)
+ return ret;
+ }
+
+ ctx = (gsskrb5_ctx)*context_handle;
+
+
+ /*
+ * TODO: check the channel_bindings
+ * (above just sets them to krb5 layer)
+ */
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ switch (ctx->state) {
+ case ACCEPTOR_START:
+ ret = gsskrb5_acceptor_start(minor_status,
+ ctx,
+ context,
+ acceptor_cred_handle,
+ input_token_buffer,
+ input_chan_bindings,
+ src_name,
+ mech_type,
+ output_token,
+ ret_flags,
+ time_rec,
+ delegated_cred_handle);
+ break;
+ case ACCEPTOR_WAIT_FOR_DCESTYLE:
+ ret = acceptor_wait_for_dcestyle(minor_status,
+ ctx,
+ context,
+ acceptor_cred_handle,
+ input_token_buffer,
+ input_chan_bindings,
+ src_name,
+ mech_type,
+ output_token,
+ ret_flags,
+ time_rec,
+ delegated_cred_handle);
+ break;
+ case ACCEPTOR_READY:
+ /*
+ * If we get there, the caller have called
+ * gss_accept_sec_context() one time too many.
+ */
+ ret = GSS_S_BAD_STATUS;
+ break;
+ default:
+ /* TODO: is this correct here? --metze */
+ ret = GSS_S_BAD_STATUS;
+ break;
+ }
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ if (GSS_ERROR(ret)) {
+ OM_uint32 min2;
+ _gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);
+ }
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/acquire_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/acquire_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/acquire_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,398 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: acquire_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+__gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
+ krb5_context context,
+ krb5_ccache id,
+ krb5_principal principal,
+ OM_uint32 *lifetime)
+{
+ krb5_creds in_cred, *out_cred;
+ krb5_const_realm realm;
+ krb5_error_code kret;
+
+ memset(&in_cred, 0, sizeof(in_cred));
+ in_cred.client = principal;
+
+ realm = krb5_principal_get_realm(context, principal);
+ if (realm == NULL) {
+ _gsskrb5_clear_status ();
+ *minor_status = KRB5_PRINC_NOMATCH; /* XXX */
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_make_principal(context, &in_cred.server,
+ realm, KRB5_TGS_NAME, realm, NULL);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_get_credentials(context, 0,
+ id, &in_cred, &out_cred);
+ krb5_free_principal(context, in_cred.server);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ *lifetime = out_cred->times.endtime;
+ krb5_free_creds(context, out_cred);
+
+ return GSS_S_COMPLETE;
+}
+
+
+
+
+static krb5_error_code
+get_keytab(krb5_context context, krb5_keytab *keytab)
+{
+ char kt_name[256];
+ krb5_error_code kret;
+
+ HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
+
+ if (_gsskrb5_keytab != NULL) {
+ kret = krb5_kt_get_name(context,
+ _gsskrb5_keytab,
+ kt_name, sizeof(kt_name));
+ if (kret == 0)
+ kret = krb5_kt_resolve(context, kt_name, keytab);
+ } else
+ kret = krb5_kt_default(context, keytab);
+
+ HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
+
+ return (kret);
+}
+
+static OM_uint32 acquire_initiator_cred
+ (OM_uint32 * minor_status,
+ krb5_context context,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gsskrb5_cred handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec
+ )
+{
+ OM_uint32 ret;
+ krb5_creds cred;
+ krb5_principal def_princ;
+ krb5_get_init_creds_opt *opt;
+ krb5_ccache ccache;
+ krb5_keytab keytab;
+ krb5_error_code kret;
+
+ keytab = NULL;
+ ccache = NULL;
+ def_princ = NULL;
+ ret = GSS_S_FAILURE;
+ memset(&cred, 0, sizeof(cred));
+
+ /* If we have a preferred principal, lets try to find it in all
+ * caches, otherwise, fall back to default cache. Ignore
+ * errors. */
+ if (handle->principal)
+ kret = krb5_cc_cache_match (context,
+ handle->principal,
+ NULL,
+ &ccache);
+
+ if (ccache == NULL) {
+ kret = krb5_cc_default(context, &ccache);
+ if (kret)
+ goto end;
+ }
+ kret = krb5_cc_get_principal(context, ccache,
+ &def_princ);
+ if (kret != 0) {
+ /* we'll try to use a keytab below */
+ krb5_cc_destroy(context, ccache);
+ ccache = NULL;
+ kret = 0;
+ } else if (handle->principal == NULL) {
+ kret = krb5_copy_principal(context, def_princ,
+ &handle->principal);
+ if (kret)
+ goto end;
+ } else if (handle->principal != NULL &&
+ krb5_principal_compare(context, handle->principal,
+ def_princ) == FALSE) {
+ /* Before failing, lets check the keytab */
+ krb5_free_principal(context, def_princ);
+ def_princ = NULL;
+ }
+ if (def_princ == NULL) {
+ /* We have no existing credentials cache,
+ * so attempt to get a TGT using a keytab.
+ */
+ if (handle->principal == NULL) {
+ kret = krb5_get_default_principal(context,
+ &handle->principal);
+ if (kret)
+ goto end;
+ }
+ kret = get_keytab(context, &keytab);
+ if (kret)
+ goto end;
+ kret = krb5_get_init_creds_opt_alloc(context, &opt);
+ if (kret)
+ goto end;
+ kret = krb5_get_init_creds_keytab(context, &cred,
+ handle->principal, keytab, 0, NULL, opt);
+ krb5_get_init_creds_opt_free(context, opt);
+ if (kret)
+ goto end;
+ kret = krb5_cc_gen_new(context, &krb5_mcc_ops,
+ &ccache);
+ if (kret)
+ goto end;
+ kret = krb5_cc_initialize(context, ccache, cred.client);
+ if (kret)
+ goto end;
+ kret = krb5_cc_store_cred(context, ccache, &cred);
+ if (kret)
+ goto end;
+ handle->lifetime = cred.times.endtime;
+ handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
+ } else {
+
+ ret = __gsskrb5_ccache_lifetime(minor_status,
+ context,
+ ccache,
+ handle->principal,
+ &handle->lifetime);
+ if (ret != GSS_S_COMPLETE)
+ goto end;
+ kret = 0;
+ }
+
+ handle->ccache = ccache;
+ ret = GSS_S_COMPLETE;
+
+end:
+ if (cred.client != NULL)
+ krb5_free_cred_contents(context, &cred);
+ if (def_princ != NULL)
+ krb5_free_principal(context, def_princ);
+ if (keytab != NULL)
+ krb5_kt_close(context, keytab);
+ if (ret != GSS_S_COMPLETE) {
+ if (ccache != NULL)
+ krb5_cc_close(context, ccache);
+ if (kret != 0) {
+ *minor_status = kret;
+ }
+ }
+ return (ret);
+}
+
+static OM_uint32 acquire_acceptor_cred
+ (OM_uint32 * minor_status,
+ krb5_context context,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gsskrb5_cred handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec
+ )
+{
+ OM_uint32 ret;
+ krb5_error_code kret;
+
+ kret = 0;
+ ret = GSS_S_FAILURE;
+ kret = get_keytab(context, &handle->keytab);
+ if (kret)
+ goto end;
+
+ /* check that the requested principal exists in the keytab */
+ if (handle->principal) {
+ krb5_keytab_entry entry;
+
+ kret = krb5_kt_get_entry(context, handle->keytab,
+ handle->principal, 0, 0, &entry);
+ if (kret)
+ goto end;
+ krb5_kt_free_entry(context, &entry);
+ ret = GSS_S_COMPLETE;
+ } else {
+ /*
+ * Check if there is at least one entry in the keytab before
+ * declaring it as an useful keytab.
+ */
+ krb5_keytab_entry tmp;
+ krb5_kt_cursor c;
+
+ kret = krb5_kt_start_seq_get (context, handle->keytab, &c);
+ if (kret)
+ goto end;
+ if (krb5_kt_next_entry(context, handle->keytab, &tmp, &c) == 0) {
+ krb5_kt_free_entry(context, &tmp);
+ ret = GSS_S_COMPLETE; /* ok found one entry */
+ }
+ krb5_kt_end_seq_get (context, handle->keytab, &c);
+ }
+end:
+ if (ret != GSS_S_COMPLETE) {
+ if (handle->keytab != NULL)
+ krb5_kt_close(context, handle->keytab);
+ if (kret != 0) {
+ *minor_status = kret;
+ }
+ }
+ return (ret);
+}
+
+OM_uint32 _gsskrb5_acquire_cred
+(OM_uint32 * minor_status,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec
+ )
+{
+ krb5_context context;
+ gsskrb5_cred handle;
+ OM_uint32 ret;
+
+ if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
+ *minor_status = GSS_KRB5_S_G_BAD_USAGE;
+ return GSS_S_FAILURE;
+ }
+
+ GSSAPI_KRB5_INIT(&context);
+
+ *output_cred_handle = NULL;
+ if (time_rec)
+ *time_rec = 0;
+ if (actual_mechs)
+ *actual_mechs = GSS_C_NO_OID_SET;
+
+ if (desired_mechs) {
+ int present = 0;
+
+ ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ desired_mechs, &present);
+ if (ret)
+ return ret;
+ if (!present) {
+ *minor_status = 0;
+ return GSS_S_BAD_MECH;
+ }
+ }
+
+ handle = calloc(1, sizeof(*handle));
+ if (handle == NULL) {
+ *minor_status = ENOMEM;
+ return (GSS_S_FAILURE);
+ }
+
+ HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
+
+ if (desired_name != GSS_C_NO_NAME) {
+ krb5_principal name = (krb5_principal)desired_name;
+ ret = krb5_copy_principal(context, name, &handle->principal);
+ if (ret) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ *minor_status = ret;
+ free(handle);
+ return GSS_S_FAILURE;
+ }
+ }
+ if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
+ ret = acquire_initiator_cred(minor_status, context,
+ desired_name, time_req,
+ desired_mechs, cred_usage, handle,
+ actual_mechs, time_rec);
+ if (ret != GSS_S_COMPLETE) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return (ret);
+ }
+ }
+ if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
+ ret = acquire_acceptor_cred(minor_status, context,
+ desired_name, time_req,
+ desired_mechs, cred_usage, handle, actual_mechs, time_rec);
+ if (ret != GSS_S_COMPLETE) {
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return (ret);
+ }
+ }
+ ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
+ if (ret == GSS_S_COMPLETE)
+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ &handle->mechanisms);
+ if (ret == GSS_S_COMPLETE)
+ ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle,
+ NULL, time_rec, NULL, actual_mechs);
+ if (ret != GSS_S_COMPLETE) {
+ if (handle->mechanisms != NULL)
+ gss_release_oid_set(NULL, &handle->mechanisms);
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return (ret);
+ }
+ *minor_status = 0;
+ if (time_rec) {
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ handle->lifetime,
+ time_rec);
+
+ if (ret)
+ return ret;
+ }
+ handle->usage = cred_usage;
+ *output_cred_handle = (gss_cred_id_t)handle;
+ return (GSS_S_COMPLETE);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/add_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/add_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/add_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: add_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_add_cred (
+ OM_uint32 *minor_status,
+ const gss_cred_id_t input_cred_handle,
+ const gss_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *initiator_time_rec,
+ OM_uint32 *acceptor_time_rec)
+{
+ krb5_context context;
+ OM_uint32 ret, lifetime;
+ gsskrb5_cred cred, handle;
+ krb5_const_principal dname;
+
+ handle = NULL;
+ cred = (gsskrb5_cred)input_cred_handle;
+ dname = (krb5_const_principal)desired_name;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_MECH;
+ }
+
+ if (cred == NULL && output_cred_handle == NULL) {
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+
+ if (cred == NULL) { /* XXX standard conformance failure */
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+
+ /* check if requested output usage is compatible with output usage */
+ if (output_cred_handle != NULL) {
+ HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
+ if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = GSS_KRB5_S_G_BAD_USAGE;
+ return(GSS_S_FAILURE);
+ }
+ }
+
+ /* check that we have the same name */
+ if (dname != NULL &&
+ krb5_principal_compare(context, dname,
+ cred->principal) != FALSE) {
+ if (output_cred_handle)
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = 0;
+ return GSS_S_BAD_NAME;
+ }
+
+ /* make a copy */
+ if (output_cred_handle) {
+ krb5_error_code kret;
+
+ handle = calloc(1, sizeof(*handle));
+ if (handle == NULL) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = ENOMEM;
+ return (GSS_S_FAILURE);
+ }
+
+ handle->usage = cred_usage;
+ handle->lifetime = cred->lifetime;
+ handle->principal = NULL;
+ handle->keytab = NULL;
+ handle->ccache = NULL;
+ handle->mechanisms = NULL;
+ HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
+
+ ret = GSS_S_FAILURE;
+
+ kret = krb5_copy_principal(context, cred->principal,
+ &handle->principal);
+ if (kret) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ free(handle);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (cred->keytab) {
+ char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
+ int len;
+
+ ret = GSS_S_FAILURE;
+
+ kret = krb5_kt_get_type(context, cred->keytab,
+ name, KRB5_KT_PREFIX_MAX_LEN);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ len = strlen(name);
+ name[len++] = ':';
+
+ kret = krb5_kt_get_name(context, cred->keytab,
+ name + len,
+ sizeof(name) - len);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ kret = krb5_kt_resolve(context, name,
+ &handle->keytab);
+ if (kret){
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+
+ if (cred->ccache) {
+ const char *type, *name;
+ char *type_name;
+
+ ret = GSS_S_FAILURE;
+
+ type = krb5_cc_get_type(context, cred->ccache);
+ if (type == NULL){
+ *minor_status = ENOMEM;
+ goto failure;
+ }
+
+ if (strcmp(type, "MEMORY") == 0) {
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops,
+ &handle->ccache);
+ if (ret) {
+ *minor_status = ret;
+ goto failure;
+ }
+
+ ret = krb5_cc_copy_cache(context, cred->ccache,
+ handle->ccache);
+ if (ret) {
+ *minor_status = ret;
+ goto failure;
+ }
+
+ } else {
+ name = krb5_cc_get_name(context, cred->ccache);
+ if (name == NULL) {
+ *minor_status = ENOMEM;
+ goto failure;
+ }
+
+ asprintf(&type_name, "%s:%s", type, name);
+ if (type_name == NULL) {
+ *minor_status = ENOMEM;
+ goto failure;
+ }
+
+ kret = krb5_cc_resolve(context, type_name,
+ &handle->ccache);
+ free(type_name);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+ }
+ ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
+ if (ret)
+ goto failure;
+
+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ &handle->mechanisms);
+ if (ret)
+ goto failure;
+ }
+
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+
+ ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred,
+ NULL, &lifetime, NULL, actual_mechs);
+ if (ret)
+ goto failure;
+
+ if (initiator_time_rec)
+ *initiator_time_rec = lifetime;
+ if (acceptor_time_rec)
+ *acceptor_time_rec = lifetime;
+
+ if (output_cred_handle) {
+ *output_cred_handle = (gss_cred_id_t)handle;
+ }
+
+ *minor_status = 0;
+ return ret;
+
+ failure:
+
+ if (handle) {
+ if (handle->principal)
+ krb5_free_principal(context, handle->principal);
+ if (handle->keytab)
+ krb5_kt_close(context, handle->keytab);
+ if (handle->ccache)
+ krb5_cc_destroy(context, handle->ccache);
+ if (handle->mechanisms)
+ gss_release_oid_set(NULL, &handle->mechanisms);
+ free(handle);
+ }
+ if (output_cred_handle)
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/address_to_krb5addr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/address_to_krb5addr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/address_to_krb5addr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+#include <roken.h>
+
+krb5_error_code
+_gsskrb5i_address_to_krb5addr(krb5_context context,
+ OM_uint32 gss_addr_type,
+ gss_buffer_desc *gss_addr,
+ int16_t port,
+ krb5_address *address)
+{
+ int addr_type;
+ struct sockaddr sa;
+ krb5_socklen_t sa_size = sizeof(sa);
+ krb5_error_code problem;
+
+ if (gss_addr == NULL)
+ return GSS_S_FAILURE;
+
+ switch (gss_addr_type) {
+#ifdef HAVE_IPV6
+ case GSS_C_AF_INET6: addr_type = AF_INET6;
+ break;
+#endif /* HAVE_IPV6 */
+
+ case GSS_C_AF_INET: addr_type = AF_INET;
+ break;
+ default:
+ return GSS_S_FAILURE;
+ }
+
+ problem = krb5_h_addr2sockaddr (context,
+ addr_type,
+ gss_addr->value,
+ &sa,
+ &sa_size,
+ port);
+ if (problem)
+ return GSS_S_FAILURE;
+
+ problem = krb5_sockaddr2address (context, &sa, address);
+
+ return problem;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/arcfour.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/arcfour.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/arcfour.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,760 @@
+/*
+ * Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: arcfour.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
+ *
+ * The arcfour message have the following formats:
+ *
+ * MIC token
+ * TOK_ID[2] = 01 01
+ * SGN_ALG[2] = 11 00
+ * Filler[4]
+ * SND_SEQ[8]
+ * SGN_CKSUM[8]
+ *
+ * WRAP token
+ * TOK_ID[2] = 02 01
+ * SGN_ALG[2];
+ * SEAL_ALG[2]
+ * Filler[2]
+ * SND_SEQ[2]
+ * SGN_CKSUM[8]
+ * Confounder[8]
+ */
+
+/*
+ * WRAP in DCE-style have a fixed size header, the oid and length over
+ * the WRAP header is a total of
+ * GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE +
+ * GSS_ARCFOUR_WRAP_TOKEN_SIZE byte (ie total of 45 bytes overhead,
+ * remember the 2 bytes from APPL [0] SEQ).
+ */
+
+#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
+#define GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE 13
+
+
+static krb5_error_code
+arcfour_mic_key(krb5_context context, krb5_keyblock *key,
+ void *cksum_data, size_t cksum_size,
+ void *key6_data, size_t key6_size)
+{
+ krb5_error_code ret;
+
+ Checksum cksum_k5;
+ krb5_keyblock key5;
+ char k5_data[16];
+
+ Checksum cksum_k6;
+
+ char T[4];
+
+ memset(T, 0, 4);
+ cksum_k5.checksum.data = k5_data;
+ cksum_k5.checksum.length = sizeof(k5_data);
+
+ if (key->keytype == KEYTYPE_ARCFOUR_56) {
+ char L40[14] = "fortybits";
+
+ memcpy(L40 + 10, T, sizeof(T));
+ ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
+ L40, 14, 0, key, &cksum_k5);
+ memset(&k5_data[7], 0xAB, 9);
+ } else {
+ ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
+ T, 4, 0, key, &cksum_k5);
+ }
+ if (ret)
+ return ret;
+
+ key5.keytype = KEYTYPE_ARCFOUR;
+ key5.keyvalue = cksum_k5.checksum;
+
+ cksum_k6.checksum.data = key6_data;
+ cksum_k6.checksum.length = key6_size;
+
+ return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
+ cksum_data, cksum_size, 0, &key5, &cksum_k6);
+}
+
+
+static krb5_error_code
+arcfour_mic_cksum(krb5_context context,
+ krb5_keyblock *key, unsigned usage,
+ u_char *sgn_cksum, size_t sgn_cksum_sz,
+ const u_char *v1, size_t l1,
+ const void *v2, size_t l2,
+ const void *v3, size_t l3)
+{
+ Checksum CKSUM;
+ u_char *ptr;
+ size_t len;
+ krb5_crypto crypto;
+ krb5_error_code ret;
+
+ assert(sgn_cksum_sz == 8);
+
+ len = l1 + l2 + l3;
+
+ ptr = malloc(len);
+ if (ptr == NULL)
+ return ENOMEM;
+
+ memcpy(ptr, v1, l1);
+ memcpy(ptr + l1, v2, l2);
+ memcpy(ptr + l1 + l2, v3, l3);
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free(ptr);
+ return ret;
+ }
+
+ ret = krb5_create_checksum(context,
+ crypto,
+ usage,
+ 0,
+ ptr, len,
+ &CKSUM);
+ free(ptr);
+ if (ret == 0) {
+ memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
+ free_Checksum(&CKSUM);
+ }
+ krb5_crypto_destroy(context, crypto);
+
+ return ret;
+}
+
+
+OM_uint32
+_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ int32_t seq_number;
+ size_t len, total_len;
+ u_char k6_data[16], *p0, *p;
+ RC4_KEY rc4_key;
+
+ _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ message_token->length = total_len;
+ message_token->value = malloc (total_len);
+ if (message_token->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p0 = _gssapi_make_mech_header(message_token->value,
+ len,
+ GSS_KRB5_MECHANISM);
+ p = p0;
+
+ *p++ = 0x01; /* TOK_ID */
+ *p++ = 0x01;
+ *p++ = 0x11; /* SGN_ALG */
+ *p++ = 0x00;
+ *p++ = 0xff; /* Filler */
+ *p++ = 0xff;
+ *p++ = 0xff;
+ *p++ = 0xff;
+
+ p = NULL;
+
+ ret = arcfour_mic_cksum(context,
+ key, KRB5_KU_USAGE_SIGN,
+ p0 + 16, 8, /* SGN_CKSUM */
+ p0, 8, /* TOK_ID, SGN_ALG, Filer */
+ message_buffer->value, message_buffer->length,
+ NULL, 0);
+ if (ret) {
+ _gsskrb5_release_buffer(minor_status, message_token);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = arcfour_mic_key(context, key,
+ p0 + 16, 8, /* SGN_CKSUM */
+ k6_data, sizeof(k6_data));
+ if (ret) {
+ _gsskrb5_release_buffer(minor_status, message_token);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ krb5_auth_con_getlocalseqnumber (context,
+ context_handle->auth_context,
+ &seq_number);
+ p = p0 + 8; /* SND_SEQ */
+ _gsskrb5_encode_be_om_uint32(seq_number, p);
+
+ krb5_auth_con_setlocalseqnumber (context,
+ context_handle->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
+
+ RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+ RC4 (&rc4_key, 8, p, p);
+
+ memset(&rc4_key, 0, sizeof(rc4_key));
+ memset(k6_data, 0, sizeof(k6_data));
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+
+OM_uint32
+_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state,
+ krb5_keyblock *key,
+ char *type)
+{
+ krb5_error_code ret;
+ uint32_t seq_number;
+ OM_uint32 omret;
+ u_char SND_SEQ[8], cksum_data[8], *p;
+ char k6_data[16];
+ int cmp;
+
+ if (qop_state)
+ *qop_state = 0;
+
+ p = token_buffer->value;
+ omret = _gsskrb5_verify_header (&p,
+ token_buffer->length,
+ (u_char *)type,
+ GSS_KRB5_MECHANISM);
+ if (omret)
+ return omret;
+
+ if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
+ return GSS_S_BAD_MIC;
+ p += 4;
+
+ ret = arcfour_mic_cksum(context,
+ key, KRB5_KU_USAGE_SIGN,
+ cksum_data, sizeof(cksum_data),
+ p - 8, 8,
+ message_buffer->value, message_buffer->length,
+ NULL, 0);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = arcfour_mic_key(context, key,
+ cksum_data, sizeof(cksum_data),
+ k6_data, sizeof(k6_data));
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ cmp = memcmp(cksum_data, p + 8, 8);
+ if (cmp) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ {
+ RC4_KEY rc4_key;
+
+ RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data);
+ RC4 (&rc4_key, 8, p, SND_SEQ);
+
+ memset(&rc4_key, 0, sizeof(rc4_key));
+ memset(k6_data, 0, sizeof(k6_data));
+ }
+
+ _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+ cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
+ else
+ cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
+
+ memset(SND_SEQ, 0, sizeof(SND_SEQ));
+ if (cmp != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ omret = _gssapi_msg_order_check(context_handle->order, seq_number);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ if (omret)
+ return omret;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gssapi_wrap_arcfour(OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer,
+ krb5_keyblock *key)
+{
+ u_char Klocaldata[16], k6_data[16], *p, *p0;
+ size_t len, total_len, datalen;
+ krb5_keyblock Klocal;
+ krb5_error_code ret;
+ int32_t seq_number;
+
+ if (conf_state)
+ *conf_state = 0;
+
+ datalen = input_message_buffer->length;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+ total_len += datalen;
+ } else {
+ datalen += 1; /* padding */
+ len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+ }
+
+ output_message_buffer->length = total_len;
+ output_message_buffer->value = malloc (total_len);
+ if (output_message_buffer->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p0 = _gssapi_make_mech_header(output_message_buffer->value,
+ len,
+ GSS_KRB5_MECHANISM);
+ p = p0;
+
+ *p++ = 0x02; /* TOK_ID */
+ *p++ = 0x01;
+ *p++ = 0x11; /* SGN_ALG */
+ *p++ = 0x00;
+ if (conf_req_flag) {
+ *p++ = 0x10; /* SEAL_ALG */
+ *p++ = 0x00;
+ } else {
+ *p++ = 0xff; /* SEAL_ALG */
+ *p++ = 0xff;
+ }
+ *p++ = 0xff; /* Filler */
+ *p++ = 0xff;
+
+ p = NULL;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ krb5_auth_con_getlocalseqnumber (context,
+ context_handle->auth_context,
+ &seq_number);
+
+ _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8);
+
+ krb5_auth_con_setlocalseqnumber (context,
+ context_handle->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ memset (p0 + 8 + 4,
+ (context_handle->more_flags & LOCAL) ? 0 : 0xff,
+ 4);
+
+ krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
+
+ /* p points to data */
+ p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ memcpy(p, input_message_buffer->value, input_message_buffer->length);
+
+ if (!IS_DCE_STYLE(context_handle))
+ p[input_message_buffer->length] = 1; /* padding */
+
+ ret = arcfour_mic_cksum(context,
+ key, KRB5_KU_USAGE_SEAL,
+ p0 + 16, 8, /* SGN_CKSUM */
+ p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
+ p0 + 24, 8, /* Confounder */
+ p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
+ datalen);
+ if (ret) {
+ *minor_status = ret;
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ return GSS_S_FAILURE;
+ }
+
+ {
+ int i;
+
+ Klocal.keytype = key->keytype;
+ Klocal.keyvalue.data = Klocaldata;
+ Klocal.keyvalue.length = sizeof(Klocaldata);
+
+ for (i = 0; i < 16; i++)
+ Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
+ }
+ ret = arcfour_mic_key(context, &Klocal,
+ p0 + 8, 4, /* SND_SEQ */
+ k6_data, sizeof(k6_data));
+ memset(Klocaldata, 0, sizeof(Klocaldata));
+ if (ret) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+
+ if(conf_req_flag) {
+ RC4_KEY rc4_key;
+
+ RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data);
+ /* XXX ? */
+ RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
+ memset(&rc4_key, 0, sizeof(rc4_key));
+ }
+ memset(k6_data, 0, sizeof(k6_data));
+
+ ret = arcfour_mic_key(context, key,
+ p0 + 16, 8, /* SGN_CKSUM */
+ k6_data, sizeof(k6_data));
+ if (ret) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ {
+ RC4_KEY rc4_key;
+
+ RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+ RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
+ memset(&rc4_key, 0, sizeof(rc4_key));
+ memset(k6_data, 0, sizeof(k6_data));
+ }
+
+ if (conf_state)
+ *conf_state = conf_req_flag;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ krb5_keyblock *key)
+{
+ u_char Klocaldata[16];
+ krb5_keyblock Klocal;
+ krb5_error_code ret;
+ uint32_t seq_number;
+ size_t datalen;
+ OM_uint32 omret;
+ u_char k6_data[16], SND_SEQ[8], Confounder[8];
+ u_char cksum_data[8];
+ u_char *p, *p0;
+ int cmp;
+ int conf_flag;
+ size_t padlen = 0, len;
+
+ if (conf_state)
+ *conf_state = 0;
+ if (qop_state)
+ *qop_state = 0;
+
+ p0 = input_message_buffer->value;
+
+ if (IS_DCE_STYLE(context_handle)) {
+ len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
+ GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
+ if (input_message_buffer->length < len)
+ return GSS_S_BAD_MECH;
+ } else {
+ len = input_message_buffer->length;
+ }
+
+ omret = _gssapi_verify_mech_header(&p0,
+ len,
+ GSS_KRB5_MECHANISM);
+ if (omret)
+ return omret;
+
+ /* length of mech header */
+ len = (p0 - (u_char *)input_message_buffer->value) +
+ GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+
+ if (len > input_message_buffer->length)
+ return GSS_S_BAD_MECH;
+
+ /* length of data */
+ datalen = input_message_buffer->length - len;
+
+ p = p0;
+
+ if (memcmp(p, "\x02\x01", 2) != 0)
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
+ return GSS_S_BAD_SIG;
+ p += 2;
+
+ if (memcmp (p, "\x10\x00", 2) == 0)
+ conf_flag = 1;
+ else if (memcmp (p, "\xff\xff", 2) == 0)
+ conf_flag = 0;
+ else
+ return GSS_S_BAD_SIG;
+
+ p += 2;
+ if (memcmp (p, "\xff\xff", 2) != 0)
+ return GSS_S_BAD_MIC;
+ p = NULL;
+
+ ret = arcfour_mic_key(context, key,
+ p0 + 16, 8, /* SGN_CKSUM */
+ k6_data, sizeof(k6_data));
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ {
+ RC4_KEY rc4_key;
+
+ RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+ RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
+ memset(&rc4_key, 0, sizeof(rc4_key));
+ memset(k6_data, 0, sizeof(k6_data));
+ }
+
+ _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+ cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
+ else
+ cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
+
+ if (cmp != 0) {
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ {
+ int i;
+
+ Klocal.keytype = key->keytype;
+ Klocal.keyvalue.data = Klocaldata;
+ Klocal.keyvalue.length = sizeof(Klocaldata);
+
+ for (i = 0; i < 16; i++)
+ Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
+ }
+ ret = arcfour_mic_key(context, &Klocal,
+ SND_SEQ, 4,
+ k6_data, sizeof(k6_data));
+ memset(Klocaldata, 0, sizeof(Klocaldata));
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ output_message_buffer->value = malloc(datalen);
+ if (output_message_buffer->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ output_message_buffer->length = datalen;
+
+ if(conf_flag) {
+ RC4_KEY rc4_key;
+
+ RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
+ RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
+ RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
+ output_message_buffer->value);
+ memset(&rc4_key, 0, sizeof(rc4_key));
+ } else {
+ memcpy(Confounder, p0 + 24, 8); /* Confounder */
+ memcpy(output_message_buffer->value,
+ p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
+ datalen);
+ }
+ memset(k6_data, 0, sizeof(k6_data));
+
+ if (!IS_DCE_STYLE(context_handle)) {
+ ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
+ if (ret) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = 0;
+ return ret;
+ }
+ output_message_buffer->length -= padlen;
+ }
+
+ ret = arcfour_mic_cksum(context,
+ key, KRB5_KU_USAGE_SEAL,
+ cksum_data, sizeof(cksum_data),
+ p0, 8,
+ Confounder, sizeof(Confounder),
+ output_message_buffer->value,
+ output_message_buffer->length + padlen);
+ if (ret) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
+ if (cmp) {
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ *minor_status = 0;
+ return GSS_S_BAD_MIC;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ omret = _gssapi_msg_order_check(context_handle->order, seq_number);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ if (omret)
+ return omret;
+
+ if (conf_state)
+ *conf_state = conf_flag;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+max_wrap_length_arcfour(const gsskrb5_ctx ctx,
+ krb5_crypto crypto,
+ size_t input_length,
+ OM_uint32 *max_input_size)
+{
+ /*
+ * if GSS_C_DCE_STYLE is in use:
+ * - we only need to encapsulate the WRAP token
+ * However, since this is a fixed since, we just
+ */
+ if (IS_DCE_STYLE(ctx)) {
+ size_t len, total_len;
+
+ len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ if (input_length < len)
+ *max_input_size = 0;
+ else
+ *max_input_size = input_length - len;
+
+ } else {
+ size_t extrasize = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+ size_t blocksize = 8;
+ size_t len, total_len;
+
+ len = 8 + input_length + blocksize + extrasize;
+
+ _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ total_len -= input_length; /* token length */
+ if (total_len < input_length) {
+ *max_input_size = (input_length - total_len);
+ (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
+ } else {
+ *max_input_size = 0;
+ }
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gssapi_wrap_size_arcfour(OM_uint32 *minor_status,
+ const gsskrb5_ctx ctx,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = max_wrap_length_arcfour(ctx, crypto,
+ req_output_size, max_input_size);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/canonicalize_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/canonicalize_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/canonicalize_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: canonicalize_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_canonicalize_name (
+ OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ const gss_OID mech_type,
+ gss_name_t * output_name
+ )
+{
+ return _gsskrb5_duplicate_name (minor_status, input_name, output_name);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/ccache_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/ccache_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/ccache_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: ccache_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+char *last_out_name;
+
+OM_uint32
+_gsskrb5_krb5_ccache_name(OM_uint32 *minor_status,
+ const char *name,
+ const char **out_name)
+{
+ krb5_context context;
+ krb5_error_code kret;
+
+ *minor_status = 0;
+
+ GSSAPI_KRB5_INIT(&context);
+
+ if (out_name) {
+ const char *n;
+
+ if (last_out_name) {
+ free(last_out_name);
+ last_out_name = NULL;
+ }
+
+ n = krb5_cc_default_name(context);
+ if (n == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ last_out_name = strdup(n);
+ if (last_out_name == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ *out_name = last_out_name;
+ }
+
+ kret = krb5_cc_set_default_name(context, name);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,878 @@
+/*
+ * Copyright (c) 2003, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: cfx.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt
+ */
+
+#define CFXSentByAcceptor (1 << 0)
+#define CFXSealed (1 << 1)
+#define CFXAcceptorSubkey (1 << 2)
+
+krb5_error_code
+_gsskrb5cfx_wrap_length_cfx(krb5_context context,
+ krb5_crypto crypto,
+ int conf_req_flag,
+ size_t input_length,
+ size_t *output_length,
+ size_t *cksumsize,
+ uint16_t *padlength)
+{
+ krb5_error_code ret;
+ krb5_cksumtype type;
+
+ /* 16-byte header is always first */
+ *output_length = sizeof(gss_cfx_wrap_token_desc);
+ *padlength = 0;
+
+ ret = krb5_crypto_get_checksum_type(context, crypto, &type);
+ if (ret)
+ return ret;
+
+ ret = krb5_checksumsize(context, type, cksumsize);
+ if (ret)
+ return ret;
+
+ if (conf_req_flag) {
+ size_t padsize;
+
+ /* Header is concatenated with data before encryption */
+ input_length += sizeof(gss_cfx_wrap_token_desc);
+
+ ret = krb5_crypto_getpadsize(context, crypto, &padsize);
+ if (ret) {
+ return ret;
+ }
+ if (padsize > 1) {
+ /* XXX check this */
+ *padlength = padsize - (input_length % padsize);
+
+ /* We add the pad ourselves (noted here for completeness only) */
+ input_length += *padlength;
+ }
+
+ *output_length += krb5_get_wrapped_length(context,
+ crypto, input_length);
+ } else {
+ /* Checksum is concatenated with data */
+ *output_length += input_length + *cksumsize;
+ }
+
+ assert(*output_length > input_length);
+
+ return 0;
+}
+
+krb5_error_code
+_gsskrb5cfx_max_wrap_length_cfx(krb5_context context,
+ krb5_crypto crypto,
+ int conf_req_flag,
+ size_t input_length,
+ OM_uint32 *output_length)
+{
+ krb5_error_code ret;
+
+ *output_length = 0;
+
+ /* 16-byte header is always first */
+ if (input_length < 16)
+ return 0;
+ input_length -= 16;
+
+ if (conf_req_flag) {
+ size_t wrapped_size, sz;
+
+ wrapped_size = input_length + 1;
+ do {
+ wrapped_size--;
+ sz = krb5_get_wrapped_length(context,
+ crypto, wrapped_size);
+ } while (wrapped_size && sz > input_length);
+ if (wrapped_size == 0) {
+ *output_length = 0;
+ return 0;
+ }
+
+ /* inner header */
+ if (wrapped_size < 16) {
+ *output_length = 0;
+ return 0;
+ }
+ wrapped_size -= 16;
+
+ *output_length = wrapped_size;
+ } else {
+ krb5_cksumtype type;
+ size_t cksumsize;
+
+ ret = krb5_crypto_get_checksum_type(context, crypto, &type);
+ if (ret)
+ return ret;
+
+ ret = krb5_checksumsize(context, type, &cksumsize);
+ if (ret)
+ return ret;
+
+ if (input_length < cksumsize)
+ return 0;
+
+ /* Checksum is concatenated with data */
+ *output_length = input_length - cksumsize;
+ }
+
+ return 0;
+}
+
+
+OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = _gsskrb5cfx_max_wrap_length_cfx(context, crypto, conf_req_flag,
+ req_output_size, max_input_size);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * Rotate "rrc" bytes to the front or back
+ */
+
+static krb5_error_code
+rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate)
+{
+ u_char *tmp, buf[256];
+ size_t left;
+
+ if (len == 0)
+ return 0;
+
+ rrc %= len;
+
+ if (rrc == 0)
+ return 0;
+
+ left = len - rrc;
+
+ if (rrc <= sizeof(buf)) {
+ tmp = buf;
+ } else {
+ tmp = malloc(rrc);
+ if (tmp == NULL)
+ return ENOMEM;
+ }
+
+ if (unrotate) {
+ memcpy(tmp, data, rrc);
+ memmove(data, (u_char *)data + rrc, left);
+ memcpy((u_char *)data + left, tmp, rrc);
+ } else {
+ memcpy(tmp, (u_char *)data + left, rrc);
+ memmove((u_char *)data + rrc, data, left);
+ memcpy(data, tmp, rrc);
+ }
+
+ if (rrc > sizeof(buf))
+ free(tmp);
+
+ return 0;
+}
+
+OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer,
+ krb5_keyblock *key)
+{
+ krb5_crypto crypto;
+ gss_cfx_wrap_token token;
+ krb5_error_code ret;
+ unsigned usage;
+ krb5_data cipher;
+ size_t wrapped_len, cksumsize;
+ uint16_t padlength, rrc = 0;
+ int32_t seq_number;
+ u_char *p;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = _gsskrb5cfx_wrap_length_cfx(context,
+ crypto, conf_req_flag,
+ input_message_buffer->length,
+ &wrapped_len, &cksumsize, &padlength);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ /* Always rotate encrypted token (if any) and checksum to header */
+ rrc = (conf_req_flag ? sizeof(*token) : 0) + (uint16_t)cksumsize;
+
+ output_message_buffer->length = wrapped_len;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if (output_message_buffer->value == NULL) {
+ *minor_status = ENOMEM;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ p = output_message_buffer->value;
+ token = (gss_cfx_wrap_token)p;
+ token->TOK_ID[0] = 0x05;
+ token->TOK_ID[1] = 0x04;
+ token->Flags = 0;
+ token->Filler = 0xFF;
+ if ((context_handle->more_flags & LOCAL) == 0)
+ token->Flags |= CFXSentByAcceptor;
+ if (context_handle->more_flags & ACCEPTOR_SUBKEY)
+ token->Flags |= CFXAcceptorSubkey;
+ if (conf_req_flag) {
+ /*
+ * In Wrap tokens with confidentiality, the EC field is
+ * used to encode the size (in bytes) of the random filler.
+ */
+ token->Flags |= CFXSealed;
+ token->EC[0] = (padlength >> 8) & 0xFF;
+ token->EC[1] = (padlength >> 0) & 0xFF;
+ } else {
+ /*
+ * In Wrap tokens without confidentiality, the EC field is
+ * used to encode the size (in bytes) of the trailing
+ * checksum.
+ *
+ * This is not used in the checksum calcuation itself,
+ * because the checksum length could potentially vary
+ * depending on the data length.
+ */
+ token->EC[0] = 0;
+ token->EC[1] = 0;
+ }
+
+ /*
+ * In Wrap tokens that provide for confidentiality, the RRC
+ * field in the header contains the hex value 00 00 before
+ * encryption.
+ *
+ * In Wrap tokens that do not provide for confidentiality,
+ * both the EC and RRC fields in the appended checksum
+ * contain the hex value 00 00 for the purpose of calculating
+ * the checksum.
+ */
+ token->RRC[0] = 0;
+ token->RRC[1] = 0;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ krb5_auth_con_getlocalseqnumber(context,
+ context_handle->auth_context,
+ &seq_number);
+ _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
+ _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
+ krb5_auth_con_setlocalseqnumber(context,
+ context_handle->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ /*
+ * If confidentiality is requested, the token header is
+ * appended to the plaintext before encryption; the resulting
+ * token is {"header" | encrypt(plaintext | pad | "header")}.
+ *
+ * If no confidentiality is requested, the checksum is
+ * calculated over the plaintext concatenated with the
+ * token header.
+ */
+ if (context_handle->more_flags & LOCAL) {
+ usage = KRB5_KU_USAGE_INITIATOR_SEAL;
+ } else {
+ usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
+ }
+
+ if (conf_req_flag) {
+ /*
+ * Any necessary padding is added here to ensure that the
+ * encrypted token header is always at the end of the
+ * ciphertext.
+ *
+ * The specification does not require that the padding
+ * bytes are initialized.
+ */
+ p += sizeof(*token);
+ memcpy(p, input_message_buffer->value, input_message_buffer->length);
+ memset(p + input_message_buffer->length, 0xFF, padlength);
+ memcpy(p + input_message_buffer->length + padlength,
+ token, sizeof(*token));
+
+ ret = krb5_encrypt(context, crypto,
+ usage, p,
+ input_message_buffer->length + padlength +
+ sizeof(*token),
+ &cipher);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ return GSS_S_FAILURE;
+ }
+ assert(sizeof(*token) + cipher.length == wrapped_len);
+ token->RRC[0] = (rrc >> 8) & 0xFF;
+ token->RRC[1] = (rrc >> 0) & 0xFF;
+
+ ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ return GSS_S_FAILURE;
+ }
+ memcpy(p, cipher.data, cipher.length);
+ krb5_data_free(&cipher);
+ } else {
+ char *buf;
+ Checksum cksum;
+
+ buf = malloc(input_message_buffer->length + sizeof(*token));
+ if (buf == NULL) {
+ *minor_status = ENOMEM;
+ krb5_crypto_destroy(context, crypto);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ return GSS_S_FAILURE;
+ }
+ memcpy(buf, input_message_buffer->value, input_message_buffer->length);
+ memcpy(buf + input_message_buffer->length, token, sizeof(*token));
+
+ ret = krb5_create_checksum(context, crypto,
+ usage, 0, buf,
+ input_message_buffer->length +
+ sizeof(*token),
+ &cksum);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ free(buf);
+ return GSS_S_FAILURE;
+ }
+
+ free(buf);
+
+ assert(cksum.checksum.length == cksumsize);
+ token->EC[0] = (cksum.checksum.length >> 8) & 0xFF;
+ token->EC[1] = (cksum.checksum.length >> 0) & 0xFF;
+ token->RRC[0] = (rrc >> 8) & 0xFF;
+ token->RRC[1] = (rrc >> 0) & 0xFF;
+
+ p += sizeof(*token);
+ memcpy(p, input_message_buffer->value, input_message_buffer->length);
+ memcpy(p + input_message_buffer->length,
+ cksum.checksum.data, cksum.checksum.length);
+
+ ret = rrc_rotate(p,
+ input_message_buffer->length + cksum.checksum.length, rrc, FALSE);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ free_Checksum(&cksum);
+ return GSS_S_FAILURE;
+ }
+ free_Checksum(&cksum);
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ if (conf_state != NULL) {
+ *conf_state = conf_req_flag;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ krb5_keyblock *key)
+{
+ krb5_crypto crypto;
+ gss_cfx_wrap_token token;
+ u_char token_flags;
+ krb5_error_code ret;
+ unsigned usage;
+ krb5_data data;
+ uint16_t ec, rrc;
+ OM_uint32 seq_number_lo, seq_number_hi;
+ size_t len;
+ u_char *p;
+
+ *minor_status = 0;
+
+ if (input_message_buffer->length < sizeof(*token)) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ p = input_message_buffer->value;
+
+ token = (gss_cfx_wrap_token)p;
+
+ if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ /* Ignore unknown flags */
+ token_flags = token->Flags &
+ (CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey);
+
+ if (token_flags & CFXSentByAcceptor) {
+ if ((context_handle->more_flags & LOCAL) == 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
+ if ((token_flags & CFXAcceptorSubkey) == 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ } else {
+ if (token_flags & CFXAcceptorSubkey)
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ if (token->Filler != 0xFF) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ if (conf_state != NULL) {
+ *conf_state = (token_flags & CFXSealed) ? 1 : 0;
+ }
+
+ ec = (token->EC[0] << 8) | token->EC[1];
+ rrc = (token->RRC[0] << 8) | token->RRC[1];
+
+ /*
+ * Check sequence number
+ */
+ _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
+ _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
+ if (seq_number_hi) {
+ /* no support for 64-bit sequence numbers */
+ *minor_status = ERANGE;
+ return GSS_S_UNSEQ_TOKEN;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo);
+ if (ret != 0) {
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ return ret;
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ /*
+ * Decrypt and/or verify checksum
+ */
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (context_handle->more_flags & LOCAL) {
+ usage = KRB5_KU_USAGE_ACCEPTOR_SEAL;
+ } else {
+ usage = KRB5_KU_USAGE_INITIATOR_SEAL;
+ }
+
+ p += sizeof(*token);
+ len = input_message_buffer->length;
+ len -= (p - (u_char *)input_message_buffer->value);
+
+ /* Rotate by RRC; bogus to do this in-place XXX */
+ *minor_status = rrc_rotate(p, len, rrc, TRUE);
+ if (*minor_status != 0) {
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ if (token_flags & CFXSealed) {
+ ret = krb5_decrypt(context, crypto, usage,
+ p, len, &data);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_BAD_MIC;
+ }
+
+ /* Check that there is room for the pad and token header */
+ if (data.length < ec + sizeof(*token)) {
+ krb5_crypto_destroy(context, crypto);
+ krb5_data_free(&data);
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ p = data.data;
+ p += data.length - sizeof(*token);
+
+ /* RRC is unprotected; don't modify input buffer */
+ ((gss_cfx_wrap_token)p)->RRC[0] = token->RRC[0];
+ ((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1];
+
+ /* Check the integrity of the header */
+ if (memcmp(p, token, sizeof(*token)) != 0) {
+ krb5_crypto_destroy(context, crypto);
+ krb5_data_free(&data);
+ return GSS_S_BAD_MIC;
+ }
+
+ output_message_buffer->value = data.data;
+ output_message_buffer->length = data.length - ec - sizeof(*token);
+ } else {
+ Checksum cksum;
+
+ /* Determine checksum type */
+ ret = krb5_crypto_get_checksum_type(context,
+ crypto, &cksum.cksumtype);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ cksum.checksum.length = ec;
+
+ /* Check we have at least as much data as the checksum */
+ if (len < cksum.checksum.length) {
+ *minor_status = ERANGE;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_BAD_MIC;
+ }
+
+ /* Length now is of the plaintext only, no checksum */
+ len -= cksum.checksum.length;
+ cksum.checksum.data = p + len;
+
+ output_message_buffer->length = len; /* for later */
+ output_message_buffer->value = malloc(len + sizeof(*token));
+ if (output_message_buffer->value == NULL) {
+ *minor_status = ENOMEM;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ /* Checksum is over (plaintext-data | "header") */
+ memcpy(output_message_buffer->value, p, len);
+ memcpy((u_char *)output_message_buffer->value + len,
+ token, sizeof(*token));
+
+ /* EC is not included in checksum calculation */
+ token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value +
+ len);
+ token->EC[0] = 0;
+ token->EC[1] = 0;
+ token->RRC[0] = 0;
+ token->RRC[1] = 0;
+
+ ret = krb5_verify_checksum(context, crypto,
+ usage,
+ output_message_buffer->value,
+ len + sizeof(*token),
+ &cksum);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ _gsskrb5_release_buffer(minor_status, output_message_buffer);
+ return GSS_S_BAD_MIC;
+ }
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ if (qop_state != NULL) {
+ *qop_state = GSS_C_QOP_DEFAULT;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ krb5_keyblock *key)
+{
+ krb5_crypto crypto;
+ gss_cfx_mic_token token;
+ krb5_error_code ret;
+ unsigned usage;
+ Checksum cksum;
+ u_char *buf;
+ size_t len;
+ int32_t seq_number;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ len = message_buffer->length + sizeof(*token);
+ buf = malloc(len);
+ if (buf == NULL) {
+ *minor_status = ENOMEM;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(buf, message_buffer->value, message_buffer->length);
+
+ token = (gss_cfx_mic_token)(buf + message_buffer->length);
+ token->TOK_ID[0] = 0x04;
+ token->TOK_ID[1] = 0x04;
+ token->Flags = 0;
+ if ((context_handle->more_flags & LOCAL) == 0)
+ token->Flags |= CFXSentByAcceptor;
+ if (context_handle->more_flags & ACCEPTOR_SUBKEY)
+ token->Flags |= CFXAcceptorSubkey;
+ memset(token->Filler, 0xFF, 5);
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ krb5_auth_con_getlocalseqnumber(context,
+ context_handle->auth_context,
+ &seq_number);
+ _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]);
+ _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]);
+ krb5_auth_con_setlocalseqnumber(context,
+ context_handle->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ if (context_handle->more_flags & LOCAL) {
+ usage = KRB5_KU_USAGE_INITIATOR_SIGN;
+ } else {
+ usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
+ }
+
+ ret = krb5_create_checksum(context, crypto,
+ usage, 0, buf, len, &cksum);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ free(buf);
+ return GSS_S_FAILURE;
+ }
+ krb5_crypto_destroy(context, crypto);
+
+ /* Determine MIC length */
+ message_token->length = sizeof(*token) + cksum.checksum.length;
+ message_token->value = malloc(message_token->length);
+ if (message_token->value == NULL) {
+ *minor_status = ENOMEM;
+ free_Checksum(&cksum);
+ free(buf);
+ return GSS_S_FAILURE;
+ }
+
+ /* Token is { "header" | get_mic("header" | plaintext-data) } */
+ memcpy(message_token->value, token, sizeof(*token));
+ memcpy((u_char *)message_token->value + sizeof(*token),
+ cksum.checksum.data, cksum.checksum.length);
+
+ free_Checksum(&cksum);
+ free(buf);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t *qop_state,
+ krb5_keyblock *key)
+{
+ krb5_crypto crypto;
+ gss_cfx_mic_token token;
+ u_char token_flags;
+ krb5_error_code ret;
+ unsigned usage;
+ OM_uint32 seq_number_lo, seq_number_hi;
+ u_char *buf, *p;
+ Checksum cksum;
+
+ *minor_status = 0;
+
+ if (token_buffer->length < sizeof(*token)) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ p = token_buffer->value;
+
+ token = (gss_cfx_mic_token)p;
+
+ if (token->TOK_ID[0] != 0x04 || token->TOK_ID[1] != 0x04) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ /* Ignore unknown flags */
+ token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey);
+
+ if (token_flags & CFXSentByAcceptor) {
+ if ((context_handle->more_flags & LOCAL) == 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ if (context_handle->more_flags & ACCEPTOR_SUBKEY) {
+ if ((token_flags & CFXAcceptorSubkey) == 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ } else {
+ if (token_flags & CFXAcceptorSubkey)
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ /*
+ * Check sequence number
+ */
+ _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi);
+ _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo);
+ if (seq_number_hi) {
+ *minor_status = ERANGE;
+ return GSS_S_UNSEQ_TOKEN;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo);
+ if (ret != 0) {
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return ret;
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ /*
+ * Verify checksum
+ */
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_crypto_get_checksum_type(context, crypto,
+ &cksum.cksumtype);
+ if (ret != 0) {
+ *minor_status = ret;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+
+ cksum.checksum.data = p + sizeof(*token);
+ cksum.checksum.length = token_buffer->length - sizeof(*token);
+
+ if (context_handle->more_flags & LOCAL) {
+ usage = KRB5_KU_USAGE_ACCEPTOR_SIGN;
+ } else {
+ usage = KRB5_KU_USAGE_INITIATOR_SIGN;
+ }
+
+ buf = malloc(message_buffer->length + sizeof(*token));
+ if (buf == NULL) {
+ *minor_status = ENOMEM;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+ memcpy(buf, message_buffer->value, message_buffer->length);
+ memcpy(buf + message_buffer->length, token, sizeof(*token));
+
+ ret = krb5_verify_checksum(context, crypto,
+ usage,
+ buf,
+ sizeof(*token) + message_buffer->length,
+ &cksum);
+ krb5_crypto_destroy(context, crypto);
+ if (ret != 0) {
+ *minor_status = ret;
+ free(buf);
+ return GSS_S_BAD_MIC;
+ }
+
+ free(buf);
+
+ if (qop_state != NULL) {
+ *qop_state = GSS_C_QOP_DEFAULT;
+ }
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/cfx.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2003, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: cfx.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef GSSAPI_CFX_H_
+#define GSSAPI_CFX_H_ 1
+
+/*
+ * Implementation of draft-ietf-krb-wg-gssapi-cfx-01.txt
+ */
+
+typedef struct gss_cfx_mic_token_desc_struct {
+ u_char TOK_ID[2]; /* 04 04 */
+ u_char Flags;
+ u_char Filler[5];
+ u_char SND_SEQ[8];
+} gss_cfx_mic_token_desc, *gss_cfx_mic_token;
+
+typedef struct gss_cfx_wrap_token_desc_struct {
+ u_char TOK_ID[2]; /* 04 05 */
+ u_char Flags;
+ u_char Filler;
+ u_char EC[2];
+ u_char RRC[2];
+ u_char SND_SEQ[8];
+} gss_cfx_wrap_token_desc, *gss_cfx_wrap_token;
+
+typedef struct gss_cfx_delete_token_desc_struct {
+ u_char TOK_ID[2]; /* 05 04 */
+ u_char Flags;
+ u_char Filler[5];
+ u_char SND_SEQ[8];
+} gss_cfx_delete_token_desc, *gss_cfx_delete_token;
+
+#endif /* GSSAPI_CFX_H_ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/compare_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/compare_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/compare_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: compare_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_compare_name
+ (OM_uint32 * minor_status,
+ const gss_name_t name1,
+ const gss_name_t name2,
+ int * name_equal
+ )
+{
+ krb5_const_principal princ1 = (krb5_const_principal)name1;
+ krb5_const_principal princ2 = (krb5_const_principal)name2;
+ krb5_context context;
+
+ GSSAPI_KRB5_INIT(&context);
+
+ *name_equal = krb5_principal_compare (context,
+ princ1, princ2);
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/compat.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/compat.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/compat.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: compat.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+
+static krb5_error_code
+check_compat(OM_uint32 *minor_status,
+ krb5_context context, krb5_const_principal name,
+ const char *option, krb5_boolean *compat,
+ krb5_boolean match_val)
+{
+ krb5_error_code ret = 0;
+ char **p, **q;
+ krb5_principal match;
+
+
+ p = krb5_config_get_strings(context, NULL, "gssapi",
+ option, NULL);
+ if(p == NULL)
+ return 0;
+
+ match = NULL;
+ for(q = p; *q; q++) {
+ ret = krb5_parse_name(context, *q, &match);
+ if (ret)
+ break;
+
+ if (krb5_principal_match(context, name, match)) {
+ *compat = match_val;
+ break;
+ }
+
+ krb5_free_principal(context, match);
+ match = NULL;
+ }
+ if (match)
+ krb5_free_principal(context, match);
+ krb5_config_free_strings(p);
+
+ if (ret) {
+ if (minor_status)
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ return 0;
+}
+
+/*
+ * ctx->ctx_id_mutex is assumed to be locked
+ */
+
+OM_uint32
+_gss_DES3_get_mic_compat(OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context)
+{
+ krb5_boolean use_compat = FALSE;
+ OM_uint32 ret;
+
+ if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
+ ret = check_compat(minor_status, context, ctx->target,
+ "broken_des3_mic", &use_compat, TRUE);
+ if (ret)
+ return ret;
+ ret = check_compat(minor_status, context, ctx->target,
+ "correct_des3_mic", &use_compat, FALSE);
+ if (ret)
+ return ret;
+
+ if (use_compat)
+ ctx->more_flags |= COMPAT_OLD_DES3;
+ ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
+ }
+ return 0;
+}
+
+#if 0
+OM_uint32
+gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
+{
+ *minor_status = 0;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ if (on) {
+ ctx->more_flags |= COMPAT_OLD_DES3;
+ } else {
+ ctx->more_flags &= ~COMPAT_OLD_DES3;
+ }
+ ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ return 0;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/context_time.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/context_time.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/context_time.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: context_time.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gsskrb5_lifetime_left(OM_uint32 *minor_status,
+ krb5_context context,
+ OM_uint32 lifetime,
+ OM_uint32 *lifetime_rec)
+{
+ krb5_timestamp timeret;
+ krb5_error_code kret;
+
+ if (lifetime == 0) {
+ *lifetime_rec = GSS_C_INDEFINITE;
+ return GSS_S_COMPLETE;
+ }
+
+ kret = krb5_timeofday(context, &timeret);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (lifetime < timeret)
+ *lifetime_rec = 0;
+ else
+ *lifetime_rec = lifetime - timeret;
+
+ return GSS_S_COMPLETE;
+}
+
+
+OM_uint32 _gsskrb5_context_time
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ OM_uint32 * time_rec
+ )
+{
+ krb5_context context;
+ OM_uint32 lifetime;
+ OM_uint32 major_status;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ lifetime = ctx->lifetime;
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ major_status = _gsskrb5_lifetime_left(minor_status, context,
+ lifetime, time_rec);
+ if (major_status != GSS_S_COMPLETE)
+ return major_status;
+
+ *minor_status = 0;
+
+ if (*time_rec == 0)
+ return GSS_S_CONTEXT_EXPIRED;
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/copy_ccache.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/copy_ccache.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/copy_ccache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: copy_ccache.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+#if 0
+OM_uint32
+gss_krb5_copy_ccache(OM_uint32 *minor_status,
+ krb5_context context,
+ gss_cred_id_t cred,
+ krb5_ccache out)
+{
+ krb5_error_code kret;
+
+ HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
+
+ if (cred->ccache == NULL) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_cc_copy_cache(context, cred->ccache, out);
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+#endif
+
+
+OM_uint32
+_gsskrb5_import_cred(OM_uint32 *minor_status,
+ krb5_ccache id,
+ krb5_principal keytab_principal,
+ krb5_keytab keytab,
+ gss_cred_id_t *cred)
+{
+ krb5_context context;
+ krb5_error_code kret;
+ gsskrb5_cred handle;
+ OM_uint32 ret;
+
+ *cred = NULL;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ handle = calloc(1, sizeof(*handle));
+ if (handle == NULL) {
+ _gsskrb5_clear_status ();
+ *minor_status = ENOMEM;
+ return (GSS_S_FAILURE);
+ }
+ HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
+
+ handle->usage = 0;
+
+ if (id) {
+ char *str;
+
+ handle->usage |= GSS_C_INITIATE;
+
+ kret = krb5_cc_get_principal(context, id,
+ &handle->principal);
+ if (kret) {
+ free(handle);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (keytab_principal) {
+ krb5_boolean match;
+
+ match = krb5_principal_compare(context,
+ handle->principal,
+ keytab_principal);
+ if (match == FALSE) {
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ _gsskrb5_clear_status ();
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ ret = __gsskrb5_ccache_lifetime(minor_status,
+ context,
+ id,
+ handle->principal,
+ &handle->lifetime);
+ if (ret != GSS_S_COMPLETE) {
+ krb5_free_principal(context, handle->principal);
+ free(handle);
+ return ret;
+ }
+
+
+ kret = krb5_cc_get_full_name(context, id, &str);
+ if (kret)
+ goto out;
+
+ kret = krb5_cc_resolve(context, str, &handle->ccache);
+ free(str);
+ if (kret)
+ goto out;
+ }
+
+
+ if (keytab) {
+ char *str;
+
+ handle->usage |= GSS_C_ACCEPT;
+
+ if (keytab_principal && handle->principal == NULL) {
+ kret = krb5_copy_principal(context,
+ keytab_principal,
+ &handle->principal);
+ if (kret)
+ goto out;
+ }
+
+ kret = krb5_kt_get_full_name(context, keytab, &str);
+ if (kret)
+ goto out;
+
+ kret = krb5_kt_resolve(context, str, &handle->keytab);
+ free(str);
+ if (kret)
+ goto out;
+ }
+
+
+ if (id || keytab) {
+ ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
+ if (ret == GSS_S_COMPLETE)
+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
+ &handle->mechanisms);
+ if (ret != GSS_S_COMPLETE) {
+ kret = *minor_status;
+ goto out;
+ }
+ }
+
+ *minor_status = 0;
+ *cred = (gss_cred_id_t)handle;
+ return GSS_S_COMPLETE;
+
+out:
+ gss_release_oid_set(minor_status, &handle->mechanisms);
+ if (handle->ccache)
+ krb5_cc_close(context, handle->ccache);
+ if (handle->keytab)
+ krb5_kt_close(context, handle->keytab);
+ if (handle->principal)
+ krb5_free_principal(context, handle->principal);
+ HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
+ free(handle);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/decapsulate.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/decapsulate.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/decapsulate.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,209 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: decapsulate.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * return the length of the mechanism in token or -1
+ * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
+ */
+
+ssize_t
+_gsskrb5_get_mech (const u_char *ptr,
+ size_t total_len,
+ const u_char **mech_ret)
+{
+ size_t len, len_len, mech_len, foo;
+ const u_char *p = ptr;
+ int e;
+
+ if (total_len < 1)
+ return -1;
+ if (*p++ != 0x60)
+ return -1;
+ e = der_get_length (p, total_len - 1, &len, &len_len);
+ if (e || 1 + len_len + len != total_len)
+ return -1;
+ p += len_len;
+ if (*p++ != 0x06)
+ return -1;
+ e = der_get_length (p, total_len - 1 - len_len - 1,
+ &mech_len, &foo);
+ if (e)
+ return -1;
+ p += foo;
+ *mech_ret = p;
+ return mech_len;
+}
+
+OM_uint32
+_gssapi_verify_mech_header(u_char **str,
+ size_t total_len,
+ gss_OID mech)
+{
+ const u_char *p;
+ ssize_t mech_len;
+
+ mech_len = _gsskrb5_get_mech (*str, total_len, &p);
+ if (mech_len < 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ if (mech_len != mech->length)
+ return GSS_S_BAD_MECH;
+ if (memcmp(p,
+ mech->elements,
+ mech->length) != 0)
+ return GSS_S_BAD_MECH;
+ p += mech_len;
+ *str = rk_UNCONST(p);
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gsskrb5_verify_header(u_char **str,
+ size_t total_len,
+ const void *type,
+ gss_OID oid)
+{
+ OM_uint32 ret;
+ size_t len;
+ u_char *p = *str;
+
+ ret = _gssapi_verify_mech_header(str, total_len, oid);
+ if (ret)
+ return ret;
+
+ len = total_len - (*str - p);
+
+ if (len < 2)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ if (memcmp (*str, type, 2) != 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ *str += 2;
+
+ return 0;
+}
+
+/*
+ * Remove the GSS-API wrapping from `in_token' giving `out_data.
+ * Does not copy data, so just free `in_token'.
+ */
+
+OM_uint32
+_gssapi_decapsulate(
+ OM_uint32 *minor_status,
+ gss_buffer_t input_token_buffer,
+ krb5_data *out_data,
+ const gss_OID mech
+)
+{
+ u_char *p;
+ OM_uint32 ret;
+
+ p = input_token_buffer->value;
+ ret = _gssapi_verify_mech_header(&p,
+ input_token_buffer->length,
+ mech);
+ if (ret) {
+ *minor_status = 0;
+ return ret;
+ }
+
+ out_data->length = input_token_buffer->length -
+ (p - (u_char *)input_token_buffer->value);
+ out_data->data = p;
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * Remove the GSS-API wrapping from `in_token' giving `out_data.
+ * Does not copy data, so just free `in_token'.
+ */
+
+OM_uint32
+_gsskrb5_decapsulate(OM_uint32 *minor_status,
+ gss_buffer_t input_token_buffer,
+ krb5_data *out_data,
+ const void *type,
+ gss_OID oid)
+{
+ u_char *p;
+ OM_uint32 ret;
+
+ p = input_token_buffer->value;
+ ret = _gsskrb5_verify_header(&p,
+ input_token_buffer->length,
+ type,
+ oid);
+ if (ret) {
+ *minor_status = 0;
+ return ret;
+ }
+
+ out_data->length = input_token_buffer->length -
+ (p - (u_char *)input_token_buffer->value);
+ out_data->data = p;
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * Verify padding of a gss wrapped message and return its length.
+ */
+
+OM_uint32
+_gssapi_verify_pad(gss_buffer_t wrapped_token,
+ size_t datalen,
+ size_t *padlen)
+{
+ u_char *pad;
+ size_t padlength;
+ int i;
+
+ pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
+ padlength = *pad;
+
+ if (padlength > datalen)
+ return GSS_S_BAD_MECH;
+
+ for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
+ ;
+ if (i != 0)
+ return GSS_S_BAD_MIC;
+
+ *padlen = padlength;
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/delete_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/delete_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/delete_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: delete_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gsskrb5_delete_sec_context(OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t output_token)
+{
+ krb5_context context;
+ gsskrb5_ctx ctx;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ *minor_status = 0;
+
+ if (output_token) {
+ output_token->length = 0;
+ output_token->value = NULL;
+ }
+
+ if (*context_handle == GSS_C_NO_CONTEXT)
+ return GSS_S_COMPLETE;
+
+ ctx = (gsskrb5_ctx) *context_handle;
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ krb5_auth_con_free (context, ctx->auth_context);
+ if(ctx->source)
+ krb5_free_principal (context, ctx->source);
+ if(ctx->target)
+ krb5_free_principal (context, ctx->target);
+ if (ctx->ticket)
+ krb5_free_ticket (context, ctx->ticket);
+ if(ctx->order)
+ _gssapi_msg_order_destroy(&ctx->order);
+ if (ctx->service_keyblock)
+ krb5_free_keyblock (context, ctx->service_keyblock);
+ krb5_data_free(&ctx->fwd_data);
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ memset(ctx, 0, sizeof(*ctx));
+ free (ctx);
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: display_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_display_name
+ (OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID * output_name_type
+ )
+{
+ krb5_context context;
+ krb5_const_principal name = (krb5_const_principal)input_name;
+ krb5_error_code kret;
+ char *buf;
+ size_t len;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ kret = krb5_unparse_name_flags (context, name,
+ KRB5_PRINCIPAL_UNPARSE_DISPLAY, &buf);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ len = strlen (buf);
+ output_name_buffer->length = len;
+ output_name_buffer->value = malloc(len + 1);
+ if (output_name_buffer->value == NULL) {
+ free (buf);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy (output_name_buffer->value, buf, len);
+ ((char *)output_name_buffer->value)[len] = '\0';
+ free (buf);
+ if (output_name_type)
+ *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_status.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_status.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/display_status.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,200 @@
+/*
+ * Copyright (c) 1998 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: display_status.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static const char *
+calling_error(OM_uint32 v)
+{
+ static const char *msgs[] = {
+ NULL, /* 0 */
+ "A required input parameter could not be read.", /* */
+ "A required output parameter could not be written.", /* */
+ "A parameter was malformed"
+ };
+
+ v >>= GSS_C_CALLING_ERROR_OFFSET;
+
+ if (v == 0)
+ return "";
+ else if (v >= sizeof(msgs)/sizeof(*msgs))
+ return "unknown calling error";
+ else
+ return msgs[v];
+}
+
+static const char *
+routine_error(OM_uint32 v)
+{
+ static const char *msgs[] = {
+ NULL, /* 0 */
+ "An unsupported mechanism was requested",
+ "An invalid name was supplied",
+ "A supplied name was of an unsupported type",
+ "Incorrect channel bindings were supplied",
+ "An invalid status code was supplied",
+ "A token had an invalid MIC",
+ "No credentials were supplied, "
+ "or the credentials were unavailable or inaccessible.",
+ "No context has been established",
+ "A token was invalid",
+ "A credential was invalid",
+ "The referenced credentials have expired",
+ "The context has expired",
+ "Miscellaneous failure (see text)",
+ "The quality-of-protection requested could not be provide",
+ "The operation is forbidden by local security policy",
+ "The operation or option is not available",
+ "The requested credential element already exists",
+ "The provided name was not a mechanism name.",
+ };
+
+ v >>= GSS_C_ROUTINE_ERROR_OFFSET;
+
+ if (v == 0)
+ return "";
+ else if (v >= sizeof(msgs)/sizeof(*msgs))
+ return "unknown routine error";
+ else
+ return msgs[v];
+}
+
+static const char *
+supplementary_error(OM_uint32 v)
+{
+ static const char *msgs[] = {
+ "normal completion",
+ "continuation call to routine required",
+ "duplicate per-message token detected",
+ "timed-out per-message token detected",
+ "reordered (early) per-message token detected",
+ "skipped predecessor token(s) detected"
+ };
+
+ v >>= GSS_C_SUPPLEMENTARY_OFFSET;
+
+ if (v >= sizeof(msgs)/sizeof(*msgs))
+ return "unknown routine error";
+ else
+ return msgs[v];
+}
+
+void
+_gsskrb5_clear_status (void)
+{
+ krb5_context context;
+
+ if (_gsskrb5_init (&context) != 0)
+ return;
+ krb5_clear_error_string(context);
+}
+
+void
+_gsskrb5_set_status (const char *fmt, ...)
+{
+ krb5_context context;
+ va_list args;
+ char *str;
+
+ if (_gsskrb5_init (&context) != 0)
+ return;
+
+ va_start(args, fmt);
+ vasprintf(&str, fmt, args);
+ va_end(args);
+ if (str) {
+ krb5_set_error_string(context, str);
+ free(str);
+ }
+}
+
+OM_uint32 _gsskrb5_display_status
+(OM_uint32 *minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 *message_context,
+ gss_buffer_t status_string)
+{
+ krb5_context context;
+ char *buf;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ status_string->length = 0;
+ status_string->value = NULL;
+
+ if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
+ gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
+ *minor_status = 0;
+ return GSS_C_GSS_CODE;
+ }
+
+ if (status_type == GSS_C_GSS_CODE) {
+ if (GSS_SUPPLEMENTARY_INFO(status_value))
+ asprintf(&buf, "%s",
+ supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
+ else
+ asprintf (&buf, "%s %s",
+ calling_error(GSS_CALLING_ERROR(status_value)),
+ routine_error(GSS_ROUTINE_ERROR(status_value)));
+ } else if (status_type == GSS_C_MECH_CODE) {
+ buf = krb5_get_error_string(context);
+ if (buf == NULL) {
+ const char *tmp = krb5_get_err_text (context, status_value);
+ if (tmp == NULL)
+ asprintf(&buf, "unknown mech error-code %u",
+ (unsigned)status_value);
+ else
+ buf = strdup(tmp);
+ }
+ } else {
+ *minor_status = EINVAL;
+ return GSS_S_BAD_STATUS;
+ }
+
+ if (buf == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ *message_context = 0;
+ *minor_status = 0;
+
+ status_string->length = strlen(buf);
+ status_string->value = buf;
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/duplicate_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/duplicate_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/duplicate_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: duplicate_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_duplicate_name (
+ OM_uint32 * minor_status,
+ const gss_name_t src_name,
+ gss_name_t * dest_name
+ )
+{
+ krb5_context context;
+ krb5_const_principal src = (krb5_const_principal)src_name;
+ krb5_principal *dest = (krb5_principal *)dest_name;
+ krb5_error_code kret;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ kret = krb5_copy_principal (context, src, dest);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ } else {
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/encapsulate.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/encapsulate.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/encapsulate.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: encapsulate.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+void
+_gssapi_encap_length (size_t data_len,
+ size_t *len,
+ size_t *total_len,
+ const gss_OID mech)
+{
+ size_t len_len;
+
+ *len = 1 + 1 + mech->length + data_len;
+
+ len_len = der_length_len(*len);
+
+ *total_len = 1 + len_len + *len;
+}
+
+void
+_gsskrb5_encap_length (size_t data_len,
+ size_t *len,
+ size_t *total_len,
+ const gss_OID mech)
+{
+ _gssapi_encap_length(data_len + 2, len, total_len, mech);
+}
+
+void *
+_gsskrb5_make_header (void *ptr,
+ size_t len,
+ const void *type,
+ const gss_OID mech)
+{
+ u_char *p = ptr;
+ p = _gssapi_make_mech_header(p, len, mech);
+ memcpy (p, type, 2);
+ p += 2;
+ return p;
+}
+
+void *
+_gssapi_make_mech_header(void *ptr,
+ size_t len,
+ const gss_OID mech)
+{
+ u_char *p = ptr;
+ int e;
+ size_t len_len, foo;
+
+ *p++ = 0x60;
+ len_len = der_length_len(len);
+ e = der_put_length (p + len_len - 1, len_len, len, &foo);
+ if(e || foo != len_len)
+ abort ();
+ p += len_len;
+ *p++ = 0x06;
+ *p++ = mech->length;
+ memcpy (p, mech->elements, mech->length);
+ p += mech->length;
+ return p;
+}
+
+/*
+ * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
+ */
+
+OM_uint32
+_gssapi_encapsulate(
+ OM_uint32 *minor_status,
+ const krb5_data *in_data,
+ gss_buffer_t output_token,
+ const gss_OID mech
+)
+{
+ size_t len, outer_len;
+ void *p;
+
+ _gssapi_encap_length (in_data->length, &len, &outer_len, mech);
+
+ output_token->length = outer_len;
+ output_token->value = malloc (outer_len);
+ if (output_token->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = _gssapi_make_mech_header (output_token->value, len, mech);
+ memcpy (p, in_data->data, in_data->length);
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * Give it a krb5_data and it will encapsulate with extra GSS-API krb5
+ * wrappings.
+ */
+
+OM_uint32
+_gsskrb5_encapsulate(
+ OM_uint32 *minor_status,
+ const krb5_data *in_data,
+ gss_buffer_t output_token,
+ const void *type,
+ const gss_OID mech
+)
+{
+ size_t len, outer_len;
+ u_char *p;
+
+ _gsskrb5_encap_length (in_data->length, &len, &outer_len, mech);
+
+ output_token->length = outer_len;
+ output_token->value = malloc (outer_len);
+ if (output_token->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = _gsskrb5_make_header (output_token->value, len, type, mech);
+ memcpy (p, in_data->data, in_data->length);
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: export_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_export_name
+ (OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_name
+ )
+{
+ krb5_context context;
+ krb5_const_principal princ = (krb5_const_principal)input_name;
+ krb5_error_code kret;
+ char *buf, *name;
+ size_t len;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ kret = krb5_unparse_name (context, princ, &name);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ len = strlen (name);
+
+ exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
+ exported_name->value = malloc(exported_name->length);
+ if (exported_name->value == NULL) {
+ free (name);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
+
+ buf = exported_name->value;
+ memcpy(buf, "\x04\x01", 2);
+ buf += 2;
+ buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
+ buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
+ buf+= 2;
+ buf[0] = 0x06;
+ buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
+ buf+= 2;
+
+ memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
+ buf += GSS_KRB5_MECHANISM->length;
+
+ buf[0] = (len >> 24) & 0xff;
+ buf[1] = (len >> 16) & 0xff;
+ buf[2] = (len >> 8) & 0xff;
+ buf[3] = (len) & 0xff;
+ buf += 4;
+
+ memcpy (buf, name, len);
+
+ free (name);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/export_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 1999 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: export_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gsskrb5_export_sec_context (
+ OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t interprocess_token
+ )
+{
+ krb5_context context;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle;
+ krb5_storage *sp;
+ krb5_auth_context ac;
+ OM_uint32 ret = GSS_S_COMPLETE;
+ krb5_data data;
+ gss_buffer_desc buffer;
+ int flags;
+ OM_uint32 minor;
+ krb5_error_code kret;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ if (!(ctx->flags & GSS_C_TRANS_FLAG)) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ *minor_status = 0;
+ return GSS_S_UNAVAILABLE;
+ }
+
+ sp = krb5_storage_emem ();
+ if (sp == NULL) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ ac = ctx->auth_context;
+
+ /* flagging included fields */
+
+ flags = 0;
+ if (ac->local_address)
+ flags |= SC_LOCAL_ADDRESS;
+ if (ac->remote_address)
+ flags |= SC_REMOTE_ADDRESS;
+ if (ac->keyblock)
+ flags |= SC_KEYBLOCK;
+ if (ac->local_subkey)
+ flags |= SC_LOCAL_SUBKEY;
+ if (ac->remote_subkey)
+ flags |= SC_REMOTE_SUBKEY;
+
+ kret = krb5_store_int32 (sp, flags);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ /* marshall auth context */
+
+ kret = krb5_store_int32 (sp, ac->flags);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ if (ac->local_address) {
+ kret = krb5_store_address (sp, *ac->local_address);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+ if (ac->remote_address) {
+ kret = krb5_store_address (sp, *ac->remote_address);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+ kret = krb5_store_int16 (sp, ac->local_port);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ kret = krb5_store_int16 (sp, ac->remote_port);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ if (ac->keyblock) {
+ kret = krb5_store_keyblock (sp, *ac->keyblock);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+ if (ac->local_subkey) {
+ kret = krb5_store_keyblock (sp, *ac->local_subkey);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+ if (ac->remote_subkey) {
+ kret = krb5_store_keyblock (sp, *ac->remote_subkey);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ }
+ kret = krb5_store_int32 (sp, ac->local_seqnumber);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ kret = krb5_store_int32 (sp, ac->remote_seqnumber);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ kret = krb5_store_int32 (sp, ac->keytype);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ kret = krb5_store_int32 (sp, ac->cksumtype);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ /* names */
+
+ ret = _gsskrb5_export_name (minor_status,
+ (gss_name_t)ctx->source, &buffer);
+ if (ret)
+ goto failure;
+ data.data = buffer.value;
+ data.length = buffer.length;
+ kret = krb5_store_data (sp, data);
+ _gsskrb5_release_buffer (&minor, &buffer);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ ret = _gsskrb5_export_name (minor_status,
+ (gss_name_t)ctx->target, &buffer);
+ if (ret)
+ goto failure;
+ data.data = buffer.value;
+ data.length = buffer.length;
+
+ ret = GSS_S_FAILURE;
+
+ kret = krb5_store_data (sp, data);
+ _gsskrb5_release_buffer (&minor, &buffer);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ kret = krb5_store_int32 (sp, ctx->flags);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ kret = krb5_store_int32 (sp, ctx->more_flags);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ kret = krb5_store_int32 (sp, ctx->lifetime);
+ if (kret) {
+ *minor_status = kret;
+ goto failure;
+ }
+ kret = _gssapi_msg_order_export(sp, ctx->order);
+ if (kret ) {
+ *minor_status = kret;
+ goto failure;
+ }
+
+ kret = krb5_storage_to_data (sp, &data);
+ krb5_storage_free (sp);
+ if (kret) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ interprocess_token->length = data.length;
+ interprocess_token->value = data.data;
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
+ GSS_C_NO_BUFFER);
+ if (ret != GSS_S_COMPLETE)
+ _gsskrb5_release_buffer (NULL, interprocess_token);
+ *minor_status = 0;
+ return ret;
+ failure:
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ krb5_storage_free (sp);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/external.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/external.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/external.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,425 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+#include <gssapi_mech.h>
+
+RCSID("$Id: external.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x01"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
+ * GSS_C_NT_USER_NAME should be initialized to point
+ * to that gss_OID_desc.
+ */
+
+static gss_OID_desc gss_c_nt_user_name_oid_desc =
+{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
+
+gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x02"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+ * The constant GSS_C_NT_MACHINE_UID_NAME should be
+ * initialized to point to that gss_OID_desc.
+ */
+
+static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
+{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
+
+gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x03"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+ * The constant GSS_C_NT_STRING_UID_NAME should be
+ * initialized to point to that gss_OID_desc.
+ */
+
+static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
+{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
+
+gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
+ * corresponding to an object-identifier value of
+ * {iso(1) org(3) dod(6) internet(1) security(5)
+ * nametypes(6) gss-host-based-services(2)). The constant
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
+ * to that gss_OID_desc. This is a deprecated OID value, and
+ * implementations wishing to support hostbased-service names
+ * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
+ * defined below, to identify such names;
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
+ * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
+ * parameter, but should not be emitted by GSS-API
+ * implementations
+ */
+
+static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
+{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
+
+gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ * "\x01\x02\x01\x04"}, corresponding to an
+ * object-identifier value of {iso(1) member-body(2)
+ * Unites States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) service_name(4)}. The constant
+ * GSS_C_NT_HOSTBASED_SERVICE should be initialized
+ * to point to that gss_OID_desc.
+ */
+static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
+{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
+
+gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
+ * corresponding to an object identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 3(gss-anonymous-name)}. The constant
+ * and GSS_C_NT_ANONYMOUS should be initialized to point
+ * to that gss_OID_desc.
+ */
+
+static gss_OID_desc gss_c_nt_anonymous_oid_desc =
+{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
+
+gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
+ * corresponding to an object-identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 4(gss-api-exported-name)}. The constant
+ * GSS_C_NT_EXPORT_NAME should be initialized to point
+ * to that gss_OID_desc.
+ */
+
+static gss_OID_desc gss_c_nt_export_name_oid_desc =
+{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
+
+gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
+
+/*
+ * This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * krb5(2) krb5_name(1)}. The recommended symbolic name for this type
+ * is "GSS_KRB5_NT_PRINCIPAL_NAME".
+ */
+
+static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
+{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
+
+gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
+
+/*
+ * This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) user_name(1)}. The recommended symbolic name for this
+ * type is "GSS_KRB5_NT_USER_NAME".
+ */
+
+gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
+
+/*
+ * This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) machine_uid_name(2)}. The recommended symbolic name for
+ * this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
+ */
+
+gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
+
+/*
+ * This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) string_uid_name(3)}. The recommended symbolic name for
+ * this type is "GSS_KRB5_NT_STRING_UID_NAME".
+ */
+
+gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
+
+/*
+ * To support ongoing experimentation, testing, and evolution of the
+ * specification, the Kerberos V5 GSS-API mechanism as defined in this
+ * and any successor memos will be identified with the following Object
+ * Identifier, as defined in RFC-1510, until the specification is
+ * advanced to the level of Proposed Standard RFC:
+ *
+ * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
+ *
+ * Upon advancement to the level of Proposed Standard RFC, the Kerberos
+ * V5 GSS-API mechanism will be identified by an Object Identifier
+ * having the value:
+ *
+ * {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
+ * gssapi(2) krb5(2)}
+ */
+
+#if 0 /* This is the old OID */
+
+static gss_OID_desc gss_krb5_mechanism_oid_desc =
+{5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
+
+#endif
+
+static gss_OID_desc gss_krb5_mechanism_oid_desc =
+{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
+
+gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
+
+/*
+ * draft-ietf-cat-iakerb-09, IAKERB:
+ * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
+ * with the mechanism proposed by SPNEGO [7] for negotiating protocol
+ * variations, is: {iso(1) org(3) dod(6) internet(1) security(5)
+ * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed
+ * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
+ * accordance with the mechanism proposed by SPNEGO for negotiating
+ * protocol variations, is: {iso(1) org(3) dod(6) internet(1)
+ * security(5) mechanisms(5) iakerb(10)
+ * iakerbMinimumMessagesProtocol(2)}.
+ */
+
+static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
+{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
+
+gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc;
+
+static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
+{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
+
+gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc;
+
+/*
+ *
+ */
+
+static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
+{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
+
+gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
+
+/*
+ * 1.2.752.43.13 Heimdal GSS-API Extentions
+ */
+
+/* 1.2.752.43.13.1 */
+static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
+
+gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc;
+
+/* 1.2.752.43.13.2 */
+static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
+
+gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc;
+
+/* 1.2.752.43.13.3 */
+static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
+
+gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
+
+/* 1.2.752.43.13.4 */
+static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
+
+gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc;
+
+/* 1.2.752.43.13.5 */
+static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
+
+gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc;
+
+/* 1.2.752.43.13.6 */
+static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
+
+gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc;
+
+/* 1.2.752.43.13.6.1 */
+static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
+{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
+
+gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc;
+
+/* 1.2.752.43.13.7 */
+static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
+
+gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc;
+
+/* 1.2.752.43.13.8 */
+static gss_OID_desc gss_krb5_get_subkey_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
+
+gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc;
+
+/* 1.2.752.43.13.9 */
+static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
+
+gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc;
+
+/* 1.2.752.43.13.10 */
+static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
+
+gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc;
+
+/* 1.2.752.43.13.11 */
+static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
+
+gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc;
+
+/* 1.2.752.43.13.12 */
+static gss_OID_desc gss_krb5_get_authtime_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
+
+gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc;
+
+/* 1.2.752.43.13.13 */
+static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
+
+gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc;
+
+/* 1.2.752.43.13.14 */
+static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
+
+gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc;
+
+/* 1.2.752.43.13.15 */
+static gss_OID_desc gss_krb5_set_default_realm_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
+
+gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc;
+
+/* 1.2.752.43.13.16 */
+static gss_OID_desc gss_krb5_ccache_name_x_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
+
+gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc;
+
+/* 1.2.752.43.14.1 */
+static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
+{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
+
+gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc;
+
+/*
+ * Context for krb5 calls.
+ */
+
+/*
+ *
+ */
+
+static gssapi_mech_interface_desc krb5_mech = {
+ GMI_VERSION,
+ "kerberos 5",
+ {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
+ _gsskrb5_acquire_cred,
+ _gsskrb5_release_cred,
+ _gsskrb5_init_sec_context,
+ _gsskrb5_accept_sec_context,
+ _gsskrb5_process_context_token,
+ _gsskrb5_delete_sec_context,
+ _gsskrb5_context_time,
+ _gsskrb5_get_mic,
+ _gsskrb5_verify_mic,
+ _gsskrb5_wrap,
+ _gsskrb5_unwrap,
+ _gsskrb5_display_status,
+ _gsskrb5_indicate_mechs,
+ _gsskrb5_compare_name,
+ _gsskrb5_display_name,
+ _gsskrb5_import_name,
+ _gsskrb5_export_name,
+ _gsskrb5_release_name,
+ _gsskrb5_inquire_cred,
+ _gsskrb5_inquire_context,
+ _gsskrb5_wrap_size_limit,
+ _gsskrb5_add_cred,
+ _gsskrb5_inquire_cred_by_mech,
+ _gsskrb5_export_sec_context,
+ _gsskrb5_import_sec_context,
+ _gsskrb5_inquire_names_for_mech,
+ _gsskrb5_inquire_mechs_for_name,
+ _gsskrb5_canonicalize_name,
+ _gsskrb5_duplicate_name,
+ _gsskrb5_inquire_sec_context_by_oid,
+ _gsskrb5_inquire_cred_by_oid,
+ _gsskrb5_set_sec_context_option,
+ _gsskrb5_set_cred_option,
+ _gsskrb5_pseudo_random
+};
+
+gssapi_mech_interface
+__gss_krb5_initialize(void)
+{
+ return &krb5_mech;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/get_mic.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/get_mic.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/get_mic.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,317 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: get_mic.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static OM_uint32
+mic_des
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx ctx,
+ krb5_context context,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ krb5_keyblock *key
+ )
+{
+ u_char *p;
+ MD5_CTX md5;
+ u_char hash[16];
+ DES_key_schedule schedule;
+ DES_cblock deskey;
+ DES_cblock zero;
+ int32_t seq_number;
+ size_t len, total_len;
+
+ _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ message_token->length = total_len;
+ message_token->value = malloc (total_len);
+ if (message_token->value == NULL) {
+ message_token->length = 0;
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = _gsskrb5_make_header(message_token->value,
+ len,
+ "\x01\x01", /* TOK_ID */
+ GSS_KRB5_MECHANISM);
+
+ memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */
+ p += 2;
+
+ memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
+ p += 4;
+
+ /* Fill in later (SND-SEQ) */
+ memset (p, 0, 16);
+ p += 16;
+
+ /* checksum */
+ MD5_Init (&md5);
+ MD5_Update (&md5, p - 24, 8);
+ MD5_Update (&md5, message_buffer->value, message_buffer->length);
+ MD5_Final (hash, &md5);
+
+ memset (&zero, 0, sizeof(zero));
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
+ &schedule, &zero);
+ memcpy (p - 8, hash, 8); /* SGN_CKSUM */
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ /* sequence number */
+ krb5_auth_con_getlocalseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
+
+ p -= 16; /* SND_SEQ */
+ p[0] = (seq_number >> 0) & 0xFF;
+ p[1] = (seq_number >> 8) & 0xFF;
+ p[2] = (seq_number >> 16) & 0xFF;
+ p[3] = (seq_number >> 24) & 0xFF;
+ memset (p + 4,
+ (ctx->more_flags & LOCAL) ? 0 : 0xFF,
+ 4);
+
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_encrypt ((void *)p, (void *)p, 8,
+ &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
+
+ krb5_auth_con_setlocalseqnumber (context,
+ ctx->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ memset (deskey, 0, sizeof(deskey));
+ memset (&schedule, 0, sizeof(schedule));
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+mic_des3
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx ctx,
+ krb5_context context,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ krb5_keyblock *key
+ )
+{
+ u_char *p;
+ Checksum cksum;
+ u_char seq[8];
+
+ int32_t seq_number;
+ size_t len, total_len;
+
+ krb5_crypto crypto;
+ krb5_error_code kret;
+ krb5_data encdata;
+ char *tmp;
+ char ivec[8];
+
+ _gsskrb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ message_token->length = total_len;
+ message_token->value = malloc (total_len);
+ if (message_token->value == NULL) {
+ message_token->length = 0;
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = _gsskrb5_make_header(message_token->value,
+ len,
+ "\x01\x01", /* TOK-ID */
+ GSS_KRB5_MECHANISM);
+
+ memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */
+ p += 2;
+
+ memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
+ p += 4;
+
+ /* this should be done in parts */
+
+ tmp = malloc (message_buffer->length + 8);
+ if (tmp == NULL) {
+ free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy (tmp, p - 8, 8);
+ memcpy (tmp + 8, message_buffer->value, message_buffer->length);
+
+ kret = krb5_crypto_init(context, key, 0, &crypto);
+ if (kret) {
+ free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
+ free (tmp);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ kret = krb5_create_checksum (context,
+ crypto,
+ KRB5_KU_USAGE_SIGN,
+ 0,
+ tmp,
+ message_buffer->length + 8,
+ &cksum);
+ free (tmp);
+ krb5_crypto_destroy (context, crypto);
+ if (kret) {
+ free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ /* sequence number */
+ krb5_auth_con_getlocalseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
+
+ seq[0] = (seq_number >> 0) & 0xFF;
+ seq[1] = (seq_number >> 8) & 0xFF;
+ seq[2] = (seq_number >> 16) & 0xFF;
+ seq[3] = (seq_number >> 24) & 0xFF;
+ memset (seq + 4,
+ (ctx->more_flags & LOCAL) ? 0 : 0xFF,
+ 4);
+
+ kret = krb5_crypto_init(context, key,
+ ETYPE_DES3_CBC_NONE, &crypto);
+ if (kret) {
+ free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ if (ctx->more_flags & COMPAT_OLD_DES3)
+ memset(ivec, 0, 8);
+ else
+ memcpy(ivec, p + 8, 8);
+
+ kret = krb5_encrypt_ivec (context,
+ crypto,
+ KRB5_KU_USAGE_SEQ,
+ seq, 8, &encdata, ivec);
+ krb5_crypto_destroy (context, crypto);
+ if (kret) {
+ free (message_token->value);
+ message_token->value = NULL;
+ message_token->length = 0;
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ assert (encdata.length == 8);
+
+ memcpy (p, encdata.data, encdata.length);
+ krb5_data_free (&encdata);
+
+ krb5_auth_con_setlocalseqnumber (context,
+ ctx->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ free_Checksum (&cksum);
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gsskrb5_get_mic
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ krb5_context context;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+ krb5_keyblock *key;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype (context, key->keytype, &keytype);
+
+ switch (keytype) {
+ case KEYTYPE_DES :
+ ret = mic_des (minor_status, ctx, context, qop_req,
+ message_buffer, message_token, key);
+ break;
+ case KEYTYPE_DES3 :
+ ret = mic_des3 (minor_status, ctx, context, qop_req,
+ message_buffer, message_token, key);
+ break;
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req,
+ message_buffer, message_token, key);
+ break;
+ default :
+ ret = _gssapi_mic_cfx (minor_status, ctx, context, qop_req,
+ message_buffer, message_token, key);
+ break;
+ }
+ krb5_free_keyblock (context, key);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/gkrb5_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/gkrb5_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/gkrb5_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,31 @@
+#
+# extended gss krb5 error messages
+#
+
+id "$Id: gkrb5_err.et,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $"
+
+error_table gk5
+
+prefix GSS_KRB5_S
+
+error_code G_BAD_SERVICE_NAME, "No @ in SERVICE-NAME name string"
+error_code G_BAD_STRING_UID, "STRING-UID-NAME contains nondigits"
+error_code G_NOUSER, "UID does not resolve to username"
+error_code G_VALIDATE_FAILED, "Validation error"
+error_code G_BUFFER_ALLOC, "Couldn't allocate gss_buffer_t data"
+error_code G_BAD_MSG_CTX, "Message context invalid"
+error_code G_WRONG_SIZE, "Buffer is the wrong size"
+error_code G_BAD_USAGE, "Credential usage type is unknown"
+error_code G_UNKNOWN_QOP, "Unknown quality of protection specified"
+
+index 128
+
+error_code KG_CCACHE_NOMATCH, "Principal in credential cache does not match desired name"
+error_code KG_KEYTAB_NOMATCH, "No principal in keytab matches desired name"
+error_code KG_TGT_MISSING, "Credential cache has no TGT"
+error_code KG_NO_SUBKEY, "Authenticator has no subkey"
+error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established"
+error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token"
+error_code KG_BAD_LENGTH, "Invalid field length in token"
+error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context"
+error_code KG_INPUT_TOO_LONG, "Input too long"
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,703 @@
+/* This is a generated file */
+#ifndef __gsskrb5_private_h__
+#define __gsskrb5_private_h__
+
+#include <stdarg.h>
+
+gssapi_mech_interface
+__gss_krb5_initialize (void);
+
+OM_uint32
+__gsskrb5_ccache_lifetime (
+ OM_uint32 */*minor_status*/,
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_principal /*principal*/,
+ OM_uint32 */*lifetime*/);
+
+OM_uint32
+_gss_DES3_get_mic_compat (
+ OM_uint32 */*minor_status*/,
+ gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/);
+
+OM_uint32
+_gssapi_decapsulate (
+ OM_uint32 */*minor_status*/,
+ gss_buffer_t /*input_token_buffer*/,
+ krb5_data */*out_data*/,
+ const gss_OID mech );
+
+void
+_gssapi_encap_length (
+ size_t /*data_len*/,
+ size_t */*len*/,
+ size_t */*total_len*/,
+ const gss_OID /*mech*/);
+
+OM_uint32
+_gssapi_encapsulate (
+ OM_uint32 */*minor_status*/,
+ const krb5_data */*in_data*/,
+ gss_buffer_t /*output_token*/,
+ const gss_OID mech );
+
+OM_uint32
+_gssapi_get_mic_arcfour (
+ OM_uint32 * /*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*message_token*/,
+ krb5_keyblock */*key*/);
+
+void *
+_gssapi_make_mech_header (
+ void */*ptr*/,
+ size_t /*len*/,
+ const gss_OID /*mech*/);
+
+OM_uint32
+_gssapi_mic_cfx (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*message_token*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_msg_order_check (
+ struct gss_msg_order */*o*/,
+ OM_uint32 /*seq_num*/);
+
+OM_uint32
+_gssapi_msg_order_create (
+ OM_uint32 */*minor_status*/,
+ struct gss_msg_order **/*o*/,
+ OM_uint32 /*flags*/,
+ OM_uint32 /*seq_num*/,
+ OM_uint32 /*jitter_window*/,
+ int /*use_64*/);
+
+OM_uint32
+_gssapi_msg_order_destroy (struct gss_msg_order **/*m*/);
+
+krb5_error_code
+_gssapi_msg_order_export (
+ krb5_storage */*sp*/,
+ struct gss_msg_order */*o*/);
+
+OM_uint32
+_gssapi_msg_order_f (OM_uint32 /*flags*/);
+
+OM_uint32
+_gssapi_msg_order_import (
+ OM_uint32 */*minor_status*/,
+ krb5_storage */*sp*/,
+ struct gss_msg_order **/*o*/);
+
+OM_uint32
+_gssapi_unwrap_arcfour (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int */*conf_state*/,
+ gss_qop_t */*qop_state*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_unwrap_cfx (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int */*conf_state*/,
+ gss_qop_t */*qop_state*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_verify_mech_header (
+ u_char **/*str*/,
+ size_t /*total_len*/,
+ gss_OID /*mech*/);
+
+OM_uint32
+_gssapi_verify_mic_arcfour (
+ OM_uint32 * /*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t * /*qop_state*/,
+ krb5_keyblock */*key*/,
+ char */*type*/);
+
+OM_uint32
+_gssapi_verify_mic_cfx (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t */*qop_state*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_verify_pad (
+ gss_buffer_t /*wrapped_token*/,
+ size_t /*datalen*/,
+ size_t */*padlen*/);
+
+OM_uint32
+_gssapi_wrap_arcfour (
+ OM_uint32 * /*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t /*output_message_buffer*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_wrap_cfx (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ int */*conf_state*/,
+ gss_buffer_t /*output_message_buffer*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_wrap_size_arcfour (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ OM_uint32 /*req_output_size*/,
+ OM_uint32 */*max_input_size*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gssapi_wrap_size_cfx (
+ OM_uint32 */*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ OM_uint32 /*req_output_size*/,
+ OM_uint32 */*max_input_size*/,
+ krb5_keyblock */*key*/);
+
+OM_uint32
+_gsskrb5_accept_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_cred_id_t /*acceptor_cred_handle*/,
+ const gss_buffer_t /*input_token_buffer*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ gss_name_t * /*src_name*/,
+ gss_OID * /*mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * /*time_rec*/,
+ gss_cred_id_t * /*delegated_cred_handle*/);
+
+OM_uint32
+_gsskrb5_acquire_cred (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*desired_name*/,
+ OM_uint32 /*time_req*/,
+ const gss_OID_set /*desired_mechs*/,
+ gss_cred_usage_t /*cred_usage*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gsskrb5_add_cred (
+ OM_uint32 */*minor_status*/,
+ const gss_cred_id_t /*input_cred_handle*/,
+ const gss_name_t /*desired_name*/,
+ const gss_OID /*desired_mech*/,
+ gss_cred_usage_t /*cred_usage*/,
+ OM_uint32 /*initiator_time_req*/,
+ OM_uint32 /*acceptor_time_req*/,
+ gss_cred_id_t */*output_cred_handle*/,
+ gss_OID_set */*actual_mechs*/,
+ OM_uint32 */*initiator_time_rec*/,
+ OM_uint32 */*acceptor_time_rec*/);
+
+OM_uint32
+_gsskrb5_canonicalize_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * output_name );
+
+void
+_gsskrb5_clear_status (void);
+
+OM_uint32
+_gsskrb5_compare_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*name1*/,
+ const gss_name_t /*name2*/,
+ int * name_equal );
+
+OM_uint32
+_gsskrb5_context_time (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gsskrb5_create_8003_checksum (
+ OM_uint32 */*minor_status*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ OM_uint32 /*flags*/,
+ const krb5_data */*fwd_data*/,
+ Checksum */*result*/);
+
+OM_uint32
+_gsskrb5_create_ctx (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ krb5_context /*context*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ enum gss_ctx_id_t_state /*state*/);
+
+OM_uint32
+_gsskrb5_decapsulate (
+ OM_uint32 */*minor_status*/,
+ gss_buffer_t /*input_token_buffer*/,
+ krb5_data */*out_data*/,
+ const void */*type*/,
+ gss_OID /*oid*/);
+
+krb5_error_code
+_gsskrb5_decode_be_om_uint32 (
+ const void */*ptr*/,
+ OM_uint32 */*n*/);
+
+krb5_error_code
+_gsskrb5_decode_om_uint32 (
+ const void */*ptr*/,
+ OM_uint32 */*n*/);
+
+OM_uint32
+_gsskrb5_delete_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t /*output_token*/);
+
+OM_uint32
+_gsskrb5_display_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t /*output_name_buffer*/,
+ gss_OID * output_name_type );
+
+OM_uint32
+_gsskrb5_display_status (
+ OM_uint32 */*minor_status*/,
+ OM_uint32 /*status_value*/,
+ int /*status_type*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 */*message_context*/,
+ gss_buffer_t /*status_string*/);
+
+OM_uint32
+_gsskrb5_duplicate_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*src_name*/,
+ gss_name_t * dest_name );
+
+void
+_gsskrb5_encap_length (
+ size_t /*data_len*/,
+ size_t */*len*/,
+ size_t */*total_len*/,
+ const gss_OID /*mech*/);
+
+OM_uint32
+_gsskrb5_encapsulate (
+ OM_uint32 */*minor_status*/,
+ const krb5_data */*in_data*/,
+ gss_buffer_t /*output_token*/,
+ const void */*type*/,
+ const gss_OID mech );
+
+krb5_error_code
+_gsskrb5_encode_be_om_uint32 (
+ OM_uint32 /*n*/,
+ u_char */*p*/);
+
+krb5_error_code
+_gsskrb5_encode_om_uint32 (
+ OM_uint32 /*n*/,
+ u_char */*p*/);
+
+OM_uint32
+_gsskrb5_export_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t exported_name );
+
+OM_uint32
+_gsskrb5_export_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t interprocess_token );
+
+ssize_t
+_gsskrb5_get_mech (
+ const u_char */*ptr*/,
+ size_t /*total_len*/,
+ const u_char **/*mech_ret*/);
+
+OM_uint32
+_gsskrb5_get_mic (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*message_buffer*/,
+ gss_buffer_t message_token );
+
+OM_uint32
+_gsskrb5_get_tkt_flags (
+ OM_uint32 */*minor_status*/,
+ gsskrb5_ctx /*ctx*/,
+ OM_uint32 */*tkt_flags*/);
+
+OM_uint32
+_gsskrb5_import_cred (
+ OM_uint32 */*minor_status*/,
+ krb5_ccache /*id*/,
+ krb5_principal /*keytab_principal*/,
+ krb5_keytab /*keytab*/,
+ gss_cred_id_t */*cred*/);
+
+OM_uint32
+_gsskrb5_import_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*input_name_buffer*/,
+ const gss_OID /*input_name_type*/,
+ gss_name_t * output_name );
+
+OM_uint32
+_gsskrb5_import_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*interprocess_token*/,
+ gss_ctx_id_t * context_handle );
+
+OM_uint32
+_gsskrb5_indicate_mechs (
+ OM_uint32 * /*minor_status*/,
+ gss_OID_set * mech_set );
+
+krb5_error_code
+_gsskrb5_init (krb5_context */*context*/);
+
+OM_uint32
+_gsskrb5_init_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_name_t /*target_name*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 /*req_flags*/,
+ OM_uint32 /*time_req*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ const gss_buffer_t /*input_token*/,
+ gss_OID * /*actual_mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gsskrb5_inquire_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_name_t * /*src_name*/,
+ gss_name_t * /*targ_name*/,
+ OM_uint32 * /*lifetime_rec*/,
+ gss_OID * /*mech_type*/,
+ OM_uint32 * /*ctx_flags*/,
+ int * /*locally_initiated*/,
+ int * open_context );
+
+OM_uint32
+_gsskrb5_inquire_cred (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ gss_name_t * /*output_name*/,
+ OM_uint32 * /*lifetime*/,
+ gss_cred_usage_t * /*cred_usage*/,
+ gss_OID_set * mechanisms );
+
+OM_uint32
+_gsskrb5_inquire_cred_by_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*initiator_lifetime*/,
+ OM_uint32 * /*acceptor_lifetime*/,
+ gss_cred_usage_t * cred_usage );
+
+OM_uint32
+_gsskrb5_inquire_cred_by_oid (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_set_t */*data_set*/);
+
+OM_uint32
+_gsskrb5_inquire_mechs_for_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_OID_set * mech_types );
+
+OM_uint32
+_gsskrb5_inquire_names_for_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_OID /*mechanism*/,
+ gss_OID_set * name_types );
+
+OM_uint32
+_gsskrb5_inquire_sec_context_by_oid (
+ OM_uint32 */*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_set_t */*data_set*/);
+
+OM_uint32
+_gsskrb5_krb5_ccache_name (
+ OM_uint32 */*minor_status*/,
+ const char */*name*/,
+ const char **/*out_name*/);
+
+OM_uint32
+_gsskrb5_lifetime_left (
+ OM_uint32 */*minor_status*/,
+ krb5_context /*context*/,
+ OM_uint32 /*lifetime*/,
+ OM_uint32 */*lifetime_rec*/);
+
+void *
+_gsskrb5_make_header (
+ void */*ptr*/,
+ size_t /*len*/,
+ const void */*type*/,
+ const gss_OID /*mech*/);
+
+OM_uint32
+_gsskrb5_process_context_token (
+ OM_uint32 */*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t token_buffer );
+
+OM_uint32
+_gsskrb5_pseudo_random (
+ OM_uint32 */*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*prf_key*/,
+ const gss_buffer_t /*prf_in*/,
+ ssize_t /*desired_output_len*/,
+ gss_buffer_t /*prf_out*/);
+
+OM_uint32
+_gsskrb5_register_acceptor_identity (const char */*identity*/);
+
+OM_uint32
+_gsskrb5_release_buffer (
+ OM_uint32 * /*minor_status*/,
+ gss_buffer_t buffer );
+
+OM_uint32
+_gsskrb5_release_cred (
+ OM_uint32 * /*minor_status*/,
+ gss_cred_id_t * cred_handle );
+
+OM_uint32
+_gsskrb5_release_name (
+ OM_uint32 * /*minor_status*/,
+ gss_name_t * input_name );
+
+OM_uint32
+_gsskrb5_seal (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ int /*qop_req*/,
+ gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t output_message_buffer );
+
+OM_uint32
+_gsskrb5_set_cred_option (
+ OM_uint32 */*minor_status*/,
+ gss_cred_id_t */*cred_handle*/,
+ const gss_OID /*desired_object*/,
+ const gss_buffer_t /*value*/);
+
+OM_uint32
+_gsskrb5_set_sec_context_option (
+ OM_uint32 */*minor_status*/,
+ gss_ctx_id_t */*context_handle*/,
+ const gss_OID /*desired_object*/,
+ const gss_buffer_t /*value*/);
+
+void
+_gsskrb5_set_status (
+ const char */*fmt*/,
+ ...);
+
+OM_uint32
+_gsskrb5_sign (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*qop_req*/,
+ gss_buffer_t /*message_buffer*/,
+ gss_buffer_t message_token );
+
+OM_uint32
+_gsskrb5_unseal (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ int * qop_state );
+
+OM_uint32
+_gsskrb5_unwrap (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ gss_qop_t * qop_state );
+
+OM_uint32
+_gsskrb5_verify (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*token_buffer*/,
+ int * qop_state );
+
+OM_uint32
+_gsskrb5_verify_8003_checksum (
+ OM_uint32 */*minor_status*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ const Checksum */*cksum*/,
+ OM_uint32 */*flags*/,
+ krb5_data */*fwd_data*/);
+
+OM_uint32
+_gsskrb5_verify_header (
+ u_char **/*str*/,
+ size_t /*total_len*/,
+ const void */*type*/,
+ gss_OID /*oid*/);
+
+OM_uint32
+_gsskrb5_verify_mic (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t * qop_state );
+
+OM_uint32
+_gsskrb5_verify_mic_internal (
+ OM_uint32 * /*minor_status*/,
+ const gsskrb5_ctx /*context_handle*/,
+ krb5_context /*context*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t * /*qop_state*/,
+ char * type );
+
+OM_uint32
+_gsskrb5_wrap (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t output_message_buffer );
+
+OM_uint32
+_gsskrb5_wrap_size_limit (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ OM_uint32 /*req_output_size*/,
+ OM_uint32 * max_input_size );
+
+krb5_error_code
+_gsskrb5cfx_max_wrap_length_cfx (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ int /*conf_req_flag*/,
+ size_t /*input_length*/,
+ OM_uint32 */*output_length*/);
+
+krb5_error_code
+_gsskrb5cfx_wrap_length_cfx (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ int /*conf_req_flag*/,
+ size_t /*input_length*/,
+ size_t */*output_length*/,
+ size_t */*cksumsize*/,
+ uint16_t */*padlength*/);
+
+krb5_error_code
+_gsskrb5i_address_to_krb5addr (
+ krb5_context /*context*/,
+ OM_uint32 /*gss_addr_type*/,
+ gss_buffer_desc */*gss_addr*/,
+ int16_t /*port*/,
+ krb5_address */*address*/);
+
+krb5_error_code
+_gsskrb5i_get_acceptor_subkey (
+ const gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ krb5_keyblock **/*key*/);
+
+krb5_error_code
+_gsskrb5i_get_initiator_subkey (
+ const gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ krb5_keyblock **/*key*/);
+
+OM_uint32
+_gsskrb5i_get_token_key (
+ const gsskrb5_ctx /*ctx*/,
+ krb5_context /*context*/,
+ krb5_keyblock **/*key*/);
+
+void
+_gsskrb5i_is_cfx (
+ gsskrb5_ctx /*ctx*/,
+ int */*is_cfx*/);
+
+#endif /* __gsskrb5_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/gsskrb5_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: gsskrb5_locl.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef GSSKRB5_LOCL_H
+#define GSSKRB5_LOCL_H
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <krb5_locl.h>
+#include <gkrb5_err.h>
+#include <gssapi.h>
+#include <gssapi_mech.h>
+#include <assert.h>
+
+#include "cfx.h"
+
+/*
+ *
+ */
+
+struct gss_msg_order;
+
+typedef struct {
+ struct krb5_auth_context_data *auth_context;
+ krb5_principal source, target;
+#define IS_DCE_STYLE(ctx) (((ctx)->flags & GSS_C_DCE_STYLE) != 0)
+ OM_uint32 flags;
+ enum { LOCAL = 1, OPEN = 2,
+ COMPAT_OLD_DES3 = 4,
+ COMPAT_OLD_DES3_SELECTED = 8,
+ ACCEPTOR_SUBKEY = 16
+ } more_flags;
+ enum gss_ctx_id_t_state {
+ /* initiator states */
+ INITIATOR_START,
+ INITIATOR_WAIT_FOR_MUTAL,
+ INITIATOR_READY,
+ /* acceptor states */
+ ACCEPTOR_START,
+ ACCEPTOR_WAIT_FOR_DCESTYLE,
+ ACCEPTOR_READY
+ } state;
+ struct krb5_ticket *ticket;
+ OM_uint32 lifetime;
+ HEIMDAL_MUTEX ctx_id_mutex;
+ struct gss_msg_order *order;
+ krb5_keyblock *service_keyblock;
+ krb5_data fwd_data;
+} *gsskrb5_ctx;
+
+typedef struct {
+ krb5_principal principal;
+ int cred_flags;
+#define GSS_CF_DESTROY_CRED_ON_RELEASE 1
+ struct krb5_keytab_data *keytab;
+ OM_uint32 lifetime;
+ gss_cred_usage_t usage;
+ gss_OID_set mechanisms;
+ struct krb5_ccache_data *ccache;
+ HEIMDAL_MUTEX cred_id_mutex;
+ krb5_enctype *enctypes;
+} *gsskrb5_cred;
+
+typedef struct Principal *gsskrb5_name;
+
+/*
+ *
+ */
+
+extern krb5_keytab _gsskrb5_keytab;
+extern HEIMDAL_MUTEX gssapi_keytab_mutex;
+
+struct gssapi_thr_context {
+ HEIMDAL_MUTEX mutex;
+ char *error_string;
+};
+
+/*
+ * Prototypes
+ */
+
+#include <krb5/gsskrb5-private.h>
+
+#define GSSAPI_KRB5_INIT(ctx) do { \
+ krb5_error_code kret_gss_init; \
+ if((kret_gss_init = _gsskrb5_init (ctx)) != 0) { \
+ *minor_status = kret_gss_init; \
+ return GSS_S_FAILURE; \
+ } \
+} while (0)
+
+/* sec_context flags */
+
+#define SC_LOCAL_ADDRESS 0x01
+#define SC_REMOTE_ADDRESS 0x02
+#define SC_KEYBLOCK 0x04
+#define SC_LOCAL_SUBKEY 0x08
+#define SC_REMOTE_SUBKEY 0x10
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,225 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: import_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static OM_uint32
+parse_krb5_name (OM_uint32 *minor_status,
+ krb5_context context,
+ const char *name,
+ gss_name_t *output_name)
+{
+ krb5_principal princ;
+ krb5_error_code kerr;
+
+ kerr = krb5_parse_name (context, name, &princ);
+
+ if (kerr == 0) {
+ *output_name = (gss_name_t)princ;
+ return GSS_S_COMPLETE;
+ }
+ *minor_status = kerr;
+
+ if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
+ return GSS_S_BAD_NAME;
+
+ return GSS_S_FAILURE;
+}
+
+static OM_uint32
+import_krb5_name (OM_uint32 *minor_status,
+ krb5_context context,
+ const gss_buffer_t input_name_buffer,
+ gss_name_t *output_name)
+{
+ OM_uint32 ret;
+ char *tmp;
+
+ tmp = malloc (input_name_buffer->length + 1);
+ if (tmp == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy (tmp,
+ input_name_buffer->value,
+ input_name_buffer->length);
+ tmp[input_name_buffer->length] = '\0';
+
+ ret = parse_krb5_name(minor_status, context, tmp, output_name);
+ free(tmp);
+
+ return ret;
+}
+
+static OM_uint32
+import_hostbased_name (OM_uint32 *minor_status,
+ krb5_context context,
+ const gss_buffer_t input_name_buffer,
+ gss_name_t *output_name)
+{
+ krb5_error_code kerr;
+ char *tmp;
+ char *p;
+ char *host;
+ char local_hostname[MAXHOSTNAMELEN];
+ krb5_principal princ = NULL;
+
+ tmp = malloc (input_name_buffer->length + 1);
+ if (tmp == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy (tmp,
+ input_name_buffer->value,
+ input_name_buffer->length);
+ tmp[input_name_buffer->length] = '\0';
+
+ p = strchr (tmp, '@');
+ if (p != NULL) {
+ *p = '\0';
+ host = p + 1;
+ } else {
+ if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
+ *minor_status = errno;
+ free (tmp);
+ return GSS_S_FAILURE;
+ }
+ host = local_hostname;
+ }
+
+ kerr = krb5_sname_to_principal (context,
+ host,
+ tmp,
+ KRB5_NT_SRV_HST,
+ &princ);
+ free (tmp);
+ *minor_status = kerr;
+ if (kerr == 0) {
+ *output_name = (gss_name_t)princ;
+ return GSS_S_COMPLETE;
+ }
+
+ if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
+ return GSS_S_BAD_NAME;
+
+ return GSS_S_FAILURE;
+}
+
+static OM_uint32
+import_export_name (OM_uint32 *minor_status,
+ krb5_context context,
+ const gss_buffer_t input_name_buffer,
+ gss_name_t *output_name)
+{
+ unsigned char *p;
+ uint32_t length;
+ OM_uint32 ret;
+ char *name;
+
+ if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
+ return GSS_S_BAD_NAME;
+
+ /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
+
+ p = input_name_buffer->value;
+
+ if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
+ p[3] != GSS_KRB5_MECHANISM->length + 2 ||
+ p[4] != 0x06 ||
+ p[5] != GSS_KRB5_MECHANISM->length ||
+ memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
+ GSS_KRB5_MECHANISM->length) != 0)
+ return GSS_S_BAD_NAME;
+
+ p += 6 + GSS_KRB5_MECHANISM->length;
+
+ length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
+ p += 4;
+
+ if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
+ return GSS_S_BAD_NAME;
+
+ name = malloc(length + 1);
+ if (name == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(name, p, length);
+ name[length] = '\0';
+
+ ret = parse_krb5_name(minor_status, context, name, output_name);
+ free(name);
+
+ return ret;
+}
+
+OM_uint32 _gsskrb5_import_name
+ (OM_uint32 * minor_status,
+ const gss_buffer_t input_name_buffer,
+ const gss_OID input_name_type,
+ gss_name_t * output_name
+ )
+{
+ krb5_context context;
+
+ *minor_status = 0;
+ *output_name = GSS_C_NO_NAME;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
+ gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
+ return import_hostbased_name (minor_status,
+ context,
+ input_name_buffer,
+ output_name);
+ else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
+ || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
+ || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
+ /* default printable syntax */
+ return import_krb5_name (minor_status,
+ context,
+ input_name_buffer,
+ output_name);
+ else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
+ return import_export_name(minor_status,
+ context,
+ input_name_buffer,
+ output_name);
+ } else {
+ *minor_status = 0;
+ return GSS_S_BAD_NAMETYPE;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/import_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 1999 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: import_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gsskrb5_import_sec_context (
+ OM_uint32 * minor_status,
+ const gss_buffer_t interprocess_token,
+ gss_ctx_id_t * context_handle
+ )
+{
+ OM_uint32 ret = GSS_S_FAILURE;
+ krb5_context context;
+ krb5_error_code kret;
+ krb5_storage *sp;
+ krb5_auth_context ac;
+ krb5_address local, remote;
+ krb5_address *localp, *remotep;
+ krb5_data data;
+ gss_buffer_desc buffer;
+ krb5_keyblock keyblock;
+ int32_t tmp;
+ int32_t flags;
+ gsskrb5_ctx ctx;
+ gss_name_t name;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ localp = remotep = NULL;
+
+ sp = krb5_storage_from_mem (interprocess_token->value,
+ interprocess_token->length);
+ if (sp == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ *minor_status = ENOMEM;
+ krb5_storage_free (sp);
+ return GSS_S_FAILURE;
+ }
+ HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
+
+ kret = krb5_auth_con_init (context,
+ &ctx->auth_context);
+ if (kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ /* flags */
+
+ *minor_status = 0;
+
+ if (krb5_ret_int32 (sp, &flags) != 0)
+ goto failure;
+
+ /* retrieve the auth context */
+
+ ac = ctx->auth_context;
+ if (krb5_ret_uint32 (sp, &ac->flags) != 0)
+ goto failure;
+ if (flags & SC_LOCAL_ADDRESS) {
+ if (krb5_ret_address (sp, localp = &local) != 0)
+ goto failure;
+ }
+
+ if (flags & SC_REMOTE_ADDRESS) {
+ if (krb5_ret_address (sp, remotep = &remote) != 0)
+ goto failure;
+ }
+
+ krb5_auth_con_setaddrs (context, ac, localp, remotep);
+ if (localp)
+ krb5_free_address (context, localp);
+ if (remotep)
+ krb5_free_address (context, remotep);
+ localp = remotep = NULL;
+
+ if (krb5_ret_int16 (sp, &ac->local_port) != 0)
+ goto failure;
+
+ if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
+ goto failure;
+ if (flags & SC_KEYBLOCK) {
+ if (krb5_ret_keyblock (sp, &keyblock) != 0)
+ goto failure;
+ krb5_auth_con_setkey (context, ac, &keyblock);
+ krb5_free_keyblock_contents (context, &keyblock);
+ }
+ if (flags & SC_LOCAL_SUBKEY) {
+ if (krb5_ret_keyblock (sp, &keyblock) != 0)
+ goto failure;
+ krb5_auth_con_setlocalsubkey (context, ac, &keyblock);
+ krb5_free_keyblock_contents (context, &keyblock);
+ }
+ if (flags & SC_REMOTE_SUBKEY) {
+ if (krb5_ret_keyblock (sp, &keyblock) != 0)
+ goto failure;
+ krb5_auth_con_setremotesubkey (context, ac, &keyblock);
+ krb5_free_keyblock_contents (context, &keyblock);
+ }
+ if (krb5_ret_uint32 (sp, &ac->local_seqnumber))
+ goto failure;
+ if (krb5_ret_uint32 (sp, &ac->remote_seqnumber))
+ goto failure;
+
+ if (krb5_ret_int32 (sp, &tmp) != 0)
+ goto failure;
+ ac->keytype = tmp;
+ if (krb5_ret_int32 (sp, &tmp) != 0)
+ goto failure;
+ ac->cksumtype = tmp;
+
+ /* names */
+
+ if (krb5_ret_data (sp, &data))
+ goto failure;
+ buffer.value = data.data;
+ buffer.length = data.length;
+
+ ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
+ &name);
+ if (ret) {
+ ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
+ &name);
+ if (ret) {
+ krb5_data_free (&data);
+ goto failure;
+ }
+ }
+ ctx->source = (krb5_principal)name;
+ krb5_data_free (&data);
+
+ if (krb5_ret_data (sp, &data) != 0)
+ goto failure;
+ buffer.value = data.data;
+ buffer.length = data.length;
+
+ ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
+ &name);
+ if (ret) {
+ ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID,
+ &name);
+ if (ret) {
+ krb5_data_free (&data);
+ goto failure;
+ }
+ }
+ ctx->target = (krb5_principal)name;
+ krb5_data_free (&data);
+
+ if (krb5_ret_int32 (sp, &tmp))
+ goto failure;
+ ctx->flags = tmp;
+ if (krb5_ret_int32 (sp, &tmp))
+ goto failure;
+ ctx->more_flags = tmp;
+ if (krb5_ret_int32 (sp, &tmp))
+ goto failure;
+ ctx->lifetime = tmp;
+
+ ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order);
+ if (ret)
+ goto failure;
+
+ krb5_storage_free (sp);
+
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ return GSS_S_COMPLETE;
+
+failure:
+ krb5_auth_con_free (context,
+ ctx->auth_context);
+ if (ctx->source != NULL)
+ krb5_free_principal(context, ctx->source);
+ if (ctx->target != NULL)
+ krb5_free_principal(context, ctx->target);
+ if (localp)
+ krb5_free_address (context, localp);
+ if (remotep)
+ krb5_free_address (context, remotep);
+ if(ctx->order)
+ _gssapi_msg_order_destroy(&ctx->order);
+ HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ krb5_storage_free (sp);
+ free (ctx);
+ *context_handle = GSS_C_NO_CONTEXT;
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/indicate_mechs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/indicate_mechs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/indicate_mechs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: indicate_mechs.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_indicate_mechs
+ (OM_uint32 * minor_status,
+ gss_OID_set * mech_set
+ )
+{
+ OM_uint32 ret, junk;
+
+ ret = gss_create_empty_oid_set(minor_status, mech_set);
+ if (ret)
+ return ret;
+
+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
+ if (ret) {
+ gss_release_oid_set(&junk, mech_set);
+ return ret;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/init.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/init.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/init.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003, 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: init.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static int created_key;
+static HEIMDAL_thread_key context_key;
+
+static void
+destroy_context(void *ptr)
+{
+ krb5_context context = ptr;
+
+ if (context == NULL)
+ return;
+ krb5_free_context(context);
+}
+
+krb5_error_code
+_gsskrb5_init (krb5_context *context)
+{
+ krb5_error_code ret = 0;
+
+ HEIMDAL_MUTEX_lock(&context_mutex);
+
+ if (!created_key) {
+ HEIMDAL_key_create(&context_key, destroy_context, ret);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&context_mutex);
+ return ret;
+ }
+ created_key = 1;
+ }
+ HEIMDAL_MUTEX_unlock(&context_mutex);
+
+ *context = HEIMDAL_getspecific(context_key);
+ if (*context == NULL) {
+
+ ret = krb5_init_context(context);
+ if (ret == 0) {
+ HEIMDAL_setspecific(context_key, *context, ret);
+ if (ret) {
+ krb5_free_context(*context);
+ *context = NULL;
+ }
+ }
+ }
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/init_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/init_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/init_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,811 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: init_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * copy the addresses from `input_chan_bindings' (if any) to
+ * the auth context `ac'
+ */
+
+static OM_uint32
+set_addresses (krb5_context context,
+ krb5_auth_context ac,
+ const gss_channel_bindings_t input_chan_bindings)
+{
+ /* Port numbers are expected to be in application_data.value,
+ * initator's port first */
+
+ krb5_address initiator_addr, acceptor_addr;
+ krb5_error_code kret;
+
+ if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
+ || input_chan_bindings->application_data.length !=
+ 2 * sizeof(ac->local_port))
+ return 0;
+
+ memset(&initiator_addr, 0, sizeof(initiator_addr));
+ memset(&acceptor_addr, 0, sizeof(acceptor_addr));
+
+ ac->local_port =
+ *(int16_t *) input_chan_bindings->application_data.value;
+
+ ac->remote_port =
+ *((int16_t *) input_chan_bindings->application_data.value + 1);
+
+ kret = _gsskrb5i_address_to_krb5addr(context,
+ input_chan_bindings->acceptor_addrtype,
+ &input_chan_bindings->acceptor_address,
+ ac->remote_port,
+ &acceptor_addr);
+ if (kret)
+ return kret;
+
+ kret = _gsskrb5i_address_to_krb5addr(context,
+ input_chan_bindings->initiator_addrtype,
+ &input_chan_bindings->initiator_address,
+ ac->local_port,
+ &initiator_addr);
+ if (kret) {
+ krb5_free_address (context, &acceptor_addr);
+ return kret;
+ }
+
+ kret = krb5_auth_con_setaddrs(context,
+ ac,
+ &initiator_addr, /* local address */
+ &acceptor_addr); /* remote address */
+
+ krb5_free_address (context, &initiator_addr);
+ krb5_free_address (context, &acceptor_addr);
+
+#if 0
+ free(input_chan_bindings->application_data.value);
+ input_chan_bindings->application_data.value = NULL;
+ input_chan_bindings->application_data.length = 0;
+#endif
+
+ return kret;
+}
+
+OM_uint32
+_gsskrb5_create_ctx(
+ OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ krb5_context context,
+ const gss_channel_bindings_t input_chan_bindings,
+ enum gss_ctx_id_t_state state)
+{
+ krb5_error_code kret;
+ gsskrb5_ctx ctx;
+
+ *context_handle = NULL;
+
+ ctx = malloc(sizeof(*ctx));
+ if (ctx == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ ctx->auth_context = NULL;
+ ctx->source = NULL;
+ ctx->target = NULL;
+ ctx->state = state;
+ ctx->flags = 0;
+ ctx->more_flags = 0;
+ ctx->service_keyblock = NULL;
+ ctx->ticket = NULL;
+ krb5_data_zero(&ctx->fwd_data);
+ ctx->lifetime = GSS_C_INDEFINITE;
+ ctx->order = NULL;
+ HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
+
+ kret = krb5_auth_con_init (context, &ctx->auth_context);
+ if (kret) {
+ *minor_status = kret;
+
+ HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+
+ return GSS_S_FAILURE;
+ }
+
+ kret = set_addresses(context, ctx->auth_context, input_chan_bindings);
+ if (kret) {
+ *minor_status = kret;
+
+ HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+
+ krb5_auth_con_free(context, ctx->auth_context);
+
+ return GSS_S_BAD_BINDINGS;
+ }
+
+ /*
+ * We need a sequence number
+ */
+
+ krb5_auth_con_addflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE |
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED,
+ NULL);
+
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ return GSS_S_COMPLETE;
+}
+
+
+static OM_uint32
+gsskrb5_get_creds(
+ OM_uint32 * minor_status,
+ krb5_context context,
+ krb5_ccache ccache,
+ gsskrb5_ctx ctx,
+ krb5_const_principal target_name,
+ OM_uint32 time_req,
+ OM_uint32 * time_rec,
+ krb5_creds ** cred)
+{
+ OM_uint32 ret;
+ krb5_error_code kret;
+ krb5_creds this_cred;
+ OM_uint32 lifetime_rec;
+
+ *cred = NULL;
+
+ memset(&this_cred, 0, sizeof(this_cred));
+ this_cred.client = ctx->source;
+ this_cred.server = ctx->target;
+
+ if (time_req && time_req != GSS_C_INDEFINITE) {
+ krb5_timestamp ts;
+
+ krb5_timeofday (context, &ts);
+ this_cred.times.endtime = ts + time_req;
+ } else {
+ this_cred.times.endtime = 0;
+ }
+
+ this_cred.session.keytype = KEYTYPE_NULL;
+
+ kret = krb5_get_credentials(context,
+ 0,
+ ccache,
+ &this_cred,
+ cred);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->lifetime = (*cred)->times.endtime;
+
+ ret = _gsskrb5_lifetime_left(minor_status, context,
+ ctx->lifetime, &lifetime_rec);
+ if (ret) return ret;
+
+ if (lifetime_rec == 0) {
+ *minor_status = 0;
+ return GSS_S_CONTEXT_EXPIRED;
+ }
+
+ if (time_rec) *time_rec = lifetime_rec;
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+gsskrb5_initiator_ready(
+ OM_uint32 * minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context)
+{
+ OM_uint32 ret;
+ int32_t seq_number;
+ int is_cfx = 0;
+ OM_uint32 flags = ctx->flags;
+
+ krb5_auth_getremoteseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
+
+ _gsskrb5i_is_cfx(ctx, &is_cfx);
+
+ ret = _gssapi_msg_order_create(minor_status,
+ &ctx->order,
+ _gssapi_msg_order_f(flags),
+ seq_number, 0, is_cfx);
+ if (ret) return ret;
+
+ ctx->state = INITIATOR_READY;
+ ctx->more_flags |= OPEN;
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * handle delegated creds in init-sec-context
+ */
+
+static void
+do_delegation (krb5_context context,
+ krb5_auth_context ac,
+ krb5_ccache ccache,
+ krb5_creds *cred,
+ krb5_const_principal name,
+ krb5_data *fwd_data,
+ uint32_t *flags)
+{
+ krb5_creds creds;
+ KDCOptions fwd_flags;
+ krb5_error_code kret;
+
+ memset (&creds, 0, sizeof(creds));
+ krb5_data_zero (fwd_data);
+
+ kret = krb5_cc_get_principal(context, ccache, &creds.client);
+ if (kret)
+ goto out;
+
+ kret = krb5_build_principal(context,
+ &creds.server,
+ strlen(creds.client->realm),
+ creds.client->realm,
+ KRB5_TGS_NAME,
+ creds.client->realm,
+ NULL);
+ if (kret)
+ goto out;
+
+ creds.times.endtime = 0;
+
+ memset(&fwd_flags, 0, sizeof(fwd_flags));
+ fwd_flags.forwarded = 1;
+ fwd_flags.forwardable = 1;
+
+ if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
+ name->name.name_string.len < 2)
+ goto out;
+
+ kret = krb5_get_forwarded_creds(context,
+ ac,
+ ccache,
+ KDCOptions2int(fwd_flags),
+ name->name.name_string.val[1],
+ &creds,
+ fwd_data);
+
+ out:
+ if (kret)
+ *flags &= ~GSS_C_DELEG_FLAG;
+ else
+ *flags |= GSS_C_DELEG_FLAG;
+
+ if (creds.client)
+ krb5_free_principal(context, creds.client);
+ if (creds.server)
+ krb5_free_principal(context, creds.server);
+}
+
+/*
+ * first stage of init-sec-context
+ */
+
+static OM_uint32
+init_auth
+(OM_uint32 * minor_status,
+ gsskrb5_cred initiator_cred_handle,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ krb5_const_principal name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ OM_uint32 ret = GSS_S_FAILURE;
+ krb5_error_code kret;
+ krb5_flags ap_options;
+ krb5_creds *cred = NULL;
+ krb5_data outbuf;
+ krb5_ccache ccache = NULL;
+ uint32_t flags;
+ krb5_data authenticator;
+ Checksum cksum;
+ krb5_enctype enctype;
+ krb5_data fwd_data;
+ OM_uint32 lifetime_rec;
+
+ krb5_data_zero(&outbuf);
+ krb5_data_zero(&fwd_data);
+
+ *minor_status = 0;
+
+ if (actual_mech_type)
+ *actual_mech_type = GSS_KRB5_MECHANISM;
+
+ if (initiator_cred_handle == NULL) {
+ kret = krb5_cc_default (context, &ccache);
+ if (kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+ } else
+ ccache = initiator_cred_handle->ccache;
+
+ kret = krb5_cc_get_principal (context, ccache, &ctx->source);
+ if (kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ kret = krb5_copy_principal (context, name, &ctx->target);
+ if (kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
+ if (ret)
+ goto failure;
+
+
+ /*
+ * This is hideous glue for (NFS) clients that wants to limit the
+ * available enctypes to what it can support (encryption in
+ * kernel). If there is no enctypes selected for this credential,
+ * reset it to the default set of enctypes.
+ */
+ {
+ krb5_enctype *enctypes = NULL;
+
+ if (initiator_cred_handle && initiator_cred_handle->enctypes)
+ enctypes = initiator_cred_handle->enctypes;
+ krb5_set_default_in_tkt_etypes(context, enctypes);
+ }
+
+ ret = gsskrb5_get_creds(minor_status,
+ context,
+ ccache,
+ ctx,
+ ctx->target,
+ time_req,
+ time_rec,
+ &cred);
+ if (ret)
+ goto failure;
+
+ ctx->lifetime = cred->times.endtime;
+
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ ctx->lifetime,
+ &lifetime_rec);
+ if (ret) {
+ goto failure;
+ }
+
+ if (lifetime_rec == 0) {
+ *minor_status = 0;
+ ret = GSS_S_CONTEXT_EXPIRED;
+ goto failure;
+ }
+
+ krb5_auth_con_setkey(context,
+ ctx->auth_context,
+ &cred->session);
+
+ kret = krb5_auth_con_generatelocalsubkey(context,
+ ctx->auth_context,
+ &cred->session);
+ if(kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ /*
+ * If the credential doesn't have ok-as-delegate, check what local
+ * policy say about ok-as-delegate, default is FALSE that makes
+ * code ignore the KDC setting and follow what the application
+ * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
+ * KDC doesn't set ok-as-delegate.
+ */
+ if (!cred->flags.b.ok_as_delegate) {
+ krb5_boolean delegate;
+
+ krb5_appdefault_boolean(context,
+ "gssapi", name->realm,
+ "ok-as-delegate", FALSE, &delegate);
+ if (delegate)
+ req_flags &= ~GSS_C_DELEG_FLAG;
+ }
+
+ flags = 0;
+ ap_options = 0;
+ if (req_flags & GSS_C_DELEG_FLAG)
+ do_delegation (context,
+ ctx->auth_context,
+ ccache, cred, name, &fwd_data, &flags);
+
+ if (req_flags & GSS_C_MUTUAL_FLAG) {
+ flags |= GSS_C_MUTUAL_FLAG;
+ ap_options |= AP_OPTS_MUTUAL_REQUIRED;
+ }
+
+ if (req_flags & GSS_C_REPLAY_FLAG)
+ flags |= GSS_C_REPLAY_FLAG;
+ if (req_flags & GSS_C_SEQUENCE_FLAG)
+ flags |= GSS_C_SEQUENCE_FLAG;
+ if (req_flags & GSS_C_ANON_FLAG)
+ ; /* XXX */
+ if (req_flags & GSS_C_DCE_STYLE) {
+ /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
+ flags |= GSS_C_DCE_STYLE | GSS_C_MUTUAL_FLAG;
+ ap_options |= AP_OPTS_MUTUAL_REQUIRED;
+ }
+ if (req_flags & GSS_C_IDENTIFY_FLAG)
+ flags |= GSS_C_IDENTIFY_FLAG;
+ if (req_flags & GSS_C_EXTENDED_ERROR_FLAG)
+ flags |= GSS_C_EXTENDED_ERROR_FLAG;
+
+ flags |= GSS_C_CONF_FLAG;
+ flags |= GSS_C_INTEG_FLAG;
+ flags |= GSS_C_TRANS_FLAG;
+
+ if (ret_flags)
+ *ret_flags = flags;
+ ctx->flags = flags;
+ ctx->more_flags |= LOCAL;
+
+ ret = _gsskrb5_create_8003_checksum (minor_status,
+ input_chan_bindings,
+ flags,
+ &fwd_data,
+ &cksum);
+ krb5_data_free (&fwd_data);
+ if (ret)
+ goto failure;
+
+ enctype = ctx->auth_context->keyblock->keytype;
+
+ kret = krb5_build_authenticator (context,
+ ctx->auth_context,
+ enctype,
+ cred,
+ &cksum,
+ NULL,
+ &authenticator,
+ KRB5_KU_AP_REQ_AUTH);
+
+ if (kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ kret = krb5_build_ap_req (context,
+ enctype,
+ cred,
+ ap_options,
+ authenticator,
+ &outbuf);
+
+ if (kret) {
+ *minor_status = kret;
+ ret = GSS_S_FAILURE;
+ goto failure;
+ }
+
+ ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
+ (u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
+ if (ret)
+ goto failure;
+
+ krb5_data_free (&outbuf);
+ krb5_free_creds(context, cred);
+ free_Checksum(&cksum);
+ if (initiator_cred_handle == NULL)
+ krb5_cc_close(context, ccache);
+
+ if (flags & GSS_C_MUTUAL_FLAG) {
+ ctx->state = INITIATOR_WAIT_FOR_MUTAL;
+ return GSS_S_CONTINUE_NEEDED;
+ }
+
+ return gsskrb5_initiator_ready(minor_status, ctx, context);
+failure:
+ if(cred)
+ krb5_free_creds(context, cred);
+ if (ccache && initiator_cred_handle == NULL)
+ krb5_cc_close(context, ccache);
+
+ return ret;
+
+}
+
+static OM_uint32
+repl_mutual
+(OM_uint32 * minor_status,
+ gsskrb5_ctx ctx,
+ krb5_context context,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ OM_uint32 ret;
+ krb5_error_code kret;
+ krb5_data indata;
+ krb5_ap_rep_enc_part *repl;
+ int is_cfx = 0;
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (actual_mech_type)
+ *actual_mech_type = GSS_KRB5_MECHANISM;
+
+ if (ctx->flags & GSS_C_DCE_STYLE) {
+ /* There is no OID wrapping. */
+ indata.length = input_token->length;
+ indata.data = input_token->value;
+ } else {
+ ret = _gsskrb5_decapsulate (minor_status,
+ input_token,
+ &indata,
+ "\x02\x00",
+ GSS_KRB5_MECHANISM);
+ if (ret) {
+ /* XXX - Handle AP_ERROR */
+ return ret;
+ }
+ }
+
+ kret = krb5_rd_rep (context,
+ ctx->auth_context,
+ &indata,
+ &repl);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+ krb5_free_ap_rep_enc_part (context,
+ repl);
+
+ _gsskrb5i_is_cfx(ctx, &is_cfx);
+ if (is_cfx) {
+ krb5_keyblock *key = NULL;
+
+ kret = krb5_auth_con_getremotesubkey(context,
+ ctx->auth_context,
+ &key);
+ if (kret == 0 && key != NULL) {
+ ctx->more_flags |= ACCEPTOR_SUBKEY;
+ krb5_free_keyblock (context, key);
+ }
+ }
+
+
+ *minor_status = 0;
+ if (time_rec) {
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ ctx->lifetime,
+ time_rec);
+ } else {
+ ret = GSS_S_COMPLETE;
+ }
+ if (ret_flags)
+ *ret_flags = ctx->flags;
+
+ if (req_flags & GSS_C_DCE_STYLE) {
+ int32_t con_flags;
+ krb5_data outbuf;
+
+ /* Do don't do sequence number for the mk-rep */
+ krb5_auth_con_removeflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE,
+ &con_flags);
+
+ kret = krb5_mk_rep(context,
+ ctx->auth_context,
+ &outbuf);
+ if (kret) {
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+ }
+
+ output_token->length = outbuf.length;
+ output_token->value = outbuf.data;
+
+ krb5_auth_con_removeflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE,
+ NULL);
+ }
+
+ return gsskrb5_initiator_ready(minor_status, ctx, context);
+}
+
+/*
+ * gss_init_sec_context
+ */
+
+OM_uint32 _gsskrb5_init_sec_context
+(OM_uint32 * minor_status,
+ const gss_cred_id_t initiator_cred_handle,
+ gss_ctx_id_t * context_handle,
+ const gss_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ krb5_context context;
+ gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle;
+ krb5_const_principal name = (krb5_const_principal)target_name;
+ gsskrb5_ctx ctx;
+ OM_uint32 ret;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (context_handle == NULL) {
+ *minor_status = 0;
+ return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
+ }
+
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+
+ if (target_name == GSS_C_NO_NAME) {
+ if (actual_mech_type)
+ *actual_mech_type = GSS_C_NO_OID;
+ *minor_status = 0;
+ return GSS_S_BAD_NAME;
+ }
+
+ if (mech_type != GSS_C_NO_OID &&
+ !gss_oid_equal(mech_type, GSS_KRB5_MECHANISM))
+ return GSS_S_BAD_MECH;
+
+ if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+ OM_uint32 ret;
+
+ if (*context_handle != GSS_C_NO_CONTEXT) {
+ *minor_status = 0;
+ return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
+ }
+
+ ret = _gsskrb5_create_ctx(minor_status,
+ context_handle,
+ context,
+ input_chan_bindings,
+ INITIATOR_START);
+ if (ret)
+ return ret;
+ }
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ *minor_status = 0;
+ return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
+ }
+
+ ctx = (gsskrb5_ctx) *context_handle;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ switch (ctx->state) {
+ case INITIATOR_START:
+ ret = init_auth(minor_status,
+ cred,
+ ctx,
+ context,
+ name,
+ mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+ break;
+ case INITIATOR_WAIT_FOR_MUTAL:
+ ret = repl_mutual(minor_status,
+ ctx,
+ context,
+ mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+ break;
+ case INITIATOR_READY:
+ /*
+ * If we get there, the caller have called
+ * gss_init_sec_context() one time too many.
+ */
+ *minor_status = 0;
+ ret = GSS_S_BAD_STATUS;
+ break;
+ default:
+ *minor_status = 0;
+ ret = GSS_S_BAD_STATUS;
+ break;
+ }
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ /* destroy context in case of error */
+ if (GSS_ERROR(ret)) {
+ OM_uint32 min2;
+ _gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER);
+ }
+
+ return ret;
+
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 1997, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_inquire_context (
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_name_t * src_name,
+ gss_name_t * targ_name,
+ OM_uint32 * lifetime_rec,
+ gss_OID * mech_type,
+ OM_uint32 * ctx_flags,
+ int * locally_initiated,
+ int * open_context
+ )
+{
+ krb5_context context;
+ OM_uint32 ret;
+ gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
+ gss_name_t name;
+
+ if (src_name)
+ *src_name = GSS_C_NO_NAME;
+ if (targ_name)
+ *targ_name = GSS_C_NO_NAME;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ if (src_name) {
+ name = (gss_name_t)ctx->source;
+ ret = _gsskrb5_duplicate_name (minor_status, name, src_name);
+ if (ret)
+ goto failed;
+ }
+
+ if (targ_name) {
+ name = (gss_name_t)ctx->target;
+ ret = _gsskrb5_duplicate_name (minor_status, name, targ_name);
+ if (ret)
+ goto failed;
+ }
+
+ if (lifetime_rec) {
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ ctx->lifetime,
+ lifetime_rec);
+ if (ret)
+ goto failed;
+ }
+
+ if (mech_type)
+ *mech_type = GSS_KRB5_MECHANISM;
+
+ if (ctx_flags)
+ *ctx_flags = ctx->flags;
+
+ if (locally_initiated)
+ *locally_initiated = ctx->more_flags & LOCAL;
+
+ if (open_context)
+ *open_context = ctx->more_flags & OPEN;
+
+ *minor_status = 0;
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_COMPLETE;
+
+failed:
+ if (src_name)
+ _gsskrb5_release_name(NULL, src_name);
+ if (targ_name)
+ _gsskrb5_release_name(NULL, targ_name);
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 1997, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_inquire_cred
+(OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ gss_name_t * output_name,
+ OM_uint32 * lifetime,
+ gss_cred_usage_t * cred_usage,
+ gss_OID_set * mechanisms
+ )
+{
+ krb5_context context;
+ gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
+ gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
+ gsskrb5_cred acred = NULL, icred = NULL;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+
+ if (output_name)
+ *output_name = NULL;
+ if (mechanisms)
+ *mechanisms = GSS_C_NO_OID_SET;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (cred_handle == GSS_C_NO_CREDENTIAL) {
+ ret = _gsskrb5_acquire_cred(minor_status,
+ GSS_C_NO_NAME,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ GSS_C_ACCEPT,
+ &aqcred_accept,
+ NULL,
+ NULL);
+ if (ret == GSS_S_COMPLETE)
+ acred = (gsskrb5_cred)aqcred_accept;
+
+ ret = _gsskrb5_acquire_cred(minor_status,
+ GSS_C_NO_NAME,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ GSS_C_INITIATE,
+ &aqcred_init,
+ NULL,
+ NULL);
+ if (ret == GSS_S_COMPLETE)
+ icred = (gsskrb5_cred)aqcred_init;
+
+ if (icred == NULL && acred == NULL) {
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+ } else
+ acred = (gsskrb5_cred)cred_handle;
+
+ if (acred)
+ HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
+ if (icred)
+ HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
+
+ if (output_name != NULL) {
+ if (icred && icred->principal != NULL) {
+ gss_name_t name;
+
+ if (acred && acred->principal)
+ name = (gss_name_t)acred->principal;
+ else
+ name = (gss_name_t)icred->principal;
+
+ ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
+ if (ret)
+ goto out;
+ } else if (acred && acred->usage == GSS_C_ACCEPT) {
+ krb5_principal princ;
+ *minor_status = krb5_sname_to_principal(context, NULL,
+ NULL, KRB5_NT_SRV_HST,
+ &princ);
+ if (*minor_status) {
+ ret = GSS_S_FAILURE;
+ goto out;
+ }
+ *output_name = (gss_name_t)princ;
+ } else {
+ krb5_principal princ;
+ *minor_status = krb5_get_default_principal(context,
+ &princ);
+ if (*minor_status) {
+ ret = GSS_S_FAILURE;
+ goto out;
+ }
+ *output_name = (gss_name_t)princ;
+ }
+ }
+ if (lifetime != NULL) {
+ OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
+
+ if (acred) alife = acred->lifetime;
+ if (icred) ilife = icred->lifetime;
+
+ ret = _gsskrb5_lifetime_left(minor_status,
+ context,
+ min(alife,ilife),
+ lifetime);
+ if (ret)
+ goto out;
+ }
+ if (cred_usage != NULL) {
+ if (acred && icred)
+ *cred_usage = GSS_C_BOTH;
+ else if (acred)
+ *cred_usage = GSS_C_ACCEPT;
+ else if (icred)
+ *cred_usage = GSS_C_INITIATE;
+ else
+ abort();
+ }
+
+ if (mechanisms != NULL) {
+ ret = gss_create_empty_oid_set(minor_status, mechanisms);
+ if (ret)
+ goto out;
+ if (acred)
+ ret = gss_add_oid_set_member(minor_status,
+ &acred->mechanisms->elements[0],
+ mechanisms);
+ if (ret == GSS_S_COMPLETE && icred)
+ ret = gss_add_oid_set_member(minor_status,
+ &icred->mechanisms->elements[0],
+ mechanisms);
+ if (ret)
+ goto out;
+ }
+ ret = GSS_S_COMPLETE;
+out:
+ if (acred)
+ HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
+ if (icred)
+ HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
+
+ if (aqcred_init != GSS_C_NO_CREDENTIAL)
+ ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
+ if (aqcred_accept != GSS_C_NO_CREDENTIAL)
+ ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_mech.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_mech.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_mech.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_cred_by_mech.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_inquire_cred_by_mech (
+ OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID mech_type,
+ gss_name_t * name,
+ OM_uint32 * initiator_lifetime,
+ OM_uint32 * acceptor_lifetime,
+ gss_cred_usage_t * cred_usage
+ )
+{
+ gss_cred_usage_t usage;
+ OM_uint32 maj_stat;
+ OM_uint32 lifetime;
+
+ maj_stat =
+ _gsskrb5_inquire_cred (minor_status, cred_handle,
+ name, &lifetime, &usage, NULL);
+ if (maj_stat)
+ return maj_stat;
+
+ if (initiator_lifetime) {
+ if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
+ *initiator_lifetime = lifetime;
+ else
+ *initiator_lifetime = 0;
+ }
+
+ if (acceptor_lifetime) {
+ if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
+ *acceptor_lifetime = lifetime;
+ else
+ *acceptor_lifetime = 0;
+ }
+
+ if (cred_usage)
+ *cred_usage = usage;
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_oid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_oid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_cred_by_oid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_cred_by_oid.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_inquire_cred_by_oid
+ (OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ krb5_context context;
+ gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
+ krb5_error_code ret;
+ gss_buffer_desc buffer;
+ char *str;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (gss_oid_equal(desired_object, GSS_KRB5_COPY_CCACHE_X) == 0) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
+
+ if (cred->ccache == NULL) {
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_cc_get_full_name(context, cred->ccache, &str);
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ buffer.value = str;
+ buffer.length = strlen(str);
+
+ ret = gss_add_buffer_set_member(minor_status, &buffer, data_set);
+ if (ret != GSS_S_COMPLETE)
+ _gsskrb5_clear_status ();
+
+ free(str);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_mechs_for_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_mechs_for_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_mechs_for_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_mechs_for_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_inquire_mechs_for_name (
+ OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_OID_set * mech_types
+ )
+{
+ OM_uint32 ret;
+
+ ret = gss_create_empty_oid_set(minor_status, mech_types);
+ if (ret)
+ return ret;
+
+ ret = gss_add_oid_set_member(minor_status,
+ GSS_KRB5_MECHANISM,
+ mech_types);
+ if (ret)
+ gss_release_oid_set(NULL, mech_types);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_names_for_mech.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_names_for_mech.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_names_for_mech.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_names_for_mech.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+
+static gss_OID *name_list[] = {
+ &GSS_C_NT_HOSTBASED_SERVICE,
+ &GSS_C_NT_USER_NAME,
+ &GSS_KRB5_NT_PRINCIPAL_NAME,
+ &GSS_C_NT_EXPORT_NAME,
+ NULL
+};
+
+OM_uint32 _gsskrb5_inquire_names_for_mech (
+ OM_uint32 * minor_status,
+ const gss_OID mechanism,
+ gss_OID_set * name_types
+ )
+{
+ OM_uint32 ret;
+ int i;
+
+ *minor_status = 0;
+
+ if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
+ gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
+ *name_types = GSS_C_NO_OID_SET;
+ return GSS_S_BAD_MECH;
+ }
+
+ ret = gss_create_empty_oid_set(minor_status, name_types);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ for (i = 0; name_list[i] != NULL; i++) {
+ ret = gss_add_oid_set_member(minor_status,
+ *(name_list[i]),
+ name_types);
+ if (ret != GSS_S_COMPLETE)
+ break;
+ }
+
+ if (ret != GSS_S_COMPLETE)
+ gss_release_oid_set(NULL, name_types);
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_sec_context_by_oid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_sec_context_by_oid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/inquire_sec_context_by_oid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,557 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: inquire_sec_context_by_oid.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int
+oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix)
+{
+ int ret;
+ heim_oid oid;
+ heim_oid prefix;
+
+ *suffix = 0;
+
+ ret = der_get_oid(oid_enc->elements, oid_enc->length,
+ &oid, NULL);
+ if (ret) {
+ return 0;
+ }
+
+ ret = der_get_oid(prefix_enc->elements, prefix_enc->length,
+ &prefix, NULL);
+ if (ret) {
+ der_free_oid(&oid);
+ return 0;
+ }
+
+ ret = 0;
+
+ if (oid.length - 1 == prefix.length) {
+ *suffix = oid.components[oid.length - 1];
+ oid.length--;
+ ret = (der_heim_oid_cmp(&oid, &prefix) == 0);
+ oid.length++;
+ }
+
+ der_free_oid(&oid);
+ der_free_oid(&prefix);
+
+ return ret;
+}
+
+static OM_uint32 inquire_sec_context_tkt_flags
+ (OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ gss_buffer_set_t *data_set)
+{
+ OM_uint32 tkt_flags;
+ unsigned char buf[4];
+ gss_buffer_desc value;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+
+ if (context_handle->ticket == NULL) {
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ _gsskrb5_set_status("No ticket from which to obtain flags");
+ *minor_status = EINVAL;
+ return GSS_S_BAD_MECH;
+ }
+
+ tkt_flags = TicketFlags2int(context_handle->ticket->ticket.flags);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ _gsskrb5_encode_om_uint32(tkt_flags, buf);
+ value.length = sizeof(buf);
+ value.value = buf;
+
+ return gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+}
+
+enum keytype { ACCEPTOR_KEY, INITIATOR_KEY, TOKEN_KEY };
+
+static OM_uint32 inquire_sec_context_get_subkey
+ (OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ enum keytype keytype,
+ gss_buffer_set_t *data_set)
+{
+ krb5_keyblock *key = NULL;
+ krb5_storage *sp = NULL;
+ krb5_data data;
+ OM_uint32 maj_stat = GSS_S_COMPLETE;
+ krb5_error_code ret;
+
+ krb5_data_zero(&data);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ _gsskrb5_clear_status();
+ ret = ENOMEM;
+ goto out;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ switch(keytype) {
+ case ACCEPTOR_KEY:
+ ret = _gsskrb5i_get_acceptor_subkey(context_handle, context, &key);
+ break;
+ case INITIATOR_KEY:
+ ret = _gsskrb5i_get_initiator_subkey(context_handle, context, &key);
+ break;
+ case TOKEN_KEY:
+ ret = _gsskrb5i_get_token_key(context_handle, context, &key);
+ break;
+ default:
+ _gsskrb5_set_status("%d is not a valid subkey type", keytype);
+ ret = EINVAL;
+ break;
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ if (ret)
+ goto out;
+ if (key == NULL) {
+ _gsskrb5_set_status("have no subkey of type %d", keytype);
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = krb5_store_keyblock(sp, *key);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ goto out;
+
+ ret = krb5_storage_to_data(sp, &data);
+ if (ret)
+ goto out;
+
+ {
+ gss_buffer_desc value;
+
+ value.length = data.length;
+ value.value = data.data;
+
+ maj_stat = gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+ }
+
+out:
+ krb5_data_free(&data);
+ if (sp)
+ krb5_storage_free(sp);
+ if (ret) {
+ *minor_status = ret;
+ maj_stat = GSS_S_FAILURE;
+ }
+ return maj_stat;
+}
+
+static OM_uint32 inquire_sec_context_authz_data
+ (OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ unsigned ad_type,
+ gss_buffer_set_t *data_set)
+{
+ krb5_data data;
+ gss_buffer_desc ad_data;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+ *data_set = GSS_C_NO_BUFFER_SET;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ if (context_handle->ticket == NULL) {
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ *minor_status = EINVAL;
+ _gsskrb5_set_status("No ticket to obtain authz data from");
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ret = krb5_ticket_get_authorization_data_type(context,
+ context_handle->ticket,
+ ad_type,
+ &data);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ad_data.value = data.data;
+ ad_data.length = data.length;
+
+ ret = gss_add_buffer_set_member(minor_status,
+ &ad_data,
+ data_set);
+
+ krb5_data_free(&data);
+
+ return ret;
+}
+
+static OM_uint32 inquire_sec_context_has_updated_spnego
+ (OM_uint32 *minor_status,
+ const gsskrb5_ctx context_handle,
+ gss_buffer_set_t *data_set)
+{
+ int is_updated = 0;
+
+ *minor_status = 0;
+ *data_set = GSS_C_NO_BUFFER_SET;
+
+ /*
+ * For Windows SPNEGO implementations, both the initiator and the
+ * acceptor are assumed to have been updated if a "newer" [CLAR] or
+ * different enctype is negotiated for use by the Kerberos GSS-API
+ * mechanism.
+ */
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ _gsskrb5i_is_cfx(context_handle, &is_updated);
+ if (is_updated == 0) {
+ krb5_keyblock *acceptor_subkey;
+
+ if (context_handle->more_flags & LOCAL)
+ acceptor_subkey = context_handle->auth_context->remote_subkey;
+ else
+ acceptor_subkey = context_handle->auth_context->local_subkey;
+
+ if (acceptor_subkey != NULL)
+ is_updated = (acceptor_subkey->keytype !=
+ context_handle->auth_context->keyblock->keytype);
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ return is_updated ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+export_lucid_sec_context_v1(OM_uint32 *minor_status,
+ gsskrb5_ctx context_handle,
+ krb5_context context,
+ gss_buffer_set_t *data_set)
+{
+ krb5_storage *sp = NULL;
+ OM_uint32 major_status = GSS_S_COMPLETE;
+ krb5_error_code ret;
+ krb5_keyblock *key = NULL;
+ int32_t number;
+ int is_cfx;
+ krb5_data data;
+
+ *minor_status = 0;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+
+ _gsskrb5i_is_cfx(context_handle, &is_cfx);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ _gsskrb5_clear_status();
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = krb5_store_int32(sp, 1);
+ if (ret) goto out;
+ ret = krb5_store_int32(sp, (context_handle->more_flags & LOCAL) ? 1 : 0);
+ if (ret) goto out;
+ ret = krb5_store_int32(sp, context_handle->lifetime);
+ if (ret) goto out;
+ krb5_auth_con_getlocalseqnumber (context,
+ context_handle->auth_context,
+ &number);
+ ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
+ ret = krb5_store_uint32(sp, (uint32_t)number);
+ krb5_auth_getremoteseqnumber (context,
+ context_handle->auth_context,
+ &number);
+ ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
+ ret = krb5_store_uint32(sp, (uint32_t)number);
+ ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0);
+ if (ret) goto out;
+
+ ret = _gsskrb5i_get_token_key(context_handle, context, &key);
+ if (ret) goto out;
+
+ if (is_cfx == 0) {
+ int sign_alg, seal_alg;
+
+ switch (key->keytype) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ sign_alg = 0;
+ seal_alg = 0;
+ break;
+ case ETYPE_DES3_CBC_MD5:
+ case ETYPE_DES3_CBC_SHA1:
+ sign_alg = 4;
+ seal_alg = 2;
+ break;
+ case ETYPE_ARCFOUR_HMAC_MD5:
+ case ETYPE_ARCFOUR_HMAC_MD5_56:
+ sign_alg = 17;
+ seal_alg = 16;
+ break;
+ default:
+ sign_alg = -1;
+ seal_alg = -1;
+ break;
+ }
+ ret = krb5_store_int32(sp, sign_alg);
+ if (ret) goto out;
+ ret = krb5_store_int32(sp, seal_alg);
+ if (ret) goto out;
+ /* ctx_key */
+ ret = krb5_store_keyblock(sp, *key);
+ if (ret) goto out;
+ } else {
+ int subkey_p = (context_handle->more_flags & ACCEPTOR_SUBKEY) ? 1 : 0;
+
+ /* have_acceptor_subkey */
+ ret = krb5_store_int32(sp, subkey_p);
+ if (ret) goto out;
+ /* ctx_key */
+ ret = krb5_store_keyblock(sp, *key);
+ if (ret) goto out;
+ /* acceptor_subkey */
+ if (subkey_p) {
+ ret = krb5_store_keyblock(sp, *key);
+ if (ret) goto out;
+ }
+ }
+ ret = krb5_storage_to_data(sp, &data);
+ if (ret) goto out;
+
+ {
+ gss_buffer_desc ad_data;
+
+ ad_data.value = data.data;
+ ad_data.length = data.length;
+
+ ret = gss_add_buffer_set_member(minor_status, &ad_data, data_set);
+ krb5_data_free(&data);
+ if (ret)
+ goto out;
+ }
+
+out:
+ if (key)
+ krb5_free_keyblock (context, key);
+ if (sp)
+ krb5_storage_free(sp);
+ if (ret) {
+ *minor_status = ret;
+ major_status = GSS_S_FAILURE;
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return major_status;
+}
+
+static OM_uint32
+get_authtime(OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ gss_buffer_set_t *data_set)
+
+{
+ gss_buffer_desc value;
+ unsigned char buf[4];
+ OM_uint32 authtime;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ if (ctx->ticket == NULL) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ _gsskrb5_set_status("No ticket to obtain auth time from");
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ authtime = ctx->ticket->ticket.authtime;
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ _gsskrb5_encode_om_uint32(authtime, buf);
+ value.length = sizeof(buf);
+ value.value = buf;
+
+ return gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+}
+
+
+static OM_uint32
+get_service_keyblock
+ (OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ gss_buffer_set_t *data_set)
+{
+ krb5_storage *sp = NULL;
+ krb5_data data;
+ OM_uint32 maj_stat = GSS_S_COMPLETE;
+ krb5_error_code ret = EINVAL;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ _gsskrb5_clear_status();
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ if (ctx->service_keyblock == NULL) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ _gsskrb5_set_status("No service keyblock on gssapi context");
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ krb5_data_zero(&data);
+
+ ret = krb5_store_keyblock(sp, *ctx->service_keyblock);
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ if (ret)
+ goto out;
+
+ ret = krb5_storage_to_data(sp, &data);
+ if (ret)
+ goto out;
+
+ {
+ gss_buffer_desc value;
+
+ value.length = data.length;
+ value.value = data.data;
+
+ maj_stat = gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+ }
+
+out:
+ krb5_data_free(&data);
+ if (sp)
+ krb5_storage_free(sp);
+ if (ret) {
+ *minor_status = ret;
+ maj_stat = GSS_S_FAILURE;
+ }
+ return maj_stat;
+}
+/*
+ *
+ */
+
+OM_uint32 _gsskrb5_inquire_sec_context_by_oid
+ (OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ krb5_context context;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+ unsigned suffix;
+
+ if (ctx == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_NO_CONTEXT;
+ }
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (gss_oid_equal(desired_object, GSS_KRB5_GET_TKT_FLAGS_X)) {
+ return inquire_sec_context_tkt_flags(minor_status,
+ ctx,
+ data_set);
+ } else if (gss_oid_equal(desired_object, GSS_C_PEER_HAS_UPDATED_SPNEGO)) {
+ return inquire_sec_context_has_updated_spnego(minor_status,
+ ctx,
+ data_set);
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SUBKEY_X)) {
+ return inquire_sec_context_get_subkey(minor_status,
+ ctx,
+ context,
+ TOKEN_KEY,
+ data_set);
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_INITIATOR_SUBKEY_X)) {
+ return inquire_sec_context_get_subkey(minor_status,
+ ctx,
+ context,
+ INITIATOR_KEY,
+ data_set);
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_ACCEPTOR_SUBKEY_X)) {
+ return inquire_sec_context_get_subkey(minor_status,
+ ctx,
+ context,
+ ACCEPTOR_KEY,
+ data_set);
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) {
+ return get_authtime(minor_status, ctx, data_set);
+ } else if (oid_prefix_equal(desired_object,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X,
+ &suffix)) {
+ return inquire_sec_context_authz_data(minor_status,
+ ctx,
+ context,
+ suffix,
+ data_set);
+ } else if (oid_prefix_equal(desired_object,
+ GSS_KRB5_EXPORT_LUCID_CONTEXT_X,
+ &suffix)) {
+ if (suffix == 1)
+ return export_lucid_sec_context_v1(minor_status,
+ ctx,
+ context,
+ data_set);
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SERVICE_KEYBLOCK_X)) {
+ return get_service_keyblock(minor_status, ctx, data_set);
+ } else {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/prf.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/prf.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/prf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: prf.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gsskrb5_pseudo_random(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out)
+{
+ gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ krb5_data input, output;
+ uint32_t num;
+ unsigned char *p;
+ krb5_keyblock *key = NULL;
+
+ if (ctx == NULL) {
+ *minor_status = 0;
+ return GSS_S_NO_CONTEXT;
+ }
+
+ if (desired_output_len <= 0) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ GSSAPI_KRB5_INIT (&context);
+
+ switch(prf_key) {
+ case GSS_C_PRF_KEY_FULL:
+ _gsskrb5i_get_acceptor_subkey(ctx, context, &key);
+ break;
+ case GSS_C_PRF_KEY_PARTIAL:
+ _gsskrb5i_get_initiator_subkey(ctx, context, &key);
+ break;
+ default:
+ _gsskrb5_set_status("unknown kerberos prf_key");
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ if (key == NULL) {
+ _gsskrb5_set_status("no prf_key found");
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ krb5_free_keyblock (context, key);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ prf_out->value = malloc(desired_output_len);
+ if (prf_out->value == NULL) {
+ _gsskrb5_set_status("Out of memory");
+ *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
+ krb5_crypto_destroy(context, crypto);
+ return GSS_S_FAILURE;
+ }
+ prf_out->length = desired_output_len;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ input.length = prf_in->length + 4;
+ input.data = malloc(prf_in->length + 4);
+ if (input.data == NULL) {
+ OM_uint32 junk;
+ _gsskrb5_set_status("Out of memory");
+ *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
+ gss_release_buffer(&junk, prf_out);
+ krb5_crypto_destroy(context, crypto);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_FAILURE;
+ }
+ memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
+
+ num = 0;
+ p = prf_out->value;
+ while(desired_output_len > 0) {
+ _gsskrb5_encode_om_uint32(num, input.data);
+ ret = krb5_crypto_prf(context, crypto, &input, &output);
+ if (ret) {
+ OM_uint32 junk;
+ *minor_status = ret;
+ free(input.data);
+ gss_release_buffer(&junk, prf_out);
+ krb5_crypto_destroy(context, crypto);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_FAILURE;
+ }
+ memcpy(p, output.data, min(desired_output_len, output.length));
+ p += output.length;
+ desired_output_len -= output.length;
+ krb5_data_free(&output);
+ num++;
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/process_context_token.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/process_context_token.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/process_context_token.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: process_context_token.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_process_context_token (
+ OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer
+ )
+{
+ krb5_context context;
+ OM_uint32 ret = GSS_S_FAILURE;
+ gss_buffer_desc empty_buffer;
+ gss_qop_t qop_state;
+
+ empty_buffer.length = 0;
+ empty_buffer.value = NULL;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ qop_state = GSS_C_QOP_DEFAULT;
+
+ ret = _gsskrb5_verify_mic_internal(minor_status,
+ (gsskrb5_ctx)context_handle,
+ context,
+ token_buffer, &empty_buffer,
+ GSS_C_QOP_DEFAULT, "\x01\x02");
+
+ if (ret == GSS_S_COMPLETE)
+ ret = _gsskrb5_delete_sec_context(minor_status,
+ rk_UNCONST(&context_handle),
+ GSS_C_NO_BUFFER);
+ if (ret == GSS_S_COMPLETE)
+ *minor_status = 0;
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_buffer.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_buffer.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_buffer.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: release_buffer.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_release_buffer
+ (OM_uint32 * minor_status,
+ gss_buffer_t buffer
+ )
+{
+ *minor_status = 0;
+ free (buffer->value);
+ buffer->value = NULL;
+ buffer->length = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: release_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_release_cred
+ (OM_uint32 * minor_status,
+ gss_cred_id_t * cred_handle
+ )
+{
+ krb5_context context;
+ gsskrb5_cred cred;
+ OM_uint32 junk;
+
+ *minor_status = 0;
+
+ if (*cred_handle == NULL)
+ return GSS_S_COMPLETE;
+
+ cred = (gsskrb5_cred)*cred_handle;
+ *cred_handle = GSS_C_NO_CREDENTIAL;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
+
+ if (cred->principal != NULL)
+ krb5_free_principal(context, cred->principal);
+ if (cred->keytab != NULL)
+ krb5_kt_close(context, cred->keytab);
+ if (cred->ccache != NULL) {
+ const krb5_cc_ops *ops;
+ ops = krb5_cc_get_ops(context, cred->ccache);
+ if (cred->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE)
+ krb5_cc_destroy(context, cred->ccache);
+ else
+ krb5_cc_close(context, cred->ccache);
+ }
+ gss_release_oid_set(&junk, &cred->mechanisms);
+ if (cred->enctypes)
+ free(cred->enctypes);
+ HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
+ HEIMDAL_MUTEX_destroy(&cred->cred_id_mutex);
+ memset(cred, 0, sizeof(*cred));
+ free(cred);
+ return GSS_S_COMPLETE;
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/release_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: release_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gsskrb5_release_name
+ (OM_uint32 * minor_status,
+ gss_name_t * input_name
+ )
+{
+ krb5_context context;
+ krb5_principal name = (krb5_principal)*input_name;
+
+ *minor_status = 0;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ *input_name = GSS_C_NO_NAME;
+
+ krb5_free_principal(context, name);
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/sequence.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/sequence.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/sequence.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: sequence.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+#define DEFAULT_JITTER_WINDOW 20
+
+struct gss_msg_order {
+ OM_uint32 flags;
+ OM_uint32 start;
+ OM_uint32 length;
+ OM_uint32 jitter_window;
+ OM_uint32 first_seq;
+ OM_uint32 elem[1];
+};
+
+
+/*
+ *
+ */
+
+static OM_uint32
+msg_order_alloc(OM_uint32 *minor_status,
+ struct gss_msg_order **o,
+ OM_uint32 jitter_window)
+{
+ size_t len;
+
+ len = jitter_window * sizeof((*o)->elem[0]);
+ len += sizeof(**o);
+ len -= sizeof((*o)->elem[0]);
+
+ *o = calloc(1, len);
+ if (*o == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
+OM_uint32
+_gssapi_msg_order_create(OM_uint32 *minor_status,
+ struct gss_msg_order **o,
+ OM_uint32 flags,
+ OM_uint32 seq_num,
+ OM_uint32 jitter_window,
+ int use_64)
+{
+ OM_uint32 ret;
+
+ if (jitter_window == 0)
+ jitter_window = DEFAULT_JITTER_WINDOW;
+
+ ret = msg_order_alloc(minor_status, o, jitter_window);
+ if(ret != GSS_S_COMPLETE)
+ return ret;
+
+ (*o)->flags = flags;
+ (*o)->length = 0;
+ (*o)->first_seq = seq_num;
+ (*o)->jitter_window = jitter_window;
+ (*o)->elem[0] = seq_num - 1;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gssapi_msg_order_destroy(struct gss_msg_order **m)
+{
+ free(*m);
+ *m = NULL;
+ return GSS_S_COMPLETE;
+}
+
+static void
+elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val)
+{
+ o->elem[slot % o->jitter_window] = val;
+}
+
+static void
+elem_insert(struct gss_msg_order *o,
+ unsigned int after_slot,
+ OM_uint32 seq_num)
+{
+ assert(o->jitter_window > after_slot);
+
+ if (o->length > after_slot)
+ memmove(&o->elem[after_slot + 1], &o->elem[after_slot],
+ (o->length - after_slot - 1) * sizeof(o->elem[0]));
+
+ elem_set(o, after_slot, seq_num);
+
+ if (o->length < o->jitter_window)
+ o->length++;
+}
+
+/* rule 1: expected sequence number */
+/* rule 2: > expected sequence number */
+/* rule 3: seqnum < seqnum(first) */
+/* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */
+
+OM_uint32
+_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
+{
+ OM_uint32 r;
+ int i;
+
+ if (o == NULL)
+ return GSS_S_COMPLETE;
+
+ if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0)
+ return GSS_S_COMPLETE;
+
+ /* check if the packet is the next in order */
+ if (o->elem[0] == seq_num - 1) {
+ elem_insert(o, 0, seq_num);
+ return GSS_S_COMPLETE;
+ }
+
+ r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG;
+
+ /* sequence number larger then largest sequence number
+ * or smaller then the first sequence number */
+ if (seq_num > o->elem[0]
+ || seq_num < o->first_seq
+ || o->length == 0)
+ {
+ elem_insert(o, 0, seq_num);
+ if (r) {
+ return GSS_S_COMPLETE;
+ } else {
+ return GSS_S_GAP_TOKEN;
+ }
+ }
+
+ assert(o->length > 0);
+
+ /* sequence number smaller the first sequence number */
+ if (seq_num < o->elem[o->length - 1]) {
+ if (r)
+ return(GSS_S_OLD_TOKEN);
+ else
+ return(GSS_S_UNSEQ_TOKEN);
+ }
+
+ if (seq_num == o->elem[o->length - 1]) {
+ return GSS_S_DUPLICATE_TOKEN;
+ }
+
+ for (i = 0; i < o->length - 1; i++) {
+ if (o->elem[i] == seq_num)
+ return GSS_S_DUPLICATE_TOKEN;
+ if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) {
+ elem_insert(o, i, seq_num);
+ if (r)
+ return GSS_S_COMPLETE;
+ else
+ return GSS_S_UNSEQ_TOKEN;
+ }
+ }
+
+ return GSS_S_FAILURE;
+}
+
+OM_uint32
+_gssapi_msg_order_f(OM_uint32 flags)
+{
+ return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG);
+}
+
+/*
+ * Translate `o` into inter-process format and export in to `sp'.
+ */
+
+krb5_error_code
+_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o)
+{
+ krb5_error_code kret;
+ OM_uint32 i;
+
+ kret = krb5_store_int32(sp, o->flags);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->start);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->length);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->jitter_window);
+ if (kret)
+ return kret;
+ kret = krb5_store_int32(sp, o->first_seq);
+ if (kret)
+ return kret;
+
+ for (i = 0; i < o->jitter_window; i++) {
+ kret = krb5_store_int32(sp, o->elem[i]);
+ if (kret)
+ return kret;
+ }
+
+ return 0;
+}
+
+OM_uint32
+_gssapi_msg_order_import(OM_uint32 *minor_status,
+ krb5_storage *sp,
+ struct gss_msg_order **o)
+{
+ OM_uint32 ret;
+ krb5_error_code kret;
+ int32_t i, flags, start, length, jitter_window, first_seq;
+
+ kret = krb5_ret_int32(sp, &flags);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &start);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &length);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &jitter_window);
+ if (kret)
+ goto failed;
+ ret = krb5_ret_int32(sp, &first_seq);
+ if (kret)
+ goto failed;
+
+ ret = msg_order_alloc(minor_status, o, jitter_window);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ (*o)->flags = flags;
+ (*o)->start = start;
+ (*o)->length = length;
+ (*o)->jitter_window = jitter_window;
+ (*o)->first_seq = first_seq;
+
+ for( i = 0; i < jitter_window; i++ ) {
+ kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i]));
+ if (kret)
+ goto failed;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+
+failed:
+ _gssapi_msg_order_destroy(o);
+ *minor_status = kret;
+ return GSS_S_FAILURE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_cred_option.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_cred_option.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_cred_option.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: set_cred_option.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static gss_OID_desc gss_krb5_import_cred_x_oid_desc =
+{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */
+
+gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
+
+static OM_uint32
+import_cred(OM_uint32 *minor_status,
+ krb5_context context,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ OM_uint32 major_stat;
+ krb5_error_code ret;
+ krb5_principal keytab_principal = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_storage *sp = NULL;
+ krb5_ccache id = NULL;
+ char *str;
+
+ if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ sp = krb5_storage_from_mem(value->value, value->length);
+ if (sp == NULL) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ /* credential cache name */
+ ret = krb5_ret_string(sp, &str);
+ if (ret) {
+ *minor_status = ret;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+ if (str[0]) {
+ ret = krb5_cc_resolve(context, str, &id);
+ if (ret) {
+ *minor_status = ret;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+ }
+ free(str);
+ str = NULL;
+
+ /* keytab principal name */
+ ret = krb5_ret_string(sp, &str);
+ if (ret == 0 && str[0])
+ ret = krb5_parse_name(context, str, &keytab_principal);
+ if (ret) {
+ *minor_status = ret;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+ free(str);
+ str = NULL;
+
+ /* keytab principal */
+ ret = krb5_ret_string(sp, &str);
+ if (ret) {
+ *minor_status = ret;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+ if (str[0]) {
+ ret = krb5_kt_resolve(context, str, &keytab);
+ if (ret) {
+ *minor_status = ret;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+ }
+ free(str);
+ str = NULL;
+
+ major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal,
+ keytab, cred_handle);
+out:
+ if (id)
+ krb5_cc_close(context, id);
+ if (keytab_principal)
+ krb5_free_principal(context, keytab_principal);
+ if (keytab)
+ krb5_kt_close(context, keytab);
+ if (str)
+ free(str);
+ if (sp)
+ krb5_storage_free(sp);
+
+ return major_stat;
+}
+
+
+static OM_uint32
+allowed_enctypes(OM_uint32 *minor_status,
+ krb5_context context,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ OM_uint32 major_stat;
+ krb5_error_code ret;
+ size_t len, i;
+ krb5_enctype *enctypes = NULL;
+ krb5_storage *sp = NULL;
+ gsskrb5_cred cred;
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gsskrb5_cred)*cred_handle;
+
+ if ((value->length % 4) != 0) {
+ *minor_status = 0;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+
+ len = value->length / 4;
+ enctypes = malloc((len + 1) * 4);
+ if (enctypes == NULL) {
+ *minor_status = ENOMEM;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+
+ sp = krb5_storage_from_mem(value->value, value->length);
+ if (sp == NULL) {
+ *minor_status = ENOMEM;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+
+ for (i = 0; i < len; i++) {
+ uint32_t e;
+
+ ret = krb5_ret_uint32(sp, &e);
+ if (ret) {
+ *minor_status = ret;
+ major_stat = GSS_S_FAILURE;
+ goto out;
+ }
+ enctypes[i] = e;
+ }
+ enctypes[i] = 0;
+
+ if (cred->enctypes)
+ free(cred->enctypes);
+ cred->enctypes = enctypes;
+
+ krb5_storage_free(sp);
+
+ return GSS_S_COMPLETE;
+
+out:
+ if (sp)
+ krb5_storage_free(sp);
+ if (enctypes)
+ free(enctypes);
+
+ return major_stat;
+}
+
+
+OM_uint32
+_gsskrb5_set_cred_option
+ (OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ krb5_context context;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (value == GSS_C_NO_BUFFER) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
+ return import_cred(minor_status, context, cred_handle, value);
+
+ if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
+ return allowed_enctypes(minor_status, context, cred_handle, value);
+
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_sec_context_option.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_sec_context_option.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/set_sec_context_option.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glue routine for _gsskrb5_inquire_sec_context_by_oid
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: set_sec_context_option.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static OM_uint32
+get_bool(OM_uint32 *minor_status,
+ const gss_buffer_t value,
+ int *flag)
+{
+ if (value->value == NULL || value->length != 1) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ *flag = *((const char *)value->value) != 0;
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+get_string(OM_uint32 *minor_status,
+ const gss_buffer_t value,
+ char **str)
+{
+ if (value == NULL || value->length == 0) {
+ *str = NULL;
+ } else {
+ *str = malloc(value->length + 1);
+ if (*str == NULL) {
+ *minor_status = 0;
+ return GSS_S_UNAVAILABLE;
+ }
+ memcpy(*str, value->value, value->length);
+ (*str)[value->length] = '\0';
+ }
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gsskrb5_set_sec_context_option
+ (OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ krb5_context context;
+ OM_uint32 maj_stat;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (value == GSS_C_NO_BUFFER) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (gss_oid_equal(desired_object, GSS_KRB5_COMPAT_DES3_MIC_X)) {
+ gsskrb5_ctx ctx;
+ int flag;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ *minor_status = EINVAL;
+ return GSS_S_NO_CONTEXT;
+ }
+
+ maj_stat = get_bool(minor_status, value, &flag);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ ctx = (gsskrb5_ctx)*context_handle;
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ if (flag)
+ ctx->more_flags |= COMPAT_OLD_DES3;
+ else
+ ctx->more_flags &= ~COMPAT_OLD_DES3;
+ ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_COMPLETE;
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DNS_CANONICALIZE_X)) {
+ int flag;
+
+ maj_stat = get_bool(minor_status, value, &flag);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ krb5_set_dns_canonicalize_hostname(context, flag);
+ return GSS_S_COMPLETE;
+
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) {
+ char *str;
+
+ maj_stat = get_string(minor_status, value, &str);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ _gsskrb5_register_acceptor_identity(str);
+ free(str);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) {
+ char *str;
+
+ maj_stat = get_string(minor_status, value, &str);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+ if (str == NULL) {
+ *minor_status = 0;
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ krb5_set_default_realm(context, str);
+ free(str);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) {
+
+ if (value == NULL || value->length == 0) {
+ krb5_set_send_to_kdc_func(context, NULL, NULL);
+ } else {
+ struct gsskrb5_send_to_kdc c;
+
+ if (value->length != sizeof(c)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ memcpy(&c, value->value, sizeof(c));
+ krb5_set_send_to_kdc_func(context,
+ (krb5_send_to_kdc_func)c.func,
+ c.ptr);
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+ } else if (gss_oid_equal(desired_object, GSS_KRB5_CCACHE_NAME_X)) {
+ char *str;
+
+ maj_stat = get_string(minor_status, value, &str);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+ if (str == NULL) {
+ *minor_status = 0;
+ return GSS_S_CALL_INACCESSIBLE_READ;
+ }
+
+ *minor_status = krb5_cc_set_default_name(context, str);
+ free(str);
+ if (*minor_status)
+ return GSS_S_FAILURE;
+
+ return GSS_S_COMPLETE;
+ }
+
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/test_cfx.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/test_cfx.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/test_cfx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: test_cfx.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct range {
+ size_t lower;
+ size_t upper;
+};
+
+struct range tests[] = {
+ { 0, 1040 },
+ { 2040, 2080 },
+ { 4080, 5000 },
+ { 8180, 8292 },
+ { 9980, 10010 }
+};
+
+static void
+test_range(const struct range *r, int integ,
+ krb5_context context, krb5_crypto crypto)
+{
+ krb5_error_code ret;
+ size_t size, rsize;
+
+ for (size = r->lower; size < r->upper; size++) {
+ OM_uint32 max_wrap_size;
+ size_t cksumsize;
+ uint16_t padsize;
+
+ ret = _gsskrb5cfx_max_wrap_length_cfx(context,
+ crypto,
+ integ,
+ size,
+ &max_wrap_size);
+ if (ret)
+ krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
+ if (max_wrap_size == 0)
+ continue;
+
+ ret = _gsskrb5cfx_wrap_length_cfx(context,
+ crypto,
+ integ,
+ max_wrap_size,
+ &rsize, &cksumsize, &padsize);
+ if (ret)
+ krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
+
+ if (size < rsize)
+ krb5_errx(context, 1,
+ "size (%d) < rsize (%d) for max_wrap_size %d",
+ (int)size, (int)rsize, (int)max_wrap_size);
+ }
+}
+
+static void
+test_special(krb5_context context, krb5_crypto crypto,
+ int integ, size_t testsize)
+{
+ krb5_error_code ret;
+ size_t rsize;
+ OM_uint32 max_wrap_size;
+ size_t cksumsize;
+ uint16_t padsize;
+
+ ret = _gsskrb5cfx_max_wrap_length_cfx(context,
+ crypto,
+ integ,
+ testsize,
+ &max_wrap_size);
+ if (ret)
+ krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret);
+
+ ret = _gsskrb5cfx_wrap_length_cfx(context,
+ crypto,
+ integ,
+ max_wrap_size,
+ &rsize, &cksumsize, &padsize);
+ if (ret)
+ krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret);
+
+ if (testsize < rsize)
+ krb5_errx(context, 1,
+ "testsize (%d) < rsize (%d) for max_wrap_size %d",
+ (int)testsize, (int)rsize, (int)max_wrap_size);
+}
+
+
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_keyblock keyblock;
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_crypto crypto;
+ int i;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_context_init: %d", ret);
+
+ ret = krb5_generate_random_keyblock(context,
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ &keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ ret = krb5_crypto_init(context, &keyblock, 0, &crypto);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_init");
+
+ test_special(context, crypto, 1, 60);
+ test_special(context, crypto, 0, 60);
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
+ test_range(&tests[i], 1, context, crypto);
+ test_range(&tests[i], 0, context, crypto);
+ }
+
+ krb5_free_keyblock_contents(context, &keyblock);
+ krb5_crypto_destroy(context, crypto);
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/ticket_flags.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/ticket_flags.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/ticket_flags.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: ticket_flags.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gsskrb5_get_tkt_flags(OM_uint32 *minor_status,
+ gsskrb5_ctx ctx,
+ OM_uint32 *tkt_flags)
+{
+ if (ctx == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_NO_CONTEXT;
+ }
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ if (ctx->ticket == NULL) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ *minor_status = EINVAL;
+ return GSS_S_BAD_MECH;
+ }
+
+ *tkt_flags = TicketFlags2int(ctx->ticket->ticket.flags);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/unwrap.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/unwrap.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/unwrap.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,413 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: unwrap.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static OM_uint32
+unwrap_des
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state,
+ krb5_keyblock *key
+ )
+{
+ u_char *p, *seq;
+ size_t len;
+ MD5_CTX md5;
+ u_char hash[16];
+ DES_key_schedule schedule;
+ DES_cblock deskey;
+ DES_cblock zero;
+ int i;
+ uint32_t seq_number;
+ size_t padlength;
+ OM_uint32 ret;
+ int cstate;
+ int cmp;
+
+ p = input_message_buffer->value;
+ ret = _gsskrb5_verify_header (&p,
+ input_message_buffer->length,
+ "\x02\x01",
+ GSS_KRB5_MECHANISM);
+ if (ret)
+ return ret;
+
+ if (memcmp (p, "\x00\x00", 2) != 0)
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp (p, "\x00\x00", 2) == 0) {
+ cstate = 1;
+ } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
+ cstate = 0;
+ } else
+ return GSS_S_BAD_MIC;
+ p += 2;
+ if(conf_state != NULL)
+ *conf_state = cstate;
+ if (memcmp (p, "\xff\xff", 2) != 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ p += 2;
+ p += 16;
+
+ len = p - (u_char *)input_message_buffer->value;
+
+ if(cstate) {
+ /* decrypt data */
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+
+ for (i = 0; i < sizeof(deskey); ++i)
+ deskey[i] ^= 0xf0;
+ DES_set_key (&deskey, &schedule);
+ memset (&zero, 0, sizeof(zero));
+ DES_cbc_encrypt ((void *)p,
+ (void *)p,
+ input_message_buffer->length - len,
+ &schedule,
+ &zero,
+ DES_DECRYPT);
+
+ memset (deskey, 0, sizeof(deskey));
+ memset (&schedule, 0, sizeof(schedule));
+ }
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+ input_message_buffer->length - len,
+ &padlength);
+ if (ret)
+ return ret;
+
+ MD5_Init (&md5);
+ MD5_Update (&md5, p - 24, 8);
+ MD5_Update (&md5, p, input_message_buffer->length - len);
+ MD5_Final (hash, &md5);
+
+ memset (&zero, 0, sizeof(zero));
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
+ &schedule, &zero);
+ if (memcmp (p - 8, hash, 8) != 0)
+ return GSS_S_BAD_MIC;
+
+ /* verify sequence number */
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+
+ p -= 16;
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_encrypt ((void *)p, (void *)p, 8,
+ &schedule, (DES_cblock *)hash, DES_DECRYPT);
+
+ memset (deskey, 0, sizeof(deskey));
+ memset (&schedule, 0, sizeof(schedule));
+
+ seq = p;
+ _gsskrb5_decode_om_uint32(seq, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+ cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+ else
+ cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+
+ if (cmp != 0) {
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_BAD_MIC;
+ }
+
+ ret = _gssapi_msg_order_check(context_handle->order, seq_number);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return ret;
+ }
+
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ /* copy out data */
+
+ output_message_buffer->length = input_message_buffer->length
+ - len - padlength - 8;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+ return GSS_S_FAILURE;
+ memcpy (output_message_buffer->value,
+ p + 24,
+ output_message_buffer->length);
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+unwrap_des3
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state,
+ krb5_keyblock *key
+ )
+{
+ u_char *p;
+ size_t len;
+ u_char *seq;
+ krb5_data seq_data;
+ u_char cksum[20];
+ uint32_t seq_number;
+ size_t padlength;
+ OM_uint32 ret;
+ int cstate;
+ krb5_crypto crypto;
+ Checksum csum;
+ int cmp;
+
+ p = input_message_buffer->value;
+ ret = _gsskrb5_verify_header (&p,
+ input_message_buffer->length,
+ "\x02\x01",
+ GSS_KRB5_MECHANISM);
+ if (ret)
+ return ret;
+
+ if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp (p, "\x02\x00", 2) == 0) {
+ cstate = 1;
+ } else if (memcmp (p, "\xff\xff", 2) == 0) {
+ cstate = 0;
+ } else
+ return GSS_S_BAD_MIC;
+ p += 2;
+ if(conf_state != NULL)
+ *conf_state = cstate;
+ if (memcmp (p, "\xff\xff", 2) != 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+ p += 2;
+ p += 28;
+
+ len = p - (u_char *)input_message_buffer->value;
+
+ if(cstate) {
+ /* decrypt data */
+ krb5_data tmp;
+
+ ret = krb5_crypto_init(context, key,
+ ETYPE_DES3_CBC_NONE, &crypto);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ ret = krb5_decrypt(context, crypto, KRB5_KU_USAGE_SEAL,
+ p, input_message_buffer->length - len, &tmp);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ assert (tmp.length == input_message_buffer->length - len);
+
+ memcpy (p, tmp.data, tmp.length);
+ krb5_data_free(&tmp);
+ }
+ /* check pad */
+ ret = _gssapi_verify_pad(input_message_buffer,
+ input_message_buffer->length - len,
+ &padlength);
+ if (ret)
+ return ret;
+
+ /* verify sequence number */
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+
+ p -= 28;
+
+ ret = krb5_crypto_init(context, key,
+ ETYPE_DES3_CBC_NONE, &crypto);
+ if (ret) {
+ *minor_status = ret;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_FAILURE;
+ }
+ {
+ DES_cblock ivec;
+
+ memcpy(&ivec, p + 8, 8);
+ ret = krb5_decrypt_ivec (context,
+ crypto,
+ KRB5_KU_USAGE_SEQ,
+ p, 8, &seq_data,
+ &ivec);
+ }
+ krb5_crypto_destroy (context, crypto);
+ if (ret) {
+ *minor_status = ret;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_FAILURE;
+ }
+ if (seq_data.length != 8) {
+ krb5_data_free (&seq_data);
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_BAD_MIC;
+ }
+
+ seq = seq_data.data;
+ _gsskrb5_decode_om_uint32(seq, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+ cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+ else
+ cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+
+ krb5_data_free (&seq_data);
+ if (cmp != 0) {
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_BAD_MIC;
+ }
+
+ ret = _gssapi_msg_order_check(context_handle->order, seq_number);
+ if (ret) {
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return ret;
+ }
+
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ /* verify checksum */
+
+ memcpy (cksum, p + 8, 20);
+
+ memcpy (p + 20, p - 8, 8);
+
+ csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
+ csum.checksum.length = 20;
+ csum.checksum.data = cksum;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_verify_checksum (context, crypto,
+ KRB5_KU_USAGE_SIGN,
+ p + 20,
+ input_message_buffer->length - len + 8,
+ &csum);
+ krb5_crypto_destroy (context, crypto);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /* copy out data */
+
+ output_message_buffer->length = input_message_buffer->length
+ - len - padlength - 8;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
+ return GSS_S_FAILURE;
+ memcpy (output_message_buffer->value,
+ p + 36,
+ output_message_buffer->length);
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gsskrb5_unwrap
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state
+ )
+{
+ krb5_keyblock *key;
+ krb5_context context;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+ gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
+
+ output_message_buffer->value = NULL;
+ output_message_buffer->length = 0;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (qop_state != NULL)
+ *qop_state = GSS_C_QOP_DEFAULT;
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype (context, key->keytype, &keytype);
+
+ *minor_status = 0;
+
+ switch (keytype) {
+ case KEYTYPE_DES :
+ ret = unwrap_des (minor_status, ctx,
+ input_message_buffer, output_message_buffer,
+ conf_state, qop_state, key);
+ break;
+ case KEYTYPE_DES3 :
+ ret = unwrap_des3 (minor_status, ctx, context,
+ input_message_buffer, output_message_buffer,
+ conf_state, qop_state, key);
+ break;
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_unwrap_arcfour (minor_status, ctx, context,
+ input_message_buffer, output_message_buffer,
+ conf_state, qop_state, key);
+ break;
+ default :
+ ret = _gssapi_unwrap_cfx (minor_status, ctx, context,
+ input_message_buffer, output_message_buffer,
+ conf_state, qop_state, key);
+ break;
+ }
+ krb5_free_keyblock (context, key);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/v1.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/v1.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/v1.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: v1.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/* These functions are for V1 compatibility */
+
+OM_uint32 _gsskrb5_sign
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ int qop_req,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ return _gsskrb5_get_mic(minor_status,
+ context_handle,
+ (gss_qop_t)qop_req,
+ message_buffer,
+ message_token);
+}
+
+OM_uint32 _gsskrb5_verify
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t message_buffer,
+ gss_buffer_t token_buffer,
+ int * qop_state
+ )
+{
+ return _gsskrb5_verify_mic(minor_status,
+ context_handle,
+ message_buffer,
+ token_buffer,
+ (gss_qop_t *)qop_state);
+}
+
+OM_uint32 _gsskrb5_seal
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ int qop_req,
+ gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer
+ )
+{
+ return _gsskrb5_wrap(minor_status,
+ context_handle,
+ conf_req_flag,
+ (gss_qop_t)qop_req,
+ input_message_buffer,
+ conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 _gsskrb5_unseal
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ int * qop_state
+ )
+{
+ return _gsskrb5_unwrap(minor_status,
+ context_handle,
+ input_message_buffer,
+ output_message_buffer,
+ conf_state,
+ (gss_qop_t *)qop_state);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/verify_mic.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/verify_mic.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/verify_mic.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,344 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: verify_mic.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static OM_uint32
+verify_mic_des
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state,
+ krb5_keyblock *key,
+ char *type
+ )
+{
+ u_char *p;
+ MD5_CTX md5;
+ u_char hash[16], *seq;
+ DES_key_schedule schedule;
+ DES_cblock zero;
+ DES_cblock deskey;
+ uint32_t seq_number;
+ OM_uint32 ret;
+ int cmp;
+
+ p = token_buffer->value;
+ ret = _gsskrb5_verify_header (&p,
+ token_buffer->length,
+ type,
+ GSS_KRB5_MECHANISM);
+ if (ret)
+ return ret;
+
+ if (memcmp(p, "\x00\x00", 2) != 0)
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
+ return GSS_S_BAD_MIC;
+ p += 4;
+ p += 16;
+
+ /* verify checksum */
+ MD5_Init (&md5);
+ MD5_Update (&md5, p - 24, 8);
+ MD5_Update (&md5, message_buffer->value,
+ message_buffer->length);
+ MD5_Final (hash, &md5);
+
+ memset (&zero, 0, sizeof(zero));
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
+ &schedule, &zero);
+ if (memcmp (p - 8, hash, 8) != 0) {
+ memset (deskey, 0, sizeof(deskey));
+ memset (&schedule, 0, sizeof(schedule));
+ return GSS_S_BAD_MIC;
+ }
+
+ /* verify sequence number */
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+
+ p -= 16;
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_encrypt ((void *)p, (void *)p, 8,
+ &schedule, (DES_cblock *)hash, DES_DECRYPT);
+
+ memset (deskey, 0, sizeof(deskey));
+ memset (&schedule, 0, sizeof(schedule));
+
+ seq = p;
+ _gsskrb5_decode_om_uint32(seq, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+ cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+ else
+ cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+
+ if (cmp != 0) {
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_BAD_MIC;
+ }
+
+ ret = _gssapi_msg_order_check(context_handle->order, seq_number);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return ret;
+ }
+
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+verify_mic_des3
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state,
+ krb5_keyblock *key,
+ char *type
+ )
+{
+ u_char *p;
+ u_char *seq;
+ uint32_t seq_number;
+ OM_uint32 ret;
+ krb5_crypto crypto;
+ krb5_data seq_data;
+ int cmp, docompat;
+ Checksum csum;
+ char *tmp;
+ char ivec[8];
+
+ p = token_buffer->value;
+ ret = _gsskrb5_verify_header (&p,
+ token_buffer->length,
+ type,
+ GSS_KRB5_MECHANISM);
+ if (ret)
+ return ret;
+
+ if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
+ return GSS_S_BAD_SIG;
+ p += 2;
+ if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
+ return GSS_S_BAD_MIC;
+ p += 4;
+
+ ret = krb5_crypto_init(context, key,
+ ETYPE_DES3_CBC_NONE, &crypto);
+ if (ret){
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /* verify sequence number */
+ docompat = 0;
+retry:
+ if (docompat)
+ memset(ivec, 0, 8);
+ else
+ memcpy(ivec, p + 8, 8);
+
+ ret = krb5_decrypt_ivec (context,
+ crypto,
+ KRB5_KU_USAGE_SEQ,
+ p, 8, &seq_data, ivec);
+ if (ret) {
+ if (docompat++) {
+ krb5_crypto_destroy (context, crypto);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ } else
+ goto retry;
+ }
+
+ if (seq_data.length != 8) {
+ krb5_data_free (&seq_data);
+ if (docompat++) {
+ krb5_crypto_destroy (context, crypto);
+ return GSS_S_BAD_MIC;
+ } else
+ goto retry;
+ }
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+
+ seq = seq_data.data;
+ _gsskrb5_decode_om_uint32(seq, &seq_number);
+
+ if (context_handle->more_flags & LOCAL)
+ cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4);
+ else
+ cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4);
+
+ krb5_data_free (&seq_data);
+ if (cmp != 0) {
+ krb5_crypto_destroy (context, crypto);
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_BAD_MIC;
+ }
+
+ ret = _gssapi_msg_order_check(context_handle->order, seq_number);
+ if (ret) {
+ krb5_crypto_destroy (context, crypto);
+ *minor_status = 0;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return ret;
+ }
+
+ /* verify checksum */
+
+ tmp = malloc (message_buffer->length + 8);
+ if (tmp == NULL) {
+ krb5_crypto_destroy (context, crypto);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy (tmp, p - 8, 8);
+ memcpy (tmp + 8, message_buffer->value, message_buffer->length);
+
+ csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
+ csum.checksum.length = 20;
+ csum.checksum.data = p + 8;
+
+ ret = krb5_verify_checksum (context, crypto,
+ KRB5_KU_USAGE_SIGN,
+ tmp, message_buffer->length + 8,
+ &csum);
+ free (tmp);
+ if (ret) {
+ krb5_crypto_destroy (context, crypto);
+ *minor_status = ret;
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ return GSS_S_BAD_MIC;
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+
+ krb5_crypto_destroy (context, crypto);
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gsskrb5_verify_mic_internal
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx context_handle,
+ krb5_context context,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state,
+ char * type
+ )
+{
+ krb5_keyblock *key;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(context_handle, context, &key);
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ *minor_status = 0;
+ krb5_enctype_to_keytype (context, key->keytype, &keytype);
+ switch (keytype) {
+ case KEYTYPE_DES :
+ ret = verify_mic_des (minor_status, context_handle, context,
+ message_buffer, token_buffer, qop_state, key,
+ type);
+ break;
+ case KEYTYPE_DES3 :
+ ret = verify_mic_des3 (minor_status, context_handle, context,
+ message_buffer, token_buffer, qop_state, key,
+ type);
+ break;
+ case KEYTYPE_ARCFOUR :
+ case KEYTYPE_ARCFOUR_56 :
+ ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
+ context,
+ message_buffer, token_buffer,
+ qop_state, key, type);
+ break;
+ default :
+ ret = _gssapi_verify_mic_cfx (minor_status, context_handle,
+ context,
+ message_buffer, token_buffer, qop_state,
+ key);
+ break;
+ }
+ krb5_free_keyblock (context, key);
+
+ return ret;
+}
+
+OM_uint32
+_gsskrb5_verify_mic
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state
+ )
+{
+ krb5_context context;
+ OM_uint32 ret;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ if (qop_state != NULL)
+ *qop_state = GSS_C_QOP_DEFAULT;
+
+ ret = _gsskrb5_verify_mic_internal(minor_status,
+ (gsskrb5_ctx)context_handle,
+ context,
+ message_buffer, token_buffer,
+ qop_state, "\x01\x01");
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/krb5/wrap.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/krb5/wrap.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/krb5/wrap.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,551 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+
+RCSID("$Id: wrap.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * Return initiator subkey, or if that doesn't exists, the subkey.
+ */
+
+krb5_error_code
+_gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
+ krb5_context context,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+ *key = NULL;
+
+ if (ctx->more_flags & LOCAL) {
+ ret = krb5_auth_con_getlocalsubkey(context,
+ ctx->auth_context,
+ key);
+ } else {
+ ret = krb5_auth_con_getremotesubkey(context,
+ ctx->auth_context,
+ key);
+ }
+ if (ret == 0 && *key == NULL)
+ ret = krb5_auth_con_getkey(context,
+ ctx->auth_context,
+ key);
+ if (ret == 0 && *key == NULL) {
+ krb5_set_error_string(context, "No initiator subkey available");
+ return GSS_KRB5_S_KG_NO_SUBKEY;
+ }
+ return ret;
+}
+
+krb5_error_code
+_gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
+ krb5_context context,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+ *key = NULL;
+
+ if (ctx->more_flags & LOCAL) {
+ ret = krb5_auth_con_getremotesubkey(context,
+ ctx->auth_context,
+ key);
+ } else {
+ ret = krb5_auth_con_getlocalsubkey(context,
+ ctx->auth_context,
+ key);
+ }
+ if (ret == 0 && *key == NULL) {
+ krb5_set_error_string(context, "No acceptor subkey available");
+ return GSS_KRB5_S_KG_NO_SUBKEY;
+ }
+ return ret;
+}
+
+OM_uint32
+_gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
+ krb5_context context,
+ krb5_keyblock **key)
+{
+ _gsskrb5i_get_acceptor_subkey(ctx, context, key);
+ if(*key == NULL) {
+ /*
+ * Only use the initiator subkey or ticket session key if an
+ * acceptor subkey was not required.
+ */
+ if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0)
+ _gsskrb5i_get_initiator_subkey(ctx, context, key);
+ }
+ if (*key == NULL) {
+ krb5_set_error_string(context, "No token key available");
+ return GSS_KRB5_S_KG_NO_SUBKEY;
+ }
+ return 0;
+}
+
+static OM_uint32
+sub_wrap_size (
+ OM_uint32 req_output_size,
+ OM_uint32 * max_input_size,
+ int blocksize,
+ int extrasize
+ )
+{
+ size_t len, total_len;
+
+ len = 8 + req_output_size + blocksize + extrasize;
+
+ _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ total_len -= req_output_size; /* token length */
+ if (total_len < req_output_size) {
+ *max_input_size = (req_output_size - total_len);
+ (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
+ } else {
+ *max_input_size = 0;
+ }
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_gsskrb5_wrap_size_limit (
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 * max_input_size
+ )
+{
+ krb5_context context;
+ krb5_keyblock *key;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype (context, key->keytype, &keytype);
+
+ switch (keytype) {
+ case KEYTYPE_DES :
+ ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
+ break;
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context,
+ conf_req_flag, qop_req,
+ req_output_size, max_input_size, key);
+ break;
+ case KEYTYPE_DES3 :
+ ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
+ break;
+ default :
+ ret = _gssapi_wrap_size_cfx(minor_status, ctx, context,
+ conf_req_flag, qop_req,
+ req_output_size, max_input_size, key);
+ break;
+ }
+ krb5_free_keyblock (context, key);
+ *minor_status = 0;
+ return ret;
+}
+
+static OM_uint32
+wrap_des
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx ctx,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer,
+ krb5_keyblock *key
+ )
+{
+ u_char *p;
+ MD5_CTX md5;
+ u_char hash[16];
+ DES_key_schedule schedule;
+ DES_cblock deskey;
+ DES_cblock zero;
+ int i;
+ int32_t seq_number;
+ size_t len, total_len, padlength, datalen;
+
+ padlength = 8 - (input_message_buffer->length % 8);
+ datalen = input_message_buffer->length + padlength + 8;
+ len = datalen + 22;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ output_message_buffer->length = total_len;
+ output_message_buffer->value = malloc (total_len);
+ if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = _gsskrb5_make_header(output_message_buffer->value,
+ len,
+ "\x02\x01", /* TOK_ID */
+ GSS_KRB5_MECHANISM);
+
+ /* SGN_ALG */
+ memcpy (p, "\x00\x00", 2);
+ p += 2;
+ /* SEAL_ALG */
+ if(conf_req_flag)
+ memcpy (p, "\x00\x00", 2);
+ else
+ memcpy (p, "\xff\xff", 2);
+ p += 2;
+ /* Filler */
+ memcpy (p, "\xff\xff", 2);
+ p += 2;
+
+ /* fill in later */
+ memset (p, 0, 16);
+ p += 16;
+
+ /* confounder + data + pad */
+ krb5_generate_random_block(p, 8);
+ memcpy (p + 8, input_message_buffer->value,
+ input_message_buffer->length);
+ memset (p + 8 + input_message_buffer->length, padlength, padlength);
+
+ /* checksum */
+ MD5_Init (&md5);
+ MD5_Update (&md5, p - 24, 8);
+ MD5_Update (&md5, p, datalen);
+ MD5_Final (hash, &md5);
+
+ memset (&zero, 0, sizeof(zero));
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
+ &schedule, &zero);
+ memcpy (p - 8, hash, 8);
+
+ /* sequence number */
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ krb5_auth_con_getlocalseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
+
+ p -= 16;
+ p[0] = (seq_number >> 0) & 0xFF;
+ p[1] = (seq_number >> 8) & 0xFF;
+ p[2] = (seq_number >> 16) & 0xFF;
+ p[3] = (seq_number >> 24) & 0xFF;
+ memset (p + 4,
+ (ctx->more_flags & LOCAL) ? 0 : 0xFF,
+ 4);
+
+ DES_set_key (&deskey, &schedule);
+ DES_cbc_encrypt ((void *)p, (void *)p, 8,
+ &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT);
+
+ krb5_auth_con_setlocalseqnumber (context,
+ ctx->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ /* encrypt the data */
+ p += 16;
+
+ if(conf_req_flag) {
+ memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
+
+ for (i = 0; i < sizeof(deskey); ++i)
+ deskey[i] ^= 0xf0;
+ DES_set_key (&deskey, &schedule);
+ memset (&zero, 0, sizeof(zero));
+ DES_cbc_encrypt ((void *)p,
+ (void *)p,
+ datalen,
+ &schedule,
+ &zero,
+ DES_ENCRYPT);
+ }
+ memset (deskey, 0, sizeof(deskey));
+ memset (&schedule, 0, sizeof(schedule));
+
+ if(conf_state != NULL)
+ *conf_state = conf_req_flag;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+wrap_des3
+ (OM_uint32 * minor_status,
+ const gsskrb5_ctx ctx,
+ krb5_context context,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer,
+ krb5_keyblock *key
+ )
+{
+ u_char *p;
+ u_char seq[8];
+ int32_t seq_number;
+ size_t len, total_len, padlength, datalen;
+ uint32_t ret;
+ krb5_crypto crypto;
+ Checksum cksum;
+ krb5_data encdata;
+
+ padlength = 8 - (input_message_buffer->length % 8);
+ datalen = input_message_buffer->length + padlength + 8;
+ len = datalen + 34;
+ _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+
+ output_message_buffer->length = total_len;
+ output_message_buffer->value = malloc (total_len);
+ if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = _gsskrb5_make_header(output_message_buffer->value,
+ len,
+ "\x02\x01", /* TOK_ID */
+ GSS_KRB5_MECHANISM);
+
+ /* SGN_ALG */
+ memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
+ p += 2;
+ /* SEAL_ALG */
+ if(conf_req_flag)
+ memcpy (p, "\x02\x00", 2); /* DES3-KD */
+ else
+ memcpy (p, "\xff\xff", 2);
+ p += 2;
+ /* Filler */
+ memcpy (p, "\xff\xff", 2);
+ p += 2;
+
+ /* calculate checksum (the above + confounder + data + pad) */
+
+ memcpy (p + 20, p - 8, 8);
+ krb5_generate_random_block(p + 28, 8);
+ memcpy (p + 28 + 8, input_message_buffer->value,
+ input_message_buffer->length);
+ memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_create_checksum (context,
+ crypto,
+ KRB5_KU_USAGE_SIGN,
+ 0,
+ p + 20,
+ datalen + 8,
+ &cksum);
+ krb5_crypto_destroy (context, crypto);
+ if (ret) {
+ free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /* zero out SND_SEQ + SGN_CKSUM in case */
+ memset (p, 0, 28);
+
+ memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
+ free_Checksum (&cksum);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ /* sequence number */
+ krb5_auth_con_getlocalseqnumber (context,
+ ctx->auth_context,
+ &seq_number);
+
+ seq[0] = (seq_number >> 0) & 0xFF;
+ seq[1] = (seq_number >> 8) & 0xFF;
+ seq[2] = (seq_number >> 16) & 0xFF;
+ seq[3] = (seq_number >> 24) & 0xFF;
+ memset (seq + 4,
+ (ctx->more_flags & LOCAL) ? 0 : 0xFF,
+ 4);
+
+
+ ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE,
+ &crypto);
+ if (ret) {
+ free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ {
+ DES_cblock ivec;
+
+ memcpy (&ivec, p + 8, 8);
+ ret = krb5_encrypt_ivec (context,
+ crypto,
+ KRB5_KU_USAGE_SEQ,
+ seq, 8, &encdata,
+ &ivec);
+ }
+ krb5_crypto_destroy (context, crypto);
+ if (ret) {
+ free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ assert (encdata.length == 8);
+
+ memcpy (p, encdata.data, encdata.length);
+ krb5_data_free (&encdata);
+
+ krb5_auth_con_setlocalseqnumber (context,
+ ctx->auth_context,
+ ++seq_number);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ /* encrypt the data */
+ p += 28;
+
+ if(conf_req_flag) {
+ krb5_data tmp;
+
+ ret = krb5_crypto_init(context, key,
+ ETYPE_DES3_CBC_NONE, &crypto);
+ if (ret) {
+ free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL,
+ p, datalen, &tmp);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free (output_message_buffer->value);
+ output_message_buffer->length = 0;
+ output_message_buffer->value = NULL;
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ assert (tmp.length == datalen);
+
+ memcpy (p, tmp.data, datalen);
+ krb5_data_free(&tmp);
+ }
+ if(conf_state != NULL)
+ *conf_state = conf_req_flag;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gsskrb5_wrap
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer
+ )
+{
+ krb5_context context;
+ krb5_keyblock *key;
+ OM_uint32 ret;
+ krb5_keytype keytype;
+ const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+
+ GSSAPI_KRB5_INIT (&context);
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+ ret = _gsskrb5i_get_token_key(ctx, context, &key);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ krb5_enctype_to_keytype (context, key->keytype, &keytype);
+
+ switch (keytype) {
+ case KEYTYPE_DES :
+ ret = wrap_des (minor_status, ctx, context, conf_req_flag,
+ qop_req, input_message_buffer, conf_state,
+ output_message_buffer, key);
+ break;
+ case KEYTYPE_DES3 :
+ ret = wrap_des3 (minor_status, ctx, context, conf_req_flag,
+ qop_req, input_message_buffer, conf_state,
+ output_message_buffer, key);
+ break;
+ case KEYTYPE_ARCFOUR:
+ case KEYTYPE_ARCFOUR_56:
+ ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag,
+ qop_req, input_message_buffer, conf_state,
+ output_message_buffer, key);
+ break;
+ default :
+ ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag,
+ qop_req, input_message_buffer, conf_state,
+ output_message_buffer, key);
+ break;
+ }
+ krb5_free_keyblock (context, key);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/accept_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/accept_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/accept_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,257 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: accept_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ *
+ */
+
+OM_uint32
+_gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx)
+{
+ OM_uint32 maj_stat;
+
+ *ctx = calloc(1, sizeof(**ctx));
+
+ (*ctx)->server = &ntlmsspi_kdc_digest;
+
+ maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
+OM_uint32
+_gss_ntlm_accept_sec_context
+(OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t * delegated_cred_handle
+ )
+{
+ krb5_error_code ret;
+ struct ntlm_buf data;
+ ntlm_ctx ctx;
+
+ output_token->value = NULL;
+ output_token->length = 0;
+
+ *minor_status = 0;
+
+ if (context_handle == NULL)
+ return GSS_S_FAILURE;
+
+ if (input_token_buffer == GSS_C_NO_BUFFER)
+ return GSS_S_FAILURE;
+
+ if (src_name)
+ *src_name = GSS_C_NO_NAME;
+ if (mech_type)
+ *mech_type = GSS_C_NO_OID;
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+ if (delegated_cred_handle)
+ *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ struct ntlm_type1 type1;
+ OM_uint32 major_status;
+ OM_uint32 retflags;
+ struct ntlm_buf out;
+
+ major_status = _gss_ntlm_allocate_ctx(minor_status, &ctx);
+ if (major_status)
+ return major_status;
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ /* check if the mechs is allowed by remote service */
+ major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL);
+ if (major_status) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ return major_status;
+ }
+
+ data.data = input_token_buffer->value;
+ data.length = input_token_buffer->length;
+
+ ret = heim_ntlm_decode_type1(&data, &type1);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if ((type1.flags & NTLM_NEG_UNICODE) == 0) {
+ heim_ntlm_free_type1(&type1);
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (type1.flags & NTLM_NEG_SIGN)
+ ctx->gssflags |= GSS_C_CONF_FLAG;
+ if (type1.flags & NTLM_NEG_SIGN)
+ ctx->gssflags |= GSS_C_INTEG_FLAG;
+
+ major_status = (*ctx->server->nsi_type2)(minor_status,
+ ctx->ictx,
+ type1.flags,
+ type1.hostname,
+ type1.domain,
+ &retflags,
+ &out);
+ heim_ntlm_free_type1(&type1);
+ if (major_status != GSS_S_COMPLETE) {
+ OM_uint32 junk;
+ _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
+ return major_status;
+ }
+
+ output_token->value = malloc(out.length);
+ if (output_token->value == NULL) {
+ OM_uint32 junk;
+ _gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(output_token->value, out.data, out.length);
+ output_token->length = out.length;
+
+ ctx->flags = retflags;
+
+ return GSS_S_CONTINUE_NEEDED;
+ } else {
+ OM_uint32 maj_stat;
+ struct ntlm_type3 type3;
+ struct ntlm_buf session;
+
+ ctx = (ntlm_ctx)*context_handle;
+
+ data.data = input_token_buffer->value;
+ data.length = input_token_buffer->length;
+
+ ret = heim_ntlm_decode_type3(&data, 1, &type3);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ maj_stat = (*ctx->server->nsi_type3)(minor_status,
+ ctx->ictx,
+ &type3,
+ &session);
+ if (maj_stat) {
+ heim_ntlm_free_type3(&type3);
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ return maj_stat;
+ }
+
+ if (src_name) {
+ ntlm_name n = calloc(1, sizeof(*n));
+ if (n) {
+ n->user = strdup(type3.username);
+ n->domain = strdup(type3.targetname);
+ }
+ if (n == NULL || n->user == NULL || n->domain == NULL) {
+ heim_ntlm_free_type3(&type3);
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ return maj_stat;
+ }
+ *src_name = (gss_name_t)n;
+ }
+
+ heim_ntlm_free_type3(&type3);
+
+ ret = krb5_data_copy(&ctx->sessionkey,
+ session.data, session.length);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (session.length != 0) {
+
+ ctx->status |= STATUS_SESSIONKEY;
+
+ if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
+ _gss_ntlm_set_key(&ctx->u.v2.send, 1,
+ (ctx->flags & NTLM_NEG_KEYEX),
+ ctx->sessionkey.data,
+ ctx->sessionkey.length);
+ _gss_ntlm_set_key(&ctx->u.v2.recv, 0,
+ (ctx->flags & NTLM_NEG_KEYEX),
+ ctx->sessionkey.data,
+ ctx->sessionkey.length);
+ } else {
+ RC4_set_key(&ctx->u.v1.crypto_send.key,
+ ctx->sessionkey.length,
+ ctx->sessionkey.data);
+ RC4_set_key(&ctx->u.v1.crypto_recv.key,
+ ctx->sessionkey.length,
+ ctx->sessionkey.data);
+ }
+ }
+
+ if (mech_type)
+ *mech_type = GSS_NTLM_MECHANISM;
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+
+ ctx->status |= STATUS_OPEN;
+
+ if (ret_flags)
+ *ret_flags = ctx->gssflags;
+
+ return GSS_S_COMPLETE;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/acquire_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/acquire_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/acquire_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: acquire_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_acquire_cred
+ (OM_uint32 * min_stat,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec
+ )
+{
+ ntlm_name name = (ntlm_name) desired_name;
+ OM_uint32 maj_stat;
+ ntlm_ctx ctx;
+
+ *min_stat = 0;
+ if (output_cred_handle)
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+ if (actual_mechs)
+ *actual_mechs = GSS_C_NO_OID_SET;
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+
+ if (desired_name == NULL)
+ return GSS_S_NO_CRED;
+
+ if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
+
+ maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx,
+ name->domain);
+
+ if (maj_stat)
+ return maj_stat;
+
+ {
+ gss_ctx_id_t context = (gss_ctx_id_t)ctx;
+ _gss_ntlm_delete_sec_context(min_stat, &context, NULL);
+ *min_stat = 0;
+ }
+ }
+ if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) {
+ ntlm_cred cred;
+
+ *min_stat = _gss_ntlm_get_user_cred(name, &cred);
+ if (*min_stat)
+ return GSS_S_FAILURE;
+ cred->usage = cred_usage;
+
+ *output_cred_handle = (gss_cred_id_t)cred;
+ }
+
+ return (GSS_S_COMPLETE);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/add_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/add_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/add_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: add_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_add_cred (
+ OM_uint32 *minor_status,
+ const gss_cred_id_t input_cred_handle,
+ const gss_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *initiator_time_rec,
+ OM_uint32 *acceptor_time_rec)
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (output_cred_handle)
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+ if (actual_mechs)
+ *actual_mechs = GSS_C_NO_OID_SET;
+ if (initiator_time_rec)
+ *initiator_time_rec = 0;
+ if (acceptor_time_rec)
+ *acceptor_time_rec = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/canonicalize_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/canonicalize_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/canonicalize_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: canonicalize_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_canonicalize_name (
+ OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ const gss_OID mech_type,
+ gss_name_t * output_name
+ )
+{
+ return gss_duplicate_name (minor_status, input_name, output_name);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/compare_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/compare_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/compare_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: compare_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_compare_name
+ (OM_uint32 * minor_status,
+ const gss_name_t name1,
+ const gss_name_t name2,
+ int * name_equal
+ )
+{
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/context_time.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/context_time.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/context_time.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: context_time.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_context_time
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ OM_uint32 * time_rec
+ )
+{
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/crypto.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/crypto.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/crypto.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,595 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: crypto.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+uint32_t
+_krb5_crc_update (const char *p, size_t len, uint32_t res);
+void
+_krb5_crc_init_table(void);
+
+/*
+ *
+ */
+
+static void
+encode_le_uint32(uint32_t n, unsigned char *p)
+{
+ p[0] = (n >> 0) & 0xFF;
+ p[1] = (n >> 8) & 0xFF;
+ p[2] = (n >> 16) & 0xFF;
+ p[3] = (n >> 24) & 0xFF;
+}
+
+
+static void
+decode_le_uint32(const void *ptr, uint32_t *n)
+{
+ const unsigned char *p = ptr;
+ *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
+}
+
+/*
+ *
+ */
+
+const char a2i_signmagic[] =
+ "session key to server-to-client signing key magic constant";
+const char a2i_sealmagic[] =
+ "session key to server-to-client sealing key magic constant";
+const char i2a_signmagic[] =
+ "session key to client-to-server signing key magic constant";
+const char i2a_sealmagic[] =
+ "session key to client-to-server sealing key magic constant";
+
+
+void
+_gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
+ unsigned char *data, size_t len)
+{
+ unsigned char out[16];
+ MD5_CTX ctx;
+ const char *signmagic;
+ const char *sealmagic;
+
+ if (acceptor) {
+ signmagic = a2i_signmagic;
+ sealmagic = a2i_sealmagic;
+ } else {
+ signmagic = i2a_signmagic;
+ sealmagic = i2a_sealmagic;
+ }
+
+ key->seq = 0;
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, data, len);
+ MD5_Update(&ctx, signmagic, strlen(signmagic) + 1);
+ MD5_Final(key->signkey, &ctx);
+
+ MD5_Init(&ctx);
+ MD5_Update(&ctx, data, len);
+ MD5_Update(&ctx, sealmagic, strlen(sealmagic) + 1);
+ MD5_Final(out, &ctx);
+
+ RC4_set_key(&key->sealkey, 16, out);
+ if (sealsign)
+ key->signsealkey = &key->sealkey;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+v1_sign_message(gss_buffer_t in,
+ RC4_KEY *signkey,
+ uint32_t seq,
+ unsigned char out[16])
+{
+ unsigned char sigature[12];
+ uint32_t crc;
+
+ _krb5_crc_init_table();
+ crc = _krb5_crc_update(in->value, in->length, 0);
+
+ encode_le_uint32(0, &sigature[0]);
+ encode_le_uint32(crc, &sigature[4]);
+ encode_le_uint32(seq, &sigature[8]);
+
+ encode_le_uint32(1, out); /* version */
+ RC4(signkey, sizeof(sigature), sigature, out + 4);
+
+ if (RAND_bytes(out + 4, 4) != 1)
+ return GSS_S_UNAVAILABLE;
+
+ return 0;
+}
+
+
+static OM_uint32
+v2_sign_message(gss_buffer_t in,
+ unsigned char signkey[16],
+ RC4_KEY *sealkey,
+ uint32_t seq,
+ unsigned char out[16])
+{
+ unsigned char hmac[16];
+ unsigned int hmaclen;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+ HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL);
+
+ encode_le_uint32(seq, hmac);
+ HMAC_Update(&c, hmac, 4);
+ HMAC_Update(&c, in->value, in->length);
+ HMAC_Final(&c, hmac, &hmaclen);
+ HMAC_CTX_cleanup(&c);
+
+ encode_le_uint32(1, &out[0]);
+ if (sealkey)
+ RC4(sealkey, 8, hmac, &out[4]);
+ else
+ memcpy(&out[4], hmac, 8);
+
+ memset(&out[12], 0, 4);
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+v2_verify_message(gss_buffer_t in,
+ unsigned char signkey[16],
+ RC4_KEY *sealkey,
+ uint32_t seq,
+ const unsigned char checksum[16])
+{
+ OM_uint32 ret;
+ unsigned char out[16];
+
+ ret = v2_sign_message(in, signkey, sealkey, seq, out);
+ if (ret)
+ return ret;
+
+ if (memcmp(checksum, out, 16) != 0)
+ return GSS_S_BAD_MIC;
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+v2_seal_message(const gss_buffer_t in,
+ unsigned char signkey[16],
+ uint32_t seq,
+ RC4_KEY *sealkey,
+ gss_buffer_t out)
+{
+ unsigned char *p;
+ OM_uint32 ret;
+
+ if (in->length + 16 < in->length)
+ return EINVAL;
+
+ p = malloc(in->length + 16);
+ if (p == NULL)
+ return ENOMEM;
+
+ RC4(sealkey, in->length, in->value, p);
+
+ ret = v2_sign_message(in, signkey, sealkey, seq, &p[in->length]);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+
+ out->value = p;
+ out->length = in->length + 16;
+
+ return 0;
+}
+
+static OM_uint32
+v2_unseal_message(gss_buffer_t in,
+ unsigned char signkey[16],
+ uint32_t seq,
+ RC4_KEY *sealkey,
+ gss_buffer_t out)
+{
+ OM_uint32 ret;
+
+ if (in->length < 16)
+ return GSS_S_BAD_MIC;
+
+ out->length = in->length - 16;
+ out->value = malloc(out->length);
+ if (out->value == NULL)
+ return GSS_S_BAD_MIC;
+
+ RC4(sealkey, out->length, in->value, out->value);
+
+ ret = v2_verify_message(out, signkey, sealkey, seq,
+ ((const unsigned char *)in->value) + out->length);
+ if (ret) {
+ OM_uint32 junk;
+ gss_release_buffer(&junk, out);
+ }
+ return ret;
+}
+
+/*
+ *
+ */
+
+#define CTX_FLAGS_ISSET(_ctx,_flags) \
+ (((_ctx)->flags & (_flags)) == (_flags))
+
+/*
+ *
+ */
+
+OM_uint32 _gss_ntlm_get_mic
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+ OM_uint32 junk;
+
+ if (minor_status)
+ *minor_status = 0;
+ if (message_token) {
+ message_token->length = 0;
+ message_token->value = NULL;
+ }
+
+ message_token->value = malloc(16);
+ message_token->length = 16;
+ if (message_token->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
+ OM_uint32 ret;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0) {
+ gss_release_buffer(&junk, message_token);
+ return GSS_S_UNAVAILABLE;
+ }
+
+ ret = v2_sign_message(message_buffer,
+ ctx->u.v2.send.signkey,
+ ctx->u.v2.send.signsealkey,
+ ctx->u.v2.send.seq++,
+ message_token->value);
+ if (ret)
+ gss_release_buffer(&junk, message_token);
+ return ret;
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
+ OM_uint32 ret;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0) {
+ gss_release_buffer(&junk, message_token);
+ return GSS_S_UNAVAILABLE;
+ }
+
+ ret = v1_sign_message(message_buffer,
+ &ctx->u.v1.crypto_send.key,
+ ctx->u.v1.crypto_send.seq++,
+ message_token->value);
+ if (ret)
+ gss_release_buffer(&junk, message_token);
+ return ret;
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_ALWAYS_SIGN)) {
+ unsigned char *sigature;
+
+ sigature = message_token->value;
+
+ encode_le_uint32(1, &sigature[0]); /* version */
+ encode_le_uint32(0, &sigature[4]);
+ encode_le_uint32(0, &sigature[8]);
+ encode_le_uint32(0, &sigature[12]);
+
+ return GSS_S_COMPLETE;
+ }
+ gss_release_buffer(&junk, message_token);
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32
+_gss_ntlm_verify_mic
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ if (qop_state != NULL)
+ *qop_state = GSS_C_QOP_DEFAULT;
+ *minor_status = 0;
+
+ if (token_buffer->length != 16)
+ return GSS_S_BAD_MIC;
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
+ OM_uint32 ret;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0)
+ return GSS_S_UNAVAILABLE;
+
+ ret = v2_verify_message(message_buffer,
+ ctx->u.v2.recv.signkey,
+ ctx->u.v2.recv.signsealkey,
+ ctx->u.v2.recv.seq++,
+ token_buffer->value);
+ if (ret)
+ return ret;
+
+ return GSS_S_COMPLETE;
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
+
+ unsigned char sigature[12];
+ uint32_t crc, num;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0)
+ return GSS_S_UNAVAILABLE;
+
+ decode_le_uint32(token_buffer->value, &num);
+ if (num != 1)
+ return GSS_S_BAD_MIC;
+
+ RC4(&ctx->u.v1.crypto_recv.key, sizeof(sigature),
+ ((unsigned char *)token_buffer->value) + 4, sigature);
+
+ _krb5_crc_init_table();
+ crc = _krb5_crc_update(message_buffer->value,
+ message_buffer->length, 0);
+ /* skip first 4 bytes in the encrypted checksum */
+ decode_le_uint32(&sigature[4], &num);
+ if (num != crc)
+ return GSS_S_BAD_MIC;
+ decode_le_uint32(&sigature[8], &num);
+ if (ctx->u.v1.crypto_recv.seq != num)
+ return GSS_S_BAD_MIC;
+ ctx->u.v1.crypto_recv.seq++;
+
+ return GSS_S_COMPLETE;
+ } else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) {
+ uint32_t num;
+ unsigned char *p;
+
+ p = (unsigned char*)(token_buffer->value);
+
+ decode_le_uint32(&p[0], &num); /* version */
+ if (num != 1) return GSS_S_BAD_MIC;
+ decode_le_uint32(&p[4], &num);
+ if (num != 0) return GSS_S_BAD_MIC;
+ decode_le_uint32(&p[8], &num);
+ if (num != 0) return GSS_S_BAD_MIC;
+ decode_le_uint32(&p[12], &num);
+ if (num != 0) return GSS_S_BAD_MIC;
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32
+_gss_ntlm_wrap_size_limit (
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 * max_input_size
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ *minor_status = 0;
+
+ if(ctx->flags & NTLM_NEG_SEAL) {
+
+ if (req_output_size < 16)
+ *max_input_size = 0;
+ else
+ *max_input_size = req_output_size - 16;
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32 _gss_ntlm_wrap
+(OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+ OM_uint32 ret;
+
+ if (minor_status)
+ *minor_status = 0;
+ if (conf_state)
+ *conf_state = 0;
+ if (output_message_buffer == GSS_C_NO_BUFFER)
+ return GSS_S_FAILURE;
+
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
+
+ return v2_seal_message(input_message_buffer,
+ ctx->u.v2.send.signkey,
+ ctx->u.v2.send.seq++,
+ &ctx->u.v2.send.sealkey,
+ output_message_buffer);
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
+ gss_buffer_desc trailer;
+ OM_uint32 junk;
+
+ output_message_buffer->length = input_message_buffer->length + 16;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
+ return GSS_S_FAILURE;
+ }
+
+
+ RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length,
+ input_message_buffer->value, output_message_buffer->value);
+
+ ret = _gss_ntlm_get_mic(minor_status, context_handle,
+ 0, input_message_buffer,
+ &trailer);
+ if (ret) {
+ gss_release_buffer(&junk, output_message_buffer);
+ return ret;
+ }
+ if (trailer.length != 16) {
+ gss_release_buffer(&junk, output_message_buffer);
+ gss_release_buffer(&junk, &trailer);
+ return GSS_S_FAILURE;
+ }
+ memcpy(((unsigned char *)output_message_buffer->value) +
+ input_message_buffer->length,
+ trailer.value, trailer.length);
+ gss_release_buffer(&junk, &trailer);
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32 _gss_ntlm_unwrap
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+ OM_uint32 ret;
+
+ if (minor_status)
+ *minor_status = 0;
+ if (output_message_buffer) {
+ output_message_buffer->value = NULL;
+ output_message_buffer->length = 0;
+ }
+ if (conf_state)
+ *conf_state = 0;
+ if (qop_state)
+ *qop_state = 0;
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
+
+ return v2_unseal_message(input_message_buffer,
+ ctx->u.v2.recv.signkey,
+ ctx->u.v2.recv.seq++,
+ &ctx->u.v2.recv.sealkey,
+ output_message_buffer);
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
+
+ gss_buffer_desc trailer;
+ OM_uint32 junk;
+
+ if (input_message_buffer->length < 16)
+ return GSS_S_BAD_MIC;
+
+ output_message_buffer->length = input_message_buffer->length - 16;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
+ return GSS_S_FAILURE;
+ }
+
+ RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length,
+ input_message_buffer->value, output_message_buffer->value);
+
+ trailer.value = ((unsigned char *)input_message_buffer->value) +
+ output_message_buffer->length;
+ trailer.length = 16;
+
+ ret = _gss_ntlm_verify_mic(minor_status, context_handle,
+ output_message_buffer,
+ &trailer, NULL);
+ if (ret) {
+ gss_release_buffer(&junk, output_message_buffer);
+ return ret;
+ }
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/delete_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/delete_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/delete_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: delete_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_delete_sec_context
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t output_token
+ )
+{
+ if (context_handle) {
+ ntlm_ctx ctx = (ntlm_ctx)*context_handle;
+ gss_cred_id_t cred = (gss_cred_id_t)ctx->client;
+
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ if (ctx->server)
+ (*ctx->server->nsi_destroy)(minor_status, ctx->ictx);
+
+ _gss_ntlm_release_cred(NULL, &cred);
+
+ memset(ctx, 0, sizeof(*ctx));
+ free(ctx);
+ }
+ if (output_token) {
+ output_token->length = 0;
+ output_token->value = NULL;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/digest.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/digest.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/digest.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,435 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: digest.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ *
+ */
+
+struct ntlmkrb5 {
+ krb5_context context;
+ krb5_ntlm ntlm;
+ krb5_realm kerberos_realm;
+ krb5_ccache id;
+ krb5_data opaque;
+ int destroy;
+ OM_uint32 flags;
+ struct ntlm_buf key;
+ krb5_data sessionkey;
+};
+
+static OM_uint32 kdc_destroy(OM_uint32 *, void *);
+
+/*
+ * Get credential cache that the ntlm code can use to talk to the KDC
+ * using the digest API.
+ */
+
+static krb5_error_code
+get_ccache(krb5_context context, int *destroy, krb5_ccache *id)
+{
+ krb5_principal principal = NULL;
+ krb5_error_code ret;
+ krb5_keytab kt = NULL;
+
+ *id = NULL;
+
+ if (!issuid()) {
+ const char *cache;
+
+ cache = getenv("NTLM_ACCEPTOR_CCACHE");
+ if (cache) {
+ ret = krb5_cc_resolve(context, cache, id);
+ if (ret)
+ goto out;
+ return 0;
+ }
+ }
+
+ ret = krb5_sname_to_principal(context, NULL, "host",
+ KRB5_NT_SRV_HST, &principal);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_cache_match(context, principal, NULL, id);
+ if (ret == 0)
+ return 0;
+
+ /* did not find in default credcache, lets try default keytab */
+ ret = krb5_kt_default(context, &kt);
+ if (ret)
+ goto out;
+
+ /* XXX check in keytab */
+ {
+ krb5_get_init_creds_opt *opt;
+ krb5_creds cred;
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_cc_new_unique(context, "MEMORY", NULL, id);
+ if (ret)
+ goto out;
+ *destroy = 1;
+ ret = krb5_get_init_creds_opt_alloc(context, &opt);
+ if (ret)
+ goto out;
+ ret = krb5_get_init_creds_keytab (context,
+ &cred,
+ principal,
+ kt,
+ 0,
+ NULL,
+ opt);
+ krb5_get_init_creds_opt_free(context, opt);
+ if (ret)
+ goto out;
+ ret = krb5_cc_initialize (context, *id, cred.client);
+ if (ret) {
+ krb5_free_cred_contents (context, &cred);
+ goto out;
+ }
+ ret = krb5_cc_store_cred (context, *id, &cred);
+ krb5_free_cred_contents (context, &cred);
+ if (ret)
+ goto out;
+ }
+
+ krb5_kt_close(context, kt);
+
+ return 0;
+
+out:
+ if (*destroy)
+ krb5_cc_destroy(context, *id);
+ else
+ krb5_cc_close(context, *id);
+
+ *id = NULL;
+
+ if (kt)
+ krb5_kt_close(context, kt);
+
+ if (principal)
+ krb5_free_principal(context, principal);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_alloc(OM_uint32 *minor, void **ctx)
+{
+ krb5_error_code ret;
+ struct ntlmkrb5 *c;
+ OM_uint32 junk;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_init_context(&c->context);
+ if (ret) {
+ kdc_destroy(&junk, c);
+ *minor = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = get_ccache(c->context, &c->destroy, &c->id);
+ if (ret) {
+ kdc_destroy(&junk, c);
+ *minor = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_ntlm_alloc(c->context, &c->ntlm);
+ if (ret) {
+ kdc_destroy(&junk, c);
+ *minor = ret;
+ return GSS_S_FAILURE;
+ }
+
+ *ctx = c;
+
+ return GSS_S_COMPLETE;
+}
+
+static int
+kdc_probe(OM_uint32 *minor, void *ctx, const char *realm)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_error_code ret;
+ unsigned flags;
+
+ ret = krb5_digest_probe(c->context, rk_UNCONST(realm), c->id, &flags);
+ if (ret)
+ return ret;
+
+ if ((flags & (1|2|4)) == 0)
+ return EINVAL;
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_destroy(OM_uint32 *minor, void *ctx)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_data_free(&c->opaque);
+ krb5_data_free(&c->sessionkey);
+ if (c->ntlm)
+ krb5_ntlm_free(c->context, c->ntlm);
+ if (c->id) {
+ if (c->destroy)
+ krb5_cc_destroy(c->context, c->id);
+ else
+ krb5_cc_close(c->context, c->id);
+ }
+ if (c->context)
+ krb5_free_context(c->context);
+ memset(c, 0, sizeof(*c));
+ free(c);
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_type2(OM_uint32 *minor_status,
+ void *ctx,
+ uint32_t flags,
+ const char *hostname,
+ const char *domain,
+ uint32_t *ret_flags,
+ struct ntlm_buf *out)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_error_code ret;
+ struct ntlm_type2 type2;
+ krb5_data challange;
+ struct ntlm_buf data;
+ krb5_data ti;
+
+ memset(&type2, 0, sizeof(type2));
+
+ /*
+ * Request data for type 2 packet from the KDC.
+ */
+ ret = krb5_ntlm_init_request(c->context,
+ c->ntlm,
+ NULL,
+ c->id,
+ flags,
+ hostname,
+ domain);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ *
+ */
+
+ ret = krb5_ntlm_init_get_opaque(c->context, c->ntlm, &c->opaque);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ *
+ */
+
+ ret = krb5_ntlm_init_get_flags(c->context, c->ntlm, &type2.flags);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ *ret_flags = type2.flags;
+
+ ret = krb5_ntlm_init_get_challange(c->context, c->ntlm, &challange);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (challange.length != sizeof(type2.challange)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ memcpy(type2.challange, challange.data, sizeof(type2.challange));
+ krb5_data_free(&challange);
+
+ ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm,
+ &type2.targetname);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_ntlm_init_get_targetinfo(c->context, c->ntlm, &ti);
+ if (ret) {
+ free(type2.targetname);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ type2.targetinfo.data = ti.data;
+ type2.targetinfo.length = ti.length;
+
+ ret = heim_ntlm_encode_type2(&type2, &data);
+ free(type2.targetname);
+ krb5_data_free(&ti);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ out->data = data.data;
+ out->length = data.length;
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_type3(OM_uint32 *minor_status,
+ void *ctx,
+ const struct ntlm_type3 *type3,
+ struct ntlm_buf *sessionkey)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_error_code ret;
+
+ sessionkey->data = NULL;
+ sessionkey->length = 0;
+
+ ret = krb5_ntlm_req_set_flags(c->context, c->ntlm, type3->flags);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_username(c->context, c->ntlm, type3->username);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm,
+ type3->targetname);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_lm(c->context, c->ntlm,
+ type3->lm.data, type3->lm.length);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm,
+ type3->ntlm.data, type3->ntlm.length);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_opaque(c->context, c->ntlm, &c->opaque);
+ if (ret) goto out;
+
+ if (type3->sessionkey.length) {
+ ret = krb5_ntlm_req_set_session(c->context, c->ntlm,
+ type3->sessionkey.data,
+ type3->sessionkey.length);
+ if (ret) goto out;
+ }
+
+ /*
+ * Verify with the KDC the type3 packet is ok
+ */
+ ret = krb5_ntlm_request(c->context,
+ c->ntlm,
+ NULL,
+ c->id);
+ if (ret)
+ goto out;
+
+ if (krb5_ntlm_rep_get_status(c->context, c->ntlm) != TRUE) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ if (type3->sessionkey.length) {
+ ret = krb5_ntlm_rep_get_sessionkey(c->context,
+ c->ntlm,
+ &c->sessionkey);
+ if (ret)
+ goto out;
+
+ sessionkey->data = c->sessionkey.data;
+ sessionkey->length = c->sessionkey.length;
+ }
+
+ return 0;
+
+ out:
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+}
+
+/*
+ *
+ */
+
+static void
+kdc_free_buffer(struct ntlm_buf *sessionkey)
+{
+ if (sessionkey->data)
+ free(sessionkey->data);
+ sessionkey->data = NULL;
+ sessionkey->length = 0;
+}
+
+/*
+ *
+ */
+
+struct ntlm_server_interface ntlmsspi_kdc_digest = {
+ kdc_alloc,
+ kdc_destroy,
+ kdc_probe,
+ kdc_type2,
+ kdc_type3,
+ kdc_free_buffer
+};
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: display_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_display_name
+ (OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID * output_name_type
+ )
+{
+ *minor_status = 0;
+
+ if (output_name_type)
+ *output_name_type = GSS_NTLM_MECHANISM;
+
+ if (output_name_buffer) {
+ ntlm_name n = (ntlm_name)input_name;
+ char *str;
+ int len;
+
+ output_name_buffer->length = 0;
+ output_name_buffer->value = NULL;
+
+ if (n == NULL) {
+ *minor_status = 0;
+ return GSS_S_BAD_NAME;
+ }
+
+ len = asprintf(&str, "%s@%s", n->user, n->domain);
+ if (str == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ output_name_buffer->length = len;
+ output_name_buffer->value = str;
+ }
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_status.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_status.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/display_status.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: display_status.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_display_status
+ (OM_uint32 *minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 *message_context,
+ gss_buffer_t status_string)
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (status_string) {
+ status_string->length = 0;
+ status_string->value = NULL;
+ }
+ if (message_context)
+ *message_context = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/duplicate_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/duplicate_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/duplicate_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: duplicate_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_duplicate_name (
+ OM_uint32 * minor_status,
+ const gss_name_t src_name,
+ gss_name_t * dest_name
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (dest_name)
+ *dest_name = NULL;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: export_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_export_name
+ (OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_name
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (exported_name) {
+ exported_name->length = 0;
+ exported_name->value = NULL;
+ }
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/export_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1999 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: export_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gss_ntlm_export_sec_context (
+ OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t interprocess_token
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (interprocess_token) {
+ interprocess_token->length = 0;
+ interprocess_token->value = NULL;
+ }
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/external.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/external.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/external.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: external.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static gssapi_mech_interface_desc ntlm_mech = {
+ GMI_VERSION,
+ "ntlm",
+ {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") },
+ _gss_ntlm_acquire_cred,
+ _gss_ntlm_release_cred,
+ _gss_ntlm_init_sec_context,
+ _gss_ntlm_accept_sec_context,
+ _gss_ntlm_process_context_token,
+ _gss_ntlm_delete_sec_context,
+ _gss_ntlm_context_time,
+ _gss_ntlm_get_mic,
+ _gss_ntlm_verify_mic,
+ _gss_ntlm_wrap,
+ _gss_ntlm_unwrap,
+ _gss_ntlm_display_status,
+ NULL,
+ _gss_ntlm_compare_name,
+ _gss_ntlm_display_name,
+ _gss_ntlm_import_name,
+ _gss_ntlm_export_name,
+ _gss_ntlm_release_name,
+ _gss_ntlm_inquire_cred,
+ _gss_ntlm_inquire_context,
+ _gss_ntlm_wrap_size_limit,
+ _gss_ntlm_add_cred,
+ _gss_ntlm_inquire_cred_by_mech,
+ _gss_ntlm_export_sec_context,
+ _gss_ntlm_import_sec_context,
+ _gss_ntlm_inquire_names_for_mech,
+ _gss_ntlm_inquire_mechs_for_name,
+ _gss_ntlm_canonicalize_name,
+ _gss_ntlm_duplicate_name
+};
+
+gssapi_mech_interface
+__gss_ntlm_initialize(void)
+{
+ return &ntlm_mech;
+}
+
+static gss_OID_desc _gss_ntlm_mechanism_desc =
+{10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
+
+gss_OID GSS_NTLM_MECHANISM = &_gss_ntlm_mechanism_desc;
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: import_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_import_name
+ (OM_uint32 * minor_status,
+ const gss_buffer_t input_name_buffer,
+ const gss_OID input_name_type,
+ gss_name_t * output_name
+ )
+{
+ char *name, *p, *p2;
+ ntlm_name n;
+
+ *minor_status = 0;
+
+ if (output_name)
+ *output_name = GSS_C_NO_NAME;
+
+ if (!gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
+ return GSS_S_BAD_NAMETYPE;
+
+ name = malloc(input_name_buffer->length + 1);
+ if (name == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(name, input_name_buffer->value, input_name_buffer->length);
+ name[input_name_buffer->length] = '\0';
+
+ /* find "domain" part of the name and uppercase it */
+ p = strchr(name, '@');
+ if (p == NULL)
+ return GSS_S_BAD_NAME;
+ p[0] = '\0';
+ p++;
+ p2 = strchr(p, '.');
+ if (p2 && p2[1] != '\0') {
+ p = p2 + 1;
+ p2 = strchr(p, '.');
+ if (p2)
+ *p2 = '\0';
+ }
+ strupr(p);
+
+ n = calloc(1, sizeof(*n));
+ if (name == NULL) {
+ free(name);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ n->user = strdup(name);
+ n->domain = strdup(p);
+
+ free(name);
+
+ if (n->user == NULL || n->domain == NULL) {
+ free(n->user);
+ free(n->domain);
+ free(n);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ *output_name = (gss_name_t)n;
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/import_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1999 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: import_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gss_ntlm_import_sec_context (
+ OM_uint32 * minor_status,
+ const gss_buffer_t interprocess_token,
+ gss_ctx_id_t * context_handle
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (context_handle)
+ *context_handle = GSS_C_NO_CONTEXT;
+ return GSS_S_FAILURE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/indicate_mechs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/indicate_mechs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/indicate_mechs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: indicate_mechs.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_indicate_mechs
+(OM_uint32 * minor_status,
+ gss_OID_set * mech_set
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (mech_set)
+ *mech_set = GSS_C_NO_OID_SET;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/init_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/init_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/init_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,508 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: init_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int
+from_file(const char *fn, const char *target_domain,
+ char **username, struct ntlm_buf *key)
+{
+ char *str, buf[1024];
+ FILE *f;
+
+ f = fopen(fn, "r");
+ if (f == NULL)
+ return ENOENT;
+
+ while (fgets(buf, sizeof(buf), f) != NULL) {
+ char *d, *u, *p;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (buf[0] == '#')
+ continue;
+ str = NULL;
+ d = strtok_r(buf, ":", &str);
+ if (d && strcasecmp(target_domain, d) != 0)
+ continue;
+ u = strtok_r(NULL, ":", &str);
+ p = strtok_r(NULL, ":", &str);
+ if (u == NULL || p == NULL)
+ continue;
+
+ *username = strdup(u);
+
+ heim_ntlm_nt_key(p, key);
+
+ memset(buf, 0, sizeof(buf));
+ fclose(f);
+ return 0;
+ }
+ memset(buf, 0, sizeof(buf));
+ fclose(f);
+ return ENOENT;
+}
+
+static int
+get_user_file(const ntlm_name target_name,
+ char **username, struct ntlm_buf *key)
+{
+ const char *fn;
+
+ if (issuid())
+ return ENOENT;
+
+ fn = getenv("NTLM_USER_FILE");
+ if (fn == NULL)
+ return ENOENT;
+ if (from_file(fn, target_name->domain, username, key) == 0)
+ return 0;
+
+ return ENOENT;
+}
+
+/*
+ * Pick up the ntlm cred from the default krb5 credential cache.
+ */
+
+static int
+get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
+{
+ krb5_principal client;
+ krb5_context context = NULL;
+ krb5_error_code ret;
+ krb5_ccache id = NULL;
+ krb5_creds mcreds, creds;
+
+ *username = NULL;
+ key->length = 0;
+ key->data = NULL;
+
+ memset(&creds, 0, sizeof(creds));
+ memset(&mcreds, 0, sizeof(mcreds));
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_get_principal(context, id, &client);
+ if (ret)
+ goto out;
+
+ ret = krb5_unparse_name_flags(context, client,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ username);
+ if (ret)
+ goto out;
+
+ ret = krb5_make_principal(context, &mcreds.server,
+ krb5_principal_get_realm(context, client),
+ "@ntlm-key", name->domain, NULL);
+ krb5_free_principal(context, client);
+ if (ret)
+ goto out;
+
+ mcreds.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5;
+ ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_MATCH_KEYTYPE,
+ &mcreds, &creds);
+ if (ret) {
+ char *s = krb5_get_error_message(context, ret);
+ krb5_free_error_string(context, s);
+ goto out;
+ }
+
+ key->data = malloc(creds.session.keyvalue.length);
+ if (key->data == NULL)
+ goto out;
+ key->length = creds.session.keyvalue.length;
+ memcpy(key->data, creds.session.keyvalue.data, key->length);
+
+ krb5_free_cred_contents(context, &creds);
+
+ return 0;
+
+out:
+ if (*username) {
+ free(*username);
+ *username = NULL;
+ }
+ krb5_free_cred_contents(context, &creds);
+ if (mcreds.server)
+ krb5_free_principal(context, mcreds.server);
+ if (id)
+ krb5_cc_close(context, id);
+ if (context)
+ krb5_free_context(context);
+
+ return ret;
+}
+
+int
+_gss_ntlm_get_user_cred(const ntlm_name target_name,
+ ntlm_cred *rcred)
+{
+ ntlm_cred cred;
+ int ret;
+
+ cred = calloc(1, sizeof(*cred));
+ if (cred == NULL)
+ return ENOMEM;
+
+ ret = get_user_file(target_name, &cred->username, &cred->key);
+ if (ret)
+ ret = get_user_ccache(target_name, &cred->username, &cred->key);
+ if (ret) {
+ free(cred);
+ return ret;
+ }
+
+ cred->domain = strdup(target_name->domain);
+ *rcred = cred;
+
+ return ret;
+}
+
+static int
+_gss_copy_cred(ntlm_cred from, ntlm_cred *to)
+{
+ *to = calloc(1, sizeof(*to));
+ if (*to == NULL)
+ return ENOMEM;
+ (*to)->username = strdup(from->username);
+ if ((*to)->username == NULL) {
+ free(*to);
+ return ENOMEM;
+ }
+ (*to)->domain = strdup(from->domain);
+ if ((*to)->domain == NULL) {
+ free((*to)->username);
+ free(*to);
+ return ENOMEM;
+ }
+ (*to)->key.data = malloc(from->key.length);
+ if ((*to)->key.data == NULL) {
+ free((*to)->domain);
+ free((*to)->username);
+ free(*to);
+ return ENOMEM;
+ }
+ memcpy((*to)->key.data, from->key.data, from->key.length);
+ (*to)->key.length = from->key.length;
+
+ return 0;
+}
+
+OM_uint32
+_gss_ntlm_init_sec_context
+ (OM_uint32 * minor_status,
+ const gss_cred_id_t initiator_cred_handle,
+ gss_ctx_id_t * context_handle,
+ const gss_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ ntlm_ctx ctx;
+ ntlm_name name = (ntlm_name)target_name;
+
+ *minor_status = 0;
+
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+ if (actual_mech_type)
+ *actual_mech_type = GSS_C_NO_OID;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ struct ntlm_type1 type1;
+ struct ntlm_buf data;
+ uint32_t flags = 0;
+ int ret;
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ if (initiator_cred_handle != GSS_C_NO_CREDENTIAL) {
+ ntlm_cred cred = (ntlm_cred)initiator_cred_handle;
+ ret = _gss_copy_cred(cred, &ctx->client);
+ } else
+ ret = _gss_ntlm_get_user_cred(name, &ctx->client);
+
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (req_flags & GSS_C_CONF_FLAG)
+ flags |= NTLM_NEG_SEAL;
+ if (req_flags & GSS_C_INTEG_FLAG)
+ flags |= NTLM_NEG_SIGN;
+ else
+ flags |= NTLM_NEG_ALWAYS_SIGN;
+
+ flags |= NTLM_NEG_UNICODE;
+ flags |= NTLM_NEG_NTLM;
+ flags |= NTLM_NEG_NTLM2_SESSION;
+ flags |= NTLM_NEG_KEYEX;
+
+ memset(&type1, 0, sizeof(type1));
+
+ type1.flags = flags;
+ type1.domain = name->domain;
+ type1.hostname = NULL;
+ type1.os[0] = 0;
+ type1.os[1] = 0;
+
+ ret = heim_ntlm_encode_type1(&type1, &data);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ output_token->value = data.data;
+ output_token->length = data.length;
+
+ return GSS_S_CONTINUE_NEEDED;
+ } else {
+ krb5_error_code ret;
+ struct ntlm_type2 type2;
+ struct ntlm_type3 type3;
+ struct ntlm_buf data;
+
+ ctx = (ntlm_ctx)*context_handle;
+
+ data.data = input_token->value;
+ data.length = input_token->length;
+
+ ret = heim_ntlm_decode_type2(&data, &type2);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->flags = type2.flags;
+
+ /* XXX check that type2.targetinfo matches `target_name\xB4 */
+ /* XXX check verify targetinfo buffer */
+
+ memset(&type3, 0, sizeof(type3));
+
+ type3.username = ctx->client->username;
+ type3.flags = type2.flags;
+ type3.targetname = type2.targetname;
+ type3.ws = rk_UNCONST("workstation");
+
+ /*
+ * NTLM Version 1 if no targetinfo buffer.
+ */
+
+ if (1 || type2.targetinfo.length == 0) {
+ struct ntlm_buf sessionkey;
+
+ if (type2.flags & NTLM_NEG_NTLM2_SESSION) {
+ unsigned char nonce[8];
+
+ if (RAND_bytes(nonce, sizeof(nonce)) != 1) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_calculate_ntlm2_sess(nonce,
+ type2.challange,
+ ctx->client->key.data,
+ &type3.lm,
+ &type3.ntlm);
+ } else {
+ ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data,
+ ctx->client->key.length,
+ type2.challange,
+ &type3.ntlm);
+
+ }
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data,
+ ctx->client->key.length,
+ &sessionkey,
+ &type3.sessionkey);
+ if (ret) {
+ if (type3.lm.data)
+ free(type3.lm.data);
+ if (type3.ntlm.data)
+ free(type3.ntlm.data);
+ _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_data_copy(&ctx->sessionkey,
+ sessionkey.data, sessionkey.length);
+ free(sessionkey.data);
+ if (ret) {
+ if (type3.lm.data)
+ free(type3.lm.data);
+ if (type3.ntlm.data)
+ free(type3.ntlm.data);
+ _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ ctx->status |= STATUS_SESSIONKEY;
+
+ } else {
+ struct ntlm_buf sessionkey;
+ unsigned char ntlmv2[16];
+ struct ntlm_targetinfo ti;
+
+ /* verify infotarget */
+
+ ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti);
+ if(ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data,
+ ctx->client->key.length,
+ ctx->client->username,
+ name->domain,
+ type2.challange,
+ &type2.targetinfo,
+ ntlmv2,
+ &type3.ntlm);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
+ &sessionkey,
+ &type3.sessionkey);
+ memset(ntlmv2, 0, sizeof(ntlmv2));
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->flags |= NTLM_NEG_NTLM2_SESSION;
+
+ ret = krb5_data_copy(&ctx->sessionkey,
+ sessionkey.data, sessionkey.length);
+ free(sessionkey.data);
+ }
+
+ if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
+ ctx->status |= STATUS_SESSIONKEY;
+ _gss_ntlm_set_key(&ctx->u.v2.send, 0, (ctx->flags & NTLM_NEG_KEYEX),
+ ctx->sessionkey.data,
+ ctx->sessionkey.length);
+ _gss_ntlm_set_key(&ctx->u.v2.recv, 1, (ctx->flags & NTLM_NEG_KEYEX),
+ ctx->sessionkey.data,
+ ctx->sessionkey.length);
+ } else {
+ ctx->status |= STATUS_SESSIONKEY;
+ RC4_set_key(&ctx->u.v1.crypto_recv.key,
+ ctx->sessionkey.length,
+ ctx->sessionkey.data);
+ RC4_set_key(&ctx->u.v1.crypto_send.key,
+ ctx->sessionkey.length,
+ ctx->sessionkey.data);
+ }
+
+
+
+ ret = heim_ntlm_encode_type3(&type3, &data);
+ free(type3.sessionkey.data);
+ if (type3.lm.data)
+ free(type3.lm.data);
+ if (type3.ntlm.data)
+ free(type3.ntlm.data);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ output_token->length = data.length;
+ output_token->value = data.data;
+
+ if (actual_mech_type)
+ *actual_mech_type = GSS_NTLM_MECHANISM;
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+
+ ctx->status |= STATUS_OPEN;
+
+ return GSS_S_COMPLETE;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: inquire_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_inquire_context (
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_name_t * src_name,
+ gss_name_t * targ_name,
+ OM_uint32 * lifetime_rec,
+ gss_OID * mech_type,
+ OM_uint32 * ctx_flags,
+ int * locally_initiated,
+ int * open_context
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ *minor_status = 0;
+ if (src_name)
+ *src_name = GSS_C_NO_NAME;
+ if (targ_name)
+ *targ_name = GSS_C_NO_NAME;
+ if (lifetime_rec)
+ *lifetime_rec = GSS_C_INDEFINITE;
+ if (mech_type)
+ *mech_type = GSS_NTLM_MECHANISM;
+ if (ctx_flags)
+ *ctx_flags = ctx->gssflags;
+ if (locally_initiated)
+ *locally_initiated = (ctx->status & STATUS_CLIENT) ? 1 : 0;
+ if (open_context)
+ *open_context = (ctx->status & STATUS_OPEN) ? 1 : 0;
+
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: inquire_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_inquire_cred
+ (OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ gss_name_t * name,
+ OM_uint32 * lifetime,
+ gss_cred_usage_t * cred_usage,
+ gss_OID_set * mechanisms
+ )
+{
+ OM_uint32 ret, junk;
+
+ if (minor_status)
+ *minor_status = 0;
+ if (name)
+ *name = GSS_C_NO_NAME;
+ if (lifetime)
+ *lifetime = GSS_C_INDEFINITE;
+ if (cred_usage)
+ *cred_usage = 0;
+ if (mechanisms)
+ *mechanisms = GSS_C_NO_OID_SET;
+
+ if (cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_NO_CRED;
+
+ if (mechanisms) {
+ ret = gss_create_empty_oid_set(minor_status, mechanisms);
+ if (ret)
+ goto out;
+ ret = gss_add_oid_set_member(minor_status,
+ GSS_NTLM_MECHANISM,
+ mechanisms);
+ if (ret)
+ goto out;
+ }
+
+ return GSS_S_COMPLETE;
+out:
+ gss_release_oid_set(&junk, mechanisms);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred_by_mech.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred_by_mech.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_cred_by_mech.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: inquire_cred_by_mech.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_inquire_cred_by_mech (
+ OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID mech_type,
+ gss_name_t * name,
+ OM_uint32 * initiator_lifetime,
+ OM_uint32 * acceptor_lifetime,
+ gss_cred_usage_t * cred_usage
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (name)
+ *name = GSS_C_NO_NAME;
+ if (initiator_lifetime)
+ *initiator_lifetime = 0;
+ if (acceptor_lifetime)
+ *acceptor_lifetime = 0;
+ if (cred_usage)
+ *cred_usage = 0;
+ return GSS_S_UNAVAILABLE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_mechs_for_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_mechs_for_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_mechs_for_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: inquire_mechs_for_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_inquire_mechs_for_name (
+ OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_OID_set * mech_types
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (mech_types)
+ *mech_types = GSS_C_NO_OID_SET;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_names_for_mech.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_names_for_mech.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/inquire_names_for_mech.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: inquire_names_for_mech.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+
+OM_uint32 _gss_ntlm_inquire_names_for_mech (
+ OM_uint32 * minor_status,
+ const gss_OID mechanism,
+ gss_OID_set * name_types
+ )
+{
+ OM_uint32 ret;
+
+ ret = gss_create_empty_oid_set(minor_status, name_types);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,264 @@
+/* This is a generated file */
+#ifndef __ntlm_private_h__
+#define __ntlm_private_h__
+
+#include <stdarg.h>
+
+gssapi_mech_interface
+__gss_ntlm_initialize (void);
+
+OM_uint32
+_gss_ntlm_accept_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_cred_id_t /*acceptor_cred_handle*/,
+ const gss_buffer_t /*input_token_buffer*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ gss_name_t * /*src_name*/,
+ gss_OID * /*mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * /*time_rec*/,
+ gss_cred_id_t * delegated_cred_handle );
+
+OM_uint32
+_gss_ntlm_acquire_cred (
+ OM_uint32 * /*min_stat*/,
+ const gss_name_t /*desired_name*/,
+ OM_uint32 /*time_req*/,
+ const gss_OID_set /*desired_mechs*/,
+ gss_cred_usage_t /*cred_usage*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gss_ntlm_add_cred (
+ OM_uint32 */*minor_status*/,
+ const gss_cred_id_t /*input_cred_handle*/,
+ const gss_name_t /*desired_name*/,
+ const gss_OID /*desired_mech*/,
+ gss_cred_usage_t /*cred_usage*/,
+ OM_uint32 /*initiator_time_req*/,
+ OM_uint32 /*acceptor_time_req*/,
+ gss_cred_id_t */*output_cred_handle*/,
+ gss_OID_set */*actual_mechs*/,
+ OM_uint32 */*initiator_time_rec*/,
+ OM_uint32 */*acceptor_time_rec*/);
+
+OM_uint32
+_gss_ntlm_allocate_ctx (
+ OM_uint32 */*minor_status*/,
+ ntlm_ctx */*ctx*/);
+
+OM_uint32
+_gss_ntlm_canonicalize_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * output_name );
+
+OM_uint32
+_gss_ntlm_compare_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*name1*/,
+ const gss_name_t /*name2*/,
+ int * name_equal );
+
+OM_uint32
+_gss_ntlm_context_time (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gss_ntlm_delete_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t output_token );
+
+OM_uint32
+_gss_ntlm_display_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t /*output_name_buffer*/,
+ gss_OID * output_name_type );
+
+OM_uint32
+_gss_ntlm_display_status (
+ OM_uint32 */*minor_status*/,
+ OM_uint32 /*status_value*/,
+ int /*status_type*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 */*message_context*/,
+ gss_buffer_t /*status_string*/);
+
+OM_uint32
+_gss_ntlm_duplicate_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*src_name*/,
+ gss_name_t * dest_name );
+
+OM_uint32
+_gss_ntlm_export_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t exported_name );
+
+OM_uint32
+_gss_ntlm_export_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t interprocess_token );
+
+OM_uint32
+_gss_ntlm_get_mic (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*message_buffer*/,
+ gss_buffer_t message_token );
+
+int
+_gss_ntlm_get_user_cred (
+ const ntlm_name /*target_name*/,
+ ntlm_cred */*rcred*/);
+
+OM_uint32
+_gss_ntlm_import_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*input_name_buffer*/,
+ const gss_OID /*input_name_type*/,
+ gss_name_t * output_name );
+
+OM_uint32
+_gss_ntlm_import_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*interprocess_token*/,
+ gss_ctx_id_t * context_handle );
+
+OM_uint32
+_gss_ntlm_indicate_mechs (
+ OM_uint32 * /*minor_status*/,
+ gss_OID_set * mech_set );
+
+OM_uint32
+_gss_ntlm_init_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_name_t /*target_name*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 /*req_flags*/,
+ OM_uint32 /*time_req*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ const gss_buffer_t /*input_token*/,
+ gss_OID * /*actual_mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gss_ntlm_inquire_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_name_t * /*src_name*/,
+ gss_name_t * /*targ_name*/,
+ OM_uint32 * /*lifetime_rec*/,
+ gss_OID * /*mech_type*/,
+ OM_uint32 * /*ctx_flags*/,
+ int * /*locally_initiated*/,
+ int * open_context );
+
+OM_uint32
+_gss_ntlm_inquire_cred (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*lifetime*/,
+ gss_cred_usage_t * /*cred_usage*/,
+ gss_OID_set * mechanisms );
+
+OM_uint32
+_gss_ntlm_inquire_cred_by_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*initiator_lifetime*/,
+ OM_uint32 * /*acceptor_lifetime*/,
+ gss_cred_usage_t * cred_usage );
+
+OM_uint32
+_gss_ntlm_inquire_mechs_for_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_OID_set * mech_types );
+
+OM_uint32
+_gss_ntlm_inquire_names_for_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_OID /*mechanism*/,
+ gss_OID_set * name_types );
+
+OM_uint32
+_gss_ntlm_process_context_token (
+ OM_uint32 */*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t token_buffer );
+
+OM_uint32
+_gss_ntlm_release_cred (
+ OM_uint32 * /*minor_status*/,
+ gss_cred_id_t * cred_handle );
+
+OM_uint32
+_gss_ntlm_release_name (
+ OM_uint32 * /*minor_status*/,
+ gss_name_t * input_name );
+
+void
+_gss_ntlm_set_key (
+ struct ntlmv2_key */*key*/,
+ int /*acceptor*/,
+ int /*sealsign*/,
+ unsigned char */*data*/,
+ size_t /*len*/);
+
+OM_uint32
+_gss_ntlm_unwrap (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ gss_qop_t * qop_state );
+
+OM_uint32
+_gss_ntlm_verify_mic (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t * qop_state );
+
+OM_uint32
+_gss_ntlm_wrap (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t output_message_buffer );
+
+OM_uint32
+_gss_ntlm_wrap_size_limit (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ OM_uint32 /*req_output_size*/,
+ OM_uint32 * max_input_size );
+
+#endif /* __ntlm_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/ntlm.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ntlm.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef NTLM_NTLM_H
+#define NTLM_NTLM_H
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+#include <errno.h>
+
+#include <gssapi.h>
+#include <gssapi_mech.h>
+
+#include <krb5.h>
+#include <roken.h>
+#include <heim_threads.h>
+
+#include <heimntlm.h>
+
+#include "crypto-headers.h"
+
+typedef OM_uint32
+(*ntlm_interface_init)(OM_uint32 *, void **);
+
+typedef OM_uint32
+(*ntlm_interface_destroy)(OM_uint32 *, void *);
+
+typedef int
+(*ntlm_interface_probe)(OM_uint32 *, void *, const char *);
+
+typedef OM_uint32
+(*ntlm_interface_type2)(OM_uint32 *, void *, uint32_t, const char *,
+ const char *, uint32_t *, struct ntlm_buf *);
+
+typedef OM_uint32
+(*ntlm_interface_type3)(OM_uint32 *, void *, const struct ntlm_type3 *,
+ struct ntlm_buf *);
+
+typedef void
+(*ntlm_interface_free_buffer)(struct ntlm_buf *);
+
+struct ntlm_server_interface {
+ ntlm_interface_init nsi_init;
+ ntlm_interface_destroy nsi_destroy;
+ ntlm_interface_probe nsi_probe;
+ ntlm_interface_type2 nsi_type2;
+ ntlm_interface_type3 nsi_type3;
+ ntlm_interface_free_buffer nsi_free_buffer;
+};
+
+
+struct ntlmv2_key {
+ uint32_t seq;
+ RC4_KEY sealkey;
+ RC4_KEY *signsealkey;
+ unsigned char signkey[16];
+};
+
+extern struct ntlm_server_interface ntlmsspi_kdc_digest;
+
+typedef struct ntlm_cred {
+ gss_cred_usage_t usage;
+ char *username;
+ char *domain;
+ struct ntlm_buf key;
+} *ntlm_cred;
+
+typedef struct {
+ struct ntlm_server_interface *server;
+ void *ictx;
+ ntlm_cred client;
+ OM_uint32 gssflags;
+ uint32_t flags;
+ uint32_t status;
+#define STATUS_OPEN 1
+#define STATUS_CLIENT 2
+#define STATUS_SESSIONKEY 4
+ krb5_data sessionkey;
+
+ union {
+ struct {
+ struct {
+ uint32_t seq;
+ RC4_KEY key;
+ } crypto_send, crypto_recv;
+ } v1;
+ struct {
+ struct ntlmv2_key send, recv;
+ } v2;
+ } u;
+} *ntlm_ctx;
+
+typedef struct {
+ char *user;
+ char *domain;
+} *ntlm_name;
+
+#include <ntlm/ntlm-private.h>
+
+
+#endif /* NTLM_NTLM_H */
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/process_context_token.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/process_context_token.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/process_context_token.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: process_context_token.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_process_context_token (
+ OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer
+ )
+{
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: release_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_release_cred
+ (OM_uint32 * minor_status,
+ gss_cred_id_t * cred_handle
+ )
+{
+ ntlm_cred cred;
+
+ if (minor_status)
+ *minor_status = 0;
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_COMPLETE;
+
+ cred = (ntlm_cred)*cred_handle;
+ *cred_handle = GSS_C_NO_CREDENTIAL;
+
+ if (cred->username)
+ free(cred->username);
+ if (cred->domain)
+ free(cred->domain);
+ if (cred->key.data) {
+ memset(cred->key.data, 0, cred->key.length);
+ free(cred->key.data);
+ }
+
+ return GSS_S_COMPLETE;
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/ntlm/release_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm/ntlm.h"
+
+RCSID("$Id: release_name.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32 _gss_ntlm_release_name
+ (OM_uint32 * minor_status,
+ gss_name_t * input_name
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (input_name) {
+ ntlm_name n = (ntlm_name)*input_name;
+ *input_name = GSS_C_NO_NAME;
+ free(n->user);
+ free(n->domain);
+ free(n);
+ }
+ return GSS_S_COMPLETE;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/accept_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/accept_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/accept_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1030 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * Portions Copyright (c) 2004 PADL Software Pty Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "spnego/spnego_locl.h"
+
+RCSID("$Id: accept_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+/* $FreeBSD$ */
+
+static OM_uint32
+send_reject (OM_uint32 *minor_status,
+ gss_buffer_t output_token)
+{
+ NegotiationToken nt;
+ size_t size;
+
+ nt.element = choice_NegotiationToken_negTokenResp;
+
+ ALLOC(nt.u.negTokenResp.negResult, 1);
+ if (nt.u.negTokenResp.negResult == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ *(nt.u.negTokenResp.negResult) = reject;
+ nt.u.negTokenResp.supportedMech = NULL;
+ nt.u.negTokenResp.responseToken = NULL;
+ nt.u.negTokenResp.mechListMIC = NULL;
+
+ ASN1_MALLOC_ENCODE(NegotiationToken,
+ output_token->value, output_token->length, &nt,
+ &size, *minor_status);
+ free_NegotiationToken(&nt);
+ if (*minor_status != 0)
+ return GSS_S_FAILURE;
+
+ return GSS_S_BAD_MECH;
+}
+
+static OM_uint32
+acceptor_approved(gss_name_t target_name, gss_OID mech)
+{
+ gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+ gss_OID_set oidset;
+ OM_uint32 junk, ret;
+
+ if (target_name == GSS_C_NO_NAME)
+ return GSS_S_COMPLETE;
+
+ gss_create_empty_oid_set(&junk, &oidset);
+ gss_add_oid_set_member(&junk, mech, &oidset);
+
+ ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset,
+ GSS_C_ACCEPT, &cred, NULL, NULL);
+ gss_release_oid_set(&junk, &oidset);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+ gss_release_cred(&junk, &cred);
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+send_supported_mechs (OM_uint32 *minor_status,
+ gss_buffer_t output_token)
+{
+ NegotiationTokenWin nt;
+ char hostname[MAXHOSTNAMELEN + 1], *p;
+ gss_buffer_desc name_buf;
+ gss_OID name_type;
+ gss_name_t target_princ;
+ gss_name_t canon_princ;
+ OM_uint32 minor;
+ size_t buf_len;
+ gss_buffer_desc data;
+ OM_uint32 ret;
+
+ memset(&nt, 0, sizeof(nt));
+
+ nt.element = choice_NegotiationTokenWin_negTokenInit;
+ nt.u.negTokenInit.reqFlags = NULL;
+ nt.u.negTokenInit.mechToken = NULL;
+ nt.u.negTokenInit.negHints = NULL;
+
+ ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME,
+ acceptor_approved, 1, NULL,
+ &nt.u.negTokenInit.mechTypes, NULL);
+ if (ret != GSS_S_COMPLETE) {
+ return ret;
+ }
+
+ memset(&target_princ, 0, sizeof(target_princ));
+ if (gethostname(hostname, sizeof(hostname) - 2) != 0) {
+ *minor_status = errno;
+ free_NegotiationTokenWin(&nt);
+ return GSS_S_FAILURE;
+ }
+ hostname[sizeof(hostname) - 1] = '\0';
+
+ /* Send the constructed SAM name for this host */
+ for (p = hostname; *p != '\0' && *p != '.'; p++) {
+ *p = toupper((unsigned char)*p);
+ }
+ *p++ = '$';
+ *p = '\0';
+
+ name_buf.length = strlen(hostname);
+ name_buf.value = hostname;
+
+ ret = gss_import_name(minor_status, &name_buf,
+ GSS_C_NO_OID,
+ &target_princ);
+ if (ret != GSS_S_COMPLETE) {
+ free_NegotiationTokenWin(&nt);
+ return ret;
+ }
+
+ name_buf.length = 0;
+ name_buf.value = NULL;
+
+ /* Canonicalize the name using the preferred mechanism */
+ ret = gss_canonicalize_name(minor_status,
+ target_princ,
+ GSS_C_NO_OID,
+ &canon_princ);
+ if (ret != GSS_S_COMPLETE) {
+ free_NegotiationTokenWin(&nt);
+ gss_release_name(&minor, &target_princ);
+ return ret;
+ }
+
+ ret = gss_display_name(minor_status, canon_princ,
+ &name_buf, &name_type);
+ if (ret != GSS_S_COMPLETE) {
+ free_NegotiationTokenWin(&nt);
+ gss_release_name(&minor, &canon_princ);
+ gss_release_name(&minor, &target_princ);
+ return ret;
+ }
+
+ gss_release_name(&minor, &canon_princ);
+ gss_release_name(&minor, &target_princ);
+
+ ALLOC(nt.u.negTokenInit.negHints, 1);
+ if (nt.u.negTokenInit.negHints == NULL) {
+ *minor_status = ENOMEM;
+ gss_release_buffer(&minor, &name_buf);
+ free_NegotiationTokenWin(&nt);
+ return GSS_S_FAILURE;
+ }
+
+ ALLOC(nt.u.negTokenInit.negHints->hintName, 1);
+ if (nt.u.negTokenInit.negHints->hintName == NULL) {
+ *minor_status = ENOMEM;
+ gss_release_buffer(&minor, &name_buf);
+ free_NegotiationTokenWin(&nt);
+ return GSS_S_FAILURE;
+ }
+
+ *(nt.u.negTokenInit.negHints->hintName) = name_buf.value;
+ name_buf.value = NULL;
+ nt.u.negTokenInit.negHints->hintAddress = NULL;
+
+ ASN1_MALLOC_ENCODE(NegotiationTokenWin,
+ data.value, data.length, &nt, &buf_len, ret);
+ free_NegotiationTokenWin(&nt);
+ if (ret) {
+ return ret;
+ }
+ if (data.length != buf_len)
+ abort();
+
+ ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
+
+ free (data.value);
+
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ *minor_status = 0;
+
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+static OM_uint32
+send_accept (OM_uint32 *minor_status,
+ gssspnego_ctx context_handle,
+ gss_buffer_t mech_token,
+ int initial_response,
+ gss_buffer_t mech_buf,
+ gss_buffer_t output_token)
+{
+ NegotiationToken nt;
+ OM_uint32 ret;
+ gss_buffer_desc mech_mic_buf;
+ size_t size;
+
+ memset(&nt, 0, sizeof(nt));
+
+ nt.element = choice_NegotiationToken_negTokenResp;
+
+ ALLOC(nt.u.negTokenResp.negResult, 1);
+ if (nt.u.negTokenResp.negResult == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ if (context_handle->open) {
+ if (mech_token != GSS_C_NO_BUFFER
+ && mech_token->length != 0
+ && mech_buf != GSS_C_NO_BUFFER)
+ *(nt.u.negTokenResp.negResult) = accept_incomplete;
+ else
+ *(nt.u.negTokenResp.negResult) = accept_completed;
+ } else {
+ if (initial_response && context_handle->require_mic)
+ *(nt.u.negTokenResp.negResult) = request_mic;
+ else
+ *(nt.u.negTokenResp.negResult) = accept_incomplete;
+ }
+
+ if (initial_response) {
+ ALLOC(nt.u.negTokenResp.supportedMech, 1);
+ if (nt.u.negTokenResp.supportedMech == NULL) {
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ret = der_get_oid(context_handle->preferred_mech_type->elements,
+ context_handle->preferred_mech_type->length,
+ nt.u.negTokenResp.supportedMech,
+ NULL);
+ if (ret) {
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ } else {
+ nt.u.negTokenResp.supportedMech = NULL;
+ }
+
+ if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) {
+ ALLOC(nt.u.negTokenResp.responseToken, 1);
+ if (nt.u.negTokenResp.responseToken == NULL) {
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ nt.u.negTokenResp.responseToken->length = mech_token->length;
+ nt.u.negTokenResp.responseToken->data = mech_token->value;
+ mech_token->length = 0;
+ mech_token->value = NULL;
+ } else {
+ nt.u.negTokenResp.responseToken = NULL;
+ }
+
+ if (mech_buf != GSS_C_NO_BUFFER) {
+ ret = gss_get_mic(minor_status,
+ context_handle->negotiated_ctx_id,
+ 0,
+ mech_buf,
+ &mech_mic_buf);
+ if (ret == GSS_S_COMPLETE) {
+ ALLOC(nt.u.negTokenResp.mechListMIC, 1);
+ if (nt.u.negTokenResp.mechListMIC == NULL) {
+ gss_release_buffer(minor_status, &mech_mic_buf);
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ nt.u.negTokenResp.mechListMIC->length = mech_mic_buf.length;
+ nt.u.negTokenResp.mechListMIC->data = mech_mic_buf.value;
+ } else if (ret == GSS_S_UNAVAILABLE) {
+ nt.u.negTokenResp.mechListMIC = NULL;
+ } else {
+ free_NegotiationToken(&nt);
+ return ret;
+ }
+
+ } else
+ nt.u.negTokenResp.mechListMIC = NULL;
+
+ ASN1_MALLOC_ENCODE(NegotiationToken,
+ output_token->value, output_token->length,
+ &nt, &size, ret);
+ if (ret) {
+ free_NegotiationToken(&nt);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ * The response should not be encapsulated, because
+ * it is a SubsequentContextToken (note though RFC 1964
+ * specifies encapsulation for all _Kerberos_ tokens).
+ */
+
+ if (*(nt.u.negTokenResp.negResult) == accept_completed)
+ ret = GSS_S_COMPLETE;
+ else
+ ret = GSS_S_CONTINUE_NEEDED;
+ free_NegotiationToken(&nt);
+ return ret;
+}
+
+
+static OM_uint32
+verify_mechlist_mic
+ (OM_uint32 *minor_status,
+ gssspnego_ctx context_handle,
+ gss_buffer_t mech_buf,
+ heim_octet_string *mechListMIC
+ )
+{
+ OM_uint32 ret;
+ gss_buffer_desc mic_buf;
+
+ if (context_handle->verified_mic) {
+ /* This doesn't make sense, we've already verified it? */
+ *minor_status = 0;
+ return GSS_S_DUPLICATE_TOKEN;
+ }
+
+ if (mechListMIC == NULL) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ mic_buf.length = mechListMIC->length;
+ mic_buf.value = mechListMIC->data;
+
+ ret = gss_verify_mic(minor_status,
+ context_handle->negotiated_ctx_id,
+ mech_buf,
+ &mic_buf,
+ NULL);
+
+ if (ret != GSS_S_COMPLETE)
+ ret = GSS_S_DEFECTIVE_TOKEN;
+
+ return ret;
+}
+
+static OM_uint32
+select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
+ gss_OID *mech_p)
+{
+ char mechbuf[64];
+ size_t mech_len;
+ gss_OID_desc oid;
+ gss_OID oidp;
+ gss_OID_set mechs;
+ int i;
+ OM_uint32 ret, junk;
+
+ ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
+ sizeof(mechbuf),
+ mechType,
+ &mech_len);
+ if (ret) {
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ oid.length = mech_len;
+ oid.elements = mechbuf + sizeof(mechbuf) - mech_len;
+
+ if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) {
+ return GSS_S_BAD_MECH;
+ }
+
+ *minor_status = 0;
+
+ /* Translate broken MS Kebreros OID */
+ if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
+ oidp = &_gss_spnego_krb5_mechanism_oid_desc;
+ else
+ oidp = &oid;
+
+
+ ret = gss_indicate_mechs(&junk, &mechs);
+ if (ret)
+ return (ret);
+
+ for (i = 0; i < mechs->count; i++)
+ if (gss_oid_equal(&mechs->elements[i], oidp))
+ break;
+
+ if (i == mechs->count) {
+ gss_release_oid_set(&junk, &mechs);
+ return GSS_S_BAD_MECH;
+ }
+ gss_release_oid_set(&junk, &mechs);
+
+ ret = gss_duplicate_oid(minor_status,
+ &oid, /* possibly this should be oidp */
+ mech_p);
+
+ if (verify_p) {
+ gss_name_t name = GSS_C_NO_NAME;
+ gss_buffer_desc namebuf;
+ char *str = NULL, *host, hostname[MAXHOSTNAMELEN];
+
+ host = getenv("GSSAPI_SPNEGO_NAME");
+ if (host == NULL || issuid()) {
+ if (gethostname(hostname, sizeof(hostname)) != 0) {
+ *minor_status = errno;
+ return GSS_S_FAILURE;
+ }
+ asprintf(&str, "host@%s", hostname);
+ host = str;
+ }
+
+ namebuf.length = strlen(host);
+ namebuf.value = host;
+
+ ret = gss_import_name(minor_status, &namebuf,
+ GSS_C_NT_HOSTBASED_SERVICE, &name);
+ if (str)
+ free(str);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ret = acceptor_approved(name, *mech_p);
+ gss_release_name(&junk, &name);
+ }
+
+ return ret;
+}
+
+
+static OM_uint32
+acceptor_complete(OM_uint32 * minor_status,
+ gssspnego_ctx ctx,
+ int *get_mic,
+ gss_buffer_t mech_buf,
+ gss_buffer_t mech_input_token,
+ gss_buffer_t mech_output_token,
+ heim_octet_string *mic,
+ gss_buffer_t output_token)
+{
+ OM_uint32 ret;
+ int require_mic, verify_mic;
+ gss_buffer_desc buf;
+
+ buf.length = 0;
+ buf.value = NULL;
+
+ ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
+ if (ret)
+ return ret;
+
+ ctx->require_mic = require_mic;
+
+ if (mic != NULL)
+ require_mic = 1;
+
+ if (ctx->open && require_mic) {
+ if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */
+ verify_mic = 1;
+ *get_mic = 0;
+ } else if (mech_output_token != GSS_C_NO_BUFFER &&
+ mech_output_token->length == 0) { /* Odd */
+ *get_mic = verify_mic = 1;
+ } else { /* Even/One */
+ verify_mic = 0;
+ *get_mic = 1;
+ }
+
+ if (verify_mic || get_mic) {
+ int eret;
+ size_t buf_len;
+
+ ASN1_MALLOC_ENCODE(MechTypeList,
+ mech_buf->value, mech_buf->length,
+ &ctx->initiator_mech_types, &buf_len, eret);
+ if (eret) {
+ *minor_status = eret;
+ return GSS_S_FAILURE;
+ }
+ if (buf.length != buf_len)
+ abort();
+ }
+
+ if (verify_mic) {
+ ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
+ if (ret) {
+ if (get_mic)
+ send_reject (minor_status, output_token);
+ if (buf.value)
+ free(buf.value);
+ return ret;
+ }
+ ctx->verified_mic = 1;
+ }
+ if (buf.value)
+ free(buf.value);
+
+ } else
+ *get_mic = verify_mic = 0;
+
+ return GSS_S_COMPLETE;
+}
+
+
+static OM_uint32
+acceptor_start
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t *delegated_cred_handle
+ )
+{
+ OM_uint32 ret, junk, minor;
+ NegotiationToken nt;
+ size_t nt_len;
+ NegTokenInit *ni;
+ int i;
+ gss_buffer_desc data;
+ gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
+ gss_buffer_desc mech_output_token;
+ gss_buffer_desc mech_buf;
+ gss_OID preferred_mech_type = GSS_C_NO_OID;
+ gssspnego_ctx ctx;
+ gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
+ int get_mic = 0;
+ int first_ok = 0;
+
+ mech_output_token.value = NULL;
+ mech_output_token.length = 0;
+ mech_buf.value = NULL;
+
+ if (input_token_buffer->length == 0)
+ return send_supported_mechs (minor_status, output_token);
+
+ ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ctx = (gssspnego_ctx)*context_handle;
+
+ /*
+ * The GSS-API encapsulation is only present on the initial
+ * context token (negTokenInit).
+ */
+ ret = gss_decapsulate_token (input_token_buffer,
+ GSS_SPNEGO_MECHANISM,
+ &data);
+ if (ret)
+ return ret;
+
+ ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len);
+ gss_release_buffer(minor_status, &data);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ if (nt.element != choice_NegotiationToken_negTokenInit) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ ni = &nt.u.negTokenInit;
+
+ if (ni->mechTypes.len < 1) {
+ free_NegotiationToken(&nt);
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free_NegotiationToken(&nt);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ * First we try the opportunistic token if we have support for it,
+ * don't try to verify we have credential for the token,
+ * gss_accept_sec_context will (hopefully) tell us that.
+ * If that failes,
+ */
+
+ ret = select_mech(minor_status,
+ &ni->mechTypes.val[0],
+ 0,
+ &preferred_mech_type);
+
+ if (ret == 0 && ni->mechToken != NULL) {
+ gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL;
+ gss_cred_id_t mech_cred;
+ gss_buffer_desc ibuf;
+
+ ibuf.length = ni->mechToken->length;
+ ibuf.value = ni->mechToken->data;
+ mech_input_token = &ibuf;
+
+ if (acceptor_cred != NULL)
+ mech_cred = acceptor_cred->negotiated_cred_id;
+ else
+ mech_cred = GSS_C_NO_CREDENTIAL;
+
+ if (ctx->mech_src_name != GSS_C_NO_NAME)
+ gss_release_name(&minor, &ctx->mech_src_name);
+
+ if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
+ _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
+
+ ret = gss_accept_sec_context(&minor,
+ &ctx->negotiated_ctx_id,
+ mech_cred,
+ mech_input_token,
+ input_chan_bindings,
+ &ctx->mech_src_name,
+ &ctx->negotiated_mech_type,
+ &mech_output_token,
+ &ctx->mech_flags,
+ &ctx->mech_time_rec,
+ &mech_delegated_cred);
+ if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
+ ctx->preferred_mech_type = preferred_mech_type;
+ ctx->negotiated_mech_type = preferred_mech_type;
+ if (ret == GSS_S_COMPLETE)
+ ctx->open = 1;
+
+ if (mech_delegated_cred && delegated_cred_handle)
+ ret = _gss_spnego_alloc_cred(minor_status,
+ mech_delegated_cred,
+ delegated_cred_handle);
+ else
+ gss_release_cred(&junk, &mech_delegated_cred);
+
+ ret = acceptor_complete(minor_status,
+ ctx,
+ &get_mic,
+ &mech_buf,
+ mech_input_token,
+ &mech_output_token,
+ ni->mechListMIC,
+ output_token);
+ if (ret != GSS_S_COMPLETE)
+ goto out;
+
+ first_ok = 1;
+ }
+ }
+
+ /*
+ * If opportunistic token failed, lets try the other mechs.
+ */
+
+ if (!first_ok) {
+
+ /* Call glue layer to find first mech we support */
+ for (i = 1; i < ni->mechTypes.len; ++i) {
+ ret = select_mech(minor_status,
+ &ni->mechTypes.val[i],
+ 1,
+ &preferred_mech_type);
+ if (ret == 0)
+ break;
+ }
+ if (preferred_mech_type == GSS_C_NO_OID) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free_NegotiationToken(&nt);
+ return GSS_S_BAD_MECH;
+ }
+
+ ctx->preferred_mech_type = preferred_mech_type;
+ ctx->negotiated_mech_type = preferred_mech_type;
+ }
+
+ /*
+ * The initial token always have a response
+ */
+
+ ret = send_accept (minor_status,
+ ctx,
+ &mech_output_token,
+ 1,
+ get_mic ? &mech_buf : NULL,
+ output_token);
+ if (ret)
+ goto out;
+
+out:
+ if (mech_output_token.value != NULL)
+ gss_release_buffer(&minor, &mech_output_token);
+ if (mech_buf.value != NULL) {
+ free(mech_buf.value);
+ mech_buf.value = NULL;
+ }
+ free_NegotiationToken(&nt);
+
+
+ if (ret == GSS_S_COMPLETE) {
+ if (src_name != NULL && ctx->mech_src_name != NULL) {
+ spnego_name name;
+
+ name = calloc(1, sizeof(*name));
+ if (name) {
+ name->mech = ctx->mech_src_name;
+ ctx->mech_src_name = NULL;
+ *src_name = (gss_name_t)name;
+ }
+ }
+ if (delegated_cred_handle != NULL) {
+ *delegated_cred_handle = ctx->delegated_cred_id;
+ ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
+ }
+ }
+
+ if (mech_type != NULL)
+ *mech_type = ctx->negotiated_mech_type;
+ if (ret_flags != NULL)
+ *ret_flags = ctx->mech_flags;
+ if (time_rec != NULL)
+ *time_rec = ctx->mech_time_rec;
+
+ if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return ret;
+ }
+
+ _gss_spnego_internal_delete_sec_context(&minor, context_handle,
+ GSS_C_NO_BUFFER);
+
+ return ret;
+}
+
+
+static OM_uint32
+acceptor_continue
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t *delegated_cred_handle
+ )
+{
+ OM_uint32 ret, ret2, minor;
+ NegotiationToken nt;
+ size_t nt_len;
+ NegTokenResp *na;
+ unsigned int negResult = accept_incomplete;
+ gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
+ gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
+ gss_buffer_desc mech_buf;
+ gssspnego_ctx ctx;
+ gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle;
+
+ mech_buf.value = NULL;
+
+ ctx = (gssspnego_ctx)*context_handle;
+
+ /*
+ * The GSS-API encapsulation is only present on the initial
+ * context token (negTokenInit).
+ */
+
+ ret = decode_NegotiationToken(input_token_buffer->value,
+ input_token_buffer->length,
+ &nt, &nt_len);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ if (nt.element != choice_NegotiationToken_negTokenResp) {
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ na = &nt.u.negTokenResp;
+
+ if (na->negResult != NULL) {
+ negResult = *(na->negResult);
+ }
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ {
+ gss_buffer_desc ibuf, obuf;
+ int require_mic, get_mic = 0;
+ int require_response;
+ heim_octet_string *mic;
+
+ if (na->responseToken != NULL) {
+ ibuf.length = na->responseToken->length;
+ ibuf.value = na->responseToken->data;
+ mech_input_token = &ibuf;
+ } else {
+ ibuf.value = NULL;
+ ibuf.length = 0;
+ }
+
+ if (mech_input_token != GSS_C_NO_BUFFER) {
+ gss_cred_id_t mech_cred;
+ gss_cred_id_t mech_delegated_cred;
+ gss_cred_id_t *mech_delegated_cred_p;
+
+ if (acceptor_cred != NULL)
+ mech_cred = acceptor_cred->negotiated_cred_id;
+ else
+ mech_cred = GSS_C_NO_CREDENTIAL;
+
+ if (delegated_cred_handle != NULL) {
+ mech_delegated_cred = GSS_C_NO_CREDENTIAL;
+ mech_delegated_cred_p = &mech_delegated_cred;
+ } else {
+ mech_delegated_cred_p = NULL;
+ }
+
+ if (ctx->mech_src_name != GSS_C_NO_NAME)
+ gss_release_name(&minor, &ctx->mech_src_name);
+
+ if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
+ _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
+
+ ret = gss_accept_sec_context(&minor,
+ &ctx->negotiated_ctx_id,
+ mech_cred,
+ mech_input_token,
+ input_chan_bindings,
+ &ctx->mech_src_name,
+ &ctx->negotiated_mech_type,
+ &obuf,
+ &ctx->mech_flags,
+ &ctx->mech_time_rec,
+ mech_delegated_cred_p);
+ if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
+ if (mech_delegated_cred_p != NULL &&
+ mech_delegated_cred != GSS_C_NO_CREDENTIAL) {
+ ret2 = _gss_spnego_alloc_cred(minor_status,
+ mech_delegated_cred,
+ &ctx->delegated_cred_id);
+ if (ret2 != GSS_S_COMPLETE)
+ ret = ret2;
+ }
+ mech_output_token = &obuf;
+ }
+ if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
+ free_NegotiationToken(&nt);
+ send_reject (minor_status, output_token);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return ret;
+ }
+ if (ret == GSS_S_COMPLETE)
+ ctx->open = 1;
+ } else
+ ret = GSS_S_COMPLETE;
+
+ ret2 = _gss_spnego_require_mechlist_mic(minor_status,
+ ctx,
+ &require_mic);
+ if (ret2)
+ goto out;
+
+ ctx->require_mic = require_mic;
+
+ mic = na->mechListMIC;
+ if (mic != NULL)
+ require_mic = 1;
+
+ if (ret == GSS_S_COMPLETE)
+ ret = acceptor_complete(minor_status,
+ ctx,
+ &get_mic,
+ &mech_buf,
+ mech_input_token,
+ mech_output_token,
+ na->mechListMIC,
+ output_token);
+
+ if (ctx->mech_flags & GSS_C_DCE_STYLE)
+ require_response = (negResult != accept_completed);
+ else
+ require_response = 0;
+
+ /*
+ * Check whether we need to send a result: there should be only
+ * one accept_completed response sent in the entire negotiation
+ */
+ if ((mech_output_token != GSS_C_NO_BUFFER &&
+ mech_output_token->length != 0)
+ || (ctx->open && negResult == accept_incomplete)
+ || require_response
+ || get_mic) {
+ ret2 = send_accept (minor_status,
+ ctx,
+ mech_output_token,
+ 0,
+ get_mic ? &mech_buf : NULL,
+ output_token);
+ if (ret2)
+ goto out;
+ }
+
+ out:
+ if (ret2 != GSS_S_COMPLETE)
+ ret = ret2;
+ if (mech_output_token != NULL)
+ gss_release_buffer(&minor, mech_output_token);
+ if (mech_buf.value != NULL)
+ free(mech_buf.value);
+ free_NegotiationToken(&nt);
+ }
+
+ if (ret == GSS_S_COMPLETE) {
+ if (src_name != NULL && ctx->mech_src_name != NULL) {
+ spnego_name name;
+
+ name = calloc(1, sizeof(*name));
+ if (name) {
+ name->mech = ctx->mech_src_name;
+ ctx->mech_src_name = NULL;
+ *src_name = (gss_name_t)name;
+ }
+ }
+ if (delegated_cred_handle != NULL) {
+ *delegated_cred_handle = ctx->delegated_cred_id;
+ ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
+ }
+ }
+
+ if (mech_type != NULL)
+ *mech_type = ctx->negotiated_mech_type;
+ if (ret_flags != NULL)
+ *ret_flags = ctx->mech_flags;
+ if (time_rec != NULL)
+ *time_rec = ctx->mech_time_rec;
+
+ if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return ret;
+ }
+
+ _gss_spnego_internal_delete_sec_context(&minor, context_handle,
+ GSS_C_NO_BUFFER);
+
+ return ret;
+}
+
+OM_uint32
+_gss_spnego_accept_sec_context
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ const gss_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t *delegated_cred_handle
+ )
+{
+ _gss_accept_sec_context_t *func;
+
+ *minor_status = 0;
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (src_name != NULL)
+ *src_name = GSS_C_NO_NAME;
+ if (mech_type != NULL)
+ *mech_type = GSS_C_NO_OID;
+ if (ret_flags != NULL)
+ *ret_flags = 0;
+ if (time_rec != NULL)
+ *time_rec = 0;
+ if (delegated_cred_handle != NULL)
+ *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+
+ if (*context_handle == GSS_C_NO_CONTEXT)
+ func = acceptor_start;
+ else
+ func = acceptor_continue;
+
+
+ return (*func)(minor_status, context_handle, acceptor_cred_handle,
+ input_token_buffer, input_chan_bindings,
+ src_name, mech_type, output_token, ret_flags,
+ time_rec, delegated_cred_handle);
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/compat.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/compat.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/compat.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,322 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "spnego/spnego_locl.h"
+
+RCSID("$Id: compat.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * Apparently Microsoft got the OID wrong, and used
+ * 1.2.840.48018.1.2.2 instead. We need both this and
+ * the correct Kerberos OID here in order to deal with
+ * this. Because this is manifest in SPNEGO only I'd
+ * prefer to deal with this here rather than inside the
+ * Kerberos mechanism.
+ */
+gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
+ {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
+
+gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
+ {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
+
+/*
+ * Allocate a SPNEGO context handle
+ */
+OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status,
+ gss_ctx_id_t *context_handle)
+{
+ gssspnego_ctx ctx;
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->initiator_mech_types.len = 0;
+ ctx->initiator_mech_types.val = NULL;
+ ctx->preferred_mech_type = GSS_C_NO_OID;
+ ctx->negotiated_mech_type = GSS_C_NO_OID;
+ ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
+
+ /*
+ * Cache these so we can return them before returning
+ * GSS_S_COMPLETE, even if the mechanism has itself
+ * completed earlier
+ */
+ ctx->mech_flags = 0;
+ ctx->mech_time_rec = 0;
+ ctx->mech_src_name = GSS_C_NO_NAME;
+ ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL;
+
+ ctx->open = 0;
+ ctx->local = 0;
+ ctx->require_mic = 0;
+ ctx->verified_mic = 0;
+
+ HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
+
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * Free a SPNEGO context handle. The caller must have acquired
+ * the lock before this is called.
+ */
+OM_uint32 _gss_spnego_internal_delete_sec_context
+ (OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t output_token
+ )
+{
+ gssspnego_ctx ctx;
+ OM_uint32 ret, minor;
+
+ *minor_status = 0;
+
+ if (context_handle == NULL) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ if (output_token != GSS_C_NO_BUFFER) {
+ output_token->length = 0;
+ output_token->value = NULL;
+ }
+
+ ctx = (gssspnego_ctx)*context_handle;
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ if (ctx == NULL) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ if (ctx->initiator_mech_types.val != NULL)
+ free_MechTypeList(&ctx->initiator_mech_types);
+
+ _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
+
+ gss_release_oid(&minor, &ctx->preferred_mech_type);
+ ctx->negotiated_mech_type = GSS_C_NO_OID;
+
+ gss_release_name(&minor, &ctx->target_name);
+ gss_release_name(&minor, &ctx->mech_src_name);
+
+ if (ctx->negotiated_ctx_id != GSS_C_NO_CONTEXT) {
+ ret = gss_delete_sec_context(minor_status,
+ &ctx->negotiated_ctx_id,
+ output_token);
+ ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
+ } else {
+ ret = GSS_S_COMPLETE;
+ }
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+
+ free(ctx);
+ *context_handle = NULL;
+
+ return ret;
+}
+
+/*
+ * For compatability with the Windows SPNEGO implementation, the
+ * default is to ignore the mechListMIC unless CFX is used and
+ * a non-preferred mechanism was negotiated
+ */
+
+OM_uint32
+_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status,
+ gssspnego_ctx ctx,
+ int *require_mic)
+{
+ gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
+ OM_uint32 minor;
+
+ *minor_status = 0;
+ *require_mic = 0;
+
+ if (ctx == NULL) {
+ return GSS_S_COMPLETE;
+ }
+
+ if (ctx->require_mic) {
+ /* Acceptor requested it: mandatory to honour */
+ *require_mic = 1;
+ return GSS_S_COMPLETE;
+ }
+
+ /*
+ * Check whether peer indicated implicit support for updated SPNEGO
+ * (eg. in the Kerberos case by using CFX)
+ */
+ if (gss_inquire_sec_context_by_oid(&minor, ctx->negotiated_ctx_id,
+ GSS_C_PEER_HAS_UPDATED_SPNEGO,
+ &buffer_set) == GSS_S_COMPLETE) {
+ *require_mic = 1;
+ gss_release_buffer_set(&minor, &buffer_set);
+ }
+
+ /* Safe-to-omit MIC rules follow */
+ if (*require_mic) {
+ if (gss_oid_equal(ctx->negotiated_mech_type, ctx->preferred_mech_type)) {
+ *require_mic = 0;
+ } else if (gss_oid_equal(ctx->negotiated_mech_type, &_gss_spnego_krb5_mechanism_oid_desc) &&
+ gss_oid_equal(ctx->preferred_mech_type, &_gss_spnego_mskrb_mechanism_oid_desc)) {
+ *require_mic = 0;
+ }
+ }
+
+ return GSS_S_COMPLETE;
+}
+
+static int
+add_mech_type(gss_OID mech_type,
+ int includeMSCompatOID,
+ MechTypeList *mechtypelist)
+{
+ MechType mech;
+ int ret;
+
+ if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM))
+ return 0;
+
+ if (includeMSCompatOID &&
+ gss_oid_equal(mech_type, &_gss_spnego_krb5_mechanism_oid_desc)) {
+ ret = der_get_oid(_gss_spnego_mskrb_mechanism_oid_desc.elements,
+ _gss_spnego_mskrb_mechanism_oid_desc.length,
+ &mech,
+ NULL);
+ if (ret)
+ return ret;
+ ret = add_MechTypeList(mechtypelist, &mech);
+ free_MechType(&mech);
+ if (ret)
+ return ret;
+ }
+ ret = der_get_oid(mech_type->elements, mech_type->length, &mech, NULL);
+ if (ret)
+ return ret;
+ ret = add_MechTypeList(mechtypelist, &mech);
+ free_MechType(&mech);
+ return ret;
+}
+
+
+OM_uint32
+_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
+ gss_name_t target_name,
+ OM_uint32 (*func)(gss_name_t, gss_OID),
+ int includeMSCompatOID,
+ const gssspnego_cred cred_handle,
+ MechTypeList *mechtypelist,
+ gss_OID *preferred_mech)
+{
+ gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
+ gss_OID first_mech = GSS_C_NO_OID;
+ OM_uint32 ret;
+ int i;
+
+ mechtypelist->len = 0;
+ mechtypelist->val = NULL;
+
+ if (cred_handle != NULL) {
+ ret = gss_inquire_cred(minor_status,
+ cred_handle->negotiated_cred_id,
+ NULL,
+ NULL,
+ NULL,
+ &supported_mechs);
+ } else {
+ ret = gss_indicate_mechs(minor_status, &supported_mechs);
+ }
+
+ if (ret != GSS_S_COMPLETE) {
+ return ret;
+ }
+
+ if (supported_mechs->count == 0) {
+ *minor_status = ENOENT;
+ gss_release_oid_set(minor_status, &supported_mechs);
+ return GSS_S_FAILURE;
+ }
+
+ ret = (*func)(target_name, GSS_KRB5_MECHANISM);
+ if (ret == GSS_S_COMPLETE) {
+ ret = add_mech_type(GSS_KRB5_MECHANISM,
+ includeMSCompatOID,
+ mechtypelist);
+ if (!GSS_ERROR(ret))
+ first_mech = GSS_KRB5_MECHANISM;
+ }
+ ret = GSS_S_COMPLETE;
+
+ for (i = 0; i < supported_mechs->count; i++) {
+ OM_uint32 subret;
+ if (gss_oid_equal(&supported_mechs->elements[i], GSS_SPNEGO_MECHANISM))
+ continue;
+ if (gss_oid_equal(&supported_mechs->elements[i], GSS_KRB5_MECHANISM))
+ continue;
+
+ subret = (*func)(target_name, &supported_mechs->elements[i]);
+ if (subret != GSS_S_COMPLETE)
+ continue;
+
+ ret = add_mech_type(&supported_mechs->elements[i],
+ includeMSCompatOID,
+ mechtypelist);
+ if (ret != 0) {
+ *minor_status = ret;
+ ret = GSS_S_FAILURE;
+ break;
+ }
+ if (first_mech == GSS_C_NO_OID)
+ first_mech = &supported_mechs->elements[i];
+ }
+
+ if (mechtypelist->len == 0) {
+ gss_release_oid_set(minor_status, &supported_mechs);
+ *minor_status = 0;
+ return GSS_S_BAD_MECH;
+ }
+
+ if (preferred_mech != NULL) {
+ ret = gss_duplicate_oid(minor_status, first_mech, preferred_mech);
+ if (ret != GSS_S_COMPLETE)
+ free_MechTypeList(mechtypelist);
+ }
+ gss_release_oid_set(minor_status, &supported_mechs);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/context_stubs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/context_stubs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/context_stubs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,903 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "spnego/spnego_locl.h"
+
+RCSID("$Id: context_stubs.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static OM_uint32
+spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
+{
+ OM_uint32 ret, junk;
+ gss_OID_set m;
+ int i;
+
+ ret = gss_indicate_mechs(minor_status, &m);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ret = gss_create_empty_oid_set(minor_status, mechs);
+ if (ret != GSS_S_COMPLETE) {
+ gss_release_oid_set(&junk, &m);
+ return ret;
+ }
+
+ for (i = 0; i < m->count; i++) {
+ if (gss_oid_equal(&m->elements[i], GSS_SPNEGO_MECHANISM))
+ continue;
+
+ ret = gss_add_oid_set_member(minor_status, &m->elements[i], mechs);
+ if (ret) {
+ gss_release_oid_set(&junk, &m);
+ gss_release_oid_set(&junk, mechs);
+ return ret;
+ }
+ }
+ return ret;
+}
+
+
+
+OM_uint32 _gss_spnego_process_context_token
+ (OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer
+ )
+{
+ gss_ctx_id_t context ;
+ gssspnego_ctx ctx;
+ OM_uint32 ret;
+
+ if (context_handle == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ context = context_handle;
+ ctx = (gssspnego_ctx)context_handle;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ ret = gss_process_context_token(minor_status,
+ ctx->negotiated_ctx_id,
+ token_buffer);
+ if (ret != GSS_S_COMPLETE) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return ret;
+ }
+
+ ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
+
+ return _gss_spnego_internal_delete_sec_context(minor_status,
+ &context,
+ GSS_C_NO_BUFFER);
+}
+
+OM_uint32 _gss_spnego_delete_sec_context
+ (OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t output_token
+ )
+{
+ gssspnego_ctx ctx;
+
+ if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ ctx = (gssspnego_ctx)*context_handle;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ return _gss_spnego_internal_delete_sec_context(minor_status,
+ context_handle,
+ output_token);
+}
+
+OM_uint32 _gss_spnego_context_time
+ (OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec
+ )
+{
+ gssspnego_ctx ctx;
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_context_time(minor_status,
+ ctx->negotiated_ctx_id,
+ time_rec);
+}
+
+OM_uint32 _gss_spnego_get_mic
+ (OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_get_mic(minor_status, ctx->negotiated_ctx_id,
+ qop_req, message_buffer, message_token);
+}
+
+OM_uint32 _gss_spnego_verify_mic
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_verify_mic(minor_status,
+ ctx->negotiated_ctx_id,
+ message_buffer,
+ token_buffer,
+ qop_state);
+}
+
+OM_uint32 _gss_spnego_wrap
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_wrap(minor_status,
+ ctx->negotiated_ctx_id,
+ conf_req_flag,
+ qop_req,
+ input_message_buffer,
+ conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 _gss_spnego_unwrap
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_unwrap(minor_status,
+ ctx->negotiated_ctx_id,
+ input_message_buffer,
+ output_message_buffer,
+ conf_state,
+ qop_state);
+}
+
+OM_uint32 _gss_spnego_display_status
+ (OM_uint32 * minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 * message_context,
+ gss_buffer_t status_string
+ )
+{
+ return GSS_S_FAILURE;
+}
+
+OM_uint32 _gss_spnego_compare_name
+ (OM_uint32 *minor_status,
+ const gss_name_t name1,
+ const gss_name_t name2,
+ int * name_equal
+ )
+{
+ spnego_name n1 = (spnego_name)name1;
+ spnego_name n2 = (spnego_name)name2;
+
+ *name_equal = 0;
+
+ if (!gss_oid_equal(&n1->type, &n2->type))
+ return GSS_S_COMPLETE;
+ if (n1->value.length != n2->value.length)
+ return GSS_S_COMPLETE;
+ if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0)
+ return GSS_S_COMPLETE;
+
+ *name_equal = 1;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_display_name
+ (OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID * output_name_type
+ )
+{
+ spnego_name name = (spnego_name)input_name;
+
+ *minor_status = 0;
+
+ if (name == NULL || name->mech == GSS_C_NO_NAME)
+ return GSS_S_FAILURE;
+
+ return gss_display_name(minor_status, name->mech,
+ output_name_buffer, output_name_type);
+}
+
+OM_uint32 _gss_spnego_import_name
+ (OM_uint32 * minor_status,
+ const gss_buffer_t name_buffer,
+ const gss_OID name_type,
+ gss_name_t * output_name
+ )
+{
+ spnego_name name;
+ OM_uint32 maj_stat;
+
+ *minor_status = 0;
+
+ name = calloc(1, sizeof(*name));
+ if (name == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ maj_stat = _gss_copy_oid(minor_status, name_type, &name->type);
+ if (maj_stat) {
+ free(name);
+ return GSS_S_FAILURE;
+ }
+
+ maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value);
+ if (maj_stat) {
+ gss_name_t rname = (gss_name_t)name;
+ _gss_spnego_release_name(minor_status, &rname);
+ return GSS_S_FAILURE;
+ }
+ name->mech = GSS_C_NO_NAME;
+ *output_name = (gss_name_t)name;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_export_name
+ (OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_name
+ )
+{
+ spnego_name name;
+ *minor_status = 0;
+
+ if (input_name == GSS_C_NO_NAME)
+ return GSS_S_BAD_NAME;
+
+ name = (spnego_name)input_name;
+ if (name->mech == GSS_C_NO_NAME)
+ return GSS_S_BAD_NAME;
+
+ return gss_export_name(minor_status, name->mech, exported_name);
+}
+
+OM_uint32 _gss_spnego_release_name
+ (OM_uint32 * minor_status,
+ gss_name_t * input_name
+ )
+{
+ *minor_status = 0;
+
+ if (*input_name != GSS_C_NO_NAME) {
+ OM_uint32 junk;
+ spnego_name name = (spnego_name)*input_name;
+ _gss_free_oid(&junk, &name->type);
+ gss_release_buffer(&junk, &name->value);
+ if (name->mech != GSS_C_NO_NAME)
+ gss_release_name(&junk, &name->mech);
+ free(name);
+
+ *input_name = GSS_C_NO_NAME;
+ }
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_inquire_context (
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_name_t * src_name,
+ gss_name_t * targ_name,
+ OM_uint32 * lifetime_rec,
+ gss_OID * mech_type,
+ OM_uint32 * ctx_flags,
+ int * locally_initiated,
+ int * open_context
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_inquire_context(minor_status,
+ ctx->negotiated_ctx_id,
+ src_name,
+ targ_name,
+ lifetime_rec,
+ mech_type,
+ ctx_flags,
+ locally_initiated,
+ open_context);
+}
+
+OM_uint32 _gss_spnego_wrap_size_limit (
+ OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 * max_input_size
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_wrap_size_limit(minor_status,
+ ctx->negotiated_ctx_id,
+ conf_req_flag,
+ qop_req,
+ req_output_size,
+ max_input_size);
+}
+
+OM_uint32 _gss_spnego_export_sec_context (
+ OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t interprocess_token
+ )
+{
+ gssspnego_ctx ctx;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+
+ if (context_handle == NULL) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)*context_handle;
+
+ if (ctx == NULL)
+ return GSS_S_NO_CONTEXT;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ret = gss_export_sec_context(minor_status,
+ &ctx->negotiated_ctx_id,
+ interprocess_token);
+ if (ret == GSS_S_COMPLETE) {
+ ret = _gss_spnego_internal_delete_sec_context(minor_status,
+ context_handle,
+ GSS_C_NO_BUFFER);
+ if (ret == GSS_S_COMPLETE)
+ return GSS_S_COMPLETE;
+ }
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ return ret;
+}
+
+OM_uint32 _gss_spnego_import_sec_context (
+ OM_uint32 * minor_status,
+ const gss_buffer_t interprocess_token,
+ gss_ctx_id_t *context_handle
+ )
+{
+ OM_uint32 ret, minor;
+ gss_ctx_id_t context;
+ gssspnego_ctx ctx;
+
+ ret = _gss_spnego_alloc_sec_context(minor_status, &context);
+ if (ret != GSS_S_COMPLETE) {
+ return ret;
+ }
+ ctx = (gssspnego_ctx)context;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ ret = gss_import_sec_context(minor_status,
+ interprocess_token,
+ &ctx->negotiated_ctx_id);
+ if (ret != GSS_S_COMPLETE) {
+ _gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
+ return ret;
+ }
+
+ ctx->open = 1;
+ /* don't bother filling in the rest of the fields */
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_inquire_names_for_mech (
+ OM_uint32 * minor_status,
+ const gss_OID mechanism,
+ gss_OID_set * name_types
+ )
+{
+ gss_OID_set mechs, names, n;
+ OM_uint32 ret, junk;
+ int i, j;
+
+ *name_types = NULL;
+
+ ret = spnego_supported_mechs(minor_status, &mechs);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ret = gss_create_empty_oid_set(minor_status, &names);
+ if (ret != GSS_S_COMPLETE)
+ goto out;
+
+ for (i = 0; i < mechs->count; i++) {
+ ret = gss_inquire_names_for_mech(minor_status,
+ &mechs->elements[i],
+ &n);
+ if (ret)
+ continue;
+
+ for (j = 0; j < n->count; j++)
+ gss_add_oid_set_member(minor_status,
+ &n->elements[j],
+ &names);
+ gss_release_oid_set(&junk, &n);
+ }
+
+ ret = GSS_S_COMPLETE;
+ *name_types = names;
+out:
+
+ gss_release_oid_set(&junk, &mechs);
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_inquire_mechs_for_name (
+ OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ gss_OID_set * mech_types
+ )
+{
+ OM_uint32 ret, junk;
+
+ ret = gss_create_empty_oid_set(minor_status, mech_types);
+ if (ret)
+ return ret;
+
+ ret = gss_add_oid_set_member(minor_status,
+ GSS_SPNEGO_MECHANISM,
+ mech_types);
+ if (ret)
+ gss_release_oid_set(&junk, mech_types);
+
+ return ret;
+}
+
+OM_uint32 _gss_spnego_canonicalize_name (
+ OM_uint32 * minor_status,
+ const gss_name_t input_name,
+ const gss_OID mech_type,
+ gss_name_t * output_name
+ )
+{
+ /* XXX */
+ return gss_duplicate_name(minor_status, input_name, output_name);
+}
+
+OM_uint32 _gss_spnego_duplicate_name (
+ OM_uint32 * minor_status,
+ const gss_name_t src_name,
+ gss_name_t * dest_name
+ )
+{
+ return gss_duplicate_name(minor_status, src_name, dest_name);
+}
+
+OM_uint32 _gss_spnego_sign
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ int qop_req,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_sign(minor_status,
+ ctx->negotiated_ctx_id,
+ qop_req,
+ message_buffer,
+ message_token);
+}
+
+OM_uint32 _gss_spnego_verify
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t message_buffer,
+ gss_buffer_t token_buffer,
+ int * qop_state
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_verify(minor_status,
+ ctx->negotiated_ctx_id,
+ message_buffer,
+ token_buffer,
+ qop_state);
+}
+
+OM_uint32 _gss_spnego_seal
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ int qop_req,
+ gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_seal(minor_status,
+ ctx->negotiated_ctx_id,
+ conf_req_flag,
+ qop_req,
+ input_message_buffer,
+ conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 _gss_spnego_unseal
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ int * qop_state
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_unseal(minor_status,
+ ctx->negotiated_ctx_id,
+ input_message_buffer,
+ output_message_buffer,
+ conf_state,
+ qop_state);
+}
+
+#if 0
+OM_uint32 _gss_spnego_unwrap_ex
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t token_header_buffer,
+ const gss_buffer_t associated_data_buffer,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state)
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_unwrap_ex(minor_status,
+ ctx->negotiated_ctx_id,
+ token_header_buffer,
+ associated_data_buffer,
+ input_message_buffer,
+ output_message_buffer,
+ conf_state,
+ qop_state);
+}
+
+OM_uint32 _gss_spnego_wrap_ex
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t associated_data_buffer,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_token_buffer,
+ gss_buffer_t output_message_buffer
+ )
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 &&
+ associated_data_buffer->length != input_message_buffer->length) {
+ *minor_status = EINVAL;
+ return GSS_S_BAD_QOP;
+ }
+
+ return gss_wrap_ex(minor_status,
+ ctx->negotiated_ctx_id,
+ conf_req_flag,
+ qop_req,
+ associated_data_buffer,
+ input_message_buffer,
+ conf_state,
+ output_token_buffer,
+ output_message_buffer);
+}
+
+OM_uint32 _gss_spnego_complete_auth_token
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer)
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_complete_auth_token(minor_status,
+ ctx->negotiated_ctx_id,
+ input_message_buffer);
+}
+#endif
+
+OM_uint32 _gss_spnego_inquire_sec_context_by_oid
+ (OM_uint32 * minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_inquire_sec_context_by_oid(minor_status,
+ ctx->negotiated_ctx_id,
+ desired_object,
+ data_set);
+}
+
+OM_uint32 _gss_spnego_set_sec_context_option
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ ctx = (gssspnego_ctx)context_handle;
+
+ if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ return GSS_S_NO_CONTEXT;
+ }
+
+ return gss_set_sec_context_option(minor_status,
+ &ctx->negotiated_ctx_id,
+ desired_object,
+ value);
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/cred_stubs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/cred_stubs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/cred_stubs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,336 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "spnego/spnego_locl.h"
+
+RCSID("$Id: cred_stubs.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+OM_uint32
+_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
+{
+ gssspnego_cred cred;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+
+ if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+ return GSS_S_COMPLETE;
+ }
+ cred = (gssspnego_cred)*cred_handle;
+
+ ret = gss_release_cred(minor_status, &cred->negotiated_cred_id);
+
+ free(cred);
+ *cred_handle = GSS_C_NO_CREDENTIAL;
+
+ return ret;
+}
+
+OM_uint32
+_gss_spnego_alloc_cred(OM_uint32 *minor_status,
+ gss_cred_id_t mech_cred_handle,
+ gss_cred_id_t *cred_handle)
+{
+ gssspnego_cred cred;
+
+ if (*cred_handle != GSS_C_NO_CREDENTIAL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred = calloc(1, sizeof(*cred));
+ if (cred == NULL) {
+ *cred_handle = GSS_C_NO_CREDENTIAL;
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ cred->negotiated_cred_id = mech_cred_handle;
+
+ *cred_handle = (gss_cred_id_t)cred;
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * For now, just a simple wrapper that avoids recursion. When
+ * we support gss_{get,set}_neg_mechs() we will need to expose
+ * more functionality.
+ */
+OM_uint32 _gss_spnego_acquire_cred
+(OM_uint32 *minor_status,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec
+ )
+{
+ const spnego_name dname = (const spnego_name)desired_name;
+ gss_name_t name = GSS_C_NO_NAME;
+ OM_uint32 ret, tmp;
+ gss_OID_set_desc actual_desired_mechs;
+ gss_OID_set mechs;
+ int i, j;
+ gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
+ gssspnego_cred cred;
+
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ if (dname) {
+ ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
+ if (ret) {
+ return ret;
+ }
+ }
+
+ ret = gss_indicate_mechs(minor_status, &mechs);
+ if (ret != GSS_S_COMPLETE) {
+ gss_release_name(minor_status, &name);
+ return ret;
+ }
+
+ /* Remove ourselves from this list */
+ actual_desired_mechs.count = mechs->count;
+ actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
+ sizeof(gss_OID_desc));
+ if (actual_desired_mechs.elements == NULL) {
+ *minor_status = ENOMEM;
+ ret = GSS_S_FAILURE;
+ goto out;
+ }
+
+ for (i = 0, j = 0; i < mechs->count; i++) {
+ if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
+ continue;
+
+ actual_desired_mechs.elements[j] = mechs->elements[i];
+ j++;
+ }
+ actual_desired_mechs.count = j;
+
+ ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
+ &cred_handle);
+ if (ret != GSS_S_COMPLETE)
+ goto out;
+
+ cred = (gssspnego_cred)cred_handle;
+ ret = gss_acquire_cred(minor_status, name,
+ time_req, &actual_desired_mechs,
+ cred_usage,
+ &cred->negotiated_cred_id,
+ actual_mechs, time_rec);
+ if (ret != GSS_S_COMPLETE)
+ goto out;
+
+ *output_cred_handle = cred_handle;
+
+out:
+ gss_release_name(minor_status, &name);
+ gss_release_oid_set(&tmp, &mechs);
+ if (actual_desired_mechs.elements != NULL) {
+ free(actual_desired_mechs.elements);
+ }
+ if (ret != GSS_S_COMPLETE) {
+ _gss_spnego_release_cred(&tmp, &cred_handle);
+ }
+
+ return ret;
+}
+
+OM_uint32 _gss_spnego_inquire_cred
+ (OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ gss_name_t * name,
+ OM_uint32 * lifetime,
+ gss_cred_usage_t * cred_usage,
+ gss_OID_set * mechanisms
+ )
+{
+ gssspnego_cred cred;
+ spnego_name sname = NULL;
+ OM_uint32 ret;
+
+ if (cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+
+ if (name) {
+ sname = calloc(1, sizeof(*sname));
+ if (sname == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ cred = (gssspnego_cred)cred_handle;
+
+ ret = gss_inquire_cred(minor_status,
+ cred->negotiated_cred_id,
+ sname ? &sname->mech : NULL,
+ lifetime,
+ cred_usage,
+ mechanisms);
+ if (ret) {
+ if (sname)
+ free(sname);
+ return ret;
+ }
+ if (name)
+ *name = (gss_name_t)sname;
+
+ return ret;
+}
+
+OM_uint32 _gss_spnego_add_cred (
+ OM_uint32 * minor_status,
+ const gss_cred_id_t input_cred_handle,
+ const gss_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t * output_cred_handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * initiator_time_rec,
+ OM_uint32 * acceptor_time_rec
+ )
+{
+ gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL;
+ OM_uint32 ret, tmp;
+ gssspnego_cred input_cred, output_cred;
+
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL,
+ &spnego_output_cred_handle);
+ if (ret)
+ return ret;
+
+ input_cred = (gssspnego_cred)input_cred_handle;
+ output_cred = (gssspnego_cred)spnego_output_cred_handle;
+
+ ret = gss_add_cred(minor_status,
+ input_cred->negotiated_cred_id,
+ desired_name,
+ desired_mech,
+ cred_usage,
+ initiator_time_req,
+ acceptor_time_req,
+ &output_cred->negotiated_cred_id,
+ actual_mechs,
+ initiator_time_rec,
+ acceptor_time_rec);
+ if (ret) {
+ _gss_spnego_release_cred(&tmp, &spnego_output_cred_handle);
+ return ret;
+ }
+
+ *output_cred_handle = spnego_output_cred_handle;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_inquire_cred_by_mech (
+ OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID mech_type,
+ gss_name_t * name,
+ OM_uint32 * initiator_lifetime,
+ OM_uint32 * acceptor_lifetime,
+ gss_cred_usage_t * cred_usage
+ )
+{
+ gssspnego_cred cred;
+ spnego_name sname = NULL;
+ OM_uint32 ret;
+
+ if (cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+
+ if (name) {
+ sname = calloc(1, sizeof(*sname));
+ if (sname == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ }
+
+ cred = (gssspnego_cred)cred_handle;
+
+ ret = gss_inquire_cred_by_mech(minor_status,
+ cred->negotiated_cred_id,
+ mech_type,
+ sname ? &sname->mech : NULL,
+ initiator_lifetime,
+ acceptor_lifetime,
+ cred_usage);
+
+ if (ret) {
+ if (sname)
+ free(sname);
+ return ret;
+ }
+ if (name)
+ *name = (gss_name_t)sname;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _gss_spnego_inquire_cred_by_oid
+ (OM_uint32 * minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ gssspnego_cred cred;
+ OM_uint32 ret;
+
+ if (cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = 0;
+ return GSS_S_NO_CRED;
+ }
+ cred = (gssspnego_cred)cred_handle;
+
+ ret = gss_inquire_cred_by_oid(minor_status,
+ cred->negotiated_cred_id,
+ desired_object,
+ data_set);
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/external.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/external.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/external.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "spnego/spnego_locl.h"
+#include <gssapi_mech.h>
+
+RCSID("$Id: external.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * RFC2478, SPNEGO:
+ * The security mechanism of the initial
+ * negotiation token is identified by the Object Identifier
+ * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
+ */
+
+static gssapi_mech_interface_desc spnego_mech = {
+ GMI_VERSION,
+ "spnego",
+ {6, (void *)"\x2b\x06\x01\x05\x05\x02"},
+ _gss_spnego_acquire_cred,
+ _gss_spnego_release_cred,
+ _gss_spnego_init_sec_context,
+ _gss_spnego_accept_sec_context,
+ _gss_spnego_process_context_token,
+ _gss_spnego_internal_delete_sec_context,
+ _gss_spnego_context_time,
+ _gss_spnego_get_mic,
+ _gss_spnego_verify_mic,
+ _gss_spnego_wrap,
+ _gss_spnego_unwrap,
+ _gss_spnego_display_status,
+ NULL,
+ _gss_spnego_compare_name,
+ _gss_spnego_display_name,
+ _gss_spnego_import_name,
+ _gss_spnego_export_name,
+ _gss_spnego_release_name,
+ _gss_spnego_inquire_cred,
+ _gss_spnego_inquire_context,
+ _gss_spnego_wrap_size_limit,
+ _gss_spnego_add_cred,
+ _gss_spnego_inquire_cred_by_mech,
+ _gss_spnego_export_sec_context,
+ _gss_spnego_import_sec_context,
+ _gss_spnego_inquire_names_for_mech,
+ _gss_spnego_inquire_mechs_for_name,
+ _gss_spnego_canonicalize_name,
+ _gss_spnego_duplicate_name
+};
+
+gssapi_mech_interface
+__gss_spnego_initialize(void)
+{
+ return &spnego_mech;
+}
+
+static gss_OID_desc _gss_spnego_mechanism_desc =
+ {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+
+gss_OID GSS_SPNEGO_MECHANISM = &_gss_spnego_mechanism_desc;
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/init_sec_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/init_sec_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/init_sec_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,663 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * Portions Copyright (c) 2004 PADL Software Pty Ltd.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "spnego/spnego_locl.h"
+
+RCSID("$Id: init_sec_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+/*
+ * Is target_name an sane target for `mech\xB4.
+ */
+
+static OM_uint32
+initiator_approved(gss_name_t target_name, gss_OID mech)
+{
+ OM_uint32 min_stat, maj_stat;
+ gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+ gss_buffer_desc out;
+
+ maj_stat = gss_init_sec_context(&min_stat,
+ GSS_C_NO_CREDENTIAL,
+ &ctx,
+ target_name,
+ mech,
+ 0,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ GSS_C_NO_BUFFER,
+ NULL,
+ &out,
+ NULL,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ return GSS_S_BAD_MECH;
+ gss_release_buffer(&min_stat, &out);
+ gss_delete_sec_context(&min_stat, &ctx, NULL);
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * Send a reply. Note that we only need to send a reply if we
+ * need to send a MIC or a mechanism token. Otherwise, we can
+ * return an empty buffer.
+ *
+ * The return value of this will be returned to the API, so it
+ * must return GSS_S_CONTINUE_NEEDED if a token was generated.
+ */
+static OM_uint32
+spnego_reply_internal(OM_uint32 *minor_status,
+ gssspnego_ctx context_handle,
+ const gss_buffer_t mech_buf,
+ gss_buffer_t mech_token,
+ gss_buffer_t output_token)
+{
+ NegotiationToken nt;
+ gss_buffer_desc mic_buf;
+ OM_uint32 ret;
+ size_t size;
+
+ if (mech_buf == GSS_C_NO_BUFFER && mech_token->length == 0) {
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ return context_handle->open ? GSS_S_COMPLETE : GSS_S_FAILURE;
+ }
+
+ memset(&nt, 0, sizeof(nt));
+
+ nt.element = choice_NegotiationToken_negTokenResp;
+
+ ALLOC(nt.u.negTokenResp.negResult, 1);
+ if (nt.u.negTokenResp.negResult == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ nt.u.negTokenResp.supportedMech = NULL;
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (mech_token->length == 0) {
+ nt.u.negTokenResp.responseToken = NULL;
+ *(nt.u.negTokenResp.negResult) = accept_completed;
+ } else {
+ ALLOC(nt.u.negTokenResp.responseToken, 1);
+ if (nt.u.negTokenResp.responseToken == NULL) {
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ nt.u.negTokenResp.responseToken->length = mech_token->length;
+ nt.u.negTokenResp.responseToken->data = mech_token->value;
+ mech_token->length = 0;
+ mech_token->value = NULL;
+
+ *(nt.u.negTokenResp.negResult) = accept_incomplete;
+ }
+
+ if (mech_buf != GSS_C_NO_BUFFER) {
+
+ ret = gss_get_mic(minor_status,
+ context_handle->negotiated_ctx_id,
+ 0,
+ mech_buf,
+ &mic_buf);
+ if (ret == GSS_S_COMPLETE) {
+ ALLOC(nt.u.negTokenResp.mechListMIC, 1);
+ if (nt.u.negTokenResp.mechListMIC == NULL) {
+ gss_release_buffer(minor_status, &mic_buf);
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ nt.u.negTokenResp.mechListMIC->length = mic_buf.length;
+ nt.u.negTokenResp.mechListMIC->data = mic_buf.value;
+ } else if (ret == GSS_S_UNAVAILABLE) {
+ nt.u.negTokenResp.mechListMIC = NULL;
+ } if (ret) {
+ free_NegotiationToken(&nt);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ } else {
+ nt.u.negTokenResp.mechListMIC = NULL;
+ }
+
+ ASN1_MALLOC_ENCODE(NegotiationToken,
+ output_token->value, output_token->length,
+ &nt, &size, ret);
+ if (ret) {
+ free_NegotiationToken(&nt);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (*(nt.u.negTokenResp.negResult) == accept_completed)
+ ret = GSS_S_COMPLETE;
+ else
+ ret = GSS_S_CONTINUE_NEEDED;
+
+ free_NegotiationToken(&nt);
+ return ret;
+}
+
+static OM_uint32
+spnego_initial
+ (OM_uint32 * minor_status,
+ gssspnego_cred cred,
+ gss_ctx_id_t * context_handle,
+ const gss_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ NegTokenInit ni;
+ int ret;
+ OM_uint32 sub, minor;
+ gss_buffer_desc mech_token;
+ u_char *buf;
+ size_t buf_size, buf_len;
+ gss_buffer_desc data;
+ size_t ni_len;
+ gss_ctx_id_t context;
+ gssspnego_ctx ctx;
+ spnego_name name = (spnego_name)target_name;
+
+ *minor_status = 0;
+
+ memset (&ni, 0, sizeof(ni));
+
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ if (target_name == GSS_C_NO_NAME)
+ return GSS_S_BAD_NAME;
+
+ sub = _gss_spnego_alloc_sec_context(&minor, &context);
+ if (GSS_ERROR(sub)) {
+ *minor_status = minor;
+ return sub;
+ }
+ ctx = (gssspnego_ctx)context;
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ ctx->local = 1;
+
+ sub = gss_import_name(&minor, &name->value, &name->type, &ctx->target_name);
+ if (GSS_ERROR(sub)) {
+ *minor_status = minor;
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return sub;
+ }
+
+ sub = _gss_spnego_indicate_mechtypelist(&minor,
+ ctx->target_name,
+ initiator_approved,
+ 0,
+ cred,
+ &ni.mechTypes,
+ &ctx->preferred_mech_type);
+ if (GSS_ERROR(sub)) {
+ *minor_status = minor;
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return sub;
+ }
+
+ ni.reqFlags = NULL;
+
+ /*
+ * If we have a credential handle, use it to select the mechanism
+ * that we will use
+ */
+
+ /* generate optimistic token */
+ sub = gss_init_sec_context(&minor,
+ (cred != NULL) ? cred->negotiated_cred_id :
+ GSS_C_NO_CREDENTIAL,
+ &ctx->negotiated_ctx_id,
+ ctx->target_name,
+ ctx->preferred_mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ &ctx->negotiated_mech_type,
+ &mech_token,
+ &ctx->mech_flags,
+ &ctx->mech_time_rec);
+ if (GSS_ERROR(sub)) {
+ free_NegTokenInit(&ni);
+ *minor_status = minor;
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return sub;
+ }
+ if (sub == GSS_S_COMPLETE)
+ ctx->maybe_open = 1;
+
+ if (mech_token.length != 0) {
+ ALLOC(ni.mechToken, 1);
+ if (ni.mechToken == NULL) {
+ free_NegTokenInit(&ni);
+ gss_release_buffer(&minor, &mech_token);
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ ni.mechToken->length = mech_token.length;
+ ni.mechToken->data = malloc(mech_token.length);
+ if (ni.mechToken->data == NULL && mech_token.length != 0) {
+ free_NegTokenInit(&ni);
+ gss_release_buffer(&minor, &mech_token);
+ *minor_status = ENOMEM;
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+ memcpy(ni.mechToken->data, mech_token.value, mech_token.length);
+ gss_release_buffer(&minor, &mech_token);
+ } else
+ ni.mechToken = NULL;
+
+ ni.mechListMIC = NULL;
+
+ ni_len = length_NegTokenInit(&ni);
+ buf_size = 1 + der_length_len(ni_len) + ni_len;
+
+ buf = malloc(buf_size);
+ if (buf == NULL) {
+ free_NegTokenInit(&ni);
+ *minor_status = ENOMEM;
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+
+ ret = encode_NegTokenInit(buf + buf_size - 1,
+ ni_len,
+ &ni, &buf_len);
+ if (ret == 0 && ni_len != buf_len)
+ abort();
+
+ if (ret == 0) {
+ size_t tmp;
+
+ ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
+ buf_size - buf_len,
+ buf_len,
+ ASN1_C_CONTEXT,
+ CONS,
+ 0,
+ &tmp);
+ if (ret == 0 && tmp + buf_len != buf_size)
+ abort();
+ }
+ if (ret) {
+ *minor_status = ret;
+ free(buf);
+ free_NegTokenInit(&ni);
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+
+ data.value = buf;
+ data.length = buf_size;
+
+ ctx->initiator_mech_types.len = ni.mechTypes.len;
+ ctx->initiator_mech_types.val = ni.mechTypes.val;
+ ni.mechTypes.len = 0;
+ ni.mechTypes.val = NULL;
+
+ free_NegTokenInit(&ni);
+
+ sub = gss_encapsulate_token(&data,
+ GSS_SPNEGO_MECHANISM,
+ output_token);
+ free (buf);
+
+ if (sub) {
+ _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
+ return sub;
+ }
+
+ if (actual_mech_type)
+ *actual_mech_type = ctx->negotiated_mech_type;
+ if (ret_flags)
+ *ret_flags = ctx->mech_flags;
+ if (time_rec)
+ *time_rec = ctx->mech_time_rec;
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+
+ *context_handle = context;
+
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+static OM_uint32
+spnego_reply
+ (OM_uint32 * minor_status,
+ const gssspnego_cred cred,
+ gss_ctx_id_t * context_handle,
+ const gss_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ OM_uint32 ret, minor;
+ NegTokenResp resp;
+ size_t len, taglen;
+ gss_OID_desc mech;
+ int require_mic;
+ size_t buf_len;
+ gss_buffer_desc mic_buf, mech_buf;
+ gss_buffer_desc mech_output_token;
+ gssspnego_ctx ctx;
+
+ *minor_status = 0;
+
+ ctx = (gssspnego_ctx)*context_handle;
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ mech_output_token.length = 0;
+ mech_output_token.value = NULL;
+
+ mech_buf.value = NULL;
+ mech_buf.length = 0;
+
+ ret = der_match_tag_and_length(input_token->value, input_token->length,
+ ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
+ if (ret)
+ return ret;
+
+ if (len > input_token->length - taglen)
+ return ASN1_OVERRUN;
+
+ ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen,
+ len, &resp, NULL);
+ if (ret) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ if (resp.negResult == NULL
+ || *(resp.negResult) == reject
+ /* || resp.supportedMech == NULL */
+ )
+ {
+ free_NegTokenResp(&resp);
+ return GSS_S_BAD_MECH;
+ }
+
+ /*
+ * Pick up the mechanism that the acceptor selected, only allow it
+ * to be sent in packet.
+ */
+
+ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
+
+ if (resp.supportedMech) {
+
+ if (ctx->oidlen) {
+ free_NegTokenResp(&resp);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_BAD_MECH;
+ }
+ ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1,
+ sizeof(ctx->oidbuf),
+ resp.supportedMech,
+ &ctx->oidlen);
+ /* Avoid recursively embedded SPNEGO */
+ if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length &&
+ memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen,
+ GSS_SPNEGO_MECHANISM->elements,
+ ctx->oidlen) == 0))
+ {
+ free_NegTokenResp(&resp);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_BAD_MECH;
+ }
+
+ /* check if the acceptor took our optimistic token */
+ if (ctx->oidlen != ctx->preferred_mech_type->length ||
+ memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen,
+ ctx->preferred_mech_type->elements,
+ ctx->oidlen) != 0)
+ {
+ gss_delete_sec_context(&minor, &ctx->negotiated_ctx_id,
+ GSS_C_NO_BUFFER);
+ ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT;
+ }
+ } else if (ctx->oidlen == 0) {
+ free_NegTokenResp(&resp);
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return GSS_S_BAD_MECH;
+ }
+
+ if (resp.responseToken != NULL ||
+ ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
+ gss_buffer_desc mech_input_token;
+
+ if (resp.responseToken) {
+ mech_input_token.length = resp.responseToken->length;
+ mech_input_token.value = resp.responseToken->data;
+ } else {
+ mech_input_token.length = 0;
+ mech_input_token.value = NULL;
+ }
+
+
+ mech.length = ctx->oidlen;
+ mech.elements = ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen;
+
+ /* Fall through as if the negotiated mechanism
+ was requested explicitly */
+ ret = gss_init_sec_context(&minor,
+ (cred != NULL) ? cred->negotiated_cred_id :
+ GSS_C_NO_CREDENTIAL,
+ &ctx->negotiated_ctx_id,
+ ctx->target_name,
+ &mech,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ &mech_input_token,
+ &ctx->negotiated_mech_type,
+ &mech_output_token,
+ &ctx->mech_flags,
+ &ctx->mech_time_rec);
+ if (GSS_ERROR(ret)) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free_NegTokenResp(&resp);
+ *minor_status = minor;
+ return ret;
+ }
+ if (ret == GSS_S_COMPLETE) {
+ ctx->open = 1;
+ }
+ } else if (*(resp.negResult) == accept_completed) {
+ if (ctx->maybe_open)
+ ctx->open = 1;
+ }
+
+ if (*(resp.negResult) == request_mic) {
+ ctx->require_mic = 1;
+ }
+
+ if (ctx->open) {
+ /*
+ * Verify the mechListMIC if one was provided or CFX was
+ * used and a non-preferred mechanism was selected
+ */
+ if (resp.mechListMIC != NULL) {
+ require_mic = 1;
+ } else {
+ ret = _gss_spnego_require_mechlist_mic(minor_status, ctx,
+ &require_mic);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free_NegTokenResp(&resp);
+ gss_release_buffer(&minor, &mech_output_token);
+ return ret;
+ }
+ }
+ } else {
+ require_mic = 0;
+ }
+
+ if (require_mic) {
+ ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length,
+ &ctx->initiator_mech_types, &buf_len, ret);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free_NegTokenResp(&resp);
+ gss_release_buffer(&minor, &mech_output_token);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ if (mech_buf.length != buf_len)
+ abort();
+
+ if (resp.mechListMIC == NULL) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free(mech_buf.value);
+ free_NegTokenResp(&resp);
+ *minor_status = 0;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ mic_buf.length = resp.mechListMIC->length;
+ mic_buf.value = resp.mechListMIC->data;
+
+ if (mech_output_token.length == 0) {
+ ret = gss_verify_mic(minor_status,
+ ctx->negotiated_ctx_id,
+ &mech_buf,
+ &mic_buf,
+ NULL);
+ if (ret) {
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ free(mech_buf.value);
+ gss_release_buffer(&minor, &mech_output_token);
+ free_NegTokenResp(&resp);
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+ ctx->verified_mic = 1;
+ }
+ }
+
+ ret = spnego_reply_internal(minor_status, ctx,
+ require_mic ? &mech_buf : NULL,
+ &mech_output_token,
+ output_token);
+
+ if (mech_buf.value != NULL)
+ free(mech_buf.value);
+
+ free_NegTokenResp(&resp);
+ gss_release_buffer(&minor, &mech_output_token);
+
+ if (actual_mech_type)
+ *actual_mech_type = ctx->negotiated_mech_type;
+ if (ret_flags)
+ *ret_flags = ctx->mech_flags;
+ if (time_rec)
+ *time_rec = ctx->mech_time_rec;
+
+ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
+ return ret;
+}
+
+OM_uint32 _gss_spnego_init_sec_context
+ (OM_uint32 * minor_status,
+ const gss_cred_id_t initiator_cred_handle,
+ gss_ctx_id_t * context_handle,
+ const gss_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle;
+
+ if (*context_handle == GSS_C_NO_CONTEXT)
+ return spnego_initial (minor_status,
+ cred,
+ context_handle,
+ target_name,
+ mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+ else
+ return spnego_reply (minor_status,
+ cred,
+ context_handle,
+ target_name,
+ mech_type,
+ req_flags,
+ time_req,
+ input_chan_bindings,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,330 @@
+/* This is a generated file */
+#ifndef __spnego_private_h__
+#define __spnego_private_h__
+
+#include <stdarg.h>
+
+gssapi_mech_interface
+__gss_spnego_initialize (void);
+
+OM_uint32
+_gss_spnego_accept_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_cred_id_t /*acceptor_cred_handle*/,
+ const gss_buffer_t /*input_token_buffer*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ gss_name_t * /*src_name*/,
+ gss_OID * /*mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * /*time_rec*/,
+ gss_cred_id_t *delegated_cred_handle );
+
+OM_uint32
+_gss_spnego_acquire_cred (
+ OM_uint32 */*minor_status*/,
+ const gss_name_t /*desired_name*/,
+ OM_uint32 /*time_req*/,
+ const gss_OID_set /*desired_mechs*/,
+ gss_cred_usage_t /*cred_usage*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gss_spnego_add_cred (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*input_cred_handle*/,
+ const gss_name_t /*desired_name*/,
+ const gss_OID /*desired_mech*/,
+ gss_cred_usage_t /*cred_usage*/,
+ OM_uint32 /*initiator_time_req*/,
+ OM_uint32 /*acceptor_time_req*/,
+ gss_cred_id_t * /*output_cred_handle*/,
+ gss_OID_set * /*actual_mechs*/,
+ OM_uint32 * /*initiator_time_rec*/,
+ OM_uint32 * acceptor_time_rec );
+
+OM_uint32
+_gss_spnego_alloc_cred (
+ OM_uint32 */*minor_status*/,
+ gss_cred_id_t /*mech_cred_handle*/,
+ gss_cred_id_t */*cred_handle*/);
+
+OM_uint32
+_gss_spnego_alloc_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t */*context_handle*/);
+
+OM_uint32
+_gss_spnego_canonicalize_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * output_name );
+
+OM_uint32
+_gss_spnego_compare_name (
+ OM_uint32 */*minor_status*/,
+ const gss_name_t /*name1*/,
+ const gss_name_t /*name2*/,
+ int * name_equal );
+
+OM_uint32
+_gss_spnego_context_time (
+ OM_uint32 */*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ OM_uint32 *time_rec );
+
+OM_uint32
+_gss_spnego_delete_sec_context (
+ OM_uint32 */*minor_status*/,
+ gss_ctx_id_t */*context_handle*/,
+ gss_buffer_t output_token );
+
+OM_uint32
+_gss_spnego_display_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t /*output_name_buffer*/,
+ gss_OID * output_name_type );
+
+OM_uint32
+_gss_spnego_display_status (
+ OM_uint32 * /*minor_status*/,
+ OM_uint32 /*status_value*/,
+ int /*status_type*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 * /*message_context*/,
+ gss_buffer_t status_string );
+
+OM_uint32
+_gss_spnego_duplicate_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*src_name*/,
+ gss_name_t * dest_name );
+
+OM_uint32
+_gss_spnego_export_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_buffer_t exported_name );
+
+OM_uint32
+_gss_spnego_export_sec_context (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ gss_buffer_t interprocess_token );
+
+OM_uint32
+_gss_spnego_get_mic (
+ OM_uint32 */*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*message_buffer*/,
+ gss_buffer_t message_token );
+
+OM_uint32
+_gss_spnego_import_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*name_buffer*/,
+ const gss_OID /*name_type*/,
+ gss_name_t * output_name );
+
+OM_uint32
+_gss_spnego_import_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_buffer_t /*interprocess_token*/,
+ gss_ctx_id_t *context_handle );
+
+OM_uint32
+_gss_spnego_indicate_mechtypelist (
+ OM_uint32 */*minor_status*/,
+ gss_name_t /*target_name*/,
+ OM_uint32 (*/*func*/)(gss_name_t, gss_OID),
+ int /*includeMSCompatOID*/,
+ const gssspnego_cred /*cred_handle*/,
+ MechTypeList */*mechtypelist*/,
+ gss_OID */*preferred_mech*/);
+
+OM_uint32
+_gss_spnego_init_sec_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*initiator_cred_handle*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_name_t /*target_name*/,
+ const gss_OID /*mech_type*/,
+ OM_uint32 /*req_flags*/,
+ OM_uint32 /*time_req*/,
+ const gss_channel_bindings_t /*input_chan_bindings*/,
+ const gss_buffer_t /*input_token*/,
+ gss_OID * /*actual_mech_type*/,
+ gss_buffer_t /*output_token*/,
+ OM_uint32 * /*ret_flags*/,
+ OM_uint32 * time_rec );
+
+OM_uint32
+_gss_spnego_inquire_context (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ gss_name_t * /*src_name*/,
+ gss_name_t * /*targ_name*/,
+ OM_uint32 * /*lifetime_rec*/,
+ gss_OID * /*mech_type*/,
+ OM_uint32 * /*ctx_flags*/,
+ int * /*locally_initiated*/,
+ int * open_context );
+
+OM_uint32
+_gss_spnego_inquire_cred (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*lifetime*/,
+ gss_cred_usage_t * /*cred_usage*/,
+ gss_OID_set * mechanisms );
+
+OM_uint32
+_gss_spnego_inquire_cred_by_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*mech_type*/,
+ gss_name_t * /*name*/,
+ OM_uint32 * /*initiator_lifetime*/,
+ OM_uint32 * /*acceptor_lifetime*/,
+ gss_cred_usage_t * cred_usage );
+
+OM_uint32
+_gss_spnego_inquire_cred_by_oid (
+ OM_uint32 * /*minor_status*/,
+ const gss_cred_id_t /*cred_handle*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_set_t */*data_set*/);
+
+OM_uint32
+_gss_spnego_inquire_mechs_for_name (
+ OM_uint32 * /*minor_status*/,
+ const gss_name_t /*input_name*/,
+ gss_OID_set * mech_types );
+
+OM_uint32
+_gss_spnego_inquire_names_for_mech (
+ OM_uint32 * /*minor_status*/,
+ const gss_OID /*mechanism*/,
+ gss_OID_set * name_types );
+
+OM_uint32
+_gss_spnego_inquire_sec_context_by_oid (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_OID /*desired_object*/,
+ gss_buffer_set_t */*data_set*/);
+
+OM_uint32
+_gss_spnego_internal_delete_sec_context (
+ OM_uint32 */*minor_status*/,
+ gss_ctx_id_t */*context_handle*/,
+ gss_buffer_t output_token );
+
+OM_uint32
+_gss_spnego_process_context_token (
+ OM_uint32 */*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t token_buffer );
+
+OM_uint32
+_gss_spnego_release_cred (
+ OM_uint32 */*minor_status*/,
+ gss_cred_id_t */*cred_handle*/);
+
+OM_uint32
+_gss_spnego_release_name (
+ OM_uint32 * /*minor_status*/,
+ gss_name_t * input_name );
+
+OM_uint32
+_gss_spnego_require_mechlist_mic (
+ OM_uint32 */*minor_status*/,
+ gssspnego_ctx /*ctx*/,
+ int */*require_mic*/);
+
+OM_uint32
+_gss_spnego_seal (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ int /*qop_req*/,
+ gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t output_message_buffer );
+
+OM_uint32
+_gss_spnego_set_sec_context_option (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t * /*context_handle*/,
+ const gss_OID /*desired_object*/,
+ const gss_buffer_t /*value*/);
+
+OM_uint32
+_gss_spnego_sign (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ int /*qop_req*/,
+ gss_buffer_t /*message_buffer*/,
+ gss_buffer_t message_token );
+
+OM_uint32
+_gss_spnego_unseal (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ int * qop_state );
+
+OM_uint32
+_gss_spnego_unwrap (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ gss_buffer_t /*output_message_buffer*/,
+ int * /*conf_state*/,
+ gss_qop_t * qop_state );
+
+OM_uint32
+_gss_spnego_verify (
+ OM_uint32 * /*minor_status*/,
+ gss_ctx_id_t /*context_handle*/,
+ gss_buffer_t /*message_buffer*/,
+ gss_buffer_t /*token_buffer*/,
+ int * qop_state );
+
+OM_uint32
+_gss_spnego_verify_mic (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ const gss_buffer_t /*message_buffer*/,
+ const gss_buffer_t /*token_buffer*/,
+ gss_qop_t * qop_state );
+
+OM_uint32
+_gss_spnego_wrap (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ const gss_buffer_t /*input_message_buffer*/,
+ int * /*conf_state*/,
+ gss_buffer_t output_message_buffer );
+
+OM_uint32
+_gss_spnego_wrap_size_limit (
+ OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t /*context_handle*/,
+ int /*conf_req_flag*/,
+ gss_qop_t /*qop_req*/,
+ OM_uint32 /*req_output_size*/,
+ OM_uint32 * max_input_size );
+
+#endif /* __spnego_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+-- $Id: spnego.asn1,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+SPNEGO DEFINITIONS ::=
+BEGIN
+
+MechType::= OBJECT IDENTIFIER
+
+MechTypeList ::= SEQUENCE OF MechType
+
+ContextFlags ::= BIT STRING {
+ delegFlag (0),
+ mutualFlag (1),
+ replayFlag (2),
+ sequenceFlag (3),
+ anonFlag (4),
+ confFlag (5),
+ integFlag (6)
+}
+
+NegHints ::= SEQUENCE {
+ hintName [0] GeneralString OPTIONAL,
+ hintAddress [1] OCTET STRING OPTIONAL
+}
+
+NegTokenInitWin ::= SEQUENCE {
+ mechTypes [0] MechTypeList,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ negHints [3] NegHints OPTIONAL
+}
+
+NegTokenInit ::= SEQUENCE {
+ mechTypes [0] MechTypeList,
+ reqFlags [1] ContextFlags OPTIONAL,
+ mechToken [2] OCTET STRING OPTIONAL,
+ mechListMIC [3] OCTET STRING OPTIONAL,
+ ...
+}
+
+-- NB: negResult is not OPTIONAL in the new SPNEGO spec but
+-- Windows clients do not always send it
+NegTokenResp ::= SEQUENCE {
+ negResult [0] ENUMERATED {
+ accept_completed (0),
+ accept_incomplete (1),
+ reject (2),
+ request-mic (3) } OPTIONAL,
+ supportedMech [1] MechType OPTIONAL,
+ responseToken [2] OCTET STRING OPTIONAL,
+ mechListMIC [3] OCTET STRING OPTIONAL,
+ ...
+}
+
+NegotiationToken ::= CHOICE {
+ negTokenInit[0] NegTokenInit,
+ negTokenResp[1] NegTokenResp
+}
+
+NegotiationTokenWin ::= CHOICE {
+ negTokenInit[0] NegTokenInitWin
+}
+
+END
Added: vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/spnego/spnego_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2004, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: spnego_locl.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+/* $FreeBSD$ */
+
+#ifndef SPNEGO_LOCL_H
+#define SPNEGO_LOCL_H
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+
+#include <gssapi/gssapi_spnego.h>
+#include <gssapi.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#include <heim_threads.h>
+#include <asn1_err.h>
+
+#include <gssapi_mech.h>
+
+#include "spnego_asn1.h"
+#include <der.h>
+
+#include <roken.h>
+
+#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
+
+typedef struct {
+ gss_cred_id_t negotiated_cred_id;
+} *gssspnego_cred;
+
+typedef struct {
+ MechTypeList initiator_mech_types;
+ gss_OID preferred_mech_type;
+ gss_OID negotiated_mech_type;
+ gss_ctx_id_t negotiated_ctx_id;
+ OM_uint32 mech_flags;
+ OM_uint32 mech_time_rec;
+ gss_name_t mech_src_name;
+ gss_cred_id_t delegated_cred_id;
+ unsigned int open : 1;
+ unsigned int local : 1;
+ unsigned int require_mic : 1;
+ unsigned int verified_mic : 1;
+ unsigned int maybe_open : 1;
+ HEIMDAL_MUTEX ctx_id_mutex;
+
+ gss_name_t target_name;
+
+ u_char oidbuf[17];
+ size_t oidlen;
+
+} *gssspnego_ctx;
+
+typedef struct {
+ gss_OID_desc type;
+ gss_buffer_desc value;
+ gss_name_t mech;
+} *spnego_name;
+
+extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
+extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc;
+
+#include <spnego/spnego-private.h>
+
+#endif /* SPNEGO_LOCL_H */
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_acquire_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_acquire_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_acquire_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 2003-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <gssapi.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+#include "test_common.h"
+
+RCSID("$Id: test_acquire_cred.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+static void
+print_time(OM_uint32 time_rec)
+{
+ if (time_rec == GSS_C_INDEFINITE) {
+ printf("cred never expire\n");
+ } else {
+ time_t t = time_rec + time(NULL);
+ printf("expiration time: %s", ctime(&t));
+ }
+}
+
+#if 0
+
+static void
+test_add(gss_cred_id_t cred_handle)
+{
+ OM_uint32 major_status, minor_status;
+ gss_cred_id_t copy_cred;
+ OM_uint32 time_rec;
+
+ major_status = gss_add_cred (&minor_status,
+ cred_handle,
+ GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM,
+ GSS_C_INITIATE,
+ 0,
+ 0,
+ ©_cred,
+ NULL,
+ &time_rec,
+ NULL);
+
+ if (GSS_ERROR(major_status))
+ errx(1, "add_cred failed");
+
+ print_time(time_rec);
+
+ major_status = gss_release_cred(&minor_status,
+ ©_cred);
+ if (GSS_ERROR(major_status))
+ errx(1, "release_cred failed");
+}
+
+static void
+copy_cred(void)
+{
+ OM_uint32 major_status, minor_status;
+ gss_cred_id_t cred_handle;
+ OM_uint32 time_rec;
+
+ major_status = gss_acquire_cred(&minor_status,
+ GSS_C_NO_NAME,
+ 0,
+ NULL,
+ GSS_C_INITIATE,
+ &cred_handle,
+ NULL,
+ &time_rec);
+ if (GSS_ERROR(major_status))
+ errx(1, "acquire_cred failed");
+
+ print_time(time_rec);
+
+ test_add(cred_handle);
+ test_add(cred_handle);
+ test_add(cred_handle);
+
+ major_status = gss_release_cred(&minor_status,
+ &cred_handle);
+ if (GSS_ERROR(major_status))
+ errx(1, "release_cred failed");
+}
+#endif
+
+static void
+acquire_cred_service(const char *service,
+ gss_OID nametype,
+ int flags)
+{
+ OM_uint32 major_status, minor_status;
+ gss_cred_id_t cred_handle;
+ OM_uint32 time_rec;
+ gss_buffer_desc name_buffer;
+ gss_name_t name = GSS_C_NO_NAME;
+
+ if (service) {
+ name_buffer.value = rk_UNCONST(service);
+ name_buffer.length = strlen(service);
+
+ major_status = gss_import_name(&minor_status,
+ &name_buffer,
+ nametype,
+ &name);
+ if (GSS_ERROR(major_status))
+ errx(1, "import_name failed");
+ }
+
+ major_status = gss_acquire_cred(&minor_status,
+ name,
+ 0,
+ NULL,
+ flags,
+ &cred_handle,
+ NULL,
+ &time_rec);
+ if (GSS_ERROR(major_status)) {
+ warnx("acquire_cred failed: %s",
+ gssapi_err(major_status, minor_status, GSS_C_NO_OID));
+ } else {
+ print_time(time_rec);
+ gss_release_cred(&minor_status, &cred_handle);
+ }
+
+ if (name != GSS_C_NO_NAME)
+ gss_release_name(&minor_status, &name);
+
+ if (GSS_ERROR(major_status))
+ exit(1);
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+static char *acquire_name;
+static char *acquire_type;
+static char *name_type;
+static char *ccache;
+
+static struct getargs args[] = {
+ {"acquire-name", 0, arg_string, &acquire_name, "name", NULL },
+ {"acquire-type", 0, arg_string, &acquire_type, "type", NULL },
+ {"ccache", 0, arg_string, &ccache, "name", NULL },
+ {"name-type", 0, arg_string, &name_type, "type", NULL },
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+ OM_uint32 flag;
+ gss_OID type;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 0)
+ usage(1);
+
+ if (acquire_type) {
+ if (strcasecmp(acquire_type, "both") == 0)
+ flag = GSS_C_BOTH;
+ else if (strcasecmp(acquire_type, "accept") == 0)
+ flag = GSS_C_ACCEPT;
+ else if (strcasecmp(acquire_type, "initiate") == 0)
+ flag = GSS_C_INITIATE;
+ else
+ errx(1, "unknown type %s", acquire_type);
+ } else
+ flag = GSS_C_ACCEPT;
+
+ if (name_type) {
+ if (strcasecmp("hostbased-service", name_type) == 0)
+ type = GSS_C_NT_HOSTBASED_SERVICE;
+ else if (strcasecmp("user-name", name_type) == 0)
+ type = GSS_C_NT_USER_NAME;
+ else
+ errx(1, "unknown name type %s", name_type);
+ } else
+ type = GSS_C_NT_HOSTBASED_SERVICE;
+
+ if (ccache) {
+ OM_uint32 major_status, minor_status;
+ major_status = gss_krb5_ccache_name(&minor_status,
+ ccache, NULL);
+ if (GSS_ERROR(major_status))
+ errx(1, "gss_krb5_ccache_name %s",
+ gssapi_err(major_status, minor_status, GSS_C_NO_OID));
+ }
+
+ acquire_cred_service(acquire_name, type, flag);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_common.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_common.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+#include <err.h>
+#include "test_common.h"
+
+RCSID("$Id: test_common.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+char *
+gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech)
+{
+ OM_uint32 disp_min_stat, disp_maj_stat;
+ gss_buffer_desc maj_error_message;
+ gss_buffer_desc min_error_message;
+ OM_uint32 msg_ctx = 0;
+
+ char *ret = NULL;
+
+ maj_error_message.length = 0;
+ maj_error_message.value = NULL;
+ min_error_message.length = 0;
+ min_error_message.value = NULL;
+
+ disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat,
+ GSS_C_GSS_CODE,
+ mech, &msg_ctx, &maj_error_message);
+ disp_maj_stat = gss_display_status(&disp_min_stat, min_stat,
+ GSS_C_MECH_CODE,
+ mech, &msg_ctx, &min_error_message);
+ asprintf(&ret, "gss-code: %lu %.*s\nmech-code: %lu %.*s",
+ (unsigned long)maj_stat,
+ (int)maj_error_message.length,
+ (char *)maj_error_message.value,
+ (unsigned long)min_stat,
+ (int)min_error_message.length,
+ (char *)min_error_message.value);
+
+ gss_release_buffer(&disp_min_stat, &maj_error_message);
+ gss_release_buffer(&disp_min_stat, &min_error_message);
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_common.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_common.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: test_common.h,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+char * gssapi_err(OM_uint32, OM_uint32, gss_OID);
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,542 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5/gsskrb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+#include "test_common.h"
+
+RCSID("$Id: test_context.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static char *type_string;
+static char *mech_string;
+static char *ret_mech_string;
+static int dns_canon_flag = -1;
+static int mutual_auth_flag = 0;
+static int dce_style_flag = 0;
+static int wrapunwrap_flag = 0;
+static int getverifymic_flag = 0;
+static int deleg_flag = 0;
+static int version_flag = 0;
+static int verbose_flag = 0;
+static int help_flag = 0;
+
+static struct {
+ const char *name;
+ gss_OID *oid;
+} o2n[] = {
+ { "krb5", &GSS_KRB5_MECHANISM },
+ { "spnego", &GSS_SPNEGO_MECHANISM },
+ { "ntlm", &GSS_NTLM_MECHANISM },
+ { "sasl-digest-md5", &GSS_SASL_DIGEST_MD5_MECHANISM }
+};
+
+static gss_OID
+string_to_oid(const char *name)
+{
+ int i;
+ for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
+ if (strcasecmp(name, o2n[i].name) == 0)
+ return *o2n[i].oid;
+ errx(1, "name %s not unknown", name);
+}
+
+static const char *
+oid_to_string(const gss_OID oid)
+{
+ int i;
+ for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++)
+ if (gss_oid_equal(oid, *o2n[i].oid))
+ return o2n[i].name;
+ return "unknown oid";
+}
+
+static void
+loop(gss_OID mechoid,
+ gss_OID nameoid, const char *target,
+ gss_cred_id_t init_cred,
+ gss_ctx_id_t *sctx, gss_ctx_id_t *cctx,
+ gss_OID *actual_mech,
+ gss_cred_id_t *deleg_cred)
+{
+ int server_done = 0, client_done = 0;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t gss_target_name;
+ gss_buffer_desc input_token, output_token;
+ OM_uint32 flags = 0, ret_cflags, ret_sflags;
+ gss_OID actual_mech_client;
+ gss_OID actual_mech_server;
+
+ *actual_mech = GSS_C_NO_OID;
+
+ flags |= GSS_C_INTEG_FLAG;
+ flags |= GSS_C_CONF_FLAG;
+
+ if (mutual_auth_flag)
+ flags |= GSS_C_MUTUAL_FLAG;
+ if (dce_style_flag)
+ flags |= GSS_C_DCE_STYLE;
+ if (deleg_flag)
+ flags |= GSS_C_DELEG_FLAG;
+
+ input_token.value = rk_UNCONST(target);
+ input_token.length = strlen(target);
+
+ maj_stat = gss_import_name(&min_stat,
+ &input_token,
+ nameoid,
+ &gss_target_name);
+ if (GSS_ERROR(maj_stat))
+ err(1, "import name creds failed with: %d", maj_stat);
+
+ input_token.length = 0;
+ input_token.value = NULL;
+
+ while (!server_done || !client_done) {
+
+ maj_stat = gss_init_sec_context(&min_stat,
+ init_cred,
+ cctx,
+ gss_target_name,
+ mechoid,
+ flags,
+ 0,
+ NULL,
+ &input_token,
+ &actual_mech_client,
+ &output_token,
+ &ret_cflags,
+ NULL);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "init_sec_context: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+ if (maj_stat & GSS_S_CONTINUE_NEEDED)
+ ;
+ else
+ client_done = 1;
+
+ if (client_done && server_done)
+ break;
+
+ if (input_token.length != 0)
+ gss_release_buffer(&min_stat, &input_token);
+
+ maj_stat = gss_accept_sec_context(&min_stat,
+ sctx,
+ GSS_C_NO_CREDENTIAL,
+ &output_token,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ NULL,
+ &actual_mech_server,
+ &input_token,
+ &ret_sflags,
+ NULL,
+ deleg_cred);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "accept_sec_context: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech_server));
+
+ if (verbose_flag)
+ printf("%.*s", (int)input_token.length, (char *)input_token.value);
+
+ if (output_token.length != 0)
+ gss_release_buffer(&min_stat, &output_token);
+
+ if (maj_stat & GSS_S_CONTINUE_NEEDED)
+ ;
+ else
+ server_done = 1;
+ }
+ if (output_token.length != 0)
+ gss_release_buffer(&min_stat, &output_token);
+ if (input_token.length != 0)
+ gss_release_buffer(&min_stat, &input_token);
+ gss_release_name(&min_stat, &gss_target_name);
+
+ if (gss_oid_equal(actual_mech_server, actual_mech_client) == 0)
+ errx(1, "mech mismatch");
+ *actual_mech = actual_mech_server;
+}
+
+static void
+wrapunwrap(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
+{
+ gss_buffer_desc input_token, output_token, output_token2;
+ OM_uint32 min_stat, maj_stat;
+ int32_t flags = 0;
+ gss_qop_t qop_state;
+ int conf_state;
+
+ input_token.value = "foo";
+ input_token.length = 3;
+
+ maj_stat = gss_wrap(&min_stat, cctx, flags, 0, &input_token,
+ &conf_state, &output_token);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_wrap failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+
+ maj_stat = gss_unwrap(&min_stat, sctx, &output_token,
+ &output_token2, &conf_state, &qop_state);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_unwrap failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+}
+
+static void
+getverifymic(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid)
+{
+ gss_buffer_desc input_token, output_token;
+ OM_uint32 min_stat, maj_stat;
+ gss_qop_t qop_state;
+
+ input_token.value = "bar";
+ input_token.length = 3;
+
+ maj_stat = gss_get_mic(&min_stat, cctx, 0, &input_token,
+ &output_token);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_get_mic failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+
+ maj_stat = gss_verify_mic(&min_stat, sctx, &input_token,
+ &output_token, &qop_state);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_verify_mic failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+}
+
+
+/*
+ *
+ */
+
+static struct getargs args[] = {
+ {"name-type",0, arg_string, &type_string, "type of name", NULL },
+ {"mech-type",0, arg_string, &mech_string, "type of mech", NULL },
+ {"ret-mech-type",0, arg_string, &ret_mech_string,
+ "type of return mech", NULL },
+ {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag,
+ "use dns to canonicalize", NULL },
+ {"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL },
+ {"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL },
+ {"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL },
+ {"getverifymic",0, arg_flag, &getverifymic_flag,
+ "get and verify mic", NULL },
+ {"delegate",0, arg_flag, &deleg_flag, "delegate credential", NULL },
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"verbose", 'v', arg_flag, &verbose_flag, "verbose", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "service at host");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optind = 0;
+ OM_uint32 min_stat, maj_stat;
+ gss_ctx_id_t cctx, sctx;
+ void *ctx;
+ gss_OID nameoid, mechoid, actual_mech;
+ gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
+
+ setprogname(argv[0]);
+
+ cctx = sctx = GSS_C_NO_CONTEXT;
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 1)
+ usage(1);
+
+ if (dns_canon_flag != -1)
+ gsskrb5_set_dns_canonicalize(dns_canon_flag);
+
+ if (type_string == NULL)
+ nameoid = GSS_C_NT_HOSTBASED_SERVICE;
+ else if (strcmp(type_string, "hostbased-service") == 0)
+ nameoid = GSS_C_NT_HOSTBASED_SERVICE;
+ else if (strcmp(type_string, "krb5-principal-name") == 0)
+ nameoid = GSS_KRB5_NT_PRINCIPAL_NAME;
+ else
+ errx(1, "%s not suppported", type_string);
+
+ if (mech_string == NULL)
+ mechoid = GSS_KRB5_MECHANISM;
+ else
+ mechoid = string_to_oid(mech_string);
+
+ loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL,
+ &sctx, &cctx, &actual_mech, &deleg_cred);
+
+ if (verbose_flag)
+ printf("resulting mech: %s\n", oid_to_string(actual_mech));
+
+ if (ret_mech_string) {
+ gss_OID retoid;
+
+ retoid = string_to_oid(ret_mech_string);
+
+ if (gss_oid_equal(retoid, actual_mech) == 0)
+ errx(1, "actual_mech mech is not the expected type %s",
+ ret_mech_string);
+ }
+
+ /* XXX should be actual_mech */
+ if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
+ krb5_context context;
+ time_t time, skew;
+ gss_buffer_desc authz_data;
+ gss_buffer_desc in, out1, out2;
+ krb5_keyblock *keyblock, *keyblock2;
+ krb5_timestamp now;
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context");
+
+ ret = krb5_timeofday(context, &now);
+ if (ret)
+ errx(1, "krb5_timeofday failed");
+
+ /* client */
+ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
+ &cctx,
+ 1, /* version */
+ &ctx);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+
+ maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ /* server */
+ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
+ &sctx,
+ 1, /* version */
+ &ctx);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_export_lucid_sec_context failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, ctx);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_free_lucid_sec_context failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ maj_stat = gsskrb5_extract_authtime_from_sec_context(&min_stat,
+ sctx,
+ &time);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gsskrb5_extract_authtime_from_sec_context failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ skew = abs(time - now);
+ if (skew > krb5_get_max_time_skew(context)) {
+ errx(1, "gsskrb5_extract_authtime_from_sec_context failed: "
+ "time skew too great %llu > %llu",
+ (unsigned long long)skew,
+ (unsigned long long)krb5_get_max_time_skew(context));
+ }
+
+ maj_stat = gsskrb5_extract_service_keyblock(&min_stat,
+ sctx,
+ &keyblock);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gsskrb5_export_service_keyblock failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ krb5_free_keyblock(context, keyblock);
+
+ maj_stat = gsskrb5_get_subkey(&min_stat,
+ sctx,
+ &keyblock);
+ if (maj_stat != GSS_S_COMPLETE
+ && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
+ errx(1, "gsskrb5_get_subkey server failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ if (maj_stat != GSS_S_COMPLETE)
+ keyblock = NULL;
+
+ maj_stat = gsskrb5_get_subkey(&min_stat,
+ cctx,
+ &keyblock2);
+ if (maj_stat != GSS_S_COMPLETE
+ && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
+ errx(1, "gsskrb5_get_subkey client failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ if (maj_stat != GSS_S_COMPLETE)
+ keyblock2 = NULL;
+
+ if (keyblock || keyblock2) {
+ if (keyblock == NULL)
+ errx(1, "server missing token keyblock");
+ if (keyblock2 == NULL)
+ errx(1, "client missing token keyblock");
+
+ if (keyblock->keytype != keyblock2->keytype)
+ errx(1, "enctype mismatch");
+ if (keyblock->keyvalue.length != keyblock2->keyvalue.length)
+ errx(1, "key length mismatch");
+ if (memcmp(keyblock->keyvalue.data, keyblock2->keyvalue.data,
+ keyblock2->keyvalue.length) != 0)
+ errx(1, "key data mismatch");
+ }
+
+ if (keyblock)
+ krb5_free_keyblock(context, keyblock);
+ if (keyblock2)
+ krb5_free_keyblock(context, keyblock2);
+
+ maj_stat = gsskrb5_get_initiator_subkey(&min_stat,
+ sctx,
+ &keyblock);
+ if (maj_stat != GSS_S_COMPLETE
+ && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY)))
+ errx(1, "gsskrb5_get_initiator_subkey failed: %s",
+ gssapi_err(maj_stat, min_stat, actual_mech));
+
+ if (maj_stat == GSS_S_COMPLETE)
+ krb5_free_keyblock(context, keyblock);
+
+ maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
+ sctx,
+ 128,
+ &authz_data);
+ if (maj_stat == GSS_S_COMPLETE)
+ gss_release_buffer(&min_stat, &authz_data);
+
+ krb5_free_context(context);
+
+
+ memset(&out1, 0, sizeof(out1));
+ memset(&out2, 0, sizeof(out2));
+
+ in.value = "foo";
+ in.length = 3;
+
+ gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in,
+ 100, &out1);
+ gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_FULL, &in,
+ 100, &out2);
+
+ if (out1.length != out2.length)
+ errx(1, "prf len mismatch");
+ if (memcmp(out1.value, out2.value, out1.length) != 0)
+ errx(1, "prf data mismatch");
+
+ gss_release_buffer(&min_stat, &out1);
+
+ gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in,
+ 100, &out1);
+
+ if (out1.length != out2.length)
+ errx(1, "prf len mismatch");
+ if (memcmp(out1.value, out2.value, out1.length) != 0)
+ errx(1, "prf data mismatch");
+
+ gss_release_buffer(&min_stat, &out1);
+ gss_release_buffer(&min_stat, &out2);
+
+ in.value = "bar";
+ in.length = 3;
+
+ gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_PARTIAL, &in,
+ 100, &out1);
+ gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_PARTIAL, &in,
+ 100, &out2);
+
+ if (out1.length != out2.length)
+ errx(1, "prf len mismatch");
+ if (memcmp(out1.value, out2.value, out1.length) != 0)
+ errx(1, "prf data mismatch");
+
+ gss_release_buffer(&min_stat, &out1);
+ gss_release_buffer(&min_stat, &out2);
+
+ wrapunwrap_flag = 1;
+ getverifymic_flag = 1;
+ }
+
+ if (wrapunwrap_flag) {
+ wrapunwrap(cctx, sctx, actual_mech);
+ wrapunwrap(cctx, sctx, actual_mech);
+ wrapunwrap(sctx, cctx, actual_mech);
+ wrapunwrap(sctx, cctx, actual_mech);
+ }
+ if (getverifymic_flag) {
+ getverifymic(cctx, sctx, actual_mech);
+ getverifymic(cctx, sctx, actual_mech);
+ getverifymic(sctx, cctx, actual_mech);
+ getverifymic(sctx, cctx, actual_mech);
+ }
+
+ gss_delete_sec_context(&min_stat, &cctx, NULL);
+ gss_delete_sec_context(&min_stat, &sctx, NULL);
+
+ if (deleg_cred != GSS_C_NO_CREDENTIAL) {
+
+ loop(mechoid, nameoid, argv[0], deleg_cred, &cctx, &sctx, &actual_mech, NULL);
+
+ gss_delete_sec_context(&min_stat, &cctx, NULL);
+ gss_delete_sec_context(&min_stat, &sctx, NULL);
+
+ }
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 2003-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <gssapi.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+RCSID("$Id: test_cred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static void
+gss_print_errors (int min_stat)
+{
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ OM_uint32 ret;
+
+ do {
+ ret = gss_display_status (&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ if (!GSS_ERROR(ret)) {
+ fprintf (stderr, "%s\n", (char *)status_string.value);
+ gss_release_buffer (&new_stat, &status_string);
+ }
+ } while (!GSS_ERROR(ret) && msg_ctx != 0);
+}
+
+static void
+gss_err(int exitval, int status, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vwarnx (fmt, args);
+ gss_print_errors (status);
+ va_end(args);
+ exit (exitval);
+}
+
+static void
+acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_cred_id_t cred;
+ int i;
+
+ for (i = 0; i < counter; i++) {
+ maj_stat = gss_acquire_cred(&min_stat, name,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ usage,
+ &cred,
+ NULL,
+ NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE",
+ i, (int)maj_stat);
+
+ maj_stat = gss_release_cred(&min_stat, &cred);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE",
+ i, (int)maj_stat);
+ }
+}
+
+
+static void
+acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage)
+{
+ OM_uint32 maj_stat, min_stat;
+ gss_cred_id_t cred, cred2, cred3;
+
+ maj_stat = gss_acquire_cred(&min_stat, name,
+ GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET,
+ usage,
+ &cred,
+ NULL,
+ NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_add_cred(&min_stat,
+ cred,
+ GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM,
+ usage,
+ GSS_C_INDEFINITE,
+ GSS_C_INDEFINITE,
+ &cred2,
+ NULL,
+ NULL,
+ NULL);
+
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_release_cred(&min_stat, &cred);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_add_cred(&min_stat,
+ cred2,
+ GSS_C_NO_NAME,
+ GSS_KRB5_MECHANISM,
+ GSS_C_BOTH,
+ GSS_C_INDEFINITE,
+ GSS_C_INDEFINITE,
+ &cred3,
+ NULL,
+ NULL,
+ NULL);
+
+ maj_stat = gss_release_cred(&min_stat, &cred2);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
+
+ maj_stat = gss_release_cred(&min_stat, &cred3);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "release 2 %d != GSS_S_COMPLETE", (int)maj_stat);
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "service at host");
+ exit (ret);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ struct gss_buffer_desc_struct name_buffer;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc < 1)
+ errx(1, "argc < 1");
+
+ name_buffer.value = argv[0];
+ name_buffer.length = strlen(argv[0]);
+
+ maj_stat = gss_import_name(&min_stat, &name_buffer,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &name);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "import name error");
+
+ acquire_release_loop(name, 100, GSS_C_ACCEPT);
+ acquire_release_loop(name, 100, GSS_C_INITIATE);
+ acquire_release_loop(name, 100, GSS_C_BOTH);
+
+ acquire_add_release_add(name, GSS_C_ACCEPT);
+ acquire_add_release_add(name, GSS_C_INITIATE);
+ acquire_add_release_add(name, GSS_C_BOTH);
+
+ gss_release_name(&min_stat, &name);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_kcred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_kcred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_kcred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2003-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <gssapi.h>
+#include <krb5.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+RCSID("$Id: test_kcred.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static void
+copy_import(void)
+{
+ gss_cred_id_t cred1, cred2;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name1, name2;
+ OM_uint32 lifetime1, lifetime2;
+ gss_cred_usage_t usage1, usage2;
+ gss_OID_set mechs1, mechs2;
+ krb5_ccache id;
+ krb5_error_code ret;
+ krb5_context context;
+ int equal;
+
+ maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+ GSS_C_NO_OID_SET, GSS_C_INITIATE,
+ &cred1, NULL, NULL);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_acquire_cred");
+
+ maj_stat = gss_inquire_cred(&min_stat, cred1, &name1, &lifetime1,
+ &usage1, &mechs1);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_inquire_cred");
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context");
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ maj_stat = gss_krb5_copy_ccache(&min_stat, cred1, id);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_copy_ccache");
+
+ maj_stat = gss_krb5_import_cred(&min_stat, id, NULL, NULL, &cred2);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_import_cred");
+
+ maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
+ &usage2, &mechs2);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_inquire_cred 2");
+
+ maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_compare_name");
+ if (!equal)
+ errx(1, "names not equal");
+
+ if (lifetime1 != lifetime2)
+ errx(1, "lifetime not equal %lu != %lu",
+ (unsigned long)lifetime1, (unsigned long)lifetime2);
+
+ if (usage1 != usage2) {
+ /* as long any of them is both are everything it ok */
+ if (usage1 != GSS_C_BOTH && usage2 != GSS_C_BOTH)
+ errx(1, "usages disjoined");
+ }
+
+ gss_release_name(&min_stat, &name2);
+ gss_release_oid_set(&min_stat, &mechs2);
+
+ maj_stat = gss_inquire_cred(&min_stat, cred2, &name2, &lifetime2,
+ &usage2, &mechs2);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_inquire_cred");
+
+ maj_stat = gss_compare_name(&min_stat, name1, name2, &equal);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_compare_name");
+ if (!equal)
+ errx(1, "names not equal");
+
+ if (lifetime1 != lifetime2)
+ errx(1, "lifetime not equal %lu != %lu",
+ (unsigned long)lifetime1, (unsigned long)lifetime2);
+
+ gss_release_cred(&min_stat, &cred1);
+ gss_release_cred(&min_stat, &cred2);
+
+ gss_release_name(&min_stat, &name1);
+ gss_release_name(&min_stat, &name2);
+
+#if 0
+ compare(mechs1, mechs2);
+#endif
+
+ gss_release_oid_set(&min_stat, &mechs1);
+ gss_release_oid_set(&min_stat, &mechs2);
+
+ krb5_cc_destroy(context, id);
+ krb5_free_context(context);
+}
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ copy_import();
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_names.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_names.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_names.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <gssapi.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+RCSID("$Id: test_names.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+static void
+gss_print_errors (int min_stat)
+{
+ OM_uint32 new_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+ OM_uint32 ret;
+
+ do {
+ ret = gss_display_status (&new_stat,
+ min_stat,
+ GSS_C_MECH_CODE,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ if (!GSS_ERROR(ret)) {
+ fprintf (stderr, "%s\n", (char *)status_string.value);
+ gss_release_buffer (&new_stat, &status_string);
+ }
+ } while (!GSS_ERROR(ret) && msg_ctx != 0);
+}
+
+static void
+gss_err(int exitval, int status, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vwarnx (fmt, args);
+ gss_print_errors (status);
+ va_end(args);
+ exit (exitval);
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "service at host");
+ exit (ret);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ gss_buffer_desc name_buffer;
+ OM_uint32 maj_stat, min_stat;
+ gss_name_t name, MNname, MNname2;
+ int optidx = 0;
+ char *str;
+ int len, equal;
+
+ setprogname(argv[0]);
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ /*
+ * test import/export
+ */
+
+ len = asprintf(&str, "ftp at freeze-arrow.mit.edu");
+ if (len == -1)
+ errx(1, "asprintf");
+
+ name_buffer.value = str;
+ name_buffer.length = len;
+
+ maj_stat = gss_import_name(&min_stat, &name_buffer,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &name);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "import name error");
+ free(str);
+
+ maj_stat = gss_canonicalize_name (&min_stat,
+ name,
+ GSS_KRB5_MECHANISM,
+ &MNname);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "canonicalize name error");
+
+ maj_stat = gss_export_name(&min_stat,
+ MNname,
+ &name_buffer);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "export name error (KRB5)");
+
+ /*
+ * Import the exported name and compare
+ */
+
+ maj_stat = gss_import_name(&min_stat, &name_buffer,
+ GSS_C_NT_EXPORT_NAME,
+ &MNname2);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "import name error (exported KRB5 name)");
+
+
+ maj_stat = gss_compare_name(&min_stat, MNname, MNname2, &equal);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_compare_name");
+ if (!equal)
+ errx(1, "names not equal");
+
+ gss_release_name(&min_stat, &MNname2);
+ gss_release_buffer(&min_stat, &name_buffer);
+ gss_release_name(&min_stat, &MNname);
+ gss_release_name(&min_stat, &name);
+
+ /*
+ * Import oid less name and compare to mech name.
+ * Dovecot SASL lib does this.
+ */
+
+ len = asprintf(&str, "lha");
+ if (len == -1)
+ errx(1, "asprintf");
+
+ name_buffer.value = str;
+ name_buffer.length = len;
+
+ maj_stat = gss_import_name(&min_stat, &name_buffer,
+ GSS_C_NO_OID,
+ &name);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "import (no oid) name error");
+
+ maj_stat = gss_import_name(&min_stat, &name_buffer,
+ GSS_KRB5_NT_USER_NAME,
+ &MNname);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "import (krb5 mn) name error");
+
+ free(str);
+
+ maj_stat = gss_compare_name(&min_stat, name, MNname, &equal);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_compare_name");
+ if (!equal)
+ errx(1, "names not equal");
+
+ gss_release_name(&min_stat, &MNname);
+ gss_release_name(&min_stat, &name);
+
+#if 0
+ maj_stat = gss_canonicalize_name (&min_stat,
+ name,
+ GSS_SPNEGO_MECHANISM,
+ &MNname);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "canonicalize name error");
+
+
+ maj_stat = gss_export_name(&maj_stat,
+ MNname,
+ &name_buffer);
+ if (maj_stat != GSS_S_COMPLETE)
+ gss_err(1, min_stat, "export name error (SPNEGO)");
+
+ gss_release_name(&min_stat, &MNname);
+ gss_release_buffer(&min_stat, &name_buffer);
+#endif
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_ntlm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_ntlm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_ntlm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,339 @@
+/*
+ * Copyright (c) 2006 - 2008 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <gssapi.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+#include "test_common.h"
+
+RCSID("$Id: test_ntlm.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+#include <krb5.h>
+#include <heimntlm.h>
+
+static int
+test_libntlm_v1(int flags)
+{
+ const char *user = "foo",
+ *domain = "mydomain",
+ *password = "digestpassword";
+ OM_uint32 maj_stat, min_stat;
+ gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+ gss_buffer_desc input, output;
+ struct ntlm_type1 type1;
+ struct ntlm_type2 type2;
+ struct ntlm_type3 type3;
+ struct ntlm_buf data;
+ krb5_error_code ret;
+ gss_name_t src_name = GSS_C_NO_NAME;
+
+ memset(&type1, 0, sizeof(type1));
+ memset(&type2, 0, sizeof(type2));
+ memset(&type3, 0, sizeof(type3));
+
+ type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM|flags;
+ type1.domain = strdup(domain);
+ type1.hostname = NULL;
+ type1.os[0] = 0;
+ type1.os[1] = 0;
+
+ ret = heim_ntlm_encode_type1(&type1, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type1");
+
+ input.value = data.data;
+ input.length = data.length;
+
+ output.length = 0;
+ output.value = NULL;
+
+ maj_stat = gss_accept_sec_context(&min_stat,
+ &ctx,
+ GSS_C_NO_CREDENTIAL,
+ &input,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ NULL,
+ NULL,
+ &output,
+ NULL,
+ NULL,
+ NULL);
+ free(data.data);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "accept_sec_context v1: %s",
+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
+
+ if (output.length == 0)
+ errx(1, "output.length == 0");
+
+ data.data = output.value;
+ data.length = output.length;
+
+ ret = heim_ntlm_decode_type2(&data, &type2);
+ if (ret)
+ errx(1, "heim_ntlm_decode_type2");
+
+ gss_release_buffer(&min_stat, &output);
+
+ type3.flags = type2.flags;
+ type3.username = rk_UNCONST(user);
+ type3.targetname = type2.targetname;
+ type3.ws = rk_UNCONST("workstation");
+
+ {
+ struct ntlm_buf key;
+
+ heim_ntlm_nt_key(password, &key);
+
+ heim_ntlm_calculate_ntlm1(key.data, key.length,
+ type2.challange,
+ &type3.ntlm);
+
+ if (flags & NTLM_NEG_KEYEX) {
+ struct ntlm_buf sessionkey;
+ heim_ntlm_build_ntlm1_master(key.data, key.length,
+ &sessionkey,
+ &type3.sessionkey);
+ free(sessionkey.data);
+ }
+ free(key.data);
+ }
+
+ ret = heim_ntlm_encode_type3(&type3, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type3");
+
+ input.length = data.length;
+ input.value = data.data;
+
+ maj_stat = gss_accept_sec_context(&min_stat,
+ &ctx,
+ GSS_C_NO_CREDENTIAL,
+ &input,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &src_name,
+ NULL,
+ &output,
+ NULL,
+ NULL,
+ NULL);
+ free(input.value);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "accept_sec_context v1 2 %s",
+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
+
+ gss_release_buffer(&min_stat, &output);
+ gss_delete_sec_context(&min_stat, &ctx, NULL);
+
+ if (src_name == GSS_C_NO_NAME)
+ errx(1, "no source name!");
+
+ gss_display_name(&min_stat, src_name, &output, NULL);
+
+ printf("src_name: %.*s\n", (int)output.length, (char*)output.value);
+
+ gss_release_name(&min_stat, &src_name);
+ gss_release_buffer(&min_stat, &output);
+
+ return 0;
+}
+
+static int
+test_libntlm_v2(int flags)
+{
+ const char *user = "foo",
+ *domain = "mydomain",
+ *password = "digestpassword";
+ OM_uint32 maj_stat, min_stat;
+ gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+ gss_buffer_desc input, output;
+ struct ntlm_type1 type1;
+ struct ntlm_type2 type2;
+ struct ntlm_type3 type3;
+ struct ntlm_buf data;
+ krb5_error_code ret;
+
+ memset(&type1, 0, sizeof(type1));
+ memset(&type2, 0, sizeof(type2));
+ memset(&type3, 0, sizeof(type3));
+
+ type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_NTLM|flags;
+ type1.domain = strdup(domain);
+ type1.hostname = NULL;
+ type1.os[0] = 0;
+ type1.os[1] = 0;
+
+ ret = heim_ntlm_encode_type1(&type1, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type1");
+
+ input.value = data.data;
+ input.length = data.length;
+
+ output.length = 0;
+ output.value = NULL;
+
+ maj_stat = gss_accept_sec_context(&min_stat,
+ &ctx,
+ GSS_C_NO_CREDENTIAL,
+ &input,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ NULL,
+ NULL,
+ &output,
+ NULL,
+ NULL,
+ NULL);
+ free(data.data);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "accept_sec_context v2 %s",
+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
+
+ if (output.length == 0)
+ errx(1, "output.length == 0");
+
+ data.data = output.value;
+ data.length = output.length;
+
+ ret = heim_ntlm_decode_type2(&data, &type2);
+ if (ret)
+ errx(1, "heim_ntlm_decode_type2");
+
+ type3.flags = type2.flags;
+ type3.username = rk_UNCONST(user);
+ type3.targetname = type2.targetname;
+ type3.ws = rk_UNCONST("workstation");
+
+ {
+ struct ntlm_buf key;
+ unsigned char ntlmv2[16];
+
+ heim_ntlm_nt_key(password, &key);
+
+ heim_ntlm_calculate_ntlm2(key.data, key.length,
+ user,
+ type2.targetname,
+ type2.challange,
+ &type2.targetinfo,
+ ntlmv2,
+ &type3.ntlm);
+ free(key.data);
+
+ if (flags & NTLM_NEG_KEYEX) {
+ struct ntlm_buf sessionkey;
+ heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
+ &sessionkey,
+ &type3.sessionkey);
+ free(sessionkey.data);
+ }
+ }
+
+ ret = heim_ntlm_encode_type3(&type3, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type3");
+
+ input.length = data.length;
+ input.value = data.data;
+
+ maj_stat = gss_accept_sec_context(&min_stat,
+ &ctx,
+ GSS_C_NO_CREDENTIAL,
+ &input,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ NULL,
+ NULL,
+ &output,
+ NULL,
+ NULL,
+ NULL);
+ free(input.value);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "accept_sec_context v2 2 %s",
+ gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
+
+ gss_delete_sec_context(&min_stat, &ctx, NULL);
+
+ return 0;
+}
+
+
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret = 0, optind = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ ret += test_libntlm_v1(0);
+ ret += test_libntlm_v1(NTLM_NEG_KEYEX);
+
+ ret += test_libntlm_v2(0);
+ ret += test_libntlm_v2(NTLM_NEG_KEYEX);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/test_oid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/test_oid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/test_oid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <gssapi.h>
+#include <err.h>
+#include <roken.h>
+
+RCSID("$Id: test_oid.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+
+int
+main(int argc, char **argv)
+{
+ OM_uint32 minor_status, maj_stat;
+ gss_buffer_desc data;
+ int ret;
+
+ maj_stat = gss_oid_to_str(&minor_status, GSS_KRB5_MECHANISM, &data);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "gss_oid_to_str failed");
+
+ ret = strcmp(data.value, "1 2 840 113554 1 2 2");
+ gss_release_buffer(&maj_stat, &data);
+ if (ret)
+ return 1;
+
+ maj_stat = gss_oid_to_str(&minor_status, GSS_C_NT_EXPORT_NAME, &data);
+ if (GSS_ERROR(maj_stat))
+ errx(1, "gss_oid_to_str failed");
+
+ ret = strcmp(data.value, "1 3 6 1 5 6 4");
+ gss_release_buffer(&maj_stat, &data);
+ if (ret)
+ return 1;
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/gssapi/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/lib/gssapi/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/lib/gssapi/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,97 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+HEIMDAL_GSS_1.0 {
+ global:
+ GSS_KRB5_MECHANISM;
+ GSS_NTLM_MECHANISM;
+ GSS_SPNEGO_MECHANISM;
+ GSS_SASL_DIGEST_MD5_MECHANISM;
+ GSS_C_NT_ANONYMOUS;
+ GSS_C_NT_EXPORT_NAME;
+ GSS_C_NT_HOSTBASED_SERVICE;
+ GSS_C_NT_HOSTBASED_SERVICE_X;
+ GSS_C_NT_MACHINE_UID_NAME;
+ GSS_C_NT_STRING_UID_NAME;
+ GSS_C_NT_USER_NAME;
+ GSS_KRB5_NT_PRINCIPAL_NAME;
+ GSS_KRB5_NT_USER_NAME;
+ GSS_KRB5_NT_MACHINE_UID_NAME;
+ GSS_KRB5_NT_STRING_UID_NAME;
+ gss_acquire_cred;
+ gss_release_cred;
+ gss_init_sec_context;
+ gss_accept_sec_context;
+ gss_process_context_token;
+ gss_delete_sec_context;
+ gss_context_time;
+ gss_get_mic;
+ gss_verify_mic;
+ gss_wrap;
+ gss_unwrap;
+ gss_display_status;
+ gss_indicate_mechs;
+ gss_compare_name;
+ gss_display_name;
+ gss_import_name;
+ gss_export_name;
+ gss_release_name;
+ gss_release_buffer;
+ gss_release_oid_set;
+ gss_inquire_cred;
+ gss_inquire_context;
+ gss_wrap_size_limit;
+ gss_add_cred;
+ gss_inquire_cred_by_mech;
+ gss_export_sec_context;
+ gss_import_sec_context;
+ gss_create_empty_oid_set;
+ gss_add_oid_set_member;
+ gss_test_oid_set_member;
+ gss_inquire_names_for_mech;
+ gss_inquire_mechs_for_name;
+ gss_canonicalize_name;
+ gss_duplicate_name;
+ gss_duplicate_oid;
+ gss_release_oid;
+ gss_oid_to_str;
+ gss_inquire_sec_context_by_oid;
+ gss_set_sec_context_option;
+ gss_set_cred_option;
+ gss_oid_equal;
+ gss_create_empty_buffer_set;
+ gss_add_buffer_set_member;
+ gss_release_buffer_set;
+ gss_inquire_cred_by_oid;
+ gss_pseudo_random;
+ gss_sign;
+ gss_verify;
+ gss_seal;
+ gss_unseal;
+ gss_inquire_sec_context_by_oid;
+ gss_encapsulate_token;
+ gss_decapsulate_token;
+ gss_krb5_ccache_name;
+ gsskrb5_register_acceptor_identity;
+ gss_krb5_copy_ccache;
+ gss_krb5_import_cred;
+ gss_krb5_get_tkt_flags;
+ gsskrb5_extract_authz_data_from_sec_context;
+ gsskrb5_set_dns_canonicalize;
+ gsskrb5_set_send_to_kdc;
+ gsskrb5_set_default_realm;
+ gsskrb5_extract_authtime_from_sec_context;
+ gsskrb5_extract_service_keyblock;
+ gsskrb5_get_initiator_subkey;
+ gsskrb5_get_subkey;
+ gss_krb5_export_lucid_sec_context;
+ gss_krb5_free_lucid_sec_context;
+ gss_krb5_set_allowable_enctypes;
+
+ # _gsskrb5cfx_ are really internal symbols, but export
+ # then now to make testing easier.
+ _gsskrb5cfx_max_wrap_length_cfx;
+ _gsskrb5cfx_wrap_length_cfx;
+
+ local:
+ *;
+};
Added: vendor-crypto/heimdal/dist/lib/hdb/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,115 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_hcrypto)
+
+BUILT_SOURCES = \
+ $(gen_files_hdb:.x=.c) \
+ hdb_err.c \
+ hdb_err.h
+
+gen_files_hdb = \
+ asn1_Salt.x \
+ asn1_Key.x \
+ asn1_Event.x \
+ asn1_HDBFlags.x \
+ asn1_GENERATION.x \
+ asn1_HDB_Ext_PKINIT_acl.x \
+ asn1_HDB_Ext_PKINIT_hash.x \
+ asn1_HDB_Ext_Constrained_delegation_acl.x \
+ asn1_HDB_Ext_Lan_Manager_OWF.x \
+ asn1_HDB_Ext_Password.x \
+ asn1_HDB_Ext_Aliases.x \
+ asn1_HDB_extension.x \
+ asn1_HDB_extensions.x \
+ asn1_hdb_entry.x \
+ asn1_hdb_entry_alias.x
+
+CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files
+
+LDADD = libhdb.la \
+ $(LIB_openldap) \
+ ../krb5/libkrb5.la \
+ ../asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(LIB_ldopen)
+
+if OPENLDAP_MODULE
+
+ldap_so = hdb_ldap.la
+hdb_ldap_la_SOURCES = hdb-ldap.c
+hdb_ldap_la_LDFLAGS = -module
+
+else
+
+ldap = hdb-ldap.c
+
+endif
+
+
+lib_LTLIBRARIES = libhdb.la $(ldap_so)
+libhdb_la_LDFLAGS = -version-info 11:0:2
+
+noinst_PROGRAMS = test_dbinfo
+
+dist_libhdb_la_SOURCES = \
+ common.c \
+ db.c \
+ db3.c \
+ ext.c \
+ $(ldap) \
+ hdb.c \
+ hdb_locl.h \
+ hdb-private.h \
+ keys.c \
+ keytab.c \
+ dbinfo.c \
+ mkey.c \
+ ndbm.c \
+ print.c
+
+nodist_libhdb_la_SOURCES = $(BUILT_SOURCES)
+
+AM_CPPFLAGS += $(INCLUDE_openldap)
+
+include_HEADERS = hdb.h hdb-protos.h
+nodist_include_HEADERS = hdb_err.h hdb_asn1.h
+
+libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\"
+
+libhdb_la_LIBADD = \
+ $(LIB_com_err) \
+ ../krb5/libkrb5.la \
+ ../asn1/libasn1.la \
+ $(LIBADD_roken) \
+ $(LIB_openldap) \
+ $(LIB_dlopen) \
+ $(DBLIB) \
+ $(LIB_NDBM)
+
+$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
+
+$(srcdir)/hdb-protos.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h
+
+$(srcdir)/hdb-private.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h
+
+$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files
+
+hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
+ ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
+
+$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
+
+test_dbinfo_SOURCES = test_dbinfo.c
+
+test_dbinfo_LIBS = libhdb.la
+
+# to help stupid solaris make
+
+hdb_err.h: hdb_err.et
+
+EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema
Added: vendor-crypto/heimdal/dist/lib/hdb/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1060 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+noinst_PROGRAMS = test_dbinfo$(EXEEXT)
+subdir = lib/hdb
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \
+ "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+hdb_ldap_la_LIBADD =
+am__hdb_ldap_la_SOURCES_DIST = hdb-ldap.c
+ at OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_OBJECTS = hdb-ldap.lo
+hdb_ldap_la_OBJECTS = $(am_hdb_ldap_la_OBJECTS)
+hdb_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(hdb_ldap_la_LDFLAGS) $(LDFLAGS) -o $@
+ at OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_rpath = -rpath $(libdir)
+am__DEPENDENCIES_1 =
+libhdb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \
+ ../asn1/libasn1.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am__dist_libhdb_la_SOURCES_DIST = common.c db.c db3.c ext.c hdb-ldap.c \
+ hdb.c hdb_locl.h hdb-private.h keys.c keytab.c dbinfo.c mkey.c \
+ ndbm.c print.c
+ at OPENLDAP_MODULE_FALSE@am__objects_1 = libhdb_la-hdb-ldap.lo
+dist_libhdb_la_OBJECTS = libhdb_la-common.lo libhdb_la-db.lo \
+ libhdb_la-db3.lo libhdb_la-ext.lo $(am__objects_1) \
+ libhdb_la-hdb.lo libhdb_la-keys.lo libhdb_la-keytab.lo \
+ libhdb_la-dbinfo.lo libhdb_la-mkey.lo libhdb_la-ndbm.lo \
+ libhdb_la-print.lo
+am__objects_2 = libhdb_la-asn1_Salt.lo libhdb_la-asn1_Key.lo \
+ libhdb_la-asn1_Event.lo libhdb_la-asn1_HDBFlags.lo \
+ libhdb_la-asn1_GENERATION.lo \
+ libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo \
+ libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo \
+ libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo \
+ libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo \
+ libhdb_la-asn1_HDB_Ext_Password.lo \
+ libhdb_la-asn1_HDB_Ext_Aliases.lo \
+ libhdb_la-asn1_HDB_extension.lo \
+ libhdb_la-asn1_HDB_extensions.lo libhdb_la-asn1_hdb_entry.lo \
+ libhdb_la-asn1_hdb_entry_alias.lo
+am__objects_3 = $(am__objects_2) libhdb_la-hdb_err.lo
+nodist_libhdb_la_OBJECTS = $(am__objects_3)
+libhdb_la_OBJECTS = $(dist_libhdb_la_OBJECTS) \
+ $(nodist_libhdb_la_OBJECTS)
+libhdb_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libhdb_la_LDFLAGS) $(LDFLAGS) -o $@
+PROGRAMS = $(noinst_PROGRAMS)
+am_test_dbinfo_OBJECTS = test_dbinfo.$(OBJEXT)
+test_dbinfo_OBJECTS = $(am_test_dbinfo_OBJECTS)
+test_dbinfo_LDADD = $(LDADD)
+test_dbinfo_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \
+ ../krb5/libkrb5.la ../asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(hdb_ldap_la_SOURCES) $(dist_libhdb_la_SOURCES) \
+ $(nodist_libhdb_la_SOURCES) $(test_dbinfo_SOURCES)
+DIST_SOURCES = $(am__hdb_ldap_la_SOURCES_DIST) \
+ $(am__dist_libhdb_la_SOURCES_DIST) $(test_dbinfo_SOURCES)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS) $(nodist_include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 \
+ -I$(srcdir)/../asn1 $(INCLUDE_hcrypto) $(INCLUDE_openldap)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+BUILT_SOURCES = \
+ $(gen_files_hdb:.x=.c) \
+ hdb_err.c \
+ hdb_err.h
+
+gen_files_hdb = \
+ asn1_Salt.x \
+ asn1_Key.x \
+ asn1_Event.x \
+ asn1_HDBFlags.x \
+ asn1_GENERATION.x \
+ asn1_HDB_Ext_PKINIT_acl.x \
+ asn1_HDB_Ext_PKINIT_hash.x \
+ asn1_HDB_Ext_Constrained_delegation_acl.x \
+ asn1_HDB_Ext_Lan_Manager_OWF.x \
+ asn1_HDB_Ext_Password.x \
+ asn1_HDB_Ext_Aliases.x \
+ asn1_HDB_extension.x \
+ asn1_HDB_extensions.x \
+ asn1_hdb_entry.x \
+ asn1_hdb_entry_alias.x
+
+CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files
+LDADD = libhdb.la \
+ $(LIB_openldap) \
+ ../krb5/libkrb5.la \
+ ../asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(LIB_ldopen)
+
+ at OPENLDAP_MODULE_TRUE@ldap_so = hdb_ldap.la
+ at OPENLDAP_MODULE_TRUE@hdb_ldap_la_SOURCES = hdb-ldap.c
+ at OPENLDAP_MODULE_TRUE@hdb_ldap_la_LDFLAGS = -module
+ at OPENLDAP_MODULE_FALSE@ldap = hdb-ldap.c
+lib_LTLIBRARIES = libhdb.la $(ldap_so)
+libhdb_la_LDFLAGS = -version-info 11:0:2
+dist_libhdb_la_SOURCES = \
+ common.c \
+ db.c \
+ db3.c \
+ ext.c \
+ $(ldap) \
+ hdb.c \
+ hdb_locl.h \
+ hdb-private.h \
+ keys.c \
+ keytab.c \
+ dbinfo.c \
+ mkey.c \
+ ndbm.c \
+ print.c
+
+nodist_libhdb_la_SOURCES = $(BUILT_SOURCES)
+include_HEADERS = hdb.h hdb-protos.h
+nodist_include_HEADERS = hdb_err.h hdb_asn1.h
+libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\"
+libhdb_la_LIBADD = \
+ $(LIB_com_err) \
+ ../krb5/libkrb5.la \
+ ../asn1/libasn1.la \
+ $(LIBADD_roken) \
+ $(LIB_openldap) \
+ $(LIB_dlopen) \
+ $(DBLIB) \
+ $(LIB_NDBM)
+
+test_dbinfo_SOURCES = test_dbinfo.c
+test_dbinfo_LIBS = libhdb.la
+EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/hdb/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/hdb/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+hdb_ldap.la: $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_DEPENDENCIES)
+ $(hdb_ldap_la_LINK) $(am_hdb_ldap_la_rpath) $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_LIBADD) $(LIBS)
+libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES)
+ $(libhdb_la_LINK) -rpath $(libdir) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS)
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+test_dbinfo$(EXEEXT): $(test_dbinfo_OBJECTS) $(test_dbinfo_DEPENDENCIES)
+ @rm -f test_dbinfo$(EXEEXT)
+ $(LINK) $(test_dbinfo_OBJECTS) $(test_dbinfo_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+libhdb_la-common.lo: common.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-common.lo `test -f 'common.c' || echo '$(srcdir)/'`common.c
+
+libhdb_la-db.lo: db.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
+
+libhdb_la-db3.lo: db3.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db3.lo `test -f 'db3.c' || echo '$(srcdir)/'`db3.c
+
+libhdb_la-ext.lo: ext.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ext.lo `test -f 'ext.c' || echo '$(srcdir)/'`ext.c
+
+libhdb_la-hdb-ldap.lo: hdb-ldap.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb-ldap.lo `test -f 'hdb-ldap.c' || echo '$(srcdir)/'`hdb-ldap.c
+
+libhdb_la-hdb.lo: hdb.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb.lo `test -f 'hdb.c' || echo '$(srcdir)/'`hdb.c
+
+libhdb_la-keys.lo: keys.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keys.lo `test -f 'keys.c' || echo '$(srcdir)/'`keys.c
+
+libhdb_la-keytab.lo: keytab.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c
+
+libhdb_la-dbinfo.lo: dbinfo.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-dbinfo.lo `test -f 'dbinfo.c' || echo '$(srcdir)/'`dbinfo.c
+
+libhdb_la-mkey.lo: mkey.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-mkey.lo `test -f 'mkey.c' || echo '$(srcdir)/'`mkey.c
+
+libhdb_la-ndbm.lo: ndbm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ndbm.lo `test -f 'ndbm.c' || echo '$(srcdir)/'`ndbm.c
+
+libhdb_la-print.lo: print.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c
+
+libhdb_la-asn1_Salt.lo: asn1_Salt.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Salt.lo `test -f 'asn1_Salt.c' || echo '$(srcdir)/'`asn1_Salt.c
+
+libhdb_la-asn1_Key.lo: asn1_Key.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Key.lo `test -f 'asn1_Key.c' || echo '$(srcdir)/'`asn1_Key.c
+
+libhdb_la-asn1_Event.lo: asn1_Event.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Event.lo `test -f 'asn1_Event.c' || echo '$(srcdir)/'`asn1_Event.c
+
+libhdb_la-asn1_HDBFlags.lo: asn1_HDBFlags.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDBFlags.lo `test -f 'asn1_HDBFlags.c' || echo '$(srcdir)/'`asn1_HDBFlags.c
+
+libhdb_la-asn1_GENERATION.lo: asn1_GENERATION.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_GENERATION.lo `test -f 'asn1_GENERATION.c' || echo '$(srcdir)/'`asn1_GENERATION.c
+
+libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo: asn1_HDB_Ext_PKINIT_acl.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo `test -f 'asn1_HDB_Ext_PKINIT_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_acl.c
+
+libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo: asn1_HDB_Ext_PKINIT_hash.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo `test -f 'asn1_HDB_Ext_PKINIT_hash.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_hash.c
+
+libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo: asn1_HDB_Ext_Constrained_delegation_acl.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo `test -f 'asn1_HDB_Ext_Constrained_delegation_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Constrained_delegation_acl.c
+
+libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo: asn1_HDB_Ext_Lan_Manager_OWF.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo `test -f 'asn1_HDB_Ext_Lan_Manager_OWF.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Lan_Manager_OWF.c
+
+libhdb_la-asn1_HDB_Ext_Password.lo: asn1_HDB_Ext_Password.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Password.lo `test -f 'asn1_HDB_Ext_Password.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Password.c
+
+libhdb_la-asn1_HDB_Ext_Aliases.lo: asn1_HDB_Ext_Aliases.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Aliases.lo `test -f 'asn1_HDB_Ext_Aliases.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Aliases.c
+
+libhdb_la-asn1_HDB_extension.lo: asn1_HDB_extension.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extension.lo `test -f 'asn1_HDB_extension.c' || echo '$(srcdir)/'`asn1_HDB_extension.c
+
+libhdb_la-asn1_HDB_extensions.lo: asn1_HDB_extensions.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extensions.lo `test -f 'asn1_HDB_extensions.c' || echo '$(srcdir)/'`asn1_HDB_extensions.c
+
+libhdb_la-asn1_hdb_entry.lo: asn1_hdb_entry.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry.lo `test -f 'asn1_hdb_entry.c' || echo '$(srcdir)/'`asn1_hdb_entry.c
+
+libhdb_la-asn1_hdb_entry_alias.lo: asn1_hdb_entry_alias.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry_alias.lo `test -f 'asn1_hdb_entry_alias.c' || echo '$(srcdir)/'`asn1_hdb_entry_alias.c
+
+libhdb_la-hdb_err.lo: hdb_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb_err.lo `test -f 'hdb_err.c' || echo '$(srcdir)/'`hdb_err.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS install-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \
+ uninstall-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-includeHEADERS install-info install-info-am \
+ install-libLTLIBRARIES install-man \
+ install-nodist_includeHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook \
+ uninstall-includeHEADERS uninstall-libLTLIBRARIES \
+ uninstall-nodist_includeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h
+
+$(srcdir)/hdb-protos.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h
+
+$(srcdir)/hdb-private.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h
+
+$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files
+
+hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1
+ ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1
+
+$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h
+
+# to help stupid solaris make
+
+hdb_err.h: hdb_err.et
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/hdb/common.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/common.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,283 @@
+/*
+ * Copyright (c) 1997-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: common.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+int
+hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key)
+{
+ Principal new;
+ size_t len;
+ int ret;
+
+ ret = copy_Principal(p, &new);
+ if(ret)
+ return ret;
+ new.name.name_type = 0;
+
+ ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
+ if (ret == 0 && key->length != len)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ free_Principal(&new);
+ return ret;
+}
+
+int
+hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
+{
+ return decode_Principal(key->data, key->length, p, NULL);
+}
+
+int
+hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value)
+{
+ size_t len;
+ int ret;
+
+ ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
+ if (ret == 0 && value->length != len)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ return ret;
+}
+
+int
+hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent)
+{
+ return decode_hdb_entry(value->data, value->length, ent, NULL);
+}
+
+int
+hdb_entry_alias2value(krb5_context context,
+ const hdb_entry_alias *alias,
+ krb5_data *value)
+{
+ size_t len;
+ int ret;
+
+ ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length,
+ alias, &len, ret);
+ if (ret == 0 && value->length != len)
+ krb5_abortx(context, "internal asn.1 encoder error");
+ return ret;
+}
+
+int
+hdb_value2entry_alias(krb5_context context, krb5_data *value,
+ hdb_entry_alias *ent)
+{
+ return decode_hdb_entry_alias(value->data, value->length, ent, NULL);
+}
+
+krb5_error_code
+_hdb_fetch(krb5_context context, HDB *db, krb5_const_principal principal,
+ unsigned flags, hdb_entry_ex *entry)
+{
+ krb5_data key, value;
+ int code;
+
+ hdb_principal2key(context, principal, &key);
+ code = db->hdb__get(context, db, key, &value);
+ krb5_data_free(&key);
+ if(code)
+ return code;
+ code = hdb_value2entry(context, &value, &entry->entry);
+ if (code == ASN1_BAD_ID && (flags & HDB_F_CANON) == 0) {
+ krb5_data_free(&value);
+ return HDB_ERR_NOENTRY;
+ } else if (code == ASN1_BAD_ID) {
+ hdb_entry_alias alias;
+
+ code = hdb_value2entry_alias(context, &value, &alias);
+ if (code) {
+ krb5_data_free(&value);
+ return code;
+ }
+ hdb_principal2key(context, alias.principal, &key);
+ krb5_data_free(&value);
+ free_hdb_entry_alias(&alias);
+
+ code = db->hdb__get(context, db, key, &value);
+ krb5_data_free(&key);
+ if (code)
+ return code;
+ code = hdb_value2entry(context, &value, &entry->entry);
+ if (code) {
+ krb5_data_free(&value);
+ return code;
+ }
+ }
+ krb5_data_free(&value);
+ if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
+ code = hdb_unseal_keys (context, db, &entry->entry);
+ if (code)
+ hdb_free_entry(context, entry);
+ }
+ return code;
+}
+
+static krb5_error_code
+hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
+{
+ const HDB_Ext_Aliases *aliases;
+ krb5_error_code code;
+ hdb_entry oldentry;
+ krb5_data value;
+ int i;
+
+ code = db->hdb__get(context, db, *key, &value);
+ if (code == HDB_ERR_NOENTRY)
+ return 0;
+ else if (code)
+ return code;
+
+ code = hdb_value2entry(context, &value, &oldentry);
+ krb5_data_free(&value);
+ if (code)
+ return code;
+
+ code = hdb_entry_get_aliases(&oldentry, &aliases);
+ if (code || aliases == NULL) {
+ free_hdb_entry(&oldentry);
+ return code;
+ }
+ for (i = 0; i < aliases->aliases.len; i++) {
+ krb5_data akey;
+
+ hdb_principal2key(context, &aliases->aliases.val[i], &akey);
+ code = db->hdb__del(context, db, akey);
+ krb5_data_free(&akey);
+ if (code) {
+ free_hdb_entry(&oldentry);
+ return code;
+ }
+ }
+ free_hdb_entry(&oldentry);
+ return 0;
+}
+
+static krb5_error_code
+hdb_add_aliases(krb5_context context, HDB *db,
+ unsigned flags, hdb_entry_ex *entry)
+{
+ const HDB_Ext_Aliases *aliases;
+ krb5_error_code code;
+ krb5_data key, value;
+ int i;
+
+ code = hdb_entry_get_aliases(&entry->entry, &aliases);
+ if (code || aliases == NULL)
+ return code;
+
+ for (i = 0; i < aliases->aliases.len; i++) {
+ hdb_entry_alias entryalias;
+ entryalias.principal = entry->entry.principal;
+
+ hdb_principal2key(context, &aliases->aliases.val[i], &key);
+ code = hdb_entry_alias2value(context, &entryalias, &value);
+ if (code) {
+ krb5_data_free(&key);
+ return code;
+ }
+ code = db->hdb__put(context, db, flags, key, value);
+ krb5_data_free(&key);
+ krb5_data_free(&value);
+ if (code)
+ return code;
+ }
+ return 0;
+}
+
+krb5_error_code
+_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
+{
+ krb5_data key, value;
+ int code;
+
+ if(entry->entry.generation == NULL) {
+ struct timeval t;
+ entry->entry.generation = malloc(sizeof(*entry->entry.generation));
+ if(entry->entry.generation == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ gettimeofday(&t, NULL);
+ entry->entry.generation->time = t.tv_sec;
+ entry->entry.generation->usec = t.tv_usec;
+ entry->entry.generation->gen = 0;
+ } else
+ entry->entry.generation->gen++;
+ hdb_principal2key(context, entry->entry.principal, &key);
+ code = hdb_seal_keys(context, db, &entry->entry);
+ if (code) {
+ krb5_data_free(&key);
+ return code;
+ }
+
+ /* remove aliases */
+ code = hdb_remove_aliases(context, db, &key);
+ if (code) {
+ krb5_data_free(&key);
+ return code;
+ }
+ hdb_entry2value(context, &entry->entry, &value);
+ code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
+ krb5_data_free(&value);
+ krb5_data_free(&key);
+ if (code)
+ return code;
+
+ code = hdb_add_aliases(context, db, flags, entry);
+
+ return code;
+}
+
+krb5_error_code
+_hdb_remove(krb5_context context, HDB *db, krb5_const_principal principal)
+{
+ krb5_data key;
+ int code;
+
+ hdb_principal2key(context, principal, &key);
+
+ code = hdb_remove_aliases(context, db, &key);
+ if (code) {
+ krb5_data_free(&key);
+ return code;
+ }
+ code = db->hdb__del(context, db, key);
+ krb5_data_free(&key);
+ return code;
+}
+
Added: vendor-crypto/heimdal/dist/lib/hdb/db.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/db.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/db.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,337 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: db.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if HAVE_DB1
+
+#if defined(HAVE_DB_185_H)
+#include <db_185.h>
+#elif defined(HAVE_DB_H)
+#include <db.h>
+#endif
+
+static krb5_error_code
+DB_close(krb5_context context, HDB *db)
+{
+ DB *d = (DB*)db->hdb_db;
+ (*d->close)(d);
+ return 0;
+}
+
+static krb5_error_code
+DB_destroy(krb5_context context, HDB *db)
+{
+ krb5_error_code ret;
+
+ ret = hdb_clear_master_key (context, db);
+ free(db->hdb_name);
+ free(db);
+ return ret;
+}
+
+static krb5_error_code
+DB_lock(krb5_context context, HDB *db, int operation)
+{
+ DB *d = (DB*)db->hdb_db;
+ int fd = (*d->fd)(d);
+ if(fd < 0) {
+ krb5_set_error_string(context,
+ "Can't lock database: %s", db->hdb_name);
+ return HDB_ERR_CANT_LOCK_DB;
+ }
+ return hdb_lock(fd, operation);
+}
+
+static krb5_error_code
+DB_unlock(krb5_context context, HDB *db)
+{
+ DB *d = (DB*)db->hdb_db;
+ int fd = (*d->fd)(d);
+ if(fd < 0) {
+ krb5_set_error_string(context,
+ "Can't unlock database: %s", db->hdb_name);
+ return HDB_ERR_CANT_LOCK_DB;
+ }
+ return hdb_unlock(fd);
+}
+
+
+static krb5_error_code
+DB_seq(krb5_context context, HDB *db,
+ unsigned flags, hdb_entry_ex *entry, int flag)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT key, value;
+ krb5_data key_data, data;
+ int code;
+
+ code = db->hdb_lock(context, db, HDB_RLOCK);
+ if(code == -1) {
+ krb5_set_error_string(context, "Database %s in use", db->hdb_name);
+ return HDB_ERR_DB_INUSE;
+ }
+ code = (*d->seq)(d, &key, &value, flag);
+ db->hdb_unlock(context, db); /* XXX check value */
+ if(code == -1) {
+ code = errno;
+ krb5_set_error_string(context, "Database %s seq error: %s",
+ db->hdb_name, strerror(code));
+ return code;
+ }
+ if(code == 1) {
+ krb5_clear_error_string(context);
+ return HDB_ERR_NOENTRY;
+ }
+
+ key_data.data = key.data;
+ key_data.length = key.size;
+ data.data = value.data;
+ data.length = value.size;
+ memset(entry, 0, sizeof(*entry));
+ if (hdb_value2entry(context, &data, &entry->entry))
+ return DB_seq(context, db, flags, entry, R_NEXT);
+ if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
+ code = hdb_unseal_keys (context, db, &entry->entry);
+ if (code)
+ hdb_free_entry (context, entry);
+ }
+ if (code == 0 && entry->entry.principal == NULL) {
+ entry->entry.principal = malloc(sizeof(*entry->entry.principal));
+ if (entry->entry.principal == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ code = ENOMEM;
+ hdb_free_entry (context, entry);
+ } else {
+ hdb_key2principal(context, &key_data, entry->entry.principal);
+ }
+ }
+ return code;
+}
+
+
+static krb5_error_code
+DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
+{
+ return DB_seq(context, db, flags, entry, R_FIRST);
+}
+
+
+static krb5_error_code
+DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
+{
+ return DB_seq(context, db, flags, entry, R_NEXT);
+}
+
+static krb5_error_code
+DB_rename(krb5_context context, HDB *db, const char *new_name)
+{
+ int ret;
+ char *old, *new;
+
+ asprintf(&old, "%s.db", db->hdb_name);
+ asprintf(&new, "%s.db", new_name);
+ ret = rename(old, new);
+ free(old);
+ free(new);
+ if(ret)
+ return errno;
+
+ free(db->hdb_name);
+ db->hdb_name = strdup(new_name);
+ return 0;
+}
+
+static krb5_error_code
+DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT k, v;
+ int code;
+
+ k.data = key.data;
+ k.size = key.length;
+ code = db->hdb_lock(context, db, HDB_RLOCK);
+ if(code)
+ return code;
+ code = (*d->get)(d, &k, &v, 0);
+ db->hdb_unlock(context, db);
+ if(code < 0) {
+ code = errno;
+ krb5_set_error_string(context, "Database %s get error: %s",
+ db->hdb_name, strerror(code));
+ return code;
+ }
+ if(code == 1) {
+ krb5_clear_error_string(context);
+ return HDB_ERR_NOENTRY;
+ }
+
+ krb5_data_copy(reply, v.data, v.size);
+ return 0;
+}
+
+static krb5_error_code
+DB__put(krb5_context context, HDB *db, int replace,
+ krb5_data key, krb5_data value)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT k, v;
+ int code;
+
+ k.data = key.data;
+ k.size = key.length;
+ v.data = value.data;
+ v.size = value.length;
+ code = db->hdb_lock(context, db, HDB_WLOCK);
+ if(code)
+ return code;
+ code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE);
+ db->hdb_unlock(context, db);
+ if(code < 0) {
+ code = errno;
+ krb5_set_error_string(context, "Database %s put error: %s",
+ db->hdb_name, strerror(code));
+ return code;
+ }
+ if(code == 1) {
+ krb5_clear_error_string(context);
+ return HDB_ERR_EXISTS;
+ }
+ return 0;
+}
+
+static krb5_error_code
+DB__del(krb5_context context, HDB *db, krb5_data key)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT k;
+ krb5_error_code code;
+ k.data = key.data;
+ k.size = key.length;
+ code = db->hdb_lock(context, db, HDB_WLOCK);
+ if(code)
+ return code;
+ code = (*d->del)(d, &k, 0);
+ db->hdb_unlock(context, db);
+ if(code == 1) {
+ code = errno;
+ krb5_set_error_string(context, "Database %s put error: %s",
+ db->hdb_name, strerror(code));
+ return code;
+ }
+ if(code < 0)
+ return errno;
+ return 0;
+}
+
+static krb5_error_code
+DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
+{
+ char *fn;
+ krb5_error_code ret;
+
+ asprintf(&fn, "%s.db", db->hdb_name);
+ if (fn == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL);
+ free(fn);
+ /* try to open without .db extension */
+ if(db->hdb_db == NULL && errno == ENOENT)
+ db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL);
+ if(db->hdb_db == NULL) {
+ ret = errno;
+ krb5_set_error_string(context, "dbopen (%s): %s",
+ db->hdb_name, strerror(ret));
+ return ret;
+ }
+ if((flags & O_ACCMODE) == O_RDONLY)
+ ret = hdb_check_db_format(context, db);
+ else
+ ret = hdb_init_db(context, db);
+ if(ret == HDB_ERR_NOENTRY) {
+ krb5_clear_error_string(context);
+ return 0;
+ }
+ if (ret) {
+ DB_close(context, db);
+ krb5_set_error_string(context, "hdb_open: failed %s database %s",
+ (flags & O_ACCMODE) == O_RDONLY ?
+ "checking format of" : "initialize",
+ db->hdb_name);
+ }
+ return ret;
+}
+
+krb5_error_code
+hdb_db_create(krb5_context context, HDB **db,
+ const char *filename)
+{
+ *db = calloc(1, sizeof(**db));
+ if (*db == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ (*db)->hdb_db = NULL;
+ (*db)->hdb_name = strdup(filename);
+ if ((*db)->hdb_name == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free(*db);
+ *db = NULL;
+ return ENOMEM;
+ }
+ (*db)->hdb_master_key_set = 0;
+ (*db)->hdb_openp = 0;
+ (*db)->hdb_open = DB_open;
+ (*db)->hdb_close = DB_close;
+ (*db)->hdb_fetch = _hdb_fetch;
+ (*db)->hdb_store = _hdb_store;
+ (*db)->hdb_remove = _hdb_remove;
+ (*db)->hdb_firstkey = DB_firstkey;
+ (*db)->hdb_nextkey= DB_nextkey;
+ (*db)->hdb_lock = DB_lock;
+ (*db)->hdb_unlock = DB_unlock;
+ (*db)->hdb_rename = DB_rename;
+ (*db)->hdb__get = DB__get;
+ (*db)->hdb__put = DB__put;
+ (*db)->hdb__del = DB__del;
+ (*db)->hdb_destroy = DB_destroy;
+ return 0;
+}
+
+#endif /* HAVE_DB1 */
Added: vendor-crypto/heimdal/dist/lib/hdb/db3.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/db3.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/db3.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: db3.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if HAVE_DB3
+
+#ifdef HAVE_DB4_DB_H
+#include <db4/db.h>
+#elif defined(HAVE_DB3_DB_H)
+#include <db3/db.h>
+#else
+#include <db.h>
+#endif
+
+static krb5_error_code
+DB_close(krb5_context context, HDB *db)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBC *dbcp = (DBC*)db->hdb_dbc;
+
+ (*dbcp->c_close)(dbcp);
+ db->hdb_dbc = 0;
+ (*d->close)(d, 0);
+ return 0;
+}
+
+static krb5_error_code
+DB_destroy(krb5_context context, HDB *db)
+{
+ krb5_error_code ret;
+
+ ret = hdb_clear_master_key (context, db);
+ free(db->hdb_name);
+ free(db);
+ return ret;
+}
+
+static krb5_error_code
+DB_lock(krb5_context context, HDB *db, int operation)
+{
+ DB *d = (DB*)db->hdb_db;
+ int fd;
+ if ((*d->fd)(d, &fd))
+ return HDB_ERR_CANT_LOCK_DB;
+ return hdb_lock(fd, operation);
+}
+
+static krb5_error_code
+DB_unlock(krb5_context context, HDB *db)
+{
+ DB *d = (DB*)db->hdb_db;
+ int fd;
+ if ((*d->fd)(d, &fd))
+ return HDB_ERR_CANT_LOCK_DB;
+ return hdb_unlock(fd);
+}
+
+
+static krb5_error_code
+DB_seq(krb5_context context, HDB *db,
+ unsigned flags, hdb_entry_ex *entry, int flag)
+{
+ DBT key, value;
+ DBC *dbcp = db->hdb_dbc;
+ krb5_data key_data, data;
+ int code;
+
+ memset(&key, 0, sizeof(DBT));
+ memset(&value, 0, sizeof(DBT));
+ if ((*db->hdb_lock)(context, db, HDB_RLOCK))
+ return HDB_ERR_DB_INUSE;
+ code = (*dbcp->c_get)(dbcp, &key, &value, flag);
+ (*db->hdb_unlock)(context, db); /* XXX check value */
+ if (code == DB_NOTFOUND)
+ return HDB_ERR_NOENTRY;
+ if (code)
+ return code;
+
+ key_data.data = key.data;
+ key_data.length = key.size;
+ data.data = value.data;
+ data.length = value.size;
+ memset(entry, 0, sizeof(*entry));
+ if (hdb_value2entry(context, &data, &entry->entry))
+ return DB_seq(context, db, flags, entry, DB_NEXT);
+ if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
+ code = hdb_unseal_keys (context, db, &entry->entry);
+ if (code)
+ hdb_free_entry (context, entry);
+ }
+ if (entry->entry.principal == NULL) {
+ entry->entry.principal = malloc(sizeof(*entry->entry.principal));
+ if (entry->entry.principal == NULL) {
+ hdb_free_entry (context, entry);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ } else {
+ hdb_key2principal(context, &key_data, entry->entry.principal);
+ }
+ }
+ return 0;
+}
+
+
+static krb5_error_code
+DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
+{
+ return DB_seq(context, db, flags, entry, DB_FIRST);
+}
+
+
+static krb5_error_code
+DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
+{
+ return DB_seq(context, db, flags, entry, DB_NEXT);
+}
+
+static krb5_error_code
+DB_rename(krb5_context context, HDB *db, const char *new_name)
+{
+ int ret;
+ char *old, *new;
+
+ asprintf(&old, "%s.db", db->hdb_name);
+ asprintf(&new, "%s.db", new_name);
+ ret = rename(old, new);
+ free(old);
+ free(new);
+ if(ret)
+ return errno;
+
+ free(db->hdb_name);
+ db->hdb_name = strdup(new_name);
+ return 0;
+}
+
+static krb5_error_code
+DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT k, v;
+ int code;
+
+ memset(&k, 0, sizeof(DBT));
+ memset(&v, 0, sizeof(DBT));
+ k.data = key.data;
+ k.size = key.length;
+ k.flags = 0;
+ if ((code = (*db->hdb_lock)(context, db, HDB_RLOCK)))
+ return code;
+ code = (*d->get)(d, NULL, &k, &v, 0);
+ (*db->hdb_unlock)(context, db);
+ if(code == DB_NOTFOUND)
+ return HDB_ERR_NOENTRY;
+ if(code)
+ return code;
+
+ krb5_data_copy(reply, v.data, v.size);
+ return 0;
+}
+
+static krb5_error_code
+DB__put(krb5_context context, HDB *db, int replace,
+ krb5_data key, krb5_data value)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT k, v;
+ int code;
+
+ memset(&k, 0, sizeof(DBT));
+ memset(&v, 0, sizeof(DBT));
+ k.data = key.data;
+ k.size = key.length;
+ k.flags = 0;
+ v.data = value.data;
+ v.size = value.length;
+ v.flags = 0;
+ if ((code = (*db->hdb_lock)(context, db, HDB_WLOCK)))
+ return code;
+ code = (*d->put)(d, NULL, &k, &v, replace ? 0 : DB_NOOVERWRITE);
+ (*db->hdb_unlock)(context, db);
+ if(code == DB_KEYEXIST)
+ return HDB_ERR_EXISTS;
+ if(code)
+ return errno;
+ return 0;
+}
+
+static krb5_error_code
+DB__del(krb5_context context, HDB *db, krb5_data key)
+{
+ DB *d = (DB*)db->hdb_db;
+ DBT k;
+ krb5_error_code code;
+ memset(&k, 0, sizeof(DBT));
+ k.data = key.data;
+ k.size = key.length;
+ k.flags = 0;
+ code = (*db->hdb_lock)(context, db, HDB_WLOCK);
+ if(code)
+ return code;
+ code = (*d->del)(d, NULL, &k, 0);
+ (*db->hdb_unlock)(context, db);
+ if(code == DB_NOTFOUND)
+ return HDB_ERR_NOENTRY;
+ if(code)
+ return code;
+ return 0;
+}
+
+static krb5_error_code
+DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
+{
+ DBC *dbc = NULL;
+ char *fn;
+ krb5_error_code ret;
+ DB *d;
+ int myflags = 0;
+
+ if (flags & O_CREAT)
+ myflags |= DB_CREATE;
+
+ if (flags & O_EXCL)
+ myflags |= DB_EXCL;
+
+ if((flags & O_ACCMODE) == O_RDONLY)
+ myflags |= DB_RDONLY;
+
+ if (flags & O_TRUNC)
+ myflags |= DB_TRUNCATE;
+
+ asprintf(&fn, "%s.db", db->hdb_name);
+ if (fn == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ db_create(&d, NULL, 0);
+ db->hdb_db = d;
+
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
+ ret = (*d->open)(db->hdb_db, NULL, fn, NULL, DB_BTREE, myflags, mode);
+#else
+ ret = (*d->open)(db->hdb_db, fn, NULL, DB_BTREE, myflags, mode);
+#endif
+
+ if (ret == ENOENT) {
+ /* try to open without .db extension */
+#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1)
+ ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE,
+ myflags, mode);
+#else
+ ret = (*d->open)(db->hdb_db, db->hdb_name, NULL, DB_BTREE,
+ myflags, mode);
+#endif
+ }
+
+ if (ret) {
+ free(fn);
+ krb5_set_error_string(context, "opening %s: %s",
+ db->hdb_name, strerror(ret));
+ return ret;
+ }
+ free(fn);
+
+ ret = (*d->cursor)(d, NULL, &dbc, 0);
+ if (ret) {
+ krb5_set_error_string(context, "d->cursor: %s", strerror(ret));
+ return ret;
+ }
+ db->hdb_dbc = dbc;
+
+ if((flags & O_ACCMODE) == O_RDONLY)
+ ret = hdb_check_db_format(context, db);
+ else
+ ret = hdb_init_db(context, db);
+ if(ret == HDB_ERR_NOENTRY)
+ return 0;
+ if (ret) {
+ DB_close(context, db);
+ krb5_set_error_string(context, "hdb_open: failed %s database %s",
+ (flags & O_ACCMODE) == O_RDONLY ?
+ "checking format of" : "initialize",
+ db->hdb_name);
+ }
+
+ return ret;
+}
+
+krb5_error_code
+hdb_db_create(krb5_context context, HDB **db,
+ const char *filename)
+{
+ *db = calloc(1, sizeof(**db));
+ if (*db == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ (*db)->hdb_db = NULL;
+ (*db)->hdb_name = strdup(filename);
+ if ((*db)->hdb_name == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free(*db);
+ *db = NULL;
+ return ENOMEM;
+ }
+ (*db)->hdb_master_key_set = 0;
+ (*db)->hdb_openp = 0;
+ (*db)->hdb_open = DB_open;
+ (*db)->hdb_close = DB_close;
+ (*db)->hdb_fetch = _hdb_fetch;
+ (*db)->hdb_store = _hdb_store;
+ (*db)->hdb_remove = _hdb_remove;
+ (*db)->hdb_firstkey = DB_firstkey;
+ (*db)->hdb_nextkey= DB_nextkey;
+ (*db)->hdb_lock = DB_lock;
+ (*db)->hdb_unlock = DB_unlock;
+ (*db)->hdb_rename = DB_rename;
+ (*db)->hdb__get = DB__get;
+ (*db)->hdb__put = DB__put;
+ (*db)->hdb__del = DB__del;
+ (*db)->hdb_destroy = DB_destroy;
+ return 0;
+}
+#endif /* HAVE_DB3 */
Added: vendor-crypto/heimdal/dist/lib/hdb/dbinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/dbinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/dbinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: dbinfo.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct hdb_dbinfo {
+ char *label;
+ char *realm;
+ char *dbname;
+ char *mkey_file;
+ char *acl_file;
+ char *log_file;
+ const krb5_config_binding *binding;
+ struct hdb_dbinfo *next;
+};
+
+static int
+get_dbinfo(krb5_context context,
+ const krb5_config_binding *db_binding,
+ const char *label,
+ struct hdb_dbinfo **db)
+{
+ struct hdb_dbinfo *di;
+ const char *p;
+
+ *db = NULL;
+
+ p = krb5_config_get_string(context, db_binding, "dbname", NULL);
+ if(p == NULL)
+ return 0;
+
+ di = calloc(1, sizeof(*di));
+ if (di == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ di->label = strdup(label);
+ di->dbname = strdup(p);
+
+ p = krb5_config_get_string(context, db_binding, "realm", NULL);
+ if(p)
+ di->realm = strdup(p);
+ p = krb5_config_get_string(context, db_binding, "mkey_file", NULL);
+ if(p)
+ di->mkey_file = strdup(p);
+ p = krb5_config_get_string(context, db_binding, "acl_file", NULL);
+ if(p)
+ di->acl_file = strdup(p);
+ p = krb5_config_get_string(context, db_binding, "log_file", NULL);
+ if(p)
+ di->log_file = strdup(p);
+
+ di->binding = db_binding;
+
+ *db = di;
+ return 0;
+}
+
+
+int
+hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
+{
+ const krb5_config_binding *db_binding;
+ struct hdb_dbinfo *di, **dt, *databases;
+ const char *default_dbname = HDB_DEFAULT_DB;
+ const char *default_mkey = HDB_DB_DIR "/m-key";
+ const char *default_acl = HDB_DB_DIR "/kadmind.acl";
+ const char *p;
+ int ret;
+
+ *dbp = NULL;
+ dt = NULL;
+ databases = NULL;
+
+ db_binding = krb5_config_get(context, NULL, krb5_config_list,
+ "kdc",
+ "database",
+ NULL);
+ if (db_binding) {
+
+ ret = get_dbinfo(context, db_binding, "default", &di);
+ if (ret == 0 && di) {
+ databases = di;
+ dt = &di->next;
+ }
+
+ for ( ; db_binding != NULL; db_binding = db_binding->next) {
+
+ if (db_binding->type != krb5_config_list)
+ continue;
+
+ ret = get_dbinfo(context, db_binding->u.list,
+ db_binding->name, &di);
+ if (ret)
+ krb5_err(context, 1, ret, "failed getting realm");
+
+ if (di == NULL)
+ continue;
+
+ if (dt)
+ *dt = di;
+ else
+ databases = di;
+ dt = &di->next;
+
+ }
+ }
+
+ if(databases == NULL) {
+ /* if there are none specified, create one and use defaults */
+ di = calloc(1, sizeof(*di));
+ databases = di;
+ di->label = strdup("default");
+ }
+
+ for(di = databases; di; di = di->next) {
+ if(di->dbname == NULL) {
+ di->dbname = strdup(default_dbname);
+ if (di->mkey_file == NULL)
+ di->mkey_file = strdup(default_mkey);
+ }
+ if(di->mkey_file == NULL) {
+ p = strrchr(di->dbname, '.');
+ if(p == NULL || strchr(p, '/') != NULL)
+ /* final pathname component does not contain a . */
+ asprintf(&di->mkey_file, "%s.mkey", di->dbname);
+ else
+ /* the filename is something.else, replace .else with
+ .mkey */
+ asprintf(&di->mkey_file, "%.*s.mkey",
+ (int)(p - di->dbname), di->dbname);
+ }
+ if(di->acl_file == NULL)
+ di->acl_file = strdup(default_acl);
+ }
+ *dbp = databases;
+ return 0;
+}
+
+
+struct hdb_dbinfo *
+hdb_dbinfo_get_next(struct hdb_dbinfo *dbp, struct hdb_dbinfo *dbprevp)
+{
+ if (dbprevp == NULL)
+ return dbp;
+ else
+ return dbprevp->next;
+}
+
+const char *
+hdb_dbinfo_get_label(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->label;
+}
+
+const char *
+hdb_dbinfo_get_realm(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->realm;
+}
+
+const char *
+hdb_dbinfo_get_dbname(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->dbname;
+}
+
+const char *
+hdb_dbinfo_get_mkey_file(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->mkey_file;
+}
+
+const char *
+hdb_dbinfo_get_acl_file(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->acl_file;
+}
+
+const char *
+hdb_dbinfo_get_log_file(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->log_file;
+}
+
+const krb5_config_binding *
+hdb_dbinfo_get_binding(krb5_context context, struct hdb_dbinfo *dbp)
+{
+ return dbp->binding;
+}
+
+void
+hdb_free_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
+{
+ struct hdb_dbinfo *di, *ndi;
+
+ for(di = *dbp; di != NULL; di = ndi) {
+ ndi = di->next;
+ free (di->realm);
+ free (di->dbname);
+ if (di->mkey_file)
+ free (di->mkey_file);
+ free(di);
+ }
+ *dbp = NULL;
+}
+
+/**
+ * Return the directory where the hdb database resides.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return string pointing to directory.
+ */
+
+const char *
+hdb_db_dir(krb5_context context)
+{
+ return HDB_DB_DIR;
+}
+
+/**
+ * Return the default hdb database resides.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return string pointing to directory.
+ */
+
+const char *
+hdb_default_db(krb5_context context)
+{
+ return HDB_DEFAULT_DB;
+}
Added: vendor-crypto/heimdal/dist/lib/hdb/ext.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/ext.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/ext.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,418 @@
+/*
+ * Copyright (c) 2004 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+#include <der.h>
+
+RCSID("$Id: ext.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code
+hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
+{
+ int i;
+
+ if (ent->extensions == NULL)
+ return 0;
+
+ /*
+ * check for unknown extensions and if they where tagged mandatory
+ */
+
+ for (i = 0; i < ent->extensions->len; i++) {
+ if (ent->extensions->val[i].data.element !=
+ choice_HDB_extension_data_asn1_ellipsis)
+ continue;
+ if (ent->extensions->val[i].mandatory) {
+ krb5_set_error_string(context, "Principal have unknown "
+ "mandatory extension");
+ return HDB_ERR_MANDATORY_OPTION;
+ }
+ }
+ return 0;
+}
+
+HDB_extension *
+hdb_find_extension(const hdb_entry *entry, int type)
+{
+ int i;
+
+ if (entry->extensions == NULL)
+ return NULL;
+
+ for (i = 0; i < entry->extensions->len; i++)
+ if (entry->extensions->val[i].data.element == type)
+ return &entry->extensions->val[i];
+ return NULL;
+}
+
+/*
+ * Replace the extension `ext' in `entry'. Make a copy of the
+ * extension, so the caller must still free `ext' on both success and
+ * failure. Returns 0 or error code.
+ */
+
+krb5_error_code
+hdb_replace_extension(krb5_context context,
+ hdb_entry *entry,
+ const HDB_extension *ext)
+{
+ HDB_extension *ext2;
+ HDB_extension *es;
+ int ret;
+
+ ext2 = NULL;
+
+ if (entry->extensions == NULL) {
+ entry->extensions = calloc(1, sizeof(*entry->extensions));
+ if (entry->extensions == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) {
+ ext2 = hdb_find_extension(entry, ext->data.element);
+ } else {
+ /*
+ * This is an unknown extention, and we are asked to replace a
+ * possible entry in `entry' that is of the same type. This
+ * might seem impossible, but ASN.1 CHOICE comes to our
+ * rescue. The first tag in each branch in the CHOICE is
+ * unique, so just find the element in the list that have the
+ * same tag was we are putting into the list.
+ */
+ Der_class replace_class, list_class;
+ Der_type replace_type, list_type;
+ unsigned int replace_tag, list_tag;
+ size_t size;
+ int i;
+
+ ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
+ ext->data.u.asn1_ellipsis.length,
+ &replace_class, &replace_type, &replace_tag,
+ &size);
+ if (ret) {
+ krb5_set_error_string(context, "hdb: failed to decode "
+ "replacement hdb extention");
+ return ret;
+ }
+
+ for (i = 0; i < entry->extensions->len; i++) {
+ HDB_extension *ext3 = &entry->extensions->val[i];
+
+ if (ext3->data.element != choice_HDB_extension_data_asn1_ellipsis)
+ continue;
+
+ ret = der_get_tag(ext3->data.u.asn1_ellipsis.data,
+ ext3->data.u.asn1_ellipsis.length,
+ &list_class, &list_type, &list_tag,
+ &size);
+ if (ret) {
+ krb5_set_error_string(context, "hdb: failed to decode "
+ "present hdb extention");
+ return ret;
+ }
+
+ if (MAKE_TAG(replace_class,replace_type,replace_type) ==
+ MAKE_TAG(list_class,list_type,list_type)) {
+ ext2 = ext3;
+ break;
+ }
+ }
+ }
+
+ if (ext2) {
+ free_HDB_extension(ext2);
+ ret = copy_HDB_extension(ext, ext2);
+ if (ret)
+ krb5_set_error_string(context, "hdb: failed to copy replacement "
+ "hdb extention");
+ return ret;
+ }
+
+ es = realloc(entry->extensions->val,
+ (entry->extensions->len+1)*sizeof(entry->extensions->val[0]));
+ if (es == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ entry->extensions->val = es;
+
+ ret = copy_HDB_extension(ext,
+ &entry->extensions->val[entry->extensions->len]);
+ if (ret == 0)
+ entry->extensions->len++;
+ else
+ krb5_set_error_string(context, "hdb: failed to copy new extension");
+
+ return ret;
+}
+
+krb5_error_code
+hdb_clear_extension(krb5_context context,
+ hdb_entry *entry,
+ int type)
+{
+ int i;
+
+ if (entry->extensions == NULL)
+ return 0;
+
+ for (i = 0; i < entry->extensions->len; i++) {
+ if (entry->extensions->val[i].data.element == type) {
+ free_HDB_extension(&entry->extensions->val[i]);
+ memmove(&entry->extensions->val[i],
+ &entry->extensions->val[i + 1],
+ sizeof(entry->extensions->val[i]) * (entry->extensions->len - i - 1));
+ entry->extensions->len--;
+ }
+ }
+ if (entry->extensions->len == 0) {
+ free(entry->extensions->val);
+ free(entry->extensions);
+ entry->extensions = NULL;
+ }
+
+ return 0;
+}
+
+
+krb5_error_code
+hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_acl);
+ if (ext)
+ *a = &ext->data.u.pkinit_acl;
+ else
+ *a = NULL;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert_hash);
+ if (ext)
+ *a = &ext->data.u.pkinit_cert_hash;
+ else
+ *a = NULL;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry, choice_HDB_extension_data_last_pw_change);
+ if (ext)
+ *t = ext->data.u.last_pw_change;
+ else
+ *t = 0;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_entry_set_pw_change_time(krb5_context context,
+ hdb_entry *entry,
+ time_t t)
+{
+ HDB_extension ext;
+
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_last_pw_change;
+ if (t == 0)
+ t = time(NULL);
+ ext.data.u.last_pw_change = t;
+
+ return hdb_replace_extension(context, entry, &ext);
+}
+
+int
+hdb_entry_get_password(krb5_context context, HDB *db,
+ const hdb_entry *entry, char **p)
+{
+ HDB_extension *ext;
+ char *str;
+ int ret;
+
+ ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
+ if (ext) {
+ heim_utf8_string str;
+ heim_octet_string pw;
+
+ if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
+ hdb_master_key key;
+
+ key = _hdb_find_master_key(ext->data.u.password.mkvno,
+ db->hdb_master_key);
+
+ if (key == NULL) {
+ krb5_set_error_string(context, "master key %d missing",
+ *ext->data.u.password.mkvno);
+ return HDB_ERR_NO_MKEY;
+ }
+
+ ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY,
+ ext->data.u.password.password.data,
+ ext->data.u.password.password.length,
+ &pw);
+ } else {
+ ret = der_copy_octet_string(&ext->data.u.password.password, &pw);
+ }
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ str = pw.data;
+ if (str[pw.length - 1] != '\0') {
+ krb5_set_error_string(context, "password malformated");
+ return EINVAL;
+ }
+
+ *p = strdup(str);
+
+ der_free_octet_string(&pw);
+ if (*p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+ }
+
+ ret = krb5_unparse_name(context, entry->principal, &str);
+ if (ret == 0) {
+ krb5_set_error_string(context, "no password attributefor %s", str);
+ free(str);
+ } else
+ krb5_clear_error_string(context);
+
+ return ENOENT;
+}
+
+int
+hdb_entry_set_password(krb5_context context, HDB *db,
+ hdb_entry *entry, const char *p)
+{
+ HDB_extension ext;
+ hdb_master_key key;
+ int ret;
+
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_password;
+
+ if (db->hdb_master_key_set) {
+
+ key = _hdb_find_master_key(NULL, db->hdb_master_key);
+ if (key == NULL) {
+ krb5_set_error_string(context, "hdb_entry_set_password: "
+ "failed to find masterkey");
+ return HDB_ERR_NO_MKEY;
+ }
+
+ ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY,
+ p, strlen(p) + 1,
+ &ext.data.u.password.password);
+ if (ret)
+ return ret;
+
+ ext.data.u.password.mkvno =
+ malloc(sizeof(*ext.data.u.password.mkvno));
+ if (ext.data.u.password.mkvno == NULL) {
+ free_HDB_extension(&ext);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *ext.data.u.password.mkvno = _hdb_mkey_version(key);
+
+ } else {
+ ext.data.u.password.mkvno = NULL;
+
+ ret = krb5_data_copy(&ext.data.u.password.password,
+ p, strlen(p) + 1);
+ if (ret) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free_HDB_extension(&ext);
+ return ret;
+ }
+ }
+
+ ret = hdb_replace_extension(context, entry, &ext);
+
+ free_HDB_extension(&ext);
+
+ return ret;
+}
+
+int
+hdb_entry_clear_password(krb5_context context, hdb_entry *entry)
+{
+ return hdb_clear_extension(context, entry,
+ choice_HDB_extension_data_password);
+}
+
+krb5_error_code
+hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry,
+ const HDB_Ext_Constrained_delegation_acl **a)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry,
+ choice_HDB_extension_data_allowed_to_delegate_to);
+ if (ext)
+ *a = &ext->data.u.allowed_to_delegate_to;
+ else
+ *a = NULL;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_entry_get_aliases(const hdb_entry *entry, const HDB_Ext_Aliases **a)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry, choice_HDB_extension_data_aliases);
+ if (ext)
+ *a = &ext->data.u.aliases;
+ else
+ *a = NULL;
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb-ldap.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb-ldap.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb-ldap.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1829 @@
+/*
+ * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
+ * Copyright (c) 2004, Andrew Bartlett.
+ * Copyright (c) 2003 - 2007, Kungliga Tekniska H\xF6gskolan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: hdb-ldap.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef OPENLDAP
+
+#include <lber.h>
+#include <ldap.h>
+#include <sys/un.h>
+#include <hex.h>
+
+static krb5_error_code LDAP__connect(krb5_context context, HDB *);
+static krb5_error_code LDAP_close(krb5_context context, HDB *);
+
+static krb5_error_code
+LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
+ hdb_entry_ex * ent);
+
+static const char *default_structural_object = "account";
+static char *structural_object;
+static krb5_boolean samba_forwardable;
+
+struct hdbldapdb {
+ LDAP *h_lp;
+ int h_msgid;
+ char *h_base;
+ char *h_url;
+ char *h_createbase;
+};
+
+#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp)
+#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid)
+#define HDBSETMSGID(db,msgid) \
+ do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0)
+#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base)
+#define HDB2URL(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_url)
+#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase)
+
+/*
+ *
+ */
+
+static char * krb5kdcentry_attrs[] = {
+ "cn",
+ "createTimestamp",
+ "creatorsName",
+ "krb5EncryptionType",
+ "krb5KDCFlags",
+ "krb5Key",
+ "krb5KeyVersionNumber",
+ "krb5MaxLife",
+ "krb5MaxRenew",
+ "krb5PasswordEnd",
+ "krb5PrincipalName",
+ "krb5PrincipalRealm",
+ "krb5ValidEnd",
+ "krb5ValidStart",
+ "modifiersName",
+ "modifyTimestamp",
+ "objectClass",
+ "sambaAcctFlags",
+ "sambaKickoffTime",
+ "sambaNTPassword",
+ "sambaPwdLastSet",
+ "sambaPwdMustChange",
+ "uid",
+ NULL
+};
+
+static char *krb5principal_attrs[] = {
+ "cn",
+ "createTimestamp",
+ "creatorsName",
+ "krb5PrincipalName",
+ "krb5PrincipalRealm",
+ "modifiersName",
+ "modifyTimestamp",
+ "objectClass",
+ "uid",
+ NULL
+};
+
+static int
+LDAP_no_size_limit(krb5_context context, LDAP *lp)
+{
+ int ret, limit = LDAP_NO_LIMIT;
+
+ ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit);
+ if (ret != LDAP_SUCCESS) {
+ krb5_set_error_string(context, "ldap_set_option: %s",
+ ldap_err2string(ret));
+ return HDB_ERR_BADVERSION;
+ }
+ return 0;
+}
+
+static int
+check_ldap(krb5_context context, HDB *db, int ret)
+{
+ switch (ret) {
+ case LDAP_SUCCESS:
+ return 0;
+ case LDAP_SERVER_DOWN:
+ LDAP_close(context, db);
+ return 1;
+ default:
+ return 1;
+ }
+}
+
+static krb5_error_code
+LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
+ int *pIndex)
+{
+ int cMods;
+
+ if (*modlist == NULL) {
+ *modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
+ if (*modlist == NULL)
+ return ENOMEM;
+ }
+
+ for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
+ if ((*modlist)[cMods]->mod_op == modop &&
+ strcasecmp((*modlist)[cMods]->mod_type, attribute) == 0) {
+ break;
+ }
+ }
+
+ *pIndex = cMods;
+
+ if ((*modlist)[cMods] == NULL) {
+ LDAPMod *mod;
+
+ *modlist = (LDAPMod **)ber_memrealloc(*modlist,
+ (cMods + 2) * sizeof(LDAPMod *));
+ if (*modlist == NULL)
+ return ENOMEM;
+
+ (*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
+ if ((*modlist)[cMods] == NULL)
+ return ENOMEM;
+
+ mod = (*modlist)[cMods];
+ mod->mod_op = modop;
+ mod->mod_type = ber_strdup(attribute);
+ if (mod->mod_type == NULL) {
+ ber_memfree(mod);
+ (*modlist)[cMods] = NULL;
+ return ENOMEM;
+ }
+
+ if (modop & LDAP_MOD_BVALUES) {
+ mod->mod_bvalues = NULL;
+ } else {
+ mod->mod_values = NULL;
+ }
+
+ (*modlist)[cMods + 1] = NULL;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+LDAP_addmod_len(LDAPMod *** modlist, int modop, const char *attribute,
+ unsigned char *value, size_t len)
+{
+ krb5_error_code ret;
+ int cMods, i = 0;
+
+ ret = LDAP__setmod(modlist, modop | LDAP_MOD_BVALUES, attribute, &cMods);
+ if (ret)
+ return ret;
+
+ if (value != NULL) {
+ struct berval **bv;
+
+ bv = (*modlist)[cMods]->mod_bvalues;
+ if (bv != NULL) {
+ for (i = 0; bv[i] != NULL; i++)
+ ;
+ bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
+ } else
+ bv = ber_memalloc(2 * sizeof(*bv));
+ if (bv == NULL)
+ return ENOMEM;
+
+ (*modlist)[cMods]->mod_bvalues = bv;
+
+ bv[i] = ber_memalloc(sizeof(*bv));;
+ if (bv[i] == NULL)
+ return ENOMEM;
+
+ bv[i]->bv_val = (void *)value;
+ bv[i]->bv_len = len;
+
+ bv[i + 1] = NULL;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
+ const char *value)
+{
+ int cMods, i = 0;
+ krb5_error_code ret;
+
+ ret = LDAP__setmod(modlist, modop, attribute, &cMods);
+ if (ret)
+ return ret;
+
+ if (value != NULL) {
+ char **bv;
+
+ bv = (*modlist)[cMods]->mod_values;
+ if (bv != NULL) {
+ for (i = 0; bv[i] != NULL; i++)
+ ;
+ bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv));
+ } else
+ bv = ber_memalloc(2 * sizeof(*bv));
+ if (bv == NULL)
+ return ENOMEM;
+
+ (*modlist)[cMods]->mod_values = bv;
+
+ bv[i] = ber_strdup(value);
+ if (bv[i] == NULL)
+ return ENOMEM;
+
+ bv[i + 1] = NULL;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+LDAP_addmod_generalized_time(LDAPMod *** mods, int modop,
+ const char *attribute, KerberosTime * time)
+{
+ char buf[22];
+ struct tm *tm;
+
+ /* XXX not threadsafe */
+ tm = gmtime(time);
+ strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm);
+
+ return LDAP_addmod(mods, modop, attribute, buf);
+}
+
+static krb5_error_code
+LDAP_addmod_integer(krb5_context context,
+ LDAPMod *** mods, int modop,
+ const char *attribute, unsigned long l)
+{
+ krb5_error_code ret;
+ char *buf;
+
+ ret = asprintf(&buf, "%ld", l);
+ if (ret < 0) {
+ krb5_set_error_string(context, "asprintf: out of memory:");
+ return ret;
+ }
+ ret = LDAP_addmod(mods, modop, attribute, buf);
+ free (buf);
+ return ret;
+}
+
+static krb5_error_code
+LDAP_get_string_value(HDB * db, LDAPMessage * entry,
+ const char *attribute, char **ptr)
+{
+ char **vals;
+ int ret;
+
+ vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
+ if (vals == NULL) {
+ *ptr = NULL;
+ return HDB_ERR_NOENTRY;
+ }
+
+ *ptr = strdup(vals[0]);
+ if (*ptr == NULL)
+ ret = ENOMEM;
+ else
+ ret = 0;
+
+ ldap_value_free(vals);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_get_integer_value(HDB * db, LDAPMessage * entry,
+ const char *attribute, int *ptr)
+{
+ char **vals;
+
+ vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
+ if (vals == NULL)
+ return HDB_ERR_NOENTRY;
+
+ *ptr = atoi(vals[0]);
+ ldap_value_free(vals);
+ return 0;
+}
+
+static krb5_error_code
+LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry,
+ const char *attribute, KerberosTime * kt)
+{
+ char *tmp, *gentime;
+ struct tm tm;
+ int ret;
+
+ *kt = 0;
+
+ ret = LDAP_get_string_value(db, entry, attribute, &gentime);
+ if (ret)
+ return ret;
+
+ tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
+ if (tmp == NULL) {
+ free(gentime);
+ return HDB_ERR_NOENTRY;
+ }
+
+ free(gentime);
+
+ *kt = timegm(&tm);
+
+ return 0;
+}
+
+static krb5_error_code
+LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
+ LDAPMessage * msg, LDAPMod *** pmods)
+{
+ krb5_error_code ret;
+ krb5_boolean is_new_entry;
+ char *tmp = NULL;
+ LDAPMod **mods = NULL;
+ hdb_entry_ex orig;
+ unsigned long oflags, nflags;
+ int i;
+
+ krb5_boolean is_samba_account = FALSE;
+ krb5_boolean is_account = FALSE;
+ krb5_boolean is_heimdal_entry = FALSE;
+ krb5_boolean is_heimdal_principal = FALSE;
+
+ char **values;
+
+ *pmods = NULL;
+
+ if (msg != NULL) {
+
+ ret = LDAP_message2entry(context, db, msg, &orig);
+ if (ret)
+ goto out;
+
+ is_new_entry = FALSE;
+
+ values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
+ if (values) {
+ int num_objectclasses = ldap_count_values(values);
+ for (i=0; i < num_objectclasses; i++) {
+ if (strcasecmp(values[i], "sambaSamAccount") == 0) {
+ is_samba_account = TRUE;
+ } else if (strcasecmp(values[i], structural_object) == 0) {
+ is_account = TRUE;
+ } else if (strcasecmp(values[i], "krb5Principal") == 0) {
+ is_heimdal_principal = TRUE;
+ } else if (strcasecmp(values[i], "krb5KDCEntry") == 0) {
+ is_heimdal_entry = TRUE;
+ }
+ }
+ ldap_value_free(values);
+ }
+
+ /*
+ * If this is just a "account" entry and no other objectclass
+ * is hanging on this entry, it's really a new entry.
+ */
+ if (is_samba_account == FALSE && is_heimdal_principal == FALSE &&
+ is_heimdal_entry == FALSE) {
+ if (is_account == TRUE) {
+ is_new_entry = TRUE;
+ } else {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+ }
+ } else
+ is_new_entry = TRUE;
+
+ if (is_new_entry) {
+
+ /* to make it perfectly obvious we're depending on
+ * orig being intiialized to zero */
+ memset(&orig, 0, sizeof(orig));
+
+ ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top");
+ if (ret)
+ goto out;
+
+ /* account is the structural object class */
+ if (is_account == FALSE) {
+ ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass",
+ structural_object);
+ is_account = TRUE;
+ if (ret)
+ goto out;
+ }
+
+ ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5Principal");
+ is_heimdal_principal = TRUE;
+ if (ret)
+ goto out;
+
+ ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5KDCEntry");
+ is_heimdal_entry = TRUE;
+ if (ret)
+ goto out;
+ }
+
+ if (is_new_entry ||
+ krb5_principal_compare(context, ent->entry.principal, orig.entry.principal)
+ == FALSE)
+ {
+ if (is_heimdal_principal || is_heimdal_entry) {
+
+ ret = krb5_unparse_name(context, ent->entry.principal, &tmp);
+ if (ret)
+ goto out;
+
+ ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
+ "krb5PrincipalName", tmp);
+ if (ret) {
+ free(tmp);
+ goto out;
+ }
+ free(tmp);
+ }
+
+ if (is_account || is_samba_account) {
+ ret = krb5_unparse_name_short(context, ent->entry.principal, &tmp);
+ if (ret)
+ goto out;
+ ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp);
+ if (ret) {
+ free(tmp);
+ goto out;
+ }
+ free(tmp);
+ }
+ }
+
+ if (is_heimdal_entry && (ent->entry.kvno != orig.entry.kvno || is_new_entry)) {
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "krb5KeyVersionNumber",
+ ent->entry.kvno);
+ if (ret)
+ goto out;
+ }
+
+ if (is_heimdal_entry && ent->entry.valid_start) {
+ if (orig.entry.valid_end == NULL
+ || (*(ent->entry.valid_start) != *(orig.entry.valid_start))) {
+ ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
+ "krb5ValidStart",
+ ent->entry.valid_start);
+ if (ret)
+ goto out;
+ }
+ }
+
+ if (ent->entry.valid_end) {
+ if (orig.entry.valid_end == NULL || (*(ent->entry.valid_end) != *(orig.entry.valid_end))) {
+ if (is_heimdal_entry) {
+ ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
+ "krb5ValidEnd",
+ ent->entry.valid_end);
+ if (ret)
+ goto out;
+ }
+ if (is_samba_account) {
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "sambaKickoffTime",
+ *(ent->entry.valid_end));
+ if (ret)
+ goto out;
+ }
+ }
+ }
+
+ if (ent->entry.pw_end) {
+ if (orig.entry.pw_end == NULL || (*(ent->entry.pw_end) != *(orig.entry.pw_end))) {
+ if (is_heimdal_entry) {
+ ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
+ "krb5PasswordEnd",
+ ent->entry.pw_end);
+ if (ret)
+ goto out;
+ }
+
+ if (is_samba_account) {
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "sambaPwdMustChange",
+ *(ent->entry.pw_end));
+ if (ret)
+ goto out;
+ }
+ }
+ }
+
+
+#if 0 /* we we have last_pw_change */
+ if (is_samba_account && ent->entry.last_pw_change) {
+ if (orig.entry.last_pw_change == NULL || (*(ent->entry.last_pw_change) != *(orig.entry.last_pw_change))) {
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "sambaPwdLastSet",
+ *(ent->entry.last_pw_change));
+ if (ret)
+ goto out;
+ }
+ }
+#endif
+
+ if (is_heimdal_entry && ent->entry.max_life) {
+ if (orig.entry.max_life == NULL
+ || (*(ent->entry.max_life) != *(orig.entry.max_life))) {
+
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "krb5MaxLife",
+ *(ent->entry.max_life));
+ if (ret)
+ goto out;
+ }
+ }
+
+ if (is_heimdal_entry && ent->entry.max_renew) {
+ if (orig.entry.max_renew == NULL
+ || (*(ent->entry.max_renew) != *(orig.entry.max_renew))) {
+
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "krb5MaxRenew",
+ *(ent->entry.max_renew));
+ if (ret)
+ goto out;
+ }
+ }
+
+ oflags = HDBFlags2int(orig.entry.flags);
+ nflags = HDBFlags2int(ent->entry.flags);
+
+ if (is_heimdal_entry && oflags != nflags) {
+
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE,
+ "krb5KDCFlags",
+ nflags);
+ if (ret)
+ goto out;
+ }
+
+ /* Remove keys if they exists, and then replace keys. */
+ if (!is_new_entry && orig.entry.keys.len > 0) {
+ values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key");
+ if (values) {
+ ldap_value_free(values);
+
+ ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
+ if (ret)
+ goto out;
+ }
+ }
+
+ for (i = 0; i < ent->entry.keys.len; i++) {
+
+ if (is_samba_account
+ && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
+ char *ntHexPassword;
+ char *nt;
+
+ /* the key might have been 'sealed', but samba passwords
+ are clear in the directory */
+ ret = hdb_unseal_key(context, db, &ent->entry.keys.val[i]);
+ if (ret)
+ goto out;
+
+ nt = ent->entry.keys.val[i].key.keyvalue.data;
+ /* store in ntPassword, not krb5key */
+ ret = hex_encode(nt, 16, &ntHexPassword);
+ if (ret < 0) {
+ krb5_set_error_string(context, "hdb-ldap: failed to "
+ "hex encode key");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword",
+ ntHexPassword);
+ free(ntHexPassword);
+ if (ret)
+ goto out;
+
+ /* have to kill the LM passwod if it exists */
+ values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword");
+ if (values) {
+ ldap_value_free(values);
+ ret = LDAP_addmod(&mods, LDAP_MOD_DELETE,
+ "sambaLMPassword", NULL);
+ if (ret)
+ goto out;
+ }
+
+ } else if (is_heimdal_entry) {
+ unsigned char *buf;
+ size_t len, buf_size;
+
+ ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->entry.keys.val[i], &len, ret);
+ if (ret)
+ goto out;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ /* addmod_len _owns_ the key, doesn't need to copy it */
+ ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
+ if (ret)
+ goto out;
+ }
+ }
+
+ if (ent->entry.etypes) {
+ int add_krb5EncryptionType = 0;
+
+ /*
+ * Only add/modify krb5EncryptionType if it's a new heimdal
+ * entry or krb5EncryptionType already exists on the entry.
+ */
+
+ if (!is_new_entry) {
+ values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
+ if (values) {
+ ldap_value_free(values);
+ ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
+ NULL);
+ if (ret)
+ goto out;
+ add_krb5EncryptionType = 1;
+ }
+ } else if (is_heimdal_entry)
+ add_krb5EncryptionType = 1;
+
+ if (add_krb5EncryptionType) {
+ for (i = 0; i < ent->entry.etypes->len; i++) {
+ if (is_samba_account &&
+ ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
+ {
+ ;
+ } else if (is_heimdal_entry) {
+ ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_ADD,
+ "krb5EncryptionType",
+ ent->entry.etypes->val[i]);
+ if (ret)
+ goto out;
+ }
+ }
+ }
+ }
+
+ /* for clarity */
+ ret = 0;
+
+ out:
+
+ if (ret == 0)
+ *pmods = mods;
+ else if (mods != NULL) {
+ ldap_mods_free(mods, 1);
+ *pmods = NULL;
+ }
+
+ if (msg)
+ hdb_free_entry(context, &orig);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
+ krb5_principal * principal)
+{
+ krb5_error_code ret;
+ int rc;
+ const char *filter = "(objectClass=krb5Principal)";
+ char **values;
+ LDAPMessage *res = NULL, *e;
+
+ ret = LDAP_no_size_limit(context, HDB2LDAP(db));
+ if (ret)
+ goto out;
+
+ rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE,
+ filter, krb5principal_attrs,
+ 0, &res);
+ if (check_ldap(context, db, rc)) {
+ krb5_set_error_string(context, "ldap_search_s: filter: %s error: %s",
+ filter, ldap_err2string(rc));
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ e = ldap_first_entry(HDB2LDAP(db), res);
+ if (e == NULL) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName");
+ if (values == NULL) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ ret = krb5_parse_name(context, values[0], principal);
+ ldap_value_free(values);
+
+ out:
+ if (res)
+ ldap_msgfree(res);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP__lookup_princ(krb5_context context,
+ HDB *db,
+ const char *princname,
+ const char *userid,
+ LDAPMessage **msg)
+{
+ krb5_error_code ret;
+ int rc;
+ char *filter = NULL;
+
+ ret = LDAP__connect(context, db);
+ if (ret)
+ return ret;
+
+ rc = asprintf(&filter,
+ "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
+ princname);
+ if (rc < 0) {
+ krb5_set_error_string(context, "asprintf: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = LDAP_no_size_limit(context, HDB2LDAP(db));
+ if (ret)
+ goto out;
+
+ rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter,
+ krb5kdcentry_attrs, 0, msg);
+ if (check_ldap(context, db, rc)) {
+ krb5_set_error_string(context, "ldap_search_s: filter: %s - error: %s",
+ filter, ldap_err2string(rc));
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ if (userid && ldap_count_entries(HDB2LDAP(db), *msg) == 0) {
+ free(filter);
+ filter = NULL;
+ ldap_msgfree(*msg);
+ *msg = NULL;
+
+ rc = asprintf(&filter,
+ "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
+ structural_object, userid);
+ if (rc < 0) {
+ krb5_set_error_string(context, "asprintf: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = LDAP_no_size_limit(context, HDB2LDAP(db));
+ if (ret)
+ goto out;
+
+ rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE,
+ filter, krb5kdcentry_attrs, 0, msg);
+ if (check_ldap(context, db, rc)) {
+ krb5_set_error_string(context,
+ "ldap_search_s: filter: %s error: %s",
+ filter, ldap_err2string(rc));
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+ }
+
+ ret = 0;
+
+ out:
+ if (filter)
+ free(filter);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_principal2message(krb5_context context, HDB * db,
+ krb5_const_principal princ, LDAPMessage ** msg)
+{
+ char *name, *name_short = NULL;
+ krb5_error_code ret;
+ krb5_realm *r, *r0;
+
+ *msg = NULL;
+
+ ret = krb5_unparse_name(context, princ, &name);
+ if (ret)
+ return ret;
+
+ ret = krb5_get_default_realms(context, &r0);
+ if(ret) {
+ free(name);
+ return ret;
+ }
+ for (r = r0; *r != NULL; r++) {
+ if(strcmp(krb5_principal_get_realm(context, princ), *r) == 0) {
+ ret = krb5_unparse_name_short(context, princ, &name_short);
+ if (ret) {
+ krb5_free_host_realm(context, r0);
+ free(name);
+ return ret;
+ }
+ break;
+ }
+ }
+ krb5_free_host_realm(context, r0);
+
+ ret = LDAP__lookup_princ(context, db, name, name_short, msg);
+ free(name);
+ free(name_short);
+
+ return ret;
+}
+
+/*
+ * Construct an hdb_entry from a directory entry.
+ */
+static krb5_error_code
+LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
+ hdb_entry_ex * ent)
+{
+ char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL;
+ char *samba_acct_flags = NULL;
+ unsigned long tmp;
+ struct berval **keys;
+ char **values;
+ int tmp_time, i, ret, have_arcfour = 0;
+
+ memset(ent, 0, sizeof(*ent));
+ ent->entry.flags = int2HDBFlags(0);
+
+ ret = LDAP_get_string_value(db, msg, "krb5PrincipalName", &unparsed_name);
+ if (ret == 0) {
+ ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
+ if (ret)
+ goto out;
+ } else {
+ ret = LDAP_get_string_value(db, msg, "uid",
+ &unparsed_name);
+ if (ret == 0) {
+ ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal);
+ if (ret)
+ goto out;
+ } else {
+ krb5_set_error_string(context, "hdb-ldap: ldap entry missing"
+ "principal name");
+ return HDB_ERR_NOENTRY;
+ }
+ }
+
+ {
+ int integer;
+ ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
+ &integer);
+ if (ret)
+ ent->entry.kvno = 0;
+ else
+ ent->entry.kvno = integer;
+ }
+
+ keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
+ if (keys != NULL) {
+ int i;
+ size_t l;
+
+ ent->entry.keys.len = ldap_count_values_len(keys);
+ ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key));
+ if (ent->entry.keys.val == NULL) {
+ krb5_set_error_string(context, "calloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ for (i = 0; i < ent->entry.keys.len; i++) {
+ decode_Key((unsigned char *) keys[i]->bv_val,
+ (size_t) keys[i]->bv_len, &ent->entry.keys.val[i], &l);
+ }
+ ber_bvecfree(keys);
+ } else {
+#if 1
+ /*
+ * This violates the ASN1 but it allows a principal to
+ * be related to a general directory entry without creating
+ * the keys. Hopefully it's OK.
+ */
+ ent->entry.keys.len = 0;
+ ent->entry.keys.val = NULL;
+#else
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+#endif
+ }
+
+ values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
+ if (values != NULL) {
+ int i;
+
+ ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
+ if (ent->entry.etypes == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ent->entry.etypes->len = ldap_count_values(values);
+ ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int));
+ if (ent->entry.etypes->val == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ for (i = 0; i < ent->entry.etypes->len; i++) {
+ ent->entry.etypes->val[i] = atoi(values[i]);
+ }
+ ldap_value_free(values);
+ }
+
+ for (i = 0; i < ent->entry.keys.len; i++) {
+ if (ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
+ have_arcfour = 1;
+ break;
+ }
+ }
+
+ /* manually construct the NT (type 23) key */
+ ret = LDAP_get_string_value(db, msg, "sambaNTPassword", &ntPasswordIN);
+ if (ret == 0 && have_arcfour == 0) {
+ unsigned *etypes;
+ Key *keys;
+ int i;
+
+ keys = realloc(ent->entry.keys.val,
+ (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0]));
+ if (keys == NULL) {
+ free(ntPasswordIN);
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ent->entry.keys.val = keys;
+ memset(&ent->entry.keys.val[ent->entry.keys.len], 0, sizeof(Key));
+ ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
+ ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16);
+ if (ret) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free(ntPasswordIN);
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = hex_decode(ntPasswordIN,
+ ent->entry.keys.val[ent->entry.keys.len].key.keyvalue.data, 16);
+ ent->entry.keys.len++;
+
+ if (ent->entry.etypes == NULL) {
+ ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
+ if (ent->entry.etypes == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ent->entry.etypes->val = NULL;
+ ent->entry.etypes->len = 0;
+ }
+
+ for (i = 0; i < ent->entry.etypes->len; i++)
+ if (ent->entry.etypes->val[i] == ETYPE_ARCFOUR_HMAC_MD5)
+ break;
+ /* If there is no ARCFOUR enctype, add one */
+ if (i == ent->entry.etypes->len) {
+ etypes = realloc(ent->entry.etypes->val,
+ (ent->entry.etypes->len + 1) *
+ sizeof(ent->entry.etypes->val[0]));
+ if (etypes == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ent->entry.etypes->val = etypes;
+ ent->entry.etypes->val[ent->entry.etypes->len] =
+ ETYPE_ARCFOUR_HMAC_MD5;
+ ent->entry.etypes->len++;
+ }
+ }
+
+ ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp",
+ &ent->entry.created_by.time);
+ if (ret)
+ ent->entry.created_by.time = time(NULL);
+
+ ent->entry.created_by.principal = NULL;
+
+ ret = LDAP_get_string_value(db, msg, "creatorsName", &dn);
+ if (ret == 0) {
+ if (LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal)
+ != 0) {
+ ent->entry.created_by.principal = NULL;
+ }
+ free(dn);
+ }
+
+ ent->entry.modified_by = (Event *) malloc(sizeof(Event));
+ if (ent->entry.modified_by == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
+ &ent->entry.modified_by->time);
+ if (ret == 0) {
+ ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
+ if (LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal))
+ ent->entry.modified_by->principal = NULL;
+ free(dn);
+ } else {
+ free(ent->entry.modified_by);
+ ent->entry.modified_by = NULL;
+ }
+
+ ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start));
+ if (ent->entry.valid_start == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
+ ent->entry.valid_start);
+ if (ret) {
+ /* OPTIONAL */
+ free(ent->entry.valid_start);
+ ent->entry.valid_start = NULL;
+ }
+
+ ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
+ if (ent->entry.valid_end == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
+ ent->entry.valid_end);
+ if (ret) {
+ /* OPTIONAL */
+ free(ent->entry.valid_end);
+ ent->entry.valid_end = NULL;
+ }
+
+ ret = LDAP_get_integer_value(db, msg, "sambaKickoffTime", &tmp_time);
+ if (ret == 0) {
+ if (ent->entry.valid_end == NULL) {
+ ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
+ if (ent->entry.valid_end == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ *ent->entry.valid_end = tmp_time;
+ }
+
+ ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
+ if (ent->entry.pw_end == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
+ ent->entry.pw_end);
+ if (ret) {
+ /* OPTIONAL */
+ free(ent->entry.pw_end);
+ ent->entry.pw_end = NULL;
+ }
+
+ ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time);
+ if (ret == 0) {
+ if (ent->entry.pw_end == NULL) {
+ ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
+ if (ent->entry.pw_end == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ *ent->entry.pw_end = tmp_time;
+ }
+
+ /* OPTIONAL */
+ ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time);
+ if (ret == 0)
+ hdb_entry_set_pw_change_time(context, &ent->entry, tmp_time);
+
+ {
+ int max_life;
+
+ ent->entry.max_life = malloc(sizeof(*ent->entry.max_life));
+ if (ent->entry.max_life == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life);
+ if (ret) {
+ free(ent->entry.max_life);
+ ent->entry.max_life = NULL;
+ } else
+ *ent->entry.max_life = max_life;
+ }
+
+ {
+ int max_renew;
+
+ ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew));
+ if (ent->entry.max_renew == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew);
+ if (ret) {
+ free(ent->entry.max_renew);
+ ent->entry.max_renew = NULL;
+ } else
+ *ent->entry.max_renew = max_renew;
+ }
+
+ values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags");
+ if (values != NULL) {
+ errno = 0;
+ tmp = strtoul(values[0], (char **) NULL, 10);
+ if (tmp == ULONG_MAX && errno == ERANGE) {
+ krb5_set_error_string(context, "strtoul: could not convert flag");
+ ret = ERANGE;
+ goto out;
+ }
+ } else {
+ tmp = 0;
+ }
+
+ ent->entry.flags = int2HDBFlags(tmp);
+
+ /* Try and find Samba flags to put into the mix */
+ ret = LDAP_get_string_value(db, msg, "sambaAcctFlags", &samba_acct_flags);
+ if (ret == 0) {
+ /* parse the [UXW...] string:
+
+ 'N' No password
+ 'D' Disabled
+ 'H' Homedir required
+ 'T' Temp account.
+ 'U' User account (normal)
+ 'M' MNS logon user account - what is this ?
+ 'W' Workstation account
+ 'S' Server account
+ 'L' Locked account
+ 'X' No Xpiry on password
+ 'I' Interdomain trust account
+
+ */
+
+ int i;
+ int flags_len = strlen(samba_acct_flags);
+
+ if (flags_len < 2)
+ goto out2;
+
+ if (samba_acct_flags[0] != '['
+ || samba_acct_flags[flags_len - 1] != ']')
+ goto out2;
+
+ /* Allow forwarding */
+ if (samba_forwardable)
+ ent->entry.flags.forwardable = TRUE;
+
+ for (i=0; i < flags_len; i++) {
+ switch (samba_acct_flags[i]) {
+ case ' ':
+ case '[':
+ case ']':
+ break;
+ case 'N':
+ /* how to handle no password in kerberos? */
+ break;
+ case 'D':
+ ent->entry.flags.invalid = TRUE;
+ break;
+ case 'H':
+ break;
+ case 'T':
+ /* temp duplicate */
+ ent->entry.flags.invalid = TRUE;
+ break;
+ case 'U':
+ ent->entry.flags.client = TRUE;
+ break;
+ case 'M':
+ break;
+ case 'W':
+ case 'S':
+ ent->entry.flags.server = TRUE;
+ ent->entry.flags.client = TRUE;
+ break;
+ case 'L':
+ ent->entry.flags.invalid = TRUE;
+ break;
+ case 'X':
+ if (ent->entry.pw_end) {
+ free(ent->entry.pw_end);
+ ent->entry.pw_end = NULL;
+ }
+ break;
+ case 'I':
+ ent->entry.flags.server = TRUE;
+ ent->entry.flags.client = TRUE;
+ break;
+ }
+ }
+ out2:
+ free(samba_acct_flags);
+ }
+
+ ret = 0;
+
+out:
+ if (unparsed_name)
+ free(unparsed_name);
+
+ if (ret)
+ hdb_free_entry(context, ent);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_close(krb5_context context, HDB * db)
+{
+ if (HDB2LDAP(db)) {
+ ldap_unbind_ext(HDB2LDAP(db), NULL, NULL);
+ ((struct hdbldapdb *)db->hdb_db)->h_lp = NULL;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+LDAP_lock(krb5_context context, HDB * db, int operation)
+{
+ return 0;
+}
+
+static krb5_error_code
+LDAP_unlock(krb5_context context, HDB * db)
+{
+ return 0;
+}
+
+static krb5_error_code
+LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
+{
+ int msgid, rc, parserc;
+ krb5_error_code ret;
+ LDAPMessage *e;
+
+ msgid = HDB2MSGID(db);
+ if (msgid < 0)
+ return HDB_ERR_NOENTRY;
+
+ do {
+ rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e);
+ switch (rc) {
+ case LDAP_RES_SEARCH_REFERENCE:
+ ldap_msgfree(e);
+ ret = 0;
+ break;
+ case LDAP_RES_SEARCH_ENTRY:
+ /* We have an entry. Parse it. */
+ ret = LDAP_message2entry(context, db, e, entry);
+ ldap_msgfree(e);
+ break;
+ case LDAP_RES_SEARCH_RESULT:
+ /* We're probably at the end of the results. If not, abandon. */
+ parserc =
+ ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL,
+ NULL, NULL, 1);
+ if (parserc != LDAP_SUCCESS
+ && parserc != LDAP_MORE_RESULTS_TO_RETURN) {
+ krb5_set_error_string(context, "ldap_parse_result: %s",
+ ldap_err2string(parserc));
+ ldap_abandon(HDB2LDAP(db), msgid);
+ }
+ ret = HDB_ERR_NOENTRY;
+ HDBSETMSGID(db, -1);
+ break;
+ case LDAP_SERVER_DOWN:
+ ldap_msgfree(e);
+ LDAP_close(context, db);
+ HDBSETMSGID(db, -1);
+ ret = ENETDOWN;
+ break;
+ default:
+ /* Some unspecified error (timeout?). Abandon. */
+ ldap_msgfree(e);
+ ldap_abandon(HDB2LDAP(db), msgid);
+ ret = HDB_ERR_NOENTRY;
+ HDBSETMSGID(db, -1);
+ break;
+ }
+ } while (rc == LDAP_RES_SEARCH_REFERENCE);
+
+ if (ret == 0) {
+ if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
+ ret = hdb_unseal_keys(context, db, &entry->entry);
+ if (ret)
+ hdb_free_entry(context, entry);
+ }
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
+ hdb_entry_ex *entry)
+{
+ krb5_error_code ret;
+ int msgid;
+
+ ret = LDAP__connect(context, db);
+ if (ret)
+ return ret;
+
+ ret = LDAP_no_size_limit(context, HDB2LDAP(db));
+ if (ret)
+ return ret;
+
+ msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db),
+ LDAP_SCOPE_SUBTREE,
+ "(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))",
+ krb5kdcentry_attrs, 0);
+ if (msgid < 0)
+ return HDB_ERR_NOENTRY;
+
+ HDBSETMSGID(db, msgid);
+
+ return LDAP_seq(context, db, flags, entry);
+}
+
+static krb5_error_code
+LDAP_nextkey(krb5_context context, HDB * db, unsigned flags,
+ hdb_entry_ex * entry)
+{
+ return LDAP_seq(context, db, flags, entry);
+}
+
+static krb5_error_code
+LDAP__connect(krb5_context context, HDB * db)
+{
+ int rc, version = LDAP_VERSION3;
+ /*
+ * Empty credentials to do a SASL bind with LDAP. Note that empty
+ * different from NULL credentials. If you provide NULL
+ * credentials instead of empty credentials you will get a SASL
+ * bind in progress message.
+ */
+ struct berval bv = { 0, "" };
+
+ if (HDB2LDAP(db)) {
+ /* connection has been opened. ping server. */
+ struct sockaddr_un addr;
+ socklen_t len = sizeof(addr);
+ int sd;
+
+ if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 &&
+ getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
+ /* the other end has died. reopen. */
+ LDAP_close(context, db);
+ }
+ }
+
+ if (HDB2LDAP(db) != NULL) /* server is UP */
+ return 0;
+
+ rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db));
+ if (rc != LDAP_SUCCESS) {
+ krb5_set_error_string(context, "ldap_initialize: %s",
+ ldap_err2string(rc));
+ return HDB_ERR_NOENTRY;
+ }
+
+ rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION,
+ (const void *)&version);
+ if (rc != LDAP_SUCCESS) {
+ krb5_set_error_string(context, "ldap_set_option: %s",
+ ldap_err2string(rc));
+ LDAP_close(context, db);
+ return HDB_ERR_BADVERSION;
+ }
+
+ rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv,
+ NULL, NULL, NULL);
+ if (rc != LDAP_SUCCESS) {
+ krb5_set_error_string(context, "ldap_sasl_bind_s: %s",
+ ldap_err2string(rc));
+ LDAP_close(context, db);
+ return HDB_ERR_BADVERSION;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode)
+{
+ /* Not the right place for this. */
+#ifdef HAVE_SIGACTION
+ struct sigaction sa;
+
+ sa.sa_flags = 0;
+ sa.sa_handler = SIG_IGN;
+ sigemptyset(&sa.sa_mask);
+
+ sigaction(SIGPIPE, &sa, NULL);
+#else
+ signal(SIGPIPE, SIG_IGN);
+#endif /* HAVE_SIGACTION */
+
+ return LDAP__connect(context, db);
+}
+
+static krb5_error_code
+LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
+ unsigned flags, hdb_entry_ex * entry)
+{
+ LDAPMessage *msg, *e;
+ krb5_error_code ret;
+
+ ret = LDAP_principal2message(context, db, principal, &msg);
+ if (ret)
+ return ret;
+
+ e = ldap_first_entry(HDB2LDAP(db), msg);
+ if (e == NULL) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ ret = LDAP_message2entry(context, db, e, entry);
+ if (ret == 0) {
+ if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
+ ret = hdb_unseal_keys(context, db, &entry->entry);
+ if (ret)
+ hdb_free_entry(context, entry);
+ }
+ }
+
+ out:
+ ldap_msgfree(msg);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_store(krb5_context context, HDB * db, unsigned flags,
+ hdb_entry_ex * entry)
+{
+ LDAPMod **mods = NULL;
+ krb5_error_code ret;
+ const char *errfn;
+ int rc;
+ LDAPMessage *msg = NULL, *e = NULL;
+ char *dn = NULL, *name = NULL;
+
+ ret = LDAP_principal2message(context, db, entry->entry.principal, &msg);
+ if (ret == 0)
+ e = ldap_first_entry(HDB2LDAP(db), msg);
+
+ ret = krb5_unparse_name(context, entry->entry.principal, &name);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+
+ ret = hdb_seal_keys(context, db, &entry->entry);
+ if (ret)
+ goto out;
+
+ /* turn new entry into LDAPMod array */
+ ret = LDAP_entry2mods(context, db, entry, e, &mods);
+ if (ret)
+ goto out;
+
+ if (e == NULL) {
+ ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db));
+ if (ret < 0) {
+ krb5_set_error_string(context, "asprintf: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ } else if (flags & HDB_F_REPLACE) {
+ /* Entry exists, and we're allowed to replace it. */
+ dn = ldap_get_dn(HDB2LDAP(db), e);
+ } else {
+ /* Entry exists, but we're not allowed to replace it. Bail. */
+ ret = HDB_ERR_EXISTS;
+ goto out;
+ }
+
+ /* write entry into directory */
+ if (e == NULL) {
+ /* didn't exist before */
+ rc = ldap_add_s(HDB2LDAP(db), dn, mods);
+ errfn = "ldap_add_s";
+ } else {
+ /* already existed, send deltas only */
+ rc = ldap_modify_s(HDB2LDAP(db), dn, mods);
+ errfn = "ldap_modify_s";
+ }
+
+ if (check_ldap(context, db, rc)) {
+ char *ld_error = NULL;
+ ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING,
+ &ld_error);
+ krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s",
+ errfn, name, dn, ldap_err2string(rc), ld_error);
+ ret = HDB_ERR_CANT_LOCK_DB;
+ } else
+ ret = 0;
+
+ out:
+ /* free stuff */
+ if (dn)
+ free(dn);
+ if (msg)
+ ldap_msgfree(msg);
+ if (mods)
+ ldap_mods_free(mods, 1);
+ if (name)
+ free(name);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal)
+{
+ krb5_error_code ret;
+ LDAPMessage *msg, *e;
+ char *dn = NULL;
+ int rc, limit = LDAP_NO_LIMIT;
+
+ ret = LDAP_principal2message(context, db, principal, &msg);
+ if (ret)
+ goto out;
+
+ e = ldap_first_entry(HDB2LDAP(db), msg);
+ if (e == NULL) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ dn = ldap_get_dn(HDB2LDAP(db), e);
+ if (dn == NULL) {
+ ret = HDB_ERR_NOENTRY;
+ goto out;
+ }
+
+ rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
+ if (rc != LDAP_SUCCESS) {
+ krb5_set_error_string(context, "ldap_set_option: %s",
+ ldap_err2string(rc));
+ ret = HDB_ERR_BADVERSION;
+ goto out;
+ }
+
+ rc = ldap_delete_s(HDB2LDAP(db), dn);
+ if (check_ldap(context, db, rc)) {
+ krb5_set_error_string(context, "ldap_delete_s: %s",
+ ldap_err2string(rc));
+ ret = HDB_ERR_CANT_LOCK_DB;
+ } else
+ ret = 0;
+
+ out:
+ if (dn != NULL)
+ free(dn);
+ if (msg != NULL)
+ ldap_msgfree(msg);
+
+ return ret;
+}
+
+static krb5_error_code
+LDAP_destroy(krb5_context context, HDB * db)
+{
+ krb5_error_code ret;
+
+ LDAP_close(context, db);
+
+ ret = hdb_clear_master_key(context, db);
+ if (HDB2BASE(db))
+ free(HDB2BASE(db));
+ if (HDB2CREATE(db))
+ free(HDB2CREATE(db));
+ if (HDB2URL(db))
+ free(HDB2URL(db));
+ if (db->hdb_name)
+ free(db->hdb_name);
+ free(db->hdb_db);
+ free(db);
+
+ return ret;
+}
+
+krb5_error_code
+hdb_ldap_common(krb5_context context,
+ HDB ** db,
+ const char *search_base,
+ const char *url)
+{
+ struct hdbldapdb *h;
+ const char *create_base = NULL;
+
+ if (search_base == NULL && search_base[0] == '\0') {
+ krb5_set_error_string(context, "ldap search base not configured");
+ return ENOMEM; /* XXX */
+ }
+
+ if (structural_object == NULL) {
+ const char *p;
+
+ p = krb5_config_get_string(context, NULL, "kdc",
+ "hdb-ldap-structural-object", NULL);
+ if (p == NULL)
+ p = default_structural_object;
+ structural_object = strdup(p);
+ if (structural_object == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+
+ samba_forwardable =
+ krb5_config_get_bool_default(context, NULL, TRUE,
+ "kdc", "hdb-samba-forwardable", NULL);
+
+ *db = calloc(1, sizeof(**db));
+ if (*db == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memset(*db, 0, sizeof(**db));
+
+ h = calloc(1, sizeof(*h));
+ if (h == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free(*db);
+ *db = NULL;
+ return ENOMEM;
+ }
+ (*db)->hdb_db = h;
+
+ /* XXX */
+ if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) {
+ LDAP_destroy(context, *db);
+ krb5_set_error_string(context, "strdup: out of memory");
+ *db = NULL;
+ return ENOMEM;
+ }
+
+ h->h_url = strdup(url);
+ h->h_base = strdup(search_base);
+ if (h->h_url == NULL || h->h_base == NULL) {
+ LDAP_destroy(context, *db);
+ krb5_set_error_string(context, "strdup: out of memory");
+ *db = NULL;
+ return ENOMEM;
+ }
+
+ create_base = krb5_config_get_string(context, NULL, "kdc",
+ "hdb-ldap-create-base", NULL);
+ if (create_base == NULL)
+ create_base = h->h_base;
+
+ h->h_createbase = strdup(create_base);
+ if (h->h_createbase == NULL) {
+ LDAP_destroy(context, *db);
+ krb5_set_error_string(context, "strdup: out of memory");
+ *db = NULL;
+ return ENOMEM;
+ }
+
+ (*db)->hdb_master_key_set = 0;
+ (*db)->hdb_openp = 0;
+ (*db)->hdb_open = LDAP_open;
+ (*db)->hdb_close = LDAP_close;
+ (*db)->hdb_fetch = LDAP_fetch;
+ (*db)->hdb_store = LDAP_store;
+ (*db)->hdb_remove = LDAP_remove;
+ (*db)->hdb_firstkey = LDAP_firstkey;
+ (*db)->hdb_nextkey = LDAP_nextkey;
+ (*db)->hdb_lock = LDAP_lock;
+ (*db)->hdb_unlock = LDAP_unlock;
+ (*db)->hdb_rename = NULL;
+ (*db)->hdb__get = NULL;
+ (*db)->hdb__put = NULL;
+ (*db)->hdb__del = NULL;
+ (*db)->hdb_destroy = LDAP_destroy;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
+{
+ return hdb_ldap_common(context, db, arg, "ldapi:///");
+}
+
+krb5_error_code
+hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg)
+{
+ krb5_error_code ret;
+ char *search_base, *p;
+
+ asprintf(&p, "ldapi:%s", arg);
+ if (p == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ *db = NULL;
+ return ENOMEM;
+ }
+ search_base = strchr(p + strlen("ldapi://"), ':');
+ if (search_base == NULL) {
+ krb5_set_error_string(context, "search base missing");
+ *db = NULL;
+ return HDB_ERR_BADVERSION;
+ }
+ *search_base = '\0';
+ search_base++;
+
+ ret = hdb_ldap_common(context, db, search_base, p);
+ free(p);
+ return ret;
+}
+
+#ifdef OPENLDAP_MODULE
+
+struct hdb_so_method hdb_ldap_interface = {
+ HDB_INTERFACE_VERSION,
+ "ldap",
+ hdb_ldap_create
+};
+
+struct hdb_so_method hdb_ldapi_interface = {
+ HDB_INTERFACE_VERSION,
+ "ldapi",
+ hdb_ldapi_create
+};
+
+#endif
+
+#endif /* OPENLDAP */
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54 @@
+/* This is a generated file */
+#ifndef __hdb_private_h__
+#define __hdb_private_h__
+
+#include <stdarg.h>
+
+krb5_error_code
+_hdb_fetch (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ krb5_const_principal /*principal*/,
+ unsigned /*flags*/,
+ hdb_entry_ex */*entry*/);
+
+hdb_master_key
+_hdb_find_master_key (
+ uint32_t */*mkvno*/,
+ hdb_master_key /*mkey*/);
+
+int
+_hdb_mkey_decrypt (
+ krb5_context /*context*/,
+ hdb_master_key /*key*/,
+ krb5_key_usage /*usage*/,
+ void */*ptr*/,
+ size_t /*size*/,
+ krb5_data */*res*/);
+
+int
+_hdb_mkey_encrypt (
+ krb5_context /*context*/,
+ hdb_master_key /*key*/,
+ krb5_key_usage /*usage*/,
+ const void */*ptr*/,
+ size_t /*size*/,
+ krb5_data */*res*/);
+
+int
+_hdb_mkey_version (hdb_master_key /*mkey*/);
+
+krb5_error_code
+_hdb_remove (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ krb5_const_principal /*principal*/);
+
+krb5_error_code
+_hdb_store (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ unsigned /*flags*/,
+ hdb_entry_ex */*entry*/);
+
+#endif /* __hdb_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,400 @@
+/* This is a generated file */
+#ifndef __hdb_protos_h__
+#define __hdb_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+krb5_error_code
+hdb_add_master_key (
+ krb5_context /*context*/,
+ krb5_keyblock */*key*/,
+ hdb_master_key */*inout*/);
+
+krb5_error_code
+hdb_check_db_format (
+ krb5_context /*context*/,
+ HDB */*db*/);
+
+krb5_error_code
+hdb_clear_extension (
+ krb5_context /*context*/,
+ hdb_entry */*entry*/,
+ int /*type*/);
+
+krb5_error_code
+hdb_clear_master_key (
+ krb5_context /*context*/,
+ HDB */*db*/);
+
+krb5_error_code
+hdb_create (
+ krb5_context /*context*/,
+ HDB **/*db*/,
+ const char */*filename*/);
+
+krb5_error_code
+hdb_db_create (
+ krb5_context /*context*/,
+ HDB **/*db*/,
+ const char */*filename*/);
+
+const char *
+hdb_db_dir (krb5_context /*context*/);
+
+const char *
+hdb_dbinfo_get_acl_file (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+const krb5_config_binding *
+hdb_dbinfo_get_binding (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+const char *
+hdb_dbinfo_get_dbname (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+const char *
+hdb_dbinfo_get_label (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+const char *
+hdb_dbinfo_get_log_file (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+const char *
+hdb_dbinfo_get_mkey_file (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+struct hdb_dbinfo *
+hdb_dbinfo_get_next (
+ struct hdb_dbinfo */*dbp*/,
+ struct hdb_dbinfo */*dbprevp*/);
+
+const char *
+hdb_dbinfo_get_realm (
+ krb5_context /*context*/,
+ struct hdb_dbinfo */*dbp*/);
+
+const char *
+hdb_default_db (krb5_context /*context*/);
+
+krb5_error_code
+hdb_enctype2key (
+ krb5_context /*context*/,
+ hdb_entry */*e*/,
+ krb5_enctype /*enctype*/,
+ Key **/*key*/);
+
+krb5_error_code
+hdb_entry2string (
+ krb5_context /*context*/,
+ hdb_entry */*ent*/,
+ char **/*str*/);
+
+int
+hdb_entry2value (
+ krb5_context /*context*/,
+ const hdb_entry */*ent*/,
+ krb5_data */*value*/);
+
+int
+hdb_entry_alias2value (
+ krb5_context /*context*/,
+ const hdb_entry_alias */*alias*/,
+ krb5_data */*value*/);
+
+krb5_error_code
+hdb_entry_check_mandatory (
+ krb5_context /*context*/,
+ const hdb_entry */*ent*/);
+
+int
+hdb_entry_clear_password (
+ krb5_context /*context*/,
+ hdb_entry */*entry*/);
+
+krb5_error_code
+hdb_entry_get_ConstrainedDelegACL (
+ const hdb_entry */*entry*/,
+ const HDB_Ext_Constrained_delegation_acl **/*a*/);
+
+krb5_error_code
+hdb_entry_get_aliases (
+ const hdb_entry */*entry*/,
+ const HDB_Ext_Aliases **/*a*/);
+
+int
+hdb_entry_get_password (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ const hdb_entry */*entry*/,
+ char **/*p*/);
+
+krb5_error_code
+hdb_entry_get_pkinit_acl (
+ const hdb_entry */*entry*/,
+ const HDB_Ext_PKINIT_acl **/*a*/);
+
+krb5_error_code
+hdb_entry_get_pkinit_hash (
+ const hdb_entry */*entry*/,
+ const HDB_Ext_PKINIT_hash **/*a*/);
+
+krb5_error_code
+hdb_entry_get_pw_change_time (
+ const hdb_entry */*entry*/,
+ time_t */*t*/);
+
+int
+hdb_entry_set_password (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ hdb_entry */*entry*/,
+ const char */*p*/);
+
+krb5_error_code
+hdb_entry_set_pw_change_time (
+ krb5_context /*context*/,
+ hdb_entry */*entry*/,
+ time_t /*t*/);
+
+HDB_extension *
+hdb_find_extension (
+ const hdb_entry */*entry*/,
+ int /*type*/);
+
+krb5_error_code
+hdb_foreach (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ unsigned /*flags*/,
+ hdb_foreach_func_t /*func*/,
+ void */*data*/);
+
+void
+hdb_free_dbinfo (
+ krb5_context /*context*/,
+ struct hdb_dbinfo **/*dbp*/);
+
+void
+hdb_free_entry (
+ krb5_context /*context*/,
+ hdb_entry_ex */*ent*/);
+
+void
+hdb_free_key (Key */*key*/);
+
+void
+hdb_free_keys (
+ krb5_context /*context*/,
+ int /*len*/,
+ Key */*keys*/);
+
+void
+hdb_free_master_key (
+ krb5_context /*context*/,
+ hdb_master_key /*mkey*/);
+
+krb5_error_code
+hdb_generate_key_set (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ Key **/*ret_key_set*/,
+ size_t */*nkeyset*/,
+ int /*no_salt*/);
+
+krb5_error_code
+hdb_generate_key_set_password (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ const char */*password*/,
+ Key **/*keys*/,
+ size_t */*num_keys*/);
+
+int
+hdb_get_dbinfo (
+ krb5_context /*context*/,
+ struct hdb_dbinfo **/*dbp*/);
+
+krb5_error_code
+hdb_init_db (
+ krb5_context /*context*/,
+ HDB */*db*/);
+
+int
+hdb_key2principal (
+ krb5_context /*context*/,
+ krb5_data */*key*/,
+ krb5_principal /*p*/);
+
+krb5_error_code
+hdb_ldap_common (
+ krb5_context /*context*/,
+ HDB ** /*db*/,
+ const char */*search_base*/,
+ const char */*url*/);
+
+krb5_error_code
+hdb_ldap_create (
+ krb5_context /*context*/,
+ HDB ** /*db*/,
+ const char */*arg*/);
+
+krb5_error_code
+hdb_ldapi_create (
+ krb5_context /*context*/,
+ HDB ** /*db*/,
+ const char */*arg*/);
+
+krb5_error_code
+hdb_list_builtin (
+ krb5_context /*context*/,
+ char **/*list*/);
+
+krb5_error_code
+hdb_lock (
+ int /*fd*/,
+ int /*operation*/);
+
+krb5_error_code
+hdb_ndbm_create (
+ krb5_context /*context*/,
+ HDB **/*db*/,
+ const char */*filename*/);
+
+krb5_error_code
+hdb_next_enctype2key (
+ krb5_context /*context*/,
+ const hdb_entry */*e*/,
+ krb5_enctype /*enctype*/,
+ Key **/*key*/);
+
+int
+hdb_principal2key (
+ krb5_context /*context*/,
+ krb5_const_principal /*p*/,
+ krb5_data */*key*/);
+
+krb5_error_code
+hdb_print_entry (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ hdb_entry_ex */*entry*/,
+ void */*data*/);
+
+krb5_error_code
+hdb_process_master_key (
+ krb5_context /*context*/,
+ int /*kvno*/,
+ krb5_keyblock */*key*/,
+ krb5_enctype /*etype*/,
+ hdb_master_key */*mkey*/);
+
+krb5_error_code
+hdb_read_master_key (
+ krb5_context /*context*/,
+ const char */*filename*/,
+ hdb_master_key */*mkey*/);
+
+krb5_error_code
+hdb_replace_extension (
+ krb5_context /*context*/,
+ hdb_entry */*entry*/,
+ const HDB_extension */*ext*/);
+
+krb5_error_code
+hdb_seal_key (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ Key */*k*/);
+
+krb5_error_code
+hdb_seal_key_mkey (
+ krb5_context /*context*/,
+ Key */*k*/,
+ hdb_master_key /*mkey*/);
+
+krb5_error_code
+hdb_seal_keys (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ hdb_entry */*ent*/);
+
+krb5_error_code
+hdb_seal_keys_mkey (
+ krb5_context /*context*/,
+ hdb_entry */*ent*/,
+ hdb_master_key /*mkey*/);
+
+krb5_error_code
+hdb_set_master_key (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code
+hdb_set_master_keyfile (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ const char */*keyfile*/);
+
+krb5_error_code
+hdb_unlock (int /*fd*/);
+
+krb5_error_code
+hdb_unseal_key (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ Key */*k*/);
+
+krb5_error_code
+hdb_unseal_key_mkey (
+ krb5_context /*context*/,
+ Key */*k*/,
+ hdb_master_key /*mkey*/);
+
+krb5_error_code
+hdb_unseal_keys (
+ krb5_context /*context*/,
+ HDB */*db*/,
+ hdb_entry */*ent*/);
+
+krb5_error_code
+hdb_unseal_keys_mkey (
+ krb5_context /*context*/,
+ hdb_entry */*ent*/,
+ hdb_master_key /*mkey*/);
+
+int
+hdb_value2entry (
+ krb5_context /*context*/,
+ krb5_data */*value*/,
+ hdb_entry */*ent*/);
+
+int
+hdb_value2entry_alias (
+ krb5_context /*context*/,
+ krb5_data */*value*/,
+ hdb_entry_alias */*ent*/);
+
+krb5_error_code
+hdb_write_master_key (
+ krb5_context /*context*/,
+ const char */*filename*/,
+ hdb_master_key /*mkey*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __hdb_protos_h__ */
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,127 @@
+-- $Id: hdb.asn1,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+HDB DEFINITIONS ::=
+BEGIN
+
+IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5;
+
+HDB_DB_FORMAT INTEGER ::= 2 -- format of database,
+ -- update when making changes
+
+-- these must have the same value as the pa-* counterparts
+hdb-pw-salt INTEGER ::= 3
+hdb-afs3-salt INTEGER ::= 10
+
+Salt ::= SEQUENCE {
+ type[0] INTEGER (0..4294967295),
+ salt[1] OCTET STRING
+}
+
+Key ::= SEQUENCE {
+ mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number
+ key[1] EncryptionKey,
+ salt[2] Salt OPTIONAL
+}
+
+Event ::= SEQUENCE {
+ time[0] KerberosTime,
+ principal[1] Principal OPTIONAL
+}
+
+HDBFlags ::= BIT STRING {
+ initial(0), -- require as-req
+ forwardable(1), -- may issue forwardable
+ proxiable(2), -- may issue proxiable
+ renewable(3), -- may issue renewable
+ postdate(4), -- may issue postdatable
+ server(5), -- may be server
+ client(6), -- may be client
+ invalid(7), -- entry is invalid
+ require-preauth(8), -- must use preauth
+ change-pw(9), -- change password service
+ require-hwauth(10), -- must use hwauth
+ ok-as-delegate(11), -- as in TicketFlags
+ user-to-user(12), -- may use user-to-user auth
+ immutable(13), -- may not be deleted
+ trusted-for-delegation(14), -- Trusted to print forwardabled tickets
+ allow-kerberos4(15), -- Allow Kerberos 4 requests
+ allow-digest(16) -- Allow digest requests
+}
+
+GENERATION ::= SEQUENCE {
+ time[0] KerberosTime, -- timestamp
+ usec[1] INTEGER (0..4294967295), -- microseconds
+ gen[2] INTEGER (0..4294967295) -- generation number
+}
+
+HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE {
+ subject[0] UTF8String,
+ issuer[1] UTF8String OPTIONAL,
+ anchor[2] UTF8String OPTIONAL
+}
+
+HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE {
+ digest-type[0] OBJECT IDENTIFIER,
+ digest[1] OCTET STRING
+}
+
+HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal
+
+-- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA
+
+HDB-Ext-Lan-Manager-OWF ::= OCTET STRING
+
+HDB-Ext-Password ::= SEQUENCE {
+ mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number
+ password OCTET STRING
+}
+
+HDB-Ext-Aliases ::= SEQUENCE {
+ case-insensitive[0] BOOLEAN, -- case insensitive name allowed
+ aliases[1] SEQUENCE OF Principal -- all names, inc primary
+}
+
+
+HDB-extension ::= SEQUENCE {
+ mandatory[0] BOOLEAN, -- kdc MUST understand this extension,
+ -- if not the whole entry must
+ -- be rejected
+ data[1] CHOICE {
+ pkinit-acl[0] HDB-Ext-PKINIT-acl,
+ pkinit-cert-hash[1] HDB-Ext-PKINIT-hash,
+ allowed-to-delegate-to[2] HDB-Ext-Constrained-delegation-acl,
+-- referral-info[3] HDB-Ext-Referrals,
+ lm-owf[4] HDB-Ext-Lan-Manager-OWF,
+ password[5] HDB-Ext-Password,
+ aliases[6] HDB-Ext-Aliases,
+ last-pw-change[7] KerberosTime,
+ ...
+ },
+ ...
+}
+
+HDB-extensions ::= SEQUENCE OF HDB-extension
+
+
+hdb_entry ::= SEQUENCE {
+ principal[0] Principal OPTIONAL, -- this is optional only
+ -- for compatibility with libkrb5
+ kvno[1] INTEGER (0..4294967295),
+ keys[2] SEQUENCE OF Key,
+ created-by[3] Event,
+ modified-by[4] Event OPTIONAL,
+ valid-start[5] KerberosTime OPTIONAL,
+ valid-end[6] KerberosTime OPTIONAL,
+ pw-end[7] KerberosTime OPTIONAL,
+ max-life[8] INTEGER (0..4294967295) OPTIONAL,
+ max-renew[9] INTEGER (0..4294967295) OPTIONAL,
+ flags[10] HDBFlags,
+ etypes[11] SEQUENCE OF INTEGER (0..4294967295) OPTIONAL,
+ generation[12] GENERATION OPTIONAL,
+ extensions[13] HDB-extensions OPTIONAL
+}
+
+hdb_entry_alias ::= [APPLICATION 0] SEQUENCE {
+ principal[0] Principal OPTIONAL
+}
+
+END
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,412 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: hdb.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+struct hdb_method {
+ const char *prefix;
+ krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
+};
+
+static struct hdb_method methods[] = {
+#if HAVE_DB1 || HAVE_DB3
+ {"db:", hdb_db_create},
+#endif
+#if HAVE_NDBM
+ {"ndbm:", hdb_ndbm_create},
+#endif
+#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
+ {"ldap:", hdb_ldap_create},
+ {"ldapi:", hdb_ldapi_create},
+#endif
+#ifdef HAVE_LDB /* Used for integrated samba build */
+ {"ldb:", hdb_ldb_create},
+#endif
+ {NULL, NULL}
+};
+
+#if HAVE_DB1 || HAVE_DB3
+static struct hdb_method dbmetod = {"", hdb_db_create };
+#elif defined(HAVE_NDBM)
+static struct hdb_method dbmetod = {"", hdb_ndbm_create };
+#endif
+
+
+krb5_error_code
+hdb_next_enctype2key(krb5_context context,
+ const hdb_entry *e,
+ krb5_enctype enctype,
+ Key **key)
+{
+ Key *k;
+
+ for (k = *key ? (*key) + 1 : e->keys.val;
+ k < e->keys.val + e->keys.len;
+ k++)
+ {
+ if(k->key.keytype == enctype){
+ *key = k;
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "No next enctype %d for hdb-entry",
+ (int)enctype);
+ return KRB5_PROG_ETYPE_NOSUPP; /* XXX */
+}
+
+krb5_error_code
+hdb_enctype2key(krb5_context context,
+ hdb_entry *e,
+ krb5_enctype enctype,
+ Key **key)
+{
+ *key = NULL;
+ return hdb_next_enctype2key(context, e, enctype, key);
+}
+
+void
+hdb_free_key(Key *key)
+{
+ memset(key->key.keyvalue.data,
+ 0,
+ key->key.keyvalue.length);
+ free_Key(key);
+ free(key);
+}
+
+
+krb5_error_code
+hdb_lock(int fd, int operation)
+{
+ int i, code = 0;
+
+ for(i = 0; i < 3; i++){
+ code = flock(fd, (operation == HDB_RLOCK ? LOCK_SH : LOCK_EX) | LOCK_NB);
+ if(code == 0 || errno != EWOULDBLOCK)
+ break;
+ sleep(1);
+ }
+ if(code == 0)
+ return 0;
+ if(errno == EWOULDBLOCK)
+ return HDB_ERR_DB_INUSE;
+ return HDB_ERR_CANT_LOCK_DB;
+}
+
+krb5_error_code
+hdb_unlock(int fd)
+{
+ int code;
+ code = flock(fd, LOCK_UN);
+ if(code)
+ return 4711 /* XXX */;
+ return 0;
+}
+
+void
+hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
+{
+ int i;
+
+ if (ent->free_entry)
+ (*ent->free_entry)(context, ent);
+
+ for(i = 0; i < ent->entry.keys.len; ++i) {
+ Key *k = &ent->entry.keys.val[i];
+
+ memset (k->key.keyvalue.data, 0, k->key.keyvalue.length);
+ }
+ free_hdb_entry(&ent->entry);
+}
+
+krb5_error_code
+hdb_foreach(krb5_context context,
+ HDB *db,
+ unsigned flags,
+ hdb_foreach_func_t func,
+ void *data)
+{
+ krb5_error_code ret;
+ hdb_entry_ex entry;
+ ret = db->hdb_firstkey(context, db, flags, &entry);
+ if (ret == 0)
+ krb5_clear_error_string(context);
+ while(ret == 0){
+ ret = (*func)(context, db, &entry, data);
+ hdb_free_entry(context, &entry);
+ if(ret == 0)
+ ret = db->hdb_nextkey(context, db, flags, &entry);
+ }
+ if(ret == HDB_ERR_NOENTRY)
+ ret = 0;
+ return ret;
+}
+
+krb5_error_code
+hdb_check_db_format(krb5_context context, HDB *db)
+{
+ krb5_data tag;
+ krb5_data version;
+ krb5_error_code ret, ret2;
+ unsigned ver;
+ int foo;
+
+ ret = db->hdb_lock(context, db, HDB_RLOCK);
+ if (ret)
+ return ret;
+
+ tag.data = HDB_DB_FORMAT_ENTRY;
+ tag.length = strlen(tag.data);
+ ret = (*db->hdb__get)(context, db, tag, &version);
+ ret2 = db->hdb_unlock(context, db);
+ if(ret)
+ return ret;
+ if (ret2)
+ return ret2;
+ foo = sscanf(version.data, "%u", &ver);
+ krb5_data_free (&version);
+ if (foo != 1)
+ return HDB_ERR_BADVERSION;
+ if(ver != HDB_DB_FORMAT)
+ return HDB_ERR_BADVERSION;
+ return 0;
+}
+
+krb5_error_code
+hdb_init_db(krb5_context context, HDB *db)
+{
+ krb5_error_code ret, ret2;
+ krb5_data tag;
+ krb5_data version;
+ char ver[32];
+
+ ret = hdb_check_db_format(context, db);
+ if(ret != HDB_ERR_NOENTRY)
+ return ret;
+
+ ret = db->hdb_lock(context, db, HDB_WLOCK);
+ if (ret)
+ return ret;
+
+ tag.data = HDB_DB_FORMAT_ENTRY;
+ tag.length = strlen(tag.data);
+ snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
+ version.data = ver;
+ version.length = strlen(version.data) + 1; /* zero terminated */
+ ret = (*db->hdb__put)(context, db, 0, tag, version);
+ ret2 = db->hdb_unlock(context, db);
+ if (ret) {
+ if (ret2)
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ return ret2;
+}
+
+#ifdef HAVE_DLOPEN
+
+ /*
+ * Load a dynamic backend from /usr/heimdal/lib/hdb_NAME.so,
+ * looking for the hdb_NAME_create symbol.
+ */
+
+static const struct hdb_method *
+find_dynamic_method (krb5_context context,
+ const char *filename,
+ const char **rest)
+{
+ static struct hdb_method method;
+ struct hdb_so_method *mso;
+ char *prefix, *path, *symbol;
+ const char *p;
+ void *dl;
+ size_t len;
+
+ p = strchr(filename, ':');
+
+ /* if no prefix, don't know what module to load, just ignore it */
+ if (p == NULL)
+ return NULL;
+
+ len = p - filename;
+ *rest = filename + len + 1;
+
+ prefix = strndup(filename, len);
+ if (prefix == NULL)
+ krb5_errx(context, 1, "out of memory");
+
+ if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1)
+ krb5_errx(context, 1, "out of memory");
+
+#ifndef RTLD_NOW
+#define RTLD_NOW 0
+#endif
+#ifndef RTLD_GLOBAL
+#define RTLD_GLOBAL 0
+#endif
+
+ dl = dlopen(path, RTLD_NOW | RTLD_GLOBAL);
+ if (dl == NULL) {
+ krb5_warnx(context, "error trying to load dynamic module %s: %s\n",
+ path, dlerror());
+ free(prefix);
+ free(path);
+ return NULL;
+ }
+
+ if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
+ krb5_errx(context, 1, "out of memory");
+
+ mso = dlsym(dl, symbol);
+ if (mso == NULL) {
+ krb5_warnx(context, "error finding symbol %s in %s: %s\n",
+ symbol, path, dlerror());
+ dlclose(dl);
+ free(symbol);
+ free(prefix);
+ free(path);
+ return NULL;
+ }
+ free(path);
+ free(symbol);
+
+ if (mso->version != HDB_INTERFACE_VERSION) {
+ krb5_warnx(context,
+ "error wrong version in shared module %s "
+ "version: %d should have been %d\n",
+ prefix, mso->version, HDB_INTERFACE_VERSION);
+ dlclose(dl);
+ free(prefix);
+ return NULL;
+ }
+
+ if (mso->create == NULL) {
+ krb5_errx(context, 1,
+ "no entry point function in shared mod %s ",
+ prefix);
+ dlclose(dl);
+ free(prefix);
+ return NULL;
+ }
+
+ method.create = mso->create;
+ method.prefix = prefix;
+
+ return &method;
+}
+#endif /* HAVE_DLOPEN */
+
+/*
+ * find the relevant method for `filename', returning a pointer to the
+ * rest in `rest'.
+ * return NULL if there's no such method.
+ */
+
+static const struct hdb_method *
+find_method (const char *filename, const char **rest)
+{
+ const struct hdb_method *h;
+
+ for (h = methods; h->prefix != NULL; ++h) {
+ if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) {
+ *rest = filename + strlen(h->prefix);
+ return h;
+ }
+ }
+#if defined(HAVE_DB1) || defined(HAVE_DB3) || defined(HAVE_NDBM)
+ if (strncmp(filename, "/", 1) == 0
+ || strncmp(filename, "./", 2) == 0
+ || strncmp(filename, "../", 3) == 0)
+ {
+ *rest = filename;
+ return &dbmetod;
+ }
+#endif
+
+ return NULL;
+}
+
+krb5_error_code
+hdb_list_builtin(krb5_context context, char **list)
+{
+ const struct hdb_method *h;
+ size_t len = 0;
+ char *buf = NULL;
+
+ for (h = methods; h->prefix != NULL; ++h) {
+ if (h->prefix[0] == '\0')
+ continue;
+ len += strlen(h->prefix) + 2;
+ }
+
+ len += 1;
+ buf = malloc(len);
+ if (buf == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ buf[0] = '\0';
+
+ for (h = methods; h->prefix != NULL; ++h) {
+ if (h != methods)
+ strlcat(buf, ", ", len);
+ strlcat(buf, h->prefix, len);
+ }
+ *list = buf;
+ return 0;
+}
+
+krb5_error_code
+hdb_create(krb5_context context, HDB **db, const char *filename)
+{
+ const struct hdb_method *h;
+ const char *residual;
+
+ if(filename == NULL)
+ filename = HDB_DEFAULT_DB;
+ krb5_add_et_list(context, initialize_hdb_error_table_r);
+ h = find_method (filename, &residual);
+#ifdef HAVE_DLOPEN
+ if (h == NULL)
+ h = find_dynamic_method (context, filename, &residual);
+#endif
+ if (h == NULL)
+ krb5_errx(context, 1, "No database support for %s", filename);
+ return (*h->create)(context, db, residual);
+}
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hdb.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __HDB_H__
+#define __HDB_H__
+
+#include <hdb_err.h>
+
+#include <heim_asn1.h>
+#include <hdb_asn1.h>
+
+struct hdb_dbinfo;
+
+enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
+
+/* flags for various functions */
+#define HDB_F_DECRYPT 1 /* decrypt keys */
+#define HDB_F_REPLACE 2 /* replace entry */
+#define HDB_F_GET_CLIENT 4 /* fetch client */
+#define HDB_F_GET_SERVER 8 /* fetch server */
+#define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */
+#define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */
+#define HDB_F_CANON 32 /* want canonicalition */
+
+/* key usage for master key */
+#define HDB_KU_MKEY 0x484442
+
+typedef struct hdb_master_key_data *hdb_master_key;
+
+typedef struct hdb_entry_ex {
+ void *ctx;
+ hdb_entry entry;
+ void (*free_entry)(krb5_context, struct hdb_entry_ex *);
+} hdb_entry_ex;
+
+
+typedef struct HDB{
+ void *hdb_db;
+ void *hdb_dbc;
+ char *hdb_name;
+ int hdb_master_key_set;
+ hdb_master_key hdb_master_key;
+ int hdb_openp;
+
+ krb5_error_code (*hdb_open)(krb5_context,
+ struct HDB*,
+ int,
+ mode_t);
+ krb5_error_code (*hdb_close)(krb5_context,
+ struct HDB*);
+ void (*hdb_free)(krb5_context,
+ struct HDB*,
+ hdb_entry_ex*);
+ krb5_error_code (*hdb_fetch)(krb5_context,
+ struct HDB*,
+ krb5_const_principal,
+ unsigned,
+ hdb_entry_ex*);
+ krb5_error_code (*hdb_store)(krb5_context,
+ struct HDB*,
+ unsigned,
+ hdb_entry_ex*);
+ krb5_error_code (*hdb_remove)(krb5_context,
+ struct HDB*,
+ krb5_const_principal);
+ krb5_error_code (*hdb_firstkey)(krb5_context,
+ struct HDB*,
+ unsigned,
+ hdb_entry_ex*);
+ krb5_error_code (*hdb_nextkey)(krb5_context,
+ struct HDB*,
+ unsigned,
+ hdb_entry_ex*);
+ krb5_error_code (*hdb_lock)(krb5_context,
+ struct HDB*,
+ int operation);
+ krb5_error_code (*hdb_unlock)(krb5_context,
+ struct HDB*);
+ krb5_error_code (*hdb_rename)(krb5_context,
+ struct HDB*,
+ const char*);
+ krb5_error_code (*hdb__get)(krb5_context,
+ struct HDB*,
+ krb5_data,
+ krb5_data*);
+ krb5_error_code (*hdb__put)(krb5_context,
+ struct HDB*,
+ int,
+ krb5_data,
+ krb5_data);
+ krb5_error_code (*hdb__del)(krb5_context,
+ struct HDB*,
+ krb5_data);
+ krb5_error_code (*hdb_destroy)(krb5_context,
+ struct HDB*);
+}HDB;
+
+#define HDB_INTERFACE_VERSION 4
+
+struct hdb_so_method {
+ int version;
+ const char *prefix;
+ krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
+};
+
+typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*,
+ hdb_entry_ex*, void*);
+extern krb5_kt_ops hdb_kt_ops;
+
+#include <hdb-protos.h>
+
+#endif /* __HDB_H__ */
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb.schema
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb.schema (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb.schema 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,139 @@
+# Definitions for a Kerberos V KDC schema
+#
+# $Id: hdb.schema,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+#
+# This version is compatible with OpenLDAP 1.8
+#
+# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
+#
+# Syntaxes are under 1.3.6.1.4.1.5322.10.0
+# Attributes types are under 1.3.6.1.4.1.5322.10.1
+# Object classes are under 1.3.6.1.4.1.5322.10.2
+
+# Syntax definitions
+
+#krb5KDCFlagsSyntax SYNTAX ::= {
+# WITH SYNTAX INTEGER
+#-- initial(0), -- require as-req
+#-- forwardable(1), -- may issue forwardable
+#-- proxiable(2), -- may issue proxiable
+#-- renewable(3), -- may issue renewable
+#-- postdate(4), -- may issue postdatable
+#-- server(5), -- may be server
+#-- client(6), -- may be client
+#-- invalid(7), -- entry is invalid
+#-- require-preauth(8), -- must use preauth
+#-- change-pw(9), -- change password service
+#-- require-hwauth(10), -- must use hwauth
+#-- ok-as-delegate(11), -- as in TicketFlags
+#-- user-to-user(12), -- may use user-to-user auth
+#-- immutable(13) -- may not be deleted
+# ID { 1.3.6.1.4.1.5322.10.0.1 }
+#}
+
+#krb5PrincipalNameSyntax SYNTAX ::= {
+# WITH SYNTAX OCTET STRING
+#-- String representations of distinguished names as per RFC1510
+# ID { 1.3.6.1.4.1.5322.10.0.2 }
+#}
+
+# Attribute type definitions
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.1
+ NAME 'krb5PrincipalName'
+ DESC 'The unparsed Kerberos principal name'
+ EQUALITY caseExactIA5Match
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.2
+ NAME 'krb5KeyVersionNumber'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.3
+ NAME 'krb5MaxLife'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.4
+ NAME 'krb5MaxRenew'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.5
+ NAME 'krb5KDCFlags'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.6
+ NAME 'krb5EncryptionType'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.7
+ NAME 'krb5ValidStart'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.8
+ NAME 'krb5ValidEnd'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.9
+ NAME 'krb5PasswordEnd'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+# this is temporary; keys will eventually
+# be child entries or compound attributes.
+attributetype ( 1.3.6.1.4.1.5322.10.1.10
+ NAME 'krb5Key'
+ DESC 'Encoded ASN1 Key as an octet string'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.11
+ NAME 'krb5PrincipalRealm'
+ DESC 'Distinguished name of krb5Realm entry'
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.12
+ NAME 'krb5RealmName'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Object class definitions
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.1
+ NAME 'krb5Principal'
+ SUP top
+ AUXILIARY
+ MUST ( krb5PrincipalName )
+ MAY ( cn $ krb5PrincipalRealm ) )
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.2
+ NAME 'krb5KDCEntry'
+ SUP krb5Principal
+ AUXILIARY
+ MUST ( krb5KeyVersionNumber )
+ MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
+ krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
+ krb5EncryptionType $ krb5Key ) )
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.3
+ NAME 'krb5Realm'
+ SUP top
+ AUXILIARY
+ MUST ( krb5RealmName ) )
+
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+#
+# Error messages for the hdb library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: hdb_err.et,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $"
+
+error_table hdb
+
+prefix HDB_ERR
+
+index 1
+#error_code INUSE, "Entry already exists in database"
+error_code UK_SERROR, "Database store error"
+error_code UK_RERROR, "Database read error"
+error_code NOENTRY, "No such entry in the database"
+error_code DB_INUSE, "Database is locked or in use--try again later"
+error_code DB_CHANGED, "Database was modified during read"
+error_code RECURSIVELOCK, "Attempt to lock database twice"
+error_code NOTLOCKED, "Attempt to unlock database when not locked"
+error_code BADLOCKMODE, "Invalid kdb lock mode"
+error_code CANT_LOCK_DB, "Insufficient access to lock database"
+error_code EXISTS, "Entry already exists in database"
+error_code BADVERSION, "Wrong database version"
+error_code NO_MKEY, "No correct master key"
+error_code MANDATORY_OPTION, "Entry contains unknown mandatory extension"
+
+end
Added: vendor-crypto/heimdal/dist/lib/hdb/hdb_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/hdb_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/hdb_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1997-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hdb_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+/* $FreeBSD$ */
+
+#ifndef __HDB_LOCL_H__
+#define __HDB_LOCL_H__
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#include <roken.h>
+
+#include "crypto-headers.h"
+#include <krb5.h>
+#include <hdb.h>
+#include <hdb-private.h>
+
+#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
+#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
+
+#endif /* __HDB_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/hdb/keys.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/keys.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/keys.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,398 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: keys.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * free all the memory used by (len, keys)
+ */
+
+void
+hdb_free_keys (krb5_context context, int len, Key *keys)
+{
+ int i;
+
+ for (i = 0; i < len; i++) {
+ free(keys[i].mkvno);
+ keys[i].mkvno = NULL;
+ if (keys[i].salt != NULL) {
+ free_Salt(keys[i].salt);
+ free(keys[i].salt);
+ keys[i].salt = NULL;
+ }
+ krb5_free_keyblock_contents(context, &keys[i].key);
+ }
+ free (keys);
+}
+
+/*
+ * for each entry in `default_keys' try to parse it as a sequence
+ * of etype:salttype:salt, syntax of this if something like:
+ * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it
+ * means all etypes, and if string is omitted is means the default
+ * string (for that principal). Additional special values:
+ * v5 == pw-salt, and
+ * v4 == des:pw-salt:
+ * afs or afs3 == des:afs3-salt
+ */
+
+/* the 3 DES types must be first */
+static const krb5_enctype all_etypes[] = {
+ ETYPE_DES_CBC_MD5,
+ ETYPE_DES_CBC_MD4,
+ ETYPE_DES_CBC_CRC,
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ ETYPE_ARCFOUR_HMAC_MD5,
+ ETYPE_DES3_CBC_SHA1
+};
+
+static krb5_error_code
+parse_key_set(krb5_context context, const char *key,
+ krb5_enctype **ret_enctypes, size_t *ret_num_enctypes,
+ krb5_salt *salt, krb5_principal principal)
+{
+ const char *p;
+ char buf[3][256];
+ int num_buf = 0;
+ int i, num_enctypes = 0;
+ krb5_enctype e;
+ const krb5_enctype *enctypes = NULL;
+ krb5_error_code ret;
+
+ p = key;
+
+ *ret_enctypes = NULL;
+ *ret_num_enctypes = 0;
+
+ /* split p in a list of :-separated strings */
+ for(num_buf = 0; num_buf < 3; num_buf++)
+ if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1)
+ break;
+
+ salt->saltvalue.data = NULL;
+ salt->saltvalue.length = 0;
+
+ for(i = 0; i < num_buf; i++) {
+ if(enctypes == NULL && num_buf > 1) {
+ /* this might be a etype specifier */
+ /* XXX there should be a string_to_etypes handling
+ special cases like `des' and `all' */
+ if(strcmp(buf[i], "des") == 0) {
+ enctypes = all_etypes;
+ num_enctypes = 3;
+ } else if(strcmp(buf[i], "des3") == 0) {
+ e = ETYPE_DES3_CBC_SHA1;
+ enctypes = &e;
+ num_enctypes = 1;
+ } else {
+ ret = krb5_string_to_enctype(context, buf[i], &e);
+ if (ret == 0) {
+ enctypes = &e;
+ num_enctypes = 1;
+ } else
+ return ret;
+ }
+ continue;
+ }
+ if(salt->salttype == 0) {
+ /* interpret string as a salt specifier, if no etype
+ is set, this sets default values */
+ /* XXX should perhaps use string_to_salttype, but that
+ interface sucks */
+ if(strcmp(buf[i], "pw-salt") == 0) {
+ if(enctypes == NULL) {
+ enctypes = all_etypes;
+ num_enctypes = sizeof(all_etypes)/sizeof(all_etypes[0]);
+ }
+ salt->salttype = KRB5_PW_SALT;
+ } else if(strcmp(buf[i], "afs3-salt") == 0) {
+ if(enctypes == NULL) {
+ enctypes = all_etypes;
+ num_enctypes = 3;
+ }
+ salt->salttype = KRB5_AFS3_SALT;
+ }
+ continue;
+ }
+
+ {
+ /* if there is a final string, use it as the string to
+ salt with, this is mostly useful with null salt for
+ v4 compat, and a cell name for afs compat */
+ salt->saltvalue.data = strdup(buf[i]);
+ if (salt->saltvalue.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ salt->saltvalue.length = strlen(buf[i]);
+ }
+ }
+
+ if(enctypes == NULL || salt->salttype == 0) {
+ krb5_set_error_string(context, "bad value for default_keys `%s'", key);
+ return EINVAL;
+ }
+
+ /* if no salt was specified make up default salt */
+ if(salt->saltvalue.data == NULL) {
+ if(salt->salttype == KRB5_PW_SALT)
+ ret = krb5_get_pw_salt(context, principal, salt);
+ else if(salt->salttype == KRB5_AFS3_SALT) {
+ krb5_realm *realm = krb5_princ_realm(context, principal);
+ salt->saltvalue.data = strdup(*realm);
+ if(salt->saltvalue.data == NULL) {
+ krb5_set_error_string(context, "out of memory while "
+ "parsing salt specifiers");
+ return ENOMEM;
+ }
+ strlwr(salt->saltvalue.data);
+ salt->saltvalue.length = strlen(*realm);
+ }
+ }
+
+ *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes);
+ if (*ret_enctypes == NULL) {
+ krb5_free_salt(context, *salt);
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes);
+ *ret_num_enctypes = num_enctypes;
+
+ return 0;
+}
+
+static krb5_error_code
+add_enctype_to_key_set(Key **key_set, size_t *nkeyset,
+ krb5_enctype enctype, krb5_salt *salt)
+{
+ krb5_error_code ret;
+ Key key, *tmp;
+
+ memset(&key, 0, sizeof(key));
+
+ tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0]));
+ if (tmp == NULL)
+ return ENOMEM;
+
+ *key_set = tmp;
+
+ key.key.keytype = enctype;
+ key.key.keyvalue.length = 0;
+ key.key.keyvalue.data = NULL;
+
+ if (salt) {
+ key.salt = malloc(sizeof(*key.salt));
+ if (key.salt == NULL) {
+ free_Key(&key);
+ return ENOMEM;
+ }
+
+ key.salt->type = salt->salttype;
+ krb5_data_zero (&key.salt->salt);
+
+ ret = krb5_data_copy(&key.salt->salt,
+ salt->saltvalue.data,
+ salt->saltvalue.length);
+ if (ret) {
+ free_Key(&key);
+ return ret;
+ }
+ } else
+ key.salt = NULL;
+
+ (*key_set)[*nkeyset] = key;
+
+ *nkeyset += 1;
+
+ return 0;
+}
+
+
+/*
+ * Generate the `key_set' from the [kadmin]default_keys statement. If
+ * `no_salt' is set, salt is not important (and will not be set) since
+ * it's random keys that is going to be created.
+ */
+
+krb5_error_code
+hdb_generate_key_set(krb5_context context, krb5_principal principal,
+ Key **ret_key_set, size_t *nkeyset, int no_salt)
+{
+ char **ktypes, **kp;
+ krb5_error_code ret;
+ Key *k, *key_set;
+ int i, j;
+ char *default_keytypes[] = {
+ "des:pw-salt",
+ "aes256-cts-hmac-sha1-96:pw-salt",
+ "des3-cbc-sha1:pw-salt",
+ "arcfour-hmac-md5:pw-salt",
+ NULL
+ };
+
+ ktypes = krb5_config_get_strings(context, NULL, "kadmin",
+ "default_keys", NULL);
+ if (ktypes == NULL)
+ ktypes = default_keytypes;
+
+ if (ktypes == NULL)
+ abort();
+
+ *ret_key_set = key_set = NULL;
+ *nkeyset = 0;
+
+ ret = 0;
+
+ for(kp = ktypes; kp && *kp; kp++) {
+ const char *p;
+ krb5_salt salt;
+ krb5_enctype *enctypes;
+ size_t num_enctypes;
+
+ p = *kp;
+ /* check alias */
+ if(strcmp(p, "v5") == 0)
+ p = "pw-salt";
+ else if(strcmp(p, "v4") == 0)
+ p = "des:pw-salt:";
+ else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0)
+ p = "des:afs3-salt";
+ else if (strcmp(p, "arcfour-hmac-md5") == 0)
+ p = "arcfour-hmac-md5:pw-salt";
+
+ memset(&salt, 0, sizeof(salt));
+
+ ret = parse_key_set(context, p,
+ &enctypes, &num_enctypes, &salt, principal);
+ if (ret) {
+ krb5_warn(context, ret, "bad value for default_keys `%s'", *kp);
+ ret = 0;
+ continue;
+ }
+
+ for (i = 0; i < num_enctypes; i++) {
+ /* find duplicates */
+ for (j = 0; j < *nkeyset; j++) {
+
+ k = &key_set[j];
+
+ if (k->key.keytype == enctypes[i]) {
+ if (no_salt)
+ break;
+ if (k->salt == NULL && salt.salttype == KRB5_PW_SALT)
+ break;
+ if (k->salt->type == salt.salttype &&
+ k->salt->salt.length == salt.saltvalue.length &&
+ memcmp(k->salt->salt.data, salt.saltvalue.data,
+ salt.saltvalue.length) == 0)
+ break;
+ }
+ }
+ /* not a duplicate, lets add it */
+ if (j == *nkeyset) {
+ ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i],
+ no_salt ? NULL : &salt);
+ if (ret) {
+ free(enctypes);
+ krb5_free_salt(context, salt);
+ goto out;
+ }
+ }
+ }
+ free(enctypes);
+ krb5_free_salt(context, salt);
+ }
+
+ *ret_key_set = key_set;
+
+ out:
+ if (ktypes != default_keytypes)
+ krb5_config_free_strings(ktypes);
+
+ if (ret) {
+ krb5_warn(context, ret,
+ "failed to parse the [kadmin]default_keys values");
+
+ for (i = 0; i < *nkeyset; i++)
+ free_Key(&key_set[i]);
+ free(key_set);
+ } else if (*nkeyset == 0) {
+ krb5_warnx(context,
+ "failed to parse any of the [kadmin]default_keys values");
+ ret = EINVAL; /* XXX */
+ }
+
+ return ret;
+}
+
+
+krb5_error_code
+hdb_generate_key_set_password(krb5_context context,
+ krb5_principal principal,
+ const char *password,
+ Key **keys, size_t *num_keys)
+{
+ krb5_error_code ret;
+ int i;
+
+ ret = hdb_generate_key_set(context, principal,
+ keys, num_keys, 0);
+ if (ret)
+ return ret;
+
+ for (i = 0; i < (*num_keys); i++) {
+ krb5_salt salt;
+
+ salt.salttype = (*keys)[i].salt->type;
+ salt.saltvalue.length = (*keys)[i].salt->salt.length;
+ salt.saltvalue.data = (*keys)[i].salt->salt.data;
+
+ ret = krb5_string_to_key_salt (context,
+ (*keys)[i].key.keytype,
+ password,
+ salt,
+ &(*keys)[i].key);
+
+ if(ret)
+ break;
+ }
+
+ if(ret) {
+ hdb_free_keys (context, *num_keys, *keys);
+ return ret;
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/hdb/keytab.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/keytab.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/keytab.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,272 @@
+/*
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+/* keytab backend for HDB databases */
+
+RCSID("$Id: keytab.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct hdb_data {
+ char *dbname;
+ char *mkey;
+};
+
+/*
+ * the format for HDB keytabs is:
+ * HDB:[database:file:mkey]
+ */
+
+static krb5_error_code
+hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ struct hdb_data *d;
+ const char *db, *mkey;
+
+ d = malloc(sizeof(*d));
+ if(d == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ db = name;
+ mkey = strchr(name, ':');
+ if(mkey == NULL || mkey[1] == '\0') {
+ if(*name == '\0')
+ d->dbname = NULL;
+ else {
+ d->dbname = strdup(name);
+ if(d->dbname == NULL) {
+ free(d);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+ d->mkey = NULL;
+ } else {
+ if((mkey - db) == 0) {
+ d->dbname = NULL;
+ } else {
+ d->dbname = malloc(mkey - db + 1);
+ if(d->dbname == NULL) {
+ free(d);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memmove(d->dbname, db, mkey - db);
+ d->dbname[mkey - db] = '\0';
+ }
+ d->mkey = strdup(mkey + 1);
+ if(d->mkey == NULL) {
+ free(d->dbname);
+ free(d);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+ id->data = d;
+ return 0;
+}
+
+static krb5_error_code
+hdb_close(krb5_context context, krb5_keytab id)
+{
+ struct hdb_data *d = id->data;
+
+ free(d->dbname);
+ free(d->mkey);
+ free(d);
+ return 0;
+}
+
+static krb5_error_code
+hdb_get_name(krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t namesize)
+{
+ struct hdb_data *d = id->data;
+
+ snprintf(name, namesize, "%s%s%s",
+ d->dbname ? d->dbname : "",
+ (d->dbname || d->mkey) ? ":" : "",
+ d->mkey ? d->mkey : "");
+ return 0;
+}
+
+static void
+set_config (krb5_context context,
+ const krb5_config_binding *binding,
+ const char **dbname,
+ const char **mkey)
+{
+ *dbname = krb5_config_get_string(context, binding, "dbname", NULL);
+ *mkey = krb5_config_get_string(context, binding, "mkey_file", NULL);
+}
+
+/*
+ * try to figure out the database (`dbname') and master-key (`mkey')
+ * that should be used for `principal'.
+ */
+
+static void
+find_db (krb5_context context,
+ const char **dbname,
+ const char **mkey,
+ krb5_const_principal principal)
+{
+ const krb5_config_binding *top_bind = NULL;
+ const krb5_config_binding *default_binding = NULL;
+ const krb5_config_binding *db;
+ krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal));
+
+ *dbname = *mkey = NULL;
+
+ while ((db =
+ krb5_config_get_next(context,
+ NULL,
+ &top_bind,
+ krb5_config_list,
+ "kdc",
+ "database",
+ NULL)) != NULL) {
+ const char *p;
+
+ p = krb5_config_get_string (context, db, "realm", NULL);
+ if (p == NULL) {
+ if(default_binding) {
+ krb5_warnx(context, "WARNING: more than one realm-less "
+ "database specification");
+ krb5_warnx(context, "WARNING: using the first encountered");
+ } else
+ default_binding = db;
+ } else if (strcmp (*prealm, p) == 0) {
+ set_config (context, db, dbname, mkey);
+ break;
+ }
+ }
+ if (*dbname == NULL && default_binding != NULL)
+ set_config (context, default_binding, dbname, mkey);
+ if (*dbname == NULL)
+ *dbname = HDB_DEFAULT_DB;
+}
+
+/*
+ * find the keytab entry in `id' for `principal, kvno, enctype' and return
+ * it in `entry'. return 0 or an error code
+ */
+
+static krb5_error_code
+hdb_get_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_const_principal principal,
+ krb5_kvno kvno,
+ krb5_enctype enctype,
+ krb5_keytab_entry *entry)
+{
+ hdb_entry_ex ent;
+ krb5_error_code ret;
+ struct hdb_data *d = id->data;
+ int i;
+ HDB *db;
+ const char *dbname = d->dbname;
+ const char *mkey = d->mkey;
+
+ memset(&ent, 0, sizeof(ent));
+
+ if (dbname == NULL)
+ find_db (context, &dbname, &mkey, principal);
+
+ ret = hdb_create (context, &db, dbname);
+ if (ret)
+ return ret;
+ ret = hdb_set_master_keyfile (context, db, mkey);
+ if (ret) {
+ (*db->hdb_destroy)(context, db);
+ return ret;
+ }
+
+ ret = (*db->hdb_open)(context, db, O_RDONLY, 0);
+ if (ret) {
+ (*db->hdb_destroy)(context, db);
+ return ret;
+ }
+ ret = (*db->hdb_fetch)(context, db, principal,
+ HDB_F_DECRYPT|
+ HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
+ &ent);
+
+ if(ret == HDB_ERR_NOENTRY) {
+ ret = KRB5_KT_NOTFOUND;
+ goto out;
+ }else if(ret)
+ goto out;
+
+ if(kvno && ent.entry.kvno != kvno) {
+ hdb_free_entry(context, &ent);
+ ret = KRB5_KT_NOTFOUND;
+ goto out;
+ }
+ if(enctype == 0)
+ if(ent.entry.keys.len > 0)
+ enctype = ent.entry.keys.val[0].key.keytype;
+ ret = KRB5_KT_NOTFOUND;
+ for(i = 0; i < ent.entry.keys.len; i++) {
+ if(ent.entry.keys.val[i].key.keytype == enctype) {
+ krb5_copy_principal(context, principal, &entry->principal);
+ entry->vno = ent.entry.kvno;
+ krb5_copy_keyblock_contents(context,
+ &ent.entry.keys.val[i].key,
+ &entry->keyblock);
+ ret = 0;
+ break;
+ }
+ }
+ hdb_free_entry(context, &ent);
+out:
+ (*db->hdb_close)(context, db);
+ (*db->hdb_destroy)(context, db);
+ return ret;
+}
+
+krb5_kt_ops hdb_kt_ops = {
+ "HDB",
+ hdb_resolve,
+ hdb_get_name,
+ hdb_close,
+ hdb_get_entry,
+ NULL, /* start_seq_get */
+ NULL, /* next_entry */
+ NULL, /* end_seq_get */
+ NULL, /* add */
+ NULL /* remove */
+};
Added: vendor-crypto/heimdal/dist/lib/hdb/mkey.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/mkey.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/mkey.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,603 @@
+/*
+ * Copyright (c) 2000 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+RCSID("$Id: mkey.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct hdb_master_key_data {
+ krb5_keytab_entry keytab;
+ krb5_crypto crypto;
+ struct hdb_master_key_data *next;
+};
+
+void
+hdb_free_master_key(krb5_context context, hdb_master_key mkey)
+{
+ struct hdb_master_key_data *ptr;
+ while(mkey) {
+ krb5_kt_free_entry(context, &mkey->keytab);
+ if (mkey->crypto)
+ krb5_crypto_destroy(context, mkey->crypto);
+ ptr = mkey;
+ mkey = mkey->next;
+ free(ptr);
+ }
+}
+
+krb5_error_code
+hdb_process_master_key(krb5_context context,
+ int kvno, krb5_keyblock *key, krb5_enctype etype,
+ hdb_master_key *mkey)
+{
+ krb5_error_code ret;
+
+ *mkey = calloc(1, sizeof(**mkey));
+ if(*mkey == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ (*mkey)->keytab.vno = kvno;
+ ret = krb5_parse_name(context, "K/M", &(*mkey)->keytab.principal);
+ if(ret)
+ goto fail;
+ ret = krb5_copy_keyblock_contents(context, key, &(*mkey)->keytab.keyblock);
+ if(ret)
+ goto fail;
+ if(etype != 0)
+ (*mkey)->keytab.keyblock.keytype = etype;
+ (*mkey)->keytab.timestamp = time(NULL);
+ ret = krb5_crypto_init(context, key, etype, &(*mkey)->crypto);
+ if(ret)
+ goto fail;
+ return 0;
+ fail:
+ hdb_free_master_key(context, *mkey);
+ *mkey = NULL;
+ return ret;
+}
+
+krb5_error_code
+hdb_add_master_key(krb5_context context, krb5_keyblock *key,
+ hdb_master_key *inout)
+{
+ int vno = 0;
+ hdb_master_key p;
+ krb5_error_code ret;
+
+ for(p = *inout; p; p = p->next)
+ vno = max(vno, p->keytab.vno);
+ vno++;
+ ret = hdb_process_master_key(context, vno, key, 0, &p);
+ if(ret)
+ return ret;
+ p->next = *inout;
+ *inout = p;
+ return 0;
+}
+
+static krb5_error_code
+read_master_keytab(krb5_context context, const char *filename,
+ hdb_master_key *mkey)
+{
+ krb5_error_code ret;
+ krb5_keytab id;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry;
+ hdb_master_key p;
+
+ ret = krb5_kt_resolve(context, filename, &id);
+ if(ret)
+ return ret;
+
+ ret = krb5_kt_start_seq_get(context, id, &cursor);
+ if(ret)
+ goto out;
+ *mkey = NULL;
+ while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) {
+ p = calloc(1, sizeof(*p));
+ if(p == NULL) {
+ krb5_kt_end_seq_get(context, id, &cursor);
+ ret = ENOMEM;
+ goto out;
+ }
+ p->keytab = entry;
+ ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto);
+ p->next = *mkey;
+ *mkey = p;
+ }
+ krb5_kt_end_seq_get(context, id, &cursor);
+ out:
+ krb5_kt_close(context, id);
+ return ret;
+}
+
+/* read a MIT master keyfile */
+static krb5_error_code
+read_master_mit(krb5_context context, const char *filename,
+ hdb_master_key *mkey)
+{
+ int fd;
+ krb5_error_code ret;
+ krb5_storage *sp;
+ int16_t enctype;
+ krb5_keyblock key;
+
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if(fd < 0) {
+ int save_errno = errno;
+ krb5_set_error_string(context, "failed to open %s: %s", filename,
+ strerror(save_errno));
+ return save_errno;
+ }
+ sp = krb5_storage_from_fd(fd);
+ if(sp == NULL) {
+ close(fd);
+ return errno;
+ }
+ krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER);
+#if 0
+ /* could possibly use ret_keyblock here, but do it with more
+ checks for now */
+ ret = krb5_ret_keyblock(sp, &key);
+#else
+ ret = krb5_ret_int16(sp, &enctype);
+ if((htons(enctype) & 0xff00) == 0x3000) {
+ krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x",
+ filename, htons(enctype), 0x3000);
+ ret = HEIM_ERR_BAD_MKEY;
+ goto out;
+ }
+ key.keytype = enctype;
+ ret = krb5_ret_data(sp, &key.keyvalue);
+ if(ret)
+ goto out;
+#endif
+ ret = hdb_process_master_key(context, 0, &key, 0, mkey);
+ krb5_free_keyblock_contents(context, &key);
+ out:
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+}
+
+/* read an old master key file */
+static krb5_error_code
+read_master_encryptionkey(krb5_context context, const char *filename,
+ hdb_master_key *mkey)
+{
+ int fd;
+ krb5_keyblock key;
+ krb5_error_code ret;
+ unsigned char buf[256];
+ ssize_t len;
+ size_t ret_len;
+
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if(fd < 0) {
+ int save_errno = errno;
+ krb5_set_error_string(context, "failed to open %s: %s",
+ filename, strerror(save_errno));
+ return save_errno;
+ }
+
+ len = read(fd, buf, sizeof(buf));
+ close(fd);
+ if(len < 0) {
+ int save_errno = errno;
+ krb5_set_error_string(context, "error reading %s: %s",
+ filename, strerror(save_errno));
+ return save_errno;
+ }
+
+ ret = decode_EncryptionKey(buf, len, &key, &ret_len);
+ memset(buf, 0, sizeof(buf));
+ if(ret)
+ return ret;
+
+ /* Originally, the keytype was just that, and later it got changed
+ to des-cbc-md5, but we always used des in cfb64 mode. This
+ should cover all cases, but will break if someone has hacked
+ this code to really use des-cbc-md5 -- but then that's not my
+ problem. */
+ if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5)
+ key.keytype = ETYPE_DES_CFB64_NONE;
+
+ ret = hdb_process_master_key(context, 0, &key, 0, mkey);
+ krb5_free_keyblock_contents(context, &key);
+ return ret;
+}
+
+/* read a krb4 /.k style file */
+static krb5_error_code
+read_master_krb4(krb5_context context, const char *filename,
+ hdb_master_key *mkey)
+{
+ int fd;
+ krb5_keyblock key;
+ krb5_error_code ret;
+ unsigned char buf[256];
+ ssize_t len;
+
+ fd = open(filename, O_RDONLY | O_BINARY);
+ if(fd < 0) {
+ int save_errno = errno;
+ krb5_set_error_string(context, "failed to open %s: %s",
+ filename, strerror(save_errno));
+ return save_errno;
+ }
+
+ len = read(fd, buf, sizeof(buf));
+ close(fd);
+ if(len < 0) {
+ int save_errno = errno;
+ krb5_set_error_string(context, "error reading %s: %s",
+ filename, strerror(save_errno));
+ return save_errno;
+ }
+ if(len != 8) {
+ krb5_set_error_string(context, "bad contents of %s", filename);
+ return HEIM_ERR_EOF; /* XXX file might be too large */
+ }
+
+ memset(&key, 0, sizeof(key));
+ key.keytype = ETYPE_DES_PCBC_NONE;
+ ret = krb5_data_copy(&key.keyvalue, buf, len);
+ memset(buf, 0, sizeof(buf));
+ if(ret)
+ return ret;
+
+ ret = hdb_process_master_key(context, 0, &key, 0, mkey);
+ krb5_free_keyblock_contents(context, &key);
+ return ret;
+}
+
+krb5_error_code
+hdb_read_master_key(krb5_context context, const char *filename,
+ hdb_master_key *mkey)
+{
+ FILE *f;
+ unsigned char buf[16];
+ krb5_error_code ret;
+
+ off_t len;
+
+ *mkey = NULL;
+
+ if(filename == NULL)
+ filename = HDB_DB_DIR "/m-key";
+
+ f = fopen(filename, "r");
+ if(f == NULL) {
+ int save_errno = errno;
+ krb5_set_error_string(context, "failed to open %s: %s",
+ filename, strerror(save_errno));
+ return save_errno;
+ }
+
+ if(fread(buf, 1, 2, f) != 2) {
+ krb5_set_error_string(context, "end of file reading %s", filename);
+ fclose(f);
+ return HEIM_ERR_EOF;
+ }
+
+ fseek(f, 0, SEEK_END);
+ len = ftell(f);
+
+ if(fclose(f) != 0)
+ return errno;
+
+ if(len < 0)
+ return errno;
+
+ if(len == 8) {
+ ret = read_master_krb4(context, filename, mkey);
+ } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) {
+ ret = read_master_encryptionkey(context, filename, mkey);
+ } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) {
+ ret = read_master_keytab(context, filename, mkey);
+ } else {
+ ret = read_master_mit(context, filename, mkey);
+ }
+ return ret;
+}
+
+krb5_error_code
+hdb_write_master_key(krb5_context context, const char *filename,
+ hdb_master_key mkey)
+{
+ krb5_error_code ret;
+ hdb_master_key p;
+ krb5_keytab kt;
+
+ if(filename == NULL)
+ filename = HDB_DB_DIR "/m-key";
+
+ ret = krb5_kt_resolve(context, filename, &kt);
+ if(ret)
+ return ret;
+
+ for(p = mkey; p; p = p->next) {
+ ret = krb5_kt_add_entry(context, kt, &p->keytab);
+ }
+
+ krb5_kt_close(context, kt);
+
+ return ret;
+}
+
+hdb_master_key
+_hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
+{
+ hdb_master_key ret = NULL;
+ while(mkey) {
+ if(ret == NULL && mkey->keytab.vno == 0)
+ ret = mkey;
+ if(mkvno == NULL) {
+ if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
+ ret = mkey;
+ } else if(mkey->keytab.vno == *mkvno)
+ return mkey;
+ mkey = mkey->next;
+ }
+ return ret;
+}
+
+int
+_hdb_mkey_version(hdb_master_key mkey)
+{
+ return mkey->keytab.vno;
+}
+
+int
+_hdb_mkey_decrypt(krb5_context context, hdb_master_key key,
+ krb5_key_usage usage,
+ void *ptr, size_t size, krb5_data *res)
+{
+ return krb5_decrypt(context, key->crypto, usage,
+ ptr, size, res);
+}
+
+int
+_hdb_mkey_encrypt(krb5_context context, hdb_master_key key,
+ krb5_key_usage usage,
+ const void *ptr, size_t size, krb5_data *res)
+{
+ return krb5_encrypt(context, key->crypto, usage,
+ ptr, size, res);
+}
+
+krb5_error_code
+hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
+{
+
+ krb5_error_code ret;
+ krb5_data res;
+ size_t keysize;
+
+ hdb_master_key key;
+
+ if(k->mkvno == NULL)
+ return 0;
+
+ key = _hdb_find_master_key(k->mkvno, mkey);
+
+ if (key == NULL)
+ return HDB_ERR_NO_MKEY;
+
+ ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY,
+ k->key.keyvalue.data,
+ k->key.keyvalue.length,
+ &res);
+ if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ /* try to decrypt with MIT key usage */
+ ret = _hdb_mkey_decrypt(context, key, 0,
+ k->key.keyvalue.data,
+ k->key.keyvalue.length,
+ &res);
+ }
+ if (ret)
+ return ret;
+
+ /* fixup keylength if the key got padded when encrypting it */
+ ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
+ if (ret) {
+ krb5_data_free(&res);
+ return ret;
+ }
+ if (keysize > res.length) {
+ krb5_data_free(&res);
+ return KRB5_BAD_KEYSIZE;
+ }
+
+ memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
+ free(k->key.keyvalue.data);
+ k->key.keyvalue = res;
+ k->key.keyvalue.length = keysize;
+ free(k->mkvno);
+ k->mkvno = NULL;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
+{
+ int i;
+
+ for(i = 0; i < ent->keys.len; i++){
+ krb5_error_code ret;
+
+ ret = hdb_unseal_key_mkey(context, &ent->keys.val[i], mkey);
+ if (ret)
+ return ret;
+ }
+ return 0;
+}
+
+krb5_error_code
+hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent)
+{
+ if (db->hdb_master_key_set == 0)
+ return 0;
+ return hdb_unseal_keys_mkey(context, ent, db->hdb_master_key);
+}
+
+krb5_error_code
+hdb_unseal_key(krb5_context context, HDB *db, Key *k)
+{
+ if (db->hdb_master_key_set == 0)
+ return 0;
+ return hdb_unseal_key_mkey(context, k, db->hdb_master_key);
+}
+
+krb5_error_code
+hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
+{
+ krb5_error_code ret;
+ krb5_data res;
+ hdb_master_key key;
+
+ if(k->mkvno != NULL)
+ return 0;
+
+ key = _hdb_find_master_key(k->mkvno, mkey);
+
+ if (key == NULL)
+ return HDB_ERR_NO_MKEY;
+
+ ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY,
+ k->key.keyvalue.data,
+ k->key.keyvalue.length,
+ &res);
+ if (ret)
+ return ret;
+
+ memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
+ free(k->key.keyvalue.data);
+ k->key.keyvalue = res;
+
+ if (k->mkvno == NULL) {
+ k->mkvno = malloc(sizeof(*k->mkvno));
+ if (k->mkvno == NULL)
+ return ENOMEM;
+ }
+ *k->mkvno = key->keytab.vno;
+
+ return 0;
+}
+
+krb5_error_code
+hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
+{
+ int i;
+ for(i = 0; i < ent->keys.len; i++){
+ krb5_error_code ret;
+
+ ret = hdb_seal_key_mkey(context, &ent->keys.val[i], mkey);
+ if (ret)
+ return ret;
+ }
+ return 0;
+}
+
+krb5_error_code
+hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent)
+{
+ if (db->hdb_master_key_set == 0)
+ return 0;
+
+ return hdb_seal_keys_mkey(context, ent, db->hdb_master_key);
+}
+
+krb5_error_code
+hdb_seal_key(krb5_context context, HDB *db, Key *k)
+{
+ if (db->hdb_master_key_set == 0)
+ return 0;
+
+ return hdb_seal_key_mkey(context, k, db->hdb_master_key);
+}
+
+krb5_error_code
+hdb_set_master_key (krb5_context context,
+ HDB *db,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ hdb_master_key mkey;
+
+ ret = hdb_process_master_key(context, 0, key, 0, &mkey);
+ if (ret)
+ return ret;
+ db->hdb_master_key = mkey;
+#if 0 /* XXX - why? */
+ des_set_random_generator_seed(key.keyvalue.data);
+#endif
+ db->hdb_master_key_set = 1;
+ return 0;
+}
+
+krb5_error_code
+hdb_set_master_keyfile (krb5_context context,
+ HDB *db,
+ const char *keyfile)
+{
+ hdb_master_key key;
+ krb5_error_code ret;
+
+ ret = hdb_read_master_key(context, keyfile, &key);
+ if (ret) {
+ if (ret != ENOENT)
+ return ret;
+ krb5_clear_error_string(context);
+ return 0;
+ }
+ db->hdb_master_key = key;
+ db->hdb_master_key_set = 1;
+ return ret;
+}
+
+krb5_error_code
+hdb_clear_master_key (krb5_context context,
+ HDB *db)
+{
+ if (db->hdb_master_key_set) {
+ hdb_free_master_key(context, db->hdb_master_key);
+ db->hdb_master_key_set = 0;
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hdb/ndbm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/ndbm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/ndbm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,370 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+
+RCSID("$Id: ndbm.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#if HAVE_NDBM
+
+#if defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
+#elif defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#elif defined(HAVE_DBM_H)
+#include <dbm.h>
+#endif
+
+struct ndbm_db {
+ DBM *db;
+ int lock_fd;
+};
+
+static krb5_error_code
+NDBM_destroy(krb5_context context, HDB *db)
+{
+ krb5_error_code ret;
+
+ ret = hdb_clear_master_key (context, db);
+ free(db->hdb_name);
+ free(db);
+ return 0;
+}
+
+static krb5_error_code
+NDBM_lock(krb5_context context, HDB *db, int operation)
+{
+ struct ndbm_db *d = db->hdb_db;
+ return hdb_lock(d->lock_fd, operation);
+}
+
+static krb5_error_code
+NDBM_unlock(krb5_context context, HDB *db)
+{
+ struct ndbm_db *d = db->hdb_db;
+ return hdb_unlock(d->lock_fd);
+}
+
+static krb5_error_code
+NDBM_seq(krb5_context context, HDB *db,
+ unsigned flags, hdb_entry_ex *entry, int first)
+
+{
+ struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
+ datum key, value;
+ krb5_data key_data, data;
+ krb5_error_code ret = 0;
+
+ if(first)
+ key = dbm_firstkey(d->db);
+ else
+ key = dbm_nextkey(d->db);
+ if(key.dptr == NULL)
+ return HDB_ERR_NOENTRY;
+ key_data.data = key.dptr;
+ key_data.length = key.dsize;
+ ret = db->hdb_lock(context, db, HDB_RLOCK);
+ if(ret) return ret;
+ value = dbm_fetch(d->db, key);
+ db->hdb_unlock(context, db);
+ data.data = value.dptr;
+ data.length = value.dsize;
+ memset(entry, 0, sizeof(*entry));
+ if(hdb_value2entry(context, &data, &entry->entry))
+ return NDBM_seq(context, db, flags, entry, 0);
+ if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) {
+ ret = hdb_unseal_keys (context, db, &entry->entry);
+ if (ret)
+ hdb_free_entry (context, entry);
+ }
+ if (ret == 0 && entry->entry.principal == NULL) {
+ entry->entry.principal = malloc (sizeof(*entry->entry.principal));
+ if (entry->entry.principal == NULL) {
+ ret = ENOMEM;
+ hdb_free_entry (context, entry);
+ krb5_set_error_string(context, "malloc: out of memory");
+ } else {
+ hdb_key2principal (context, &key_data, entry->entry.principal);
+ }
+ }
+ return ret;
+}
+
+
+static krb5_error_code
+NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry)
+{
+ return NDBM_seq(context, db, flags, entry, 1);
+}
+
+
+static krb5_error_code
+NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry)
+{
+ return NDBM_seq(context, db, flags, entry, 0);
+}
+
+static krb5_error_code
+NDBM_rename(krb5_context context, HDB *db, const char *new_name)
+{
+ /* XXX this function will break */
+ struct ndbm_db *d = db->hdb_db;
+
+ int ret;
+ char *old_dir, *old_pag, *new_dir, *new_pag;
+ char *new_lock;
+ int lock_fd;
+
+ /* lock old and new databases */
+ ret = db->hdb_lock(context, db, HDB_WLOCK);
+ if(ret)
+ return ret;
+ asprintf(&new_lock, "%s.lock", new_name);
+ if(new_lock == NULL) {
+ db->hdb_unlock(context, db);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600);
+ if(lock_fd < 0) {
+ ret = errno;
+ db->hdb_unlock(context, db);
+ krb5_set_error_string(context, "open(%s): %s", new_lock,
+ strerror(ret));
+ free(new_lock);
+ return ret;
+ }
+ free(new_lock);
+ ret = hdb_lock(lock_fd, HDB_WLOCK);
+ if(ret) {
+ db->hdb_unlock(context, db);
+ close(lock_fd);
+ return ret;
+ }
+
+ asprintf(&old_dir, "%s.dir", db->hdb_name);
+ asprintf(&old_pag, "%s.pag", db->hdb_name);
+ asprintf(&new_dir, "%s.dir", new_name);
+ asprintf(&new_pag, "%s.pag", new_name);
+
+ ret = rename(old_dir, new_dir) || rename(old_pag, new_pag);
+ free(old_dir);
+ free(old_pag);
+ free(new_dir);
+ free(new_pag);
+ hdb_unlock(lock_fd);
+ db->hdb_unlock(context, db);
+
+ if(ret) {
+ ret = errno;
+ close(lock_fd);
+ krb5_set_error_string(context, "rename: %s", strerror(ret));
+ return ret;
+ }
+
+ close(d->lock_fd);
+ d->lock_fd = lock_fd;
+
+ free(db->hdb_name);
+ db->hdb_name = strdup(new_name);
+ return 0;
+}
+
+static krb5_error_code
+NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
+{
+ struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
+ datum k, v;
+ int code;
+
+ k.dptr = key.data;
+ k.dsize = key.length;
+ code = db->hdb_lock(context, db, HDB_RLOCK);
+ if(code)
+ return code;
+ v = dbm_fetch(d->db, k);
+ db->hdb_unlock(context, db);
+ if(v.dptr == NULL)
+ return HDB_ERR_NOENTRY;
+
+ krb5_data_copy(reply, v.dptr, v.dsize);
+ return 0;
+}
+
+static krb5_error_code
+NDBM__put(krb5_context context, HDB *db, int replace,
+ krb5_data key, krb5_data value)
+{
+ struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
+ datum k, v;
+ int code;
+
+ k.dptr = key.data;
+ k.dsize = key.length;
+ v.dptr = value.data;
+ v.dsize = value.length;
+
+ code = db->hdb_lock(context, db, HDB_WLOCK);
+ if(code)
+ return code;
+ code = dbm_store(d->db, k, v, replace ? DBM_REPLACE : DBM_INSERT);
+ db->hdb_unlock(context, db);
+ if(code == 1)
+ return HDB_ERR_EXISTS;
+ if (code < 0)
+ return code;
+ return 0;
+}
+
+static krb5_error_code
+NDBM__del(krb5_context context, HDB *db, krb5_data key)
+{
+ struct ndbm_db *d = (struct ndbm_db *)db->hdb_db;
+ datum k;
+ int code;
+ krb5_error_code ret;
+
+ k.dptr = key.data;
+ k.dsize = key.length;
+ ret = db->hdb_lock(context, db, HDB_WLOCK);
+ if(ret) return ret;
+ code = dbm_delete(d->db, k);
+ db->hdb_unlock(context, db);
+ if(code < 0)
+ return errno;
+ return 0;
+}
+
+
+static krb5_error_code
+NDBM_close(krb5_context context, HDB *db)
+{
+ struct ndbm_db *d = db->hdb_db;
+ dbm_close(d->db);
+ close(d->lock_fd);
+ free(d);
+ return 0;
+}
+
+static krb5_error_code
+NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
+{
+ krb5_error_code ret;
+ struct ndbm_db *d = malloc(sizeof(*d));
+ char *lock_file;
+
+ if(d == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ asprintf(&lock_file, "%s.lock", (char*)db->hdb_name);
+ if(lock_file == NULL) {
+ free(d);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->db = dbm_open((char*)db->hdb_name, flags, mode);
+ if(d->db == NULL){
+ ret = errno;
+ free(d);
+ free(lock_file);
+ krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name,
+ strerror(ret));
+ return ret;
+ }
+ d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600);
+ if(d->lock_fd < 0){
+ ret = errno;
+ dbm_close(d->db);
+ free(d);
+ krb5_set_error_string(context, "open(%s): %s", lock_file,
+ strerror(ret));
+ free(lock_file);
+ return ret;
+ }
+ free(lock_file);
+ db->hdb_db = d;
+ if((flags & O_ACCMODE) == O_RDONLY)
+ ret = hdb_check_db_format(context, db);
+ else
+ ret = hdb_init_db(context, db);
+ if(ret == HDB_ERR_NOENTRY)
+ return 0;
+ if (ret) {
+ NDBM_close(context, db);
+ krb5_set_error_string(context, "hdb_open: failed %s database %s",
+ (flags & O_ACCMODE) == O_RDONLY ?
+ "checking format of" : "initialize",
+ db->hdb_name);
+ }
+ return ret;
+}
+
+krb5_error_code
+hdb_ndbm_create(krb5_context context, HDB **db,
+ const char *filename)
+{
+ *db = calloc(1, sizeof(**db));
+ if (*db == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ (*db)->hdb_db = NULL;
+ (*db)->hdb_name = strdup(filename);
+ if ((*db)->hdb_name == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free(*db);
+ *db = NULL;
+ return ENOMEM;
+ }
+ (*db)->hdb_master_key_set = 0;
+ (*db)->hdb_openp = 0;
+ (*db)->hdb_open = NDBM_open;
+ (*db)->hdb_close = NDBM_close;
+ (*db)->hdb_fetch = _hdb_fetch;
+ (*db)->hdb_store = _hdb_store;
+ (*db)->hdb_remove = _hdb_remove;
+ (*db)->hdb_firstkey = NDBM_firstkey;
+ (*db)->hdb_nextkey= NDBM_nextkey;
+ (*db)->hdb_lock = NDBM_lock;
+ (*db)->hdb_unlock = NDBM_unlock;
+ (*db)->hdb_rename = NDBM_rename;
+ (*db)->hdb__get = NDBM__get;
+ (*db)->hdb__put = NDBM__put;
+ (*db)->hdb__del = NDBM__del;
+ (*db)->hdb_destroy = NDBM_destroy;
+ return 0;
+}
+
+#endif /* HAVE_NDBM */
Added: vendor-crypto/heimdal/dist/lib/hdb/print.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/print.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/print.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 1999-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "hdb_locl.h"
+#include <hex.h>
+#include <ctype.h>
+
+RCSID("$Id: print.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ This is the present contents of a dump line. This might change at
+ any time. Fields are separated by white space.
+
+ principal
+ keyblock
+ kvno
+ keys...
+ mkvno
+ enctype
+ keyvalue
+ salt (- means use normal salt)
+ creation date and principal
+ modification date and principal
+ principal valid from date (not used)
+ principal valid end date (not used)
+ principal key expires (not used)
+ max ticket life
+ max renewable life
+ flags
+ generation number
+ */
+
+static krb5_error_code
+append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
+{
+ krb5_error_code ret;
+ char *s;
+ va_list ap;
+ va_start(ap, fmt);
+ vasprintf(&s, fmt, ap);
+ va_end(ap);
+ if(s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_storage_write(sp, s, strlen(s));
+ free(s);
+ return ret;
+}
+
+static krb5_error_code
+append_hex(krb5_context context, krb5_storage *sp, krb5_data *data)
+{
+ int i, printable = 1;
+ char *p;
+
+ p = data->data;
+ for(i = 0; i < data->length; i++)
+ if(!isalnum((unsigned char)p[i]) && p[i] != '.'){
+ printable = 0;
+ break;
+ }
+ if(printable)
+ return append_string(context, sp, "\"%.*s\"",
+ data->length, data->data);
+ hex_encode(data->data, data->length, &p);
+ append_string(context, sp, "%s", p);
+ free(p);
+ return 0;
+}
+
+static char *
+time2str(time_t t)
+{
+ static char buf[128];
+ strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", gmtime(&t));
+ return buf;
+}
+
+static krb5_error_code
+append_event(krb5_context context, krb5_storage *sp, Event *ev)
+{
+ char *pr = NULL;
+ krb5_error_code ret;
+ if(ev == NULL)
+ return append_string(context, sp, "- ");
+ if (ev->principal != NULL) {
+ ret = krb5_unparse_name(context, ev->principal, &pr);
+ if(ret)
+ return ret;
+ }
+ ret = append_string(context, sp, "%s:%s ",
+ time2str(ev->time), pr ? pr : "UNKNOWN");
+ free(pr);
+ return ret;
+}
+
+static krb5_error_code
+entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
+{
+ char *p;
+ int i;
+ krb5_error_code ret;
+
+ /* --- principal */
+ ret = krb5_unparse_name(context, ent->principal, &p);
+ if(ret)
+ return ret;
+ append_string(context, sp, "%s ", p);
+ free(p);
+ /* --- kvno */
+ append_string(context, sp, "%d", ent->kvno);
+ /* --- keys */
+ for(i = 0; i < ent->keys.len; i++){
+ /* --- mkvno, keytype */
+ if(ent->keys.val[i].mkvno)
+ append_string(context, sp, ":%d:%d:",
+ *ent->keys.val[i].mkvno,
+ ent->keys.val[i].key.keytype);
+ else
+ append_string(context, sp, "::%d:",
+ ent->keys.val[i].key.keytype);
+ /* --- keydata */
+ append_hex(context, sp, &ent->keys.val[i].key.keyvalue);
+ append_string(context, sp, ":");
+ /* --- salt */
+ if(ent->keys.val[i].salt){
+ append_string(context, sp, "%u/", ent->keys.val[i].salt->type);
+ append_hex(context, sp, &ent->keys.val[i].salt->salt);
+ }else
+ append_string(context, sp, "-");
+ }
+ append_string(context, sp, " ");
+ /* --- created by */
+ append_event(context, sp, &ent->created_by);
+ /* --- modified by */
+ append_event(context, sp, ent->modified_by);
+
+ /* --- valid start */
+ if(ent->valid_start)
+ append_string(context, sp, "%s ", time2str(*ent->valid_start));
+ else
+ append_string(context, sp, "- ");
+
+ /* --- valid end */
+ if(ent->valid_end)
+ append_string(context, sp, "%s ", time2str(*ent->valid_end));
+ else
+ append_string(context, sp, "- ");
+
+ /* --- password ends */
+ if(ent->pw_end)
+ append_string(context, sp, "%s ", time2str(*ent->pw_end));
+ else
+ append_string(context, sp, "- ");
+
+ /* --- max life */
+ if(ent->max_life)
+ append_string(context, sp, "%d ", *ent->max_life);
+ else
+ append_string(context, sp, "- ");
+
+ /* --- max renewable life */
+ if(ent->max_renew)
+ append_string(context, sp, "%d ", *ent->max_renew);
+ else
+ append_string(context, sp, "- ");
+
+ /* --- flags */
+ append_string(context, sp, "%d ", HDBFlags2int(ent->flags));
+
+ /* --- generation number */
+ if(ent->generation) {
+ append_string(context, sp, "%s:%d:%d ", time2str(ent->generation->time),
+ ent->generation->usec,
+ ent->generation->gen);
+ } else
+ append_string(context, sp, "- ");
+
+ /* --- extensions */
+ if(ent->extensions && ent->extensions->len > 0) {
+ for(i = 0; i < ent->extensions->len; i++) {
+ void *d;
+ size_t size, sz;
+
+ ASN1_MALLOC_ENCODE(HDB_extension, d, size,
+ &ent->extensions->val[i], &sz, ret);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ if(size != sz)
+ krb5_abortx(context, "internal asn.1 encoder error");
+
+ if (hex_encode(d, size, &p) < 0) {
+ free(d);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ free(d);
+ append_string(context, sp, "%s%s", p,
+ ent->extensions->len - 1 != i ? ":" : "");
+ free(p);
+ }
+ } else
+ append_string(context, sp, "-");
+
+
+ return 0;
+}
+
+krb5_error_code
+hdb_entry2string (krb5_context context, hdb_entry *ent, char **str)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ krb5_storage *sp;
+
+ sp = krb5_storage_emem();
+ if(sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = entry2string_int(context, sp, ent);
+ if(ret) {
+ krb5_storage_free(sp);
+ return ret;
+ }
+
+ krb5_storage_write(sp, "\0", 1);
+ krb5_storage_to_data(sp, &data);
+ krb5_storage_free(sp);
+ *str = data.data;
+ return 0;
+}
+
+/* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */
+
+krb5_error_code
+hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ FILE *f = data;
+
+ fflush(f);
+ sp = krb5_storage_from_fd(fileno(f));
+ if(sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = entry2string_int(context, sp, &entry->entry);
+ if(ret) {
+ krb5_storage_free(sp);
+ return ret;
+ }
+
+ krb5_storage_write(sp, "\n", 1);
+ krb5_storage_free(sp);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hdb/test_dbinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hdb/test_dbinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hdb/test_dbinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hdb_locl.h"
+#include <getarg.h>
+
+RCSID("$Id: test_dbinfo.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int help_flag;
+static int version_flag;
+
+struct getargs args[] = {
+ { "help", 'h', arg_flag, &help_flag },
+ { "version", 0, arg_flag, &version_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main(int argc, char **argv)
+{
+ struct hdb_dbinfo *info, *d;
+ krb5_context context;
+ int ret, o = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &o))
+ krb5_std_usage(1, args, num_args);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = hdb_get_dbinfo(context, &info);
+ if (ret)
+ krb5_err(context, 1, ret, "hdb_get_dbinfo");
+
+ d = NULL;
+ while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
+ printf("label: %s\n", hdb_dbinfo_get_label(context, d));
+ printf("\trealm: %s\n", hdb_dbinfo_get_realm(context, d));
+ printf("\tdbname: %s\n", hdb_dbinfo_get_dbname(context, d));
+ printf("\tmkey_file: %s\n", hdb_dbinfo_get_mkey_file(context, d));
+ printf("\tacl_file: %s\n", hdb_dbinfo_get_acl_file(context, d));
+ }
+
+ hdb_free_dbinfo(context, &info);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2641 @@
+2008-01-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_soft_pkcs11.c: use func for more C_ functions.
+
+2008-01-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * version-script.map: Export hx509_free_error_string().
+
+2008-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * version-script.map: only export C_GetFunctionList
+
+ * test_soft_pkcs11.c: use C_GetFunctionList
+
+ * softp11.c: fix comment, remove label.
+
+ * softp11.c: Add option app-fatal to control if softtoken should
+ abort() on erroneous input from applications.
+
+2008-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_pkcs11.in: Test password less certificates too
+
+ * keyset.c: document HX509_CERTS_UNPROTECT_ALL
+
+ * ks_file.c: Support HX509_CERTS_UNPROTECT_ALL.
+
+ * hx509.h: Add HX509_CERTS_UNPROTECT_ALL.
+
+ * test_soft_pkcs11.c: Only log in if needed.
+
+2008-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * softp11.c: Support PINs to login to the store.
+
+ * Makefile.am: add java pkcs11 test
+
+ * test_java_pkcs11.in: first version of disable java test
+
+ * softp11.c: Drop unused stuff.
+
+ * cert.c: Spelling, Add hx509_cert_get_SPKI_AlgorithmIdentifier,
+ remove unused stuff, add hx509_context to some functions.
+
+ * softp11.c: Add more glue to figure out what keytype this
+ certificate is using.
+
+2008-01-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_pkcs11.in: test debug
+
+ * Add a PKCS11 provider supporting signing and verifing sigatures.
+
+2008-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * version-script.map: Replace hx509_name_to_der_name with
+ hx509_name_binary.
+
+ * print.c: make print_func static
+
+2007-12-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c: doxygen
+
+ * env.c: doxygen
+
+ * doxygen.c: add more groups
+
+ * ca.c: doxygen.
+
+2007-12-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ca.c: doxygen
+
+2007-12-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * error.c: doxygen
+
+2007-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * More documentation
+
+ * lock.c: Add page referance
+
+ * keyset.c: some more documentation.
+
+ * cms.c: Doxygen documentation.
+
+2007-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * *.[ch]: More documentation
+
+2007-12-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * handle refcount on NULL.
+
+ * test_nist_pkcs12.in: drop echo -n, doesn't work with posix sh
+
+2007-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_nist2.in: Print that this is version 2 of the tests
+
+ * test_nist.in: Drop printing of $id.
+
+ * hx509.h: Add HX509_VHN_F_ALLOW_NO_MATCH.
+
+ * name.c: spelling.
+
+ * cert.c: make work the doxygen.
+
+ * name.c: fix doxygen compiling.
+
+ * Makefile.am: add doxygen.c
+
+ * doxygen.c: Add doxygen main page.
+
+ * cert.c: Add doxygen.
+
+ * revoke.c (_hx509_revoke_ref): new function.
+
+2007-11-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_keychain.c: Check if SecKeyGetCSPHandle needs prototype.
+
+2007-08-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * data/nist-data: Make work on case senstive filesystems too.
+
+2007-08-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c: match rfc822 contrains better, provide better error
+ strings.
+
+2007-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c: "self-signed doesn't count" doesn't apply to trust
+ anchor certificate. make trust anchor check consistant.
+
+ * revoke.c: make compile.
+
+ * revoke.c (verify_crl): set error strings.
+
+ * revoke.c (verify_crl): handle with the signer is the
+ CRLsigner (shortcut).
+
+ * cert.c: Fix NC, comment on how to use _hx509_check_key_usage.
+
+2007-08-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_nist2.in, Makefile, test/nist*: Add nist pkits tests.
+
+ * revoke.c: Update to use CERT_REVOKED error, shortcut out of OCSP
+ checking when OCSP reply is a revocation reply.
+
+ * hx509_err.et: Make CERT_REVOKED error OCSP/CRL agnostic.
+
+ * name.c (_hx509_Name_to_string): make printableString handle
+ space (0x20) diffrences as required by rfc3280.
+
+ * revoke.c: Search for the right issuer when looking for the
+ issuer of the CRL signer.
+
+2007-08-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * revoke.c: Handle CRL signing certificate better, try to not
+ revalidate invalid CRLs over and over.
+
+2007-08-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: remove stale comment.
+
+ * test_nist.in: Unpack PKITS_data.zip and run tests.
+
+ * test_nist_cert.in: Adapt to new nist pkits framework.
+
+ * test_nist_pkcs12.in: Adapt to new nist pkits framework.
+
+ * Makefile.am: clean PKITS_data
+
+2007-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add version-script.map to EXTRA_DIST
+
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add depenency on asn1_compile for asn1 built files.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * peer.c: update (c), indent.
+
+ * Makefile.am: New library version.
+
+2007-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: Add sha2 types.
+
+ * ref/pkcs11.h: Sync with scute.
+
+ * ref/pkcs11.h: Add sha2 CKM's.
+
+ * print.c: Print authorityInfoAccess.
+
+ * cert.c: Rename proxyCertInfo oid.
+
+ * ca.c: Rename proxyCertInfo oid.
+
+ * print.c: Rename proxyCertInfo oid.
+
+2007-06-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ca.in: Adapt to new request handling.
+
+ * req.c: Allow export some of the request parameters.
+
+ * hxtool-commands.in: Adapt to new request handling.
+
+ * hxtool.c: Adapt to new request handling.
+
+ * test_req.in: Adapt to new request handling.
+
+ * version-script.map: Add initialize_hx_error_table_r.
+
+ * req.c: Move _hx509_request_print here.
+
+ * hxtool.c: use _hx509_request_print
+
+ * version-script.map: Export more crap^W semiprivate functions.
+
+ * hxtool.c: don't _hx509_abort
+
+ * version-script.map: add missing ;
+
+2007-06-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: Use hx509_crypto_random_iv.
+
+ * crypto.c: Split out the iv creation from hx509_crypto_encrypt
+ since _hx509_pbe_encrypt needs to use the iv from the s2k
+ function.
+
+ * test_cert.in: Test PEM and DER FILE writing functionallity.
+
+ * ks_file.c: Add writing DER certificates.
+
+ * hxtool.c: Update to new hx509_pem_write().
+
+ * test_cms.in: test creation of PEM signeddata.
+
+ * hx509.h: PEM struct/function declarations.
+
+ * ks_file.c: Use PEM encoding/decoding functions.
+
+ * file.c: PEM encode/decoding functions.
+
+ * ks_file.c: Use hx509_pem_write.
+
+ * version-script.map: Export some semi-private functions.
+
+ * hxtool.c: Enable writing out signed data as a pem attachment.
+
+ * hxtool-commands.in (cms-create-signed): add --pem
+
+ * file.c (hx509_pem_write): Add.
+
+ * test_ca.in: Issue and test null subject cert.
+
+ * cert.c: Match is first component is in a CN=.
+
+ * test_ca.in: Test hostname if first CN.
+
+ * Makefile.am: Add version script.
+
+ * version-script.map: Limited exported symbols.
+
+ * test_ca.in: test --hostname.
+
+ * test_chain.in: test max-depth
+
+ * hx509.h: fixate HX509_HN_HOSTNAME at 0.
+
+ * hxtool-commands.in: add --hostname add --max-depth
+
+ * cert.c: Verify hostname and max-depth.
+
+ * hxtool.c: Verify hostname and test max-depth.
+
+2007-06-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_cms.in: Test --id-by-name.
+
+ * hxtool-commands.in: add cms-create-sd --id-by-name
+
+ * hxtool.c: Use HX509_CMS_SIGATURE_ID_NAME.
+
+ * cms.c: Implement and use HX509_CMS_SIGATURE_ID_NAME.
+
+ * hx509.h: Add HX509_CMS_SIGATURE_ID_NAME, use subject name for
+ CMS.Identifier. hx509_hostname_type: add hostname type for
+ matching.
+
+ * cert.c (match_general_name): more strict rfc822Name matching.
+ (hx509_verify_hostname): add hostname type for matching.
+
+2007-06-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Make compile again.
+
+ * hxtool.c: Added peap-server for to make windows peap clients
+ happy.
+
+ * hxtool.c: Unify parse_oid code.
+
+ * hxtool.c: Implement --content-type.
+
+ * hxtool-commands.in: Add content-type.
+
+ * test_cert.in: more cert and keyset tests.
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * revoke.c: Avoid stomping on NULL.
+
+ * revoke.c: Avoid reusing i.
+
+ * cert.c: Provide __attribute__ for _hx509_abort.
+
+ * ks_file.c: Fail if not finding iv.
+
+ * keyset.c: Avoid useing freed memory.
+
+ * crypto.c: Free memory in failure case.
+
+ * crypto.c: Free memory in failure case.
+
+2007-06-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * *.c: Add hx509_cert_init_data and use everywhere
+
+ * hx_locl.h: Now that KEYCHAIN:system-anchors is fast again, use
+ that.
+
+ * ks_keychain.c: Implement trust anchor support with
+ SecTrustCopyAnchorCertificates.
+
+ * keyset.c: Set ref to 1 for the new object.
+
+ * cert.c: Fix logic for allow_default_trust_anchors
+
+ * keyset.c: Add refcounting to keystores.
+
+ * cert.c: Change logic for default trust anchors, make it be
+ either default trust anchor, the user supplied, or non at all.
+
+2007-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add data/j.pem.
+
+ * Makefile.am: Add test_windows.in.
+
+2007-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_keychain.c: rename functions, leaks less memory and more
+ paranoia.
+
+ * test_cms.in: Test cms peer-alg.
+
+ * crypto.c (rsa_create_signature): make oid_id_pkcs1_rsaEncryption
+ mean rsa-with-sha1 but oid oid_id_pkcs1_rsaEncryption in algorithm
+ field. XXX should probably use another algorithmIdentifier for
+ this.
+
+ * peer.c: Make free function return void.
+
+ * cms.c (hx509_cms_create_signed_1): Use hx509_peer_info to select
+ the signature algorithm too.
+
+ * hxtool-commands.in: Add cms-create-sd --peer-alg.
+
+ * req.c: Use _hx509_crypto_default_sig_alg.
+
+ * test_windows.in: Create crl, because everyone needs one.
+
+ * Makefile.am: add wcrl.crl
+
+2007-06-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hx_locl.h: Disable KEYCHAIN for now, its slow.
+
+ * cms.c: When we are not using pkcs7-data, avoid seing
+ signedAttributes since some clients get upset by that (pkcs7 based
+ or just plain broken).
+
+ * ks_keychain.c: Provide rsa signatures.
+
+ * ks_keychain.c: Limit the searches to the selected keychain.
+
+ * ks_keychain.c: include -framework Security specific header files
+ after #ifdef
+
+ * ks_keychain.c: Find and attach private key (does not provide
+ operations yet though).
+
+ * ks_p11.c: Prefix rsa method with p11_
+
+ * ks_keychain.c: Allow opening a specific chain, making "system"
+ special and be the system X509Anchors file. By not specifing any
+ keychain ("KEYCHAIN:"), all keychains are probed.
+
+2007-06-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c (verify): Friendlier error message.
+
+ * cert.c: Read in and use default trust anchors if they exists.
+
+ * hx_locl.h: Add concept of default_trust_anchors.
+
+ * ks_keychain.c: Remove err(), remove extra empty comment, fix
+ _iter function.
+
+ * error.c (hx509_get_error_string): if the error code is not the
+ one we expect, punt and use the default com_err/strerror string
+ instead.
+
+ * keyset.c (hx509_certs_merge): its ok to merge in the NULL set of
+ certs.
+
+ * test_windows.in: Fix status string.
+
+ * ks_p12.c (store_func): free whole CertBag, not just the data
+ part.
+
+ * print.c: Check that the self-signed cert is really self-signed.
+
+ * print.c: Use selfsigned for CRL DP whine, tell if its a
+ self-signed.
+
+ * print.c: Whine if its a non CA/proxy and doesn't have CRL DP.
+
+ * ca.c: Add cRLSign to CA certs.
+
+ * cert.c: Register NULL and KEYCHAIN.
+
+ * ks_null.c: register the NULL keystore.
+
+ * Makefile.am: Add ks_keychain.c and related libs.
+
+ * test_crypto.in: Print certificate with utf8.
+
+ * print.c: Leak less memory.
+
+ * hxtool.c: Leak less memory.
+
+ * print.c: Leak less memory, use functions that does same but
+ more.
+
+ * name.c (quote_string): don't sign extend the (signed) char to
+ avoid printing too much, add an assert to check that we didn't
+ overrun the buffer.
+
+ * name.c: Use right element out of the CHOICE for printableString
+ and utf8String
+
+ * ks_keychain.c: Certificate only KeyChain backend.
+
+ * name.c: Reset name before parsing it.
+
+2007-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * revoke.c (hx509_crl_*): fix sizeof() mistakes to fix memory
+ corruption.
+
+ * hxtool.c: Add lifetime to crls.
+
+ * hxtool-commands.in: Add lifetime to crls.
+
+ * revoke.c: Add lifetime to crls.
+
+ * test_ca.in: More crl checks.
+
+ * revoke.c: Add revoking certs.
+
+ * hxtool-commands.in: argument is certificates.. for crl-sign
+
+ * hxtool.c (certificate_copy): free lock
+
+ * revoke.c: Fix hx509_set_error_string calls, add
+ hx509_crl_add_revoked_certs(), implement hx509_crl_{alloc,free}.
+
+ * hxtool.c (crl_sign): free lock
+
+ * cert.c (hx509_context_free): free querystat
+
+2007-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_chain.in: test ocsp-verify
+
+ * revoke.c (hx509_ocsp_verify): explain what its useful for and
+ provide sane error message.
+
+ * hx509_err.et: New error code, CERT_NOT_IN_OCSP
+
+ * hxtool.c: New command ocsp-verify, check if ocsp contains all
+ certs and are valid (exist and non expired).
+
+ * hxtool-commands.in: New command ocsp-verify.
+
+2007-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ca.in: Create crl and verify that is works.
+
+ * hxtool.c: Sign CRL command.
+
+ * hx509.h: Add hx509_crl.
+
+ * hxtool-commands.in: Add crl-sign commands.
+
+ * revoke.c: Support to generate an empty CRL.
+
+ * tst-crypto-select2: Switched default types.
+
+ * tst-crypto-select1: Switched default types.
+
+ * ca.c: Use default AlgorithmIdentifier.
+
+ * cms.c: Use default AlgorithmIdentifier.
+
+ * crypto.c: Provide default AlgorithmIdentifier and use them.
+
+ * hx_locl.h: Provide default AlgorithmIdentifier.
+
+ * keyset.c (hx509_certs_find): collects stats for queries.
+
+ * cert.c: Sort and print more info.
+
+ * hx_locl.h: Add querystat to hx509_context.
+
+ * test_*.in: sprinle stat saveing
+
+ * Makefile.am: Add stat and objdir.
+
+ * collector.c (_hx509_collector_alloc): return error code instead
+ of pointer.
+
+ * hxtool.c: Add statistic hook.
+
+ * ks_file.c: Update _hx509_collector_alloc prototype.
+
+ * ks_p12.c: Update _hx509_collector_alloc prototype.
+
+ * ks_p11.c: Update _hx509_collector_alloc prototype.
+
+ * hxtool-commands.in: Add statistics hook.
+
+ * cert.c: Statistics printing.
+
+ * ks_p12.c: plug memory leak
+
+ * ca.c (hx509_ca_tbs_add_crl_dp_uri): plug memory leak
+
+2007-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c: print utf8 type SAN's
+
+ * Makefile.am: Fix windows client cert name.
+
+ * test_windows.in: Add crl-uri for the ee certs.
+
+ * print.c: Printf formating.
+
+ * ca.c: Add glue for adding CRL dps.
+
+ * test_ca.in: Readd the crl adding code, it works (somewhat) now.
+
+ * print.c: Fix printing of CRL DPnames (I hate IMPLICIT encoded
+ structures).
+
+ * hxtool-commands.in: make ca and alias of certificate-sign
+
+2007-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c (hx509_crypto_select): copy AI to the right place.
+
+ * hxtool-commands.in: Add ca --ms-upn.
+
+ * hxtool.c: add --ms-upn and add more EKU's for pk-init client.
+
+ * ca.c: Add hx509_ca_tbs_add_san_ms_upn and refactor code.
+
+ * test_crypto.in: Resurect killed e.
+
+ * test_crypto.in: check for aes256-cbc
+
+ * tst-crypto-select7: check for aes256-cbc
+
+ * test_windows.in: test windows stuff
+
+ * hxtool.c: add ca --domain-controller option, add secret key
+ option to avaible.
+
+ * ca.c: Add hx509_ca_tbs_set_domaincontroller.
+
+ * hxtool-commands.in: add ca --domain-controller
+
+ * hxtool.c: hook for testing secrety key algs
+
+ * crypto.c: Add selection code for secret key crypto.
+
+ * hx509.h: Add HX509_SELECT_SECRET_ENC.
+
+2007-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: add more mechtypes
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c: Indent.
+
+ * hxtool-commands.in: add test-crypto command
+
+ * hxtool.c: test crypto command
+
+ * cms.c (hx509_cms_create_signed_1): if no eContentType is given,
+ use pkcs7-data.
+
+ * print.c: add Netscape cert comment
+
+ * crypto.c: Try both the empty password and the NULL
+ password (nothing vs the octet string \x00\x00).
+
+ * print.c: Add some US Fed PKI oids.
+
+ * ks_p11.c: Add some more hashes.
+
+2007-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c (crypto_select): stop memory leak
+
+2007-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * peer.c (hx509_peer_info_free): free memory used too
+
+ * hxtool.c (crypto_select): only free peer if it was used.
+
+2007-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: free template
+
+ * ks_mem.c (mem_free): free key array too
+
+ * hxtool.c: free private key and tbs
+
+ * hxtool.c (hxtool_ca): free signer
+
+ * hxtool.c (crypto_available): free peer too.
+
+ * ca.c (get_AuthorityKeyIdentifier): leak less memory
+
+ * hxtool.c (hxtool_ca): free SPKI
+
+ * hxtool.c (hxtool_ca): free cert
+
+ * ks_mem.c (mem_getkeys): allocate one more the we have elements
+ so its possible to store the NULL pointer at the end.
+
+2007-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: CLEANFILES += cert-null.pem cert-sub-ca2.pem
+
+2007-02-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ca.c: Disable CRLDistributionPoints for now, its IMPLICIT code
+ in the asn1 parser.
+
+ * print.c: Add some more \n's.
+
+2007-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * file.c: Allow mapping using heim_octet_string.
+
+ * hxtool.c: Add options to generate detached signatures.
+
+ * cms.c: Add flags to generate detached signatures.
+
+ * hx509.h: Flag to generate detached signatures.
+
+ * test_cms.in: Support detached sigatures.
+
+ * name.c (hx509_general_name_unparse): unparse the other
+ GeneralName nametypes.
+
+ * print.c: Use less printf. Use hx509_general_name_unparse.
+
+ * cert.c: Fix printing and plug leak-on-error.
+
+2007-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ca.in: Add test for ca --crl-uri.
+
+ * hxtool.c: Add ca --crl-uri.
+
+ * hxtool-commands.in: add ca --crl-uri
+
+ * ca.c: Code to set CRLDistributionPoints in certificates.
+
+ * print.c: Check CRLDistributionPointNames.
+
+ * name.c (hx509_general_name_unparse): function for unparsing
+ GeneralName, only supports GeneralName.URI
+
+ * cert.c (is_proxy_cert): free info if we wont return it.
+
+2007-01-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Try to help how to use this command.
+
+2007-01-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * switch to sha256 as default digest for signing
+
+2007-01-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ca.in: Really test sub-ca code, add basic constraints tests
+
+2007-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Fix makefile problem.
+
+2007-01-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Set num of bits before we generate the key.
+
+2007-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c (hx509_cms_create_signed_1): use hx509_cert_binary
+
+ * ks_p12.c (store_func): use hx509_cert_binary
+
+ * ks_file.c (store_func): use hx509_cert_binary
+
+ * cert.c (hx509_cert_binary): return binary encoded
+ certificate (DER format)
+
+2007-01-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ca.c (hx509_ca_tbs_subject_expand): new function.
+
+ * name.c (hx509_name_expand): if env is NULL, return directly
+
+ * test_ca.in: test template handling
+
+ * hx509.h: Add template flags.
+
+ * Makefile.am: clean out new files
+
+ * hxtool.c: Add certificate template processing, fix hx509_err
+ usage.
+
+ * hxtool-commands.in: Add certificate template processing.
+
+ * ca.c: Add certificate template processing. Fix return messages
+ from hx509_ca_tbs_add_eku.
+
+ * cert.c: Export more stuff from certificate.
+
+2007-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ca.c: update (c)
+
+ * ca.c: (hx509_ca_tbs_add_eku): filter out dups.
+
+ * hxtool.c: Add type email and add email eku when using option
+ --email.
+
+ * Makefile.am: add env.c
+
+ * name.c: Remove abort, add error handling.
+
+ * test_name.c: test name expansion
+
+ * name.c: add hx509_name_expand
+
+ * env.c: key-value pair help functions
+
+2007-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ca.c: Don't issue certs with subject DN that is NULL and have no
+ SANs
+
+ * print.c: Fix previous test.
+
+ * print.c: Check there is a SAN if subject DN is NULL.
+
+ * test_ca.in: test email, null subject dn
+
+ * hxtool.c: Allow setting parameters to private key generation.
+
+ * hx_locl.h: Allow setting parameters to private key generation.
+
+ * crypto.c: Allow setting parameters to private key generation.
+
+ * hxtool.c (eval_types): add jid if user gave one
+
+ * hxtool-commands.in (certificate-sign): add --jid
+
+ * ca.c (hx509_ca_tbs_add_san_jid): Allow adding
+ id-pkix-on-xmppAddr OtherName.
+
+ * print.c: Print id-pkix-on-xmppAddr OtherName.
+
+2007-01-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * no random, no RSA/DH tests
+
+ * hxtool.c (info): print status of random generator
+
+ * Makefile.am: remove files created by tests
+
+ * error.c: constify
+
+ * name.c: constify
+
+ * revoke.c: constify
+
+ * hx_locl.h: constify
+
+ * keyset.c: constify
+
+ * ks_p11.c: constify
+
+ * hx_locl.h: make printinfo char * argument const.
+
+ * cms.c: move _hx509_set_digest_alg from cms.c to crypto.c since
+ its only used there.
+
+ * crypto.c: remove no longer used stuff, move set_digest_alg here
+ from cms.c since its only used here.
+
+ * Makefile.am: add data/test-nopw.p12 to EXTRA_DIST
+
+2007-01-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c: BasicConstraints vs criticality bit is complicated and
+ not really possible to evaluate on its own, silly RFC3280.
+
+ * ca.c: Make basicConstraints critical if this is a CA.
+
+ * print.c: fix the version vs extension test
+
+ * print.c: More validation checks.
+
+ * name.c (hx509_name_cmp): add
+
+2007-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c (collect_private_key): Missing CKA_MODULUS is ok
+ too (XXX why should these be fetched given they are not used).
+
+ * test_ca.in: rename all files to PEM files, since that is what
+ they are.
+
+ * hxtool.c: copy out the key with the self signed CA cert
+
+ * Factor out private key operation out of the signing, operations,
+ support import, export, and generation of private keys. Add
+ support for writing PEM and PKCS12 files with private keys in them.
+
+ * data/gen-req.sh: Generate a no password pkcs12 file.
+
+2007-01-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: Check for internal ASN1 encoder error.
+
+2007-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Drop most of the pkcs11 files.
+
+ * test_ca.in: test reissueing ca certificate (xxx time
+ validAfter).
+
+ * hxtool.c: Allow setting serialNumber (needed for reissuing
+ certificates) Change --key argument to --out-key.
+
+ * hxtool-commands.in (issue-certificate): Allow setting
+ serialNumber (needed for reissuing certificates), Change --key
+ argument to --out-key.
+
+ * ref: Replace with Marcus Brinkmann of g10 Code GmbH pkcs11
+ headerfile that is compatible with GPL (file taken from scute)
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ca.in: Test to generate key and use them.
+
+ * hxtool.c: handle other keys the pkcs10 requested keys
+
+ * hxtool-commands.in: add generate key commands
+
+ * req.c (_hx509_request_to_pkcs10): PKCS10 needs to have a subject
+
+ * hxtool-commands.in: Spelling.
+
+ * ca.c (hx509_ca_tbs_set_proxy): allow negative pathLenConstraint
+ to signal no limit
+
+ * ks_file.c: Try all formats on the binary file before giving up,
+ this way we can handle binary rsa keys too.
+
+ * data/key2.der: new test key
+
+2007-01-04 David Love <fx at gnu.org>
+
+ * Makefile.am (hxtool_LDADD): Add libasn1.la
+
+ * hxtool.c (pcert_verify): Fix format string.
+
+2006-12-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Allow setting path length
+
+ * cert.c: Fix test for proxy certs chain length, it was too
+ restrictive.
+
+ * data: regen
+
+ * data/openssl.cnf: (proxy_cert) make length 0
+
+ * test_ca.in: Issue a long living cert.
+
+ * hxtool.c: add --lifetime to ca command.
+
+ * hxtool-commands.in: add --lifetime to ca command.
+
+ * ca.c: allow setting notBefore and notAfter.
+
+ * test_ca.in: Test generation of proxy certificates.
+
+ * ca.c: Allow generation of proxy certificates, always include
+ BasicConstraints, fix error codes.
+
+ * hxtool.c: Allow generation of proxy certificates.
+
+ * test_name.c: make hx509_parse_name take a hx509_context.
+
+ * name.c: Split building RDN to a separate function.
+
+2006-12-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: clean test_ca files.
+
+ * test_ca.in: test issuing self-signed and CA certificates.
+
+ * hxtool.c: Add bits to allow issuing self-signed and CA
+ certificates.
+
+ * hxtool-commands.in: Add bits to allow issuing self-signed and CA
+ certificates.
+
+ * ca.c: Add bits to allow issuing CA certificates.
+
+ * revoke.c: use new OCSPSigning.
+
+ * ca.c: Add Subject Key Identifier.
+
+ * ca.c: Add Authority Key Identifier.
+
+ * cert.c: Locally export _hx509_find_extension_subject_key_id.
+ Handle AuthorityKeyIdentifier where only authorityCertSerialNumber
+ and authorityCertSerialNumber is set.
+
+ * hxtool-commands.in: Add dnsname and rfc822 SANs.
+
+ * test_ca.in: Test dnsname and rfc822 SANs.
+
+ * ca.c: Add dnsname and rfc822 SANs.
+
+ * hxtool.c: Add dnsname and rfc822 SANs.
+
+ * test_ca.in: test adding eku, ku and san to the
+ certificate (https and pk-init)
+
+ * hxtool.c: Add eku, ku and san to the certificate.
+
+ * ca.c: Add eku, ku and san to the certificate.
+
+ * hxtool-commands.in: Add --type and --pk-init-principal
+
+ * ocsp.asn1: remove id-kp-OCSPSigning, its in rfc2459.asn1 now
+
+2006-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ca.c: Add KeyUsage extension.
+
+ * Makefile.am: add ca.c, add sign-certificate tests.
+
+ * crypto.c: Add _hx509_create_signature_bitstring.
+
+ * hxtool-commands.in: Add the sign-certificate tool.
+
+ * hxtool.c: Add the sign-certificate tool.
+
+ * cert.c: Add HX509_QUERY_OPTION_KU_KEYCERTSIGN.
+
+ * hx509.h: Add hx509_ca_tbs and HX509_QUERY_OPTION_KU_KEYCERTSIGN.
+
+ * test_ca.in: Basic test of generating a pkcs10 request, signing
+ it and verifying the chain.
+
+ * ca.c: Naive certificate signer.
+
+2006-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: add hxtool_hex
+
+2006-12-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: use top_builddir for libasn1.la
+
+2006-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c (print_certificate): print serial number.
+
+ * name.c (no): add S=stateOrProvinceName
+
+2006-12-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c (_hx509_private_key_assign_rsa): set a default sig alg
+
+ * ks_file.c (try_decrypt): pass down AlgorithmIdentifier that key
+ uses to do sigatures so there is no need to hardcode RSA into this
+ function.
+
+2006-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_file.c: Pass filename to the parse functions and use it in
+ the error messages
+
+ * test_chain.in: test proxy cert (third level)
+
+ * hx509_err.et: fix errorstring for PROXY_CERT_NAME_WRONG
+
+ * data: regen
+
+ * Makefile.am: EXTRA_DIST: add
+ data/proxy10-child-child-test.{key,crt}
+
+ * data/gen-req.sh: Fix names and restrictions on the proxy
+ certificates
+
+ * cert.c: Clairfy and make proxy cert handling work for multiple
+ levels, before it was too restrictive. More helpful error message.
+
+2006-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c (check_key_usage): tell what keyusages are missing
+
+ * print.c: Split OtherName printing code to a oid lookup and print
+ function.
+
+ * print.c (Time2string): print hour as hour not min
+
+ * Makefile.am: CLEANFILES += test
+
+2006-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (EXTRA_DIST): add data/pkinit-proxy* files
+
+ * Makefile.am (EXTRA_DIST): add tst-crypto* files
+
+ * cert.c (hx509_query_match_issuer_serial): make a copy of the
+ data
+
+ * cert.c (hx509_query_match_issuer_serial): allow matching on
+ issuer and serial num
+
+ * cert.c (_hx509_calculate_path): add flag to allow leaving out
+ trust anchor
+
+ * cms.c (hx509_cms_create_signed_1): when building the path, omit
+ the trust anchors.
+
+ * crypto.c (rsa_create_signature): Abort when signature is longer,
+ not shorter.
+
+ * cms.c: Provide time to _hx509_calculate_path so we don't send no
+ longer valid certs to our peer.
+
+ * cert.c (find_parent): when checking for certs and its not a
+ trust anchor, require time be in range.
+ (_hx509_query_match_cert): Add time validity-testing to query mask
+
+ * hx_locl.h: add time validity-testing to query mask
+
+ * test_cms.in: Tests for CMS SignedData with incomplete chain from
+ the signer.
+
+2006-11-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c (hx509_cms_verify_signed): specify what signature we
+ failed to verify
+
+ * Makefile.am: Depend on LIB_com_err for AIX.
+
+ * keyset.c: Remove anther strndup that causes AIX to fall over.
+
+ * cert.c: Don't check the trust anchors expiration time since they
+ are transported out of band, from RFC3820.
+
+ * cms.c: sprinkle more error strings
+
+ * crypto.c: sprinkle more error strings
+
+ * hxtool.c: use unsigned int as counter to fit better with the
+ asn1 compiler
+
+ * crypto.c: use unsigned int as counter to fit better with the
+ asn1 compiler
+
+2006-11-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: Remove trailing white space.
+
+ * crypto.c: rewrite comment to make more sense
+
+ * crypto.c (hx509_crypto_select): check sig_algs[j]->key_oid
+
+ * hxtool-commands.in (crypto-available): add --type
+
+ * crypto.c (hx509_crypto_available): let alg pass if its keyless
+
+ * hxtool-commands.in: Expand crypto-select
+
+ * cms.c: Rename hx509_select to hx509_crypto_select.
+
+ * hxtool-commands.in: Add crypto-select and crypto-available.
+
+ * hxtool.c: Add crypto-select and crypto-available.
+
+ * crypto.c (hx509_crypto_available): use right index.
+ (hx509_crypto_free_algs): new function
+
+ * crypto.c (hx509_crypto_select): improve
+ (hx509_crypto_available): new function
+
+2006-11-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c: Sprinkle more error string and hx509_contexts.
+
+ * cms.c: Sprinkle more error strings.
+
+ * crypto.c: Sprinkle error string and hx509_contexts.
+
+ * crypto.c: Add some more comments about how this works.
+
+ * crypto.c (hx509_select): new function.
+
+ * Makefile.am: add peer.c
+
+ * hxtool.c: Update hx509_cms_create_signed_1.
+
+ * hx_locl.h: add struct hx509_peer_info
+
+ * peer.c: Allow selection of digest/sig-alg
+
+ * cms.c: Allow selection of a better digest using hx509_peer_info.
+
+ * revoke.c: Handle that _hx509_verify_signature takes a context.
+
+ * cert.c: Handle that _hx509_verify_signature takes a context.
+
+2006-11-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: Sprinkle error strings.
+
+ * crypto.c: Sprinkle context and error strings.
+
+2006-11-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * name.c: Handle printing and parsing raw oids in name.
+
+2006-11-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c (_hx509_calculate_path): allow to calculate optimistic
+ path when we don't know the trust anchors, just follow the chain
+ upward until we no longer find a parent or we hit the max limit.
+
+ * cms.c (hx509_cms_create_signed_1): provide a best effort path to
+ the trust anchors to be stored in the SignedData packet, if find
+ parents until trust anchor or max length.
+
+ * data: regen
+
+ * data/gen-req.sh: Build pk-init proxy cert.
+
+2006-11-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * error.c (hx509_get_error_string): Put ", " between strings in
+ error message.
+
+2006-11-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * data/openssl.cnf: Change realm to TEST.H5L.SE
+
+2006-11-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * revoke.c: Sprinkle error strings.
+
+2006-11-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hx_locl.h: add context variable to cmp function.
+
+ * cert.c (hx509_query_match_cmp_func): allow setting the match
+ function.
+
+2006-10-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: Return less EINVAL.
+
+ * hx509_err.et: add more pkcs11 errors
+
+ * hx509_err.et: more error-codes
+
+ * revoke.c: Return less EINVAL.
+
+ * ks_dir.c: sprinkel more hx509_set_error_string
+
+ * ks_file.c: Return less EINVAL.
+
+ * hxtool.c: Pass in context to _hx509_parse_private_key.
+
+ * ks_file.c: Sprinkle more hx509_context so we can return propper
+ errors.
+
+ * hx509_err.et: add HX509_PARSING_KEY_FAILED
+
+ * crypto.c: Sprinkle more hx509_context so we can return propper
+ errors.
+
+ * collector.c: No more EINVAL.
+
+ * hx509_err.et: add HX509_LOCAL_ATTRIBUTE_MISSING
+
+ * cert.c (hx509_cert_get_base_subject): one less EINVAL
+ (_hx509_cert_private_decrypt): one less EINVAL
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * collector.c: indent
+
+ * hxtool.c: Try to not leak memory.
+
+ * req.c: clean memory before free
+
+ * crypto.c (_hx509_private_key2SPKI): indent
+
+ * req.c: Try to not leak memory.
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_crypto.in: Read 50 kilobyte random data
+
+ * revoke.c: Try to not leak memory.
+
+ * hxtool.c: Try to not leak memory.
+
+ * crypto.c (hx509_crypto_destroy): free oid.
+
+ * error.c: Clean error string on failure just to make sure.
+
+ * cms.c: Try to not leak memory (again).
+
+ * hxtool.c: use a sensable content type
+
+ * cms.c: Try harder to free certificate.
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add make check data.
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c (p11_list_keys): make element of search_data[0]
+ constants and set them later
+
+ * Makefile.am: Add more files.
+
+2006-10-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_file.c: set ret, remember to free ivdata
+
+2006-10-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hx_locl.h: Include <parse_bytes.h>.
+
+ * test_crypto.in: Test random-data.
+
+ * hxtool.c: RAND_bytes() return 1 for cryptographic strong data,
+ check for that.
+
+ * Makefile.am: clean random-data
+
+ * hxtool.c: Add random-data command, use sl_slc_help.
+
+ * hxtool-commands.in: Add random-data.
+
+ * ks_p12.c: Remember to release certs.
+
+ * ks_p11.c: Remember to release certs.
+
+2006-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * prefix der primitives with der_
+
+ * lock.c: Match the prompt type PROMPT exact.
+
+ * hx_locl.h: Drop heim_any.h
+
+2006-10-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c (p11_release_module): j needs to be used as inter loop
+ index. From Douglas Engert.
+
+ * ks_file.c (parse_rsa_private_key): try all passwords and
+ prompter.
+
+2006-10-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_*.in: Parameterise the invocation of hxtool, so we can make
+ it run under TESTS_ENVIRONMENT. From Andrew Bartlett
+
+2006-10-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_crypto.in: Put all test stuck at 2006-09-25 since all their
+ chains where valied then.
+
+ * hxtool.c: Implement --time= option.
+
+ * hxtool-commands.in: Add option time.
+
+ * Makefile.am: test_name is a PROGRAM_TESTS
+
+ * ks_p11.c: Return HX509_PKCS11_NO_SLOT when there are no slots
+ and HX509_PKCS11_NO_TOKEN when there are no token. For use in PAM
+ modules that want to detect when to use smartcard login and when
+ not to. Patched based on code from Douglas Engert.
+
+ * hx509_err.et: Add new pkcs11 related errors in a new section:
+ keystore related error. Patched based on code from Douglas
+ Engert.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Make depenency for slc built files just like
+ everywhere else.
+
+ * cert.c: Add all openssl algs and init asn1 et
+
+2006-10-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_file.c (parse_rsa_private_key): free type earlier.
+
+ * ks_file.c (parse_rsa_private_key): free type after use
+
+ * name.c (_hx509_Name_to_string): remove dup const
+
+2006-10-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add more libs to libhx509
+
+2006-10-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: Fix double free's, NULL ptr de-reference, and conform
+ better to pkcs11. From Douglas Engert.
+
+ * ref: remove ^M, it breaks solaris 10s cc. From Harald Barth
+
+2006-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp
+ Weinmann and Andrew Pyshkin, pad right.
+
+ * data: starfield test root cert and Ralf-Philipp and Andreis
+ correctly padded bad cert
+
+2006-09-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_crypto.in: Add test for yutaka certs.
+
+ * cert.c: Add a strict rfc3280 verification flag. rfc3280 requires
+ certificates to have KeyUsage.keyCertSign if they are to be used
+ for signing of certificates, but the step in the verifiation is
+ optional.
+
+ * hxtool.c: Improve printing and error reporting.
+
+2006-09-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem:
+ test bleichenbacher from eay
+
+2006-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Make common function for all getarg_strings and
+ hx509_certs_append commonly used.
+
+ * cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative
+ flag, treat it was such.
+
+2006-09-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * req.c: Use the new add_GeneralNames function.
+
+ * hx509.h: Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
+
+ * ks_p12.c: Adapt to new signature of hx509_cms_unenvelope.
+
+ * hxtool.c: Adapt to new signature of hx509_cms_unenvelope.
+
+ * cms.c: Allow passing in encryptedContent and flag. Add new flag
+ HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
+
+2006-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: cast void * to char * when using it for %s formating
+ in printf.
+
+ * name.c: New function _hx509_Name_to_string.
+
+2006-09-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_file.c: Sprinkle error messages.
+
+ * cms.c: Sprinkle even more error messages.
+
+ * cms.c: Sprinkle some error messages.
+
+ * cms.c (find_CMSIdentifier): only free string when we allocated
+ one.
+
+ * ks_p11.c: Don't build most of the pkcs11 module if there are no
+ dlopen().
+
+2006-09-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c (hx509_cms_unenvelope): try to save the error string from
+ find_CMSIdentifier so we have one more bit of information what
+ went wrong.
+
+ * hxtool.c: More pretty printing, make verify_signed return the
+ error string from the library.
+
+ * cms.c: Try returning what certificates failed to parse or be
+ found.
+
+ * ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the
+ friendlyname for the certificate.
+
+2006-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c: check that there are no extra bytes in the checksum
+ and that the parameters are NULL or the NULL-type. All to avoid
+ having excess data that can be used to fake the signature.
+
+ * hxtool.c: print keyusage
+
+ * print.c: add hx509_cert_keyusage_print, simplify oid printing
+
+ * cert.c: add _hx509_cert_get_keyusage
+
+ * ks_p11.c: keep one session around for the whole life of the keyset
+
+ * test_query.in: tests more selection
+
+ * hxtool.c: improve pretty printing in print and query
+
+ * hxtool{.c,-commands.in}: add selection on KU and printing to query
+
+ * test_cms.in: Add cms test for digitalSignature and
+ keyEncipherment certs.
+
+ * name.c (no): Add serialNumber
+
+ * ks_p11.c (p11_get_session): return better error messages
+
+2006-09-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ref: update to pkcs11 reference files 2.20
+
+ * ks_p11.c: add more mechflags
+
+ * name.c (no): add OU and sort
+
+ * revoke.c: pass context to _hx509_create_signature
+
+ * ks_p11.c (p11_printinfo): print proper plural s
+
+ * ks_p11.c: save the mechs supported when initing the token, print
+ them in printinfo.
+
+ * hx_locl.h: Include <parse_units.h>.
+
+ * cms.c: pass context to _hx509_create_signature
+
+ * req.c: pass context to _hx509_create_signature
+
+ * keyset.c (hx509_certs_info): print information about the keyset.
+
+ * hxtool.c (pcert_print) print keystore info when --info flag is
+ given.
+
+ * hxtool-commands.in: Add hxtool print --info.
+
+ * test_query.in: Test hxtool print --info.
+
+ * hx_locl.h (hx509_keyset_ops): add printinfo
+
+ * crypto.c: Start to hang the private key operations of the
+ private key, pass hx509_context to create_checksum.
+
+2006-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: Iterate over all slots, not just the first/selected
+ one.
+
+2006-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c: Add release function for certifiates so backend knowns
+ when its no longer used.
+
+ * ks_p11.c: Add reference counting on certifiates, push out
+ CK_SESSION_HANDLE from slot.
+
+ * cms.c: sprinkle more hx509_clear_error_string
+
+2006-05-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: Sprinkle some hx509_set_error_strings
+
+2006-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Avoid shadowing.
+
+ * revoke.c: Avoid shadowing.
+
+ * ks_file.c: Avoid shadowing.
+
+ * cert.c: Avoid shadowing.
+
+2006-05-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning
+
+ * hx509.h: Reshuffle the prompter types, remove the hidden field.
+
+ * lock.c (hx509_prompt_hidden): return if the prompt should be
+ hidden or not
+
+ * revoke.c (hx509_revoke_free): allow free of NULL.
+
+2006-05-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_file.c (file_init): Avoid shadowing ret (and thus avoiding
+ crashing).
+
+ * ks_dir.c: Implement DIR: caches useing FILE: caches.
+
+ * ks_p11.c: Catch more errors.
+
+2006-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c (hx509_crypto_encrypt): free correctly in error
+ path. From Andrew Bartlett.
+
+ * crypto.c: If RAND_bytes fails, then we will attempt to
+ double-free crypt->key.data. From Andrew Bartlett.
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * name.c: Rename u_intXX_t to uintXX_t
+
+2006-05-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * TODO: More to do about the about the PKCS11 code.
+
+ * ks_p11.c: Use the prompter from the lock function.
+
+ * lock.c: Deal with that hx509_prompt.reply is no longer a
+ pointer.
+
+ * hx509.h: Make hx509_prompt.reply not a pointer.
+
+2006-05-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * keyset.c: Sprinkle setting error strings.
+
+ * crypto.c: Sprinkle setting error strings.
+
+ * collector.c: Sprinkle setting error strings.
+
+ * cms.c: Sprinkle setting error strings.
+
+2006-05-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_name.c: renamed one error code
+
+ * name.c: renamed one error code
+
+ * ks_p11.c: _hx509_set_cert_attribute changed signature
+
+ * hxtool.c (pcert_print): use hx509_err so I can test it
+
+ * error.c (hx509_set_error_stringv): clear errors on malloc
+ failure
+
+ * hx509_err.et: Add some more errors
+
+ * cert.c: Sprinkle setting error strings.
+
+ * cms.c: _hx509_path_append changed signature.
+
+ * revoke.c: changed signature of _hx509_check_key_usage
+
+ * keyset.c: changed signature of _hx509_query_match_cert
+
+ * hx509.h: Add support for error strings.
+
+ * cms.c: changed signature of _hx509_check_key_usage
+
+ * Makefile.am: ibhx509_la_files += error.c
+
+ * ks_file.c: Sprinkel setting error strings.
+
+ * cert.c: Sprinkel setting error strings.
+
+ * hx_locl.h: Add support for error strings.
+
+ * error.c: Add string error handling functions.
+
+ * keyset.c (hx509_certs_init): pass the right error code back
+
+2006-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * revoke.c: Revert previous patch.
+ (hx509_ocsp_verify): new function that returns the expiration of
+ certificate in ocsp data-blob
+
+ * cert.c: Reverse previous patch, lets do it another way.
+
+ * cert.c (hx509_revoke_verify): update usage
+
+ * revoke.c: Make compile.
+
+ * revoke.c: Add the expiration time the crl/ocsp info expire
+
+ * name.c: Add hx509_name_is_null_p
+
+ * cert.c: remove _hx509_cert_private_sigature
+
+2006-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * name.c: Expose more of Name.
+
+ * hxtool.c (main): add missing argument to printf
+
+ * data/openssl.cnf: Add EKU for the KDC certificate
+
+ * cert.c (hx509_cert_get_base_subject): reject un-canon proxy
+ certs, not the reverse
+ (add_to_list): constify and fix argument order to
+ copy_octet_string
+ (hx509_cert_find_subjectAltName_otherName): make work
+
+2006-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * data/{pkinit,kdc}.{crt,key}: pkinit certificates
+
+ * data/gen-req.sh: Generate pkinit certificates.
+
+ * data/openssl.cnf: Add pkinit glue.
+
+ * cert.c (hx509_verify_hostname): implement stub function
+
+2006-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * TODO: CRL delta support
+
+2006-04-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * data/.cvsignore: ignore leftover from OpenSSL cert generation
+
+ * hx509_err.et: Add name malformated error
+
+ * name.c (hx509_parse_name): don't abort on error, rather return
+ error
+
+ * test_name.c: Test failure parsing name.
+
+ * cert.c: When verifying certificates, store subject basename for
+ later consumption.
+
+ * test_name.c: test to parse and print name and check that they
+ are the same.
+
+ * name.c (hx509_parse_name): fix length argument to printf string
+
+ * name.c (hx509_parse_name): fix length argument to stringtooid, 1
+ too short.
+
+ * cert.c: remove debug printf's
+
+ * name.c (hx509_parse_name): make compile pre c99
+
+ * data/gen-req.sh: OpenSSL have a serious issue of user confusion
+ -subj in -ca takes the arguments in LDAP order. -subj for x509
+ takes it in x509 order.
+
+ * cert.c (hx509_verify_path): handle the case where the where two
+ proxy certs in a chain.
+
+ * test_chain.in: enable two proxy certificates in a chain test
+
+ * test_chain.in: tests proxy certificates
+
+ * data: re-gen
+
+ * data/gen-req.sh: build proxy certificates
+
+ * data/openssl.cnf: add def for proxy10_cert
+
+ * hx509_err.et: Add another proxy certificate error.
+
+ * cert.c (hx509_verify_path): Need to mangle name to remove the CN
+ of the subject, copying issuer only works for one level but is
+ better then doing no checking at all.
+
+ * hxtool.c: Add verify --allow-proxy-certificate.
+
+ * hxtool-commands.in: add verify --allow-proxy-certificate
+
+ * hx509_err.et: Add proxy certificate errors.
+
+ * cert.c: Fix comment about subject name of proxy certificate.
+
+ * test_chain.in: tests for proxy certs
+
+ * data/gen-req.sh: gen proxy and non-proxy tests certificates
+
+ * data/openssl.cnf: Add definition for proxy certs
+
+ * data/*proxy-test.*: Add proxy certificates
+
+ * cert.c (hx509_verify_path): verify proxy certificate have no san
+ or ian
+
+ * cert.c (hx509_verify_set_proxy_certificate): Add
+ (*): rename policy cert to proxy cert
+
+ * cert.c: Initial support for proxy certificates.
+
+2006-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: some error checking
+
+ * name.c: Switch over to asn1 generaed oids.
+
+ * TODO: merge with old todo file
+
+2006-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_query.in: make quiet
+
+ * test_req.in: SKIP test if there is no RSA support.
+
+ * hxtool.c: print dh method too
+
+ * test_chain.in: SKIP test if there is no RSA support.
+
+ * test_cms.in: SKIP test if there is no RSA support.
+
+ * test_nist.in: SKIP test if there is no RSA support.
+
+2006-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool-commands.in: Allow passing in pool and anchor to
+ signedData
+
+ * hxtool.c: Allow passing in pool and anchor to signedData
+
+ * test_cms.in: Test that certs in signed data is picked up.
+
+ * hx_locl.h: Expose the path building function to internal
+ functions.
+
+ * cert.c: Expose the path building function to internal functions.
+
+ * hxtool-commands.in: cms-envelope: Add support for choosing the
+ encryption type
+
+ * hxtool.c (cms_create_enveloped): Add support for choosing the
+ encryption type
+
+ * test_cms.in: Test generating des-ede3 aes-128 aes-256 enveloped
+ data
+
+ * crypto.c: Add names to cipher types.
+
+ * cert.c (hx509_query_match_friendly_name): fix return value
+
+ * data/gen-req.sh: generate tests for enveloped data using
+ des-ede3 and aes256
+
+ * test_cms.in: add tests for enveloped data using des-ede3 and
+ aes256
+
+ * cert.c (hx509_query_match_friendly_name): New function.
+
+2006-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c: Add support for parsing slot-number.
+
+ * crypto.c (oid_private_rc2_40): simply
+
+ * crypto.c: Use oids from asn1 generator.
+
+ * ks_file.c (file_init): reset length when done with a part
+
+ * test_cms.in: check with test.combined.crt.
+
+ * data/gen-req.sh: Create test.combined.crt.
+
+ * test_cms.in: Test signed data using keyfile that is encrypted.
+
+ * ks_file.c: Remove (commented out) debug printf
+
+ * ks_file.c (parse_rsa_private_key): use EVP_get_cipherbyname
+
+ * ks_file.c (parse_rsa_private_key): make working for one
+ password.
+
+ * ks_file.c (parse_rsa_private_key): Implement enought for
+ testing.
+
+ * hx_locl.h: Add <ctype.h>
+
+ * ks_file.c: Add glue code for PEM encrypted password files.
+
+ * test_cms.in: Add commeted out password protected PEM file,
+ remove password for those tests that doesn't need it.
+
+ * test_cms.in: adapt test now that we can use any certificate and
+ trust anchor
+
+ * collector.c: handle PEM RSA PRIVATE KEY files
+
+ * cert.c: Remove unused function.
+
+ * ks_dir.c: move code here from ks_file.c now that its no longer
+ used.
+
+ * ks_file.c: Add support for parsing unencrypted RSA PRIVATE KEY
+
+ * crypto.c: Handle rsa private keys better.
+
+2006-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo
+
+ * cms.c: Make hx509_cms_{,un}wrap_ContentInfo usable in asn1
+ un-aware code.
+
+ * cert.c (hx509_verify_path): if trust anchor is not self signed,
+ don't check sig From Douglas Engert.
+
+ * test_chain.in: test "sub-cert -> sub-ca"
+
+ * crypto.c: Use the right length for the sha256 checksums.
+
+2006-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c: Fix breakage from sha256 code.
+
+ * crypto.c: Add SHA256 support, and symbols for the other new
+ SHA-2 types.
+
+2006-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data
+
+ * data/test-enveloped-rc2-{40,64,128}: add tests cases for rc2
+
+ * cms.c: Update prototypes changes for hx509_crypto_[gs]et_params.
+
+ * crypto.c: Break out the parameter handling code for encrypting
+ data to handle RC2. Needed for Windows 2k pk-init support.
+
+2006-04-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Split libhx509_la_SOURCES into build file and
+ distributed files so we can avoid building prototypes for
+ build-files.
+
+2006-04-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * TODO: split certificate request into pkcs10 and CRMF
+
+ * hxtool-commands.in: Add nonce flag to ocsp-fetch
+
+ * hxtool.c: control sending nonce
+
+ * hxtool.c (request_create): store the request in a file, no in
+ bitbucket.
+
+ * cert.c: expose print_cert_subject internally
+
+ * hxtool.c: Add ocsp_print.
+
+ * hxtool-commands.in: New command "ocsp-print".
+
+ * hx_locl.h: Include <hex.h>.
+
+ * revoke.c (verify_ocsp): require issuer to match too.
+ (free_ocsp): new function
+ (hx509_revoke_ocsp_print): new function, print ocsp reply
+
+ * Makefile.am: build CRMF files
+
+ * data/key.der: needed for cert request test
+
+ * test_req.in: adapt to rename of pkcs10-create to request-create
+
+ * hxtool.c: adapt to rename of pkcs10-create to request-create
+
+ * hxtool-commands.in: Rename pkcs10-create to request-create
+
+ * crypto.c: (_hx509_parse_private_key): Avoid crashing on bad input.
+
+ * hxtool.c (pkcs10_create): use opt->subject_string
+
+ * hxtool-commands.in: Add pkcs10-create --subject
+
+ * Makefile.am: Add test_req to tests.
+
+ * test_req.in: Test for pkcs10 commands.
+
+ * name.c (hx509_parse_name): new function.
+
+ * hxtool.c (pkcs10_create): implement
+
+ * hxtool-commands.in (pkcs10-create): Add arguments
+
+ * crypto.c: Add _hx509_private_key2SPKI and support
+ functions (only support RSA for now).
+
+2006-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool-commands.in: Add pkcs10-create command.
+
+ * hx509.h: Add hx509_request.
+
+ * TODO: more stuff
+
+ * Makefile.am: Add req.c
+
+ * req.c: Create certificate requests, prototype converts the
+ request in a pkcs10 packet.
+
+ * hxtool.c: Add pkcs10_create
+
+ * name.c (hx509_name_copy): new function.
+
+2006-04-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * TODO: fill out what do
+
+ * hxtool-commands.in: add pkcs10-print
+
+ * hx_locl.h: Include <pkcs10_asn1.h>.
+
+ * pkcs10.asn1: PKCS#10
+
+ * hxtool.c (pkcs10_print): new function.
+
+ * test_chain.in: test ocsp keyhash
+
+ * data: generate ocsp keyhash version too
+
+ * revoke.c (load_ocsp): test that we got back a BasicReponse
+
+ * ocsp.asn1: Add asn1_id_pkix_ocsp*.
+
+ * Makefile.am: Add asn1_id_pkix_ocsp*.
+
+ * cert.c: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
+
+ * hx_locl.h: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
+
+ * revoke.c: Support OCSPResponderID.byKey, indent.
+
+ * revoke.c (hx509_ocsp_request): Add nonce to ocsp request.
+
+ * hxtool.c: Add nonce to ocsp request.
+
+ * test_chain.in: Added crl tests
+
+ * data/nist-data: rename missing-crl to missing-revoke
+
+ * data: make ca use openssl ca command so we can add ocsp tests,
+ and regen certs
+
+ * test_chain.in: Add revoked ocsp cert test
+
+ * cert.c: rename missing-crl to missing-revoke
+
+ * revoke.c: refactor code, fix a un-init-ed variable
+
+ * test_chain.in: rename missing-crl to missing-revoke add ocsp
+ tests
+
+ * test_cms.in: rename missing-crl to missing-revoke
+
+ * hxtool.c: rename missing-crl to missing-revoke
+
+ * hxtool-commands.in: rename missing-crl to missing-revoke
+
+ * revoke.c: Plug one memory leak.
+
+ * revoke.c: Renamed generic CRL related errors.
+
+ * hx509_err.et: Comments and renamed generic CRL related errors
+
+ * revoke.c: Add ocsp checker.
+
+ * ocsp.asn1: Add id-kp-OCSPSigning
+
+ * hxtool-commands.in: add url-path argument to ocsp-fetch
+
+ * hxtool.c: implement ocsp-fetch
+
+ * cert.c: Use HX509_DEFAULT_OCSP_TIME_DIFF.
+
+ * hx_locl.h: Add ocsp_time_diff to hx509_context
+
+ * crypto.c (_hx509_verify_signature_bitstring): new function,
+ commonly use when checking certificates
+
+ * cms.c (hx509_cms_envelope_1): check for internal ASN.1 encoder
+ error
+
+ * cert.c: Add ocsp glue, use new
+ _hx509_verify_signature_bitstring, add eku checking function.
+
+2006-03-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add id_kp_OCSPSigning.x
+
+ * revoke.c: Pick out certs in ocsp response
+
+ * TODO: list of stuff to verify
+
+ * revoke.c: Add code to load OCSPBasicOCSPResponse files, reload
+ crl when its changed on disk.
+
+ * cert.c: Update for ocsp merge. handle building path w/o
+ subject (using subject key id)
+
+ * ks_p12.c: _hx509_map_file changed prototype.
+
+ * file.c: _hx509_map_file changed prototype, returns struct stat
+ if requested.
+
+ * ks_file.c: _hx509_map_file changed prototype.
+
+ * hxtool.c: Add stub for ocsp-fetch, _hx509_map_file changed
+ prototype, add ocsp parsing to verify command.
+
+ * hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to
+ HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue
+
+2006-03-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hx_locl.h: Add <krb5-types.h> to make it compile on Solaris,
+ from Alex V. Labuta.
+
+2006-03-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c (_hx509_pbe_decrypt): try all passwords, not just the
+ first one.
+
+2006-03-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c (check_altName): Print the othername oid.
+
+ * crypto.c: Manual page claims RSA_public_decrypt will return -1
+ on error, lets check for that
+
+ * crypto.c (_hx509_pbe_decrypt): also try the empty password
+
+ * collector.c (match_localkeyid): no need to add back the cert to
+ the cert pool, its already there.
+
+ * crypto.c: Add REQUIRE_SIGNER
+
+ * cert.c (hx509_cert_free): ok to free NULL
+
+ * hx509_err.et: Add new error code SIGNATURE_WITHOUT_SIGNER.
+
+ * name.c (_hx509_name_ds_cmp): make DirectoryString case
+ insenstive
+ (hx509_name_to_string): less spacing
+
+ * cms.c: Check for signature error, check consitency of error
+
+2006-03-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * collector.c (_hx509_collector_alloc): handle errors
+
+ * cert.c (hx509_query_alloc): allocate slight more more then a
+ sizeof(pointer)
+
+ * crypto.c (_hx509_private_key_assign_key_file): ask for password
+ if nothing matches.
+
+ * cert.c: Expose more of the hx509_query interface.
+
+ * collector.c: hx509_certs_find is now exposed.
+
+ * cms.c: hx509_certs_find is now exposed.
+
+ * revoke.c: hx509_certs_find is now exposed.
+
+ * keyset.c (hx509_certs_free): allow free-ing NULL
+ (hx509_certs_find): expose
+ (hx509_get_one_cert): new function
+
+ * hxtool.c: hx509_certs_find is now exposed.
+
+ * hx_locl.h: Remove hx509_query, its exposed now.
+
+ * hx509.h: Add hx509_query.
+
+2006-02-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c: Add exceptions for null (empty) subjectNames
+
+ * data/nist-data: Add some more name constraints tests.
+
+ * data/nist-data: Add some of the test from 4.13 Name Constraints.
+
+ * cert.c: Name constraits needs to be evaluated in block as they
+ appear in the certificates, they can not be joined to one
+ list. One example of this is:
+
+ - cert is cn=foo,dc=bar,dc=baz
+ - subca is dc=foo,dc=baz with name restriction dc=kaka,dc=baz
+ - ca is dc=baz with name restriction dc=baz
+
+ If the name restrictions are merged to a list, the certificate
+ will pass this test.
+
+2006-02-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c: Handle more name constraints cases.
+
+ * crypto.c (dsa_verify_signature): if test if malloc failed
+
+2006-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: Drop partial pkcs12 string2key implementation.
+
+2006-01-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * data/nist-data: Add commited out DSA tests (they fail).
+
+ * data/nist-data: Add 4.2 Validity Periods.
+
+ * test_nist.in: Make less verbose to use.
+
+ * Makefile.am: Add test_nist_cert.
+
+ * data/nist-data: Add some more CRL-tests.
+
+ * test_nist.in: Print $id instead of . when running the tests.
+
+ * test_nist.in: Drop verifying certifiates, its done in another
+ test now.
+
+ * data/nist-data: fixup kill-rectangle leftovers
+
+ * data/nist-data: Drop verifying certifiates, its done in another
+ test now. Add more crl tests. comment out all unused tests.
+
+ * test_nist_cert.in: test parse all nist certs
+
+2006-01-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION.
+
+ * revoke.c: Check for unknown extentions in CRLs and CRLEntries.
+
+ * test_nist.in: Parse new format to handle CRL info.
+
+ * test_chain.in: Add --missing-crl.
+
+ * name.c (hx509_unparse_der_name): Rename from hx509_parse_name.
+ (_hx509_unparse_Name): Add.
+
+ * hxtool-commands.in: Add --missing-crl to verify commands.
+
+ * hx509_err.et: Add CRL errors.
+
+ * cert.c (hx509_context_set_missing_crl): new function Add CRL
+ handling.
+
+ * hx_locl.h: Add HX509_CTX_CRL_MISSING_OK.
+
+ * revoke.c: Parse and verify CRLs (simplistic).
+
+ * hxtool.c: Parse CRL info.
+
+ * data/nist-data: Change format so we can deal with CRLs, also
+ note the test-id from PKITS.
+
+ * data: regenerate test
+
+ * data/gen-req.sh: use static-file to generate tests
+
+ * data/static-file: new file to use for commited tests
+
+ * test_cms.in: Use static file, add --missing-crl.
+
+2006-01-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c: Its cRLReason, not cRLReasons.
+
+ * hxtool.c: Attach revoke context to verify context.
+
+ * data/nist-data: change syntax to make match better with crl
+ checks
+
+ * cert.c: Verify no certificates has been revoked with the new
+ revoke interface.
+
+ * Makefile.am: libhx509_la_SOURCES += revoke.c
+
+ * revoke.c: Add framework for handling CRLs.
+
+ * hx509.h: Add hx509_revoke_ctx.
+
+2006-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * delete crypto_headers.h, use global file instead.
+
+ * crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen
+
+2006-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto_headers.h: Need BN_is_negative too.
+
+2006-01-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide
+ it. PKCS11 can't do public_decrypt, it support verify though. All
+ this doesn't matter, since the code never go though this path.
+
+ * crypto_headers.h: Provide glue to compile with less warnings
+ with OpenSSL
+
+2006-01-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Depend on LIB_des
+
+ * lock.c: Use "crypto_headers.h".
+
+ * crypto_headers.h: Include the two diffrent implementation of
+ crypto headers.
+
+ * cert.c: Use "crypto-headers.h". Load ENGINE configuration.
+
+ * crypto.c: Make compile with both OpenSSL and heimdal libdes.
+
+ * ks_p11.c: Add code for public key decryption (not supported yet)
+ and use "crypto-headers.h".
+
+
+2006-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add a hx509_context where we can store configuration
+
+ * p11.c,Makefile.am: pkcs11 is now supported by library, remove
+ old files.
+
+ * ks_p11.c: more paranoid on refcount, set refcounter ealier,
+ reset pointers after free
+
+ * collector.c (struct private_key): remove temporary key data
+ storage, convert directly to a key
+ (match_localkeyid): match certificate and key using localkeyid
+ (match_keys): match certificate and key using _hx509_match_keys
+ (_hx509_collector_collect): rewrite to use match_keys and
+ match_localkeyid
+
+ * crypto.c (_hx509_match_keys): function that determins if a
+ private key matches a certificate, used when there is no
+ localkeyid.
+ (*) reset free pointer
+
+ * ks_file.c: Rewrite to use collector and mapping support
+ function.
+
+ * ks_p11.c (rsa_pkcs1_method): constify
+
+ * ks_p11.c: drop extra wrapping of p11_init
+
+ * crypto.c (_hx509_private_key_assign_key_file): use function to
+ extact rsa key
+
+ * cert.c: Revert previous, refcounter is unsigned, so it can never
+ be negative.
+
+ * cert.c (hx509_cert_ref): more refcount paranoia
+
+ * ks_p11.c: Implement rsa_private_decrypt and add stubs for public
+ ditto.
+
+ * ks_p11.c: Less printf, less memory leaks.
+
+ * ks_p11.c: Implement signing using pkcs11.
+
+ * ks_p11.c: Partly assign private key, enough to complete
+ collection, but not any crypto functionallity.
+
+ * collector.c: Use hx509_private_key to assign private keys.
+
+ * crypto.c: Remove most of the EVP_PKEY code, and use RSA
+ directly, this temporary removes DSA support.
+
+ * hxtool.c (print_f): print if there is a friendly name and if
+ there is a private key
+
+2006-01-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * name.c: Avoid warning from missing __attribute__((noreturn))
+
+ * lock.c (_hx509_lock_unlock_certs): return unlock certificates
+
+ * crypto.c (_hx509_private_key_assign_ptr): new function, exposes
+ EVP_PKEY
+ (_hx509_private_key_assign_key_file): remember to free private key
+ if there is one.
+
+ * cert.c (_hx509_abort): add newline to output and flush stdout
+
+ * Makefile.am: libhx509_la_SOURCES += collector.c
+
+ * hx_locl.h: forward type declaration of struct hx509_collector.
+
+ * collector.c: Support functions to collect certificates and
+ private keys and then match them.
+
+ * ks_p12.c: Use the new hx509_collector support functions.
+
+ * ks_p11.c: Add enough glue to support certificate iteration.
+
+ * test_nist_pkcs12.in: Less verbose.
+
+ * cert.c (hx509_cert_free): if there is a private key assosited
+ with this cert, free it
+
+ * print.c: Use _hx509_abort.
+
+ * ks_p12.c: Use _hx509_abort.
+
+ * hxtool.c: Use _hx509_abort.
+
+ * crypto.c: Use _hx509_abort.
+
+ * cms.c: Use _hx509_abort.
+
+ * cert.c: Use _hx509_abort.
+
+ * name.c: use _hx509_abort
+
+2006-01-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * name.c (hx509_name_to_string): don't cut bmpString in half.
+
+ * name.c (hx509_name_to_string): don't overwrite with 1 byte with
+ bmpString.
+
+ * ks_file.c (parse_certificate): avoid stomping before array
+
+ * name.c (oidtostring): avoid leaking memory
+
+ * keyset.c: Add _hx509_ks_dir_register.
+
+ * Makefile.am (libhx509_la_SOURCES): += ks_dir.c
+
+ * hxtool-commands.in: Remove pkcs11.
+
+ * hxtool.c: Remove pcert_pkcs11.
+
+ * ks_file.c: Factor out certificate parsing code.
+
+ * ks_dir.c: Add new keystore that treats all files in a directory
+ a keystore, useful for regression tests.
+
+2005-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_nist_pkcs12.in: Test parse PKCS12 files from NIST.
+
+ * data/nist-data: Can handle DSA certificate.
+
+ * hxtool.c: Print error code on failure.
+
+2005-10-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * crypto.c: Support DSA signature operations.
+
+2005-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print.c: Validate that issuerAltName and subjectAltName isn't
+ empty.
+
+2005-09-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * p11.c: Cast to unsigned char to avoid warning.
+
+ * keyset.c: Register pkcs11 module.
+
+ * Makefile.am: Add ks_p11.c, install hxtool.
+
+ * ks_p11.c: Starting point of a pkcs11 module.
+
+2005-09-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * lock.c: Implement prompter.
+
+ * hxtool-commands.in: add --content to print
+
+ * hxtool.c: Split verify and print.
+
+ * cms.c: _hx509_pbe_decrypt now takes a hx509_lock.
+
+ * crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround
+ for empty password.
+
+ * name.c: Add DC, handle all Directory strings, fix signless
+ problems.
+
+2005-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_query.in: Pass in --pass to all commands.
+
+ * hxtool.c: Use option --pass.
+
+ * hxtool-commands.in: Add --pass to all commands.
+
+ * hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER
+
+ * test_cms.in: pass in password to cms-create-sd
+
+ * crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k
+ later. Avoid signess warnings with OpenSSL.
+
+ * cms.c: Use void * instead of char * for to avoid signedness
+ issues
+
+ * cert.c (hx509_cert_get_attribute): remove const, its not
+
+ * ks_p12.c: Cast size_t to unsigned long when print.
+
+ * name.c: Fix signedness warning.
+
+ * test_query.in: Use echo, the function check isn't defined here.
+
+2005-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool-commands.in: Add more options that was missing.
+
+2005-07-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_cms.in: Use --certificate= for enveloped/unenvelope.
+
+ * hxtool.c: Use --certificate= for enveloped/unenvelope. Clean
+ up.
+
+ * test_cms.in: add EnvelopeData tests
+
+ * hxtool.c: use id-envelopedData for ContentInfo
+
+ * hxtool-commands.in: add contentinfo wrapping for create/unwrap
+ enveloped data
+
+ * hxtool.c: add contentinfo wrapping for create/unwrap enveloped
+ data
+
+ * data/gen-req.sh: add enveloped data (aes128)
+
+ * crypto.c: add "new" RC2 oid
+
+2005-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows
+ caller to match by function, note that this doesn't not work
+ directly for backends that implements ->query, they must do their
+ own processing. (I'm running out of flags, only 12 left now)
+
+ * test_cms.in: verify ContentInfo wrapping code in hxtool
+
+ * hxtool-commands.in (cms_create_sd): support wrapping in content
+ info spelling
+
+ * hxtool.c (cms_create_sd): support wrapping in content info
+
+ * test_cms.in: test more cms signeddata messages
+
+ * data/gen-req.sh: generate SignedData
+
+ * hxtool.c (cms_create_sd): support certificate store, add support
+ to unwrap a ContentInfo the SignedData inside.
+
+ * crypto.c: sprinkel rk_UNCONST
+
+ * crypto.c: add DER NULL to the digest oid's
+
+ * hxtool-commands.in: add --content-info to cms-verify-sd
+
+ * cms.c (hx509_cms_create_signed_1): pass in a full
+ AlgorithmIdentifier instead of heim_oid for digest_alg
+
+ * crypto.c: make digest_alg a digest_oid, it's not needed right
+ now
+
+ * hx509_err.et: add CERT_NOT_FOUND
+
+ * keyset.c (_hx509_certs_find): add error code for cert not
+ found
+
+ * cms.c (hx509_cms_verify_signed): add external store of
+ certificates, use the right digest algorithm identifier.
+
+ * cert.c: fix const warning
+
+ * ks_p12.c: slightly less verbose
+
+ * cert.c: add hx509_cert_find_subjectAltName_otherName, add
+ HX509_QUERY_MATCH_FRIENDLY_NAME
+
+ * hx509.h: add hx509_octet_string_list, remove bad comment
+
+ * hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME
+
+ * keyset.c (hx509_certs_append): needs a hx509_lock, add one
+
+ * Makefile.am: add test cases tempfiles to CLEANFILES
+
+ * Makefile.am: add test_query to TESTS, fix dependency on hxtool
+ sources on hxtool-commands.h
+
+ * hxtool-commands.in: explain what signer is for create-sd
+
+ * hxtool.c: add query, add more options to verify-sd and create-sd
+
+ * test_cms.in: add more cms tests
+
+ * hxtool-commands.in: add query, add more options to verify-sd
+
+ * test_query.in: test query interface
+
+ * data: fix filenames for ds/ke files, add pkcs12 files, regen
+
+ * hxtool.c,Makefile.am,hxtool-commands.in: switch to slc
+
+2005-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cert.c (hx509_verify_destroy_ctx): add
+
+ * hxtool.c: free hx509_verify_ctx
+
+ * name.c (_hx509_name_ds_cmp): make sure all strings are not equal
+
+2005-07-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hxtool.c: return error
+
+ * keyset.c: return errors from iterations
+
+ * test_chain.in: clean up checks
+
+ * ks_file.c (parse_certificate): return errno's not 1 in case of
+ error
+
+ * ks_file.c (file_iter): make sure endpointer is NULL
+
+ * ks_mem.c (mem_iter): follow conversion and return NULL when we
+ get to the end, not ENOENT.
+
+ * Makefile.am: test_chain depends on hxtool
+
+ * data: test certs that lasts 10 years
+
+ * data/gen-req.sh: script to generate test certs
+
+ * Makefile.am: Add regression tests.
+
+ * data: test certificate and keys
+
+ * test_chain.in: test chain
+
+ * hxtool.c (cms_create_sd): add KU digitalSigature as a
+ requirement to the query
+
+ * hx_locl.h: add KeyUsage query bits
+
+ * hx509_err.et: add KeyUsage error
+
+ * cms.c: add checks for KeyUsage
+
+ * cert.c: more checks on KeyUsage, allow to query on them too
+
+2005-07-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * cms.c: Add missing break.
+
+ * hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId
+
+ * hxtool.c: Use _hx509_map_file, _hx509_unmap_file and
+ _hx509_write_file.
+
+ * file.c (_hx509_write_file): in case of write error, return errno
+
+ * file.c (_hx509_write_file): add a function that write a data
+ blob to disk too
+
+ * Fix id-tags
+
+ * Import mostly complete X.509 and CMS library. Handles, PEM, DER,
+ PKCS12 encoded certicates. Verificate RSA chains and handled
+ CMS's SignedData, and EnvelopedData.
+
+
Added: vendor-crypto/heimdal/dist/lib/hx509/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,388 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libhx509.la
+libhx509_la_LDFLAGS = -version-info 3:0:0
+
+BUILT_SOURCES = \
+ $(gen_files_ocsp:.x=.c) \
+ $(gen_files_pkcs10:.x=.c) \
+ hx509_err.c \
+ hx509_err.h
+
+gen_files_ocsp = \
+ asn1_OCSPBasicOCSPResponse.x \
+ asn1_OCSPCertID.x \
+ asn1_OCSPCertStatus.x \
+ asn1_OCSPInnerRequest.x \
+ asn1_OCSPKeyHash.x \
+ asn1_OCSPRequest.x \
+ asn1_OCSPResponderID.x \
+ asn1_OCSPResponse.x \
+ asn1_OCSPResponseBytes.x \
+ asn1_OCSPResponseData.x \
+ asn1_OCSPResponseStatus.x \
+ asn1_OCSPSignature.x \
+ asn1_OCSPSingleResponse.x \
+ asn1_OCSPTBSRequest.x \
+ asn1_OCSPVersion.x \
+ asn1_id_pkix_ocsp.x \
+ asn1_id_pkix_ocsp_basic.x \
+ asn1_id_pkix_ocsp_nonce.x
+
+gen_files_pkcs10 = \
+ asn1_CertificationRequestInfo.x \
+ asn1_CertificationRequest.x
+
+gen_files_crmf = \
+ asn1_CRMFRDNSequence.x \
+ asn1_CertReqMessages.x \
+ asn1_CertReqMsg.x \
+ asn1_CertRequest.x \
+ asn1_CertTemplate.x \
+ asn1_Controls.x \
+ asn1_PBMParameter.x \
+ asn1_PKMACValue.x \
+ asn1_POPOPrivKey.x \
+ asn1_POPOSigningKey.x \
+ asn1_POPOSigningKeyInput.x \
+ asn1_ProofOfPossession.x \
+ asn1_SubsequentMessage.x
+
+dist_libhx509_la_SOURCES = \
+ ca.c \
+ cert.c \
+ cms.c \
+ collector.c \
+ crypto.c \
+ doxygen.c \
+ error.c \
+ env.c \
+ file.c \
+ hx509-private.h \
+ hx509-protos.h \
+ hx509.h \
+ hx_locl.h \
+ keyset.c \
+ ks_dir.c \
+ ks_file.c \
+ ks_mem.c \
+ ks_null.c \
+ ks_p11.c \
+ ks_p12.c \
+ ks_keychain.c \
+ lock.c \
+ name.c \
+ peer.c \
+ print.c \
+ softp11.c \
+ ref/pkcs11.h \
+ req.c \
+ revoke.c
+
+libhx509_la_LIBADD = \
+ $(LIB_com_err) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIBADD_roken) \
+ $(LIB_dlopen)
+
+if FRAMEWORK_SECURITY
+libhx509_la_LDFLAGS += -framework Security -framework CoreFoundation
+endif
+
+if versionscript
+libhx509_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+$(libhx509_la_OBJECTS): $(srcdir)/version-script.map
+
+libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto)
+nodist_libhx509_la_SOURCES = $(BUILT_SOURCES)
+
+$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files
+$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files
+$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files
+
+asn1_compile = ../asn1/asn1_compile$(EXEEXT)
+
+ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1
+ $(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1)
+
+pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1
+ $(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1)
+
+crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1
+ $(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
+
+$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h
+
+$(srcdir)/hx509-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
+
+$(srcdir)/hx509-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h
+
+dist_include_HEADERS = hx509.h hx509-protos.h
+nodist_include_HEADERS = hx509_err.h
+
+SLC = $(top_builddir)/lib/sl/slc
+
+bin_PROGRAMS = hxtool
+
+hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
+ $(SLC) $(srcdir)/hxtool-commands.in
+
+dist_hxtool_SOURCES = hxtool.c
+nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
+
+$(hxtool_OBJECTS): hxtool-commands.h
+
+hxtool_CPPFLAGS = $(INCLUDE_hcrypto)
+hxtool_LDADD = \
+ libhx509.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(top_builddir)/lib/sl/libsl.la
+
+CLEANFILES = $(BUILT_SOURCES) \
+ $(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \
+ $(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \
+ $(gen_files_crmf) crmf_asn1_files crmf_asn1.h \
+ $(TESTS) \
+ hxtool-commands.c hxtool-commands.h *.tmp \
+ request.out \
+ out.pem out2.pem \
+ sd.data sd.data.out \
+ ev.data ev.data.out \
+ cert-null.pem cert-sub-ca2.pem \
+ cert-ee.pem cert-ca.pem \
+ cert-sub-ee.pem cert-sub-ca.pem \
+ cert-proxy.der cert-ca.der cert-ee.der pkcs10-request.der \
+ wca.pem wuser.pem wdc.pem wcrl.crl \
+ random-data statfile crl.crl \
+ test p11dbg.log pkcs11.cfg \
+ test-rc-file.rc
+
+clean-local:
+ @echo "cleaning PKITS" ; rm -rf PKITS_data
+
+#
+# regression tests
+#
+
+check_SCRIPTS = $(SCRIPT_TESTS)
+check_PROGRAMS = $(PROGRAM_TESTS) test_soft_pkcs11
+
+LDADD = libhx509.la
+
+test_soft_pkcs11_LDADD = libhx509.la
+test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref
+
+TESTS = $(SCRIPT_TESTS) $(PROGRAM_TESTS)
+
+PROGRAM_TESTS = \
+ test_name
+
+SCRIPT_TESTS = \
+ test_ca \
+ test_cert \
+ test_chain \
+ test_cms \
+ test_crypto \
+ test_nist \
+ test_nist2 \
+ test_pkcs11 \
+ test_java_pkcs11 \
+ test_nist_cert \
+ test_nist_pkcs12 \
+ test_req \
+ test_windows \
+ test_query
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g'
+
+test_ca: test_ca.in Makefile
+ $(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp
+ chmod +x test_ca.tmp
+ mv test_ca.tmp test_ca
+
+test_cert: test_cert.in Makefile
+ $(do_subst) < $(srcdir)/test_cert.in > test_cert.tmp
+ chmod +x test_cert.tmp
+ mv test_cert.tmp test_cert
+
+test_chain: test_chain.in Makefile
+ $(do_subst) < $(srcdir)/test_chain.in > test_chain.tmp
+ chmod +x test_chain.tmp
+ mv test_chain.tmp test_chain
+
+test_cms: test_cms.in Makefile
+ $(do_subst) < $(srcdir)/test_cms.in > test_cms.tmp
+ chmod +x test_cms.tmp
+ mv test_cms.tmp test_cms
+
+test_crypto: test_crypto.in Makefile
+ $(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
+ chmod +x test_crypto.tmp
+ mv test_crypto.tmp test_crypto
+
+test_nist: test_nist.in Makefile
+ $(do_subst) < $(srcdir)/test_nist.in > test_nist.tmp
+ chmod +x test_nist.tmp
+ mv test_nist.tmp test_nist
+
+test_nist2: test_nist2.in Makefile
+ $(do_subst) < $(srcdir)/test_nist2.in > test_nist2.tmp
+ chmod +x test_nist2.tmp
+ mv test_nist2.tmp test_nist2
+
+test_pkcs11: test_pkcs11.in Makefile
+ $(do_subst) < $(srcdir)/test_pkcs11.in > test_pkcs11.tmp
+ chmod +x test_pkcs11.tmp
+ mv test_pkcs11.tmp test_pkcs11
+
+test_java_pkcs11: test_java_pkcs11.in Makefile
+ $(do_subst) < $(srcdir)/test_java_pkcs11.in > test_java_pkcs11.tmp
+ chmod +x test_java_pkcs11.tmp
+ mv test_java_pkcs11.tmp test_java_pkcs11
+
+test_nist_cert: test_nist_cert.in Makefile
+ $(do_subst) < $(srcdir)/test_nist_cert.in > test_nist_cert.tmp
+ chmod +x test_nist_cert.tmp
+ mv test_nist_cert.tmp test_nist_cert
+
+test_nist_pkcs12: test_nist_pkcs12.in Makefile
+ $(do_subst) < $(srcdir)/test_nist_pkcs12.in > test_nist_pkcs12.tmp
+ chmod +x test_nist_pkcs12.tmp
+ mv test_nist_pkcs12.tmp test_nist_pkcs12
+
+test_req: test_req.in Makefile
+ $(do_subst) < $(srcdir)/test_req.in > test_req.tmp
+ chmod +x test_req.tmp
+ mv test_req.tmp test_req
+
+test_windows: test_windows.in Makefile
+ $(do_subst) < $(srcdir)/test_windows.in > test_windows.tmp
+ chmod +x test_windows.tmp
+ mv test_windows.tmp test_windows
+
+test_query: test_query.in Makefile
+ $(do_subst) < $(srcdir)/test_query.in > test_query.tmp
+ chmod +x test_query.tmp
+ mv test_query.tmp test_query
+
+EXTRA_DIST = \
+ version-script.map \
+ crmf.asn1 \
+ data/bleichenbacher-bad.pem \
+ hx509_err.et \
+ hxtool-commands.in \
+ ocsp.asn1 \
+ pkcs10.asn1 \
+ test_ca.in \
+ test_chain.in \
+ test_cert.in \
+ test_cms.in \
+ test_crypto.in \
+ test_nist.in \
+ test_nist2.in \
+ test_nist_cert.in \
+ test_nist_pkcs12.in \
+ test_pkcs11.in \
+ test_java_pkcs11.in \
+ test_query.in \
+ test_req.in \
+ test_windows.in \
+ tst-crypto-available1 \
+ tst-crypto-available2 \
+ tst-crypto-available3 \
+ tst-crypto-select \
+ tst-crypto-select1 \
+ tst-crypto-select2 \
+ tst-crypto-select3 \
+ tst-crypto-select4 \
+ tst-crypto-select5 \
+ tst-crypto-select6 \
+ tst-crypto-select7 \
+ data/bleichenbacher-good.pem \
+ data/bleichenbacher-sf-pad-correct.pem \
+ data/ca.crt \
+ data/ca.key \
+ data/crl1.crl \
+ data/crl1.der \
+ data/gen-req.sh \
+ data/j.pem \
+ data/kdc.crt \
+ data/kdc.key \
+ data/key.der \
+ data/key2.der \
+ data/nist-data \
+ data/nist-data2 \
+ data/no-proxy-test.crt \
+ data/no-proxy-test.key \
+ data/ocsp-req1.der \
+ data/ocsp-req2.der \
+ data/ocsp-resp1-2.der \
+ data/ocsp-resp1-3.der \
+ data/ocsp-resp1-ca.der \
+ data/ocsp-resp1-keyhash.der \
+ data/ocsp-resp1-ocsp-no-cert.der \
+ data/ocsp-resp1-ocsp.der \
+ data/ocsp-resp1.der \
+ data/ocsp-resp2.der \
+ data/ocsp-responder.crt \
+ data/ocsp-responder.key \
+ data/openssl.cnf \
+ data/pkinit-proxy-chain.crt \
+ data/pkinit-proxy.crt \
+ data/pkinit-proxy.key \
+ data/pkinit-pw.key \
+ data/pkinit.crt \
+ data/pkinit.key \
+ data/proxy-level-test.crt \
+ data/proxy-level-test.key \
+ data/proxy-test.crt \
+ data/proxy-test.key \
+ data/proxy10-child-test.crt \
+ data/proxy10-child-test.key \
+ data/proxy10-child-child-test.crt \
+ data/proxy10-child-child-test.key \
+ data/proxy10-test.crt \
+ data/proxy10-test.key \
+ data/revoke.crt \
+ data/revoke.key \
+ data/sf-class2-root.pem \
+ data/static-file \
+ data/sub-ca.crt \
+ data/sub-ca.key \
+ data/sub-cert.crt \
+ data/sub-cert.key \
+ data/sub-cert.p12 \
+ data/test-ds-only.crt \
+ data/test-ds-only.key \
+ data/test-enveloped-aes-128 \
+ data/test-enveloped-aes-256 \
+ data/test-enveloped-des \
+ data/test-enveloped-des-ede3 \
+ data/test-enveloped-rc2-128 \
+ data/test-enveloped-rc2-40 \
+ data/test-enveloped-rc2-64 \
+ data/test-ke-only.crt \
+ data/test-ke-only.key \
+ data/test-nopw.p12 \
+ data/test-pw.key \
+ data/test-signed-data \
+ data/test-signed-data-noattr \
+ data/test-signed-data-noattr-nocerts \
+ data/test.combined.crt \
+ data/test.crt \
+ data/test.key \
+ data/test.p12 \
+ data/yutaka-pad-broken-ca.pem \
+ data/yutaka-pad-broken-cert.pem \
+ data/yutaka-pad-ok-ca.pem \
+ data/yutaka-pad-ok-cert.pem \
+ data/yutaka-pad.key
Added: vendor-crypto/heimdal/dist/lib/hx509/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1530 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog TODO
+ at FRAMEWORK_SECURITY_TRUE@am__append_1 = -framework Security -framework CoreFoundation
+ at versionscript_TRUE@am__append_2 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+bin_PROGRAMS = hxtool$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1) test_soft_pkcs11$(EXEEXT)
+TESTS = $(SCRIPT_TESTS) $(am__EXEEXT_1)
+subdir = lib/hx509
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libhx509_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+dist_libhx509_la_OBJECTS = libhx509_la-ca.lo libhx509_la-cert.lo \
+ libhx509_la-cms.lo libhx509_la-collector.lo \
+ libhx509_la-crypto.lo libhx509_la-doxygen.lo \
+ libhx509_la-error.lo libhx509_la-env.lo libhx509_la-file.lo \
+ libhx509_la-keyset.lo libhx509_la-ks_dir.lo \
+ libhx509_la-ks_file.lo libhx509_la-ks_mem.lo \
+ libhx509_la-ks_null.lo libhx509_la-ks_p11.lo \
+ libhx509_la-ks_p12.lo libhx509_la-ks_keychain.lo \
+ libhx509_la-lock.lo libhx509_la-name.lo libhx509_la-peer.lo \
+ libhx509_la-print.lo libhx509_la-softp11.lo libhx509_la-req.lo \
+ libhx509_la-revoke.lo
+am__objects_1 = libhx509_la-asn1_OCSPBasicOCSPResponse.lo \
+ libhx509_la-asn1_OCSPCertID.lo \
+ libhx509_la-asn1_OCSPCertStatus.lo \
+ libhx509_la-asn1_OCSPInnerRequest.lo \
+ libhx509_la-asn1_OCSPKeyHash.lo \
+ libhx509_la-asn1_OCSPRequest.lo \
+ libhx509_la-asn1_OCSPResponderID.lo \
+ libhx509_la-asn1_OCSPResponse.lo \
+ libhx509_la-asn1_OCSPResponseBytes.lo \
+ libhx509_la-asn1_OCSPResponseData.lo \
+ libhx509_la-asn1_OCSPResponseStatus.lo \
+ libhx509_la-asn1_OCSPSignature.lo \
+ libhx509_la-asn1_OCSPSingleResponse.lo \
+ libhx509_la-asn1_OCSPTBSRequest.lo \
+ libhx509_la-asn1_OCSPVersion.lo \
+ libhx509_la-asn1_id_pkix_ocsp.lo \
+ libhx509_la-asn1_id_pkix_ocsp_basic.lo \
+ libhx509_la-asn1_id_pkix_ocsp_nonce.lo
+am__objects_2 = libhx509_la-asn1_CertificationRequestInfo.lo \
+ libhx509_la-asn1_CertificationRequest.lo
+am__objects_3 = $(am__objects_1) $(am__objects_2) \
+ libhx509_la-hx509_err.lo
+nodist_libhx509_la_OBJECTS = $(am__objects_3)
+libhx509_la_OBJECTS = $(dist_libhx509_la_OBJECTS) \
+ $(nodist_libhx509_la_OBJECTS)
+libhx509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libhx509_la_LDFLAGS) $(LDFLAGS) -o $@
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+am__EXEEXT_1 = test_name$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS)
+dist_hxtool_OBJECTS = hxtool-hxtool.$(OBJEXT)
+nodist_hxtool_OBJECTS = hxtool-hxtool-commands.$(OBJEXT)
+hxtool_OBJECTS = $(dist_hxtool_OBJECTS) $(nodist_hxtool_OBJECTS)
+hxtool_DEPENDENCIES = libhx509.la $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/sl/libsl.la
+test_name_SOURCES = test_name.c
+test_name_OBJECTS = test_name.$(OBJEXT)
+test_name_LDADD = $(LDADD)
+test_name_DEPENDENCIES = libhx509.la
+test_soft_pkcs11_SOURCES = test_soft_pkcs11.c
+test_soft_pkcs11_OBJECTS = \
+ test_soft_pkcs11-test_soft_pkcs11.$(OBJEXT)
+test_soft_pkcs11_DEPENDENCIES = libhx509.la
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(dist_libhx509_la_SOURCES) $(nodist_libhx509_la_SOURCES) \
+ $(dist_hxtool_SOURCES) $(nodist_hxtool_SOURCES) test_name.c \
+ test_soft_pkcs11.c
+DIST_SOURCES = $(dist_libhx509_la_SOURCES) $(dist_hxtool_SOURCES) \
+ test_name.c test_soft_pkcs11.c
+dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+lib_LTLIBRARIES = libhx509.la
+libhx509_la_LDFLAGS = -version-info 3:0:0 $(am__append_1) \
+ $(am__append_2)
+BUILT_SOURCES = \
+ $(gen_files_ocsp:.x=.c) \
+ $(gen_files_pkcs10:.x=.c) \
+ hx509_err.c \
+ hx509_err.h
+
+gen_files_ocsp = \
+ asn1_OCSPBasicOCSPResponse.x \
+ asn1_OCSPCertID.x \
+ asn1_OCSPCertStatus.x \
+ asn1_OCSPInnerRequest.x \
+ asn1_OCSPKeyHash.x \
+ asn1_OCSPRequest.x \
+ asn1_OCSPResponderID.x \
+ asn1_OCSPResponse.x \
+ asn1_OCSPResponseBytes.x \
+ asn1_OCSPResponseData.x \
+ asn1_OCSPResponseStatus.x \
+ asn1_OCSPSignature.x \
+ asn1_OCSPSingleResponse.x \
+ asn1_OCSPTBSRequest.x \
+ asn1_OCSPVersion.x \
+ asn1_id_pkix_ocsp.x \
+ asn1_id_pkix_ocsp_basic.x \
+ asn1_id_pkix_ocsp_nonce.x
+
+gen_files_pkcs10 = \
+ asn1_CertificationRequestInfo.x \
+ asn1_CertificationRequest.x
+
+gen_files_crmf = \
+ asn1_CRMFRDNSequence.x \
+ asn1_CertReqMessages.x \
+ asn1_CertReqMsg.x \
+ asn1_CertRequest.x \
+ asn1_CertTemplate.x \
+ asn1_Controls.x \
+ asn1_PBMParameter.x \
+ asn1_PKMACValue.x \
+ asn1_POPOPrivKey.x \
+ asn1_POPOSigningKey.x \
+ asn1_POPOSigningKeyInput.x \
+ asn1_ProofOfPossession.x \
+ asn1_SubsequentMessage.x
+
+dist_libhx509_la_SOURCES = \
+ ca.c \
+ cert.c \
+ cms.c \
+ collector.c \
+ crypto.c \
+ doxygen.c \
+ error.c \
+ env.c \
+ file.c \
+ hx509-private.h \
+ hx509-protos.h \
+ hx509.h \
+ hx_locl.h \
+ keyset.c \
+ ks_dir.c \
+ ks_file.c \
+ ks_mem.c \
+ ks_null.c \
+ ks_p11.c \
+ ks_p12.c \
+ ks_keychain.c \
+ lock.c \
+ name.c \
+ peer.c \
+ print.c \
+ softp11.c \
+ ref/pkcs11.h \
+ req.c \
+ revoke.c
+
+libhx509_la_LIBADD = \
+ $(LIB_com_err) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIBADD_roken) \
+ $(LIB_dlopen)
+
+libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto)
+nodist_libhx509_la_SOURCES = $(BUILT_SOURCES)
+asn1_compile = ../asn1/asn1_compile$(EXEEXT)
+dist_include_HEADERS = hx509.h hx509-protos.h
+nodist_include_HEADERS = hx509_err.h
+SLC = $(top_builddir)/lib/sl/slc
+dist_hxtool_SOURCES = hxtool.c
+nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h
+hxtool_CPPFLAGS = $(INCLUDE_hcrypto)
+hxtool_LDADD = \
+ libhx509.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(top_builddir)/lib/sl/libsl.la
+
+CLEANFILES = $(BUILT_SOURCES) \
+ $(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \
+ $(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \
+ $(gen_files_crmf) crmf_asn1_files crmf_asn1.h \
+ $(TESTS) \
+ hxtool-commands.c hxtool-commands.h *.tmp \
+ request.out \
+ out.pem out2.pem \
+ sd.data sd.data.out \
+ ev.data ev.data.out \
+ cert-null.pem cert-sub-ca2.pem \
+ cert-ee.pem cert-ca.pem \
+ cert-sub-ee.pem cert-sub-ca.pem \
+ cert-proxy.der cert-ca.der cert-ee.der pkcs10-request.der \
+ wca.pem wuser.pem wdc.pem wcrl.crl \
+ random-data statfile crl.crl \
+ test p11dbg.log pkcs11.cfg \
+ test-rc-file.rc
+
+
+#
+# regression tests
+#
+check_SCRIPTS = $(SCRIPT_TESTS)
+LDADD = libhx509.la
+test_soft_pkcs11_LDADD = libhx509.la
+test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref
+PROGRAM_TESTS = \
+ test_name
+
+SCRIPT_TESTS = \
+ test_ca \
+ test_cert \
+ test_chain \
+ test_cms \
+ test_crypto \
+ test_nist \
+ test_nist2 \
+ test_pkcs11 \
+ test_java_pkcs11 \
+ test_nist_cert \
+ test_nist_pkcs12 \
+ test_req \
+ test_windows \
+ test_query
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g'
+
+EXTRA_DIST = \
+ version-script.map \
+ crmf.asn1 \
+ data/bleichenbacher-bad.pem \
+ hx509_err.et \
+ hxtool-commands.in \
+ ocsp.asn1 \
+ pkcs10.asn1 \
+ test_ca.in \
+ test_chain.in \
+ test_cert.in \
+ test_cms.in \
+ test_crypto.in \
+ test_nist.in \
+ test_nist2.in \
+ test_nist_cert.in \
+ test_nist_pkcs12.in \
+ test_pkcs11.in \
+ test_java_pkcs11.in \
+ test_query.in \
+ test_req.in \
+ test_windows.in \
+ tst-crypto-available1 \
+ tst-crypto-available2 \
+ tst-crypto-available3 \
+ tst-crypto-select \
+ tst-crypto-select1 \
+ tst-crypto-select2 \
+ tst-crypto-select3 \
+ tst-crypto-select4 \
+ tst-crypto-select5 \
+ tst-crypto-select6 \
+ tst-crypto-select7 \
+ data/bleichenbacher-good.pem \
+ data/bleichenbacher-sf-pad-correct.pem \
+ data/ca.crt \
+ data/ca.key \
+ data/crl1.crl \
+ data/crl1.der \
+ data/gen-req.sh \
+ data/j.pem \
+ data/kdc.crt \
+ data/kdc.key \
+ data/key.der \
+ data/key2.der \
+ data/nist-data \
+ data/nist-data2 \
+ data/no-proxy-test.crt \
+ data/no-proxy-test.key \
+ data/ocsp-req1.der \
+ data/ocsp-req2.der \
+ data/ocsp-resp1-2.der \
+ data/ocsp-resp1-3.der \
+ data/ocsp-resp1-ca.der \
+ data/ocsp-resp1-keyhash.der \
+ data/ocsp-resp1-ocsp-no-cert.der \
+ data/ocsp-resp1-ocsp.der \
+ data/ocsp-resp1.der \
+ data/ocsp-resp2.der \
+ data/ocsp-responder.crt \
+ data/ocsp-responder.key \
+ data/openssl.cnf \
+ data/pkinit-proxy-chain.crt \
+ data/pkinit-proxy.crt \
+ data/pkinit-proxy.key \
+ data/pkinit-pw.key \
+ data/pkinit.crt \
+ data/pkinit.key \
+ data/proxy-level-test.crt \
+ data/proxy-level-test.key \
+ data/proxy-test.crt \
+ data/proxy-test.key \
+ data/proxy10-child-test.crt \
+ data/proxy10-child-test.key \
+ data/proxy10-child-child-test.crt \
+ data/proxy10-child-child-test.key \
+ data/proxy10-test.crt \
+ data/proxy10-test.key \
+ data/revoke.crt \
+ data/revoke.key \
+ data/sf-class2-root.pem \
+ data/static-file \
+ data/sub-ca.crt \
+ data/sub-ca.key \
+ data/sub-cert.crt \
+ data/sub-cert.key \
+ data/sub-cert.p12 \
+ data/test-ds-only.crt \
+ data/test-ds-only.key \
+ data/test-enveloped-aes-128 \
+ data/test-enveloped-aes-256 \
+ data/test-enveloped-des \
+ data/test-enveloped-des-ede3 \
+ data/test-enveloped-rc2-128 \
+ data/test-enveloped-rc2-40 \
+ data/test-enveloped-rc2-64 \
+ data/test-ke-only.crt \
+ data/test-ke-only.key \
+ data/test-nopw.p12 \
+ data/test-pw.key \
+ data/test-signed-data \
+ data/test-signed-data-noattr \
+ data/test-signed-data-noattr-nocerts \
+ data/test.combined.crt \
+ data/test.crt \
+ data/test.key \
+ data/test.p12 \
+ data/yutaka-pad-broken-ca.pem \
+ data/yutaka-pad-broken-cert.pem \
+ data/yutaka-pad-ok-ca.pem \
+ data/yutaka-pad-ok-cert.pem \
+ data/yutaka-pad.key
+
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/hx509/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/hx509/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libhx509.la: $(libhx509_la_OBJECTS) $(libhx509_la_DEPENDENCIES)
+ $(libhx509_la_LINK) -rpath $(libdir) $(libhx509_la_OBJECTS) $(libhx509_la_LIBADD) $(LIBS)
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+hxtool$(EXEEXT): $(hxtool_OBJECTS) $(hxtool_DEPENDENCIES)
+ @rm -f hxtool$(EXEEXT)
+ $(LINK) $(hxtool_OBJECTS) $(hxtool_LDADD) $(LIBS)
+test_name$(EXEEXT): $(test_name_OBJECTS) $(test_name_DEPENDENCIES)
+ @rm -f test_name$(EXEEXT)
+ $(LINK) $(test_name_OBJECTS) $(test_name_LDADD) $(LIBS)
+test_soft_pkcs11$(EXEEXT): $(test_soft_pkcs11_OBJECTS) $(test_soft_pkcs11_DEPENDENCIES)
+ @rm -f test_soft_pkcs11$(EXEEXT)
+ $(LINK) $(test_soft_pkcs11_OBJECTS) $(test_soft_pkcs11_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+libhx509_la-ca.lo: ca.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ca.lo `test -f 'ca.c' || echo '$(srcdir)/'`ca.c
+
+libhx509_la-cert.lo: cert.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cert.lo `test -f 'cert.c' || echo '$(srcdir)/'`cert.c
+
+libhx509_la-cms.lo: cms.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cms.lo `test -f 'cms.c' || echo '$(srcdir)/'`cms.c
+
+libhx509_la-collector.lo: collector.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-collector.lo `test -f 'collector.c' || echo '$(srcdir)/'`collector.c
+
+libhx509_la-crypto.lo: crypto.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libhx509_la-doxygen.lo: doxygen.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c
+
+libhx509_la-error.lo: error.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c
+
+libhx509_la-env.lo: env.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c
+
+libhx509_la-file.lo: file.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
+
+libhx509_la-keyset.lo: keyset.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-keyset.lo `test -f 'keyset.c' || echo '$(srcdir)/'`keyset.c
+
+libhx509_la-ks_dir.lo: ks_dir.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_dir.lo `test -f 'ks_dir.c' || echo '$(srcdir)/'`ks_dir.c
+
+libhx509_la-ks_file.lo: ks_file.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_file.lo `test -f 'ks_file.c' || echo '$(srcdir)/'`ks_file.c
+
+libhx509_la-ks_mem.lo: ks_mem.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_mem.lo `test -f 'ks_mem.c' || echo '$(srcdir)/'`ks_mem.c
+
+libhx509_la-ks_null.lo: ks_null.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_null.lo `test -f 'ks_null.c' || echo '$(srcdir)/'`ks_null.c
+
+libhx509_la-ks_p11.lo: ks_p11.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p11.lo `test -f 'ks_p11.c' || echo '$(srcdir)/'`ks_p11.c
+
+libhx509_la-ks_p12.lo: ks_p12.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p12.lo `test -f 'ks_p12.c' || echo '$(srcdir)/'`ks_p12.c
+
+libhx509_la-ks_keychain.lo: ks_keychain.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_keychain.lo `test -f 'ks_keychain.c' || echo '$(srcdir)/'`ks_keychain.c
+
+libhx509_la-lock.lo: lock.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-lock.lo `test -f 'lock.c' || echo '$(srcdir)/'`lock.c
+
+libhx509_la-name.lo: name.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-name.lo `test -f 'name.c' || echo '$(srcdir)/'`name.c
+
+libhx509_la-peer.lo: peer.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-peer.lo `test -f 'peer.c' || echo '$(srcdir)/'`peer.c
+
+libhx509_la-print.lo: print.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c
+
+libhx509_la-softp11.lo: softp11.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-softp11.lo `test -f 'softp11.c' || echo '$(srcdir)/'`softp11.c
+
+libhx509_la-req.lo: req.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-req.lo `test -f 'req.c' || echo '$(srcdir)/'`req.c
+
+libhx509_la-revoke.lo: revoke.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-revoke.lo `test -f 'revoke.c' || echo '$(srcdir)/'`revoke.c
+
+libhx509_la-asn1_OCSPBasicOCSPResponse.lo: asn1_OCSPBasicOCSPResponse.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPBasicOCSPResponse.lo `test -f 'asn1_OCSPBasicOCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPBasicOCSPResponse.c
+
+libhx509_la-asn1_OCSPCertID.lo: asn1_OCSPCertID.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertID.lo `test -f 'asn1_OCSPCertID.c' || echo '$(srcdir)/'`asn1_OCSPCertID.c
+
+libhx509_la-asn1_OCSPCertStatus.lo: asn1_OCSPCertStatus.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertStatus.lo `test -f 'asn1_OCSPCertStatus.c' || echo '$(srcdir)/'`asn1_OCSPCertStatus.c
+
+libhx509_la-asn1_OCSPInnerRequest.lo: asn1_OCSPInnerRequest.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPInnerRequest.lo `test -f 'asn1_OCSPInnerRequest.c' || echo '$(srcdir)/'`asn1_OCSPInnerRequest.c
+
+libhx509_la-asn1_OCSPKeyHash.lo: asn1_OCSPKeyHash.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPKeyHash.lo `test -f 'asn1_OCSPKeyHash.c' || echo '$(srcdir)/'`asn1_OCSPKeyHash.c
+
+libhx509_la-asn1_OCSPRequest.lo: asn1_OCSPRequest.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPRequest.lo `test -f 'asn1_OCSPRequest.c' || echo '$(srcdir)/'`asn1_OCSPRequest.c
+
+libhx509_la-asn1_OCSPResponderID.lo: asn1_OCSPResponderID.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponderID.lo `test -f 'asn1_OCSPResponderID.c' || echo '$(srcdir)/'`asn1_OCSPResponderID.c
+
+libhx509_la-asn1_OCSPResponse.lo: asn1_OCSPResponse.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponse.lo `test -f 'asn1_OCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPResponse.c
+
+libhx509_la-asn1_OCSPResponseBytes.lo: asn1_OCSPResponseBytes.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseBytes.lo `test -f 'asn1_OCSPResponseBytes.c' || echo '$(srcdir)/'`asn1_OCSPResponseBytes.c
+
+libhx509_la-asn1_OCSPResponseData.lo: asn1_OCSPResponseData.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseData.lo `test -f 'asn1_OCSPResponseData.c' || echo '$(srcdir)/'`asn1_OCSPResponseData.c
+
+libhx509_la-asn1_OCSPResponseStatus.lo: asn1_OCSPResponseStatus.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseStatus.lo `test -f 'asn1_OCSPResponseStatus.c' || echo '$(srcdir)/'`asn1_OCSPResponseStatus.c
+
+libhx509_la-asn1_OCSPSignature.lo: asn1_OCSPSignature.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSignature.lo `test -f 'asn1_OCSPSignature.c' || echo '$(srcdir)/'`asn1_OCSPSignature.c
+
+libhx509_la-asn1_OCSPSingleResponse.lo: asn1_OCSPSingleResponse.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSingleResponse.lo `test -f 'asn1_OCSPSingleResponse.c' || echo '$(srcdir)/'`asn1_OCSPSingleResponse.c
+
+libhx509_la-asn1_OCSPTBSRequest.lo: asn1_OCSPTBSRequest.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPTBSRequest.lo `test -f 'asn1_OCSPTBSRequest.c' || echo '$(srcdir)/'`asn1_OCSPTBSRequest.c
+
+libhx509_la-asn1_OCSPVersion.lo: asn1_OCSPVersion.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPVersion.lo `test -f 'asn1_OCSPVersion.c' || echo '$(srcdir)/'`asn1_OCSPVersion.c
+
+libhx509_la-asn1_id_pkix_ocsp.lo: asn1_id_pkix_ocsp.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp.lo `test -f 'asn1_id_pkix_ocsp.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp.c
+
+libhx509_la-asn1_id_pkix_ocsp_basic.lo: asn1_id_pkix_ocsp_basic.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_basic.lo `test -f 'asn1_id_pkix_ocsp_basic.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_basic.c
+
+libhx509_la-asn1_id_pkix_ocsp_nonce.lo: asn1_id_pkix_ocsp_nonce.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_nonce.lo `test -f 'asn1_id_pkix_ocsp_nonce.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_nonce.c
+
+libhx509_la-asn1_CertificationRequestInfo.lo: asn1_CertificationRequestInfo.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequestInfo.lo `test -f 'asn1_CertificationRequestInfo.c' || echo '$(srcdir)/'`asn1_CertificationRequestInfo.c
+
+libhx509_la-asn1_CertificationRequest.lo: asn1_CertificationRequest.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequest.lo `test -f 'asn1_CertificationRequest.c' || echo '$(srcdir)/'`asn1_CertificationRequest.c
+
+libhx509_la-hx509_err.lo: hx509_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-hx509_err.lo `test -f 'hx509_err.c' || echo '$(srcdir)/'`hx509_err.c
+
+hxtool-hxtool.o: hxtool.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.o `test -f 'hxtool.c' || echo '$(srcdir)/'`hxtool.c
+
+hxtool-hxtool.obj: hxtool.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.obj `if test -f 'hxtool.c'; then $(CYGPATH_W) 'hxtool.c'; else $(CYGPATH_W) '$(srcdir)/hxtool.c'; fi`
+
+hxtool-hxtool-commands.o: hxtool-commands.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.o `test -f 'hxtool-commands.c' || echo '$(srcdir)/'`hxtool-commands.c
+
+hxtool-hxtool-commands.obj: hxtool-commands.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.obj `if test -f 'hxtool-commands.c'; then $(CYGPATH_W) 'hxtool-commands.c'; else $(CYGPATH_W) '$(srcdir)/hxtool-commands.c'; fi`
+
+test_soft_pkcs11-test_soft_pkcs11.o: test_soft_pkcs11.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.o `test -f 'test_soft_pkcs11.c' || echo '$(srcdir)/'`test_soft_pkcs11.c
+
+test_soft_pkcs11-test_soft_pkcs11.obj: test_soft_pkcs11.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.obj `if test -f 'test_soft_pkcs11.c'; then $(CYGPATH_W) 'test_soft_pkcs11.c'; else $(CYGPATH_W) '$(srcdir)/test_soft_pkcs11.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-dist_includeHEADERS: $(dist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-dist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_includeHEADERS \
+ install-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
+ clean-generic clean-libLTLIBRARIES clean-libtool clean-local \
+ ctags dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-data install-data-am install-data-hook \
+ install-dist_includeHEADERS install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man \
+ install-nodist_includeHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-dist_includeHEADERS uninstall-hook \
+ uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+$(libhx509_la_OBJECTS): $(srcdir)/version-script.map
+
+$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files
+$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files
+$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files
+
+ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1
+ $(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1)
+
+pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1
+ $(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1)
+
+crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1
+ $(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1)
+
+$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h
+
+$(srcdir)/hx509-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h
+
+$(srcdir)/hx509-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h
+
+hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC)
+ $(SLC) $(srcdir)/hxtool-commands.in
+
+$(hxtool_OBJECTS): hxtool-commands.h
+
+clean-local:
+ @echo "cleaning PKITS" ; rm -rf PKITS_data
+
+test_ca: test_ca.in Makefile
+ $(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp
+ chmod +x test_ca.tmp
+ mv test_ca.tmp test_ca
+
+test_cert: test_cert.in Makefile
+ $(do_subst) < $(srcdir)/test_cert.in > test_cert.tmp
+ chmod +x test_cert.tmp
+ mv test_cert.tmp test_cert
+
+test_chain: test_chain.in Makefile
+ $(do_subst) < $(srcdir)/test_chain.in > test_chain.tmp
+ chmod +x test_chain.tmp
+ mv test_chain.tmp test_chain
+
+test_cms: test_cms.in Makefile
+ $(do_subst) < $(srcdir)/test_cms.in > test_cms.tmp
+ chmod +x test_cms.tmp
+ mv test_cms.tmp test_cms
+
+test_crypto: test_crypto.in Makefile
+ $(do_subst) < $(srcdir)/test_crypto.in > test_crypto.tmp
+ chmod +x test_crypto.tmp
+ mv test_crypto.tmp test_crypto
+
+test_nist: test_nist.in Makefile
+ $(do_subst) < $(srcdir)/test_nist.in > test_nist.tmp
+ chmod +x test_nist.tmp
+ mv test_nist.tmp test_nist
+
+test_nist2: test_nist2.in Makefile
+ $(do_subst) < $(srcdir)/test_nist2.in > test_nist2.tmp
+ chmod +x test_nist2.tmp
+ mv test_nist2.tmp test_nist2
+
+test_pkcs11: test_pkcs11.in Makefile
+ $(do_subst) < $(srcdir)/test_pkcs11.in > test_pkcs11.tmp
+ chmod +x test_pkcs11.tmp
+ mv test_pkcs11.tmp test_pkcs11
+
+test_java_pkcs11: test_java_pkcs11.in Makefile
+ $(do_subst) < $(srcdir)/test_java_pkcs11.in > test_java_pkcs11.tmp
+ chmod +x test_java_pkcs11.tmp
+ mv test_java_pkcs11.tmp test_java_pkcs11
+
+test_nist_cert: test_nist_cert.in Makefile
+ $(do_subst) < $(srcdir)/test_nist_cert.in > test_nist_cert.tmp
+ chmod +x test_nist_cert.tmp
+ mv test_nist_cert.tmp test_nist_cert
+
+test_nist_pkcs12: test_nist_pkcs12.in Makefile
+ $(do_subst) < $(srcdir)/test_nist_pkcs12.in > test_nist_pkcs12.tmp
+ chmod +x test_nist_pkcs12.tmp
+ mv test_nist_pkcs12.tmp test_nist_pkcs12
+
+test_req: test_req.in Makefile
+ $(do_subst) < $(srcdir)/test_req.in > test_req.tmp
+ chmod +x test_req.tmp
+ mv test_req.tmp test_req
+
+test_windows: test_windows.in Makefile
+ $(do_subst) < $(srcdir)/test_windows.in > test_windows.tmp
+ chmod +x test_windows.tmp
+ mv test_windows.tmp test_windows
+
+test_query: test_query.in Makefile
+ $(do_subst) < $(srcdir)/test_query.in > test_query.tmp
+ chmod +x test_query.tmp
+ mv test_query.tmp test_query
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/hx509/ca.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ca.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ca.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1518 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+#include <pkinit_asn1.h>
+RCSID("$Id: ca.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_ca Hx509 CA functions
+ *
+ * See the library functions here: @ref hx509_ca
+ */
+
+struct hx509_ca_tbs {
+ hx509_name subject;
+ SubjectPublicKeyInfo spki;
+ ExtKeyUsage eku;
+ GeneralNames san;
+ unsigned key_usage;
+ heim_integer serial;
+ struct {
+ unsigned int proxy:1;
+ unsigned int ca:1;
+ unsigned int key:1;
+ unsigned int serial:1;
+ unsigned int domaincontroller:1;
+ } flags;
+ time_t notBefore;
+ time_t notAfter;
+ int pathLenConstraint; /* both for CA and Proxy */
+ CRLDistributionPoints crldp;
+};
+
+/**
+ * Allocate an to-be-signed certificate object that will be converted
+ * into an certificate.
+ *
+ * @param context A hx509 context.
+ * @param tbs returned to-be-signed certicate object, free with
+ * hx509_ca_tbs_free().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs)
+{
+ *tbs = calloc(1, sizeof(**tbs));
+ if (*tbs == NULL)
+ return ENOMEM;
+
+ (*tbs)->subject = NULL;
+ (*tbs)->san.len = 0;
+ (*tbs)->san.val = NULL;
+ (*tbs)->eku.len = 0;
+ (*tbs)->eku.val = NULL;
+ (*tbs)->pathLenConstraint = 0;
+ (*tbs)->crldp.len = 0;
+ (*tbs)->crldp.val = NULL;
+
+ return 0;
+}
+
+/**
+ * Free an To Be Signed object.
+ *
+ * @param tbs object to free.
+ *
+ * @ingroup hx509_ca
+ */
+
+void
+hx509_ca_tbs_free(hx509_ca_tbs *tbs)
+{
+ if (tbs == NULL || *tbs == NULL)
+ return;
+
+ free_SubjectPublicKeyInfo(&(*tbs)->spki);
+ free_GeneralNames(&(*tbs)->san);
+ free_ExtKeyUsage(&(*tbs)->eku);
+ der_free_heim_integer(&(*tbs)->serial);
+ free_CRLDistributionPoints(&(*tbs)->crldp);
+
+ hx509_name_free(&(*tbs)->subject);
+
+ memset(*tbs, 0, sizeof(**tbs));
+ free(*tbs);
+ *tbs = NULL;
+}
+
+/**
+ * Set the absolute time when the certificate is valid from. If not
+ * set the current time will be used.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param t time the certificated will start to be valid
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_notBefore(hx509_context context,
+ hx509_ca_tbs tbs,
+ time_t t)
+{
+ tbs->notBefore = t;
+ return 0;
+}
+
+/**
+ * Set the absolute time when the certificate is valid to.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param t time when the certificate will expire
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_notAfter(hx509_context context,
+ hx509_ca_tbs tbs,
+ time_t t)
+{
+ tbs->notAfter = t;
+ return 0;
+}
+
+/**
+ * Set the relative time when the certificiate is going to expire.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param delta seconds to the certificate is going to expire.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_notAfter_lifetime(hx509_context context,
+ hx509_ca_tbs tbs,
+ time_t delta)
+{
+ return hx509_ca_tbs_set_notAfter(context, tbs, time(NULL) + delta);
+}
+
+static const struct units templatebits[] = {
+ { "ExtendedKeyUsage", HX509_CA_TEMPLATE_EKU },
+ { "KeyUsage", HX509_CA_TEMPLATE_KU },
+ { "SPKI", HX509_CA_TEMPLATE_SPKI },
+ { "notAfter", HX509_CA_TEMPLATE_NOTAFTER },
+ { "notBefore", HX509_CA_TEMPLATE_NOTBEFORE },
+ { "serial", HX509_CA_TEMPLATE_SERIAL },
+ { "subject", HX509_CA_TEMPLATE_SUBJECT },
+ { NULL, 0 }
+};
+
+/**
+ * Make of template units, use to build flags argument to
+ * hx509_ca_tbs_set_template() with parse_units().
+ *
+ * @return an units structure.
+ *
+ * @ingroup hx509_ca
+ */
+
+const struct units *
+hx509_ca_tbs_template_units(void)
+{
+ return templatebits;
+}
+
+/**
+ * Initialize the to-be-signed certificate object from a template certifiate.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param flags bit field selecting what to copy from the template
+ * certifiate.
+ * @param cert template certificate.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_template(hx509_context context,
+ hx509_ca_tbs tbs,
+ int flags,
+ hx509_cert cert)
+{
+ int ret;
+
+ if (flags & HX509_CA_TEMPLATE_SUBJECT) {
+ if (tbs->subject)
+ hx509_name_free(&tbs->subject);
+ ret = hx509_cert_get_subject(cert, &tbs->subject);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to get subject from template");
+ return ret;
+ }
+ }
+ if (flags & HX509_CA_TEMPLATE_SERIAL) {
+ der_free_heim_integer(&tbs->serial);
+ ret = hx509_cert_get_serialnumber(cert, &tbs->serial);
+ tbs->flags.serial = !ret;
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy serial number");
+ return ret;
+ }
+ }
+ if (flags & HX509_CA_TEMPLATE_NOTBEFORE)
+ tbs->notBefore = hx509_cert_get_notBefore(cert);
+ if (flags & HX509_CA_TEMPLATE_NOTAFTER)
+ tbs->notAfter = hx509_cert_get_notAfter(cert);
+ if (flags & HX509_CA_TEMPLATE_SPKI) {
+ free_SubjectPublicKeyInfo(&tbs->spki);
+ ret = hx509_cert_get_SPKI(context, cert, &tbs->spki);
+ tbs->flags.key = !ret;
+ if (ret)
+ return ret;
+ }
+ if (flags & HX509_CA_TEMPLATE_KU) {
+ KeyUsage ku;
+ ret = _hx509_cert_get_keyusage(context, cert, &ku);
+ if (ret)
+ return ret;
+ tbs->key_usage = KeyUsage2int(ku);
+ }
+ if (flags & HX509_CA_TEMPLATE_EKU) {
+ ExtKeyUsage eku;
+ int i;
+ ret = _hx509_cert_get_eku(context, cert, &eku);
+ if (ret)
+ return ret;
+ for (i = 0; i < eku.len; i++) {
+ ret = hx509_ca_tbs_add_eku(context, tbs, &eku.val[i]);
+ if (ret) {
+ free_ExtKeyUsage(&eku);
+ return ret;
+ }
+ }
+ free_ExtKeyUsage(&eku);
+ }
+ return 0;
+}
+
+/**
+ * Make the to-be-signed certificate object a CA certificate. If the
+ * pathLenConstraint is negative path length constraint is used.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param pathLenConstraint path length constraint, negative, no
+ * constraint.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_ca(hx509_context context,
+ hx509_ca_tbs tbs,
+ int pathLenConstraint)
+{
+ tbs->flags.ca = 1;
+ tbs->pathLenConstraint = pathLenConstraint;
+ return 0;
+}
+
+/**
+ * Make the to-be-signed certificate object a proxy certificate. If the
+ * pathLenConstraint is negative path length constraint is used.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param pathLenConstraint path length constraint, negative, no
+ * constraint.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_proxy(hx509_context context,
+ hx509_ca_tbs tbs,
+ int pathLenConstraint)
+{
+ tbs->flags.proxy = 1;
+ tbs->pathLenConstraint = pathLenConstraint;
+ return 0;
+}
+
+
+/**
+ * Make the to-be-signed certificate object a windows domain controller certificate.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_domaincontroller(hx509_context context,
+ hx509_ca_tbs tbs)
+{
+ tbs->flags.domaincontroller = 1;
+ return 0;
+}
+
+/**
+ * Set the subject public key info (SPKI) in the to-be-signed certificate
+ * object. SPKI is the public key and key related parameters in the
+ * certificate.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param spki subject public key info to use for the to-be-signed certificate object.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_spki(hx509_context context,
+ hx509_ca_tbs tbs,
+ const SubjectPublicKeyInfo *spki)
+{
+ int ret;
+ free_SubjectPublicKeyInfo(&tbs->spki);
+ ret = copy_SubjectPublicKeyInfo(spki, &tbs->spki);
+ tbs->flags.key = !ret;
+ return ret;
+}
+
+/**
+ * Set the serial number to use for to-be-signed certificate object.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param serialNumber serial number to use for the to-be-signed
+ * certificate object.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_serialnumber(hx509_context context,
+ hx509_ca_tbs tbs,
+ const heim_integer *serialNumber)
+{
+ int ret;
+ der_free_heim_integer(&tbs->serial);
+ ret = der_copy_heim_integer(serialNumber, &tbs->serial);
+ tbs->flags.serial = !ret;
+ return ret;
+}
+
+/**
+ * An an extended key usage to the to-be-signed certificate object.
+ * Duplicates will detected and not added.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param oid extended key usage to add.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_eku(hx509_context context,
+ hx509_ca_tbs tbs,
+ const heim_oid *oid)
+{
+ void *ptr;
+ int ret;
+ unsigned i;
+
+ /* search for duplicates */
+ for (i = 0; i < tbs->eku.len; i++) {
+ if (der_heim_oid_cmp(oid, &tbs->eku.val[i]) == 0)
+ return 0;
+ }
+
+ ptr = realloc(tbs->eku.val, sizeof(tbs->eku.val[0]) * (tbs->eku.len + 1));
+ if (ptr == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ tbs->eku.val = ptr;
+ ret = der_copy_oid(oid, &tbs->eku.val[tbs->eku.len]);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ return ret;
+ }
+ tbs->eku.len += 1;
+ return 0;
+}
+
+/**
+ * Add CRL distribution point URI to the to-be-signed certificate
+ * object.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param uri uri to the CRL.
+ * @param issuername name of the issuer.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_crl_dp_uri(hx509_context context,
+ hx509_ca_tbs tbs,
+ const char *uri,
+ hx509_name issuername)
+{
+ DistributionPoint dp;
+ int ret;
+
+ memset(&dp, 0, sizeof(dp));
+
+ dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint));
+
+ {
+ DistributionPointName name;
+ GeneralName gn;
+ size_t size;
+
+ name.element = choice_DistributionPointName_fullName;
+ name.u.fullName.len = 1;
+ name.u.fullName.val = &gn;
+
+ gn.element = choice_GeneralName_uniformResourceIdentifier;
+ gn.u.uniformResourceIdentifier = rk_UNCONST(uri);
+
+ ASN1_MALLOC_ENCODE(DistributionPointName,
+ dp.distributionPoint->data,
+ dp.distributionPoint->length,
+ &name, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to encoded DistributionPointName");
+ goto out;
+ }
+ if (dp.distributionPoint->length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+ }
+
+ if (issuername) {
+#if 1
+ /**
+ * issuername not supported
+ */
+ hx509_set_error_string(context, 0, EINVAL,
+ "CRLDistributionPoints.name.issuername not yet supported");
+ return EINVAL;
+#else
+ GeneralNames *crlissuer;
+ GeneralName gn;
+ Name n;
+
+ crlissuer = calloc(1, sizeof(*crlissuer));
+ if (crlissuer == NULL) {
+ return ENOMEM;
+ }
+ memset(&gn, 0, sizeof(gn));
+
+ gn.element = choice_GeneralName_directoryName;
+ ret = hx509_name_to_Name(issuername, &n);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ gn.u.directoryName.element = n.element;
+ gn.u.directoryName.u.rdnSequence = n.u.rdnSequence;
+
+ ret = add_GeneralNames(&crlissuer, &gn);
+ free_Name(&n);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ dp.cRLIssuer = &crlissuer;
+#endif
+ }
+
+ ret = add_CRLDistributionPoints(&tbs->crldp, &dp);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+out:
+ free_DistributionPoint(&dp);
+
+ return ret;
+}
+
+/**
+ * Add Subject Alternative Name otherName to the to-be-signed
+ * certificate object.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param oid the oid of the OtherName.
+ * @param os data in the other name.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_san_otherName(hx509_context context,
+ hx509_ca_tbs tbs,
+ const heim_oid *oid,
+ const heim_octet_string *os)
+{
+ GeneralName gn;
+
+ memset(&gn, 0, sizeof(gn));
+ gn.element = choice_GeneralName_otherName;
+ gn.u.otherName.type_id = *oid;
+ gn.u.otherName.value = *os;
+
+ return add_GeneralNames(&tbs->san, &gn);
+}
+
+/**
+ * Add Kerberos Subject Alternative Name to the to-be-signed
+ * certificate object. The principal string is a UTF8 string.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param principal Kerberos principal to add to the certificate.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_san_pkinit(hx509_context context,
+ hx509_ca_tbs tbs,
+ const char *principal)
+{
+ heim_octet_string os;
+ KRB5PrincipalName p;
+ size_t size;
+ int ret;
+ char *s = NULL;
+
+ memset(&p, 0, sizeof(p));
+
+ /* parse principal */
+ {
+ const char *str;
+ char *q;
+ int n;
+
+ /* count number of component */
+ n = 1;
+ for(str = principal; *str != '\0' && *str != '@'; str++){
+ if(*str=='\\'){
+ if(str[1] == '\0' || str[1] == '@') {
+ ret = HX509_PARSING_NAME_FAILED;
+ hx509_set_error_string(context, 0, ret,
+ "trailing \\ in principal name");
+ goto out;
+ }
+ str++;
+ } else if(*str == '/')
+ n++;
+ }
+ p.principalName.name_string.val =
+ calloc(n, sizeof(*p.principalName.name_string.val));
+ if (p.principalName.name_string.val == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "malloc: out of memory");
+ goto out;
+ }
+ p.principalName.name_string.len = n;
+
+ p.principalName.name_type = KRB5_NT_PRINCIPAL;
+ q = s = strdup(principal);
+ if (q == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "malloc: out of memory");
+ goto out;
+ }
+ p.realm = strrchr(q, '@');
+ if (p.realm == NULL) {
+ ret = HX509_PARSING_NAME_FAILED;
+ hx509_set_error_string(context, 0, ret, "Missing @ in principal");
+ goto out;
+ };
+ *p.realm++ = '\0';
+
+ n = 0;
+ while (q) {
+ p.principalName.name_string.val[n++] = q;
+ q = strchr(q, '/');
+ if (q)
+ *q++ = '\0';
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != os.length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ ret = hx509_ca_tbs_add_san_otherName(context,
+ tbs,
+ oid_id_pkinit_san(),
+ &os);
+ free(os.data);
+out:
+ if (p.principalName.name_string.val)
+ free (p.principalName.name_string.val);
+ if (s)
+ free(s);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static int
+add_utf8_san(hx509_context context,
+ hx509_ca_tbs tbs,
+ const heim_oid *oid,
+ const char *string)
+{
+ const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
+ heim_octet_string os;
+ size_t size;
+ int ret;
+
+ os.length = 0;
+ os.data = NULL;
+
+ ASN1_MALLOC_ENCODE(PKIXXmppAddr, os.data, os.length, &ustring, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != os.length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ ret = hx509_ca_tbs_add_san_otherName(context,
+ tbs,
+ oid,
+ &os);
+ free(os.data);
+out:
+ return ret;
+}
+
+/**
+ * Add Microsoft UPN Subject Alternative Name to the to-be-signed
+ * certificate object. The principal string is a UTF8 string.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param principal Microsoft UPN string.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_san_ms_upn(hx509_context context,
+ hx509_ca_tbs tbs,
+ const char *principal)
+{
+ return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal);
+}
+
+/**
+ * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed
+ * certificate object. The jid is an UTF8 string.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param jid string of an a jabber id in UTF8.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_san_jid(hx509_context context,
+ hx509_ca_tbs tbs,
+ const char *jid)
+{
+ return add_utf8_san(context, tbs, oid_id_pkix_on_xmppAddr(), jid);
+}
+
+
+/**
+ * Add a Subject Alternative Name hostname to to-be-signed certificate
+ * object. A domain match starts with ., an exact match does not.
+ *
+ * Example of a an domain match: .domain.se matches the hostname
+ * host.domain.se.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param dnsname a hostame.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_san_hostname(hx509_context context,
+ hx509_ca_tbs tbs,
+ const char *dnsname)
+{
+ GeneralName gn;
+
+ memset(&gn, 0, sizeof(gn));
+ gn.element = choice_GeneralName_dNSName;
+ gn.u.dNSName = rk_UNCONST(dnsname);
+
+ return add_GeneralNames(&tbs->san, &gn);
+}
+
+/**
+ * Add a Subject Alternative Name rfc822 (email address) to
+ * to-be-signed certificate object.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param rfc822Name a string to a email address.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_add_san_rfc822name(hx509_context context,
+ hx509_ca_tbs tbs,
+ const char *rfc822Name)
+{
+ GeneralName gn;
+
+ memset(&gn, 0, sizeof(gn));
+ gn.element = choice_GeneralName_rfc822Name;
+ gn.u.rfc822Name = rk_UNCONST(rfc822Name);
+
+ return add_GeneralNames(&tbs->san, &gn);
+}
+
+/**
+ * Set the subject name of a to-be-signed certificate object.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param subject the name to set a subject.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_set_subject(hx509_context context,
+ hx509_ca_tbs tbs,
+ hx509_name subject)
+{
+ if (tbs->subject)
+ hx509_name_free(&tbs->subject);
+ return hx509_name_copy(context, subject, &tbs->subject);
+}
+
+/**
+ * Expand the the subject name in the to-be-signed certificate object
+ * using hx509_name_expand().
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param env enviroment variable to expand variables in the subject
+ * name, see hx509_env_init().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_tbs_subject_expand(hx509_context context,
+ hx509_ca_tbs tbs,
+ hx509_env env)
+{
+ return hx509_name_expand(context, tbs->subject, env);
+}
+
+static int
+add_extension(hx509_context context,
+ TBSCertificate *tbsc,
+ int critical_flag,
+ const heim_oid *oid,
+ const heim_octet_string *data)
+{
+ Extension ext;
+ int ret;
+
+ memset(&ext, 0, sizeof(ext));
+
+ if (critical_flag) {
+ ext.critical = malloc(sizeof(*ext.critical));
+ if (ext.critical == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ *ext.critical = TRUE;
+ }
+
+ ret = der_copy_oid(oid, &ext.extnID);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ ret = der_copy_octet_string(data, &ext.extnValue);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ ret = add_Extensions(tbsc->extensions, &ext);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+out:
+ free_Extension(&ext);
+ return ret;
+}
+
+static int
+build_proxy_prefix(hx509_context context, const Name *issuer, Name *subject)
+{
+ char *tstr;
+ time_t t;
+ int ret;
+
+ ret = copy_Name(issuer, subject);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy subject name");
+ return ret;
+ }
+
+ t = time(NULL);
+ asprintf(&tstr, "ts-%lu", (unsigned long)t);
+ if (tstr == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM,
+ "Failed to copy subject name");
+ return ENOMEM;
+ }
+ /* prefix with CN=<ts>,...*/
+ ret = _hx509_name_modify(context, subject, 1, oid_id_at_commonName(), tstr);
+ free(tstr);
+ if (ret)
+ free_Name(subject);
+ return ret;
+}
+
+static int
+ca_sign(hx509_context context,
+ hx509_ca_tbs tbs,
+ hx509_private_key signer,
+ const AuthorityKeyIdentifier *ai,
+ const Name *issuername,
+ hx509_cert *certificate)
+{
+ heim_octet_string data;
+ Certificate c;
+ TBSCertificate *tbsc;
+ size_t size;
+ int ret;
+ const AlgorithmIdentifier *sigalg;
+ time_t notBefore;
+ time_t notAfter;
+ unsigned key_usage;
+
+ sigalg = _hx509_crypto_default_sig_alg;
+
+ memset(&c, 0, sizeof(c));
+
+ /*
+ * Default values are: Valid since 24h ago, valid one year into
+ * the future, KeyUsage digitalSignature and keyEncipherment set,
+ * and keyCertSign for CA certificates.
+ */
+ notBefore = tbs->notBefore;
+ if (notBefore == 0)
+ notBefore = time(NULL) - 3600 * 24;
+ notAfter = tbs->notAfter;
+ if (notAfter == 0)
+ notAfter = time(NULL) + 3600 * 24 * 365;
+
+ key_usage = tbs->key_usage;
+ if (key_usage == 0) {
+ KeyUsage ku;
+ memset(&ku, 0, sizeof(ku));
+ ku.digitalSignature = 1;
+ ku.keyEncipherment = 1;
+ key_usage = KeyUsage2int(ku);
+ }
+
+ if (tbs->flags.ca) {
+ KeyUsage ku;
+ memset(&ku, 0, sizeof(ku));
+ ku.keyCertSign = 1;
+ ku.cRLSign = 1;
+ key_usage |= KeyUsage2int(ku);
+ }
+
+ /*
+ *
+ */
+
+ tbsc = &c.tbsCertificate;
+
+ if (tbs->flags.key == 0) {
+ ret = EINVAL;
+ hx509_set_error_string(context, 0, ret, "No public key set");
+ return ret;
+ }
+ /*
+ * Don't put restrictions on proxy certificate's subject name, it
+ * will be generated below.
+ */
+ if (!tbs->flags.proxy) {
+ if (tbs->subject == NULL) {
+ hx509_set_error_string(context, 0, EINVAL, "No subject name set");
+ return EINVAL;
+ }
+ if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) {
+ hx509_set_error_string(context, 0, EINVAL,
+ "NULL subject and no SubjectAltNames");
+ return EINVAL;
+ }
+ }
+ if (tbs->flags.ca && tbs->flags.proxy) {
+ hx509_set_error_string(context, 0, EINVAL, "Can't be proxy and CA "
+ "at the same time");
+ return EINVAL;
+ }
+ if (tbs->flags.proxy) {
+ if (tbs->san.len > 0) {
+ hx509_set_error_string(context, 0, EINVAL,
+ "Proxy certificate is not allowed "
+ "to have SubjectAltNames");
+ return EINVAL;
+ }
+ }
+
+ /* version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, */
+ tbsc->version = calloc(1, sizeof(*tbsc->version));
+ if (tbsc->version == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ *tbsc->version = rfc3280_version_3;
+ /* serialNumber CertificateSerialNumber, */
+ if (tbs->flags.serial) {
+ ret = der_copy_heim_integer(&tbs->serial, &tbsc->serialNumber);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ } else {
+ tbsc->serialNumber.length = 20;
+ tbsc->serialNumber.data = malloc(tbsc->serialNumber.length);
+ if (tbsc->serialNumber.data == NULL){
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ /* XXX diffrent */
+ RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
+ ((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
+ }
+ /* signature AlgorithmIdentifier, */
+ ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to copy sigature alg");
+ goto out;
+ }
+ /* issuer Name, */
+ if (issuername)
+ ret = copy_Name(issuername, &tbsc->issuer);
+ else
+ ret = hx509_name_to_Name(tbs->subject, &tbsc->issuer);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to copy issuer name");
+ goto out;
+ }
+ /* validity Validity, */
+ tbsc->validity.notBefore.element = choice_Time_generalTime;
+ tbsc->validity.notBefore.u.generalTime = notBefore;
+ tbsc->validity.notAfter.element = choice_Time_generalTime;
+ tbsc->validity.notAfter.u.generalTime = notAfter;
+ /* subject Name, */
+ if (tbs->flags.proxy) {
+ ret = build_proxy_prefix(context, &tbsc->issuer, &tbsc->subject);
+ if (ret)
+ goto out;
+ } else {
+ ret = hx509_name_to_Name(tbs->subject, &tbsc->subject);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy subject name");
+ goto out;
+ }
+ }
+ /* subjectPublicKeyInfo SubjectPublicKeyInfo, */
+ ret = copy_SubjectPublicKeyInfo(&tbs->spki, &tbsc->subjectPublicKeyInfo);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to copy spki");
+ goto out;
+ }
+ /* issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL */
+ /* subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL */
+ /* extensions [3] EXPLICIT Extensions OPTIONAL */
+ tbsc->extensions = calloc(1, sizeof(*tbsc->extensions));
+ if (tbsc->extensions == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+
+ /* Add the text BMP string Domaincontroller to the cert */
+ if (tbs->flags.domaincontroller) {
+ data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d"
+ "\x00\x61\x00\x69\x00\x6e\x00\x43"
+ "\x00\x6f\x00\x6e\x00\x74\x00\x72"
+ "\x00\x6f\x00\x6c\x00\x6c\x00\x65"
+ "\x00\x72");
+ data.length = 34;
+
+ ret = add_extension(context, tbsc, 0,
+ oid_id_ms_cert_enroll_domaincontroller(),
+ &data);
+ if (ret)
+ goto out;
+ }
+
+ /* add KeyUsage */
+ {
+ KeyUsage ku;
+
+ ku = int2KeyUsage(key_usage);
+ ASN1_MALLOC_ENCODE(KeyUsage, data.data, data.length, &ku, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, 1,
+ oid_id_x509_ce_keyUsage(), &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ /* add ExtendedKeyUsage */
+ if (tbs->eku.len > 0) {
+ ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length,
+ &tbs->eku, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, 0,
+ oid_id_x509_ce_extKeyUsage(), &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ /* add Subject Alternative Name */
+ if (tbs->san.len > 0) {
+ ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length,
+ &tbs->san, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, 0,
+ oid_id_x509_ce_subjectAltName(),
+ &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ /* Add Authority Key Identifier */
+ if (ai) {
+ ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length,
+ ai, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, 0,
+ oid_id_x509_ce_authorityKeyIdentifier(),
+ &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ /* Add Subject Key Identifier */
+ {
+ SubjectKeyIdentifier si;
+ unsigned char hash[SHA_DIGEST_LENGTH];
+
+ {
+ SHA_CTX m;
+
+ SHA1_Init(&m);
+ SHA1_Update(&m, tbs->spki.subjectPublicKey.data,
+ tbs->spki.subjectPublicKey.length / 8);
+ SHA1_Final (hash, &m);
+ }
+
+ si.data = hash;
+ si.length = sizeof(hash);
+
+ ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length,
+ &si, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, 0,
+ oid_id_x509_ce_subjectKeyIdentifier(),
+ &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ /* Add BasicConstraints */
+ {
+ BasicConstraints bc;
+ int aCA = 1;
+ uint32_t path;
+
+ memset(&bc, 0, sizeof(bc));
+
+ if (tbs->flags.ca) {
+ bc.cA = &aCA;
+ if (tbs->pathLenConstraint >= 0) {
+ path = tbs->pathLenConstraint;
+ bc.pathLenConstraint = &path;
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length,
+ &bc, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ /* Critical if this is a CA */
+ ret = add_extension(context, tbsc, tbs->flags.ca,
+ oid_id_x509_ce_basicConstraints(),
+ &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ /* add Proxy */
+ if (tbs->flags.proxy) {
+ ProxyCertInfo info;
+
+ memset(&info, 0, sizeof(info));
+
+ if (tbs->pathLenConstraint >= 0) {
+ info.pCPathLenConstraint =
+ malloc(sizeof(*info.pCPathLenConstraint));
+ if (info.pCPathLenConstraint == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ *info.pCPathLenConstraint = tbs->pathLenConstraint;
+ }
+
+ ret = der_copy_oid(oid_id_pkix_ppl_inheritAll(),
+ &info.proxyPolicy.policyLanguage);
+ if (ret) {
+ free_ProxyCertInfo(&info);
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length,
+ &info, &size, ret);
+ free_ProxyCertInfo(&info);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, 0,
+ oid_id_pkix_pe_proxyCertInfo(),
+ &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ if (tbs->crldp.len) {
+
+ ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length,
+ &tbs->crldp, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ if (size != data.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ ret = add_extension(context, tbsc, FALSE,
+ oid_id_x509_ce_cRLDistributionPoints(),
+ &data);
+ free(data.data);
+ if (ret)
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "malloc out of memory");
+ goto out;
+ }
+ if (data.length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ ret = _hx509_create_signature_bitstring(context,
+ signer,
+ sigalg,
+ &data,
+ &c.signatureAlgorithm,
+ &c.signatureValue);
+ free(data.data);
+ if (ret)
+ goto out;
+
+ ret = hx509_cert_init(context, &c, certificate);
+ if (ret)
+ goto out;
+
+ free_Certificate(&c);
+
+ return 0;
+
+out:
+ free_Certificate(&c);
+ return ret;
+}
+
+static int
+get_AuthorityKeyIdentifier(hx509_context context,
+ const Certificate *certificate,
+ AuthorityKeyIdentifier *ai)
+{
+ SubjectKeyIdentifier si;
+ int ret;
+
+ ret = _hx509_find_extension_subject_key_id(certificate, &si);
+ if (ret == 0) {
+ ai->keyIdentifier = calloc(1, sizeof(*ai->keyIdentifier));
+ if (ai->keyIdentifier == NULL) {
+ free_SubjectKeyIdentifier(&si);
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ ret = der_copy_octet_string(&si, ai->keyIdentifier);
+ free_SubjectKeyIdentifier(&si);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ } else {
+ GeneralNames gns;
+ GeneralName gn;
+ Name name;
+
+ memset(&gn, 0, sizeof(gn));
+ memset(&gns, 0, sizeof(gns));
+ memset(&name, 0, sizeof(name));
+
+ ai->authorityCertIssuer =
+ calloc(1, sizeof(*ai->authorityCertIssuer));
+ if (ai->authorityCertIssuer == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ ai->authorityCertSerialNumber =
+ calloc(1, sizeof(*ai->authorityCertSerialNumber));
+ if (ai->authorityCertSerialNumber == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+
+ /*
+ * XXX unbreak when asn1 compiler handle IMPLICIT
+ *
+ * This is so horrible.
+ */
+
+ ret = copy_Name(&certificate->tbsCertificate.subject, &name);
+ if (ai->authorityCertSerialNumber == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+
+ memset(&gn, 0, sizeof(gn));
+ gn.element = choice_GeneralName_directoryName;
+ gn.u.directoryName.element =
+ choice_GeneralName_directoryName_rdnSequence;
+ gn.u.directoryName.u.rdnSequence = name.u.rdnSequence;
+
+ ret = add_GeneralNames(&gns, &gn);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+
+ ai->authorityCertIssuer->val = gns.val;
+ ai->authorityCertIssuer->len = gns.len;
+
+ ret = der_copy_heim_integer(&certificate->tbsCertificate.serialNumber,
+ ai->authorityCertSerialNumber);
+ if (ai->authorityCertSerialNumber == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "Out of memory");
+ goto out;
+ }
+ }
+out:
+ if (ret)
+ free_AuthorityKeyIdentifier(ai);
+ return ret;
+}
+
+
+/**
+ * Sign a to-be-signed certificate object with a issuer certificate.
+ *
+ * The caller needs to at least have called the following functions on the
+ * to-be-signed certificate object:
+ * - hx509_ca_tbs_init()
+ * - hx509_ca_tbs_set_subject()
+ * - hx509_ca_tbs_set_spki()
+ *
+ * When done the to-be-signed certificate object should be freed with
+ * hx509_ca_tbs_free().
+ *
+ * When creating self-signed certificate use hx509_ca_sign_self() instead.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param signer the CA certificate object to sign with (need private key).
+ * @param certificate return cerificate, free with hx509_cert_free().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_sign(hx509_context context,
+ hx509_ca_tbs tbs,
+ hx509_cert signer,
+ hx509_cert *certificate)
+{
+ const Certificate *signer_cert;
+ AuthorityKeyIdentifier ai;
+ int ret;
+
+ memset(&ai, 0, sizeof(ai));
+
+ signer_cert = _hx509_get_cert(signer);
+
+ ret = get_AuthorityKeyIdentifier(context, signer_cert, &ai);
+ if (ret)
+ goto out;
+
+ ret = ca_sign(context,
+ tbs,
+ _hx509_cert_private_key(signer),
+ &ai,
+ &signer_cert->tbsCertificate.subject,
+ certificate);
+
+out:
+ free_AuthorityKeyIdentifier(&ai);
+
+ return ret;
+}
+
+/**
+ * Work just like hx509_ca_sign() but signs it-self.
+ *
+ * @param context A hx509 context.
+ * @param tbs object to be signed.
+ * @param signer private key to sign with.
+ * @param certificate return cerificate, free with hx509_cert_free().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_ca
+ */
+
+int
+hx509_ca_sign_self(hx509_context context,
+ hx509_ca_tbs tbs,
+ hx509_private_key signer,
+ hx509_cert *certificate)
+{
+ return ca_sign(context,
+ tbs,
+ signer,
+ NULL,
+ NULL,
+ certificate);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/cert.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/cert.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/cert.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3108 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: cert.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#include "crypto-headers.h"
+#include <rtbl.h>
+
+/**
+ * @page page_cert The basic certificate
+ *
+ * The basic hx509 cerificate object in hx509 is hx509_cert. The
+ * hx509_cert object is representing one X509/PKIX certificate and
+ * associated attributes; like private key, friendly name, etc.
+ *
+ * A hx509_cert object is usully found via the keyset interfaces (@ref
+ * page_keyset), but its also possible to create a certificate
+ * directly from a parsed object with hx509_cert_init() and
+ * hx509_cert_init_data().
+ *
+ * See the library functions here: @ref hx509_cert
+ */
+
+struct hx509_verify_ctx_data {
+ hx509_certs trust_anchors;
+ int flags;
+#define HX509_VERIFY_CTX_F_TIME_SET 1
+#define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE 2
+#define HX509_VERIFY_CTX_F_REQUIRE_RFC3280 4
+#define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS 8
+#define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS 16
+ time_t time_now;
+ unsigned int max_depth;
+#define HX509_VERIFY_MAX_DEPTH 30
+ hx509_revoke_ctx revoke_ctx;
+};
+
+#define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280)
+#define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS)
+#define ALLOW_DEF_TA(ctx) (((ctx)->flags & HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS) == 0)
+
+struct _hx509_cert_attrs {
+ size_t len;
+ hx509_cert_attribute *val;
+};
+
+struct hx509_cert_data {
+ unsigned int ref;
+ char *friendlyname;
+ Certificate *data;
+ hx509_private_key private_key;
+ struct _hx509_cert_attrs attrs;
+ hx509_name basename;
+ _hx509_cert_release_func release;
+ void *ctx;
+};
+
+typedef struct hx509_name_constraints {
+ NameConstraints *val;
+ size_t len;
+} hx509_name_constraints;
+
+#define GeneralSubtrees_SET(g,var) \
+ (g)->len = (var)->len, (g)->val = (var)->val;
+
+/**
+ * Creates a hx509 context that most functions in the library
+ * uses. The context is only allowed to be used by one thread at each
+ * moment. Free the context with hx509_context_free().
+ *
+ * @param context Returns a pointer to new hx509 context.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509
+ */
+
+int
+hx509_context_init(hx509_context *context)
+{
+ *context = calloc(1, sizeof(**context));
+ if (*context == NULL)
+ return ENOMEM;
+
+ _hx509_ks_null_register(*context);
+ _hx509_ks_mem_register(*context);
+ _hx509_ks_file_register(*context);
+ _hx509_ks_pkcs12_register(*context);
+ _hx509_ks_pkcs11_register(*context);
+ _hx509_ks_dir_register(*context);
+ _hx509_ks_keychain_register(*context);
+
+ ENGINE_add_conf_module();
+ OpenSSL_add_all_algorithms();
+
+ (*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF;
+
+ initialize_hx_error_table_r(&(*context)->et_list);
+ initialize_asn1_error_table_r(&(*context)->et_list);
+
+#ifdef HX509_DEFAULT_ANCHORS
+ (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0,
+ NULL, &(*context)->default_trust_anchors);
+#endif
+
+ return 0;
+}
+
+/**
+ * Selects if the hx509_revoke_verify() function is going to require
+ * the existans of a revokation method (OSCP, CRL) or not. Note that
+ * hx509_verify_path(), hx509_cms_verify_signed(), and other function
+ * call hx509_revoke_verify().
+ *
+ * @param context hx509 context to change the flag for.
+ * @param flag zero, revokation method required, non zero missing
+ * revokation method ok
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_context_set_missing_revoke(hx509_context context, int flag)
+{
+ if (flag)
+ context->flags |= HX509_CTX_VERIFY_MISSING_OK;
+ else
+ context->flags &= ~HX509_CTX_VERIFY_MISSING_OK;
+}
+
+/**
+ * Free the context allocated by hx509_context_init().
+ *
+ * @param context context to be freed.
+ *
+ * @ingroup hx509
+ */
+
+void
+hx509_context_free(hx509_context *context)
+{
+ hx509_clear_error_string(*context);
+ if ((*context)->ks_ops) {
+ free((*context)->ks_ops);
+ (*context)->ks_ops = NULL;
+ }
+ (*context)->ks_num_ops = 0;
+ free_error_table ((*context)->et_list);
+ if ((*context)->querystat)
+ free((*context)->querystat);
+ memset(*context, 0, sizeof(**context));
+ free(*context);
+ *context = NULL;
+}
+
+/*
+ *
+ */
+
+Certificate *
+_hx509_get_cert(hx509_cert cert)
+{
+ return cert->data;
+}
+
+/*
+ *
+ */
+
+int
+_hx509_cert_get_version(const Certificate *t)
+{
+ return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1;
+}
+
+/**
+ * Allocate and init an hx509 certificate object from the decoded
+ * certificate `c\xB4.
+ *
+ * @param context A hx509 context.
+ * @param c
+ * @param cert
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
+{
+ int ret;
+
+ *cert = malloc(sizeof(**cert));
+ if (*cert == NULL)
+ return ENOMEM;
+ (*cert)->ref = 1;
+ (*cert)->friendlyname = NULL;
+ (*cert)->attrs.len = 0;
+ (*cert)->attrs.val = NULL;
+ (*cert)->private_key = NULL;
+ (*cert)->basename = NULL;
+ (*cert)->release = NULL;
+ (*cert)->ctx = NULL;
+
+ (*cert)->data = calloc(1, sizeof(*(*cert)->data));
+ if ((*cert)->data == NULL) {
+ free(*cert);
+ return ENOMEM;
+ }
+ ret = copy_Certificate(c, (*cert)->data);
+ if (ret) {
+ free((*cert)->data);
+ free(*cert);
+ *cert = NULL;
+ }
+ return ret;
+}
+
+/**
+ * Just like hx509_cert_init(), but instead of a decode certificate
+ * takes an pointer and length to a memory region that contains a
+ * DER/BER encoded certificate.
+ *
+ * If the memory region doesn't contain just the certificate and
+ * nothing more the function will fail with
+ * HX509_EXTRA_DATA_AFTER_STRUCTURE.
+ *
+ * @param context A hx509 context.
+ * @param ptr pointer to memory region containing encoded certificate.
+ * @param len length of memory region.
+ * @param cert a return pointer to a hx509 certificate object, will
+ * contain NULL on error.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_init_data(hx509_context context,
+ const void *ptr,
+ size_t len,
+ hx509_cert *cert)
+{
+ Certificate t;
+ size_t size;
+ int ret;
+
+ ret = decode_Certificate(ptr, len, &t, &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to decode certificate");
+ return ret;
+ }
+ if (size != len) {
+ hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
+ "Extra data after certificate");
+ return HX509_EXTRA_DATA_AFTER_STRUCTURE;
+ }
+
+ ret = hx509_cert_init(context, &t, cert);
+ free_Certificate(&t);
+ return ret;
+}
+
+void
+_hx509_cert_set_release(hx509_cert cert,
+ _hx509_cert_release_func release,
+ void *ctx)
+{
+ cert->release = release;
+ cert->ctx = ctx;
+}
+
+
+/* Doesn't make a copy of `private_key'. */
+
+int
+_hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key)
+{
+ if (cert->private_key)
+ _hx509_private_key_free(&cert->private_key);
+ cert->private_key = _hx509_private_key_ref(private_key);
+ return 0;
+}
+
+/**
+ * Free reference to the hx509 certificate object, if the refcounter
+ * reaches 0, the object if freed. Its allowed to pass in NULL.
+ *
+ * @param cert the cert to free.
+ *
+ * @ingroup hx509_cert
+ */
+
+void
+hx509_cert_free(hx509_cert cert)
+{
+ int i;
+
+ if (cert == NULL)
+ return;
+
+ if (cert->ref <= 0)
+ _hx509_abort("cert refcount <= 0 on free");
+ if (--cert->ref > 0)
+ return;
+
+ if (cert->release)
+ (cert->release)(cert, cert->ctx);
+
+ if (cert->private_key)
+ _hx509_private_key_free(&cert->private_key);
+
+ free_Certificate(cert->data);
+ free(cert->data);
+
+ for (i = 0; i < cert->attrs.len; i++) {
+ der_free_octet_string(&cert->attrs.val[i]->data);
+ der_free_oid(&cert->attrs.val[i]->oid);
+ free(cert->attrs.val[i]);
+ }
+ free(cert->attrs.val);
+ free(cert->friendlyname);
+ if (cert->basename)
+ hx509_name_free(&cert->basename);
+ memset(cert, 0, sizeof(cert));
+ free(cert);
+}
+
+/**
+ * Add a reference to a hx509 certificate object.
+ *
+ * @param cert a pointer to an hx509 certificate object.
+ *
+ * @return the same object as is passed in.
+ *
+ * @ingroup hx509_cert
+ */
+
+hx509_cert
+hx509_cert_ref(hx509_cert cert)
+{
+ if (cert == NULL)
+ return NULL;
+ if (cert->ref <= 0)
+ _hx509_abort("cert refcount <= 0");
+ cert->ref++;
+ if (cert->ref == 0)
+ _hx509_abort("cert refcount == 0");
+ return cert;
+}
+
+/**
+ * Allocate an verification context that is used fo control the
+ * verification process.
+ *
+ * @param context A hx509 context.
+ * @param ctx returns a pointer to a hx509_verify_ctx object.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx)
+{
+ hx509_verify_ctx c;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL)
+ return ENOMEM;
+
+ c->max_depth = HX509_VERIFY_MAX_DEPTH;
+
+ *ctx = c;
+
+ return 0;
+}
+
+/**
+ * Free an hx509 verification context.
+ *
+ * @param ctx the context to be freed.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_destroy_ctx(hx509_verify_ctx ctx)
+{
+ if (ctx) {
+ hx509_certs_free(&ctx->trust_anchors);
+ hx509_revoke_free(&ctx->revoke_ctx);
+ memset(ctx, 0, sizeof(*ctx));
+ }
+ free(ctx);
+}
+
+/**
+ * Set the trust anchors in the verification context, makes an
+ * reference to the keyset, so the consumer can free the keyset
+ * independent of the destruction of the verification context (ctx).
+ *
+ * @param ctx a verification context
+ * @param set a keyset containing the trust anchors.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set)
+{
+ ctx->trust_anchors = _hx509_certs_ref(set);
+}
+
+/**
+ * Attach an revocation context to the verfication context, , makes an
+ * reference to the revoke context, so the consumer can free the
+ * revoke context independent of the destruction of the verification
+ * context. If there is no revoke context, the verification process is
+ * NOT going to check any verification status.
+ *
+ * @param ctx a verification context.
+ * @param revoke_ctx a revoke context.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)
+{
+ if (ctx->revoke_ctx)
+ hx509_revoke_free(&ctx->revoke_ctx);
+ ctx->revoke_ctx = _hx509_revoke_ref(revoke_ctx);
+}
+
+/**
+ * Set the clock time the the verification process is going to
+ * use. Used to check certificate in the past and future time. If not
+ * set the current time will be used.
+ *
+ * @param ctx a verification context.
+ * @param t the time the verifiation is using.
+ *
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_set_time(hx509_verify_ctx ctx, time_t t)
+{
+ ctx->flags |= HX509_VERIFY_CTX_F_TIME_SET;
+ ctx->time_now = t;
+}
+
+/**
+ * Set the maximum depth of the certificate chain that the path
+ * builder is going to try.
+ *
+ * @param ctx a verification context
+ * @param max_depth maxium depth of the certificate chain, include
+ * trust anchor.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_set_max_depth(hx509_verify_ctx ctx, unsigned int max_depth)
+{
+ ctx->max_depth = max_depth;
+}
+
+/**
+ * Allow or deny the use of proxy certificates
+ *
+ * @param ctx a verification context
+ * @param boolean if non zero, allow proxy certificates.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean)
+{
+ if (boolean)
+ ctx->flags |= HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
+ else
+ ctx->flags &= ~HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE;
+}
+
+/**
+ * Select strict RFC3280 verification of certificiates. This means
+ * checking key usage on CA certificates, this will make version 1
+ * certificiates unuseable.
+ *
+ * @param ctx a verification context
+ * @param boolean if non zero, use strict verification.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean)
+{
+ if (boolean)
+ ctx->flags |= HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
+ else
+ ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280;
+}
+
+/**
+ * Allow using the operating system builtin trust anchors if no other
+ * trust anchors are configured.
+ *
+ * @param ctx a verification context
+ * @param boolean if non zero, useing the operating systems builtin
+ * trust anchors.
+ *
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+void
+hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean)
+{
+ if (boolean)
+ ctx->flags &= ~HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
+ else
+ ctx->flags |= HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS;
+}
+
+static const Extension *
+find_extension(const Certificate *cert, const heim_oid *oid, int *idx)
+{
+ const TBSCertificate *c = &cert->tbsCertificate;
+
+ if (c->version == NULL || *c->version < 2 || c->extensions == NULL)
+ return NULL;
+
+ for (;*idx < c->extensions->len; (*idx)++) {
+ if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0)
+ return &c->extensions->val[(*idx)++];
+ }
+ return NULL;
+}
+
+static int
+find_extension_auth_key_id(const Certificate *subject,
+ AuthorityKeyIdentifier *ai)
+{
+ const Extension *e;
+ size_t size;
+ int i = 0;
+
+ memset(ai, 0, sizeof(*ai));
+
+ e = find_extension(subject, oid_id_x509_ce_authorityKeyIdentifier(), &i);
+ if (e == NULL)
+ return HX509_EXTENSION_NOT_FOUND;
+
+ return decode_AuthorityKeyIdentifier(e->extnValue.data,
+ e->extnValue.length,
+ ai, &size);
+}
+
+int
+_hx509_find_extension_subject_key_id(const Certificate *issuer,
+ SubjectKeyIdentifier *si)
+{
+ const Extension *e;
+ size_t size;
+ int i = 0;
+
+ memset(si, 0, sizeof(*si));
+
+ e = find_extension(issuer, oid_id_x509_ce_subjectKeyIdentifier(), &i);
+ if (e == NULL)
+ return HX509_EXTENSION_NOT_FOUND;
+
+ return decode_SubjectKeyIdentifier(e->extnValue.data,
+ e->extnValue.length,
+ si, &size);
+}
+
+static int
+find_extension_name_constraints(const Certificate *subject,
+ NameConstraints *nc)
+{
+ const Extension *e;
+ size_t size;
+ int i = 0;
+
+ memset(nc, 0, sizeof(*nc));
+
+ e = find_extension(subject, oid_id_x509_ce_nameConstraints(), &i);
+ if (e == NULL)
+ return HX509_EXTENSION_NOT_FOUND;
+
+ return decode_NameConstraints(e->extnValue.data,
+ e->extnValue.length,
+ nc, &size);
+}
+
+static int
+find_extension_subject_alt_name(const Certificate *cert, int *i,
+ GeneralNames *sa)
+{
+ const Extension *e;
+ size_t size;
+
+ memset(sa, 0, sizeof(*sa));
+
+ e = find_extension(cert, oid_id_x509_ce_subjectAltName(), i);
+ if (e == NULL)
+ return HX509_EXTENSION_NOT_FOUND;
+
+ return decode_GeneralNames(e->extnValue.data,
+ e->extnValue.length,
+ sa, &size);
+}
+
+static int
+find_extension_eku(const Certificate *cert, ExtKeyUsage *eku)
+{
+ const Extension *e;
+ size_t size;
+ int i = 0;
+
+ memset(eku, 0, sizeof(*eku));
+
+ e = find_extension(cert, oid_id_x509_ce_extKeyUsage(), &i);
+ if (e == NULL)
+ return HX509_EXTENSION_NOT_FOUND;
+
+ return decode_ExtKeyUsage(e->extnValue.data,
+ e->extnValue.length,
+ eku, &size);
+}
+
+static int
+add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry)
+{
+ void *p;
+ int ret;
+
+ p = realloc(list->val, (list->len + 1) * sizeof(list->val[0]));
+ if (p == NULL)
+ return ENOMEM;
+ list->val = p;
+ ret = der_copy_octet_string(entry, &list->val[list->len]);
+ if (ret)
+ return ret;
+ list->len++;
+ return 0;
+}
+
+/**
+ * Free a list of octet strings returned by another hx509 library
+ * function.
+ *
+ * @param list list to be freed.
+ *
+ * @ingroup hx509_misc
+ */
+
+void
+hx509_free_octet_string_list(hx509_octet_string_list *list)
+{
+ int i;
+ for (i = 0; i < list->len; i++)
+ der_free_octet_string(&list->val[i]);
+ free(list->val);
+ list->val = NULL;
+ list->len = 0;
+}
+
+/**
+ * Return a list of subjectAltNames specified by oid in the
+ * certificate. On error the
+ *
+ * The returned list of octet string should be freed with
+ * hx509_free_octet_string_list().
+ *
+ * @param context A hx509 context.
+ * @param cert a hx509 certificate object.
+ * @param oid an oid to for SubjectAltName.
+ * @param list list of matching SubjectAltName.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_find_subjectAltName_otherName(hx509_context context,
+ hx509_cert cert,
+ const heim_oid *oid,
+ hx509_octet_string_list *list)
+{
+ GeneralNames sa;
+ int ret, i, j;
+
+ list->val = NULL;
+ list->len = 0;
+
+ i = 0;
+ while (1) {
+ ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa);
+ i++;
+ if (ret == HX509_EXTENSION_NOT_FOUND) {
+ ret = 0;
+ break;
+ } else if (ret != 0) {
+ hx509_set_error_string(context, 0, ret, "Error searching for SAN");
+ hx509_free_octet_string_list(list);
+ return ret;
+ }
+
+ for (j = 0; j < sa.len; j++) {
+ if (sa.val[j].element == choice_GeneralName_otherName &&
+ der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0)
+ {
+ ret = add_to_list(list, &sa.val[j].u.otherName.value);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Error adding an exra SAN to "
+ "return list");
+ hx509_free_octet_string_list(list);
+ free_GeneralNames(&sa);
+ return ret;
+ }
+ }
+ }
+ free_GeneralNames(&sa);
+ }
+ return 0;
+}
+
+
+static int
+check_key_usage(hx509_context context, const Certificate *cert,
+ unsigned flags, int req_present)
+{
+ const Extension *e;
+ KeyUsage ku;
+ size_t size;
+ int ret, i = 0;
+ unsigned ku_flags;
+
+ if (_hx509_cert_get_version(cert) < 3)
+ return 0;
+
+ e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
+ if (e == NULL) {
+ if (req_present) {
+ hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
+ "Required extension key "
+ "usage missing from certifiate");
+ return HX509_KU_CERT_MISSING;
+ }
+ return 0;
+ }
+
+ ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size);
+ if (ret)
+ return ret;
+ ku_flags = KeyUsage2int(ku);
+ if ((ku_flags & flags) != flags) {
+ unsigned missing = (~ku_flags) & flags;
+ char buf[256], *name;
+
+ unparse_flags(missing, asn1_KeyUsage_units(), buf, sizeof(buf));
+ _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
+ hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
+ "Key usage %s required but missing "
+ "from certifiate %s", buf, name);
+ free(name);
+ return HX509_KU_CERT_MISSING;
+ }
+ return 0;
+}
+
+/*
+ * Return 0 on matching key usage 'flags' for 'cert', otherwise return
+ * an error code. If 'req_present' the existance is required of the
+ * KeyUsage extension.
+ */
+
+int
+_hx509_check_key_usage(hx509_context context, hx509_cert cert,
+ unsigned flags, int req_present)
+{
+ return check_key_usage(context, _hx509_get_cert(cert), flags, req_present);
+}
+
+enum certtype { PROXY_CERT, EE_CERT, CA_CERT };
+
+static int
+check_basic_constraints(hx509_context context, const Certificate *cert,
+ enum certtype type, int depth)
+{
+ BasicConstraints bc;
+ const Extension *e;
+ size_t size;
+ int ret, i = 0;
+
+ if (_hx509_cert_get_version(cert) < 3)
+ return 0;
+
+ e = find_extension(cert, oid_id_x509_ce_basicConstraints(), &i);
+ if (e == NULL) {
+ switch(type) {
+ case PROXY_CERT:
+ case EE_CERT:
+ return 0;
+ case CA_CERT: {
+ char *name;
+ ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
+ assert(ret == 0);
+ hx509_set_error_string(context, 0, HX509_EXTENSION_NOT_FOUND,
+ "basicConstraints missing from "
+ "CA certifiacte %s", name);
+ free(name);
+ return HX509_EXTENSION_NOT_FOUND;
+ }
+ }
+ }
+
+ ret = decode_BasicConstraints(e->extnValue.data,
+ e->extnValue.length, &bc,
+ &size);
+ if (ret)
+ return ret;
+ switch(type) {
+ case PROXY_CERT:
+ if (bc.cA != NULL && *bc.cA)
+ ret = HX509_PARENT_IS_CA;
+ break;
+ case EE_CERT:
+ ret = 0;
+ break;
+ case CA_CERT:
+ if (bc.cA == NULL || !*bc.cA)
+ ret = HX509_PARENT_NOT_CA;
+ else if (bc.pathLenConstraint)
+ if (depth - 1 > *bc.pathLenConstraint)
+ ret = HX509_CA_PATH_TOO_DEEP;
+ break;
+ }
+ free_BasicConstraints(&bc);
+ return ret;
+}
+
+int
+_hx509_cert_is_parent_cmp(const Certificate *subject,
+ const Certificate *issuer,
+ int allow_self_signed)
+{
+ int diff;
+ AuthorityKeyIdentifier ai;
+ SubjectKeyIdentifier si;
+ int ret_ai, ret_si;
+
+ diff = _hx509_name_cmp(&issuer->tbsCertificate.subject,
+ &subject->tbsCertificate.issuer);
+ if (diff)
+ return diff;
+
+ memset(&ai, 0, sizeof(ai));
+ memset(&si, 0, sizeof(si));
+
+ /*
+ * Try to find AuthorityKeyIdentifier, if it's not present in the
+ * subject certificate nor the parent.
+ */
+
+ ret_ai = find_extension_auth_key_id(subject, &ai);
+ if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND)
+ return 1;
+ ret_si = _hx509_find_extension_subject_key_id(issuer, &si);
+ if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND)
+ return -1;
+
+ if (ret_si && ret_ai)
+ goto out;
+ if (ret_ai)
+ goto out;
+ if (ret_si) {
+ if (allow_self_signed) {
+ diff = 0;
+ goto out;
+ } else if (ai.keyIdentifier) {
+ diff = -1;
+ goto out;
+ }
+ }
+
+ if (ai.keyIdentifier == NULL) {
+ Name name;
+
+ if (ai.authorityCertIssuer == NULL)
+ return -1;
+ if (ai.authorityCertSerialNumber == NULL)
+ return -1;
+
+ diff = der_heim_integer_cmp(ai.authorityCertSerialNumber,
+ &issuer->tbsCertificate.serialNumber);
+ if (diff)
+ return diff;
+ if (ai.authorityCertIssuer->len != 1)
+ return -1;
+ if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName)
+ return -1;
+
+ name.element =
+ ai.authorityCertIssuer->val[0].u.directoryName.element;
+ name.u.rdnSequence =
+ ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence;
+
+ diff = _hx509_name_cmp(&issuer->tbsCertificate.subject,
+ &name);
+ if (diff)
+ return diff;
+ diff = 0;
+ } else
+ diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si);
+ if (diff)
+ goto out;
+
+ out:
+ free_AuthorityKeyIdentifier(&ai);
+ free_SubjectKeyIdentifier(&si);
+ return diff;
+}
+
+static int
+certificate_is_anchor(hx509_context context,
+ hx509_certs trust_anchors,
+ const hx509_cert cert)
+{
+ hx509_query q;
+ hx509_cert c;
+ int ret;
+
+ if (trust_anchors == NULL)
+ return 0;
+
+ _hx509_query_clear(&q);
+
+ q.match = HX509_QUERY_MATCH_CERTIFICATE;
+ q.certificate = _hx509_get_cert(cert);
+
+ ret = hx509_certs_find(context, trust_anchors, &q, &c);
+ if (ret == 0)
+ hx509_cert_free(c);
+ return ret == 0;
+}
+
+static int
+certificate_is_self_signed(const Certificate *cert)
+{
+ return _hx509_name_cmp(&cert->tbsCertificate.subject,
+ &cert->tbsCertificate.issuer) == 0;
+}
+
+/*
+ * The subjectName is "null" when it's empty set of relative DBs.
+ */
+
+static int
+subject_null_p(const Certificate *c)
+{
+ return c->tbsCertificate.subject.u.rdnSequence.len == 0;
+}
+
+
+static int
+find_parent(hx509_context context,
+ time_t time_now,
+ hx509_certs trust_anchors,
+ hx509_path *path,
+ hx509_certs pool,
+ hx509_cert current,
+ hx509_cert *parent)
+{
+ AuthorityKeyIdentifier ai;
+ hx509_query q;
+ int ret;
+
+ *parent = NULL;
+ memset(&ai, 0, sizeof(ai));
+
+ _hx509_query_clear(&q);
+
+ if (!subject_null_p(current->data)) {
+ q.match |= HX509_QUERY_FIND_ISSUER_CERT;
+ q.subject = _hx509_get_cert(current);
+ } else {
+ ret = find_extension_auth_key_id(current->data, &ai);
+ if (ret) {
+ hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
+ "Subjectless certificate missing AuthKeyID");
+ return HX509_CERTIFICATE_MALFORMED;
+ }
+
+ if (ai.keyIdentifier == NULL) {
+ free_AuthorityKeyIdentifier(&ai);
+ hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED,
+ "Subjectless certificate missing keyIdentifier "
+ "inside AuthKeyID");
+ return HX509_CERTIFICATE_MALFORMED;
+ }
+
+ q.subject_id = ai.keyIdentifier;
+ q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
+ }
+
+ q.path = path;
+ q.match |= HX509_QUERY_NO_MATCH_PATH;
+
+ if (pool) {
+ q.timenow = time_now;
+ q.match |= HX509_QUERY_MATCH_TIME;
+
+ ret = hx509_certs_find(context, pool, &q, parent);
+ if (ret == 0) {
+ free_AuthorityKeyIdentifier(&ai);
+ return 0;
+ }
+ q.match &= ~HX509_QUERY_MATCH_TIME;
+ }
+
+ if (trust_anchors) {
+ ret = hx509_certs_find(context, trust_anchors, &q, parent);
+ if (ret == 0) {
+ free_AuthorityKeyIdentifier(&ai);
+ return ret;
+ }
+ }
+ free_AuthorityKeyIdentifier(&ai);
+
+ {
+ hx509_name name;
+ char *str;
+
+ ret = hx509_cert_get_subject(current, &name);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return HX509_ISSUER_NOT_FOUND;
+ }
+ ret = hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return HX509_ISSUER_NOT_FOUND;
+ }
+
+ hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND,
+ "Failed to find issuer for "
+ "certificate with subject: '%s'", str);
+ free(str);
+ }
+ return HX509_ISSUER_NOT_FOUND;
+}
+
+/*
+ *
+ */
+
+static int
+is_proxy_cert(hx509_context context,
+ const Certificate *cert,
+ ProxyCertInfo *rinfo)
+{
+ ProxyCertInfo info;
+ const Extension *e;
+ size_t size;
+ int ret, i = 0;
+
+ if (rinfo)
+ memset(rinfo, 0, sizeof(*rinfo));
+
+ e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
+ if (e == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_EXTENSION_NOT_FOUND;
+ }
+
+ ret = decode_ProxyCertInfo(e->extnValue.data,
+ e->extnValue.length,
+ &info,
+ &size);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ if (size != e->extnValue.length) {
+ free_ProxyCertInfo(&info);
+ hx509_clear_error_string(context);
+ return HX509_EXTRA_DATA_AFTER_STRUCTURE;
+ }
+ if (rinfo == NULL)
+ free_ProxyCertInfo(&info);
+ else
+ *rinfo = info;
+
+ return 0;
+}
+
+/*
+ * Path operations are like MEMORY based keyset, but with exposed
+ * internal so we can do easy searches.
+ */
+
+int
+_hx509_path_append(hx509_context context, hx509_path *path, hx509_cert cert)
+{
+ hx509_cert *val;
+ val = realloc(path->val, (path->len + 1) * sizeof(path->val[0]));
+ if (val == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ path->val = val;
+ path->val[path->len] = hx509_cert_ref(cert);
+ path->len++;
+
+ return 0;
+}
+
+void
+_hx509_path_free(hx509_path *path)
+{
+ unsigned i;
+
+ for (i = 0; i < path->len; i++)
+ hx509_cert_free(path->val[i]);
+ free(path->val);
+ path->val = NULL;
+ path->len = 0;
+}
+
+/*
+ * Find path by looking up issuer for the top certificate and continue
+ * until an anchor certificate is found or max limit is found. A
+ * certificate never included twice in the path.
+ *
+ * If the trust anchors are not given, calculate optimistic path, just
+ * follow the chain upward until we no longer find a parent or we hit
+ * the max path limit. In this case, a failure will always be returned
+ * depending on what error condition is hit first.
+ *
+ * The path includes a path from the top certificate to the anchor
+ * certificate.
+ *
+ * The caller needs to free `path\xB4 both on successful built path and
+ * failure.
+ */
+
+int
+_hx509_calculate_path(hx509_context context,
+ int flags,
+ time_t time_now,
+ hx509_certs anchors,
+ unsigned int max_depth,
+ hx509_cert cert,
+ hx509_certs pool,
+ hx509_path *path)
+{
+ hx509_cert parent, current;
+ int ret;
+
+ if (max_depth == 0)
+ max_depth = HX509_VERIFY_MAX_DEPTH;
+
+ ret = _hx509_path_append(context, path, cert);
+ if (ret)
+ return ret;
+
+ current = hx509_cert_ref(cert);
+
+ while (!certificate_is_anchor(context, anchors, current)) {
+
+ ret = find_parent(context, time_now, anchors, path,
+ pool, current, &parent);
+ hx509_cert_free(current);
+ if (ret)
+ return ret;
+
+ ret = _hx509_path_append(context, path, parent);
+ if (ret)
+ return ret;
+ current = parent;
+
+ if (path->len > max_depth) {
+ hx509_cert_free(current);
+ hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG,
+ "Path too long while bulding "
+ "certificate chain");
+ return HX509_PATH_TOO_LONG;
+ }
+ }
+
+ if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) &&
+ path->len > 0 &&
+ certificate_is_anchor(context, anchors, path->val[path->len - 1]))
+ {
+ hx509_cert_free(path->val[path->len - 1]);
+ path->len--;
+ }
+
+ hx509_cert_free(current);
+ return 0;
+}
+
+int
+_hx509_AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p,
+ const AlgorithmIdentifier *q)
+{
+ int diff;
+ diff = der_heim_oid_cmp(&p->algorithm, &q->algorithm);
+ if (diff)
+ return diff;
+ if (p->parameters) {
+ if (q->parameters)
+ return heim_any_cmp(p->parameters,
+ q->parameters);
+ else
+ return 1;
+ } else {
+ if (q->parameters)
+ return -1;
+ else
+ return 0;
+ }
+}
+
+int
+_hx509_Certificate_cmp(const Certificate *p, const Certificate *q)
+{
+ int diff;
+ diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue);
+ if (diff)
+ return diff;
+ diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm,
+ &q->signatureAlgorithm);
+ if (diff)
+ return diff;
+ diff = der_heim_octet_string_cmp(&p->tbsCertificate._save,
+ &q->tbsCertificate._save);
+ return diff;
+}
+
+/**
+ * Compare to hx509 certificate object, useful for sorting.
+ *
+ * @param p a hx509 certificate object.
+ * @param q a hx509 certificate object.
+ *
+ * @return 0 the objects are the same, returns > 0 is p is "larger"
+ * then q, < 0 if p is "smaller" then q.
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_cmp(hx509_cert p, hx509_cert q)
+{
+ return _hx509_Certificate_cmp(p->data, q->data);
+}
+
+/**
+ * Return the name of the issuer of the hx509 certificate.
+ *
+ * @param p a hx509 certificate object.
+ * @param name a pointer to a hx509 name, should be freed by
+ * hx509_name_free().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_get_issuer(hx509_cert p, hx509_name *name)
+{
+ return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name);
+}
+
+/**
+ * Return the name of the subject of the hx509 certificate.
+ *
+ * @param p a hx509 certificate object.
+ * @param name a pointer to a hx509 name, should be freed by
+ * hx509_name_free(). See also hx509_cert_get_base_subject().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_get_subject(hx509_cert p, hx509_name *name)
+{
+ return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name);
+}
+
+/**
+ * Return the name of the base subject of the hx509 certificate. If
+ * the certiicate is a verified proxy certificate, the this function
+ * return the base certificate (root of the proxy chain). If the proxy
+ * certificate is not verified with the base certificate
+ * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.
+ *
+ * @param context a hx509 context.
+ * @param c a hx509 certificate object.
+ * @param name a pointer to a hx509 name, should be freed by
+ * hx509_name_free(). See also hx509_cert_get_subject().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_get_base_subject(hx509_context context, hx509_cert c,
+ hx509_name *name)
+{
+ if (c->basename)
+ return hx509_name_copy(context, c->basename, name);
+ if (is_proxy_cert(context, c->data, NULL) == 0) {
+ int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED;
+ hx509_set_error_string(context, 0, ret,
+ "Proxy certificate have not been "
+ "canonicalize yet, no base name");
+ return ret;
+ }
+ return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name);
+}
+
+/**
+ * Get serial number of the certificate.
+ *
+ * @param p a hx509 certificate object.
+ * @param i serial number, should be freed ith der_free_heim_integer().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i)
+{
+ return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i);
+}
+
+/**
+ * Get notBefore time of the certificate.
+ *
+ * @param p a hx509 certificate object.
+ *
+ * @return return not before time
+ *
+ * @ingroup hx509_cert
+ */
+
+time_t
+hx509_cert_get_notBefore(hx509_cert p)
+{
+ return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notBefore);
+}
+
+/**
+ * Get notAfter time of the certificate.
+ *
+ * @param p a hx509 certificate object.
+ *
+ * @return return not after time.
+ *
+ * @ingroup hx509_cert
+ */
+
+time_t
+hx509_cert_get_notAfter(hx509_cert p)
+{
+ return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notAfter);
+}
+
+/**
+ * Get the SubjectPublicKeyInfo structure from the hx509 certificate.
+ *
+ * @param context a hx509 context.
+ * @param p a hx509 certificate object.
+ * @param spki SubjectPublicKeyInfo, should be freed with
+ * free_SubjectPublicKeyInfo().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)
+{
+ int ret;
+
+ ret = copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, spki);
+ if (ret)
+ hx509_set_error_string(context, 0, ret, "Failed to copy SPKI");
+ return ret;
+}
+
+/**
+ * Get the AlgorithmIdentifier from the hx509 certificate.
+ *
+ * @param context a hx509 context.
+ * @param p a hx509 certificate object.
+ * @param alg AlgorithmIdentifier, should be freed with
+ * free_AlgorithmIdentifier().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context,
+ hx509_cert p,
+ AlgorithmIdentifier *alg)
+{
+ int ret;
+
+ ret = copy_AlgorithmIdentifier(&p->data->tbsCertificate.subjectPublicKeyInfo.algorithm, alg);
+ if (ret)
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy SPKI AlgorithmIdentifier");
+ return ret;
+}
+
+
+hx509_private_key
+_hx509_cert_private_key(hx509_cert p)
+{
+ return p->private_key;
+}
+
+int
+hx509_cert_have_private_key(hx509_cert p)
+{
+ return p->private_key ? 1 : 0;
+}
+
+
+int
+_hx509_cert_private_key_exportable(hx509_cert p)
+{
+ if (p->private_key == NULL)
+ return 0;
+ return _hx509_private_key_exportable(p->private_key);
+}
+
+int
+_hx509_cert_private_decrypt(hx509_context context,
+ const heim_octet_string *ciphertext,
+ const heim_oid *encryption_oid,
+ hx509_cert p,
+ heim_octet_string *cleartext)
+{
+ cleartext->data = NULL;
+ cleartext->length = 0;
+
+ if (p->private_key == NULL) {
+ hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
+ "Private key missing");
+ return HX509_PRIVATE_KEY_MISSING;
+ }
+
+ return _hx509_private_key_private_decrypt(context,
+ ciphertext,
+ encryption_oid,
+ p->private_key,
+ cleartext);
+}
+
+int
+_hx509_cert_public_encrypt(hx509_context context,
+ const heim_octet_string *cleartext,
+ const hx509_cert p,
+ heim_oid *encryption_oid,
+ heim_octet_string *ciphertext)
+{
+ return _hx509_public_encrypt(context,
+ cleartext, p->data,
+ encryption_oid, ciphertext);
+}
+
+/*
+ *
+ */
+
+time_t
+_hx509_Time2time_t(const Time *t)
+{
+ switch(t->element) {
+ case choice_Time_utcTime:
+ return t->u.utcTime;
+ case choice_Time_generalTime:
+ return t->u.generalTime;
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+init_name_constraints(hx509_name_constraints *nc)
+{
+ memset(nc, 0, sizeof(*nc));
+ return 0;
+}
+
+static int
+add_name_constraints(hx509_context context, const Certificate *c, int not_ca,
+ hx509_name_constraints *nc)
+{
+ NameConstraints tnc;
+ int ret;
+
+ ret = find_extension_name_constraints(c, &tnc);
+ if (ret == HX509_EXTENSION_NOT_FOUND)
+ return 0;
+ else if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed getting NameConstraints");
+ return ret;
+ } else if (not_ca) {
+ ret = HX509_VERIFY_CONSTRAINTS;
+ hx509_set_error_string(context, 0, ret, "Not a CA and "
+ "have NameConstraints");
+ } else {
+ NameConstraints *val;
+ val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1));
+ if (val == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+ nc->val = val;
+ ret = copy_NameConstraints(&tnc, &nc->val[nc->len]);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ nc->len += 1;
+ }
+out:
+ free_NameConstraints(&tnc);
+ return ret;
+}
+
+static int
+match_RDN(const RelativeDistinguishedName *c,
+ const RelativeDistinguishedName *n)
+{
+ int i;
+
+ if (c->len != n->len)
+ return HX509_NAME_CONSTRAINT_ERROR;
+
+ for (i = 0; i < n->len; i++) {
+ if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ if (_hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ }
+ return 0;
+}
+
+static int
+match_X501Name(const Name *c, const Name *n)
+{
+ int i, ret;
+
+ if (c->element != choice_Name_rdnSequence
+ || n->element != choice_Name_rdnSequence)
+ return 0;
+ if (c->u.rdnSequence.len > n->u.rdnSequence.len)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ for (i = 0; i < c->u.rdnSequence.len; i++) {
+ ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]);
+ if (ret)
+ return ret;
+ }
+ return 0;
+}
+
+
+static int
+match_general_name(const GeneralName *c, const GeneralName *n, int *match)
+{
+ /*
+ * Name constraints only apply to the same name type, see RFC3280,
+ * 4.2.1.11.
+ */
+ assert(c->element == n->element);
+
+ switch(c->element) {
+ case choice_GeneralName_otherName:
+ if (der_heim_oid_cmp(&c->u.otherName.type_id,
+ &n->u.otherName.type_id) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ if (heim_any_cmp(&c->u.otherName.value,
+ &n->u.otherName.value) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ *match = 1;
+ return 0;
+ case choice_GeneralName_rfc822Name: {
+ const char *s;
+ size_t len1, len2;
+ s = strchr(c->u.rfc822Name, '@');
+ if (s) {
+ if (strcasecmp(c->u.rfc822Name, n->u.rfc822Name) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ } else {
+ s = strchr(n->u.rfc822Name, '@');
+ if (s == NULL)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ len1 = strlen(c->u.rfc822Name);
+ len2 = strlen(s + 1);
+ if (len1 > len2)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ if (len1 < len2 && s[len2 - len1 + 1] != '.')
+ return HX509_NAME_CONSTRAINT_ERROR;
+ }
+ *match = 1;
+ return 0;
+ }
+ case choice_GeneralName_dNSName: {
+ size_t lenc, lenn;
+
+ lenc = strlen(c->u.dNSName);
+ lenn = strlen(n->u.dNSName);
+ if (lenc > lenn)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ if (strcasecmp(&n->u.dNSName[lenn - lenc], c->u.dNSName) != 0)
+ return HX509_NAME_CONSTRAINT_ERROR;
+ if (lenc != lenn && n->u.dNSName[lenn - lenc - 1] != '.')
+ return HX509_NAME_CONSTRAINT_ERROR;
+ *match = 1;
+ return 0;
+ }
+ case choice_GeneralName_directoryName: {
+ Name c_name, n_name;
+ int ret;
+
+ c_name._save.data = NULL;
+ c_name._save.length = 0;
+ c_name.element = c->u.directoryName.element;
+ c_name.u.rdnSequence = c->u.directoryName.u.rdnSequence;
+
+ n_name._save.data = NULL;
+ n_name._save.length = 0;
+ n_name.element = n->u.directoryName.element;
+ n_name.u.rdnSequence = n->u.directoryName.u.rdnSequence;
+
+ ret = match_X501Name(&c_name, &n_name);
+ if (ret == 0)
+ *match = 1;
+ return ret;
+ }
+ case choice_GeneralName_uniformResourceIdentifier:
+ case choice_GeneralName_iPAddress:
+ case choice_GeneralName_registeredID:
+ default:
+ return HX509_NAME_CONSTRAINT_ERROR;
+ }
+}
+
+static int
+match_alt_name(const GeneralName *n, const Certificate *c,
+ int *same, int *match)
+{
+ GeneralNames sa;
+ int ret, i, j;
+
+ i = 0;
+ do {
+ ret = find_extension_subject_alt_name(c, &i, &sa);
+ if (ret == HX509_EXTENSION_NOT_FOUND) {
+ ret = 0;
+ break;
+ } else if (ret != 0)
+ break;
+
+ for (j = 0; j < sa.len; j++) {
+ if (n->element == sa.val[j].element) {
+ *same = 1;
+ ret = match_general_name(n, &sa.val[j], match);
+ }
+ }
+ free_GeneralNames(&sa);
+ } while (1);
+ return ret;
+}
+
+
+static int
+match_tree(const GeneralSubtrees *t, const Certificate *c, int *match)
+{
+ int name, alt_name, same;
+ unsigned int i;
+ int ret = 0;
+
+ name = alt_name = same = *match = 0;
+ for (i = 0; i < t->len; i++) {
+ if (t->val[i].minimum && t->val[i].maximum)
+ return HX509_RANGE;
+
+ /*
+ * If the constraint apply to directoryNames, test is with
+ * subjectName of the certificate if the certificate have a
+ * non-null (empty) subjectName.
+ */
+
+ if (t->val[i].base.element == choice_GeneralName_directoryName
+ && !subject_null_p(c))
+ {
+ GeneralName certname;
+
+ memset(&certname, 0, sizeof(certname));
+ certname.element = choice_GeneralName_directoryName;
+ certname.u.directoryName.element =
+ c->tbsCertificate.subject.element;
+ certname.u.directoryName.u.rdnSequence =
+ c->tbsCertificate.subject.u.rdnSequence;
+
+ ret = match_general_name(&t->val[i].base, &certname, &name);
+ }
+
+ /* Handle subjectAltNames, this is icky since they
+ * restrictions only apply if the subjectAltName is of the
+ * same type. So if there have been a match of type, require
+ * altname to be set.
+ */
+ ret = match_alt_name(&t->val[i].base, c, &same, &alt_name);
+ }
+ if (name && (!same || alt_name))
+ *match = 1;
+ return ret;
+}
+
+static int
+check_name_constraints(hx509_context context,
+ const hx509_name_constraints *nc,
+ const Certificate *c)
+{
+ int match, ret;
+ int i;
+
+ for (i = 0 ; i < nc->len; i++) {
+ GeneralSubtrees gs;
+
+ if (nc->val[i].permittedSubtrees) {
+ GeneralSubtrees_SET(&gs, nc->val[i].permittedSubtrees);
+ ret = match_tree(&gs, c, &match);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ /* allow null subjectNames, they wont matches anything */
+ if (match == 0 && !subject_null_p(c)) {
+ hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
+ "Error verify constraints, "
+ "certificate didn't match any "
+ "permitted subtree");
+ return HX509_VERIFY_CONSTRAINTS;
+ }
+ }
+ if (nc->val[i].excludedSubtrees) {
+ GeneralSubtrees_SET(&gs, nc->val[i].excludedSubtrees);
+ ret = match_tree(&gs, c, &match);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ if (match) {
+ hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
+ "Error verify constraints, "
+ "certificate included in excluded "
+ "subtree");
+ return HX509_VERIFY_CONSTRAINTS;
+ }
+ }
+ }
+ return 0;
+}
+
+static void
+free_name_constraints(hx509_name_constraints *nc)
+{
+ int i;
+
+ for (i = 0 ; i < nc->len; i++)
+ free_NameConstraints(&nc->val[i]);
+ free(nc->val);
+}
+
+/**
+ * Build and verify the path for the certificate to the trust anchor
+ * specified in the verify context. The path is constructed from the
+ * certificate, the pool and the trust anchors.
+ *
+ * @param context A hx509 context.
+ * @param ctx A hx509 verification context.
+ * @param cert the certificate to build the path from.
+ * @param pool A keyset of certificates to build the chain from.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_verify_path(hx509_context context,
+ hx509_verify_ctx ctx,
+ hx509_cert cert,
+ hx509_certs pool)
+{
+ hx509_name_constraints nc;
+ hx509_path path;
+#if 0
+ const AlgorithmIdentifier *alg_id;
+#endif
+ int ret, i, proxy_cert_depth, selfsigned_depth;
+ enum certtype type;
+ Name proxy_issuer;
+ hx509_certs anchors = NULL;
+
+ memset(&proxy_issuer, 0, sizeof(proxy_issuer));
+
+ ret = init_name_constraints(&nc);
+ if (ret)
+ return ret;
+
+ path.val = NULL;
+ path.len = 0;
+
+ if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0)
+ ctx->time_now = time(NULL);
+
+ /*
+ *
+ */
+ if (ctx->trust_anchors)
+ anchors = _hx509_certs_ref(ctx->trust_anchors);
+ else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx))
+ anchors = _hx509_certs_ref(context->default_trust_anchors);
+ else {
+ ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors);
+ if (ret)
+ goto out;
+ }
+
+ /*
+ * Calculate the path from the certificate user presented to the
+ * to an anchor.
+ */
+ ret = _hx509_calculate_path(context, 0, ctx->time_now,
+ anchors, ctx->max_depth,
+ cert, pool, &path);
+ if (ret)
+ goto out;
+
+#if 0
+ alg_id = path.val[path->len - 1]->data->tbsCertificate.signature;
+#endif
+
+ /*
+ * Check CA and proxy certificate chain from the top of the
+ * certificate chain. Also check certificate is valid with respect
+ * to the current time.
+ *
+ */
+
+ proxy_cert_depth = 0;
+ selfsigned_depth = 0;
+
+ if (ctx->flags & HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE)
+ type = PROXY_CERT;
+ else
+ type = EE_CERT;
+
+ for (i = 0; i < path.len; i++) {
+ Certificate *c;
+ time_t t;
+
+ c = _hx509_get_cert(path.val[i]);
+
+ /*
+ * Lets do some basic check on issuer like
+ * keyUsage.keyCertSign and basicConstraints.cA bit depending
+ * on what type of certificate this is.
+ */
+
+ switch (type) {
+ case CA_CERT:
+ /* XXX make constants for keyusage */
+ ret = check_key_usage(context, c, 1 << 5,
+ REQUIRE_RFC3280(ctx) ? TRUE : FALSE);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Key usage missing from CA certificate");
+ goto out;
+ }
+
+ if (i + 1 != path.len && certificate_is_self_signed(c))
+ selfsigned_depth++;
+
+ break;
+ case PROXY_CERT: {
+ ProxyCertInfo info;
+
+ if (is_proxy_cert(context, c, &info) == 0) {
+ int j;
+
+ if (info.pCPathLenConstraint != NULL &&
+ *info.pCPathLenConstraint < i)
+ {
+ free_ProxyCertInfo(&info);
+ ret = HX509_PATH_TOO_LONG;
+ hx509_set_error_string(context, 0, ret,
+ "Proxy certificate chain "
+ "longer then allowed");
+ goto out;
+ }
+ /* XXX MUST check info.proxyPolicy */
+ free_ProxyCertInfo(&info);
+
+ j = 0;
+ if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) {
+ ret = HX509_PROXY_CERT_INVALID;
+ hx509_set_error_string(context, 0, ret,
+ "Proxy certificate have explicity "
+ "forbidden subjectAltName");
+ goto out;
+ }
+
+ j = 0;
+ if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) {
+ ret = HX509_PROXY_CERT_INVALID;
+ hx509_set_error_string(context, 0, ret,
+ "Proxy certificate have explicity "
+ "forbidden issuerAltName");
+ goto out;
+ }
+
+ /*
+ * The subject name of the proxy certificate should be
+ * CN=XXX,<proxy issuer>, prune of CN and check if its
+ * the same over the whole chain of proxy certs and
+ * then check with the EE cert when we get to it.
+ */
+
+ if (proxy_cert_depth) {
+ ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject);
+ if (ret) {
+ ret = HX509_PROXY_CERT_NAME_WRONG;
+ hx509_set_error_string(context, 0, ret,
+ "Base proxy name not right");
+ goto out;
+ }
+ }
+
+ free_Name(&proxy_issuer);
+
+ ret = copy_Name(&c->tbsCertificate.subject, &proxy_issuer);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ j = proxy_issuer.u.rdnSequence.len;
+ if (proxy_issuer.u.rdnSequence.len < 2
+ || proxy_issuer.u.rdnSequence.val[j - 1].len > 1
+ || der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type,
+ oid_id_at_commonName()))
+ {
+ ret = HX509_PROXY_CERT_NAME_WRONG;
+ hx509_set_error_string(context, 0, ret,
+ "Proxy name too short or "
+ "does not have Common name "
+ "at the top");
+ goto out;
+ }
+
+ free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]);
+ proxy_issuer.u.rdnSequence.len -= 1;
+
+ ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer);
+ if (ret != 0) {
+ ret = HX509_PROXY_CERT_NAME_WRONG;
+ hx509_set_error_string(context, 0, ret,
+ "Proxy issuer name not as expected");
+ goto out;
+ }
+
+ break;
+ } else {
+ /*
+ * Now we are done with the proxy certificates, this
+ * cert was an EE cert and we we will fall though to
+ * EE checking below.
+ */
+ type = EE_CERT;
+ /* FALLTHOUGH */
+ }
+ }
+ case EE_CERT:
+ /*
+ * If there where any proxy certificates in the chain
+ * (proxy_cert_depth > 0), check that the proxy issuer
+ * matched proxy certificates "base" subject.
+ */
+ if (proxy_cert_depth) {
+
+ ret = _hx509_name_cmp(&proxy_issuer,
+ &c->tbsCertificate.subject);
+ if (ret) {
+ ret = HX509_PROXY_CERT_NAME_WRONG;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ if (cert->basename)
+ hx509_name_free(&cert->basename);
+
+ ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ break;
+ }
+
+ ret = check_basic_constraints(context, c, type,
+ i - proxy_cert_depth - selfsigned_depth);
+ if (ret)
+ goto out;
+
+ /*
+ * Don't check the trust anchors expiration time since they
+ * are transported out of band, from RFC3820.
+ */
+ if (i + 1 != path.len || CHECK_TA(ctx)) {
+
+ t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
+ if (t > ctx->time_now) {
+ ret = HX509_CERT_USED_BEFORE_TIME;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
+ if (t < ctx->time_now) {
+ ret = HX509_CERT_USED_AFTER_TIME;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ if (type == EE_CERT)
+ type = CA_CERT;
+ else if (type == PROXY_CERT)
+ proxy_cert_depth++;
+ }
+
+ /*
+ * Verify constraints, do this backward so path constraints are
+ * checked in the right order.
+ */
+
+ for (ret = 0, i = path.len - 1; i >= 0; i--) {
+ Certificate *c;
+
+ c = _hx509_get_cert(path.val[i]);
+
+ /* verify name constraints, not for selfsigned and anchor */
+ if (!certificate_is_self_signed(c) || i + 1 != path.len) {
+ ret = check_name_constraints(context, &nc, c);
+ if (ret) {
+ goto out;
+ }
+ }
+ ret = add_name_constraints(context, c, i == 0, &nc);
+ if (ret)
+ goto out;
+
+ /* XXX verify all other silly constraints */
+
+ }
+
+ /*
+ * Verify that no certificates has been revoked.
+ */
+
+ if (ctx->revoke_ctx) {
+ hx509_certs certs;
+
+ ret = hx509_certs_init(context, "MEMORY:revoke-certs", 0,
+ NULL, &certs);
+ if (ret)
+ goto out;
+
+ for (i = 0; i < path.len; i++) {
+ ret = hx509_certs_add(context, certs, path.val[i]);
+ if (ret) {
+ hx509_certs_free(&certs);
+ goto out;
+ }
+ }
+ ret = hx509_certs_merge(context, certs, pool);
+ if (ret) {
+ hx509_certs_free(&certs);
+ goto out;
+ }
+
+ for (i = 0; i < path.len - 1; i++) {
+ int parent = (i < path.len - 1) ? i + 1 : i;
+
+ ret = hx509_revoke_verify(context,
+ ctx->revoke_ctx,
+ certs,
+ ctx->time_now,
+ path.val[i],
+ path.val[parent]);
+ if (ret) {
+ hx509_certs_free(&certs);
+ goto out;
+ }
+ }
+ hx509_certs_free(&certs);
+ }
+
+ /*
+ * Verify signatures, do this backward so public key working
+ * parameter is passed up from the anchor up though the chain.
+ */
+
+ for (i = path.len - 1; i >= 0; i--) {
+ Certificate *signer, *c;
+
+ c = _hx509_get_cert(path.val[i]);
+
+ /* is last in chain (trust anchor) */
+ if (i + 1 == path.len) {
+ signer = path.val[i]->data;
+
+ /* if trust anchor is not self signed, don't check sig */
+ if (!certificate_is_self_signed(signer))
+ continue;
+ } else {
+ /* take next certificate in chain */
+ signer = path.val[i + 1]->data;
+ }
+
+ /* verify signatureValue */
+ ret = _hx509_verify_signature_bitstring(context,
+ signer,
+ &c->signatureAlgorithm,
+ &c->tbsCertificate._save,
+ &c->signatureValue);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to verify signature of certificate");
+ goto out;
+ }
+ }
+
+out:
+ hx509_certs_free(&anchors);
+ free_Name(&proxy_issuer);
+ free_name_constraints(&nc);
+ _hx509_path_free(&path);
+
+ return ret;
+}
+
+/**
+ * Verify a signature made using the private key of an certificate.
+ *
+ * @param context A hx509 context.
+ * @param signer the certificate that made the signature.
+ * @param alg algorthm that was used to sign the data.
+ * @param data the data that was signed.
+ * @param sig the sigature to verify.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_crypto
+ */
+
+int
+hx509_verify_signature(hx509_context context,
+ const hx509_cert signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ return _hx509_verify_signature(context, signer->data, alg, data, sig);
+}
+
+
+/**
+ * Verify that the certificate is allowed to be used for the hostname
+ * and address.
+ *
+ * @param context A hx509 context.
+ * @param cert the certificate to match with
+ * @param flags Flags to modify the behavior:
+ * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok
+ * @param type type of hostname:
+ * - HX509_HN_HOSTNAME for plain hostname.
+ * - HX509_HN_DNSSRV for DNS SRV names.
+ * @param hostname the hostname to check
+ * @param sa address of the host
+ * @param sa_size length of address
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_verify_hostname(hx509_context context,
+ const hx509_cert cert,
+ int flags,
+ hx509_hostname_type type,
+ const char *hostname,
+ const struct sockaddr *sa,
+ /* XXX krb5_socklen_t */ int sa_size)
+{
+ GeneralNames san;
+ int ret, i, j;
+
+ if (sa && sa_size <= 0)
+ return EINVAL;
+
+ memset(&san, 0, sizeof(san));
+
+ i = 0;
+ do {
+ ret = find_extension_subject_alt_name(cert->data, &i, &san);
+ if (ret == HX509_EXTENSION_NOT_FOUND) {
+ ret = 0;
+ break;
+ } else if (ret != 0)
+ break;
+
+ for (j = 0; j < san.len; j++) {
+ switch (san.val[j].element) {
+ case choice_GeneralName_dNSName:
+ if (strcasecmp(san.val[j].u.dNSName, hostname) == 0) {
+ free_GeneralNames(&san);
+ return 0;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ free_GeneralNames(&san);
+ } while (1);
+
+ {
+ Name *name = &cert->data->tbsCertificate.subject;
+
+ /* match if first component is a CN= */
+ if (name->u.rdnSequence.len > 0
+ && name->u.rdnSequence.val[0].len == 1
+ && der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type,
+ oid_id_at_commonName()) == 0)
+ {
+ DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value;
+
+ switch (ds->element) {
+ case choice_DirectoryString_printableString:
+ if (strcasecmp(ds->u.printableString, hostname) == 0)
+ return 0;
+ break;
+ case choice_DirectoryString_ia5String:
+ if (strcasecmp(ds->u.ia5String, hostname) == 0)
+ return 0;
+ break;
+ case choice_DirectoryString_utf8String:
+ if (strcasecmp(ds->u.utf8String, hostname) == 0)
+ return 0;
+ default:
+ break;
+ }
+ }
+ }
+
+ if ((flags & HX509_VHN_F_ALLOW_NO_MATCH) == 0)
+ ret = HX509_NAME_CONSTRAINT_ERROR;
+
+ return ret;
+}
+
+int
+_hx509_set_cert_attribute(hx509_context context,
+ hx509_cert cert,
+ const heim_oid *oid,
+ const heim_octet_string *attr)
+{
+ hx509_cert_attribute a;
+ void *d;
+
+ if (hx509_cert_get_attribute(cert, oid) != NULL)
+ return 0;
+
+ d = realloc(cert->attrs.val,
+ sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1));
+ if (d == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ cert->attrs.val = d;
+
+ a = malloc(sizeof(*a));
+ if (a == NULL)
+ return ENOMEM;
+
+ der_copy_octet_string(attr, &a->data);
+ der_copy_oid(oid, &a->oid);
+
+ cert->attrs.val[cert->attrs.len] = a;
+ cert->attrs.len++;
+
+ return 0;
+}
+
+/**
+ * Get an external attribute for the certificate, examples are
+ * friendly name and id.
+ *
+ * @param cert hx509 certificate object to search
+ * @param oid an oid to search for.
+ *
+ * @return an hx509_cert_attribute, only valid as long as the
+ * certificate is referenced.
+ *
+ * @ingroup hx509_cert
+ */
+
+hx509_cert_attribute
+hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid)
+{
+ int i;
+ for (i = 0; i < cert->attrs.len; i++)
+ if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0)
+ return cert->attrs.val[i];
+ return NULL;
+}
+
+/**
+ * Set the friendly name on the certificate.
+ *
+ * @param cert The certificate to set the friendly name on
+ * @param name Friendly name.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_set_friendly_name(hx509_cert cert, const char *name)
+{
+ if (cert->friendlyname)
+ free(cert->friendlyname);
+ cert->friendlyname = strdup(name);
+ if (cert->friendlyname == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+/**
+ * Get friendly name of the certificate.
+ *
+ * @param cert cert to get the friendly name from.
+ *
+ * @return an friendly name or NULL if there is. The friendly name is
+ * only valid as long as the certificate is referenced.
+ *
+ * @ingroup hx509_cert
+ */
+
+const char *
+hx509_cert_get_friendly_name(hx509_cert cert)
+{
+ hx509_cert_attribute a;
+ PKCS9_friendlyName n;
+ size_t sz;
+ int ret, i;
+
+ if (cert->friendlyname)
+ return cert->friendlyname;
+
+ a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_friendlyName());
+ if (a == NULL) {
+ /* XXX use subject name ? */
+ return NULL;
+ }
+
+ ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz);
+ if (ret)
+ return NULL;
+
+ if (n.len != 1) {
+ free_PKCS9_friendlyName(&n);
+ return NULL;
+ }
+
+ cert->friendlyname = malloc(n.val[0].length + 1);
+ if (cert->friendlyname == NULL) {
+ free_PKCS9_friendlyName(&n);
+ return NULL;
+ }
+
+ for (i = 0; i < n.val[0].length; i++) {
+ if (n.val[0].data[i] <= 0xff)
+ cert->friendlyname[i] = n.val[0].data[i] & 0xff;
+ else
+ cert->friendlyname[i] = 'X';
+ }
+ cert->friendlyname[i] = '\0';
+ free_PKCS9_friendlyName(&n);
+
+ return cert->friendlyname;
+}
+
+void
+_hx509_query_clear(hx509_query *q)
+{
+ memset(q, 0, sizeof(*q));
+}
+
+/**
+ * Allocate an query controller. Free using hx509_query_free().
+ *
+ * @param context A hx509 context.
+ * @param q return pointer to a hx509_query.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_query_alloc(hx509_context context, hx509_query **q)
+{
+ *q = calloc(1, sizeof(**q));
+ if (*q == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+/**
+ * Set match options for the hx509 query controller.
+ *
+ * @param q query controller.
+ * @param option options to control the query controller.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+void
+hx509_query_match_option(hx509_query *q, hx509_query_option option)
+{
+ switch(option) {
+ case HX509_QUERY_OPTION_PRIVATE_KEY:
+ q->match |= HX509_QUERY_PRIVATE_KEY;
+ break;
+ case HX509_QUERY_OPTION_KU_ENCIPHERMENT:
+ q->match |= HX509_QUERY_KU_ENCIPHERMENT;
+ break;
+ case HX509_QUERY_OPTION_KU_DIGITALSIGNATURE:
+ q->match |= HX509_QUERY_KU_DIGITALSIGNATURE;
+ break;
+ case HX509_QUERY_OPTION_KU_KEYCERTSIGN:
+ q->match |= HX509_QUERY_KU_KEYCERTSIGN;
+ break;
+ case HX509_QUERY_OPTION_END:
+ default:
+ break;
+ }
+}
+
+/**
+ * Set the issuer and serial number of match in the query
+ * controller. The function make copies of the isser and serial number.
+ *
+ * @param q a hx509 query controller
+ * @param issuer issuer to search for
+ * @param serialNumber the serialNumber of the issuer.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_query_match_issuer_serial(hx509_query *q,
+ const Name *issuer,
+ const heim_integer *serialNumber)
+{
+ int ret;
+ if (q->serial) {
+ der_free_heim_integer(q->serial);
+ free(q->serial);
+ }
+ q->serial = malloc(sizeof(*q->serial));
+ if (q->serial == NULL)
+ return ENOMEM;
+ ret = der_copy_heim_integer(serialNumber, q->serial);
+ if (ret) {
+ free(q->serial);
+ q->serial = NULL;
+ return ret;
+ }
+ if (q->issuer_name) {
+ free_Name(q->issuer_name);
+ free(q->issuer_name);
+ }
+ q->issuer_name = malloc(sizeof(*q->issuer_name));
+ if (q->issuer_name == NULL)
+ return ENOMEM;
+ ret = copy_Name(issuer, q->issuer_name);
+ if (ret) {
+ free(q->issuer_name);
+ q->issuer_name = NULL;
+ return ret;
+ }
+ q->match |= HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
+ return 0;
+}
+
+/**
+ * Set the query controller to match on a friendly name
+ *
+ * @param q a hx509 query controller.
+ * @param name a friendly name to match on
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_query_match_friendly_name(hx509_query *q, const char *name)
+{
+ if (q->friendlyname)
+ free(q->friendlyname);
+ q->friendlyname = strdup(name);
+ if (q->friendlyname == NULL)
+ return ENOMEM;
+ q->match |= HX509_QUERY_MATCH_FRIENDLY_NAME;
+ return 0;
+}
+
+/**
+ * Set the query controller to match using a specific match function.
+ *
+ * @param q a hx509 query controller.
+ * @param func function to use for matching, if the argument is NULL,
+ * the match function is removed.
+ * @param ctx context passed to the function.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_query_match_cmp_func(hx509_query *q,
+ int (*func)(void *, hx509_cert),
+ void *ctx)
+{
+ if (func)
+ q->match |= HX509_QUERY_MATCH_FUNCTION;
+ else
+ q->match &= ~HX509_QUERY_MATCH_FUNCTION;
+ q->cmp_func = func;
+ q->cmp_func_ctx = ctx;
+ return 0;
+}
+
+/**
+ * Free the query controller.
+ *
+ * @param context A hx509 context.
+ * @param q a pointer to the query controller.
+ *
+ * @ingroup hx509_cert
+ */
+
+void
+hx509_query_free(hx509_context context, hx509_query *q)
+{
+ if (q->serial) {
+ der_free_heim_integer(q->serial);
+ free(q->serial);
+ q->serial = NULL;
+ }
+ if (q->issuer_name) {
+ free_Name(q->issuer_name);
+ free(q->issuer_name);
+ q->issuer_name = NULL;
+ }
+ if (q) {
+ free(q->friendlyname);
+ memset(q, 0, sizeof(*q));
+ }
+ free(q);
+}
+
+int
+_hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert)
+{
+ Certificate *c = _hx509_get_cert(cert);
+
+ _hx509_query_statistic(context, 1, q);
+
+ if ((q->match & HX509_QUERY_FIND_ISSUER_CERT) &&
+ _hx509_cert_is_parent_cmp(q->subject, c, 0) != 0)
+ return 0;
+
+ if ((q->match & HX509_QUERY_MATCH_CERTIFICATE) &&
+ _hx509_Certificate_cmp(q->certificate, c) != 0)
+ return 0;
+
+ if ((q->match & HX509_QUERY_MATCH_SERIALNUMBER)
+ && der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0)
+ return 0;
+
+ if ((q->match & HX509_QUERY_MATCH_ISSUER_NAME)
+ && _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name) != 0)
+ return 0;
+
+ if ((q->match & HX509_QUERY_MATCH_SUBJECT_NAME)
+ && _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0)
+ return 0;
+
+ if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) {
+ SubjectKeyIdentifier si;
+ int ret;
+
+ ret = _hx509_find_extension_subject_key_id(c, &si);
+ if (ret == 0) {
+ if (der_heim_octet_string_cmp(&si, q->subject_id) != 0)
+ ret = 1;
+ free_SubjectKeyIdentifier(&si);
+ }
+ if (ret)
+ return 0;
+ }
+ if ((q->match & HX509_QUERY_MATCH_ISSUER_ID))
+ return 0;
+ if ((q->match & HX509_QUERY_PRIVATE_KEY) &&
+ _hx509_cert_private_key(cert) == NULL)
+ return 0;
+
+ {
+ unsigned ku = 0;
+ if (q->match & HX509_QUERY_KU_DIGITALSIGNATURE)
+ ku |= (1 << 0);
+ if (q->match & HX509_QUERY_KU_NONREPUDIATION)
+ ku |= (1 << 1);
+ if (q->match & HX509_QUERY_KU_ENCIPHERMENT)
+ ku |= (1 << 2);
+ if (q->match & HX509_QUERY_KU_DATAENCIPHERMENT)
+ ku |= (1 << 3);
+ if (q->match & HX509_QUERY_KU_KEYAGREEMENT)
+ ku |= (1 << 4);
+ if (q->match & HX509_QUERY_KU_KEYCERTSIGN)
+ ku |= (1 << 5);
+ if (q->match & HX509_QUERY_KU_CRLSIGN)
+ ku |= (1 << 6);
+ if (ku && check_key_usage(context, c, ku, TRUE))
+ return 0;
+ }
+ if ((q->match & HX509_QUERY_ANCHOR))
+ return 0;
+
+ if (q->match & HX509_QUERY_MATCH_LOCAL_KEY_ID) {
+ hx509_cert_attribute a;
+
+ a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_localKeyId());
+ if (a == NULL)
+ return 0;
+ if (der_heim_octet_string_cmp(&a->data, q->local_key_id) != 0)
+ return 0;
+ }
+
+ if (q->match & HX509_QUERY_NO_MATCH_PATH) {
+ size_t i;
+
+ for (i = 0; i < q->path->len; i++)
+ if (hx509_cert_cmp(q->path->val[i], cert) == 0)
+ return 0;
+ }
+ if (q->match & HX509_QUERY_MATCH_FRIENDLY_NAME) {
+ const char *name = hx509_cert_get_friendly_name(cert);
+ if (name == NULL)
+ return 0;
+ if (strcasecmp(q->friendlyname, name) != 0)
+ return 0;
+ }
+ if (q->match & HX509_QUERY_MATCH_FUNCTION) {
+ int ret = (*q->cmp_func)(q->cmp_func_ctx, cert);
+ if (ret != 0)
+ return 0;
+ }
+
+ if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) {
+ heim_octet_string os;
+ int ret;
+
+ os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
+ os.length =
+ c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
+
+ ret = _hx509_verify_signature(context,
+ NULL,
+ hx509_signature_sha1(),
+ &os,
+ q->keyhash_sha1);
+ if (ret != 0)
+ return 0;
+ }
+
+ if (q->match & HX509_QUERY_MATCH_TIME) {
+ time_t t;
+ t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
+ if (t > q->timenow)
+ return 0;
+ t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter);
+ if (t < q->timenow)
+ return 0;
+ }
+
+ if (q->match & ~HX509_QUERY_MASK)
+ return 0;
+
+ return 1;
+}
+
+/**
+ * Set a statistic file for the query statistics.
+ *
+ * @param context A hx509 context.
+ * @param fn statistics file name
+ *
+ * @ingroup hx509_cert
+ */
+
+void
+hx509_query_statistic_file(hx509_context context, const char *fn)
+{
+ if (context->querystat)
+ free(context->querystat);
+ context->querystat = strdup(fn);
+}
+
+void
+_hx509_query_statistic(hx509_context context, int type, const hx509_query *q)
+{
+ FILE *f;
+ if (context->querystat == NULL)
+ return;
+ f = fopen(context->querystat, "a");
+ if (f == NULL)
+ return;
+ fprintf(f, "%d %d\n", type, q->match);
+ fclose(f);
+}
+
+static const char *statname[] = {
+ "find issuer cert",
+ "match serialnumber",
+ "match issuer name",
+ "match subject name",
+ "match subject key id",
+ "match issuer id",
+ "private key",
+ "ku encipherment",
+ "ku digitalsignature",
+ "ku keycertsign",
+ "ku crlsign",
+ "ku nonrepudiation",
+ "ku keyagreement",
+ "ku dataencipherment",
+ "anchor",
+ "match certificate",
+ "match local key id",
+ "no match path",
+ "match friendly name",
+ "match function",
+ "match key hash sha1",
+ "match time"
+};
+
+struct stat_el {
+ unsigned long stats;
+ unsigned int index;
+};
+
+
+static int
+stat_sort(const void *a, const void *b)
+{
+ const struct stat_el *ae = a;
+ const struct stat_el *be = b;
+ return be->stats - ae->stats;
+}
+
+/**
+ * Unparse the statistics file and print the result on a FILE descriptor.
+ *
+ * @param context A hx509 context.
+ * @param printtype tyep to print
+ * @param out the FILE to write the data on.
+ *
+ * @ingroup hx509_cert
+ */
+
+void
+hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
+{
+ rtbl_t t;
+ FILE *f;
+ int type, mask, i, num;
+ unsigned long multiqueries = 0, totalqueries = 0;
+ struct stat_el stats[32];
+
+ if (context->querystat == NULL)
+ return;
+ f = fopen(context->querystat, "r");
+ if (f == NULL) {
+ fprintf(out, "No statistic file %s: %s.\n",
+ context->querystat, strerror(errno));
+ return;
+ }
+
+ for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
+ stats[i].index = i;
+ stats[i].stats = 0;
+ }
+
+ while (fscanf(f, "%d %d\n", &type, &mask) == 2) {
+ if (type != printtype)
+ continue;
+ num = i = 0;
+ while (mask && i < sizeof(stats)/sizeof(stats[0])) {
+ if (mask & 1) {
+ stats[i].stats++;
+ num++;
+ }
+ mask = mask >>1 ;
+ i++;
+ }
+ if (num > 1)
+ multiqueries++;
+ totalqueries++;
+ }
+ fclose(f);
+
+ qsort(stats, sizeof(stats)/sizeof(stats[0]), sizeof(stats[0]), stat_sort);
+
+ t = rtbl_create();
+ if (t == NULL)
+ errx(1, "out of memory");
+
+ rtbl_set_separator (t, " ");
+
+ rtbl_add_column_by_id (t, 0, "Name", 0);
+ rtbl_add_column_by_id (t, 1, "Counter", 0);
+
+
+ for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) {
+ char str[10];
+
+ if (stats[i].index < sizeof(statname)/sizeof(statname[0]))
+ rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]);
+ else {
+ snprintf(str, sizeof(str), "%d", stats[i].index);
+ rtbl_add_column_entry_by_id (t, 0, str);
+ }
+ snprintf(str, sizeof(str), "%lu", stats[i].stats);
+ rtbl_add_column_entry_by_id (t, 1, str);
+ }
+
+ rtbl_format(t, out);
+ rtbl_destroy(t);
+
+ fprintf(out, "\nQueries: multi %lu total %lu\n",
+ multiqueries, totalqueries);
+}
+
+/**
+ * Check the extended key usage on the hx509 certificate.
+ *
+ * @param context A hx509 context.
+ * @param cert A hx509 context.
+ * @param eku the EKU to check for
+ * @param allow_any_eku if the any EKU is set, allow that to be a
+ * substitute.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_check_eku(hx509_context context, hx509_cert cert,
+ const heim_oid *eku, int allow_any_eku)
+{
+ ExtKeyUsage e;
+ int ret, i;
+
+ ret = find_extension_eku(_hx509_get_cert(cert), &e);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+
+ for (i = 0; i < e.len; i++) {
+ if (der_heim_oid_cmp(eku, &e.val[i]) == 0) {
+ free_ExtKeyUsage(&e);
+ return 0;
+ }
+ if (allow_any_eku) {
+#if 0
+ if (der_heim_oid_cmp(id_any_eku, &e.val[i]) == 0) {
+ free_ExtKeyUsage(&e);
+ return 0;
+ }
+#endif
+ }
+ }
+ free_ExtKeyUsage(&e);
+ hx509_clear_error_string(context);
+ return HX509_CERTIFICATE_MISSING_EKU;
+}
+
+int
+_hx509_cert_get_keyusage(hx509_context context,
+ hx509_cert c,
+ KeyUsage *ku)
+{
+ Certificate *cert;
+ const Extension *e;
+ size_t size;
+ int ret, i = 0;
+
+ memset(ku, 0, sizeof(*ku));
+
+ cert = _hx509_get_cert(c);
+
+ if (_hx509_cert_get_version(cert) < 3)
+ return 0;
+
+ e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i);
+ if (e == NULL)
+ return HX509_KU_CERT_MISSING;
+
+ ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size);
+ if (ret)
+ return ret;
+ return 0;
+}
+
+int
+_hx509_cert_get_eku(hx509_context context,
+ hx509_cert cert,
+ ExtKeyUsage *e)
+{
+ int ret;
+
+ memset(e, 0, sizeof(*e));
+
+ ret = find_extension_eku(_hx509_get_cert(cert), e);
+ if (ret && ret != HX509_EXTENSION_NOT_FOUND) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ return 0;
+}
+
+/**
+ * Encodes the hx509 certificate as a DER encode binary.
+ *
+ * @param context A hx509 context.
+ * @param c the certificate to encode.
+ * @param os the encode certificate, set to NULL, 0 on case of
+ * error. Free the returned structure with hx509_xfree().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_cert
+ */
+
+int
+hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os)
+{
+ size_t size;
+ int ret;
+
+ os->data = NULL;
+ os->length = 0;
+
+ ASN1_MALLOC_ENCODE(Certificate, os->data, os->length,
+ _hx509_get_cert(c), &size, ret);
+ if (ret) {
+ os->data = NULL;
+ os->length = 0;
+ return ret;
+ }
+ if (os->length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ return ret;
+}
+
+/*
+ * Last to avoid lost __attribute__s due to #undef.
+ */
+
+#undef __attribute__
+#define __attribute__(X)
+
+void
+_hx509_abort(const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 1, 2)))
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+ printf("\n");
+ fflush(stdout);
+ abort();
+}
+
+/**
+ * Free a data element allocated in the library.
+ *
+ * @param ptr data to be freed.
+ *
+ * @ingroup hx509_misc
+ */
+
+void
+hx509_xfree(void *ptr)
+{
+ free(ptr);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/cms.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/cms.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/cms.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1426 @@
+/*
+ * Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: cms.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_cms CMS/PKCS7 message functions.
+ *
+ * CMS is defined in RFC 3369 and is an continuation of the RSA Labs
+ * standard PKCS7. The basic messages in CMS is
+ *
+ * - SignedData
+ * Data signed with private key (RSA, DSA, ECDSA) or secret
+ * (symmetric) key
+ * - EnvelopedData
+ * Data encrypted with private key (RSA)
+ * - EncryptedData
+ * Data encrypted with secret (symmetric) key.
+ * - ContentInfo
+ * Wrapper structure including type and data.
+ *
+ *
+ * See the library functions here: @ref hx509_cms
+ */
+
+#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
+#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
+
+/**
+ * Wrap data and oid in a ContentInfo and encode it.
+ *
+ * @param oid type of the content.
+ * @param buf data to be wrapped. If a NULL pointer is passed in, the
+ * optional content field in the ContentInfo is not going be filled
+ * in.
+ * @param res the encoded buffer, the result should be freed with
+ * der_free_octet_string().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_cms
+ */
+
+int
+hx509_cms_wrap_ContentInfo(const heim_oid *oid,
+ const heim_octet_string *buf,
+ heim_octet_string *res)
+{
+ ContentInfo ci;
+ size_t size;
+ int ret;
+
+ memset(res, 0, sizeof(*res));
+ memset(&ci, 0, sizeof(ci));
+
+ ret = der_copy_oid(oid, &ci.contentType);
+ if (ret)
+ return ret;
+ if (buf) {
+ ALLOC(ci.content, 1);
+ if (ci.content == NULL) {
+ free_ContentInfo(&ci);
+ return ENOMEM;
+ }
+ ci.content->data = malloc(buf->length);
+ if (ci.content->data == NULL) {
+ free_ContentInfo(&ci);
+ return ENOMEM;
+ }
+ memcpy(ci.content->data, buf->data, buf->length);
+ ci.content->length = buf->length;
+ }
+
+ ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret);
+ free_ContentInfo(&ci);
+ if (ret)
+ return ret;
+ if (res->length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ return 0;
+}
+
+/**
+ * Decode an ContentInfo and unwrap data and oid it.
+ *
+ * @param in the encoded buffer.
+ * @param oid type of the content.
+ * @param out data to be wrapped.
+ * @param have_data since the data is optional, this flags show dthe
+ * diffrence between no data and the zero length data.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_cms
+ */
+
+int
+hx509_cms_unwrap_ContentInfo(const heim_octet_string *in,
+ heim_oid *oid,
+ heim_octet_string *out,
+ int *have_data)
+{
+ ContentInfo ci;
+ size_t size;
+ int ret;
+
+ memset(oid, 0, sizeof(*oid));
+ memset(out, 0, sizeof(*out));
+
+ ret = decode_ContentInfo(in->data, in->length, &ci, &size);
+ if (ret)
+ return ret;
+
+ ret = der_copy_oid(&ci.contentType, oid);
+ if (ret) {
+ free_ContentInfo(&ci);
+ return ret;
+ }
+ if (ci.content) {
+ ret = der_copy_octet_string(ci.content, out);
+ if (ret) {
+ der_free_oid(oid);
+ free_ContentInfo(&ci);
+ return ret;
+ }
+ } else
+ memset(out, 0, sizeof(*out));
+
+ if (have_data)
+ *have_data = (ci.content != NULL) ? 1 : 0;
+
+ free_ContentInfo(&ci);
+
+ return 0;
+}
+
+#define CMS_ID_SKI 0
+#define CMS_ID_NAME 1
+
+static int
+fill_CMSIdentifier(const hx509_cert cert,
+ int type,
+ CMSIdentifier *id)
+{
+ int ret;
+
+ switch (type) {
+ case CMS_ID_SKI:
+ id->element = choice_CMSIdentifier_subjectKeyIdentifier;
+ ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert),
+ &id->u.subjectKeyIdentifier);
+ if (ret == 0)
+ break;
+ /* FALL THOUGH */
+ case CMS_ID_NAME: {
+ hx509_name name;
+
+ id->element = choice_CMSIdentifier_issuerAndSerialNumber;
+ ret = hx509_cert_get_issuer(cert, &name);
+ if (ret)
+ return ret;
+ ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer);
+ hx509_name_free(&name);
+ if (ret)
+ return ret;
+
+ ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber);
+ break;
+ }
+ default:
+ _hx509_abort("CMS fill identifier with unknown type");
+ }
+ return ret;
+}
+
+static int
+unparse_CMSIdentifier(hx509_context context,
+ CMSIdentifier *id,
+ char **str)
+{
+ int ret;
+
+ *str = NULL;
+ switch (id->element) {
+ case choice_CMSIdentifier_issuerAndSerialNumber: {
+ IssuerAndSerialNumber *iasn;
+ char *serial, *name;
+
+ iasn = &id->u.issuerAndSerialNumber;
+
+ ret = _hx509_Name_to_string(&iasn->issuer, &name);
+ if(ret)
+ return ret;
+ ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial);
+ if (ret) {
+ free(name);
+ return ret;
+ }
+ asprintf(str, "certificate issued by %s with serial number %s",
+ name, serial);
+ free(name);
+ free(serial);
+ break;
+ }
+ case choice_CMSIdentifier_subjectKeyIdentifier: {
+ KeyIdentifier *ki = &id->u.subjectKeyIdentifier;
+ char *keyid;
+ ssize_t len;
+
+ len = hex_encode(ki->data, ki->length, &keyid);
+ if (len < 0)
+ return ENOMEM;
+
+ asprintf(str, "certificate with id %s", keyid);
+ free(keyid);
+ break;
+ }
+ default:
+ asprintf(str, "certificate have unknown CMSidentifier type");
+ break;
+ }
+ if (*str == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+static int
+find_CMSIdentifier(hx509_context context,
+ CMSIdentifier *client,
+ hx509_certs certs,
+ hx509_cert *signer_cert,
+ int match)
+{
+ hx509_query q;
+ hx509_cert cert;
+ Certificate c;
+ int ret;
+
+ memset(&c, 0, sizeof(c));
+ _hx509_query_clear(&q);
+
+ *signer_cert = NULL;
+
+ switch (client->element) {
+ case choice_CMSIdentifier_issuerAndSerialNumber:
+ q.serial = &client->u.issuerAndSerialNumber.serialNumber;
+ q.issuer_name = &client->u.issuerAndSerialNumber.issuer;
+ q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME;
+ break;
+ case choice_CMSIdentifier_subjectKeyIdentifier:
+ q.subject_id = &client->u.subjectKeyIdentifier;
+ q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID;
+ break;
+ default:
+ hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE,
+ "unknown CMS identifier element");
+ return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+ }
+
+ q.match |= match;
+
+ q.match |= HX509_QUERY_MATCH_TIME;
+ q.timenow = time(NULL);
+
+ ret = hx509_certs_find(context, certs, &q, &cert);
+ if (ret == HX509_CERT_NOT_FOUND) {
+ char *str;
+
+ ret = unparse_CMSIdentifier(context, client, &str);
+ if (ret == 0) {
+ hx509_set_error_string(context, 0,
+ HX509_CMS_NO_RECIPIENT_CERTIFICATE,
+ "Failed to find %s", str);
+ } else
+ hx509_clear_error_string(context);
+ return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+ } else if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND,
+ HX509_CMS_NO_RECIPIENT_CERTIFICATE,
+ "Failed to find CMS id in cert store");
+ return HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+ }
+
+ *signer_cert = cert;
+
+ return 0;
+}
+
+/**
+ * Decode and unencrypt EnvelopedData.
+ *
+ * Extract data and parameteres from from the EnvelopedData. Also
+ * supports using detached EnvelopedData.
+ *
+ * @param context A hx509 context.
+ * @param certs Certificate that can decrypt the EnvelopedData
+ * encryption key.
+ * @param flags HX509_CMS_UE flags to control the behavior.
+ * @param data pointer the structure the contains the DER/BER encoded
+ * EnvelopedData stucture.
+ * @param length length of the data that data point to.
+ * @param encryptedContent in case of detached signature, this
+ * contains the actual encrypted data, othersize its should be NULL.
+ * @param contentType output type oid, should be freed with der_free_oid().
+ * @param content the data, free with der_free_octet_string().
+ *
+ * @ingroup hx509_cms
+ */
+
+int
+hx509_cms_unenvelope(hx509_context context,
+ hx509_certs certs,
+ int flags,
+ const void *data,
+ size_t length,
+ const heim_octet_string *encryptedContent,
+ heim_oid *contentType,
+ heim_octet_string *content)
+{
+ heim_octet_string key;
+ EnvelopedData ed;
+ hx509_cert cert;
+ AlgorithmIdentifier *ai;
+ const heim_octet_string *enccontent;
+ heim_octet_string *params, params_data;
+ heim_octet_string ivec;
+ size_t size;
+ int ret, i, matched = 0, findflags = 0;
+
+
+ memset(&key, 0, sizeof(key));
+ memset(&ed, 0, sizeof(ed));
+ memset(&ivec, 0, sizeof(ivec));
+ memset(content, 0, sizeof(*content));
+ memset(contentType, 0, sizeof(*contentType));
+
+ if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0)
+ findflags |= HX509_QUERY_KU_ENCIPHERMENT;
+
+ ret = decode_EnvelopedData(data, length, &ed, &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decode EnvelopedData");
+ return ret;
+ }
+
+ if (ed.recipientInfos.len == 0) {
+ ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+ hx509_set_error_string(context, 0, ret,
+ "No recipient info in enveloped data");
+ goto out;
+ }
+
+ enccontent = ed.encryptedContentInfo.encryptedContent;
+ if (enccontent == NULL) {
+ if (encryptedContent == NULL) {
+ ret = HX509_CMS_NO_DATA_AVAILABLE;
+ hx509_set_error_string(context, 0, ret,
+ "Content missing from encrypted data");
+ goto out;
+ }
+ enccontent = encryptedContent;
+ } else if (encryptedContent != NULL) {
+ ret = HX509_CMS_NO_DATA_AVAILABLE;
+ hx509_set_error_string(context, 0, ret,
+ "Both internal and external encrypted data");
+ goto out;
+ }
+
+ cert = NULL;
+ for (i = 0; i < ed.recipientInfos.len; i++) {
+ KeyTransRecipientInfo *ri;
+ char *str;
+ int ret2;
+
+ ri = &ed.recipientInfos.val[i];
+
+ ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
+ HX509_QUERY_PRIVATE_KEY|findflags);
+ if (ret)
+ continue;
+
+ matched = 1; /* found a matching certificate, let decrypt */
+
+ ret = _hx509_cert_private_decrypt(context,
+ &ri->encryptedKey,
+ &ri->keyEncryptionAlgorithm.algorithm,
+ cert, &key);
+
+ hx509_cert_free(cert);
+ if (ret == 0)
+ break; /* succuessfully decrypted cert */
+ cert = NULL;
+ ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
+ if (ret2 == 0) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to decrypt with %s", str);
+ free(str);
+ }
+ }
+
+ if (!matched) {
+ ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+ hx509_set_error_string(context, 0, ret,
+ "No private key matched any certificate");
+ goto out;
+ }
+
+ if (cert == NULL) {
+ ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "No private key decrypted the transfer key");
+ goto out;
+ }
+
+ ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy EnvelopedData content oid");
+ goto out;
+ }
+
+ ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
+ if (ai->parameters) {
+ params_data.data = ai->parameters->data;
+ params_data.length = ai->parameters->length;
+ params = ¶ms_data;
+ } else
+ params = NULL;
+
+ {
+ hx509_crypto crypto;
+
+ ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto);
+ if (ret)
+ goto out;
+
+ if (params) {
+ ret = hx509_crypto_set_params(context, crypto, params, &ivec);
+ if (ret) {
+ hx509_crypto_destroy(crypto);
+ goto out;
+ }
+ }
+
+ ret = hx509_crypto_set_key_data(crypto, key.data, key.length);
+ if (ret) {
+ hx509_crypto_destroy(crypto);
+ hx509_set_error_string(context, 0, ret,
+ "Failed to set key for decryption "
+ "of EnvelopedData");
+ goto out;
+ }
+
+ ret = hx509_crypto_decrypt(crypto,
+ enccontent->data,
+ enccontent->length,
+ ivec.length ? &ivec : NULL,
+ content);
+ hx509_crypto_destroy(crypto);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decrypt EnvelopedData");
+ goto out;
+ }
+ }
+
+out:
+
+ free_EnvelopedData(&ed);
+ der_free_octet_string(&key);
+ if (ivec.length)
+ der_free_octet_string(&ivec);
+ if (ret) {
+ der_free_oid(contentType);
+ der_free_octet_string(content);
+ }
+
+ return ret;
+}
+
+/**
+ * Encrypt end encode EnvelopedData.
+ *
+ * Encrypt and encode EnvelopedData. The data is encrypted with a
+ * random key and the the random key is encrypted with the
+ * certificates private key. This limits what private key type can be
+ * used to RSA.
+ *
+ * @param context A hx509 context.
+ * @param flags flags to control the behavior, no flags today
+ * @param cert Certificate to encrypt the EnvelopedData encryption key
+ * with.
+ * @param data pointer the data to encrypt.
+ * @param length length of the data that data point to.
+ * @param encryption_type Encryption cipher to use for the bulk data,
+ * use NULL to get default.
+ * @param contentType type of the data that is encrypted
+ * @param content the output of the function,
+ * free with der_free_octet_string().
+ *
+ * @ingroup hx509_cms
+ */
+
+int
+hx509_cms_envelope_1(hx509_context context,
+ int flags,
+ hx509_cert cert,
+ const void *data,
+ size_t length,
+ const heim_oid *encryption_type,
+ const heim_oid *contentType,
+ heim_octet_string *content)
+{
+ KeyTransRecipientInfo *ri;
+ heim_octet_string ivec;
+ heim_octet_string key;
+ hx509_crypto crypto = NULL;
+ EnvelopedData ed;
+ size_t size;
+ int ret;
+
+ memset(&ivec, 0, sizeof(ivec));
+ memset(&key, 0, sizeof(key));
+ memset(&ed, 0, sizeof(ed));
+ memset(content, 0, sizeof(*content));
+
+ if (encryption_type == NULL)
+ encryption_type = oid_id_aes_256_cbc();
+
+ ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE);
+ if (ret)
+ goto out;
+
+ ret = hx509_crypto_init(context, NULL, encryption_type, &crypto);
+ if (ret)
+ goto out;
+
+ ret = hx509_crypto_set_random_key(crypto, &key);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Create random key for EnvelopedData content");
+ goto out;
+ }
+
+ ret = hx509_crypto_random_iv(crypto, &ivec);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to create a random iv");
+ goto out;
+ }
+
+ ret = hx509_crypto_encrypt(crypto,
+ data,
+ length,
+ &ivec,
+ &ed.encryptedContentInfo.encryptedContent);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to encrypt EnvelopedData content");
+ goto out;
+ }
+
+ {
+ AlgorithmIdentifier *enc_alg;
+ enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
+ ret = der_copy_oid(encryption_type, &enc_alg->algorithm);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to set crypto oid "
+ "for EnvelopedData");
+ goto out;
+ }
+ ALLOC(enc_alg->parameters, 1);
+ if (enc_alg->parameters == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret,
+ "Failed to allocate crypto paramaters "
+ "for EnvelopedData");
+ goto out;
+ }
+
+ ret = hx509_crypto_get_params(context,
+ crypto,
+ &ivec,
+ enc_alg->parameters);
+ if (ret) {
+ goto out;
+ }
+ }
+
+ ALLOC_SEQ(&ed.recipientInfos, 1);
+ if (ed.recipientInfos.val == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret,
+ "Failed to allocate recipients info "
+ "for EnvelopedData");
+ goto out;
+ }
+
+ ri = &ed.recipientInfos.val[0];
+
+ ri->version = 0;
+ ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to set CMS identifier info "
+ "for EnvelopedData");
+ goto out;
+ }
+
+ ret = _hx509_cert_public_encrypt(context,
+ &key, cert,
+ &ri->keyEncryptionAlgorithm.algorithm,
+ &ri->encryptedKey);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to encrypt transport key for "
+ "EnvelopedData");
+ goto out;
+ }
+
+ /*
+ *
+ */
+
+ ed.version = 0;
+ ed.originatorInfo = NULL;
+
+ ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy content oid for "
+ "EnvelopedData");
+ goto out;
+ }
+
+ ed.unprotectedAttrs = NULL;
+
+ ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length,
+ &ed, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to encode EnvelopedData");
+ goto out;
+ }
+ if (size != content->length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+out:
+ if (crypto)
+ hx509_crypto_destroy(crypto);
+ if (ret)
+ der_free_octet_string(content);
+ der_free_octet_string(&key);
+ der_free_octet_string(&ivec);
+ free_EnvelopedData(&ed);
+
+ return ret;
+}
+
+static int
+any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
+{
+ int ret, i;
+
+ if (sd->certificates == NULL)
+ return 0;
+
+ for (i = 0; i < sd->certificates->len; i++) {
+ hx509_cert c;
+
+ ret = hx509_cert_init_data(context,
+ sd->certificates->val[i].data,
+ sd->certificates->val[i].length,
+ &c);
+ if (ret)
+ return ret;
+ ret = hx509_certs_add(context, certs, c);
+ hx509_cert_free(c);
+ if (ret)
+ return ret;
+ }
+
+ return 0;
+}
+
+static const Attribute *
+find_attribute(const CMSAttributes *attr, const heim_oid *oid)
+{
+ int i;
+ for (i = 0; i < attr->len; i++)
+ if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
+ return &attr->val[i];
+ return NULL;
+}
+
+/**
+ * Decode SignedData and verify that the signature is correct.
+ *
+ * @param context A hx509 context.
+ * @param ctx a hx509 version context
+ * @param data
+ * @param length length of the data that data point to.
+ * @param signedContent
+ * @param pool certificate pool to build certificates paths.
+ * @param contentType free with der_free_oid()
+ * @param content the output of the function, free with
+ * der_free_octet_string().
+ * @param signer_certs list of the cerficates used to sign this
+ * request, free with hx509_certs_free().
+ *
+ * @ingroup hx509_cms
+ */
+
+int
+hx509_cms_verify_signed(hx509_context context,
+ hx509_verify_ctx ctx,
+ const void *data,
+ size_t length,
+ const heim_octet_string *signedContent,
+ hx509_certs pool,
+ heim_oid *contentType,
+ heim_octet_string *content,
+ hx509_certs *signer_certs)
+{
+ SignerInfo *signer_info;
+ hx509_cert cert = NULL;
+ hx509_certs certs = NULL;
+ SignedData sd;
+ size_t size;
+ int ret, i, found_valid_sig;
+
+ *signer_certs = NULL;
+ content->data = NULL;
+ content->length = 0;
+ contentType->length = 0;
+ contentType->components = NULL;
+
+ memset(&sd, 0, sizeof(sd));
+
+ ret = decode_SignedData(data, length, &sd, &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decode SignedData");
+ goto out;
+ }
+
+ if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) {
+ ret = HX509_CMS_NO_DATA_AVAILABLE;
+ hx509_set_error_string(context, 0, ret,
+ "No content data in SignedData");
+ goto out;
+ }
+ if (sd.encapContentInfo.eContent && signedContent) {
+ ret = HX509_CMS_NO_DATA_AVAILABLE;
+ hx509_set_error_string(context, 0, ret,
+ "Both external and internal SignedData");
+ goto out;
+ }
+ if (sd.encapContentInfo.eContent)
+ signedContent = sd.encapContentInfo.eContent;
+
+ ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer",
+ 0, NULL, &certs);
+ if (ret)
+ goto out;
+
+ ret = hx509_certs_init(context, "MEMORY:cms-signer-certs",
+ 0, NULL, signer_certs);
+ if (ret)
+ goto out;
+
+ /* XXX Check CMS version */
+
+ ret = any_to_certs(context, &sd, certs);
+ if (ret)
+ goto out;
+
+ if (pool) {
+ ret = hx509_certs_merge(context, certs, pool);
+ if (ret)
+ goto out;
+ }
+
+ for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) {
+ heim_octet_string *signed_data;
+ const heim_oid *match_oid;
+ heim_oid decode_oid;
+
+ signer_info = &sd.signerInfos.val[i];
+ match_oid = NULL;
+
+ if (signer_info->signature.length == 0) {
+ ret = HX509_CMS_MISSING_SIGNER_DATA;
+ hx509_set_error_string(context, 0, ret,
+ "SignerInfo %d in SignedData "
+ "missing sigature", i);
+ continue;
+ }
+
+ ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
+ HX509_QUERY_KU_DIGITALSIGNATURE);
+ if (ret)
+ continue;
+
+ if (signer_info->signedAttrs) {
+ const Attribute *attr;
+
+ CMSAttributes sa;
+ heim_octet_string os;
+
+ sa.val = signer_info->signedAttrs->val;
+ sa.len = signer_info->signedAttrs->len;
+
+ /* verify that sigature exists */
+ attr = find_attribute(&sa, oid_id_pkcs9_messageDigest());
+ if (attr == NULL) {
+ ret = HX509_CRYPTO_SIGNATURE_MISSING;
+ hx509_set_error_string(context, 0, ret,
+ "SignerInfo have signed attributes "
+ "but messageDigest (signature) "
+ "is missing");
+ goto next_sigature;
+ }
+ if (attr->value.len != 1) {
+ ret = HX509_CRYPTO_SIGNATURE_MISSING;
+ hx509_set_error_string(context, 0, ret,
+ "SignerInfo have more then one "
+ "messageDigest (signature)");
+ goto next_sigature;
+ }
+
+ ret = decode_MessageDigest(attr->value.val[0].data,
+ attr->value.val[0].length,
+ &os,
+ &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decode "
+ "messageDigest (signature)");
+ goto next_sigature;
+ }
+
+ ret = _hx509_verify_signature(context,
+ NULL,
+ &signer_info->digestAlgorithm,
+ signedContent,
+ &os);
+ der_free_octet_string(&os);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to verify messageDigest");
+ goto next_sigature;
+ }
+
+ /*
+ * Fetch content oid inside signedAttrs or set it to
+ * id-pkcs7-data.
+ */
+ attr = find_attribute(&sa, oid_id_pkcs9_contentType());
+ if (attr == NULL) {
+ match_oid = oid_id_pkcs7_data();
+ } else {
+ if (attr->value.len != 1) {
+ ret = HX509_CMS_DATA_OID_MISMATCH;
+ hx509_set_error_string(context, 0, ret,
+ "More then one oid in signedAttrs");
+ goto next_sigature;
+
+ }
+ ret = decode_ContentType(attr->value.val[0].data,
+ attr->value.val[0].length,
+ &decode_oid,
+ &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decode "
+ "oid in signedAttrs");
+ goto next_sigature;
+ }
+ match_oid = &decode_oid;
+ }
+
+ ALLOC(signed_data, 1);
+ if (signed_data == NULL) {
+ if (match_oid == &decode_oid)
+ der_free_oid(&decode_oid);
+ ret = ENOMEM;
+ hx509_clear_error_string(context);
+ goto next_sigature;
+ }
+
+ ASN1_MALLOC_ENCODE(CMSAttributes,
+ signed_data->data,
+ signed_data->length,
+ &sa,
+ &size, ret);
+ if (ret) {
+ if (match_oid == &decode_oid)
+ der_free_oid(&decode_oid);
+ free(signed_data);
+ hx509_clear_error_string(context);
+ goto next_sigature;
+ }
+ if (size != signed_data->length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ } else {
+ signed_data = rk_UNCONST(signedContent);
+ match_oid = oid_id_pkcs7_data();
+ }
+
+ if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) {
+ ret = HX509_CMS_DATA_OID_MISMATCH;
+ hx509_set_error_string(context, 0, ret,
+ "Oid in message mismatch from the expected");
+ }
+ if (match_oid == &decode_oid)
+ der_free_oid(&decode_oid);
+
+ if (ret == 0) {
+ ret = hx509_verify_signature(context,
+ cert,
+ &signer_info->signatureAlgorithm,
+ signed_data,
+ &signer_info->signature);
+ if (ret)
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to verify sigature in "
+ "CMS SignedData");
+ }
+ if (signed_data != signedContent) {
+ der_free_octet_string(signed_data);
+ free(signed_data);
+ }
+ if (ret)
+ goto next_sigature;
+
+ ret = hx509_verify_path(context, ctx, cert, certs);
+ if (ret)
+ goto next_sigature;
+
+ ret = hx509_certs_add(context, *signer_certs, cert);
+ if (ret)
+ goto next_sigature;
+
+ found_valid_sig++;
+
+ next_sigature:
+ if (cert)
+ hx509_cert_free(cert);
+ cert = NULL;
+ }
+ if (found_valid_sig == 0) {
+ if (ret == 0) {
+ ret = HX509_CMS_SIGNER_NOT_FOUND;
+ hx509_set_error_string(context, 0, ret,
+ "No signers where found");
+ }
+ goto out;
+ }
+
+ ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ content->data = malloc(signedContent->length);
+ if (content->data == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+ content->length = signedContent->length;
+ memcpy(content->data, signedContent->data, content->length);
+
+out:
+ free_SignedData(&sd);
+ if (certs)
+ hx509_certs_free(&certs);
+ if (ret) {
+ if (*signer_certs)
+ hx509_certs_free(signer_certs);
+ der_free_oid(contentType);
+ der_free_octet_string(content);
+ }
+
+ return ret;
+}
+
+static int
+add_one_attribute(Attribute **attr,
+ unsigned int *len,
+ const heim_oid *oid,
+ heim_octet_string *data)
+{
+ void *d;
+ int ret;
+
+ d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1));
+ if (d == NULL)
+ return ENOMEM;
+ (*attr) = d;
+
+ ret = der_copy_oid(oid, &(*attr)[*len].type);
+ if (ret)
+ return ret;
+
+ ALLOC_SEQ(&(*attr)[*len].value, 1);
+ if ((*attr)[*len].value.val == NULL) {
+ der_free_oid(&(*attr)[*len].type);
+ return ENOMEM;
+ }
+
+ (*attr)[*len].value.val[0].data = data->data;
+ (*attr)[*len].value.val[0].length = data->length;
+
+ *len += 1;
+
+ return 0;
+}
+
+/**
+ * Decode SignedData and verify that the signature is correct.
+ *
+ * @param context A hx509 context.
+ * @param flags
+ * @param eContentType the type of the data.
+ * @param data data to sign
+ * @param length length of the data that data point to.
+ * @param digest_alg digest algorithm to use, use NULL to get the
+ * default or the peer determined algorithm.
+ * @param cert certificate to use for sign the data.
+ * @param peer info about the peer the message to send the message to,
+ * like what digest algorithm to use.
+ * @param anchors trust anchors that the client will use, used to
+ * polulate the certificates included in the message
+ * @param pool certificates to use in try to build the path to the
+ * trust anchors.
+ * @param signed_data the output of the function, free with
+ * der_free_octet_string().
+ *
+ * @ingroup hx509_cms
+ */
+
+int
+hx509_cms_create_signed_1(hx509_context context,
+ int flags,
+ const heim_oid *eContentType,
+ const void *data, size_t length,
+ const AlgorithmIdentifier *digest_alg,
+ hx509_cert cert,
+ hx509_peer_info peer,
+ hx509_certs anchors,
+ hx509_certs pool,
+ heim_octet_string *signed_data)
+{
+ AlgorithmIdentifier digest;
+ hx509_name name;
+ SignerInfo *signer_info;
+ heim_octet_string buf, content, sigdata = { 0, NULL };
+ SignedData sd;
+ int ret;
+ size_t size;
+ hx509_path path;
+ int cmsidflag = CMS_ID_SKI;
+
+ memset(&sd, 0, sizeof(sd));
+ memset(&name, 0, sizeof(name));
+ memset(&path, 0, sizeof(path));
+ memset(&digest, 0, sizeof(digest));
+
+ content.data = rk_UNCONST(data);
+ content.length = length;
+
+ if (flags & HX509_CMS_SIGATURE_ID_NAME)
+ cmsidflag = CMS_ID_NAME;
+
+ if (_hx509_cert_private_key(cert) == NULL) {
+ hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
+ "Private key missing for signing");
+ return HX509_PRIVATE_KEY_MISSING;
+ }
+
+ if (digest_alg == NULL) {
+ ret = hx509_crypto_select(context, HX509_SELECT_DIGEST,
+ _hx509_cert_private_key(cert), peer, &digest);
+ } else {
+ ret = copy_AlgorithmIdentifier(digest_alg, &digest);
+ if (ret)
+ hx509_clear_error_string(context);
+ }
+ if (ret)
+ goto out;
+
+ sd.version = CMSVersion_v3;
+
+ if (eContentType == NULL)
+ eContentType = oid_id_pkcs7_data();
+
+ der_copy_oid(eContentType, &sd.encapContentInfo.eContentType);
+
+ /* */
+ if ((flags & HX509_CMS_SIGATURE_DETACHED) == 0) {
+ ALLOC(sd.encapContentInfo.eContent, 1);
+ if (sd.encapContentInfo.eContent == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ sd.encapContentInfo.eContent->data = malloc(length);
+ if (sd.encapContentInfo.eContent->data == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+ memcpy(sd.encapContentInfo.eContent->data, data, length);
+ sd.encapContentInfo.eContent->length = length;
+ }
+
+ ALLOC_SEQ(&sd.signerInfos, 1);
+ if (sd.signerInfos.val == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ signer_info = &sd.signerInfos.val[0];
+
+ signer_info->version = 1;
+
+ ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ signer_info->signedAttrs = NULL;
+ signer_info->unsignedAttrs = NULL;
+
+
+ ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ /*
+ * If it isn't pkcs7-data send signedAttributes
+ */
+
+ if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) {
+ CMSAttributes sa;
+ heim_octet_string sig;
+
+ ALLOC(signer_info->signedAttrs, 1);
+ if (signer_info->signedAttrs == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = _hx509_create_signature(context,
+ NULL,
+ &digest,
+ &content,
+ NULL,
+ &sig);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(MessageDigest,
+ buf.data,
+ buf.length,
+ &sig,
+ &size,
+ ret);
+ der_free_octet_string(&sig);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ if (size != buf.length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ ret = add_one_attribute(&signer_info->signedAttrs->val,
+ &signer_info->signedAttrs->len,
+ oid_id_pkcs9_messageDigest(),
+ &buf);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+
+ ASN1_MALLOC_ENCODE(ContentType,
+ buf.data,
+ buf.length,
+ eContentType,
+ &size,
+ ret);
+ if (ret)
+ goto out;
+ if (size != buf.length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ ret = add_one_attribute(&signer_info->signedAttrs->val,
+ &signer_info->signedAttrs->len,
+ oid_id_pkcs9_contentType(),
+ &buf);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ sa.val = signer_info->signedAttrs->val;
+ sa.len = signer_info->signedAttrs->len;
+
+ ASN1_MALLOC_ENCODE(CMSAttributes,
+ sigdata.data,
+ sigdata.length,
+ &sa,
+ &size,
+ ret);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ if (size != sigdata.length)
+ _hx509_abort("internal ASN.1 encoder error");
+ } else {
+ sigdata.data = content.data;
+ sigdata.length = content.length;
+ }
+
+
+ {
+ AlgorithmIdentifier sigalg;
+
+ ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG,
+ _hx509_cert_private_key(cert), peer,
+ &sigalg);
+ if (ret)
+ goto out;
+
+ ret = _hx509_create_signature(context,
+ _hx509_cert_private_key(cert),
+ &sigalg,
+ &sigdata,
+ &signer_info->signatureAlgorithm,
+ &signer_info->signature);
+ free_AlgorithmIdentifier(&sigalg);
+ if (ret)
+ goto out;
+ }
+
+ ALLOC_SEQ(&sd.digestAlgorithms, 1);
+ if (sd.digestAlgorithms.val == NULL) {
+ ret = ENOMEM;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ ret = copy_AlgorithmIdentifier(&digest, &sd.digestAlgorithms.val[0]);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ /*
+ * Provide best effort path
+ */
+ if (pool) {
+ _hx509_calculate_path(context,
+ HX509_CALCULATE_PATH_NO_ANCHOR,
+ time(NULL),
+ anchors,
+ 0,
+ cert,
+ pool,
+ &path);
+ } else
+ _hx509_path_append(context, &path, cert);
+
+
+ if (path.len) {
+ int i;
+
+ ALLOC(sd.certificates, 1);
+ if (sd.certificates == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+ ALLOC_SEQ(sd.certificates, path.len);
+ if (sd.certificates->val == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ for (i = 0; i < path.len; i++) {
+ ret = hx509_cert_binary(context, path.val[i],
+ &sd.certificates->val[i]);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(SignedData,
+ signed_data->data, signed_data->length,
+ &sd, &size, ret);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ if (signed_data->length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+
+out:
+ if (sigdata.data != content.data)
+ der_free_octet_string(&sigdata);
+ free_AlgorithmIdentifier(&digest);
+ _hx509_path_free(&path);
+ free_SignedData(&sd);
+
+ return ret;
+}
+
+int
+hx509_cms_decrypt_encrypted(hx509_context context,
+ hx509_lock lock,
+ const void *data,
+ size_t length,
+ heim_oid *contentType,
+ heim_octet_string *content)
+{
+ heim_octet_string cont;
+ CMSEncryptedData ed;
+ AlgorithmIdentifier *ai;
+ int ret;
+
+ memset(content, 0, sizeof(*content));
+ memset(&cont, 0, sizeof(cont));
+
+ ret = decode_CMSEncryptedData(data, length, &ed, NULL);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decode CMSEncryptedData");
+ return ret;
+ }
+
+ if (ed.encryptedContentInfo.encryptedContent == NULL) {
+ ret = HX509_CMS_NO_DATA_AVAILABLE;
+ hx509_set_error_string(context, 0, ret,
+ "No content in EncryptedData");
+ goto out;
+ }
+
+ ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
+ if (ai->parameters == NULL) {
+ ret = HX509_ALG_NOT_SUPP;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ ret = _hx509_pbe_decrypt(context,
+ lock,
+ ai,
+ ed.encryptedContentInfo.encryptedContent,
+ &cont);
+ if (ret)
+ goto out;
+
+ *content = cont;
+
+out:
+ if (ret) {
+ if (cont.data)
+ free(cont.data);
+ }
+ free_CMSEncryptedData(&ed);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/collector.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/collector.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/collector.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,329 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: collector.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct private_key {
+ AlgorithmIdentifier alg;
+ hx509_private_key private_key;
+ heim_octet_string localKeyId;
+};
+
+struct hx509_collector {
+ hx509_lock lock;
+ hx509_certs unenvelop_certs;
+ hx509_certs certs;
+ struct {
+ struct private_key **data;
+ size_t len;
+ } val;
+};
+
+
+int
+_hx509_collector_alloc(hx509_context context, hx509_lock lock, struct hx509_collector **collector)
+{
+ struct hx509_collector *c;
+ int ret;
+
+ *collector = NULL;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ c->lock = lock;
+
+ ret = hx509_certs_init(context, "MEMORY:collector-unenvelop-cert",
+ 0,NULL, &c->unenvelop_certs);
+ if (ret) {
+ free(c);
+ return ret;
+ }
+ c->val.data = NULL;
+ c->val.len = 0;
+ ret = hx509_certs_init(context, "MEMORY:collector-tmp-store",
+ 0, NULL, &c->certs);
+ if (ret) {
+ hx509_certs_free(&c->unenvelop_certs);
+ free(c);
+ return ret;
+ }
+
+ *collector = c;
+ return 0;
+}
+
+hx509_lock
+_hx509_collector_get_lock(struct hx509_collector *c)
+{
+ return c->lock;
+}
+
+
+int
+_hx509_collector_certs_add(hx509_context context,
+ struct hx509_collector *c,
+ hx509_cert cert)
+{
+ return hx509_certs_add(context, c->certs, cert);
+}
+
+static void
+free_private_key(struct private_key *key)
+{
+ free_AlgorithmIdentifier(&key->alg);
+ if (key->private_key)
+ _hx509_private_key_free(&key->private_key);
+ der_free_octet_string(&key->localKeyId);
+ free(key);
+}
+
+int
+_hx509_collector_private_key_add(hx509_context context,
+ struct hx509_collector *c,
+ const AlgorithmIdentifier *alg,
+ hx509_private_key private_key,
+ const heim_octet_string *key_data,
+ const heim_octet_string *localKeyId)
+{
+ struct private_key *key;
+ void *d;
+ int ret;
+
+ key = calloc(1, sizeof(*key));
+ if (key == NULL)
+ return ENOMEM;
+
+ d = realloc(c->val.data, (c->val.len + 1) * sizeof(c->val.data[0]));
+ if (d == NULL) {
+ free(key);
+ hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
+ return ENOMEM;
+ }
+ c->val.data = d;
+
+ ret = copy_AlgorithmIdentifier(alg, &key->alg);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to copy "
+ "AlgorithmIdentifier");
+ goto out;
+ }
+ if (private_key) {
+ key->private_key = private_key;
+ } else {
+ ret = _hx509_parse_private_key(context, &alg->algorithm,
+ key_data->data, key_data->length,
+ &key->private_key);
+ if (ret)
+ goto out;
+ }
+ if (localKeyId) {
+ ret = der_copy_octet_string(localKeyId, &key->localKeyId);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to copy localKeyId");
+ goto out;
+ }
+ } else
+ memset(&key->localKeyId, 0, sizeof(key->localKeyId));
+
+ c->val.data[c->val.len] = key;
+ c->val.len++;
+
+out:
+ if (ret)
+ free_private_key(key);
+
+ return ret;
+}
+
+static int
+match_localkeyid(hx509_context context,
+ struct private_key *value,
+ hx509_certs certs)
+{
+ hx509_cert cert;
+ hx509_query q;
+ int ret;
+
+ if (value->localKeyId.length == 0) {
+ hx509_set_error_string(context, 0, HX509_LOCAL_ATTRIBUTE_MISSING,
+ "No local key attribute on private key");
+ return HX509_LOCAL_ATTRIBUTE_MISSING;
+ }
+
+ _hx509_query_clear(&q);
+ q.match |= HX509_QUERY_MATCH_LOCAL_KEY_ID;
+
+ q.local_key_id = &value->localKeyId;
+
+ ret = hx509_certs_find(context, certs, &q, &cert);
+ if (ret == 0) {
+
+ if (value->private_key)
+ _hx509_cert_assign_key(cert, value->private_key);
+ hx509_cert_free(cert);
+ }
+ return ret;
+}
+
+static int
+match_keys(hx509_context context, struct private_key *value, hx509_certs certs)
+{
+ hx509_cursor cursor;
+ hx509_cert c;
+ int ret, found = HX509_CERT_NOT_FOUND;
+
+ if (value->private_key == NULL) {
+ hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
+ "No private key to compare with");
+ return HX509_PRIVATE_KEY_MISSING;
+ }
+
+ ret = hx509_certs_start_seq(context, certs, &cursor);
+ if (ret)
+ return ret;
+
+ c = NULL;
+ while (1) {
+ ret = hx509_certs_next_cert(context, certs, cursor, &c);
+ if (ret)
+ break;
+ if (c == NULL)
+ break;
+ if (_hx509_cert_private_key(c)) {
+ hx509_cert_free(c);
+ continue;
+ }
+
+ ret = _hx509_match_keys(c, value->private_key);
+ if (ret) {
+ _hx509_cert_assign_key(c, value->private_key);
+ hx509_cert_free(c);
+ found = 0;
+ break;
+ }
+ hx509_cert_free(c);
+ }
+
+ hx509_certs_end_seq(context, certs, cursor);
+
+ if (found)
+ hx509_clear_error_string(context);
+
+ return found;
+}
+
+int
+_hx509_collector_collect_certs(hx509_context context,
+ struct hx509_collector *c,
+ hx509_certs *ret_certs)
+{
+ hx509_certs certs;
+ int ret, i;
+
+ *ret_certs = NULL;
+
+ ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs);
+ if (ret)
+ return ret;
+
+ ret = hx509_certs_merge(context, certs, c->certs);
+ if (ret) {
+ hx509_certs_free(&certs);
+ return ret;
+ }
+
+ for (i = 0; i < c->val.len; i++) {
+ ret = match_localkeyid(context, c->val.data[i], certs);
+ if (ret == 0)
+ continue;
+ ret = match_keys(context, c->val.data[i], certs);
+ if (ret == 0)
+ continue;
+ }
+
+ *ret_certs = certs;
+
+ return 0;
+}
+
+int
+_hx509_collector_collect_private_keys(hx509_context context,
+ struct hx509_collector *c,
+ hx509_private_key **keys)
+{
+ int i, nkeys;
+
+ *keys = NULL;
+
+ for (i = 0, nkeys = 0; i < c->val.len; i++)
+ if (c->val.data[i]->private_key)
+ nkeys++;
+
+ *keys = calloc(nkeys + 1, sizeof(**keys));
+ if (*keys == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ for (i = 0, nkeys = 0; i < c->val.len; i++) {
+ if (c->val.data[i]->private_key) {
+ (*keys)[nkeys++] = c->val.data[i]->private_key;
+ c->val.data[i]->private_key = NULL;
+ }
+ }
+ (*keys)[nkeys++] = NULL;
+
+ return 0;
+}
+
+
+void
+_hx509_collector_free(struct hx509_collector *c)
+{
+ int i;
+
+ if (c->unenvelop_certs)
+ hx509_certs_free(&c->unenvelop_certs);
+ if (c->certs)
+ hx509_certs_free(&c->certs);
+ for (i = 0; i < c->val.len; i++)
+ free_private_key(c->val.data[i]);
+ if (c->val.data)
+ free(c->val.data);
+ free(c);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/crmf.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/crmf.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/crmf.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,113 @@
+-- $Id: crmf.asn1,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+PKCS10 DEFINITIONS ::=
+
+BEGIN
+
+IMPORTS
+ Time,
+ GeneralName,
+ SubjectPublicKeyInfo,
+ RelativeDistinguishedName,
+ AttributeTypeAndValue,
+ Extension,
+ AlgorithmIdentifier
+ FROM rfc2459
+ heim_any
+ FROM heim;
+
+CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+Controls ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue
+
+-- XXX IMPLICIT brokenness
+POPOSigningKey ::= SEQUENCE {
+ poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
+ algorithmIdentifier AlgorithmIdentifier,
+ signature BIT STRING }
+
+PKMACValue ::= SEQUENCE {
+ algId AlgorithmIdentifier,
+ value BIT STRING
+}
+
+-- XXX IMPLICIT brokenness
+POPOSigningKeyInput ::= SEQUENCE {
+ authInfo CHOICE {
+ sender [0] IMPLICIT GeneralName,
+ publicKeyMAC PKMACValue
+ },
+ publicKey SubjectPublicKeyInfo
+} -- from CertTemplate
+
+
+PBMParameter ::= SEQUENCE {
+ salt OCTET STRING,
+ owf AlgorithmIdentifier,
+ iterationCount INTEGER,
+ mac AlgorithmIdentifier
+}
+
+SubsequentMessage ::= INTEGER {
+ encrCert (0),
+ challengeResp (1)
+}
+
+-- XXX IMPLICIT brokenness
+POPOPrivKey ::= CHOICE {
+ thisMessage [0] BIT STRING, -- Deprecated
+ subsequentMessage [1] IMPLICIT SubsequentMessage,
+ dhMAC [2] BIT STRING, -- Deprecated
+ agreeMAC [3] IMPLICIT PKMACValue,
+ encryptedKey [4] heim_any
+}
+
+-- XXX IMPLICIT brokenness
+ProofOfPossession ::= CHOICE {
+ raVerified [0] NULL,
+ signature [1] POPOSigningKey,
+ keyEncipherment [2] POPOPrivKey,
+ keyAgreement [3] POPOPrivKey
+}
+
+CertTemplate ::= SEQUENCE {
+ version [0] INTEGER OPTIONAL,
+ serialNumber [1] INTEGER OPTIONAL,
+ signingAlg [2] SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters heim_any OPTIONAL
+ } -- AlgorithmIdentifier -- OPTIONAL,
+ issuer [3] IMPLICIT CHOICE {
+ rdnSequence CRMFRDNSequence
+ } -- Name -- OPTIONAL,
+ validity [4] SEQUENCE {
+ notBefore [0] Time OPTIONAL,
+ notAfter [1] Time OPTIONAL
+ } -- OptionalValidity -- OPTIONAL,
+ subject [5] IMPLICIT CHOICE {
+ rdnSequence CRMFRDNSequence
+ } -- Name -- OPTIONAL,
+ publicKey [6] IMPLICIT SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING OPTIONAL
+ } -- SubjectPublicKeyInfo -- OPTIONAL,
+ issuerUID [7] IMPLICIT BIT STRING OPTIONAL,
+ subjectUID [8] IMPLICIT BIT STRING OPTIONAL,
+ extensions [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
+}
+
+CertRequest ::= SEQUENCE {
+ certReqId INTEGER,
+ certTemplate CertTemplate,
+ controls Controls OPTIONAL
+}
+
+CertReqMsg ::= SEQUENCE {
+ certReq CertRequest,
+ popo ProofOfPossession OPTIONAL,
+ regInfo SEQUENCE OF AttributeTypeAndValue OPTIONAL }
+
+CertReqMessages ::= SEQUENCE OF CertReqMsg
+
+
+END
+
Added: vendor-crypto/heimdal/dist/lib/hx509/crypto.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/crypto.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/crypto.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2706 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: crypto.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct hx509_crypto;
+
+struct signature_alg;
+
+enum crypto_op_type {
+ COT_SIGN
+};
+
+struct hx509_generate_private_context {
+ const heim_oid *key_oid;
+ int isCA;
+ unsigned long num_bits;
+};
+
+struct hx509_private_key_ops {
+ const char *pemtype;
+ const heim_oid *(*key_oid)(void);
+ int (*get_spki)(hx509_context,
+ const hx509_private_key,
+ SubjectPublicKeyInfo *);
+ int (*export)(hx509_context context,
+ const hx509_private_key,
+ heim_octet_string *);
+ int (*import)(hx509_context,
+ const void *data,
+ size_t len,
+ hx509_private_key private_key);
+ int (*generate_private_key)(hx509_context,
+ struct hx509_generate_private_context *,
+ hx509_private_key);
+ BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
+ int (*handle_alg)(const hx509_private_key,
+ const AlgorithmIdentifier *,
+ enum crypto_op_type);
+ int (*sign)(hx509_context context,
+ const hx509_private_key,
+ const AlgorithmIdentifier *,
+ const heim_octet_string *,
+ AlgorithmIdentifier *,
+ heim_octet_string *);
+#if 0
+ const AlgorithmIdentifier *(*preferred_sig_alg)
+ (const hx509_private_key,
+ const hx509_peer_info);
+ int (*unwrap)(hx509_context context,
+ const hx509_private_key,
+ const AlgorithmIdentifier *,
+ const heim_octet_string *,
+ heim_octet_string *);
+#endif
+};
+
+struct hx509_private_key {
+ unsigned int ref;
+ const struct signature_alg *md;
+ const heim_oid *signature_alg;
+ union {
+ RSA *rsa;
+ void *keydata;
+ } private_key;
+ /* new crypto layer */
+ hx509_private_key_ops *ops;
+};
+
+/*
+ *
+ */
+
+struct signature_alg {
+ const char *name;
+ const heim_oid *(*sig_oid)(void);
+ const AlgorithmIdentifier *(*sig_alg)(void);
+ const heim_oid *(*key_oid)(void);
+ const heim_oid *(*digest_oid)(void);
+ int flags;
+#define PROVIDE_CONF 1
+#define REQUIRE_SIGNER 2
+
+#define SIG_DIGEST 0x100
+#define SIG_PUBLIC_SIG 0x200
+#define SIG_SECRET 0x400
+
+#define RA_RSA_USES_DIGEST_INFO 0x1000000
+
+
+ int (*verify_signature)(hx509_context context,
+ const struct signature_alg *,
+ const Certificate *,
+ const AlgorithmIdentifier *,
+ const heim_octet_string *,
+ const heim_octet_string *);
+ int (*create_signature)(hx509_context,
+ const struct signature_alg *,
+ const hx509_private_key,
+ const AlgorithmIdentifier *,
+ const heim_octet_string *,
+ AlgorithmIdentifier *,
+ heim_octet_string *);
+};
+
+/*
+ *
+ */
+
+static BIGNUM *
+heim_int2BN(const heim_integer *i)
+{
+ BIGNUM *bn;
+
+ bn = BN_bin2bn(i->data, i->length, NULL);
+ BN_set_negative(bn, i->negative);
+ return bn;
+}
+
+/*
+ *
+ */
+
+static int
+set_digest_alg(DigestAlgorithmIdentifier *id,
+ const heim_oid *oid,
+ const void *param, size_t length)
+{
+ int ret;
+ if (param) {
+ id->parameters = malloc(sizeof(*id->parameters));
+ if (id->parameters == NULL)
+ return ENOMEM;
+ id->parameters->data = malloc(length);
+ if (id->parameters->data == NULL) {
+ free(id->parameters);
+ id->parameters = NULL;
+ return ENOMEM;
+ }
+ memcpy(id->parameters->data, param, length);
+ id->parameters->length = length;
+ } else
+ id->parameters = NULL;
+ ret = der_copy_oid(oid, &id->algorithm);
+ if (ret) {
+ if (id->parameters) {
+ free(id->parameters->data);
+ free(id->parameters);
+ id->parameters = NULL;
+ }
+ return ret;
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+rsa_verify_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ const SubjectPublicKeyInfo *spi;
+ DigestInfo di;
+ unsigned char *to;
+ int tosize, retsize;
+ int ret;
+ RSA *rsa;
+ RSAPublicKey pk;
+ size_t size;
+
+ memset(&di, 0, sizeof(di));
+
+ spi = &signer->tbsCertificate.subjectPublicKeyInfo;
+
+ rsa = RSA_new();
+ if (rsa == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
+ spi->subjectPublicKey.length / 8,
+ &pk, &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");
+ goto out;
+ }
+
+ rsa->n = heim_int2BN(&pk.modulus);
+ rsa->e = heim_int2BN(&pk.publicExponent);
+
+ free_RSAPublicKey(&pk);
+
+ if (rsa->n == NULL || rsa->e == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ tosize = RSA_size(rsa);
+ to = malloc(tosize);
+ if (to == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
+ to, rsa, RSA_PKCS1_PADDING);
+ if (retsize <= 0) {
+ ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
+ hx509_set_error_string(context, 0, ret,
+ "RSA public decrypt failed: %d", retsize);
+ free(to);
+ goto out;
+ }
+ if (retsize > tosize)
+ _hx509_abort("internal rsa decryption failure: ret > tosize");
+
+ if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
+
+ ret = decode_DigestInfo(to, retsize, &di, &size);
+ free(to);
+ if (ret) {
+ goto out;
+ }
+
+ /* Check for extra data inside the sigature */
+ if (size != retsize) {
+ ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
+ hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
+ goto out;
+ }
+
+ if (sig_alg->digest_oid &&
+ der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
+ (*sig_alg->digest_oid)()) != 0)
+ {
+ ret = HX509_CRYPTO_OID_MISMATCH;
+ hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
+ goto out;
+ }
+
+ /* verify that the parameters are NULL or the NULL-type */
+ if (di.digestAlgorithm.parameters != NULL &&
+ (di.digestAlgorithm.parameters->length != 2 ||
+ memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
+ {
+ ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
+ hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
+ goto out;
+ }
+
+ ret = _hx509_verify_signature(context,
+ NULL,
+ &di.digestAlgorithm,
+ data,
+ &di.digest);
+ } else {
+ if (retsize != data->length ||
+ memcmp(to, data->data, retsize) != 0)
+ {
+ ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
+ hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
+ goto out;
+ }
+ free(to);
+ }
+
+ out:
+ free_DigestInfo(&di);
+ RSA_free(rsa);
+ return ret;
+}
+
+static int
+rsa_create_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const hx509_private_key signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ AlgorithmIdentifier *signatureAlgorithm,
+ heim_octet_string *sig)
+{
+ const AlgorithmIdentifier *digest_alg;
+ heim_octet_string indata;
+ const heim_oid *sig_oid;
+ size_t size;
+ int ret;
+
+ if (alg)
+ sig_oid = &alg->algorithm;
+ else
+ sig_oid = signer->signature_alg;
+
+ if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) {
+ digest_alg = hx509_signature_sha256();
+ } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) {
+ digest_alg = hx509_signature_sha1();
+ } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
+ digest_alg = hx509_signature_md5();
+ } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
+ digest_alg = hx509_signature_md5();
+ } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) {
+ digest_alg = hx509_signature_sha1();
+ } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) {
+ digest_alg = hx509_signature_sha1();
+ } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) {
+ digest_alg = NULL;
+ } else
+ return HX509_ALG_NOT_SUPP;
+
+ if (signatureAlgorithm) {
+ ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ }
+
+ if (digest_alg) {
+ DigestInfo di;
+ memset(&di, 0, sizeof(di));
+
+ ret = _hx509_create_signature(context,
+ NULL,
+ digest_alg,
+ data,
+ &di.digestAlgorithm,
+ &di.digest);
+ if (ret)
+ return ret;
+ ASN1_MALLOC_ENCODE(DigestInfo,
+ indata.data,
+ indata.length,
+ &di,
+ &size,
+ ret);
+ free_DigestInfo(&di);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ return ret;
+ }
+ if (indata.length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+ } else {
+ indata = *data;
+ }
+
+ sig->length = RSA_size(signer->private_key.rsa);
+ sig->data = malloc(sig->length);
+ if (sig->data == NULL) {
+ der_free_octet_string(&indata);
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ ret = RSA_private_encrypt(indata.length, indata.data,
+ sig->data,
+ signer->private_key.rsa,
+ RSA_PKCS1_PADDING);
+ if (indata.data != data->data)
+ der_free_octet_string(&indata);
+ if (ret <= 0) {
+ ret = HX509_CMS_FAILED_CREATE_SIGATURE;
+ hx509_set_error_string(context, 0, ret,
+ "RSA private decrypt failed: %d", ret);
+ return ret;
+ }
+ if (ret > sig->length)
+ _hx509_abort("RSA signature prelen longer the output len");
+
+ sig->length = ret;
+
+ return 0;
+}
+
+static int
+rsa_private_key_import(hx509_context context,
+ const void *data,
+ size_t len,
+ hx509_private_key private_key)
+{
+ const unsigned char *p = data;
+
+ private_key->private_key.rsa =
+ d2i_RSAPrivateKey(NULL, &p, len);
+ if (private_key->private_key.rsa == NULL) {
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "Failed to parse RSA key");
+ return HX509_PARSING_KEY_FAILED;
+ }
+ private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
+
+ return 0;
+}
+
+static int
+rsa_private_key2SPKI(hx509_context context,
+ hx509_private_key private_key,
+ SubjectPublicKeyInfo *spki)
+{
+ int len, ret;
+
+ memset(spki, 0, sizeof(*spki));
+
+ len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
+
+ spki->subjectPublicKey.data = malloc(len);
+ if (spki->subjectPublicKey.data == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
+ return ENOMEM;
+ }
+ spki->subjectPublicKey.length = len * 8;
+
+ ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(),
+ "\x05\x00", 2);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "malloc - out of memory");
+ free(spki->subjectPublicKey.data);
+ spki->subjectPublicKey.data = NULL;
+ spki->subjectPublicKey.length = 0;
+ return ret;
+ }
+
+ {
+ unsigned char *pp = spki->subjectPublicKey.data;
+ i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
+ }
+
+ return 0;
+}
+
+static int
+rsa_generate_private_key(hx509_context context,
+ struct hx509_generate_private_context *ctx,
+ hx509_private_key private_key)
+{
+ BIGNUM *e;
+ int ret;
+ unsigned long bits;
+
+ static const int default_rsa_e = 65537;
+ static const int default_rsa_bits = 1024;
+
+ private_key->private_key.rsa = RSA_new();
+ if (private_key->private_key.rsa == NULL) {
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "Failed to generate RSA key");
+ return HX509_PARSING_KEY_FAILED;
+ }
+
+ e = BN_new();
+ BN_set_word(e, default_rsa_e);
+
+ bits = default_rsa_bits;
+
+ if (ctx->num_bits)
+ bits = ctx->num_bits;
+ else if (ctx->isCA)
+ bits *= 2;
+
+ ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
+ BN_free(e);
+ if (ret != 1) {
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "Failed to generate RSA key");
+ return HX509_PARSING_KEY_FAILED;
+ }
+ private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
+
+ return 0;
+}
+
+static int
+rsa_private_key_export(hx509_context context,
+ const hx509_private_key key,
+ heim_octet_string *data)
+{
+ int ret;
+
+ data->data = NULL;
+ data->length = 0;
+
+ ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
+ if (ret <= 0) {
+ ret = EINVAL;
+ hx509_set_error_string(context, 0, ret,
+ "Private key is not exportable");
+ return ret;
+ }
+
+ data->data = malloc(ret);
+ if (data->data == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "malloc out of memory");
+ return ret;
+ }
+ data->length = ret;
+
+ {
+ unsigned char *p = data->data;
+ i2d_RSAPrivateKey(key->private_key.rsa, &p);
+ }
+
+ return 0;
+}
+
+static BIGNUM *
+rsa_get_internal(hx509_context context, hx509_private_key key, const char *type)
+{
+ if (strcasecmp(type, "rsa-modulus") == 0) {
+ return BN_dup(key->private_key.rsa->n);
+ } else if (strcasecmp(type, "rsa-exponent") == 0) {
+ return BN_dup(key->private_key.rsa->e);
+ } else
+ return NULL;
+}
+
+
+
+static hx509_private_key_ops rsa_private_key_ops = {
+ "RSA PRIVATE KEY",
+ oid_id_pkcs1_rsaEncryption,
+ rsa_private_key2SPKI,
+ rsa_private_key_export,
+ rsa_private_key_import,
+ rsa_generate_private_key,
+ rsa_get_internal
+};
+
+
+/*
+ *
+ */
+
+static int
+dsa_verify_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ const SubjectPublicKeyInfo *spi;
+ DSAPublicKey pk;
+ DSAParams param;
+ size_t size;
+ DSA *dsa;
+ int ret;
+
+ spi = &signer->tbsCertificate.subjectPublicKeyInfo;
+
+ dsa = DSA_new();
+ if (dsa == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
+ spi->subjectPublicKey.length / 8,
+ &pk, &size);
+ if (ret)
+ goto out;
+
+ dsa->pub_key = heim_int2BN(&pk);
+
+ free_DSAPublicKey(&pk);
+
+ if (dsa->pub_key == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ if (spi->algorithm.parameters == NULL) {
+ ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
+ hx509_set_error_string(context, 0, ret, "DSA parameters missing");
+ goto out;
+ }
+
+ ret = decode_DSAParams(spi->algorithm.parameters->data,
+ spi->algorithm.parameters->length,
+ ¶m,
+ &size);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
+ goto out;
+ }
+
+ dsa->p = heim_int2BN(¶m.p);
+ dsa->q = heim_int2BN(¶m.q);
+ dsa->g = heim_int2BN(¶m.g);
+
+ free_DSAParams(¶m);
+
+ if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ ret = DSA_verify(-1, data->data, data->length,
+ (unsigned char*)sig->data, sig->length,
+ dsa);
+ if (ret == 1)
+ ret = 0;
+ else if (ret == 0 || ret == -1) {
+ ret = HX509_CRYPTO_BAD_SIGNATURE;
+ hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
+ } else {
+ ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
+ hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
+ }
+
+ out:
+ DSA_free(dsa);
+
+ return ret;
+}
+
+#if 0
+static int
+dsa_parse_private_key(hx509_context context,
+ const void *data,
+ size_t len,
+ hx509_private_key private_key)
+{
+ const unsigned char *p = data;
+
+ private_key->private_key.dsa =
+ d2i_DSAPrivateKey(NULL, &p, len);
+ if (private_key->private_key.dsa == NULL)
+ return EINVAL;
+ private_key->signature_alg = oid_id_dsa_with_sha1();
+
+ return 0;
+/* else */
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "No support to parse DSA keys");
+ return HX509_PARSING_KEY_FAILED;
+}
+#endif
+
+
+static int
+sha1_verify_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ unsigned char digest[SHA_DIGEST_LENGTH];
+ SHA_CTX m;
+
+ if (sig->length != SHA_DIGEST_LENGTH) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
+ "SHA1 sigature have wrong length");
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+
+ SHA1_Init(&m);
+ SHA1_Update(&m, data->data, data->length);
+ SHA1_Final (digest, &m);
+
+ if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
+ "Bad SHA1 sigature");
+ return HX509_CRYPTO_BAD_SIGNATURE;
+ }
+
+ return 0;
+}
+
+static int
+sha256_create_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const hx509_private_key signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ AlgorithmIdentifier *signatureAlgorithm,
+ heim_octet_string *sig)
+{
+ SHA256_CTX m;
+
+ memset(sig, 0, sizeof(*sig));
+
+ if (signatureAlgorithm) {
+ int ret;
+ ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
+ "\x05\x00", 2);
+ if (ret)
+ return ret;
+ }
+
+
+ sig->data = malloc(SHA256_DIGEST_LENGTH);
+ if (sig->data == NULL) {
+ sig->length = 0;
+ return ENOMEM;
+ }
+ sig->length = SHA256_DIGEST_LENGTH;
+
+ SHA256_Init(&m);
+ SHA256_Update(&m, data->data, data->length);
+ SHA256_Final (sig->data, &m);
+
+ return 0;
+}
+
+static int
+sha256_verify_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ unsigned char digest[SHA256_DIGEST_LENGTH];
+ SHA256_CTX m;
+
+ if (sig->length != SHA256_DIGEST_LENGTH) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
+ "SHA256 sigature have wrong length");
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+
+ SHA256_Init(&m);
+ SHA256_Update(&m, data->data, data->length);
+ SHA256_Final (digest, &m);
+
+ if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
+ "Bad SHA256 sigature");
+ return HX509_CRYPTO_BAD_SIGNATURE;
+ }
+
+ return 0;
+}
+
+static int
+sha1_create_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const hx509_private_key signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ AlgorithmIdentifier *signatureAlgorithm,
+ heim_octet_string *sig)
+{
+ SHA_CTX m;
+
+ memset(sig, 0, sizeof(*sig));
+
+ if (signatureAlgorithm) {
+ int ret;
+ ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
+ "\x05\x00", 2);
+ if (ret)
+ return ret;
+ }
+
+
+ sig->data = malloc(SHA_DIGEST_LENGTH);
+ if (sig->data == NULL) {
+ sig->length = 0;
+ return ENOMEM;
+ }
+ sig->length = SHA_DIGEST_LENGTH;
+
+ SHA1_Init(&m);
+ SHA1_Update(&m, data->data, data->length);
+ SHA1_Final (sig->data, &m);
+
+ return 0;
+}
+
+static int
+md5_verify_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ unsigned char digest[MD5_DIGEST_LENGTH];
+ MD5_CTX m;
+
+ if (sig->length != MD5_DIGEST_LENGTH) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
+ "MD5 sigature have wrong length");
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+
+ MD5_Init(&m);
+ MD5_Update(&m, data->data, data->length);
+ MD5_Final (digest, &m);
+
+ if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
+ "Bad MD5 sigature");
+ return HX509_CRYPTO_BAD_SIGNATURE;
+ }
+
+ return 0;
+}
+
+static int
+md2_verify_signature(hx509_context context,
+ const struct signature_alg *sig_alg,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ unsigned char digest[MD2_DIGEST_LENGTH];
+ MD2_CTX m;
+
+ if (sig->length != MD2_DIGEST_LENGTH) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
+ "MD2 sigature have wrong length");
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+
+ MD2_Init(&m);
+ MD2_Update(&m, data->data, data->length);
+ MD2_Final (digest, &m);
+
+ if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
+ "Bad MD2 sigature");
+ return HX509_CRYPTO_BAD_SIGNATURE;
+ }
+
+ return 0;
+}
+
+static const struct signature_alg heim_rsa_pkcs1_x509 = {
+ "rsa-pkcs1-x509",
+ oid_id_heim_rsa_pkcs1_x509,
+ hx509_signature_rsa_pkcs1_x509,
+ oid_id_pkcs1_rsaEncryption,
+ NULL,
+ PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
+ rsa_verify_signature,
+ rsa_create_signature
+};
+
+static const struct signature_alg pkcs1_rsa_sha1_alg = {
+ "rsa",
+ oid_id_pkcs1_rsaEncryption,
+ hx509_signature_rsa_with_sha1,
+ oid_id_pkcs1_rsaEncryption,
+ NULL,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ rsa_verify_signature,
+ rsa_create_signature
+};
+
+static const struct signature_alg rsa_with_sha256_alg = {
+ "rsa-with-sha256",
+ oid_id_pkcs1_sha256WithRSAEncryption,
+ hx509_signature_rsa_with_sha256,
+ oid_id_pkcs1_rsaEncryption,
+ oid_id_sha256,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ rsa_verify_signature,
+ rsa_create_signature
+};
+
+static const struct signature_alg rsa_with_sha1_alg = {
+ "rsa-with-sha1",
+ oid_id_pkcs1_sha1WithRSAEncryption,
+ hx509_signature_rsa_with_sha1,
+ oid_id_pkcs1_rsaEncryption,
+ oid_id_secsig_sha_1,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ rsa_verify_signature,
+ rsa_create_signature
+};
+
+static const struct signature_alg rsa_with_md5_alg = {
+ "rsa-with-md5",
+ oid_id_pkcs1_md5WithRSAEncryption,
+ hx509_signature_rsa_with_md5,
+ oid_id_pkcs1_rsaEncryption,
+ oid_id_rsa_digest_md5,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ rsa_verify_signature,
+ rsa_create_signature
+};
+
+static const struct signature_alg rsa_with_md2_alg = {
+ "rsa-with-md2",
+ oid_id_pkcs1_md2WithRSAEncryption,
+ hx509_signature_rsa_with_md2,
+ oid_id_pkcs1_rsaEncryption,
+ oid_id_rsa_digest_md2,
+ PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
+ rsa_verify_signature,
+ rsa_create_signature
+};
+
+static const struct signature_alg dsa_sha1_alg = {
+ "dsa-with-sha1",
+ oid_id_dsa_with_sha1,
+ NULL,
+ oid_id_dsa,
+ oid_id_secsig_sha_1,
+ PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
+ dsa_verify_signature,
+ /* create_signature */ NULL,
+};
+
+static const struct signature_alg sha256_alg = {
+ "sha-256",
+ oid_id_sha256,
+ hx509_signature_sha256,
+ NULL,
+ NULL,
+ SIG_DIGEST,
+ sha256_verify_signature,
+ sha256_create_signature
+};
+
+static const struct signature_alg sha1_alg = {
+ "sha1",
+ oid_id_secsig_sha_1,
+ hx509_signature_sha1,
+ NULL,
+ NULL,
+ SIG_DIGEST,
+ sha1_verify_signature,
+ sha1_create_signature
+};
+
+static const struct signature_alg md5_alg = {
+ "rsa-md5",
+ oid_id_rsa_digest_md5,
+ hx509_signature_md5,
+ NULL,
+ NULL,
+ SIG_DIGEST,
+ md5_verify_signature
+};
+
+static const struct signature_alg md2_alg = {
+ "rsa-md2",
+ oid_id_rsa_digest_md2,
+ hx509_signature_md2,
+ NULL,
+ NULL,
+ SIG_DIGEST,
+ md2_verify_signature
+};
+
+/*
+ * Order matter in this structure, "best" first for each "key
+ * compatible" type (type is RSA, DSA, none, etc)
+ */
+
+static const struct signature_alg *sig_algs[] = {
+ &rsa_with_sha256_alg,
+ &rsa_with_sha1_alg,
+ &pkcs1_rsa_sha1_alg,
+ &rsa_with_md5_alg,
+ &rsa_with_md2_alg,
+ &heim_rsa_pkcs1_x509,
+ &dsa_sha1_alg,
+ &sha256_alg,
+ &sha1_alg,
+ &md5_alg,
+ &md2_alg,
+ NULL
+};
+
+static const struct signature_alg *
+find_sig_alg(const heim_oid *oid)
+{
+ int i;
+ for (i = 0; sig_algs[i]; i++)
+ if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
+ return sig_algs[i];
+ return NULL;
+}
+
+/*
+ *
+ */
+
+static struct hx509_private_key_ops *private_algs[] = {
+ &rsa_private_key_ops,
+ NULL
+};
+
+static hx509_private_key_ops *
+find_private_alg(const heim_oid *oid)
+{
+ int i;
+ for (i = 0; private_algs[i]; i++) {
+ if (private_algs[i]->key_oid == NULL)
+ continue;
+ if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0)
+ return private_algs[i];
+ }
+ return NULL;
+}
+
+
+int
+_hx509_verify_signature(hx509_context context,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_octet_string *sig)
+{
+ const struct signature_alg *md;
+
+ md = find_sig_alg(&alg->algorithm);
+ if (md == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_SIG_ALG_NO_SUPPORTED;
+ }
+ if (signer && (md->flags & PROVIDE_CONF) == 0) {
+ hx509_clear_error_string(context);
+ return HX509_CRYPTO_SIG_NO_CONF;
+ }
+ if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
+ hx509_clear_error_string(context);
+ return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
+ }
+ if (md->key_oid && signer) {
+ const SubjectPublicKeyInfo *spi;
+ spi = &signer->tbsCertificate.subjectPublicKeyInfo;
+
+ if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) {
+ hx509_clear_error_string(context);
+ return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
+ }
+ }
+ return (*md->verify_signature)(context, md, signer, alg, data, sig);
+}
+
+int
+_hx509_verify_signature_bitstring(hx509_context context,
+ const Certificate *signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ const heim_bit_string *sig)
+{
+ heim_octet_string os;
+
+ if (sig->length & 7) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
+ "signature not multiple of 8 bits");
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+
+ os.data = sig->data;
+ os.length = sig->length / 8;
+
+ return _hx509_verify_signature(context, signer, alg, data, &os);
+}
+
+int
+_hx509_create_signature(hx509_context context,
+ const hx509_private_key signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ AlgorithmIdentifier *signatureAlgorithm,
+ heim_octet_string *sig)
+{
+ const struct signature_alg *md;
+
+ if (signer && signer->ops && signer->ops->handle_alg &&
+ (*signer->ops->handle_alg)(signer, alg, COT_SIGN))
+ {
+ return (*signer->ops->sign)(context, signer, alg, data,
+ signatureAlgorithm, sig);
+ }
+
+ md = find_sig_alg(&alg->algorithm);
+ if (md == NULL) {
+ hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
+ "algorithm no supported");
+ return HX509_SIG_ALG_NO_SUPPORTED;
+ }
+
+ if (signer && (md->flags & PROVIDE_CONF) == 0) {
+ hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
+ "algorithm provides no conf");
+ return HX509_CRYPTO_SIG_NO_CONF;
+ }
+
+ return (*md->create_signature)(context, md, signer, alg, data,
+ signatureAlgorithm, sig);
+}
+
+int
+_hx509_create_signature_bitstring(hx509_context context,
+ const hx509_private_key signer,
+ const AlgorithmIdentifier *alg,
+ const heim_octet_string *data,
+ AlgorithmIdentifier *signatureAlgorithm,
+ heim_bit_string *sig)
+{
+ heim_octet_string os;
+ int ret;
+
+ ret = _hx509_create_signature(context, signer, alg,
+ data, signatureAlgorithm, &os);
+ if (ret)
+ return ret;
+ sig->data = os.data;
+ sig->length = os.length * 8;
+ return 0;
+}
+
+int
+_hx509_public_encrypt(hx509_context context,
+ const heim_octet_string *cleartext,
+ const Certificate *cert,
+ heim_oid *encryption_oid,
+ heim_octet_string *ciphertext)
+{
+ const SubjectPublicKeyInfo *spi;
+ unsigned char *to;
+ int tosize;
+ int ret;
+ RSA *rsa;
+ RSAPublicKey pk;
+ size_t size;
+
+ ciphertext->data = NULL;
+ ciphertext->length = 0;
+
+ spi = &cert->tbsCertificate.subjectPublicKeyInfo;
+
+ rsa = RSA_new();
+ if (rsa == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
+ spi->subjectPublicKey.length / 8,
+ &pk, &size);
+ if (ret) {
+ RSA_free(rsa);
+ hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");
+ return ret;
+ }
+ rsa->n = heim_int2BN(&pk.modulus);
+ rsa->e = heim_int2BN(&pk.publicExponent);
+
+ free_RSAPublicKey(&pk);
+
+ if (rsa->n == NULL || rsa->e == NULL) {
+ RSA_free(rsa);
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ tosize = RSA_size(rsa);
+ to = malloc(tosize);
+ if (to == NULL) {
+ RSA_free(rsa);
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ ret = RSA_public_encrypt(cleartext->length,
+ (unsigned char *)cleartext->data,
+ to, rsa, RSA_PKCS1_PADDING);
+ RSA_free(rsa);
+ if (ret <= 0) {
+ free(to);
+ hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
+ "RSA public encrypt failed with %d", ret);
+ return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
+ }
+ if (ret > tosize)
+ _hx509_abort("internal rsa decryption failure: ret > tosize");
+
+ ciphertext->length = ret;
+ ciphertext->data = to;
+
+ ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid);
+ if (ret) {
+ der_free_octet_string(ciphertext);
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
+int
+_hx509_private_key_private_decrypt(hx509_context context,
+ const heim_octet_string *ciphertext,
+ const heim_oid *encryption_oid,
+ hx509_private_key p,
+ heim_octet_string *cleartext)
+{
+ int ret;
+
+ cleartext->data = NULL;
+ cleartext->length = 0;
+
+ if (p->private_key.rsa == NULL) {
+ hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
+ "Private RSA key missing");
+ return HX509_PRIVATE_KEY_MISSING;
+ }
+
+ cleartext->length = RSA_size(p->private_key.rsa);
+ cleartext->data = malloc(cleartext->length);
+ if (cleartext->data == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
+ cleartext->data,
+ p->private_key.rsa,
+ RSA_PKCS1_PADDING);
+ if (ret <= 0) {
+ der_free_octet_string(cleartext);
+ hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
+ "Failed to decrypt using private key: %d", ret);
+ return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
+ }
+ if (cleartext->length < ret)
+ _hx509_abort("internal rsa decryption failure: ret > tosize");
+
+ cleartext->length = ret;
+
+ return 0;
+}
+
+
+int
+_hx509_parse_private_key(hx509_context context,
+ const heim_oid *key_oid,
+ const void *data,
+ size_t len,
+ hx509_private_key *private_key)
+{
+ struct hx509_private_key_ops *ops;
+ int ret;
+
+ *private_key = NULL;
+
+ ops = find_private_alg(key_oid);
+ if (ops == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_SIG_ALG_NO_SUPPORTED;
+ }
+
+ ret = _hx509_private_key_init(private_key, ops, NULL);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ return ret;
+ }
+
+ ret = (*ops->import)(context, data, len, *private_key);
+ if (ret)
+ _hx509_private_key_free(private_key);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+int
+_hx509_private_key2SPKI(hx509_context context,
+ hx509_private_key private_key,
+ SubjectPublicKeyInfo *spki)
+{
+ const struct hx509_private_key_ops *ops = private_key->ops;
+ if (ops == NULL || ops->get_spki == NULL) {
+ hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
+ "Private key have no key2SPKI function");
+ return HX509_UNIMPLEMENTED_OPERATION;
+ }
+ return (*ops->get_spki)(context, private_key, spki);
+}
+
+int
+_hx509_generate_private_key_init(hx509_context context,
+ const heim_oid *oid,
+ struct hx509_generate_private_context **ctx)
+{
+ *ctx = NULL;
+
+ if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
+ hx509_set_error_string(context, 0, EINVAL,
+ "private key not an RSA key");
+ return EINVAL;
+ }
+
+ *ctx = calloc(1, sizeof(**ctx));
+ if (*ctx == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ (*ctx)->key_oid = oid;
+
+ return 0;
+}
+
+int
+_hx509_generate_private_key_is_ca(hx509_context context,
+ struct hx509_generate_private_context *ctx)
+{
+ ctx->isCA = 1;
+ return 0;
+}
+
+int
+_hx509_generate_private_key_bits(hx509_context context,
+ struct hx509_generate_private_context *ctx,
+ unsigned long bits)
+{
+ ctx->num_bits = bits;
+ return 0;
+}
+
+
+void
+_hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
+{
+ free(*ctx);
+ *ctx = NULL;
+}
+
+int
+_hx509_generate_private_key(hx509_context context,
+ struct hx509_generate_private_context *ctx,
+ hx509_private_key *private_key)
+{
+ struct hx509_private_key_ops *ops;
+ int ret;
+
+ *private_key = NULL;
+
+ ops = find_private_alg(ctx->key_oid);
+ if (ops == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_SIG_ALG_NO_SUPPORTED;
+ }
+
+ ret = _hx509_private_key_init(private_key, ops, NULL);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ return ret;
+ }
+
+ ret = (*ops->generate_private_key)(context, ctx, *private_key);
+ if (ret)
+ _hx509_private_key_free(private_key);
+
+ return ret;
+}
+
+
+/*
+ *
+ */
+
+static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
+
+static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
+const AlgorithmIdentifier _hx509_signature_sha512_data = {
+ { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
+};
+
+static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
+const AlgorithmIdentifier _hx509_signature_sha384_data = {
+ { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
+};
+
+static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
+const AlgorithmIdentifier _hx509_signature_sha256_data = {
+ { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
+};
+
+static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
+const AlgorithmIdentifier _hx509_signature_sha1_data = {
+ { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
+};
+
+static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
+const AlgorithmIdentifier _hx509_signature_md5_data = {
+ { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
+};
+
+static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
+const AlgorithmIdentifier _hx509_signature_md2_data = {
+ { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
+};
+
+static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
+const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
+ { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
+};
+
+static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
+const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
+ { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
+};
+
+static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
+const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
+ { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
+};
+
+static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
+const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
+ { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
+};
+
+static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
+const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
+ { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
+};
+
+static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
+const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
+ { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
+};
+
+static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
+const AlgorithmIdentifier _hx509_signature_rsa_data = {
+ { 7, rk_UNCONST(rsa_oid) }, NULL
+};
+
+static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
+const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
+ { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
+};
+
+static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
+const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
+ { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
+};
+
+static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
+const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
+ { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
+};
+
+static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
+const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
+ { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
+};
+
+const AlgorithmIdentifier *
+hx509_signature_sha512(void)
+{ return &_hx509_signature_sha512_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_sha384(void)
+{ return &_hx509_signature_sha384_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_sha256(void)
+{ return &_hx509_signature_sha256_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_sha1(void)
+{ return &_hx509_signature_sha1_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_md5(void)
+{ return &_hx509_signature_md5_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_md2(void)
+{ return &_hx509_signature_md2_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha512(void)
+{ return &_hx509_signature_rsa_with_sha512_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha384(void)
+{ return &_hx509_signature_rsa_with_sha384_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha256(void)
+{ return &_hx509_signature_rsa_with_sha256_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha1(void)
+{ return &_hx509_signature_rsa_with_sha1_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_md5(void)
+{ return &_hx509_signature_rsa_with_md5_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_md2(void)
+{ return &_hx509_signature_rsa_with_md2_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa(void)
+{ return &_hx509_signature_rsa_data; }
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_pkcs1_x509(void)
+{ return &_hx509_signature_rsa_pkcs1_x509_data; }
+
+const AlgorithmIdentifier *
+hx509_crypto_des_rsdi_ede3_cbc(void)
+{ return &_hx509_des_rsdi_ede3_cbc_oid; }
+
+const AlgorithmIdentifier *
+hx509_crypto_aes128_cbc(void)
+{ return &_hx509_crypto_aes128_cbc_data; }
+
+const AlgorithmIdentifier *
+hx509_crypto_aes256_cbc(void)
+{ return &_hx509_crypto_aes256_cbc_data; }
+
+/*
+ *
+ */
+
+const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
+ &_hx509_signature_rsa_with_sha1_data;
+const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
+ &_hx509_signature_sha1_data;
+const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
+ &_hx509_crypto_aes128_cbc_data;
+
+/*
+ *
+ */
+
+int
+_hx509_private_key_init(hx509_private_key *key,
+ hx509_private_key_ops *ops,
+ void *keydata)
+{
+ *key = calloc(1, sizeof(**key));
+ if (*key == NULL)
+ return ENOMEM;
+ (*key)->ref = 1;
+ (*key)->ops = ops;
+ (*key)->private_key.keydata = keydata;
+ return 0;
+}
+
+hx509_private_key
+_hx509_private_key_ref(hx509_private_key key)
+{
+ if (key->ref <= 0)
+ _hx509_abort("refcount <= 0");
+ key->ref++;
+ if (key->ref == 0)
+ _hx509_abort("refcount == 0");
+ return key;
+}
+
+const char *
+_hx509_private_pem_name(hx509_private_key key)
+{
+ return key->ops->pemtype;
+}
+
+int
+_hx509_private_key_free(hx509_private_key *key)
+{
+ if (key == NULL || *key == NULL)
+ return 0;
+
+ if ((*key)->ref <= 0)
+ _hx509_abort("refcount <= 0");
+ if (--(*key)->ref > 0)
+ return 0;
+
+ if ((*key)->private_key.rsa)
+ RSA_free((*key)->private_key.rsa);
+ (*key)->private_key.rsa = NULL;
+ free(*key);
+ *key = NULL;
+ return 0;
+}
+
+void
+_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
+{
+ if (key->private_key.rsa)
+ RSA_free(key->private_key.rsa);
+ key->private_key.rsa = ptr;
+ key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
+ key->md = &pkcs1_rsa_sha1_alg;
+}
+
+int
+_hx509_private_key_oid(hx509_context context,
+ const hx509_private_key key,
+ heim_oid *data)
+{
+ int ret;
+ ret = der_copy_oid((*key->ops->key_oid)(), data);
+ if (ret)
+ hx509_set_error_string(context, 0, ret, "malloc out of memory");
+ return ret;
+}
+
+int
+_hx509_private_key_exportable(hx509_private_key key)
+{
+ if (key->ops->export == NULL)
+ return 0;
+ return 1;
+}
+
+BIGNUM *
+_hx509_private_key_get_internal(hx509_context context,
+ hx509_private_key key,
+ const char *type)
+{
+ if (key->ops->get_internal == NULL)
+ return NULL;
+ return (*key->ops->get_internal)(context, key, type);
+}
+
+int
+_hx509_private_key_export(hx509_context context,
+ const hx509_private_key key,
+ heim_octet_string *data)
+{
+ if (key->ops->export == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_UNIMPLEMENTED_OPERATION;
+ }
+ return (*key->ops->export)(context, key, data);
+}
+
+/*
+ *
+ */
+
+struct hx509cipher {
+ const char *name;
+ const heim_oid *(*oid_func)(void);
+ const AlgorithmIdentifier *(*ai_func)(void);
+ const EVP_CIPHER *(*evp_func)(void);
+ int (*get_params)(hx509_context, const hx509_crypto,
+ const heim_octet_string *, heim_octet_string *);
+ int (*set_params)(hx509_context, const heim_octet_string *,
+ hx509_crypto, heim_octet_string *);
+};
+
+struct hx509_crypto_data {
+ char *name;
+ const struct hx509cipher *cipher;
+ const EVP_CIPHER *c;
+ heim_octet_string key;
+ heim_oid oid;
+ void *param;
+};
+
+/*
+ *
+ */
+
+static const heim_oid *
+oid_private_rc2_40(void)
+{
+ static unsigned oid_data[] = { 127, 1 };
+ static const heim_oid oid = { 2, oid_data };
+
+ return &oid;
+}
+
+
+/*
+ *
+ */
+
+static int
+CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
+ const heim_octet_string *ivec, heim_octet_string *param)
+{
+ size_t size;
+ int ret;
+
+ assert(crypto->param == NULL);
+ if (ivec == NULL)
+ return 0;
+
+ ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
+ ivec, &size, ret);
+ if (ret == 0 && size != param->length)
+ _hx509_abort("Internal asn1 encoder failure");
+ if (ret)
+ hx509_clear_error_string(context);
+ return ret;
+}
+
+static int
+CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
+ hx509_crypto crypto, heim_octet_string *ivec)
+{
+ int ret;
+ if (ivec == NULL)
+ return 0;
+
+ ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
+ if (ret)
+ hx509_clear_error_string(context);
+
+ return ret;
+}
+
+struct _RC2_params {
+ int maximum_effective_key;
+};
+
+static int
+CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
+ const heim_octet_string *ivec, heim_octet_string *param)
+{
+ CMSRC2CBCParameter rc2params;
+ const struct _RC2_params *p = crypto->param;
+ int maximum_effective_key = 128;
+ size_t size;
+ int ret;
+
+ memset(&rc2params, 0, sizeof(rc2params));
+
+ if (p)
+ maximum_effective_key = p->maximum_effective_key;
+
+ switch(maximum_effective_key) {
+ case 40:
+ rc2params.rc2ParameterVersion = 160;
+ break;
+ case 64:
+ rc2params.rc2ParameterVersion = 120;
+ break;
+ case 128:
+ rc2params.rc2ParameterVersion = 58;
+ break;
+ }
+ rc2params.iv = *ivec;
+
+ ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
+ &rc2params, &size, ret);
+ if (ret == 0 && size != param->length)
+ _hx509_abort("Internal asn1 encoder failure");
+
+ return ret;
+}
+
+static int
+CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
+ hx509_crypto crypto, heim_octet_string *ivec)
+{
+ CMSRC2CBCParameter rc2param;
+ struct _RC2_params *p;
+ size_t size;
+ int ret;
+
+ ret = decode_CMSRC2CBCParameter(param->data, param->length,
+ &rc2param, &size);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+
+ p = calloc(1, sizeof(*p));
+ if (p == NULL) {
+ free_CMSRC2CBCParameter(&rc2param);
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ switch(rc2param.rc2ParameterVersion) {
+ case 160:
+ crypto->c = EVP_rc2_40_cbc();
+ p->maximum_effective_key = 40;
+ break;
+ case 120:
+ crypto->c = EVP_rc2_64_cbc();
+ p->maximum_effective_key = 64;
+ break;
+ case 58:
+ crypto->c = EVP_rc2_cbc();
+ p->maximum_effective_key = 128;
+ break;
+ default:
+ free(p);
+ free_CMSRC2CBCParameter(&rc2param);
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+ if (ivec)
+ ret = der_copy_octet_string(&rc2param.iv, ivec);
+ free_CMSRC2CBCParameter(&rc2param);
+ if (ret) {
+ free(p);
+ hx509_clear_error_string(context);
+ } else
+ crypto->param = p;
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+static const struct hx509cipher ciphers[] = {
+ {
+ "rc2-cbc",
+ oid_id_pkcs3_rc2_cbc,
+ NULL,
+ EVP_rc2_cbc,
+ CMSRC2CBCParam_get,
+ CMSRC2CBCParam_set
+ },
+ {
+ "rc2-cbc",
+ oid_id_rsadsi_rc2_cbc,
+ NULL,
+ EVP_rc2_cbc,
+ CMSRC2CBCParam_get,
+ CMSRC2CBCParam_set
+ },
+ {
+ "rc2-40-cbc",
+ oid_private_rc2_40,
+ NULL,
+ EVP_rc2_40_cbc,
+ CMSRC2CBCParam_get,
+ CMSRC2CBCParam_set
+ },
+ {
+ "des-ede3-cbc",
+ oid_id_pkcs3_des_ede3_cbc,
+ NULL,
+ EVP_des_ede3_cbc,
+ CMSCBCParam_get,
+ CMSCBCParam_set
+ },
+ {
+ "des-ede3-cbc",
+ oid_id_rsadsi_des_ede3_cbc,
+ hx509_crypto_des_rsdi_ede3_cbc,
+ EVP_des_ede3_cbc,
+ CMSCBCParam_get,
+ CMSCBCParam_set
+ },
+ {
+ "aes-128-cbc",
+ oid_id_aes_128_cbc,
+ hx509_crypto_aes128_cbc,
+ EVP_aes_128_cbc,
+ CMSCBCParam_get,
+ CMSCBCParam_set
+ },
+ {
+ "aes-192-cbc",
+ oid_id_aes_192_cbc,
+ NULL,
+ EVP_aes_192_cbc,
+ CMSCBCParam_get,
+ CMSCBCParam_set
+ },
+ {
+ "aes-256-cbc",
+ oid_id_aes_256_cbc,
+ hx509_crypto_aes256_cbc,
+ EVP_aes_256_cbc,
+ CMSCBCParam_get,
+ CMSCBCParam_set
+ }
+};
+
+static const struct hx509cipher *
+find_cipher_by_oid(const heim_oid *oid)
+{
+ int i;
+
+ for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
+ if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0)
+ return &ciphers[i];
+
+ return NULL;
+}
+
+static const struct hx509cipher *
+find_cipher_by_name(const char *name)
+{
+ int i;
+
+ for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
+ if (strcasecmp(name, ciphers[i].name) == 0)
+ return &ciphers[i];
+
+ return NULL;
+}
+
+
+const heim_oid *
+hx509_crypto_enctype_by_name(const char *name)
+{
+ const struct hx509cipher *cipher;
+
+ cipher = find_cipher_by_name(name);
+ if (cipher == NULL)
+ return NULL;
+ return (*cipher->oid_func)();
+}
+
+int
+hx509_crypto_init(hx509_context context,
+ const char *provider,
+ const heim_oid *enctype,
+ hx509_crypto *crypto)
+{
+ const struct hx509cipher *cipher;
+
+ *crypto = NULL;
+
+ cipher = find_cipher_by_oid(enctype);
+ if (cipher == NULL) {
+ hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
+ "Algorithm not supported");
+ return HX509_ALG_NOT_SUPP;
+ }
+
+ *crypto = calloc(1, sizeof(**crypto));
+ if (*crypto == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ (*crypto)->cipher = cipher;
+ (*crypto)->c = (*cipher->evp_func)();
+
+ if (der_copy_oid(enctype, &(*crypto)->oid)) {
+ hx509_crypto_destroy(*crypto);
+ *crypto = NULL;
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
+const char *
+hx509_crypto_provider(hx509_crypto crypto)
+{
+ return "unknown";
+}
+
+void
+hx509_crypto_destroy(hx509_crypto crypto)
+{
+ if (crypto->name)
+ free(crypto->name);
+ if (crypto->key.data)
+ free(crypto->key.data);
+ if (crypto->param)
+ free(crypto->param);
+ der_free_oid(&crypto->oid);
+ memset(crypto, 0, sizeof(*crypto));
+ free(crypto);
+}
+
+int
+hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
+{
+ return 0;
+}
+
+int
+hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
+{
+ if (EVP_CIPHER_key_length(crypto->c) > length)
+ return HX509_CRYPTO_INTERNAL_ERROR;
+
+ if (crypto->key.data) {
+ free(crypto->key.data);
+ crypto->key.data = NULL;
+ crypto->key.length = 0;
+ }
+ crypto->key.data = malloc(length);
+ if (crypto->key.data == NULL)
+ return ENOMEM;
+ memcpy(crypto->key.data, data, length);
+ crypto->key.length = length;
+
+ return 0;
+}
+
+int
+hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
+{
+ if (crypto->key.data) {
+ free(crypto->key.data);
+ crypto->key.length = 0;
+ }
+
+ crypto->key.length = EVP_CIPHER_key_length(crypto->c);
+ crypto->key.data = malloc(crypto->key.length);
+ if (crypto->key.data == NULL) {
+ crypto->key.length = 0;
+ return ENOMEM;
+ }
+ if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
+ free(crypto->key.data);
+ crypto->key.data = NULL;
+ crypto->key.length = 0;
+ return HX509_CRYPTO_INTERNAL_ERROR;
+ }
+ if (key)
+ return der_copy_octet_string(&crypto->key, key);
+ else
+ return 0;
+}
+
+int
+hx509_crypto_set_params(hx509_context context,
+ hx509_crypto crypto,
+ const heim_octet_string *param,
+ heim_octet_string *ivec)
+{
+ return (*crypto->cipher->set_params)(context, param, crypto, ivec);
+}
+
+int
+hx509_crypto_get_params(hx509_context context,
+ hx509_crypto crypto,
+ const heim_octet_string *ivec,
+ heim_octet_string *param)
+{
+ return (*crypto->cipher->get_params)(context, crypto, ivec, param);
+}
+
+int
+hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
+{
+ ivec->length = EVP_CIPHER_iv_length(crypto->c);
+ ivec->data = malloc(ivec->length);
+ if (ivec->data == NULL) {
+ ivec->length = 0;
+ return ENOMEM;
+ }
+
+ if (RAND_bytes(ivec->data, ivec->length) <= 0) {
+ free(ivec->data);
+ ivec->data = NULL;
+ ivec->length = 0;
+ return HX509_CRYPTO_INTERNAL_ERROR;
+ }
+ return 0;
+}
+
+int
+hx509_crypto_encrypt(hx509_crypto crypto,
+ const void *data,
+ const size_t length,
+ const heim_octet_string *ivec,
+ heim_octet_string **ciphertext)
+{
+ EVP_CIPHER_CTX evp;
+ size_t padsize;
+ int ret;
+
+ *ciphertext = NULL;
+
+ assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
+
+ EVP_CIPHER_CTX_init(&evp);
+
+ ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
+ crypto->key.data, ivec->data, 1);
+ if (ret != 1) {
+ EVP_CIPHER_CTX_cleanup(&evp);
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ goto out;
+ }
+
+ *ciphertext = calloc(1, sizeof(**ciphertext));
+ if (*ciphertext == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ if (EVP_CIPHER_block_size(crypto->c) == 1) {
+ padsize = 0;
+ } else {
+ int bsize = EVP_CIPHER_block_size(crypto->c);
+ padsize = bsize - (length % bsize);
+ }
+ (*ciphertext)->length = length + padsize;
+ (*ciphertext)->data = malloc(length + padsize);
+ if ((*ciphertext)->data == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ memcpy((*ciphertext)->data, data, length);
+ if (padsize) {
+ int i;
+ unsigned char *p = (*ciphertext)->data;
+ p += length;
+ for (i = 0; i < padsize; i++)
+ *p++ = padsize;
+ }
+
+ ret = EVP_Cipher(&evp, (*ciphertext)->data,
+ (*ciphertext)->data,
+ length + padsize);
+ if (ret != 1) {
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ goto out;
+ }
+ ret = 0;
+
+ out:
+ if (ret) {
+ if (*ciphertext) {
+ if ((*ciphertext)->data) {
+ free((*ciphertext)->data);
+ }
+ free(*ciphertext);
+ *ciphertext = NULL;
+ }
+ }
+ EVP_CIPHER_CTX_cleanup(&evp);
+
+ return ret;
+}
+
+int
+hx509_crypto_decrypt(hx509_crypto crypto,
+ const void *data,
+ const size_t length,
+ heim_octet_string *ivec,
+ heim_octet_string *clear)
+{
+ EVP_CIPHER_CTX evp;
+ void *idata = NULL;
+ int ret;
+
+ clear->data = NULL;
+ clear->length = 0;
+
+ if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
+ return HX509_CRYPTO_INTERNAL_ERROR;
+
+ if (crypto->key.data == NULL)
+ return HX509_CRYPTO_INTERNAL_ERROR;
+
+ if (ivec)
+ idata = ivec->data;
+
+ EVP_CIPHER_CTX_init(&evp);
+
+ ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
+ crypto->key.data, idata, 0);
+ if (ret != 1) {
+ EVP_CIPHER_CTX_cleanup(&evp);
+ return HX509_CRYPTO_INTERNAL_ERROR;
+ }
+
+ clear->length = length;
+ clear->data = malloc(length);
+ if (clear->data == NULL) {
+ EVP_CIPHER_CTX_cleanup(&evp);
+ clear->length = 0;
+ return ENOMEM;
+ }
+
+ if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
+ return HX509_CRYPTO_INTERNAL_ERROR;
+ }
+ EVP_CIPHER_CTX_cleanup(&evp);
+
+ if (EVP_CIPHER_block_size(crypto->c) > 1) {
+ int padsize;
+ unsigned char *p;
+ int j, bsize = EVP_CIPHER_block_size(crypto->c);
+
+ if (clear->length < bsize) {
+ ret = HX509_CMS_PADDING_ERROR;
+ goto out;
+ }
+
+ p = clear->data;
+ p += clear->length - 1;
+ padsize = *p;
+ if (padsize > bsize) {
+ ret = HX509_CMS_PADDING_ERROR;
+ goto out;
+ }
+ clear->length -= padsize;
+ for (j = 0; j < padsize; j++) {
+ if (*p-- != padsize) {
+ ret = HX509_CMS_PADDING_ERROR;
+ goto out;
+ }
+ }
+ }
+
+ return 0;
+
+ out:
+ if (clear->data)
+ free(clear->data);
+ clear->data = NULL;
+ clear->length = 0;
+ return ret;
+}
+
+typedef int (*PBE_string2key_func)(hx509_context,
+ const char *,
+ const heim_octet_string *,
+ hx509_crypto *, heim_octet_string *,
+ heim_octet_string *,
+ const heim_oid *, const EVP_MD *);
+
+static int
+PBE_string2key(hx509_context context,
+ const char *password,
+ const heim_octet_string *parameters,
+ hx509_crypto *crypto,
+ heim_octet_string *key, heim_octet_string *iv,
+ const heim_oid *enc_oid,
+ const EVP_MD *md)
+{
+ PKCS12_PBEParams p12params;
+ int passwordlen;
+ hx509_crypto c;
+ int iter, saltlen, ret;
+ unsigned char *salt;
+
+ passwordlen = password ? strlen(password) : 0;
+
+ if (parameters == NULL)
+ return HX509_ALG_NOT_SUPP;
+
+ ret = decode_PKCS12_PBEParams(parameters->data,
+ parameters->length,
+ &p12params, NULL);
+ if (ret)
+ goto out;
+
+ if (p12params.iterations)
+ iter = *p12params.iterations;
+ else
+ iter = 1;
+ salt = p12params.salt.data;
+ saltlen = p12params.salt.length;
+
+ if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
+ PKCS12_KEY_ID, iter, key->length, key->data, md)) {
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ goto out;
+ }
+
+ if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
+ PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ goto out;
+ }
+
+ ret = hx509_crypto_init(context, NULL, enc_oid, &c);
+ if (ret)
+ goto out;
+
+ ret = hx509_crypto_set_key_data(c, key->data, key->length);
+ if (ret) {
+ hx509_crypto_destroy(c);
+ goto out;
+ }
+
+ *crypto = c;
+out:
+ free_PKCS12_PBEParams(&p12params);
+ return ret;
+}
+
+static const heim_oid *
+find_string2key(const heim_oid *oid,
+ const EVP_CIPHER **c,
+ const EVP_MD **md,
+ PBE_string2key_func *s2k)
+{
+ if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) {
+ *c = EVP_rc2_40_cbc();
+ *md = EVP_sha1();
+ *s2k = PBE_string2key;
+ return oid_private_rc2_40();
+ } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) {
+ *c = EVP_rc2_cbc();
+ *md = EVP_sha1();
+ *s2k = PBE_string2key;
+ return oid_id_pkcs3_rc2_cbc();
+#if 0
+ } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) {
+ *c = EVP_rc4_40();
+ *md = EVP_sha1();
+ *s2k = PBE_string2key;
+ return NULL;
+ } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) {
+ *c = EVP_rc4();
+ *md = EVP_sha1();
+ *s2k = PBE_string2key;
+ return oid_id_pkcs3_rc4();
+#endif
+ } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) {
+ *c = EVP_des_ede3_cbc();
+ *md = EVP_sha1();
+ *s2k = PBE_string2key;
+ return oid_id_pkcs3_des_ede3_cbc();
+ }
+
+ return NULL;
+}
+
+/*
+ *
+ */
+
+int
+_hx509_pbe_encrypt(hx509_context context,
+ hx509_lock lock,
+ const AlgorithmIdentifier *ai,
+ const heim_octet_string *content,
+ heim_octet_string *econtent)
+{
+ hx509_clear_error_string(context);
+ return EINVAL;
+}
+
+/*
+ *
+ */
+
+int
+_hx509_pbe_decrypt(hx509_context context,
+ hx509_lock lock,
+ const AlgorithmIdentifier *ai,
+ const heim_octet_string *econtent,
+ heim_octet_string *content)
+{
+ const struct _hx509_password *pw;
+ heim_octet_string key, iv;
+ const heim_oid *enc_oid;
+ const EVP_CIPHER *c;
+ const EVP_MD *md;
+ PBE_string2key_func s2k;
+ int i, ret = 0;
+
+ memset(&key, 0, sizeof(key));
+ memset(&iv, 0, sizeof(iv));
+
+ memset(content, 0, sizeof(*content));
+
+ enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
+ if (enc_oid == NULL) {
+ hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
+ "String to key algorithm not supported");
+ ret = HX509_ALG_NOT_SUPP;
+ goto out;
+ }
+
+ key.length = EVP_CIPHER_key_length(c);
+ key.data = malloc(key.length);
+ if (key.data == NULL) {
+ ret = ENOMEM;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ iv.length = EVP_CIPHER_iv_length(c);
+ iv.data = malloc(iv.length);
+ if (iv.data == NULL) {
+ ret = ENOMEM;
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ pw = _hx509_lock_get_passwords(lock);
+
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ for (i = 0; i < pw->len + 1; i++) {
+ hx509_crypto crypto;
+ const char *password;
+
+ if (i < pw->len)
+ password = pw->val[i];
+ else if (i < pw->len + 1)
+ password = "";
+ else
+ password = NULL;
+
+ ret = (*s2k)(context, password, ai->parameters, &crypto,
+ &key, &iv, enc_oid, md);
+ if (ret)
+ goto out;
+
+ ret = hx509_crypto_decrypt(crypto,
+ econtent->data,
+ econtent->length,
+ &iv,
+ content);
+ hx509_crypto_destroy(crypto);
+ if (ret == 0)
+ goto out;
+
+ }
+out:
+ if (key.data)
+ der_free_octet_string(&key);
+ if (iv.data)
+ der_free_octet_string(&iv);
+ return ret;
+}
+
+/*
+ *
+ */
+
+
+int
+_hx509_match_keys(hx509_cert c, hx509_private_key private_key)
+{
+ const Certificate *cert;
+ const SubjectPublicKeyInfo *spi;
+ RSAPublicKey pk;
+ RSA *rsa;
+ size_t size;
+ int ret;
+
+ if (private_key->private_key.rsa == NULL)
+ return 0;
+
+ rsa = private_key->private_key.rsa;
+ if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
+ return 0;
+
+ cert = _hx509_get_cert(c);
+ spi = &cert->tbsCertificate.subjectPublicKeyInfo;
+
+ rsa = RSA_new();
+ if (rsa == NULL)
+ return 0;
+
+ ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
+ spi->subjectPublicKey.length / 8,
+ &pk, &size);
+ if (ret) {
+ RSA_free(rsa);
+ return 0;
+ }
+ rsa->n = heim_int2BN(&pk.modulus);
+ rsa->e = heim_int2BN(&pk.publicExponent);
+
+ free_RSAPublicKey(&pk);
+
+ rsa->d = BN_dup(private_key->private_key.rsa->d);
+ rsa->p = BN_dup(private_key->private_key.rsa->p);
+ rsa->q = BN_dup(private_key->private_key.rsa->q);
+ rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
+ rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
+ rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
+
+ if (rsa->n == NULL || rsa->e == NULL ||
+ rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
+ rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
+ RSA_free(rsa);
+ return 0;
+ }
+
+ ret = RSA_check_key(rsa);
+ RSA_free(rsa);
+
+ return ret == 1;
+}
+
+static const heim_oid *
+find_keytype(const hx509_private_key key)
+{
+ const struct signature_alg *md;
+
+ if (key == NULL)
+ return NULL;
+
+ md = find_sig_alg(key->signature_alg);
+ if (md == NULL)
+ return NULL;
+ return (*md->key_oid)();
+}
+
+
+int
+hx509_crypto_select(const hx509_context context,
+ int type,
+ const hx509_private_key source,
+ hx509_peer_info peer,
+ AlgorithmIdentifier *selected)
+{
+ const AlgorithmIdentifier *def;
+ size_t i, j;
+ int ret, bits;
+
+ memset(selected, 0, sizeof(*selected));
+
+ if (type == HX509_SELECT_DIGEST) {
+ bits = SIG_DIGEST;
+ def = _hx509_crypto_default_digest_alg;
+ } else if (type == HX509_SELECT_PUBLIC_SIG) {
+ bits = SIG_PUBLIC_SIG;
+ /* XXX depend on `source\xB4 and `peer\xB4 */
+ def = _hx509_crypto_default_sig_alg;
+ } else if (type == HX509_SELECT_SECRET_ENC) {
+ bits = SIG_SECRET;
+ def = _hx509_crypto_default_secret_alg;
+ } else {
+ hx509_set_error_string(context, 0, EINVAL,
+ "Unknown type %d of selection", type);
+ return EINVAL;
+ }
+
+ if (peer) {
+ const heim_oid *keytype = NULL;
+
+ keytype = find_keytype(source);
+
+ for (i = 0; i < peer->len; i++) {
+ for (j = 0; sig_algs[j]; j++) {
+ if ((sig_algs[j]->flags & bits) != bits)
+ continue;
+ if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(),
+ &peer->val[i].algorithm) != 0)
+ continue;
+ if (keytype && sig_algs[j]->key_oid &&
+ der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
+ continue;
+
+ /* found one, use that */
+ ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
+ if (ret)
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ if (bits & SIG_SECRET) {
+ const struct hx509cipher *cipher;
+
+ cipher = find_cipher_by_oid(&peer->val[i].algorithm);
+ if (cipher == NULL)
+ continue;
+ if (cipher->ai_func == NULL)
+ continue;
+ ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
+ if (ret)
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ }
+ }
+
+ /* use default */
+ ret = copy_AlgorithmIdentifier(def, selected);
+ if (ret)
+ hx509_clear_error_string(context);
+ return ret;
+}
+
+int
+hx509_crypto_available(hx509_context context,
+ int type,
+ hx509_cert source,
+ AlgorithmIdentifier **val,
+ unsigned int *plen)
+{
+ const heim_oid *keytype = NULL;
+ unsigned int len, i;
+ void *ptr;
+ int bits, ret;
+
+ *val = NULL;
+
+ if (type == HX509_SELECT_ALL) {
+ bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
+ } else if (type == HX509_SELECT_DIGEST) {
+ bits = SIG_DIGEST;
+ } else if (type == HX509_SELECT_PUBLIC_SIG) {
+ bits = SIG_PUBLIC_SIG;
+ } else {
+ hx509_set_error_string(context, 0, EINVAL,
+ "Unknown type %d of available", type);
+ return EINVAL;
+ }
+
+ if (source)
+ keytype = find_keytype(_hx509_cert_private_key(source));
+
+ len = 0;
+ for (i = 0; sig_algs[i]; i++) {
+ if ((sig_algs[i]->flags & bits) == 0)
+ continue;
+ if (sig_algs[i]->sig_alg == NULL)
+ continue;
+ if (keytype && sig_algs[i]->key_oid &&
+ der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
+ continue;
+
+ /* found one, add that to the list */
+ ptr = realloc(*val, sizeof(**val) * (len + 1));
+ if (ptr == NULL)
+ goto out;
+ *val = ptr;
+
+ ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]);
+ if (ret)
+ goto out;
+ len++;
+ }
+
+ /* Add AES */
+ if (bits & SIG_SECRET) {
+
+ for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
+
+ if (ciphers[i].ai_func == NULL)
+ continue;
+
+ ptr = realloc(*val, sizeof(**val) * (len + 1));
+ if (ptr == NULL)
+ goto out;
+ *val = ptr;
+
+ ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
+ if (ret)
+ goto out;
+ len++;
+ }
+ }
+
+ *plen = len;
+ return 0;
+
+out:
+ for (i = 0; i < len; i++)
+ free_AlgorithmIdentifier(&(*val)[i]);
+ free(*val);
+ *val = NULL;
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+}
+
+void
+hx509_crypto_free_algs(AlgorithmIdentifier *val,
+ unsigned int len)
+{
+ unsigned int i;
+ for (i = 0; i < len; i++)
+ free_AlgorithmIdentifier(&val[i]);
+ free(val);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-bad.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-bad.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-bad.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa
+Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
+YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
+IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
+hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
+12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU
+DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ
+e20sRA==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-good.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-good.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-good.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
+VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa
+Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
+YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
+IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
+hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
+12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2
+4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z
+rHX/kw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-sf-pad-correct.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-sf-pad-correct.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/bleichenbacher-sf-pad-correct.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw
+ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7
+rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg
+QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns
+Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF
+BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW
+Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed
+ST8AUooI0ey599t84P20gGRuOYIjr7c=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ca.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ca.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ca.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICbDCCAdWgAwIBAgIJALeUXoWyGYBYMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNV
+BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMDcxMTE1MDY1
+ODU2WhcNMTcxMTEyMDY1ODU2WjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg
+Q0ExCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcvJb
+yJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9Lv4VjQQfltNK0aovyLJa
+UdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7WULaaXxBgHo1owzmhc1Qj
+F9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQABo4GZMIGWMB0GA1UdDgQW
+BBSM5w21xd5phXUsCKHeUxUwnKHoADBaBgNVHSMEUzBRgBSM5w21xd5phXUsCKHe
+UxUwnKHoAKEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENBMQswCQYD
+VQQGEwJTRYIJALeUXoWyGYBYMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G
+CSqGSIb3DQEBBQUAA4GBAIBa6mq1aytlbhixD6q4PROg7P1OGX6nr5CkC96CC+Xp
+5UTLZEVIddkrBswNAAS0p5eEorO8xD9eT5ztZ0oYITymsO1sEIfDLks+LhdBoyF7
+TX24INRwjlqsC8UlbRFoClxIMNhrMwcC3oZ4oLddV2OmA0IOG6yHXvEOQq0sTotr
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ca.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ca.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ca.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDHcvJbyJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9
+Lv4VjQQfltNK0aovyLJaUdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7W
+ULaaXxBgHo1owzmhc1QjF9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQAB
+AoGAcRFgBdpr224eF+JzRganm8rMENBAnutreRUnIL+/ENFd0tBg0EIwtsTvvnzB
+odvEkDxFp+BXT1Y8Grj7rPGeuKq7537J43Go02fSC7z4i3HDhSmv1SXE59hiES4F
+ktyR2D7N+A/RPCckS4JM/zG4ZkucqKg/NnVpbdTpl0P2oSkCQQDoDkPde5vfWeXG
+wmAgm5HPbyEmDBXQMlYDgNd448TmObRpjr0dyyr5zDgFJkOpOmv6WUMUxGILam3k
+hCDqQqHPAkEA3AdgsMafqkR+OJmZT/gIDYb+mU8DFH6+WcUPxk+qbAa8JWg4VD30
+tpOKwZu4an1kExHnsVTqKOoW1cYmtYDuzQJAJ+78gsrYwhDoV9HvVO0wpG/NVozR
+3CgtYSD085rOsYfQojGsHcputNoN8eTp09934Xcm8hXxgWFpU9/hAi9BRQJACKG1
+dlnka56SQRAthoiZcEZqeIM0ALrUJttnOgVoDyLYgLMs+okPr5XsLJo6StsucN0T
+9M36/a3pRWunmxk6xQJBAOaD3sdIMLtGpFFOIQgkNUD9rOqXpi87h3ecmJCuG82w
+B6kRNvpZz33U2FowFQtGBdvUBsbzlRzYDMrWniC6YKc=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/crl1.crl
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/crl1.crl (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/crl1.crl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,8 @@
+-----BEGIN X509 CRL-----
+MIIBBDBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v
+dCBDQTELMAkGA1UEBhMCU0UXDTA3MTExNTA2NTkwMFoXDTE3MDkyMzA2NTkwMFow
+FDASAgEDFw0wNzExMTUwNjU5MDBaMA0GCSqGSIb3DQEBBQUAA4GBAGYUroSt3oVI
+0mjphSYqtpzDavF6xVM7bQrQEW+ZhzG7VynJdJaPgaJRaEHj9CNlJT1GF5WOY180
+wWuZEqXUV144snZ7YkSdsNOQRSmnHp8Fl6Sjdya3G55FoJHmhZ2JvscyZpb/Vh8N
+NoMICB27iYqCzVlK9NkT5neCmomv/mDn
+-----END X509 CRL-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/crl1.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/crl1.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/crl1.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/crl1.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/crl1.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/gen-req.sh
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/gen-req.sh (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/gen-req.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,316 @@
+#!/bin/sh
+# $Id: gen-req.sh,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+# This script need openssl 0.9.8a or newer, so it can parse the
+# otherName section for pkinit certificates.
+#
+
+openssl=$HOME/src/openssl/openssl-0.9.8e/apps/openssl
+
+gen_cert()
+{
+ ${openssl} req \
+ -new \
+ -subj "$1" \
+ -config openssl.cnf \
+ -newkey rsa:1024 \
+ -sha1 \
+ -nodes \
+ -keyout out.key \
+ -out cert.req > /dev/null 2>/dev/null
+
+ if [ "$3" = "ca" ] ; then
+ ${openssl} x509 \
+ -req \
+ -days 3650 \
+ -in cert.req \
+ -extfile openssl.cnf \
+ -extensions $4 \
+ -signkey out.key \
+ -out cert.crt
+
+ ln -s ca.crt `${openssl} x509 -hash -noout -in cert.crt`.0
+
+ name=$3
+
+ elif [ "$3" = "proxy" ] ; then
+
+ ${openssl} x509 \
+ -req \
+ -in cert.req \
+ -days 3650 \
+ -out cert.crt \
+ -CA $2.crt \
+ -CAkey $2.key \
+ -CAcreateserial \
+ -extfile openssl.cnf \
+ -extensions $4
+
+ name=$5
+ else
+
+ ${openssl} ca \
+ -name $4 \
+ -days 3650 \
+ -cert $2.crt \
+ -keyfile $2.key \
+ -in cert.req \
+ -out cert.crt \
+ -outdir . \
+ -batch \
+ -config openssl.cnf
+
+ name=$3
+ fi
+
+ mv cert.crt $name.crt
+ mv out.key $name.key
+}
+
+echo "01" > serial
+> index.txt
+rm -f *.0
+
+gen_cert "/CN=hx509 Test Root CA/C=SE" "root" "ca" "v3_ca"
+gen_cert "/CN=OCSP responder/C=SE" "ca" "ocsp-responder" "ocsp"
+gen_cert "/CN=Test cert/C=SE" "ca" "test" "usr"
+gen_cert "/CN=Revoke cert/C=SE" "ca" "revoke" "usr"
+gen_cert "/CN=Test cert KeyEncipherment/C=SE" "ca" "test-ke-only" "usr_ke"
+gen_cert "/CN=Test cert DigitalSignature/C=SE" "ca" "test-ds-only" "usr_ds"
+gen_cert "/CN=pkinit/C=SE" "ca" "pkinit" "pkinit_client"
+gen_cert "/C=SE/CN=pkinit/CN=pkinit-proxy" "pkinit" "proxy" "proxy_cert" pkinit-proxy
+gen_cert "/CN=kdc/C=SE" "ca" "kdc" "pkinit_kdc"
+gen_cert "/CN=www.test.h5l.se/C=SE" "ca" "https" "https"
+gen_cert "/CN=Sub CA/C=SE" "ca" "sub-ca" "subca"
+gen_cert "/CN=Test sub cert/C=SE" "sub-ca" "sub-cert" "usr"
+gen_cert "/C=SE/CN=Test cert/CN=proxy" "test" "proxy" "proxy_cert" proxy-test
+gen_cert "/C=SE/CN=Test cert/CN=proxy/CN=child" "proxy-test" "proxy" "proxy_cert" proxy-level-test
+gen_cert "/C=SE/CN=Test cert/CN=no-proxy" "test" "proxy" "usr_cert" no-proxy-test
+gen_cert "/C=SE/CN=Test cert/CN=proxy10" "test" "proxy" "proxy10_cert" proxy10-test
+gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child" "proxy10-test" "proxy" "proxy10_cert" proxy10-child-test
+gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child/CN=child" "proxy10-child-test" "proxy" "proxy10_cert" proxy10-child-child-test
+
+
+# combine
+cat sub-ca.crt ca.crt > sub-ca-combined.crt
+cat test.crt test.key > test.combined.crt
+cat pkinit-proxy.crt pkinit.crt > pkinit-proxy-chain.crt
+
+# password protected key
+${openssl} rsa -in test.key -aes256 -passout pass:foobar -out test-pw.key
+${openssl} rsa -in pkinit.key -aes256 -passout pass:foo -out pkinit-pw.key
+
+
+${openssl} ca \
+ -name usr \
+ -cert ca.crt \
+ -keyfile ca.key \
+ -revoke revoke.crt \
+ -config openssl.cnf
+
+${openssl} pkcs12 \
+ -export \
+ -in test.crt \
+ -inkey test.key \
+ -passout pass:foobar \
+ -out test.p12 \
+ -name "friendlyname-test" \
+ -certfile ca.crt \
+ -caname ca
+
+${openssl} pkcs12 \
+ -export \
+ -in sub-cert.crt \
+ -inkey sub-cert.key \
+ -passout pass:foobar \
+ -out sub-cert.p12 \
+ -name "friendlyname-sub-cert" \
+ -certfile sub-ca-combined.crt \
+ -caname sub-ca \
+ -caname ca
+
+${openssl} pkcs12 \
+ -keypbe NONE \
+ -certpbe NONE \
+ -export \
+ -in test.crt \
+ -inkey test.key \
+ -passout pass:foobar \
+ -out test-nopw.p12 \
+ -name "friendlyname-cert" \
+ -certfile ca.crt \
+ -caname ca
+
+${openssl} smime \
+ -sign \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -signer test.crt \
+ -inkey test.key \
+ -outform DER \
+ -out test-signed-data
+
+${openssl} smime \
+ -sign \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -signer test.crt \
+ -inkey test.key \
+ -noattr \
+ -outform DER \
+ -out test-signed-data-noattr
+
+${openssl} smime \
+ -sign \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -signer test.crt \
+ -inkey test.key \
+ -noattr \
+ -nocerts \
+ -outform DER \
+ -out test-signed-data-noattr-nocerts
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-rc2-40 \
+ -rc2-40 \
+ test.crt
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-rc2-64 \
+ -rc2-64 \
+ test.crt
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-rc2-128 \
+ -rc2-128 \
+ test.crt
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-des \
+ -des \
+ test.crt
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-des-ede3 \
+ -des3 \
+ test.crt
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-aes-128 \
+ -aes128 \
+ test.crt
+
+${openssl} smime \
+ -encrypt \
+ -nodetach \
+ -binary \
+ -in static-file \
+ -outform DER \
+ -out test-enveloped-aes-256 \
+ -aes256 \
+ test.crt
+
+echo ocsp requests
+
+${openssl} ocsp \
+ -issuer ca.crt \
+ -cert test.crt \
+ -reqout ocsp-req1.der
+
+${openssl} ocsp \
+ -index index.txt \
+ -rsigner ocsp-responder.crt \
+ -rkey ocsp-responder.key \
+ -CA ca.crt \
+ -reqin ocsp-req1.der \
+ -noverify \
+ -respout ocsp-resp1-ocsp.der
+
+${openssl} ocsp \
+ -index index.txt \
+ -rsigner ca.crt \
+ -rkey ca.key \
+ -CA ca.crt \
+ -reqin ocsp-req1.der \
+ -noverify \
+ -respout ocsp-resp1-ca.der
+
+${openssl} ocsp \
+ -index index.txt \
+ -rsigner ocsp-responder.crt \
+ -rkey ocsp-responder.key \
+ -CA ca.crt \
+ -resp_no_certs \
+ -reqin ocsp-req1.der \
+ -noverify \
+ -respout ocsp-resp1-ocsp-no-cert.der
+
+${openssl} ocsp \
+ -index index.txt \
+ -rsigner ocsp-responder.crt \
+ -rkey ocsp-responder.key \
+ -CA ca.crt \
+ -reqin ocsp-req1.der \
+ -resp_key_id \
+ -noverify \
+ -respout ocsp-resp1-keyhash.der
+
+${openssl} ocsp \
+ -issuer ca.crt \
+ -cert revoke.crt \
+ -reqout ocsp-req2.der
+
+${openssl} ocsp \
+ -index index.txt \
+ -rsigner ocsp-responder.crt \
+ -rkey ocsp-responder.key \
+ -CA ca.crt \
+ -reqin ocsp-req2.der \
+ -noverify \
+ -respout ocsp-resp2.der
+
+${openssl} ca \
+ -gencrl \
+ -name usr \
+ -crldays 3600 \
+ -keyfile ca.key \
+ -cert ca.crt \
+ -crl_reason superseded \
+ -out crl1.crl \
+ -config openssl.cnf
+
+${openssl} crl -in crl1.crl -outform der -out crl1.der
Added: vendor-crypto/heimdal/dist/lib/hx509/data/j.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/j.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/j.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEajCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJKUDEN
+MAsGA1UECgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24g
+Rm9yIEpQS0kxETAPBgNVBAsMCEJyaWRnZUNBMB4XDTAzMTIyNzA1MDgxNVoXDTEz
+MTIyNjE0NTk1OVowWjELMAkGA1UEBhMCSlAxDTALBgNVBAoMBEpQS0kxKTAnBgNV
+BAsMIFByZWZlY3R1cmFsIEFzc29jaWF0aW9uIEZvciBKUEtJMREwDwYDVQQLDAhC
+cmlkZ2VDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTnUmg7K3m8
+52vd77kwkq156euwoWm5no8E8kmaTSc7x2RABPpqNTlMKdZ6ttsyYrqREeDkcvPL
+yF7yf/I8+innasNtsytcTAy8xY8Avsbd4JkCGW9dyPjk9pzzc3yLQ64Rx2fujRn2
+agcEVdPCr/XpJygX8FD5bbhkZ0CVoiASBmlHOcC3YpFlfbT1QcpOSOb7o+VdKVEi
+MMfbBuU2IlYIaSr/R1nO7RPNtkqkFWJ1/nKjKHyzZje7j70qSxb+BTGcNgTHa1YA
+UrogKB+UpBftmb4ds+XlkEJ1dvwokiSbCDaWFKD+YD4B2s0bvjCbw8xuZFYGhNyR
+/2D5XfN1s2MCAwEAAaOCATkwggE1MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MG0GA1UdHwRmMGQwYqBgoF6kXDBaMQswCQYDVQQGEwJKUDENMAsGA1UE
+CgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24gRm9yIEpQ
+S0kxETAPBgNVBAsMCEJyaWRnZUNBMIGDBgNVHREEfDB6pHgwdjELMAkGA1UEBhMC
+SlAxJzAlBgNVBAoMHuWFrOeahOWAi+S6uuiqjeiovOOCteODvOODk+OCuTEeMBwG
+A1UECwwV6YO96YGT5bqc55yM5Y2U6K2w5LyaMR4wHAYDVQQLDBXjg5bjg6rjg4Pj
+grjoqo3oqLzlsYAwHQYDVR0OBBYEFNQXMiCqQNkR2OaZmQgLtf8mR8p8MA0GCSqG
+SIb3DQEBBQUAA4IBAQATjJo4reTNPC5CsvAKu1RYT8PyXFVYHbKsEpGt4GR8pDCg
+HEGAiAhHSNrGh9CagZMXADvlG0gmMOnXowriQQixrtpkmx0TB8tNAlZptZWkZC+R
+8TnjOkHrk2nFAEC3ezbdK0R7MR4tJLDQCnhEWbg50rf0wZ/aF8uAaVeEtHXa6W0M
+Xq3dSe0XAcrLbX4zZHQTaWvdpLAIjl6DZ3SCieRMyoWUL+LXaLFdTP5WBCd+No58
+IounD9X4xxze2aeRVaiV/WnQ0OSPNS7n7YXy6xQdnaOU4KRW/Lne1EDf5IfWC/ih
+bVAmhZMbcrkWWcsR6aCPG+2mV3zTD6AUzuKPal8Y
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/kdc.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/kdc.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/kdc.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7 (0x7)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:58 2007 GMT
+ Not After : Nov 12 06:58:58 2017 GMT
+ Subject: C=SE, CN=kdc
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bb:fa:14:24:35:9f:cb:82:91:20:b9:44:ec:4d:
+ f8:e4:1b:68:3f:6a:4d:d1:56:3e:28:25:6e:ab:aa:
+ 8b:6b:9c:59:ce:67:cc:27:61:4f:ff:18:a5:56:81:
+ a1:94:c4:33:f9:20:54:e5:1f:5a:47:43:ee:8f:52:
+ 8a:9f:97:6b:73:92:a3:e1:fd:9e:0b:04:36:2b:b2:
+ 72:bd:80:ff:ae:5a:e1:9b:bb:d8:77:c8:fe:f8:3b:
+ 3f:b9:51:56:6e:97:c2:2a:76:ea:56:d8:46:67:45:
+ 33:6f:b1:74:cf:2b:dd:11:32:1f:d7:a9:e9:2a:e2:
+ 0f:a8:dd:b1:94:85:87:dd:b5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ pkkdcekuoid
+ X509v3 Subject Key Identifier:
+ 51:75:26:1A:E0:16:0F:69:A8:B4:98:80:EB:C8:49:A6:D0:C6:24:C1
+ X509v3 Subject Alternative Name:
+ othername:<unsupported>
+ Signature Algorithm: sha1WithRSAEncryption
+ 7a:f7:7c:cf:2d:87:aa:93:49:b1:05:2a:ea:ee:75:97:22:02:
+ 5a:a1:2c:e3:e1:9d:be:48:0c:75:26:e0:84:f0:2a:90:5a:15:
+ dd:7c:58:65:ab:79:05:85:40:54:35:e1:57:58:96:aa:32:68:
+ f2:bd:cc:b5:9a:1c:f5:d7:49:01:44:ce:fc:22:55:3c:86:d6:
+ c2:ed:46:e6:dc:a7:c5:48:3f:ac:0c:10:ba:b9:e2:e8:78:37:
+ 79:f7:d5:da:c0:8e:74:09:64:ff:bb:36:24:d4:c7:4d:c3:93:
+ c2:d7:3a:32:97:b9:e1:79:ea:82:3a:42:69:ec:e4:ec:48:d5:
+ 3f:90
+-----BEGIN CERTIFICATE-----
+MIICVDCCAb2gAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OFoXDTE3
+MTExMjA2NTg1OFowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAu/oUJDWfy4KRILlE7E345BtoP2pN0VY+KCVu
+q6qLa5xZzmfMJ2FP/xilVoGhlMQz+SBU5R9aR0Puj1KKn5drc5Kj4f2eCwQ2K7Jy
+vYD/rlrhm7vYd8j++Ds/uVFWbpfCKnbqVthGZ0Uzb7F0zyvdETIf16npKuIPqN2x
+lIWH3bUCAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DASBgNVHSUE
+CzAJBgcrBgEFAgMFMB0GA1UdDgQWBBRRdSYa4BYPaai0mIDryEmm0MYkwTBIBgNV
+HREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMCAQGhFzAV
+GwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4GBAHr3fM8th6qT
+SbEFKurudZciAlqhLOPhnb5IDHUm4ITwKpBaFd18WGWreQWFQFQ14VdYlqoyaPK9
+zLWaHPXXSQFEzvwiVTyG1sLtRubcp8VIP6wMELq54uh4N3n31drAjnQJZP+7NiTU
+x03Dk8LXOjKXueF56oI6Qmns5OxI1T+Q
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/kdc.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/kdc.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/kdc.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC7+hQkNZ/LgpEguUTsTfjkG2g/ak3RVj4oJW6rqotrnFnOZ8wn
+YU//GKVWgaGUxDP5IFTlH1pHQ+6PUoqfl2tzkqPh/Z4LBDYrsnK9gP+uWuGbu9h3
+yP74Oz+5UVZul8IqdupW2EZnRTNvsXTPK90RMh/Xqekq4g+o3bGUhYfdtQIDAQAB
+AoGBAJXwJO65A0v+SqqyfSKME1JH9kBXF9k5lHzLVtqBP5JHdW7pZnOm8HtG+mLl
+JbCXS+mUe4MDHiyoJ/qUWVRxIFgBBEQpaYxdyW8d+SpCnR53hBa3t0yxr3yZ0XCc
+u4lkKaCCQM5aPZqlbEkyR0Hm+lXPKbW+Sgm18fm2zPJ/2EXhAkEA8RO+dydMR7LV
+8PdOvMkENwwnkUQTI3YjoRy0yV9UV+x3JDdBufOOjObrXIg/jDkg3PyOE5JBo/EZ
+u1OyFFbyPQJBAMec4B3+ZyOPeH1OodSWfL/0AFCSZyOs1UgEC7vorMJ8i0eHDIsT
+Uie1xNlrfrjnXTvMG7woFZOvNXBJkxCXKNkCQQCyMX/lnxyZGq1csdB3ZrZA4jEV
+BRaIbbikTA2tk1NKsjTWhimFA2xo5f8upF8kjM2nyt5RxRfT0FDO0Gye8C2ZAkBq
+CJYwuJwXErZBcgya/dmEqduk8TAijkO5fpSxG7bxlPDzbPSnx/qjJ3ZKvERTemtX
+QWQWPgDAM5kibaLWdEV5AkAJn7iP495Cbac0y3zihgK/M70M9y1WB0TbumpTVpg2
+taw3NwTjQlGnFj64dJIj+hgCOGYJ7H1Gt7JOi10NRtbd
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/key.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/key.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/key.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/key.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/key.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/key2.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/key2.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/key2.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/key2.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/key2.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/nist-data
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/nist-data (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/nist-data 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+# $Id: nist-data,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+# id verify cert hxtool-verify-arguments...
+# p(ass) f(ail)
+# Those id's that end with i are invariants of the orignal test
+#
+# 4.1 Signature Verification
+#
+4.1.1 p ValidCertificatePathTest1EE.crt GoodCACert.crt GoodCACRL.crl
+4.1.2 f InvalidCASignatureTest2EE.crt BadSignedCACert.crt BadSignedCACRL.crl
+4.1.3 f InvalidEESignatureTest3EE.crt GoodCACert.crt GoodCACRL.crl
+#4.1.4 p ValidDSASignaturesTest4EE.crt DSACACert.crt DSACACRL.crl
+#4.1.5 p ValidDSAParameterInheritanceTest5EE.crl DSAParametersInheritedCACert.crt DSAParametersInheritedCACRL.crl DSACACert.crt DSACACRL.crl
+#4.1.6 f InvalidDSASignaturesTest6EE.crt DSACACert.crt DSACACRL.crl
+#
+# 4.2 Validity Periods
+#
+4.2.1 f InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt BadnotBeforeDateCACRL.crl
+4.2.2 f InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt GoodCACRL.crl
+4.2.3 p Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt GoodCACRL.crl
+4.2.4 p ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt GoodCACRL.crl
+4.2.5 f InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt BadnotAfterDateCACRL.crl
+4.2.6 f InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt GoodCACRL.crl
+4.2.7 f Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt GoodCACRL.crl
+#4.2.8 p ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt GoodCACRL.crl
+#
+# 4.4 CRtests
+#
+4.4.1 f InvalidMissingCRLTest1EE.crt NoCRLCACert.crt
+4.4.1i p InvalidMissingCRLTest1EE.crt --missing-revoke NoCRLCACert.crt
+4.4.2 f InvalidRevokedEETest3EE.crt GoodCACert.crt InvalidRevokedCATest2EE.crt GoodCACRL.crl RevokedsubCACRL.crl
+4.4.2i p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt InvalidRevokedCATest2EE.crt
+4.4.3 f InvalidRevokedEETest3EE.crt GoodCACert.crt GoodCACRL.crl
+4.4.3i p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt
+4.4.4 f InvalidBadCRLSignatureTest4EE.crt BadCRLSignatureCACert.crt BadCRLSignatureCACRL.crl
+4.4.4i p InvalidBadCRLSignatureTest4EE.crt --missing-revoke BadCRLSignatureCACert.crt
+4.4.5 f InvalidBadCRLIssuerNameTest5EE.crt BadCRLIssuerNameCACert.crt BadCRLIssuerNameCACRL.crl
+4.4.5i p InvalidBadCRLIssuerNameTest5EE.crt --missing-revoke BadCRLIssuerNameCACert.crt
+4.4.6 f InvalidWrongCRLTest6EE.crt WrongCRLCACert.crt WrongCRLCACRL.crl
+4.4.7 p ValidTwoCRLsTest7EE.crt TwoCRLsCACert.crt TwoCRLsCAGoodCRL.crl TwoCRLsCABadCRL.crl
+4.4.8 f InvalidUnknownCRLEntryExtensionTest8EE.crt UnknownCRLEntryExtensionCACert.crt UnknownCRLEntryExtensionCACRL.crl
+4.4.9 f InvalidUnknownCRLExtensionTest9EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl
+4.4.10 f InvalidUnknownCRLExtensionTest10EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl
+4.4.11 f InvalidOldCRLnextUpdateTest11EE.crt OldCRLnextUpdateCACert.crt OldCRLnextUpdateCACRL.crl
+4.4.12 f Invalidpre2000CRLnextUpdateTest12EE.crt pre2000CRLnextUpdateCACert.crt pre2000CRLnextUpdateCACRL.crl
+#4.4.13-xxx s ValidGeneralizedTimeCRLnextUpdateTest13EE.crt GeneralizedTimeCRLnextUpdateCACert.crt GeneralizedTimeCRLnextUpdateCACRL.crl
+4.4.14 p ValidNegativeSerialNumberTest14EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl
+4.4.15 f InvalidNegativeSerialNumberTest15EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl
+4.4.16 p ValidLongSerialNumberTest16EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
+4.4.17 p ValidLongSerialNumberTest17EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
+4.4.18 f InvalidLongSerialNumberTest18EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl
+#
+#
+# 4.8 Ceificate Policies
+incomplete4.8.2 p AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt NoPoliciesCACRL.crl
+incomplete4.8.10 p AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt PoliciesP12CACRL.crl
+incomplete4.8.13 p AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt PoliciesP123CACRL.crl
+incomplete4.8.11 p AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl
+unknown p AnyPolicyTest14EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl
+unknown f BadSignedCACert.crt
+unknown f BadnotAfterDateCACert.crt
+unknown f BadnotBeforeDateCACert.crt
+#
+# 4.13 Name Constraints
+#
+4.13.1 p ValidDNnameConstraintsTest1EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.2 f InvalidDNnameConstraintsTest2EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.3 f InvalidDNnameConstraintsTest3EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.4 p ValidDNnameConstraintsTest4EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.5 p ValidDNnameConstraintsTest5EE.crt nameConstraintsDN2CACert.crt nameConstraintsDN2CACRL.crl
+4.13.6 p ValidDNnameConstraintsTest6EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
+4.13.7 f InvalidDNnameConstraintsTest7EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
+4.13.8 f InvalidDNnameConstraintsTest8EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl
+4.13.9 f InvalidDNnameConstraintsTest9EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl
+4.13.10 f InvalidDNnameConstraintsTest10EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl
+4.13.11 p ValidDNnameConstraintsTest11EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl
+4.13.12 f InvalidDNnameConstraintsTest12EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.13 f InvalidDNnameConstraintsTest13EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.14 p ValidDNnameConstraintsTest14EE.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1subCA2CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+4.13.15 f InvalidDNnameConstraintsTest15EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
+4.13.16 f InvalidDNnameConstraintsTest16EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
+4.13.17 f InvalidDNnameConstraintsTest17EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
+4.13.18 p ValidDNnameConstraintsTest18EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl
+#
+# no crl for self issued cert
+#
+#4.13.19 p ValidDNnameConstraintsTest19EE.crt nameConstraintsDN1SelfIssuedCACert.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+# ??
+4.13.20 f InvalidDNnameConstraintsTest20EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl
+#4.13.21 p ValidRFC822nameConstraintsTest21EE.crt nameConstraintsRFC822CA1Cert.crt nameConstraintsRFC822CA1CRL.crl
+#page 74
+end
Added: vendor-crypto/heimdal/dist/lib/hx509/data/nist-data2
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/nist-data2 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/nist-data2 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,291 @@
+# 4.1.1 Valid Signatures Test1 - Validate Successfully
+0 ValidCertificatePathTest1EE.crt
+# 4.1.2 Invalid CA Signature Test2 - Reject - Invalid signature on intermediate certificate
+1 InvalidCASignatureTest2EE.crt
+# 4.1.3 Invalid EE Signature Test3 - Reject - Invalid signature on end entity certificate
+1 InvalidEESignatureTest3EE.crt
+# 4.1.4 Valid DSA Signatures Test4 - Reject - Application can not process DSA signatures
+1 ValidDSASignaturesTest4EE.crt
+# 4.2.1 Invalid CA notBefore Date Test1 - Reject - notBefore date in intermediate certificate is after the current date
+1 InvalidCAnotBeforeDateTest1EE.crt
+# 4.2.2 Invalid EE notBefore Date Test2 - Reject - notBefore date in end entity certificate is after the current date
+1 InvalidEEnotBeforeDateTest2EE.crt
+# 4.2.3 Valid pre2000 UTC notBefore Date Test3 - Validate Successfully
+0 Validpre2000UTCnotBeforeDateTest3EE.crt
+# 4.2.4 Valid GeneralizedTime notBefore Date Test4 - Validate Successfully
+0 ValidGeneralizedTimenotBeforeDateTest4EE.crt
+# 4.2.5 Invalid CA notAfter Date Test5 - Reject - notAfter date in intermediate certificate is before the current date
+1 InvalidCAnotAfterDateTest5EE.crt
+# 4.2.6 Invalid EE notAfter Date Test6 - Reject - notAfter date in end entity certificate is before the current date
+1 InvalidEEnotAfterDateTest6EE.crt
+# 4.2.7 Invalid pre2000 UTC EE notAfter Date Test7 - Reject - notAfter date in end entity certificate is before the current date
+1 Invalidpre2000UTCEEnotAfterDateTest7EE.crt
+# 4.2.8 Valid GeneralizedTime notAfter Date Test8 - Validate Successfully
+0 ValidGeneralizedTimenotAfterDateTest8EE.crt
+# 4.3.1 Invalid Name Chaining EE Test1 - Reject - names do not chain
+1 InvalidNameChainingTest1EE.crt
+# 4.3.2 Invalid Name Chaining Order Test2 - Reject - names do not chain
+1 InvalidNameChainingOrderTest2EE.crt
+# 4.3.3 Valid Name Chaining Whitespace Test3 - Validate Successfully
+0 ValidNameChainingWhitespaceTest3EE.crt
+# 4.3.4 Valid Name Chaining Whitespace Test4 - Validate Successfully
+0 ValidNameChainingWhitespaceTest4EE.crt
+# 4.3.5 Valid Name Chaining Capitalization Test5 - Validate Successfully
+0 ValidNameChainingCapitalizationTest5EE.crt
+# 4.3.6 Valid Name Chaining UIDs Test6 - Validate Successfully
+0 ValidNameUIDsTest6EE.crt
+# 4.3.9 Valid UTF8String Encoded Names Test9 - Validate Successfully
+0 ValidUTF8StringEncodedNamesTest9EE.crt
+# 4.4.1 Missing CRL Test1 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidMissingCRLTest1EE.crt
+# 4.4.2 Invalid Revoked CA Test2 - Reject - an intermediate certificate has been revoked.
+2 InvalidRevokedCATest2EE.crt
+# 4.4.3 Invalid Revoked EE Test3 - Reject - the end entity certificate has been revoked
+2 InvalidRevokedEETest3EE.crt
+# 4.4.4. Invalid Bad CRL Signature Test4 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidBadCRLSignatureTest4EE.crt
+# 4.4.5 Invalid Bad CRL Issuer Name Test5 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidBadCRLIssuerNameTest5EE.crt
+# 4.4.6 Invalid Wrong CRL Test6 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidWrongCRLTest6EE.crt
+# 4.4.7 Valid Two CRLs Test7 - Validate Successfully
+0 ValidTwoCRLsTest7EE.crt
+# 4.4.8 Invalid Unknown CRL Entry Extension Test8 - Reject - the end entity certificate has been revoked
+2 InvalidUnknownCRLEntryExtensionTest8EE.crt
+# 4.4.9 Invalid Unknown CRL Extension Test9 - Reject - the end entity certificate has been revoked
+2 InvalidUnknownCRLExtensionTest9EE.crt
+# 4.4.10 Invalid Unknown CRL Extension Test10 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidUnknownCRLExtensionTest10EE.crt
+# 4.4.11 Invalid Old CRL nextUpdate Test11 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidOldCRLnextUpdateTest11EE.crt
+# 4.4.12 Invalid pre2000 CRL nextUpdate Tesst12 - Reject or Warn - status of end entity certificate can not be determined
+3 Invalidpre2000CRLnextUpdateTest12EE.crt
+# 4.4.13 Valid GeneralizedTime CRL nextUpdate Test13 - Validate Successfully
+0 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
+# 4.4.14 Valid Negative Serial Number Test14 - Validate Successfully
+0 ValidNegativeSerialNumberTest14EE.crt
+# 4.4.15 Invalid Negative Serial Number Test15 - Reject - the end entity certificate has been revoked
+2 InvalidNegativeSerialNumberTest15EE.crt
+# 4.4.16 Valid Long Serial Number Test16 - Validate Successfully
+0 ValidLongSerialNumberTest16EE.crt
+# 4.4.17 Valid Long Serial Number Test17 - Validate Successfully
+0 ValidLongSerialNumberTest17EE.crt
+# 4.4.18 Invalid Long Serial Number Test18 - Reject - the end entity certificate has been revoked
+2 InvalidLongSerialNumberTest18EE.crt
+# 4.4.19 Valid Separate Certificate and CRL Keys Test19 - Validate Successfully
+0 ValidSeparateCertificateandCRLKeysTest19EE.crt
+# 4.4.20 Invalid Separate Certificate and CRL Keys Test20 - Reject - the end entity certificate has been revoked
+2 InvalidSeparateCertificateandCRLKeysTest20EE.crt
+# 4.4.21 Invalid Separate Certificate and CRL Keys Test21 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidSeparateCertificateandCRLKeysTest21EE.crt
+# 4.5.1 Valid Basic Self-Issued Old With New Test1 - Validate Successfully
+0 ValidBasicSelfIssuedOldWithNewTest1EE.crt
+# 4.5.2 Invalid Basic Self-Issued Old With New Test2 - Reject - the end entity certificate has been revoked
+2 InvalidBasicSelfIssuedOldWithNewTest2EE.crt
+# 4.5.3 Valid Basic Self-Issued New With Old Test3 - Validate Successfully
+0 ValidBasicSelfIssuedNewWithOldTest3EE.crt
+# 4.5.4 Valid Basic Self-Issued New With Old Test4 - Validate Successfully
+0 ValidBasicSelfIssuedNewWithOldTest4EE.crt
+# 4.5.5 Invalid Basic Self-Issued New With Old Test5 - Reject - the end entity certificate has been revoked
+2 InvalidBasicSelfIssuedNewWithOldTest5EE.crt
+# 4.5.6 Valid Basic Self-Issued CRL Signing Key Test6 - Validate Successfully
+0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
+# 4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7 - Reject - the end entity certificate has been revoked
+2 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
+# 4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8 - Reject - invalid certification path
+1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
+# 4.6.1 Invalid Missing basicConstraints Test1 - Reject - invalid certification path
+1 InvalidMissingbasicConstraintsTest1EE.crt
+# 4.6.2 Invalid cA False Test2 - Reject - invalid certification path
+1 InvalidcAFalseTest2EE.crt
+# 4.6.3 Invalid cA False Test3 - Reject - invalid certification path
+1 InvalidcAFalseTest3EE.crt
+# 4.6.4 Valid basicConstraints Not Critical Test4 - Validate Successfully
+0 ValidbasicConstraintsNotCriticalTest4EE.crt
+# 4.6.5 Invalid pathLenConstraint Test5 - Reject - invalid certification path
+1 InvalidpathLenConstraintTest5EE.crt
+# 4.6.6 Invalid pathLenConstraint Test6 - Reject - invalid certification path
+1 InvalidpathLenConstraintTest6EE.crt
+# 4.6.7 Valid pathLenConstraint Test7 - Validate Successfully
+0 ValidpathLenConstraintTest7EE.crt
+# 4.6.8 Valid pathLenConstraint Test8 - Validate Successfully
+0 ValidpathLenConstraintTest8EE.crt
+# 4.6.9 Invalid pathLenConstraint Test9 - Reject - invalid certification path
+1 InvalidpathLenConstraintTest9EE.crt
+# 4.6.10 Invalid pathLenConstraint Test10 - Reject - invalid certification path
+1 InvalidpathLenConstraintTest10EE.crt
+# 4.6.11 Invalid pathLenConstraint Test11 - Reject - invalid certification path
+1 InvalidpathLenConstraintTest11EE.crt
+# 4.6.12 Invalid pathLenConstraint Test12 - Reject - invalid certification path
+1 InvalidpathLenConstraintTest12EE.crt
+# 4.6.13 Valid pathLenConstraint Test13 - Validate Successfully
+0 ValidpathLenConstraintTest13EE.crt
+# 4.6.14 Valid pathLenConstraint Test14 - Validate Successfully
+0 ValidpathLenConstraintTest14EE.crt
+# 4.6.15 Valid Self-Issued pathLenConstraint Test15 - Validate Successfully
+0 ValidSelfIssuedpathLenConstraintTest15EE.crt
+# 4.6.16 Invalid Self-Issued pathLenConstraint Test16 - Reject - invalid certification path
+1 InvalidSelfIssuedpathLenConstraintTest16EE.crt
+# 4.6.17 Valid Self-Issued pathLenConstraint Test17 - Validate Successfully
+0 ValidSelfIssuedpathLenConstraintTest17EE.crt
+# 4.7.1 Invalid keyUsage Critical keyCertSign False Test1 - Reject - invalid certification path
+1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
+# 4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2 - Reject - invalid certification path
+1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
+# 4.7.3 Valid keyUsage Not Critical Test3 - Validate Successfully
+0 ValidkeyUsageNotCriticalTest3EE.crt
+# 4.7.4 Invalid keyUsage Critical cRLSign False Test4 - Reject - invalid certification path
+1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
+# 4.7.5 Invalid keyUsage Not Critical cRLSign False Test5 - Reject - invalid certification path
+1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
+0 UserNoticeQualifierTest19EE.crt
+# 4.10.1 Valid Policy Mapping Test1, subtest 1 - Reject - unrecognized critical extension [Test using the default settings (i.e., <i>initial-policy-set</i> = <i>any-policy</i>)
+1 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
+# 4.11.2 Valid inhibitPolicyMapping Test2 - Reject - unrecognized critical extension
+1 ValidinhibitPolicyMappingTest2EE.crt
+# 4.12.2 Valid inhibitAnyPolicy Test2 - Reject - unrecognized critical extension
+1 ValidinhibitAnyPolicyTest2EE.crt
+# 4.13.1 Valid DN nameConstraints Test1 - Validate Successfully
+0 ValidDNnameConstraintsTest1EE.crt
+# 4.13.2 Invalid DN nameConstraints Test2 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest2EE.crt
+# 4.13.3 Invalid DN nameConstraints Test3 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest3EE.crt
+# 4.13.4 Valid DN nameConstraints Test4 - Validate Successfully
+0 ValidDNnameConstraintsTest4EE.crt
+# 4.13.5 Valid DN nameConstraints Test5 - Validate Successfully
+0 ValidDNnameConstraintsTest5EE.crt
+# 4.13.6 Valid DN nameConstraints Test6 - Validate Successfully
+0 ValidDNnameConstraintsTest6EE.crt
+# 4.13.7 Invalid DN nameConstraints Test7 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest7EE.crt
+# 4.13.8 Invalid DN nameConstraints Test8 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest8EE.crt
+# 4.13.9 Invalid DN nameConstraints Test9 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest9EE.crt
+# 4.13.10 Invalid DN nameConstraints Test10 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest10EE.crt
+# 4.13.11 Valid DN nameConstraints Test11 - Validate Successfully
+0 ValidDNnameConstraintsTest11EE.crt
+# 4.13.12 Invalid DN nameConstraints Test12 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest12EE.crt
+# 4.13.13 Invalid DN nameConstraints Test13 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest13EE.crt
+# 4.13.14 Valid DN nameConstraints Test14 - Validate Successfully
+0 ValidDNnameConstraintsTest14EE.crt
+# 4.13.15 Invalid DN nameConstraints Test15 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest15EE.crt
+# 4.13.16 Invalid DN nameConstraints Test16 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest16EE.crt
+# 4.13.17 Invalid DN nameConstraints Test17 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest17EE.crt
+# 4.13.18 Valid DN nameConstraints Test18 - Validate Successfully
+0 ValidDNnameConstraintsTest18EE.crt
+# 4.13.19 Valid Self-Issued DN nameConstraints Test19 - Validate Successfully
+0 ValidDNnameConstraintsTest19EE.crt
+# 4.13.20 Invalid Self-Issued DN nameConstraints Test20 - Reject - name constraints violation
+1 InvalidDNnameConstraintsTest20EE.crt
+# 4.13.21 Valid RFC822 nameConstraints Test21 - Validate Successfully
+0 ValidRFC822nameConstraintsTest21EE.crt
+# 4.13.22 Invalid RFC822 nameConstraints Test22 - Reject - name constraints violation
+1 InvalidRFC822nameConstraintsTest22EE.crt
+# 4.13.23 Valid RFC822 nameConstraints Test23 - Validate Successfully
+0 ValidRFC822nameConstraintsTest23EE.crt
+# 4.13.24 Invalid RFC822 nameConstraints Test24 - Reject - name constraints violation
+1 InvalidRFC822nameConstraintsTest24EE.crt
+# 4.13.25 Valid RFC822 nameConstraints Test25 - Validate Successfully
+0 ValidRFC822nameConstraintsTest25EE.crt
+# 4.13.26 Invalid RFC822 nameConstraints Test26 - Reject - name constraints violation
+1 InvalidRFC822nameConstraintsTest26EE.crt
+# 4.13.27 Valid DN and RFC822 nameConstraints Test27 - Validate Successfully
+0 ValidDNandRFC822nameConstraintsTest27EE.crt
+# 4.13.28 Invalid DN and RFC822 nameConstraints Test28 - Reject - name constraints violation
+1 InvalidDNandRFC822nameConstraintsTest28EE.crt
+# 4.13.29 Invalid DN and RFC822 nameConstraints Test29 - Reject - name constraints violation
+1 InvalidDNandRFC822nameConstraintsTest29EE.crt
+# 4.13.30 Valid DNS nameConstraints Test30 - Validate Successfully
+0 ValidDNSnameConstraintsTest30EE.crt
+# 4.13.31 Invalid DNS nameConstraints Test31 - Reject - name constraints violation
+1 InvalidDNSnameConstraintsTest31EE.crt
+# 4.13.32 Valid DNS nameConstraints Test32 - Validate Successfully
+0 ValidDNSnameConstraintsTest32EE.crt
+# 4.13.33 Invalid DNS nameConstraints Test33 - Reject - name constraints violation
+1 InvalidDNSnameConstraintsTest33EE.crt
+# 4.13.34 Valid URI nameConstraints Test34 - Validate Successfully
+0 ValidURInameConstraintsTest34EE.crt
+# 4.13.35 Invalid URI nameConstraints Test35 - Reject - name constraints violation
+1 InvalidURInameConstraintsTest35EE.crt
+# 4.13.36 Valid URI nameConstraints Test36 - Validate Successfully
+0 ValidURInameConstraintsTest36EE.crt
+# 4.13.37 Invalid URI nameConstraints Test37 - Reject - name constraints violation
+1 InvalidURInameConstraintsTest37EE.crt
+# 4.13.38 Invalid DNS nameConstraints Test38 - Reject - name constraints violation
+1 InvalidDNSnameConstraintsTest38EE.crt
+# 4.14.1 Valid distributionPoint Test1 - Validate Successfully
+0 ValiddistributionPointTest1EE.crt
+# 4.14.2 Invalid distributionPoint Test2 - Reject - end entity certificate has been revoked
+2 InvaliddistributionPointTest2EE.crt
+# 4.14.3 Invalid distributionPoint Test3 - Reject or Warn - status of end entity certificate can not be determined
+3 InvaliddistributionPointTest3EE.crt
+# 4.14.4 Valid distributionPoint Test4 - Validate Successfully
+0 ValiddistributionPointTest4EE.crt
+# 4.14.5 Valid distributionPoint Test5 - Validate Successfully
+0 ValiddistributionPointTest5EE.crt
+# 4.14.6 Invalid distributionPoint Test6 - Reject - end entity certificate has been revoked
+2 InvaliddistributionPointTest6EE.crt
+# 4.14.7 Valid distributionPoint Test7 - Validate Successfully
+0 ValiddistributionPointTest7EE.crt
+# 4.14.8 Invalid distributionPoint Test8 - Reject or Warn - status of end entity certificate can not be determined
+3 InvaliddistributionPointTest8EE.crt
+# 4.14.9 Invalid distributionPoint Test9 - Reject or Warn - status of end entity certificate can not be determined
+3 InvaliddistributionPointTest9EE.crt
+# 4.14.10 Valid No issuingDistributionPoint Test10 - Validate Successfully
+0 ValidNoissuingDistributionPointTest10EE.crt
+# 4.14.11 Invalid onlyContainsUserCerts CRL Test11 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidonlyContainsUserCertsTest11EE.crt
+# 4.14.12 Invalid onlyContainsCACerts CRL Test12 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidonlyContainsCACertsTest12EE.crt
+# 4.14.13 Valid onlyContainsCACerts CRL Test13 - Validate Successfully
+0 ValidonlyContainsCACertsTest13EE.crt
+# 4.14.14 Invalid onlyContainsAttributeCerts Test14 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidonlyContainsAttributeCertsTest14EE.crt
+# 4.14.15 Invalid onlySomeReasons Test15 - Reject - end entity certificate has been revoked
+2 InvalidonlySomeReasonsTest15EE.crt
+# 4.14.16 Invalid onlySomeReasons Test16 - Reject - end entity certificate is on hold
+2 InvalidonlySomeReasonsTest16EE.crt
+# 4.14.17 Invalid onlySomeReasons Test17 - Reject or Warn - status of end entity certificate can not be determined
+3 InvalidonlySomeReasonsTest17EE.crt
+# 4.14.18 Valid onlySomeReasons Test18 - Validate Successfully
+0 ValidonlySomeReasonsTest18EE.crt
+# 4.14.19 Valid onlySomeReasons Test19 - Validate Successfully
+0 ValidonlySomeReasonsTest19EE.crt
+# 4.14.20 Invalid onlySomeReasons Test20 - Reject - end entity certificate has been revoked
+2 InvalidonlySomeReasonsTest20EE.crt
+# 4.14.21 Invalid onlySomeReasons Test21 - Reject - end entity certificate has been revoked
+2 InvalidonlySomeReasonsTest21EE.crt
+# 4.14.24 Valid IDP with indirectCRL Test24 - Reject or Warn - status of end entity certificate can not be determined
+3 ValidIDPwithindirectCRLTest24EE.crt
+# 4.15.1 Invalid deltaCRLIndicator No Base Test1 - Reject or Warn - status of end entity certificate can not be determined
+3 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt
+# 4.15.2 Valid delta-CRL Test2 - Validate Successfully
+0 ValiddeltaCRLTest2EE.crt
+# 4.15.3 Invalid delta-CRL Test3 - Reject - end entity certificate has been revoked
+2 InvaliddeltaCRLTest3EE.crt
+# 4.15.4 Invalid delta-CRL Test4 - Reject - end entity certificate has been revoked
+2 InvaliddeltaCRLTest4EE.crt
+# 4.15.5 Valid delta-CRL Test5 - Validate Successfully
+0 ValiddeltaCRLTest5EE.crt
+# 4.15.6 Invalid delta-CRL Test6 - Reject - end entity certificate has been revoked
+2 InvaliddeltaCRLTest6EE.crt
+# 4.15.7 Valid delta-CRL Test7 - Validate Successfully
+0 ValiddeltaCRLTest7EE.crt
+# 4.15.8 Valid delta-CRL Test8 - Validate Successfully
+0 ValiddeltaCRLTest8EE.crt
+# 4.15.9 Invalid delta-CRL Test9 - Reject - end entity certificate has been revoked
+2 InvaliddeltaCRLTest9EE.crt
+# 4.15.10 Invalid delta-CRL Test10 - Reject or Warn - status of end entity certificate can not be determined
+3 InvaliddeltaCRLTest10EE.crt
+# 4.16.1 Valid Unknown Not Critical Certificate Extension Test1 - Validate Successfully
+0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
+# 4.16.2 Invalid Unknown Critical Certificate Extension Test2 - Reject - unrecognized critical extension
+1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt
Added: vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICDDCCAXWgAwIBAgIJAI8UaHGQmUvOMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
+BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx
+MTEyMDY1ODU5WjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw
+DwYDVQQDDAhuby1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvF58
+Sgq1QTZwsXyFvMTo2Iit/NLZupuIlJgctZJ51EOaFBmTfqt/PgxQKmgqQhgFW+HT
+8WPdvvfUxjwe4BiIORYoCX8pl/wGFCa70zUC7/5IoMmhb9XBrecOxswRNK8EvGhF
+67z2uDUS4LASuy7ng8HSuAM0PCHYnGmqeYrR6jUCAwEAAaM5MDcwCQYDVR0TBAIw
+ADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJ+WD/mqMrbcBts4x0tXv0CflIcZMA0G
+CSqGSIb3DQEBBQUAA4GBAEAODiL2ZL2ZhkklFbHXSg/ZEkUs1Oewpg+bDO6xjute
+hnarKTrWFWiSgQ9yhZMa8klaNCdHjDo0Q5borQeVzp027cemLdnLyxusSuIJRqy+
+mZtNl7533q+oKWydZtvNmXRlGi5HmJV5JAjEXbadqUnlRJ/CdN1WvdwLWfvbW5DL
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/no-proxy-test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC8XnxKCrVBNnCxfIW8xOjYiK380tm6m4iUmBy1knnUQ5oUGZN+
+q38+DFAqaCpCGAVb4dPxY92+99TGPB7gGIg5FigJfymX/AYUJrvTNQLv/kigyaFv
+1cGt5w7GzBE0rwS8aEXrvPa4NRLgsBK7LueDwdK4AzQ8Idicaap5itHqNQIDAQAB
+AoGBAJt0CnR8U8tGp0gCMMhxZIvWeGfOhnr3AodG5WJ/SGWBiLWPyeZel7rYJIxq
+vH0hH8MNIoDy3rxMAN+8G+rqs/elE8zeYv8FCP4jahz+HPKeJIjFm1MBOHZQspq7
+Y4OfoBH+EgqJjBRxuBIeCUqVhyluSsYHQFihurp3a76dHvxBAkEA7c4KjJ6mka9C
+9X+Tp2EKW+h8npEEXbLIvHet9p0pzD5PhE2aVvSEAXEqxdbuFAb4LVApUdd4Quec
+PXa0EOF7UQJBAMrIIV317rGPlmEXqt681KkHo30C2e6SpM6by42r+csTs+6KDZdf
+uDWZKb4o9bLTj+A0LC73ySESv4PlGC+8v6UCQEIRnJy091JCfzf12fAG5fni/byQ
+TcY6hcrW9V4vDA3SwgTgCqFeDc7Ywil1LXAi/5CXVOOIGcF818u7zwthmgECQCm+
+Rvgjr05IA6nbCGavsotVMjeCxcAR2fFaKu3wEAzY8npRWvjlUHNgIzKtFd8JJB4A
+P3Qvt+yiAmCxYWg6T60CQHvGW0M/usmQXEGWMx+KCkm71UKcKCxDEKzZ8mI3jQ3H
+b6Whs1NdsQJwIEXHB2Sb2GmTIlFjXczw7fp/ub3Dx84=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req1.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req1.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req1.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req1.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req1.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req2.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req2.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req2.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req2.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-req2.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-2.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-2.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-2.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-2.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-2.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-3.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-3.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-3.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-3.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-3.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ca.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ca.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ca.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ca.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ca.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-keyhash.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-keyhash.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-keyhash.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-keyhash.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-keyhash.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1-ocsp.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp1.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp2.der
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp2.der
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp2.der 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp2.der 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-resp2.der
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:56 2007 GMT
+ Not After : Nov 12 06:58:56 2017 GMT
+ Subject: C=SE, CN=OCSP responder
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:d9:10:2f:04:de:99:10:61:02:ff:4e:b5:54:6f:
+ 98:80:70:fb:a1:e0:97:ee:a9:0f:74:47:a9:8c:a5:
+ 86:ff:b8:ea:80:d9:ae:45:07:bd:33:93:e2:f4:f1:
+ dd:dc:86:6e:9a:6c:b7:67:11:50:ad:9c:b0:0f:68:
+ 5d:4d:74:2a:24:4e:5e:c6:c0:9e:6a:a2:ed:80:31:
+ d9:ac:79:c7:09:07:1f:9c:c3:12:33:88:72:9d:99:
+ c5:f4:fd:c6:a1:9f:09:04:e0:7d:b0:ed:1f:91:4c:
+ 8e:de:9b:6d:7d:cb:2e:83:32:0e:32:57:f1:16:07:
+ ed:69:fc:0e:a8:2a:ad:82:9d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Extended Key Usage:
+ OCSP No Check, OCSP Signing
+ X509v3 Subject Key Identifier:
+ 9C:BE:33:AF:C2:52:C6:F2:46:5F:A8:67:71:02:F1:70:4B:A7:B7:14
+ Signature Algorithm: sha1WithRSAEncryption
+ 8b:c5:8e:d6:dc:ba:e3:77:da:66:2b:be:c4:a6:4c:b0:30:6d:
+ fd:26:3d:8d:1d:ad:c5:8c:88:61:86:0a:da:48:e8:39:cf:c5:
+ 83:98:e7:f9:ff:92:a7:ba:fe:b4:b4:6c:bb:84:17:fd:e3:71:
+ 9e:a7:39:af:d3:08:0b:1f:05:29:cf:ef:e4:3c:82:7e:ee:aa:
+ 4a:19:3b:17:e6:e9:2d:b4:f7:4f:e2:f3:6b:04:20:58:42:fa:
+ e2:b6:d4:80:c4:db:22:32:ce:cb:59:23:8b:df:ba:87:bb:bf:
+ 4e:ea:b0:1e:7a:73:b4:c9:06:aa:f1:59:cf:d3:28:db:d2:6c:
+ a0:dd
+-----BEGIN CERTIFICATE-----
+MIICHzCCAYigAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
+MTExMjA2NTg1NlowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u
+ZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZEC8E3pkQYQL/TrVUb5iA
+cPuh4JfuqQ90R6mMpYb/uOqA2a5FB70zk+L08d3chm6abLdnEVCtnLAPaF1NdCok
+Tl7GwJ5qou2AMdmseccJBx+cwxIziHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6D
+Mg4yV/EWB+1p/A6oKq2CnQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF
+4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQWBBScvjOv
+wlLG8kZfqGdxAvFwS6e3FDANBgkqhkiG9w0BAQUFAAOBgQCLxY7W3Lrjd9pmK77E
+pkywMG39Jj2NHa3FjIhhhgraSOg5z8WDmOf5/5Knuv60tGy7hBf943Gepzmv0wgL
+HwUpz+/kPIJ+7qpKGTsX5ukttPdP4vNrBCBYQvrittSAxNsiMs7LWSOL37qHu79O
+6rAeenO0yQaq8VnP0yjb0myg3Q==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/ocsp-responder.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDZEC8E3pkQYQL/TrVUb5iAcPuh4JfuqQ90R6mMpYb/uOqA2a5F
+B70zk+L08d3chm6abLdnEVCtnLAPaF1NdCokTl7GwJ5qou2AMdmseccJBx+cwxIz
+iHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6DMg4yV/EWB+1p/A6oKq2CnQIDAQAB
+AoGBALXDXowmVmgnxFnEMAWvmTVc5unL5437VayaYbkb1ysGTqBtKAg4DdBF81QH
+wS/sBmwbw4x0LGnk/m04iIDWWH4ZTH0HHthLxTiIrGHenS01V4Ucq1EjhYNJW/bk
+8FGf91UDknZrEnvPFQxvdSLHVSB+WHgqkX8WXPc7MwoJ7HblAkEA9pmjB8TXxeky
+B8+0G65u3QDWMzmfw12oHgKHnHxKyL/gamHERNPJ0NsFE4BtsSF1LJQYCw189s8m
+GDpa0uW0iwJBAOFWUiJSYYVTSdcmfjI99XUCo9rXEkaJXY0etjK5q+rK21mrkWNQ
+M7fWVZDbQZfbTP1LiUak+qjz64J9/iOogncCQEXUT6Qdi3RRiodHu5qzFFWkrQMo
+aCMsXDTTRo97arnaC7RUJv3OczGfM5rIHUexT7rl3MEUerRxCDqIG7voq+0CQQDE
+806sgvaLsoVqkFFilnbwg5M1lh96GVv0GTDEWzZg7FcWI/faJuJdPu/gwVKuaNX8
+2cWtQkt32mIw1vCGuCT3AkAfubHAXeiBHHE95jLtQ98s4KzOaZtFnQfn14c8nGS0
+2qUv1RHYZEVHYnsOZs3pLyOdxrZOlOSE6gKHCGVHoUKJ
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/openssl.cnf
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/openssl.cnf (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/openssl.cnf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,182 @@
+oid_section = new_oids
+
+[ new_oids ]
+pkkdcekuoid = 1.3.6.1.5.2.3.5
+
+[ca]
+
+default_ca = user
+
+[usr]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[ocsp]
+database = index.txt
+serial = serial
+x509_extensions = ocsp_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[usr_ke]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert_ke
+default_md=sha1
+policy = policy_match
+certs = .
+
+[usr_ds]
+database = index.txt
+serial = serial
+x509_extensions = usr_cert_ds
+default_md=sha1
+policy = policy_match
+certs = .
+
+[pkinit_client]
+database = index.txt
+serial = serial
+x509_extensions = pkinit_client_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[pkinit_kdc]
+database = index.txt
+serial = serial
+x509_extensions = pkinit_kdc_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[https]
+database = index.txt
+serial = serial
+x509_extensions = https_cert
+default_md=sha1
+policy = policy_match
+certs = .
+
+[subca]
+database = index.txt
+serial = serial
+x509_extensions = v3_ca
+default_md=sha1
+policy = policy_match
+certs = .
+
+
+[ req ]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+string_mask = utf8only
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
+keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
+
+[ usr_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+
+[ usr_cert_ke ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, keyEncipherment
+subjectKeyIdentifier = hash
+
+[ proxy_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo
+
+[pkinitc_princ_name]
+realm = EXP:0, GeneralString:TEST.H5L.SE
+principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq
+
+[ pkinit_client_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name
+
+[pkinitc_principal_seq]
+name_type = EXP:0, INTEGER:1
+name_string = EXP:1, SEQUENCE:pkinitc_principals
+
+[pkinitc_principals]
+princ1 = GeneralString:bar
+
+[ https_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#extendedKeyUsage = https-server XXX
+subjectKeyIdentifier = hash
+
+[ pkinit_kdc_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = pkkdcekuoid
+subjectKeyIdentifier = hash
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name
+
+[pkinitkdc_princ_name]
+realm = EXP:0, GeneralString:TEST.H5L.SE
+principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq
+
+[pkinitkdc_principal_seq]
+name_type = EXP:0, INTEGER:1
+name_string = EXP:1, SEQUENCE:pkinitkdc_principals
+
+[pkinitkdc_principals]
+princ1 = GeneralString:krbtgt
+princ2 = GeneralString:TEST.H5L.SE
+
+[ proxy10_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo
+
+[ usr_cert_ds ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature
+subjectKeyIdentifier = hash
+
+[ ocsp_cert ]
+basicConstraints=CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# ocsp-nocheck and kp-OCSPSigning
+extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
+subjectKeyIdentifier = hash
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = SE
+countryName_min = 2
+countryName_max = 2
+
+organizationalName = Organizational Unit Name (eg, section)
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+
+#[ req_attributes ]
+#challengePassword = A challenge password
+#challengePassword_min = 4
+#challengePassword_max = 20
+
+[ policy_match ]
+countryName = match
+commonName = supplied
Added: vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy-chain.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy-chain.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy-chain.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
+BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy
+MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
+DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF
+ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf
+5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU
+eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw
+CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr
+BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
+AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8
+KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn
+eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ==
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 6 (0x6)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:57 2007 GMT
+ Not After : Nov 12 06:58:57 2017 GMT
+ Subject: C=SE, CN=pkinit
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1:
+ f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b:
+ b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60:
+ ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5:
+ b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8:
+ 10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4:
+ e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81:
+ 75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d:
+ a5:76:f2:f9:30:68:ec:e8:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F
+ X509v3 Subject Alternative Name:
+ othername:<unsupported>
+ Signature Algorithm: sha1WithRSAEncryption
+ 1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff:
+ da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80:
+ e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf:
+ b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f:
+ d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd:
+ 81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b:
+ ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2:
+ 43:43
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
+MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9
+Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L
+FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l
+dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
+BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
+IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
+AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l
+q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B
+rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
+BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy
+MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
+DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF
+ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf
+5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU
+eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw
+CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr
+BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
+AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8
+KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn
+eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-proxy.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCZPua4hTC/XY5O+QhpvVlDd+zfhCl2by0tf4y7EG8Tlj532f2x
+z6ZyNiOBBGr0kFIK5W6S3+SGbMZQBbaJEkTqXn9TEN6MiRaJvHNVLd+8xCS9d5uK
+Y1GY6/CsvjlLFjVYnkSF1Hh8NvjcvGuct1zsoAiVg82gk3Jvp7305lbK/QIDAQAB
+AoGAKH4TbuxariYlZT6ud2o9/PLiV0lPv2ivEleiswcrooxPo1GplGNfAszFYuDs
+9gRweUqYhhy9ALwbRqfLzLpUFQUBzQ1cZlO23m48GsCPL4XJxlzE9+w/wLWWaqsK
+syFax5T//iokYVa07AvFZxWpEUixewirJrhNyUafdKk8W8ECQQDKpH/pvljO6e9J
+jC65aTYPzMXAUp54DMWu1+FXUyELxGp+GjAwwhESpSLEaAnZH97H6ZtTiJku3Z0n
+pMsrH7WtAkEAwZi2sV8I/MjFPpti/zf6OHEJo89/SgTYIHmL6pE3tuNWhw/9Dorc
+N45cMGAiGep2HQdfZFGD0OekzLGeGBj0kQJAPFdNi5HVqg945IKsqyNMKNpGDGXN
+sFvFRbIc9L7ZOULMny43KV2wbcfkmW2NeS0HTqoeSXqEerMdB+AHa5jupQJADALP
+gt2kjxpdsm6ti6wLaCkLMhCTkyINzqX72ke8LyqXmbWSO669zuyUJ6QvOXBkd5SX
+hH/SL8nPXau/ZTtXIQJBAICcJBlgxhrUn5C12wwuQw/BZi6qK9KdVcWTapnhE7eQ
+Z6k/Pbi53/aI2g1EXq7G3RrQvAhV43AW5foJWqijDdA=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-pw.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-pw.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/pkinit-pw.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,1698161265C4033B32CEB819B5D78953
+
+vQnkfeICkS2/gIEv1zrJ+WaUOeRvKfUUFM6uH4/xm5Abp4DqGlkCvwb4u9dZuRUj
+arlvgRc0e0CoBuQ/3gmBDlmQp+4ByiypERku8MAxsUV6LEmv2f1YfhecQSntDoJH
+fNOXna8caCy4W1xhmsYgWYSVS98QkNXdLjBjLJ4/MrwzdR2SMqAzyg6eNwhWAMe1
+aUh/M9JYB04sfRUtqD67oeyBfHVhDd9kByXuRYWyNE0SW5wlmVehhnEb/YHREKHr
+yOa3eRGtA4MHi7NXww4NBzOG10N9Ajq55ouMKnejFroCpevC332ijBzjTI+fo4SX
+hegNDXzAIqRueGZlmBzHjkTzA8tEPM1dsbviJ5BYO3iZgWE8J1rIBx51HOZmlREC
+3EWflJPhd666BnBepODMBXldkmfcfxhZxuoOrrXer+NZCsXE0z0DOLsNARR/7JvW
+Ie81eQijvkur1QJO63SwT0kNm5IMJZr2Ul0QLysvjY2G/nV0bzHb8KsWqNoUPNvJ
+lBUGQ2yvpeVRNR9CMm39U/CcnkLOl+z2oLUC86TdodaY6FEBmIBaakZ1rHkANWK4
+HMcN0FgdGbcRLg5PHji84g4tT+SOZa1hWEC4PC7lmRxAZP+o8Pe0tpiJzIbLPTRb
+3rvnEEG3IawMIGcoUGcgIUPvHH93EMpDrflVYdXmvapzST3U8xBDzpkXZRof7APG
+qAFsEB4psQEDG6KmOJ245aVWN0SBjHTLlIhUTx+m7OYl34MDoyv6Yk12i9PpKQN5
+W++QayfkJzQpV4EsR08UO615+XYCzMhCU3eozH+P39RF58rYnMLv9owjx1wL0z5R
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 6 (0x6)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:57 2007 GMT
+ Not After : Nov 12 06:58:57 2017 GMT
+ Subject: C=SE, CN=pkinit
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1:
+ f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b:
+ b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60:
+ ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5:
+ b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8:
+ 10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4:
+ e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81:
+ 75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d:
+ a5:76:f2:f9:30:68:ec:e8:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F
+ X509v3 Subject Alternative Name:
+ othername:<unsupported>
+ Signature Algorithm: sha1WithRSAEncryption
+ 1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff:
+ da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80:
+ e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf:
+ b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f:
+ d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd:
+ 81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b:
+ ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2:
+ 43:43
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
+MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9
+Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L
+FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l
+dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
+BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
+IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
+AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l
+q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B
+rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/pkinit.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCjRLGKQp3QPzDe6GZCwfHJmI/SvetZZz1eDjXKO7iRsPzlIjot
+YoFWu1F3YKyDQ3WHzvH2vavyB8WN1bhWno5Fk73GrF0gPssU6BAHuV4HrFYTSBuE
+xzBi9OQZZ7UbOqyvC5LiAJAvgXW2Yz9Dpel27jN1dLJ2XaV28vkwaOzoRwIDAQAB
+AoGAQTAxTwnwJvDEG4xhIDB90MdITZWk/YpaF07HLVsRA6LOJtK2td5J1A5wpaCE
+4NgzeikntSPgHn/54fq+Yl9mYEAM1Uv6SimudiKe3Qk0M+bS4m/SMMlmV0eFjEh6
+ZG4NNRZmmzoaQbUiVa27fZ6362xtFGbGXJ8BjxOoTeaRn6kCQQDUwJafoKPN2dsq
+ewSCjGQhVGezw12ho2eaxj7VyNWU7V4LW2LdLClbXovSnpQ7bgHEopx1e97G2du7
+1ak3BxejAkEAxHUCpbFSbBBoIdnt+VGS/8hCWl8/6YniOFOk9Qp22moaNVVZYyTT
+Xpu45FeDKfm/xDwvPP9If0PDoM38tBvHDQJBAMTcmAOI/0lhRv1d62RpR9XXZkXe
+huskap+6xTXIqmkt4xGbNDX3wST8rWDsv7jmJ9itpxzGy/Mwb7S1FekHNQUCQDDw
+jTZFlCjDdY1pQrUnMx1w/8aPj9ZXuPkbLS616qHCaMD8gAYIuHcLB+YqPsyIINN7
+wrDJT4AUm3lFlzwu50kCQELkMFUM6rb9q/cOUQxsf023nPbObm3xJ0X4FtVhXuGi
+oUAOklX1xDLSqvWySOrTXfvfF4c3qCw9DAoDtKpbCgk=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIJAKfbLM8p28MgMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV
+BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxDjAMBgNVBAMMBXByb3h5MB4XDTA3
+MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVowQTELMAkGA1UEBhMCU0UxEjAQBgNV
+BAMMCVRlc3QgY2VydDEOMAwGA1UEAwwFcHJveHkxDjAMBgNVBAMMBWNoaWxkMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZM
+OGOhTtMnNlCpA/OKEpwMPIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUa
+klBRKHZm+UCJ8L6X4MgahNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q
+9oZgim2zMwvVBQIDAQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV
+HQ4EFgQUQGqZ5v4NSB5Iwo17DynPRufgbF0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEA
+MA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEFBQADgYEAxQjN9RrCdZHhGAyS
+y3/1EAyWIvmz8wKW0q4kSfNV7DAcUCKmQQ45oCEVnyTEbP8ltdIaHyIK1ujxKQC1
+QLDzjHkBBQGBrCH+gyIdpT9OZu2gT8f2j4u01YwbjLTcU2yEXVkkH18SZiawq2DF
+ETkEd/u6TKzhpwFPuZPKUeFexPA=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy-level-test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZMOGOhTtMnNlCpA/OKEpwM
+PIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUaklBRKHZm+UCJ8L6X4Mga
+hNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q9oZgim2zMwvVBQIDAQAB
+AoGBAI7cPM/1ZK1W+rezPSErMn7FH8V61Ij26ukhbvoOAqDuLpFqjrEkTVgcReaK
+QtoCpO4ciur5N2f+qOLUNXQQTXpMN+nRxkKxLMhG99Hej+vmzPjMdimEtTJiRfKF
+KU4rKUOCPdmu9fMe/kniOKbDmq1FFP+SqCU4hRiZZv0GMdDhAkEA8I6Du8UvTZ8I
+04o05s/BlMiErASTZgq27UM6rWl2FNy5Av2suayBW7xJczdGEtbT982KwQmk0Mg9
+Hj5pWi5MDQJBAMAdorBVTMD4iFvfRhN6aSD3PzG/fsEexRuxvx2iBrrMZQ+6mS26
+8myNHPMASAiwt5H2T7Y/dNMB64iod5gFVtkCQDMJ+ddQKg4tDQFdFIZYVDlOJiAd
+RGzlHxTOK9f5RU19219QFWK7wCKHm4nvk1WR8R1lpef5NNf7dERDd7Tjl80CQAx6
+oFO15rtuKWVWVnXzcJq8lLVFjBU9S25mGFTzbl554mKoK0UGLLMSY3wBW6x81h+8
+ESd0bcE7EbKZxtLwHdkCQQDYB5HxhlPZdquY+yg7vqxUF9Lf6+smlVv3PjfhXztg
+2aV717UGinyqZgcn2J+ADWocRI3JnOhU0lswsGc+oVXp
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMDCCAZmgAwIBAgIJAI8UaHGQmUvNMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
+BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx
+MTEyMDY1ODU5WjAxMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MQ4w
+DAYDVQQDDAVwcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzeKelgMO
+dEHFmfEANkv6k+HkOduzT2It++ma7Kg+6+eOWpBqWcY3AOEbSE2UJM6H+StDhNNS
+cldPd3LoZayywckvgD3/NZjB9drsxF9GGClHew+fKjiekjNR3aUuAjysJYfr9AYd
+E6AFft2qKphuPKlEjPDeOZ4RpjvQOgFRB28CAwEAAaNgMF4wCQYDVR0TBAIwADAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOGuL3xdInqdArsxly/BbLmYbzDTMCUGCCsG
+AQUFBwEOAQH/BBYwFAIBADAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUA
+A4GBADOZurVQ/lXeLADFOZbTmbRt0Nv3aPHniG1yovlSDEuNjMczeRMMIsef+jpJ
+4Z0rt65i3qpX3uXZdCgGtIbusIlM7fBLCRI5vJ27jqs2PnCvodWO05e/aL3XxRwr
+42wDWTioZuGm8Sz4hpHv74Fz/7PgvZPMFSo15ujdOTWMXj08
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy-test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDN4p6WAw50QcWZ8QA2S/qT4eQ527NPYi376ZrsqD7r545akGpZ
+xjcA4RtITZQkzof5K0OE01JyV093cuhlrLLByS+APf81mMH12uzEX0YYKUd7D58q
+OJ6SM1HdpS4CPKwlh+v0Bh0ToAV+3aoqmG48qUSM8N45nhGmO9A6AVEHbwIDAQAB
+AoGAaAv+2RDyXQ5gLkv9L3N2TwX5sMO2+odDdeu4v6DHK7D54ArbtELXyTn577BF
+DdTSIroahSXGpMI7BsKrb7a3Hw+lnbEsag0a71yMM+E/zN9e0BgZwb7ZpeezVG2O
+kaXCuVPQlmDys8UH001FWP/XxqhLfCjy25ynaXi990k0AwECQQDwI64IquGE0OCO
+bI15Z+qLM5aRQgkNPokU7bZ1oSp9Ctx0pI9IzN6DcXe1QcXBDUJrZ0medNmNjqkG
+KPkiAieDAkEA23vDr6+iiSTOIUAGj+NDY9ydk48j8oWYUeQPL8Y7hJrckJrqqfNL
+MGZUKnF/RFPRbfS543xiqlXs4j3C61cwpQJAS9DH+l6Q8tDLhMvK4sCnMSmpaNTz
+bKYIu33NdFfcxTuvnHfz8OUVf2RMigJo/+lCxgwHFysHIIUg4hv/g/gwJwJBAIfx
+UHMwxetL8KCHl4jnqoXfz3nl3s4IESAnsYBVt+eaQ6MNUOuS1a9UsizXv4wCnmUM
+f1Z3ZGU8c0xuFJzPlEECQAs9UM+v0WxhUY8iVltgaLxGP282Mg+p+pIoqXbn8Mt7
+gOomlisP+s0Hh+c+YFPIAaAeH6j7n4AxydI0Z9fKIZA=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdDCCAd2gAwIBAgIJAN27BSQHOOO6MA0GCSqGSIb3DQEBBQUAMEMxCzAJBgNV
+BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAxDjAM
+BgNVBAMMBWNoaWxkMB4XDTA3MTExNTA2NTkwMFoXDTE3MTExMjA2NTkwMFowUzEL
+MAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDEQMA4GA1UEAwwHcHJveHkx
+MDEOMAwGA1UEAwwFY2hpbGQxDjAMBgNVBAMMBWNoaWxkMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWR
+Dwek7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlV
+JljkmB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wID
+AQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUNBaggvaD
+C/Amnb2M8g60WKxwGn0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUA
+BANmb28wDQYJKoZIhvcNAQEFBQADgYEAmT5WYZ6FM6ceyyxTKiusYLDPJ04D7dVk
+VVMnu1q9dATMje/RKrncT0+KNEMdLWLpZgeHj4E2bi1507l3/zOUwOPpdI9MrvpY
+Or6ssQ3sZAZI60ruZ91ml6cYt+rbE1F2J+y1CM0rW/wnAIT1v2vP2Wd7PrEm8RsM
+QGbyuzcrAL4=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-child-test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWRDwek
+7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlVJljk
+mB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wIDAQAB
+AoGAHRo1cKtDzARXD+74H8ZHAiRJAkmCKvCGxQie25TWH+NRDS2L9HfL7XqfjSdf
+iIEmlkElSzHR2wt6wkrX54zJKxMNayc88UfInQ03a4XwFzAksTf05zpdGPbkKohi
+eeQcf3Raq+Swe4pTEwyEU8mDidM/rKJst+zMiE4UMeVGTQECQQDZPFrVTyJwGBcS
+sxJly0zXmZ8tvvsxIuplwAvbfCWbhEEgeO3LAKjcpb5HVOLfTe8+2ZO00ALidVCH
+N6/ae+iLAkEA0GwPxjlbKnL1VcpKdsegntACxlHD0TonvIEINKv9PiKzHIhQo8xJ
+Rt/2aBRAOJn+zB3FJxfQ+o6vEUwvBfEKZQJBANHMLTlG9M5nJZlkogb3YZ3y+j0W
+7cdVniRoZcsySau4/aDbyWO9nleCJpMDUxwwSzdasAD2x2JnxD7itA4AjuMCQQCP
+a+0m8M0lVtowYPYA6rpCzs05/4YKckRp2Tj2Vev8WBB87+jd7nP2S6PaVyUiTgYi
+G9JRZnguEwWxl4U8R3RpAkA5QpGHFhXNI2xA0ZKYH1tgmYfLBAAiVrIDKJddtOf/
+rKceL88RXsjnA6PTN9AdpnJ4sTToR3HDeEwAQrNHMC2M
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVDCCAb2gAwIBAgIJAITDCg/e+gWyMA0GCSqGSIb3DQEBBQUAMDMxCzAJBgNV
+BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAwHhcN
+MDcxMTE1MDY1OTAwWhcNMTcxMTEyMDY1OTAwWjBDMQswCQYDVQQGEwJTRTESMBAG
+A1UEAwwJVGVzdCBjZXJ0MRAwDgYDVQQDDAdwcm94eTEwMQ4wDAYDVQQDDAVjaGls
+ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAroEn/MX0t84+NLivDSbN0y5r
+ZRxaiTDYkmvbdvJuBryCCLkzUT+/eh3pEK52BODXZWD4oiEMJLubH/pz+/6eAb4T
+ReAWft/wMFaOSZ37a7iLWr8vFaRfBjQREpEm0rCp7dPvWYrraRIIjMRJzAUwygXN
+KSS4f5VZkMwNfT9wwE8CAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw
+HQYDVR0OBBYEFJrcQRDczQ1P+84ND71GVT99a/2mMCUGCCsGAQUFBwEOAQH/BBYw
+FAIBCjAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUAA4GBALIbzPSyUE5Q
+4TWAUfATVsADj131V1Xe+HHgwXebWbnNCJIe3OyWoFqK3X5ATKzi6MzHzA+UngFK
+KGl8m8Ogx9dYQKzP2LIw0GuvpMyc3azb/cvbWv3vmM55UEdBlqxSTFynqLdpJqtn
+9dXq2wCNdUtbGEOpaRVOiZ0wjvpTB4wA
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-child-test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCugSf8xfS3zj40uK8NJs3TLmtlHFqJMNiSa9t28m4GvIIIuTNR
+P796HekQrnYE4NdlYPiiIQwku5sf+nP7/p4BvhNF4BZ+3/AwVo5JnftruItavy8V
+pF8GNBESkSbSsKnt0+9ZiutpEgiMxEnMBTDKBc0pJLh/lVmQzA19P3DATwIDAQAB
+AoGAaYkc+Odzd9IYluP2ojqMkiJpuu2p53yODgeC4+38EsDg14vB+GpYT+9U68zG
+/W5JdjtuQwc/g9ueFnnuuUEkpyMIKDdAl00ZJQU5Vvz+ooZdxp/iYm3axkV2Gc2l
+mbulzUxgpomflDd/B3RXO1jY4ZttpVHTNUvjm7DtypiqsAkCQQDgIIRBtSipM3F6
+GYKgnmsjK+19YxUdMbHS6fyfg0TDIrSrBi5EqyjgA4MzxfzimvfKCiV6SSqFnU3G
+MIWDLh2dAkEAx1IaAAi+DmED08rarKRU2Ma7KRQWlxjXTp6c9OrbzuCJrqZgscxJ
+vBjmHzbXCKumRZwqWgzM5mRxPVX6npyn2wJBALrWQIqqI3hRuzJnG78b8QJD91nE
+hHBu4eeKSZ8MBgGJ6AR+RYnXCV8dbn11eifJufECXlW/sqPqC1DBWDuP8P0CQFxg
+utglNSCo6gMw0ySMjR5jDL8/JjElPDSd4pTIfNNm0aj2R35f9hSNXao92m+UTl2Y
+wTA3Gof1KV6KCLuWU10CQCeGYU3SFAy5QLVqR0B0u19wWyS8ZMl06DjOslmu7Zp+
+x1GxxFu1MNFvcKwmFeeYcNU1t9X0tC7EhUIaLQk2kqM=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMjCCAZugAwIBAgIJAI8UaHGQmUvPMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
+BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1OTAwWhcNMTcx
+MTEyMDY1OTAwWjAzMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MRAw
+DgYDVQQDDAdwcm94eTEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTeTGh
+PIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa610EeaRhB36lLhIS3aEtoG
+LKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8ZJADEe1kfMuFgKd49l4y
+PNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQABo2AwXjAJBgNVHRMEAjAA
+MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUe24gc/gLyB6DW4gELVL3axuZTbkwJQYI
+KwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEF
+BQADgYEABlvvmLwl6ZjaLdTGmxDD2eHN4/IbjYj1Vta2zQOKKA/W4qrkhmSNpy0x
++v9tqf2fumNSpspqF+g814pXbqSMuObHEE1IeUmiGwVPC7AMWVXd2skMdkjEqhLM
+8qvDrPt+c5rGnnqM9AqrT/xDgXm7XnPLSFcrX/q8xVKVztskgEU=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/proxy10-test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXwIBAAKBgQDTeTGhPIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa61
+0EeaRhB36lLhIS3aEtoGLKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8
+ZJADEe1kfMuFgKd49l4yPNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQAB
+AoGBANDEIiSklXQFLFD8J81CBBxEtu007cbYkbx7zSS2uVb2NrDUM/+1IBrC9FsN
+bshlctiIJ8hUqYTGOUZRh/bg/GpVOgTRAgaMBEBOYXra7r7TVcUUxpC8CzX9hevl
+H42T6Ez6+Ednfg0RX6rZTiFeCNV3ADkguO07mlgSppiQJmlxAkEA/ICw/Ar/GtJH
+/EK8jrbxzakNzFxtHUtVNwSALsiWZUfJWJgf7jDsl0XB8w/HhVDrdwfc+Aiexxc9
+SPJKKqdpswJBANZnBfxEucE1SWu9elvPNWIMYBXinfMvfnkSt81KH3AfObiUj93d
+LCii1sF/x2aDeKJseFiUycy9xQXhQMF5vu0CQQCPECs24tQfUj1PBFDpW2YtbDdR
+Lpz0GBa0EWy/FQ+BWucNt0OAJWAnZXK6UJpvQqXmzyG3tsqfat9iUUUMXcZZAkEA
+vc+PePrPCMHIMl4ZCVa0iA00s6tg8n7FlSKBHnnUw0qhq0u64kyAX6lqPvyE57jU
+/9bP5Hw0+9G1r7LvxVmnMQJBAMdphUdEYRlIZ0GTnIETDzjm3lge06cXzLvXFIps
+nCANLV4OXJZVaTUrnDINLJVHu5d+Mx1pTw6GOF+v0+LjbF4=
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/revoke.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/revoke.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/revoke.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:56 2007 GMT
+ Not After : Nov 12 06:58:56 2017 GMT
+ Subject: C=SE, CN=Revoke cert
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b3:24:de:14:fc:b6:80:e2:34:59:81:1f:ec:cb:
+ 00:21:75:e5:34:88:09:5e:5e:8e:f8:91:6b:ab:09:
+ 34:f8:6c:69:14:00:c5:47:f2:d7:de:a0:32:00:02:
+ 63:79:3c:14:1a:a9:4d:d1:1d:c0:fc:a7:50:72:26:
+ 96:53:d1:9f:a9:5f:f4:82:4d:4b:17:3b:fe:14:60:
+ 42:94:22:93:3e:c5:14:97:c8:a3:6a:8e:bd:90:03:
+ 22:12:9e:41:ca:a5:de:4f:57:f4:bf:f1:9e:f8:63:
+ 4f:c0:9e:c8:3c:e1:8b:89:60:3a:2b:5c:a7:b7:6e:
+ a0:48:34:49:58:61:a0:34:6d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ F3:E2:96:20:28:53:21:92:67:A8:5C:B5:2C:7E:87:CF:7A:07:3D:84
+ Signature Algorithm: sha1WithRSAEncryption
+ 90:39:f3:a6:fe:92:b9:92:4c:75:58:b2:51:36:11:07:f5:a2:
+ 71:dc:90:d7:2b:b5:bc:37:c8:30:4f:a4:6b:41:11:63:3e:53:
+ 42:ae:6f:59:7d:f8:b0:59:01:2f:50:4f:2d:21:7e:6a:58:bd:
+ 74:f1:69:c5:62:3d:8f:fa:1a:c8:7e:a4:30:dc:01:8b:c9:f8:
+ 77:44:5c:d3:a4:ab:9a:50:cc:45:d0:65:00:5c:fe:d3:b5:a3:
+ 7a:f1:b1:5c:25:0f:06:16:5f:cf:e2:5d:0b:87:c0:fe:14:b8:
+ 0a:10:17:55:34:15:4d:44:6b:60:80:6e:af:7b:81:30:47:5c:
+ f3:fe
+-----BEGIN CERTIFICATE-----
+MIIB/DCCAWWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
+MTExMjA2NTg1NlowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMMC1Jldm9rZSBjZXJ0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJN4U/LaA4jRZgR/sywAhdeU0
+iAleXo74kWurCTT4bGkUAMVH8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SC
+TUsXO/4UYEKUIpM+xRSXyKNqjr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDor
+XKe3bqBINElYYaA0bQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd
+BgNVHQ4EFgQU8+KWIChTIZJnqFy1LH6Hz3oHPYQwDQYJKoZIhvcNAQEFBQADgYEA
+kDnzpv6SuZJMdViyUTYRB/WicdyQ1yu1vDfIME+ka0ERYz5TQq5vWX34sFkBL1BP
+LSF+ali9dPFpxWI9j/oayH6kMNwBi8n4d0Rc06SrmlDMRdBlAFz+07WjevGxXCUP
+BhZfz+JdC4fA/hS4ChAXVTQVTURrYIBur3uBMEdc8/4=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/revoke.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/revoke.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/revoke.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCzJN4U/LaA4jRZgR/sywAhdeU0iAleXo74kWurCTT4bGkUAMVH
+8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SCTUsXO/4UYEKUIpM+xRSXyKNq
+jr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDorXKe3bqBINElYYaA0bQIDAQAB
+AoGAIDHl/5uTKQJ+Kf+8vw+UjG7lrFUuadlQlHd+BBT5ghPppoCk89M+3HGpyrqj
+KeyUKF5477YLMtzW5kztA09PBBJvMjSm92dI2uCYfipkIWZZUlq64AStI15pgeVd
+cH61hxOUCm47tqhtkaO11DnKkoJBXaAVIe2ySG2sIZQH+gECQQDjhMdCWkaO+HUe
+utqKJCq6pUkwSelgLEINDVoRVgJ+qUHb0nN06DmPfcfxwqfgP/vS6baKkGIBCiZJ
+n9Kfd23BAkEAyZHXY5iGSq9qc2ern0CcyitNozvtm6eEZYVvJxVMsVBQRo23EmGF
+68SJlHjpY+nHyPWEkbG99R/CMdr3FV9JrQJBAOG/hoKk1mvXxUYXeu4kkq0dgXBD
+diex4lvXCq423ETXJny55UtzfGGPGUwdq7rLYc/VjAUS29tSOclFppQJyUECQQDA
+J7P5UhHTaN5GHfJR4rqVUCq3Dg45cLyaO1X3ICr4bePZHogDkcylMbsmOw3jHZ5D
+SSqT6al44Em0VVVunmQRAkBUAQzHGGJnMKI9ZSdD3J6scWCVIjHVgaehYe9a8DlK
+DeZ4KYGG0+1aUdkqeYE8c6Qqp+pdjPmRMdooww6y+Xk1
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/sf-class2-root.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/sf-class2-root.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/sf-class2-root.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/static-file
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/static-file (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/static-file 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+This is a static file don't change the content, it is used in the test
+
+#!/bin/sh
+#
+# Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#
+
+srcdir="@srcdir@"
+
+echo "try printing"
+./hxtool print \
+ --pass=PASS:foobar \
+ PKCS12:$srcdir/data/test.p12 || exit 1
+
+echo "make sure entry is found (friendlyname)"
+./hxtool query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test \
+ PKCS12:$srcdir/data/test.p12 || exit 1
+
+echo "make sure entry is not found (friendlyname)"
+./hxtool query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test-not \
+ PKCS12:$srcdir/data/test.p12 && exit 1
+
+echo "check for ca cert (friendlyname)"
+./hxtool query \
+ --pass=PASS:foobar \
+ --friendlyname=ca \
+ PKCS12:$srcdir/data/test.p12 || exit 1
+
+echo "make sure entry is not found (friendlyname)"
+./hxtool query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test \
+ PKCS12:$srcdir/data/sub-cert.p12 && exit 1
+
+echo "make sure entry is found (friendlyname|private key)"
+./hxtool query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test \
+ --private-key \
+ PKCS12:$srcdir/data/test.p12 || exit 1
+
+echo "make sure entry is not found (friendlyname|private key)"
+./hxtool query \
+ --pass=PASS:foobar \
+ --friendlyname=ca \
+ --private-key \
+ PKCS12:$srcdir/data/test.p12 && exit 1
+
+exit 0
+
Added: vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 9 (0x9)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:59 2007 GMT
+ Not After : Nov 12 06:58:59 2017 GMT
+ Subject: C=SE, CN=Sub CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:f3:ab:db:06:fa:f9:a1:84:35:a6:fb:a4:a9:39:
+ 5f:54:10:a2:a4:3f:1a:ae:2c:7e:bd:dd:aa:63:4a:
+ 7a:62:99:07:25:af:eb:62:b4:20:93:67:46:59:b4:
+ 30:85:81:24:41:9d:49:97:fb:a3:ce:74:61:f7:ff:
+ d5:9e:b1:9b:d3:5a:8b:59:51:76:99:69:2a:73:02:
+ e9:2d:39:3f:21:b8:2f:f1:af:91:1f:f1:c3:e3:4d:
+ c0:e4:87:95:df:e7:d2:e7:27:a6:cd:c4:cf:97:e6:
+ b8:24:31:d1:66:d3:af:f8:06:8b:9c:81:bf:66:54:
+ 53:08:0a:ee:15:71:b2:a5:a5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 36:04:CF:AD:8B:30:E2:5D:C0:43:8C:09:0B:4D:50:7B:1F:39:41:17
+ X509v3 Authority Key Identifier:
+ keyid:8C:E7:0D:B5:C5:DE:69:85:75:2C:08:A1:DE:53:15:30:9C:A1:E8:00
+ DirName:/CN=hx509 Test Root CA/C=SE
+ serial:B7:94:5E:85:B2:19:80:58
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
+ Signature Algorithm: sha1WithRSAEncryption
+ 5b:f9:bb:2c:d2:d6:4d:bb:20:b1:05:fc:67:45:de:9c:5e:83:
+ 35:24:9a:f6:33:bc:3d:ca:27:dc:be:3c:cb:c6:d7:c5:b4:d3:
+ 9e:c4:c2:60:4d:dc:21:2c:f4:88:ec:dd:41:37:58:63:45:d6:
+ 9b:32:7d:f8:e0:d1:41:0f:f3:30:20:7d:15:af:49:15:2b:cb:
+ db:fe:90:6e:db:84:fa:92:a3:ac:83:25:5a:ab:49:7a:1e:2b:
+ dc:c9:74:7b:9f:2b:62:a9:6f:ef:b9:89:72:4b:ea:02:5a:27:
+ 93:b7:9d:fd:e2:a3:73:04:52:d0:98:5a:a3:23:f5:02:56:b6:
+ c6:8f
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OVoXDTE3
+MTExMjA2NTg1OVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBlN1YiBDQTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA86vbBvr5oYQ1pvukqTlfVBCipD8arix+
+vd2qY0p6YpkHJa/rYrQgk2dGWbQwhYEkQZ1Jl/ujznRh9//VnrGb01qLWVF2mWkq
+cwLpLTk/Ibgv8a+RH/HD403A5IeV3+fS5yemzcTPl+a4JDHRZtOv+AaLnIG/ZlRT
+CAruFXGypaUCAwEAAaOBmTCBljAdBgNVHQ4EFgQUNgTPrYsw4l3AQ4wJC01Qex85
+QRcwWgYDVR0jBFMwUYAUjOcNtcXeaYV1LAih3lMVMJyh6AChLqQsMCoxGzAZBgNV
+BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0WCCQC3lF6FshmAWDAM
+BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB5jANBgkqhkiG9w0BAQUFAAOBgQBb+bss
+0tZNuyCxBfxnRd6cXoM1JJr2M7w9yifcvjzLxtfFtNOexMJgTdwhLPSI7N1BN1hj
+RdabMn344NFBD/MwIH0Vr0kVK8vb/pBu24T6kqOsgyVaq0l6HivcyXR7nytiqW/v
+uYlyS+oCWieTt5394qNzBFLQmFqjI/UCVrbGjw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/sub-ca.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDzq9sG+vmhhDWm+6SpOV9UEKKkPxquLH693apjSnpimQclr+ti
+tCCTZ0ZZtDCFgSRBnUmX+6POdGH3/9WesZvTWotZUXaZaSpzAuktOT8huC/xr5Ef
+8cPjTcDkh5Xf59LnJ6bNxM+X5rgkMdFm06/4Boucgb9mVFMICu4VcbKlpQIDAQAB
+AoGBAIoiQmgSnrERYdjnjtDf1Uqyo4C4xUc3siGwJ4diET8TwRl8QNQTiOQHB7qS
+i28jZopLwAyIerPvBhqwzUjJJqvu1z+5/MjwBJ/aonmJjJ9e3nqk/KE658xGg5E8
+V64DYRif0YboZEYJo5yzU9UEdEPI4zTyhFlR21TmOZkidnwBAkEA/IIRCcGs/FNR
+q9tEW8ARK1DEeerXhoV9Xye9xYb5UNyH4f6J31NdkvYOMA4F0+0lKecaKmPtKsu7
+gQrFZYwt/QJBAPcKgUVOJox/s/o1PXRGjifl1haehcawWNLtN/UnFZcUKslyMkxh
+qyCJJ0SuX7quQqy+++hFj/DwNdECaFRd0skCQBocdRiWL4Y0M3jbBrmaJexdwMN+
+tmTRvwItAOHBMFzdQSvsf2NZoo6E5Tiw6odcuYAYxsrlZGwNf0k7zOfQVB0CQQDy
+GWdqZhY9JoFYuYhKRULXMtTGQgBUIUpLG5L1O6Ja9rafyLwmQqkUL5U+J61FI7XP
+2TLCBDn2I1J6TGO2GmSRAkAIFsFpkrq4q+lbJ3Vr3UpfhRJsTVOD5SgZx1umn63l
+jEz5/r4HCg/Q0/yiPiYaTHutfnsChg3/AfbmWcA6j4NU
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 10 (0xa)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=SE, CN=Sub CA
+ Validity
+ Not Before: Nov 15 06:58:59 2007 GMT
+ Not After : Nov 12 06:58:59 2017 GMT
+ Subject: C=SE, CN=Test sub cert
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:41:57:e1:62:23:1b:bf:ac:1c:a9:06:c8:98:
+ 77:38:dc:33:a3:03:c0:02:6d:d8:6d:68:95:b1:ea:
+ 60:c0:c2:96:23:34:91:fb:32:44:44:cd:72:40:5b:
+ a3:cf:57:94:3c:8d:a9:30:11:73:61:15:17:10:a6:
+ 17:7d:9d:27:f0:58:23:ee:a4:83:3c:b1:0f:20:0c:
+ a4:3d:01:ef:de:93:cb:b5:02:c1:1e:b4:54:35:6a:
+ 8f:55:7b:5d:76:0a:f9:6d:b1:31:25:4c:fb:e2:d6:
+ 6e:94:e9:8a:c4:cc:4e:28:6b:bd:4c:80:85:2c:87:
+ eb:31:88:6d:27:2a:d3:df:1f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ D3:5F:89:9B:31:E6:2A:E0:C6:64:27:9F:A4:E5:42:8C:70:99:96:25
+ Signature Algorithm: sha1WithRSAEncryption
+ 34:f9:9f:c5:6f:44:55:6a:15:8f:51:ab:c1:44:18:0e:eb:9a:
+ d0:c4:64:ce:ab:24:2b:77:82:f3:88:e3:9e:1f:9c:8d:28:a6:
+ be:3d:d5:3e:5e:95:01:c8:b9:d4:e2:b5:17:06:1d:10:0b:a5:
+ 64:29:d9:45:b0:fd:16:ec:5d:3c:3f:58:55:25:90:d0:e4:4f:
+ 3f:9f:9c:5f:d5:1e:0c:73:a5:1a:7c:71:10:b5:a3:d5:fb:0f:
+ d3:de:fc:9a:06:bc:0b:8c:72:eb:bc:fc:d1:47:87:68:44:25:
+ 25:ab:51:e9:af:d8:9e:1b:04:f2:1c:4f:4c:27:a0:87:11:4a:
+ 69:67
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAVugAwIBAgIBCjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJTRTEP
+MA0GA1UEAwwGU3ViIENBMB4XDTA3MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVow
+JTELMAkGA1UEBhMCU0UxFjAUBgNVBAMMDVRlc3Qgc3ViIGNlcnQwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBANpBV+FiIxu/rBypBsiYdzjcM6MDwAJt2G1olbHq
+YMDCliM0kfsyRETNckBbo89XlDyNqTARc2EVFxCmF32dJ/BYI+6kgzyxDyAMpD0B
+796Ty7UCwR60VDVqj1V7XXYK+W2xMSVM++LWbpTpisTMTihrvUyAhSyH6zGIbScq
+098fAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTT
+X4mbMeYq4MZkJ5+k5UKMcJmWJTANBgkqhkiG9w0BAQUFAAOBgQA0+Z/Fb0RVahWP
+UavBRBgO65rQxGTOqyQrd4LziOOeH5yNKKa+PdU+XpUByLnU4rUXBh0QC6VkKdlF
+sP0W7F08P1hVJZDQ5E8/n5xf1R4Mc6UafHEQtaPV+w/T3vyaBrwLjHLrvPzRR4do
+RCUlq1Hpr9ieGwTyHE9MJ6CHEUppZw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDaQVfhYiMbv6wcqQbImHc43DOjA8ACbdhtaJWx6mDAwpYjNJH7
+MkREzXJAW6PPV5Q8jakwEXNhFRcQphd9nSfwWCPupIM8sQ8gDKQ9Ae/ek8u1AsEe
+tFQ1ao9Ve112CvltsTElTPvi1m6U6YrEzE4oa71MgIUsh+sxiG0nKtPfHwIDAQAB
+AoGBAMPvk4h4BNK9gTL9n2RoU+fM7+Jx1GeZ24llMbZWlmOWjRiv8joTx2wJEH+s
+hWP32NF/z5qin/VQ7LL6mO4hLx8RbPysfZH2PGwGLBsL6yFKrpVLEb6Gze7bfaNC
+Zxqz2zBaUup5IN5IoQbYmhYgo7h+uca2FKZMtWZlvxsNb22hAkEA/QCwdBhlf7w9
+BUWezxxm5o/laKhvP7RYem43eJNKj1tenB1MnbjM6R3Ckp0ykbKQIEL3mjTEUR+/
+31yfSjKRrwJBANzXRXmowoaKFrjkRFjfKrSk6cIa5/32U4Shy3/1LRoHv1qcsyEv
+0Acn5aE8vdiYK4J/OqiS87KFYH6WISCEFZECQQDg4xH1wBHIfvwGiaHmGyrkWpfi
+dYWdrKLRANNR3Cr0TpVEU07dC30o4YkoZY6jr4MpCh2o9qpiKcSVuHDmtRiFAkBE
+AsvznqRhuK8su6fM0tWdElinHZAqpyyrYQSB4KjGJnKo3i9QXiArw/60/DbfOGXV
+54bSGYeRh//inCuRjvvxAkBv9rarlopkpj29aAM4e4gs5W4ssl0uOjnSBiSH+Zn/
+j/oYrQgvpITFLCdF48D44GWtupw5zCLiJAREySaNma4Z
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.p12
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.p12
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.p12 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.p12 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/sub-cert.p12
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:57 2007 GMT
+ Not After : Nov 12 06:58:57 2017 GMT
+ Subject: C=SE, CN=Test cert DigitalSignature
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c7:40:d0:87:47:81:b2:4e:4b:36:7c:c9:8d:9d:
+ eb:dc:65:13:20:dc:72:0f:bf:5e:44:36:aa:18:fc:
+ 09:54:8c:1a:4e:15:5a:c5:c3:0c:95:f7:55:1c:b0:
+ 93:d2:80:92:eb:7e:67:b4:2e:9c:0c:fd:65:6a:9c:
+ d6:35:d2:c2:62:3f:a2:6c:90:9e:a6:5a:59:33:e1:
+ 3a:13:9a:9d:9a:7e:2b:a2:44:96:41:87:b3:e2:b8:
+ 62:1b:88:46:08:39:c5:7a:90:83:42:22:c9:73:9f:
+ 41:51:1d:40:34:0f:94:0e:2a:ee:27:76:6d:6d:44:
+ d2:e7:90:ad:9c:da:f8:7f:87
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation
+ X509v3 Subject Key Identifier:
+ B9:41:3E:C9:AB:F2:37:75:F1:F8:C7:86:BB:54:78:76:15:16:D9:BB
+ Signature Algorithm: sha1WithRSAEncryption
+ 72:fc:ea:ad:ec:08:be:45:34:5e:d0:1b:d0:0d:fc:2f:70:89:
+ 8e:58:fb:15:ce:7b:78:8f:db:e9:97:cc:89:10:e6:10:f5:22:
+ f9:e9:c6:0d:4e:f9:35:c6:e2:5f:ab:28:47:e3:d6:94:d0:80:
+ db:44:4a:a9:8b:86:8b:c6:09:7b:d5:eb:07:ef:92:5a:ac:9a:
+ a7:04:c5:e2:c5:3f:01:d0:c1:92:c1:14:90:50:bd:0f:38:09:
+ 0e:c5:9f:96:bd:42:8b:87:ac:b1:62:ca:bc:79:1d:fc:23:06:
+ 55:b3:55:f2:b8:49:67:8e:d7:63:1f:52:aa:b9:19:e0:1f:18:
+ 11:ac
+-----BEGIN CERTIFICATE-----
+MIICCzCCAXSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
+MTExMjA2NTg1N1owMjELMAkGA1UEBhMCU0UxIzAhBgNVBAMMGlRlc3QgY2VydCBE
+aWdpdGFsU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHQNCH
+R4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrFwwyV91UcsJPSgJLrfme0
+LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZBh7PiuGIbiEYIOcV6kINC
+Islzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQABozkwNzAJBgNVHRMEAjAA
+MAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUuUE+yavyN3Xx+MeGu1R4dhUW2bswDQYJ
+KoZIhvcNAQEFBQADgYEAcvzqrewIvkU0XtAb0A38L3CJjlj7Fc57eI/b6ZfMiRDm
+EPUi+enGDU75NcbiX6soR+PWlNCA20RKqYuGi8YJe9XrB++SWqyapwTF4sU/AdDB
+ksEUkFC9DzgJDsWflr1Ci4essWLKvHkd/CMGVbNV8rhJZ47XYx9SqrkZ4B8YEaw=
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-ds-only.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDHQNCHR4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrF
+wwyV91UcsJPSgJLrfme0LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZB
+h7PiuGIbiEYIOcV6kINCIslzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQAB
+AoGAPa3Ln0S8WjSwRaKlRahP/b5wCGkVCdjkVltRlkBWpwxjjC5CFhvFxpp0h1gF
+ulDAqhNMCNOwzLiX70Ozb5/ZOcK6eIYolFDf8ldc5fSJMTIZF2V6CzICNNKFGWpI
+z5QFhfQDqru6ZaWtPuK4sJIcmBx1nMTu4z9rNjvnGqJV/ckCQQDm8HfOI6f5Dlgg
+QI9My7uDshfF2j6lo8wX32Vsgfb2PO+a6BGCCQhSjlKSZoiOH+KNz1/fp0/sbeGY
+ZbdJSMg9AkEA3OAZrLlgKId6Gs5EjDfvq2njJf4dAOk5aH8HB1u18VuRvdkWxEwo
+A7zrFZz+l1U52OMNKazPuPLju7foen9fEwJAR1URfG/RC4HdwKCQYsUvN1+ELk3a
+OemdOeZ7+ocuVCLAU9XIyqSlmHJzmNro5RV+MhVS5M9WRY4vN5Z7hbxgdQJBAJG3
+NrkAwzN5zVCJ7Cclb/SCMt0JvFCxjLInu5dbJblJU+kPozl1lKCCrgTgQgXMsBEq
+GbD41UGK3DsnpTPLfAkCQQCeZlgPiddfNhyg3SQOgj1M/3NBEfJFnX3FqlF32Pvz
+0U29o0iMSP4q2j+cyUxAmlp9I7clhq7bBRTfCHKIHETg
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-128
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-128
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-128 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-128 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-128
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-256
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-256
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-256 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-256 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-aes-256
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des-ede3
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des-ede3
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des-ede3 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des-ede3 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-des-ede3
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-128
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-128
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-128 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-128 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-128
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-40
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-40
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-40 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-40 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-40
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-64
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-64
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-64 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-64 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-enveloped-rc2-64
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:57 2007 GMT
+ Not After : Nov 12 06:58:57 2017 GMT
+ Subject: C=SE, CN=Test cert KeyEncipherment
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:bd:6a:09:6d:65:fd:2f:a6:02:74:48:59:5a:d6:
+ b1:cf:d2:30:60:21:92:bf:ed:94:d1:df:e9:de:b7:
+ c2:c5:5d:c8:7b:a7:f2:b3:e0:1b:78:ba:a8:ba:4b:
+ ee:95:5c:06:77:10:39:be:e5:4c:4a:f0:1e:96:a0:
+ df:77:7a:7a:06:ce:95:b0:d9:fd:ac:4b:85:45:b1:
+ 7c:a5:51:af:b8:c3:82:6f:21:09:37:03:b0:61:e0:
+ 04:46:a8:71:56:a6:36:67:79:42:e1:ef:bf:28:1d:
+ a0:ef:02:6e:26:60:e1:fe:05:95:72:87:b9:c1:08:
+ 8e:ed:dc:fd:71:06:15:80:79
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 17:F3:F4:8B:D1:CD:D4:A3:D9:9D:A0:0E:6E:52:EE:11:03:85:32:6F
+ Signature Algorithm: sha1WithRSAEncryption
+ 5f:1d:86:c2:bd:eb:c7:75:ad:b6:ec:c8:10:96:4f:8b:b2:36:
+ b4:7b:ba:c4:b5:6c:1c:2e:80:eb:d0:97:5f:71:48:8a:79:f7:
+ 05:ee:2b:96:ef:b9:68:0d:fa:86:73:c7:30:3f:22:81:ea:cf:
+ 46:3a:4b:4d:31:39:29:5d:1a:b8:44:ae:12:f1:18:ea:de:55:
+ 47:f4:1c:77:07:34:41:cf:1c:f1:1c:f8:0d:63:c1:e8:b4:98:
+ e7:cb:c1:2d:96:b3:5a:21:6e:fa:e7:e1:15:87:84:c9:71:31:
+ 5f:6f:93:98:7f:ca:00:d3:8d:96:bb:b5:03:af:c0:4d:4e:a2:
+ a5:97
+-----BEGIN CERTIFICATE-----
+MIICCjCCAXOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3
+MTExMjA2NTg1N1owMTELMAkGA1UEBhMCU0UxIjAgBgNVBAMMGVRlc3QgY2VydCBL
+ZXlFbmNpcGhlcm1lbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1qCW1l
+/S+mAnRIWVrWsc/SMGAhkr/tlNHf6d63wsVdyHun8rPgG3i6qLpL7pVcBncQOb7l
+TErwHpag33d6egbOlbDZ/axLhUWxfKVRr7jDgm8hCTcDsGHgBEaocVamNmd5QuHv
+vygdoO8CbiZg4f4FlXKHucEIju3c/XEGFYB5AgMBAAGjOTA3MAkGA1UdEwQCMAAw
+CwYDVR0PBAQDAgVgMB0GA1UdDgQWBBQX8/SL0c3Uo9mdoA5uUu4RA4UybzANBgkq
+hkiG9w0BAQUFAAOBgQBfHYbCvevHda227MgQlk+Lsja0e7rEtWwcLoDr0JdfcUiK
+efcF7iuW77loDfqGc8cwPyKB6s9GOktNMTkpXRq4RK4S8Rjq3lVH9Bx3BzRBzxzx
+HPgNY8HotJjny8EtlrNaIW765+EVh4TJcTFfb5OYf8oA042Wu7UDr8BNTqKllw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-ke-only.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9agltZf0vpgJ0SFla1rHP0jBgIZK/7ZTR3+net8LFXch7p/Kz
+4Bt4uqi6S+6VXAZ3EDm+5UxK8B6WoN93enoGzpWw2f2sS4VFsXylUa+4w4JvIQk3
+A7Bh4ARGqHFWpjZneULh778oHaDvAm4mYOH+BZVyh7nBCI7t3P1xBhWAeQIDAQAB
+AoGASR2vee1OqJ/6foyXAXuys7g9OD59eVzqf4Fhs7lXk/w5sZIJG+o8cIQNMayx
+8jHNxRQcVlYI9zxtclOzL1m11FPRgP6oVicPdIbKf/9JQhjlq/RgX/N66iBSPOW3
+80RtZ0G9pI+9RQN3sG1t39sXyMZJz5ApkcrsIfkX7Ej8tAkCQQD1mqP32MjUIpDc
+x15ybBXib7E/27f/aM04Zg4D1WLkYANmUKFLiNeKKEIy+R6iQ9bqcWdh/u2Pu08e
+I9eusolbAkEAxW6GQOihK5hsmKY7QdrORP6I6g8nqu/esiN1/LMtIVZdHtuaLxea
+3XUIewnK1h5d2eKXyWjMgT8o5y/XtT5xuwJAVW7mbJeHPGuNso7TZr/8WNj7cjgu
+5/R/toehhmnazZAsfpG7mbfPKirY5DxOEKnCf6jVCnyQDHhejCBxrT5DkwJBALrW
+MW7Tt1JOWNbM2V8k9fcM+fymgt+dSJ5EOK//0EGwPUeqgmr2Z7QTwQbO6YlgC2ja
+qtILvxzA7LB78iKvCWkCQQCOPkDbIzy5JM8AZtUFYb7PqJBb5fHDg3wiKWXiTh8+
+eaBxDdbBxCsamPLwfP2cguCvVv9yz3ODA9Aopny9iAv3
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-nopw.p12
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-nopw.p12
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-nopw.p12 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-nopw.p12 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-nopw.p12
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-pw.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-pw.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-pw.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,B9B1B14B38E4ED57E3F9D8DFA7FEB086
+
+mgUkuZfb6TTZ+69kLKbHpwfSYmY1tRMeIuuqcY6qdNpF70kiZ6BylMYzGG29OZJQ
+ttiYmYz1zFYVhWrnpGnK7Raa7CHaohlcPfiUBD2lRzNmj6xYAJdooiR9kWNnZZe5
+JTOpLuokpSWSqgS58AB1BLkK67JGTEhF3iDwPff/oVBjW5X/VMRd62RfDk32MJmd
+nd+xNdBeKk7nXwMITZyv3n5KayVohNSpFblIAwl/k8BDLavIKboZtJDqw9LyRpWC
+KLtToAWTO7pvZcOoK9yIhM5TtbZkp7pQrebGjoYkvdF84i4oVS85q8swwsw7BFq5
+s8AVbdC0kcj5tfSaJYxFonyj5BHiEc1k1CLkcn0Aff1DhW/vR93W28UgQBT11Lxf
+bvHxCSIGp6TKut7Jr1FGs6tzU5eTI2AlWeWJBoANDD2HaKnouRQfDEf8pHP9Odxg
+nOQ4HinpwpylimqisYqHbeocO5izz1xioze82SxYQTUGj+gCViSBIBesVaZ31DGm
+3ECN94ItCm9z6zAeMNtUdLkTY6rPeetwrXXcrWddD7p5c1HdWEEQHU1HilunQc6N
+I39udeWfW0HlINxKu7IgOepNipdw9EFUPtY1LGP+2Xa3ezi8saXPbsq0i/0looWf
+dhjvWke/uwi16zwDKL25pNSmSAKyhD+P46f5pcf1yk1MbMkFbfTrHzcxOIN1Fd5m
+rFVJTUnVonQinb8cEyqgg/2ufvOe6AnaIqjsKdFUQthYrCg6Voupis+SXRbIefhr
+diiBsOoIu8O38I9R6KmSs+CYTBeChWmt1sAJudRIgZ3v5vTm734qwlxijL4sSkYQ
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr-nocerts
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr-nocerts
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr-nocerts 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr-nocerts 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test-signed-data-noattr-nocerts
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test.combined.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test.combined.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test.combined.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,68 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:56 2007 GMT
+ Not After : Nov 12 06:58:56 2017 GMT
+ Subject: C=SE, CN=Test cert
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49:
+ 65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4:
+ ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3:
+ 48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db:
+ 35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52:
+ 43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa:
+ b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10:
+ 93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37:
+ 3a:45:71:fa:62:af:90:5e:c3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB
+ Signature Algorithm: sha1WithRSAEncryption
+ 88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5:
+ 79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd:
+ f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4:
+ 71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be:
+ 14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71:
+ 07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df:
+ 98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b:
+ 43:7a
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
+MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW
+DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU
+pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R
+/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD
+VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4
+7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa
+Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL
+fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3
+LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN
+/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB
+AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt
+4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI
+0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+
+iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU
+pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4
+aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU
+RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA
+1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD
+OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle
+r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw==
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test.crt
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test.crt (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=hx509 Test Root CA, C=SE
+ Validity
+ Not Before: Nov 15 06:58:56 2007 GMT
+ Not After : Nov 12 06:58:56 2017 GMT
+ Subject: C=SE, CN=Test cert
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49:
+ 65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4:
+ ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3:
+ 48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db:
+ 35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52:
+ 43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa:
+ b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10:
+ 93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37:
+ 3a:45:71:fa:62:af:90:5e:c3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB
+ Signature Algorithm: sha1WithRSAEncryption
+ 88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5:
+ 79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd:
+ f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4:
+ 71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be:
+ 14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71:
+ 07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df:
+ 98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b:
+ 43:7a
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
+OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3
+MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW
+DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU
+pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R
+/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD
+VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4
+7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa
+Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL
+fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3
+LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN
+/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB
+AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt
+4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI
+0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+
+iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU
+pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4
+aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU
+RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA
+1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD
+OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle
+r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw==
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/test.p12
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/lib/hx509/data/test.p12
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/test.p12 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/test.p12 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/lib/hx509/data/test.p12
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-ca.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-ca.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-ca.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
+UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
+MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
+dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
+VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
+z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
+tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
+aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
+y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
+uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-cert.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-cert.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-broken-cert.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
+UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
+BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
+6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
+M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
+340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
+EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
+BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O
+Kw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-ca.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-ca.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-ca.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK
+UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd
+MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28
+dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r
+VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S
+z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh
+tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH
+aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK
+y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8
+uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-cert.pem
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-cert.pem (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad-ok-cert.pem 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV
+BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx
+LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK
+UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV
+BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG
+6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf
+M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV
+HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU
+340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK
+EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN
+BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU
+cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7
+Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg
+Dw==
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad.key
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad.key (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/data/yutaka-pad.key 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9KlnqKD0Ol4oHrSHuKLVGK026+Sfgg058ReMKM9IXCYhsYmqf
+Ja8pOIwrOC4RiQboJkBuzHji3eS+xUN5R3lZkFGAyh5B3W00kFTgFfE4DxtXN3Cy
+3No95659C1kO8p8zh6P5+j+P2Vgf250K6DWG5o3JtwK2KPMaieR11fgkRQIDAQAB
+AoGBAJCYvwJun713uNsFTNpv46EvmMtDiWfk9ymnglVaJ03Uy6ON11Kvy6UGxJ6E
+4zIkPFNYaghH5GAGncP1pg4exHKRGJTNcQbMf9iOsCTOuvKSWbBZpnJcFllKyESK
+PTt72D6x/cuzDXVTeWvQMoOILa09szW7aqFNIdxae4Vq7a4BAkEA6MoehuRtZ4N9
+Jtc9cIpSKOOatZ1UajWEFV2yVHaDED2kkWxKjppPzRn06LzX8LWm1RT0qe3Zyasi
+iXCXlno/+QJBANAGvY+k/+OvzWnv1yTKO8OmrMqkSzh3KAhFbiVWdQaqMSCWtKYk
+GoOKnq0PB73ExhdbTFmxC4KBPHTC2guOca0CQCD78pNebnoKUYNdYCFAGCAfD97H
+6hwadRqp6gi5uhxk/5pzY6UNDF2dXexURayfsIHktD4Xq5I9o2kiAPibXdECQQDC
+KihwlL9K02JVSMl0y1XxDfclxSd4cq9o2PUv4HymVeA43LGMiRI+SPpF6Ut+ctW6
+IzsmVDu7+chl6yD9vFyZAkA3Auv9UxKL3kPtvu5G/lrCVmwzVfAzuwtnmSfp1+M5
+yTYBz+VFSsYrdlDZ3jdLnFzVOMiIm9pZca/L93QjmXJ+
+-----END RSA PRIVATE KEY-----
Added: vendor-crypto/heimdal/dist/lib/hx509/doxygen.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/doxygen.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/doxygen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/** @mainpage Heimdal PKIX/X.509 library
+ *
+ * @section intro Introduction
+ *
+ * Heimdal libhx509 library is a implementation of the PKIX/X.509 and
+ * related protocols.
+ *
+ * PKIX/X.509 is ...
+ *
+ *
+ * Sections in this manual are:
+ * - @ref page_name
+ * - @ref page_cert
+ * - @ref page_keyset
+ * - @ref page_error
+ * - @ref page_lock
+ * - @ref page_cms
+ * - @ref page_ca
+ * - @ref page_revoke
+ * - @ref page_print
+ * - @ref page_env
+ *
+ * The project web page:
+ * http://www.h5l.org/
+ *
+ */
+
+/** @defgroup hx509 hx509 library */
+
+/** @defgroup hx509_error hx509 error functions
+ * See the @ref page_error for description and examples. */
+/** @defgroup hx509_cert hx509 certificate functions
+ * See the @ref page_cert for description and examples. */
+/** @defgroup hx509_keyset hx509 certificate store functions
+ * See the @ref page_keyset for description and examples. */
+/** @defgroup hx509_cms hx509 CMS/pkcs7 functions
+ * See the @ref page_cms for description and examples. */
+/** @defgroup hx509_crypto hx509 crypto functions */
+/** @defgroup hx509_misc hx509 misc functions */
+/** @defgroup hx509_name hx509 name functions
+ * See the @ref page_name for description and examples. */
+/** @defgroup hx509_revoke hx509 revokation checking functions
+ * See the @ref page_revoke for description and examples. */
+/** @defgroup hx509_verify hx509 verification functions */
+/** @defgroup hx509_lock hx509 lock functions
+ * See the @ref page_lock for description and examples. */
+/** @defgroup hx509_query hx509 query functions */
+/** @defgroup hx509_ca hx509 CA functions
+ * See the @ref page_ca for description and examples. */
+/** @defgroup hx509_peer hx509 certificate selecting functions */
+/** @defgroup hx509_print hx509 printing functions */
+/** @defgroup hx509_env hx509 enviroment functions */
Added: vendor-crypto/heimdal/dist/lib/hx509/env.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/env.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/env.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: env.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_env Hx509 enviroment functions
+ *
+ * See the library functions here: @ref hx509_env
+ */
+
+struct hx509_env {
+ struct {
+ char *key;
+ char *value;
+ } *val;
+ size_t len;
+};
+
+/**
+ * Allocate a new hx509_env container object.
+ *
+ * @param context A hx509 context.
+ * @param env return a hx509_env structure, free with hx509_env_free().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_env
+ */
+
+int
+hx509_env_init(hx509_context context, hx509_env *env)
+{
+ *env = calloc(1, sizeof(**env));
+ if (*env == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+/**
+ * Add a new key/value pair to the hx509_env.
+ *
+ * @param context A hx509 context.
+ * @param env enviroment to add the enviroment variable too.
+ * @param key key to add
+ * @param value value to add
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_env
+ */
+
+int
+hx509_env_add(hx509_context context, hx509_env env,
+ const char *key, const char *value)
+{
+ void *ptr;
+
+ ptr = realloc(env->val, sizeof(env->val[0]) * (env->len + 1));
+ if (ptr == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ env->val = ptr;
+ env->val[env->len].key = strdup(key);
+ if (env->val[env->len].key == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ env->val[env->len].value = strdup(value);
+ if (env->val[env->len].value == NULL) {
+ free(env->val[env->len].key);
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ env->len++;
+ return 0;
+}
+
+/**
+ * Search the hx509_env for a key.
+ *
+ * @param context A hx509 context.
+ * @param env enviroment to add the enviroment variable too.
+ * @param key key to search for.
+ * @param len length of key.
+ *
+ * @return the value if the key is found, NULL otherwise.
+ *
+ * @ingroup hx509_env
+ */
+
+const char *
+hx509_env_lfind(hx509_context context, hx509_env env,
+ const char *key, size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < env->len; i++) {
+ char *s = env->val[i].key;
+ if (strncmp(key, s, len) == 0 && s[len] == '\0')
+ return env->val[i].value;
+ }
+ return NULL;
+}
+
+/**
+ * Free an hx509_env enviroment context.
+ *
+ * @param env the enviroment to free.
+ *
+ * @ingroup hx509_env
+ */
+
+void
+hx509_env_free(hx509_env *env)
+{
+ size_t i;
+
+ for (i = 0; i < (*env)->len; i++) {
+ free((*env)->val[i].key);
+ free((*env)->val[i].value);
+ }
+ free((*env)->val);
+ free(*env);
+ *env = NULL;
+}
+
Added: vendor-crypto/heimdal/dist/lib/hx509/error.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/error.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/error.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: error.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_error Hx509 error reporting functions
+ *
+ * See the library functions here: @ref hx509_error
+ */
+
+struct hx509_error_data {
+ hx509_error next;
+ int code;
+ char *msg;
+};
+
+static void
+free_error_string(hx509_error msg)
+{
+ while(msg) {
+ hx509_error m2 = msg->next;
+ free(msg->msg);
+ free(msg);
+ msg = m2;
+ }
+}
+
+/**
+ * Resets the error strings the hx509 context.
+ *
+ * @param context A hx509 context.
+ *
+ * @ingroup hx509_error
+ */
+
+void
+hx509_clear_error_string(hx509_context context)
+{
+ free_error_string(context->error);
+ context->error = NULL;
+}
+
+/**
+ * Add an error message to the hx509 context.
+ *
+ * @param context A hx509 context.
+ * @param flags
+ * - HX509_ERROR_APPEND appends the error string to the old messages
+ (code is updated).
+ * @param code error code related to error message
+ * @param fmt error message format
+ * @param ap arguments to error message format
+ *
+ * @ingroup hx509_error
+ */
+
+void
+hx509_set_error_stringv(hx509_context context, int flags, int code,
+ const char *fmt, va_list ap)
+{
+ hx509_error msg;
+
+ msg = calloc(1, sizeof(*msg));
+ if (msg == NULL) {
+ hx509_clear_error_string(context);
+ return;
+ }
+
+ if (vasprintf(&msg->msg, fmt, ap) == -1) {
+ hx509_clear_error_string(context);
+ free(msg);
+ return;
+ }
+ msg->code = code;
+
+ if (flags & HX509_ERROR_APPEND) {
+ msg->next = context->error;
+ context->error = msg;
+ } else {
+ free_error_string(context->error);
+ context->error = msg;
+ }
+}
+
+/**
+ * See hx509_set_error_stringv().
+ *
+ * @param context A hx509 context.
+ * @param flags
+ * - HX509_ERROR_APPEND appends the error string to the old messages
+ (code is updated).
+ * @param code error code related to error message
+ * @param fmt error message format
+ * @param ... arguments to error message format
+ *
+ * @ingroup hx509_error
+ */
+
+void
+hx509_set_error_string(hx509_context context, int flags, int code,
+ const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ hx509_set_error_stringv(context, flags, code, fmt, ap);
+ va_end(ap);
+}
+
+/**
+ * Get an error string from context associated with error_code.
+ *
+ * @param context A hx509 context.
+ * @param error_code Get error message for this error code.
+ *
+ * @return error string, free with hx509_free_error_string().
+ *
+ * @ingroup hx509_error
+ */
+
+char *
+hx509_get_error_string(hx509_context context, int error_code)
+{
+ struct rk_strpool *p = NULL;
+ hx509_error msg = context->error;
+
+ if (msg == NULL || msg->code != error_code) {
+ const char *cstr;
+ char *str;
+
+ cstr = com_right(context->et_list, error_code);
+ if (cstr)
+ return strdup(cstr);
+ cstr = strerror(error_code);
+ if (cstr)
+ return strdup(cstr);
+ if (asprintf(&str, "<unknown error: %d>", error_code) == -1)
+ return NULL;
+ return str;
+ }
+
+ for (msg = context->error; msg; msg = msg->next)
+ p = rk_strpoolprintf(p, "%s%s", msg->msg,
+ msg->next != NULL ? "; " : "");
+
+ return rk_strpoolcollect(p);
+}
+
+/**
+ * Free error string returned by hx509_get_error_string().
+ *
+ * @param str error string to free.
+ *
+ * @ingroup hx509_error
+ */
+
+void
+hx509_free_error_string(char *str)
+{
+ free(str);
+}
+
+/**
+ * Print error message and fatally exit from error code
+ *
+ * @param context A hx509 context.
+ * @param exit_code exit() code from process.
+ * @param error_code Error code for the reason to exit.
+ * @param fmt format string with the exit message.
+ * @param ... argument to format string.
+ *
+ * @ingroup hx509_error
+ */
+
+void
+hx509_err(hx509_context context, int exit_code,
+ int error_code, const char *fmt, ...)
+{
+ va_list ap;
+ const char *msg;
+ char *str;
+
+ va_start(ap, fmt);
+ vasprintf(&str, fmt, ap);
+ va_end(ap);
+ msg = hx509_get_error_string(context, error_code);
+ if (msg == NULL)
+ msg = "no error";
+
+ errx(exit_code, "%s: %s", str, msg);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/file.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/file.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/file.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,376 @@
+/*
+ * Copyright (c) 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$ID$");
+
+int
+_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb)
+{
+ size_t length;
+ void *data;
+ int ret;
+
+ ret = _hx509_map_file(fn, &data, &length, rsb);
+
+ os->data = data;
+ os->length = length;
+
+ return ret;
+}
+
+void
+_hx509_unmap_file_os(heim_octet_string *os)
+{
+ _hx509_unmap_file(os->data, os->length);
+}
+
+int
+_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb)
+{
+ struct stat sb;
+ size_t len;
+ ssize_t l;
+ int ret;
+ void *d;
+ int fd;
+
+ *data = NULL;
+ *length = 0;
+
+ fd = open(fn, O_RDONLY);
+ if (fd < 0)
+ return errno;
+
+ if (fstat(fd, &sb) < 0) {
+ ret = errno;
+ close(fd);
+ return ret;
+ }
+
+ len = sb.st_size;
+
+ d = malloc(len);
+ if (d == NULL) {
+ close(fd);
+ return ENOMEM;
+ }
+
+ l = read(fd, d, len);
+ close(fd);
+ if (l < 0 || l != len) {
+ free(d);
+ return EINVAL;
+ }
+
+ if (rsb)
+ *rsb = sb;
+ *data = d;
+ *length = len;
+ return 0;
+}
+
+void
+_hx509_unmap_file(void *data, size_t len)
+{
+ free(data);
+}
+
+int
+_hx509_write_file(const char *fn, const void *data, size_t length)
+{
+ ssize_t sz;
+ const unsigned char *p = data;
+ int fd;
+
+ fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644);
+ if (fd < 0)
+ return errno;
+
+ do {
+ sz = write(fd, p, length);
+ if (sz < 0) {
+ int saved_errno = errno;
+ close(fd);
+ return saved_errno;
+ }
+ if (sz == 0)
+ break;
+ length -= sz;
+ } while (length > 0);
+
+ if (close(fd) == -1)
+ return errno;
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static void
+header(FILE *f, const char *type, const char *str)
+{
+ fprintf(f, "-----%s %s-----\n", type, str);
+}
+
+int
+hx509_pem_write(hx509_context context, const char *type,
+ hx509_pem_header *headers, FILE *f,
+ const void *data, size_t size)
+{
+ const char *p = data;
+ size_t length;
+ char *line;
+
+#define ENCODE_LINE_LENGTH 54
+
+ header(f, "BEGIN", type);
+
+ while (headers) {
+ fprintf(f, "%s: %s\n%s",
+ headers->header, headers->value,
+ headers->next ? "" : "\n");
+ headers = headers->next;
+ }
+
+ while (size > 0) {
+ ssize_t l;
+
+ length = size;
+ if (length > ENCODE_LINE_LENGTH)
+ length = ENCODE_LINE_LENGTH;
+
+ l = base64_encode(p, length, &line);
+ if (l < 0) {
+ hx509_set_error_string(context, 0, ENOMEM,
+ "malloc - out of memory");
+ return ENOMEM;
+ }
+ size -= length;
+ fprintf(f, "%s\n", line);
+ p += length;
+ free(line);
+ }
+
+ header(f, "END", type);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+int
+hx509_pem_add_header(hx509_pem_header **headers,
+ const char *header, const char *value)
+{
+ hx509_pem_header *h;
+
+ h = calloc(1, sizeof(*h));
+ if (h == NULL)
+ return ENOMEM;
+ h->header = strdup(header);
+ if (h->header == NULL) {
+ free(h);
+ return ENOMEM;
+ }
+ h->value = strdup(value);
+ if (h->value == NULL) {
+ free(h->header);
+ free(h);
+ return ENOMEM;
+ }
+
+ h->next = *headers;
+ *headers = h;
+
+ return 0;
+}
+
+void
+hx509_pem_free_header(hx509_pem_header *headers)
+{
+ hx509_pem_header *h;
+ while (headers) {
+ h = headers;
+ headers = headers->next;
+ free(h->header);
+ free(h->value);
+ free(h);
+ }
+}
+
+/*
+ *
+ */
+
+const char *
+hx509_pem_find_header(const hx509_pem_header *h, const char *header)
+{
+ while(h) {
+ if (strcmp(header, h->header) == 0)
+ return h->value;
+ h = h->next;
+ }
+ return NULL;
+}
+
+
+/*
+ *
+ */
+
+int
+hx509_pem_read(hx509_context context,
+ FILE *f,
+ hx509_pem_read_func func,
+ void *ctx)
+{
+ hx509_pem_header *headers = NULL;
+ char *type = NULL;
+ void *data = NULL;
+ size_t len = 0;
+ char buf[1024];
+ int ret = HX509_PARSING_KEY_FAILED;
+
+ enum { BEFORE, SEARCHHEADER, INHEADER, INDATA, DONE } where;
+
+ where = BEFORE;
+
+ while (fgets(buf, sizeof(buf), f) != NULL) {
+ char *p;
+ int i;
+
+ i = strcspn(buf, "\n");
+ if (buf[i] == '\n') {
+ buf[i] = '\0';
+ if (i > 0)
+ i--;
+ }
+ if (buf[i] == '\r') {
+ buf[i] = '\0';
+ if (i > 0)
+ i--;
+ }
+
+ switch (where) {
+ case BEFORE:
+ if (strncmp("-----BEGIN ", buf, 11) == 0) {
+ type = strdup(buf + 11);
+ if (type == NULL)
+ break;
+ p = strchr(type, '-');
+ if (p)
+ *p = '\0';
+ where = SEARCHHEADER;
+ }
+ break;
+ case SEARCHHEADER:
+ p = strchr(buf, ':');
+ if (p == NULL) {
+ where = INDATA;
+ goto indata;
+ }
+ /* FALLTHOUGH */
+ case INHEADER:
+ if (buf[0] == '\0') {
+ where = INDATA;
+ break;
+ }
+ p = strchr(buf, ':');
+ if (p) {
+ *p++ = '\0';
+ while (isspace((int)*p))
+ p++;
+ ret = hx509_pem_add_header(&headers, buf, p);
+ if (ret)
+ abort();
+ }
+ break;
+ case INDATA:
+ indata:
+
+ if (strncmp("-----END ", buf, 9) == 0) {
+ where = DONE;
+ break;
+ }
+
+ p = emalloc(i);
+ i = base64_decode(buf, p);
+ if (i < 0) {
+ free(p);
+ goto out;
+ }
+
+ data = erealloc(data, len + i);
+ memcpy(((char *)data) + len, p, i);
+ free(p);
+ len += i;
+ break;
+ case DONE:
+ abort();
+ }
+
+ if (where == DONE) {
+ ret = (*func)(context, type, headers, data, len, ctx);
+ out:
+ free(data);
+ data = NULL;
+ len = 0;
+ free(type);
+ type = NULL;
+ where = BEFORE;
+ hx509_pem_free_header(headers);
+ headers = NULL;
+ if (ret)
+ break;
+ }
+ }
+
+ if (where != BEFORE) {
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "File ends before end of PEM end tag");
+ ret = HX509_PARSING_KEY_FAILED;
+ }
+ if (data)
+ free(data);
+ if (type)
+ free(type);
+ if (headers)
+ hx509_pem_free_header(headers);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/hx509-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hx509-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hx509-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,529 @@
+/* This is a generated file */
+#ifndef __hx509_private_h__
+#define __hx509_private_h__
+
+#include <stdarg.h>
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+int
+_hx509_AlgorithmIdentifier_cmp (
+ const AlgorithmIdentifier */*p*/,
+ const AlgorithmIdentifier */*q*/);
+
+int
+_hx509_Certificate_cmp (
+ const Certificate */*p*/,
+ const Certificate */*q*/);
+
+int
+_hx509_Name_to_string (
+ const Name */*n*/,
+ char **/*str*/);
+
+time_t
+_hx509_Time2time_t (const Time */*t*/);
+
+void
+_hx509_abort (
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((noreturn, format (printf, 1, 2)));
+
+int
+_hx509_calculate_path (
+ hx509_context /*context*/,
+ int /*flags*/,
+ time_t /*time_now*/,
+ hx509_certs /*anchors*/,
+ unsigned int /*max_depth*/,
+ hx509_cert /*cert*/,
+ hx509_certs /*pool*/,
+ hx509_path */*path*/);
+
+int
+_hx509_cert_assign_key (
+ hx509_cert /*cert*/,
+ hx509_private_key /*private_key*/);
+
+int
+_hx509_cert_get_eku (
+ hx509_context /*context*/,
+ hx509_cert /*cert*/,
+ ExtKeyUsage */*e*/);
+
+int
+_hx509_cert_get_keyusage (
+ hx509_context /*context*/,
+ hx509_cert /*c*/,
+ KeyUsage */*ku*/);
+
+int
+_hx509_cert_get_version (const Certificate */*t*/);
+
+int
+_hx509_cert_is_parent_cmp (
+ const Certificate */*subject*/,
+ const Certificate */*issuer*/,
+ int /*allow_self_signed*/);
+
+int
+_hx509_cert_private_decrypt (
+ hx509_context /*context*/,
+ const heim_octet_string */*ciphertext*/,
+ const heim_oid */*encryption_oid*/,
+ hx509_cert /*p*/,
+ heim_octet_string */*cleartext*/);
+
+hx509_private_key
+_hx509_cert_private_key (hx509_cert /*p*/);
+
+int
+_hx509_cert_private_key_exportable (hx509_cert /*p*/);
+
+int
+_hx509_cert_public_encrypt (
+ hx509_context /*context*/,
+ const heim_octet_string */*cleartext*/,
+ const hx509_cert /*p*/,
+ heim_oid */*encryption_oid*/,
+ heim_octet_string */*ciphertext*/);
+
+void
+_hx509_cert_set_release (
+ hx509_cert /*cert*/,
+ _hx509_cert_release_func /*release*/,
+ void */*ctx*/);
+
+int
+_hx509_certs_keys_add (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_private_key /*key*/);
+
+void
+_hx509_certs_keys_free (
+ hx509_context /*context*/,
+ hx509_private_key */*keys*/);
+
+int
+_hx509_certs_keys_get (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_private_key **/*keys*/);
+
+hx509_certs
+_hx509_certs_ref (hx509_certs /*certs*/);
+
+int
+_hx509_check_key_usage (
+ hx509_context /*context*/,
+ hx509_cert /*cert*/,
+ unsigned /*flags*/,
+ int /*req_present*/);
+
+int
+_hx509_collector_alloc (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/,
+ struct hx509_collector **/*collector*/);
+
+int
+_hx509_collector_certs_add (
+ hx509_context /*context*/,
+ struct hx509_collector */*c*/,
+ hx509_cert /*cert*/);
+
+int
+_hx509_collector_collect_certs (
+ hx509_context /*context*/,
+ struct hx509_collector */*c*/,
+ hx509_certs */*ret_certs*/);
+
+int
+_hx509_collector_collect_private_keys (
+ hx509_context /*context*/,
+ struct hx509_collector */*c*/,
+ hx509_private_key **/*keys*/);
+
+void
+_hx509_collector_free (struct hx509_collector */*c*/);
+
+hx509_lock
+_hx509_collector_get_lock (struct hx509_collector */*c*/);
+
+int
+_hx509_collector_private_key_add (
+ hx509_context /*context*/,
+ struct hx509_collector */*c*/,
+ const AlgorithmIdentifier */*alg*/,
+ hx509_private_key /*private_key*/,
+ const heim_octet_string */*key_data*/,
+ const heim_octet_string */*localKeyId*/);
+
+int
+_hx509_create_signature (
+ hx509_context /*context*/,
+ const hx509_private_key /*signer*/,
+ const AlgorithmIdentifier */*alg*/,
+ const heim_octet_string */*data*/,
+ AlgorithmIdentifier */*signatureAlgorithm*/,
+ heim_octet_string */*sig*/);
+
+int
+_hx509_create_signature_bitstring (
+ hx509_context /*context*/,
+ const hx509_private_key /*signer*/,
+ const AlgorithmIdentifier */*alg*/,
+ const heim_octet_string */*data*/,
+ AlgorithmIdentifier */*signatureAlgorithm*/,
+ heim_bit_string */*sig*/);
+
+int
+_hx509_find_extension_subject_key_id (
+ const Certificate */*issuer*/,
+ SubjectKeyIdentifier */*si*/);
+
+int
+_hx509_generate_private_key (
+ hx509_context /*context*/,
+ struct hx509_generate_private_context */*ctx*/,
+ hx509_private_key */*private_key*/);
+
+int
+_hx509_generate_private_key_bits (
+ hx509_context /*context*/,
+ struct hx509_generate_private_context */*ctx*/,
+ unsigned long /*bits*/);
+
+void
+_hx509_generate_private_key_free (struct hx509_generate_private_context **/*ctx*/);
+
+int
+_hx509_generate_private_key_init (
+ hx509_context /*context*/,
+ const heim_oid */*oid*/,
+ struct hx509_generate_private_context **/*ctx*/);
+
+int
+_hx509_generate_private_key_is_ca (
+ hx509_context /*context*/,
+ struct hx509_generate_private_context */*ctx*/);
+
+Certificate *
+_hx509_get_cert (hx509_cert /*cert*/);
+
+void
+_hx509_ks_dir_register (hx509_context /*context*/);
+
+void
+_hx509_ks_file_register (hx509_context /*context*/);
+
+void
+_hx509_ks_keychain_register (hx509_context /*context*/);
+
+void
+_hx509_ks_mem_register (hx509_context /*context*/);
+
+void
+_hx509_ks_null_register (hx509_context /*context*/);
+
+void
+_hx509_ks_pkcs11_register (hx509_context /*context*/);
+
+void
+_hx509_ks_pkcs12_register (hx509_context /*context*/);
+
+void
+_hx509_ks_register (
+ hx509_context /*context*/,
+ struct hx509_keyset_ops */*ops*/);
+
+int
+_hx509_lock_find_cert (
+ hx509_lock /*lock*/,
+ const hx509_query */*q*/,
+ hx509_cert */*c*/);
+
+const struct _hx509_password *
+_hx509_lock_get_passwords (hx509_lock /*lock*/);
+
+hx509_certs
+_hx509_lock_unlock_certs (hx509_lock /*lock*/);
+
+int
+_hx509_map_file (
+ const char */*fn*/,
+ void **/*data*/,
+ size_t */*length*/,
+ struct stat */*rsb*/);
+
+int
+_hx509_map_file_os (
+ const char */*fn*/,
+ heim_octet_string */*os*/,
+ struct stat */*rsb*/);
+
+int
+_hx509_match_keys (
+ hx509_cert /*c*/,
+ hx509_private_key /*private_key*/);
+
+int
+_hx509_name_cmp (
+ const Name */*n1*/,
+ const Name */*n2*/);
+
+int
+_hx509_name_ds_cmp (
+ const DirectoryString */*ds1*/,
+ const DirectoryString */*ds2*/);
+
+int
+_hx509_name_from_Name (
+ const Name */*n*/,
+ hx509_name */*name*/);
+
+int
+_hx509_name_modify (
+ hx509_context /*context*/,
+ Name */*name*/,
+ int /*append*/,
+ const heim_oid */*oid*/,
+ const char */*str*/);
+
+int
+_hx509_parse_private_key (
+ hx509_context /*context*/,
+ const heim_oid */*key_oid*/,
+ const void */*data*/,
+ size_t /*len*/,
+ hx509_private_key */*private_key*/);
+
+int
+_hx509_path_append (
+ hx509_context /*context*/,
+ hx509_path */*path*/,
+ hx509_cert /*cert*/);
+
+void
+_hx509_path_free (hx509_path */*path*/);
+
+int
+_hx509_pbe_decrypt (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/,
+ const AlgorithmIdentifier */*ai*/,
+ const heim_octet_string */*econtent*/,
+ heim_octet_string */*content*/);
+
+int
+_hx509_pbe_encrypt (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/,
+ const AlgorithmIdentifier */*ai*/,
+ const heim_octet_string */*content*/,
+ heim_octet_string */*econtent*/);
+
+void
+_hx509_pi_printf (
+ int (*/*func*/)(void *, const char *),
+ void */*ctx*/,
+ const char */*fmt*/,
+ ...);
+
+int
+_hx509_private_key2SPKI (
+ hx509_context /*context*/,
+ hx509_private_key /*private_key*/,
+ SubjectPublicKeyInfo */*spki*/);
+
+void
+_hx509_private_key_assign_rsa (
+ hx509_private_key /*key*/,
+ void */*ptr*/);
+
+int
+_hx509_private_key_export (
+ hx509_context /*context*/,
+ const hx509_private_key /*key*/,
+ heim_octet_string */*data*/);
+
+int
+_hx509_private_key_exportable (hx509_private_key /*key*/);
+
+int
+_hx509_private_key_free (hx509_private_key */*key*/);
+
+BIGNUM *
+_hx509_private_key_get_internal (
+ hx509_context /*context*/,
+ hx509_private_key /*key*/,
+ const char */*type*/);
+
+int
+_hx509_private_key_init (
+ hx509_private_key */*key*/,
+ hx509_private_key_ops */*ops*/,
+ void */*keydata*/);
+
+int
+_hx509_private_key_oid (
+ hx509_context /*context*/,
+ const hx509_private_key /*key*/,
+ heim_oid */*data*/);
+
+int
+_hx509_private_key_private_decrypt (
+ hx509_context /*context*/,
+ const heim_octet_string */*ciphertext*/,
+ const heim_oid */*encryption_oid*/,
+ hx509_private_key /*p*/,
+ heim_octet_string */*cleartext*/);
+
+hx509_private_key
+_hx509_private_key_ref (hx509_private_key /*key*/);
+
+const char *
+_hx509_private_pem_name (hx509_private_key /*key*/);
+
+int
+_hx509_public_encrypt (
+ hx509_context /*context*/,
+ const heim_octet_string */*cleartext*/,
+ const Certificate */*cert*/,
+ heim_oid */*encryption_oid*/,
+ heim_octet_string */*ciphertext*/);
+
+void
+_hx509_query_clear (hx509_query */*q*/);
+
+int
+_hx509_query_match_cert (
+ hx509_context /*context*/,
+ const hx509_query */*q*/,
+ hx509_cert /*cert*/);
+
+void
+_hx509_query_statistic (
+ hx509_context /*context*/,
+ int /*type*/,
+ const hx509_query */*q*/);
+
+int
+_hx509_request_add_dns_name (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ const char */*hostname*/);
+
+int
+_hx509_request_add_eku (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ const heim_oid */*oid*/);
+
+int
+_hx509_request_add_email (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ const char */*email*/);
+
+void
+_hx509_request_free (hx509_request */*req*/);
+
+int
+_hx509_request_get_SubjectPublicKeyInfo (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ SubjectPublicKeyInfo */*key*/);
+
+int
+_hx509_request_get_name (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ hx509_name */*name*/);
+
+int
+_hx509_request_init (
+ hx509_context /*context*/,
+ hx509_request */*req*/);
+
+int
+_hx509_request_parse (
+ hx509_context /*context*/,
+ const char */*path*/,
+ hx509_request */*req*/);
+
+int
+_hx509_request_print (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ FILE */*f*/);
+
+int
+_hx509_request_set_SubjectPublicKeyInfo (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ const SubjectPublicKeyInfo */*key*/);
+
+int
+_hx509_request_set_name (
+ hx509_context /*context*/,
+ hx509_request /*req*/,
+ hx509_name /*name*/);
+
+int
+_hx509_request_to_pkcs10 (
+ hx509_context /*context*/,
+ const hx509_request /*req*/,
+ const hx509_private_key /*signer*/,
+ heim_octet_string */*request*/);
+
+hx509_revoke_ctx
+_hx509_revoke_ref (hx509_revoke_ctx /*ctx*/);
+
+int
+_hx509_set_cert_attribute (
+ hx509_context /*context*/,
+ hx509_cert /*cert*/,
+ const heim_oid */*oid*/,
+ const heim_octet_string */*attr*/);
+
+void
+_hx509_unmap_file (
+ void */*data*/,
+ size_t /*len*/);
+
+void
+_hx509_unmap_file_os (heim_octet_string */*os*/);
+
+int
+_hx509_unparse_Name (
+ const Name */*aname*/,
+ char **/*str*/);
+
+int
+_hx509_verify_signature (
+ hx509_context /*context*/,
+ const Certificate */*signer*/,
+ const AlgorithmIdentifier */*alg*/,
+ const heim_octet_string */*data*/,
+ const heim_octet_string */*sig*/);
+
+int
+_hx509_verify_signature_bitstring (
+ hx509_context /*context*/,
+ const Certificate */*signer*/,
+ const AlgorithmIdentifier */*alg*/,
+ const heim_octet_string */*data*/,
+ const heim_bit_string */*sig*/);
+
+int
+_hx509_write_file (
+ const char */*fn*/,
+ const void */*data*/,
+ size_t /*length*/);
+
+#endif /* __hx509_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/hx509/hx509-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hx509-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hx509-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1049 @@
+/* This is a generated file */
+#ifndef __hx509_protos_h__
+#define __hx509_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef HX509_LIB_FUNCTION
+#if defined(_WIN32)
+#define HX509_LIB_FUNCTION _stdcall
+#else
+#define HX509_LIB_FUNCTION
+#endif
+#endif
+
+void
+hx509_bitstring_print (
+ const heim_bit_string */*b*/,
+ hx509_vprint_func /*func*/,
+ void */*ctx*/);
+
+int
+hx509_ca_sign (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ hx509_cert /*signer*/,
+ hx509_cert */*certificate*/);
+
+int
+hx509_ca_sign_self (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ hx509_private_key /*signer*/,
+ hx509_cert */*certificate*/);
+
+int
+hx509_ca_tbs_add_crl_dp_uri (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const char */*uri*/,
+ hx509_name /*issuername*/);
+
+int
+hx509_ca_tbs_add_eku (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const heim_oid */*oid*/);
+
+int
+hx509_ca_tbs_add_san_hostname (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const char */*dnsname*/);
+
+int
+hx509_ca_tbs_add_san_jid (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const char */*jid*/);
+
+int
+hx509_ca_tbs_add_san_ms_upn (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const char */*principal*/);
+
+int
+hx509_ca_tbs_add_san_otherName (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const heim_oid */*oid*/,
+ const heim_octet_string */*os*/);
+
+int
+hx509_ca_tbs_add_san_pkinit (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const char */*principal*/);
+
+int
+hx509_ca_tbs_add_san_rfc822name (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const char */*rfc822Name*/);
+
+void
+hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/);
+
+int
+hx509_ca_tbs_init (
+ hx509_context /*context*/,
+ hx509_ca_tbs */*tbs*/);
+
+int
+hx509_ca_tbs_set_ca (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ int /*pathLenConstraint*/);
+
+int
+hx509_ca_tbs_set_domaincontroller (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/);
+
+int
+hx509_ca_tbs_set_notAfter (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ time_t /*t*/);
+
+int
+hx509_ca_tbs_set_notAfter_lifetime (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ time_t /*delta*/);
+
+int
+hx509_ca_tbs_set_notBefore (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ time_t /*t*/);
+
+int
+hx509_ca_tbs_set_proxy (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ int /*pathLenConstraint*/);
+
+int
+hx509_ca_tbs_set_serialnumber (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const heim_integer */*serialNumber*/);
+
+int
+hx509_ca_tbs_set_spki (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ const SubjectPublicKeyInfo */*spki*/);
+
+int
+hx509_ca_tbs_set_subject (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ hx509_name /*subject*/);
+
+int
+hx509_ca_tbs_set_template (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ int /*flags*/,
+ hx509_cert /*cert*/);
+
+int
+hx509_ca_tbs_subject_expand (
+ hx509_context /*context*/,
+ hx509_ca_tbs /*tbs*/,
+ hx509_env /*env*/);
+
+const struct units *
+hx509_ca_tbs_template_units (void);
+
+int
+hx509_cert_binary (
+ hx509_context /*context*/,
+ hx509_cert /*c*/,
+ heim_octet_string */*os*/);
+
+int
+hx509_cert_check_eku (
+ hx509_context /*context*/,
+ hx509_cert /*cert*/,
+ const heim_oid */*eku*/,
+ int /*allow_any_eku*/);
+
+int
+hx509_cert_cmp (
+ hx509_cert /*p*/,
+ hx509_cert /*q*/);
+
+int
+hx509_cert_find_subjectAltName_otherName (
+ hx509_context /*context*/,
+ hx509_cert /*cert*/,
+ const heim_oid */*oid*/,
+ hx509_octet_string_list */*list*/);
+
+void
+hx509_cert_free (hx509_cert /*cert*/);
+
+int
+hx509_cert_get_SPKI (
+ hx509_context /*context*/,
+ hx509_cert /*p*/,
+ SubjectPublicKeyInfo */*spki*/);
+
+int
+hx509_cert_get_SPKI_AlgorithmIdentifier (
+ hx509_context /*context*/,
+ hx509_cert /*p*/,
+ AlgorithmIdentifier */*alg*/);
+
+hx509_cert_attribute
+hx509_cert_get_attribute (
+ hx509_cert /*cert*/,
+ const heim_oid */*oid*/);
+
+int
+hx509_cert_get_base_subject (
+ hx509_context /*context*/,
+ hx509_cert /*c*/,
+ hx509_name */*name*/);
+
+const char *
+hx509_cert_get_friendly_name (hx509_cert /*cert*/);
+
+int
+hx509_cert_get_issuer (
+ hx509_cert /*p*/,
+ hx509_name */*name*/);
+
+time_t
+hx509_cert_get_notAfter (hx509_cert /*p*/);
+
+time_t
+hx509_cert_get_notBefore (hx509_cert /*p*/);
+
+int
+hx509_cert_get_serialnumber (
+ hx509_cert /*p*/,
+ heim_integer */*i*/);
+
+int
+hx509_cert_get_subject (
+ hx509_cert /*p*/,
+ hx509_name */*name*/);
+
+int
+hx509_cert_have_private_key (hx509_cert /*p*/);
+
+int
+hx509_cert_init (
+ hx509_context /*context*/,
+ const Certificate */*c*/,
+ hx509_cert */*cert*/);
+
+int
+hx509_cert_init_data (
+ hx509_context /*context*/,
+ const void */*ptr*/,
+ size_t /*len*/,
+ hx509_cert */*cert*/);
+
+int
+hx509_cert_keyusage_print (
+ hx509_context /*context*/,
+ hx509_cert /*c*/,
+ char **/*s*/);
+
+hx509_cert
+hx509_cert_ref (hx509_cert /*cert*/);
+
+int
+hx509_cert_set_friendly_name (
+ hx509_cert /*cert*/,
+ const char */*name*/);
+
+int
+hx509_certs_add (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_cert /*cert*/);
+
+int
+hx509_certs_append (
+ hx509_context /*context*/,
+ hx509_certs /*to*/,
+ hx509_lock /*lock*/,
+ const char */*name*/);
+
+int
+hx509_certs_end_seq (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_cursor /*cursor*/);
+
+int
+hx509_certs_find (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ const hx509_query */*q*/,
+ hx509_cert */*r*/);
+
+void
+hx509_certs_free (hx509_certs */*certs*/);
+
+int
+hx509_certs_info (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ int (*/*func*/)(void *, const char *),
+ void */*ctx*/);
+
+int
+hx509_certs_init (
+ hx509_context /*context*/,
+ const char */*name*/,
+ int /*flags*/,
+ hx509_lock /*lock*/,
+ hx509_certs */*certs*/);
+
+int
+hx509_certs_iter (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ int (*/*func*/)(hx509_context, void *, hx509_cert),
+ void */*ctx*/);
+
+int
+hx509_certs_merge (
+ hx509_context /*context*/,
+ hx509_certs /*to*/,
+ hx509_certs /*from*/);
+
+int
+hx509_certs_next_cert (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_cursor /*cursor*/,
+ hx509_cert */*cert*/);
+
+int
+hx509_certs_start_seq (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_cursor */*cursor*/);
+
+int
+hx509_certs_store (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ int /*flags*/,
+ hx509_lock /*lock*/);
+
+int
+hx509_ci_print_names (
+ hx509_context /*context*/,
+ void */*ctx*/,
+ hx509_cert /*c*/);
+
+void
+hx509_clear_error_string (hx509_context /*context*/);
+
+int
+hx509_cms_create_signed_1 (
+ hx509_context /*context*/,
+ int /*flags*/,
+ const heim_oid */*eContentType*/,
+ const void */*data*/,
+ size_t /*length*/,
+ const AlgorithmIdentifier */*digest_alg*/,
+ hx509_cert /*cert*/,
+ hx509_peer_info /*peer*/,
+ hx509_certs /*anchors*/,
+ hx509_certs /*pool*/,
+ heim_octet_string */*signed_data*/);
+
+int
+hx509_cms_decrypt_encrypted (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/,
+ const void */*data*/,
+ size_t /*length*/,
+ heim_oid */*contentType*/,
+ heim_octet_string */*content*/);
+
+int
+hx509_cms_envelope_1 (
+ hx509_context /*context*/,
+ int /*flags*/,
+ hx509_cert /*cert*/,
+ const void */*data*/,
+ size_t /*length*/,
+ const heim_oid */*encryption_type*/,
+ const heim_oid */*contentType*/,
+ heim_octet_string */*content*/);
+
+int
+hx509_cms_unenvelope (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ int /*flags*/,
+ const void */*data*/,
+ size_t /*length*/,
+ const heim_octet_string */*encryptedContent*/,
+ heim_oid */*contentType*/,
+ heim_octet_string */*content*/);
+
+int
+hx509_cms_unwrap_ContentInfo (
+ const heim_octet_string */*in*/,
+ heim_oid */*oid*/,
+ heim_octet_string */*out*/,
+ int */*have_data*/);
+
+int
+hx509_cms_verify_signed (
+ hx509_context /*context*/,
+ hx509_verify_ctx /*ctx*/,
+ const void */*data*/,
+ size_t /*length*/,
+ const heim_octet_string */*signedContent*/,
+ hx509_certs /*pool*/,
+ heim_oid */*contentType*/,
+ heim_octet_string */*content*/,
+ hx509_certs */*signer_certs*/);
+
+int
+hx509_cms_wrap_ContentInfo (
+ const heim_oid */*oid*/,
+ const heim_octet_string */*buf*/,
+ heim_octet_string */*res*/);
+
+void
+hx509_context_free (hx509_context */*context*/);
+
+int
+hx509_context_init (hx509_context */*context*/);
+
+void
+hx509_context_set_missing_revoke (
+ hx509_context /*context*/,
+ int /*flag*/);
+
+int
+hx509_crl_add_revoked_certs (
+ hx509_context /*context*/,
+ hx509_crl /*crl*/,
+ hx509_certs /*certs*/);
+
+int
+hx509_crl_alloc (
+ hx509_context /*context*/,
+ hx509_crl */*crl*/);
+
+void
+hx509_crl_free (
+ hx509_context /*context*/,
+ hx509_crl */*crl*/);
+
+int
+hx509_crl_lifetime (
+ hx509_context /*context*/,
+ hx509_crl /*crl*/,
+ int /*delta*/);
+
+int
+hx509_crl_sign (
+ hx509_context /*context*/,
+ hx509_cert /*signer*/,
+ hx509_crl /*crl*/,
+ heim_octet_string */*os*/);
+
+const AlgorithmIdentifier *
+hx509_crypto_aes128_cbc (void);
+
+const AlgorithmIdentifier *
+hx509_crypto_aes256_cbc (void);
+
+int
+hx509_crypto_available (
+ hx509_context /*context*/,
+ int /*type*/,
+ hx509_cert /*source*/,
+ AlgorithmIdentifier **/*val*/,
+ unsigned int */*plen*/);
+
+int
+hx509_crypto_decrypt (
+ hx509_crypto /*crypto*/,
+ const void */*data*/,
+ const size_t /*length*/,
+ heim_octet_string */*ivec*/,
+ heim_octet_string */*clear*/);
+
+const AlgorithmIdentifier *
+hx509_crypto_des_rsdi_ede3_cbc (void);
+
+void
+hx509_crypto_destroy (hx509_crypto /*crypto*/);
+
+int
+hx509_crypto_encrypt (
+ hx509_crypto /*crypto*/,
+ const void */*data*/,
+ const size_t /*length*/,
+ const heim_octet_string */*ivec*/,
+ heim_octet_string **/*ciphertext*/);
+
+const heim_oid *
+hx509_crypto_enctype_by_name (const char */*name*/);
+
+void
+hx509_crypto_free_algs (
+ AlgorithmIdentifier */*val*/,
+ unsigned int /*len*/);
+
+int
+hx509_crypto_get_params (
+ hx509_context /*context*/,
+ hx509_crypto /*crypto*/,
+ const heim_octet_string */*ivec*/,
+ heim_octet_string */*param*/);
+
+int
+hx509_crypto_init (
+ hx509_context /*context*/,
+ const char */*provider*/,
+ const heim_oid */*enctype*/,
+ hx509_crypto */*crypto*/);
+
+const char *
+hx509_crypto_provider (hx509_crypto /*crypto*/);
+
+int
+hx509_crypto_random_iv (
+ hx509_crypto /*crypto*/,
+ heim_octet_string */*ivec*/);
+
+int
+hx509_crypto_select (
+ const hx509_context /*context*/,
+ int /*type*/,
+ const hx509_private_key /*source*/,
+ hx509_peer_info /*peer*/,
+ AlgorithmIdentifier */*selected*/);
+
+int
+hx509_crypto_set_key_data (
+ hx509_crypto /*crypto*/,
+ const void */*data*/,
+ size_t /*length*/);
+
+int
+hx509_crypto_set_key_name (
+ hx509_crypto /*crypto*/,
+ const char */*name*/);
+
+int
+hx509_crypto_set_params (
+ hx509_context /*context*/,
+ hx509_crypto /*crypto*/,
+ const heim_octet_string */*param*/,
+ heim_octet_string */*ivec*/);
+
+int
+hx509_crypto_set_random_key (
+ hx509_crypto /*crypto*/,
+ heim_octet_string */*key*/);
+
+int
+hx509_env_add (
+ hx509_context /*context*/,
+ hx509_env /*env*/,
+ const char */*key*/,
+ const char */*value*/);
+
+void
+hx509_env_free (hx509_env */*env*/);
+
+int
+hx509_env_init (
+ hx509_context /*context*/,
+ hx509_env */*env*/);
+
+const char *
+hx509_env_lfind (
+ hx509_context /*context*/,
+ hx509_env /*env*/,
+ const char */*key*/,
+ size_t /*len*/);
+
+void
+hx509_err (
+ hx509_context /*context*/,
+ int /*exit_code*/,
+ int /*error_code*/,
+ const char */*fmt*/,
+ ...);
+
+void
+hx509_free_error_string (char */*str*/);
+
+void
+hx509_free_octet_string_list (hx509_octet_string_list */*list*/);
+
+int
+hx509_general_name_unparse (
+ GeneralName */*name*/,
+ char **/*str*/);
+
+char *
+hx509_get_error_string (
+ hx509_context /*context*/,
+ int /*error_code*/);
+
+int
+hx509_get_one_cert (
+ hx509_context /*context*/,
+ hx509_certs /*certs*/,
+ hx509_cert */*c*/);
+
+int
+hx509_lock_add_cert (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/,
+ hx509_cert /*cert*/);
+
+int
+hx509_lock_add_certs (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/,
+ hx509_certs /*certs*/);
+
+int
+hx509_lock_add_password (
+ hx509_lock /*lock*/,
+ const char */*password*/);
+
+int
+hx509_lock_command_string (
+ hx509_lock /*lock*/,
+ const char */*string*/);
+
+void
+hx509_lock_free (hx509_lock /*lock*/);
+
+int
+hx509_lock_init (
+ hx509_context /*context*/,
+ hx509_lock */*lock*/);
+
+int
+hx509_lock_prompt (
+ hx509_lock /*lock*/,
+ hx509_prompt */*prompt*/);
+
+void
+hx509_lock_reset_certs (
+ hx509_context /*context*/,
+ hx509_lock /*lock*/);
+
+void
+hx509_lock_reset_passwords (hx509_lock /*lock*/);
+
+void
+hx509_lock_reset_promper (hx509_lock /*lock*/);
+
+int
+hx509_lock_set_prompter (
+ hx509_lock /*lock*/,
+ hx509_prompter_fct /*prompt*/,
+ void */*data*/);
+
+int
+hx509_name_binary (
+ const hx509_name /*name*/,
+ heim_octet_string */*os*/);
+
+int
+hx509_name_cmp (
+ hx509_name /*n1*/,
+ hx509_name /*n2*/);
+
+int
+hx509_name_copy (
+ hx509_context /*context*/,
+ const hx509_name /*from*/,
+ hx509_name */*to*/);
+
+int
+hx509_name_expand (
+ hx509_context /*context*/,
+ hx509_name /*name*/,
+ hx509_env /*env*/);
+
+void
+hx509_name_free (hx509_name */*name*/);
+
+int
+hx509_name_is_null_p (const hx509_name /*name*/);
+
+int
+hx509_name_normalize (
+ hx509_context /*context*/,
+ hx509_name /*name*/);
+
+int
+hx509_name_to_Name (
+ const hx509_name /*from*/,
+ Name */*to*/);
+
+int
+hx509_name_to_string (
+ const hx509_name /*name*/,
+ char **/*str*/);
+
+int
+hx509_ocsp_request (
+ hx509_context /*context*/,
+ hx509_certs /*reqcerts*/,
+ hx509_certs /*pool*/,
+ hx509_cert /*signer*/,
+ const AlgorithmIdentifier */*digest*/,
+ heim_octet_string */*request*/,
+ heim_octet_string */*nonce*/);
+
+int
+hx509_ocsp_verify (
+ hx509_context /*context*/,
+ time_t /*now*/,
+ hx509_cert /*cert*/,
+ int /*flags*/,
+ const void */*data*/,
+ size_t /*length*/,
+ time_t */*expiration*/);
+
+void
+hx509_oid_print (
+ const heim_oid */*oid*/,
+ hx509_vprint_func /*func*/,
+ void */*ctx*/);
+
+int
+hx509_oid_sprint (
+ const heim_oid */*oid*/,
+ char **/*str*/);
+
+int
+hx509_parse_name (
+ hx509_context /*context*/,
+ const char */*str*/,
+ hx509_name */*name*/);
+
+int
+hx509_peer_info_alloc (
+ hx509_context /*context*/,
+ hx509_peer_info */*peer*/);
+
+void
+hx509_peer_info_free (hx509_peer_info /*peer*/);
+
+int
+hx509_peer_info_set_cert (
+ hx509_peer_info /*peer*/,
+ hx509_cert /*cert*/);
+
+int
+hx509_peer_info_set_cms_algs (
+ hx509_context /*context*/,
+ hx509_peer_info /*peer*/,
+ const AlgorithmIdentifier */*val*/,
+ size_t /*len*/);
+
+int
+hx509_pem_add_header (
+ hx509_pem_header **/*headers*/,
+ const char */*header*/,
+ const char */*value*/);
+
+const char *
+hx509_pem_find_header (
+ const hx509_pem_header */*h*/,
+ const char */*header*/);
+
+void
+hx509_pem_free_header (hx509_pem_header */*headers*/);
+
+int
+hx509_pem_read (
+ hx509_context /*context*/,
+ FILE */*f*/,
+ hx509_pem_read_func /*func*/,
+ void */*ctx*/);
+
+int
+hx509_pem_write (
+ hx509_context /*context*/,
+ const char */*type*/,
+ hx509_pem_header */*headers*/,
+ FILE */*f*/,
+ const void */*data*/,
+ size_t /*size*/);
+
+void
+hx509_print_stdout (
+ void */*ctx*/,
+ const char */*fmt*/,
+ va_list /*va*/);
+
+int
+hx509_prompt_hidden (hx509_prompt_type /*type*/);
+
+int
+hx509_query_alloc (
+ hx509_context /*context*/,
+ hx509_query **/*q*/);
+
+void
+hx509_query_free (
+ hx509_context /*context*/,
+ hx509_query */*q*/);
+
+int
+hx509_query_match_cmp_func (
+ hx509_query */*q*/,
+ int (*/*func*/)(void *, hx509_cert),
+ void */*ctx*/);
+
+int
+hx509_query_match_friendly_name (
+ hx509_query */*q*/,
+ const char */*name*/);
+
+int
+hx509_query_match_issuer_serial (
+ hx509_query */*q*/,
+ const Name */*issuer*/,
+ const heim_integer */*serialNumber*/);
+
+void
+hx509_query_match_option (
+ hx509_query */*q*/,
+ hx509_query_option /*option*/);
+
+void
+hx509_query_statistic_file (
+ hx509_context /*context*/,
+ const char */*fn*/);
+
+void
+hx509_query_unparse_stats (
+ hx509_context /*context*/,
+ int /*printtype*/,
+ FILE */*out*/);
+
+int
+hx509_revoke_add_crl (
+ hx509_context /*context*/,
+ hx509_revoke_ctx /*ctx*/,
+ const char */*path*/);
+
+int
+hx509_revoke_add_ocsp (
+ hx509_context /*context*/,
+ hx509_revoke_ctx /*ctx*/,
+ const char */*path*/);
+
+void
+hx509_revoke_free (hx509_revoke_ctx */*ctx*/);
+
+int
+hx509_revoke_init (
+ hx509_context /*context*/,
+ hx509_revoke_ctx */*ctx*/);
+
+int
+hx509_revoke_ocsp_print (
+ hx509_context /*context*/,
+ const char */*path*/,
+ FILE */*out*/);
+
+int
+hx509_revoke_verify (
+ hx509_context /*context*/,
+ hx509_revoke_ctx /*ctx*/,
+ hx509_certs /*certs*/,
+ time_t /*now*/,
+ hx509_cert /*cert*/,
+ hx509_cert /*parent_cert*/);
+
+void
+hx509_set_error_string (
+ hx509_context /*context*/,
+ int /*flags*/,
+ int /*code*/,
+ const char */*fmt*/,
+ ...);
+
+void
+hx509_set_error_stringv (
+ hx509_context /*context*/,
+ int /*flags*/,
+ int /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/);
+
+const AlgorithmIdentifier *
+hx509_signature_md2 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_md5 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_pkcs1_x509 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_md2 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_md5 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha1 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha256 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha384 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_rsa_with_sha512 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_sha1 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_sha256 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_sha384 (void);
+
+const AlgorithmIdentifier *
+hx509_signature_sha512 (void);
+
+int
+hx509_unparse_der_name (
+ const void */*data*/,
+ size_t /*length*/,
+ char **/*str*/);
+
+int
+hx509_validate_cert (
+ hx509_context /*context*/,
+ hx509_validate_ctx /*ctx*/,
+ hx509_cert /*cert*/);
+
+void
+hx509_validate_ctx_add_flags (
+ hx509_validate_ctx /*ctx*/,
+ int /*flags*/);
+
+void
+hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/);
+
+int
+hx509_validate_ctx_init (
+ hx509_context /*context*/,
+ hx509_validate_ctx */*ctx*/);
+
+void
+hx509_validate_ctx_set_print (
+ hx509_validate_ctx /*ctx*/,
+ hx509_vprint_func /*func*/,
+ void */*c*/);
+
+void
+hx509_verify_attach_anchors (
+ hx509_verify_ctx /*ctx*/,
+ hx509_certs /*set*/);
+
+void
+hx509_verify_attach_revoke (
+ hx509_verify_ctx /*ctx*/,
+ hx509_revoke_ctx /*revoke_ctx*/);
+
+void
+hx509_verify_ctx_f_allow_default_trustanchors (
+ hx509_verify_ctx /*ctx*/,
+ int /*boolean*/);
+
+void
+hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/);
+
+int
+hx509_verify_hostname (
+ hx509_context /*context*/,
+ const hx509_cert /*cert*/,
+ int /*flags*/,
+ hx509_hostname_type /*type*/,
+ const char */*hostname*/,
+ const struct sockaddr */*sa*/,
+ int /*sa_size*/);
+
+int
+hx509_verify_init_ctx (
+ hx509_context /*context*/,
+ hx509_verify_ctx */*ctx*/);
+
+int
+hx509_verify_path (
+ hx509_context /*context*/,
+ hx509_verify_ctx /*ctx*/,
+ hx509_cert /*cert*/,
+ hx509_certs /*pool*/);
+
+void
+hx509_verify_set_max_depth (
+ hx509_verify_ctx /*ctx*/,
+ unsigned int /*max_depth*/);
+
+void
+hx509_verify_set_proxy_certificate (
+ hx509_verify_ctx /*ctx*/,
+ int /*boolean*/);
+
+void
+hx509_verify_set_strict_rfc3280_verification (
+ hx509_verify_ctx /*ctx*/,
+ int /*boolean*/);
+
+void
+hx509_verify_set_time (
+ hx509_verify_ctx /*ctx*/,
+ time_t /*t*/);
+
+int
+hx509_verify_signature (
+ hx509_context /*context*/,
+ const hx509_cert /*signer*/,
+ const AlgorithmIdentifier */*alg*/,
+ const heim_octet_string */*data*/,
+ const heim_octet_string */*sig*/);
+
+void
+hx509_xfree (void */*ptr*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __hx509_protos_h__ */
Added: vendor-crypto/heimdal/dist/lib/hx509/hx509.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hx509.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hx509.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hx509.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
+typedef struct hx509_cert_data *hx509_cert;
+typedef struct hx509_certs_data *hx509_certs;
+typedef struct hx509_context_data *hx509_context;
+typedef struct hx509_crypto_data *hx509_crypto;
+typedef struct hx509_lock_data *hx509_lock;
+typedef struct hx509_name_data *hx509_name;
+typedef struct hx509_private_key *hx509_private_key;
+typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
+typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
+typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx;
+typedef struct hx509_query_data hx509_query;
+typedef void * hx509_cursor;
+typedef struct hx509_request_data *hx509_request;
+typedef struct hx509_error_data *hx509_error;
+typedef struct hx509_peer_info *hx509_peer_info;
+typedef struct hx509_ca_tbs *hx509_ca_tbs;
+typedef struct hx509_env *hx509_env;
+typedef struct hx509_crl *hx509_crl;
+
+typedef void (*hx509_vprint_func)(void *, const char *, va_list);
+
+enum {
+ HX509_VHN_F_ALLOW_NO_MATCH = 1
+};
+
+enum {
+ HX509_VALIDATE_F_VALIDATE = 1,
+ HX509_VALIDATE_F_VERBOSE = 2
+};
+
+struct hx509_cert_attribute_data {
+ heim_oid oid;
+ heim_octet_string data;
+};
+
+typedef enum {
+ HX509_PROMPT_TYPE_PASSWORD = 0x1, /* password, hidden */
+ HX509_PROMPT_TYPE_QUESTION = 0x2, /* question, not hidden */
+ HX509_PROMPT_TYPE_INFO = 0x4 /* infomation, reply doesn't matter */
+} hx509_prompt_type;
+
+typedef struct hx509_prompt {
+ const char *prompt;
+ hx509_prompt_type type;
+ heim_octet_string reply;
+} hx509_prompt;
+
+typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *);
+
+typedef struct hx509_octet_string_list {
+ size_t len;
+ heim_octet_string *val;
+} hx509_octet_string_list;
+
+typedef struct hx509_pem_header {
+ struct hx509_pem_header *next;
+ char *header;
+ char *value;
+} hx509_pem_header;
+
+typedef int
+(*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *,
+ const void *, size_t, void *ctx);
+
+/*
+ * Options passed to hx509_query_match_option.
+ */
+typedef enum {
+ HX509_QUERY_OPTION_PRIVATE_KEY = 1,
+ HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2,
+ HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3,
+ HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4,
+ HX509_QUERY_OPTION_END = 0xffff
+} hx509_query_option;
+
+/* flags to hx509_certs_init */
+#define HX509_CERTS_CREATE 0x01
+#define HX509_CERTS_UNPROTECT_ALL 0x02
+
+/* flags to hx509_set_error_string */
+#define HX509_ERROR_APPEND 0x01
+
+/* flags to hx509_cms_unenvelope */
+#define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01
+
+/* selectors passed to hx509_crypto_select and hx509_crypto_available */
+#define HX509_SELECT_ALL 0
+#define HX509_SELECT_DIGEST 1
+#define HX509_SELECT_PUBLIC_SIG 2
+#define HX509_SELECT_PUBLIC_ENC 3
+#define HX509_SELECT_SECRET_ENC 4
+
+/* flags to hx509_ca_tbs_set_template */
+#define HX509_CA_TEMPLATE_SUBJECT 1
+#define HX509_CA_TEMPLATE_SERIAL 2
+#define HX509_CA_TEMPLATE_NOTBEFORE 4
+#define HX509_CA_TEMPLATE_NOTAFTER 8
+#define HX509_CA_TEMPLATE_SPKI 16
+#define HX509_CA_TEMPLATE_KU 32
+#define HX509_CA_TEMPLATE_EKU 64
+
+/* flags hx509_cms_create_signed* */
+#define HX509_CMS_SIGATURE_DETACHED 1
+#define HX509_CMS_SIGATURE_ID_NAME 2
+
+/* hx509_verify_hostname nametype */
+typedef enum {
+ HX509_HN_HOSTNAME = 0,
+ HX509_HN_DNSSRV
+} hx509_hostname_type;
+
+#include <hx509-protos.h>
Added: vendor-crypto/heimdal/dist/lib/hx509/hx509_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hx509_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hx509_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,101 @@
+#
+# Error messages for the hx509 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: hx509_err.et,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $"
+
+error_table hx
+prefix HX509
+
+# path validateion and construction related errors
+error_code BAD_TIMEFORMAT, "ASN.1 failed call to system time library"
+error_code EXTENSION_NOT_FOUND, "Extension not found"
+error_code NO_PATH, "Certification path not found"
+error_code PARENT_NOT_CA, "Parent certificate is not a CA"
+error_code CA_PATH_TOO_DEEP, "CA path too deep"
+error_code SIG_ALG_NO_SUPPORTED, "Signature algorithm not supported"
+error_code SIG_ALG_DONT_MATCH_KEY_ALG, "Signature algorithm doesn't match certificate key"
+error_code CERT_USED_BEFORE_TIME, "Certificate used before it became valid"
+error_code CERT_USED_AFTER_TIME, "Certificate used after it became invalid"
+error_code PRIVATE_KEY_MISSING, "Private key required for the operation is missing"
+error_code ALG_NOT_SUPP, "Algorithm not supported"
+error_code ISSUER_NOT_FOUND, "Issuer couldn't be found"
+error_code VERIFY_CONSTRAINTS, "Error verifing constraints"
+error_code RANGE, "Number too large"
+error_code NAME_CONSTRAINT_ERROR, "Error while verifing name constraints"
+error_code PATH_TOO_LONG, "Path is too long, failed to find valid anchor"
+error_code KU_CERT_MISSING, "Required keyusage for this certificate is missing"
+error_code CERT_NOT_FOUND, "Certificate not found"
+error_code UNKNOWN_LOCK_COMMAND, "Unknown lock command"
+error_code PARENT_IS_CA, "Parent certificate is a CA"
+error_code EXTRA_DATA_AFTER_STRUCTURE, "Extra data was found after the structure"
+error_code PROXY_CERT_INVALID, "Proxy certificate is invalid"
+error_code PROXY_CERT_NAME_WRONG, "Proxy certificate name is wrong"
+error_code NAME_MALFORMED, "Name is malformated"
+error_code CERTIFICATE_MALFORMED, "Certificate is malformated"
+error_code CERTIFICATE_MISSING_EKU, "Certificate is missing a required EKU"
+error_code PROXY_CERTIFICATE_NOT_CANONICALIZED, "Proxy certificate not canonicalize"
+
+# cms related errors
+index 32
+prefix HX509_CMS
+error_code FAILED_CREATE_SIGATURE, "Failed to create signature"
+error_code MISSING_SIGNER_DATA, "Missing signer data"
+error_code SIGNER_NOT_FOUND, "Couldn't find signers certificate"
+error_code NO_DATA_AVAILABLE, "No data to perform the operation on"
+error_code INVALID_DATA, "Data in the message is invalid"
+error_code PADDING_ERROR, "Padding in the message invalid"
+error_code NO_RECIPIENT_CERTIFICATE, "Couldn't find recipient certificate"
+error_code DATA_OID_MISMATCH, "Mismatch bewteen signed type and unsigned type"
+
+# crypto related errors
+index 64
+prefix HX509_CRYPTO
+error_code INTERNAL_ERROR, "Internal error in the crypto engine"
+error_code EXTERNAL_ERROR, "External error in the crypto engine"
+error_code SIGNATURE_MISSING, "Signature missing for data"
+error_code BAD_SIGNATURE, "Signature is not valid"
+error_code SIG_NO_CONF, "Sigature doesn't provide confidentiality"
+error_code SIG_INVALID_FORMAT, "Invalid format on signature"
+error_code OID_MISMATCH, "Mismatch bewteen oids"
+error_code NO_PROMPTER, "No prompter function defined"
+error_code SIGNATURE_WITHOUT_SIGNER, "Signature require signer, but non available"
+error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed"
+error_code RSA_PRIVATE_ENCRYPT, "RSA public encyption failed"
+error_code RSA_PUBLIC_DECRYPT, "RSA private decryption failed"
+error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed"
+
+# revoke related errors
+index 96
+prefix HX509
+error_code CRL_USED_BEFORE_TIME, "CRL used before it became valid"
+error_code CRL_USED_AFTER_TIME, "CRL used after it became invalid"
+error_code CRL_INVALID_FORMAT, "CRL have invalid format"
+error_code CERT_REVOKED, "Certificate is revoked"
+error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates"
+error_code CRL_UNKNOWN_EXTENSION, "Unknown extension"
+error_code REVOKE_WRONG_DATA, "Got wrong CRL/OCSP data from server"
+error_code REVOKE_NOT_SAME_PARENT, "Doesn't have same parent as other certificates"
+error_code CERT_NOT_IN_OCSP, "Certificates not in OCSP reply"
+
+# misc error
+index 108
+error_code LOCAL_ATTRIBUTE_MISSING, "No local key attribute"
+error_code PARSING_KEY_FAILED, "Failed to parse key"
+error_code UNSUPPORTED_OPERATION, "Unsupported operation"
+error_code UNIMPLEMENTED_OPERATION, "Unimplemented operation"
+error_code PARSING_NAME_FAILED, "Failed to parse name"
+
+# keystore related error
+index 128
+prefix HX509_PKCS11
+error_code NO_SLOT, "No smartcard reader/device found"
+error_code NO_TOKEN, "No smartcard in reader"
+error_code NO_MECH, "No supported mech(s)"
+error_code TOKEN_CONFUSED, "Token or slot failed in inconsistent way"
+error_code OPEN_SESSION, "Failed to open session to slot"
+error_code LOGIN, "Failed to login to slot"
+error_code LOAD, "Failed to load PKCS module"
+
+end
Added: vendor-crypto/heimdal/dist/lib/hx509/hx_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hx_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hx_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 2004 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hx_locl.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <strings.h>
+#include <assert.h>
+#include <stdarg.h>
+#include <err.h>
+#include <getarg.h>
+#include <base64.h>
+#include <hex.h>
+#include <roken.h>
+#include <com_err.h>
+#include <parse_units.h>
+#include <parse_bytes.h>
+
+#include <krb5-types.h>
+
+#include <rfc2459_asn1.h>
+#include <cms_asn1.h>
+#include <pkcs8_asn1.h>
+#include <pkcs9_asn1.h>
+#include <pkcs12_asn1.h>
+#include <ocsp_asn1.h>
+#include <pkcs10_asn1.h>
+#include <asn1_err.h>
+#include <pkinit_asn1.h>
+
+#include <der.h>
+
+#include "crypto-headers.h"
+
+struct hx509_keyset_ops;
+struct hx509_collector;
+struct hx509_generate_private_context;
+typedef struct hx509_path hx509_path;
+
+#include <hx509.h>
+
+typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *);
+
+typedef struct hx509_private_key_ops hx509_private_key_ops;
+
+#include <hx509-private.h>
+#include <hx509_err.h>
+
+struct hx509_peer_info {
+ hx509_cert cert;
+ AlgorithmIdentifier *val;
+ size_t len;
+};
+
+#define HX509_CERTS_FIND_SERIALNUMBER 1
+#define HX509_CERTS_FIND_ISSUER 2
+#define HX509_CERTS_FIND_SUBJECT 4
+#define HX509_CERTS_FIND_ISSUER_KEY_ID 8
+#define HX509_CERTS_FIND_SUBJECT_KEY_ID 16
+
+struct hx509_name_data {
+ Name der_name;
+};
+
+struct hx509_path {
+ size_t len;
+ hx509_cert *val;
+};
+
+struct hx509_query_data {
+ int match;
+#define HX509_QUERY_FIND_ISSUER_CERT 0x000001
+#define HX509_QUERY_MATCH_SERIALNUMBER 0x000002
+#define HX509_QUERY_MATCH_ISSUER_NAME 0x000004
+#define HX509_QUERY_MATCH_SUBJECT_NAME 0x000008
+#define HX509_QUERY_MATCH_SUBJECT_KEY_ID 0x000010
+#define HX509_QUERY_MATCH_ISSUER_ID 0x000020
+#define HX509_QUERY_PRIVATE_KEY 0x000040
+#define HX509_QUERY_KU_ENCIPHERMENT 0x000080
+#define HX509_QUERY_KU_DIGITALSIGNATURE 0x000100
+#define HX509_QUERY_KU_KEYCERTSIGN 0x000200
+#define HX509_QUERY_KU_CRLSIGN 0x000400
+#define HX509_QUERY_KU_NONREPUDIATION 0x000800
+#define HX509_QUERY_KU_KEYAGREEMENT 0x001000
+#define HX509_QUERY_KU_DATAENCIPHERMENT 0x002000
+#define HX509_QUERY_ANCHOR 0x004000
+#define HX509_QUERY_MATCH_CERTIFICATE 0x008000
+#define HX509_QUERY_MATCH_LOCAL_KEY_ID 0x010000
+#define HX509_QUERY_NO_MATCH_PATH 0x020000
+#define HX509_QUERY_MATCH_FRIENDLY_NAME 0x040000
+#define HX509_QUERY_MATCH_FUNCTION 0x080000
+#define HX509_QUERY_MATCH_KEY_HASH_SHA1 0x100000
+#define HX509_QUERY_MATCH_TIME 0x200000
+#define HX509_QUERY_MASK 0x3fffff
+ Certificate *subject;
+ Certificate *certificate;
+ heim_integer *serial;
+ heim_octet_string *subject_id;
+ heim_octet_string *local_key_id;
+ Name *issuer_name;
+ Name *subject_name;
+ hx509_path *path;
+ char *friendlyname;
+ int (*cmp_func)(void *, hx509_cert);
+ void *cmp_func_ctx;
+ heim_octet_string *keyhash_sha1;
+ time_t timenow;
+};
+
+struct hx509_keyset_ops {
+ const char *name;
+ int flags;
+ int (*init)(hx509_context, hx509_certs, void **,
+ int, const char *, hx509_lock);
+ int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock);
+ int (*free)(hx509_certs, void *);
+ int (*add)(hx509_context, hx509_certs, void *, hx509_cert);
+ int (*query)(hx509_context, hx509_certs, void *,
+ const hx509_query *, hx509_cert *);
+ int (*iter_start)(hx509_context, hx509_certs, void *, void **);
+ int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);
+ int (*iter_end)(hx509_context, hx509_certs, void *, void *);
+ int (*printinfo)(hx509_context, hx509_certs,
+ void *, int (*)(void *, const char *), void *);
+ int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **);
+ int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key);
+};
+
+struct _hx509_password {
+ size_t len;
+ char **val;
+};
+
+extern hx509_lock _hx509_empty_lock;
+
+struct hx509_context_data {
+ struct hx509_keyset_ops **ks_ops;
+ int ks_num_ops;
+ int flags;
+#define HX509_CTX_VERIFY_MISSING_OK 1
+ int ocsp_time_diff;
+#define HX509_DEFAULT_OCSP_TIME_DIFF (5*60)
+ hx509_error error;
+ struct et_list *et_list;
+ char *querystat;
+ hx509_certs default_trust_anchors;
+};
+
+/* _hx509_calculate_path flag field */
+#define HX509_CALCULATE_PATH_NO_ANCHOR 1
+
+extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg;
+extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg;
+extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg;
+
+/*
+ * Configurable options
+ */
+
+#ifdef __APPLE__
+#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system-anchors"
+#endif
Added: vendor-crypto/heimdal/dist/lib/hx509/hxtool-commands.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hxtool-commands.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hxtool-commands.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,707 @@
+/*
+ * Copyright (c) 2005 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: hxtool-commands.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+command = {
+ name = "cms-create-sd"
+ option = {
+ long = "certificate"
+ short = "c"
+ type = "strings"
+ argument = "certificate-store"
+ help = "certificate stores to pull certificates from"
+ }
+ option = {
+ long = "signer"
+ short = "s"
+ type = "string"
+ argument = "signer-friendly-name"
+ help = "certificate to sign with"
+ }
+ option = {
+ long = "anchors"
+ type = "strings"
+ argument = "certificate-store"
+ help = "trust anchors"
+ }
+ option = {
+ long = "pool"
+ type = "strings"
+ argument = "certificate-pool"
+ help = "certificate store to pull certificates from"
+ }
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "peer-alg"
+ type = "strings"
+ argument = "oid"
+ help = "oid that the peer support"
+ }
+ option = {
+ long = "content-type"
+ type = "string"
+ argument = "oid"
+ help = "content type oid"
+ }
+ option = {
+ long = "content-info"
+ type = "flag"
+ help = "wrapped out-data in a ContentInfo"
+ }
+ option = {
+ long = "pem"
+ type = "flag"
+ help = "wrap out-data in PEM armor"
+ }
+ option = {
+ long = "detached-signature"
+ type = "flag"
+ help = "create a detached signature"
+ }
+ option = {
+ long = "id-by-name"
+ type = "flag"
+ help = "use subject name for CMS Identifier"
+ }
+ min_args="2"
+ max_args="2"
+ argument="in-file out-file"
+ help = "Wrap a file within a SignedData object"
+}
+command = {
+ name = "cms-verify-sd"
+ option = {
+ long = "anchors"
+ type = "strings"
+ argument = "certificate-store"
+ help = "trust anchors"
+ }
+ option = {
+ long = "certificate"
+ short = "c"
+ type = "strings"
+ argument = "certificate-store"
+ help = "certificate store to pull certificates from"
+ }
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "missing-revoke"
+ type = "flag"
+ help = "missing CRL/OCSP is ok"
+ }
+ option = {
+ long = "content-info"
+ type = "flag"
+ help = "unwrap in-data that's in a ContentInfo"
+ }
+ option = {
+ long = "signed-content"
+ type = "string"
+ help = "file containing content"
+ }
+ min_args="2"
+ max_args="2"
+ argument="in-file out-file"
+ help = "Verify a file within a SignedData object"
+}
+command = {
+ name = "cms-unenvelope"
+ option = {
+ long = "certificate"
+ short = "c"
+ type = "strings"
+ argument = "certificate-store"
+ help = "certificate used to decrypt the data"
+ }
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "content-info"
+ type = "flag"
+ help = "wrapped out-data in a ContentInfo"
+ }
+ min_args="2"
+ argument="in-file out-file"
+ help = "Unenvelope a file containing a EnvelopedData object"
+}
+command = {
+ name = "cms-envelope"
+ function = "cms_create_enveloped"
+ option = {
+ long = "certificate"
+ short = "c"
+ type = "strings"
+ argument = "certificate-store"
+ help = "certificates used to receive the data"
+ }
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "encryption-type"
+ type = "string"
+ argument = "enctype"
+ help = "enctype"
+ }
+ option = {
+ long = "content-type"
+ type = "string"
+ argument = "oid"
+ help = "content type oid"
+ }
+ option = {
+ long = "content-info"
+ type = "flag"
+ help = "wrapped out-data in a ContentInfo"
+ }
+ min_args="2"
+ argument="in-file out-file"
+ help = "Envelope a file containing a EnvelopedData object"
+}
+command = {
+ name = "verify"
+ function = "pcert_verify"
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "allow-proxy-certificate"
+ type = "flag"
+ help = "allow proxy certificates"
+ }
+ option = {
+ long = "missing-revoke"
+ type = "flag"
+ help = "missing CRL/OCSP is ok"
+ }
+ option = {
+ long = "time"
+ type = "string"
+ help = "time when to validate the chain"
+ }
+ option = {
+ long = "verbose"
+ short = "v"
+ type = "flag"
+ help = "verbose logging"
+ }
+ option = {
+ long = "max-depth"
+ type = "integer"
+ help = "maximum search length of certificate trust anchor"
+ }
+ option = {
+ long = "hostname"
+ type = "string"
+ help = "match hostname to certificate"
+ }
+ argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
+ help = "Verify certificate chain"
+}
+command = {
+ name = "print"
+ function = "pcert_print"
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "content"
+ type = "flag"
+ help = "print the content of the certificates"
+ }
+ option = {
+ long = "info"
+ type = "flag"
+ help = "print the information about the certificate store"
+ }
+ min_args="1"
+ argument="certificate ..."
+ help = "Print certificates"
+}
+command = {
+ name = "validate"
+ function = "pcert_validate"
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ min_args="1"
+ argument="certificate ..."
+ help = "Validate content of certificates"
+}
+command = {
+ name = "certificate-copy"
+ name = "cc"
+ option = {
+ long = "in-pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "out-pass"
+ type = "string"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ min_args="2"
+ argument="in-certificates-1 ... out-certificate"
+ help = "Copy in certificates stores into out certificate store"
+}
+command = {
+ name = "ocsp-fetch"
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "sign"
+ type = "string"
+ argument = "certificate"
+ help = "certificate use to sign the request"
+ }
+ option = {
+ long = "url-path"
+ type = "string"
+ argument = "url"
+ help = "part after host in url to put in the request"
+ }
+ option = {
+ long = "nonce"
+ type = "-flag"
+ default = "1"
+ help = "don't include nonce in request"
+ }
+ option = {
+ long = "pool"
+ type = "strings"
+ argument = "certificate-store"
+ help = "pool to find parent certificate in"
+ }
+ min_args="2"
+ argument="outfile certs ..."
+ help = "Fetch OCSP responses for the following certs"
+}
+command = {
+ option = {
+ long = "ocsp-file"
+ type = "string"
+ help = "OCSP file"
+ }
+ name = "ocsp-verify"
+ min_args="1"
+ argument="certificates ..."
+ help = "Check that certificates are in OCSP file and valid"
+}
+command = {
+ name = "ocsp-print"
+ option = {
+ long = "verbose"
+ type = "flag"
+ help = "verbose"
+ }
+ min_args="1"
+ argument="ocsp-response-file ..."
+ help = "Print the OCSP responses"
+}
+command = {
+ name = "request-create"
+ option = {
+ long = "subject"
+ type = "string"
+ help = "Subject DN"
+ }
+ option = {
+ long = "email"
+ type = "strings"
+ help = "Email address in SubjectAltName"
+ }
+ option = {
+ long = "dnsname"
+ type = "strings"
+ help = "Hostname or domainname in SubjectAltName"
+ }
+ option = {
+ long = "type"
+ type = "string"
+ help = "Type of request CRMF or PKCS10, defaults to PKCS10"
+ }
+ option = {
+ long = "key"
+ type = "string"
+ help = "Key-pair"
+ }
+ option = {
+ long = "generate-key"
+ type = "string"
+ help = "keytype"
+ }
+ option = {
+ long = "key-bits"
+ type = "integer"
+ help = "number of bits in the generated key";
+ }
+ option = {
+ long = "verbose"
+ type = "flag"
+ help = "verbose status"
+ }
+ min_args="1"
+ max_args="1"
+ argument="output-file"
+ help = "Create a CRMF or PKCS10 request"
+}
+command = {
+ name = "request-print"
+ option = {
+ long = "verbose"
+ type = "flag"
+ help = "verbose printing"
+ }
+ min_args="1"
+ argument="requests ..."
+ help = "Print requests"
+}
+command = {
+ name = "query"
+ option = {
+ long = "exact"
+ type = "flag"
+ help = "exact match"
+ }
+ option = {
+ long = "private-key"
+ type = "flag"
+ help = "search for private key"
+ }
+ option = {
+ long = "friendlyname"
+ type = "string"
+ argument = "name"
+ help = "match on friendly name"
+ }
+ option = {
+ long = "keyEncipherment"
+ type = "flag"
+ help = "match keyEncipherment certificates"
+ }
+ option = {
+ long = "digitalSignature"
+ type = "flag"
+ help = "match digitalSignature certificates"
+ }
+ option = {
+ long = "print"
+ type = "flag"
+ help = "print matches"
+ }
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ min_args="1"
+ argument="certificates ..."
+ help = "Query the certificates for a match"
+}
+command = {
+ name = "info"
+}
+command = {
+ name = "random-data"
+ min_args="1"
+ argument="bytes"
+ help = "Generates random bytes and prints them to standard output"
+}
+command = {
+ option = {
+ long = "type"
+ type = "string"
+ help = "type of CMS algorithm"
+ }
+ name = "crypto-available"
+ min_args="0"
+ help = "Print available CMS crypto types"
+}
+command = {
+ option = {
+ long = "type"
+ type = "string"
+ help = "type of CMS algorithm"
+ }
+ option = {
+ long = "certificate"
+ type = "string"
+ help = "source certificate limiting the choices"
+ }
+ option = {
+ long = "peer-cmstype"
+ type = "strings"
+ help = "peer limiting cmstypes"
+ }
+ name = "crypto-select"
+ min_args="0"
+ help = "Print selected CMS type"
+}
+command = {
+ option = {
+ long = "decode"
+ short = "d"
+ type = "flag"
+ help = "decode instead of encode"
+ }
+ name = "hex"
+ function = "hxtool_hex"
+ min_args="0"
+ help = "Encode input to hex"
+}
+command = {
+ option = {
+ long = "issue-ca"
+ type = "flag"
+ help = "Issue a CA certificate"
+ }
+ option = {
+ long = "issue-proxy"
+ type = "flag"
+ help = "Issue a proxy certificate"
+ }
+ option = {
+ long = "domain-controller"
+ type = "flag"
+ help = "Issue a MS domaincontroller certificate"
+ }
+ option = {
+ long = "subject"
+ type = "string"
+ help = "Subject of issued certificate"
+ }
+ option = {
+ long = "ca-certificate"
+ type = "string"
+ help = "Issuing CA certificate"
+ }
+ option = {
+ long = "self-signed"
+ type = "flag"
+ help = "Issuing a self-signed certificate"
+ }
+ option = {
+ long = "ca-private-key"
+ type = "string"
+ help = "Private key for self-signed certificate"
+ }
+ option = {
+ long = "certificate"
+ type = "string"
+ help = "Issued certificate"
+ }
+ option = {
+ long = "type"
+ type = "strings"
+ help = "Type of certificate to issue"
+ }
+ option = {
+ long = "lifetime"
+ type = "string"
+ help = "Lifetime of certificate"
+ }
+ option = {
+ long = "serial-number"
+ type = "string"
+ help = "serial-number of certificate"
+ }
+ option = {
+ long = "path-length"
+ default = "-1"
+ type = "integer"
+ help = "Maximum path length (CA and proxy certificates), -1 no limit"
+ }
+ option = {
+ long = "hostname"
+ type = "strings"
+ help = "DNS names this certificate is allowed to serve"
+ }
+ option = {
+ long = "email"
+ type = "strings"
+ help = "email addresses assigned to this certificate"
+ }
+ option = {
+ long = "pk-init-principal"
+ type = "string"
+ help = "PK-INIT principal (for SAN)"
+ }
+ option = {
+ long = "ms-upn"
+ type = "string"
+ help = "Microsoft UPN (for SAN)"
+ }
+ option = {
+ long = "jid"
+ type = "string"
+ help = "XMPP jabber id (for SAN)"
+ }
+ option = {
+ long = "req"
+ type = "string"
+ help = "certificate request"
+ }
+ option = {
+ long = "certificate-private-key"
+ type = "string"
+ help = "private-key"
+ }
+ option = {
+ long = "generate-key"
+ type = "string"
+ help = "keytype"
+ }
+ option = {
+ long = "key-bits"
+ type = "integer"
+ help = "number of bits in the generated key"
+ }
+ option = {
+ long = "crl-uri"
+ type = "string"
+ help = "URI to CRL"
+ }
+ option = {
+ long = "template-certificate"
+ type = "string"
+ help = "certificate"
+ }
+ option = {
+ long = "template-fields"
+ type = "string"
+ help = "flag"
+ }
+ name = "certificate-sign"
+ name = "cert-sign"
+ name = "issue-certificate"
+ name = "ca"
+ function = "hxtool_ca"
+ min_args="0"
+ help = "Issue a certificate"
+}
+command = {
+ name = "test-crypto"
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "verbose"
+ type = "flag"
+ help = "verbose printing"
+ }
+ min_args="1"
+ argument="certificates..."
+ help = "Test crypto system related to the certificates"
+}
+command = {
+ option = {
+ long = "type"
+ type = "integer"
+ help = "type of statistics"
+ }
+ name = "statistic-print"
+ min_args="0"
+ help = "Print statistics"
+}
+command = {
+ option = {
+ long = "signer"
+ type = "string"
+ help = "signer certificate"
+ }
+ option = {
+ long = "pass"
+ type = "strings"
+ argument = "password"
+ help = "password, prompter, or environment"
+ }
+ option = {
+ long = "crl-file"
+ type = "string"
+ help = "CRL output file"
+ }
+ option = {
+ long = "lifetime"
+ type = "string"
+ help = "time the crl will be valid"
+ }
+ name = "crl-sign"
+ min_args="0"
+ argument="certificates..."
+ help = "Create a CRL"
+}
+command = {
+ name = "help"
+ name = "?"
+ argument = "[command]"
+ min_args = "0"
+ max_args = "1"
+ help = "Help! I need somebody"
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/hxtool.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/hxtool.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/hxtool.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1986 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: hxtool.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+#include <hxtool-commands.h>
+#include <sl.h>
+#include <parse_time.h>
+
+static hx509_context context;
+
+static char *stat_file_string;
+static int version_flag;
+static int help_flag;
+
+struct getargs args[] = {
+ { "statistic-file", 0, arg_string, &stat_file_string },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "command");
+ printf("Use \"%s help\" to get more help\n", getprogname());
+ exit(code);
+}
+
+/*
+ *
+ */
+
+static void
+lock_strings(hx509_lock lock, getarg_strings *pass)
+{
+ int i;
+ for (i = 0; i < pass->num_strings; i++) {
+ int ret = hx509_lock_command_string(lock, pass->strings[i]);
+ if (ret)
+ errx(1, "hx509_lock_command_string: %s: %d",
+ pass->strings[i], ret);
+ }
+}
+
+/*
+ *
+ */
+
+static void
+certs_strings(hx509_context context, const char *type, hx509_certs certs,
+ hx509_lock lock, const getarg_strings *s)
+{
+ int i, ret;
+
+ for (i = 0; i < s->num_strings; i++) {
+ ret = hx509_certs_append(context, certs, lock, s->strings[i]);
+ if (ret)
+ hx509_err(context, 1, ret,
+ "hx509_certs_append: %s %s", type, s->strings[i]);
+ }
+}
+
+/*
+ *
+ */
+
+static void
+parse_oid(const char *str, const heim_oid *def, heim_oid *oid)
+{
+ int ret;
+ if (str)
+ ret = der_parse_heim_oid (str, " .", oid);
+ else
+ ret = der_copy_oid(def, oid);
+ if (ret)
+ errx(1, "parse_oid failed for: %s", str ? str : "default oid");
+}
+
+/*
+ *
+ */
+
+static void
+peer_strings(hx509_context context,
+ hx509_peer_info *peer,
+ const getarg_strings *s)
+{
+ AlgorithmIdentifier *val;
+ int ret, i;
+
+ ret = hx509_peer_info_alloc(context, peer);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_peer_info_alloc");
+
+ val = calloc(s->num_strings, sizeof(*val));
+ if (val == NULL)
+ err(1, "malloc");
+
+ for (i = 0; i < s->num_strings; i++)
+ parse_oid(s->strings[i], NULL, &val[i].algorithm);
+
+ ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs");
+
+ for (i = 0; i < s->num_strings; i++)
+ free_AlgorithmIdentifier(&val[i]);
+ free(val);
+}
+
+/*
+ *
+ */
+
+int
+cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
+{
+ hx509_verify_ctx ctx = NULL;
+ heim_oid type;
+ heim_octet_string c, co, signeddata, *sd = NULL;
+ hx509_certs store = NULL;
+ hx509_certs signers = NULL;
+ hx509_certs anchors = NULL;
+ hx509_lock lock;
+ int ret;
+
+ size_t sz;
+ void *p;
+
+ if (opt->missing_revoke_flag)
+ hx509_context_set_missing_revoke(context, 1);
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = _hx509_map_file(argv[0], &p, &sz, NULL);
+ if (ret)
+ err(1, "map_file: %s: %d", argv[0], ret);
+
+ if (opt->signed_content_string) {
+ ret = _hx509_map_file_os(opt->signed_content_string, &signeddata, NULL);
+ if (ret)
+ err(1, "map_file: %s: %d", opt->signed_content_string, ret);
+ sd = &signeddata;
+ }
+
+ ret = hx509_verify_init_ctx(context, &ctx);
+
+ ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
+ ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
+
+ certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
+ certs_strings(context, "store", store, lock, &opt->certificate_strings);
+
+ co.data = p;
+ co.length = sz;
+
+ if (opt->content_info_flag) {
+ heim_octet_string uwco;
+ heim_oid oid;
+
+ ret = hx509_cms_unwrap_ContentInfo(&co, &oid, &uwco, NULL);
+ if (ret)
+ errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret);
+
+ if (der_heim_oid_cmp(&oid, oid_id_pkcs7_signedData()) != 0)
+ errx(1, "Content is not SignedData");
+ der_free_oid(&oid);
+
+ co = uwco;
+ }
+
+ hx509_verify_attach_anchors(ctx, anchors);
+
+ ret = hx509_cms_verify_signed(context, ctx, co.data, co.length, sd,
+ store, &type, &c, &signers);
+ if (co.data != p)
+ der_free_octet_string(&co);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_cms_verify_signed");
+
+ {
+ char *str;
+ der_print_heim_oid(&type, '.', &str);
+ printf("type: %s\n", str);
+ free(str);
+ der_free_oid(&type);
+ }
+ printf("signers:\n");
+ hx509_certs_iter(context, signers, hx509_ci_print_names, stdout);
+
+ hx509_verify_destroy_ctx(ctx);
+
+ hx509_certs_free(&store);
+ hx509_certs_free(&signers);
+ hx509_certs_free(&anchors);
+
+ hx509_lock_free(lock);
+
+ ret = _hx509_write_file(argv[1], c.data, c.length);
+ if (ret)
+ errx(1, "hx509_write_file: %d", ret);
+
+ der_free_octet_string(&c);
+ _hx509_unmap_file(p, sz);
+ if (sd)
+ _hx509_unmap_file_os(sd);
+
+ return 0;
+}
+
+int
+cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
+{
+ heim_oid contentType;
+ hx509_peer_info peer = NULL;
+ heim_octet_string o;
+ hx509_query *q;
+ hx509_lock lock;
+ hx509_certs store, pool, anchors;
+ hx509_cert cert;
+ size_t sz;
+ void *p;
+ int ret, flags = 0;
+ char *signer_name = NULL;
+
+ memset(&contentType, 0, sizeof(contentType));
+
+ if (argc < 2)
+ errx(1, "argc < 2");
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store);
+ ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool);
+
+ certs_strings(context, "store", store, lock, &opt->certificate_strings);
+ certs_strings(context, "pool", pool, lock, &opt->pool_strings);
+
+ if (opt->anchors_strings.num_strings) {
+ ret = hx509_certs_init(context, "MEMORY:cert-anchors",
+ 0, NULL, &anchors);
+ certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings);
+ } else
+ anchors = NULL;
+
+ if (opt->detached_signature_flag)
+ flags |= HX509_CMS_SIGATURE_DETACHED;
+ if (opt->id_by_name_flag)
+ flags |= HX509_CMS_SIGATURE_ID_NAME;
+
+ ret = hx509_query_alloc(context, &q);
+ if (ret)
+ errx(1, "hx509_query_alloc: %d", ret);
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ if (opt->signer_string)
+ hx509_query_match_friendly_name(q, opt->signer_string);
+
+ ret = hx509_certs_find(context, store, q, &cert);
+ hx509_query_free(context, q);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_find");
+
+ ret = _hx509_map_file(argv[0], &p, &sz, NULL);
+ if (ret)
+ err(1, "map_file: %s: %d", argv[0], ret);
+
+ if (opt->peer_alg_strings.num_strings)
+ peer_strings(context, &peer, &opt->peer_alg_strings);
+
+ parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
+
+ ret = hx509_cms_create_signed_1(context,
+ flags,
+ &contentType,
+ p,
+ sz,
+ NULL,
+ cert,
+ peer,
+ anchors,
+ pool,
+ &o);
+ if (ret)
+ errx(1, "hx509_cms_create_signed: %d", ret);
+
+ {
+ hx509_name name;
+
+ ret = hx509_cert_get_subject(cert, &name);
+ if (ret)
+ errx(1, "hx509_cert_get_subject");
+
+ ret = hx509_name_to_string(name, &signer_name);
+ hx509_name_free(&name);
+ if (ret)
+ errx(1, "hx509_name_to_string");
+ }
+
+
+ hx509_certs_free(&anchors);
+ hx509_certs_free(&pool);
+ hx509_cert_free(cert);
+ hx509_certs_free(&store);
+ _hx509_unmap_file(p, sz);
+ hx509_lock_free(lock);
+ hx509_peer_info_free(peer);
+ der_free_oid(&contentType);
+
+ if (opt->content_info_flag) {
+ heim_octet_string wo;
+
+ ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &o, &wo);
+ if (ret)
+ errx(1, "hx509_cms_wrap_ContentInfo: %d", ret);
+
+ der_free_octet_string(&o);
+ o = wo;
+ }
+
+ if (opt->pem_flag) {
+ hx509_pem_header *header = NULL;
+ FILE *f;
+
+ hx509_pem_add_header(&header, "Content-disposition",
+ opt->detached_signature_flag ? "detached" : "inline");
+ hx509_pem_add_header(&header, "Signer", signer_name);
+
+ f = fopen(argv[1], "w");
+ if (f == NULL)
+ err(1, "open %s", argv[1]);
+
+ ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f,
+ o.data, o.length);
+ fclose(f);
+ hx509_pem_free_header(header);
+ if (ret)
+ errx(1, "hx509_pem_write: %d", ret);
+
+ } else {
+ ret = _hx509_write_file(argv[1], o.data, o.length);
+ if (ret)
+ errx(1, "hx509_write_file: %d", ret);
+ }
+
+ free(signer_name);
+ free(o.data);
+
+ return 0;
+}
+
+int
+cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv)
+{
+ heim_oid contentType = { 0, NULL };
+ heim_octet_string o, co;
+ hx509_certs certs;
+ size_t sz;
+ void *p;
+ int ret;
+ hx509_lock lock;
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = _hx509_map_file(argv[0], &p, &sz, NULL);
+ if (ret)
+ err(1, "map_file: %s: %d", argv[0], ret);
+
+ co.data = p;
+ co.length = sz;
+
+ if (opt->content_info_flag) {
+ heim_octet_string uwco;
+ heim_oid oid;
+
+ ret = hx509_cms_unwrap_ContentInfo(&co, &oid, &uwco, NULL);
+ if (ret)
+ errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret);
+
+ if (der_heim_oid_cmp(&oid, oid_id_pkcs7_envelopedData()) != 0)
+ errx(1, "Content is not SignedData");
+ der_free_oid(&oid);
+
+ co = uwco;
+ }
+
+ ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
+ if (ret)
+ errx(1, "hx509_certs_init: MEMORY: %d", ret);
+
+ certs_strings(context, "store", certs, lock, &opt->certificate_strings);
+
+ ret = hx509_cms_unenvelope(context, certs, 0, co.data, co.length,
+ NULL, &contentType, &o);
+ if (co.data != p)
+ der_free_octet_string(&co);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_cms_unenvelope");
+
+ _hx509_unmap_file(p, sz);
+ hx509_lock_free(lock);
+ hx509_certs_free(&certs);
+ der_free_oid(&contentType);
+
+ ret = _hx509_write_file(argv[1], o.data, o.length);
+ if (ret)
+ errx(1, "hx509_write_file: %d", ret);
+
+ der_free_octet_string(&o);
+
+ return 0;
+}
+
+int
+cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
+{
+ heim_oid contentType;
+ heim_octet_string o;
+ const heim_oid *enctype = NULL;
+ hx509_query *q;
+ hx509_certs certs;
+ hx509_cert cert;
+ int ret;
+ size_t sz;
+ void *p;
+ hx509_lock lock;
+
+ memset(&contentType, 0, sizeof(contentType));
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = _hx509_map_file(argv[0], &p, &sz, NULL);
+ if (ret)
+ err(1, "map_file: %s: %d", argv[0], ret);
+
+ ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
+
+ certs_strings(context, "store", certs, lock, &opt->certificate_strings);
+
+ if (opt->encryption_type_string) {
+ enctype = hx509_crypto_enctype_by_name(opt->encryption_type_string);
+ if (enctype == NULL)
+ errx(1, "encryption type: %s no found",
+ opt->encryption_type_string);
+ }
+
+ ret = hx509_query_alloc(context, &q);
+ if (ret)
+ errx(1, "hx509_query_alloc: %d", ret);
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_ENCIPHERMENT);
+
+ ret = hx509_certs_find(context, certs, q, &cert);
+ hx509_query_free(context, q);
+ if (ret)
+ errx(1, "hx509_certs_find: %d", ret);
+
+ parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType);
+
+ ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype,
+ &contentType, &o);
+ if (ret)
+ errx(1, "hx509_cms_envelope_1: %d", ret);
+
+ hx509_cert_free(cert);
+ hx509_certs_free(&certs);
+ _hx509_unmap_file(p, sz);
+ der_free_oid(&contentType);
+
+ if (opt->content_info_flag) {
+ heim_octet_string wo;
+
+ ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_envelopedData(), &o, &wo);
+ if (ret)
+ errx(1, "hx509_cms_wrap_ContentInfo: %d", ret);
+
+ der_free_octet_string(&o);
+ o = wo;
+ }
+
+ hx509_lock_free(lock);
+
+ ret = _hx509_write_file(argv[1], o.data, o.length);
+ if (ret)
+ errx(1, "hx509_write_file: %d", ret);
+
+ der_free_octet_string(&o);
+
+ return 0;
+}
+
+static void
+print_certificate(hx509_context hxcontext, hx509_cert cert, int verbose)
+{
+ hx509_name name;
+ const char *fn;
+ char *str;
+ int ret;
+
+ fn = hx509_cert_get_friendly_name(cert);
+ if (fn)
+ printf(" friendly name: %s\n", fn);
+ printf(" private key: %s\n",
+ _hx509_cert_private_key(cert) ? "yes" : "no");
+
+ ret = hx509_cert_get_issuer(cert, &name);
+ hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ printf(" issuer: \"%s\"\n", str);
+ free(str);
+
+ ret = hx509_cert_get_subject(cert, &name);
+ hx509_name_to_string(name, &str);
+ hx509_name_free(&name);
+ printf(" subject: \"%s\"\n", str);
+ free(str);
+
+ {
+ heim_integer serialNumber;
+
+ hx509_cert_get_serialnumber(cert, &serialNumber);
+ der_print_hex_heim_integer(&serialNumber, &str);
+ der_free_heim_integer(&serialNumber);
+ printf(" serial: %s\n", str);
+ free(str);
+ }
+
+ printf(" keyusage: ");
+ ret = hx509_cert_keyusage_print(hxcontext, cert, &str);
+ if (ret == 0) {
+ printf("%s\n", str);
+ free(str);
+ } else
+ printf("no");
+
+ if (verbose) {
+ hx509_validate_ctx vctx;
+
+ hx509_validate_ctx_init(hxcontext, &vctx);
+ hx509_validate_ctx_set_print(vctx, hx509_print_stdout, stdout);
+ hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VALIDATE);
+ hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VERBOSE);
+
+ hx509_validate_cert(hxcontext, vctx, cert);
+
+ hx509_validate_ctx_free(vctx);
+ }
+}
+
+
+struct print_s {
+ int counter;
+ int verbose;
+};
+
+static int
+print_f(hx509_context hxcontext, void *ctx, hx509_cert cert)
+{
+ struct print_s *s = ctx;
+
+ printf("cert: %d\n", s->counter++);
+ print_certificate(context, cert, s->verbose);
+
+ return 0;
+}
+
+int
+pcert_print(struct print_options *opt, int argc, char **argv)
+{
+ hx509_certs certs;
+ hx509_lock lock;
+ struct print_s s;
+
+ s.counter = 0;
+ s.verbose = opt->content_flag;
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ while(argc--) {
+ int ret;
+ ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_init");
+ if (opt->info_flag)
+ hx509_certs_info(context, certs, NULL, NULL);
+ hx509_certs_iter(context, certs, print_f, &s);
+ hx509_certs_free(&certs);
+ argv++;
+ }
+
+ hx509_lock_free(lock);
+
+ return 0;
+}
+
+
+static int
+validate_f(hx509_context hxcontext, void *ctx, hx509_cert c)
+{
+ hx509_validate_cert(hxcontext, ctx, c);
+ return 0;
+}
+
+int
+pcert_validate(struct validate_options *opt, int argc, char **argv)
+{
+ hx509_validate_ctx ctx;
+ hx509_certs certs;
+ hx509_lock lock;
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ hx509_validate_ctx_init(context, &ctx);
+ hx509_validate_ctx_set_print(ctx, hx509_print_stdout, stdout);
+ hx509_validate_ctx_add_flags(ctx, HX509_VALIDATE_F_VALIDATE);
+
+ while(argc--) {
+ int ret;
+ ret = hx509_certs_init(context, argv[0], 0, lock, &certs);
+ if (ret)
+ errx(1, "hx509_certs_init: %d", ret);
+ hx509_certs_iter(context, certs, validate_f, ctx);
+ hx509_certs_free(&certs);
+ argv++;
+ }
+ hx509_validate_ctx_free(ctx);
+
+ hx509_lock_free(lock);
+
+ return 0;
+}
+
+int
+certificate_copy(struct certificate_copy_options *opt, int argc, char **argv)
+{
+ hx509_certs certs;
+ hx509_lock lock;
+ int ret;
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->in_pass_strings);
+
+ ret = hx509_certs_init(context, argv[argc - 1],
+ HX509_CERTS_CREATE, lock, &certs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_init");
+
+ while(argc-- > 1) {
+ int ret;
+ ret = hx509_certs_append(context, certs, lock, argv[0]);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append");
+ argv++;
+ }
+
+ ret = hx509_certs_store(context, certs, 0, NULL);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_store");
+
+ hx509_certs_free(&certs);
+ hx509_lock_free(lock);
+
+ return 0;
+}
+
+struct verify {
+ hx509_verify_ctx ctx;
+ hx509_certs chain;
+ const char *hostname;
+ int errors;
+};
+
+static int
+verify_f(hx509_context hxcontext, void *ctx, hx509_cert c)
+{
+ struct verify *v = ctx;
+ int ret;
+
+ ret = hx509_verify_path(hxcontext, v->ctx, c, v->chain);
+ if (ret) {
+ char *s = hx509_get_error_string(hxcontext, ret);
+ printf("verify_path: %s: %d\n", s, ret);
+ hx509_free_error_string(s);
+ v->errors++;
+ } else
+ printf("path ok\n");
+
+ if (v->hostname) {
+ ret = hx509_verify_hostname(hxcontext, c, 0, HX509_HN_HOSTNAME,
+ v->hostname, NULL, 0);
+ if (ret) {
+ printf("verify_hostname: %d\n", ret);
+ v->errors++;
+ }
+ }
+
+ return 0;
+}
+
+int
+pcert_verify(struct verify_options *opt, int argc, char **argv)
+{
+ hx509_certs anchors, chain, certs;
+ hx509_revoke_ctx revoke_ctx;
+ hx509_verify_ctx ctx;
+ struct verify v;
+ int ret;
+
+ memset(&v, 0, sizeof(v));
+
+ if (opt->missing_revoke_flag)
+ hx509_context_set_missing_revoke(context, 1);
+
+ ret = hx509_verify_init_ctx(context, &ctx);
+ ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors);
+ ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain);
+ ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs);
+
+ if (opt->allow_proxy_certificate_flag)
+ hx509_verify_set_proxy_certificate(ctx, 1);
+
+ if (opt->time_string) {
+ const char *p;
+ struct tm tm;
+ time_t t;
+
+ memset(&tm, 0, sizeof(tm));
+
+ p = strptime (opt->time_string, "%Y-%m-%d", &tm);
+ if (p == NULL)
+ errx(1, "Failed to parse time %s, need to be on format %%Y-%%m-%%d",
+ opt->time_string);
+
+ t = tm2time (tm, 0);
+
+ hx509_verify_set_time(ctx, t);
+ }
+
+ if (opt->hostname_string)
+ v.hostname = opt->hostname_string;
+ if (opt->max_depth_integer)
+ hx509_verify_set_max_depth(ctx, opt->max_depth_integer);
+
+ ret = hx509_revoke_init(context, &revoke_ctx);
+ if (ret)
+ errx(1, "hx509_revoke_init: %d", ret);
+
+ while(argc--) {
+ char *s = *argv++;
+
+ if (strncmp(s, "chain:", 6) == 0) {
+ s += 6;
+
+ ret = hx509_certs_append(context, chain, NULL, s);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append: chain: %s: %d", s, ret);
+
+ } else if (strncmp(s, "anchor:", 7) == 0) {
+ s += 7;
+
+ ret = hx509_certs_append(context, anchors, NULL, s);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append: anchor: %s: %d", s, ret);
+
+ } else if (strncmp(s, "cert:", 5) == 0) {
+ s += 5;
+
+ ret = hx509_certs_append(context, certs, NULL, s);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d",
+ s, ret);
+
+ } else if (strncmp(s, "crl:", 4) == 0) {
+ s += 4;
+
+ ret = hx509_revoke_add_crl(context, revoke_ctx, s);
+ if (ret)
+ errx(1, "hx509_revoke_add_crl: %s: %d", s, ret);
+
+ } else if (strncmp(s, "ocsp:", 4) == 0) {
+ s += 5;
+
+ ret = hx509_revoke_add_ocsp(context, revoke_ctx, s);
+ if (ret)
+ errx(1, "hx509_revoke_add_ocsp: %s: %d", s, ret);
+
+ } else {
+ errx(1, "unknown option to verify: `%s'\n", s);
+ }
+ }
+
+ hx509_verify_attach_anchors(ctx, anchors);
+ hx509_verify_attach_revoke(ctx, revoke_ctx);
+
+ v.ctx = ctx;
+ v.chain = chain;
+
+ hx509_certs_iter(context, certs, verify_f, &v);
+
+ hx509_verify_destroy_ctx(ctx);
+
+ hx509_certs_free(&certs);
+ hx509_certs_free(&chain);
+ hx509_certs_free(&anchors);
+
+ hx509_revoke_free(&revoke_ctx);
+
+ if (v.errors) {
+ printf("failed verifing %d checks\n", v.errors);
+ return 1;
+ }
+
+ return 0;
+}
+
+int
+query(struct query_options *opt, int argc, char **argv)
+{
+ hx509_lock lock;
+ hx509_query *q;
+ hx509_certs certs;
+ hx509_cert c;
+ int ret;
+
+ ret = hx509_query_alloc(context, &q);
+ if (ret)
+ errx(1, "hx509_query_alloc: %d", ret);
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs);
+
+ while (argc > 0) {
+
+ ret = hx509_certs_append(context, certs, lock, argv[0]);
+ if (ret)
+ errx(1, "hx509_certs_append: %s: %d", argv[0], ret);
+
+ argc--;
+ argv++;
+ }
+
+ if (opt->friendlyname_string)
+ hx509_query_match_friendly_name(q, opt->friendlyname_string);
+
+ if (opt->private_key_flag)
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+
+ if (opt->keyEncipherment_flag)
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_ENCIPHERMENT);
+
+ if (opt->digitalSignature_flag)
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ ret = hx509_certs_find(context, certs, q, &c);
+ hx509_query_free(context, q);
+ if (ret)
+ printf("no match found (%d)\n", ret);
+ else {
+ printf("match found\n");
+ if (opt->print_flag)
+ print_certificate(context, c, 0);
+ }
+
+ hx509_cert_free(c);
+ hx509_certs_free(&certs);
+
+ hx509_lock_free(lock);
+
+ return ret;
+}
+
+int
+ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv)
+{
+ hx509_certs reqcerts, pool;
+ heim_octet_string req, nonce_data, *nonce = &nonce_data;
+ hx509_lock lock;
+ int i, ret;
+ char *file;
+ const char *url = "/";
+
+ memset(&nonce, 0, sizeof(nonce));
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ /* no nonce */
+ if (!opt->nonce_flag)
+ nonce = NULL;
+
+ if (opt->url_path_string)
+ url = opt->url_path_string;
+
+ ret = hx509_certs_init(context, "MEMORY:ocsp-pool", 0, NULL, &pool);
+
+ certs_strings(context, "ocsp-pool", pool, lock, &opt->pool_strings);
+
+ file = argv[0];
+
+ ret = hx509_certs_init(context, "MEMORY:ocsp-req", 0, NULL, &reqcerts);
+
+ for (i = 1; i < argc; i++) {
+ ret = hx509_certs_append(context, reqcerts, lock, argv[i]);
+ if (ret)
+ errx(1, "hx509_certs_append: req: %s: %d", argv[i], ret);
+ }
+
+ ret = hx509_ocsp_request(context, reqcerts, pool, NULL, NULL, &req, nonce);
+ if (ret)
+ errx(1, "hx509_ocsp_request: req: %d", ret);
+
+ {
+ FILE *f;
+
+ f = fopen(file, "w");
+ if (f == NULL)
+ abort();
+
+ fprintf(f,
+ "POST %s HTTP/1.0\r\n"
+ "Content-Type: application/ocsp-request\r\n"
+ "Content-Length: %ld\r\n"
+ "\r\n",
+ url,
+ (unsigned long)req.length);
+ fwrite(req.data, req.length, 1, f);
+ fclose(f);
+ }
+
+ if (nonce)
+ der_free_octet_string(nonce);
+
+ hx509_certs_free(&reqcerts);
+ hx509_certs_free(&pool);
+
+ return 0;
+}
+
+int
+ocsp_print(struct ocsp_print_options *opt, int argc, char **argv)
+{
+ hx509_revoke_ocsp_print(context, argv[0], stdout);
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+verify_o(hx509_context hxcontext, void *ctx, hx509_cert c)
+{
+ heim_octet_string *os = ctx;
+ time_t expiration;
+ int ret;
+
+ ret = hx509_ocsp_verify(context, 0, c, 0,
+ os->data, os->length, &expiration);
+ if (ret) {
+ char *s = hx509_get_error_string(hxcontext, ret);
+ printf("ocsp_verify: %s: %d\n", s, ret);
+ hx509_free_error_string(s);
+ } else
+ printf("expire: %d\n", (int)expiration);
+
+ return ret;
+}
+
+
+int
+ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv)
+{
+ hx509_lock lock;
+ hx509_certs certs;
+ int ret, i;
+ heim_octet_string os;
+
+ hx509_lock_init(context, &lock);
+
+ if (opt->ocsp_file_string == NULL)
+ errx(1, "no ocsp file given");
+
+ ret = _hx509_map_file(opt->ocsp_file_string, &os.data, &os.length, NULL);
+ if (ret)
+ err(1, "map_file: %s: %d", argv[0], ret);
+
+ ret = hx509_certs_init(context, "MEMORY:test-certs", 0, NULL, &certs);
+
+ for (i = 0; i < argc; i++) {
+ ret = hx509_certs_append(context, certs, lock, argv[i]);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]);
+ }
+
+ ret = hx509_certs_iter(context, certs, verify_o, &os);
+
+ hx509_certs_free(&certs);
+ _hx509_unmap_file(os.data, os.length);
+ hx509_lock_free(lock);
+
+ return ret;
+}
+
+static int
+read_private_key(const char *fn, hx509_private_key *key)
+{
+ hx509_private_key *keys;
+ hx509_certs certs;
+ int ret;
+
+ *key = NULL;
+
+ ret = hx509_certs_init(context, fn, 0, NULL, &certs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_init: %s", fn);
+
+ ret = _hx509_certs_keys_get(context, certs, &keys);
+ hx509_certs_free(&certs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_keys_get");
+ if (keys[0] == NULL)
+ errx(1, "no keys in key store: %s", fn);
+
+ *key = _hx509_private_key_ref(keys[0]);
+ _hx509_certs_keys_free(context, keys);
+
+ return 0;
+}
+
+static void
+get_key(const char *fn, const char *type, int optbits,
+ hx509_private_key *signer)
+{
+ int ret;
+
+ if (type) {
+ BIGNUM *e;
+ RSA *rsa;
+ unsigned char *p0, *p;
+ size_t len;
+ int bits = 1024;
+
+ if (fn == NULL)
+ errx(1, "no key argument, don't know here to store key");
+
+ if (strcasecmp(type, "rsa") != 0)
+ errx(1, "can only handle rsa keys for now");
+
+ e = BN_new();
+ BN_set_word(e, 0x10001);
+
+ if (optbits)
+ bits = optbits;
+
+ rsa = RSA_new();
+ if(rsa == NULL)
+ errx(1, "RSA_new failed");
+
+ ret = RSA_generate_key_ex(rsa, bits, e, NULL);
+ if(ret != 1)
+ errx(1, "RSA_new failed");
+
+ BN_free(e);
+
+ len = i2d_RSAPrivateKey(rsa, NULL);
+
+ p0 = p = malloc(len);
+ if (p == NULL)
+ errx(1, "out of memory");
+
+ i2d_RSAPrivateKey(rsa, &p);
+
+ rk_dumpdata(fn, p0, len);
+ memset(p0, 0, len);
+ free(p0);
+
+ RSA_free(rsa);
+
+ } else if (fn == NULL)
+ err(1, "no private key");
+
+ ret = read_private_key(fn, signer);
+ if (ret)
+ err(1, "read_private_key");
+}
+
+int
+request_create(struct request_create_options *opt, int argc, char **argv)
+{
+ heim_octet_string request;
+ hx509_request req;
+ int ret, i;
+ hx509_private_key signer;
+ SubjectPublicKeyInfo key;
+ const char *outfile = argv[0];
+
+ memset(&key, 0, sizeof(key));
+
+ get_key(opt->key_string,
+ opt->generate_key_string,
+ opt->key_bits_integer,
+ &signer);
+
+ _hx509_request_init(context, &req);
+
+ if (opt->subject_string) {
+ hx509_name name = NULL;
+
+ ret = hx509_parse_name(context, opt->subject_string, &name);
+ if (ret)
+ errx(1, "hx509_parse_name: %d\n", ret);
+ _hx509_request_set_name(context, req, name);
+
+ if (opt->verbose_flag) {
+ char *s;
+ hx509_name_to_string(name, &s);
+ printf("%s\n", s);
+ }
+ hx509_name_free(&name);
+ }
+
+ for (i = 0; i < opt->email_strings.num_strings; i++) {
+ ret = _hx509_request_add_email(context, req,
+ opt->email_strings.strings[i]);
+ }
+
+ for (i = 0; i < opt->dnsname_strings.num_strings; i++) {
+ ret = _hx509_request_add_dns_name(context, req,
+ opt->dnsname_strings.strings[i]);
+ }
+
+
+ ret = _hx509_private_key2SPKI(context, signer, &key);
+ if (ret)
+ errx(1, "_hx509_private_key2SPKI: %d\n", ret);
+
+ ret = _hx509_request_set_SubjectPublicKeyInfo(context,
+ req,
+ &key);
+ free_SubjectPublicKeyInfo(&key);
+ if (ret)
+ hx509_err(context, 1, ret, "_hx509_request_set_SubjectPublicKeyInfo");
+
+ ret = _hx509_request_to_pkcs10(context,
+ req,
+ signer,
+ &request);
+ if (ret)
+ hx509_err(context, 1, ret, "_hx509_request_to_pkcs10");
+
+ _hx509_private_key_free(&signer);
+ _hx509_request_free(&req);
+
+ if (ret == 0)
+ rk_dumpdata(outfile, request.data, request.length);
+ der_free_octet_string(&request);
+
+ return 0;
+}
+
+int
+request_print(struct request_print_options *opt, int argc, char **argv)
+{
+ int ret, i;
+
+ printf("request print\n");
+
+ for (i = 0; i < argc; i++) {
+ hx509_request req;
+
+ ret = _hx509_request_parse(context, argv[i], &req);
+ if (ret)
+ hx509_err(context, 1, ret, "parse_request: %s", argv[i]);
+
+ ret = _hx509_request_print(context, req, stdout);
+ _hx509_request_free(&req);
+ if (ret)
+ hx509_err(context, 1, ret, "Failed to print file %s", argv[i]);
+ }
+
+ return 0;
+}
+
+int
+info(void *opt, int argc, char **argv)
+{
+
+ ENGINE_add_conf_module();
+
+ {
+ const RSA_METHOD *m = RSA_get_default_method();
+ if (m != NULL)
+ printf("rsa: %s\n", m->name);
+ }
+ {
+ const DH_METHOD *m = DH_get_default_method();
+ if (m != NULL)
+ printf("dh: %s\n", m->name);
+ }
+ {
+ int ret = RAND_status();
+ printf("rand: %s\n", ret == 1 ? "ok" : "not available");
+ }
+
+ return 0;
+}
+
+int
+random_data(void *opt, int argc, char **argv)
+{
+ void *ptr;
+ int len, ret;
+
+ len = parse_bytes(argv[0], "byte");
+ if (len <= 0) {
+ fprintf(stderr, "bad argument to random-data\n");
+ return 1;
+ }
+
+ ptr = malloc(len);
+ if (ptr == NULL) {
+ fprintf(stderr, "out of memory\n");
+ return 1;
+ }
+
+ ret = RAND_bytes(ptr, len);
+ if (ret != 1) {
+ free(ptr);
+ fprintf(stderr, "did not get cryptographic strong random\n");
+ return 1;
+ }
+
+ fwrite(ptr, len, 1, stdout);
+ fflush(stdout);
+
+ free(ptr);
+
+ return 0;
+}
+
+int
+crypto_available(struct crypto_available_options *opt, int argc, char **argv)
+{
+ AlgorithmIdentifier *val;
+ unsigned int len, i;
+ int ret, type;
+
+ if (opt->type_string) {
+ if (strcmp(opt->type_string, "all") == 0)
+ type = HX509_SELECT_ALL;
+ else if (strcmp(opt->type_string, "digest") == 0)
+ type = HX509_SELECT_DIGEST;
+ else if (strcmp(opt->type_string, "public-sig") == 0)
+ type = HX509_SELECT_PUBLIC_SIG;
+ else if (strcmp(opt->type_string, "secret") == 0)
+ type = HX509_SELECT_SECRET_ENC;
+ else
+ errx(1, "unknown type: %s", opt->type_string);
+ } else
+ type = HX509_SELECT_ALL;
+
+ ret = hx509_crypto_available(context, type, NULL, &val, &len);
+ if (ret)
+ errx(1, "hx509_crypto_available");
+
+ for (i = 0; i < len; i++) {
+ char *s;
+ der_print_heim_oid (&val[i].algorithm, '.', &s);
+ printf("%s\n", s);
+ free(s);
+ }
+
+ hx509_crypto_free_algs(val, len);
+
+ return 0;
+}
+
+int
+crypto_select(struct crypto_select_options *opt, int argc, char **argv)
+{
+ hx509_peer_info peer = NULL;
+ AlgorithmIdentifier selected;
+ int ret, type;
+ char *s;
+
+ if (opt->type_string) {
+ if (strcmp(opt->type_string, "digest") == 0)
+ type = HX509_SELECT_DIGEST;
+ else if (strcmp(opt->type_string, "public-sig") == 0)
+ type = HX509_SELECT_PUBLIC_SIG;
+ else if (strcmp(opt->type_string, "secret") == 0)
+ type = HX509_SELECT_SECRET_ENC;
+ else
+ errx(1, "unknown type: %s", opt->type_string);
+ } else
+ type = HX509_SELECT_DIGEST;
+
+ if (opt->peer_cmstype_strings.num_strings)
+ peer_strings(context, &peer, &opt->peer_cmstype_strings);
+
+ ret = hx509_crypto_select(context, type, NULL, peer, &selected);
+ if (ret)
+ errx(1, "hx509_crypto_available");
+
+ der_print_heim_oid (&selected.algorithm, '.', &s);
+ printf("%s\n", s);
+ free(s);
+ free_AlgorithmIdentifier(&selected);
+
+ hx509_peer_info_free(peer);
+
+ return 0;
+}
+
+int
+hxtool_hex(struct hex_options *opt, int argc, char **argv)
+{
+
+ if (opt->decode_flag) {
+ char buf[1024], buf2[1024], *p;
+ ssize_t len;
+
+ while(fgets(buf, sizeof(buf), stdin) != NULL) {
+ buf[strcspn(buf, "\r\n")] = '\0';
+ p = buf;
+ while(isspace(*(unsigned char *)p))
+ p++;
+ len = hex_decode(p, buf2, strlen(p));
+ if (len < 0)
+ errx(1, "hex_decode failed");
+ if (fwrite(buf2, 1, len, stdout) != len)
+ errx(1, "fwrite failed");
+ }
+ } else {
+ char buf[28], *p;
+ size_t len;
+
+ while((len = fread(buf, 1, sizeof(buf), stdin)) != 0) {
+ len = hex_encode(buf, len, &p);
+ fprintf(stdout, "%s\n", p);
+ free(p);
+ }
+ }
+ return 0;
+}
+
+static int
+eval_types(hx509_context context,
+ hx509_ca_tbs tbs,
+ const struct certificate_sign_options *opt)
+{
+ int pkinit = 0;
+ int i, ret;
+
+ for (i = 0; i < opt->type_strings.num_strings; i++) {
+ const char *type = opt->type_strings.strings[i];
+
+ if (strcmp(type, "https-server") == 0) {
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkix_kp_serverAuth());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+ } else if (strcmp(type, "https-client") == 0) {
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkix_kp_clientAuth());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+ } else if (strcmp(type, "peap-server") == 0) {
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkix_kp_serverAuth());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+ } else if (strcmp(type, "pkinit-kdc") == 0) {
+ pkinit++;
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkkdcekuoid());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+ } else if (strcmp(type, "pkinit-client") == 0) {
+ pkinit++;
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkekuoid());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_ms_client_authentication());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkinit_ms_eku());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+
+ } else if (strcmp(type, "email") == 0) {
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkix_kp_emailProtection());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+ } else
+ errx(1, "unknown type %s", type);
+ }
+
+ if (pkinit > 1)
+ errx(1, "More the one PK-INIT type given");
+
+ if (opt->pk_init_principal_string) {
+ if (!pkinit)
+ errx(1, "pk-init principal given but no pk-init oid");
+
+ ret = hx509_ca_tbs_add_san_pkinit(context, tbs,
+ opt->pk_init_principal_string);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit");
+ }
+
+ if (opt->ms_upn_string) {
+ if (!pkinit)
+ errx(1, "MS up given but no pk-init oid");
+
+ ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
+ }
+
+
+ for (i = 0; i < opt->hostname_strings.num_strings; i++) {
+ const char *hostname = opt->hostname_strings.strings[i];
+
+ ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
+ }
+
+ for (i = 0; i < opt->email_strings.num_strings; i++) {
+ const char *email = opt->email_strings.strings[i];
+
+ ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
+
+ ret = hx509_ca_tbs_add_eku(context, tbs,
+ oid_id_pkix_kp_emailProtection());
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
+ }
+
+ if (opt->jid_string) {
+ ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid");
+ }
+
+ return 0;
+}
+
+int
+hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
+{
+ int ret;
+ hx509_ca_tbs tbs;
+ hx509_cert signer = NULL, cert = NULL;
+ hx509_private_key private_key = NULL;
+ hx509_private_key cert_key = NULL;
+ hx509_name subject = NULL;
+ SubjectPublicKeyInfo spki;
+ int delta = 0;
+
+ memset(&spki, 0, sizeof(spki));
+
+ if (opt->ca_certificate_string == NULL && !opt->self_signed_flag)
+ errx(1, "--ca-certificate argument missing (not using --self-signed)");
+ if (opt->ca_private_key_string == NULL && opt->generate_key_string == NULL && opt->self_signed_flag)
+ errx(1, "--ca-private-key argument missing (using --self-signed)");
+ if (opt->certificate_string == NULL)
+ errx(1, "--certificate argument missing");
+
+ if (opt->template_certificate_string) {
+ if (opt->template_fields_string == NULL)
+ errx(1, "--template-certificate not no --template-fields");
+ }
+
+ if (opt->lifetime_string) {
+ delta = parse_time(opt->lifetime_string, "day");
+ if (delta < 0)
+ errx(1, "Invalid lifetime: %s", opt->lifetime_string);
+ }
+
+ if (opt->ca_certificate_string) {
+ hx509_certs cacerts = NULL;
+ hx509_query *q;
+
+ ret = hx509_certs_init(context, opt->ca_certificate_string, 0,
+ NULL, &cacerts);
+ if (ret)
+ hx509_err(context, 1, ret,
+ "hx509_certs_init: %s", opt->ca_certificate_string);
+
+ ret = hx509_query_alloc(context, &q);
+ if (ret)
+ errx(1, "hx509_query_alloc: %d", ret);
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ if (!opt->issue_proxy_flag)
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN);
+
+ ret = hx509_certs_find(context, cacerts, q, &signer);
+ hx509_query_free(context, q);
+ hx509_certs_free(&cacerts);
+ if (ret)
+ hx509_err(context, 1, ret, "no CA certificate found");
+ } else if (opt->self_signed_flag) {
+ if (opt->generate_key_string == NULL
+ && opt->ca_private_key_string == NULL)
+ errx(1, "no signing private key");
+ } else
+ errx(1, "missing ca key");
+
+ if (opt->ca_private_key_string) {
+
+ ret = read_private_key(opt->ca_private_key_string, &private_key);
+ if (ret)
+ err(1, "read_private_key");
+
+ ret = _hx509_private_key2SPKI(context, private_key, &spki);
+ if (ret)
+ errx(1, "_hx509_private_key2SPKI: %d\n", ret);
+
+ if (opt->self_signed_flag)
+ cert_key = private_key;
+ }
+
+ if (opt->req_string) {
+ hx509_request req;
+
+ ret = _hx509_request_parse(context, opt->req_string, &req);
+ if (ret)
+ hx509_err(context, 1, ret, "parse_request: %s", opt->req_string);
+ ret = _hx509_request_get_name(context, req, &subject);
+ if (ret)
+ hx509_err(context, 1, ret, "get name");
+ ret = _hx509_request_get_SubjectPublicKeyInfo(context, req, &spki);
+ if (ret)
+ hx509_err(context, 1, ret, "get spki");
+ _hx509_request_free(&req);
+ }
+
+ if (opt->generate_key_string) {
+ struct hx509_generate_private_context *keyctx;
+
+ ret = _hx509_generate_private_key_init(context,
+ oid_id_pkcs1_rsaEncryption(),
+ &keyctx);
+
+ if (opt->issue_ca_flag)
+ _hx509_generate_private_key_is_ca(context, keyctx);
+
+ if (opt->key_bits_integer)
+ _hx509_generate_private_key_bits(context, keyctx,
+ opt->key_bits_integer);
+
+ ret = _hx509_generate_private_key(context, keyctx,
+ &cert_key);
+ _hx509_generate_private_key_free(&keyctx);
+ if (ret)
+ hx509_err(context, 1, ret, "generate private key");
+
+ ret = _hx509_private_key2SPKI(context, cert_key, &spki);
+ if (ret)
+ errx(1, "_hx509_private_key2SPKI: %d\n", ret);
+
+ if (opt->self_signed_flag)
+ private_key = cert_key;
+ }
+
+ if (opt->certificate_private_key_string) {
+ ret = read_private_key(opt->certificate_private_key_string, &cert_key);
+ if (ret)
+ err(1, "read_private_key for certificate");
+ }
+
+ if (opt->subject_string) {
+ if (subject)
+ hx509_name_free(&subject);
+ ret = hx509_parse_name(context, opt->subject_string, &subject);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_parse_name");
+ }
+
+ /*
+ *
+ */
+
+ ret = hx509_ca_tbs_init(context, &tbs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_init");
+
+ if (opt->template_certificate_string) {
+ hx509_cert template;
+ hx509_certs tcerts;
+ int flags;
+
+ ret = hx509_certs_init(context, opt->template_certificate_string, 0,
+ NULL, &tcerts);
+ if (ret)
+ hx509_err(context, 1, ret,
+ "hx509_certs_init: %s", opt->template_certificate_string);
+
+ ret = hx509_get_one_cert(context, tcerts, &template);
+
+ hx509_certs_free(&tcerts);
+ if (ret)
+ hx509_err(context, 1, ret, "no template certificate found");
+
+ flags = parse_units(opt->template_fields_string,
+ hx509_ca_tbs_template_units(), "");
+
+ ret = hx509_ca_tbs_set_template(context, tbs, flags, template);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_template");
+
+ hx509_cert_free(template);
+ }
+
+ if (opt->serial_number_string) {
+ heim_integer serialNumber;
+
+ ret = der_parse_hex_heim_integer(opt->serial_number_string,
+ &serialNumber);
+ if (ret)
+ err(1, "der_parse_hex_heim_integer");
+ ret = hx509_ca_tbs_set_serialnumber(context, tbs, &serialNumber);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_init");
+ der_free_heim_integer(&serialNumber);
+ }
+
+ if (spki.subjectPublicKey.length) {
+ ret = hx509_ca_tbs_set_spki(context, tbs, &spki);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_spki");
+ }
+
+ if (subject) {
+ ret = hx509_ca_tbs_set_subject(context, tbs, subject);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_subject");
+ }
+
+ if (opt->crl_uri_string) {
+ ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs,
+ opt->crl_uri_string, NULL);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_add_crl_dp_uri");
+ }
+
+ eval_types(context, tbs, opt);
+
+ if (opt->issue_ca_flag) {
+ ret = hx509_ca_tbs_set_ca(context, tbs, opt->path_length_integer);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_ca");
+ }
+ if (opt->issue_proxy_flag) {
+ ret = hx509_ca_tbs_set_proxy(context, tbs, opt->path_length_integer);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_proxy");
+ }
+ if (opt->domain_controller_flag) {
+ hx509_ca_tbs_set_domaincontroller(context, tbs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_domaincontroller");
+ }
+
+ if (delta) {
+ ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_tbs_set_notAfter_lifetime");
+ }
+
+ if (opt->self_signed_flag) {
+ ret = hx509_ca_sign_self(context, tbs, private_key, &cert);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_sign_self");
+ } else {
+ ret = hx509_ca_sign(context, tbs, signer, &cert);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_ca_sign");
+ }
+
+ if (cert_key) {
+ ret = _hx509_cert_assign_key(cert, cert_key);
+ if (ret)
+ hx509_err(context, 1, ret, "_hx509_cert_assign_key");
+ }
+
+ {
+ hx509_certs certs;
+
+ ret = hx509_certs_init(context, opt->certificate_string,
+ HX509_CERTS_CREATE, NULL, &certs);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_init");
+
+ ret = hx509_certs_add(context, certs, cert);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_add");
+
+ ret = hx509_certs_store(context, certs, 0, NULL);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_store");
+
+ hx509_certs_free(&certs);
+ }
+
+ if (subject)
+ hx509_name_free(&subject);
+ if (signer)
+ hx509_cert_free(signer);
+ hx509_cert_free(cert);
+ free_SubjectPublicKeyInfo(&spki);
+
+ if (private_key != cert_key)
+ _hx509_private_key_free(&private_key);
+ _hx509_private_key_free(&cert_key);
+
+ hx509_ca_tbs_free(&tbs);
+
+ return 0;
+}
+
+static int
+test_one_cert(hx509_context hxcontext, void *ctx, hx509_cert cert)
+{
+ heim_octet_string sd, c;
+ hx509_verify_ctx vctx = ctx;
+ hx509_certs signer = NULL;
+ heim_oid type;
+ int ret;
+
+ if (_hx509_cert_private_key(cert) == NULL)
+ return 0;
+
+ ret = hx509_cms_create_signed_1(context, 0, NULL, NULL, 0,
+ NULL, cert, NULL, NULL, NULL, &sd);
+ if (ret)
+ errx(1, "hx509_cms_create_signed_1");
+
+ ret = hx509_cms_verify_signed(context, vctx, sd.data, sd.length,
+ NULL, NULL, &type, &c, &signer);
+ free(sd.data);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_cms_verify_signed");
+
+ printf("create-signature verify-sigature done\n");
+
+ free(c.data);
+
+ return 0;
+}
+
+int
+test_crypto(struct test_crypto_options *opt, int argc, char ** argv)
+{
+ hx509_verify_ctx vctx;
+ hx509_certs certs;
+ hx509_lock lock;
+ int i, ret;
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = hx509_certs_init(context, "MEMORY:test-crypto", 0, NULL, &certs);
+
+ for (i = 0; i < argc; i++) {
+ ret = hx509_certs_append(context, certs, lock, argv[i]);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append");
+ }
+
+ ret = hx509_verify_init_ctx(context, &vctx);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_verify_init_ctx");
+
+ hx509_verify_attach_anchors(vctx, certs);
+
+ ret = hx509_certs_iter(context, certs, test_one_cert, vctx);
+
+ hx509_certs_free(&certs);
+
+ return 0;
+}
+
+int
+statistic_print(struct statistic_print_options*opt, int argc, char **argv)
+{
+ int type = 0;
+
+ if (stat_file_string == NULL)
+ errx(1, "no stat file");
+
+ if (opt->type_integer)
+ type = opt->type_integer;
+
+ hx509_query_unparse_stats(context, type, stdout);
+ return 0;
+}
+
+/*
+ *
+ */
+
+int
+crl_sign(struct crl_sign_options *opt, int argc, char **argv)
+{
+ hx509_crl crl;
+ heim_octet_string os;
+ hx509_cert signer = NULL;
+ hx509_lock lock;
+ int ret;
+
+ hx509_lock_init(context, &lock);
+ lock_strings(lock, &opt->pass_strings);
+
+ ret = hx509_crl_alloc(context, &crl);
+ if (ret)
+ errx(1, "crl alloc");
+
+ if (opt->signer_string == NULL)
+ errx(1, "signer missing");
+
+ {
+ hx509_certs certs = NULL;
+ hx509_query *q;
+
+ ret = hx509_certs_init(context, opt->signer_string, 0,
+ NULL, &certs);
+ if (ret)
+ hx509_err(context, 1, ret,
+ "hx509_certs_init: %s", opt->signer_string);
+
+ ret = hx509_query_alloc(context, &q);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_query_alloc: %d", ret);
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+
+ ret = hx509_certs_find(context, certs, q, &signer);
+ hx509_query_free(context, q);
+ hx509_certs_free(&certs);
+ if (ret)
+ hx509_err(context, 1, ret, "no signer certificate found");
+ }
+
+ if (opt->lifetime_string) {
+ int delta;
+
+ delta = parse_time(opt->lifetime_string, "day");
+ if (delta < 0)
+ errx(1, "Invalid lifetime: %s", opt->lifetime_string);
+
+ hx509_crl_lifetime(context, crl, delta);
+ }
+
+ {
+ hx509_certs revoked = NULL;
+ int i;
+
+ ret = hx509_certs_init(context, "MEMORY:revoked-certs", 0,
+ NULL, &revoked);
+
+ for (i = 0; i < argc; i++) {
+ ret = hx509_certs_append(context, revoked, lock, argv[i]);
+ if (ret)
+ hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]);
+ }
+
+ hx509_crl_add_revoked_certs(context, crl, revoked);
+ hx509_certs_free(&revoked);
+ }
+
+ hx509_crl_sign(context, signer, crl, &os);
+
+ if (opt->crl_file_string)
+ rk_dumpdata(opt->crl_file_string, os.data, os.length);
+
+ free(os.data);
+
+ hx509_crl_free(context, &crl);
+ hx509_cert_free(signer);
+ hx509_lock_free(lock);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+int
+help(void *opt, int argc, char **argv)
+{
+ sl_slc_help(commands, argc, argv);
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret, optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ argv += optidx;
+ argc -= optidx;
+
+ if (argc == 0)
+ usage(1);
+
+ ret = hx509_context_init(&context);
+ if (ret)
+ errx(1, "hx509_context_init failed with %d", ret);
+
+ if (stat_file_string)
+ hx509_query_statistic_file(context, stat_file_string);
+
+ ret = sl_command(commands, argc, argv);
+ if(ret == -1)
+ warnx ("unrecognized command: %s", argv[0]);
+
+ hx509_context_free(&context);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/keyset.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/keyset.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/keyset.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,677 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: keyset.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_keyset Certificate store operations
+ *
+ * Type of certificates store:
+ * - MEMORY
+ * In memory based format. Doesnt support storing.
+ * - FILE
+ * FILE supports raw DER certicates and PEM certicates. When PEM is
+ * used the file can contain may certificates and match private
+ * keys. Support storing the certificates. DER format only supports
+ * on certificate and no private key.
+ * - PEM-FILE
+ * Same as FILE, defaulting to PEM encoded certificates.
+ * - PEM-FILE
+ * Same as FILE, defaulting to DER encoded certificates.
+ * - PKCS11
+ * - PKCS12
+ * - DIR
+ * - KEYCHAIN
+ * Apple Mac OS X KeyChain backed keychain object.
+ *
+ * See the library functions here: @ref hx509_keyset
+ */
+
+struct hx509_certs_data {
+ int ref;
+ struct hx509_keyset_ops *ops;
+ void *ops_data;
+};
+
+static struct hx509_keyset_ops *
+_hx509_ks_type(hx509_context context, const char *type)
+{
+ int i;
+
+ for (i = 0; i < context->ks_num_ops; i++)
+ if (strcasecmp(type, context->ks_ops[i]->name) == 0)
+ return context->ks_ops[i];
+
+ return NULL;
+}
+
+void
+_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops)
+{
+ struct hx509_keyset_ops **val;
+
+ if (_hx509_ks_type(context, ops->name))
+ return;
+
+ val = realloc(context->ks_ops,
+ (context->ks_num_ops + 1) * sizeof(context->ks_ops[0]));
+ if (val == NULL)
+ return;
+ val[context->ks_num_ops] = ops;
+ context->ks_ops = val;
+ context->ks_num_ops++;
+}
+
+/**
+ * Open or creates a new hx509 certificate store.
+ *
+ * @param context A hx509 context
+ * @param name name of the store, format is TYPE:type-specific-string,
+ * if NULL is used the MEMORY store is used.
+ * @param flags list of flags:
+ * - HX509_CERTS_CREATE create a new keystore of the specific TYPE.
+ * - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted.
+ * @param lock a lock that unlocks the certificates store, use NULL to
+ * select no password/certifictes/prompt lock (see @ref page_lock).
+ * @param certs return pointer, free with hx509_certs_free().
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_init(hx509_context context,
+ const char *name, int flags,
+ hx509_lock lock, hx509_certs *certs)
+{
+ struct hx509_keyset_ops *ops;
+ const char *residue;
+ hx509_certs c;
+ char *type;
+ int ret;
+
+ *certs = NULL;
+
+ residue = strchr(name, ':');
+ if (residue) {
+ type = malloc(residue - name + 1);
+ if (type)
+ strlcpy(type, name, residue - name + 1);
+ residue++;
+ if (residue[0] == '\0')
+ residue = NULL;
+ } else {
+ type = strdup("MEMORY");
+ residue = name;
+ }
+ if (type == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ ops = _hx509_ks_type(context, type);
+ if (ops == NULL) {
+ hx509_set_error_string(context, 0, ENOENT,
+ "Keyset type %s is not supported", type);
+ free(type);
+ return ENOENT;
+ }
+ free(type);
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ c->ops = ops;
+ c->ref = 1;
+
+ ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock);
+ if (ret) {
+ free(c);
+ return ret;
+ }
+
+ *certs = c;
+ return 0;
+}
+
+/**
+ * Write the certificate store to stable storage.
+ *
+ * @param context A hx509 context.
+ * @param certs a certificate store to store.
+ * @param flags currently unused, use 0.
+ * @param lock a lock that unlocks the certificates store, use NULL to
+ * select no password/certifictes/prompt lock (see @ref page_lock).
+ *
+ * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if
+ * the certificate store doesn't support the store operation.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_store(hx509_context context,
+ hx509_certs certs,
+ int flags,
+ hx509_lock lock)
+{
+ if (certs->ops->store == NULL) {
+ hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
+ "keystore if type %s doesn't support "
+ "store operation",
+ certs->ops->name);
+ return HX509_UNSUPPORTED_OPERATION;
+ }
+
+ return (*certs->ops->store)(context, certs, certs->ops_data, flags, lock);
+}
+
+
+hx509_certs
+_hx509_certs_ref(hx509_certs certs)
+{
+ if (certs == NULL)
+ return NULL;
+ if (certs->ref <= 0)
+ _hx509_abort("certs refcount <= 0");
+ certs->ref++;
+ if (certs->ref == 0)
+ _hx509_abort("certs refcount == 0");
+ return certs;
+}
+
+/**
+ * Free a certificate store.
+ *
+ * @param certs certificate store to free.
+ *
+ * @ingroup hx509_keyset
+ */
+
+void
+hx509_certs_free(hx509_certs *certs)
+{
+ if (*certs) {
+ if ((*certs)->ref <= 0)
+ _hx509_abort("refcount <= 0");
+ if (--(*certs)->ref > 0)
+ return;
+
+ (*(*certs)->ops->free)(*certs, (*certs)->ops_data);
+ free(*certs);
+ *certs = NULL;
+ }
+}
+
+/**
+ * Start the integration
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over
+ * @param cursor cursor that will keep track of progress, free with
+ * hx509_certs_end_seq().
+ *
+ * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is
+ * returned if the certificate store doesn't support the iteration
+ * operation.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_start_seq(hx509_context context,
+ hx509_certs certs,
+ hx509_cursor *cursor)
+{
+ int ret;
+
+ if (certs->ops->iter_start == NULL) {
+ hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
+ "Keyset type %s doesn't support iteration",
+ certs->ops->name);
+ return HX509_UNSUPPORTED_OPERATION;
+ }
+
+ ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor);
+ if (ret)
+ return ret;
+
+ return 0;
+}
+
+/**
+ * Get next ceritificate from the certificate keystore pointed out by
+ * cursor.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over.
+ * @param cursor cursor that keeps track of progress.
+ * @param cert return certificate next in store, NULL if the store
+ * contains no more certificates. Free with hx509_cert_free().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_next_cert(hx509_context context,
+ hx509_certs certs,
+ hx509_cursor cursor,
+ hx509_cert *cert)
+{
+ *cert = NULL;
+ return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert);
+}
+
+/**
+ * End the iteration over certificates.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over.
+ * @param cursor cursor that will keep track of progress, freed.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_end_seq(hx509_context context,
+ hx509_certs certs,
+ hx509_cursor cursor)
+{
+ (*certs->ops->iter_end)(context, certs, certs->ops_data, cursor);
+ return 0;
+}
+
+/**
+ * Iterate over all certificates in a keystore and call an function
+ * for each fo them.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to iterate over.
+ * @param func function to call for each certificate. The function
+ * should return non-zero to abort the iteration, that value is passed
+ * back to te caller of hx509_certs_iter().
+ * @param ctx context variable that will passed to the function.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_iter(hx509_context context,
+ hx509_certs certs,
+ int (*func)(hx509_context, void *, hx509_cert),
+ void *ctx)
+{
+ hx509_cursor cursor;
+ hx509_cert c;
+ int ret;
+
+ ret = hx509_certs_start_seq(context, certs, &cursor);
+ if (ret)
+ return ret;
+
+ while (1) {
+ ret = hx509_certs_next_cert(context, certs, cursor, &c);
+ if (ret)
+ break;
+ if (c == NULL) {
+ ret = 0;
+ break;
+ }
+ ret = (*func)(context, ctx, c);
+ hx509_cert_free(c);
+ if (ret)
+ break;
+ }
+
+ hx509_certs_end_seq(context, certs, cursor);
+
+ return ret;
+}
+
+
+/**
+ * Function to use to hx509_certs_iter() as a function argument, the
+ * ctx variable to hx509_certs_iter() should be a FILE file descriptor.
+ *
+ * @param context a hx509 context.
+ * @param ctx used by hx509_certs_iter().
+ * @param c a certificate
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c)
+{
+ Certificate *cert;
+ hx509_name n;
+ char *s, *i;
+
+ cert = _hx509_get_cert(c);
+
+ _hx509_name_from_Name(&cert->tbsCertificate.subject, &n);
+ hx509_name_to_string(n, &s);
+ hx509_name_free(&n);
+ _hx509_name_from_Name(&cert->tbsCertificate.issuer, &n);
+ hx509_name_to_string(n, &i);
+ hx509_name_free(&n);
+ fprintf(ctx, "subject: %s\nissuer: %s\n", s, i);
+ free(s);
+ free(i);
+ return 0;
+}
+
+/**
+ * Add a certificate to the certificiate store.
+ *
+ * The receiving keyset certs will either increase reference counter
+ * of the cert or make a deep copy, either way, the caller needs to
+ * free the cert itself.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to add the certificate to.
+ * @param cert certificate to add.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert)
+{
+ if (certs->ops->add == NULL) {
+ hx509_set_error_string(context, 0, ENOENT,
+ "Keyset type %s doesn't support add operation",
+ certs->ops->name);
+ return ENOENT;
+ }
+
+ return (*certs->ops->add)(context, certs, certs->ops_data, cert);
+}
+
+/**
+ * Find a certificate matching the query.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to search.
+ * @param q query allocated with @ref hx509_query functions.
+ * @param r return certificate (or NULL on error), should be freed
+ * with hx509_cert_free().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_find(hx509_context context,
+ hx509_certs certs,
+ const hx509_query *q,
+ hx509_cert *r)
+{
+ hx509_cursor cursor;
+ hx509_cert c;
+ int ret;
+
+ *r = NULL;
+
+ _hx509_query_statistic(context, 0, q);
+
+ if (certs->ops->query)
+ return (*certs->ops->query)(context, certs, certs->ops_data, q, r);
+
+ ret = hx509_certs_start_seq(context, certs, &cursor);
+ if (ret)
+ return ret;
+
+ c = NULL;
+ while (1) {
+ ret = hx509_certs_next_cert(context, certs, cursor, &c);
+ if (ret)
+ break;
+ if (c == NULL)
+ break;
+ if (_hx509_query_match_cert(context, q, c)) {
+ *r = c;
+ break;
+ }
+ hx509_cert_free(c);
+ }
+
+ hx509_certs_end_seq(context, certs, cursor);
+ if (ret)
+ return ret;
+ if (c == NULL) {
+ hx509_clear_error_string(context);
+ return HX509_CERT_NOT_FOUND;
+ }
+
+ return 0;
+}
+
+static int
+certs_merge_func(hx509_context context, void *ctx, hx509_cert c)
+{
+ return hx509_certs_add(context, (hx509_certs)ctx, c);
+}
+
+/**
+ * Merge a certificate store into another. The from store is keep
+ * intact.
+ *
+ * @param context a hx509 context.
+ * @param to the store to merge into.
+ * @param from the store to copy the object from.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
+{
+ if (from == NULL)
+ return 0;
+ return hx509_certs_iter(context, from, certs_merge_func, to);
+}
+
+/**
+ * Same a hx509_certs_merge() but use a lock and name to describe the
+ * from source.
+ *
+ * @param context a hx509 context.
+ * @param to the store to merge into.
+ * @param lock a lock that unlocks the certificates store, use NULL to
+ * select no password/certifictes/prompt lock (see @ref page_lock).
+ * @param name name of the source store
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_append(hx509_context context,
+ hx509_certs to,
+ hx509_lock lock,
+ const char *name)
+{
+ hx509_certs s;
+ int ret;
+
+ ret = hx509_certs_init(context, name, 0, lock, &s);
+ if (ret)
+ return ret;
+ ret = hx509_certs_merge(context, to, s);
+ hx509_certs_free(&s);
+ return ret;
+}
+
+/**
+ * Get one random certificate from the certificate store.
+ *
+ * @param context a hx509 context.
+ * @param certs a certificate store to get the certificate from.
+ * @param c return certificate, should be freed with hx509_cert_free().
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_get_one_cert(hx509_context context, hx509_certs certs, hx509_cert *c)
+{
+ hx509_cursor cursor;
+ int ret;
+
+ *c = NULL;
+
+ ret = hx509_certs_start_seq(context, certs, &cursor);
+ if (ret)
+ return ret;
+
+ ret = hx509_certs_next_cert(context, certs, cursor, c);
+ if (ret)
+ return ret;
+
+ hx509_certs_end_seq(context, certs, cursor);
+ return 0;
+}
+
+static int
+certs_info_stdio(void *ctx, const char *str)
+{
+ FILE *f = ctx;
+ fprintf(f, "%s\n", str);
+ return 0;
+}
+
+/**
+ * Print some info about the certificate store.
+ *
+ * @param context a hx509 context.
+ * @param certs certificate store to print information about.
+ * @param func function that will get each line of the information, if
+ * NULL is used the data is printed on a FILE descriptor that should
+ * be passed in ctx, if ctx also is NULL, stdout is used.
+ * @param ctx parameter to func.
+ *
+ * @return Returns an hx509 error code.
+ *
+ * @ingroup hx509_keyset
+ */
+
+int
+hx509_certs_info(hx509_context context,
+ hx509_certs certs,
+ int (*func)(void *, const char *),
+ void *ctx)
+{
+ if (func == NULL) {
+ func = certs_info_stdio;
+ if (ctx == NULL)
+ ctx = stdout;
+ }
+ if (certs->ops->printinfo == NULL) {
+ (*func)(ctx, "No info function for certs");
+ return 0;
+ }
+ return (*certs->ops->printinfo)(context, certs, certs->ops_data,
+ func, ctx);
+}
+
+void
+_hx509_pi_printf(int (*func)(void *, const char *), void *ctx,
+ const char *fmt, ...)
+{
+ va_list ap;
+ char *str;
+
+ va_start(ap, fmt);
+ vasprintf(&str, fmt, ap);
+ va_end(ap);
+ if (str == NULL)
+ return;
+ (*func)(ctx, str);
+ free(str);
+}
+
+int
+_hx509_certs_keys_get(hx509_context context,
+ hx509_certs certs,
+ hx509_private_key **keys)
+{
+ if (certs->ops->getkeys == NULL) {
+ *keys = NULL;
+ return 0;
+ }
+ return (*certs->ops->getkeys)(context, certs, certs->ops_data, keys);
+}
+
+int
+_hx509_certs_keys_add(hx509_context context,
+ hx509_certs certs,
+ hx509_private_key key)
+{
+ if (certs->ops->addkey == NULL) {
+ hx509_set_error_string(context, 0, EINVAL,
+ "keystore if type %s doesn't support "
+ "key add operation",
+ certs->ops->name);
+ return EINVAL;
+ }
+ return (*certs->ops->addkey)(context, certs, certs->ops_data, key);
+}
+
+
+void
+_hx509_certs_keys_free(hx509_context context,
+ hx509_private_key *keys)
+{
+ int i;
+ for (i = 0; keys[i]; i++)
+ _hx509_private_key_free(&keys[i]);
+ free(keys);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_dir.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_dir.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_dir.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: ks_dir.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#include <dirent.h>
+
+/*
+ * The DIR keyset module is strange compared to the other modules
+ * since it does lazy evaluation and really doesn't keep any local
+ * state except for the directory iteration and cert iteration of
+ * files. DIR ignores most errors so that the consumer doesn't get
+ * failes for stray files in directories.
+ */
+
+struct dircursor {
+ DIR *dir;
+ hx509_certs certs;
+ void *iter;
+};
+
+/*
+ *
+ */
+
+static int
+dir_init(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ *data = NULL;
+
+ {
+ struct stat sb;
+ int ret;
+
+ ret = stat(residue, &sb);
+ if (ret == -1) {
+ hx509_set_error_string(context, 0, ENOENT,
+ "No such file %s", residue);
+ return ENOENT;
+ }
+
+ if ((sb.st_mode & S_IFDIR) == 0) {
+ hx509_set_error_string(context, 0, ENOTDIR,
+ "%s is not a directory", residue);
+ return ENOTDIR;
+ }
+ }
+
+ *data = strdup(residue);
+ if (*data == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
+static int
+dir_free(hx509_certs certs, void *data)
+{
+ free(data);
+ return 0;
+}
+
+
+
+static int
+dir_iter_start(hx509_context context,
+ hx509_certs certs, void *data, void **cursor)
+{
+ struct dircursor *d;
+
+ *cursor = NULL;
+
+ d = calloc(1, sizeof(*d));
+ if (d == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ d->dir = opendir(data);
+ if (d->dir == NULL) {
+ hx509_clear_error_string(context);
+ free(d);
+ return errno;
+ }
+ d->certs = NULL;
+ d->iter = NULL;
+
+ *cursor = d;
+ return 0;
+}
+
+static int
+dir_iter(hx509_context context,
+ hx509_certs certs, void *data, void *iter, hx509_cert *cert)
+{
+ struct dircursor *d = iter;
+ int ret = 0;
+
+ *cert = NULL;
+
+ do {
+ struct dirent *dir;
+ char *fn;
+
+ if (d->certs) {
+ ret = hx509_certs_next_cert(context, d->certs, d->iter, cert);
+ if (ret) {
+ hx509_certs_end_seq(context, d->certs, d->iter);
+ d->iter = NULL;
+ hx509_certs_free(&d->certs);
+ return ret;
+ }
+ if (*cert) {
+ ret = 0;
+ break;
+ }
+ hx509_certs_end_seq(context, d->certs, d->iter);
+ d->iter = NULL;
+ hx509_certs_free(&d->certs);
+ }
+
+ dir = readdir(d->dir);
+ if (dir == NULL) {
+ ret = 0;
+ break;
+ }
+ if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0)
+ continue;
+
+ if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1)
+ return ENOMEM;
+
+ ret = hx509_certs_init(context, fn, 0, NULL, &d->certs);
+ if (ret == 0) {
+
+ ret = hx509_certs_start_seq(context, d->certs, &d->iter);
+ if (ret)
+ hx509_certs_free(&d->certs);
+ }
+ /* ignore errors */
+ if (ret) {
+ d->certs = NULL;
+ ret = 0;
+ }
+
+ free(fn);
+ } while(ret == 0);
+
+ return ret;
+}
+
+
+static int
+dir_iter_end(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor)
+{
+ struct dircursor *d = cursor;
+
+ if (d->certs) {
+ hx509_certs_end_seq(context, d->certs, d->iter);
+ d->iter = NULL;
+ hx509_certs_free(&d->certs);
+ }
+ closedir(d->dir);
+ free(d);
+ return 0;
+}
+
+
+static struct hx509_keyset_ops keyset_dir = {
+ "DIR",
+ 0,
+ dir_init,
+ NULL,
+ dir_free,
+ NULL,
+ NULL,
+ dir_iter_start,
+ dir_iter,
+ dir_iter_end
+};
+
+void
+_hx509_ks_dir_register(hx509_context context)
+{
+ _hx509_ks_register(context, &keyset_dir);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_file.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_file.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_file.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,643 @@
+/*
+ * Copyright (c) 2005 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: ks_file.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+typedef enum { USE_PEM, USE_DER } outformat;
+
+struct ks_file {
+ hx509_certs certs;
+ char *fn;
+ outformat format;
+};
+
+/*
+ *
+ */
+
+static int
+parse_certificate(hx509_context context, const char *fn,
+ struct hx509_collector *c,
+ const hx509_pem_header *headers,
+ const void *data, size_t len)
+{
+ hx509_cert cert;
+ int ret;
+
+ ret = hx509_cert_init_data(context, data, len, &cert);
+ if (ret)
+ return ret;
+
+ ret = _hx509_collector_certs_add(context, c, cert);
+ hx509_cert_free(cert);
+ return ret;
+}
+
+static int
+try_decrypt(hx509_context context,
+ struct hx509_collector *collector,
+ const AlgorithmIdentifier *alg,
+ const EVP_CIPHER *c,
+ const void *ivdata,
+ const void *password,
+ size_t passwordlen,
+ const void *cipher,
+ size_t len)
+{
+ heim_octet_string clear;
+ size_t keylen;
+ void *key;
+ int ret;
+
+ keylen = EVP_CIPHER_key_length(c);
+
+ key = malloc(keylen);
+ if (key == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ ret = EVP_BytesToKey(c, EVP_md5(), ivdata,
+ password, passwordlen,
+ 1, key, NULL);
+ if (ret <= 0) {
+ hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR,
+ "Failed to do string2key for private key");
+ return HX509_CRYPTO_INTERNAL_ERROR;
+ }
+
+ clear.data = malloc(len);
+ if (clear.data == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM,
+ "Out of memory to decrypt for private key");
+ ret = ENOMEM;
+ goto out;
+ }
+ clear.length = len;
+
+ {
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0);
+ EVP_Cipher(&ctx, clear.data, cipher, len);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+
+ ret = _hx509_collector_private_key_add(context,
+ collector,
+ alg,
+ NULL,
+ &clear,
+ NULL);
+
+ memset(clear.data, 0, clear.length);
+ free(clear.data);
+out:
+ memset(key, 0, keylen);
+ free(key);
+ return ret;
+}
+
+static int
+parse_rsa_private_key(hx509_context context, const char *fn,
+ struct hx509_collector *c,
+ const hx509_pem_header *headers,
+ const void *data, size_t len)
+{
+ int ret = 0;
+ const char *enc;
+
+ enc = hx509_pem_find_header(headers, "Proc-Type");
+ if (enc) {
+ const char *dek;
+ char *type, *iv;
+ ssize_t ssize, size;
+ void *ivdata;
+ const EVP_CIPHER *cipher;
+ const struct _hx509_password *pw;
+ hx509_lock lock;
+ int i, decrypted = 0;
+
+ lock = _hx509_collector_get_lock(c);
+ if (lock == NULL) {
+ hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
+ "Failed to get password for "
+ "password protected file %s", fn);
+ return HX509_ALG_NOT_SUPP;
+ }
+
+ if (strcmp(enc, "4,ENCRYPTED") != 0) {
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "RSA key encrypted in unknown method %s "
+ "in file",
+ enc, fn);
+ hx509_clear_error_string(context);
+ return HX509_PARSING_KEY_FAILED;
+ }
+
+ dek = hx509_pem_find_header(headers, "DEK-Info");
+ if (dek == NULL) {
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "Encrypted RSA missing DEK-Info");
+ return HX509_PARSING_KEY_FAILED;
+ }
+
+ type = strdup(dek);
+ if (type == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ iv = strchr(type, ',');
+ if (iv == NULL) {
+ free(type);
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "IV missing");
+ return HX509_PARSING_KEY_FAILED;
+ }
+
+ *iv++ = '\0';
+
+ size = strlen(iv);
+ ivdata = malloc(size);
+ if (ivdata == NULL) {
+ hx509_clear_error_string(context);
+ free(type);
+ return ENOMEM;
+ }
+
+ cipher = EVP_get_cipherbyname(type);
+ if (cipher == NULL) {
+ free(ivdata);
+ hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
+ "RSA key encrypted with "
+ "unsupported cipher: %s",
+ type);
+ free(type);
+ return HX509_ALG_NOT_SUPP;
+ }
+
+#define PKCS5_SALT_LEN 8
+
+ ssize = hex_decode(iv, ivdata, size);
+ free(type);
+ type = NULL;
+ iv = NULL;
+
+ if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) {
+ free(ivdata);
+ hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
+ "Salt have wrong length in RSA key file");
+ return HX509_PARSING_KEY_FAILED;
+ }
+
+ pw = _hx509_lock_get_passwords(lock);
+ if (pw != NULL) {
+ const void *password;
+ size_t passwordlen;
+
+ for (i = 0; i < pw->len; i++) {
+ password = pw->val[i];
+ passwordlen = strlen(password);
+
+ ret = try_decrypt(context, c, hx509_signature_rsa(),
+ cipher, ivdata, password, passwordlen,
+ data, len);
+ if (ret == 0) {
+ decrypted = 1;
+ break;
+ }
+ }
+ }
+ if (!decrypted) {
+ hx509_prompt prompt;
+ char password[128];
+
+ memset(&prompt, 0, sizeof(prompt));
+
+ prompt.prompt = "Password for keyfile: ";
+ prompt.type = HX509_PROMPT_TYPE_PASSWORD;
+ prompt.reply.data = password;
+ prompt.reply.length = sizeof(password);
+
+ ret = hx509_lock_prompt(lock, &prompt);
+ if (ret == 0)
+ ret = try_decrypt(context, c, hx509_signature_rsa(),
+ cipher, ivdata, password, strlen(password),
+ data, len);
+ /* XXX add password to lock password collection ? */
+ memset(password, 0, sizeof(password));
+ }
+ free(ivdata);
+
+ } else {
+ heim_octet_string keydata;
+
+ keydata.data = rk_UNCONST(data);
+ keydata.length = len;
+
+ ret = _hx509_collector_private_key_add(context,
+ c,
+ hx509_signature_rsa(),
+ NULL,
+ &keydata,
+ NULL);
+ }
+
+ return ret;
+}
+
+
+struct pem_formats {
+ const char *name;
+ int (*func)(hx509_context, const char *, struct hx509_collector *,
+ const hx509_pem_header *, const void *, size_t);
+} formats[] = {
+ { "CERTIFICATE", parse_certificate },
+ { "RSA PRIVATE KEY", parse_rsa_private_key }
+};
+
+
+struct pem_ctx {
+ int flags;
+ struct hx509_collector *c;
+};
+
+static int
+pem_func(hx509_context context, const char *type,
+ const hx509_pem_header *header,
+ const void *data, size_t len, void *ctx)
+{
+ struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
+ int ret = 0, j;
+
+ for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
+ const char *q = formats[j].name;
+ if (strcasecmp(type, q) == 0) {
+ ret = (*formats[j].func)(context, NULL, pem_ctx->c, header, data, len);
+ if (ret == 0)
+ break;
+ }
+ }
+ if (j == sizeof(formats)/sizeof(formats[0])) {
+ ret = HX509_UNSUPPORTED_OPERATION;
+ hx509_set_error_string(context, 0, ret,
+ "Found no matching PEM format for %s", type);
+ return ret;
+ }
+ if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL))
+ return ret;
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+file_init_common(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock, outformat format)
+{
+ char *p, *pnext;
+ struct ks_file *f = NULL;
+ hx509_private_key *keys = NULL;
+ int ret;
+ struct pem_ctx pem_ctx;
+
+ pem_ctx.flags = flags;
+ pem_ctx.c = NULL;
+
+ *data = NULL;
+
+ if (lock == NULL)
+ lock = _hx509_empty_lock;
+
+ f = calloc(1, sizeof(*f));
+ if (f == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ f->format = format;
+
+ f->fn = strdup(residue);
+ if (f->fn == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ /*
+ * XXX this is broken, the function should parse the file before
+ * overwriting it
+ */
+
+ if (flags & HX509_CERTS_CREATE) {
+ ret = hx509_certs_init(context, "MEMORY:ks-file-create",
+ 0, lock, &f->certs);
+ if (ret)
+ goto out;
+ *data = f;
+ return 0;
+ }
+
+ ret = _hx509_collector_alloc(context, lock, &pem_ctx.c);
+ if (ret)
+ goto out;
+
+ for (p = f->fn; p != NULL; p = pnext) {
+ FILE *f;
+
+ pnext = strchr(p, ',');
+ if (pnext)
+ *pnext++ = '\0';
+
+
+ if ((f = fopen(p, "r")) == NULL) {
+ ret = ENOENT;
+ hx509_set_error_string(context, 0, ret,
+ "Failed to open PEM file \"%s\": %s",
+ p, strerror(errno));
+ goto out;
+ }
+
+ ret = hx509_pem_read(context, f, pem_func, &pem_ctx);
+ fclose(f);
+ if (ret != 0 && ret != HX509_PARSING_KEY_FAILED)
+ goto out;
+ else if (ret == HX509_PARSING_KEY_FAILED) {
+ size_t length;
+ void *ptr;
+ int i;
+
+ ret = _hx509_map_file(p, &ptr, &length, NULL);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) {
+ ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length);
+ if (ret == 0)
+ break;
+ }
+ _hx509_unmap_file(ptr, length);
+ if (ret)
+ goto out;
+ }
+ }
+
+ ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs);
+ if (ret)
+ goto out;
+
+ ret = _hx509_collector_collect_private_keys(context, pem_ctx.c, &keys);
+ if (ret == 0) {
+ int i;
+
+ for (i = 0; keys[i]; i++)
+ _hx509_certs_keys_add(context, f->certs, keys[i]);
+ _hx509_certs_keys_free(context, keys);
+ }
+
+out:
+ if (ret == 0)
+ *data = f;
+ else {
+ if (f->fn)
+ free(f->fn);
+ free(f);
+ }
+ if (pem_ctx.c)
+ _hx509_collector_free(pem_ctx.c);
+
+ return ret;
+}
+
+static int
+file_init_pem(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ return file_init_common(context, certs, data, flags, residue, lock, USE_PEM);
+}
+
+static int
+file_init_der(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ return file_init_common(context, certs, data, flags, residue, lock, USE_DER);
+}
+
+static int
+file_free(hx509_certs certs, void *data)
+{
+ struct ks_file *f = data;
+ hx509_certs_free(&f->certs);
+ free(f->fn);
+ free(f);
+ return 0;
+}
+
+struct store_ctx {
+ FILE *f;
+ outformat format;
+};
+
+static int
+store_func(hx509_context context, void *ctx, hx509_cert c)
+{
+ struct store_ctx *sc = ctx;
+ heim_octet_string data;
+ int ret;
+
+ ret = hx509_cert_binary(context, c, &data);
+ if (ret)
+ return ret;
+
+ switch (sc->format) {
+ case USE_DER:
+ fwrite(data.data, data.length, 1, sc->f);
+ free(data.data);
+ break;
+ case USE_PEM:
+ hx509_pem_write(context, "CERTIFICATE", NULL, sc->f,
+ data.data, data.length);
+ free(data.data);
+ if (_hx509_cert_private_key_exportable(c)) {
+ hx509_private_key key = _hx509_cert_private_key(c);
+ ret = _hx509_private_key_export(context, key, &data);
+ if (ret)
+ break;
+ hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f,
+ data.data, data.length);
+ free(data.data);
+ }
+ break;
+ }
+
+ return 0;
+}
+
+static int
+file_store(hx509_context context,
+ hx509_certs certs, void *data, int flags, hx509_lock lock)
+{
+ struct ks_file *f = data;
+ struct store_ctx sc;
+ int ret;
+
+ sc.f = fopen(f->fn, "w");
+ if (sc.f == NULL) {
+ hx509_set_error_string(context, 0, ENOENT,
+ "Failed to open file %s for writing");
+ return ENOENT;
+ }
+ sc.format = f->format;
+
+ ret = hx509_certs_iter(context, f->certs, store_func, &sc);
+ fclose(sc.f);
+ return ret;
+}
+
+static int
+file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
+{
+ struct ks_file *f = data;
+ return hx509_certs_add(context, f->certs, c);
+}
+
+static int
+file_iter_start(hx509_context context,
+ hx509_certs certs, void *data, void **cursor)
+{
+ struct ks_file *f = data;
+ return hx509_certs_start_seq(context, f->certs, cursor);
+}
+
+static int
+file_iter(hx509_context context,
+ hx509_certs certs, void *data, void *iter, hx509_cert *cert)
+{
+ struct ks_file *f = data;
+ return hx509_certs_next_cert(context, f->certs, iter, cert);
+}
+
+static int
+file_iter_end(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor)
+{
+ struct ks_file *f = data;
+ return hx509_certs_end_seq(context, f->certs, cursor);
+}
+
+static int
+file_getkeys(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ hx509_private_key **keys)
+{
+ struct ks_file *f = data;
+ return _hx509_certs_keys_get(context, f->certs, keys);
+}
+
+static int
+file_addkey(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ hx509_private_key key)
+{
+ struct ks_file *f = data;
+ return _hx509_certs_keys_add(context, f->certs, key);
+}
+
+static struct hx509_keyset_ops keyset_file = {
+ "FILE",
+ 0,
+ file_init_pem,
+ file_store,
+ file_free,
+ file_add,
+ NULL,
+ file_iter_start,
+ file_iter,
+ file_iter_end,
+ NULL,
+ file_getkeys,
+ file_addkey
+};
+
+static struct hx509_keyset_ops keyset_pemfile = {
+ "PEM-FILE",
+ 0,
+ file_init_pem,
+ file_store,
+ file_free,
+ file_add,
+ NULL,
+ file_iter_start,
+ file_iter,
+ file_iter_end,
+ NULL,
+ file_getkeys,
+ file_addkey
+};
+
+static struct hx509_keyset_ops keyset_derfile = {
+ "DER-FILE",
+ 0,
+ file_init_der,
+ file_store,
+ file_free,
+ file_add,
+ NULL,
+ file_iter_start,
+ file_iter,
+ file_iter_end,
+ NULL,
+ file_getkeys,
+ file_addkey
+};
+
+
+void
+_hx509_ks_file_register(hx509_context context)
+{
+ _hx509_ks_register(context, &keyset_file);
+ _hx509_ks_register(context, &keyset_pemfile);
+ _hx509_ks_register(context, &keyset_derfile);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_keychain.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_keychain.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_keychain.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,548 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: ks_keychain.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifdef HAVE_FRAMEWORK_SECURITY
+
+#include <Security/Security.h>
+
+/* Missing function decls in pre Leopard */
+#ifdef NEED_SECKEYGETCSPHANDLE_PROTO
+OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
+OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
+ int, const CSSM_ACCESS_CREDENTIALS **);
+#define kSecCredentialTypeDefault 0
+#endif
+
+
+static int
+getAttribute(SecKeychainItemRef itemRef, SecItemAttr item,
+ SecKeychainAttributeList **attrs)
+{
+ SecKeychainAttributeInfo attrInfo;
+ UInt32 attrFormat = 0;
+ OSStatus ret;
+
+ *attrs = NULL;
+
+ attrInfo.count = 1;
+ attrInfo.tag = &item;
+ attrInfo.format = &attrFormat;
+
+ ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
+ attrs, NULL, NULL);
+ if (ret)
+ return EINVAL;
+ return 0;
+}
+
+
+/*
+ *
+ */
+
+struct kc_rsa {
+ SecKeychainItemRef item;
+ size_t keysize;
+};
+
+
+static int
+kc_rsa_public_encrypt(int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa,
+ int padding)
+{
+ return -1;
+}
+
+static int
+kc_rsa_public_decrypt(int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa,
+ int padding)
+{
+ return -1;
+}
+
+
+static int
+kc_rsa_private_encrypt(int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa,
+ int padding)
+{
+ struct kc_rsa *kc = RSA_get_app_data(rsa);
+
+ CSSM_RETURN cret;
+ OSStatus ret;
+ const CSSM_ACCESS_CREDENTIALS *creds;
+ SecKeyRef privKeyRef = (SecKeyRef)kc->item;
+ CSSM_CSP_HANDLE cspHandle;
+ const CSSM_KEY *cssmKey;
+ CSSM_CC_HANDLE sigHandle = 0;
+ CSSM_DATA sig, in;
+ int fret = 0;
+
+
+ cret = SecKeyGetCSSMKey(privKeyRef, &cssmKey);
+ if(cret) abort();
+
+ cret = SecKeyGetCSPHandle(privKeyRef, &cspHandle);
+ if(cret) abort();
+
+ ret = SecKeyGetCredentials(privKeyRef, CSSM_ACL_AUTHORIZATION_SIGN,
+ kSecCredentialTypeDefault, &creds);
+ if(ret) abort();
+
+ ret = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA,
+ creds, cssmKey, &sigHandle);
+ if(ret) abort();
+
+ in.Data = (uint8 *)from;
+ in.Length = flen;
+
+ sig.Data = (uint8 *)to;
+ sig.Length = kc->keysize;
+
+ cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig);
+ if(cret) {
+ /* cssmErrorString(cret); */
+ fret = -1;
+ } else
+ fret = sig.Length;
+
+ if(sigHandle)
+ CSSM_DeleteContext(sigHandle);
+
+ return fret;
+}
+
+static int
+kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA * rsa, int padding)
+{
+ return -1;
+}
+
+static int
+kc_rsa_init(RSA *rsa)
+{
+ return 1;
+}
+
+static int
+kc_rsa_finish(RSA *rsa)
+{
+ struct kc_rsa *kc_rsa = RSA_get_app_data(rsa);
+ CFRelease(kc_rsa->item);
+ memset(kc_rsa, 0, sizeof(*kc_rsa));
+ free(kc_rsa);
+ return 1;
+}
+
+static const RSA_METHOD kc_rsa_pkcs1_method = {
+ "hx509 Keychain PKCS#1 RSA",
+ kc_rsa_public_encrypt,
+ kc_rsa_public_decrypt,
+ kc_rsa_private_encrypt,
+ kc_rsa_private_decrypt,
+ NULL,
+ NULL,
+ kc_rsa_init,
+ kc_rsa_finish,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+
+static int
+set_private_key(hx509_context context,
+ SecKeychainItemRef itemRef,
+ hx509_cert cert)
+{
+ struct kc_rsa *kc;
+ hx509_private_key key;
+ RSA *rsa;
+ int ret;
+
+ ret = _hx509_private_key_init(&key, NULL, NULL);
+ if (ret)
+ return ret;
+
+ kc = calloc(1, sizeof(*kc));
+ if (kc == NULL)
+ _hx509_abort("out of memory");
+
+ kc->item = itemRef;
+
+ rsa = RSA_new();
+ if (rsa == NULL)
+ _hx509_abort("out of memory");
+
+ /* Argh, fake modulus since OpenSSL API is on crack */
+ {
+ SecKeychainAttributeList *attrs = NULL;
+ uint32_t size;
+ void *data;
+
+ rsa->n = BN_new();
+ if (rsa->n == NULL) abort();
+
+ ret = getAttribute(itemRef, kSecKeyKeySizeInBits, &attrs);
+ if (ret) abort();
+
+ size = *(uint32_t *)attrs->attr[0].data;
+ SecKeychainItemFreeAttributesAndData(attrs, NULL);
+
+ kc->keysize = (size + 7) / 8;
+
+ data = malloc(kc->keysize);
+ memset(data, 0xe0, kc->keysize);
+ BN_bin2bn(data, kc->keysize, rsa->n);
+ free(data);
+ }
+ rsa->e = NULL;
+
+ RSA_set_method(rsa, &kc_rsa_pkcs1_method);
+ ret = RSA_set_app_data(rsa, kc);
+ if (ret != 1)
+ _hx509_abort("RSA_set_app_data");
+
+ _hx509_private_key_assign_rsa(key, rsa);
+ _hx509_cert_assign_key(cert, key);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+struct ks_keychain {
+ int anchors;
+ SecKeychainRef keychain;
+};
+
+static int
+keychain_init(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ struct ks_keychain *ctx;
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ if (residue) {
+ if (strcasecmp(residue, "system-anchors") == 0) {
+ ctx->anchors = 1;
+ } else if (strncasecmp(residue, "FILE:", 5) == 0) {
+ OSStatus ret;
+
+ ret = SecKeychainOpen(residue + 5, &ctx->keychain);
+ if (ret != noErr) {
+ hx509_set_error_string(context, 0, ENOENT,
+ "Failed to open %s", residue);
+ return ENOENT;
+ }
+ } else {
+ hx509_set_error_string(context, 0, ENOENT,
+ "Unknown subtype %s", residue);
+ return ENOENT;
+ }
+ }
+
+ *data = ctx;
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+keychain_free(hx509_certs certs, void *data)
+{
+ struct ks_keychain *ctx = data;
+ if (ctx->keychain)
+ CFRelease(ctx->keychain);
+ memset(ctx, 0, sizeof(*ctx));
+ free(ctx);
+ return 0;
+}
+
+/*
+ *
+ */
+
+struct iter {
+ hx509_certs certs;
+ void *cursor;
+ SecKeychainSearchRef searchRef;
+};
+
+static int
+keychain_iter_start(hx509_context context,
+ hx509_certs certs, void *data, void **cursor)
+{
+ struct ks_keychain *ctx = data;
+ struct iter *iter;
+
+ iter = calloc(1, sizeof(*iter));
+ if (iter == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ if (ctx->anchors) {
+ CFArrayRef anchors;
+ int ret;
+ int i;
+
+ ret = hx509_certs_init(context, "MEMORY:ks-file-create",
+ 0, NULL, &iter->certs);
+ if (ret) {
+ free(iter);
+ return ret;
+ }
+
+ ret = SecTrustCopyAnchorCertificates(&anchors);
+ if (ret != 0) {
+ hx509_certs_free(&iter->certs);
+ free(iter);
+ hx509_set_error_string(context, 0, ENOMEM,
+ "Can't get trust anchors from Keychain");
+ return ENOMEM;
+ }
+ for (i = 0; i < CFArrayGetCount(anchors); i++) {
+ SecCertificateRef cr;
+ hx509_cert cert;
+ CSSM_DATA cssm;
+
+ cr = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
+
+ SecCertificateGetData(cr, &cssm);
+
+ ret = hx509_cert_init_data(context, cssm.Data, cssm.Length, &cert);
+ if (ret)
+ continue;
+
+ ret = hx509_certs_add(context, iter->certs, cert);
+ hx509_cert_free(cert);
+ }
+ CFRelease(anchors);
+ }
+
+ if (iter->certs) {
+ int ret;
+ ret = hx509_certs_start_seq(context, iter->certs, &iter->cursor);
+ if (ret) {
+ hx509_certs_free(&iter->certs);
+ free(iter);
+ return ret;
+ }
+ } else {
+ OSStatus ret;
+
+ ret = SecKeychainSearchCreateFromAttributes(ctx->keychain,
+ kSecCertificateItemClass,
+ NULL,
+ &iter->searchRef);
+ if (ret) {
+ free(iter);
+ hx509_set_error_string(context, 0, ret,
+ "Failed to start search for attributes");
+ return ENOMEM;
+ }
+ }
+
+ *cursor = iter;
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+keychain_iter(hx509_context context,
+ hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
+{
+ SecKeychainAttributeList *attrs = NULL;
+ SecKeychainAttributeInfo attrInfo;
+ UInt32 attrFormat[1] = { 0 };
+ SecKeychainItemRef itemRef;
+ SecItemAttr item[1];
+ struct iter *iter = cursor;
+ OSStatus ret;
+ UInt32 len;
+ void *ptr = NULL;
+
+ if (iter->certs)
+ return hx509_certs_next_cert(context, iter->certs, iter->cursor, cert);
+
+ *cert = NULL;
+
+ ret = SecKeychainSearchCopyNext(iter->searchRef, &itemRef);
+ if (ret == errSecItemNotFound)
+ return 0;
+ else if (ret != 0)
+ return EINVAL;
+
+ /*
+ * Pick out certificate and matching "keyid"
+ */
+
+ item[0] = kSecPublicKeyHashItemAttr;
+
+ attrInfo.count = 1;
+ attrInfo.tag = item;
+ attrInfo.format = attrFormat;
+
+ ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL,
+ &attrs, &len, &ptr);
+ if (ret)
+ return EINVAL;
+
+ ret = hx509_cert_init_data(context, ptr, len, cert);
+ if (ret)
+ goto out;
+
+ /*
+ * Find related private key if there is one by looking at
+ * kSecPublicKeyHashItemAttr == kSecKeyLabel
+ */
+ {
+ SecKeychainSearchRef search;
+ SecKeychainAttribute attrKeyid;
+ SecKeychainAttributeList attrList;
+
+ attrKeyid.tag = kSecKeyLabel;
+ attrKeyid.length = attrs->attr[0].length;
+ attrKeyid.data = attrs->attr[0].data;
+
+ attrList.count = 1;
+ attrList.attr = &attrKeyid;
+
+ ret = SecKeychainSearchCreateFromAttributes(NULL,
+ CSSM_DL_DB_RECORD_PRIVATE_KEY,
+ &attrList,
+ &search);
+ if (ret) {
+ ret = 0;
+ goto out;
+ }
+
+ ret = SecKeychainSearchCopyNext(search, &itemRef);
+ CFRelease(search);
+ if (ret == errSecItemNotFound) {
+ ret = 0;
+ goto out;
+ } else if (ret) {
+ ret = EINVAL;
+ goto out;
+ }
+ set_private_key(context, itemRef, *cert);
+ }
+
+out:
+ SecKeychainItemFreeAttributesAndData(attrs, ptr);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+static int
+keychain_iter_end(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor)
+{
+ struct iter *iter = cursor;
+
+ if (iter->certs) {
+ int ret;
+ ret = hx509_certs_end_seq(context, iter->certs, iter->cursor);
+ hx509_certs_free(&iter->certs);
+ } else {
+ CFRelease(iter->searchRef);
+ }
+
+ memset(iter, 0, sizeof(*iter));
+ free(iter);
+ return 0;
+}
+
+/*
+ *
+ */
+
+struct hx509_keyset_ops keyset_keychain = {
+ "KEYCHAIN",
+ 0,
+ keychain_init,
+ NULL,
+ keychain_free,
+ NULL,
+ NULL,
+ keychain_iter_start,
+ keychain_iter,
+ keychain_iter_end
+};
+
+#endif /* HAVE_FRAMEWORK_SECURITY */
+
+/*
+ *
+ */
+
+void
+_hx509_ks_keychain_register(hx509_context context)
+{
+#ifdef HAVE_FRAMEWORK_SECURITY
+ _hx509_ks_register(context, &keyset_keychain);
+#endif
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_mem.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_mem.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_mem.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("Id$");
+
+/*
+ * Should use two hash/tree certificates intead of a array. Criteria
+ * should be subject and subjectKeyIdentifier since those two are
+ * commonly seached on in CMS and path building.
+ */
+
+struct mem_data {
+ char *name;
+ struct {
+ unsigned long len;
+ hx509_cert *val;
+ } certs;
+ hx509_private_key *keys;
+};
+
+static int
+mem_init(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ struct mem_data *mem;
+ mem = calloc(1, sizeof(*mem));
+ if (mem == NULL)
+ return ENOMEM;
+ if (residue == NULL || residue[0] == '\0')
+ residue = "anonymous";
+ mem->name = strdup(residue);
+ if (mem->name == NULL) {
+ free(mem);
+ return ENOMEM;
+ }
+ *data = mem;
+ return 0;
+}
+
+static int
+mem_free(hx509_certs certs, void *data)
+{
+ struct mem_data *mem = data;
+ unsigned long i;
+
+ for (i = 0; i < mem->certs.len; i++)
+ hx509_cert_free(mem->certs.val[i]);
+ free(mem->certs.val);
+ for (i = 0; mem->keys && mem->keys[i]; i++)
+ _hx509_private_key_free(&mem->keys[i]);
+ free(mem->keys);
+ free(mem->name);
+ free(mem);
+
+ return 0;
+}
+
+static int
+mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
+{
+ struct mem_data *mem = data;
+ hx509_cert *val;
+
+ val = realloc(mem->certs.val,
+ (mem->certs.len + 1) * sizeof(mem->certs.val[0]));
+ if (val == NULL)
+ return ENOMEM;
+
+ mem->certs.val = val;
+ mem->certs.val[mem->certs.len] = hx509_cert_ref(c);
+ mem->certs.len++;
+
+ return 0;
+}
+
+static int
+mem_iter_start(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void **cursor)
+{
+ unsigned long *iter = malloc(sizeof(*iter));
+
+ if (iter == NULL)
+ return ENOMEM;
+
+ *iter = 0;
+ *cursor = iter;
+
+ return 0;
+}
+
+static int
+mem_iter(hx509_context contexst,
+ hx509_certs certs,
+ void *data,
+ void *cursor,
+ hx509_cert *cert)
+{
+ unsigned long *iter = cursor;
+ struct mem_data *mem = data;
+
+ if (*iter >= mem->certs.len) {
+ *cert = NULL;
+ return 0;
+ }
+
+ *cert = hx509_cert_ref(mem->certs.val[*iter]);
+ (*iter)++;
+ return 0;
+}
+
+static int
+mem_iter_end(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor)
+{
+ free(cursor);
+ return 0;
+}
+
+static int
+mem_getkeys(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ hx509_private_key **keys)
+{
+ struct mem_data *mem = data;
+ int i;
+
+ for (i = 0; mem->keys && mem->keys[i]; i++)
+ ;
+ *keys = calloc(i + 1, sizeof(**keys));
+ for (i = 0; mem->keys && mem->keys[i]; i++) {
+ (*keys)[i] = _hx509_private_key_ref(mem->keys[i]);
+ if ((*keys)[i] == NULL) {
+ while (--i >= 0)
+ _hx509_private_key_free(&(*keys)[i]);
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ }
+ (*keys)[i] = NULL;
+ return 0;
+}
+
+static int
+mem_addkey(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ hx509_private_key key)
+{
+ struct mem_data *mem = data;
+ void *ptr;
+ int i;
+
+ for (i = 0; mem->keys && mem->keys[i]; i++)
+ ;
+ ptr = realloc(mem->keys, (i + 2) * sizeof(*mem->keys));
+ if (ptr == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ mem->keys = ptr;
+ mem->keys[i++] = _hx509_private_key_ref(key);
+ mem->keys[i++] = NULL;
+ return 0;
+}
+
+
+static struct hx509_keyset_ops keyset_mem = {
+ "MEMORY",
+ 0,
+ mem_init,
+ NULL,
+ mem_free,
+ mem_add,
+ NULL,
+ mem_iter_start,
+ mem_iter,
+ mem_iter_end,
+ NULL,
+ mem_getkeys,
+ mem_addkey
+};
+
+void
+_hx509_ks_mem_register(hx509_context context)
+{
+ _hx509_ks_register(context, &keyset_mem);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_null.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_null.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_null.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: ks_null.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+
+static int
+null_init(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ *data = NULL;
+ return 0;
+}
+
+static int
+null_free(hx509_certs certs, void *data)
+{
+ assert(data == NULL);
+ return 0;
+}
+
+static int
+null_iter_start(hx509_context context,
+ hx509_certs certs, void *data, void **cursor)
+{
+ *cursor = NULL;
+ return 0;
+}
+
+static int
+null_iter(hx509_context context,
+ hx509_certs certs, void *data, void *iter, hx509_cert *cert)
+{
+ *cert = NULL;
+ return ENOENT;
+}
+
+static int
+null_iter_end(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor)
+{
+ assert(cursor == NULL);
+ return 0;
+}
+
+
+struct hx509_keyset_ops keyset_null = {
+ "NULL",
+ 0,
+ null_init,
+ NULL,
+ null_free,
+ NULL,
+ NULL,
+ null_iter_start,
+ null_iter,
+ null_iter_end
+};
+
+void
+_hx509_ks_null_register(hx509_context context)
+{
+ _hx509_ks_register(context, &keyset_null);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_p11.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_p11.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_p11.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1192 @@
+/*
+ * Copyright (c) 2004 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: ks_p11.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#ifdef HAVE_DLOPEN
+
+#include "pkcs11.h"
+
+struct p11_slot {
+ int flags;
+#define P11_SESSION 1
+#define P11_SESSION_IN_USE 2
+#define P11_LOGIN_REQ 4
+#define P11_LOGIN_DONE 8
+#define P11_TOKEN_PRESENT 16
+ CK_SESSION_HANDLE session;
+ CK_SLOT_ID id;
+ CK_BBOOL token;
+ char *name;
+ hx509_certs certs;
+ char *pin;
+ struct {
+ CK_MECHANISM_TYPE_PTR list;
+ CK_ULONG num;
+ CK_MECHANISM_INFO_PTR *infos;
+ } mechs;
+};
+
+struct p11_module {
+ void *dl_handle;
+ CK_FUNCTION_LIST_PTR funcs;
+ CK_ULONG num_slots;
+ unsigned int refcount;
+ struct p11_slot *slot;
+};
+
+#define P11FUNC(module,f,args) (*(module)->funcs->C_##f)args
+
+static int p11_get_session(hx509_context,
+ struct p11_module *,
+ struct p11_slot *,
+ hx509_lock,
+ CK_SESSION_HANDLE *);
+static int p11_put_session(struct p11_module *,
+ struct p11_slot *,
+ CK_SESSION_HANDLE);
+static void p11_release_module(struct p11_module *);
+
+static int p11_list_keys(hx509_context,
+ struct p11_module *,
+ struct p11_slot *,
+ CK_SESSION_HANDLE,
+ hx509_lock,
+ hx509_certs *);
+
+/*
+ *
+ */
+
+struct p11_rsa {
+ struct p11_module *p;
+ struct p11_slot *slot;
+ CK_OBJECT_HANDLE private_key;
+ CK_OBJECT_HANDLE public_key;
+};
+
+static int
+p11_rsa_public_encrypt(int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa,
+ int padding)
+{
+ return -1;
+}
+
+static int
+p11_rsa_public_decrypt(int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa,
+ int padding)
+{
+ return -1;
+}
+
+
+static int
+p11_rsa_private_encrypt(int flen,
+ const unsigned char *from,
+ unsigned char *to,
+ RSA *rsa,
+ int padding)
+{
+ struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
+ CK_OBJECT_HANDLE key = p11rsa->private_key;
+ CK_SESSION_HANDLE session;
+ CK_MECHANISM mechanism;
+ CK_ULONG ck_sigsize;
+ int ret;
+
+ if (padding != RSA_PKCS1_PADDING)
+ return -1;
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = CKM_RSA_PKCS;
+
+ ck_sigsize = RSA_size(rsa);
+
+ ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session);
+ if (ret)
+ return -1;
+
+ ret = P11FUNC(p11rsa->p, SignInit, (session, &mechanism, key));
+ if (ret != CKR_OK) {
+ p11_put_session(p11rsa->p, p11rsa->slot, session);
+ return -1;
+ }
+
+ ret = P11FUNC(p11rsa->p, Sign,
+ (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
+ p11_put_session(p11rsa->p, p11rsa->slot, session);
+ if (ret != CKR_OK)
+ return -1;
+
+ return ck_sigsize;
+}
+
+static int
+p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA * rsa, int padding)
+{
+ struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
+ CK_OBJECT_HANDLE key = p11rsa->private_key;
+ CK_SESSION_HANDLE session;
+ CK_MECHANISM mechanism;
+ CK_ULONG ck_sigsize;
+ int ret;
+
+ if (padding != RSA_PKCS1_PADDING)
+ return -1;
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = CKM_RSA_PKCS;
+
+ ck_sigsize = RSA_size(rsa);
+
+ ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session);
+ if (ret)
+ return -1;
+
+ ret = P11FUNC(p11rsa->p, DecryptInit, (session, &mechanism, key));
+ if (ret != CKR_OK) {
+ p11_put_session(p11rsa->p, p11rsa->slot, session);
+ return -1;
+ }
+
+ ret = P11FUNC(p11rsa->p, Decrypt,
+ (session, (CK_BYTE *)from, flen, to, &ck_sigsize));
+ p11_put_session(p11rsa->p, p11rsa->slot, session);
+ if (ret != CKR_OK)
+ return -1;
+
+ return ck_sigsize;
+}
+
+static int
+p11_rsa_init(RSA *rsa)
+{
+ return 1;
+}
+
+static int
+p11_rsa_finish(RSA *rsa)
+{
+ struct p11_rsa *p11rsa = RSA_get_app_data(rsa);
+ p11_release_module(p11rsa->p);
+ free(p11rsa);
+ return 1;
+}
+
+static const RSA_METHOD p11_rsa_pkcs1_method = {
+ "hx509 PKCS11 PKCS#1 RSA",
+ p11_rsa_public_encrypt,
+ p11_rsa_public_decrypt,
+ p11_rsa_private_encrypt,
+ p11_rsa_private_decrypt,
+ NULL,
+ NULL,
+ p11_rsa_init,
+ p11_rsa_finish,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+
+/*
+ *
+ */
+
+static int
+p11_mech_info(hx509_context context,
+ struct p11_module *p,
+ struct p11_slot *slot,
+ int num)
+{
+ CK_ULONG i;
+ int ret;
+
+ ret = P11FUNC(p, GetMechanismList, (slot->id, NULL_PTR, &i));
+ if (ret) {
+ hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
+ "Failed to get mech list count for slot %d",
+ num);
+ return HX509_PKCS11_NO_MECH;
+ }
+ if (i == 0) {
+ hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
+ "no mech supported for slot %d", num);
+ return HX509_PKCS11_NO_MECH;
+ }
+ slot->mechs.list = calloc(i, sizeof(slot->mechs.list[0]));
+ if (slot->mechs.list == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM,
+ "out of memory");
+ return ENOMEM;
+ }
+ slot->mechs.num = i;
+ ret = P11FUNC(p, GetMechanismList, (slot->id, slot->mechs.list, &i));
+ if (ret) {
+ hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
+ "Failed to get mech list for slot %d",
+ num);
+ return HX509_PKCS11_NO_MECH;
+ }
+ assert(i == slot->mechs.num);
+
+ slot->mechs.infos = calloc(i, sizeof(*slot->mechs.infos));
+ if (slot->mechs.list == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM,
+ "out of memory");
+ return ENOMEM;
+ }
+
+ for (i = 0; i < slot->mechs.num; i++) {
+ slot->mechs.infos[i] = calloc(1, sizeof(*(slot->mechs.infos[0])));
+ if (slot->mechs.infos[i] == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM,
+ "out of memory");
+ return ENOMEM;
+ }
+ ret = P11FUNC(p, GetMechanismInfo, (slot->id, slot->mechs.list[i],
+ slot->mechs.infos[i]));
+ if (ret) {
+ hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH,
+ "Failed to get mech info for slot %d",
+ num);
+ return HX509_PKCS11_NO_MECH;
+ }
+ }
+
+ return 0;
+}
+
+static int
+p11_init_slot(hx509_context context,
+ struct p11_module *p,
+ hx509_lock lock,
+ CK_SLOT_ID id,
+ int num,
+ struct p11_slot *slot)
+{
+ CK_SESSION_HANDLE session;
+ CK_SLOT_INFO slot_info;
+ CK_TOKEN_INFO token_info;
+ int ret, i;
+
+ slot->certs = NULL;
+ slot->id = id;
+
+ ret = P11FUNC(p, GetSlotInfo, (slot->id, &slot_info));
+ if (ret) {
+ hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED,
+ "Failed to init PKCS11 slot %d",
+ num);
+ return HX509_PKCS11_TOKEN_CONFUSED;
+ }
+
+ for (i = sizeof(slot_info.slotDescription) - 1; i > 0; i--) {
+ char c = slot_info.slotDescription[i];
+ if (c == ' ' || c == '\t' || c == '\n' || c == '\r' || c == '\0')
+ continue;
+ i++;
+ break;
+ }
+
+ asprintf(&slot->name, "%.*s",
+ i, slot_info.slotDescription);
+
+ if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
+ return 0;
+
+ ret = P11FUNC(p, GetTokenInfo, (slot->id, &token_info));
+ if (ret) {
+ hx509_set_error_string(context, 0, HX509_PKCS11_NO_TOKEN,
+ "Failed to init PKCS11 slot %d "
+ "with error 0x08x",
+ num, ret);
+ return HX509_PKCS11_NO_TOKEN;
+ }
+ slot->flags |= P11_TOKEN_PRESENT;
+
+ if (token_info.flags & CKF_LOGIN_REQUIRED)
+ slot->flags |= P11_LOGIN_REQ;
+
+ ret = p11_get_session(context, p, slot, lock, &session);
+ if (ret)
+ return ret;
+
+ ret = p11_mech_info(context, p, slot, num);
+ if (ret)
+ goto out;
+
+ ret = p11_list_keys(context, p, slot, session, lock, &slot->certs);
+ out:
+ p11_put_session(p, slot, session);
+
+ return ret;
+}
+
+static int
+p11_get_session(hx509_context context,
+ struct p11_module *p,
+ struct p11_slot *slot,
+ hx509_lock lock,
+ CK_SESSION_HANDLE *psession)
+{
+ CK_RV ret;
+
+ if (slot->flags & P11_SESSION_IN_USE)
+ _hx509_abort("slot already in session");
+
+ if (slot->flags & P11_SESSION) {
+ slot->flags |= P11_SESSION_IN_USE;
+ *psession = slot->session;
+ return 0;
+ }
+
+ ret = P11FUNC(p, OpenSession, (slot->id,
+ CKF_SERIAL_SESSION,
+ NULL,
+ NULL,
+ &slot->session));
+ if (ret != CKR_OK) {
+ if (context)
+ hx509_set_error_string(context, 0, HX509_PKCS11_OPEN_SESSION,
+ "Failed to OpenSession for slot id %d "
+ "with error: 0x%08x",
+ (int)slot->id, ret);
+ return HX509_PKCS11_OPEN_SESSION;
+ }
+
+ slot->flags |= P11_SESSION;
+
+ /*
+ * If we have have to login, and haven't tried before and have a
+ * prompter or known to work pin code.
+ *
+ * This code is very conversative and only uses the prompter in
+ * the hx509_lock, the reason is that it's bad to try many
+ * passwords on a pkcs11 token, it might lock up and have to be
+ * unlocked by a administrator.
+ *
+ * XXX try harder to not use pin several times on the same card.
+ */
+
+ if ( (slot->flags & P11_LOGIN_REQ)
+ && (slot->flags & P11_LOGIN_DONE) == 0
+ && (lock || slot->pin))
+ {
+ hx509_prompt prompt;
+ char pin[20];
+ char *str;
+
+ slot->flags |= P11_LOGIN_DONE;
+
+ if (slot->pin == NULL) {
+
+ memset(&prompt, 0, sizeof(prompt));
+
+ asprintf(&str, "PIN code for %s: ", slot->name);
+ prompt.prompt = str;
+ prompt.type = HX509_PROMPT_TYPE_PASSWORD;
+ prompt.reply.data = pin;
+ prompt.reply.length = sizeof(pin);
+
+ ret = hx509_lock_prompt(lock, &prompt);
+ if (ret) {
+ free(str);
+ if (context)
+ hx509_set_error_string(context, 0, ret,
+ "Failed to get pin code for slot "
+ "id %d with error: %d",
+ (int)slot->id, ret);
+ return ret;
+ }
+ free(str);
+ } else {
+ strlcpy(pin, slot->pin, sizeof(pin));
+ }
+
+ ret = P11FUNC(p, Login, (slot->session, CKU_USER,
+ (unsigned char*)pin, strlen(pin)));
+ if (ret != CKR_OK) {
+ if (context)
+ hx509_set_error_string(context, 0, HX509_PKCS11_LOGIN,
+ "Failed to login on slot id %d "
+ "with error: 0x%08x",
+ (int)slot->id, ret);
+ p11_put_session(p, slot, slot->session);
+ return HX509_PKCS11_LOGIN;
+ }
+ if (slot->pin == NULL) {
+ slot->pin = strdup(pin);
+ if (slot->pin == NULL) {
+ if (context)
+ hx509_set_error_string(context, 0, ENOMEM,
+ "out of memory");
+ p11_put_session(p, slot, slot->session);
+ return ENOMEM;
+ }
+ }
+ } else
+ slot->flags |= P11_LOGIN_DONE;
+
+ slot->flags |= P11_SESSION_IN_USE;
+
+ *psession = slot->session;
+
+ return 0;
+}
+
+static int
+p11_put_session(struct p11_module *p,
+ struct p11_slot *slot,
+ CK_SESSION_HANDLE session)
+{
+ if ((slot->flags & P11_SESSION_IN_USE) == 0)
+ _hx509_abort("slot not in session");
+ slot->flags &= ~P11_SESSION_IN_USE;
+
+ return 0;
+}
+
+static int
+iterate_entries(hx509_context context,
+ struct p11_module *p, struct p11_slot *slot,
+ CK_SESSION_HANDLE session,
+ CK_ATTRIBUTE *search_data, int num_search_data,
+ CK_ATTRIBUTE *query, int num_query,
+ int (*func)(hx509_context,
+ struct p11_module *, struct p11_slot *,
+ CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE object,
+ void *, CK_ATTRIBUTE *, int), void *ptr)
+{
+ CK_OBJECT_HANDLE object;
+ CK_ULONG object_count;
+ int ret, i;
+
+ ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data));
+ if (ret != CKR_OK) {
+ return -1;
+ }
+ while (1) {
+ ret = P11FUNC(p, FindObjects, (session, &object, 1, &object_count));
+ if (ret != CKR_OK) {
+ return -1;
+ }
+ if (object_count == 0)
+ break;
+
+ for (i = 0; i < num_query; i++)
+ query[i].pValue = NULL;
+
+ ret = P11FUNC(p, GetAttributeValue,
+ (session, object, query, num_query));
+ if (ret != CKR_OK) {
+ return -1;
+ }
+ for (i = 0; i < num_query; i++) {
+ query[i].pValue = malloc(query[i].ulValueLen);
+ if (query[i].pValue == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ ret = P11FUNC(p, GetAttributeValue,
+ (session, object, query, num_query));
+ if (ret != CKR_OK) {
+ ret = -1;
+ goto out;
+ }
+
+ ret = (*func)(context, p, slot, session, object, ptr, query, num_query);
+ if (ret)
+ goto out;
+
+ for (i = 0; i < num_query; i++) {
+ if (query[i].pValue)
+ free(query[i].pValue);
+ query[i].pValue = NULL;
+ }
+ }
+ out:
+
+ for (i = 0; i < num_query; i++) {
+ if (query[i].pValue)
+ free(query[i].pValue);
+ query[i].pValue = NULL;
+ }
+
+ ret = P11FUNC(p, FindObjectsFinal, (session));
+ if (ret != CKR_OK) {
+ return -2;
+ }
+
+
+ return 0;
+}
+
+static BIGNUM *
+getattr_bn(struct p11_module *p,
+ struct p11_slot *slot,
+ CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE object,
+ unsigned int type)
+{
+ CK_ATTRIBUTE query;
+ BIGNUM *bn;
+ int ret;
+
+ query.type = type;
+ query.pValue = NULL;
+ query.ulValueLen = 0;
+
+ ret = P11FUNC(p, GetAttributeValue,
+ (session, object, &query, 1));
+ if (ret != CKR_OK)
+ return NULL;
+
+ query.pValue = malloc(query.ulValueLen);
+
+ ret = P11FUNC(p, GetAttributeValue,
+ (session, object, &query, 1));
+ if (ret != CKR_OK) {
+ free(query.pValue);
+ return NULL;
+ }
+ bn = BN_bin2bn(query.pValue, query.ulValueLen, NULL);
+ free(query.pValue);
+
+ return bn;
+}
+
+static int
+collect_private_key(hx509_context context,
+ struct p11_module *p, struct p11_slot *slot,
+ CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE object,
+ void *ptr, CK_ATTRIBUTE *query, int num_query)
+{
+ struct hx509_collector *collector = ptr;
+ hx509_private_key key;
+ heim_octet_string localKeyId;
+ int ret;
+ RSA *rsa;
+ struct p11_rsa *p11rsa;
+
+ localKeyId.data = query[0].pValue;
+ localKeyId.length = query[0].ulValueLen;
+
+ ret = _hx509_private_key_init(&key, NULL, NULL);
+ if (ret)
+ return ret;
+
+ rsa = RSA_new();
+ if (rsa == NULL)
+ _hx509_abort("out of memory");
+
+ /*
+ * The exponent and modulus should always be present according to
+ * the pkcs11 specification, but some smartcards leaves it out,
+ * let ignore any failure to fetch it.
+ */
+ rsa->n = getattr_bn(p, slot, session, object, CKA_MODULUS);
+ rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT);
+
+ p11rsa = calloc(1, sizeof(*p11rsa));
+ if (p11rsa == NULL)
+ _hx509_abort("out of memory");
+
+ p11rsa->p = p;
+ p11rsa->slot = slot;
+ p11rsa->private_key = object;
+
+ p->refcount++;
+ if (p->refcount == 0)
+ _hx509_abort("pkcs11 refcount to high");
+
+ RSA_set_method(rsa, &p11_rsa_pkcs1_method);
+ ret = RSA_set_app_data(rsa, p11rsa);
+ if (ret != 1)
+ _hx509_abort("RSA_set_app_data");
+
+ _hx509_private_key_assign_rsa(key, rsa);
+
+ ret = _hx509_collector_private_key_add(context,
+ collector,
+ hx509_signature_rsa(),
+ key,
+ NULL,
+ &localKeyId);
+
+ if (ret) {
+ _hx509_private_key_free(&key);
+ return ret;
+ }
+ return 0;
+}
+
+static void
+p11_cert_release(hx509_cert cert, void *ctx)
+{
+ struct p11_module *p = ctx;
+ p11_release_module(p);
+}
+
+
+static int
+collect_cert(hx509_context context,
+ struct p11_module *p, struct p11_slot *slot,
+ CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE object,
+ void *ptr, CK_ATTRIBUTE *query, int num_query)
+{
+ struct hx509_collector *collector = ptr;
+ hx509_cert cert;
+ int ret;
+
+ if ((CK_LONG)query[0].ulValueLen == -1 ||
+ (CK_LONG)query[1].ulValueLen == -1)
+ {
+ return 0;
+ }
+
+ ret = hx509_cert_init_data(context, query[1].pValue,
+ query[1].ulValueLen, &cert);
+ if (ret)
+ return ret;
+
+ p->refcount++;
+ if (p->refcount == 0)
+ _hx509_abort("pkcs11 refcount to high");
+
+ _hx509_cert_set_release(cert, p11_cert_release, p);
+
+ {
+ heim_octet_string data;
+
+ data.data = query[0].pValue;
+ data.length = query[0].ulValueLen;
+
+ _hx509_set_cert_attribute(context,
+ cert,
+ oid_id_pkcs_9_at_localKeyId(),
+ &data);
+ }
+
+ if ((CK_LONG)query[2].ulValueLen != -1) {
+ char *str;
+
+ asprintf(&str, "%.*s",
+ (int)query[2].ulValueLen, (char *)query[2].pValue);
+ if (str) {
+ hx509_cert_set_friendly_name(cert, str);
+ free(str);
+ }
+ }
+
+ ret = _hx509_collector_certs_add(context, collector, cert);
+ hx509_cert_free(cert);
+
+ return ret;
+}
+
+
+static int
+p11_list_keys(hx509_context context,
+ struct p11_module *p,
+ struct p11_slot *slot,
+ CK_SESSION_HANDLE session,
+ hx509_lock lock,
+ hx509_certs *certs)
+{
+ struct hx509_collector *collector;
+ CK_OBJECT_CLASS key_class;
+ CK_ATTRIBUTE search_data[] = {
+ {CKA_CLASS, NULL, 0},
+ };
+ CK_ATTRIBUTE query_data[3] = {
+ {CKA_ID, NULL, 0},
+ {CKA_VALUE, NULL, 0},
+ {CKA_LABEL, NULL, 0}
+ };
+ int ret;
+
+ search_data[0].pValue = &key_class;
+ search_data[0].ulValueLen = sizeof(key_class);
+
+ if (lock == NULL)
+ lock = _hx509_empty_lock;
+
+ ret = _hx509_collector_alloc(context, lock, &collector);
+ if (ret)
+ return ret;
+
+ key_class = CKO_PRIVATE_KEY;
+ ret = iterate_entries(context, p, slot, session,
+ search_data, 1,
+ query_data, 1,
+ collect_private_key, collector);
+ if (ret)
+ goto out;
+
+ key_class = CKO_CERTIFICATE;
+ ret = iterate_entries(context, p, slot, session,
+ search_data, 1,
+ query_data, 3,
+ collect_cert, collector);
+ if (ret)
+ goto out;
+
+ ret = _hx509_collector_collect_certs(context, collector, &slot->certs);
+
+out:
+ _hx509_collector_free(collector);
+
+ return ret;
+}
+
+
+static int
+p11_init(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ CK_C_GetFunctionList getFuncs;
+ struct p11_module *p;
+ char *list, *str;
+ int ret;
+
+ *data = NULL;
+
+ list = strdup(residue);
+ if (list == NULL)
+ return ENOMEM;
+
+ p = calloc(1, sizeof(*p));
+ if (p == NULL) {
+ free(list);
+ return ENOMEM;
+ }
+
+ p->refcount = 1;
+
+ str = strchr(list, ',');
+ if (str)
+ *str++ = '\0';
+ while (str) {
+ char *strnext;
+ strnext = strchr(str, ',');
+ if (strnext)
+ *strnext++ = '\0';
+#if 0
+ if (strncasecmp(str, "slot=", 5) == 0)
+ p->selected_slot = atoi(str + 5);
+#endif
+ str = strnext;
+ }
+
+ p->dl_handle = dlopen(list, RTLD_NOW);
+ free(list);
+ if (p->dl_handle == NULL) {
+ ret = HX509_PKCS11_LOAD;
+ hx509_set_error_string(context, 0, ret,
+ "Failed to open %s: %s", list, dlerror());
+ goto out;
+ }
+
+ getFuncs = dlsym(p->dl_handle, "C_GetFunctionList");
+ if (getFuncs == NULL) {
+ ret = HX509_PKCS11_LOAD;
+ hx509_set_error_string(context, 0, ret,
+ "C_GetFunctionList missing in %s: %s",
+ list, dlerror());
+ goto out;
+ }
+
+ ret = (*getFuncs)(&p->funcs);
+ if (ret) {
+ ret = HX509_PKCS11_LOAD;
+ hx509_set_error_string(context, 0, ret,
+ "C_GetFunctionList failed in %s", list);
+ goto out;
+ }
+
+ ret = P11FUNC(p, Initialize, (NULL_PTR));
+ if (ret != CKR_OK) {
+ ret = HX509_PKCS11_TOKEN_CONFUSED;
+ hx509_set_error_string(context, 0, ret,
+ "Failed initialize the PKCS11 module");
+ goto out;
+ }
+
+ ret = P11FUNC(p, GetSlotList, (FALSE, NULL, &p->num_slots));
+ if (ret) {
+ ret = HX509_PKCS11_TOKEN_CONFUSED;
+ hx509_set_error_string(context, 0, ret,
+ "Failed to get number of PKCS11 slots");
+ goto out;
+ }
+
+ if (p->num_slots == 0) {
+ ret = HX509_PKCS11_NO_SLOT;
+ hx509_set_error_string(context, 0, ret,
+ "Selected PKCS11 module have no slots");
+ goto out;
+ }
+
+
+ {
+ CK_SLOT_ID_PTR slot_ids;
+ int i, num_tokens = 0;
+
+ slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
+ if (slot_ids == NULL) {
+ hx509_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = P11FUNC(p, GetSlotList, (FALSE, slot_ids, &p->num_slots));
+ if (ret) {
+ free(slot_ids);
+ hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED,
+ "Failed getting slot-list from "
+ "PKCS11 module");
+ ret = HX509_PKCS11_TOKEN_CONFUSED;
+ goto out;
+ }
+
+ p->slot = calloc(p->num_slots, sizeof(p->slot[0]));
+ if (p->slot == NULL) {
+ free(slot_ids);
+ hx509_set_error_string(context, 0, ENOMEM,
+ "Failed to get memory for slot-list");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ for (i = 0; i < p->num_slots; i++) {
+ ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]);
+ if (ret)
+ break;
+ if (p->slot[i].flags & P11_TOKEN_PRESENT)
+ num_tokens++;
+ }
+ free(slot_ids);
+ if (ret)
+ goto out;
+ if (num_tokens == 0) {
+ ret = HX509_PKCS11_NO_TOKEN;
+ goto out;
+ }
+ }
+
+ *data = p;
+
+ return 0;
+ out:
+ p11_release_module(p);
+ return ret;
+}
+
+static void
+p11_release_module(struct p11_module *p)
+{
+ int i;
+
+ if (p->refcount == 0)
+ _hx509_abort("pkcs11 refcount to low");
+ if (--p->refcount > 0)
+ return;
+
+ for (i = 0; i < p->num_slots; i++) {
+ if (p->slot[i].flags & P11_SESSION_IN_USE)
+ _hx509_abort("pkcs11 module release while session in use");
+ if (p->slot[i].flags & P11_SESSION) {
+ int ret;
+
+ ret = P11FUNC(p, CloseSession, (p->slot[i].session));
+ if (ret != CKR_OK)
+ ;
+ }
+
+ if (p->slot[i].name)
+ free(p->slot[i].name);
+ if (p->slot[i].pin) {
+ memset(p->slot[i].pin, 0, strlen(p->slot[i].pin));
+ free(p->slot[i].pin);
+ }
+ if (p->slot[i].mechs.num) {
+ free(p->slot[i].mechs.list);
+
+ if (p->slot[i].mechs.infos) {
+ int j;
+
+ for (j = 0 ; j < p->slot[i].mechs.num ; j++)
+ free(p->slot[i].mechs.infos[j]);
+ free(p->slot[i].mechs.infos);
+ }
+ }
+ }
+ free(p->slot);
+
+ if (p->funcs)
+ P11FUNC(p, Finalize, (NULL));
+
+ if (p->dl_handle)
+ dlclose(p->dl_handle);
+
+ memset(p, 0, sizeof(*p));
+ free(p);
+}
+
+static int
+p11_free(hx509_certs certs, void *data)
+{
+ struct p11_module *p = data;
+ int i;
+
+ for (i = 0; i < p->num_slots; i++) {
+ if (p->slot[i].certs)
+ hx509_certs_free(&p->slot[i].certs);
+ }
+ p11_release_module(p);
+ return 0;
+}
+
+struct p11_cursor {
+ hx509_certs certs;
+ void *cursor;
+};
+
+static int
+p11_iter_start(hx509_context context,
+ hx509_certs certs, void *data, void **cursor)
+{
+ struct p11_module *p = data;
+ struct p11_cursor *c;
+ int ret, i;
+
+ c = malloc(sizeof(*c));
+ if (c == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ ret = hx509_certs_init(context, "MEMORY:pkcs11-iter", 0, NULL, &c->certs);
+ if (ret) {
+ free(c);
+ return ret;
+ }
+
+ for (i = 0 ; i < p->num_slots; i++) {
+ if (p->slot[i].certs == NULL)
+ continue;
+ ret = hx509_certs_merge(context, c->certs, p->slot[i].certs);
+ if (ret) {
+ hx509_certs_free(&c->certs);
+ free(c);
+ return ret;
+ }
+ }
+
+ ret = hx509_certs_start_seq(context, c->certs, &c->cursor);
+ if (ret) {
+ hx509_certs_free(&c->certs);
+ free(c);
+ return 0;
+ }
+ *cursor = c;
+
+ return 0;
+}
+
+static int
+p11_iter(hx509_context context,
+ hx509_certs certs, void *data, void *cursor, hx509_cert *cert)
+{
+ struct p11_cursor *c = cursor;
+ return hx509_certs_next_cert(context, c->certs, c->cursor, cert);
+}
+
+static int
+p11_iter_end(hx509_context context,
+ hx509_certs certs, void *data, void *cursor)
+{
+ struct p11_cursor *c = cursor;
+ int ret;
+ ret = hx509_certs_end_seq(context, c->certs, c->cursor);
+ hx509_certs_free(&c->certs);
+ free(c);
+ return ret;
+}
+
+#define MECHFLAG(x) { "unknown-flag-" #x, x }
+static struct units mechflags[] = {
+ MECHFLAG(0x80000000),
+ MECHFLAG(0x40000000),
+ MECHFLAG(0x20000000),
+ MECHFLAG(0x10000000),
+ MECHFLAG(0x08000000),
+ MECHFLAG(0x04000000),
+ {"ec-compress", 0x2000000 },
+ {"ec-uncompress", 0x1000000 },
+ {"ec-namedcurve", 0x0800000 },
+ {"ec-ecparameters", 0x0400000 },
+ {"ec-f-2m", 0x0200000 },
+ {"ec-f-p", 0x0100000 },
+ {"derive", 0x0080000 },
+ {"unwrap", 0x0040000 },
+ {"wrap", 0x0020000 },
+ {"genereate-key-pair", 0x0010000 },
+ {"generate", 0x0008000 },
+ {"verify-recover", 0x0004000 },
+ {"verify", 0x0002000 },
+ {"sign-recover", 0x0001000 },
+ {"sign", 0x0000800 },
+ {"digest", 0x0000400 },
+ {"decrypt", 0x0000200 },
+ {"encrypt", 0x0000100 },
+ MECHFLAG(0x00080),
+ MECHFLAG(0x00040),
+ MECHFLAG(0x00020),
+ MECHFLAG(0x00010),
+ MECHFLAG(0x00008),
+ MECHFLAG(0x00004),
+ MECHFLAG(0x00002),
+ {"hw", 0x0000001 },
+ { NULL, 0x0000000 }
+};
+#undef MECHFLAG
+
+static int
+p11_printinfo(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ int (*func)(void *, const char *),
+ void *ctx)
+{
+ struct p11_module *p = data;
+ int i, j;
+
+ _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
+ p->num_slots, p->num_slots > 1 ? "s" : "");
+
+ for (i = 0; i < p->num_slots; i++) {
+ struct p11_slot *s = &p->slot[i];
+
+ _hx509_pi_printf(func, ctx, "slot %d: id: %d name: %s flags: %08x",
+ i, (int)s->id, s->name, s->flags);
+
+ _hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu",
+ (unsigned long)s->mechs.num);
+ for (j = 0; j < s->mechs.num; j++) {
+ const char *mechname = "unknown";
+ char flags[256], unknownname[40];
+#define MECHNAME(s,n) case s: mechname = n; break
+ switch(s->mechs.list[j]) {
+ MECHNAME(CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen");
+ MECHNAME(CKM_RSA_PKCS, "rsa-pkcs");
+ MECHNAME(CKM_RSA_X_509, "rsa-x-509");
+ MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
+ MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
+ MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
+ MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
+ MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
+ MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
+ MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
+ MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
+ MECHNAME(CKM_SHA512, "sha512");
+ MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
+ MECHNAME(CKM_SHA384, "sha384");
+ MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
+ MECHNAME(CKM_SHA256, "sha256");
+ MECHNAME(CKM_SHA_1, "sha1");
+ MECHNAME(CKM_MD5, "md5");
+ MECHNAME(CKM_MD2, "md2");
+ MECHNAME(CKM_RIPEMD160, "ripemd-160");
+ MECHNAME(CKM_DES_ECB, "des-ecb");
+ MECHNAME(CKM_DES_CBC, "des-cbc");
+ MECHNAME(CKM_AES_ECB, "aes-ecb");
+ MECHNAME(CKM_AES_CBC, "aes-cbc");
+ MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen");
+ default:
+ snprintf(unknownname, sizeof(unknownname),
+ "unknown-mech-%lu",
+ (unsigned long)s->mechs.list[j]);
+ mechname = unknownname;
+ break;
+ }
+#undef MECHNAME
+ unparse_flags(s->mechs.infos[j]->flags, mechflags,
+ flags, sizeof(flags));
+
+ _hx509_pi_printf(func, ctx, " %s: %s", mechname, flags);
+ }
+ }
+
+ return 0;
+}
+
+static struct hx509_keyset_ops keyset_pkcs11 = {
+ "PKCS11",
+ 0,
+ p11_init,
+ NULL,
+ p11_free,
+ NULL,
+ NULL,
+ p11_iter_start,
+ p11_iter,
+ p11_iter_end,
+ p11_printinfo
+};
+
+#endif /* HAVE_DLOPEN */
+
+void
+_hx509_ks_pkcs11_register(hx509_context context)
+{
+#ifdef HAVE_DLOPEN
+ _hx509_ks_register(context, &keyset_pkcs11);
+#endif
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ks_p12.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ks_p12.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ks_p12.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,704 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: ks_p12.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct ks_pkcs12 {
+ hx509_certs certs;
+ char *fn;
+};
+
+typedef int (*collector_func)(hx509_context,
+ struct hx509_collector *,
+ const void *, size_t,
+ const PKCS12_Attributes *);
+
+struct type {
+ const heim_oid * (*oid)(void);
+ collector_func func;
+};
+
+static void
+parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
+ const void *, size_t, const PKCS12_Attributes *);
+
+
+static const PKCS12_Attribute *
+find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
+{
+ int i;
+ if (attrs == NULL)
+ return NULL;
+ for (i = 0; i < attrs->len; i++)
+ if (der_heim_oid_cmp(oid, &attrs->val[i].attrId) == 0)
+ return &attrs->val[i];
+ return NULL;
+}
+
+static int
+keyBag_parser(hx509_context context,
+ struct hx509_collector *c,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ const PKCS12_Attribute *attr;
+ PKCS8PrivateKeyInfo ki;
+ const heim_octet_string *os = NULL;
+ int ret;
+
+ attr = find_attribute(attrs, oid_id_pkcs_9_at_localKeyId());
+ if (attr)
+ os = &attr->attrValues;
+
+ ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL);
+ if (ret)
+ return ret;
+
+ _hx509_collector_private_key_add(context,
+ c,
+ &ki.privateKeyAlgorithm,
+ NULL,
+ &ki.privateKey,
+ os);
+ free_PKCS8PrivateKeyInfo(&ki);
+ return 0;
+}
+
+static int
+ShroudedKeyBag_parser(hx509_context context,
+ struct hx509_collector *c,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ PKCS8EncryptedPrivateKeyInfo pk;
+ heim_octet_string content;
+ int ret;
+
+ memset(&pk, 0, sizeof(pk));
+
+ ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL);
+ if (ret)
+ return ret;
+
+ ret = _hx509_pbe_decrypt(context,
+ _hx509_collector_get_lock(c),
+ &pk.encryptionAlgorithm,
+ &pk.encryptedData,
+ &content);
+ free_PKCS8EncryptedPrivateKeyInfo(&pk);
+ if (ret)
+ return ret;
+
+ ret = keyBag_parser(context, c, content.data, content.length, attrs);
+ der_free_octet_string(&content);
+ return ret;
+}
+
+static int
+certBag_parser(hx509_context context,
+ struct hx509_collector *c,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ heim_octet_string os;
+ hx509_cert cert;
+ PKCS12_CertBag cb;
+ int ret;
+
+ ret = decode_PKCS12_CertBag(data, length, &cb, NULL);
+ if (ret)
+ return ret;
+
+ if (der_heim_oid_cmp(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType)) {
+ free_PKCS12_CertBag(&cb);
+ return 0;
+ }
+
+ ret = decode_PKCS12_OctetString(cb.certValue.data,
+ cb.certValue.length,
+ &os,
+ NULL);
+ free_PKCS12_CertBag(&cb);
+ if (ret)
+ return ret;
+
+ ret = hx509_cert_init_data(context, os.data, os.length, &cert);
+ der_free_octet_string(&os);
+ if (ret)
+ return ret;
+
+ ret = _hx509_collector_certs_add(context, c, cert);
+ if (ret) {
+ hx509_cert_free(cert);
+ return ret;
+ }
+
+ {
+ const PKCS12_Attribute *attr;
+ const heim_oid * (*oids[])(void) = {
+ oid_id_pkcs_9_at_localKeyId, oid_id_pkcs_9_at_friendlyName
+ };
+ int i;
+
+ for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
+ const heim_oid *oid = (*(oids[i]))();
+ attr = find_attribute(attrs, oid);
+ if (attr)
+ _hx509_set_cert_attribute(context, cert, oid,
+ &attr->attrValues);
+ }
+ }
+
+ hx509_cert_free(cert);
+
+ return 0;
+}
+
+static int
+parse_safe_content(hx509_context context,
+ struct hx509_collector *c,
+ const unsigned char *p, size_t len)
+{
+ PKCS12_SafeContents sc;
+ int ret, i;
+
+ memset(&sc, 0, sizeof(sc));
+
+ ret = decode_PKCS12_SafeContents(p, len, &sc, NULL);
+ if (ret)
+ return ret;
+
+ for (i = 0; i < sc.len ; i++)
+ parse_pkcs12_type(context,
+ c,
+ &sc.val[i].bagId,
+ sc.val[i].bagValue.data,
+ sc.val[i].bagValue.length,
+ sc.val[i].bagAttributes);
+
+ free_PKCS12_SafeContents(&sc);
+ return 0;
+}
+
+static int
+safeContent_parser(hx509_context context,
+ struct hx509_collector *c,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ heim_octet_string os;
+ int ret;
+
+ ret = decode_PKCS12_OctetString(data, length, &os, NULL);
+ if (ret)
+ return ret;
+ ret = parse_safe_content(context, c, os.data, os.length);
+ der_free_octet_string(&os);
+ return ret;
+}
+
+static int
+encryptedData_parser(hx509_context context,
+ struct hx509_collector *c,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ heim_octet_string content;
+ heim_oid contentType;
+ int ret;
+
+ memset(&contentType, 0, sizeof(contentType));
+
+ ret = hx509_cms_decrypt_encrypted(context,
+ _hx509_collector_get_lock(c),
+ data, length,
+ &contentType,
+ &content);
+ if (ret)
+ return ret;
+
+ if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
+ ret = parse_safe_content(context, c, content.data, content.length);
+
+ der_free_octet_string(&content);
+ der_free_oid(&contentType);
+ return ret;
+}
+
+static int
+envelopedData_parser(hx509_context context,
+ struct hx509_collector *c,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ heim_octet_string content;
+ heim_oid contentType;
+ hx509_lock lock;
+ int ret;
+
+ memset(&contentType, 0, sizeof(contentType));
+
+ lock = _hx509_collector_get_lock(c);
+
+ ret = hx509_cms_unenvelope(context,
+ _hx509_lock_unlock_certs(lock),
+ 0,
+ data, length,
+ NULL,
+ &contentType,
+ &content);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "PKCS12 failed to unenvelope");
+ return ret;
+ }
+
+ if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0)
+ ret = parse_safe_content(context, c, content.data, content.length);
+
+ der_free_octet_string(&content);
+ der_free_oid(&contentType);
+
+ return ret;
+}
+
+
+struct type bagtypes[] = {
+ { oid_id_pkcs12_keyBag, keyBag_parser },
+ { oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser },
+ { oid_id_pkcs12_certBag, certBag_parser },
+ { oid_id_pkcs7_data, safeContent_parser },
+ { oid_id_pkcs7_encryptedData, encryptedData_parser },
+ { oid_id_pkcs7_envelopedData, envelopedData_parser }
+};
+
+static void
+parse_pkcs12_type(hx509_context context,
+ struct hx509_collector *c,
+ const heim_oid *oid,
+ const void *data, size_t length,
+ const PKCS12_Attributes *attrs)
+{
+ int i;
+
+ for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
+ if (der_heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0)
+ (*bagtypes[i].func)(context, c, data, length, attrs);
+}
+
+static int
+p12_init(hx509_context context,
+ hx509_certs certs, void **data, int flags,
+ const char *residue, hx509_lock lock)
+{
+ struct ks_pkcs12 *p12;
+ size_t len;
+ void *buf;
+ PKCS12_PFX pfx;
+ PKCS12_AuthenticatedSafe as;
+ int ret, i;
+ struct hx509_collector *c;
+
+ *data = NULL;
+
+ if (lock == NULL)
+ lock = _hx509_empty_lock;
+
+ ret = _hx509_collector_alloc(context, lock, &c);
+ if (ret)
+ return ret;
+
+ p12 = calloc(1, sizeof(*p12));
+ if (p12 == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ p12->fn = strdup(residue);
+ if (p12->fn == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+
+ if (flags & HX509_CERTS_CREATE) {
+ ret = hx509_certs_init(context, "MEMORY:ks-file-create",
+ 0, lock, &p12->certs);
+ if (ret == 0)
+ *data = p12;
+ goto out;
+ }
+
+ ret = _hx509_map_file(residue, &buf, &len, NULL);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ ret = decode_PKCS12_PFX(buf, len, &pfx, NULL);
+ _hx509_unmap_file(buf, len);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to decode the PFX in %s", residue);
+ goto out;
+ }
+
+ if (der_heim_oid_cmp(&pfx.authSafe.contentType, oid_id_pkcs7_data()) != 0) {
+ free_PKCS12_PFX(&pfx);
+ ret = EINVAL;
+ hx509_set_error_string(context, 0, ret,
+ "PKCS PFX isn't a pkcs7-data container");
+ goto out;
+ }
+
+ if (pfx.authSafe.content == NULL) {
+ free_PKCS12_PFX(&pfx);
+ ret = EINVAL;
+ hx509_set_error_string(context, 0, ret,
+ "PKCS PFX missing data");
+ goto out;
+ }
+
+ {
+ heim_octet_string asdata;
+
+ ret = decode_PKCS12_OctetString(pfx.authSafe.content->data,
+ pfx.authSafe.content->length,
+ &asdata,
+ NULL);
+ free_PKCS12_PFX(&pfx);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ ret = decode_PKCS12_AuthenticatedSafe(asdata.data,
+ asdata.length,
+ &as,
+ NULL);
+ der_free_octet_string(&asdata);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ for (i = 0; i < as.len; i++)
+ parse_pkcs12_type(context,
+ c,
+ &as.val[i].contentType,
+ as.val[i].content->data,
+ as.val[i].content->length,
+ NULL);
+
+ free_PKCS12_AuthenticatedSafe(&as);
+
+ ret = _hx509_collector_collect_certs(context, c, &p12->certs);
+ if (ret == 0)
+ *data = p12;
+
+out:
+ _hx509_collector_free(c);
+
+ if (ret && p12) {
+ if (p12->fn)
+ free(p12->fn);
+ if (p12->certs)
+ hx509_certs_free(&p12->certs);
+ free(p12);
+ }
+
+ return ret;
+}
+
+static int
+addBag(hx509_context context,
+ PKCS12_AuthenticatedSafe *as,
+ const heim_oid *oid,
+ void *data,
+ size_t length)
+{
+ void *ptr;
+ int ret;
+
+ ptr = realloc(as->val, sizeof(as->val[0]) * (as->len + 1));
+ if (ptr == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ as->val = ptr;
+
+ ret = der_copy_oid(oid, &as->val[as->len].contentType);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ return ret;
+ }
+
+ as->val[as->len].content = calloc(1, sizeof(*as->val[0].content));
+ if (as->val[as->len].content == NULL) {
+ der_free_oid(&as->val[as->len].contentType);
+ hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory");
+ return ENOMEM;
+ }
+
+ as->val[as->len].content->data = data;
+ as->val[as->len].content->length = length;
+
+ as->len++;
+
+ return 0;
+}
+
+static int
+store_func(hx509_context context, void *ctx, hx509_cert c)
+{
+ PKCS12_AuthenticatedSafe *as = ctx;
+ PKCS12_OctetString os;
+ PKCS12_CertBag cb;
+ size_t size;
+ int ret;
+
+ memset(&os, 0, sizeof(os));
+ memset(&cb, 0, sizeof(cb));
+
+ os.data = NULL;
+ os.length = 0;
+
+ ret = hx509_cert_binary(context, c, &os);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(PKCS12_OctetString,
+ cb.certValue.data,cb.certValue.length,
+ &os, &size, ret);
+ free(os.data);
+ if (ret)
+ goto out;
+ ret = der_copy_oid(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType);
+ if (ret) {
+ free_PKCS12_CertBag(&cb);
+ goto out;
+ }
+ ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length,
+ &cb, &size, ret);
+ free_PKCS12_CertBag(&cb);
+ if (ret)
+ goto out;
+
+ ret = addBag(context, as, oid_id_pkcs12_certBag(), os.data, os.length);
+
+ if (_hx509_cert_private_key_exportable(c)) {
+ hx509_private_key key = _hx509_cert_private_key(c);
+ PKCS8PrivateKeyInfo pki;
+
+ memset(&pki, 0, sizeof(pki));
+
+ ret = der_parse_hex_heim_integer("00", &pki.version);
+ if (ret)
+ return ret;
+ ret = _hx509_private_key_oid(context, key,
+ &pki.privateKeyAlgorithm.algorithm);
+ if (ret) {
+ free_PKCS8PrivateKeyInfo(&pki);
+ return ret;
+ }
+ ret = _hx509_private_key_export(context,
+ _hx509_cert_private_key(c),
+ &pki.privateKey);
+ if (ret) {
+ free_PKCS8PrivateKeyInfo(&pki);
+ return ret;
+ }
+ /* set attribute, oid_id_pkcs_9_at_localKeyId() */
+
+ ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length,
+ &pki, &size, ret);
+ free_PKCS8PrivateKeyInfo(&pki);
+ if (ret)
+ return ret;
+
+ ret = addBag(context, as, oid_id_pkcs12_keyBag(), os.data, os.length);
+ if (ret)
+ return ret;
+ }
+
+out:
+ return ret;
+}
+
+static int
+p12_store(hx509_context context,
+ hx509_certs certs, void *data, int flags, hx509_lock lock)
+{
+ struct ks_pkcs12 *p12 = data;
+ PKCS12_PFX pfx;
+ PKCS12_AuthenticatedSafe as;
+ PKCS12_OctetString asdata;
+ size_t size;
+ int ret;
+
+ memset(&as, 0, sizeof(as));
+ memset(&pfx, 0, sizeof(pfx));
+
+ ret = hx509_certs_iter(context, p12->certs, store_func, &as);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length,
+ &as, &size, ret);
+ free_PKCS12_AuthenticatedSafe(&as);
+ if (ret)
+ return ret;
+
+ ret = der_parse_hex_heim_integer("03", &pfx.version);
+ if (ret) {
+ free(asdata.data);
+ goto out;
+ }
+
+ pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));
+
+ ASN1_MALLOC_ENCODE(PKCS12_OctetString,
+ pfx.authSafe.content->data,
+ pfx.authSafe.content->length,
+ &asdata, &size, ret);
+ free(asdata.data);
+ if (ret)
+ goto out;
+
+ ret = der_copy_oid(oid_id_pkcs7_data(), &pfx.authSafe.contentType);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length,
+ &pfx, &size, ret);
+ if (ret)
+ goto out;
+
+#if 0
+ const struct _hx509_password *pw;
+
+ pw = _hx509_lock_get_passwords(lock);
+ if (pw != NULL) {
+ pfx.macData = calloc(1, sizeof(*pfx.macData));
+ if (pfx.macData == NULL) {
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "malloc out of memory");
+ return ret;
+ }
+ if (pfx.macData == NULL) {
+ free(asdata.data);
+ goto out;
+ }
+ }
+ ret = calculate_hash(&aspath, pw, pfx.macData);
+#endif
+
+ rk_dumpdata(p12->fn, asdata.data, asdata.length);
+ free(asdata.data);
+
+out:
+ free_PKCS12_AuthenticatedSafe(&as);
+ free_PKCS12_PFX(&pfx);
+
+ return ret;
+}
+
+
+static int
+p12_free(hx509_certs certs, void *data)
+{
+ struct ks_pkcs12 *p12 = data;
+ hx509_certs_free(&p12->certs);
+ free(p12->fn);
+ free(p12);
+ return 0;
+}
+
+static int
+p12_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c)
+{
+ struct ks_pkcs12 *p12 = data;
+ return hx509_certs_add(context, p12->certs, c);
+}
+
+static int
+p12_iter_start(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void **cursor)
+{
+ struct ks_pkcs12 *p12 = data;
+ return hx509_certs_start_seq(context, p12->certs, cursor);
+}
+
+static int
+p12_iter(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor,
+ hx509_cert *cert)
+{
+ struct ks_pkcs12 *p12 = data;
+ return hx509_certs_next_cert(context, p12->certs, cursor, cert);
+}
+
+static int
+p12_iter_end(hx509_context context,
+ hx509_certs certs,
+ void *data,
+ void *cursor)
+{
+ struct ks_pkcs12 *p12 = data;
+ return hx509_certs_end_seq(context, p12->certs, cursor);
+}
+
+static struct hx509_keyset_ops keyset_pkcs12 = {
+ "PKCS12",
+ 0,
+ p12_init,
+ p12_store,
+ p12_free,
+ p12_add,
+ NULL,
+ p12_iter_start,
+ p12_iter,
+ p12_iter_end
+};
+
+void
+_hx509_ks_pkcs12_register(hx509_context context)
+{
+ _hx509_ks_register(context, &keyset_pkcs12);
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/lock.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/lock.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/lock.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,248 @@
+/*
+ * Copyright (c) 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: lock.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_lock Locking and unlocking certificates and encrypted data.
+ *
+ * See the library functions here: @ref hx509_lock
+ */
+
+struct hx509_lock_data {
+ struct _hx509_password password;
+ hx509_certs certs;
+ hx509_prompter_fct prompt;
+ void *prompt_data;
+};
+
+static struct hx509_lock_data empty_lock_data = {
+ { 0, NULL }
+};
+
+hx509_lock _hx509_empty_lock = &empty_lock_data;
+
+/*
+ *
+ */
+
+int
+hx509_lock_init(hx509_context context, hx509_lock *lock)
+{
+ hx509_lock l;
+ int ret;
+
+ *lock = NULL;
+
+ l = calloc(1, sizeof(*l));
+ if (l == NULL)
+ return ENOMEM;
+
+ ret = hx509_certs_init(context,
+ "MEMORY:locks-internal",
+ 0,
+ NULL,
+ &l->certs);
+ if (ret) {
+ free(l);
+ return ret;
+ }
+
+ *lock = l;
+
+ return 0;
+}
+
+int
+hx509_lock_add_password(hx509_lock lock, const char *password)
+{
+ void *d;
+ char *s;
+
+ s = strdup(password);
+ if (s == NULL)
+ return ENOMEM;
+
+ d = realloc(lock->password.val,
+ (lock->password.len + 1) * sizeof(lock->password.val[0]));
+ if (d == NULL) {
+ free(s);
+ return ENOMEM;
+ }
+ lock->password.val = d;
+ lock->password.val[lock->password.len] = s;
+ lock->password.len++;
+
+ return 0;
+}
+
+const struct _hx509_password *
+_hx509_lock_get_passwords(hx509_lock lock)
+{
+ return &lock->password;
+}
+
+hx509_certs
+_hx509_lock_unlock_certs(hx509_lock lock)
+{
+ return lock->certs;
+}
+
+void
+hx509_lock_reset_passwords(hx509_lock lock)
+{
+ int i;
+ for (i = 0; i < lock->password.len; i++)
+ free(lock->password.val[i]);
+ free(lock->password.val);
+ lock->password.val = NULL;
+ lock->password.len = 0;
+}
+
+int
+hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert)
+{
+ return hx509_certs_add(context, lock->certs, cert);
+}
+
+int
+hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs)
+{
+ return hx509_certs_merge(context, lock->certs, certs);
+}
+
+void
+hx509_lock_reset_certs(hx509_context context, hx509_lock lock)
+{
+ hx509_certs certs = lock->certs;
+ int ret;
+
+ ret = hx509_certs_init(context,
+ "MEMORY:locks-internal",
+ 0,
+ NULL,
+ &lock->certs);
+ if (ret == 0)
+ hx509_certs_free(&certs);
+ else
+ lock->certs = certs;
+}
+
+int
+_hx509_lock_find_cert(hx509_lock lock, const hx509_query *q, hx509_cert *c)
+{
+ *c = NULL;
+ return 0;
+}
+
+int
+hx509_lock_set_prompter(hx509_lock lock, hx509_prompter_fct prompt, void *data)
+{
+ lock->prompt = prompt;
+ lock->prompt_data = data;
+ return 0;
+}
+
+void
+hx509_lock_reset_promper(hx509_lock lock)
+{
+ lock->prompt = NULL;
+ lock->prompt_data = NULL;
+}
+
+static int
+default_prompter(void *data, const hx509_prompt *prompter)
+{
+ if (hx509_prompt_hidden(prompter->type)) {
+ if(UI_UTIL_read_pw_string(prompter->reply.data,
+ prompter->reply.length,
+ prompter->prompt,
+ 0))
+ return 1;
+ } else {
+ char *s = prompter->reply.data;
+
+ fputs (prompter->prompt, stdout);
+ fflush (stdout);
+ if(fgets(prompter->reply.data,
+ prompter->reply.length,
+ stdin) == NULL)
+ return 1;
+ s[strcspn(s, "\n")] = '\0';
+ }
+ return 0;
+}
+
+int
+hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt)
+{
+ if (lock->prompt == NULL)
+ return HX509_CRYPTO_NO_PROMPTER;
+ return (*lock->prompt)(lock->prompt_data, prompt);
+}
+
+void
+hx509_lock_free(hx509_lock lock)
+{
+ hx509_certs_free(&lock->certs);
+ hx509_lock_reset_passwords(lock);
+ memset(lock, 0, sizeof(*lock));
+ free(lock);
+}
+
+int
+hx509_prompt_hidden(hx509_prompt_type type)
+{
+ /* default to hidden if unknown */
+
+ switch (type) {
+ case HX509_PROMPT_TYPE_QUESTION:
+ case HX509_PROMPT_TYPE_INFO:
+ return 0;
+ default:
+ return 1;
+ }
+}
+
+int
+hx509_lock_command_string(hx509_lock lock, const char *string)
+{
+ if (strncasecmp(string, "PASS:", 5) == 0) {
+ hx509_lock_add_password(lock, string + 5);
+ } else if (strcasecmp(string, "PROMPT") == 0) {
+ hx509_lock_set_prompter(lock, default_prompter, NULL);
+ } else
+ return HX509_UNKNOWN_LOCK_COMMAND;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,918 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: name.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_name PKIX/X.509 Names
+ *
+ * There are several names in PKIX/X.509, GeneralName and Name.
+ *
+ * A Name consists of an ordered list of Relative Distinguished Names
+ * (RDN). Each RDN consists of an unordered list of typed strings. The
+ * types are defined by OID and have long and short description. For
+ * example id-at-commonName (2.5.4.3) have the long name CommonName
+ * and short name CN. The string itself can be of serveral encoding,
+ * UTF8, UTF16, Teltex string, etc. The type limit what encoding
+ * should be used.
+ *
+ * GeneralName is a broader nametype that can contains al kind of
+ * stuff like Name, IP addresses, partial Name, etc.
+ *
+ * Name is mapped into a hx509_name object.
+ *
+ * Parse and string name into a hx509_name object with hx509_parse_name(),
+ * make it back into string representation with hx509_name_to_string().
+ *
+ * Name string are defined rfc2253, rfc1779 and X.501.
+ *
+ * See the library functions here: @ref hx509_name
+ */
+
+static const struct {
+ const char *n;
+ const heim_oid *(*o)(void);
+} no[] = {
+ { "C", oid_id_at_countryName },
+ { "CN", oid_id_at_commonName },
+ { "DC", oid_id_domainComponent },
+ { "L", oid_id_at_localityName },
+ { "O", oid_id_at_organizationName },
+ { "OU", oid_id_at_organizationalUnitName },
+ { "S", oid_id_at_stateOrProvinceName },
+ { "STREET", oid_id_at_streetAddress },
+ { "UID", oid_id_Userid },
+ { "emailAddress", oid_id_pkcs9_emailAddress },
+ { "serialNumber", oid_id_at_serialNumber }
+};
+
+static char *
+quote_string(const char *f, size_t len, size_t *rlen)
+{
+ size_t i, j, tolen;
+ const char *from = f;
+ char *to;
+
+ tolen = len * 3 + 1;
+ to = malloc(tolen);
+ if (to == NULL)
+ return NULL;
+
+ for (i = 0, j = 0; i < len; i++) {
+ if (from[i] == ' ' && i + 1 < len)
+ to[j++] = from[i];
+ else if (from[i] == ',' || from[i] == '=' || from[i] == '+' ||
+ from[i] == '<' || from[i] == '>' || from[i] == '#' ||
+ from[i] == ';' || from[i] == ' ')
+ {
+ to[j++] = '\\';
+ to[j++] = from[i];
+ } else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) {
+ to[j++] = from[i];
+ } else {
+ int l = snprintf(&to[j], tolen - j - 1,
+ "#%02x", (unsigned char)from[i]);
+ j += l;
+ }
+ }
+ to[j] = '\0';
+ assert(j < tolen);
+ *rlen = j;
+ return to;
+}
+
+
+static int
+append_string(char **str, size_t *total_len, const char *ss,
+ size_t len, int quote)
+{
+ char *s, *qs;
+
+ if (quote)
+ qs = quote_string(ss, len, &len);
+ else
+ qs = rk_UNCONST(ss);
+
+ s = realloc(*str, len + *total_len + 1);
+ if (s == NULL)
+ _hx509_abort("allocation failure"); /* XXX */
+ memcpy(s + *total_len, qs, len);
+ if (qs != ss)
+ free(qs);
+ s[*total_len + len] = '\0';
+ *str = s;
+ *total_len += len;
+ return 0;
+}
+
+static char *
+oidtostring(const heim_oid *type)
+{
+ char *s;
+ size_t i;
+
+ for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
+ if (der_heim_oid_cmp((*no[i].o)(), type) == 0)
+ return strdup(no[i].n);
+ }
+ if (der_print_heim_oid(type, '.', &s) != 0)
+ return NULL;
+ return s;
+}
+
+static int
+stringtooid(const char *name, size_t len, heim_oid *oid)
+{
+ int i, ret;
+ char *s;
+
+ memset(oid, 0, sizeof(*oid));
+
+ for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) {
+ if (strncasecmp(no[i].n, name, len) == 0)
+ return der_copy_oid((*no[i].o)(), oid);
+ }
+ s = malloc(len + 1);
+ if (s == NULL)
+ return ENOMEM;
+ memcpy(s, name, len);
+ s[len] = '\0';
+ ret = der_parse_heim_oid(s, ".", oid);
+ free(s);
+ return ret;
+}
+
+/**
+ * Convert the hx509 name object into a printable string.
+ * The resulting string should be freed with free().
+ *
+ * @param name name to print
+ * @param str the string to return
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_to_string(const hx509_name name, char **str)
+{
+ return _hx509_Name_to_string(&name->der_name, str);
+}
+
+int
+_hx509_Name_to_string(const Name *n, char **str)
+{
+ size_t total_len = 0;
+ int i, j;
+
+ *str = strdup("");
+ if (*str == NULL)
+ return ENOMEM;
+
+ for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
+ int len;
+
+ for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
+ DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
+ char *oidname;
+ char *ss;
+
+ oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type);
+
+ switch(ds->element) {
+ case choice_DirectoryString_ia5String:
+ ss = ds->u.ia5String;
+ break;
+ case choice_DirectoryString_printableString:
+ ss = ds->u.printableString;
+ break;
+ case choice_DirectoryString_utf8String:
+ ss = ds->u.utf8String;
+ break;
+ case choice_DirectoryString_bmpString: {
+ uint16_t *bmp = ds->u.bmpString.data;
+ size_t bmplen = ds->u.bmpString.length;
+ size_t k;
+
+ ss = malloc(bmplen + 1);
+ if (ss == NULL)
+ _hx509_abort("allocation failure"); /* XXX */
+ for (k = 0; k < bmplen; k++)
+ ss[k] = bmp[k] & 0xff; /* XXX */
+ ss[k] = '\0';
+ break;
+ }
+ case choice_DirectoryString_teletexString:
+ ss = malloc(ds->u.teletexString.length + 1);
+ if (ss == NULL)
+ _hx509_abort("allocation failure"); /* XXX */
+ memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length);
+ ss[ds->u.teletexString.length] = '\0';
+ break;
+ case choice_DirectoryString_universalString: {
+ uint32_t *uni = ds->u.universalString.data;
+ size_t unilen = ds->u.universalString.length;
+ size_t k;
+
+ ss = malloc(unilen + 1);
+ if (ss == NULL)
+ _hx509_abort("allocation failure"); /* XXX */
+ for (k = 0; k < unilen; k++)
+ ss[k] = uni[k] & 0xff; /* XXX */
+ ss[k] = '\0';
+ break;
+ }
+ default:
+ _hx509_abort("unknown directory type: %d", ds->element);
+ exit(1);
+ }
+ append_string(str, &total_len, oidname, strlen(oidname), 0);
+ free(oidname);
+ append_string(str, &total_len, "=", 1, 0);
+ len = strlen(ss);
+ append_string(str, &total_len, ss, len, 1);
+ if (ds->element == choice_DirectoryString_universalString ||
+ ds->element == choice_DirectoryString_bmpString ||
+ ds->element == choice_DirectoryString_teletexString)
+ {
+ free(ss);
+ }
+ if (j + 1 < n->u.rdnSequence.val[i].len)
+ append_string(str, &total_len, "+", 1, 0);
+ }
+
+ if (i > 0)
+ append_string(str, &total_len, ",", 1, 0);
+ }
+ return 0;
+}
+
+/*
+ * XXX this function is broken, it needs to compare code points, not
+ * bytes.
+ */
+
+static void
+prune_space(const unsigned char **s)
+{
+ while (**s == ' ')
+ (*s)++;
+}
+
+int
+_hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2)
+{
+ int c;
+
+ c = ds1->element - ds2->element;
+ if (c)
+ return c;
+
+ switch(ds1->element) {
+ case choice_DirectoryString_ia5String:
+ c = strcmp(ds1->u.ia5String, ds2->u.ia5String);
+ break;
+ case choice_DirectoryString_teletexString:
+ c = der_heim_octet_string_cmp(&ds1->u.teletexString,
+ &ds2->u.teletexString);
+ break;
+ case choice_DirectoryString_printableString: {
+ const unsigned char *s1 = (unsigned char*)ds1->u.printableString;
+ const unsigned char *s2 = (unsigned char*)ds2->u.printableString;
+ prune_space(&s1); prune_space(&s2);
+ while (*s1 && *s2) {
+ if (toupper(*s1) != toupper(*s2)) {
+ c = toupper(*s1) - toupper(*s2);
+ break;
+ }
+ if (*s1 == ' ') { prune_space(&s1); prune_space(&s2); }
+ else { s1++; s2++; }
+ }
+ prune_space(&s1); prune_space(&s2);
+ c = *s1 - *s2;
+ break;
+ }
+ case choice_DirectoryString_utf8String:
+ c = strcmp(ds1->u.utf8String, ds2->u.utf8String);
+ break;
+ case choice_DirectoryString_universalString:
+ c = der_heim_universal_string_cmp(&ds1->u.universalString,
+ &ds2->u.universalString);
+ break;
+ case choice_DirectoryString_bmpString:
+ c = der_heim_bmp_string_cmp(&ds1->u.bmpString,
+ &ds2->u.bmpString);
+ break;
+ default:
+ c = 1;
+ break;
+ }
+ return c;
+}
+
+int
+_hx509_name_cmp(const Name *n1, const Name *n2)
+{
+ int i, j, c;
+
+ c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
+ if (c)
+ return c;
+
+ for (i = 0 ; i < n1->u.rdnSequence.len; i++) {
+ c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len;
+ if (c)
+ return c;
+
+ for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) {
+ c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type,
+ &n1->u.rdnSequence.val[i].val[j].type);
+ if (c)
+ return c;
+
+ c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value,
+ &n2->u.rdnSequence.val[i].val[j].value);
+ if (c)
+ return c;
+ }
+ }
+ return 0;
+}
+
+/**
+ * Compare to hx509 name object, useful for sorting.
+ *
+ * @param n1 a hx509 name object.
+ * @param n2 a hx509 name object.
+ *
+ * @return 0 the objects are the same, returns > 0 is n2 is "larger"
+ * then n2, < 0 if n1 is "smaller" then n2.
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_cmp(hx509_name n1, hx509_name n2)
+{
+ return _hx509_name_cmp(&n1->der_name, &n2->der_name);
+}
+
+
+int
+_hx509_name_from_Name(const Name *n, hx509_name *name)
+{
+ int ret;
+ *name = calloc(1, sizeof(**name));
+ if (*name == NULL)
+ return ENOMEM;
+ ret = copy_Name(n, &(*name)->der_name);
+ if (ret) {
+ free(*name);
+ *name = NULL;
+ }
+ return ret;
+}
+
+int
+_hx509_name_modify(hx509_context context,
+ Name *name,
+ int append,
+ const heim_oid *oid,
+ const char *str)
+{
+ RelativeDistinguishedName *rdn;
+ int ret;
+ void *ptr;
+
+ ptr = realloc(name->u.rdnSequence.val,
+ sizeof(name->u.rdnSequence.val[0]) *
+ (name->u.rdnSequence.len + 1));
+ if (ptr == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "Out of memory");
+ return ENOMEM;
+ }
+ name->u.rdnSequence.val = ptr;
+
+ if (append) {
+ rdn = &name->u.rdnSequence.val[name->u.rdnSequence.len];
+ } else {
+ memmove(&name->u.rdnSequence.val[1],
+ &name->u.rdnSequence.val[0],
+ name->u.rdnSequence.len *
+ sizeof(name->u.rdnSequence.val[0]));
+
+ rdn = &name->u.rdnSequence.val[0];
+ }
+ rdn->val = malloc(sizeof(rdn->val[0]));
+ if (rdn->val == NULL)
+ return ENOMEM;
+ rdn->len = 1;
+ ret = der_copy_oid(oid, &rdn->val[0].type);
+ if (ret)
+ return ret;
+ rdn->val[0].value.element = choice_DirectoryString_utf8String;
+ rdn->val[0].value.u.utf8String = strdup(str);
+ if (rdn->val[0].value.u.utf8String == NULL)
+ return ENOMEM;
+ name->u.rdnSequence.len += 1;
+
+ return 0;
+}
+
+/**
+ * Parse a string into a hx509 name object.
+ *
+ * @param context A hx509 context.
+ * @param str a string to parse.
+ * @param name the resulting object, NULL in case of error.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
+{
+ const char *p, *q;
+ size_t len;
+ hx509_name n;
+ int ret;
+
+ *name = NULL;
+
+ n = calloc(1, sizeof(*n));
+ if (n == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ n->der_name.element = choice_Name_rdnSequence;
+
+ p = str;
+
+ while (p != NULL && *p != '\0') {
+ heim_oid oid;
+ int last;
+
+ q = strchr(p, ',');
+ if (q) {
+ len = (q - p);
+ last = 1;
+ } else {
+ len = strlen(p);
+ last = 0;
+ }
+
+ q = strchr(p, '=');
+ if (q == NULL) {
+ ret = HX509_PARSING_NAME_FAILED;
+ hx509_set_error_string(context, 0, ret, "missing = in %s", p);
+ goto out;
+ }
+ if (q == p) {
+ ret = HX509_PARSING_NAME_FAILED;
+ hx509_set_error_string(context, 0, ret,
+ "missing name before = in %s", p);
+ goto out;
+ }
+
+ if ((q - p) > len) {
+ ret = HX509_PARSING_NAME_FAILED;
+ hx509_set_error_string(context, 0, ret, " = after , in %s", p);
+ goto out;
+ }
+
+ ret = stringtooid(p, q - p, &oid);
+ if (ret) {
+ ret = HX509_PARSING_NAME_FAILED;
+ hx509_set_error_string(context, 0, ret,
+ "unknown type: %.*s", (int)(q - p), p);
+ goto out;
+ }
+
+ {
+ size_t pstr_len = len - (q - p) - 1;
+ const char *pstr = p + (q - p) + 1;
+ char *r;
+
+ r = malloc(pstr_len + 1);
+ if (r == NULL) {
+ der_free_oid(&oid);
+ ret = ENOMEM;
+ hx509_set_error_string(context, 0, ret, "out of memory");
+ goto out;
+ }
+ memcpy(r, pstr, pstr_len);
+ r[pstr_len] = '\0';
+
+ ret = _hx509_name_modify(context, &n->der_name, 0, &oid, r);
+ free(r);
+ der_free_oid(&oid);
+ if(ret)
+ goto out;
+ }
+ p += len + last;
+ }
+
+ *name = n;
+
+ return 0;
+out:
+ hx509_name_free(&n);
+ return HX509_NAME_MALFORMED;
+}
+
+/**
+ * Copy a hx509 name object.
+ *
+ * @param context A hx509 cotext.
+ * @param from the name to copy from
+ * @param to the name to copy to
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to)
+{
+ int ret;
+
+ *to = calloc(1, sizeof(**to));
+ if (*to == NULL)
+ return ENOMEM;
+ ret = copy_Name(&from->der_name, &(*to)->der_name);
+ if (ret) {
+ free(*to);
+ *to = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+/**
+ * Convert a hx509_name into a Name.
+ *
+ * @param from the name to copy from
+ * @param to the name to copy to
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_to_Name(const hx509_name from, Name *to)
+{
+ return copy_Name(&from->der_name, to);
+}
+
+int
+hx509_name_normalize(hx509_context context, hx509_name name)
+{
+ return 0;
+}
+
+/**
+ * Expands variables in the name using env. Variables are on the form
+ * ${name}. Useful when dealing with certificate templates.
+ *
+ * @param context A hx509 cotext.
+ * @param name the name to expand.
+ * @param env environment variable to expand.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_expand(hx509_context context,
+ hx509_name name,
+ hx509_env env)
+{
+ Name *n = &name->der_name;
+ int i, j;
+
+ if (env == NULL)
+ return 0;
+
+ if (n->element != choice_Name_rdnSequence) {
+ hx509_set_error_string(context, 0, EINVAL, "RDN not of supported type");
+ return EINVAL;
+ }
+
+ for (i = 0 ; i < n->u.rdnSequence.len; i++) {
+ for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
+ /** Only UTF8String rdnSequence names are allowed */
+ /*
+ THIS SHOULD REALLY BE:
+ COMP = n->u.rdnSequence.val[i].val[j];
+ normalize COMP to utf8
+ check if there are variables
+ expand variables
+ convert back to orignal format, store in COMP
+ free normalized utf8 string
+ */
+ DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
+ char *p, *p2;
+ struct rk_strpool *strpool = NULL;
+
+ if (ds->element != choice_DirectoryString_utf8String) {
+ hx509_set_error_string(context, 0, EINVAL, "unsupported type");
+ return EINVAL;
+ }
+ p = strstr(ds->u.utf8String, "${");
+ if (p) {
+ strpool = rk_strpoolprintf(strpool, "%.*s",
+ (int)(p - ds->u.utf8String),
+ ds->u.utf8String);
+ if (strpool == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ }
+ while (p != NULL) {
+ /* expand variables */
+ const char *value;
+ p2 = strchr(p, '}');
+ if (p2 == NULL) {
+ hx509_set_error_string(context, 0, EINVAL, "missing }");
+ rk_strpoolfree(strpool);
+ return EINVAL;
+ }
+ p += 2;
+ value = hx509_env_lfind(context, env, p, p2 - p);
+ if (value == NULL) {
+ hx509_set_error_string(context, 0, EINVAL,
+ "variable %.*s missing",
+ (int)(p2 - p), p);
+ rk_strpoolfree(strpool);
+ return EINVAL;
+ }
+ strpool = rk_strpoolprintf(strpool, "%s", value);
+ if (strpool == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ p2++;
+
+ p = strstr(p2, "${");
+ if (p)
+ strpool = rk_strpoolprintf(strpool, "%.*s",
+ (int)(p - p2), p2);
+ else
+ strpool = rk_strpoolprintf(strpool, "%s", p2);
+ if (strpool == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ }
+ if (strpool) {
+ free(ds->u.utf8String);
+ ds->u.utf8String = rk_strpoolcollect(strpool);
+ if (ds->u.utf8String == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ }
+ }
+ }
+ return 0;
+}
+
+/**
+ * Free a hx509 name object, upond return *name will be NULL.
+ *
+ * @param name a hx509 name object to be freed.
+ *
+ * @ingroup hx509_name
+ */
+
+void
+hx509_name_free(hx509_name *name)
+{
+ free_Name(&(*name)->der_name);
+ memset(*name, 0, sizeof(**name));
+ free(*name);
+ *name = NULL;
+}
+
+/**
+ * Convert a DER encoded name info a string.
+ *
+ * @param data data to a DER/BER encoded name
+ * @param length length of data
+ * @param str the resulting string, is NULL on failure.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_unparse_der_name(const void *data, size_t length, char **str)
+{
+ Name name;
+ int ret;
+
+ *str = NULL;
+
+ ret = decode_Name(data, length, &name, NULL);
+ if (ret)
+ return ret;
+ ret = _hx509_Name_to_string(&name, str);
+ free_Name(&name);
+ return ret;
+}
+
+/**
+ * Convert a hx509_name object to DER encoded name.
+ *
+ * @param name name to concert
+ * @param os data to a DER encoded name, free the resulting octet
+ * string with hx509_xfree(os->data).
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_binary(const hx509_name name, heim_octet_string *os)
+{
+ size_t size;
+ int ret;
+
+ ASN1_MALLOC_ENCODE(Name, os->data, os->length, &name->der_name, &size, ret);
+ if (ret)
+ return ret;
+ if (os->length != size)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ return 0;
+}
+
+int
+_hx509_unparse_Name(const Name *aname, char **str)
+{
+ hx509_name name;
+ int ret;
+
+ ret = _hx509_name_from_Name(aname, &name);
+ if (ret)
+ return ret;
+
+ ret = hx509_name_to_string(name, str);
+ hx509_name_free(&name);
+ return ret;
+}
+
+/**
+ * Unparse the hx509 name in name into a string.
+ *
+ * @param name the name to check if its empty/null.
+ *
+ * @return non zero if the name is empty/null.
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_name_is_null_p(const hx509_name name)
+{
+ return name->der_name.u.rdnSequence.len == 0;
+}
+
+/**
+ * Unparse the hx509 name in name into a string.
+ *
+ * @param name the name to print
+ * @param str an allocated string returns the name in string form
+ *
+ * @return An hx509 error code, see krb5_get_error_string().
+ *
+ * @ingroup hx509_name
+ */
+
+int
+hx509_general_name_unparse(GeneralName *name, char **str)
+{
+ struct rk_strpool *strpool = NULL;
+
+ *str = NULL;
+
+ switch (name->element) {
+ case choice_GeneralName_otherName: {
+ char *str;
+ hx509_oid_sprint(&name->u.otherName.type_id, &str);
+ if (str == NULL)
+ return ENOMEM;
+ strpool = rk_strpoolprintf(strpool, "otherName: %s", str);
+ free(str);
+ break;
+ }
+ case choice_GeneralName_rfc822Name:
+ strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n",
+ name->u.rfc822Name);
+ break;
+ case choice_GeneralName_dNSName:
+ strpool = rk_strpoolprintf(strpool, "dNSName: %s\n",
+ name->u.dNSName);
+ break;
+ case choice_GeneralName_directoryName: {
+ Name dir;
+ char *s;
+ int ret;
+ memset(&dir, 0, sizeof(dir));
+ dir.element = name->u.directoryName.element;
+ dir.u.rdnSequence = name->u.directoryName.u.rdnSequence;
+ ret = _hx509_unparse_Name(&dir, &s);
+ if (ret)
+ return ret;
+ strpool = rk_strpoolprintf(strpool, "directoryName: %s", s);
+ free(s);
+ break;
+ }
+ case choice_GeneralName_uniformResourceIdentifier:
+ strpool = rk_strpoolprintf(strpool, "URI: %s",
+ name->u.uniformResourceIdentifier);
+ break;
+ case choice_GeneralName_iPAddress: {
+ unsigned char *a = name->u.iPAddress.data;
+
+ strpool = rk_strpoolprintf(strpool, "IPAddress: ");
+ if (strpool == NULL)
+ break;
+ if (name->u.iPAddress.length == 4)
+ strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d",
+ a[0], a[1], a[2], a[3]);
+ else if (name->u.iPAddress.length == 16)
+ strpool = rk_strpoolprintf(strpool,
+ "%02X:%02X:%02X:%02X:"
+ "%02X:%02X:%02X:%02X:"
+ "%02X:%02X:%02X:%02X:"
+ "%02X:%02X:%02X:%02X",
+ a[0], a[1], a[2], a[3],
+ a[4], a[5], a[6], a[7],
+ a[8], a[9], a[10], a[11],
+ a[12], a[13], a[14], a[15]);
+ else
+ strpool = rk_strpoolprintf(strpool,
+ "unknown IP address of length %lu",
+ (unsigned long)name->u.iPAddress.length);
+ break;
+ }
+ case choice_GeneralName_registeredID: {
+ char *str;
+ hx509_oid_sprint(&name->u.registeredID, &str);
+ if (str == NULL)
+ return ENOMEM;
+ strpool = rk_strpoolprintf(strpool, "registeredID: %s", str);
+ free(str);
+ break;
+ }
+ default:
+ return EINVAL;
+ }
+ if (strpool == NULL)
+ return ENOMEM;
+
+ *str = rk_strpoolcollect(strpool);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ocsp.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ocsp.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ocsp.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,113 @@
+-- From rfc2560
+-- $Id: ocsp.asn1,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+OCSP DEFINITIONS EXPLICIT TAGS::=
+
+BEGIN
+
+IMPORTS
+ Certificate, AlgorithmIdentifier, CRLReason,
+ Name, GeneralName, CertificateSerialNumber, Extensions
+ FROM rfc2459;
+
+OCSPVersion ::= INTEGER { ocsp-v1(0) }
+
+OCSPCertStatus ::= CHOICE {
+ good [0] IMPLICIT NULL,
+ revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
+ revocationTime GeneralizedTime,
+ revocationReason[0] EXPLICIT CRLReason OPTIONAL
+ },
+ unknown [2] IMPLICIT NULL }
+
+OCSPCertID ::= SEQUENCE {
+ hashAlgorithm AlgorithmIdentifier,
+ issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ serialNumber CertificateSerialNumber }
+
+OCSPSingleResponse ::= SEQUENCE {
+ certID OCSPCertID,
+ certStatus OCSPCertStatus,
+ thisUpdate GeneralizedTime,
+ nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
+ singleExtensions [1] EXPLICIT Extensions OPTIONAL }
+
+OCSPInnerRequest ::= SEQUENCE {
+ reqCert OCSPCertID,
+ singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
+
+OCSPTBSRequest ::= SEQUENCE {
+ version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
+ requestorName [1] EXPLICIT GeneralName OPTIONAL,
+ requestList SEQUENCE OF OCSPInnerRequest,
+ requestExtensions [2] EXPLICIT Extensions OPTIONAL }
+
+OCSPSignature ::= SEQUENCE {
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING,
+ certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+OCSPRequest ::= SEQUENCE {
+ tbsRequest OCSPTBSRequest,
+ optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL }
+
+OCSPResponseBytes ::= SEQUENCE {
+ responseType OBJECT IDENTIFIER,
+ response OCTET STRING }
+
+OCSPResponseStatus ::= ENUMERATED {
+ successful (0), --Response has valid confirmations
+ malformedRequest (1), --Illegal confirmation request
+ internalError (2), --Internal error in issuer
+ tryLater (3), --Try again later
+ --(4) is not used
+ sigRequired (5), --Must sign the request
+ unauthorized (6) --Request unauthorized
+}
+
+OCSPResponse ::= SEQUENCE {
+ responseStatus OCSPResponseStatus,
+ responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL }
+
+OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ --(excluding the tag and length fields)
+
+OCSPResponderID ::= CHOICE {
+ byName [1] Name,
+ byKey [2] OCSPKeyHash }
+
+OCSPResponseData ::= SEQUENCE {
+ version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
+ responderID OCSPResponderID,
+ producedAt GeneralizedTime,
+ responses SEQUENCE OF OCSPSingleResponse,
+ responseExtensions [1] EXPLICIT Extensions OPTIONAL }
+
+OCSPBasicOCSPResponse ::= SEQUENCE {
+ tbsResponseData OCSPResponseData,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING,
+ certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+-- ArchiveCutoff ::= GeneralizedTime
+
+-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
+
+-- Object Identifiers
+
+id-pkix-ocsp OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
+}
+
+id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+
+END
+
Added: vendor-crypto/heimdal/dist/lib/hx509/peer.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/peer.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/peer.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: peer.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_peer Hx509 crypto selecting functions
+ *
+ * Peer info structures are used togeter with hx509_crypto_select() to
+ * select the best avaible crypto algorithm to use.
+ *
+ * See the library functions here: @ref hx509_peer
+ */
+
+/**
+ * Allocate a new peer info structure an init it to default values.
+ *
+ * @param context A hx509 context.
+ * @param peer return an allocated peer, free with hx509_peer_info_free().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_peer
+ */
+
+int
+hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)
+{
+ *peer = calloc(1, sizeof(**peer));
+ if (*peer == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+
+static void
+free_cms_alg(hx509_peer_info peer)
+{
+ if (peer->val) {
+ size_t i;
+ for (i = 0; i < peer->len; i++)
+ free_AlgorithmIdentifier(&peer->val[i]);
+ free(peer->val);
+ peer->val = NULL;
+ peer->len = 0;
+ }
+}
+
+/**
+ * Free a peer info structure.
+ *
+ * @param peer peer info to be freed.
+ *
+ * @ingroup hx509_peer
+ */
+
+void
+hx509_peer_info_free(hx509_peer_info peer)
+{
+ if (peer == NULL)
+ return;
+ if (peer->cert)
+ hx509_cert_free(peer->cert);
+ free_cms_alg(peer);
+ memset(peer, 0, sizeof(*peer));
+ free(peer);
+}
+
+/**
+ * Set the certificate that remote peer is using.
+ *
+ * @param peer peer info to update
+ * @param cert cerificate of the remote peer.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_peer
+ */
+
+int
+hx509_peer_info_set_cert(hx509_peer_info peer,
+ hx509_cert cert)
+{
+ if (peer->cert)
+ hx509_cert_free(peer->cert);
+ peer->cert = hx509_cert_ref(cert);
+ return 0;
+}
+
+/**
+ * Set the algorithms that the peer supports.
+ *
+ * @param context A hx509 context.
+ * @param peer the peer to set the new algorithms for
+ * @param val array of supported AlgorithmsIdentiers
+ * @param len length of array val.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_peer
+ */
+
+int
+hx509_peer_info_set_cms_algs(hx509_context context,
+ hx509_peer_info peer,
+ const AlgorithmIdentifier *val,
+ size_t len)
+{
+ size_t i;
+
+ free_cms_alg(peer);
+
+ peer->val = calloc(len, sizeof(*peer->val));
+ if (peer->val == NULL) {
+ peer->len = 0;
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+ peer->len = len;
+ for (i = 0; i < len; i++) {
+ int ret;
+ ret = copy_AlgorithmIdentifier(&val[i], &peer->val[i]);
+ if (ret) {
+ hx509_clear_error_string(context);
+ free_cms_alg(peer);
+ return ret;
+ }
+ }
+ return 0;
+}
+
+#if 0
+
+/*
+ * S/MIME
+ */
+
+int
+hx509_peer_info_parse_smime(hx509_peer_info peer,
+ const heim_octet_string *data)
+{
+ return 0;
+}
+
+int
+hx509_peer_info_unparse_smime(hx509_peer_info peer,
+ heim_octet_string *data)
+{
+ return 0;
+}
+
+/*
+ * For storing hx509_peer_info to be able to cache them.
+ */
+
+int
+hx509_peer_info_parse(hx509_peer_info peer,
+ const heim_octet_string *data)
+{
+ return 0;
+}
+
+int
+hx509_peer_info_unparse(hx509_peer_info peer,
+ heim_octet_string *data)
+{
+ return 0;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/hx509/pkcs10.asn1
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/pkcs10.asn1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/pkcs10.asn1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,25 @@
+-- $Id: pkcs10.asn1,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+PKCS10 DEFINITIONS ::=
+
+BEGIN
+
+IMPORTS
+ Name, SubjectPublicKeyInfo, Attribute, AlgorithmIdentifier
+ FROM rfc2459;
+
+
+CertificationRequestInfo ::= SEQUENCE {
+ version INTEGER { pkcs10-v1(0) },
+ subject Name,
+ subjectPKInfo SubjectPublicKeyInfo,
+ attributes [0] IMPLICIT SET OF Attribute OPTIONAL
+}
+
+CertificationRequest ::= SEQUENCE {
+ certificationRequestInfo CertificationRequestInfo,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING
+}
+
+END
+
Added: vendor-crypto/heimdal/dist/lib/hx509/print.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/print.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/print.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,990 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: print.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * @page page_print Hx509 printing functions
+ *
+ * See the library functions here: @ref hx509_print
+ */
+
+struct hx509_validate_ctx_data {
+ int flags;
+ hx509_vprint_func vprint_func;
+ void *ctx;
+};
+
+struct cert_status {
+ unsigned int selfsigned:1;
+ unsigned int isca:1;
+ unsigned int isproxy:1;
+ unsigned int haveSAN:1;
+ unsigned int haveIAN:1;
+ unsigned int haveSKI:1;
+ unsigned int haveAKI:1;
+ unsigned int haveCRLDP:1;
+};
+
+
+/*
+ *
+ */
+
+static int
+Time2string(const Time *T, char **str)
+{
+ time_t t;
+ char *s;
+ struct tm *tm;
+
+ *str = NULL;
+ t = _hx509_Time2time_t(T);
+ tm = gmtime (&t);
+ s = malloc(30);
+ if (s == NULL)
+ return ENOMEM;
+ strftime(s, 30, "%Y-%m-%d %H:%M:%S", tm);
+ *str = s;
+ return 0;
+}
+
+/**
+ * Helper function to print on stdout for:
+ * - hx509_oid_print(),
+ * - hx509_bitstring_print(),
+ * - hx509_validate_ctx_set_print().
+ *
+ * @param ctx the context to the print function. If the ctx is NULL,
+ * stdout is used.
+ * @param fmt the printing format.
+ * @param va the argumet list.
+ *
+ * @ingroup hx509_print
+ */
+
+void
+hx509_print_stdout(void *ctx, const char *fmt, va_list va)
+{
+ FILE *f = ctx;
+ if (f == NULL)
+ f = stdout;
+ vfprintf(f, fmt, va);
+}
+
+static void
+print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...)
+{
+ va_list va;
+ va_start(va, fmt);
+ (*func)(ctx, fmt, va);
+ va_end(va);
+}
+
+/**
+ * Print a oid to a string.
+ *
+ * @param oid oid to print
+ * @param str allocated string, free with hx509_xfree().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_print
+ */
+
+int
+hx509_oid_sprint(const heim_oid *oid, char **str)
+{
+ return der_print_heim_oid(oid, '.', str);
+}
+
+/**
+ * Print a oid using a hx509_vprint_func function. To print to stdout
+ * use hx509_print_stdout().
+ *
+ * @param oid oid to print
+ * @param func hx509_vprint_func to print with.
+ * @param ctx context variable to hx509_vprint_func function.
+ *
+ * @ingroup hx509_print
+ */
+
+void
+hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx)
+{
+ char *str;
+ hx509_oid_sprint(oid, &str);
+ print_func(func, ctx, "%s", str);
+ free(str);
+}
+
+/**
+ * Print a bitstring using a hx509_vprint_func function. To print to
+ * stdout use hx509_print_stdout().
+ *
+ * @param b bit string to print.
+ * @param func hx509_vprint_func to print with.
+ * @param ctx context variable to hx509_vprint_func function.
+ *
+ * @ingroup hx509_print
+ */
+
+void
+hx509_bitstring_print(const heim_bit_string *b,
+ hx509_vprint_func func, void *ctx)
+{
+ int i;
+ print_func(func, ctx, "\tlength: %d\n\t", b->length);
+ for (i = 0; i < (b->length + 7) / 8; i++)
+ print_func(func, ctx, "%02x%s%s",
+ ((unsigned char *)b->data)[i],
+ i < (b->length - 7) / 8
+ && (i == 0 || (i % 16) != 15) ? ":" : "",
+ i != 0 && (i % 16) == 15 ?
+ (i <= ((b->length + 7) / 8 - 2) ? "\n\t" : "\n"):"");
+}
+
+/**
+ * Print certificate usage for a certificate to a string.
+ *
+ * @param context A hx509 context.
+ * @param c a certificate print the keyusage for.
+ * @param s the return string with the keysage printed in to, free
+ * with hx509_xfree().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_print
+ */
+
+int
+hx509_cert_keyusage_print(hx509_context context, hx509_cert c, char **s)
+{
+ KeyUsage ku;
+ char buf[256];
+ int ret;
+
+ *s = NULL;
+
+ ret = _hx509_cert_get_keyusage(context, c, &ku);
+ if (ret)
+ return ret;
+ unparse_flags(KeyUsage2int(ku), asn1_KeyUsage_units(), buf, sizeof(buf));
+ *s = strdup(buf);
+ if (*s == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static void
+validate_vprint(void *c, const char *fmt, va_list va)
+{
+ hx509_validate_ctx ctx = c;
+ if (ctx->vprint_func == NULL)
+ return;
+ (ctx->vprint_func)(ctx->ctx, fmt, va);
+}
+
+static void
+validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...)
+{
+ va_list va;
+ if ((ctx->flags & flags) == 0)
+ return;
+ va_start(va, fmt);
+ validate_vprint(ctx, fmt, va);
+ va_end(va);
+}
+
+/*
+ * Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical,
+ * MUST NOT critical
+ */
+enum critical_flag { D_C = 0, S_C, S_N_C, M_C, M_N_C };
+
+static int
+check_Null(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf, const Extension *e)
+{
+ switch(cf) {
+ case D_C:
+ break;
+ case S_C:
+ if (!e->critical)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "\tCritical not set on SHOULD\n");
+ break;
+ case S_N_C:
+ if (e->critical)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "\tCritical set on SHOULD NOT\n");
+ break;
+ case M_C:
+ if (!e->critical)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "\tCritical not set on MUST\n");
+ break;
+ case M_N_C:
+ if (e->critical)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "\tCritical set on MUST NOT\n");
+ break;
+ default:
+ _hx509_abort("internal check_Null state error");
+ }
+ return 0;
+}
+
+static int
+check_subjectKeyIdentifier(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ SubjectKeyIdentifier si;
+ size_t size;
+ int ret;
+
+ status->haveSKI = 1;
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_SubjectKeyIdentifier(e->extnValue.data,
+ e->extnValue.length,
+ &si, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding SubjectKeyIdentifier failed: %d", ret);
+ return 1;
+ }
+ if (size != e->extnValue.length) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding SKI ahve extra bits on the end");
+ return 1;
+ }
+ if (si.length == 0)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "SKI is too short (0 bytes)");
+ if (si.length > 20)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "SKI is too long");
+
+ {
+ char *id;
+ hex_encode(si.data, si.length, &id);
+ if (id) {
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\tsubject key id: %s\n", id);
+ free(id);
+ }
+ }
+
+ free_SubjectKeyIdentifier(&si);
+
+ return 0;
+}
+
+static int
+check_authorityKeyIdentifier(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ AuthorityKeyIdentifier ai;
+ size_t size;
+ int ret;
+
+ status->haveAKI = 1;
+ check_Null(ctx, status, cf, e);
+
+ status->haveSKI = 1;
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_AuthorityKeyIdentifier(e->extnValue.data,
+ e->extnValue.length,
+ &ai, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding AuthorityKeyIdentifier failed: %d", ret);
+ return 1;
+ }
+ if (size != e->extnValue.length) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding SKI ahve extra bits on the end");
+ return 1;
+ }
+
+ if (ai.keyIdentifier) {
+ char *id;
+ hex_encode(ai.keyIdentifier->data, ai.keyIdentifier->length, &id);
+ if (id) {
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\tauthority key id: %s\n", id);
+ free(id);
+ }
+ }
+
+ return 0;
+}
+
+
+static int
+check_pkinit_san(hx509_validate_ctx ctx, heim_any *a)
+{
+ KRB5PrincipalName kn;
+ unsigned i;
+ size_t size;
+ int ret;
+
+ ret = decode_KRB5PrincipalName(a->data, a->length, &kn, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding kerberos name in SAN failed: %d", ret);
+ return 1;
+ }
+
+ if (size != a->length) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding kerberos name have extra bits on the end");
+ return 1;
+ }
+
+ /* print kerberos principal, add code to quote / within components */
+ for (i = 0; i < kn.principalName.name_string.len; i++) {
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s",
+ kn.principalName.name_string.val[i]);
+ if (i + 1 < kn.principalName.name_string.len)
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/");
+ }
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "@");
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", kn.realm);
+
+ free_KRB5PrincipalName(&kn);
+ return 0;
+}
+
+static int
+check_utf8_string_san(hx509_validate_ctx ctx, heim_any *a)
+{
+ PKIXXmppAddr jid;
+ size_t size;
+ int ret;
+
+ ret = decode_PKIXXmppAddr(a->data, a->length, &jid, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding JID in SAN failed: %d", ret);
+ return 1;
+ }
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", jid);
+ free_PKIXXmppAddr(&jid);
+
+ return 0;
+}
+
+static int
+check_altnull(hx509_validate_ctx ctx, heim_any *a)
+{
+ return 0;
+}
+
+static int
+check_CRLDistributionPoints(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ CRLDistributionPoints dp;
+ size_t size;
+ int ret, i;
+
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_CRLDistributionPoints(e->extnValue.data,
+ e->extnValue.length,
+ &dp, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Decoding CRL Distribution Points failed: %d\n", ret);
+ return 1;
+ }
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "CRL Distribution Points:\n");
+ for (i = 0 ; i < dp.len; i++) {
+ if (dp.val[i].distributionPoint) {
+ DistributionPointName dpname;
+ heim_any *data = dp.val[i].distributionPoint;
+ int j;
+
+ ret = decode_DistributionPointName(data->data, data->length,
+ &dpname, NULL);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Failed to parse CRL Distribution Point Name: %d\n", ret);
+ continue;
+ }
+
+ switch (dpname.element) {
+ case choice_DistributionPointName_fullName:
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n");
+
+ for (j = 0 ; j < dpname.u.fullName.len; j++) {
+ char *s;
+ GeneralName *name = &dpname.u.fullName.val[j];
+
+ ret = hx509_general_name_unparse(name, &s);
+ if (ret == 0 && s != NULL) {
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " %s\n", s);
+ free(s);
+ }
+ }
+ break;
+ case choice_DistributionPointName_nameRelativeToCRLIssuer:
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "Unknown nameRelativeToCRLIssuer");
+ break;
+ default:
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Unknown DistributionPointName");
+ break;
+ }
+ free_DistributionPointName(&dpname);
+ }
+ }
+ free_CRLDistributionPoints(&dp);
+
+ status->haveCRLDP = 1;
+
+ return 0;
+}
+
+
+struct {
+ const char *name;
+ const heim_oid *(*oid)(void);
+ int (*func)(hx509_validate_ctx, heim_any *);
+} check_altname[] = {
+ { "pk-init", oid_id_pkinit_san, check_pkinit_san },
+ { "jabber", oid_id_pkix_on_xmppAddr, check_utf8_string_san },
+ { "dns-srv", oid_id_pkix_on_dnsSRV, check_altnull },
+ { "card-id", oid_id_uspkicommon_card_id, check_altnull },
+ { "Microsoft NT-PRINCIPAL-NAME", oid_id_pkinit_ms_san, check_utf8_string_san }
+};
+
+static int
+check_altName(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ const char *name,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ GeneralNames gn;
+ size_t size;
+ int ret, i;
+
+ check_Null(ctx, status, cf, e);
+
+ if (e->extnValue.length == 0) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "%sAltName empty, not allowed", name);
+ return 1;
+ }
+ ret = decode_GeneralNames(e->extnValue.data, e->extnValue.length,
+ &gn, &size);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "\tret = %d while decoding %s GeneralNames\n",
+ ret, name);
+ return 1;
+ }
+ if (gn.len == 0) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "%sAltName generalName empty, not allowed\n", name);
+ return 1;
+ }
+
+ for (i = 0; i < gn.len; i++) {
+ switch (gn.val[i].element) {
+ case choice_GeneralName_otherName: {
+ unsigned j;
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "%sAltName otherName ", name);
+
+ for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) {
+ if (der_heim_oid_cmp((*check_altname[j].oid)(),
+ &gn.val[i].u.otherName.type_id) != 0)
+ continue;
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ",
+ check_altname[j].name);
+ (*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value);
+ break;
+ }
+ if (j == sizeof(check_altname)/sizeof(check_altname[0])) {
+ hx509_oid_print(&gn.val[i].u.otherName.type_id,
+ validate_vprint, ctx);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " unknown");
+ }
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n");
+ break;
+ }
+ default: {
+ char *s;
+ ret = hx509_general_name_unparse(&gn.val[i], &s);
+ if (ret) {
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "ret = %d unparsing GeneralName\n", ret);
+ return 1;
+ }
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s\n", s);
+ free(s);
+ break;
+ }
+ }
+ }
+
+ free_GeneralNames(&gn);
+
+ return 0;
+}
+
+static int
+check_subjectAltName(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ status->haveSAN = 1;
+ return check_altName(ctx, status, "subject", cf, e);
+}
+
+static int
+check_issuerAltName(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ status->haveIAN = 1;
+ return check_altName(ctx, status, "issuer", cf, e);
+}
+
+
+static int
+check_basicConstraints(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ BasicConstraints b;
+ size_t size;
+ int ret;
+
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length,
+ &b, &size);
+ if (ret) {
+ printf("\tret = %d while decoding BasicConstraints\n", ret);
+ return 0;
+ }
+ if (size != e->extnValue.length)
+ printf("\tlength of der data isn't same as extension\n");
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\tis %sa CA\n", b.cA && *b.cA ? "" : "NOT ");
+ if (b.pathLenConstraint)
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\tpathLenConstraint: %d\n", *b.pathLenConstraint);
+
+ if (b.cA) {
+ if (*b.cA) {
+ if (!e->critical)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Is a CA and not BasicConstraints CRITICAL\n");
+ status->isca = 1;
+ }
+ else
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "cA is FALSE, not allowed to be\n");
+ }
+ free_BasicConstraints(&b);
+
+ return 0;
+}
+
+static int
+check_proxyCertInfo(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ check_Null(ctx, status, cf, e);
+ status->isproxy = 1;
+ return 0;
+}
+
+static int
+check_authorityInfoAccess(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *e)
+{
+ AuthorityInfoAccessSyntax aia;
+ size_t size;
+ int ret, i;
+
+ check_Null(ctx, status, cf, e);
+
+ ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
+ e->extnValue.length,
+ &aia, &size);
+ if (ret) {
+ printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
+ return 0;
+ }
+
+ for (i = 0; i < aia.len; i++) {
+ char *str;
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\ttype: ");
+ hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
+ hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\n\tdirname: %s\n", str);
+ free(str);
+ }
+ free_AuthorityInfoAccessSyntax(&aia);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+struct {
+ const char *name;
+ const heim_oid *(*oid)(void);
+ int (*func)(hx509_validate_ctx ctx,
+ struct cert_status *status,
+ enum critical_flag cf,
+ const Extension *);
+ enum critical_flag cf;
+} check_extension[] = {
+#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname
+ { ext(subjectDirectoryAttributes, Null), M_N_C },
+ { ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C },
+ { ext(keyUsage, Null), S_C },
+ { ext(subjectAltName, subjectAltName), M_N_C },
+ { ext(issuerAltName, issuerAltName), S_N_C },
+ { ext(basicConstraints, basicConstraints), D_C },
+ { ext(cRLNumber, Null), M_N_C },
+ { ext(cRLReason, Null), M_N_C },
+ { ext(holdInstructionCode, Null), M_N_C },
+ { ext(invalidityDate, Null), M_N_C },
+ { ext(deltaCRLIndicator, Null), M_C },
+ { ext(issuingDistributionPoint, Null), M_C },
+ { ext(certificateIssuer, Null), M_C },
+ { ext(nameConstraints, Null), M_C },
+ { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
+ { ext(certificatePolicies, Null) },
+ { ext(policyMappings, Null), M_N_C },
+ { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
+ { ext(policyConstraints, Null), D_C },
+ { ext(extKeyUsage, Null), D_C },
+ { ext(freshestCRL, Null), M_N_C },
+ { ext(inhibitAnyPolicy, Null), M_C },
+#undef ext
+#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
+ { ext(proxyCertInfo, proxyCertInfo), M_C },
+ { ext(authorityInfoAccess, authorityInfoAccess), M_C },
+#undef ext
+ { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
+ check_Null, D_C },
+ { "Netscape cert comment", oid_id_netscape_cert_comment,
+ check_Null, D_C },
+ { NULL }
+};
+
+/**
+ * Allocate a hx509 validation/printing context.
+ *
+ * @param context A hx509 context.
+ * @param ctx a new allocated hx509 validation context, free with
+ * hx509_validate_ctx_free().
+
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_print
+ */
+
+int
+hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx)
+{
+ *ctx = malloc(sizeof(**ctx));
+ if (*ctx == NULL)
+ return ENOMEM;
+ memset(*ctx, 0, sizeof(**ctx));
+ return 0;
+}
+
+/**
+ * Set the printing functions for the validation context.
+ *
+ * @param ctx a hx509 valication context.
+ * @param func the printing function to usea.
+ * @param c the context variable to the printing function.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_print
+ */
+
+void
+hx509_validate_ctx_set_print(hx509_validate_ctx ctx,
+ hx509_vprint_func func,
+ void *c)
+{
+ ctx->vprint_func = func;
+ ctx->ctx = c;
+}
+
+/**
+ * Add flags to control the behaivor of the hx509_validate_cert()
+ * function.
+ *
+ * @param ctx A hx509 validation context.
+ * @param flags flags to add to the validation context.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_print
+ */
+
+void
+hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags)
+{
+ ctx->flags |= flags;
+}
+
+/**
+ * Free an hx509 validate context.
+ *
+ * @param ctx the hx509 validate context to free.
+ *
+ * @ingroup hx509_print
+ */
+
+void
+hx509_validate_ctx_free(hx509_validate_ctx ctx)
+{
+ free(ctx);
+}
+
+/**
+ * Validate/Print the status of the certificate.
+ *
+ * @param context A hx509 context.
+ * @param ctx A hx509 validation context.
+ * @param cert the cerificate to validate/print.
+
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_print
+ */
+
+int
+hx509_validate_cert(hx509_context context,
+ hx509_validate_ctx ctx,
+ hx509_cert cert)
+{
+ Certificate *c = _hx509_get_cert(cert);
+ TBSCertificate *t = &c->tbsCertificate;
+ hx509_name issuer, subject;
+ char *str;
+ struct cert_status status;
+ int ret;
+
+ memset(&status, 0, sizeof(status));
+
+ if (_hx509_cert_get_version(c) != 3)
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "Not version 3 certificate\n");
+
+ if ((t->version == NULL || *t->version < 2) && t->extensions)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Not version 3 certificate with extensions\n");
+
+ if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Version 3 certificate without extensions\n");
+
+ ret = hx509_cert_get_subject(cert, &subject);
+ if (ret) abort();
+ hx509_name_to_string(subject, &str);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "subject name: %s\n", str);
+ free(str);
+
+ ret = hx509_cert_get_issuer(cert, &issuer);
+ if (ret) abort();
+ hx509_name_to_string(issuer, &str);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "issuer name: %s\n", str);
+ free(str);
+
+ if (hx509_name_cmp(subject, issuer) == 0) {
+ status.selfsigned = 1;
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "\tis a self-signed certificate\n");
+ }
+
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "Validity:\n");
+
+ Time2string(&t->validity.notBefore, &str);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotBefore %s\n", str);
+ free(str);
+ Time2string(&t->validity.notAfter, &str);
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotAfter %s\n", str);
+ free(str);
+
+ if (t->extensions) {
+ int i, j;
+
+ if (t->extensions->len == 0) {
+ validate_print(ctx,
+ HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE,
+ "The empty extensions list is not "
+ "allowed by PKIX\n");
+ }
+
+ for (i = 0; i < t->extensions->len; i++) {
+
+ for (j = 0; check_extension[j].name; j++)
+ if (der_heim_oid_cmp((*check_extension[j].oid)(),
+ &t->extensions->val[i].extnID) == 0)
+ break;
+ if (check_extension[j].name == NULL) {
+ int flags = HX509_VALIDATE_F_VERBOSE;
+ if (t->extensions->val[i].critical)
+ flags |= HX509_VALIDATE_F_VALIDATE;
+ validate_print(ctx, flags, "don't know what ");
+ if (t->extensions->val[i].critical)
+ validate_print(ctx, flags, "and is CRITICAL ");
+ if (ctx->flags & flags)
+ hx509_oid_print(&t->extensions->val[i].extnID,
+ validate_vprint, ctx);
+ validate_print(ctx, flags, " is\n");
+ continue;
+ }
+ validate_print(ctx,
+ HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE,
+ "checking extention: %s\n",
+ check_extension[j].name);
+ (*check_extension[j].func)(ctx,
+ &status,
+ check_extension[j].cf,
+ &t->extensions->val[i]);
+ }
+ } else
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n");
+
+ if (status.isca) {
+ if (!status.haveSKI)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "CA certificate have no SubjectKeyIdentifier\n");
+
+ } else {
+ if (!status.haveAKI)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Is not CA and doesn't have "
+ "AuthorityKeyIdentifier\n");
+ }
+
+
+ if (!status.haveSKI)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Doesn't have SubjectKeyIdentifier\n");
+
+ if (status.isproxy && status.isca)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Proxy and CA at the same time!\n");
+
+ if (status.isproxy) {
+ if (status.haveSAN)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Proxy and have SAN\n");
+ if (status.haveIAN)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Proxy and have IAN\n");
+ }
+
+ if (hx509_name_is_null_p(subject) && !status.haveSAN)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "NULL subject DN and doesn't have a SAN\n");
+
+ if (!status.selfsigned && !status.haveCRLDP)
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Not a CA nor PROXY and doesn't have"
+ "CRL Dist Point\n");
+
+ if (status.selfsigned) {
+ ret = _hx509_verify_signature_bitstring(context,
+ c,
+ &c->signatureAlgorithm,
+ &c->tbsCertificate._save,
+ &c->signatureValue);
+ if (ret == 0)
+ validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+ "Self-signed certificate was self-signed\n");
+ else
+ validate_print(ctx, HX509_VALIDATE_F_VALIDATE,
+ "Self-signed certificate NOT really self-signed!\n");
+ }
+
+ hx509_name_free(&subject);
+ hx509_name_free(&issuer);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/ref/pkcs11.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/ref/pkcs11.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/ref/pkcs11.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1357 @@
+/* pkcs11.h
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. */
+
+/* Please submit changes back to the Scute project at
+ http://www.scute.org/ (or send them to marcus at g10code.com), so that
+ they can be picked up by other projects from there as well. */
+
+/* This file is a modified implementation of the PKCS #11 standard by
+ RSA Security Inc. It is mostly a drop-in replacement, with the
+ following change:
+
+ This header file does not require any macro definitions by the user
+ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
+ for you (if useful, some are missing, let me know if you need
+ more).
+
+ There is an additional API available that does comply better to the
+ GNU coding standard. It can be switched on by defining
+ CRYPTOKI_GNU before including this header file. For this, the
+ following changes are made to the specification:
+
+ All structure types are changed to a "struct ck_foo" where CK_FOO
+ is the type name in PKCS #11.
+
+ All non-structure types are changed to ck_foo_t where CK_FOO is the
+ lowercase version of the type name in PKCS #11. The basic types
+ (CK_ULONG et al.) are removed without substitute.
+
+ All members of structures are modified in the following way: Type
+ indication prefixes are removed, and underscore characters are
+ inserted before words. Then the result is lowercased.
+
+ Note that function names are still in the original case, as they
+ need for ABI compatibility.
+
+ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
+ <stdbool.h>.
+
+ If CRYPTOKI_COMPAT is defined before including this header file,
+ then none of the API changes above take place, and the API is the
+ one defined by the PKCS #11 standard. */
+
+#ifndef PKCS11_H
+#define PKCS11_H 1
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* The version of cryptoki we implement. The revision is changed with
+ each modification of this file. If you do not use the "official"
+ version of this file, please consider deleting the revision macro
+ (you may use a macro with a different name to keep track of your
+ versions). */
+#define CRYPTOKI_VERSION_MAJOR 2
+#define CRYPTOKI_VERSION_MINOR 20
+#define CRYPTOKI_VERSION_REVISION 6
+
+
+/* Compatibility interface is default, unless CRYPTOKI_GNU is
+ given. */
+#ifndef CRYPTOKI_GNU
+#ifndef CRYPTOKI_COMPAT
+#define CRYPTOKI_COMPAT 1
+#endif
+#endif
+
+/* System dependencies. */
+
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+
+/* There is a matching pop below. */
+#pragma pack(push, cryptoki, 1)
+
+#ifdef CRYPTOKI_EXPORTS
+#define CK_SPEC __declspec(dllexport)
+#else
+#define CK_SPEC __declspec(dllimport)
+#endif
+
+#else
+
+#define CK_SPEC
+
+#endif
+
+
+#ifdef CRYPTOKI_COMPAT
+ /* If we are in compatibility mode, switch all exposed names to the
+ PKCS #11 variant. There are corresponding #undefs below. */
+
+#define ck_flags_t CK_FLAGS
+#define ck_version _CK_VERSION
+
+#define ck_info _CK_INFO
+#define cryptoki_version cryptokiVersion
+#define manufacturer_id manufacturerID
+#define library_description libraryDescription
+#define library_version libraryVersion
+
+#define ck_notification_t CK_NOTIFICATION
+#define ck_slot_id_t CK_SLOT_ID
+
+#define ck_slot_info _CK_SLOT_INFO
+#define slot_description slotDescription
+#define hardware_version hardwareVersion
+#define firmware_version firmwareVersion
+
+#define ck_token_info _CK_TOKEN_INFO
+#define serial_number serialNumber
+#define max_session_count ulMaxSessionCount
+#define session_count ulSessionCount
+#define max_rw_session_count ulMaxRwSessionCount
+#define rw_session_count ulRwSessionCount
+#define max_pin_len ulMaxPinLen
+#define min_pin_len ulMinPinLen
+#define total_public_memory ulTotalPublicMemory
+#define free_public_memory ulFreePublicMemory
+#define total_private_memory ulTotalPrivateMemory
+#define free_private_memory ulFreePrivateMemory
+#define utc_time utcTime
+
+#define ck_session_handle_t CK_SESSION_HANDLE
+#define ck_user_type_t CK_USER_TYPE
+#define ck_state_t CK_STATE
+
+#define ck_session_info _CK_SESSION_INFO
+#define slot_id slotID
+#define device_error ulDeviceError
+
+#define ck_object_handle_t CK_OBJECT_HANDLE
+#define ck_object_class_t CK_OBJECT_CLASS
+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
+#define ck_key_type_t CK_KEY_TYPE
+#define ck_certificate_type_t CK_CERTIFICATE_TYPE
+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
+
+#define ck_attribute _CK_ATTRIBUTE
+#define value pValue
+#define value_len ulValueLen
+
+#define ck_date _CK_DATE
+
+#define ck_mechanism_type_t CK_MECHANISM_TYPE
+
+#define ck_mechanism _CK_MECHANISM
+#define parameter pParameter
+#define parameter_len ulParameterLen
+
+#define ck_mechanism_info _CK_MECHANISM_INFO
+#define min_key_size ulMinKeySize
+#define max_key_size ulMaxKeySize
+
+#define ck_rv_t CK_RV
+#define ck_notify_t CK_NOTIFY
+
+#define ck_function_list _CK_FUNCTION_LIST
+
+#define ck_createmutex_t CK_CREATEMUTEX
+#define ck_destroymutex_t CK_DESTROYMUTEX
+#define ck_lockmutex_t CK_LOCKMUTEX
+#define ck_unlockmutex_t CK_UNLOCKMUTEX
+
+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
+#define create_mutex CreateMutex
+#define destroy_mutex DestroyMutex
+#define lock_mutex LockMutex
+#define unlock_mutex UnlockMutex
+#define reserved pReserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+
+typedef unsigned long ck_flags_t;
+
+struct ck_version
+{
+ unsigned char major;
+ unsigned char minor;
+};
+
+
+struct ck_info
+{
+ struct ck_version cryptoki_version;
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ unsigned char library_description[32];
+ struct ck_version library_version;
+};
+
+
+typedef unsigned long ck_notification_t;
+
+#define CKN_SURRENDER (0)
+
+
+typedef unsigned long ck_slot_id_t;
+
+
+struct ck_slot_info
+{
+ unsigned char slot_description[64];
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+};
+
+
+#define CKF_TOKEN_PRESENT (1 << 0)
+#define CKF_REMOVABLE_DEVICE (1 << 1)
+#define CKF_HW_SLOT (1 << 2)
+#define CKF_ARRAY_ATTRIBUTE (1 << 30)
+
+
+struct ck_token_info
+{
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
+ unsigned char model[16];
+ unsigned char serial_number[16];
+ ck_flags_t flags;
+ unsigned long max_session_count;
+ unsigned long session_count;
+ unsigned long max_rw_session_count;
+ unsigned long rw_session_count;
+ unsigned long max_pin_len;
+ unsigned long min_pin_len;
+ unsigned long total_public_memory;
+ unsigned long free_public_memory;
+ unsigned long total_private_memory;
+ unsigned long free_private_memory;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ unsigned char utc_time[16];
+};
+
+
+#define CKF_RNG (1 << 0)
+#define CKF_WRITE_PROTECTED (1 << 1)
+#define CKF_LOGIN_REQUIRED (1 << 2)
+#define CKF_USER_PIN_INITIALIZED (1 << 3)
+#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5)
+#define CKF_CLOCK_ON_TOKEN (1 << 6)
+#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8)
+#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9)
+#define CKF_TOKEN_INITIALIZED (1 << 10)
+#define CKF_SECONDARY_AUTHENTICATION (1 << 11)
+#define CKF_USER_PIN_COUNT_LOW (1 << 16)
+#define CKF_USER_PIN_FINAL_TRY (1 << 17)
+#define CKF_USER_PIN_LOCKED (1 << 18)
+#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19)
+#define CKF_SO_PIN_COUNT_LOW (1 << 20)
+#define CKF_SO_PIN_FINAL_TRY (1 << 21)
+#define CKF_SO_PIN_LOCKED (1 << 22)
+#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23)
+
+#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
+#define CK_EFFECTIVELY_INFINITE (0)
+
+
+typedef unsigned long ck_session_handle_t;
+
+#define CK_INVALID_HANDLE (0)
+
+
+typedef unsigned long ck_user_type_t;
+
+#define CKU_SO (0)
+#define CKU_USER (1)
+#define CKU_CONTEXT_SPECIFIC (2)
+
+
+typedef unsigned long ck_state_t;
+
+#define CKS_RO_PUBLIC_SESSION (0)
+#define CKS_RO_USER_FUNCTIONS (1)
+#define CKS_RW_PUBLIC_SESSION (2)
+#define CKS_RW_USER_FUNCTIONS (3)
+#define CKS_RW_SO_FUNCTIONS (4)
+
+
+struct ck_session_info
+{
+ ck_slot_id_t slot_id;
+ ck_state_t state;
+ ck_flags_t flags;
+ unsigned long device_error;
+};
+
+#define CKF_RW_SESSION (1 << 1)
+#define CKF_SERIAL_SESSION (1 << 2)
+
+
+typedef unsigned long ck_object_handle_t;
+
+
+typedef unsigned long ck_object_class_t;
+
+#define CKO_DATA (0)
+#define CKO_CERTIFICATE (1)
+#define CKO_PUBLIC_KEY (2)
+#define CKO_PRIVATE_KEY (3)
+#define CKO_SECRET_KEY (4)
+#define CKO_HW_FEATURE (5)
+#define CKO_DOMAIN_PARAMETERS (6)
+#define CKO_MECHANISM (7)
+#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_hw_feature_type_t;
+
+#define CKH_MONOTONIC_COUNTER (1)
+#define CKH_CLOCK (2)
+#define CKH_USER_INTERFACE (3)
+#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_key_type_t;
+
+#define CKK_RSA (0)
+#define CKK_DSA (1)
+#define CKK_DH (2)
+#define CKK_ECDSA (3)
+#define CKK_EC (3)
+#define CKK_X9_42_DH (4)
+#define CKK_KEA (5)
+#define CKK_GENERIC_SECRET (0x10)
+#define CKK_RC2 (0x11)
+#define CKK_RC4 (0x12)
+#define CKK_DES (0x13)
+#define CKK_DES2 (0x14)
+#define CKK_DES3 (0x15)
+#define CKK_CAST (0x16)
+#define CKK_CAST3 (0x17)
+#define CKK_CAST128 (0x18)
+#define CKK_RC5 (0x19)
+#define CKK_IDEA (0x1a)
+#define CKK_SKIPJACK (0x1b)
+#define CKK_BATON (0x1c)
+#define CKK_JUNIPER (0x1d)
+#define CKK_CDMF (0x1e)
+#define CKK_AES (0x1f)
+#define CKK_BLOWFISH (0x20)
+#define CKK_TWOFISH (0x21)
+#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_certificate_type_t;
+
+#define CKC_X_509 (0)
+#define CKC_X_509_ATTR_CERT (1)
+#define CKC_WTLS (2)
+#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_attribute_type_t;
+
+#define CKA_CLASS (0)
+#define CKA_TOKEN (1)
+#define CKA_PRIVATE (2)
+#define CKA_LABEL (3)
+#define CKA_APPLICATION (0x10)
+#define CKA_VALUE (0x11)
+#define CKA_OBJECT_ID (0x12)
+#define CKA_CERTIFICATE_TYPE (0x80)
+#define CKA_ISSUER (0x81)
+#define CKA_SERIAL_NUMBER (0x82)
+#define CKA_AC_ISSUER (0x83)
+#define CKA_OWNER (0x84)
+#define CKA_ATTR_TYPES (0x85)
+#define CKA_TRUSTED (0x86)
+#define CKA_CERTIFICATE_CATEGORY (0x87)
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88)
+#define CKA_URL (0x89)
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a)
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b)
+#define CKA_CHECK_VALUE (0x90)
+#define CKA_KEY_TYPE (0x100)
+#define CKA_SUBJECT (0x101)
+#define CKA_ID (0x102)
+#define CKA_SENSITIVE (0x103)
+#define CKA_ENCRYPT (0x104)
+#define CKA_DECRYPT (0x105)
+#define CKA_WRAP (0x106)
+#define CKA_UNWRAP (0x107)
+#define CKA_SIGN (0x108)
+#define CKA_SIGN_RECOVER (0x109)
+#define CKA_VERIFY (0x10a)
+#define CKA_VERIFY_RECOVER (0x10b)
+#define CKA_DERIVE (0x10c)
+#define CKA_START_DATE (0x110)
+#define CKA_END_DATE (0x111)
+#define CKA_MODULUS (0x120)
+#define CKA_MODULUS_BITS (0x121)
+#define CKA_PUBLIC_EXPONENT (0x122)
+#define CKA_PRIVATE_EXPONENT (0x123)
+#define CKA_PRIME_1 (0x124)
+#define CKA_PRIME_2 (0x125)
+#define CKA_EXPONENT_1 (0x126)
+#define CKA_EXPONENT_2 (0x127)
+#define CKA_COEFFICIENT (0x128)
+#define CKA_PRIME (0x130)
+#define CKA_SUBPRIME (0x131)
+#define CKA_BASE (0x132)
+#define CKA_PRIME_BITS (0x133)
+#define CKA_SUB_PRIME_BITS (0x134)
+#define CKA_VALUE_BITS (0x160)
+#define CKA_VALUE_LEN (0x161)
+#define CKA_EXTRACTABLE (0x162)
+#define CKA_LOCAL (0x163)
+#define CKA_NEVER_EXTRACTABLE (0x164)
+#define CKA_ALWAYS_SENSITIVE (0x165)
+#define CKA_KEY_GEN_MECHANISM (0x166)
+#define CKA_MODIFIABLE (0x170)
+#define CKA_ECDSA_PARAMS (0x180)
+#define CKA_EC_PARAMS (0x180)
+#define CKA_EC_POINT (0x181)
+#define CKA_SECONDARY_AUTH (0x200)
+#define CKA_AUTH_PIN_FLAGS (0x201)
+#define CKA_ALWAYS_AUTHENTICATE (0x202)
+#define CKA_WRAP_WITH_TRUSTED (0x210)
+#define CKA_HW_FEATURE_TYPE (0x300)
+#define CKA_RESET_ON_INIT (0x301)
+#define CKA_HAS_RESET (0x302)
+#define CKA_PIXEL_X (0x400)
+#define CKA_PIXEL_Y (0x401)
+#define CKA_RESOLUTION (0x402)
+#define CKA_CHAR_ROWS (0x403)
+#define CKA_CHAR_COLUMNS (0x404)
+#define CKA_COLOR (0x405)
+#define CKA_BITS_PER_PIXEL (0x406)
+#define CKA_CHAR_SETS (0x480)
+#define CKA_ENCODING_METHODS (0x481)
+#define CKA_MIME_TYPES (0x482)
+#define CKA_MECHANISM_TYPE (0x500)
+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501)
+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502)
+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503)
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
+#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+struct ck_attribute
+{
+ ck_attribute_type_t type;
+ void *value;
+ unsigned long value_len;
+};
+
+
+struct ck_date
+{
+ unsigned char year[4];
+ unsigned char month[2];
+ unsigned char day[2];
+};
+
+
+typedef unsigned long ck_mechanism_type_t;
+
+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
+#define CKM_RSA_PKCS (1)
+#define CKM_RSA_9796 (2)
+#define CKM_RSA_X_509 (3)
+#define CKM_MD2_RSA_PKCS (4)
+#define CKM_MD5_RSA_PKCS (5)
+#define CKM_SHA1_RSA_PKCS (6)
+#define CKM_RIPEMD128_RSA_PKCS (7)
+#define CKM_RIPEMD160_RSA_PKCS (8)
+#define CKM_RSA_PKCS_OAEP (9)
+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa)
+#define CKM_RSA_X9_31 (0xb)
+#define CKM_SHA1_RSA_X9_31 (0xc)
+#define CKM_RSA_PKCS_PSS (0xd)
+#define CKM_SHA1_RSA_PKCS_PSS (0xe)
+#define CKM_DSA_KEY_PAIR_GEN (0x10)
+#define CKM_DSA (0x11)
+#define CKM_DSA_SHA1 (0x12)
+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20)
+#define CKM_DH_PKCS_DERIVE (0x21)
+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30)
+#define CKM_X9_42_DH_DERIVE (0x31)
+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32)
+#define CKM_X9_42_MQV_DERIVE (0x33)
+#define CKM_SHA256_RSA_PKCS (0x40)
+#define CKM_SHA384_RSA_PKCS (0x41)
+#define CKM_SHA512_RSA_PKCS (0x42)
+#define CKM_SHA256_RSA_PKCS_PSS (0x43)
+#define CKM_SHA384_RSA_PKCS_PSS (0x44)
+#define CKM_SHA512_RSA_PKCS_PSS (0x45)
+#define CKM_RC2_KEY_GEN (0x100)
+#define CKM_RC2_ECB (0x101)
+#define CKM_RC2_CBC (0x102)
+#define CKM_RC2_MAC (0x103)
+#define CKM_RC2_MAC_GENERAL (0x104)
+#define CKM_RC2_CBC_PAD (0x105)
+#define CKM_RC4_KEY_GEN (0x110)
+#define CKM_RC4 (0x111)
+#define CKM_DES_KEY_GEN (0x120)
+#define CKM_DES_ECB (0x121)
+#define CKM_DES_CBC (0x122)
+#define CKM_DES_MAC (0x123)
+#define CKM_DES_MAC_GENERAL (0x124)
+#define CKM_DES_CBC_PAD (0x125)
+#define CKM_DES2_KEY_GEN (0x130)
+#define CKM_DES3_KEY_GEN (0x131)
+#define CKM_DES3_ECB (0x132)
+#define CKM_DES3_CBC (0x133)
+#define CKM_DES3_MAC (0x134)
+#define CKM_DES3_MAC_GENERAL (0x135)
+#define CKM_DES3_CBC_PAD (0x136)
+#define CKM_CDMF_KEY_GEN (0x140)
+#define CKM_CDMF_ECB (0x141)
+#define CKM_CDMF_CBC (0x142)
+#define CKM_CDMF_MAC (0x143)
+#define CKM_CDMF_MAC_GENERAL (0x144)
+#define CKM_CDMF_CBC_PAD (0x145)
+#define CKM_MD2 (0x200)
+#define CKM_MD2_HMAC (0x201)
+#define CKM_MD2_HMAC_GENERAL (0x202)
+#define CKM_MD5 (0x210)
+#define CKM_MD5_HMAC (0x211)
+#define CKM_MD5_HMAC_GENERAL (0x212)
+#define CKM_SHA_1 (0x220)
+#define CKM_SHA_1_HMAC (0x221)
+#define CKM_SHA_1_HMAC_GENERAL (0x222)
+#define CKM_RIPEMD128 (0x230)
+#define CKM_RIPEMD128_HMAC (0x231)
+#define CKM_RIPEMD128_HMAC_GENERAL (0x232)
+#define CKM_RIPEMD160 (0x240)
+#define CKM_RIPEMD160_HMAC (0x241)
+#define CKM_RIPEMD160_HMAC_GENERAL (0x242)
+#define CKM_SHA256 (0x250)
+#define CKM_SHA256_HMAC (0x251)
+#define CKM_SHA256_HMAC_GENERAL (0x252)
+#define CKM_SHA384 (0x260)
+#define CKM_SHA384_HMAC (0x261)
+#define CKM_SHA384_HMAC_GENERAL (0x262)
+#define CKM_SHA512 (0x270)
+#define CKM_SHA512_HMAC (0x271)
+#define CKM_SHA512_HMAC_GENERAL (0x272)
+#define CKM_CAST_KEY_GEN (0x300)
+#define CKM_CAST_ECB (0x301)
+#define CKM_CAST_CBC (0x302)
+#define CKM_CAST_MAC (0x303)
+#define CKM_CAST_MAC_GENERAL (0x304)
+#define CKM_CAST_CBC_PAD (0x305)
+#define CKM_CAST3_KEY_GEN (0x310)
+#define CKM_CAST3_ECB (0x311)
+#define CKM_CAST3_CBC (0x312)
+#define CKM_CAST3_MAC (0x313)
+#define CKM_CAST3_MAC_GENERAL (0x314)
+#define CKM_CAST3_CBC_PAD (0x315)
+#define CKM_CAST5_KEY_GEN (0x320)
+#define CKM_CAST128_KEY_GEN (0x320)
+#define CKM_CAST5_ECB (0x321)
+#define CKM_CAST128_ECB (0x321)
+#define CKM_CAST5_CBC (0x322)
+#define CKM_CAST128_CBC (0x322)
+#define CKM_CAST5_MAC (0x323)
+#define CKM_CAST128_MAC (0x323)
+#define CKM_CAST5_MAC_GENERAL (0x324)
+#define CKM_CAST128_MAC_GENERAL (0x324)
+#define CKM_CAST5_CBC_PAD (0x325)
+#define CKM_CAST128_CBC_PAD (0x325)
+#define CKM_RC5_KEY_GEN (0x330)
+#define CKM_RC5_ECB (0x331)
+#define CKM_RC5_CBC (0x332)
+#define CKM_RC5_MAC (0x333)
+#define CKM_RC5_MAC_GENERAL (0x334)
+#define CKM_RC5_CBC_PAD (0x335)
+#define CKM_IDEA_KEY_GEN (0x340)
+#define CKM_IDEA_ECB (0x341)
+#define CKM_IDEA_CBC (0x342)
+#define CKM_IDEA_MAC (0x343)
+#define CKM_IDEA_MAC_GENERAL (0x344)
+#define CKM_IDEA_CBC_PAD (0x345)
+#define CKM_GENERIC_SECRET_KEY_GEN (0x350)
+#define CKM_CONCATENATE_BASE_AND_KEY (0x360)
+#define CKM_CONCATENATE_BASE_AND_DATA (0x362)
+#define CKM_CONCATENATE_DATA_AND_BASE (0x363)
+#define CKM_XOR_BASE_AND_DATA (0x364)
+#define CKM_EXTRACT_KEY_FROM_KEY (0x365)
+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370)
+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371)
+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372)
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373)
+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374)
+#define CKM_TLS_MASTER_KEY_DERIVE (0x375)
+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376)
+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377)
+#define CKM_SSL3_MD5_MAC (0x380)
+#define CKM_SSL3_SHA1_MAC (0x381)
+#define CKM_MD5_KEY_DERIVATION (0x390)
+#define CKM_MD2_KEY_DERIVATION (0x391)
+#define CKM_SHA1_KEY_DERIVATION (0x392)
+#define CKM_PBE_MD2_DES_CBC (0x3a0)
+#define CKM_PBE_MD5_DES_CBC (0x3a1)
+#define CKM_PBE_MD5_CAST_CBC (0x3a2)
+#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
+#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
+#define CKM_PBE_MD5_CAST128_CBC (0x3a4)
+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5)
+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
+#define CKM_PBE_SHA1_RC4_128 (0x3a6)
+#define CKM_PBE_SHA1_RC4_40 (0x3a7)
+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
+#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
+#define CKM_PKCS5_PBKD2 (0x3b0)
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0)
+#define CKM_KEY_WRAP_LYNKS (0x400)
+#define CKM_KEY_WRAP_SET_OAEP (0x401)
+#define CKM_SKIPJACK_KEY_GEN (0x1000)
+#define CKM_SKIPJACK_ECB64 (0x1001)
+#define CKM_SKIPJACK_CBC64 (0x1002)
+#define CKM_SKIPJACK_OFB64 (0x1003)
+#define CKM_SKIPJACK_CFB64 (0x1004)
+#define CKM_SKIPJACK_CFB32 (0x1005)
+#define CKM_SKIPJACK_CFB16 (0x1006)
+#define CKM_SKIPJACK_CFB8 (0x1007)
+#define CKM_SKIPJACK_WRAP (0x1008)
+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009)
+#define CKM_SKIPJACK_RELAYX (0x100a)
+#define CKM_KEA_KEY_PAIR_GEN (0x1010)
+#define CKM_KEA_KEY_DERIVE (0x1011)
+#define CKM_FORTEZZA_TIMESTAMP (0x1020)
+#define CKM_BATON_KEY_GEN (0x1030)
+#define CKM_BATON_ECB128 (0x1031)
+#define CKM_BATON_ECB96 (0x1032)
+#define CKM_BATON_CBC128 (0x1033)
+#define CKM_BATON_COUNTER (0x1034)
+#define CKM_BATON_SHUFFLE (0x1035)
+#define CKM_BATON_WRAP (0x1036)
+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040)
+#define CKM_EC_KEY_PAIR_GEN (0x1040)
+#define CKM_ECDSA (0x1041)
+#define CKM_ECDSA_SHA1 (0x1042)
+#define CKM_ECDH1_DERIVE (0x1050)
+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051)
+#define CKM_ECMQV_DERIVE (0x1052)
+#define CKM_JUNIPER_KEY_GEN (0x1060)
+#define CKM_JUNIPER_ECB128 (0x1061)
+#define CKM_JUNIPER_CBC128 (0x1062)
+#define CKM_JUNIPER_COUNTER (0x1063)
+#define CKM_JUNIPER_SHUFFLE (0x1064)
+#define CKM_JUNIPER_WRAP (0x1065)
+#define CKM_FASTHASH (0x1070)
+#define CKM_AES_KEY_GEN (0x1080)
+#define CKM_AES_ECB (0x1081)
+#define CKM_AES_CBC (0x1082)
+#define CKM_AES_MAC (0x1083)
+#define CKM_AES_MAC_GENERAL (0x1084)
+#define CKM_AES_CBC_PAD (0x1085)
+#define CKM_DSA_PARAMETER_GEN (0x2000)
+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
+#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+struct ck_mechanism
+{
+ ck_mechanism_type_t mechanism;
+ void *parameter;
+ unsigned long parameter_len;
+};
+
+
+struct ck_mechanism_info
+{
+ unsigned long min_key_size;
+ unsigned long max_key_size;
+ ck_flags_t flags;
+};
+
+#define CKF_HW (1 << 0)
+#define CKF_ENCRYPT (1 << 8)
+#define CKF_DECRYPT (1 << 9)
+#define CKF_DIGEST (1 << 10)
+#define CKF_SIGN (1 << 11)
+#define CKF_SIGN_RECOVER (1 << 12)
+#define CKF_VERIFY (1 << 13)
+#define CKF_VERIFY_RECOVER (1 << 14)
+#define CKF_GENERATE (1 << 15)
+#define CKF_GENERATE_KEY_PAIR (1 << 16)
+#define CKF_WRAP (1 << 17)
+#define CKF_UNWRAP (1 << 18)
+#define CKF_DERIVE (1 << 19)
+#define CKF_EXTENSION ((unsigned long) (1 << 31))
+
+
+/* Flags for C_WaitForSlotEvent. */
+#define CKF_DONT_BLOCK (1)
+
+
+typedef unsigned long ck_rv_t;
+
+
+typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
+
+/* Forward reference. */
+struct ck_function_list;
+
+#define _CK_DECLARE_FUNCTION(name, args) \
+typedef ck_rv_t (*CK_ ## name) args; \
+ck_rv_t CK_SPEC name args
+
+_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
+_CK_DECLARE_FUNCTION (C_GetFunctionList,
+ (struct ck_function_list **function_list));
+
+_CK_DECLARE_FUNCTION (C_GetSlotList,
+ (unsigned char token_present, ck_slot_id_t *slot_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetSlotInfo,
+ (ck_slot_id_t slot_id, struct ck_slot_info *info));
+_CK_DECLARE_FUNCTION (C_GetTokenInfo,
+ (ck_slot_id_t slot_id, struct ck_token_info *info));
+_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+ (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
+_CK_DECLARE_FUNCTION (C_GetMechanismList,
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t *mechanism_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info *info));
+_CK_DECLARE_FUNCTION (C_InitToken,
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
+_CK_DECLARE_FUNCTION (C_InitPIN,
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_SetPIN,
+ (ck_session_handle_t session, unsigned char *old_pin,
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len));
+
+_CK_DECLARE_FUNCTION (C_OpenSession,
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t *session));
+_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+_CK_DECLARE_FUNCTION (C_GetSessionInfo,
+ (ck_session_handle_t session,
+ struct ck_session_info *info));
+_CK_DECLARE_FUNCTION (C_GetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
+_CK_DECLARE_FUNCTION (C_SetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
+_CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_CreateObject,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t *object));
+_CK_DECLARE_FUNCTION (C_CopyObject,
+ (ck_session_handle_t session, ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t *new_object));
+_CK_DECLARE_FUNCTION (C_DestroyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
+_CK_DECLARE_FUNCTION (C_GetObjectSize,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ unsigned long *size));
+_CK_DECLARE_FUNCTION (C_GetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_SetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjectsInit,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjects,
+ (ck_session_handle_t session,
+ ck_object_handle_t *object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
+_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
+ (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_EncryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Encrypt,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
+_CK_DECLARE_FUNCTION (C_EncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_EncryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
+
+_CK_DECLARE_FUNCTION (C_DecryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Decrypt,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
+_CK_DECLARE_FUNCTION (C_DecryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_DecryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
+
+_CK_DECLARE_FUNCTION (C_DigestInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism));
+_CK_DECLARE_FUNCTION (C_Digest,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest,
+ unsigned long *digest_len));
+_CK_DECLARE_FUNCTION (C_DigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_DigestKey,
+ (ck_session_handle_t session, ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_DigestFinal,
+ (ck_session_handle_t session,
+ unsigned char *digest,
+ unsigned long *digest_len));
+
+_CK_DECLARE_FUNCTION (C_SignInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Sign,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_SignFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_SignRecover,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+
+_CK_DECLARE_FUNCTION (C_VerifyInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Verify,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_VerifyFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_VerifyRecover,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len));
+
+_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+
+_CK_DECLARE_FUNCTION (C_GenerateKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t *public_key,
+ ck_object_handle_t *private_key));
+_CK_DECLARE_FUNCTION (C_WrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
+_CK_DECLARE_FUNCTION (C_UnwrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_DeriveKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+
+_CK_DECLARE_FUNCTION (C_SeedRandom,
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
+_CK_DECLARE_FUNCTION (C_GenerateRandom,
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
+
+_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+struct ck_function_list
+{
+ struct ck_version version;
+ CK_C_Initialize C_Initialize;
+ CK_C_Finalize C_Finalize;
+ CK_C_GetInfo C_GetInfo;
+ CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetSlotList C_GetSlotList;
+ CK_C_GetSlotInfo C_GetSlotInfo;
+ CK_C_GetTokenInfo C_GetTokenInfo;
+ CK_C_GetMechanismList C_GetMechanismList;
+ CK_C_GetMechanismInfo C_GetMechanismInfo;
+ CK_C_InitToken C_InitToken;
+ CK_C_InitPIN C_InitPIN;
+ CK_C_SetPIN C_SetPIN;
+ CK_C_OpenSession C_OpenSession;
+ CK_C_CloseSession C_CloseSession;
+ CK_C_CloseAllSessions C_CloseAllSessions;
+ CK_C_GetSessionInfo C_GetSessionInfo;
+ CK_C_GetOperationState C_GetOperationState;
+ CK_C_SetOperationState C_SetOperationState;
+ CK_C_Login C_Login;
+ CK_C_Logout C_Logout;
+ CK_C_CreateObject C_CreateObject;
+ CK_C_CopyObject C_CopyObject;
+ CK_C_DestroyObject C_DestroyObject;
+ CK_C_GetObjectSize C_GetObjectSize;
+ CK_C_GetAttributeValue C_GetAttributeValue;
+ CK_C_SetAttributeValue C_SetAttributeValue;
+ CK_C_FindObjectsInit C_FindObjectsInit;
+ CK_C_FindObjects C_FindObjects;
+ CK_C_FindObjectsFinal C_FindObjectsFinal;
+ CK_C_EncryptInit C_EncryptInit;
+ CK_C_Encrypt C_Encrypt;
+ CK_C_EncryptUpdate C_EncryptUpdate;
+ CK_C_EncryptFinal C_EncryptFinal;
+ CK_C_DecryptInit C_DecryptInit;
+ CK_C_Decrypt C_Decrypt;
+ CK_C_DecryptUpdate C_DecryptUpdate;
+ CK_C_DecryptFinal C_DecryptFinal;
+ CK_C_DigestInit C_DigestInit;
+ CK_C_Digest C_Digest;
+ CK_C_DigestUpdate C_DigestUpdate;
+ CK_C_DigestKey C_DigestKey;
+ CK_C_DigestFinal C_DigestFinal;
+ CK_C_SignInit C_SignInit;
+ CK_C_Sign C_Sign;
+ CK_C_SignUpdate C_SignUpdate;
+ CK_C_SignFinal C_SignFinal;
+ CK_C_SignRecoverInit C_SignRecoverInit;
+ CK_C_SignRecover C_SignRecover;
+ CK_C_VerifyInit C_VerifyInit;
+ CK_C_Verify C_Verify;
+ CK_C_VerifyUpdate C_VerifyUpdate;
+ CK_C_VerifyFinal C_VerifyFinal;
+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_C_VerifyRecover C_VerifyRecover;
+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_C_GenerateKey C_GenerateKey;
+ CK_C_GenerateKeyPair C_GenerateKeyPair;
+ CK_C_WrapKey C_WrapKey;
+ CK_C_UnwrapKey C_UnwrapKey;
+ CK_C_DeriveKey C_DeriveKey;
+ CK_C_SeedRandom C_SeedRandom;
+ CK_C_GenerateRandom C_GenerateRandom;
+ CK_C_GetFunctionStatus C_GetFunctionStatus;
+ CK_C_CancelFunction C_CancelFunction;
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+};
+
+
+typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+struct ck_c_initialize_args
+{
+ ck_createmutex_t create_mutex;
+ ck_destroymutex_t destroy_mutex;
+ ck_lockmutex_t lock_mutex;
+ ck_unlockmutex_t unlock_mutex;
+ ck_flags_t flags;
+ void *reserved;
+};
+
+
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
+#define CKF_OS_LOCKING_OK (1 << 1)
+
+#define CKR_OK (0)
+#define CKR_CANCEL (1)
+#define CKR_HOST_MEMORY (2)
+#define CKR_SLOT_ID_INVALID (3)
+#define CKR_GENERAL_ERROR (5)
+#define CKR_FUNCTION_FAILED (6)
+#define CKR_ARGUMENTS_BAD (7)
+#define CKR_NO_EVENT (8)
+#define CKR_NEED_TO_CREATE_THREADS (9)
+#define CKR_CANT_LOCK (0xa)
+#define CKR_ATTRIBUTE_READ_ONLY (0x10)
+#define CKR_ATTRIBUTE_SENSITIVE (0x11)
+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12)
+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13)
+#define CKR_DATA_INVALID (0x20)
+#define CKR_DATA_LEN_RANGE (0x21)
+#define CKR_DEVICE_ERROR (0x30)
+#define CKR_DEVICE_MEMORY (0x31)
+#define CKR_DEVICE_REMOVED (0x32)
+#define CKR_ENCRYPTED_DATA_INVALID (0x40)
+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41)
+#define CKR_FUNCTION_CANCELED (0x50)
+#define CKR_FUNCTION_NOT_PARALLEL (0x51)
+#define CKR_FUNCTION_NOT_SUPPORTED (0x54)
+#define CKR_KEY_HANDLE_INVALID (0x60)
+#define CKR_KEY_SIZE_RANGE (0x62)
+#define CKR_KEY_TYPE_INCONSISTENT (0x63)
+#define CKR_KEY_NOT_NEEDED (0x64)
+#define CKR_KEY_CHANGED (0x65)
+#define CKR_KEY_NEEDED (0x66)
+#define CKR_KEY_INDIGESTIBLE (0x67)
+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68)
+#define CKR_KEY_NOT_WRAPPABLE (0x69)
+#define CKR_KEY_UNEXTRACTABLE (0x6a)
+#define CKR_MECHANISM_INVALID (0x70)
+#define CKR_MECHANISM_PARAM_INVALID (0x71)
+#define CKR_OBJECT_HANDLE_INVALID (0x82)
+#define CKR_OPERATION_ACTIVE (0x90)
+#define CKR_OPERATION_NOT_INITIALIZED (0x91)
+#define CKR_PIN_INCORRECT (0xa0)
+#define CKR_PIN_INVALID (0xa1)
+#define CKR_PIN_LEN_RANGE (0xa2)
+#define CKR_PIN_EXPIRED (0xa3)
+#define CKR_PIN_LOCKED (0xa4)
+#define CKR_SESSION_CLOSED (0xb0)
+#define CKR_SESSION_COUNT (0xb1)
+#define CKR_SESSION_HANDLE_INVALID (0xb3)
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4)
+#define CKR_SESSION_READ_ONLY (0xb5)
+#define CKR_SESSION_EXISTS (0xb6)
+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7)
+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8)
+#define CKR_SIGNATURE_INVALID (0xc0)
+#define CKR_SIGNATURE_LEN_RANGE (0xc1)
+#define CKR_TEMPLATE_INCOMPLETE (0xd0)
+#define CKR_TEMPLATE_INCONSISTENT (0xd1)
+#define CKR_TOKEN_NOT_PRESENT (0xe0)
+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1)
+#define CKR_TOKEN_WRITE_PROTECTED (0xe2)
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0)
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1)
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2)
+#define CKR_USER_ALREADY_LOGGED_IN (0x100)
+#define CKR_USER_NOT_LOGGED_IN (0x101)
+#define CKR_USER_PIN_NOT_INITIALIZED (0x102)
+#define CKR_USER_TYPE_INVALID (0x103)
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104)
+#define CKR_USER_TOO_MANY_TYPES (0x105)
+#define CKR_WRAPPED_KEY_INVALID (0x110)
+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112)
+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113)
+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114)
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115)
+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120)
+#define CKR_RANDOM_NO_RNG (0x121)
+#define CKR_DOMAIN_PARAMS_INVALID (0x130)
+#define CKR_BUFFER_TOO_SMALL (0x150)
+#define CKR_SAVED_STATE_INVALID (0x160)
+#define CKR_INFORMATION_SENSITIVE (0x170)
+#define CKR_STATE_UNSAVEABLE (0x180)
+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190)
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191)
+#define CKR_MUTEX_BAD (0x1a0)
+#define CKR_MUTEX_NOT_LOCKED (0x1a1)
+#define CKR_FUNCTION_REJECTED (0x200)
+#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+
+/* Compatibility layer. */
+
+#ifdef CRYPTOKI_COMPAT
+
+#undef CK_DEFINE_FUNCTION
+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
+
+/* For NULL. */
+#include <stddef.h>
+
+typedef unsigned char CK_BYTE;
+typedef unsigned char CK_CHAR;
+typedef unsigned char CK_UTF8CHAR;
+typedef unsigned char CK_BBOOL;
+typedef unsigned long int CK_ULONG;
+typedef long int CK_LONG;
+typedef CK_BYTE *CK_BYTE_PTR;
+typedef CK_CHAR *CK_CHAR_PTR;
+typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+typedef CK_ULONG *CK_ULONG_PTR;
+typedef void *CK_VOID_PTR;
+typedef void **CK_VOID_PTR_PTR;
+#define CK_FALSE 0
+#define CK_TRUE 1
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+#endif
+
+typedef struct ck_version CK_VERSION;
+typedef struct ck_version *CK_VERSION_PTR;
+
+typedef struct ck_info CK_INFO;
+typedef struct ck_info *CK_INFO_PTR;
+
+typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+
+typedef struct ck_slot_info CK_SLOT_INFO;
+typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+
+typedef struct ck_token_info CK_TOKEN_INFO;
+typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+
+typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+
+typedef struct ck_session_info CK_SESSION_INFO;
+typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+
+typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+
+typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+
+typedef struct ck_attribute CK_ATTRIBUTE;
+typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+
+typedef struct ck_date CK_DATE;
+typedef struct ck_date *CK_DATE_PTR;
+
+typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
+typedef struct ck_mechanism CK_MECHANISM;
+typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
+typedef struct ck_function_list CK_FUNCTION_LIST;
+typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
+typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+#define NULL_PTR NULL
+
+/* Delete the helper macros defined at the top of the file. */
+#undef ck_flags_t
+#undef ck_version
+
+#undef ck_info
+#undef cryptoki_version
+#undef manufacturer_id
+#undef library_description
+#undef library_version
+
+#undef ck_notification_t
+#undef ck_slot_id_t
+
+#undef ck_slot_info
+#undef slot_description
+#undef hardware_version
+#undef firmware_version
+
+#undef ck_token_info
+#undef serial_number
+#undef max_session_count
+#undef session_count
+#undef max_rw_session_count
+#undef rw_session_count
+#undef max_pin_len
+#undef min_pin_len
+#undef total_public_memory
+#undef free_public_memory
+#undef total_private_memory
+#undef free_private_memory
+#undef utc_time
+
+#undef ck_session_handle_t
+#undef ck_user_type_t
+#undef ck_state_t
+
+#undef ck_session_info
+#undef slot_id
+#undef device_error
+
+#undef ck_object_handle_t
+#undef ck_object_class_t
+#undef ck_hw_feature_type_t
+#undef ck_key_type_t
+#undef ck_certificate_type_t
+#undef ck_attribute_type_t
+
+#undef ck_attribute
+#undef value
+#undef value_len
+
+#undef ck_date
+
+#undef ck_mechanism_type_t
+
+#undef ck_mechanism
+#undef parameter
+#undef parameter_len
+
+#undef ck_mechanism_info
+#undef min_key_size
+#undef max_key_size
+
+#undef ck_rv_t
+#undef ck_notify_t
+
+#undef ck_function_list
+
+#undef ck_createmutex_t
+#undef ck_destroymutex_t
+#undef ck_lockmutex_t
+#undef ck_unlockmutex_t
+
+#undef ck_c_initialize_args
+#undef create_mutex
+#undef destroy_mutex
+#undef lock_mutex
+#undef unlock_mutex
+#undef reserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+/* System dependencies. */
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+#pragma pack(pop, cryptoki)
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* PKCS11_H */
Added: vendor-crypto/heimdal/dist/lib/hx509/req.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/req.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/req.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,325 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+#include <pkcs10_asn1.h>
+RCSID("$Id: req.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct hx509_request_data {
+ hx509_name name;
+ SubjectPublicKeyInfo key;
+ ExtKeyUsage eku;
+ GeneralNames san;
+};
+
+/*
+ *
+ */
+
+int
+_hx509_request_init(hx509_context context, hx509_request *req)
+{
+ *req = calloc(1, sizeof(**req));
+ if (*req == NULL)
+ return ENOMEM;
+
+ return 0;
+}
+
+void
+_hx509_request_free(hx509_request *req)
+{
+ if ((*req)->name)
+ hx509_name_free(&(*req)->name);
+ free_SubjectPublicKeyInfo(&(*req)->key);
+ free_ExtKeyUsage(&(*req)->eku);
+ free_GeneralNames(&(*req)->san);
+ memset(*req, 0, sizeof(**req));
+ free(*req);
+ *req = NULL;
+}
+
+int
+_hx509_request_set_name(hx509_context context,
+ hx509_request req,
+ hx509_name name)
+{
+ if (req->name)
+ hx509_name_free(&req->name);
+ if (name) {
+ int ret = hx509_name_copy(context, name, &req->name);
+ if (ret)
+ return ret;
+ }
+ return 0;
+}
+
+int
+_hx509_request_get_name(hx509_context context,
+ hx509_request req,
+ hx509_name *name)
+{
+ if (req->name == NULL) {
+ hx509_set_error_string(context, 0, EINVAL, "Request have no name");
+ return EINVAL;
+ }
+ return hx509_name_copy(context, req->name, name);
+}
+
+int
+_hx509_request_set_SubjectPublicKeyInfo(hx509_context context,
+ hx509_request req,
+ const SubjectPublicKeyInfo *key)
+{
+ free_SubjectPublicKeyInfo(&req->key);
+ return copy_SubjectPublicKeyInfo(key, &req->key);
+}
+
+int
+_hx509_request_get_SubjectPublicKeyInfo(hx509_context context,
+ hx509_request req,
+ SubjectPublicKeyInfo *key)
+{
+ return copy_SubjectPublicKeyInfo(&req->key, key);
+}
+
+int
+_hx509_request_add_eku(hx509_context context,
+ hx509_request req,
+ const heim_oid *oid)
+{
+ void *val;
+ int ret;
+
+ val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1));
+ if (val == NULL)
+ return ENOMEM;
+ req->eku.val = val;
+
+ ret = der_copy_oid(oid, &req->eku.val[req->eku.len]);
+ if (ret)
+ return ret;
+
+ req->eku.len += 1;
+
+ return 0;
+}
+
+int
+_hx509_request_add_dns_name(hx509_context context,
+ hx509_request req,
+ const char *hostname)
+{
+ GeneralName name;
+
+ memset(&name, 0, sizeof(name));
+ name.element = choice_GeneralName_dNSName;
+ name.u.dNSName = rk_UNCONST(hostname);
+
+ return add_GeneralNames(&req->san, &name);
+}
+
+int
+_hx509_request_add_email(hx509_context context,
+ hx509_request req,
+ const char *email)
+{
+ GeneralName name;
+
+ memset(&name, 0, sizeof(name));
+ name.element = choice_GeneralName_rfc822Name;
+ name.u.dNSName = rk_UNCONST(email);
+
+ return add_GeneralNames(&req->san, &name);
+}
+
+
+
+int
+_hx509_request_to_pkcs10(hx509_context context,
+ const hx509_request req,
+ const hx509_private_key signer,
+ heim_octet_string *request)
+{
+ CertificationRequest r;
+ heim_octet_string data, os;
+ int ret;
+ size_t size;
+
+ if (req->name == NULL) {
+ hx509_set_error_string(context, 0, EINVAL,
+ "PKCS10 needs to have a subject");
+ return EINVAL;
+ }
+
+ memset(&r, 0, sizeof(r));
+ memset(request, 0, sizeof(*request));
+
+ r.certificationRequestInfo.version = pkcs10_v1;
+
+ ret = copy_Name(&req->name->der_name,
+ &r.certificationRequestInfo.subject);
+ if (ret)
+ goto out;
+ ret = copy_SubjectPublicKeyInfo(&req->key,
+ &r.certificationRequestInfo.subjectPKInfo);
+ if (ret)
+ goto out;
+ r.certificationRequestInfo.attributes =
+ calloc(1, sizeof(*r.certificationRequestInfo.attributes));
+ if (r.certificationRequestInfo.attributes == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length,
+ &r.certificationRequestInfo, &size, ret);
+ if (ret)
+ goto out;
+ if (data.length != size)
+ abort();
+
+ ret = _hx509_create_signature(context,
+ signer,
+ _hx509_crypto_default_sig_alg,
+ &data,
+ &r.signatureAlgorithm,
+ &os);
+ free(data.data);
+ if (ret)
+ goto out;
+ r.signature.data = os.data;
+ r.signature.length = os.length * 8;
+
+ ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length,
+ &r, &size, ret);
+ if (ret)
+ goto out;
+ if (data.length != size)
+ abort();
+
+ *request = data;
+
+out:
+ free_CertificationRequest(&r);
+
+ return ret;
+}
+
+int
+_hx509_request_parse(hx509_context context,
+ const char *path,
+ hx509_request *req)
+{
+ CertificationRequest r;
+ CertificationRequestInfo *rinfo;
+ hx509_name subject;
+ size_t len, size;
+ void *p;
+ int ret;
+
+ if (strncmp(path, "PKCS10:", 7) != 0) {
+ hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
+ "unsupport type in %s", path);
+ return HX509_UNSUPPORTED_OPERATION;
+ }
+ path += 7;
+
+ /* XXX PEM request */
+
+ ret = _hx509_map_file(path, &p, &len, NULL);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to map file %s", path);
+ return ret;
+ }
+
+ ret = decode_CertificationRequest(p, len, &r, &size);
+ _hx509_unmap_file(p, len);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to decode %s", path);
+ return ret;
+ }
+
+ ret = _hx509_request_init(context, req);
+ if (ret) {
+ free_CertificationRequest(&r);
+ return ret;
+ }
+
+ rinfo = &r.certificationRequestInfo;
+
+ ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req,
+ &rinfo->subjectPKInfo);
+ if (ret) {
+ free_CertificationRequest(&r);
+ _hx509_request_free(req);
+ return ret;
+ }
+
+ ret = _hx509_name_from_Name(&rinfo->subject, &subject);
+ if (ret) {
+ free_CertificationRequest(&r);
+ _hx509_request_free(req);
+ return ret;
+ }
+ ret = _hx509_request_set_name(context, *req, subject);
+ hx509_name_free(&subject);
+ free_CertificationRequest(&r);
+ if (ret) {
+ _hx509_request_free(req);
+ return ret;
+ }
+
+ return 0;
+}
+
+
+int
+_hx509_request_print(hx509_context context, hx509_request req, FILE *f)
+{
+ int ret;
+
+ if (req->name) {
+ char *subject;
+ ret = hx509_name_to_string(req->name, &subject);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "Failed to print name");
+ return ret;
+ }
+ fprintf(f, "name: %s\n", subject);
+ free(subject);
+ }
+
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/lib/hx509/revoke.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/revoke.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/revoke.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1525 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/**
+ * @page page_revoke Revocation methods
+ *
+ * There are two revocation method for PKIX/X.509: CRL and OCSP.
+ * Revocation is needed if the private key is lost and
+ * stolen. Depending on how picky you are, you might want to make
+ * revocation for destroyed private keys too (smartcard broken), but
+ * that should not be a problem.
+ *
+ * CRL is a list of certifiates that have expired.
+ *
+ * OCSP is an online checking method where the requestor sends a list
+ * of certificates to the OCSP server to return a signed reply if they
+ * are valid or not. Some services sends a OCSP reply as part of the
+ * hand-shake to make the revoktion decision simpler/faster for the
+ * client.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: revoke.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct revoke_crl {
+ char *path;
+ time_t last_modfied;
+ CRLCertificateList crl;
+ int verified;
+ int failed_verify;
+};
+
+struct revoke_ocsp {
+ char *path;
+ time_t last_modfied;
+ OCSPBasicOCSPResponse ocsp;
+ hx509_certs certs;
+ hx509_cert signer;
+};
+
+
+struct hx509_revoke_ctx_data {
+ unsigned ref;
+ struct {
+ struct revoke_crl *val;
+ size_t len;
+ } crls;
+ struct {
+ struct revoke_ocsp *val;
+ size_t len;
+ } ocsps;
+};
+
+/**
+ * Allocate a revokation context. Free with hx509_revoke_free().
+ *
+ * @param context A hx509 context.
+ * @param ctx returns a newly allocated revokation context.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_revoke
+ */
+
+int
+hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx)
+{
+ *ctx = calloc(1, sizeof(**ctx));
+ if (*ctx == NULL)
+ return ENOMEM;
+
+ (*ctx)->ref = 1;
+ (*ctx)->crls.len = 0;
+ (*ctx)->crls.val = NULL;
+ (*ctx)->ocsps.len = 0;
+ (*ctx)->ocsps.val = NULL;
+
+ return 0;
+}
+
+hx509_revoke_ctx
+_hx509_revoke_ref(hx509_revoke_ctx ctx)
+{
+ if (ctx == NULL)
+ return NULL;
+ if (ctx->ref <= 0)
+ _hx509_abort("revoke ctx refcount <= 0");
+ ctx->ref++;
+ if (ctx->ref == 0)
+ _hx509_abort("revoke ctx refcount == 0");
+ return ctx;
+}
+
+static void
+free_ocsp(struct revoke_ocsp *ocsp)
+{
+ free(ocsp->path);
+ free_OCSPBasicOCSPResponse(&ocsp->ocsp);
+ hx509_certs_free(&ocsp->certs);
+ hx509_cert_free(ocsp->signer);
+}
+
+/**
+ * Free a hx509 revokation context.
+ *
+ * @param ctx context to be freed
+ *
+ * @ingroup hx509_revoke
+ */
+
+void
+hx509_revoke_free(hx509_revoke_ctx *ctx)
+{
+ size_t i ;
+
+ if (ctx == NULL || *ctx == NULL)
+ return;
+
+ if ((*ctx)->ref <= 0)
+ _hx509_abort("revoke ctx refcount <= 0 on free");
+ if (--(*ctx)->ref > 0)
+ return;
+
+ for (i = 0; i < (*ctx)->crls.len; i++) {
+ free((*ctx)->crls.val[i].path);
+ free_CRLCertificateList(&(*ctx)->crls.val[i].crl);
+ }
+
+ for (i = 0; i < (*ctx)->ocsps.len; i++)
+ free_ocsp(&(*ctx)->ocsps.val[i]);
+ free((*ctx)->ocsps.val);
+
+ free((*ctx)->crls.val);
+
+ memset(*ctx, 0, sizeof(**ctx));
+ free(*ctx);
+ *ctx = NULL;
+}
+
+static int
+verify_ocsp(hx509_context context,
+ struct revoke_ocsp *ocsp,
+ time_t time_now,
+ hx509_certs certs,
+ hx509_cert parent)
+{
+ hx509_cert signer = NULL;
+ hx509_query q;
+ int ret;
+
+ _hx509_query_clear(&q);
+
+ /*
+ * Need to match on issuer too in case there are two CA that have
+ * issued the same name to a certificate. One example of this is
+ * the www.openvalidation.org test's ocsp validator.
+ */
+
+ q.match = HX509_QUERY_MATCH_ISSUER_NAME;
+ q.issuer_name = &_hx509_get_cert(parent)->tbsCertificate.issuer;
+
+ switch(ocsp->ocsp.tbsResponseData.responderID.element) {
+ case choice_OCSPResponderID_byName:
+ q.match |= HX509_QUERY_MATCH_SUBJECT_NAME;
+ q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName;
+ break;
+ case choice_OCSPResponderID_byKey:
+ q.match |= HX509_QUERY_MATCH_KEY_HASH_SHA1;
+ q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey;
+ break;
+ }
+
+ ret = hx509_certs_find(context, certs, &q, &signer);
+ if (ret && ocsp->certs)
+ ret = hx509_certs_find(context, ocsp->certs, &q, &signer);
+ if (ret)
+ goto out;
+
+ /*
+ * If signer certificate isn't the CA certificate, lets check the
+ * it is the CA that signed the signer certificate and the OCSP EKU
+ * is set.
+ */
+ if (hx509_cert_cmp(signer, parent) != 0) {
+ Certificate *p = _hx509_get_cert(parent);
+ Certificate *s = _hx509_get_cert(signer);
+
+ ret = _hx509_cert_is_parent_cmp(s, p, 0);
+ if (ret != 0) {
+ ret = HX509_PARENT_NOT_CA;
+ hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is "
+ "doesn't have CA as signer certificate");
+ goto out;
+ }
+
+ ret = _hx509_verify_signature_bitstring(context,
+ p,
+ &s->signatureAlgorithm,
+ &s->tbsCertificate._save,
+ &s->signatureValue);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "OSCP signer signature invalid");
+ goto out;
+ }
+
+ ret = hx509_cert_check_eku(context, signer,
+ oid_id_pkix_kp_OCSPSigning(), 0);
+ if (ret)
+ goto out;
+ }
+
+ ret = _hx509_verify_signature_bitstring(context,
+ _hx509_get_cert(signer),
+ &ocsp->ocsp.signatureAlgorithm,
+ &ocsp->ocsp.tbsResponseData._save,
+ &ocsp->ocsp.signature);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "OSCP signature invalid");
+ goto out;
+ }
+
+ ocsp->signer = signer;
+ signer = NULL;
+out:
+ if (signer)
+ hx509_cert_free(signer);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+static int
+parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
+{
+ OCSPResponse resp;
+ size_t size;
+ int ret;
+
+ memset(basic, 0, sizeof(*basic));
+
+ ret = decode_OCSPResponse(data, length, &resp, &size);
+ if (ret)
+ return ret;
+ if (length != size) {
+ free_OCSPResponse(&resp);
+ return ASN1_EXTRA_DATA;
+ }
+
+ switch (resp.responseStatus) {
+ case successful:
+ break;
+ default:
+ free_OCSPResponse(&resp);
+ return HX509_REVOKE_WRONG_DATA;
+ }
+
+ if (resp.responseBytes == NULL) {
+ free_OCSPResponse(&resp);
+ return EINVAL;
+ }
+
+ ret = der_heim_oid_cmp(&resp.responseBytes->responseType,
+ oid_id_pkix_ocsp_basic());
+ if (ret != 0) {
+ free_OCSPResponse(&resp);
+ return HX509_REVOKE_WRONG_DATA;
+ }
+
+ ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data,
+ resp.responseBytes->response.length,
+ basic,
+ &size);
+ if (ret) {
+ free_OCSPResponse(&resp);
+ return ret;
+ }
+ if (size != resp.responseBytes->response.length) {
+ free_OCSPResponse(&resp);
+ free_OCSPBasicOCSPResponse(basic);
+ return ASN1_EXTRA_DATA;
+ }
+ free_OCSPResponse(&resp);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static int
+load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
+{
+ OCSPBasicOCSPResponse basic;
+ hx509_certs certs = NULL;
+ size_t length;
+ struct stat sb;
+ void *data;
+ int ret;
+
+ ret = _hx509_map_file(ocsp->path, &data, &length, &sb);
+ if (ret)
+ return ret;
+
+ ret = parse_ocsp_basic(data, length, &basic);
+ _hx509_unmap_file(data, length);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to parse OCSP response");
+ return ret;
+ }
+
+ if (basic.certs) {
+ int i;
+
+ ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
+ NULL, &certs);
+ if (ret) {
+ free_OCSPBasicOCSPResponse(&basic);
+ return ret;
+ }
+
+ for (i = 0; i < basic.certs->len; i++) {
+ hx509_cert c;
+
+ ret = hx509_cert_init(context, &basic.certs->val[i], &c);
+ if (ret)
+ continue;
+
+ ret = hx509_certs_add(context, certs, c);
+ hx509_cert_free(c);
+ if (ret)
+ continue;
+ }
+ }
+
+ ocsp->last_modfied = sb.st_mtime;
+
+ free_OCSPBasicOCSPResponse(&ocsp->ocsp);
+ hx509_certs_free(&ocsp->certs);
+ hx509_cert_free(ocsp->signer);
+
+ ocsp->ocsp = basic;
+ ocsp->certs = certs;
+ ocsp->signer = NULL;
+
+ return 0;
+}
+
+/**
+ * Add a OCSP file to the revokation context.
+ *
+ * @param context hx509 context
+ * @param ctx hx509 revokation context
+ * @param path path to file that is going to be added to the context.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_revoke
+ */
+
+int
+hx509_revoke_add_ocsp(hx509_context context,
+ hx509_revoke_ctx ctx,
+ const char *path)
+{
+ void *data;
+ int ret;
+ size_t i;
+
+ if (strncmp(path, "FILE:", 5) != 0) {
+ hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
+ "unsupport type in %s", path);
+ return HX509_UNSUPPORTED_OPERATION;
+ }
+
+ path += 5;
+
+ for (i = 0; i < ctx->ocsps.len; i++) {
+ if (strcmp(ctx->ocsps.val[0].path, path) == 0)
+ return 0;
+ }
+
+ data = realloc(ctx->ocsps.val,
+ (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0]));
+ if (data == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ ctx->ocsps.val = data;
+
+ memset(&ctx->ocsps.val[ctx->ocsps.len], 0,
+ sizeof(ctx->ocsps.val[0]));
+
+ ctx->ocsps.val[ctx->ocsps.len].path = strdup(path);
+ if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]);
+ if (ret) {
+ free(ctx->ocsps.val[ctx->ocsps.len].path);
+ return ret;
+ }
+ ctx->ocsps.len++;
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+static int
+verify_crl(hx509_context context,
+ hx509_revoke_ctx ctx,
+ CRLCertificateList *crl,
+ time_t time_now,
+ hx509_certs certs,
+ hx509_cert parent)
+{
+ hx509_cert signer;
+ hx509_query q;
+ time_t t;
+ int ret;
+
+ t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate);
+ if (t > time_now) {
+ hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME,
+ "CRL used before time");
+ return HX509_CRL_USED_BEFORE_TIME;
+ }
+
+ if (crl->tbsCertList.nextUpdate == NULL) {
+ hx509_set_error_string(context, 0, HX509_CRL_INVALID_FORMAT,
+ "CRL missing nextUpdate");
+ return HX509_CRL_INVALID_FORMAT;
+ }
+
+ t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate);
+ if (t < time_now) {
+ hx509_set_error_string(context, 0, HX509_CRL_USED_AFTER_TIME,
+ "CRL used after time");
+ return HX509_CRL_USED_AFTER_TIME;
+ }
+
+ _hx509_query_clear(&q);
+
+ /*
+ * If it's the signer have CRLSIGN bit set, use that as the signer
+ * cert for the certificate, otherwise, search for a certificate.
+ */
+ if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) {
+ signer = hx509_cert_ref(parent);
+ } else {
+ q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
+ q.match |= HX509_QUERY_KU_CRLSIGN;
+ q.subject_name = &crl->tbsCertList.issuer;
+
+ ret = hx509_certs_find(context, certs, &q, &signer);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to find certificate for CRL");
+ return ret;
+ }
+ }
+
+ ret = _hx509_verify_signature_bitstring(context,
+ _hx509_get_cert(signer),
+ &crl->signatureAlgorithm,
+ &crl->tbsCertList._save,
+ &crl->signatureValue);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "CRL signature invalid");
+ goto out;
+ }
+
+ /*
+ * If signer is not CA cert, need to check revoke status of this
+ * CRL signing cert too, this include all parent CRL signer cert
+ * up to the root *sigh*, assume root at least hve CERTSIGN flag
+ * set.
+ */
+ while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) {
+ hx509_cert crl_parent;
+
+ _hx509_query_clear(&q);
+
+ q.match = HX509_QUERY_MATCH_SUBJECT_NAME;
+ q.match |= HX509_QUERY_KU_CRLSIGN;
+ q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer;
+
+ ret = hx509_certs_find(context, certs, &q, &crl_parent);
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to find parent of CRL signer");
+ goto out;
+ }
+
+ ret = hx509_revoke_verify(context,
+ ctx,
+ certs,
+ time_now,
+ signer,
+ crl_parent);
+ hx509_cert_free(signer);
+ signer = crl_parent;
+ if (ret) {
+ hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
+ "Failed to verify revoke "
+ "status of CRL signer");
+ goto out;
+ }
+ }
+
+out:
+ hx509_cert_free(signer);
+
+ return ret;
+}
+
+static int
+load_crl(const char *path, time_t *t, CRLCertificateList *crl)
+{
+ size_t length, size;
+ struct stat sb;
+ void *data;
+ int ret;
+
+ memset(crl, 0, sizeof(*crl));
+
+ ret = _hx509_map_file(path, &data, &length, &sb);
+ if (ret)
+ return ret;
+
+ *t = sb.st_mtime;
+
+ ret = decode_CRLCertificateList(data, length, crl, &size);
+ _hx509_unmap_file(data, length);
+ if (ret)
+ return ret;
+
+ /* check signature is aligned */
+ if (crl->signatureValue.length & 7) {
+ free_CRLCertificateList(crl);
+ return HX509_CRYPTO_SIG_INVALID_FORMAT;
+ }
+ return 0;
+}
+
+/**
+ * Add a CRL file to the revokation context.
+ *
+ * @param context hx509 context
+ * @param ctx hx509 revokation context
+ * @param path path to file that is going to be added to the context.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_revoke
+ */
+
+int
+hx509_revoke_add_crl(hx509_context context,
+ hx509_revoke_ctx ctx,
+ const char *path)
+{
+ void *data;
+ size_t i;
+ int ret;
+
+ if (strncmp(path, "FILE:", 5) != 0) {
+ hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
+ "unsupport type in %s", path);
+ return HX509_UNSUPPORTED_OPERATION;
+ }
+
+
+ path += 5;
+
+ for (i = 0; i < ctx->crls.len; i++) {
+ if (strcmp(ctx->crls.val[0].path, path) == 0)
+ return 0;
+ }
+
+ data = realloc(ctx->crls.val,
+ (ctx->crls.len + 1) * sizeof(ctx->crls.val[0]));
+ if (data == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ ctx->crls.val = data;
+
+ memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0]));
+
+ ctx->crls.val[ctx->crls.len].path = strdup(path);
+ if (ctx->crls.val[ctx->crls.len].path == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ ret = load_crl(path,
+ &ctx->crls.val[ctx->crls.len].last_modfied,
+ &ctx->crls.val[ctx->crls.len].crl);
+ if (ret) {
+ free(ctx->crls.val[ctx->crls.len].path);
+ return ret;
+ }
+
+ ctx->crls.len++;
+
+ return ret;
+}
+
+/**
+ * Check that a certificate is not expired according to a revokation
+ * context. Also need the parent certificte to the check OCSP
+ * parent identifier.
+ *
+ * @param context hx509 context
+ * @param ctx hx509 revokation context
+ * @param certs
+ * @param now
+ * @param cert
+ * @param parent_cert
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_revoke
+ */
+
+
+int
+hx509_revoke_verify(hx509_context context,
+ hx509_revoke_ctx ctx,
+ hx509_certs certs,
+ time_t now,
+ hx509_cert cert,
+ hx509_cert parent_cert)
+{
+ const Certificate *c = _hx509_get_cert(cert);
+ const Certificate *p = _hx509_get_cert(parent_cert);
+ unsigned long i, j, k;
+ int ret;
+
+ hx509_clear_error_string(context);
+
+ for (i = 0; i < ctx->ocsps.len; i++) {
+ struct revoke_ocsp *ocsp = &ctx->ocsps.val[i];
+ struct stat sb;
+
+ /* check this ocsp apply to this cert */
+
+ /* check if there is a newer version of the file */
+ ret = stat(ocsp->path, &sb);
+ if (ret == 0 && ocsp->last_modfied != sb.st_mtime) {
+ ret = load_ocsp(context, ocsp);
+ if (ret)
+ continue;
+ }
+
+ /* verify signature in ocsp if not already done */
+ if (ocsp->signer == NULL) {
+ ret = verify_ocsp(context, ocsp, now, certs, parent_cert);
+ if (ret)
+ continue;
+ }
+
+ for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) {
+ heim_octet_string os;
+
+ ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber,
+ &c->tbsCertificate.serialNumber);
+ if (ret != 0)
+ continue;
+
+ /* verify issuer hashes hash */
+ ret = _hx509_verify_signature(context,
+ NULL,
+ &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
+ &c->tbsCertificate.issuer._save,
+ &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
+ if (ret != 0)
+ continue;
+
+ os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
+ os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
+
+ ret = _hx509_verify_signature(context,
+ NULL,
+ &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm,
+ &os,
+ &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash);
+ if (ret != 0)
+ continue;
+
+ switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) {
+ case choice_OCSPCertStatus_good:
+ break;
+ case choice_OCSPCertStatus_revoked:
+ hx509_set_error_string(context, 0,
+ HX509_CERT_REVOKED,
+ "Certificate revoked by issuer in OCSP");
+ return HX509_CERT_REVOKED;
+ case choice_OCSPCertStatus_unknown:
+ continue;
+ }
+
+ /* don't allow the update to be in the future */
+ if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate >
+ now + context->ocsp_time_diff)
+ continue;
+
+ /* don't allow the next update to be in the past */
+ if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
+ if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
+ continue;
+ } else
+ /* Should force a refetch, but can we ? */;
+
+ return 0;
+ }
+ }
+
+ for (i = 0; i < ctx->crls.len; i++) {
+ struct revoke_crl *crl = &ctx->crls.val[i];
+ struct stat sb;
+
+ /* check if cert.issuer == crls.val[i].crl.issuer */
+ ret = _hx509_name_cmp(&c->tbsCertificate.issuer,
+ &crl->crl.tbsCertList.issuer);
+ if (ret)
+ continue;
+
+ ret = stat(crl->path, &sb);
+ if (ret == 0 && crl->last_modfied != sb.st_mtime) {
+ CRLCertificateList cl;
+
+ ret = load_crl(crl->path, &crl->last_modfied, &cl);
+ if (ret == 0) {
+ free_CRLCertificateList(&crl->crl);
+ crl->crl = cl;
+ crl->verified = 0;
+ crl->failed_verify = 0;
+ }
+ }
+ if (crl->failed_verify)
+ continue;
+
+ /* verify signature in crl if not already done */
+ if (crl->verified == 0) {
+ ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert);
+ if (ret) {
+ crl->failed_verify = 1;
+ continue;
+ }
+ crl->verified = 1;
+ }
+
+ if (crl->crl.tbsCertList.crlExtensions) {
+ for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) {
+ if (crl->crl.tbsCertList.crlExtensions->val[j].critical) {
+ hx509_set_error_string(context, 0,
+ HX509_CRL_UNKNOWN_EXTENSION,
+ "Unknown CRL extension");
+ return HX509_CRL_UNKNOWN_EXTENSION;
+ }
+ }
+ }
+
+ if (crl->crl.tbsCertList.revokedCertificates == NULL)
+ return 0;
+
+ /* check if cert is in crl */
+ for (j = 0; j < crl->crl.tbsCertList.revokedCertificates->len; j++) {
+ time_t t;
+
+ ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate,
+ &c->tbsCertificate.serialNumber);
+ if (ret != 0)
+ continue;
+
+ t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate);
+ if (t > now)
+ continue;
+
+ if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
+ for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
+ if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
+ return HX509_CRL_UNKNOWN_EXTENSION;
+
+ hx509_set_error_string(context, 0,
+ HX509_CERT_REVOKED,
+ "Certificate revoked by issuer in CRL");
+ return HX509_CERT_REVOKED;
+ }
+
+ return 0;
+ }
+
+
+ if (context->flags & HX509_CTX_VERIFY_MISSING_OK)
+ return 0;
+ hx509_set_error_string(context, HX509_ERROR_APPEND,
+ HX509_REVOKE_STATUS_MISSING,
+ "No revoke status found for "
+ "certificates");
+ return HX509_REVOKE_STATUS_MISSING;
+}
+
+struct ocsp_add_ctx {
+ OCSPTBSRequest *req;
+ hx509_certs certs;
+ const AlgorithmIdentifier *digest;
+ hx509_cert parent;
+};
+
+static int
+add_to_req(hx509_context context, void *ptr, hx509_cert cert)
+{
+ struct ocsp_add_ctx *ctx = ptr;
+ OCSPInnerRequest *one;
+ hx509_cert parent = NULL;
+ Certificate *p, *c = _hx509_get_cert(cert);
+ heim_octet_string os;
+ int ret;
+ hx509_query q;
+ void *d;
+
+ d = realloc(ctx->req->requestList.val,
+ sizeof(ctx->req->requestList.val[0]) *
+ (ctx->req->requestList.len + 1));
+ if (d == NULL)
+ return ENOMEM;
+ ctx->req->requestList.val = d;
+
+ one = &ctx->req->requestList.val[ctx->req->requestList.len];
+ memset(one, 0, sizeof(*one));
+
+ _hx509_query_clear(&q);
+
+ q.match |= HX509_QUERY_FIND_ISSUER_CERT;
+ q.subject = c;
+
+ ret = hx509_certs_find(context, ctx->certs, &q, &parent);
+ if (ret)
+ goto out;
+
+ if (ctx->parent) {
+ if (hx509_cert_cmp(ctx->parent, parent) != 0) {
+ ret = HX509_REVOKE_NOT_SAME_PARENT;
+ hx509_set_error_string(context, 0, ret,
+ "Not same parent certifate as "
+ "last certificate in request");
+ goto out;
+ }
+ } else
+ ctx->parent = hx509_cert_ref(parent);
+
+ p = _hx509_get_cert(parent);
+
+ ret = copy_AlgorithmIdentifier(ctx->digest, &one->reqCert.hashAlgorithm);
+ if (ret)
+ goto out;
+
+ ret = _hx509_create_signature(context,
+ NULL,
+ &one->reqCert.hashAlgorithm,
+ &c->tbsCertificate.issuer._save,
+ NULL,
+ &one->reqCert.issuerNameHash);
+ if (ret)
+ goto out;
+
+ os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
+ os.length =
+ p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
+
+ ret = _hx509_create_signature(context,
+ NULL,
+ &one->reqCert.hashAlgorithm,
+ &os,
+ NULL,
+ &one->reqCert.issuerKeyHash);
+ if (ret)
+ goto out;
+
+ ret = copy_CertificateSerialNumber(&c->tbsCertificate.serialNumber,
+ &one->reqCert.serialNumber);
+ if (ret)
+ goto out;
+
+ ctx->req->requestList.len++;
+out:
+ hx509_cert_free(parent);
+ if (ret) {
+ free_OCSPInnerRequest(one);
+ memset(one, 0, sizeof(*one));
+ }
+
+ return ret;
+}
+
+/**
+ * Create an OCSP request for a set of certificates.
+ *
+ * @param context a hx509 context
+ * @param reqcerts list of certificates to request ocsp data for
+ * @param pool certificate pool to use when signing
+ * @param signer certificate to use to sign the request
+ * @param digest the signing algorithm in the request, if NULL use the
+ * default signature algorithm,
+ * @param request the encoded request, free with free_heim_octet_string().
+ * @param nonce nonce in the request, free with free_heim_octet_string().
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_revoke
+ */
+
+int
+hx509_ocsp_request(hx509_context context,
+ hx509_certs reqcerts,
+ hx509_certs pool,
+ hx509_cert signer,
+ const AlgorithmIdentifier *digest,
+ heim_octet_string *request,
+ heim_octet_string *nonce)
+{
+ OCSPRequest req;
+ size_t size;
+ int ret;
+ struct ocsp_add_ctx ctx;
+ Extensions *es;
+
+ memset(&req, 0, sizeof(req));
+
+ if (digest == NULL)
+ digest = _hx509_crypto_default_digest_alg;
+
+ ctx.req = &req.tbsRequest;
+ ctx.certs = pool;
+ ctx.digest = digest;
+ ctx.parent = NULL;
+
+ ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx);
+ hx509_cert_free(ctx.parent);
+ if (ret)
+ goto out;
+
+ if (nonce) {
+ req.tbsRequest.requestExtensions =
+ calloc(1, sizeof(*req.tbsRequest.requestExtensions));
+ if (req.tbsRequest.requestExtensions == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ es = req.tbsRequest.requestExtensions;
+
+ es->val = calloc(es->len, sizeof(es->val[0]));
+ if (es->val == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ es->len = 1;
+
+ ret = der_copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID);
+ if (ret) {
+ free_OCSPRequest(&req);
+ return ret;
+ }
+
+ es->val[0].extnValue.data = malloc(10);
+ if (es->val[0].extnValue.data == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ es->val[0].extnValue.length = 10;
+
+ ret = RAND_bytes(es->val[0].extnValue.data,
+ es->val[0].extnValue.length);
+ if (ret != 1) {
+ ret = HX509_CRYPTO_INTERNAL_ERROR;
+ goto out;
+ }
+ ret = der_copy_octet_string(nonce, &es->val[0].extnValue);
+ if (ret) {
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length,
+ &req, &size, ret);
+ free_OCSPRequest(&req);
+ if (ret)
+ goto out;
+ if (size != request->length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ return 0;
+
+out:
+ free_OCSPRequest(&req);
+ return ret;
+}
+
+static char *
+printable_time(time_t t)
+{
+ static char s[128];
+ strlcpy(s, ctime(&t)+ 4, sizeof(s));
+ s[20] = 0;
+ return s;
+}
+
+/**
+ * Print the OCSP reply stored in a file.
+ *
+ * @param context a hx509 context
+ * @param path path to a file with a OCSP reply
+ * @param out the out FILE descriptor to print the reply on
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_revoke
+ */
+
+int
+hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
+{
+ struct revoke_ocsp ocsp;
+ int ret, i;
+
+ if (out == NULL)
+ out = stdout;
+
+ memset(&ocsp, 0, sizeof(ocsp));
+
+ ocsp.path = strdup(path);
+ if (ocsp.path == NULL)
+ return ENOMEM;
+
+ ret = load_ocsp(context, &ocsp);
+ if (ret) {
+ free_ocsp(&ocsp);
+ return ret;
+ }
+
+ fprintf(out, "signer: ");
+
+ switch(ocsp.ocsp.tbsResponseData.responderID.element) {
+ case choice_OCSPResponderID_byName: {
+ hx509_name n;
+ char *s;
+ _hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n);
+ hx509_name_to_string(n, &s);
+ hx509_name_free(&n);
+ fprintf(out, " byName: %s\n", s);
+ free(s);
+ break;
+ }
+ case choice_OCSPResponderID_byKey: {
+ char *s;
+ hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data,
+ ocsp.ocsp.tbsResponseData.responderID.u.byKey.length,
+ &s);
+ fprintf(out, " byKey: %s\n", s);
+ free(s);
+ break;
+ }
+ default:
+ _hx509_abort("choice_OCSPResponderID unknown");
+ break;
+ }
+
+ fprintf(out, "producedAt: %s\n",
+ printable_time(ocsp.ocsp.tbsResponseData.producedAt));
+
+ fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len);
+
+ for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) {
+ const char *status;
+ switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) {
+ case choice_OCSPCertStatus_good:
+ status = "good";
+ break;
+ case choice_OCSPCertStatus_revoked:
+ status = "revoked";
+ break;
+ case choice_OCSPCertStatus_unknown:
+ status = "unknown";
+ break;
+ default:
+ status = "element unknown";
+ }
+
+ fprintf(out, "\t%d. status: %s\n", i, status);
+
+ fprintf(out, "\tthisUpdate: %s\n",
+ printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
+ if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate)
+ fprintf(out, "\tproducedAt: %s\n",
+ printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
+
+ }
+
+ fprintf(out, "appended certs:\n");
+ if (ocsp.certs)
+ ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out);
+
+ free_ocsp(&ocsp);
+ return ret;
+}
+
+/**
+ * Verify that the certificate is part of the OCSP reply and it's not
+ * expired. Doesn't verify signature the OCSP reply or it's done by a
+ * authorized sender, that is assumed to be already done.
+ *
+ * @param context a hx509 context
+ * @param now the time right now, if 0, use the current time.
+ * @param cert the certificate to verify
+ * @param flags flags control the behavior
+ * @param data pointer to the encode ocsp reply
+ * @param length the length of the encode ocsp reply
+ * @param expiration return the time the OCSP will expire and need to
+ * be rechecked.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_ocsp_verify(hx509_context context,
+ time_t now,
+ hx509_cert cert,
+ int flags,
+ const void *data, size_t length,
+ time_t *expiration)
+{
+ const Certificate *c = _hx509_get_cert(cert);
+ OCSPBasicOCSPResponse basic;
+ int ret, i;
+
+ if (now == 0)
+ now = time(NULL);
+
+ *expiration = 0;
+
+ ret = parse_ocsp_basic(data, length, &basic);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret,
+ "Failed to parse OCSP response");
+ return ret;
+ }
+
+ for (i = 0; i < basic.tbsResponseData.responses.len; i++) {
+
+ ret = der_heim_integer_cmp(&basic.tbsResponseData.responses.val[i].certID.serialNumber,
+ &c->tbsCertificate.serialNumber);
+ if (ret != 0)
+ continue;
+
+ /* verify issuer hashes hash */
+ ret = _hx509_verify_signature(context,
+ NULL,
+ &basic.tbsResponseData.responses.val[i].certID.hashAlgorithm,
+ &c->tbsCertificate.issuer._save,
+ &basic.tbsResponseData.responses.val[i].certID.issuerNameHash);
+ if (ret != 0)
+ continue;
+
+ switch (basic.tbsResponseData.responses.val[i].certStatus.element) {
+ case choice_OCSPCertStatus_good:
+ break;
+ case choice_OCSPCertStatus_revoked:
+ case choice_OCSPCertStatus_unknown:
+ continue;
+ }
+
+ /* don't allow the update to be in the future */
+ if (basic.tbsResponseData.responses.val[i].thisUpdate >
+ now + context->ocsp_time_diff)
+ continue;
+
+ /* don't allow the next update to be in the past */
+ if (basic.tbsResponseData.responses.val[i].nextUpdate) {
+ if (*basic.tbsResponseData.responses.val[i].nextUpdate < now)
+ continue;
+ *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate;
+ } else
+ *expiration = now;
+
+ free_OCSPBasicOCSPResponse(&basic);
+ return 0;
+ }
+
+ free_OCSPBasicOCSPResponse(&basic);
+
+ {
+ hx509_name name;
+ char *subject;
+
+ ret = hx509_cert_get_subject(cert, &name);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ ret = hx509_name_to_string(name, &subject);
+ hx509_name_free(&name);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+ hx509_set_error_string(context, 0, HX509_CERT_NOT_IN_OCSP,
+ "Certificate %s not in OCSP response "
+ "or not good",
+ subject);
+ free(subject);
+ }
+out:
+ return HX509_CERT_NOT_IN_OCSP;
+}
+
+struct hx509_crl {
+ hx509_certs revoked;
+ time_t expire;
+};
+
+/**
+ * Create a CRL context. Use hx509_crl_free() to free the CRL context.
+ *
+ * @param context a hx509 context.
+ * @param crl return pointer to a newly allocated CRL context.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_crl_alloc(hx509_context context, hx509_crl *crl)
+{
+ int ret;
+
+ *crl = calloc(1, sizeof(**crl));
+ if (*crl == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked);
+ if (ret) {
+ free(*crl);
+ *crl = NULL;
+ return ret;
+ }
+ (*crl)->expire = 0;
+ return ret;
+}
+
+/**
+ * Add revoked certificate to an CRL context.
+ *
+ * @param context a hx509 context.
+ * @param crl the CRL to add the revoked certificate to.
+ * @param certs keyset of certificate to revoke.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_crl_add_revoked_certs(hx509_context context,
+ hx509_crl crl,
+ hx509_certs certs)
+{
+ return hx509_certs_merge(context, crl->revoked, certs);
+}
+
+/**
+ * Set the lifetime of a CRL context.
+ *
+ * @param context a hx509 context.
+ * @param crl a CRL context
+ * @param delta delta time the certificate is valid, library adds the
+ * current time to this.
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta)
+{
+ crl->expire = time(NULL) + delta;
+ return 0;
+}
+
+/**
+ * Free a CRL context.
+ *
+ * @param context a hx509 context.
+ * @param crl a CRL context to free.
+ *
+ * @ingroup hx509_verify
+ */
+
+void
+hx509_crl_free(hx509_context context, hx509_crl *crl)
+{
+ if (*crl == NULL)
+ return;
+ hx509_certs_free(&(*crl)->revoked);
+ memset(*crl, 0, sizeof(**crl));
+ free(*crl);
+ *crl = NULL;
+}
+
+static int
+add_revoked(hx509_context context, void *ctx, hx509_cert cert)
+{
+ TBSCRLCertList *c = ctx;
+ unsigned int num;
+ void *ptr;
+ int ret;
+
+ num = c->revokedCertificates->len;
+ ptr = realloc(c->revokedCertificates->val,
+ (num + 1) * sizeof(c->revokedCertificates->val[0]));
+ if (ptr == NULL) {
+ hx509_clear_error_string(context);
+ return ENOMEM;
+ }
+ c->revokedCertificates->val = ptr;
+
+ ret = hx509_cert_get_serialnumber(cert,
+ &c->revokedCertificates->val[num].userCertificate);
+ if (ret) {
+ hx509_clear_error_string(context);
+ return ret;
+ }
+ c->revokedCertificates->val[num].revocationDate.element =
+ choice_Time_generalTime;
+ c->revokedCertificates->val[num].revocationDate.u.generalTime =
+ time(NULL) - 3600 * 24;
+ c->revokedCertificates->val[num].crlEntryExtensions = NULL;
+
+ c->revokedCertificates->len++;
+
+ return 0;
+}
+
+/**
+ * Sign a CRL and return an encode certificate.
+ *
+ * @param context a hx509 context.
+ * @param signer certificate to sign the CRL with
+ * @param crl the CRL to sign
+ * @param os return the signed and encoded CRL, free with
+ * free_heim_octet_string()
+ *
+ * @return An hx509 error code, see hx509_get_error_string().
+ *
+ * @ingroup hx509_verify
+ */
+
+int
+hx509_crl_sign(hx509_context context,
+ hx509_cert signer,
+ hx509_crl crl,
+ heim_octet_string *os)
+{
+ const AlgorithmIdentifier *sigalg = _hx509_crypto_default_sig_alg;
+ CRLCertificateList c;
+ size_t size;
+ int ret;
+ hx509_private_key signerkey;
+
+ memset(&c, 0, sizeof(c));
+
+ signerkey = _hx509_cert_private_key(signer);
+ if (signerkey == NULL) {
+ ret = HX509_PRIVATE_KEY_MISSING;
+ hx509_set_error_string(context, 0, ret,
+ "Private key missing for CRL signing");
+ return ret;
+ }
+
+ c.tbsCertList.version = malloc(sizeof(*c.tbsCertList.version));
+ if (c.tbsCertList.version == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ return ENOMEM;
+ }
+
+ *c.tbsCertList.version = 1;
+
+ ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer,
+ &c.tbsCertList.issuer);
+ if (ret) {
+ hx509_clear_error_string(context);
+ goto out;
+ }
+
+ c.tbsCertList.thisUpdate.element = choice_Time_generalTime;
+ c.tbsCertList.thisUpdate.u.generalTime = time(NULL) - 24 * 3600;
+
+ c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate));
+ if (c.tbsCertList.nextUpdate == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ {
+ time_t next = crl->expire;
+ if (next == 0)
+ next = time(NULL) + 24 * 3600 * 365;
+
+ c.tbsCertList.nextUpdate->element = choice_Time_generalTime;
+ c.tbsCertList.nextUpdate->u.generalTime = next;
+ }
+
+ c.tbsCertList.revokedCertificates =
+ calloc(1, sizeof(*c.tbsCertList.revokedCertificates));
+ if (c.tbsCertList.revokedCertificates == NULL) {
+ hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ c.tbsCertList.crlExtensions = NULL;
+
+ ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList);
+ if (ret)
+ goto out;
+
+ /* if not revoked certs, remove OPTIONAL entry */
+ if (c.tbsCertList.revokedCertificates->len == 0) {
+ free(c.tbsCertList.revokedCertificates);
+ c.tbsCertList.revokedCertificates = NULL;
+ }
+
+ ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length,
+ &c.tbsCertList, &size, ret);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL");
+ goto out;
+ }
+ if (size != os->length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+
+ ret = _hx509_create_signature_bitstring(context,
+ signerkey,
+ sigalg,
+ os,
+ &c.signatureAlgorithm,
+ &c.signatureValue);
+ free(os->data);
+
+ ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length,
+ &c, &size, ret);
+ free_CRLCertificateList(&c);
+ if (ret) {
+ hx509_set_error_string(context, 0, ret, "failed to encode CRL");
+ goto out;
+ }
+ if (size != os->length)
+ _hx509_abort("internal ASN.1 encoder error");
+
+ return 0;
+
+out:
+ free_CRLCertificateList(&c);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/softp11.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/softp11.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/softp11.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1740 @@
+/*
+ * Copyright (c) 2004 - 2008 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+#include "pkcs11.h"
+
+#define OBJECT_ID_MASK 0xfff
+#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK)
+#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle)
+
+
+struct st_attr {
+ CK_ATTRIBUTE attribute;
+ int secret;
+};
+
+struct st_object {
+ CK_OBJECT_HANDLE object_handle;
+ struct st_attr *attrs;
+ int num_attributes;
+ hx509_cert cert;
+};
+
+static struct soft_token {
+ CK_VOID_PTR application;
+ CK_NOTIFY notify;
+ char *config_file;
+ hx509_certs certs;
+ struct {
+ struct st_object **objs;
+ int num_objs;
+ } object;
+ struct {
+ int hardware_slot;
+ int app_error_fatal;
+ int login_done;
+ } flags;
+ int open_sessions;
+ struct session_state {
+ CK_SESSION_HANDLE session_handle;
+
+ struct {
+ CK_ATTRIBUTE *attributes;
+ CK_ULONG num_attributes;
+ int next_object;
+ } find;
+
+ int sign_object;
+ CK_MECHANISM_PTR sign_mechanism;
+ int verify_object;
+ CK_MECHANISM_PTR verify_mechanism;
+ } state[10];
+#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
+ FILE *logfile;
+} soft_token;
+
+static hx509_context context;
+
+static void
+application_error(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+ if (soft_token.flags.app_error_fatal)
+ abort();
+}
+
+static void
+st_logf(const char *fmt, ...)
+{
+ va_list ap;
+ if (soft_token.logfile == NULL)
+ return;
+ va_start(ap, fmt);
+ vfprintf(soft_token.logfile, fmt, ap);
+ va_end(ap);
+ fflush(soft_token.logfile);
+}
+
+static CK_RV
+init_context(void)
+{
+ if (context == NULL) {
+ int ret = hx509_context_init(&context);
+ if (ret)
+ return CKR_GENERAL_ERROR;
+ }
+ return CKR_OK;
+}
+
+#define INIT_CONTEXT() { CK_RV icret = init_context(); if (icret) return icret; }
+
+static void
+snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
+{
+ int len;
+ va_list ap;
+ len = vsnprintf(str, size, fmt, ap);
+ va_end(ap);
+ if (len < 0 || len > size)
+ return;
+ while(len < size)
+ str[len++] = fillchar;
+}
+
+#ifndef TEST_APP
+#define printf error_use_st_logf
+#endif
+
+#define VERIFY_SESSION_HANDLE(s, state) \
+{ \
+ CK_RV ret; \
+ ret = verify_session_handle(s, state); \
+ if (ret != CKR_OK) { \
+ /* return CKR_OK */; \
+ } \
+}
+
+static CK_RV
+verify_session_handle(CK_SESSION_HANDLE hSession,
+ struct session_state **state)
+{
+ int i;
+
+ for (i = 0; i < MAX_NUM_SESSION; i++){
+ if (soft_token.state[i].session_handle == hSession)
+ break;
+ }
+ if (i == MAX_NUM_SESSION) {
+ application_error("use of invalid handle: 0x%08lx\n",
+ (unsigned long)hSession);
+ return CKR_SESSION_HANDLE_INVALID;
+ }
+ if (state)
+ *state = &soft_token.state[i];
+ return CKR_OK;
+}
+
+static CK_RV
+object_handle_to_object(CK_OBJECT_HANDLE handle,
+ struct st_object **object)
+{
+ int i = HANDLE_OBJECT_ID(handle);
+
+ *object = NULL;
+ if (i >= soft_token.object.num_objs)
+ return CKR_ARGUMENTS_BAD;
+ if (soft_token.object.objs[i] == NULL)
+ return CKR_ARGUMENTS_BAD;
+ if (soft_token.object.objs[i]->object_handle != handle)
+ return CKR_ARGUMENTS_BAD;
+ *object = soft_token.object.objs[i];
+ return CKR_OK;
+}
+
+static int
+attributes_match(const struct st_object *obj,
+ const CK_ATTRIBUTE *attributes,
+ CK_ULONG num_attributes)
+{
+ CK_ULONG i;
+ int j;
+
+ st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
+
+ for (i = 0; i < num_attributes; i++) {
+ int match = 0;
+ for (j = 0; j < obj->num_attributes; j++) {
+ if (attributes[i].type == obj->attrs[j].attribute.type &&
+ attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
+ memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
+ attributes[i].ulValueLen) == 0) {
+ match = 1;
+ break;
+ }
+ }
+ if (match == 0) {
+ st_logf("type %d attribute have no match\n", attributes[i].type);
+ return 0;
+ }
+ }
+ st_logf("attribute matches\n");
+ return 1;
+}
+
+static void
+print_attributes(const CK_ATTRIBUTE *attributes,
+ CK_ULONG num_attributes)
+{
+ CK_ULONG i;
+
+ st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
+
+ for (i = 0; i < num_attributes; i++) {
+ st_logf(" type: ");
+ switch (attributes[i].type) {
+ case CKA_TOKEN: {
+ CK_BBOOL *ck_true;
+ if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
+ application_error("token attribute wrong length\n");
+ break;
+ }
+ ck_true = attributes[i].pValue;
+ st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
+ break;
+ }
+ case CKA_CLASS: {
+ CK_OBJECT_CLASS *class;
+ if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
+ application_error("class attribute wrong length\n");
+ break;
+ }
+ class = attributes[i].pValue;
+ st_logf("class ");
+ switch (*class) {
+ case CKO_CERTIFICATE:
+ st_logf("certificate");
+ break;
+ case CKO_PUBLIC_KEY:
+ st_logf("public key");
+ break;
+ case CKO_PRIVATE_KEY:
+ st_logf("private key");
+ break;
+ case CKO_SECRET_KEY:
+ st_logf("secret key");
+ break;
+ case CKO_DOMAIN_PARAMETERS:
+ st_logf("domain parameters");
+ break;
+ default:
+ st_logf("[class %lx]", (long unsigned)*class);
+ break;
+ }
+ break;
+ }
+ case CKA_PRIVATE:
+ st_logf("private");
+ break;
+ case CKA_LABEL:
+ st_logf("label");
+ break;
+ case CKA_APPLICATION:
+ st_logf("application");
+ break;
+ case CKA_VALUE:
+ st_logf("value");
+ break;
+ case CKA_ID:
+ st_logf("id");
+ break;
+ default:
+ st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
+ break;
+ }
+ st_logf("\n");
+ }
+}
+
+static struct st_object *
+add_st_object(void)
+{
+ struct st_object *o, **objs;
+ int i;
+
+ o = malloc(sizeof(*o));
+ if (o == NULL)
+ return NULL;
+ memset(o, 0, sizeof(*o));
+ o->attrs = NULL;
+ o->num_attributes = 0;
+
+ for (i = 0; i < soft_token.object.num_objs; i++) {
+ if (soft_token.object.objs == NULL) {
+ soft_token.object.objs[i] = o;
+ break;
+ }
+ }
+ if (i == soft_token.object.num_objs) {
+ objs = realloc(soft_token.object.objs,
+ (soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0]));
+ if (objs == NULL) {
+ free(o);
+ return NULL;
+ }
+ soft_token.object.objs = objs;
+ soft_token.object.objs[soft_token.object.num_objs++] = o;
+ }
+ soft_token.object.objs[i]->object_handle =
+ (random() & (~OBJECT_ID_MASK)) | i;
+
+ return o;
+}
+
+static CK_RV
+add_object_attribute(struct st_object *o,
+ int secret,
+ CK_ATTRIBUTE_TYPE type,
+ CK_VOID_PTR pValue,
+ CK_ULONG ulValueLen)
+{
+ struct st_attr *a;
+ int i;
+
+ i = o->num_attributes;
+ a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
+ if (a == NULL)
+ return CKR_DEVICE_MEMORY;
+ o->attrs = a;
+ o->attrs[i].secret = secret;
+ o->attrs[i].attribute.type = type;
+ o->attrs[i].attribute.pValue = malloc(ulValueLen);
+ if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
+ return CKR_DEVICE_MEMORY;
+ memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
+ o->attrs[i].attribute.ulValueLen = ulValueLen;
+ o->num_attributes++;
+
+ return CKR_OK;
+}
+
+static CK_RV
+add_pubkey_info(hx509_context hxctx, struct st_object *o,
+ CK_KEY_TYPE key_type, hx509_cert cert)
+{
+ BIGNUM *num;
+ CK_BYTE *modulus = NULL;
+ size_t modulus_len = 0;
+ CK_ULONG modulus_bits = 0;
+ CK_BYTE *exponent = NULL;
+ size_t exponent_len = 0;
+
+ if (key_type != CKK_RSA)
+ return CKR_OK;
+ if (_hx509_cert_private_key(cert) == NULL)
+ return CKR_OK;
+
+ num = _hx509_private_key_get_internal(context,
+ _hx509_cert_private_key(cert),
+ "rsa-modulus");
+ if (num == NULL)
+ return CKR_GENERAL_ERROR;
+ modulus_bits = BN_num_bits(num);
+
+ modulus_len = BN_num_bytes(num);
+ modulus = malloc(modulus_len);
+ BN_bn2bin(num, modulus);
+ BN_free(num);
+
+ add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
+ add_object_attribute(o, 0, CKA_MODULUS_BITS,
+ &modulus_bits, sizeof(modulus_bits));
+
+ free(modulus);
+
+ num = _hx509_private_key_get_internal(context,
+ _hx509_cert_private_key(cert),
+ "rsa-exponent");
+ if (num == NULL)
+ return CKR_GENERAL_ERROR;
+
+ exponent_len = BN_num_bytes(num);
+ exponent = malloc(exponent_len);
+ BN_bn2bin(num, exponent);
+ BN_free(num);
+
+ add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
+ exponent, exponent_len);
+
+ free(exponent);
+
+ return CKR_OK;
+}
+
+
+struct foo {
+ char *label;
+ char *id;
+};
+
+static int
+add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
+{
+ struct foo *foo = (struct foo *)ctx;
+ struct st_object *o = NULL;
+ CK_OBJECT_CLASS type;
+ CK_BBOOL bool_true = CK_TRUE;
+ CK_BBOOL bool_false = CK_FALSE;
+ CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
+ CK_KEY_TYPE key_type;
+ CK_MECHANISM_TYPE mech_type;
+ CK_RV ret = CKR_GENERAL_ERROR;
+ int hret;
+ heim_octet_string cert_data, subject_data, issuer_data, serial_data;
+
+ st_logf("adding certificate\n");
+
+ serial_data.data = NULL;
+ serial_data.length = 0;
+ cert_data = subject_data = issuer_data = serial_data;
+
+ hret = hx509_cert_binary(hxctx, cert, &cert_data);
+ if (hret)
+ goto out;
+
+ {
+ hx509_name name;
+
+ hret = hx509_cert_get_issuer(cert, &name);
+ if (hret)
+ goto out;
+ hret = hx509_name_binary(name, &issuer_data);
+ hx509_name_free(&name);
+ if (hret)
+ goto out;
+
+ hret = hx509_cert_get_subject(cert, &name);
+ if (hret)
+ goto out;
+ hret = hx509_name_binary(name, &subject_data);
+ hx509_name_free(&name);
+ if (hret)
+ goto out;
+ }
+
+ {
+ AlgorithmIdentifier alg;
+
+ hret = hx509_cert_get_SPKI_AlgorithmIdentifier(context, cert, &alg);
+ if (hret) {
+ ret = CKR_DEVICE_MEMORY;
+ goto out;
+ }
+
+ key_type = CKK_RSA; /* XXX */
+
+ free_AlgorithmIdentifier(&alg);
+ }
+
+
+ type = CKO_CERTIFICATE;
+ o = add_st_object();
+ if (o == NULL) {
+ ret = CKR_DEVICE_MEMORY;
+ goto out;
+ }
+
+ o->cert = hx509_cert_ref(cert);
+
+ add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
+
+ add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
+ add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
+
+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
+ add_object_attribute(o, 0, CKA_ISSUER, issuer_data.data, issuer_data.length);
+ add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data.data, serial_data.length);
+ add_object_attribute(o, 0, CKA_VALUE, cert_data.data, cert_data.length);
+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
+
+ st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
+
+ type = CKO_PUBLIC_KEY;
+ o = add_st_object();
+ if (o == NULL) {
+ ret = CKR_DEVICE_MEMORY;
+ goto out;
+ }
+ o->cert = hx509_cert_ref(cert);
+
+ add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
+
+ add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
+ add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
+ add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
+ add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
+ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
+ mech_type = CKM_RSA_X_509;
+ add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
+
+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
+ add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
+
+ add_pubkey_info(hxctx, o, key_type, cert);
+
+ st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
+
+ if (hx509_cert_have_private_key(cert)) {
+ CK_FLAGS flags;
+
+ type = CKO_PRIVATE_KEY;
+ o = add_st_object();
+ if (o == NULL) {
+ ret = CKR_DEVICE_MEMORY;
+ goto out;
+ }
+ o->cert = hx509_cert_ref(cert);
+
+ add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
+ add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
+
+ add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
+ add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
+ add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
+ add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
+ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
+ mech_type = CKM_RSA_X_509;
+ add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
+
+ add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
+ add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
+ flags = 0;
+ add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
+
+ add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
+ add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
+ add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
+
+ add_pubkey_info(hxctx, o, key_type, cert);
+ }
+
+ ret = CKR_OK;
+ out:
+ if (ret != CKR_OK) {
+ st_logf("something went wrong when adding cert!\n");
+
+ /* XXX wack o */;
+ }
+ hx509_xfree(cert_data.data);
+ hx509_xfree(serial_data.data);
+ hx509_xfree(issuer_data.data);
+ hx509_xfree(subject_data.data);
+
+ return 0;
+}
+
+static CK_RV
+add_certificate(const char *cert_file,
+ const char *pin,
+ char *id,
+ char *label)
+{
+ hx509_certs certs;
+ hx509_lock lock = NULL;
+ int ret, flags = 0;
+
+ struct foo foo;
+ foo.id = id;
+ foo.label = label;
+
+ if (pin == NULL)
+ flags |= HX509_CERTS_UNPROTECT_ALL;
+
+ if (pin) {
+ char *str;
+ asprintf(&str, "PASS:%s", pin);
+
+ hx509_lock_init(context, &lock);
+ hx509_lock_command_string(lock, str);
+
+ memset(str, 0, strlen(str));
+ free(str);
+ }
+
+ ret = hx509_certs_init(context, cert_file, flags, lock, &certs);
+ if (ret) {
+ st_logf("failed to open file %s\n", cert_file);
+ return CKR_GENERAL_ERROR;
+ }
+
+ ret = hx509_certs_iter(context, certs, add_cert, &foo);
+ hx509_certs_free(&certs);
+ if (ret) {
+ st_logf("failed adding certs from file %s\n", cert_file);
+ return CKR_GENERAL_ERROR;
+ }
+
+ return CKR_OK;
+}
+
+static void
+find_object_final(struct session_state *state)
+{
+ if (state->find.attributes) {
+ CK_ULONG i;
+
+ for (i = 0; i < state->find.num_attributes; i++) {
+ if (state->find.attributes[i].pValue)
+ free(state->find.attributes[i].pValue);
+ }
+ free(state->find.attributes);
+ state->find.attributes = NULL;
+ state->find.num_attributes = 0;
+ state->find.next_object = -1;
+ }
+}
+
+static void
+reset_crypto_state(struct session_state *state)
+{
+ state->sign_object = -1;
+ if (state->sign_mechanism)
+ free(state->sign_mechanism);
+ state->sign_mechanism = NULL_PTR;
+ state->verify_object = -1;
+ if (state->verify_mechanism)
+ free(state->verify_mechanism);
+ state->verify_mechanism = NULL_PTR;
+}
+
+static void
+close_session(struct session_state *state)
+{
+ if (state->find.attributes) {
+ application_error("application didn't do C_FindObjectsFinal\n");
+ find_object_final(state);
+ }
+
+ state->session_handle = CK_INVALID_HANDLE;
+ soft_token.application = NULL_PTR;
+ soft_token.notify = NULL_PTR;
+ reset_crypto_state(state);
+}
+
+static const char *
+has_session(void)
+{
+ return soft_token.open_sessions > 0 ? "yes" : "no";
+}
+
+static CK_RV
+read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin)
+{
+ char buf[1024], *type, *s, *p;
+ int anchor;
+ FILE *f;
+ CK_RV ret = CKR_OK;
+ CK_RV failed = CKR_OK;
+
+ f = fopen(fn, "r");
+ if (f == NULL) {
+ st_logf("can't open configuration file %s\n", fn);
+ return CKR_GENERAL_ERROR;
+ }
+
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ buf[strcspn(buf, "\n")] = '\0';
+
+ anchor = 0;
+
+ st_logf("line: %s\n", buf);
+
+ p = buf;
+ while (isspace(*p))
+ p++;
+ if (*p == '#')
+ continue;
+ while (isspace(*p))
+ p++;
+
+ s = NULL;
+ type = strtok_r(p, "\t", &s);
+ if (type == NULL)
+ continue;
+
+ if (strcasecmp("certificate", type) == 0) {
+ char *cert, *id, *label;
+
+ id = strtok_r(NULL, "\t", &s);
+ if (id == NULL) {
+ st_logf("no id\n");
+ continue;
+ }
+ st_logf("id: %s\n", id);
+ label = strtok_r(NULL, "\t", &s);
+ if (label == NULL) {
+ st_logf("no label\n");
+ continue;
+ }
+ cert = strtok_r(NULL, "\t", &s);
+ if (cert == NULL) {
+ st_logf("no certfiicate store\n");
+ continue;
+ }
+
+ st_logf("adding: %s: %s in file %s\n", id, label, cert);
+
+ ret = add_certificate(cert, pin, id, label);
+ if (ret)
+ failed = ret;
+ } else if (strcasecmp("debug", type) == 0) {
+ char *name;
+
+ name = strtok_r(NULL, "\t", &s);
+ if (name == NULL) {
+ st_logf("no filename\n");
+ continue;
+ }
+
+ if (soft_token.logfile)
+ fclose(soft_token.logfile);
+
+ if (strcasecmp(name, "stdout") == 0)
+ soft_token.logfile = stdout;
+ else
+ soft_token.logfile = fopen(name, "a");
+ if (soft_token.logfile == NULL)
+ st_logf("failed to open file: %s\n", name);
+
+ } else if (strcasecmp("app-fatal", type) == 0) {
+ char *name;
+
+ name = strtok_r(NULL, "\t", &s);
+ if (name == NULL) {
+ st_logf("argument to app-fatal\n");
+ continue;
+ }
+
+ if (strcmp(name, "true") == 0 || strcmp(name, "on") == 0)
+ soft_token.flags.app_error_fatal = 1;
+ else if (strcmp(name, "false") == 0 || strcmp(name, "off") == 0)
+ soft_token.flags.app_error_fatal = 0;
+ else
+ st_logf("unknown app-fatal: %s\n", name);
+
+ } else {
+ st_logf("unknown type: %s\n", type);
+ }
+ }
+
+ fclose(f);
+
+ return failed;
+}
+
+static CK_RV
+func_not_supported(void)
+{
+ st_logf("function not supported\n");
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_Initialize(CK_VOID_PTR a)
+{
+ CK_C_INITIALIZE_ARGS_PTR args = a;
+ CK_RV ret;
+ int i;
+
+ st_logf("Initialize\n");
+
+ INIT_CONTEXT();
+
+ OpenSSL_add_all_algorithms();
+
+ srandom(getpid() ^ time(NULL));
+
+ for (i = 0; i < MAX_NUM_SESSION; i++) {
+ soft_token.state[i].session_handle = CK_INVALID_HANDLE;
+ soft_token.state[i].find.attributes = NULL;
+ soft_token.state[i].find.num_attributes = 0;
+ soft_token.state[i].find.next_object = -1;
+ reset_crypto_state(&soft_token.state[i]);
+ }
+
+ soft_token.flags.hardware_slot = 1;
+ soft_token.flags.app_error_fatal = 0;
+ soft_token.flags.login_done = 0;
+
+ soft_token.object.objs = NULL;
+ soft_token.object.num_objs = 0;
+
+ soft_token.logfile = NULL;
+#if 0
+ soft_token.logfile = stdout;
+#endif
+#if 0
+ soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
+#endif
+
+ if (a != NULL_PTR) {
+ st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
+ st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
+ st_logf("\tLockMutext\t%p\n", args->LockMutex);
+ st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
+ st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
+ }
+
+ {
+ char *fn = NULL, *home = NULL;
+
+ if (getuid() == geteuid()) {
+ fn = getenv("SOFTPKCS11RC");
+ if (fn)
+ fn = strdup(fn);
+ home = getenv("HOME");
+ }
+ if (fn == NULL && home == NULL) {
+ struct passwd *pw = getpwuid(getuid());
+ if(pw != NULL)
+ home = pw->pw_dir;
+ }
+ if (fn == NULL) {
+ if (home)
+ asprintf(&fn, "%s/.soft-token.rc", home);
+ else
+ fn = strdup("/etc/soft-token.rc");
+ }
+
+ soft_token.config_file = fn;
+ }
+
+ /*
+ * This operations doesn't return CKR_OK if any of the
+ * certificates failes to be unparsed (ie password protected).
+ */
+ ret = read_conf_file(soft_token.config_file, CKU_USER, NULL);
+ if (ret == CKR_OK)
+ soft_token.flags.login_done = 1;
+
+ return CKR_OK;
+}
+
+CK_RV
+C_Finalize(CK_VOID_PTR args)
+{
+ int i;
+
+ INIT_CONTEXT();
+
+ st_logf("Finalize\n");
+
+ for (i = 0; i < MAX_NUM_SESSION; i++) {
+ if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
+ application_error("application finalized without "
+ "closing session\n");
+ close_session(&soft_token.state[i]);
+ }
+ }
+
+ return CKR_OK;
+}
+
+CK_RV
+C_GetInfo(CK_INFO_PTR args)
+{
+ INIT_CONTEXT();
+
+ st_logf("GetInfo\n");
+
+ memset(args, 17, sizeof(*args));
+ args->cryptokiVersion.major = 2;
+ args->cryptokiVersion.minor = 10;
+ snprintf_fill((char *)args->manufacturerID,
+ sizeof(args->manufacturerID),
+ ' ',
+ "Heimdal hx509 SoftToken");
+ snprintf_fill((char *)args->libraryDescription,
+ sizeof(args->libraryDescription), ' ',
+ "Heimdal hx509 SoftToken");
+ args->libraryVersion.major = 2;
+ args->libraryVersion.minor = 0;
+
+ return CKR_OK;
+}
+
+extern CK_FUNCTION_LIST funcs;
+
+CK_RV
+C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+{
+ INIT_CONTEXT();
+
+ *ppFunctionList = &funcs;
+ return CKR_OK;
+}
+
+CK_RV
+C_GetSlotList(CK_BBOOL tokenPresent,
+ CK_SLOT_ID_PTR pSlotList,
+ CK_ULONG_PTR pulCount)
+{
+ INIT_CONTEXT();
+ st_logf("GetSlotList: %s\n",
+ tokenPresent ? "tokenPresent" : "token not Present");
+ if (pSlotList)
+ pSlotList[0] = 1;
+ *pulCount = 1;
+ return CKR_OK;
+}
+
+CK_RV
+C_GetSlotInfo(CK_SLOT_ID slotID,
+ CK_SLOT_INFO_PTR pInfo)
+{
+ INIT_CONTEXT();
+ st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
+
+ memset(pInfo, 18, sizeof(*pInfo));
+
+ if (slotID != 1)
+ return CKR_ARGUMENTS_BAD;
+
+ snprintf_fill((char *)pInfo->slotDescription,
+ sizeof(pInfo->slotDescription),
+ ' ',
+ "Heimdal hx509 SoftToken (slot)");
+ snprintf_fill((char *)pInfo->manufacturerID,
+ sizeof(pInfo->manufacturerID),
+ ' ',
+ "Heimdal hx509 SoftToken (slot)");
+ pInfo->flags = CKF_TOKEN_PRESENT;
+ if (soft_token.flags.hardware_slot)
+ pInfo->flags |= CKF_HW_SLOT;
+ pInfo->hardwareVersion.major = 1;
+ pInfo->hardwareVersion.minor = 0;
+ pInfo->firmwareVersion.major = 1;
+ pInfo->firmwareVersion.minor = 0;
+
+ return CKR_OK;
+}
+
+CK_RV
+C_GetTokenInfo(CK_SLOT_ID slotID,
+ CK_TOKEN_INFO_PTR pInfo)
+{
+ INIT_CONTEXT();
+ st_logf("GetTokenInfo: %s\n", has_session());
+
+ memset(pInfo, 19, sizeof(*pInfo));
+
+ snprintf_fill((char *)pInfo->label,
+ sizeof(pInfo->label),
+ ' ',
+ "Heimdal hx509 SoftToken (token)");
+ snprintf_fill((char *)pInfo->manufacturerID,
+ sizeof(pInfo->manufacturerID),
+ ' ',
+ "Heimdal hx509 SoftToken (token)");
+ snprintf_fill((char *)pInfo->model,
+ sizeof(pInfo->model),
+ ' ',
+ "Heimdal hx509 SoftToken (token)");
+ snprintf_fill((char *)pInfo->serialNumber,
+ sizeof(pInfo->serialNumber),
+ ' ',
+ "4711");
+ pInfo->flags =
+ CKF_TOKEN_INITIALIZED |
+ CKF_USER_PIN_INITIALIZED;
+
+ if (soft_token.flags.login_done == 0)
+ pInfo->flags |= CKF_LOGIN_REQUIRED;
+
+ /* CFK_RNG |
+ CKF_RESTORE_KEY_NOT_NEEDED |
+ */
+ pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
+ pInfo->ulSessionCount = soft_token.open_sessions;
+ pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
+ pInfo->ulRwSessionCount = soft_token.open_sessions;
+ pInfo->ulMaxPinLen = 1024;
+ pInfo->ulMinPinLen = 0;
+ pInfo->ulTotalPublicMemory = 4711;
+ pInfo->ulFreePublicMemory = 4712;
+ pInfo->ulTotalPrivateMemory = 4713;
+ pInfo->ulFreePrivateMemory = 4714;
+ pInfo->hardwareVersion.major = 2;
+ pInfo->hardwareVersion.minor = 0;
+ pInfo->firmwareVersion.major = 2;
+ pInfo->firmwareVersion.minor = 0;
+
+ return CKR_OK;
+}
+
+CK_RV
+C_GetMechanismList(CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE_PTR pMechanismList,
+ CK_ULONG_PTR pulCount)
+{
+ INIT_CONTEXT();
+ st_logf("GetMechanismList\n");
+
+ *pulCount = 1;
+ if (pMechanismList == NULL_PTR)
+ return CKR_OK;
+ pMechanismList[1] = CKM_RSA_PKCS;
+
+ return CKR_OK;
+}
+
+CK_RV
+C_GetMechanismInfo(CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE type,
+ CK_MECHANISM_INFO_PTR pInfo)
+{
+ INIT_CONTEXT();
+ st_logf("GetMechanismInfo: slot %d type: %d\n",
+ (int)slotID, (int)type);
+ memset(pInfo, 0, sizeof(*pInfo));
+
+ return CKR_OK;
+}
+
+CK_RV
+C_InitToken(CK_SLOT_ID slotID,
+ CK_UTF8CHAR_PTR pPin,
+ CK_ULONG ulPinLen,
+ CK_UTF8CHAR_PTR pLabel)
+{
+ INIT_CONTEXT();
+ st_logf("InitToken: slot %d\n", (int)slotID);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_OpenSession(CK_SLOT_ID slotID,
+ CK_FLAGS flags,
+ CK_VOID_PTR pApplication,
+ CK_NOTIFY Notify,
+ CK_SESSION_HANDLE_PTR phSession)
+{
+ int i;
+ INIT_CONTEXT();
+ st_logf("OpenSession: slot: %d\n", (int)slotID);
+
+ if (soft_token.open_sessions == MAX_NUM_SESSION)
+ return CKR_SESSION_COUNT;
+
+ soft_token.application = pApplication;
+ soft_token.notify = Notify;
+
+ for (i = 0; i < MAX_NUM_SESSION; i++)
+ if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
+ break;
+ if (i == MAX_NUM_SESSION)
+ abort();
+
+ soft_token.open_sessions++;
+
+ soft_token.state[i].session_handle =
+ (CK_SESSION_HANDLE)(random() & 0xfffff);
+ *phSession = soft_token.state[i].session_handle;
+
+ return CKR_OK;
+}
+
+CK_RV
+C_CloseSession(CK_SESSION_HANDLE hSession)
+{
+ struct session_state *state;
+ INIT_CONTEXT();
+ st_logf("CloseSession\n");
+
+ if (verify_session_handle(hSession, &state) != CKR_OK)
+ application_error("closed session not open");
+ else
+ close_session(state);
+
+ return CKR_OK;
+}
+
+CK_RV
+C_CloseAllSessions(CK_SLOT_ID slotID)
+{
+ int i;
+ INIT_CONTEXT();
+
+ st_logf("CloseAllSessions\n");
+
+ for (i = 0; i < MAX_NUM_SESSION; i++)
+ if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
+ close_session(&soft_token.state[i]);
+
+ return CKR_OK;
+}
+
+CK_RV
+C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+ CK_SESSION_INFO_PTR pInfo)
+{
+ st_logf("GetSessionInfo\n");
+ INIT_CONTEXT();
+
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+
+ memset(pInfo, 20, sizeof(*pInfo));
+
+ pInfo->slotID = 1;
+ if (soft_token.flags.login_done)
+ pInfo->state = CKS_RO_USER_FUNCTIONS;
+ else
+ pInfo->state = CKS_RO_PUBLIC_SESSION;
+ pInfo->flags = CKF_SERIAL_SESSION;
+ pInfo->ulDeviceError = 0;
+
+ return CKR_OK;
+}
+
+CK_RV
+C_Login(CK_SESSION_HANDLE hSession,
+ CK_USER_TYPE userType,
+ CK_UTF8CHAR_PTR pPin,
+ CK_ULONG ulPinLen)
+{
+ char *pin = NULL;
+ CK_RV ret;
+ INIT_CONTEXT();
+
+ st_logf("Login\n");
+
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+
+ if (pPin != NULL_PTR) {
+ asprintf(&pin, "%.*s", (int)ulPinLen, pPin);
+ st_logf("type: %d password: %s\n", (int)userType, pin);
+ }
+
+ /*
+ * Login
+ */
+
+ ret = read_conf_file(soft_token.config_file, userType, pin);
+ if (ret == CKR_OK)
+ soft_token.flags.login_done = 1;
+
+ free(pin);
+
+ return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
+}
+
+CK_RV
+C_Logout(CK_SESSION_HANDLE hSession)
+{
+ st_logf("Logout\n");
+ INIT_CONTEXT();
+
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_GetObjectSize(CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ULONG_PTR pulSize)
+{
+ st_logf("GetObjectSize\n");
+ INIT_CONTEXT();
+
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_GetAttributeValue(CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount)
+{
+ struct session_state *state;
+ struct st_object *obj;
+ CK_ULONG i;
+ CK_RV ret;
+ int j;
+
+ INIT_CONTEXT();
+
+ st_logf("GetAttributeValue: %lx\n",
+ (unsigned long)HANDLE_OBJECT_ID(hObject));
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
+ st_logf("object not found: %lx\n",
+ (unsigned long)HANDLE_OBJECT_ID(hObject));
+ return ret;
+ }
+
+ for (i = 0; i < ulCount; i++) {
+ st_logf(" getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
+ for (j = 0; j < obj->num_attributes; j++) {
+ if (obj->attrs[j].secret) {
+ pTemplate[i].ulValueLen = (CK_ULONG)-1;
+ break;
+ }
+ if (pTemplate[i].type == obj->attrs[j].attribute.type) {
+ if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
+ if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
+ memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
+ obj->attrs[j].attribute.ulValueLen);
+ }
+ pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
+ break;
+ }
+ }
+ if (j == obj->num_attributes) {
+ st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
+ pTemplate[i].ulValueLen = (CK_ULONG)-1;
+ }
+
+ }
+ return CKR_OK;
+}
+
+CK_RV
+C_FindObjectsInit(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount)
+{
+ struct session_state *state;
+
+ st_logf("FindObjectsInit\n");
+
+ INIT_CONTEXT();
+
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ if (state->find.next_object != -1) {
+ application_error("application didn't do C_FindObjectsFinal\n");
+ find_object_final(state);
+ }
+ if (ulCount) {
+ CK_ULONG i;
+
+ print_attributes(pTemplate, ulCount);
+
+ state->find.attributes =
+ calloc(1, ulCount * sizeof(state->find.attributes[0]));
+ if (state->find.attributes == NULL)
+ return CKR_DEVICE_MEMORY;
+ for (i = 0; i < ulCount; i++) {
+ state->find.attributes[i].pValue =
+ malloc(pTemplate[i].ulValueLen);
+ if (state->find.attributes[i].pValue == NULL) {
+ find_object_final(state);
+ return CKR_DEVICE_MEMORY;
+ }
+ memcpy(state->find.attributes[i].pValue,
+ pTemplate[i].pValue, pTemplate[i].ulValueLen);
+ state->find.attributes[i].type = pTemplate[i].type;
+ state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
+ }
+ state->find.num_attributes = ulCount;
+ state->find.next_object = 0;
+ } else {
+ st_logf("find all objects\n");
+ state->find.attributes = NULL;
+ state->find.num_attributes = 0;
+ state->find.next_object = 0;
+ }
+
+ return CKR_OK;
+}
+
+CK_RV
+C_FindObjects(CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE_PTR phObject,
+ CK_ULONG ulMaxObjectCount,
+ CK_ULONG_PTR pulObjectCount)
+{
+ struct session_state *state;
+ int i;
+
+ INIT_CONTEXT();
+
+ st_logf("FindObjects\n");
+
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ if (state->find.next_object == -1) {
+ application_error("application didn't do C_FindObjectsInit\n");
+ return CKR_ARGUMENTS_BAD;
+ }
+ if (ulMaxObjectCount == 0) {
+ application_error("application asked for 0 objects\n");
+ return CKR_ARGUMENTS_BAD;
+ }
+ *pulObjectCount = 0;
+ for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
+ st_logf("FindObjects: %d\n", i);
+ state->find.next_object = i + 1;
+ if (attributes_match(soft_token.object.objs[i],
+ state->find.attributes,
+ state->find.num_attributes)) {
+ *phObject++ = soft_token.object.objs[i]->object_handle;
+ ulMaxObjectCount--;
+ (*pulObjectCount)++;
+ if (ulMaxObjectCount == 0)
+ break;
+ }
+ }
+ return CKR_OK;
+}
+
+CK_RV
+C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+{
+ struct session_state *state;
+
+ INIT_CONTEXT();
+
+ st_logf("FindObjectsFinal\n");
+ VERIFY_SESSION_HANDLE(hSession, &state);
+ find_object_final(state);
+ return CKR_OK;
+}
+
+static CK_RV
+commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
+ const CK_MECHANISM_TYPE *mechs, int mechs_len,
+ const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
+ struct st_object **o)
+{
+ CK_RV ret;
+ int i;
+
+ *o = NULL;
+ if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
+ return ret;
+
+ ret = attributes_match(*o, attr_match, attr_match_len);
+ if (!ret) {
+ application_error("called commonInit on key that doesn't "
+ "support required attr");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ for (i = 0; i < mechs_len; i++)
+ if (mechs[i] == pMechanism->mechanism)
+ break;
+ if (i == mechs_len) {
+ application_error("called mech (%08lx) not supported\n",
+ pMechanism->mechanism);
+ return CKR_ARGUMENTS_BAD;
+ }
+ return CKR_OK;
+}
+
+
+static CK_RV
+dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
+{
+ CK_MECHANISM_PTR p;
+
+ p = malloc(sizeof(*p));
+ if (p == NULL)
+ return CKR_DEVICE_MEMORY;
+
+ if (*dup)
+ free(*dup);
+ *dup = p;
+ memcpy(p, pMechanism, sizeof(*p));
+
+ return CKR_OK;
+}
+
+CK_RV
+C_DigestInit(CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism)
+{
+ st_logf("DigestInit\n");
+ INIT_CONTEXT();
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_SignInit(CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey)
+{
+ struct session_state *state;
+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
+ CK_BBOOL bool_true = CK_TRUE;
+ CK_ATTRIBUTE attr[] = {
+ { CKA_SIGN, &bool_true, sizeof(bool_true) }
+ };
+ struct st_object *o;
+ CK_RV ret;
+
+ INIT_CONTEXT();
+ st_logf("SignInit\n");
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
+ mechs, sizeof(mechs)/sizeof(mechs[0]),
+ pMechanism, hKey, &o);
+ if (ret)
+ return ret;
+
+ ret = dup_mechanism(&state->sign_mechanism, pMechanism);
+ if (ret == CKR_OK)
+ state->sign_object = OBJECT_ID(o);
+
+ return CKR_OK;
+}
+
+CK_RV
+C_Sign(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG_PTR pulSignatureLen)
+{
+ struct session_state *state;
+ struct st_object *o;
+ CK_RV ret;
+ uint hret;
+ const AlgorithmIdentifier *alg;
+ heim_octet_string sig, data;
+
+ INIT_CONTEXT();
+ st_logf("Sign\n");
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ sig.data = NULL;
+ sig.length = 0;
+
+ if (state->sign_object == -1)
+ return CKR_ARGUMENTS_BAD;
+
+ if (pulSignatureLen == NULL) {
+ st_logf("signature len NULL\n");
+ ret = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
+ if (pData == NULL_PTR) {
+ st_logf("data NULL\n");
+ ret = CKR_ARGUMENTS_BAD;
+ goto out;
+ }
+
+ o = soft_token.object.objs[state->sign_object];
+
+ if (hx509_cert_have_private_key(o->cert) == 0) {
+ st_logf("private key NULL\n");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ switch(state->sign_mechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ alg = hx509_signature_rsa_pkcs1_x509();
+ break;
+ default:
+ ret = CKR_FUNCTION_NOT_SUPPORTED;
+ goto out;
+ }
+
+ data.data = pData;
+ data.length = ulDataLen;
+
+ hret = _hx509_create_signature(context,
+ _hx509_cert_private_key(o->cert),
+ alg,
+ &data,
+ NULL,
+ &sig);
+ if (hret) {
+ ret = CKR_DEVICE_ERROR;
+ goto out;
+ }
+ *pulSignatureLen = sig.length;
+
+ if (pSignature != NULL_PTR)
+ memcpy(pSignature, sig.data, sig.length);
+
+ ret = CKR_OK;
+ out:
+ if (sig.data) {
+ memset(sig.data, 0, sig.length);
+ der_free_octet_string(&sig);
+ }
+ return ret;
+}
+
+CK_RV
+C_SignUpdate(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen)
+{
+ INIT_CONTEXT();
+ st_logf("SignUpdate\n");
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+
+CK_RV
+C_SignFinal(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG_PTR pulSignatureLen)
+{
+ INIT_CONTEXT();
+ st_logf("SignUpdate\n");
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_VerifyInit(CK_SESSION_HANDLE hSession,
+ CK_MECHANISM_PTR pMechanism,
+ CK_OBJECT_HANDLE hKey)
+{
+ struct session_state *state;
+ CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
+ CK_BBOOL bool_true = CK_TRUE;
+ CK_ATTRIBUTE attr[] = {
+ { CKA_VERIFY, &bool_true, sizeof(bool_true) }
+ };
+ struct st_object *o;
+ CK_RV ret;
+
+ INIT_CONTEXT();
+ st_logf("VerifyInit\n");
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
+ mechs, sizeof(mechs)/sizeof(mechs[0]),
+ pMechanism, hKey, &o);
+ if (ret)
+ return ret;
+
+ ret = dup_mechanism(&state->verify_mechanism, pMechanism);
+ if (ret == CKR_OK)
+ state->verify_object = OBJECT_ID(o);
+
+ return ret;
+}
+
+CK_RV
+C_Verify(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pData,
+ CK_ULONG ulDataLen,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG ulSignatureLen)
+{
+ struct session_state *state;
+ struct st_object *o;
+ const AlgorithmIdentifier *alg;
+ CK_RV ret;
+ int hret;
+ heim_octet_string data, sig;
+
+ INIT_CONTEXT();
+ st_logf("Verify\n");
+ VERIFY_SESSION_HANDLE(hSession, &state);
+
+ if (state->verify_object == -1)
+ return CKR_ARGUMENTS_BAD;
+
+ o = soft_token.object.objs[state->verify_object];
+
+ switch(state->verify_mechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ alg = hx509_signature_rsa_pkcs1_x509();
+ break;
+ default:
+ ret = CKR_FUNCTION_NOT_SUPPORTED;
+ goto out;
+ }
+
+ sig.data = pData;
+ sig.length = ulDataLen;
+ data.data = pSignature;
+ data.length = ulSignatureLen;
+
+ hret = _hx509_verify_signature(context,
+ _hx509_get_cert(o->cert),
+ alg,
+ &data,
+ &sig);
+ if (hret) {
+ ret = CKR_GENERAL_ERROR;
+ goto out;
+ }
+ ret = CKR_OK;
+
+ out:
+ return ret;
+}
+
+
+CK_RV
+C_VerifyUpdate(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pPart,
+ CK_ULONG ulPartLen)
+{
+ INIT_CONTEXT();
+ st_logf("VerifyUpdate\n");
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_VerifyFinal(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR pSignature,
+ CK_ULONG ulSignatureLen)
+{
+ INIT_CONTEXT();
+ st_logf("VerifyFinal\n");
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_GenerateRandom(CK_SESSION_HANDLE hSession,
+ CK_BYTE_PTR RandomData,
+ CK_ULONG ulRandomLen)
+{
+ INIT_CONTEXT();
+ st_logf("GenerateRandom\n");
+ VERIFY_SESSION_HANDLE(hSession, NULL);
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+
+CK_FUNCTION_LIST funcs = {
+ { 2, 11 },
+ C_Initialize,
+ C_Finalize,
+ C_GetInfo,
+ C_GetFunctionList,
+ C_GetSlotList,
+ C_GetSlotInfo,
+ C_GetTokenInfo,
+ C_GetMechanismList,
+ C_GetMechanismInfo,
+ C_InitToken,
+ (void *)func_not_supported, /* C_InitPIN */
+ (void *)func_not_supported, /* C_SetPIN */
+ C_OpenSession,
+ C_CloseSession,
+ C_CloseAllSessions,
+ C_GetSessionInfo,
+ (void *)func_not_supported, /* C_GetOperationState */
+ (void *)func_not_supported, /* C_SetOperationState */
+ C_Login,
+ C_Logout,
+ (void *)func_not_supported, /* C_CreateObject */
+ (void *)func_not_supported, /* C_CopyObject */
+ (void *)func_not_supported, /* C_DestroyObject */
+ (void *)func_not_supported, /* C_GetObjectSize */
+ C_GetAttributeValue,
+ (void *)func_not_supported, /* C_SetAttributeValue */
+ C_FindObjectsInit,
+ C_FindObjects,
+ C_FindObjectsFinal,
+ (void *)func_not_supported, /* C_EncryptInit, */
+ (void *)func_not_supported, /* C_Encrypt, */
+ (void *)func_not_supported, /* C_EncryptUpdate, */
+ (void *)func_not_supported, /* C_EncryptFinal, */
+ (void *)func_not_supported, /* C_DecryptInit, */
+ (void *)func_not_supported, /* C_Decrypt, */
+ (void *)func_not_supported, /* C_DecryptUpdate, */
+ (void *)func_not_supported, /* C_DecryptFinal, */
+ C_DigestInit,
+ (void *)func_not_supported, /* C_Digest */
+ (void *)func_not_supported, /* C_DigestUpdate */
+ (void *)func_not_supported, /* C_DigestKey */
+ (void *)func_not_supported, /* C_DigestFinal */
+ C_SignInit,
+ C_Sign,
+ C_SignUpdate,
+ C_SignFinal,
+ (void *)func_not_supported, /* C_SignRecoverInit */
+ (void *)func_not_supported, /* C_SignRecover */
+ C_VerifyInit,
+ C_Verify,
+ C_VerifyUpdate,
+ C_VerifyFinal,
+ (void *)func_not_supported, /* C_VerifyRecoverInit */
+ (void *)func_not_supported, /* C_VerifyRecover */
+ (void *)func_not_supported, /* C_DigestEncryptUpdate */
+ (void *)func_not_supported, /* C_DecryptDigestUpdate */
+ (void *)func_not_supported, /* C_SignEncryptUpdate */
+ (void *)func_not_supported, /* C_DecryptVerifyUpdate */
+ (void *)func_not_supported, /* C_GenerateKey */
+ (void *)func_not_supported, /* C_GenerateKeyPair */
+ (void *)func_not_supported, /* C_WrapKey */
+ (void *)func_not_supported, /* C_UnwrapKey */
+ (void *)func_not_supported, /* C_DeriveKey */
+ (void *)func_not_supported, /* C_SeedRandom */
+ C_GenerateRandom,
+ (void *)func_not_supported, /* C_GetFunctionStatus */
+ (void *)func_not_supported, /* C_CancelFunction */
+ (void *)func_not_supported /* C_WaitForSlotEvent */
+};
Added: vendor-crypto/heimdal/dist/lib/hx509/test_ca.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_ca.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_ca.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,424 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_ca.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "create certificate request"
+${hxtool} request-create \
+ --subject="CN=Love,DC=it,DC=su,DC=se" \
+ --key=FILE:$srcdir/data/key.der \
+ pkcs10-request.der || exit 1
+
+echo "issue certificate"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "verify certificate"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "issue crl (no cert)"
+${hxtool} crl-sign \
+ --crl-file=crl.crl \
+ --signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key || exit 1
+
+echo "verify certificate (with CRL)"
+${hxtool} verify \
+ cert:FILE:cert-ee.pem \
+ crl:FILE:crl.crl \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "issue crl (with cert)"
+${hxtool} crl-sign \
+ --crl-file=crl.crl \
+ --signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ FILE:cert-ee.pem || exit 1
+
+echo "verify certificate (included in CRL)"
+${hxtool} verify \
+ cert:FILE:cert-ee.pem \
+ crl:FILE:crl.crl \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "issue crl (with cert)"
+${hxtool} crl-sign \
+ --crl-file=crl.crl \
+ --lifetime='1 month' \
+ --signer=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ FILE:cert-ee.pem || exit 1
+
+echo "verify certificate (included in CRL, and lifetime 1 month)"
+${hxtool} verify \
+ cert:FILE:cert-ee.pem \
+ crl:FILE:crl.crl \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "issue certificate (10years 1 month)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --lifetime="10years 1 month" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue certificate (with https ekus)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --type="https-server" \
+ --type="https-client" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue certificate (pkinit KDC)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --type="pkinit-kdc" \
+ --pk-init-principal="krbtgt/TEST.H5L.SE at TEST.H5L.SE" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue certificate (pkinit client)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --type="pkinit-client" \
+ --pk-init-principal="lha at TEST.H5L.SE" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue certificate (hostnames)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --type="https-server" \
+ --hostname="www.test.h5l.se" \
+ --hostname="ftp.test.h5l.se" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "verify certificate hostname (ok)"
+${hxtool} verify --missing-revoke \
+ --hostname=www.test.h5l.se \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "verify certificate hostname (fail)"
+${hxtool} verify --missing-revoke \
+ --hostname=www2.test.h5l.se \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "verify certificate hostname (fail)"
+${hxtool} verify --missing-revoke \
+ --hostname=2www.test.h5l.se \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "issue certificate (hostname in CN)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=www.test.h5l.se" \
+ --type="https-server" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "verify certificate hostname (ok)"
+${hxtool} verify --missing-revoke \
+ --hostname=www.test.h5l.se \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "verify certificate hostname (fail)"
+${hxtool} verify --missing-revoke \
+ --hostname=www2.test.h5l.se \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "issue certificate (email)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --email="lha at test.h5l.se" \
+ --email="test at test.h5l.se" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue certificate (email, null subject DN)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="" \
+ --email="lha at test.h5l.se" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-null.pem" || exit 1
+
+echo "issue certificate (jabber)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --subject="cn=foo" \
+ --jid="lha at test.h5l.se" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue self-signed cert"
+${hxtool} issue-certificate \
+ --self-signed \
+ --ca-private-key=FILE:$srcdir/data/key.der \
+ --subject="cn=test" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue ca cert"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
+ --issue-ca \
+ --subject="cn=ca-cert" \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-ca.der" || exit 1
+
+echo "issue self-signed ca cert"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --ca-private-key=FILE:$srcdir/data/key.der \
+ --subject="cn=ca-root" \
+ --certificate="FILE:cert-ca.der" || exit 1
+
+echo "issue proxy certificate"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --issue-proxy \
+ --req="PKCS10:pkcs10-request.der" \
+ --certificate="FILE:cert-proxy.der" || exit 1
+
+echo "verify proxy cert"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:cert-proxy.der \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "issue ca cert (generate rsa key)"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --serial-number="deadbeaf" \
+ --generate-key=rsa \
+ --path-length=-1 \
+ --subject="cn=ca2-cert" \
+ --certificate="FILE:cert-ca.pem" || exit 1
+
+echo "issue sub-ca cert (generate rsa key)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-ca.pem \
+ --issue-ca \
+ --serial-number="deadbeaf22" \
+ --generate-key=rsa \
+ --subject="cn=sub-ca2-cert" \
+ --certificate="FILE:cert-sub-ca.pem" || exit 1
+
+echo "issue ee cert (generate rsa key)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-ca.pem \
+ --generate-key=rsa \
+ --subject="cn=cert-ee2" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue sub-ca ee cert (generate rsa key)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-sub-ca.pem \
+ --generate-key=rsa \
+ --subject="cn=cert-sub-ee2" \
+ --certificate="FILE:cert-sub-ee.pem" || exit 1
+
+echo "verify certificate (ee)"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:cert-ca.pem > /dev/null || exit 1
+
+echo "verify certificate (sub-ee)"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-sub-ee.pem \
+ chain:FILE:cert-sub-ca.pem \
+ anchor:FILE:cert-ca.pem || exit 1
+
+echo "sign CMS signature (generate key)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:cert-ee.pem \
+ "$srcdir/test_name.c" \
+ sd.data > /dev/null || exit 1
+
+echo "verify CMS signature (generate key)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:cert-ca.pem \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_name.c" sd.data.out || exit 1
+
+echo "extend ca cert"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --lifetime="2years" \
+ --serial-number="deadbeaf" \
+ --ca-private-key=FILE:cert-ca.pem \
+ --subject="cn=ca2-cert" \
+ --certificate="FILE:cert-ca.pem" || exit 1
+
+echo "verify certificate generated by previous ca"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:cert-ca.pem > /dev/null || exit 1
+
+echo "extend ca cert (template)"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --lifetime="3years" \
+ --template-certificate="FILE:cert-ca.pem" \
+ --template-fields="serialNumber,notBefore,subject" \
+ --path-length=-1 \
+ --ca-private-key=FILE:cert-ca.pem \
+ --certificate="FILE:cert-ca.pem" || exit 1
+
+echo "verify certificate generated by previous ca"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:cert-ca.pem > /dev/null || exit 1
+
+echo "extend sub-ca cert (template)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-ca.pem \
+ --issue-ca \
+ --lifetime="2years" \
+ --template-certificate="FILE:cert-sub-ca.pem" \
+ --template-fields="serialNumber,notBefore,subject,SPKI" \
+ --certificate="FILE:cert-sub-ca2.pem" || exit 1
+
+echo "verify certificate (sub-ee) with extended chain"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-sub-ee.pem \
+ chain:FILE:cert-sub-ca.pem \
+ anchor:FILE:cert-ca.pem > /dev/null || exit 1
+
+echo "+++++++++++ test basic constraints"
+
+echo "extend ca cert (too low path-length constraint)"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --lifetime="3years" \
+ --template-certificate="FILE:cert-ca.pem" \
+ --template-fields="serialNumber,notBefore,subject" \
+ --path-length=0 \
+ --ca-private-key=FILE:cert-ca.pem \
+ --certificate="FILE:cert-ca.pem" || exit 1
+
+echo "verify failure of certificate (sub-ee) with path-length constraint"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-sub-ee.pem \
+ chain:FILE:cert-sub-ca.pem \
+ anchor:FILE:cert-ca.pem > /dev/null && exit 1
+
+echo "extend ca cert (exact path-length constraint)"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --lifetime="3years" \
+ --template-certificate="FILE:cert-ca.pem" \
+ --template-fields="serialNumber,notBefore,subject" \
+ --path-length=1 \
+ --ca-private-key=FILE:cert-ca.pem \
+ --certificate="FILE:cert-ca.pem" || exit 1
+
+echo "verify certificate (sub-ee) with exact path-length constraint"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-sub-ee.pem \
+ chain:FILE:cert-sub-ca.pem \
+ anchor:FILE:cert-ca.pem > /dev/null || exit 1
+
+echo "Check missing basicConstrants.isCa"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-ca.pem \
+ --lifetime="2years" \
+ --template-certificate="FILE:cert-sub-ca.pem" \
+ --template-fields="serialNumber,notBefore,subject,SPKI" \
+ --certificate="FILE:cert-sub-ca2.pem" || exit 1
+
+echo "verify failure certificate (sub-ee) with missing isCA"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-sub-ee.pem \
+ chain:FILE:cert-sub-ca2.pem \
+ anchor:FILE:cert-ca.pem > /dev/null && exit 1
+
+echo "issue ee cert (crl uri)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-ca.pem \
+ --req="PKCS10:pkcs10-request.der" \
+ --crl-uri="http://www.test.h5l.se/crl1.crl" \
+ --subject="cn=cert-ee-crl-uri" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "issue null subject cert"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:cert-ca.pem \
+ --req="PKCS10:pkcs10-request.der" \
+ --subject="" \
+ --email="lha at test.h5l.se" \
+ --certificate="FILE:cert-ee.pem" || exit 1
+
+echo "verify certificate null subject"
+${hxtool} verify --missing-revoke \
+ cert:FILE:cert-ee.pem \
+ anchor:FILE:cert-ca.pem > /dev/null || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_cert.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_cert.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_cert.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_cert.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "print DIR"
+${hxtool} print --content DIR:$srcdir/data > /dev/null || exit 1
+
+echo "print FILE"
+for a in $srcdir/data/*.crt; do
+ ${hxtool} print --content FILE:"$a" > /dev/null 2>/dev/null
+done
+
+echo "print NULL"
+${hxtool} print --content NULL: > /dev/null || exit 1
+
+echo "copy dance"
+${hxtool} certificate-copy \
+ FILE:${srcdir}/data/test.crt PEM-FILE:cert-pem.tmp || exit 1
+
+${hxtool} certificate-copy PEM-FILE:cert-pem.tmp DER-FILE:cert-der.tmp || exit 1
+${hxtool} certificate-copy DER-FILE:cert-der.tmp PEM-FILE:cert-pem2.tmp || exit 1
+
+cmp cert-pem.tmp cert-pem2.tmp || exit 1
+
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_chain.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_chain.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_chain.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,242 @@
+#!/bin/sh
+#
+# Copyright (c) 2004 - 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_chain.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "cert -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ chain:FILE:$srcdir/data/ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "cert -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/test.crt \
+ chain:FILE:$srcdir/data/ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "cert -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "sub-cert -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "sub-cert -> sub-ca -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/sub-ca.crt \
+ chain:FILE:$srcdir/data/ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "sub-cert -> sub-ca"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ anchor:FILE:$srcdir/data/sub-ca.crt > /dev/null || exit 1
+
+echo "sub-cert -> sub-ca -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/sub-ca.crt \
+ chain:FILE:$srcdir/data/ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "sub-cert -> sub-ca -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/ca.crt \
+ chain:FILE:$srcdir/data/sub-ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "sub-cert -> sub-ca -> root"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/sub-ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "max depth 2 (ok)"
+${hxtool} verify --missing-revoke \
+ --max-depth=2 \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/sub-ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "max depth 1 (fail)"
+${hxtool} verify --missing-revoke \
+ --max-depth=1 \
+ cert:FILE:$srcdir/data/sub-cert.crt \
+ chain:FILE:$srcdir/data/sub-ca.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "ocsp non-ca responder"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp.der > /dev/null || exit 1
+
+echo "ocsp ca responder"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ ocsp:FILE:$srcdir/data/ocsp-resp1-ca.der > /dev/null || exit 1
+
+echo "ocsp no-ca responder, missing cert"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der > /dev/null && exit 1
+
+echo "ocsp no-ca responder, missing cert, in pool"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ ocsp:FILE:$srcdir/data/ocsp-resp1-ocsp-no-cert.der \
+ chain:FILE:$srcdir/data/ocsp-responder.crt > /dev/null || exit 1
+
+echo "ocsp no-ca responder, keyHash"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ ocsp:FILE:$srcdir/data/ocsp-resp1-keyhash.der > /dev/null || exit 1
+
+echo "ocsp revoked cert"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/revoke.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ ocsp:FILE:$srcdir/data/ocsp-resp2.der > /dev/null && exit 1
+
+for a in resp1-ocsp-no-cert resp1-ca resp1-keyhash resp2 ; do
+ echo "ocsp print reply $a"
+ ${hxtool} ocsp-print \
+ $srcdir/data/ocsp-${a}.der > /dev/null || exit 1
+done
+
+echo "ocsp verify exists"
+${hxtool} ocsp-verify \
+ --ocsp-file=$srcdir/data/ocsp-resp1-ca.der \
+ FILE:$srcdir/data/test.crt > /dev/null || exit 1
+
+echo "ocsp verify not exists"
+${hxtool} ocsp-verify \
+ --ocsp-file=$srcdir/data/ocsp-resp1.der \
+ FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "ocsp verify revoked"
+${hxtool} ocsp-verify \
+ --ocsp-file=$srcdir/data/ocsp-resp2.der \
+ FILE:$srcdir/data/revoke.crt > /dev/null && exit 1
+
+echo "crl non-revoked cert"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ crl:FILE:$srcdir/data/crl1.der > /dev/null || exit 1
+
+echo "crl revoked cert"
+${hxtool} verify \
+ cert:FILE:$srcdir/data/revoke.crt \
+ anchor:FILE:$srcdir/data/ca.crt \
+ crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1
+
+echo "proxy cert"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:$srcdir/data/proxy-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "proxy cert (negative)"
+${hxtool} verify --missing-revoke \
+ cert:FILE:$srcdir/data/proxy-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "proxy cert (level fail)"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:$srcdir/data/proxy-level-test.crt \
+ chain:FILE:$srcdir/data/proxy-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "not a proxy cert"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:$srcdir/data/no-proxy-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null && exit 1
+
+echo "proxy cert (max level 10)"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:$srcdir/data/proxy10-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "proxy cert (second level)"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:$srcdir/data/proxy10-child-test.crt \
+ chain:FILE:$srcdir/data/proxy10-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+echo "proxy cert (third level)"
+${hxtool} verify --missing-revoke \
+ --allow-proxy-certificate \
+ cert:FILE:$srcdir/data/proxy10-child-child-test.crt \
+ chain:FILE:$srcdir/data/proxy10-child-test.crt \
+ chain:FILE:$srcdir/data/proxy10-test.crt \
+ chain:FILE:$srcdir/data/test.crt \
+ anchor:FILE:$srcdir/data/ca.crt > /dev/null || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_cms.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_cms.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_cms.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,377 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_cms.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "create signed data"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (id-by-name)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --id-by-name \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "verify signed data (EE cert as anchor)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/test.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (password)"
+${hxtool} cms-create-sd \
+ --pass=PASS:foobar \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (combined)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.combined.crt \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (content info)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --content-info \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data (content info)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ --content-info \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (content type)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --content-type=1.1.1.1 \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data (content type)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (pem)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --pem \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "create signed data (pem, detached)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --detached-signature \
+ --pem \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "create signed data (p12)"
+${hxtool} cms-create-sd \
+ --pass=PASS:foobar \
+ --certificate=PKCS12:$srcdir/data/test.p12 \
+ --signer=friendlyname-test \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ --content-info \
+ "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1
+cmp "$srcdir/data/static-file" sd.data.out || exit 1
+
+echo "verify signed data (no attr)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ --content-info \
+ "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1
+cmp "$srcdir/data/static-file" sd.data.out || exit 1
+
+echo "verify failure signed data (no attr, no certs)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ --content-info \
+ "$srcdir/data/test-signed-data-noattr-nocerts" \
+ sd.data.out > /dev/null 2>/dev/null && exit 1
+
+echo "verify signed data (no attr, no certs)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ --certificate=FILE:$srcdir/data/test.crt \
+ --content-info \
+ "$srcdir/data/test-signed-data-noattr-nocerts" \
+ sd.data.out > /dev/null || exit 1
+cmp "$srcdir/data/static-file" sd.data.out || exit 1
+
+echo "create signed data (subcert, no certs)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify failure signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
+
+echo "verify success signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --certificate=FILE:$srcdir/data/sub-ca.crt \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (subcert, certs)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
+ --pool=FILE:$srcdir/data/sub-ca.crt \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify success signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (subcert, certs, no-root)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
+ --pool=FILE:$srcdir/data/sub-ca.crt \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify success signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "create signed data (subcert, no-subca, no-root)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify failure signed data"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
+
+echo "create signed data (sd cert)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "create signed data (ke cert)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null 2>/dev/null && exit 1
+
+echo "create signed data (sd + ke certs)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
+ --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "create signed data (ke + sd certs)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
+ --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "create signed data (detached)"
+${hxtool} cms-create-sd \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --detached-signature \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data (detached)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --signed-content="$srcdir/test_chain.in" \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "verify failure signed data (detached)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
+
+echo "create signed data (rsa)"
+${hxtool} cms-create-sd \
+ --peer-alg=1.2.840.113549.1.1.1 \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ "$srcdir/test_chain.in" \
+ sd.data > /dev/null || exit 1
+
+echo "verify signed data (rsa)"
+${hxtool} cms-verify-sd \
+ --missing-revoke \
+ --anchors=FILE:$srcdir/data/ca.crt \
+ sd.data sd.data.out > /dev/null 2>/dev/null || exit 1
+cmp "$srcdir/test_chain.in" sd.data.out || exit 1
+
+echo "envelope data (content-type)"
+${hxtool} cms-envelope \
+ --certificate=FILE:$srcdir/data/test.crt \
+ --content-type=1.1.1.1 \
+ "$srcdir/data/static-file" \
+ ev.data > /dev/null || exit 1
+
+echo "unenvelope data (content-type)"
+${hxtool} cms-unenvelope \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ ev.data ev.data.out \
+ FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
+cmp "$srcdir/data/static-file" ev.data.out || exit 1
+
+echo "envelope data (content-info)"
+${hxtool} cms-envelope \
+ --certificate=FILE:$srcdir/data/test.crt \
+ --content-info \
+ "$srcdir/data/static-file" \
+ ev.data > /dev/null || exit 1
+
+echo "unenvelope data (content-info)"
+${hxtool} cms-unenvelope \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --content-info \
+ ev.data ev.data.out \
+ FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
+cmp "$srcdir/data/static-file" ev.data.out || exit 1
+
+for a in des-ede3 aes-128 aes-256; do
+
+ rm -f ev.data ev.data.out
+ echo "envelope data ($a)"
+ ${hxtool} cms-envelope \
+ --encryption-type="$a-cbc" \
+ --certificate=FILE:$srcdir/data/test.crt \
+ "$srcdir/data/static-file" \
+ ev.data || exit 1
+
+ echo "unenvelope data ($a)"
+ ${hxtool} cms-unenvelope \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ ev.data ev.data.out > /dev/null || exit 1
+ cmp "$srcdir/data/static-file" ev.data.out || exit 1
+done
+
+for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
+ echo "static unenvelope data ($a)"
+
+ rm -f ev.data.out
+ ${hxtool} cms-unenvelope \
+ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
+ --content-info \
+ "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
+ cmp "$srcdir/data/static-file" ev.data.out || exit 1
+done
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_crypto.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_crypto.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_crypto.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,187 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_crypto.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+
+echo "Bleichenbacher good cert (from eay)"
+${hxtool} verify --missing-revoke \
+ --time=2006-09-25 \
+ cert:FILE:$srcdir/data/bleichenbacher-good.pem \
+ anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
+
+echo "Bleichenbacher bad cert (from eay)"
+${hxtool} verify --missing-revoke \
+ --time=2006-09-25 \
+ cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
+ anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
+
+echo "Bleichenbacher good cert (from yutaka)"
+${hxtool} verify --missing-revoke \
+ --time=2006-09-25 \
+ cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
+ anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
+
+echo "Bleichenbacher bad cert (from yutaka)"
+${hxtool} verify --missing-revoke \
+ --time=2006-09-25 \
+ cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
+ anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
+
+# Ralf-Philipp Weinmann <weinmann at cdc.informatik.tu-darmstadt.de>
+# Andrew Pyshkin <pychkine at cdc.informatik.tu-darmstadt.de>
+echo "Bleichenbacher bad cert (sf pad correct)"
+${hxtool} verify --missing-revoke \
+ --time=2006-09-25 \
+ cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
+ anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1
+
+echo Read 50 kilobyte random data
+${hxtool} random-data 50kilobyte > random-data || exit 1
+
+echo "crypto select1"
+${hxtool} crypto-select > test || { echo "select1"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
+ { echo "select1 failure"; exit 1; }
+
+echo "crypto select1"
+${hxtool} crypto-select --type=digest > test || { echo "select1"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
+ { echo "select1 failure"; exit 1; }
+
+echo "crypto select2"
+${hxtool} crypto-select --type=public-sig > test || { echo "select2"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select2 > /dev/null || \
+ { echo "select2 failure"; exit 1; }
+
+echo "crypto select3"
+${hxtool} crypto-select \
+ --type=public-sig \
+ --peer-cmstype=1.2.840.113549.1.1.4 \
+ > test || { echo "select3"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select3 > /dev/null || \
+ { echo "select3 failure"; exit 1; }
+
+echo "crypto select4"
+${hxtool} crypto-select \
+ --type=public-sig \
+ --peer-cmstype=1.2.840.113549.1.1.5 \
+ --peer-cmstype=1.2.840.113549.1.1.4 \
+ > test || { echo "select4"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select4 > /dev/null || \
+ { echo "select4 failure"; exit 1; }
+
+echo "crypto select5"
+${hxtool} crypto-select \
+ --type=public-sig \
+ --peer-cmstype=1.2.840.113549.1.1.11 \
+ --peer-cmstype=1.2.840.113549.1.1.5 \
+ > test || { echo "select5"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select5 > /dev/null || \
+ { echo "select5 failure"; exit 1; }
+
+echo "crypto select6"
+${hxtool} crypto-select \
+ --type=public-sig \
+ --peer-cmstype=1.2.840.113549.2.5 \
+ --peer-cmstype=1.2.840.113549.1.1.5 \
+ > test || { echo "select6"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select6 > /dev/null || \
+ { echo "select6 failure"; exit 1; }
+
+echo "crypto select7"
+${hxtool} crypto-select \
+ --type=secret \
+ --peer-cmstype=2.16.840.1.101.3.4.1.42 \
+ --peer-cmstype=1.2.840.113549.3.7 \
+ --peer-cmstype=1.2.840.113549.1.1.5 \
+ > test || { echo "select7"; exit 1; }
+cmp test ${srcdir}/tst-crypto-select7 > /dev/null || \
+ { echo "select7 failure"; exit 1; }
+
+echo "crypto available1"
+${hxtool} crypto-available \
+ --type=all \
+ > test || { echo "available1"; exit 1; }
+cmp test ${srcdir}/tst-crypto-available1 > /dev/null || \
+ { echo "available1 failure"; exit 1; }
+
+echo "crypto available2"
+${hxtool} crypto-available \
+ --type=digest \
+ > test || { echo "available2"; exit 1; }
+cmp test ${srcdir}/tst-crypto-available2 > /dev/null || \
+ { echo "available2 failure"; exit 1; }
+
+echo "crypto available3"
+${hxtool} crypto-available \
+ --type=public-sig \
+ > test || { echo "available3"; exit 1; }
+cmp test ${srcdir}/tst-crypto-available3 > /dev/null || \
+ { echo "available3 failure"; exit 1; }
+
+echo "copy keystore FILE existing -> FILE"
+${hxtool} certificate-copy \
+ FILE:${srcdir}/data/test.crt,${srcdir}/data/test.key \
+ FILE:out.pem || exit 1
+
+echo "copy keystore FILE -> FILE"
+${hxtool} certificate-copy \
+ FILE:out.pem \
+ FILE:out2.pem || exit 1
+
+echo "copy keystore FILE -> PKCS12"
+${hxtool} certificate-copy \
+ FILE:out.pem \
+ PKCS12:out2.pem || exit 1
+
+echo "print certificate with utf8"
+${hxtool} print \
+ FILE:$srcdir/data/j.pem >/dev/null 2>/dev/null || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_java_pkcs11.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_java_pkcs11.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_java_pkcs11.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Copyright (c) 2008 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+exit 0
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+dir=$objdir
+file=
+
+for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do
+ if [ -f $dir/$a ] ; then
+ file=$dir/$a
+ break
+ fi
+done
+
+if [ "X$file" = X ] ; then
+ exit 0
+fi
+
+cat > pkcs11.cfg <<EOF
+name = Heimdal
+library = $file
+EOF
+
+cat > test-rc-file.rc <<EOF
+certificate cert User certificate FILE:$srcdir/data/test.crt,$srcdir/data/test.key
+debug stdout
+EOF
+
+
+env SOFTPKCS11RC="test-rc-file.rc" \
+ keytool \
+ -keystore NONE \
+ -storetype PKCS11 \
+ -providerClass sun.security.pkcs11.SunPKCS11 \
+ -providerArg pkcs11.cfg \
+ -list || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_name.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_name.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_name.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+RCSID("$Id: test_name.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int
+test_name(hx509_context context, const char *name)
+{
+ hx509_name n;
+ char *s;
+ int ret;
+
+ ret = hx509_parse_name(context, name, &n);
+ if (ret)
+ return 1;
+
+ ret = hx509_name_to_string(n, &s);
+ if (ret)
+ return 1;
+
+ if (strcmp(s, name) != 0)
+ return 1;
+
+ hx509_name_free(&n);
+ free(s);
+
+ return 0;
+}
+
+static int
+test_name_fail(hx509_context context, const char *name)
+{
+ hx509_name n;
+
+ if (hx509_parse_name(context, name, &n) == HX509_NAME_MALFORMED)
+ return 0;
+ hx509_name_free(&n);
+ return 1;
+}
+
+static int
+test_expand(hx509_context context, const char *name, const char *expected)
+{
+ hx509_env env;
+ hx509_name n;
+ char *s;
+ int ret;
+
+ hx509_env_init(context, &env);
+ hx509_env_add(context, env, "uid", "lha");
+
+ ret = hx509_parse_name(context, name, &n);
+ if (ret)
+ return 1;
+
+ ret = hx509_name_expand(context, n, env);
+ hx509_env_free(&env);
+ if (ret)
+ return 1;
+
+ ret = hx509_name_to_string(n, &s);
+ hx509_name_free(&n);
+ if (ret)
+ return 1;
+
+ ret = strcmp(s, expected) != 0;
+ free(s);
+ if (ret)
+ return 1;
+
+ return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+ hx509_context context;
+ int ret = 0;
+
+ ret = hx509_context_init(&context);
+ if (ret)
+ errx(1, "hx509_context_init failed with %d", ret);
+
+ ret += test_name(context, "CN=foo,C=SE");
+ ret += test_name(context, "CN=foo,CN=kaka,CN=FOO,DC=ad1,C=SE");
+ ret += test_name(context, "1.2.3.4=foo,C=SE");
+ ret += test_name_fail(context, "=");
+ ret += test_name_fail(context, "CN=foo,=foo");
+ ret += test_name_fail(context, "CN=foo,really-unknown-type=foo");
+
+ ret += test_expand(context, "UID=${uid},C=SE", "UID=lha,C=SE");
+ ret += test_expand(context, "UID=foo${uid},C=SE", "UID=foolha,C=SE");
+ ret += test_expand(context, "UID=${uid}bar,C=SE", "UID=lhabar,C=SE");
+ ret += test_expand(context, "UID=f${uid}b,C=SE", "UID=flhab,C=SE");
+ ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE");
+ ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE");
+
+ hx509_context_free(&context);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/test_nist.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_nist.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_nist.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,116 @@
+#!/bin/sh
+#
+# Copyright (c) 2004 - 2005 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_nist.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+nistdir=${objdir}/PKITS_data
+nistzip=${srcdir}/data/PKITS_data.zip
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+# nistzip is not distributed part of the distribution
+test -f "$nistzip" || exit 77
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "nist tests"
+
+if [ ! -d "$nistdir" ] ; then
+ ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
+ { rm -rf "$nistdir" ; exit 1; }
+fi
+
+while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do
+ expr "$id" : "#" > /dev/null && continue
+
+ test "$id" = "end" && break
+
+ args=""
+ case "$arg1" in
+ *.crt) args="$args chain:FILE:$nistdir/certs/$arg1" ;;
+ *.crl) args="$args crl:FILE:$nistdir/crls/$arg1" ;;
+ *) args="$args $arg1" ;;
+ esac
+ case "$arg2" in
+ *.crt) args="$args chain:FILE:$nistdir/certs/$arg2" ;;
+ *.crl) args="$args crl:FILE:$nistdir/crls/$arg2" ;;
+ *) args="$args $arg2" ;;
+ esac
+ case "$arg3" in
+ *.crt) args="$args chain:FILE:$nistdir/certs/$arg3" ;;
+ *.crl) args="$args crl:FILE:$nistdir/crls/$arg3" ;;
+ *) args="$args $arg3" ;;
+ esac
+ case "$arg4" in
+ *.crt) args="$args chain:FILE:$nistdir/certs/$arg4" ;;
+ *.crl) args="$args crl:FILE:$nistdir/crls/$arg4" ;;
+ *) args="$args $arg4" ;;
+ esac
+ case "$arg5" in
+ *.crt) args="$args chain:FILE:$nistdir/certs/$arg5" ;;
+ *.crl) args="$args crl:FILE:$nistdir/crls/$arg5" ;;
+ *) args="$args $arg5" ;;
+ esac
+
+ args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
+ args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
+ args="$args cert:FILE:$nistdir/certs/$cert"
+
+ if ${hxtool} verify $args > /dev/null; then
+ if test "$verify" = "f"; then
+ echo "verify passed on fail: $id $cert"
+ exit 1
+ fi
+ else
+ if test "$verify" = "p"; then
+ echo "verify failed on pass: $id $cert"
+ exit 1
+ fi
+ fi
+
+done < $srcdir/data/nist-data
+
+
+echo "done!"
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_nist2.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_nist2.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_nist2.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+#!/bin/sh
+#
+# Copyright (c) 2004 - 2005 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_nist2.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+nistdir=${objdir}/PKITS_data
+nistzip=${srcdir}/data/PKITS_data.zip
+
+limit="${1:-nolimit}"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+# nistzip is not distributed part of the distribution
+test -f "$nistzip" || exit 77
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "nist tests, version 2"
+
+if [ ! -d "$nistdir" ] ; then
+ ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
+ { rm -rf "$nistdir" ; exit 1; }
+fi
+
+ec=
+name=
+description=
+while read result cert other ; do
+ if expr "$result" : "#" > /dev/null; then
+ name=${cert}
+ description="${other}"
+ continue
+ fi
+
+ test nolimit != "${limit}" && ! expr "$name" : "$limit" > /dev/null && continue
+
+ test "$result" = "end" && break
+
+ args=
+ args="$args cert:FILE:$nistdir/certs/$cert"
+ args="$args chain:DIR:$nistdir/certs"
+ args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
+# args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl"
+
+ for a in $nistdir/crls/*.crl; do
+ args="$args crl:FILE:$a"
+ done
+
+ cmd="${hxtool} verify $args"
+ eval ${cmd} > /dev/null
+ res=$?
+
+ case "${result},${res}" in
+ 0,0) r="PASSs";;
+ 0,*) r="FAILs";;
+ [123],0) r="FAILf";;
+ [123],*) r="PASSf";;
+ *) echo="unknown result ${result},${res}" ; exit 1 ;;
+ esac
+ if grep "${name} FAIL" $srcdir/data/nist-result2 > /dev/null; then
+ if expr "$r" : "PASS" >/dev/null; then
+ echo "${name} passed when expected not to"
+ echo "# ${description}" > nist2-passed-${name}.tmp
+ ec=1
+ fi
+ elif expr "$r" : "FAIL.*" >/dev/null ; then
+ echo "$r ${name} ${description}"
+ echo "# ${description}" > nist2-failed-${name}.tmp
+ echo "$cmd" >> nist2-failed-${name}.tmp
+ ec=1
+ fi
+
+done < $srcdir/data/nist-data2
+
+
+echo "done!"
+
+exit $ec
Added: vendor-crypto/heimdal/dist/lib/hx509/test_nist_cert.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_nist_cert.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_nist_cert.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,68 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_nist_cert.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+nistdir=${objdir}/PKITS_data
+nistzip=${srcdir}/data/PKITS_data.zip
+
+# nistzip is not distributed part of the distribution
+test -f "$nistzip" || exit 77
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+if [ ! -d "$nistdir" ] ; then
+ ( mkdir "$nistdir" && cd "$nistdir" && unzip "$nistzip" ) >/dev/null || \
+ { rm -rf "$nistdir" ; exit 1; }
+fi
+
+if ${hxtool} validate DIR:$nistdir/certs > /dev/null; then
+ :
+else
+ echo "validate failed"
+ exit 1
+fi
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_nist_pkcs12.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_nist_pkcs12.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_nist_pkcs12.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# Copyright (c) 2004 - 2005 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_nist_pkcs12.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+pass="--pass=PASS:password"
+nistdir=${objdir}/PKITS_data
+nistzip=${srcdir}/data/PKITS_data.zip
+
+# nistzip is not distributed part of the distribution
+test -f "$nistzip" || exit 77
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+if [ ! -d "$nistdir" ] ; then
+ ( mkdir "$nistdir" && cd "$nistdir" && unzip "$nistzip" ) >/dev/null || \
+ { rm -rf "$nistdir" ; exit 1; }
+fi
+
+echo "nist pkcs12 tests"
+
+for a in $nistdir/pkcs12/*.p12 ; do
+
+ if ${hxtool} validate $pass PKCS12:$a > /dev/null; then
+ :
+ else
+ echo "$a failed"
+ exit 1
+ fi
+
+done
+
+echo "done!"
+
+exit 0
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/lib/hx509/test_pkcs11.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_pkcs11.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_pkcs11.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+#!/bin/sh
+#
+# Copyright (c) 2008 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+SOFTPKCS11RC="test-rc-file.rc" \
+export SOFTPKCS11RC
+
+echo "password less"
+
+cat > test-rc-file.rc <<EOF
+certificate cert User certificate FILE:$srcdir/data/test.crt,$srcdir/data/test.key
+debug p11dbg.log
+app-fatal true
+EOF
+
+./test_soft_pkcs11 || exit 1
+
+echo "password"
+
+cat > test-rc-file.rc <<EOF
+certificate cert User certificate FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key
+debug p11dbg.log
+app-fatal true
+EOF
+
+./test_soft_pkcs11 || exit 1
+
+echo "done"
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/test_query.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_query.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_query.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,146 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_query.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+echo "try printing"
+${hxtool} print \
+ --pass=PASS:foobar \
+ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
+
+${hxtool} print \
+ --pass=PASS:foobar \
+ --info \
+ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is found (friendlyname)"
+${hxtool} query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test \
+ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is not found (friendlyname)"
+${hxtool} query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test-not \
+ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
+
+echo "make sure entry is found (friendlyname, no-pw)"
+${hxtool} query \
+ --friendlyname=friendlyname-cert \
+ PKCS12:$srcdir/data/test-nopw.p12 >/dev/null 2>/dev/null || exit 1
+
+echo "check for ca cert (friendlyname)"
+${hxtool} query \
+ --pass=PASS:foobar \
+ --friendlyname=ca \
+ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is not found (friendlyname)"
+${hxtool} query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test \
+ PKCS12:$srcdir/data/sub-cert.p12 >/dev/null 2>/dev/null && exit 1
+
+echo "make sure entry is found (friendlyname|private key)"
+${hxtool} query \
+ --pass=PASS:foobar \
+ --friendlyname=friendlyname-test \
+ --private-key \
+ PKCS12:$srcdir/data/test.p12 > /dev/null || exit 1
+
+echo "make sure entry is not found (friendlyname|private key)"
+${hxtool} query \
+ --pass=PASS:foobar \
+ --friendlyname=ca \
+ --private-key \
+ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1
+
+echo "make sure entry is found (cert ds)"
+${hxtool} query \
+ --digitalSignature \
+ FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is found (cert ke)"
+${hxtool} query \
+ --keyEncipherment \
+ FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is found (cert ke + ds)"
+${hxtool} query \
+ --digitalSignature \
+ --keyEncipherment \
+ FILE:$srcdir/data/test.crt >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is found (cert-ds ds)"
+${hxtool} query \
+ --digitalSignature \
+ FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is not found (cert-ds ke)"
+${hxtool} query \
+ --keyEncipherment \
+ FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
+
+echo "make sure entry is not found (cert-ds ke + ds)"
+${hxtool} query \
+ --digitalSignature \
+ --keyEncipherment \
+ FILE:$srcdir/data/test-ds-only.crt >/dev/null 2>/dev/null && exit 1
+
+echo "make sure entry is not found (cert-ke ds)"
+${hxtool} query \
+ --digitalSignature \
+ FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
+
+echo "make sure entry is found (cert-ke ke)"
+${hxtool} query \
+ --keyEncipherment \
+ FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null || exit 1
+
+echo "make sure entry is not found (cert-ke ke + ds)"
+${hxtool} query \
+ --digitalSignature \
+ --keyEncipherment \
+ FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1
+
+exit 0
+
Added: vendor-crypto/heimdal/dist/lib/hx509/test_req.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_req.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_req.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_req.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+${hxtool} request-create \
+ --subject="CN=Love,DC=it,DC=su,DC=se" \
+ --key=FILE:$srcdir/data/key.der \
+ request.out || exit 1
+
+${hxtool} request-print \
+ PKCS10:request.out > /dev/null || exit 1
+
+${hxtool} request-create \
+ --subject="CN=Love,DC=it,DC=su,DC=se" \
+ --dnsname=nutcracker.it.su.se \
+ --key=FILE:$srcdir/data/key.der \
+ request.out || exit 1
Added: vendor-crypto/heimdal/dist/lib/hx509/test_soft_pkcs11.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_soft_pkcs11.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_soft_pkcs11.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,228 @@
+/*
+ * Copyright (c) 2006 - 2008 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "hx_locl.h"
+#include "pkcs11.h"
+#include <err.h>
+
+static CK_FUNCTION_LIST_PTR func;
+
+
+static CK_RV
+find_object(CK_SESSION_HANDLE session,
+ char *id,
+ CK_OBJECT_CLASS key_class,
+ CK_OBJECT_HANDLE_PTR object)
+{
+ CK_ULONG object_count;
+ CK_RV ret;
+ CK_ATTRIBUTE search_data[] = {
+ {CKA_ID, id, 0 },
+ {CKA_CLASS, &key_class, sizeof(key_class)}
+ };
+ CK_ULONG num_search_data = sizeof(search_data)/sizeof(search_data[0]);
+
+ search_data[0].ulValueLen = strlen(id);
+
+ ret = (*func->C_FindObjectsInit)(session, search_data, num_search_data);
+ if (ret != CKR_OK)
+ return ret;
+
+ ret = (*func->C_FindObjects)(session, object, 1, &object_count);
+ if (ret != CKR_OK)
+ return ret;
+ if (object_count == 0) {
+ printf("found no object\n");
+ return 1;
+ }
+
+ ret = (*func->C_FindObjectsFinal)(session);
+ if (ret != CKR_OK)
+ return ret;
+
+ return CKR_OK;
+}
+
+static char *sighash = "hej";
+static char signature[1024];
+
+
+int
+main(int argc, char **argv)
+{
+ CK_SLOT_ID_PTR slot_ids;
+ CK_SLOT_ID slot;
+ CK_ULONG num_slots;
+ CK_RV ret;
+ CK_SLOT_INFO slot_info;
+ CK_TOKEN_INFO token_info;
+ CK_SESSION_HANDLE session;
+ CK_OBJECT_HANDLE public, private;
+
+ ret = C_GetFunctionList(&func);
+ if (ret != CKR_OK)
+ errx(1, "C_GetFunctionList failed: %d", (int)ret);
+
+ (*func->C_Initialize)(NULL_PTR);
+
+ ret = (*func->C_GetSlotList)(FALSE, NULL, &num_slots);
+ if (ret != CKR_OK)
+ errx(1, "C_GetSlotList1 failed: %d", (int)ret);
+
+ if (num_slots == 0)
+ errx(1, "no slots");
+
+ if ((slot_ids = calloc(1, num_slots * sizeof(*slot_ids))) == NULL)
+ err(1, "alloc slots failed");
+
+ ret = (*func->C_GetSlotList)(FALSE, slot_ids, &num_slots);
+ if (ret != CKR_OK)
+ errx(1, "C_GetSlotList2 failed: %d", (int)ret);
+
+ slot = slot_ids[0];
+ free(slot_ids);
+
+ ret = (*func->C_GetSlotInfo)(slot, &slot_info);
+ if (ret)
+ errx(1, "C_GetSlotInfo failed: %d", (int)ret);
+
+ if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
+ errx(1, "no token present");
+
+ ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, &session);
+ if (ret != CKR_OK)
+ errx(1, "C_OpenSession failed: %d", (int)ret);
+
+ ret = (*func->C_GetTokenInfo)(slot, &token_info);
+ if (ret)
+ errx(1, "C_GetTokenInfo1 failed: %d", (int)ret);
+
+ if (token_info.flags & CKF_LOGIN_REQUIRED) {
+ ret = (*func->C_Login)(session, CKU_USER,
+ (unsigned char*)"foobar", 6);
+ if (ret != CKR_OK)
+ errx(1, "C_Login failed: %d", (int)ret);
+ }
+
+ ret = (*func->C_GetTokenInfo)(slot, &token_info);
+ if (ret)
+ errx(1, "C_GetTokenInfo2 failed: %d", (int)ret);
+
+ if (token_info.flags & CKF_LOGIN_REQUIRED)
+ errx(1, "login required, even after C_Login");
+
+ ret = find_object(session, "cert", CKO_PUBLIC_KEY, &public);
+ if (ret != CKR_OK)
+ errx(1, "find cert failed: %d", (int)ret);
+ ret = find_object(session, "cert", CKO_PRIVATE_KEY, &private);
+ if (ret != CKR_OK)
+ errx(1, "find private key failed: %d", (int)ret);
+
+ {
+ CK_ULONG ck_sigsize;
+ CK_MECHANISM mechanism;
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = CKM_RSA_PKCS;
+
+ ret = (*func->C_SignInit)(session, &mechanism, private);
+ if (ret != CKR_OK)
+ return 1;
+
+ ck_sigsize = sizeof(signature);
+ ret = (*func->C_Sign)(session, (CK_BYTE *)sighash, strlen(sighash),
+ (CK_BYTE *)signature, &ck_sigsize);
+ if (ret != CKR_OK) {
+ printf("C_Sign failed with: %d\n", (int)ret);
+ return 1;
+ }
+
+ ret = (*func->C_VerifyInit)(session, &mechanism, public);
+ if (ret != CKR_OK)
+ return 1;
+
+ ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize,
+ (CK_BYTE *)sighash, strlen(sighash));
+ if (ret != CKR_OK) {
+ printf("message: %d\n", (int)ret);
+ return 1;
+ }
+ }
+
+#if 0
+ {
+ CK_ULONG ck_sigsize, outsize;
+ CK_MECHANISM mechanism;
+ char outdata[1024];
+
+ memset(&mechanism, 0, sizeof(mechanism));
+ mechanism.mechanism = CKM_RSA_PKCS;
+
+ ret = (*func->C_EncryptInit)(session, &mechanism, public);
+ if (ret != CKR_OK)
+ return 1;
+
+ ck_sigsize = sizeof(signature);
+ ret = (*func->C_Encrypt)(session, (CK_BYTE *)sighash, strlen(sighash),
+ (CK_BYTE *)signature, &ck_sigsize);
+ if (ret != CKR_OK) {
+ printf("message: %d\n", (int)ret);
+ return 1;
+ }
+
+ ret = (*func->C_DecryptInit)(session, &mechanism, private);
+ if (ret != CKR_OK)
+ return 1;
+
+ outsize = sizeof(outdata);
+ ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize,
+ (CK_BYTE *)outdata, &outsize);
+ if (ret != CKR_OK) {
+ printf("message: %d\n", (int)ret);
+ return 1;
+ }
+
+ if (memcmp(sighash, outdata, strlen(sighash)) != 0)
+ return 1;
+ }
+#endif
+
+ ret = (*func->C_CloseSession)(session);
+ if (ret != CKR_OK)
+ return 1;
+
+ (*func->C_Finalize)(NULL_PTR);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/hx509/test_windows.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/test_windows.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/test_windows.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,89 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_windows.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+stat="--statistic-file=${objdir}/statfile"
+
+hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
+
+if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
+ exit 77
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ exit 77
+fi
+
+echo "Create trust anchor"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --generate-key=rsa \
+ --subject="CN=Windows-CA,DC=heimdal,DC=pki" \
+ --lifetime=10years \
+ --certificate="FILE:wca.pem" || exit 1
+
+echo "Create domain controller cert"
+${hxtool} issue-certificate \
+ --type="pkinit-kdc" \
+ --pk-init-principal="krbtgt/HEIMDAL.PKI at HEIMDAL.PKI" \
+ --hostname=kdc.heimdal.pki \
+ --generate-key=rsa \
+ --subject="CN=kdc.heimdal.pki,dc=heimdal,dc=pki" \
+ --certificate="FILE:wdc.pem" \
+ --domain-controller \
+ --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
+ --ca-certificate=FILE:wca.pem || exit 1
+
+
+echo "Create user cert"
+${hxtool} issue-certificate \
+ --type="pkinit-client" \
+ --pk-init-principal="user at HEIMDAL.PKI" \
+ --generate-key=rsa \
+ --subject="CN=User,DC=heimdal,DC=pki" \
+ --ms-upn="user at heimdal.pki" \
+ --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \
+ --certificate="FILE:wuser.pem" \
+ --ca-certificate=FILE:wca.pem || exit 1
+
+echo "Create crl"
+${hxtool} crl-sign \
+ --crl-file=wcrl.crl \
+ --signer=FILE:wca.pem || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available1
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,13 @@
+1.2.840.113549.1.1.11
+1.2.840.113549.1.1.5
+1.2.840.113549.1.1.5
+1.2.840.113549.1.1.4
+1.2.840.113549.1.1.2
+1.2.752.43.16.1
+2.16.840.1.101.3.4.2.1
+1.3.14.3.2.26
+1.2.840.113549.2.5
+1.2.840.113549.2.2
+1.2.840.113549.3.7
+2.16.840.1.101.3.4.1.2
+2.16.840.1.101.3.4.1.42
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available2
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available2 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available2 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4 @@
+2.16.840.1.101.3.4.2.1
+1.3.14.3.2.26
+1.2.840.113549.2.5
+1.2.840.113549.2.2
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available3
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-available3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6 @@
+1.2.840.113549.1.1.11
+1.2.840.113549.1.1.5
+1.2.840.113549.1.1.5
+1.2.840.113549.1.1.4
+1.2.840.113549.1.1.2
+1.2.752.43.16.1
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.2.840.113549.1.1.11
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select1
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select1 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.3.14.3.2.26
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select2
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select2 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select2 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.2.840.113549.1.1.5
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select3
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.2.840.113549.1.1.4
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select4
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select4 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select4 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.2.840.113549.1.1.5
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select5
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select5 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select5 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.2.840.113549.1.1.11
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select6
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select6 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select6 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+1.2.840.113549.1.1.5
Added: vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select7
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select7 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/tst-crypto-select7 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+2.16.840.1.101.3.4.1.42
Added: vendor-crypto/heimdal/dist/lib/hx509/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/lib/hx509/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/lib/hx509/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,227 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+HEIMDAL_X509_1.0 {
+ global:
+ initialize_hx_error_table_r;
+ hx509_bitstring_print;
+ hx509_ca_sign;
+ hx509_ca_sign_self;
+ hx509_ca_tbs_add_crl_dp_uri;
+ hx509_ca_tbs_add_eku;
+ hx509_ca_tbs_add_san_hostname;
+ hx509_ca_tbs_add_san_jid;
+ hx509_ca_tbs_add_san_ms_upn;
+ hx509_ca_tbs_add_san_otherName;
+ hx509_ca_tbs_add_san_pkinit;
+ hx509_ca_tbs_add_san_rfc822name;
+ hx509_ca_tbs_free;
+ hx509_ca_tbs_init;
+ hx509_ca_tbs_set_ca;
+ hx509_ca_tbs_set_domaincontroller;
+ hx509_ca_tbs_set_notAfter;
+ hx509_ca_tbs_set_notAfter_lifetime;
+ hx509_ca_tbs_set_notBefore;
+ hx509_ca_tbs_set_proxy;
+ hx509_ca_tbs_set_serialnumber;
+ hx509_ca_tbs_set_spki;
+ hx509_ca_tbs_set_subject;
+ hx509_ca_tbs_set_template;
+ hx509_ca_tbs_subject_expand;
+ hx509_ca_tbs_template_units;
+ hx509_cert_binary;
+ hx509_cert_check_eku;
+ hx509_cert_cmp;
+ hx509_cert_find_subjectAltName_otherName;
+ hx509_cert_free;
+ hx509_cert_get_SPKI;
+ hx509_cert_attribute;
+ hx509_cert_get_attribute;
+ hx509_cert_get_base_subject;
+ hx509_cert_get_friendly_name;
+ hx509_cert_get_issuer;
+ hx509_cert_get_notAfter;
+ hx509_cert_get_notBefore;
+ hx509_cert_get_serialnumber;
+ hx509_cert_get_subject;
+ hx509_cert_init;
+ hx509_cert_init_data;
+ hx509_cert_keyusage_print;
+ hx509_cert;
+ hx509_cert_ref;
+ hx509_cert_set_friendly_name;
+ hx509_certs_add;
+ hx509_certs_append;
+ hx509_certs_end_seq;
+ hx509_certs_find;
+ hx509_certs_free;
+ hx509_certs_info;
+ hx509_certs_init;
+ hx509_certs_iter;
+ hx509_certs_merge;
+ hx509_certs_next_cert;
+ hx509_certs_start_seq;
+ hx509_certs_store;
+ hx509_ci_print_names;
+ hx509_clear_error_string;
+ hx509_cms_create_signed_1;
+ hx509_cms_decrypt_encrypted;
+ hx509_cms_envelope_1;
+ hx509_cms_unenvelope;
+ hx509_cms_unwrap_ContentInfo;
+ hx509_cms_verify_signed;
+ hx509_cms_wrap_ContentInfo;
+ hx509_context_free;
+ hx509_context_init;
+ hx509_context_set_missing_revoke;
+ hx509_crl_add_revoked_certs;
+ hx509_crl_alloc;
+ hx509_crl_free;
+ hx509_crl_lifetime;
+ hx509_crl_sign;
+ hx509_crypto_aes128_cbc;
+ hx509_crypto_aes256_cbc;
+ hx509_crypto_available;
+ hx509_crypto_decrypt;
+ hx509_crypto_des_rsdi_ede3_cbc;
+ hx509_crypto_destroy;
+ hx509_crypto_encrypt;
+ hx509_crypto_enctype_by_name;
+ hx509_crypto_free_algs;
+ hx509_crypto_get_params;
+ hx509_crypto_init;
+ hx509_crypto_provider;
+ hx509_crypto_select;
+ hx509_crypto_set_key_data;
+ hx509_crypto_set_key_name;
+ hx509_crypto_set_params;
+ hx509_crypto_set_random_key;
+ hx509_env_add;
+ hx509_env_free;
+ hx509_env_init;
+ hx509_env_lfind;
+ hx509_err;
+ hx509_free_error_string;
+ hx509_free_octet_string_list;
+ hx509_general_name_unparse;
+ hx509_get_error_string;
+ hx509_get_one_cert;
+ hx509_lock_add_cert;
+ hx509_lock_add_certs;
+ hx509_lock_add_password;
+ hx509_lock_command_string;
+ hx509_lock_free;
+ hx509_lock_init;
+ hx509_lock_prompt;
+ hx509_lock_reset_certs;
+ hx509_lock_reset_passwords;
+ hx509_lock_reset_promper;
+ hx509_lock_set_prompter;
+ hx509_name_cmp;
+ hx509_name_copy;
+ hx509_name_expand;
+ hx509_name_free;
+ hx509_name_is_null_p;
+ hx509_name_normalize;
+ hx509_name_to_Name;
+ hx509_name_binary;
+ hx509_name_to_string;
+ hx509_ocsp_request;
+ hx509_ocsp_verify;
+ hx509_oid_print;
+ hx509_oid_sprint;
+ hx509_parse_name;
+ hx509_peer_info_alloc;
+ hx509_peer_info_free;
+ hx509_peer_info_set_cert;
+ hx509_peer_info_set_cms_algs;
+ hx509_print_stdout;
+ hx509_prompt_hidden;
+ hx509_query_alloc;
+ hx509_query_free;
+ hx509_query_match_cmp_func;
+ hx509_query_match_friendly_name;
+ hx509_query_match_issuer_serial;
+ hx509_query_match_option;
+ hx509_query_statistic_file;
+ hx509_query_unparse_stats;
+ hx509_revoke_add_crl;
+ hx509_revoke_add_ocsp;
+ hx509_revoke_free;
+ hx509_revoke_init;
+ hx509_revoke_ocsp_print;
+ hx509_revoke_verify;
+ hx509_set_error_string;
+ hx509_set_error_stringv;
+ hx509_signature_md2;
+ hx509_signature_md5;
+ hx509_signature_rsa;
+ hx509_signature_rsa_with_md2;
+ hx509_signature_rsa_with_md5;
+ hx509_signature_rsa_with_sha1;
+ hx509_signature_rsa_with_sha256;
+ hx509_signature_rsa_with_sha384;
+ hx509_signature_rsa_with_sha512;
+ hx509_signature_sha1;
+ hx509_signature_sha256;
+ hx509_signature_sha384;
+ hx509_signature_sha512;
+ hx509_unparse_der_name;
+ hx509_validate_cert;
+ hx509_validate_ctx_add_flags;
+ hx509_validate_ctx_free;
+ hx509_validate_ctx_init;
+ hx509_validate_ctx_set_print;
+ hx509_verify_attach_anchors;
+ hx509_verify_attach_revoke;
+ hx509_verify_ctx_f_allow_default_trustanchors;
+ hx509_verify_destroy_ctx;
+ hx509_verify_hostname;
+ hx509_verify_init_ctx;
+ hx509_verify_path;
+ hx509_verify_set_max_depth;
+ hx509_verify_set_proxy_certificate;
+ hx509_verify_set_strict_rfc3280_verification;
+ hx509_verify_set_time;
+ hx509_verify_signature;
+ hx509_pem_write;
+ hx509_pem_add_header;
+ hx509_pem_find_header;
+ hx509_pem_free_header;
+ hx509_xfree;
+ _hx509_write_file;
+ _hx509_map_file;
+ _hx509_map_file_os;
+ _hx509_unmap_file;
+ _hx509_unmap_file_os;
+ _hx509_certs_keys_free;
+ _hx509_certs_keys_get;
+ _hx509_request_init;
+ _hx509_request_add_dns_name;
+ _hx509_request_add_email;
+ _hx509_request_get_name;
+ _hx509_request_set_name;
+ _hx509_request_set_email;
+ _hx509_request_get_SubjectPublicKeyInfo;
+ _hx509_request_set_SubjectPublicKeyInfo;
+ _hx509_request_to_pkcs10;
+ _hx509_request_to_pkcs10;
+ _hx509_request_free;
+ _hx509_request_print;
+ _hx509_request_parse;
+ _hx509_private_key_ref;
+ _hx509_private_key_free;
+ _hx509_private_key2SPKI;
+ _hx509_generate_private_key_init;
+ _hx509_generate_private_key_is_ca;
+ _hx509_generate_private_key_bits;
+ _hx509_generate_private_key;
+ _hx509_generate_private_key_free;
+ _hx509_cert_assign_key;
+ _hx509_cert_private_key;
+ _hx509_name_from_Name;
+ # pkcs11 symbols
+ C_GetFunctionList;
+ local:
+ *;
+};
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1383 @@
+2008-01-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * default_keys.c: Use hdb_free_keys().
+
+2008-01-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add check-cracklib.pl, flush.c,
+ sample_passwd_check.c
+
+2007-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * use hdb_db_dir() and hdb_default_db()
+
+2007-10-18 Love <lha at stacken.kth.se>
+
+ * init_c.c: We are getting default_client, not client. this way
+ the user can override the result.
+
+2007-09-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop.8: fix spelling, From Antoine Jacoutt.
+
+2007-08-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * version-script.map: export _kadm5_unmarshal_params,
+ _kadm5_acl_check_permission
+
+ * version-script.map: export kadm5_log_ symbols.
+
+ * log.c: Unexport the specific log replay operations.
+
+2007-08-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: build sample_passwd_check.la as part of noinst.
+
+ * sample_passwd_check.c: Add missing prototype for check_length().
+
+2007-08-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * log.c: Sprinkle krb5_set_error_string().
+
+ * ipropd_slave.c: Provide better error why kadm5_log_replay
+ failed.
+
+2007-08-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_master.c: - don't push whole database to the new client
+ every time. - make slaves get the whole new database if they have
+ a newer log the the master (and thus have them go back in time).
+
+2007-08-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c: make more sane.
+
+ * ipropd_slave.c: more paranoid check that the log entires are
+ self consistant
+
+ * log.c (kadm5_log_foreach): check that the postamble contains the
+ right data.
+
+ * ipropd_master.c: Sprinkle more info about what versions the
+ master thinks about the client versions.
+
+ * ipropd_master.c: Start the server at the current version, not 0.
+
+2007-08-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_master.c: Add more logging, to figure out what is
+ happening in the master.
+
+2007-08-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add version-script for libkadm5srv.la
+
+ * version-script.map: version script fro kadm5 server libary.
+
+ * log.c: only free the orignal entries extentions if there was
+ any. Bug reported by Peter Meinecke.
+
+ * add configuration for signal file and acl file, let user select
+ hostname, catch signals and print why we are quiting, make nop
+ cause one new version, not two
+
+2007-07-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_master.c (send_diffs): make current slave's version
+ uptodate when diff have been sent.
+
+2007-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c: More comments and some more error checking.
+
+2007-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c (get_cache_principal): make sure id is reset if we
+ fail. From Benjamin Bennet.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * context_s.c (find_db_spec): match realm-less as the default
+ realm.
+
+ * Makefile.am: New library version.
+
+2007-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * context_s.c: Use hdb_get_dbinfo to pick up configuration.
+ ctx->config.realm can be NULL, check for that, from Bjorn S.
+
+2007-07-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c: Try harder to use the right principal.
+
+2007-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c: Catch return value from krb5_program_setup. From
+ Steven Luo.
+
+2007-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * delete_s.c: Write log entry after store is successful, rename
+ out goto statments.
+
+ * randkey_s.c: Write log entry after store is successful.
+
+ * modify_s.c: Write log entry after store is successful.
+
+ * rename_s.c: indent.
+
+ * chpass_s.c: Write log entry after store is successful.
+
+ * create_s.c: Write log entry after store is successful.
+
+2007-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop-commands.in: Add default values to make this working
+ again.
+
+ * iprop-log.c (iprop_replay): create the database with more
+ liberal mode.
+
+ * log.c: make it slightly more working.
+
+ * iprop-log.8: Document last-version.
+
+ * iprop-log.c: (last_version): print last version of the log.
+
+ * iprop-commands.in: new command last-version: print last version
+ of the log.
+
+ * log.c (kadm5_log_previous): document assumptions and make less
+ broken. Bug report from Ronny Blomme.
+
+2007-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * admin.h: add support to get aliases
+
+ * get_s.c: add support to get aliases
+
+2007-02-11 David Love <fx at gnu.org>
+
+ * iprop-log.8: Small fixes, from David Love.
+
+2006-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c: if the user have a kadmin/admin initial ticket, don't
+ ask for password, just use the credential instead.
+
+2006-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_master.c: Use strcspn to remove \n from string returned
+ by fgets. From Bj\xF6rn Sandell
+
+2006-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c (kadm_connect): clear error string before trying to
+ print a errno, this way we don't pick up a random failure code
+
+2006-11-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
+ argument.
+
+ * init_c.c: Make krb5_get_init_creds_opt_free take a context
+ argument.
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ent_setup.c: Try to not leak memory.
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: split build files into dist_ and noinst_ SOURCES
+
+2006-08-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * get_s.c: Add KRB5_KDB_ALLOW_DIGEST
+
+ * ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST
+
+ * admin.h: Add KRB5_KDB_ALLOW_DIGEST
+
+2006-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-cracklib.pl: Add password reuse checking. From Harald
+ Barth.
+
+2006-06-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4
+
+ * get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4
+
+ * admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
+
+2006-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION
+
+2006-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * password_quality.c (kadm5_check_password_quality): set error
+ message in context.
+
+2006-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop-log.c: Avoid shadowing.
+
+ * rename_s.c: Avoid shadowing.
+
+2006-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
+ that way.
+
+2006-05-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Rename u_intXX_t to uintXX_t
+
+2006-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
+ Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for
+
+ * send_recv.c: set and clear error string
+
+ * rename_s.c: Break out the that we request from principal from
+ the entry and pass it in as a separate argument.
+
+ * randkey_s.c: Break out the that we request from principal from
+ the entry and pass it in as a separate argument.
+
+ * modify_s.c: Break out the that we request from principal from
+ the entry and pass it in as a separate argument.
+
+ * log.c: Break out the that we request from principal from the
+ entry and pass it in as a separate argument.
+
+ * get_s.c: Break out the that we request from principal from the
+ entry and pass it in as a separate argument.
+
+ * delete_s.c: Break out the that we request from principal from
+ the entry and pass it in as a separate argument.
+
+ * chpass_s.c: Break out the that we request from principal from
+ the entry and pass it in as a separate argument.
+
+2006-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * create_s.c (create_principal*): If client doesn't send kvno,
+ make sure to set it to 1.
+
+2006-04-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * log.c: (kadm5_log_rename): handle errors better
+ Fixes Coverity, NetBSD CID#628
+
+ * log.c (kadm5_log_delete): add error handling Coverity, NetBSD
+ CID#626
+ (kadm5_log_modify): add error handling Coverity, NetBSD CID#627
+
+ * init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
+ case no client name was passed in. Coverity, NetBSD CID#919
+
+ * init_c.c (_kadm5_c_get_cred_cache): Free client principal in
+ case of error. Coverity NetBSD CID#1908
+
+2006-02-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadm5_err.et: (PASS_REUSE): Spelling,
+ from V\xE1clav H?la <ax at natur.cuni.cz>
+
+2006-01-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * send_recv.c: Clear error-string when introducing new errors.
+
+ * *_c.c: Clear error-string when introducing new errors.
+
+2006-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
+ dependency
+
+2005-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * memset hdb_entry_ex before use
+
+2005-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Wrap hdb_entry with hdb_entry_ex, patch originally
+ from Andrew Bartlet
+
+2005-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * context_s.c (set_field): try another way to calculate the path
+ to the database/logfile/signal-socket
+
+ * log.c (kadm5_log_init): set error string on failures
+
+2005-09-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Constify password.
+
+ * admin.h: Add KRB5_TL_PKINIT_ACL.
+
+ * marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
+
+ * get_s.c (kadm5_s_get_principal): clear error string
+
+2005-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop-log.8: More text about iprop-log.
+
+2005-08-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop.8: SEE ALSO iprop-log.
+
+ * Makefile.am: man_MANS += iprop-log.8
+
+ * iprop-log.8: Basic for documentation of iprop-log.
+
+ * remove replay_log.c, dump_log.c, and truncate_log.c, folded into
+ iprop-log.
+
+ * log.c (kadm5_log_foreach): add a context variable and pass it
+ down to `func\xB4.
+
+ * iprop-commands.in: Move truncate_log and replay_log into
+ iprop-log.
+
+ * iprop-log.c: Move truncate_log and replay_log into iprop-log.
+
+ * Makefile.am: Move truncate_log and replay_log into iprop-log.
+
+ * Makefile.am: Make this work with a clean directory.
+
+ * ipropd_master.c: Make compile.
+
+ * ipropd_master.c: Update to new signature of kadm5_log_previous.
+
+ * log.c (kadm5_log_previous): catch errors instead of asserting
+ and set error string.
+
+ * iprop-commands.in: New program iprop-log that incorperates
+ dump_log as a subcommand, truncate_log and replay_log soon to come
+ after.
+
+ * iprop-log.c: New program iprop-log that incorperates dump_log as
+ a subcommand, truncate_log and replay_log soon to come after.
+
+ * Makefile.am: New program iprop-log that incorperates dump_log as
+ a subcommand, truncate_log and replay_log soon to come after.
+
+2005-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * get_s.c: Implement KADM5_LAST_PWD_CHANGE.
+
+ * set_keys.c: Set and clear password where appropriate.
+
+ * randkey_s.c: Operation modifies tl_data.
+
+ * log.c (kadm5_log_replay_modify): Check return values of
+ malloc(), replace all extensions.
+
+ * kadm5_err.et: Make BAD_TL_TYPE error more helpful.
+
+ * get_s.c: Expose KADM5_TL_DATA options to the client.
+
+ * ent_setup.c: Merge in KADM5_TL_DATA in the database.
+
+ * chpass_s.c: Operations modify extensions, mark that with
+ TL_DATA.
+
+ * admin.h: Add more TL types (password and extension).
+
+2005-06-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * constify
+
+ * ipropd_slave.c: avoid shadowing
+
+ * ipropd_master.c: rename local variable slave to s, optind ->
+ optidx
+
+ * get_princs_c.c: rename variable exp to expression
+
+ * ad.c: rename variable exp to expression
+
+ * log.c: rename shadowing len to num
+
+ * get_princs_s.c: rename variable exp to expression
+
+ * context_s.c: const poison
+
+ * common_glue.c: rename variable exp to expression
+
+2005-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
+
+ * get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE
+
+ * admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags
+
+2005-05-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kadm5_pwcheck.3: please mdoclint
+
+2005-05-25 Dave Love <fx at gnu.org>
+
+ * kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
+ improve text
+
+2005-05-24 Dave Love <fx at gnu.org>
+
+ * iprop.8: Added some info about defaults, fixed some markup.
+
+2005-05-23 Dave Love <fx at gnu.org>
+
+ * ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.
+
+ * ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.
+
+2005-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c (_kadm5_c_init_context): fix memory leak in case of
+ failure
+
+2005-05-09 Dave Love <fx at gnu.org>
+
+ * password_quality.c (find_func): Fix off-by-one and logic error.
+ (external_passwd_quality): Improve messages.
+
+ * test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
+ and kadm5_add_passwd_quality_verifier.
+
+2005-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * default_keys.c: #include <err.h>, only print salt it its longer
+ then 0, use krb5_err instead of errx where appropriate
+
+2005-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c: add the documented option --port
+
+ * ipropd_master.c: add the documented option --port
+
+ * dump_log.c: use the newly generated units function
+
+2005-04-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * dump_log.c: use strlcpy
+
+ * password_quality.c: don't use sizeof(pointer)
+
+2005-04-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * check-cracklib.pl: external password verifier sample
+
+ * password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
+ is passed in, load defaults
+
+2005-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * password_quality.c: add an end tag to the external password
+ quality check protocol
+
+2005-04-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * password_quality.c: add external passsword quality check builtin
+ module
+
+ [password_quality]
+ policies = external-check
+ external-program = /bin/false
+
+ To approve password a, make the test program return APPROVED on
+ stderr and fail with exit code 0.
+
+2004-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: bump version to 7:7:0 and 6:5:2
+
+ * default_keys.c (parse_file): use hdb_generate_key_set
+
+ * keys.c,set_keys.c: Move keyset parsing and password based keyset
+ generation into hdb. Requested by Andrew Bartlett <abartlet at samba.org>
+ for hdb-ldb backend.
+
+2004-09-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_master.c: add help strings to some options
+
+2004-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * chpass_s.c: deal with changed prototype for _kadm5_free_keys
+
+ * keys.c (_kadm5_free_keys): change prototype, make it use
+ krb5_context instead of a kadm5_server_context
+
+ * set_keys.c (parse_key_set): do way with static returning
+ (function) static variable and returned allocated memory
+ (_kadm5_generate_key_set): free enctypes returned by parse_key_set
+
+2004-09-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c: Fix memory leak, don't return stack variables From
+ Andrew Bartlett
+
+ * set_keys.c: make all_etypes const and move outside function to
+ avoid returning data on stack
+
+2004-08-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
+ delim of the third element, this is so we can match
+ "foo at REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
+ "foo at REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
+ what really happen was that the last <SPC> was stamped out, and
+ the it never strtok_r never needed to parse over it.
+
+2004-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
+ without salting, some people tries to add the string
+ "arcfour-hmac-md5" when they really should have used
+ "arcfour-hmac-md5:pw-salt", help them and add glue for that
+
+2004-08-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_slave.c: add --detach
+
+2004-07-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: use new tsasl interface remove debug printf add upn to
+ computer-accounts
+
+2004-06-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: implement kadm5_ad_init_with_password_ctx set more error
+ strings
+
+2004-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: man_MANS = kadm5_pwcheck.3
+
+ * kadm5_pwcheck.3: document new password quality api
+
+ * password_quality.c: new password check interface (old still
+ supported)
+
+ * kadm5-pwcheck.h: new password check interface
+
+2004-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_master.c (main): process all slaves, not just up to the
+ last slave sending data
+ (bug report from Bj\xF6rn Sandell <biorn at dce.chalmers.se>)
+ (*): only send one ARE_YOU_THERE
+
+2004-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: use krb5_set_password_using_ccache
+
+2004-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: try handle spn's better
+
+2004-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: add expiration time
+
+ * ad.c: add modify operations
+
+ * ad.c: handle create and delete
+
+2004-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: more code for get, handle attributes
+
+ * ad.c: more code for get, handle time stamps and bad password
+ counter
+
+ * ad.c: more code for get, only fetches kvno for now
+
+2004-05-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ad.c: add support for tsasl
+
+ * private.h: add kadm5_ad_context
+
+ * ipropd_master.c (prop_one): store the opcode in the begining of
+ the blob, not the end
+
+ * ad.c: try all ldap servers in dns, generate a random password,
+ base64(random_block(64)), XXX must make it support other then
+ ARCFOUR
+
+ * ad.c: framework for windows AD backend
+
+2004-03-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * create_s.c (kadm5_s_create_principal): remove old XXX command
+ and related code, _kadm5_set_keys will do all this now
+
+2004-02-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
+ enctype for des keys From: Andrew Bartlett <abartlet at samba.org>
+
+ * create_s.c (kadm5_s_create_principal_with_key): don't call
+ _kadm5_set_keys2, create_principal will do that for us. Set kvno
+ to 1.
+
+ * chpass_s.c (change): bump kvno
+ (kadm5_s_chpass_principal_with_key): bump kvno
+
+ * randkey_s.c (kadm5_s_randkey_principal): bump kvno
+
+ * set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
+ to that
+
+2003-12-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * chpass_s.c (change): fix same-password-again by decrypting keys
+ and setting an error code From: Buck Huppmann <buckh at pobox.com>
+
+2003-12-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c (_kadm5_c_init_context): catch errors from strdup and
+ other krb5_ functions
+
+2003-12-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rename_s.c (kadm5_s_rename_principal): allow principal to change
+ realm From Panasas Inc
+
+2003-12-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
+ Inc
+
+2003-11-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop.h: don't include <krb5-private.h>
+
+ * ipropd_slave.c: stop using krb5 lib private byte-frobbing
+ functions and replace them with with krb5_storage
+
+ * ipropd_master.c: stop using krb5 lib private byte-frobbing
+ functions and replace them with with krb5_storage
+
+2003-11-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c (receive_loop): when seeking over the entries we
+ already have, skip over the trailer. From: Jeffrey Hutzelman
+ <jhutz at cmu.edu>
+
+ * dump_log.c,ipropd_master.c,ipropd_slave.c,
+ replay_log.c,truncate_log.c: parse kdc.conf
+ From: Jeffrey Hutzelman <jhutz at cmu.edu>
+
+2003-10-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: += test_pw_quality
+
+ * test_pw_quality.c: test program for verifying password quality
+ function
+
+2003-09-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add and enable check program default_keys
+
+ * default_keys.c: test program for _kadm5_generate_key_set
+
+ * init_c.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+2003-08-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c (_kadm5_set_keys_randomly): remove dup return
+
+ * ipropd_master.c (main): make sure current_version is initialized
+
+2003-08-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c: use default_keys for the both random keys and
+ password derived keys if its defined
+
+2003-07-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_slave.c (receive_everything): switch close and rename
+ From: Alf Wachsmann <alfw at SLAC.Stanford.EDU>
+
+2003-07-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * iprop.h, ipropd_master.c, ipropd_slave.c:
+ Add probing from the server that the client is still there, also
+ make the client check that the server is probing.
+
+2003-07-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * truncate_log.c (main): add missing ``if (ret)''
+
+2003-06-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c (make_keys): add AES support
+
+ * set_keys.c: fix off by one in the aes case, pointed out by Ken
+ Raeburn
+
+2003-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * set_keys.c (_kadm5_set_keys_randomly): add
+ ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
+ support
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * send_recv.c: check return values from krb5_data_alloc
+ * log.c: check return values from krb5_data_alloc
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * dump_log.c (print_entry): check return values from
+ krb5_data_alloc
+
+2003-04-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * init_c.c (kadm_connect): if a context realm was passed in, use
+ that to form the kadmin/admin principal
+
+2003-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ipropd_master.c (main): make sure we don't consider dead slave
+ for select processing
+ (write_stats): use slave_stats_file variable,
+ check return value of strftime
+ (args): allow specifying slave stats file
+ (slave_dead): close the fd when the slave dies
+
+2002-10-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_slave.c (from Derrick Brashear): Propagating a large
+ database without this means the slave kdcs can get erroneous
+ HDB_NOENTRY and return the resulting errors. This creates a new db
+ handle, populates it, and moves it into place.
+
+2002-08-26 Assar Westerlund <assar at kth.se>
+
+ * ipropd_slave.c (receive_everything): type-correctness calling
+ _krb5_get_int
+
+ * context_s.c (find_db_spec): const-correctness in parameters to
+ krb5_config_get_next
+
+2002-08-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * private.h: rename header file flag macro
+
+ * Makefile.am: generate kadm5-{protos,private}.h
+
+2002-08-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_master.c: check return value of krb5_sockaddr2address
+
+2002-07-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_master.c: handle slaves that come and go; add status
+ reporting (both from Love)
+
+ * iprop.h: KADM5_SLAVE_STATS
+
+2002-03-25 Jacques Vidrine <n at nectar.com>
+
+ * init_c.c (get_cred_cache): bug fix: the default credentials
+ cache was not being used if a client name was specified.
+
+2002-03-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * init_c.c (get_cred_cache): when getting the default_client from
+ the cred cache, make sure the instance part is "admin"; this
+ should require fewer uses of -p
+
+2002-03-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
+ (libkadm5clnt_la_LDFLAGS): set version to 6:3:2
+
+2002-02-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * init_c.c: we have to create our own param struct before
+ marshaling
+
+2001-09-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: link with LIB_pidfile
+
+ * iprop.h: include util.h for pidfile
+
+2001-08-31 Assar Westerlund <assar at sics.se>
+
+ * ipropd_slave.c (main): syslog with the correct name
+
+2001-08-30 Jacques Vidrine <n at nectar.com>
+
+ * ipropd_slave.c, ipropd_master.c (main): call pidfile
+
+2001-08-28 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0
+
+2001-08-24 Assar Westerlund <assar at sics.se>
+
+ * acl.c (fetch_acl): do not return bogus flags and re-organize
+ function
+
+ * Makefile.am: rename variable name to avoid error from current
+ automake
+
+2001-08-13 Johan Danielsson <joda at pdc.kth.se>
+
+ * set_keys.c: add easier afs configuration, defaulting to the
+ local realm in lower case; also try to remove duplicate salts
+
+2001-07-12 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add required library dependencies
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2
+
+2001-06-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * init_c.c: call krb5_get_init_creds_opt_set_default_flags
+
+2001-02-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * replay_log.c: add --{start-end}-version flags to replay just
+ part of the log
+
+2001-02-15 Assar Westerlund <assar at sics.se>
+
+ * ipropd_master.c (main): fix select-loop to decrement ret
+ correctly. from "Brandon S. Allbery KF8NH" <allbery at ece.cmu.edu>
+
+2001-01-30 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump versions
+
+2000-12-31 Assar Westerlund <assar at sics.se>
+
+ * init_s.c (*): handle krb5_init_context failure consistently
+ * init_c.c (init_context): handle krb5_init_context failure
+ consistently
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0
+
+2000-11-16 Assar Westerlund <assar at sics.se>
+
+ * set_keys.c (make_keys): clean-up salting loop and try not to
+ leak memory
+
+ * ipropd_master.c (main): check for fd's being too large to select
+ on
+
+2000-08-16 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0
+
+2000-08-10 Assar Westerlund <assar at sics.se>
+
+ * acl.c (fetch_acl): fix wrong cases, use krb5_principal_match
+
+2000-08-07 Assar Westerlund <assar at sics.se>
+
+ * ipropd_master.c (main): ignore SIGPIPE
+
+2000-08-06 Assar Westerlund <assar at sics.se>
+
+ * ipropd_slave.c (receive_everything): make `fd' an int instead of
+ a pointer. From Derrick J Brashear <shadow at dementia.org>
+
+2000-08-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * admin.h: change void** to void*
+
+2000-07-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: bump versions to 7:0:0 and 6:0:2
+
+2000-07-24 Assar Westerlund <assar at sics.se>
+
+ * log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
+ and make a new that takes a context
+ (kadm5_log_nop): add logging of missing lengths
+ (kadm5_log_truncate): new function
+
+ * dump_log.c (print_entry): update and correct
+ * randkey_s.c: call _kadm5_bump_pw_expire
+ * truncate_log.c: new program for truncating the log
+ * Makefile.am (sbin_PROGRAMS): add truncate_log
+ (C_SOURCES): add bump_pw_expire.c
+ * bump_pw_expire.c: new function for extending password expiration
+
+2000-07-22 Assar Westerlund <assar at sics.se>
+
+ * keys.c: new file with _kadm5_free_keys, _kadm5_init_keys
+
+ * set_keys.c (free_keys, init_keys): elevate to internal kadm5
+ functions
+
+ * chpass_s.c (kadm5_s_chpass_principal_cond): new function
+ * Makefile.am (C_SOURCES): add keys.c
+ * init_c.c: remove unused variable and handle some parameters
+ being NULL
+
+2000-07-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_slave.c: use krb5_read_priv_message
+
+ * ipropd_master.c: use krb5_{read,write}_priv_message
+
+ * init_c.c: use krb5_write_priv_message
+
+2000-07-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_slave.c: no need to call gethostname, since
+ sname_to_principal will
+
+ * send_recv.c: assert that we have a connected socket
+
+ * get_princs_c.c: call _kadm5_connect
+
+ * rename_c.c: call _kadm5_connect
+
+ * randkey_c.c: call _kadm5_connect
+
+ * privs_c.c: call _kadm5_connect
+
+ * modify_c.c: call _kadm5_connect
+
+ * get_c.c: call _kadm5_connect
+
+ * delete_c.c: call _kadm5_connect
+
+ * create_c.c: call _kadm5_connect
+
+ * chpass_c.c: call _kadm5_connect
+
+ * private.h: add more fields to client context; remove prototypes
+
+ * admin.h: remove prototypes
+
+ * kadm5-protos.h: move public prototypes here
+
+ * kadm5-private.h: move private prototypes here
+
+ * init_c.c: break out connection code to separate function, and
+ defer calling it until we actually do something
+
+2000-07-07 Assar Westerlund <assar at sics.se>
+
+ * set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
+ backwards compatability
+
+2000-06-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * set_keys.c (_kadm5_set_keys): rewrite this to be more easily
+ adaptable to different salts
+
+2000-06-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * get_s.c: pa_* -> KRB5_PADATA_*
+
+2000-06-16 Assar Westerlund <assar at sics.se>
+
+ * ipropd_slave.c: change default keytab to default keytab (as in
+ typically FILE:/etc/krb5.keytab)
+
+2000-06-08 Assar Westerlund <assar at sics.se>
+
+ * ipropd_slave.c: bug fixes, for actually writing the full dump to
+ the database. based on a patch from Love <lha at stacken.kth.se>
+
+2000-06-07 Assar Westerlund <assar at sics.se>
+
+ * acl.c: add support for patterns of principals
+ * log.c (kadm5_log_replay_create): handle more NULL pointers
+ (should they really happen?)
+ * log.c (kadm5_log_replay_modify): handle max_life == NULL and
+ max_renew == NULL
+
+ * ipropd_master.c: use syslog. be less verbose
+ * ipropd_slave.c: use syslog
+
+2000-06-05 Assar Westerlund <assar at sics.se>
+
+ * private.h (kadm_ops): add kadm_nop more prototypes
+ * log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
+ kadm5_log_replay_nop): add
+ * ipropd_slave.c: and some more improvements
+ * ipropd_master.c: lots of improvements
+ * iprop.h (IPROP_PORT, IPROP_SERVICE): add
+ (iprop_cmd): add new commands
+
+ * dump_log.c: add nop
+
+2000-05-15 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1
+
+2000-05-12 Assar Westerlund <assar at sics.se>
+
+ * get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
+ fallback. handle not having any creator.
+ * destroy_s.c (kadm5_s_destroy): free all allocated memory
+ * context_s.c (set_field): free variable if it's already set
+ (find_db_spec): malloc space for all strings
+
+2000-04-05 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (LDADD): add LIB_openldap
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
+ (libkadm5clnt_la_LDFLAGS): set version to 5:0:1
+
+2000-03-24 Assar Westerlund <assar at sics.se>
+
+ * set_keys.c (_kadm5_set_keys2): rewrite
+ (_kadm5_set_keys3): add
+
+ * private.h (struct kadm_func): add chpass_principal_with_key
+ * init_c.c (set_funcs): add chpass_principal_with_key
+
+2000-03-23 Assar Westerlund <assar at sics.se>
+
+ * context_s.c (set_funcs): add chpass_principal_with_key
+ * common_glue.c (kadm5_chpass_principal_with_key): add
+ * chpass_s.c: comment-ize and change calling convention for
+ _kadm5_set_keys*
+ * chpass_c.c (kadm5_c_chpass_principal_with_key): add
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0
+
+2000-01-28 Assar Westerlund <assar at sics.se>
+
+ * init_c.c (get_new_cache): make sure to request non-forwardable,
+ non-proxiable
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5srv.la): bump version to 5:1:0
+
+ * context_s.c (_kadm5_s_init_context): handle params == NULL
+
+1999-12-26 Assar Westerlund <assar at sics.se>
+
+ * get_s.c (kadm5_s_get_principal): handle modified_by->principal
+ == NULL
+
+1999-12-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
+
+ * init_c.c (_kadm5_c_init_context): handle getting back port
+ number from admin host
+ (kadm5_c_init_with_context): remove `proto/' part before doing
+ getaddrinfo()
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 5:0:0 and 4:0:0
+
+ * init_c.c (kadm5_c_init_with_context): don't use unitialized
+ stuff
+
+1999-12-04 Assar Westerlund <assar at sics.se>
+
+ * replay_log.c: adapt to changed kadm5_log_foreach
+
+ * log.c (kadm5_log_foreach): change to take a
+ `kadm5_server_context'
+
+ * init_c.c: use krb5_warn{,x}
+
+ * dump_log.c: adapt to changed kadm5_log_foreach
+
+ * init_c.c: re-write to use getaddrinfo
+ * Makefile.am (install-build-headers): add dependency
+
+1999-12-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * log.c (kadm5_log_foreach): pass context
+
+ * dump_log.c: print more interesting things
+
+1999-12-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * ipropd_master.c (process_msg): check for short reads
+
+1999-11-25 Assar Westerlund <assar at sics.se>
+
+ * modify_s.c (kadm5_s_modify_principal): support key_data
+ (kadm5_s_modify_principal_with_key): remove
+
+ * admin.h (kadm5_s_modify_principal_with_key): remove
+
+1999-11-20 Assar Westerlund <assar at sics.se>
+
+ * context_s.c (find_db_spec): ugly cast work-around.
+
+1999-11-14 Assar Westerlund <assar at sics.se>
+
+ * context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
+ that we aren't dependent on the layout of krb5_context_data
+ * init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
+ we aren't dependent on the layout of krb5_context_data
+
+1999-11-13 Assar Westerlund <assar at sics.se>
+
+ * password_quality.c (kadm5_setup_passwd_quality_check): use
+ correct types for function pointers
+
+1999-11-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * randkey_s.c: always bail out if the fetch fails
+
+ * admin.h (kadm5_config_params): remove fields we're not using
+
+ * ipropd_slave.c: allow passing a realm
+
+ * ipropd_master.c: allow passing a realm
+
+ * dump_log.c: allow passing a realm
+
+ * acl.c: correctly get acl file
+
+ * private.h (kadm5_server_context): add config_params struct and
+ remove acl_file; bump protocol version number
+
+ * marshall.c: marshalling of config parameters
+
+ * init_c.c (kadm5_c_init_with_context): try to cope with old
+ servers
+
+ * init_s.c (kadm5_s_init_with_context): actually use some passed
+ values
+
+ * context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
+ stash_file from the config parameters, try to figure out these if
+ they're not provided
+
+1999-11-05 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (install-build-headers): use `cp' instead of
+ INSTALL_DATA
+
+1999-11-04 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
+ directly in libkrb5's context - bad functions)
+
+ * set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
+ the copied keys
+
+1999-10-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version of kadm5srv to 3:0:2 (new password
+ quality functions).
+ set version of kdam5clnt to 2:1:1 (no interface changes)
+
+ * Makefile.am (LDADD): add $(LIB_dlopen)
+
+1999-10-17 Assar Westerlund <assar at sics.se>
+
+ * randkey_s.c (kadm5_s_randkey_principal): use
+ _kadm5_set_keys_randomly
+
+ * set_keys.c (free_keys): free more memory
+ (_kadm5_set_keys): a little bit more generic
+ (_kadm5_set_keys_randomly): new function for setting random keys.
+
+1999-10-14 Assar Westerlund <assar at sics.se>
+
+ * set_keys.c (_kadm5_set_keys): ignore old keys when setting new
+ ones and always add 3 DES keys and one 3DES key
+
+1999-10-03 Assar Westerlund <assar at sics.se>
+
+ * init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
+ check return value from strdup
+
+1999-09-26 Assar Westerlund <assar at sics.se>
+
+ * acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
+ strlcpy
+
+1999-09-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * dump_log.c: remove unused `optind'
+
+ * replay_log.c: remove unused `optind'
+
+1999-09-13 Assar Westerlund <assar at sics.se>
+
+ * chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv
+
+ * send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
+ so that we avoid copying it and don't need to dimension in
+ advance. change all callers.
+
+1999-09-10 Assar Westerlund <assar at sics.se>
+
+ * password_quality.c: new file
+
+ * admin.h
+ (kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
+ add prototypes
+
+ * Makefile.am (S_SOURCES): add password_quality.c
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: update versions to 2:0:1
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
+ and pw_expiration == 0 mean never
+
+1999-07-22 Assar Westerlund <assar at sics.se>
+
+ * log.c (kadm5_log_flush): extra cast
+
+1999-07-07 Assar Westerlund <assar at sics.se>
+
+ * marshall.c (store_principal_ent): encoding princ_expire_time and
+ pw_expiration in correct order
+
+1999-06-28 Assar Westerlund <assar at sics.se>
+
+ * randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
+ otherwise hdb will think that the new random keys are already
+ encrypted which will cause lots of confusion later.
+
+1999-06-23 Assar Westerlund <assar at sics.se>
+
+ * ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
+ correctly. From Michal Vocu <michal at karlin.mff.cuni.cz>
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * init_c.c (get_cred_cache): use get_default_username
+
+1999-05-23 Assar Westerlund <assar at sics.se>
+
+ * create_s.c (create_principal): if there's no default entry the
+ mask should be zero.
+
+1999-05-21 Assar Westerlund <assar at sics.se>
+
+ * init_c.c (get_cred_cache): use $USERNAME
+
+1999-05-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * init_c.c (get_cred_cache): figure out principal
+
+1999-05-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * send_recv.c: cleanup _kadm5_client_{send,recv}
+
+1999-05-04 Assar Westerlund <assar at sics.se>
+
+ * set_keys.c (_kadm5_set_keys2): don't check the recently created
+ memory for NULL pointers
+
+ * private.h (_kadm5_setup_entry): change prototype
+
+ * modify_s.c: call new _kadm5_setup_entry
+
+ * ent_setup.c (_kadm5_setup_entry): change so that it takes three
+ masks, one for what bits to set and one for each of principal and
+ def containing the bits that are set there.
+
+ * create_s.c: call new _kadm5_setup_entry
+
+ * create_s.c (get_default): check return value
+ (create_principal): send wider mask to _kadm5_setup_entry
+
+1999-05-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * send_recv.c (_kadm5_client_recv): handle arbitrarily sized
+ packets, check for errors
+
+ * get_c.c: check for failure from _kadm5_client_{send,recv}
+
+1999-05-04 Assar Westerlund <assar at sics.se>
+
+ * init_c.c (get_new_cache): don't abort when interrupted from
+ password prompt
+
+ * destroy_c.c (kadm5_c_destroy): check if we should destroy the
+ auth context
+
+1999-05-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * chpass_s.c: fix arguments to _kadm5_set_keys2
+
+ * private.h: proto
+
+ * set_keys.c: clear mkvno
+
+ * rename_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * randkey_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * modify_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * log.c: add flags to fetch and store; seal keys before logging
+
+ * get_s.c: add flags to fetch and store; seal keys before logging
+
+ * get_princs_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * delete_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * create_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * chpass_s.c: add flags to fetch and store; seal keys before
+ logging
+
+ * Makefile.am: remove server.c
+
+ * admin.h: add prototypes
+
+ * ent_setup.c (_kadm5_setup_entry): set key_data
+
+ * set_keys.c: add _kadm5_set_keys2 to sey keys from key_data
+
+ * modify_s.c: add kadm5_s_modify_principal_with_key
+
+ * create_s.c: add kadm5_s_create_principal_with_key
+
+ * chpass_s.c: add kadm5_s_chpass_principal_with_key
+
+ * kadm5_locl.h: move stuff to private.h
+
+ * private.h: move stuff from kadm5_locl.h
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,192 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SLC = $(top_builddir)/lib/sl/slc
+
+lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
+libkadm5srv_la_LDFLAGS = -version-info 8:1:0
+libkadm5clnt_la_LDFLAGS = -version-info 7:1:0
+
+if versionscript
+libkadm5srv_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+
+sbin_PROGRAMS = iprop-log
+check_PROGRAMS = default_keys
+noinst_PROGRAMS = test_pw_quality
+
+noinst_LTLIBRARIES = sample_passwd_check.la
+
+sample_passwd_check_la_SOURCES = sample_passwd_check.c
+sample_passwd_check_la_LDFLAGS = -module
+
+libkadm5srv_la_LIBADD = \
+ $(LIB_com_err) ../krb5/libkrb5.la \
+ ../hdb/libhdb.la $(LIBADD_roken)
+libkadm5clnt_la_LIBADD = \
+ $(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken)
+
+libexec_PROGRAMS = ipropd-master ipropd-slave
+
+default_keys_SOURCES = default_keys.c
+
+kadm5includedir = $(includedir)/kadm5
+buildkadm5include = $(buildinclude)/kadm5
+
+dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
+nodist_kadm5include_HEADERS = kadm5_err.h
+
+install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
+ @foo='$(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo "cp $$file $(buildkadm5include)/$$f";\
+ cp $$file $(buildkadm5include)/$$f; \
+ fi ; \
+ done
+
+dist_libkadm5clnt_la_SOURCES = \
+ ad.c \
+ chpass_c.c \
+ client_glue.c \
+ common_glue.c \
+ create_c.c \
+ delete_c.c \
+ destroy_c.c \
+ flush_c.c \
+ free.c \
+ get_c.c \
+ get_princs_c.c \
+ init_c.c \
+ kadm5_locl.h \
+ marshall.c \
+ modify_c.c \
+ private.h \
+ privs_c.c \
+ randkey_c.c \
+ rename_c.c \
+ send_recv.c \
+ kadm5-pwcheck.h \
+ admin.h
+
+nodist_libkadm5clnt_la_SOURCES = \
+ kadm5_err.c \
+ kadm5_err.h
+
+dist_libkadm5srv_la_SOURCES = \
+ acl.c \
+ admin.h \
+ bump_pw_expire.c \
+ chpass_s.c \
+ common_glue.c \
+ context_s.c \
+ create_s.c \
+ delete_s.c \
+ destroy_s.c \
+ ent_setup.c \
+ error.c \
+ flush_s.c \
+ free.c \
+ get_princs_s.c \
+ get_s.c \
+ init_s.c \
+ kadm5_locl.h \
+ keys.c \
+ log.c \
+ marshall.c \
+ modify_s.c \
+ password_quality.c \
+ private.h \
+ privs_s.c \
+ randkey_s.c \
+ rename_s.c \
+ server_glue.c \
+ set_keys.c \
+ set_modifier.c \
+ kadm5-pwcheck.h \
+ admin.h
+
+nodist_libkadm5srv_la_SOURCES = \
+ kadm5_err.c \
+ kadm5_err.h
+
+dist_iprop_log_SOURCES = iprop-log.c
+nodist_iprop_log_SOURCES = iprop-commands.c
+
+ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h
+
+ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h
+
+man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
+
+LDADD = \
+ libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(DBLIB) \
+ $(LIB_dlopen) \
+ $(LIB_pidfile)
+
+iprop_log_LDADD = \
+ libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_readline) \
+ $(LIB_roken) \
+ $(DBLIB) \
+ $(LIB_dlopen) \
+ $(LIB_pidfile)
+
+
+iprop-commands.c iprop-commands.h: iprop-commands.in
+ $(SLC) $(srcdir)/iprop-commands.in
+
+$(libkadm5srv_la_OBJECTS): kadm5_err.h
+$(iprop_log_OBJECTS): iprop-commands.h
+
+client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
+
+CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c
+
+# to help stupid solaris make
+
+kadm5_err.h: kadm5_err.et
+
+$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
+
+proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
+$(srcdir)/kadm5-protos.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
+ -o kadm5-protos.h \
+ $(dist_libkadm5clnt_la_SOURCES) \
+ $(dist_libkadm5srv_la_SOURCES) \
+ || rm -f kadm5-protos.h
+
+$(srcdir)/kadm5-private.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
+ -p kadm5-private.h \
+ $(dist_libkadm5clnt_la_SOURCES) \
+ $(dist_libkadm5srv_la_SOURCES) \
+ || rm -f kadm5-private.h
+
+EXTRA_DIST = \
+ kadm5_err.et \
+ iprop-commands.in \
+ $(man_MANS) \
+ check-cracklib.pl \
+ flush.c \
+ sample_passwd_check.c \
+ version-script.map
Added: vendor-crypto/heimdal/dist/lib/kadm5/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1293 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(dist_kadm5include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+ at versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+sbin_PROGRAMS = iprop-log$(EXEEXT)
+check_PROGRAMS = default_keys$(EXEEXT)
+noinst_PROGRAMS = test_pw_quality$(EXEEXT)
+libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT)
+subdir = lib/kadm5
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \
+ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" \
+ "$(DESTDIR)$(kadm5includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libkadm5clnt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ ../krb5/libkrb5.la $(am__DEPENDENCIES_1)
+dist_libkadm5clnt_la_OBJECTS = ad.lo chpass_c.lo client_glue.lo \
+ common_glue.lo create_c.lo delete_c.lo destroy_c.lo flush_c.lo \
+ free.lo get_c.lo get_princs_c.lo init_c.lo marshall.lo \
+ modify_c.lo privs_c.lo randkey_c.lo rename_c.lo send_recv.lo
+nodist_libkadm5clnt_la_OBJECTS = kadm5_err.lo
+libkadm5clnt_la_OBJECTS = $(dist_libkadm5clnt_la_OBJECTS) \
+ $(nodist_libkadm5clnt_la_OBJECTS)
+libkadm5clnt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libkadm5clnt_la_LDFLAGS) $(LDFLAGS) -o $@
+libkadm5srv_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \
+ ../hdb/libhdb.la $(am__DEPENDENCIES_1)
+dist_libkadm5srv_la_OBJECTS = acl.lo bump_pw_expire.lo chpass_s.lo \
+ common_glue.lo context_s.lo create_s.lo delete_s.lo \
+ destroy_s.lo ent_setup.lo error.lo flush_s.lo free.lo \
+ get_princs_s.lo get_s.lo init_s.lo keys.lo log.lo marshall.lo \
+ modify_s.lo password_quality.lo privs_s.lo randkey_s.lo \
+ rename_s.lo server_glue.lo set_keys.lo set_modifier.lo
+nodist_libkadm5srv_la_OBJECTS = kadm5_err.lo
+libkadm5srv_la_OBJECTS = $(dist_libkadm5srv_la_OBJECTS) \
+ $(nodist_libkadm5srv_la_OBJECTS)
+libkadm5srv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libkadm5srv_la_LDFLAGS) $(LDFLAGS) -o $@
+sample_passwd_check_la_LIBADD =
+am_sample_passwd_check_la_OBJECTS = sample_passwd_check.lo
+sample_passwd_check_la_OBJECTS = $(am_sample_passwd_check_la_OBJECTS)
+sample_passwd_check_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(sample_passwd_check_la_LDFLAGS) $(LDFLAGS) -o $@
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS)
+am_default_keys_OBJECTS = default_keys.$(OBJEXT)
+default_keys_OBJECTS = $(am_default_keys_OBJECTS)
+default_keys_LDADD = $(LDADD)
+default_keys_DEPENDENCIES = libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+dist_iprop_log_OBJECTS = iprop-log.$(OBJEXT)
+nodist_iprop_log_OBJECTS = iprop-commands.$(OBJEXT)
+iprop_log_OBJECTS = $(dist_iprop_log_OBJECTS) \
+ $(nodist_iprop_log_OBJECTS)
+iprop_log_DEPENDENCIES = libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) \
+ ipropd_common.$(OBJEXT)
+ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS)
+ipropd_master_LDADD = $(LDADD)
+ipropd_master_DEPENDENCIES = libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) \
+ ipropd_common.$(OBJEXT)
+ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS)
+ipropd_slave_LDADD = $(LDADD)
+ipropd_slave_DEPENDENCIES = libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+test_pw_quality_SOURCES = test_pw_quality.c
+test_pw_quality_OBJECTS = test_pw_quality.$(OBJEXT)
+test_pw_quality_LDADD = $(LDADD)
+test_pw_quality_DEPENDENCIES = libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(dist_libkadm5clnt_la_SOURCES) \
+ $(nodist_libkadm5clnt_la_SOURCES) \
+ $(dist_libkadm5srv_la_SOURCES) \
+ $(nodist_libkadm5srv_la_SOURCES) \
+ $(sample_passwd_check_la_SOURCES) $(default_keys_SOURCES) \
+ $(dist_iprop_log_SOURCES) $(nodist_iprop_log_SOURCES) \
+ $(ipropd_master_SOURCES) $(ipropd_slave_SOURCES) \
+ test_pw_quality.c
+DIST_SOURCES = $(dist_libkadm5clnt_la_SOURCES) \
+ $(dist_libkadm5srv_la_SOURCES) \
+ $(sample_passwd_check_la_SOURCES) $(default_keys_SOURCES) \
+ $(dist_iprop_log_SOURCES) $(ipropd_master_SOURCES) \
+ $(ipropd_slave_SOURCES) test_pw_quality.c
+man3dir = $(mandir)/man3
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+dist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SLC = $(top_builddir)/lib/sl/slc
+lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la
+libkadm5srv_la_LDFLAGS = -version-info 8:1:0 $(am__append_1)
+libkadm5clnt_la_LDFLAGS = -version-info 7:1:0
+noinst_LTLIBRARIES = sample_passwd_check.la
+sample_passwd_check_la_SOURCES = sample_passwd_check.c
+sample_passwd_check_la_LDFLAGS = -module
+libkadm5srv_la_LIBADD = \
+ $(LIB_com_err) ../krb5/libkrb5.la \
+ ../hdb/libhdb.la $(LIBADD_roken)
+
+libkadm5clnt_la_LIBADD = \
+ $(LIB_com_err) ../krb5/libkrb5.la $(LIBADD_roken)
+
+default_keys_SOURCES = default_keys.c
+kadm5includedir = $(includedir)/kadm5
+buildkadm5include = $(buildinclude)/kadm5
+dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
+nodist_kadm5include_HEADERS = kadm5_err.h
+dist_libkadm5clnt_la_SOURCES = \
+ ad.c \
+ chpass_c.c \
+ client_glue.c \
+ common_glue.c \
+ create_c.c \
+ delete_c.c \
+ destroy_c.c \
+ flush_c.c \
+ free.c \
+ get_c.c \
+ get_princs_c.c \
+ init_c.c \
+ kadm5_locl.h \
+ marshall.c \
+ modify_c.c \
+ private.h \
+ privs_c.c \
+ randkey_c.c \
+ rename_c.c \
+ send_recv.c \
+ kadm5-pwcheck.h \
+ admin.h
+
+nodist_libkadm5clnt_la_SOURCES = \
+ kadm5_err.c \
+ kadm5_err.h
+
+dist_libkadm5srv_la_SOURCES = \
+ acl.c \
+ admin.h \
+ bump_pw_expire.c \
+ chpass_s.c \
+ common_glue.c \
+ context_s.c \
+ create_s.c \
+ delete_s.c \
+ destroy_s.c \
+ ent_setup.c \
+ error.c \
+ flush_s.c \
+ free.c \
+ get_princs_s.c \
+ get_s.c \
+ init_s.c \
+ kadm5_locl.h \
+ keys.c \
+ log.c \
+ marshall.c \
+ modify_s.c \
+ password_quality.c \
+ private.h \
+ privs_s.c \
+ randkey_s.c \
+ rename_s.c \
+ server_glue.c \
+ set_keys.c \
+ set_modifier.c \
+ kadm5-pwcheck.h \
+ admin.h
+
+nodist_libkadm5srv_la_SOURCES = \
+ kadm5_err.c \
+ kadm5_err.h
+
+dist_iprop_log_SOURCES = iprop-log.c
+nodist_iprop_log_SOURCES = iprop-commands.c
+ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h
+ipropd_slave_SOURCES = ipropd_slave.c ipropd_common.c iprop.h kadm5_locl.h
+man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
+LDADD = \
+ libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(LIB_roken) \
+ $(DBLIB) \
+ $(LIB_dlopen) \
+ $(LIB_pidfile)
+
+iprop_log_LDADD = \
+ libkadm5srv.la \
+ $(top_builddir)/lib/hdb/libhdb.la \
+ $(LIB_openldap) \
+ $(top_builddir)/lib/krb5/libkrb5.la \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/sl/libsl.la \
+ $(LIB_readline) \
+ $(LIB_roken) \
+ $(DBLIB) \
+ $(LIB_dlopen) \
+ $(LIB_pidfile)
+
+CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c
+proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment
+EXTRA_DIST = \
+ kadm5_err.et \
+ iprop-commands.in \
+ $(man_MANS) \
+ check-cracklib.pl \
+ flush.c \
+ sample_passwd_check.c \
+ version-script.map
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/kadm5/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/kadm5/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libkadm5clnt.la: $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_DEPENDENCIES)
+ $(libkadm5clnt_la_LINK) -rpath $(libdir) $(libkadm5clnt_la_OBJECTS) $(libkadm5clnt_la_LIBADD) $(LIBS)
+libkadm5srv.la: $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_DEPENDENCIES)
+ $(libkadm5srv_la_LINK) -rpath $(libdir) $(libkadm5srv_la_OBJECTS) $(libkadm5srv_la_LIBADD) $(LIBS)
+sample_passwd_check.la: $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_DEPENDENCIES)
+ $(sample_passwd_check_la_LINK) $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_LIBADD) $(LIBS)
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+ done
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+ done
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+default_keys$(EXEEXT): $(default_keys_OBJECTS) $(default_keys_DEPENDENCIES)
+ @rm -f default_keys$(EXEEXT)
+ $(LINK) $(default_keys_OBJECTS) $(default_keys_LDADD) $(LIBS)
+iprop-log$(EXEEXT): $(iprop_log_OBJECTS) $(iprop_log_DEPENDENCIES)
+ @rm -f iprop-log$(EXEEXT)
+ $(LINK) $(iprop_log_OBJECTS) $(iprop_log_LDADD) $(LIBS)
+ipropd-master$(EXEEXT): $(ipropd_master_OBJECTS) $(ipropd_master_DEPENDENCIES)
+ @rm -f ipropd-master$(EXEEXT)
+ $(LINK) $(ipropd_master_OBJECTS) $(ipropd_master_LDADD) $(LIBS)
+ipropd-slave$(EXEEXT): $(ipropd_slave_OBJECTS) $(ipropd_slave_DEPENDENCIES)
+ @rm -f ipropd-slave$(EXEEXT)
+ $(LINK) $(ipropd_slave_OBJECTS) $(ipropd_slave_LDADD) $(LIBS)
+test_pw_quality$(EXEEXT): $(test_pw_quality_OBJECTS) $(test_pw_quality_DEPENDENCIES)
+ @rm -f test_pw_quality$(EXEEXT)
+ $(LINK) $(test_pw_quality_OBJECTS) $(test_pw_quality_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man3: $(man3_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+uninstall-man3:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+install-dist_kadm5includeHEADERS: $(dist_kadm5include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)"
+ @list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(dist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \
+ $(dist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \
+ done
+
+uninstall-dist_kadm5includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \
+ done
+install-nodist_kadm5includeHEADERS: $(nodist_kadm5include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)"
+ @list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \
+ $(nodist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \
+ done
+
+uninstall-nodist_kadm5includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
+ all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" "$(DESTDIR)$(kadm5includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libexecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
+ clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_kadm5includeHEADERS install-man \
+ install-nodist_kadm5includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \
+ install-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man3 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_kadm5includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
+ uninstall-man uninstall-nodist_kadm5includeHEADERS \
+ uninstall-sbinPROGRAMS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man3 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libexecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
+ clean-noinstPROGRAMS clean-sbinPROGRAMS ctags dist-hook \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook \
+ install-dist_kadm5includeHEADERS install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-libexecPROGRAMS install-man \
+ install-man3 install-man8 install-nodist_kadm5includeHEADERS \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-sbinPROGRAMS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-dist_kadm5includeHEADERS \
+ uninstall-hook uninstall-libLTLIBRARIES \
+ uninstall-libexecPROGRAMS uninstall-man uninstall-man3 \
+ uninstall-man8 uninstall-nodist_kadm5includeHEADERS \
+ uninstall-sbinPROGRAMS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
+ @foo='$(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildkadm5include)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo "cp $$file $(buildkadm5include)/$$f";\
+ cp $$file $(buildkadm5include)/$$f; \
+ fi ; \
+ done
+
+iprop-commands.c iprop-commands.h: iprop-commands.in
+ $(SLC) $(srcdir)/iprop-commands.in
+
+$(libkadm5srv_la_OBJECTS): kadm5_err.h
+$(iprop_log_OBJECTS): iprop-commands.h
+
+client_glue.lo server_glue.lo: $(srcdir)/common_glue.c
+
+# to help stupid solaris make
+
+kadm5_err.h: kadm5_err.et
+
+$(libkadm5clnt_la_OBJECTS) $(libkadm5srv_la_OBJECTS): $(srcdir)/kadm5-protos.h $(srcdir)/kadm5-private.h
+$(srcdir)/kadm5-protos.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
+ -o kadm5-protos.h \
+ $(dist_libkadm5clnt_la_SOURCES) \
+ $(dist_libkadm5srv_la_SOURCES) \
+ || rm -f kadm5-protos.h
+
+$(srcdir)/kadm5-private.h:
+ cd $(srcdir); perl ../../cf/make-proto.pl $(proto_opts) \
+ -p kadm5-private.h \
+ $(dist_libkadm5clnt_la_SOURCES) \
+ $(dist_libkadm5srv_la_SOURCES) \
+ || rm -f kadm5-private.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/kadm5/acl.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/acl.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/acl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: acl.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static struct units acl_units[] = {
+ { "all", KADM5_PRIV_ALL },
+ { "change-password",KADM5_PRIV_CPW },
+ { "cpw", KADM5_PRIV_CPW },
+ { "list", KADM5_PRIV_LIST },
+ { "delete", KADM5_PRIV_DELETE },
+ { "modify", KADM5_PRIV_MODIFY },
+ { "add", KADM5_PRIV_ADD },
+ { "get", KADM5_PRIV_GET },
+ { NULL }
+};
+
+kadm5_ret_t
+_kadm5_string_to_privs(const char *s, uint32_t* privs)
+{
+ int flags;
+ flags = parse_flags(s, acl_units, 0);
+ if(flags < 0)
+ return KADM5_FAILURE;
+ *privs = flags;
+ return 0;
+}
+
+kadm5_ret_t
+_kadm5_privs_to_string(uint32_t privs, char *string, size_t len)
+{
+ if(privs == 0)
+ strlcpy(string, "none", len);
+ else
+ unparse_flags(privs, acl_units + 1, string, len);
+ return 0;
+}
+
+/*
+ * retrieve the right for the current caller on `princ' (NULL means all)
+ * and store them in `ret_flags'
+ * return 0 or an error.
+ */
+
+static kadm5_ret_t
+fetch_acl (kadm5_server_context *context,
+ krb5_const_principal princ,
+ unsigned *ret_flags)
+{
+ FILE *f;
+ krb5_error_code ret = 0;
+ char buf[256];
+
+ *ret_flags = 0;
+
+ /* no acl file -> no rights */
+ f = fopen(context->config.acl_file, "r");
+ if (f == NULL)
+ return 0;
+
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ char *foo = NULL, *p;
+ krb5_principal this_princ;
+ unsigned flags = 0;
+
+ p = strtok_r(buf, " \t\n", &foo);
+ if(p == NULL)
+ continue;
+ if (*p == '#') /* comment */
+ continue;
+ ret = krb5_parse_name(context->context, p, &this_princ);
+ if(ret)
+ break;
+ if(!krb5_principal_compare(context->context,
+ context->caller, this_princ)) {
+ krb5_free_principal(context->context, this_princ);
+ continue;
+ }
+ krb5_free_principal(context->context, this_princ);
+ p = strtok_r(NULL, " \t\n", &foo);
+ if(p == NULL)
+ continue;
+ ret = _kadm5_string_to_privs(p, &flags);
+ if (ret)
+ break;
+ p = strtok_r(NULL, " \t\n", &foo);
+ if (p == NULL) {
+ *ret_flags = flags;
+ break;
+ }
+ if (princ != NULL) {
+ krb5_principal pattern_princ;
+ krb5_boolean match;
+
+ ret = krb5_parse_name (context->context, p, &pattern_princ);
+ if (ret)
+ break;
+ match = krb5_principal_match (context->context,
+ princ, pattern_princ);
+ krb5_free_principal (context->context, pattern_princ);
+ if (match) {
+ *ret_flags = flags;
+ break;
+ }
+ }
+ }
+ fclose(f);
+ return ret;
+}
+
+/*
+ * set global acl flags in `context' for the current caller.
+ * return 0 on success or an error
+ */
+
+kadm5_ret_t
+_kadm5_acl_init(kadm5_server_context *context)
+{
+ krb5_principal princ;
+ krb5_error_code ret;
+
+ ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ);
+ if (ret)
+ return ret;
+ ret = krb5_principal_compare(context->context, context->caller, princ);
+ krb5_free_principal(context->context, princ);
+ if(ret != 0) {
+ context->acl_flags = KADM5_PRIV_ALL;
+ return 0;
+ }
+
+ return fetch_acl (context, NULL, &context->acl_flags);
+}
+
+/*
+ * check if `flags' allows `op'
+ * return 0 if OK or an error
+ */
+
+static kadm5_ret_t
+check_flags (unsigned op,
+ unsigned flags)
+{
+ unsigned res = ~flags & op;
+
+ if(res & KADM5_PRIV_GET)
+ return KADM5_AUTH_GET;
+ if(res & KADM5_PRIV_ADD)
+ return KADM5_AUTH_ADD;
+ if(res & KADM5_PRIV_MODIFY)
+ return KADM5_AUTH_MODIFY;
+ if(res & KADM5_PRIV_DELETE)
+ return KADM5_AUTH_DELETE;
+ if(res & KADM5_PRIV_CPW)
+ return KADM5_AUTH_CHANGEPW;
+ if(res & KADM5_PRIV_LIST)
+ return KADM5_AUTH_LIST;
+ if(res)
+ return KADM5_AUTH_INSUFFICIENT;
+ return 0;
+}
+
+/*
+ * return 0 if the current caller in `context' is allowed to perform
+ * `op' on `princ' and otherwise an error
+ * princ == NULL if it's not relevant.
+ */
+
+kadm5_ret_t
+_kadm5_acl_check_permission(kadm5_server_context *context,
+ unsigned op,
+ krb5_const_principal princ)
+{
+ kadm5_ret_t ret;
+ unsigned princ_flags;
+
+ ret = check_flags (op, context->acl_flags);
+ if (ret == 0)
+ return ret;
+ ret = fetch_acl (context, princ, &princ_flags);
+ if (ret)
+ return ret;
+ return check_flags (op, princ_flags);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/ad.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/ad.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/ad.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1449 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define HAVE_TSASL 1
+
+#include "kadm5_locl.h"
+#if 1
+#undef OPENLDAP
+#undef HAVE_TSASL
+#endif
+#ifdef OPENLDAP
+#include <ldap.h>
+#ifdef HAVE_TSASL
+#include <tsasl.h>
+#endif
+#include <resolve.h>
+#include <base64.h>
+#endif
+
+RCSID("$Id: ad.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifdef OPENLDAP
+
+#define CTX2LP(context) ((LDAP *)((context)->ldap_conn))
+#define CTX2BASE(context) ((context)->base_dn)
+
+/*
+ * userAccountControl
+ */
+
+#define UF_SCRIPT 0x00000001
+#define UF_ACCOUNTDISABLE 0x00000002
+#define UF_UNUSED_0 0x00000004
+#define UF_HOMEDIR_REQUIRED 0x00000008
+#define UF_LOCKOUT 0x00000010
+#define UF_PASSWD_NOTREQD 0x00000020
+#define UF_PASSWD_CANT_CHANGE 0x00000040
+#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000080
+#define UF_TEMP_DUPLICATE_ACCOUNT 0x00000100
+#define UF_NORMAL_ACCOUNT 0x00000200
+#define UF_UNUSED_1 0x00000400
+#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x00000800
+#define UF_WORKSTATION_TRUST_ACCOUNT 0x00001000
+#define UF_SERVER_TRUST_ACCOUNT 0x00002000
+#define UF_UNUSED_2 0x00004000
+#define UF_UNUSED_3 0x00008000
+#define UF_PASSWD_NOT_EXPIRE 0x00010000
+#define UF_MNS_LOGON_ACCOUNT 0x00020000
+#define UF_SMARTCARD_REQUIRED 0x00040000
+#define UF_TRUSTED_FOR_DELEGATION 0x00080000
+#define UF_NOT_DELEGATED 0x00100000
+#define UF_USE_DES_KEY_ONLY 0x00200000
+#define UF_DONT_REQUIRE_PREAUTH 0x00400000
+#define UF_UNUSED_4 0x00800000
+#define UF_UNUSED_5 0x01000000
+#define UF_UNUSED_6 0x02000000
+#define UF_UNUSED_7 0x04000000
+#define UF_UNUSED_8 0x08000000
+#define UF_UNUSED_9 0x10000000
+#define UF_UNUSED_10 0x20000000
+#define UF_UNUSED_11 0x40000000
+#define UF_UNUSED_12 0x80000000
+
+/*
+ *
+ */
+
+#ifndef HAVE_TSASL
+static int
+sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *interact)
+{
+ return LDAP_SUCCESS;
+}
+#endif
+
+#if 0
+static Sockbuf_IO ldap_tsasl_io = {
+ NULL, /* sbi_setup */
+ NULL, /* sbi_remove */
+ NULL, /* sbi_ctrl */
+ NULL, /* sbi_read */
+ NULL, /* sbi_write */
+ NULL /* sbi_close */
+};
+#endif
+
+#ifdef HAVE_TSASL
+static int
+ldap_tsasl_bind_s(LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAPControl **serverControls,
+ LDAPControl **clientControls,
+ const char *host)
+{
+ char *attrs[] = { "supportedSASLMechanisms", NULL };
+ struct tsasl_peer *peer = NULL;
+ struct tsasl_buffer in, out;
+ struct berval ccred, *scred;
+ LDAPMessage *m, *m0;
+ const char *mech;
+ char **vals;
+ int ret, rc;
+
+ ret = tsasl_peer_init(TSASL_FLAGS_INITIATOR | TSASL_FLAGS_CLEAR,
+ "ldap", host, &peer);
+ if (ret != TSASL_DONE) {
+ rc = LDAP_LOCAL_ERROR;
+ goto out;
+ }
+
+ rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &m0);
+ if (rc != LDAP_SUCCESS)
+ goto out;
+
+ m = ldap_first_entry(ld, m0);
+ if (m == NULL) {
+ ldap_msgfree(m0);
+ goto out;
+ }
+
+ vals = ldap_get_values(ld, m, "supportedSASLMechanisms");
+ if (vals == NULL) {
+ ldap_msgfree(m0);
+ goto out;
+ }
+
+ ret = tsasl_find_best_mech(peer, vals, &mech);
+ if (ret) {
+ ldap_msgfree(m0);
+ goto out;
+ }
+
+ ldap_msgfree(m0);
+
+ ret = tsasl_select_mech(peer, mech);
+ if (ret != TSASL_DONE) {
+ rc = LDAP_LOCAL_ERROR;
+ goto out;
+ }
+
+ in.tb_data = NULL;
+ in.tb_size = 0;
+
+ do {
+ ret = tsasl_request(peer, &in, &out);
+ if (in.tb_size != 0) {
+ free(in.tb_data);
+ in.tb_data = NULL;
+ in.tb_size = 0;
+ }
+ if (ret != TSASL_DONE && ret != TSASL_CONTINUE) {
+ rc = LDAP_AUTH_UNKNOWN;
+ goto out;
+ }
+
+ ccred.bv_val = out.tb_data;
+ ccred.bv_len = out.tb_size;
+
+ rc = ldap_sasl_bind_s(ld, dn, mech, &ccred,
+ serverControls, clientControls, &scred);
+ tsasl_buffer_free(&out);
+
+ if (rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS) {
+ if(scred && scred->bv_len)
+ ber_bvfree(scred);
+ goto out;
+ }
+
+ in.tb_data = malloc(scred->bv_len);
+ if (in.tb_data == NULL) {
+ rc = LDAP_LOCAL_ERROR;
+ goto out;
+ }
+ memcpy(in.tb_data, scred->bv_val, scred->bv_len);
+ in.tb_size = scred->bv_len;
+ ber_bvfree(scred);
+
+ } while (rc == LDAP_SASL_BIND_IN_PROGRESS);
+
+ out:
+ if (rc == LDAP_SUCCESS) {
+#if 0
+ ber_sockbuf_add_io(ld->ld_conns->lconn_sb, &ldap_tsasl_io,
+ LBER_SBIOD_LEVEL_APPLICATION, peer);
+
+#endif
+ } else if (peer != NULL)
+ tsasl_peer_free(peer);
+
+ return rc;
+}
+#endif /* HAVE_TSASL */
+
+
+static int
+check_ldap(kadm5_ad_context *context, int ret)
+{
+ switch (ret) {
+ case LDAP_SUCCESS:
+ return 0;
+ case LDAP_SERVER_DOWN: {
+ LDAP *lp = CTX2LP(context);
+ ldap_unbind(lp);
+ context->ldap_conn = NULL;
+ free(context->base_dn);
+ context->base_dn = NULL;
+ return 1;
+ }
+ default:
+ return 1;
+ }
+}
+
+/*
+ *
+ */
+
+static void
+laddattr(char ***al, int *attrlen, char *attr)
+{
+ char **a;
+ a = realloc(*al, (*attrlen + 2) * sizeof(**al));
+ if (a == NULL)
+ return;
+ a[*attrlen] = attr;
+ a[*attrlen + 1] = NULL;
+ (*attrlen)++;
+ *al = a;
+}
+
+static kadm5_ret_t
+_kadm5_ad_connect(void *server_handle)
+{
+ kadm5_ad_context *context = server_handle;
+ struct {
+ char *server;
+ int port;
+ } *s, *servers = NULL;
+ int i, num_servers = 0;
+
+ if (context->ldap_conn)
+ return 0;
+
+ {
+ struct dns_reply *r;
+ struct resource_record *rr;
+ char *domain;
+
+ asprintf(&domain, "_ldap._tcp.%s", context->realm);
+ if (domain == NULL) {
+ krb5_set_error_string(context->context, "malloc");
+ return KADM5_NO_SRV;
+ }
+
+ r = dns_lookup(domain, "SRV");
+ free(domain);
+ if (r == NULL) {
+ krb5_set_error_string(context->context, "Didn't find ldap dns");
+ return KADM5_NO_SRV;
+ }
+
+ for (rr = r->head ; rr != NULL; rr = rr->next) {
+ if (rr->type != T_SRV)
+ continue;
+ s = realloc(servers, sizeof(*servers) * (num_servers + 1));
+ if (s == NULL) {
+ krb5_set_error_string(context->context, "malloc");
+ dns_free_data(r);
+ goto fail;
+ }
+ servers = s;
+ num_servers++;
+ servers[num_servers - 1].port = rr->u.srv->port;
+ servers[num_servers - 1].server = strdup(rr->u.srv->target);
+ }
+ dns_free_data(r);
+ }
+
+ if (num_servers == 0) {
+ krb5_set_error_string(context->context, "No AD server found in DNS");
+ return KADM5_NO_SRV;
+ }
+
+ for (i = 0; i < num_servers; i++) {
+ int lret, version = LDAP_VERSION3;
+ LDAP *lp;
+
+ lp = ldap_init(servers[i].server, servers[i].port);
+ if (lp == NULL)
+ continue;
+
+ if (ldap_set_option(lp, LDAP_OPT_PROTOCOL_VERSION, &version)) {
+ ldap_unbind(lp);
+ continue;
+ }
+
+ if (ldap_set_option(lp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) {
+ ldap_unbind(lp);
+ continue;
+ }
+
+#ifdef HAVE_TSASL
+ lret = ldap_tsasl_bind_s(lp, NULL, NULL, NULL, servers[i].server);
+
+#else
+ lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL,
+ LDAP_SASL_QUIET,
+ sasl_interact, NULL);
+#endif
+ if (lret != LDAP_SUCCESS) {
+ krb5_set_error_string(context->context,
+ "Couldn't contact any AD servers: %s",
+ ldap_err2string(lret));
+ ldap_unbind(lp);
+ continue;
+ }
+
+ context->ldap_conn = lp;
+ break;
+ }
+ if (i >= num_servers) {
+ goto fail;
+ }
+
+ {
+ LDAPMessage *m, *m0;
+ char **attr = NULL;
+ int attrlen = 0;
+ char **vals;
+ int ret;
+
+ laddattr(&attr, &attrlen, "defaultNamingContext");
+
+ ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE,
+ "objectclass=*", attr, 0, &m);
+ free(attr);
+ if (check_ldap(context, ret))
+ goto fail;
+
+ if (ldap_count_entries(CTX2LP(context), m) > 0) {
+ m0 = ldap_first_entry(CTX2LP(context), m);
+ if (m0 == NULL) {
+ krb5_set_error_string(context->context,
+ "Error in AD ldap responce");
+ ldap_msgfree(m);
+ goto fail;
+ }
+ vals = ldap_get_values(CTX2LP(context),
+ m0, "defaultNamingContext");
+ if (vals == NULL) {
+ krb5_set_error_string(context->context,
+ "No naming context found");
+ goto fail;
+ }
+ context->base_dn = strdup(vals[0]);
+ } else
+ goto fail;
+ ldap_msgfree(m);
+ }
+
+ for (i = 0; i < num_servers; i++)
+ free(servers[i].server);
+ free(servers);
+
+ return 0;
+
+ fail:
+ for (i = 0; i < num_servers; i++)
+ free(servers[i].server);
+ free(servers);
+
+ if (context->ldap_conn) {
+ ldap_unbind(CTX2LP(context));
+ context->ldap_conn = NULL;
+ }
+ return KADM5_RPC_ERROR;
+}
+
+#define NTTIME_EPOCH 0x019DB1DED53E8000LL
+
+static time_t
+nt2unixtime(const char *str)
+{
+ unsigned long long t;
+ t = strtoll(str, NULL, 10);
+ t = ((t - NTTIME_EPOCH) / (long long)10000000);
+ if (t > (((time_t)(~(long long)0)) >> 1))
+ return 0;
+ return (time_t)t;
+}
+
+static long long
+unix2nttime(time_t unix_time)
+{
+ long long wt;
+ wt = unix_time * (long long)10000000 + (long long)NTTIME_EPOCH;
+ return wt;
+}
+
+/* XXX create filter in a better way */
+
+static int
+ad_find_entry(kadm5_ad_context *context,
+ const char *fqdn,
+ const char *pn,
+ char **name)
+{
+ LDAPMessage *m, *m0;
+ char *attr[] = { "distinguishedName", NULL };
+ char *filter;
+ int ret;
+
+ if (name)
+ *name = NULL;
+
+ if (fqdn)
+ asprintf(&filter,
+ "(&(objectClass=computer)(|(dNSHostName=%s)(servicePrincipalName=%s)))",
+ fqdn, pn);
+ else if(pn)
+ asprintf(&filter, "(&(objectClass=account)(userPrincipalName=%s))", pn);
+ else
+ return KADM5_RPC_ERROR;
+
+ ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
+ LDAP_SCOPE_SUBTREE,
+ filter, attr, 0, &m);
+ free(filter);
+ if (check_ldap(context, ret))
+ return KADM5_RPC_ERROR;
+
+ if (ldap_count_entries(CTX2LP(context), m) > 0) {
+ char **vals;
+ m0 = ldap_first_entry(CTX2LP(context), m);
+ vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName");
+ if (vals == NULL || vals[0] == NULL) {
+ ldap_msgfree(m);
+ return KADM5_RPC_ERROR;
+ }
+ if (name)
+ *name = strdup(vals[0]);
+ ldap_msgfree(m);
+ } else
+ return KADM5_UNK_PRINC;
+
+ return 0;
+}
+
+#endif /* OPENLDAP */
+
+static kadm5_ret_t
+ad_get_cred(kadm5_ad_context *context, const char *password)
+{
+ kadm5_ret_t ret;
+ krb5_ccache cc;
+ char *service;
+
+ if (context->ccache)
+ return 0;
+
+ asprintf(&service, "%s/%s@%s", KRB5_TGS_NAME,
+ context->realm, context->realm);
+ if (service == NULL)
+ return ENOMEM;
+
+ ret = _kadm5_c_get_cred_cache(context->context,
+ context->client_name,
+ service,
+ password, krb5_prompter_posix,
+ NULL, NULL, &cc);
+ free(service);
+ if(ret)
+ return ret; /* XXX */
+ context->ccache = cc;
+ return 0;
+}
+
+static kadm5_ret_t
+kadm5_ad_chpass_principal(void *server_handle,
+ krb5_principal principal,
+ const char *password)
+{
+ kadm5_ad_context *context = server_handle;
+ krb5_data result_code_string, result_string;
+ int result_code;
+ kadm5_ret_t ret;
+
+ ret = ad_get_cred(context, NULL);
+ if (ret)
+ return ret;
+
+ krb5_data_zero (&result_code_string);
+ krb5_data_zero (&result_string);
+
+ ret = krb5_set_password_using_ccache (context->context,
+ context->ccache,
+ password,
+ principal,
+ &result_code,
+ &result_code_string,
+ &result_string);
+
+ krb5_data_free (&result_code_string);
+ krb5_data_free (&result_string);
+
+ /* XXX do mapping here on error codes */
+
+ return ret;
+}
+
+#ifdef OPENLDAP
+static const char *
+get_fqdn(krb5_context context, const krb5_principal p)
+{
+ const char *s, *hosttypes[] = { "host", "ldap", "gc", "cifs", "dns" };
+ int i;
+
+ s = krb5_principal_get_comp_string(context, p, 0);
+ if (p == NULL)
+ return NULL;
+
+ for (i = 0; i < sizeof(hosttypes)/sizeof(hosttypes[0]); i++) {
+ if (strcasecmp(s, hosttypes[i]) == 0)
+ return krb5_principal_get_comp_string(context, p, 1);
+ }
+ return 0;
+}
+#endif
+
+
+static kadm5_ret_t
+kadm5_ad_create_principal(void *server_handle,
+ kadm5_principal_ent_t entry,
+ uint32_t mask,
+ const char *password)
+{
+ kadm5_ad_context *context = server_handle;
+
+ /*
+ * KADM5_PRINC_EXPIRE_TIME
+ *
+ * return 0 || KADM5_DUP;
+ */
+
+#ifdef OPENLDAP
+ LDAPMod *attrs[8], rattrs[7], *a;
+ char *useraccvals[2] = { NULL, NULL },
+ *samvals[2], *dnsvals[2], *spnvals[5], *upnvals[2], *tv[2];
+ char *ocvals_spn[] = { "top", "person", "organizationalPerson",
+ "user", "computer", NULL};
+ char *p, *realmless_p, *p_msrealm = NULL, *dn = NULL;
+ const char *fqdn;
+ char *s, *samname = NULL, *short_spn = NULL;
+ int ret, i;
+ int32_t uf_flags = 0;
+
+ if ((mask & KADM5_PRINCIPAL) == 0)
+ return KADM5_BAD_MASK;
+
+ for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
+ attrs[i] = &rattrs[i];
+ attrs[i] = NULL;
+
+ ret = ad_get_cred(context, NULL);
+ if (ret)
+ return ret;
+
+ ret = _kadm5_ad_connect(server_handle);
+ if (ret)
+ return ret;
+
+ fqdn = get_fqdn(context->context, entry->principal);
+
+ ret = krb5_unparse_name(context->context, entry->principal, &p);
+ if (ret)
+ return ret;
+
+ if (ad_find_entry(context, fqdn, p, NULL) == 0) {
+ free(p);
+ return KADM5_DUP;
+ }
+
+ if (mask & KADM5_ATTRIBUTES) {
+ if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)
+ uf_flags |= UF_ACCOUNTDISABLE|UF_LOCKOUT;
+ if ((entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH) == 0)
+ uf_flags |= UF_DONT_REQUIRE_PREAUTH;
+ if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH)
+ uf_flags |= UF_SMARTCARD_REQUIRED;
+ }
+
+ realmless_p = strdup(p);
+ if (realmless_p == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ s = strrchr(realmless_p, '@');
+ if (s)
+ *s = '\0';
+
+ if (fqdn) {
+ /* create computer account */
+ asprintf(&samname, "%s$", fqdn);
+ if (samname == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ s = strchr(samname, '.');
+ if (s) {
+ s[0] = '$';
+ s[1] = '\0';
+ }
+
+ short_spn = strdup(p);
+ if (short_spn == NULL) {
+ errno = ENOMEM;
+ goto out;
+ }
+ s = strchr(short_spn, '.');
+ if (s) {
+ *s = '\0';
+ } else {
+ free(short_spn);
+ short_spn = NULL;
+ }
+
+ p_msrealm = strdup(p);
+ if (p_msrealm == NULL) {
+ errno = ENOMEM;
+ goto out;
+ }
+ s = strrchr(p_msrealm, '@');
+ if (s) {
+ *s = '/';
+ } else {
+ free(p_msrealm);
+ p_msrealm = NULL;
+ }
+
+ asprintf(&dn, "cn=%s, cn=Computers, %s", fqdn, CTX2BASE(context));
+ if (dn == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ a = &rattrs[0];
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "objectClass";
+ a->mod_values = ocvals_spn;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "userAccountControl";
+ a->mod_values = useraccvals;
+ asprintf(&useraccvals[0], "%d",
+ uf_flags |
+ UF_PASSWD_NOT_EXPIRE |
+ UF_WORKSTATION_TRUST_ACCOUNT);
+ useraccvals[1] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "sAMAccountName";
+ a->mod_values = samvals;
+ samvals[0] = samname;
+ samvals[1] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "dNSHostName";
+ a->mod_values = dnsvals;
+ dnsvals[0] = (char *)fqdn;
+ dnsvals[1] = NULL;
+ a++;
+
+ /* XXX add even more spn's */
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "servicePrincipalName";
+ a->mod_values = spnvals;
+ i = 0;
+ spnvals[i++] = p;
+ spnvals[i++] = realmless_p;
+ if (short_spn)
+ spnvals[i++] = short_spn;
+ if (p_msrealm)
+ spnvals[i++] = p_msrealm;
+ spnvals[i++] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "userPrincipalName";
+ a->mod_values = upnvals;
+ upnvals[0] = p;
+ upnvals[1] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "accountExpires";
+ a->mod_values = tv;
+ tv[0] = "9223372036854775807"; /* "never" */
+ tv[1] = NULL;
+ a++;
+
+ } else {
+ /* create user account */
+
+ a = &rattrs[0];
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "userAccountControl";
+ a->mod_values = useraccvals;
+ asprintf(&useraccvals[0], "%d",
+ uf_flags |
+ UF_PASSWD_NOT_EXPIRE);
+ useraccvals[1] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "sAMAccountName";
+ a->mod_values = samvals;
+ samvals[0] = realmless_p;
+ samvals[1] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "userPrincipalName";
+ a->mod_values = upnvals;
+ upnvals[0] = p;
+ upnvals[1] = NULL;
+ a++;
+
+ a->mod_op = LDAP_MOD_ADD;
+ a->mod_type = "accountExpires";
+ a->mod_values = tv;
+ tv[0] = "9223372036854775807"; /* "never" */
+ tv[1] = NULL;
+ a++;
+ }
+
+ attrs[a - &rattrs[0]] = NULL;
+
+ ret = ldap_add_s(CTX2LP(context), dn, attrs);
+
+ out:
+ if (useraccvals[0])
+ free(useraccvals[0]);
+ if (realmless_p)
+ free(realmless_p);
+ if (samname)
+ free(samname);
+ if (short_spn)
+ free(short_spn);
+ if (p_msrealm)
+ free(p_msrealm);
+ free(p);
+
+ if (check_ldap(context, ret))
+ return KADM5_RPC_ERROR;
+
+ return 0;
+#else
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_delete_principal(void *server_handle, krb5_principal principal)
+{
+ kadm5_ad_context *context = server_handle;
+#ifdef OPENLDAP
+ char *p, *dn = NULL;
+ const char *fqdn;
+ int ret;
+
+ ret = ad_get_cred(context, NULL);
+ if (ret)
+ return ret;
+
+ ret = _kadm5_ad_connect(server_handle);
+ if (ret)
+ return ret;
+
+ fqdn = get_fqdn(context->context, principal);
+
+ ret = krb5_unparse_name(context->context, principal, &p);
+ if (ret)
+ return ret;
+
+ if (ad_find_entry(context, fqdn, p, &dn) != 0) {
+ free(p);
+ return KADM5_UNK_PRINC;
+ }
+
+ ret = ldap_delete_s(CTX2LP(context), dn);
+
+ free(dn);
+ free(p);
+
+ if (check_ldap(context, ret))
+ return KADM5_RPC_ERROR;
+ return 0;
+#else
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_destroy(void *server_handle)
+{
+ kadm5_ad_context *context = server_handle;
+
+ if (context->ccache)
+ krb5_cc_destroy(context->context, context->ccache);
+
+#ifdef OPENLDAP
+ {
+ LDAP *lp = CTX2LP(context);
+ if (lp)
+ ldap_unbind(lp);
+ if (context->base_dn)
+ free(context->base_dn);
+ }
+#endif
+ free(context->realm);
+ free(context->client_name);
+ krb5_free_principal(context->context, context->caller);
+ if(context->my_context)
+ krb5_free_context(context->context);
+ return 0;
+}
+
+static kadm5_ret_t
+kadm5_ad_flush(void *server_handle)
+{
+ kadm5_ad_context *context = server_handle;
+#ifdef OPENLDAP
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#else
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_get_principal(void *server_handle,
+ krb5_principal principal,
+ kadm5_principal_ent_t entry,
+ uint32_t mask)
+{
+ kadm5_ad_context *context = server_handle;
+#ifdef OPENLDAP
+ LDAPMessage *m, *m0;
+ char **attr = NULL;
+ int attrlen = 0;
+ char *filter, *p, *q, *u;
+ int ret;
+
+ /*
+ * principal
+ * KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES
+ */
+
+ /*
+ * return 0 || KADM5_DUP;
+ */
+
+ memset(entry, 0, sizeof(*entry));
+
+ if (mask & KADM5_KVNO)
+ laddattr(&attr, &attrlen, "msDS-KeyVersionNumber");
+
+ if (mask & KADM5_PRINCIPAL) {
+ laddattr(&attr, &attrlen, "userPrincipalName");
+ laddattr(&attr, &attrlen, "servicePrincipalName");
+ }
+ laddattr(&attr, &attrlen, "objectClass");
+ laddattr(&attr, &attrlen, "lastLogon");
+ laddattr(&attr, &attrlen, "badPwdCount");
+ laddattr(&attr, &attrlen, "badPasswordTime");
+ laddattr(&attr, &attrlen, "pwdLastSet");
+ laddattr(&attr, &attrlen, "accountExpires");
+ laddattr(&attr, &attrlen, "userAccountControl");
+
+ krb5_unparse_name_short(context->context, principal, &p);
+ krb5_unparse_name(context->context, principal, &u);
+
+ /* replace @ in domain part with a / */
+ q = strrchr(p, '@');
+ if (q && (p != q && *(q - 1) != '\\'))
+ *q = '/';
+
+ asprintf(&filter,
+ "(|(userPrincipalName=%s)(servicePrincipalName=%s)(servicePrincipalName=%s))",
+ u, p, u);
+ free(p);
+ free(u);
+
+ ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
+ LDAP_SCOPE_SUBTREE,
+ filter, attr, 0, &m);
+ free(attr);
+ if (check_ldap(context, ret))
+ return KADM5_RPC_ERROR;
+
+ if (ldap_count_entries(CTX2LP(context), m) > 0) {
+ char **vals;
+ m0 = ldap_first_entry(CTX2LP(context), m);
+ if (m0 == NULL) {
+ ldap_msgfree(m);
+ goto fail;
+ }
+#if 0
+ vals = ldap_get_values(CTX2LP(context), m0, "servicePrincipalName");
+ if (vals)
+ printf("servicePrincipalName %s\n", vals[0]);
+ vals = ldap_get_values(CTX2LP(context), m0, "userPrincipalName");
+ if (vals)
+ printf("userPrincipalName %s\n", vals[0]);
+ vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
+ if (vals)
+ printf("userAccountControl %s\n", vals[0]);
+#endif
+ entry->princ_expire_time = 0;
+ if (mask & KADM5_PRINC_EXPIRE_TIME) {
+ vals = ldap_get_values(CTX2LP(context), m0, "accountExpires");
+ if (vals)
+ entry->princ_expire_time = nt2unixtime(vals[0]);
+ }
+ entry->last_success = 0;
+ if (mask & KADM5_LAST_SUCCESS) {
+ vals = ldap_get_values(CTX2LP(context), m0, "lastLogon");
+ if (vals)
+ entry->last_success = nt2unixtime(vals[0]);
+ }
+ if (mask & KADM5_LAST_FAILED) {
+ vals = ldap_get_values(CTX2LP(context), m0, "badPasswordTime");
+ if (vals)
+ entry->last_failed = nt2unixtime(vals[0]);
+ }
+ if (mask & KADM5_LAST_PWD_CHANGE) {
+ vals = ldap_get_values(CTX2LP(context), m0, "pwdLastSet");
+ if (vals)
+ entry->last_pwd_change = nt2unixtime(vals[0]);
+ }
+ if (mask & KADM5_FAIL_AUTH_COUNT) {
+ vals = ldap_get_values(CTX2LP(context), m0, "badPwdCount");
+ if (vals)
+ entry->fail_auth_count = atoi(vals[0]);
+ }
+ if (mask & KADM5_ATTRIBUTES) {
+ vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
+ if (vals) {
+ uint32_t i;
+ i = atoi(vals[0]);
+ if (i & (UF_ACCOUNTDISABLE|UF_LOCKOUT))
+ entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+ if ((i & UF_DONT_REQUIRE_PREAUTH) == 0)
+ entry->attributes |= KRB5_KDB_REQUIRES_PRE_AUTH;
+ if (i & UF_SMARTCARD_REQUIRED)
+ entry->attributes |= KRB5_KDB_REQUIRES_HW_AUTH;
+ if ((i & UF_WORKSTATION_TRUST_ACCOUNT) == 0)
+ entry->attributes |= KRB5_KDB_DISALLOW_SVR;
+ }
+ }
+ if (mask & KADM5_KVNO) {
+ vals = ldap_get_values(CTX2LP(context), m0,
+ "msDS-KeyVersionNumber");
+ if (vals)
+ entry->kvno = atoi(vals[0]);
+ else
+ entry->kvno = 0;
+ }
+ ldap_msgfree(m);
+ } else {
+ return KADM5_UNK_PRINC;
+ }
+
+ if (mask & KADM5_PRINCIPAL)
+ krb5_copy_principal(context->context, principal, &entry->principal);
+
+ return 0;
+ fail:
+ return KADM5_RPC_ERROR;
+#else
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_get_principals(void *server_handle,
+ const char *expression,
+ char ***principals,
+ int *count)
+{
+ kadm5_ad_context *context = server_handle;
+
+ /*
+ * KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES
+ */
+
+#ifdef OPENLDAP
+ kadm5_ret_t ret;
+
+ ret = ad_get_cred(context, NULL);
+ if (ret)
+ return ret;
+
+ ret = _kadm5_ad_connect(server_handle);
+ if (ret)
+ return ret;
+
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#else
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_get_privs(void *server_handle, uint32_t*privs)
+{
+ kadm5_ad_context *context = server_handle;
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+}
+
+static kadm5_ret_t
+kadm5_ad_modify_principal(void *server_handle,
+ kadm5_principal_ent_t entry,
+ uint32_t mask)
+{
+ kadm5_ad_context *context = server_handle;
+
+ /*
+ * KADM5_ATTRIBUTES
+ * KRB5_KDB_DISALLOW_ALL_TIX (| KADM5_KVNO)
+ */
+
+#ifdef OPENLDAP
+ LDAPMessage *m = NULL, *m0;
+ kadm5_ret_t ret;
+ char **attr = NULL;
+ int attrlen = 0;
+ char *p = NULL, *s = NULL, *q;
+ char **vals;
+ LDAPMod *attrs[4], rattrs[3], *a;
+ char *uaf[2] = { NULL, NULL };
+ char *kvno[2] = { NULL, NULL };
+ char *tv[2] = { NULL, NULL };
+ char *filter, *dn;
+ int i;
+
+ for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++)
+ attrs[i] = &rattrs[i];
+ attrs[i] = NULL;
+ a = &rattrs[0];
+
+ ret = _kadm5_ad_connect(server_handle);
+ if (ret)
+ return ret;
+
+ if (mask & KADM5_KVNO)
+ laddattr(&attr, &attrlen, "msDS-KeyVersionNumber");
+ if (mask & KADM5_PRINC_EXPIRE_TIME)
+ laddattr(&attr, &attrlen, "accountExpires");
+ if (mask & KADM5_ATTRIBUTES)
+ laddattr(&attr, &attrlen, "userAccountControl");
+ laddattr(&attr, &attrlen, "distinguishedName");
+
+ krb5_unparse_name(context->context, entry->principal, &p);
+
+ s = strdup(p);
+
+ q = strrchr(s, '@');
+ if (q && (p != q && *(q - 1) != '\\'))
+ *q = '\0';
+
+ asprintf(&filter,
+ "(|(userPrincipalName=%s)(servicePrincipalName=%s))",
+ s, s);
+ free(p);
+ free(s);
+
+ ret = ldap_search_s(CTX2LP(context), CTX2BASE(context),
+ LDAP_SCOPE_SUBTREE,
+ filter, attr, 0, &m);
+ free(attr);
+ free(filter);
+ if (check_ldap(context, ret))
+ return KADM5_RPC_ERROR;
+
+ if (ldap_count_entries(CTX2LP(context), m) <= 0) {
+ ret = KADM5_RPC_ERROR;
+ goto out;
+ }
+
+ m0 = ldap_first_entry(CTX2LP(context), m);
+
+ if (mask & KADM5_ATTRIBUTES) {
+ int32_t i;
+
+ vals = ldap_get_values(CTX2LP(context), m0, "userAccountControl");
+ if (vals == NULL) {
+ ret = KADM5_RPC_ERROR;
+ goto out;
+ }
+
+ i = atoi(vals[0]);
+ if (i == 0)
+ return KADM5_RPC_ERROR;
+
+ if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)
+ i |= (UF_ACCOUNTDISABLE|UF_LOCKOUT);
+ else
+ i &= ~(UF_ACCOUNTDISABLE|UF_LOCKOUT);
+ if (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)
+ i &= ~UF_DONT_REQUIRE_PREAUTH;
+ else
+ i |= UF_DONT_REQUIRE_PREAUTH;
+ if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH)
+ i |= UF_SMARTCARD_REQUIRED;
+ else
+ i &= UF_SMARTCARD_REQUIRED;
+ if (entry->attributes & KRB5_KDB_DISALLOW_SVR)
+ i &= ~UF_WORKSTATION_TRUST_ACCOUNT;
+ else
+ i |= UF_WORKSTATION_TRUST_ACCOUNT;
+
+ asprintf(&uaf[0], "%d", i);
+
+ a->mod_op = LDAP_MOD_REPLACE;
+ a->mod_type = "userAccountControl";
+ a->mod_values = uaf;
+ a++;
+ }
+
+ if (mask & KADM5_KVNO) {
+ vals = ldap_get_values(CTX2LP(context), m0, "msDS-KeyVersionNumber");
+ if (vals == NULL) {
+ entry->kvno = 0;
+ } else {
+ asprintf(&kvno[0], "%d", entry->kvno);
+
+ a->mod_op = LDAP_MOD_REPLACE;
+ a->mod_type = "msDS-KeyVersionNumber";
+ a->mod_values = kvno;
+ a++;
+ }
+ }
+
+ if (mask & KADM5_PRINC_EXPIRE_TIME) {
+ long long wt;
+ vals = ldap_get_values(CTX2LP(context), m0, "accountExpires");
+ if (vals == NULL) {
+ ret = KADM5_RPC_ERROR;
+ goto out;
+ }
+
+ wt = unix2nttime(entry->princ_expire_time);
+
+ asprintf(&tv[0], "%llu", wt);
+
+ a->mod_op = LDAP_MOD_REPLACE;
+ a->mod_type = "accountExpires";
+ a->mod_values = tv;
+ a++;
+ }
+
+ vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName");
+ if (vals == NULL) {
+ ret = KADM5_RPC_ERROR;
+ goto out;
+ }
+ dn = vals[0];
+
+ attrs[a - &rattrs[0]] = NULL;
+
+ ret = ldap_modify_s(CTX2LP(context), dn, attrs);
+ if (check_ldap(context, ret))
+ return KADM5_RPC_ERROR;
+
+ out:
+ if (m)
+ ldap_msgfree(m);
+ if (uaf[0])
+ free(uaf[0]);
+ if (kvno[0])
+ free(kvno[0]);
+ if (tv[0])
+ free(tv[0]);
+ return ret;
+#else
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_randkey_principal(void *server_handle,
+ krb5_principal principal,
+ krb5_keyblock **keys,
+ int *n_keys)
+{
+ kadm5_ad_context *context = server_handle;
+
+ /*
+ * random key
+ */
+
+#ifdef OPENLDAP
+ krb5_data result_code_string, result_string;
+ int result_code, plen;
+ kadm5_ret_t ret;
+ char *password;
+
+ *keys = NULL;
+ *n_keys = 0;
+
+ {
+ char p[64];
+ krb5_generate_random_block(p, sizeof(p));
+ plen = base64_encode(p, sizeof(p), &password);
+ if (plen < 0)
+ return ENOMEM;
+ }
+
+ ret = ad_get_cred(context, NULL);
+ if (ret) {
+ free(password);
+ return ret;
+ }
+
+ krb5_data_zero (&result_code_string);
+ krb5_data_zero (&result_string);
+
+ ret = krb5_set_password_using_ccache (context->context,
+ context->ccache,
+ password,
+ principal,
+ &result_code,
+ &result_code_string,
+ &result_string);
+
+ krb5_data_free (&result_code_string);
+ krb5_data_free (&result_string);
+
+ if (ret == 0) {
+
+ *keys = malloc(sizeof(**keys) * 1);
+ if (*keys == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ *n_keys = 1;
+
+ ret = krb5_string_to_key(context->context,
+ ENCTYPE_ARCFOUR_HMAC_MD5,
+ password,
+ principal,
+ &(*keys)[0]);
+ memset(password, 0, sizeof(password));
+ if (ret) {
+ free(*keys);
+ *keys = NULL;
+ *n_keys = 0;
+ goto out;
+ }
+ }
+ memset(password, 0, plen);
+ free(password);
+ out:
+ return ret;
+#else
+ *keys = NULL;
+ *n_keys = 0;
+
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+#endif
+}
+
+static kadm5_ret_t
+kadm5_ad_rename_principal(void *server_handle,
+ krb5_principal from,
+ krb5_principal to)
+{
+ kadm5_ad_context *context = server_handle;
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+}
+
+static kadm5_ret_t
+kadm5_ad_chpass_principal_with_key(void *server_handle,
+ krb5_principal princ,
+ int n_key_data,
+ krb5_key_data *key_data)
+{
+ kadm5_ad_context *context = server_handle;
+ krb5_set_error_string(context->context, "Function not implemented");
+ return KADM5_RPC_ERROR;
+}
+
+static void
+set_funcs(kadm5_ad_context *c)
+{
+#define SET(C, F) (C)->funcs.F = kadm5_ad_ ## F
+ SET(c, chpass_principal);
+ SET(c, chpass_principal_with_key);
+ SET(c, create_principal);
+ SET(c, delete_principal);
+ SET(c, destroy);
+ SET(c, flush);
+ SET(c, get_principal);
+ SET(c, get_principals);
+ SET(c, get_privs);
+ SET(c, modify_principal);
+ SET(c, randkey_principal);
+ SET(c, rename_principal);
+}
+
+kadm5_ret_t
+kadm5_ad_init_with_password_ctx(krb5_context context,
+ const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ kadm5_ret_t ret;
+ kadm5_ad_context *ctx;
+
+ ctx = malloc(sizeof(*ctx));
+ if(ctx == NULL)
+ return ENOMEM;
+ memset(ctx, 0, sizeof(*ctx));
+ set_funcs(ctx);
+
+ ctx->context = context;
+ krb5_add_et_list (context, initialize_kadm5_error_table_r);
+
+ ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
+ if(ret) {
+ free(ctx);
+ return ret;
+ }
+
+ if(realm_params->mask & KADM5_CONFIG_REALM) {
+ ret = 0;
+ ctx->realm = strdup(realm_params->realm);
+ if (ctx->realm == NULL)
+ ret = ENOMEM;
+ } else
+ ret = krb5_get_default_realm(ctx->context, &ctx->realm);
+ if (ret) {
+ free(ctx);
+ return ret;
+ }
+
+ ctx->client_name = strdup(client_name);
+
+ if(password != NULL && *password != '\0')
+ ret = ad_get_cred(ctx, password);
+ else
+ ret = ad_get_cred(ctx, NULL);
+ if(ret) {
+ kadm5_ad_destroy(ctx);
+ return ret;
+ }
+
+#ifdef OPENLDAP
+ ret = _kadm5_ad_connect(ctx);
+ if (ret) {
+ kadm5_ad_destroy(ctx);
+ return ret;
+ }
+#endif
+
+ *server_handle = ctx;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_ad_init_with_password(const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ krb5_context context;
+ kadm5_ret_t ret;
+ kadm5_ad_context *ctx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+ ret = kadm5_ad_init_with_password_ctx(context,
+ client_name,
+ password,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+ if(ret) {
+ krb5_free_context(context);
+ return ret;
+ }
+ ctx = *server_handle;
+ ctx->my_context = 1;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/admin.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/admin.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/admin.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,258 @@
+/*
+ * Copyright (c) 1997-2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: admin.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __KADM5_ADMIN_H__
+#define __KADM5_ADMIN_H__
+
+#define KADM5_API_VERSION_1 1
+#define KADM5_API_VERSION_2 2
+
+#ifndef USE_KADM5_API_VERSION
+#define USE_KADM5_API_VERSION KADM5_API_VERSION_2
+#endif
+
+#if USE_KADM5_API_VERSION != KADM5_API_VERSION_2
+#error No support for API versions other than 2
+#endif
+
+#define KADM5_STRUCT_VERSION 0
+
+#include <krb5.h>
+
+#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
+#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
+#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
+#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008
+#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010
+#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020
+#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040
+#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080
+#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100
+#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200
+#define KRB5_KDB_DISALLOW_SVR 0x00001000
+#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000
+#define KRB5_KDB_SUPPORT_DESMD5 0x00004000
+#define KRB5_KDB_NEW_PRINC 0x00008000
+#define KRB5_KDB_OK_AS_DELEGATE 0x00010000
+#define KRB5_KDB_TRUSTED_FOR_DELEGATION 0x00020000
+#define KRB5_KDB_ALLOW_KERBEROS4 0x00040000
+#define KRB5_KDB_ALLOW_DIGEST 0x00080000
+
+#define KADM5_PRINCIPAL 0x000001
+#define KADM5_PRINC_EXPIRE_TIME 0x000002
+#define KADM5_PW_EXPIRATION 0x000004
+#define KADM5_LAST_PWD_CHANGE 0x000008
+#define KADM5_ATTRIBUTES 0x000010
+#define KADM5_MAX_LIFE 0x000020
+#define KADM5_MOD_TIME 0x000040
+#define KADM5_MOD_NAME 0x000080
+#define KADM5_KVNO 0x000100
+#define KADM5_MKVNO 0x000200
+#define KADM5_AUX_ATTRIBUTES 0x000400
+#define KADM5_POLICY 0x000800
+#define KADM5_POLICY_CLR 0x001000
+#define KADM5_MAX_RLIFE 0x002000
+#define KADM5_LAST_SUCCESS 0x004000
+#define KADM5_LAST_FAILED 0x008000
+#define KADM5_FAIL_AUTH_COUNT 0x010000
+#define KADM5_KEY_DATA 0x020000
+#define KADM5_TL_DATA 0x040000
+
+#define KADM5_PRINCIPAL_NORMAL_MASK (~(KADM5_KEY_DATA | KADM5_TL_DATA))
+
+#define KADM5_PW_MAX_LIFE 0x004000
+#define KADM5_PW_MIN_LIFE 0x008000
+#define KADM5_PW_MIN_LENGTH 0x010000
+#define KADM5_PW_MIN_CLASSES 0x020000
+#define KADM5_PW_HISTORY_NUM 0x040000
+#define KADM5_REF_COUNT 0x080000
+
+#define KADM5_POLICY_NORMAL_MASK (~0)
+
+#define KADM5_ADMIN_SERVICE "kadmin/admin"
+#define KADM5_HIST_PRINCIPAL "kadmin/history"
+#define KADM5_CHANGEPW_SERVICE "kadmin/changepw"
+
+typedef struct _krb5_key_data {
+ int16_t key_data_ver; /* Version */
+ int16_t key_data_kvno; /* Key Version */
+ int16_t key_data_type[2]; /* Array of types */
+ int16_t key_data_length[2]; /* Array of lengths */
+ void* key_data_contents[2];/* Array of pointers */
+} krb5_key_data;
+
+typedef struct _krb5_tl_data {
+ struct _krb5_tl_data* tl_data_next;
+ int16_t tl_data_type;
+ int16_t tl_data_length;
+ void* tl_data_contents;
+} krb5_tl_data;
+
+#define KRB5_TL_LAST_PWD_CHANGE 0x0001
+#define KRB5_TL_MOD_PRINC 0x0002
+#define KRB5_TL_KADM_DATA 0x0003
+#define KRB5_TL_KADM5_E_DATA 0x0004
+#define KRB5_TL_RB1_CHALLENGE 0x0005
+#define KRB5_TL_SECURID_STATE 0x0006
+#define KRB5_TL_PASSWORD 0x0007
+#define KRB5_TL_EXTENSION 0x0008
+#define KRB5_TL_PKINIT_ACL 0x0009
+#define KRB5_TL_ALIASES 0x000a
+
+typedef struct _kadm5_principal_ent_t {
+ krb5_principal principal;
+
+ krb5_timestamp princ_expire_time;
+ krb5_timestamp last_pwd_change;
+ krb5_timestamp pw_expiration;
+ krb5_deltat max_life;
+ krb5_principal mod_name;
+ krb5_timestamp mod_date;
+ krb5_flags attributes;
+ krb5_kvno kvno;
+ krb5_kvno mkvno;
+
+ char * policy;
+ uint32_t aux_attributes;
+
+ krb5_deltat max_renewable_life;
+ krb5_timestamp last_success;
+ krb5_timestamp last_failed;
+ krb5_kvno fail_auth_count;
+ int16_t n_key_data;
+ int16_t n_tl_data;
+ krb5_tl_data *tl_data;
+ krb5_key_data *key_data;
+} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+
+typedef struct _kadm5_policy_ent_t {
+ char *policy;
+
+ uint32_t pw_min_life;
+ uint32_t pw_max_life;
+ uint32_t pw_min_length;
+ uint32_t pw_min_classes;
+ uint32_t pw_history_num;
+ uint32_t policy_refcnt;
+} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
+
+#define KADM5_CONFIG_REALM (1 << 0)
+#define KADM5_CONFIG_PROFILE (1 << 1)
+#define KADM5_CONFIG_KADMIND_PORT (1 << 2)
+#define KADM5_CONFIG_ADMIN_SERVER (1 << 3)
+#define KADM5_CONFIG_DBNAME (1 << 4)
+#define KADM5_CONFIG_ADBNAME (1 << 5)
+#define KADM5_CONFIG_ADB_LOCKFILE (1 << 6)
+#define KADM5_CONFIG_ACL_FILE (1 << 7)
+#define KADM5_CONFIG_DICT_FILE (1 << 8)
+#define KADM5_CONFIG_ADMIN_KEYTAB (1 << 9)
+#define KADM5_CONFIG_MKEY_FROM_KEYBOARD (1 << 10)
+#define KADM5_CONFIG_STASH_FILE (1 << 11)
+#define KADM5_CONFIG_MKEY_NAME (1 << 12)
+#define KADM5_CONFIG_ENCTYPE (1 << 13)
+#define KADM5_CONFIG_MAX_LIFE (1 << 14)
+#define KADM5_CONFIG_MAX_RLIFE (1 << 15)
+#define KADM5_CONFIG_EXPIRATION (1 << 16)
+#define KADM5_CONFIG_FLAGS (1 << 17)
+#define KADM5_CONFIG_ENCTYPES (1 << 18)
+
+#define KADM5_PRIV_GET (1 << 0)
+#define KADM5_PRIV_ADD (1 << 1)
+#define KADM5_PRIV_MODIFY (1 << 2)
+#define KADM5_PRIV_DELETE (1 << 3)
+#define KADM5_PRIV_LIST (1 << 4)
+#define KADM5_PRIV_CPW (1 << 5)
+#define KADM5_PRIV_ALL (KADM5_PRIV_GET | KADM5_PRIV_ADD | KADM5_PRIV_MODIFY | KADM5_PRIV_DELETE | KADM5_PRIV_LIST | KADM5_PRIV_CPW)
+
+typedef struct {
+ int XXX;
+}krb5_key_salt_tuple;
+
+typedef struct _kadm5_config_params {
+ uint32_t mask;
+
+ /* Client and server fields */
+ char *realm;
+ int kadmind_port;
+
+ /* client fields */
+ char *admin_server;
+
+ /* server fields */
+ char *dbname;
+ char *acl_file;
+
+ /* server library (database) fields */
+ char *stash_file;
+} kadm5_config_params;
+
+typedef krb5_error_code kadm5_ret_t;
+
+#include "kadm5-protos.h"
+
+#if 0
+/* unimplemented functions */
+kadm5_ret_t
+kadm5_decrypt_key(void *server_handle,
+ kadm5_principal_ent_t entry, int32_t
+ ktype, int32_t stype, int32_t
+ kvno, krb5_keyblock *keyblock,
+ krb5_keysalt *keysalt, int *kvnop);
+
+kadm5_ret_t
+kadm5_create_policy(void *server_handle,
+ kadm5_policy_ent_t policy, uint32_t mask);
+
+kadm5_ret_t
+kadm5_delete_policy(void *server_handle, char *policy);
+
+
+kadm5_ret_t
+kadm5_modify_policy(void *server_handle,
+ kadm5_policy_ent_t policy,
+ uint32_t mask);
+
+kadm5_ret_t
+kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent);
+
+kadm5_ret_t
+kadm5_get_policies(void *server_handle, char *exp,
+ char ***pols, int *count);
+
+void
+kadm5_free_policy_ent(kadm5_policy_ent_t policy);
+
+#endif
+
+#endif /* __KADM5_ADMIN_H__ */
Added: vendor-crypto/heimdal/dist/lib/kadm5/bump_pw_expire.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/bump_pw_expire.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/bump_pw_expire.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: bump_pw_expire.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * extend password_expiration if it's defined
+ */
+
+kadm5_ret_t
+_kadm5_bump_pw_expire(kadm5_server_context *context,
+ hdb_entry *ent)
+{
+ if (ent->pw_end != NULL) {
+ time_t life;
+
+ life = krb5_config_get_time_default(context->context,
+ NULL,
+ 365 * 24 * 60 * 60,
+ "kadmin",
+ "password_lifetime",
+ NULL);
+
+ *(ent->pw_end) = time(NULL) + life;
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/check-cracklib.pl
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/check-cracklib.pl (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/check-cracklib.pl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,106 @@
+#!/usr/pkg/bin/perl
+#
+# Sample password verifier for Heimdals external password
+# verifier, see the chapter "Password changing" in the the info
+# documentation for more information about the protocol used.
+#
+# Three checks
+# 1. Check that password is not the principal name
+# 2. Check that the password passes cracklib
+# 3. Check that password isn't repeated for this principal
+#
+# The repeat check must be last because some clients ask
+# twice when getting "no" back and thus the error message
+# would be wrong.
+#
+# Prereqs (example versions):
+#
+# * perl (5.8.5) http://www.perl.org/
+# * cracklib (2.8.5) http://sourceforge.net/projects/cracklib
+# * Crypt-Cracklib perlmodule (0.01) http://search.cpan.org/~daniel/
+#
+# Sample dictionaries:
+# cracklib-words (1.1) http://sourceforge.net/projects/cracklib
+# miscfiles (1.4.2) http://directory.fsf.org/miscfiles.html
+#
+# Configuration for krb5.conf or kdc.conf
+#
+# [password_quality]
+# policies = builtin:external-check
+# external_program = <your-path>/check-cracklib.pl
+#
+# $Id: check-cracklib.pl,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+use strict;
+use Crypt::Cracklib;
+use Digest::MD5;
+
+# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
+my $database = '/usr/lib/cracklib_dict';
+my $historydb = '/var/heimdal/historydb';
+# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
+
+my %params;
+
+sub check_basic
+{
+ my $principal = shift;
+ my $passwd = shift;
+
+ if ($principal eq $passwd) {
+ return "Principal name as password is not allowed";
+ }
+ return "ok";
+}
+
+sub check_repeat
+{
+ my $principal = shift;
+ my $passwd = shift;
+ my $result = 'Do not reuse passwords';
+ my %DB;
+ my $md5context = new Digest::MD5;
+
+ $md5context->reset();
+ $md5context->add($principal, ":", $passwd);
+
+ my $key=$md5context->hexdigest();
+
+ dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb";
+ $result = "ok" if (!$DB{$key});
+ $DB{$key}=scalar(time());
+ dbmclose(%DB) or die "Internal: Could not close $historydb";
+ return $result;
+}
+
+sub badpassword
+{
+ my $reason = shift;
+ print "$reason\n";
+ exit 0
+}
+
+while (<>) {
+ last if /^end$/;
+ if (!/^([^:]+): (.+)$/) {
+ die "key value pair not correct: $_";
+ }
+ $params{$1} = $2;
+}
+
+die "missing principal" if (!defined $params{'principal'});
+die "missing password" if (!defined $params{'new-password'});
+
+my $reason;
+
+$reason = check_basic($params{'principal'}, $params{'new-password'});
+badpassword($reason) if ($reason ne "ok");
+
+$reason = fascist_check($params{'new-password'}, $database);
+badpassword($reason) if ($reason ne "ok");
+
+$reason = check_repeat($params{'principal'}, $params{'new-password'});
+badpassword($reason) if ($reason ne "ok");
+
+print "APPROVED\n";
+exit 0
Added: vendor-crypto/heimdal/dist/lib/kadm5/chpass_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/chpass_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/chpass_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: chpass_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_chpass_principal(void *server_handle,
+ krb5_principal princ,
+ const char *password)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_chpass);
+ krb5_store_principal(sp, princ);
+ krb5_store_string(sp, password);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ krb5_clear_error_string(context->context);
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return tmp;
+}
+
+kadm5_ret_t
+kadm5_c_chpass_principal_with_key(void *server_handle,
+ krb5_principal princ,
+ int n_key_data,
+ krb5_key_data *key_data)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+ int i;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_chpass_with_key);
+ krb5_store_principal(sp, princ);
+ krb5_store_int32(sp, n_key_data);
+ for (i = 0; i < n_key_data; ++i)
+ kadm5_store_key_data (sp, &key_data[i]);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ krb5_clear_error_string(context->context);
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/chpass_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/chpass_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/chpass_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: chpass_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static kadm5_ret_t
+change(void *server_handle,
+ krb5_principal princ,
+ const char *password,
+ int cond)
+{
+ kadm5_server_context *context = server_handle;
+ hdb_entry_ex ent;
+ kadm5_ret_t ret;
+ Key *keys;
+ size_t num_keys;
+ int cmp = 1;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ return ret;
+ ret = context->db->hdb_fetch(context->context, context->db, princ,
+ HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
+ if(ret == HDB_ERR_NOENTRY)
+ goto out;
+
+ num_keys = ent.entry.keys.len;
+ keys = ent.entry.keys.val;
+
+ ent.entry.keys.len = 0;
+ ent.entry.keys.val = NULL;
+
+ ret = _kadm5_set_keys(context, &ent.entry, password);
+ if(ret) {
+ _kadm5_free_keys (context->context, num_keys, keys);
+ goto out2;
+ }
+ ent.entry.kvno++;
+ if (cond)
+ cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len,
+ keys, num_keys);
+ _kadm5_free_keys (context->context, num_keys, keys);
+
+ if (cmp == 0) {
+ krb5_set_error_string(context->context, "Password reuse forbidden");
+ ret = KADM5_PASS_REUSE;
+ goto out2;
+ }
+
+ ret = _kadm5_set_modifier(context, &ent.entry);
+ if(ret)
+ goto out2;
+
+ ret = _kadm5_bump_pw_expire(context, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = context->db->hdb_store(context->context, context->db,
+ HDB_F_REPLACE, &ent);
+ if (ret)
+ goto out2;
+
+ kadm5_log_modify (context,
+ &ent.entry,
+ KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
+ KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
+ KADM5_TL_DATA);
+
+out2:
+ hdb_free_entry(context->context, &ent);
+out:
+ context->db->hdb_close(context->context, context->db);
+ return _kadm5_error_code(ret);
+}
+
+
+
+/*
+ * change the password of `princ' to `password' if it's not already that.
+ */
+
+kadm5_ret_t
+kadm5_s_chpass_principal_cond(void *server_handle,
+ krb5_principal princ,
+ const char *password)
+{
+ return change (server_handle, princ, password, 1);
+}
+
+/*
+ * change the password of `princ' to `password'
+ */
+
+kadm5_ret_t
+kadm5_s_chpass_principal(void *server_handle,
+ krb5_principal princ,
+ const char *password)
+{
+ return change (server_handle, princ, password, 0);
+}
+
+/*
+ * change keys for `princ' to `keys'
+ */
+
+kadm5_ret_t
+kadm5_s_chpass_principal_with_key(void *server_handle,
+ krb5_principal princ,
+ int n_key_data,
+ krb5_key_data *key_data)
+{
+ kadm5_server_context *context = server_handle;
+ hdb_entry_ex ent;
+ kadm5_ret_t ret;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ return ret;
+ ret = context->db->hdb_fetch(context->context, context->db, princ,
+ HDB_F_GET_ANY, &ent);
+ if(ret == HDB_ERR_NOENTRY)
+ goto out;
+ ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
+ if(ret)
+ goto out2;
+ ent.entry.kvno++;
+ ret = _kadm5_set_modifier(context, &ent.entry);
+ if(ret)
+ goto out2;
+ ret = _kadm5_bump_pw_expire(context, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = context->db->hdb_store(context->context, context->db,
+ HDB_F_REPLACE, &ent);
+ if (ret)
+ goto out2;
+
+ kadm5_log_modify (context,
+ &ent.entry,
+ KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
+ KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
+ KADM5_TL_DATA);
+
+out2:
+ hdb_free_entry(context->context, &ent);
+out:
+ context->db->hdb_close(context->context, context->db);
+ return _kadm5_error_code(ret);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/client_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/client_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/client_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: client_glue.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_init_with_password(const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_password(client_name,
+ password,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_password_ctx(krb5_context context,
+ const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_password_ctx(context,
+ client_name,
+ password,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_skey(const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_skey(client_name,
+ keytab,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_skey_ctx(krb5_context context,
+ const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_skey_ctx(context,
+ client_name,
+ keytab,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_creds(const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_creds(client_name,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_creds_ctx(krb5_context context,
+ const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_creds_ctx(context,
+ client_name,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/common_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/common_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/common_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: common_glue.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P;
+
+kadm5_ret_t
+kadm5_chpass_principal(void *server_handle,
+ krb5_principal princ,
+ const char *password)
+{
+ return __CALL(chpass_principal, (server_handle, princ, password));
+}
+
+kadm5_ret_t
+kadm5_chpass_principal_with_key(void *server_handle,
+ krb5_principal princ,
+ int n_key_data,
+ krb5_key_data *key_data)
+{
+ return __CALL(chpass_principal_with_key,
+ (server_handle, princ, n_key_data, key_data));
+}
+
+kadm5_ret_t
+kadm5_create_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask,
+ const char *password)
+{
+ return __CALL(create_principal, (server_handle, princ, mask, password));
+}
+
+kadm5_ret_t
+kadm5_delete_principal(void *server_handle,
+ krb5_principal princ)
+{
+ return __CALL(delete_principal, (server_handle, princ));
+}
+
+kadm5_ret_t
+kadm5_destroy (void *server_handle)
+{
+ return __CALL(destroy, (server_handle));
+}
+
+kadm5_ret_t
+kadm5_flush (void *server_handle)
+{
+ return __CALL(flush, (server_handle));
+}
+
+kadm5_ret_t
+kadm5_get_principal(void *server_handle,
+ krb5_principal princ,
+ kadm5_principal_ent_t out,
+ uint32_t mask)
+{
+ return __CALL(get_principal, (server_handle, princ, out, mask));
+}
+
+kadm5_ret_t
+kadm5_modify_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ return __CALL(modify_principal, (server_handle, princ, mask));
+}
+
+kadm5_ret_t
+kadm5_randkey_principal(void *server_handle,
+ krb5_principal princ,
+ krb5_keyblock **new_keys,
+ int *n_keys)
+{
+ return __CALL(randkey_principal, (server_handle, princ, new_keys, n_keys));
+}
+
+kadm5_ret_t
+kadm5_rename_principal(void *server_handle,
+ krb5_principal source,
+ krb5_principal target)
+{
+ return __CALL(rename_principal, (server_handle, source, target));
+}
+
+kadm5_ret_t
+kadm5_get_principals(void *server_handle,
+ const char *expression,
+ char ***princs,
+ int *count)
+{
+ return __CALL(get_principals, (server_handle, expression, princs, count));
+}
+
+kadm5_ret_t
+kadm5_get_privs(void *server_handle,
+ uint32_t *privs)
+{
+ return __CALL(get_privs, (server_handle, privs));
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/context_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/context_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/context_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,174 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: context_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static void
+set_funcs(kadm5_server_context *c)
+{
+#define SET(C, F) (C)->funcs.F = kadm5_s_ ## F
+ SET(c, chpass_principal);
+ SET(c, chpass_principal_with_key);
+ SET(c, create_principal);
+ SET(c, delete_principal);
+ SET(c, destroy);
+ SET(c, flush);
+ SET(c, get_principal);
+ SET(c, get_principals);
+ SET(c, get_privs);
+ SET(c, modify_principal);
+ SET(c, randkey_principal);
+ SET(c, rename_principal);
+}
+
+static void
+set_socket_name(krb5_context context, struct sockaddr_un *un)
+{
+ const char *fn = kadm5_log_signal_socket(context);
+
+ memset(un, 0, sizeof(*un));
+ un->sun_family = AF_UNIX;
+ strlcpy (un->sun_path, fn, sizeof(un->sun_path));
+}
+
+static kadm5_ret_t
+find_db_spec(kadm5_server_context *ctx)
+{
+ krb5_context context = ctx->context;
+ struct hdb_dbinfo *info, *d;
+ krb5_error_code ret;
+
+ if (ctx->config.realm) {
+ /* fetch the databases */
+ ret = hdb_get_dbinfo(context, &info);
+ if (ret)
+ return ret;
+
+ d = NULL;
+ while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
+ const char *p = hdb_dbinfo_get_realm(context, d);
+
+ /* match default (realm-less) */
+ if(p != NULL && strcmp(ctx->config.realm, p) != 0)
+ continue;
+
+ p = hdb_dbinfo_get_dbname(context, d);
+ if (p)
+ ctx->config.dbname = strdup(p);
+
+ p = hdb_dbinfo_get_acl_file(context, d);
+ if (p)
+ ctx->config.acl_file = strdup(p);
+
+ p = hdb_dbinfo_get_mkey_file(context, d);
+ if (p)
+ ctx->config.stash_file = strdup(p);
+
+ p = hdb_dbinfo_get_log_file(context, d);
+ if (p)
+ ctx->log_context.log_file = strdup(p);
+ break;
+ }
+ hdb_free_dbinfo(context, &info);
+ }
+
+ /* If any of the values was unset, pick up the default value */
+
+ if (ctx->config.dbname == NULL)
+ ctx->config.dbname = strdup(hdb_default_db(context));
+ if (ctx->config.acl_file == NULL)
+ asprintf(&ctx->config.acl_file, "%s/kadmind.acl", hdb_db_dir(context));
+ if (ctx->config.stash_file == NULL)
+ asprintf(&ctx->config.stash_file, "%s/m-key", hdb_db_dir(context));
+ if (ctx->log_context.log_file == NULL)
+ asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context));
+
+ set_socket_name(context, &ctx->log_context.socket_name);
+
+ return 0;
+}
+
+kadm5_ret_t
+_kadm5_s_init_context(kadm5_server_context **ctx,
+ kadm5_config_params *params,
+ krb5_context context)
+{
+ *ctx = malloc(sizeof(**ctx));
+ if(*ctx == NULL)
+ return ENOMEM;
+ memset(*ctx, 0, sizeof(**ctx));
+ set_funcs(*ctx);
+ (*ctx)->context = context;
+ krb5_add_et_list (context, initialize_kadm5_error_table_r);
+#define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M)
+ if(is_set(REALM))
+ (*ctx)->config.realm = strdup(params->realm);
+ else
+ krb5_get_default_realm(context, &(*ctx)->config.realm);
+ if(is_set(DBNAME))
+ (*ctx)->config.dbname = strdup(params->dbname);
+ if(is_set(ACL_FILE))
+ (*ctx)->config.acl_file = strdup(params->acl_file);
+ if(is_set(STASH_FILE))
+ (*ctx)->config.stash_file = strdup(params->stash_file);
+
+ find_db_spec(*ctx);
+
+ /* PROFILE can't be specified for now */
+ /* KADMIND_PORT is supposed to be used on the server also,
+ but this doesn't make sense */
+ /* ADMIN_SERVER is client only */
+ /* ADNAME is not used at all (as far as I can tell) */
+ /* ADB_LOCKFILE ditto */
+ /* DICT_FILE */
+ /* ADMIN_KEYTAB */
+ /* MKEY_FROM_KEYBOARD is not supported */
+ /* MKEY_NAME neither */
+ /* ENCTYPE */
+ /* MAX_LIFE */
+ /* MAX_RLIFE */
+ /* EXPIRATION */
+ /* FLAGS */
+ /* ENCTYPES */
+
+ return 0;
+}
+
+HDB *
+_kadm5_s_get_db(void *server_handle)
+{
+ kadm5_server_context *context = server_handle;
+ return context->db;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/create_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/create_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/create_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: create_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_create_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask,
+ const char *password)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_create);
+ kadm5_store_principal_ent(sp, princ);
+ krb5_store_int32(sp, mask);
+ krb5_store_string(sp, password);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ krb5_clear_error_string(context->context);
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return tmp;
+}
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/create_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/create_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/create_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 1997-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: create_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static kadm5_ret_t
+get_default(kadm5_server_context *context, krb5_principal princ,
+ kadm5_principal_ent_t def)
+{
+ kadm5_ret_t ret;
+ krb5_principal def_principal;
+ krb5_realm *realm = krb5_princ_realm(context->context, princ);
+
+ ret = krb5_make_principal(context->context, &def_principal,
+ *realm, "default", NULL);
+ if (ret)
+ return ret;
+ ret = kadm5_s_get_principal(context, def_principal, def,
+ KADM5_PRINCIPAL_NORMAL_MASK);
+ krb5_free_principal (context->context, def_principal);
+ return ret;
+}
+
+static kadm5_ret_t
+create_principal(kadm5_server_context *context,
+ kadm5_principal_ent_t princ,
+ uint32_t mask,
+ hdb_entry_ex *ent,
+ uint32_t required_mask,
+ uint32_t forbidden_mask)
+{
+ kadm5_ret_t ret;
+ kadm5_principal_ent_rec defrec, *defent;
+ uint32_t def_mask;
+
+ if((mask & required_mask) != required_mask)
+ return KADM5_BAD_MASK;
+ if((mask & forbidden_mask))
+ return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
+ /* XXX no real policies for now */
+ return KADM5_UNK_POLICY;
+ memset(ent, 0, sizeof(*ent));
+ ret = krb5_copy_principal(context->context, princ->principal,
+ &ent->entry.principal);
+ if(ret)
+ return ret;
+
+ defent = &defrec;
+ ret = get_default(context, princ->principal, defent);
+ if(ret) {
+ defent = NULL;
+ def_mask = 0;
+ } else {
+ def_mask = KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE;
+ }
+
+ ret = _kadm5_setup_entry(context,
+ ent, mask | def_mask,
+ princ, mask,
+ defent, def_mask);
+ if(defent)
+ kadm5_free_principal_ent(context, defent);
+
+ ent->entry.created_by.time = time(NULL);
+ ret = krb5_copy_principal(context->context, context->caller,
+ &ent->entry.created_by.principal);
+
+ return ret;
+}
+
+kadm5_ret_t
+kadm5_s_create_principal_with_key(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ kadm5_ret_t ret;
+ hdb_entry_ex ent;
+ kadm5_server_context *context = server_handle;
+
+ ret = create_principal(context, princ, mask, &ent,
+ KADM5_PRINCIPAL | KADM5_KEY_DATA,
+ KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
+ | KADM5_MOD_NAME | KADM5_MKVNO
+ | KADM5_AUX_ATTRIBUTES
+ | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
+ | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
+ if(ret)
+ goto out;
+
+ if ((mask & KADM5_KVNO) == 0)
+ ent.entry.kvno = 1;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out;
+
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ goto out;
+ ret = context->db->hdb_store(context->context, context->db, 0, &ent);
+ context->db->hdb_close(context->context, context->db);
+ if (ret)
+ goto out;
+ kadm5_log_create (context, &ent.entry);
+
+out:
+ hdb_free_entry(context->context, &ent);
+ return _kadm5_error_code(ret);
+}
+
+
+kadm5_ret_t
+kadm5_s_create_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask,
+ const char *password)
+{
+ kadm5_ret_t ret;
+ hdb_entry_ex ent;
+ kadm5_server_context *context = server_handle;
+
+ ret = create_principal(context, princ, mask, &ent,
+ KADM5_PRINCIPAL,
+ KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
+ | KADM5_MOD_NAME | KADM5_MKVNO
+ | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA
+ | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS
+ | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT);
+ if(ret)
+ goto out;
+
+ if ((mask & KADM5_KVNO) == 0)
+ ent.entry.kvno = 1;
+
+ ent.entry.keys.len = 0;
+ ent.entry.keys.val = NULL;
+
+ ret = _kadm5_set_keys(context, &ent.entry, password);
+ if (ret)
+ goto out;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out;
+
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ goto out;
+ ret = context->db->hdb_store(context->context, context->db, 0, &ent);
+ context->db->hdb_close(context->context, context->db);
+ if (ret)
+ goto out;
+
+ kadm5_log_create (context, &ent.entry);
+
+ out:
+ hdb_free_entry(context->context, &ent);
+ return _kadm5_error_code(ret);
+}
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/default_keys.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/default_keys.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/default_keys.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+#include <err.h>
+
+RCSID("$Id: default_keys.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static void
+print_keys(krb5_context context, Key *keys, size_t nkeys)
+{
+ krb5_error_code ret;
+ char *str;
+ int i;
+
+ printf("keys:\n");
+
+ for (i = 0; i < nkeys; i++) {
+
+ ret = krb5_enctype_to_string(context, keys[i].key.keytype, &str);
+ if (ret)
+ krb5_err(context, ret, 1, "krb5_enctype_to_string: %d\n",
+ (int)keys[i].key.keytype);
+
+ printf("\tenctype %s", str);
+ free(str);
+
+ if (keys[i].salt) {
+ printf(" salt: ");
+
+ switch (keys[i].salt->type) {
+ case KRB5_PW_SALT:
+ printf("pw-salt:");
+ break;
+ case KRB5_AFS3_SALT:
+ printf("afs3-salt:");
+ break;
+ default:
+ printf("unknown salt: %d", keys[i].salt->type);
+ break;
+ }
+ if (keys[i].salt->salt.length)
+ printf("%.*s", (int)keys[i].salt->salt.length,
+ (char *)keys[i].salt->salt.data);
+ }
+ printf("\n");
+ }
+ printf("end keys:\n");
+}
+
+static void
+parse_file(krb5_context context, krb5_principal principal, int no_salt)
+{
+ krb5_error_code ret;
+ size_t nkeys;
+ Key *keys;
+
+ ret = hdb_generate_key_set(context, principal, &keys, &nkeys, no_salt);
+ if (ret)
+ krb5_err(context, 1, ret, "hdb_generate_key_set");
+
+ print_keys(context, keys, nkeys);
+
+ hdb_free_keys(context, nkeys, keys);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_principal principal;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context");
+
+ ret = krb5_parse_name(context, "lha at SU.SE", &principal);
+ if (ret)
+ krb5_err(context, ret, 1, "krb5_parse_name");
+
+ parse_file(context, principal, 0);
+ parse_file(context, principal, 1);
+
+ krb5_free_principal(context, principal);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/delete_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/delete_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/delete_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: delete_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_delete_principal(void *server_handle, krb5_principal princ)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_delete);
+ krb5_store_principal(sp, princ);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if (ret)
+ return ret;
+ ret = _kadm5_client_recv(context, &reply);
+ if (ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if(sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ krb5_clear_error_string(context->context);
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/delete_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/delete_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/delete_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: delete_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_s_delete_principal(void *server_handle, krb5_principal princ)
+{
+ kadm5_server_context *context = server_handle;
+ kadm5_ret_t ret;
+ hdb_entry_ex ent;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret) {
+ krb5_warn(context->context, ret, "opening database");
+ return ret;
+ }
+ ret = context->db->hdb_fetch(context->context, context->db, princ,
+ HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
+ if(ret == HDB_ERR_NOENTRY)
+ goto out;
+ if(ent.entry.flags.immutable) {
+ ret = KADM5_PROTECT_PRINCIPAL;
+ goto out2;
+ }
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = context->db->hdb_remove(context->context, context->db, princ);
+ if (ret)
+ goto out2;
+
+ kadm5_log_delete (context, princ);
+
+out2:
+ hdb_free_entry(context->context, &ent);
+out:
+ context->db->hdb_close(context->context, context->db);
+ return _kadm5_error_code(ret);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/destroy_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/destroy_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/destroy_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: destroy_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_destroy(void *server_handle)
+{
+ kadm5_client_context *context = server_handle;
+
+ free(context->realm);
+ free(context->admin_server);
+ close(context->sock);
+ if (context->client_name)
+ free(context->client_name);
+ if (context->service_name)
+ free(context->service_name);
+ if (context->ac != NULL)
+ krb5_auth_con_free(context->context, context->ac);
+ if(context->my_context)
+ krb5_free_context(context->context);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/destroy_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/destroy_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/destroy_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: destroy_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * dealloc a `kadm5_config_params'
+ */
+
+static void
+destroy_config (kadm5_config_params *c)
+{
+ free (c->realm);
+ free (c->dbname);
+ free (c->acl_file);
+ free (c->stash_file);
+}
+
+/*
+ * dealloc a kadm5_log_context
+ */
+
+static void
+destroy_kadm5_log_context (kadm5_log_context *c)
+{
+ free (c->log_file);
+ close (c->socket_fd);
+}
+
+/*
+ * destroy a kadm5 handle
+ */
+
+kadm5_ret_t
+kadm5_s_destroy(void *server_handle)
+{
+ kadm5_ret_t ret;
+ kadm5_server_context *context = server_handle;
+ krb5_context kcontext = context->context;
+
+ ret = context->db->hdb_destroy(kcontext, context->db);
+ destroy_kadm5_log_context (&context->log_context);
+ destroy_config (&context->config);
+ krb5_free_principal (kcontext, context->caller);
+ if(context->my_context)
+ krb5_free_context(kcontext);
+ free (context);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/ent_setup.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/ent_setup.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/ent_setup.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,206 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: ent_setup.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0)
+#define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0)
+
+static void
+attr_to_flags(unsigned attr, HDBFlags *flags)
+{
+ flags->postdate = !(attr & KRB5_KDB_DISALLOW_POSTDATED);
+ flags->forwardable = !(attr & KRB5_KDB_DISALLOW_FORWARDABLE);
+ flags->initial = !!(attr & KRB5_KDB_DISALLOW_TGT_BASED);
+ flags->renewable = !(attr & KRB5_KDB_DISALLOW_RENEWABLE);
+ flags->proxiable = !(attr & KRB5_KDB_DISALLOW_PROXIABLE);
+ /* DUP_SKEY */
+ flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX);
+ flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH);
+ /* HW_AUTH */
+ flags->server = !(attr & KRB5_KDB_DISALLOW_SVR);
+ flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE);
+ flags->client = 1; /* XXX */
+ flags->ok_as_delegate = !!(attr & KRB5_KDB_OK_AS_DELEGATE);
+ flags->trusted_for_delegation = !!(attr & KRB5_KDB_TRUSTED_FOR_DELEGATION);
+ flags->allow_kerberos4 = !!(attr & KRB5_KDB_ALLOW_KERBEROS4);
+ flags->allow_digest = !!(attr & KRB5_KDB_ALLOW_DIGEST);
+}
+
+/*
+ * Modify the `ent' according to `tl_data'.
+ */
+
+static kadm5_ret_t
+perform_tl_data(krb5_context context,
+ HDB *db,
+ hdb_entry_ex *ent,
+ const krb5_tl_data *tl_data)
+{
+ kadm5_ret_t ret = 0;
+
+ if (tl_data->tl_data_type == KRB5_TL_PASSWORD) {
+ heim_utf8_string pw = tl_data->tl_data_contents;
+
+ if (pw[tl_data->tl_data_length] != '\0')
+ return KADM5_BAD_TL_TYPE;
+
+ ret = hdb_entry_set_password(context, db, &ent->entry, pw);
+
+ } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
+ unsigned char *s;
+ time_t t;
+
+ if (tl_data->tl_data_length != 4)
+ return KADM5_BAD_TL_TYPE;
+
+ s = tl_data->tl_data_contents;
+
+ t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
+
+ ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
+
+ } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
+ HDB_extension ext;
+
+ ret = decode_HDB_extension(tl_data->tl_data_contents,
+ tl_data->tl_data_length,
+ &ext,
+ NULL);
+ if (ret)
+ return KADM5_BAD_TL_TYPE;
+
+ ret = hdb_replace_extension(context, &ent->entry, &ext);
+ free_HDB_extension(&ext);
+ } else {
+ return KADM5_BAD_TL_TYPE;
+ }
+ return ret;
+}
+
+
+/*
+ * Create the hdb entry `ent' based on data from `princ' with
+ * `princ_mask' specifying what fields to be gotten from there and
+ * `mask' specifying what fields we want filled in.
+ */
+
+kadm5_ret_t
+_kadm5_setup_entry(kadm5_server_context *context,
+ hdb_entry_ex *ent,
+ uint32_t mask,
+ kadm5_principal_ent_t princ,
+ uint32_t princ_mask,
+ kadm5_principal_ent_t def,
+ uint32_t def_mask)
+{
+ if(mask & KADM5_PRINC_EXPIRE_TIME
+ && princ_mask & KADM5_PRINC_EXPIRE_TIME) {
+ if (princ->princ_expire_time)
+ set_value(ent->entry.valid_end, princ->princ_expire_time);
+ else
+ set_null(ent->entry.valid_end);
+ }
+ if(mask & KADM5_PW_EXPIRATION
+ && princ_mask & KADM5_PW_EXPIRATION) {
+ if (princ->pw_expiration)
+ set_value(ent->entry.pw_end, princ->pw_expiration);
+ else
+ set_null(ent->entry.pw_end);
+ }
+ if(mask & KADM5_ATTRIBUTES) {
+ if (princ_mask & KADM5_ATTRIBUTES) {
+ attr_to_flags(princ->attributes, &ent->entry.flags);
+ } else if(def_mask & KADM5_ATTRIBUTES) {
+ attr_to_flags(def->attributes, &ent->entry.flags);
+ ent->entry.flags.invalid = 0;
+ } else {
+ ent->entry.flags.client = 1;
+ ent->entry.flags.server = 1;
+ ent->entry.flags.forwardable = 1;
+ ent->entry.flags.proxiable = 1;
+ ent->entry.flags.renewable = 1;
+ ent->entry.flags.postdate = 1;
+ }
+ }
+ if(mask & KADM5_MAX_LIFE) {
+ if(princ_mask & KADM5_MAX_LIFE) {
+ if(princ->max_life)
+ set_value(ent->entry.max_life, princ->max_life);
+ else
+ set_null(ent->entry.max_life);
+ } else if(def_mask & KADM5_MAX_LIFE) {
+ if(def->max_life)
+ set_value(ent->entry.max_life, def->max_life);
+ else
+ set_null(ent->entry.max_life);
+ }
+ }
+ if(mask & KADM5_KVNO
+ && princ_mask & KADM5_KVNO)
+ ent->entry.kvno = princ->kvno;
+ if(mask & KADM5_MAX_RLIFE) {
+ if(princ_mask & KADM5_MAX_RLIFE) {
+ if(princ->max_renewable_life)
+ set_value(ent->entry.max_renew, princ->max_renewable_life);
+ else
+ set_null(ent->entry.max_renew);
+ } else if(def_mask & KADM5_MAX_RLIFE) {
+ if(def->max_renewable_life)
+ set_value(ent->entry.max_renew, def->max_renewable_life);
+ else
+ set_null(ent->entry.max_renew);
+ }
+ }
+ if(mask & KADM5_KEY_DATA
+ && princ_mask & KADM5_KEY_DATA) {
+ _kadm5_set_keys2(context, &ent->entry,
+ princ->n_key_data, princ->key_data);
+ }
+ if(mask & KADM5_TL_DATA) {
+ krb5_tl_data *tl;
+
+ for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) {
+ kadm5_ret_t ret;
+ ret = perform_tl_data(context->context, context->db, ent, tl);
+ if (ret)
+ return ret;
+ }
+ }
+ if(mask & KADM5_FAIL_AUTH_COUNT) {
+ /* XXX */
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/error.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/error.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/error.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: error.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+_kadm5_error_code(kadm5_ret_t code)
+{
+ switch(code){
+ case HDB_ERR_EXISTS:
+ return KADM5_DUP;
+ case HDB_ERR_NOENTRY:
+ return KADM5_UNK_PRINC;
+ }
+ return code;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/flush.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/flush.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/flush.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: flush.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_s_flush(void *server_handle)
+{
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_c_flush(void *server_handle)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/flush_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/flush_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/flush_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: flush_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_flush(void *server_handle)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/flush_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/flush_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/flush_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: flush_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_s_flush(void *server_handle)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/free.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/free.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/free.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: free.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+void
+kadm5_free_key_data(void *server_handle,
+ int16_t *n_key_data,
+ krb5_key_data *key_data)
+{
+ int i;
+ for(i = 0; i < *n_key_data; i++){
+ if(key_data[i].key_data_contents[0]){
+ memset(key_data[i].key_data_contents[0],
+ 0,
+ key_data[i].key_data_length[0]);
+ free(key_data[i].key_data_contents[0]);
+ }
+ if(key_data[i].key_data_contents[1])
+ free(key_data[i].key_data_contents[1]);
+ }
+ *n_key_data = 0;
+}
+
+
+void
+kadm5_free_principal_ent(void *server_handle,
+ kadm5_principal_ent_t princ)
+{
+ kadm5_server_context *context = server_handle;
+ if(princ->principal)
+ krb5_free_principal(context->context, princ->principal);
+ if(princ->mod_name)
+ krb5_free_principal(context->context, princ->mod_name);
+ kadm5_free_key_data(server_handle, &princ->n_key_data, princ->key_data);
+ while(princ->n_tl_data && princ->tl_data) {
+ krb5_tl_data *tp;
+ tp = princ->tl_data;
+ princ->tl_data = tp->tl_data_next;
+ princ->n_tl_data--;
+ memset(tp->tl_data_contents, 0, tp->tl_data_length);
+ free(tp->tl_data_contents);
+ free(tp);
+ }
+ if (princ->key_data != NULL)
+ free (princ->key_data);
+}
+
+void
+kadm5_free_name_list(void *server_handle,
+ char **names,
+ int *count)
+{
+ int i;
+ for(i = 0; i < *count; i++)
+ free(names[i]);
+ free(names);
+ *count = 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/get_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/get_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/get_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: get_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_get_principal(void *server_handle,
+ krb5_principal princ,
+ kadm5_principal_ent_t out,
+ uint32_t mask)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_get);
+ krb5_store_principal(sp, princ);
+ krb5_store_int32(sp, mask);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if(ret)
+ return ret;
+ ret = _kadm5_client_recv(context, &reply);
+ if (ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ ret = tmp;
+ krb5_clear_error_string(context->context);
+ if(ret == 0)
+ kadm5_ret_principal_ent(sp, out);
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/get_princs_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/get_princs_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/get_princs_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: get_princs_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_get_principals(void *server_handle,
+ const char *expression,
+ char ***princs,
+ int *count)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL)
+ return ENOMEM;
+ krb5_store_int32(sp, kadm_get_princs);
+ krb5_store_int32(sp, expression != NULL);
+ if(expression)
+ krb5_store_string(sp, expression);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ ret = tmp;
+ if(ret == 0) {
+ int i;
+ krb5_ret_int32(sp, &tmp);
+ *princs = calloc(tmp + 1, sizeof(**princs));
+ if (*princs == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ for(i = 0; i < tmp; i++)
+ krb5_ret_string(sp, &(*princs)[i]);
+ *count = tmp;
+ }
+out:
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/get_princs_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/get_princs_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/get_princs_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: get_princs_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct foreach_data {
+ const char *exp;
+ char *exp2;
+ char **princs;
+ int count;
+};
+
+static krb5_error_code
+add_princ(struct foreach_data *d, char *princ)
+{
+ char **tmp;
+ tmp = realloc(d->princs, (d->count + 1) * sizeof(*tmp));
+ if(tmp == NULL)
+ return ENOMEM;
+ d->princs = tmp;
+ d->princs[d->count++] = princ;
+ return 0;
+}
+
+static krb5_error_code
+foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data)
+{
+ struct foreach_data *d = data;
+ char *princ;
+ krb5_error_code ret;
+ ret = krb5_unparse_name(context, ent->entry.principal, &princ);
+ if(ret)
+ return ret;
+ if(d->exp){
+ if(fnmatch(d->exp, princ, 0) == 0 || fnmatch(d->exp2, princ, 0) == 0)
+ ret = add_princ(d, princ);
+ else
+ free(princ);
+ }else{
+ ret = add_princ(d, princ);
+ }
+ if(ret)
+ free(princ);
+ return ret;
+}
+
+kadm5_ret_t
+kadm5_s_get_principals(void *server_handle,
+ const char *expression,
+ char ***princs,
+ int *count)
+{
+ struct foreach_data d;
+ kadm5_server_context *context = server_handle;
+ kadm5_ret_t ret;
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret) {
+ krb5_warn(context->context, ret, "opening database");
+ return ret;
+ }
+ d.exp = expression;
+ {
+ krb5_realm r;
+ krb5_get_default_realm(context->context, &r);
+ asprintf(&d.exp2, "%s@%s", expression, r);
+ free(r);
+ }
+ d.princs = NULL;
+ d.count = 0;
+ ret = hdb_foreach(context->context, context->db, 0, foreach, &d);
+ context->db->hdb_close(context->context, context->db);
+ if(ret == 0)
+ ret = add_princ(&d, NULL);
+ if(ret == 0){
+ *princs = d.princs;
+ *count = d.count - 1;
+ }else
+ kadm5_free_name_list(context, d.princs, &d.count);
+ free(d.exp2);
+ return _kadm5_error_code(ret);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/get_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/get_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/get_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: get_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static kadm5_ret_t
+add_tl_data(kadm5_principal_ent_t ent, int16_t type,
+ const void *data, size_t size)
+{
+ krb5_tl_data *tl;
+
+ tl = calloc(1, sizeof(*tl));
+ if (tl == NULL)
+ return _kadm5_error_code(ENOMEM);
+
+ tl->tl_data_type = type;
+ tl->tl_data_length = size;
+ tl->tl_data_contents = malloc(size);
+ if (tl->tl_data_contents == NULL) {
+ free(tl);
+ return _kadm5_error_code(ENOMEM);
+ }
+ memcpy(tl->tl_data_contents, data, size);
+
+ tl->tl_data_next = ent->tl_data;
+ ent->tl_data = tl;
+ ent->n_tl_data++;
+
+ return 0;
+}
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+_krb5_put_int(void *buffer, unsigned long value, size_t size); /* XXX */
+
+kadm5_ret_t
+kadm5_s_get_principal(void *server_handle,
+ krb5_principal princ,
+ kadm5_principal_ent_t out,
+ uint32_t mask)
+{
+ kadm5_server_context *context = server_handle;
+ kadm5_ret_t ret;
+ hdb_entry_ex ent;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0);
+ if(ret)
+ return ret;
+ ret = context->db->hdb_fetch(context->context, context->db, princ,
+ HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
+ context->db->hdb_close(context->context, context->db);
+ if(ret)
+ return _kadm5_error_code(ret);
+
+ memset(out, 0, sizeof(*out));
+ if(mask & KADM5_PRINCIPAL)
+ ret = krb5_copy_principal(context->context, ent.entry.principal,
+ &out->principal);
+ if(ret)
+ goto out;
+ if(mask & KADM5_PRINC_EXPIRE_TIME && ent.entry.valid_end)
+ out->princ_expire_time = *ent.entry.valid_end;
+ if(mask & KADM5_PW_EXPIRATION && ent.entry.pw_end)
+ out->pw_expiration = *ent.entry.pw_end;
+ if(mask & KADM5_LAST_PWD_CHANGE)
+ hdb_entry_get_pw_change_time(&ent.entry, &out->last_pwd_change);
+ if(mask & KADM5_ATTRIBUTES){
+ out->attributes |= ent.entry.flags.postdate ? 0 : KRB5_KDB_DISALLOW_POSTDATED;
+ out->attributes |= ent.entry.flags.forwardable ? 0 : KRB5_KDB_DISALLOW_FORWARDABLE;
+ out->attributes |= ent.entry.flags.initial ? KRB5_KDB_DISALLOW_TGT_BASED : 0;
+ out->attributes |= ent.entry.flags.renewable ? 0 : KRB5_KDB_DISALLOW_RENEWABLE;
+ out->attributes |= ent.entry.flags.proxiable ? 0 : KRB5_KDB_DISALLOW_PROXIABLE;
+ out->attributes |= ent.entry.flags.invalid ? KRB5_KDB_DISALLOW_ALL_TIX : 0;
+ out->attributes |= ent.entry.flags.require_preauth ? KRB5_KDB_REQUIRES_PRE_AUTH : 0;
+ out->attributes |= ent.entry.flags.server ? 0 : KRB5_KDB_DISALLOW_SVR;
+ out->attributes |= ent.entry.flags.change_pw ? KRB5_KDB_PWCHANGE_SERVICE : 0;
+ out->attributes |= ent.entry.flags.ok_as_delegate ? KRB5_KDB_OK_AS_DELEGATE : 0;
+ out->attributes |= ent.entry.flags.trusted_for_delegation ? KRB5_KDB_TRUSTED_FOR_DELEGATION : 0;
+ out->attributes |= ent.entry.flags.allow_kerberos4 ? KRB5_KDB_ALLOW_KERBEROS4 : 0;
+ out->attributes |= ent.entry.flags.allow_digest ? KRB5_KDB_ALLOW_DIGEST : 0;
+ }
+ if(mask & KADM5_MAX_LIFE) {
+ if(ent.entry.max_life)
+ out->max_life = *ent.entry.max_life;
+ else
+ out->max_life = INT_MAX;
+ }
+ if(mask & KADM5_MOD_TIME) {
+ if(ent.entry.modified_by)
+ out->mod_date = ent.entry.modified_by->time;
+ else
+ out->mod_date = ent.entry.created_by.time;
+ }
+ if(mask & KADM5_MOD_NAME) {
+ if(ent.entry.modified_by) {
+ if (ent.entry.modified_by->principal != NULL)
+ ret = krb5_copy_principal(context->context,
+ ent.entry.modified_by->principal,
+ &out->mod_name);
+ } else if(ent.entry.created_by.principal != NULL)
+ ret = krb5_copy_principal(context->context,
+ ent.entry.created_by.principal,
+ &out->mod_name);
+ else
+ out->mod_name = NULL;
+ }
+ if(ret)
+ goto out;
+
+ if(mask & KADM5_KVNO)
+ out->kvno = ent.entry.kvno;
+ if(mask & KADM5_MKVNO) {
+ int n;
+ out->mkvno = 0; /* XXX */
+ for(n = 0; n < ent.entry.keys.len; n++)
+ if(ent.entry.keys.val[n].mkvno) {
+ out->mkvno = *ent.entry.keys.val[n].mkvno; /* XXX this isn't right */
+ break;
+ }
+ }
+ if(mask & KADM5_AUX_ATTRIBUTES)
+ /* XXX implement */;
+ if(mask & KADM5_POLICY)
+ out->policy = NULL;
+ if(mask & KADM5_MAX_RLIFE) {
+ if(ent.entry.max_renew)
+ out->max_renewable_life = *ent.entry.max_renew;
+ else
+ out->max_renewable_life = INT_MAX;
+ }
+ if(mask & KADM5_LAST_SUCCESS)
+ /* XXX implement */;
+ if(mask & KADM5_LAST_FAILED)
+ /* XXX implement */;
+ if(mask & KADM5_FAIL_AUTH_COUNT)
+ /* XXX implement */;
+ if(mask & KADM5_KEY_DATA){
+ int i;
+ Key *key;
+ krb5_key_data *kd;
+ krb5_salt salt;
+ krb5_data *sp;
+ krb5_get_pw_salt(context->context, ent.entry.principal, &salt);
+ out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data));
+ if (out->key_data == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ for(i = 0; i < ent.entry.keys.len; i++){
+ key = &ent.entry.keys.val[i];
+ kd = &out->key_data[i];
+ kd->key_data_ver = 2;
+ kd->key_data_kvno = ent.entry.kvno;
+ kd->key_data_type[0] = key->key.keytype;
+ if(key->salt)
+ kd->key_data_type[1] = key->salt->type;
+ else
+ kd->key_data_type[1] = KRB5_PADATA_PW_SALT;
+ /* setup key */
+ kd->key_data_length[0] = key->key.keyvalue.length;
+ kd->key_data_contents[0] = malloc(kd->key_data_length[0]);
+ if(kd->key_data_contents[0] == NULL){
+ ret = ENOMEM;
+ break;
+ }
+ memcpy(kd->key_data_contents[0], key->key.keyvalue.data,
+ kd->key_data_length[0]);
+ /* setup salt */
+ if(key->salt)
+ sp = &key->salt->salt;
+ else
+ sp = &salt.saltvalue;
+ kd->key_data_length[1] = sp->length;
+ kd->key_data_contents[1] = malloc(kd->key_data_length[1]);
+ if(kd->key_data_length[1] != 0
+ && kd->key_data_contents[1] == NULL) {
+ memset(kd->key_data_contents[0], 0, kd->key_data_length[0]);
+ ret = ENOMEM;
+ break;
+ }
+ memcpy(kd->key_data_contents[1], sp->data, kd->key_data_length[1]);
+ out->n_key_data = i + 1;
+ }
+ krb5_free_salt(context->context, salt);
+ }
+ if(ret){
+ kadm5_free_principal_ent(context, out);
+ goto out;
+ }
+ if(mask & KADM5_TL_DATA) {
+ time_t last_pw_expire;
+ const HDB_Ext_Aliases *aliases;
+
+ ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire);
+ if (ret == 0 && last_pw_expire) {
+ unsigned char buf[4];
+ _krb5_put_int(buf, last_pw_expire, sizeof(buf));
+ ret = add_tl_data(out, KRB5_TL_LAST_PWD_CHANGE, buf, sizeof(buf));
+ }
+ if(ret){
+ kadm5_free_principal_ent(context, out);
+ goto out;
+ }
+ /*
+ * If the client was allowed to get key data, let it have the
+ * password too.
+ */
+ if(mask & KADM5_KEY_DATA) {
+ heim_utf8_string pw;
+
+ ret = hdb_entry_get_password(context->context,
+ context->db, &ent.entry, &pw);
+ if (ret == 0) {
+ ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1);
+ free(pw);
+ }
+ krb5_clear_error_string(context->context);
+ ret = 0;
+ }
+
+ ret = hdb_entry_get_aliases(&ent.entry, &aliases);
+ if (ret == 0 && aliases) {
+ krb5_data buf;
+ size_t len;
+
+ ASN1_MALLOC_ENCODE(HDB_Ext_Aliases, buf.data, buf.length,
+ aliases, &len, ret);
+ if (ret) {
+ kadm5_free_principal_ent(context, out);
+ goto out;
+ }
+ if (len != buf.length)
+ krb5_abortx(context->context,
+ "internal ASN.1 encoder error");
+ ret = add_tl_data(out, KRB5_TL_ALIASES, buf.data, buf.length);
+ free(buf.data);
+ if (ret) {
+ kadm5_free_principal_ent(context, out);
+ goto out;
+ }
+ }
+ if(ret){
+ kadm5_free_principal_ent(context, out);
+ goto out;
+ }
+
+ }
+out:
+ hdb_free_entry(context->context, &ent);
+
+ return _kadm5_error_code(ret);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/init_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/init_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/init_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,783 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+RCSID("$Id: init_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static void
+set_funcs(kadm5_client_context *c)
+{
+#define SET(C, F) (C)->funcs.F = kadm5 ## _c_ ## F
+ SET(c, chpass_principal);
+ SET(c, chpass_principal_with_key);
+ SET(c, create_principal);
+ SET(c, delete_principal);
+ SET(c, destroy);
+ SET(c, flush);
+ SET(c, get_principal);
+ SET(c, get_principals);
+ SET(c, get_privs);
+ SET(c, modify_principal);
+ SET(c, randkey_principal);
+ SET(c, rename_principal);
+}
+
+kadm5_ret_t
+_kadm5_c_init_context(kadm5_client_context **ctx,
+ kadm5_config_params *params,
+ krb5_context context)
+{
+ krb5_error_code ret;
+ char *colon;
+
+ *ctx = malloc(sizeof(**ctx));
+ if(*ctx == NULL)
+ return ENOMEM;
+ memset(*ctx, 0, sizeof(**ctx));
+ krb5_add_et_list (context, initialize_kadm5_error_table_r);
+ set_funcs(*ctx);
+ (*ctx)->context = context;
+ if(params->mask & KADM5_CONFIG_REALM) {
+ ret = 0;
+ (*ctx)->realm = strdup(params->realm);
+ if ((*ctx)->realm == NULL)
+ ret = ENOMEM;
+ } else
+ ret = krb5_get_default_realm((*ctx)->context, &(*ctx)->realm);
+ if (ret) {
+ free(*ctx);
+ return ret;
+ }
+ if(params->mask & KADM5_CONFIG_ADMIN_SERVER)
+ (*ctx)->admin_server = strdup(params->admin_server);
+ else {
+ char **hostlist;
+
+ ret = krb5_get_krb_admin_hst (context, &(*ctx)->realm, &hostlist);
+ if (ret) {
+ free((*ctx)->realm);
+ free(*ctx);
+ return ret;
+ }
+ (*ctx)->admin_server = strdup(*hostlist);
+ krb5_free_krbhst (context, hostlist);
+ }
+
+ if ((*ctx)->admin_server == NULL) {
+ free((*ctx)->realm);
+ free(*ctx);
+ return ENOMEM;
+ }
+ colon = strchr ((*ctx)->admin_server, ':');
+ if (colon != NULL)
+ *colon++ = '\0';
+
+ (*ctx)->kadmind_port = 0;
+
+ if(params->mask & KADM5_CONFIG_KADMIND_PORT)
+ (*ctx)->kadmind_port = params->kadmind_port;
+ else if (colon != NULL) {
+ char *end;
+
+ (*ctx)->kadmind_port = htons(strtol (colon, &end, 0));
+ }
+ if ((*ctx)->kadmind_port == 0)
+ (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm",
+ "tcp", 749);
+ return 0;
+}
+
+static krb5_error_code
+get_kadm_ticket(krb5_context context,
+ krb5_ccache id,
+ krb5_principal client,
+ const char *server_name)
+{
+ krb5_error_code ret;
+ krb5_creds in, *out;
+
+ memset(&in, 0, sizeof(in));
+ in.client = client;
+ ret = krb5_parse_name(context, server_name, &in.server);
+ if(ret)
+ return ret;
+ ret = krb5_get_credentials(context, 0, id, &in, &out);
+ if(ret == 0)
+ krb5_free_creds(context, out);
+ krb5_free_principal(context, in.server);
+ return ret;
+}
+
+static krb5_error_code
+get_new_cache(krb5_context context,
+ krb5_principal client,
+ const char *password,
+ krb5_prompter_fct prompter,
+ const char *keytab,
+ const char *server_name,
+ krb5_ccache *ret_cache)
+{
+ krb5_error_code ret;
+ krb5_creds cred;
+ krb5_get_init_creds_opt *opt;
+ krb5_ccache id;
+
+ ret = krb5_get_init_creds_opt_alloc (context, &opt);
+ if (ret)
+ return ret;
+
+ krb5_get_init_creds_opt_set_default_flags(context, "kadmin",
+ krb5_principal_get_realm(context,
+ client),
+ opt);
+
+
+ krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
+ krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
+
+ if(password == NULL && prompter == NULL) {
+ krb5_keytab kt;
+ if(keytab == NULL)
+ ret = krb5_kt_default(context, &kt);
+ else
+ ret = krb5_kt_resolve(context, keytab, &kt);
+ if(ret) {
+ krb5_get_init_creds_opt_free(context, opt);
+ return ret;
+ }
+ ret = krb5_get_init_creds_keytab (context,
+ &cred,
+ client,
+ kt,
+ 0,
+ server_name,
+ opt);
+ krb5_kt_close(context, kt);
+ } else {
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ client,
+ password,
+ prompter,
+ NULL,
+ 0,
+ server_name,
+ opt);
+ }
+ krb5_get_init_creds_opt_free(context, opt);
+ switch(ret){
+ case 0:
+ break;
+ case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ case KRB5KRB_AP_ERR_MODIFIED:
+ return KADM5_BAD_PASSWORD;
+ default:
+ return ret;
+ }
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+ if(ret)
+ return ret;
+ ret = krb5_cc_initialize (context, id, cred.client);
+ if (ret)
+ return ret;
+ ret = krb5_cc_store_cred (context, id, &cred);
+ if (ret)
+ return ret;
+ krb5_free_cred_contents (context, &cred);
+ *ret_cache = id;
+ return 0;
+}
+
+/*
+ * Check the credential cache `id\xB4 to figure out what principal to use
+ * when talking to the kadmind. If there is a initial kadmin/admin@
+ * credential in the cache, use that client principal. Otherwise, use
+ * the client principals first component and add /admin to the
+ * principal.
+ */
+
+static krb5_error_code
+get_cache_principal(krb5_context context,
+ krb5_ccache *id,
+ krb5_principal *client)
+{
+ krb5_error_code ret;
+ const char *name, *inst;
+ krb5_principal p1, p2;
+
+ ret = krb5_cc_default(context, id);
+ if(ret) {
+ *id = NULL;
+ return ret;
+ }
+
+ ret = krb5_cc_get_principal(context, *id, &p1);
+ if(ret) {
+ krb5_cc_close(context, *id);
+ *id = NULL;
+ return ret;
+ }
+
+ ret = krb5_make_principal(context, &p2, NULL,
+ "kadmin", "admin", NULL);
+ if (ret) {
+ krb5_cc_close(context, *id);
+ *id = NULL;
+ krb5_free_principal(context, p1);
+ return ret;
+ }
+
+ {
+ krb5_creds in, *out;
+ krb5_kdc_flags flags;
+
+ flags.i = 0;
+ memset(&in, 0, sizeof(in));
+
+ in.client = p1;
+ in.server = p2;
+
+ /* check for initial ticket kadmin/admin */
+ ret = krb5_get_credentials_with_flags(context, KRB5_GC_CACHED, flags,
+ *id, &in, &out);
+ krb5_free_principal(context, p2);
+ if (ret == 0) {
+ if (out->flags.b.initial) {
+ *client = p1;
+ krb5_free_creds(context, out);
+ return 0;
+ }
+ krb5_free_creds(context, out);
+ }
+ }
+ krb5_cc_close(context, *id);
+ *id = NULL;
+
+ name = krb5_principal_get_comp_string(context, p1, 0);
+ inst = krb5_principal_get_comp_string(context, p1, 1);
+ if(inst == NULL || strcmp(inst, "admin") != 0) {
+ ret = krb5_make_principal(context, &p2, NULL, name, "admin", NULL);
+ krb5_free_principal(context, p1);
+ if(ret != 0)
+ return ret;
+
+ *client = p2;
+ return 0;
+ }
+
+ *client = p1;
+
+ return 0;
+}
+
+krb5_error_code
+_kadm5_c_get_cred_cache(krb5_context context,
+ const char *client_name,
+ const char *server_name,
+ const char *password,
+ krb5_prompter_fct prompter,
+ const char *keytab,
+ krb5_ccache ccache,
+ krb5_ccache *ret_cache)
+{
+ krb5_error_code ret;
+ krb5_ccache id = NULL;
+ krb5_principal default_client = NULL, client = NULL;
+
+ /* treat empty password as NULL */
+ if(password && *password == '\0')
+ password = NULL;
+ if(server_name == NULL)
+ server_name = KADM5_ADMIN_SERVICE;
+
+ if(client_name != NULL) {
+ ret = krb5_parse_name(context, client_name, &client);
+ if(ret)
+ return ret;
+ }
+
+ if(ccache != NULL) {
+ id = ccache;
+ ret = krb5_cc_get_principal(context, id, &client);
+ if(ret)
+ return ret;
+ } else {
+ /* get principal from default cache, ok if this doesn't work */
+
+ ret = get_cache_principal(context, &id, &default_client);
+ if (ret) {
+ /*
+ * No client was specified by the caller and we cannot
+ * determine the client from a credentials cache.
+ */
+ const char *user;
+
+ user = get_default_username ();
+
+ if(user == NULL) {
+ krb5_set_error_string(context, "Unable to find local user name");
+ return KADM5_FAILURE;
+ }
+ ret = krb5_make_principal(context, &default_client,
+ NULL, user, "admin", NULL);
+ if(ret)
+ return ret;
+ }
+ }
+
+
+ /*
+ * No client was specified by the caller, but we have a client
+ * from the default credentials cache.
+ */
+ if (client == NULL && default_client != NULL)
+ client = default_client;
+
+
+ if(id && (default_client == NULL ||
+ krb5_principal_compare(context, client, default_client))) {
+ ret = get_kadm_ticket(context, id, client, server_name);
+ if(ret == 0) {
+ *ret_cache = id;
+ krb5_free_principal(context, default_client);
+ if (default_client != client)
+ krb5_free_principal(context, client);
+ return 0;
+ }
+ if(ccache != NULL)
+ /* couldn't get ticket from cache */
+ return -1;
+ }
+ /* get creds via AS request */
+ if(id && (id != ccache))
+ krb5_cc_close(context, id);
+ if (client != default_client)
+ krb5_free_principal(context, default_client);
+
+ ret = get_new_cache(context, client, password, prompter, keytab,
+ server_name, ret_cache);
+ krb5_free_principal(context, client);
+ return ret;
+}
+
+static kadm5_ret_t
+kadm_connect(kadm5_client_context *ctx)
+{
+ kadm5_ret_t ret;
+ krb5_principal server;
+ krb5_ccache cc;
+ int s;
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+ char portstr[NI_MAXSERV];
+ char *hostname, *slash;
+ char *service_name;
+ krb5_context context = ctx->context;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port));
+
+ hostname = ctx->admin_server;
+ slash = strchr (hostname, '/');
+ if (slash != NULL)
+ hostname = slash + 1;
+
+ error = getaddrinfo (hostname, portstr, &hints, &ai);
+ if (error) {
+ krb5_clear_error_string(context);
+ return KADM5_BAD_SERVER_NAME;
+ }
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ krb5_clear_error_string(context);
+ krb5_warn (context, errno, "connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ break;
+ }
+ if (a == NULL) {
+ freeaddrinfo (ai);
+ krb5_clear_error_string(context);
+ krb5_warnx (context, "failed to contact %s", hostname);
+ return KADM5_FAILURE;
+ }
+ ret = _kadm5_c_get_cred_cache(context,
+ ctx->client_name,
+ ctx->service_name,
+ NULL, ctx->prompter, ctx->keytab,
+ ctx->ccache, &cc);
+
+ if(ret) {
+ freeaddrinfo (ai);
+ close(s);
+ return ret;
+ }
+
+ if (ctx->realm)
+ asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm);
+ else
+ asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE);
+
+ if (service_name == NULL) {
+ freeaddrinfo (ai);
+ close(s);
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ ret = krb5_parse_name(context, service_name, &server);
+ free(service_name);
+ if(ret) {
+ freeaddrinfo (ai);
+ if(ctx->ccache == NULL)
+ krb5_cc_close(context, cc);
+ close(s);
+ return ret;
+ }
+ ctx->ac = NULL;
+
+ ret = krb5_sendauth(context, &ctx->ac, &s,
+ KADMIN_APPL_VERSION, NULL,
+ server, AP_OPTS_MUTUAL_REQUIRED,
+ NULL, NULL, cc, NULL, NULL, NULL);
+ if(ret == 0) {
+ krb5_data params;
+ kadm5_config_params p;
+ memset(&p, 0, sizeof(p));
+ if(ctx->realm) {
+ p.mask |= KADM5_CONFIG_REALM;
+ p.realm = ctx->realm;
+ }
+ ret = _kadm5_marshal_params(context, &p, ¶ms);
+
+ ret = krb5_write_priv_message(context, ctx->ac, &s, ¶ms);
+ krb5_data_free(¶ms);
+ if(ret) {
+ freeaddrinfo (ai);
+ close(s);
+ if(ctx->ccache == NULL)
+ krb5_cc_close(context, cc);
+ return ret;
+ }
+ } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) {
+ close(s);
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0) {
+ freeaddrinfo (ai);
+ krb5_clear_error_string(context);
+ return errno;
+ }
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ close (s);
+ freeaddrinfo (ai);
+ krb5_clear_error_string(context);
+ return errno;
+ }
+ ret = krb5_sendauth(context, &ctx->ac, &s,
+ KADMIN_OLD_APPL_VERSION, NULL,
+ server, AP_OPTS_MUTUAL_REQUIRED,
+ NULL, NULL, cc, NULL, NULL, NULL);
+ }
+ freeaddrinfo (ai);
+ if(ret) {
+ close(s);
+ return ret;
+ }
+
+ krb5_free_principal(context, server);
+ if(ctx->ccache == NULL)
+ krb5_cc_close(context, cc);
+ ctx->sock = s;
+
+ return 0;
+}
+
+kadm5_ret_t
+_kadm5_connect(void *handle)
+{
+ kadm5_client_context *ctx = handle;
+ if(ctx->sock == -1)
+ return kadm_connect(ctx);
+ return 0;
+}
+
+static kadm5_ret_t
+kadm5_c_init_with_context(krb5_context context,
+ const char *client_name,
+ const char *password,
+ krb5_prompter_fct prompter,
+ const char *keytab,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ kadm5_ret_t ret;
+ kadm5_client_context *ctx;
+ krb5_ccache cc;
+
+ ret = _kadm5_c_init_context(&ctx, realm_params, context);
+ if(ret)
+ return ret;
+
+ if(password != NULL && *password != '\0') {
+ ret = _kadm5_c_get_cred_cache(context,
+ client_name,
+ service_name,
+ password, prompter, keytab, ccache, &cc);
+ if(ret)
+ return ret; /* XXX */
+ ccache = cc;
+ }
+
+
+ if (client_name != NULL)
+ ctx->client_name = strdup(client_name);
+ else
+ ctx->client_name = NULL;
+ if (service_name != NULL)
+ ctx->service_name = strdup(service_name);
+ else
+ ctx->service_name = NULL;
+ ctx->prompter = prompter;
+ ctx->keytab = keytab;
+ ctx->ccache = ccache;
+ /* maybe we should copy the params here */
+ ctx->sock = -1;
+
+ *server_handle = ctx;
+ return 0;
+}
+
+static kadm5_ret_t
+init_context(const char *client_name,
+ const char *password,
+ krb5_prompter_fct prompter,
+ const char *keytab,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ krb5_context context;
+ kadm5_ret_t ret;
+ kadm5_server_context *ctx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+ ret = kadm5_c_init_with_context(context,
+ client_name,
+ password,
+ prompter,
+ keytab,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+ if(ret){
+ krb5_free_context(context);
+ return ret;
+ }
+ ctx = *server_handle;
+ ctx->my_context = 1;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_c_init_with_password_ctx(krb5_context context,
+ const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_context(context,
+ client_name,
+ password,
+ krb5_prompter_posix,
+ NULL,
+ NULL,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_c_init_with_password(const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return init_context(client_name,
+ password,
+ krb5_prompter_posix,
+ NULL,
+ NULL,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_c_init_with_skey_ctx(krb5_context context,
+ const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_context(context,
+ client_name,
+ NULL,
+ NULL,
+ keytab,
+ NULL,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+
+kadm5_ret_t
+kadm5_c_init_with_skey(const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return init_context(client_name,
+ NULL,
+ NULL,
+ keytab,
+ NULL,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_c_init_with_creds_ctx(krb5_context context,
+ const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_c_init_with_context(context,
+ client_name,
+ NULL,
+ NULL,
+ NULL,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_c_init_with_creds(const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return init_context(client_name,
+ NULL,
+ NULL,
+ NULL,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+#if 0
+kadm5_ret_t
+kadm5_init(char *client_name, char *pass,
+ char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+}
+#endif
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/init_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/init_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/init_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: init_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+
+static kadm5_ret_t
+kadm5_s_init_with_context(krb5_context context,
+ const char *client_name,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ kadm5_ret_t ret;
+ kadm5_server_context *ctx;
+ ret = _kadm5_s_init_context(&ctx, realm_params, context);
+ if(ret)
+ return ret;
+
+ assert(ctx->config.dbname != NULL);
+ assert(ctx->config.stash_file != NULL);
+ assert(ctx->config.acl_file != NULL);
+ assert(ctx->log_context.log_file != NULL);
+ assert(ctx->log_context.socket_name.sun_path[0] != '\0');
+
+ ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname);
+ if(ret)
+ return ret;
+ ret = hdb_set_master_keyfile (ctx->context,
+ ctx->db, ctx->config.stash_file);
+ if(ret)
+ return ret;
+
+ ctx->log_context.log_fd = -1;
+
+ ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0);
+
+ ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
+ if(ret)
+ return ret;
+
+ ret = _kadm5_acl_init(ctx);
+ if(ret)
+ return ret;
+
+ *server_handle = ctx;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_s_init_with_password_ctx(krb5_context context,
+ const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_context(context,
+ client_name,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_s_init_with_password(const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ krb5_context context;
+ kadm5_ret_t ret;
+ kadm5_server_context *ctx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+ ret = kadm5_s_init_with_password_ctx(context,
+ client_name,
+ password,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+ if(ret){
+ krb5_free_context(context);
+ return ret;
+ }
+ ctx = *server_handle;
+ ctx->my_context = 1;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_s_init_with_skey_ctx(krb5_context context,
+ const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_context(context,
+ client_name,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_s_init_with_skey(const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ krb5_context context;
+ kadm5_ret_t ret;
+ kadm5_server_context *ctx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+ ret = kadm5_s_init_with_skey_ctx(context,
+ client_name,
+ keytab,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+ if(ret){
+ krb5_free_context(context);
+ return ret;
+ }
+ ctx = *server_handle;
+ ctx->my_context = 1;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_s_init_with_creds_ctx(krb5_context context,
+ const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_context(context,
+ client_name,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_s_init_with_creds(const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ krb5_context context;
+ kadm5_ret_t ret;
+ kadm5_server_context *ctx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+ ret = kadm5_s_init_with_creds_ctx(context,
+ client_name,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+ if(ret){
+ krb5_free_context(context);
+ return ret;
+ }
+ ctx = *server_handle;
+ ctx->my_context = 1;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/iprop-commands.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/iprop-commands.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/iprop-commands.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: iprop-commands.in,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+command = {
+ name = "dump"
+ option = {
+ long = "config-file"
+ short = "c"
+ type = "string"
+ help = "configuration file"
+ argument = "file"
+ }
+ option = {
+ long = "realm"
+ short = "r"
+ type = "string"
+ help = "realm"
+ }
+ function = "iprop_dump"
+ help = "Prints the iprop transaction log in text."
+ max_args = "0"
+}
+command = {
+ name = "truncate"
+ option = {
+ long = "config-file"
+ short = "c"
+ type = "string"
+ help = "configuration file"
+ argument = "file"
+ }
+ option = {
+ long = "realm"
+ short = "r"
+ type = "string"
+ help = "realm"
+ }
+ function = "iprop_truncate"
+ help = "Truncate the log, preserve the version number."
+ max_args = "0"
+}
+command = {
+ name = "replay"
+ option = {
+ long = "start-version"
+ type = "integer"
+ help = "start replay with this version"
+ argument = "version-number"
+ default = "-1"
+ }
+ option = {
+ long = "end-version"
+ type = "integer"
+ help = "end replay with this version"
+ argument = "version-number"
+ default = "-1"
+ }
+ option = {
+ long = "config-file"
+ short = "c"
+ type = "string"
+ help = "configuration file"
+ argument = "file"
+ }
+ option = {
+ long = "realm"
+ short = "r"
+ type = "string"
+ help = "realm"
+ }
+ function = "iprop_replay"
+ help = "Replay the log on the database."
+ max_args = "0"
+}
+command = {
+ name = "last-version"
+ option = {
+ long = "config-file"
+ short = "c"
+ type = "string"
+ help = "configuration file"
+ argument = "file"
+ }
+ option = {
+ long = "realm"
+ short = "r"
+ type = "string"
+ help = "realm"
+ }
+ function = "last_version"
+ help = "Print the last version of the log-file."
+ max_args = "0"
+}
+command = {
+ name = "help"
+ argument = "command"
+ max_args = "1"
+ function = "help"
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.8
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.8 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,170 @@
+.\" $Id: iprop-log.8,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.\" Copyright (c) 2005 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: iprop-log.8,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd February 18, 2007
+.Dt IPROP-LOG 8
+.Os Heimdal
+.Sh NAME
+.Nm iprop-log
+.Nd
+maintain the iprop log file
+.Sh SYNOPSIS
+.Nm
+.Op Fl -version
+.Op Fl h | Fl -help
+.Ar command
+.Pp
+.Nm iprop-log truncate
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -realm= Ns Ar string
+.Xc
+.Oc
+.Op Fl h | Fl -help
+.Pp
+.Nm iprop-log dump
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -realm= Ns Ar string
+.Xc
+.Oc
+.Op Fl h | Fl -help
+.Pp
+.Nm iprop-log replay
+.Op Fl -start-version= Ns Ar version-number
+.Op Fl -end-version= Ns Ar version-number
+.Oo Fl c Ar file \*(Ba Xo
+.Fl -config-file= Ns Ar file
+.Xc
+.Oc
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -realm= Ns Ar string
+.Xc
+.Oc
+.Op Fl h | Fl -help
+.Sh DESCRIPTION
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl -version
+.Xc
+.It Xo
+.Fl h ,
+.Fl -help
+.Xc
+.El
+.Pp
+command can be one of the following:
+.Bl -tag -width truncate
+.It truncate
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+configuration file
+.It Xo
+.Fl r Ar string ,
+.Fl -realm= Ns Ar string
+.Xc
+realm
+.El
+.Pp
+Truncates the log. Sets the new logs version number for the to the
+last entry of the old log. If the log is truncted by emptying the
+file, the log will start over at the first version (0).
+.It dump
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+configuration file
+.It Xo
+.Fl r Ar string ,
+.Fl -realm= Ns Ar string
+.Xc
+realm
+.El
+.Pp
+Print out all entires in the log to standard output.
+.It replay
+.Bl -tag -width Ds
+.It Xo
+.Fl -start-version= Ns Ar version-number
+.Xc
+start replay with this version
+.It Xo
+.Fl -end-version= Ns Ar version-number
+.Xc
+end replay with this version
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+configuration file
+.It Xo
+.Fl r Ar string ,
+.Fl -realm= Ns Ar string
+.Xc
+realm
+.El
+.Pp
+Replay the changes from specified entries (or all if none is
+specified) in the transaction log to the database.
+.It last-version
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar file ,
+.Fl -config-file= Ns Ar file
+.Xc
+configuration file
+.It Xo
+.Fl r Ar string ,
+.Fl -realm= Ns Ar string
+.Xc
+realm
+.El
+.Pp
+prints the version of the last log entry.
+.El
+.Sh SEE ALSO
+.Xr iprop 8
Added: vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/iprop-log.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,486 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "iprop.h"
+#include <sl.h>
+#include <parse_time.h>
+#include "iprop-commands.h"
+
+RCSID("$Id: iprop-log.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_context context;
+
+static kadm5_server_context *
+get_kadmin_context(const char *config_file, char *realm)
+{
+ kadm5_config_params conf;
+ krb5_error_code ret;
+ void *kadm_handle;
+ char **files;
+
+ if (config_file == NULL) {
+ char *file;
+ asprintf(&file, "%s/kdc.conf", hdb_db_dir(context));
+ if (file == NULL)
+ errx(1, "out of memory");
+ config_file = file;
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if (ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ memset(&conf, 0, sizeof(conf));
+ if(realm) {
+ conf.mask |= KADM5_CONFIG_REALM;
+ conf.realm = realm;
+ }
+
+ ret = kadm5_init_with_password_ctx (context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
+
+ return (kadm5_server_context *)kadm_handle;
+}
+
+/*
+ * dump log
+ */
+
+static const char *op_names[] = {
+ "get",
+ "delete",
+ "create",
+ "rename",
+ "chpass",
+ "modify",
+ "randkey",
+ "get_privs",
+ "get_princs",
+ "chpass_with_key",
+ "nop"
+};
+
+static void
+print_entry(kadm5_server_context *server_context,
+ uint32_t ver,
+ time_t timestamp,
+ enum kadm_ops op,
+ uint32_t len,
+ krb5_storage *sp,
+ void *ctx)
+{
+ char t[256];
+ int32_t mask;
+ hdb_entry ent;
+ krb5_principal source;
+ char *name1, *name2;
+ krb5_data data;
+ krb5_context scontext = server_context->context;
+
+ off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
+
+ krb5_error_code ret;
+
+ strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp));
+
+ if(op < kadm_get || op > kadm_nop) {
+ printf("unknown op: %d\n", op);
+ krb5_storage_seek(sp, end, SEEK_SET);
+ return;
+ }
+
+ printf ("%s: ver = %u, timestamp = %s, len = %u\n",
+ op_names[op], ver, t, len);
+ switch(op) {
+ case kadm_delete:
+ krb5_ret_principal(sp, &source);
+ krb5_unparse_name(scontext, source, &name1);
+ printf(" %s\n", name1);
+ free(name1);
+ krb5_free_principal(scontext, source);
+ break;
+ case kadm_rename:
+ ret = krb5_data_alloc(&data, len);
+ if (ret)
+ krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len);
+ krb5_ret_principal(sp, &source);
+ krb5_storage_read(sp, data.data, data.length);
+ hdb_value2entry(scontext, &data, &ent);
+ krb5_unparse_name(scontext, source, &name1);
+ krb5_unparse_name(scontext, ent.principal, &name2);
+ printf(" %s -> %s\n", name1, name2);
+ free(name1);
+ free(name2);
+ krb5_free_principal(scontext, source);
+ free_hdb_entry(&ent);
+ break;
+ case kadm_create:
+ ret = krb5_data_alloc(&data, len);
+ if (ret)
+ krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len);
+ krb5_storage_read(sp, data.data, data.length);
+ ret = hdb_value2entry(scontext, &data, &ent);
+ if(ret)
+ abort();
+ mask = ~0;
+ goto foo;
+ case kadm_modify:
+ ret = krb5_data_alloc(&data, len);
+ if (ret)
+ krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len);
+ krb5_ret_int32(sp, &mask);
+ krb5_storage_read(sp, data.data, data.length);
+ ret = hdb_value2entry(scontext, &data, &ent);
+ if(ret)
+ abort();
+ foo:
+ if(ent.principal /* mask & KADM5_PRINCIPAL */) {
+ krb5_unparse_name(scontext, ent.principal, &name1);
+ printf(" principal = %s\n", name1);
+ free(name1);
+ }
+ if(mask & KADM5_PRINC_EXPIRE_TIME) {
+ if(ent.valid_end == NULL) {
+ strlcpy(t, "never", sizeof(t));
+ } else {
+ strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
+ localtime(ent.valid_end));
+ }
+ printf(" expires = %s\n", t);
+ }
+ if(mask & KADM5_PW_EXPIRATION) {
+ if(ent.pw_end == NULL) {
+ strlcpy(t, "never", sizeof(t));
+ } else {
+ strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
+ localtime(ent.pw_end));
+ }
+ printf(" password exp = %s\n", t);
+ }
+ if(mask & KADM5_LAST_PWD_CHANGE) {
+ }
+ if(mask & KADM5_ATTRIBUTES) {
+ unparse_flags(HDBFlags2int(ent.flags),
+ asn1_HDBFlags_units(), t, sizeof(t));
+ printf(" attributes = %s\n", t);
+ }
+ if(mask & KADM5_MAX_LIFE) {
+ if(ent.max_life == NULL)
+ strlcpy(t, "for ever", sizeof(t));
+ else
+ unparse_time(*ent.max_life, t, sizeof(t));
+ printf(" max life = %s\n", t);
+ }
+ if(mask & KADM5_MAX_RLIFE) {
+ if(ent.max_renew == NULL)
+ strlcpy(t, "for ever", sizeof(t));
+ else
+ unparse_time(*ent.max_renew, t, sizeof(t));
+ printf(" max rlife = %s\n", t);
+ }
+ if(mask & KADM5_MOD_TIME) {
+ printf(" mod time\n");
+ }
+ if(mask & KADM5_MOD_NAME) {
+ printf(" mod name\n");
+ }
+ if(mask & KADM5_KVNO) {
+ printf(" kvno = %d\n", ent.kvno);
+ }
+ if(mask & KADM5_MKVNO) {
+ printf(" mkvno\n");
+ }
+ if(mask & KADM5_AUX_ATTRIBUTES) {
+ printf(" aux attributes\n");
+ }
+ if(mask & KADM5_POLICY) {
+ printf(" policy\n");
+ }
+ if(mask & KADM5_POLICY_CLR) {
+ printf(" mod time\n");
+ }
+ if(mask & KADM5_LAST_SUCCESS) {
+ printf(" last success\n");
+ }
+ if(mask & KADM5_LAST_FAILED) {
+ printf(" last failed\n");
+ }
+ if(mask & KADM5_FAIL_AUTH_COUNT) {
+ printf(" fail auth count\n");
+ }
+ if(mask & KADM5_KEY_DATA) {
+ printf(" key data\n");
+ }
+ if(mask & KADM5_TL_DATA) {
+ printf(" tl data\n");
+ }
+ free_hdb_entry(&ent);
+ break;
+ case kadm_nop :
+ break;
+ default:
+ abort();
+ }
+ krb5_storage_seek(sp, end, SEEK_SET);
+}
+
+int
+iprop_dump(struct dump_options *opt, int argc, char **argv)
+{
+ kadm5_server_context *server_context;
+ krb5_error_code ret;
+
+ server_context = get_kadmin_context(opt->config_file_string,
+ opt->realm_string);
+
+ ret = kadm5_log_init (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_init");
+
+ ret = kadm5_log_foreach (server_context, print_entry, NULL);
+ if(ret)
+ krb5_warn(context, ret, "kadm5_log_foreach");
+
+ ret = kadm5_log_end (server_context);
+ if (ret)
+ krb5_warn(context, ret, "kadm5_log_end");
+ return 0;
+}
+
+int
+iprop_truncate(struct truncate_options *opt, int argc, char **argv)
+{
+ kadm5_server_context *server_context;
+ krb5_error_code ret;
+
+ server_context = get_kadmin_context(opt->config_file_string,
+ opt->realm_string);
+
+ ret = kadm5_log_truncate (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_truncate");
+
+ return 0;
+}
+
+int
+last_version(struct last_version_options *opt, int argc, char **argv)
+{
+ kadm5_server_context *server_context;
+ krb5_error_code ret;
+ uint32_t version;
+
+ server_context = get_kadmin_context(opt->config_file_string,
+ opt->realm_string);
+
+ ret = kadm5_log_init (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_init");
+
+ ret = kadm5_log_get_version (server_context, &version);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_get_version");
+
+ ret = kadm5_log_end (server_context);
+ if (ret)
+ krb5_warn(context, ret, "kadm5_log_end");
+
+ printf("version: %lu\n", (unsigned long)version);
+
+ return 0;
+}
+
+/*
+ * Replay log
+ */
+
+int start_version = -1;
+int end_version = -1;
+
+static void
+apply_entry(kadm5_server_context *server_context,
+ uint32_t ver,
+ time_t timestamp,
+ enum kadm_ops op,
+ uint32_t len,
+ krb5_storage *sp,
+ void *ctx)
+{
+ struct replay_options *opt = ctx;
+ krb5_error_code ret;
+
+ if((opt->start_version_integer != -1 && ver < opt->start_version_integer) ||
+ (opt->end_version_integer != -1 && ver > opt->end_version_integer)) {
+ /* XXX skip this entry */
+ krb5_storage_seek(sp, len, SEEK_CUR);
+ return;
+ }
+ printf ("ver %u... ", ver);
+ fflush (stdout);
+
+ ret = kadm5_log_replay (server_context,
+ op, ver, len, sp);
+ if (ret)
+ krb5_warn (server_context->context, ret, "kadm5_log_replay");
+
+ printf ("done\n");
+}
+
+int
+iprop_replay(struct replay_options *opt, int argc, char **argv)
+{
+ kadm5_server_context *server_context;
+ krb5_error_code ret;
+
+ server_context = get_kadmin_context(opt->config_file_string,
+ opt->realm_string);
+
+ ret = server_context->db->hdb_open(context,
+ server_context->db,
+ O_RDWR | O_CREAT, 0600);
+ if (ret)
+ krb5_err (context, 1, ret, "db->open");
+
+ ret = kadm5_log_init (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_init");
+
+ ret = kadm5_log_foreach (server_context, apply_entry, opt);
+ if(ret)
+ krb5_warn(context, ret, "kadm5_log_foreach");
+ ret = kadm5_log_end (server_context);
+ if (ret)
+ krb5_warn(context, ret, "kadm5_log_end");
+ ret = server_context->db->hdb_close (context, server_context->db);
+ if (ret)
+ krb5_err (context, 1, ret, "db->close");
+
+ return 0;
+}
+
+static int help_flag;
+static int version_flag;
+
+static struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag,
+ NULL, NULL
+ },
+ { "help", 'h', arg_flag, &help_flag,
+ NULL, NULL
+ }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+help(void *opt, int argc, char **argv)
+{
+ if(argc == 0) {
+ sl_help(commands, 1, argv - 1 /* XXX */);
+ } else {
+ SL_cmd *c = sl_match (commands, argv[0], 0);
+ if(c == NULL) {
+ fprintf (stderr, "No such command: %s. "
+ "Try \"help\" for a list of commands\n",
+ argv[0]);
+ } else {
+ if(c->func) {
+ char *fake[] = { NULL, "--help", NULL };
+ fake[0] = argv[0];
+ (*c->func)(2, fake);
+ fprintf(stderr, "\n");
+ }
+ if(c->help && *c->help)
+ fprintf (stderr, "%s\n", c->help);
+ if((++c)->name && c->func == NULL) {
+ int f = 0;
+ fprintf (stderr, "Synonyms:");
+ while (c->name && c->func == NULL) {
+ fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
+ f = 1;
+ }
+ fprintf (stderr, "\n");
+ }
+ }
+ }
+ return 0;
+}
+
+static void
+usage(int status)
+{
+ arg_printusage(args, num_args, NULL, "command");
+ exit(status);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+ krb5_error_code ret;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+ argc -= optidx;
+ argv += optidx;
+ if(argc == 0)
+ usage(1);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context failed with: %d\n", ret);
+
+ ret = sl_command(commands, argc, argv);
+ if(ret == -1)
+ warnx ("unrecognized command: %s", argv[0]);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/iprop.8
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/iprop.8 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/iprop.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,223 @@
+.\" $Id: iprop.8,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.\" Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd May 24, 2005
+.Dt IPROP 8
+.Os Heimdal
+.Sh NAME
+.Nm iprop ,
+.Nm ipropd-master ,
+.Nm ipropd-slave
+.Nd
+propagate changes to a Heimdal Kerberos master KDC to slave KDCs
+.Sh SYNOPSIS
+.Nm ipropd-master
+.Oo Fl c Ar string \*(Ba Xo
+.Fl -config-file= Ns Ar string
+.Xc
+.Oc
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -realm= Ns Ar string
+.Xc
+.Oc
+.Oo Fl k Ar kspec \*(Ba Xo
+.Fl -keytab= Ns Ar kspec
+.Xc
+.Oc
+.Oo Fl d Ar file \*(Ba Xo
+.Fl -database= Ns Ar file
+.Xc
+.Oc
+.Op Fl -slave-stats-file= Ns Ar file
+.Op Fl -time-missing= Ns Ar time
+.Op Fl -time-gone= Ns Ar time
+.Op Fl -detach
+.Op Fl -version
+.Op Fl -help
+.Nm ipropd-slave
+.Oo Fl c Ar string \*(Ba Xo
+.Fl -config-file= Ns Ar string
+.Xc
+.Oc
+.Oo Fl r Ar string \*(Ba Xo
+.Fl -realm= Ns Ar string
+.Xc
+.Oc
+.Oo Fl k Ar kspec \*(Ba Xo
+.Fl -keytab= Ns Ar kspec
+.Xc
+.Oc
+.Op Fl -time-lost= Ns Ar time
+.Op Fl -detach
+.Op Fl -version
+.Op Fl -help
+.Ar master
+.Pp
+.Sh DESCRIPTION
+.Nm ipropd-master
+is used to propagate changes to a Heimdal Kerberos database from the
+master Kerberos server on which it runs to slave Kerberos servers
+running
+.Nm ipropd-slave .
+.Pp
+The slaves are specified by the contents of the
+.Pa slaves
+file in the KDC's database directory, e.g.\&
+.Pa /var/heimdal/slaves .
+This has principals one per-line of the form
+.Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM
+where
+.Ar slave
+is the hostname of the slave server in the given
+.Ar REALM ,
+e.g.\&
+.Dl iprop/kerberos-1.example.com at EXAMPLE.COM
+On a slave, the argument
+.Fa master
+specifies the hostname of the master server from which to receive updates.
+.Pp
+In contrast to
+.Xr hprop 8 ,
+which sends the whole database to the slaves regularly,
+.Nm
+normally sends only the changes as they happen on the master. The
+master keeps track of all the changes by assigning a version number to
+every change to the database. The slaves know which was the latest
+version they saw, and in this way it can be determined if they are in
+sync or not. A log of all the changes is kept on the master. When a
+slave is at an older version than the oldest one in the log, the whole
+database has to be sent.
+.Pp
+The changes are propagated over a secure channel (on port 2121 by
+default). This should normally be defined as
+.Dq iprop/tcp
+in
+.Pa /etc/services
+or another source of the services database. The master and slaves
+must each have access to a keytab with keys for the
+.Nm iprop
+service principal on the local host.
+.Pp
+There is a keep-alive feature logged in the master's
+.Pa slave-stats
+file (e.g.\&
+.Pa /var/heimdal/slave-stats ) .
+.Pp
+Supported options for
+.Nm ipropd-master :
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar string ,
+.Fl -config-file= Ns Ar string
+.Xc
+.It Xo
+.Fl r Ar string ,
+.Fl -realm= Ns Ar string
+.Xc
+.It Xo
+.Fl k Ar kspec ,
+.Fl -keytab= Ns Ar kspec
+.Xc
+keytab to get authentication from
+.It Xo
+.Fl d Ar file ,
+.Fl -database= Ns Ar file
+.Xc
+Database (default per KDC)
+.It Xo
+.Fl -slave-stats-file= Ns Ar file
+.Xc
+file for slave status information
+.It Xo
+.Fl -time-missing= Ns Ar time
+.Xc
+time before slave is polled for presence (default 2 min)
+.It Xo
+.Fl -time-gone= Ns Ar time
+.Xc
+time of inactivity after which a slave is considered gone (default 5 min)
+.It Xo
+.Fl -detach
+.Xc
+detach from console
+.It Xo
+.Fl -version
+.Xc
+.It Xo
+.Fl -help
+.Xc
+.El
+.Pp
+Supported options for
+.Nm ipropd-slave :
+.Bl -tag -width Ds
+.It Xo
+.Fl c Ar string ,
+.Fl -config-file= Ns Ar string
+.Xc
+.It Xo
+.Fl r Ar string ,
+.Fl -realm= Ns Ar string
+.Xc
+.It Xo
+.Fl k Ar kspec ,
+.Fl -keytab= Ns Ar kspec
+.Xc
+keytab to get authentication from
+.It Xo
+.Fl -time-lost= Ns Ar time
+.Xc
+time before server is considered lost (default 5 min)
+.It Xo
+.Fl -detach
+.Xc
+detach from console
+.It Xo
+.Fl -version
+.Xc
+.It Xo
+.Fl -help
+.Xc
+.El
+Time arguments for the relevant options above may be specified in forms
+like 5 min, 300 s, or simply a number of seconds.
+.Sh FILES
+.Pa slaves ,
+.Pa slave-stats
+in the database directory.
+.Sh SEE ALSO
+.Xr hpropd 8 ,
+.Xr hprop 8 ,
+.Xr krb5.conf 8 ,
+.Xr kdc 8 ,
+.Xr iprop-log 8 .
Added: vendor-crypto/heimdal/dist/lib/kadm5/iprop.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/iprop.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/iprop.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1998-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: iprop.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __IPROP_H__
+#define __IPROP_H__
+
+#include "kadm5_locl.h"
+#include <getarg.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+#include <parse_time.h>
+
+#define IPROP_VERSION "iprop-0.0"
+
+#define IPROP_NAME "iprop"
+
+#define IPROP_SERVICE "iprop"
+
+#define IPROP_PORT 2121
+
+enum iprop_cmd { I_HAVE = 1,
+ FOR_YOU = 2,
+ TELL_YOU_EVERYTHING = 3,
+ ONE_PRINC = 4,
+ NOW_YOU_HAVE = 5,
+ ARE_YOU_THERE = 6,
+ I_AM_HERE = 7
+};
+
+extern sig_atomic_t exit_flag;
+void setup_signal(void);
+
+#endif /* __IPROP_H__ */
Added: vendor-crypto/heimdal/dist/lib/kadm5/ipropd_common.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/ipropd_common.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/ipropd_common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "iprop.h"
+RCSID("$Id: ipropd_common.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+sig_atomic_t exit_flag;
+
+static RETSIGTYPE
+sigterm(int sig)
+{
+ exit_flag = sig;
+}
+
+void
+setup_signal(void)
+{
+#ifdef HAVE_SIGACTION
+ {
+ struct sigaction sa;
+
+ sa.sa_flags = 0;
+ sa.sa_handler = sigterm;
+ sigemptyset(&sa.sa_mask);
+
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+ sigaction(SIGXCPU, &sa, NULL);
+
+ sa.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &sa, NULL);
+ }
+#else
+ signal(SIGINT, sigterm);
+ signal(SIGTERM, sigterm);
+ signal(SIGXCPU, sigterm);
+ signal(SIGPIPE, SIG_IGN);
+#endif
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/ipropd_master.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/ipropd_master.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/ipropd_master.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,937 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "iprop.h"
+#include <rtbl.h>
+
+RCSID("$Id: ipropd_master.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_log_facility *log_facility;
+
+const char *slave_stats_file;
+const char *slave_time_missing = "2 min";
+const char *slave_time_gone = "5 min";
+
+static int time_before_missing;
+static int time_before_gone;
+
+const char *master_hostname;
+
+static int
+make_signal_socket (krb5_context context)
+{
+ struct sockaddr_un addr;
+ const char *fn;
+ int fd;
+
+ fn = kadm5_log_signal_socket(context);
+
+ fd = socket (AF_UNIX, SOCK_DGRAM, 0);
+ if (fd < 0)
+ krb5_err (context, 1, errno, "socket AF_UNIX");
+ memset (&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strlcpy (addr.sun_path, fn, sizeof(addr.sun_path));
+ unlink (addr.sun_path);
+ if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+ krb5_err (context, 1, errno, "bind %s", addr.sun_path);
+ return fd;
+}
+
+static int
+make_listen_socket (krb5_context context, const char *port_str)
+{
+ int fd;
+ int one = 1;
+ struct sockaddr_in addr;
+
+ fd = socket (AF_INET, SOCK_STREAM, 0);
+ if (fd < 0)
+ krb5_err (context, 1, errno, "socket AF_INET");
+ setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
+ memset (&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+
+ if (port_str) {
+ addr.sin_port = krb5_getportbyname (context,
+ port_str, "tcp",
+ 0);
+ if (addr.sin_port == 0) {
+ char *ptr;
+ long port;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ krb5_errx (context, 1, "bad port `%s'", port_str);
+ addr.sin_port = htons(port);
+ }
+ } else {
+ addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE,
+ "tcp", IPROP_PORT);
+ }
+ if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+ krb5_err (context, 1, errno, "bind");
+ if (listen(fd, SOMAXCONN) < 0)
+ krb5_err (context, 1, errno, "listen");
+ return fd;
+}
+
+struct slave {
+ int fd;
+ struct sockaddr_in addr;
+ char *name;
+ krb5_auth_context ac;
+ uint32_t version;
+ time_t seen;
+ unsigned long flags;
+#define SLAVE_F_DEAD 0x1
+#define SLAVE_F_AYT 0x2
+ struct slave *next;
+};
+
+typedef struct slave slave;
+
+static int
+check_acl (krb5_context context, const char *name)
+{
+ const char *fn;
+ FILE *fp;
+ char buf[256];
+ int ret = 1;
+ char *slavefile;
+
+ asprintf(&slavefile, "%s/slaves", hdb_db_dir(context));
+
+ fn = krb5_config_get_string_default(context,
+ NULL,
+ slavefile,
+ "kdc",
+ "iprop-acl",
+ NULL);
+
+ fp = fopen (fn, "r");
+ free(slavefile);
+ if (fp == NULL)
+ return 1;
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (strcmp (buf, name) == 0) {
+ ret = 0;
+ break;
+ }
+ }
+ fclose (fp);
+ return ret;
+}
+
+static void
+slave_seen(slave *s)
+{
+ s->flags &= ~SLAVE_F_AYT;
+ s->seen = time(NULL);
+}
+
+static int
+slave_missing_p (slave *s)
+{
+ if (time(NULL) > s->seen + time_before_missing)
+ return 1;
+ return 0;
+}
+
+static int
+slave_gone_p (slave *s)
+{
+ if (time(NULL) > s->seen + time_before_gone)
+ return 1;
+ return 0;
+}
+
+static void
+slave_dead(krb5_context context, slave *s)
+{
+ krb5_warnx(context, "slave %s dead", s->name);
+
+ if (s->fd >= 0) {
+ close (s->fd);
+ s->fd = -1;
+ }
+ s->flags |= SLAVE_F_DEAD;
+ slave_seen(s);
+}
+
+static void
+remove_slave (krb5_context context, slave *s, slave **root)
+{
+ slave **p;
+
+ if (s->fd >= 0)
+ close (s->fd);
+ if (s->name)
+ free (s->name);
+ if (s->ac)
+ krb5_auth_con_free (context, s->ac);
+
+ for (p = root; *p; p = &(*p)->next)
+ if (*p == s) {
+ *p = s->next;
+ break;
+ }
+ free (s);
+}
+
+static void
+add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
+{
+ krb5_principal server;
+ krb5_error_code ret;
+ slave *s;
+ socklen_t addr_len;
+ krb5_ticket *ticket = NULL;
+ char hostname[128];
+
+ s = malloc(sizeof(*s));
+ if (s == NULL) {
+ krb5_warnx (context, "add_slave: no memory");
+ return;
+ }
+ s->name = NULL;
+ s->ac = NULL;
+
+ addr_len = sizeof(s->addr);
+ s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
+ if (s->fd < 0) {
+ krb5_warn (context, errno, "accept");
+ goto error;
+ }
+ if (master_hostname)
+ strlcpy(hostname, master_hostname, sizeof(hostname));
+ else
+ gethostname(hostname, sizeof(hostname));
+
+ ret = krb5_sname_to_principal (context, hostname, IPROP_NAME,
+ KRB5_NT_SRV_HST, &server);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_sname_to_principal");
+ goto error;
+ }
+
+ ret = krb5_recvauth (context, &s->ac, &s->fd,
+ IPROP_VERSION, server, 0, keytab, &ticket);
+ krb5_free_principal (context, server);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_recvauth");
+ goto error;
+ }
+ ret = krb5_unparse_name (context, ticket->client, &s->name);
+ if (ret) {
+ krb5_warn (context, ret, "krb5_unparse_name");
+ goto error;
+ }
+ if (check_acl (context, s->name)) {
+ krb5_warnx (context, "%s not in acl", s->name);
+ goto error;
+ }
+ krb5_free_ticket (context, ticket);
+ ticket = NULL;
+
+ {
+ slave *l = *root;
+
+ while (l) {
+ if (strcmp(l->name, s->name) == 0)
+ break;
+ l = l->next;
+ }
+ if (l) {
+ if (l->flags & SLAVE_F_DEAD) {
+ remove_slave(context, l, root);
+ } else {
+ krb5_warnx (context, "second connection from %s", s->name);
+ goto error;
+ }
+ }
+ }
+
+ krb5_warnx (context, "connection from %s", s->name);
+
+ s->version = 0;
+ s->flags = 0;
+ slave_seen(s);
+ s->next = *root;
+ *root = s;
+ return;
+error:
+ remove_slave(context, s, root);
+}
+
+struct prop_context {
+ krb5_auth_context auth_context;
+ int fd;
+};
+
+static int
+prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ krb5_data data;
+ struct slave *s = (struct slave *)v;
+
+ ret = hdb_entry2value (context, &entry->entry, &data);
+ if (ret)
+ return ret;
+ ret = krb5_data_realloc (&data, data.length + 4);
+ if (ret) {
+ krb5_data_free (&data);
+ return ret;
+ }
+ memmove ((char *)data.data + 4, data.data, data.length - 4);
+ sp = krb5_storage_from_data(&data);
+ if (sp == NULL) {
+ krb5_data_free (&data);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, ONE_PRINC);
+ krb5_storage_free(sp);
+
+ ret = krb5_write_priv_message (context, s->ac, &s->fd, &data);
+ krb5_data_free (&data);
+ return ret;
+}
+
+static int
+send_complete (krb5_context context, slave *s,
+ const char *database, uint32_t current_version)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ HDB *db;
+ krb5_data data;
+ char buf[8];
+
+ ret = hdb_create (context, &db, database);
+ if (ret)
+ krb5_err (context, 1, ret, "hdb_create: %s", database);
+ ret = db->hdb_open (context, db, O_RDONLY, 0);
+ if (ret)
+ krb5_err (context, 1, ret, "db->open");
+
+ sp = krb5_storage_from_mem (buf, 4);
+ if (sp == NULL)
+ krb5_errx (context, 1, "krb5_storage_from_mem");
+ krb5_store_int32 (sp, TELL_YOU_EVERYTHING);
+ krb5_storage_free (sp);
+
+ data.data = buf;
+ data.length = 4;
+
+ ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
+
+ if (ret) {
+ krb5_warn (context, ret, "krb5_write_priv_message");
+ slave_dead(context, s);
+ return ret;
+ }
+
+ ret = hdb_foreach (context, db, 0, prop_one, s);
+ if (ret) {
+ krb5_warn (context, ret, "hdb_foreach");
+ slave_dead(context, s);
+ return ret;
+ }
+
+ (*db->hdb_close)(context, db);
+ (*db->hdb_destroy)(context, db);
+
+ sp = krb5_storage_from_mem (buf, 8);
+ if (sp == NULL)
+ krb5_errx (context, 1, "krb5_storage_from_mem");
+ krb5_store_int32 (sp, NOW_YOU_HAVE);
+ krb5_store_int32 (sp, current_version);
+ krb5_storage_free (sp);
+
+ data.length = 8;
+
+ s->version = current_version;
+
+ ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
+ if (ret) {
+ slave_dead(context, s);
+ krb5_warn (context, ret, "krb5_write_priv_message");
+ return ret;
+ }
+
+ slave_seen(s);
+
+ return 0;
+}
+
+static int
+send_are_you_there (krb5_context context, slave *s)
+{
+ krb5_storage *sp;
+ krb5_data data;
+ char buf[4];
+ int ret;
+
+ if (s->flags & (SLAVE_F_DEAD|SLAVE_F_AYT))
+ return 0;
+
+ s->flags |= SLAVE_F_AYT;
+
+ data.data = buf;
+ data.length = 4;
+
+ sp = krb5_storage_from_mem (buf, 4);
+ if (sp == NULL) {
+ krb5_warnx (context, "are_you_there: krb5_data_alloc");
+ slave_dead(context, s);
+ return 1;
+ }
+ krb5_store_int32 (sp, ARE_YOU_THERE);
+ krb5_storage_free (sp);
+
+ ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
+
+ if (ret) {
+ krb5_warn (context, ret, "are_you_there: krb5_write_priv_message");
+ slave_dead(context, s);
+ return 1;
+ }
+
+ return 0;
+}
+
+static int
+send_diffs (krb5_context context, slave *s, int log_fd,
+ const char *database, uint32_t current_version)
+{
+ krb5_storage *sp;
+ uint32_t ver;
+ time_t timestamp;
+ enum kadm_ops op;
+ uint32_t len;
+ off_t right, left;
+ krb5_data data;
+ int ret = 0;
+
+ if (s->version == current_version) {
+ krb5_warnx(context, "slave %s in sync already at version %ld",
+ s->name, (long)s->version);
+ return 0;
+ }
+
+ if (s->flags & SLAVE_F_DEAD)
+ return 0;
+
+ /* if slave is a fresh client, starting over */
+ if (s->version == 0) {
+ krb5_warnx(context, "sending complete log to fresh slave %s",
+ s->name);
+ return send_complete (context, s, database, current_version);
+ }
+
+ sp = kadm5_log_goto_end (log_fd);
+ right = krb5_storage_seek(sp, 0, SEEK_CUR);
+ for (;;) {
+ ret = kadm5_log_previous (context, sp, &ver, ×tamp, &op, &len);
+ if (ret)
+ krb5_err(context, 1, ret,
+ "send_diffs: failed to find previous entry");
+ left = krb5_storage_seek(sp, -16, SEEK_CUR);
+ if (ver == s->version)
+ return 0;
+ if (ver == s->version + 1)
+ break;
+ if (left == 0) {
+ krb5_warnx(context,
+ "slave %s (version %lu) out of sync with master "
+ "(first version in log %lu), sending complete database",
+ s->name, (unsigned long)s->version, (unsigned long)ver);
+ return send_complete (context, s, database, current_version);
+ }
+ }
+
+ krb5_warnx(context,
+ "syncing slave %s from version %lu to version %lu",
+ s->name, (unsigned long)s->version,
+ (unsigned long)current_version);
+
+ ret = krb5_data_alloc (&data, right - left + 4);
+ if (ret) {
+ krb5_warn (context, ret, "send_diffs: krb5_data_alloc");
+ slave_dead(context, s);
+ return 1;
+ }
+ krb5_storage_read (sp, (char *)data.data + 4, data.length - 4);
+ krb5_storage_free(sp);
+
+ sp = krb5_storage_from_data (&data);
+ if (sp == NULL) {
+ krb5_warnx (context, "send_diffs: krb5_storage_from_data");
+ slave_dead(context, s);
+ return 1;
+ }
+ krb5_store_int32 (sp, FOR_YOU);
+ krb5_storage_free(sp);
+
+ ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
+ krb5_data_free(&data);
+
+ if (ret) {
+ krb5_warn (context, ret, "send_diffs: krb5_write_priv_message");
+ slave_dead(context, s);
+ return 1;
+ }
+ slave_seen(s);
+
+ s->version = current_version;
+
+ return 0;
+}
+
+static int
+process_msg (krb5_context context, slave *s, int log_fd,
+ const char *database, uint32_t current_version)
+{
+ int ret = 0;
+ krb5_data out;
+ krb5_storage *sp;
+ int32_t tmp;
+
+ ret = krb5_read_priv_message(context, s->ac, &s->fd, &out);
+ if(ret) {
+ krb5_warn (context, ret, "error reading message from %s", s->name);
+ return 1;
+ }
+
+ sp = krb5_storage_from_mem (out.data, out.length);
+ if (sp == NULL) {
+ krb5_warnx (context, "process_msg: no memory");
+ krb5_data_free (&out);
+ return 1;
+ }
+ if (krb5_ret_int32 (sp, &tmp) != 0) {
+ krb5_warnx (context, "process_msg: client send too short command");
+ krb5_data_free (&out);
+ return 1;
+ }
+ switch (tmp) {
+ case I_HAVE :
+ ret = krb5_ret_int32 (sp, &tmp);
+ if (ret != 0) {
+ krb5_warnx (context, "process_msg: client send too I_HAVE data");
+ break;
+ }
+ /* new started slave that have old log */
+ if (s->version == 0 && tmp != 0) {
+ if (s->version < tmp) {
+ krb5_warnx (context, "Slave %s have later version the master "
+ "OUT OF SYNC", s->name);
+ } else {
+ s->version = tmp;
+ }
+ }
+ if (tmp < s->version) {
+ krb5_warnx (context, "Slave claims to not have "
+ "version we already sent to it");
+ } else {
+ ret = send_diffs (context, s, log_fd, database, current_version);
+ }
+ break;
+ case I_AM_HERE :
+ break;
+ case ARE_YOU_THERE:
+ case FOR_YOU :
+ default :
+ krb5_warnx (context, "Ignoring command %d", tmp);
+ break;
+ }
+
+ krb5_data_free (&out);
+
+ slave_seen(s);
+
+ return ret;
+}
+
+#define SLAVE_NAME "Name"
+#define SLAVE_ADDRESS "Address"
+#define SLAVE_VERSION "Version"
+#define SLAVE_STATUS "Status"
+#define SLAVE_SEEN "Last Seen"
+
+static FILE *
+open_stats(krb5_context context)
+{
+ char *statfile = NULL;
+ const char *fn;
+ FILE *f;
+
+ if (slave_stats_file)
+ fn = slave_stats_file;
+ else {
+ asprintf(&statfile, "%s/slaves-stats", hdb_db_dir(context));
+ fn = krb5_config_get_string_default(context,
+ NULL,
+ statfile,
+ "kdc",
+ "iprop-stats",
+ NULL);
+ }
+ f = fopen(fn, "w");
+ if (statfile)
+ free(statfile);
+
+ return f;
+}
+
+static void
+write_master_down(krb5_context context)
+{
+ char str[100];
+ time_t t = time(NULL);
+ FILE *fp;
+
+ fp = open_stats(context);
+ if (fp == NULL)
+ return;
+ krb5_format_time(context, t, str, sizeof(str), TRUE);
+ fprintf(fp, "master down at %s\n", str);
+
+ fclose(fp);
+}
+
+static void
+write_stats(krb5_context context, slave *slaves, uint32_t current_version)
+{
+ char str[100];
+ rtbl_t tbl;
+ time_t t = time(NULL);
+ FILE *fp;
+
+ fp = open_stats(context);
+ if (fp == NULL)
+ return;
+
+ krb5_format_time(context, t, str, sizeof(str), TRUE);
+ fprintf(fp, "Status for slaves, last updated: %s\n\n", str);
+
+ fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version);
+
+ tbl = rtbl_create();
+ if (tbl == NULL) {
+ fclose(fp);
+ return;
+ }
+
+ rtbl_add_column(tbl, SLAVE_NAME, 0);
+ rtbl_add_column(tbl, SLAVE_ADDRESS, 0);
+ rtbl_add_column(tbl, SLAVE_VERSION, RTBL_ALIGN_RIGHT);
+ rtbl_add_column(tbl, SLAVE_STATUS, 0);
+ rtbl_add_column(tbl, SLAVE_SEEN, 0);
+
+ rtbl_set_prefix(tbl, " ");
+ rtbl_set_column_prefix(tbl, SLAVE_NAME, "");
+
+ while (slaves) {
+ krb5_address addr;
+ krb5_error_code ret;
+ rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name);
+ ret = krb5_sockaddr2address (context,
+ (struct sockaddr*)&slaves->addr, &addr);
+ if(ret == 0) {
+ krb5_print_address(&addr, str, sizeof(str), NULL);
+ krb5_free_address(context, &addr);
+ rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str);
+ } else
+ rtbl_add_column_entry(tbl, SLAVE_ADDRESS, "<unknown>");
+
+ snprintf(str, sizeof(str), "%u", (unsigned)slaves->version);
+ rtbl_add_column_entry(tbl, SLAVE_VERSION, str);
+
+ if (slaves->flags & SLAVE_F_DEAD)
+ rtbl_add_column_entry(tbl, SLAVE_STATUS, "Down");
+ else
+ rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up");
+
+ ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE);
+ rtbl_add_column_entry(tbl, SLAVE_SEEN, str);
+
+ slaves = slaves->next;
+ }
+
+ rtbl_format(tbl, fp);
+ rtbl_destroy(tbl);
+
+ fclose(fp);
+}
+
+
+static char *realm;
+static int version_flag;
+static int help_flag;
+static char *keytab_str = "HDB:";
+static char *database;
+static char *config_file;
+static char *port_str;
+static int detach_from_console = 0;
+
+static struct getargs args[] = {
+ { "config-file", 'c', arg_string, &config_file },
+ { "realm", 'r', arg_string, &realm },
+ { "keytab", 'k', arg_string, &keytab_str,
+ "keytab to get authentication from", "kspec" },
+ { "database", 'd', arg_string, &database, "database", "file"},
+ { "slave-stats-file", 0, arg_string, &slave_stats_file,
+ "file for slave status information", "file"},
+ { "time-missing", 0, arg_string, &slave_time_missing,
+ "time before slave is polled for presence", "time"},
+ { "time-gone", 0, arg_string, &slave_time_gone,
+ "time of inactivity after which a slave is considered gone", "time"},
+ { "port", 0, arg_string, &port_str,
+ "port ipropd will listen to", "port"},
+ { "detach", 0, arg_flag, &detach_from_console,
+ "detach from console" },
+ { "hostname", 0, arg_string, &master_hostname,
+ "hostname of master (if not same as hostname)", "hostname" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ void *kadm_handle;
+ kadm5_server_context *server_context;
+ kadm5_config_params conf;
+ int signal_fd, listen_fd;
+ int log_fd;
+ slave *slaves = NULL;
+ uint32_t current_version = 0, old_version = 0;
+ krb5_keytab keytab;
+ int optidx;
+ char **files;
+
+ optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ setup_signal();
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (config_file == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if (ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ time_before_gone = parse_time (slave_time_gone, "s");
+ if (time_before_gone < 0)
+ krb5_errx (context, 1, "couldn't parse time: %s", slave_time_gone);
+ time_before_missing = parse_time (slave_time_missing, "s");
+ if (time_before_missing < 0)
+ krb5_errx (context, 1, "couldn't parse time: %s", slave_time_missing);
+
+ if (detach_from_console)
+ daemon(0, 0);
+ pidfile (NULL);
+ krb5_openlog (context, "ipropd-master", &log_facility);
+ krb5_set_warn_dest(context, log_facility);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str);
+
+ memset(&conf, 0, sizeof(conf));
+ if(realm) {
+ conf.mask |= KADM5_CONFIG_REALM;
+ conf.realm = realm;
+ }
+ ret = kadm5_init_with_skey_ctx (context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
+
+ server_context = (kadm5_server_context *)kadm_handle;
+
+ log_fd = open (server_context->log_context.log_file, O_RDONLY, 0);
+ if (log_fd < 0)
+ krb5_err (context, 1, errno, "open %s",
+ server_context->log_context.log_file);
+
+ signal_fd = make_signal_socket (context);
+ listen_fd = make_listen_socket (context, port_str);
+
+ kadm5_log_get_version_fd (log_fd, ¤t_version);
+
+ krb5_warnx(context, "ipropd-master started at version: %lu",
+ (unsigned long)current_version);
+
+ while(exit_flag == 0){
+ slave *p;
+ fd_set readset;
+ int max_fd = 0;
+ struct timeval to = {30, 0};
+ uint32_t vers;
+
+ if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE)
+ krb5_errx (context, 1, "fd too large");
+
+ FD_ZERO(&readset);
+ FD_SET(signal_fd, &readset);
+ max_fd = max(max_fd, signal_fd);
+ FD_SET(listen_fd, &readset);
+ max_fd = max(max_fd, listen_fd);
+
+ for (p = slaves; p != NULL; p = p->next) {
+ if (p->flags & SLAVE_F_DEAD)
+ continue;
+ FD_SET(p->fd, &readset);
+ max_fd = max(max_fd, p->fd);
+ }
+
+ ret = select (max_fd + 1,
+ &readset, NULL, NULL, &to);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ krb5_err (context, 1, errno, "select");
+ }
+
+ if (ret == 0) {
+ old_version = current_version;
+ kadm5_log_get_version_fd (log_fd, ¤t_version);
+
+ if (current_version > old_version) {
+ krb5_warnx(context,
+ "Missed a signal, updating slaves %lu to %lu",
+ (unsigned long)old_version,
+ (unsigned long)current_version);
+ for (p = slaves; p != NULL; p = p->next) {
+ if (p->flags & SLAVE_F_DEAD)
+ continue;
+ send_diffs (context, p, log_fd, database, current_version);
+ }
+ }
+ }
+
+ if (ret && FD_ISSET(signal_fd, &readset)) {
+ struct sockaddr_un peer_addr;
+ socklen_t peer_len = sizeof(peer_addr);
+
+ if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0,
+ (struct sockaddr *)&peer_addr, &peer_len) < 0) {
+ krb5_warn (context, errno, "recvfrom");
+ continue;
+ }
+ --ret;
+ assert(ret >= 0);
+ old_version = current_version;
+ kadm5_log_get_version_fd (log_fd, ¤t_version);
+ if (current_version > old_version) {
+ krb5_warnx(context,
+ "Got a signal, updating slaves %lu to %lu",
+ (unsigned long)old_version,
+ (unsigned long)current_version);
+ for (p = slaves; p != NULL; p = p->next)
+ send_diffs (context, p, log_fd, database, current_version);
+ } else {
+ krb5_warnx(context,
+ "Got a signal, but no update in log version %lu",
+ (unsigned long)current_version);
+ }
+ }
+
+ for(p = slaves; p != NULL; p = p->next) {
+ if (p->flags & SLAVE_F_DEAD)
+ continue;
+ if (ret && FD_ISSET(p->fd, &readset)) {
+ --ret;
+ assert(ret >= 0);
+ if(process_msg (context, p, log_fd, database, current_version))
+ slave_dead(context, p);
+ } else if (slave_gone_p (p))
+ slave_dead(context, p);
+ else if (slave_missing_p (p)) {
+ krb5_warnx(context, "slave %s missing, sending AYT", p->name);
+ send_are_you_there (context, p);
+ }
+ }
+
+ if (ret && FD_ISSET(listen_fd, &readset)) {
+ add_slave (context, keytab, &slaves, listen_fd);
+ --ret;
+ assert(ret >= 0);
+ }
+ write_stats(context, slaves, current_version);
+ }
+
+ if(exit_flag == SIGXCPU)
+ krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
+ else if(exit_flag == SIGINT || exit_flag == SIGTERM)
+ krb5_warnx(context, "%s terminated", getprogname());
+ else
+ krb5_warnx(context, "%s unexpected exit reason: %d",
+ getprogname(), exit_flag);
+
+ write_master_down(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/ipropd_slave.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/ipropd_slave.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/ipropd_slave.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,632 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "iprop.h"
+
+RCSID("$Id: ipropd_slave.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_log_facility *log_facility;
+static char *server_time_lost = "5 min";
+static int time_before_lost;
+const char *slave_str = NULL;
+
+static int
+connect_to_master (krb5_context context, const char *master,
+ const char *port_str)
+{
+ int fd;
+ struct sockaddr_in addr;
+ struct hostent *he;
+
+ fd = socket (AF_INET, SOCK_STREAM, 0);
+ if (fd < 0)
+ krb5_err (context, 1, errno, "socket AF_INET");
+ memset (&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ if (port_str) {
+ addr.sin_port = krb5_getportbyname (context,
+ port_str, "tcp",
+ 0);
+ if (addr.sin_port == 0) {
+ char *ptr;
+ long port;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ krb5_errx (context, 1, "bad port `%s'", port_str);
+ addr.sin_port = htons(port);
+ }
+ } else {
+ addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE,
+ "tcp", IPROP_PORT);
+ }
+ he = roken_gethostbyname (master);
+ if (he == NULL)
+ krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno));
+ memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr));
+ if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
+ krb5_err (context, 1, errno, "connect");
+ return fd;
+}
+
+static void
+get_creds(krb5_context context, const char *keytab_str,
+ krb5_ccache *cache, const char *serverhost)
+{
+ krb5_keytab keytab;
+ krb5_principal client;
+ krb5_error_code ret;
+ krb5_get_init_creds_opt *init_opts;
+ krb5_creds creds;
+ char *server;
+ char keytab_buf[256];
+
+ if (keytab_str == NULL) {
+ ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf));
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_kt_default_name");
+ keytab_str = keytab_buf;
+ }
+
+ ret = krb5_kt_resolve(context, keytab_str, &keytab);
+ if(ret)
+ krb5_err(context, 1, ret, "%s", keytab_str);
+
+
+ ret = krb5_sname_to_principal (context, slave_str, IPROP_NAME,
+ KRB5_NT_SRV_HST, &client);
+ if (ret) krb5_err(context, 1, ret, "krb5_sname_to_principal");
+
+ ret = krb5_get_init_creds_opt_alloc(context, &init_opts);
+ if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc");
+
+ asprintf (&server, "%s/%s", IPROP_NAME, serverhost);
+ if (server == NULL)
+ krb5_errx (context, 1, "malloc: no memory");
+
+ ret = krb5_get_init_creds_keytab(context, &creds, client, keytab,
+ 0, server, init_opts);
+ free (server);
+ krb5_get_init_creds_opt_free(context, init_opts);
+ if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds");
+
+ ret = krb5_kt_close(context, keytab);
+ if(ret) krb5_err(context, 1, ret, "krb5_kt_close");
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache);
+ if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ ret = krb5_cc_initialize(context, *cache, client);
+ if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_store_cred(context, *cache, &creds);
+ if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred");
+}
+
+static void
+ihave (krb5_context context, krb5_auth_context auth_context,
+ int fd, uint32_t version)
+{
+ int ret;
+ u_char buf[8];
+ krb5_storage *sp;
+ krb5_data data;
+
+ sp = krb5_storage_from_mem (buf, 8);
+ krb5_store_int32 (sp, I_HAVE);
+ krb5_store_int32 (sp, version);
+ krb5_storage_free (sp);
+ data.length = 8;
+ data.data = buf;
+
+ ret = krb5_write_priv_message(context, auth_context, &fd, &data);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_write_priv_message");
+}
+
+static void
+receive_loop (krb5_context context,
+ krb5_storage *sp,
+ kadm5_server_context *server_context)
+{
+ int ret;
+ off_t left, right;
+ void *buf;
+ int32_t vers, vers2;
+ ssize_t sret;
+
+ /*
+ * Seek to the current version of the local database.
+ */
+ do {
+ int32_t len, timestamp, tmp;
+ enum kadm_ops op;
+
+ if(krb5_ret_int32 (sp, &vers) != 0)
+ return;
+ krb5_ret_int32 (sp, ×tamp);
+ krb5_ret_int32 (sp, &tmp);
+ op = tmp;
+ krb5_ret_int32 (sp, &len);
+ if (vers <= server_context->log_context.version)
+ krb5_storage_seek(sp, len + 8, SEEK_CUR);
+ } while(vers <= server_context->log_context.version);
+
+ /*
+ * Read up rest of the entires into the memory...
+ */
+ left = krb5_storage_seek (sp, -16, SEEK_CUR);
+ right = krb5_storage_seek (sp, 0, SEEK_END);
+ buf = malloc (right - left);
+ if (buf == NULL && (right - left) != 0)
+ krb5_errx (context, 1, "malloc: no memory");
+
+ /*
+ * ...and then write them out to the on-disk log.
+ */
+ krb5_storage_seek (sp, left, SEEK_SET);
+ krb5_storage_read (sp, buf, right - left);
+ sret = write (server_context->log_context.log_fd, buf, right-left);
+ if (sret != right - left)
+ krb5_err(context, 1, errno, "Failed to write log to disk");
+ ret = fsync (server_context->log_context.log_fd);
+ if (ret)
+ krb5_err(context, 1, errno, "Failed to sync log to disk");
+ free (buf);
+
+ /*
+ * Go back to the startpoint and start to commit the entires to
+ * the database.
+ */
+ krb5_storage_seek (sp, left, SEEK_SET);
+
+ for(;;) {
+ int32_t len, len2, timestamp, tmp;
+ off_t cur, cur2;
+ enum kadm_ops op;
+
+ if(krb5_ret_int32 (sp, &vers) != 0)
+ break;
+ ret = krb5_ret_int32 (sp, ×tamp);
+ if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
+ ret = krb5_ret_int32 (sp, &tmp);
+ if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
+ op = tmp;
+ ret = krb5_ret_int32 (sp, &len);
+ if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers);
+ if (len < 0)
+ krb5_errx(context, 1, "log is corrupted, "
+ "negative length of entry version %ld: %ld",
+ (long)vers, (long)len);
+ cur = krb5_storage_seek(sp, 0, SEEK_CUR);
+
+ krb5_warnx (context, "replaying entry %d", (int)vers);
+
+ ret = kadm5_log_replay (server_context,
+ op, vers, len, sp);
+ if (ret) {
+ char *s = krb5_get_error_message(server_context->context, ret);
+ krb5_warnx (context,
+ "kadm5_log_replay: %ld. Lost entry entry, "
+ "Database out of sync ?: %s (%d)",
+ (long)vers, s ? s : "unknown error", ret);
+ krb5_xfree(s);
+ }
+
+ {
+ /*
+ * Make sure the krb5_log_replay does the right thing wrt
+ * reading out data from the sp.
+ */
+ cur2 = krb5_storage_seek(sp, 0, SEEK_CUR);
+ if (cur + len != cur2)
+ krb5_errx(context, 1,
+ "kadm5_log_reply version: %ld didn't read the whole entry",
+ (long)vers);
+ }
+
+ if (krb5_ret_int32 (sp, &len2) != 0)
+ krb5_errx(context, 1, "entry %ld: postamble too short", (long)vers);
+ if(krb5_ret_int32 (sp, &vers2) != 0)
+ krb5_errx(context, 1, "entry %ld: postamble too short", (long)vers);
+
+ if (len != len2)
+ krb5_errx(context, 1, "entry %ld: len != len2", (long)vers);
+ if (vers != vers2)
+ krb5_errx(context, 1, "entry %ld: vers != vers2", (long)vers);
+ }
+
+ /*
+ * Update version
+ */
+
+ server_context->log_context.version = vers;
+}
+
+static void
+receive (krb5_context context,
+ krb5_storage *sp,
+ kadm5_server_context *server_context)
+{
+ int ret;
+
+ ret = server_context->db->hdb_open(context,
+ server_context->db,
+ O_RDWR | O_CREAT, 0600);
+ if (ret)
+ krb5_err (context, 1, ret, "db->open");
+
+ receive_loop (context, sp, server_context);
+
+ ret = server_context->db->hdb_close (context, server_context->db);
+ if (ret)
+ krb5_err (context, 1, ret, "db->close");
+}
+
+static void
+send_im_here (krb5_context context, int fd,
+ krb5_auth_context auth_context)
+{
+ krb5_storage *sp;
+ krb5_data data;
+ int ret;
+
+ ret = krb5_data_alloc (&data, 4);
+ if (ret)
+ krb5_err (context, 1, ret, "send_im_here");
+
+ sp = krb5_storage_from_data (&data);
+ if (sp == NULL)
+ krb5_errx (context, 1, "krb5_storage_from_data");
+ krb5_store_int32(sp, I_AM_HERE);
+ krb5_storage_free(sp);
+
+ ret = krb5_write_priv_message(context, auth_context, &fd, &data);
+ krb5_data_free(&data);
+
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_write_priv_message");
+}
+
+static void
+receive_everything (krb5_context context, int fd,
+ kadm5_server_context *server_context,
+ krb5_auth_context auth_context)
+{
+ int ret;
+ krb5_data data;
+ int32_t vno;
+ int32_t opcode;
+ krb5_storage *sp;
+
+ char *dbname;
+ HDB *mydb;
+
+ krb5_warnx(context, "receive complete database");
+
+ asprintf(&dbname, "%s-NEW", server_context->db->hdb_name);
+ ret = hdb_create(context, &mydb, dbname);
+ if(ret)
+ krb5_err(context,1, ret, "hdb_create");
+ free(dbname);
+
+ ret = hdb_set_master_keyfile (context,
+ mydb, server_context->config.stash_file);
+ if(ret)
+ krb5_err(context,1, ret, "hdb_set_master_keyfile");
+
+ /* I really want to use O_EXCL here, but given that I can't easily clean
+ up on error, I won't */
+ ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ if (ret)
+ krb5_err (context, 1, ret, "db->open");
+
+ sp = NULL;
+ do {
+ ret = krb5_read_priv_message(context, auth_context, &fd, &data);
+
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_read_priv_message");
+
+ sp = krb5_storage_from_data (&data);
+ if (sp == NULL)
+ krb5_errx (context, 1, "krb5_storage_from_data");
+ krb5_ret_int32 (sp, &opcode);
+ if (opcode == ONE_PRINC) {
+ krb5_data fake_data;
+ hdb_entry_ex entry;
+
+ krb5_storage_free(sp);
+
+ fake_data.data = (char *)data.data + 4;
+ fake_data.length = data.length - 4;
+
+ memset(&entry, 0, sizeof(entry));
+
+ ret = hdb_value2entry (context, &fake_data, &entry.entry);
+ if (ret)
+ krb5_err (context, 1, ret, "hdb_value2entry");
+ ret = mydb->hdb_store(server_context->context,
+ mydb,
+ 0, &entry);
+ if (ret)
+ krb5_err (context, 1, ret, "hdb_store");
+
+ hdb_free_entry (context, &entry);
+ krb5_data_free (&data);
+ } else if (opcode == NOW_YOU_HAVE)
+ ;
+ else
+ krb5_errx (context, 1, "strange opcode %d", opcode);
+ } while (opcode == ONE_PRINC);
+
+ if (opcode != NOW_YOU_HAVE)
+ krb5_errx (context, 1, "receive_everything: strange %d", opcode);
+
+ krb5_ret_int32 (sp, &vno);
+ krb5_storage_free(sp);
+
+ ret = kadm5_log_reinit (server_context);
+ if (ret)
+ krb5_err(context, 1, ret, "kadm5_log_reinit");
+
+ ret = kadm5_log_set_version (server_context, vno - 1);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_set_version");
+
+ ret = kadm5_log_nop (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_nop");
+
+ krb5_data_free (&data);
+
+ ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name);
+ if (ret)
+ krb5_err (context, 1, ret, "db->rename");
+
+ ret = mydb->hdb_close (context, mydb);
+ if (ret)
+ krb5_err (context, 1, ret, "db->close");
+
+ ret = mydb->hdb_destroy (context, mydb);
+ if (ret)
+ krb5_err (context, 1, ret, "db->destroy");
+
+ krb5_warnx(context, "receive complete database, version %ld", (long)vno);
+}
+
+static char *config_file;
+static char *realm;
+static int version_flag;
+static int help_flag;
+static char *keytab_str;
+static char *port_str;
+static int detach_from_console = 0;
+
+static struct getargs args[] = {
+ { "config-file", 'c', arg_string, &config_file },
+ { "realm", 'r', arg_string, &realm },
+ { "keytab", 'k', arg_string, &keytab_str,
+ "keytab to get authentication from", "kspec" },
+ { "time-lost", 0, arg_string, &server_time_lost,
+ "time before server is considered lost", "time" },
+ { "port", 0, arg_string, &port_str,
+ "port ipropd-slave will connect to", "port"},
+ { "detach", 0, arg_flag, &detach_from_console,
+ "detach from console" },
+ { "hostname", 0, arg_string, &slave_str,
+ "hostname of slave (if not same as hostname)", "hostname" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_auth_context auth_context;
+ void *kadm_handle;
+ kadm5_server_context *server_context;
+ kadm5_config_params conf;
+ int master_fd;
+ krb5_ccache ccache;
+ krb5_principal server;
+ char **files;
+ int optidx;
+
+ const char *master;
+
+ optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ setup_signal();
+
+ if (config_file == NULL) {
+ asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));
+ if (config_file == NULL)
+ errx(1, "out of memory");
+ }
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+ krb5_err(context, 1, ret, "getting configuration files");
+
+ ret = krb5_set_config_files(context, files);
+ krb5_free_config_files(files);
+ if (ret)
+ krb5_err(context, 1, ret, "reading configuration files");
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 1)
+ krb5_std_usage(1, args, num_args);
+
+ master = argv[0];
+
+ if (detach_from_console)
+ daemon(0, 0);
+ pidfile (NULL);
+ krb5_openlog (context, "ipropd-slave", &log_facility);
+ krb5_set_warn_dest(context, log_facility);
+
+ ret = krb5_kt_register(context, &hdb_kt_ops);
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_kt_register");
+
+ time_before_lost = parse_time (server_time_lost, "s");
+ if (time_before_lost < 0)
+ krb5_errx (context, 1, "couldn't parse time: %s", server_time_lost);
+
+ memset(&conf, 0, sizeof(conf));
+ if(realm) {
+ conf.mask |= KADM5_CONFIG_REALM;
+ conf.realm = realm;
+ }
+ ret = kadm5_init_with_password_ctx (context,
+ KADM5_ADMIN_SERVICE,
+ NULL,
+ KADM5_ADMIN_SERVICE,
+ &conf, 0, 0,
+ &kadm_handle);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
+
+ server_context = (kadm5_server_context *)kadm_handle;
+
+ ret = kadm5_log_init (server_context);
+ if (ret)
+ krb5_err (context, 1, ret, "kadm5_log_init");
+
+ get_creds(context, keytab_str, &ccache, master);
+
+ master_fd = connect_to_master (context, master, port_str);
+
+ ret = krb5_sname_to_principal (context, master, IPROP_NAME,
+ KRB5_NT_SRV_HST, &server);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_sname_to_principal");
+
+ auth_context = NULL;
+ ret = krb5_sendauth (context, &auth_context, &master_fd,
+ IPROP_VERSION, NULL, server,
+ AP_OPTS_MUTUAL_REQUIRED, NULL, NULL,
+ ccache, NULL, NULL, NULL);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_sendauth");
+
+ krb5_warnx(context, "ipropd-slave started at version: %ld",
+ (long)server_context->log_context.version);
+
+ ihave (context, auth_context, master_fd,
+ server_context->log_context.version);
+
+ while (exit_flag == 0) {
+ krb5_data out;
+ krb5_storage *sp;
+ int32_t tmp;
+ fd_set readset;
+ struct timeval to;
+
+ if (master_fd >= FD_SETSIZE)
+ krb5_errx (context, 1, "fd too large");
+
+ FD_ZERO(&readset);
+ FD_SET(master_fd, &readset);
+
+ to.tv_sec = time_before_lost;
+ to.tv_usec = 0;
+
+ ret = select (master_fd + 1,
+ &readset, NULL, NULL, &to);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ krb5_err (context, 1, errno, "select");
+ }
+ if (ret == 0)
+ krb5_errx (context, 1, "server didn't send a message "
+ "in %d seconds", time_before_lost);
+
+ ret = krb5_read_priv_message(context, auth_context, &master_fd, &out);
+
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_read_priv_message");
+
+ sp = krb5_storage_from_mem (out.data, out.length);
+ krb5_ret_int32 (sp, &tmp);
+ switch (tmp) {
+ case FOR_YOU :
+ receive (context, sp, server_context);
+ ihave (context, auth_context, master_fd,
+ server_context->log_context.version);
+ break;
+ case TELL_YOU_EVERYTHING :
+ receive_everything (context, master_fd, server_context,
+ auth_context);
+ break;
+ case ARE_YOU_THERE :
+ send_im_here (context, master_fd, auth_context);
+ break;
+ case NOW_YOU_HAVE :
+ case I_HAVE :
+ case ONE_PRINC :
+ case I_AM_HERE :
+ default :
+ krb5_warnx (context, "Ignoring command %d", tmp);
+ break;
+ }
+ krb5_storage_free (sp);
+ krb5_data_free (&out);
+ }
+
+ if(exit_flag == SIGXCPU)
+ krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
+ else if(exit_flag == SIGINT || exit_flag == SIGTERM)
+ krb5_warnx(context, "%s terminated", getprogname());
+ else
+ krb5_warnx(context, "%s unexpected exit reason: %d",
+ getprogname(), exit_flag);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/kadm5-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/kadm5-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/kadm5-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,503 @@
+/* This is a generated file */
+#ifndef __kadm5_private_h__
+#define __kadm5_private_h__
+
+#include <stdarg.h>
+
+kadm5_ret_t
+_kadm5_acl_check_permission (
+ kadm5_server_context */*context*/,
+ unsigned /*op*/,
+ krb5_const_principal /*princ*/);
+
+kadm5_ret_t
+_kadm5_acl_init (kadm5_server_context */*context*/);
+
+kadm5_ret_t
+_kadm5_bump_pw_expire (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/);
+
+krb5_error_code
+_kadm5_c_get_cred_cache (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*server_name*/,
+ const char */*password*/,
+ krb5_prompter_fct /*prompter*/,
+ const char */*keytab*/,
+ krb5_ccache /*ccache*/,
+ krb5_ccache */*ret_cache*/);
+
+kadm5_ret_t
+_kadm5_c_init_context (
+ kadm5_client_context **/*ctx*/,
+ kadm5_config_params */*params*/,
+ krb5_context /*context*/);
+
+kadm5_ret_t
+_kadm5_client_recv (
+ kadm5_client_context */*context*/,
+ krb5_data */*reply*/);
+
+kadm5_ret_t
+_kadm5_client_send (
+ kadm5_client_context */*context*/,
+ krb5_storage */*sp*/);
+
+int
+_kadm5_cmp_keys (
+ Key */*keys1*/,
+ int /*len1*/,
+ Key */*keys2*/,
+ int /*len2*/);
+
+kadm5_ret_t
+_kadm5_connect (void */*handle*/);
+
+kadm5_ret_t
+_kadm5_error_code (kadm5_ret_t /*code*/);
+
+void
+_kadm5_free_keys (
+ krb5_context /*context*/,
+ int /*len*/,
+ Key */*keys*/);
+
+void
+_kadm5_init_keys (
+ Key */*keys*/,
+ int /*len*/);
+
+kadm5_ret_t
+_kadm5_marshal_params (
+ krb5_context /*context*/,
+ kadm5_config_params */*params*/,
+ krb5_data */*out*/);
+
+kadm5_ret_t
+_kadm5_privs_to_string (
+ uint32_t /*privs*/,
+ char */*string*/,
+ size_t /*len*/);
+
+HDB *
+_kadm5_s_get_db (void */*server_handle*/);
+
+kadm5_ret_t
+_kadm5_s_init_context (
+ kadm5_server_context **/*ctx*/,
+ kadm5_config_params */*params*/,
+ krb5_context /*context*/);
+
+kadm5_ret_t
+_kadm5_set_keys (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/,
+ const char */*password*/);
+
+kadm5_ret_t
+_kadm5_set_keys2 (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/,
+ int16_t /*n_key_data*/,
+ krb5_key_data */*key_data*/);
+
+kadm5_ret_t
+_kadm5_set_keys3 (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/,
+ int /*n_keys*/,
+ krb5_keyblock */*keyblocks*/);
+
+kadm5_ret_t
+_kadm5_set_keys_randomly (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/,
+ krb5_keyblock **/*new_keys*/,
+ int */*n_keys*/);
+
+kadm5_ret_t
+_kadm5_set_modifier (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/);
+
+kadm5_ret_t
+_kadm5_setup_entry (
+ kadm5_server_context */*context*/,
+ hdb_entry_ex */*ent*/,
+ uint32_t /*mask*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*princ_mask*/,
+ kadm5_principal_ent_t /*def*/,
+ uint32_t /*def_mask*/);
+
+kadm5_ret_t
+_kadm5_string_to_privs (
+ const char */*s*/,
+ uint32_t* /*privs*/);
+
+kadm5_ret_t
+_kadm5_unmarshal_params (
+ krb5_context /*context*/,
+ krb5_data */*in*/,
+ kadm5_config_params */*params*/);
+
+kadm5_ret_t
+kadm5_c_chpass_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_c_chpass_principal_with_key (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ int /*n_key_data*/,
+ krb5_key_data */*key_data*/);
+
+kadm5_ret_t
+kadm5_c_create_principal (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_c_delete_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/);
+
+kadm5_ret_t
+kadm5_c_destroy (void */*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_flush (void */*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_get_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ kadm5_principal_ent_t /*out*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_c_get_principals (
+ void */*server_handle*/,
+ const char */*expression*/,
+ char ***/*princs*/,
+ int */*count*/);
+
+kadm5_ret_t
+kadm5_c_get_privs (
+ void */*server_handle*/,
+ uint32_t */*privs*/);
+
+kadm5_ret_t
+kadm5_c_init_with_creds (
+ const char */*client_name*/,
+ krb5_ccache /*ccache*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_init_with_creds_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ krb5_ccache /*ccache*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_init_with_password (
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_init_with_password_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_init_with_skey (
+ const char */*client_name*/,
+ const char */*keytab*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_init_with_skey_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*keytab*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_c_modify_principal (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_c_randkey_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ krb5_keyblock **/*new_keys*/,
+ int */*n_keys*/);
+
+kadm5_ret_t
+kadm5_c_rename_principal (
+ void */*server_handle*/,
+ krb5_principal /*source*/,
+ krb5_principal /*target*/);
+
+kadm5_ret_t
+kadm5_log_create (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/);
+
+kadm5_ret_t
+kadm5_log_delete (
+ kadm5_server_context */*context*/,
+ krb5_principal /*princ*/);
+
+kadm5_ret_t
+kadm5_log_end (kadm5_server_context */*context*/);
+
+kadm5_ret_t
+kadm5_log_foreach (
+ kadm5_server_context */*context*/,
+ void (*/*func*/)(kadm5_server_context *server_context, uint32_t ver, time_t timestamp, enum kadm_ops op, uint32_t len, krb5_storage *, void *),
+ void */*ctx*/);
+
+kadm5_ret_t
+kadm5_log_get_version (
+ kadm5_server_context */*context*/,
+ uint32_t */*ver*/);
+
+kadm5_ret_t
+kadm5_log_get_version_fd (
+ int /*fd*/,
+ uint32_t */*ver*/);
+
+krb5_storage *
+kadm5_log_goto_end (int /*fd*/);
+
+kadm5_ret_t
+kadm5_log_init (kadm5_server_context */*context*/);
+
+kadm5_ret_t
+kadm5_log_modify (
+ kadm5_server_context */*context*/,
+ hdb_entry */*ent*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_log_nop (kadm5_server_context */*context*/);
+
+kadm5_ret_t
+kadm5_log_previous (
+ krb5_context /*context*/,
+ krb5_storage */*sp*/,
+ uint32_t */*ver*/,
+ time_t */*timestamp*/,
+ enum kadm_ops */*op*/,
+ uint32_t */*len*/);
+
+kadm5_ret_t
+kadm5_log_reinit (kadm5_server_context */*context*/);
+
+kadm5_ret_t
+kadm5_log_rename (
+ kadm5_server_context */*context*/,
+ krb5_principal /*source*/,
+ hdb_entry */*ent*/);
+
+kadm5_ret_t
+kadm5_log_replay (
+ kadm5_server_context */*context*/,
+ enum kadm_ops /*op*/,
+ uint32_t /*ver*/,
+ uint32_t /*len*/,
+ krb5_storage */*sp*/);
+
+kadm5_ret_t
+kadm5_log_set_version (
+ kadm5_server_context */*context*/,
+ uint32_t /*vno*/);
+
+const char *
+kadm5_log_signal_socket (krb5_context /*context*/);
+
+kadm5_ret_t
+kadm5_log_truncate (kadm5_server_context */*server_context*/);
+
+kadm5_ret_t
+kadm5_s_chpass_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_s_chpass_principal_cond (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_s_chpass_principal_with_key (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ int /*n_key_data*/,
+ krb5_key_data */*key_data*/);
+
+kadm5_ret_t
+kadm5_s_create_principal (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_s_create_principal_with_key (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_s_delete_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/);
+
+kadm5_ret_t
+kadm5_s_destroy (void */*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_flush (void */*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_get_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ kadm5_principal_ent_t /*out*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_s_get_principals (
+ void */*server_handle*/,
+ const char */*expression*/,
+ char ***/*princs*/,
+ int */*count*/);
+
+kadm5_ret_t
+kadm5_s_get_privs (
+ void */*server_handle*/,
+ uint32_t */*privs*/);
+
+kadm5_ret_t
+kadm5_s_init_with_creds (
+ const char */*client_name*/,
+ krb5_ccache /*ccache*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_init_with_creds_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ krb5_ccache /*ccache*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_init_with_password (
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_init_with_password_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_init_with_skey (
+ const char */*client_name*/,
+ const char */*keytab*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_init_with_skey_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*keytab*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_s_modify_principal (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_s_randkey_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ krb5_keyblock **/*new_keys*/,
+ int */*n_keys*/);
+
+kadm5_ret_t
+kadm5_s_rename_principal (
+ void */*server_handle*/,
+ krb5_principal /*source*/,
+ krb5_principal /*target*/);
+
+#endif /* __kadm5_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/kadm5/kadm5-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/kadm5-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/kadm5-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,244 @@
+/* This is a generated file */
+#ifndef __kadm5_protos_h__
+#define __kadm5_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+kadm5_ret_t
+kadm5_ad_init_with_password (
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_ad_init_with_password_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+krb5_error_code
+kadm5_add_passwd_quality_verifier (
+ krb5_context /*context*/,
+ const char */*check_library*/);
+
+const char *
+kadm5_check_password_quality (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_data */*pwd_data*/);
+
+kadm5_ret_t
+kadm5_chpass_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_chpass_principal_with_key (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ int /*n_key_data*/,
+ krb5_key_data */*key_data*/);
+
+kadm5_ret_t
+kadm5_create_principal (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/,
+ const char */*password*/);
+
+kadm5_ret_t
+kadm5_delete_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/);
+
+kadm5_ret_t
+kadm5_destroy (void */*server_handle*/);
+
+kadm5_ret_t
+kadm5_flush (void */*server_handle*/);
+
+void
+kadm5_free_key_data (
+ void */*server_handle*/,
+ int16_t */*n_key_data*/,
+ krb5_key_data */*key_data*/);
+
+void
+kadm5_free_name_list (
+ void */*server_handle*/,
+ char **/*names*/,
+ int */*count*/);
+
+void
+kadm5_free_principal_ent (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/);
+
+kadm5_ret_t
+kadm5_get_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ kadm5_principal_ent_t /*out*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_get_principals (
+ void */*server_handle*/,
+ const char */*expression*/,
+ char ***/*princs*/,
+ int */*count*/);
+
+kadm5_ret_t
+kadm5_get_privs (
+ void */*server_handle*/,
+ uint32_t */*privs*/);
+
+kadm5_ret_t
+kadm5_init_with_creds (
+ const char */*client_name*/,
+ krb5_ccache /*ccache*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_init_with_creds_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ krb5_ccache /*ccache*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_init_with_password (
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_init_with_password_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*password*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_init_with_skey (
+ const char */*client_name*/,
+ const char */*keytab*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_init_with_skey_ctx (
+ krb5_context /*context*/,
+ const char */*client_name*/,
+ const char */*keytab*/,
+ const char */*service_name*/,
+ kadm5_config_params */*realm_params*/,
+ unsigned long /*struct_version*/,
+ unsigned long /*api_version*/,
+ void **/*server_handle*/);
+
+kadm5_ret_t
+kadm5_modify_principal (
+ void */*server_handle*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_randkey_principal (
+ void */*server_handle*/,
+ krb5_principal /*princ*/,
+ krb5_keyblock **/*new_keys*/,
+ int */*n_keys*/);
+
+kadm5_ret_t
+kadm5_rename_principal (
+ void */*server_handle*/,
+ krb5_principal /*source*/,
+ krb5_principal /*target*/);
+
+kadm5_ret_t
+kadm5_ret_key_data (
+ krb5_storage */*sp*/,
+ krb5_key_data */*key*/);
+
+kadm5_ret_t
+kadm5_ret_principal_ent (
+ krb5_storage */*sp*/,
+ kadm5_principal_ent_t /*princ*/);
+
+kadm5_ret_t
+kadm5_ret_principal_ent_mask (
+ krb5_storage */*sp*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t */*mask*/);
+
+kadm5_ret_t
+kadm5_ret_tl_data (
+ krb5_storage */*sp*/,
+ krb5_tl_data */*tl*/);
+
+void
+kadm5_setup_passwd_quality_check (
+ krb5_context /*context*/,
+ const char */*check_library*/,
+ const char */*check_function*/);
+
+kadm5_ret_t
+kadm5_store_key_data (
+ krb5_storage */*sp*/,
+ krb5_key_data */*key*/);
+
+kadm5_ret_t
+kadm5_store_principal_ent (
+ krb5_storage */*sp*/,
+ kadm5_principal_ent_t /*princ*/);
+
+kadm5_ret_t
+kadm5_store_principal_ent_mask (
+ krb5_storage */*sp*/,
+ kadm5_principal_ent_t /*princ*/,
+ uint32_t /*mask*/);
+
+kadm5_ret_t
+kadm5_store_tl_data (
+ krb5_storage */*sp*/,
+ krb5_tl_data */*tl*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __kadm5_protos_h__ */
Added: vendor-crypto/heimdal/dist/lib/kadm5/kadm5-pwcheck.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/kadm5-pwcheck.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/kadm5-pwcheck.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadm5-pwcheck.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef KADM5_PWCHECK_H
+#define KADM5_PWCHECK_H 1
+
+
+#define KADM5_PASSWD_VERSION_V0 0
+#define KADM5_PASSWD_VERSION_V1 1
+
+typedef const char* (*kadm5_passwd_quality_check_func_v0)(krb5_context,
+ krb5_principal,
+ krb5_data*);
+
+/*
+ * The 4th argument, is a tuning parameter for the quality check
+ * function, the lib/caller will providing it for the password quality
+ * module.
+ */
+
+typedef int
+(*kadm5_passwd_quality_check_func)(krb5_context context,
+ krb5_principal principal,
+ krb5_data *password,
+ const char *tuning,
+ char *message,
+ size_t length);
+
+struct kadm5_pw_policy_check_func {
+ const char *name;
+ kadm5_passwd_quality_check_func func;
+};
+
+struct kadm5_pw_policy_verifier {
+ const char *name;
+ int version;
+ const char *vendor;
+ const struct kadm5_pw_policy_check_func *funcs;
+};
+
+#endif /* KADM5_PWCHECK_H */
Added: vendor-crypto/heimdal/dist/lib/kadm5/kadm5_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/kadm5_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/kadm5_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+#
+# Error messages for the kadm5 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: kadm5_err.et,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $"
+
+error_table ovk kadm5
+
+prefix KADM5
+error_code FAILURE, "Operation failed for unspecified reason"
+error_code AUTH_GET, "Operation requires `get' privilege"
+error_code AUTH_ADD, "Operation requires `add' privilege"
+error_code AUTH_MODIFY, "Operation requires `modify' privilege"
+error_code AUTH_DELETE, "Operation requires `delete' privilege"
+error_code AUTH_INSUFFICIENT, "Insufficient authorization for operation"
+error_code BAD_DB, "Database inconsistency detected"
+error_code DUP, "Principal or policy already exists"
+error_code RPC_ERROR, "Communication failure with server"
+error_code NO_SRV, "No administration server found for realm"
+error_code BAD_HIST_KEY, "Password history principal key version mismatch"
+error_code NOT_INIT, "Connection to server not initialized"
+error_code UNK_PRINC, "Principal does not exist"
+error_code UNK_POLICY, "Policy does not exist"
+error_code BAD_MASK, "Invalid field mask for operation"
+error_code BAD_CLASS, "Invalid number of character classes"
+error_code BAD_LENGTH, "Invalid password length"
+error_code BAD_POLICY, "Invalid policy name"
+error_code BAD_PRINCIPAL, "Invalid principal name."
+error_code BAD_AUX_ATTR, "Invalid auxillary attributes"
+error_code BAD_HISTORY, "Invalid password history count"
+error_code BAD_MIN_PASS_LIFE, "Password minimum life is greater than password maximum life"
+error_code PASS_Q_TOOSHORT, "Password is too short"
+error_code PASS_Q_CLASS, "Password does not contain enough character classes"
+error_code PASS_Q_DICT, "Password is in the password dictionary"
+error_code PASS_REUSE, "Can't reuse password"
+error_code PASS_TOOSOON, "Current password's minimum life has not expired"
+error_code POLICY_REF, "Policy is in use"
+error_code INIT, "Connection to server already initialized"
+error_code BAD_PASSWORD, "Incorrect password"
+error_code PROTECT_PRINCIPAL, "Can't change protected principal"
+error_code BAD_SERVER_HANDLE, "Programmer error! Bad Admin server handle"
+error_code BAD_STRUCT_VERSION, "Programmer error! Bad API structure version"
+error_code OLD_STRUCT_VERSION, "API structure version specified by application is no longer supported"
+error_code NEW_STRUCT_VERSION, "API structure version specified by application is unknown to libraries"
+error_code BAD_API_VERSION, "Programmer error! Bad API version"
+error_code OLD_LIB_API_VERSION, "API version specified by application is no longer supported by libraries"
+error_code OLD_SERVER_API_VERSION,"API version specified by application is no longer supported by server"
+error_code NEW_LIB_API_VERSION, "API version specified by application is unknown to libraries"
+error_code NEW_SERVER_API_VERSION,"API version specified by application is unknown to server"
+error_code SECURE_PRINC_MISSING,"Database error! Required principal missing"
+error_code NO_RENAME_SALT, "The salt type of the specified principal does not support renaming"
+error_code BAD_CLIENT_PARAMS, "Invalid configuration parameter for remote KADM5 client"
+error_code BAD_SERVER_PARAMS, "Invalid configuration parameter for local KADM5 client."
+error_code AUTH_LIST, "Operation requires `list' privilege"
+error_code AUTH_CHANGEPW, "Operation requires `change-password' privilege"
+error_code BAD_TL_TYPE, "Invalid tagged data list element type"
+error_code MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing"
+error_code BAD_SERVER_NAME, "Bad krb5 admin server hostname"
Added: vendor-crypto/heimdal/dist/lib/kadm5/kadm5_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/kadm5_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/kadm5_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 1997-2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kadm5_locl.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __KADM5_LOCL_H__
+#define __KADM5_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <limits.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <fnmatch.h>
+#include "admin.h"
+#include "kadm5_err.h"
+#include <hdb.h>
+#include <der.h>
+#include <roken.h>
+#include <parse_units.h>
+#include "private.h"
+
+#endif /* __KADM5_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/kadm5/kadm5_pwcheck.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/kadm5_pwcheck.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/kadm5_pwcheck.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,146 @@
+.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kadm5_pwcheck.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd February 29, 2004
+.Dt KADM5_PWCHECK 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_pwcheck ,
+.Nm kadm5_setup_passwd_quality_check ,
+.Nm kadm5_add_passwd_quality_verifier ,
+.Nm kadm5_check_password_quality
+.Nd Heimdal warning and error functions
+.Sh LIBRARY
+Kerberos 5 Library (libkadm5srv, -lkadm5srv)
+.Sh SYNOPSIS
+.In kadm5-protos.h
+.In kadm5-pwcheck.h
+.Ft void
+.Fo kadm5_setup_passwd_quality_check
+.Fa "krb5_context context"
+.Fa "const char *check_library"
+.Fa "const char *check_function"
+.Fc
+.Ft "krb5_error_code"
+.Fo kadm5_add_passwd_quality_verifier
+.Fa "krb5_context context"
+.Fa "const char *check_library"
+.Fc
+.Ft "const char *"
+.Fo kadm5_check_password_quality
+.Fa "krb5_context context"
+.Fa "krb5_principal principal"
+.Fa "krb5_data *pwd_data"
+.Fc
+.Ft int
+.Fo "(*kadm5_passwd_quality_check_func)"
+.Fa "krb5_context context"
+.Fa "krb5_principal principal"
+.Fa "krb5_data *password"
+.Fa "const char *tuning"
+.Fa "char *message"
+.Fa "size_t length"
+.Fc
+.Sh DESCRIPTION
+These functions perform the quality check for the heimdal database
+library.
+.Pp
+There are two versions of the shared object API; the old version (0)
+is deprecated, but still supported. The new version (1) supports
+multiple password quality checking modules in the same shared object.
+See below for details.
+.Pp
+The password quality checker will run over all tests that are
+configured by the user.
+.Pp
+Module names are of the form
+.Ql vendor:test-name
+or, if the the test name is unique enough, just
+.Ql test-name .
+.Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT
+(This refers to the version 1 API only.)
+.Pp
+Module shared objects may conveniently be compiled and linked with
+.Xr libtool 1 .
+An object needs to export a symbol called
+.Ql kadm5_password_verifier
+of the type
+.Ft "struct kadm5_pw_policy_verifier" .
+.Pp
+Its
+.Ft name
+and
+.Ft vendor
+fields should be contain the obvious information and
+.Ft version
+should be
+.Dv KADM5_PASSWD_VERSION_V1 .
+.Ft funcs
+contains an array of
+.Ft "struct kadm5_pw_policy_check_func"
+structures that is terminated with an entry whose
+.Ft name
+component is
+.Dv NULL .
+The
+.Ft func
+Fields of the array elements are functions that are exported by the
+module to be called to check the password. They get the following
+arguments: the Kerberos context, principal, password, a tuning parameter, and
+a pointer to a message buffer and its length. The tuning parameter
+for the quality check function is currently always
+.Dv NULL .
+If the password is acceptable, the function returns zero. Otherwise
+it returns non-zero and fills in the message buffer with an
+appropriate explanation.
+.Sh RUNNING THE CHECKS
+.Nm kadm5_setup_passwd_quality_check
+sets up type 0 checks. It sets up all type 0 checks defined in
+.Xr krb5.conf 5
+if called with the last two arguments null.
+.Pp
+.Nm kadm5_add_passwd_quality_verifier
+sets up type 1 checks. It sets up all type 1 tests defined in
+.Xr krb5.conf 5
+if called with a null second argument.
+.Nm kadm5_check_password_quality
+runs the checks in the order in which they are defined in
+.Xr krb5.conf 5
+and the order in which they occur in a
+module's
+.Ft funcs
+array until one returns non-zero.
+.Sh SEE ALSO
+.Xr libtool 1 ,
+.Xr krb5 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/kadm5/keys.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/keys.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/keys.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: keys.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * free all the memory used by (len, keys)
+ */
+
+void
+_kadm5_free_keys (krb5_context context,
+ int len, Key *keys)
+{
+ hdb_free_keys(context, len, keys);
+}
+
+/*
+ * null-ify `len', `keys'
+ */
+
+void
+_kadm5_init_keys (Key *keys, int len)
+{
+ int i;
+
+ for (i = 0; i < len; ++i) {
+ keys[i].mkvno = NULL;
+ keys[i].salt = NULL;
+ keys[i].key.keyvalue.length = 0;
+ keys[i].key.keyvalue.data = NULL;
+ }
+}
+
+/*
+ * return 0 iff `keys1, len1' and `keys2, len2' are identical
+ */
+
+int
+_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2)
+{
+ int i;
+
+ if (len1 != len2)
+ return 1;
+
+ for (i = 0; i < len1; ++i) {
+ if ((keys1[i].salt != NULL && keys2[i].salt == NULL)
+ || (keys1[i].salt == NULL && keys2[i].salt != NULL))
+ return 1;
+ if (keys1[i].salt != NULL) {
+ if (keys1[i].salt->type != keys2[i].salt->type)
+ return 1;
+ if (keys1[i].salt->salt.length != keys2[i].salt->salt.length)
+ return 1;
+ if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data,
+ keys1[i].salt->salt.length) != 0)
+ return 1;
+ }
+ if (keys1[i].key.keytype != keys2[i].key.keytype)
+ return 1;
+ if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length)
+ return 1;
+ if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data,
+ keys1[i].key.keyvalue.length) != 0)
+ return 1;
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/log.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/log.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/log.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,982 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+#include "heim_threads.h"
+
+RCSID("$Id: log.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * A log record consists of:
+ *
+ * version number 4 bytes
+ * time in seconds 4 bytes
+ * operation (enum kadm_ops) 4 bytes
+ * length of record 4 bytes
+ * data... n bytes
+ * length of record 4 bytes
+ * version number 4 bytes
+ *
+ */
+
+kadm5_ret_t
+kadm5_log_get_version_fd (int fd,
+ uint32_t *ver)
+{
+ int ret;
+ krb5_storage *sp;
+ int32_t old_version;
+
+ ret = lseek (fd, 0, SEEK_END);
+ if(ret < 0)
+ return errno;
+ if(ret == 0) {
+ *ver = 0;
+ return 0;
+ }
+ sp = krb5_storage_from_fd (fd);
+ krb5_storage_seek(sp, -4, SEEK_CUR);
+ krb5_ret_int32 (sp, &old_version);
+ *ver = old_version;
+ krb5_storage_free(sp);
+ lseek (fd, 0, SEEK_END);
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_log_get_version (kadm5_server_context *context, uint32_t *ver)
+{
+ return kadm5_log_get_version_fd (context->log_context.log_fd, ver);
+}
+
+kadm5_ret_t
+kadm5_log_set_version (kadm5_server_context *context, uint32_t vno)
+{
+ kadm5_log_context *log_context = &context->log_context;
+
+ log_context->version = vno;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_log_init (kadm5_server_context *context)
+{
+ int fd;
+ kadm5_ret_t ret;
+ kadm5_log_context *log_context = &context->log_context;
+
+ if (log_context->log_fd != -1)
+ return 0;
+ fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600);
+ if (fd < 0) {
+ krb5_set_error_string(context->context, "kadm5_log_init: open %s",
+ log_context->log_file);
+ return errno;
+ }
+ if (flock (fd, LOCK_EX) < 0) {
+ krb5_set_error_string(context->context, "kadm5_log_init: flock %s",
+ log_context->log_file);
+ close (fd);
+ return errno;
+ }
+
+ ret = kadm5_log_get_version_fd (fd, &log_context->version);
+ if (ret)
+ return ret;
+
+ log_context->log_fd = fd;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_log_reinit (kadm5_server_context *context)
+{
+ int fd;
+ kadm5_log_context *log_context = &context->log_context;
+
+ if (log_context->log_fd != -1) {
+ flock (log_context->log_fd, LOCK_UN);
+ close (log_context->log_fd);
+ log_context->log_fd = -1;
+ }
+ fd = open (log_context->log_file, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ if (fd < 0)
+ return errno;
+ if (flock (fd, LOCK_EX) < 0) {
+ close (fd);
+ return errno;
+ }
+
+ log_context->version = 0;
+ log_context->log_fd = fd;
+ return 0;
+}
+
+
+kadm5_ret_t
+kadm5_log_end (kadm5_server_context *context)
+{
+ kadm5_log_context *log_context = &context->log_context;
+ int fd = log_context->log_fd;
+
+ flock (fd, LOCK_UN);
+ close(fd);
+ log_context->log_fd = -1;
+ return 0;
+}
+
+static kadm5_ret_t
+kadm5_log_preamble (kadm5_server_context *context,
+ krb5_storage *sp,
+ enum kadm_ops op)
+{
+ kadm5_log_context *log_context = &context->log_context;
+ kadm5_ret_t kadm_ret;
+
+ kadm_ret = kadm5_log_init (context);
+ if (kadm_ret)
+ return kadm_ret;
+
+ krb5_store_int32 (sp, ++log_context->version);
+ krb5_store_int32 (sp, time(NULL));
+ krb5_store_int32 (sp, op);
+ return 0;
+}
+
+static kadm5_ret_t
+kadm5_log_postamble (kadm5_log_context *context,
+ krb5_storage *sp)
+{
+ krb5_store_int32 (sp, context->version);
+ return 0;
+}
+
+/*
+ * flush the log record in `sp'.
+ */
+
+static kadm5_ret_t
+kadm5_log_flush (kadm5_log_context *log_context,
+ krb5_storage *sp)
+{
+ krb5_data data;
+ size_t len;
+ int ret;
+
+ krb5_storage_to_data(sp, &data);
+ len = data.length;
+ ret = write (log_context->log_fd, data.data, len);
+ if (ret != len) {
+ krb5_data_free(&data);
+ return errno;
+ }
+ if (fsync (log_context->log_fd) < 0) {
+ krb5_data_free(&data);
+ return errno;
+ }
+ /*
+ * Try to send a signal to any running `ipropd-master'
+ */
+ sendto (log_context->socket_fd,
+ (void *)&log_context->version,
+ sizeof(log_context->version),
+ 0,
+ (struct sockaddr *)&log_context->socket_name,
+ sizeof(log_context->socket_name));
+
+ krb5_data_free(&data);
+ return 0;
+}
+
+/*
+ * Add a `create' operation to the log.
+ */
+
+kadm5_ret_t
+kadm5_log_create (kadm5_server_context *context,
+ hdb_entry *ent)
+{
+ krb5_storage *sp;
+ kadm5_ret_t ret;
+ krb5_data value;
+ kadm5_log_context *log_context = &context->log_context;
+
+ sp = krb5_storage_emem();
+ ret = hdb_entry2value (context->context, ent, &value);
+ if (ret) {
+ krb5_storage_free(sp);
+ return ret;
+ }
+ ret = kadm5_log_preamble (context, sp, kadm_create);
+ if (ret) {
+ krb5_data_free (&value);
+ krb5_storage_free(sp);
+ return ret;
+ }
+ krb5_store_int32 (sp, value.length);
+ krb5_storage_write(sp, value.data, value.length);
+ krb5_store_int32 (sp, value.length);
+ krb5_data_free (&value);
+ ret = kadm5_log_postamble (log_context, sp);
+ if (ret) {
+ krb5_storage_free (sp);
+ return ret;
+ }
+ ret = kadm5_log_flush (log_context, sp);
+ krb5_storage_free (sp);
+ if (ret)
+ return ret;
+ ret = kadm5_log_end (context);
+ return ret;
+}
+
+/*
+ * Read the data of a create log record from `sp' and change the
+ * database.
+ */
+
+static kadm5_ret_t
+kadm5_log_replay_create (kadm5_server_context *context,
+ uint32_t ver,
+ uint32_t len,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ hdb_entry_ex ent;
+
+ memset(&ent, 0, sizeof(ent));
+
+ ret = krb5_data_alloc (&data, len);
+ if (ret) {
+ krb5_set_error_string(context->context, "out of memory");
+ return ret;
+ }
+ krb5_storage_read (sp, data.data, len);
+ ret = hdb_value2entry (context->context, &data, &ent.entry);
+ krb5_data_free(&data);
+ if (ret) {
+ krb5_set_error_string(context->context,
+ "Unmarshaling hdb entry failed");
+ return ret;
+ }
+ ret = context->db->hdb_store(context->context, context->db, 0, &ent);
+ hdb_free_entry (context->context, &ent);
+ return ret;
+}
+
+/*
+ * Add a `delete' operation to the log.
+ */
+
+kadm5_ret_t
+kadm5_log_delete (kadm5_server_context *context,
+ krb5_principal princ)
+{
+ krb5_storage *sp;
+ kadm5_ret_t ret;
+ off_t off;
+ off_t len;
+ kadm5_log_context *log_context = &context->log_context;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return ENOMEM;
+ ret = kadm5_log_preamble (context, sp, kadm_delete);
+ if (ret)
+ goto out;
+ ret = krb5_store_int32 (sp, 0);
+ if (ret)
+ goto out;
+ off = krb5_storage_seek (sp, 0, SEEK_CUR);
+ ret = krb5_store_principal (sp, princ);
+ if (ret)
+ goto out;
+ len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
+ krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
+ ret = krb5_store_int32 (sp, len);
+ if (ret)
+ goto out;
+ krb5_storage_seek(sp, len, SEEK_CUR);
+ ret = krb5_store_int32 (sp, len);
+ if (ret)
+ goto out;
+ ret = kadm5_log_postamble (log_context, sp);
+ if (ret)
+ goto out;
+ ret = kadm5_log_flush (log_context, sp);
+ if (ret)
+ goto out;
+ ret = kadm5_log_end (context);
+out:
+ krb5_storage_free (sp);
+ return ret;
+}
+
+/*
+ * Read a `delete' log operation from `sp' and apply it.
+ */
+
+static kadm5_ret_t
+kadm5_log_replay_delete (kadm5_server_context *context,
+ uint32_t ver,
+ uint32_t len,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+ krb5_principal principal;
+
+ ret = krb5_ret_principal (sp, &principal);
+ if (ret) {
+ krb5_set_error_string(context->context, "Failed to read deleted "
+ "principal from log version: %ld", (long)ver);
+ return ret;
+ }
+
+ ret = context->db->hdb_remove(context->context, context->db, principal);
+ krb5_free_principal (context->context, principal);
+ return ret;
+}
+
+/*
+ * Add a `rename' operation to the log.
+ */
+
+kadm5_ret_t
+kadm5_log_rename (kadm5_server_context *context,
+ krb5_principal source,
+ hdb_entry *ent)
+{
+ krb5_storage *sp;
+ kadm5_ret_t ret;
+ off_t off;
+ off_t len;
+ krb5_data value;
+ kadm5_log_context *log_context = &context->log_context;
+
+ krb5_data_zero(&value);
+
+ sp = krb5_storage_emem();
+ ret = hdb_entry2value (context->context, ent, &value);
+ if (ret)
+ goto failed;
+
+ ret = kadm5_log_preamble (context, sp, kadm_rename);
+ if (ret)
+ goto failed;
+
+ ret = krb5_store_int32 (sp, 0);
+ if (ret)
+ goto failed;
+ off = krb5_storage_seek (sp, 0, SEEK_CUR);
+ ret = krb5_store_principal (sp, source);
+ if (ret)
+ goto failed;
+
+ krb5_storage_write(sp, value.data, value.length);
+ len = krb5_storage_seek (sp, 0, SEEK_CUR) - off;
+
+ krb5_storage_seek(sp, -(len + 4), SEEK_CUR);
+ ret = krb5_store_int32 (sp, len);
+ if (ret)
+ goto failed;
+
+ krb5_storage_seek(sp, len, SEEK_CUR);
+ ret = krb5_store_int32 (sp, len);
+ if (ret)
+ goto failed;
+
+ ret = kadm5_log_postamble (log_context, sp);
+ if (ret)
+ goto failed;
+
+ ret = kadm5_log_flush (log_context, sp);
+ if (ret)
+ goto failed;
+ krb5_storage_free (sp);
+ krb5_data_free (&value);
+
+ return kadm5_log_end (context);
+
+failed:
+ krb5_data_free(&value);
+ krb5_storage_free(sp);
+ return ret;
+}
+
+/*
+ * Read a `rename' log operation from `sp' and apply it.
+ */
+
+static kadm5_ret_t
+kadm5_log_replay_rename (kadm5_server_context *context,
+ uint32_t ver,
+ uint32_t len,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+ krb5_principal source;
+ hdb_entry_ex target_ent;
+ krb5_data value;
+ off_t off;
+ size_t princ_len, data_len;
+
+ memset(&target_ent, 0, sizeof(target_ent));
+
+ off = krb5_storage_seek(sp, 0, SEEK_CUR);
+ ret = krb5_ret_principal (sp, &source);
+ if (ret) {
+ krb5_set_error_string(context->context, "Failed to read renamed "
+ "principal in log, version: %ld", (long)ver);
+ return ret;
+ }
+ princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
+ data_len = len - princ_len;
+ ret = krb5_data_alloc (&value, data_len);
+ if (ret) {
+ krb5_free_principal (context->context, source);
+ return ret;
+ }
+ krb5_storage_read (sp, value.data, data_len);
+ ret = hdb_value2entry (context->context, &value, &target_ent.entry);
+ krb5_data_free(&value);
+ if (ret) {
+ krb5_free_principal (context->context, source);
+ return ret;
+ }
+ ret = context->db->hdb_store (context->context, context->db,
+ 0, &target_ent);
+ hdb_free_entry (context->context, &target_ent);
+ if (ret) {
+ krb5_free_principal (context->context, source);
+ return ret;
+ }
+ ret = context->db->hdb_remove (context->context, context->db, source);
+ krb5_free_principal (context->context, source);
+ return ret;
+}
+
+
+/*
+ * Add a `modify' operation to the log.
+ */
+
+kadm5_ret_t
+kadm5_log_modify (kadm5_server_context *context,
+ hdb_entry *ent,
+ uint32_t mask)
+{
+ krb5_storage *sp;
+ kadm5_ret_t ret;
+ krb5_data value;
+ uint32_t len;
+ kadm5_log_context *log_context = &context->log_context;
+
+ krb5_data_zero(&value);
+
+ sp = krb5_storage_emem();
+ ret = hdb_entry2value (context->context, ent, &value);
+ if (ret)
+ goto failed;
+
+ ret = kadm5_log_preamble (context, sp, kadm_modify);
+ if (ret)
+ goto failed;
+
+ len = value.length + 4;
+ ret = krb5_store_int32 (sp, len);
+ if (ret)
+ goto failed;
+ ret = krb5_store_int32 (sp, mask);
+ if (ret)
+ goto failed;
+ krb5_storage_write (sp, value.data, value.length);
+
+ ret = krb5_store_int32 (sp, len);
+ if (ret)
+ goto failed;
+ ret = kadm5_log_postamble (log_context, sp);
+ if (ret)
+ goto failed;
+ ret = kadm5_log_flush (log_context, sp);
+ if (ret)
+ goto failed;
+ krb5_data_free(&value);
+ krb5_storage_free (sp);
+ return kadm5_log_end (context);
+failed:
+ krb5_data_free(&value);
+ krb5_storage_free(sp);
+ return ret;
+}
+
+/*
+ * Read a `modify' log operation from `sp' and apply it.
+ */
+
+static kadm5_ret_t
+kadm5_log_replay_modify (kadm5_server_context *context,
+ uint32_t ver,
+ uint32_t len,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int32_t mask;
+ krb5_data value;
+ hdb_entry_ex ent, log_ent;
+
+ memset(&log_ent, 0, sizeof(log_ent));
+
+ krb5_ret_int32 (sp, &mask);
+ len -= 4;
+ ret = krb5_data_alloc (&value, len);
+ if (ret) {
+ krb5_set_error_string(context->context, "out of memory");
+ return ret;
+ }
+ krb5_storage_read (sp, value.data, len);
+ ret = hdb_value2entry (context->context, &value, &log_ent.entry);
+ krb5_data_free(&value);
+ if (ret)
+ return ret;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_fetch(context->context, context->db,
+ log_ent.entry.principal,
+ HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
+ if (ret)
+ goto out;
+ if (mask & KADM5_PRINC_EXPIRE_TIME) {
+ if (log_ent.entry.valid_end == NULL) {
+ ent.entry.valid_end = NULL;
+ } else {
+ if (ent.entry.valid_end == NULL) {
+ ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
+ if (ent.entry.valid_end == NULL) {
+ krb5_set_error_string(context->context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ *ent.entry.valid_end = *log_ent.entry.valid_end;
+ }
+ }
+ if (mask & KADM5_PW_EXPIRATION) {
+ if (log_ent.entry.pw_end == NULL) {
+ ent.entry.pw_end = NULL;
+ } else {
+ if (ent.entry.pw_end == NULL) {
+ ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
+ if (ent.entry.pw_end == NULL) {
+ krb5_set_error_string(context->context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ *ent.entry.pw_end = *log_ent.entry.pw_end;
+ }
+ }
+ if (mask & KADM5_LAST_PWD_CHANGE) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_ATTRIBUTES) {
+ ent.entry.flags = log_ent.entry.flags;
+ }
+ if (mask & KADM5_MAX_LIFE) {
+ if (log_ent.entry.max_life == NULL) {
+ ent.entry.max_life = NULL;
+ } else {
+ if (ent.entry.max_life == NULL) {
+ ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
+ if (ent.entry.max_life == NULL) {
+ krb5_set_error_string(context->context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ *ent.entry.max_life = *log_ent.entry.max_life;
+ }
+ }
+ if ((mask & KADM5_MOD_TIME) && (mask & KADM5_MOD_NAME)) {
+ if (ent.entry.modified_by == NULL) {
+ ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
+ if (ent.entry.modified_by == NULL) {
+ krb5_set_error_string(context->context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ } else
+ free_Event(ent.entry.modified_by);
+ ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
+ if (ret) {
+ krb5_set_error_string(context->context, "out of memory");
+ goto out;
+ }
+ }
+ if (mask & KADM5_KVNO) {
+ ent.entry.kvno = log_ent.entry.kvno;
+ }
+ if (mask & KADM5_MKVNO) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_AUX_ATTRIBUTES) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_POLICY) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_POLICY_CLR) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_MAX_RLIFE) {
+ if (log_ent.entry.max_renew == NULL) {
+ ent.entry.max_renew = NULL;
+ } else {
+ if (ent.entry.max_renew == NULL) {
+ ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
+ if (ent.entry.max_renew == NULL) {
+ krb5_set_error_string(context->context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ *ent.entry.max_renew = *log_ent.entry.max_renew;
+ }
+ }
+ if (mask & KADM5_LAST_SUCCESS) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_LAST_FAILED) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_FAIL_AUTH_COUNT) {
+ abort (); /* XXX */
+ }
+ if (mask & KADM5_KEY_DATA) {
+ size_t num;
+ int i;
+
+ for (i = 0; i < ent.entry.keys.len; ++i)
+ free_Key(&ent.entry.keys.val[i]);
+ free (ent.entry.keys.val);
+
+ num = log_ent.entry.keys.len;
+
+ ent.entry.keys.len = num;
+ ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
+ if (ent.entry.keys.val == NULL) {
+ krb5_set_error_string(context->context, "out of memory");
+ return ENOMEM;
+ }
+ for (i = 0; i < ent.entry.keys.len; ++i) {
+ ret = copy_Key(&log_ent.entry.keys.val[i],
+ &ent.entry.keys.val[i]);
+ if (ret) {
+ krb5_set_error_string(context->context, "out of memory");
+ goto out;
+ }
+ }
+ }
+ if ((mask & KADM5_TL_DATA) && log_ent.entry.extensions) {
+ HDB_extensions *es = ent.entry.extensions;
+
+ ent.entry.extensions = calloc(1, sizeof(*ent.entry.extensions));
+ if (ent.entry.extensions == NULL)
+ goto out;
+
+ ret = copy_HDB_extensions(log_ent.entry.extensions,
+ ent.entry.extensions);
+ if (ret) {
+ krb5_set_error_string(context->context, "out of memory");
+ free(ent.entry.extensions);
+ ent.entry.extensions = es;
+ goto out;
+ }
+ if (es) {
+ free_HDB_extensions(es);
+ free(es);
+ }
+ }
+ ret = context->db->hdb_store(context->context, context->db,
+ HDB_F_REPLACE, &ent);
+ out:
+ hdb_free_entry (context->context, &ent);
+ hdb_free_entry (context->context, &log_ent);
+ return ret;
+}
+
+/*
+ * Add a `nop' operation to the log. Does not close the log.
+ */
+
+kadm5_ret_t
+kadm5_log_nop (kadm5_server_context *context)
+{
+ krb5_storage *sp;
+ kadm5_ret_t ret;
+ kadm5_log_context *log_context = &context->log_context;
+
+ sp = krb5_storage_emem();
+ ret = kadm5_log_preamble (context, sp, kadm_nop);
+ if (ret) {
+ krb5_storage_free (sp);
+ return ret;
+ }
+ krb5_store_int32 (sp, 0);
+ krb5_store_int32 (sp, 0);
+ ret = kadm5_log_postamble (log_context, sp);
+ if (ret) {
+ krb5_storage_free (sp);
+ return ret;
+ }
+ ret = kadm5_log_flush (log_context, sp);
+ krb5_storage_free (sp);
+
+ return ret;
+}
+
+/*
+ * Read a `nop' log operation from `sp' and apply it.
+ */
+
+static kadm5_ret_t
+kadm5_log_replay_nop (kadm5_server_context *context,
+ uint32_t ver,
+ uint32_t len,
+ krb5_storage *sp)
+{
+ return 0;
+}
+
+/*
+ * Call `func' for each log record in the log in `context'
+ */
+
+kadm5_ret_t
+kadm5_log_foreach (kadm5_server_context *context,
+ void (*func)(kadm5_server_context *server_context,
+ uint32_t ver,
+ time_t timestamp,
+ enum kadm_ops op,
+ uint32_t len,
+ krb5_storage *,
+ void *),
+ void *ctx)
+{
+ int fd = context->log_context.log_fd;
+ krb5_storage *sp;
+
+ lseek (fd, 0, SEEK_SET);
+ sp = krb5_storage_from_fd (fd);
+ for (;;) {
+ int32_t ver, timestamp, op, len, len2, ver2;
+
+ if(krb5_ret_int32 (sp, &ver) != 0)
+ break;
+ krb5_ret_int32 (sp, ×tamp);
+ krb5_ret_int32 (sp, &op);
+ krb5_ret_int32 (sp, &len);
+ (*func)(context, ver, timestamp, op, len, sp, ctx);
+ krb5_ret_int32 (sp, &len2);
+ krb5_ret_int32 (sp, &ver2);
+ if (len != len2)
+ abort();
+ if (ver != ver2)
+ abort();
+ }
+ krb5_storage_free(sp);
+ return 0;
+}
+
+/*
+ * Go to end of log.
+ */
+
+krb5_storage *
+kadm5_log_goto_end (int fd)
+{
+ krb5_storage *sp;
+
+ sp = krb5_storage_from_fd (fd);
+ krb5_storage_seek(sp, 0, SEEK_END);
+ return sp;
+}
+
+/*
+ * Return previous log entry.
+ *
+ * The pointer in `sp\xB4 is assumed to be at the top of the entry before
+ * previous entry. On success, the `sp\xB4 pointer is set to data portion
+ * of previous entry. In case of error, it's not changed at all.
+ */
+
+kadm5_ret_t
+kadm5_log_previous (krb5_context context,
+ krb5_storage *sp,
+ uint32_t *ver,
+ time_t *timestamp,
+ enum kadm_ops *op,
+ uint32_t *len)
+{
+ krb5_error_code ret;
+ off_t off, oldoff;
+ int32_t tmp;
+
+ oldoff = krb5_storage_seek(sp, 0, SEEK_CUR);
+
+ krb5_storage_seek(sp, -8, SEEK_CUR);
+ ret = krb5_ret_int32 (sp, &tmp);
+ if (ret)
+ goto end_of_storage;
+ *len = tmp;
+ ret = krb5_ret_int32 (sp, &tmp);
+ *ver = tmp;
+ off = 24 + *len;
+ krb5_storage_seek(sp, -off, SEEK_CUR);
+ ret = krb5_ret_int32 (sp, &tmp);
+ if (ret)
+ goto end_of_storage;
+ if (tmp != *ver) {
+ krb5_storage_seek(sp, oldoff, SEEK_SET);
+ krb5_set_error_string(context, "kadm5_log_previous: log entry "
+ "have consistency failure, version number wrong");
+ return KADM5_BAD_DB;
+ }
+ ret = krb5_ret_int32 (sp, &tmp);
+ if (ret)
+ goto end_of_storage;
+ *timestamp = tmp;
+ ret = krb5_ret_int32 (sp, &tmp);
+ *op = tmp;
+ ret = krb5_ret_int32 (sp, &tmp);
+ if (ret)
+ goto end_of_storage;
+ if (tmp != *len) {
+ krb5_storage_seek(sp, oldoff, SEEK_SET);
+ krb5_set_error_string(context, "kadm5_log_previous: log entry "
+ "have consistency failure, length wrong");
+ return KADM5_BAD_DB;
+ }
+ return 0;
+
+ end_of_storage:
+ krb5_storage_seek(sp, oldoff, SEEK_SET);
+ krb5_set_error_string(context, "kadm5_log_previous: end of storage "
+ "reached before end");
+ return ret;
+}
+
+/*
+ * Replay a record from the log
+ */
+
+kadm5_ret_t
+kadm5_log_replay (kadm5_server_context *context,
+ enum kadm_ops op,
+ uint32_t ver,
+ uint32_t len,
+ krb5_storage *sp)
+{
+ switch (op) {
+ case kadm_create :
+ return kadm5_log_replay_create (context, ver, len, sp);
+ case kadm_delete :
+ return kadm5_log_replay_delete (context, ver, len, sp);
+ case kadm_rename :
+ return kadm5_log_replay_rename (context, ver, len, sp);
+ case kadm_modify :
+ return kadm5_log_replay_modify (context, ver, len, sp);
+ case kadm_nop :
+ return kadm5_log_replay_nop (context, ver, len, sp);
+ default :
+ krb5_set_error_string(context->context,
+ "Unsupported replay op %d", (int)op);
+ return KADM5_FAILURE;
+ }
+}
+
+/*
+ * truncate the log - i.e. create an empty file with just (nop vno + 2)
+ */
+
+kadm5_ret_t
+kadm5_log_truncate (kadm5_server_context *server_context)
+{
+ kadm5_ret_t ret;
+ uint32_t vno;
+
+ ret = kadm5_log_init (server_context);
+ if (ret)
+ return ret;
+
+ ret = kadm5_log_get_version (server_context, &vno);
+ if (ret)
+ return ret;
+
+ ret = kadm5_log_reinit (server_context);
+ if (ret)
+ return ret;
+
+ ret = kadm5_log_set_version (server_context, vno);
+ if (ret)
+ return ret;
+
+ ret = kadm5_log_nop (server_context);
+ if (ret)
+ return ret;
+
+ ret = kadm5_log_end (server_context);
+ if (ret)
+ return ret;
+ return 0;
+
+}
+
+static char *default_signal = NULL;
+static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER;
+
+const char *
+kadm5_log_signal_socket(krb5_context context)
+{
+ HEIMDAL_MUTEX_lock(&signal_mutex);
+ if (!default_signal)
+ asprintf(&default_signal, "%s/signal", hdb_db_dir(context));
+ HEIMDAL_MUTEX_unlock(&signal_mutex);
+
+ return krb5_config_get_string_default(context,
+ NULL,
+ default_signal,
+ "kdc",
+ "signal_socket",
+ NULL);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/marshall.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/marshall.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/marshall.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,336 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: marshall.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_store_key_data(krb5_storage *sp,
+ krb5_key_data *key)
+{
+ krb5_data c;
+ krb5_store_int32(sp, key->key_data_ver);
+ krb5_store_int32(sp, key->key_data_kvno);
+ krb5_store_int32(sp, key->key_data_type[0]);
+ c.length = key->key_data_length[0];
+ c.data = key->key_data_contents[0];
+ krb5_store_data(sp, c);
+ krb5_store_int32(sp, key->key_data_type[1]);
+ c.length = key->key_data_length[1];
+ c.data = key->key_data_contents[1];
+ krb5_store_data(sp, c);
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_ret_key_data(krb5_storage *sp,
+ krb5_key_data *key)
+{
+ krb5_data c;
+ int32_t tmp;
+ krb5_ret_int32(sp, &tmp);
+ key->key_data_ver = tmp;
+ krb5_ret_int32(sp, &tmp);
+ key->key_data_kvno = tmp;
+ krb5_ret_int32(sp, &tmp);
+ key->key_data_type[0] = tmp;
+ krb5_ret_data(sp, &c);
+ key->key_data_length[0] = c.length;
+ key->key_data_contents[0] = c.data;
+ krb5_ret_int32(sp, &tmp);
+ key->key_data_type[1] = tmp;
+ krb5_ret_data(sp, &c);
+ key->key_data_length[1] = c.length;
+ key->key_data_contents[1] = c.data;
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_store_tl_data(krb5_storage *sp,
+ krb5_tl_data *tl)
+{
+ krb5_data c;
+ krb5_store_int32(sp, tl->tl_data_type);
+ c.length = tl->tl_data_length;
+ c.data = tl->tl_data_contents;
+ krb5_store_data(sp, c);
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_ret_tl_data(krb5_storage *sp,
+ krb5_tl_data *tl)
+{
+ krb5_data c;
+ int32_t tmp;
+ krb5_ret_int32(sp, &tmp);
+ tl->tl_data_type = tmp;
+ krb5_ret_data(sp, &c);
+ tl->tl_data_length = c.length;
+ tl->tl_data_contents = c.data;
+ return 0;
+}
+
+static kadm5_ret_t
+store_principal_ent(krb5_storage *sp,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ int i;
+
+ if (mask & KADM5_PRINCIPAL)
+ krb5_store_principal(sp, princ->principal);
+ if (mask & KADM5_PRINC_EXPIRE_TIME)
+ krb5_store_int32(sp, princ->princ_expire_time);
+ if (mask & KADM5_PW_EXPIRATION)
+ krb5_store_int32(sp, princ->pw_expiration);
+ if (mask & KADM5_LAST_PWD_CHANGE)
+ krb5_store_int32(sp, princ->last_pwd_change);
+ if (mask & KADM5_MAX_LIFE)
+ krb5_store_int32(sp, princ->max_life);
+ if (mask & KADM5_MOD_NAME) {
+ krb5_store_int32(sp, princ->mod_name != NULL);
+ if(princ->mod_name)
+ krb5_store_principal(sp, princ->mod_name);
+ }
+ if (mask & KADM5_MOD_TIME)
+ krb5_store_int32(sp, princ->mod_date);
+ if (mask & KADM5_ATTRIBUTES)
+ krb5_store_int32(sp, princ->attributes);
+ if (mask & KADM5_KVNO)
+ krb5_store_int32(sp, princ->kvno);
+ if (mask & KADM5_MKVNO)
+ krb5_store_int32(sp, princ->mkvno);
+ if (mask & KADM5_POLICY) {
+ krb5_store_int32(sp, princ->policy != NULL);
+ if(princ->policy)
+ krb5_store_string(sp, princ->policy);
+ }
+ if (mask & KADM5_AUX_ATTRIBUTES)
+ krb5_store_int32(sp, princ->aux_attributes);
+ if (mask & KADM5_MAX_RLIFE)
+ krb5_store_int32(sp, princ->max_renewable_life);
+ if (mask & KADM5_LAST_SUCCESS)
+ krb5_store_int32(sp, princ->last_success);
+ if (mask & KADM5_LAST_FAILED)
+ krb5_store_int32(sp, princ->last_failed);
+ if (mask & KADM5_FAIL_AUTH_COUNT)
+ krb5_store_int32(sp, princ->fail_auth_count);
+ if (mask & KADM5_KEY_DATA) {
+ krb5_store_int32(sp, princ->n_key_data);
+ for(i = 0; i < princ->n_key_data; i++)
+ kadm5_store_key_data(sp, &princ->key_data[i]);
+ }
+ if (mask & KADM5_TL_DATA) {
+ krb5_tl_data *tp;
+
+ krb5_store_int32(sp, princ->n_tl_data);
+ for(tp = princ->tl_data; tp; tp = tp->tl_data_next)
+ kadm5_store_tl_data(sp, tp);
+ }
+ return 0;
+}
+
+
+kadm5_ret_t
+kadm5_store_principal_ent(krb5_storage *sp,
+ kadm5_principal_ent_t princ)
+{
+ return store_principal_ent (sp, princ, ~0);
+}
+
+kadm5_ret_t
+kadm5_store_principal_ent_mask(krb5_storage *sp,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ krb5_store_int32(sp, mask);
+ return store_principal_ent (sp, princ, mask);
+}
+
+static kadm5_ret_t
+ret_principal_ent(krb5_storage *sp,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ int i;
+ int32_t tmp;
+
+ if (mask & KADM5_PRINCIPAL)
+ krb5_ret_principal(sp, &princ->principal);
+
+ if (mask & KADM5_PRINC_EXPIRE_TIME) {
+ krb5_ret_int32(sp, &tmp);
+ princ->princ_expire_time = tmp;
+ }
+ if (mask & KADM5_PW_EXPIRATION) {
+ krb5_ret_int32(sp, &tmp);
+ princ->pw_expiration = tmp;
+ }
+ if (mask & KADM5_LAST_PWD_CHANGE) {
+ krb5_ret_int32(sp, &tmp);
+ princ->last_pwd_change = tmp;
+ }
+ if (mask & KADM5_MAX_LIFE) {
+ krb5_ret_int32(sp, &tmp);
+ princ->max_life = tmp;
+ }
+ if (mask & KADM5_MOD_NAME) {
+ krb5_ret_int32(sp, &tmp);
+ if(tmp)
+ krb5_ret_principal(sp, &princ->mod_name);
+ else
+ princ->mod_name = NULL;
+ }
+ if (mask & KADM5_MOD_TIME) {
+ krb5_ret_int32(sp, &tmp);
+ princ->mod_date = tmp;
+ }
+ if (mask & KADM5_ATTRIBUTES) {
+ krb5_ret_int32(sp, &tmp);
+ princ->attributes = tmp;
+ }
+ if (mask & KADM5_KVNO) {
+ krb5_ret_int32(sp, &tmp);
+ princ->kvno = tmp;
+ }
+ if (mask & KADM5_MKVNO) {
+ krb5_ret_int32(sp, &tmp);
+ princ->mkvno = tmp;
+ }
+ if (mask & KADM5_POLICY) {
+ krb5_ret_int32(sp, &tmp);
+ if(tmp)
+ krb5_ret_string(sp, &princ->policy);
+ else
+ princ->policy = NULL;
+ }
+ if (mask & KADM5_AUX_ATTRIBUTES) {
+ krb5_ret_int32(sp, &tmp);
+ princ->aux_attributes = tmp;
+ }
+ if (mask & KADM5_MAX_RLIFE) {
+ krb5_ret_int32(sp, &tmp);
+ princ->max_renewable_life = tmp;
+ }
+ if (mask & KADM5_LAST_SUCCESS) {
+ krb5_ret_int32(sp, &tmp);
+ princ->last_success = tmp;
+ }
+ if (mask & KADM5_LAST_FAILED) {
+ krb5_ret_int32(sp, &tmp);
+ princ->last_failed = tmp;
+ }
+ if (mask & KADM5_FAIL_AUTH_COUNT) {
+ krb5_ret_int32(sp, &tmp);
+ princ->fail_auth_count = tmp;
+ }
+ if (mask & KADM5_KEY_DATA) {
+ krb5_ret_int32(sp, &tmp);
+ princ->n_key_data = tmp;
+ princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data));
+ if (princ->key_data == NULL)
+ return ENOMEM;
+ for(i = 0; i < princ->n_key_data; i++)
+ kadm5_ret_key_data(sp, &princ->key_data[i]);
+ }
+ if (mask & KADM5_TL_DATA) {
+ krb5_ret_int32(sp, &tmp);
+ princ->n_tl_data = tmp;
+ princ->tl_data = NULL;
+ for(i = 0; i < princ->n_tl_data; i++){
+ krb5_tl_data *tp = malloc(sizeof(*tp));
+ if (tp == NULL)
+ return ENOMEM;
+ kadm5_ret_tl_data(sp, tp);
+ tp->tl_data_next = princ->tl_data;
+ princ->tl_data = tp;
+ }
+ }
+ return 0;
+}
+
+kadm5_ret_t
+kadm5_ret_principal_ent(krb5_storage *sp,
+ kadm5_principal_ent_t princ)
+{
+ return ret_principal_ent (sp, princ, ~0);
+}
+
+kadm5_ret_t
+kadm5_ret_principal_ent_mask(krb5_storage *sp,
+ kadm5_principal_ent_t princ,
+ uint32_t *mask)
+{
+ int32_t tmp;
+
+ krb5_ret_int32 (sp, &tmp);
+ *mask = tmp;
+ return ret_principal_ent (sp, princ, *mask);
+}
+
+kadm5_ret_t
+_kadm5_marshal_params(krb5_context context,
+ kadm5_config_params *params,
+ krb5_data *out)
+{
+ krb5_storage *sp = krb5_storage_emem();
+
+ krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM));
+
+ if(params->mask & KADM5_CONFIG_REALM)
+ krb5_store_string(sp, params->realm);
+ krb5_storage_to_data(sp, out);
+ krb5_storage_free(sp);
+
+ return 0;
+}
+
+kadm5_ret_t
+_kadm5_unmarshal_params(krb5_context context,
+ krb5_data *in,
+ kadm5_config_params *params)
+{
+ krb5_storage *sp = krb5_storage_from_data(in);
+ int32_t mask;
+
+ krb5_ret_int32(sp, &mask);
+ params->mask = mask;
+
+ if(params->mask & KADM5_CONFIG_REALM)
+ krb5_ret_string(sp, ¶ms->realm);
+ krb5_storage_free(sp);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/modify_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/modify_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/modify_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: modify_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_modify_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_modify);
+ kadm5_store_principal_ent(sp, princ);
+ krb5_store_int32(sp, mask);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if(ret)
+ return ret;
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ krb5_clear_error_string(context->context);
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return tmp;
+}
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/modify_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/modify_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/modify_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: modify_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static kadm5_ret_t
+modify_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask,
+ uint32_t forbidden_mask)
+{
+ kadm5_server_context *context = server_handle;
+ hdb_entry_ex ent;
+ kadm5_ret_t ret;
+ if((mask & forbidden_mask))
+ return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
+ return KADM5_UNK_POLICY;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ return ret;
+ ret = context->db->hdb_fetch(context->context, context->db,
+ princ->principal, HDB_F_GET_ANY, &ent);
+ if(ret)
+ goto out;
+ ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0);
+ if(ret)
+ goto out2;
+ ret = _kadm5_set_modifier(context, &ent.entry);
+ if(ret)
+ goto out2;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = context->db->hdb_store(context->context, context->db,
+ HDB_F_REPLACE, &ent);
+ if (ret)
+ goto out2;
+
+ kadm5_log_modify (context,
+ &ent.entry,
+ mask | KADM5_MOD_NAME | KADM5_MOD_TIME);
+
+out2:
+ hdb_free_entry(context->context, &ent);
+out:
+ context->db->hdb_close(context->context, context->db);
+ return _kadm5_error_code(ret);
+}
+
+
+kadm5_ret_t
+kadm5_s_modify_principal(void *server_handle,
+ kadm5_principal_ent_t princ,
+ uint32_t mask)
+{
+ return modify_principal(server_handle, princ, mask,
+ KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME
+ | KADM5_MOD_NAME | KADM5_MKVNO
+ | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS
+ | KADM5_LAST_FAILED);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/password_quality.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/password_quality.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/password_quality.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,512 @@
+/*
+ * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+#include "kadm5-pwcheck.h"
+
+RCSID("$Id: password_quality.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+static int
+min_length_passwd_quality (krb5_context context,
+ krb5_principal principal,
+ krb5_data *pwd,
+ const char *opaque,
+ char *message,
+ size_t length)
+{
+ uint32_t min_length = krb5_config_get_int_default(context, NULL, 6,
+ "password_quality",
+ "min_length",
+ NULL);
+
+ if (pwd->length < min_length) {
+ strlcpy(message, "Password too short", length);
+ return 1;
+ } else
+ return 0;
+}
+
+static const char *
+min_length_passwd_quality_v0 (krb5_context context,
+ krb5_principal principal,
+ krb5_data *pwd)
+{
+ static char message[1024];
+ int ret;
+
+ message[0] = '\0';
+
+ ret = min_length_passwd_quality(context, principal, pwd, NULL,
+ message, sizeof(message));
+ if (ret)
+ return message;
+ return NULL;
+}
+
+
+static int
+char_class_passwd_quality (krb5_context context,
+ krb5_principal principal,
+ krb5_data *pwd,
+ const char *opaque,
+ char *message,
+ size_t length)
+{
+ const char *classes[] = {
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ "abcdefghijklmnopqrstuvwxyz",
+ "1234567890",
+ "!@#$%^&*()/?<>,.{[]}\\|'~`\" "
+ };
+ int i, counter = 0, req_classes;
+ size_t len;
+ char *pw;
+
+ req_classes = krb5_config_get_int_default(context, NULL, 3,
+ "password_quality",
+ "min_classes",
+ NULL);
+
+ len = pwd->length + 1;
+ pw = malloc(len);
+ if (pw == NULL) {
+ strlcpy(message, "out of memory", length);
+ return 1;
+ }
+ strlcpy(pw, pwd->data, len);
+ len = strlen(pw);
+
+ for (i = 0; i < sizeof(classes)/sizeof(classes[0]); i++) {
+ if (strcspn(pw, classes[i]) < len)
+ counter++;
+ }
+ memset(pw, 0, pwd->length + 1);
+ free(pw);
+ if (counter < req_classes) {
+ snprintf(message, length,
+ "Password doesn't meet complexity requirement.\n"
+ "Add more characters from the following classes:\n"
+ "1. English uppercase characters (A through Z)\n"
+ "2. English lowercase characters (a through z)\n"
+ "3. Base 10 digits (0 through 9)\n"
+ "4. Nonalphanumeric characters (e.g., !, $, #, %%)");
+ return 1;
+ }
+ return 0;
+}
+
+static int
+external_passwd_quality (krb5_context context,
+ krb5_principal principal,
+ krb5_data *pwd,
+ const char *opaque,
+ char *message,
+ size_t length)
+{
+ krb5_error_code ret;
+ const char *program;
+ char *p;
+ pid_t child;
+ int status;
+ char reply[1024];
+ FILE *in = NULL, *out = NULL, *error = NULL;
+
+ if (memchr(pwd->data, pwd->length, '\n') != NULL) {
+ snprintf(message, length, "password contains newline, "
+ "not valid for external test");
+ return 1;
+ }
+
+ program = krb5_config_get_string(context, NULL,
+ "password_quality",
+ "external_program",
+ NULL);
+ if (program == NULL) {
+ snprintf(message, length, "external password quality "
+ "program not configured");
+ return 1;
+ }
+
+ ret = krb5_unparse_name(context, principal, &p);
+ if (ret) {
+ strlcpy(message, "out of memory", length);
+ return 1;
+ }
+
+ child = pipe_execv(&in, &out, &error, program, p, NULL);
+ if (child < 0) {
+ snprintf(message, length, "external password quality "
+ "program failed to execute for principal %s", p);
+ free(p);
+ return 1;
+ }
+
+ fprintf(in, "principal: %s\n"
+ "new-password: %.*s\n"
+ "end\n",
+ p, (int)pwd->length, (char *)pwd->data);
+
+ fclose(in);
+
+ if (fgets(reply, sizeof(reply), out) == NULL) {
+
+ if (fgets(reply, sizeof(reply), error) == NULL) {
+ snprintf(message, length, "external password quality "
+ "program failed without error");
+
+ } else {
+ reply[strcspn(reply, "\n")] = '\0';
+ snprintf(message, length, "External password quality "
+ "program failed: %s", reply);
+ }
+
+ fclose(out);
+ fclose(error);
+ waitpid(child, &status, 0);
+ return 1;
+ }
+ reply[strcspn(reply, "\n")] = '\0';
+
+ fclose(out);
+ fclose(error);
+
+ if (waitpid(child, &status, 0) < 0) {
+ snprintf(message, length, "external program failed: %s", reply);
+ free(p);
+ return 1;
+ }
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+ snprintf(message, length, "external program failed: %s", reply);
+ free(p);
+ return 1;
+ }
+
+ if (strcmp(reply, "APPROVED") != 0) {
+ snprintf(message, length, "%s", reply);
+ free(p);
+ return 1;
+ }
+
+ free(p);
+
+ return 0;
+}
+
+
+static kadm5_passwd_quality_check_func_v0 passwd_quality_check =
+ min_length_passwd_quality_v0;
+
+struct kadm5_pw_policy_check_func builtin_funcs[] = {
+ { "minimum-length", min_length_passwd_quality },
+ { "character-class", char_class_passwd_quality },
+ { "external-check", external_passwd_quality },
+ { NULL }
+};
+struct kadm5_pw_policy_verifier builtin_verifier = {
+ "builtin",
+ KADM5_PASSWD_VERSION_V1,
+ "Heimdal builtin",
+ builtin_funcs
+};
+
+static struct kadm5_pw_policy_verifier **verifiers;
+static int num_verifiers;
+
+/*
+ * setup the password quality hook
+ */
+
+#ifndef RTLD_NOW
+#define RTLD_NOW 0
+#endif
+
+void
+kadm5_setup_passwd_quality_check(krb5_context context,
+ const char *check_library,
+ const char *check_function)
+{
+#ifdef HAVE_DLOPEN
+ void *handle;
+ void *sym;
+ int *version;
+ const char *tmp;
+
+ if(check_library == NULL) {
+ tmp = krb5_config_get_string(context, NULL,
+ "password_quality",
+ "check_library",
+ NULL);
+ if(tmp != NULL)
+ check_library = tmp;
+ }
+ if(check_function == NULL) {
+ tmp = krb5_config_get_string(context, NULL,
+ "password_quality",
+ "check_function",
+ NULL);
+ if(tmp != NULL)
+ check_function = tmp;
+ }
+ if(check_library != NULL && check_function == NULL)
+ check_function = "passwd_check";
+
+ if(check_library == NULL)
+ return;
+ handle = dlopen(check_library, RTLD_NOW);
+ if(handle == NULL) {
+ krb5_warnx(context, "failed to open `%s'", check_library);
+ return;
+ }
+ version = dlsym(handle, "version");
+ if(version == NULL) {
+ krb5_warnx(context,
+ "didn't find `version' symbol in `%s'", check_library);
+ dlclose(handle);
+ return;
+ }
+ if(*version != KADM5_PASSWD_VERSION_V0) {
+ krb5_warnx(context,
+ "version of loaded library is %d (expected %d)",
+ *version, KADM5_PASSWD_VERSION_V0);
+ dlclose(handle);
+ return;
+ }
+ sym = dlsym(handle, check_function);
+ if(sym == NULL) {
+ krb5_warnx(context,
+ "didn't find `%s' symbol in `%s'",
+ check_function, check_library);
+ dlclose(handle);
+ return;
+ }
+ passwd_quality_check = (kadm5_passwd_quality_check_func_v0) sym;
+#endif /* HAVE_DLOPEN */
+}
+
+#ifdef HAVE_DLOPEN
+
+static krb5_error_code
+add_verifier(krb5_context context, const char *check_library)
+{
+ struct kadm5_pw_policy_verifier *v, **tmp;
+ void *handle;
+ int i;
+
+ handle = dlopen(check_library, RTLD_NOW);
+ if(handle == NULL) {
+ krb5_warnx(context, "failed to open `%s'", check_library);
+ return ENOENT;
+ }
+ v = dlsym(handle, "kadm5_password_verifier");
+ if(v == NULL) {
+ krb5_warnx(context,
+ "didn't find `kadm5_password_verifier' symbol "
+ "in `%s'", check_library);
+ dlclose(handle);
+ return ENOENT;
+ }
+ if(v->version != KADM5_PASSWD_VERSION_V1) {
+ krb5_warnx(context,
+ "version of loaded library is %d (expected %d)",
+ v->version, KADM5_PASSWD_VERSION_V1);
+ dlclose(handle);
+ return EINVAL;
+ }
+ for (i = 0; i < num_verifiers; i++) {
+ if (strcmp(v->name, verifiers[i]->name) == 0)
+ break;
+ }
+ if (i < num_verifiers) {
+ krb5_warnx(context, "password verifier library `%s' is already loaded",
+ v->name);
+ dlclose(handle);
+ return 0;
+ }
+
+ tmp = realloc(verifiers, (num_verifiers + 1) * sizeof(*verifiers));
+ if (tmp == NULL) {
+ krb5_warnx(context, "out of memory");
+ dlclose(handle);
+ return 0;
+ }
+ verifiers = tmp;
+ verifiers[num_verifiers] = v;
+ num_verifiers++;
+
+ return 0;
+}
+
+#endif
+
+krb5_error_code
+kadm5_add_passwd_quality_verifier(krb5_context context,
+ const char *check_library)
+{
+#ifdef HAVE_DLOPEN
+
+ if(check_library == NULL) {
+ krb5_error_code ret;
+ char **tmp;
+
+ tmp = krb5_config_get_strings(context, NULL,
+ "password_quality",
+ "policy_libraries",
+ NULL);
+ if(tmp == NULL)
+ return 0;
+
+ while(tmp) {
+ ret = add_verifier(context, *tmp);
+ if (ret)
+ return ret;
+ tmp++;
+ }
+ }
+ return add_verifier(context, check_library);
+#else
+ return 0;
+#endif /* HAVE_DLOPEN */
+}
+
+/*
+ *
+ */
+
+static const struct kadm5_pw_policy_check_func *
+find_func(krb5_context context, const char *name)
+{
+ const struct kadm5_pw_policy_check_func *f;
+ char *module = NULL;
+ const char *p, *func;
+ int i;
+
+ p = strchr(name, ':');
+ if (p) {
+ func = p + 1;
+ module = strndup(name, p - name);
+ if (module == NULL)
+ return NULL;
+ } else
+ func = name;
+
+ /* Find module in loaded modules first */
+ for (i = 0; i < num_verifiers; i++) {
+ if (module && strcmp(module, verifiers[i]->name) != 0)
+ continue;
+ for (f = verifiers[i]->funcs; f->name ; f++)
+ if (strcmp(name, f->name) == 0) {
+ if (module)
+ free(module);
+ return f;
+ }
+ }
+ /* Lets try try the builtin modules */
+ if (module == NULL || strcmp(module, "builtin") == 0) {
+ for (f = builtin_verifier.funcs; f->name ; f++)
+ if (strcmp(func, f->name) == 0) {
+ if (module)
+ free(module);
+ return f;
+ }
+ }
+ if (module)
+ free(module);
+ return NULL;
+}
+
+const char *
+kadm5_check_password_quality (krb5_context context,
+ krb5_principal principal,
+ krb5_data *pwd_data)
+{
+ const struct kadm5_pw_policy_check_func *proc;
+ static char error_msg[1024];
+ const char *msg;
+ char **v, **vp;
+ int ret;
+
+ /*
+ * Check if we should use the old version of policy function.
+ */
+
+ v = krb5_config_get_strings(context, NULL,
+ "password_quality",
+ "policies",
+ NULL);
+ if (v == NULL) {
+ msg = (*passwd_quality_check) (context, principal, pwd_data);
+ krb5_set_error_string(context, "password policy failed: %s", msg);
+ return msg;
+ }
+
+ error_msg[0] = '\0';
+
+ msg = NULL;
+ for(vp = v; *vp; vp++) {
+ proc = find_func(context, *vp);
+ if (proc == NULL) {
+ msg = "failed to find password verifier function";
+ krb5_set_error_string(context, "Failed to find password policy "
+ "function: %s", *vp);
+ break;
+ }
+ ret = (proc->func)(context, principal, pwd_data, NULL,
+ error_msg, sizeof(error_msg));
+ if (ret) {
+ krb5_set_error_string(context, "Password policy "
+ "%s failed with %s",
+ proc->name, error_msg);
+ msg = error_msg;
+ break;
+ }
+ }
+ krb5_config_free_strings(v);
+
+ /* If the default quality check isn't used, lets check that the
+ * old quality function the user have set too */
+ if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) {
+ msg = (*passwd_quality_check) (context, principal, pwd_data);
+ if (msg)
+ krb5_set_error_string(context, "(old) password policy "
+ "failed with %s", msg);
+
+ }
+ return msg;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 1997-2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: private.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __kadm5_privatex_h__
+#define __kadm5_privatex_h__
+
+struct kadm_func {
+ kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*);
+ kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t,
+ uint32_t, const char*);
+ kadm5_ret_t (*delete_principal) (void*, krb5_principal);
+ kadm5_ret_t (*destroy) (void*);
+ kadm5_ret_t (*flush) (void*);
+ kadm5_ret_t (*get_principal) (void*, krb5_principal,
+ kadm5_principal_ent_t, uint32_t);
+ kadm5_ret_t (*get_principals) (void*, const char*, char***, int*);
+ kadm5_ret_t (*get_privs) (void*, uint32_t*);
+ kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, uint32_t);
+ kadm5_ret_t (*randkey_principal) (void*, krb5_principal,
+ krb5_keyblock**, int*);
+ kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
+ kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal,
+ int, krb5_key_data *);
+};
+
+/* XXX should be integrated */
+typedef struct kadm5_common_context {
+ krb5_context context;
+ krb5_boolean my_context;
+ struct kadm_func funcs;
+ void *data;
+}kadm5_common_context;
+
+typedef struct kadm5_log_peer {
+ int fd;
+ char *name;
+ krb5_auth_context ac;
+ struct kadm5_log_peer *next;
+} kadm5_log_peer;
+
+typedef struct kadm5_log_context {
+ char *log_file;
+ int log_fd;
+ uint32_t version;
+ struct sockaddr_un socket_name;
+ int socket_fd;
+} kadm5_log_context;
+
+typedef struct kadm5_server_context {
+ krb5_context context;
+ krb5_boolean my_context;
+ struct kadm_func funcs;
+ /* */
+ kadm5_config_params config;
+ HDB *db;
+ krb5_principal caller;
+ unsigned acl_flags;
+ kadm5_log_context log_context;
+} kadm5_server_context;
+
+typedef struct kadm5_client_context {
+ krb5_context context;
+ krb5_boolean my_context;
+ struct kadm_func funcs;
+ /* */
+ krb5_auth_context ac;
+ char *realm;
+ char *admin_server;
+ int kadmind_port;
+ int sock;
+ char *client_name;
+ char *service_name;
+ krb5_prompter_fct prompter;
+ const char *keytab;
+ krb5_ccache ccache;
+ kadm5_config_params *realm_params;
+}kadm5_client_context;
+
+typedef struct kadm5_ad_context {
+ krb5_context context;
+ krb5_boolean my_context;
+ struct kadm_func funcs;
+ /* */
+ kadm5_config_params config;
+ krb5_principal caller;
+ krb5_ccache ccache;
+ char *client_name;
+ char *realm;
+ void *ldap_conn;
+ char *base_dn;
+} kadm5_ad_context;
+
+enum kadm_ops {
+ kadm_get,
+ kadm_delete,
+ kadm_create,
+ kadm_rename,
+ kadm_chpass,
+ kadm_modify,
+ kadm_randkey,
+ kadm_get_privs,
+ kadm_get_princs,
+ kadm_chpass_with_key,
+ kadm_nop
+};
+
+#define KADMIN_APPL_VERSION "KADM0.1"
+#define KADMIN_OLD_APPL_VERSION "KADM0.0"
+
+#include "kadm5-private.h"
+
+#endif /* __kadm5_privatex_h__ */
Added: vendor-crypto/heimdal/dist/lib/kadm5/privs_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/privs_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/privs_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: privs_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_get_privs(void *server_handle, uint32_t *privs)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ *privs = 0;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_get_privs);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if(ret)
+ return ret;
+ ret = _kadm5_client_recv(context, &reply);
+ if (ret)
+ return ret;
+ sp = krb5_storage_from_data(&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ krb5_clear_error_string(context->context);
+ ret = tmp;
+ if(ret == 0){
+ krb5_ret_uint32(sp, privs);
+ }
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/privs_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/privs_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/privs_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: privs_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_s_get_privs(void *server_handle, uint32_t *privs)
+{
+ kadm5_server_context *context = server_handle;
+ *privs = context->acl_flags;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/randkey_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/randkey_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/randkey_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: randkey_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_randkey_principal(void *server_handle,
+ krb5_principal princ,
+ krb5_keyblock **new_keys,
+ int *n_keys)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ krb5_store_int32(sp, kadm_randkey);
+ krb5_store_principal(sp, princ);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if (ret)
+ return ret;
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data(&reply);
+ if (sp == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_clear_error_string(context->context);
+ krb5_ret_int32(sp, &tmp);
+ ret = tmp;
+ if(ret == 0){
+ krb5_keyblock *k;
+ int i;
+
+ krb5_ret_int32(sp, &tmp);
+ k = malloc(tmp * sizeof(*k));
+ if (k == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ for(i = 0; i < tmp; i++)
+ krb5_ret_keyblock(sp, &k[i]);
+ *n_keys = tmp;
+ *new_keys = k;
+ }
+out:
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/randkey_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/randkey_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/randkey_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: randkey_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Set the keys of `princ' to random values, returning the random keys
+ * in `new_keys', `n_keys'.
+ */
+
+kadm5_ret_t
+kadm5_s_randkey_principal(void *server_handle,
+ krb5_principal princ,
+ krb5_keyblock **new_keys,
+ int *n_keys)
+{
+ kadm5_server_context *context = server_handle;
+ hdb_entry_ex ent;
+ kadm5_ret_t ret;
+
+ memset(&ent, 0, sizeof(ent));
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ return ret;
+ ret = context->db->hdb_fetch(context->context, context->db, princ,
+ HDB_F_GET_ANY, &ent);
+ if(ret)
+ goto out;
+
+ ret = _kadm5_set_keys_randomly (context,
+ &ent.entry,
+ new_keys,
+ n_keys);
+ if (ret)
+ goto out2;
+ ent.entry.kvno++;
+
+ ret = _kadm5_set_modifier(context, &ent.entry);
+ if(ret)
+ goto out3;
+ ret = _kadm5_bump_pw_expire(context, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out2;
+
+ ret = context->db->hdb_store(context->context, context->db,
+ HDB_F_REPLACE, &ent);
+ if (ret)
+ goto out2;
+
+ kadm5_log_modify (context,
+ &ent.entry,
+ KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
+ KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
+ KADM5_TL_DATA);
+
+out3:
+ if (ret) {
+ int i;
+
+ for (i = 0; i < *n_keys; ++i)
+ krb5_free_keyblock_contents (context->context, &(*new_keys)[i]);
+ free (*new_keys);
+ *new_keys = NULL;
+ *n_keys = 0;
+ }
+out2:
+ hdb_free_entry(context->context, &ent);
+out:
+ context->db->hdb_close(context->context, context->db);
+ return _kadm5_error_code(ret);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/rename_c.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/rename_c.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/rename_c.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: rename_c.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_c_rename_principal(void *server_handle,
+ krb5_principal source,
+ krb5_principal target)
+{
+ kadm5_client_context *context = server_handle;
+ kadm5_ret_t ret;
+ krb5_storage *sp;
+ unsigned char buf[1024];
+ int32_t tmp;
+ krb5_data reply;
+
+ ret = _kadm5_connect(server_handle);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_mem(buf, sizeof(buf));
+ if (sp == NULL)
+ return ENOMEM;
+ krb5_store_int32(sp, kadm_rename);
+ krb5_store_principal(sp, source);
+ krb5_store_principal(sp, target);
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if (ret)
+ return ret;
+ ret = _kadm5_client_recv(context, &reply);
+ if(ret)
+ return ret;
+ sp = krb5_storage_from_data (&reply);
+ if (sp == NULL) {
+ krb5_data_free (&reply);
+ return ENOMEM;
+ }
+ krb5_ret_int32(sp, &tmp);
+ ret = tmp;
+ krb5_storage_free(sp);
+ krb5_data_free (&reply);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/rename_s.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/rename_s.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/rename_s.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: rename_s.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_s_rename_principal(void *server_handle,
+ krb5_principal source,
+ krb5_principal target)
+{
+ kadm5_server_context *context = server_handle;
+ kadm5_ret_t ret;
+ hdb_entry_ex ent;
+ krb5_principal oldname;
+
+ memset(&ent, 0, sizeof(ent));
+ if(krb5_principal_compare(context->context, source, target))
+ return KADM5_DUP; /* XXX is this right? */
+ ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
+ if(ret)
+ return ret;
+ ret = context->db->hdb_fetch(context->context, context->db,
+ source, HDB_F_GET_ANY, &ent);
+ if(ret){
+ context->db->hdb_close(context->context, context->db);
+ goto out;
+ }
+ ret = _kadm5_set_modifier(context, &ent.entry);
+ if(ret)
+ goto out2;
+ {
+ /* fix salt */
+ int i;
+ Salt salt;
+ krb5_salt salt2;
+ krb5_get_pw_salt(context->context, source, &salt2);
+ salt.type = hdb_pw_salt;
+ salt.salt = salt2.saltvalue;
+ for(i = 0; i < ent.entry.keys.len; i++){
+ if(ent.entry.keys.val[i].salt == NULL){
+ ent.entry.keys.val[i].salt =
+ malloc(sizeof(*ent.entry.keys.val[i].salt));
+ if(ent.entry.keys.val[i].salt == NULL)
+ return ENOMEM;
+ ret = copy_Salt(&salt, ent.entry.keys.val[i].salt);
+ if(ret)
+ break;
+ }
+ }
+ krb5_free_salt(context->context, salt2);
+ }
+ if(ret)
+ goto out2;
+ oldname = ent.entry.principal;
+ ent.entry.principal = target;
+
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret) {
+ ent.entry.principal = oldname;
+ goto out2;
+ }
+
+ kadm5_log_rename (context, source, &ent.entry);
+
+ ret = context->db->hdb_store(context->context, context->db, 0, &ent);
+ if(ret){
+ ent.entry.principal = oldname;
+ goto out2;
+ }
+ ret = context->db->hdb_remove(context->context, context->db, oldname);
+ ent.entry.principal = oldname;
+out2:
+ context->db->hdb_close(context->context, context->db);
+ hdb_free_entry(context->context, &ent);
+out:
+ return _kadm5_error_code(ret);
+}
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/sample_passwd_check.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/sample_passwd_check.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/sample_passwd_check.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+/* $Id: sample_passwd_check.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <krb5.h>
+
+const char* check_length(krb5_context, krb5_principal, krb5_data *);
+
+/* specify the api-version this library conforms to */
+
+int version = 0;
+
+/* just check the length of the password, this is what the default
+ check does, but this lets you specify the minimum length in
+ krb5.conf */
+const char*
+check_length(krb5_context context,
+ krb5_principal prinipal,
+ krb5_data *password)
+{
+ int min_length = krb5_config_get_int_default(context, NULL, 6,
+ "password_quality",
+ "min_length",
+ NULL);
+ if(password->length < min_length)
+ return "Password too short";
+ return NULL;
+}
+
+#ifdef DICTPATH
+
+/* use cracklib to check password quality; this requires a patch for
+ cracklib that can be found at
+ ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
+
+const char*
+check_cracklib(krb5_context context,
+ krb5_principal principal,
+ krb5_data *password)
+{
+ char *s = malloc(password->length + 1);
+ char *msg;
+ char *strings[2];
+ if(s == NULL)
+ return NULL; /* XXX */
+ strings[0] = principal->name.name_string.val[0]; /* XXX */
+ strings[1] = NULL;
+ memcpy(s, password->data, password->length);
+ s[password->length] = '\0';
+ msg = FascistCheck(s, DICTPATH, strings);
+ memset(s, 0, password->length);
+ free(s);
+ return msg;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/kadm5/send_recv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/send_recv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/send_recv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1997-2003, 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: send_recv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+_kadm5_client_send(kadm5_client_context *context, krb5_storage *sp)
+{
+ krb5_data msg, out;
+ krb5_error_code ret;
+ size_t len;
+ krb5_storage *sock;
+
+ assert(context->sock != -1);
+
+ len = krb5_storage_seek(sp, 0, SEEK_CUR);
+ ret = krb5_data_alloc(&msg, len);
+ if (ret) {
+ krb5_clear_error_string(context->context);
+ return ret;
+ }
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ krb5_storage_read(sp, msg.data, msg.length);
+
+ ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL);
+ krb5_data_free(&msg);
+ if(ret)
+ return ret;
+
+ sock = krb5_storage_from_fd(context->sock);
+ if(sock == NULL) {
+ krb5_clear_error_string(context->context);
+ krb5_data_free(&out);
+ return ENOMEM;
+ }
+
+ ret = krb5_store_data(sock, out);
+ if (ret)
+ krb5_clear_error_string(context->context);
+ krb5_storage_free(sock);
+ krb5_data_free(&out);
+ return ret;
+}
+
+kadm5_ret_t
+_kadm5_client_recv(kadm5_client_context *context, krb5_data *reply)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ krb5_storage *sock;
+
+ sock = krb5_storage_from_fd(context->sock);
+ if(sock == NULL) {
+ krb5_clear_error_string(context->context);
+ return ENOMEM;
+ }
+ ret = krb5_ret_data(sock, &data);
+ krb5_storage_free(sock);
+ krb5_clear_error_string(context->context);
+ if(ret == KRB5_CC_END)
+ return KADM5_RPC_ERROR;
+ else if(ret)
+ return ret;
+
+ ret = krb5_rd_priv(context->context, context->ac, &data, reply, NULL);
+ krb5_data_free(&data);
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/server_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/server_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/server_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: server_glue.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+kadm5_init_with_password(const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_password(client_name,
+ password,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_password_ctx(krb5_context context,
+ const char *client_name,
+ const char *password,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_password_ctx(context,
+ client_name,
+ password,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_skey(const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_skey(client_name,
+ keytab,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_skey_ctx(krb5_context context,
+ const char *client_name,
+ const char *keytab,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_skey_ctx(context,
+ client_name,
+ keytab,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_creds(const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_creds(client_name,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_creds_ctx(krb5_context context,
+ const char *client_name,
+ krb5_ccache ccache,
+ const char *service_name,
+ kadm5_config_params *realm_params,
+ unsigned long struct_version,
+ unsigned long api_version,
+ void **server_handle)
+{
+ return kadm5_s_init_with_creds_ctx(context,
+ client_name,
+ ccache,
+ service_name,
+ realm_params,
+ struct_version,
+ api_version,
+ server_handle);
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/set_keys.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/set_keys.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/set_keys.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: set_keys.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Set the keys of `ent' to the string-to-key of `password'
+ */
+
+kadm5_ret_t
+_kadm5_set_keys(kadm5_server_context *context,
+ hdb_entry *ent,
+ const char *password)
+{
+ Key *keys;
+ size_t num_keys;
+ kadm5_ret_t ret;
+
+ ret = hdb_generate_key_set_password(context->context,
+ ent->principal,
+ password, &keys, &num_keys);
+ if (ret)
+ return ret;
+
+ _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
+ ent->keys.val = keys;
+ ent->keys.len = num_keys;
+
+ hdb_entry_set_pw_change_time(context->context, ent, 0);
+
+ if (krb5_config_get_bool_default(context->context, NULL, FALSE,
+ "kadmin", "save-password", NULL))
+ {
+ ret = hdb_entry_set_password(context->context, context->db,
+ ent, password);
+ if (ret)
+ return ret;
+ }
+
+ return 0;
+}
+
+/*
+ * Set the keys of `ent' to (`n_key_data', `key_data')
+ */
+
+kadm5_ret_t
+_kadm5_set_keys2(kadm5_server_context *context,
+ hdb_entry *ent,
+ int16_t n_key_data,
+ krb5_key_data *key_data)
+{
+ krb5_error_code ret;
+ int i;
+ unsigned len;
+ Key *keys;
+
+ len = n_key_data;
+ keys = malloc (len * sizeof(*keys));
+ if (keys == NULL)
+ return ENOMEM;
+
+ _kadm5_init_keys (keys, len);
+
+ for(i = 0; i < n_key_data; i++) {
+ keys[i].mkvno = NULL;
+ keys[i].key.keytype = key_data[i].key_data_type[0];
+ ret = krb5_data_copy(&keys[i].key.keyvalue,
+ key_data[i].key_data_contents[0],
+ key_data[i].key_data_length[0]);
+ if(ret)
+ goto out;
+ if(key_data[i].key_data_ver == 2) {
+ Salt *salt;
+
+ salt = malloc(sizeof(*salt));
+ if(salt == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ keys[i].salt = salt;
+ salt->type = key_data[i].key_data_type[1];
+ krb5_data_copy(&salt->salt,
+ key_data[i].key_data_contents[1],
+ key_data[i].key_data_length[1]);
+ } else
+ keys[i].salt = NULL;
+ }
+ _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
+ ent->keys.len = len;
+ ent->keys.val = keys;
+
+ hdb_entry_set_pw_change_time(context->context, ent, 0);
+ hdb_entry_clear_password(context->context, ent);
+
+ return 0;
+ out:
+ _kadm5_free_keys (context->context, len, keys);
+ return ret;
+}
+
+/*
+ * Set the keys of `ent' to `n_keys, keys'
+ */
+
+kadm5_ret_t
+_kadm5_set_keys3(kadm5_server_context *context,
+ hdb_entry *ent,
+ int n_keys,
+ krb5_keyblock *keyblocks)
+{
+ krb5_error_code ret;
+ int i;
+ unsigned len;
+ Key *keys;
+
+ len = n_keys;
+ keys = malloc (len * sizeof(*keys));
+ if (keys == NULL)
+ return ENOMEM;
+
+ _kadm5_init_keys (keys, len);
+
+ for(i = 0; i < n_keys; i++) {
+ keys[i].mkvno = NULL;
+ ret = krb5_copy_keyblock_contents (context->context,
+ &keyblocks[i],
+ &keys[i].key);
+ if(ret)
+ goto out;
+ keys[i].salt = NULL;
+ }
+ _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
+ ent->keys.len = len;
+ ent->keys.val = keys;
+
+ hdb_entry_set_pw_change_time(context->context, ent, 0);
+ hdb_entry_clear_password(context->context, ent);
+
+ return 0;
+ out:
+ _kadm5_free_keys (context->context, len, keys);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static int
+is_des_key_p(int keytype)
+{
+ return keytype == ETYPE_DES_CBC_CRC ||
+ keytype == ETYPE_DES_CBC_MD4 ||
+ keytype == ETYPE_DES_CBC_MD5;
+}
+
+
+/*
+ * Set the keys of `ent' to random keys and return them in `n_keys'
+ * and `new_keys'.
+ */
+
+kadm5_ret_t
+_kadm5_set_keys_randomly (kadm5_server_context *context,
+ hdb_entry *ent,
+ krb5_keyblock **new_keys,
+ int *n_keys)
+{
+ krb5_keyblock *kblock = NULL;
+ kadm5_ret_t ret = 0;
+ int i, des_keyblock;
+ size_t num_keys;
+ Key *keys;
+
+ ret = hdb_generate_key_set(context->context, ent->principal,
+ &keys, &num_keys, 1);
+ if (ret)
+ return ret;
+
+ kblock = malloc(num_keys * sizeof(kblock[0]));
+ if (kblock == NULL) {
+ ret = ENOMEM;
+ _kadm5_free_keys (context->context, num_keys, keys);
+ return ret;
+ }
+ memset(kblock, 0, num_keys * sizeof(kblock[0]));
+
+ des_keyblock = -1;
+ for (i = 0; i < num_keys; i++) {
+
+ /*
+ * To make sure all des keys are the the same we generate only
+ * the first one and then copy key to all other des keys.
+ */
+
+ if (des_keyblock != -1 && is_des_key_p(keys[i].key.keytype)) {
+ ret = krb5_copy_keyblock_contents (context->context,
+ &kblock[des_keyblock],
+ &kblock[i]);
+ if (ret)
+ goto out;
+ kblock[i].keytype = keys[i].key.keytype;
+ } else {
+ ret = krb5_generate_random_keyblock (context->context,
+ keys[i].key.keytype,
+ &kblock[i]);
+ if (ret)
+ goto out;
+
+ if (is_des_key_p(keys[i].key.keytype))
+ des_keyblock = i;
+ }
+
+ ret = krb5_copy_keyblock_contents (context->context,
+ &kblock[i],
+ &keys[i].key);
+ if (ret)
+ goto out;
+ }
+
+out:
+ if(ret) {
+ for (i = 0; i < num_keys; ++i)
+ krb5_free_keyblock_contents (context->context, &kblock[i]);
+ free(kblock);
+ _kadm5_free_keys (context->context, num_keys, keys);
+ return ret;
+ }
+
+ _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
+ ent->keys.val = keys;
+ ent->keys.len = num_keys;
+ *new_keys = kblock;
+ *n_keys = num_keys;
+
+ hdb_entry_set_pw_change_time(context->context, ent, 0);
+ hdb_entry_clear_password(context->context, ent);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/set_modifier.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/set_modifier.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/set_modifier.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+
+RCSID("$Id: set_modifier.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+kadm5_ret_t
+_kadm5_set_modifier(kadm5_server_context *context,
+ hdb_entry *ent)
+{
+ kadm5_ret_t ret;
+ if(ent->modified_by == NULL){
+ ent->modified_by = malloc(sizeof(*ent->modified_by));
+ if(ent->modified_by == NULL)
+ return ENOMEM;
+ } else
+ free_Event(ent->modified_by);
+ ent->modified_by->time = time(NULL);
+ ret = krb5_copy_principal(context->context, context->caller,
+ &ent->modified_by->principal);
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/lib/kadm5/test_pw_quality.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/test_pw_quality.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/test_pw_quality.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2003, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kadm5_locl.h"
+#include <getarg.h>
+
+RCSID("$Id: test_pw_quality.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int version_flag;
+static int help_flag;
+static char *principal;
+static char *password;
+
+static struct getargs args[] = {
+ { "principal", 0, arg_string, &principal },
+ { "password", 0, arg_string, &password },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_principal p;
+ const char *s;
+ krb5_data pw_data;
+
+ krb5_program_setup(&context, argc, argv, args, num_args, NULL);
+
+ if(help_flag)
+ krb5_std_usage(0, args, num_args);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if (principal == NULL)
+ krb5_errx(context, 1, "no principal given");
+ if (password == NULL)
+ krb5_errx(context, 1, "no password given");
+
+ ret = krb5_parse_name(context, principal, &p);
+ if (ret)
+ krb5_errx(context, 1, "krb5_parse_name: %s", principal);
+
+ pw_data.data = password;
+ pw_data.length = strlen(password);
+
+ kadm5_setup_passwd_quality_check (context, NULL, NULL);
+ ret = kadm5_add_passwd_quality_verifier(context, NULL);
+ if (ret)
+ krb5_errx(context, 1, "kadm5_add_passwd_quality_verifier");
+
+ s = kadm5_check_password_quality (context, p, &pw_data);
+ if (s)
+ krb5_errx(context, 1, "kadm5_check_password_quality:\n%s", s);
+
+ krb5_free_principal(context, p);
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/kadm5/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/lib/kadm5/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kadm5/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+HEIMDAL_KAMD5_SERVER_1.0 {
+ global:
+ kadm5_ad_init_with_password;
+ kadm5_ad_init_with_password_ctx;
+ kadm5_add_passwd_quality_verifier;
+ kadm5_check_password_quality;
+ kadm5_chpass_principal;
+ kadm5_chpass_principal_with_key;
+ kadm5_create_principal;
+ kadm5_delete_principal;
+ kadm5_destroy;
+ kadm5_flush;
+ kadm5_free_key_data;
+ kadm5_free_name_list;
+ kadm5_free_principal_ent;
+ kadm5_get_principal;
+ kadm5_get_principals;
+ kadm5_get_privs;
+ kadm5_init_with_creds;
+ kadm5_init_with_creds_ctx;
+ kadm5_init_with_password;
+ kadm5_init_with_password_ctx;
+ kadm5_init_with_skey;
+ kadm5_init_with_skey_ctx;
+ kadm5_modify_principal;
+ kadm5_randkey_principal;
+ kadm5_rename_principal;
+ kadm5_ret_key_data;
+ kadm5_ret_principal_ent;
+ kadm5_ret_principal_ent_mask;
+ kadm5_ret_tl_data;
+ kadm5_setup_passwd_quality_check;
+ kadm5_store_key_data;
+ kadm5_store_principal_ent;
+ kadm5_store_principal_ent_mask;
+ kadm5_store_tl_data;
+ kadm5_s_init_with_password_ctx;
+ kadm5_s_init_with_password;
+ kadm5_s_init_with_skey_ctx;
+ kadm5_s_init_with_skey;
+ kadm5_s_init_with_creds_ctx;
+ kadm5_s_init_with_creds;
+ kadm5_s_chpass_principal_cond;
+ kadm5_log_set_version;
+ kadm5_log_signal_socket;
+ kadm5_log_previous;
+ kadm5_log_goto_end;
+ kadm5_log_foreach;
+ kadm5_log_get_version_fd;
+ kadm5_log_get_version;
+ kadm5_log_replay;
+ kadm5_log_end;
+ kadm5_log_reinit;
+ kadm5_log_init;
+ kadm5_log_nop;
+ kadm5_log_truncate;
+ kadm5_log_modify;
+ _kadm5_acl_check_permission;
+ _kadm5_unmarshal_params;
+ _kadm5_s_get_db;
+ _kadm5_privs_to_string;
+ local:
+ *;
+};
Added: vendor-crypto/heimdal/dist/lib/kafs/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,562 @@
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: New library version.
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.h: Add VIOCSETTOK2
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: unbreak previous
+
+ * Makefile.am: split dist and nodist sources
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add more files
+
+2006-05-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.3: Spelling, from Bj\xF6rn Sandell.
+
+2006-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssys.c: use afs_ioctlnum, From Tomas Olsson <tol at it.su.se>
+
+2006-04-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssys.c: Try harder to get the pioctl to work via the /proc or
+ /dev interface, OpenAFS choose to reuse the same ioctl number,
+ while Arla didn't. Also, try new ioctl before the the old
+ syscalls.
+
+ * afskrb5.c (afslog_uid_int): use the simpler
+ krb5_principal_get_realm function.
+
+2005-12-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Remove dependency on config.h, breaks IRIX build,
+ could depend on libkafs_la_OBJECTS, but that is just asking for
+ trubble.
+
+2005-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssys.c (k_hasafs_recheck): new function, allow rechecking if
+ AFS client have started now, internaly it resets the internal
+ state from k_hasafs() and retry retry the probing. The problem
+ with calling k_hasaf() is that is plays around with signals, and
+ that cases problem for some systems/applications.
+
+2005-10-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs_locl.h: Maybe include <sys/sysctl.h>.
+
+ * afssys.c: Mac OS X 10.4 needs a runtime check if we are going to
+ use the syscall, there is no cpp define to use to check the
+ version. Every after 10.0 (darwin 8.0) uses the /dev/ version of
+ the pioctl.
+
+2005-10-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssys.c: Support the new MacOS X 10.4 ioctl interface that is a
+ device node. Patched from Tomas Olson <tol at it.su.se>.
+
+2005-08-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskrb5.c: Default to use 2b tokens.
+
+2005-06-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * common.c: rename index to idx
+
+ * afssys.c (k_afs_cell_of_file): unconst path
+
+2005-06-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * use struct kafs_data everywhere, don't mix with the typedef
+ kafs_data
+
+ * roken_rename.h: rename more resolve.c symbols
+
+ * afssys.c: Don't building map_syscall_name_to_number where its
+ not used.
+
+2005-02-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: bump version to 4:1:4
+
+2005-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.h: de-__P
+
+2004-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskrb5.c: s/KEYTYPE_DES/ETYPE_DES_CBC_CRC/
+
+2004-08-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssysdefs.h: ifdef protect AFS_SYSCALL for DragonFly since they
+ still define __FreeBSD__ (and __FreeBSD_version), but claim that
+ they will stop doing it some time...
+
+ * afssysdefs.h: dragonflybsd uses 339 just like freebsd5
+
+2004-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssys.c: s/arla/nnpfs/
+
+ * afssys.c: support the linux /proc/fs/mumel/afs_ioctl afs
+ "syscall" interface
+
+2004-01-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * common.c: search paths for AFS configuration files for the
+ OpenAFS MacOS X, fix comment
+
+ * kafs.h: search paths for AFS configuration files for the OpenAFS
+ MacOS X
+
+2003-12-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * common.c: add _PATH_ARLA_OPENBSD & c/o
+
+ * kafs.h: add _PATH_ARLA_OPENBSD & c/o
+
+2003-11-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * common.c: typo, Bruno Rohee <bruno at rohee.com>
+
+2003-11-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.3: spelling, partly from jmc <jmc at prioris.mini.pw.edu.pl>
+
+2003-09-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskrb5.c (krb5_afslog_uid_home): be even more friendly to the
+ user and fetch context and id ourself
+
+2003-09-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskrb5.c (afslog_uid_int): just belive that realm hint the user
+ passed us
+
+2003-07-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: always include v4 symbols
+
+ * afskrb.c: provide dummy krb_ function to there is no need to
+ bump major
+
+2003-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskrb5.c (v5_convert): rename one of the two c to cred4
+
+2003-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * common.c, kafs.h: drop the int argument (the error code) from
+ the logging function
+
+2003-04-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * afskrb5.c (v5_convert): better match what other functions do
+ with values from krb5.conf, like case insensitivity
+
+2003-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.3: Change .Fd #include <header.h> to .In header.h
+ from Thomas Klausner <wiz at netbsd.org>
+
+2003-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: (libkafs_la_LDFLAGS): update version
+
+ * Makefile.am (ROKEN_SRCS): drop strupr.c
+
+ * kafs.3: document kafs_set_verbose
+
+ * common.c (kafs_set_verbose): add function that (re)sets the
+ logging function
+ (_kafs_try_get_cred): add function that does (krb_data->get_cred) to
+ make logging easier (that is now done in this function)
+ (*): use _kafs_try_get_cred
+
+ * afskrb5.c (get_cred): handle that inst can be the empty string too
+ (v5_convert): use _kafs_foldup
+ (krb5_afslog_uid_home): set name
+ (krb5_afslog_uid_home): ditto
+
+ * afskrb.c (krb_afslog_uid_home): set name
+ (krb_afslog_uid_home): ditto
+
+ * kafs_locl.h (kafs_data): add name
+ (_kafs_foldup): internally export
+
+2003-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.3: tell that cell-name is uppercased
+
+ * Makefile.am: add INCLUDE_krb4 when using krb4, add INCLUDE_des
+ when using krb5, add strupr.c
+
+ * afskrb5.c: Check the cell part of the name, not the realm part
+ when checking if 2b should be used. The reson is afs at REALM might
+ have updated their servers but not afs/cell at REALM. Add constant
+ KAFS_RXKAD_2B_KVNO.
+
+2003-04-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.3: s/kerberos/Kerberos/
+
+2003-03-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kafs.3: spelling, from <jmc at prioris.mini.pw.edu.pl>
+
+ * kafs.3: document the kafs_settoken functions write about the
+ krb5_appdefault option for kerberos 5 afs tokens fix prototypes
+
+2003-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afskrb5.c (kafs_settoken5): change signature to include a
+ krb5_context, use v5_convert
+ (v5_convert): new function, converts a krb5_ccreds to a kafs_token in
+ three diffrent ways, not at all, local 524/2b, and using 524
+ (v5_to_kt): add code to do local 524/2b
+ (get_cred): use v5_convert
+
+
+ * kafs.h (kafs_settoken5): change signature to include a
+ krb5_context
+
+ * Makefile.am: always build the libkafs library now that the
+ kerberos 5 can stand on their own
+
+ * kafs.3: expose the krb5 functions
+
+ * common.c (kafs_settoken_rxkad): move all content kerberos
+ version from kafs_settoken to kafs_settoken_rxkad
+ (_kafs_fixup_viceid): move the fixup the timestamp to make client
+ happy code here.
+ (_kafs_v4_to_kt): move all the kerberos 4 dependant parts from
+ kafs_settoken here.
+ (*): adapt to kafs_token
+
+ * afskrb5.c (kafs_settoken5): new function, inserts a krb5_creds
+ into kernel
+ (v5_to_kt): new function, stores a krb5_creds in struct kafs_token
+ (get_cred): add a appdefault boolean ("libkafs", realm, "afs-use-524")
+ that can used to toggle if there should v5 token should be used
+ directly or converted via 524 first.
+
+ * afskrb.c: move kafs_settoken here, use struct kafs_token
+
+ * kafs_locl.h: include krb5-v4compat.h if needed, define an
+ internal structure struct kafs_token that carries around for rxkad
+ data that is independant of kerberos version
+
+2003-02-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * dlfcn.h: s/intialize/initialize, from
+ <jmc at prioris.mini.pw.edu.pl>
+
+2003-02-08 Assar Westerlund <assar at kth.se>
+
+ * afssysdefs.h: fix FreeBSD section
+
+2003-02-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * afssysdefs.h: use syscall 208 on openbsd (all version) use
+ syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier
+
+2002-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * kafs.3: move around sections (from NetBSD)
+
+2002-05-31 Assar Westerlund <assar at pdc.kth.se>
+
+ * common.c: remove the trial of afs at REALM for cell != realm, it
+ tries to use the wrong key for foreign cells
+
+2002-05-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: version number
+
+2002-04-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * common.c (find_cells): make file parameter const
+
+2001-11-01 Assar Westerlund <assar at sics.se>
+
+ * add strsep, and bump version to 3:3:3
+
+2001-10-27 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkafs_la_LDFLAGS): set version to 3:2:3
+
+2001-10-24 Assar Westerlund <assar at sics.se>
+
+ * afskrb.c (afslog_uid_int): handle krb_get_tf_fullname that
+ cannot take NULLs
+ (such as the MIT one)
+
+2001-10-22 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (ROKEN_SRCS): add strlcpy.c
+
+2001-10-09 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (ROKEN_SRCS): add strtok_r.c
+ * roken_rename.h (dns_srv_order): rename correctly
+ (strtok_r): add renaming
+
+2001-09-10 Assar Westerlund <assar at sics.se>
+
+ * kafs.h, common.c: look for configuration files in /etc/arla (the
+ location in debian's arla package)
+
+2001-08-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: handle both krb5 and krb4 cases
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkafs_la_LDFLAGS): set version to 3:0:3
+
+2001-07-12 Assar Westerlund <assar at sics.se>
+
+ * common.c: look in /etc/openafs for debian openafs
+ * kafs.h: add paths for openafs debian (/etc/openafs)
+
+ * Makefile.am: add required library dependencies
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkafs_la_LDFLAGS): set versoin to 2:4:2
+
+2001-06-19 Assar Westerlund <assar at sics.se>
+
+ * common.c (_kafs_realm_of_cell): changed to first try exact match
+ in CellServDB, then exact match in DNS, and finally in-exact match
+ in CellServDB
+
+2001-05-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: only build resolve.c if doing renaming
+
+2001-02-12 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am, roken_rename.h: add rename of dns functions
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkafs_la_LDFLAGS): set version to 2:3:2
+
+2000-11-17 Assar Westerlund <assar at sics.se>
+
+ * afssysdefs.h: solaris 8 apperently uses 65
+
+2000-09-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libkafs_la_LDFLAGS): bump version to 2:2:2
+
+2000-09-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * dlfcn.c: correct arguments to some snprintf:s
+
+2000-07-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: bump version to 2:1:2
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 2:0:2
+
+2000-03-20 Assar Westerlund <assar at sics.se>
+
+ * afssysdefs.h: make versions later than 5.7 of solaris also use
+ 73
+
+2000-03-16 Assar Westerlund <assar at sics.se>
+
+ * afskrb.c (afslog_uid_int): use krb_get_tf_fullname instead of
+ krb_get_default_principal
+
+2000-03-15 Assar Westerlund <assar at sics.se>
+
+ * afssys.c (map_syscall_name_to_number): ignore # at
+ beginning-of-line
+
+2000-03-13 Assar Westerlund <assar at sics.se>
+
+ * afssysdefs.h: add 230 for MacOS X per information from
+ <warner.c at apple.com>
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 1:2:1
+
+1999-11-22 Assar Westerlund <assar at sics.se>
+
+ * afskrb5.c (afslog_uid_int): handle d->realm == NULL
+
+1999-11-17 Assar Westerlund <assar at sics.se>
+
+ * afskrb5.c (afslog_uid_int): don't look at the local realm at
+ all. just use the realm from the ticket file.
+
+1999-10-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 1:1:1
+
+ * afskrb5.c (get_cred): always request a DES key
+
+Mon Oct 18 17:40:21 1999 Bjoern Groenvall <bg at mummel.sics.se>
+
+ * common.c (find_cells): Trim trailing whitespace from
+ cellname. Lines starting with # are regarded as comments.
+
+Fri Oct 8 18:17:22 1999 Bjoern Groenvall <bg at mummel.sics.se>
+
+ * afskrb.c, common.c : Change code to make a clear distinction
+ between hinted realm and ticket realm.
+
+ * kafs_locl.h: Added argument realm_hint.
+
+ * common.c (_kafs_get_cred): Change code to acquire the ``best''
+ possible ticket. Use cross-cell authentication only as method of
+ last resort.
+
+ * afskrb.c (afslog_uid_int): Add realm_hint argument and extract
+ realm from ticket file.
+
+ * afskrb5.c (afslog_uid_int): Added argument realm_hint.
+
+1999-10-03 Assar Westerlund <assar at sics.se>
+
+ * afskrb5.c (get_cred): update to new krb524_convert_creds_kdc
+
+1999-08-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: ignore the comlicated aix construct if !krb4
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 1:0:1
+
+1999-07-22 Assar Westerlund <assar at sics.se>
+
+ * afssysdefs.h: define AFS_SYSCALL to 73 for Solaris 2.7
+
+1999-07-07 Assar Westerlund <assar at sics.se>
+
+ * afskrb5.c (krb5_realm_of_cell): new function
+
+ * afskrb.c (krb_realm_of_cell): new function
+ (afslog_uid_int): call krb_get_lrealm correctly
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * common.c (realm_of_cell): rename to _kafs_realm_of_cell and
+ un-staticize
+
+Fri Mar 19 14:52:29 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: add version-info
+
+Thu Mar 18 11:24:02 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: include Makefile.am.common
+
+Sat Feb 27 19:46:21 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: remove EXTRA_DATA (as of autoconf 2.13/automake
+ 1.4)
+
+Thu Feb 11 22:57:37 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: set AIX_SRC also if !AIX
+
+Tue Dec 1 14:45:15 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: fix AIX linkage
+
+Sun Nov 22 10:40:44 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (WFLAGS): set
+
+Sat Nov 21 16:55:19 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * afskrb5.c: add homedir support
+
+Sun Sep 6 20:16:27 1998 Assar Westerlund <assar at sics.se>
+
+ * add new functionality for specifying the homedir to krb_afslog
+ et al
+
+Thu Jul 16 01:27:19 1998 Assar Westerlund <assar at sics.se>
+
+ * afssys.c: reorganize order of definitions.
+ (try_one, try_two): conditionalize
+
+Thu Jul 9 18:31:52 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * common.c (realm_of_cell): make the dns fallback work
+
+Wed Jul 8 01:39:44 1998 Assar Westerlund <assar at sics.se>
+
+ * afssys.c (map_syscall_name_to_number): new function for finding
+ the number of a syscall given the name on solaris
+ (k_hasafs): try using map_syscall_name_to_number
+
+Tue Jun 30 17:19:00 1998 Assar Westerlund <assar at sics.se>
+
+ * afssys.c: rewrite and add support for environment variable
+ AFS_SYSCALL
+
+ * Makefile.in (distclean): don't remove roken_rename.h
+
+Fri May 29 19:03:20 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (roken_rename.h): remove dependency
+
+Mon May 25 05:25:54 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (clean): try to remove shared library debris
+
+Sun Apr 19 09:58:40 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add symlink magic for linux
+
+Sat Apr 4 15:08:48 1998 Assar Westerlund <assar at sics.se>
+
+ * kafs.h: add arla paths
+
+ * common.c (_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
+ (_realm_of_cell): Try _PATH_ARLA_CELLSERVDB
+
+Thu Feb 19 14:50:22 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * common.c: Don't store expired tokens (this broke when using
+ pag-less rsh-sessions, and `non-standard' ticket files).
+
+Thu Feb 12 11:20:15 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Makefile.in: Install/uninstall one library at a time.
+
+Thu Feb 12 05:38:58 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (install): one library at a time.
+
+Mon Feb 9 23:40:32 1998 Assar Westerlund <assar at sics.se>
+
+ * common.c (find_cells): ignore empty lines
+
+Tue Jan 6 04:25:58 1998 Assar Westerlund <assar at sics.se>
+
+ * afssysdefs.h (AFS_SYSCALL): add FreeBSD
+
+Fri Jan 2 17:08:24 1998 Assar Westerlund <assar at sics.se>
+
+ * kafs.h: new VICEIOCTL's. From <rb at stacken.kth.se>
+
+ * afssysdefs.h: Add OpenBSD
Added: vendor-crypto/heimdal/dist/lib/kafs/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME)
+
+if KRB4
+DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto)
+krb4_am_workaround = $(INCLUDE_krb4)
+else
+DEPLIB_krb4 =
+krb4_am_workaround =
+endif # KRB4
+AM_CPPFLAGS += $(krb4_am_workaround)
+
+if KRB5
+DEPLIB_krb5 = ../krb5/libkrb5.la
+krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5
+else
+DEPLIB_krb5 =
+krb5_am_workaround =
+endif # KRB5
+AM_CPPFLAGS += $(krb5_am_workaround)
+
+
+if AIX
+AFSL_EXP = $(srcdir)/afsl.exp
+
+if AIX4
+AFS_EXTRA_LD = -bnoentry
+else
+AFS_EXTRA_LD = -e _nostart
+endif
+
+if AIX_DYNAMIC_AFS
+if HAVE_DLOPEN
+AIX_SRC =
+else
+AIX_SRC = dlfcn.c
+endif
+AFS_EXTRA_LIBS = afslib.so
+AFS_EXTRA_DEFS =
+else
+AIX_SRC = afslib.c
+AFS_EXTRA_LIBS =
+AFS_EXTRA_DEFS = -DSTATIC_AFS
+endif
+
+else
+AFSL_EXP =
+AIX_SRC =
+endif # AIX
+
+libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4)
+
+lib_LTLIBRARIES = libkafs.la
+libkafs_la_LDFLAGS = -version-info 5:1:5
+foodir = $(libdir)
+foo_DATA = $(AFS_EXTRA_LIBS)
+# EXTRA_DATA = afslib.so
+
+CLEANFILES= $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
+
+include_HEADERS = kafs.h
+
+if KRB5
+afskrb5_c = afskrb5.c
+endif
+
+if do_roken_rename
+ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
+endif
+
+dist_libkafs_la_SOURCES = \
+ afssys.c \
+ afskrb.c \
+ $(afskrb5_c) \
+ common.c \
+ $(AIX_SRC) \
+ kafs_locl.h \
+ afssysdefs.h \
+ roken_rename.h
+
+nodist_libkafs_la_SOURCES = $(ROKEN_SRCS)
+
+EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
+
+EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS)
+
+man_MANS = kafs.3
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+ ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
+
+resolve.c:
+ $(LN_S) $(srcdir)/../roken/resolve.c .
+
+strtok_r.c:
+ $(LN_S) $(srcdir)/../roken/strtok_r.c .
+
+strlcpy.c:
+ $(LN_S) $(srcdir)/../roken/strlcpy.c .
+
+strsep.c:
+ $(LN_S) $(srcdir)/../roken/strsep.c .
Added: vendor-crypto/heimdal/dist/lib/kafs/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,956 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+subdir = lib/kafs
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
+ "$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+ at KRB5_TRUE@am__DEPENDENCIES_1 = ../krb5/libkrb5.la
+am__DEPENDENCIES_2 =
+ at KRB4_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
+ at KRB4_TRUE@ $(am__DEPENDENCIES_2)
+libkafs_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_3)
+am__dist_libkafs_la_SOURCES_DIST = afssys.c afskrb.c afskrb5.c \
+ common.c afslib.c dlfcn.c kafs_locl.h afssysdefs.h \
+ roken_rename.h
+ at KRB5_TRUE@am__objects_1 = afskrb5.lo
+ at AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE at am__objects_2 = afslib.lo
+ at AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE at am__objects_2 = \
+ at AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@ dlfcn.lo
+dist_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_1) \
+ common.lo $(am__objects_2)
+ at do_roken_rename_TRUE@am__objects_3 = resolve.lo strtok_r.lo \
+ at do_roken_rename_TRUE@ strlcpy.lo strsep.lo
+nodist_libkafs_la_OBJECTS = $(am__objects_3)
+libkafs_la_OBJECTS = $(dist_libkafs_la_OBJECTS) \
+ $(nodist_libkafs_la_OBJECTS)
+libkafs_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libkafs_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(EXTRA_libkafs_la_SOURCES) $(dist_libkafs_la_SOURCES) \
+ $(nodist_libkafs_la_SOURCES)
+DIST_SOURCES = $(EXTRA_libkafs_la_SOURCES) \
+ $(am__dist_libkafs_la_SOURCES_DIST)
+man3dir = $(mandir)/man3
+MANS = $(man_MANS)
+fooDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(foo_DATA)
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) \
+ $(krb5_am_workaround)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ at KRB4_FALSE@DEPLIB_krb4 =
+ at KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto)
+ at KRB4_FALSE@krb4_am_workaround =
+ at KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4)
+ at KRB5_FALSE@DEPLIB_krb5 =
+ at KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la
+ at KRB5_FALSE@krb5_am_workaround =
+ at KRB5_TRUE@krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5
+ at AIX_FALSE@AFSL_EXP =
+ at AIX_TRUE@AFSL_EXP = $(srcdir)/afsl.exp
+ at AIX4_FALSE@@AIX_TRUE at AFS_EXTRA_LD = -e _nostart
+ at AIX4_TRUE@@AIX_TRUE at AFS_EXTRA_LD = -bnoentry
+ at AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE at AIX_SRC = afslib.c
+ at AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE at AIX_SRC = dlfcn.c
+ at AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE at AIX_SRC =
+ at AIX_FALSE@AIX_SRC =
+ at AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE at AFS_EXTRA_LIBS =
+ at AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE at AFS_EXTRA_LIBS = afslib.so
+ at AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE at AFS_EXTRA_DEFS = -DSTATIC_AFS
+ at AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE at AFS_EXTRA_DEFS =
+libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4)
+lib_LTLIBRARIES = libkafs.la
+libkafs_la_LDFLAGS = -version-info 5:1:5
+foodir = $(libdir)
+foo_DATA = $(AFS_EXTRA_LIBS)
+# EXTRA_DATA = afslib.so
+CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS)
+include_HEADERS = kafs.h
+ at KRB5_TRUE@afskrb5_c = afskrb5.c
+ at do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c
+dist_libkafs_la_SOURCES = \
+ afssys.c \
+ afskrb.c \
+ $(afskrb5_c) \
+ common.c \
+ $(AIX_SRC) \
+ kafs_locl.h \
+ afssysdefs.h \
+ roken_rename.h
+
+nodist_libkafs_la_SOURCES = $(ROKEN_SRCS)
+EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h
+EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS)
+man_MANS = kafs.3
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/kafs/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/kafs/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libkafs.la: $(libkafs_la_OBJECTS) $(libkafs_la_DEPENDENCIES)
+ $(libkafs_la_LINK) -rpath $(libdir) $(libkafs_la_OBJECTS) $(libkafs_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man3: $(man3_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+uninstall-man3:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+install-fooDATA: $(foo_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)"
+ @list='$(foo_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \
+ $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \
+ done
+
+uninstall-fooDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(foo_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \
+ rm -f "$(DESTDIR)$(foodir)/$$f"; \
+ done
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-fooDATA install-includeHEADERS install-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man3
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-fooDATA uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-man
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man3
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libLTLIBRARIES clean-libtool ctags \
+ dist-hook distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-fooDATA \
+ install-html install-html-am install-includeHEADERS \
+ install-info install-info-am install-libLTLIBRARIES \
+ install-man install-man3 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-fooDATA uninstall-hook \
+ uninstall-includeHEADERS uninstall-libLTLIBRARIES \
+ uninstall-man uninstall-man3
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+# AIX: this almost works with gcc, but somehow it fails to use the
+# correct ld, use ld instead
+afslib.so: afslib.o
+ ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp $(AFS_EXTRA_LD) afslib.o -lc
+
+resolve.c:
+ $(LN_S) $(srcdir)/../roken/resolve.c .
+
+strtok_r.c:
+ $(LN_S) $(srcdir)/../roken/strtok_r.c .
+
+strlcpy.c:
+ $(LN_S) $(srcdir)/../roken/strlcpy.c .
+
+strsep.c:
+ $(LN_S) $(srcdir)/../roken/strsep.c .
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/kafs/README.dlfcn
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/README.dlfcn (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/README.dlfcn 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,246 @@
+Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH
+Not derived from licensed software.
+
+Permission is granted to freely use, copy, modify, and redistribute
+this software, provided that the author is not construed to be liable
+for any results of using the software, alterations are clearly marked
+as such, and this notice is not modified.
+
+libdl.a
+-------
+
+This is an emulation library to emulate the SunOS/System V.4 functions
+to access the runtime linker. The functions are emulated by using the
+AIX load() function and by reading the .loader section of the loaded
+module to find the exports. The to be loaded module should be linked as
+follows (if using AIX 3):
+
+ cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS)
+
+For AIX 4:
+
+ cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS)
+
+If you want to reference symbols from the main part of the program in a
+loaded module, you will have to link against the export file of the
+main part:
+
+ cc -o main -bE:main.exp $(MAIN_OBJS)
+ cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS)
+
+Note that you explicitely have to specify what functions are supposed
+to be accessible from your loaded modules, this is different from
+SunOS/System V.4 where any global is automatically exported. If you
+want to export all globals, the following script might be of help:
+
+#!/bin/sh
+/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }'
+
+The module export file contains the symbols to be exported. Because
+this library uses the loader section, the final module.so file can be
+stripped. C++ users should build their shared objects using the script
+makeC++SharedLib (part of the IBM C++ compiler), this will make sure
+that constructors and destructors for static and global objects will be
+called upon loading and unloading the module. GNU C++ users should use
+the -shared option to g++ to link the shared object:
+
+ g++ -o module.so -shared $(OBJS)
+
+If the shared object does have permissions for anybody, the shared
+object will be loaded into the shared library segment and it will stay
+there even if the main application terminates. If you rebuild your
+shared object after a bugfix and you want to make sure that you really
+get the newest version you will have to use the "slibclean" command
+before starting the application again to garbage collect the shared
+library segment. If the performance utilities (bosperf) are installed
+you can use the following command to see what shared objects are
+loaded:
+
+/usr/lpp/bosperf/genkld | sort | uniq
+
+For easier debugging you can avoid loading the shared object into the
+shared library segment alltogether by removing permissions for others
+from the module.so file:
+
+chmod o-rwx module.so
+
+This will ensure you get a fresh copy of the shared object for every
+dlopen() call which is loaded into the application's data segment.
+
+Usage
+-----
+
+void *dlopen(const char *path, int mode);
+
+This routine loads the module pointed to by path and reads its export
+table. If the path does not contain a '/' character, dlopen will search
+for the module using the LIBPATH environment variable. It returns an
+opaque handle to the module or NULL on error. The mode parameter can be
+either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate
+function binding. The AIX implementation currently does treat RTLD_NOW
+the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the
+mode parameter to allow loaded modules to bind to global variables or
+functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is
+not specified, only globals from the main part of the executable or
+shared libraries are used to look for undefined symbols in loaded
+modules.
+
+
+void *dlsym(void *handle, const char *symbol);
+
+This routine searches for the symbol in the module referred to by
+handle and returns its address. If the symbol could not be found, the
+function returns NULL. The return value must be casted to a proper
+function pointer before it can be used. SunOS/System V.4 allows handle
+to be a NULL pointer to refer to the module the call is made from, this
+is not implemented.
+
+int dlclose(void *handle);
+
+This routine unloads the module referred to by the handle and disposes
+of any local storage. this function returns -1 on failure. Any function
+pointers obtained through dlsym() should be considered invalid after
+closing a module.
+
+As AIX caches shared objects in the shared library segment, function
+pointers obtained through dlsym() might still work even though the
+module has been unloaded. This can introduce subtle bugs that will
+segment fault later if AIX garbage collects or immediatly on
+SunOS/System V.4 as the text segment is unmapped.
+
+char *dlerror(void);
+
+This routine can be used to retrieve a text message describing the most
+recent error that occured on on of the above routines. This function
+returns NULL if there is no error information.
+
+Initialization and termination handlers
+---------------------------------------
+
+The emulation provides for an initialization and a termination
+handler. The dlfcn.h file contains a structure declaration named
+dl_info with following members:
+
+ void (*init)(void);
+ void (*fini)(void);
+
+The init function is called upon first referencing the library. The
+fini function is called at dlclose() time or when the process exits.
+The module should declare a variable named dl_info that contains this
+structure which must be exported. These functions correspond to the
+documented _init() and _fini() functions of SunOS 4.x, but these are
+appearently not implemented in SunOS. When using SunOS 5.0, these
+correspond to #pragma init and #pragma fini respectively. At the same
+time any static or global C++ object's constructors or destructors will
+be called.
+
+BUGS
+----
+
+Please note that there is currently a problem with implicitely loaded
+shared C++ libaries: if you refer to a shared C++ library from a loaded
+module that is not yet used by the main program, the dlopen() emulator
+does not notice this and does not call the static constructors for the
+implicitely loaded library. This can be easily demonstrated by
+referencing the C++ standard streams from a loaded module if the main
+program is a plain C program.
+
+Jens-Uwe Mager
+
+HELIOS Software GmbH
+Lavesstr. 80
+30159 Hannover
+Germany
+
+Phone: +49 511 36482-0
+FAX: +49 511 36482-69
+AppleLink: helios.de/jum
+Internet: jum at helios.de
+
+Revison History
+---------------
+
+SCCS/s.dlfcn.h:
+
+D 1.4 95/04/25 09:36:52 jum 4 3 00018/00004/00028
+MRs:
+COMMENTS:
+added RTLD_GLOBAL, include and C++ guards
+
+D 1.3 92/12/27 20:58:32 jum 3 2 00001/00001/00031
+MRs:
+COMMENTS:
+we always have prototypes on RS/6000
+
+D 1.2 92/08/16 17:45:11 jum 2 1 00009/00000/00023
+MRs:
+COMMENTS:
+added dl_info structure to implement initialize and terminate functions
+
+D 1.1 92/08/02 18:08:45 jum 1 0 00023/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
+SCCS/s.dlfcn.c:
+
+D 1.11 96/04/10 20:12:51 jum 13 12 00037/00000/00533
+MRs:
+COMMENTS:
+Integrated the changes from John W. Eaton <jwe at bevo.che.wisc.edu> to initialize
+g++ generated shared objects.
+
+D 1.10 96/02/15 17:42:44 jum 12 10 00012/00007/00521
+MRs:
+COMMENTS:
+the C++ constructor and destructor chains are now called properly for either
+xlC 2 or xlC 3 (CSet++).
+
+D 1.9 95/09/22 11:09:38 markus 10 9 00001/00008/00527
+MRs:
+COMMENTS:
+Fix version number
+
+D 1.8 95/09/22 10:14:34 markus 9 8 00008/00001/00527
+MRs:
+COMMENTS:
+Added version number for dl lib
+
+D 1.7 95/08/14 19:08:38 jum 8 6 00026/00004/00502
+MRs:
+COMMENTS:
+Integrated the fixes from Kirk Benell (kirk at rsinc.com) to allow loading of
+shared objects generated under AIX 4. Fixed bug that symbols with exactly
+8 characters would use garbage characters from the following symbol value.
+
+D 1.6 95/04/25 09:38:03 jum 6 5 00046/00006/00460
+MRs:
+COMMENTS:
+added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules
+
+D 1.5 93/02/14 20:14:17 jum 5 4 00002/00000/00464
+MRs:
+COMMENTS:
+added path to dlopen error message to make clear where there error occured.
+
+D 1.4 93/01/03 19:13:56 jum 4 3 00061/00005/00403
+MRs:
+COMMENTS:
+to allow calling symbols in the main module call load with L_NOAUTODEFER and
+do a loadbind later with the main module.
+
+D 1.3 92/12/27 20:59:55 jum 3 2 00066/00008/00342
+MRs:
+COMMENTS:
+added search by L_GETINFO if module got loaded by LIBPATH
+
+D 1.2 92/08/16 17:45:43 jum 2 1 00074/00006/00276
+MRs:
+COMMENTS:
+implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library
+
+D 1.1 92/08/02 18:08:45 jum 1 0 00282/00000/00000
+MRs:
+COMMENTS:
+Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum
+
Added: vendor-crypto/heimdal/dist/lib/kafs/afskrb.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afskrb.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afskrb.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#ifdef KRB4
+
+struct krb_kafs_data {
+ const char *realm;
+};
+
+static int
+get_cred(struct kafs_data *data, const char *name, const char *inst,
+ const char *realm, uid_t uid, struct kafs_token *kt)
+{
+ CREDENTIALS c;
+ KTEXT_ST tkt;
+ int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
+
+ if (ret) {
+ ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0);
+ if (ret == KSUCCESS)
+ ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c);
+ }
+ if (ret == 0)
+ ret = _kafs_v4_to_kt(&c, uid, kt);
+ return ret;
+}
+
+static int
+afslog_uid_int(struct kafs_data *data,
+ const char *cell,
+ const char *realm_hint,
+ uid_t uid,
+ const char *homedir)
+{
+ int ret;
+ struct kafs_token kt;
+ char name[ANAME_SZ];
+ char inst[INST_SZ];
+ char realm[REALM_SZ];
+
+ kt.ticket = NULL;
+
+ if (cell == 0 || cell[0] == 0)
+ return _kafs_afslog_all_local_cells (data, uid, homedir);
+
+ /* Extract realm from ticket file. */
+ ret = krb_get_tf_fullname(tkt_string(), name, inst, realm);
+ if (ret != KSUCCESS)
+ return ret;
+
+ kt.ticket = NULL;
+ ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt);
+
+ if (ret == 0) {
+ ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
+ free(kt.ticket);
+ }
+ return ret;
+}
+
+static char *
+get_realm(struct kafs_data *data, const char *host)
+{
+ char *r = krb_realmofhost(host);
+ if(r != NULL)
+ return strdup(r);
+ else
+ return NULL;
+}
+
+int
+krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
+ const char *homedir)
+{
+ struct kafs_data kd;
+
+ kd.name = "krb4";
+ kd.afslog_uid = afslog_uid_int;
+ kd.get_cred = get_cred;
+ kd.get_realm = get_realm;
+ kd.data = 0;
+ return afslog_uid_int(&kd, cell, realm_hint, uid, homedir);
+}
+
+int
+krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
+{
+ return krb_afslog_uid_home(cell, realm_hint, uid, NULL);
+}
+
+int
+krb_afslog(const char *cell, const char *realm_hint)
+{
+ return krb_afslog_uid(cell, realm_hint, getuid());
+}
+
+int
+krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
+{
+ return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir);
+}
+
+/*
+ *
+ */
+
+int
+krb_realm_of_cell(const char *cell, char **realm)
+{
+ struct kafs_data kd;
+
+ kd.name = "krb4";
+ kd.get_realm = get_realm;
+ return _kafs_realm_of_cell(&kd, cell, realm);
+}
+
+int
+kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c)
+{
+ struct kafs_token kt;
+ int ret;
+
+ kt.ticket = NULL;
+
+ ret = _kafs_v4_to_kt(c, uid, &kt);
+ if (ret)
+ return ret;
+
+ if (kt.ct.EndTimestamp < time(NULL)) {
+ free(kt.ticket);
+ return 0;
+ }
+
+ ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
+ free(kt.ticket);
+ return ret;
+}
+
+#else /* KRB4 */
+
+#define KAFS_KRBET_KDC_SERVICE_EXP 39525378
+
+int
+krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid,
+ const char *homedir)
+{
+ return KAFS_KRBET_KDC_SERVICE_EXP;
+}
+
+int
+krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid)
+{
+ return KAFS_KRBET_KDC_SERVICE_EXP;
+}
+
+int
+krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir)
+{
+ return KAFS_KRBET_KDC_SERVICE_EXP;
+}
+
+int
+krb_afslog(const char *cell, const char *realm_hint)
+{
+ return KAFS_KRBET_KDC_SERVICE_EXP;
+}
+
+int
+krb_realm_of_cell(const char *cell, char **realm)
+{
+ *realm = NULL;
+ return KAFS_KRBET_KDC_SERVICE_EXP;
+}
+
+int kafs_settoken (const char*, uid_t, struct credentials *);
+
+int
+kafs_settoken(const char *cell, uid_t uid, struct credentials *c)
+{
+ return KAFS_KRBET_KDC_SERVICE_EXP;
+}
+
+#endif /* KRB4 */
Added: vendor-crypto/heimdal/dist/lib/kafs/afskrb5.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afskrb5.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afskrb5.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,338 @@
+/*
+ * Copyright (c) 1995-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afskrb5.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct krb5_kafs_data {
+ krb5_context context;
+ krb5_ccache id;
+ krb5_const_realm realm;
+};
+
+enum {
+ KAFS_RXKAD_2B_KVNO = 213,
+ KAFS_RXKAD_K5_KVNO = 256
+};
+
+static int
+v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524)
+{
+ int kvno, ret;
+
+ kt->ticket = NULL;
+
+ /* check if des key */
+ if (cred->session.keyvalue.length != 8)
+ return EINVAL;
+
+ if (local524) {
+ Ticket t;
+ unsigned char *buf;
+ size_t buf_len;
+ size_t len;
+
+ kvno = KAFS_RXKAD_2B_KVNO;
+
+ ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
+ if (ret)
+ return ret;
+ if (t.tkt_vno != 5)
+ return -1;
+
+ ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_len, &t.enc_part,
+ &len, ret);
+ free_Ticket(&t);
+ if (ret)
+ return ret;
+ if(buf_len != len) {
+ free(buf);
+ return KRB5KRB_ERR_GENERIC;
+ }
+
+ kt->ticket = buf;
+ kt->ticket_len = buf_len;
+
+ } else {
+ kvno = KAFS_RXKAD_K5_KVNO;
+ kt->ticket = malloc(cred->ticket.length);
+ if (kt->ticket == NULL)
+ return ENOMEM;
+ kt->ticket_len = cred->ticket.length;
+ memcpy(kt->ticket, cred->ticket.data, kt->ticket_len);
+
+ ret = 0;
+ }
+
+
+ /*
+ * Build a struct ClearToken
+ */
+
+ kt->ct.AuthHandle = kvno;
+ memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8);
+ kt->ct.ViceId = uid;
+ kt->ct.BeginTimestamp = cred->times.starttime;
+ kt->ct.EndTimestamp = cred->times.endtime;
+
+ _kafs_fixup_viceid(&kt->ct, uid);
+
+ return 0;
+}
+
+static krb5_error_code
+v5_convert(krb5_context context, krb5_ccache id,
+ krb5_creds *cred, uid_t uid,
+ const char *cell,
+ struct kafs_token *kt)
+{
+ krb5_error_code ret;
+ char *c, *val;
+
+ c = strdup(cell);
+ if (c == NULL)
+ return ENOMEM;
+ _kafs_foldup(c, c);
+ krb5_appdefault_string (context, "libkafs",
+ c,
+ "afs-use-524", "2b", &val);
+ free(c);
+
+ if (strcasecmp(val, "local") == 0 ||
+ strcasecmp(val, "2b") == 0)
+ ret = v5_to_kt(cred, uid, kt, 1);
+ else if(strcasecmp(val, "yes") == 0 ||
+ strcasecmp(val, "true") == 0 ||
+ atoi(val)) {
+ struct credentials cred4;
+
+ if (id == NULL)
+ ret = krb524_convert_creds_kdc(context, cred, &cred4);
+ else
+ ret = krb524_convert_creds_kdc_ccache(context, id, cred, &cred4);
+ if (ret)
+ goto out;
+
+ ret = _kafs_v4_to_kt(&cred4, uid, kt);
+ } else
+ ret = v5_to_kt(cred, uid, kt, 0);
+
+ out:
+ free(val);
+ return ret;
+}
+
+
+/*
+ *
+ */
+
+static int
+get_cred(struct kafs_data *data, const char *name, const char *inst,
+ const char *realm, uid_t uid, struct kafs_token *kt)
+{
+ krb5_error_code ret;
+ krb5_creds in_creds, *out_creds;
+ struct krb5_kafs_data *d = data->data;
+
+ memset(&in_creds, 0, sizeof(in_creds));
+ ret = krb5_425_conv_principal(d->context, name, inst, realm,
+ &in_creds.server);
+ if(ret)
+ return ret;
+ ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client);
+ if(ret){
+ krb5_free_principal(d->context, in_creds.server);
+ return ret;
+ }
+ in_creds.session.keytype = ETYPE_DES_CBC_CRC;
+ ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
+ krb5_free_principal(d->context, in_creds.server);
+ krb5_free_principal(d->context, in_creds.client);
+ if(ret)
+ return ret;
+
+ ret = v5_convert(d->context, d->id, out_creds, uid,
+ (inst != NULL && inst[0] != '\0') ? inst : realm, kt);
+ krb5_free_creds(d->context, out_creds);
+
+ return ret;
+}
+
+static krb5_error_code
+afslog_uid_int(struct kafs_data *data, const char *cell, const char *rh,
+ uid_t uid, const char *homedir)
+{
+ krb5_error_code ret;
+ struct kafs_token kt;
+ krb5_principal princ;
+ const char *trealm; /* ticket realm */
+ struct krb5_kafs_data *d = data->data;
+
+ if (cell == 0 || cell[0] == 0)
+ return _kafs_afslog_all_local_cells (data, uid, homedir);
+
+ ret = krb5_cc_get_principal (d->context, d->id, &princ);
+ if (ret)
+ return ret;
+
+ trealm = krb5_principal_get_realm (d->context, princ);
+
+ kt.ticket = NULL;
+ ret = _kafs_get_cred(data, cell, d->realm, trealm, uid, &kt);
+ krb5_free_principal (d->context, princ);
+
+ if(ret == 0) {
+ ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
+ free(kt.ticket);
+ }
+ return ret;
+}
+
+static char *
+get_realm(struct kafs_data *data, const char *host)
+{
+ struct krb5_kafs_data *d = data->data;
+ krb5_realm *realms;
+ char *r;
+ if(krb5_get_host_realm(d->context, host, &realms))
+ return NULL;
+ r = strdup(realms[0]);
+ krb5_free_host_realm(d->context, realms);
+ return r;
+}
+
+krb5_error_code
+krb5_afslog_uid_home(krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm,
+ uid_t uid,
+ const char *homedir)
+{
+ struct kafs_data kd;
+ struct krb5_kafs_data d;
+ krb5_error_code ret;
+
+ kd.name = "krb5";
+ kd.afslog_uid = afslog_uid_int;
+ kd.get_cred = get_cred;
+ kd.get_realm = get_realm;
+ kd.data = &d;
+ if (context == NULL) {
+ ret = krb5_init_context(&d.context);
+ if (ret)
+ return ret;
+ } else
+ d.context = context;
+ if (id == NULL) {
+ ret = krb5_cc_default(d.context, &d.id);
+ if (ret)
+ goto out;
+ } else
+ d.id = id;
+ d.realm = realm;
+ ret = afslog_uid_int(&kd, cell, 0, uid, homedir);
+ if (id == NULL)
+ krb5_cc_close(context, d.id);
+ out:
+ if (context == NULL)
+ krb5_free_context(d.context);
+ return ret;
+}
+
+krb5_error_code
+krb5_afslog_uid(krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm,
+ uid_t uid)
+{
+ return krb5_afslog_uid_home (context, id, cell, realm, uid, NULL);
+}
+
+krb5_error_code
+krb5_afslog(krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm)
+{
+ return krb5_afslog_uid (context, id, cell, realm, getuid());
+}
+
+krb5_error_code
+krb5_afslog_home(krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm,
+ const char *homedir)
+{
+ return krb5_afslog_uid_home (context, id, cell, realm, getuid(), homedir);
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_realm_of_cell(const char *cell, char **realm)
+{
+ struct kafs_data kd;
+
+ kd.name = "krb5";
+ kd.get_realm = get_realm;
+ return _kafs_realm_of_cell(&kd, cell, realm);
+}
+
+/*
+ *
+ */
+
+int
+kafs_settoken5(krb5_context context, const char *cell, uid_t uid,
+ krb5_creds *cred)
+{
+ struct kafs_token kt;
+ int ret;
+
+ ret = v5_convert(context, NULL, cred, uid, cell, &kt);
+ if (ret)
+ return ret;
+
+ ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len);
+
+ free(kt.ticket);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kafs/afsl.exp
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afsl.exp (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afsl.exp 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6 @@
+#!/unix
+
+* This mumbo jumbo creates entry points to syscalls in _AIX
+
+lpioctl syscall
+lsetpag syscall
Added: vendor-crypto/heimdal/dist/lib/kafs/afslib.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afslib.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afslib.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This file is only used with AIX
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afslib.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int
+aix_pioctl(char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks)
+{
+ return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
+}
+
+int
+aix_setpag(void)
+{
+ return lsetpag();
+}
Added: vendor-crypto/heimdal/dist/lib/kafs/afslib.exp
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afslib.exp (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afslib.exp 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+#!
+aix_pioctl
+aix_setpag
Added: vendor-crypto/heimdal/dist/lib/kafs/afssys.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afssys.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afssys.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,562 @@
+/*
+ * Copyright (c) 1995 - 2000, 2002, 2004, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: afssys.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+struct procdata {
+ unsigned long param4;
+ unsigned long param3;
+ unsigned long param2;
+ unsigned long param1;
+ unsigned long syscall;
+};
+#define VIOC_SYSCALL_PROC _IOW('C', 1, void *)
+
+struct devdata {
+ unsigned long syscall;
+ unsigned long param1;
+ unsigned long param2;
+ unsigned long param3;
+ unsigned long param4;
+ unsigned long param5;
+ unsigned long param6;
+ unsigned long retval;
+};
+#define VIOC_SYSCALL_DEV _IOWR('C', 2, struct devdata)
+#define VIOC_SYSCALL_DEV_OPENAFS _IOWR('C', 1, struct devdata)
+
+
+int _kafs_debug; /* this should be done in a better way */
+
+#define UNKNOWN_ENTRY_POINT (-1)
+#define NO_ENTRY_POINT 0
+#define SINGLE_ENTRY_POINT 1
+#define MULTIPLE_ENTRY_POINT 2
+#define SINGLE_ENTRY_POINT2 3
+#define SINGLE_ENTRY_POINT3 4
+#define LINUX_PROC_POINT 5
+#define AIX_ENTRY_POINTS 6
+#define MACOS_DEV_POINT 7
+
+static int afs_entry_point = UNKNOWN_ENTRY_POINT;
+static int afs_syscalls[2];
+static char *afs_ioctlpath;
+static unsigned long afs_ioctlnum;
+
+/* Magic to get AIX syscalls to work */
+#ifdef _AIX
+
+static int (*Pioctl)(char*, int, struct ViceIoctl*, int);
+static int (*Setpag)(void);
+
+#include "dlfcn.h"
+
+/*
+ *
+ */
+
+static int
+try_aix(void)
+{
+#ifdef STATIC_AFS_SYSCALLS
+ Pioctl = aix_pioctl;
+ Setpag = aix_setpag;
+#else
+ void *ptr;
+ char path[MaxPathLen], *p;
+ /*
+ * If we are root or running setuid don't trust AFSLIBPATH!
+ */
+ if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
+ strlcpy(path, p, sizeof(path));
+ else
+ snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
+
+ ptr = dlopen(path, RTLD_NOW);
+ if(ptr == NULL) {
+ if(_kafs_debug) {
+ if(errno == ENOEXEC && (p = dlerror()) != NULL)
+ fprintf(stderr, "dlopen(%s): %s\n", path, p);
+ else if (errno != ENOENT)
+ fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno));
+ }
+ return 1;
+ }
+ Setpag = (int (*)(void))dlsym(ptr, "aix_setpag");
+ Pioctl = (int (*)(char*, int,
+ struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl");
+#endif
+ afs_entry_point = AIX_ENTRY_POINTS;
+ return 0;
+}
+#endif /* _AIX */
+
+/*
+ * This probably only works under Solaris and could get confused if
+ * there's a /etc/name_to_sysnum file.
+ */
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+
+#define _PATH_ETC_NAME_TO_SYSNUM "/etc/name_to_sysnum"
+
+static int
+map_syscall_name_to_number (const char *str, int *res)
+{
+ FILE *f;
+ char buf[256];
+ size_t str_len = strlen (str);
+
+ f = fopen (_PATH_ETC_NAME_TO_SYSNUM, "r");
+ if (f == NULL)
+ return -1;
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ if (buf[0] == '#')
+ continue;
+
+ if (strncmp (str, buf, str_len) == 0) {
+ char *begptr = buf + str_len;
+ char *endptr;
+ long val = strtol (begptr, &endptr, 0);
+
+ if (val != 0 && endptr != begptr) {
+ fclose (f);
+ *res = val;
+ return 0;
+ }
+ }
+ }
+ fclose (f);
+ return -1;
+}
+#endif
+
+static int
+try_ioctlpath(const char *path, unsigned long ioctlnum, int entrypoint)
+{
+ int fd, ret, saved_errno;
+
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return 1;
+ switch (entrypoint) {
+ case LINUX_PROC_POINT: {
+ struct procdata data = { 0, 0, 0, 0, AFSCALL_PIOCTL };
+ data.param2 = (unsigned long)VIOCGETTOK;
+ ret = ioctl(fd, ioctlnum, &data);
+ break;
+ }
+ case MACOS_DEV_POINT: {
+ struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 };
+ data.param2 = (unsigned long)VIOCGETTOK;
+ ret = ioctl(fd, ioctlnum, &data);
+ break;
+ }
+ default:
+ abort();
+ }
+ saved_errno = errno;
+ close(fd);
+ /*
+ * Be quite liberal in what error are ok, the first is the one
+ * that should trigger given that params is NULL.
+ */
+ if (ret &&
+ (saved_errno != EFAULT &&
+ saved_errno != EDOM &&
+ saved_errno != ENOTCONN))
+ return 1;
+ afs_ioctlnum = ioctlnum;
+ afs_ioctlpath = strdup(path);
+ if (afs_ioctlpath == NULL)
+ return 1;
+ afs_entry_point = entrypoint;
+ return 0;
+}
+
+static int
+do_ioctl(void *data)
+{
+ int fd, ret, saved_errno;
+ fd = open(afs_ioctlpath, O_RDWR);
+ if (fd < 0) {
+ errno = EINVAL;
+ return -1;
+ }
+ ret = ioctl(fd, afs_ioctlnum, data);
+ saved_errno = errno;
+ close(fd);
+ errno = saved_errno;
+ return ret;
+}
+
+int
+k_pioctl(char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks)
+{
+#ifndef NO_AFS
+ switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ case SINGLE_ENTRY_POINT:
+ case SINGLE_ENTRY_POINT2:
+ case SINGLE_ENTRY_POINT3:
+ return syscall(afs_syscalls[0], AFSCALL_PIOCTL,
+ a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+#if defined(AFS_PIOCTL)
+ case MULTIPLE_ENTRY_POINT:
+ return syscall(afs_syscalls[0],
+ a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+ case LINUX_PROC_POINT: {
+ struct procdata data = { 0, 0, 0, 0, AFSCALL_PIOCTL };
+ data.param1 = (unsigned long)a_path;
+ data.param2 = (unsigned long)o_opcode;
+ data.param3 = (unsigned long)a_paramsP;
+ data.param4 = (unsigned long)a_followSymlinks;
+ return do_ioctl(&data);
+ }
+ case MACOS_DEV_POINT: {
+ struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 };
+ int ret;
+
+ data.param1 = (unsigned long)a_path;
+ data.param2 = (unsigned long)o_opcode;
+ data.param3 = (unsigned long)a_paramsP;
+ data.param4 = (unsigned long)a_followSymlinks;
+
+ ret = do_ioctl(&data);
+ if (ret)
+ return ret;
+
+ return data.retval;
+ }
+#ifdef _AIX
+ case AIX_ENTRY_POINTS:
+ return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks);
+#endif
+ }
+ errno = ENOSYS;
+#ifdef SIGSYS
+ kill(getpid(), SIGSYS); /* You lose! */
+#endif
+#endif /* NO_AFS */
+ return -1;
+}
+
+int
+k_afs_cell_of_file(const char *path, char *cell, int len)
+{
+ struct ViceIoctl parms;
+ parms.in = NULL;
+ parms.in_size = 0;
+ parms.out = cell;
+ parms.out_size = len;
+ return k_pioctl(rk_UNCONST(path), VIOC_FILE_CELL_NAME, &parms, 1);
+}
+
+int
+k_unlog(void)
+{
+ struct ViceIoctl parms;
+ memset(&parms, 0, sizeof(parms));
+ return k_pioctl(0, VIOCUNLOG, &parms, 0);
+}
+
+int
+k_setpag(void)
+{
+#ifndef NO_AFS
+ switch(afs_entry_point){
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ case SINGLE_ENTRY_POINT:
+ case SINGLE_ENTRY_POINT2:
+ case SINGLE_ENTRY_POINT3:
+ return syscall(afs_syscalls[0], AFSCALL_SETPAG);
+#endif
+#if defined(AFS_PIOCTL)
+ case MULTIPLE_ENTRY_POINT:
+ return syscall(afs_syscalls[1]);
+#endif
+ case LINUX_PROC_POINT: {
+ struct procdata data = { 0, 0, 0, 0, AFSCALL_SETPAG };
+ return do_ioctl(&data);
+ }
+ case MACOS_DEV_POINT: {
+ struct devdata data = { AFSCALL_SETPAG, 0, 0, 0, 0, 0, 0, 0 };
+ int ret = do_ioctl(&data);
+ if (ret)
+ return ret;
+ return data.retval;
+ }
+#ifdef _AIX
+ case AIX_ENTRY_POINTS:
+ return Setpag();
+#endif
+ }
+
+ errno = ENOSYS;
+#ifdef SIGSYS
+ kill(getpid(), SIGSYS); /* You lose! */
+#endif
+#endif /* NO_AFS */
+ return -1;
+}
+
+static jmp_buf catch_SIGSYS;
+
+#ifdef SIGSYS
+
+static RETSIGTYPE
+SIGSYS_handler(int sig)
+{
+ errno = 0;
+ signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */
+ longjmp(catch_SIGSYS, 1);
+}
+
+#endif
+
+/*
+ * Try to see if `syscall' is a pioctl. Return 0 iff succesful.
+ */
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+static int
+try_one (int syscall_num)
+{
+ struct ViceIoctl parms;
+ memset(&parms, 0, sizeof(parms));
+
+ if (setjmp(catch_SIGSYS) == 0) {
+ syscall(syscall_num, AFSCALL_PIOCTL,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL) {
+ afs_entry_point = SINGLE_ENTRY_POINT;
+ afs_syscalls[0] = syscall_num;
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
+/*
+ * Try to see if `syscall_pioctl' is a pioctl syscall. Return 0 iff
+ * succesful.
+ *
+ */
+
+#ifdef AFS_PIOCTL
+static int
+try_two (int syscall_pioctl, int syscall_setpag)
+{
+ struct ViceIoctl parms;
+ memset(&parms, 0, sizeof(parms));
+
+ if (setjmp(catch_SIGSYS) == 0) {
+ syscall(syscall_pioctl,
+ 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ if (errno == EINVAL) {
+ afs_entry_point = MULTIPLE_ENTRY_POINT;
+ afs_syscalls[0] = syscall_pioctl;
+ afs_syscalls[1] = syscall_setpag;
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
+
+int
+k_hasafs(void)
+{
+#if !defined(NO_AFS) && defined(SIGSYS)
+ RETSIGTYPE (*saved_func)(int);
+#endif
+ int saved_errno, ret;
+ char *env = NULL;
+
+ if (!issuid())
+ env = getenv ("AFS_SYSCALL");
+
+ /*
+ * Already checked presence of AFS syscalls?
+ */
+ if (afs_entry_point != UNKNOWN_ENTRY_POINT)
+ return afs_entry_point != NO_ENTRY_POINT;
+
+ /*
+ * Probe kernel for AFS specific syscalls,
+ * they (currently) come in two flavors.
+ * If the syscall is absent we recive a SIGSYS.
+ */
+ afs_entry_point = NO_ENTRY_POINT;
+
+ saved_errno = errno;
+#ifndef NO_AFS
+#ifdef SIGSYS
+ saved_func = signal(SIGSYS, SIGSYS_handler);
+#endif
+ if (env && strstr(env, "..") == NULL) {
+
+ if (strncmp("/proc/", env, 6) == 0) {
+ if (try_ioctlpath(env, VIOC_SYSCALL_PROC, LINUX_PROC_POINT) == 0)
+ goto done;
+ }
+ if (strncmp("/dev/", env, 5) == 0) {
+ if (try_ioctlpath(env, VIOC_SYSCALL_DEV, MACOS_DEV_POINT) == 0)
+ goto done;
+ if (try_ioctlpath(env,VIOC_SYSCALL_DEV_OPENAFS,MACOS_DEV_POINT) ==0)
+ goto done;
+ }
+ }
+
+ ret = try_ioctlpath("/proc/fs/openafs/afs_ioctl",
+ VIOC_SYSCALL_PROC, LINUX_PROC_POINT);
+ if (ret == 0)
+ goto done;
+ ret = try_ioctlpath("/proc/fs/nnpfs/afs_ioctl",
+ VIOC_SYSCALL_PROC, LINUX_PROC_POINT);
+ if (ret == 0)
+ goto done;
+
+ ret = try_ioctlpath("/dev/openafs_ioctl",
+ VIOC_SYSCALL_DEV_OPENAFS, MACOS_DEV_POINT);
+ if (ret == 0)
+ goto done;
+ ret = try_ioctlpath("/dev/nnpfs_ioctl", VIOC_SYSCALL_DEV, MACOS_DEV_POINT);
+ if (ret == 0)
+ goto done;
+
+#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3)
+ {
+ int tmp;
+
+ if (env != NULL) {
+ if (sscanf (env, "%d", &tmp) == 1) {
+ if (try_one (tmp) == 0)
+ goto done;
+ } else {
+ char *end = NULL;
+ char *p;
+ char *s = strdup (env);
+
+ if (s != NULL) {
+ for (p = strtok_r (s, ",", &end);
+ p != NULL;
+ p = strtok_r (NULL, ",", &end)) {
+ if (map_syscall_name_to_number (p, &tmp) == 0)
+ if (try_one (tmp) == 0) {
+ free (s);
+ goto done;
+ }
+ }
+ free (s);
+ }
+ }
+ }
+ }
+#endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */
+
+#ifdef AFS_SYSCALL
+ if (try_one (AFS_SYSCALL) == 0)
+ goto done;
+#endif /* AFS_SYSCALL */
+
+#ifdef AFS_PIOCTL
+ {
+ int tmp[2];
+
+ if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2)
+ if (try_two (tmp[0], tmp[1]) == 2)
+ goto done;
+ }
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_PIOCTL
+ if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0)
+ goto done;
+#endif /* AFS_PIOCTL */
+
+#ifdef AFS_SYSCALL2
+ if (try_one (AFS_SYSCALL2) == 0)
+ goto done;
+#endif /* AFS_SYSCALL2 */
+
+#ifdef AFS_SYSCALL3
+ if (try_one (AFS_SYSCALL3) == 0)
+ goto done;
+#endif /* AFS_SYSCALL3 */
+
+#ifdef _AIX
+#if 0
+ if (env != NULL) {
+ char *pos = NULL;
+ char *pioctl_name;
+ char *setpag_name;
+
+ pioctl_name = strtok_r (env, ", \t", &pos);
+ if (pioctl_name != NULL) {
+ setpag_name = strtok_r (NULL, ", \t", &pos);
+ if (setpag_name != NULL)
+ if (try_aix (pioctl_name, setpag_name) == 0)
+ goto done;
+ }
+ }
+#endif
+
+ if(try_aix() == 0)
+ goto done;
+#endif
+
+
+done:
+#ifdef SIGSYS
+ signal(SIGSYS, saved_func);
+#endif
+#endif /* NO_AFS */
+ errno = saved_errno;
+ return afs_entry_point != NO_ENTRY_POINT;
+}
+
+int
+k_hasafs_recheck(void)
+{
+ afs_entry_point = UNKNOWN_ENTRY_POINT;
+ return k_hasafs();
+}
Added: vendor-crypto/heimdal/dist/lib/kafs/afssysdefs.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/afssysdefs.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/afssysdefs.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 1995 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: afssysdefs.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+/*
+ * This section is for machines using single entry point AFS syscalls!
+ * and/or
+ * This section is for machines using multiple entry point AFS syscalls!
+ *
+ * SunOS 4 is an example of single entry point and sgi of multiple
+ * entry point syscalls.
+ */
+
+#if SunOS == 40
+#define AFS_SYSCALL 31
+#endif
+
+#if SunOS >= 50 && SunOS < 57
+#define AFS_SYSCALL 105
+#endif
+
+#if SunOS == 57
+#define AFS_SYSCALL 73
+#endif
+
+#if SunOS >= 58
+#define AFS_SYSCALL 65
+#endif
+
+#if defined(__hpux)
+#define AFS_SYSCALL 50
+#define AFS_SYSCALL2 49
+#define AFS_SYSCALL3 48
+#endif
+
+#if defined(_AIX)
+/* _AIX is too weird */
+#endif
+
+#if defined(__sgi)
+#define AFS_PIOCTL (64+1000)
+#define AFS_SETPAG (65+1000)
+#endif
+
+#if defined(__osf__)
+#define AFS_SYSCALL 232
+#define AFS_SYSCALL2 258
+#endif
+
+#if defined(__ultrix)
+#define AFS_SYSCALL 31
+#endif
+
+#if defined(__FreeBSD__)
+#if __FreeBSD_version >= 500000
+#define AFS_SYSCALL 339
+#else
+#define AFS_SYSCALL 210
+#endif
+#endif /* __FreeBSD__ */
+
+#ifdef __DragonFly__
+#ifndef AFS_SYSCALL
+#define AFS_SYSCALL 339
+#endif
+#endif
+
+#ifdef __OpenBSD__
+#define AFS_SYSCALL 208
+#endif
+
+#if defined(__NetBSD__)
+#define AFS_SYSCALL 210
+#endif
+
+#ifdef __APPLE__ /* MacOS X */
+#define AFS_SYSCALL 230
+#endif
+
+#ifdef SYS_afs_syscall
+#define AFS_SYSCALL3 SYS_afs_syscall
+#endif
Added: vendor-crypto/heimdal/dist/lib/kafs/common.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/common.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/common.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,492 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "kafs_locl.h"
+
+RCSID("$Id: common.c,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $");
+
+#define AUTH_SUPERUSER "afs"
+
+/*
+ * Here only ASCII characters are relevant.
+ */
+
+#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z')
+
+#define ToAsciiUpper(c) ((c) - 'a' + 'A')
+
+static void (*kafs_verbose)(void *, const char *);
+static void *kafs_verbose_ctx;
+
+void
+_kafs_foldup(char *a, const char *b)
+{
+ for (; *b; a++, b++)
+ if (IsAsciiLower(*b))
+ *a = ToAsciiUpper(*b);
+ else
+ *a = *b;
+ *a = '\0';
+}
+
+void
+kafs_set_verbose(void (*f)(void *, const char *), void *ctx)
+{
+ if (f) {
+ kafs_verbose = f;
+ kafs_verbose_ctx = ctx;
+ }
+}
+
+int
+kafs_settoken_rxkad(const char *cell, struct ClearToken *ct,
+ void *ticket, size_t ticket_len)
+{
+ struct ViceIoctl parms;
+ char buf[2048], *t;
+ int32_t sizeof_x;
+
+ t = buf;
+ /*
+ * length of secret token followed by secret token
+ */
+ sizeof_x = ticket_len;
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ memcpy(t, ticket, sizeof_x);
+ t += sizeof_x;
+ /*
+ * length of clear token followed by clear token
+ */
+ sizeof_x = sizeof(*ct);
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ memcpy(t, ct, sizeof_x);
+ t += sizeof_x;
+
+ /*
+ * do *not* mark as primary cell
+ */
+ sizeof_x = 0;
+ memcpy(t, &sizeof_x, sizeof(sizeof_x));
+ t += sizeof(sizeof_x);
+ /*
+ * follow with cell name
+ */
+ sizeof_x = strlen(cell) + 1;
+ memcpy(t, cell, sizeof_x);
+ t += sizeof_x;
+
+ /*
+ * Build argument block
+ */
+ parms.in = buf;
+ parms.in_size = t - buf;
+ parms.out = 0;
+ parms.out_size = 0;
+
+ return k_pioctl(0, VIOCSETTOK, &parms, 0);
+}
+
+void
+_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid)
+{
+#define ODD(x) ((x) & 1)
+ /* According to Transarc conventions ViceId is valid iff
+ * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime
+ * the transformations:
+ *
+ * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life)
+ * preserves the original values.
+ */
+ if (uid != 0) /* valid ViceId */
+ {
+ if (!ODD(ct->EndTimestamp - ct->BeginTimestamp))
+ ct->EndTimestamp--;
+ }
+ else /* not valid ViceId */
+ {
+ if (ODD(ct->EndTimestamp - ct->BeginTimestamp))
+ ct->EndTimestamp--;
+ }
+}
+
+
+int
+_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt)
+{
+ kt->ticket = NULL;
+
+ if (c->ticket_st.length > MAX_KTXT_LEN)
+ return EINVAL;
+
+ kt->ticket = malloc(c->ticket_st.length);
+ if (kt->ticket == NULL)
+ return ENOMEM;
+ kt->ticket_len = c->ticket_st.length;
+ memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len);
+
+ /*
+ * Build a struct ClearToken
+ */
+ kt->ct.AuthHandle = c->kvno;
+ memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session));
+ kt->ct.ViceId = uid;
+ kt->ct.BeginTimestamp = c->issue_date;
+ kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime);
+
+ _kafs_fixup_viceid(&kt->ct, uid);
+
+ return 0;
+}
+
+/* Try to get a db-server for an AFS cell from a AFSDB record */
+
+static int
+dns_find_cell(const char *cell, char *dbserver, size_t len)
+{
+ struct dns_reply *r;
+ int ok = -1;
+ r = dns_lookup(cell, "afsdb");
+ if(r){
+ struct resource_record *rr = r->head;
+ while(rr){
+ if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){
+ strlcpy(dbserver,
+ rr->u.afsdb->domain,
+ len);
+ ok = 0;
+ break;
+ }
+ rr = rr->next;
+ }
+ dns_free_data(r);
+ }
+ return ok;
+}
+
+
+/*
+ * Try to find the cells we should try to klog to in "file".
+ */
+static void
+find_cells(const char *file, char ***cells, int *idx)
+{
+ FILE *f;
+ char cell[64];
+ int i;
+ int ind = *idx;
+
+ f = fopen(file, "r");
+ if (f == NULL)
+ return;
+ while (fgets(cell, sizeof(cell), f)) {
+ char *t;
+ t = cell + strlen(cell);
+ for (; t >= cell; t--)
+ if (*t == '\n' || *t == '\t' || *t == ' ')
+ *t = 0;
+ if (cell[0] == '\0' || cell[0] == '#')
+ continue;
+ for(i = 0; i < ind; i++)
+ if(strcmp((*cells)[i], cell) == 0)
+ break;
+ if(i == ind){
+ char **tmp;
+
+ tmp = realloc(*cells, (ind + 1) * sizeof(**cells));
+ if (tmp == NULL)
+ break;
+ *cells = tmp;
+ (*cells)[ind] = strdup(cell);
+ if ((*cells)[ind] == NULL)
+ break;
+ ++ind;
+ }
+ }
+ fclose(f);
+ *idx = ind;
+}
+
+/*
+ * Get tokens for all cells[]
+ */
+static int
+afslog_cells(struct kafs_data *data, char **cells, int max, uid_t uid,
+ const char *homedir)
+{
+ int ret = 0;
+ int i;
+ for (i = 0; i < max; i++) {
+ int er = (*data->afslog_uid)(data, cells[i], 0, uid, homedir);
+ if (er)
+ ret = er;
+ }
+ return ret;
+}
+
+int
+_kafs_afslog_all_local_cells(struct kafs_data *data,
+ uid_t uid, const char *homedir)
+{
+ int ret;
+ char **cells = NULL;
+ int idx = 0;
+
+ if (homedir == NULL)
+ homedir = getenv("HOME");
+ if (homedir != NULL) {
+ char home[MaxPathLen];
+ snprintf(home, sizeof(home), "%s/.TheseCells", homedir);
+ find_cells(home, &cells, &idx);
+ }
+ find_cells(_PATH_THESECELLS, &cells, &idx);
+ find_cells(_PATH_THISCELL, &cells, &idx);
+ find_cells(_PATH_ARLA_THESECELLS, &cells, &idx);
+ find_cells(_PATH_ARLA_THISCELL, &cells, &idx);
+ find_cells(_PATH_OPENAFS_DEBIAN_THESECELLS, &cells, &idx);
+ find_cells(_PATH_OPENAFS_DEBIAN_THISCELL, &cells, &idx);
+ find_cells(_PATH_OPENAFS_MACOSX_THESECELLS, &cells, &idx);
+ find_cells(_PATH_OPENAFS_MACOSX_THISCELL, &cells, &idx);
+ find_cells(_PATH_ARLA_DEBIAN_THESECELLS, &cells, &idx);
+ find_cells(_PATH_ARLA_DEBIAN_THISCELL, &cells, &idx);
+ find_cells(_PATH_ARLA_OPENBSD_THESECELLS, &cells, &idx);
+ find_cells(_PATH_ARLA_OPENBSD_THISCELL, &cells, &idx);
+
+ ret = afslog_cells(data, cells, idx, uid, homedir);
+ while(idx > 0)
+ free(cells[--idx]);
+ free(cells);
+ return ret;
+}
+
+
+static int
+file_find_cell(struct kafs_data *data,
+ const char *cell, char **realm, int exact)
+{
+ FILE *F;
+ char buf[1024];
+ char *p;
+ int ret = -1;
+
+ if ((F = fopen(_PATH_CELLSERVDB, "r"))
+ || (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))
+ || (F = fopen(_PATH_OPENAFS_DEBIAN_CELLSERVDB, "r"))
+ || (F = fopen(_PATH_OPENAFS_MACOSX_CELLSERVDB, "r"))
+ || (F = fopen(_PATH_ARLA_DEBIAN_CELLSERVDB, "r"))) {
+ while (fgets(buf, sizeof(buf), F)) {
+ int cmp;
+
+ if (buf[0] != '>')
+ continue; /* Not a cell name line, try next line */
+ p = buf;
+ strsep(&p, " \t\n#");
+
+ if (exact)
+ cmp = strcmp(buf + 1, cell);
+ else
+ cmp = strncmp(buf + 1, cell, strlen(cell));
+
+ if (cmp == 0) {
+ /*
+ * We found the cell name we're looking for.
+ * Read next line on the form ip-address '#' hostname
+ */
+ if (fgets(buf, sizeof(buf), F) == NULL)
+ break; /* Read failed, give up */
+ p = strchr(buf, '#');
+ if (p == NULL)
+ break; /* No '#', give up */
+ p++;
+ if (buf[strlen(buf) - 1] == '\n')
+ buf[strlen(buf) - 1] = '\0';
+ *realm = (*data->get_realm)(data, p);
+ if (*realm && **realm != '\0')
+ ret = 0;
+ break; /* Won't try any more */
+ }
+ }
+ fclose(F);
+ }
+ return ret;
+}
+
+/* Find the realm associated with cell. Do this by opening CellServDB
+ file and getting the realm-of-host for the first VL-server for the
+ cell.
+
+ This does not work when the VL-server is living in one realm, but
+ the cell it is serving is living in another realm.
+
+ Return 0 on success, -1 otherwise.
+ */
+
+int
+_kafs_realm_of_cell(struct kafs_data *data,
+ const char *cell, char **realm)
+{
+ char buf[1024];
+ int ret;
+
+ ret = file_find_cell(data, cell, realm, 1);
+ if (ret == 0)
+ return ret;
+ if (dns_find_cell(cell, buf, sizeof(buf)) == 0) {
+ *realm = (*data->get_realm)(data, buf);
+ if(*realm != NULL)
+ return 0;
+ }
+ return file_find_cell(data, cell, realm, 0);
+}
+
+static int
+_kafs_try_get_cred(struct kafs_data *data, const char *user, const char *cell,
+ const char *realm, uid_t uid, struct kafs_token *kt)
+{
+ int ret;
+
+ ret = (*data->get_cred)(data, user, cell, realm, uid, kt);
+ if (kafs_verbose) {
+ char *str;
+ asprintf(&str, "%s tried afs%s%s@%s -> %d",
+ data->name, cell[0] == '\0' ? "" : "/",
+ cell, realm, ret);
+ (*kafs_verbose)(kafs_verbose_ctx, str);
+ free(str);
+ }
+
+ return ret;
+}
+
+
+int
+_kafs_get_cred(struct kafs_data *data,
+ const char *cell,
+ const char *realm_hint,
+ const char *realm,
+ uid_t uid,
+ struct kafs_token *kt)
+{
+ int ret = -1;
+ char *vl_realm;
+ char CELL[64];
+
+ /* We're about to find the realm that holds the key for afs in
+ * the specified cell. The problem is that null-instance
+ * afs-principals are common and that hitting the wrong realm might
+ * yield the wrong afs key. The following assumptions were made.
+ *
+ * Any realm passed to us is preferred.
+ *
+ * If there is a realm with the same name as the cell, it is most
+ * likely the correct realm to talk to.
+ *
+ * In most (maybe even all) cases the database servers of the cell
+ * will live in the realm we are looking for.
+ *
+ * Try the local realm, but if the previous cases fail, this is
+ * really a long shot.
+ *
+ */
+
+ /* comments on the ordering of these tests */
+
+ /* If the user passes a realm, she probably knows something we don't
+ * know and we should try afs at realm_hint.
+ */
+
+ if (realm_hint) {
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ cell, realm_hint, uid, kt);
+ if (ret == 0) return 0;
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ "", realm_hint, uid, kt);
+ if (ret == 0) return 0;
+ }
+
+ _kafs_foldup(CELL, cell);
+
+ /*
+ * If cell == realm we don't need no cross-cell authentication.
+ * Try afs at REALM.
+ */
+ if (strcmp(CELL, realm) == 0) {
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ "", realm, uid, kt);
+ if (ret == 0) return 0;
+ /* Try afs.cell at REALM below. */
+ }
+
+ /*
+ * If the AFS servers have a file /usr/afs/etc/krb.conf containing
+ * REALM we still don't have to resort to cross-cell authentication.
+ * Try afs.cell at REALM.
+ */
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ cell, realm, uid, kt);
+ if (ret == 0) return 0;
+
+ /*
+ * We failed to get ``first class tickets'' for afs,
+ * fall back to cross-cell authentication.
+ * Try afs at CELL.
+ * Try afs.cell at CELL.
+ */
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ "", CELL, uid, kt);
+ if (ret == 0) return 0;
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ cell, CELL, uid, kt);
+ if (ret == 0) return 0;
+
+ /*
+ * Perhaps the cell doesn't correspond to any realm?
+ * Use realm of first volume location DB server.
+ * Try afs.cell at VL_REALM.
+ * Try afs at VL_REALM???
+ */
+ if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0
+ && strcmp(vl_realm, realm) != 0
+ && strcmp(vl_realm, CELL) != 0) {
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ cell, vl_realm, uid, kt);
+ if (ret)
+ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER,
+ "", vl_realm, uid, kt);
+ free(vl_realm);
+ if (ret == 0) return 0;
+ }
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kafs/dlfcn.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/dlfcn.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/dlfcn.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,581 @@
+/*
+ * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51
+ * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
+ * 30159 Hannover, Germany
+ */
+
+/*
+ * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton
+ * <jwe at bevo.che.wisc.edu> to support g++ and/or use with Octave.
+ */
+
+/*
+ * This makes my life easier with Octave. --jwe
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/ldr.h>
+#include <a.out.h>
+#include <ldfcn.h>
+#include "dlfcn.h"
+
+/*
+ * We simulate dlopen() et al. through a call to load. Because AIX has
+ * no call to find an exported symbol we read the loader section of the
+ * loaded module and build a list of exported symbols and their virtual
+ * address.
+ */
+
+typedef struct {
+ char *name; /* the symbols's name */
+ void *addr; /* its relocated virtual address */
+} Export, *ExportPtr;
+
+/*
+ * xlC uses the following structure to list its constructors and
+ * destructors. This is gleaned from the output of munch.
+ */
+typedef struct {
+ void (*init)(void); /* call static constructors */
+ void (*term)(void); /* call static destructors */
+} Cdtor, *CdtorPtr;
+
+typedef void (*GccCDtorPtr)(void);
+
+/*
+ * The void * handle returned from dlopen is actually a ModulePtr.
+ */
+typedef struct Module {
+ struct Module *next;
+ char *name; /* module name for refcounting */
+ int refCnt; /* the number of references */
+ void *entry; /* entry point from load */
+ struct dl_info *info; /* optional init/terminate functions */
+ CdtorPtr cdtors; /* optional C++ constructors */
+ GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */
+ GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */
+ int nExports; /* the number of exports found */
+ ExportPtr exports; /* the array of exports */
+} Module, *ModulePtr;
+
+/*
+ * We keep a list of all loaded modules to be able to call the fini
+ * handlers and destructors at atexit() time.
+ */
+static ModulePtr modList;
+
+/*
+ * The last error from one of the dl* routines is kept in static
+ * variables here. Each error is returned only once to the caller.
+ */
+static char errbuf[BUFSIZ];
+static int errvalid;
+
+/*
+ * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for
+ * strdup(). --jwe
+ */
+#ifndef HAVE_STRDUP
+extern char *strdup(const char *);
+#endif
+static void caterr(char *);
+static int readExports(ModulePtr);
+static void terminate(void);
+static void *findMain(void);
+
+void *dlopen(const char *path, int mode)
+{
+ ModulePtr mp;
+ static void *mainModule;
+
+ /*
+ * Upon the first call register a terminate handler that will
+ * close all libraries. Also get a reference to the main module
+ * for use with loadbind.
+ */
+ if (!mainModule) {
+ if ((mainModule = findMain()) == NULL)
+ return NULL;
+ atexit(terminate);
+ }
+ /*
+ * Scan the list of modules if we have the module already loaded.
+ */
+ for (mp = modList; mp; mp = mp->next)
+ if (strcmp(mp->name, path) == 0) {
+ mp->refCnt++;
+ return mp;
+ }
+ if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno));
+ return NULL;
+ }
+ if ((mp->name = strdup(path)) == NULL) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno));
+ free(mp);
+ return NULL;
+ }
+ /*
+ * load should be declared load(const char *...). Thus we
+ * cast the path to a normal char *. Ugly.
+ */
+ if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) {
+ free(mp->name);
+ free(mp);
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "dlopen: %s: ", path);
+ /*
+ * If AIX says the file is not executable, the error
+ * can be further described by querying the loader about
+ * the last error.
+ */
+ if (errno == ENOEXEC) {
+ char *tmp[BUFSIZ/sizeof(char *)];
+ if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1)
+ strlcpy(errbuf,
+ strerror(errno),
+ sizeof(errbuf));
+ else {
+ char **p;
+ for (p = tmp; *p; p++)
+ caterr(*p);
+ }
+ } else
+ strlcat(errbuf,
+ strerror(errno),
+ sizeof(errbuf));
+ return NULL;
+ }
+ mp->refCnt = 1;
+ mp->next = modList;
+ modList = mp;
+ if (loadbind(0, mainModule, mp->entry) == -1) {
+ dlclose(mp);
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "loadbind: %s", strerror(errno));
+ return NULL;
+ }
+ /*
+ * If the user wants global binding, loadbind against all other
+ * loaded modules.
+ */
+ if (mode & RTLD_GLOBAL) {
+ ModulePtr mp1;
+ for (mp1 = mp->next; mp1; mp1 = mp1->next)
+ if (loadbind(0, mp1->entry, mp->entry) == -1) {
+ dlclose(mp);
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "loadbind: %s",
+ strerror(errno));
+ return NULL;
+ }
+ }
+ if (readExports(mp) == -1) {
+ dlclose(mp);
+ return NULL;
+ }
+ /*
+ * If there is a dl_info structure, call the init function.
+ */
+ if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) {
+ if (mp->info->init)
+ (*mp->info->init)();
+ } else
+ errvalid = 0;
+ /*
+ * If the shared object was compiled using xlC we will need
+ * to call static constructors (and later on dlclose destructors).
+ */
+ if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) {
+ CdtorPtr cp = mp->cdtors;
+ while (cp->init || cp->term) {
+ if (cp->init && cp->init != (void (*)(void))0xffffffff)
+ (*cp->init)();
+ cp++;
+ }
+ /*
+ * If the shared object was compiled using g++, we will need
+ * to call global constructors using the _GLOBAL__DI function,
+ * and later, global destructors using the _GLOBAL_DD
+ * funciton. --jwe
+ */
+ } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) {
+ (*mp->gcc_ctor)();
+ mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD");
+ } else
+ errvalid = 0;
+ return mp;
+}
+
+/*
+ * Attempt to decipher an AIX loader error message and append it
+ * to our static error message buffer.
+ */
+static void caterr(char *s)
+{
+ char *p = s;
+
+ while (*p >= '0' && *p <= '9')
+ p++;
+ switch(atoi(s)) {
+ case L_ERROR_TOOMANY:
+ strlcat(errbuf, "to many errors", sizeof(errbuf));
+ break;
+ case L_ERROR_NOLIB:
+ strlcat(errbuf, "can't load library", sizeof(errbuf));
+ strlcat(errbuf, p, sizeof(errbuf));
+ break;
+ case L_ERROR_UNDEF:
+ strlcat(errbuf, "can't find symbol", sizeof(errbuf));
+ strlcat(errbuf, p, sizeof(errbuf));
+ break;
+ case L_ERROR_RLDBAD:
+ strlcat(errbuf, "bad RLD", sizeof(errbuf));
+ strlcat(errbuf, p, sizeof(errbuf));
+ break;
+ case L_ERROR_FORMAT:
+ strlcat(errbuf, "bad exec format in", sizeof(errbuf));
+ strlcat(errbuf, p, sizeof(errbuf));
+ break;
+ case L_ERROR_ERRNO:
+ strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf));
+ break;
+ default:
+ strlcat(errbuf, s, sizeof(errbuf));
+ break;
+ }
+}
+
+void *dlsym(void *handle, const char *symbol)
+{
+ ModulePtr mp = (ModulePtr)handle;
+ ExportPtr ep;
+ int i;
+
+ /*
+ * Could speed up the search, but I assume that one assigns
+ * the result to function pointers anyways.
+ */
+ for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
+ if (strcmp(ep->name, symbol) == 0)
+ return ep->addr;
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "dlsym: undefined symbol %s", symbol);
+ return NULL;
+}
+
+char *dlerror(void)
+{
+ if (errvalid) {
+ errvalid = 0;
+ return errbuf;
+ }
+ return NULL;
+}
+
+int dlclose(void *handle)
+{
+ ModulePtr mp = (ModulePtr)handle;
+ int result;
+ ModulePtr mp1;
+
+ if (--mp->refCnt > 0)
+ return 0;
+ if (mp->info && mp->info->fini)
+ (*mp->info->fini)();
+ if (mp->cdtors) {
+ CdtorPtr cp = mp->cdtors;
+ while (cp->init || cp->term) {
+ if (cp->term && cp->init != (void (*)(void))0xffffffff)
+ (*cp->term)();
+ cp++;
+ }
+ /*
+ * If the function to handle global destructors for g++
+ * exists, call it. --jwe
+ */
+ } else if (mp->gcc_dtor) {
+ (*mp->gcc_dtor)();
+ }
+ result = unload(mp->entry);
+ if (result == -1) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "%s", strerror(errno));
+ }
+ if (mp->exports) {
+ ExportPtr ep;
+ int i;
+ for (ep = mp->exports, i = mp->nExports; i; i--, ep++)
+ if (ep->name)
+ free(ep->name);
+ free(mp->exports);
+ }
+ if (mp == modList)
+ modList = mp->next;
+ else {
+ for (mp1 = modList; mp1; mp1 = mp1->next)
+ if (mp1->next == mp) {
+ mp1->next = mp->next;
+ break;
+ }
+ }
+ free(mp->name);
+ free(mp);
+ return result;
+}
+
+static void terminate(void)
+{
+ while (modList)
+ dlclose(modList);
+}
+
+/*
+ * Build the export table from the XCOFF .loader section.
+ */
+static int readExports(ModulePtr mp)
+{
+ LDFILE *ldp = NULL;
+ SCNHDR sh, shdata;
+ LDHDR *lhp;
+ char *ldbuf;
+ LDSYM *ls;
+ int i;
+ ExportPtr ep;
+
+ if ((ldp = ldopen(mp->name, ldp)) == NULL) {
+ struct ld_info *lp;
+ char *buf;
+ int size = 4*1024;
+ if (errno != ENOENT) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: %s",
+ strerror(errno));
+ return -1;
+ }
+ /*
+ * The module might be loaded due to the LIBPATH
+ * environment variable. Search for the loaded
+ * module using L_GETINFO.
+ */
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: %s",
+ strerror(errno));
+ return -1;
+ }
+ while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
+ free(buf);
+ size += 4*1024;
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: %s",
+ strerror(errno));
+ return -1;
+ }
+ }
+ if (i == -1) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: %s",
+ strerror(errno));
+ free(buf);
+ return -1;
+ }
+ /*
+ * Traverse the list of loaded modules. The entry point
+ * returned by load() does actually point to the data
+ * segment origin.
+ */
+ lp = (struct ld_info *)buf;
+ while (lp) {
+ if (lp->ldinfo_dataorg == mp->entry) {
+ ldp = ldopen(lp->ldinfo_filename, ldp);
+ break;
+ }
+ if (lp->ldinfo_next == 0)
+ lp = NULL;
+ else
+ lp = (struct ld_info *)((char *)lp + lp->ldinfo_next);
+ }
+ free(buf);
+ if (!ldp) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "readExports: %s", strerror(errno));
+ return -1;
+ }
+ }
+ if (TYPE(ldp) != U802TOCMAGIC) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf), "readExports: bad magic");
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ /*
+ * Get the padding for the data section. This is needed for
+ * AIX 4.1 compilers. This is used when building the final
+ * function pointer to the exported symbol.
+ */
+ if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: cannot read data section header");
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: cannot read loader section header");
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ /*
+ * We read the complete loader section in one chunk, this makes
+ * finding long symbol names residing in the string table easier.
+ */
+ if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "readExports: %s", strerror(errno));
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: cannot seek to loader section");
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) {
+ errvalid++;
+ snprintf(errbuf, sizeof(errbuf),
+ "readExports: cannot read loader section");
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ lhp = (LDHDR *)ldbuf;
+ ls = (LDSYM *)(ldbuf+LDHDRSZ);
+ /*
+ * Count the number of exports to include in our export table.
+ */
+ for (i = lhp->l_nsyms; i; i--, ls++) {
+ if (!LDR_EXPORT(*ls))
+ continue;
+ mp->nExports++;
+ }
+ if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "readExports: %s", strerror(errno));
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return -1;
+ }
+ /*
+ * Fill in the export table. All entries are relative to
+ * the entry point we got from load.
+ */
+ ep = mp->exports;
+ ls = (LDSYM *)(ldbuf+LDHDRSZ);
+ for (i = lhp->l_nsyms; i; i--, ls++) {
+ char *symname;
+ char tmpsym[SYMNMLEN+1];
+ if (!LDR_EXPORT(*ls))
+ continue;
+ if (ls->l_zeroes == 0)
+ symname = ls->l_offset+lhp->l_stoff+ldbuf;
+ else {
+ /*
+ * The l_name member is not zero terminated, we
+ * must copy the first SYMNMLEN chars and make
+ * sure we have a zero byte at the end.
+ */
+ strlcpy (tmpsym, ls->l_name,
+ SYMNMLEN + 1);
+ symname = tmpsym;
+ }
+ ep->name = strdup(symname);
+ ep->addr = (void *)((unsigned long)mp->entry +
+ ls->l_value - shdata.s_vaddr);
+ ep++;
+ }
+ free(ldbuf);
+ while(ldclose(ldp) == FAILURE)
+ ;
+ return 0;
+}
+
+/*
+ * Find the main modules entry point. This is used as export pointer
+ * for loadbind() to be able to resolve references to the main part.
+ */
+static void * findMain(void)
+{
+ struct ld_info *lp;
+ char *buf;
+ int size = 4*1024;
+ int i;
+ void *ret;
+
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "findMail: %s", strerror(errno));
+ return NULL;
+ }
+ while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) {
+ free(buf);
+ size += 4*1024;
+ if ((buf = malloc(size)) == NULL) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "findMail: %s", strerror(errno));
+ return NULL;
+ }
+ }
+ if (i == -1) {
+ errvalid++;
+ snprintf (errbuf, sizeof(errbuf),
+ "findMail: %s", strerror(errno));
+ free(buf);
+ return NULL;
+ }
+ /*
+ * The first entry is the main module. The entry point
+ * returned by load() does actually point to the data
+ * segment origin.
+ */
+ lp = (struct ld_info *)buf;
+ ret = lp->ldinfo_dataorg;
+ free(buf);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/kafs/dlfcn.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/dlfcn.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/dlfcn.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,46 @@
+/*
+ * @(#)dlfcn.h 1.4 revision of 95/04/25 09:36:52
+ * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH
+ * 30159 Hannover, Germany
+ */
+
+#ifndef __dlfcn_h__
+#define __dlfcn_h__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Mode flags for the dlopen routine.
+ */
+#define RTLD_LAZY 1 /* lazy function call binding */
+#define RTLD_NOW 2 /* immediate function call binding */
+#define RTLD_GLOBAL 0x100 /* allow symbols to be global */
+
+/*
+ * To be able to initialize, a library may provide a dl_info structure
+ * that contains functions to be called to initialize and terminate.
+ */
+struct dl_info {
+ void (*init)(void);
+ void (*fini)(void);
+};
+
+#if __STDC__ || defined(_IBMR2)
+void *dlopen(const char *path, int mode);
+void *dlsym(void *handle, const char *symbol);
+char *dlerror(void);
+int dlclose(void *handle);
+#else
+void *dlopen();
+void *dlsym();
+char *dlerror();
+int dlclose();
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __dlfcn_h__ */
Added: vendor-crypto/heimdal/dist/lib/kafs/kafs.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/kafs.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/kafs.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,284 @@
+.\" Copyright (c) 1998 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kafs.3,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Os HEIMDAL
+.Dt KAFS 3
+.Sh NAME
+.Nm k_hasafs ,
+.Nm k_hasafs_recheck ,
+.Nm k_pioctl ,
+.Nm k_unlog ,
+.Nm k_setpag ,
+.Nm k_afs_cell_of_file ,
+.Nm kafs_set_verbose ,
+.Nm kafs_settoken_rxkad ,
+.Nm kafs_settoken ,
+.Nm krb_afslog ,
+.Nm krb_afslog_uid ,
+.Nm kafs_settoken5 ,
+.Nm krb5_afslog ,
+.Nm krb5_afslog_uid
+.Nd AFS library
+.Sh LIBRARY
+AFS cache manager access library (libkafs, -lkafs)
+.Sh SYNOPSIS
+.In kafs.h
+.Ft int
+.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len"
+.Ft int
+.Fn k_hasafs "void"
+.Ft int
+.Fn k_hasafs_recheck "void"
+.Ft int
+.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks"
+.Ft int
+.Fn k_setpag "void"
+.Ft int
+.Fn k_unlog "void"
+.Ft void
+.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *"
+.Ft int
+.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len"
+.Ft int
+.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c"
+.Fn krb_afslog "char *cell" "char *realm"
+.Ft int
+.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
+.Ft krb5_error_code
+.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
+.Ft int
+.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c"
+.Ft krb5_error_code
+.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
+.Sh DESCRIPTION
+.Fn k_hasafs
+initializes some library internal structures, and tests for the
+presence of AFS in the kernel, none of the other functions should be
+called before
+.Fn k_hasafs
+is called, or if it fails.
+.Pp
+.Fn k_hasafs_recheck
+forces a recheck if a AFS client has started since last time
+.Fn k_hasafs
+or
+.Fn k_hasafs_recheck
+was called.
+.Pp
+.Fn kafs_set_verbose
+set a log function that will be called each time the kafs library does
+something important so that the application using libkafs can output
+verbose logging.
+Calling the function
+.Fa kafs_set_verbose
+with the function argument set to
+.Dv NULL
+will stop libkafs from calling the logging function (if set).
+.Pp
+.Fn kafs_settoken_rxkad
+set
+.Li rxkad
+with the
+.Fa token
+and
+.Fa ticket
+(that have the length
+.Fa ticket_len )
+for a given
+.Fa cell .
+.Pp
+.Fn kafs_settoken
+and
+.Fn kafs_settoken5
+work the same way as
+.Fn kafs_settoken_rxkad
+but internally converts the Kerberos 4 or 5 credential to a afs
+cleartoken and ticket.
+.Pp
+.Fn krb_afslog ,
+and
+.Fn krb_afslog_uid
+obtains new tokens (and possibly tickets) for the specified
+.Fa cell
+and
+.Fa realm .
+If
+.Fa cell
+is
+.Dv NULL ,
+the local cell is used. If
+.Fa realm
+is
+.Dv NULL ,
+the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass
+.Dv NULL .
+.Fn krb_afslog
+will use the real user-id for the
+.Dv ViceId
+field in the token,
+.Fn krb_afslog_uid
+will use
+.Fa uid .
+.Pp
+.Fn krb5_afslog ,
+and
+.Fn krb5_afslog_uid
+are the Kerberos 5 equivalents of
+.Fn krb_afslog ,
+and
+.Fn krb_afslog_uid .
+.Pp
+.Fn krb5_afslog ,
+.Fn kafs_settoken5
+can be configured to behave differently via a
+.Nm krb5_appdefault
+option
+.Li afs-use-524
+in
+.Pa krb5.conf .
+Possible values for
+.Li afs-use-524
+are:
+.Bl -tag -width local
+.It yes
+use the 524 server in the realm to convert the ticket
+.It no
+use the Kerberos 5 ticket directly, can be used with if the afs cell
+support 2b token.
+.It local, 2b
+convert the Kerberos 5 credential to a 2b token locally (the same work
+as a 2b 524 server should have done).
+.El
+.Pp
+Example:
+.Pp
+.Bd -literal
+[appdefaults]
+ SU.SE = { afs-use-524 = local }
+ PDC.KTH.SE = { afs-use-524 = yes }
+ afs-use-524 = yes
+.Ed
+.Pp
+libkafs will use the
+.Li libkafs
+as application name when running the
+.Nm krb5_appdefault
+function call.
+.Pp
+The (uppercased) cell name is used as the realm to the
+.Nm krb5_appdefault function.
+.Pp
+.\" The extra arguments are the ubiquitous context, and the cache id where
+.\" to store any obtained tickets. Since AFS servers normally can't handle
+.\" Kerberos 5 tickets directly, these functions will first obtain version
+.\" 5 tickets for the requested cells, and then convert them to version 4
+.\" tickets, that can be stashed in the kernel. To convert tickets the
+.\" .Fn krb524_convert_creds_kdc
+.\" function will be used.
+.\" .Pp
+.Fn k_afs_cell_of_file
+will in
+.Fa cell
+return the cell of a specified file, no more than
+.Fa len
+characters is put in
+.Fa cell .
+.Pp
+.Fn k_pioctl
+does a
+.Fn pioctl
+system call with the specified arguments. This function is equivalent to
+.Fn lpioctl .
+.Pp
+.Fn k_setpag
+initializes a new PAG.
+.Pp
+.Fn k_unlog
+removes destroys all tokens in the current PAG.
+.Sh RETURN VALUES
+.Fn k_hasafs
+returns 1 if AFS is present in the kernel, 0 otherwise.
+.Fn krb_afslog
+and
+.Fn krb_afslog_uid
+returns 0 on success, or a Kerberos error number on failure.
+.Fn k_afs_cell_of_file ,
+.Fn k_pioctl ,
+.Fn k_setpag ,
+and
+.Fn k_unlog
+all return the value of the underlaying system call, 0 on success.
+.Sh ENVIRONMENT
+The following environment variable affect the mode of operation of
+.Nm kafs :
+.Bl -tag -width AFS_SYSCALL
+.It Ev AFS_SYSCALL
+Normally,
+.Nm kafs
+will try to figure out the correct system call(s) that are used by AFS
+by itself. If it does not manage to do that, or does it incorrectly,
+you can set this variable to the system call number or list of system
+call numbers that should be used.
+.El
+.Sh EXAMPLES
+The following code from
+.Nm login
+will obtain a new PAG and tokens for the local cell and the cell of
+the users home directory.
+.Bd -literal
+if (k_hasafs()) {
+ char cell[64];
+ k_setpag();
+ if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
+ krb_afslog(cell, NULL);
+ krb_afslog(NULL, NULL);
+}
+.Ed
+.Sh ERRORS
+If any of these functions (apart from
+.Fn k_hasafs )
+is called without AFS being present in the kernel, the process will
+usually (depending on the operating system) receive a SIGSYS signal.
+.Sh SEE ALSO
+.Xr krb5_appdefault 3 ,
+.Xr krb5.conf 5
+.Rs
+.%A Transarc Corporation
+.%J AFS-3 Programmer's Reference
+.%T File Server/Cache Manager Interface
+.%D 1991
+.Re
+.Sh BUGS
+.Ev AFS_SYSCALL
+has no effect under AIX.
Added: vendor-crypto/heimdal/dist/lib/kafs/kafs.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/kafs.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/kafs.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kafs.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __KAFS_H
+#define __KAFS_H
+
+/* XXX must include krb5.h or krb.h */
+
+/* sys/ioctl.h must be included manually before kafs.h */
+
+/*
+ */
+#define AFSCALL_PIOCTL 20
+#define AFSCALL_SETPAG 21
+
+#ifndef _VICEIOCTL
+#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl))
+#define _AFSCIOCTL(id) ((unsigned int ) _IOW('C', id, struct ViceIoctl))
+#endif /* _VICEIOCTL */
+
+#define VIOCSETAL _VICEIOCTL(1)
+#define VIOCGETAL _VICEIOCTL(2)
+#define VIOCSETTOK _VICEIOCTL(3)
+#define VIOCGETVOLSTAT _VICEIOCTL(4)
+#define VIOCSETVOLSTAT _VICEIOCTL(5)
+#define VIOCFLUSH _VICEIOCTL(6)
+#define VIOCGETTOK _VICEIOCTL(8)
+#define VIOCUNLOG _VICEIOCTL(9)
+#define VIOCCKSERV _VICEIOCTL(10)
+#define VIOCCKBACK _VICEIOCTL(11)
+#define VIOCCKCONN _VICEIOCTL(12)
+#define VIOCWHEREIS _VICEIOCTL(14)
+#define VIOCACCESS _VICEIOCTL(20)
+#define VIOCUNPAG _VICEIOCTL(21)
+#define VIOCGETFID _VICEIOCTL(22)
+#define VIOCSETCACHESIZE _VICEIOCTL(24)
+#define VIOCFLUSHCB _VICEIOCTL(25)
+#define VIOCNEWCELL _VICEIOCTL(26)
+#define VIOCGETCELL _VICEIOCTL(27)
+#define VIOC_AFS_DELETE_MT_PT _VICEIOCTL(28)
+#define VIOC_AFS_STAT_MT_PT _VICEIOCTL(29)
+#define VIOC_FILE_CELL_NAME _VICEIOCTL(30)
+#define VIOC_GET_WS_CELL _VICEIOCTL(31)
+#define VIOC_AFS_MARINER_HOST _VICEIOCTL(32)
+#define VIOC_GET_PRIMARY_CELL _VICEIOCTL(33)
+#define VIOC_VENUSLOG _VICEIOCTL(34)
+#define VIOC_GETCELLSTATUS _VICEIOCTL(35)
+#define VIOC_SETCELLSTATUS _VICEIOCTL(36)
+#define VIOC_FLUSHVOLUME _VICEIOCTL(37)
+#define VIOC_AFS_SYSNAME _VICEIOCTL(38)
+#define VIOC_EXPORTAFS _VICEIOCTL(39)
+#define VIOCGETCACHEPARAMS _VICEIOCTL(40)
+#define VIOC_GCPAGS _VICEIOCTL(48)
+
+#define VIOCGETTOK2 _AFSCIOCTL(7)
+#define VIOCSETTOK2 _AFSCIOCTL(8)
+
+struct ViceIoctl {
+ caddr_t in, out;
+ short in_size;
+ short out_size;
+};
+
+struct ClearToken {
+ int32_t AuthHandle;
+ char HandShakeKey[8];
+ int32_t ViceId;
+ int32_t BeginTimestamp;
+ int32_t EndTimestamp;
+};
+
+/* Use k_hasafs() to probe if the machine supports AFS syscalls.
+ The other functions will generate a SIGSYS if AFS is not supported */
+
+int k_hasafs (void);
+int k_hasafs_recheck (void);
+
+int krb_afslog (const char *cell, const char *realm);
+int krb_afslog_uid (const char *cell, const char *realm, uid_t uid);
+int krb_afslog_home (const char *cell, const char *realm,
+ const char *homedir);
+int krb_afslog_uid_home (const char *cell, const char *realm, uid_t uid,
+ const char *homedir);
+
+int krb_realm_of_cell (const char *cell, char **realm);
+
+/* compat */
+#define k_afsklog krb_afslog
+#define k_afsklog_uid krb_afslog_uid
+
+int k_pioctl (char *a_path,
+ int o_opcode,
+ struct ViceIoctl *a_paramsP,
+ int a_followSymlinks);
+int k_unlog (void);
+int k_setpag (void);
+int k_afs_cell_of_file (const char *path, char *cell, int len);
+
+
+
+/* XXX */
+#ifdef KFAILURE
+#define KRB_H_INCLUDED
+#endif
+
+#ifdef KRB5_RECVAUTH_IGNORE_VERSION
+#define KRB5_H_INCLUDED
+#endif
+
+void kafs_set_verbose (void (*kafs_verbose)(void *, const char *), void *);
+int kafs_settoken_rxkad (const char *, struct ClearToken *,
+ void *ticket, size_t ticket_len);
+#ifdef KRB_H_INCLUDED
+int kafs_settoken (const char*, uid_t, CREDENTIALS*);
+#endif
+#ifdef KRB5_H_INCLUDED
+int kafs_settoken5 (krb5_context, const char*, uid_t, krb5_creds*);
+#endif
+
+
+#ifdef KRB5_H_INCLUDED
+krb5_error_code krb5_afslog_uid (krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm,
+ uid_t uid);
+krb5_error_code krb5_afslog (krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm);
+krb5_error_code krb5_afslog_uid_home (krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm,
+ uid_t uid,
+ const char *homedir);
+
+krb5_error_code krb5_afslog_home (krb5_context context,
+ krb5_ccache id,
+ const char *cell,
+ krb5_const_realm realm,
+ const char *homedir);
+
+krb5_error_code krb5_realm_of_cell (const char *cell, char **realm);
+
+#endif
+
+
+#define _PATH_VICE "/usr/vice/etc/"
+#define _PATH_THISCELL _PATH_VICE "ThisCell"
+#define _PATH_CELLSERVDB _PATH_VICE "CellServDB"
+#define _PATH_THESECELLS _PATH_VICE "TheseCells"
+
+#define _PATH_ARLA_VICE "/usr/arla/etc/"
+#define _PATH_ARLA_THISCELL _PATH_ARLA_VICE "ThisCell"
+#define _PATH_ARLA_CELLSERVDB _PATH_ARLA_VICE "CellServDB"
+#define _PATH_ARLA_THESECELLS _PATH_ARLA_VICE "TheseCells"
+
+#define _PATH_OPENAFS_DEBIAN_VICE "/etc/openafs/"
+#define _PATH_OPENAFS_DEBIAN_THISCELL _PATH_OPENAFS_DEBIAN_VICE "ThisCell"
+#define _PATH_OPENAFS_DEBIAN_CELLSERVDB _PATH_OPENAFS_DEBIAN_VICE "CellServDB"
+#define _PATH_OPENAFS_DEBIAN_THESECELLS _PATH_OPENAFS_DEBIAN_VICE "TheseCells"
+
+#define _PATH_OPENAFS_MACOSX_VICE "/var/db/openafs/etc/"
+#define _PATH_OPENAFS_MACOSX_THISCELL _PATH_OPENAFS_MACOSX_VICE "ThisCell"
+#define _PATH_OPENAFS_MACOSX_CELLSERVDB _PATH_OPENAFS_MACOSX_VICE "CellServDB"
+#define _PATH_OPENAFS_MACOSX_THESECELLS _PATH_OPENAFS_MACOSX_VICE "TheseCells"
+
+#define _PATH_ARLA_DEBIAN_VICE "/etc/arla/"
+#define _PATH_ARLA_DEBIAN_THISCELL _PATH_ARLA_DEBIAN_VICE "ThisCell"
+#define _PATH_ARLA_DEBIAN_CELLSERVDB _PATH_ARLA_DEBIAN_VICE "CellServDB"
+#define _PATH_ARLA_DEBIAN_THESECELLS _PATH_ARLA_DEBIAN_VICE "TheseCells"
+
+#define _PATH_ARLA_OPENBSD_VICE "/etc/afs/"
+#define _PATH_ARLA_OPENBSD_THISCELL _PATH_ARLA_OPENBSD_VICE "ThisCell"
+#define _PATH_ARLA_OPENBSD_CELLSERVDB _PATH_ARLA_OPENBSD_VICE "CellServDB"
+#define _PATH_ARLA_OPENBSD_THESECELLS _PATH_ARLA_OPENBSD_VICE "TheseCells"
+
+extern int _kafs_debug;
+
+#endif /* __KAFS_H */
Added: vendor-crypto/heimdal/dist/lib/kafs/kafs_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/kafs_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/kafs_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: kafs_locl.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef __KAFS_LOCL_H__
+#define __KAFS_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+#ifdef HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include <roken.h>
+
+#ifdef KRB5
+#include <krb5.h>
+#endif
+#ifdef KRB4
+#include <krb.h>
+#else
+#ifdef KRB5
+#include "crypto-headers.h"
+#include <krb5-v4compat.h>
+typedef struct credentials CREDENTIALS;
+#endif /* KRB5 */
+#endif /* KRB4 */
+#include <kafs.h>
+
+#include <resolve.h>
+
+#include "afssysdefs.h"
+
+struct kafs_data;
+struct kafs_token;
+typedef int (*afslog_uid_func_t)(struct kafs_data *,
+ const char *,
+ const char *,
+ uid_t,
+ const char *);
+
+typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*,
+ const char*, uid_t, struct kafs_token *);
+
+typedef char* (*get_realm_func_t)(struct kafs_data*, const char*);
+
+struct kafs_data {
+ const char *name;
+ afslog_uid_func_t afslog_uid;
+ get_cred_func_t get_cred;
+ get_realm_func_t get_realm;
+ void *data;
+};
+
+struct kafs_token {
+ struct ClearToken ct;
+ void *ticket;
+ size_t ticket_len;
+};
+
+void _kafs_foldup(char *, const char *);
+
+int _kafs_afslog_all_local_cells(struct kafs_data*, uid_t, const char*);
+
+int _kafs_get_cred(struct kafs_data*, const char*, const char*, const char *,
+ uid_t, struct kafs_token *);
+
+int
+_kafs_realm_of_cell(struct kafs_data *, const char *, char **);
+
+int
+_kafs_v4_to_kt(CREDENTIALS *, uid_t, struct kafs_token *);
+
+void
+_kafs_fixup_viceid(struct ClearToken *, uid_t);
+
+#ifdef _AIX
+int aix_pioctl(char*, int, struct ViceIoctl*, int);
+int aix_setpag(void);
+#endif
+
+#endif /* __KAFS_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/kafs/roken_rename.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/kafs/roken_rename.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/kafs/roken_rename.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2001-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken_rename.h,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+/*
+ * Libroken routines that are added libkafs
+ */
+
+#define _resolve_debug _kafs_resolve_debug
+
+#define rk_dns_free_data _kafs_dns_free_data
+#define rk_dns_lookup _kafs_dns_lookup
+#define rk_dns_string_to_type _kafs_dns_string_to_type
+#define rk_dns_type_to_string _kafs_dns_type_to_string
+#define rk_dns_srv_order _kafs_dns_srv_order
+#define rk_dns_make_query _kafs_dns_make_query
+#define rk_dns_free_query _kafs_dns_free_query
+#define rk_dns_parse_reply _kafs_dns_parse_reply
+
+#ifndef HAVE_STRTOK_R
+#define strtok_r _kafs_strtok_r
+#endif
+#ifndef HAVE_STRLCPY
+#define strlcpy _kafs_strlcpy
+#endif
+#ifndef HAVE_STRSEP
+#define strsep _kafs_strsep
+#endif
+
+#endif /* __roken_rename_h__ */
Added: vendor-crypto/heimdal/dist/lib/krb5/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,298 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err
+
+bin_PROGRAMS = verify_krb5_conf
+
+noinst_PROGRAMS = \
+ krbhst-test \
+ test_alname \
+ test_crypto \
+ test_get_addrs \
+ test_kuserok \
+ test_renew \
+ test_forward
+
+TESTS = \
+ aes-test \
+ derived-key-test \
+ n-fold-test \
+ name-45-test \
+ parse-name-test \
+ store-test \
+ string-to-key-test \
+ test_acl \
+ test_addr \
+ test_cc \
+ test_config \
+ test_prf \
+ test_store \
+ test_crypto_wrapping \
+ test_keytab \
+ test_mem \
+ test_pac \
+ test_plugin \
+ test_princ \
+ test_pkinit_dh2key \
+ test_time
+
+check_PROGRAMS = $(TESTS) test_hostname
+
+LDADD = libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+if PKINIT
+LIB_pkinit = ../hx509/libhx509.la
+endif
+
+libkrb5_la_LIBADD = \
+ $(LIB_pkinit) \
+ $(LIB_com_err) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIBADD_roken) \
+ $(LIB_door_create) \
+ $(LIB_dlopen)
+
+lib_LTLIBRARIES = libkrb5.la
+
+ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c
+
+libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS)
+
+dist_libkrb5_la_SOURCES = \
+ acache.c \
+ acl.c \
+ add_et_list.c \
+ addr_families.c \
+ aname_to_localname.c \
+ appdefault.c \
+ asn1_glue.c \
+ auth_context.c \
+ build_ap_req.c \
+ build_auth.c \
+ cache.c \
+ changepw.c \
+ codec.c \
+ config_file.c \
+ config_file_netinfo.c \
+ convert_creds.c \
+ constants.c \
+ context.c \
+ copy_host_realm.c \
+ crc.c \
+ creds.c \
+ crypto.c \
+ doxygen.c \
+ data.c \
+ digest.c \
+ eai_to_heim_errno.c \
+ error_string.c \
+ expand_hostname.c \
+ fcache.c \
+ free.c \
+ free_host_realm.c \
+ generate_seq_number.c \
+ generate_subkey.c \
+ get_addrs.c \
+ get_cred.c \
+ get_default_principal.c \
+ get_default_realm.c \
+ get_for_creds.c \
+ get_host_realm.c \
+ get_in_tkt.c \
+ get_in_tkt_pw.c \
+ get_in_tkt_with_keytab.c \
+ get_in_tkt_with_skey.c \
+ get_port.c \
+ heim_threads.h \
+ init_creds.c \
+ init_creds_pw.c \
+ kcm.c \
+ kcm.h \
+ keyblock.c \
+ keytab.c \
+ keytab_any.c \
+ keytab_file.c \
+ keytab_keyfile.c \
+ keytab_krb4.c \
+ keytab_memory.c \
+ krb5_locl.h \
+ krb5-v4compat.h \
+ krbhst.c \
+ kuserok.c \
+ log.c \
+ mcache.c \
+ misc.c \
+ mk_error.c \
+ mk_priv.c \
+ mk_rep.c \
+ mk_req.c \
+ mk_req_ext.c \
+ mk_safe.c \
+ mit_glue.c \
+ net_read.c \
+ net_write.c \
+ n-fold.c \
+ pac.c \
+ padata.c \
+ pkinit.c \
+ principal.c \
+ prog_setup.c \
+ prompter_posix.c \
+ rd_cred.c \
+ rd_error.c \
+ rd_priv.c \
+ rd_rep.c \
+ rd_req.c \
+ rd_safe.c \
+ read_message.c \
+ recvauth.c \
+ replay.c \
+ send_to_kdc.c \
+ sendauth.c \
+ set_default_realm.c \
+ sock_principal.c \
+ store.c \
+ store-int.h \
+ store_emem.c \
+ store_fd.c \
+ store_mem.c \
+ plugin.c \
+ ticket.c \
+ time.c \
+ transited.c \
+ v4_glue.c \
+ verify_init.c \
+ verify_user.c \
+ version.c \
+ warn.c \
+ write_message.c
+
+nodist_libkrb5_la_SOURCES = \
+ $(ERR_FILES)
+
+libkrb5_la_LDFLAGS = -version-info 24:0:0
+
+if versionscript
+libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+
+$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
+
+$(srcdir)/krb5-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h
+
+$(srcdir)/krb5-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h
+
+man_MANS = \
+ kerberos.8 \
+ krb5.3 \
+ krb5.conf.5 \
+ krb524_convert_creds_kdc.3 \
+ krb5_425_conv_principal.3 \
+ krb5_acl_match_file.3 \
+ krb5_address.3 \
+ krb5_aname_to_localname.3 \
+ krb5_appdefault.3 \
+ krb5_auth_context.3 \
+ krb5_c_make_checksum.3 \
+ krb5_ccache.3 \
+ krb5_check_transited.3 \
+ krb5_compare_creds.3 \
+ krb5_config.3 \
+ krb5_context.3 \
+ krb5_create_checksum.3 \
+ krb5_creds.3 \
+ krb5_crypto_init.3 \
+ krb5_data.3 \
+ krb5_digest.3 \
+ krb5_eai_to_heim_errno.3 \
+ krb5_encrypt.3 \
+ krb5_expand_hostname.3 \
+ krb5_find_padata.3 \
+ krb5_generate_random_block.3 \
+ krb5_get_all_client_addrs.3 \
+ krb5_get_credentials.3 \
+ krb5_get_creds.3 \
+ krb5_get_forwarded_creds.3 \
+ krb5_get_in_cred.3 \
+ krb5_get_init_creds.3 \
+ krb5_get_krbhst.3 \
+ krb5_getportbyname.3 \
+ krb5_init_context.3 \
+ krb5_is_thread_safe.3 \
+ krb5_keyblock.3 \
+ krb5_keytab.3 \
+ krb5_krbhst_init.3 \
+ krb5_kuserok.3 \
+ krb5_mk_req.3 \
+ krb5_mk_safe.3 \
+ krb5_openlog.3 \
+ krb5_parse_name.3 \
+ krb5_principal.3 \
+ krb5_rcache.3 \
+ krb5_rd_error.3 \
+ krb5_rd_safe.3 \
+ krb5_set_default_realm.3 \
+ krb5_set_password.3 \
+ krb5_storage.3 \
+ krb5_string_to_key.3 \
+ krb5_ticket.3 \
+ krb5_timeofday.3 \
+ krb5_unparse_name.3 \
+ krb5_verify_init_creds.3 \
+ krb5_verify_user.3 \
+ krb5_warn.3 \
+ verify_krb5_conf.8
+
+dist_include_HEADERS = \
+ krb5.h \
+ krb5-protos.h \
+ krb5-private.h \
+ krb5_ccapi.h
+
+nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h
+
+# XXX use nobase_include_HEADERS = krb5/locate_plugin.h
+krb5dir = $(includedir)/krb5
+krb5_HEADERS = locate_plugin.h
+
+build_HEADERZ = \
+ heim_threads.h \
+ $(krb5_HEADERS) \
+ krb_err.h
+
+CLEANFILES = \
+ krb5_err.c krb5_err.h \
+ krb_err.c krb_err.h \
+ heim_err.c heim_err.h \
+ k524_err.c k524_err.h
+
+$(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h
+
+EXTRA_DIST = \
+ krb5_err.et \
+ krb_err.et \
+ heim_err.et \
+ k524_err.et \
+ $(man_MANS) \
+ version-script.map \
+ krb5.moduli
+
+#sysconf_DATA = krb5.moduli
+
+# to help stupid solaris make
+
+krb5_err.h: krb5_err.et
+
+krb_err.h: krb_err.et
+
+heim_err.h: heim_err.et
+
+k524_err.h: k524_err.et
Added: vendor-crypto/heimdal/dist/lib/krb5/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2021 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(dist_include_HEADERS) $(krb5_HEADERS) \
+ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
+noinst_PROGRAMS = krbhst-test$(EXEEXT) test_alname$(EXEEXT) \
+ test_crypto$(EXEEXT) test_get_addrs$(EXEEXT) \
+ test_kuserok$(EXEEXT) test_renew$(EXEEXT) \
+ test_forward$(EXEEXT)
+TESTS = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \
+ n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \
+ parse-name-test$(EXEEXT) store-test$(EXEEXT) \
+ string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \
+ test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \
+ test_prf$(EXEEXT) test_store$(EXEEXT) \
+ test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \
+ test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \
+ test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \
+ test_time$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1) test_hostname$(EXEEXT)
+ at versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+subdir = lib/krb5
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
+ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \
+ "$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libkrb5_la_DEPENDENCIES = $(LIB_pkinit) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+dist_libkrb5_la_OBJECTS = libkrb5_la-acache.lo libkrb5_la-acl.lo \
+ libkrb5_la-add_et_list.lo libkrb5_la-addr_families.lo \
+ libkrb5_la-aname_to_localname.lo libkrb5_la-appdefault.lo \
+ libkrb5_la-asn1_glue.lo libkrb5_la-auth_context.lo \
+ libkrb5_la-build_ap_req.lo libkrb5_la-build_auth.lo \
+ libkrb5_la-cache.lo libkrb5_la-changepw.lo libkrb5_la-codec.lo \
+ libkrb5_la-config_file.lo libkrb5_la-config_file_netinfo.lo \
+ libkrb5_la-convert_creds.lo libkrb5_la-constants.lo \
+ libkrb5_la-context.lo libkrb5_la-copy_host_realm.lo \
+ libkrb5_la-crc.lo libkrb5_la-creds.lo libkrb5_la-crypto.lo \
+ libkrb5_la-doxygen.lo libkrb5_la-data.lo libkrb5_la-digest.lo \
+ libkrb5_la-eai_to_heim_errno.lo libkrb5_la-error_string.lo \
+ libkrb5_la-expand_hostname.lo libkrb5_la-fcache.lo \
+ libkrb5_la-free.lo libkrb5_la-free_host_realm.lo \
+ libkrb5_la-generate_seq_number.lo \
+ libkrb5_la-generate_subkey.lo libkrb5_la-get_addrs.lo \
+ libkrb5_la-get_cred.lo libkrb5_la-get_default_principal.lo \
+ libkrb5_la-get_default_realm.lo libkrb5_la-get_for_creds.lo \
+ libkrb5_la-get_host_realm.lo libkrb5_la-get_in_tkt.lo \
+ libkrb5_la-get_in_tkt_pw.lo \
+ libkrb5_la-get_in_tkt_with_keytab.lo \
+ libkrb5_la-get_in_tkt_with_skey.lo libkrb5_la-get_port.lo \
+ libkrb5_la-init_creds.lo libkrb5_la-init_creds_pw.lo \
+ libkrb5_la-kcm.lo libkrb5_la-keyblock.lo libkrb5_la-keytab.lo \
+ libkrb5_la-keytab_any.lo libkrb5_la-keytab_file.lo \
+ libkrb5_la-keytab_keyfile.lo libkrb5_la-keytab_krb4.lo \
+ libkrb5_la-keytab_memory.lo libkrb5_la-krbhst.lo \
+ libkrb5_la-kuserok.lo libkrb5_la-log.lo libkrb5_la-mcache.lo \
+ libkrb5_la-misc.lo libkrb5_la-mk_error.lo \
+ libkrb5_la-mk_priv.lo libkrb5_la-mk_rep.lo \
+ libkrb5_la-mk_req.lo libkrb5_la-mk_req_ext.lo \
+ libkrb5_la-mk_safe.lo libkrb5_la-mit_glue.lo \
+ libkrb5_la-net_read.lo libkrb5_la-net_write.lo \
+ libkrb5_la-n-fold.lo libkrb5_la-pac.lo libkrb5_la-padata.lo \
+ libkrb5_la-pkinit.lo libkrb5_la-principal.lo \
+ libkrb5_la-prog_setup.lo libkrb5_la-prompter_posix.lo \
+ libkrb5_la-rd_cred.lo libkrb5_la-rd_error.lo \
+ libkrb5_la-rd_priv.lo libkrb5_la-rd_rep.lo \
+ libkrb5_la-rd_req.lo libkrb5_la-rd_safe.lo \
+ libkrb5_la-read_message.lo libkrb5_la-recvauth.lo \
+ libkrb5_la-replay.lo libkrb5_la-send_to_kdc.lo \
+ libkrb5_la-sendauth.lo libkrb5_la-set_default_realm.lo \
+ libkrb5_la-sock_principal.lo libkrb5_la-store.lo \
+ libkrb5_la-store_emem.lo libkrb5_la-store_fd.lo \
+ libkrb5_la-store_mem.lo libkrb5_la-plugin.lo \
+ libkrb5_la-ticket.lo libkrb5_la-time.lo \
+ libkrb5_la-transited.lo libkrb5_la-v4_glue.lo \
+ libkrb5_la-verify_init.lo libkrb5_la-verify_user.lo \
+ libkrb5_la-version.lo libkrb5_la-warn.lo \
+ libkrb5_la-write_message.lo
+am__objects_1 = libkrb5_la-krb5_err.lo libkrb5_la-krb_err.lo \
+ libkrb5_la-heim_err.lo libkrb5_la-k524_err.lo
+nodist_libkrb5_la_OBJECTS = $(am__objects_1)
+libkrb5_la_OBJECTS = $(dist_libkrb5_la_OBJECTS) \
+ $(nodist_libkrb5_la_OBJECTS)
+libkrb5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libkrb5_la_LDFLAGS) $(LDFLAGS) -o $@
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+am__EXEEXT_1 = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \
+ n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \
+ parse-name-test$(EXEEXT) store-test$(EXEEXT) \
+ string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \
+ test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \
+ test_prf$(EXEEXT) test_store$(EXEEXT) \
+ test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \
+ test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \
+ test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \
+ test_time$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
+aes_test_SOURCES = aes-test.c
+aes_test_OBJECTS = aes-test.$(OBJEXT)
+aes_test_LDADD = $(LDADD)
+aes_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+derived_key_test_SOURCES = derived-key-test.c
+derived_key_test_OBJECTS = derived-key-test.$(OBJEXT)
+derived_key_test_LDADD = $(LDADD)
+derived_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+krbhst_test_SOURCES = krbhst-test.c
+krbhst_test_OBJECTS = krbhst-test.$(OBJEXT)
+krbhst_test_LDADD = $(LDADD)
+krbhst_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+n_fold_test_SOURCES = n-fold-test.c
+n_fold_test_OBJECTS = n-fold-test.$(OBJEXT)
+n_fold_test_LDADD = $(LDADD)
+n_fold_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+name_45_test_SOURCES = name-45-test.c
+name_45_test_OBJECTS = name-45-test.$(OBJEXT)
+name_45_test_LDADD = $(LDADD)
+name_45_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+parse_name_test_SOURCES = parse-name-test.c
+parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
+parse_name_test_LDADD = $(LDADD)
+parse_name_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+store_test_SOURCES = store-test.c
+store_test_OBJECTS = store-test.$(OBJEXT)
+store_test_LDADD = $(LDADD)
+store_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+string_to_key_test_SOURCES = string-to-key-test.c
+string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT)
+string_to_key_test_LDADD = $(LDADD)
+string_to_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_acl_SOURCES = test_acl.c
+test_acl_OBJECTS = test_acl.$(OBJEXT)
+test_acl_LDADD = $(LDADD)
+test_acl_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_addr_SOURCES = test_addr.c
+test_addr_OBJECTS = test_addr.$(OBJEXT)
+test_addr_LDADD = $(LDADD)
+test_addr_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_alname_SOURCES = test_alname.c
+test_alname_OBJECTS = test_alname.$(OBJEXT)
+test_alname_LDADD = $(LDADD)
+test_alname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_cc_SOURCES = test_cc.c
+test_cc_OBJECTS = test_cc.$(OBJEXT)
+test_cc_LDADD = $(LDADD)
+test_cc_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_config_SOURCES = test_config.c
+test_config_OBJECTS = test_config.$(OBJEXT)
+test_config_LDADD = $(LDADD)
+test_config_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_crypto_SOURCES = test_crypto.c
+test_crypto_OBJECTS = test_crypto.$(OBJEXT)
+test_crypto_LDADD = $(LDADD)
+test_crypto_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_crypto_wrapping_SOURCES = test_crypto_wrapping.c
+test_crypto_wrapping_OBJECTS = test_crypto_wrapping.$(OBJEXT)
+test_crypto_wrapping_LDADD = $(LDADD)
+test_crypto_wrapping_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_forward_SOURCES = test_forward.c
+test_forward_OBJECTS = test_forward.$(OBJEXT)
+test_forward_LDADD = $(LDADD)
+test_forward_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_get_addrs_SOURCES = test_get_addrs.c
+test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT)
+test_get_addrs_LDADD = $(LDADD)
+test_get_addrs_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_hostname_SOURCES = test_hostname.c
+test_hostname_OBJECTS = test_hostname.$(OBJEXT)
+test_hostname_LDADD = $(LDADD)
+test_hostname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_keytab_SOURCES = test_keytab.c
+test_keytab_OBJECTS = test_keytab.$(OBJEXT)
+test_keytab_LDADD = $(LDADD)
+test_keytab_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_kuserok_SOURCES = test_kuserok.c
+test_kuserok_OBJECTS = test_kuserok.$(OBJEXT)
+test_kuserok_LDADD = $(LDADD)
+test_kuserok_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_mem_SOURCES = test_mem.c
+test_mem_OBJECTS = test_mem.$(OBJEXT)
+test_mem_LDADD = $(LDADD)
+test_mem_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_pac_SOURCES = test_pac.c
+test_pac_OBJECTS = test_pac.$(OBJEXT)
+test_pac_LDADD = $(LDADD)
+test_pac_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_pkinit_dh2key_SOURCES = test_pkinit_dh2key.c
+test_pkinit_dh2key_OBJECTS = test_pkinit_dh2key.$(OBJEXT)
+test_pkinit_dh2key_LDADD = $(LDADD)
+test_pkinit_dh2key_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_plugin_SOURCES = test_plugin.c
+test_plugin_OBJECTS = test_plugin.$(OBJEXT)
+test_plugin_LDADD = $(LDADD)
+test_plugin_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_prf_SOURCES = test_prf.c
+test_prf_OBJECTS = test_prf.$(OBJEXT)
+test_prf_LDADD = $(LDADD)
+test_prf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_princ_SOURCES = test_princ.c
+test_princ_OBJECTS = test_princ.$(OBJEXT)
+test_princ_LDADD = $(LDADD)
+test_princ_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_renew_SOURCES = test_renew.c
+test_renew_OBJECTS = test_renew.$(OBJEXT)
+test_renew_LDADD = $(LDADD)
+test_renew_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_store_SOURCES = test_store.c
+test_store_OBJECTS = test_store.$(OBJEXT)
+test_store_LDADD = $(LDADD)
+test_store_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+test_time_SOURCES = test_time.c
+test_time_OBJECTS = test_time.$(OBJEXT)
+test_time_LDADD = $(LDADD)
+test_time_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+verify_krb5_conf_SOURCES = verify_krb5_conf.c
+verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
+verify_krb5_conf_LDADD = $(LDADD)
+verify_krb5_conf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \
+ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(dist_libkrb5_la_SOURCES) $(nodist_libkrb5_la_SOURCES) \
+ aes-test.c derived-key-test.c krbhst-test.c n-fold-test.c \
+ name-45-test.c parse-name-test.c store-test.c \
+ string-to-key-test.c test_acl.c test_addr.c test_alname.c \
+ test_cc.c test_config.c test_crypto.c test_crypto_wrapping.c \
+ test_forward.c test_get_addrs.c test_hostname.c test_keytab.c \
+ test_kuserok.c test_mem.c test_pac.c test_pkinit_dh2key.c \
+ test_plugin.c test_prf.c test_princ.c test_renew.c \
+ test_store.c test_time.c verify_krb5_conf.c
+DIST_SOURCES = $(dist_libkrb5_la_SOURCES) aes-test.c \
+ derived-key-test.c krbhst-test.c n-fold-test.c name-45-test.c \
+ parse-name-test.c store-test.c string-to-key-test.c test_acl.c \
+ test_addr.c test_alname.c test_cc.c test_config.c \
+ test_crypto.c test_crypto_wrapping.c test_forward.c \
+ test_get_addrs.c test_hostname.c test_keytab.c test_kuserok.c \
+ test_mem.c test_pac.c test_pkinit_dh2key.c test_plugin.c \
+ test_prf.c test_princ.c test_renew.c test_store.c test_time.c \
+ verify_krb5_conf.c
+man3dir = $(mandir)/man3
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+MANS = $(man_MANS)
+dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+krb5HEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(dist_include_HEADERS) $(krb5_HEADERS) \
+ $(nodist_include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err \
+ -I$(srcdir)/../com_err
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+LDADD = libkrb5.la \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+ at PKINIT_TRUE@LIB_pkinit = ../hx509/libhx509.la
+libkrb5_la_LIBADD = \
+ $(LIB_pkinit) \
+ $(LIB_com_err) \
+ $(LIB_hcrypto) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIBADD_roken) \
+ $(LIB_door_create) \
+ $(LIB_dlopen)
+
+lib_LTLIBRARIES = libkrb5.la
+ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c
+libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS)
+dist_libkrb5_la_SOURCES = \
+ acache.c \
+ acl.c \
+ add_et_list.c \
+ addr_families.c \
+ aname_to_localname.c \
+ appdefault.c \
+ asn1_glue.c \
+ auth_context.c \
+ build_ap_req.c \
+ build_auth.c \
+ cache.c \
+ changepw.c \
+ codec.c \
+ config_file.c \
+ config_file_netinfo.c \
+ convert_creds.c \
+ constants.c \
+ context.c \
+ copy_host_realm.c \
+ crc.c \
+ creds.c \
+ crypto.c \
+ doxygen.c \
+ data.c \
+ digest.c \
+ eai_to_heim_errno.c \
+ error_string.c \
+ expand_hostname.c \
+ fcache.c \
+ free.c \
+ free_host_realm.c \
+ generate_seq_number.c \
+ generate_subkey.c \
+ get_addrs.c \
+ get_cred.c \
+ get_default_principal.c \
+ get_default_realm.c \
+ get_for_creds.c \
+ get_host_realm.c \
+ get_in_tkt.c \
+ get_in_tkt_pw.c \
+ get_in_tkt_with_keytab.c \
+ get_in_tkt_with_skey.c \
+ get_port.c \
+ heim_threads.h \
+ init_creds.c \
+ init_creds_pw.c \
+ kcm.c \
+ kcm.h \
+ keyblock.c \
+ keytab.c \
+ keytab_any.c \
+ keytab_file.c \
+ keytab_keyfile.c \
+ keytab_krb4.c \
+ keytab_memory.c \
+ krb5_locl.h \
+ krb5-v4compat.h \
+ krbhst.c \
+ kuserok.c \
+ log.c \
+ mcache.c \
+ misc.c \
+ mk_error.c \
+ mk_priv.c \
+ mk_rep.c \
+ mk_req.c \
+ mk_req_ext.c \
+ mk_safe.c \
+ mit_glue.c \
+ net_read.c \
+ net_write.c \
+ n-fold.c \
+ pac.c \
+ padata.c \
+ pkinit.c \
+ principal.c \
+ prog_setup.c \
+ prompter_posix.c \
+ rd_cred.c \
+ rd_error.c \
+ rd_priv.c \
+ rd_rep.c \
+ rd_req.c \
+ rd_safe.c \
+ read_message.c \
+ recvauth.c \
+ replay.c \
+ send_to_kdc.c \
+ sendauth.c \
+ set_default_realm.c \
+ sock_principal.c \
+ store.c \
+ store-int.h \
+ store_emem.c \
+ store_fd.c \
+ store_mem.c \
+ plugin.c \
+ ticket.c \
+ time.c \
+ transited.c \
+ v4_glue.c \
+ verify_init.c \
+ verify_user.c \
+ version.c \
+ warn.c \
+ write_message.c
+
+nodist_libkrb5_la_SOURCES = \
+ $(ERR_FILES)
+
+libkrb5_la_LDFLAGS = -version-info 24:0:0 $(am__append_1)
+man_MANS = \
+ kerberos.8 \
+ krb5.3 \
+ krb5.conf.5 \
+ krb524_convert_creds_kdc.3 \
+ krb5_425_conv_principal.3 \
+ krb5_acl_match_file.3 \
+ krb5_address.3 \
+ krb5_aname_to_localname.3 \
+ krb5_appdefault.3 \
+ krb5_auth_context.3 \
+ krb5_c_make_checksum.3 \
+ krb5_ccache.3 \
+ krb5_check_transited.3 \
+ krb5_compare_creds.3 \
+ krb5_config.3 \
+ krb5_context.3 \
+ krb5_create_checksum.3 \
+ krb5_creds.3 \
+ krb5_crypto_init.3 \
+ krb5_data.3 \
+ krb5_digest.3 \
+ krb5_eai_to_heim_errno.3 \
+ krb5_encrypt.3 \
+ krb5_expand_hostname.3 \
+ krb5_find_padata.3 \
+ krb5_generate_random_block.3 \
+ krb5_get_all_client_addrs.3 \
+ krb5_get_credentials.3 \
+ krb5_get_creds.3 \
+ krb5_get_forwarded_creds.3 \
+ krb5_get_in_cred.3 \
+ krb5_get_init_creds.3 \
+ krb5_get_krbhst.3 \
+ krb5_getportbyname.3 \
+ krb5_init_context.3 \
+ krb5_is_thread_safe.3 \
+ krb5_keyblock.3 \
+ krb5_keytab.3 \
+ krb5_krbhst_init.3 \
+ krb5_kuserok.3 \
+ krb5_mk_req.3 \
+ krb5_mk_safe.3 \
+ krb5_openlog.3 \
+ krb5_parse_name.3 \
+ krb5_principal.3 \
+ krb5_rcache.3 \
+ krb5_rd_error.3 \
+ krb5_rd_safe.3 \
+ krb5_set_default_realm.3 \
+ krb5_set_password.3 \
+ krb5_storage.3 \
+ krb5_string_to_key.3 \
+ krb5_ticket.3 \
+ krb5_timeofday.3 \
+ krb5_unparse_name.3 \
+ krb5_verify_init_creds.3 \
+ krb5_verify_user.3 \
+ krb5_warn.3 \
+ verify_krb5_conf.8
+
+dist_include_HEADERS = \
+ krb5.h \
+ krb5-protos.h \
+ krb5-private.h \
+ krb5_ccapi.h
+
+nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h
+
+# XXX use nobase_include_HEADERS = krb5/locate_plugin.h
+krb5dir = $(includedir)/krb5
+krb5_HEADERS = locate_plugin.h
+build_HEADERZ = \
+ heim_threads.h \
+ $(krb5_HEADERS) \
+ krb_err.h
+
+CLEANFILES = \
+ krb5_err.c krb5_err.h \
+ krb_err.c krb_err.h \
+ heim_err.c heim_err.h \
+ k524_err.c k524_err.h
+
+EXTRA_DIST = \
+ krb5_err.et \
+ krb_err.et \
+ heim_err.et \
+ k524_err.et \
+ $(man_MANS) \
+ version-script.map \
+ krb5.moduli
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/krb5/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/krb5/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES)
+ $(libkrb5_la_LINK) -rpath $(libdir) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS)
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES)
+ @rm -f aes-test$(EXEEXT)
+ $(LINK) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS)
+derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES)
+ @rm -f derived-key-test$(EXEEXT)
+ $(LINK) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS)
+krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES)
+ @rm -f krbhst-test$(EXEEXT)
+ $(LINK) $(krbhst_test_OBJECTS) $(krbhst_test_LDADD) $(LIBS)
+n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES)
+ @rm -f n-fold-test$(EXEEXT)
+ $(LINK) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
+name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES)
+ @rm -f name-45-test$(EXEEXT)
+ $(LINK) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
+parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES)
+ @rm -f parse-name-test$(EXEEXT)
+ $(LINK) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
+store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES)
+ @rm -f store-test$(EXEEXT)
+ $(LINK) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS)
+string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES)
+ @rm -f string-to-key-test$(EXEEXT)
+ $(LINK) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
+test_acl$(EXEEXT): $(test_acl_OBJECTS) $(test_acl_DEPENDENCIES)
+ @rm -f test_acl$(EXEEXT)
+ $(LINK) $(test_acl_OBJECTS) $(test_acl_LDADD) $(LIBS)
+test_addr$(EXEEXT): $(test_addr_OBJECTS) $(test_addr_DEPENDENCIES)
+ @rm -f test_addr$(EXEEXT)
+ $(LINK) $(test_addr_OBJECTS) $(test_addr_LDADD) $(LIBS)
+test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES)
+ @rm -f test_alname$(EXEEXT)
+ $(LINK) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS)
+test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES)
+ @rm -f test_cc$(EXEEXT)
+ $(LINK) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS)
+test_config$(EXEEXT): $(test_config_OBJECTS) $(test_config_DEPENDENCIES)
+ @rm -f test_config$(EXEEXT)
+ $(LINK) $(test_config_OBJECTS) $(test_config_LDADD) $(LIBS)
+test_crypto$(EXEEXT): $(test_crypto_OBJECTS) $(test_crypto_DEPENDENCIES)
+ @rm -f test_crypto$(EXEEXT)
+ $(LINK) $(test_crypto_OBJECTS) $(test_crypto_LDADD) $(LIBS)
+test_crypto_wrapping$(EXEEXT): $(test_crypto_wrapping_OBJECTS) $(test_crypto_wrapping_DEPENDENCIES)
+ @rm -f test_crypto_wrapping$(EXEEXT)
+ $(LINK) $(test_crypto_wrapping_OBJECTS) $(test_crypto_wrapping_LDADD) $(LIBS)
+test_forward$(EXEEXT): $(test_forward_OBJECTS) $(test_forward_DEPENDENCIES)
+ @rm -f test_forward$(EXEEXT)
+ $(LINK) $(test_forward_OBJECTS) $(test_forward_LDADD) $(LIBS)
+test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES)
+ @rm -f test_get_addrs$(EXEEXT)
+ $(LINK) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS)
+test_hostname$(EXEEXT): $(test_hostname_OBJECTS) $(test_hostname_DEPENDENCIES)
+ @rm -f test_hostname$(EXEEXT)
+ $(LINK) $(test_hostname_OBJECTS) $(test_hostname_LDADD) $(LIBS)
+test_keytab$(EXEEXT): $(test_keytab_OBJECTS) $(test_keytab_DEPENDENCIES)
+ @rm -f test_keytab$(EXEEXT)
+ $(LINK) $(test_keytab_OBJECTS) $(test_keytab_LDADD) $(LIBS)
+test_kuserok$(EXEEXT): $(test_kuserok_OBJECTS) $(test_kuserok_DEPENDENCIES)
+ @rm -f test_kuserok$(EXEEXT)
+ $(LINK) $(test_kuserok_OBJECTS) $(test_kuserok_LDADD) $(LIBS)
+test_mem$(EXEEXT): $(test_mem_OBJECTS) $(test_mem_DEPENDENCIES)
+ @rm -f test_mem$(EXEEXT)
+ $(LINK) $(test_mem_OBJECTS) $(test_mem_LDADD) $(LIBS)
+test_pac$(EXEEXT): $(test_pac_OBJECTS) $(test_pac_DEPENDENCIES)
+ @rm -f test_pac$(EXEEXT)
+ $(LINK) $(test_pac_OBJECTS) $(test_pac_LDADD) $(LIBS)
+test_pkinit_dh2key$(EXEEXT): $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_DEPENDENCIES)
+ @rm -f test_pkinit_dh2key$(EXEEXT)
+ $(LINK) $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_LDADD) $(LIBS)
+test_plugin$(EXEEXT): $(test_plugin_OBJECTS) $(test_plugin_DEPENDENCIES)
+ @rm -f test_plugin$(EXEEXT)
+ $(LINK) $(test_plugin_OBJECTS) $(test_plugin_LDADD) $(LIBS)
+test_prf$(EXEEXT): $(test_prf_OBJECTS) $(test_prf_DEPENDENCIES)
+ @rm -f test_prf$(EXEEXT)
+ $(LINK) $(test_prf_OBJECTS) $(test_prf_LDADD) $(LIBS)
+test_princ$(EXEEXT): $(test_princ_OBJECTS) $(test_princ_DEPENDENCIES)
+ @rm -f test_princ$(EXEEXT)
+ $(LINK) $(test_princ_OBJECTS) $(test_princ_LDADD) $(LIBS)
+test_renew$(EXEEXT): $(test_renew_OBJECTS) $(test_renew_DEPENDENCIES)
+ @rm -f test_renew$(EXEEXT)
+ $(LINK) $(test_renew_OBJECTS) $(test_renew_LDADD) $(LIBS)
+test_store$(EXEEXT): $(test_store_OBJECTS) $(test_store_DEPENDENCIES)
+ @rm -f test_store$(EXEEXT)
+ $(LINK) $(test_store_OBJECTS) $(test_store_LDADD) $(LIBS)
+test_time$(EXEEXT): $(test_time_OBJECTS) $(test_time_DEPENDENCIES)
+ @rm -f test_time$(EXEEXT)
+ $(LINK) $(test_time_OBJECTS) $(test_time_LDADD) $(LIBS)
+verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES)
+ @rm -f verify_krb5_conf$(EXEEXT)
+ $(LINK) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+libkrb5_la-acache.lo: acache.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acache.lo `test -f 'acache.c' || echo '$(srcdir)/'`acache.c
+
+libkrb5_la-acl.lo: acl.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acl.lo `test -f 'acl.c' || echo '$(srcdir)/'`acl.c
+
+libkrb5_la-add_et_list.lo: add_et_list.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-add_et_list.lo `test -f 'add_et_list.c' || echo '$(srcdir)/'`add_et_list.c
+
+libkrb5_la-addr_families.lo: addr_families.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-addr_families.lo `test -f 'addr_families.c' || echo '$(srcdir)/'`addr_families.c
+
+libkrb5_la-aname_to_localname.lo: aname_to_localname.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-aname_to_localname.lo `test -f 'aname_to_localname.c' || echo '$(srcdir)/'`aname_to_localname.c
+
+libkrb5_la-appdefault.lo: appdefault.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-appdefault.lo `test -f 'appdefault.c' || echo '$(srcdir)/'`appdefault.c
+
+libkrb5_la-asn1_glue.lo: asn1_glue.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-asn1_glue.lo `test -f 'asn1_glue.c' || echo '$(srcdir)/'`asn1_glue.c
+
+libkrb5_la-auth_context.lo: auth_context.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-auth_context.lo `test -f 'auth_context.c' || echo '$(srcdir)/'`auth_context.c
+
+libkrb5_la-build_ap_req.lo: build_ap_req.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_ap_req.lo `test -f 'build_ap_req.c' || echo '$(srcdir)/'`build_ap_req.c
+
+libkrb5_la-build_auth.lo: build_auth.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_auth.lo `test -f 'build_auth.c' || echo '$(srcdir)/'`build_auth.c
+
+libkrb5_la-cache.lo: cache.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-cache.lo `test -f 'cache.c' || echo '$(srcdir)/'`cache.c
+
+libkrb5_la-changepw.lo: changepw.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-changepw.lo `test -f 'changepw.c' || echo '$(srcdir)/'`changepw.c
+
+libkrb5_la-codec.lo: codec.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-codec.lo `test -f 'codec.c' || echo '$(srcdir)/'`codec.c
+
+libkrb5_la-config_file.lo: config_file.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file.lo `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c
+
+libkrb5_la-config_file_netinfo.lo: config_file_netinfo.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file_netinfo.lo `test -f 'config_file_netinfo.c' || echo '$(srcdir)/'`config_file_netinfo.c
+
+libkrb5_la-convert_creds.lo: convert_creds.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-convert_creds.lo `test -f 'convert_creds.c' || echo '$(srcdir)/'`convert_creds.c
+
+libkrb5_la-constants.lo: constants.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-constants.lo `test -f 'constants.c' || echo '$(srcdir)/'`constants.c
+
+libkrb5_la-context.lo: context.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
+
+libkrb5_la-copy_host_realm.lo: copy_host_realm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-copy_host_realm.lo `test -f 'copy_host_realm.c' || echo '$(srcdir)/'`copy_host_realm.c
+
+libkrb5_la-crc.lo: crc.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c
+
+libkrb5_la-creds.lo: creds.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-creds.lo `test -f 'creds.c' || echo '$(srcdir)/'`creds.c
+
+libkrb5_la-crypto.lo: crypto.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libkrb5_la-doxygen.lo: doxygen.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c
+
+libkrb5_la-data.lo: data.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c
+
+libkrb5_la-digest.lo: digest.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-digest.lo `test -f 'digest.c' || echo '$(srcdir)/'`digest.c
+
+libkrb5_la-eai_to_heim_errno.lo: eai_to_heim_errno.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-eai_to_heim_errno.lo `test -f 'eai_to_heim_errno.c' || echo '$(srcdir)/'`eai_to_heim_errno.c
+
+libkrb5_la-error_string.lo: error_string.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c
+
+libkrb5_la-expand_hostname.lo: expand_hostname.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-expand_hostname.lo `test -f 'expand_hostname.c' || echo '$(srcdir)/'`expand_hostname.c
+
+libkrb5_la-fcache.lo: fcache.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-fcache.lo `test -f 'fcache.c' || echo '$(srcdir)/'`fcache.c
+
+libkrb5_la-free.lo: free.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free.lo `test -f 'free.c' || echo '$(srcdir)/'`free.c
+
+libkrb5_la-free_host_realm.lo: free_host_realm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free_host_realm.lo `test -f 'free_host_realm.c' || echo '$(srcdir)/'`free_host_realm.c
+
+libkrb5_la-generate_seq_number.lo: generate_seq_number.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_seq_number.lo `test -f 'generate_seq_number.c' || echo '$(srcdir)/'`generate_seq_number.c
+
+libkrb5_la-generate_subkey.lo: generate_subkey.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_subkey.lo `test -f 'generate_subkey.c' || echo '$(srcdir)/'`generate_subkey.c
+
+libkrb5_la-get_addrs.lo: get_addrs.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_addrs.lo `test -f 'get_addrs.c' || echo '$(srcdir)/'`get_addrs.c
+
+libkrb5_la-get_cred.lo: get_cred.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_cred.lo `test -f 'get_cred.c' || echo '$(srcdir)/'`get_cred.c
+
+libkrb5_la-get_default_principal.lo: get_default_principal.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_principal.lo `test -f 'get_default_principal.c' || echo '$(srcdir)/'`get_default_principal.c
+
+libkrb5_la-get_default_realm.lo: get_default_realm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_realm.lo `test -f 'get_default_realm.c' || echo '$(srcdir)/'`get_default_realm.c
+
+libkrb5_la-get_for_creds.lo: get_for_creds.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_for_creds.lo `test -f 'get_for_creds.c' || echo '$(srcdir)/'`get_for_creds.c
+
+libkrb5_la-get_host_realm.lo: get_host_realm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_host_realm.lo `test -f 'get_host_realm.c' || echo '$(srcdir)/'`get_host_realm.c
+
+libkrb5_la-get_in_tkt.lo: get_in_tkt.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt.lo `test -f 'get_in_tkt.c' || echo '$(srcdir)/'`get_in_tkt.c
+
+libkrb5_la-get_in_tkt_pw.lo: get_in_tkt_pw.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_pw.lo `test -f 'get_in_tkt_pw.c' || echo '$(srcdir)/'`get_in_tkt_pw.c
+
+libkrb5_la-get_in_tkt_with_keytab.lo: get_in_tkt_with_keytab.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_keytab.lo `test -f 'get_in_tkt_with_keytab.c' || echo '$(srcdir)/'`get_in_tkt_with_keytab.c
+
+libkrb5_la-get_in_tkt_with_skey.lo: get_in_tkt_with_skey.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_skey.lo `test -f 'get_in_tkt_with_skey.c' || echo '$(srcdir)/'`get_in_tkt_with_skey.c
+
+libkrb5_la-get_port.lo: get_port.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_port.lo `test -f 'get_port.c' || echo '$(srcdir)/'`get_port.c
+
+libkrb5_la-init_creds.lo: init_creds.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds.lo `test -f 'init_creds.c' || echo '$(srcdir)/'`init_creds.c
+
+libkrb5_la-init_creds_pw.lo: init_creds_pw.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds_pw.lo `test -f 'init_creds_pw.c' || echo '$(srcdir)/'`init_creds_pw.c
+
+libkrb5_la-kcm.lo: kcm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kcm.lo `test -f 'kcm.c' || echo '$(srcdir)/'`kcm.c
+
+libkrb5_la-keyblock.lo: keyblock.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c
+
+libkrb5_la-keytab.lo: keytab.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c
+
+libkrb5_la-keytab_any.lo: keytab_any.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_any.lo `test -f 'keytab_any.c' || echo '$(srcdir)/'`keytab_any.c
+
+libkrb5_la-keytab_file.lo: keytab_file.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_file.lo `test -f 'keytab_file.c' || echo '$(srcdir)/'`keytab_file.c
+
+libkrb5_la-keytab_keyfile.lo: keytab_keyfile.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_keyfile.lo `test -f 'keytab_keyfile.c' || echo '$(srcdir)/'`keytab_keyfile.c
+
+libkrb5_la-keytab_krb4.lo: keytab_krb4.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_krb4.lo `test -f 'keytab_krb4.c' || echo '$(srcdir)/'`keytab_krb4.c
+
+libkrb5_la-keytab_memory.lo: keytab_memory.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_memory.lo `test -f 'keytab_memory.c' || echo '$(srcdir)/'`keytab_memory.c
+
+libkrb5_la-krbhst.lo: krbhst.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krbhst.lo `test -f 'krbhst.c' || echo '$(srcdir)/'`krbhst.c
+
+libkrb5_la-kuserok.lo: kuserok.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kuserok.lo `test -f 'kuserok.c' || echo '$(srcdir)/'`kuserok.c
+
+libkrb5_la-log.lo: log.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+
+libkrb5_la-mcache.lo: mcache.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mcache.lo `test -f 'mcache.c' || echo '$(srcdir)/'`mcache.c
+
+libkrb5_la-misc.lo: misc.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
+
+libkrb5_la-mk_error.lo: mk_error.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_error.lo `test -f 'mk_error.c' || echo '$(srcdir)/'`mk_error.c
+
+libkrb5_la-mk_priv.lo: mk_priv.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_priv.lo `test -f 'mk_priv.c' || echo '$(srcdir)/'`mk_priv.c
+
+libkrb5_la-mk_rep.lo: mk_rep.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_rep.lo `test -f 'mk_rep.c' || echo '$(srcdir)/'`mk_rep.c
+
+libkrb5_la-mk_req.lo: mk_req.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req.lo `test -f 'mk_req.c' || echo '$(srcdir)/'`mk_req.c
+
+libkrb5_la-mk_req_ext.lo: mk_req_ext.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req_ext.lo `test -f 'mk_req_ext.c' || echo '$(srcdir)/'`mk_req_ext.c
+
+libkrb5_la-mk_safe.lo: mk_safe.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_safe.lo `test -f 'mk_safe.c' || echo '$(srcdir)/'`mk_safe.c
+
+libkrb5_la-mit_glue.lo: mit_glue.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mit_glue.lo `test -f 'mit_glue.c' || echo '$(srcdir)/'`mit_glue.c
+
+libkrb5_la-net_read.lo: net_read.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c
+
+libkrb5_la-net_write.lo: net_write.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c
+
+libkrb5_la-n-fold.lo: n-fold.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c
+
+libkrb5_la-pac.lo: pac.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pac.lo `test -f 'pac.c' || echo '$(srcdir)/'`pac.c
+
+libkrb5_la-padata.lo: padata.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-padata.lo `test -f 'padata.c' || echo '$(srcdir)/'`padata.c
+
+libkrb5_la-pkinit.lo: pkinit.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pkinit.lo `test -f 'pkinit.c' || echo '$(srcdir)/'`pkinit.c
+
+libkrb5_la-principal.lo: principal.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-principal.lo `test -f 'principal.c' || echo '$(srcdir)/'`principal.c
+
+libkrb5_la-prog_setup.lo: prog_setup.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prog_setup.lo `test -f 'prog_setup.c' || echo '$(srcdir)/'`prog_setup.c
+
+libkrb5_la-prompter_posix.lo: prompter_posix.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prompter_posix.lo `test -f 'prompter_posix.c' || echo '$(srcdir)/'`prompter_posix.c
+
+libkrb5_la-rd_cred.lo: rd_cred.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_cred.lo `test -f 'rd_cred.c' || echo '$(srcdir)/'`rd_cred.c
+
+libkrb5_la-rd_error.lo: rd_error.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_error.lo `test -f 'rd_error.c' || echo '$(srcdir)/'`rd_error.c
+
+libkrb5_la-rd_priv.lo: rd_priv.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_priv.lo `test -f 'rd_priv.c' || echo '$(srcdir)/'`rd_priv.c
+
+libkrb5_la-rd_rep.lo: rd_rep.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_rep.lo `test -f 'rd_rep.c' || echo '$(srcdir)/'`rd_rep.c
+
+libkrb5_la-rd_req.lo: rd_req.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_req.lo `test -f 'rd_req.c' || echo '$(srcdir)/'`rd_req.c
+
+libkrb5_la-rd_safe.lo: rd_safe.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_safe.lo `test -f 'rd_safe.c' || echo '$(srcdir)/'`rd_safe.c
+
+libkrb5_la-read_message.lo: read_message.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-read_message.lo `test -f 'read_message.c' || echo '$(srcdir)/'`read_message.c
+
+libkrb5_la-recvauth.lo: recvauth.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-recvauth.lo `test -f 'recvauth.c' || echo '$(srcdir)/'`recvauth.c
+
+libkrb5_la-replay.lo: replay.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-replay.lo `test -f 'replay.c' || echo '$(srcdir)/'`replay.c
+
+libkrb5_la-send_to_kdc.lo: send_to_kdc.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-send_to_kdc.lo `test -f 'send_to_kdc.c' || echo '$(srcdir)/'`send_to_kdc.c
+
+libkrb5_la-sendauth.lo: sendauth.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sendauth.lo `test -f 'sendauth.c' || echo '$(srcdir)/'`sendauth.c
+
+libkrb5_la-set_default_realm.lo: set_default_realm.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-set_default_realm.lo `test -f 'set_default_realm.c' || echo '$(srcdir)/'`set_default_realm.c
+
+libkrb5_la-sock_principal.lo: sock_principal.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sock_principal.lo `test -f 'sock_principal.c' || echo '$(srcdir)/'`sock_principal.c
+
+libkrb5_la-store.lo: store.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store.lo `test -f 'store.c' || echo '$(srcdir)/'`store.c
+
+libkrb5_la-store_emem.lo: store_emem.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_emem.lo `test -f 'store_emem.c' || echo '$(srcdir)/'`store_emem.c
+
+libkrb5_la-store_fd.lo: store_fd.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_fd.lo `test -f 'store_fd.c' || echo '$(srcdir)/'`store_fd.c
+
+libkrb5_la-store_mem.lo: store_mem.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_mem.lo `test -f 'store_mem.c' || echo '$(srcdir)/'`store_mem.c
+
+libkrb5_la-plugin.lo: plugin.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-plugin.lo `test -f 'plugin.c' || echo '$(srcdir)/'`plugin.c
+
+libkrb5_la-ticket.lo: ticket.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-ticket.lo `test -f 'ticket.c' || echo '$(srcdir)/'`ticket.c
+
+libkrb5_la-time.lo: time.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-time.lo `test -f 'time.c' || echo '$(srcdir)/'`time.c
+
+libkrb5_la-transited.lo: transited.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-transited.lo `test -f 'transited.c' || echo '$(srcdir)/'`transited.c
+
+libkrb5_la-v4_glue.lo: v4_glue.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-v4_glue.lo `test -f 'v4_glue.c' || echo '$(srcdir)/'`v4_glue.c
+
+libkrb5_la-verify_init.lo: verify_init.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_init.lo `test -f 'verify_init.c' || echo '$(srcdir)/'`verify_init.c
+
+libkrb5_la-verify_user.lo: verify_user.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_user.lo `test -f 'verify_user.c' || echo '$(srcdir)/'`verify_user.c
+
+libkrb5_la-version.lo: version.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
+
+libkrb5_la-warn.lo: warn.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c
+
+libkrb5_la-write_message.lo: write_message.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-write_message.lo `test -f 'write_message.c' || echo '$(srcdir)/'`write_message.c
+
+libkrb5_la-krb5_err.lo: krb5_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb5_err.lo `test -f 'krb5_err.c' || echo '$(srcdir)/'`krb5_err.c
+
+libkrb5_la-krb_err.lo: krb_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb_err.lo `test -f 'krb_err.c' || echo '$(srcdir)/'`krb_err.c
+
+libkrb5_la-heim_err.lo: heim_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-heim_err.lo `test -f 'heim_err.c' || echo '$(srcdir)/'`heim_err.c
+
+libkrb5_la-k524_err.lo: k524_err.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-k524_err.lo `test -f 'k524_err.c' || echo '$(srcdir)/'`k524_err.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man3: $(man3_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+uninstall-man3:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+install-man5: $(man5_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.5*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 5*) ;; \
+ *) ext='5' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+ done
+install-man8: $(man8_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 8*) ;; \
+ *) ext='8' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+ done
+install-dist_includeHEADERS: $(dist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-dist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-krb5HEADERS: $(krb5_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)"
+ @list='$(krb5_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \
+ $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \
+ done
+
+uninstall-krb5HEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(krb5_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \
+ rm -f "$(DESTDIR)$(krb5dir)/$$f"; \
+ done
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
+ all-local
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_includeHEADERS install-krb5HEADERS \
+ install-man install-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man3 install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \
+ uninstall-krb5HEADERS uninstall-libLTLIBRARIES uninstall-man \
+ uninstall-nodist_includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
+ clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-binPROGRAMS install-data \
+ install-data-am install-data-hook install-dist_includeHEADERS \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-krb5HEADERS install-libLTLIBRARIES \
+ install-man install-man3 install-man5 install-man8 \
+ install-nodist_includeHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-dist_includeHEADERS uninstall-hook \
+ uninstall-krb5HEADERS uninstall-libLTLIBRARIES uninstall-man \
+ uninstall-man3 uninstall-man5 uninstall-man8 \
+ uninstall-nodist_includeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
+
+$(srcdir)/krb5-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h
+
+$(srcdir)/krb5-private.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h
+
+$(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h
+
+#sysconf_DATA = krb5.moduli
+
+# to help stupid solaris make
+
+krb5_err.h: krb5_err.et
+
+krb_err.h: krb_err.et
+
+heim_err.h: heim_err.et
+
+k524_err.h: k524_err.et
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/krb5/acache.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/acache.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/acache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,961 @@
+/*
+ * Copyright (c) 2004 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <krb5_ccapi.h>
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+RCSID("$Id: acache.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* XXX should we fetch these for each open ? */
+static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static cc_initialize_func init_func;
+
+#ifdef HAVE_DLOPEN
+static void *cc_handle;
+#endif
+
+typedef struct krb5_acc {
+ char *cache_name;
+ cc_context_t context;
+ cc_ccache_t ccache;
+} krb5_acc;
+
+static krb5_error_code acc_close(krb5_context, krb5_ccache);
+
+#define ACACHE(X) ((krb5_acc *)(X)->data.data)
+
+static const struct {
+ cc_int32 error;
+ krb5_error_code ret;
+} cc_errors[] = {
+ { ccErrBadName, KRB5_CC_BADNAME },
+ { ccErrCredentialsNotFound, KRB5_CC_NOTFOUND },
+ { ccErrCCacheNotFound, KRB5_FCC_NOFILE },
+ { ccErrContextNotFound, KRB5_CC_NOTFOUND },
+ { ccIteratorEnd, KRB5_CC_END },
+ { ccErrNoMem, KRB5_CC_NOMEM },
+ { ccErrServerUnavailable, KRB5_CC_NOSUPP },
+ { ccNoError, 0 }
+};
+
+static krb5_error_code
+translate_cc_error(krb5_context context, cc_int32 error)
+{
+ int i;
+ krb5_clear_error_string(context);
+ for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++)
+ if (cc_errors[i].error == error)
+ return cc_errors[i].ret;
+ return KRB5_FCC_INTERNAL;
+}
+
+static krb5_error_code
+init_ccapi(krb5_context context)
+{
+ const char *lib;
+
+ HEIMDAL_MUTEX_lock(&acc_mutex);
+ if (init_func) {
+ HEIMDAL_MUTEX_unlock(&acc_mutex);
+ krb5_clear_error_string(context);
+ return 0;
+ }
+
+ lib = krb5_config_get_string(context, NULL,
+ "libdefaults", "ccapi_library",
+ NULL);
+ if (lib == NULL) {
+#ifdef __APPLE__
+ lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
+#else
+ lib = "/usr/lib/libkrb5_cc.so";
+#endif
+ }
+
+#ifdef HAVE_DLOPEN
+
+#ifndef RTLD_LAZY
+#define RTLD_LAZY 0
+#endif
+
+ cc_handle = dlopen(lib, RTLD_LAZY);
+ if (cc_handle == NULL) {
+ HEIMDAL_MUTEX_unlock(&acc_mutex);
+ krb5_set_error_string(context, "Failed to load %s", lib);
+ return KRB5_CC_NOSUPP;
+ }
+
+ init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
+ HEIMDAL_MUTEX_unlock(&acc_mutex);
+ if (init_func == NULL) {
+ krb5_set_error_string(context, "Failed to find cc_initialize"
+ "in %s: %s", lib, dlerror());
+ dlclose(cc_handle);
+ return KRB5_CC_NOSUPP;
+ }
+
+ return 0;
+#else
+ HEIMDAL_MUTEX_unlock(&acc_mutex);
+ krb5_set_error_string(context, "no support for shared object");
+ return KRB5_CC_NOSUPP;
+#endif
+}
+
+static krb5_error_code
+make_cred_from_ccred(krb5_context context,
+ const cc_credentials_v5_t *incred,
+ krb5_creds *cred)
+{
+ krb5_error_code ret;
+ int i;
+
+ memset(cred, 0, sizeof(*cred));
+
+ ret = krb5_parse_name(context, incred->client, &cred->client);
+ if (ret)
+ goto fail;
+
+ ret = krb5_parse_name(context, incred->server, &cred->server);
+ if (ret)
+ goto fail;
+
+ cred->session.keytype = incred->keyblock.type;
+ cred->session.keyvalue.length = incred->keyblock.length;
+ cred->session.keyvalue.data = malloc(incred->keyblock.length);
+ if (cred->session.keyvalue.data == NULL)
+ goto nomem;
+ memcpy(cred->session.keyvalue.data, incred->keyblock.data,
+ incred->keyblock.length);
+
+ cred->times.authtime = incred->authtime;
+ cred->times.starttime = incred->starttime;
+ cred->times.endtime = incred->endtime;
+ cred->times.renew_till = incred->renew_till;
+
+ ret = krb5_data_copy(&cred->ticket,
+ incred->ticket.data,
+ incred->ticket.length);
+ if (ret)
+ goto nomem;
+
+ ret = krb5_data_copy(&cred->second_ticket,
+ incred->second_ticket.data,
+ incred->second_ticket.length);
+ if (ret)
+ goto nomem;
+
+ cred->authdata.val = NULL;
+ cred->authdata.len = 0;
+
+ cred->addresses.val = NULL;
+ cred->addresses.len = 0;
+
+ for (i = 0; incred->authdata && incred->authdata[i]; i++)
+ ;
+
+ if (i) {
+ cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0]));
+ if (cred->authdata.val == NULL)
+ goto nomem;
+ cred->authdata.len = i;
+ for (i = 0; i < cred->authdata.len; i++) {
+ cred->authdata.val[i].ad_type = incred->authdata[i]->type;
+ ret = krb5_data_copy(&cred->authdata.val[i].ad_data,
+ incred->authdata[i]->data,
+ incred->authdata[i]->length);
+ if (ret)
+ goto nomem;
+ }
+ }
+
+ for (i = 0; incred->addresses && incred->addresses[i]; i++)
+ ;
+
+ if (i) {
+ cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0]));
+ if (cred->addresses.val == NULL)
+ goto nomem;
+ cred->addresses.len = i;
+
+ for (i = 0; i < cred->addresses.len; i++) {
+ cred->addresses.val[i].addr_type = incred->addresses[i]->type;
+ ret = krb5_data_copy(&cred->addresses.val[i].address,
+ incred->addresses[i]->data,
+ incred->addresses[i]->length);
+ if (ret)
+ goto nomem;
+ }
+ }
+
+ cred->flags.i = 0;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE)
+ cred->flags.b.forwardable = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED)
+ cred->flags.b.forwarded = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE)
+ cred->flags.b.proxiable = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY)
+ cred->flags.b.proxy = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE)
+ cred->flags.b.may_postdate = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED)
+ cred->flags.b.postdated = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID)
+ cred->flags.b.invalid = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE)
+ cred->flags.b.renewable = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL)
+ cred->flags.b.initial = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH)
+ cred->flags.b.pre_authent = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH)
+ cred->flags.b.hw_authent = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED)
+ cred->flags.b.transited_policy_checked = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE)
+ cred->flags.b.ok_as_delegate = 1;
+ if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS)
+ cred->flags.b.anonymous = 1;
+
+ return 0;
+
+nomem:
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc - out of memory");
+
+fail:
+ krb5_free_cred_contents(context, cred);
+ return ret;
+}
+
+static void
+free_ccred(cc_credentials_v5_t *cred)
+{
+ int i;
+
+ if (cred->addresses) {
+ for (i = 0; cred->addresses[i] != 0; i++) {
+ if (cred->addresses[i]->data)
+ free(cred->addresses[i]->data);
+ free(cred->addresses[i]);
+ }
+ free(cred->addresses);
+ }
+ if (cred->server)
+ free(cred->server);
+ if (cred->client)
+ free(cred->client);
+ memset(cred, 0, sizeof(*cred));
+}
+
+static krb5_error_code
+make_ccred_from_cred(krb5_context context,
+ const krb5_creds *incred,
+ cc_credentials_v5_t *cred)
+{
+ krb5_error_code ret;
+ int i;
+
+ memset(cred, 0, sizeof(*cred));
+
+ ret = krb5_unparse_name(context, incred->client, &cred->client);
+ if (ret)
+ goto fail;
+
+ ret = krb5_unparse_name(context, incred->server, &cred->server);
+ if (ret)
+ goto fail;
+
+ cred->keyblock.type = incred->session.keytype;
+ cred->keyblock.length = incred->session.keyvalue.length;
+ cred->keyblock.data = incred->session.keyvalue.data;
+
+ cred->authtime = incred->times.authtime;
+ cred->starttime = incred->times.starttime;
+ cred->endtime = incred->times.endtime;
+ cred->renew_till = incred->times.renew_till;
+
+ cred->ticket.length = incred->ticket.length;
+ cred->ticket.data = incred->ticket.data;
+
+ cred->second_ticket.length = incred->second_ticket.length;
+ cred->second_ticket.data = incred->second_ticket.data;
+
+ /* XXX this one should also be filled in */
+ cred->authdata = NULL;
+
+ cred->addresses = calloc(incred->addresses.len + 1,
+ sizeof(cred->addresses[0]));
+ if (cred->addresses == NULL) {
+
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ for (i = 0; i < incred->addresses.len; i++) {
+ cc_data *addr;
+ addr = malloc(sizeof(*addr));
+ if (addr == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ addr->type = incred->addresses.val[i].addr_type;
+ addr->length = incred->addresses.val[i].address.length;
+ addr->data = malloc(addr->length);
+ if (addr->data == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ memcpy(addr->data, incred->addresses.val[i].address.data,
+ addr->length);
+ cred->addresses[i] = addr;
+ }
+ cred->addresses[i] = NULL;
+
+ cred->ticket_flags = 0;
+ if (incred->flags.b.forwardable)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
+ if (incred->flags.b.forwarded)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
+ if (incred->flags.b.proxiable)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
+ if (incred->flags.b.proxy)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
+ if (incred->flags.b.may_postdate)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
+ if (incred->flags.b.postdated)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
+ if (incred->flags.b.invalid)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
+ if (incred->flags.b.renewable)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
+ if (incred->flags.b.initial)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
+ if (incred->flags.b.pre_authent)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
+ if (incred->flags.b.hw_authent)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
+ if (incred->flags.b.transited_policy_checked)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
+ if (incred->flags.b.ok_as_delegate)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
+ if (incred->flags.b.anonymous)
+ cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
+
+ return 0;
+
+fail:
+ free_ccred(cred);
+
+ krb5_clear_error_string(context);
+ return ret;
+}
+
+static char *
+get_cc_name(cc_ccache_t cache)
+{
+ cc_string_t name;
+ cc_int32 error;
+ char *str;
+
+ error = (*cache->func->get_name)(cache, &name);
+ if (error)
+ return NULL;
+
+ str = strdup(name->data);
+ (*name->func->release)(name);
+ return str;
+}
+
+
+static const char*
+acc_get_name(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_acc *a = ACACHE(id);
+ static char n[255];
+ char *name;
+
+ name = get_cc_name(a->ccache);
+ if (name == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return NULL;
+ }
+ strlcpy(n, name, sizeof(n));
+ free(name);
+ return n;
+}
+
+static krb5_error_code
+acc_alloc(krb5_context context, krb5_ccache *id)
+{
+ krb5_error_code ret;
+ cc_int32 error;
+ krb5_acc *a;
+
+ ret = init_ccapi(context);
+ if (ret)
+ return ret;
+
+ ret = krb5_data_alloc(&(*id)->data, sizeof(*a));
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ a = ACACHE(*id);
+
+ error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL);
+ if (error) {
+ krb5_data_free(&(*id)->data);
+ return translate_cc_error(context, error);
+ }
+
+ a->cache_name = NULL;
+
+ return 0;
+}
+
+static krb5_error_code
+acc_resolve(krb5_context context, krb5_ccache *id, const char *res)
+{
+ krb5_error_code ret;
+ cc_int32 error;
+ krb5_acc *a;
+
+ ret = acc_alloc(context, id);
+ if (ret)
+ return ret;
+
+ a = ACACHE(*id);
+
+ error = (*a->context->func->open_ccache)(a->context, res,
+ &a->ccache);
+ if (error == 0) {
+ a->cache_name = get_cc_name(a->ccache);
+ if (a->cache_name == NULL) {
+ acc_close(context, *id);
+ *id = NULL;
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ } else if (error == ccErrCCacheNotFound) {
+ a->ccache = NULL;
+ a->cache_name = NULL;
+ error = 0;
+ } else {
+ *id = NULL;
+ return translate_cc_error(context, error);
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+acc_gen_new(krb5_context context, krb5_ccache *id)
+{
+ krb5_error_code ret;
+ krb5_acc *a;
+
+ ret = acc_alloc(context, id);
+ if (ret)
+ return ret;
+
+ a = ACACHE(*id);
+
+ a->ccache = NULL;
+ a->cache_name = NULL;
+
+ return 0;
+}
+
+static krb5_error_code
+acc_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ krb5_acc *a = ACACHE(id);
+ krb5_error_code ret;
+ int32_t error;
+ char *name;
+
+ ret = krb5_unparse_name(context, primary_principal, &name);
+ if (ret)
+ return ret;
+
+ error = (*a->context->func->create_new_ccache)(a->context,
+ cc_credentials_v5,
+ name,
+ &a->ccache);
+ free(name);
+
+ return translate_cc_error(context, error);
+}
+
+static krb5_error_code
+acc_close(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_acc *a = ACACHE(id);
+
+ if (a->ccache) {
+ (*a->ccache->func->release)(a->ccache);
+ a->ccache = NULL;
+ }
+ if (a->cache_name) {
+ free(a->cache_name);
+ a->cache_name = NULL;
+ }
+ (*a->context->func->release)(a->context);
+ a->context = NULL;
+ krb5_data_free(&id->data);
+ return 0;
+}
+
+static krb5_error_code
+acc_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_acc *a = ACACHE(id);
+ cc_int32 error = 0;
+
+ if (a->ccache) {
+ error = (*a->ccache->func->destroy)(a->ccache);
+ a->ccache = NULL;
+ }
+ if (a->context) {
+ error = (a->context->func->release)(a->context);
+ a->context = NULL;
+ }
+ return translate_cc_error(context, error);
+}
+
+static krb5_error_code
+acc_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ krb5_acc *a = ACACHE(id);
+ cc_credentials_union cred;
+ cc_credentials_v5_t v5cred;
+ krb5_error_code ret;
+ cc_int32 error;
+
+ if (a->ccache == NULL) {
+ krb5_set_error_string(context, "No API credential found");
+ return KRB5_CC_NOTFOUND;
+ }
+
+ cred.version = cc_credentials_v5;
+ cred.credentials.credentials_v5 = &v5cred;
+
+ ret = make_ccred_from_cred(context,
+ creds,
+ &v5cred);
+ if (ret)
+ return ret;
+
+ error = (*a->ccache->func->store_credentials)(a->ccache, &cred);
+ if (error)
+ ret = translate_cc_error(context, error);
+
+ free_ccred(&v5cred);
+
+ return ret;
+}
+
+static krb5_error_code
+acc_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ krb5_acc *a = ACACHE(id);
+ krb5_error_code ret;
+ int32_t error;
+ cc_string_t name;
+
+ if (a->ccache == NULL) {
+ krb5_set_error_string(context, "No API credential found");
+ return KRB5_CC_NOTFOUND;
+ }
+
+ error = (*a->ccache->func->get_principal)(a->ccache,
+ cc_credentials_v5,
+ &name);
+ if (error)
+ return translate_cc_error(context, error);
+
+ ret = krb5_parse_name(context, name->data, principal);
+
+ (*name->func->release)(name);
+ return ret;
+}
+
+static krb5_error_code
+acc_get_first (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ cc_credentials_iterator_t iter;
+ krb5_acc *a = ACACHE(id);
+ int32_t error;
+
+ if (a->ccache == NULL) {
+ krb5_set_error_string(context, "No API credential found");
+ return KRB5_CC_NOTFOUND;
+ }
+
+ error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
+ if (error) {
+ krb5_clear_error_string(context);
+ return ENOENT;
+ }
+ *cursor = iter;
+ return 0;
+}
+
+
+static krb5_error_code
+acc_get_next (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ cc_credentials_iterator_t iter = *cursor;
+ cc_credentials_t cred;
+ krb5_error_code ret;
+ int32_t error;
+
+ while (1) {
+ error = (*iter->func->next)(iter, &cred);
+ if (error)
+ return translate_cc_error(context, error);
+ if (cred->data->version == cc_credentials_v5)
+ break;
+ (*cred->func->release)(cred);
+ }
+
+ ret = make_cred_from_ccred(context,
+ cred->data->credentials.credentials_v5,
+ creds);
+ (*cred->func->release)(cred);
+ return ret;
+}
+
+static krb5_error_code
+acc_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ cc_credentials_iterator_t iter = *cursor;
+ (*iter->func->release)(iter);
+ return 0;
+}
+
+static krb5_error_code
+acc_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *cred)
+{
+ cc_credentials_iterator_t iter;
+ krb5_acc *a = ACACHE(id);
+ cc_credentials_t ccred;
+ krb5_error_code ret;
+ cc_int32 error;
+ char *client, *server;
+
+ if (a->ccache == NULL) {
+ krb5_set_error_string(context, "No API credential found");
+ return KRB5_CC_NOTFOUND;
+ }
+
+ if (cred->client) {
+ ret = krb5_unparse_name(context, cred->client, &client);
+ if (ret)
+ return ret;
+ } else
+ client = NULL;
+
+ ret = krb5_unparse_name(context, cred->server, &server);
+ if (ret) {
+ free(client);
+ return ret;
+ }
+
+ error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
+ if (error) {
+ free(server);
+ free(client);
+ return translate_cc_error(context, error);
+ }
+
+ ret = KRB5_CC_NOTFOUND;
+ while (1) {
+ cc_credentials_v5_t *v5cred;
+
+ error = (*iter->func->next)(iter, &ccred);
+ if (error)
+ break;
+
+ if (ccred->data->version != cc_credentials_v5)
+ goto next;
+
+ v5cred = ccred->data->credentials.credentials_v5;
+
+ if (client && strcmp(v5cred->client, client) != 0)
+ goto next;
+
+ if (strcmp(v5cred->server, server) != 0)
+ goto next;
+
+ (*a->ccache->func->remove_credentials)(a->ccache, ccred);
+ ret = 0;
+ next:
+ (*ccred->func->release)(ccred);
+ }
+
+ (*iter->func->release)(iter);
+
+ if (ret)
+ krb5_set_error_string(context, "Can't find credential %s in cache",
+ server);
+ free(server);
+ free(client);
+
+ return ret;
+}
+
+static krb5_error_code
+acc_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ return 0;
+}
+
+static krb5_error_code
+acc_get_version(krb5_context context,
+ krb5_ccache id)
+{
+ return 0;
+}
+
+struct cache_iter {
+ cc_context_t context;
+ cc_ccache_iterator_t iter;
+};
+
+static krb5_error_code
+acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
+{
+ struct cache_iter *iter;
+ krb5_error_code ret;
+ cc_int32 error;
+
+ ret = init_ccapi(context);
+ if (ret)
+ return ret;
+
+ iter = calloc(1, sizeof(*iter));
+ if (iter == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL);
+ if (error) {
+ free(iter);
+ return translate_cc_error(context, error);
+ }
+
+ error = (*iter->context->func->new_ccache_iterator)(iter->context,
+ &iter->iter);
+ if (error) {
+ free(iter);
+ krb5_clear_error_string(context);
+ return ENOENT;
+ }
+ *cursor = iter;
+ return 0;
+}
+
+static krb5_error_code
+acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+ struct cache_iter *iter = cursor;
+ cc_ccache_t cache;
+ krb5_acc *a;
+ krb5_error_code ret;
+ int32_t error;
+
+ error = (*iter->iter->func->next)(iter->iter, &cache);
+ if (error)
+ return translate_cc_error(context, error);
+
+ ret = _krb5_cc_allocate(context, &krb5_acc_ops, id);
+ if (ret) {
+ (*cache->func->release)(cache);
+ return ret;
+ }
+
+ ret = acc_alloc(context, id);
+ if (ret) {
+ (*cache->func->release)(cache);
+ free(*id);
+ return ret;
+ }
+
+ a = ACACHE(*id);
+ a->ccache = cache;
+
+ a->cache_name = get_cc_name(a->ccache);
+ if (a->cache_name == NULL) {
+ acc_close(context, *id);
+ *id = NULL;
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+static krb5_error_code
+acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
+{
+ struct cache_iter *iter = cursor;
+
+ (*iter->iter->func->release)(iter->iter);
+ iter->iter = NULL;
+ (*iter->context->func->release)(iter->context);
+ iter->context = NULL;
+ free(iter);
+ return 0;
+}
+
+static krb5_error_code
+acc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
+{
+ krb5_acc *afrom = ACACHE(from);
+ krb5_acc *ato = ACACHE(to);
+ int32_t error;
+
+ if (ato->ccache == NULL) {
+ cc_string_t name;
+
+ error = (*afrom->ccache->func->get_principal)(afrom->ccache,
+ cc_credentials_v5,
+ &name);
+ if (error)
+ return translate_cc_error(context, error);
+
+ error = (*ato->context->func->create_new_ccache)(ato->context,
+ cc_credentials_v5,
+ name->data,
+ &ato->ccache);
+ (*name->func->release)(name);
+ if (error)
+ return translate_cc_error(context, error);
+ }
+
+
+ error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache);
+ return translate_cc_error(context, error);
+}
+
+static krb5_error_code
+acc_default_name(krb5_context context, char **str)
+{
+ krb5_error_code ret;
+ cc_context_t cc;
+ cc_string_t name;
+ int32_t error;
+
+ ret = init_ccapi(context);
+ if (ret)
+ return ret;
+
+ error = (*init_func)(&cc, ccapi_version_3, NULL, NULL);
+ if (error)
+ return translate_cc_error(context, error);
+
+ error = (*cc->func->get_default_ccache_name)(cc, &name);
+ if (error) {
+ (*cc->func->release)(cc);
+ return translate_cc_error(context, error);
+ }
+
+ asprintf(str, "API:%s", name->data);
+ (*name->func->release)(name);
+ (*cc->func->release)(cc);
+
+ if (*str == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+
+/**
+ * Variable containing the API based credential cache implemention.
+ *
+ * @ingroup krb5_ccache
+ */
+
+const krb5_cc_ops krb5_acc_ops = {
+ "API",
+ acc_get_name,
+ acc_resolve,
+ acc_gen_new,
+ acc_initialize,
+ acc_destroy,
+ acc_close,
+ acc_store_cred,
+ NULL, /* acc_retrieve */
+ acc_get_principal,
+ acc_get_first,
+ acc_get_next,
+ acc_end_get,
+ acc_remove_cred,
+ acc_set_flags,
+ acc_get_version,
+ acc_get_cache_first,
+ acc_get_cache_next,
+ acc_end_cache_get,
+ acc_move,
+ acc_default_name
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/acl.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/acl.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/acl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,293 @@
+/*
+ * Copyright (c) 2000 - 2002, 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <fnmatch.h>
+
+RCSID("$Id: acl.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct acl_field {
+ enum { acl_string, acl_fnmatch, acl_retval } type;
+ union {
+ const char *cstr;
+ char **retv;
+ } u;
+ struct acl_field *next, **last;
+};
+
+static void
+free_retv(struct acl_field *acl)
+{
+ while(acl != NULL) {
+ if (acl->type == acl_retval) {
+ if (*acl->u.retv)
+ free(*acl->u.retv);
+ *acl->u.retv = NULL;
+ }
+ acl = acl->next;
+ }
+}
+
+static void
+acl_free_list(struct acl_field *acl, int retv)
+{
+ struct acl_field *next;
+ if (retv)
+ free_retv(acl);
+ while(acl != NULL) {
+ next = acl->next;
+ free(acl);
+ acl = next;
+ }
+}
+
+static krb5_error_code
+acl_parse_format(krb5_context context,
+ struct acl_field **acl_ret,
+ const char *format,
+ va_list ap)
+{
+ const char *p;
+ struct acl_field *acl = NULL, *tmp;
+
+ for(p = format; *p != '\0'; p++) {
+ tmp = malloc(sizeof(*tmp));
+ if(tmp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ acl_free_list(acl, 0);
+ return ENOMEM;
+ }
+ if(*p == 's') {
+ tmp->type = acl_string;
+ tmp->u.cstr = va_arg(ap, const char*);
+ } else if(*p == 'f') {
+ tmp->type = acl_fnmatch;
+ tmp->u.cstr = va_arg(ap, const char*);
+ } else if(*p == 'r') {
+ tmp->type = acl_retval;
+ tmp->u.retv = va_arg(ap, char **);
+ *tmp->u.retv = NULL;
+ } else {
+ krb5_set_error_string(context, "acl_parse_format: "
+ "unknown format specifier %c", *p);
+ acl_free_list(acl, 0);
+ free(tmp);
+ return EINVAL;
+ }
+ tmp->next = NULL;
+ if(acl == NULL)
+ acl = tmp;
+ else
+ *acl->last = tmp;
+ acl->last = &tmp->next;
+ }
+ *acl_ret = acl;
+ return 0;
+}
+
+static krb5_boolean
+acl_match_field(krb5_context context,
+ const char *string,
+ struct acl_field *field)
+{
+ if(field->type == acl_string) {
+ return !strcmp(field->u.cstr, string);
+ } else if(field->type == acl_fnmatch) {
+ return !fnmatch(field->u.cstr, string, 0);
+ } else if(field->type == acl_retval) {
+ *field->u.retv = strdup(string);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+static krb5_boolean
+acl_match_acl(krb5_context context,
+ struct acl_field *acl,
+ const char *string)
+{
+ char buf[256];
+ while(strsep_copy(&string, " \t", buf, sizeof(buf)) != -1) {
+ if(buf[0] == '\0')
+ continue; /* skip ws */
+ if (acl == NULL)
+ return FALSE;
+ if(!acl_match_field(context, buf, acl)) {
+ return FALSE;
+ }
+ acl = acl->next;
+ }
+ if (acl)
+ return FALSE;
+ return TRUE;
+}
+
+/**
+ * krb5_acl_match_string matches ACL format against a string.
+ *
+ * The ACL format has three format specifiers: s, f, and r. Each
+ * specifier will retrieve one argument from the variable arguments
+ * for either matching or storing data. The input string is split up
+ * using " " (space) and "\t" (tab) as a delimiter; multiple and "\t"
+ * in a row are considered to be the same.
+ *
+ * List of format specifiers:
+ * - s Matches a string using strcmp(3) (case sensitive).
+ * - f Matches the string with fnmatch(3). Theflags
+ * argument (the last argument) passed to the fnmatch function is 0.
+ * - r Returns a copy of the string in the char ** passed in; the copy
+ * must be freed with free(3). There is no need to free(3) the
+ * string on error: the function will clean up and set the pointer
+ * to NULL.
+ *
+ * @param context Kerberos 5 context
+ * @param string string to match with
+ * @param format format to match
+ * @param ... parameter to format string
+ *
+ * @return Return an error code or 0.
+ *
+ *
+ * @code
+ * char *s;
+ *
+ * ret = krb5_acl_match_string(context, "foo", "s", "foo");
+ * if (ret)
+ * krb5_errx(context, 1, "acl didn't match");
+ * ret = krb5_acl_match_string(context, "foo foo baz/kaka",
+ * "ss", "foo", &s, "foo/\\*");
+ * if (ret) {
+ * // no need to free(s) on error
+ * assert(s == NULL);
+ * krb5_errx(context, 1, "acl didn't match");
+ * }
+ * free(s);
+ * @endcode
+ *
+ * @sa krb5_acl_match_file
+ * @ingroup krb5_support
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_acl_match_string(krb5_context context,
+ const char *string,
+ const char *format,
+ ...)
+{
+ krb5_error_code ret;
+ krb5_boolean found;
+ struct acl_field *acl;
+
+ va_list ap;
+ va_start(ap, format);
+ ret = acl_parse_format(context, &acl, format, ap);
+ va_end(ap);
+ if(ret)
+ return ret;
+
+ found = acl_match_acl(context, acl, string);
+ acl_free_list(acl, !found);
+ if (found) {
+ return 0;
+ } else {
+ krb5_set_error_string(context, "ACL did not match");
+ return EACCES;
+ }
+}
+
+/**
+ * krb5_acl_match_file matches ACL format against each line in a file
+ * using krb5_acl_match_string(). Lines starting with # are treated
+ * like comments and ignored.
+ *
+ * @param context Kerberos 5 context.
+ * @param file file with acl listed in the file.
+ * @param format format to match.
+ * @param ... parameter to format string.
+ *
+ * @return Return an error code or 0.
+ *
+ * @sa krb5_acl_match_string
+ * @ingroup krb5_support
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_acl_match_file(krb5_context context,
+ const char *file,
+ const char *format,
+ ...)
+{
+ krb5_error_code ret;
+ struct acl_field *acl;
+ char buf[256];
+ va_list ap;
+ FILE *f;
+ krb5_boolean found;
+
+ f = fopen(file, "r");
+ if(f == NULL) {
+ int save_errno = errno;
+
+ krb5_set_error_string(context, "open(%s): %s", file,
+ strerror(save_errno));
+ return save_errno;
+ }
+
+ va_start(ap, format);
+ ret = acl_parse_format(context, &acl, format, ap);
+ va_end(ap);
+ if(ret) {
+ fclose(f);
+ return ret;
+ }
+
+ found = FALSE;
+ while(fgets(buf, sizeof(buf), f)) {
+ if(buf[0] == '#')
+ continue;
+ if(acl_match_acl(context, acl, buf)) {
+ found = TRUE;
+ break;
+ }
+ free_retv(acl);
+ }
+
+ fclose(f);
+ acl_free_list(acl, !found);
+ if (found) {
+ return 0;
+ } else {
+ krb5_set_error_string(context, "ACL did not match");
+ return EACCES;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/add_et_list.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/add_et_list.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/add_et_list.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: add_et_list.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Add a specified list of error messages to the et list in context.
+ * Call func (probably a comerr-generated function) with a pointer to
+ * the current et_list.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_add_et_list (krb5_context context,
+ void (*func)(struct et_list **))
+{
+ (*func)(&context->et_list);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/addr_families.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/addr_families.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/addr_families.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1463 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: addr_families.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct addr_operations {
+ int af;
+ krb5_address_type atype;
+ size_t max_sockaddr_size;
+ krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *);
+ krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *);
+ void (*addr2sockaddr)(const krb5_address *, struct sockaddr *,
+ krb5_socklen_t *sa_size, int port);
+ void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int);
+ krb5_error_code (*h_addr2addr)(const char *, krb5_address *);
+ krb5_boolean (*uninteresting)(const struct sockaddr *);
+ void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int);
+ int (*print_addr)(const krb5_address *, char *, size_t);
+ int (*parse_addr)(krb5_context, const char*, krb5_address *);
+ int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*);
+ int (*free_addr)(krb5_context, krb5_address*);
+ int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*);
+ int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long,
+ krb5_address*, krb5_address*);
+};
+
+/*
+ * AF_INET - aka IPv4 implementation
+ */
+
+static krb5_error_code
+ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
+{
+ const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+ unsigned char buf[4];
+
+ a->addr_type = KRB5_ADDRESS_INET;
+ memcpy (buf, &sin4->sin_addr, 4);
+ return krb5_data_copy(&a->address, buf, 4);
+}
+
+static krb5_error_code
+ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port)
+{
+ const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+
+ *port = sin4->sin_port;
+ return 0;
+}
+
+static void
+ipv4_addr2sockaddr (const krb5_address *a,
+ struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct sockaddr_in tmp;
+
+ memset (&tmp, 0, sizeof(tmp));
+ tmp.sin_family = AF_INET;
+ memcpy (&tmp.sin_addr, a->address.data, 4);
+ tmp.sin_port = port;
+ memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
+ *sa_size = sizeof(tmp);
+}
+
+static void
+ipv4_h_addr2sockaddr(const char *addr,
+ struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct sockaddr_in tmp;
+
+ memset (&tmp, 0, sizeof(tmp));
+ tmp.sin_family = AF_INET;
+ tmp.sin_port = port;
+ tmp.sin_addr = *((const struct in_addr *)addr);
+ memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
+ *sa_size = sizeof(tmp);
+}
+
+static krb5_error_code
+ipv4_h_addr2addr (const char *addr,
+ krb5_address *a)
+{
+ unsigned char buf[4];
+
+ a->addr_type = KRB5_ADDRESS_INET;
+ memcpy(buf, addr, 4);
+ return krb5_data_copy(&a->address, buf, 4);
+}
+
+/*
+ * Are there any addresses that should be considered `uninteresting'?
+ */
+
+static krb5_boolean
+ipv4_uninteresting (const struct sockaddr *sa)
+{
+ const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+
+ if (sin4->sin_addr.s_addr == INADDR_ANY)
+ return TRUE;
+
+ return FALSE;
+}
+
+static void
+ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
+{
+ struct sockaddr_in tmp;
+
+ memset (&tmp, 0, sizeof(tmp));
+ tmp.sin_family = AF_INET;
+ tmp.sin_port = port;
+ tmp.sin_addr.s_addr = INADDR_ANY;
+ memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
+ *sa_size = sizeof(tmp);
+}
+
+static int
+ipv4_print_addr (const krb5_address *addr, char *str, size_t len)
+{
+ struct in_addr ia;
+
+ memcpy (&ia, addr->address.data, 4);
+
+ return snprintf (str, len, "IPv4:%s", inet_ntoa(ia));
+}
+
+static int
+ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
+{
+ const char *p;
+ struct in_addr a;
+
+ p = strchr(address, ':');
+ if(p) {
+ p++;
+ if(strncasecmp(address, "ip:", p - address) != 0 &&
+ strncasecmp(address, "ip4:", p - address) != 0 &&
+ strncasecmp(address, "ipv4:", p - address) != 0 &&
+ strncasecmp(address, "inet:", p - address) != 0)
+ return -1;
+ } else
+ p = address;
+#ifdef HAVE_INET_ATON
+ if(inet_aton(p, &a) == 0)
+ return -1;
+#elif defined(HAVE_INET_ADDR)
+ a.s_addr = inet_addr(p);
+ if(a.s_addr == INADDR_NONE)
+ return -1;
+#else
+ return -1;
+#endif
+ addr->addr_type = KRB5_ADDRESS_INET;
+ if(krb5_data_alloc(&addr->address, 4) != 0)
+ return -1;
+ _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length);
+ return 0;
+}
+
+static int
+ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr,
+ unsigned long len, krb5_address *low, krb5_address *high)
+{
+ unsigned long ia;
+ uint32_t l, h, m = 0xffffffff;
+
+ if (len > 32) {
+ krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ m = m << (32 - len);
+
+ _krb5_get_int(inaddr->address.data, &ia, inaddr->address.length);
+
+ l = ia & m;
+ h = l | ~m;
+
+ low->addr_type = KRB5_ADDRESS_INET;
+ if(krb5_data_alloc(&low->address, 4) != 0)
+ return -1;
+ _krb5_put_int(low->address.data, l, low->address.length);
+
+ high->addr_type = KRB5_ADDRESS_INET;
+ if(krb5_data_alloc(&high->address, 4) != 0) {
+ krb5_free_address(context, low);
+ return -1;
+ }
+ _krb5_put_int(high->address.data, h, high->address.length);
+
+ return 0;
+}
+
+
+/*
+ * AF_INET6 - aka IPv6 implementation
+ */
+
+#ifdef HAVE_IPV6
+
+static krb5_error_code
+ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a)
+{
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+
+ if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
+ unsigned char buf[4];
+
+ a->addr_type = KRB5_ADDRESS_INET;
+#ifndef IN6_ADDR_V6_TO_V4
+#ifdef IN6_EXTRACT_V4ADDR
+#define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x))
+#else
+#define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12])
+#endif
+#endif
+ memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4);
+ return krb5_data_copy(&a->address, buf, 4);
+ } else {
+ a->addr_type = KRB5_ADDRESS_INET6;
+ return krb5_data_copy(&a->address,
+ &sin6->sin6_addr,
+ sizeof(sin6->sin6_addr));
+ }
+}
+
+static krb5_error_code
+ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port)
+{
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+
+ *port = sin6->sin6_port;
+ return 0;
+}
+
+static void
+ipv6_addr2sockaddr (const krb5_address *a,
+ struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct sockaddr_in6 tmp;
+
+ memset (&tmp, 0, sizeof(tmp));
+ tmp.sin6_family = AF_INET6;
+ memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr));
+ tmp.sin6_port = port;
+ memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
+ *sa_size = sizeof(tmp);
+}
+
+static void
+ipv6_h_addr2sockaddr(const char *addr,
+ struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct sockaddr_in6 tmp;
+
+ memset (&tmp, 0, sizeof(tmp));
+ tmp.sin6_family = AF_INET6;
+ tmp.sin6_port = port;
+ tmp.sin6_addr = *((const struct in6_addr *)addr);
+ memcpy(sa, &tmp, min(sizeof(tmp), *sa_size));
+ *sa_size = sizeof(tmp);
+}
+
+static krb5_error_code
+ipv6_h_addr2addr (const char *addr,
+ krb5_address *a)
+{
+ a->addr_type = KRB5_ADDRESS_INET6;
+ return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr));
+}
+
+/*
+ *
+ */
+
+static krb5_boolean
+ipv6_uninteresting (const struct sockaddr *sa)
+{
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+ const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr;
+
+ return
+ IN6_IS_ADDR_LINKLOCAL(in6)
+ || IN6_IS_ADDR_V4COMPAT(in6);
+}
+
+static void
+ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
+{
+ struct sockaddr_in6 tmp;
+
+ memset (&tmp, 0, sizeof(tmp));
+ tmp.sin6_family = AF_INET6;
+ tmp.sin6_port = port;
+ tmp.sin6_addr = in6addr_any;
+ *sa_size = sizeof(tmp);
+}
+
+static int
+ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
+{
+ char buf[128], buf2[3];
+#ifdef HAVE_INET_NTOP
+ if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
+#endif
+ {
+ /* XXX this is pretty ugly, but better than abort() */
+ int i;
+ unsigned char *p = addr->address.data;
+ buf[0] = '\0';
+ for(i = 0; i < addr->address.length; i++) {
+ snprintf(buf2, sizeof(buf2), "%02x", p[i]);
+ if(i > 0 && (i & 1) == 0)
+ strlcat(buf, ":", sizeof(buf));
+ strlcat(buf, buf2, sizeof(buf));
+ }
+ }
+ return snprintf(str, len, "IPv6:%s", buf);
+}
+
+static int
+ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr)
+{
+ int ret;
+ struct in6_addr in6;
+ const char *p;
+
+ p = strchr(address, ':');
+ if(p) {
+ p++;
+ if(strncasecmp(address, "ip6:", p - address) == 0 ||
+ strncasecmp(address, "ipv6:", p - address) == 0 ||
+ strncasecmp(address, "inet6:", p - address) == 0)
+ address = p;
+ }
+
+ ret = inet_pton(AF_INET6, address, &in6.s6_addr);
+ if(ret == 1) {
+ addr->addr_type = KRB5_ADDRESS_INET6;
+ ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr));
+ if (ret)
+ return -1;
+ memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr));
+ return 0;
+ }
+ return -1;
+}
+
+static int
+ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr,
+ unsigned long len, krb5_address *low, krb5_address *high)
+{
+ struct in6_addr addr, laddr, haddr;
+ uint32_t m;
+ int i, sub_len;
+
+ if (len > 128) {
+ krb5_set_error_string(context, "IPv6 prefix too large (%ld)", len);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+
+ if (inaddr->address.length != sizeof(addr)) {
+ krb5_set_error_string(context, "IPv6 addr bad length");
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+
+ memcpy(&addr, inaddr->address.data, inaddr->address.length);
+
+ for (i = 0; i < 16; i++) {
+ sub_len = min(8, len);
+
+ m = 0xff << (8 - sub_len);
+
+ laddr.s6_addr[i] = addr.s6_addr[i] & m;
+ haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m;
+
+ if (len > 8)
+ len -= 8;
+ else
+ len = 0;
+ }
+
+ low->addr_type = KRB5_ADDRESS_INET6;
+ if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0)
+ return -1;
+ memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr));
+
+ high->addr_type = KRB5_ADDRESS_INET6;
+ if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) {
+ krb5_free_address(context, low);
+ return -1;
+ }
+ memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr));
+
+ return 0;
+}
+
+#endif /* IPv6 */
+
+/*
+ * table
+ */
+
+#define KRB5_ADDRESS_ARANGE (-100)
+
+struct arange {
+ krb5_address low;
+ krb5_address high;
+};
+
+static int
+arange_parse_addr (krb5_context context,
+ const char *address, krb5_address *addr)
+{
+ char buf[1024], *p;
+ krb5_address low0, high0;
+ struct arange *a;
+ krb5_error_code ret;
+
+ if(strncasecmp(address, "RANGE:", 6) != 0)
+ return -1;
+
+ address += 6;
+
+ p = strrchr(address, '/');
+ if (p) {
+ krb5_addresses addrmask;
+ char *q;
+ long num;
+
+ if (strlcpy(buf, address, sizeof(buf)) > sizeof(buf))
+ return -1;
+ buf[p - address] = '\0';
+ ret = krb5_parse_address(context, buf, &addrmask);
+ if (ret)
+ return ret;
+ if(addrmask.len != 1) {
+ krb5_free_addresses(context, &addrmask);
+ return -1;
+ }
+
+ address += p - address + 1;
+
+ num = strtol(address, &q, 10);
+ if (q == address || *q != '\0' || num < 0) {
+ krb5_free_addresses(context, &addrmask);
+ return -1;
+ }
+
+ ret = krb5_address_prefixlen_boundary(context, &addrmask.val[0], num,
+ &low0, &high0);
+ krb5_free_addresses(context, &addrmask);
+ if (ret)
+ return ret;
+
+ } else {
+ krb5_addresses low, high;
+
+ strsep_copy(&address, "-", buf, sizeof(buf));
+ ret = krb5_parse_address(context, buf, &low);
+ if(ret)
+ return ret;
+ if(low.len != 1) {
+ krb5_free_addresses(context, &low);
+ return -1;
+ }
+
+ strsep_copy(&address, "-", buf, sizeof(buf));
+ ret = krb5_parse_address(context, buf, &high);
+ if(ret) {
+ krb5_free_addresses(context, &low);
+ return ret;
+ }
+
+ if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
+ krb5_free_addresses(context, &low);
+ krb5_free_addresses(context, &high);
+ return -1;
+ }
+
+ ret = krb5_copy_address(context, &high.val[0], &high0);
+ if (ret == 0) {
+ ret = krb5_copy_address(context, &low.val[0], &low0);
+ if (ret)
+ krb5_free_address(context, &high0);
+ }
+ krb5_free_addresses(context, &low);
+ krb5_free_addresses(context, &high);
+ if (ret)
+ return ret;
+ }
+
+ krb5_data_alloc(&addr->address, sizeof(*a));
+ addr->addr_type = KRB5_ADDRESS_ARANGE;
+ a = addr->address.data;
+
+ if(krb5_address_order(context, &low0, &high0) < 0) {
+ a->low = low0;
+ a->high = high0;
+ } else {
+ a->low = high0;
+ a->high = low0;
+ }
+ return 0;
+}
+
+static int
+arange_free (krb5_context context, krb5_address *addr)
+{
+ struct arange *a;
+ a = addr->address.data;
+ krb5_free_address(context, &a->low);
+ krb5_free_address(context, &a->high);
+ krb5_data_free(&addr->address);
+ return 0;
+}
+
+
+static int
+arange_copy (krb5_context context, const krb5_address *inaddr,
+ krb5_address *outaddr)
+{
+ krb5_error_code ret;
+ struct arange *i, *o;
+
+ outaddr->addr_type = KRB5_ADDRESS_ARANGE;
+ ret = krb5_data_alloc(&outaddr->address, sizeof(*o));
+ if(ret)
+ return ret;
+ i = inaddr->address.data;
+ o = outaddr->address.data;
+ ret = krb5_copy_address(context, &i->low, &o->low);
+ if(ret) {
+ krb5_data_free(&outaddr->address);
+ return ret;
+ }
+ ret = krb5_copy_address(context, &i->high, &o->high);
+ if(ret) {
+ krb5_free_address(context, &o->low);
+ krb5_data_free(&outaddr->address);
+ return ret;
+ }
+ return 0;
+}
+
+static int
+arange_print_addr (const krb5_address *addr, char *str, size_t len)
+{
+ struct arange *a;
+ krb5_error_code ret;
+ size_t l, size, ret_len;
+
+ a = addr->address.data;
+
+ l = strlcpy(str, "RANGE:", len);
+ ret_len = l;
+ if (l > len)
+ l = len;
+ size = l;
+
+ ret = krb5_print_address (&a->low, str + size, len - size, &l);
+ if (ret)
+ return ret;
+ ret_len += l;
+ if (len - size > l)
+ size += l;
+ else
+ size = len;
+
+ l = strlcat(str + size, "-", len - size);
+ ret_len += l;
+ if (len - size > l)
+ size += l;
+ else
+ size = len;
+
+ ret = krb5_print_address (&a->high, str + size, len - size, &l);
+ if (ret)
+ return ret;
+ ret_len += l;
+
+ return ret_len;
+}
+
+static int
+arange_order_addr(krb5_context context,
+ const krb5_address *addr1,
+ const krb5_address *addr2)
+{
+ int tmp1, tmp2, sign;
+ struct arange *a;
+ const krb5_address *a2;
+
+ if(addr1->addr_type == KRB5_ADDRESS_ARANGE) {
+ a = addr1->address.data;
+ a2 = addr2;
+ sign = 1;
+ } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) {
+ a = addr2->address.data;
+ a2 = addr1;
+ sign = -1;
+ } else
+ abort();
+
+ if(a2->addr_type == KRB5_ADDRESS_ARANGE) {
+ struct arange *b = a2->address.data;
+ tmp1 = krb5_address_order(context, &a->low, &b->low);
+ if(tmp1 != 0)
+ return sign * tmp1;
+ return sign * krb5_address_order(context, &a->high, &b->high);
+ } else if(a2->addr_type == a->low.addr_type) {
+ tmp1 = krb5_address_order(context, &a->low, a2);
+ if(tmp1 > 0)
+ return sign;
+ tmp2 = krb5_address_order(context, &a->high, a2);
+ if(tmp2 < 0)
+ return -sign;
+ return 0;
+ } else {
+ return sign * (addr1->addr_type - addr2->addr_type);
+ }
+}
+
+static int
+addrport_print_addr (const krb5_address *addr, char *str, size_t len)
+{
+ krb5_error_code ret;
+ krb5_address addr1, addr2;
+ uint16_t port = 0;
+ size_t ret_len = 0, l, size = 0;
+ krb5_storage *sp;
+
+ sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address));
+ /* for totally obscure reasons, these are not in network byteorder */
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */
+ krb5_ret_address(sp, &addr1);
+
+ krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */
+ krb5_ret_address(sp, &addr2);
+ krb5_storage_free(sp);
+ if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) {
+ unsigned long value;
+ _krb5_get_int(addr2.address.data, &value, 2);
+ port = value;
+ }
+ l = strlcpy(str, "ADDRPORT:", len);
+ ret_len += l;
+ if (len > l)
+ size += l;
+ else
+ size = len;
+
+ ret = krb5_print_address(&addr1, str + size, len - size, &l);
+ if (ret)
+ return ret;
+ ret_len += l;
+ if (len - size > l)
+ size += l;
+ else
+ size = len;
+
+ ret = snprintf(str + size, len - size, ",PORT=%u", port);
+ if (ret < 0)
+ return EINVAL;
+ ret_len += ret;
+ return ret_len;
+}
+
+static struct addr_operations at[] = {
+ {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in),
+ ipv4_sockaddr2addr,
+ ipv4_sockaddr2port,
+ ipv4_addr2sockaddr,
+ ipv4_h_addr2sockaddr,
+ ipv4_h_addr2addr,
+ ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr,
+ NULL, NULL, NULL, ipv4_mask_boundary },
+#ifdef HAVE_IPV6
+ {AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6),
+ ipv6_sockaddr2addr,
+ ipv6_sockaddr2port,
+ ipv6_addr2sockaddr,
+ ipv6_h_addr2sockaddr,
+ ipv6_h_addr2addr,
+ ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr,
+ NULL, NULL, NULL, ipv6_mask_boundary } ,
+#endif
+ {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0,
+ NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL },
+ /* fake address type */
+ {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange),
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+ arange_print_addr, arange_parse_addr,
+ arange_order_addr, arange_free, arange_copy }
+};
+
+static int num_addrs = sizeof(at) / sizeof(at[0]);
+
+static size_t max_sockaddr_size = 0;
+
+/*
+ * generic functions
+ */
+
+static struct addr_operations *
+find_af(int af)
+{
+ struct addr_operations *a;
+
+ for (a = at; a < at + num_addrs; ++a)
+ if (af == a->af)
+ return a;
+ return NULL;
+}
+
+static struct addr_operations *
+find_atype(int atype)
+{
+ struct addr_operations *a;
+
+ for (a = at; a < at + num_addrs; ++a)
+ if (atype == a->atype)
+ return a;
+ return NULL;
+}
+
+/**
+ * krb5_sockaddr2address stores a address a "struct sockaddr" sa in
+ * the krb5_address addr.
+ *
+ * @param context a Keberos context
+ * @param sa a struct sockaddr to extract the address from
+ * @param addr an Kerberos 5 address to store the address in.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sockaddr2address (krb5_context context,
+ const struct sockaddr *sa, krb5_address *addr)
+{
+ struct addr_operations *a = find_af(sa->sa_family);
+ if (a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported",
+ sa->sa_family);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ return (*a->sockaddr2addr)(sa, addr);
+}
+
+/**
+ * krb5_sockaddr2port extracts a port (if possible) from a "struct
+ * sockaddr.
+ *
+ * @param context a Keberos context
+ * @param sa a struct sockaddr to extract the port from
+ * @param port a pointer to an int16_t store the port in.
+ *
+ * @return Return an error code or 0. Will return
+ * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sockaddr2port (krb5_context context,
+ const struct sockaddr *sa, int16_t *port)
+{
+ struct addr_operations *a = find_af(sa->sa_family);
+ if (a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported",
+ sa->sa_family);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ return (*a->sockaddr2port)(sa, port);
+}
+
+/**
+ * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr
+ * and port. The argument sa_size should initially contain the size of
+ * the sa and after the call, it will contain the actual length of the
+ * address. In case of the sa is too small to fit the whole address,
+ * the up to *sa_size will be stored, and then *sa_size will be set to
+ * the required length.
+ *
+ * @param context a Keberos context
+ * @param addr the address to copy the from
+ * @param sa the struct sockaddr that will be filled in
+ * @param sa_size pointer to length of sa, and after the call, it will
+ * contain the actual length of the address.
+ * @param port set port in sa.
+ *
+ * @return Return an error code or 0. Will return
+ * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_addr2sockaddr (krb5_context context,
+ const krb5_address *addr,
+ struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct addr_operations *a = find_atype(addr->addr_type);
+
+ if (a == NULL) {
+ krb5_set_error_string (context, "Address type %d not supported",
+ addr->addr_type);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ if (a->addr2sockaddr == NULL) {
+ krb5_set_error_string (context,
+ "Can't convert address type %d to sockaddr",
+ addr->addr_type);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ (*a->addr2sockaddr)(addr, sa, sa_size, port);
+ return 0;
+}
+
+/**
+ * krb5_max_sockaddr_size returns the max size of the .Li struct
+ * sockaddr that the Kerberos library will return.
+ *
+ * @return Return an size_t of the maximum struct sockaddr.
+ *
+ * @ingroup krb5_address
+ */
+
+size_t KRB5_LIB_FUNCTION
+krb5_max_sockaddr_size (void)
+{
+ if (max_sockaddr_size == 0) {
+ struct addr_operations *a;
+
+ for(a = at; a < at + num_addrs; ++a)
+ max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size);
+ }
+ return max_sockaddr_size;
+}
+
+/**
+ * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the
+ * kerberos library thinks are uninteresting. One example are link
+ * local addresses.
+ *
+ * @param sa pointer to struct sockaddr that might be interesting.
+ *
+ * @return Return a non zero for uninteresting addresses.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_sockaddr_uninteresting(const struct sockaddr *sa)
+{
+ struct addr_operations *a = find_af(sa->sa_family);
+ if (a == NULL || a->uninteresting == NULL)
+ return TRUE;
+ return (*a->uninteresting)(sa);
+}
+
+/**
+ * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and
+ * the "struct hostent" (see gethostbyname(3) ) h_addr_list
+ * component. The argument sa_size should initially contain the size
+ * of the sa, and after the call, it will contain the actual length of
+ * the address.
+ *
+ * @param context a Keberos context
+ * @param af addresses
+ * @param addr address
+ * @param sa returned struct sockaddr
+ * @param sa_size size of sa
+ * @param port port to set in sa.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_h_addr2sockaddr (krb5_context context,
+ int af,
+ const char *addr, struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct addr_operations *a = find_af(af);
+ if (a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported", af);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ (*a->h_addr2sockaddr)(addr, sa, sa_size, port);
+ return 0;
+}
+
+/**
+ * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception
+ * that it operates on a krb5_address instead of a struct sockaddr.
+ *
+ * @param context a Keberos context
+ * @param af address family
+ * @param haddr host address from struct hostent.
+ * @param addr returned krb5_address.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_h_addr2addr (krb5_context context,
+ int af,
+ const char *haddr, krb5_address *addr)
+{
+ struct addr_operations *a = find_af(af);
+ if (a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported", af);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ return (*a->h_addr2addr)(haddr, addr);
+}
+
+/**
+ * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to
+ * bind(2) to. The argument sa_size should initially contain the size
+ * of the sa, and after the call, it will contain the actual length
+ * of the address.
+ *
+ * @param context a Keberos context
+ * @param af address family
+ * @param sa sockaddr
+ * @param sa_size lenght of sa.
+ * @param port for to fill into sa.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_anyaddr (krb5_context context,
+ int af,
+ struct sockaddr *sa,
+ krb5_socklen_t *sa_size,
+ int port)
+{
+ struct addr_operations *a = find_af (af);
+
+ if (a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported", af);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+
+ (*a->anyaddr)(sa, sa_size, port);
+ return 0;
+}
+
+/**
+ * krb5_print_address prints the address in addr to the string string
+ * that have the length len. If ret_len is not NULL, it will be filled
+ * with the length of the string if size were unlimited (not including
+ * the final NUL) .
+ *
+ * @param addr address to be printed
+ * @param str pointer string to print the address into
+ * @param len length that will fit into area pointed to by "str".
+ * @param ret_len return length the str.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_print_address (const krb5_address *addr,
+ char *str, size_t len, size_t *ret_len)
+{
+ struct addr_operations *a = find_atype(addr->addr_type);
+ int ret;
+
+ if (a == NULL || a->print_addr == NULL) {
+ char *s;
+ int l;
+ int i;
+
+ s = str;
+ l = snprintf(s, len, "TYPE_%d:", addr->addr_type);
+ if (l < 0 || l >= len)
+ return EINVAL;
+ s += l;
+ len -= l;
+ for(i = 0; i < addr->address.length; i++) {
+ l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]);
+ if (l < 0 || l >= len)
+ return EINVAL;
+ len -= l;
+ s += l;
+ }
+ if(ret_len != NULL)
+ *ret_len = s - str;
+ return 0;
+ }
+ ret = (*a->print_addr)(addr, str, len);
+ if (ret < 0)
+ return EINVAL;
+ if(ret_len != NULL)
+ *ret_len = ret;
+ return 0;
+}
+
+/**
+ * krb5_parse_address returns the resolved hostname in string to the
+ * krb5_addresses addresses .
+ *
+ * @param context a Keberos context
+ * @param string
+ * @param addresses
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_address(krb5_context context,
+ const char *string,
+ krb5_addresses *addresses)
+{
+ int i, n;
+ struct addrinfo *ai, *a;
+ int error;
+ int save_errno;
+
+ addresses->len = 0;
+ addresses->val = NULL;
+
+ for(i = 0; i < num_addrs; i++) {
+ if(at[i].parse_addr) {
+ krb5_address addr;
+ if((*at[i].parse_addr)(context, string, &addr) == 0) {
+ ALLOC_SEQ(addresses, 1);
+ if (addresses->val == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ addresses->val[0] = addr;
+ return 0;
+ }
+ }
+ }
+
+ error = getaddrinfo (string, NULL, NULL, &ai);
+ if (error) {
+ save_errno = errno;
+ krb5_set_error_string (context, "%s: %s", string, gai_strerror(error));
+ return krb5_eai_to_heim_errno(error, save_errno);
+ }
+
+ n = 0;
+ for (a = ai; a != NULL; a = a->ai_next)
+ ++n;
+
+ ALLOC_SEQ(addresses, n);
+ if (addresses->val == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ freeaddrinfo(ai);
+ return ENOMEM;
+ }
+
+ addresses->len = 0;
+ for (a = ai, i = 0; a != NULL; a = a->ai_next) {
+ if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]))
+ continue;
+ if(krb5_address_search(context, &addresses->val[i], addresses))
+ continue;
+ addresses->len = i;
+ i++;
+ }
+ freeaddrinfo (ai);
+ return 0;
+}
+
+/**
+ * krb5_address_order compares the addresses addr1 and addr2 so that
+ * it can be used for sorting addresses. If the addresses are the same
+ * address krb5_address_order will return 0. Behavies like memcmp(2).
+ *
+ * @param context a Keberos context
+ * @param addr1 krb5_address to compare
+ * @param addr2 krb5_address to compare
+ *
+ * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and
+ * addr2 is the same address, > 0 if addr2 is "less" then addr1.
+ *
+ * @ingroup krb5_address
+ */
+
+int KRB5_LIB_FUNCTION
+krb5_address_order(krb5_context context,
+ const krb5_address *addr1,
+ const krb5_address *addr2)
+{
+ /* this sucks; what if both addresses have order functions, which
+ should we call? this works for now, though */
+ struct addr_operations *a;
+ a = find_atype(addr1->addr_type);
+ if(a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported",
+ addr1->addr_type);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ if(a->order_addr != NULL)
+ return (*a->order_addr)(context, addr1, addr2);
+ a = find_atype(addr2->addr_type);
+ if(a == NULL) {
+ krb5_set_error_string (context, "Address family %d not supported",
+ addr2->addr_type);
+ return KRB5_PROG_ATYPE_NOSUPP;
+ }
+ if(a->order_addr != NULL)
+ return (*a->order_addr)(context, addr1, addr2);
+
+ if(addr1->addr_type != addr2->addr_type)
+ return addr1->addr_type - addr2->addr_type;
+ if(addr1->address.length != addr2->address.length)
+ return addr1->address.length - addr2->address.length;
+ return memcmp (addr1->address.data,
+ addr2->address.data,
+ addr1->address.length);
+}
+
+/**
+ * krb5_address_compare compares the addresses addr1 and addr2.
+ * Returns TRUE if the two addresses are the same.
+ *
+ * @param context a Keberos context
+ * @param addr1 address to compare
+ * @param addr2 address to compare
+ *
+ * @return Return an TRUE is the address are the same FALSE if not
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_address_compare(krb5_context context,
+ const krb5_address *addr1,
+ const krb5_address *addr2)
+{
+ return krb5_address_order (context, addr1, addr2) == 0;
+}
+
+/**
+ * krb5_address_search checks if the address addr is a member of the
+ * address set list addrlist .
+ *
+ * @param context a Keberos context.
+ * @param addr address to search for.
+ * @param addrlist list of addresses to look in for addr.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_address_search(krb5_context context,
+ const krb5_address *addr,
+ const krb5_addresses *addrlist)
+{
+ int i;
+
+ for (i = 0; i < addrlist->len; ++i)
+ if (krb5_address_compare (context, addr, &addrlist->val[i]))
+ return TRUE;
+ return FALSE;
+}
+
+/**
+ * krb5_free_address frees the data stored in the address that is
+ * alloced with any of the krb5_address functions.
+ *
+ * @param context a Keberos context
+ * @param address addresss to be freed.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_address(krb5_context context,
+ krb5_address *address)
+{
+ struct addr_operations *a = find_atype (address->addr_type);
+ if(a != NULL && a->free_addr != NULL)
+ return (*a->free_addr)(context, address);
+ krb5_data_free (&address->address);
+ memset(address, 0, sizeof(*address));
+ return 0;
+}
+
+/**
+ * krb5_free_addresses frees the data stored in the address that is
+ * alloced with any of the krb5_address functions.
+ *
+ * @param context a Keberos context
+ * @param addresses addressses to be freed.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_addresses(krb5_context context,
+ krb5_addresses *addresses)
+{
+ int i;
+ for(i = 0; i < addresses->len; i++)
+ krb5_free_address(context, &addresses->val[i]);
+ free(addresses->val);
+ addresses->len = 0;
+ addresses->val = NULL;
+ return 0;
+}
+
+/**
+ * krb5_copy_address copies the content of address
+ * inaddr to outaddr.
+ *
+ * @param context a Keberos context
+ * @param inaddr pointer to source address
+ * @param outaddr pointer to destination address
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_address(krb5_context context,
+ const krb5_address *inaddr,
+ krb5_address *outaddr)
+{
+ struct addr_operations *a = find_af (inaddr->addr_type);
+ if(a != NULL && a->copy_addr != NULL)
+ return (*a->copy_addr)(context, inaddr, outaddr);
+ return copy_HostAddress(inaddr, outaddr);
+}
+
+/**
+ * krb5_copy_addresses copies the content of addresses
+ * inaddr to outaddr.
+ *
+ * @param context a Keberos context
+ * @param inaddr pointer to source addresses
+ * @param outaddr pointer to destination addresses
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_addresses(krb5_context context,
+ const krb5_addresses *inaddr,
+ krb5_addresses *outaddr)
+{
+ int i;
+ ALLOC_SEQ(outaddr, inaddr->len);
+ if(inaddr->len > 0 && outaddr->val == NULL)
+ return ENOMEM;
+ for(i = 0; i < inaddr->len; i++)
+ krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]);
+ return 0;
+}
+
+/**
+ * krb5_append_addresses adds the set of addresses in source to
+ * dest. While copying the addresses, duplicates are also sorted out.
+ *
+ * @param context a Keberos context
+ * @param dest destination of copy operation
+ * @param source adresses that are going to be added to dest
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_append_addresses(krb5_context context,
+ krb5_addresses *dest,
+ const krb5_addresses *source)
+{
+ krb5_address *tmp;
+ krb5_error_code ret;
+ int i;
+ if(source->len > 0) {
+ tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp));
+ if(tmp == NULL) {
+ krb5_set_error_string(context, "realloc: out of memory");
+ return ENOMEM;
+ }
+ dest->val = tmp;
+ for(i = 0; i < source->len; i++) {
+ /* skip duplicates */
+ if(krb5_address_search(context, &source->val[i], dest))
+ continue;
+ ret = krb5_copy_address(context,
+ &source->val[i],
+ &dest->val[dest->len]);
+ if(ret)
+ return ret;
+ dest->len++;
+ }
+ }
+ return 0;
+}
+
+/**
+ * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
+ *
+ * @param context a Keberos context
+ * @param res built address from addr/port
+ * @param addr address to use
+ * @param port port to use
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_make_addrport (krb5_context context,
+ krb5_address **res, const krb5_address *addr, int16_t port)
+{
+ krb5_error_code ret;
+ size_t len = addr->address.length + 2 + 4 * 4;
+ u_char *p;
+
+ *res = malloc (sizeof(**res));
+ if (*res == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ (*res)->addr_type = KRB5_ADDRESS_ADDRPORT;
+ ret = krb5_data_alloc (&(*res)->address, len);
+ if (ret) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free (*res);
+ *res = NULL;
+ return ret;
+ }
+ p = (*res)->address.data;
+ *p++ = 0;
+ *p++ = 0;
+ *p++ = (addr->addr_type ) & 0xFF;
+ *p++ = (addr->addr_type >> 8) & 0xFF;
+
+ *p++ = (addr->address.length ) & 0xFF;
+ *p++ = (addr->address.length >> 8) & 0xFF;
+ *p++ = (addr->address.length >> 16) & 0xFF;
+ *p++ = (addr->address.length >> 24) & 0xFF;
+
+ memcpy (p, addr->address.data, addr->address.length);
+ p += addr->address.length;
+
+ *p++ = 0;
+ *p++ = 0;
+ *p++ = (KRB5_ADDRESS_IPPORT ) & 0xFF;
+ *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF;
+
+ *p++ = (2 ) & 0xFF;
+ *p++ = (2 >> 8) & 0xFF;
+ *p++ = (2 >> 16) & 0xFF;
+ *p++ = (2 >> 24) & 0xFF;
+
+ memcpy (p, &port, 2);
+ p += 2;
+
+ return 0;
+}
+
+/**
+ * Calculate the boundary addresses of `inaddr'/`prefixlen' and store
+ * them in `low' and `high'.
+ *
+ * @param context a Keberos context
+ * @param inaddr address in prefixlen that the bondery searched
+ * @param prefixlen width of boundery
+ * @param low lowest address
+ * @param high highest address
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_address
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_address_prefixlen_boundary(krb5_context context,
+ const krb5_address *inaddr,
+ unsigned long prefixlen,
+ krb5_address *low,
+ krb5_address *high)
+{
+ struct addr_operations *a = find_atype (inaddr->addr_type);
+ if(a != NULL && a->mask_boundary != NULL)
+ return (*a->mask_boundary)(context, inaddr, prefixlen, low, high);
+ krb5_set_error_string(context, "Address family %d doesn't support "
+ "address mask operation", inaddr->addr_type);
+ return KRB5_PROG_ATYPE_NOSUPP;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/aes-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/aes-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/aes-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,778 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <hex.h>
+#include <err.h>
+
+#ifdef HAVE_OPENSSL
+#include <openssl/evp.h>
+#endif
+
+RCSID("$Id: aes-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int verbose = 0;
+
+static void
+hex_dump_data(const void *data, size_t length)
+{
+ char *p;
+
+ hex_encode(data, length, &p);
+ printf("%s\n", p);
+ free(p);
+}
+
+struct {
+ char *password;
+ char *salt;
+ int saltlen;
+ int iterations;
+ krb5_enctype enctype;
+ size_t keylen;
+ char *pbkdf2;
+ char *key;
+} keys[] = {
+ {
+ "password", "ATHENA.MIT.EDUraeburn", -1,
+ 1,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15",
+ "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15"
+ },
+ {
+ "password", "ATHENA.MIT.EDUraeburn", -1,
+ 1,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15"
+ "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
+ "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b"
+ "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61"
+ },
+ {
+ "password", "ATHENA.MIT.EDUraeburn", -1,
+ 2,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d",
+ "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13"
+ },
+ {
+ "password", "ATHENA.MIT.EDUraeburn", -1,
+ 2,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
+ "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86",
+ "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61"
+ "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff"
+ },
+ {
+ "password", "ATHENA.MIT.EDUraeburn", -1,
+ 1200,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b",
+ "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a"
+ },
+ {
+ "password", "ATHENA.MIT.EDUraeburn", -1,
+ 1200,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
+ "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
+ "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7"
+ "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a"
+ },
+ {
+ "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
+ 5,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49",
+ "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e"
+ },
+ {
+ "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8,
+ 5,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
+ "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
+ "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c"
+ "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31"
+ },
+ {
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size", -1,
+ 1200,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9",
+ "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed"
+ },
+ {
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase equals block size", -1,
+ 1200,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
+ "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
+ "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0"
+ "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34"
+ },
+ {
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size", -1,
+ 1200,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61",
+ "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d"
+ },
+ {
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "pass phrase exceeds block size", -1,
+ 1200,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
+ "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
+ "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2"
+ "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b"
+
+ },
+ {
+ "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
+ 50,
+ ETYPE_AES128_CTS_HMAC_SHA1_96, 16,
+ "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39",
+ "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5"
+ },
+ {
+ "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1,
+ 50,
+ ETYPE_AES256_CTS_HMAC_SHA1_96, 32,
+ "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
+ "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52",
+ "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c"
+ "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e"
+ },
+ {
+ "foo", "", -1,
+ 0,
+ ETYPE_ARCFOUR_HMAC_MD5, 16,
+ NULL,
+ "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc"
+ },
+ {
+ "test", "", -1,
+ 0,
+ ETYPE_ARCFOUR_HMAC_MD5, 16,
+ NULL,
+ "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37"
+ }
+};
+
+static int
+string_to_key_test(krb5_context context)
+{
+ krb5_data password, opaque;
+ krb5_error_code ret;
+ krb5_salt salt;
+ int i, val = 0;
+ char iter[4];
+
+ for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
+
+ password.data = keys[i].password;
+ password.length = strlen(password.data);
+
+ salt.salttype = KRB5_PW_SALT;
+ salt.saltvalue.data = keys[i].salt;
+ if (keys[i].saltlen == -1)
+ salt.saltvalue.length = strlen(salt.saltvalue.data);
+ else
+ salt.saltvalue.length = keys[i].saltlen;
+
+ opaque.data = iter;
+ opaque.length = sizeof(iter);
+ _krb5_put_int(iter, keys[i].iterations, 4);
+
+ if (keys[i].pbkdf2) {
+ unsigned char keyout[32];
+
+ if (keys[i].keylen > sizeof(keyout))
+ abort();
+
+ PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
+ salt.saltvalue.data, salt.saltvalue.length,
+ keys[i].iterations,
+ keys[i].keylen, keyout);
+
+ if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) {
+ krb5_warnx(context, "%d: pbkdf2", i);
+ val = 1;
+ continue;
+ }
+
+ if (verbose) {
+ printf("PBKDF2:\n");
+ hex_dump_data(keyout, keys[i].keylen);
+ }
+ }
+
+ {
+ krb5_keyblock key;
+
+ ret = krb5_string_to_key_data_salt_opaque (context,
+ keys[i].enctype,
+ password,
+ salt,
+ opaque,
+ &key);
+ if (ret) {
+ krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque",
+ i);
+ val = 1;
+ continue;
+ }
+
+ if (key.keyvalue.length != keys[i].keylen) {
+ krb5_warnx(context, "%d: key wrong length (%lu/%lu)",
+ i, (unsigned long)key.keyvalue.length,
+ (unsigned long)keys[i].keylen);
+ val = 1;
+ continue;
+ }
+
+ if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) {
+ krb5_warnx(context, "%d: key wrong", i);
+ val = 1;
+ continue;
+ }
+
+ if (verbose) {
+ printf("key:\n");
+ hex_dump_data(key.keyvalue.data, key.keyvalue.length);
+ }
+ krb5_free_keyblock_contents(context, &key);
+ }
+ }
+ return val;
+}
+
+struct enc_test {
+ size_t len;
+ char *input;
+ char *output;
+ char *nextiv;
+};
+
+struct enc_test encs1[] = {
+ {
+ 17,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20",
+ "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
+ "\x97",
+ "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
+ },
+ {
+ 31,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
+ "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
+ "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
+ },
+ {
+ 32,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ },
+ {
+ 47,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
+ "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
+ },
+ {
+ 48,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
+ },
+ {
+ 64,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
+ "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
+ }
+};
+
+
+struct enc_test encs2[] = {
+ {
+ 17,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20",
+ "\x5c\x13\x26\x27\xc4\xcb\xca\x04\x14\x43\x8a\xb5\x97\x97\x7c\x10"
+ "\x16"
+ },
+ {
+ 31,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
+ "\x16\xb3\xd8\xe5\xcd\x93\xe6\x2c\x28\x70\xa0\x36\x6e\x9a\xb9\x74"
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53"
+ },
+ {
+ 32,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ },
+ {
+ 47,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\xe5\x56\xb4\x88\x41\xb9\xde\x27\xf0\x07\xa1\x6e\x89\x94\x47\xf1"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff"
+ },
+ {
+ 48,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ },
+ {
+ 64,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
+ "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
+ },
+ {
+ 78,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
+ "\x73\xfb\x2c\x36\x76\xaf\xcf\x31\xff\xe3\x8a\x89\x0c\x7e\x99\x3f"
+ "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62"
+ },
+ {
+ 83,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+ "\x41\x41\x41",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
+ "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
+ "\x65\x39\x3a\xdb\x92\x05\x4d\x4f\x08\xa1\xfa\x59\xda\x56\x58\x0e"
+ "\x3b\xac\x12"
+ },
+ {
+ 92,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
+ "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
+ "\x0c\xff\xd7\x63\x50\xf8\x4e\xf9\xec\x56\x1c\x79\xc5\xc8\xfe\x50"
+ "\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f"
+ },
+ {
+ 96,
+ "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e"
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",
+ "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c"
+ "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8"
+ "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30"
+ "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67"
+ "\x08\x28\x49\xad\xfc\x2d\x8e\x86\xae\x69\xa5\xa8\xd9\x29\x9e\xe4"
+ "\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f\x4c\x41\xd1\xb8"
+ }
+};
+
+
+
+char *aes_key1 =
+ "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69";
+
+char *aes_key2 =
+ "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"
+ "\x2c\x20\x79\x75\x6d\x6d\x79\x20\x79\x75\x6d\x6d\x79\x21\x21\x21";
+
+
+static int
+samep(int testn, char *type, const void *pp1, const void *pp2, size_t len)
+{
+ const unsigned char *p1 = pp1, *p2 = pp2;
+ size_t i;
+ int val = 1;
+
+ for (i = 0; i < len; i++) {
+ if (p1[i] != p2[i]) {
+ if (verbose)
+ printf("M");
+ val = 0;
+ } else {
+ if (verbose)
+ printf(".");
+ }
+ }
+ if (verbose)
+ printf("\n");
+ return val;
+}
+
+static int
+encryption_test(krb5_context context, const void *key, size_t keylen,
+ struct enc_test *enc, int numenc)
+{
+ unsigned char iv[AES_BLOCK_SIZE];
+ int i, val, failed = 0;
+ AES_KEY ekey, dkey;
+ unsigned char *p;
+
+ AES_set_encrypt_key(key, keylen, &ekey);
+ AES_set_decrypt_key(key, keylen, &dkey);
+
+ for (i = 0; i < numenc; i++) {
+ val = 0;
+
+ if (verbose)
+ printf("test: %d\n", i);
+ memset(iv, 0, sizeof(iv));
+
+ p = malloc(enc[i].len + 1);
+ if (p == NULL)
+ krb5_errx(context, 1, "malloc");
+
+ p[enc[i].len] = '\0';
+
+ memcpy(p, enc[i].input, enc[i].len);
+
+ _krb5_aes_cts_encrypt(p, p, enc[i].len,
+ &ekey, iv, AES_ENCRYPT);
+
+ if (p[enc[i].len] != '\0') {
+ krb5_warnx(context, "%d: encrypt modified off end", i);
+ val = 1;
+ }
+
+ if (!samep(i, "cipher", p, enc[i].output, enc[i].len)) {
+ krb5_warnx(context, "%d: cipher", i);
+ val = 1;
+ }
+
+ if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/
+ krb5_warnx(context, "%d: iv", i);
+ val = 1;
+ }
+
+ memset(iv, 0, sizeof(iv));
+
+ _krb5_aes_cts_encrypt(p, p, enc[i].len,
+ &dkey, iv, AES_DECRYPT);
+
+ if (p[enc[i].len] != '\0') {
+ krb5_warnx(context, "%d: decrypt modified off end", i);
+ val = 1;
+ }
+
+ if (!samep(i, "clear", p, enc[i].input, enc[i].len))
+ val = 1;
+
+ if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/
+ krb5_warnx(context, "%d: iv", i);
+ val = 1;
+ }
+
+ free(p);
+
+ if (val) {
+ printf("test %d failed\n", i);
+ failed = 1;
+ }
+ val = 0;
+ }
+ return failed;
+}
+
+static int
+krb_enc(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ krb5_data *cipher,
+ krb5_data *clear)
+{
+ krb5_data decrypt;
+ krb5_error_code ret;
+
+ krb5_data_zero(&decrypt);
+
+ ret = krb5_decrypt(context,
+ crypto,
+ usage,
+ cipher->data,
+ cipher->length,
+ &decrypt);
+
+ if (ret) {
+ krb5_warn(context, ret, "krb5_decrypt");
+ return ret;
+ }
+
+ if (decrypt.length != clear->length ||
+ memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
+ krb5_warnx(context, "clear text not same");
+ return EINVAL;
+ }
+
+ krb5_data_free(&decrypt);
+
+ return 0;
+}
+
+static int
+krb_enc_mit(krb5_context context,
+ krb5_enctype enctype,
+ krb5_keyblock *key,
+ unsigned usage,
+ krb5_data *cipher,
+ krb5_data *clear)
+{
+ krb5_error_code ret;
+ krb5_enc_data e;
+ krb5_data decrypt;
+ size_t len;
+
+ e.kvno = 0;
+ e.enctype = enctype;
+ e.ciphertext = *cipher;
+
+ ret = krb5_c_decrypt(context, *key, usage, NULL, &e, &decrypt);
+ if (ret)
+ return ret;
+
+ if (decrypt.length != clear->length ||
+ memcmp(decrypt.data, clear->data, decrypt.length) != 0) {
+ krb5_warnx(context, "clear text not same");
+ return EINVAL;
+ }
+
+ krb5_data_free(&decrypt);
+
+ ret = krb5_c_encrypt_length(context, enctype, clear->length, &len);
+ if (ret)
+ return ret;
+
+ if (len != cipher->length) {
+ krb5_warnx(context, "c_encrypt_length wrong %lu != %lu",
+ (unsigned long)len, (unsigned long)cipher->length);
+ return EINVAL;
+ }
+
+ return 0;
+}
+
+
+struct {
+ krb5_enctype enctype;
+ unsigned usage;
+ size_t keylen;
+ void *key;
+ size_t elen;
+ void* edata;
+ size_t plen;
+ void *pdata;
+} krbencs[] = {
+ {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ 7,
+ 32,
+ "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75"
+ "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65",
+ 44,
+ "\xcf\x79\x8f\x0d\x76\xf3\xe0\xbe\x8e\x66\x94\x70\xfa\xcc\x9e\x91"
+ "\xa9\xec\x1c\x5c\x21\xfb\x6e\xef\x1a\x7a\xc8\xc1\xcc\x5a\x95\x24"
+ "\x6f\x9f\xf4\xd5\xbe\x5d\x59\x97\x44\xd8\x47\xcd",
+ 16,
+ "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x2e\x0a"
+ }
+};
+
+
+static int
+krb_enc_test(krb5_context context)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ krb5_keyblock kb;
+ krb5_data cipher, plain;
+ int i, failed = 0;
+
+ for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) {
+
+ kb.keytype = krbencs[i].enctype;
+ kb.keyvalue.length = krbencs[i].keylen;
+ kb.keyvalue.data = krbencs[i].key;
+
+ ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
+
+ cipher.length = krbencs[i].elen;
+ cipher.data = krbencs[i].edata;
+ plain.length = krbencs[i].plen;
+ plain.data = krbencs[i].pdata;
+
+ ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
+
+ if (ret) {
+ failed = 1;
+ printf("krb_enc failed with %d\n", ret);
+ }
+ krb5_crypto_destroy(context, crypto);
+
+ ret = krb_enc_mit(context, krbencs[i].enctype, &kb,
+ krbencs[i].usage, &cipher, &plain);
+ if (ret) {
+ failed = 1;
+ printf("krb_enc_mit failed with %d\n", ret);
+ }
+
+ }
+
+ return failed;
+}
+
+
+static int
+random_to_key(krb5_context context)
+{
+ krb5_error_code ret;
+ krb5_keyblock key;
+
+ ret = krb5_random_to_key(context,
+ ETYPE_DES3_CBC_SHA1,
+ "\x21\x39\x04\x58\x6A\xBD\x7F"
+ "\x21\x39\x04\x58\x6A\xBD\x7F"
+ "\x21\x39\x04\x58\x6A\xBD\x7F",
+ 21,
+ &key);
+ if (ret){
+ krb5_warn(context, ret, "random_to_key");
+ return 1;
+ }
+ if (key.keyvalue.length != 24)
+ return 1;
+
+ if (memcmp(key.keyvalue.data,
+ "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
+ "\x20\x38\x04\x58\x6b\xbc\x7f\xc7"
+ "\x20\x38\x04\x58\x6b\xbc\x7f\xc7",
+ 24) != 0)
+ return 1;
+
+ krb5_free_keyblock_contents(context, &key);
+
+ return 0;
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ int val = 0;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ val |= string_to_key_test(context);
+
+ val |= encryption_test(context, aes_key1, 128,
+ encs1, sizeof(encs1)/sizeof(encs1[0]));
+ val |= encryption_test(context, aes_key2, 256,
+ encs2, sizeof(encs2)/sizeof(encs2[0]));
+ val |= krb_enc_test(context);
+ val |= random_to_key(context);
+
+ if (verbose && val == 0)
+ printf("all ok\n");
+ if (val)
+ printf("tests failed\n");
+
+ krb5_free_context(context);
+
+ return val;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/aname_to_localname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/aname_to_localname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/aname_to_localname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1997 - 1999, 2002 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: aname_to_localname.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_aname_to_localname (krb5_context context,
+ krb5_const_principal aname,
+ size_t lnsize,
+ char *lname)
+{
+ krb5_error_code ret;
+ krb5_realm *lrealms, *r;
+ int valid;
+ size_t len;
+ const char *res;
+
+ ret = krb5_get_default_realms (context, &lrealms);
+ if (ret)
+ return ret;
+
+ valid = 0;
+ for (r = lrealms; *r != NULL; ++r) {
+ if (strcmp (*r, aname->realm) == 0) {
+ valid = 1;
+ break;
+ }
+ }
+ krb5_free_host_realm (context, lrealms);
+ if (valid == 0)
+ return KRB5_NO_LOCALNAME;
+
+ if (aname->name.name_string.len == 1)
+ res = aname->name.name_string.val[0];
+ else if (aname->name.name_string.len == 2
+ && strcmp (aname->name.name_string.val[1], "root") == 0) {
+ krb5_principal rootprinc;
+ krb5_boolean userok;
+
+ res = "root";
+
+ ret = krb5_copy_principal(context, aname, &rootprinc);
+ if (ret)
+ return ret;
+
+ userok = krb5_kuserok(context, rootprinc, res);
+ krb5_free_principal(context, rootprinc);
+ if (!userok)
+ return KRB5_NO_LOCALNAME;
+
+ } else
+ return KRB5_NO_LOCALNAME;
+
+ len = strlen (res);
+ if (len >= lnsize)
+ return ERANGE;
+ strlcpy (lname, res, lnsize);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/appdefault.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/appdefault.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/appdefault.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: appdefault.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+void KRB5_LIB_FUNCTION
+krb5_appdefault_boolean(krb5_context context, const char *appname,
+ krb5_const_realm realm, const char *option,
+ krb5_boolean def_val, krb5_boolean *ret_val)
+{
+
+ if(appname == NULL)
+ appname = getprogname();
+
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "libdefaults", option, NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "realms", realm, option, NULL);
+
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ realm,
+ option,
+ NULL);
+ if(appname != NULL) {
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ realm,
+ option,
+ NULL);
+ }
+ *ret_val = def_val;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_appdefault_string(krb5_context context, const char *appname,
+ krb5_const_realm realm, const char *option,
+ const char *def_val, char **ret_val)
+{
+ if(appname == NULL)
+ appname = getprogname();
+
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "libdefaults", option, NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "realms", realm, option, NULL);
+
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ realm,
+ option,
+ NULL);
+ if(appname != NULL) {
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ realm,
+ option,
+ NULL);
+ }
+ if(def_val != NULL)
+ *ret_val = strdup(def_val);
+ else
+ *ret_val = NULL;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_appdefault_time(krb5_context context, const char *appname,
+ krb5_const_realm realm, const char *option,
+ time_t def_val, time_t *ret_val)
+{
+ krb5_deltat t;
+ char *val;
+
+ krb5_appdefault_string(context, appname, realm, option, NULL, &val);
+ if (val == NULL) {
+ *ret_val = def_val;
+ return;
+ }
+ if (krb5_string_to_deltat(val, &t))
+ *ret_val = def_val;
+ else
+ *ret_val = t;
+ free(val);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/asn1_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/asn1_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/asn1_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ *
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: asn1_glue.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_principal2principalname (PrincipalName *p,
+ const krb5_principal from)
+{
+ return copy_PrincipalName(&from->name, p);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_principalname2krb5_principal (krb5_context context,
+ krb5_principal *principal,
+ const PrincipalName from,
+ const Realm realm)
+{
+ krb5_principal p = malloc(sizeof(*p));
+ if (p == NULL)
+ return ENOMEM;
+ copy_PrincipalName(&from, &p->name);
+ p->realm = strdup(realm);
+ if (p->realm == NULL)
+ return ENOMEM;
+ *principal = p;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/auth_context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/auth_context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/auth_context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,519 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: auth_context.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_init(krb5_context context,
+ krb5_auth_context *auth_context)
+{
+ krb5_auth_context p;
+
+ ALLOC(p, 1);
+ if(!p) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memset(p, 0, sizeof(*p));
+ ALLOC(p->authenticator, 1);
+ if (!p->authenticator) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free(p);
+ return ENOMEM;
+ }
+ memset (p->authenticator, 0, sizeof(*p->authenticator));
+ p->flags = KRB5_AUTH_CONTEXT_DO_TIME;
+
+ p->local_address = NULL;
+ p->remote_address = NULL;
+ p->local_port = 0;
+ p->remote_port = 0;
+ p->keytype = KEYTYPE_NULL;
+ p->cksumtype = CKSUMTYPE_NONE;
+ *auth_context = p;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_free(krb5_context context,
+ krb5_auth_context auth_context)
+{
+ if (auth_context != NULL) {
+ krb5_free_authenticator(context, &auth_context->authenticator);
+ if(auth_context->local_address){
+ free_HostAddress(auth_context->local_address);
+ free(auth_context->local_address);
+ }
+ if(auth_context->remote_address){
+ free_HostAddress(auth_context->remote_address);
+ free(auth_context->remote_address);
+ }
+ krb5_free_keyblock(context, auth_context->keyblock);
+ krb5_free_keyblock(context, auth_context->remote_subkey);
+ krb5_free_keyblock(context, auth_context->local_subkey);
+ free (auth_context);
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setflags(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t flags)
+{
+ auth_context->flags = flags;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getflags(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t *flags)
+{
+ *flags = auth_context->flags;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_addflags(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t addflags,
+ int32_t *flags)
+{
+ if (flags)
+ *flags = auth_context->flags;
+ auth_context->flags |= addflags;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_removeflags(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t removeflags,
+ int32_t *flags)
+{
+ if (flags)
+ *flags = auth_context->flags;
+ auth_context->flags &= ~removeflags;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setaddrs(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_address *local_addr,
+ krb5_address *remote_addr)
+{
+ if (local_addr) {
+ if (auth_context->local_address)
+ krb5_free_address (context, auth_context->local_address);
+ else
+ if ((auth_context->local_address = malloc(sizeof(krb5_address))) == NULL)
+ return ENOMEM;
+ krb5_copy_address(context, local_addr, auth_context->local_address);
+ }
+ if (remote_addr) {
+ if (auth_context->remote_address)
+ krb5_free_address (context, auth_context->remote_address);
+ else
+ if ((auth_context->remote_address = malloc(sizeof(krb5_address))) == NULL)
+ return ENOMEM;
+ krb5_copy_address(context, remote_addr, auth_context->remote_address);
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_genaddrs(krb5_context context,
+ krb5_auth_context auth_context,
+ int fd, int flags)
+{
+ krb5_error_code ret;
+ krb5_address local_k_address, remote_k_address;
+ krb5_address *lptr = NULL, *rptr = NULL;
+ struct sockaddr_storage ss_local, ss_remote;
+ struct sockaddr *local = (struct sockaddr *)&ss_local;
+ struct sockaddr *remote = (struct sockaddr *)&ss_remote;
+ socklen_t len;
+
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
+ if (auth_context->local_address == NULL) {
+ len = sizeof(ss_local);
+ if(getsockname(fd, local, &len) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "getsockname: %s",
+ strerror(ret));
+ goto out;
+ }
+ ret = krb5_sockaddr2address (context, local, &local_k_address);
+ if(ret) goto out;
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
+ krb5_sockaddr2port (context, local, &auth_context->local_port);
+ } else
+ auth_context->local_port = 0;
+ lptr = &local_k_address;
+ }
+ }
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
+ len = sizeof(ss_remote);
+ if(getpeername(fd, remote, &len) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "getpeername: %s", strerror(ret));
+ goto out;
+ }
+ ret = krb5_sockaddr2address (context, remote, &remote_k_address);
+ if(ret) goto out;
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
+ krb5_sockaddr2port (context, remote, &auth_context->remote_port);
+ } else
+ auth_context->remote_port = 0;
+ rptr = &remote_k_address;
+ }
+ ret = krb5_auth_con_setaddrs (context,
+ auth_context,
+ lptr,
+ rptr);
+ out:
+ if (lptr)
+ krb5_free_address (context, lptr);
+ if (rptr)
+ krb5_free_address (context, rptr);
+ return ret;
+
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setaddrs_from_fd (krb5_context context,
+ krb5_auth_context auth_context,
+ void *p_fd)
+{
+ int fd = *(int*)p_fd;
+ int flags = 0;
+ if(auth_context->local_address == NULL)
+ flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
+ if(auth_context->remote_address == NULL)
+ flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
+ return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getaddrs(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_address **local_addr,
+ krb5_address **remote_addr)
+{
+ if(*local_addr)
+ krb5_free_address (context, *local_addr);
+ *local_addr = malloc (sizeof(**local_addr));
+ if (*local_addr == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_copy_address(context,
+ auth_context->local_address,
+ *local_addr);
+
+ if(*remote_addr)
+ krb5_free_address (context, *remote_addr);
+ *remote_addr = malloc (sizeof(**remote_addr));
+ if (*remote_addr == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ krb5_free_address (context, *local_addr);
+ *local_addr = NULL;
+ return ENOMEM;
+ }
+ krb5_copy_address(context,
+ auth_context->remote_address,
+ *remote_addr);
+ return 0;
+}
+
+static krb5_error_code
+copy_key(krb5_context context,
+ krb5_keyblock *in,
+ krb5_keyblock **out)
+{
+ if(in)
+ return krb5_copy_keyblock(context, in, out);
+ *out = NULL; /* is this right? */
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock **keyblock)
+{
+ return copy_key(context, auth_context->keyblock, keyblock);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getlocalsubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock **keyblock)
+{
+ return copy_key(context, auth_context->local_subkey, keyblock);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getremotesubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock **keyblock)
+{
+ return copy_key(context, auth_context->remote_subkey, keyblock);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ if(auth_context->keyblock)
+ krb5_free_keyblock(context, auth_context->keyblock);
+ return copy_key(context, keyblock, &auth_context->keyblock);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setlocalsubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ if(auth_context->local_subkey)
+ krb5_free_keyblock(context, auth_context->local_subkey);
+ return copy_key(context, keyblock, &auth_context->local_subkey);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_generatelocalsubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ krb5_keyblock *subkey;
+
+ ret = krb5_generate_subkey_extended (context, key,
+ auth_context->keytype,
+ &subkey);
+ if(ret)
+ return ret;
+ if(auth_context->local_subkey)
+ krb5_free_keyblock(context, auth_context->local_subkey);
+ auth_context->local_subkey = subkey;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setremotesubkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ if(auth_context->remote_subkey)
+ krb5_free_keyblock(context, auth_context->remote_subkey);
+ return copy_key(context, keyblock, &auth_context->remote_subkey);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setcksumtype(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_cksumtype cksumtype)
+{
+ auth_context->cksumtype = cksumtype;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getcksumtype(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_cksumtype *cksumtype)
+{
+ *cksumtype = auth_context->cksumtype;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setkeytype (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keytype keytype)
+{
+ auth_context->keytype = keytype;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getkeytype (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keytype *keytype)
+{
+ *keytype = auth_context->keytype;
+ return 0;
+}
+
+#if 0
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setenctype(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_enctype etype)
+{
+ if(auth_context->keyblock)
+ krb5_free_keyblock(context, auth_context->keyblock);
+ ALLOC(auth_context->keyblock, 1);
+ if(auth_context->keyblock == NULL)
+ return ENOMEM;
+ auth_context->keyblock->keytype = etype;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getenctype(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_enctype *etype)
+{
+ krb5_abortx(context, "unimplemented krb5_auth_getenctype called");
+}
+#endif
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getlocalseqnumber(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t *seqnumber)
+{
+ *seqnumber = auth_context->local_seqnumber;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setlocalseqnumber (krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t seqnumber)
+{
+ auth_context->local_seqnumber = seqnumber;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_getremoteseqnumber(krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t *seqnumber)
+{
+ *seqnumber = auth_context->remote_seqnumber;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setremoteseqnumber (krb5_context context,
+ krb5_auth_context auth_context,
+ int32_t seqnumber)
+{
+ auth_context->remote_seqnumber = seqnumber;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getauthenticator(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_authenticator *authenticator)
+{
+ *authenticator = malloc(sizeof(**authenticator));
+ if (*authenticator == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ copy_Authenticator(auth_context->authenticator,
+ *authenticator);
+ return 0;
+}
+
+
+void KRB5_LIB_FUNCTION
+krb5_free_authenticator(krb5_context context,
+ krb5_authenticator *authenticator)
+{
+ free_Authenticator (*authenticator);
+ free (*authenticator);
+ *authenticator = NULL;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setuserkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ if(auth_context->keyblock)
+ krb5_free_keyblock(context, auth_context->keyblock);
+ return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getrcache(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_rcache *rcache)
+{
+ *rcache = auth_context->rcache;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setrcache(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_rcache rcache)
+{
+ auth_context->rcache = rcache;
+ return 0;
+}
+
+#if 0 /* not implemented */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_initivector(krb5_context context,
+ krb5_auth_context auth_context)
+{
+ krb5_abortx(context, "unimplemented krb5_auth_con_initivector called");
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setivector(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_pointer ivector)
+{
+ krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
+}
+
+#endif /* not implemented */
Added: vendor-crypto/heimdal/dist/lib/krb5/build_ap_req.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/build_ap_req.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/build_ap_req.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: build_ap_req.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_ap_req (krb5_context context,
+ krb5_enctype enctype,
+ krb5_creds *cred,
+ krb5_flags ap_options,
+ krb5_data authenticator,
+ krb5_data *retdata)
+{
+ krb5_error_code ret = 0;
+ AP_REQ ap;
+ Ticket t;
+ size_t len;
+
+ ap.pvno = 5;
+ ap.msg_type = krb_ap_req;
+ memset(&ap.ap_options, 0, sizeof(ap.ap_options));
+ ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0;
+ ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0;
+
+ ap.ticket.tkt_vno = 5;
+ copy_Realm(&cred->server->realm, &ap.ticket.realm);
+ copy_PrincipalName(&cred->server->name, &ap.ticket.sname);
+
+ decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
+ copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part);
+ free_Ticket(&t);
+
+ ap.authenticator.etype = enctype;
+ ap.authenticator.kvno = NULL;
+ ap.authenticator.cipher = authenticator;
+
+ ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
+ &ap, &len, ret);
+ if(ret == 0 && retdata->length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ free_AP_REQ(&ap);
+ return ret;
+
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/build_auth.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/build_auth.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/build_auth.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: build_auth.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static krb5_error_code
+make_etypelist(krb5_context context,
+ krb5_authdata **auth_data)
+{
+ EtypeList etypes;
+ krb5_error_code ret;
+ krb5_authdata ad;
+ u_char *buf;
+ size_t len;
+ size_t buf_size;
+
+ ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(EtypeList, buf, buf_size, &etypes, &len, ret);
+ if (ret) {
+ free_EtypeList(&etypes);
+ return ret;
+ }
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ free_EtypeList(&etypes);
+
+ ALLOC_SEQ(&ad, 1);
+ if (ad.val == NULL) {
+ free(buf);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ad.val[0].ad_type = KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION;
+ ad.val[0].ad_data.length = len;
+ ad.val[0].ad_data.data = buf;
+
+ ASN1_MALLOC_ENCODE(AD_IF_RELEVANT, buf, buf_size, &ad, &len, ret);
+ if (ret) {
+ free_AuthorizationData(&ad);
+ return ret;
+ }
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ free_AuthorizationData(&ad);
+
+ ALLOC(*auth_data, 1);
+ if (*auth_data == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ALLOC_SEQ(*auth_data, 1);
+ if ((*auth_data)->val == NULL) {
+ free(buf);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ (*auth_data)->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+ (*auth_data)->val[0].ad_data.length = len;
+ (*auth_data)->val[0].ad_data.data = buf;
+
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_authenticator (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_enctype enctype,
+ krb5_creds *cred,
+ Checksum *cksum,
+ Authenticator **auth_result,
+ krb5_data *result,
+ krb5_key_usage usage)
+{
+ Authenticator *auth;
+ u_char *buf = NULL;
+ size_t buf_size;
+ size_t len;
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ auth = calloc(1, sizeof(*auth));
+ if (auth == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ auth->authenticator_vno = 5;
+ copy_Realm(&cred->client->realm, &auth->crealm);
+ copy_PrincipalName(&cred->client->name, &auth->cname);
+
+ krb5_us_timeofday (context, &auth->ctime, &auth->cusec);
+
+ ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey);
+ if(ret)
+ goto fail;
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ if(auth_context->local_seqnumber == 0)
+ krb5_generate_seq_number (context,
+ &cred->session,
+ &auth_context->local_seqnumber);
+ ALLOC(auth->seq_number, 1);
+ if(auth->seq_number == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ *auth->seq_number = auth_context->local_seqnumber;
+ } else
+ auth->seq_number = NULL;
+ auth->authorization_data = NULL;
+ auth->cksum = cksum;
+
+ if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) {
+ /*
+ * This is not GSS-API specific, we only enable it for
+ * GSS for now
+ */
+ ret = make_etypelist(context, &auth->authorization_data);
+ if (ret)
+ goto fail;
+ }
+
+ /* XXX - Copy more to auth_context? */
+
+ auth_context->authenticator->ctime = auth->ctime;
+ auth_context->authenticator->cusec = auth->cusec;
+
+ ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
+ if (ret)
+ goto fail;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
+ if (ret)
+ goto fail;
+ ret = krb5_encrypt (context,
+ crypto,
+ usage /* KRB5_KU_AP_REQ_AUTH */,
+ buf + buf_size - len,
+ len,
+ result);
+ krb5_crypto_destroy(context, crypto);
+
+ if (ret)
+ goto fail;
+
+ free (buf);
+
+ if (auth_result)
+ *auth_result = auth;
+ else {
+ /* Don't free the `cksum', it's allocated by the caller */
+ auth->cksum = NULL;
+ free_Authenticator (auth);
+ free (auth);
+ }
+ return ret;
+ fail:
+ free_Authenticator (auth);
+ free (auth);
+ free (buf);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/cache.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/cache.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/cache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1073 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: cache.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * Add a new ccache type with operations `ops', overwriting any
+ * existing one if `override'.
+ *
+ * @param context a Keberos context
+ * @param ops type of plugin symbol
+ * @param override flag to select if the registration is to overide
+ * an existing ops with the same name.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_register(krb5_context context,
+ const krb5_cc_ops *ops,
+ krb5_boolean override)
+{
+ int i;
+
+ for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
+ if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
+ if(!override) {
+ krb5_set_error_string(context,
+ "ccache type %s already exists",
+ ops->prefix);
+ return KRB5_CC_TYPE_EXISTS;
+ }
+ break;
+ }
+ }
+ if(i == context->num_cc_ops) {
+ krb5_cc_ops *o = realloc(context->cc_ops,
+ (context->num_cc_ops + 1) *
+ sizeof(*context->cc_ops));
+ if(o == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ context->num_cc_ops++;
+ context->cc_ops = o;
+ memset(context->cc_ops + i, 0,
+ (context->num_cc_ops - i) * sizeof(*context->cc_ops));
+ }
+ memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
+ return 0;
+}
+
+/*
+ * Allocate the memory for a `id' and the that function table to
+ * `ops'. Returns 0 or and error code.
+ */
+
+krb5_error_code
+_krb5_cc_allocate(krb5_context context,
+ const krb5_cc_ops *ops,
+ krb5_ccache *id)
+{
+ krb5_ccache p;
+
+ p = malloc (sizeof(*p));
+ if(p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ p->ops = ops;
+ *id = p;
+
+ return 0;
+}
+
+/*
+ * Allocate memory for a new ccache in `id' with operations `ops'
+ * and name `residual'. Return 0 or an error code.
+ */
+
+static krb5_error_code
+allocate_ccache (krb5_context context,
+ const krb5_cc_ops *ops,
+ const char *residual,
+ krb5_ccache *id)
+{
+ krb5_error_code ret;
+
+ ret = _krb5_cc_allocate(context, ops, id);
+ if (ret)
+ return ret;
+ ret = (*id)->ops->resolve(context, id, residual);
+ if(ret)
+ free(*id);
+ return ret;
+}
+
+/**
+ * Find and allocate a ccache in `id' from the specification in `residual'.
+ * If the ccache name doesn't contain any colon, interpret it as a file name.
+ *
+ * @param context a Keberos context.
+ * @param name string name of a credential cache.
+ * @param id return pointer to a found credential cache.
+ *
+ * @return Return 0 or an error code. In case of an error, id is set
+ * to NULL.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_resolve(krb5_context context,
+ const char *name,
+ krb5_ccache *id)
+{
+ int i;
+
+ *id = NULL;
+
+ for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
+ size_t prefix_len = strlen(context->cc_ops[i].prefix);
+
+ if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
+ && name[prefix_len] == ':') {
+ return allocate_ccache (context, &context->cc_ops[i],
+ name + prefix_len + 1,
+ id);
+ }
+ }
+ if (strchr (name, ':') == NULL)
+ return allocate_ccache (context, &krb5_fcc_ops, name, id);
+ else {
+ krb5_set_error_string(context, "unknown ccache type %s", name);
+ return KRB5_CC_UNKNOWN_TYPE;
+ }
+}
+
+/**
+ * Generate a new ccache of type `ops' in `id'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_gen_new(krb5_context context,
+ const krb5_cc_ops *ops,
+ krb5_ccache *id)
+{
+ return krb5_cc_new_unique(context, ops->prefix, NULL, id);
+}
+
+/**
+ * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
+ * the library chooses the default credential cache type. The supplied
+ * `hint' (that can be NULL) is a string that the credential cache
+ * type can use to base the name of the credential on, this is to make
+ * it easier for the user to differentiate the credentials.
+ *
+ * @return Returns 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_new_unique(krb5_context context, const char *type,
+ const char *hint, krb5_ccache *id)
+{
+ const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
+ krb5_error_code ret;
+
+ if (type) {
+ ops = krb5_cc_get_prefix_ops(context, type);
+ if (ops == NULL) {
+ krb5_set_error_string(context,
+ "Credential cache type %s is unknown", type);
+ return KRB5_CC_UNKNOWN_TYPE;
+ }
+ }
+
+ ret = _krb5_cc_allocate(context, ops, id);
+ if (ret)
+ return ret;
+ return (*id)->ops->gen_new(context, id);
+}
+
+/**
+ * Return the name of the ccache `id'
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+const char* KRB5_LIB_FUNCTION
+krb5_cc_get_name(krb5_context context,
+ krb5_ccache id)
+{
+ return id->ops->get_name(context, id);
+}
+
+/**
+ * Return the type of the ccache `id'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+const char* KRB5_LIB_FUNCTION
+krb5_cc_get_type(krb5_context context,
+ krb5_ccache id)
+{
+ return id->ops->prefix;
+}
+
+/**
+ * Return the complete resolvable name the ccache `id' in `str\xB4.
+ * `str` should be freed with free(3).
+ * Returns 0 or an error (and then *str is set to NULL).
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_full_name(krb5_context context,
+ krb5_ccache id,
+ char **str)
+{
+ const char *type, *name;
+
+ *str = NULL;
+
+ type = krb5_cc_get_type(context, id);
+ if (type == NULL) {
+ krb5_set_error_string(context, "cache have no name of type");
+ return KRB5_CC_UNKNOWN_TYPE;
+ }
+
+ name = krb5_cc_get_name(context, id);
+ if (name == NULL) {
+ krb5_set_error_string(context, "cache of type %s have no name", type);
+ return KRB5_CC_BADNAME;
+ }
+
+ if (asprintf(str, "%s:%s", type, name) == -1) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ *str = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+/**
+ * Return krb5_cc_ops of a the ccache `id'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+const krb5_cc_ops *
+krb5_cc_get_ops(krb5_context context, krb5_ccache id)
+{
+ return id->ops;
+}
+
+/*
+ * Expand variables in `str' into `res'
+ */
+
+krb5_error_code
+_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
+{
+ size_t tlen, len = 0;
+ char *tmp, *tmp2, *append;
+
+ *res = NULL;
+
+ while (str && *str) {
+ tmp = strstr(str, "%{");
+ if (tmp && tmp != str) {
+ append = malloc((tmp - str) + 1);
+ if (append) {
+ memcpy(append, str, tmp - str);
+ append[tmp - str] = '\0';
+ }
+ str = tmp;
+ } else if (tmp) {
+ tmp2 = strchr(tmp, '}');
+ if (tmp2 == NULL) {
+ free(*res);
+ *res = NULL;
+ krb5_set_error_string(context, "variable missing }");
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ if (strncasecmp(tmp, "%{uid}", 6) == 0)
+ asprintf(&append, "%u", (unsigned)getuid());
+ else if (strncasecmp(tmp, "%{null}", 7) == 0)
+ append = strdup("");
+ else {
+ free(*res);
+ *res = NULL;
+ krb5_set_error_string(context,
+ "expand default cache unknown "
+ "variable \"%.*s\"",
+ (int)(tmp2 - tmp) - 2, tmp + 2);
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ str = tmp2 + 1;
+ } else {
+ append = strdup(str);
+ str = NULL;
+ }
+ if (append == NULL) {
+ free(*res);
+ *res = NULL;
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ tlen = strlen(append);
+ tmp = realloc(*res, len + tlen + 1);
+ if (tmp == NULL) {
+ free(append);
+ free(*res);
+ *res = NULL;
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+ *res = tmp;
+ memcpy(*res + len, append, tlen + 1);
+ len = len + tlen;
+ free(append);
+ }
+ return 0;
+}
+
+/*
+ * Return non-zero if envirnoment that will determine default krb5cc
+ * name has changed.
+ */
+
+static int
+environment_changed(krb5_context context)
+{
+ const char *e;
+
+ /* if the cc name was set, don't change it */
+ if (context->default_cc_name_set)
+ return 0;
+
+ if(issuid())
+ return 0;
+
+ e = getenv("KRB5CCNAME");
+ if (e == NULL) {
+ if (context->default_cc_name_env) {
+ free(context->default_cc_name_env);
+ context->default_cc_name_env = NULL;
+ return 1;
+ }
+ } else {
+ if (context->default_cc_name_env == NULL)
+ return 1;
+ if (strcmp(e, context->default_cc_name_env) != 0)
+ return 1;
+ }
+ return 0;
+}
+
+/**
+ * Set the default cc name for `context' to `name'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_set_default_name(krb5_context context, const char *name)
+{
+ krb5_error_code ret = 0;
+ char *p;
+
+ if (name == NULL) {
+ const char *e = NULL;
+
+ if(!issuid()) {
+ e = getenv("KRB5CCNAME");
+ if (e) {
+ p = strdup(e);
+ if (context->default_cc_name_env)
+ free(context->default_cc_name_env);
+ context->default_cc_name_env = strdup(e);
+ }
+ }
+ if (e == NULL) {
+ e = krb5_config_get_string(context, NULL, "libdefaults",
+ "default_cc_name", NULL);
+ if (e) {
+ ret = _krb5_expand_default_cc_name(context, e, &p);
+ if (ret)
+ return ret;
+ }
+ if (e == NULL) {
+ const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
+ ret = (*ops->default_name)(context, &p);
+ if (ret)
+ return ret;
+ }
+ }
+ context->default_cc_name_set = 0;
+ } else {
+ p = strdup(name);
+ context->default_cc_name_set = 1;
+ }
+
+ if (p == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ if (context->default_cc_name)
+ free(context->default_cc_name);
+
+ context->default_cc_name = p;
+
+ return ret;
+}
+
+/**
+ * Return a pointer to a context static string containing the default
+ * ccache name.
+ *
+ * @return String to the default credential cache name.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+const char* KRB5_LIB_FUNCTION
+krb5_cc_default_name(krb5_context context)
+{
+ if (context->default_cc_name == NULL || environment_changed(context))
+ krb5_cc_set_default_name(context, NULL);
+
+ return context->default_cc_name;
+}
+
+/**
+ * Open the default ccache in `id'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_default(krb5_context context,
+ krb5_ccache *id)
+{
+ const char *p = krb5_cc_default_name(context);
+
+ if (p == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+ return krb5_cc_resolve(context, p, id);
+}
+
+/**
+ * Create a new ccache in `id' for `primary_principal'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ return (*id->ops->init)(context, id, primary_principal);
+}
+
+
+/**
+ * Remove the ccache `id'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_error_code ret;
+
+ ret = (*id->ops->destroy)(context, id);
+ krb5_cc_close (context, id);
+ return ret;
+}
+
+/**
+ * Stop using the ccache `id' and free the related resources.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_close(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_error_code ret;
+ ret = (*id->ops->close)(context, id);
+ free(id);
+ return ret;
+}
+
+/**
+ * Store `creds' in the ccache `id'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ return (*id->ops->store)(context, id, creds);
+}
+
+/**
+ * Retrieve the credential identified by `mcreds' (and `whichfields')
+ * from `id' in `creds'. 'creds' must be free by the caller using
+ * krb5_free_cred_contents.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_retrieve_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags whichfields,
+ const krb5_creds *mcreds,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ krb5_cc_cursor cursor;
+
+ if (id->ops->retrieve != NULL) {
+ return (*id->ops->retrieve)(context, id, whichfields,
+ mcreds, creds);
+ }
+
+ ret = krb5_cc_start_seq_get(context, id, &cursor);
+ if (ret)
+ return ret;
+ while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
+ if(krb5_compare_creds(context, whichfields, mcreds, creds)){
+ ret = 0;
+ break;
+ }
+ krb5_free_cred_contents (context, creds);
+ }
+ krb5_cc_end_seq_get(context, id, &cursor);
+ return ret;
+}
+
+/**
+ * Return the principal of `id' in `principal'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ return (*id->ops->get_princ)(context, id, principal);
+}
+
+/**
+ * Start iterating over `id', `cursor' is initialized to the
+ * beginning.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_start_seq_get (krb5_context context,
+ const krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ return (*id->ops->get_first)(context, id, cursor);
+}
+
+/**
+ * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
+ * and advance `cursor'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_next_cred (krb5_context context,
+ const krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ return (*id->ops->get_next)(context, id, cursor, creds);
+}
+
+/**
+ * Like krb5_cc_next_cred, but allow for selective retrieval
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_next_cred_match(krb5_context context,
+ const krb5_ccache id,
+ krb5_cc_cursor * cursor,
+ krb5_creds * creds,
+ krb5_flags whichfields,
+ const krb5_creds * mcreds)
+{
+ krb5_error_code ret;
+ while (1) {
+ ret = krb5_cc_next_cred(context, id, cursor, creds);
+ if (ret)
+ return ret;
+ if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
+ return 0;
+ krb5_free_cred_contents(context, creds);
+ }
+}
+
+/**
+ * Destroy the cursor `cursor'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_end_seq_get (krb5_context context,
+ const krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ return (*id->ops->end_get)(context, id, cursor);
+}
+
+/**
+ * Remove the credential identified by `cred', `which' from `id'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *cred)
+{
+ if(id->ops->remove_cred == NULL) {
+ krb5_set_error_string(context,
+ "ccache %s does not support remove_cred",
+ id->ops->prefix);
+ return EACCES; /* XXX */
+ }
+ return (*id->ops->remove_cred)(context, id, which, cred);
+}
+
+/**
+ * Set the flags of `id' to `flags'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ return (*id->ops->set_flags)(context, id, flags);
+}
+
+/**
+ * Copy the contents of `from' to `to'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_copy_cache_match(krb5_context context,
+ const krb5_ccache from,
+ krb5_ccache to,
+ krb5_flags whichfields,
+ const krb5_creds * mcreds,
+ unsigned int *matched)
+{
+ krb5_error_code ret;
+ krb5_cc_cursor cursor;
+ krb5_creds cred;
+ krb5_principal princ;
+
+ ret = krb5_cc_get_principal(context, from, &princ);
+ if (ret)
+ return ret;
+ ret = krb5_cc_initialize(context, to, princ);
+ if (ret) {
+ krb5_free_principal(context, princ);
+ return ret;
+ }
+ ret = krb5_cc_start_seq_get(context, from, &cursor);
+ if (ret) {
+ krb5_free_principal(context, princ);
+ return ret;
+ }
+ if (matched)
+ *matched = 0;
+ while (ret == 0 &&
+ krb5_cc_next_cred_match(context, from, &cursor, &cred,
+ whichfields, mcreds) == 0) {
+ if (matched)
+ (*matched)++;
+ ret = krb5_cc_store_cred(context, to, &cred);
+ krb5_free_cred_contents(context, &cred);
+ }
+ krb5_cc_end_seq_get(context, from, &cursor);
+ krb5_free_principal(context, princ);
+ return ret;
+}
+
+/**
+ * Just like krb5_cc_copy_cache_match, but copy everything.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_copy_cache(krb5_context context,
+ const krb5_ccache from,
+ krb5_ccache to)
+{
+ return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
+}
+
+/**
+ * Return the version of `id'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_version(krb5_context context,
+ const krb5_ccache id)
+{
+ if(id->ops->get_version)
+ return (*id->ops->get_version)(context, id);
+ else
+ return 0;
+}
+
+/**
+ * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+void KRB5_LIB_FUNCTION
+krb5_cc_clear_mcred(krb5_creds *mcred)
+{
+ memset(mcred, 0, sizeof(*mcred));
+}
+
+/**
+ * Get the cc ops that is registered in `context' to handle the
+ * `prefix'. `prefix' can be a complete credential cache name or a
+ * prefix, the function will only use part up to the first colon (:)
+ * if there is one.
+ * Returns NULL if ops not found.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+const krb5_cc_ops *
+krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
+{
+ char *p, *p1;
+ int i;
+
+ if (prefix[0] == '/')
+ return &krb5_fcc_ops;
+
+ p = strdup(prefix);
+ if (p == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return NULL;
+ }
+ p1 = strchr(p, ':');
+ if (p1)
+ *p1 = '\0';
+
+ for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
+ if(strcmp(context->cc_ops[i].prefix, p) == 0) {
+ free(p);
+ return &context->cc_ops[i];
+ }
+ }
+ free(p);
+ return NULL;
+}
+
+struct krb5_cc_cache_cursor_data {
+ const krb5_cc_ops *ops;
+ krb5_cc_cursor cursor;
+};
+
+/**
+ * Start iterating over all caches of `type'. If `type' is NULL, the
+ * default type is * used. `cursor' is initialized to the beginning.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_get_first (krb5_context context,
+ const char *type,
+ krb5_cc_cache_cursor *cursor)
+{
+ const krb5_cc_ops *ops;
+ krb5_error_code ret;
+
+ if (type == NULL)
+ type = krb5_cc_default_name(context);
+
+ ops = krb5_cc_get_prefix_ops(context, type);
+ if (ops == NULL) {
+ krb5_set_error_string(context, "Unknown type \"%s\" when iterating "
+ "trying to iterate the credential caches", type);
+ return KRB5_CC_UNKNOWN_TYPE;
+ }
+
+ if (ops->get_cache_first == NULL) {
+ krb5_set_error_string(context, "Credential cache type %s doesn't support "
+ "iterations over caches", ops->prefix);
+ return KRB5_CC_NOSUPP;
+ }
+
+ *cursor = calloc(1, sizeof(**cursor));
+ if (*cursor == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ (*cursor)->ops = ops;
+
+ ret = ops->get_cache_first(context, &(*cursor)->cursor);
+ if (ret) {
+ free(*cursor);
+ *cursor = NULL;
+ }
+ return ret;
+}
+
+/**
+ * Retrieve the next cache pointed to by (`cursor') in `id'
+ * and advance `cursor'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_next (krb5_context context,
+ krb5_cc_cache_cursor cursor,
+ krb5_ccache *id)
+{
+ return cursor->ops->get_cache_next(context, cursor->cursor, id);
+}
+
+/**
+ * Destroy the cursor `cursor'.
+ *
+ * @return Return 0 or an error code.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_end_seq_get (krb5_context context,
+ krb5_cc_cache_cursor cursor)
+{
+ krb5_error_code ret;
+ ret = cursor->ops->end_cache_get(context, cursor->cursor);
+ cursor->ops = NULL;
+ free(cursor);
+ return ret;
+}
+
+/**
+ * Search for a matching credential cache of type `type' that have the
+ * `principal' as the default principal. If NULL is used for `type',
+ * the default type is used. On success, `id' needs to be freed with
+ * krb5_cc_close or krb5_cc_destroy.
+ *
+ * @return On failure, error code is returned and `id' is set to NULL.
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_match (krb5_context context,
+ krb5_principal client,
+ const char *type,
+ krb5_ccache *id)
+{
+ krb5_cc_cache_cursor cursor;
+ krb5_error_code ret;
+ krb5_ccache cache = NULL;
+
+ *id = NULL;
+
+ ret = krb5_cc_cache_get_first (context, type, &cursor);
+ if (ret)
+ return ret;
+
+ while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
+ krb5_principal principal;
+
+ ret = krb5_cc_get_principal(context, cache, &principal);
+ if (ret == 0) {
+ krb5_boolean match;
+
+ match = krb5_principal_compare(context, principal, client);
+ krb5_free_principal(context, principal);
+ if (match)
+ break;
+ }
+
+ krb5_cc_close(context, cache);
+ cache = NULL;
+ }
+
+ krb5_cc_cache_end_seq_get(context, cursor);
+
+ if (cache == NULL) {
+ char *str;
+
+ krb5_unparse_name(context, client, &str);
+
+ krb5_set_error_string(context, "Principal %s not found in a "
+ "credential cache", str ? str : "<out of memory>");
+ if (str)
+ free(str);
+ return KRB5_CC_NOTFOUND;
+ }
+ *id = cache;
+
+ return 0;
+}
+
+/**
+ * Move the content from one credential cache to another. The
+ * operation is an atomic switch.
+ *
+ * @param context a Keberos context
+ * @param from the credential cache to move the content from
+ * @param to the credential cache to move the content to
+
+ * @return On sucess, from is freed. On failure, error code is
+ * returned and from and to are both still allocated.
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
+{
+ krb5_error_code ret;
+
+ if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
+ krb5_set_error_string(context, "Moving credentials between diffrent "
+ "types not yet supported");
+ return KRB5_CC_NOSUPP;
+ }
+
+ ret = (*to->ops->move)(context, from, to);
+ if (ret == 0) {
+ memset(from, 0, sizeof(*from));
+ free(from);
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/changepw.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/changepw.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/changepw.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,823 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: changepw.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static void
+str2data (krb5_data *d,
+ const char *fmt,
+ ...) __attribute__ ((format (printf, 2, 3)));
+
+static void
+str2data (krb5_data *d,
+ const char *fmt,
+ ...)
+{
+ va_list args;
+ char *str;
+
+ va_start(args, fmt);
+ d->length = vasprintf (&str, fmt, args);
+ va_end(args);
+ d->data = str;
+}
+
+/*
+ * Change password protocol defined by
+ * draft-ietf-cat-kerb-chg-password-02.txt
+ *
+ * Share the response part of the protocol with MS set password
+ * (RFC3244)
+ */
+
+static krb5_error_code
+chgpw_send_request (krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_creds *creds,
+ krb5_principal targprinc,
+ int is_stream,
+ int sock,
+ const char *passwd,
+ const char *host)
+{
+ krb5_error_code ret;
+ krb5_data ap_req_data;
+ krb5_data krb_priv_data;
+ krb5_data passwd_data;
+ size_t len;
+ u_char header[6];
+ u_char *p;
+ struct iovec iov[3];
+ struct msghdr msghdr;
+
+ if (is_stream)
+ return KRB5_KPASSWD_MALFORMED;
+
+ if (targprinc &&
+ krb5_principal_compare(context, creds->client, targprinc) != TRUE)
+ return KRB5_KPASSWD_MALFORMED;
+
+ krb5_data_zero (&ap_req_data);
+
+ ret = krb5_mk_req_extended (context,
+ auth_context,
+ AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
+ NULL, /* in_data */
+ creds,
+ &ap_req_data);
+ if (ret)
+ return ret;
+
+ passwd_data.data = rk_UNCONST(passwd);
+ passwd_data.length = strlen(passwd);
+
+ krb5_data_zero (&krb_priv_data);
+
+ ret = krb5_mk_priv (context,
+ *auth_context,
+ &passwd_data,
+ &krb_priv_data,
+ NULL);
+ if (ret)
+ goto out2;
+
+ len = 6 + ap_req_data.length + krb_priv_data.length;
+ p = header;
+ *p++ = (len >> 8) & 0xFF;
+ *p++ = (len >> 0) & 0xFF;
+ *p++ = 0;
+ *p++ = 1;
+ *p++ = (ap_req_data.length >> 8) & 0xFF;
+ *p++ = (ap_req_data.length >> 0) & 0xFF;
+
+ memset(&msghdr, 0, sizeof(msghdr));
+ msghdr.msg_name = NULL;
+ msghdr.msg_namelen = 0;
+ msghdr.msg_iov = iov;
+ msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
+#if 0
+ msghdr.msg_control = NULL;
+ msghdr.msg_controllen = 0;
+#endif
+
+ iov[0].iov_base = (void*)header;
+ iov[0].iov_len = 6;
+ iov[1].iov_base = ap_req_data.data;
+ iov[1].iov_len = ap_req_data.length;
+ iov[2].iov_base = krb_priv_data.data;
+ iov[2].iov_len = krb_priv_data.length;
+
+ if (sendmsg (sock, &msghdr, 0) < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
+ }
+
+ krb5_data_free (&krb_priv_data);
+out2:
+ krb5_data_free (&ap_req_data);
+ return ret;
+}
+
+/*
+ * Set password protocol as defined by RFC3244 --
+ * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols
+ */
+
+static krb5_error_code
+setpw_send_request (krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_creds *creds,
+ krb5_principal targprinc,
+ int is_stream,
+ int sock,
+ const char *passwd,
+ const char *host)
+{
+ krb5_error_code ret;
+ krb5_data ap_req_data;
+ krb5_data krb_priv_data;
+ krb5_data pwd_data;
+ ChangePasswdDataMS chpw;
+ size_t len;
+ u_char header[4 + 6];
+ u_char *p;
+ struct iovec iov[3];
+ struct msghdr msghdr;
+
+ krb5_data_zero (&ap_req_data);
+
+ ret = krb5_mk_req_extended (context,
+ auth_context,
+ AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
+ NULL, /* in_data */
+ creds,
+ &ap_req_data);
+ if (ret)
+ return ret;
+
+ chpw.newpasswd.length = strlen(passwd);
+ chpw.newpasswd.data = rk_UNCONST(passwd);
+ if (targprinc) {
+ chpw.targname = &targprinc->name;
+ chpw.targrealm = &targprinc->realm;
+ } else {
+ chpw.targname = NULL;
+ chpw.targrealm = NULL;
+ }
+
+ ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length,
+ &chpw, &len, ret);
+ if (ret) {
+ krb5_data_free (&ap_req_data);
+ return ret;
+ }
+
+ if(pwd_data.length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_mk_priv (context,
+ *auth_context,
+ &pwd_data,
+ &krb_priv_data,
+ NULL);
+ if (ret)
+ goto out2;
+
+ len = 6 + ap_req_data.length + krb_priv_data.length;
+ p = header;
+ if (is_stream) {
+ _krb5_put_int(p, len, 4);
+ p += 4;
+ }
+ *p++ = (len >> 8) & 0xFF;
+ *p++ = (len >> 0) & 0xFF;
+ *p++ = 0xff;
+ *p++ = 0x80;
+ *p++ = (ap_req_data.length >> 8) & 0xFF;
+ *p++ = (ap_req_data.length >> 0) & 0xFF;
+
+ memset(&msghdr, 0, sizeof(msghdr));
+ msghdr.msg_name = NULL;
+ msghdr.msg_namelen = 0;
+ msghdr.msg_iov = iov;
+ msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov);
+#if 0
+ msghdr.msg_control = NULL;
+ msghdr.msg_controllen = 0;
+#endif
+
+ iov[0].iov_base = (void*)header;
+ if (is_stream)
+ iov[0].iov_len = 10;
+ else
+ iov[0].iov_len = 6;
+ iov[1].iov_base = ap_req_data.data;
+ iov[1].iov_len = ap_req_data.length;
+ iov[2].iov_base = krb_priv_data.data;
+ iov[2].iov_len = krb_priv_data.length;
+
+ if (sendmsg (sock, &msghdr, 0) < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret));
+ }
+
+ krb5_data_free (&krb_priv_data);
+out2:
+ krb5_data_free (&ap_req_data);
+ krb5_data_free (&pwd_data);
+ return ret;
+}
+
+static krb5_error_code
+process_reply (krb5_context context,
+ krb5_auth_context auth_context,
+ int is_stream,
+ int sock,
+ int *result_code,
+ krb5_data *result_code_string,
+ krb5_data *result_string,
+ const char *host)
+{
+ krb5_error_code ret;
+ u_char reply[1024 * 3];
+ ssize_t len;
+ uint16_t pkt_len, pkt_ver;
+ krb5_data ap_rep_data;
+ int save_errno;
+
+ len = 0;
+ if (is_stream) {
+ while (len < sizeof(reply)) {
+ unsigned long size;
+
+ ret = recvfrom (sock, reply + len, sizeof(reply) - len,
+ 0, NULL, NULL);
+ if (ret < 0) {
+ save_errno = errno;
+ krb5_set_error_string(context, "recvfrom %s: %s",
+ host, strerror(save_errno));
+ return save_errno;
+ } else if (ret == 0) {
+ krb5_set_error_string(context, "recvfrom timeout %s", host);
+ return 1;
+ }
+ len += ret;
+ if (len < 4)
+ continue;
+ _krb5_get_int(reply, &size, 4);
+ if (size + 4 < len)
+ continue;
+ memmove(reply, reply + 4, size);
+ len = size;
+ break;
+ }
+ if (len == sizeof(reply)) {
+ krb5_set_error_string(context, "message too large from %s",
+ host);
+ return ENOMEM;
+ }
+ } else {
+ ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
+ if (ret < 0) {
+ save_errno = errno;
+ krb5_set_error_string(context, "recvfrom %s: %s",
+ host, strerror(save_errno));
+ return save_errno;
+ }
+ len = ret;
+ }
+
+ if (len < 6) {
+ str2data (result_string, "server %s sent to too short message "
+ "(%ld bytes)", host, (long)len);
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ return 0;
+ }
+
+ pkt_len = (reply[0] << 8) | (reply[1]);
+ pkt_ver = (reply[2] << 8) | (reply[3]);
+
+ if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) {
+ KRB_ERROR error;
+ size_t size;
+ u_char *p;
+
+ memset(&error, 0, sizeof(error));
+
+ ret = decode_KRB_ERROR(reply, len, &error, &size);
+ if (ret)
+ return ret;
+
+ if (error.e_data->length < 2) {
+ str2data(result_string, "server %s sent too short "
+ "e_data to print anything usable", host);
+ free_KRB_ERROR(&error);
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ return 0;
+ }
+
+ p = error.e_data->data;
+ *result_code = (p[0] << 8) | p[1];
+ if (error.e_data->length == 2)
+ str2data(result_string, "server only sent error code");
+ else
+ krb5_data_copy (result_string,
+ p + 2,
+ error.e_data->length - 2);
+ free_KRB_ERROR(&error);
+ return 0;
+ }
+
+ if (pkt_len != len) {
+ str2data (result_string, "client: wrong len in reply");
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ return 0;
+ }
+ if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) {
+ str2data (result_string,
+ "client: wrong version number (%d)", pkt_ver);
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ return 0;
+ }
+
+ ap_rep_data.data = reply + 6;
+ ap_rep_data.length = (reply[4] << 8) | (reply[5]);
+
+ if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) {
+ str2data (result_string, "client: wrong AP len in reply");
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ return 0;
+ }
+
+ if (ap_rep_data.length) {
+ krb5_ap_rep_enc_part *ap_rep;
+ krb5_data priv_data;
+ u_char *p;
+
+ priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
+ priv_data.length = len - ap_rep_data.length - 6;
+
+ ret = krb5_rd_rep (context,
+ auth_context,
+ &ap_rep_data,
+ &ap_rep);
+ if (ret)
+ return ret;
+
+ krb5_free_ap_rep_enc_part (context, ap_rep);
+
+ ret = krb5_rd_priv (context,
+ auth_context,
+ &priv_data,
+ result_code_string,
+ NULL);
+ if (ret) {
+ krb5_data_free (result_code_string);
+ return ret;
+ }
+
+ if (result_code_string->length < 2) {
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ str2data (result_string,
+ "client: bad length in result");
+ return 0;
+ }
+
+ p = result_code_string->data;
+
+ *result_code = (p[0] << 8) | p[1];
+ krb5_data_copy (result_string,
+ (unsigned char*)result_code_string->data + 2,
+ result_code_string->length - 2);
+ return 0;
+ } else {
+ KRB_ERROR error;
+ size_t size;
+ u_char *p;
+
+ ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size);
+ if (ret) {
+ return ret;
+ }
+ if (error.e_data->length < 2) {
+ krb5_warnx (context, "too short e_data to print anything usable");
+ return 1; /* XXX */
+ }
+
+ p = error.e_data->data;
+ *result_code = (p[0] << 8) | p[1];
+ krb5_data_copy (result_string,
+ p + 2,
+ error.e_data->length - 2);
+ return 0;
+ }
+}
+
+
+/*
+ * change the password using the credentials in `creds' (for the
+ * principal indicated in them) to `newpw', storing the result of
+ * the operation in `result_*' and an error code or 0.
+ */
+
+typedef krb5_error_code (*kpwd_send_request) (krb5_context,
+ krb5_auth_context *,
+ krb5_creds *,
+ krb5_principal,
+ int,
+ int,
+ const char *,
+ const char *);
+typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
+ krb5_auth_context,
+ int,
+ int,
+ int *,
+ krb5_data *,
+ krb5_data *,
+ const char *);
+
+static struct kpwd_proc {
+ const char *name;
+ int flags;
+#define SUPPORT_TCP 1
+#define SUPPORT_UDP 2
+ kpwd_send_request send_req;
+ kpwd_process_reply process_rep;
+} procs[] = {
+ {
+ "MS set password",
+ SUPPORT_TCP|SUPPORT_UDP,
+ setpw_send_request,
+ process_reply
+ },
+ {
+ "change password",
+ SUPPORT_UDP,
+ chgpw_send_request,
+ process_reply
+ },
+ { NULL }
+};
+
+static struct kpwd_proc *
+find_chpw_proto(const char *name)
+{
+ struct kpwd_proc *p;
+ for (p = procs; p->name != NULL; p++) {
+ if (strcmp(p->name, name) == 0)
+ return p;
+ }
+ return NULL;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+change_password_loop (krb5_context context,
+ krb5_creds *creds,
+ krb5_principal targprinc,
+ const char *newpw,
+ int *result_code,
+ krb5_data *result_code_string,
+ krb5_data *result_string,
+ struct kpwd_proc *proc)
+{
+ krb5_error_code ret;
+ krb5_auth_context auth_context = NULL;
+ krb5_krbhst_handle handle = NULL;
+ krb5_krbhst_info *hi;
+ int sock;
+ int i;
+ int done = 0;
+ krb5_realm realm;
+
+ if (targprinc)
+ realm = targprinc->realm;
+ else
+ realm = creds->client->realm;
+
+ ret = krb5_auth_con_init (context, &auth_context);
+ if (ret)
+ return ret;
+
+ krb5_auth_con_setflags (context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+ ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle);
+ if (ret)
+ goto out;
+
+ while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) {
+ struct addrinfo *ai, *a;
+ int is_stream;
+
+ switch (hi->proto) {
+ case KRB5_KRBHST_UDP:
+ if ((proc->flags & SUPPORT_UDP) == 0)
+ continue;
+ is_stream = 0;
+ break;
+ case KRB5_KRBHST_TCP:
+ if ((proc->flags & SUPPORT_TCP) == 0)
+ continue;
+ is_stream = 1;
+ break;
+ default:
+ continue;
+ }
+
+ ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
+ if (ret)
+ continue;
+
+ for (a = ai; !done && a != NULL; a = a->ai_next) {
+ int replied = 0;
+
+ sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (sock < 0)
+ continue;
+
+ ret = connect(sock, a->ai_addr, a->ai_addrlen);
+ if (ret < 0) {
+ close (sock);
+ goto out;
+ }
+
+ ret = krb5_auth_con_genaddrs (context, auth_context, sock,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
+ if (ret) {
+ close (sock);
+ goto out;
+ }
+
+ for (i = 0; !done && i < 5; ++i) {
+ fd_set fdset;
+ struct timeval tv;
+
+ if (!replied) {
+ replied = 0;
+
+ ret = (*proc->send_req) (context,
+ &auth_context,
+ creds,
+ targprinc,
+ is_stream,
+ sock,
+ newpw,
+ hi->hostname);
+ if (ret) {
+ close(sock);
+ goto out;
+ }
+ }
+
+ if (sock >= FD_SETSIZE) {
+ krb5_set_error_string(context, "fd %d too large", sock);
+ ret = ERANGE;
+ close (sock);
+ goto out;
+ }
+
+ FD_ZERO(&fdset);
+ FD_SET(sock, &fdset);
+ tv.tv_usec = 0;
+ tv.tv_sec = 1 + (1 << i);
+
+ ret = select (sock + 1, &fdset, NULL, NULL, &tv);
+ if (ret < 0 && errno != EINTR) {
+ close(sock);
+ goto out;
+ }
+ if (ret == 1) {
+ ret = (*proc->process_rep) (context,
+ auth_context,
+ is_stream,
+ sock,
+ result_code,
+ result_code_string,
+ result_string,
+ hi->hostname);
+ if (ret == 0)
+ done = 1;
+ else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
+ replied = 1;
+ } else {
+ ret = KRB5_KDC_UNREACH;
+ }
+ }
+ close (sock);
+ }
+ }
+
+ out:
+ krb5_krbhst_free (context, handle);
+ krb5_auth_con_free (context, auth_context);
+ if (done)
+ return 0;
+ else {
+ if (ret == KRB5_KDC_UNREACH) {
+ krb5_set_error_string(context,
+ "unable to reach any changepw server "
+ " in realm %s", realm);
+ *result_code = KRB5_KPASSWD_HARDERROR;
+ }
+ return ret;
+ }
+}
+
+
+/*
+ * change the password using the credentials in `creds' (for the
+ * principal indicated in them) to `newpw', storing the result of
+ * the operation in `result_*' and an error code or 0.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_change_password (krb5_context context,
+ krb5_creds *creds,
+ const char *newpw,
+ int *result_code,
+ krb5_data *result_code_string,
+ krb5_data *result_string)
+{
+ struct kpwd_proc *p = find_chpw_proto("change password");
+
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ result_code_string->data = result_string->data = NULL;
+ result_code_string->length = result_string->length = 0;
+
+ if (p == NULL)
+ return KRB5_KPASSWD_MALFORMED;
+
+ return change_password_loop(context, creds, NULL, newpw,
+ result_code, result_code_string,
+ result_string, p);
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_password(krb5_context context,
+ krb5_creds *creds,
+ const char *newpw,
+ krb5_principal targprinc,
+ int *result_code,
+ krb5_data *result_code_string,
+ krb5_data *result_string)
+{
+ krb5_principal principal = NULL;
+ krb5_error_code ret = 0;
+ int i;
+
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ result_code_string->data = result_string->data = NULL;
+ result_code_string->length = result_string->length = 0;
+
+ if (targprinc == NULL) {
+ ret = krb5_get_default_principal(context, &principal);
+ if (ret)
+ return ret;
+ } else
+ principal = targprinc;
+
+ for (i = 0; procs[i].name != NULL; i++) {
+ *result_code = 0;
+ ret = change_password_loop(context, creds, principal, newpw,
+ result_code, result_code_string,
+ result_string,
+ &procs[i]);
+ if (ret == 0 && *result_code == 0)
+ break;
+ }
+
+ if (targprinc == NULL)
+ krb5_free_principal(context, principal);
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_password_using_ccache(krb5_context context,
+ krb5_ccache ccache,
+ const char *newpw,
+ krb5_principal targprinc,
+ int *result_code,
+ krb5_data *result_code_string,
+ krb5_data *result_string)
+{
+ krb5_creds creds, *credsp;
+ krb5_error_code ret;
+ krb5_principal principal = NULL;
+
+ *result_code = KRB5_KPASSWD_MALFORMED;
+ result_code_string->data = result_string->data = NULL;
+ result_code_string->length = result_string->length = 0;
+
+ memset(&creds, 0, sizeof(creds));
+
+ if (targprinc == NULL) {
+ ret = krb5_cc_get_principal(context, ccache, &principal);
+ if (ret)
+ return ret;
+ } else
+ principal = targprinc;
+
+ ret = krb5_make_principal(context, &creds.server,
+ krb5_principal_get_realm(context, principal),
+ "kadmin", "changepw", NULL);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_get_principal(context, ccache, &creds.client);
+ if (ret) {
+ krb5_free_principal(context, creds.server);
+ goto out;
+ }
+
+ ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
+ krb5_free_principal(context, creds.server);
+ krb5_free_principal(context, creds.client);
+ if (ret)
+ goto out;
+
+ ret = krb5_set_password(context,
+ credsp,
+ newpw,
+ principal,
+ result_code,
+ result_code_string,
+ result_string);
+
+ krb5_free_creds(context, credsp);
+
+ return ret;
+ out:
+ if (targprinc == NULL)
+ krb5_free_principal(context, principal);
+ return ret;
+}
+
+/*
+ *
+ */
+
+const char* KRB5_LIB_FUNCTION
+krb5_passwd_result_to_string (krb5_context context,
+ int result)
+{
+ static const char *strings[] = {
+ "Success",
+ "Malformed",
+ "Hard error",
+ "Auth error",
+ "Soft error" ,
+ "Access denied",
+ "Bad version",
+ "Initial flag needed"
+ };
+
+ if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)
+ return "unknown result code";
+ else
+ return strings[result];
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/codec.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/codec.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/codec.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,196 @@
+/*
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: codec.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncTicketPart (krb5_context context,
+ const void *data,
+ size_t length,
+ EncTicketPart *t,
+ size_t *len)
+{
+ return decode_EncTicketPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncTicketPart (krb5_context context,
+ void *data,
+ size_t length,
+ EncTicketPart *t,
+ size_t *len)
+{
+ return encode_EncTicketPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncASRepPart (krb5_context context,
+ const void *data,
+ size_t length,
+ EncASRepPart *t,
+ size_t *len)
+{
+ return decode_EncASRepPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncASRepPart (krb5_context context,
+ void *data,
+ size_t length,
+ EncASRepPart *t,
+ size_t *len)
+{
+ return encode_EncASRepPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncTGSRepPart (krb5_context context,
+ const void *data,
+ size_t length,
+ EncTGSRepPart *t,
+ size_t *len)
+{
+ return decode_EncTGSRepPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncTGSRepPart (krb5_context context,
+ void *data,
+ size_t length,
+ EncTGSRepPart *t,
+ size_t *len)
+{
+ return encode_EncTGSRepPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncAPRepPart (krb5_context context,
+ const void *data,
+ size_t length,
+ EncAPRepPart *t,
+ size_t *len)
+{
+ return decode_EncAPRepPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncAPRepPart (krb5_context context,
+ void *data,
+ size_t length,
+ EncAPRepPart *t,
+ size_t *len)
+{
+ return encode_EncAPRepPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_Authenticator (krb5_context context,
+ const void *data,
+ size_t length,
+ Authenticator *t,
+ size_t *len)
+{
+ return decode_Authenticator(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_Authenticator (krb5_context context,
+ void *data,
+ size_t length,
+ Authenticator *t,
+ size_t *len)
+{
+ return encode_Authenticator(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncKrbCredPart (krb5_context context,
+ const void *data,
+ size_t length,
+ EncKrbCredPart *t,
+ size_t *len)
+{
+ return decode_EncKrbCredPart(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncKrbCredPart (krb5_context context,
+ void *data,
+ size_t length,
+ EncKrbCredPart *t,
+ size_t *len)
+{
+ return encode_EncKrbCredPart (data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_ETYPE_INFO (krb5_context context,
+ const void *data,
+ size_t length,
+ ETYPE_INFO *t,
+ size_t *len)
+{
+ return decode_ETYPE_INFO(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_ETYPE_INFO (krb5_context context,
+ void *data,
+ size_t length,
+ ETYPE_INFO *t,
+ size_t *len)
+{
+ return encode_ETYPE_INFO (data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_ETYPE_INFO2 (krb5_context context,
+ const void *data,
+ size_t length,
+ ETYPE_INFO2 *t,
+ size_t *len)
+{
+ return decode_ETYPE_INFO2(data, length, t, len);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_ETYPE_INFO2 (krb5_context context,
+ void *data,
+ size_t length,
+ ETYPE_INFO2 *t,
+ size_t *len)
+{
+ return encode_ETYPE_INFO2 (data, length, t, len);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/config_file.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/config_file.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/config_file.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,771 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: config_file.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#ifndef HAVE_NETINFO
+
+/* Gaah! I want a portable funopen */
+struct fileptr {
+ const char *s;
+ FILE *f;
+};
+
+static char *
+config_fgets(char *str, size_t len, struct fileptr *ptr)
+{
+ /* XXX this is not correct, in that they don't do the same if the
+ line is longer than len */
+ if(ptr->f != NULL)
+ return fgets(str, len, ptr->f);
+ else {
+ /* this is almost strsep_copy */
+ const char *p;
+ ssize_t l;
+ if(*ptr->s == '\0')
+ return NULL;
+ p = ptr->s + strcspn(ptr->s, "\n");
+ if(*p == '\n')
+ p++;
+ l = min(len, p - ptr->s);
+ if(len > 0) {
+ memcpy(str, ptr->s, l);
+ str[l] = '\0';
+ }
+ ptr->s = p;
+ return str;
+ }
+}
+
+static krb5_error_code parse_section(char *p, krb5_config_section **s,
+ krb5_config_section **res,
+ const char **error_message);
+static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p,
+ krb5_config_binding **b,
+ krb5_config_binding **parent,
+ const char **error_message);
+static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno,
+ krb5_config_binding **parent,
+ const char **error_message);
+
+static krb5_config_section *
+get_entry(krb5_config_section **parent, const char *name, int type)
+{
+ krb5_config_section **q;
+
+ for(q = parent; *q != NULL; q = &(*q)->next)
+ if(type == krb5_config_list &&
+ type == (*q)->type &&
+ strcmp(name, (*q)->name) == 0)
+ return *q;
+ *q = calloc(1, sizeof(**q));
+ if(*q == NULL)
+ return NULL;
+ (*q)->name = strdup(name);
+ (*q)->type = type;
+ if((*q)->name == NULL) {
+ free(*q);
+ *q = NULL;
+ return NULL;
+ }
+ return *q;
+}
+
+/*
+ * Parse a section:
+ *
+ * [section]
+ * foo = bar
+ * b = {
+ * a
+ * }
+ * ...
+ *
+ * starting at the line in `p', storing the resulting structure in
+ * `s' and hooking it into `parent'.
+ * Store the error message in `error_message'.
+ */
+
+static krb5_error_code
+parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
+ const char **error_message)
+{
+ char *p1;
+ krb5_config_section *tmp;
+
+ p1 = strchr (p + 1, ']');
+ if (p1 == NULL) {
+ *error_message = "missing ]";
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ *p1 = '\0';
+ tmp = get_entry(parent, p + 1, krb5_config_list);
+ if(tmp == NULL) {
+ *error_message = "out of memory";
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ *s = tmp;
+ return 0;
+}
+
+/*
+ * Parse a brace-enclosed list from `f', hooking in the structure at
+ * `parent'.
+ * Store the error message in `error_message'.
+ */
+
+static krb5_error_code
+parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent,
+ const char **error_message)
+{
+ char buf[BUFSIZ];
+ krb5_error_code ret;
+ krb5_config_binding *b = NULL;
+ unsigned beg_lineno = *lineno;
+
+ while(config_fgets(buf, sizeof(buf), f) != NULL) {
+ char *p;
+
+ ++*lineno;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ p = buf;
+ while(isspace((unsigned char)*p))
+ ++p;
+ if (*p == '#' || *p == ';' || *p == '\0')
+ continue;
+ while(isspace((unsigned char)*p))
+ ++p;
+ if (*p == '}')
+ return 0;
+ if (*p == '\0')
+ continue;
+ ret = parse_binding (f, lineno, p, &b, parent, error_message);
+ if (ret)
+ return ret;
+ }
+ *lineno = beg_lineno;
+ *error_message = "unclosed {";
+ return KRB5_CONFIG_BADFORMAT;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+parse_binding(struct fileptr *f, unsigned *lineno, char *p,
+ krb5_config_binding **b, krb5_config_binding **parent,
+ const char **error_message)
+{
+ krb5_config_binding *tmp;
+ char *p1, *p2;
+ krb5_error_code ret = 0;
+
+ p1 = p;
+ while (*p && *p != '=' && !isspace((unsigned char)*p))
+ ++p;
+ if (*p == '\0') {
+ *error_message = "missing =";
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ p2 = p;
+ while (isspace((unsigned char)*p))
+ ++p;
+ if (*p != '=') {
+ *error_message = "missing =";
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ ++p;
+ while(isspace((unsigned char)*p))
+ ++p;
+ *p2 = '\0';
+ if (*p == '{') {
+ tmp = get_entry(parent, p1, krb5_config_list);
+ if (tmp == NULL) {
+ *error_message = "out of memory";
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ ret = parse_list (f, lineno, &tmp->u.list, error_message);
+ } else {
+ tmp = get_entry(parent, p1, krb5_config_string);
+ if (tmp == NULL) {
+ *error_message = "out of memory";
+ return KRB5_CONFIG_BADFORMAT;
+ }
+ p1 = p;
+ p = p1 + strlen(p1);
+ while(p > p1 && isspace((unsigned char)*(p-1)))
+ --p;
+ *p = '\0';
+ tmp->u.string = strdup(p1);
+ }
+ *b = tmp;
+ return ret;
+}
+
+/*
+ * Parse the config file `fname', generating the structures into `res'
+ * returning error messages in `error_message'
+ */
+
+static krb5_error_code
+krb5_config_parse_debug (struct fileptr *f,
+ krb5_config_section **res,
+ unsigned *lineno,
+ const char **error_message)
+{
+ krb5_config_section *s = NULL;
+ krb5_config_binding *b = NULL;
+ char buf[BUFSIZ];
+ krb5_error_code ret;
+
+ while (config_fgets(buf, sizeof(buf), f) != NULL) {
+ char *p;
+
+ ++*lineno;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ p = buf;
+ while(isspace((unsigned char)*p))
+ ++p;
+ if (*p == '#' || *p == ';')
+ continue;
+ if (*p == '[') {
+ ret = parse_section(p, &s, res, error_message);
+ if (ret)
+ return ret;
+ b = NULL;
+ } else if (*p == '}') {
+ *error_message = "unmatched }";
+ return EINVAL; /* XXX */
+ } else if(*p != '\0') {
+ if (s == NULL) {
+ *error_message = "binding before section";
+ return EINVAL;
+ }
+ ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
+ if (ret)
+ return ret;
+ }
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_string_multi(krb5_context context,
+ const char *string,
+ krb5_config_section **res)
+{
+ const char *str;
+ unsigned lineno = 0;
+ krb5_error_code ret;
+ struct fileptr f;
+ f.f = NULL;
+ f.s = string;
+
+ ret = krb5_config_parse_debug (&f, res, &lineno, &str);
+ if (ret) {
+ krb5_set_error_string (context, "%s:%u: %s", "<constant>", lineno, str);
+ return ret;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_file_multi (krb5_context context,
+ const char *fname,
+ krb5_config_section **res)
+{
+ const char *str;
+ unsigned lineno = 0;
+ krb5_error_code ret;
+ struct fileptr f;
+ f.f = fopen(fname, "r");
+ f.s = NULL;
+ if(f.f == NULL) {
+ ret = errno;
+ krb5_set_error_string (context, "open %s: %s", fname, strerror(ret));
+ return ret;
+ }
+
+ ret = krb5_config_parse_debug (&f, res, &lineno, &str);
+ fclose(f.f);
+ if (ret) {
+ krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str);
+ return ret;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_file (krb5_context context,
+ const char *fname,
+ krb5_config_section **res)
+{
+ *res = NULL;
+ return krb5_config_parse_file_multi(context, fname, res);
+}
+
+#endif /* !HAVE_NETINFO */
+
+static void
+free_binding (krb5_context context, krb5_config_binding *b)
+{
+ krb5_config_binding *next_b;
+
+ while (b) {
+ free (b->name);
+ if (b->type == krb5_config_string)
+ free (b->u.string);
+ else if (b->type == krb5_config_list)
+ free_binding (context, b->u.list);
+ else
+ krb5_abortx(context, "unknown binding type (%d) in free_binding",
+ b->type);
+ next_b = b->next;
+ free (b);
+ b = next_b;
+ }
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_file_free (krb5_context context, krb5_config_section *s)
+{
+ free_binding (context, s);
+ return 0;
+}
+
+const void *
+krb5_config_get_next (krb5_context context,
+ const krb5_config_section *c,
+ const krb5_config_binding **pointer,
+ int type,
+ ...)
+{
+ const char *ret;
+ va_list args;
+
+ va_start(args, type);
+ ret = krb5_config_vget_next (context, c, pointer, type, args);
+ va_end(args);
+ return ret;
+}
+
+static const void *
+vget_next(krb5_context context,
+ const krb5_config_binding *b,
+ const krb5_config_binding **pointer,
+ int type,
+ const char *name,
+ va_list args)
+{
+ const char *p = va_arg(args, const char *);
+ while(b != NULL) {
+ if(strcmp(b->name, name) == 0) {
+ if(b->type == type && p == NULL) {
+ *pointer = b;
+ return b->u.generic;
+ } else if(b->type == krb5_config_list && p != NULL) {
+ return vget_next(context, b->u.list, pointer, type, p, args);
+ }
+ }
+ b = b->next;
+ }
+ return NULL;
+}
+
+const void *
+krb5_config_vget_next (krb5_context context,
+ const krb5_config_section *c,
+ const krb5_config_binding **pointer,
+ int type,
+ va_list args)
+{
+ const krb5_config_binding *b;
+ const char *p;
+
+ if(c == NULL)
+ c = context->cf;
+
+ if (c == NULL)
+ return NULL;
+
+ if (*pointer == NULL) {
+ /* first time here, walk down the tree looking for the right
+ section */
+ p = va_arg(args, const char *);
+ if (p == NULL)
+ return NULL;
+ return vget_next(context, c, pointer, type, p, args);
+ }
+
+ /* we were called again, so just look for more entries with the
+ same name and type */
+ for (b = (*pointer)->next; b != NULL; b = b->next) {
+ if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
+ *pointer = b;
+ return b->u.generic;
+ }
+ }
+ return NULL;
+}
+
+const void *
+krb5_config_get (krb5_context context,
+ const krb5_config_section *c,
+ int type,
+ ...)
+{
+ const void *ret;
+ va_list args;
+
+ va_start(args, type);
+ ret = krb5_config_vget (context, c, type, args);
+ va_end(args);
+ return ret;
+}
+
+const void *
+krb5_config_vget (krb5_context context,
+ const krb5_config_section *c,
+ int type,
+ va_list args)
+{
+ const krb5_config_binding *foo = NULL;
+
+ return krb5_config_vget_next (context, c, &foo, type, args);
+}
+
+const krb5_config_binding *
+krb5_config_get_list (krb5_context context,
+ const krb5_config_section *c,
+ ...)
+{
+ const krb5_config_binding *ret;
+ va_list args;
+
+ va_start(args, c);
+ ret = krb5_config_vget_list (context, c, args);
+ va_end(args);
+ return ret;
+}
+
+const krb5_config_binding *
+krb5_config_vget_list (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
+{
+ return krb5_config_vget (context, c, krb5_config_list, args);
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_get_string (krb5_context context,
+ const krb5_config_section *c,
+ ...)
+{
+ const char *ret;
+ va_list args;
+
+ va_start(args, c);
+ ret = krb5_config_vget_string (context, c, args);
+ va_end(args);
+ return ret;
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_vget_string (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
+{
+ return krb5_config_vget (context, c, krb5_config_string, args);
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_vget_string_default (krb5_context context,
+ const krb5_config_section *c,
+ const char *def_value,
+ va_list args)
+{
+ const char *ret;
+
+ ret = krb5_config_vget_string (context, c, args);
+ if (ret == NULL)
+ ret = def_value;
+ return ret;
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_get_string_default (krb5_context context,
+ const krb5_config_section *c,
+ const char *def_value,
+ ...)
+{
+ const char *ret;
+ va_list args;
+
+ va_start(args, def_value);
+ ret = krb5_config_vget_string_default (context, c, def_value, args);
+ va_end(args);
+ return ret;
+}
+
+char ** KRB5_LIB_FUNCTION
+krb5_config_vget_strings(krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
+{
+ char **strings = NULL;
+ int nstr = 0;
+ const krb5_config_binding *b = NULL;
+ const char *p;
+
+ while((p = krb5_config_vget_next(context, c, &b,
+ krb5_config_string, args))) {
+ char *tmp = strdup(p);
+ char *pos = NULL;
+ char *s;
+ if(tmp == NULL)
+ goto cleanup;
+ s = strtok_r(tmp, " \t", &pos);
+ while(s){
+ char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings));
+ if(tmp2 == NULL)
+ goto cleanup;
+ strings = tmp2;
+ strings[nstr] = strdup(s);
+ nstr++;
+ if(strings[nstr-1] == NULL)
+ goto cleanup;
+ s = strtok_r(NULL, " \t", &pos);
+ }
+ free(tmp);
+ }
+ if(nstr){
+ char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
+ if(tmp == NULL)
+ goto cleanup;
+ strings = tmp;
+ strings[nstr] = NULL;
+ }
+ return strings;
+cleanup:
+ while(nstr--)
+ free(strings[nstr]);
+ free(strings);
+ return NULL;
+
+}
+
+char**
+krb5_config_get_strings(krb5_context context,
+ const krb5_config_section *c,
+ ...)
+{
+ va_list ap;
+ char **ret;
+ va_start(ap, c);
+ ret = krb5_config_vget_strings(context, c, ap);
+ va_end(ap);
+ return ret;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_config_free_strings(char **strings)
+{
+ char **s = strings;
+ while(s && *s){
+ free(*s);
+ s++;
+ }
+ free(strings);
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_vget_bool_default (krb5_context context,
+ const krb5_config_section *c,
+ krb5_boolean def_value,
+ va_list args)
+{
+ const char *str;
+ str = krb5_config_vget_string (context, c, args);
+ if(str == NULL)
+ return def_value;
+ if(strcasecmp(str, "yes") == 0 ||
+ strcasecmp(str, "true") == 0 ||
+ atoi(str)) return TRUE;
+ return FALSE;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_vget_bool (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
+{
+ return krb5_config_vget_bool_default (context, c, FALSE, args);
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_get_bool_default (krb5_context context,
+ const krb5_config_section *c,
+ krb5_boolean def_value,
+ ...)
+{
+ va_list ap;
+ krb5_boolean ret;
+ va_start(ap, def_value);
+ ret = krb5_config_vget_bool_default(context, c, def_value, ap);
+ va_end(ap);
+ return ret;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_get_bool (krb5_context context,
+ const krb5_config_section *c,
+ ...)
+{
+ va_list ap;
+ krb5_boolean ret;
+ va_start(ap, c);
+ ret = krb5_config_vget_bool (context, c, ap);
+ va_end(ap);
+ return ret;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_time_default (krb5_context context,
+ const krb5_config_section *c,
+ int def_value,
+ va_list args)
+{
+ const char *str;
+ krb5_deltat t;
+
+ str = krb5_config_vget_string (context, c, args);
+ if(str == NULL)
+ return def_value;
+ if (krb5_string_to_deltat(str, &t))
+ return def_value;
+ return t;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_time (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
+{
+ return krb5_config_vget_time_default (context, c, -1, args);
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_time_default (krb5_context context,
+ const krb5_config_section *c,
+ int def_value,
+ ...)
+{
+ va_list ap;
+ int ret;
+ va_start(ap, def_value);
+ ret = krb5_config_vget_time_default(context, c, def_value, ap);
+ va_end(ap);
+ return ret;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_time (krb5_context context,
+ const krb5_config_section *c,
+ ...)
+{
+ va_list ap;
+ int ret;
+ va_start(ap, c);
+ ret = krb5_config_vget_time (context, c, ap);
+ va_end(ap);
+ return ret;
+}
+
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_int_default (krb5_context context,
+ const krb5_config_section *c,
+ int def_value,
+ va_list args)
+{
+ const char *str;
+ str = krb5_config_vget_string (context, c, args);
+ if(str == NULL)
+ return def_value;
+ else {
+ char *endptr;
+ long l;
+ l = strtol(str, &endptr, 0);
+ if (endptr == str)
+ return def_value;
+ else
+ return l;
+ }
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_int (krb5_context context,
+ const krb5_config_section *c,
+ va_list args)
+{
+ return krb5_config_vget_int_default (context, c, -1, args);
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_int_default (krb5_context context,
+ const krb5_config_section *c,
+ int def_value,
+ ...)
+{
+ va_list ap;
+ int ret;
+ va_start(ap, def_value);
+ ret = krb5_config_vget_int_default(context, c, def_value, ap);
+ va_end(ap);
+ return ret;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_int (krb5_context context,
+ const krb5_config_section *c,
+ ...)
+{
+ va_list ap;
+ int ret;
+ va_start(ap, c);
+ ret = krb5_config_vget_int (context, c, ap);
+ va_end(ap);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/config_file_netinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/config_file_netinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/config_file_netinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: config_file_netinfo.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Netinfo implementation from Luke Howard <lukeh at xedoc.com.au>
+ */
+
+#ifdef HAVE_NETINFO
+#include <netinfo/ni.h>
+static ni_status
+ni_proplist2binding(ni_proplist *pl, krb5_config_section **ret)
+{
+ int i, j;
+ krb5_config_section **next = NULL;
+
+ for (i = 0; i < pl->ni_proplist_len; i++) {
+ if (!strcmp(pl->nipl_val[i].nip_name, "name"))
+ continue;
+
+ for (j = 0; j < pl->nipl_val[i].nip_val.ni_namelist_len; j++) {
+ krb5_config_binding *b;
+
+ b = malloc(sizeof(*b));
+ if (b == NULL)
+ return NI_FAILED;
+
+ b->next = NULL;
+ b->type = krb5_config_string;
+ b->name = ni_name_dup(pl->nipl_val[i].nip_name);
+ b->u.string = ni_name_dup(pl->nipl_val[i].nip_val.ninl_val[j]);
+
+ if (next == NULL) {
+ *ret = b;
+ } else {
+ *next = b;
+ }
+ next = &b->next;
+ }
+ }
+ return NI_OK;
+}
+
+static ni_status
+ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret)
+{
+ int i;
+ ni_status nis;
+ krb5_config_section **next;
+
+ for (i = 0; i < idlist->ni_idlist_len; i++) {
+ ni_proplist pl;
+ ni_id nid;
+ ni_idlist children;
+ krb5_config_binding *b;
+ ni_index index;
+
+ nid.nii_instance = 0;
+ nid.nii_object = idlist->ni_idlist_val[i];
+
+ nis = ni_read(ni, &nid, &pl);
+
+ if (nis != NI_OK) {
+ return nis;
+ }
+ index = ni_proplist_match(pl, "name", NULL);
+ b = malloc(sizeof(*b));
+ if (b == NULL) return NI_FAILED;
+
+ if (i == 0) {
+ *ret = b;
+ } else {
+ *next = b;
+ }
+
+ b->type = krb5_config_list;
+ b->name = ni_name_dup(pl.nipl_val[index].nip_val.ninl_val[0]);
+ b->next = NULL;
+ b->u.list = NULL;
+
+ /* get the child directories */
+ nis = ni_children(ni, &nid, &children);
+ if (nis == NI_OK) {
+ nis = ni_idlist2binding(ni, &children, &b->u.list);
+ if (nis != NI_OK) {
+ return nis;
+ }
+ }
+
+ nis = ni_proplist2binding(&pl, b->u.list == NULL ? &b->u.list : &b->u.list->next);
+ ni_proplist_free(&pl);
+ if (nis != NI_OK) {
+ return nis;
+ }
+ next = &b->next;
+ }
+ ni_idlist_free(idlist);
+ return NI_OK;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_file (krb5_context context,
+ const char *fname,
+ krb5_config_section **res)
+{
+ void *ni = NULL, *lastni = NULL;
+ int i;
+ ni_status nis;
+ ni_id nid;
+ ni_idlist children;
+
+ krb5_config_section *s;
+ int ret;
+
+ s = NULL;
+
+ for (i = 0; i < 256; i++) {
+ if (i == 0) {
+ nis = ni_open(NULL, ".", &ni);
+ } else {
+ if (lastni != NULL) ni_free(lastni);
+ lastni = ni;
+ nis = ni_open(lastni, "..", &ni);
+ }
+ if (nis != NI_OK)
+ break;
+ nis = ni_pathsearch(ni, &nid, "/locations/kerberos");
+ if (nis == NI_OK) {
+ nis = ni_children(ni, &nid, &children);
+ if (nis != NI_OK)
+ break;
+ nis = ni_idlist2binding(ni, &children, &s);
+ break;
+ }
+ }
+
+ if (ni != NULL) ni_free(ni);
+ if (ni != lastni && lastni != NULL) ni_free(lastni);
+
+ ret = (nis == NI_OK) ? 0 : -1;
+ if (ret == 0) {
+ *res = s;
+ } else {
+ *res = NULL;
+ }
+ return ret;
+}
+#endif /* HAVE_NETINFO */
Added: vendor-crypto/heimdal/dist/lib/krb5/constants.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/constants.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/constants.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: constants.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+const char *krb5_config_file =
+#ifdef __APPLE__
+"/Library/Preferences/edu.mit.Kerberos:"
+#endif
+SYSCONFDIR "/krb5.conf:/etc/krb5.conf";
+const char *krb5_defkeyname = KEYTAB_DEFAULT;
Added: vendor-crypto/heimdal/dist/lib/krb5/context.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/context.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/context.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1033 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <com_err.h>
+
+RCSID("$Id: context.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#define INIT_FIELD(C, T, E, D, F) \
+ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
+ "libdefaults", F, NULL)
+
+#define INIT_FLAG(C, O, V, D, F) \
+ do { \
+ if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \
+ (C)->O |= V; \
+ } \
+ } while(0)
+
+/*
+ * Set the list of etypes `ret_etypes' from the configuration variable
+ * `name'
+ */
+
+static krb5_error_code
+set_etypes (krb5_context context,
+ const char *name,
+ krb5_enctype **ret_enctypes)
+{
+ char **etypes_str;
+ krb5_enctype *etypes = NULL;
+
+ etypes_str = krb5_config_get_strings(context, NULL, "libdefaults",
+ name, NULL);
+ if(etypes_str){
+ int i, j, k;
+ for(i = 0; etypes_str[i]; i++);
+ etypes = malloc((i+1) * sizeof(*etypes));
+ if (etypes == NULL) {
+ krb5_config_free_strings (etypes_str);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ for(j = 0, k = 0; j < i; j++) {
+ krb5_enctype e;
+ if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0)
+ continue;
+ if (krb5_enctype_valid(context, e) != 0)
+ continue;
+ etypes[k++] = e;
+ }
+ etypes[k] = ETYPE_NULL;
+ krb5_config_free_strings(etypes_str);
+ }
+ *ret_enctypes = etypes;
+ return 0;
+}
+
+/*
+ * read variables from the configuration file and set in `context'
+ */
+
+static krb5_error_code
+init_context_from_config_file(krb5_context context)
+{
+ krb5_error_code ret;
+ const char * tmp;
+ krb5_enctype *tmptypes;
+
+ INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
+ INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
+ INIT_FIELD(context, int, max_retries, 3, "max_retries");
+
+ INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
+
+ ret = set_etypes (context, "default_etypes", &tmptypes);
+ if(ret)
+ return ret;
+ free(context->etypes);
+ context->etypes = tmptypes;
+
+ ret = set_etypes (context, "default_etypes_des", &tmptypes);
+ if(ret)
+ return ret;
+ free(context->etypes_des);
+ context->etypes_des = tmptypes;
+
+ /* default keytab name */
+ tmp = NULL;
+ if(!issuid())
+ tmp = getenv("KRB5_KTNAME");
+ if(tmp != NULL)
+ context->default_keytab = tmp;
+ else
+ INIT_FIELD(context, string, default_keytab,
+ KEYTAB_DEFAULT, "default_keytab_name");
+
+ INIT_FIELD(context, string, default_keytab_modify,
+ NULL, "default_keytab_modify_name");
+
+ INIT_FIELD(context, string, time_fmt,
+ "%Y-%m-%dT%H:%M:%S", "time_format");
+
+ INIT_FIELD(context, string, date_fmt,
+ "%Y-%m-%d", "date_format");
+
+ INIT_FIELD(context, bool, log_utc,
+ FALSE, "log_utc");
+
+
+
+ /* init dns-proxy slime */
+ tmp = krb5_config_get_string(context, NULL, "libdefaults",
+ "dns_proxy", NULL);
+ if(tmp)
+ roken_gethostby_setup(context->http_proxy, tmp);
+ krb5_free_host_realm (context, context->default_realms);
+ context->default_realms = NULL;
+
+ {
+ krb5_addresses addresses;
+ char **adr, **a;
+
+ krb5_set_extra_addresses(context, NULL);
+ adr = krb5_config_get_strings(context, NULL,
+ "libdefaults",
+ "extra_addresses",
+ NULL);
+ memset(&addresses, 0, sizeof(addresses));
+ for(a = adr; a && *a; a++) {
+ ret = krb5_parse_address(context, *a, &addresses);
+ if (ret == 0) {
+ krb5_add_extra_addresses(context, &addresses);
+ krb5_free_addresses(context, &addresses);
+ }
+ }
+ krb5_config_free_strings(adr);
+
+ krb5_set_ignore_addresses(context, NULL);
+ adr = krb5_config_get_strings(context, NULL,
+ "libdefaults",
+ "ignore_addresses",
+ NULL);
+ memset(&addresses, 0, sizeof(addresses));
+ for(a = adr; a && *a; a++) {
+ ret = krb5_parse_address(context, *a, &addresses);
+ if (ret == 0) {
+ krb5_add_ignore_addresses(context, &addresses);
+ krb5_free_addresses(context, &addresses);
+ }
+ }
+ krb5_config_free_strings(adr);
+ }
+
+ INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
+ INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
+ /* prefer dns_lookup_kdc over srv_lookup. */
+ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
+ INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
+ INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size");
+ INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname");
+ INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac");
+ context->default_cc_name = NULL;
+ context->default_cc_name_set = 0;
+ return 0;
+}
+
+/**
+ * Initializes the context structure and reads the configuration file
+ * /etc/krb5.conf. The structure should be freed by calling
+ * krb5_free_context() when it is no longer being used.
+ *
+ * @param context pointer to returned context
+ *
+ * @return Returns 0 to indicate success. Otherwise an errno code is
+ * returned. Failure means either that something bad happened during
+ * initialization (typically ENOMEM) or that Kerberos should not be
+ * used ENXIO.
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_init_context(krb5_context *context)
+{
+ krb5_context p;
+ krb5_error_code ret;
+ char **files;
+
+ *context = NULL;
+
+ p = calloc(1, sizeof(*p));
+ if(!p)
+ return ENOMEM;
+
+ p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
+ if (p->mutex == NULL) {
+ free(p);
+ return ENOMEM;
+ }
+ HEIMDAL_MUTEX_init(p->mutex);
+
+ ret = krb5_get_default_config_files(&files);
+ if(ret)
+ goto out;
+ ret = krb5_set_config_files(p, files);
+ krb5_free_config_files(files);
+ if(ret)
+ goto out;
+
+ /* init error tables */
+ krb5_init_ets(p);
+
+ p->cc_ops = NULL;
+ p->num_cc_ops = 0;
+ krb5_cc_register(p, &krb5_acc_ops, TRUE);
+ krb5_cc_register(p, &krb5_fcc_ops, TRUE);
+ krb5_cc_register(p, &krb5_mcc_ops, TRUE);
+#ifdef HAVE_KCM
+ krb5_cc_register(p, &krb5_kcm_ops, TRUE);
+#endif
+
+ p->num_kt_types = 0;
+ p->kt_types = NULL;
+ krb5_kt_register (p, &krb5_fkt_ops);
+ krb5_kt_register (p, &krb5_wrfkt_ops);
+ krb5_kt_register (p, &krb5_javakt_ops);
+ krb5_kt_register (p, &krb5_mkt_ops);
+ krb5_kt_register (p, &krb5_akf_ops);
+ krb5_kt_register (p, &krb4_fkt_ops);
+ krb5_kt_register (p, &krb5_srvtab_fkt_ops);
+ krb5_kt_register (p, &krb5_any_ops);
+
+out:
+ if(ret) {
+ krb5_free_context(p);
+ p = NULL;
+ }
+ *context = p;
+ return ret;
+}
+
+/**
+ * Frees the krb5_context allocated by krb5_init_context().
+ *
+ * @param context context to be freed.
+ *
+ * @ingroup krb5
+*/
+
+void KRB5_LIB_FUNCTION
+krb5_free_context(krb5_context context)
+{
+ if (context->default_cc_name)
+ free(context->default_cc_name);
+ if (context->default_cc_name_env)
+ free(context->default_cc_name_env);
+ free(context->etypes);
+ free(context->etypes_des);
+ krb5_free_host_realm (context, context->default_realms);
+ krb5_config_file_free (context, context->cf);
+ free_error_table (context->et_list);
+ free(context->cc_ops);
+ free(context->kt_types);
+ krb5_clear_error_string(context);
+ if(context->warn_dest != NULL)
+ krb5_closelog(context, context->warn_dest);
+ krb5_set_extra_addresses(context, NULL);
+ krb5_set_ignore_addresses(context, NULL);
+ krb5_set_send_to_kdc_func(context, NULL, NULL);
+ if (context->mutex != NULL) {
+ HEIMDAL_MUTEX_destroy(context->mutex);
+ free(context->mutex);
+ }
+ memset(context, 0, sizeof(*context));
+ free(context);
+}
+
+/**
+ * Reinit the context from a new set of filenames.
+ *
+ * @param context context to add configuration too.
+ * @param filenames array of filenames, end of list is indicated with a NULL filename.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_config_files(krb5_context context, char **filenames)
+{
+ krb5_error_code ret;
+ krb5_config_binding *tmp = NULL;
+ while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
+ ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
+ if(ret != 0 && ret != ENOENT && ret != EACCES) {
+ krb5_config_file_free(context, tmp);
+ return ret;
+ }
+ filenames++;
+ }
+#if 0
+ /* with this enabled and if there are no config files, Kerberos is
+ considererd disabled */
+ if(tmp == NULL)
+ return ENXIO;
+#endif
+ krb5_config_file_free(context, context->cf);
+ context->cf = tmp;
+ ret = init_context_from_config_file(context);
+ return ret;
+}
+
+static krb5_error_code
+add_file(char ***pfilenames, int *len, char *file)
+{
+ char **pp = *pfilenames;
+ int i;
+
+ for(i = 0; i < *len; i++) {
+ if(strcmp(pp[i], file) == 0) {
+ free(file);
+ return 0;
+ }
+ }
+
+ pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp));
+ if (pp == NULL) {
+ free(file);
+ return ENOMEM;
+ }
+
+ pp[*len] = file;
+ pp[*len + 1] = NULL;
+ *pfilenames = pp;
+ *len += 1;
+ return 0;
+}
+
+/*
+ * `pq' isn't free, it's up the the caller
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
+{
+ krb5_error_code ret;
+ const char *p, *q;
+ char **pp;
+ int len;
+ char *fn;
+
+ pp = NULL;
+
+ len = 0;
+ p = filelist;
+ while(1) {
+ ssize_t l;
+ q = p;
+ l = strsep_copy(&q, ":", NULL, 0);
+ if(l == -1)
+ break;
+ fn = malloc(l + 1);
+ if(fn == NULL) {
+ krb5_free_config_files(pp);
+ return ENOMEM;
+ }
+ l = strsep_copy(&p, ":", fn, l + 1);
+ ret = add_file(&pp, &len, fn);
+ if (ret) {
+ krb5_free_config_files(pp);
+ return ret;
+ }
+ }
+
+ if (pq != NULL) {
+ int i;
+
+ for (i = 0; pq[i] != NULL; i++) {
+ fn = strdup(pq[i]);
+ if (fn == NULL) {
+ krb5_free_config_files(pp);
+ return ENOMEM;
+ }
+ ret = add_file(&pp, &len, fn);
+ if (ret) {
+ krb5_free_config_files(pp);
+ return ret;
+ }
+ }
+ }
+
+ *ret_pp = pp;
+ return 0;
+}
+
+/**
+ * Prepend the filename to the global configuration list.
+ *
+ * @param filelist a filename to add to the default list of filename
+ * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
+{
+ krb5_error_code ret;
+ char **defpp, **pp = NULL;
+
+ ret = krb5_get_default_config_files(&defpp);
+ if (ret)
+ return ret;
+
+ ret = krb5_prepend_config_files(filelist, defpp, &pp);
+ krb5_free_config_files(defpp);
+ if (ret) {
+ return ret;
+ }
+ *pfilenames = pp;
+ return 0;
+}
+
+/**
+ * Get the global configuration list.
+ *
+ * @param pfilenames return array of filenames, should be freed with krb5_free_config_files().
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_config_files(char ***pfilenames)
+{
+ const char *files = NULL;
+
+ if (pfilenames == NULL)
+ return EINVAL;
+ if(!issuid())
+ files = getenv("KRB5_CONFIG");
+ if (files == NULL)
+ files = krb5_config_file;
+
+ return krb5_prepend_config_files(files, NULL, pfilenames);
+}
+
+/**
+ * Free a list of configuration files.
+ *
+ * @param filenames list to be freed.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_free_config_files(char **filenames)
+{
+ char **p;
+ for(p = filenames; *p != NULL; p++)
+ free(*p);
+ free(filenames);
+}
+
+/**
+ * Returns the list of Kerberos encryption types sorted in order of
+ * most preferred to least preferred encryption type. Note that some
+ * encryption types might be disabled, so you need to check with
+ * krb5_enctype_valid() before using the encryption type.
+ *
+ * @return list of enctypes, terminated with ETYPE_NULL. Its a static
+ * array completed into the Kerberos library so the content doesn't
+ * need to be freed.
+ *
+ * @ingroup krb5
+ */
+
+const krb5_enctype * KRB5_LIB_FUNCTION
+krb5_kerberos_enctypes(krb5_context context)
+{
+ static const krb5_enctype p[] = {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ ETYPE_AES128_CTS_HMAC_SHA1_96,
+ ETYPE_DES3_CBC_SHA1,
+ ETYPE_DES3_CBC_MD5,
+ ETYPE_ARCFOUR_HMAC_MD5,
+ ETYPE_DES_CBC_MD5,
+ ETYPE_DES_CBC_MD4,
+ ETYPE_DES_CBC_CRC,
+ ETYPE_NULL
+ };
+ return p;
+}
+
+/*
+ * set `etype' to a malloced list of the default enctypes
+ */
+
+static krb5_error_code
+default_etypes(krb5_context context, krb5_enctype **etype)
+{
+ const krb5_enctype *p;
+ krb5_enctype *e = NULL, *ep;
+ int i, n = 0;
+
+ p = krb5_kerberos_enctypes(context);
+
+ for (i = 0; p[i] != ETYPE_NULL; i++) {
+ if (krb5_enctype_valid(context, p[i]) != 0)
+ continue;
+ ep = realloc(e, (n + 2) * sizeof(*e));
+ if (ep == NULL) {
+ free(e);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ e = ep;
+ e[n] = p[i];
+ e[n + 1] = ETYPE_NULL;
+ n++;
+ }
+ *etype = e;
+ return 0;
+}
+
+/**
+ * Set the default encryption types that will be use in communcation
+ * with the KDC, clients and servers.
+ *
+ * @param context Kerberos 5 context.
+ * @param etypes Encryption types, array terminated with ETYPE_NULL (0).
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_default_in_tkt_etypes(krb5_context context,
+ const krb5_enctype *etypes)
+{
+ krb5_enctype *p = NULL;
+ int i;
+
+ if(etypes) {
+ for (i = 0; etypes[i]; ++i) {
+ krb5_error_code ret;
+ ret = krb5_enctype_valid(context, etypes[i]);
+ if (ret)
+ return ret;
+ }
+ ++i;
+ ALLOC(p, i);
+ if(!p) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memmove(p, etypes, i * sizeof(krb5_enctype));
+ }
+ if(context->etypes)
+ free(context->etypes);
+ context->etypes = p;
+ return 0;
+}
+
+/**
+ * Get the default encryption types that will be use in communcation
+ * with the KDC, clients and servers.
+ *
+ * @param context Kerberos 5 context.
+ * @param etypes Encryption types, array terminated with
+ * ETYPE_NULL(0), caller should free array with krb5_xfree():
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_in_tkt_etypes(krb5_context context,
+ krb5_enctype **etypes)
+{
+ krb5_enctype *p;
+ int i;
+ krb5_error_code ret;
+
+ if(context->etypes) {
+ for(i = 0; context->etypes[i]; i++);
+ ++i;
+ ALLOC(p, i);
+ if(!p) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memmove(p, context->etypes, i * sizeof(krb5_enctype));
+ } else {
+ ret = default_etypes(context, &p);
+ if (ret)
+ return ret;
+ }
+ *etypes = p;
+ return 0;
+}
+
+/**
+ * Return the error string for the error code. The caller must not
+ * free the string.
+ *
+ * @param context Kerberos 5 context.
+ * @param code Kerberos error code.
+ *
+ * @return the error message matching code
+ *
+ * @ingroup krb5
+ */
+
+const char* KRB5_LIB_FUNCTION
+krb5_get_err_text(krb5_context context, krb5_error_code code)
+{
+ const char *p = NULL;
+ if(context != NULL)
+ p = com_right(context->et_list, code);
+ if(p == NULL)
+ p = strerror(code);
+ if (p == NULL)
+ p = "Unknown error";
+ return p;
+}
+
+/**
+ * Init the built-in ets in the Kerberos library.
+ *
+ * @param context kerberos context to add the ets too
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_init_ets(krb5_context context)
+{
+ if(context->et_list == NULL){
+ krb5_add_et_list(context, initialize_krb5_error_table_r);
+ krb5_add_et_list(context, initialize_asn1_error_table_r);
+ krb5_add_et_list(context, initialize_heim_error_table_r);
+ krb5_add_et_list(context, initialize_k524_error_table_r);
+#ifdef PKINIT
+ krb5_add_et_list(context, initialize_hx_error_table_r);
+#endif
+ }
+}
+
+/**
+ * Make the kerberos library default to the admin KDC.
+ *
+ * @param context Kerberos 5 context.
+ * @param flag boolean flag to select if the use the admin KDC or not.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
+{
+ context->use_admin_kdc = flag;
+}
+
+/**
+ * Make the kerberos library default to the admin KDC.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return boolean flag to telling the context will use admin KDC as the default KDC.
+ *
+ * @ingroup krb5
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_get_use_admin_kdc (krb5_context context)
+{
+ return context->use_admin_kdc;
+}
+
+/**
+ * Add extra address to the address list that the library will add to
+ * the client's address list when communicating with the KDC.
+ *
+ * @param context Kerberos 5 context.
+ * @param addresses addreses to add
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
+{
+
+ if(context->extra_addresses)
+ return krb5_append_addresses(context,
+ context->extra_addresses, addresses);
+ else
+ return krb5_set_extra_addresses(context, addresses);
+}
+
+/**
+ * Set extra address to the address list that the library will add to
+ * the client's address list when communicating with the KDC.
+ *
+ * @param context Kerberos 5 context.
+ * @param addresses addreses to set
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
+{
+ if(context->extra_addresses)
+ krb5_free_addresses(context, context->extra_addresses);
+
+ if(addresses == NULL) {
+ if(context->extra_addresses != NULL) {
+ free(context->extra_addresses);
+ context->extra_addresses = NULL;
+ }
+ return 0;
+ }
+ if(context->extra_addresses == NULL) {
+ context->extra_addresses = malloc(sizeof(*context->extra_addresses));
+ if(context->extra_addresses == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+ return krb5_copy_addresses(context, addresses, context->extra_addresses);
+}
+
+/**
+ * Get extra address to the address list that the library will add to
+ * the client's address list when communicating with the KDC.
+ *
+ * @param context Kerberos 5 context.
+ * @param addresses addreses to set
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
+{
+ if(context->extra_addresses == NULL) {
+ memset(addresses, 0, sizeof(*addresses));
+ return 0;
+ }
+ return krb5_copy_addresses(context,context->extra_addresses, addresses);
+}
+
+/**
+ * Add extra addresses to ignore when fetching addresses from the
+ * underlaying operating system.
+ *
+ * @param context Kerberos 5 context.
+ * @param addresses addreses to ignore
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
+{
+
+ if(context->ignore_addresses)
+ return krb5_append_addresses(context,
+ context->ignore_addresses, addresses);
+ else
+ return krb5_set_ignore_addresses(context, addresses);
+}
+
+/**
+ * Set extra addresses to ignore when fetching addresses from the
+ * underlaying operating system.
+ *
+ * @param context Kerberos 5 context.
+ * @param addresses addreses to ignore
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
+{
+ if(context->ignore_addresses)
+ krb5_free_addresses(context, context->ignore_addresses);
+ if(addresses == NULL) {
+ if(context->ignore_addresses != NULL) {
+ free(context->ignore_addresses);
+ context->ignore_addresses = NULL;
+ }
+ return 0;
+ }
+ if(context->ignore_addresses == NULL) {
+ context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
+ if(context->ignore_addresses == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+ return krb5_copy_addresses(context, addresses, context->ignore_addresses);
+}
+
+/**
+ * Get extra addresses to ignore when fetching addresses from the
+ * underlaying operating system.
+ *
+ * @param context Kerberos 5 context.
+ * @param addresses list addreses ignored
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
+{
+ if(context->ignore_addresses == NULL) {
+ memset(addresses, 0, sizeof(*addresses));
+ return 0;
+ }
+ return krb5_copy_addresses(context, context->ignore_addresses, addresses);
+}
+
+/**
+ * Set version of fcache that the library should use.
+ *
+ * @param context Kerberos 5 context.
+ * @param version version number.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_fcache_version(krb5_context context, int version)
+{
+ context->fcache_vno = version;
+ return 0;
+}
+
+/**
+ * Get version of fcache that the library should use.
+ *
+ * @param context Kerberos 5 context.
+ * @param version version number.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_fcache_version(krb5_context context, int *version)
+{
+ *version = context->fcache_vno;
+ return 0;
+}
+
+/**
+ * Runtime check if the Kerberos library was complied with thread support.
+ *
+ * @return TRUE if the library was compiled with thread support, FALSE if not.
+ *
+ * @ingroup krb5
+ */
+
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_is_thread_safe(void)
+{
+#ifdef ENABLE_PTHREAD_SUPPORT
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+/**
+ * Set if the library should use DNS to canonicalize hostnames.
+ *
+ * @param context Kerberos 5 context.
+ * @param flag if its dns canonicalizion is used or not.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
+{
+ if (flag)
+ context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
+ else
+ context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME;
+}
+
+/**
+ * Get if the library uses DNS to canonicalize hostnames.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return return non zero if the library uses DNS to canonicalize hostnames.
+ *
+ * @ingroup krb5
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_get_dns_canonicalize_hostname (krb5_context context)
+{
+ return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
+}
+
+/**
+ * Get current offset in time to the KDC.
+ *
+ * @param context Kerberos 5 context.
+ * @param sec seconds part of offset.
+ * @param usec micro seconds part of offset.
+ *
+ * @return return non zero if the library uses DNS to canonicalize hostnames.
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
+{
+ if (sec)
+ *sec = context->kdc_sec_offset;
+ if (usec)
+ *usec = context->kdc_usec_offset;
+ return 0;
+}
+
+/**
+ * Get max time skew allowed.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return timeskew in seconds.
+ *
+ * @ingroup krb5
+ */
+
+time_t KRB5_LIB_FUNCTION
+krb5_get_max_time_skew (krb5_context context)
+{
+ return context->max_skew;
+}
+
+/**
+ * Set max time skew allowed.
+ *
+ * @param context Kerberos 5 context.
+ * @param t timeskew in seconds.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_set_max_time_skew (krb5_context context, time_t t)
+{
+ context->max_skew = t;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/convert_creds.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/convert_creds.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/convert_creds.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,204 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: convert_creds.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#include "krb5-v4compat.h"
+
+static krb5_error_code
+check_ticket_flags(TicketFlags f)
+{
+ return 0; /* maybe add some more tests here? */
+}
+
+/**
+ * Convert the v5 credentials in in_cred to v4-dito in v4creds. This
+ * is done by sending them to the 524 function in the KDC. If
+ * `in_cred' doesn't contain a DES session key, then a new one is
+ * gotten from the KDC and stored in the cred cache `ccache'.
+ *
+ * @param context Kerberos 5 context.
+ * @param in_cred the credential to convert
+ * @param v4creds the converted credential
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5_v4compat
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb524_convert_creds_kdc(krb5_context context,
+ krb5_creds *in_cred,
+ struct credentials *v4creds)
+{
+ krb5_error_code ret;
+ krb5_data reply;
+ krb5_storage *sp;
+ int32_t tmp;
+ krb5_data ticket;
+ char realm[REALM_SZ];
+ krb5_creds *v5_creds = in_cred;
+
+ ret = check_ticket_flags(v5_creds->flags.b);
+ if(ret)
+ goto out2;
+
+ {
+ krb5_krbhst_handle handle;
+
+ ret = krb5_krbhst_init(context,
+ krb5_principal_get_realm(context,
+ v5_creds->server),
+ KRB5_KRBHST_KRB524,
+ &handle);
+ if (ret)
+ goto out2;
+
+ ret = krb5_sendto (context,
+ &v5_creds->ticket,
+ handle,
+ &reply);
+ krb5_krbhst_free(context, handle);
+ if (ret)
+ goto out2;
+ }
+ sp = krb5_storage_from_mem(reply.data, reply.length);
+ if(sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ goto out2;
+ }
+ krb5_ret_int32(sp, &tmp);
+ ret = tmp;
+ if(ret == 0) {
+ memset(v4creds, 0, sizeof(*v4creds));
+ ret = krb5_ret_int32(sp, &tmp);
+ if(ret)
+ goto out;
+ v4creds->kvno = tmp;
+ ret = krb5_ret_data(sp, &ticket);
+ if(ret)
+ goto out;
+ v4creds->ticket_st.length = ticket.length;
+ memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
+ krb5_data_free(&ticket);
+ ret = krb5_524_conv_principal(context,
+ v5_creds->server,
+ v4creds->service,
+ v4creds->instance,
+ v4creds->realm);
+ if(ret)
+ goto out;
+ v4creds->issue_date = v5_creds->times.starttime;
+ v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date,
+ v5_creds->times.endtime);
+ ret = krb5_524_conv_principal(context, v5_creds->client,
+ v4creds->pname,
+ v4creds->pinst,
+ realm);
+ if(ret)
+ goto out;
+ memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
+ } else {
+ krb5_set_error_string(context, "converting credentials: %s",
+ krb5_get_err_text(context, ret));
+ }
+out:
+ krb5_storage_free(sp);
+ krb5_data_free(&reply);
+out2:
+ if (v5_creds != in_cred)
+ krb5_free_creds (context, v5_creds);
+ return ret;
+}
+
+/**
+ * Convert the v5 credentials in in_cred to v4-dito in v4creds,
+ * check the credential cache ccache before checking with the KDC.
+ *
+ * @param context Kerberos 5 context.
+ * @param ccache credential cache used to check for des-ticket.
+ * @param in_cred the credential to convert
+ * @param v4creds the converted credential
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5_v4compat
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb524_convert_creds_kdc_ccache(krb5_context context,
+ krb5_ccache ccache,
+ krb5_creds *in_cred,
+ struct credentials *v4creds)
+{
+ krb5_error_code ret;
+ krb5_creds *v5_creds = in_cred;
+ krb5_keytype keytype;
+
+ keytype = v5_creds->session.keytype;
+
+ if (keytype != ENCTYPE_DES_CBC_CRC) {
+ /* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
+ so go get one */
+ krb5_creds template;
+
+ memset (&template, 0, sizeof(template));
+ template.session.keytype = ENCTYPE_DES_CBC_CRC;
+ ret = krb5_copy_principal (context, in_cred->client, &template.client);
+ if (ret) {
+ krb5_free_cred_contents (context, &template);
+ return ret;
+ }
+ ret = krb5_copy_principal (context, in_cred->server, &template.server);
+ if (ret) {
+ krb5_free_cred_contents (context, &template);
+ return ret;
+ }
+
+ ret = krb5_get_credentials (context, 0, ccache,
+ &template, &v5_creds);
+ krb5_free_cred_contents (context, &template);
+ if (ret)
+ return ret;
+ }
+
+ ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
+
+ if (v5_creds != in_cred)
+ krb5_free_creds (context, v5_creds);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/copy_host_realm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/copy_host_realm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/copy_host_realm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: copy_host_realm.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/**
+ * Copy the list of realms from `from' to `to'.
+ *
+ * @param context Kerberos 5 context.
+ * @param from list of realms to copy from.
+ * @param to list of realms to copy to, free list of krb5_free_host_realm().
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_host_realm(krb5_context context,
+ const krb5_realm *from,
+ krb5_realm **to)
+{
+ int n, i;
+ const krb5_realm *p;
+
+ for (n = 0, p = from; *p != NULL; ++p)
+ ++n;
+ ++n;
+ *to = malloc (n * sizeof(**to));
+ if (*to == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ for (i = 0; i < n; ++i)
+ (*to)[i] = NULL;
+ for (i = 0, p = from; *p != NULL; ++p, ++i) {
+ (*to)[i] = strdup(*p);
+ if ((*to)[i] == NULL) {
+ krb5_free_host_realm (context, *to);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/crc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/crc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/crc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: crc.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static u_long table[256];
+
+#define CRC_GEN 0xEDB88320L
+
+void
+_krb5_crc_init_table(void)
+{
+ static int flag = 0;
+ unsigned long crc, poly;
+ int i, j;
+
+ if(flag) return;
+ poly = CRC_GEN;
+ for (i = 0; i < 256; i++) {
+ crc = i;
+ for (j = 8; j > 0; j--) {
+ if (crc & 1) {
+ crc = (crc >> 1) ^ poly;
+ } else {
+ crc >>= 1;
+ }
+ }
+ table[i] = crc;
+ }
+ flag = 1;
+}
+
+uint32_t
+_krb5_crc_update (const char *p, size_t len, uint32_t res)
+{
+ while (len--)
+ res = table[(res ^ *p++) & 0xFF] ^ (res >> 8);
+ return res & 0xFFFFFFFF;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/creds.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/creds.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/creds.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: creds.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#undef __attribute__
+#define __attribute__(X)
+
+/* keep this for compatibility with older code */
+krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated))
+krb5_free_creds_contents (krb5_context context, krb5_creds *c)
+{
+ return krb5_free_cred_contents (context, c);
+}
+
+/**
+ * Free content of krb5_creds.
+ *
+ * @param context Kerberos 5 context.
+ * @param c krb5_creds to free.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_cred_contents (krb5_context context, krb5_creds *c)
+{
+ krb5_free_principal (context, c->client);
+ c->client = NULL;
+ krb5_free_principal (context, c->server);
+ c->server = NULL;
+ krb5_free_keyblock_contents (context, &c->session);
+ krb5_data_free (&c->ticket);
+ krb5_data_free (&c->second_ticket);
+ free_AuthorizationData (&c->authdata);
+ krb5_free_addresses (context, &c->addresses);
+ memset(c, 0, sizeof(*c));
+ return 0;
+}
+
+/**
+ * Copy content of krb5_creds.
+ *
+ * @param context Kerberos 5 context.
+ * @param incred source credential
+ * @param c destination credential, free with krb5_free_cred_contents().
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_creds_contents (krb5_context context,
+ const krb5_creds *incred,
+ krb5_creds *c)
+{
+ krb5_error_code ret;
+
+ memset(c, 0, sizeof(*c));
+ ret = krb5_copy_principal (context, incred->client, &c->client);
+ if (ret)
+ goto fail;
+ ret = krb5_copy_principal (context, incred->server, &c->server);
+ if (ret)
+ goto fail;
+ ret = krb5_copy_keyblock_contents (context, &incred->session, &c->session);
+ if (ret)
+ goto fail;
+ c->times = incred->times;
+ ret = krb5_data_copy (&c->ticket,
+ incred->ticket.data,
+ incred->ticket.length);
+ if (ret)
+ goto fail;
+ ret = krb5_data_copy (&c->second_ticket,
+ incred->second_ticket.data,
+ incred->second_ticket.length);
+ if (ret)
+ goto fail;
+ ret = copy_AuthorizationData(&incred->authdata, &c->authdata);
+ if (ret)
+ goto fail;
+ ret = krb5_copy_addresses (context,
+ &incred->addresses,
+ &c->addresses);
+ if (ret)
+ goto fail;
+ c->flags = incred->flags;
+ return 0;
+
+fail:
+ krb5_free_cred_contents (context, c);
+ return ret;
+}
+
+/**
+ * Copy krb5_creds.
+ *
+ * @param context Kerberos 5 context.
+ * @param incred source credential
+ * @param outcred destination credential, free with krb5_free_creds().
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_creds (krb5_context context,
+ const krb5_creds *incred,
+ krb5_creds **outcred)
+{
+ krb5_creds *c;
+
+ c = malloc (sizeof (*c));
+ if (c == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memset (c, 0, sizeof(*c));
+ *outcred = c;
+ return krb5_copy_creds_contents (context, incred, c);
+}
+
+/**
+ * Free krb5_creds.
+ *
+ * @param context Kerberos 5 context.
+ * @param c krb5_creds to free.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_creds (krb5_context context, krb5_creds *c)
+{
+ krb5_free_cred_contents (context, c);
+ free (c);
+ return 0;
+}
+
+/* XXX this do not belong here */
+static krb5_boolean
+krb5_times_equal(const krb5_times *a, const krb5_times *b)
+{
+ return a->starttime == b->starttime &&
+ a->authtime == b->authtime &&
+ a->endtime == b->endtime &&
+ a->renew_till == b->renew_till;
+}
+
+/**
+ * Return TRUE if `mcreds' and `creds' are equal (`whichfields'
+ * determines what equal means).
+ *
+ * @param context Kerberos 5 context.
+ * @param whichfields which fields to compare.
+ * @param mcreds cred to compare with.
+ * @param creds cred to compare with.
+ *
+ * @return return TRUE if mcred and creds are equal, FALSE if not.
+ *
+ * @ingroup krb5
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_compare_creds(krb5_context context, krb5_flags whichfields,
+ const krb5_creds * mcreds, const krb5_creds * creds)
+{
+ krb5_boolean match = TRUE;
+
+ if (match && mcreds->server) {
+ if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY))
+ match = krb5_principal_compare_any_realm (context, mcreds->server,
+ creds->server);
+ else
+ match = krb5_principal_compare (context, mcreds->server,
+ creds->server);
+ }
+
+ if (match && mcreds->client) {
+ if(whichfields & KRB5_TC_DONT_MATCH_REALM)
+ match = krb5_principal_compare_any_realm (context, mcreds->client,
+ creds->client);
+ else
+ match = krb5_principal_compare (context, mcreds->client,
+ creds->client);
+ }
+
+ if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE))
+ match = krb5_enctypes_compatible_keys(context,
+ mcreds->session.keytype,
+ creds->session.keytype);
+
+ if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT))
+ match = mcreds->flags.i == creds->flags.i;
+
+ if (match && (whichfields & KRB5_TC_MATCH_FLAGS))
+ match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i;
+
+ if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT))
+ match = krb5_times_equal(&mcreds->times, &creds->times);
+
+ if (match && (whichfields & KRB5_TC_MATCH_TIMES))
+ /* compare only expiration times */
+ match = (mcreds->times.renew_till <= creds->times.renew_till) &&
+ (mcreds->times.endtime <= creds->times.endtime);
+
+ if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) {
+ unsigned int i;
+ if(mcreds->authdata.len != creds->authdata.len)
+ match = FALSE;
+ else
+ for(i = 0; match && i < mcreds->authdata.len; i++)
+ match = (mcreds->authdata.val[i].ad_type ==
+ creds->authdata.val[i].ad_type) &&
+ (krb5_data_cmp(&mcreds->authdata.val[i].ad_data,
+ &creds->authdata.val[i].ad_data) == 0);
+ }
+ if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT))
+ match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0);
+
+ if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY))
+ match = ((mcreds->second_ticket.length == 0) ==
+ (creds->second_ticket.length == 0));
+
+ return match;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/crypto.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/crypto.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/crypto.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4193 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: crypto.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+/* RCSID("$FreeBSD$"); */
+
+#undef CRYPTO_DEBUG
+#ifdef CRYPTO_DEBUG
+static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*);
+#endif
+
+
+struct key_data {
+ krb5_keyblock *key;
+ krb5_data *schedule;
+};
+
+struct key_usage {
+ unsigned usage;
+ struct key_data key;
+};
+
+struct krb5_crypto_data {
+ struct encryption_type *et;
+ struct key_data key;
+ int num_key_usage;
+ struct key_usage *key_usage;
+};
+
+#define CRYPTO_ETYPE(C) ((C)->et->type)
+
+/* bits for `flags' below */
+#define F_KEYED 1 /* checksum is keyed */
+#define F_CPROOF 2 /* checksum is collision proof */
+#define F_DERIVED 4 /* uses derived keys */
+#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
+#define F_PSEUDO 16 /* not a real protocol type */
+#define F_SPECIAL 32 /* backwards */
+#define F_DISABLED 64 /* enctype/checksum disabled */
+
+struct salt_type {
+ krb5_salttype type;
+ const char *name;
+ krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data,
+ krb5_salt, krb5_data, krb5_keyblock*);
+};
+
+struct key_type {
+ krb5_keytype type; /* XXX */
+ const char *name;
+ size_t bits;
+ size_t size;
+ size_t schedule_size;
+#if 0
+ krb5_enctype best_etype;
+#endif
+ void (*random_key)(krb5_context, krb5_keyblock*);
+ void (*schedule)(krb5_context, struct key_data *);
+ struct salt_type *string_to_key;
+ void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
+};
+
+struct checksum_type {
+ krb5_cksumtype type;
+ const char *name;
+ size_t blocksize;
+ size_t checksumsize;
+ unsigned flags;
+ void (*checksum)(krb5_context context,
+ struct key_data *key,
+ const void *buf, size_t len,
+ unsigned usage,
+ Checksum *csum);
+ krb5_error_code (*verify)(krb5_context context,
+ struct key_data *key,
+ const void *buf, size_t len,
+ unsigned usage,
+ Checksum *csum);
+};
+
+struct encryption_type {
+ krb5_enctype type;
+ const char *name;
+ heim_oid *oid;
+ size_t blocksize;
+ size_t padsize;
+ size_t confoundersize;
+ struct key_type *keytype;
+ struct checksum_type *checksum;
+ struct checksum_type *keyed_checksum;
+ unsigned flags;
+ krb5_error_code (*encrypt)(krb5_context context,
+ struct key_data *key,
+ void *data, size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ivec);
+ size_t prf_length;
+ krb5_error_code (*prf)(krb5_context,
+ krb5_crypto, const krb5_data *, krb5_data *);
+};
+
+#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
+#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55)
+#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99)
+
+static struct checksum_type *_find_checksum(krb5_cksumtype type);
+static struct encryption_type *_find_enctype(krb5_enctype type);
+static struct key_type *_find_keytype(krb5_keytype type);
+static krb5_error_code _get_derived_key(krb5_context, krb5_crypto,
+ unsigned, struct key_data**);
+static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
+static krb5_error_code derive_key(krb5_context context,
+ struct encryption_type *et,
+ struct key_data *key,
+ const void *constant,
+ size_t len);
+static krb5_error_code hmac(krb5_context context,
+ struct checksum_type *cm,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ struct key_data *keyblock,
+ Checksum *result);
+static void free_key_data(krb5_context context, struct key_data *key);
+static krb5_error_code usage2arcfour (krb5_context, unsigned *);
+static void xor (DES_cblock *, const unsigned char *);
+
+/************************************************************
+ * *
+ ************************************************************/
+
+static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
+
+
+static void
+krb5_DES_random_key(krb5_context context,
+ krb5_keyblock *key)
+{
+ DES_cblock *k = key->keyvalue.data;
+ do {
+ krb5_generate_random_block(k, sizeof(DES_cblock));
+ DES_set_odd_parity(k);
+ } while(DES_is_weak_key(k));
+}
+
+static void
+krb5_DES_schedule(krb5_context context,
+ struct key_data *key)
+{
+ DES_set_key(key->key->keyvalue.data, key->schedule->data);
+}
+
+#ifdef ENABLE_AFS_STRING_TO_KEY
+
+/* This defines the Andrew string_to_key function. It accepts a password
+ * string as input and converts it via a one-way encryption algorithm to a DES
+ * encryption key. It is compatible with the original Andrew authentication
+ * service password database.
+ */
+
+/*
+ * Short passwords, i.e 8 characters or less.
+ */
+static void
+krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
+ krb5_data cell,
+ DES_cblock *key)
+{
+ char password[8+1]; /* crypt is limited to 8 chars anyway */
+ int i;
+
+ for(i = 0; i < 8; i++) {
+ char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
+ ((i < cell.length) ?
+ tolower(((unsigned char*)cell.data)[i]) : 0);
+ password[i] = c ? c : 'X';
+ }
+ password[8] = '\0';
+
+ memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock));
+
+ /* parity is inserted into the LSB so left shift each byte up one
+ bit. This allows ascii characters with a zero MSB to retain as
+ much significance as possible. */
+ for (i = 0; i < sizeof(DES_cblock); i++)
+ ((unsigned char*)key)[i] <<= 1;
+ DES_set_odd_parity (key);
+}
+
+/*
+ * Long passwords, i.e 9 characters or more.
+ */
+static void
+krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
+ krb5_data cell,
+ DES_cblock *key)
+{
+ DES_key_schedule schedule;
+ DES_cblock temp_key;
+ DES_cblock ivec;
+ char password[512];
+ size_t passlen;
+
+ memcpy(password, pw.data, min(pw.length, sizeof(password)));
+ if(pw.length < sizeof(password)) {
+ int len = min(cell.length, sizeof(password) - pw.length);
+ int i;
+
+ memcpy(password + pw.length, cell.data, len);
+ for (i = pw.length; i < pw.length + len; ++i)
+ password[i] = tolower((unsigned char)password[i]);
+ }
+ passlen = min(sizeof(password), pw.length + cell.length);
+ memcpy(&ivec, "kerberos", 8);
+ memcpy(&temp_key, "kerberos", 8);
+ DES_set_odd_parity (&temp_key);
+ DES_set_key (&temp_key, &schedule);
+ DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec);
+
+ memcpy(&temp_key, &ivec, 8);
+ DES_set_odd_parity (&temp_key);
+ DES_set_key (&temp_key, &schedule);
+ DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec);
+ memset(&schedule, 0, sizeof(schedule));
+ memset(&temp_key, 0, sizeof(temp_key));
+ memset(&ivec, 0, sizeof(ivec));
+ memset(password, 0, sizeof(password));
+
+ DES_set_odd_parity (key);
+}
+
+static krb5_error_code
+DES_AFS3_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ DES_cblock tmp;
+ if(password.length > 8)
+ krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
+ else
+ krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp);
+ key->keytype = enctype;
+ krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
+ memset(&key, 0, sizeof(key));
+ return 0;
+}
+#endif /* ENABLE_AFS_STRING_TO_KEY */
+
+static void
+DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
+{
+ DES_key_schedule schedule;
+ int i;
+ int reverse = 0;
+ unsigned char *p;
+
+ unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
+ 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
+ memset(key, 0, 8);
+
+ p = (unsigned char*)key;
+ for (i = 0; i < length; i++) {
+ unsigned char tmp = data[i];
+ if (!reverse)
+ *p++ ^= (tmp << 1);
+ else
+ *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
+ if((i % 8) == 7)
+ reverse = !reverse;
+ }
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+ DES_set_key(key, &schedule);
+ DES_cbc_cksum((void*)data, key, length, &schedule, key);
+ memset(&schedule, 0, sizeof(schedule));
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+}
+
+static krb5_error_code
+krb5_DES_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ unsigned char *s;
+ size_t len;
+ DES_cblock tmp;
+
+#ifdef ENABLE_AFS_STRING_TO_KEY
+ if (opaque.length == 1) {
+ unsigned long v;
+ _krb5_get_int(opaque.data, &v, 1);
+ if (v == 1)
+ return DES_AFS3_string_to_key(context, enctype, password,
+ salt, opaque, key);
+ }
+#endif
+
+ len = password.length + salt.saltvalue.length;
+ s = malloc(len);
+ if(len > 0 && s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(s, password.data, password.length);
+ memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
+ DES_string_to_key_int(s, len, &tmp);
+ key->keytype = enctype;
+ krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
+ memset(&tmp, 0, sizeof(tmp));
+ memset(s, 0, len);
+ free(s);
+ return 0;
+}
+
+static void
+krb5_DES_random_to_key(krb5_context context,
+ krb5_keyblock *key,
+ const void *data,
+ size_t size)
+{
+ DES_cblock *k = key->keyvalue.data;
+ memcpy(k, data, key->keyvalue.length);
+ DES_set_odd_parity(k);
+ if(DES_is_weak_key(k))
+ xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
+}
+
+/*
+ *
+ */
+
+static void
+DES3_random_key(krb5_context context,
+ krb5_keyblock *key)
+{
+ DES_cblock *k = key->keyvalue.data;
+ do {
+ krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
+ DES_set_odd_parity(&k[0]);
+ DES_set_odd_parity(&k[1]);
+ DES_set_odd_parity(&k[2]);
+ } while(DES_is_weak_key(&k[0]) ||
+ DES_is_weak_key(&k[1]) ||
+ DES_is_weak_key(&k[2]));
+}
+
+static void
+DES3_schedule(krb5_context context,
+ struct key_data *key)
+{
+ DES_cblock *k = key->key->keyvalue.data;
+ DES_key_schedule *s = key->schedule->data;
+ DES_set_key(&k[0], &s[0]);
+ DES_set_key(&k[1], &s[1]);
+ DES_set_key(&k[2], &s[2]);
+}
+
+/*
+ * A = A xor B. A & B are 8 bytes.
+ */
+
+static void
+xor (DES_cblock *key, const unsigned char *b)
+{
+ unsigned char *a = (unsigned char*)key;
+ a[0] ^= b[0];
+ a[1] ^= b[1];
+ a[2] ^= b[2];
+ a[3] ^= b[3];
+ a[4] ^= b[4];
+ a[5] ^= b[5];
+ a[6] ^= b[6];
+ a[7] ^= b[7];
+}
+
+static krb5_error_code
+DES3_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ char *str;
+ size_t len;
+ unsigned char tmp[24];
+ DES_cblock keys[3];
+ krb5_error_code ret;
+
+ len = password.length + salt.saltvalue.length;
+ str = malloc(len);
+ if(len != 0 && str == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(str, password.data, password.length);
+ memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
+ {
+ DES_cblock ivec;
+ DES_key_schedule s[3];
+ int i;
+
+ ret = _krb5_n_fold(str, len, tmp, 24);
+ if (ret) {
+ memset(str, 0, len);
+ free(str);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+
+ for(i = 0; i < 3; i++){
+ memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
+ DES_set_odd_parity(keys + i);
+ if(DES_is_weak_key(keys + i))
+ xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
+ DES_set_key(keys + i, &s[i]);
+ }
+ memset(&ivec, 0, sizeof(ivec));
+ DES_ede3_cbc_encrypt(tmp,
+ tmp, sizeof(tmp),
+ &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
+ memset(s, 0, sizeof(s));
+ memset(&ivec, 0, sizeof(ivec));
+ for(i = 0; i < 3; i++){
+ memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
+ DES_set_odd_parity(keys + i);
+ if(DES_is_weak_key(keys + i))
+ xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
+ }
+ memset(tmp, 0, sizeof(tmp));
+ }
+ key->keytype = enctype;
+ krb5_data_copy(&key->keyvalue, keys, sizeof(keys));
+ memset(keys, 0, sizeof(keys));
+ memset(str, 0, len);
+ free(str);
+ return 0;
+}
+
+static krb5_error_code
+DES3_string_to_key_derived(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ size_t len = password.length + salt.saltvalue.length;
+ char *s;
+
+ s = malloc(len);
+ if(len != 0 && s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(s, password.data, password.length);
+ memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
+ ret = krb5_string_to_key_derived(context,
+ s,
+ len,
+ enctype,
+ key);
+ memset(s, 0, len);
+ free(s);
+ return ret;
+}
+
+static void
+DES3_random_to_key(krb5_context context,
+ krb5_keyblock *key,
+ const void *data,
+ size_t size)
+{
+ unsigned char *x = key->keyvalue.data;
+ const u_char *q = data;
+ DES_cblock *k;
+ int i, j;
+
+ memset(x, 0, sizeof(x));
+ for (i = 0; i < 3; ++i) {
+ unsigned char foo;
+ for (j = 0; j < 7; ++j) {
+ unsigned char b = q[7 * i + j];
+
+ x[8 * i + j] = b;
+ }
+ foo = 0;
+ for (j = 6; j >= 0; --j) {
+ foo |= q[7 * i + j] & 1;
+ foo <<= 1;
+ }
+ x[8 * i + 7] = foo;
+ }
+ k = key->keyvalue.data;
+ for (i = 0; i < 3; i++) {
+ DES_set_odd_parity(&k[i]);
+ if(DES_is_weak_key(&k[i]))
+ xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
+ }
+}
+
+/*
+ * ARCFOUR
+ */
+
+static void
+ARCFOUR_schedule(krb5_context context,
+ struct key_data *kd)
+{
+ RC4_set_key (kd->schedule->data,
+ kd->key->keyvalue.length, kd->key->keyvalue.data);
+}
+
+static krb5_error_code
+ARCFOUR_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ char *s, *p;
+ size_t len;
+ int i;
+ MD4_CTX m;
+ krb5_error_code ret;
+
+ len = 2 * password.length;
+ s = malloc (len);
+ if (len != 0 && s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ for (p = s, i = 0; i < password.length; ++i) {
+ *p++ = ((char *)password.data)[i];
+ *p++ = 0;
+ }
+ MD4_Init (&m);
+ MD4_Update (&m, s, len);
+ key->keytype = enctype;
+ ret = krb5_data_alloc (&key->keyvalue, 16);
+ if (ret) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out;
+ }
+ MD4_Final (key->keyvalue.data, &m);
+ memset (s, 0, len);
+ ret = 0;
+out:
+ free (s);
+ return ret;
+}
+
+/*
+ * AES
+ */
+
+int _krb5_AES_string_to_default_iterator = 4096;
+
+static krb5_error_code
+AES_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ uint32_t iter;
+ struct encryption_type *et;
+ struct key_data kd;
+
+ if (opaque.length == 0)
+ iter = _krb5_AES_string_to_default_iterator;
+ else if (opaque.length == 4) {
+ unsigned long v;
+ _krb5_get_int(opaque.data, &v, 4);
+ iter = ((uint32_t)v);
+ } else
+ return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
+
+ et = _find_enctype(enctype);
+ if (et == NULL)
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+
+ kd.schedule = NULL;
+ ALLOC(kd.key, 1);
+ if(kd.key == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ kd.key->keytype = enctype;
+ ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to allocate pkcs5 key");
+ return ret;
+ }
+
+ ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
+ salt.saltvalue.data, salt.saltvalue.length,
+ iter,
+ et->keytype->size, kd.key->keyvalue.data);
+ if (ret != 1) {
+ free_key_data(context, &kd);
+ krb5_set_error_string(context, "Error calculating s2k");
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+ }
+
+ ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
+ if (ret == 0)
+ ret = krb5_copy_keyblock_contents(context, kd.key, key);
+ free_key_data(context, &kd);
+
+ return ret;
+}
+
+struct krb5_aes_schedule {
+ AES_KEY ekey;
+ AES_KEY dkey;
+};
+
+static void
+AES_schedule(krb5_context context,
+ struct key_data *kd)
+{
+ struct krb5_aes_schedule *key = kd->schedule->data;
+ int bits = kd->key->keyvalue.length * 8;
+
+ memset(key, 0, sizeof(*key));
+ AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey);
+ AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey);
+}
+
+/*
+ *
+ */
+
+static struct salt_type des_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ krb5_DES_string_to_key
+ },
+#ifdef ENABLE_AFS_STRING_TO_KEY
+ {
+ KRB5_AFS3_SALT,
+ "afs3-salt",
+ DES_AFS3_string_to_key
+ },
+#endif
+ { 0 }
+};
+
+static struct salt_type des3_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ DES3_string_to_key
+ },
+ { 0 }
+};
+
+static struct salt_type des3_salt_derived[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ DES3_string_to_key_derived
+ },
+ { 0 }
+};
+
+static struct salt_type AES_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ AES_string_to_key
+ },
+ { 0 }
+};
+
+static struct salt_type arcfour_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ ARCFOUR_string_to_key
+ },
+ { 0 }
+};
+
+/*
+ *
+ */
+
+static struct key_type keytype_null = {
+ KEYTYPE_NULL,
+ "null",
+ 0,
+ 0,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+
+static struct key_type keytype_des = {
+ KEYTYPE_DES,
+ "des",
+ 56,
+ sizeof(DES_cblock),
+ sizeof(DES_key_schedule),
+ krb5_DES_random_key,
+ krb5_DES_schedule,
+ des_salt,
+ krb5_DES_random_to_key
+};
+
+static struct key_type keytype_des3 = {
+ KEYTYPE_DES3,
+ "des3",
+ 168,
+ 3 * sizeof(DES_cblock),
+ 3 * sizeof(DES_key_schedule),
+ DES3_random_key,
+ DES3_schedule,
+ des3_salt,
+ DES3_random_to_key
+};
+
+static struct key_type keytype_des3_derived = {
+ KEYTYPE_DES3,
+ "des3",
+ 168,
+ 3 * sizeof(DES_cblock),
+ 3 * sizeof(DES_key_schedule),
+ DES3_random_key,
+ DES3_schedule,
+ des3_salt_derived,
+ DES3_random_to_key
+};
+
+static struct key_type keytype_aes128 = {
+ KEYTYPE_AES128,
+ "aes-128",
+ 128,
+ 16,
+ sizeof(struct krb5_aes_schedule),
+ NULL,
+ AES_schedule,
+ AES_salt
+};
+
+static struct key_type keytype_aes256 = {
+ KEYTYPE_AES256,
+ "aes-256",
+ 256,
+ 32,
+ sizeof(struct krb5_aes_schedule),
+ NULL,
+ AES_schedule,
+ AES_salt
+};
+
+static struct key_type keytype_arcfour = {
+ KEYTYPE_ARCFOUR,
+ "arcfour",
+ 128,
+ 16,
+ sizeof(RC4_KEY),
+ NULL,
+ ARCFOUR_schedule,
+ arcfour_salt
+};
+
+static struct key_type *keytypes[] = {
+ &keytype_null,
+ &keytype_des,
+ &keytype_des3_derived,
+ &keytype_des3,
+ &keytype_aes128,
+ &keytype_aes256,
+ &keytype_arcfour
+};
+
+static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]);
+
+static struct key_type *
+_find_keytype(krb5_keytype type)
+{
+ int i;
+ for(i = 0; i < num_keytypes; i++)
+ if(keytypes[i]->type == type)
+ return keytypes[i];
+ return NULL;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_salttype_to_string (krb5_context context,
+ krb5_enctype etype,
+ krb5_salttype stype,
+ char **string)
+{
+ struct encryption_type *e;
+ struct salt_type *st;
+
+ e = _find_enctype (etype);
+ if (e == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ for (st = e->keytype->string_to_key; st && st->type; st++) {
+ if (st->type == stype) {
+ *string = strdup (st->name);
+ if (*string == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "salttype %d not supported", stype);
+ return HEIM_ERR_SALTTYPE_NOSUPP;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_salttype (krb5_context context,
+ krb5_enctype etype,
+ const char *string,
+ krb5_salttype *salttype)
+{
+ struct encryption_type *e;
+ struct salt_type *st;
+
+ e = _find_enctype (etype);
+ if (e == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ for (st = e->keytype->string_to_key; st && st->type; st++) {
+ if (strcasecmp (st->name, string) == 0) {
+ *salttype = st->type;
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "salttype %s not supported", string);
+ return HEIM_ERR_SALTTYPE_NOSUPP;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_pw_salt(krb5_context context,
+ krb5_const_principal principal,
+ krb5_salt *salt)
+{
+ size_t len;
+ int i;
+ krb5_error_code ret;
+ char *p;
+
+ salt->salttype = KRB5_PW_SALT;
+ len = strlen(principal->realm);
+ for (i = 0; i < principal->name.name_string.len; ++i)
+ len += strlen(principal->name.name_string.val[i]);
+ ret = krb5_data_alloc (&salt->saltvalue, len);
+ if (ret)
+ return ret;
+ p = salt->saltvalue.data;
+ memcpy (p, principal->realm, strlen(principal->realm));
+ p += strlen(principal->realm);
+ for (i = 0; i < principal->name.name_string.len; ++i) {
+ memcpy (p,
+ principal->name.name_string.val[i],
+ strlen(principal->name.name_string.val[i]));
+ p += strlen(principal->name.name_string.val[i]);
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_salt(krb5_context context,
+ krb5_salt salt)
+{
+ krb5_data_free(&salt.saltvalue);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_data (krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_principal principal,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ krb5_salt salt;
+
+ ret = krb5_get_pw_salt(context, principal, &salt);
+ if(ret)
+ return ret;
+ ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key);
+ krb5_free_salt(context, salt);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key (krb5_context context,
+ krb5_enctype enctype,
+ const char *password,
+ krb5_principal principal,
+ krb5_keyblock *key)
+{
+ krb5_data pw;
+ pw.data = rk_UNCONST(password);
+ pw.length = strlen(password);
+ return krb5_string_to_key_data(context, enctype, pw, principal, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_data_salt (krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_keyblock *key)
+{
+ krb5_data opaque;
+ krb5_data_zero(&opaque);
+ return krb5_string_to_key_data_salt_opaque(context, enctype, password,
+ salt, opaque, key);
+}
+
+/*
+ * Do a string -> key for encryption type `enctype' operation on
+ * `password' (with salt `salt' and the enctype specific data string
+ * `opaque'), returning the resulting key in `key'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_data_salt_opaque (krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ struct encryption_type *et =_find_enctype(enctype);
+ struct salt_type *st;
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ enctype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ for(st = et->keytype->string_to_key; st && st->type; st++)
+ if(st->type == salt.salttype)
+ return (*st->string_to_key)(context, enctype, password,
+ salt, opaque, key);
+ krb5_set_error_string(context, "salt type %d not supported",
+ salt.salttype);
+ return HEIM_ERR_SALTTYPE_NOSUPP;
+}
+
+/*
+ * Do a string -> key for encryption type `enctype' operation on the
+ * string `password' (with salt `salt'), returning the resulting key
+ * in `key'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_salt (krb5_context context,
+ krb5_enctype enctype,
+ const char *password,
+ krb5_salt salt,
+ krb5_keyblock *key)
+{
+ krb5_data pw;
+ pw.data = rk_UNCONST(password);
+ pw.length = strlen(password);
+ return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_salt_opaque (krb5_context context,
+ krb5_enctype enctype,
+ const char *password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ krb5_data pw;
+ pw.data = rk_UNCONST(password);
+ pw.length = strlen(password);
+ return krb5_string_to_key_data_salt_opaque(context, enctype,
+ pw, salt, opaque, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_string(krb5_context context,
+ krb5_keytype keytype,
+ char **string)
+{
+ struct key_type *kt = _find_keytype(keytype);
+ if(kt == NULL) {
+ krb5_set_error_string(context, "key type %d not supported", keytype);
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+ }
+ *string = strdup(kt->name);
+ if(*string == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_keytype(krb5_context context,
+ const char *string,
+ krb5_keytype *keytype)
+{
+ int i;
+ for(i = 0; i < num_keytypes; i++)
+ if(strcasecmp(keytypes[i]->name, string) == 0){
+ *keytype = keytypes[i]->type;
+ return 0;
+ }
+ krb5_set_error_string(context, "key type %s not supported", string);
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_keysize(krb5_context context,
+ krb5_enctype type,
+ size_t *keysize)
+{
+ struct encryption_type *et = _find_enctype(type);
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ *keysize = et->keytype->size;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_keybits(krb5_context context,
+ krb5_enctype type,
+ size_t *keybits)
+{
+ struct encryption_type *et = _find_enctype(type);
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ *keybits = et->keytype->bits;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_random_keyblock(krb5_context context,
+ krb5_enctype type,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ struct encryption_type *et = _find_enctype(type);
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
+ if(ret)
+ return ret;
+ key->keytype = type;
+ if(et->keytype->random_key)
+ (*et->keytype->random_key)(context, key);
+ else
+ krb5_generate_random_block(key->keyvalue.data,
+ key->keyvalue.length);
+ return 0;
+}
+
+static krb5_error_code
+_key_schedule(krb5_context context,
+ struct key_data *key)
+{
+ krb5_error_code ret;
+ struct encryption_type *et = _find_enctype(key->key->keytype);
+ struct key_type *kt = et->keytype;
+
+ if(kt->schedule == NULL)
+ return 0;
+ if (key->schedule != NULL)
+ return 0;
+ ALLOC(key->schedule, 1);
+ if(key->schedule == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_data_alloc(key->schedule, kt->schedule_size);
+ if(ret) {
+ free(key->schedule);
+ key->schedule = NULL;
+ return ret;
+ }
+ (*kt->schedule)(context, key);
+ return 0;
+}
+
+/************************************************************
+ * *
+ ************************************************************/
+
+static void
+NONE_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+}
+
+static void
+CRC32_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ uint32_t crc;
+ unsigned char *r = C->checksum.data;
+ _krb5_crc_init_table ();
+ crc = _krb5_crc_update (data, len, 0);
+ r[0] = crc & 0xff;
+ r[1] = (crc >> 8) & 0xff;
+ r[2] = (crc >> 16) & 0xff;
+ r[3] = (crc >> 24) & 0xff;
+}
+
+static void
+RSA_MD4_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD4_CTX m;
+
+ MD4_Init (&m);
+ MD4_Update (&m, data, len);
+ MD4_Final (C->checksum.data, &m);
+}
+
+static void
+RSA_MD4_DES_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *cksum)
+{
+ MD4_CTX md4;
+ DES_cblock ivec;
+ unsigned char *p = cksum->checksum.data;
+
+ krb5_generate_random_block(p, 8);
+ MD4_Init (&md4);
+ MD4_Update (&md4, p, 8);
+ MD4_Update (&md4, data, len);
+ MD4_Final (p + 8, &md4);
+ memset (&ivec, 0, sizeof(ivec));
+ DES_cbc_encrypt(p,
+ p,
+ 24,
+ key->schedule->data,
+ &ivec,
+ DES_ENCRYPT);
+}
+
+static krb5_error_code
+RSA_MD4_DES_verify(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD4_CTX md4;
+ unsigned char tmp[24];
+ unsigned char res[16];
+ DES_cblock ivec;
+ krb5_error_code ret = 0;
+
+ memset(&ivec, 0, sizeof(ivec));
+ DES_cbc_encrypt(C->checksum.data,
+ (void*)tmp,
+ C->checksum.length,
+ key->schedule->data,
+ &ivec,
+ DES_DECRYPT);
+ MD4_Init (&md4);
+ MD4_Update (&md4, tmp, 8); /* confounder */
+ MD4_Update (&md4, data, len);
+ MD4_Final (res, &md4);
+ if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ }
+ memset(tmp, 0, sizeof(tmp));
+ memset(res, 0, sizeof(res));
+ return ret;
+}
+
+static void
+RSA_MD5_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD5_CTX m;
+
+ MD5_Init (&m);
+ MD5_Update(&m, data, len);
+ MD5_Final (C->checksum.data, &m);
+}
+
+static void
+RSA_MD5_DES_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD5_CTX md5;
+ DES_cblock ivec;
+ unsigned char *p = C->checksum.data;
+
+ krb5_generate_random_block(p, 8);
+ MD5_Init (&md5);
+ MD5_Update (&md5, p, 8);
+ MD5_Update (&md5, data, len);
+ MD5_Final (p + 8, &md5);
+ memset (&ivec, 0, sizeof(ivec));
+ DES_cbc_encrypt(p,
+ p,
+ 24,
+ key->schedule->data,
+ &ivec,
+ DES_ENCRYPT);
+}
+
+static krb5_error_code
+RSA_MD5_DES_verify(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD5_CTX md5;
+ unsigned char tmp[24];
+ unsigned char res[16];
+ DES_cblock ivec;
+ DES_key_schedule *sched = key->schedule->data;
+ krb5_error_code ret = 0;
+
+ memset(&ivec, 0, sizeof(ivec));
+ DES_cbc_encrypt(C->checksum.data,
+ (void*)tmp,
+ C->checksum.length,
+ &sched[0],
+ &ivec,
+ DES_DECRYPT);
+ MD5_Init (&md5);
+ MD5_Update (&md5, tmp, 8); /* confounder */
+ MD5_Update (&md5, data, len);
+ MD5_Final (res, &md5);
+ if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ }
+ memset(tmp, 0, sizeof(tmp));
+ memset(res, 0, sizeof(res));
+ return ret;
+}
+
+static void
+RSA_MD5_DES3_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD5_CTX md5;
+ DES_cblock ivec;
+ unsigned char *p = C->checksum.data;
+ DES_key_schedule *sched = key->schedule->data;
+
+ krb5_generate_random_block(p, 8);
+ MD5_Init (&md5);
+ MD5_Update (&md5, p, 8);
+ MD5_Update (&md5, data, len);
+ MD5_Final (p + 8, &md5);
+ memset (&ivec, 0, sizeof(ivec));
+ DES_ede3_cbc_encrypt(p,
+ p,
+ 24,
+ &sched[0], &sched[1], &sched[2],
+ &ivec,
+ DES_ENCRYPT);
+}
+
+static krb5_error_code
+RSA_MD5_DES3_verify(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ MD5_CTX md5;
+ unsigned char tmp[24];
+ unsigned char res[16];
+ DES_cblock ivec;
+ DES_key_schedule *sched = key->schedule->data;
+ krb5_error_code ret = 0;
+
+ memset(&ivec, 0, sizeof(ivec));
+ DES_ede3_cbc_encrypt(C->checksum.data,
+ (void*)tmp,
+ C->checksum.length,
+ &sched[0], &sched[1], &sched[2],
+ &ivec,
+ DES_DECRYPT);
+ MD5_Init (&md5);
+ MD5_Update (&md5, tmp, 8); /* confounder */
+ MD5_Update (&md5, data, len);
+ MD5_Final (res, &md5);
+ if(memcmp(res, tmp + 8, sizeof(res)) != 0) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ }
+ memset(tmp, 0, sizeof(tmp));
+ memset(res, 0, sizeof(res));
+ return ret;
+}
+
+static void
+SHA1_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *C)
+{
+ SHA_CTX m;
+
+ SHA1_Init(&m);
+ SHA1_Update(&m, data, len);
+ SHA1_Final(C->checksum.data, &m);
+}
+
+/* HMAC according to RFC2104 */
+static krb5_error_code
+hmac(krb5_context context,
+ struct checksum_type *cm,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ struct key_data *keyblock,
+ Checksum *result)
+{
+ unsigned char *ipad, *opad;
+ unsigned char *key;
+ size_t key_len;
+ int i;
+
+ ipad = malloc(cm->blocksize + len);
+ if (ipad == NULL)
+ return ENOMEM;
+ opad = malloc(cm->blocksize + cm->checksumsize);
+ if (opad == NULL) {
+ free(ipad);
+ return ENOMEM;
+ }
+ memset(ipad, 0x36, cm->blocksize);
+ memset(opad, 0x5c, cm->blocksize);
+
+ if(keyblock->key->keyvalue.length > cm->blocksize){
+ (*cm->checksum)(context,
+ keyblock,
+ keyblock->key->keyvalue.data,
+ keyblock->key->keyvalue.length,
+ usage,
+ result);
+ key = result->checksum.data;
+ key_len = result->checksum.length;
+ } else {
+ key = keyblock->key->keyvalue.data;
+ key_len = keyblock->key->keyvalue.length;
+ }
+ for(i = 0; i < key_len; i++){
+ ipad[i] ^= key[i];
+ opad[i] ^= key[i];
+ }
+ memcpy(ipad + cm->blocksize, data, len);
+ (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
+ usage, result);
+ memcpy(opad + cm->blocksize, result->checksum.data,
+ result->checksum.length);
+ (*cm->checksum)(context, keyblock, opad,
+ cm->blocksize + cm->checksumsize, usage, result);
+ memset(ipad, 0, cm->blocksize + len);
+ free(ipad);
+ memset(opad, 0, cm->blocksize + cm->checksumsize);
+ free(opad);
+
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_hmac(krb5_context context,
+ krb5_cksumtype cktype,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ krb5_keyblock *key,
+ Checksum *result)
+{
+ struct checksum_type *c = _find_checksum(cktype);
+ struct key_data kd;
+ krb5_error_code ret;
+
+ if (c == NULL) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ cktype);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+
+ kd.key = key;
+ kd.schedule = NULL;
+
+ ret = hmac(context, c, data, len, usage, &kd, result);
+
+ if (kd.schedule)
+ krb5_free_data(context, kd.schedule);
+
+ return ret;
+ }
+
+static void
+SP_HMAC_SHA1_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *result)
+{
+ struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
+ Checksum res;
+ char sha1_data[20];
+ krb5_error_code ret;
+
+ res.checksum.data = sha1_data;
+ res.checksum.length = sizeof(sha1_data);
+
+ ret = hmac(context, c, data, len, usage, key, &res);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+ memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
+}
+
+/*
+ * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
+ */
+
+static void
+HMAC_MD5_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *result)
+{
+ MD5_CTX md5;
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ const char signature[] = "signaturekey";
+ Checksum ksign_c;
+ struct key_data ksign;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ unsigned char tmp[16];
+ unsigned char ksign_c_data[16];
+ krb5_error_code ret;
+
+ ksign_c.checksum.length = sizeof(ksign_c_data);
+ ksign_c.checksum.data = ksign_c_data;
+ ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+ ksign.key = &kb;
+ kb.keyvalue = ksign_c.checksum;
+ MD5_Init (&md5);
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+ MD5_Update (&md5, t, 4);
+ MD5_Update (&md5, data, len);
+ MD5_Final (tmp, &md5);
+ ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+}
+
+/*
+ * same as previous but being used while encrypting.
+ */
+
+static void
+HMAC_MD5_checksum_enc(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *result)
+{
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ Checksum ksign_c;
+ struct key_data ksign;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ unsigned char ksign_c_data[16];
+ krb5_error_code ret;
+
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+
+ ksign_c.checksum.length = sizeof(ksign_c_data);
+ ksign_c.checksum.data = ksign_c_data;
+ ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+ ksign.key = &kb;
+ kb.keyvalue = ksign_c.checksum;
+ ret = hmac(context, c, data, len, 0, &ksign, result);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+}
+
+static struct checksum_type checksum_none = {
+ CKSUMTYPE_NONE,
+ "none",
+ 1,
+ 0,
+ 0,
+ NONE_checksum,
+ NULL
+};
+static struct checksum_type checksum_crc32 = {
+ CKSUMTYPE_CRC32,
+ "crc32",
+ 1,
+ 4,
+ 0,
+ CRC32_checksum,
+ NULL
+};
+static struct checksum_type checksum_rsa_md4 = {
+ CKSUMTYPE_RSA_MD4,
+ "rsa-md4",
+ 64,
+ 16,
+ F_CPROOF,
+ RSA_MD4_checksum,
+ NULL
+};
+static struct checksum_type checksum_rsa_md4_des = {
+ CKSUMTYPE_RSA_MD4_DES,
+ "rsa-md4-des",
+ 64,
+ 24,
+ F_KEYED | F_CPROOF | F_VARIANT,
+ RSA_MD4_DES_checksum,
+ RSA_MD4_DES_verify
+};
+#if 0
+static struct checksum_type checksum_des_mac = {
+ CKSUMTYPE_DES_MAC,
+ "des-mac",
+ 0,
+ 0,
+ 0,
+ DES_MAC_checksum
+};
+static struct checksum_type checksum_des_mac_k = {
+ CKSUMTYPE_DES_MAC_K,
+ "des-mac-k",
+ 0,
+ 0,
+ 0,
+ DES_MAC_K_checksum
+};
+static struct checksum_type checksum_rsa_md4_des_k = {
+ CKSUMTYPE_RSA_MD4_DES_K,
+ "rsa-md4-des-k",
+ 0,
+ 0,
+ 0,
+ RSA_MD4_DES_K_checksum,
+ RSA_MD4_DES_K_verify
+};
+#endif
+static struct checksum_type checksum_rsa_md5 = {
+ CKSUMTYPE_RSA_MD5,
+ "rsa-md5",
+ 64,
+ 16,
+ F_CPROOF,
+ RSA_MD5_checksum,
+ NULL
+};
+static struct checksum_type checksum_rsa_md5_des = {
+ CKSUMTYPE_RSA_MD5_DES,
+ "rsa-md5-des",
+ 64,
+ 24,
+ F_KEYED | F_CPROOF | F_VARIANT,
+ RSA_MD5_DES_checksum,
+ RSA_MD5_DES_verify
+};
+static struct checksum_type checksum_rsa_md5_des3 = {
+ CKSUMTYPE_RSA_MD5_DES3,
+ "rsa-md5-des3",
+ 64,
+ 24,
+ F_KEYED | F_CPROOF | F_VARIANT,
+ RSA_MD5_DES3_checksum,
+ RSA_MD5_DES3_verify
+};
+static struct checksum_type checksum_sha1 = {
+ CKSUMTYPE_SHA1,
+ "sha1",
+ 64,
+ 20,
+ F_CPROOF,
+ SHA1_checksum,
+ NULL
+};
+static struct checksum_type checksum_hmac_sha1_des3 = {
+ CKSUMTYPE_HMAC_SHA1_DES3,
+ "hmac-sha1-des3",
+ 64,
+ 20,
+ F_KEYED | F_CPROOF | F_DERIVED,
+ SP_HMAC_SHA1_checksum,
+ NULL
+};
+
+static struct checksum_type checksum_hmac_sha1_aes128 = {
+ CKSUMTYPE_HMAC_SHA1_96_AES_128,
+ "hmac-sha1-96-aes128",
+ 64,
+ 12,
+ F_KEYED | F_CPROOF | F_DERIVED,
+ SP_HMAC_SHA1_checksum,
+ NULL
+};
+
+static struct checksum_type checksum_hmac_sha1_aes256 = {
+ CKSUMTYPE_HMAC_SHA1_96_AES_256,
+ "hmac-sha1-96-aes256",
+ 64,
+ 12,
+ F_KEYED | F_CPROOF | F_DERIVED,
+ SP_HMAC_SHA1_checksum,
+ NULL
+};
+
+static struct checksum_type checksum_hmac_md5 = {
+ CKSUMTYPE_HMAC_MD5,
+ "hmac-md5",
+ 64,
+ 16,
+ F_KEYED | F_CPROOF,
+ HMAC_MD5_checksum,
+ NULL
+};
+
+static struct checksum_type checksum_hmac_md5_enc = {
+ CKSUMTYPE_HMAC_MD5_ENC,
+ "hmac-md5-enc",
+ 64,
+ 16,
+ F_KEYED | F_CPROOF | F_PSEUDO,
+ HMAC_MD5_checksum_enc,
+ NULL
+};
+
+static struct checksum_type *checksum_types[] = {
+ &checksum_none,
+ &checksum_crc32,
+ &checksum_rsa_md4,
+ &checksum_rsa_md4_des,
+#if 0
+ &checksum_des_mac,
+ &checksum_des_mac_k,
+ &checksum_rsa_md4_des_k,
+#endif
+ &checksum_rsa_md5,
+ &checksum_rsa_md5_des,
+ &checksum_rsa_md5_des3,
+ &checksum_sha1,
+ &checksum_hmac_sha1_des3,
+ &checksum_hmac_sha1_aes128,
+ &checksum_hmac_sha1_aes256,
+ &checksum_hmac_md5,
+ &checksum_hmac_md5_enc
+};
+
+static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
+
+static struct checksum_type *
+_find_checksum(krb5_cksumtype type)
+{
+ int i;
+ for(i = 0; i < num_checksums; i++)
+ if(checksum_types[i]->type == type)
+ return checksum_types[i];
+ return NULL;
+}
+
+static krb5_error_code
+get_checksum_key(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage, /* not krb5_key_usage */
+ struct checksum_type *ct,
+ struct key_data **key)
+{
+ krb5_error_code ret = 0;
+
+ if(ct->flags & F_DERIVED)
+ ret = _get_derived_key(context, crypto, usage, key);
+ else if(ct->flags & F_VARIANT) {
+ int i;
+
+ *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
+ if(*key == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key);
+ if(ret)
+ return ret;
+ for(i = 0; i < (*key)->key->keyvalue.length; i++)
+ ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0;
+ } else {
+ *key = &crypto->key;
+ }
+ if(ret == 0)
+ ret = _key_schedule(context, *key);
+ return ret;
+}
+
+static krb5_error_code
+create_checksum (krb5_context context,
+ struct checksum_type *ct,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ Checksum *result)
+{
+ krb5_error_code ret;
+ struct key_data *dkey;
+ int keyed_checksum;
+
+ if (ct->flags & F_DISABLED) {
+ krb5_clear_error_string (context);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ keyed_checksum = (ct->flags & F_KEYED) != 0;
+ if(keyed_checksum && crypto == NULL) {
+ krb5_set_error_string (context, "Checksum type %s is keyed "
+ "but no crypto context (key) was passed in",
+ ct->name);
+ return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
+ }
+ if(keyed_checksum) {
+ ret = get_checksum_key(context, crypto, usage, ct, &dkey);
+ if (ret)
+ return ret;
+ } else
+ dkey = NULL;
+ result->cksumtype = ct->type;
+ ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
+ if (ret)
+ return (ret);
+ (*ct->checksum)(context, dkey, data, len, usage, result);
+ return 0;
+}
+
+static int
+arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
+{
+ return (ct->type == CKSUMTYPE_HMAC_MD5) &&
+ (crypto->key.key->keytype == KEYTYPE_ARCFOUR);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_create_checksum(krb5_context context,
+ krb5_crypto crypto,
+ krb5_key_usage usage,
+ int type,
+ void *data,
+ size_t len,
+ Checksum *result)
+{
+ struct checksum_type *ct = NULL;
+ unsigned keyusage;
+
+ /* type 0 -> pick from crypto */
+ if (type) {
+ ct = _find_checksum(type);
+ } else if (crypto) {
+ ct = crypto->et->keyed_checksum;
+ if (ct == NULL)
+ ct = crypto->et->checksum;
+ }
+
+ if(ct == NULL) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+
+ if (arcfour_checksum_p(ct, crypto)) {
+ keyusage = usage;
+ usage2arcfour(context, &keyusage);
+ } else
+ keyusage = CHECKSUM_USAGE(usage);
+
+ return create_checksum(context, ct, crypto, keyusage,
+ data, len, result);
+}
+
+static krb5_error_code
+verify_checksum(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage, /* not krb5_key_usage */
+ void *data,
+ size_t len,
+ Checksum *cksum)
+{
+ krb5_error_code ret;
+ struct key_data *dkey;
+ int keyed_checksum;
+ Checksum c;
+ struct checksum_type *ct;
+
+ ct = _find_checksum(cksum->cksumtype);
+ if (ct == NULL || (ct->flags & F_DISABLED)) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ cksum->cksumtype);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ if(ct->checksumsize != cksum->checksum.length) {
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
+ }
+ keyed_checksum = (ct->flags & F_KEYED) != 0;
+ if(keyed_checksum && crypto == NULL) {
+ krb5_set_error_string (context, "Checksum type %s is keyed "
+ "but no crypto context (key) was passed in",
+ ct->name);
+ return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
+ }
+ if(keyed_checksum)
+ ret = get_checksum_key(context, crypto, usage, ct, &dkey);
+ else
+ dkey = NULL;
+ if(ct->verify)
+ return (*ct->verify)(context, dkey, data, len, usage, cksum);
+
+ ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
+ if (ret)
+ return ret;
+
+ (*ct->checksum)(context, dkey, data, len, usage, &c);
+
+ if(c.checksum.length != cksum->checksum.length ||
+ memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ } else {
+ ret = 0;
+ }
+ krb5_data_free (&c.checksum);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_checksum(krb5_context context,
+ krb5_crypto crypto,
+ krb5_key_usage usage,
+ void *data,
+ size_t len,
+ Checksum *cksum)
+{
+ struct checksum_type *ct;
+ unsigned keyusage;
+
+ ct = _find_checksum(cksum->cksumtype);
+ if(ct == NULL) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ cksum->cksumtype);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+
+ if (arcfour_checksum_p(ct, crypto)) {
+ keyusage = usage;
+ usage2arcfour(context, &keyusage);
+ } else
+ keyusage = CHECKSUM_USAGE(usage);
+
+ return verify_checksum(context, crypto, keyusage,
+ data, len, cksum);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_get_checksum_type(krb5_context context,
+ krb5_crypto crypto,
+ krb5_cksumtype *type)
+{
+ struct checksum_type *ct = NULL;
+
+ if (crypto != NULL) {
+ ct = crypto->et->keyed_checksum;
+ if (ct == NULL)
+ ct = crypto->et->checksum;
+ }
+
+ if (ct == NULL) {
+ krb5_set_error_string (context, "checksum type not found");
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+
+ *type = ct->type;
+
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_checksumsize(krb5_context context,
+ krb5_cksumtype type,
+ size_t *size)
+{
+ struct checksum_type *ct = _find_checksum(type);
+ if(ct == NULL) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ *size = ct->checksumsize;
+ return 0;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_checksum_is_keyed(krb5_context context,
+ krb5_cksumtype type)
+{
+ struct checksum_type *ct = _find_checksum(type);
+ if(ct == NULL) {
+ if (context)
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ return ct->flags & F_KEYED;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_checksum_is_collision_proof(krb5_context context,
+ krb5_cksumtype type)
+{
+ struct checksum_type *ct = _find_checksum(type);
+ if(ct == NULL) {
+ if (context)
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ return ct->flags & F_CPROOF;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_checksum_disable(krb5_context context,
+ krb5_cksumtype type)
+{
+ struct checksum_type *ct = _find_checksum(type);
+ if(ct == NULL) {
+ if (context)
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ ct->flags |= F_DISABLED;
+ return 0;
+}
+
+/************************************************************
+ * *
+ ************************************************************/
+
+static krb5_error_code
+NULL_encrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ivec)
+{
+ return 0;
+}
+
+static krb5_error_code
+DES_CBC_encrypt_null_ivec(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ignore_ivec)
+{
+ DES_cblock ivec;
+ DES_key_schedule *s = key->schedule->data;
+ memset(&ivec, 0, sizeof(ivec));
+ DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
+ return 0;
+}
+
+static krb5_error_code
+DES_CBC_encrypt_key_ivec(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ignore_ivec)
+{
+ DES_cblock ivec;
+ DES_key_schedule *s = key->schedule->data;
+ memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
+ DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
+ return 0;
+}
+
+static krb5_error_code
+DES3_CBC_encrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ivec)
+{
+ DES_cblock local_ivec;
+ DES_key_schedule *s = key->schedule->data;
+ if(ivec == NULL) {
+ ivec = &local_ivec;
+ memset(local_ivec, 0, sizeof(local_ivec));
+ }
+ DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp);
+ return 0;
+}
+
+static krb5_error_code
+DES_CFB64_encrypt_null_ivec(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ignore_ivec)
+{
+ DES_cblock ivec;
+ int num = 0;
+ DES_key_schedule *s = key->schedule->data;
+ memset(&ivec, 0, sizeof(ivec));
+
+ DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp);
+ return 0;
+}
+
+static krb5_error_code
+DES_PCBC_encrypt_key_ivec(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ignore_ivec)
+{
+ DES_cblock ivec;
+ DES_key_schedule *s = key->schedule->data;
+ memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
+
+ DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
+ return 0;
+}
+
+/*
+ * AES draft-raeburn-krb-rijndael-krb-02
+ */
+
+void KRB5_LIB_FUNCTION
+_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, const int encryptp)
+{
+ unsigned char tmp[AES_BLOCK_SIZE];
+ int i;
+
+ /*
+ * In the framework of kerberos, the length can never be shorter
+ * then at least one blocksize.
+ */
+
+ if (encryptp) {
+
+ while(len > AES_BLOCK_SIZE) {
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ tmp[i] = in[i] ^ ivec[i];
+ AES_encrypt(tmp, out, key);
+ memcpy(ivec, out, AES_BLOCK_SIZE);
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+
+ for (i = 0; i < len; i++)
+ tmp[i] = in[i] ^ ivec[i];
+ for (; i < AES_BLOCK_SIZE; i++)
+ tmp[i] = 0 ^ ivec[i];
+
+ AES_encrypt(tmp, out - AES_BLOCK_SIZE, key);
+
+ memcpy(out, ivec, len);
+ memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+
+ } else {
+ unsigned char tmp2[AES_BLOCK_SIZE];
+ unsigned char tmp3[AES_BLOCK_SIZE];
+
+ while(len > AES_BLOCK_SIZE * 2) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(in, out, key);
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ out[i] ^= ivec[i];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+
+ len -= AES_BLOCK_SIZE;
+
+ memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */
+ AES_decrypt(in, tmp2, key);
+
+ memcpy(tmp3, in + AES_BLOCK_SIZE, len);
+ memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */
+
+ for (i = 0; i < len; i++)
+ out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i];
+
+ AES_decrypt(tmp3, out, key);
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ out[i] ^= ivec[i];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ }
+}
+
+static krb5_error_code
+AES_CTS_encrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ivec)
+{
+ struct krb5_aes_schedule *aeskey = key->schedule->data;
+ char local_ivec[AES_BLOCK_SIZE];
+ AES_KEY *k;
+
+ if (encryptp)
+ k = &aeskey->ekey;
+ else
+ k = &aeskey->dkey;
+
+ if (len < AES_BLOCK_SIZE)
+ krb5_abortx(context, "invalid use of AES_CTS_encrypt");
+ if (len == AES_BLOCK_SIZE) {
+ if (encryptp)
+ AES_encrypt(data, data, k);
+ else
+ AES_decrypt(data, data, k);
+ } else {
+ if(ivec == NULL) {
+ memset(local_ivec, 0, sizeof(local_ivec));
+ ivec = local_ivec;
+ }
+ _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp);
+ }
+
+ return 0;
+}
+
+/*
+ * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
+ *
+ * warning: not for small children
+ */
+
+static krb5_error_code
+ARCFOUR_subencrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ unsigned usage,
+ void *ivec)
+{
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ Checksum k1_c, k2_c, k3_c, cksum;
+ struct key_data ke;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ RC4_KEY rc4_key;
+ unsigned char *cdata = data;
+ unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
+ krb5_error_code ret;
+
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+
+ k1_c.checksum.length = sizeof(k1_c_data);
+ k1_c.checksum.data = k1_c_data;
+
+ ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+
+ memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
+
+ k2_c.checksum.length = sizeof(k2_c_data);
+ k2_c.checksum.data = k2_c_data;
+
+ ke.key = &kb;
+ kb.keyvalue = k2_c.checksum;
+
+ cksum.checksum.length = 16;
+ cksum.checksum.data = data;
+
+ ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+
+ ke.key = &kb;
+ kb.keyvalue = k1_c.checksum;
+
+ k3_c.checksum.length = sizeof(k3_c_data);
+ k3_c.checksum.data = k3_c_data;
+
+ ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+
+ RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
+ RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
+ memset (k1_c_data, 0, sizeof(k1_c_data));
+ memset (k2_c_data, 0, sizeof(k2_c_data));
+ memset (k3_c_data, 0, sizeof(k3_c_data));
+ return 0;
+}
+
+static krb5_error_code
+ARCFOUR_subdecrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ unsigned usage,
+ void *ivec)
+{
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ Checksum k1_c, k2_c, k3_c, cksum;
+ struct key_data ke;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ RC4_KEY rc4_key;
+ unsigned char *cdata = data;
+ unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
+ unsigned char cksum_data[16];
+ krb5_error_code ret;
+
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+
+ k1_c.checksum.length = sizeof(k1_c_data);
+ k1_c.checksum.data = k1_c_data;
+
+ ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+
+ memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
+
+ k2_c.checksum.length = sizeof(k2_c_data);
+ k2_c.checksum.data = k2_c_data;
+
+ ke.key = &kb;
+ kb.keyvalue = k1_c.checksum;
+
+ k3_c.checksum.length = sizeof(k3_c_data);
+ k3_c.checksum.data = k3_c_data;
+
+ ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+
+ RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
+ RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
+
+ ke.key = &kb;
+ kb.keyvalue = k2_c.checksum;
+
+ cksum.checksum.length = 16;
+ cksum.checksum.data = cksum_data;
+
+ ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
+ if (ret)
+ krb5_abortx(context, "hmac failed");
+
+ memset (k1_c_data, 0, sizeof(k1_c_data));
+ memset (k2_c_data, 0, sizeof(k2_c_data));
+ memset (k3_c_data, 0, sizeof(k3_c_data));
+
+ if (memcmp (cksum.checksum.data, data, 16) != 0) {
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ } else {
+ return 0;
+ }
+}
+
+/*
+ * convert the usage numbers used in
+ * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
+ * draft-brezak-win2k-krb-rc4-hmac-04.txt
+ */
+
+static krb5_error_code
+usage2arcfour (krb5_context context, unsigned *usage)
+{
+ switch (*usage) {
+ case KRB5_KU_AS_REP_ENC_PART : /* 3 */
+ case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
+ *usage = 8;
+ return 0;
+ case KRB5_KU_USAGE_SEAL : /* 22 */
+ *usage = 13;
+ return 0;
+ case KRB5_KU_USAGE_SIGN : /* 23 */
+ *usage = 15;
+ return 0;
+ case KRB5_KU_USAGE_SEQ: /* 24 */
+ *usage = 0;
+ return 0;
+ default :
+ return 0;
+ }
+}
+
+static krb5_error_code
+ARCFOUR_encrypt(krb5_context context,
+ struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encryptp,
+ int usage,
+ void *ivec)
+{
+ krb5_error_code ret;
+ unsigned keyusage = usage;
+
+ if((ret = usage2arcfour (context, &keyusage)) != 0)
+ return ret;
+
+ if (encryptp)
+ return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec);
+ else
+ return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
+}
+
+
+/*
+ *
+ */
+
+static krb5_error_code
+AES_PRF(krb5_context context,
+ krb5_crypto crypto,
+ const krb5_data *in,
+ krb5_data *out)
+{
+ struct checksum_type *ct = crypto->et->checksum;
+ krb5_error_code ret;
+ Checksum result;
+ krb5_keyblock *derived;
+
+ result.cksumtype = ct->type;
+ ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
+ if (ret) {
+ krb5_set_error_string(context, "out memory");
+ return ret;
+ }
+
+ (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
+
+ if (result.checksum.length < crypto->et->blocksize)
+ krb5_abortx(context, "internal prf error");
+
+ derived = NULL;
+ ret = krb5_derive_key(context, crypto->key.key,
+ crypto->et->type, "prf", 3, &derived);
+ if (ret)
+ krb5_abortx(context, "krb5_derive_key");
+
+ ret = krb5_data_alloc(out, crypto->et->blocksize);
+ if (ret)
+ krb5_abortx(context, "malloc failed");
+
+ {
+ AES_KEY key;
+
+ AES_set_encrypt_key(derived->keyvalue.data,
+ crypto->et->keytype->bits, &key);
+ AES_encrypt(result.checksum.data, out->data, &key);
+ memset(&key, 0, sizeof(key));
+ }
+
+ krb5_data_free(&result.checksum);
+ krb5_free_keyblock(context, derived);
+
+ return ret;
+}
+
+/*
+ * these should currently be in reverse preference order.
+ * (only relevant for !F_PSEUDO) */
+
+static struct encryption_type enctype_null = {
+ ETYPE_NULL,
+ "null",
+ NULL,
+ 1,
+ 1,
+ 0,
+ &keytype_null,
+ &checksum_none,
+ NULL,
+ F_DISABLED,
+ NULL_encrypt,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_cbc_crc = {
+ ETYPE_DES_CBC_CRC,
+ "des-cbc-crc",
+ NULL,
+ 8,
+ 8,
+ 8,
+ &keytype_des,
+ &checksum_crc32,
+ NULL,
+ 0,
+ DES_CBC_encrypt_key_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_cbc_md4 = {
+ ETYPE_DES_CBC_MD4,
+ "des-cbc-md4",
+ NULL,
+ 8,
+ 8,
+ 8,
+ &keytype_des,
+ &checksum_rsa_md4,
+ &checksum_rsa_md4_des,
+ 0,
+ DES_CBC_encrypt_null_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_cbc_md5 = {
+ ETYPE_DES_CBC_MD5,
+ "des-cbc-md5",
+ NULL,
+ 8,
+ 8,
+ 8,
+ &keytype_des,
+ &checksum_rsa_md5,
+ &checksum_rsa_md5_des,
+ 0,
+ DES_CBC_encrypt_null_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_arcfour_hmac_md5 = {
+ ETYPE_ARCFOUR_HMAC_MD5,
+ "arcfour-hmac-md5",
+ NULL,
+ 1,
+ 1,
+ 8,
+ &keytype_arcfour,
+ &checksum_hmac_md5,
+ NULL,
+ F_SPECIAL,
+ ARCFOUR_encrypt,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des3_cbc_md5 = {
+ ETYPE_DES3_CBC_MD5,
+ "des3-cbc-md5",
+ NULL,
+ 8,
+ 8,
+ 8,
+ &keytype_des3,
+ &checksum_rsa_md5,
+ &checksum_rsa_md5_des3,
+ 0,
+ DES3_CBC_encrypt,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des3_cbc_sha1 = {
+ ETYPE_DES3_CBC_SHA1,
+ "des3-cbc-sha1",
+ NULL,
+ 8,
+ 8,
+ 8,
+ &keytype_des3_derived,
+ &checksum_sha1,
+ &checksum_hmac_sha1_des3,
+ F_DERIVED,
+ DES3_CBC_encrypt,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_old_des3_cbc_sha1 = {
+ ETYPE_OLD_DES3_CBC_SHA1,
+ "old-des3-cbc-sha1",
+ NULL,
+ 8,
+ 8,
+ 8,
+ &keytype_des3,
+ &checksum_sha1,
+ &checksum_hmac_sha1_des3,
+ 0,
+ DES3_CBC_encrypt,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
+ ETYPE_AES128_CTS_HMAC_SHA1_96,
+ "aes128-cts-hmac-sha1-96",
+ NULL,
+ 16,
+ 1,
+ 16,
+ &keytype_aes128,
+ &checksum_sha1,
+ &checksum_hmac_sha1_aes128,
+ F_DERIVED,
+ AES_CTS_encrypt,
+ 16,
+ AES_PRF
+};
+static struct encryption_type enctype_aes256_cts_hmac_sha1 = {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ "aes256-cts-hmac-sha1-96",
+ NULL,
+ 16,
+ 1,
+ 16,
+ &keytype_aes256,
+ &checksum_sha1,
+ &checksum_hmac_sha1_aes256,
+ F_DERIVED,
+ AES_CTS_encrypt,
+ 16,
+ AES_PRF
+};
+static struct encryption_type enctype_des_cbc_none = {
+ ETYPE_DES_CBC_NONE,
+ "des-cbc-none",
+ NULL,
+ 8,
+ 8,
+ 0,
+ &keytype_des,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES_CBC_encrypt_null_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_cfb64_none = {
+ ETYPE_DES_CFB64_NONE,
+ "des-cfb64-none",
+ NULL,
+ 1,
+ 1,
+ 0,
+ &keytype_des,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES_CFB64_encrypt_null_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des_pcbc_none = {
+ ETYPE_DES_PCBC_NONE,
+ "des-pcbc-none",
+ NULL,
+ 8,
+ 8,
+ 0,
+ &keytype_des,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES_PCBC_encrypt_key_ivec,
+ 0,
+ NULL
+};
+static struct encryption_type enctype_des3_cbc_none = {
+ ETYPE_DES3_CBC_NONE,
+ "des3-cbc-none",
+ NULL,
+ 8,
+ 8,
+ 0,
+ &keytype_des3_derived,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES3_CBC_encrypt,
+ 0,
+ NULL
+};
+
+static struct encryption_type *etypes[] = {
+ &enctype_null,
+ &enctype_des_cbc_crc,
+ &enctype_des_cbc_md4,
+ &enctype_des_cbc_md5,
+ &enctype_arcfour_hmac_md5,
+ &enctype_des3_cbc_md5,
+ &enctype_des3_cbc_sha1,
+ &enctype_old_des3_cbc_sha1,
+ &enctype_aes128_cts_hmac_sha1,
+ &enctype_aes256_cts_hmac_sha1,
+ &enctype_des_cbc_none,
+ &enctype_des_cfb64_none,
+ &enctype_des_pcbc_none,
+ &enctype_des3_cbc_none
+};
+
+static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
+
+
+static struct encryption_type *
+_find_enctype(krb5_enctype type)
+{
+ int i;
+ for(i = 0; i < num_etypes; i++)
+ if(etypes[i]->type == type)
+ return etypes[i];
+ return NULL;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_to_string(krb5_context context,
+ krb5_enctype etype,
+ char **string)
+{
+ struct encryption_type *e;
+ e = _find_enctype(etype);
+ if(e == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ *string = NULL;
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ *string = strdup(e->name);
+ if(*string == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_enctype(krb5_context context,
+ const char *string,
+ krb5_enctype *etype)
+{
+ int i;
+ for(i = 0; i < num_etypes; i++)
+ if(strcasecmp(etypes[i]->name, string) == 0){
+ *etype = etypes[i]->type;
+ return 0;
+ }
+ krb5_set_error_string (context, "encryption type %s not supported",
+ string);
+ return KRB5_PROG_ETYPE_NOSUPP;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_enctype_to_oid(krb5_context context,
+ krb5_enctype etype,
+ heim_oid *oid)
+{
+ struct encryption_type *et = _find_enctype(etype);
+ if(et == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if(et->oid == NULL) {
+ krb5_set_error_string (context, "%s have not oid", et->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ krb5_clear_error_string(context);
+ return der_copy_oid(et->oid, oid);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_oid_to_enctype(krb5_context context,
+ const heim_oid *oid,
+ krb5_enctype *etype)
+{
+ int i;
+ for(i = 0; i < num_etypes; i++) {
+ if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) {
+ *etype = etypes[i]->type;
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "enctype for oid not supported");
+ return KRB5_PROG_ETYPE_NOSUPP;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_to_keytype(krb5_context context,
+ krb5_enctype etype,
+ krb5_keytype *keytype)
+{
+ struct encryption_type *e = _find_enctype(etype);
+ if(e == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ *keytype = e->keytype->type; /* XXX */
+ return 0;
+}
+
+#if 0
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_enctype(krb5_context context,
+ krb5_keytype keytype,
+ krb5_enctype *etype)
+{
+ struct key_type *kt = _find_keytype(keytype);
+ krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype);
+ if(kt == NULL)
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+ *etype = kt->best_etype;
+ return 0;
+}
+#endif
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_enctypes (krb5_context context,
+ krb5_keytype keytype,
+ unsigned *len,
+ krb5_enctype **val)
+{
+ int i;
+ unsigned n = 0;
+ krb5_enctype *ret;
+
+ for (i = num_etypes - 1; i >= 0; --i) {
+ if (etypes[i]->keytype->type == keytype
+ && !(etypes[i]->flags & F_PSEUDO))
+ ++n;
+ }
+ ret = malloc(n * sizeof(*ret));
+ if (ret == NULL && n != 0) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ n = 0;
+ for (i = num_etypes - 1; i >= 0; --i) {
+ if (etypes[i]->keytype->type == keytype
+ && !(etypes[i]->flags & F_PSEUDO))
+ ret[n++] = etypes[i]->type;
+ }
+ *len = n;
+ *val = ret;
+ return 0;
+}
+
+/*
+ * First take the configured list of etypes for `keytype' if available,
+ * else, do `krb5_keytype_to_enctypes'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_enctypes_default (krb5_context context,
+ krb5_keytype keytype,
+ unsigned *len,
+ krb5_enctype **val)
+{
+ int i, n;
+ krb5_enctype *ret;
+
+ if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
+ return krb5_keytype_to_enctypes (context, keytype, len, val);
+
+ for (n = 0; context->etypes_des[n]; ++n)
+ ;
+ ret = malloc (n * sizeof(*ret));
+ if (ret == NULL && n != 0) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ for (i = 0; i < n; ++i)
+ ret[i] = context->etypes_des[i];
+ *len = n;
+ *val = ret;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_valid(krb5_context context,
+ krb5_enctype etype)
+{
+ struct encryption_type *e = _find_enctype(etype);
+ if(e == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if (e->flags & F_DISABLED) {
+ krb5_set_error_string (context, "encryption type %s is disabled",
+ e->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cksumtype_valid(krb5_context context,
+ krb5_cksumtype ctype)
+{
+ struct checksum_type *c = _find_checksum(ctype);
+ if (c == NULL) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ ctype);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ if (c->flags & F_DISABLED) {
+ krb5_set_error_string (context, "checksum type %s is disabled",
+ c->name);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ return 0;
+}
+
+
+/* if two enctypes have compatible keys */
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_enctypes_compatible_keys(krb5_context context,
+ krb5_enctype etype1,
+ krb5_enctype etype2)
+{
+ struct encryption_type *e1 = _find_enctype(etype1);
+ struct encryption_type *e2 = _find_enctype(etype2);
+ return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
+}
+
+static krb5_boolean
+derived_crypto(krb5_context context,
+ krb5_crypto crypto)
+{
+ return (crypto->et->flags & F_DERIVED) != 0;
+}
+
+static krb5_boolean
+special_crypto(krb5_context context,
+ krb5_crypto crypto)
+{
+ return (crypto->et->flags & F_SPECIAL) != 0;
+}
+
+#define CHECKSUMSIZE(C) ((C)->checksumsize)
+#define CHECKSUMTYPE(C) ((C)->type)
+
+static krb5_error_code
+encrypt_internal_derived(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ const void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ size_t sz, block_sz, checksum_sz, total_sz;
+ Checksum cksum;
+ unsigned char *p, *q;
+ krb5_error_code ret;
+ struct key_data *dkey;
+ const struct encryption_type *et = crypto->et;
+
+ checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
+
+ sz = et->confoundersize + len;
+ block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
+ total_sz = block_sz + checksum_sz;
+ p = calloc(1, total_sz);
+ if(p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ q = p;
+ krb5_generate_random_block(q, et->confoundersize); /* XXX */
+ q += et->confoundersize;
+ memcpy(q, data, len);
+
+ ret = create_checksum(context,
+ et->keyed_checksum,
+ crypto,
+ INTEGRITY_USAGE(usage),
+ p,
+ block_sz,
+ &cksum);
+ if(ret == 0 && cksum.checksum.length != checksum_sz) {
+ free_Checksum (&cksum);
+ krb5_clear_error_string (context);
+ ret = KRB5_CRYPTO_INTERNAL;
+ }
+ if(ret)
+ goto fail;
+ memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
+ free_Checksum (&cksum);
+ ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
+ if(ret)
+ goto fail;
+ ret = _key_schedule(context, dkey);
+ if(ret)
+ goto fail;
+#ifdef CRYPTO_DEBUG
+ krb5_crypto_debug(context, 1, block_sz, dkey->key);
+#endif
+ ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec);
+ if (ret)
+ goto fail;
+ result->data = p;
+ result->length = total_sz;
+ return 0;
+ fail:
+ memset(p, 0, total_sz);
+ free(p);
+ return ret;
+}
+
+
+static krb5_error_code
+encrypt_internal(krb5_context context,
+ krb5_crypto crypto,
+ const void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ size_t sz, block_sz, checksum_sz;
+ Checksum cksum;
+ unsigned char *p, *q;
+ krb5_error_code ret;
+ const struct encryption_type *et = crypto->et;
+
+ checksum_sz = CHECKSUMSIZE(et->checksum);
+
+ sz = et->confoundersize + checksum_sz + len;
+ block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
+ p = calloc(1, block_sz);
+ if(p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ q = p;
+ krb5_generate_random_block(q, et->confoundersize); /* XXX */
+ q += et->confoundersize;
+ memset(q, 0, checksum_sz);
+ q += checksum_sz;
+ memcpy(q, data, len);
+
+ ret = create_checksum(context,
+ et->checksum,
+ crypto,
+ 0,
+ p,
+ block_sz,
+ &cksum);
+ if(ret == 0 && cksum.checksum.length != checksum_sz) {
+ krb5_clear_error_string (context);
+ free_Checksum(&cksum);
+ ret = KRB5_CRYPTO_INTERNAL;
+ }
+ if(ret)
+ goto fail;
+ memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length);
+ free_Checksum(&cksum);
+ ret = _key_schedule(context, &crypto->key);
+ if(ret)
+ goto fail;
+#ifdef CRYPTO_DEBUG
+ krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
+#endif
+ ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec);
+ if (ret) {
+ memset(p, 0, block_sz);
+ free(p);
+ return ret;
+ }
+ result->data = p;
+ result->length = block_sz;
+ return 0;
+ fail:
+ memset(p, 0, block_sz);
+ free(p);
+ return ret;
+}
+
+static krb5_error_code
+encrypt_internal_special(krb5_context context,
+ krb5_crypto crypto,
+ int usage,
+ const void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ struct encryption_type *et = crypto->et;
+ size_t cksum_sz = CHECKSUMSIZE(et->checksum);
+ size_t sz = len + cksum_sz + et->confoundersize;
+ char *tmp, *p;
+ krb5_error_code ret;
+
+ tmp = malloc (sz);
+ if (tmp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ p = tmp;
+ memset (p, 0, cksum_sz);
+ p += cksum_sz;
+ krb5_generate_random_block(p, et->confoundersize);
+ p += et->confoundersize;
+ memcpy (p, data, len);
+ ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec);
+ if (ret) {
+ memset(tmp, 0, sz);
+ free(tmp);
+ return ret;
+ }
+ result->data = tmp;
+ result->length = sz;
+ return 0;
+}
+
+static krb5_error_code
+decrypt_internal_derived(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ size_t checksum_sz;
+ Checksum cksum;
+ unsigned char *p;
+ krb5_error_code ret;
+ struct key_data *dkey;
+ struct encryption_type *et = crypto->et;
+ unsigned long l;
+
+ checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
+ if (len < checksum_sz + et->confoundersize) {
+ krb5_set_error_string(context, "Encrypted data shorter then "
+ "checksum + confunder");
+ return KRB5_BAD_MSIZE;
+ }
+
+ if (((len - checksum_sz) % et->padsize) != 0) {
+ krb5_clear_error_string(context);
+ return KRB5_BAD_MSIZE;
+ }
+
+ p = malloc(len);
+ if(len != 0 && p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(p, data, len);
+
+ len -= checksum_sz;
+
+ ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ ret = _key_schedule(context, dkey);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+#ifdef CRYPTO_DEBUG
+ krb5_crypto_debug(context, 0, len, dkey->key);
+#endif
+ ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+
+ cksum.checksum.data = p + len;
+ cksum.checksum.length = checksum_sz;
+ cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum);
+
+ ret = verify_checksum(context,
+ crypto,
+ INTEGRITY_USAGE(usage),
+ p,
+ len,
+ &cksum);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ l = len - et->confoundersize;
+ memmove(p, p + et->confoundersize, l);
+ result->data = realloc(p, l);
+ if(result->data == NULL && l != 0) {
+ free(p);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ result->length = l;
+ return 0;
+}
+
+static krb5_error_code
+decrypt_internal(krb5_context context,
+ krb5_crypto crypto,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ krb5_error_code ret;
+ unsigned char *p;
+ Checksum cksum;
+ size_t checksum_sz, l;
+ struct encryption_type *et = crypto->et;
+
+ if ((len % et->padsize) != 0) {
+ krb5_clear_error_string(context);
+ return KRB5_BAD_MSIZE;
+ }
+
+ checksum_sz = CHECKSUMSIZE(et->checksum);
+ p = malloc(len);
+ if(len != 0 && p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(p, data, len);
+
+ ret = _key_schedule(context, &crypto->key);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+#ifdef CRYPTO_DEBUG
+ krb5_crypto_debug(context, 0, len, crypto->key.key);
+#endif
+ ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+ ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ memset(p + et->confoundersize, 0, checksum_sz);
+ cksum.cksumtype = CHECKSUMTYPE(et->checksum);
+ ret = verify_checksum(context, NULL, 0, p, len, &cksum);
+ free_Checksum(&cksum);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ l = len - et->confoundersize - checksum_sz;
+ memmove(p, p + et->confoundersize + checksum_sz, l);
+ result->data = realloc(p, l);
+ if(result->data == NULL && l != 0) {
+ free(p);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ result->length = l;
+ return 0;
+}
+
+static krb5_error_code
+decrypt_internal_special(krb5_context context,
+ krb5_crypto crypto,
+ int usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ struct encryption_type *et = crypto->et;
+ size_t cksum_sz = CHECKSUMSIZE(et->checksum);
+ size_t sz = len - cksum_sz - et->confoundersize;
+ unsigned char *p;
+ krb5_error_code ret;
+
+ if ((len % et->padsize) != 0) {
+ krb5_clear_error_string(context);
+ return KRB5_BAD_MSIZE;
+ }
+
+ p = malloc (len);
+ if (p == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(p, data, len);
+
+ ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+
+ memmove (p, p + cksum_sz + et->confoundersize, sz);
+ result->data = realloc(p, sz);
+ if(result->data == NULL && sz != 0) {
+ free(p);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ result->length = sz;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ const void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ if(derived_crypto(context, crypto))
+ return encrypt_internal_derived(context, crypto, usage,
+ data, len, result, ivec);
+ else if (special_crypto(context, crypto))
+ return encrypt_internal_special (context, crypto, usage,
+ data, len, result, ivec);
+ else
+ return encrypt_internal(context, crypto, data, len, result, ivec);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ const void *data,
+ size_t len,
+ krb5_data *result)
+{
+ return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt_EncryptedData(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ int kvno,
+ EncryptedData *result)
+{
+ result->etype = CRYPTO_ETYPE(crypto);
+ if(kvno){
+ ALLOC(result->kvno, 1);
+ *result->kvno = kvno;
+ }else
+ result->kvno = NULL;
+ return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ if(derived_crypto(context, crypto))
+ return decrypt_internal_derived(context, crypto, usage,
+ data, len, result, ivec);
+ else if (special_crypto (context, crypto))
+ return decrypt_internal_special(context, crypto, usage,
+ data, len, result, ivec);
+ else
+ return decrypt_internal(context, crypto, data, len, result, ivec);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result)
+{
+ return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
+ NULL);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_EncryptedData(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ const EncryptedData *e,
+ krb5_data *result)
+{
+ return krb5_decrypt(context, crypto, usage,
+ e->cipher.data, e->cipher.length, result);
+}
+
+/************************************************************
+ * *
+ ************************************************************/
+
+#define ENTROPY_NEEDED 128
+
+static int
+seed_something(void)
+{
+ char buf[1024], seedfile[256];
+
+ /* If there is a seed file, load it. But such a file cannot be trusted,
+ so use 0 for the entropy estimate */
+ if (RAND_file_name(seedfile, sizeof(seedfile))) {
+ int fd;
+ fd = open(seedfile, O_RDONLY);
+ if (fd >= 0) {
+ ssize_t ret;
+ ret = read(fd, buf, sizeof(buf));
+ if (ret > 0)
+ RAND_add(buf, ret, 0.0);
+ close(fd);
+ } else
+ seedfile[0] = '\0';
+ } else
+ seedfile[0] = '\0';
+
+ /* Calling RAND_status() will try to use /dev/urandom if it exists so
+ we do not have to deal with it. */
+ if (RAND_status() != 1) {
+ krb5_context context;
+ const char *p;
+
+ /* Try using egd */
+ if (!krb5_init_context(&context)) {
+ p = krb5_config_get_string(context, NULL, "libdefaults",
+ "egd_socket", NULL);
+ if (p != NULL)
+ RAND_egd_bytes(p, ENTROPY_NEEDED);
+ krb5_free_context(context);
+ }
+ }
+
+ if (RAND_status() == 1) {
+ /* Update the seed file */
+ if (seedfile[0])
+ RAND_write_file(seedfile);
+
+ return 0;
+ } else
+ return -1;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_generate_random_block(void *buf, size_t len)
+{
+ static int rng_initialized = 0;
+
+ HEIMDAL_MUTEX_lock(&crypto_mutex);
+ if (!rng_initialized) {
+ if (seed_something())
+ krb5_abortx(NULL, "Fatal: could not seed the "
+ "random number generator");
+
+ rng_initialized = 1;
+ }
+ HEIMDAL_MUTEX_unlock(&crypto_mutex);
+ if (RAND_bytes(buf, len) != 1)
+ krb5_abortx(NULL, "Failed to generate random block");
+}
+
+static void
+DES3_postproc(krb5_context context,
+ unsigned char *k, size_t len, struct key_data *key)
+{
+ DES3_random_to_key(context, key->key, k, len);
+
+ if (key->schedule) {
+ krb5_free_data(context, key->schedule);
+ key->schedule = NULL;
+ }
+}
+
+static krb5_error_code
+derive_key(krb5_context context,
+ struct encryption_type *et,
+ struct key_data *key,
+ const void *constant,
+ size_t len)
+{
+ unsigned char *k;
+ unsigned int nblocks = 0, i;
+ krb5_error_code ret = 0;
+ struct key_type *kt = et->keytype;
+
+ ret = _key_schedule(context, key);
+ if(ret)
+ return ret;
+ if(et->blocksize * 8 < kt->bits || len != et->blocksize) {
+ nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
+ k = malloc(nblocks * et->blocksize);
+ if(k == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = _krb5_n_fold(constant, len, k, et->blocksize);
+ if (ret) {
+ free(k);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+ for(i = 0; i < nblocks; i++) {
+ if(i > 0)
+ memcpy(k + i * et->blocksize,
+ k + (i - 1) * et->blocksize,
+ et->blocksize);
+ (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
+ 1, 0, NULL);
+ }
+ } else {
+ /* this case is probably broken, but won't be run anyway */
+ void *c = malloc(len);
+ size_t res_len = (kt->bits + 7) / 8;
+
+ if(len != 0 && c == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(c, constant, len);
+ (*et->encrypt)(context, key, c, len, 1, 0, NULL);
+ k = malloc(res_len);
+ if(res_len != 0 && k == NULL) {
+ free(c);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = _krb5_n_fold(c, len, k, res_len);
+ if (ret) {
+ free(k);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+ free(c);
+ }
+
+ /* XXX keytype dependent post-processing */
+ switch(kt->type) {
+ case KEYTYPE_DES3:
+ DES3_postproc(context, k, nblocks * et->blocksize, key);
+ break;
+ case KEYTYPE_AES128:
+ case KEYTYPE_AES256:
+ memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
+ break;
+ default:
+ krb5_set_error_string(context,
+ "derive_key() called with unknown keytype (%u)",
+ kt->type);
+ ret = KRB5_CRYPTO_INTERNAL;
+ break;
+ }
+ if (key->schedule) {
+ krb5_free_data(context, key->schedule);
+ key->schedule = NULL;
+ }
+ memset(k, 0, nblocks * et->blocksize);
+ free(k);
+ return ret;
+}
+
+static struct key_data *
+_new_derived_key(krb5_crypto crypto, unsigned usage)
+{
+ struct key_usage *d = crypto->key_usage;
+ d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
+ if(d == NULL)
+ return NULL;
+ crypto->key_usage = d;
+ d += crypto->num_key_usage++;
+ memset(d, 0, sizeof(*d));
+ d->usage = usage;
+ return &d->key;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_derive_key(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_enctype etype,
+ const void *constant,
+ size_t constant_len,
+ krb5_keyblock **derived_key)
+{
+ krb5_error_code ret;
+ struct encryption_type *et;
+ struct key_data d;
+
+ *derived_key = NULL;
+
+ et = _find_enctype (etype);
+ if (et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+
+ ret = krb5_copy_keyblock(context, key, &d.key);
+ if (ret)
+ return ret;
+
+ d.schedule = NULL;
+ ret = derive_key(context, et, &d, constant, constant_len);
+ if (ret == 0)
+ ret = krb5_copy_keyblock(context, d.key, derived_key);
+ free_key_data(context, &d);
+ return ret;
+}
+
+static krb5_error_code
+_get_derived_key(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ struct key_data **key)
+{
+ int i;
+ struct key_data *d;
+ unsigned char constant[5];
+
+ for(i = 0; i < crypto->num_key_usage; i++)
+ if(crypto->key_usage[i].usage == usage) {
+ *key = &crypto->key_usage[i].key;
+ return 0;
+ }
+ d = _new_derived_key(crypto, usage);
+ if(d == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_copy_keyblock(context, crypto->key.key, &d->key);
+ _krb5_put_int(constant, usage, 5);
+ derive_key(context, crypto->et, d, constant, sizeof(constant));
+ *key = d;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_init(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_enctype etype,
+ krb5_crypto *crypto)
+{
+ krb5_error_code ret;
+ ALLOC(*crypto, 1);
+ if(*crypto == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if(etype == ETYPE_NULL)
+ etype = key->keytype;
+ (*crypto)->et = _find_enctype(etype);
+ if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
+ free(*crypto);
+ *crypto = NULL;
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if((*crypto)->et->keytype->size != key->keyvalue.length) {
+ free(*crypto);
+ *crypto = NULL;
+ krb5_set_error_string (context, "encryption key has bad length");
+ return KRB5_BAD_KEYSIZE;
+ }
+ ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
+ if(ret) {
+ free(*crypto);
+ *crypto = NULL;
+ return ret;
+ }
+ (*crypto)->key.schedule = NULL;
+ (*crypto)->num_key_usage = 0;
+ (*crypto)->key_usage = NULL;
+ return 0;
+}
+
+static void
+free_key_data(krb5_context context, struct key_data *key)
+{
+ krb5_free_keyblock(context, key->key);
+ if(key->schedule) {
+ memset(key->schedule->data, 0, key->schedule->length);
+ krb5_free_data(context, key->schedule);
+ }
+}
+
+static void
+free_key_usage(krb5_context context, struct key_usage *ku)
+{
+ free_key_data(context, &ku->key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_destroy(krb5_context context,
+ krb5_crypto crypto)
+{
+ int i;
+
+ for(i = 0; i < crypto->num_key_usage; i++)
+ free_key_usage(context, &crypto->key_usage[i]);
+ free(crypto->key_usage);
+ free_key_data(context, &crypto->key);
+ free (crypto);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getblocksize(krb5_context context,
+ krb5_crypto crypto,
+ size_t *blocksize)
+{
+ *blocksize = crypto->et->blocksize;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getenctype(krb5_context context,
+ krb5_crypto crypto,
+ krb5_enctype *enctype)
+{
+ *enctype = crypto->et->type;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getpadsize(krb5_context context,
+ krb5_crypto crypto,
+ size_t *padsize)
+{
+ *padsize = crypto->et->padsize;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getconfoundersize(krb5_context context,
+ krb5_crypto crypto,
+ size_t *confoundersize)
+{
+ *confoundersize = crypto->et->confoundersize;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_disable(krb5_context context,
+ krb5_enctype enctype)
+{
+ struct encryption_type *et = _find_enctype(enctype);
+ if(et == NULL) {
+ if (context)
+ krb5_set_error_string (context, "encryption type %d not supported",
+ enctype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ et->flags |= F_DISABLED;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_derived(krb5_context context,
+ const void *str,
+ size_t len,
+ krb5_enctype etype,
+ krb5_keyblock *key)
+{
+ struct encryption_type *et = _find_enctype(etype);
+ krb5_error_code ret;
+ struct key_data kd;
+ size_t keylen;
+ u_char *tmp;
+
+ if(et == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ keylen = et->keytype->bits / 8;
+
+ ALLOC(kd.key, 1);
+ if(kd.key == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
+ if(ret) {
+ free(kd.key);
+ return ret;
+ }
+ kd.key->keytype = etype;
+ tmp = malloc (keylen);
+ if(tmp == NULL) {
+ krb5_free_keyblock(context, kd.key);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = _krb5_n_fold(str, len, tmp, keylen);
+ if (ret) {
+ free(tmp);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+ kd.schedule = NULL;
+ DES3_postproc (context, tmp, keylen, &kd); /* XXX */
+ memset(tmp, 0, keylen);
+ free(tmp);
+ ret = derive_key(context,
+ et,
+ &kd,
+ "kerberos", /* XXX well known constant */
+ strlen("kerberos"));
+ ret = krb5_copy_keyblock_contents(context, kd.key, key);
+ free_key_data(context, &kd);
+ return ret;
+}
+
+static size_t
+wrapped_length (krb5_context context,
+ krb5_crypto crypto,
+ size_t data_len)
+{
+ struct encryption_type *et = crypto->et;
+ size_t padsize = et->padsize;
+ size_t checksumsize = CHECKSUMSIZE(et->checksum);
+ size_t res;
+
+ res = et->confoundersize + checksumsize + data_len;
+ res = (res + padsize - 1) / padsize * padsize;
+ return res;
+}
+
+static size_t
+wrapped_length_dervied (krb5_context context,
+ krb5_crypto crypto,
+ size_t data_len)
+{
+ struct encryption_type *et = crypto->et;
+ size_t padsize = et->padsize;
+ size_t res;
+
+ res = et->confoundersize + data_len;
+ res = (res + padsize - 1) / padsize * padsize;
+ if (et->keyed_checksum)
+ res += et->keyed_checksum->checksumsize;
+ else
+ res += et->checksum->checksumsize;
+ return res;
+}
+
+/*
+ * Return the size of an encrypted packet of length `data_len'
+ */
+
+size_t
+krb5_get_wrapped_length (krb5_context context,
+ krb5_crypto crypto,
+ size_t data_len)
+{
+ if (derived_crypto (context, crypto))
+ return wrapped_length_dervied (context, crypto, data_len);
+ else
+ return wrapped_length (context, crypto, data_len);
+}
+
+/*
+ * Return the size of an encrypted packet of length `data_len'
+ */
+
+static size_t
+crypto_overhead (krb5_context context,
+ krb5_crypto crypto)
+{
+ struct encryption_type *et = crypto->et;
+ size_t res;
+
+ res = CHECKSUMSIZE(et->checksum);
+ res += et->confoundersize;
+ if (et->padsize > 1)
+ res += et->padsize;
+ return res;
+}
+
+static size_t
+crypto_overhead_dervied (krb5_context context,
+ krb5_crypto crypto)
+{
+ struct encryption_type *et = crypto->et;
+ size_t res;
+
+ if (et->keyed_checksum)
+ res = CHECKSUMSIZE(et->keyed_checksum);
+ else
+ res = CHECKSUMSIZE(et->checksum);
+ res += et->confoundersize;
+ if (et->padsize > 1)
+ res += et->padsize;
+ return res;
+}
+
+size_t
+krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
+{
+ if (derived_crypto (context, crypto))
+ return crypto_overhead_dervied (context, crypto);
+ else
+ return crypto_overhead (context, crypto);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_random_to_key(krb5_context context,
+ krb5_enctype type,
+ const void *data,
+ size_t size,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ struct encryption_type *et = _find_enctype(type);
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if ((et->keytype->bits + 7) / 8 > size) {
+ krb5_set_error_string(context, "encryption key %s needs %d bytes "
+ "of random to make an encryption key out of it",
+ et->name, (int)et->keytype->size);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
+ if(ret)
+ return ret;
+ key->keytype = type;
+ if (et->keytype->random_to_key)
+ (*et->keytype->random_to_key)(context, key, data, size);
+ else
+ memcpy(key->keyvalue.data, data, et->keytype->size);
+
+ return 0;
+}
+
+krb5_error_code
+_krb5_pk_octetstring2key(krb5_context context,
+ krb5_enctype type,
+ const void *dhdata,
+ size_t dhsize,
+ const heim_octet_string *c_n,
+ const heim_octet_string *k_n,
+ krb5_keyblock *key)
+{
+ struct encryption_type *et = _find_enctype(type);
+ krb5_error_code ret;
+ size_t keylen, offset;
+ void *keydata;
+ unsigned char counter;
+ unsigned char shaoutput[20];
+
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ keylen = (et->keytype->bits + 7) / 8;
+
+ keydata = malloc(keylen);
+ if (keydata == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ counter = 0;
+ offset = 0;
+ do {
+ SHA_CTX m;
+
+ SHA1_Init(&m);
+ SHA1_Update(&m, &counter, 1);
+ SHA1_Update(&m, dhdata, dhsize);
+ if (c_n)
+ SHA1_Update(&m, c_n->data, c_n->length);
+ if (k_n)
+ SHA1_Update(&m, k_n->data, k_n->length);
+ SHA1_Final(shaoutput, &m);
+
+ memcpy((unsigned char *)keydata + offset,
+ shaoutput,
+ min(keylen - offset, sizeof(shaoutput)));
+
+ offset += sizeof(shaoutput);
+ counter++;
+ } while(offset < keylen);
+ memset(shaoutput, 0, sizeof(shaoutput));
+
+ ret = krb5_random_to_key(context, type, keydata, keylen, key);
+ memset(keydata, 0, sizeof(keylen));
+ free(keydata);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_prf_length(krb5_context context,
+ krb5_enctype type,
+ size_t *length)
+{
+ struct encryption_type *et = _find_enctype(type);
+
+ if(et == NULL || et->prf_length == 0) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+
+ *length = et->prf_length;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_prf(krb5_context context,
+ const krb5_crypto crypto,
+ const krb5_data *input,
+ krb5_data *output)
+{
+ struct encryption_type *et = crypto->et;
+
+ krb5_data_zero(output);
+
+ if(et->prf == NULL) {
+ krb5_set_error_string(context, "kerberos prf for %s not supported",
+ et->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+
+ return (*et->prf)(context, crypto, input, output);
+}
+
+
+
+
+#ifdef CRYPTO_DEBUG
+
+static krb5_error_code
+krb5_get_keyid(krb5_context context,
+ krb5_keyblock *key,
+ uint32_t *keyid)
+{
+ MD5_CTX md5;
+ unsigned char tmp[16];
+
+ MD5_Init (&md5);
+ MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
+ MD5_Final (tmp, &md5);
+ *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
+ return 0;
+}
+
+static void
+krb5_crypto_debug(krb5_context context,
+ int encryptp,
+ size_t len,
+ krb5_keyblock *key)
+{
+ uint32_t keyid;
+ char *kt;
+ krb5_get_keyid(context, key, &keyid);
+ krb5_enctype_to_string(context, key->keytype, &kt);
+ krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)",
+ encryptp ? "encrypting" : "decrypting",
+ (unsigned long)len,
+ keyid,
+ kt);
+ free(kt);
+}
+
+#endif /* CRYPTO_DEBUG */
+
+#if 0
+int
+main()
+{
+#if 0
+ int i;
+ krb5_context context;
+ krb5_crypto crypto;
+ struct key_data *d;
+ krb5_keyblock key;
+ char constant[4];
+ unsigned usage = ENCRYPTION_USAGE(3);
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
+ key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
+ "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
+ "\xc8\xdf\xab\x26\x86\x64\x15\x25";
+ key.keyvalue.length = 24;
+
+ krb5_crypto_init(context, &key, 0, &crypto);
+
+ d = _new_derived_key(crypto, usage);
+ if(d == NULL)
+ krb5_errx(context, 1, "_new_derived_key failed");
+ krb5_copy_keyblock(context, crypto->key.key, &d->key);
+ _krb5_put_int(constant, usage, 4);
+ derive_key(context, crypto->et, d, constant, sizeof(constant));
+ return 0;
+#else
+ int i;
+ krb5_context context;
+ krb5_crypto crypto;
+ struct key_data *d;
+ krb5_keyblock key;
+ krb5_error_code ret;
+ Checksum res;
+
+ char *data = "what do ya want for nothing?";
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
+ key.keyvalue.data = "Jefe";
+ /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
+ key.keyvalue.length = 4;
+
+ d = ecalloc(1, sizeof(*d));
+ d->key = &key;
+ res.checksum.length = 20;
+ res.checksum.data = emalloc(res.checksum.length);
+ SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
+
+ return 0;
+#endif
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/krb5/data.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/data.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/data.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: data.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ * Reset the (potentially uninitalized) krb5_data structure.
+ *
+ * @param p krb5_data to reset.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_data_zero(krb5_data *p)
+{
+ p->length = 0;
+ p->data = NULL;
+}
+
+/**
+ * Free the content of krb5_data structure, its ok to free a zeroed
+ * structure. When done, the structure will be zeroed.
+ *
+ * @param p krb5_data to free.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_data_free(krb5_data *p)
+{
+ if(p->data != NULL)
+ free(p->data);
+ krb5_data_zero(p);
+}
+
+/**
+ * Same as krb5_data_free().
+ *
+ * @param context Kerberos 5 context.
+ * @param data krb5_data to free.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_free_data_contents(krb5_context context, krb5_data *data)
+{
+ krb5_data_free(data);
+}
+
+/**
+ * Free krb5_data (and its content).
+ *
+ * @param context Kerberos 5 context.
+ * @param p krb5_data to free.
+ *
+ * @ingroup krb5
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_free_data(krb5_context context,
+ krb5_data *p)
+{
+ krb5_data_free(p);
+ free(p);
+}
+
+/**
+ * Allocate data of and krb5_data.
+ *
+ * @param p krb5_data to free.
+ * @param len size to allocate.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned.
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_data_alloc(krb5_data *p, int len)
+{
+ p->data = malloc(len);
+ if(len && p->data == NULL)
+ return ENOMEM;
+ p->length = len;
+ return 0;
+}
+
+/**
+ * Grow (or shrink) the content of krb5_data to a new size.
+ *
+ * @param p krb5_data to free.
+ * @param len new size.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned.
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_data_realloc(krb5_data *p, int len)
+{
+ void *tmp;
+ tmp = realloc(p->data, len);
+ if(len && !tmp)
+ return ENOMEM;
+ p->data = tmp;
+ p->length = len;
+ return 0;
+}
+
+/**
+ * Copy the data of len into the krb5_data.
+ *
+ * @param p krb5_data to copy into.
+ * @param data data to copy..
+ * @param len new size.
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned.
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_data_copy(krb5_data *p, const void *data, size_t len)
+{
+ if (len) {
+ if(krb5_data_alloc(p, len))
+ return ENOMEM;
+ memmove(p->data, data, len);
+ } else
+ p->data = NULL;
+ p->length = len;
+ return 0;
+}
+
+/**
+ * Copy the data into a newly allocated krb5_data.
+ *
+ * @param context Kerberos 5 context.
+ * @param indata the krb5_data data to copy
+ * @param outdata new krb5_date to copy too. Free with krb5_free_data().
+ *
+ * @return Returns 0 to indicate success. Otherwise an kerberos et
+ * error code is returned.
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_data(krb5_context context,
+ const krb5_data *indata,
+ krb5_data **outdata)
+{
+ krb5_error_code ret;
+ ALLOC(*outdata, 1);
+ if(*outdata == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = der_copy_octet_string(indata, *outdata);
+ if(ret) {
+ krb5_clear_error_string (context);
+ free(*outdata);
+ *outdata = NULL;
+ }
+ return ret;
+}
+
+/**
+ * Compare to data.
+ *
+ * @param data1 krb5_data to compare
+ * @param data2 krb5_data to compare
+ *
+ * @return return the same way as memcmp(), useful when sorting.
+ *
+ * @ingroup krb5
+ */
+
+int KRB5_LIB_FUNCTION
+krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
+{
+ if (data1->length != data2->length)
+ return data1->length - data2->length;
+ return memcmp(data1->data, data2->data, data1->length);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/derived-key-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/derived-key-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/derived-key-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: derived-key-test.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+enum { MAXSIZE = 24 };
+
+static struct testcase {
+ krb5_enctype enctype;
+ unsigned char constant[MAXSIZE];
+ size_t constant_len;
+ unsigned char key[MAXSIZE];
+ unsigned char res[MAXSIZE];
+} tests[] = {
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92},
+ {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2},
+ {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc},
+ {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5},
+ {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}},
+ {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8,
+ {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb},
+ {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}},
+ {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7,
+ {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e},
+ {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda},
+ {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c},
+ {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5,
+ {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43},
+ {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}},
+ {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5,
+ {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16},
+ {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}},
+ {0}
+};
+
+int KRB5_LIB_FUNCTION
+main(int argc, char **argv)
+{
+ struct testcase *t;
+ krb5_context context;
+ krb5_error_code ret;
+ int val = 0;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ for (t = tests; t->enctype != 0; ++t) {
+ krb5_keyblock key;
+ krb5_keyblock *dkey;
+
+ key.keytype = KEYTYPE_DES3;
+ key.keyvalue.length = MAXSIZE;
+ key.keyvalue.data = t->key;
+
+ ret = krb5_derive_key(context, &key, t->enctype, t->constant,
+ t->constant_len, &dkey);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_derive_key");
+ if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) {
+ const unsigned char *p = dkey->keyvalue.data;
+ int i;
+
+ printf ("derive_key failed\n");
+ printf ("should be: ");
+ for (i = 0; i < dkey->keyvalue.length; ++i)
+ printf ("%02x", t->res[i]);
+ printf ("\nresult was: ");
+ for (i = 0; i < dkey->keyvalue.length; ++i)
+ printf ("%02x", p[i]);
+ printf ("\n");
+ val = 1;
+ }
+ krb5_free_keyblock(context, dkey);
+ }
+ krb5_free_context(context);
+
+ return val;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/digest.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/digest.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/digest.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1199 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: digest.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#include "digest_asn1.h"
+
+struct krb5_digest_data {
+ char *cbtype;
+ char *cbbinding;
+
+ DigestInit init;
+ DigestInitReply initReply;
+ DigestRequest request;
+ DigestResponse response;
+};
+
+krb5_error_code
+krb5_digest_alloc(krb5_context context, krb5_digest *digest)
+{
+ krb5_digest d;
+
+ d = calloc(1, sizeof(*d));
+ if (d == NULL) {
+ *digest = NULL;
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest = d;
+
+ return 0;
+}
+
+void
+krb5_digest_free(krb5_digest digest)
+{
+ if (digest == NULL)
+ return;
+ free_DigestInit(&digest->init);
+ free_DigestInitReply(&digest->initReply);
+ free_DigestRequest(&digest->request);
+ free_DigestResponse(&digest->response);
+ memset(digest, 0, sizeof(*digest));
+ free(digest);
+ return;
+}
+
+krb5_error_code
+krb5_digest_set_server_cb(krb5_context context,
+ krb5_digest digest,
+ const char *type,
+ const char *binding)
+{
+ if (digest->init.channel) {
+ krb5_set_error_string(context, "server channel binding already set");
+ return EINVAL;
+ }
+ digest->init.channel = calloc(1, sizeof(*digest->init.channel));
+ if (digest->init.channel == NULL)
+ goto error;
+
+ digest->init.channel->cb_type = strdup(type);
+ if (digest->init.channel->cb_type == NULL)
+ goto error;
+
+ digest->init.channel->cb_binding = strdup(binding);
+ if (digest->init.channel->cb_binding == NULL)
+ goto error;
+ return 0;
+error:
+ if (digest->init.channel) {
+ free(digest->init.channel->cb_type);
+ free(digest->init.channel->cb_binding);
+ free(digest->init.channel);
+ digest->init.channel = NULL;
+ }
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+}
+
+krb5_error_code
+krb5_digest_set_type(krb5_context context,
+ krb5_digest digest,
+ const char *type)
+{
+ if (digest->init.type) {
+ krb5_set_error_string(context, "client type already set");
+ return EINVAL;
+ }
+ digest->init.type = strdup(type);
+ if (digest->init.type == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_hostname(krb5_context context,
+ krb5_digest digest,
+ const char *hostname)
+{
+ if (digest->init.hostname) {
+ krb5_set_error_string(context, "server hostname already set");
+ return EINVAL;
+ }
+ digest->init.hostname = malloc(sizeof(*digest->init.hostname));
+ if (digest->init.hostname == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->init.hostname = strdup(hostname);
+ if (*digest->init.hostname == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->init.hostname);
+ digest->init.hostname = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+const char *
+krb5_digest_get_server_nonce(krb5_context context,
+ krb5_digest digest)
+{
+ return digest->initReply.nonce;
+}
+
+krb5_error_code
+krb5_digest_set_server_nonce(krb5_context context,
+ krb5_digest digest,
+ const char *nonce)
+{
+ if (digest->request.serverNonce) {
+ krb5_set_error_string(context, "nonce already set");
+ return EINVAL;
+ }
+ digest->request.serverNonce = strdup(nonce);
+ if (digest->request.serverNonce == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+const char *
+krb5_digest_get_opaque(krb5_context context,
+ krb5_digest digest)
+{
+ return digest->initReply.opaque;
+}
+
+krb5_error_code
+krb5_digest_set_opaque(krb5_context context,
+ krb5_digest digest,
+ const char *opaque)
+{
+ if (digest->request.opaque) {
+ krb5_set_error_string(context, "opaque already set");
+ return EINVAL;
+ }
+ digest->request.opaque = strdup(opaque);
+ if (digest->request.opaque == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+const char *
+krb5_digest_get_identifier(krb5_context context,
+ krb5_digest digest)
+{
+ if (digest->initReply.identifier == NULL)
+ return NULL;
+ return *digest->initReply.identifier;
+}
+
+krb5_error_code
+krb5_digest_set_identifier(krb5_context context,
+ krb5_digest digest,
+ const char *id)
+{
+ if (digest->request.identifier) {
+ krb5_set_error_string(context, "identifier already set");
+ return EINVAL;
+ }
+ digest->request.identifier = calloc(1, sizeof(*digest->request.identifier));
+ if (digest->request.identifier == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.identifier = strdup(id);
+ if (*digest->request.identifier == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.identifier);
+ digest->request.identifier = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+static krb5_error_code
+digest_request(krb5_context context,
+ krb5_realm realm,
+ krb5_ccache ccache,
+ krb5_key_usage usage,
+ const DigestReqInner *ireq,
+ DigestRepInner *irep)
+{
+ DigestREQ req;
+ DigestREP rep;
+ krb5_error_code ret;
+ krb5_data data, data2;
+ size_t size;
+ krb5_crypto crypto = NULL;
+ krb5_auth_context ac = NULL;
+ krb5_principal principal = NULL;
+ krb5_ccache id = NULL;
+ krb5_realm r = NULL;
+
+ krb5_data_zero(&data);
+ krb5_data_zero(&data2);
+ memset(&req, 0, sizeof(req));
+ memset(&rep, 0, sizeof(rep));
+
+ if (ccache == NULL) {
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ goto out;
+ } else
+ id = ccache;
+
+ if (realm == NULL) {
+ ret = krb5_get_default_realm(context, &r);
+ if (ret)
+ goto out;
+ } else
+ r = realm;
+
+ /*
+ *
+ */
+
+ ret = krb5_make_principal(context, &principal,
+ r, KRB5_DIGEST_NAME, r, NULL);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(DigestReqInner, data.data, data.length,
+ ireq, &size, ret);
+ if (ret) {
+ krb5_set_error_string(context,
+ "Failed to encode digest inner request");
+ goto out;
+ }
+ if (size != data.length)
+ krb5_abortx(context, "ASN.1 internal encoder error");
+
+ ret = krb5_mk_req_exact(context, &ac,
+ AP_OPTS_USE_SUBKEY|AP_OPTS_MUTUAL_REQUIRED,
+ principal, NULL, id, &req.apReq);
+ if (ret)
+ goto out;
+
+ {
+ krb5_keyblock *key;
+
+ ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
+ if (ret)
+ goto out;
+ if (key == NULL) {
+ krb5_set_error_string(context, "Digest failed to get local subkey");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ goto out;
+ }
+
+ ret = krb5_encrypt_EncryptedData(context, crypto, usage,
+ data.data, data.length, 0,
+ &req.innerReq);
+ if (ret)
+ goto out;
+
+ krb5_data_free(&data);
+
+ ASN1_MALLOC_ENCODE(DigestREQ, data.data, data.length,
+ &req, &size, ret);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to encode DigestREQest");
+ goto out;
+ }
+ if (size != data.length)
+ krb5_abortx(context, "ASN.1 internal encoder error");
+
+ ret = krb5_sendto_kdc(context, &data, &r, &data2);
+ if (ret)
+ goto out;
+
+ ret = decode_DigestREP(data2.data, data2.length, &rep, NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to parse digest response");
+ goto out;
+ }
+
+ {
+ krb5_ap_rep_enc_part *repl;
+
+ ret = krb5_rd_rep(context, ac, &rep.apRep, &repl);
+ if (ret)
+ goto out;
+
+ krb5_free_ap_rep_enc_part(context, repl);
+ }
+ {
+ krb5_keyblock *key;
+
+ ret = krb5_auth_con_getremotesubkey(context, ac, &key);
+ if (ret)
+ goto out;
+ if (key == NULL) {
+ ret = EINVAL;
+ krb5_set_error_string(context,
+ "Digest reply have no remote subkey");
+ goto out;
+ }
+
+ krb5_crypto_destroy(context, crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ goto out;
+ }
+
+ krb5_data_free(&data);
+ ret = krb5_decrypt_EncryptedData(context, crypto, usage,
+ &rep.innerRep, &data);
+ if (ret)
+ goto out;
+
+ ret = decode_DigestRepInner(data.data, data.length, irep, NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode digest inner reply");
+ goto out;
+ }
+
+out:
+ if (ccache == NULL && id)
+ krb5_cc_close(context, id);
+ if (realm == NULL && r)
+ free(r);
+ if (crypto)
+ krb5_crypto_destroy(context, crypto);
+ if (ac)
+ krb5_auth_con_free(context, ac);
+ if (principal)
+ krb5_free_principal(context, principal);
+
+ krb5_data_free(&data);
+ krb5_data_free(&data2);
+
+ free_DigestREQ(&req);
+ free_DigestREP(&rep);
+
+ return ret;
+}
+
+krb5_error_code
+krb5_digest_init_request(krb5_context context,
+ krb5_digest digest,
+ krb5_realm realm,
+ krb5_ccache ccache)
+{
+ DigestReqInner ireq;
+ DigestRepInner irep;
+ krb5_error_code ret;
+
+ memset(&ireq, 0, sizeof(ireq));
+ memset(&irep, 0, sizeof(irep));
+
+ if (digest->init.type == NULL) {
+ krb5_set_error_string(context, "Type missing from init req");
+ return EINVAL;
+ }
+
+ ireq.element = choice_DigestReqInner_init;
+ ireq.u.init = digest->init;
+
+ ret = digest_request(context, realm, ccache,
+ KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
+ if (ret)
+ goto out;
+
+ if (irep.element == choice_DigestRepInner_error) {
+ krb5_set_error_string(context, "Digest init error: %s",
+ irep.u.error.reason);
+ ret = irep.u.error.code;
+ goto out;
+ }
+
+ if (irep.element != choice_DigestRepInner_initReply) {
+ krb5_set_error_string(context, "digest reply not an initReply");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = copy_DigestInitReply(&irep.u.initReply, &digest->initReply);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to copy initReply");
+ goto out;
+ }
+
+out:
+ free_DigestRepInner(&irep);
+
+ return ret;
+}
+
+
+krb5_error_code
+krb5_digest_set_client_nonce(krb5_context context,
+ krb5_digest digest,
+ const char *nonce)
+{
+ if (digest->request.clientNonce) {
+ krb5_set_error_string(context, "clientNonce already set");
+ return EINVAL;
+ }
+ digest->request.clientNonce =
+ calloc(1, sizeof(*digest->request.clientNonce));
+ if (digest->request.clientNonce == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.clientNonce = strdup(nonce);
+ if (*digest->request.clientNonce == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.clientNonce);
+ digest->request.clientNonce = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_digest(krb5_context context,
+ krb5_digest digest,
+ const char *dgst)
+{
+ if (digest->request.digest) {
+ krb5_set_error_string(context, "digest already set");
+ return EINVAL;
+ }
+ digest->request.digest = strdup(dgst);
+ if (digest->request.digest == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_username(krb5_context context,
+ krb5_digest digest,
+ const char *username)
+{
+ if (digest->request.username) {
+ krb5_set_error_string(context, "username already set");
+ return EINVAL;
+ }
+ digest->request.username = strdup(username);
+ if (digest->request.username == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_authid(krb5_context context,
+ krb5_digest digest,
+ const char *authid)
+{
+ if (digest->request.authid) {
+ krb5_set_error_string(context, "authid already set");
+ return EINVAL;
+ }
+ digest->request.authid = malloc(sizeof(*digest->request.authid));
+ if (digest->request.authid == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.authid = strdup(authid);
+ if (*digest->request.authid == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.authid);
+ digest->request.authid = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_authentication_user(krb5_context context,
+ krb5_digest digest,
+ krb5_principal authentication_user)
+{
+ krb5_error_code ret;
+
+ if (digest->request.authentication_user) {
+ krb5_set_error_string(context, "authentication_user already set");
+ return EINVAL;
+ }
+ ret = krb5_copy_principal(context,
+ authentication_user,
+ &digest->request.authentication_user);
+ if (digest->request.authentication_user == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_realm(krb5_context context,
+ krb5_digest digest,
+ const char *realm)
+{
+ if (digest->request.realm) {
+ krb5_set_error_string(context, "realm already set");
+ return EINVAL;
+ }
+ digest->request.realm = malloc(sizeof(*digest->request.realm));
+ if (digest->request.realm == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.realm = strdup(realm);
+ if (*digest->request.realm == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.realm);
+ digest->request.realm = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_method(krb5_context context,
+ krb5_digest digest,
+ const char *method)
+{
+ if (digest->request.method) {
+ krb5_set_error_string(context, "method already set");
+ return EINVAL;
+ }
+ digest->request.method = malloc(sizeof(*digest->request.method));
+ if (digest->request.method == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.method = strdup(method);
+ if (*digest->request.method == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.method);
+ digest->request.method = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_uri(krb5_context context,
+ krb5_digest digest,
+ const char *uri)
+{
+ if (digest->request.uri) {
+ krb5_set_error_string(context, "uri already set");
+ return EINVAL;
+ }
+ digest->request.uri = malloc(sizeof(*digest->request.uri));
+ if (digest->request.uri == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.uri = strdup(uri);
+ if (*digest->request.uri == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.uri);
+ digest->request.uri = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_nonceCount(krb5_context context,
+ krb5_digest digest,
+ const char *nonce_count)
+{
+ if (digest->request.nonceCount) {
+ krb5_set_error_string(context, "nonceCount already set");
+ return EINVAL;
+ }
+ digest->request.nonceCount =
+ malloc(sizeof(*digest->request.nonceCount));
+ if (digest->request.nonceCount == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.nonceCount = strdup(nonce_count);
+ if (*digest->request.nonceCount == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.nonceCount);
+ digest->request.nonceCount = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_set_qop(krb5_context context,
+ krb5_digest digest,
+ const char *qop)
+{
+ if (digest->request.qop) {
+ krb5_set_error_string(context, "qop already set");
+ return EINVAL;
+ }
+ digest->request.qop = malloc(sizeof(*digest->request.qop));
+ if (digest->request.qop == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ *digest->request.qop = strdup(qop);
+ if (*digest->request.qop == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(digest->request.qop);
+ digest->request.qop = NULL;
+ return ENOMEM;
+ }
+ return 0;
+}
+
+int
+krb5_digest_set_responseData(krb5_context context,
+ krb5_digest digest,
+ const char *response)
+{
+ digest->request.responseData = strdup(response);
+ if (digest->request.responseData == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_request(krb5_context context,
+ krb5_digest digest,
+ krb5_realm realm,
+ krb5_ccache ccache)
+{
+ DigestReqInner ireq;
+ DigestRepInner irep;
+ krb5_error_code ret;
+
+ memset(&ireq, 0, sizeof(ireq));
+ memset(&irep, 0, sizeof(irep));
+
+ ireq.element = choice_DigestReqInner_digestRequest;
+ ireq.u.digestRequest = digest->request;
+
+ if (digest->request.type == NULL) {
+ if (digest->init.type == NULL) {
+ krb5_set_error_string(context, "Type missing from req");
+ return EINVAL;
+ }
+ ireq.u.digestRequest.type = digest->init.type;
+ }
+
+ if (ireq.u.digestRequest.digest == NULL)
+ ireq.u.digestRequest.digest = "md5";
+
+ ret = digest_request(context, realm, ccache,
+ KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
+ if (ret)
+ return ret;
+
+ if (irep.element == choice_DigestRepInner_error) {
+ krb5_set_error_string(context, "Digest response error: %s",
+ irep.u.error.reason);
+ ret = irep.u.error.code;
+ goto out;
+ }
+
+ if (irep.element != choice_DigestRepInner_response) {
+ krb5_set_error_string(context, "digest reply not an DigestResponse");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = copy_DigestResponse(&irep.u.response, &digest->response);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to copy initReply");
+ goto out;
+ }
+
+out:
+ free_DigestRepInner(&irep);
+
+ return ret;
+}
+
+krb5_boolean
+krb5_digest_rep_get_status(krb5_context context,
+ krb5_digest digest)
+{
+ return digest->response.success ? TRUE : FALSE;
+}
+
+const char *
+krb5_digest_get_rsp(krb5_context context,
+ krb5_digest digest)
+{
+ if (digest->response.rsp == NULL)
+ return NULL;
+ return *digest->response.rsp;
+}
+
+krb5_error_code
+krb5_digest_get_tickets(krb5_context context,
+ krb5_digest digest,
+ Ticket **tickets)
+{
+ *tickets = NULL;
+ return 0;
+}
+
+
+krb5_error_code
+krb5_digest_get_client_binding(krb5_context context,
+ krb5_digest digest,
+ char **type,
+ char **binding)
+{
+ if (digest->response.channel) {
+ *type = strdup(digest->response.channel->cb_type);
+ *binding = strdup(digest->response.channel->cb_binding);
+ if (*type == NULL || *binding == NULL) {
+ free(*type);
+ free(*binding);
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ } else {
+ *type = NULL;
+ *binding = NULL;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_digest_get_session_key(krb5_context context,
+ krb5_digest digest,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+
+ krb5_data_zero(data);
+ if (digest->response.session_key == NULL)
+ return 0;
+ ret = der_copy_octet_string(digest->response.session_key, data);
+ if (ret)
+ krb5_clear_error_string(context);
+
+ return ret;
+}
+
+struct krb5_ntlm_data {
+ NTLMInit init;
+ NTLMInitReply initReply;
+ NTLMRequest request;
+ NTLMResponse response;
+};
+
+krb5_error_code
+krb5_ntlm_alloc(krb5_context context,
+ krb5_ntlm *ntlm)
+{
+ *ntlm = calloc(1, sizeof(**ntlm));
+ if (*ntlm == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm)
+{
+ free_NTLMInit(&ntlm->init);
+ free_NTLMInitReply(&ntlm->initReply);
+ free_NTLMRequest(&ntlm->request);
+ free_NTLMResponse(&ntlm->response);
+ memset(ntlm, 0, sizeof(*ntlm));
+ free(ntlm);
+ return 0;
+}
+
+
+krb5_error_code
+krb5_ntlm_init_request(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_realm realm,
+ krb5_ccache ccache,
+ uint32_t flags,
+ const char *hostname,
+ const char *domainname)
+{
+ DigestReqInner ireq;
+ DigestRepInner irep;
+ krb5_error_code ret;
+
+ memset(&ireq, 0, sizeof(ireq));
+ memset(&irep, 0, sizeof(irep));
+
+ ntlm->init.flags = flags;
+ if (hostname) {
+ ALLOC(ntlm->init.hostname, 1);
+ *ntlm->init.hostname = strdup(hostname);
+ }
+ if (domainname) {
+ ALLOC(ntlm->init.domain, 1);
+ *ntlm->init.domain = strdup(domainname);
+ }
+
+ ireq.element = choice_DigestReqInner_ntlmInit;
+ ireq.u.ntlmInit = ntlm->init;
+
+ ret = digest_request(context, realm, ccache,
+ KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
+ if (ret)
+ goto out;
+
+ if (irep.element == choice_DigestRepInner_error) {
+ krb5_set_error_string(context, "Digest init error: %s",
+ irep.u.error.reason);
+ ret = irep.u.error.code;
+ goto out;
+ }
+
+ if (irep.element != choice_DigestRepInner_ntlmInitReply) {
+ krb5_set_error_string(context, "ntlm reply not an initReply");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = copy_NTLMInitReply(&irep.u.ntlmInitReply, &ntlm->initReply);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to copy initReply");
+ goto out;
+ }
+
+out:
+ free_DigestRepInner(&irep);
+
+ return ret;
+}
+
+krb5_error_code
+krb5_ntlm_init_get_flags(krb5_context context,
+ krb5_ntlm ntlm,
+ uint32_t *flags)
+{
+ *flags = ntlm->initReply.flags;
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_init_get_challange(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_data *challange)
+{
+ krb5_error_code ret;
+
+ ret = der_copy_octet_string(&ntlm->initReply.challange, challange);
+ if (ret)
+ krb5_clear_error_string(context);
+
+ return ret;
+}
+
+krb5_error_code
+krb5_ntlm_init_get_opaque(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_data *opaque)
+{
+ krb5_error_code ret;
+
+ ret = der_copy_octet_string(&ntlm->initReply.opaque, opaque);
+ if (ret)
+ krb5_clear_error_string(context);
+
+ return ret;
+}
+
+krb5_error_code
+krb5_ntlm_init_get_targetname(krb5_context context,
+ krb5_ntlm ntlm,
+ char **name)
+{
+ *name = strdup(ntlm->initReply.targetname);
+ if (*name == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_init_get_targetinfo(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+
+ if (ntlm->initReply.targetinfo == NULL) {
+ krb5_data_zero(data);
+ return 0;
+ }
+
+ ret = krb5_data_copy(data,
+ ntlm->initReply.targetinfo->data,
+ ntlm->initReply.targetinfo->length);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ return 0;
+}
+
+
+krb5_error_code
+krb5_ntlm_request(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_realm realm,
+ krb5_ccache ccache)
+{
+ DigestReqInner ireq;
+ DigestRepInner irep;
+ krb5_error_code ret;
+
+ memset(&ireq, 0, sizeof(ireq));
+ memset(&irep, 0, sizeof(irep));
+
+ ireq.element = choice_DigestReqInner_ntlmRequest;
+ ireq.u.ntlmRequest = ntlm->request;
+
+ ret = digest_request(context, realm, ccache,
+ KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
+ if (ret)
+ return ret;
+
+ if (irep.element == choice_DigestRepInner_error) {
+ krb5_set_error_string(context, "NTLM response error: %s",
+ irep.u.error.reason);
+ ret = irep.u.error.code;
+ goto out;
+ }
+
+ if (irep.element != choice_DigestRepInner_ntlmResponse) {
+ krb5_set_error_string(context, "NTLM reply not an NTLMResponse");
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = copy_NTLMResponse(&irep.u.ntlmResponse, &ntlm->response);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to copy NTLMResponse");
+ goto out;
+ }
+
+out:
+ free_DigestRepInner(&irep);
+
+ return ret;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_flags(krb5_context context,
+ krb5_ntlm ntlm,
+ uint32_t flags)
+{
+ ntlm->request.flags = flags;
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_username(krb5_context context,
+ krb5_ntlm ntlm,
+ const char *username)
+{
+ ntlm->request.username = strdup(username);
+ if (ntlm->request.username == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_targetname(krb5_context context,
+ krb5_ntlm ntlm,
+ const char *targetname)
+{
+ ntlm->request.targetname = strdup(targetname);
+ if (ntlm->request.targetname == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_lm(krb5_context context,
+ krb5_ntlm ntlm,
+ void *hash, size_t len)
+{
+ ntlm->request.lm.data = malloc(len);
+ if (ntlm->request.lm.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ ntlm->request.lm.length = len;
+ memcpy(ntlm->request.lm.data, hash, len);
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_ntlm(krb5_context context,
+ krb5_ntlm ntlm,
+ void *hash, size_t len)
+{
+ ntlm->request.ntlm.data = malloc(len);
+ if (ntlm->request.ntlm.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ ntlm->request.ntlm.length = len;
+ memcpy(ntlm->request.ntlm.data, hash, len);
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_opaque(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_data *opaque)
+{
+ ntlm->request.opaque.data = malloc(opaque->length);
+ if (ntlm->request.opaque.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ ntlm->request.opaque.length = opaque->length;
+ memcpy(ntlm->request.opaque.data, opaque->data, opaque->length);
+ return 0;
+}
+
+krb5_error_code
+krb5_ntlm_req_set_session(krb5_context context,
+ krb5_ntlm ntlm,
+ void *sessionkey, size_t length)
+{
+ ntlm->request.sessionkey = calloc(1, sizeof(*ntlm->request.sessionkey));
+ if (ntlm->request.sessionkey == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ ntlm->request.sessionkey->data = malloc(length);
+ if (ntlm->request.sessionkey->data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ memcpy(ntlm->request.sessionkey->data, sessionkey, length);
+ ntlm->request.sessionkey->length = length;
+ return 0;
+}
+
+krb5_boolean
+krb5_ntlm_rep_get_status(krb5_context context,
+ krb5_ntlm ntlm)
+{
+ return ntlm->response.success ? TRUE : FALSE;
+}
+
+krb5_error_code
+krb5_ntlm_rep_get_sessionkey(krb5_context context,
+ krb5_ntlm ntlm,
+ krb5_data *data)
+{
+ if (ntlm->response.sessionkey == NULL) {
+ krb5_set_error_string(context, "no ntlm session key");
+ return EINVAL;
+ }
+ krb5_clear_error_string(context);
+ return krb5_data_copy(data,
+ ntlm->response.sessionkey->data,
+ ntlm->response.sessionkey->length);
+}
+
+/**
+ * Get the supported/allowed mechanism for this principal.
+ *
+ * @param context A Keberos context.
+ * @param realm The realm of the KDC.
+ * @param ccache The credential cache to use when talking to the KDC.
+ * @param flags The supported mechanism.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_digest
+ */
+
+krb5_error_code
+krb5_digest_probe(krb5_context context,
+ krb5_realm realm,
+ krb5_ccache ccache,
+ unsigned *flags)
+{
+ DigestReqInner ireq;
+ DigestRepInner irep;
+ krb5_error_code ret;
+
+ memset(&ireq, 0, sizeof(ireq));
+ memset(&irep, 0, sizeof(irep));
+
+ ireq.element = choice_DigestReqInner_supportedMechs;
+
+ ret = digest_request(context, realm, ccache,
+ KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep);
+ if (ret)
+ goto out;
+
+ if (irep.element == choice_DigestRepInner_error) {
+ krb5_set_error_string(context, "Digest probe error: %s",
+ irep.u.error.reason);
+ ret = irep.u.error.code;
+ goto out;
+ }
+
+ if (irep.element != choice_DigestRepInner_supportedMechs) {
+ krb5_set_error_string(context, "Digest reply not an probe");
+ ret = EINVAL;
+ goto out;
+ }
+
+ *flags = DigestTypes2int(irep.u.supportedMechs);
+
+out:
+ free_DigestRepInner(&irep);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/doxygen.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/doxygen.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/doxygen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: doxygen.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/**
+ *
+ */
+
+/*! \mainpage Heimdal Kerberos 5 library
+ *
+ * \section intro Introduction
+ *
+ * Heimdal libkrb5 library is a implementation of the Kerberos
+ * protocol.
+ *
+ * Kerberos is a system for authenticating users and services on a
+ * network. It is built upon the assumption that the network is
+ * ``unsafe''. For example, data sent over the network can be
+ * eavesdropped and altered, and addresses can also be faked.
+ * Therefore they cannot be used for authentication purposes.
+ *
+ * The project web page:\n
+ * http://www.h5l.org/
+ *
+ */
+
+/** @defgroup krb5 Heimdal Kerberos 5 library */
+/** @defgroup krb5_address Heimdal Kerberos 5 address functions */
+/** @defgroup krb5_ccache Heimdal Kerberos 5 credential cache functions */
+/** @defgroup krb5_credential Heimdal Kerberos 5 credential handing functions */
+/** @defgroup krb5_deprecated Heimdal Kerberos 5 deprecated functions */
+/** @defgroup krb5_digest Heimdal Kerberos 5 digest service */
+/** @defgroup krb5_error Heimdal Kerberos 5 error reporting functions */
+/** @defgroup krb5_v4compat Heimdal Kerberos 4 compatiblity functions */
+/** @defgroup krb5_support Heimdal Kerberos 5 support functions */
Added: vendor-crypto/heimdal/dist/lib/krb5/eai_to_heim_errno.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/eai_to_heim_errno.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/eai_to_heim_errno.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: eai_to_heim_errno.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/**
+ * Convert the getaddrinfo() error code to a Kerberos et error code.
+ *
+ * @param eai_errno contains the error code from getaddrinfo().
+ * @param system_error should have the value of errno after the failed getaddrinfo().
+ *
+ * @return Kerberos error code representing the EAI errors.
+ *
+ * @ingroup krb5_error
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_eai_to_heim_errno(int eai_errno, int system_error)
+{
+ switch(eai_errno) {
+ case EAI_NOERROR:
+ return 0;
+#ifdef EAI_ADDRFAMILY
+ case EAI_ADDRFAMILY:
+ return HEIM_EAI_ADDRFAMILY;
+#endif
+ case EAI_AGAIN:
+ return HEIM_EAI_AGAIN;
+ case EAI_BADFLAGS:
+ return HEIM_EAI_BADFLAGS;
+ case EAI_FAIL:
+ return HEIM_EAI_FAIL;
+ case EAI_FAMILY:
+ return HEIM_EAI_FAMILY;
+ case EAI_MEMORY:
+ return HEIM_EAI_MEMORY;
+#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
+ case EAI_NODATA:
+ return HEIM_EAI_NODATA;
+#endif
+ case EAI_NONAME:
+ return HEIM_EAI_NONAME;
+ case EAI_SERVICE:
+ return HEIM_EAI_SERVICE;
+ case EAI_SOCKTYPE:
+ return HEIM_EAI_SOCKTYPE;
+ case EAI_SYSTEM:
+ return system_error;
+ default:
+ return HEIM_EAI_UNKNOWN; /* XXX */
+ }
+}
+
+/**
+ * Convert the gethostname() error code (h_error) to a Kerberos et
+ * error code.
+ *
+ * @param eai_errno contains the error code from gethostname().
+ *
+ * @return Kerberos error code representing the gethostname errors.
+ *
+ * @ingroup krb5_error
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_h_errno_to_heim_errno(int eai_errno)
+{
+ switch(eai_errno) {
+ case 0:
+ return 0;
+ case HOST_NOT_FOUND:
+ return HEIM_EAI_NONAME;
+ case TRY_AGAIN:
+ return HEIM_EAI_AGAIN;
+ case NO_RECOVERY:
+ return HEIM_EAI_FAIL;
+ case NO_DATA:
+ return HEIM_EAI_NONAME;
+ default:
+ return HEIM_EAI_UNKNOWN; /* XXX */
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/error_string.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/error_string.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/error_string.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: error_string.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#undef __attribute__
+#define __attribute__(X)
+
+void KRB5_LIB_FUNCTION
+krb5_free_error_string(krb5_context context, char *str)
+{
+ HEIMDAL_MUTEX_lock(context->mutex);
+ if (str != context->error_buf)
+ free(str);
+ HEIMDAL_MUTEX_unlock(context->mutex);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_clear_error_string(krb5_context context)
+{
+ HEIMDAL_MUTEX_lock(context->mutex);
+ if (context->error_string != NULL
+ && context->error_string != context->error_buf)
+ free(context->error_string);
+ context->error_string = NULL;
+ HEIMDAL_MUTEX_unlock(context->mutex);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_error_string(krb5_context context, const char *fmt, ...)
+ __attribute__((format (printf, 2, 3)))
+{
+ krb5_error_code ret;
+ va_list ap;
+
+ va_start(ap, fmt);
+ ret = krb5_vset_error_string (context, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vset_error_string(krb5_context context, const char *fmt, va_list args)
+ __attribute__ ((format (printf, 2, 0)))
+{
+ krb5_clear_error_string(context);
+ HEIMDAL_MUTEX_lock(context->mutex);
+ vasprintf(&context->error_string, fmt, args);
+ if(context->error_string == NULL) {
+ vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args);
+ context->error_string = context->error_buf;
+ }
+ HEIMDAL_MUTEX_unlock(context->mutex);
+ return 0;
+}
+
+/**
+ * Return the error message in context. On error or no error string,
+ * the function returns NULL.
+ *
+ * @param context Kerberos 5 context
+ *
+ * @return an error string, needs to be freed with
+ * krb5_free_error_string(). The functions return NULL on error.
+ *
+ * @ingroup krb5_error
+ */
+
+char * KRB5_LIB_FUNCTION
+krb5_get_error_string(krb5_context context)
+{
+ char *ret = NULL;
+
+ HEIMDAL_MUTEX_lock(context->mutex);
+ if (context->error_string)
+ ret = strdup(context->error_string);
+ HEIMDAL_MUTEX_unlock(context->mutex);
+ return ret;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_have_error_string(krb5_context context)
+{
+ char *str;
+ HEIMDAL_MUTEX_lock(context->mutex);
+ str = context->error_string;
+ HEIMDAL_MUTEX_unlock(context->mutex);
+ return str != NULL;
+}
+
+/**
+ * Return the error message for `code' in context. On error the
+ * function returns NULL.
+ *
+ * @param context Kerberos 5 context
+ * @param code Error code related to the error
+ *
+ * @return an error string, needs to be freed with
+ * krb5_free_error_string(). The functions return NULL on error.
+ *
+ * @ingroup krb5_error
+ */
+
+char * KRB5_LIB_FUNCTION
+krb5_get_error_message(krb5_context context, krb5_error_code code)
+{
+ const char *cstr;
+ char *str;
+
+ str = krb5_get_error_string(context);
+ if (str)
+ return str;
+
+ cstr = krb5_get_err_text(context, code);
+ if (cstr)
+ return strdup(cstr);
+
+ if (asprintf(&str, "<unknown error: %d>", code) == -1)
+ return NULL;
+
+ return str;
+}
+
Added: vendor-crypto/heimdal/dist/lib/krb5/expand_hostname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/expand_hostname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/expand_hostname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: expand_hostname.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static krb5_error_code
+copy_hostname(krb5_context context,
+ const char *orig_hostname,
+ char **new_hostname)
+{
+ *new_hostname = strdup (orig_hostname);
+ if (*new_hostname == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ strlwr (*new_hostname);
+ return 0;
+}
+
+/*
+ * Try to make `orig_hostname' into a more canonical one in the newly
+ * allocated space returned in `new_hostname'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_expand_hostname (krb5_context context,
+ const char *orig_hostname,
+ char **new_hostname)
+{
+ struct addrinfo *ai, *a, hints;
+ int error;
+
+ if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0)
+ return copy_hostname (context, orig_hostname, new_hostname);
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+
+ error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
+ if (error)
+ return copy_hostname (context, orig_hostname, new_hostname);
+ for (a = ai; a != NULL; a = a->ai_next) {
+ if (a->ai_canonname != NULL) {
+ *new_hostname = strdup (a->ai_canonname);
+ freeaddrinfo (ai);
+ if (*new_hostname == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ } else {
+ return 0;
+ }
+ }
+ }
+ freeaddrinfo (ai);
+ return copy_hostname (context, orig_hostname, new_hostname);
+}
+
+/*
+ * handle the case of the hostname being unresolvable and thus identical
+ */
+
+static krb5_error_code
+vanilla_hostname (krb5_context context,
+ const char *orig_hostname,
+ char **new_hostname,
+ char ***realms)
+{
+ krb5_error_code ret;
+
+ ret = copy_hostname (context, orig_hostname, new_hostname);
+ if (ret)
+ return ret;
+ strlwr (*new_hostname);
+
+ ret = krb5_get_host_realm (context, *new_hostname, realms);
+ if (ret) {
+ free (*new_hostname);
+ return ret;
+ }
+ return 0;
+}
+
+/*
+ * expand `hostname' to a name we believe to be a hostname in newly
+ * allocated space in `host' and return realms in `realms'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_expand_hostname_realms (krb5_context context,
+ const char *orig_hostname,
+ char **new_hostname,
+ char ***realms)
+{
+ struct addrinfo *ai, *a, hints;
+ int error;
+ krb5_error_code ret = 0;
+
+ if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0)
+ return vanilla_hostname (context, orig_hostname, new_hostname,
+ realms);
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+
+ error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
+ if (error)
+ return vanilla_hostname (context, orig_hostname, new_hostname,
+ realms);
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ if (a->ai_canonname != NULL) {
+ ret = copy_hostname (context, a->ai_canonname, new_hostname);
+ if (ret) {
+ freeaddrinfo (ai);
+ return ret;
+ }
+ strlwr (*new_hostname);
+ ret = krb5_get_host_realm (context, *new_hostname, realms);
+ if (ret == 0) {
+ freeaddrinfo (ai);
+ return 0;
+ }
+ free (*new_hostname);
+ }
+ }
+ freeaddrinfo(ai);
+ return vanilla_hostname (context, orig_hostname, new_hostname, realms);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/fcache.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/fcache.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/fcache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,881 @@
+/*
+ * Copyright (c) 1997 - 2008 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: fcache.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+typedef struct krb5_fcache{
+ char *filename;
+ int version;
+}krb5_fcache;
+
+struct fcc_cursor {
+ int fd;
+ krb5_storage *sp;
+};
+
+#define KRB5_FCC_FVNO_1 1
+#define KRB5_FCC_FVNO_2 2
+#define KRB5_FCC_FVNO_3 3
+#define KRB5_FCC_FVNO_4 4
+
+#define FCC_TAG_DELTATIME 1
+
+#define FCACHE(X) ((krb5_fcache*)(X)->data.data)
+
+#define FILENAME(X) (FCACHE(X)->filename)
+
+#define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
+
+static const char*
+fcc_get_name(krb5_context context,
+ krb5_ccache id)
+{
+ return FILENAME(id);
+}
+
+int
+_krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
+ const char *filename)
+{
+ int ret;
+#ifdef HAVE_FCNTL
+ struct flock l;
+
+ l.l_start = 0;
+ l.l_len = 0;
+ l.l_type = exclusive ? F_WRLCK : F_RDLCK;
+ l.l_whence = SEEK_SET;
+ ret = fcntl(fd, F_SETLKW, &l);
+#else
+ ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH);
+#endif
+ if(ret < 0)
+ ret = errno;
+ if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */
+ ret = EAGAIN;
+
+ switch (ret) {
+ case 0:
+ break;
+ case EINVAL: /* filesystem doesn't support locking, let the user have it */
+ ret = 0;
+ break;
+ case EAGAIN:
+ krb5_set_error_string(context, "timed out locking cache file %s",
+ filename);
+ break;
+ default:
+ krb5_set_error_string(context, "error locking cache file %s: %s",
+ filename, strerror(ret));
+ break;
+ }
+ return ret;
+}
+
+int
+_krb5_xunlock(krb5_context context, int fd)
+{
+ int ret;
+#ifdef HAVE_FCNTL
+ struct flock l;
+ l.l_start = 0;
+ l.l_len = 0;
+ l.l_type = F_UNLCK;
+ l.l_whence = SEEK_SET;
+ ret = fcntl(fd, F_SETLKW, &l);
+#else
+ ret = flock(fd, LOCK_UN);
+#endif
+ if (ret < 0)
+ ret = errno;
+ switch (ret) {
+ case 0:
+ break;
+ case EINVAL: /* filesystem doesn't support locking, let the user have it */
+ ret = 0;
+ break;
+ default:
+ krb5_set_error_string(context,
+ "Failed to unlock file: %s", strerror(ret));
+ break;
+ }
+ return ret;
+}
+
+static krb5_error_code
+fcc_lock(krb5_context context, krb5_ccache id,
+ int fd, krb5_boolean exclusive)
+{
+ return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id));
+}
+
+static krb5_error_code
+fcc_unlock(krb5_context context, int fd)
+{
+ return _krb5_xunlock(context, fd);
+}
+
+static krb5_error_code
+fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
+{
+ krb5_fcache *f;
+ f = malloc(sizeof(*f));
+ if(f == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ f->filename = strdup(res);
+ if(f->filename == NULL){
+ free(f);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ f->version = 0;
+ (*id)->data.data = f;
+ (*id)->data.length = sizeof(*f);
+ return 0;
+}
+
+/*
+ * Try to scrub the contents of `filename' safely.
+ */
+
+static int
+scrub_file (int fd)
+{
+ off_t pos;
+ char buf[128];
+
+ pos = lseek(fd, 0, SEEK_END);
+ if (pos < 0)
+ return errno;
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ return errno;
+ memset(buf, 0, sizeof(buf));
+ while(pos > 0) {
+ ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
+
+ if (tmp < 0)
+ return errno;
+ pos -= tmp;
+ }
+ fsync (fd);
+ return 0;
+}
+
+/*
+ * Erase `filename' if it exists, trying to remove the contents if
+ * it's `safe'. We always try to remove the file, it it exists. It's
+ * only overwritten if it's a regular file (not a symlink and not a
+ * hardlink)
+ */
+
+static krb5_error_code
+erase_file(const char *filename)
+{
+ int fd;
+ struct stat sb1, sb2;
+ int ret;
+
+ ret = lstat (filename, &sb1);
+ if (ret < 0)
+ return errno;
+
+ fd = open(filename, O_RDWR | O_BINARY);
+ if(fd < 0) {
+ if(errno == ENOENT)
+ return 0;
+ else
+ return errno;
+ }
+ if (unlink(filename) < 0) {
+ close (fd);
+ return errno;
+ }
+ ret = fstat (fd, &sb2);
+ if (ret < 0) {
+ close (fd);
+ return errno;
+ }
+
+ /* check if someone was playing with symlinks */
+
+ if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+ close (fd);
+ return EPERM;
+ }
+
+ /* there are still hard links to this file */
+
+ if (sb2.st_nlink != 0) {
+ close (fd);
+ return 0;
+ }
+
+ ret = scrub_file (fd);
+ close (fd);
+ return ret;
+}
+
+static krb5_error_code
+fcc_gen_new(krb5_context context, krb5_ccache *id)
+{
+ krb5_fcache *f;
+ int fd;
+ char *file;
+
+ f = malloc(sizeof(*f));
+ if(f == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
+ if(file == NULL) {
+ free(f);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ fd = mkstemp(file);
+ if(fd < 0) {
+ int ret = errno;
+ krb5_set_error_string(context, "mkstemp %s", file);
+ free(f);
+ free(file);
+ return ret;
+ }
+ close(fd);
+ f->filename = file;
+ f->version = 0;
+ (*id)->data.data = f;
+ (*id)->data.length = sizeof(*f);
+ return 0;
+}
+
+static void
+storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
+{
+ int flags = 0;
+ switch(vno) {
+ case KRB5_FCC_FVNO_1:
+ flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
+ flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
+ flags |= KRB5_STORAGE_HOST_BYTEORDER;
+ break;
+ case KRB5_FCC_FVNO_2:
+ flags |= KRB5_STORAGE_HOST_BYTEORDER;
+ break;
+ case KRB5_FCC_FVNO_3:
+ flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE;
+ break;
+ case KRB5_FCC_FVNO_4:
+ break;
+ default:
+ krb5_abortx(context,
+ "storage_set_flags called with bad vno (%x)", vno);
+ }
+ krb5_storage_set_flags(sp, flags);
+}
+
+static krb5_error_code
+fcc_open(krb5_context context,
+ krb5_ccache id,
+ int *fd_ret,
+ int flags,
+ mode_t mode)
+{
+ krb5_boolean exclusive = ((flags | O_WRONLY) == flags ||
+ (flags | O_RDWR) == flags);
+ krb5_error_code ret;
+ const char *filename = FILENAME(id);
+ int fd;
+ fd = open(filename, flags, mode);
+ if(fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "open(%s): %s", filename,
+ strerror(ret));
+ return ret;
+ }
+
+ if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
+ close(fd);
+ return ret;
+ }
+ *fd_ret = fd;
+ return 0;
+}
+
+static krb5_error_code
+fcc_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ krb5_fcache *f = FCACHE(id);
+ int ret = 0;
+ int fd;
+ char *filename = f->filename;
+
+ unlink (filename);
+
+ ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ if(ret)
+ return ret;
+ {
+ krb5_storage *sp;
+ sp = krb5_storage_from_fd(fd);
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ if(context->fcache_vno != 0)
+ f->version = context->fcache_vno;
+ else
+ f->version = KRB5_FCC_FVNO_4;
+ ret |= krb5_store_int8(sp, 5);
+ ret |= krb5_store_int8(sp, f->version);
+ storage_set_flags(context, sp, f->version);
+ if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
+ /* V4 stuff */
+ if (context->kdc_sec_offset) {
+ ret |= krb5_store_int16 (sp, 12); /* length */
+ ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
+ ret |= krb5_store_int16 (sp, 8); /* length of data */
+ ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
+ ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
+ } else {
+ ret |= krb5_store_int16 (sp, 0);
+ }
+ }
+ ret |= krb5_store_principal(sp, primary_principal);
+
+ krb5_storage_free(sp);
+ }
+ fcc_unlock(context, fd);
+ if (close(fd) < 0)
+ if (ret == 0) {
+ ret = errno;
+ krb5_set_error_string (context, "close %s: %s",
+ FILENAME(id), strerror(ret));
+ }
+ return ret;
+}
+
+static krb5_error_code
+fcc_close(krb5_context context,
+ krb5_ccache id)
+{
+ free (FILENAME(id));
+ krb5_data_free(&id->data);
+ return 0;
+}
+
+static krb5_error_code
+fcc_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ erase_file(FILENAME(id));
+ return 0;
+}
+
+static krb5_error_code
+fcc_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ int ret;
+ int fd;
+
+ ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0);
+ if(ret)
+ return ret;
+ {
+ krb5_storage *sp;
+ sp = krb5_storage_from_fd(fd);
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ storage_set_flags(context, sp, FCACHE(id)->version);
+ if (!krb5_config_get_bool_default(context, NULL, TRUE,
+ "libdefaults",
+ "fcc-mit-ticketflags",
+ NULL))
+ krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER);
+ ret = krb5_store_creds(sp, creds);
+ krb5_storage_free(sp);
+ }
+ fcc_unlock(context, fd);
+ if (close(fd) < 0)
+ if (ret == 0) {
+ ret = errno;
+ krb5_set_error_string (context, "close %s: %s",
+ FILENAME(id), strerror(ret));
+ }
+ return ret;
+}
+
+static krb5_error_code
+init_fcc (krb5_context context,
+ krb5_ccache id,
+ krb5_storage **ret_sp,
+ int *ret_fd)
+{
+ int fd;
+ int8_t pvno, tag;
+ krb5_storage *sp;
+ krb5_error_code ret;
+
+ ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0);
+ if(ret)
+ return ret;
+
+ sp = krb5_storage_from_fd(fd);
+ if(sp == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+ krb5_storage_set_eof_code(sp, KRB5_CC_END);
+ ret = krb5_ret_int8(sp, &pvno);
+ if(ret != 0) {
+ if(ret == KRB5_CC_END) {
+ krb5_set_error_string(context, "Empty credential cache file: %s",
+ FILENAME(id));
+ ret = ENOENT;
+ } else
+ krb5_set_error_string(context, "Error reading pvno in "
+ "cache file: %s", FILENAME(id));
+ goto out;
+ }
+ if(pvno != 5) {
+ krb5_set_error_string(context, "Bad version number in credential "
+ "cache file: %s", FILENAME(id));
+ ret = KRB5_CCACHE_BADVNO;
+ goto out;
+ }
+ ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */
+ if(ret != 0) {
+ krb5_set_error_string(context, "Error reading tag in "
+ "cache file: %s", FILENAME(id));
+ ret = KRB5_CC_FORMAT;
+ goto out;
+ }
+ FCACHE(id)->version = tag;
+ storage_set_flags(context, sp, FCACHE(id)->version);
+ switch (tag) {
+ case KRB5_FCC_FVNO_4: {
+ int16_t length;
+
+ ret = krb5_ret_int16 (sp, &length);
+ if(ret) {
+ ret = KRB5_CC_FORMAT;
+ krb5_set_error_string(context, "Error reading tag length in "
+ "cache file: %s", FILENAME(id));
+ goto out;
+ }
+ while(length > 0) {
+ int16_t dtag, data_len;
+ int i;
+ int8_t dummy;
+
+ ret = krb5_ret_int16 (sp, &dtag);
+ if(ret) {
+ krb5_set_error_string(context, "Error reading dtag in "
+ "cache file: %s", FILENAME(id));
+ ret = KRB5_CC_FORMAT;
+ goto out;
+ }
+ ret = krb5_ret_int16 (sp, &data_len);
+ if(ret) {
+ krb5_set_error_string(context, "Error reading dlength in "
+ "cache file: %s", FILENAME(id));
+ ret = KRB5_CC_FORMAT;
+ goto out;
+ }
+ switch (dtag) {
+ case FCC_TAG_DELTATIME :
+ ret = krb5_ret_int32 (sp, &context->kdc_sec_offset);
+ if(ret) {
+ krb5_set_error_string(context, "Error reading kdc_sec in "
+ "cache file: %s", FILENAME(id));
+ ret = KRB5_CC_FORMAT;
+ goto out;
+ }
+ ret = krb5_ret_int32 (sp, &context->kdc_usec_offset);
+ if(ret) {
+ krb5_set_error_string(context, "Error reading kdc_usec in "
+ "cache file: %s", FILENAME(id));
+ ret = KRB5_CC_FORMAT;
+ goto out;
+ }
+ break;
+ default :
+ for (i = 0; i < data_len; ++i) {
+ ret = krb5_ret_int8 (sp, &dummy);
+ if(ret) {
+ krb5_set_error_string(context, "Error reading unknown "
+ "tag in cache file: %s",
+ FILENAME(id));
+ ret = KRB5_CC_FORMAT;
+ goto out;
+ }
+ }
+ break;
+ }
+ length -= 4 + data_len;
+ }
+ break;
+ }
+ case KRB5_FCC_FVNO_3:
+ case KRB5_FCC_FVNO_2:
+ case KRB5_FCC_FVNO_1:
+ break;
+ default :
+ ret = KRB5_CCACHE_BADVNO;
+ krb5_set_error_string(context, "Unknown version number (%d) in "
+ "credential cache file: %s",
+ (int)tag, FILENAME(id));
+ goto out;
+ }
+ *ret_sp = sp;
+ *ret_fd = fd;
+
+ return 0;
+ out:
+ if(sp != NULL)
+ krb5_storage_free(sp);
+ fcc_unlock(context, fd);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code
+fcc_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ int fd;
+ krb5_storage *sp;
+
+ ret = init_fcc (context, id, &sp, &fd);
+ if (ret)
+ return ret;
+ ret = krb5_ret_principal(sp, principal);
+ if (ret)
+ krb5_clear_error_string(context);
+ krb5_storage_free(sp);
+ fcc_unlock(context, fd);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code
+fcc_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor);
+
+static krb5_error_code
+fcc_get_first (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ krb5_error_code ret;
+ krb5_principal principal;
+
+ *cursor = malloc(sizeof(struct fcc_cursor));
+ if (*cursor == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memset(*cursor, 0, sizeof(struct fcc_cursor));
+
+ ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
+ &FCC_CURSOR(*cursor)->fd);
+ if (ret) {
+ free(*cursor);
+ *cursor = NULL;
+ return ret;
+ }
+ ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal);
+ if(ret) {
+ krb5_clear_error_string(context);
+ fcc_end_get(context, id, cursor);
+ return ret;
+ }
+ krb5_free_principal (context, principal);
+ fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
+ return 0;
+}
+
+static krb5_error_code
+fcc_get_next (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0)
+ return ret;
+
+ ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds);
+ if (ret)
+ krb5_clear_error_string(context);
+
+ fcc_unlock(context, FCC_CURSOR(*cursor)->fd);
+ return ret;
+}
+
+static krb5_error_code
+fcc_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ krb5_storage_free(FCC_CURSOR(*cursor)->sp);
+ close (FCC_CURSOR(*cursor)->fd);
+ free(*cursor);
+ *cursor = NULL;
+ return 0;
+}
+
+static krb5_error_code
+fcc_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *cred)
+{
+ krb5_error_code ret;
+ krb5_ccache copy;
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, ©);
+ if (ret)
+ return ret;
+
+ ret = krb5_cc_copy_cache(context, id, copy);
+ if (ret) {
+ krb5_cc_destroy(context, copy);
+ return ret;
+ }
+
+ ret = krb5_cc_remove_cred(context, copy, which, cred);
+ if (ret) {
+ krb5_cc_destroy(context, copy);
+ return ret;
+ }
+
+ fcc_destroy(context, id);
+
+ ret = krb5_cc_copy_cache(context, copy, id);
+ krb5_cc_destroy(context, copy);
+
+ return ret;
+}
+
+static krb5_error_code
+fcc_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ return 0; /* XXX */
+}
+
+static krb5_error_code
+fcc_get_version(krb5_context context,
+ krb5_ccache id)
+{
+ return FCACHE(id)->version;
+}
+
+struct fcache_iter {
+ int first;
+};
+
+static krb5_error_code
+fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
+{
+ struct fcache_iter *iter;
+
+ iter = calloc(1, sizeof(*iter));
+ if (iter == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+ iter->first = 1;
+ *cursor = iter;
+ return 0;
+}
+
+static krb5_error_code
+fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+ struct fcache_iter *iter = cursor;
+ krb5_error_code ret;
+ const char *fn;
+ char *expandedfn = NULL;
+
+ if (!iter->first) {
+ krb5_clear_error_string(context);
+ return KRB5_CC_END;
+ }
+ iter->first = 0;
+
+ fn = krb5_cc_default_name(context);
+ if (strncasecmp(fn, "FILE:", 5) != 0) {
+ ret = _krb5_expand_default_cc_name(context,
+ KRB5_DEFAULT_CCNAME_FILE,
+ &expandedfn);
+ if (ret)
+ return ret;
+ }
+ ret = krb5_cc_resolve(context, fn, id);
+ if (expandedfn)
+ free(expandedfn);
+
+ return ret;
+}
+
+static krb5_error_code
+fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
+{
+ struct fcache_iter *iter = cursor;
+ free(iter);
+ return 0;
+}
+
+static krb5_error_code
+fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
+{
+ krb5_error_code ret = 0;
+
+ ret = rename(FILENAME(from), FILENAME(to));
+ if (ret && errno != EXDEV) {
+ ret = errno;
+ krb5_set_error_string(context,
+ "Rename of file from %s to %s failed: %s",
+ FILENAME(from), FILENAME(to),
+ strerror(ret));
+ return ret;
+ } else if (ret && errno == EXDEV) {
+ /* make a copy and delete the orignal */
+ krb5_ssize_t sz1, sz2;
+ int fd1, fd2;
+ char buf[BUFSIZ];
+
+ ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0);
+ if(ret)
+ return ret;
+
+ unlink(FILENAME(to));
+
+ ret = fcc_open(context, to, &fd2,
+ O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600);
+ if(ret)
+ goto out1;
+
+ while((sz1 = read(fd1, buf, sizeof(buf))) > 0) {
+ sz2 = write(fd2, buf, sz1);
+ if (sz1 != sz2) {
+ ret = EIO;
+ krb5_set_error_string(context,
+ "Failed to write data from one file "
+ "credential cache to the other");
+ goto out2;
+ }
+ }
+ if (sz1 < 0) {
+ ret = EIO;
+ krb5_set_error_string(context,
+ "Failed to read data from one file "
+ "credential cache to the other");
+ goto out2;
+ }
+ erase_file(FILENAME(from));
+
+ out2:
+ fcc_unlock(context, fd2);
+ close(fd2);
+
+ out1:
+ fcc_unlock(context, fd1);
+ close(fd1);
+
+ if (ret) {
+ erase_file(FILENAME(to));
+ return ret;
+ }
+ }
+
+ /* make sure ->version is uptodate */
+ {
+ krb5_storage *sp;
+ int fd;
+ ret = init_fcc (context, to, &sp, &fd);
+ krb5_storage_free(sp);
+ fcc_unlock(context, fd);
+ close(fd);
+ }
+ return ret;
+}
+
+static krb5_error_code
+fcc_default_name(krb5_context context, char **str)
+{
+ return _krb5_expand_default_cc_name(context,
+ KRB5_DEFAULT_CCNAME_FILE,
+ str);
+}
+
+/**
+ * Variable containing the FILE based credential cache implemention.
+ *
+ * @ingroup krb5_ccache
+ */
+
+const krb5_cc_ops krb5_fcc_ops = {
+ "FILE",
+ fcc_get_name,
+ fcc_resolve,
+ fcc_gen_new,
+ fcc_initialize,
+ fcc_destroy,
+ fcc_close,
+ fcc_store_cred,
+ NULL, /* fcc_retrieve */
+ fcc_get_principal,
+ fcc_get_first,
+ fcc_get_next,
+ fcc_end_get,
+ fcc_remove_cred,
+ fcc_set_flags,
+ fcc_get_version,
+ fcc_get_cache_first,
+ fcc_get_cache_next,
+ fcc_end_cache_get,
+ fcc_move,
+ fcc_default_name
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/free.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/free.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/free.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: free.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep)
+{
+ free_KDC_REP(&rep->kdc_rep);
+ free_EncTGSRepPart(&rep->enc_part);
+ free_KRB_ERROR(&rep->error);
+ memset(rep, 0, sizeof(*rep));
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_xfree (void *ptr)
+{
+ free (ptr);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/free_host_realm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/free_host_realm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/free_host_realm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1997, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: free_host_realm.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Free all memory allocated by `realmlist'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_host_realm(krb5_context context,
+ krb5_realm *realmlist)
+{
+ krb5_realm *p;
+
+ if(realmlist == NULL)
+ return 0;
+ for (p = realmlist; *p; ++p)
+ free (*p);
+ free (realmlist);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/generate_seq_number.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/generate_seq_number.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/generate_seq_number.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: generate_seq_number.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_seq_number(krb5_context context,
+ const krb5_keyblock *key,
+ uint32_t *seqno)
+{
+ krb5_error_code ret;
+ krb5_keyblock *subkey;
+ uint32_t q;
+ u_char *p;
+ int i;
+
+ ret = krb5_generate_subkey (context, key, &subkey);
+ if (ret)
+ return ret;
+
+ q = 0;
+ for (p = (u_char *)subkey->keyvalue.data, i = 0;
+ i < subkey->keyvalue.length;
+ ++i, ++p)
+ q = (q << 8) | *p;
+ q &= 0xffffffff;
+ *seqno = q;
+ krb5_free_keyblock (context, subkey);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/generate_subkey.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/generate_subkey.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/generate_subkey.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: generate_subkey.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_subkey(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_keyblock **subkey)
+{
+ return krb5_generate_subkey_extended(context, key, key->keytype, subkey);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_subkey_extended(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_enctype etype,
+ krb5_keyblock **subkey)
+{
+ krb5_error_code ret;
+
+ ALLOC(*subkey, 1);
+ if (*subkey == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ if (etype == ETYPE_NULL)
+ etype = key->keytype; /* use session key etype */
+
+ /* XXX should we use the session key as input to the RF? */
+ ret = krb5_generate_random_keyblock(context, etype, *subkey);
+ if (ret != 0) {
+ free(*subkey);
+ *subkey = NULL;
+ }
+
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/lib/krb5/get_addrs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_addrs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_addrs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,291 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_addrs.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifdef __osf__
+/* hate */
+struct rtentry;
+struct mbuf;
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#include <ifaddrs.h>
+
+static krb5_error_code
+gethostname_fallback (krb5_context context, krb5_addresses *res)
+{
+ krb5_error_code ret;
+ char hostname[MAXHOSTNAMELEN];
+ struct hostent *hostent;
+
+ if (gethostname (hostname, sizeof(hostname))) {
+ ret = errno;
+ krb5_set_error_string (context, "gethostname: %s", strerror(ret));
+ return ret;
+ }
+ hostent = roken_gethostbyname (hostname);
+ if (hostent == NULL) {
+ ret = errno;
+ krb5_set_error_string (context, "gethostbyname %s: %s",
+ hostname, strerror(ret));
+ return ret;
+ }
+ res->len = 1;
+ res->val = malloc (sizeof(*res->val));
+ if (res->val == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ res->val[0].addr_type = hostent->h_addrtype;
+ res->val[0].address.data = NULL;
+ res->val[0].address.length = 0;
+ ret = krb5_data_copy (&res->val[0].address,
+ hostent->h_addr,
+ hostent->h_length);
+ if (ret) {
+ free (res->val);
+ return ret;
+ }
+ return 0;
+}
+
+enum {
+ LOOP = 1, /* do include loopback interfaces */
+ LOOP_IF_NONE = 2, /* include loopback if no other if's */
+ EXTRA_ADDRESSES = 4, /* include extra addresses */
+ SCAN_INTERFACES = 8 /* scan interfaces for addresses */
+};
+
+/*
+ * Try to figure out the addresses of all configured interfaces with a
+ * lot of magic ioctls.
+ */
+
+static krb5_error_code
+find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
+{
+ struct sockaddr sa_zero;
+ struct ifaddrs *ifa0, *ifa;
+ krb5_error_code ret = ENXIO;
+ int num, idx;
+ krb5_addresses ignore_addresses;
+
+ res->val = NULL;
+
+ if (getifaddrs(&ifa0) == -1) {
+ ret = errno;
+ krb5_set_error_string(context, "getifaddrs: %s", strerror(ret));
+ return (ret);
+ }
+
+ memset(&sa_zero, 0, sizeof(sa_zero));
+
+ /* First, count all the ifaddrs. */
+ for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++)
+ /* nothing */;
+
+ if (num == 0) {
+ freeifaddrs(ifa0);
+ krb5_set_error_string(context, "no addresses found");
+ return (ENXIO);
+ }
+
+ if (flags & EXTRA_ADDRESSES) {
+ /* we'll remove the addresses we don't care about */
+ ret = krb5_get_ignore_addresses(context, &ignore_addresses);
+ if(ret)
+ return ret;
+ }
+
+ /* Allocate storage for them. */
+ res->val = calloc(num, sizeof(*res->val));
+ if (res->val == NULL) {
+ krb5_free_addresses(context, &ignore_addresses);
+ freeifaddrs(ifa0);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return (ENOMEM);
+ }
+
+ /* Now traverse the list. */
+ for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) {
+ if ((ifa->ifa_flags & IFF_UP) == 0)
+ continue;
+ if (ifa->ifa_addr == NULL)
+ continue;
+ if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
+ continue;
+ if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
+ continue;
+ if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
+ /* We'll deal with the LOOP_IF_NONE case later. */
+ if ((flags & LOOP) == 0)
+ continue;
+ }
+
+ ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]);
+ if (ret) {
+ /*
+ * The most likely error here is going to be "Program
+ * lacks support for address type". This is no big
+ * deal -- just continue, and we'll listen on the
+ * addresses who's type we *do* support.
+ */
+ continue;
+ }
+ /* possibly skip this address? */
+ if((flags & EXTRA_ADDRESSES) &&
+ krb5_address_search(context, &res->val[idx], &ignore_addresses)) {
+ krb5_free_address(context, &res->val[idx]);
+ flags &= ~LOOP_IF_NONE; /* we actually found an address,
+ so don't add any loop-back
+ addresses */
+ continue;
+ }
+
+ idx++;
+ }
+
+ /*
+ * If no addresses were found, and LOOP_IF_NONE is set, then find
+ * the loopback addresses and add them to our list.
+ */
+ if ((flags & LOOP_IF_NONE) != 0 && idx == 0) {
+ for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
+ if ((ifa->ifa_flags & IFF_UP) == 0)
+ continue;
+ if (ifa->ifa_addr == NULL)
+ continue;
+ if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
+ continue;
+ if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
+ continue;
+
+ if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
+ ret = krb5_sockaddr2address(context,
+ ifa->ifa_addr, &res->val[idx]);
+ if (ret) {
+ /*
+ * See comment above.
+ */
+ continue;
+ }
+ if((flags & EXTRA_ADDRESSES) &&
+ krb5_address_search(context, &res->val[idx],
+ &ignore_addresses)) {
+ krb5_free_address(context, &res->val[idx]);
+ continue;
+ }
+ idx++;
+ }
+ }
+ }
+
+ if (flags & EXTRA_ADDRESSES)
+ krb5_free_addresses(context, &ignore_addresses);
+ freeifaddrs(ifa0);
+ if (ret)
+ free(res->val);
+ else
+ res->len = idx; /* Now a count. */
+ return (ret);
+}
+
+static krb5_error_code
+get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
+{
+ krb5_error_code ret = -1;
+
+ if (flags & SCAN_INTERFACES) {
+ ret = find_all_addresses (context, res, flags);
+ if(ret || res->len == 0)
+ ret = gethostname_fallback (context, res);
+ } else {
+ res->len = 0;
+ res->val = NULL;
+ ret = 0;
+ }
+
+ if(ret == 0 && (flags & EXTRA_ADDRESSES)) {
+ krb5_addresses a;
+ /* append user specified addresses */
+ ret = krb5_get_extra_addresses(context, &a);
+ if(ret) {
+ krb5_free_addresses(context, res);
+ return ret;
+ }
+ ret = krb5_append_addresses(context, res, &a);
+ if(ret) {
+ krb5_free_addresses(context, res);
+ return ret;
+ }
+ krb5_free_addresses(context, &a);
+ }
+ if(res->len == 0) {
+ free(res->val);
+ res->val = NULL;
+ }
+ return ret;
+}
+
+/*
+ * Try to get all addresses, but return the one corresponding to
+ * `hostname' if we fail.
+ *
+ * Only include loopback address if there are no other.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res)
+{
+ int flags = LOOP_IF_NONE | EXTRA_ADDRESSES;
+
+ if (context->scan_interfaces)
+ flags |= SCAN_INTERFACES;
+
+ return get_addrs_int (context, res, flags);
+}
+
+/*
+ * Try to get all local addresses that a server should listen to.
+ * If that fails, we return the address corresponding to `hostname'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res)
+{
+ return get_addrs_int (context, res, LOOP | SCAN_INTERFACES);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1277 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: get_cred.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Take the `body' and encode it into `padata' using the credentials
+ * in `creds'.
+ */
+
+static krb5_error_code
+make_pa_tgs_req(krb5_context context,
+ krb5_auth_context ac,
+ KDC_REQ_BODY *body,
+ PA_DATA *padata,
+ krb5_creds *creds,
+ krb5_key_usage usage)
+{
+ u_char *buf;
+ size_t buf_size;
+ size_t len;
+ krb5_data in_data;
+ krb5_error_code ret;
+
+ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
+ if (ret)
+ goto out;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ in_data.length = len;
+ in_data.data = buf;
+ ret = _krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
+ &padata->padata_value,
+ KRB5_KU_TGS_REQ_AUTH_CKSUM,
+ usage
+ /* KRB5_KU_TGS_REQ_AUTH */);
+ out:
+ free (buf);
+ if(ret)
+ return ret;
+ padata->padata_type = KRB5_PADATA_TGS_REQ;
+ return 0;
+}
+
+/*
+ * Set the `enc-authorization-data' in `req_body' based on `authdata'
+ */
+
+static krb5_error_code
+set_auth_data (krb5_context context,
+ KDC_REQ_BODY *req_body,
+ krb5_authdata *authdata,
+ krb5_keyblock *key)
+{
+ if(authdata->len) {
+ size_t len, buf_size;
+ unsigned char *buf;
+ krb5_crypto crypto;
+ krb5_error_code ret;
+
+ ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata,
+ &len, ret);
+ if (ret)
+ return ret;
+ if (buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ALLOC(req_body->enc_authorization_data, 1);
+ if (req_body->enc_authorization_data == NULL) {
+ free (buf);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free (buf);
+ free (req_body->enc_authorization_data);
+ req_body->enc_authorization_data = NULL;
+ return ret;
+ }
+ krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY,
+ /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */
+ buf,
+ len,
+ 0,
+ req_body->enc_authorization_data);
+ free (buf);
+ krb5_crypto_destroy(context, crypto);
+ } else {
+ req_body->enc_authorization_data = NULL;
+ }
+ return 0;
+}
+
+/*
+ * Create a tgs-req in `t' with `addresses', `flags', `second_ticket'
+ * (if not-NULL), `in_creds', `krbtgt', and returning the generated
+ * subkey in `subkey'.
+ */
+
+static krb5_error_code
+init_tgs_req (krb5_context context,
+ krb5_ccache ccache,
+ krb5_addresses *addresses,
+ krb5_kdc_flags flags,
+ Ticket *second_ticket,
+ krb5_creds *in_creds,
+ krb5_creds *krbtgt,
+ unsigned nonce,
+ const METHOD_DATA *padata,
+ krb5_keyblock **subkey,
+ TGS_REQ *t,
+ krb5_key_usage usage)
+{
+ krb5_error_code ret = 0;
+
+ memset(t, 0, sizeof(*t));
+ t->pvno = 5;
+ t->msg_type = krb_tgs_req;
+ if (in_creds->session.keytype) {
+ ALLOC_SEQ(&t->req_body.etype, 1);
+ if(t->req_body.etype.val == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ t->req_body.etype.val[0] = in_creds->session.keytype;
+ } else {
+ ret = krb5_init_etype(context,
+ &t->req_body.etype.len,
+ &t->req_body.etype.val,
+ NULL);
+ }
+ if (ret)
+ goto fail;
+ t->req_body.addresses = addresses;
+ t->req_body.kdc_options = flags.b;
+ ret = copy_Realm(&in_creds->server->realm, &t->req_body.realm);
+ if (ret)
+ goto fail;
+ ALLOC(t->req_body.sname, 1);
+ if (t->req_body.sname == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+
+ /* some versions of some code might require that the client be
+ present in TGS-REQs, but this is clearly against the spec */
+
+ ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname);
+ if (ret)
+ goto fail;
+
+ /* req_body.till should be NULL if there is no endtime specified,
+ but old MIT code (like DCE secd) doesn't like that */
+ ALLOC(t->req_body.till, 1);
+ if(t->req_body.till == NULL){
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ *t->req_body.till = in_creds->times.endtime;
+
+ t->req_body.nonce = nonce;
+ if(second_ticket){
+ ALLOC(t->req_body.additional_tickets, 1);
+ if (t->req_body.additional_tickets == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ ALLOC_SEQ(t->req_body.additional_tickets, 1);
+ if (t->req_body.additional_tickets->val == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val);
+ if (ret)
+ goto fail;
+ }
+ ALLOC(t->padata, 1);
+ if (t->padata == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ ALLOC_SEQ(t->padata, 1 + padata->len);
+ if (t->padata->val == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ {
+ int i;
+ for (i = 0; i < padata->len; i++) {
+ ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]);
+ if (ret) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ }
+ }
+
+ {
+ krb5_auth_context ac;
+ krb5_keyblock *key = NULL;
+
+ ret = krb5_auth_con_init(context, &ac);
+ if(ret)
+ goto fail;
+
+ if (krb5_config_get_bool_default(context, NULL, FALSE,
+ "realms",
+ krbtgt->server->realm,
+ "tgs_require_subkey",
+ NULL))
+ {
+ ret = krb5_generate_subkey (context, &krbtgt->session, &key);
+ if (ret) {
+ krb5_auth_con_free (context, ac);
+ goto fail;
+ }
+
+ ret = krb5_auth_con_setlocalsubkey(context, ac, key);
+ if (ret) {
+ if (key)
+ krb5_free_keyblock (context, key);
+ krb5_auth_con_free (context, ac);
+ goto fail;
+ }
+ }
+
+ ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
+ key ? key : &krbtgt->session);
+ if (ret) {
+ if (key)
+ krb5_free_keyblock (context, key);
+ krb5_auth_con_free (context, ac);
+ goto fail;
+ }
+
+ ret = make_pa_tgs_req(context,
+ ac,
+ &t->req_body,
+ &t->padata->val[0],
+ krbtgt,
+ usage);
+ if(ret) {
+ if (key)
+ krb5_free_keyblock (context, key);
+ krb5_auth_con_free(context, ac);
+ goto fail;
+ }
+ *subkey = key;
+
+ krb5_auth_con_free(context, ac);
+ }
+fail:
+ if (ret) {
+ t->req_body.addresses = NULL;
+ free_TGS_REQ (t);
+ }
+ return ret;
+}
+
+krb5_error_code
+_krb5_get_krbtgt(krb5_context context,
+ krb5_ccache id,
+ krb5_realm realm,
+ krb5_creds **cred)
+{
+ krb5_error_code ret;
+ krb5_creds tmp_cred;
+
+ memset(&tmp_cred, 0, sizeof(tmp_cred));
+
+ ret = krb5_cc_get_principal(context, id, &tmp_cred.client);
+ if (ret)
+ return ret;
+
+ ret = krb5_make_principal(context,
+ &tmp_cred.server,
+ realm,
+ KRB5_TGS_NAME,
+ realm,
+ NULL);
+ if(ret) {
+ krb5_free_principal(context, tmp_cred.client);
+ return ret;
+ }
+ ret = krb5_get_credentials(context,
+ KRB5_GC_CACHED,
+ id,
+ &tmp_cred,
+ cred);
+ krb5_free_principal(context, tmp_cred.client);
+ krb5_free_principal(context, tmp_cred.server);
+ if(ret)
+ return ret;
+ return 0;
+}
+
+/* DCE compatible decrypt proc */
+static krb5_error_code
+decrypt_tkt_with_subkey (krb5_context context,
+ krb5_keyblock *key,
+ krb5_key_usage usage,
+ krb5_const_pointer subkey,
+ krb5_kdc_rep *dec_rep)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ size_t size;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ usage,
+ &dec_rep->kdc_rep.enc_part,
+ &data);
+ krb5_crypto_destroy(context, crypto);
+ if(ret && subkey){
+ /* DCE compat -- try to decrypt with subkey */
+ ret = krb5_crypto_init(context, subkey, 0, &crypto);
+ if (ret)
+ return ret;
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
+ &dec_rep->kdc_rep.enc_part,
+ &data);
+ krb5_crypto_destroy(context, crypto);
+ }
+ if (ret)
+ return ret;
+
+ ret = krb5_decode_EncASRepPart(context,
+ data.data,
+ data.length,
+ &dec_rep->enc_part,
+ &size);
+ if (ret)
+ ret = krb5_decode_EncTGSRepPart(context,
+ data.data,
+ data.length,
+ &dec_rep->enc_part,
+ &size);
+ krb5_data_free (&data);
+ return ret;
+}
+
+static krb5_error_code
+get_cred_kdc_usage(krb5_context context,
+ krb5_ccache id,
+ krb5_kdc_flags flags,
+ krb5_addresses *addresses,
+ krb5_creds *in_creds,
+ krb5_creds *krbtgt,
+ krb5_principal impersonate_principal,
+ Ticket *second_ticket,
+ krb5_creds *out_creds,
+ krb5_key_usage usage)
+{
+ TGS_REQ req;
+ krb5_data enc;
+ krb5_data resp;
+ krb5_kdc_rep rep;
+ KRB_ERROR error;
+ krb5_error_code ret;
+ unsigned nonce;
+ krb5_keyblock *subkey = NULL;
+ size_t len;
+ Ticket second_ticket_data;
+ METHOD_DATA padata;
+
+ krb5_data_zero(&resp);
+ krb5_data_zero(&enc);
+ padata.val = NULL;
+ padata.len = 0;
+
+ krb5_generate_random_block(&nonce, sizeof(nonce));
+ nonce &= 0xffffffff;
+
+ if(flags.b.enc_tkt_in_skey && second_ticket == NULL){
+ ret = decode_Ticket(in_creds->second_ticket.data,
+ in_creds->second_ticket.length,
+ &second_ticket_data, &len);
+ if(ret)
+ return ret;
+ second_ticket = &second_ticket_data;
+ }
+
+
+ if (impersonate_principal) {
+ krb5_crypto crypto;
+ PA_S4U2Self self;
+ krb5_data data;
+ void *buf;
+ size_t size;
+
+ self.name = impersonate_principal->name;
+ self.realm = impersonate_principal->realm;
+ self.auth = estrdup("Kerberos");
+
+ ret = _krb5_s4u2self_to_checksumdata(context, &self, &data);
+ if (ret) {
+ free(self.auth);
+ goto out;
+ }
+
+ ret = krb5_crypto_init(context, &krbtgt->session, 0, &crypto);
+ if (ret) {
+ free(self.auth);
+ krb5_data_free(&data);
+ goto out;
+ }
+
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_OTHER_CKSUM,
+ 0,
+ data.data,
+ data.length,
+ &self.cksum);
+ krb5_crypto_destroy(context, crypto);
+ krb5_data_free(&data);
+ if (ret) {
+ free(self.auth);
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(PA_S4U2Self, buf, len, &self, &size, ret);
+ free(self.auth);
+ free_Checksum(&self.cksum);
+ if (ret)
+ goto out;
+ if (len != size)
+ krb5_abortx(context, "internal asn1 error");
+
+ ret = krb5_padata_add(context, &padata, KRB5_PADATA_S4U2SELF, buf, len);
+ if (ret)
+ goto out;
+ }
+
+ ret = init_tgs_req (context,
+ id,
+ addresses,
+ flags,
+ second_ticket,
+ in_creds,
+ krbtgt,
+ nonce,
+ &padata,
+ &subkey,
+ &req,
+ usage);
+ if (ret)
+ goto out;
+
+ ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret);
+ if (ret)
+ goto out;
+ if(enc.length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ /* don't free addresses */
+ req.req_body.addresses = NULL;
+ free_TGS_REQ(&req);
+
+ /*
+ * Send and receive
+ */
+ {
+ krb5_sendto_ctx stctx;
+ ret = krb5_sendto_ctx_alloc(context, &stctx);
+ if (ret)
+ return ret;
+ krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL);
+
+ ret = krb5_sendto_context (context, stctx, &enc,
+ krbtgt->server->name.name_string.val[1],
+ &resp);
+ krb5_sendto_ctx_free(context, stctx);
+ }
+ if(ret)
+ goto out;
+
+ memset(&rep, 0, sizeof(rep));
+ if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){
+ ret = krb5_copy_principal(context,
+ in_creds->client,
+ &out_creds->client);
+ if(ret)
+ goto out;
+ ret = krb5_copy_principal(context,
+ in_creds->server,
+ &out_creds->server);
+ if(ret)
+ goto out;
+ /* this should go someplace else */
+ out_creds->times.endtime = in_creds->times.endtime;
+
+ ret = _krb5_extract_ticket(context,
+ &rep,
+ out_creds,
+ &krbtgt->session,
+ NULL,
+ KRB5_KU_TGS_REP_ENC_PART_SESSION,
+ &krbtgt->addresses,
+ nonce,
+ EXTRACT_TICKET_ALLOW_CNAME_MISMATCH|
+ EXTRACT_TICKET_ALLOW_SERVER_MISMATCH,
+ decrypt_tkt_with_subkey,
+ subkey);
+ krb5_free_kdc_rep(context, &rep);
+ } else if(krb5_rd_error(context, &resp, &error) == 0) {
+ ret = krb5_error_from_rd_error(context, &error, in_creds);
+ krb5_free_error_contents(context, &error);
+ } else if(resp.data && ((char*)resp.data)[0] == 4) {
+ ret = KRB5KRB_AP_ERR_V4_REPLY;
+ krb5_clear_error_string(context);
+ } else {
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ krb5_clear_error_string(context);
+ }
+
+out:
+ if (second_ticket == &second_ticket_data)
+ free_Ticket(&second_ticket_data);
+ free_METHOD_DATA(&padata);
+ krb5_data_free(&resp);
+ krb5_data_free(&enc);
+ if(subkey){
+ krb5_free_keyblock_contents(context, subkey);
+ free(subkey);
+ }
+ return ret;
+
+}
+
+static krb5_error_code
+get_cred_kdc(krb5_context context,
+ krb5_ccache id,
+ krb5_kdc_flags flags,
+ krb5_addresses *addresses,
+ krb5_creds *in_creds,
+ krb5_creds *krbtgt,
+ krb5_principal impersonate_principal,
+ Ticket *second_ticket,
+ krb5_creds *out_creds)
+{
+ krb5_error_code ret;
+
+ ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
+ krbtgt, impersonate_principal, second_ticket,
+ out_creds, KRB5_KU_TGS_REQ_AUTH);
+ if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ krb5_clear_error_string (context);
+ ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds,
+ krbtgt, impersonate_principal, second_ticket,
+ out_creds, KRB5_KU_AP_REQ_AUTH);
+ }
+ return ret;
+}
+
+/* same as above, just get local addresses first */
+
+static krb5_error_code
+get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags,
+ krb5_creds *in_creds, krb5_creds *krbtgt,
+ krb5_principal impersonate_principal, Ticket *second_ticket,
+ krb5_creds *out_creds)
+{
+ krb5_error_code ret;
+ krb5_addresses addresses, *addrs = &addresses;
+
+ krb5_get_all_client_addrs(context, &addresses);
+ /* XXX this sucks. */
+ if(addresses.len == 0)
+ addrs = NULL;
+ ret = get_cred_kdc(context, id, flags, addrs,
+ in_creds, krbtgt, impersonate_principal, second_ticket,
+ out_creds);
+ krb5_free_addresses(context, &addresses);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_kdc_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_kdc_flags flags,
+ krb5_addresses *addresses,
+ Ticket *second_ticket,
+ krb5_creds *in_creds,
+ krb5_creds **out_creds
+ )
+{
+ krb5_error_code ret;
+ krb5_creds *krbtgt;
+
+ *out_creds = calloc(1, sizeof(**out_creds));
+ if(*out_creds == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = _krb5_get_krbtgt (context,
+ id,
+ in_creds->server->realm,
+ &krbtgt);
+ if(ret) {
+ free(*out_creds);
+ return ret;
+ }
+ ret = get_cred_kdc(context, id, flags, addresses,
+ in_creds, krbtgt, NULL, NULL, *out_creds);
+ krb5_free_creds (context, krbtgt);
+ if(ret)
+ free(*out_creds);
+ return ret;
+}
+
+static void
+not_found(krb5_context context, krb5_const_principal p)
+{
+ krb5_error_code ret;
+ char *str;
+
+ ret = krb5_unparse_name(context, p, &str);
+ if(ret) {
+ krb5_clear_error_string(context);
+ return;
+ }
+ krb5_set_error_string(context, "Matching credential (%s) not found", str);
+ free(str);
+}
+
+static krb5_error_code
+find_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_principal server,
+ krb5_creds **tgts,
+ krb5_creds *out_creds)
+{
+ krb5_error_code ret;
+ krb5_creds mcreds;
+
+ krb5_cc_clear_mcred(&mcreds);
+ mcreds.server = server;
+ ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM,
+ &mcreds, out_creds);
+ if(ret == 0)
+ return 0;
+ while(tgts && *tgts){
+ if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM,
+ &mcreds, *tgts)){
+ ret = krb5_copy_creds_contents(context, *tgts, out_creds);
+ return ret;
+ }
+ tgts++;
+ }
+ not_found(context, server);
+ return KRB5_CC_NOTFOUND;
+}
+
+static krb5_error_code
+add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt)
+{
+ int i;
+ krb5_error_code ret;
+ krb5_creds **tmp = *tgts;
+
+ for(i = 0; tmp && tmp[i]; i++); /* XXX */
+ tmp = realloc(tmp, (i+2)*sizeof(*tmp));
+ if(tmp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *tgts = tmp;
+ ret = krb5_copy_creds(context, tkt, &tmp[i]);
+ tmp[i+1] = NULL;
+ return ret;
+}
+
+/*
+get_cred(server)
+ creds = cc_get_cred(server)
+ if(creds) return creds
+ tgt = cc_get_cred(krbtgt/server_realm at any_realm)
+ if(tgt)
+ return get_cred_tgt(server, tgt)
+ if(client_realm == server_realm)
+ return NULL
+ tgt = get_cred(krbtgt/server_realm at client_realm)
+ while(tgt_inst != server_realm)
+ tgt = get_cred(krbtgt/server_realm at tgt_inst)
+ return get_cred_tgt(server, tgt)
+ */
+
+static krb5_error_code
+get_cred_from_kdc_flags(krb5_context context,
+ krb5_kdc_flags flags,
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_principal impersonate_principal,
+ Ticket *second_ticket,
+ krb5_creds **out_creds,
+ krb5_creds ***ret_tgts)
+{
+ krb5_error_code ret;
+ krb5_creds *tgt, tmp_creds;
+ krb5_const_realm client_realm, server_realm, try_realm;
+
+ *out_creds = NULL;
+
+ client_realm = krb5_principal_get_realm(context, in_creds->client);
+ server_realm = krb5_principal_get_realm(context, in_creds->server);
+ memset(&tmp_creds, 0, sizeof(tmp_creds));
+ ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
+ if(ret)
+ return ret;
+
+ try_realm = krb5_config_get_string(context, NULL, "capaths",
+ client_realm, server_realm, NULL);
+
+#if 1
+ /* XXX remove in future release */
+ if(try_realm == NULL)
+ try_realm = krb5_config_get_string(context, NULL, "libdefaults",
+ "capath", server_realm, NULL);
+#endif
+
+ if (try_realm == NULL)
+ try_realm = client_realm;
+
+ ret = krb5_make_principal(context,
+ &tmp_creds.server,
+ try_realm,
+ KRB5_TGS_NAME,
+ server_realm,
+ NULL);
+ if(ret){
+ krb5_free_principal(context, tmp_creds.client);
+ return ret;
+ }
+ {
+ krb5_creds tgts;
+ /* XXX try krb5_cc_retrieve_cred first? */
+ ret = find_cred(context, ccache, tmp_creds.server,
+ *ret_tgts, &tgts);
+ if(ret == 0){
+ *out_creds = calloc(1, sizeof(**out_creds));
+ if(*out_creds == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ } else {
+ krb5_boolean noaddr;
+
+ krb5_appdefault_boolean(context, NULL, tgts.server->realm,
+ "no-addresses", FALSE, &noaddr);
+
+ if (noaddr)
+ ret = get_cred_kdc(context, ccache, flags, NULL,
+ in_creds, &tgts,
+ impersonate_principal,
+ second_ticket,
+ *out_creds);
+ else
+ ret = get_cred_kdc_la(context, ccache, flags,
+ in_creds, &tgts,
+ impersonate_principal,
+ second_ticket,
+ *out_creds);
+ if (ret) {
+ free (*out_creds);
+ *out_creds = NULL;
+ }
+ }
+ krb5_free_cred_contents(context, &tgts);
+ krb5_free_principal(context, tmp_creds.server);
+ krb5_free_principal(context, tmp_creds.client);
+ return ret;
+ }
+ }
+ if(krb5_realm_compare(context, in_creds->client, in_creds->server)) {
+ not_found(context, in_creds->server);
+ return KRB5_CC_NOTFOUND;
+ }
+ /* XXX this can loop forever */
+ while(1){
+ heim_general_string tgt_inst;
+
+ ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds,
+ NULL, NULL, &tgt, ret_tgts);
+ if(ret) {
+ krb5_free_principal(context, tmp_creds.server);
+ krb5_free_principal(context, tmp_creds.client);
+ return ret;
+ }
+ ret = add_cred(context, ret_tgts, tgt);
+ if(ret) {
+ krb5_free_principal(context, tmp_creds.server);
+ krb5_free_principal(context, tmp_creds.client);
+ return ret;
+ }
+ tgt_inst = tgt->server->name.name_string.val[1];
+ if(strcmp(tgt_inst, server_realm) == 0)
+ break;
+ krb5_free_principal(context, tmp_creds.server);
+ ret = krb5_make_principal(context, &tmp_creds.server,
+ tgt_inst, KRB5_TGS_NAME, server_realm, NULL);
+ if(ret) {
+ krb5_free_principal(context, tmp_creds.server);
+ krb5_free_principal(context, tmp_creds.client);
+ return ret;
+ }
+ ret = krb5_free_creds(context, tgt);
+ if(ret) {
+ krb5_free_principal(context, tmp_creds.server);
+ krb5_free_principal(context, tmp_creds.client);
+ return ret;
+ }
+ }
+
+ krb5_free_principal(context, tmp_creds.server);
+ krb5_free_principal(context, tmp_creds.client);
+ *out_creds = calloc(1, sizeof(**out_creds));
+ if(*out_creds == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ } else {
+ krb5_boolean noaddr;
+
+ krb5_appdefault_boolean(context, NULL, tgt->server->realm,
+ "no-addresses", KRB5_ADDRESSLESS_DEFAULT,
+ &noaddr);
+ if (noaddr)
+ ret = get_cred_kdc (context, ccache, flags, NULL,
+ in_creds, tgt, NULL, NULL,
+ *out_creds);
+ else
+ ret = get_cred_kdc_la(context, ccache, flags,
+ in_creds, tgt, NULL, NULL,
+ *out_creds);
+ if (ret) {
+ free (*out_creds);
+ *out_creds = NULL;
+ }
+ }
+ krb5_free_creds(context, tgt);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_cred_from_kdc_opt(krb5_context context,
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_creds **out_creds,
+ krb5_creds ***ret_tgts,
+ krb5_flags flags)
+{
+ krb5_kdc_flags f;
+ f.i = flags;
+ return get_cred_from_kdc_flags(context, f, ccache,
+ in_creds, NULL, NULL,
+ out_creds, ret_tgts);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_cred_from_kdc(krb5_context context,
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_creds **out_creds,
+ krb5_creds ***ret_tgts)
+{
+ return krb5_get_cred_from_kdc_opt(context, ccache,
+ in_creds, out_creds, ret_tgts, 0);
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_credentials_with_flags(krb5_context context,
+ krb5_flags options,
+ krb5_kdc_flags flags,
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_creds **out_creds)
+{
+ krb5_error_code ret;
+ krb5_creds **tgts;
+ krb5_creds *res_creds;
+ int i;
+
+ *out_creds = NULL;
+ res_creds = calloc(1, sizeof(*res_creds));
+ if (res_creds == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ if (in_creds->session.keytype)
+ options |= KRB5_TC_MATCH_KEYTYPE;
+
+ /*
+ * If we got a credential, check if credential is expired before
+ * returning it.
+ */
+ ret = krb5_cc_retrieve_cred(context,
+ ccache,
+ in_creds->session.keytype ?
+ KRB5_TC_MATCH_KEYTYPE : 0,
+ in_creds, res_creds);
+ /*
+ * If we got a credential, check if credential is expired before
+ * returning it, but only if KRB5_GC_EXPIRED_OK is not set.
+ */
+ if (ret == 0) {
+ krb5_timestamp timeret;
+
+ /* If expired ok, don't bother checking */
+ if(options & KRB5_GC_EXPIRED_OK) {
+ *out_creds = res_creds;
+ return 0;
+ }
+
+ krb5_timeofday(context, &timeret);
+ if(res_creds->times.endtime > timeret) {
+ *out_creds = res_creds;
+ return 0;
+ }
+ if(options & KRB5_GC_CACHED)
+ krb5_cc_remove_cred(context, ccache, 0, res_creds);
+
+ } else if(ret != KRB5_CC_END) {
+ free(res_creds);
+ return ret;
+ }
+ free(res_creds);
+ if(options & KRB5_GC_CACHED) {
+ not_found(context, in_creds->server);
+ return KRB5_CC_NOTFOUND;
+ }
+ if(options & KRB5_GC_USER_USER)
+ flags.b.enc_tkt_in_skey = 1;
+ if (flags.b.enc_tkt_in_skey)
+ options |= KRB5_GC_NO_STORE;
+
+ tgts = NULL;
+ ret = get_cred_from_kdc_flags(context, flags, ccache,
+ in_creds, NULL, NULL, out_creds, &tgts);
+ for(i = 0; tgts && tgts[i]; i++) {
+ krb5_cc_store_cred(context, ccache, tgts[i]);
+ krb5_free_creds(context, tgts[i]);
+ }
+ free(tgts);
+ if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
+ krb5_cc_store_cred(context, ccache, *out_creds);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_credentials(krb5_context context,
+ krb5_flags options,
+ krb5_ccache ccache,
+ krb5_creds *in_creds,
+ krb5_creds **out_creds)
+{
+ krb5_kdc_flags flags;
+ flags.i = 0;
+ return krb5_get_credentials_with_flags(context, options, flags,
+ ccache, in_creds, out_creds);
+}
+
+struct krb5_get_creds_opt_data {
+ krb5_principal self;
+ krb5_flags options;
+ krb5_enctype enctype;
+ Ticket *ticket;
+};
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt)
+{
+ *opt = calloc(1, sizeof(**opt));
+ if (*opt == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt)
+{
+ if (opt->self)
+ krb5_free_principal(context, opt->self);
+ memset(opt, 0, sizeof(*opt));
+ free(opt);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_options(krb5_context context,
+ krb5_get_creds_opt opt,
+ krb5_flags options)
+{
+ opt->options = options;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_add_options(krb5_context context,
+ krb5_get_creds_opt opt,
+ krb5_flags options)
+{
+ opt->options |= options;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_enctype(krb5_context context,
+ krb5_get_creds_opt opt,
+ krb5_enctype enctype)
+{
+ opt->enctype = enctype;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_impersonate(krb5_context context,
+ krb5_get_creds_opt opt,
+ krb5_const_principal self)
+{
+ if (opt->self)
+ krb5_free_principal(context, opt->self);
+ return krb5_copy_principal(context, self, &opt->self);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_ticket(krb5_context context,
+ krb5_get_creds_opt opt,
+ const Ticket *ticket)
+{
+ if (opt->ticket) {
+ free_Ticket(opt->ticket);
+ free(opt->ticket);
+ opt->ticket = NULL;
+ }
+ if (ticket) {
+ krb5_error_code ret;
+
+ opt->ticket = malloc(sizeof(*ticket));
+ if (opt->ticket == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = copy_Ticket(ticket, opt->ticket);
+ if (ret) {
+ free(opt->ticket);
+ opt->ticket = NULL;
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ret;
+ }
+ }
+ return 0;
+}
+
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds(krb5_context context,
+ krb5_get_creds_opt opt,
+ krb5_ccache ccache,
+ krb5_const_principal inprinc,
+ krb5_creds **out_creds)
+{
+ krb5_kdc_flags flags;
+ krb5_flags options;
+ krb5_creds in_creds;
+ krb5_error_code ret;
+ krb5_creds **tgts;
+ krb5_creds *res_creds;
+ int i;
+
+ memset(&in_creds, 0, sizeof(in_creds));
+ in_creds.server = rk_UNCONST(inprinc);
+
+ ret = krb5_cc_get_principal(context, ccache, &in_creds.client);
+ if (ret)
+ return ret;
+
+ options = opt->options;
+ flags.i = 0;
+
+ *out_creds = NULL;
+ res_creds = calloc(1, sizeof(*res_creds));
+ if (res_creds == NULL) {
+ krb5_free_principal(context, in_creds.client);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ if (opt->enctype) {
+ in_creds.session.keytype = opt->enctype;
+ options |= KRB5_TC_MATCH_KEYTYPE;
+ }
+
+ /*
+ * If we got a credential, check if credential is expired before
+ * returning it.
+ */
+ ret = krb5_cc_retrieve_cred(context,
+ ccache,
+ opt->enctype ? KRB5_TC_MATCH_KEYTYPE : 0,
+ &in_creds, res_creds);
+ /*
+ * If we got a credential, check if credential is expired before
+ * returning it, but only if KRB5_GC_EXPIRED_OK is not set.
+ */
+ if (ret == 0) {
+ krb5_timestamp timeret;
+
+ /* If expired ok, don't bother checking */
+ if(options & KRB5_GC_EXPIRED_OK) {
+ *out_creds = res_creds;
+ krb5_free_principal(context, in_creds.client);
+ return 0;
+ }
+
+ krb5_timeofday(context, &timeret);
+ if(res_creds->times.endtime > timeret) {
+ *out_creds = res_creds;
+ krb5_free_principal(context, in_creds.client);
+ return 0;
+ }
+ if(options & KRB5_GC_CACHED)
+ krb5_cc_remove_cred(context, ccache, 0, res_creds);
+
+ } else if(ret != KRB5_CC_END) {
+ free(res_creds);
+ krb5_free_principal(context, in_creds.client);
+ return ret;
+ }
+ free(res_creds);
+ if(options & KRB5_GC_CACHED) {
+ not_found(context, in_creds.server);
+ krb5_free_principal(context, in_creds.client);
+ return KRB5_CC_NOTFOUND;
+ }
+ if(options & KRB5_GC_USER_USER) {
+ flags.b.enc_tkt_in_skey = 1;
+ options |= KRB5_GC_NO_STORE;
+ }
+ if (options & KRB5_GC_FORWARDABLE)
+ flags.b.forwardable = 1;
+ if (options & KRB5_GC_NO_TRANSIT_CHECK)
+ flags.b.disable_transited_check = 1;
+ if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
+ flags.b.request_anonymous = 1; /* XXX ARGH confusion */
+ flags.b.constrained_delegation = 1;
+ }
+
+ tgts = NULL;
+ ret = get_cred_from_kdc_flags(context, flags, ccache,
+ &in_creds, opt->self, opt->ticket,
+ out_creds, &tgts);
+ krb5_free_principal(context, in_creds.client);
+ for(i = 0; tgts && tgts[i]; i++) {
+ krb5_cc_store_cred(context, ccache, tgts[i]);
+ krb5_free_creds(context, tgts[i]);
+ }
+ free(tgts);
+ if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0)
+ krb5_cc_store_cred(context, ccache, *out_creds);
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_renewed_creds(krb5_context context,
+ krb5_creds *creds,
+ krb5_const_principal client,
+ krb5_ccache ccache,
+ const char *in_tkt_service)
+{
+ krb5_error_code ret;
+ krb5_kdc_flags flags;
+ krb5_creds in, *template, *out = NULL;
+
+ memset(&in, 0, sizeof(in));
+ memset(creds, 0, sizeof(*creds));
+
+ ret = krb5_copy_principal(context, client, &in.client);
+ if (ret)
+ return ret;
+
+ if (in_tkt_service) {
+ ret = krb5_parse_name(context, in_tkt_service, &in.server);
+ if (ret) {
+ krb5_free_principal(context, in.client);
+ return ret;
+ }
+ } else {
+ const char *realm = krb5_principal_get_realm(context, client);
+
+ ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME,
+ realm, NULL);
+ if (ret) {
+ krb5_free_principal(context, in.client);
+ return ret;
+ }
+ }
+
+ flags.i = 0;
+ flags.b.renewable = flags.b.renew = 1;
+
+ /*
+ * Get template from old credential cache for the same entry, if
+ * this failes, no worries.
+ */
+ ret = krb5_get_credentials(context, KRB5_GC_CACHED, ccache, &in, &template);
+ if (ret == 0) {
+ flags.b.forwardable = template->flags.b.forwardable;
+ flags.b.proxiable = template->flags.b.proxiable;
+ krb5_free_creds (context, template);
+ }
+
+ ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out);
+ krb5_free_principal(context, in.client);
+ krb5_free_principal(context, in.server);
+ if (ret)
+ return ret;
+
+ ret = krb5_copy_creds_contents(context, out, creds);
+ krb5_free_creds(context, out);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_default_principal.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_default_principal.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_default_principal.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_default_principal.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Try to find out what's a reasonable default principal.
+ */
+
+static const char*
+get_env_user(void)
+{
+ const char *user = getenv("USER");
+ if(user == NULL)
+ user = getenv("LOGNAME");
+ if(user == NULL)
+ user = getenv("USERNAME");
+ return user;
+}
+
+/*
+ * Will only use operating-system dependant operation to get the
+ * default principal, for use of functions that in ccache layer to
+ * avoid recursive calls.
+ */
+
+krb5_error_code
+_krb5_get_default_principal_local (krb5_context context,
+ krb5_principal *princ)
+{
+ krb5_error_code ret;
+ const char *user;
+ uid_t uid;
+
+ *princ = NULL;
+
+ uid = getuid();
+ if(uid == 0) {
+ user = getlogin();
+ if(user == NULL)
+ user = get_env_user();
+ if(user != NULL && strcmp(user, "root") != 0)
+ ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
+ else
+ ret = krb5_make_principal(context, princ, NULL, "root", NULL);
+ } else {
+ struct passwd *pw = getpwuid(uid);
+ if(pw != NULL)
+ user = pw->pw_name;
+ else {
+ user = get_env_user();
+ if(user == NULL)
+ user = getlogin();
+ }
+ if(user == NULL) {
+ krb5_set_error_string(context,
+ "unable to figure out current principal");
+ return ENOTTY; /* XXX */
+ }
+ ret = krb5_make_principal(context, princ, NULL, user, NULL);
+ }
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_principal (krb5_context context,
+ krb5_principal *princ)
+{
+ krb5_error_code ret;
+ krb5_ccache id;
+
+ *princ = NULL;
+
+ ret = krb5_cc_default (context, &id);
+ if (ret == 0) {
+ ret = krb5_cc_get_principal (context, id, princ);
+ krb5_cc_close (context, id);
+ if (ret == 0)
+ return 0;
+ }
+
+ return _krb5_get_default_principal_local(context, princ);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_default_realm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_default_realm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_default_realm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_default_realm.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Return a NULL-terminated list of default realms in `realms'.
+ * Free this memory with krb5_free_host_realm.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_realms (krb5_context context,
+ krb5_realm **realms)
+{
+ if (context->default_realms == NULL) {
+ krb5_error_code ret = krb5_set_default_realm (context, NULL);
+ if (ret)
+ return KRB5_CONFIG_NODEFREALM;
+ }
+
+ return krb5_copy_host_realm (context,
+ context->default_realms,
+ realms);
+}
+
+/*
+ * Return the first default realm. For compatibility.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_realm(krb5_context context,
+ krb5_realm *realm)
+{
+ krb5_error_code ret;
+ char *res;
+
+ if (context->default_realms == NULL
+ || context->default_realms[0] == NULL) {
+ krb5_clear_error_string(context);
+ ret = krb5_set_default_realm (context, NULL);
+ if (ret)
+ return ret;
+ }
+
+ res = strdup (context->default_realms[0]);
+ if (res == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *realm = res;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_for_creds.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_for_creds.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_for_creds.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,460 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: get_for_creds.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static krb5_error_code
+add_addrs(krb5_context context,
+ krb5_addresses *addr,
+ struct addrinfo *ai)
+{
+ krb5_error_code ret;
+ unsigned n, i;
+ void *tmp;
+ struct addrinfo *a;
+
+ n = 0;
+ for (a = ai; a != NULL; a = a->ai_next)
+ ++n;
+
+ tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
+ if (tmp == NULL && (addr->len + n) != 0) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto fail;
+ }
+ addr->val = tmp;
+ for (i = addr->len; i < (addr->len + n); ++i) {
+ addr->val[i].addr_type = 0;
+ krb5_data_zero(&addr->val[i].address);
+ }
+ i = addr->len;
+ for (a = ai; a != NULL; a = a->ai_next) {
+ krb5_address ad;
+
+ ret = krb5_sockaddr2address (context, a->ai_addr, &ad);
+ if (ret == 0) {
+ if (krb5_address_search(context, &ad, addr))
+ krb5_free_address(context, &ad);
+ else
+ addr->val[i++] = ad;
+ }
+ else if (ret == KRB5_PROG_ATYPE_NOSUPP)
+ krb5_clear_error_string (context);
+ else
+ goto fail;
+ addr->len = i;
+ }
+ return 0;
+fail:
+ krb5_free_addresses (context, addr);
+ return ret;
+}
+
+/**
+ * Forward credentials for client to host hostname , making them
+ * forwardable if forwardable, and returning the blob of data to sent
+ * in out_data. If hostname == NULL, pick it from server.
+ *
+ * @param context A kerberos 5 context.
+ * @param auth_context the auth context with the key to encrypt the out_data.
+ * @param hostname the host to forward the tickets too.
+ * @param client the client to delegate from.
+ * @param server the server to delegate the credential too.
+ * @param ccache credential cache to use.
+ * @param forwardable make the forwarded ticket forwabledable.
+ * @param out_data the resulting credential.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_credential
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_fwd_tgt_creds (krb5_context context,
+ krb5_auth_context auth_context,
+ const char *hostname,
+ krb5_principal client,
+ krb5_principal server,
+ krb5_ccache ccache,
+ int forwardable,
+ krb5_data *out_data)
+{
+ krb5_flags flags = 0;
+ krb5_creds creds;
+ krb5_error_code ret;
+ krb5_const_realm client_realm;
+
+ flags |= KDC_OPT_FORWARDED;
+
+ if (forwardable)
+ flags |= KDC_OPT_FORWARDABLE;
+
+ if (hostname == NULL &&
+ krb5_principal_get_type(context, server) == KRB5_NT_SRV_HST) {
+ const char *inst = krb5_principal_get_comp_string(context, server, 0);
+ const char *host = krb5_principal_get_comp_string(context, server, 1);
+
+ if (inst != NULL &&
+ strcmp(inst, "host") == 0 &&
+ host != NULL &&
+ krb5_principal_get_comp_string(context, server, 2) == NULL)
+ hostname = host;
+ }
+
+ client_realm = krb5_principal_get_realm(context, client);
+
+ memset (&creds, 0, sizeof(creds));
+ creds.client = client;
+
+ ret = krb5_build_principal(context,
+ &creds.server,
+ strlen(client_realm),
+ client_realm,
+ KRB5_TGS_NAME,
+ client_realm,
+ NULL);
+ if (ret)
+ return ret;
+
+ ret = krb5_get_forwarded_creds (context,
+ auth_context,
+ ccache,
+ flags,
+ hostname,
+ &creds,
+ out_data);
+ return ret;
+}
+
+/**
+ * Gets tickets forwarded to hostname. If the tickets that are
+ * forwarded are address-less, the forwarded tickets will also be
+ * address-less.
+ *
+ * If the ticket have any address, hostname will be used for figure
+ * out the address to forward the ticket too. This since this might
+ * use DNS, its insecure and also doesn't represent configured all
+ * addresses of the host. For example, the host might have two
+ * adresses, one IPv4 and one IPv6 address where the later is not
+ * published in DNS. This IPv6 address might be used communications
+ * and thus the resulting ticket useless.
+ *
+ * @param context A kerberos 5 context.
+ * @param auth_context the auth context with the key to encrypt the out_data.
+ * @param ccache credential cache to use
+ * @param flags the flags to control the resulting ticket flags
+ * @param hostname the host to forward the tickets too.
+ * @param in_creds the in client and server ticket names. The client
+ * and server components forwarded to the remote host.
+ * @param out_data the resulting credential.
+ *
+ * @return Return an error code or 0.
+ *
+ * @ingroup krb5_credential
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_forwarded_creds (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_ccache ccache,
+ krb5_flags flags,
+ const char *hostname,
+ krb5_creds *in_creds,
+ krb5_data *out_data)
+{
+ krb5_error_code ret;
+ krb5_creds *out_creds;
+ krb5_addresses addrs, *paddrs;
+ KRB_CRED cred;
+ KrbCredInfo *krb_cred_info;
+ EncKrbCredPart enc_krb_cred_part;
+ size_t len;
+ unsigned char *buf;
+ size_t buf_size;
+ krb5_kdc_flags kdc_flags;
+ krb5_crypto crypto;
+ struct addrinfo *ai;
+ int save_errno;
+ krb5_creds *ticket;
+
+ paddrs = NULL;
+ addrs.len = 0;
+ addrs.val = NULL;
+
+ ret = krb5_get_credentials(context, 0, ccache, in_creds, &ticket);
+ if(ret == 0) {
+ if (ticket->addresses.len)
+ paddrs = &addrs;
+ krb5_free_creds (context, ticket);
+ } else {
+ krb5_boolean noaddr;
+ krb5_appdefault_boolean(context, NULL,
+ krb5_principal_get_realm(context,
+ in_creds->client),
+ "no-addresses", KRB5_ADDRESSLESS_DEFAULT,
+ &noaddr);
+ if (!noaddr)
+ paddrs = &addrs;
+ }
+
+ /*
+ * If tickets have addresses, get the address of the remote host.
+ */
+
+ if (paddrs != NULL) {
+
+ ret = getaddrinfo (hostname, NULL, NULL, &ai);
+ if (ret) {
+ save_errno = errno;
+ krb5_set_error_string(context, "resolving %s: %s",
+ hostname, gai_strerror(ret));
+ return krb5_eai_to_heim_errno(ret, save_errno);
+ }
+
+ ret = add_addrs (context, &addrs, ai);
+ freeaddrinfo (ai);
+ if (ret)
+ return ret;
+ }
+
+ kdc_flags.b = int2KDCOptions(flags);
+
+ ret = krb5_get_kdc_cred (context,
+ ccache,
+ kdc_flags,
+ paddrs,
+ NULL,
+ in_creds,
+ &out_creds);
+ krb5_free_addresses (context, &addrs);
+ if (ret)
+ return ret;
+
+ memset (&cred, 0, sizeof(cred));
+ cred.pvno = 5;
+ cred.msg_type = krb_cred;
+ ALLOC_SEQ(&cred.tickets, 1);
+ if (cred.tickets.val == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out2;
+ }
+ ret = decode_Ticket(out_creds->ticket.data,
+ out_creds->ticket.length,
+ cred.tickets.val, &len);
+ if (ret)
+ goto out3;
+
+ memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
+ ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1);
+ if (enc_krb_cred_part.ticket_info.val == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out4;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ krb5_timestamp sec;
+ int32_t usec;
+
+ krb5_us_timeofday (context, &sec, &usec);
+
+ ALLOC(enc_krb_cred_part.timestamp, 1);
+ if (enc_krb_cred_part.timestamp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out4;
+ }
+ *enc_krb_cred_part.timestamp = sec;
+ ALLOC(enc_krb_cred_part.usec, 1);
+ if (enc_krb_cred_part.usec == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out4;
+ }
+ *enc_krb_cred_part.usec = usec;
+ } else {
+ enc_krb_cred_part.timestamp = NULL;
+ enc_krb_cred_part.usec = NULL;
+ }
+
+ if (auth_context->local_address && auth_context->local_port && paddrs) {
+
+ ret = krb5_make_addrport (context,
+ &enc_krb_cred_part.s_address,
+ auth_context->local_address,
+ auth_context->local_port);
+ if (ret)
+ goto out4;
+ }
+
+ if (auth_context->remote_address) {
+ if (auth_context->remote_port) {
+ krb5_boolean noaddr;
+ krb5_const_realm srealm;
+
+ srealm = krb5_principal_get_realm(context, out_creds->server);
+ /* Is this correct, and should we use the paddrs == NULL
+ trick here as well? Having an address-less ticket may
+ indicate that we don't know our own global address, but
+ it does not necessary mean that we don't know the
+ server's. */
+ krb5_appdefault_boolean(context, NULL, srealm, "no-addresses",
+ FALSE, &noaddr);
+ if (!noaddr) {
+ ret = krb5_make_addrport (context,
+ &enc_krb_cred_part.r_address,
+ auth_context->remote_address,
+ auth_context->remote_port);
+ if (ret)
+ goto out4;
+ }
+ } else {
+ ALLOC(enc_krb_cred_part.r_address, 1);
+ if (enc_krb_cred_part.r_address == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out4;
+ }
+
+ ret = krb5_copy_address (context, auth_context->remote_address,
+ enc_krb_cred_part.r_address);
+ if (ret)
+ goto out4;
+ }
+ }
+
+ /* fill ticket_info.val[0] */
+
+ enc_krb_cred_part.ticket_info.len = 1;
+
+ krb_cred_info = enc_krb_cred_part.ticket_info.val;
+
+ copy_EncryptionKey (&out_creds->session, &krb_cred_info->key);
+ ALLOC(krb_cred_info->prealm, 1);
+ copy_Realm (&out_creds->client->realm, krb_cred_info->prealm);
+ ALLOC(krb_cred_info->pname, 1);
+ copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname);
+ ALLOC(krb_cred_info->flags, 1);
+ *krb_cred_info->flags = out_creds->flags.b;
+ ALLOC(krb_cred_info->authtime, 1);
+ *krb_cred_info->authtime = out_creds->times.authtime;
+ ALLOC(krb_cred_info->starttime, 1);
+ *krb_cred_info->starttime = out_creds->times.starttime;
+ ALLOC(krb_cred_info->endtime, 1);
+ *krb_cred_info->endtime = out_creds->times.endtime;
+ ALLOC(krb_cred_info->renew_till, 1);
+ *krb_cred_info->renew_till = out_creds->times.renew_till;
+ ALLOC(krb_cred_info->srealm, 1);
+ copy_Realm (&out_creds->server->realm, krb_cred_info->srealm);
+ ALLOC(krb_cred_info->sname, 1);
+ copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname);
+ ALLOC(krb_cred_info->caddr, 1);
+ copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr);
+
+ krb5_free_creds (context, out_creds);
+
+ /* encode EncKrbCredPart */
+
+ ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size,
+ &enc_krb_cred_part, &len, ret);
+ free_EncKrbCredPart (&enc_krb_cred_part);
+ if (ret) {
+ free_KRB_CRED(&cred);
+ return ret;
+ }
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ /**
+ * Some older of the MIT gssapi library used clear-text tickets
+ * (warped inside AP-REQ encryption), use the krb5_auth_context
+ * flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those
+ * tickets. The session key is used otherwise to encrypt the
+ * forwarded ticket.
+ */
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) {
+ cred.enc_part.etype = ENCTYPE_NULL;
+ cred.enc_part.kvno = NULL;
+ cred.enc_part.cipher.data = buf;
+ cred.enc_part.cipher.length = buf_size;
+ } else {
+ /*
+ * Here older versions then 0.7.2 of Heimdal used the local or
+ * remote subkey. That is wrong, the session key should be
+ * used. Heimdal 0.7.2 and newer have code to try both in the
+ * receiving end.
+ */
+
+ ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ if (ret) {
+ free(buf);
+ free_KRB_CRED(&cred);
+ return ret;
+ }
+ ret = krb5_encrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_KRB_CRED,
+ buf,
+ len,
+ 0,
+ &cred.enc_part);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free_KRB_CRED(&cred);
+ return ret;
+ }
+ }
+
+ ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
+ free_KRB_CRED (&cred);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ out_data->length = len;
+ out_data->data = buf;
+ return 0;
+ out4:
+ free_EncKrbCredPart(&enc_krb_cred_part);
+ out3:
+ free_KRB_CRED(&cred);
+ out2:
+ krb5_free_creds (context, out_creds);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_host_realm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_host_realm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_host_realm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,257 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <resolve.h>
+
+RCSID("$Id: get_host_realm.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* To automagically find the correct realm of a host (without
+ * [domain_realm] in krb5.conf) add a text record for your domain with
+ * the name of your realm, like this:
+ *
+ * _kerberos IN TXT "FOO.SE"
+ *
+ * The search is recursive, so you can add entries for specific
+ * hosts. To find the realm of host a.b.c, it first tries
+ * _kerberos.a.b.c, then _kerberos.b.c and so on.
+ *
+ * This method is described in draft-ietf-cat-krb-dns-locate-03.txt.
+ *
+ */
+
+static int
+copy_txt_to_realms (struct resource_record *head,
+ krb5_realm **realms)
+{
+ struct resource_record *rr;
+ int n, i;
+
+ for(n = 0, rr = head; rr; rr = rr->next)
+ if (rr->type == T_TXT)
+ ++n;
+
+ if (n == 0)
+ return -1;
+
+ *realms = malloc ((n + 1) * sizeof(krb5_realm));
+ if (*realms == NULL)
+ return -1;
+
+ for (i = 0; i < n + 1; ++i)
+ (*realms)[i] = NULL;
+
+ for (i = 0, rr = head; rr; rr = rr->next) {
+ if (rr->type == T_TXT) {
+ char *tmp;
+
+ tmp = strdup(rr->u.txt);
+ if (tmp == NULL) {
+ for (i = 0; i < n; ++i)
+ free ((*realms)[i]);
+ free (*realms);
+ return -1;
+ }
+ (*realms)[i] = tmp;
+ ++i;
+ }
+ }
+ return 0;
+}
+
+static int
+dns_find_realm(krb5_context context,
+ const char *domain,
+ krb5_realm **realms)
+{
+ static const char *default_labels[] = { "_kerberos", NULL };
+ char dom[MAXHOSTNAMELEN];
+ struct dns_reply *r;
+ const char **labels;
+ char **config_labels;
+ int i, ret;
+
+ config_labels = krb5_config_get_strings(context, NULL, "libdefaults",
+ "dns_lookup_realm_labels", NULL);
+ if(config_labels != NULL)
+ labels = (const char **)config_labels;
+ else
+ labels = default_labels;
+ if(*domain == '.')
+ domain++;
+ for (i = 0; labels[i] != NULL; i++) {
+ ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain);
+ if(ret < 0 || ret >= sizeof(dom)) {
+ if (config_labels)
+ krb5_config_free_strings(config_labels);
+ return -1;
+ }
+ r = dns_lookup(dom, "TXT");
+ if(r != NULL) {
+ ret = copy_txt_to_realms (r->head, realms);
+ dns_free_data(r);
+ if(ret == 0) {
+ if (config_labels)
+ krb5_config_free_strings(config_labels);
+ return 0;
+ }
+ }
+ }
+ if (config_labels)
+ krb5_config_free_strings(config_labels);
+ return -1;
+}
+
+/*
+ * Try to figure out what realms host in `domain' belong to from the
+ * configuration file.
+ */
+
+static int
+config_find_realm(krb5_context context,
+ const char *domain,
+ krb5_realm **realms)
+{
+ char **tmp = krb5_config_get_strings (context, NULL,
+ "domain_realm",
+ domain,
+ NULL);
+
+ if (tmp == NULL)
+ return -1;
+ *realms = tmp;
+ return 0;
+}
+
+/*
+ * This function assumes that `host' is a FQDN (and doesn't handle the
+ * special case of host == NULL either).
+ * Try to find mapping in the config file or DNS and it that fails,
+ * fall back to guessing
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_get_host_realm_int (krb5_context context,
+ const char *host,
+ krb5_boolean use_dns,
+ krb5_realm **realms)
+{
+ const char *p, *q;
+ krb5_boolean dns_locate_enable;
+
+ dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE,
+ "libdefaults", "dns_lookup_realm", NULL);
+ for (p = host; p != NULL; p = strchr (p + 1, '.')) {
+ if(config_find_realm(context, p, realms) == 0) {
+ if(strcasecmp(*realms[0], "dns_locate") == 0) {
+ if(use_dns)
+ for (q = host; q != NULL; q = strchr(q + 1, '.'))
+ if(dns_find_realm(context, q, realms) == 0)
+ return 0;
+ continue;
+ } else
+ return 0;
+ }
+ else if(use_dns && dns_locate_enable) {
+ if(dns_find_realm(context, p, realms) == 0)
+ return 0;
+ }
+ }
+ p = strchr(host, '.');
+ if(p != NULL) {
+ p++;
+ *realms = malloc(2 * sizeof(krb5_realm));
+ if (*realms == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ (*realms)[0] = strdup(p);
+ if((*realms)[0] == NULL) {
+ free(*realms);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ strupr((*realms)[0]);
+ (*realms)[1] = NULL;
+ return 0;
+ }
+ krb5_set_error_string(context, "unable to find realm of host %s", host);
+ return KRB5_ERR_HOST_REALM_UNKNOWN;
+}
+
+/*
+ * Return the realm(s) of `host' as a NULL-terminated list in
+ * `realms'. Free `realms' with krb5_free_host_realm().
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_host_realm(krb5_context context,
+ const char *targethost,
+ krb5_realm **realms)
+{
+ const char *host = targethost;
+ char hostname[MAXHOSTNAMELEN];
+ krb5_error_code ret;
+ int use_dns;
+
+ if (host == NULL) {
+ if (gethostname (hostname, sizeof(hostname))) {
+ *realms = NULL;
+ return errno;
+ }
+ host = hostname;
+ }
+
+ /*
+ * If our local hostname is without components, don't even try to dns.
+ */
+
+ use_dns = (strchr(host, '.') != NULL);
+
+ ret = _krb5_get_host_realm_int (context, host, use_dns, realms);
+ if (ret && targethost != NULL) {
+ /*
+ * If there was no realm mapping for the host (and we wasn't
+ * looking for ourself), guess at the local realm, maybe our
+ * KDC knows better then we do and we get a referral back.
+ */
+ ret = krb5_get_default_realms(context, realms);
+ if (ret) {
+ krb5_set_error_string(context, "Unable to find realm of host %s",
+ host);
+ return KRB5_ERR_HOST_REALM_UNKNOWN;
+ }
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,834 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_in_tkt.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_init_etype (krb5_context context,
+ unsigned *len,
+ krb5_enctype **val,
+ const krb5_enctype *etypes)
+{
+ int i;
+ krb5_error_code ret;
+ krb5_enctype *tmp = NULL;
+
+ ret = 0;
+ if (etypes == NULL) {
+ ret = krb5_get_default_in_tkt_etypes(context,
+ &tmp);
+ if (ret)
+ return ret;
+ etypes = tmp;
+ }
+
+ for (i = 0; etypes[i]; ++i)
+ ;
+ *len = i;
+ *val = malloc(i * sizeof(**val));
+ if (i != 0 && *val == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto cleanup;
+ }
+ memmove (*val,
+ etypes,
+ i * sizeof(*tmp));
+cleanup:
+ if (tmp != NULL)
+ free (tmp);
+ return ret;
+}
+
+
+static krb5_error_code
+decrypt_tkt (krb5_context context,
+ krb5_keyblock *key,
+ krb5_key_usage usage,
+ krb5_const_pointer decrypt_arg,
+ krb5_kdc_rep *dec_rep)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ size_t size;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ usage,
+ &dec_rep->kdc_rep.enc_part,
+ &data);
+ krb5_crypto_destroy(context, crypto);
+
+ if (ret)
+ return ret;
+
+ ret = krb5_decode_EncASRepPart(context,
+ data.data,
+ data.length,
+ &dec_rep->enc_part,
+ &size);
+ if (ret)
+ ret = krb5_decode_EncTGSRepPart(context,
+ data.data,
+ data.length,
+ &dec_rep->enc_part,
+ &size);
+ krb5_data_free (&data);
+ if (ret)
+ return ret;
+ return 0;
+}
+
+int
+_krb5_extract_ticket(krb5_context context,
+ krb5_kdc_rep *rep,
+ krb5_creds *creds,
+ krb5_keyblock *key,
+ krb5_const_pointer keyseed,
+ krb5_key_usage key_usage,
+ krb5_addresses *addrs,
+ unsigned nonce,
+ unsigned flags,
+ krb5_decrypt_proc decrypt_proc,
+ krb5_const_pointer decryptarg)
+{
+ krb5_error_code ret;
+ krb5_principal tmp_principal;
+ int tmp;
+ size_t len;
+ time_t tmp_time;
+ krb5_timestamp sec_now;
+
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
+ rep->kdc_rep.cname,
+ rep->kdc_rep.crealm);
+ if (ret)
+ goto out;
+
+ /* compare client */
+
+ if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0){
+ tmp = krb5_principal_compare (context, tmp_principal, creds->client);
+ if (!tmp) {
+ krb5_free_principal (context, tmp_principal);
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto out;
+ }
+ }
+
+ krb5_free_principal (context, creds->client);
+ creds->client = tmp_principal;
+
+ /* extract ticket */
+ ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
+ &rep->kdc_rep.ticket, &len, ret);
+ if(ret)
+ goto out;
+ if (creds->ticket.length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ creds->second_ticket.length = 0;
+ creds->second_ticket.data = NULL;
+
+ /* compare server */
+
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
+ rep->kdc_rep.ticket.sname,
+ rep->kdc_rep.ticket.realm);
+ if (ret)
+ goto out;
+ if(flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH){
+ krb5_free_principal(context, creds->server);
+ creds->server = tmp_principal;
+ tmp_principal = NULL;
+ } else {
+ tmp = krb5_principal_compare (context, tmp_principal,
+ creds->server);
+ krb5_free_principal (context, tmp_principal);
+ if (!tmp) {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ }
+
+ /* decrypt */
+
+ if (decrypt_proc == NULL)
+ decrypt_proc = decrypt_tkt;
+
+ ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep);
+ if (ret)
+ goto out;
+
+ /* verify names */
+ if(flags & EXTRACT_TICKET_MATCH_REALM){
+ const char *srealm = krb5_principal_get_realm(context, creds->server);
+ const char *crealm = krb5_principal_get_realm(context, creds->client);
+
+ if (strcmp(rep->enc_part.srealm, srealm) != 0 ||
+ strcmp(rep->enc_part.srealm, crealm) != 0)
+ {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ }
+
+ /* compare nonces */
+
+ if (nonce != rep->enc_part.nonce) {
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out;
+ }
+
+ /* set kdc-offset */
+
+ krb5_timeofday (context, &sec_now);
+ if (rep->enc_part.flags.initial
+ && context->kdc_sec_offset == 0
+ && krb5_config_get_bool (context, NULL,
+ "libdefaults",
+ "kdc_timesync",
+ NULL)) {
+ context->kdc_sec_offset = rep->enc_part.authtime - sec_now;
+ krb5_timeofday (context, &sec_now);
+ }
+
+ /* check all times */
+
+ if (rep->enc_part.starttime) {
+ tmp_time = *rep->enc_part.starttime;
+ } else
+ tmp_time = rep->enc_part.authtime;
+
+ if (creds->times.starttime == 0
+ && abs(tmp_time - sec_now) > context->max_skew) {
+ ret = KRB5KRB_AP_ERR_SKEW;
+ krb5_set_error_string (context,
+ "time skew (%d) larger than max (%d)",
+ abs(tmp_time - sec_now),
+ (int)context->max_skew);
+ goto out;
+ }
+
+ if (creds->times.starttime != 0
+ && tmp_time != creds->times.starttime) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto out;
+ }
+
+ creds->times.starttime = tmp_time;
+
+ if (rep->enc_part.renew_till) {
+ tmp_time = *rep->enc_part.renew_till;
+ } else
+ tmp_time = 0;
+
+ if (creds->times.renew_till != 0
+ && tmp_time > creds->times.renew_till) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto out;
+ }
+
+ creds->times.renew_till = tmp_time;
+
+ creds->times.authtime = rep->enc_part.authtime;
+
+ if (creds->times.endtime != 0
+ && rep->enc_part.endtime > creds->times.endtime) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto out;
+ }
+
+ creds->times.endtime = rep->enc_part.endtime;
+
+ if(rep->enc_part.caddr)
+ krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses);
+ else if(addrs)
+ krb5_copy_addresses (context, addrs, &creds->addresses);
+ else {
+ creds->addresses.len = 0;
+ creds->addresses.val = NULL;
+ }
+ creds->flags.b = rep->enc_part.flags;
+
+ creds->authdata.len = 0;
+ creds->authdata.val = NULL;
+ creds->session.keyvalue.length = 0;
+ creds->session.keyvalue.data = NULL;
+ creds->session.keytype = rep->enc_part.key.keytype;
+ ret = krb5_data_copy (&creds->session.keyvalue,
+ rep->enc_part.key.keyvalue.data,
+ rep->enc_part.key.keyvalue.length);
+
+out:
+ memset (rep->enc_part.key.keyvalue.data, 0,
+ rep->enc_part.key.keyvalue.length);
+ return ret;
+}
+
+
+static krb5_error_code
+make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
+ krb5_enctype etype, krb5_keyblock *key)
+{
+ PA_ENC_TS_ENC p;
+ unsigned char *buf;
+ size_t buf_size;
+ size_t len;
+ EncryptedData encdata;
+ krb5_error_code ret;
+ int32_t usec;
+ int usec2;
+ krb5_crypto crypto;
+
+ krb5_us_timeofday (context, &p.patimestamp, &usec);
+ usec2 = usec;
+ p.pausec = &usec2;
+
+ ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free(buf);
+ return ret;
+ }
+ ret = krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_PA_ENC_TIMESTAMP,
+ buf,
+ len,
+ 0,
+ &encdata);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
+ free_EncryptedData(&encdata);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
+ pa->padata_value.length = len;
+ pa->padata_value.data = buf;
+ return 0;
+}
+
+static krb5_error_code
+add_padata(krb5_context context,
+ METHOD_DATA *md,
+ krb5_principal client,
+ krb5_key_proc key_proc,
+ krb5_const_pointer keyseed,
+ krb5_enctype *enctypes,
+ unsigned netypes,
+ krb5_salt *salt)
+{
+ krb5_error_code ret;
+ PA_DATA *pa2;
+ krb5_salt salt2;
+ krb5_enctype *ep;
+ int i;
+
+ if(salt == NULL) {
+ /* default to standard salt */
+ ret = krb5_get_pw_salt (context, client, &salt2);
+ salt = &salt2;
+ }
+ if (!enctypes) {
+ enctypes = context->etypes;
+ netypes = 0;
+ for (ep = enctypes; *ep != ETYPE_NULL; ep++)
+ netypes++;
+ }
+ pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));
+ if (pa2 == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ md->val = pa2;
+
+ for (i = 0; i < netypes; ++i) {
+ krb5_keyblock *key;
+
+ ret = (*key_proc)(context, enctypes[i], *salt, keyseed, &key);
+ if (ret)
+ continue;
+ ret = make_pa_enc_timestamp (context, &md->val[md->len],
+ enctypes[i], key);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ return ret;
+ ++md->len;
+ }
+ if(salt == &salt2)
+ krb5_free_salt(context, salt2);
+ return 0;
+}
+
+static krb5_error_code
+init_as_req (krb5_context context,
+ KDCOptions opts,
+ krb5_creds *creds,
+ const krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ const krb5_preauthtype *ptypes,
+ const krb5_preauthdata *preauth,
+ krb5_key_proc key_proc,
+ krb5_const_pointer keyseed,
+ unsigned nonce,
+ AS_REQ *a)
+{
+ krb5_error_code ret;
+ krb5_salt salt;
+
+ memset(a, 0, sizeof(*a));
+
+ a->pvno = 5;
+ a->msg_type = krb_as_req;
+ a->req_body.kdc_options = opts;
+ a->req_body.cname = malloc(sizeof(*a->req_body.cname));
+ if (a->req_body.cname == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ a->req_body.sname = malloc(sizeof(*a->req_body.sname));
+ if (a->req_body.sname == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
+ if (ret)
+ goto fail;
+ ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
+ if (ret)
+ goto fail;
+ ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
+ if (ret)
+ goto fail;
+
+ if(creds->times.starttime) {
+ a->req_body.from = malloc(sizeof(*a->req_body.from));
+ if (a->req_body.from == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ *a->req_body.from = creds->times.starttime;
+ }
+ if(creds->times.endtime){
+ ALLOC(a->req_body.till, 1);
+ *a->req_body.till = creds->times.endtime;
+ }
+ if(creds->times.renew_till){
+ a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
+ if (a->req_body.rtime == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ *a->req_body.rtime = creds->times.renew_till;
+ }
+ a->req_body.nonce = nonce;
+ ret = krb5_init_etype (context,
+ &a->req_body.etype.len,
+ &a->req_body.etype.val,
+ etypes);
+ if (ret)
+ goto fail;
+
+ /*
+ * This means no addresses
+ */
+
+ if (addrs && addrs->len == 0) {
+ a->req_body.addresses = NULL;
+ } else {
+ a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
+ if (a->req_body.addresses == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+
+ if (addrs)
+ ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
+ else {
+ ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
+ if(ret == 0 && a->req_body.addresses->len == 0) {
+ free(a->req_body.addresses);
+ a->req_body.addresses = NULL;
+ }
+ }
+ if (ret)
+ return ret;
+ }
+
+ a->req_body.enc_authorization_data = NULL;
+ a->req_body.additional_tickets = NULL;
+
+ if(preauth != NULL) {
+ int i;
+ ALLOC(a->padata, 1);
+ if(a->padata == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ a->padata->val = NULL;
+ a->padata->len = 0;
+ for(i = 0; i < preauth->len; i++) {
+ if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){
+ int j;
+
+ for(j = 0; j < preauth->val[i].info.len; j++) {
+ krb5_salt *sp = &salt;
+ if(preauth->val[i].info.val[j].salttype)
+ salt.salttype = *preauth->val[i].info.val[j].salttype;
+ else
+ salt.salttype = KRB5_PW_SALT;
+ if(preauth->val[i].info.val[j].salt)
+ salt.saltvalue = *preauth->val[i].info.val[j].salt;
+ else
+ if(salt.salttype == KRB5_PW_SALT)
+ sp = NULL;
+ else
+ krb5_data_zero(&salt.saltvalue);
+ ret = add_padata(context, a->padata, creds->client,
+ key_proc, keyseed,
+ &preauth->val[i].info.val[j].etype, 1,
+ sp);
+ if (ret == 0)
+ break;
+ }
+ }
+ }
+ } else
+ /* not sure this is the way to use `ptypes' */
+ if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE)
+ a->padata = NULL;
+ else if (*ptypes == KRB5_PADATA_ENC_TIMESTAMP) {
+ ALLOC(a->padata, 1);
+ if (a->padata == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ a->padata->len = 0;
+ a->padata->val = NULL;
+
+ /* make a v5 salted pa-data */
+ add_padata(context, a->padata, creds->client,
+ key_proc, keyseed, a->req_body.etype.val,
+ a->req_body.etype.len, NULL);
+
+ /* make a v4 salted pa-data */
+ salt.salttype = KRB5_PW_SALT;
+ krb5_data_zero(&salt.saltvalue);
+ add_padata(context, a->padata, creds->client,
+ key_proc, keyseed, a->req_body.etype.val,
+ a->req_body.etype.len, &salt);
+ } else {
+ krb5_set_error_string (context, "pre-auth type %d not supported",
+ *ptypes);
+ ret = KRB5_PREAUTH_BAD_TYPE;
+ goto fail;
+ }
+ return 0;
+fail:
+ free_AS_REQ(a);
+ return ret;
+}
+
+static int
+set_ptypes(krb5_context context,
+ KRB_ERROR *error,
+ const krb5_preauthtype **ptypes,
+ krb5_preauthdata **preauth)
+{
+ static krb5_preauthdata preauth2;
+ static krb5_preauthtype ptypes2[] = { KRB5_PADATA_ENC_TIMESTAMP, KRB5_PADATA_NONE };
+
+ if(error->e_data) {
+ METHOD_DATA md;
+ int i;
+ decode_METHOD_DATA(error->e_data->data,
+ error->e_data->length,
+ &md,
+ NULL);
+ for(i = 0; i < md.len; i++){
+ switch(md.val[i].padata_type){
+ case KRB5_PADATA_ENC_TIMESTAMP:
+ *ptypes = ptypes2;
+ break;
+ case KRB5_PADATA_ETYPE_INFO:
+ *preauth = &preauth2;
+ ALLOC_SEQ(*preauth, 1);
+ (*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
+ krb5_decode_ETYPE_INFO(context,
+ md.val[i].padata_value.data,
+ md.val[i].padata_value.length,
+ &(*preauth)->val[0].info,
+ NULL);
+ break;
+ default:
+ break;
+ }
+ }
+ free_METHOD_DATA(&md);
+ } else {
+ *ptypes = ptypes2;
+ }
+ return(1);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_cred(krb5_context context,
+ krb5_flags options,
+ const krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ const krb5_preauthtype *ptypes,
+ const krb5_preauthdata *preauth,
+ krb5_key_proc key_proc,
+ krb5_const_pointer keyseed,
+ krb5_decrypt_proc decrypt_proc,
+ krb5_const_pointer decryptarg,
+ krb5_creds *creds,
+ krb5_kdc_rep *ret_as_reply)
+{
+ krb5_error_code ret;
+ AS_REQ a;
+ krb5_kdc_rep rep;
+ krb5_data req, resp;
+ size_t len;
+ krb5_salt salt;
+ krb5_keyblock *key;
+ size_t size;
+ KDCOptions opts;
+ PA_DATA *pa;
+ krb5_enctype etype;
+ krb5_preauthdata *my_preauth = NULL;
+ unsigned nonce;
+ int done;
+
+ opts = int2KDCOptions(options);
+
+ krb5_generate_random_block (&nonce, sizeof(nonce));
+ nonce &= 0xffffffff;
+
+ do {
+ done = 1;
+ ret = init_as_req (context,
+ opts,
+ creds,
+ addrs,
+ etypes,
+ ptypes,
+ preauth,
+ key_proc,
+ keyseed,
+ nonce,
+ &a);
+ if (my_preauth) {
+ free_ETYPE_INFO(&my_preauth->val[0].info);
+ free (my_preauth->val);
+ my_preauth = NULL;
+ }
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
+ free_AS_REQ(&a);
+ if (ret)
+ return ret;
+ if(len != req.length)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
+ krb5_data_free(&req);
+ if (ret)
+ return ret;
+
+ memset (&rep, 0, sizeof(rep));
+ ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
+ if(ret) {
+ /* let's try to parse it as a KRB-ERROR */
+ KRB_ERROR error;
+ int ret2;
+
+ ret2 = krb5_rd_error(context, &resp, &error);
+ if(ret2 && resp.data && ((char*)resp.data)[0] == 4)
+ ret = KRB5KRB_AP_ERR_V4_REPLY;
+ krb5_data_free(&resp);
+ if (ret2 == 0) {
+ ret = krb5_error_from_rd_error(context, &error, creds);
+ /* if no preauth was set and KDC requires it, give it
+ one more try */
+ if (!ptypes && !preauth
+ && ret == KRB5KDC_ERR_PREAUTH_REQUIRED
+#if 0
+ || ret == KRB5KDC_ERR_BADOPTION
+#endif
+ && set_ptypes(context, &error, &ptypes, &my_preauth)) {
+ done = 0;
+ preauth = my_preauth;
+ krb5_free_error_contents(context, &error);
+ krb5_clear_error_string(context);
+ continue;
+ }
+ if(ret_as_reply)
+ ret_as_reply->error = error;
+ else
+ free_KRB_ERROR (&error);
+ return ret;
+ }
+ return ret;
+ }
+ krb5_data_free(&resp);
+ } while(!done);
+
+ pa = NULL;
+ etype = rep.kdc_rep.enc_part.etype;
+ if(rep.kdc_rep.padata){
+ int i = 0;
+ pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len,
+ KRB5_PADATA_PW_SALT, &i);
+ if(pa == NULL) {
+ i = 0;
+ pa = krb5_find_padata(rep.kdc_rep.padata->val,
+ rep.kdc_rep.padata->len,
+ KRB5_PADATA_AFS3_SALT, &i);
+ }
+ }
+ if(pa) {
+ salt.salttype = pa->padata_type;
+ salt.saltvalue = pa->padata_value;
+
+ ret = (*key_proc)(context, etype, salt, keyseed, &key);
+ } else {
+ /* make a v5 salted pa-data */
+ ret = krb5_get_pw_salt (context, creds->client, &salt);
+
+ if (ret)
+ goto out;
+ ret = (*key_proc)(context, etype, salt, keyseed, &key);
+ krb5_free_salt(context, salt);
+ }
+ if (ret)
+ goto out;
+
+ {
+ unsigned flags = 0;
+ if (opts.request_anonymous)
+ flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+
+ ret = _krb5_extract_ticket(context,
+ &rep,
+ creds,
+ key,
+ keyseed,
+ KRB5_KU_AS_REP_ENC_PART,
+ NULL,
+ nonce,
+ flags,
+ decrypt_proc,
+ decryptarg);
+ }
+ memset (key->keyvalue.data, 0, key->keyvalue.length);
+ krb5_free_keyblock_contents (context, key);
+ free (key);
+
+out:
+ if (ret == 0 && ret_as_reply)
+ *ret_as_reply = rep;
+ else
+ krb5_free_kdc_rep (context, &rep);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt(krb5_context context,
+ krb5_flags options,
+ const krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ const krb5_preauthtype *ptypes,
+ krb5_key_proc key_proc,
+ krb5_const_pointer keyseed,
+ krb5_decrypt_proc decrypt_proc,
+ krb5_const_pointer decryptarg,
+ krb5_creds *creds,
+ krb5_ccache ccache,
+ krb5_kdc_rep *ret_as_reply)
+{
+ krb5_error_code ret;
+
+ ret = krb5_get_in_cred (context,
+ options,
+ addrs,
+ etypes,
+ ptypes,
+ NULL,
+ key_proc,
+ keyseed,
+ decrypt_proc,
+ decryptarg,
+ creds,
+ ret_as_reply);
+ if(ret)
+ return ret;
+ if (ccache)
+ ret = krb5_cc_store_cred (context, ccache, creds);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_pw.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_pw.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_pw.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_in_tkt_pw.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_password_key_proc (krb5_context context,
+ krb5_enctype type,
+ krb5_salt salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+ const char *password = (const char *)keyseed;
+ char buf[BUFSIZ];
+
+ *key = malloc (sizeof (**key));
+ if (*key == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if (password == NULL) {
+ if(UI_UTIL_read_pw_string (buf, sizeof(buf), "Password: ", 0)) {
+ free (*key);
+ krb5_clear_error_string(context);
+ return KRB5_LIBOS_PWDINTR;
+ }
+ password = buf;
+ }
+ ret = krb5_string_to_key_salt (context, type, password, salt, *key);
+ memset (buf, 0, sizeof(buf));
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt_with_password (krb5_context context,
+ krb5_flags options,
+ krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ const krb5_preauthtype *pre_auth_types,
+ const char *password,
+ krb5_ccache ccache,
+ krb5_creds *creds,
+ krb5_kdc_rep *ret_as_reply)
+{
+ return krb5_get_in_tkt (context,
+ options,
+ addrs,
+ etypes,
+ pre_auth_types,
+ krb5_password_key_proc,
+ password,
+ NULL,
+ NULL,
+ creds,
+ ccache,
+ ret_as_reply);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_keytab.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_keytab.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_keytab.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_in_tkt_with_keytab.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytab_key_proc (krb5_context context,
+ krb5_enctype enctype,
+ krb5_salt salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ krb5_keytab_key_proc_args *args = rk_UNCONST(keyseed);
+ krb5_keytab keytab = args->keytab;
+ krb5_principal principal = args->principal;
+ krb5_error_code ret;
+ krb5_keytab real_keytab;
+ krb5_keytab_entry entry;
+
+ if(keytab == NULL)
+ krb5_kt_default(context, &real_keytab);
+ else
+ real_keytab = keytab;
+
+ ret = krb5_kt_get_entry (context, real_keytab, principal,
+ 0, enctype, &entry);
+
+ if (keytab == NULL)
+ krb5_kt_close (context, real_keytab);
+
+ if (ret)
+ return ret;
+
+ ret = krb5_copy_keyblock (context, &entry.keyblock, key);
+ krb5_kt_free_entry(context, &entry);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt_with_keytab (krb5_context context,
+ krb5_flags options,
+ krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ const krb5_preauthtype *pre_auth_types,
+ krb5_keytab keytab,
+ krb5_ccache ccache,
+ krb5_creds *creds,
+ krb5_kdc_rep *ret_as_reply)
+{
+ krb5_keytab_key_proc_args a;
+
+ a.principal = creds->client;
+ a.keytab = keytab;
+
+ return krb5_get_in_tkt (context,
+ options,
+ addrs,
+ etypes,
+ pre_auth_types,
+ krb5_keytab_key_proc,
+ &a,
+ NULL,
+ NULL,
+ creds,
+ ccache,
+ ret_as_reply);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_skey.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_skey.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_in_tkt_with_skey.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: get_in_tkt_with_skey.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_error_code
+krb5_skey_key_proc (krb5_context context,
+ krb5_enctype type,
+ krb5_salt salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ return krb5_copy_keyblock (context, keyseed, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt_with_skey (krb5_context context,
+ krb5_flags options,
+ krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ const krb5_preauthtype *pre_auth_types,
+ const krb5_keyblock *key,
+ krb5_ccache ccache,
+ krb5_creds *creds,
+ krb5_kdc_rep *ret_as_reply)
+{
+ if(key == NULL)
+ return krb5_get_in_tkt_with_keytab (context,
+ options,
+ addrs,
+ etypes,
+ pre_auth_types,
+ NULL,
+ ccache,
+ creds,
+ ret_as_reply);
+ else
+ return krb5_get_in_tkt (context,
+ options,
+ addrs,
+ etypes,
+ pre_auth_types,
+ krb5_skey_key_proc,
+ key,
+ NULL,
+ NULL,
+ creds,
+ ccache,
+ ret_as_reply);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/get_port.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/get_port.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/get_port.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1997-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: get_port.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+int KRB5_LIB_FUNCTION
+krb5_getportbyname (krb5_context context,
+ const char *service,
+ const char *proto,
+ int default_port)
+{
+ struct servent *sp;
+
+ if ((sp = roken_getservbyname (service, proto)) == NULL) {
+#if 0
+ krb5_warnx(context, "%s/%s unknown service, using default port %d",
+ service, proto, default_port);
+#endif
+ return htons(default_port);
+ } else
+ return sp->s_port;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/heim_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/heim_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/heim_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+#
+# Error messages for the krb5 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: heim_err.et,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $"
+
+error_table heim
+
+prefix HEIM_ERR
+
+error_code LOG_PARSE, "Error parsing log destination"
+error_code V4_PRINC_NO_CONV, "Failed to convert v4 principal"
+error_code SALTTYPE_NOSUPP, "Salt type is not supported by enctype"
+error_code NOHOST, "Host not found"
+error_code OPNOTSUPP, "Operation not supported"
+error_code EOF, "End of file"
+error_code BAD_MKEY, "Failed to get the master key"
+error_code SERVICE_NOMATCH, "Unacceptable service used"
+
+index 64
+prefix HEIM_PKINIT
+error_code NO_CERTIFICATE, "Certificate missing"
+error_code NO_PRIVATE_KEY, "Private key missing"
+error_code NO_VALID_CA, "No valid certificate authority"
+error_code CERTIFICATE_INVALID, "Certificate invalid"
+error_code PRIVATE_KEY_INVALID, "Private key invalid"
+
+index 128
+prefix HEIM_EAI
+#error_code NOERROR, "no error"
+error_code UNKNOWN, "unknown error from getaddrinfo"
+error_code ADDRFAMILY, "address family for nodename not supported"
+error_code AGAIN, "temporary failure in name resolution"
+error_code BADFLAGS, "invalid value for ai_flags"
+error_code FAIL, "non-recoverable failure in name resolution"
+error_code FAMILY, "ai_family not supported"
+error_code MEMORY, "memory allocation failure"
+error_code NODATA, "no address associated with nodename"
+error_code NONAME, "nodename nor servname provided, or not known"
+error_code SERVICE, "servname not supported for ai_socktype"
+error_code SOCKTYPE, "ai_socktype not supported"
+error_code SYSTEM, "system error returned in errno"
+end
Added: vendor-crypto/heimdal/dist/lib/krb5/heim_threads.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/heim_threads.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/heim_threads.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: heim_threads.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+/*
+ * Provide wrapper macros for thread synchronization primitives so we
+ * can use native thread functions for those operating system that
+ * supports it.
+ *
+ * This is so libkrb5.so (or more importantly, libgssapi.so) can have
+ * thread support while the program that that dlopen(3)s the library
+ * don't need to be linked to libpthread.
+ */
+
+#ifndef HEIM_THREADS_H
+#define HEIM_THREADS_H 1
+
+/* assume headers already included */
+
+#if defined(__NetBSD__) && __NetBSD_Version__ >= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT)
+
+/*
+ * NetBSD have a thread lib that we can use that part of libc that
+ * works regardless if application are linked to pthreads or not.
+ * NetBSD newer then 2.99.11 just use pthread.h, and the same thing
+ * will happen.
+ */
+#include <threadlib.h>
+
+#define HEIMDAL_MUTEX mutex_t
+#define HEIMDAL_MUTEX_INITIALIZER MUTEX_INITIALIZER
+#define HEIMDAL_MUTEX_init(m) mutex_init(m, NULL)
+#define HEIMDAL_MUTEX_lock(m) mutex_lock(m)
+#define HEIMDAL_MUTEX_unlock(m) mutex_unlock(m)
+#define HEIMDAL_MUTEX_destroy(m) mutex_destroy(m)
+
+#define HEIMDAL_RWLOCK rwlock_t
+#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
+#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL)
+#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l)
+#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l)
+#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l)
+#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l)
+#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l)
+#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l)
+
+#define HEIMDAL_thread_key thread_key_t
+#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0)
+#define HEIMDAL_setspecific(k,s,r) do { r = thr_setspecific(k,s); } while(0)
+#define HEIMDAL_getspecific(k) thr_getspecific(k)
+#define HEIMDAL_key_delete(k) thr_keydelete(k)
+
+#elif defined(ENABLE_PTHREAD_SUPPORT) && (!defined(__NetBSD__) || __NetBSD_Version__ >= 299001200)
+
+#include <pthread.h>
+
+#define HEIMDAL_MUTEX pthread_mutex_t
+#define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
+#define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL)
+#define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m)
+#define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m)
+#define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m)
+
+#define HEIMDAL_RWLOCK rwlock_t
+#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER
+#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL)
+#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l)
+#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l)
+#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l)
+#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l)
+#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l)
+#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l)
+
+#define HEIMDAL_thread_key pthread_key_t
+#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0)
+#define HEIMDAL_setspecific(k,s,r) do { r = pthread_setspecific(k,s); } while(0)
+#define HEIMDAL_getspecific(k) pthread_getspecific(k)
+#define HEIMDAL_key_delete(k) pthread_key_delete(k)
+
+#elif defined(HEIMDAL_DEBUG_THREADS)
+
+/* no threads support, just do consistency checks */
+#include <stdlib.h>
+
+#define HEIMDAL_MUTEX int
+#define HEIMDAL_MUTEX_INITIALIZER 0
+#define HEIMDAL_MUTEX_init(m) do { (*(m)) = 0; } while(0)
+#define HEIMDAL_MUTEX_lock(m) do { if ((*(m))++ != 0) abort(); } while(0)
+#define HEIMDAL_MUTEX_unlock(m) do { if ((*(m))-- != 1) abort(); } while(0)
+#define HEIMDAL_MUTEX_destroy(m) do {if ((*(m)) != 0) abort(); } while(0)
+
+#define HEIMDAL_RWLOCK rwlock_t int
+#define HEIMDAL_RWLOCK_INITIALIZER 0
+#define HEIMDAL_RWLOCK_init(l) do { } while(0)
+#define HEIMDAL_RWLOCK_rdlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_wrlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_trywrlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_unlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_destroy(l) do { } while(0)
+
+#define HEIMDAL_internal_thread_key 1
+
+#else /* no thread support, no debug case */
+
+#define HEIMDAL_MUTEX int
+#define HEIMDAL_MUTEX_INITIALIZER 0
+#define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0)
+#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0)
+
+#define HEIMDAL_RWLOCK rwlock_t int
+#define HEIMDAL_RWLOCK_INITIALIZER 0
+#define HEIMDAL_RWLOCK_init(l) do { } while(0)
+#define HEIMDAL_RWLOCK_rdlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_wrlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_trywrlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_unlock(l) do { } while(0)
+#define HEIMDAL_RWLOCK_destroy(l) do { } while(0)
+
+#define HEIMDAL_internal_thread_key 1
+
+#endif /* no thread support */
+
+#ifdef HEIMDAL_internal_thread_key
+
+typedef struct heim_thread_key {
+ void *value;
+ void (*destructor)(void *);
+} heim_thread_key;
+
+#define HEIMDAL_thread_key heim_thread_key
+#define HEIMDAL_key_create(k,d,r) \
+ do { (k)->value = NULL; (k)->destructor = (d); r = 0; } while(0)
+#define HEIMDAL_setspecific(k,s,r) do { (k).value = s ; r = 0; } while(0)
+#define HEIMDAL_getspecific(k) ((k).value)
+#define HEIMDAL_key_delete(k) do { (*(k).destructor)((k).value); } while(0)
+
+#undef HEIMDAL_internal_thread_key
+#endif /* HEIMDAL_internal_thread_key */
+
+#endif /* HEIM_THREADS_H */
Added: vendor-crypto/heimdal/dist/lib/krb5/init_creds.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/init_creds.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/init_creds.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,442 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: init_creds.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
+{
+ memset (opt, 0, sizeof(*opt));
+ opt->flags = 0;
+ opt->opt_private = NULL;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_alloc(krb5_context context,
+ krb5_get_init_creds_opt **opt)
+{
+ krb5_get_init_creds_opt *o;
+
+ *opt = NULL;
+ o = calloc(1, sizeof(*o));
+ if (o == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ krb5_get_init_creds_opt_init(o);
+ o->opt_private = calloc(1, sizeof(*o->opt_private));
+ if (o->opt_private == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(o);
+ return ENOMEM;
+ }
+ o->opt_private->refcount = 1;
+ *opt = o;
+ return 0;
+}
+
+krb5_error_code
+_krb5_get_init_creds_opt_copy(krb5_context context,
+ const krb5_get_init_creds_opt *in,
+ krb5_get_init_creds_opt **out)
+{
+ krb5_get_init_creds_opt *opt;
+
+ *out = NULL;
+ opt = calloc(1, sizeof(*opt));
+ if (opt == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ if (in)
+ *opt = *in;
+ if(opt->opt_private == NULL) {
+ opt->opt_private = calloc(1, sizeof(*opt->opt_private));
+ if (opt->opt_private == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ free(opt);
+ return ENOMEM;
+ }
+ opt->opt_private->refcount = 1;
+ } else
+ opt->opt_private->refcount++;
+ *out = opt;
+ return 0;
+}
+
+void KRB5_LIB_FUNCTION
+_krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt)
+{
+ if (opt->opt_private == NULL || opt->opt_private->error == NULL)
+ return;
+ free_KRB_ERROR(opt->opt_private->error);
+ free(opt->opt_private->error);
+ opt->opt_private->error = NULL;
+}
+
+void KRB5_LIB_FUNCTION
+_krb5_get_init_creds_opt_set_krb5_error(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ const KRB_ERROR *error)
+{
+ krb5_error_code ret;
+
+ if (opt->opt_private == NULL)
+ return;
+
+ _krb5_get_init_creds_opt_free_krb5_error(opt);
+
+ opt->opt_private->error = malloc(sizeof(*opt->opt_private->error));
+ if (opt->opt_private->error == NULL)
+ return;
+ ret = copy_KRB_ERROR(error, opt->opt_private->error);
+ if (ret) {
+ free(opt->opt_private->error);
+ opt->opt_private->error = NULL;
+ }
+}
+
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_free(krb5_context context,
+ krb5_get_init_creds_opt *opt)
+{
+ if (opt == NULL || opt->opt_private == NULL)
+ return;
+ if (opt->opt_private->refcount < 1) /* abort ? */
+ return;
+ if (--opt->opt_private->refcount == 0) {
+ _krb5_get_init_creds_opt_free_krb5_error(opt);
+ _krb5_get_init_creds_opt_free_pkinit(opt);
+ free(opt->opt_private);
+ }
+ memset(opt, 0, sizeof(*opt));
+ free(opt);
+}
+
+static int
+get_config_time (krb5_context context,
+ const char *realm,
+ const char *name,
+ int def)
+{
+ int ret;
+
+ ret = krb5_config_get_time (context, NULL,
+ "realms",
+ realm,
+ name,
+ NULL);
+ if (ret >= 0)
+ return ret;
+ ret = krb5_config_get_time (context, NULL,
+ "libdefaults",
+ name,
+ NULL);
+ if (ret >= 0)
+ return ret;
+ return def;
+}
+
+static krb5_boolean
+get_config_bool (krb5_context context,
+ const char *realm,
+ const char *name)
+{
+ return krb5_config_get_bool (context,
+ NULL,
+ "realms",
+ realm,
+ name,
+ NULL)
+ || krb5_config_get_bool (context,
+ NULL,
+ "libdefaults",
+ name,
+ NULL);
+}
+
+/*
+ * set all the values in `opt' to the appropriate values for
+ * application `appname' (default to getprogname() if NULL), and realm
+ * `realm'. First looks in [appdefaults] but falls back to
+ * [realms] or [libdefaults] for some of the values.
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_default_flags(krb5_context context,
+ const char *appname,
+ krb5_const_realm realm,
+ krb5_get_init_creds_opt *opt)
+{
+ krb5_boolean b;
+ time_t t;
+
+ b = get_config_bool (context, realm, "forwardable");
+ krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
+ krb5_get_init_creds_opt_set_forwardable(opt, b);
+
+ b = get_config_bool (context, realm, "proxiable");
+ krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
+ krb5_get_init_creds_opt_set_proxiable (opt, b);
+
+ krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
+ if (t == 0)
+ t = get_config_time (context, realm, "ticket_lifetime", 0);
+ if(t != 0)
+ krb5_get_init_creds_opt_set_tkt_life(opt, t);
+
+ krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
+ if (t == 0)
+ t = get_config_time (context, realm, "renew_lifetime", 0);
+ if(t != 0)
+ krb5_get_init_creds_opt_set_renew_life(opt, t);
+
+ krb5_appdefault_boolean(context, appname, realm, "no-addresses",
+ KRB5_ADDRESSLESS_DEFAULT, &b);
+ krb5_get_init_creds_opt_set_addressless (context, opt, b);
+
+#if 0
+ krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
+ krb5_get_init_creds_opt_set_anonymous (opt, b);
+
+ krb5_get_init_creds_opt_set_etype_list(opt, enctype,
+ etype_str.num_strings);
+
+ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
+ krb5_data *salt);
+
+ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+ krb5_preauthtype *preauth_list,
+ int preauth_list_length);
+#endif
+}
+
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
+ krb5_deltat tkt_life)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
+ opt->tkt_life = tkt_life;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
+ krb5_deltat renew_life)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
+ opt->renew_life = renew_life;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
+ int forwardable)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
+ opt->forwardable = forwardable;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
+ int proxiable)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
+ opt->proxiable = proxiable;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
+ krb5_enctype *etype_list,
+ int etype_list_length)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
+ opt->etype_list = etype_list;
+ opt->etype_list_length = etype_list_length;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
+ krb5_addresses *addresses)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
+ opt->address_list = addresses;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+ krb5_preauthtype *preauth_list,
+ int preauth_list_length)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
+ opt->preauth_list_length = preauth_list_length;
+ opt->preauth_list = preauth_list;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
+ krb5_data *salt)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
+ opt->salt = salt;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
+ int anonymous)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
+ opt->anonymous = anonymous;
+}
+
+static krb5_error_code
+require_ext_opt(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ const char *type)
+{
+ if (opt->opt_private == NULL) {
+ krb5_set_error_string(context, "%s on non extendable opt", type);
+ return EINVAL;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_pa_password(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ const char *password,
+ krb5_s2k_proc key_proc)
+{
+ krb5_error_code ret;
+ ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
+ if (ret)
+ return ret;
+ opt->opt_private->password = password;
+ opt->opt_private->key_proc = key_proc;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_pac_request(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ krb5_boolean req_pac)
+{
+ krb5_error_code ret;
+ ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
+ if (ret)
+ return ret;
+ opt->opt_private->req_pac = req_pac ?
+ KRB5_INIT_CREDS_TRISTATE_TRUE :
+ KRB5_INIT_CREDS_TRISTATE_FALSE;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_get_error(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ KRB_ERROR **error)
+{
+ krb5_error_code ret;
+
+ *error = NULL;
+
+ ret = require_ext_opt(context, opt, "init_creds_opt_get_error");
+ if (ret)
+ return ret;
+
+ if (opt->opt_private->error == NULL)
+ return 0;
+
+ *error = malloc(sizeof(**error));
+ if (*error == NULL) {
+ krb5_set_error_string(context, "malloc - out memory");
+ return ENOMEM;
+ }
+
+ ret = copy_KRB_ERROR(opt->opt_private->error, *error);
+ if (ret)
+ krb5_clear_error_string(context);
+
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_addressless(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ krb5_boolean addressless)
+{
+ krb5_error_code ret;
+ ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
+ if (ret)
+ return ret;
+ if (addressless)
+ opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE;
+ else
+ opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ krb5_boolean req)
+{
+ krb5_error_code ret;
+ ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize");
+ if (ret)
+ return ret;
+ if (req)
+ opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE;
+ else
+ opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_win2k(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ krb5_boolean req)
+{
+ krb5_error_code ret;
+ ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
+ if (ret)
+ return ret;
+ if (req)
+ opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+ else
+ opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/lib/krb5/init_creds_pw.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/init_creds_pw.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/init_creds_pw.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1658 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: init_creds_pw.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+typedef struct krb5_get_init_creds_ctx {
+ KDCOptions flags;
+ krb5_creds cred;
+ krb5_addresses *addrs;
+ krb5_enctype *etypes;
+ krb5_preauthtype *pre_auth_types;
+ const char *in_tkt_service;
+ unsigned nonce;
+ unsigned pk_nonce;
+
+ krb5_data req_buffer;
+ AS_REQ as_req;
+ int pa_counter;
+
+ const char *password;
+ krb5_s2k_proc key_proc;
+
+ krb5_get_init_creds_tristate req_pac;
+
+ krb5_pk_init_ctx pk_init_ctx;
+ int ic_flags;
+} krb5_get_init_creds_ctx;
+
+static krb5_error_code
+default_s2k_func(krb5_context context, krb5_enctype type,
+ krb5_const_pointer keyseed,
+ krb5_salt salt, krb5_data *s2kparms,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+ krb5_data password;
+ krb5_data opaque;
+
+ password.data = rk_UNCONST(keyseed);
+ password.length = strlen(keyseed);
+ if (s2kparms)
+ opaque = *s2kparms;
+ else
+ krb5_data_zero(&opaque);
+
+ *key = malloc(sizeof(**key));
+ if (*key == NULL)
+ return ENOMEM;
+ ret = krb5_string_to_key_data_salt_opaque(context, type, password,
+ salt, opaque, *key);
+ if (ret) {
+ free(*key);
+ *key = NULL;
+ }
+ return ret;
+}
+
+static void
+free_init_creds_ctx(krb5_context context, krb5_get_init_creds_ctx *ctx)
+{
+ if (ctx->etypes)
+ free(ctx->etypes);
+ if (ctx->pre_auth_types)
+ free (ctx->pre_auth_types);
+ free_AS_REQ(&ctx->as_req);
+ memset(&ctx->as_req, 0, sizeof(ctx->as_req));
+}
+
+static int
+get_config_time (krb5_context context,
+ const char *realm,
+ const char *name,
+ int def)
+{
+ int ret;
+
+ ret = krb5_config_get_time (context, NULL,
+ "realms",
+ realm,
+ name,
+ NULL);
+ if (ret >= 0)
+ return ret;
+ ret = krb5_config_get_time (context, NULL,
+ "libdefaults",
+ name,
+ NULL);
+ if (ret >= 0)
+ return ret;
+ return def;
+}
+
+static krb5_error_code
+init_cred (krb5_context context,
+ krb5_creds *cred,
+ krb5_principal client,
+ krb5_deltat start_time,
+ const char *in_tkt_service,
+ krb5_get_init_creds_opt *options)
+{
+ krb5_error_code ret;
+ krb5_const_realm client_realm;
+ int tmp;
+ krb5_timestamp now;
+
+ krb5_timeofday (context, &now);
+
+ memset (cred, 0, sizeof(*cred));
+
+ if (client)
+ krb5_copy_principal(context, client, &cred->client);
+ else {
+ ret = krb5_get_default_principal (context,
+ &cred->client);
+ if (ret)
+ goto out;
+ }
+
+ client_realm = krb5_principal_get_realm (context, cred->client);
+
+ if (start_time)
+ cred->times.starttime = now + start_time;
+
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
+ tmp = options->tkt_life;
+ else
+ tmp = 10 * 60 * 60;
+ cred->times.endtime = now + tmp;
+
+ if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) &&
+ options->renew_life > 0) {
+ cred->times.renew_till = now + options->renew_life;
+ }
+
+ if (in_tkt_service) {
+ krb5_realm server_realm;
+
+ ret = krb5_parse_name (context, in_tkt_service, &cred->server);
+ if (ret)
+ goto out;
+ server_realm = strdup (client_realm);
+ free (*krb5_princ_realm(context, cred->server));
+ krb5_princ_set_realm (context, cred->server, &server_realm);
+ } else {
+ ret = krb5_make_principal(context, &cred->server,
+ client_realm, KRB5_TGS_NAME, client_realm,
+ NULL);
+ if (ret)
+ goto out;
+ }
+ return 0;
+
+out:
+ krb5_free_cred_contents (context, cred);
+ return ret;
+}
+
+/*
+ * Print a message (str) to the user about the expiration in `lr'
+ */
+
+static void
+report_expiration (krb5_context context,
+ krb5_prompter_fct prompter,
+ krb5_data *data,
+ const char *str,
+ time_t now)
+{
+ char *p;
+
+ asprintf (&p, "%s%s", str, ctime(&now));
+ (*prompter) (context, data, NULL, p, 0, NULL);
+ free (p);
+}
+
+/*
+ * Parse the last_req data and show it to the user if it's interesting
+ */
+
+static void
+print_expire (krb5_context context,
+ krb5_const_realm realm,
+ krb5_kdc_rep *rep,
+ krb5_prompter_fct prompter,
+ krb5_data *data)
+{
+ int i;
+ LastReq *lr = &rep->enc_part.last_req;
+ krb5_timestamp sec;
+ time_t t;
+ krb5_boolean reported = FALSE;
+
+ krb5_timeofday (context, &sec);
+
+ t = sec + get_config_time (context,
+ realm,
+ "warn_pwexpire",
+ 7 * 24 * 60 * 60);
+
+ for (i = 0; i < lr->len; ++i) {
+ if (lr->val[i].lr_value <= t) {
+ switch (abs(lr->val[i].lr_type)) {
+ case LR_PW_EXPTIME :
+ report_expiration(context, prompter, data,
+ "Your password will expire at ",
+ lr->val[i].lr_value);
+ reported = TRUE;
+ break;
+ case LR_ACCT_EXPTIME :
+ report_expiration(context, prompter, data,
+ "Your account will expire at ",
+ lr->val[i].lr_value);
+ reported = TRUE;
+ break;
+ }
+ }
+ }
+
+ if (!reported
+ && rep->enc_part.key_expiration
+ && *rep->enc_part.key_expiration <= t) {
+ report_expiration(context, prompter, data,
+ "Your password/account will expire at ",
+ *rep->enc_part.key_expiration);
+ }
+}
+
+static krb5_addresses no_addrs = { 0, NULL };
+
+static krb5_error_code
+get_init_creds_common(krb5_context context,
+ krb5_principal client,
+ krb5_deltat start_time,
+ const char *in_tkt_service,
+ krb5_get_init_creds_opt *options,
+ krb5_get_init_creds_ctx *ctx)
+{
+ krb5_get_init_creds_opt default_opt;
+ krb5_error_code ret;
+ krb5_enctype *etypes;
+ krb5_preauthtype *pre_auth_types;
+
+ memset(ctx, 0, sizeof(*ctx));
+
+ if (options == NULL) {
+ krb5_get_init_creds_opt_init (&default_opt);
+ options = &default_opt;
+ } else {
+ _krb5_get_init_creds_opt_free_krb5_error(options);
+ }
+
+ if (options->opt_private) {
+ ctx->password = options->opt_private->password;
+ ctx->key_proc = options->opt_private->key_proc;
+ ctx->req_pac = options->opt_private->req_pac;
+ ctx->pk_init_ctx = options->opt_private->pk_init_ctx;
+ ctx->ic_flags = options->opt_private->flags;
+ } else
+ ctx->req_pac = KRB5_INIT_CREDS_TRISTATE_UNSET;
+
+ if (ctx->key_proc == NULL)
+ ctx->key_proc = default_s2k_func;
+
+ if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE)
+ ctx->flags.canonicalize = 1;
+
+ ctx->pre_auth_types = NULL;
+ ctx->addrs = NULL;
+ ctx->etypes = NULL;
+ ctx->pre_auth_types = NULL;
+ ctx->in_tkt_service = in_tkt_service;
+
+ ret = init_cred (context, &ctx->cred, client, start_time,
+ in_tkt_service, options);
+ if (ret)
+ return ret;
+
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
+ ctx->flags.forwardable = options->forwardable;
+
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
+ ctx->flags.proxiable = options->proxiable;
+
+ if (start_time)
+ ctx->flags.postdated = 1;
+ if (ctx->cred.times.renew_till)
+ ctx->flags.renewable = 1;
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) {
+ ctx->addrs = options->address_list;
+ } else if (options->opt_private) {
+ switch (options->opt_private->addressless) {
+ case KRB5_INIT_CREDS_TRISTATE_UNSET:
+#if KRB5_ADDRESSLESS_DEFAULT == TRUE
+ ctx->addrs = &no_addrs;
+#else
+ ctx->addrs = NULL;
+#endif
+ break;
+ case KRB5_INIT_CREDS_TRISTATE_FALSE:
+ ctx->addrs = NULL;
+ break;
+ case KRB5_INIT_CREDS_TRISTATE_TRUE:
+ ctx->addrs = &no_addrs;
+ break;
+ }
+ }
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
+ etypes = malloc((options->etype_list_length + 1)
+ * sizeof(krb5_enctype));
+ if (etypes == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy (etypes, options->etype_list,
+ options->etype_list_length * sizeof(krb5_enctype));
+ etypes[options->etype_list_length] = ETYPE_NULL;
+ ctx->etypes = etypes;
+ }
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
+ pre_auth_types = malloc((options->preauth_list_length + 1)
+ * sizeof(krb5_preauthtype));
+ if (pre_auth_types == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy (pre_auth_types, options->preauth_list,
+ options->preauth_list_length * sizeof(krb5_preauthtype));
+ pre_auth_types[options->preauth_list_length] = KRB5_PADATA_NONE;
+ ctx->pre_auth_types = pre_auth_types;
+ }
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
+ ; /* XXX */
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS)
+ ctx->flags.request_anonymous = options->anonymous;
+ return 0;
+}
+
+static krb5_error_code
+change_password (krb5_context context,
+ krb5_principal client,
+ const char *password,
+ char *newpw,
+ size_t newpw_sz,
+ krb5_prompter_fct prompter,
+ void *data,
+ krb5_get_init_creds_opt *old_options)
+{
+ krb5_prompt prompts[2];
+ krb5_error_code ret;
+ krb5_creds cpw_cred;
+ char buf1[BUFSIZ], buf2[BUFSIZ];
+ krb5_data password_data[2];
+ int result_code;
+ krb5_data result_code_string;
+ krb5_data result_string;
+ char *p;
+ krb5_get_init_creds_opt options;
+
+ memset (&cpw_cred, 0, sizeof(cpw_cred));
+
+ krb5_get_init_creds_opt_init (&options);
+ krb5_get_init_creds_opt_set_tkt_life (&options, 60);
+ krb5_get_init_creds_opt_set_forwardable (&options, FALSE);
+ krb5_get_init_creds_opt_set_proxiable (&options, FALSE);
+ if (old_options && old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)
+ krb5_get_init_creds_opt_set_preauth_list (&options,
+ old_options->preauth_list,
+ old_options->preauth_list_length);
+
+ krb5_data_zero (&result_code_string);
+ krb5_data_zero (&result_string);
+
+ ret = krb5_get_init_creds_password (context,
+ &cpw_cred,
+ client,
+ password,
+ prompter,
+ data,
+ 0,
+ "kadmin/changepw",
+ &options);
+ if (ret)
+ goto out;
+
+ for(;;) {
+ password_data[0].data = buf1;
+ password_data[0].length = sizeof(buf1);
+
+ prompts[0].hidden = 1;
+ prompts[0].prompt = "New password: ";
+ prompts[0].reply = &password_data[0];
+ prompts[0].type = KRB5_PROMPT_TYPE_NEW_PASSWORD;
+
+ password_data[1].data = buf2;
+ password_data[1].length = sizeof(buf2);
+
+ prompts[1].hidden = 1;
+ prompts[1].prompt = "Repeat new password: ";
+ prompts[1].reply = &password_data[1];
+ prompts[1].type = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
+
+ ret = (*prompter) (context, data, NULL, "Changing password",
+ 2, prompts);
+ if (ret) {
+ memset (buf1, 0, sizeof(buf1));
+ memset (buf2, 0, sizeof(buf2));
+ goto out;
+ }
+
+ if (strcmp (buf1, buf2) == 0)
+ break;
+ memset (buf1, 0, sizeof(buf1));
+ memset (buf2, 0, sizeof(buf2));
+ }
+
+ ret = krb5_change_password (context,
+ &cpw_cred,
+ buf1,
+ &result_code,
+ &result_code_string,
+ &result_string);
+ if (ret)
+ goto out;
+ asprintf (&p, "%s: %.*s\n",
+ result_code ? "Error" : "Success",
+ (int)result_string.length,
+ result_string.length > 0 ? (char*)result_string.data : "");
+
+ ret = (*prompter) (context, data, NULL, p, 0, NULL);
+ free (p);
+ if (result_code == 0) {
+ strlcpy (newpw, buf1, newpw_sz);
+ ret = 0;
+ } else {
+ krb5_set_error_string (context, "failed changing password");
+ ret = ENOTTY;
+ }
+
+out:
+ memset (buf1, 0, sizeof(buf1));
+ memset (buf2, 0, sizeof(buf2));
+ krb5_data_free (&result_string);
+ krb5_data_free (&result_code_string);
+ krb5_free_cred_contents (context, &cpw_cred);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keyblock_key_proc (krb5_context context,
+ krb5_keytype type,
+ krb5_data *salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ return krb5_copy_keyblock (context, keyseed, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_keytab(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_keytab keytab,
+ krb5_deltat start_time,
+ const char *in_tkt_service,
+ krb5_get_init_creds_opt *options)
+{
+ krb5_get_init_creds_ctx ctx;
+ krb5_error_code ret;
+ krb5_keytab_key_proc_args *a;
+
+ ret = get_init_creds_common(context, client, start_time,
+ in_tkt_service, options, &ctx);
+ if (ret)
+ goto out;
+
+ a = malloc (sizeof(*a));
+ if (a == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ a->principal = ctx.cred.client;
+ a->keytab = keytab;
+
+ ret = krb5_get_in_cred (context,
+ KDCOptions2int(ctx.flags),
+ ctx.addrs,
+ ctx.etypes,
+ ctx.pre_auth_types,
+ NULL,
+ krb5_keytab_key_proc,
+ a,
+ NULL,
+ NULL,
+ &ctx.cred,
+ NULL);
+ free (a);
+
+ if (ret == 0 && creds)
+ *creds = ctx.cred;
+ else
+ krb5_free_cred_contents (context, &ctx.cred);
+
+ out:
+ free_init_creds_ctx(context, &ctx);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+init_creds_init_as_req (krb5_context context,
+ KDCOptions opts,
+ const krb5_creds *creds,
+ const krb5_addresses *addrs,
+ const krb5_enctype *etypes,
+ AS_REQ *a)
+{
+ krb5_error_code ret;
+
+ memset(a, 0, sizeof(*a));
+
+ a->pvno = 5;
+ a->msg_type = krb_as_req;
+ a->req_body.kdc_options = opts;
+ a->req_body.cname = malloc(sizeof(*a->req_body.cname));
+ if (a->req_body.cname == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ a->req_body.sname = malloc(sizeof(*a->req_body.sname));
+ if (a->req_body.sname == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+
+ ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
+ if (ret)
+ goto fail;
+ ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
+ if (ret)
+ goto fail;
+
+ ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
+ if (ret)
+ goto fail;
+
+ if(creds->times.starttime) {
+ a->req_body.from = malloc(sizeof(*a->req_body.from));
+ if (a->req_body.from == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ *a->req_body.from = creds->times.starttime;
+ }
+ if(creds->times.endtime){
+ ALLOC(a->req_body.till, 1);
+ *a->req_body.till = creds->times.endtime;
+ }
+ if(creds->times.renew_till){
+ a->req_body.rtime = malloc(sizeof(*a->req_body.rtime));
+ if (a->req_body.rtime == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+ *a->req_body.rtime = creds->times.renew_till;
+ }
+ a->req_body.nonce = 0;
+ ret = krb5_init_etype (context,
+ &a->req_body.etype.len,
+ &a->req_body.etype.val,
+ etypes);
+ if (ret)
+ goto fail;
+
+ /*
+ * This means no addresses
+ */
+
+ if (addrs && addrs->len == 0) {
+ a->req_body.addresses = NULL;
+ } else {
+ a->req_body.addresses = malloc(sizeof(*a->req_body.addresses));
+ if (a->req_body.addresses == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto fail;
+ }
+
+ if (addrs)
+ ret = krb5_copy_addresses(context, addrs, a->req_body.addresses);
+ else {
+ ret = krb5_get_all_client_addrs (context, a->req_body.addresses);
+ if(ret == 0 && a->req_body.addresses->len == 0) {
+ free(a->req_body.addresses);
+ a->req_body.addresses = NULL;
+ }
+ }
+ if (ret)
+ goto fail;
+ }
+
+ a->req_body.enc_authorization_data = NULL;
+ a->req_body.additional_tickets = NULL;
+
+ a->padata = NULL;
+
+ return 0;
+ fail:
+ free_AS_REQ(a);
+ memset(a, 0, sizeof(*a));
+ return ret;
+}
+
+struct pa_info_data {
+ krb5_enctype etype;
+ krb5_salt salt;
+ krb5_data *s2kparams;
+};
+
+static void
+free_paid(krb5_context context, struct pa_info_data *ppaid)
+{
+ krb5_free_salt(context, ppaid->salt);
+ if (ppaid->s2kparams)
+ krb5_free_data(context, ppaid->s2kparams);
+}
+
+
+static krb5_error_code
+set_paid(struct pa_info_data *paid, krb5_context context,
+ krb5_enctype etype,
+ krb5_salttype salttype, void *salt_string, size_t salt_len,
+ krb5_data *s2kparams)
+{
+ paid->etype = etype;
+ paid->salt.salttype = salttype;
+ paid->salt.saltvalue.data = malloc(salt_len + 1);
+ if (paid->salt.saltvalue.data == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ memcpy(paid->salt.saltvalue.data, salt_string, salt_len);
+ ((char *)paid->salt.saltvalue.data)[salt_len] = '\0';
+ paid->salt.saltvalue.length = salt_len;
+ if (s2kparams) {
+ krb5_error_code ret;
+
+ ret = krb5_copy_data(context, s2kparams, &paid->s2kparams);
+ if (ret) {
+ krb5_clear_error_string(context);
+ krb5_free_salt(context, paid->salt);
+ return ret;
+ }
+ } else
+ paid->s2kparams = NULL;
+
+ return 0;
+}
+
+static struct pa_info_data *
+pa_etype_info2(krb5_context context,
+ const krb5_principal client,
+ const AS_REQ *asreq,
+ struct pa_info_data *paid,
+ heim_octet_string *data)
+{
+ krb5_error_code ret;
+ ETYPE_INFO2 e;
+ size_t sz;
+ int i, j;
+
+ memset(&e, 0, sizeof(e));
+ ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz);
+ if (ret)
+ goto out;
+ if (e.len == 0)
+ goto out;
+ for (j = 0; j < asreq->req_body.etype.len; j++) {
+ for (i = 0; i < e.len; i++) {
+ if (asreq->req_body.etype.val[j] == e.val[i].etype) {
+ krb5_salt salt;
+ if (e.val[i].salt == NULL)
+ ret = krb5_get_pw_salt(context, client, &salt);
+ else {
+ salt.saltvalue.data = *e.val[i].salt;
+ salt.saltvalue.length = strlen(*e.val[i].salt);
+ ret = 0;
+ }
+ if (ret == 0)
+ ret = set_paid(paid, context, e.val[i].etype,
+ KRB5_PW_SALT,
+ salt.saltvalue.data,
+ salt.saltvalue.length,
+ e.val[i].s2kparams);
+ if (e.val[i].salt == NULL)
+ krb5_free_salt(context, salt);
+ if (ret == 0) {
+ free_ETYPE_INFO2(&e);
+ return paid;
+ }
+ }
+ }
+ }
+ out:
+ free_ETYPE_INFO2(&e);
+ return NULL;
+}
+
+static struct pa_info_data *
+pa_etype_info(krb5_context context,
+ const krb5_principal client,
+ const AS_REQ *asreq,
+ struct pa_info_data *paid,
+ heim_octet_string *data)
+{
+ krb5_error_code ret;
+ ETYPE_INFO e;
+ size_t sz;
+ int i, j;
+
+ memset(&e, 0, sizeof(e));
+ ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz);
+ if (ret)
+ goto out;
+ if (e.len == 0)
+ goto out;
+ for (j = 0; j < asreq->req_body.etype.len; j++) {
+ for (i = 0; i < e.len; i++) {
+ if (asreq->req_body.etype.val[j] == e.val[i].etype) {
+ krb5_salt salt;
+ salt.salttype = KRB5_PW_SALT;
+ if (e.val[i].salt == NULL)
+ ret = krb5_get_pw_salt(context, client, &salt);
+ else {
+ salt.saltvalue = *e.val[i].salt;
+ ret = 0;
+ }
+ if (e.val[i].salttype)
+ salt.salttype = *e.val[i].salttype;
+ if (ret == 0) {
+ ret = set_paid(paid, context, e.val[i].etype,
+ salt.salttype,
+ salt.saltvalue.data,
+ salt.saltvalue.length,
+ NULL);
+ if (e.val[i].salt == NULL)
+ krb5_free_salt(context, salt);
+ }
+ if (ret == 0) {
+ free_ETYPE_INFO(&e);
+ return paid;
+ }
+ }
+ }
+ }
+ out:
+ free_ETYPE_INFO(&e);
+ return NULL;
+}
+
+static struct pa_info_data *
+pa_pw_or_afs3_salt(krb5_context context,
+ const krb5_principal client,
+ const AS_REQ *asreq,
+ struct pa_info_data *paid,
+ heim_octet_string *data)
+{
+ krb5_error_code ret;
+ if (paid->etype == ENCTYPE_NULL)
+ return NULL;
+ ret = set_paid(paid, context,
+ paid->etype,
+ paid->salt.salttype,
+ data->data,
+ data->length,
+ NULL);
+ if (ret)
+ return NULL;
+ return paid;
+}
+
+
+struct pa_info {
+ krb5_preauthtype type;
+ struct pa_info_data *(*salt_info)(krb5_context,
+ const krb5_principal,
+ const AS_REQ *,
+ struct pa_info_data *,
+ heim_octet_string *);
+};
+
+static struct pa_info pa_prefs[] = {
+ { KRB5_PADATA_ETYPE_INFO2, pa_etype_info2 },
+ { KRB5_PADATA_ETYPE_INFO, pa_etype_info },
+ { KRB5_PADATA_PW_SALT, pa_pw_or_afs3_salt },
+ { KRB5_PADATA_AFS3_SALT, pa_pw_or_afs3_salt }
+};
+
+static PA_DATA *
+find_pa_data(const METHOD_DATA *md, int type)
+{
+ int i;
+ if (md == NULL)
+ return NULL;
+ for (i = 0; i < md->len; i++)
+ if (md->val[i].padata_type == type)
+ return &md->val[i];
+ return NULL;
+}
+
+static struct pa_info_data *
+process_pa_info(krb5_context context,
+ const krb5_principal client,
+ const AS_REQ *asreq,
+ struct pa_info_data *paid,
+ METHOD_DATA *md)
+{
+ struct pa_info_data *p = NULL;
+ int i;
+
+ for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) {
+ PA_DATA *pa = find_pa_data(md, pa_prefs[i].type);
+ if (pa == NULL)
+ continue;
+ paid->salt.salttype = pa_prefs[i].type;
+ p = (*pa_prefs[i].salt_info)(context, client, asreq,
+ paid, &pa->padata_value);
+ }
+ return p;
+}
+
+static krb5_error_code
+make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md,
+ krb5_enctype etype, krb5_keyblock *key)
+{
+ PA_ENC_TS_ENC p;
+ unsigned char *buf;
+ size_t buf_size;
+ size_t len;
+ EncryptedData encdata;
+ krb5_error_code ret;
+ int32_t usec;
+ int usec2;
+ krb5_crypto crypto;
+
+ krb5_us_timeofday (context, &p.patimestamp, &usec);
+ usec2 = usec;
+ p.pausec = &usec2;
+
+ ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free(buf);
+ return ret;
+ }
+ ret = krb5_encrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_PA_ENC_TIMESTAMP,
+ buf,
+ len,
+ 0,
+ &encdata);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
+ free_EncryptedData(&encdata);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_padata_add(context, md, KRB5_PADATA_ENC_TIMESTAMP, buf, len);
+ if (ret)
+ free(buf);
+ return ret;
+}
+
+static krb5_error_code
+add_enc_ts_padata(krb5_context context,
+ METHOD_DATA *md,
+ krb5_principal client,
+ krb5_s2k_proc key_proc,
+ krb5_const_pointer keyseed,
+ krb5_enctype *enctypes,
+ unsigned netypes,
+ krb5_salt *salt,
+ krb5_data *s2kparams)
+{
+ krb5_error_code ret;
+ krb5_salt salt2;
+ krb5_enctype *ep;
+ int i;
+
+ if(salt == NULL) {
+ /* default to standard salt */
+ ret = krb5_get_pw_salt (context, client, &salt2);
+ salt = &salt2;
+ }
+ if (!enctypes) {
+ enctypes = context->etypes;
+ netypes = 0;
+ for (ep = enctypes; *ep != ETYPE_NULL; ep++)
+ netypes++;
+ }
+
+ for (i = 0; i < netypes; ++i) {
+ krb5_keyblock *key;
+
+ ret = (*key_proc)(context, enctypes[i], keyseed,
+ *salt, s2kparams, &key);
+ if (ret)
+ continue;
+ ret = make_pa_enc_timestamp (context, md, enctypes[i], key);
+ krb5_free_keyblock (context, key);
+ if (ret)
+ return ret;
+ }
+ if(salt == &salt2)
+ krb5_free_salt(context, salt2);
+ return 0;
+}
+
+static krb5_error_code
+pa_data_to_md_ts_enc(krb5_context context,
+ const AS_REQ *a,
+ const krb5_principal client,
+ krb5_get_init_creds_ctx *ctx,
+ struct pa_info_data *ppaid,
+ METHOD_DATA *md)
+{
+ if (ctx->key_proc == NULL || ctx->password == NULL)
+ return 0;
+
+ if (ppaid) {
+ add_enc_ts_padata(context, md, client,
+ ctx->key_proc, ctx->password,
+ &ppaid->etype, 1,
+ &ppaid->salt, ppaid->s2kparams);
+ } else {
+ krb5_salt salt;
+
+ /* make a v5 salted pa-data */
+ add_enc_ts_padata(context, md, client,
+ ctx->key_proc, ctx->password,
+ a->req_body.etype.val, a->req_body.etype.len,
+ NULL, NULL);
+
+ /* make a v4 salted pa-data */
+ salt.salttype = KRB5_PW_SALT;
+ krb5_data_zero(&salt.saltvalue);
+ add_enc_ts_padata(context, md, client,
+ ctx->key_proc, ctx->password,
+ a->req_body.etype.val, a->req_body.etype.len,
+ &salt, NULL);
+ }
+ return 0;
+}
+
+static krb5_error_code
+pa_data_to_key_plain(krb5_context context,
+ const krb5_principal client,
+ krb5_get_init_creds_ctx *ctx,
+ krb5_salt salt,
+ krb5_data *s2kparams,
+ krb5_enctype etype,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+
+ ret = (*ctx->key_proc)(context, etype, ctx->password,
+ salt, s2kparams, key);
+ return ret;
+}
+
+
+static krb5_error_code
+pa_data_to_md_pkinit(krb5_context context,
+ const AS_REQ *a,
+ const krb5_principal client,
+ krb5_get_init_creds_ctx *ctx,
+ METHOD_DATA *md)
+{
+ if (ctx->pk_init_ctx == NULL)
+ return 0;
+#ifdef PKINIT
+ return _krb5_pk_mk_padata(context,
+ ctx->pk_init_ctx,
+ &a->req_body,
+ ctx->pk_nonce,
+ md);
+#else
+ krb5_set_error_string(context, "no support for PKINIT compiled in");
+ return EINVAL;
+#endif
+}
+
+static krb5_error_code
+pa_data_add_pac_request(krb5_context context,
+ krb5_get_init_creds_ctx *ctx,
+ METHOD_DATA *md)
+{
+ size_t len, length;
+ krb5_error_code ret;
+ PA_PAC_REQUEST req;
+ void *buf;
+
+ switch (ctx->req_pac) {
+ case KRB5_INIT_CREDS_TRISTATE_UNSET:
+ return 0; /* don't bother */
+ case KRB5_INIT_CREDS_TRISTATE_TRUE:
+ req.include_pac = 1;
+ break;
+ case KRB5_INIT_CREDS_TRISTATE_FALSE:
+ req.include_pac = 0;
+ }
+
+ ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length,
+ &req, &len, ret);
+ if (ret)
+ return ret;
+ if(len != length)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_padata_add(context, md, KRB5_PADATA_PA_PAC_REQUEST, buf, len);
+ if (ret)
+ free(buf);
+
+ return 0;
+}
+
+/*
+ * Assumes caller always will free `out_md', even on error.
+ */
+
+static krb5_error_code
+process_pa_data_to_md(krb5_context context,
+ const krb5_creds *creds,
+ const AS_REQ *a,
+ krb5_get_init_creds_ctx *ctx,
+ METHOD_DATA *in_md,
+ METHOD_DATA **out_md,
+ krb5_prompter_fct prompter,
+ void *prompter_data)
+{
+ krb5_error_code ret;
+
+ ALLOC(*out_md, 1);
+ if (*out_md == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ (*out_md)->len = 0;
+ (*out_md)->val = NULL;
+
+ /*
+ * Make sure we don't sent both ENC-TS and PK-INIT pa data, no
+ * need to expose our password protecting our PKCS12 key.
+ */
+
+ if (ctx->pk_init_ctx) {
+
+ ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md);
+ if (ret)
+ return ret;
+
+ } else if (in_md->len != 0) {
+ struct pa_info_data paid, *ppaid;
+
+ memset(&paid, 0, sizeof(paid));
+
+ paid.etype = ENCTYPE_NULL;
+ ppaid = process_pa_info(context, creds->client, a, &paid, in_md);
+
+ pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md);
+ if (ppaid)
+ free_paid(context, ppaid);
+ }
+
+ pa_data_add_pac_request(context, ctx, *out_md);
+
+ if ((*out_md)->len == 0) {
+ free(*out_md);
+ *out_md = NULL;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+process_pa_data_to_key(krb5_context context,
+ krb5_get_init_creds_ctx *ctx,
+ krb5_creds *creds,
+ AS_REQ *a,
+ krb5_kdc_rep *rep,
+ const krb5_krbhst_info *hi,
+ krb5_keyblock **key)
+{
+ struct pa_info_data paid, *ppaid = NULL;
+ krb5_error_code ret;
+ krb5_enctype etype;
+ PA_DATA *pa;
+
+ memset(&paid, 0, sizeof(paid));
+
+ etype = rep->kdc_rep.enc_part.etype;
+
+ if (rep->kdc_rep.padata) {
+ paid.etype = etype;
+ ppaid = process_pa_info(context, creds->client, a, &paid,
+ rep->kdc_rep.padata);
+ }
+ if (ppaid == NULL) {
+ ret = krb5_get_pw_salt (context, creds->client, &paid.salt);
+ if (ret)
+ return ret;
+ paid.etype = etype;
+ paid.s2kparams = NULL;
+ }
+
+ pa = NULL;
+ if (rep->kdc_rep.padata) {
+ int idx = 0;
+ pa = krb5_find_padata(rep->kdc_rep.padata->val,
+ rep->kdc_rep.padata->len,
+ KRB5_PADATA_PK_AS_REP,
+ &idx);
+ if (pa == NULL) {
+ idx = 0;
+ pa = krb5_find_padata(rep->kdc_rep.padata->val,
+ rep->kdc_rep.padata->len,
+ KRB5_PADATA_PK_AS_REP_19,
+ &idx);
+ }
+ }
+ if (pa && ctx->pk_init_ctx) {
+#ifdef PKINIT
+ ret = _krb5_pk_rd_pa_reply(context,
+ a->req_body.realm,
+ ctx->pk_init_ctx,
+ etype,
+ hi,
+ ctx->pk_nonce,
+ &ctx->req_buffer,
+ pa,
+ key);
+#else
+ krb5_set_error_string(context, "no support for PKINIT compiled in");
+ ret = EINVAL;
+#endif
+ } else if (ctx->password)
+ ret = pa_data_to_key_plain(context, creds->client, ctx,
+ paid.salt, paid.s2kparams, etype, key);
+ else {
+ krb5_set_error_string(context, "No usable pa data type");
+ ret = EINVAL;
+ }
+
+ free_paid(context, &paid);
+ return ret;
+}
+
+static krb5_error_code
+init_cred_loop(krb5_context context,
+ krb5_get_init_creds_opt *init_cred_opts,
+ const krb5_prompter_fct prompter,
+ void *prompter_data,
+ krb5_get_init_creds_ctx *ctx,
+ krb5_creds *creds,
+ krb5_kdc_rep *ret_as_reply)
+{
+ krb5_error_code ret;
+ krb5_kdc_rep rep;
+ METHOD_DATA md;
+ krb5_data resp;
+ size_t len;
+ size_t size;
+ krb5_krbhst_info *hi = NULL;
+ krb5_sendto_ctx stctx = NULL;
+
+
+ memset(&md, 0, sizeof(md));
+ memset(&rep, 0, sizeof(rep));
+
+ _krb5_get_init_creds_opt_free_krb5_error(init_cred_opts);
+
+ if (ret_as_reply)
+ memset(ret_as_reply, 0, sizeof(*ret_as_reply));
+
+ ret = init_creds_init_as_req(context, ctx->flags, creds,
+ ctx->addrs, ctx->etypes, &ctx->as_req);
+ if (ret)
+ return ret;
+
+ ret = krb5_sendto_ctx_alloc(context, &stctx);
+ if (ret)
+ goto out;
+ krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL);
+
+ /* Set a new nonce. */
+ krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce));
+ ctx->nonce &= 0xffffffff;
+ /* XXX these just needs to be the same when using Windows PK-INIT */
+ ctx->pk_nonce = ctx->nonce;
+
+ /*
+ * Increase counter when we want other pre-auth types then
+ * KRB5_PA_ENC_TIMESTAMP.
+ */
+#define MAX_PA_COUNTER 3
+
+ ctx->pa_counter = 0;
+ while (ctx->pa_counter < MAX_PA_COUNTER) {
+
+ ctx->pa_counter++;
+
+ if (ctx->as_req.padata) {
+ free_METHOD_DATA(ctx->as_req.padata);
+ free(ctx->as_req.padata);
+ ctx->as_req.padata = NULL;
+ }
+
+ /* Set a new nonce. */
+ ctx->as_req.req_body.nonce = ctx->nonce;
+
+ /* fill_in_md_data */
+ ret = process_pa_data_to_md(context, creds, &ctx->as_req, ctx,
+ &md, &ctx->as_req.padata,
+ prompter, prompter_data);
+ if (ret)
+ goto out;
+
+ krb5_data_free(&ctx->req_buffer);
+
+ ASN1_MALLOC_ENCODE(AS_REQ,
+ ctx->req_buffer.data, ctx->req_buffer.length,
+ &ctx->as_req, &len, ret);
+ if (ret)
+ goto out;
+ if(len != ctx->req_buffer.length)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_sendto_context (context, stctx, &ctx->req_buffer,
+ creds->client->realm, &resp);
+ if (ret)
+ goto out;
+
+ memset (&rep, 0, sizeof(rep));
+ ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size);
+ if (ret == 0) {
+ krb5_data_free(&resp);
+ krb5_clear_error_string(context);
+ break;
+ } else {
+ /* let's try to parse it as a KRB-ERROR */
+ KRB_ERROR error;
+
+ ret = krb5_rd_error(context, &resp, &error);
+ if(ret && resp.data && ((char*)resp.data)[0] == 4)
+ ret = KRB5KRB_AP_ERR_V4_REPLY;
+ krb5_data_free(&resp);
+ if (ret)
+ goto out;
+
+ ret = krb5_error_from_rd_error(context, &error, creds);
+
+ /*
+ * If no preauth was set and KDC requires it, give it one
+ * more try.
+ */
+
+ if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) {
+ free_METHOD_DATA(&md);
+ memset(&md, 0, sizeof(md));
+
+ if (error.e_data) {
+ ret = decode_METHOD_DATA(error.e_data->data,
+ error.e_data->length,
+ &md,
+ NULL);
+ if (ret)
+ krb5_set_error_string(context,
+ "failed to decode METHOD DATA");
+ } else {
+ /* XXX guess what the server want here add add md */
+ }
+ krb5_free_error_contents(context, &error);
+ if (ret)
+ goto out;
+ } else {
+ _krb5_get_init_creds_opt_set_krb5_error(context,
+ init_cred_opts,
+ &error);
+ if (ret_as_reply)
+ rep.error = error;
+ else
+ krb5_free_error_contents(context, &error);
+ goto out;
+ }
+ }
+ }
+
+ {
+ krb5_keyblock *key = NULL;
+ unsigned flags = 0;
+
+ if (ctx->flags.request_anonymous)
+ flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+ if (ctx->flags.canonicalize) {
+ flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
+ flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+ flags |= EXTRACT_TICKET_MATCH_REALM;
+ }
+
+ ret = process_pa_data_to_key(context, ctx, creds,
+ &ctx->as_req, &rep, hi, &key);
+ if (ret)
+ goto out;
+
+ ret = _krb5_extract_ticket(context,
+ &rep,
+ creds,
+ key,
+ NULL,
+ KRB5_KU_AS_REP_ENC_PART,
+ NULL,
+ ctx->nonce,
+ flags,
+ NULL,
+ NULL);
+ krb5_free_keyblock(context, key);
+ }
+ /*
+ * Verify referral data
+ */
+ if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) &&
+ (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) == 0)
+ {
+ PA_ClientCanonicalized canon;
+ krb5_crypto crypto;
+ krb5_data data;
+ PA_DATA *pa;
+ size_t len;
+
+ pa = find_pa_data(rep.kdc_rep.padata, KRB5_PADATA_CLIENT_CANONICALIZED);
+ if (pa == NULL) {
+ ret = EINVAL;
+ krb5_set_error_string(context, "Client canonicalizion not signed");
+ goto out;
+ }
+
+ ret = decode_PA_ClientCanonicalized(pa->padata_value.data,
+ pa->padata_value.length,
+ &canon, &len);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode "
+ "PA_ClientCanonicalized");
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
+ &canon.names, &len, ret);
+ if (ret)
+ goto out;
+ if (data.length != len)
+ krb5_abortx(context, "internal asn.1 error");
+
+ ret = krb5_crypto_init(context, &creds->session, 0, &crypto);
+ if (ret) {
+ free(data.data);
+ free_PA_ClientCanonicalized(&canon);
+ goto out;
+ }
+
+ ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES,
+ data.data, data.length,
+ &canon.canon_checksum);
+ krb5_crypto_destroy(context, crypto);
+ free(data.data);
+ free_PA_ClientCanonicalized(&canon);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to verify "
+ "client canonicalized data");
+ goto out;
+ }
+ }
+out:
+ if (stctx)
+ krb5_sendto_ctx_free(context, stctx);
+ krb5_data_free(&ctx->req_buffer);
+ free_METHOD_DATA(&md);
+ memset(&md, 0, sizeof(md));
+
+ if (ret == 0 && ret_as_reply)
+ *ret_as_reply = rep;
+ else
+ krb5_free_kdc_rep (context, &rep);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_prompter_fct prompter,
+ void *data,
+ krb5_deltat start_time,
+ const char *in_tkt_service,
+ krb5_get_init_creds_opt *options)
+{
+ krb5_get_init_creds_ctx ctx;
+ krb5_kdc_rep kdc_reply;
+ krb5_error_code ret;
+ char buf[BUFSIZ];
+ int done;
+
+ memset(&kdc_reply, 0, sizeof(kdc_reply));
+
+ ret = get_init_creds_common(context, client, start_time,
+ in_tkt_service, options, &ctx);
+ if (ret)
+ goto out;
+
+ done = 0;
+ while(!done) {
+ memset(&kdc_reply, 0, sizeof(kdc_reply));
+
+ ret = init_cred_loop(context,
+ options,
+ prompter,
+ data,
+ &ctx,
+ &ctx.cred,
+ &kdc_reply);
+
+ switch (ret) {
+ case 0 :
+ done = 1;
+ break;
+ case KRB5KDC_ERR_KEY_EXPIRED :
+ /* try to avoid recursion */
+
+ /* don't try to change password where then where none */
+ if (prompter == NULL || ctx.password == NULL)
+ goto out;
+
+ krb5_clear_error_string (context);
+
+ if (ctx.in_tkt_service != NULL
+ && strcmp (ctx.in_tkt_service, "kadmin/changepw") == 0)
+ goto out;
+
+ ret = change_password (context,
+ client,
+ ctx.password,
+ buf,
+ sizeof(buf),
+ prompter,
+ data,
+ options);
+ if (ret)
+ goto out;
+ ctx.password = buf;
+ break;
+ default:
+ goto out;
+ }
+ }
+
+ if (prompter)
+ print_expire (context,
+ krb5_principal_get_realm (context, ctx.cred.client),
+ &kdc_reply,
+ prompter,
+ data);
+
+ out:
+ memset (buf, 0, sizeof(buf));
+ free_init_creds_ctx(context, &ctx);
+ krb5_free_kdc_rep (context, &kdc_reply);
+ if (ret == 0)
+ *creds = ctx.cred;
+ else
+ krb5_free_cred_contents (context, &ctx.cred);
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_password(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ const char *password,
+ krb5_prompter_fct prompter,
+ void *data,
+ krb5_deltat start_time,
+ const char *in_tkt_service,
+ krb5_get_init_creds_opt *in_options)
+{
+ krb5_get_init_creds_opt *options;
+ char buf[BUFSIZ];
+ krb5_error_code ret;
+
+ if (in_options == NULL) {
+ const char *realm = krb5_principal_get_realm(context, client);
+ ret = krb5_get_init_creds_opt_alloc(context, &options);
+ if (ret == 0)
+ krb5_get_init_creds_opt_set_default_flags(context,
+ NULL,
+ realm,
+ options);
+ } else
+ ret = _krb5_get_init_creds_opt_copy(context, in_options, &options);
+ if (ret)
+ return ret;
+
+ if (password == NULL &&
+ options->opt_private->password == NULL &&
+ options->opt_private->pk_init_ctx == NULL)
+ {
+ krb5_prompt prompt;
+ krb5_data password_data;
+ char *p, *q;
+
+ krb5_unparse_name (context, client, &p);
+ asprintf (&q, "%s's Password: ", p);
+ free (p);
+ prompt.prompt = q;
+ password_data.data = buf;
+ password_data.length = sizeof(buf);
+ prompt.hidden = 1;
+ prompt.reply = &password_data;
+ prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
+
+ ret = (*prompter) (context, data, NULL, NULL, 1, &prompt);
+ free (q);
+ if (ret) {
+ memset (buf, 0, sizeof(buf));
+ krb5_get_init_creds_opt_free(context, options);
+ ret = KRB5_LIBOS_PWDINTR;
+ krb5_clear_error_string (context);
+ return ret;
+ }
+ password = password_data.data;
+ }
+
+ if (options->opt_private->password == NULL) {
+ ret = krb5_get_init_creds_opt_set_pa_password(context, options,
+ password, NULL);
+ if (ret) {
+ krb5_get_init_creds_opt_free(context, options);
+ memset(buf, 0, sizeof(buf));
+ return ret;
+ }
+ }
+
+ ret = krb5_get_init_creds(context, creds, client, prompter,
+ data, start_time, in_tkt_service, options);
+ krb5_get_init_creds_opt_free(context, options);
+ memset(buf, 0, sizeof(buf));
+ return ret;
+}
+
+static krb5_error_code
+init_creds_keyblock_key_proc (krb5_context context,
+ krb5_enctype type,
+ krb5_salt salt,
+ krb5_const_pointer keyseed,
+ krb5_keyblock **key)
+{
+ return krb5_copy_keyblock (context, keyseed, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_keyblock(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_keyblock *keyblock,
+ krb5_deltat start_time,
+ const char *in_tkt_service,
+ krb5_get_init_creds_opt *options)
+{
+ struct krb5_get_init_creds_ctx ctx;
+ krb5_error_code ret;
+
+ ret = get_init_creds_common(context, client, start_time,
+ in_tkt_service, options, &ctx);
+ if (ret)
+ goto out;
+
+ ret = krb5_get_in_cred (context,
+ KDCOptions2int(ctx.flags),
+ ctx.addrs,
+ ctx.etypes,
+ ctx.pre_auth_types,
+ NULL,
+ init_creds_keyblock_key_proc,
+ keyblock,
+ NULL,
+ NULL,
+ &ctx.cred,
+ NULL);
+
+ if (ret == 0 && creds)
+ *creds = ctx.cred;
+ else
+ krb5_free_cred_contents (context, &ctx.cred);
+
+ out:
+ free_init_creds_ctx(context, &ctx);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/k524_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/k524_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/k524_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,20 @@
+#
+# Error messages for the k524 functions
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: k524_err.et,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $"
+
+error_table k524
+
+prefix KRB524
+error_code BADKEY, "wrong keytype in ticket"
+error_code BADADDR, "incorrect network address"
+error_code BADPRINC, "cannot convert V5 principal" #unused
+error_code BADREALM, "V5 realm name longer than V4 maximum" #unused
+error_code V4ERR, "kerberos V4 error server"
+error_code ENCFULL, "encoding too large at server"
+error_code DECEMPTY, "decoding out of data" #unused
+error_code NOTRESP, "service not responding" #unused
+end
+
Added: vendor-crypto/heimdal/dist/lib/krb5/kcm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/kcm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/kcm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1122 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+#ifdef HAVE_KCM
+/*
+ * Client library for Kerberos Credentials Manager (KCM) daemon
+ */
+
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
+#include "kcm.h"
+
+RCSID("$Id: kcm.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+typedef struct krb5_kcmcache {
+ char *name;
+ struct sockaddr_un path;
+ char *door_path;
+} krb5_kcmcache;
+
+#define KCMCACHE(X) ((krb5_kcmcache *)(X)->data.data)
+#define CACHENAME(X) (KCMCACHE(X)->name)
+#define KCMCURSOR(C) (*(uint32_t *)(C))
+
+static krb5_error_code
+try_door(krb5_context context, const krb5_kcmcache *k,
+ krb5_data *request_data,
+ krb5_data *response_data)
+{
+#ifdef HAVE_DOOR_CREATE
+ door_arg_t arg;
+ int fd;
+ int ret;
+
+ memset(&arg, 0, sizeof(arg));
+
+ fd = open(k->door_path, O_RDWR);
+ if (fd < 0)
+ return KRB5_CC_IO;
+
+ arg.data_ptr = request_data->data;
+ arg.data_size = request_data->length;
+ arg.desc_ptr = NULL;
+ arg.desc_num = 0;
+ arg.rbuf = NULL;
+ arg.rsize = 0;
+
+ ret = door_call(fd, &arg);
+ close(fd);
+ if (ret != 0)
+ return KRB5_CC_IO;
+
+ ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize);
+ munmap(arg.rbuf, arg.rsize);
+ if (ret)
+ return ret;
+
+ return 0;
+#else
+ return KRB5_CC_IO;
+#endif
+}
+
+static krb5_error_code
+try_unix_socket(krb5_context context, const krb5_kcmcache *k,
+ krb5_data *request_data,
+ krb5_data *response_data)
+{
+ krb5_error_code ret;
+ int fd;
+
+ fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (fd < 0)
+ return KRB5_CC_IO;
+
+ if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) {
+ close(fd);
+ return KRB5_CC_IO;
+ }
+
+ ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout,
+ request_data, response_data);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code
+kcm_send_request(krb5_context context,
+ krb5_kcmcache *k,
+ krb5_storage *request,
+ krb5_data *response_data)
+{
+ krb5_error_code ret;
+ krb5_data request_data;
+ int i;
+
+ response_data->data = NULL;
+ response_data->length = 0;
+
+ ret = krb5_storage_to_data(request, &request_data);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return KRB5_CC_NOMEM;
+ }
+
+ ret = KRB5_CC_IO;
+
+ for (i = 0; i < context->max_retries; i++) {
+ ret = try_door(context, k, &request_data, response_data);
+ if (ret == 0 && response_data->length != 0)
+ break;
+ ret = try_unix_socket(context, k, &request_data, response_data);
+ if (ret == 0 && response_data->length != 0)
+ break;
+ }
+
+ krb5_data_free(&request_data);
+
+ if (ret) {
+ krb5_clear_error_string(context);
+ ret = KRB5_CC_IO;
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_storage_request(krb5_context context,
+ kcm_operation opcode,
+ krb5_storage **storage_p)
+{
+ krb5_storage *sp;
+ krb5_error_code ret;
+
+ *storage_p = NULL;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+
+ /* Send MAJOR | VERSION | OPCODE */
+ ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR);
+ if (ret)
+ goto fail;
+ ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR);
+ if (ret)
+ goto fail;
+ ret = krb5_store_int16(sp, opcode);
+ if (ret)
+ goto fail;
+
+ *storage_p = sp;
+ fail:
+ if (ret) {
+ krb5_set_error_string(context, "Failed to encode request");
+ krb5_storage_free(sp);
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
+{
+ krb5_kcmcache *k;
+ const char *path;
+
+ k = malloc(sizeof(*k));
+ if (k == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+
+ if (name != NULL) {
+ k->name = strdup(name);
+ if (k->name == NULL) {
+ free(k);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ } else
+ k->name = NULL;
+
+ path = krb5_config_get_string_default(context, NULL,
+ _PATH_KCM_SOCKET,
+ "libdefaults",
+ "kcm_socket",
+ NULL);
+
+ k->path.sun_family = AF_UNIX;
+ strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path));
+
+ path = krb5_config_get_string_default(context, NULL,
+ _PATH_KCM_DOOR,
+ "libdefaults",
+ "kcm_door",
+ NULL);
+ k->door_path = strdup(path);
+
+ (*id)->data.data = k;
+ (*id)->data.length = sizeof(*k);
+
+ return 0;
+}
+
+static krb5_error_code
+kcm_call(krb5_context context,
+ krb5_kcmcache *k,
+ krb5_storage *request,
+ krb5_storage **response_p,
+ krb5_data *response_data_p)
+{
+ krb5_data response_data;
+ krb5_error_code ret;
+ int32_t status;
+ krb5_storage *response;
+
+ if (response_p != NULL)
+ *response_p = NULL;
+
+ ret = kcm_send_request(context, k, request, &response_data);
+ if (ret) {
+ return ret;
+ }
+
+ response = krb5_storage_from_data(&response_data);
+ if (response == NULL) {
+ krb5_data_free(&response_data);
+ return KRB5_CC_IO;
+ }
+
+ ret = krb5_ret_int32(response, &status);
+ if (ret) {
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ return KRB5_CC_FORMAT;
+ }
+
+ if (status) {
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ return status;
+ }
+
+ if (response_p != NULL) {
+ *response_data_p = response_data;
+ *response_p = response;
+
+ return 0;
+ }
+
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ return 0;
+}
+
+static void
+kcm_free(krb5_context context, krb5_ccache *id)
+{
+ krb5_kcmcache *k = KCMCACHE(*id);
+
+ if (k != NULL) {
+ if (k->name != NULL)
+ free(k->name);
+ if (k->door_path)
+ free(k->door_path);
+ memset(k, 0, sizeof(*k));
+ krb5_data_free(&(*id)->data);
+ }
+
+ *id = NULL;
+}
+
+static const char *
+kcm_get_name(krb5_context context,
+ krb5_ccache id)
+{
+ return CACHENAME(id);
+}
+
+static krb5_error_code
+kcm_resolve(krb5_context context, krb5_ccache *id, const char *res)
+{
+ return kcm_alloc(context, res, id);
+}
+
+/*
+ * Request:
+ *
+ * Response:
+ * NameZ
+ */
+static krb5_error_code
+kcm_gen_new(krb5_context context, krb5_ccache *id)
+{
+ krb5_kcmcache *k;
+ krb5_error_code ret;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ ret = kcm_alloc(context, NULL, id);
+ if (ret)
+ return ret;
+
+ k = KCMCACHE(*id);
+
+ ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
+ if (ret) {
+ kcm_free(context, id);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, &response, &response_data);
+ if (ret) {
+ krb5_storage_free(request);
+ kcm_free(context, id);
+ return ret;
+ }
+
+ ret = krb5_ret_stringz(response, &k->name);
+ if (ret)
+ ret = KRB5_CC_IO;
+
+ krb5_storage_free(request);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ if (ret)
+ kcm_free(context, id);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Principal
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_principal(request, primary_principal);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+static krb5_error_code
+kcm_close(krb5_context context,
+ krb5_ccache id)
+{
+ kcm_free(context, &id);
+ return 0;
+}
+
+/*
+ * Request:
+ * NameZ
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_DESTROY, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Creds
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_STORE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_creds(request, creds);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * WhichFields
+ * MatchCreds
+ *
+ * Response:
+ * Creds
+ *
+ */
+static krb5_error_code
+kcm_retrieve(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ const krb5_creds *mcred,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, which);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_creds_tag(request, rk_UNCONST(mcred));
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, &response, &response_data);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_ret_creds(response, creds);
+ if (ret)
+ ret = KRB5_CC_IO;
+
+ krb5_storage_free(request);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ *
+ * Response:
+ * Principal
+ */
+static krb5_error_code
+kcm_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, &response, &response_data);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_ret_principal(response, principal);
+ if (ret)
+ ret = KRB5_CC_IO;
+
+ krb5_storage_free(request);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ *
+ * Response:
+ * Cursor
+ *
+ */
+static krb5_error_code
+kcm_get_first (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ int32_t tmp;
+
+ ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, &response, &response_data);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_ret_int32(response, &tmp);
+ if (ret || tmp < 0)
+ ret = KRB5_CC_IO;
+
+ krb5_storage_free(request);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ if (ret)
+ return ret;
+
+ *cursor = malloc(sizeof(tmp));
+ if (*cursor == NULL)
+ return KRB5_CC_NOMEM;
+
+ KCMCURSOR(*cursor) = tmp;
+
+ return 0;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Cursor
+ *
+ * Response:
+ * Creds
+ */
+static krb5_error_code
+kcm_get_next (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, KCMCURSOR(*cursor));
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, &response, &response_data);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_ret_creds(response, creds);
+ if (ret)
+ ret = KRB5_CC_IO;
+
+ krb5_storage_free(request);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * Cursor
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, KCMCURSOR(*cursor));
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ krb5_storage_free(request);
+
+ KCMCURSOR(*cursor) = 0;
+ free(*cursor);
+ *cursor = NULL;
+
+ return ret;
+}
+
+/*
+ * Request:
+ * NameZ
+ * WhichFields
+ * MatchCreds
+ *
+ * Response:
+ *
+ */
+static krb5_error_code
+kcm_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *cred)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, which);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_creds_tag(request, cred);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+static krb5_error_code
+kcm_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, flags);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+static krb5_error_code
+kcm_get_version(krb5_context context,
+ krb5_ccache id)
+{
+ return 0;
+}
+
+static krb5_error_code
+kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
+{
+ krb5_set_error_string(context, "kcm_move not implemented");
+ return EINVAL;
+}
+
+static krb5_error_code
+kcm_default_name(krb5_context context, char **str)
+{
+ return _krb5_expand_default_cc_name(context,
+ KRB5_DEFAULT_CCNAME_KCM,
+ str);
+}
+
+/**
+ * Variable containing the KCM based credential cache implemention.
+ *
+ * @ingroup krb5_ccache
+ */
+
+const krb5_cc_ops krb5_kcm_ops = {
+ "KCM",
+ kcm_get_name,
+ kcm_resolve,
+ kcm_gen_new,
+ kcm_initialize,
+ kcm_destroy,
+ kcm_close,
+ kcm_store_cred,
+ kcm_retrieve,
+ kcm_get_principal,
+ kcm_get_first,
+ kcm_get_next,
+ kcm_end_get,
+ kcm_remove_cred,
+ kcm_set_flags,
+ kcm_get_version,
+ NULL,
+ NULL,
+ NULL,
+ kcm_move,
+ kcm_default_name
+};
+
+krb5_boolean
+_krb5_kcm_is_running(krb5_context context)
+{
+ krb5_error_code ret;
+ krb5_ccache_data ccdata;
+ krb5_ccache id = &ccdata;
+ krb5_boolean running;
+
+ ret = kcm_alloc(context, NULL, &id);
+ if (ret)
+ return 0;
+
+ running = (_krb5_kcm_noop(context, id) == 0);
+
+ kcm_free(context, &id);
+
+ return running;
+}
+
+/*
+ * Request:
+ *
+ * Response:
+ *
+ */
+krb5_error_code
+_krb5_kcm_noop(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_NOOP, &request);
+ if (ret)
+ return ret;
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+
+/*
+ * Request:
+ * NameZ
+ * Mode
+ *
+ * Response:
+ *
+ */
+krb5_error_code
+_krb5_kcm_chmod(krb5_context context,
+ krb5_ccache id,
+ uint16_t mode)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int16(request, mode);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+
+/*
+ * Request:
+ * NameZ
+ * UID
+ * GID
+ *
+ * Response:
+ *
+ */
+krb5_error_code
+_krb5_kcm_chown(krb5_context context,
+ krb5_ccache id,
+ uint32_t uid,
+ uint32_t gid)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_CHOWN, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, uid);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, gid);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+
+/*
+ * Request:
+ * NameZ
+ * ServerPrincipalPresent
+ * ServerPrincipal OPTIONAL
+ * Key
+ *
+ * Repsonse:
+ *
+ */
+krb5_error_code
+_krb5_kcm_get_initial_ticket(krb5_context context,
+ krb5_ccache id,
+ krb5_principal server,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ if (server != NULL) {
+ ret = krb5_store_principal(request, server);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+ }
+
+ ret = krb5_store_keyblock(request, *key);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+
+/*
+ * Request:
+ * NameZ
+ * KDCFlags
+ * EncryptionType
+ * ServerPrincipal
+ *
+ * Repsonse:
+ *
+ */
+krb5_error_code
+_krb5_kcm_get_ticket(krb5_context context,
+ krb5_ccache id,
+ krb5_kdc_flags flags,
+ krb5_enctype enctype,
+ krb5_principal server)
+{
+ krb5_error_code ret;
+ krb5_kcmcache *k = KCMCACHE(id);
+ krb5_storage *request;
+
+ ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
+ if (ret)
+ return ret;
+
+ ret = krb5_store_stringz(request, k->name);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, flags.i);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_int32(request, enctype);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = krb5_store_principal(request, server);
+ if (ret) {
+ krb5_storage_free(request);
+ return ret;
+ }
+
+ ret = kcm_call(context, k, request, NULL, NULL);
+
+ krb5_storage_free(request);
+ return ret;
+}
+
+
+#endif /* HAVE_KCM */
Added: vendor-crypto/heimdal/dist/lib/krb5/kcm.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/kcm.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/kcm.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2005, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __KCM_H__
+#define __KCM_H__
+
+/*
+ * KCM protocol definitions
+ */
+
+#define KCM_PROTOCOL_VERSION_MAJOR 1
+#define KCM_PROTOCOL_VERSION_MINOR 0
+
+typedef enum kcm_operation {
+ KCM_OP_NOOP,
+ KCM_OP_GET_NAME,
+ KCM_OP_RESOLVE,
+ KCM_OP_GEN_NEW,
+ KCM_OP_INITIALIZE,
+ KCM_OP_DESTROY,
+ KCM_OP_STORE,
+ KCM_OP_RETRIEVE,
+ KCM_OP_GET_PRINCIPAL,
+ KCM_OP_GET_FIRST,
+ KCM_OP_GET_NEXT,
+ KCM_OP_END_GET,
+ KCM_OP_REMOVE_CRED,
+ KCM_OP_SET_FLAGS,
+ KCM_OP_CHOWN,
+ KCM_OP_CHMOD,
+ KCM_OP_GET_INITIAL_TICKET,
+ KCM_OP_GET_TICKET,
+ KCM_OP_MAX
+} kcm_operation;
+
+#define _PATH_KCM_SOCKET "/var/run/.kcm_socket"
+#define _PATH_KCM_DOOR "/var/run/.kcm_door"
+
+#endif /* __KCM_H__ */
+
Added: vendor-crypto/heimdal/dist/lib/krb5/kerberos.8
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/kerberos.8 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/kerberos.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,107 @@
+.\" Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: kerberos.8,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd September 1, 2000
+.Dt KERBEROS 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kerberos
+.Nd introduction to the Kerberos system
+.Sh DESCRIPTION
+Kerberos is a network authentication system. Its purpose is to
+securely authenticate users and services in an insecure network
+environment.
+.Pp
+This is done with a Kerberos server acting as a trusted third party,
+keeping a database with secret keys for all users and services
+(collectively called
+.Em principals ) .
+.Pp
+Each principal belongs to exactly one
+.Em realm ,
+which is the administrative domain in Kerberos. A realm usually
+corresponds to an organisation, and the realm should normally be
+derived from that organisation's domain name. A realm is served by one
+or more Kerberos servers.
+.Pp
+The authentication process involves exchange of
+.Sq tickets
+and
+.Sq authenticators
+which together prove the principal's identity.
+.Pp
+When you login to the Kerberos system, either through the normal
+system login or with the
+.Xr kinit 1
+program, you acquire a
+.Em ticket granting ticket
+which allows you to get new tickets for other services, such as
+.Ic telnet
+or
+.Ic ftp ,
+without giving your password.
+.Pp
+For more information on how Kerberos works, and other general Kerberos
+questions see the Kerberos FAQ at
+.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
+.Pp
+For setup instructions see the Heimdal Texinfo manual.
+.Sh SEE ALSO
+.Xr ftp 1 ,
+.Xr kdestroy 1 ,
+.Xr kinit 1 ,
+.Xr klist 1 ,
+.Xr kpasswd 1 ,
+.Xr telnet 1
+.Sh HISTORY
+The Kerberos authentication system was developed in the late 1980's as
+part of the Athena Project at the Massachusetts Institute of
+Technology. Versions one through three never reached outside MIT, but
+version 4 was (and still is) quite popular, especially in the academic
+community, but is also used in commercial products like the AFS
+filesystem.
+.Pp
+The problems with version 4 are that it has many limitations, the code
+was not too well written (since it had been developed over a long
+time), and it has a number of known security problems. To resolve many
+of these issues work on version five started, and resulted in IETF RFC
+1510 in 1993. IETF RFC 1510 was obsoleted in 2005 with IETF RFC 4120,
+also known as Kerberos clarifications. With the arrival of IETF RFC
+4120, the work on adding extensibility and internationalization have
+started (Kerberos extensions), and a new RFC will hopefully appear
+soon.
+.Pp
+This manual page is part of the
+.Nm Heimdal
+Kerberos 5 distribution, which has been in development at the Royal
+Institute of Technology in Stockholm, Sweden, since about 1997.
Added: vendor-crypto/heimdal/dist/lib/krb5/keyblock.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keyblock.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keyblock.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keyblock.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+void KRB5_LIB_FUNCTION
+krb5_keyblock_zero(krb5_keyblock *keyblock)
+{
+ keyblock->keytype = 0;
+ krb5_data_zero(&keyblock->keyvalue);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_keyblock_contents(krb5_context context,
+ krb5_keyblock *keyblock)
+{
+ if(keyblock) {
+ if (keyblock->keyvalue.data != NULL)
+ memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length);
+ krb5_data_free (&keyblock->keyvalue);
+ keyblock->keytype = ENCTYPE_NULL;
+ }
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_keyblock(krb5_context context,
+ krb5_keyblock *keyblock)
+{
+ if(keyblock){
+ krb5_free_keyblock_contents(context, keyblock);
+ free(keyblock);
+ }
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_keyblock_contents (krb5_context context,
+ const krb5_keyblock *inblock,
+ krb5_keyblock *to)
+{
+ return copy_EncryptionKey(inblock, to);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_keyblock (krb5_context context,
+ const krb5_keyblock *inblock,
+ krb5_keyblock **to)
+{
+ krb5_keyblock *k;
+
+ k = malloc (sizeof(*k));
+ if (k == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *to = k;
+ return krb5_copy_keyblock_contents (context, inblock, k);
+}
+
+krb5_enctype
+krb5_keyblock_get_enctype(const krb5_keyblock *block)
+{
+ return block->keytype;
+}
+
+/*
+ * Fill in `key' with key data of type `enctype' from `data' of length
+ * `size'. Key should be freed using krb5_free_keyblock_contents.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keyblock_init(krb5_context context,
+ krb5_enctype type,
+ const void *data,
+ size_t size,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ size_t len;
+
+ memset(key, 0, sizeof(*key));
+
+ ret = krb5_enctype_keysize(context, type, &len);
+ if (ret)
+ return ret;
+
+ if (len != size) {
+ krb5_set_error_string(context, "Encryption key %d is %lu bytes "
+ "long, %lu was passed in",
+ type, (unsigned long)len, (unsigned long)size);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ ret = krb5_data_copy(&key->keyvalue, data, len);
+ if(ret) {
+ krb5_set_error_string(context, "malloc failed: %lu",
+ (unsigned long)len);
+ return ret;
+ }
+ key->keytype = type;
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/keytab.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keytab.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keytab.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,528 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Register a new keytab in `ops'
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_register(krb5_context context,
+ const krb5_kt_ops *ops)
+{
+ struct krb5_keytab_data *tmp;
+
+ if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) {
+ krb5_set_error_string(context, "krb5_kt_register; prefix too long");
+ return KRB5_KT_BADNAME;
+ }
+
+ tmp = realloc(context->kt_types,
+ (context->num_kt_types + 1) * sizeof(*context->kt_types));
+ if(tmp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(&tmp[context->num_kt_types], ops,
+ sizeof(tmp[context->num_kt_types]));
+ context->kt_types = tmp;
+ context->num_kt_types++;
+ return 0;
+}
+
+/*
+ * Resolve the keytab name (of the form `type:residual') in `name'
+ * into a keytab in `id'.
+ * Return 0 or an error
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_resolve(krb5_context context,
+ const char *name,
+ krb5_keytab *id)
+{
+ krb5_keytab k;
+ int i;
+ const char *type, *residual;
+ size_t type_len;
+ krb5_error_code ret;
+
+ residual = strchr(name, ':');
+ if(residual == NULL) {
+ type = "FILE";
+ type_len = strlen(type);
+ residual = name;
+ } else {
+ type = name;
+ type_len = residual - name;
+ residual++;
+ }
+
+ for(i = 0; i < context->num_kt_types; i++) {
+ if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0)
+ break;
+ }
+ if(i == context->num_kt_types) {
+ krb5_set_error_string(context, "unknown keytab type %.*s",
+ (int)type_len, type);
+ return KRB5_KT_UNKNOWN_TYPE;
+ }
+
+ k = malloc (sizeof(*k));
+ if (k == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(k, &context->kt_types[i], sizeof(*k));
+ k->data = NULL;
+ ret = (*k->resolve)(context, residual, k);
+ if(ret) {
+ free(k);
+ k = NULL;
+ }
+ *id = k;
+ return ret;
+}
+
+/*
+ * copy the name of the default keytab into `name'.
+ * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_default_name(krb5_context context, char *name, size_t namesize)
+{
+ if (strlcpy (name, context->default_keytab, namesize) >= namesize) {
+ krb5_clear_error_string (context);
+ return KRB5_CONFIG_NOTENUFSPACE;
+ }
+ return 0;
+}
+
+/*
+ * copy the name of the default modify keytab into `name'.
+ * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize)
+{
+ const char *kt = NULL;
+ if(context->default_keytab_modify == NULL) {
+ if(strncasecmp(context->default_keytab, "ANY:", 4) != 0)
+ kt = context->default_keytab;
+ else {
+ size_t len = strcspn(context->default_keytab + 4, ",");
+ if(len >= namesize) {
+ krb5_clear_error_string(context);
+ return KRB5_CONFIG_NOTENUFSPACE;
+ }
+ strlcpy(name, context->default_keytab + 4, namesize);
+ name[len] = '\0';
+ return 0;
+ }
+ } else
+ kt = context->default_keytab_modify;
+ if (strlcpy (name, kt, namesize) >= namesize) {
+ krb5_clear_error_string (context);
+ return KRB5_CONFIG_NOTENUFSPACE;
+ }
+ return 0;
+}
+
+/*
+ * Set `id' to the default keytab.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_default(krb5_context context, krb5_keytab *id)
+{
+ return krb5_kt_resolve (context, context->default_keytab, id);
+}
+
+/*
+ * Read the key identified by `(principal, vno, enctype)' from the
+ * keytab in `keyprocarg' (the default if == NULL) into `*key'.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_read_service_key(krb5_context context,
+ krb5_pointer keyprocarg,
+ krb5_principal principal,
+ krb5_kvno vno,
+ krb5_enctype enctype,
+ krb5_keyblock **key)
+{
+ krb5_keytab keytab;
+ krb5_keytab_entry entry;
+ krb5_error_code ret;
+
+ if (keyprocarg)
+ ret = krb5_kt_resolve (context, keyprocarg, &keytab);
+ else
+ ret = krb5_kt_default (context, &keytab);
+
+ if (ret)
+ return ret;
+
+ ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
+ krb5_kt_close (context, keytab);
+ if (ret)
+ return ret;
+ ret = krb5_copy_keyblock (context, &entry.keyblock, key);
+ krb5_kt_free_entry(context, &entry);
+ return ret;
+}
+
+/*
+ * Return the type of the `keytab' in the string `prefix of length
+ * `prefixsize'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_type(krb5_context context,
+ krb5_keytab keytab,
+ char *prefix,
+ size_t prefixsize)
+{
+ strlcpy(prefix, keytab->prefix, prefixsize);
+ return 0;
+}
+
+/*
+ * Retrieve the name of the keytab `keytab' into `name', `namesize'
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_name(krb5_context context,
+ krb5_keytab keytab,
+ char *name,
+ size_t namesize)
+{
+ return (*keytab->get_name)(context, keytab, name, namesize);
+}
+
+/*
+ * Retrieve the full name of the keytab `keytab' and store the name in
+ * `str'. `str' needs to be freed by the caller using free(3).
+ * Returns 0 or an error. On error, *str is set to NULL.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_full_name(krb5_context context,
+ krb5_keytab keytab,
+ char **str)
+{
+ char type[KRB5_KT_PREFIX_MAX_LEN];
+ char name[MAXPATHLEN];
+ krb5_error_code ret;
+
+ *str = NULL;
+
+ ret = krb5_kt_get_type(context, keytab, type, sizeof(type));
+ if (ret)
+ return ret;
+
+ ret = krb5_kt_get_name(context, keytab, name, sizeof(name));
+ if (ret)
+ return ret;
+
+ if (asprintf(str, "%s:%s", type, name) == -1) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ *str = NULL;
+ return ENOMEM;
+ }
+
+ return 0;
+}
+
+/*
+ * Finish using the keytab in `id'. All resources will be released,
+ * even on errors. Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_close(krb5_context context,
+ krb5_keytab id)
+{
+ krb5_error_code ret;
+
+ ret = (*id->close)(context, id);
+ memset(id, 0, sizeof(*id));
+ free(id);
+ return ret;
+}
+
+/*
+ * Compare `entry' against `principal, vno, enctype'.
+ * Any of `principal, vno, enctype' might be 0 which acts as a wildcard.
+ * Return TRUE if they compare the same, FALSE otherwise.
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_kt_compare(krb5_context context,
+ krb5_keytab_entry *entry,
+ krb5_const_principal principal,
+ krb5_kvno vno,
+ krb5_enctype enctype)
+{
+ if(principal != NULL &&
+ !krb5_principal_compare(context, entry->principal, principal))
+ return FALSE;
+ if(vno && vno != entry->vno)
+ return FALSE;
+ if(enctype && enctype != entry->keyblock.keytype)
+ return FALSE;
+ return TRUE;
+}
+
+/*
+ * Retrieve the keytab entry for `principal, kvno, enctype' into `entry'
+ * from the keytab `id'.
+ * kvno == 0 is a wildcard and gives the keytab with the highest vno.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_const_principal principal,
+ krb5_kvno kvno,
+ krb5_enctype enctype,
+ krb5_keytab_entry *entry)
+{
+ krb5_keytab_entry tmp;
+ krb5_error_code ret;
+ krb5_kt_cursor cursor;
+
+ if(id->get)
+ return (*id->get)(context, id, principal, kvno, enctype, entry);
+
+ ret = krb5_kt_start_seq_get (context, id, &cursor);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */
+ }
+
+ entry->vno = 0;
+ while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) {
+ if (krb5_kt_compare(context, &tmp, principal, 0, enctype)) {
+ /* the file keytab might only store the lower 8 bits of
+ the kvno, so only compare those bits */
+ if (kvno == tmp.vno
+ || (tmp.vno < 256 && kvno % 256 == tmp.vno)) {
+ krb5_kt_copy_entry_contents (context, &tmp, entry);
+ krb5_kt_free_entry (context, &tmp);
+ krb5_kt_end_seq_get(context, id, &cursor);
+ return 0;
+ } else if (kvno == 0 && tmp.vno > entry->vno) {
+ if (entry->vno)
+ krb5_kt_free_entry (context, entry);
+ krb5_kt_copy_entry_contents (context, &tmp, entry);
+ }
+ }
+ krb5_kt_free_entry(context, &tmp);
+ }
+ krb5_kt_end_seq_get (context, id, &cursor);
+ if (entry->vno) {
+ return 0;
+ } else {
+ char princ[256], kvno_str[25], *kt_name;
+ char *enctype_str = NULL;
+
+ krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
+ krb5_kt_get_full_name (context, id, &kt_name);
+ krb5_enctype_to_string(context, enctype, &enctype_str);
+
+ if (kvno)
+ snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
+ else
+ kvno_str[0] = '\0';
+
+ krb5_set_error_string (context,
+ "Failed to find %s%s in keytab %s (%s)",
+ princ,
+ kvno_str,
+ kt_name ? kt_name : "unknown keytab",
+ enctype_str ? enctype_str : "unknown enctype");
+ free(kt_name);
+ free(enctype_str);
+ return KRB5_KT_NOTFOUND;
+ }
+}
+
+/*
+ * Copy the contents of `in' into `out'.
+ * Return 0 or an error. */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_copy_entry_contents(krb5_context context,
+ const krb5_keytab_entry *in,
+ krb5_keytab_entry *out)
+{
+ krb5_error_code ret;
+
+ memset(out, 0, sizeof(*out));
+ out->vno = in->vno;
+
+ ret = krb5_copy_principal (context, in->principal, &out->principal);
+ if (ret)
+ goto fail;
+ ret = krb5_copy_keyblock_contents (context,
+ &in->keyblock,
+ &out->keyblock);
+ if (ret)
+ goto fail;
+ out->timestamp = in->timestamp;
+ return 0;
+fail:
+ krb5_kt_free_entry (context, out);
+ return ret;
+}
+
+/*
+ * Free the contents of `entry'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_free_entry(krb5_context context,
+ krb5_keytab_entry *entry)
+{
+ krb5_free_principal (context, entry->principal);
+ krb5_free_keyblock_contents (context, &entry->keyblock);
+ memset(entry, 0, sizeof(*entry));
+ return 0;
+}
+
+/*
+ * Set `cursor' to point at the beginning of `id'.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_start_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ if(id->start_seq_get == NULL) {
+ krb5_set_error_string(context,
+ "start_seq_get is not supported in the %s "
+ " keytab", id->prefix);
+ return HEIM_ERR_OPNOTSUPP;
+ }
+ return (*id->start_seq_get)(context, id, cursor);
+}
+
+/*
+ * Get the next entry from `id' pointed to by `cursor' and advance the
+ * `cursor'.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_next_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *cursor)
+{
+ if(id->next_entry == NULL) {
+ krb5_set_error_string(context,
+ "next_entry is not supported in the %s "
+ " keytab", id->prefix);
+ return HEIM_ERR_OPNOTSUPP;
+ }
+ return (*id->next_entry)(context, id, entry, cursor);
+}
+
+/*
+ * Release all resources associated with `cursor'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_end_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ if(id->end_seq_get == NULL) {
+ krb5_set_error_string(context,
+ "end_seq_get is not supported in the %s "
+ " keytab", id->prefix);
+ return HEIM_ERR_OPNOTSUPP;
+ }
+ return (*id->end_seq_get)(context, id, cursor);
+}
+
+/*
+ * Add the entry in `entry' to the keytab `id'.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_add_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ if(id->add == NULL) {
+ krb5_set_error_string(context, "Add is not supported in the %s keytab",
+ id->prefix);
+ return KRB5_KT_NOWRITE;
+ }
+ entry->timestamp = time(NULL);
+ return (*id->add)(context, id,entry);
+}
+
+/*
+ * Remove the entry `entry' from the keytab `id'.
+ * Return 0 or an error.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_remove_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ if(id->remove == NULL) {
+ krb5_set_error_string(context,
+ "Remove is not supported in the %s keytab",
+ id->prefix);
+ return KRB5_KT_NOWRITE;
+ }
+ return (*id->remove)(context, id, entry);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/keytab_any.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keytab_any.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keytab_any.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,255 @@
+/*
+ * Copyright (c) 2001-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab_any.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct any_data {
+ krb5_keytab kt;
+ char *name;
+ struct any_data *next;
+};
+
+static void
+free_list (krb5_context context, struct any_data *a)
+{
+ struct any_data *next;
+
+ for (; a != NULL; a = next) {
+ next = a->next;
+ free (a->name);
+ if(a->kt)
+ krb5_kt_close(context, a->kt);
+ free (a);
+ }
+}
+
+static krb5_error_code
+any_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ struct any_data *a, *a0 = NULL, *prev = NULL;
+ krb5_error_code ret;
+ char buf[256];
+
+ while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) {
+ a = malloc(sizeof(*a));
+ if (a == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ if (a0 == NULL) {
+ a0 = a;
+ a->name = strdup(buf);
+ if (a->name == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto fail;
+ }
+ } else
+ a->name = NULL;
+ if (prev != NULL)
+ prev->next = a;
+ a->next = NULL;
+ ret = krb5_kt_resolve (context, buf, &a->kt);
+ if (ret)
+ goto fail;
+ prev = a;
+ }
+ if (a0 == NULL) {
+ krb5_set_error_string(context, "empty ANY: keytab");
+ return ENOENT;
+ }
+ id->data = a0;
+ return 0;
+ fail:
+ free_list (context, a0);
+ return ret;
+}
+
+static krb5_error_code
+any_get_name (krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t namesize)
+{
+ struct any_data *a = id->data;
+ strlcpy(name, a->name, namesize);
+ return 0;
+}
+
+static krb5_error_code
+any_close (krb5_context context,
+ krb5_keytab id)
+{
+ struct any_data *a = id->data;
+
+ free_list (context, a);
+ return 0;
+}
+
+struct any_cursor_extra_data {
+ struct any_data *a;
+ krb5_kt_cursor cursor;
+};
+
+static krb5_error_code
+any_start_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ struct any_data *a = id->data;
+ struct any_cursor_extra_data *ed;
+ krb5_error_code ret;
+
+ c->data = malloc (sizeof(struct any_cursor_extra_data));
+ if(c->data == NULL){
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ed = (struct any_cursor_extra_data *)c->data;
+ ed->a = a;
+ ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+ if (ret) {
+ free (c->data);
+ c->data = NULL;
+ return ret;
+ }
+ return 0;
+}
+
+static krb5_error_code
+any_next_entry (krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *cursor)
+{
+ krb5_error_code ret, ret2;
+ struct any_cursor_extra_data *ed;
+
+ ed = (struct any_cursor_extra_data *)cursor->data;
+ do {
+ ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
+ if (ret == 0)
+ return 0;
+ else if (ret != KRB5_KT_END)
+ return ret;
+
+ ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
+ if (ret2)
+ return ret2;
+ while ((ed->a = ed->a->next) != NULL) {
+ ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
+ if (ret2 == 0)
+ break;
+ }
+ if (ed->a == NULL) {
+ krb5_clear_error_string (context);
+ return KRB5_KT_END;
+ }
+ } while (1);
+}
+
+static krb5_error_code
+any_end_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ krb5_error_code ret = 0;
+ struct any_cursor_extra_data *ed;
+
+ ed = (struct any_cursor_extra_data *)cursor->data;
+ if (ed->a != NULL)
+ ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor);
+ free (ed);
+ cursor->data = NULL;
+ return ret;
+}
+
+static krb5_error_code
+any_add_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct any_data *a = id->data;
+ krb5_error_code ret;
+ while(a != NULL) {
+ ret = krb5_kt_add_entry(context, a->kt, entry);
+ if(ret != 0 && ret != KRB5_KT_NOWRITE) {
+ krb5_set_error_string(context, "failed to add entry to %s",
+ a->name);
+ return ret;
+ }
+ a = a->next;
+ }
+ return 0;
+}
+
+static krb5_error_code
+any_remove_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct any_data *a = id->data;
+ krb5_error_code ret;
+ int found = 0;
+ while(a != NULL) {
+ ret = krb5_kt_remove_entry(context, a->kt, entry);
+ if(ret == 0)
+ found++;
+ else {
+ if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) {
+ krb5_set_error_string(context, "failed to remove entry from %s",
+ a->name);
+ return ret;
+ }
+ }
+ a = a->next;
+ }
+ if(!found)
+ return KRB5_KT_NOTFOUND;
+ return 0;
+}
+
+const krb5_kt_ops krb5_any_ops = {
+ "ANY",
+ any_resolve,
+ any_get_name,
+ any_close,
+ NULL, /* get */
+ any_start_seq_get,
+ any_next_entry,
+ any_end_seq_get,
+ any_add_entry,
+ any_remove_entry
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/keytab_file.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keytab_file.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keytab_file.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,696 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab_file.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#define KRB5_KT_VNO_1 1
+#define KRB5_KT_VNO_2 2
+#define KRB5_KT_VNO KRB5_KT_VNO_2
+
+#define KRB5_KT_FL_JAVA 1
+
+
+/* file operations -------------------------------------------- */
+
+struct fkt_data {
+ char *filename;
+ int flags;
+};
+
+static krb5_error_code
+krb5_kt_ret_data(krb5_context context,
+ krb5_storage *sp,
+ krb5_data *data)
+{
+ int ret;
+ int16_t size;
+ ret = krb5_ret_int16(sp, &size);
+ if(ret)
+ return ret;
+ data->length = size;
+ data->data = malloc(size);
+ if (data->data == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_storage_read(sp, data->data, size);
+ if(ret != size)
+ return (ret < 0)? errno : KRB5_KT_END;
+ return 0;
+}
+
+static krb5_error_code
+krb5_kt_ret_string(krb5_context context,
+ krb5_storage *sp,
+ heim_general_string *data)
+{
+ int ret;
+ int16_t size;
+ ret = krb5_ret_int16(sp, &size);
+ if(ret)
+ return ret;
+ *data = malloc(size + 1);
+ if (*data == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_storage_read(sp, *data, size);
+ (*data)[size] = '\0';
+ if(ret != size)
+ return (ret < 0)? errno : KRB5_KT_END;
+ return 0;
+}
+
+static krb5_error_code
+krb5_kt_store_data(krb5_context context,
+ krb5_storage *sp,
+ krb5_data data)
+{
+ int ret;
+ ret = krb5_store_int16(sp, data.length);
+ if(ret < 0)
+ return ret;
+ ret = krb5_storage_write(sp, data.data, data.length);
+ if(ret != data.length){
+ if(ret < 0)
+ return errno;
+ return KRB5_KT_END;
+ }
+ return 0;
+}
+
+static krb5_error_code
+krb5_kt_store_string(krb5_storage *sp,
+ heim_general_string data)
+{
+ int ret;
+ size_t len = strlen(data);
+ ret = krb5_store_int16(sp, len);
+ if(ret < 0)
+ return ret;
+ ret = krb5_storage_write(sp, data, len);
+ if(ret != len){
+ if(ret < 0)
+ return errno;
+ return KRB5_KT_END;
+ }
+ return 0;
+}
+
+static krb5_error_code
+krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p)
+{
+ int ret;
+ int16_t tmp;
+
+ ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */
+ if(ret) return ret;
+ p->keytype = tmp;
+ ret = krb5_kt_ret_data(context, sp, &p->keyvalue);
+ return ret;
+}
+
+static krb5_error_code
+krb5_kt_store_keyblock(krb5_context context,
+ krb5_storage *sp,
+ krb5_keyblock *p)
+{
+ int ret;
+
+ ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */
+ if(ret) return ret;
+ ret = krb5_kt_store_data(context, sp, p->keyvalue);
+ return ret;
+}
+
+
+static krb5_error_code
+krb5_kt_ret_principal(krb5_context context,
+ krb5_storage *sp,
+ krb5_principal *princ)
+{
+ int i;
+ int ret;
+ krb5_principal p;
+ int16_t len;
+
+ ALLOC(p, 1);
+ if(p == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = krb5_ret_int16(sp, &len);
+ if(ret) {
+ krb5_set_error_string(context,
+ "Failed decoding length of keytab principal");
+ goto out;
+ }
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
+ len--;
+ if (len < 0) {
+ krb5_set_error_string(context,
+ "Keytab principal contains invalid length");
+ ret = KRB5_KT_END;
+ goto out;
+ }
+ ret = krb5_kt_ret_string(context, sp, &p->realm);
+ if(ret)
+ goto out;
+ p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
+ if(p->name.name_string.val == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ p->name.name_string.len = len;
+ for(i = 0; i < p->name.name_string.len; i++){
+ ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
+ if(ret)
+ goto out;
+ }
+ if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
+ p->name.name_type = KRB5_NT_UNKNOWN;
+ else {
+ int32_t tmp32;
+ ret = krb5_ret_int32(sp, &tmp32);
+ p->name.name_type = tmp32;
+ if (ret)
+ goto out;
+ }
+ *princ = p;
+ return 0;
+out:
+ krb5_free_principal(context, p);
+ return ret;
+}
+
+static krb5_error_code
+krb5_kt_store_principal(krb5_context context,
+ krb5_storage *sp,
+ krb5_principal p)
+{
+ int i;
+ int ret;
+
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
+ ret = krb5_store_int16(sp, p->name.name_string.len + 1);
+ else
+ ret = krb5_store_int16(sp, p->name.name_string.len);
+ if(ret) return ret;
+ ret = krb5_kt_store_string(sp, p->realm);
+ if(ret) return ret;
+ for(i = 0; i < p->name.name_string.len; i++){
+ ret = krb5_kt_store_string(sp, p->name.name_string.val[i]);
+ if(ret)
+ return ret;
+ }
+ if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
+ ret = krb5_store_int32(sp, p->name.name_type);
+ if(ret)
+ return ret;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+fkt_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ struct fkt_data *d;
+
+ d = malloc(sizeof(*d));
+ if(d == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->filename = strdup(name);
+ if(d->filename == NULL) {
+ free(d);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->flags = 0;
+ id->data = d;
+ return 0;
+}
+
+static krb5_error_code
+fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id)
+{
+ krb5_error_code ret;
+
+ ret = fkt_resolve(context, name, id);
+ if (ret == 0) {
+ struct fkt_data *d = id->data;
+ d->flags |= KRB5_KT_FL_JAVA;
+ }
+ return ret;
+}
+
+static krb5_error_code
+fkt_close(krb5_context context, krb5_keytab id)
+{
+ struct fkt_data *d = id->data;
+ free(d->filename);
+ free(d);
+ return 0;
+}
+
+static krb5_error_code
+fkt_get_name(krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t namesize)
+{
+ /* This function is XXX */
+ struct fkt_data *d = id->data;
+ strlcpy(name, d->filename, namesize);
+ return 0;
+}
+
+static void
+storage_set_flags(krb5_context context, krb5_storage *sp, int vno)
+{
+ int flags = 0;
+ switch(vno) {
+ case KRB5_KT_VNO_1:
+ flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS;
+ flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE;
+ flags |= KRB5_STORAGE_HOST_BYTEORDER;
+ break;
+ case KRB5_KT_VNO_2:
+ break;
+ default:
+ krb5_warnx(context,
+ "storage_set_flags called with bad vno (%d)", vno);
+ }
+ krb5_storage_set_flags(sp, flags);
+}
+
+static krb5_error_code
+fkt_start_seq_get_int(krb5_context context,
+ krb5_keytab id,
+ int flags,
+ int exclusive,
+ krb5_kt_cursor *c)
+{
+ int8_t pvno, tag;
+ krb5_error_code ret;
+ struct fkt_data *d = id->data;
+
+ c->fd = open (d->filename, flags);
+ if (c->fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "%s: %s", d->filename,
+ strerror(ret));
+ return ret;
+ }
+ ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
+ if (ret) {
+ close(c->fd);
+ return ret;
+ }
+ c->sp = krb5_storage_from_fd(c->fd);
+ if (c->sp == NULL) {
+ _krb5_xunlock(context, c->fd);
+ close(c->fd);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
+ ret = krb5_ret_int8(c->sp, &pvno);
+ if(ret) {
+ krb5_storage_free(c->sp);
+ _krb5_xunlock(context, c->fd);
+ close(c->fd);
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ if(pvno != 5) {
+ krb5_storage_free(c->sp);
+ _krb5_xunlock(context, c->fd);
+ close(c->fd);
+ krb5_clear_error_string (context);
+ return KRB5_KEYTAB_BADVNO;
+ }
+ ret = krb5_ret_int8(c->sp, &tag);
+ if (ret) {
+ krb5_storage_free(c->sp);
+ _krb5_xunlock(context, c->fd);
+ close(c->fd);
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ id->version = tag;
+ storage_set_flags(context, c->sp, id->version);
+ return 0;
+}
+
+static krb5_error_code
+fkt_start_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c);
+}
+
+static krb5_error_code
+fkt_next_entry_int(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *cursor,
+ off_t *start,
+ off_t *end)
+{
+ int32_t len;
+ int ret;
+ int8_t tmp8;
+ int32_t tmp32;
+ off_t pos, curpos;
+
+ pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
+loop:
+ ret = krb5_ret_int32(cursor->sp, &len);
+ if (ret)
+ return ret;
+ if(len < 0) {
+ pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR);
+ goto loop;
+ }
+ ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal);
+ if (ret)
+ goto out;
+ ret = krb5_ret_int32(cursor->sp, &tmp32);
+ entry->timestamp = tmp32;
+ if (ret)
+ goto out;
+ ret = krb5_ret_int8(cursor->sp, &tmp8);
+ if (ret)
+ goto out;
+ entry->vno = tmp8;
+ ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock);
+ if (ret)
+ goto out;
+ /* there might be a 32 bit kvno here
+ * if it's zero, assume that the 8bit one was right,
+ * otherwise trust the new value */
+ curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
+ if(len + 4 + pos - curpos >= 4) {
+ ret = krb5_ret_int32(cursor->sp, &tmp32);
+ if (ret == 0 && tmp32 != 0) {
+ entry->vno = tmp32;
+ }
+ }
+ if(start) *start = pos;
+ if(end) *end = pos + 4 + len;
+ out:
+ krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
+ return ret;
+}
+
+static krb5_error_code
+fkt_next_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *cursor)
+{
+ return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL);
+}
+
+static krb5_error_code
+fkt_end_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ krb5_storage_free(cursor->sp);
+ _krb5_xunlock(context, cursor->fd);
+ close(cursor->fd);
+ return 0;
+}
+
+static krb5_error_code
+fkt_setup_keytab(krb5_context context,
+ krb5_keytab id,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+ ret = krb5_store_int8(sp, 5);
+ if(ret)
+ return ret;
+ if(id->version == 0)
+ id->version = KRB5_KT_VNO;
+ return krb5_store_int8 (sp, id->version);
+}
+
+static krb5_error_code
+fkt_add_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ int ret;
+ int fd;
+ krb5_storage *sp;
+ struct fkt_data *d = id->data;
+ krb5_data keytab;
+ int32_t len;
+
+ fd = open (d->filename, O_RDWR | O_BINARY);
+ if (fd < 0) {
+ fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+ if (fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "open(%s): %s", d->filename,
+ strerror(ret));
+ return ret;
+ }
+ ret = _krb5_xlock(context, fd, 1, d->filename);
+ if (ret) {
+ close(fd);
+ return ret;
+ }
+ sp = krb5_storage_from_fd(fd);
+ krb5_storage_set_eof_code(sp, KRB5_KT_END);
+ ret = fkt_setup_keytab(context, id, sp);
+ if(ret) {
+ goto out;
+ }
+ storage_set_flags(context, sp, id->version);
+ } else {
+ int8_t pvno, tag;
+ ret = _krb5_xlock(context, fd, 1, d->filename);
+ if (ret) {
+ close(fd);
+ return ret;
+ }
+ sp = krb5_storage_from_fd(fd);
+ krb5_storage_set_eof_code(sp, KRB5_KT_END);
+ ret = krb5_ret_int8(sp, &pvno);
+ if(ret) {
+ /* we probably have a zero byte file, so try to set it up
+ properly */
+ ret = fkt_setup_keytab(context, id, sp);
+ if(ret) {
+ krb5_set_error_string(context, "%s: keytab is corrupted: %s",
+ d->filename, strerror(ret));
+ goto out;
+ }
+ storage_set_flags(context, sp, id->version);
+ } else {
+ if(pvno != 5) {
+ ret = KRB5_KEYTAB_BADVNO;
+ krb5_set_error_string(context, "%s: %s",
+ d->filename, strerror(ret));
+ goto out;
+ }
+ ret = krb5_ret_int8 (sp, &tag);
+ if (ret) {
+ krb5_set_error_string(context, "%s: reading tag: %s",
+ d->filename, strerror(ret));
+ goto out;
+ }
+ id->version = tag;
+ storage_set_flags(context, sp, id->version);
+ }
+ }
+
+ {
+ krb5_storage *emem;
+ emem = krb5_storage_emem();
+ if(emem == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ goto out;
+ }
+ ret = krb5_kt_store_principal(context, emem, entry->principal);
+ if(ret) {
+ krb5_storage_free(emem);
+ goto out;
+ }
+ ret = krb5_store_int32 (emem, entry->timestamp);
+ if(ret) {
+ krb5_storage_free(emem);
+ goto out;
+ }
+ ret = krb5_store_int8 (emem, entry->vno % 256);
+ if(ret) {
+ krb5_storage_free(emem);
+ goto out;
+ }
+ ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock);
+ if(ret) {
+ krb5_storage_free(emem);
+ goto out;
+ }
+ if ((d->flags & KRB5_KT_FL_JAVA) == 0) {
+ ret = krb5_store_int32 (emem, entry->vno);
+ if (ret) {
+ krb5_storage_free(emem);
+ goto out;
+ }
+ }
+
+ ret = krb5_storage_to_data(emem, &keytab);
+ krb5_storage_free(emem);
+ if(ret)
+ goto out;
+ }
+
+ while(1) {
+ ret = krb5_ret_int32(sp, &len);
+ if(ret == KRB5_KT_END) {
+ len = keytab.length;
+ break;
+ }
+ if(len < 0) {
+ len = -len;
+ if(len >= keytab.length) {
+ krb5_storage_seek(sp, -4, SEEK_CUR);
+ break;
+ }
+ }
+ krb5_storage_seek(sp, len, SEEK_CUR);
+ }
+ ret = krb5_store_int32(sp, len);
+ if(krb5_storage_write(sp, keytab.data, keytab.length) < 0)
+ ret = errno;
+ memset(keytab.data, 0, keytab.length);
+ krb5_data_free(&keytab);
+ out:
+ krb5_storage_free(sp);
+ _krb5_xunlock(context, fd);
+ close(fd);
+ return ret;
+}
+
+static krb5_error_code
+fkt_remove_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ krb5_keytab_entry e;
+ krb5_kt_cursor cursor;
+ off_t pos_start, pos_end;
+ int found = 0;
+ krb5_error_code ret;
+
+ ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor);
+ if(ret != 0)
+ goto out; /* return other error here? */
+ while(fkt_next_entry_int(context, id, &e, &cursor,
+ &pos_start, &pos_end) == 0) {
+ if(krb5_kt_compare(context, &e, entry->principal,
+ entry->vno, entry->keyblock.keytype)) {
+ int32_t len;
+ unsigned char buf[128];
+ found = 1;
+ krb5_storage_seek(cursor.sp, pos_start, SEEK_SET);
+ len = pos_end - pos_start - 4;
+ krb5_store_int32(cursor.sp, -len);
+ memset(buf, 0, sizeof(buf));
+ while(len > 0) {
+ krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf)));
+ len -= min(len, sizeof(buf));
+ }
+ }
+ krb5_kt_free_entry(context, &e);
+ }
+ krb5_kt_end_seq_get(context, id, &cursor);
+ out:
+ if (!found) {
+ krb5_clear_error_string (context);
+ return KRB5_KT_NOTFOUND;
+ }
+ return 0;
+}
+
+const krb5_kt_ops krb5_fkt_ops = {
+ "FILE",
+ fkt_resolve,
+ fkt_get_name,
+ fkt_close,
+ NULL, /* get */
+ fkt_start_seq_get,
+ fkt_next_entry,
+ fkt_end_seq_get,
+ fkt_add_entry,
+ fkt_remove_entry
+};
+
+const krb5_kt_ops krb5_wrfkt_ops = {
+ "WRFILE",
+ fkt_resolve,
+ fkt_get_name,
+ fkt_close,
+ NULL, /* get */
+ fkt_start_seq_get,
+ fkt_next_entry,
+ fkt_end_seq_get,
+ fkt_add_entry,
+ fkt_remove_entry
+};
+
+const krb5_kt_ops krb5_javakt_ops = {
+ "JAVA14",
+ fkt_resolve_java14,
+ fkt_get_name,
+ fkt_close,
+ NULL, /* get */
+ fkt_start_seq_get,
+ fkt_next_entry,
+ fkt_end_seq_get,
+ fkt_add_entry,
+ fkt_remove_entry
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/keytab_keyfile.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keytab_keyfile.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keytab_keyfile.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,420 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab_keyfile.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* afs keyfile operations --------------------------------------- */
+
+/*
+ * Minimum tools to handle the AFS KeyFile.
+ *
+ * Format of the KeyFile is:
+ * <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys}
+ *
+ * It just adds to the end of the keyfile, deleting isn't implemented.
+ * Use your favorite text/hex editor to delete keys.
+ *
+ */
+
+#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
+#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
+
+struct akf_data {
+ int num_entries;
+ char *filename;
+ char *cell;
+ char *realm;
+};
+
+/*
+ * set `d->cell' and `d->realm'
+ */
+
+static int
+get_cell_and_realm (krb5_context context, struct akf_data *d)
+{
+ FILE *f;
+ char buf[BUFSIZ], *cp;
+ int ret;
+
+ f = fopen (AFS_SERVERTHISCELL, "r");
+ if (f == NULL) {
+ ret = errno;
+ krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
+ strerror(ret));
+ return ret;
+ }
+ if (fgets (buf, sizeof(buf), f) == NULL) {
+ fclose (f);
+ krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
+ return EINVAL;
+ }
+ buf[strcspn(buf, "\n")] = '\0';
+ fclose(f);
+
+ d->cell = strdup (buf);
+ if (d->cell == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ f = fopen (AFS_SERVERMAGICKRBCONF, "r");
+ if (f != NULL) {
+ if (fgets (buf, sizeof(buf), f) == NULL) {
+ free (d->cell);
+ d->cell = NULL;
+ fclose (f);
+ krb5_set_error_string (context, "no realm in %s",
+ AFS_SERVERMAGICKRBCONF);
+ return EINVAL;
+ }
+ buf[strcspn(buf, "\n")] = '\0';
+ fclose(f);
+ }
+ /* uppercase */
+ for (cp = buf; *cp != '\0'; cp++)
+ *cp = toupper((unsigned char)*cp);
+
+ d->realm = strdup (buf);
+ if (d->realm == NULL) {
+ free (d->cell);
+ d->cell = NULL;
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+/*
+ * init and get filename
+ */
+
+static krb5_error_code
+akf_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ int ret;
+ struct akf_data *d = malloc(sizeof (struct akf_data));
+
+ if (d == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ d->num_entries = 0;
+ ret = get_cell_and_realm (context, d);
+ if (ret) {
+ free (d);
+ return ret;
+ }
+ d->filename = strdup (name);
+ if (d->filename == NULL) {
+ free (d->cell);
+ free (d->realm);
+ free (d);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ id->data = d;
+
+ return 0;
+}
+
+/*
+ * cleanup
+ */
+
+static krb5_error_code
+akf_close(krb5_context context, krb5_keytab id)
+{
+ struct akf_data *d = id->data;
+
+ free (d->filename);
+ free (d->cell);
+ free (d);
+ return 0;
+}
+
+/*
+ * Return filename
+ */
+
+static krb5_error_code
+akf_get_name(krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t name_sz)
+{
+ struct akf_data *d = id->data;
+
+ strlcpy (name, d->filename, name_sz);
+ return 0;
+}
+
+/*
+ * Init
+ */
+
+static krb5_error_code
+akf_start_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ int32_t ret;
+ struct akf_data *d = id->data;
+
+ c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
+ if (c->fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "open(%s): %s", d->filename,
+ strerror(ret));
+ return ret;
+ }
+
+ c->sp = krb5_storage_from_fd(c->fd);
+ ret = krb5_ret_int32(c->sp, &d->num_entries);
+ if(ret) {
+ krb5_storage_free(c->sp);
+ close(c->fd);
+ krb5_clear_error_string (context);
+ if(ret == KRB5_KT_END)
+ return KRB5_KT_NOTFOUND;
+ return ret;
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+akf_next_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *cursor)
+{
+ struct akf_data *d = id->data;
+ int32_t kvno;
+ off_t pos;
+ int ret;
+
+ pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR);
+
+ if ((pos - 4) / (4 + 8) >= d->num_entries)
+ return KRB5_KT_END;
+
+ ret = krb5_make_principal (context, &entry->principal,
+ d->realm, "afs", d->cell, NULL);
+ if (ret)
+ goto out;
+
+ ret = krb5_ret_int32(cursor->sp, &kvno);
+ if (ret) {
+ krb5_free_principal (context, entry->principal);
+ goto out;
+ }
+
+ entry->vno = kvno;
+
+ entry->keyblock.keytype = ETYPE_DES_CBC_MD5;
+ entry->keyblock.keyvalue.length = 8;
+ entry->keyblock.keyvalue.data = malloc (8);
+ if (entry->keyblock.keyvalue.data == NULL) {
+ krb5_free_principal (context, entry->principal);
+ krb5_set_error_string (context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8);
+ if(ret != 8)
+ ret = (ret < 0) ? errno : KRB5_KT_END;
+ else
+ ret = 0;
+
+ entry->timestamp = time(NULL);
+
+ out:
+ krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
+ return ret;
+}
+
+static krb5_error_code
+akf_end_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ krb5_storage_free(cursor->sp);
+ close(cursor->fd);
+ return 0;
+}
+
+static krb5_error_code
+akf_add_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct akf_data *d = id->data;
+ int fd, created = 0;
+ krb5_error_code ret;
+ int32_t len;
+ krb5_storage *sp;
+
+
+ if (entry->keyblock.keyvalue.length != 8)
+ return 0;
+ switch(entry->keyblock.keytype) {
+ case ETYPE_DES_CBC_CRC:
+ case ETYPE_DES_CBC_MD4:
+ case ETYPE_DES_CBC_MD5:
+ break;
+ default:
+ return 0;
+ }
+
+ fd = open (d->filename, O_RDWR | O_BINARY);
+ if (fd < 0) {
+ fd = open (d->filename,
+ O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
+ if (fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "open(%s): %s", d->filename,
+ strerror(ret));
+ return ret;
+ }
+ created = 1;
+ }
+
+ sp = krb5_storage_from_fd(fd);
+ if(sp == NULL) {
+ close(fd);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if (created)
+ len = 0;
+ else {
+ if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
+ ret = errno;
+ krb5_storage_free(sp);
+ close(fd);
+ krb5_set_error_string (context, "seek: %s", strerror(ret));
+ return ret;
+ }
+
+ ret = krb5_ret_int32(sp, &len);
+ if(ret) {
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+ }
+ }
+
+ /*
+ * Make sure we don't add the entry twice, assumes the DES
+ * encryption types are all the same key.
+ */
+ if (len > 0) {
+ int32_t kvno;
+ int i;
+
+ for (i = 0; i < len; i++) {
+ ret = krb5_ret_int32(sp, &kvno);
+ if (ret) {
+ krb5_set_error_string (context, "Failed to get kvno ");
+ goto out;
+ }
+ if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
+ krb5_set_error_string (context, "seek: %s", strerror(ret));
+ goto out;
+ }
+ if (kvno == entry->vno) {
+ ret = 0;
+ goto out;
+ }
+ }
+ }
+
+ len++;
+
+ if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "seek: %s", strerror(ret));
+ goto out;
+ }
+
+ ret = krb5_store_int32(sp, len);
+ if(ret) {
+ krb5_set_error_string(context, "keytab keyfile failed new length");
+ return ret;
+ }
+
+ if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "seek to end: %s", strerror(ret));
+ goto out;
+ }
+
+ ret = krb5_store_int32(sp, entry->vno);
+ if(ret) {
+ krb5_set_error_string(context, "keytab keyfile failed store kvno");
+ goto out;
+ }
+ ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
+ entry->keyblock.keyvalue.length);
+ if(ret != entry->keyblock.keyvalue.length) {
+ if (ret < 0)
+ ret = errno;
+ else
+ ret = ENOTTY;
+ krb5_set_error_string(context, "keytab keyfile failed to add key");
+ goto out;
+ }
+ ret = 0;
+out:
+ krb5_storage_free(sp);
+ close (fd);
+ return ret;
+}
+
+const krb5_kt_ops krb5_akf_ops = {
+ "AFSKEYFILE",
+ akf_resolve,
+ akf_get_name,
+ akf_close,
+ NULL, /* get */
+ akf_start_seq_get,
+ akf_next_entry,
+ akf_end_seq_get,
+ akf_add_entry,
+ NULL /* remove */
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/keytab_krb4.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keytab_krb4.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keytab_krb4.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,448 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab_krb4.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct krb4_kt_data {
+ char *filename;
+};
+
+static krb5_error_code
+krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ struct krb4_kt_data *d;
+
+ d = malloc (sizeof(*d));
+ if (d == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->filename = strdup (name);
+ if (d->filename == NULL) {
+ free(d);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ id->data = d;
+ return 0;
+}
+
+static krb5_error_code
+krb4_kt_get_name (krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t name_sz)
+{
+ struct krb4_kt_data *d = id->data;
+
+ strlcpy (name, d->filename, name_sz);
+ return 0;
+}
+
+static krb5_error_code
+krb4_kt_close (krb5_context context,
+ krb5_keytab id)
+{
+ struct krb4_kt_data *d = id->data;
+
+ free (d->filename);
+ free (d);
+ return 0;
+}
+
+struct krb4_cursor_extra_data {
+ krb5_keytab_entry entry;
+ int num;
+};
+
+static int
+open_flock(const char *filename, int flags, int mode)
+{
+ int lock_mode;
+ int tries = 0;
+ int fd = open(filename, flags, mode);
+ if(fd < 0)
+ return fd;
+ if((flags & O_ACCMODE) == O_RDONLY)
+ lock_mode = LOCK_SH | LOCK_NB;
+ else
+ lock_mode = LOCK_EX | LOCK_NB;
+ while(flock(fd, lock_mode) < 0) {
+ if(++tries < 5) {
+ sleep(1);
+ } else {
+ close(fd);
+ return -1;
+ }
+ }
+ return fd;
+}
+
+
+
+static krb5_error_code
+krb4_kt_start_seq_get_int (krb5_context context,
+ krb5_keytab id,
+ int flags,
+ krb5_kt_cursor *c)
+{
+ struct krb4_kt_data *d = id->data;
+ struct krb4_cursor_extra_data *ed;
+ int ret;
+
+ ed = malloc (sizeof(*ed));
+ if (ed == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ed->entry.principal = NULL;
+ ed->num = -1;
+ c->data = ed;
+ c->fd = open_flock (d->filename, flags, 0);
+ if (c->fd < 0) {
+ ret = errno;
+ free (ed);
+ krb5_set_error_string(context, "open(%s): %s", d->filename,
+ strerror(ret));
+ return ret;
+ }
+ c->sp = krb5_storage_from_fd(c->fd);
+ if(c->sp == NULL) {
+ close(c->fd);
+ free(ed);
+ return ENOMEM;
+ }
+ krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
+ return 0;
+}
+
+static krb5_error_code
+krb4_kt_start_seq_get (krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c);
+}
+
+static krb5_error_code
+read_v4_entry (krb5_context context,
+ struct krb4_kt_data *d,
+ krb5_kt_cursor *c,
+ struct krb4_cursor_extra_data *ed)
+{
+ unsigned char des_key[8];
+ krb5_error_code ret;
+ char *service, *instance, *realm;
+ int8_t kvno;
+
+ ret = krb5_ret_stringz(c->sp, &service);
+ if (ret)
+ return ret;
+ ret = krb5_ret_stringz(c->sp, &instance);
+ if (ret) {
+ free (service);
+ return ret;
+ }
+ ret = krb5_ret_stringz(c->sp, &realm);
+ if (ret) {
+ free (service);
+ free (instance);
+ return ret;
+ }
+ ret = krb5_425_conv_principal (context, service, instance, realm,
+ &ed->entry.principal);
+ free (service);
+ free (instance);
+ free (realm);
+ if (ret)
+ return ret;
+ ret = krb5_ret_int8(c->sp, &kvno);
+ if (ret) {
+ krb5_free_principal (context, ed->entry.principal);
+ return ret;
+ }
+ ret = krb5_storage_read(c->sp, des_key, sizeof(des_key));
+ if (ret < 0) {
+ krb5_free_principal(context, ed->entry.principal);
+ return ret;
+ }
+ if (ret < 8) {
+ krb5_free_principal(context, ed->entry.principal);
+ return EINVAL;
+ }
+ ed->entry.vno = kvno;
+ ret = krb5_data_copy (&ed->entry.keyblock.keyvalue,
+ des_key, sizeof(des_key));
+ if (ret)
+ return ret;
+ ed->entry.timestamp = time(NULL);
+ ed->num = 0;
+ return 0;
+}
+
+static krb5_error_code
+krb4_kt_next_entry (krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *c)
+{
+ krb5_error_code ret;
+ struct krb4_kt_data *d = id->data;
+ struct krb4_cursor_extra_data *ed = c->data;
+ const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5,
+ ETYPE_DES_CBC_MD4,
+ ETYPE_DES_CBC_CRC};
+
+ if (ed->num == -1) {
+ ret = read_v4_entry (context, d, c, ed);
+ if (ret)
+ return ret;
+ }
+ ret = krb5_kt_copy_entry_contents (context,
+ &ed->entry,
+ entry);
+ if (ret)
+ return ret;
+ entry->keyblock.keytype = keytypes[ed->num];
+ if (++ed->num == 3) {
+ krb5_kt_free_entry (context, &ed->entry);
+ ed->num = -1;
+ }
+ return 0;
+}
+
+static krb5_error_code
+krb4_kt_end_seq_get (krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ struct krb4_cursor_extra_data *ed = c->data;
+
+ krb5_storage_free (c->sp);
+ if (ed->num != -1)
+ krb5_kt_free_entry (context, &ed->entry);
+ free (c->data);
+ close (c->fd);
+ return 0;
+}
+
+static krb5_error_code
+krb4_store_keytab_entry(krb5_context context,
+ krb5_keytab_entry *entry,
+ krb5_storage *sp)
+{
+ krb5_error_code ret;
+#define ANAME_SZ 40
+#define INST_SZ 40
+#define REALM_SZ 40
+ char service[ANAME_SZ];
+ char instance[INST_SZ];
+ char realm[REALM_SZ];
+ ret = krb5_524_conv_principal (context, entry->principal,
+ service, instance, realm);
+ if (ret)
+ return ret;
+ if (entry->keyblock.keyvalue.length == 8
+ && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) {
+ ret = krb5_store_stringz(sp, service);
+ ret = krb5_store_stringz(sp, instance);
+ ret = krb5_store_stringz(sp, realm);
+ ret = krb5_store_int8(sp, entry->vno);
+ ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8);
+ }
+ return 0;
+}
+
+static krb5_error_code
+krb4_kt_add_entry (krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct krb4_kt_data *d = id->data;
+ krb5_storage *sp;
+ krb5_error_code ret;
+ int fd;
+
+ fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0);
+ if (fd < 0) {
+ fd = open_flock (d->filename,
+ O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
+ if (fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context, "open(%s): %s", d->filename,
+ strerror(ret));
+ return ret;
+ }
+ }
+ sp = krb5_storage_from_fd(fd);
+ if(sp == NULL) {
+ close(fd);
+ return ENOMEM;
+ }
+ krb5_storage_set_eof_code(sp, KRB5_KT_END);
+ ret = krb4_store_keytab_entry(context, entry, sp);
+ krb5_storage_free(sp);
+ if(close (fd) < 0)
+ return errno;
+ return ret;
+}
+
+static krb5_error_code
+krb4_kt_remove_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct krb4_kt_data *d = id->data;
+ krb5_error_code ret;
+ krb5_keytab_entry e;
+ krb5_kt_cursor cursor;
+ krb5_storage *sp;
+ int remove_flag = 0;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_kt_start_seq_get(context, id, &cursor);
+ if (ret) {
+ krb5_storage_free(sp);
+ return ret;
+ }
+ while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) {
+ if(!krb5_kt_compare(context, &e, entry->principal,
+ entry->vno, entry->keyblock.keytype)) {
+ ret = krb4_store_keytab_entry(context, &e, sp);
+ if(ret) {
+ krb5_kt_free_entry(context, &e);
+ krb5_storage_free(sp);
+ return ret;
+ }
+ } else
+ remove_flag = 1;
+ krb5_kt_free_entry(context, &e);
+ }
+ krb5_kt_end_seq_get(context, id, &cursor);
+ if(remove_flag) {
+ int fd;
+ unsigned char buf[1024];
+ ssize_t n;
+ krb5_data data;
+ struct stat st;
+
+ krb5_storage_to_data(sp, &data);
+ krb5_storage_free(sp);
+
+ fd = open_flock (d->filename, O_RDWR | O_BINARY, 0);
+ if(fd < 0) {
+ memset(data.data, 0, data.length);
+ krb5_data_free(&data);
+ if(errno == EACCES || errno == EROFS)
+ return KRB5_KT_NOWRITE;
+ return errno;
+ }
+
+ if(write(fd, data.data, data.length) != data.length) {
+ memset(data.data, 0, data.length);
+ krb5_data_free(&data);
+ close(fd);
+ krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
+ return errno;
+ }
+ memset(data.data, 0, data.length);
+ if(fstat(fd, &st) < 0) {
+ krb5_data_free(&data);
+ close(fd);
+ krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename);
+ return errno;
+ }
+ st.st_size -= data.length;
+ memset(buf, 0, sizeof(buf));
+ while(st.st_size > 0) {
+ n = min(st.st_size, sizeof(buf));
+ n = write(fd, buf, n);
+ if(n <= 0) {
+ krb5_data_free(&data);
+ close(fd);
+ krb5_set_error_string(context, "failed writing to \"%s\"", d->filename);
+ return errno;
+
+ }
+ st.st_size -= n;
+ }
+ if(ftruncate(fd, data.length) < 0) {
+ krb5_data_free(&data);
+ close(fd);
+ krb5_set_error_string(context, "failed truncating \"%s\"", d->filename);
+ return errno;
+ }
+ krb5_data_free(&data);
+ if(close(fd) < 0) {
+ krb5_set_error_string(context, "error closing \"%s\"", d->filename);
+ return errno;
+ }
+ return 0;
+ } else {
+ krb5_storage_free(sp);
+ return KRB5_KT_NOTFOUND;
+ }
+}
+
+
+const krb5_kt_ops krb4_fkt_ops = {
+ "krb4",
+ krb4_kt_resolve,
+ krb4_kt_get_name,
+ krb4_kt_close,
+ NULL, /* get */
+ krb4_kt_start_seq_get,
+ krb4_kt_next_entry,
+ krb4_kt_end_seq_get,
+ krb4_kt_add_entry, /* add_entry */
+ krb4_kt_remove_entry /* remove_entry */
+};
+
+const krb5_kt_ops krb5_srvtab_fkt_ops = {
+ "SRVTAB",
+ krb4_kt_resolve,
+ krb4_kt_get_name,
+ krb4_kt_close,
+ NULL, /* get */
+ krb4_kt_start_seq_get,
+ krb4_kt_next_entry,
+ krb4_kt_end_seq_get,
+ krb4_kt_add_entry, /* add_entry */
+ krb4_kt_remove_entry /* remove_entry */
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/keytab_memory.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/keytab_memory.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/keytab_memory.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: keytab_memory.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/* memory operations -------------------------------------------- */
+
+struct mkt_data {
+ krb5_keytab_entry *entries;
+ int num_entries;
+ char *name;
+ int refcount;
+ struct mkt_data *next;
+};
+
+/* this mutex protects mkt_head, ->refcount, and ->next
+ * content is not protected (name is static and need no protection)
+ */
+static HEIMDAL_MUTEX mkt_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static struct mkt_data *mkt_head;
+
+
+static krb5_error_code
+mkt_resolve(krb5_context context, const char *name, krb5_keytab id)
+{
+ struct mkt_data *d;
+
+ HEIMDAL_MUTEX_lock(&mkt_mutex);
+
+ for (d = mkt_head; d != NULL; d = d->next)
+ if (strcmp(d->name, name) == 0)
+ break;
+ if (d) {
+ if (d->refcount < 1)
+ krb5_abortx(context, "Double close on memory keytab, "
+ "refcount < 1 %d", d->refcount);
+ d->refcount++;
+ id->data = d;
+ HEIMDAL_MUTEX_unlock(&mkt_mutex);
+ return 0;
+ }
+
+ d = calloc(1, sizeof(*d));
+ if(d == NULL) {
+ HEIMDAL_MUTEX_unlock(&mkt_mutex);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->name = strdup(name);
+ if (d->name == NULL) {
+ HEIMDAL_MUTEX_unlock(&mkt_mutex);
+ free(d);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->entries = NULL;
+ d->num_entries = 0;
+ d->refcount = 1;
+ d->next = mkt_head;
+ mkt_head = d;
+ HEIMDAL_MUTEX_unlock(&mkt_mutex);
+ id->data = d;
+ return 0;
+}
+
+static krb5_error_code
+mkt_close(krb5_context context, krb5_keytab id)
+{
+ struct mkt_data *d = id->data, **dp;
+ int i;
+
+ HEIMDAL_MUTEX_lock(&mkt_mutex);
+ if (d->refcount < 1)
+ krb5_abortx(context,
+ "krb5 internal error, memory keytab refcount < 1 on close");
+
+ if (--d->refcount > 0) {
+ HEIMDAL_MUTEX_unlock(&mkt_mutex);
+ return 0;
+ }
+ for (dp = &mkt_head; *dp != NULL; dp = &(*dp)->next) {
+ if (*dp == d) {
+ *dp = d->next;
+ break;
+ }
+ }
+ HEIMDAL_MUTEX_unlock(&mkt_mutex);
+
+ free(d->name);
+ for(i = 0; i < d->num_entries; i++)
+ krb5_kt_free_entry(context, &d->entries[i]);
+ free(d->entries);
+ free(d);
+ return 0;
+}
+
+static krb5_error_code
+mkt_get_name(krb5_context context,
+ krb5_keytab id,
+ char *name,
+ size_t namesize)
+{
+ struct mkt_data *d = id->data;
+ strlcpy(name, d->name, namesize);
+ return 0;
+}
+
+static krb5_error_code
+mkt_start_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *c)
+{
+ /* XXX */
+ c->fd = 0;
+ return 0;
+}
+
+static krb5_error_code
+mkt_next_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry,
+ krb5_kt_cursor *c)
+{
+ struct mkt_data *d = id->data;
+ if(c->fd >= d->num_entries)
+ return KRB5_KT_END;
+ return krb5_kt_copy_entry_contents(context, &d->entries[c->fd++], entry);
+}
+
+static krb5_error_code
+mkt_end_seq_get(krb5_context context,
+ krb5_keytab id,
+ krb5_kt_cursor *cursor)
+{
+ return 0;
+}
+
+static krb5_error_code
+mkt_add_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct mkt_data *d = id->data;
+ krb5_keytab_entry *tmp;
+ tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries));
+ if(tmp == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ d->entries = tmp;
+ return krb5_kt_copy_entry_contents(context, entry,
+ &d->entries[d->num_entries++]);
+}
+
+static krb5_error_code
+mkt_remove_entry(krb5_context context,
+ krb5_keytab id,
+ krb5_keytab_entry *entry)
+{
+ struct mkt_data *d = id->data;
+ krb5_keytab_entry *e, *end;
+ int found = 0;
+
+ if (d->num_entries == 0) {
+ krb5_clear_error_string(context);
+ return KRB5_KT_NOTFOUND;
+ }
+
+ /* do this backwards to minimize copying */
+ for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) {
+ if(krb5_kt_compare(context, e, entry->principal,
+ entry->vno, entry->keyblock.keytype)) {
+ krb5_kt_free_entry(context, e);
+ memmove(e, e + 1, (end - e - 1) * sizeof(*e));
+ memset(end - 1, 0, sizeof(*end));
+ d->num_entries--;
+ end--;
+ found = 1;
+ }
+ }
+ if (!found) {
+ krb5_clear_error_string (context);
+ return KRB5_KT_NOTFOUND;
+ }
+ e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
+ if(e != NULL || d->num_entries == 0)
+ d->entries = e;
+ return 0;
+}
+
+const krb5_kt_ops krb5_mkt_ops = {
+ "MEMORY",
+ mkt_resolve,
+ mkt_get_name,
+ mkt_close,
+ NULL, /* get */
+ mkt_start_seq_get,
+ mkt_next_entry,
+ mkt_end_seq_get,
+ mkt_add_entry,
+ mkt_remove_entry
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5-private.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5-private.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5-private.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,447 @@
+/* This is a generated file */
+#ifndef __krb5_private_h__
+#define __krb5_private_h__
+
+#include <stdarg.h>
+
+void KRB5_LIB_FUNCTION
+_krb5_aes_cts_encrypt (
+ const unsigned char */*in*/,
+ unsigned char */*out*/,
+ size_t /*len*/,
+ const AES_KEY */*key*/,
+ unsigned char */*ivec*/,
+ const int /*encryptp*/);
+
+krb5_error_code
+_krb5_cc_allocate (
+ krb5_context /*context*/,
+ const krb5_cc_ops */*ops*/,
+ krb5_ccache */*id*/);
+
+void
+_krb5_crc_init_table (void);
+
+uint32_t
+_krb5_crc_update (
+ const char */*p*/,
+ size_t /*len*/,
+ uint32_t /*res*/);
+
+krb5_error_code
+_krb5_dh_group_ok (
+ krb5_context /*context*/,
+ unsigned long /*bits*/,
+ heim_integer */*p*/,
+ heim_integer */*g*/,
+ heim_integer */*q*/,
+ struct krb5_dh_moduli **/*moduli*/,
+ char **/*name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_enctype_to_oid (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ heim_oid */*oid*/);
+
+krb5_error_code
+_krb5_expand_default_cc_name (
+ krb5_context /*context*/,
+ const char */*str*/,
+ char **/*res*/);
+
+int
+_krb5_extract_ticket (
+ krb5_context /*context*/,
+ krb5_kdc_rep */*rep*/,
+ krb5_creds */*creds*/,
+ krb5_keyblock */*key*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_key_usage /*key_usage*/,
+ krb5_addresses */*addrs*/,
+ unsigned /*nonce*/,
+ unsigned /*flags*/,
+ krb5_decrypt_proc /*decrypt_proc*/,
+ krb5_const_pointer /*decryptarg*/);
+
+void
+_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/);
+
+void
+_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/);
+
+krb5_error_code
+_krb5_get_default_principal_local (
+ krb5_context /*context*/,
+ krb5_principal */*princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_get_host_realm_int (
+ krb5_context /*context*/,
+ const char */*host*/,
+ krb5_boolean /*use_dns*/,
+ krb5_realm **/*realms*/);
+
+krb5_error_code
+_krb5_get_init_creds_opt_copy (
+ krb5_context /*context*/,
+ const krb5_get_init_creds_opt */*in*/,
+ krb5_get_init_creds_opt **/*out*/);
+
+void KRB5_LIB_FUNCTION
+_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+_krb5_get_init_creds_opt_set_krb5_error (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ const KRB_ERROR */*error*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+_krb5_get_int (
+ void */*buffer*/,
+ unsigned long */*value*/,
+ size_t /*size*/);
+
+krb5_error_code
+_krb5_get_krbtgt (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_realm /*realm*/,
+ krb5_creds **/*cred*/);
+
+krb5_error_code
+_krb5_kcm_chmod (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ uint16_t /*mode*/);
+
+krb5_error_code
+_krb5_kcm_chown (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ uint32_t /*uid*/,
+ uint32_t /*gid*/);
+
+krb5_error_code
+_krb5_kcm_get_initial_ticket (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_principal /*server*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code
+_krb5_kcm_get_ticket (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_kdc_flags /*flags*/,
+ krb5_enctype /*enctype*/,
+ krb5_principal /*server*/);
+
+krb5_boolean
+_krb5_kcm_is_running (krb5_context /*context*/);
+
+krb5_error_code
+_krb5_kcm_noop (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+krb5_error_code
+_krb5_kdc_retry (
+ krb5_context /*context*/,
+ krb5_sendto_ctx /*ctx*/,
+ void */*data*/,
+ const krb5_data */*reply*/,
+ int */*action*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_cr_err_reply (
+ krb5_context /*context*/,
+ const char */*name*/,
+ const char */*inst*/,
+ const char */*realm*/,
+ uint32_t /*time_ws*/,
+ uint32_t /*e*/,
+ const char */*e_string*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_create_auth_reply (
+ krb5_context /*context*/,
+ const char */*pname*/,
+ const char */*pinst*/,
+ const char */*prealm*/,
+ int32_t /*time_ws*/,
+ int /*n*/,
+ uint32_t /*x_date*/,
+ unsigned char /*kvno*/,
+ const krb5_data */*cipher*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_create_ciph (
+ krb5_context /*context*/,
+ const krb5_keyblock */*session*/,
+ const char */*service*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ uint32_t /*life*/,
+ unsigned char /*kvno*/,
+ const krb5_data */*ticket*/,
+ uint32_t /*kdc_time*/,
+ const krb5_keyblock */*key*/,
+ krb5_data */*enc_data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_create_ticket (
+ krb5_context /*context*/,
+ unsigned char /*flags*/,
+ const char */*pname*/,
+ const char */*pinstance*/,
+ const char */*prealm*/,
+ int32_t /*paddress*/,
+ const krb5_keyblock */*session*/,
+ int16_t /*life*/,
+ int32_t /*life_sec*/,
+ const char */*sname*/,
+ const char */*sinstance*/,
+ const krb5_keyblock */*key*/,
+ krb5_data */*enc_data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_decomp_ticket (
+ krb5_context /*context*/,
+ const krb5_data */*enc_ticket*/,
+ const krb5_keyblock */*key*/,
+ const char */*local_realm*/,
+ char **/*sname*/,
+ char **/*sinstance*/,
+ struct _krb5_krb_auth_data */*ad*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_dest_tkt (
+ krb5_context /*context*/,
+ const char */*tkfile*/);
+
+void KRB5_LIB_FUNCTION
+_krb5_krb_free_auth_data (
+ krb5_context /*context*/,
+ struct _krb5_krb_auth_data */*ad*/);
+
+time_t KRB5_LIB_FUNCTION
+_krb5_krb_life_to_time (
+ int /*start*/,
+ int /*life_*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_rd_req (
+ krb5_context /*context*/,
+ krb5_data */*authent*/,
+ const char */*service*/,
+ const char */*instance*/,
+ const char */*local_realm*/,
+ int32_t /*from_addr*/,
+ const krb5_keyblock */*key*/,
+ struct _krb5_krb_auth_data */*ad*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_tf_setup (
+ krb5_context /*context*/,
+ struct credentials */*v4creds*/,
+ const char */*tkfile*/,
+ int /*append*/);
+
+int KRB5_LIB_FUNCTION
+_krb5_krb_time_to_life (
+ time_t /*start*/,
+ time_t /*end*/);
+
+krb5_error_code
+_krb5_krbhost_info_move (
+ krb5_context /*context*/,
+ krb5_krbhst_info */*from*/,
+ krb5_krbhst_info **/*to*/);
+
+krb5_error_code
+_krb5_mk_req_internal (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ krb5_data */*in_data*/,
+ krb5_creds */*in_creds*/,
+ krb5_data */*outbuf*/,
+ krb5_key_usage /*checksum_usage*/,
+ krb5_key_usage /*encrypt_usage*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_n_fold (
+ const void */*str*/,
+ size_t /*len*/,
+ void */*key*/,
+ size_t /*size*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_oid_to_enctype (
+ krb5_context /*context*/,
+ const heim_oid */*oid*/,
+ krb5_enctype */*etype*/);
+
+krb5_error_code
+_krb5_pac_sign (
+ krb5_context /*context*/,
+ krb5_pac /*p*/,
+ time_t /*authtime*/,
+ krb5_principal /*principal*/,
+ const krb5_keyblock */*server_key*/,
+ const krb5_keyblock */*priv_key*/,
+ krb5_data */*data*/);
+
+krb5_error_code
+_krb5_parse_moduli (
+ krb5_context /*context*/,
+ const char */*file*/,
+ struct krb5_dh_moduli ***/*moduli*/);
+
+krb5_error_code
+_krb5_parse_moduli_line (
+ krb5_context /*context*/,
+ const char */*file*/,
+ int /*lineno*/,
+ char */*p*/,
+ struct krb5_dh_moduli **/*m*/);
+
+void KRB5_LIB_FUNCTION
+_krb5_pk_allow_proxy_certificate (
+ struct krb5_pk_identity */*id*/,
+ int /*boolean*/);
+
+void KRB5_LIB_FUNCTION
+_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_load_id (
+ krb5_context /*context*/,
+ struct krb5_pk_identity **/*ret_id*/,
+ const char */*user_id*/,
+ const char */*anchor_id*/,
+ char * const */*chain_list*/,
+ char * const */*revoke_list*/,
+ krb5_prompter_fct /*prompter*/,
+ void */*prompter_data*/,
+ char */*password*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_mk_ContentInfo (
+ krb5_context /*context*/,
+ const krb5_data */*buf*/,
+ const heim_oid */*oid*/,
+ struct ContentInfo */*content_info*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_mk_padata (
+ krb5_context /*context*/,
+ void */*c*/,
+ const KDC_REQ_BODY */*req_body*/,
+ unsigned /*nonce*/,
+ METHOD_DATA */*md*/);
+
+krb5_error_code
+_krb5_pk_octetstring2key (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ const void */*dhdata*/,
+ size_t /*dhsize*/,
+ const heim_octet_string */*c_n*/,
+ const heim_octet_string */*k_n*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_rd_pa_reply (
+ krb5_context /*context*/,
+ const char */*realm*/,
+ void */*c*/,
+ krb5_enctype /*etype*/,
+ const krb5_krbhst_info */*hi*/,
+ unsigned /*nonce*/,
+ const krb5_data */*req_buffer*/,
+ PA_DATA */*pa*/,
+ krb5_keyblock **/*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_verify_sign (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ struct krb5_pk_identity */*id*/,
+ heim_oid */*contentType*/,
+ krb5_data */*content*/,
+ struct krb5_pk_cert **/*signer*/);
+
+krb5_error_code
+_krb5_plugin_find (
+ krb5_context /*context*/,
+ enum krb5_plugin_type /*type*/,
+ const char */*name*/,
+ struct krb5_plugin **/*list*/);
+
+void
+_krb5_plugin_free (struct krb5_plugin */*list*/);
+
+struct krb5_plugin *
+_krb5_plugin_get_next (struct krb5_plugin */*p*/);
+
+void *
+_krb5_plugin_get_symbol (struct krb5_plugin */*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_principal2principalname (
+ PrincipalName */*p*/,
+ const krb5_principal /*from*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_principalname2krb5_principal (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ const PrincipalName /*from*/,
+ const Realm /*realm*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+_krb5_put_int (
+ void */*buffer*/,
+ unsigned long /*value*/,
+ size_t /*size*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_rd_req_out_ctx_alloc (
+ krb5_context /*context*/,
+ krb5_rd_req_out_ctx */*ctx*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_s4u2self_to_checksumdata (
+ krb5_context /*context*/,
+ const PA_S4U2Self */*self*/,
+ krb5_data */*data*/);
+
+int
+_krb5_send_and_recv_tcp (
+ int /*fd*/,
+ time_t /*tmout*/,
+ const krb5_data */*req*/,
+ krb5_data */*rep*/);
+
+int
+_krb5_xlock (
+ krb5_context /*context*/,
+ int /*fd*/,
+ krb5_boolean /*exclusive*/,
+ const char */*filename*/);
+
+int
+_krb5_xunlock (
+ krb5_context /*context*/,
+ int /*fd*/);
+
+#endif /* __krb5_private_h__ */
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4114 @@
+/* This is a generated file */
+#ifndef __krb5_protos_h__
+#define __krb5_protos_h__
+
+#include <stdarg.h>
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef KRB5_LIB_FUNCTION
+#if defined(_WIN32)
+#define KRB5_LIB_FUNCTION _stdcall
+#else
+#define KRB5_LIB_FUNCTION
+#endif
+#endif
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb524_convert_creds_kdc (
+ krb5_context /*context*/,
+ krb5_creds */*in_cred*/,
+ struct credentials */*v4creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb524_convert_creds_kdc_ccache (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_cred*/,
+ struct credentials */*v4creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_425_conv_principal (
+ krb5_context /*context*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ krb5_principal */*princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_425_conv_principal_ext (
+ krb5_context /*context*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ krb5_boolean (*/*func*/)(krb5_context, krb5_principal),
+ krb5_boolean /*resolve*/,
+ krb5_principal */*principal*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_425_conv_principal_ext2 (
+ krb5_context /*context*/,
+ const char */*name*/,
+ const char */*instance*/,
+ const char */*realm*/,
+ krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal),
+ void */*funcctx*/,
+ krb5_boolean /*resolve*/,
+ krb5_principal */*princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_524_conv_principal (
+ krb5_context /*context*/,
+ const krb5_principal /*principal*/,
+ char */*name*/,
+ char */*instance*/,
+ char */*realm*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_abort (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((noreturn, format (printf, 3, 4)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_abortx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((noreturn, format (printf, 2, 3)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_acl_match_file (
+ krb5_context /*context*/,
+ const char */*file*/,
+ const char */*format*/,
+ ...);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_acl_match_string (
+ krb5_context /*context*/,
+ const char */*string*/,
+ const char */*format*/,
+ ...);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_add_et_list (
+ krb5_context /*context*/,
+ void (*/*func*/)(struct et_list **));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_add_extra_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_add_ignore_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_addlog_dest (
+ krb5_context /*context*/,
+ krb5_log_facility */*f*/,
+ const char */*orig*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_addlog_func (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*min*/,
+ int /*max*/,
+ krb5_log_log_func_t /*log_func*/,
+ krb5_log_close_func_t /*close_func*/,
+ void */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_addr2sockaddr (
+ krb5_context /*context*/,
+ const krb5_address */*addr*/,
+ struct sockaddr */*sa*/,
+ krb5_socklen_t */*sa_size*/,
+ int /*port*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_address_compare (
+ krb5_context /*context*/,
+ const krb5_address */*addr1*/,
+ const krb5_address */*addr2*/);
+
+int KRB5_LIB_FUNCTION
+krb5_address_order (
+ krb5_context /*context*/,
+ const krb5_address */*addr1*/,
+ const krb5_address */*addr2*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_address_prefixlen_boundary (
+ krb5_context /*context*/,
+ const krb5_address */*inaddr*/,
+ unsigned long /*prefixlen*/,
+ krb5_address */*low*/,
+ krb5_address */*high*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_address_search (
+ krb5_context /*context*/,
+ const krb5_address */*addr*/,
+ const krb5_addresses */*addrlist*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_aname_to_localname (
+ krb5_context /*context*/,
+ krb5_const_principal /*aname*/,
+ size_t /*lnsize*/,
+ char */*lname*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_anyaddr (
+ krb5_context /*context*/,
+ int /*af*/,
+ struct sockaddr */*sa*/,
+ krb5_socklen_t */*sa_size*/,
+ int /*port*/);
+
+void KRB5_LIB_FUNCTION
+krb5_appdefault_boolean (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ const char */*option*/,
+ krb5_boolean /*def_val*/,
+ krb5_boolean */*ret_val*/);
+
+void KRB5_LIB_FUNCTION
+krb5_appdefault_string (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ const char */*option*/,
+ const char */*def_val*/,
+ char **/*ret_val*/);
+
+void KRB5_LIB_FUNCTION
+krb5_appdefault_time (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ const char */*option*/,
+ time_t /*def_val*/,
+ time_t */*ret_val*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_append_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*dest*/,
+ const krb5_addresses */*source*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_addflags (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*addflags*/,
+ int32_t */*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_free (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_genaddrs (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int /*fd*/,
+ int /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_generatelocalsubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getaddrs (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_address **/*local_addr*/,
+ krb5_address **/*remote_addr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getauthenticator (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_authenticator */*authenticator*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getcksumtype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_cksumtype */*cksumtype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getflags (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t */*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock **/*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getkeytype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keytype */*keytype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getlocalseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t */*seqnumber*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getlocalsubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock **/*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getrcache (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_rcache */*rcache*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_getremotesubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock **/*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_init (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_removeflags (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*removeflags*/,
+ int32_t */*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setaddrs (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_address */*local_addr*/,
+ krb5_address */*remote_addr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setaddrs_from_fd (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ void */*p_fd*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setcksumtype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_cksumtype /*cksumtype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setflags (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setkeytype (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keytype /*keytype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setlocalseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*seqnumber*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setlocalsubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setrcache (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_rcache /*rcache*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setremoteseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t /*seqnumber*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setremotesubkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_con_setuserkey (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_auth_getremoteseqnumber (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ int32_t */*seqnumber*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_ap_req (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_creds */*cred*/,
+ krb5_flags /*ap_options*/,
+ krb5_data /*authenticator*/,
+ krb5_data */*retdata*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_authenticator (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_enctype /*enctype*/,
+ krb5_creds */*cred*/,
+ Checksum */*cksum*/,
+ Authenticator **/*auth_result*/,
+ krb5_data */*result*/,
+ krb5_key_usage /*usage*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ ...);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal_ext (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ ...);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal_va (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ va_list /*ap*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal_va_ext (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ int /*rlen*/,
+ krb5_const_realm /*realm*/,
+ va_list /*ap*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_block_size (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ size_t */*blocksize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_checksum_length (
+ krb5_context /*context*/,
+ krb5_cksumtype /*cksumtype*/,
+ size_t */*length*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_decrypt (
+ krb5_context /*context*/,
+ const krb5_keyblock /*key*/,
+ krb5_keyusage /*usage*/,
+ const krb5_data */*ivec*/,
+ krb5_enc_data */*input*/,
+ krb5_data */*output*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_encrypt (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_keyusage /*usage*/,
+ const krb5_data */*ivec*/,
+ const krb5_data */*input*/,
+ krb5_enc_data */*output*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_encrypt_length (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ size_t /*inputlen*/,
+ size_t */*length*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_enctype_compare (
+ krb5_context /*context*/,
+ krb5_enctype /*e1*/,
+ krb5_enctype /*e2*/,
+ krb5_boolean */*similar*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_get_checksum (
+ krb5_context /*context*/,
+ const krb5_checksum */*cksum*/,
+ krb5_cksumtype */*type*/,
+ krb5_data **/*data*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_keylengths (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ size_t */*ilen*/,
+ size_t */*keylen*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_make_checksum (
+ krb5_context /*context*/,
+ krb5_cksumtype /*cksumtype*/,
+ const krb5_keyblock */*key*/,
+ krb5_keyusage /*usage*/,
+ const krb5_data */*input*/,
+ krb5_checksum */*cksum*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_make_random_key (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_keyblock */*random_key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_prf (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ const krb5_data */*input*/,
+ krb5_data */*output*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_prf_length (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ size_t */*length*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_set_checksum (
+ krb5_context /*context*/,
+ krb5_checksum */*cksum*/,
+ krb5_cksumtype /*type*/,
+ const krb5_data */*data*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_valid_enctype (krb5_enctype /*etype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_verify_checksum (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_keyusage /*usage*/,
+ const krb5_data */*data*/,
+ const krb5_checksum */*cksum*/,
+ krb5_boolean */*valid*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_end_seq_get (
+ krb5_context /*context*/,
+ krb5_cc_cache_cursor /*cursor*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_get_first (
+ krb5_context /*context*/,
+ const char */*type*/,
+ krb5_cc_cache_cursor */*cursor*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_match (
+ krb5_context /*context*/,
+ krb5_principal /*client*/,
+ const char */*type*/,
+ krb5_ccache */*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_cache_next (
+ krb5_context /*context*/,
+ krb5_cc_cache_cursor /*cursor*/,
+ krb5_ccache */*id*/);
+
+void KRB5_LIB_FUNCTION
+krb5_cc_clear_mcred (krb5_creds */*mcred*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_close (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_copy_cache (
+ krb5_context /*context*/,
+ const krb5_ccache /*from*/,
+ krb5_ccache /*to*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_copy_cache_match (
+ krb5_context /*context*/,
+ const krb5_ccache /*from*/,
+ krb5_ccache /*to*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds * /*mcreds*/,
+ unsigned int */*matched*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_default (
+ krb5_context /*context*/,
+ krb5_ccache */*id*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_cc_default_name (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_destroy (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_end_seq_get (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor */*cursor*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_gen_new (
+ krb5_context /*context*/,
+ const krb5_cc_ops */*ops*/,
+ krb5_ccache */*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_full_name (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ char **/*str*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_cc_get_name (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+const krb5_cc_ops *
+krb5_cc_get_ops (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+const krb5_cc_ops *
+krb5_cc_get_prefix_ops (
+ krb5_context /*context*/,
+ const char */*prefix*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_principal (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_principal */*principal*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_cc_get_type (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_version (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_initialize (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_principal /*primary_principal*/);
+
+krb5_error_code
+krb5_cc_move (
+ krb5_context /*context*/,
+ krb5_ccache /*from*/,
+ krb5_ccache /*to*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_new_unique (
+ krb5_context /*context*/,
+ const char */*type*/,
+ const char */*hint*/,
+ krb5_ccache */*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_next_cred (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor */*cursor*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_next_cred_match (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor * /*cursor*/,
+ krb5_creds * /*creds*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds * /*mcreds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_register (
+ krb5_context /*context*/,
+ const krb5_cc_ops */*ops*/,
+ krb5_boolean /*override*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_remove_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_flags /*which*/,
+ krb5_creds */*cred*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_resolve (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_ccache */*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_retrieve_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds */*mcreds*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_set_default_name (
+ krb5_context /*context*/,
+ const char */*name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_set_flags (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_flags /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_start_seq_get (
+ krb5_context /*context*/,
+ const krb5_ccache /*id*/,
+ krb5_cc_cursor */*cursor*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_store_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_change_password (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ const char */*newpw*/,
+ int */*result_code*/,
+ krb5_data */*result_code_string*/,
+ krb5_data */*result_string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_check_transited (
+ krb5_context /*context*/,
+ krb5_const_realm /*client_realm*/,
+ krb5_const_realm /*server_realm*/,
+ krb5_realm */*realms*/,
+ int /*num_realms*/,
+ int */*bad_realm*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_check_transited_realms (
+ krb5_context /*context*/,
+ const char *const */*realms*/,
+ int /*num_realms*/,
+ int */*bad_realm*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_checksum_disable (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/);
+
+void KRB5_LIB_FUNCTION
+krb5_checksum_free (
+ krb5_context /*context*/,
+ krb5_checksum */*cksum*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_checksum_is_collision_proof (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_checksum_is_keyed (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_checksumsize (
+ krb5_context /*context*/,
+ krb5_cksumtype /*type*/,
+ size_t */*size*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cksumtype_valid (
+ krb5_context /*context*/,
+ krb5_cksumtype /*ctype*/);
+
+void KRB5_LIB_FUNCTION
+krb5_clear_error_string (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_closelog (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_compare_creds (
+ krb5_context /*context*/,
+ krb5_flags /*whichfields*/,
+ const krb5_creds * /*mcreds*/,
+ const krb5_creds * /*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_file_free (
+ krb5_context /*context*/,
+ krb5_config_section */*s*/);
+
+void KRB5_LIB_FUNCTION
+krb5_config_free_strings (char **/*strings*/);
+
+const void *
+krb5_config_get (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*type*/,
+ ...);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_get_bool (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_get_bool_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ krb5_boolean /*def_value*/,
+ ...);
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_int (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_int_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ ...);
+
+const krb5_config_binding *
+krb5_config_get_list (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
+
+const void *
+krb5_config_get_next (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const krb5_config_binding **/*pointer*/,
+ int /*type*/,
+ ...);
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_get_string (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_get_string_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const char */*def_value*/,
+ ...);
+
+char**
+krb5_config_get_strings (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_time (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ ...);
+
+int KRB5_LIB_FUNCTION
+krb5_config_get_time_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ ...);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_file (
+ krb5_context /*context*/,
+ const char */*fname*/,
+ krb5_config_section **/*res*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_file_multi (
+ krb5_context /*context*/,
+ const char */*fname*/,
+ krb5_config_section **/*res*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_config_parse_string_multi (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_config_section **/*res*/);
+
+const void *
+krb5_config_vget (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*type*/,
+ va_list /*args*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_vget_bool (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_config_vget_bool_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ krb5_boolean /*def_value*/,
+ va_list /*args*/);
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_int (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_int_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ va_list /*args*/);
+
+const krb5_config_binding *
+krb5_config_vget_list (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
+
+const void *
+krb5_config_vget_next (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const krb5_config_binding **/*pointer*/,
+ int /*type*/,
+ va_list /*args*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_vget_string (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_config_vget_string_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ const char */*def_value*/,
+ va_list /*args*/);
+
+char ** KRB5_LIB_FUNCTION
+krb5_config_vget_strings (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_time (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ va_list /*args*/);
+
+int KRB5_LIB_FUNCTION
+krb5_config_vget_time_default (
+ krb5_context /*context*/,
+ const krb5_config_section */*c*/,
+ int /*def_value*/,
+ va_list /*args*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_address (
+ krb5_context /*context*/,
+ const krb5_address */*inaddr*/,
+ krb5_address */*outaddr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_addresses (
+ krb5_context /*context*/,
+ const krb5_addresses */*inaddr*/,
+ krb5_addresses */*outaddr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_checksum (
+ krb5_context /*context*/,
+ const krb5_checksum */*old*/,
+ krb5_checksum **/*new*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_creds (
+ krb5_context /*context*/,
+ const krb5_creds */*incred*/,
+ krb5_creds **/*outcred*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_creds_contents (
+ krb5_context /*context*/,
+ const krb5_creds */*incred*/,
+ krb5_creds */*c*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_data (
+ krb5_context /*context*/,
+ const krb5_data */*indata*/,
+ krb5_data **/*outdata*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_host_realm (
+ krb5_context /*context*/,
+ const krb5_realm */*from*/,
+ krb5_realm **/*to*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_keyblock (
+ krb5_context /*context*/,
+ const krb5_keyblock */*inblock*/,
+ krb5_keyblock **/*to*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_keyblock_contents (
+ krb5_context /*context*/,
+ const krb5_keyblock */*inblock*/,
+ krb5_keyblock */*to*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_principal (
+ krb5_context /*context*/,
+ krb5_const_principal /*inprinc*/,
+ krb5_principal */*outprinc*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_ticket (
+ krb5_context /*context*/,
+ const krb5_ticket */*from*/,
+ krb5_ticket **/*to*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_create_checksum (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ krb5_key_usage /*usage*/,
+ int /*type*/,
+ void */*data*/,
+ size_t /*len*/,
+ Checksum */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_destroy (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_get_checksum_type (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ krb5_cksumtype */*type*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getblocksize (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ size_t */*blocksize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getconfoundersize (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ size_t */*confoundersize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getenctype (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ krb5_enctype */*enctype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getpadsize (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ size_t */*padsize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_init (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_enctype /*etype*/,
+ krb5_crypto */*crypto*/);
+
+size_t
+krb5_crypto_overhead (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_prf (
+ krb5_context /*context*/,
+ const krb5_crypto /*crypto*/,
+ const krb5_data */*input*/,
+ krb5_data */*output*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_prf_length (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ size_t */*length*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_data_alloc (
+ krb5_data */*p*/,
+ int /*len*/);
+
+int KRB5_LIB_FUNCTION
+krb5_data_cmp (
+ const krb5_data */*data1*/,
+ const krb5_data */*data2*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_data_copy (
+ krb5_data */*p*/,
+ const void */*data*/,
+ size_t /*len*/);
+
+void KRB5_LIB_FUNCTION
+krb5_data_free (krb5_data */*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_data_realloc (
+ krb5_data */*p*/,
+ int /*len*/);
+
+void KRB5_LIB_FUNCTION
+krb5_data_zero (krb5_data */*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_Authenticator (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ Authenticator */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_ETYPE_INFO (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ ETYPE_INFO */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_ETYPE_INFO2 (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ ETYPE_INFO2 */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncAPRepPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncAPRepPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncASRepPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncASRepPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncKrbCredPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncKrbCredPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncTGSRepPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncTGSRepPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_EncTicketPart (
+ krb5_context /*context*/,
+ const void */*data*/,
+ size_t /*length*/,
+ EncTicketPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_ap_req (
+ krb5_context /*context*/,
+ const krb5_data */*inbuf*/,
+ krb5_ap_req */*ap_req*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_EncryptedData (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ const EncryptedData */*e*/,
+ krb5_data */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_ivec (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/,
+ void */*ivec*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_ticket (
+ krb5_context /*context*/,
+ Ticket */*ticket*/,
+ krb5_keyblock */*key*/,
+ EncTicketPart */*out*/,
+ krb5_flags /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_derive_key (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_enctype /*etype*/,
+ const void */*constant*/,
+ size_t /*constant_len*/,
+ krb5_keyblock **/*derived_key*/);
+
+krb5_error_code
+krb5_digest_alloc (
+ krb5_context /*context*/,
+ krb5_digest */*digest*/);
+
+void
+krb5_digest_free (krb5_digest /*digest*/);
+
+krb5_error_code
+krb5_digest_get_client_binding (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ char **/*type*/,
+ char **/*binding*/);
+
+const char *
+krb5_digest_get_identifier (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/);
+
+const char *
+krb5_digest_get_opaque (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/);
+
+const char *
+krb5_digest_get_rsp (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/);
+
+const char *
+krb5_digest_get_server_nonce (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/);
+
+krb5_error_code
+krb5_digest_get_session_key (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ krb5_data */*data*/);
+
+krb5_error_code
+krb5_digest_get_tickets (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ Ticket **/*tickets*/);
+
+krb5_error_code
+krb5_digest_init_request (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ krb5_realm /*realm*/,
+ krb5_ccache /*ccache*/);
+
+krb5_error_code
+krb5_digest_probe (
+ krb5_context /*context*/,
+ krb5_realm /*realm*/,
+ krb5_ccache /*ccache*/,
+ unsigned */*flags*/);
+
+krb5_boolean
+krb5_digest_rep_get_status (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/);
+
+krb5_error_code
+krb5_digest_request (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ krb5_realm /*realm*/,
+ krb5_ccache /*ccache*/);
+
+krb5_error_code
+krb5_digest_set_authentication_user (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ krb5_principal /*authentication_user*/);
+
+krb5_error_code
+krb5_digest_set_authid (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*authid*/);
+
+krb5_error_code
+krb5_digest_set_client_nonce (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*nonce*/);
+
+krb5_error_code
+krb5_digest_set_digest (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*dgst*/);
+
+krb5_error_code
+krb5_digest_set_hostname (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*hostname*/);
+
+krb5_error_code
+krb5_digest_set_identifier (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*id*/);
+
+krb5_error_code
+krb5_digest_set_method (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*method*/);
+
+krb5_error_code
+krb5_digest_set_nonceCount (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*nonce_count*/);
+
+krb5_error_code
+krb5_digest_set_opaque (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*opaque*/);
+
+krb5_error_code
+krb5_digest_set_qop (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*qop*/);
+
+krb5_error_code
+krb5_digest_set_realm (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*realm*/);
+
+int
+krb5_digest_set_responseData (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*response*/);
+
+krb5_error_code
+krb5_digest_set_server_cb (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*type*/,
+ const char */*binding*/);
+
+krb5_error_code
+krb5_digest_set_server_nonce (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*nonce*/);
+
+krb5_error_code
+krb5_digest_set_type (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*type*/);
+
+krb5_error_code
+krb5_digest_set_uri (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*uri*/);
+
+krb5_error_code
+krb5_digest_set_username (
+ krb5_context /*context*/,
+ krb5_digest /*digest*/,
+ const char */*username*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_domain_x500_decode (
+ krb5_context /*context*/,
+ krb5_data /*tr*/,
+ char ***/*realms*/,
+ int */*num_realms*/,
+ const char */*client_realm*/,
+ const char */*server_realm*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_domain_x500_encode (
+ char **/*realms*/,
+ int /*num_realms*/,
+ krb5_data */*encoding*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_eai_to_heim_errno (
+ int /*eai_errno*/,
+ int /*system_error*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_Authenticator (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ Authenticator */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_ETYPE_INFO (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ ETYPE_INFO */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_ETYPE_INFO2 (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ ETYPE_INFO2 */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncAPRepPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncAPRepPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncASRepPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncASRepPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncKrbCredPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncKrbCredPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncTGSRepPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncTGSRepPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encode_EncTicketPart (
+ krb5_context /*context*/,
+ void */*data*/,
+ size_t /*length*/,
+ EncTicketPart */*t*/,
+ size_t */*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ const void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt_EncryptedData (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ int /*kvno*/,
+ EncryptedData */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_encrypt_ivec (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ unsigned /*usage*/,
+ const void */*data*/,
+ size_t /*len*/,
+ krb5_data */*result*/,
+ void */*ivec*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_disable (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_keybits (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ size_t */*keybits*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_keysize (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ size_t */*keysize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_to_keytype (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ krb5_keytype */*keytype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_to_string (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ char **/*string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_valid (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_enctypes_compatible_keys (
+ krb5_context /*context*/,
+ krb5_enctype /*etype1*/,
+ krb5_enctype /*etype2*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_err (
+ krb5_context /*context*/,
+ int /*eval*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((noreturn, format (printf, 4, 5)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+ __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_error_from_rd_error (
+ krb5_context /*context*/,
+ const krb5_error */*error*/,
+ const krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_errx (
+ krb5_context /*context*/,
+ int /*eval*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((noreturn, format (printf, 3, 4)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_expand_hostname (
+ krb5_context /*context*/,
+ const char */*orig_hostname*/,
+ char **/*new_hostname*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_expand_hostname_realms (
+ krb5_context /*context*/,
+ const char */*orig_hostname*/,
+ char **/*new_hostname*/,
+ char ***/*realms*/);
+
+PA_DATA *
+krb5_find_padata (
+ PA_DATA */*val*/,
+ unsigned /*len*/,
+ int /*type*/,
+ int */*idx*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_format_time (
+ krb5_context /*context*/,
+ time_t /*t*/,
+ char */*s*/,
+ size_t /*len*/,
+ krb5_boolean /*include_time*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_address (
+ krb5_context /*context*/,
+ krb5_address */*address*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_ap_rep_enc_part (
+ krb5_context /*context*/,
+ krb5_ap_rep_enc_part */*val*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_authenticator (
+ krb5_context /*context*/,
+ krb5_authenticator */*authenticator*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_checksum (
+ krb5_context /*context*/,
+ krb5_checksum */*cksum*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_checksum_contents (
+ krb5_context /*context*/,
+ krb5_checksum */*cksum*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_config_files (char **/*filenames*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_context (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_cred_contents (
+ krb5_context /*context*/,
+ krb5_creds */*c*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_creds (
+ krb5_context /*context*/,
+ krb5_creds */*c*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_data (
+ krb5_context /*context*/,
+ krb5_data */*p*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_data_contents (
+ krb5_context /*context*/,
+ krb5_data */*data*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_error (
+ krb5_context /*context*/,
+ krb5_error */*error*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_error_contents (
+ krb5_context /*context*/,
+ krb5_error */*error*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_error_string (
+ krb5_context /*context*/,
+ char */*str*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_host_realm (
+ krb5_context /*context*/,
+ krb5_realm */*realmlist*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_kdc_rep (
+ krb5_context /*context*/,
+ krb5_kdc_rep */*rep*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_keyblock (
+ krb5_context /*context*/,
+ krb5_keyblock */*keyblock*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_keyblock_contents (
+ krb5_context /*context*/,
+ krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_krbhst (
+ krb5_context /*context*/,
+ char **/*hostlist*/);
+
+void KRB5_LIB_FUNCTION
+krb5_free_principal (
+ krb5_context /*context*/,
+ krb5_principal /*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_salt (
+ krb5_context /*context*/,
+ krb5_salt /*salt*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_ticket (
+ krb5_context /*context*/,
+ krb5_ticket */*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_fwd_tgt_creds (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const char */*hostname*/,
+ krb5_principal /*client*/,
+ krb5_principal /*server*/,
+ krb5_ccache /*ccache*/,
+ int /*forwardable*/,
+ krb5_data */*out_data*/);
+
+void KRB5_LIB_FUNCTION
+krb5_generate_random_block (
+ void */*buf*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_random_keyblock (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_seq_number (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ uint32_t */*seqno*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_subkey (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_keyblock **/*subkey*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_generate_subkey_extended (
+ krb5_context /*context*/,
+ const krb5_keyblock */*key*/,
+ krb5_enctype /*etype*/,
+ krb5_keyblock **/*subkey*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_all_client_addrs (
+ krb5_context /*context*/,
+ krb5_addresses */*res*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_all_server_addrs (
+ krb5_context /*context*/,
+ krb5_addresses */*res*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_cred_from_kdc (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/,
+ krb5_creds ***/*ret_tgts*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_cred_from_kdc_opt (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/,
+ krb5_creds ***/*ret_tgts*/,
+ krb5_flags /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_credentials (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_credentials_with_flags (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_kdc_flags /*flags*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **/*out_creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/,
+ krb5_ccache /*ccache*/,
+ krb5_const_principal /*inprinc*/,
+ krb5_creds **/*out_creds*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_add_options (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/,
+ krb5_flags /*options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds_opt_alloc (
+ krb5_context /*context*/,
+ krb5_get_creds_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_free (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_enctype (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/,
+ krb5_enctype /*enctype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_impersonate (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/,
+ krb5_const_principal /*self*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_options (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/,
+ krb5_flags /*options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_creds_opt_set_ticket (
+ krb5_context /*context*/,
+ krb5_get_creds_opt /*opt*/,
+ const Ticket */*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_config_files (char ***/*pfilenames*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_in_tkt_etypes (
+ krb5_context /*context*/,
+ krb5_enctype **/*etypes*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_principal (
+ krb5_context /*context*/,
+ krb5_principal */*princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_realm (
+ krb5_context /*context*/,
+ krb5_realm */*realm*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_default_realms (
+ krb5_context /*context*/,
+ krb5_realm **/*realms*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_get_dns_canonicalize_hostname (krb5_context /*context*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_get_err_text (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/);
+
+char * KRB5_LIB_FUNCTION
+krb5_get_error_message (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/);
+
+char * KRB5_LIB_FUNCTION
+krb5_get_error_string (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_extra_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_fcache_version (
+ krb5_context /*context*/,
+ int */*version*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_forwarded_creds (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_ccache /*ccache*/,
+ krb5_flags /*flags*/,
+ const char */*hostname*/,
+ krb5_creds */*in_creds*/,
+ krb5_data */*out_data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_host_realm (
+ krb5_context /*context*/,
+ const char */*targethost*/,
+ krb5_realm **/*realms*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_ignore_addresses (
+ krb5_context /*context*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_cred (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ const krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*ptypes*/,
+ const krb5_preauthdata */*preauth*/,
+ krb5_key_proc /*key_proc*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_decrypt_proc /*decrypt_proc*/,
+ krb5_const_pointer /*decryptarg*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ const krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*ptypes*/,
+ krb5_key_proc /*key_proc*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_decrypt_proc /*decrypt_proc*/,
+ krb5_const_pointer /*decryptarg*/,
+ krb5_creds */*creds*/,
+ krb5_ccache /*ccache*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt_with_keytab (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*pre_auth_types*/,
+ krb5_keytab /*keytab*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt_with_password (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*pre_auth_types*/,
+ const char */*password*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_in_tkt_with_skey (
+ krb5_context /*context*/,
+ krb5_flags /*options*/,
+ krb5_addresses */*addrs*/,
+ const krb5_enctype */*etypes*/,
+ const krb5_preauthtype */*pre_auth_types*/,
+ const krb5_keyblock */*key*/,
+ krb5_ccache /*ccache*/,
+ krb5_creds */*creds*/,
+ krb5_kdc_rep */*ret_as_reply*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*client*/,
+ krb5_prompter_fct /*prompter*/,
+ void */*data*/,
+ krb5_deltat /*start_time*/,
+ const char */*in_tkt_service*/,
+ krb5_get_init_creds_opt */*options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_keyblock (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*client*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_deltat /*start_time*/,
+ const char */*in_tkt_service*/,
+ krb5_get_init_creds_opt */*options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_keytab (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*client*/,
+ krb5_keytab /*keytab*/,
+ krb5_deltat /*start_time*/,
+ const char */*in_tkt_service*/,
+ krb5_get_init_creds_opt */*options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_alloc (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt **/*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_free (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_get_error (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ KRB_ERROR **/*error*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_address_list (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_addressless (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_boolean /*addressless*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_anonymous (
+ krb5_get_init_creds_opt */*opt*/,
+ int /*anonymous*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_canonicalize (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_boolean /*req*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_default_flags (
+ krb5_context /*context*/,
+ const char */*appname*/,
+ krb5_const_realm /*realm*/,
+ krb5_get_init_creds_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_etype_list (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_enctype */*etype_list*/,
+ int /*etype_list_length*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_forwardable (
+ krb5_get_init_creds_opt */*opt*/,
+ int /*forwardable*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_pa_password (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ const char */*password*/,
+ krb5_s2k_proc /*key_proc*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_pac_request (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_boolean /*req_pac*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_pkinit (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_principal /*principal*/,
+ const char */*user_id*/,
+ const char */*x509_anchors*/,
+ char * const * /*pool*/,
+ char * const * /*pki_revoke*/,
+ int /*flags*/,
+ krb5_prompter_fct /*prompter*/,
+ void */*prompter_data*/,
+ char */*password*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_preauth_list (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_preauthtype */*preauth_list*/,
+ int /*preauth_list_length*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_proxiable (
+ krb5_get_init_creds_opt */*opt*/,
+ int /*proxiable*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_renew_life (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_deltat /*renew_life*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_salt (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_data */*salt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_tkt_life (
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_deltat /*tkt_life*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_win2k (
+ krb5_context /*context*/,
+ krb5_get_init_creds_opt */*opt*/,
+ krb5_boolean /*req*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_password (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*client*/,
+ const char */*password*/,
+ krb5_prompter_fct /*prompter*/,
+ void */*data*/,
+ krb5_deltat /*start_time*/,
+ const char */*in_tkt_service*/,
+ krb5_get_init_creds_opt */*in_options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_kdc_cred (
+ krb5_context /*context*/,
+ krb5_ccache /*id*/,
+ krb5_kdc_flags /*flags*/,
+ krb5_addresses */*addresses*/,
+ Ticket */*second_ticket*/,
+ krb5_creds */*in_creds*/,
+ krb5_creds **out_creds );
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_kdc_sec_offset (
+ krb5_context /*context*/,
+ int32_t */*sec*/,
+ int32_t */*usec*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krb524hst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krb_admin_hst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krb_changepw_hst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krbhst (
+ krb5_context /*context*/,
+ const krb5_realm */*realm*/,
+ char ***/*hostlist*/);
+
+time_t KRB5_LIB_FUNCTION
+krb5_get_max_time_skew (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_pw_salt (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ krb5_salt */*salt*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_renewed_creds (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_const_principal /*client*/,
+ krb5_ccache /*ccache*/,
+ const char */*in_tkt_service*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_server_rcache (
+ krb5_context /*context*/,
+ const krb5_data */*piece*/,
+ krb5_rcache */*id*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_get_use_admin_kdc (krb5_context /*context*/);
+
+krb5_log_facility * KRB5_LIB_FUNCTION
+krb5_get_warn_dest (krb5_context /*context*/);
+
+size_t
+krb5_get_wrapped_length (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ size_t /*data_len*/);
+
+int KRB5_LIB_FUNCTION
+krb5_getportbyname (
+ krb5_context /*context*/,
+ const char */*service*/,
+ const char */*proto*/,
+ int /*default_port*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_h_addr2addr (
+ krb5_context /*context*/,
+ int /*af*/,
+ const char */*haddr*/,
+ krb5_address */*addr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_h_addr2sockaddr (
+ krb5_context /*context*/,
+ int /*af*/,
+ const char */*addr*/,
+ struct sockaddr */*sa*/,
+ krb5_socklen_t */*sa_size*/,
+ int /*port*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_h_errno_to_heim_errno (int /*eai_errno*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_have_error_string (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_hmac (
+ krb5_context /*context*/,
+ krb5_cksumtype /*cktype*/,
+ const void */*data*/,
+ size_t /*len*/,
+ unsigned /*usage*/,
+ krb5_keyblock */*key*/,
+ Checksum */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_init_context (krb5_context */*context*/);
+
+void KRB5_LIB_FUNCTION
+krb5_init_ets (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_init_etype (
+ krb5_context /*context*/,
+ unsigned */*len*/,
+ krb5_enctype **/*val*/,
+ const krb5_enctype */*etypes*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_initlog (
+ krb5_context /*context*/,
+ const char */*program*/,
+ krb5_log_facility **/*fac*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_is_thread_safe (void);
+
+const krb5_enctype * KRB5_LIB_FUNCTION
+krb5_kerberos_enctypes (krb5_context /*context*/);
+
+krb5_enctype
+krb5_keyblock_get_enctype (const krb5_keyblock */*block*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keyblock_init (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ const void */*data*/,
+ size_t /*size*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keyblock_key_proc (
+ krb5_context /*context*/,
+ krb5_keytype /*type*/,
+ krb5_data */*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock **/*key*/);
+
+void KRB5_LIB_FUNCTION
+krb5_keyblock_zero (krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytab_key_proc (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_salt /*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock **/*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_enctypes (
+ krb5_context /*context*/,
+ krb5_keytype /*keytype*/,
+ unsigned */*len*/,
+ krb5_enctype **/*val*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_enctypes_default (
+ krb5_context /*context*/,
+ krb5_keytype /*keytype*/,
+ unsigned */*len*/,
+ krb5_enctype **/*val*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_keytype_to_string (
+ krb5_context /*context*/,
+ krb5_keytype /*keytype*/,
+ char **/*string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_format_string (
+ krb5_context /*context*/,
+ const krb5_krbhst_info */*host*/,
+ char */*hostname*/,
+ size_t /*hostlen*/);
+
+void KRB5_LIB_FUNCTION
+krb5_krbhst_free (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_get_addrinfo (
+ krb5_context /*context*/,
+ krb5_krbhst_info */*host*/,
+ struct addrinfo **/*ai*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_init (
+ krb5_context /*context*/,
+ const char */*realm*/,
+ unsigned int /*type*/,
+ krb5_krbhst_handle */*handle*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_init_flags (
+ krb5_context /*context*/,
+ const char */*realm*/,
+ unsigned int /*type*/,
+ int /*flags*/,
+ krb5_krbhst_handle */*handle*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_next (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/,
+ krb5_krbhst_info **/*host*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_next_as_string (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/,
+ char */*hostname*/,
+ size_t /*hostlen*/);
+
+void KRB5_LIB_FUNCTION
+krb5_krbhst_reset (
+ krb5_context /*context*/,
+ krb5_krbhst_handle /*handle*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_add_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_keytab_entry */*entry*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_close (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_kt_compare (
+ krb5_context /*context*/,
+ krb5_keytab_entry */*entry*/,
+ krb5_const_principal /*principal*/,
+ krb5_kvno /*vno*/,
+ krb5_enctype /*enctype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_copy_entry_contents (
+ krb5_context /*context*/,
+ const krb5_keytab_entry */*in*/,
+ krb5_keytab_entry */*out*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_default (
+ krb5_context /*context*/,
+ krb5_keytab */*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_default_modify_name (
+ krb5_context /*context*/,
+ char */*name*/,
+ size_t /*namesize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_default_name (
+ krb5_context /*context*/,
+ char */*name*/,
+ size_t /*namesize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_end_seq_get (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_kt_cursor */*cursor*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_free_entry (
+ krb5_context /*context*/,
+ krb5_keytab_entry */*entry*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_const_principal /*principal*/,
+ krb5_kvno /*kvno*/,
+ krb5_enctype /*enctype*/,
+ krb5_keytab_entry */*entry*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_full_name (
+ krb5_context /*context*/,
+ krb5_keytab /*keytab*/,
+ char **/*str*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_name (
+ krb5_context /*context*/,
+ krb5_keytab /*keytab*/,
+ char */*name*/,
+ size_t /*namesize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_get_type (
+ krb5_context /*context*/,
+ krb5_keytab /*keytab*/,
+ char */*prefix*/,
+ size_t /*prefixsize*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_next_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_keytab_entry */*entry*/,
+ krb5_kt_cursor */*cursor*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_read_service_key (
+ krb5_context /*context*/,
+ krb5_pointer /*keyprocarg*/,
+ krb5_principal /*principal*/,
+ krb5_kvno /*vno*/,
+ krb5_enctype /*enctype*/,
+ krb5_keyblock **/*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_register (
+ krb5_context /*context*/,
+ const krb5_kt_ops */*ops*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_remove_entry (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_keytab_entry */*entry*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_resolve (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_keytab */*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_kt_start_seq_get (
+ krb5_context /*context*/,
+ krb5_keytab /*id*/,
+ krb5_kt_cursor */*cursor*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_kuserok (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ const char */*luser*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_log (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*level*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__((format (printf, 4, 5)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_log_msg (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*level*/,
+ char **/*reply*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__((format (printf, 5, 6)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_make_addrport (
+ krb5_context /*context*/,
+ krb5_address **/*res*/,
+ const krb5_address */*addr*/,
+ int16_t /*port*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_make_principal (
+ krb5_context /*context*/,
+ krb5_principal */*principal*/,
+ krb5_const_realm /*realm*/,
+ ...);
+
+size_t KRB5_LIB_FUNCTION
+krb5_max_sockaddr_size (void);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_error (
+ krb5_context /*context*/,
+ krb5_error_code /*error_code*/,
+ const char */*e_text*/,
+ const krb5_data */*e_data*/,
+ const krb5_principal /*client*/,
+ const krb5_principal /*server*/,
+ time_t */*client_time*/,
+ int */*client_usec*/,
+ krb5_data */*reply*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_priv (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*userdata*/,
+ krb5_data */*outbuf*/,
+ krb5_replay_data */*outdata*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_rep (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_req (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ const char */*service*/,
+ const char */*hostname*/,
+ krb5_data */*in_data*/,
+ krb5_ccache /*ccache*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_req_exact (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ const krb5_principal /*server*/,
+ krb5_data */*in_data*/,
+ krb5_ccache /*ccache*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_req_extended (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_flags /*ap_req_options*/,
+ krb5_data */*in_data*/,
+ krb5_creds */*in_creds*/,
+ krb5_data */*outbuf*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_safe (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*userdata*/,
+ krb5_data */*outbuf*/,
+ krb5_replay_data */*outdata*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_net_read (
+ krb5_context /*context*/,
+ void */*p_fd*/,
+ void */*buf*/,
+ size_t /*len*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_net_write (
+ krb5_context /*context*/,
+ void */*p_fd*/,
+ const void */*buf*/,
+ size_t /*len*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_net_write_block (
+ krb5_context /*context*/,
+ void */*p_fd*/,
+ const void */*buf*/,
+ size_t /*len*/,
+ time_t /*timeout*/);
+
+krb5_error_code
+krb5_ntlm_alloc (
+ krb5_context /*context*/,
+ krb5_ntlm */*ntlm*/);
+
+krb5_error_code
+krb5_ntlm_free (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/);
+
+krb5_error_code
+krb5_ntlm_init_get_challange (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_data */*challange*/);
+
+krb5_error_code
+krb5_ntlm_init_get_flags (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ uint32_t */*flags*/);
+
+krb5_error_code
+krb5_ntlm_init_get_opaque (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_data */*opaque*/);
+
+krb5_error_code
+krb5_ntlm_init_get_targetinfo (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_data */*data*/);
+
+krb5_error_code
+krb5_ntlm_init_get_targetname (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ char **/*name*/);
+
+krb5_error_code
+krb5_ntlm_init_request (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_realm /*realm*/,
+ krb5_ccache /*ccache*/,
+ uint32_t /*flags*/,
+ const char */*hostname*/,
+ const char */*domainname*/);
+
+krb5_error_code
+krb5_ntlm_rep_get_sessionkey (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_data */*data*/);
+
+krb5_boolean
+krb5_ntlm_rep_get_status (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/);
+
+krb5_error_code
+krb5_ntlm_req_set_flags (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ uint32_t /*flags*/);
+
+krb5_error_code
+krb5_ntlm_req_set_lm (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ void */*hash*/,
+ size_t /*len*/);
+
+krb5_error_code
+krb5_ntlm_req_set_ntlm (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ void */*hash*/,
+ size_t /*len*/);
+
+krb5_error_code
+krb5_ntlm_req_set_opaque (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_data */*opaque*/);
+
+krb5_error_code
+krb5_ntlm_req_set_session (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ void */*sessionkey*/,
+ size_t /*length*/);
+
+krb5_error_code
+krb5_ntlm_req_set_targetname (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ const char */*targetname*/);
+
+krb5_error_code
+krb5_ntlm_req_set_username (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ const char */*username*/);
+
+krb5_error_code
+krb5_ntlm_request (
+ krb5_context /*context*/,
+ krb5_ntlm /*ntlm*/,
+ krb5_realm /*realm*/,
+ krb5_ccache /*ccache*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_openlog (
+ krb5_context /*context*/,
+ const char */*program*/,
+ krb5_log_facility **/*fac*/);
+
+krb5_error_code
+krb5_pac_add_buffer (
+ krb5_context /*context*/,
+ krb5_pac /*p*/,
+ uint32_t /*type*/,
+ const krb5_data */*data*/);
+
+void
+krb5_pac_free (
+ krb5_context /*context*/,
+ krb5_pac /*pac*/);
+
+krb5_error_code
+krb5_pac_get_buffer (
+ krb5_context /*context*/,
+ krb5_pac /*p*/,
+ uint32_t /*type*/,
+ krb5_data */*data*/);
+
+krb5_error_code
+krb5_pac_get_types (
+ krb5_context /*context*/,
+ krb5_pac /*p*/,
+ size_t */*len*/,
+ uint32_t **/*types*/);
+
+krb5_error_code
+krb5_pac_init (
+ krb5_context /*context*/,
+ krb5_pac */*pac*/);
+
+krb5_error_code
+krb5_pac_parse (
+ krb5_context /*context*/,
+ const void */*ptr*/,
+ size_t /*len*/,
+ krb5_pac */*pac*/);
+
+krb5_error_code
+krb5_pac_verify (
+ krb5_context /*context*/,
+ const krb5_pac /*pac*/,
+ time_t /*authtime*/,
+ krb5_const_principal /*principal*/,
+ const krb5_keyblock */*server*/,
+ const krb5_keyblock */*privsvr*/);
+
+int KRB5_LIB_FUNCTION
+krb5_padata_add (
+ krb5_context /*context*/,
+ METHOD_DATA */*md*/,
+ int /*type*/,
+ void */*buf*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_address (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name (
+ krb5_context /*context*/,
+ const char */*name*/,
+ krb5_principal */*principal*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name_flags (
+ krb5_context /*context*/,
+ const char */*name*/,
+ int /*flags*/,
+ krb5_principal */*principal*/);
+
+krb5_error_code
+krb5_parse_nametype (
+ krb5_context /*context*/,
+ const char */*str*/,
+ int32_t */*nametype*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_passwd_result_to_string (
+ krb5_context /*context*/,
+ int /*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_password_key_proc (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ krb5_salt /*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock **/*key*/);
+
+krb5_error_code
+krb5_plugin_register (
+ krb5_context /*context*/,
+ enum krb5_plugin_type /*type*/,
+ const char */*name*/,
+ void */*symbol*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_prepend_config_files (
+ const char */*filelist*/,
+ char **/*pq*/,
+ char ***/*ret_pp*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_prepend_config_files_default (
+ const char */*filelist*/,
+ char ***/*pfilenames*/);
+
+krb5_realm * KRB5_LIB_FUNCTION
+krb5_princ_realm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/);
+
+void KRB5_LIB_FUNCTION
+krb5_princ_set_realm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_realm */*realm*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_principal_compare (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ1*/,
+ krb5_const_principal /*princ2*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_principal_compare_any_realm (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ1*/,
+ krb5_const_principal /*princ2*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_principal_get_comp_string (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ unsigned int /*component*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_principal_get_realm (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/);
+
+int KRB5_LIB_FUNCTION
+krb5_principal_get_type (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_principal_match (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ*/,
+ krb5_const_principal /*pattern*/);
+
+void KRB5_LIB_FUNCTION
+krb5_principal_set_type (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ int /*type*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_print_address (
+ const krb5_address */*addr*/,
+ char */*str*/,
+ size_t /*len*/,
+ size_t */*ret_len*/);
+
+int KRB5_LIB_FUNCTION
+krb5_program_setup (
+ krb5_context */*context*/,
+ int /*argc*/,
+ char **/*argv*/,
+ struct getargs */*args*/,
+ int /*num_args*/,
+ void (*/*usage*/)(int, struct getargs*, int));
+
+int KRB5_LIB_FUNCTION
+krb5_prompter_posix (
+ krb5_context /*context*/,
+ void */*data*/,
+ const char */*name*/,
+ const char */*banner*/,
+ int /*num_prompts*/,
+ krb5_prompt prompts[]);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_random_to_key (
+ krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ const void */*data*/,
+ size_t /*size*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_close (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_default (
+ krb5_context /*context*/,
+ krb5_rcache */*id*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_default_name (krb5_context /*context*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_default_type (krb5_context /*context*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_destroy (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_expunge (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_get_lifespan (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ krb5_deltat */*auth_lifespan*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_get_name (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_get_type (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_initialize (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ krb5_deltat /*auth_lifespan*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_recover (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_resolve (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ const char */*name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_resolve_full (
+ krb5_context /*context*/,
+ krb5_rcache */*id*/,
+ const char */*string_name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_resolve_type (
+ krb5_context /*context*/,
+ krb5_rcache */*id*/,
+ const char */*type*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_store (
+ krb5_context /*context*/,
+ krb5_rcache /*id*/,
+ krb5_donot_replay */*rep*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_cred (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_data */*in_data*/,
+ krb5_creds ***/*ret_creds*/,
+ krb5_replay_data */*outdata*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_cred2 (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ krb5_ccache /*ccache*/,
+ krb5_data */*in_data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_error (
+ krb5_context /*context*/,
+ const krb5_data */*msg*/,
+ KRB_ERROR */*result*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_priv (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_data */*outbuf*/,
+ krb5_replay_data */*outdata*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_rep (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_ap_rep_enc_part **/*repl*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_const_principal /*server*/,
+ krb5_keytab /*keytab*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_ctx (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_const_principal /*server*/,
+ krb5_rd_req_in_ctx /*inctx*/,
+ krb5_rd_req_out_ctx */*outctx*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_ctx_alloc (
+ krb5_context /*context*/,
+ krb5_rd_req_in_ctx */*ctx*/);
+
+void KRB5_LIB_FUNCTION
+krb5_rd_req_in_ctx_free (
+ krb5_context /*context*/,
+ krb5_rd_req_in_ctx /*ctx*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_set_keyblock (
+ krb5_context /*context*/,
+ krb5_rd_req_in_ctx /*in*/,
+ krb5_keyblock */*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_set_keytab (
+ krb5_context /*context*/,
+ krb5_rd_req_in_ctx /*in*/,
+ krb5_keytab /*keytab*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_set_pac_check (
+ krb5_context /*context*/,
+ krb5_rd_req_in_ctx /*in*/,
+ krb5_boolean /*flag*/);
+
+void KRB5_LIB_FUNCTION
+krb5_rd_req_out_ctx_free (
+ krb5_context /*context*/,
+ krb5_rd_req_out_ctx /*ctx*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_out_get_ap_req_options (
+ krb5_context /*context*/,
+ krb5_rd_req_out_ctx /*out*/,
+ krb5_flags */*ap_req_options*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_out_get_keyblock (
+ krb5_context /*context*/,
+ krb5_rd_req_out_ctx /*out*/,
+ krb5_keyblock **/*keyblock*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_out_get_ticket (
+ krb5_context /*context*/,
+ krb5_rd_req_out_ctx /*out*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_with_keyblock (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_const_principal /*server*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_safe (
+ krb5_context /*context*/,
+ krb5_auth_context /*auth_context*/,
+ const krb5_data */*inbuf*/,
+ krb5_data */*outbuf*/,
+ krb5_replay_data */*outdata*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_read_message (
+ krb5_context /*context*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_read_priv_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_read_safe_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_realm_compare (
+ krb5_context /*context*/,
+ krb5_const_principal /*princ1*/,
+ krb5_const_principal /*princ2*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_recvauth (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_pointer /*p_fd*/,
+ const char */*appl_version*/,
+ krb5_principal /*server*/,
+ int32_t /*flags*/,
+ krb5_keytab /*keytab*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_recvauth_match_version (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_pointer /*p_fd*/,
+ krb5_boolean (*/*match_appl_version*/)(const void *, const char*),
+ const void */*match_data*/,
+ krb5_principal /*server*/,
+ int32_t /*flags*/,
+ krb5_keytab /*keytab*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_address (
+ krb5_storage */*sp*/,
+ krb5_address */*adr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_addrs (
+ krb5_storage */*sp*/,
+ krb5_addresses */*adr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_authdata (
+ krb5_storage */*sp*/,
+ krb5_authdata */*auth*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_creds (
+ krb5_storage */*sp*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_creds_tag (
+ krb5_storage */*sp*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_data (
+ krb5_storage */*sp*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_int16 (
+ krb5_storage */*sp*/,
+ int16_t */*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_int32 (
+ krb5_storage */*sp*/,
+ int32_t */*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_int8 (
+ krb5_storage */*sp*/,
+ int8_t */*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_keyblock (
+ krb5_storage */*sp*/,
+ krb5_keyblock */*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_principal (
+ krb5_storage */*sp*/,
+ krb5_principal */*princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_string (
+ krb5_storage */*sp*/,
+ char **/*string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_stringnl (
+ krb5_storage */*sp*/,
+ char **/*string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_stringz (
+ krb5_storage */*sp*/,
+ char **/*string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_times (
+ krb5_storage */*sp*/,
+ krb5_times */*times*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_uint16 (
+ krb5_storage */*sp*/,
+ uint16_t */*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_uint32 (
+ krb5_storage */*sp*/,
+ uint32_t */*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_uint8 (
+ krb5_storage */*sp*/,
+ uint8_t */*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_salttype_to_string (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ krb5_salttype /*stype*/,
+ char **/*string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendauth (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_pointer /*p_fd*/,
+ const char */*appl_version*/,
+ krb5_principal /*client*/,
+ krb5_principal /*server*/,
+ krb5_flags /*ap_req_options*/,
+ krb5_data */*in_data*/,
+ krb5_creds */*in_creds*/,
+ krb5_ccache /*ccache*/,
+ krb5_error **/*ret_error*/,
+ krb5_ap_rep_enc_part **/*rep_result*/,
+ krb5_creds **/*out_creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto (
+ krb5_context /*context*/,
+ const krb5_data */*send_data*/,
+ krb5_krbhst_handle /*handle*/,
+ krb5_data */*receive*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_context (
+ krb5_context /*context*/,
+ krb5_sendto_ctx /*ctx*/,
+ const krb5_data */*send_data*/,
+ const krb5_realm /*realm*/,
+ krb5_data */*receive*/);
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_add_flags (
+ krb5_sendto_ctx /*ctx*/,
+ int /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_ctx_alloc (
+ krb5_context /*context*/,
+ krb5_sendto_ctx */*ctx*/);
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_free (
+ krb5_context /*context*/,
+ krb5_sendto_ctx /*ctx*/);
+
+int KRB5_LIB_FUNCTION
+krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/);
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_set_func (
+ krb5_sendto_ctx /*ctx*/,
+ krb5_sendto_ctx_func /*func*/,
+ void */*data*/);
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_set_type (
+ krb5_sendto_ctx /*ctx*/,
+ int /*type*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_kdc (
+ krb5_context /*context*/,
+ const krb5_data */*send_data*/,
+ const krb5_realm */*realm*/,
+ krb5_data */*receive*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_kdc_flags (
+ krb5_context /*context*/,
+ const krb5_data */*send_data*/,
+ const krb5_realm */*realm*/,
+ krb5_data */*receive*/,
+ int /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_config_files (
+ krb5_context /*context*/,
+ char **/*filenames*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_default_in_tkt_etypes (
+ krb5_context /*context*/,
+ const krb5_enctype */*etypes*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_default_realm (
+ krb5_context /*context*/,
+ const char */*realm*/);
+
+void KRB5_LIB_FUNCTION
+krb5_set_dns_canonicalize_hostname (
+ krb5_context /*context*/,
+ krb5_boolean /*flag*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_error_string (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__((format (printf, 2, 3)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_extra_addresses (
+ krb5_context /*context*/,
+ const krb5_addresses */*addresses*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_fcache_version (
+ krb5_context /*context*/,
+ int /*version*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_ignore_addresses (
+ krb5_context /*context*/,
+ const krb5_addresses */*addresses*/);
+
+void KRB5_LIB_FUNCTION
+krb5_set_max_time_skew (
+ krb5_context /*context*/,
+ time_t /*t*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_password (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ const char */*newpw*/,
+ krb5_principal /*targprinc*/,
+ int */*result_code*/,
+ krb5_data */*result_code_string*/,
+ krb5_data */*result_string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_password_using_ccache (
+ krb5_context /*context*/,
+ krb5_ccache /*ccache*/,
+ const char */*newpw*/,
+ krb5_principal /*targprinc*/,
+ int */*result_code*/,
+ krb5_data */*result_code_string*/,
+ krb5_data */*result_string*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_real_time (
+ krb5_context /*context*/,
+ krb5_timestamp /*sec*/,
+ int32_t /*usec*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_send_to_kdc_func (
+ krb5_context /*context*/,
+ krb5_send_to_kdc_func /*func*/,
+ void */*data*/);
+
+void KRB5_LIB_FUNCTION
+krb5_set_use_admin_kdc (
+ krb5_context /*context*/,
+ krb5_boolean /*flag*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_warn_dest (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sname_to_principal (
+ krb5_context /*context*/,
+ const char */*hostname*/,
+ const char */*sname*/,
+ int32_t /*type*/,
+ krb5_principal */*ret_princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sock_to_principal (
+ krb5_context /*context*/,
+ int /*sock*/,
+ const char */*sname*/,
+ int32_t /*type*/,
+ krb5_principal */*ret_princ*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sockaddr2address (
+ krb5_context /*context*/,
+ const struct sockaddr */*sa*/,
+ krb5_address */*addr*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sockaddr2port (
+ krb5_context /*context*/,
+ const struct sockaddr */*sa*/,
+ int16_t */*port*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/);
+
+void KRB5_LIB_FUNCTION
+krb5_std_usage (
+ int /*code*/,
+ struct getargs */*args*/,
+ int /*num_args*/);
+
+void KRB5_LIB_FUNCTION
+krb5_storage_clear_flags (
+ krb5_storage */*sp*/,
+ krb5_flags /*flags*/);
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_emem (void);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_storage_free (krb5_storage */*sp*/);
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_data (krb5_data */*data*/);
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_fd (int /*fd*/);
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_mem (
+ void */*buf*/,
+ size_t /*len*/);
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_readonly_mem (
+ const void */*buf*/,
+ size_t /*len*/);
+
+krb5_flags KRB5_LIB_FUNCTION
+krb5_storage_get_byteorder (
+ krb5_storage */*sp*/,
+ krb5_flags /*byteorder*/);
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_storage_is_flags (
+ krb5_storage */*sp*/,
+ krb5_flags /*flags*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_storage_read (
+ krb5_storage */*sp*/,
+ void */*buf*/,
+ size_t /*len*/);
+
+off_t KRB5_LIB_FUNCTION
+krb5_storage_seek (
+ krb5_storage */*sp*/,
+ off_t /*offset*/,
+ int /*whence*/);
+
+void KRB5_LIB_FUNCTION
+krb5_storage_set_byteorder (
+ krb5_storage */*sp*/,
+ krb5_flags /*byteorder*/);
+
+void KRB5_LIB_FUNCTION
+krb5_storage_set_eof_code (
+ krb5_storage */*sp*/,
+ int /*code*/);
+
+void KRB5_LIB_FUNCTION
+krb5_storage_set_flags (
+ krb5_storage */*sp*/,
+ krb5_flags /*flags*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_storage_to_data (
+ krb5_storage */*sp*/,
+ krb5_data */*data*/);
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_storage_write (
+ krb5_storage */*sp*/,
+ const void */*buf*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_address (
+ krb5_storage */*sp*/,
+ krb5_address /*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_addrs (
+ krb5_storage */*sp*/,
+ krb5_addresses /*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_authdata (
+ krb5_storage */*sp*/,
+ krb5_authdata /*auth*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_creds (
+ krb5_storage */*sp*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_creds_tag (
+ krb5_storage */*sp*/,
+ krb5_creds */*creds*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_data (
+ krb5_storage */*sp*/,
+ krb5_data /*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_int16 (
+ krb5_storage */*sp*/,
+ int16_t /*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_int32 (
+ krb5_storage */*sp*/,
+ int32_t /*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_int8 (
+ krb5_storage */*sp*/,
+ int8_t /*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_keyblock (
+ krb5_storage */*sp*/,
+ krb5_keyblock /*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_principal (
+ krb5_storage */*sp*/,
+ krb5_const_principal /*p*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_string (
+ krb5_storage */*sp*/,
+ const char */*s*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_stringnl (
+ krb5_storage */*sp*/,
+ const char */*s*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_stringz (
+ krb5_storage */*sp*/,
+ const char */*s*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_times (
+ krb5_storage */*sp*/,
+ krb5_times /*times*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_uint16 (
+ krb5_storage */*sp*/,
+ uint16_t /*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_uint32 (
+ krb5_storage */*sp*/,
+ uint32_t /*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_uint8 (
+ krb5_storage */*sp*/,
+ uint8_t /*value*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_deltat (
+ const char */*string*/,
+ krb5_deltat */*deltat*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_enctype (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_enctype */*etype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ const char */*password*/,
+ krb5_principal /*principal*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_data (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_data /*password*/,
+ krb5_principal /*principal*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_data_salt (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_data /*password*/,
+ krb5_salt /*salt*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_data_salt_opaque (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ krb5_data /*password*/,
+ krb5_salt /*salt*/,
+ krb5_data /*opaque*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_derived (
+ krb5_context /*context*/,
+ const void */*str*/,
+ size_t /*len*/,
+ krb5_enctype /*etype*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_salt (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ const char */*password*/,
+ krb5_salt /*salt*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_salt_opaque (
+ krb5_context /*context*/,
+ krb5_enctype /*enctype*/,
+ const char */*password*/,
+ krb5_salt /*salt*/,
+ krb5_data /*opaque*/,
+ krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_keytype (
+ krb5_context /*context*/,
+ const char */*string*/,
+ krb5_keytype */*keytype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_salttype (
+ krb5_context /*context*/,
+ krb5_enctype /*etype*/,
+ const char */*string*/,
+ krb5_salttype */*salttype*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ticket_get_authorization_data_type (
+ krb5_context /*context*/,
+ krb5_ticket */*ticket*/,
+ int /*type*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ticket_get_client (
+ krb5_context /*context*/,
+ const krb5_ticket */*ticket*/,
+ krb5_principal */*client*/);
+
+time_t KRB5_LIB_FUNCTION
+krb5_ticket_get_endtime (
+ krb5_context /*context*/,
+ const krb5_ticket */*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ticket_get_server (
+ krb5_context /*context*/,
+ const krb5_ticket */*ticket*/,
+ krb5_principal */*server*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_timeofday (
+ krb5_context /*context*/,
+ krb5_timestamp */*timeret*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char **/*name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_fixed (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char */*name*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_fixed_flags (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ int /*flags*/,
+ char */*name*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_fixed_short (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char */*name*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_flags (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ int /*flags*/,
+ char **/*name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_short (
+ krb5_context /*context*/,
+ krb5_const_principal /*principal*/,
+ char **/*name*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_us_timeofday (
+ krb5_context /*context*/,
+ krb5_timestamp */*sec*/,
+ int32_t */*usec*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vabort (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__ ((noreturn, format (printf, 3, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vabortx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__ ((noreturn, format (printf, 2, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_ap_req (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_ap_req */*ap_req*/,
+ krb5_const_principal /*server*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_flags /*flags*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_ap_req2 (
+ krb5_context /*context*/,
+ krb5_auth_context */*auth_context*/,
+ krb5_ap_req */*ap_req*/,
+ krb5_const_principal /*server*/,
+ krb5_keyblock */*keyblock*/,
+ krb5_flags /*flags*/,
+ krb5_flags */*ap_req_options*/,
+ krb5_ticket **/*ticket*/,
+ krb5_key_usage /*usage*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_authenticator_checksum (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ void */*data*/,
+ size_t /*len*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_checksum (
+ krb5_context /*context*/,
+ krb5_crypto /*crypto*/,
+ krb5_key_usage /*usage*/,
+ void */*data*/,
+ size_t /*len*/,
+ Checksum */*cksum*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_init_creds (
+ krb5_context /*context*/,
+ krb5_creds */*creds*/,
+ krb5_principal /*ap_req_server*/,
+ krb5_keytab /*ap_req_keytab*/,
+ krb5_ccache */*ccache*/,
+ krb5_verify_init_creds_opt */*options*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_init_creds_opt_set_ap_req_nofail (
+ krb5_verify_init_creds_opt */*options*/,
+ int /*ap_req_nofail*/);
+
+int KRB5_LIB_FUNCTION
+krb5_verify_opt_alloc (
+ krb5_context /*context*/,
+ krb5_verify_opt **/*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_free (krb5_verify_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_init (krb5_verify_opt */*opt*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_ccache (
+ krb5_verify_opt */*opt*/,
+ krb5_ccache /*ccache*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_flags (
+ krb5_verify_opt */*opt*/,
+ unsigned int /*flags*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_keytab (
+ krb5_verify_opt */*opt*/,
+ krb5_keytab /*keytab*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_secure (
+ krb5_verify_opt */*opt*/,
+ krb5_boolean /*secure*/);
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_service (
+ krb5_verify_opt */*opt*/,
+ const char */*service*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_user (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_ccache /*ccache*/,
+ const char */*password*/,
+ krb5_boolean /*secure*/,
+ const char */*service*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_user_lrealm (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ krb5_ccache /*ccache*/,
+ const char */*password*/,
+ krb5_boolean /*secure*/,
+ const char */*service*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_user_opt (
+ krb5_context /*context*/,
+ krb5_principal /*principal*/,
+ const char */*password*/,
+ krb5_verify_opt */*opt*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verr (
+ krb5_context /*context*/,
+ int /*eval*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__ ((noreturn, format (printf, 4, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verrx (
+ krb5_context /*context*/,
+ int /*eval*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__ ((noreturn, format (printf, 3, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vlog (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ int /*level*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__((format (printf, 4, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vlog_msg (
+ krb5_context /*context*/,
+ krb5_log_facility */*fac*/,
+ char **/*reply*/,
+ int /*level*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__((format (printf, 5, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vset_error_string (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ va_list /*args*/)
+ __attribute__ ((format (printf, 2, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vwarn (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__ ((format (printf, 3, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vwarnx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ va_list /*ap*/)
+ __attribute__ ((format (printf, 2, 0)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_warn (
+ krb5_context /*context*/,
+ krb5_error_code /*code*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((format (printf, 3, 4)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_warnx (
+ krb5_context /*context*/,
+ const char */*fmt*/,
+ ...)
+ __attribute__ ((format (printf, 2, 3)));
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_write_message (
+ krb5_context /*context*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_write_priv_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_write_safe_message (
+ krb5_context /*context*/,
+ krb5_auth_context /*ac*/,
+ krb5_pointer /*p_fd*/,
+ krb5_data */*data*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_xfree (void */*ptr*/);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __krb5_protos_h__ */
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5-v4compat.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5-v4compat.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5-v4compat.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb5-v4compat.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __KRB5_V4COMPAT_H__
+#define __KRB5_V4COMPAT_H__
+
+#include "krb_err.h"
+
+/*
+ * This file must only be included with v4 compat glue stuff in
+ * heimdal sources.
+ *
+ * It MUST NOT be installed.
+ */
+
+#define KRB_PROT_VERSION 4
+
+#define AUTH_MSG_KDC_REQUEST (1<<1)
+#define AUTH_MSG_KDC_REPLY (2<<1)
+#define AUTH_MSG_APPL_REQUEST (3<<1)
+#define AUTH_MSG_APPL_REQUEST_MUTUAL (4<<1)
+#define AUTH_MSG_ERR_REPLY (5<<1)
+#define AUTH_MSG_PRIVATE (6<<1)
+#define AUTH_MSG_SAFE (7<<1)
+#define AUTH_MSG_APPL_ERR (8<<1)
+#define AUTH_MSG_KDC_FORWARD (9<<1)
+#define AUTH_MSG_KDC_RENEW (10<<1)
+#define AUTH_MSG_DIE (63<<1)
+
+/* General definitions */
+#define KSUCCESS 0
+#define KFAILURE 255
+
+/* */
+
+#define MAX_KTXT_LEN 1250
+
+#define ANAME_SZ 40
+#define REALM_SZ 40
+#define SNAME_SZ 40
+#define INST_SZ 40
+
+struct ktext {
+ unsigned int length; /* Length of the text */
+ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */
+ uint32_t mbz; /* zero to catch runaway strings */
+};
+
+struct credentials {
+ char service[ANAME_SZ]; /* Service name */
+ char instance[INST_SZ]; /* Instance */
+ char realm[REALM_SZ]; /* Auth domain */
+ char session[8]; /* Session key */
+ int lifetime; /* Lifetime */
+ int kvno; /* Key version number */
+ struct ktext ticket_st; /* The ticket itself */
+ int32_t issue_date; /* The issue time */
+ char pname[ANAME_SZ]; /* Principal's name */
+ char pinst[INST_SZ]; /* Principal's instance */
+};
+
+#define TKTLIFENUMFIXED 64
+#define TKTLIFEMINFIXED 0x80
+#define TKTLIFEMAXFIXED 0xBF
+#define TKTLIFENOEXPIRE 0xFF
+#define MAXTKTLIFETIME (30*24*3600) /* 30 days */
+#ifndef NEVERDATE
+#define NEVERDATE ((time_t)0x7fffffffL)
+#endif
+
+#define KERB_ERR_NULL_KEY 10
+
+#define CLOCK_SKEW 5*60
+
+#ifndef TKT_ROOT
+#define TKT_ROOT "/tmp/tkt"
+#endif
+
+struct _krb5_krb_auth_data {
+ int8_t k_flags; /* Flags from ticket */
+ char *pname; /* Principal's name */
+ char *pinst; /* His Instance */
+ char *prealm; /* His Realm */
+ uint32_t checksum; /* Data checksum (opt) */
+ krb5_keyblock session; /* Session Key */
+ unsigned char life; /* Life of ticket */
+ uint32_t time_sec; /* Time ticket issued */
+ uint32_t address; /* Address in ticket */
+};
+
+time_t _krb5_krb_life_to_time (int, int);
+int _krb5_krb_time_to_life (time_t, time_t);
+krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *,
+ const char *, int);
+krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *);
+
+#define krb_time_to_life _krb5_krb_time_to_life
+#define krb_life_to_time _krb5_krb_life_to_time
+
+#endif /* __KRB5_V4COMPAT_H__ */
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,526 @@
+.\" Copyright (c) 2001, 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5.3,v 1.1.1.2 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5 3
+.Os
+.Sh NAME
+.Nm krb5
+.Nd Kerberos 5 library
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Sh DESCRIPTION
+These functions constitute the Kerberos 5 library,
+.Em libkrb5 .
+.Sh LIST OF FUNCTIONS
+.sp 2
+.nf
+.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u
+\fIName/Page\fP \fIDescription\fP
+.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u+6nC
+.sp 5p
+krb524_convert_creds_kdc.3
+krb524_convert_creds_kdc_cache.3
+krb5_425_conv_principal.3
+krb5_425_conv_principal_ext.3
+krb5_524_conv_principal.3
+krb5_abort.3
+krb5_abortx.3
+krb5_acl_match_file.3
+krb5_acl_match_string.3
+krb5_add_et_list.3
+krb5_add_extra_addresses.3
+krb5_add_ignore_addresses.3
+krb5_addlog_dest.3
+krb5_addlog_func.3
+krb5_addr2sockaddr.3
+krb5_address.3
+krb5_address_compare.3
+krb5_address_order.3
+krb5_address_search.3
+krb5_addresses.3
+krb5_aname_to_localname.3
+krb5_anyaddr.3
+krb5_appdefault_boolean.3
+krb5_appdefault_string.3
+krb5_appdefault_time.3
+krb5_append_addresses.3
+krb5_auth_con_addflags.3
+krb5_auth_con_free.3
+krb5_auth_con_genaddrs.3
+krb5_auth_con_generatelocalsubkey.3
+krb5_auth_con_getaddrs.3
+krb5_auth_con_getauthenticator.3
+krb5_auth_con_getcksumtype.3
+krb5_auth_con_getflags.3
+krb5_auth_con_getkey.3
+krb5_auth_con_getkeytype.3
+krb5_auth_con_getlocalseqnumber.3
+krb5_auth_con_getlocalsubkey.3
+krb5_auth_con_getrcache.3
+krb5_auth_con_getremotesubkey.3
+krb5_auth_con_getuserkey.3
+krb5_auth_con_init.3
+krb5_auth_con_initivector.3
+krb5_auth_con_removeflags.3
+krb5_auth_con_setaddrs.3
+krb5_auth_con_setaddrs_from_fd.3
+krb5_auth_con_setcksumtype.3
+krb5_auth_con_setflags.3
+krb5_auth_con_setivector.3
+krb5_auth_con_setkey.3
+krb5_auth_con_setkeytype.3
+krb5_auth_con_setlocalseqnumber.3
+krb5_auth_con_setlocalsubkey.3
+krb5_auth_con_setrcache.3
+krb5_auth_con_setremoteseqnumber.3
+krb5_auth_con_setremotesubkey.3
+krb5_auth_con_setuserkey.3
+krb5_auth_context.3
+krb5_auth_getremoteseqnumber.3
+krb5_build_principal.3
+krb5_build_principal_ext.3
+krb5_build_principal_va.3
+krb5_build_principal_va_ext.3
+krb5_c_block_size.3
+krb5_c_checksum_length.3
+krb5_c_decrypt.3
+krb5_c_encrypt.3
+krb5_c_encrypt_length.3
+krb5_c_enctype_compare.3
+krb5_c_get_checksum.3
+krb5_c_is_coll_proof_cksum.3
+krb5_c_is_keyed_cksum.3
+krb5_c_make_checksum.3
+krb5_c_make_random_key.3
+krb5_c_set_checksum.3
+krb5_c_valid_cksumtype.3
+krb5_c_valid_enctype.3
+krb5_c_verify_checksum.3
+krb5_cc_cache_end_seq_get.3
+krb5_cc_cache_get_first.3
+krb5_cc_cache_match.3
+krb5_cc_cache_next.3
+krb5_cc_close.3
+krb5_cc_copy_cache.3
+krb5_cc_default.3
+krb5_cc_default_name.3
+krb5_cc_destroy.3
+krb5_cc_end_seq_get.3
+krb5_cc_gen_new.3
+krb5_cc_get_full_name.3
+krb5_cc_get_name.3
+krb5_cc_get_ops.3
+krb5_cc_get_principal.3
+krb5_cc_get_type.3
+krb5_cc_get_version.3
+krb5_cc_initialize.3
+krb5_cc_new_unique.3
+krb5_cc_next_cred.3
+krb5_cc_register.3
+krb5_cc_remove_cred.3
+krb5_cc_resolve.3
+krb5_cc_retrieve_cred.3
+krb5_cc_set_default_name.3
+krb5_cc_set_flags.3
+krb5_cc_store_cred.3
+krb5_change_password.3
+krb5_check_transited.3
+krb5_check_transited_realms.3
+krb5_checksum_disable.3
+krb5_checksum_free.3
+krb5_checksum_is_collision_proof.3
+krb5_checksum_is_keyed.3
+krb5_checksumsize.3
+krb5_clear_error_string.3
+krb5_closelog.3
+krb5_config_file_free.3
+krb5_config_free_strings.3
+krb5_config_get.3
+krb5_config_get_bool.3
+krb5_config_get_bool_default.3
+krb5_config_get_int.3
+krb5_config_get_int_default.3
+krb5_config_get_list.3
+krb5_config_get_next.3
+krb5_config_get_string.3
+krb5_config_get_string_default.3
+krb5_config_get_strings.3
+krb5_config_get_time.3
+krb5_config_get_time_default.3
+krb5_config_parse_file.3
+krb5_config_parse_file_multi.3
+krb5_config_vget.3
+krb5_config_vget_bool.3
+krb5_config_vget_bool_default.3
+krb5_config_vget_int.3
+krb5_config_vget_int_default.3
+krb5_config_vget_list.3
+krb5_config_vget_next.3
+krb5_config_vget_string.3
+krb5_config_vget_string_default.3
+krb5_config_vget_strings.3
+krb5_config_vget_time.3
+krb5_config_vget_time_default.3
+krb5_context.3
+krb5_copy_address.3
+krb5_copy_addresses.3
+krb5_copy_checksum.3
+krb5_copy_data.3
+krb5_copy_host_realm.3
+krb5_copy_keyblock.3
+krb5_copy_keyblock_contents.3
+krb5_copy_principal.3
+krb5_copy_ticket.3
+krb5_create_checksum.3
+krb5_creds.3
+krb5_crypto_destroy.3
+krb5_crypto_get_checksum_type.3
+krb5_crypto_getblocksize.3
+krb5_crypto_getconfoundersize.3
+krb5_crypto_getenctype.3
+krb5_crypto_getpadsize.3
+krb5_crypto_init.3
+krb5_data_alloc.3
+krb5_data_copy.3
+krb5_data_free.3
+krb5_data_realloc.3
+krb5_data_zero.3
+krb5_decrypt.3
+krb5_decrypt_EncryptedData.3
+krb5_digest.3
+krb5_digest_alloc.3
+krb5_digest_free.3
+krb5_digest_get_a1_hash.3
+krb5_digest_get_client_binding.3
+krb5_digest_get_identifier.3
+krb5_digest_get_opaque.3
+krb5_digest_get_responseData.3
+krb5_digest_get_rsp.3
+krb5_digest_get_server_nonce.3
+krb5_digest_get_tickets.3
+krb5_digest_init_request.3
+krb5_digest_request.3
+krb5_digest_set_authentication_user.3
+krb5_digest_set_authid.3
+krb5_digest_set_client_nonce.3
+krb5_digest_set_digest.3
+krb5_digest_set_hostname.3
+krb5_digest_set_identifier.3
+krb5_digest_set_method.3
+krb5_digest_set_nonceCount.3
+krb5_digest_set_opaque.3
+krb5_digest_set_qop.3
+krb5_digest_set_realm.3
+krb5_digest_set_server_cb.3
+krb5_digest_set_server_nonce.3
+krb5_digest_set_type.3
+krb5_digest_set_uri.3
+krb5_digest_set_username.3
+krb5_domain_x500_decode.3
+krb5_domain_x500_encode.3
+krb5_eai_to_heim_errno.3
+krb5_encrypt.3
+krb5_encrypt_EncryptedData.3
+krb5_enctype_disable.3
+krb5_enctype_to_string.3
+krb5_enctype_valid.3
+krb5_err.3
+krb5_errx.3
+krb5_expand_hostname.3
+krb5_expand_hostname_realms.3
+krb5_find_padata.3
+krb5_format_time.3
+krb5_free_address.3
+krb5_free_addresses.3
+krb5_free_authenticator.3
+krb5_free_checksum.3
+krb5_free_checksum_contents.3
+krb5_free_config_files.3
+krb5_free_context.3
+krb5_free_data.3
+krb5_free_data_contents.3
+krb5_free_error_string.3
+krb5_free_host_realm.3
+krb5_free_kdc_rep.3
+krb5_free_keyblock.3
+krb5_free_keyblock_contents.3
+krb5_free_krbhst.3
+krb5_free_principal.3
+krb5_free_salt.3
+krb5_free_ticket.3
+krb5_fwd_tgt_creds.3
+krb5_generate_random_block.3
+krb5_generate_random_keyblock.3
+krb5_generate_subkey.3
+krb5_get_all_client_addrs.3
+krb5_get_all_server_addrs.3
+krb5_get_cred_from_kdc.3
+krb5_get_cred_from_kdc_opt.3
+krb5_get_credentials.3
+krb5_get_credentials_with_flags.3
+krb5_get_default_config_files.3
+krb5_get_default_principal.3
+krb5_get_default_realm.3
+krb5_get_default_realms.3
+krb5_get_err_text.3
+krb5_get_error_message.3
+krb5_get_error_string.3
+krb5_get_extra_addresses.3
+krb5_get_fcache_version.3
+krb5_get_forwarded_creds.3
+krb5_get_host_realm.3
+krb5_get_ignore_addresses.3
+krb5_get_in_cred.3
+krb5_get_in_tkt.3
+krb5_get_in_tkt_with_keytab.3
+krb5_get_in_tkt_with_password.3
+krb5_get_in_tkt_with_skey.3
+krb5_get_init_creds.3
+krb5_get_init_creds_keytab.3
+krb5_get_init_creds_opt_alloc.3
+krb5_get_init_creds_opt_free.3
+krb5_get_init_creds_opt_free_pkinit.3
+krb5_get_init_creds_opt_init.3
+krb5_get_init_creds_opt_set_address_list.3
+krb5_get_init_creds_opt_set_anonymous.3
+krb5_get_init_creds_opt_set_default_flags.3
+krb5_get_init_creds_opt_set_etype_list.3
+krb5_get_init_creds_opt_set_forwardable.3
+krb5_get_init_creds_opt_set_pa_password.3
+krb5_get_init_creds_opt_set_paq_request.3
+krb5_get_init_creds_opt_set_pkinit.3
+krb5_get_init_creds_opt_set_preauth_list.3
+krb5_get_init_creds_opt_set_proxiable.3
+krb5_get_init_creds_opt_set_renew_life.3
+krb5_get_init_creds_opt_set_salt.3
+krb5_get_init_creds_opt_set_tkt_life.3
+krb5_get_init_creds_password.3
+krb5_get_kdc_cred.3
+krb5_get_krb524hst.3
+krb5_get_krb_admin_hst.3
+krb5_get_krb_changepw_hst.3
+krb5_get_krbhst.3
+krb5_get_pw_salt.3
+krb5_get_server_rcache.3
+krb5_get_use_admin_kdc.3
+krb5_get_wrapped_length.3
+krb5_getportbyname.3
+krb5_h_addr2addr.3
+krb5_h_addr2sockaddr.3
+krb5_h_errno_to_heim_errno.3
+krb5_have_error_string.3
+krb5_hmac.3
+krb5_init_context.3
+krb5_init_ets.3
+krb5_initlog.3
+krb5_keyblock_get_enctype.3
+krb5_keyblock_zero.3
+krb5_keytab_entry.3
+krb5_krbhst_format_string.3
+krb5_krbhst_free.3
+krb5_krbhst_get_addrinfo.3
+krb5_krbhst_init.3
+krb5_krbhst_init_flags.3
+krb5_krbhst_next.3
+krb5_krbhst_next_as_string.3
+krb5_krbhst_reset.3
+krb5_kt_add_entry.3
+krb5_kt_close.3
+krb5_kt_compare.3
+krb5_kt_copy_entry_contents.3
+krb5_kt_cursor.3
+krb5_kt_default.3
+krb5_kt_default_modify_name.3
+krb5_kt_default_name.3
+krb5_kt_end_seq_get.3
+krb5_kt_free_entry.3
+krb5_kt_get_entry.3
+krb5_kt_get_name.3
+krb5_kt_get_type.3
+krb5_kt_next_entry.3
+krb5_kt_ops.3
+krb5_kt_read_service_key.3
+krb5_kt_register.3
+krb5_kt_remove_entry.3
+krb5_kt_resolve.3.3
+krb5_kt_start_seq_get
+krb5_kuserok.3
+krb5_log.3
+krb5_log_msg.3
+krb5_make_addrport.3
+krb5_make_principal.3
+krb5_max_sockaddr_size.3
+krb5_openlog.3
+krb5_padata_add.3
+krb5_parse_address.3
+krb5_parse_name.3
+krb5_passwd_result_to_string.3
+krb5_password_key_proc.3
+krb5_prepend_config_files.3
+krb5_prepend_config_files_default.3
+krb5_princ_realm.3
+krb5_princ_set_realm.3
+krb5_principal.3
+krb5_principal_compare.3
+krb5_principal_compare_any_realm.3
+krb5_principal_get_comp_string.3
+krb5_principal_get_realm.3
+krb5_principal_get_type.3
+krb5_principal_match.3
+krb5_principal_set_type.3
+krb5_print_address.3
+krb5_rc_close.3
+krb5_rc_default.3
+krb5_rc_default_name.3
+krb5_rc_default_type.3
+krb5_rc_destroy.3
+krb5_rc_expunge.3
+krb5_rc_get_lifespan.3
+krb5_rc_get_name.3
+krb5_rc_get_type.3
+krb5_rc_initialize.3
+krb5_rc_recover.3
+krb5_rc_resolve.3
+krb5_rc_resolve_full.3
+krb5_rc_resolve_type.3
+krb5_rc_store.3
+krb5_rcache.3
+krb5_realm_compare.3
+krb5_ret_address.3
+krb5_ret_addrs.3
+krb5_ret_authdata.3
+krb5_ret_creds.3
+krb5_ret_data.3
+krb5_ret_int16.3
+krb5_ret_int32.3
+krb5_ret_int8.3
+krb5_ret_keyblock.3
+krb5_ret_principal.3
+krb5_ret_string.3
+krb5_ret_stringz.3
+krb5_ret_times.3
+krb5_set_config_files.3
+krb5_set_default_realm.3
+krb5_set_error_string.3
+krb5_set_extra_addresses.3
+krb5_set_fcache_version.3
+krb5_set_ignore_addresses.3
+krb5_set_password.3
+krb5_set_password_using_ccache.3
+krb5_set_real_time.3
+krb5_set_use_admin_kdc.3
+krb5_set_warn_dest.3
+krb5_sname_to_principal.3
+krb5_sock_to_principal.3
+krb5_sockaddr2address.3
+krb5_sockaddr2port.3
+krb5_sockaddr_uninteresting.3
+krb5_storage.3
+krb5_storage_clear_flags.3
+krb5_storage_emem.3
+krb5_storage_free.3
+krb5_storage_from_data.3
+krb5_storage_from_fd.3
+krb5_storage_from_mem.3
+krb5_storage_get_byteorder.3
+krb5_storage_is_flags.3
+krb5_storage_read.3
+krb5_storage_seek.3
+krb5_storage_set_byteorder.3
+krb5_storage_set_eof_code.3
+krb5_storage_set_flags.3
+krb5_storage_to_data.3
+krb5_storage_write.3
+krb5_store_address.3
+krb5_store_addrs.3
+krb5_store_authdata.3
+krb5_store_creds.3
+krb5_store_data.3
+krb5_store_int16.3
+krb5_store_int32.3
+krb5_store_int8.3
+krb5_store_keyblock.3
+krb5_store_principal.3
+krb5_store_string.3
+krb5_store_stringz.3
+krb5_store_times.3
+krb5_string_to_deltat.3
+krb5_string_to_enctype.3
+krb5_string_to_key.3
+krb5_string_to_key_data.3
+krb5_string_to_key_data_salt.3
+krb5_string_to_key_data_salt_opaque.3
+krb5_string_to_key_salt.3
+krb5_string_to_key_salt_opaque.3
+krb5_ticket.3
+krb5_ticket_get_authorization_data_type.3
+krb5_ticket_get_client.3
+krb5_ticket_get_server.3
+krb5_timeofday.3
+krb5_unparse_name.3
+krb5_unparse_name_fixed.3
+krb5_unparse_name_fixed_short.3
+krb5_unparse_name_short.3
+krb5_us_timeofday.3
+krb5_vabort.3
+krb5_vabortx.3
+krb5_verify_checksum.3
+krb5_verify_init_creds.3
+krb5_verify_init_creds_opt_init.3
+krb5_verify_init_creds_opt_set_ap_req_nofail.3
+krb5_verify_opt_init.3
+krb5_verify_opt_set_ccache.3
+krb5_verify_opt_set_flags.3
+krb5_verify_opt_set_keytab.3
+krb5_verify_opt_set_secure.3
+krb5_verify_opt_set_service.3
+krb5_verify_user.3
+krb5_verify_user_lrealm.3
+krb5_verify_user_opt.3
+krb5_verr.3
+krb5_verrx.3
+krb5_vlog.3
+krb5_vlog_msg.3
+krb5_vset_error_string.3
+krb5_vwarn.3
+krb5_vwarnx.3
+krb5_warn.3
+krb5_warnx.3
+.ta
+.Fi
+.Sh SEE ALSO
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5.conf.5
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5.conf.5 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5.conf.5 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,530 @@
+.\" Copyright (c) 1999 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5.conf.5,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 4, 2005
+.Dt KRB5.CONF 5
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5.conf
+.Nd configuration file for Kerberos 5
+.Sh SYNOPSIS
+.In krb5.h
+.Sh DESCRIPTION
+The
+.Nm
+file specifies several configuration parameters for the Kerberos 5
+library, as well as for some programs.
+.Pp
+The file consists of one or more sections, containing a number of
+bindings.
+The value of each binding can be either a string or a list of other
+bindings.
+The grammar looks like:
+.Bd -literal -offset indent
+file:
+ /* empty */
+ sections
+
+sections:
+ section sections
+ section
+
+section:
+ '[' section_name ']' bindings
+
+section_name:
+ STRING
+
+bindings:
+ binding bindings
+ binding
+
+binding:
+ name '=' STRING
+ name '=' '{' bindings '}'
+
+name:
+ STRING
+
+.Ed
+.Li STRINGs
+consists of one or more non-whitespace characters.
+.Pp
+STRINGs that are specified later in this man-page uses the following
+notation.
+.Bl -tag -width "xxx" -offset indent
+.It boolean
+values can be either yes/true or no/false.
+.It time
+values can be a list of year, month, day, hour, min, second.
+Example: 1 month 2 days 30 min.
+If no unit is given, seconds is assumed.
+.It etypes
+valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
+des3-cbc-sha1, arcfour-hmac-md5, aes128-cts-hmac-sha1-96, and
+aes256-cts-hmac-sha1-96 .
+.It address
+an address can be either a IPv4 or a IPv6 address.
+.El
+.Pp
+Currently recognised sections and bindings are:
+.Bl -tag -width "xxx" -offset indent
+.It Li [appdefaults]
+Specifies the default values to be used for Kerberos applications.
+You can specify defaults per application, realm, or a combination of
+these.
+The preference order is:
+.Bl -enum -compact
+.It
+.Va application Va realm Va option
+.It
+.Va application Va option
+.It
+.Va realm Va option
+.It
+.Va option
+.El
+.Pp
+The supported options are:
+.Bl -tag -width "xxx" -offset indent
+.It Li forwardable = Va boolean
+When obtaining initial credentials, make the credentials forwardable.
+.It Li proxiable = Va boolean
+When obtaining initial credentials, make the credentials proxiable.
+.It Li no-addresses = Va boolean
+When obtaining initial credentials, request them for an empty set of
+addresses, making the tickets valid from any address.
+.It Li ticket_lifetime = Va time
+Default ticket lifetime.
+.It Li renew_lifetime = Va time
+Default renewable ticket lifetime.
+.It Li encrypt = Va boolean
+Use encryption, when available.
+.It Li forward = Va boolean
+Forward credentials to remote host (for
+.Xr rsh 1 ,
+.Xr telnet 1 ,
+etc).
+.El
+.It Li [libdefaults]
+.Bl -tag -width "xxx" -offset indent
+.It Li default_realm = Va REALM
+Default realm to use, this is also known as your
+.Dq local realm .
+The default is the result of
+.Fn krb5_get_host_realm "local hostname" .
+.It Li clockskew = Va time
+Maximum time differential (in seconds) allowed when comparing
+times.
+Default is 300 seconds (five minutes).
+.It Li kdc_timeout = Va time
+Maximum time to wait for a reply from the kdc, default is 3 seconds.
+.It Li v4_name_convert
+.It Li v4_instance_resolve
+These are described in the
+.Xr krb5_425_conv_principal 3
+manual page.
+.It Li capath = {
+.Bl -tag -width "xxx" -offset indent
+.It Va destination-realm Li = Va next-hop-realm
+.It ...
+.It Li }
+.El
+This is deprecated, see the
+.Li capaths
+section below.
+.It Li default_cc_name = Va ccname
+the default credentials cache name.
+The string can contain variables that are expanded on runtime.
+Only support variable now is
+.Li %{uid}
+that expands to the current user id.
+.It Li default_etypes = Va etypes ...
+A list of default encryption types to use.
+.It Li default_etypes_des = Va etypes ...
+A list of default encryption types to use when requesting a DES credential.
+.It Li default_keytab_name = Va keytab
+The keytab to use if no other is specified, default is
+.Dq FILE:/etc/krb5.keytab .
+.It Li dns_lookup_kdc = Va boolean
+Use DNS SRV records to lookup KDC services location.
+.It Li dns_lookup_realm = Va boolean
+Use DNS TXT records to lookup domain to realm mappings.
+.It Li kdc_timesync = Va boolean
+Try to keep track of the time differential between the local machine
+and the KDC, and then compensate for that when issuing requests.
+.It Li max_retries = Va number
+The max number of times to try to contact each KDC.
+.It Li large_msg_size = Va number
+The threshold where protocols with tiny maximum message sizes are not
+considered usable to send messages to the KDC.
+.It Li ticket_lifetime = Va time
+Default ticket lifetime.
+.It Li renew_lifetime = Va time
+Default renewable ticket lifetime.
+.It Li forwardable = Va boolean
+When obtaining initial credentials, make the credentials forwardable.
+This option is also valid in the [realms] section.
+.It Li proxiable = Va boolean
+When obtaining initial credentials, make the credentials proxiable.
+This option is also valid in the [realms] section.
+.It Li verify_ap_req_nofail = Va boolean
+If enabled, failure to verify credentials against a local key is a
+fatal error.
+The application has to be able to read the corresponding service key
+for this to work.
+Some applications, like
+.Xr su 1 ,
+enable this option unconditionally.
+.It Li warn_pwexpire = Va time
+How soon to warn for expiring password.
+Default is seven days.
+.It Li http_proxy = Va proxy-spec
+A HTTP-proxy to use when talking to the KDC via HTTP.
+.It Li dns_proxy = Va proxy-spec
+Enable using DNS via HTTP.
+.It Li extra_addresses = Va address ...
+A list of addresses to get tickets for along with all local addresses.
+.It Li time_format = Va string
+How to print time strings in logs, this string is passed to
+.Xr strftime 3 .
+.It Li date_format = Va string
+How to print date strings in logs, this string is passed to
+.Xr strftime 3 .
+.It Li log_utc = Va boolean
+Write log-entries using UTC instead of your local time zone.
+.It Li scan_interfaces = Va boolean
+Scan all network interfaces for addresses, as opposed to simply using
+the address associated with the system's host name.
+.It Li fcache_version = Va int
+Use file credential cache format version specified.
+.It Li krb4_get_tickets = Va boolean
+Also get Kerberos 4 tickets in
+.Nm kinit ,
+.Nm login ,
+and other programs.
+This option is also valid in the [realms] section.
+.It Li fcc-mit-ticketflags = Va boolean
+Use MIT compatible format for file credential cache.
+It's the field ticketflags that is stored in reverse bit order for
+older than Heimdal 0.7.
+Setting this flag to
+.Dv TRUE
+make it store the MIT way, this is default for Heimdal 0.7.
+.El
+.It Li [domain_realm]
+This is a list of mappings from DNS domain to Kerberos realm.
+Each binding in this section looks like:
+.Pp
+.Dl domain = realm
+.Pp
+The domain can be either a full name of a host or a trailing
+component, in the latter case the domain-string should start with a
+period.
+The trailing component only matches hosts that are in the same domain, ie
+.Dq .example.com
+matches
+.Dq foo.example.com ,
+but not
+.Dq foo.test.example.com .
+.Pp
+The realm may be the token `dns_locate', in which case the actual
+realm will be determined using DNS (independently of the setting
+of the `dns_lookup_realm' option).
+.It Li [realms]
+.Bl -tag -width "xxx" -offset indent
+.It Va REALM Li = {
+.Bl -tag -width "xxx" -offset indent
+.It Li kdc = Va [service/]host[:port]
+Specifies a list of kdcs for this realm.
+If the optional
+.Va port
+is absent, the
+default value for the
+.Dq kerberos/udp
+.Dq kerberos/tcp ,
+and
+.Dq http/tcp
+port (depending on service) will be used.
+The kdcs will be used in the order that they are specified.
+.Pp
+The optional
+.Va service
+specifies over what medium the kdc should be
+contacted.
+Possible services are
+.Dq udp ,
+.Dq tcp ,
+and
+.Dq http .
+Http can also be written as
+.Dq http:// .
+Default service is
+.Dq udp
+and
+.Dq tcp .
+.It Li admin_server = Va host[:port]
+Specifies the admin server for this realm, where all the modifications
+to the database are performed.
+.It Li kpasswd_server = Va host[:port]
+Points to the server where all the password changes are performed.
+If there is no such entry, the kpasswd port on the admin_server host
+will be tried.
+.It Li krb524_server = Va host[:port]
+Points to the server that does 524 conversions.
+If it is not mentioned, the krb524 port on the kdcs will be tried.
+.It Li v4_instance_convert
+.It Li v4_name_convert
+.It Li default_domain
+See
+.Xr krb5_425_conv_principal 3 .
+.It Li tgs_require_subkey
+a boolan variable that defaults to false.
+Old DCE secd (pre 1.1) might need this to be true.
+.El
+.It Li }
+.El
+.It Li [capaths]
+.Bl -tag -width "xxx" -offset indent
+.It Va client-realm Li = {
+.Bl -tag -width "xxx" -offset indent
+.It Va server-realm Li = Va hop-realm ...
+This serves two purposes. First the first listed
+.Va hop-realm
+tells a client which realm it should contact in order to ultimately
+obtain credentials for a service in the
+.Va server-realm .
+Secondly, it tells the KDC (and other servers) which realms are
+allowed in a multi-hop traversal from
+.Va client-realm
+to
+.Va server-realm .
+Except for the client case, the order of the realms are not important.
+.El
+.It Va }
+.El
+.It Li [logging]
+.Bl -tag -width "xxx" -offset indent
+.It Va entity Li = Va destination
+Specifies that
+.Va entity
+should use the specified
+.Li destination
+for logging.
+See the
+.Xr krb5_openlog 3
+manual page for a list of defined destinations.
+.El
+.It Li [kdc]
+.Bl -tag -width "xxx" -offset indent
+.It Li database Li = {
+.Bl -tag -width "xxx" -offset indent
+.It Li dbname Li = Va DATABASENAME
+Use this database for this realm.
+See the info documetation how to configure diffrent database backends.
+.It Li realm Li = Va REALM
+Specifies the realm that will be stored in this database.
+It realm isn't set, it will used as the default database, there can
+only be one entry that doesn't have a
+.Li realm
+stanza.
+.It Li mkey_file Li = Pa FILENAME
+Use this keytab file for the master key of this database.
+If not specified
+.Va DATABASENAME Ns .mkey
+will be used.
+.It Li acl_file Li = PA FILENAME
+Use this file for the ACL list of this database.
+.It Li log_file Li = Pa FILENAME
+Use this file as the log of changes performed to the database.
+This file is used by
+.Nm ipropd-master
+for propagating changes to slaves.
+.El
+.It Li }
+.It Li max-request = Va SIZE
+Maximum size of a kdc request.
+.It Li require-preauth = Va BOOL
+If set pre-authentication is required.
+Since krb4 requests are not pre-authenticated they will be rejected.
+.It Li ports = Va "list of ports"
+List of ports the kdc should listen to.
+.It Li addresses = Va "list of interfaces"
+List of addresses the kdc should bind to.
+.It Li enable-kerberos4 = Va BOOL
+Turn on Kerberos 4 support.
+.It Li v4-realm = Va REALM
+To what realm v4 requests should be mapped.
+.It Li enable-524 = Va BOOL
+Should the Kerberos 524 converting facility be turned on.
+Default is the same as
+.Va enable-kerberos4 .
+.It Li enable-http = Va BOOL
+Should the kdc answer kdc-requests over http.
+.It Li enable-kaserver = Va BOOL
+If this kdc should emulate the AFS kaserver.
+.It Li check-ticket-addresses = Va BOOL
+Verify the addresses in the tickets used in tgs requests.
+.\" XXX
+.It Li allow-null-ticket-addresses = Va BOOL
+Allow address-less tickets.
+.\" XXX
+.It Li allow-anonymous = Va BOOL
+If the kdc is allowed to hand out anonymous tickets.
+.It Li encode_as_rep_as_tgs_rep = Va BOOL
+Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
+.\" XXX
+.It Li kdc_warn_pwexpire = Va TIME
+The time before expiration that the user should be warned that her
+password is about to expire.
+.It Li logging = Va Logging
+What type of logging the kdc should use, see also [logging]/kdc.
+.It Li use_2b = {
+.Bl -tag -width "xxx" -offset indent
+.It Va principal Li = Va BOOL
+boolean value if the 524 daemon should return AFS 2b tokens for
+.Fa principal .
+.It ...
+.El
+.It Li }
+.It Li hdb-ldap-structural-object Va structural object
+If the LDAP backend is used for storing principals, this is the
+structural object that will be used when creating and when reading
+objects.
+The default value is account .
+.It Li hdb-ldap-create-base Va creation dn
+is the dn that will be appended to the principal when creating entries.
+Default value is the search dn.
+.El
+.It Li [kadmin]
+.Bl -tag -width "xxx" -offset indent
+.It Li require-preauth = Va BOOL
+If pre-authentication is required to talk to the kadmin server.
+.It Li password_lifetime = Va time
+If a principal already have its password set for expiration, this is
+the time it will be valid for after a change.
+.It Li default_keys = Va keytypes...
+For each entry in
+.Va default_keys
+try to parse it as a sequence of
+.Va etype:salttype:salt
+syntax of this if something like:
+.Pp
+[(des|des3|etype):](pw-salt|afs3-salt)[:string]
+.Pp
+If
+.Ar etype
+is omitted it means everything, and if string is omitted it means the
+default salt string (for that principal and encryption type).
+Additional special values of keytypes are:
+.Bl -tag -width "xxx" -offset indent
+.It Li v5
+The Kerberos 5 salt
+.Va pw-salt
+.It Li v4
+The Kerberos 4 salt
+.Va des:pw-salt:
+.El
+.It Li use_v4_salt = Va BOOL
+When true, this is the same as
+.Pp
+.Va default_keys = Va des3:pw-salt Va v4
+.Pp
+and is only left for backwards compatibility.
+.El
+.It Li [password-quality]
+Check the Password quality assurance in the info documentation for
+more information.
+.Bl -tag -width "xxx" -offset indent
+.It Li check_library = Va library-name
+Library name that contains the password check_function
+.It Li check_function = Va function-name
+Function name for checking passwords in check_library
+.It Li policy_libraries = Va library1 ... libraryN
+List of libraries that can do password policy checks
+.It Li policies = Va policy1 ... policyN
+List of policy names to apply to the password. Builtin policies are
+among other minimum-length, character-class, external-check.
+.El
+.El
+.Sh ENVIRONMENT
+.Ev KRB5_CONFIG
+points to the configuration file to read.
+.Sh FILES
+.Bl -tag -width "/etc/krb5.conf"
+.It Pa /etc/krb5.conf
+configuration file for Kerberos 5.
+.El
+.Sh EXAMPLES
+.Bd -literal -offset indent
+[libdefaults]
+ default_realm = FOO.SE
+[domain_realm]
+ .foo.se = FOO.SE
+ .bar.se = FOO.SE
+[realms]
+ FOO.SE = {
+ kdc = kerberos.foo.se
+ v4_name_convert = {
+ rcmd = host
+ }
+ v4_instance_convert = {
+ xyz = xyz.bar.se
+ }
+ default_domain = foo.se
+ }
+[logging]
+ kdc = FILE:/var/heimdal/kdc.log
+ kdc = SYSLOG:INFO
+ default = SYSLOG:INFO:USER
+.Ed
+.Sh DIAGNOSTICS
+Since
+.Nm
+is read and parsed by the krb5 library, there is not a lot of
+opportunities for programs to report parsing errors in any useful
+format.
+To help overcome this problem, there is a program
+.Nm verify_krb5_conf
+that reads
+.Nm
+and tries to emit useful diagnostics from parsing errors.
+Note that this program does not have any way of knowing what options
+are actually used and thus cannot warn about unknown or misspelled
+ones.
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr krb5_425_conv_principal 3 ,
+.Xr krb5_openlog 3 ,
+.Xr strftime 3 ,
+.Xr verify_krb5_conf 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,780 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb5.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __KRB5_H__
+#define __KRB5_H__
+
+#include <time.h>
+#include <krb5-types.h>
+
+#include <asn1_err.h>
+#include <krb5_err.h>
+#include <heim_err.h>
+#include <k524_err.h>
+
+#include <krb5_asn1.h>
+
+/* name confusion with MIT */
+#ifndef KRB5KDC_ERR_KEY_EXP
+#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
+#endif
+
+/* simple constants */
+
+#ifndef TRUE
+#define TRUE 1
+#define FALSE 0
+#endif
+
+typedef int krb5_boolean;
+
+typedef int32_t krb5_error_code;
+
+typedef int krb5_kvno;
+
+typedef uint32_t krb5_flags;
+
+typedef void *krb5_pointer;
+typedef const void *krb5_const_pointer;
+
+struct krb5_crypto_data;
+typedef struct krb5_crypto_data *krb5_crypto;
+
+struct krb5_get_creds_opt_data;
+typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
+
+struct krb5_digest_data;
+typedef struct krb5_digest_data *krb5_digest;
+struct krb5_ntlm_data;
+typedef struct krb5_ntlm_data *krb5_ntlm;
+
+struct krb5_pac_data;
+typedef struct krb5_pac_data *krb5_pac;
+
+typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
+typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
+
+typedef CKSUMTYPE krb5_cksumtype;
+
+typedef Checksum krb5_checksum;
+
+typedef ENCTYPE krb5_enctype;
+
+typedef heim_octet_string krb5_data;
+
+/* PKINIT related forward declarations */
+struct ContentInfo;
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+
+/* krb5_enc_data is a mit compat structure */
+typedef struct krb5_enc_data {
+ krb5_enctype enctype;
+ krb5_kvno kvno;
+ krb5_data ciphertext;
+} krb5_enc_data;
+
+/* alternative names */
+enum {
+ ENCTYPE_NULL = ETYPE_NULL,
+ ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4,
+ ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5,
+ ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5,
+ ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1,
+ ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE,
+ ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV,
+ ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB,
+ ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1,
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96,
+ ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5,
+ ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5,
+ ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56,
+ ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS,
+ ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE,
+ ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
+ ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
+ ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE
+};
+
+typedef PADATA_TYPE krb5_preauthtype;
+
+typedef enum krb5_key_usage {
+ KRB5_KU_PA_ENC_TIMESTAMP = 1,
+ /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
+ client key (section 5.4.1) */
+ KRB5_KU_TICKET = 2,
+ /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
+ application session key), encrypted with the service key
+ (section 5.4.2) */
+ KRB5_KU_AS_REP_ENC_PART = 3,
+ /* AS-REP encrypted part (includes tgs session key or application
+ session key), encrypted with the client key (section 5.4.2) */
+ KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
+ /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
+ session key (section 5.4.1) */
+ KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
+ /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
+ authenticator subkey (section 5.4.1) */
+ KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
+ /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
+ with the tgs session key (sections 5.3.2, 5.4.1) */
+ KRB5_KU_TGS_REQ_AUTH = 7,
+ /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
+ authenticator subkey), encrypted with the tgs session key
+ (section 5.3.2) */
+ KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
+ /* TGS-REP encrypted part (includes application session key),
+ encrypted with the tgs session key (section 5.4.2) */
+ KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
+ /* TGS-REP encrypted part (includes application session key),
+ encrypted with the tgs authenticator subkey (section 5.4.2) */
+ KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
+ /* AP-REQ Authenticator cksum, keyed with the application session
+ key (section 5.3.2) */
+ KRB5_KU_AP_REQ_AUTH = 11,
+ /* AP-REQ Authenticator (includes application authenticator
+ subkey), encrypted with the application session key (section
+ 5.3.2) */
+ KRB5_KU_AP_REQ_ENC_PART = 12,
+ /* AP-REP encrypted part (includes application session subkey),
+ encrypted with the application session key (section 5.5.2) */
+ KRB5_KU_KRB_PRIV = 13,
+ /* KRB-PRIV encrypted part, encrypted with a key chosen by the
+ application (section 5.7.1) */
+ KRB5_KU_KRB_CRED = 14,
+ /* KRB-CRED encrypted part, encrypted with a key chosen by the
+ application (section 5.8.1) */
+ KRB5_KU_KRB_SAFE_CKSUM = 15,
+ /* KRB-SAFE cksum, keyed with a key chosen by the application
+ (section 5.6.1) */
+ KRB5_KU_OTHER_ENCRYPTED = 16,
+ /* Data which is defined in some specification outside of
+ Kerberos to be encrypted using an RFC1510 encryption type. */
+ KRB5_KU_OTHER_CKSUM = 17,
+ /* Data which is defined in some specification outside of
+ Kerberos to be checksummed using an RFC1510 checksum type. */
+ KRB5_KU_KRB_ERROR = 18,
+ /* Krb-error checksum */
+ KRB5_KU_AD_KDC_ISSUED = 19,
+ /* AD-KDCIssued checksum */
+ KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
+ /* Checksum for Mandatory Ticket Extensions */
+ KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
+ /* Checksum in Authorization Data in Ticket Extensions */
+ KRB5_KU_USAGE_SEAL = 22,
+ /* seal in GSSAPI krb5 mechanism */
+ KRB5_KU_USAGE_SIGN = 23,
+ /* sign in GSSAPI krb5 mechanism */
+ KRB5_KU_USAGE_SEQ = 24,
+ /* SEQ in GSSAPI krb5 mechanism */
+ KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
+ /* acceptor sign in GSSAPI CFX krb5 mechanism */
+ KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
+ /* acceptor seal in GSSAPI CFX krb5 mechanism */
+ KRB5_KU_USAGE_INITIATOR_SEAL = 24,
+ /* initiator sign in GSSAPI CFX krb5 mechanism */
+ KRB5_KU_USAGE_INITIATOR_SIGN = 25,
+ /* initiator seal in GSSAPI CFX krb5 mechanism */
+ KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
+ /* encrypted server referral data */
+ KRB5_KU_SAM_CHECKSUM = 25,
+ /* Checksum for the SAM-CHECKSUM field */
+ KRB5_KU_SAM_ENC_TRACK_ID = 26,
+ /* Encryption of the SAM-TRACK-ID field */
+ KRB5_KU_PA_SERVER_REFERRAL = 26,
+ /* Keyusage for the server referral in a TGS req */
+ KRB5_KU_SAM_ENC_NONCE_SAD = 27,
+ /* Encryption of the SAM-NONCE-OR-SAD field */
+ KRB5_KU_DIGEST_ENCRYPT = -18,
+ /* Encryption key usage used in the digest encryption field */
+ KRB5_KU_DIGEST_OPAQUE = -19,
+ /* Checksum key usage used in the digest opaque field */
+ KRB5_KU_KRB5SIGNEDPATH = -21,
+ /* Checksum key usage on KRB5SignedPath */
+ KRB5_KU_CANONICALIZED_NAMES = -23
+ /* Checksum key usage on PA-CANONICALIZED */
+} krb5_key_usage;
+
+typedef krb5_key_usage krb5_keyusage;
+
+typedef enum krb5_salttype {
+ KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
+ KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
+}krb5_salttype;
+
+typedef struct krb5_salt {
+ krb5_salttype salttype;
+ krb5_data saltvalue;
+} krb5_salt;
+
+typedef ETYPE_INFO krb5_preauthinfo;
+
+typedef struct {
+ krb5_preauthtype type;
+ krb5_preauthinfo info; /* list of preauthinfo for this type */
+} krb5_preauthdata_entry;
+
+typedef struct krb5_preauthdata {
+ unsigned len;
+ krb5_preauthdata_entry *val;
+}krb5_preauthdata;
+
+typedef enum krb5_address_type {
+ KRB5_ADDRESS_INET = 2,
+ KRB5_ADDRESS_NETBIOS = 20,
+ KRB5_ADDRESS_INET6 = 24,
+ KRB5_ADDRESS_ADDRPORT = 256,
+ KRB5_ADDRESS_IPPORT = 257
+} krb5_address_type;
+
+enum {
+ AP_OPTS_USE_SESSION_KEY = 1,
+ AP_OPTS_MUTUAL_REQUIRED = 2,
+ AP_OPTS_USE_SUBKEY = 4 /* library internal */
+};
+
+typedef HostAddress krb5_address;
+
+typedef HostAddresses krb5_addresses;
+
+typedef enum krb5_keytype {
+ KEYTYPE_NULL = 0,
+ KEYTYPE_DES = 1,
+ KEYTYPE_DES3 = 7,
+ KEYTYPE_AES128 = 17,
+ KEYTYPE_AES256 = 18,
+ KEYTYPE_ARCFOUR = 23,
+ KEYTYPE_ARCFOUR_56 = 24
+} krb5_keytype;
+
+typedef EncryptionKey krb5_keyblock;
+
+typedef AP_REQ krb5_ap_req;
+
+struct krb5_cc_ops;
+
+#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
+
+#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
+
+#define KRB5_ACCEPT_NULL_ADDRESSES(C) \
+ krb5_config_get_bool_default((C), NULL, TRUE, \
+ "libdefaults", "accept_null_addresses", \
+ NULL)
+
+typedef void *krb5_cc_cursor;
+
+typedef struct krb5_ccache_data {
+ const struct krb5_cc_ops *ops;
+ krb5_data data;
+}krb5_ccache_data;
+
+typedef struct krb5_ccache_data *krb5_ccache;
+
+typedef struct krb5_context_data *krb5_context;
+
+typedef Realm krb5_realm;
+typedef const char *krb5_const_realm; /* stupid language */
+
+#define krb5_realm_length(r) strlen(r)
+#define krb5_realm_data(r) (r)
+
+typedef Principal krb5_principal_data;
+typedef struct Principal *krb5_principal;
+typedef const struct Principal *krb5_const_principal;
+
+typedef time_t krb5_deltat;
+typedef time_t krb5_timestamp;
+
+typedef struct krb5_times {
+ krb5_timestamp authtime;
+ krb5_timestamp starttime;
+ krb5_timestamp endtime;
+ krb5_timestamp renew_till;
+} krb5_times;
+
+typedef union {
+ TicketFlags b;
+ krb5_flags i;
+} krb5_ticket_flags;
+
+/* options for krb5_get_in_tkt() */
+#define KDC_OPT_FORWARDABLE (1 << 1)
+#define KDC_OPT_FORWARDED (1 << 2)
+#define KDC_OPT_PROXIABLE (1 << 3)
+#define KDC_OPT_PROXY (1 << 4)
+#define KDC_OPT_ALLOW_POSTDATE (1 << 5)
+#define KDC_OPT_POSTDATED (1 << 6)
+#define KDC_OPT_RENEWABLE (1 << 8)
+#define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
+#define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
+#define KDC_OPT_RENEWABLE_OK (1 << 27)
+#define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
+#define KDC_OPT_RENEW (1 << 30)
+#define KDC_OPT_VALIDATE (1 << 31)
+
+typedef union {
+ KDCOptions b;
+ krb5_flags i;
+} krb5_kdc_flags;
+
+/* flags for krb5_verify_ap_req */
+
+#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
+
+#define KRB5_GC_CACHED (1U << 0)
+#define KRB5_GC_USER_USER (1U << 1)
+#define KRB5_GC_EXPIRED_OK (1U << 2)
+#define KRB5_GC_NO_STORE (1U << 3)
+#define KRB5_GC_FORWARDABLE (1U << 4)
+#define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
+#define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
+
+/* constants for compare_creds (and cc_retrieve_cred) */
+#define KRB5_TC_DONT_MATCH_REALM (1U << 31)
+#define KRB5_TC_MATCH_KEYTYPE (1U << 30)
+#define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
+#define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
+#define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
+#define KRB5_TC_MATCH_FLAGS (1 << 27)
+#define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
+#define KRB5_TC_MATCH_TIMES (1 << 25)
+#define KRB5_TC_MATCH_AUTHDATA (1 << 24)
+#define KRB5_TC_MATCH_2ND_TKT (1 << 23)
+#define KRB5_TC_MATCH_IS_SKEY (1 << 22)
+
+typedef AuthorizationData krb5_authdata;
+
+typedef KRB_ERROR krb5_error;
+
+typedef struct krb5_creds {
+ krb5_principal client;
+ krb5_principal server;
+ krb5_keyblock session;
+ krb5_times times;
+ krb5_data ticket;
+ krb5_data second_ticket;
+ krb5_authdata authdata;
+ krb5_addresses addresses;
+ krb5_ticket_flags flags;
+} krb5_creds;
+
+typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
+
+typedef struct krb5_cc_ops {
+ const char *prefix;
+ const char* (*get_name)(krb5_context, krb5_ccache);
+ krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *);
+ krb5_error_code (*gen_new)(krb5_context, krb5_ccache *);
+ krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal);
+ krb5_error_code (*destroy)(krb5_context, krb5_ccache);
+ krb5_error_code (*close)(krb5_context, krb5_ccache);
+ krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*);
+ krb5_error_code (*retrieve)(krb5_context, krb5_ccache,
+ krb5_flags, const krb5_creds*, krb5_creds *);
+ krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*);
+ krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
+ krb5_error_code (*get_next)(krb5_context, krb5_ccache,
+ krb5_cc_cursor*, krb5_creds*);
+ krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
+ krb5_error_code (*remove_cred)(krb5_context, krb5_ccache,
+ krb5_flags, krb5_creds*);
+ krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags);
+ int (*get_version)(krb5_context, krb5_ccache);
+ krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *);
+ krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *);
+ krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor);
+ krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache);
+ krb5_error_code (*default_name)(krb5_context, char **);
+} krb5_cc_ops;
+
+struct krb5_log_facility;
+
+struct krb5_config_binding {
+ enum { krb5_config_string, krb5_config_list } type;
+ char *name;
+ struct krb5_config_binding *next;
+ union {
+ char *string;
+ struct krb5_config_binding *list;
+ void *generic;
+ } u;
+};
+
+typedef struct krb5_config_binding krb5_config_binding;
+
+typedef krb5_config_binding krb5_config_section;
+
+typedef struct krb5_ticket {
+ EncTicketPart ticket;
+ krb5_principal client;
+ krb5_principal server;
+} krb5_ticket;
+
+typedef Authenticator krb5_authenticator_data;
+
+typedef krb5_authenticator_data *krb5_authenticator;
+
+struct krb5_rcache_data;
+typedef struct krb5_rcache_data *krb5_rcache;
+typedef Authenticator krb5_donot_replay;
+
+#define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
+#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
+#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
+#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
+#define KRB5_STORAGE_BYTEORDER_MASK 0x60
+#define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
+#define KRB5_STORAGE_BYTEORDER_LE 0x20
+#define KRB5_STORAGE_BYTEORDER_HOST 0x40
+#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
+
+struct krb5_storage_data;
+typedef struct krb5_storage_data krb5_storage;
+
+typedef struct krb5_keytab_entry {
+ krb5_principal principal;
+ krb5_kvno vno;
+ krb5_keyblock keyblock;
+ uint32_t timestamp;
+} krb5_keytab_entry;
+
+typedef struct krb5_kt_cursor {
+ int fd;
+ krb5_storage *sp;
+ void *data;
+} krb5_kt_cursor;
+
+struct krb5_keytab_data;
+
+typedef struct krb5_keytab_data *krb5_keytab;
+
+#define KRB5_KT_PREFIX_MAX_LEN 30
+
+struct krb5_keytab_data {
+ const char *prefix;
+ krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab);
+ krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t);
+ krb5_error_code (*close)(krb5_context, krb5_keytab);
+ krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal,
+ krb5_kvno, krb5_enctype, krb5_keytab_entry*);
+ krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
+ krb5_error_code (*next_entry)(krb5_context, krb5_keytab,
+ krb5_keytab_entry*, krb5_kt_cursor*);
+ krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
+ krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
+ krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
+ void *data;
+ int32_t version;
+};
+
+typedef struct krb5_keytab_data krb5_kt_ops;
+
+struct krb5_keytab_key_proc_args {
+ krb5_keytab keytab;
+ krb5_principal principal;
+};
+
+typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
+
+typedef struct krb5_replay_data {
+ krb5_timestamp timestamp;
+ int32_t usec;
+ uint32_t seq;
+} krb5_replay_data;
+
+/* flags for krb5_auth_con_setflags */
+enum {
+ KRB5_AUTH_CONTEXT_DO_TIME = 1,
+ KRB5_AUTH_CONTEXT_RET_TIME = 2,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
+ KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
+ KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
+};
+
+/* flags for krb5_auth_con_genaddrs */
+enum {
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
+};
+
+typedef struct krb5_auth_context_data {
+ unsigned int flags;
+
+ krb5_address *local_address;
+ krb5_address *remote_address;
+ int16_t local_port;
+ int16_t remote_port;
+ krb5_keyblock *keyblock;
+ krb5_keyblock *local_subkey;
+ krb5_keyblock *remote_subkey;
+
+ uint32_t local_seqnumber;
+ uint32_t remote_seqnumber;
+
+ krb5_authenticator authenticator;
+
+ krb5_pointer i_vector;
+
+ krb5_rcache rcache;
+
+ krb5_keytype keytype; /* \xBFrequested key type ? */
+ krb5_cksumtype cksumtype; /* \xA1requested checksum type! */
+
+}krb5_auth_context_data, *krb5_auth_context;
+
+typedef struct {
+ KDC_REP kdc_rep;
+ EncKDCRepPart enc_part;
+ KRB_ERROR error;
+} krb5_kdc_rep;
+
+extern const char *heimdal_version, *heimdal_long_version;
+
+typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
+typedef void (*krb5_log_close_func_t)(void*);
+
+typedef struct krb5_log_facility {
+ char *program;
+ int len;
+ struct facility *val;
+} krb5_log_facility;
+
+typedef EncAPRepPart krb5_ap_rep_enc_part;
+
+#define KRB5_RECVAUTH_IGNORE_VERSION 1
+
+#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
+
+#define KRB5_TGS_NAME_SIZE (6)
+#define KRB5_TGS_NAME ("krbtgt")
+
+#define KRB5_DIGEST_NAME ("digest")
+
+/* variables */
+
+extern const char *krb5_config_file;
+extern const char *krb5_defkeyname;
+
+typedef enum {
+ KRB5_PROMPT_TYPE_PASSWORD = 0x1,
+ KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
+ KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
+ KRB5_PROMPT_TYPE_PREAUTH = 0x4,
+ KRB5_PROMPT_TYPE_INFO = 0x5
+} krb5_prompt_type;
+
+typedef struct _krb5_prompt {
+ const char *prompt;
+ int hidden;
+ krb5_data *reply;
+ krb5_prompt_type type;
+} krb5_prompt;
+
+typedef int (*krb5_prompter_fct)(krb5_context /*context*/,
+ void * /*data*/,
+ const char * /*name*/,
+ const char * /*banner*/,
+ int /*num_prompts*/,
+ krb5_prompt /*prompts*/[]);
+typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ krb5_salt /*salt*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_keyblock ** /*key*/);
+typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/,
+ krb5_keyblock * /*key*/,
+ krb5_key_usage /*usage*/,
+ krb5_const_pointer /*decrypt_arg*/,
+ krb5_kdc_rep * /*dec_rep*/);
+typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/,
+ krb5_enctype /*type*/,
+ krb5_const_pointer /*keyseed*/,
+ krb5_salt /*salt*/,
+ krb5_data * /*s2kparms*/,
+ krb5_keyblock ** /*key*/);
+
+struct _krb5_get_init_creds_opt_private;
+
+typedef struct _krb5_get_init_creds_opt {
+ krb5_flags flags;
+ krb5_deltat tkt_life;
+ krb5_deltat renew_life;
+ int forwardable;
+ int proxiable;
+ int anonymous;
+ krb5_enctype *etype_list;
+ int etype_list_length;
+ krb5_addresses *address_list;
+ /* XXX the next three should not be used, as they may be
+ removed later */
+ krb5_preauthtype *preauth_list;
+ int preauth_list_length;
+ krb5_data *salt;
+ struct _krb5_get_init_creds_opt_private *opt_private;
+} krb5_get_init_creds_opt;
+
+#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
+#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
+#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
+#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
+#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
+#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
+#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
+#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
+#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
+#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
+
+typedef struct _krb5_verify_init_creds_opt {
+ krb5_flags flags;
+ int ap_req_nofail;
+} krb5_verify_init_creds_opt;
+
+#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
+
+typedef struct krb5_verify_opt {
+ unsigned int flags;
+ krb5_ccache ccache;
+ krb5_keytab keytab;
+ krb5_boolean secure;
+ const char *service;
+} krb5_verify_opt;
+
+#define KRB5_VERIFY_LREALMS 1
+#define KRB5_VERIFY_NO_ADDRESSES 2
+
+extern const krb5_cc_ops krb5_acc_ops;
+extern const krb5_cc_ops krb5_fcc_ops;
+extern const krb5_cc_ops krb5_mcc_ops;
+extern const krb5_cc_ops krb5_kcm_ops;
+
+extern const krb5_kt_ops krb5_fkt_ops;
+extern const krb5_kt_ops krb5_wrfkt_ops;
+extern const krb5_kt_ops krb5_javakt_ops;
+extern const krb5_kt_ops krb5_mkt_ops;
+extern const krb5_kt_ops krb5_akf_ops;
+extern const krb5_kt_ops krb4_fkt_ops;
+extern const krb5_kt_ops krb5_srvtab_fkt_ops;
+extern const krb5_kt_ops krb5_any_ops;
+
+#define KRB5_KPASSWD_VERS_CHANGEPW 1
+#define KRB5_KPASSWD_VERS_SETPW 0xff80
+
+#define KRB5_KPASSWD_SUCCESS 0
+#define KRB5_KPASSWD_MALFORMED 1
+#define KRB5_KPASSWD_HARDERROR 2
+#define KRB5_KPASSWD_AUTHERROR 3
+#define KRB5_KPASSWD_SOFTERROR 4
+#define KRB5_KPASSWD_ACCESSDENIED 5
+#define KRB5_KPASSWD_BAD_VERSION 6
+#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
+
+#define KPASSWD_PORT 464
+
+/* types for the new krbhst interface */
+struct krb5_krbhst_data;
+typedef struct krb5_krbhst_data *krb5_krbhst_handle;
+
+#define KRB5_KRBHST_KDC 1
+#define KRB5_KRBHST_ADMIN 2
+#define KRB5_KRBHST_CHANGEPW 3
+#define KRB5_KRBHST_KRB524 4
+#define KRB5_KRBHST_KCA 5
+
+typedef struct krb5_krbhst_info {
+ enum { KRB5_KRBHST_UDP,
+ KRB5_KRBHST_TCP,
+ KRB5_KRBHST_HTTP } proto;
+ unsigned short port;
+ unsigned short def_port;
+ struct addrinfo *ai;
+ struct krb5_krbhst_info *next;
+ char hostname[1]; /* has to come last */
+} krb5_krbhst_info;
+
+/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
+enum {
+ KRB5_KRBHST_FLAGS_MASTER = 1,
+ KRB5_KRBHST_FLAGS_LARGE_MSG = 2
+};
+
+typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context,
+ void *,
+ krb5_krbhst_info *,
+ const krb5_data *,
+ krb5_data *);
+
+/* flags for krb5_parse_name_flags */
+enum {
+ KRB5_PRINCIPAL_PARSE_NO_REALM = 1,
+ KRB5_PRINCIPAL_PARSE_MUST_REALM = 2,
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4
+};
+
+/* flags for krb5_unparse_name_flags */
+enum {
+ KRB5_PRINCIPAL_UNPARSE_SHORT = 1,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2,
+ KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4
+};
+
+typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
+
+#define KRB5_SENDTO_DONE 0
+#define KRB5_SENDTO_RESTART 1
+#define KRB5_SENDTO_CONTINUE 2
+
+typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
+
+struct krb5_plugin;
+enum krb5_plugin_type {
+ PLUGIN_TYPE_DATA = 1,
+ PLUGIN_TYPE_FUNC
+};
+
+struct credentials; /* this is to keep the compiler happy */
+struct getargs;
+struct sockaddr;
+
+#include <krb5-protos.h>
+
+#endif /* __KRB5_H__ */
+
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5.moduli
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5.moduli (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5.moduli 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+# $Id: krb5.moduli,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+# comment security-bits-decimal secure-prime(p)-hex generator(g)-hex (q)-hex
+rfc3526-MODP-group14 1760 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF 02 7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA3604650C10BE19482F23171B671DF1CF3B960C074301CD93C1D17603D147DAE2AEF837A62964EF15E5FB4AAC0B8C1CCAA4BE754AB5728AE9130C4C7D02880AB9472D455655347FFFFFFFFFFFFFFF
Added: vendor-crypto/heimdal/dist/lib/krb5/krb524_convert_creds_kdc.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb524_convert_creds_kdc.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb524_convert_creds_kdc.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,86 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb524_convert_creds_kdc.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd March 20, 2004
+.Dt KRB524_CONVERT_CREDS_KDC 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb524_convert_creds_kdc ,
+.Nm krb524_convert_creds_kdc_ccache
+.Nd converts Kerberos 5 credentials to Kerberos 4 credentials
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb524_convert_creds_kdc
+.Fa "krb5_context context"
+.Fa "krb5_creds *in_cred"
+.Fa "struct credentials *v4creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb524_convert_creds_kdc_ccache
+.Fa "krb5_context context"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *in_cred"
+.Fa "struct credentials *v4creds"
+.Fc
+.Sh DESCRIPTION
+Convert the Kerberos 5 credential to Kerberos 4 credential.
+This is done by sending them to the 524 service in the KDC.
+.Pp
+.Fn krb524_convert_creds_kdc
+converts the Kerberos 5 credential in
+.Fa in_cred
+to Kerberos 4 credential that is stored in
+.Fa credentials .
+.Pp
+.Fn krb524_convert_creds_kdc_ccache
+is diffrent from
+.Fn krb524_convert_creds_kdc
+in that way that if
+.Fa in_cred
+doesn't contain a DES session key, then a new one is fetched from the
+KDC and stored in the cred cache
+.Fa ccache ,
+and then the KDC is queried to convert the credential.
+.Pp
+This interfaces are used to make the migration to Kerberos 5 from
+Kerberos 4 easier.
+There are few services that still need Kerberos 4, and this is mainly
+for compatibility for those services.
+Some services, like AFS, really have Kerberos 5 supports, but still
+uses the 524 interface to make the migration easier.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_425_conv_principal.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_425_conv_principal.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_425_conv_principal.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,224 @@
+.\" Copyright (c) 1997-2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_425_conv_principal.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd September 3, 2003
+.Dt KRB5_425_CONV_PRINCIPAL 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_425_conv_principal ,
+.Nm krb5_425_conv_principal_ext ,
+.Nm krb5_524_conv_principal
+.Nd converts to and from version 4 principals
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal"
+.Ft krb5_error_code
+.Fn krb5_425_conv_principal_ext "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_boolean (*func)(krb5_context, krb5_principal)" "krb5_boolean resolve" "krb5_principal *principal"
+.Ft krb5_error_code
+.Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm"
+.Sh DESCRIPTION
+Converting between version 4 and version 5 principals can at best be
+described as a mess.
+.Pp
+A version 4 principal consists of a name, an instance, and a realm. A
+version 5 principal consists of one or more components, and a
+realm. In some cases also the first component/name will differ between
+version 4 and version 5. Furthermore the second component of a host
+principal will be the fully qualified domain name of the host in
+question, while the instance of a version 4 principal will only
+contain the first part (short hostname). Because of these problems
+the conversion between principals will have to be site customized.
+.Pp
+.Fn krb5_425_conv_principal_ext
+will try to convert a version 4 principal, given by
+.Fa name ,
+.Fa instance ,
+and
+.Fa realm ,
+to a version 5 principal. This can result in several possible
+principals, and if
+.Fa func
+is non-NULL, it will be called for each candidate principal.
+.Fa func
+should return true if the principal was
+.Dq good .
+To accomplish this,
+.Fn krb5_425_conv_principal_ext
+will look up the name in
+.Pa krb5.conf .
+It first looks in the
+.Li v4_name_convert/host
+subsection, which should contain a list of version 4 names whose
+instance should be treated as a hostname. This list can be specified
+for each realm (in the
+.Li realms
+section), or in the
+.Li libdefaults
+section. If the name is found the resulting name of the principal
+will be the value of this binding. The instance is then first looked
+up in
+.Li v4_instance_convert
+for the specified realm. If found the resulting value will be used as
+instance (this can be used for special cases), no further attempts
+will be made to find a conversion if this fails (with
+.Fa func ) .
+If the
+.Fa resolve
+parameter is true, the instance will be looked up with
+.Fn gethostbyname .
+This can be a time consuming, error prone, and unsafe operation. Next
+a list of hostnames will be created from the instance and the
+.Li v4_domains
+variable, which should contain a list of possible domains for the
+specific realm.
+.Pp
+On the other hand, if the name is not found in a
+.Li host
+section, it is looked up in a
+.Li v4_name_convert/plain
+binding. If found here the name will be converted, but the instance
+will be untouched.
+.Pp
+This list of default host-type conversions is compiled-in:
+.Bd -literal -offset indent
+v4_name_convert = {
+ host = {
+ ftp = ftp
+ hprop = hprop
+ imap = imap
+ pop = pop
+ rcmd = host
+ smtp = smtp
+ }
+}
+.Ed
+.Pp
+It will only be used if there isn't an entry for these names in the
+config file, so you can override these defaults.
+.Pp
+.Fn krb5_425_conv_principal
+will call
+.Fn krb5_425_conv_principal_ext
+with
+.Dv NULL
+as
+.Fa func ,
+and the value of
+.Li v4_instance_resolve
+(from the
+.Li libdefaults
+section) as
+.Fa resolve .
+.Pp
+.Fn krb5_524_conv_principal
+basically does the opposite of
+.Fn krb5_425_conv_principal ,
+it just doesn't have to look up any names, but will instead truncate
+instances found to belong to a host principal. The
+.Fa name ,
+.Fa instance ,
+and
+.Fa realm
+should be at least 40 characters long.
+.Sh EXAMPLES
+Since this is confusing an example is in place.
+.Pp
+Assume that we have the
+.Dq foo.com ,
+and
+.Dq bar.com
+domains that have shared a single version 4 realm, FOO.COM. The version 4
+.Pa krb.realms
+file looked like:
+.Bd -literal -offset indent
+foo.com FOO.COM
+\&.foo.com FOO.COM
+\&.bar.com FOO.COM
+.Ed
+.Pp
+A
+.Pa krb5.conf
+file that covers this case might look like:
+.Bd -literal -offset indent
+[libdefaults]
+ v4_instance_resolve = yes
+[realms]
+ FOO.COM = {
+ kdc = kerberos.foo.com
+ v4_instance_convert = {
+ foo = foo.com
+ }
+ v4_domains = foo.com
+ }
+.Ed
+.Pp
+With this setup and the following host table:
+.Bd -literal -offset indent
+foo.com
+a-host.foo.com
+b-host.bar.com
+.Ed
+the following conversions will be made:
+.Bd -literal -offset indent
+rcmd.a-host -\*(Gt host/a-host.foo.com
+ftp.b-host -\*(Gt ftp/b-host.bar.com
+pop.foo -\*(Gt pop/foo.com
+ftp.other -\*(Gt ftp/other.foo.com
+other.a-host -\*(Gt other/a-host
+.Ed
+.Pp
+The first three are what you expect. If you remove the
+.Dq v4_domains ,
+the fourth entry will result in an error (since the host
+.Dq other
+can't be found). Even if
+.Dq a-host
+is a valid host name, the last entry will not be converted, since the
+.Dq other
+name is not known to represent a host-type principal.
+If you turn off
+.Dq v4_instance_resolve
+the second example will result in
+.Dq ftp/b-host.foo.com
+(because of the default domain). And all of this is of course only
+valid if you have working name resolving.
+.Sh SEE ALSO
+.Xr krb5_build_principal 3 ,
+.Xr krb5_free_principal 3 ,
+.Xr krb5_parse_name 3 ,
+.Xr krb5_sname_to_principal 3 ,
+.Xr krb5_unparse_name 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_acl_match_file.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_acl_match_file.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_acl_match_file.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,111 @@
+.\" Copyright (c) 2004, 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_acl_match_file.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 12, 2006
+.Dt KRB5_ACL_MATCH_FILE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_acl_match_file ,
+.Nm krb5_acl_match_string
+.Nd ACL matching functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.Ft krb5_error_code
+.Fo krb5_acl_match_file
+.Fa "krb5_context context"
+.Fa "const char *file"
+.Fa "const char *format"
+.Fa "..."
+.Fc
+.Ft krb5_error_code
+.Fo krb5_acl_match_string
+.Fa "krb5_context context"
+.Fa "const char *string"
+.Fa "const char *format"
+.Fa "..."
+.Fc
+.Sh DESCRIPTION
+.Nm krb5_acl_match_file
+matches ACL format against each line in a file.
+Lines starting with # are treated like comments and ignored.
+.Pp
+.Nm krb5_acl_match_string
+matches ACL format against a string.
+.Pp
+The ACL format has three format specifiers: s, f, and r.
+Each specifier will retrieve one argument from the variable arguments
+for either matching or storing data.
+The input string is split up using " " and "\et" as a delimiter; multiple
+" " and "\et" in a row are considered to be the same.
+.Pp
+.Bl -tag -width "fXX" -offset indent
+.It s
+Matches a string using
+.Xr strcmp 3
+(case sensitive).
+.It f
+Matches the string with
+.Xr fnmatch 3 .
+The
+.Fa flags
+argument (the last argument) passed to the fnmatch function is 0.
+.It r
+Returns a copy of the string in the char ** passed in; the copy must be
+freed with
+.Xr free 3 .
+There is no need to
+.Xr free 3
+the string on error: the function will clean up and set the pointer to
+.Dv NULL .
+.El
+.Pp
+All unknown format specifiers cause an error.
+.Sh EXAMPLES
+.Bd -literal -offset indent
+char *s;
+
+ret = krb5_acl_match_string(context, "foo", "s", "foo");
+if (ret)
+ krb5_errx(context, 1, "acl didn't match");
+ret = krb5_acl_match_string(context, "foo foo baz/kaka",
+ "ss", "foo", &s, "foo/*");
+if (ret) {
+ /* no need to free(s) on error */
+ assert(s == NULL);
+ krb5_errx(context, 1, "acl didn't match");
+}
+free(s);
+.Ed
+.Sh SEE ALSO
+.Xr krb5 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_address.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_address.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_address.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,359 @@
+.\" Copyright (c) 2003, 2005 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_address.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_ADDRESS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_address ,
+.Nm krb5_addresses ,
+.Nm krb5_sockaddr2address ,
+.Nm krb5_sockaddr2port ,
+.Nm krb5_addr2sockaddr ,
+.Nm krb5_max_sockaddr_size ,
+.Nm krb5_sockaddr_uninteresting ,
+.Nm krb5_h_addr2sockaddr ,
+.Nm krb5_h_addr2addr ,
+.Nm krb5_anyaddr ,
+.Nm krb5_print_address ,
+.Nm krb5_parse_address ,
+.Nm krb5_address_order ,
+.Nm krb5_address_compare ,
+.Nm krb5_address_search ,
+.Nm krb5_free_address ,
+.Nm krb5_free_addresses ,
+.Nm krb5_copy_address ,
+.Nm krb5_copy_addresses ,
+.Nm krb5_append_addresses ,
+.Nm krb5_make_addrport
+.Nd mange addresses in Kerberos
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fo krb5_sockaddr2address
+.Fa "krb5_context context"
+.Fa "const struct sockaddr *sa"
+.Fa "krb5_address *addr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_sockaddr2port
+.Fa "krb5_context context"
+.Fa "const struct sockaddr *sa"
+.Fa "int16_t *port"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_addr2sockaddr
+.Fa "krb5_context context"
+.Fa "const krb5_address *addr"
+.Fa "struct sockaddr *sa"
+.Fa "krb5_socklen_t *sa_size"
+.Fa "int port"
+.Fc
+.Ft size_t
+.Fo krb5_max_sockaddr_size
+.Fa "void"
+.Fc
+.Ft "krb5_boolean"
+.Fo krb5_sockaddr_uninteresting
+.Fa "const struct sockaddr *sa"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_h_addr2sockaddr
+.Fa "krb5_context context"
+.Fa "int af"
+.Fa "const char *addr"
+.Fa "struct sockaddr *sa"
+.Fa "krb5_socklen_t *sa_size"
+.Fa "int port"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_h_addr2addr
+.Fa "krb5_context context"
+.Fa "int af"
+.Fa "const char *haddr"
+.Fa "krb5_address *addr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_anyaddr
+.Fa "krb5_context context"
+.Fa "int af"
+.Fa "struct sockaddr *sa"
+.Fa "krb5_socklen_t *sa_size"
+.Fa "int port"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_print_address
+.Fa "const krb5_address *addr"
+.Fa "char *str"
+.Fa "size_t len"
+.Fa "size_t *ret_len"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_parse_address
+.Fa "krb5_context context"
+.Fa "const char *string"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft int
+.Fo "krb5_address_order"
+.Fa "krb5_context context"
+.Fa "const krb5_address *addr1"
+.Fa "const krb5_address *addr2"
+.Fc
+.Ft "krb5_boolean"
+.Fo krb5_address_compare
+.Fa "krb5_context context"
+.Fa "const krb5_address *addr1"
+.Fa "const krb5_address *addr2"
+.Fc
+.Ft "krb5_boolean"
+.Fo krb5_address_search
+.Fa "krb5_context context"
+.Fa "const krb5_address *addr"
+.Fa "const krb5_addresses *addrlist"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_address
+.Fa "krb5_context context"
+.Fa "krb5_address *address"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_addresses
+.Fa "krb5_context context"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_address
+.Fa "krb5_context context"
+.Fa "const krb5_address *inaddr"
+.Fa "krb5_address *outaddr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_addresses
+.Fa "krb5_context context"
+.Fa "const krb5_addresses *inaddr"
+.Fa "krb5_addresses *outaddr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_append_addresses
+.Fa "krb5_context context"
+.Fa "krb5_addresses *dest"
+.Fa "const krb5_addresses *source"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_make_addrport
+.Fa "krb5_context context"
+.Fa "krb5_address **res"
+.Fa "const krb5_address *addr"
+.Fa "int16_t port"
+.Fc
+.Sh DESCRIPTION
+The
+.Li krb5_address
+structure holds a address that can be used in Kerberos API
+calls. There are help functions to set and extract address information
+of the address.
+.Pp
+The
+.Li krb5_addresses
+structure holds a set of krb5_address:es.
+.Pp
+.Fn krb5_sockaddr2address
+stores a address a
+.Li "struct sockaddr"
+.Fa sa
+in the krb5_address
+.Fa addr .
+.Pp
+.Fn krb5_sockaddr2port
+extracts a
+.Fa port
+(if possible) from a
+.Li "struct sockaddr"
+.Fa sa .
+.Pp
+.Fn krb5_addr2sockaddr
+sets the
+struct sockaddr
+.Fa sockaddr
+from
+.Fa addr
+and
+.Fa port .
+The argument
+.Fa sa_size
+should initially contain the size of the
+.Fa sa ,
+and after the call, it will contain the actual length of the address.
+.Pp
+.Fn krb5_max_sockaddr_size
+returns the max size of the
+.Li struct sockaddr
+that the Kerberos library will return.
+.Pp
+.Fn krb5_sockaddr_uninteresting
+returns
+.Dv TRUE
+for all
+.Fa sa
+that the kerberos library thinks are uninteresting.
+One example are link local addresses.
+.Pp
+.Fn krb5_h_addr2sockaddr
+initializes a
+.Li "struct sockaddr"
+.Fa sa
+from
+.Fa af
+and the
+.Li "struct hostent"
+(see
+.Xr gethostbyname 3 )
+.Fa h_addr_list
+component.
+The argument
+.Fa sa_size
+should initially contain the size of the
+.Fa sa ,
+and after the call, it will contain the actual length of the address.
+.Pp
+.Fn krb5_h_addr2addr
+works like
+.Fn krb5_h_addr2sockaddr
+with the exception that it operates on a
+.Li krb5_address
+instead of a
+.Li struct sockaddr .
+.Pp
+.Fn krb5_anyaddr
+fills in a
+.Li "struct sockaddr"
+.Fa sa
+that can be used to
+.Xr bind 2
+to.
+The argument
+.Fa sa_size
+should initially contain the size of the
+.Fa sa ,
+and after the call, it will contain the actual length of the address.
+.Pp
+.Fn krb5_print_address
+prints the address in
+.Fa addr
+to the string
+.Fa string
+that have the length
+.Fa len .
+If
+.Fa ret_len
+is not
+.Dv NULL ,
+it will be filled with the length of the string if size were unlimited (not
+including the final
+.Ql \e0 ) .
+.Pp
+.Fn krb5_parse_address
+Returns the resolved hostname in
+.Fa string
+to the
+.Li krb5_addresses
+.Fa addresses .
+.Pp
+.Fn krb5_address_order
+compares the addresses
+.Fa addr1
+and
+.Fa addr2
+so that it can be used for sorting addresses. If the addresses are the
+same address
+.Fa krb5_address_order
+will return 0.
+.Pp
+.Fn krb5_address_compare
+compares the addresses
+.Fa addr1
+and
+.Fa addr2 .
+Returns
+.Dv TRUE
+if the two addresses are the same.
+.Pp
+.Fn krb5_address_search
+checks if the address
+.Fa addr
+is a member of the address set list
+.Fa addrlist .
+.Pp
+.Fn krb5_free_address
+frees the data stored in the
+.Fa address
+that is alloced with any of the krb5_address functions.
+.Pp
+.Fn krb5_free_addresses
+frees the data stored in the
+.Fa addresses
+that is alloced with any of the krb5_address functions.
+.Pp
+.Fn krb5_copy_address
+copies the content of address
+.Fa inaddr
+to
+.Fa outaddr .
+.Pp
+.Fn krb5_copy_addresses
+copies the content of the address list
+.Fa inaddr
+to
+.Fa outaddr .
+.Pp
+.Fn krb5_append_addresses
+adds the set of addresses in
+.Fa source
+to
+.Fa dest .
+While copying the addresses, duplicates are also sorted out.
+.Pp
+.Fn krb5_make_addrport
+allocates and creates an
+krb5_address in
+.Fa res
+of type KRB5_ADDRESS_ADDRPORT from
+.Fa ( addr , port ) .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_aname_to_localname.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_aname_to_localname.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_aname_to_localname.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_aname_to_localname.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd February 18, 2006
+.Dt KRB5_ANAME_TO_LOCALNAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_aname_to_localname
+.Nd converts a principal to a system local name
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_boolean
+.Fo krb5_aname_to_localname
+.Fa "krb5_context context"
+.Fa "krb5_const_principal name"
+.Fa "size_t lnsize"
+.Fa "char *lname"
+.Fc
+.Sh DESCRIPTION
+This function takes a principal
+.Fa name ,
+verifies that it is in the local realm (using
+.Fn krb5_get_default_realms )
+and then returns the local name of the principal.
+.Pp
+If
+.Fa name
+isn't in one of the local realms an error is returned.
+.Pp
+If the size
+.Fa ( lnsize )
+of the local name
+.Fa ( lname )
+is too small, an error is returned.
+.Pp
+.Fn krb5_aname_to_localname
+should only be use by an application that implements protocols that
+don't transport the login name and thus needs to convert a principal
+to a local name.
+.Pp
+Protocols should be designed so that they authenticate using
+Kerberos, send over the login name and then verify the principal
+that is authenticated is allowed to login and the login name.
+A way to check if a user is allowed to login is using the function
+.Fn krb5_kuserok .
+.Sh SEE ALSO
+.Xr krb5_get_default_realms 3 ,
+.Xr krb5_kuserok 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_appdefault.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_appdefault.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_appdefault.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,88 @@
+.\" Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_appdefault.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd July 25, 2000
+.Dt KRB5_APPDEFAULT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_appdefault_boolean ,
+.Nm krb5_appdefault_string ,
+.Nm krb5_appdefault_time
+.Nd get application configuration value
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft void
+.Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val"
+.Ft void
+.Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val"
+.Ft void
+.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
+.Sh DESCRIPTION
+These functions get application defaults from the
+.Dv appdefaults
+section of the
+.Xr krb5.conf 5
+configuration file. These defaults can be specified per application,
+and/or per realm.
+.Pp
+These values will be looked for in
+.Xr krb5.conf 5 ,
+in order of descending importance.
+.Bd -literal -offset indent
+[appdefaults]
+ appname = {
+ realm = {
+ option = value
+ }
+ }
+ appname = {
+ option = value
+ }
+ realm = {
+ option = value
+ }
+ option = value
+.Ed
+.Fa appname
+is the name of the application, and
+.Fa realm
+is the realm name. If the realm is omitted it will not be used for
+resolving values.
+.Fa def_val
+is the value to return if no value is found in
+.Xr krb5.conf 5 .
+.Sh SEE ALSO
+.Xr krb5_config 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_auth_context.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_auth_context.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_auth_context.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,395 @@
+.\" Copyright (c) 2001 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_auth_context.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 17, 2005
+.Dt KRB5_AUTH_CONTEXT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_auth_con_addflags ,
+.Nm krb5_auth_con_free ,
+.Nm krb5_auth_con_genaddrs ,
+.Nm krb5_auth_con_generatelocalsubkey ,
+.Nm krb5_auth_con_getaddrs ,
+.Nm krb5_auth_con_getauthenticator ,
+.Nm krb5_auth_con_getflags ,
+.Nm krb5_auth_con_getkey ,
+.Nm krb5_auth_con_getlocalsubkey ,
+.Nm krb5_auth_con_getrcache ,
+.Nm krb5_auth_con_getremotesubkey ,
+.Nm krb5_auth_con_getuserkey ,
+.Nm krb5_auth_con_init ,
+.Nm krb5_auth_con_initivector ,
+.Nm krb5_auth_con_removeflags ,
+.Nm krb5_auth_con_setaddrs ,
+.Nm krb5_auth_con_setaddrs_from_fd ,
+.Nm krb5_auth_con_setflags ,
+.Nm krb5_auth_con_setivector ,
+.Nm krb5_auth_con_setkey ,
+.Nm krb5_auth_con_setlocalsubkey ,
+.Nm krb5_auth_con_setrcache ,
+.Nm krb5_auth_con_setremotesubkey ,
+.Nm krb5_auth_con_setuserkey ,
+.Nm krb5_auth_context ,
+.Nm krb5_auth_getcksumtype ,
+.Nm krb5_auth_getkeytype ,
+.Nm krb5_auth_getlocalseqnumber ,
+.Nm krb5_auth_getremoteseqnumber ,
+.Nm krb5_auth_setcksumtype ,
+.Nm krb5_auth_setkeytype ,
+.Nm krb5_auth_setlocalseqnumber ,
+.Nm krb5_auth_setremoteseqnumber ,
+.Nm krb5_free_authenticator
+.Nd manage authentication on connection level
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_auth_con_init
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fc
+.Ft void
+.Fo krb5_auth_con_free
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t *flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_addflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t addflags"
+.Fa "int32_t *flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_removeflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t removelags"
+.Fa "int32_t *flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setaddrs
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_address *local_addr"
+.Fa "krb5_address *remote_addr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getaddrs
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_address **local_addr"
+.Fa "krb5_address **remote_addr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_genaddrs
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int fd"
+.Fa "int flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setaddrs_from_fd
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "void *p_fd"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_keyblock **keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getlocalsubkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_keyblock **keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getremotesubkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_keyblock **keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_generatelocalsubkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_initivector
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setivector
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fa "krb5_pointer ivector"
+.Fc
+.Ft void
+.Fo krb5_free_authenticator
+.Fa "krb5_context context"
+.Fa "krb5_authenticator *authenticator"
+.Fc
+.Sh DESCRIPTION
+The
+.Nm krb5_auth_context
+structure holds all context related to an authenticated connection, in
+a similar way to
+.Nm krb5_context
+that holds the context for the thread or process.
+.Nm krb5_auth_context
+is used by various functions that are directly related to
+authentication between the server/client. Example of data that this
+structure contains are various flags, addresses of client and server,
+port numbers, keyblocks (and subkeys), sequence numbers, replay cache,
+and checksum-type.
+.Pp
+.Fn krb5_auth_con_init
+allocates and initializes the
+.Nm krb5_auth_context
+structure. Default values can be changed with
+.Fn krb5_auth_con_setcksumtype
+and
+.Fn krb5_auth_con_setflags .
+The
+.Nm auth_context
+structure must be freed by
+.Fn krb5_auth_con_free .
+.Pp
+.Fn krb5_auth_con_getflags ,
+.Fn krb5_auth_con_setflags ,
+.Fn krb5_auth_con_addflags
+and
+.Fn krb5_auth_con_removeflags
+gets and modifies the flags for a
+.Nm krb5_auth_context
+structure. Possible flags to set are:
+.Bl -tag -width Ds
+.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
+Generate and check sequence-number on each packet.
+.It Dv KRB5_AUTH_CONTEXT_DO_TIME
+Check timestamp on incoming packets.
+.It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE , Dv KRB5_AUTH_CONTEXT_RET_TIME
+Return sequence numbers and time stamps in the outdata parameters.
+.It Dv KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
+will force
+.Fn krb5_get_forwarded_creds
+and
+.Fn krb5_fwd_tgt_creds
+to create unencrypted )
+.Dv ENCTYPE_NULL )
+credentials.
+This is for use with old MIT server and JAVA based servers as
+they can't handle encrypted
+.Dv KRB-CRED .
+Note that sending such
+.Dv KRB-CRED
+is clear exposes crypto keys and tickets and is insecure,
+make sure the packet is encrypted in the protocol.
+.Xr krb5_rd_cred 3 ,
+.Xr krb5_rd_priv 3 ,
+.Xr krb5_rd_safe 3 ,
+.Xr krb5_mk_priv 3
+and
+.Xr krb5_mk_safe 3 .
+Setting this flag requires that parameter to be passed to these
+functions.
+.Pp
+The flags
+.Dv KRB5_AUTH_CONTEXT_DO_TIME
+also modifies the behavior the function
+.Fn krb5_get_forwarded_creds
+by removing the timestamp in the forward credential message, this have
+backward compatibility problems since not all versions of the heimdal
+supports timeless credentional messages.
+Is very useful since it always the sender of the message to cache
+forward message and thus avoiding a round trip to the KDC for each
+time a credential is forwarded.
+The same functionality can be obtained by using address-less tickets.
+.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
+.El
+.Pp
+.Fn krb5_auth_con_setaddrs ,
+.Fn krb5_auth_con_setaddrs_from_fd
+and
+.Fn krb5_auth_con_getaddrs
+gets and sets the addresses that are checked when a packet is received.
+It is mandatory to set an address for the remote
+host. If the local address is not set, it iss deduced from the underlaying
+operating system.
+.Fn krb5_auth_con_getaddrs
+will call
+.Fn krb5_free_address
+on any address that is passed in
+.Fa local_addr
+or
+.Fa remote_addr .
+.Fn krb5_auth_con_setaddr
+allows passing in a
+.Dv NULL
+pointer as
+.Fa local_addr
+and
+.Fa remote_addr ,
+in that case it will just not set that address.
+.Pp
+.Fn krb5_auth_con_setaddrs_from_fd
+fetches the addresses from a file descriptor.
+.Pp
+.Fn krb5_auth_con_genaddrs
+fetches the address information from the given file descriptor
+.Fa fd
+depending on the bitmap argument
+.Fa flags .
+.Pp
+Possible values on
+.Fa flags
+are:
+.Bl -tag -width Ds
+.It Va KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
+fetches the local address from
+.Fa fd .
+.It Va KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
+fetches the remote address from
+.Fa fd .
+.El
+.Pp
+.Fn krb5_auth_con_setkey ,
+.Fn krb5_auth_con_setuserkey
+and
+.Fn krb5_auth_con_getkey
+gets and sets the key used for this auth context. The keyblock returned by
+.Fn krb5_auth_con_getkey
+should be freed with
+.Fn krb5_free_keyblock .
+The keyblock send into
+.Fn krb5_auth_con_setkey
+is copied into the
+.Nm krb5_auth_context ,
+and thus no special handling is needed.
+.Dv NULL
+is not a valid keyblock to
+.Fn krb5_auth_con_setkey .
+.Pp
+.Fn krb5_auth_con_setuserkey
+is only useful when doing user to user authentication.
+.Fn krb5_auth_con_setkey
+is equivalent to
+.Fn krb5_auth_con_setuserkey .
+.Pp
+.Fn krb5_auth_con_getlocalsubkey ,
+.Fn krb5_auth_con_setlocalsubkey ,
+.Fn krb5_auth_con_getremotesubkey
+and
+.Fn krb5_auth_con_setremotesubkey
+gets and sets the keyblock for the local and remote subkey.
+The keyblock returned by
+.Fn krb5_auth_con_getlocalsubkey
+and
+.Fn krb5_auth_con_getremotesubkey
+must be freed with
+.Fn krb5_free_keyblock .
+.Pp
+.Fn krb5_auth_setcksumtype
+and
+.Fn krb5_auth_getcksumtype
+sets and gets the checksum type that should be used for this
+connection.
+.Pp
+.Fn krb5_auth_con_generatelocalsubkey
+generates a local subkey that have the same encryption type as
+.Fa key .
+.Pp
+.Fn krb5_auth_getremoteseqnumber
+.Fn krb5_auth_setremoteseqnumber ,
+.Fn krb5_auth_getlocalseqnumber
+and
+.Fn krb5_auth_setlocalseqnumber
+gets and sets the sequence-number for the local and remote
+sequence-number counter.
+.Pp
+.Fn krb5_auth_setkeytype
+and
+.Fn krb5_auth_getkeytype
+gets and gets the keytype of the keyblock in
+.Nm krb5_auth_context .
+.Pp
+.Fn krb5_auth_con_getauthenticator
+Retrieves the authenticator that was used during mutual
+authentication. The
+.Dv authenticator
+returned should be freed by calling
+.Fn krb5_free_authenticator .
+.Pp
+.Fn krb5_auth_con_getrcache
+and
+.Fn krb5_auth_con_setrcache
+gets and sets the replay-cache.
+.Pp
+.Fn krb5_auth_con_initivector
+allocates memory for and zeros the initial vector in the
+.Fa auth_context
+keyblock.
+.Pp
+.Fn krb5_auth_con_setivector
+sets the i_vector portion of
+.Fa auth_context
+to
+.Fa ivector .
+.Pp
+.Fn krb5_free_authenticator
+free the content of
+.Fa authenticator
+and
+.Fa authenticator
+itself.
+.Sh SEE ALSO
+.Xr krb5_context 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_c_make_checksum.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_c_make_checksum.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_c_make_checksum.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,297 @@
+.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_c_make_checksum.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd Nov 17, 2006
+.Dt KRB5_C_MAKE_CHECKSUM 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_c_block_size ,
+.Nm krb5_c_decrypt ,
+.Nm krb5_c_encrypt ,
+.Nm krb5_c_encrypt_length ,
+.Nm krb5_c_enctype_compare ,
+.Nm krb5_c_get_checksum ,
+.Nm krb5_c_is_coll_proof_cksum ,
+.Nm krb5_c_is_keyed_cksum ,
+.Nm krb5_c_keylength ,
+.Nm krb5_c_make_checksum ,
+.Nm krb5_c_make_random_key ,
+.Nm krb5_c_set_checksum ,
+.Nm krb5_c_valid_cksumtype ,
+.Nm krb5_c_valid_enctype ,
+.Nm krb5_c_verify_checksum ,
+.Nm krb5_c_checksum_length
+.Nd Kerberos 5 crypto API
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fo krb5_c_block_size
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "size_t *blocksize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_decrypt
+.Fa "krb5_context context"
+.Fa "const krb5_keyblock key"
+.Fa "krb5_keyusage usage"
+.Fa "const krb5_data *ivec"
+.Fa "krb5_enc_data *input"
+.Fa "krb5_data *output"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_encrypt
+.Fa "krb5_context context"
+.Fa "const krb5_keyblock *key"
+.Fa "krb5_keyusage usage"
+.Fa "const krb5_data *ivec"
+.Fa "const krb5_data *input"
+.Fa "krb5_enc_data *output"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_encrypt_length
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "size_t inputlen"
+.Fa "size_t *length"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_enctype_compare
+.Fa "krb5_context context"
+.Fa "krb5_enctype e1"
+.Fa "krb5_enctype e2"
+.Fa "krb5_boolean *similar"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_make_random_key
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keyblock *random_key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_make_checksum
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype cksumtype"
+.Fa "const krb5_keyblock *key"
+.Fa "krb5_keyusage usage"
+.Fa "const krb5_data *input"
+.Fa "krb5_checksum *cksum"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_verify_checksum
+.Fa "krb5_context context
+.Fa "const krb5_keyblock *key"
+.Fa "krb5_keyusage usage"
+.Fa "const krb5_data *data"
+.Fa "const krb5_checksum *cksum"
+.Fa "krb5_boolean *valid"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_checksum_length
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype cksumtype"
+.Fa "size_t *length"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_get_checksum
+.Fa "krb5_context context"
+.Fa "const krb5_checksum *cksum"
+.Fa "krb5_cksumtype *type"
+.Fa "krb5_data **data"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_set_checksum
+.Fa "krb5_context context"
+.Fa "krb5_checksum *cksum"
+.Fa "krb5_cksumtype type"
+.Fa "const krb5_data *data"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_c_valid_enctype
+.Fa krb5_enctype etype"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_c_valid_cksumtype
+.Fa "krb5_cksumtype ctype"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_c_is_coll_proof_cksum
+.Fa "krb5_cksumtype ctype"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_c_is_keyed_cksum
+.Fa "krb5_cksumtype ctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_c_keylengths
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "size_t *inlength"
+.Fa "size_t *keylength"
+.Fc
+.Sh DESCRIPTION
+The functions starting with krb5_c are compat functions with MIT kerberos.
+.Pp
+The
+.Li krb5_enc_data
+structure holds and encrypted data.
+There are two public accessable members of
+.Li krb5_enc_data .
+.Li enctype
+that holds the encryption type of the data encrypted and
+.Li ciphertext
+that is a
+.Ft krb5_data
+that might contain the encrypted data.
+.Pp
+.Fn krb5_c_block_size
+returns the blocksize of the encryption type.
+.Pp
+.Fn krb5_c_decrypt
+decrypts
+.Fa input
+and store the data in
+.Fa output.
+If
+.Fa ivec
+is
+.Dv NULL
+the default initialization vector for that encryption type will be used.
+.Pp
+.Fn krb5_c_encrypt
+encrypts the plaintext in
+.Fa input
+and store the ciphertext in
+.Fa output .
+.Pp
+.Fn krb5_c_encrypt_length
+returns the length the encrypted data given the plaintext length.
+.Pp
+.Fn krb5_c_enctype_compare
+compares to encryption types and returns if they use compatible
+encryption key types.
+.Pp
+.Fn krb5_c_make_checksum
+creates a checksum
+.Fa cksum
+with the checksum type
+.Fa cksumtype
+of the data in
+.Fa data .
+.Fa key
+and
+.Fa usage
+are used if the checksum is a keyed checksum type.
+Returns 0 or an error code.
+.Pp
+.Fn krb5_c_verify_checksum
+verifies the checksum
+of
+.Fa data
+in
+.Fa cksum
+that was created with
+.Fa key
+using the key usage
+.Fa usage .
+.Fa verify
+is set to non-zero if the checksum verifies correctly and zero if not.
+Returns 0 or an error code.
+.Pp
+.Fn krb5_c_checksum_length
+returns the length of the checksum.
+.Pp
+.Fn krb5_c_set_checksum
+sets the
+.Li krb5_checksum
+structure given
+.Fa type
+and
+.Fa data .
+The content of
+.Fa cksum
+should be freeed with
+.Fn krb5_c_free_checksum_contents .
+.Pp
+.Fn krb5_c_get_checksum
+retrieves the components of the
+.Li krb5_checksum .
+structure.
+.Fa data
+should be free with
+.Fn krb5_free_data .
+If some either of
+.Fa data
+or
+.Fa checksum
+is not needed for the application,
+.Dv NULL
+can be passed in.
+.Pp
+.Fn krb5_c_valid_enctype
+returns true if
+.Fa etype
+is a valid encryption type.
+.Pp
+.Fn krb5_c_valid_cksumtype
+returns true if
+.Fa ctype
+is a valid checksum type.
+.Pp
+.Fn krb5_c_is_keyed_cksum
+return true if
+.Fa ctype
+is a keyed checksum type.
+.Pp
+.Fn krb5_c_is_coll_proof_cksum
+returns true if
+.Fa ctype
+is a collition proof checksum type.
+.Pp
+.Fn krb5_c_keylengths
+return the minimum length (
+.Fa inlength )
+bytes needed to create a key and the
+length (
+.Fa keylength )
+of the resulting key
+for the
+.Fa enctype .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_create_checksum 3 ,
+.Xr krb5_free_data 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_ccache.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_ccache.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_ccache.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,517 @@
+.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_ccache.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd October 19, 2005
+.Dt KRB5_CCACHE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_ccache ,
+.Nm krb5_cc_cursor ,
+.Nm krb5_cc_ops ,
+.Nm krb5_fcc_ops ,
+.Nm krb5_mcc_ops ,
+.Nm krb5_cc_clear_mcred ,
+.Nm krb5_cc_close ,
+.Nm krb5_cc_copy_cache ,
+.Nm krb5_cc_default ,
+.Nm krb5_cc_default_name ,
+.Nm krb5_cc_destroy ,
+.Nm krb5_cc_end_seq_get ,
+.Nm krb5_cc_gen_new ,
+.Nm krb5_cc_get_full_name ,
+.Nm krb5_cc_get_name ,
+.Nm krb5_cc_get_ops ,
+.Nm krb5_cc_get_prefix_ops ,
+.Nm krb5_cc_get_principal ,
+.Nm krb5_cc_get_type ,
+.Nm krb5_cc_get_version ,
+.Nm krb5_cc_initialize ,
+.Nm krb5_cc_next_cred ,
+.Nm krb5_cc_next_cred_match ,
+.Nm krb5_cc_new_unique ,
+.Nm krb5_cc_register ,
+.Nm krb5_cc_remove_cred ,
+.Nm krb5_cc_resolve ,
+.Nm krb5_cc_retrieve_cred ,
+.Nm krb5_cc_set_default_name ,
+.Nm krb5_cc_set_flags ,
+.Nm krb5_cc_start_seq_get ,
+.Nm krb5_cc_store_cred
+.Nd mange credential cache
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "struct krb5_ccache;"
+.Pp
+.Li "struct krb5_cc_cursor;"
+.Pp
+.Li "struct krb5_cc_ops;"
+.Pp
+.Li "struct krb5_cc_ops *krb5_fcc_ops;"
+.Pp
+.Li "struct krb5_cc_ops *krb5_mcc_ops;"
+.Pp
+.Ft void
+.Fo krb5_cc_clear_mcred
+.Fa "krb5_creds *mcred"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_close
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_copy_cache
+.Fa "krb5_context context"
+.Fa "const krb5_ccache from"
+.Fa "krb5_ccache to"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_default
+.Fa "krb5_context context"
+.Fa "krb5_ccache *id"
+.Fc
+.Ft "const char *"
+.Fo krb5_cc_default_name
+.Fa "krb5_context context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_destroy
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_end_seq_get
+.Fa "krb5_context context"
+.Fa "const krb5_ccache id"
+.Fa "krb5_cc_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_gen_new
+.Fa "krb5_context context"
+.Fa "const krb5_cc_ops *ops"
+.Fa "krb5_ccache *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_get_full_name
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "char **str"
+.Fc
+.Ft "const char *"
+.Fo krb5_cc_get_name
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_get_principal
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "krb5_principal *principal"
+.Fc
+.Ft "const char *"
+.Fo krb5_cc_get_type
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fc
+.Ft "const krb5_cc_ops *"
+.Fo krb5_cc_get_ops
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fc
+.Ft "const krb5_cc_ops *"
+.Fo krb5_cc_get_prefix_ops
+.Fa "krb5_context context"
+.Fa "const char *prefix"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_get_version
+.Fa "krb5_context context"
+.Fa "const krb5_ccache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_initialize
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "krb5_principal primary_principal"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_register
+.Fa "krb5_context context"
+.Fa "const krb5_cc_ops *ops"
+.Fa "krb5_boolean override"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_resolve
+.Fa "krb5_context context"
+.Fa "const char *name"
+.Fa "krb5_ccache *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_retrieve_cred
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "krb5_flags whichfields"
+.Fa "const krb5_creds *mcreds"
+.Fa "krb5_creds *creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_remove_cred
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "krb5_flags which"
+.Fa "krb5_creds *cred"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_set_default_name
+.Fa "krb5_context context"
+.Fa "const char *name"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_start_seq_get
+.Fa "krb5_context context"
+.Fa "const krb5_ccache id"
+.Fa "krb5_cc_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_store_cred
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "krb5_creds *creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_set_flags
+.Fa "krb5_context context"
+.Fa "krb5_cc_set_flags id"
+.Fa "krb5_flags flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_next_cred
+.Fa "krb5_context context"
+.Fa "const krb5_ccache id"
+.Fa "krb5_cc_cursor *cursor"
+.Fa "krb5_creds *creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_next_cred_match
+.Fa "krb5_context context"
+.Fa "const krb5_ccache id"
+.Fa "krb5_cc_cursor *cursor"
+.Fa "krb5_creds *creds"
+.Fa "krb5_flags whichfields"
+.Fa "const krb5_creds *mcreds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cc_new_unique
+.Fa "krb5_context context"
+.Fa "const char *type"
+.Fa "const char *hint"
+.Fa "krb5_ccache *id"
+.Fc
+.Sh DESCRIPTION
+The
+.Li krb5_ccache
+structure holds a Kerberos credential cache.
+.Pp
+The
+.Li krb5_cc_cursor
+structure holds current position in a credential cache when
+iterating over the cache.
+.Pp
+The
+.Li krb5_cc_ops
+structure holds a set of operations that can me preformed on a
+credential cache.
+.Pp
+There is no component inside
+.Li krb5_ccache ,
+.Li krb5_cc_cursor
+nor
+.Li krb5_fcc_ops
+that is directly referable.
+.Pp
+The
+.Li krb5_creds
+holds a Kerberos credential, see manpage for
+.Xr krb5_creds 3 .
+.Pp
+.Fn krb5_cc_default_name
+and
+.Fn krb5_cc_set_default_name
+gets and sets the default name for the
+.Fa context .
+.Pp
+.Fn krb5_cc_default
+opens the default credential cache in
+.Fa id .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_gen_new
+generates a new credential cache of type
+.Fa ops
+in
+.Fa id .
+Return 0 or an error code.
+The Heimdal version of this function also runs
+.Fn krb5_cc_initialize
+on the credential cache, but since the MIT version doesn't, portable
+code must call krb5_cc_initialize.
+.Pp
+.Fn krb5_cc_new_unique
+generates a new unique credential cache of
+.Fa type
+in
+.Fa id .
+If type is
+.Dv NULL ,
+the library chooses the default credential cache type.
+The supplied
+.Fa hint
+(that can be
+.Dv NULL )
+is a string that the credential cache type can use to base the name of
+the credential on, this is to make it easier for the user to
+differentiate the credentials.
+The returned credential cache
+.Fa id
+should be freed using
+.Fn krb5_cc_close
+or
+.Fn krb5_cc_destroy .
+Returns 0 or an error code.
+.Pp
+.Fn krb5_cc_resolve
+finds and allocates a credential cache in
+.Fa id
+from the specification in
+.Fa residual .
+If the credential cache name doesn't contain any colon (:), interpret it as a
+file name.
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_initialize
+creates a new credential cache in
+.Fa id
+for
+.Fa primary_principal .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_close
+stops using the credential cache
+.Fa id
+and frees the related resources.
+Return 0 or an error code.
+.Fn krb5_cc_destroy
+removes the credential cache
+and closes (by calling
+.Fn krb5_cc_close )
+.Fa id .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_copy_cache
+copys the contents of
+.Fa from
+to
+.Fa to .
+.Pp
+.Fn krb5_cc_get_full_name
+returns the complete resolvable name of the credential cache
+.Fa id
+in
+.Fa str .
+.Fa str
+should be freed with
+.Xr free 3 .
+Returns 0 or an error, on error
+.Fa *str
+is set to
+.Dv NULL .
+.Pp
+.Fn krb5_cc_get_name
+returns the name of the credential cache
+.Fa id .
+.Pp
+.Fn krb5_cc_get_principal
+returns the principal of
+.Fa id
+in
+.Fa principal .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_get_type
+returns the type of the credential cache
+.Fa id .
+.Pp
+.Fn krb5_cc_get_ops
+returns the ops of the credential cache
+.Fa id .
+.Pp
+.Fn krb5_cc_get_version
+returns the version of
+.Fa id .
+.Pp
+.Fn krb5_cc_register
+Adds a new credential cache type with operations
+.Fa ops ,
+overwriting any existing one if
+.Fa override .
+Return an error code or 0.
+.Pp
+.Fn krb5_cc_get_prefix_ops
+Get the cc ops that is registered in
+.Fa context
+to handle the
+.Fa prefix .
+Returns
+.Dv NULL
+if ops not found.
+.Pp
+.Fn krb5_cc_remove_cred
+removes the credential identified by
+.Fa ( cred ,
+.Fa which )
+from
+.Fa id .
+.Pp
+.Fn krb5_cc_store_cred
+stores
+.Fa creds
+in the credential cache
+.Fa id .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_set_flags
+sets the flags of
+.Fa id
+to
+.Fa flags .
+.Pp
+.Fn krb5_cc_clear_mcred
+clears the
+.Fa mcreds
+argument so it is reset and can be used with
+.Fa krb5_cc_retrieve_cred .
+.Pp
+.Fn krb5_cc_retrieve_cred ,
+retrieves the credential identified by
+.Fa mcreds
+(and
+.Fa whichfields )
+from
+.Fa id
+in
+.Fa creds .
+.Fa creds
+should be freed using
+.Fn krb5_free_cred_contents .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_start_seq_get
+initiates the
+.Li krb5_cc_cursor
+structure to be used for iteration over the credential cache.
+.Pp
+.Fn krb5_cc_next_cred
+retrieves the next cred pointed to by
+.Fa ( id ,
+.Fa cursor )
+in
+.Fa creds ,
+and advance
+.Fa cursor .
+Return 0 or an error code.
+.Pp
+.Fn krb5_cc_next_cred_match
+is similar to
+.Fn krb5_cc_next_cred
+except that it will only return creds matching
+.Fa whichfields
+and
+.Fa mcreds
+(as interpreted by
+.Xr krb5_compare_creds 3 . )
+.Pp
+.Fn krb5_cc_end_seq_get
+Destroys the cursor
+.Fa cursor .
+.Sh EXAMPLE
+This is a minimalistic version of
+.Nm klist .
+.Pp
+.Bd -literal
+#include <krb5.h>
+
+int
+main (int argc, char **argv)
+{
+ krb5_context context;
+ krb5_cc_cursor cursor;
+ krb5_error_code ret;
+ krb5_ccache id;
+ krb5_creds creds;
+
+ if (krb5_init_context (&context) != 0)
+ errx(1, "krb5_context");
+
+ ret = krb5_cc_default (context, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_default");
+
+ ret = krb5_cc_start_seq_get(context, id, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
+
+ while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){
+ char *principal;
+
+ krb5_unparse_name_short(context, creds.server, &principal);
+ printf("principal: %s\\n", principal);
+ free(principal);
+ krb5_free_cred_contents (context, &creds);
+ }
+ ret = krb5_cc_end_seq_get(context, id, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
+
+ krb5_cc_close(context, id);
+
+ krb5_free_context(context);
+ return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_ccapi.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_ccapi.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_ccapi.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,230 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb5_ccapi.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef KRB5_CCAPI_H
+#define KRB5_CCAPI_H 1
+
+#include <krb5-types.h>
+
+enum {
+ cc_credentials_v5 = 2
+};
+
+enum {
+ ccapi_version_3 = 3,
+ ccapi_version_4 = 4
+};
+
+enum {
+ ccNoError = 0,
+
+ ccIteratorEnd = 201,
+ ccErrBadParam,
+ ccErrNoMem,
+ ccErrInvalidContext,
+ ccErrInvalidCCache,
+
+ ccErrInvalidString, /* 206 */
+ ccErrInvalidCredentials,
+ ccErrInvalidCCacheIterator,
+ ccErrInvalidCredentialsIterator,
+ ccErrInvalidLock,
+
+ ccErrBadName, /* 211 */
+ ccErrBadCredentialsVersion,
+ ccErrBadAPIVersion,
+ ccErrContextLocked,
+ ccErrContextUnlocked,
+
+ ccErrCCacheLocked, /* 216 */
+ ccErrCCacheUnlocked,
+ ccErrBadLockType,
+ ccErrNeverDefault,
+ ccErrCredentialsNotFound,
+
+ ccErrCCacheNotFound, /* 221 */
+ ccErrContextNotFound,
+ ccErrServerUnavailable,
+ ccErrServerInsecure,
+ ccErrServerCantBecomeUID,
+
+ ccErrTimeOffsetNotSet /* 226 */
+};
+
+typedef int32_t cc_int32;
+typedef uint32_t cc_uint32;
+typedef struct cc_context_t *cc_context_t;
+typedef struct cc_ccache_t *cc_ccache_t;
+typedef struct cc_ccache_iterator_t *cc_ccache_iterator_t;
+typedef struct cc_credentials_v5_t cc_credentials_v5_t;
+typedef struct cc_credentials_t *cc_credentials_t;
+typedef struct cc_credentials_iterator_t *cc_credentials_iterator_t;
+typedef struct cc_string_t *cc_string_t;
+typedef time_t cc_time_t;
+
+typedef struct cc_data {
+ cc_uint32 type;
+ cc_uint32 length;
+ void *data;
+} cc_data;
+
+struct cc_credentials_v5_t {
+ char *client;
+ char *server;
+ cc_data keyblock;
+ cc_time_t authtime;
+ cc_time_t starttime;
+ cc_time_t endtime;
+ cc_time_t renew_till;
+ cc_uint32 is_skey;
+ cc_uint32 ticket_flags;
+#define KRB5_CCAPI_TKT_FLG_FORWARDABLE 0x40000000
+#define KRB5_CCAPI_TKT_FLG_FORWARDED 0x20000000
+#define KRB5_CCAPI_TKT_FLG_PROXIABLE 0x10000000
+#define KRB5_CCAPI_TKT_FLG_PROXY 0x08000000
+#define KRB5_CCAPI_TKT_FLG_MAY_POSTDATE 0x04000000
+#define KRB5_CCAPI_TKT_FLG_POSTDATED 0x02000000
+#define KRB5_CCAPI_TKT_FLG_INVALID 0x01000000
+#define KRB5_CCAPI_TKT_FLG_RENEWABLE 0x00800000
+#define KRB5_CCAPI_TKT_FLG_INITIAL 0x00400000
+#define KRB5_CCAPI_TKT_FLG_PRE_AUTH 0x00200000
+#define KRB5_CCAPI_TKT_FLG_HW_AUTH 0x00100000
+#define KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
+#define KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE 0x00040000
+#define KRB5_CCAPI_TKT_FLG_ANONYMOUS 0x00020000
+ cc_data **addresses;
+ cc_data ticket;
+ cc_data second_ticket;
+ cc_data **authdata;
+};
+
+
+typedef struct cc_string_functions {
+ cc_int32 (*release)(cc_string_t);
+} cc_string_functions;
+
+struct cc_string_t {
+ const char *data;
+ const cc_string_functions *func;
+};
+
+typedef struct cc_credentials_union {
+ cc_int32 version;
+ union {
+ cc_credentials_v5_t* credentials_v5;
+ } credentials;
+} cc_credentials_union;
+
+struct cc_credentials_functions {
+ cc_int32 (*release)(cc_credentials_t);
+ cc_int32 (*compare)(cc_credentials_t, cc_credentials_t, cc_uint32*);
+};
+
+struct cc_credentials_t {
+ const cc_credentials_union* data;
+ const struct cc_credentials_functions* func;
+};
+
+struct cc_credentials_iterator_functions {
+ cc_int32 (*release)(cc_credentials_iterator_t);
+ cc_int32 (*next)(cc_credentials_iterator_t, cc_credentials_t*);
+};
+
+struct cc_credentials_iterator_t {
+ const struct cc_credentials_iterator_functions *func;
+};
+
+struct cc_ccache_iterator_functions {
+ cc_int32 (*release) (cc_ccache_iterator_t);
+ cc_int32 (*next)(cc_ccache_iterator_t, cc_ccache_t*);
+};
+
+struct cc_ccache_iterator_t {
+ const struct cc_ccache_iterator_functions* func;
+};
+
+typedef struct cc_ccache_functions {
+ cc_int32 (*release)(cc_ccache_t);
+ cc_int32 (*destroy)(cc_ccache_t);
+ cc_int32 (*set_default)(cc_ccache_t);
+ cc_int32 (*get_credentials_version)(cc_ccache_t, cc_uint32*);
+ cc_int32 (*get_name)(cc_ccache_t, cc_string_t*);
+ cc_int32 (*get_principal)(cc_ccache_t, cc_uint32, cc_string_t*);
+ cc_int32 (*set_principal)(cc_ccache_t, cc_uint32, const char*);
+ cc_int32 (*store_credentials)(cc_ccache_t, const cc_credentials_union*);
+ cc_int32 (*remove_credentials)(cc_ccache_t, cc_credentials_t);
+ cc_int32 (*new_credentials_iterator)(cc_ccache_t,
+ cc_credentials_iterator_t*);
+ cc_int32 (*move)(cc_ccache_t, cc_ccache_t);
+ cc_int32 (*lock)(cc_ccache_t, cc_uint32, cc_uint32);
+ cc_int32 (*unlock)(cc_ccache_t);
+ cc_int32 (*get_last_default_time)(cc_ccache_t, cc_time_t*);
+ cc_int32 (*get_change_time)(cc_ccache_t, cc_time_t*);
+ cc_int32 (*compare)(cc_ccache_t, cc_ccache_t, cc_uint32*);
+ cc_int32 (*get_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t *);
+ cc_int32 (*set_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t);
+ cc_int32 (*clear_kdc_time_offset)(cc_ccache_t, cc_int32);
+} cc_ccache_functions;
+
+struct cc_ccache_t {
+ const cc_ccache_functions *func;
+};
+
+struct cc_context_functions {
+ cc_int32 (*release)(cc_context_t);
+ cc_int32 (*get_change_time)(cc_context_t, cc_time_t *);
+ cc_int32 (*get_default_ccache_name)(cc_context_t, cc_string_t*);
+ cc_int32 (*open_ccache)(cc_context_t, const char*, cc_ccache_t *);
+ cc_int32 (*open_default_ccache)(cc_context_t, cc_ccache_t*);
+ cc_int32 (*create_ccache)(cc_context_t,const char*, cc_uint32,
+ const char*, cc_ccache_t*);
+ cc_int32 (*create_default_ccache)(cc_context_t, cc_uint32,
+ const char*, cc_ccache_t*);
+ cc_int32 (*create_new_ccache)(cc_context_t, cc_uint32,
+ const char*, cc_ccache_t*);
+ cc_int32 (*new_ccache_iterator)(cc_context_t, cc_ccache_iterator_t*);
+ cc_int32 (*lock)(cc_context_t, cc_uint32, cc_uint32);
+ cc_int32 (*unlock)(cc_context_t);
+ cc_int32 (*compare)(cc_context_t, cc_context_t, cc_uint32*);
+};
+
+struct cc_context_t {
+ const struct cc_context_functions* func;
+};
+
+typedef cc_int32
+(*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **);
+
+#endif /* KRB5_CCAPI_H */
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_check_transited.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_check_transited.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_check_transited.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,106 @@
+.\" Copyright (c) 2004, 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_check_transited.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_CHECK_TRANSITED 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_check_transited ,
+.Nm krb5_check_transited_realms ,
+.Nm krb5_domain_x500_decode ,
+.Nm krb5_domain_x500_encode
+.Nd realm transit verification and encoding/decoding functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_check_transited
+.Fa "krb5_context context"
+.Fa "krb5_const_realm client_realm"
+.Fa "krb5_const_realm server_realm"
+.Fa "krb5_realm *realms"
+.Fa "int num_realms"
+.Fa "int *bad_realm"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_check_transited_realms
+.Fa "krb5_context context"
+.Fa "const char *const *realms"
+.Fa "int num_realms"
+.Fa "int *bad_realm"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_domain_x500_decode
+.Fa "krb5_context context"
+.Fa "krb5_data tr"
+.Fa "char ***realms"
+.Fa "int *num_realms"
+.Fa "const char *client_realm"
+.Fa "const char *server_realm"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_domain_x500_encode
+.Fa "char **realms"
+.Fa "int num_realms"
+.Fa "krb5_data *encoding"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_check_transited
+checks the path from
+.Fa client_realm
+to
+.Fa server_realm
+where
+.Fa realms
+and
+.Fa num_realms
+is the realms between them.
+If the function returns an error value,
+.Fa bad_realm
+will be set to the realm in the list causing the error.
+.Fn krb5_check_transited
+is used internally by the KDC and libkrb5 and should not be called by
+client applications.
+.Pp
+.Fn krb5_check_transited_realms
+is deprecated.
+.Pp
+.Fn krb5_domain_x500_encode
+and
+.Fn krb5_domain_x500_decode
+encodes and decodes the realm names in the X500 format that Kerberos
+uses to describe the transited realms in krbtgts.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_compare_creds.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_compare_creds.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_compare_creds.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+.\" Copyright (c) 2004-2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_compare_creds.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 10, 2005
+.Dt KRB5_COMPARE_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_compare_creds
+.Nd compare Kerberos 5 credentials
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_boolean
+.Fo krb5_compare_creds
+.Fa "krb5_context context"
+.Fa "krb5_flags whichfields"
+.Fa "const krb5_creds *mcreds"
+.Fa "const krb5_creds *creds"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_compare_creds
+compares
+.Fa mcreds
+(usually filled in by the application)
+to
+.Fa creds
+(most often from a credentials cache)
+and return
+.Dv TRUE
+if they are equal.
+Unless
+.Va mcreds-\*[Gt]server
+is
+.Dv NULL ,
+the service of the credentials are always compared. If the client
+name in
+.Fa mcreds
+is present, the client names are also compared. This function is
+normally only called indirectly via
+.Xr krb5_cc_retrieve_cred 3 .
+.Pp
+The following flags, set in
+.Fa whichfields ,
+affects the comparison:
+.Bl -tag -width KRB5_TC_MATCH_SRV_NAMEONLY -compact -offset indent
+.It KRB5_TC_MATCH_SRV_NAMEONLY
+Consider all realms equal when comparing the service principal.
+.It KRB5_TC_MATCH_KEYTYPE
+Compare enctypes.
+.It KRB5_TC_MATCH_FLAGS_EXACT
+Make sure that the ticket flags are identical.
+.It KRB5_TC_MATCH_FLAGS
+Make sure that all ticket flags set in
+.Fa mcreds
+are also present in
+.Fa creds .
+.It KRB5_TC_MATCH_TIMES_EXACT
+Compares the ticket times exactly.
+.It KRB5_TC_MATCH_TIMES
+Compares only the expiration times of the creds.
+.It KRB5_TC_MATCH_AUTHDATA
+Compares the authdata fields.
+.It KRB5_TC_MATCH_2ND_TKT
+Compares the second tickets (used by user-to-user authentication).
+.It KRB5_TC_MATCH_IS_SKEY
+Compares the existance of the second ticket.
+.El
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_cc_retrieve_cred 3 ,
+.Xr krb5_creds 3 ,
+.Xr krb5_get_init_creds 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_config.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_config.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_config.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,307 @@
+.\" Copyright (c) 2000 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"
+.\" $Id: krb5_config.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd August 10, 2007
+.Dt KRB5_CONFIG_GET 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_config_file_free ,
+.Nm krb5_config_free_strings ,
+.Nm krb5_config_get ,
+.Nm krb5_config_get_bool ,
+.Nm krb5_config_get_bool_default ,
+.Nm krb5_config_get_int ,
+.Nm krb5_config_get_int_default ,
+.Nm krb5_config_get_list ,
+.Nm krb5_config_get_next ,
+.Nm krb5_config_get_string ,
+.Nm krb5_config_get_string_default ,
+.Nm krb5_config_get_strings ,
+.Nm krb5_config_get_time ,
+.Nm krb5_config_get_time_default ,
+.Nm krb5_config_parse_file ,
+.Nm krb5_config_parse_file_multi ,
+.Nm krb5_config_vget ,
+.Nm krb5_config_vget_bool ,
+.Nm krb5_config_vget_bool_default ,
+.Nm krb5_config_vget_int ,
+.Nm krb5_config_vget_int_default ,
+.Nm krb5_config_vget_list ,
+.Nm krb5_config_vget_next ,
+.Nm krb5_config_vget_string ,
+.Nm krb5_config_vget_string_default ,
+.Nm krb5_config_vget_strings ,
+.Nm krb5_config_vget_time ,
+.Nm krb5_config_vget_time_default
+.Nd get configuration value
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_config_file_free
+.Fa "krb5_context context"
+.Fa "krb5_config_section *s"
+.Fc
+.Ft void
+.Fo krb5_config_free_strings
+.Fa "char **strings"
+.Fc
+.Ft "const void *"
+.Fo krb5_config_get
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "int type"
+.Fa "..."
+.Fc
+.Ft krb5_boolean
+.Fo krb5_config_get_bool
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "..."
+.Fc
+.Ft krb5_boolean
+.Fo krb5_config_get_bool_default
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "krb5_boolean def_value"
+.Fa "..."
+.Fc
+.Ft int
+.Fo krb5_config_get_int
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "..."
+.Fc
+.Ft int
+.Fo krb5_config_get_int_default
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "int def_value"
+.Fa "..."
+.Fc
+.Ft const char*
+.Fo krb5_config_get_string
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "..."
+.Fc
+.Ft const char*
+.Fo krb5_config_get_string_default
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "const char *def_value"
+.Fa "..."
+.Fc
+.Ft "char**"
+.Fo krb5_config_get_strings
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "..."
+.Fc
+.Ft int
+.Fo krb5_config_get_time
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "..."
+.Fc
+.Ft int
+.Fo krb5_config_get_time_default
+.Fa "krb5_context context"
+.Fa "krb5_config_section *c"
+.Fa "int def_value"
+.Fa "..."
+.Fc
+.Ft krb5_error_code
+.Fo krb5_config_parse_file
+.Fa "krb5_context context"
+.Fa "const char *fname"
+.Fa "krb5_config_section **res"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_config_parse_file_multi
+.Fa "krb5_context context"
+.Fa "const char *fname"
+.Fa "krb5_config_section **res"
+.Fc
+.Ft "const void *"
+.Fo krb5_config_vget
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "int type"
+.Fa "va_list args"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_config_vget_bool
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "va_list args"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_config_vget_bool_default
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "krb5_boolean def_value"
+.Fa "va_list args"
+.Fc
+.Ft int
+.Fo krb5_config_vget_int
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "va_list args"
+.Fc
+.Ft int
+.Fo krb5_config_vget_int_default
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "int def_value"
+.Fa "va_list args"
+.Fc
+.Ft "const krb5_config_binding *"
+.Fo krb5_config_vget_list
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "va_list args"
+.Fc
+.Ft "const void *"
+.Fo krb5_config_vget_next
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "const krb5_config_binding **pointer"
+.Fa "int type"
+.Fa "va_list args"
+.Fc
+.Ft "const char *"
+.Fo krb5_config_vget_string
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "va_list args"
+.Fc
+.Ft "const char *"
+.Fo krb5_config_vget_string_default
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "const char *def_value"
+.Fa "va_list args"
+.Fc
+.Ft char **
+.Fo krb5_config_vget_strings
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "va_list args"
+.Fc
+.Ft int
+.Fo krb5_config_vget_time
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "va_list args"
+.Fc
+.Ft int
+.Fo krb5_config_vget_time_default
+.Fa "krb5_context context"
+.Fa "const krb5_config_section *c"
+.Fa "int def_value"
+.Fa "va_list args"
+.Fc
+.Sh DESCRIPTION
+These functions get values from the
+.Xr krb5.conf 5
+configuration file, or another configuration database specified by the
+.Fa c
+parameter.
+.Pp
+The variable arguments should be a list of strings naming each
+subsection to look for. For example:
+.Bd -literal -offset indent
+krb5_config_get_bool_default(context, NULL, FALSE,
+ "libdefaults", "log_utc", NULL);
+.Ed
+.Pp
+gets the boolean value for the
+.Dv log_utc
+option, defaulting to
+.Dv FALSE .
+.Pp
+.Fn krb5_config_get_bool_default
+will convert the option value to a boolean value, where
+.Sq yes ,
+.Sq true ,
+and any non-zero number means
+.Dv TRUE ,
+and any other value
+.Dv FALSE .
+.Pp
+.Fn krb5_config_get_int_default
+will convert the value to an integer.
+.Pp
+.Fn krb5_config_get_time_default
+will convert the value to a period of time (not a time stamp) in
+seconds, so the string
+.Sq 2 weeks
+will be converted to
+1209600 (2 * 7 * 24 * 60 * 60).
+.Pp
+.Fn krb5_config_get_string
+returns a
+.Ft "const char *"
+to a string in the configuration database. The string not be valid
+after reload of the configuration database
+.\" or a call to .Fn krb5_config_set_string ,
+so a caller should make a local copy if its need to keep the database.
+.Pp
+.Fn krb5_config_free_strings
+free
+.Fa strings
+as returned by
+.Fn krb5_config_get_strings
+and
+.Fn krb5_config_vget_strings .
+If the argument
+.Fa strings
+is a
+.Dv NULL
+pointer, no action occurs.
+.Pp
+.Fn krb5_config_file_free
+free the result of
+.Fn krb5_config_parse_file
+and
+.Fn krb5_config_parse_file_multi .
+.Sh SEE ALSO
+.Xr krb5_appdefault 3 ,
+.Xr krb5_init_context 3 ,
+.Xr krb5.conf 5
+.Sh BUGS
+For the default functions, other than for the string case, there's no
+way to tell whether there was a value specified or not.
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_context.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_context.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_context.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+.\" Copyright (c) 2001 - 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_context.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd January 21, 2001
+.Dt KRB5_CONTEXT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_context
+.Nd krb5 state structure
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Sh DESCRIPTION
+The
+.Nm
+structure is designed to hold all per thread state. All global
+variables that are context specific are stored in this structure,
+including default encryption types, credentials-cache (ticket file), and
+default realms.
+.Pp
+The internals of the structure should never be accessed directly,
+functions exist for extracting information.
+.Sh SEE ALSO
+.Xr krb5_init_context 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_create_checksum.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_create_checksum.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_create_checksum.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,226 @@
+.\" Copyright (c) 1999-2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_create_checksum.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd August 12, 2005
+.Dt NAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_checksum ,
+.Nm krb5_checksum_disable ,
+.Nm krb5_checksum_is_collision_proof ,
+.Nm krb5_checksum_is_keyed ,
+.Nm krb5_checksumsize ,
+.Nm krb5_cksumtype_valid ,
+.Nm krb5_copy_checksum ,
+.Nm krb5_create_checksum ,
+.Nm krb5_crypto_get_checksum_type
+.Nm krb5_free_checksum ,
+.Nm krb5_free_checksum_contents ,
+.Nm krb5_hmac ,
+.Nm krb5_verify_checksum
+.Nd creates, handles and verifies checksums
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "typedef Checksum krb5_checksum;"
+.Ft void
+.Fo krb5_checksum_disable
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype type"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_checksum_is_collision_proof
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype type"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_checksum_is_keyed
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype type"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_cksumtype_valid
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype ctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_checksumsize
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype type"
+.Fa "size_t *size"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_create_checksum
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "krb5_key_usage usage"
+.Fa "int type"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "Checksum *result"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_verify_checksum
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "krb5_key_usage usage"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "Checksum *cksum"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_crypto_get_checksum_type
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "krb5_cksumtype *type"
+.Fc
+.Ft void
+.Fo krb5_free_checksum
+.Fa "krb5_context context"
+.Fa "krb5_checksum *cksum"
+.Fc
+.Ft void
+.Fo krb5_free_checksum_contents
+.Fa "krb5_context context"
+.Fa "krb5_checksum *cksum"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_hmac
+.Fa "krb5_context context"
+.Fa "krb5_cksumtype cktype"
+.Fa "const void *data"
+.Fa "size_t len"
+.Fa "unsigned usage"
+.Fa "krb5_keyblock *key"
+.Fa "Checksum *result"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_checksum
+.Fa "krb5_context context"
+.Fa "const krb5_checksum *old"
+.Fa "krb5_checksum **new"
+.Fc
+.Sh DESCRIPTION
+The
+.Li krb5_checksum
+structure holds a Kerberos checksum.
+There is no component inside
+.Li krb5_checksum
+that is directly referable.
+.Pp
+The functions are used to create and verify checksums.
+.Fn krb5_create_checksum
+creates a checksum of the specified data, and puts it in
+.Fa result .
+If
+.Fa crypto
+is
+.Dv NULL ,
+.Fa usage_or_type
+specifies the checksum type to use; it must not be keyed. Otherwise
+.Fa crypto
+is an encryption context created by
+.Fn krb5_crypto_init ,
+and
+.Fa usage_or_type
+specifies a key-usage.
+.Pp
+.Fn krb5_verify_checksum
+verifies the
+.Fa checksum
+against the provided data.
+.Pp
+.Fn krb5_checksum_is_collision_proof
+returns true is the specified checksum is collision proof (that it's
+very unlikely that two strings has the same hash value, and that it's
+hard to find two strings that has the same hash). Examples of
+collision proof checksums are MD5, and SHA1, while CRC32 is not.
+.Pp
+.Fn krb5_checksum_is_keyed
+returns true if the specified checksum type is keyed (that the hash
+value is a function of both the data, and a separate key). Examples of
+keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
+.Dq plain
+hash functions MD5, and SHA1 are not keyed.
+.Pp
+.Fn krb5_crypto_get_checksum_type
+returns the checksum type that will be used when creating a checksum for the given
+.Fa crypto
+context.
+This function is useful in combination with
+.Fn krb5_checksumsize
+when you want to know the size a checksum will
+use when you create it.
+.Pp
+.Fn krb5_cksumtype_valid
+returns 0 or an error if the checksumtype is implemented and not
+currently disabled in this kerberos library.
+.Pp
+.Fn krb5_checksumsize
+returns the size of the outdata of checksum function.
+.Pp
+.Fn krb5_copy_checksum
+returns a copy of the checksum
+.Fn krb5_free_checksum
+should use used to free the
+.Fa new
+checksum.
+.Pp
+.Fn krb5_free_checksum
+free the checksum and the content of the checksum.
+.Pp
+.Fn krb5_free_checksum_contents
+frees the content of checksum in
+.Fa cksum .
+.Pp
+.Fn krb5_hmac
+calculates the HMAC over
+.Fa data
+(with length
+.Fa len )
+using the keyusage
+.Fa usage
+and keyblock
+.Fa key .
+Note that keyusage is not always used in checksums.
+.Pp
+.Nm krb5_checksum_disable
+globally disables the checksum type.
+.\" .Sh EXAMPLE
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr krb5_crypto_init 3 ,
+.Xr krb5_c_encrypt 3 ,
+.Xr krb5_encrypt 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_creds.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_creds.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_creds.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,119 @@
+.\" Copyright (c) 2004, 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_creds.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_creds ,
+.Nm krb5_copy_creds ,
+.Nm krb5_copy_creds_contents ,
+.Nm krb5_free_creds ,
+.Nm krb5_free_cred_contents
+.Nd Kerberos 5 credential handling functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_copy_creds
+.Fa "krb5_context context"
+.Fa "const krb5_creds *incred"
+.Fa "krb5_creds **outcred"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_creds_contents
+.Fa "krb5_context context"
+.Fa "const krb5_creds *incred"
+.Fa "krb5_creds *outcred"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_creds
+.Fa "krb5_context context"
+.Fa "krb5_creds *outcred"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_cred_contents
+.Fa "krb5_context context"
+.Fa "krb5_creds *cred"
+.Fc
+.Sh DESCRIPTION
+.Vt krb5_creds
+holds Kerberos credentials:
+.Bd -literal -offset
+typedef struct krb5_creds {
+ krb5_principal client;
+ krb5_principal server;
+ krb5_keyblock session;
+ krb5_times times;
+ krb5_data ticket;
+ krb5_data second_ticket;
+ krb5_authdata authdata;
+ krb5_addresses addresses;
+ krb5_ticket_flags flags;
+} krb5_creds;
+.Ed
+.Pp
+.Fn krb5_copy_creds
+makes a copy of
+.Fa incred
+to
+.Fa outcred .
+.Fa outcred
+should be freed with
+.Fn krb5_free_creds
+by the caller.
+.Pp
+.Fn krb5_copy_creds_contents
+makes a copy of the content of
+.Fa incred
+to
+.Fa outcreds .
+.Fa outcreds
+should be freed by the called with
+.Fn krb5_free_creds_contents .
+.Pp
+.Fn krb5_free_creds
+frees the content of the
+.Fa cred
+structure and the structure itself.
+.Pp
+.Fn krb5_free_cred_contents
+frees the content of the
+.Fa cred
+structure.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_compare_creds 3 ,
+.Xr krb5_get_init_creds 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_crypto_init.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_crypto_init.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_crypto_init.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+.\" Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_crypto_init.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd April 7, 1999
+.Dt NAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_crypto_destroy ,
+.Nm krb5_crypto_init
+.Nd encryption support in krb5
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto"
+.Ft krb5_error_code
+.Fn krb5_crypto_destroy "krb5_context context" "krb5_crypto crypto"
+.Sh DESCRIPTION
+Heimdal exports parts of the Kerberos crypto interface for applications.
+.Pp
+Each kerberos encrytion/checksum function takes a crypto context.
+.Pp
+To setup and destroy crypto contextes there are two functions
+.Fn krb5_crypto_init
+and
+.Fn krb5_crypto_destroy .
+The encryption type to use is taken from the key, but can be overridden
+with the
+.Fa enctype parameter .
+This can be useful for encryptions types which is compatiable (DES for
+example).
+.\" .Sh EXAMPLE
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr krb5_create_checksum 3 ,
+.Xr krb5_encrypt 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_data.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_data.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_data.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,159 @@
+.\" Copyright (c) 2003 - 2005, 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_data.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd Jan 23, 2007
+.Dt KRB5_DATA 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_data ,
+.Nm krb5_data_zero ,
+.Nm krb5_data_free ,
+.Nm krb5_free_data_contents ,
+.Nm krb5_free_data ,
+.Nm krb5_data_alloc ,
+.Nm krb5_data_realloc ,
+.Nm krb5_data_copy ,
+.Nm krb5_copy_data ,
+.Nm krb5_data_cmp
+.Nd operates on the Kerberos datatype krb5_data
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "struct krb5_data;"
+.Ft void
+.Fn krb5_data_zero "krb5_data *p"
+.Ft void
+.Fn krb5_data_free "krb5_data *p"
+.Ft void
+.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p"
+.Ft void
+.Fn krb5_free_data "krb5_context context" "krb5_data *p"
+.Ft krb5_error_code
+.Fn krb5_data_alloc "krb5_data *p" "int len"
+.Ft krb5_error_code
+.Fn krb5_data_realloc "krb5_data *p" "int len"
+.Ft krb5_error_code
+.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len"
+.Ft krb5_error_code
+.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata"
+.Ft krb5_error_code
+.Fn krb5_data_cmp "const krb5_data *data1" "const krb5_data *data2"
+.Sh DESCRIPTION
+The
+.Li krb5_data
+structure holds a data element.
+The structure contains two public accessible elements
+.Fa length
+(the length of data)
+and
+.Fa data
+(the data itself).
+The structure must always be initiated and freed by the functions
+documented in this manual.
+.Pp
+.Fn krb5_data_zero
+resets the content of
+.Fa p .
+.Pp
+.Fn krb5_data_free
+free the data in
+.Fa p
+and reset the content of the structure with
+.Fn krb5_data_zero .
+.Pp
+.Fn krb5_free_data_contents
+works the same way as
+.Fa krb5_data_free .
+The diffrence is that krb5_free_data_contents is more portable (exists
+in MIT api).
+.Pp
+.Fn krb5_free_data
+frees the data in
+.Fa p
+and
+.Fa p
+itself.
+.Pp
+.Fn krb5_data_alloc
+allocates
+.Fa len
+bytes in
+.Fa p .
+Returns 0 or an error.
+.Pp
+.Fn krb5_data_realloc
+reallocates the length of
+.Fa p
+to the length in
+.Fa len .
+Returns 0 or an error.
+.Pp
+.Fn krb5_data_copy
+copies the
+.Fa data
+that have the length
+.Fa len
+into
+.Fa p .
+.Fa p
+is not freed so the calling function should make sure the
+.Fa p
+doesn't contain anything needs to be freed.
+Returns 0 or an error.
+.Pp
+.Fn krb5_copy_data
+copies the
+.Li krb5_data
+in
+.Fa indata
+to
+.Fa outdata .
+.Fa outdata
+is not freed so the calling function should make sure the
+.Fa outdata
+doesn't contain anything needs to be freed.
+.Fa outdata
+should be freed using
+.Fn krb5_free_data .
+Returns 0 or an error.
+.Pp
+.Fn krb5_data_cmp
+will compare two data object and check if they are the same in a
+simular way as memcmp does it. The return value can be used for
+sorting.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_storage 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_digest.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_digest.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_digest.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,260 @@
+.\" Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_digest.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd February 18, 2007
+.Dt KRB5_DIGEST 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_digest ,
+.Nm krb5_digest_alloc ,
+.Nm krb5_digest_free ,
+.Nm krb5_digest_set_server_cb ,
+.Nm krb5_digest_set_type ,
+.Nm krb5_digest_set_hostname ,
+.Nm krb5_digest_get_server_nonce ,
+.Nm krb5_digest_set_server_nonce ,
+.Nm krb5_digest_get_opaque ,
+.Nm krb5_digest_set_opaque ,
+.Nm krb5_digest_get_identifier ,
+.Nm krb5_digest_set_identifier ,
+.Nm krb5_digest_init_request ,
+.Nm krb5_digest_set_client_nonce ,
+.Nm krb5_digest_set_digest ,
+.Nm krb5_digest_set_username ,
+.Nm krb5_digest_set_authid ,
+.Nm krb5_digest_set_authentication_user ,
+.Nm krb5_digest_set_realm ,
+.Nm krb5_digest_set_method ,
+.Nm krb5_digest_set_uri ,
+.Nm krb5_digest_set_nonceCount ,
+.Nm krb5_digest_set_qop ,
+.Nm krb5_digest_request ,
+.Nm krb5_digest_get_responseData ,
+.Nm krb5_digest_get_rsp ,
+.Nm krb5_digest_get_tickets ,
+.Nm krb5_digest_get_client_binding ,
+.Nm krb5_digest_get_a1_hash
+.Nd remote digest (HTTP-DIGEST, SASL, CHAP) suppport
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "typedef struct krb5_digest *krb5_digest;"
+.Pp
+.Ft krb5_error_code
+.Fo krb5_digest_alloc
+.Fa "krb5_context context"
+.Fa "krb5_digest *digest"
+.Fc
+.Ft void
+.Fo krb5_digest_free
+.Fa "krb5_digest digest"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_type
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *type"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_server_cb
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *type"
+.Fa "const char *binding"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_hostname
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *hostname"
+.Fc
+.Ft "const char *"
+.Fo krb5_digest_get_server_nonce
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_server_nonce
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *nonce"
+.Fc
+.Ft "const char *"
+.Fo krb5_digest_get_opaque
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_opaque
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *opaque"
+.Fc
+.Ft "const char *"
+.Fo krb5_digest_get_identifier
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_identifier
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_init_request
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "krb5_realm realm"
+.Fa "krb5_ccache ccache"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_client_nonce
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *nonce"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_digest
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *dgst"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_username
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *username"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_authid
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *authid"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_authentication_user
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "krb5_principal authentication_user"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_realm
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *realm"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_method
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *method"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_uri
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *uri"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_nonceCount
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *nonce_count"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_set_qop
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "const char *qop"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_request
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "krb5_realm realm"
+.Fa "krb5_ccache ccache"
+.Fc
+.Ft "const char *"
+.Fo krb5_digest_get_responseData
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fc
+.Ft "const char *"
+.Fo krb5_digest_get_rsp
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_get_tickets
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "Ticket **tickets"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_get_client_binding
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "char **type"
+.Fa "char **binding"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_digest_get_a1_hash
+.Fa "krb5_context context"
+.Fa "krb5_digest digest"
+.Fa "krb5_data *data"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn krb5_digest_alloc
+function allocatates the
+.Fa digest
+structure. The structure should be freed with
+.Fn krb5_digest_free
+when it is no longer being used.
+.Pp
+.Fn krb5_digest_alloc
+returns 0 to indicate success.
+Otherwise an kerberos code is returned and the pointer that
+.Fa digest
+points to is set to
+.Dv NULL .
+.Pp
+.Fn krb5_digest_free
+free the structure
+.Fa digest .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_eai_to_heim_errno.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_eai_to_heim_errno.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_eai_to_heim_errno.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,68 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_eai_to_heim_errno.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd April 13, 2004
+.Dt KRB5_EAI_TO_HEIM_ERRNO 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_eai_to_heim_errno ,
+.Nm krb5_h_errno_to_heim_errno
+.Nd convert resolver error code to com_err error codes
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_eai_to_heim_errno
+.Fa "int eai_errno"
+.Fa "int system_error"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_h_errno_to_heim_errno
+.Fa "int eai_errno"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_eai_to_heim_errno
+and
+.Fn krb5_h_errno_to_heim_errno
+convert
+.Xr getaddrinfo 3 ,
+.Xr getnameinfo 3 ,
+and
+.Xr h_errno 3
+to com_err error code that are used by Heimdal, this is useful for for
+function returning kerberos errors and needs to communicate failures
+from resolver function.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_encrypt.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_encrypt.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_encrypt.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,278 @@
+.\" Copyright (c) 1999 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_encrypt.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd March 20, 2004
+.Dt KRB5_ENCRYPT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_crypto_getblocksize ,
+.Nm krb5_crypto_getconfoundersize
+.Nm krb5_crypto_getenctype ,
+.Nm krb5_crypto_getpadsize ,
+.Nm krb5_crypto_overhead ,
+.Nm krb5_decrypt ,
+.Nm krb5_decrypt_EncryptedData ,
+.Nm krb5_decrypt_ivec ,
+.Nm krb5_decrypt_ticket ,
+.Nm krb5_encrypt ,
+.Nm krb5_encrypt_EncryptedData ,
+.Nm krb5_encrypt_ivec ,
+.Nm krb5_enctype_disable ,
+.Nm krb5_enctype_keysize ,
+.Nm krb5_enctype_to_string ,
+.Nm krb5_enctype_valid ,
+.Nm krb5_get_wrapped_length ,
+.Nm krb5_string_to_enctype
+.Nd "encrypt and decrypt data, set and get encryption type parameters"
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_encrypt
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "unsigned usage"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "krb5_data *result"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_encrypt_EncryptedData
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "unsigned usage"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "int kvno"
+.Fa "EncryptedData *result"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_encrypt_ivec
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "unsigned usage"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "krb5_data *result"
+.Fa "void *ivec"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_decrypt
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "unsigned usage"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "krb5_data *result"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_decrypt_EncryptedData
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "unsigned usage"
+.Fa "EncryptedData *e"
+.Fa "krb5_data *result"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_decrypt_ivec
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "unsigned usage"
+.Fa "void *data"
+.Fa "size_t len"
+.Fa "krb5_data *result"
+.Fa "void *ivec"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_decrypt_ticket
+.Fa "krb5_context context"
+.Fa "Ticket *ticket"
+.Fa "krb5_keyblock *key"
+.Fa "EncTicketPart *out"
+.Fa "krb5_flags flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_crypto_getblocksize
+.Fa "krb5_context context"
+.Fa "size_t *blocksize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_crypto_getenctype
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "krb5_enctype *enctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_crypto_getpadsize
+.Fa "krb5_context context"
+.Fa size_t *padsize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_crypto_getconfoundersize
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto
+.Fa size_t *confoundersize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_enctype_keysize
+.Fa "krb5_context context"
+.Fa "krb5_enctype type"
+.Fa "size_t *keysize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_crypto_overhead
+.Fa "krb5_context context"
+.Fa size_t *padsize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_enctype
+.Fa "krb5_context context"
+.Fa "const char *string"
+.Fa "krb5_enctype *etype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_enctype_to_string
+.Fa "krb5_context context"
+.Fa "krb5_enctype etype"
+.Fa "char **string"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_enctype_valid
+.Fa "krb5_context context"
+.Fa "krb5_enctype etype"
+.Fc
+.Ft void
+.Fo krb5_enctype_disable
+.Fa "krb5_context context"
+.Fa "krb5_enctype etype"
+.Fc
+.Ft size_t
+.Fo krb5_get_wrapped_length
+.Fa "krb5_context context"
+.Fa "krb5_crypto crypto"
+.Fa "size_t data_len"
+.Fc
+.Sh DESCRIPTION
+These functions are used to encrypt and decrypt data.
+.Pp
+.Fn krb5_encrypt_ivec
+puts the encrypted version of
+.Fa data
+(of size
+.Fa len )
+in
+.Fa result .
+If the encryption type supports using derived keys,
+.Fa usage
+should be the appropriate key-usage.
+.Fa ivec
+is a pointer to a initial IV, it is modified to the end IV at the end of
+the round.
+Ivec should be the size of
+If
+.Dv NULL
+is passed in, the default IV is used.
+.Fn krb5_encrypt
+does the same as
+.Fn krb5_encrypt_ivec
+but with
+.Fa ivec
+being
+.Dv NULL .
+.Fn krb5_encrypt_EncryptedData
+does the same as
+.Fn krb5_encrypt ,
+but it puts the encrypted data in a
+.Fa EncryptedData
+structure instead. If
+.Fa kvno
+is not zero, it will be put in the (optional)
+.Fa kvno
+field in the
+.Fa EncryptedData .
+.Pp
+.Fn krb5_decrypt_ivec ,
+.Fn krb5_decrypt ,
+and
+.Fn krb5_decrypt_EncryptedData
+works similarly.
+.Pp
+.Fn krb5_decrypt_ticket
+decrypts the encrypted part of
+.Fa ticket
+with
+.Fa key .
+.Fn krb5_decrypt_ticket
+also verifies the timestamp in the ticket, invalid flag and if the KDC
+haven't verified the transited path, the transit path.
+.Pp
+.Fn krb5_enctype_keysize ,
+.Fn krb5_crypto_getconfoundersize ,
+.Fn krb5_crypto_getblocksize ,
+.Fn krb5_crypto_getenctype ,
+.Fn krb5_crypto_getpadsize ,
+.Fn krb5_crypto_overhead
+all returns various (sometimes) useful information from a crypto context.
+.Fn krb5_crypto_overhead
+is the combination of krb5_crypto_getconfoundersize,
+krb5_crypto_getblocksize and krb5_crypto_getpadsize and return the
+maximum overhead size.
+.Pp
+.Fn krb5_enctype_to_string
+converts a encryption type number to a string that can be printable
+and stored. The strings returned should be freed with
+.Xr free 3 .
+.Pp
+.Fn krb5_string_to_enctype
+converts a encryption type strings to a encryption type number that
+can use used for other Kerberos crypto functions.
+.Pp
+.Fn krb5_enctype_valid
+returns 0 if the encrypt is supported and not disabled, otherwise and
+error code is returned.
+.Pp
+.Fn krb5_enctype_disable
+(globally, for all contextes) disables the
+.Fa enctype .
+.Pp
+.Fn krb5_get_wrapped_length
+returns the size of an encrypted packet by
+.Fa crypto
+of length
+.Fa data_len .
+.\" .Sh EXAMPLE
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr krb5_create_checksum 3 ,
+.Xr krb5_crypto_init 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,266 @@
+#
+# Error messages for the krb5 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: krb5_err.et,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $"
+
+error_table krb5
+
+prefix KRB5KDC_ERR
+error_code NONE, "No error"
+error_code NAME_EXP, "Client's entry in database has expired"
+error_code SERVICE_EXP, "Server's entry in database has expired"
+error_code BAD_PVNO, "Requested protocol version not supported"
+error_code C_OLD_MAST_KVNO, "Client's key is encrypted in an old master key"
+error_code S_OLD_MAST_KVNO, "Server's key is encrypted in an old master key"
+error_code C_PRINCIPAL_UNKNOWN, "Client not found in Kerberos database"
+error_code S_PRINCIPAL_UNKNOWN, "Server not found in Kerberos database"
+error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
+error_code NULL_KEY, "Client or server has a null key"
+error_code CANNOT_POSTDATE, "Ticket is ineligible for postdating"
+error_code NEVER_VALID, "Requested effective lifetime is negative or too short"
+error_code POLICY, "KDC policy rejects request"
+error_code BADOPTION, "KDC can't fulfill requested option"
+error_code ETYPE_NOSUPP, "KDC has no support for encryption type"
+error_code SUMTYPE_NOSUPP, "KDC has no support for checksum type"
+error_code PADATA_TYPE_NOSUPP, "KDC has no support for padata type"
+error_code TRTYPE_NOSUPP, "KDC has no support for transited type"
+error_code CLIENT_REVOKED, "Clients credentials have been revoked"
+error_code SERVICE_REVOKED, "Credentials for server have been revoked"
+error_code TGT_REVOKED, "TGT has been revoked"
+error_code CLIENT_NOTYET, "Client not yet valid - try again later"
+error_code SERVICE_NOTYET, "Server not yet valid - try again later"
+error_code KEY_EXPIRED, "Password has expired"
+error_code PREAUTH_FAILED, "Preauthentication failed"
+error_code PREAUTH_REQUIRED, "Additional pre-authentication required"
+error_code SERVER_NOMATCH, "Requested server and ticket don't match"
+error_code KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only"
+error_code PATH_NOT_ACCEPTED, "KDC Policy rejects transited path"
+error_code SVC_UNAVAILABLE, "A service is not available"
+
+index 31
+prefix KRB5KRB_AP
+error_code ERR_BAD_INTEGRITY, "Decrypt integrity check failed"
+error_code ERR_TKT_EXPIRED, "Ticket expired"
+error_code ERR_TKT_NYV, "Ticket not yet valid"
+error_code ERR_REPEAT, "Request is a replay"
+error_code ERR_NOT_US, "The ticket isn't for us"
+error_code ERR_BADMATCH, "Ticket/authenticator don't match"
+error_code ERR_SKEW, "Clock skew too great"
+error_code ERR_BADADDR, "Incorrect net address"
+error_code ERR_BADVERSION, "Protocol version mismatch"
+error_code ERR_MSG_TYPE, "Invalid message type"
+error_code ERR_MODIFIED, "Message stream modified"
+error_code ERR_BADORDER, "Message out of order"
+error_code ERR_ILL_CR_TKT, "Invalid cross-realm ticket"
+error_code ERR_BADKEYVER, "Key version is not available"
+error_code ERR_NOKEY, "Service key not available"
+error_code ERR_MUT_FAIL, "Mutual authentication failed"
+error_code ERR_BADDIRECTION, "Incorrect message direction"
+error_code ERR_METHOD, "Alternative authentication method required"
+error_code ERR_BADSEQ, "Incorrect sequence number in message"
+error_code ERR_INAPP_CKSUM, "Inappropriate type of checksum in message"
+error_code PATH_NOT_ACCEPTED, "Policy rejects transited path"
+
+prefix KRB5KRB_ERR
+error_code RESPONSE_TOO_BIG, "Response too big for UDP, retry with TCP"
+# 53-59 are reserved
+index 60
+error_code GENERIC, "Generic error (see e-text)"
+error_code FIELD_TOOLONG, "Field is too long for this implementation"
+
+# pkinit
+index 62
+prefix KRB5_KDC_ERR
+error_code CLIENT_NOT_TRUSTED, "Client not trusted"
+error_code KDC_NOT_TRUSTED, "KDC not trusted"
+error_code INVALID_SIG, "Invalid signature"
+error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted"
+
+index 68
+prefix KRB5_KDC_ERR
+error_code WRONG_REALM, "Wrong realm"
+
+index 69
+prefix KRB5_AP_ERR
+error_code USER_TO_USER_REQUIRED, "User to user required"
+
+index 70
+prefix KRB5_KDC_ERR
+error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
+error_code INVALID_CERTIFICATE, "Certificate invalid"
+error_code REVOKED_CERTIFICATE, "Certificate revoked"
+error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown"
+error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unavaible"
+error_code CLIENT_NAME_MISMATCH, "Client name mismatch in certificate"
+error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose"
+error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted"
+error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included"
+error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted"
+error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported"
+
+## these are never used
+#index 80
+#prefix KRB5_IAKERB
+#error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC"
+#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC"
+
+# 82-127 are reserved
+
+index 128
+prefix
+error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $"
+
+error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
+error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
+error_code KRB5_LIBOS_BADPWDMATCH, "Password mismatch"
+error_code KRB5_LIBOS_PWDINTR, "Password read interrupted"
+
+error_code KRB5_PARSE_ILLCHAR, "Invalid character in component name"
+error_code KRB5_PARSE_MALFORMED, "Malformed representation of principal"
+
+error_code KRB5_CONFIG_CANTOPEN, "Can't open/find configuration file"
+error_code KRB5_CONFIG_BADFORMAT, "Improper format of configuration file"
+error_code KRB5_CONFIG_NOTENUFSPACE, "Insufficient space to return complete information"
+
+error_code KRB5_BADMSGTYPE, "Invalid message type specified for encoding"
+
+error_code KRB5_CC_BADNAME, "Credential cache name malformed"
+error_code KRB5_CC_UNKNOWN_TYPE, "Unknown credential cache type"
+error_code KRB5_CC_NOTFOUND, "Matching credential not found"
+error_code KRB5_CC_END, "End of credential cache reached"
+
+error_code KRB5_NO_TKT_SUPPLIED, "Request did not supply a ticket"
+
+error_code KRB5KRB_AP_WRONG_PRINC, "Wrong principal in request"
+error_code KRB5KRB_AP_ERR_TKT_INVALID, "Ticket has invalid flag set"
+
+error_code KRB5_PRINC_NOMATCH, "Requested principal and ticket don't match"
+error_code KRB5_KDCREP_MODIFIED, "KDC reply did not match expectations"
+error_code KRB5_KDCREP_SKEW, "Clock skew too great in KDC reply"
+error_code KRB5_IN_TKT_REALM_MISMATCH, "Client/server realm mismatch in initial ticket request"
+
+error_code KRB5_PROG_ETYPE_NOSUPP, "Program lacks support for encryption type"
+error_code KRB5_PROG_KEYTYPE_NOSUPP, "Program lacks support for key type"
+error_code KRB5_WRONG_ETYPE, "Requested encryption type not used in message"
+error_code KRB5_PROG_SUMTYPE_NOSUPP, "Program lacks support for checksum type"
+
+error_code KRB5_REALM_UNKNOWN, "Cannot find KDC for requested realm"
+error_code KRB5_SERVICE_UNKNOWN, "Kerberos service unknown"
+error_code KRB5_KDC_UNREACH, "Cannot contact any KDC for requested realm"
+error_code KRB5_NO_LOCALNAME, "No local name found for principal name"
+
+error_code KRB5_MUTUAL_FAILED, "Mutual authentication failed"
+
+# some of these should be combined/supplanted by system codes
+
+error_code KRB5_RC_TYPE_EXISTS, "Replay cache type is already registered"
+error_code KRB5_RC_MALLOC, "No more memory to allocate (in replay cache code)"
+error_code KRB5_RC_TYPE_NOTFOUND, "Replay cache type is unknown"
+error_code KRB5_RC_UNKNOWN, "Generic unknown RC error"
+error_code KRB5_RC_REPLAY, "Message is a replay"
+error_code KRB5_RC_IO, "Replay I/O operation failed XXX"
+error_code KRB5_RC_NOIO, "Replay cache type does not support non-volatile storage"
+error_code KRB5_RC_PARSE, "Replay cache name parse/format error"
+
+error_code KRB5_RC_IO_EOF, "End-of-file on replay cache I/O"
+error_code KRB5_RC_IO_MALLOC, "No more memory to allocate (in replay cache I/O code)"
+error_code KRB5_RC_IO_PERM, "Permission denied in replay cache code"
+error_code KRB5_RC_IO_IO, "I/O error in replay cache i/o code"
+error_code KRB5_RC_IO_UNKNOWN, "Generic unknown RC/IO error"
+error_code KRB5_RC_IO_SPACE, "Insufficient system space to store replay information"
+
+error_code KRB5_TRANS_CANTOPEN, "Can't open/find realm translation file"
+error_code KRB5_TRANS_BADFORMAT, "Improper format of realm translation file"
+
+error_code KRB5_LNAME_CANTOPEN, "Can't open/find lname translation database"
+error_code KRB5_LNAME_NOTRANS, "No translation available for requested principal"
+error_code KRB5_LNAME_BADFORMAT, "Improper format of translation database entry"
+
+error_code KRB5_CRYPTO_INTERNAL, "Cryptosystem internal error"
+
+error_code KRB5_KT_BADNAME, "Key table name malformed"
+error_code KRB5_KT_UNKNOWN_TYPE, "Unknown Key table type"
+error_code KRB5_KT_NOTFOUND, "Key table entry not found"
+error_code KRB5_KT_END, "End of key table reached"
+error_code KRB5_KT_NOWRITE, "Cannot write to specified key table"
+error_code KRB5_KT_IOERR, "Error writing to key table"
+
+error_code KRB5_NO_TKT_IN_RLM, "Cannot find ticket for requested realm"
+error_code KRB5DES_BAD_KEYPAR, "DES key has bad parity"
+error_code KRB5DES_WEAK_KEY, "DES key is a weak key"
+
+error_code KRB5_BAD_ENCTYPE, "Bad encryption type"
+error_code KRB5_BAD_KEYSIZE, "Key size is incompatible with encryption type"
+error_code KRB5_BAD_MSIZE, "Message size is incompatible with encryption type"
+
+error_code KRB5_CC_TYPE_EXISTS, "Credentials cache type is already registered."
+error_code KRB5_KT_TYPE_EXISTS, "Key table type is already registered."
+
+error_code KRB5_CC_IO, "Credentials cache I/O operation failed XXX"
+error_code KRB5_FCC_PERM, "Credentials cache file permissions incorrect"
+error_code KRB5_FCC_NOFILE, "No credentials cache file found"
+error_code KRB5_FCC_INTERNAL, "Internal file credentials cache error"
+error_code KRB5_CC_WRITE, "Error writing to credentials cache file"
+error_code KRB5_CC_NOMEM, "No more memory to allocate (in credentials cache code)"
+error_code KRB5_CC_FORMAT, "Bad format in credentials cache"
+error_code KRB5_CC_NOT_KTYPE, "No credentials found with supported encryption types"
+
+# errors for dual tgt library calls
+error_code KRB5_INVALID_FLAGS, "Invalid KDC option combination (library internal error)"
+error_code KRB5_NO_2ND_TKT, "Request missing second ticket"
+
+error_code KRB5_NOCREDS_SUPPLIED, "No credentials supplied to library routine"
+
+# errors for sendauth (and recvauth)
+
+error_code KRB5_SENDAUTH_BADAUTHVERS, "Bad sendauth version was sent"
+error_code KRB5_SENDAUTH_BADAPPLVERS, "Bad application version was sent (via sendauth)"
+error_code KRB5_SENDAUTH_BADRESPONSE, "Bad response (during sendauth exchange)"
+error_code KRB5_SENDAUTH_REJECTED, "Server rejected authentication (during sendauth exchange)"
+
+# errors for preauthentication
+
+error_code KRB5_PREAUTH_BAD_TYPE, "Unsupported preauthentication type"
+error_code KRB5_PREAUTH_NO_KEY, "Required preauthentication key not supplied"
+error_code KRB5_PREAUTH_FAILED, "Generic preauthentication failure"
+
+# version number errors
+
+error_code KRB5_RCACHE_BADVNO, "Unsupported replay cache format version number"
+error_code KRB5_CCACHE_BADVNO, "Unsupported credentials cache format version number"
+error_code KRB5_KEYTAB_BADVNO, "Unsupported key table format version number"
+
+#
+#
+
+error_code KRB5_PROG_ATYPE_NOSUPP, "Program lacks support for address type"
+error_code KRB5_RC_REQUIRED, "Message replay detection requires rcache parameter"
+error_code KRB5_ERR_BAD_HOSTNAME, "Hostname cannot be canonicalized"
+error_code KRB5_ERR_HOST_REALM_UNKNOWN, "Cannot determine realm for host"
+error_code KRB5_SNAME_UNSUPP_NAMETYPE, "Conversion to service principal undefined for name type"
+
+error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4"
+error_code KRB5_REALM_CANT_RESOLVE, "Cannot resolve KDC for requested realm"
+error_code KRB5_TKT_NOT_FORWARDABLE, "Requesting ticket can't get forwardable tickets"
+error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
+
+error_code KRB5_GET_IN_TKT_LOOP, "Looping detected inside krb5_get_in_tkt"
+error_code KRB5_CONFIG_NODEFREALM, "Configuration file does not specify default realm"
+
+error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata"
+error_code KRB5_SAM_INVALID_ETYPE, "Invalid encryption type in SAM challenge"
+error_code KRB5_SAM_NO_CHECKSUM, "Missing checksum in SAM challenge"
+error_code KRB5_SAM_BAD_CHECKSUM, "Bad checksum in SAM challenge"
+
+index 238
+error_code KRB5_OBSOLETE_FN, "Program called an obsolete, deleted function"
+
+index 245
+error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC"
+error_code KRB5_ERR_NO_SERVICE, "Service not available"
+error_code KRB5_CC_NOSUPP, "Credential cache function not supported"
+error_code KRB5_DELTAT_BADFORMAT, "Invalid format of Kerberos lifetime or clock skew string"
+
+end
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_expand_hostname.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_expand_hostname.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_expand_hostname.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,93 @@
+.\" Copyright (c) 2004 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_expand_hostname.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 5, 2006
+.Dt KRB5_EXPAND_HOSTNAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_expand_hostname ,
+.Nm krb5_expand_hostname_realms
+.Nd Kerberos 5 host name canonicalization functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fo krb5_expand_hostname
+.Fa "krb5_context context"
+.Fa "const char *orig_hostname"
+.Fa "char **new_hostname"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_expand_hostname_realms
+.Fa "krb5_context context"
+.Fa "const char *orig_hostname"
+.Fa "char **new_hostname"
+.Fa "char ***realms"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_expand_hostname
+tries to make
+.Fa orig_hostname
+into a more canonical one in the newly allocated space returned in
+.Fa new_hostname .
+Caller must free the hostname with
+.Xr free 3 .
+.Pp
+.Fn krb5_expand_hostname_realms
+expands
+.Fa orig_hostname
+to a name we believe to be a hostname in newly
+allocated space in
+.Fa new_hostname
+and return the realms
+.Fa new_hostname
+is belive to belong to in
+.Fa realms .
+.Fa Realms
+is a array terminated with
+.Dv NULL .
+Caller must free the
+.Fa realms
+with
+.Fn krb5_free_host_realm
+and
+.Fa new_hostname
+with
+.Xr free 3 .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_free_host_realm 3 ,
+.Xr krb5_get_host_realm 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_find_padata.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_find_padata.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_find_padata.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_find_padata.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd March 21, 2004
+.Dt KRB5_FIND_PADATA 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_find_padata ,
+.Nm krb5_padata_add
+.Nd Kerberos 5 pre-authentication data handling functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft "PA_DATA *"
+.Fo krb5_find_padata
+.Fa "PA_DATA *val"
+.Fa "unsigned len"
+.Fa "int type"
+.Fa "int *index"
+.Fc
+.Ft int
+.Fo krb5_padata_add
+.Fa "krb5_context context"
+.Fa "METHOD_DATA *md"
+.Fa "int type"
+.Fa "void *buf"
+.Fa "size_t len"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_find_padata
+tries to find the pre-authentication data entry of type
+.Fa type
+in the array
+.Fa val
+of length
+.Fa len .
+The search is started at entry pointed out by
+.Fa *index
+(zero based indexing).
+If the type isn't found,
+.Dv NULL
+is returned.
+.Pp
+.Fn krb5_padata_add
+adds a pre-authentication data entry of type
+.Fa type
+pointed out by
+.Fa buf
+and
+.Fa len
+to
+.Fa md .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_generate_random_block.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_generate_random_block.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_generate_random_block.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_generate_random_block.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd March 21, 2004
+.Dt KRB5_GENERATE_RANDOM_BLOCK 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_generate_random_block
+.Nd Kerberos 5 random functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft void
+.Fo krb5_generate_random_block
+.Fa "void *buf"
+.Fa "size_t len"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_generate_random_block
+generates a cryptographically strong pseudo-random block into the buffer
+.Fa buf
+of length
+.Fa len .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_all_client_addrs.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_all_client_addrs.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_all_client_addrs.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+.\" Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_all_client_addrs.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd July 1, 2001
+.Dt KRB5_GET_ADDRS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_all_client_addrs ,
+.Nm krb5_get_all_server_addrs
+.Nd return local addresses
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft "krb5_error_code"
+.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs"
+.Ft "krb5_error_code"
+.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs"
+.Sh DESCRIPTION
+These functions return in
+.Fa addrs
+a list of addresses associated with the local
+host.
+.Pp
+The server variant returns all configured interface addresses (if
+possible), including loop-back addresses. This is useful if you want
+to create sockets to listen to.
+.Pp
+The client version will also scan local interfaces (can be turned off
+by setting
+.Li libdefaults/scan_interfaces
+to false in
+.Pa krb5.conf ) ,
+but will not include loop-back addresses, unless there are no other
+addresses found. It will remove all addresses included in
+.Li libdefaults/ignore_addresses
+but will unconditionally include addresses in
+.Li libdefaults/extra_addresses .
+.Pp
+The returned addresses should be freed by calling
+.Fn krb5_free_addresses .
+.\".Sh EXAMPLE
+.Sh SEE ALSO
+.Xr krb5_free_addresses 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_credentials.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_credentials.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_credentials.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,208 @@
+.\" Copyright (c) 2004 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_credentials.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd July 26, 2004
+.Dt KRB5_GET_CREDENTIALS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_credentials ,
+.Nm krb5_get_credentials_with_flags ,
+.Nm krb5_get_cred_from_kdc ,
+.Nm krb5_get_cred_from_kdc_opt ,
+.Nm krb5_get_kdc_cred ,
+.Nm krb5_get_renewed_creds
+.Nd get credentials from the KDC using krbtgt
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_get_credentials
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_creds **out_creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_credentials_with_flags
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "krb5_kdc_flags flags"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_creds **out_creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_cred_from_kdc
+.Fa "krb5_context context"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_creds **out_creds"
+.Fa "krb5_creds ***ret_tgts"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_cred_from_kdc_opt
+.Fa "krb5_context context"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_creds **out_creds"
+.Fa "krb5_creds ***ret_tgts"
+.Fa "krb5_flags flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_kdc_cred
+.Fa "krb5_context context"
+.Fa "krb5_ccache id"
+.Fa "krb5_kdc_flags flags"
+.Fa "krb5_addresses *addresses"
+.Fa "Ticket *second_ticket"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_creds **out_creds"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_renewed_creds
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "krb5_const_principal client"
+.Fa "krb5_ccache ccache"
+.Fa "const char *in_tkt_service"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_get_credentials_with_flags
+get credentials specified by
+.Fa in_creds->server
+and
+.Fa in_creds->client
+(the rest of the
+.Fa in_creds
+structure is ignored)
+by first looking in the
+.Fa ccache
+and if doesn't exists or is expired, fetch the credential from the KDC
+using the krbtgt in
+.Fa ccache .
+The credential is returned in
+.Fa out_creds
+and should be freed using the function
+.Fn krb5_free_creds .
+.Pp
+Valid flags to pass into
+.Fa options
+argument are:
+.Pp
+.Bl -tag -width "KRB5_GC_USER_USER" -compact
+.It KRB5_GC_CACHED
+Only check the
+.Fa ccache ,
+don't got out on network to fetch credential.
+.It KRB5_GC_USER_USER
+Request a user to user ticket.
+This option doesn't store the resulting user to user credential in
+the
+.Fa ccache .
+.It KRB5_GC_EXPIRED_OK
+returns the credential even if it is expired, default behavior is trying
+to refetch the credential from the KDC.
+.El
+.Pp
+.Fa Flags
+are KDCOptions, note the caller must fill in the bit-field and not
+use the integer associated structure.
+.Pp
+.Fn krb5_get_credentials
+works the same way as
+.Fn krb5_get_credentials_with_flags
+except that the
+.Fa flags
+field is missing.
+.Pp
+.Fn krb5_get_cred_from_kdc
+and
+.Fn krb5_get_cred_from_kdc_opt
+fetches the credential from the KDC very much like
+.Fn krb5_get_credentials, but doesn't look in the
+.Fa ccache
+if the credential exists there first.
+.Pp
+.Fn krb5_get_kdc_cred
+does the same as the functions above, but the caller must fill in all
+the information andits closer to the wire protocol.
+.Pp
+.Fn krb5_get_renewed_creds
+renews a credential given by
+.Fa in_tkt_service
+(if
+.Dv NULL
+the default
+.Li krbtgt )
+using the credential cache
+.Fa ccache .
+The result is stored in
+.Fa creds
+and should be freed using
+.Fa krb5_free_creds .
+.Sh EXAMPLES
+Here is a example function that get a credential from a credential cache
+.Fa id
+or the KDC and returns it to the caller.
+.Bd -literal
+#include <krb5.h>
+
+int
+getcred(krb5_context context, krb5_ccache id, krb5_creds **creds)
+{
+ krb5_error_code ret;
+ krb5_creds in;
+
+ ret = krb5_parse_name(context, "client at EXAMPLE.COM",
+ &in.client);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_parse_name(context, "host/server.example.com at EXAMPLE.COM",
+ &in.server);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_get_credentials(context, 0, id, &in, creds);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_credentials");
+
+ return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_get_forwarded_creds 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_creds.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_creds.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_creds.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,173 @@
+.\" Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_creds.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd June 15, 2006
+.Dt KRB5_GET_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_creds ,
+.Nm krb5_get_creds_opt_add_options ,
+.Nm krb5_get_creds_opt_alloc ,
+.Nm krb5_get_creds_opt_free ,
+.Nm krb5_get_creds_opt_set_enctype ,
+.Nm krb5_get_creds_opt_set_impersonate ,
+.Nm krb5_get_creds_opt_set_options ,
+.Nm krb5_get_creds_opt_set_ticket
+.Nd get credentials from the KDC
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_get_creds
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_const_principal inprinc"
+.Fa "krb5_creds **out_creds"
+.Fc
+.Ft void
+.Fo krb5_get_creds_opt_add_options
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fa "krb5_flags options"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_creds_opt_alloc
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt *opt"
+.Fc
+.Ft void
+.Fo krb5_get_creds_opt_free
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fc
+.Ft void
+.Fo krb5_get_creds_opt_set_enctype
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fa "krb5_enctype enctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_creds_opt_set_impersonate
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fa "krb5_const_principal self"
+.Fc
+.Ft void
+.Fo krb5_get_creds_opt_set_options
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fa "krb5_flags options"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_creds_opt_set_ticket
+.Fa "krb5_context context"
+.Fa "krb5_get_creds_opt opt"
+.Fa "const Ticket *ticket"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_get_creds
+fetches credentials specified by
+.Fa opt
+by first looking in the
+.Fa ccache ,
+and then it doesn't exists, fetch the credential from the KDC
+using the krbtgts in
+.Fa ccache .
+The credential is returned in
+.Fa out_creds
+and should be freed using the function
+.Fn krb5_free_creds .
+.Pp
+The structure
+.Li krb5_get_creds_opt
+controls the behavior of
+.Fn krb5_get_creds .
+The structure is opaque to consumers that can set the content of the
+structure with accessors functions. All accessor functions make copies
+of the data that is passed into accessor functions, so external
+consumers free the memory before calling
+.Fn krb5_get_creds .
+.Pp
+The structure
+.Li krb5_get_creds_opt
+is allocated with
+.Fn krb5_get_creds_opt_alloc
+and freed with
+.Fn krb5_get_creds_opt_free .
+The free function also frees the content of the structure set by the
+accessor functions.
+.Pp
+.Fn krb5_get_creds_opt_add_options
+and
+.Fn krb5_get_creds_opt_set_options
+adds and sets options to the
+.Fi krb5_get_creds_opt
+structure .
+The possible options to set are
+.Bl -tag -width "KRB5_GC_USER_USER" -compact
+.It KRB5_GC_CACHED
+Only check the
+.Fa ccache ,
+don't got out on network to fetch credential.
+.It KRB5_GC_USER_USER
+request a user to user ticket.
+This options doesn't store the resulting user to user credential in
+the
+.Fa ccache .
+.It KRB5_GC_EXPIRED_OK
+returns the credential even if it is expired, default behavior is trying
+to refetch the credential from the KDC.
+.It KRB5_GC_NO_STORE
+Do not store the resulting credentials in the
+.Fa ccache .
+.El
+.Pp
+.Fn krb5_get_creds_opt_set_enctype
+sets the preferred encryption type of the application. Don't set this
+unless you have to since if there is no match in the KDC, the function
+call will fail.
+.Pp
+.Fn krb5_get_creds_opt_set_impersonate
+sets the principal to impersonate., Returns a ticket that have the
+impersonation principal as a client and the requestor as the
+service. Note that the requested principal have to be the same as the
+client principal in the krbtgt.
+.Pp
+.Fn krb5_get_creds_opt_set_ticket
+sets the extra ticket used in user-to-user or contrained delegation use case.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_get_credentials 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_forwarded_creds.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_forwarded_creds.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_forwarded_creds.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_forwarded_creds.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd July 26, 2004
+.Dt KRB5_GET_FORWARDED_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_forwarded_creds ,
+.Nm krb5_fwd_tgt_creds
+.Nd get forwarded credentials from the KDC
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_get_forwarded_creds
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_flags flags"
+.Fa "const char *hostname"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_data *out_data"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_fwd_tgt_creds
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "const char *hostname"
+.Fa "krb5_principal client"
+.Fa "krb5_principal server"
+.Fa "krb5_ccache ccache"
+.Fa "int forwardable"
+.Fa "krb5_data *out_data"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_get_forwarded_creds
+and
+.Fn krb5_fwd_tgt_creds
+get tickets forwarded to
+.Fa hostname.
+If the tickets that are forwarded are address-less, the forwarded
+tickets will also be address-less, otherwise
+.Fa hostname
+will be used for figure out the address to forward the ticket too.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_get_credentials 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_in_cred.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_in_cred.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_in_cred.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,274 @@
+.\" Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_in_cred.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 31, 2003
+.Dt KRB5_GET_IN_TKT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_in_tkt ,
+.Nm krb5_get_in_cred ,
+.Nm krb5_get_in_tkt_with_password ,
+.Nm krb5_get_in_tkt_with_keytab ,
+.Nm krb5_get_in_tkt_with_skey ,
+.Nm krb5_free_kdc_rep ,
+.Nm krb5_password_key_proc
+.Nd deprecated initial authentication functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fo krb5_get_in_tkt
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "const krb5_addresses *addrs"
+.Fa "const krb5_enctype *etypes"
+.Fa "const krb5_preauthtype *ptypes"
+.Fa "krb5_key_proc key_proc"
+.Fa "krb5_const_pointer keyseed"
+.Fa "krb5_decrypt_proc decrypt_proc"
+.Fa "krb5_const_pointer decryptarg"
+.Fa "krb5_creds *creds"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_kdc_rep *ret_as_reply"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_in_cred
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "const krb5_addresses *addrs"
+.Fa "const krb5_enctype *etypes"
+.Fa "const krb5_preauthtype *ptypes"
+.Fa "const krb5_preauthdata *preauth"
+.Fa "krb5_key_proc key_proc"
+.Fa "krb5_const_pointer keyseed"
+.Fa "krb5_decrypt_proc decrypt_proc"
+.Fa "krb5_const_pointer decryptarg"
+.Fa "krb5_creds *creds"
+.Fa "krb5_kdc_rep *ret_as_reply"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_in_tkt_with_password
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "krb5_addresses *addrs"
+.Fa "const krb5_enctype *etypes"
+.Fa "const krb5_preauthtype *pre_auth_types"
+.Fa "const char *password"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *creds"
+.Fa "krb5_kdc_rep *ret_as_reply"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_in_tkt_with_keytab
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "krb5_addresses *addrs"
+.Fa "const krb5_enctype *etypes"
+.Fa "const krb5_preauthtype *pre_auth_types"
+.Fa "krb5_keytab keytab"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *creds"
+.Fa "krb5_kdc_rep *ret_as_reply"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_in_tkt_with_skey
+.Fa "krb5_context context"
+.Fa "krb5_flags options"
+.Fa "krb5_addresses *addrs"
+.Fa "const krb5_enctype *etypes"
+.Fa "const krb5_preauthtype *pre_auth_types"
+.Fa "const krb5_keyblock *key"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_creds *creds"
+.Fa "krb5_kdc_rep *ret_as_reply"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_kdc_rep
+.Fa "krb5_context context"
+.Fa "krb5_kdc_rep *rep"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_password_key_proc
+.Fa "krb5_context context"
+.Fa "krb5_enctype type"
+.Fa "krb5_salt salt"
+.Fa "krb5_const_pointer keyseed"
+.Fa "krb5_keyblock **key"
+.Fc
+.Sh DESCRIPTION
+.Bf Em
+All the functions in this manual page are deprecated in the MIT
+implementation, and will soon be deprecated in Heimdal too, don't use them.
+.Ef
+.Pp
+Getting initial credential ticket for a principal.
+.Nm krb5_get_in_cred
+is the function all other krb5_get_in function uses to fetch tickets.
+The other krb5_get_in function are more specialized and therefor
+somewhat easier to use.
+.Pp
+If your need is only to verify a user and password, consider using
+.Xr krb5_verify_user 3
+instead, it have a much simpler interface.
+.Pp
+.Nm krb5_get_in_tkt
+and
+.Nm krb5_get_in_cred
+fetches initial credential, queries after key using the
+.Fa key_proc
+argument.
+The differences between the two function is that
+.Nm krb5_get_in_tkt
+stores the credential in a
+.Li krb5_creds
+while
+.Nm krb5_get_in_cred
+stores the credential in a
+.Li krb5_ccache .
+.Pp
+.Nm krb5_get_in_tkt_with_password ,
+.Nm krb5_get_in_tkt_with_keytab ,
+and
+.Nm krb5_get_in_tkt_with_skey
+does the same work as
+.Nm krb5_get_in_cred
+but are more specialized.
+.Pp
+.Nm krb5_get_in_tkt_with_password
+uses the clients password to authenticate.
+If the password argument is
+.DV NULL
+the user user queried with the default password query function.
+.Pp
+.Nm krb5_get_in_tkt_with_keytab
+searches the given keytab for a service entry for the client principal.
+If the keytab is
+.Dv NULL
+the default keytab is used.
+.Pp
+.Nm krb5_get_in_tkt_with_skey
+uses a key to get the initial credential.
+.Pp
+There are some common arguments to the krb5_get_in functions, these are:
+.Pp
+.Fa options
+are the
+.Dv KDC_OPT
+flags.
+.Pp
+.Fa etypes
+is a
+.Dv NULL
+terminated array of encryption types that the client approves.
+.Pp
+.Fa addrs
+a list of the addresses that the initial ticket.
+If it is
+.Dv NULL
+the list will be generated by the library.
+.Pp
+.Fa pre_auth_types
+a
+.Dv NULL
+terminated array of pre-authentication types.
+If
+.Fa pre_auth_types
+is
+.Dv NULL
+the function will try without pre-authentication and return those
+pre-authentication that the KDC returned.
+.Pp
+.Fa ret_as_reply
+will (if not
+.Dv NULL )
+be filled in with the response of the KDC and should be free with
+.Fn krb5_free_kdc_rep .
+.Pp
+.Fa key_proc
+is a pointer to a function that should return a key salted appropriately.
+Using
+.Dv NULL
+will use the default password query function.
+.Pp
+.Fa decrypt_proc
+Using
+.Dv NULL
+will use the default decryption function.
+.Pp
+.Fa decryptarg
+will be passed to the decryption function
+.Fa decrypt_proc .
+.Pp
+.Fa creds
+creds should be filled in with the template for a credential that
+should be requested.
+The client and server elements of the creds structure must be filled in.
+Upon return of the function it will be contain the content of the
+requested credential
+.Fa ( krb5_get_in_cred ) ,
+or it will be freed with
+.Xr krb5_free_creds 3
+(all the other krb5_get_in functions).
+.Pp
+.Fa ccache
+will store the credential in the credential cache
+.Fa ccache .
+The credential cache will not be initialized, thats up the the caller.
+.Pp
+.Nm krb5_password_key_proc
+is a library function that is suitable using as the
+.Fa krb5_key_proc
+argument to
+.Nm krb5_get_in_cred
+or
+.Nm krb5_get_in_tkt .
+.Fa keyseed
+should be a pointer to a
+.Dv NUL
+terminated string or
+.Dv NULL .
+.Nm krb5_password_key_proc
+will query the user for the pass on the console if the password isn't
+given as the argument
+.Fa keyseed .
+.Pp
+.Fn krb5_free_kdc_rep
+frees the content of
+.Fa rep .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_verify_user 3 ,
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_init_creds.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_init_creds.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_init_creds.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,398 @@
+.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_init_creds.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd Sep 16, 2006
+.Dt KRB5_GET_INIT_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_init_creds ,
+.Nm krb5_get_init_creds_keytab ,
+.Nm krb5_get_init_creds_opt ,
+.Nm krb5_get_init_creds_opt_alloc ,
+.Nm krb5_get_init_creds_opt_free ,
+.Nm krb5_get_init_creds_opt_init ,
+.Nm krb5_get_init_creds_opt_set_address_list ,
+.Nm krb5_get_init_creds_opt_set_addressless ,
+.Nm krb5_get_init_creds_opt_set_anonymous ,
+.Nm krb5_get_init_creds_opt_set_default_flags ,
+.Nm krb5_get_init_creds_opt_set_etype_list ,
+.Nm krb5_get_init_creds_opt_set_forwardable ,
+.Nm krb5_get_init_creds_opt_set_pa_password ,
+.Nm krb5_get_init_creds_opt_set_paq_request ,
+.Nm krb5_get_init_creds_opt_set_preauth_list ,
+.Nm krb5_get_init_creds_opt_set_proxiable ,
+.Nm krb5_get_init_creds_opt_set_renew_life ,
+.Nm krb5_get_init_creds_opt_set_salt ,
+.Nm krb5_get_init_creds_opt_set_tkt_life ,
+.Nm krb5_get_init_creds_opt_set_canonicalize ,
+.Nm krb5_get_init_creds_opt_set_win2k ,
+.Nm krb5_get_init_creds_password ,
+.Nm krb5_prompt ,
+.Nm krb5_prompter_posix
+.Nd Kerberos 5 initial authentication functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_get_init_creds_opt;
+.Pp
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_opt_alloc
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt **opt"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_free
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_init
+.Fa "krb5_get_init_creds_opt *opt"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_address_list
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_addressless
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_boolean addressless"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_anonymous
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "int anonymous"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_default_flags
+.Fa "krb5_context context"
+.Fa "const char *appname"
+.Fa "krb5_const_realm realm"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_etype_list
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_enctype *etype_list"
+.Fa "int etype_list_length"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_forwardable
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "int forwardable"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_opt_set_pa_password
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "const char *password"
+.Fa "krb5_s2k_proc key_proc"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_opt_set_paq_request
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_boolean req_pac"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_opt_set_pkinit
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "const char *cert_file"
+.Fa "const char *key_file"
+.Fa "const char *x509_anchors"
+.Fa "int flags"
+.Fa "char *password"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_preauth_list
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_preauthtype *preauth_list"
+.Fa "int preauth_list_length"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_proxiable
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "int proxiable"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_renew_life
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_deltat renew_life"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_salt
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_data *salt"
+.Fc
+.Ft void
+.Fo krb5_get_init_creds_opt_set_tkt_life
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_deltat tkt_life"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_opt_set_canonicalize
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_boolean req"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_opt_set_win2k
+.Fa "krb5_context context"
+.Fa "krb5_get_init_creds_opt *opt"
+.Fa "krb5_boolean req"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "krb5_principal client"
+.Fa "krb5_prompter_fct prompter"
+.Fa "void *prompter_data"
+.Fa "krb5_deltat start_time"
+.Fa "const char *in_tkt_service"
+.Fa "krb5_get_init_creds_opt *options"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_password
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "krb5_principal client"
+.Fa "const char *password"
+.Fa "krb5_prompter_fct prompter"
+.Fa "void *prompter_data"
+.Fa "krb5_deltat start_time"
+.Fa "const char *in_tkt_service"
+.Fa "krb5_get_init_creds_opt *in_options"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_init_creds_keytab
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "krb5_principal client"
+.Fa "krb5_keytab keytab"
+.Fa "krb5_deltat start_time"
+.Fa "const char *in_tkt_service"
+.Fa "krb5_get_init_creds_opt *options"
+.Fc
+.Ft int
+.Fo krb5_prompter_posix
+.Fa "krb5_context context"
+.Fa "void *data"
+.Fa "const char *name"
+.Fa "const char *banner"
+.Fa "int num_prompts"
+.Fa "krb5_prompt prompts[]"
+.Fc
+.Sh DESCRIPTION
+Getting initial credential ticket for a principal.
+That may include changing an expired password, and doing preauthentication.
+This interface that replaces the deprecated
+.Fa krb5_in_tkt
+and
+.Fa krb5_in_cred
+functions.
+.Pp
+If you only want to verify a username and password, consider using
+.Xr krb5_verify_user 3
+instead, since it also verifies that initial credentials with using a
+keytab to make sure the response was from the KDC.
+.Pp
+First a
+.Li krb5_get_init_creds_opt
+structure is initialized
+with
+.Fn krb5_get_init_creds_opt_alloc
+or
+.Fn krb5_get_init_creds_opt_init .
+.Fn krb5_get_init_creds_opt_alloc
+allocates a extendible structures that needs to be freed with
+.Fn krb5_get_init_creds_opt_free .
+The structure may be modified by any of the
+.Fn krb5_get_init_creds_opt_set
+functions to change request parameters and authentication information.
+.Pp
+If the caller want to use the default options,
+.Dv NULL
+can be passed instead.
+.Pp
+The the actual request to the KDC is done by any of the
+.Fn krb5_get_init_creds ,
+.Fn krb5_get_init_creds_password ,
+or
+.Fn krb5_get_init_creds_keytab
+functions.
+.Fn krb5_get_init_creds
+is the least specialized function and can, with the right in data,
+behave like the latter two.
+The latter two are there for compatibility with older releases and
+they are slightly easier to use.
+.Pp
+.Li krb5_prompt
+is a structure containing the following elements:
+.Bd -literal
+typedef struct {
+ const char *prompt;
+ int hidden;
+ krb5_data *reply;
+ krb5_prompt_type type
+} krb5_prompt;
+.Ed
+.Pp
+.Fa prompt
+is the prompt that should shown to the user
+If
+.Fa hidden
+is set, the prompter function shouldn't echo the output to the display
+device.
+.Fa reply
+must be preallocated; it will not be allocated by the prompter
+function.
+Possible values for the
+.Fa type
+element are:
+.Pp
+.Bl -tag -width Ds -compact -offset indent
+.It KRB5_PROMPT_TYPE_PASSWORD
+.It KRB5_PROMPT_TYPE_NEW_PASSWORD
+.It KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
+.It KRB5_PROMPT_TYPE_PREAUTH
+.It KRB5_PROMPT_TYPE_INFO
+.El
+.Pp
+.Fn krb5_prompter_posix
+is the default prompter function in a POSIX environment.
+It matches the
+.Fa krb5_prompter_fct
+and can be used in the
+.Fa krb5_get_init_creds
+functions.
+.Fn krb5_prompter_posix
+doesn't require
+.Fa prompter_data.
+.Pp
+If the
+.Fa start_time
+is zero, then the requested ticket will be valid
+beginning immediately.
+Otherwise, the
+.Fa start_time
+indicates how far in the future the ticket should be postdated.
+.Pp
+If the
+.Fa in_tkt_service
+name is
+.Dv non-NULL ,
+that principal name will be
+used as the server name for the initial ticket request.
+The realm of the name specified will be ignored and will be set to the
+realm of the client name.
+If no in_tkt_service name is specified,
+krbtgt/CLIENT-REALM at CLIENT-REALM will be used.
+.Pp
+For the rest of arguments, a configuration or library default will be
+used if no value is specified in the options structure.
+.Pp
+.Fn krb5_get_init_creds_opt_set_address_list
+sets the list of
+.Fa addresses
+that is should be stored in the ticket.
+.Pp
+.Fn krb5_get_init_creds_opt_set_addressless
+controls if the ticket is requested with addresses or not,
+.Fn krb5_get_init_creds_opt_set_address_list
+overrides this option.
+.Pp
+.Fn krb5_get_init_creds_opt_set_anonymous
+make the request anonymous if the
+.Fa anonymous
+parameter is non-zero.
+.Pp
+.Fn krb5_get_init_creds_opt_set_default_flags
+sets the default flags using the configuration file.
+.Pp
+.Fn krb5_get_init_creds_opt_set_etype_list
+set a list of enctypes that the client is willing to support in the
+request.
+.Pp
+.Fn krb5_get_init_creds_opt_set_forwardable
+request a forwardable ticket.
+.Pp
+.Fn krb5_get_init_creds_opt_set_pa_password
+set the
+.Fa password
+and
+.Fa key_proc
+that is going to be used to get a new ticket.
+.Fa password
+or
+.Fa key_proc
+can be
+.Dv NULL
+if the caller wants to use the default values.
+If the
+.Fa password
+is unset and needed, the user will be prompted for it.
+.Pp
+.Fn krb5_get_init_creds_opt_set_paq_request
+sets the password that is going to be used to get a new ticket.
+.Pp
+.Fn krb5_get_init_creds_opt_set_preauth_list
+sets the list of client-supported preauth types.
+.Pp
+.Fn krb5_get_init_creds_opt_set_proxiable
+makes the request proxiable.
+.Pp
+.Fn krb5_get_init_creds_opt_set_renew_life
+sets the requested renewable lifetime.
+.Pp
+.Fn krb5_get_init_creds_opt_set_salt
+sets the salt that is going to be used in the request.
+.Pp
+.Fn krb5_get_init_creds_opt_set_tkt_life
+sets requested ticket lifetime.
+.Pp
+.Fn krb5_get_init_creds_opt_set_canonicalize
+requests that the KDC canonicalize the client pricipal if possible.
+.Pp
+.Fn krb5_get_init_creds_opt_set_win2k
+turns on compatibility with Windows 2000.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_creds 3 ,
+.Xr krb5_verify_user 3 ,
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_get_krbhst.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_get_krbhst.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_get_krbhst.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,86 @@
+.\" Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_get_krbhst.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd April 24, 2005
+.Dt KRB5_GET_KRBHST 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_krbhst ,
+.Nm krb5_get_krb_admin_hst ,
+.Nm krb5_get_krb_changepw_hst ,
+.Nm krb5_get_krb524hst ,
+.Nm krb5_free_krbhst
+.Nd lookup Kerberos KDC hosts
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
+.Ft krb5_error_code
+.Fn krb5_get_krb_admin_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
+.Ft krb5_error_code
+.Fn krb5_get_krb_changepw_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
+.Ft krb5_error_code
+.Fn krb5_get_krb524hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist"
+.Ft krb5_error_code
+.Fn krb5_free_krbhst "krb5_context context" "char **hostlist"
+.Sh DESCRIPTION
+These functions implement the old API to get a list of Kerberos hosts,
+and are thus similar to the
+.Fn krb5_krbhst_init
+functions. However, since these functions returns
+.Em all
+hosts in one go, they potentially have to do more lookups than
+necessary. These functions remain for compatibility reasons.
+.Pp
+After a call to one of these functions,
+.Fa hostlist
+is a
+.Dv NULL
+terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with
+.Fn krb5_free_krbhst
+when done with.
+.Sh EXAMPLES
+The following code will print the KDCs of the realm
+.Dq MY.REALM .
+.Bd -literal -offset indent
+char **hosts, **p;
+krb5_get_krbhst(context, "MY.REALM", &hosts);
+for(p = hosts; *p; p++)
+ printf("%s\\n", *p);
+krb5_free_krbhst(context, hosts);
+.Ed
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr krb5_krbhst_init 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_getportbyname.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_getportbyname.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_getportbyname.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_getportbyname.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd August 15, 2004
+.Dt NAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_getportbyname
+.Nd get port number by name
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft int
+.Fo krb5_getportbyname
+.Fa "krb5_context context"
+.Fa "const char *service"
+.Fa "const char *proto"
+.Fa "int default_port"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_getportbyname
+gets the port number for
+.Fa service /
+.Fa proto
+pair from the global service table for and returns it in network order.
+If it isn't found in the global table, the
+.Fa default_port
+(given in host order)
+is returned.
+.Sh EXAMPLE
+.Bd -literal
+int port = krb5_getportbyname(context, "kerberos", "tcp", 88);
+.Ed
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr krb5 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_init_context.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_init_context.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_init_context.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,308 @@
+.\" Copyright (c) 2001 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_init_context.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd December 8, 2004
+.Dt KRB5_CONTEXT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_add_et_list ,
+.Nm krb5_add_extra_addresses ,
+.Nm krb5_add_ignore_addresses ,
+.Nm krb5_context ,
+.Nm krb5_free_config_files ,
+.Nm krb5_free_context ,
+.Nm krb5_get_default_config_files ,
+.Nm krb5_get_dns_canonize_hostname ,
+.Nm krb5_get_extra_addresses ,
+.Nm krb5_get_fcache_version ,
+.Nm krb5_get_ignore_addresses ,
+.Nm krb5_get_kdc_sec_offset ,
+.Nm krb5_get_max_time_skew ,
+.Nm krb5_get_use_admin_kdc
+.Nm krb5_init_context ,
+.Nm krb5_init_ets ,
+.Nm krb5_prepend_config_files ,
+.Nm krb5_prepend_config_files_default ,
+.Nm krb5_set_config_files ,
+.Nm krb5_set_dns_canonize_hostname ,
+.Nm krb5_set_extra_addresses ,
+.Nm krb5_set_fcache_version ,
+.Nm krb5_set_ignore_addresses ,
+.Nm krb5_set_max_time_skew ,
+.Nm krb5_set_use_admin_kdc ,
+.Nd create, modify and delete krb5_context structures
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "struct krb5_context;"
+.Pp
+.Ft krb5_error_code
+.Fo krb5_init_context
+.Fa "krb5_context *context"
+.Fc
+.Ft void
+.Fo krb5_free_context
+.Fa "krb5_context context"
+.Fc
+.Ft void
+.Fo krb5_init_ets
+.Fa "krb5_context context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_add_et_list
+.Fa "krb5_context context"
+.Fa "void (*func)(struct et_list **)"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_add_extra_addresses
+.Fa "krb5_context context"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_extra_addresses
+.Fa "krb5_context context"
+.Fa "const krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_extra_addresses
+.Fa "krb5_context context"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_add_ignore_addresses
+.Fa "krb5_context context"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_ignore_addresses
+.Fa "krb5_context context"
+.Fa "const krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_ignore_addresses
+.Fa "krb5_context context"
+.Fa "krb5_addresses *addresses"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_fcache_version
+.Fa "krb5_context context"
+.Fa "int version"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_fcache_version
+.Fa "krb5_context context"
+.Fa "int *version"
+.Fc
+.Ft void
+.Fo krb5_set_dns_canonize_hostname
+.Fa "krb5_context context"
+.Fa "krb5_boolean flag"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_get_dns_canonize_hostname
+.Fa "krb5_context context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_kdc_sec_offset
+.Fa "krb5_context context"
+.Fa "int32_t *sec"
+.Fa "int32_t *usec"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_config_files
+.Fa "krb5_context context"
+.Fa "char **filenames"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_prepend_config_files
+.Fa "const char *filelist"
+.Fa "char **pq"
+.Fa "char ***ret_pp"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_prepend_config_files_default
+.Fa "const char *filelist"
+.Fa "char ***pfilenames"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_default_config_files
+.Fa "char ***pfilenames"
+.Fc
+.Ft void
+.Fo krb5_free_config_files
+.Fa "char **filenames"
+.Fc
+.Ft void
+.Fo krb5_set_use_admin_kdc
+.Fa "krb5_context context"
+.Fa "krb5_boolean flag"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_get_use_admin_kdc
+.Fa "krb5_context context"
+.Fc
+.Ft time_t
+.Fo krb5_get_max_time_skew
+.Fa "krb5_context context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_max_time_skew
+.Fa "krb5_context context"
+.Fa "time_t time"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn krb5_init_context
+function initializes the
+.Fa context
+structure and reads the configuration file
+.Pa /etc/krb5.conf .
+.Pp
+The structure should be freed by calling
+.Fn krb5_free_context
+when it is no longer being used.
+.Pp
+.Fn krb5_init_context
+returns 0 to indicate success.
+Otherwise an errno code is returned.
+Failure means either that something bad happened during initialization
+(typically
+.Bq ENOMEM )
+or that Kerberos should not be used
+.Bq ENXIO .
+.Pp
+.Fn krb5_init_ets
+adds all
+.Xr com_err 3
+libs to
+.Fa context .
+This is done by
+.Fn krb5_init_context .
+.Pp
+.Fn krb5_add_et_list
+adds a
+.Xr com_err 3
+error-code handler
+.Fa func
+to the specified
+.Fa context .
+The error handler must generated by the the re-rentrant version of the
+.Xr compile_et 3
+program.
+.Fn krb5_add_extra_addresses
+add a list of addresses that should be added when requesting tickets.
+.Pp
+.Fn krb5_add_ignore_addresses
+add a list of addresses that should be ignored when requesting tickets.
+.Pp
+.Fn krb5_get_extra_addresses
+get the list of addresses that should be added when requesting tickets.
+.Pp
+.Fn krb5_get_ignore_addresses
+get the list of addresses that should be ignored when requesting tickets.
+.Pp
+.Fn krb5_set_ignore_addresses
+set the list of addresses that should be ignored when requesting tickets.
+.Pp
+.Fn krb5_set_extra_addresses
+set the list of addresses that should be added when requesting tickets.
+.Pp
+.Fn krb5_set_fcache_version
+sets the version of file credentials caches that should be used.
+.Pp
+.Fn krb5_get_fcache_version
+gets the version of file credentials caches that should be used.
+.Pp
+.Fn krb5_set_dns_canonize_hostname
+sets if the context is configured to canonicalize hostnames using DNS.
+.Pp
+.Fn krb5_get_dns_canonize_hostname
+returns if the context is configured to canonicalize hostnames using DNS.
+.Pp
+.Fn krb5_get_kdc_sec_offset
+returns the offset between the localtime and the KDC's time.
+.Fa sec
+and
+.Fa usec
+are both optional argument and
+.Dv NULL
+can be passed in.
+.Pp
+.Fn krb5_set_config_files
+set the list of configuration files to use and re-initialize the
+configuration from the files.
+.Pp
+.Fn krb5_prepend_config_files
+parse the
+.Fa filelist
+and prepend the result to the already existing list
+.Fa pq
+The result is returned in
+.Fa ret_pp
+and should be freed with
+.Fn krb5_free_config_files .
+.Pp
+.Fn krb5_prepend_config_files_default
+parse the
+.Fa filelist
+and append that to the default
+list of configuration files.
+.Pp
+.Fn krb5_get_default_config_files
+get a list of default configuration files.
+.Pp
+.Fn krb5_free_config_files
+free a list of configuration files returned by
+.Fn krb5_get_default_config_files ,
+.Fn krb5_prepend_config_files_default ,
+or
+.Fn krb5_prepend_config_files .
+.Pp
+.Fn krb5_set_use_admin_kdc
+sets if all KDC requests should go admin KDC.
+.Pp
+.Fn krb5_get_use_admin_kdc
+gets if all KDC requests should go admin KDC.
+.Pp
+.Fn krb5_get_max_time_skew
+and
+.Fn krb5_set_max_time_skew
+get and sets the maximum allowed time skew between client and server.
+.Sh SEE ALSO
+.Xr errno 2 ,
+.Xr krb5 3 ,
+.Xr krb5_config 3 ,
+.Xr krb5_context 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_is_thread_safe.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_is_thread_safe.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_is_thread_safe.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+.\" Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_is_thread_safe.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 5, 2006
+.Dt KRB5_IS_THREAD_SAFE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_is_thread_safe
+.Nd "is the Kerberos library compiled with multithread support"
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_boolean
+.Fn krb5_is_thread_safe "void"
+.Sh DESCRIPTION
+.Nm
+returns
+.Dv TRUE
+if the library was compiled with with multithread support.
+If the library isn't compiled, the consumer have to use a global lock
+to make sure Kerboros functions are not called at the same time by
+diffrent threads.
+.\" .Sh EXAMPLE
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr krb5_create_checksum 3 ,
+.Xr krb5_encrypt 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_keyblock.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_keyblock.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_keyblock.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,218 @@
+.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_keyblock.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_KEYBLOCK 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_keyblock ,
+.Nm krb5_keyblock_get_enctype ,
+.Nm krb5_copy_keyblock ,
+.Nm krb5_copy_keyblock_contents ,
+.Nm krb5_free_keyblock ,
+.Nm krb5_free_keyblock_contents ,
+.Nm krb5_generate_random_keyblock ,
+.Nm krb5_generate_subkey ,
+.Nm krb5_generate_subkey_extended ,
+.Nm krb5_keyblock_init ,
+.Nm krb5_keyblock_zero ,
+.Nm krb5_random_to_key
+.Nd Kerberos 5 key handling functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li krb5_keyblock ;
+.Ft krb5_enctype
+.Fo krb5_keyblock_get_enctype
+.Fa "const krb5_keyblock *block"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_keyblock
+.Fa "krb5_context context"
+.Fa "krb5_keyblock **to"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_keyblock_contents
+.Fa "krb5_context context"
+.Fa "const krb5_keyblock *inblock"
+.Fa "krb5_keyblock *to"
+.Fc
+.Ft void
+.Fo krb5_free_keyblock
+.Fa "krb5_context context"
+.Fa "krb5_keyblock *keyblock"
+.Fc
+.Ft void
+.Fo krb5_free_keyblock_contents
+.Fa "krb5_context context"
+.Fa "krb5_keyblock *keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_generate_random_keyblock
+.Fa "krb5_context context"
+.Fa "krb5_enctype type"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_generate_subkey
+.Fa "krb5_context context"
+.Fa "const krb5_keyblock *key"
+.Fa "krb5_keyblock **subkey"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_generate_subkey_extended
+.Fa "krb5_context context"
+.Fa "const krb5_keyblock *key"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keyblock **subkey"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_keyblock_init
+.Fa "krb5_context context"
+.Fa "krb5_enctype type"
+.Fa "const void *data"
+.Fa "size_t size"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft void
+.Fo krb5_keyblock_zero
+.Fa "krb5_keyblock *keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_random_to_key
+.Fa "krb5_context context"
+.Fa "krb5_enctype type"
+.Fa "const void *data"
+.Fa "size_t size"
+.Fa "krb5_keyblock *key"
+.Fc
+.Sh DESCRIPTION
+.Li krb5_keyblock
+holds the encryption key for a specific encryption type.
+There is no component inside
+.Li krb5_keyblock
+that is directly referable.
+.Pp
+.Fn krb5_keyblock_get_enctype
+returns the encryption type of the keyblock.
+.Pp
+.Fn krb5_copy_keyblock
+makes a copy the keyblock
+.Fa inblock
+to the
+output
+.Fa out .
+.Fa out
+should be freed by the caller with
+.Fa krb5_free_keyblock .
+.Pp
+.Fn krb5_copy_keyblock_contents
+copies the contents of
+.Fa inblock
+to the
+.Fa to
+keyblock.
+The destination keyblock is overritten.
+.Pp
+.Fn krb5_free_keyblock
+zeros out and frees the content and the keyblock itself.
+.Pp
+.Fn krb5_free_keyblock_contents
+zeros out and frees the content of the keyblock.
+.Pp
+.Fn krb5_generate_random_keyblock
+creates a new content of the keyblock
+.Fa key
+of type encrytion type
+.Fa type .
+The content of
+.Fa key
+is overwritten and not freed, so the caller should be sure it is
+freed before calling the function.
+.Pp
+.Fn krb5_generate_subkey
+generates a
+.Fa subkey
+of the same type as
+.Fa key .
+The caller must free the subkey with
+.Fa krb5_free_keyblock .
+.Pp
+.Fn krb5_generate_subkey_extended
+generates a
+.Fa subkey
+of the specified encryption type
+.Fa type .
+If
+.Fa type
+is
+.Dv ETYPE_NULL ,
+of the same type as
+.Fa key .
+The caller must free the subkey with
+.Fa krb5_free_keyblock .
+.Pp
+.Fn krb5_keyblock_init
+Fill in
+.Fa key
+with key data of type
+.Fa enctype
+from
+.Fa data
+of length
+.Fa size .
+Key should be freed using
+.Fn krb5_free_keyblock_contents .
+.Pp
+.Fn krb5_keyblock_zero
+zeros out the keyblock to to make sure no keymaterial is in
+memory.
+Note that
+.Fn krb5_free_keyblock_contents
+also zeros out the memory.
+.Pp
+.Fn krb5_random_to_key
+converts the random bytestring to a protocol key according to Kerberos
+crypto frame work.
+It the resulting key will be of type
+.Fa enctype .
+It may be assumed that all the bits of the input string are equally
+random, even though the entropy present in the random source may be
+limited
+.\" .Sh EXAMPLES
+.Sh SEE ALSO
+.Xr krb5_crypto_init 3 ,
+.Xr krb5 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_keytab.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_keytab.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_keytab.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,482 @@
+.\" Copyright (c) 2001 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_keytab.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd August 12, 2005
+.Dt KRB5_KEYTAB 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_kt_ops ,
+.Nm krb5_keytab_entry ,
+.Nm krb5_kt_cursor ,
+.Nm krb5_kt_add_entry ,
+.Nm krb5_kt_close ,
+.Nm krb5_kt_compare ,
+.Nm krb5_kt_copy_entry_contents ,
+.Nm krb5_kt_default ,
+.Nm krb5_kt_default_modify_name ,
+.Nm krb5_kt_default_name ,
+.Nm krb5_kt_end_seq_get ,
+.Nm krb5_kt_free_entry ,
+.Nm krb5_kt_get_entry ,
+.Nm krb5_kt_get_name ,
+.Nm krb5_kt_get_type ,
+.Nm krb5_kt_next_entry ,
+.Nm krb5_kt_read_service_key ,
+.Nm krb5_kt_register ,
+.Nm krb5_kt_remove_entry ,
+.Nm krb5_kt_resolve ,
+.Nm krb5_kt_start_seq_get
+.Nd manage keytab (key storage) files
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fo krb5_kt_add_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_close
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fc
+.Ft krb5_boolean
+.Fo krb5_kt_compare
+.Fa "krb5_context context"
+.Fa "krb5_keytab_entry *entry"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_kvno vno"
+.Fa "krb5_enctype enctype"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_copy_entry_contents
+.Fa "krb5_context context"
+.Fa "const krb5_keytab_entry *in"
+.Fa "krb5_keytab_entry *out"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default
+.Fa "krb5_context context"
+.Fa "krb5_keytab *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default_modify_name
+.Fa "krb5_context context"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_default_name
+.Fa "krb5_context context"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_end_seq_get
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_free_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_kvno kvno"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_name
+.Fa "krb5_context context"
+.Fa "krb5_keytab keytab"
+.Fa "char *name"
+.Fa "size_t namesize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_get_type
+.Fa "krb5_context context"
+.Fa "krb5_keytab keytab"
+.Fa "char *prefix"
+.Fa "size_t prefixsize"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_next_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_read_service_key
+.Fa "krb5_context context"
+.Fa "krb5_pointer keyprocarg"
+.Fa "krb5_principal principal"
+.Fa "krb5_kvno vno"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_keyblock **key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_register
+.Fa "krb5_context context"
+.Fa "const krb5_kt_ops *ops"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_remove_entry
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_keytab_entry *entry"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_resolve
+.Fa "krb5_context context"
+.Fa "const char *name"
+.Fa "krb5_keytab *id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_kt_start_seq_get
+.Fa "krb5_context context"
+.Fa "krb5_keytab id"
+.Fa "krb5_kt_cursor *cursor"
+.Fc
+.Sh DESCRIPTION
+A keytab name is on the form
+.Li type:residual .
+The
+.Li residual
+part is specific to each keytab-type.
+.Pp
+When a keytab-name is resolved, the type is matched with an internal
+list of keytab types. If there is no matching keytab type,
+the default keytab is used. The current default type is
+.Nm file .
+The default value can be changed in the configuration file
+.Pa /etc/krb5.conf
+by setting the variable
+.Li [defaults]default_keytab_name .
+.Pp
+The keytab types that are implemented in Heimdal
+are:
+.Bl -tag -width Ds
+.It Nm file
+store the keytab in a file, the type's name is
+.Li FILE .
+The residual part is a filename.
+For compatibility with other Kerberos implemtation
+.Li WRFILE
+and
+.LI JAVA14
+is also accepted.
+.Li WRFILE
+has the same format as
+.Li FILE .
+.Li JAVA14
+have a format that is compatible with older versions of MIT kerberos
+and SUN's Java based installation. They store a truncted kvno, so
+when the knvo excess 255, they are truncted in this format.
+.It Nm keyfile
+store the keytab in a
+.Li AFS
+keyfile (usually
+.Pa /usr/afs/etc/KeyFile ) ,
+the type's name is
+.Li AFSKEYFILE .
+The residual part is a filename.
+.It Nm krb4
+the keytab is a Kerberos 4
+.Pa srvtab
+that is on-the-fly converted to a keytab. The type's name is
+.Li krb4 .
+The residual part is a filename.
+.It Nm memory
+The keytab is stored in a memory segment. This allows sensitive and/or
+temporary data not to be stored on disk. The type's name is
+.Li MEMORY .
+Each
+.Li MEMORY
+keytab is referenced counted by and opened by the residual name, so two
+handles can point to the same memory area.
+When the last user closes the entry, it disappears.
+.El
+.Pp
+.Nm krb5_keytab_entry
+holds all data for an entry in a keytab file, like principal name,
+key-type, key, key-version number, etc.
+.Nm krb5_kt_cursor
+holds the current position that is used when iterating through a
+keytab entry with
+.Fn krb5_kt_start_seq_get ,
+.Fn krb5_kt_next_entry ,
+and
+.Fn krb5_kt_end_seq_get .
+.Pp
+.Nm krb5_kt_ops
+contains the different operations that can be done to a keytab. This
+structure is normally only used when doing a new keytab-type
+implementation.
+.Pp
+.Fn krb5_kt_resolve
+is the equivalent of an
+.Xr open 2
+on keytab. Resolve the keytab name in
+.Fa name
+into a keytab in
+.Fa id .
+Returns 0 or an error. The opposite of
+.Fn krb5_kt_resolve
+is
+.Fn krb5_kt_close .
+.Pp
+.Fn krb5_kt_close
+frees all resources allocated to the keytab, even on failure.
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_default
+sets the argument
+.Fa id
+to the default keytab.
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_default_modify_name
+copies the name of the default modify keytab into
+.Fa name .
+Return 0 or KRB5_CONFIG_NOTENUFSPACE if
+.Fa namesize
+is too short.
+.Pp
+.Fn krb5_kt_default_name
+copies the name of the default keytab into
+.Fa name .
+Return 0 or KRB5_CONFIG_NOTENUFSPACE if
+.Fa namesize
+is too short.
+.Pp
+.Fn krb5_kt_add_entry
+adds a new
+.Fa entry
+to the keytab
+.Fa id .
+.Li KRB5_KT_NOWRITE
+is returned if the keytab is a readonly keytab.
+.Pp
+.Fn krb5_kt_compare
+compares the passed in
+.Fa entry
+against
+.Fa principal ,
+.Fa vno ,
+and
+.Fa enctype .
+Any of
+.Fa principal ,
+.Fa vno
+or
+.Fa enctype
+might be 0 which acts as a wildcard. Return TRUE if they compare the
+same, FALSE otherwise.
+.Pp
+.Fn krb5_kt_copy_entry_contents
+copies the contents of
+.Fa in
+into
+.Fa out .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_get_name
+retrieves the name of the keytab
+.Fa keytab
+into
+.Fa name ,
+.Fa namesize .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_get_type
+retrieves the type of the keytab
+.Fa keytab
+and store the prefix/name for type of the keytab into
+.Fa prefix ,
+.Fa prefixsize .
+The prefix will have the maximum length of
+.Dv KRB5_KT_PREFIX_MAX_LEN
+(including terminating
+.Dv NUL ) .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_free_entry
+frees the contents of
+.Fa entry .
+.Pp
+.Fn krb5_kt_start_seq_get
+sets
+.Fa cursor
+to point at the beginning of
+.Fa id .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_next_entry
+gets the next entry from
+.Fa id
+pointed to by
+.Fa cursor
+and advance the
+.Fa cursor .
+On success the returne entry must be freed with
+.Fn krb5_kt_free_entry .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_end_seq_get
+releases all resources associated with
+.Fa cursor .
+.Pp
+.Fn krb5_kt_get_entry
+retrieves the keytab entry for
+.Fa principal ,
+.Fa kvno ,
+.Fa enctype
+into
+.Fa entry
+from the keytab
+.Fa id .
+When comparing an entry in the keytab to determine a match, the
+function
+.Fn krb5_kt_compare
+is used, so the wildcard rules applies to the argument of
+.F krb5_kt_get_entry
+too.
+On success the returne entry must be freed with
+.Fn krb5_kt_free_entry .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_read_service_key
+reads the key identified by
+.Fa ( principal ,
+.Fa vno ,
+.Fa enctype )
+from the keytab in
+.Fa keyprocarg
+(the system default keytab if
+.Dv NULL
+is used) into
+.Fa *key .
+.Fa keyprocarg
+is the same argument as to
+.Fa name
+argument to
+.Fn krb5_kt_resolve .
+Internal
+.Fn krb5_kt_compare
+will be used, so the same wildcard rules applies
+to
+.Fn krb5_kt_read_service_key .
+On success the returned key must be freed with
+.Fa krb5_free_keyblock .
+Returns 0 or an error.
+.Pp
+.Fn krb5_kt_remove_entry
+removes the entry
+.Fa entry
+from the keytab
+.Fa id .
+When comparing an entry in the keytab to determine a match, the
+function
+.Fn krb5_kt_compare
+is use, so the wildcard rules applies to the argument of
+.Fn krb5_kt_remove_entry .
+Returns 0,
+.Dv KRB5_KT_NOTFOUND
+if not entry matched or another error.
+.Pp
+.Fn krb5_kt_register
+registers a new keytab type
+.Fa ops .
+Returns 0 or an error.
+.Sh EXAMPLES
+This is a minimalistic version of
+.Nm ktutil .
+.Pp
+.Bd -literal
+int
+main (int argc, char **argv)
+{
+ krb5_context context;
+ krb5_keytab keytab;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry;
+ krb5_error_code ret;
+ char *principal;
+
+ if (krb5_init_context (&context) != 0)
+ errx(1, "krb5_context");
+
+ ret = krb5_kt_default (context, &keytab);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_default");
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
+ while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
+ krb5_unparse_name_short(context, entry.principal, &principal);
+ printf("principal: %s\\n", principal);
+ free(principal);
+ krb5_kt_free_entry(context, &entry);
+ }
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
+ ret = krb5_kt_close(context, keytab);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+ krb5_free_context(context);
+ return 0;
+}
+.Ed
+.Sh COMPATIBILITY
+Heimdal stored the ticket flags in machine bit-field order before
+Heimdal 0.7. The behavior is possible to change in with the option
+.Li [libdefaults]fcc-mit-ticketflags .
+Heimdal 0.7 also code to detech that ticket flags was in the wrong
+order and correct them. This matters when doing delegation in GSS-API
+because the client code looks at the flag to determin if it is possible
+to do delegation if the user requested it.
+.Sh SEE ALSO
+.Xr krb5.conf 5 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_krbhst_init.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_krbhst_init.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_krbhst_init.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,174 @@
+.\" Copyright (c) 2001-2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_krbhst_init.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 10, 2005
+.Dt KRB5_KRBHST_INIT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_krbhst_init ,
+.Nm krb5_krbhst_init_flags ,
+.Nm krb5_krbhst_next ,
+.Nm krb5_krbhst_next_as_string ,
+.Nm krb5_krbhst_reset ,
+.Nm krb5_krbhst_free ,
+.Nm krb5_krbhst_format_string ,
+.Nm krb5_krbhst_get_addrinfo
+.Nd lookup Kerberos KDC hosts
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle"
+.Ft krb5_error_code
+.Fn krb5_krbhst_init_flags "krb5_context context" "const char *realm" "unsigned int type" "int flags" "krb5_krbhst_handle *handle"
+.Ft krb5_error_code
+.Fn "krb5_krbhst_next" "krb5_context context" "krb5_krbhst_handle handle" "krb5_krbhst_info **host"
+.Ft krb5_error_code
+.Fn krb5_krbhst_next_as_string "krb5_context context" "krb5_krbhst_handle handle" "char *hostname" "size_t hostlen"
+.Ft void
+.Fn krb5_krbhst_reset "krb5_context context" "krb5_krbhst_handle handle"
+.Ft void
+.Fn krb5_krbhst_free "krb5_context context" "krb5_krbhst_handle handle"
+.Ft krb5_error_code
+.Fn krb5_krbhst_format_string "krb5_context context" "const krb5_krbhst_info *host" "char *hostname" "size_t hostlen"
+.Ft krb5_error_code
+.Fn krb5_krbhst_get_addrinfo "krb5_context context" "krb5_krbhst_info *host" "struct addrinfo **ai"
+.Sh DESCRIPTION
+These functions are used to sequence through all Kerberos hosts of a
+particular realm and service. The service type can be the KDCs, the
+administrative servers, the password changing servers, or the servers
+for Kerberos 4 ticket conversion.
+.Pp
+First a handle to a particular service is obtained by calling
+.Fn krb5_krbhst_init
+(or
+.Fn krb5_krbhst_init_flags )
+with the
+.Fa realm
+of interest and the type of service to lookup. The
+.Fa type
+can be one of:
+.Pp
+.Bl -tag -width Ds -compact -offset indent
+.It KRB5_KRBHST_KDC
+.It KRB5_KRBHST_ADMIN
+.It KRB5_KRBHST_CHANGEPW
+.It KRB5_KRBHST_KRB524
+.El
+.Pp
+The
+.Fa handle
+is returned to the caller, and should be passed to the other
+functions.
+.Pp
+The
+.Fa flag
+argument to
+.Nm krb5_krbhst_init_flags
+is the same flags as
+.Fn krb5_send_to_kdc_flags
+uses.
+Possible values are:
+.Pp
+.Bl -tag -width KRB5_KRBHST_FLAGS_LARGE_MSG -compact -offset indent
+.It KRB5_KRBHST_FLAGS_MASTER
+only talk to master (readwrite) KDC
+.It KRB5_KRBHST_FLAGS_LARGE_MSG
+this is a large message, so use transport that can handle that.
+.El
+.Pp
+For each call to
+.Fn krb5_krbhst_next
+information on a new host is returned. The former function returns in
+.Fa host
+a pointer to a structure containing information about the host, such
+as protocol, hostname, and port:
+.Bd -literal -offset indent
+typedef struct krb5_krbhst_info {
+ enum { KRB5_KRBHST_UDP,
+ KRB5_KRBHST_TCP,
+ KRB5_KRBHST_HTTP } proto;
+ unsigned short port;
+ struct addrinfo *ai;
+ struct krb5_krbhst_info *next;
+ char hostname[1];
+} krb5_krbhst_info;
+.Ed
+.Pp
+The related function,
+.Fn krb5_krbhst_next_as_string ,
+return the same information as a URL-like string.
+.Pp
+When there are no more hosts, these functions return
+.Dv KRB5_KDC_UNREACH .
+.Pp
+To re-iterate over all hosts, call
+.Fn krb5_krbhst_reset
+and the next call to
+.Fn krb5_krbhst_next
+will return the first host.
+.Pp
+When done with the handle,
+.Fn krb5_krbhst_free
+should be called.
+.Pp
+To use a
+.Va krb5_krbhst_info ,
+there are two functions:
+.Fn krb5_krbhst_format_string
+that will return a printable representation of that struct
+and
+.Fn krb5_krbhst_get_addrinfo
+that will return a
+.Va struct addrinfo
+that can then be used for communicating with the server mentioned.
+.Sh EXAMPLES
+The following code will print the KDCs of the realm
+.Dq MY.REALM :
+.Bd -literal -offset indent
+krb5_krbhst_handle handle;
+char host[MAXHOSTNAMELEN];
+krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle);
+while(krb5_krbhst_next_as_string(context, handle,
+ host, sizeof(host)) == 0)
+ printf("%s\\n", host);
+krb5_krbhst_free(context, handle);
+.Ed
+.\" .Sh BUGS
+.Sh SEE ALSO
+.Xr getaddrinfo 3 ,
+.Xr krb5_get_krbhst 3 ,
+.Xr krb5_send_to_kdc_flags 3
+.Sh HISTORY
+These functions first appeared in Heimdal 0.3g.
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_kuserok.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_kuserok.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_kuserok.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,103 @@
+.\" Copyright (c) 2003-2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_kuserok.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 4, 2005
+.Dt KRB5_KUSEROK 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_kuserok
+.Nd "checks if a principal is permitted to login as a user"
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_boolean
+.Fo krb5_kuserok
+.Fa "krb5_context context"
+.Fa "krb5_principal principal"
+.Fa "const char *user"
+.Fc
+.Sh DESCRIPTION
+This function takes the name of a local
+.Fa user
+and checks if
+.Fa principal
+is allowed to log in as that user.
+.Pp
+The
+.Fa user
+may have a
+.Pa ~/.k5login
+file listing principals that are allowed to login as that user. If
+that file does not exist, all principals with a first component
+identical to the username, and a realm considered local, are allowed
+access.
+.Pp
+The
+.Pa .k5login
+file must contain one principal per line, be owned by
+.Fa user ,
+and not be writable by group or other (but must be readable by
+anyone).
+.Pp
+Note that if the file exists, no implicit access rights are given to
+.Fa user Ns @ Ns Aq localrealm .
+.Pp
+Optionally, a set of files may be put in
+.Pa ~/.k5login.d ( Ns
+a directory), in which case they will all be checked in the same
+manner as
+.Pa .k5login .
+The files may be called anything, but files starting with a hash
+.Dq ( # ) ,
+or ending with a tilde
+.Dq ( ~ )
+are ignored. Subdirectories are not traversed. Note that this
+directory may not be checked by other implementations.
+.Sh RETURN VALUES
+.Nm
+returns
+.Dv TRUE
+if access should be granted,
+.Dv FALSE
+otherwise.
+.Sh HISTORY
+The
+.Pa ~/.k5login.d
+feature appeared in Heimdal 0.7.
+.Sh SEE ALSO
+.Xr krb5_get_default_realms 3 ,
+.Xr krb5_verify_user 3 ,
+.Xr krb5_verify_user_lrealm 3 ,
+.Xr krb5_verify_user_opt 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,268 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: krb5_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+/* $FreeBSD$ */
+
+#ifndef __KRB5_LOCL_H__
+#define __KRB5_LOCL_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <errno.h>
+#include <ctype.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_PWD_H
+#undef _POSIX_PTHREAD_SEMANTICS
+/* This gets us the 5-arg getpwnam_r on Solaris 9. */
+#define _POSIX_PTHREAD_SEMANTICS
+#include <pwd.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <time.h>
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef _AIX
+struct ether_addr;
+struct mbuf;
+struct sockaddr_dl;
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+
+#ifdef HAVE_CRYPT_H
+#undef des_encrypt
+#define des_encrypt wingless_pigs_mostly_fail_to_fly
+#include <crypt.h>
+#undef des_encrypt
+#endif
+
+#ifdef HAVE_DOOR_CREATE
+#include <door.h>
+#endif
+
+#include <roken.h>
+#include <parse_time.h>
+#include <base64.h>
+
+#include "crypto-headers.h"
+
+
+#include <krb5_asn1.h>
+
+struct send_to_kdc;
+
+/* XXX glue for pkinit */
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+struct ContentInfo;
+typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx;
+struct krb5_dh_moduli;
+
+/* v4 glue */
+struct _krb5_krb_auth_data;
+
+#include <der.h>
+
+#include <krb5.h>
+#include <krb5_err.h>
+#include <asn1_err.h>
+#ifdef PKINIT
+#include <hx509_err.h>
+#endif
+#include <krb5-private.h>
+
+#include "heim_threads.h"
+
+#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
+#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
+
+/* should this be public? */
+#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
+#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
+
+#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#define KRB5_BUFSIZ 1024
+
+typedef enum {
+ KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
+ KRB5_INIT_CREDS_TRISTATE_TRUE,
+ KRB5_INIT_CREDS_TRISTATE_FALSE
+} krb5_get_init_creds_tristate;
+
+struct _krb5_get_init_creds_opt_private {
+ int refcount;
+ /* ENC_TIMESTAMP */
+ const char *password;
+ krb5_s2k_proc key_proc;
+ /* PA_PAC_REQUEST */
+ krb5_get_init_creds_tristate req_pac;
+ /* PKINIT */
+ krb5_pk_init_ctx pk_init_ctx;
+ KRB_ERROR *error;
+ krb5_get_init_creds_tristate addressless;
+ int flags;
+#define KRB5_INIT_CREDS_CANONICALIZE 1
+#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2
+};
+
+typedef struct krb5_context_data {
+ krb5_enctype *etypes;
+ krb5_enctype *etypes_des;
+ char **default_realms;
+ time_t max_skew;
+ time_t kdc_timeout;
+ unsigned max_retries;
+ int32_t kdc_sec_offset;
+ int32_t kdc_usec_offset;
+ krb5_config_section *cf;
+ struct et_list *et_list;
+ struct krb5_log_facility *warn_dest;
+ krb5_cc_ops *cc_ops;
+ int num_cc_ops;
+ const char *http_proxy;
+ const char *time_fmt;
+ krb5_boolean log_utc;
+ const char *default_keytab;
+ const char *default_keytab_modify;
+ krb5_boolean use_admin_kdc;
+ krb5_addresses *extra_addresses;
+ krb5_boolean scan_interfaces; /* `ifconfig -a' */
+ krb5_boolean srv_lookup; /* do SRV lookups */
+ krb5_boolean srv_try_txt; /* try TXT records also */
+ int32_t fcache_vno; /* create cache files w/ this
+ version */
+ int num_kt_types; /* # of registered keytab types */
+ struct krb5_keytab_data *kt_types; /* registered keytab types */
+ const char *date_fmt;
+ char *error_string;
+ char error_buf[256];
+ krb5_addresses *ignore_addresses;
+ char *default_cc_name;
+ char *default_cc_name_env;
+ int default_cc_name_set;
+ void *mutex; /* protects error_string/error_buf */
+ int large_msg_size;
+ int flags;
+#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1
+#define KRB5_CTX_F_CHECK_PAC 2
+ struct send_to_kdc *send_to_kdc;
+} krb5_context_data;
+
+#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
+#define KRB5_DEFAULT_CCNAME_API "API:"
+#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
+
+#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1
+#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2
+#define EXTRACT_TICKET_MATCH_REALM 4
+
+/*
+ * Configurable options
+ */
+
+#ifndef KRB5_DEFAULT_CCTYPE
+#ifdef __APPLE__
+#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops)
+#else
+#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops)
+#endif
+#endif
+
+#ifndef KRB5_ADDRESSLESS_DEFAULT
+#define KRB5_ADDRESSLESS_DEFAULT TRUE
+#endif
+
+#endif /* __KRB5_LOCL_H__ */
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_req.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_req.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_req.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,187 @@
+.\" Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_mk_req.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd August 27, 2005
+.Dt KRB5_MK_REQ 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_mk_req ,
+.Nm krb5_mk_req_exact ,
+.Nm krb5_mk_req_extended ,
+.Nm krb5_rd_req ,
+.Nm krb5_rd_req_with_keyblock ,
+.Nm krb5_mk_rep ,
+.Nm krb5_mk_rep_exact ,
+.Nm krb5_mk_rep_extended ,
+.Nm krb5_rd_rep ,
+.Nm krb5_build_ap_req ,
+.Nm krb5_verify_ap_req
+.Nd create and read application authentication request
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_mk_req
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fa "const krb5_flags ap_req_options"
+.Fa "const char *service"
+.Fa "const char *hostname"
+.Fa "krb5_data *in_data"
+.Fa "krb5_ccache ccache"
+.Fa "krb5_data *outbuf"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_mk_req_extended
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fa "const krb5_flags ap_req_options"
+.Fa "krb5_data *in_data"
+.Fa "krb5_creds *in_creds"
+.Fa "krb5_data *outbuf"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rd_req
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fa "const krb5_data *inbuf"
+.Fa "krb5_const_principal server"
+.Fa "krb5_keytab keytab"
+.Fa "krb5_flags *ap_req_options"
+.Fa "krb5_ticket **ticket"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_build_ap_req
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_creds *cred"
+.Fa "krb5_flags ap_options"
+.Fa "krb5_data authenticator"
+.Fa "krb5_data *retdata"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_verify_ap_req
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fa "krb5_ap_req *ap_req"
+.Fa "krb5_const_principal server"
+.Fa "krb5_keyblock *keyblock"
+.Fa "krb5_flags flags"
+.Fa "krb5_flags *ap_req_options"
+.Fa "krb5_ticket **ticket"
+.Fc
+.Sh DESCRIPTION
+The functions documented in this manual page document the functions
+that facilitates the exchange between a Kerberos client and server.
+They are the core functions used in the authentication exchange
+between the client and the server.
+.Pp
+The
+.Nm krb5_mk_req
+and
+.Nm krb5_mk_req_extended
+creates the Kerberos message
+.Dv KRB_AP_REQ
+that is sent from the client to the server as the first packet in a client/server exchange. The result that should be sent to server is stored in
+.Fa outbuf .
+.Pp
+.Fa auth_context
+should be allocated with
+.Fn krb5_auth_con_init
+or
+.Dv NULL
+passed in, in that case, it will be allocated and freed internally.
+.Pp
+The input data
+.Fa in_data
+will have a checksum calculated over it and checksum will be
+transported in the message to the server.
+.Pp
+.Fa ap_req_options
+can be set to one or more of the following flags:
+.Pp
+.Bl -tag -width indent
+.It Dv AP_OPTS_USE_SESSION_KEY
+Use the session key when creating the request, used for user to user
+authentication.
+.It Dv AP_OPTS_MUTUAL_REQUIRED
+Mark the request as mutual authenticate required so that the receiver
+returns a mutual authentication packet.
+.El
+.Pp
+The
+.Nm krb5_rd_req
+read the AP_REQ in
+.Fa inbuf
+and verify and extract the content.
+If
+.Fa server
+is specified, that server will be fetched from the
+.Fa keytab
+and used unconditionally.
+If
+.Fa server
+is
+.Dv NULL ,
+the
+.Fa keytab
+will be search for a matching principal.
+.Pp
+The
+.Fa keytab
+argument specifies what keytab to search for receiving principals.
+The arguments
+.Fa ap_req_options
+and
+.Fa ticket
+returns the content.
+.Pp
+When the AS-REQ is a user to user request, neither of
+.Fa keytab
+or
+.Fa principal
+are used, instead
+.Fn krb5_rd_req
+expects the session key to be set in
+.Fa auth_context .
+.Pp
+The
+.Nm krb5_verify_ap_req
+and
+.Nm krb5_build_ap_req
+both constructs and verify the AP_REQ message, should not be used by
+external code.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_safe.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_safe.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_mk_safe.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,82 @@
+.\" Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_mk_safe.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_MK_SAFE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_mk_safe ,
+.Nm krb5_mk_priv
+.Nd generates integrity protected and/or encrypted messages
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fn krb5_mk_priv "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *userdata" "krb5_data *outbuf" "krb5_replay_data *outdata"
+.Ft krb5_error_code
+.Fn krb5_mk_safe "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *userdata" "krb5_data *outbuf" "krb5_replay_data *outdata"
+.Sh DESCRIPTION
+.Fn krb5_mk_safe
+and
+.Fn krb5_mk_priv
+formats
+.Li KRB-SAFE
+(integrity protected)
+and
+.Li KRB-PRIV
+(also encrypted)
+messages into
+.Fa outbuf .
+The actual message data is taken from
+.Fa userdata .
+If the
+.Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
+or
+.Dv KRB5_AUTH_CONTEXT_DO_TIME
+flags are set in the
+.Fa auth_context ,
+sequence numbers and time stamps are generated.
+If the
+.Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
+or
+.Dv KRB5_AUTH_CONTEXT_RET_TIME
+flags are set
+they are also returned in the
+.Fa outdata
+parameter.
+.Sh SEE ALSO
+.Xr krb5_auth_con_init 3 ,
+.Xr krb5_rd_priv 3 ,
+.Xr krb5_rd_safe 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_openlog.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_openlog.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_openlog.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,242 @@
+.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_openlog.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.Dd August 6, 1997
+.Dt KRB5_OPENLOG 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_initlog ,
+.Nm krb5_openlog ,
+.Nm krb5_closelog ,
+.Nm krb5_addlog_dest ,
+.Nm krb5_addlog_func ,
+.Nm krb5_log ,
+.Nm krb5_vlog ,
+.Nm krb5_log_msg ,
+.Nm krb5_vlog_msg
+.Nd Heimdal logging functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft "typedef void"
+.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
+.Ft "typedef void"
+.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
+.Ft krb5_error_code
+.Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
+.Ft krb5_error_code
+.Fn krb5_addlog_func "krb5_context context" "krb5_log_facility *facility" "int min" "int max" "krb5_log_log_func_t log" "krb5_log_close_func_t close" "void *data"
+.Ft krb5_error_code
+.Fn krb5_closelog "krb5_context context" "krb5_log_facility *facility"
+.Ft krb5_error_code
+.Fn krb5_initlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
+.Ft krb5_error_code
+.Fn krb5_log "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "..."
+.Ft krb5_error_code
+.Fn krb5_log_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "..."
+.Ft krb5_error_code
+.Fn krb5_openlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
+.Ft krb5_error_code
+.Fn krb5_vlog "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "va_list arglist"
+.Ft krb5_error_code
+.Fn krb5_vlog_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "va_list arglist"
+.Sh DESCRIPTION
+These functions logs messages to one or more destinations.
+.Pp
+The
+.Fn krb5_openlog
+function creates a logging
+.Fa facility ,
+that is used to log messages. A facility consists of one or more
+destinations (which can be files or syslog or some other device). The
+.Fa program
+parameter should be the generic name of the program that is doing the
+logging. This name is used to lookup which destinations to use. This
+information is contained in the
+.Li logging
+section of the
+.Pa krb5.conf
+configuration file. If no entry is found for
+.Fa program ,
+the entry for
+.Li default
+is used, or if that is missing too,
+.Li SYSLOG
+will be used as destination.
+.Pp
+To close a logging facility, use the
+.Fn krb5_closelog
+function.
+.Pp
+To log a message to a facility use one of the functions
+.Fn krb5_log ,
+.Fn krb5_log_msg ,
+.Fn krb5_vlog ,
+or
+.Fn krb5_vlog_msg .
+The functions ending in
+.Li _msg
+return in
+.Fa reply
+a pointer to the message that just got logged. This string is allocated,
+and should be freed with
+.Fn free .
+The
+.Fa format
+is a standard
+.Fn printf
+style format string (but see the BUGS section).
+.Pp
+If you want better control of where things gets logged, you can instead of using
+.Fn krb5_openlog
+call
+.Fn krb5_initlog ,
+which just initializes a facility, but doesn't define any actual logging
+destinations. You can then add destinations with the
+.Fn krb5_addlog_dest
+and
+.Fn krb5_addlog_func
+functions. The first of these takes a string specifying a logging
+destination, and adds this to the facility. If you want to do some
+non-standard logging you can use the
+.Fn krb5_addlog_func
+function, which takes a function to use when logging.
+The
+.Fa log
+function is called for each message with
+.Fa time
+being a string specifying the current time, and
+.Fa message
+the message to log.
+.Fa close
+is called when the facility is closed. You can pass application specific data in the
+.Fa data
+parameter. The
+.Fa min
+and
+.Fa max
+parameter are the same as in a destination (defined below). To specify a
+max of infinity, pass -1.
+.Pp
+.Fn krb5_openlog
+calls
+.Fn krb5_initlog
+and then calls
+.Fn krb5_addlog_dest
+for each destination found.
+.Ss Destinations
+The defined destinations (as specified in
+.Pa krb5.conf )
+follows:
+.Bl -tag -width "xxx" -offset indent
+.It Li STDERR
+This logs to the program's stderr.
+.It Li FILE: Ns Pa /file
+.It Li FILE= Ns Pa /file
+Log to the specified file. The form using a colon appends to the file, the
+form with an equal truncates the file. The truncating form keeps the file
+open, while the appending form closes it after each log message (which
+makes it possible to rotate logs). The truncating form is mainly for
+compatibility with the MIT libkrb5.
+.It Li DEVICE= Ns Pa /device
+This logs to the specified device, at present this is the same as
+.Li FILE:/device .
+.It Li CONSOLE
+Log to the console, this is the same as
+.Li DEVICE=/dev/console .
+.It Li SYSLOG Ns Op :priority Ns Op :facility
+Send messages to the syslog system, using priority, and facility. To
+get the name for one of these, you take the name of the macro passed
+to
+.Xr syslog 3 ,
+and remove the leading
+.Li LOG_
+.No ( Li LOG_NOTICE
+becomes
+.Li NOTICE ) .
+The default values (as well as the values used for unrecognised
+values), are
+.Li ERR ,
+and
+.Li AUTH ,
+respectively. See
+.Xr syslog 3
+for a list of priorities and facilities.
+.El
+.Pp
+Each destination may optionally be prepended with a range of logging
+levels, specified as
+.Li min-max/ .
+If the
+.Fa level
+parameter to
+.Fn krb5_log
+is within this range (inclusive) the message gets logged to this
+destination, otherwise not. Either of the min and max valued may be
+omitted, in this case min is assumed to be zero, and max is assumed to be
+infinity. If you don't include a dash, both min and max gets set to the
+specified value. If no range is specified, all messages gets logged.
+.Sh EXAMPLES
+.Bd -literal -offset indent
+[logging]
+ kdc = 0/FILE:/var/log/kdc.log
+ kdc = 1-/SYSLOG:INFO:USER
+ default = STDERR
+.Ed
+.Pp
+This will log all messages from the
+.Nm kdc
+program with level 0 to
+.Pa /var/log/kdc.log ,
+other messages will be logged to syslog with priority
+.Li LOG_INFO ,
+and facility
+.Li LOG_USER .
+All other programs will log all messages to their stderr.
+.Sh SEE ALSO
+.Xr syslog 3 ,
+.Xr krb5.conf 5
+.Sh BUGS
+These functions use
+.Fn asprintf
+to format the message. If your operating system does not have a working
+.Fn asprintf ,
+a replacement will be used. At present this replacement does not handle
+some correct conversion specifications (like floating point numbers). Until
+this is fixed, the use of these conversions should be avoided.
+.Pp
+If logging is done to the syslog facility, these functions might not be
+thread-safe, depending on the implementation of
+.Fn openlog ,
+and
+.Fn syslog .
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_parse_name.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_parse_name.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_parse_name.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,68 @@
+.\" Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_parse_name.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_PARSE_NAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_parse_name
+.Nd string to principal conversion
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
+.Sh DESCRIPTION
+.Fn krb5_parse_name
+converts a string representation of a principal name to
+.Nm krb5_principal .
+The
+.Fa principal
+will point to allocated data that should be freed with
+.Fn krb5_free_principal .
+.Pp
+The string should consist of one or more name components separated with slashes
+.Pq Dq / ,
+optionally followed with an
+.Dq @
+and a realm name. A slash or @ may be contained in a name component by
+quoting it with a backslash
+.Pq Dq \e .
+A realm should not contain slashes or colons.
+.Sh SEE ALSO
+.Xr krb5_425_conv_principal 3 ,
+.Xr krb5_build_principal 3 ,
+.Xr krb5_free_principal 3 ,
+.Xr krb5_sname_to_principal 3 ,
+.Xr krb5_unparse_name 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_principal.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_principal.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_principal.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,384 @@
+.\" Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_principal.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_PRINCIPAL 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_get_default_principal ,
+.Nm krb5_principal ,
+.Nm krb5_build_principal ,
+.Nm krb5_build_principal_ext ,
+.Nm krb5_build_principal_va ,
+.Nm krb5_build_principal_va_ext ,
+.Nm krb5_copy_principal ,
+.Nm krb5_free_principal ,
+.Nm krb5_make_principal ,
+.Nm krb5_parse_name ,
+.Nm krb5_parse_name_flags ,
+.Nm krb5_parse_nametype ,
+.Nm krb5_princ_realm ,
+.Nm krb5_princ_set_realm ,
+.Nm krb5_principal_compare ,
+.Nm krb5_principal_compare_any_realm ,
+.Nm krb5_principal_get_comp_string ,
+.Nm krb5_principal_get_realm ,
+.Nm krb5_principal_get_type ,
+.Nm krb5_principal_match ,
+.Nm krb5_principal_set_type ,
+.Nm krb5_realm_compare ,
+.Nm krb5_sname_to_principal ,
+.Nm krb5_sock_to_principal ,
+.Nm krb5_unparse_name ,
+.Nm krb5_unparse_name_flags ,
+.Nm krb5_unparse_name_fixed ,
+.Nm krb5_unparse_name_fixed_flags ,
+.Nm krb5_unparse_name_fixed_short ,
+.Nm krb5_unparse_name_short
+.Nd Kerberos 5 principal handling functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li krb5_principal ;
+.Ft void
+.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
+.Ft krb5_error_code
+.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
+.Ft krb5_error_code
+.Fn krb5_parse_name_flags "krb5_context context" "const char *name" "int flags" "krb5_principal *principal"
+.Ft krb5_error_code
+.Fn "krb5_unparse_name" "krb5_context context" "krb5_const_principal principal" "char **name"
+.Ft krb5_error_code
+.Fn "krb5_unparse_name_flags" "krb5_context context" "krb5_const_principal principal" "int flags" "char **name"
+.Ft krb5_error_code
+.Fn krb5_unparse_name_fixed "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len"
+.Ft krb5_error_code
+.Fn krb5_unparse_name_fixed_flags "krb5_context context" "krb5_const_principal principal" "int flags" "char *name" "size_t len"
+.Ft krb5_error_code
+.Fn "krb5_unparse_name_short" "krb5_context context" "krb5_const_principal principal" "char **name"
+.Ft krb5_error_code
+.Fn krb5_unparse_name_fixed_short "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len"
+.Ft krb5_realm *
+.Fn krb5_princ_realm "krb5_context context" "krb5_principal principal"
+.Ft void
+.Fn krb5_princ_set_realm "krb5_context context" "krb5_principal principal" "krb5_realm *realm"
+.Ft krb5_error_code
+.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..."
+.Ft krb5_error_code
+.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap"
+.Ft krb5_error_code
+.Fn "krb5_build_principal_ext" "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "..."
+.Ft krb5_error_code
+.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int rlen" "krb5_const_realm realm" "va_list ap"
+.Ft krb5_error_code
+.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
+.Ft krb5_error_code
+.Fn krb5_copy_principal "krb5_context context" "krb5_const_principal inprinc" "krb5_principal *outprinc"
+.Ft krb5_boolean
+.Fn krb5_principal_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
+.Ft krb5_boolean
+.Fn krb5_principal_compare_any_realm "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
+.Ft "const char *"
+.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_const_principal principal" "unsigned int component"
+.Ft "const char *"
+.Fn krb5_principal_get_realm "krb5_context context" "krb5_const_principal principal"
+.Ft int
+.Fn krb5_principal_get_type "krb5_context context" "krb5_const_principal principal"
+.Ft krb5_boolean
+.Fn krb5_principal_match "krb5_context context" "krb5_const_principal principal" "krb5_const_principal pattern"
+.Ft void
+.Fn krb5_principal_set_type "krb5_context context" "krb5_principal principal" "int type"
+.Ft krb5_boolean
+.Fn krb5_realm_compare "krb5_context context" "krb5_const_principal princ1" "krb5_const_principal princ2"
+.Ft krb5_error_code
+.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *ret_princ"
+.Ft krb5_error_code
+.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
+.Ft krb5_error_code
+.Fn krb5_get_default_principal "krb5_context context" "krb5_principal *princ"
+.Ft krb5_error_code
+.Fn krb5_parse_nametype "krb5_context context" "const char *str" "int32_t *type"
+.Sh DESCRIPTION
+.Li krb5_principal
+holds the name of a user or service in Kerberos.
+.Pp
+A principal has two parts, a
+.Li PrincipalName
+and a
+.Li realm .
+The PrincipalName consists of one or more components. In printed form,
+the components are separated by /.
+The PrincipalName also has a name-type.
+.Pp
+Examples of a principal are
+.Li nisse/root at EXAMPLE.COM
+and
+.Li host/datan.kth.se at KTH.SE .
+.Fn krb5_parse_name
+and
+.Fn krb5_parse_name_flags
+passes a principal name in
+.Fa name
+to the kerberos principal structure.
+.Fn krb5_parse_name_flags
+takes an extra
+.Fa flags
+argument the following flags can be passed in
+.Bl -tag -width Ds
+.It Dv KRB5_PRINCIPAL_PARSE_NO_REALM
+requries the input string to be without a realm, and no realm is
+stored in the
+.Fa principal
+return argument.
+.It Dv KRB5_PRINCIPAL_PARSE_MUST_REALM
+requries the input string to with a realm.
+.El
+.Pp
+.Fn krb5_unparse_name
+and
+.Fn krb5_unparse_name_flags
+prints the principal
+.Fa princ
+to the string
+.Fa name .
+.Fa name
+should be freed with
+.Xr free 3 .
+To the
+.Fa flags
+argument the following flags can be passed in
+.Bl -tag -width Ds
+.It Dv KRB5_PRINCIPAL_UNPARSE_SHORT
+no realm if the realm is one of the local realms.
+.It Dv KRB5_PRINCIPAL_UNPARSE_NO_REALM
+never include any realm in the principal name.
+.It Dv KRB5_PRINCIPAL_UNPARSE_DISPLAY
+don't quote
+.El
+On failure
+.Fa name
+is set to
+.Dv NULL .
+.Fn krb5_unparse_name_fixed
+and
+.Fn krb5_unparse_name_fixed_flags
+behaves just like
+.Fn krb5_unparse ,
+but instead unparses the principal into a fixed size buffer.
+.Pp
+.Fn krb5_unparse_name_short
+just returns the principal without the realm if the principal is
+in the default realm. If the principal isn't, the full name is
+returned.
+.Fn krb5_unparse_name_fixed_short
+works just like
+.Fn krb5_unparse_name_short
+but on a fixed size buffer.
+.Pp
+.Fn krb5_build_principal
+builds a principal from the realm
+.Fa realm
+that has the length
+.Fa rlen .
+The following arguments form the components of the principal.
+The list of components is terminated with
+.Dv NULL .
+.Pp
+.Fn krb5_build_principal_va
+works like
+.Fn krb5_build_principal
+using vargs.
+.Pp
+.Fn krb5_build_principal_ext
+and
+.Fn krb5_build_principal_va_ext
+take a list of length-value pairs, the list is terminated with a zero
+length.
+.Pp
+.Fn krb5_make_principal
+works the same way as
+.Fn krb5_build_principal ,
+except it figures out the length of the realm itself.
+.Pp
+.Fn krb5_copy_principal
+makes a copy of a principal.
+The copy needs to be freed with
+.Fn krb5_free_principal .
+.Pp
+.Fn krb5_principal_compare
+compares the two principals, including realm of the principals and returns
+.Dv TRUE
+if they are the same and
+.Dv FALSE
+if not.
+.Pp
+.Fn krb5_principal_compare_any_realm
+works the same way as
+.Fn krb5_principal_compare
+but doesn't compare the realm component of the principal.
+.Pp
+.Fn krb5_realm_compare
+compares the realms of the two principals and returns
+.Dv TRUE
+is they are the same, and
+.Dv FALSE
+if not.
+.Pp
+.Fn krb5_principal_match
+matches a
+.Fa principal
+against a
+.Fa pattern .
+The pattern is a globbing expression, where each component (separated
+by /) is matched against the corresponding component of the principal.
+.Pp
+The
+.Fn krb5_principal_get_realm
+and
+.Fn krb5_principal_get_comp_string
+functions return parts of the
+.Fa principal ,
+either the realm or a specific component.
+Both functions return string pointers to data inside the principal, so
+they are valid only as long as the principal exists.
+.Pp
+The
+.Fa component
+argument to
+.Fn krb5_principal_get_comp_string
+is the index of the component to return, from zero to the total number of
+components minus one. If the index is out of range
+.Dv NULL
+is returned.
+.Pp
+.Fn krb5_principal_get_realm
+and
+.Fn krb5_principal_get_comp_string
+are replacements for
+.Fn krb5_princ_realm ,
+.Fn krb5_princ_component
+and related macros, described as internal in the MIT API
+specification.
+Unlike the macros, these functions return strings, not
+.Dv krb5_data .
+A reason to return
+.Dv krb5_data
+was that it was believed that principal components could contain
+binary data, but this belief was unfounded, and it has been decided
+that principal components are infact UTF8, so it's safe to use zero
+terminated strings.
+.Pp
+It's generally not necessary to look at the components of a principal.
+.Pp
+.Fn krb5_principal_get_type
+and
+.Fn krb5_principal_set_type
+get and sets the name type for a principal.
+Name type handling is tricky and not often needed,
+don't use this unless you know what you do.
+.Pp
+.Fn krb5_princ_realm
+returns the realm component of the principal.
+The caller must not free realm unless
+.Fn krb5_princ_set_realm
+is called to set a new realm after freeing the realm.
+.Fn krb5_princ_set_realm
+sets the realm component of a principal. The old realm is not freed.
+.Pp
+.Fn krb5_sname_to_principal
+and
+.Fn krb5_sock_to_principal
+are for easy creation of
+.Dq service
+principals that can, for instance, be used to lookup a key in a keytab.
+For both functions the
+.Fa sname
+parameter will be used for the first component of the created principal.
+If
+.Fa sname
+is
+.Dv NULL ,
+.Dq host
+will be used instead.
+.Pp
+.Fn krb5_sname_to_principal
+will use the passed
+.Fa hostname
+for the second component.
+If
+.Fa type
+is
+.Dv KRB5_NT_SRV_HST
+this name will be looked up with
+.Fn gethostbyname .
+If
+.Fa hostname
+is
+.Dv NULL ,
+the local hostname will be used.
+.Pp
+.Fn krb5_sock_to_principal
+will use the
+.Dq sockname
+of the passed
+.Fa socket ,
+which should be a bound
+.Dv AF_INET
+or
+.Dv AF_INET6
+socket.
+There must be a mapping between the address and
+.Dq sockname .
+The function may try to resolve the name in DNS.
+.Pp
+.Fn krb5_get_default_principal
+tries to find out what's a reasonable default principal by looking at
+the environment it is running in.
+.Pp
+.Fn krb5_parse_nametype
+parses and returns the name type integer value in
+.Fa type .
+On failure the function returns an error code and set the error
+string.
+.\" .Sh EXAMPLES
+.Sh SEE ALSO
+.Xr krb5_425_conv_principal 3 ,
+.Xr krb5_config 3 ,
+.Xr krb5.conf 5
+.Sh BUGS
+You can not have a NUL in a component in some of the variable argument
+functions above.
+Until someone can give a good example of where it would be a good idea
+to have NUL's in a component, this will not be fixed.
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_rcache.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_rcache.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_rcache.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,163 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_rcache.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_RCACHE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_rcache ,
+.Nm krb5_rc_close ,
+.Nm krb5_rc_default ,
+.Nm krb5_rc_default_name ,
+.Nm krb5_rc_default_type ,
+.Nm krb5_rc_destroy ,
+.Nm krb5_rc_expunge ,
+.Nm krb5_rc_get_lifespan ,
+.Nm krb5_rc_get_name ,
+.Nm krb5_rc_get_type ,
+.Nm krb5_rc_initialize ,
+.Nm krb5_rc_recover ,
+.Nm krb5_rc_resolve ,
+.Nm krb5_rc_resolve_full ,
+.Nm krb5_rc_resolve_type ,
+.Nm krb5_rc_store ,
+.Nm krb5_get_server_rcache
+.Nd Kerberos 5 replay cache
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "struct krb5_rcache;"
+.Pp
+.Ft krb5_error_code
+.Fo krb5_rc_close
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_default
+.Fa "krb5_context context"
+.Fa "krb5_rcache *id"
+.Fc
+.Ft "const char *"
+.Fo krb5_rc_default_name
+.Fa "krb5_context context"
+.Fc
+.Ft "const char *"
+.Fo krb5_rc_default_type
+.Fa "krb5_context context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_destroy
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_expunge
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_get_lifespan
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fa "krb5_deltat *auth_lifespan"
+.Fc
+.Ft "const char*"
+.Fo krb5_rc_get_name
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fc
+.Ft "const char*"
+.Fo "krb5_rc_get_type"
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_initialize
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fa "krb5_deltat auth_lifespan"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_recover
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_resolve
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fa "const char *name"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_resolve_full
+.Fa "krb5_context context"
+.Fa "krb5_rcache *id"
+.Fa "const char *string_name"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_resolve_type
+.Fa "krb5_context context"
+.Fa "krb5_rcache *id"
+.Fa "const char *type"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_rc_store
+.Fa "krb5_context context"
+.Fa "krb5_rcache id"
+.Fa "krb5_donot_replay *rep"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_server_rcache
+.Fa "krb5_context context"
+.Fa "const krb5_data *piece"
+.Fa "krb5_rcache *id"
+.Fc
+.Sh DESCRIPTION
+The
+.Li krb5_rcache
+structure holds a storage element that is used for data manipulation.
+The structure contains no public accessible elements.
+.Pp
+.Fn krb5_rc_initialize
+Creates the reply cache
+.Fa id
+and sets it lifespan to
+.Fa auth_lifespan .
+If the cache already exists, the content is destroyed.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_data 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_error.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_error.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_error.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_rd_error.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd July 26, 2004
+.Dt KRB5_RD_ERROR 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_rd_error ,
+.Nm krb5_free_error ,
+.Nm krb5_free_error_contents ,
+.Nm krb5_error_from_rd_error
+.Nd parse, free and read error from KRB-ERROR message
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_rd_error
+.Fa "krb5_context context"
+.Fa "const krb5_data *msg"
+.Fa "KRB_ERROR *result"
+.Fc
+.Ft void
+.Fo krb5_free_error
+.Fa "krb5_context context"
+.Fa "krb5_error *error"
+.Fc
+.Ft void
+.Fo krb5_free_error_contents
+.Fa "krb5_context context"
+.Fa "krb5_error *error"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_error_from_rd_error
+.Fa "krb5_context context"
+.Fa "const krb5_error *error"
+.Fa "const krb5_creds *creds"
+.Fc
+.Sh DESCRIPTION
+Usually applications never needs to parse and understand Kerberos
+error messages since higher level functions will parse and push up the
+error in the krb5_context.
+These functions are described for completeness.
+.Pp
+.Fn krb5_rd_error
+parses and returns the kerboeros error message, the structure should be freed with
+.Fn krb5_free_error_contents
+when the caller is done with the structure.
+.Pp
+.Fn krb5_free_error
+frees the content and the memory region holding the structure iself.
+.Pp
+.Fn krb5_free_error_contents
+free the content of the KRB-ERROR message.
+.Pp
+.Fn krb5_error_from_rd_error
+will parse the error message and set the error buffer in krb5_context
+to the error string passed back or the matching error code in the
+KRB-ERROR message.
+Caller should pick up the message with
+.Fn krb5_get_error_string 3
+(don't forget to free the returned string with
+.Fn krb5_free_error_string ) .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_set_error_string 3 ,
+.Xr krb5_get_error_string 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_safe.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_safe.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_rd_safe.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+.\" Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_rd_safe.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_RD_SAFE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_rd_safe ,
+.Nm krb5_rd_priv
+.Nd verifies authenticity of messages
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Ft krb5_error_code
+.Fn krb5_rd_priv "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *inbuf" "krb5_data *outbuf" "krb5_replay_data *outdata"
+.Ft krb5_error_code
+.Fn krb5_rd_safe "krb5_context context" "krb5_auth_context auth_context" "const krb5_data *inbuf" "krb5_data *outbuf" "krb5_replay_data *outdata"
+.Sh DESCRIPTION
+.Fn krb5_rd_safe
+and
+.Fn krb5_rd_priv
+parses
+.Li KRB-SAFE
+and
+.Li KRB-PRIV
+messages (as generated by
+.Xr krb5_mk_safe 3
+and
+.Xr krb5_mk_priv 3 )
+from
+.Fa inbuf
+and verifies its integrity. The user data part of the message in put
+in
+.Fa outbuf .
+The encryption state, including keyblocks and addresses, is taken from
+.Fa auth_context .
+If the
+.Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
+or
+.Dv KRB5_AUTH_CONTEXT_RET_TIME
+flags are set in the
+.Fa auth_context
+the sequence number and time are returned in the
+.Fa outdata
+parameter.
+.Sh SEE ALSO
+.Xr krb5_auth_con_init 3 ,
+.Xr krb5_mk_priv 3 ,
+.Xr krb5_mk_safe 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_set_default_realm.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_set_default_realm.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_set_default_realm.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,164 @@
+.\" Copyright (c) 2003 - 2005 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_set_default_realm.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd April 24, 2005
+.Dt KRB5_SET_DEFAULT_REALM 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_copy_host_realm ,
+.Nm krb5_free_host_realm ,
+.Nm krb5_get_default_realm ,
+.Nm krb5_get_default_realms ,
+.Nm krb5_get_host_realm ,
+.Nm krb5_set_default_realm
+.Nd default and host realm read and manipulation routines
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_copy_host_realm
+.Fa "krb5_context context"
+.Fa "const krb5_realm *from"
+.Fa "krb5_realm **to"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_host_realm
+.Fa "krb5_context context"
+.Fa "krb5_realm *realmlist"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_default_realm
+.Fa "krb5_context context"
+.Fa "krb5_realm *realm"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_default_realms
+.Fa "krb5_context context"
+.Fa "krb5_realm **realm"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_host_realm
+.Fa "krb5_context context"
+.Fa "const char *host"
+.Fa "krb5_realm **realms"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_default_realm
+.Fa "krb5_context context"
+.Fa "const char *realm"
+.Fc
+.Sh DESCRIPTION
+.Fn krb5_copy_host_realm
+copies the list of realms from
+.Fa from
+to
+.Fa to .
+.Fa to
+should be freed by the caller using
+.Fa krb5_free_host_realm .
+.Pp
+.Fn krb5_free_host_realm
+frees all memory allocated by
+.Fa realmlist .
+.Pp
+.Fn krb5_get_default_realm
+returns the first default realm for this host.
+The realm returned should be freed with
+.Fn free .
+.Pp
+.Fn krb5_get_default_realms
+returns a
+.Dv NULL
+terminated list of default realms for this context.
+Realms returned by
+.Fn krb5_get_default_realms
+should be freed with
+.Fn krb5_free_host_realm .
+.Pp
+.Fn krb5_get_host_realm
+returns a
+.Dv NULL
+terminated list of realms for
+.Fa host
+by looking up the information in the
+.Li [domain_realm]
+in
+.Pa krb5.conf
+or in
+.Li DNS .
+If the mapping in
+.Li [domain_realm]
+results in the string
+.Li dns_locate ,
+DNS is used to lookup the realm.
+.Pp
+When using
+.Li DNS
+to a resolve the domain for the host a.b.c,
+.Fn krb5_get_host_realm
+looks for a
+.Dv TXT
+resource record named
+.Li _kerberos.a.b.c ,
+and if not found, it strips off the first component and tries a again
+(_kerberos.b.c) until it reaches the root.
+.Pp
+If there is no configuration or DNS information found,
+.Fn krb5_get_host_realm
+assumes it can use the domain part of the
+.Fa host
+to form a realm.
+Caller must free
+.Fa realmlist
+with
+.Fn krb5_free_host_realm .
+.Pp
+.Fn krb5_set_default_realm
+sets the default realm for the
+.Fa context .
+If
+.Dv NULL
+is used as a
+.Fa realm ,
+the
+.Li [libdefaults]default_realm
+stanza in
+.Pa krb5.conf
+is used.
+If there is no such stanza in the configuration file, the
+.Fn krb5_get_host_realm
+function is used to form a default realm.
+.Sh SEE ALSO
+.Xr free 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_set_password.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_set_password.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_set_password.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,143 @@
+.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_set_password.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd July 15, 2004
+.Dt KRB5_SET_PASSWORD 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_change_password ,
+.Nm krb5_set_password ,
+.Nm krb5_set_password_using_ccache ,
+.Nm krb5_passwd_result_to_string
+.Nd change password functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_change_password
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "char *newpw"
+.Fa "int *result_code"
+.Fa "krb5_data *result_code_string"
+.Fa "krb5_data *result_string"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_password
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "char *newpw"
+.Fa "krb5_principal targprinc"
+.Fa "int *result_code"
+.Fa "krb5_data *result_code_string"
+.Fa "krb5_data *result_string"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_set_password_using_ccache
+.Fa "krb5_context context"
+.Fa "krb5_ccache ccache"
+.Fa "char *newpw"
+.Fa "krb5_principal targprinc"
+.Fa "int *result_code"
+.Fa "krb5_data *result_code_string"
+.Fa "krb5_data *result_string"
+.Fc
+.Ft "const char *"
+.Fo krb5_passwd_result_to_string
+.Fa "krb5_context context"
+.Fa "int result"
+.Fc
+.Sh DESCRIPTION
+These functions change the password for a given principal.
+.Pp
+.Fn krb5_set_password
+and
+.Fn krb5_set_password_using_ccache
+are the newer of the three functions, and use a newer version of the
+protocol (and also fall back to the older set-password protocol if the
+newer protocol doesn't work).
+.Pp
+.Fn krb5_change_password
+sets the password
+.Fa newpasswd
+for the client principal in
+.Fa creds .
+The server principal of creds must be
+.Li kadmin/changepw .
+.Pp
+.Fn krb5_set_password
+and
+.Fn krb5_set_password_using_ccache
+change the password for the principal
+.Fa targprinc .
+.Pp
+.Fn krb5_set_password
+requires that the credential for
+.Li kadmin/changepw at REALM
+is in
+.Fa creds .
+If the user caller isn't an administrator, this credential
+needs to be an initial credential, see
+.Xr krb5_get_init_creds 3
+how to get such credentials.
+.Pp
+.Fn krb5_set_password_using_ccache
+will get the credential from
+.Fa ccache .
+.Pp
+If
+.Fa targprinc
+is
+.Dv NULL ,
+.Fn krb5_set_password_using_ccache
+uses the the default principal in
+.Fa ccache
+and
+.Fn krb5_set_password
+uses the global the default principal.
+.Pp
+All three functions return an error in
+.Fa result_code
+and maybe an error string to print in
+.Fa result_string .
+.Pp
+.Fn krb5_passwd_result_to_string
+returns an human readable string describing the error code in
+.Fa result_code
+from the
+.Fn krb5_set_password
+functions.
+.Sh SEE ALSO
+.Xr krb5_ccache 3 ,
+.Xr krb5_init_context 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_storage.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_storage.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_storage.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,427 @@
+.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_storage.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd Aug 18, 2006
+.Dt KRB5_STORAGE 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_storage ,
+.Nm krb5_storage_emem ,
+.Nm krb5_storage_from_data ,
+.Nm krb5_storage_from_fd ,
+.Nm krb5_storage_from_mem ,
+.Nm krb5_storage_set_flags ,
+.Nm krb5_storage_clear_flags ,
+.Nm krb5_storage_is_flags ,
+.Nm krb5_storage_set_byteorder ,
+.Nm krb5_storage_get_byteorder ,
+.Nm krb5_storage_set_eof_code ,
+.Nm krb5_storage_seek ,
+.Nm krb5_storage_read ,
+.Nm krb5_storage_write ,
+.Nm krb5_storage_free ,
+.Nm krb5_storage_to_data ,
+.Nm krb5_store_int32 ,
+.Nm krb5_ret_int32 ,
+.Nm krb5_store_uint32 ,
+.Nm krb5_ret_uint32 ,
+.Nm krb5_store_int16 ,
+.Nm krb5_ret_int16 ,
+.Nm krb5_store_uint16 ,
+.Nm krb5_ret_uint16 ,
+.Nm krb5_store_int8 ,
+.Nm krb5_ret_int8 ,
+.Nm krb5_store_uint8 ,
+.Nm krb5_ret_uint8 ,
+.Nm krb5_store_data ,
+.Nm krb5_ret_data ,
+.Nm krb5_store_string ,
+.Nm krb5_ret_string ,
+.Nm krb5_store_stringnl ,
+.Nm krb5_ret_stringnl ,
+.Nm krb5_store_stringz ,
+.Nm krb5_ret_stringz ,
+.Nm krb5_store_principal ,
+.Nm krb5_ret_principal ,
+.Nm krb5_store_keyblock ,
+.Nm krb5_ret_keyblock ,
+.Nm krb5_store_times ,
+.Nm krb5_ret_times ,
+.Nm krb5_store_address ,
+.Nm krb5_ret_address ,
+.Nm krb5_store_addrs ,
+.Nm krb5_ret_addrs ,
+.Nm krb5_store_authdata ,
+.Nm krb5_ret_authdata ,
+.Nm krb5_store_creds ,
+.Nm krb5_ret_creds
+.Nd operates on the Kerberos datatype krb5_storage
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "struct krb5_storage;"
+.Pp
+.Ft "krb5_storage *"
+.Fn krb5_storage_from_fd "int fd"
+.Ft "krb5_storage *"
+.Fn krb5_storage_emem "void"
+.Ft "krb5_storage *"
+.Fn krb5_storage_from_mem "void *buf" "size_t len"
+.Ft "krb5_storage *"
+.Fn krb5_storage_from_data "krb5_data *data"
+.Ft void
+.Fn krb5_storage_set_flags "krb5_storage *sp" "krb5_flags flags"
+.Ft void
+.Fn krb5_storage_clear_flags "krb5_storage *sp" "krb5_flags flags"
+.Ft krb5_boolean
+.Fn krb5_storage_is_flags "krb5_storage *sp" "krb5_flags flags"
+.Ft void
+.Fn krb5_storage_set_byteorder "krb5_storage *sp" "krb5_flags byteorder"
+.Ft krb5_flags
+.Fn krb5_storage_get_byteorder "krb5_storage *sp" "krb5_flags byteorder"
+.Ft void
+.Fn krb5_storage_set_eof_code "krb5_storage *sp" "int code"
+.Ft off_t
+.Fn krb5_storage_seek "krb5_storage *sp" "off_t offset" "int whence"
+.Ft krb5_ssize_t
+.Fn krb5_storage_read "krb5_storage *sp" "void *buf" "size_t len"
+.Ft krb5_ssize_t
+.Fn krb5_storage_write "krb5_storage *sp" "const void *buf" "size_t len"
+.Ft krb5_error_code
+.Fn krb5_storage_free "krb5_storage *sp"
+.Ft krb5_error_code
+.Fn krb5_storage_to_data "krb5_storage *sp" "krb5_data *data"
+.Ft krb5_error_code
+.Fn krb5_store_int32 "krb5_storage *sp" "int32_t value"
+.Ft krb5_error_code
+.Fn krb5_ret_int32 "krb5_storage *sp" "int32_t *value"
+.Ft krb5_error_code
+.Fn krb5_ret_uint32 "krb5_storage *sp" "uint32_t *value"
+.Ft krb5_error_code
+.Fn krb5_store_uint32 "krb5_storage *sp" "uint32_t value"
+.Ft krb5_error_code
+.Fn krb5_store_int16 "krb5_storage *sp" "int16_t value"
+.Ft krb5_error_code
+.Fn krb5_ret_int16 "krb5_storage *sp" "int16_t *value"
+.Ft krb5_error_code
+.Fn krb5_store_uint16 "krb5_storage *sp" "uint16_t value"
+.Ft krb5_error_code
+.Fn krb5_ret_uint16 "krb5_storage *sp" "u_int16_t *value"
+.Ft krb5_error_code
+.Fn krb5_store_int8 "krb5_storage *sp" "int8_t value"
+.Ft krb5_error_code
+.Fn krb5_ret_int8 "krb5_storage *sp" "int8_t *value"
+.Ft krb5_error_code
+.Fn krb5_store_uint8 "krb5_storage *sp" "u_int8_t value"
+.Ft krb5_error_code
+.Fn krb5_ret_uint8 "krb5_storage *sp" "u_int8_t *value"
+.Ft krb5_error_code
+.Fn krb5_store_data "krb5_storage *sp" "krb5_data data"
+.Ft krb5_error_code
+.Fn krb5_ret_data "krb5_storage *sp" "krb5_data *data"
+.Ft krb5_error_code
+.Fn krb5_store_string "krb5_storage *sp" "const char *s"
+.Ft krb5_error_code
+.Fn krb5_ret_string "krb5_storage *sp" "char **string"
+.Ft krb5_error_code
+.Fn krb5_store_stringnl "krb5_storage *sp" "const char *s"
+.Ft krb5_error_code
+.Fn krb5_ret_stringnl "krb5_storage *sp" "char **string"
+.Ft krb5_error_code
+.Fn krb5_store_stringz "krb5_storage *sp" "const char *s"
+.Ft krb5_error_code
+.Fn krb5_ret_stringz "krb5_storage *sp" "char **string"
+.Ft krb5_error_code
+.Fn krb5_store_principal "krb5_storage *sp" "krb5_const_principal p"
+.Ft krb5_error_code
+.Fn krb5_ret_principal "krb5_storage *sp" "krb5_principal *princ"
+.Ft krb5_error_code
+.Fn krb5_store_keyblock "krb5_storage *sp" "krb5_keyblock p"
+.Ft krb5_error_code
+.Fn krb5_ret_keyblock "krb5_storage *sp" "krb5_keyblock *p"
+.Ft krb5_error_code
+.Fn krb5_store_times "krb5_storage *sp" "krb5_times times"
+.Ft krb5_error_code
+.Fn krb5_ret_times "krb5_storage *sp" "krb5_times *times"
+.Ft krb5_error_code
+.Fn krb5_store_address "krb5_storage *sp" "krb5_address p"
+.Ft krb5_error_code
+.Fn krb5_ret_address "krb5_storage *sp" "krb5_address *adr"
+.Ft krb5_error_code
+.Fn krb5_store_addrs "krb5_storage *sp" "krb5_addresses p"
+.Ft krb5_error_code
+.Fn krb5_ret_addrs "krb5_storage *sp" "krb5_addresses *adr"
+.Ft krb5_error_code
+.Fn krb5_store_authdata "krb5_storage *sp" "krb5_authdata auth"
+.Ft krb5_error_code
+.Fn krb5_ret_authdata "krb5_storage *sp" "krb5_authdata *auth"
+.Ft krb5_error_code
+.Fn krb5_store_creds "krb5_storage *sp" "krb5_creds *creds"
+.Ft krb5_error_code
+.Fn krb5_ret_creds "krb5_storage *sp" "krb5_creds *creds"
+.Sh DESCRIPTION
+The
+.Li krb5_storage
+structure holds a storage element that is used for data manipulation.
+The structure contains no public accessible elements.
+.Pp
+.Fn krb5_storage_emem
+create a memory based krb5 storage unit that dynamicly resized to the
+ammount of data stored in.
+The storage never returns errors, on memory allocation errors
+.Xr exit 3
+will be called.
+.Pp
+.Fn krb5_storage_from_data
+create a krb5 storage unit that will read is data from a
+.Li krb5_data .
+There is no copy made of the
+.Fa data ,
+so the caller must not free
+.Fa data
+until the storage is freed.
+.Pp
+.Fn krb5_storage_from_fd
+create a krb5 storage unit that will read is data from a
+file descriptor.
+The descriptor must be seekable if
+.Fn krb5_storage_seek
+is used.
+Caller must not free the file descriptor before the storage is freed.
+.Pp
+.Fn krb5_storage_from_mem
+create a krb5 storage unit that will read is data from a
+memory region.
+There is no copy made of the
+.Fa data ,
+so the caller must not free
+.Fa data
+until the storage is freed.
+.Pp
+.Fn krb5_storage_set_flags
+and
+.Fn krb5_storage_clear_flags
+modifies the behavior of the storage functions.
+.Fn krb5_storage_is_flags
+tests if the
+.Fa flags
+are set on the
+.Li krb5_storage .
+Valid flags to set, is and clear is are:
+.Pp
+.Bl -tag -width "Fan vet..." -compact -offset indent
+.It KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS
+Stores the number of principal componets one too many when storing
+principal namees, used for compatibility with version 1 of file
+keytabs and version 1 of file credential caches.
+.It KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE
+Doesn't store the name type in when storing a principal name, used for
+compatibility with version 1 of file keytabs and version 1 of file
+credential caches.
+.It KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE
+Stores the keyblock type twice storing a keyblock, used for
+compatibility version 3 of file credential caches.
+.It KRB5_STORAGE_BYTEORDER_MASK
+bitmask that can be used to and out what type of byte order order is used.
+.It KRB5_STORAGE_BYTEORDER_BE
+Store integers in in big endian byte order, this is the default mode.
+.It KRB5_STORAGE_BYTEORDER_LE
+Store integers in in little endian byte order.
+.It KRB5_STORAGE_BYTEORDER_HOST
+Stores the integers in host byte order, used for compatibility with
+version 1 of file keytabs and version 1 and 2 of file credential
+caches.
+.It KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
+Store the credential flags in a krb5_creds in the reverse bit order.
+.El
+.Pp
+.Fn krb5_storage_set_byteorder
+and
+.Fn krb5_storage_get_byteorder
+modifies the byte order used in the storage for integers.
+The flags used is same as above.
+The valid flags are
+.Dv KRB5_STORAGE_BYTEORDER_BE ,
+.Dv KRB5_STORAGE_BYTEORDER_LE
+and
+.Dv KRB5_STORAGE_BYTEORDER_HOST .
+.Pp
+.Fn krb5_storage_set_eof_code
+sets the error code that will be returned on end of file condition to
+.Fa code .
+.Pp
+.Fn krb5_storage_seek
+seeks
+.Fa offset
+bytes in the storage
+.Fa sp .
+The
+.Fa whence
+argument is one of
+.Bl -tag -width SEEK_SET -compact -offset indent
+.It SEEK_SET
+offset is from begining of storage.
+.It SEEK_CUR
+offset is relative from current offset.
+.It SEEK_END
+offset is from end of storage.
+.El
+.Pp
+.Fn krb5_storage_read
+reads
+.Fa len
+(or less bytes in case of end of file) into
+.Fa buf
+from the current offset in the storage
+.Fa sp .
+.Pp
+.Fn krb5_storage_write
+writes
+.Fa len
+or (less bytes in case of end of file) from
+.Fa buf
+from the current offset in the storage
+.Fa sp .
+.Pp
+.Fn krb5_storage_free
+frees the storage
+.Fa sp .
+.Pp
+.Fn krb5_storage_to_data
+converts the data in storage
+.Fa sp
+into a
+.Li krb5_data
+structure.
+.Fa data
+must be freed with
+.Fn krb5_data_free
+by the caller when done with the
+.Fa data .
+.Pp
+All
+.Li krb5_store
+and
+.Li krb5_ret
+functions move the current offset forward when the functions returns.
+.Pp
+.Fn krb5_store_int32 ,
+.Fn krb5_ret_int32 ,
+.Fn krb5_store_uint32 ,
+.Fn krb5_ret_uint32 ,
+.Fn krb5_store_int16 ,
+.Fn krb5_ret_int16 ,
+.Fn krb5_store_uint16 ,
+.Fn krb5_ret_uint16 ,
+.Fn krb5_store_int8 ,
+.Fn krb5_ret_int8
+.Fn krb5_store_uint8 ,
+and
+.Fn krb5_ret_uint8
+stores and reads an integer from
+.Fa sp
+in the byte order specified by the flags set on the
+.Fa sp .
+.Pp
+.Fn krb5_store_data
+and
+.Fn krb5_ret_data
+store and reads a krb5_data.
+The length of the data is stored with
+.Fn krb5_store_int32 .
+.Pp
+.Fn krb5_store_string
+and
+.Fn krb5_ret_string
+store and reads a string by storing the length of the string with
+.Fn krb5_store_int32
+followed by the string itself.
+.Pp
+.Fn krb5_store_stringnl
+and
+.Fn krb5_ret_stringnl
+store and reads a string by storing string followed by a
+.Dv '\n' .
+.Pp
+.Fn krb5_store_stringz
+and
+.Fn krb5_ret_stringz
+store and reads a string by storing string followed by a
+.Dv NUL .
+.Pp
+.Fn krb5_store_principal
+and
+.Fn krb5_ret_principal
+store and reads a principal.
+.Pp
+.Fn krb5_store_keyblock
+and
+.Fn krb5_ret_keyblock
+store and reads a
+.Li krb5_keyblock .
+.Pp
+.Fn krb5_store_times
+.Fn krb5_ret_times
+store and reads
+.Li krb5_times
+structure .
+.Pp
+.Fn krb5_store_address
+and
+.Fn krb5_ret_address
+store and reads a
+.Li krb5_address .
+.Pp
+.Fn krb5_store_addrs
+and
+.Fn krb5_ret_addrs
+store and reads a
+.Li krb5_addresses .
+.Pp
+.Fn krb5_store_authdata
+and
+.Fn krb5_ret_authdata
+store and reads a
+.Li krb5_authdata .
+.Pp
+.Fn krb5_store_creds
+and
+.Fn krb5_ret_creds
+store and reads a
+.Li krb5_creds .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_data 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_string_to_key.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_string_to_key.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_string_to_key.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,156 @@
+.\" Copyright (c) 2004 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_string_to_key.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd July 10, 2006
+.Dt KRB5_STRING_TO_KEY 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_string_to_key ,
+.Nm krb5_string_to_key_data ,
+.Nm krb5_string_to_key_data_salt ,
+.Nm krb5_string_to_key_data_salt_opaque ,
+.Nm krb5_string_to_key_salt ,
+.Nm krb5_string_to_key_salt_opaque ,
+.Nm krb5_get_pw_salt ,
+.Nm krb5_free_salt
+.Nd turns a string to a Kerberos key
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fo krb5_string_to_key
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "const char *password"
+.Fa "krb5_principal principal"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_key_data
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_data password"
+.Fa "krb5_principal principal"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_key_data_salt
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_data password"
+.Fa "krb5_salt salt"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_key_data_salt_opaque
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "krb5_data password"
+.Fa "krb5_salt salt"
+.Fa "krb5_data opaque"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_key_salt
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "const char *password"
+.Fa "krb5_salt salt"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_key_salt_opaque
+.Fa "krb5_context context"
+.Fa "krb5_enctype enctype"
+.Fa "const char *password"
+.Fa "krb5_salt salt"
+.Fa "krb5_data opaque"
+.Fa "krb5_keyblock *key"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_get_pw_salt
+.Fa "krb5_context context"
+.Fa "krb5_const_principal principal"
+.Fa "krb5_salt *salt"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_free_salt
+.Fa "krb5_context context"
+.Fa "krb5_salt salt"
+.Fc
+.Sh DESCRIPTION
+The string to key functions convert a string to a kerberos key.
+.Pp
+.Fn krb5_string_to_key_data_salt_opaque
+is the function that does all the work, the rest of the functions are
+just wrapers around
+.Fn krb5_string_to_key_data_salt_opaque
+that calls it with default values.
+.Pp
+.Fn krb5_string_to_key_data_salt_opaque
+transforms the
+.Fa password
+with the given salt-string
+.Fa salt
+and the opaque, encryption type specific parameter
+.Fa opaque
+to a encryption key
+.Fa key
+according to the string to key function associated with
+.Fa enctype .
+.Pp
+The
+.Fa key
+should be freed with
+.Fn krb5_free_keyblock_contents .
+.Pp
+If one of the functions that doesn't take a
+.Li krb5_salt
+as it argument
+.Fn krb5_get_pw_salt
+is used to get the salt value.
+.Pp
+.Fn krb5_get_pw_salt
+get the default password salt for a principal, use
+.Fn krb5_free_salt
+to free the salt when done.
+.Pp
+.Fn krb5_free_salt
+frees the content of
+.Fa salt .
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_data 3 ,
+.Xr krb5_keyblock 3 ,
+.Xr kerberos 8
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_ticket.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_ticket.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_ticket.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,137 @@
+.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_ticket.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_TICKET 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_ticket ,
+.Nm krb5_free_ticket ,
+.Nm krb5_copy_ticket ,
+.Nm krb5_ticket_get_authorization_data_type ,
+.Nm krb5_ticket_get_client ,
+.Nm krb5_ticket_get_server ,
+.Nm krb5_ticket_get_endtime
+.Nd Kerberos 5 ticket access and handling functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li krb5_ticket ;
+.Pp
+.Ft krb5_error_code
+.Fo krb5_free_ticket
+.Fa "krb5_context context"
+.Fa "krb5_ticket *ticket"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_copy_ticket
+.Fa "krb5_context context"
+.Fa "const krb5_ticket *from"
+.Fa "krb5_ticket **to"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_ticket_get_authorization_data_type
+.Fa "krb5_context context"
+.Fa "krb5_ticket *ticket"
+.Fa "int type"
+.Fa "krb5_data *data"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_ticket_get_client
+.Fa "krb5_context context"
+.Fa "const krb5_ticket *ticket"
+.Fa "krb5_principal *client"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_ticket_get_server
+.Fa "krb5_context context"
+.Fa "const krb5_ticket *ticket"
+.Fa "krb5_principal *server"
+.Fc
+.Ft time_t
+.Fo krb5_ticket_get_endtime
+.Fa "krb5_context context"
+.Fa "const krb5_ticket *ticket"
+.Fc
+.Sh DESCRIPTION
+.Li krb5_ticket
+holds a kerberos ticket.
+The internals of the structure should never be accessed directly,
+functions exist for extracting information.
+.Pp
+.Fn krb5_free_ticket
+frees the
+.Fa ticket
+and its content.
+Used to free the result of
+.Fn krb5_copy_ticket
+and
+.Fn krb5_recvauth .
+.Pp
+.Fn krb5_copy_ticket
+copies the content of the ticket
+.Fa from
+to the ticket
+.Fa to .
+The result
+.Fa to
+should be freed with
+.Fn krb5_free_ticket .
+.Pp
+.Fn krb5_ticket_get_authorization_data_type
+fetches the authorization data of the type
+.Fa type
+from the
+.Fa ticket .
+If there isn't any authorization data of type
+.Fa type ,
+.Dv ENOENT
+is returned.
+.Fa data
+needs to be freed with
+.Fn krb5_data_free
+on success.
+.Pp
+.Fn krb5_ticket_get_client
+and
+.Fn krb5_ticket_get_server
+returns a copy of the client/server principal from the ticket.
+The principal returned should be free using
+.Xr krb5_free_principal 3 .
+.Pp
+.Fn krb5_ticket_get_endtime
+return the end time of the ticket.
+.Sh SEE ALSO
+.Xr krb5 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_timeofday.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_timeofday.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_timeofday.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+.\" $Id: krb5_timeofday.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.\" Copyright (c) 2001, 2003, 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_timeofday.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd Sepember 16, 2006
+.Dt KRB5_TIMEOFDAY 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_timeofday ,
+.Nm krb5_set_real_time ,
+.Nm krb5_us_timeofday ,
+.Nm krb5_format_time ,
+.Nm krb5_string_to_deltat
+.Nd Kerberos 5 time handling functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li krb5_timestamp ;
+.Pp
+.Li krb5_deltat ;
+.Ft krb5_error_code
+.Fo krb5_set_real_time
+.Fa "krb5_context context"
+.Fa "krb5_timestamp sec"
+.Fa "int32_t usec"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_timeofday
+.Fa "krb5_context context"
+.Fa "krb5_timestamp *timeret"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_us_timeofday
+.Fa "krb5_context context"
+.Fa "krb5_timestamp *sec"
+.Fa "int32_t *usec"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_format_time
+.Fa "krb5_context context"
+.Fa "time_t t"
+.Fa "char *s"
+.Fa "size_t len"
+.Fa "krb5_boolean include_time"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_string_to_deltat
+.Fa "const char *string"
+.Fa "krb5_deltat *deltat"
+.Fc
+.Sh DESCRIPTION
+.Nm krb5_set_real_time
+sets the absolute time that the caller knows the KDC has.
+With this the Kerberos library can calculate the relative
+difference between the KDC time and the local system time and store it
+in the
+.Fa context .
+With this information the Kerberos library can adjust all time stamps
+in Kerberos packages.
+.Pp
+.Fn krb5_timeofday
+returns the current time, but adjusted with the time difference
+between the local host and the KDC.
+.Fn krb5_us_timeofday
+also returns microseconds.
+.Pp
+.Nm krb5_format_time
+formats the time
+.Fa t
+into the string
+.Fa s
+of length
+.Fa len .
+If
+.Fa include_time
+is set, the time is set include_time.
+.Pp
+.Nm krb5_string_to_deltat
+parses delta time
+.Fa string
+into
+.Fa deltat .
+.Sh SEE ALSO
+.Xr gettimeofday 2 ,
+.Xr krb5 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_unparse_name.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_unparse_name.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_unparse_name.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+.\" Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_unparse_name.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd August 8, 1997
+.Dt KRB5_UNPARSE_NAME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_unparse_name
+.\" .Nm krb5_unparse_name_ext
+.Nd principal to string conversion
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name"
+.\" .Ft krb5_error_code
+.\" .Fn krb5_unparse_name_ext "krb5_context context" "krb5_const_principal principal" "char **name" "size_t *size"
+.Sh DESCRIPTION
+This function takes a
+.Fa principal ,
+and will convert in to a printable representation with the same syntax
+as described in
+.Xr krb5_parse_name 3 .
+.Fa *name
+will point to allocated data and should be freed by the caller.
+.Sh SEE ALSO
+.Xr krb5_425_conv_principal 3 ,
+.Xr krb5_build_principal 3 ,
+.Xr krb5_free_principal 3 ,
+.Xr krb5_parse_name 3 ,
+.Xr krb5_sname_to_principal 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_init_creds.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_init_creds.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_init_creds.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,103 @@
+.\" Copyright (c) 2003 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_verify_init_creds.3,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_VERIFY_INIT_CREDS 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_verify_init_creds_opt_init ,
+.Nm krb5_verify_init_creds_opt_set_ap_req_nofail ,
+.Nm krb5_verify_init_creds
+.Nd "verifies a credential cache is correct by using a local keytab"
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Pp
+.Li "struct krb5_verify_init_creds_opt;"
+.Ft void
+.Fo krb5_verify_init_creds_opt_init
+.Fa "krb5_verify_init_creds_opt *options"
+.Fc
+.Ft void
+.Fo krb5_verify_init_creds_opt_set_ap_req_nofail
+.Fa "krb5_verify_init_creds_opt *options"
+.Fa "int ap_req_nofail"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_verify_init_creds
+.Fa "krb5_context context"
+.Fa "krb5_creds *creds"
+.Fa "krb5_principal ap_req_server"
+.Fa "krb5_ccache *ccache"
+.Fa "krb5_verify_init_creds_opt *options"
+.Fc
+.Sh DESCRIPTION
+The
+.Nm krb5_verify_init_creds
+function verifies the initial tickets with the local keytab to make
+sure the response of the KDC was spoof-ed.
+.Pp
+.Nm krb5_verify_init_creds
+will use principal
+.Fa ap_req_server
+from the local keytab, if
+.Dv NULL
+is passed in, the code will guess the local hostname and use that to
+form host/hostname/GUESSED-REALM-FOR-HOSTNAME.
+.Fa creds
+is the credential that
+.Nm krb5_verify_init_creds
+should verify.
+If
+.Fa ccache
+is given
+.Fn krb5_verify_init_creds
+stores all credentials it fetched from the KDC there, otherwise it
+will use a memory credential cache that is destroyed when done.
+.Pp
+.Fn krb5_verify_init_creds_opt_init
+cleans the the structure, must be used before trying to pass it in to
+.Fn krb5_verify_init_creds .
+.Pp
+.Fn krb5_verify_init_creds_opt_set_ap_req_nofail
+controls controls the behavior if
+.Fa ap_req_server
+doesn't exists in the local keytab or in the KDC's database, if it's
+true, the error will be ignored. Note that this use is possible
+insecure.
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_get_init_creds 3 ,
+.Xr krb5_verify_user 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_user.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_user.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_verify_user.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,241 @@
+.\" Copyright (c) 2001 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_verify_user.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_VERIFY_USER 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_verify_user ,
+.Nm krb5_verify_user_lrealm ,
+.Nm krb5_verify_user_opt ,
+.Nm krb5_verify_opt_init ,
+.Nm krb5_verify_opt_alloc ,
+.Nm krb5_verify_opt_free ,
+.Nm krb5_verify_opt_set_ccache ,
+.Nm krb5_verify_opt_set_flags ,
+.Nm krb5_verify_opt_set_service ,
+.Nm krb5_verify_opt_set_secure ,
+.Nm krb5_verify_opt_set_keytab
+.Nd Heimdal password verifying functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
+.Ft krb5_error_code
+.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service"
+.Ft void
+.Fn krb5_verify_opt_init "krb5_verify_opt *opt"
+.Ft void
+.Fn krb5_verify_opt_alloc "krb5_verify_opt **opt"
+.Ft void
+.Fn krb5_verify_opt_free "krb5_verify_opt *opt"
+.Ft void
+.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache"
+.Ft void
+.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab"
+.Ft void
+.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure"
+.Ft void
+.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service"
+.Ft void
+.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags"
+.Ft krb5_error_code
+.Fo krb5_verify_user_opt
+.Fa "krb5_context context"
+.Fa "krb5_principal principal"
+.Fa "const char *password"
+.Fa "krb5_verify_opt *opt"
+.Fc
+.Sh DESCRIPTION
+The
+.Nm krb5_verify_user
+function verifies the password supplied by a user.
+The principal whose password will be verified is specified in
+.Fa principal .
+New tickets will be obtained as a side-effect and stored in
+.Fa ccache
+(if
+.Dv NULL ,
+the default ccache is used).
+.Fn krb5_verify_user
+will call
+.Fn krb5_cc_initialize
+on the given
+.Fa ccache ,
+so
+.Fa ccache
+must only initialized with
+.Fn krb5_cc_resolve
+or
+.Fn krb5_cc_gen_new .
+If the password is not supplied in
+.Fa password
+(and is given as
+.Dv NULL )
+the user will be prompted for it.
+If
+.Fa secure
+the ticket will be verified against the locally stored service key
+.Fa service
+(by default
+.Ql host
+if given as
+.Dv NULL
+).
+.Pp
+The
+.Fn krb5_verify_user_lrealm
+function does the same, except that it ignores the realm in
+.Fa principal
+and tries all the local realms (see
+.Xr krb5.conf 5 ) .
+After a successful return, the principal is set to the authenticated
+realm. If the call fails, the principal will not be meaningful, and
+should only be freed with
+.Xr krb5_free_principal 3 .
+.Pp
+.Fn krb5_verify_opt_alloc
+and
+.Fn krb5_verify_opt_free
+allocates and frees a
+.Li krb5_verify_opt .
+You should use the the alloc and free function instead of allocation
+the structure yourself, this is because in a future release the
+structure wont be exported.
+.Pp
+.Fn krb5_verify_opt_init
+resets all opt to default values.
+.Pp
+None of the krb5_verify_opt_set function makes a copy of the data
+structure that they are called with. It's up the caller to free them
+after the
+.Fn krb5_verify_user_opt
+is called.
+.Pp
+.Fn krb5_verify_opt_set_ccache
+sets the
+.Fa ccache
+that user of
+.Fa opt
+will use. If not set, the default credential cache will be used.
+.Pp
+.Fn krb5_verify_opt_set_keytab
+sets the
+.Fa keytab
+that user of
+.Fa opt
+will use. If not set, the default keytab will be used.
+.Pp
+.Fn krb5_verify_opt_set_secure
+if
+.Fa secure
+if true, the password verification will require that the ticket will
+be verified against the locally stored service key. If not set,
+default value is true.
+.Pp
+.Fn krb5_verify_opt_set_service
+sets the
+.Fa service
+principal that user of
+.Fa opt
+will use. If not set, the
+.Ql host
+service will be used.
+.Pp
+.Fn krb5_verify_opt_set_flags
+sets
+.Fa flags
+that user of
+.Fa opt
+will use.
+If the flag
+.Dv KRB5_VERIFY_LREALMS
+is used, the
+.Fa principal
+will be modified like
+.Fn krb5_verify_user_lrealm
+modifies it.
+.Pp
+.Fn krb5_verify_user_opt
+function verifies the
+.Fa password
+supplied by a user.
+The principal whose password will be verified is specified in
+.Fa principal .
+Options the to the verification process is pass in in
+.Fa opt .
+.Sh EXAMPLES
+Here is a example program that verifies a password. it uses the
+.Ql host/`hostname`
+service principal in
+.Pa krb5.keytab .
+.Bd -literal
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+{
+ char *user;
+ krb5_error_code error;
+ krb5_principal princ;
+ krb5_context context;
+
+ if (argc != 2)
+ errx(1, "usage: verify_passwd <principal-name>");
+
+ user = argv[1];
+
+ if (krb5_init_context(&context) < 0)
+ errx(1, "krb5_init_context");
+
+ if ((error = krb5_parse_name(context, user, &princ)) != 0)
+ krb5_err(context, 1, error, "krb5_parse_name");
+
+ error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
+ if (error)
+ krb5_err(context, 1, error, "krb5_verify_user");
+
+ return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr krb5_cc_gen_new 3 ,
+.Xr krb5_cc_initialize 3 ,
+.Xr krb5_cc_resolve 3 ,
+.Xr krb5_err 3 ,
+.Xr krb5_free_principal 3 ,
+.Xr krb5_init_context 3 ,
+.Xr krb5_kt_default 3 ,
+.Xr krb5.conf 5
Added: vendor-crypto/heimdal/dist/lib/krb5/krb5_warn.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb5_warn.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb5_warn.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,233 @@
+.\" Copyright (c) 1997, 2001 - 2006 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5_warn.3,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd May 1, 2006
+.Dt KRB5_WARN 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_abort ,
+.Nm krb5_abortx ,
+.Nm krb5_clear_error_string ,
+.Nm krb5_err ,
+.Nm krb5_errx ,
+.Nm krb5_free_error_string ,
+.Nm krb5_get_err_text ,
+.Nm krb5_get_error_message ,
+.Nm krb5_get_error_string ,
+.Nm krb5_have_error_string ,
+.Nm krb5_set_error_string ,
+.Nm krb5_set_warn_dest ,
+.Nm krb5_get_warn_dest ,
+.Nm krb5_vabort ,
+.Nm krb5_vabortx ,
+.Nm krb5_verr ,
+.Nm krb5_verrx ,
+.Nm krb5_vset_error_string ,
+.Nm krb5_vwarn ,
+.Nm krb5_vwarnx ,
+.Nm krb5_warn ,
+.Nm krb5_warnx
+.Nd Heimdal warning and error functions
+.Sh LIBRARY
+Kerberos 5 Library (libkrb5, -lkrb5)
+.Sh SYNOPSIS
+.In krb5.h
+.Ft krb5_error_code
+.Fn krb5_abort "krb5_context context" "krb5_error_code code" "const char *fmt" "..."
+.Ft krb5_error_code
+.Fn krb5_abortx "krb5_context context" "krb5_error_code code" "const char *fmt" "..."
+.Ft void
+.Fn krb5_clear_error_string "krb5_context context"
+.Ft krb5_error_code
+.Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..."
+.Ft krb5_error_code
+.Fn krb5_errx "krb5_context context" "int eval" "const char *format" "..."
+.Ft void
+.Fn krb5_free_error_string "krb5_context context" "char *str"
+.Ft krb5_error_code
+.Fn krb5_verr "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "va_list ap"
+.Ft krb5_error_code
+.Fn krb5_verrx "krb5_context context" "int eval" "const char *format" "va_list ap"
+.Ft krb5_error_code
+.Fn krb5_vset_error_string "krb5_context context" "const char *fmt" "va_list args"
+.Ft krb5_error_code
+.Fn krb5_vwarn "krb5_context context" "krb5_error_code code" "const char *format" "va_list ap"
+.Ft krb5_error_code
+.Fn krb5_vwarnx "krb5_context context" "const char *format" "va_list ap"
+.Ft krb5_error_code
+.Fn krb5_warn "krb5_context context" "krb5_error_code code" "const char *format" "..."
+.Ft krb5_error_code
+.Fn krb5_warnx "krb5_context context" "const char *format" "..."
+.Ft krb5_error_code
+.Fn krb5_set_error_string "krb5_context context" "const char *fmt" "..."
+.Ft krb5_error_code
+.Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility"
+.Ft "char *"
+.Ft krb5_log_facility *
+.Fo krb5_get_warn_dest
+.Fa "krb5_context context"
+.Fc
+.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code"
+.Ft char*
+.Fn krb5_get_error_string "krb5_context context"
+.Ft char*
+.Fn krb5_get_error_message "krb5_context context, krb5_error_code code"
+.Ft krb5_boolean
+.Fn krb5_have_error_string "krb5_context context"
+.Ft krb5_error_code
+.Fn krb5_vabortx "krb5_context context" "const char *fmt" "va_list ap"
+.Ft krb5_error_code
+.Fn krb5_vabort "krb5_context context" "const char *fmt" "va_list ap"
+.Sh DESCRIPTION
+These functions print a warning message to some destination.
+.Fa format
+is a printf style format specifying the message to print. The forms not ending in an
+.Dq x
+print the error string associated with
+.Fa code
+along with the message.
+The
+.Dq err
+functions exit with exit status
+.Fa eval
+after printing the message.
+.Pp
+Applications that want to get the error message to report it to a user
+or store it in a log want to use
+.Fn krb5_get_error_message .
+.Pp
+The
+.Fn krb5_set_warn_func
+function sets the destination for warning messages to the specified
+.Fa facility .
+Messages logged with the
+.Dq warn
+functions have a log level of 1, while the
+.Dq err
+functions log with level 0.
+.Pp
+.Fn krb5_get_err_text
+fetches the human readable strings describing the error-code.
+.Pp
+.Fn krb5_abort
+and
+.Nm krb5_abortx
+behaves like
+.Nm krb5_err
+and
+.Nm krb5_errx
+but instead of exiting using the
+.Xr exit 3
+call,
+.Xr abort 3
+is used.
+.Pp
+.Fn krb5_free_error_string
+frees the error string
+.Fa str
+returned by
+.Fn krb5_get_error_string .
+.Pp
+.Fn krb5_clear_error_string
+clears the error string from the
+.Fa context .
+.Pp
+.Fn krb5_set_error_string
+and
+.Fn krb5_vset_error_string
+sets an verbose error string in
+.Fa context .
+.Pp
+.Fn krb5_get_error_string
+fetches the error string from
+.Fa context .
+The error message in the context is consumed and must be freed using
+.Fn krb5_free_error_string
+by the caller.
+See also
+.Fn krb5_get_error_message ,
+what is usually less verbose to use.
+.Pp
+.Fn krb5_have_error_string
+returns
+.Dv TRUE
+if there is a verbose error message in the
+.Fa context .
+.Pp
+.Fn krb5_get_error_message
+fetches the error string from the context, or if there
+is no customized error string in
+.Fa context ,
+uses
+.Fa code
+to return a error string.
+In either case, the error message in the context is consumed and must
+be freed using
+.Fn krb5_free_error_string
+by the caller.
+.Pp
+.Fn krb5_set_warn_dest
+and
+.Fn krb5_get_warn_dest
+sets and get the log context that is used by
+.Fn krb5_warn
+and friends. By using this the application can control where the
+output should go. For example, this is imperative to inetd servers
+where logging status and error message will end up on the output
+stream to the client.
+.Sh EXAMPLES
+Below is a simple example how to report error messages from the
+Kerberos library in an application.
+.Bd -literal
+#include <krb5.h>
+
+krb5_error_code
+function (krb5_context context)
+{
+ krb5_error_code ret;
+
+ ret = krb5_function (context, arg1, arg2);
+ if (ret) {
+ char *s = krb5_get_error_message(context, ret);
+ if (s == NULL)
+ errx(1, "kerberos error: %d (and out of memory)", ret);
+ application_logger("krb5_function failed: %s", s);
+ krb5_free_error_string(context, s);
+ return ret;
+ }
+ return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr krb5 3 ,
+.Xr krb5_openlog 3
Added: vendor-crypto/heimdal/dist/lib/krb5/krb_err.et
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krb_err.et (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krb_err.et 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+#
+# Error messages for the krb4 library
+#
+# This might look like a com_err file, but is not
+#
+id "$Id: krb_err.et,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $"
+
+error_table krb
+
+prefix KRB4ET
+ec KSUCCESS, "Kerberos 4 successful"
+ec KDC_NAME_EXP, "Kerberos 4 principal expired"
+ec KDC_SERVICE_EXP, "Kerberos 4 service expired"
+ec KDC_AUTH_EXP, "Kerberos 4 auth expired"
+ec KDC_PKT_VER, "Incorrect Kerberos 4 master key version"
+ec KDC_P_MKEY_VER, "Incorrect Kerberos 4 master key version"
+ec KDC_S_MKEY_VER, "Incorrect Kerberos 4 master key version"
+ec KDC_BYTE_ORDER, "Kerberos 4 byte order unknown"
+ec KDC_PR_UNKNOWN, "Kerberos 4 principal unknown"
+ec KDC_PR_N_UNIQUE, "Kerberos 4 principal not unique"
+ec KDC_NULL_KEY, "Kerberos 4 principal has null key"
+index 20
+ec KDC_GEN_ERR, "Generic error from KDC (Kerberos 4)"
+ec GC_TKFIL, "Can't read Kerberos 4 ticket file"
+ec GC_NOTKT, "Can't find Kerberos 4 ticket or TGT"
+index 26
+ec MK_AP_TGTEXP, "Kerberos 4 TGT Expired"
+index 31
+ec RD_AP_UNDEC, "Kerberos 4: Can't decode authenticator"
+ec RD_AP_EXP, "Kerberos 4 ticket expired"
+ec RD_AP_NYV, "Kerberos 4 ticket not yet valid"
+ec RD_AP_REPEAT, "Kerberos 4: Repeated request"
+ec RD_AP_NOT_US, "The Kerberos 4 ticket isn't for us"
+ec RD_AP_INCON, "Kerberos 4 request inconsistent"
+ec RD_AP_TIME, "Kerberos 4: delta_t too big"
+ec RD_AP_BADD, "Kerberos 4: incorrect net address"
+ec RD_AP_VERSION, "Kerberos protocol not version 4"
+ec RD_AP_MSG_TYPE, "Kerberos 4: invalid msg type"
+ec RD_AP_MODIFIED, "Kerberos 4: message stream modified"
+ec RD_AP_ORDER, "Kerberos 4: message out of order"
+ec RD_AP_UNAUTHOR, "Kerberos 4: unauthorized request"
+index 51
+ec GT_PW_NULL, "Kerberos 4: current PW is null"
+ec GT_PW_BADPW, "Kerberos 4: Incorrect current password"
+ec GT_PW_PROT, "Kerberos 4 protocol error"
+ec GT_PW_KDCERR, "Error returned by KDC (Kerberos 4)"
+ec GT_PW_NULLTKT, "Null Kerberos 4 ticket returned by KDC"
+ec SKDC_RETRY, "Kerberos 4: Retry count exceeded"
+ec SKDC_CANT, "Kerberos 4: Can't send request"
+index 61
+ec INTK_W_NOTALL, "Kerberos 4: not all tickets returned"
+ec INTK_BADPW, "Kerberos 4: incorrect password"
+ec INTK_PROT, "Kerberos 4: Protocol Error"
+index 70
+ec INTK_ERR, "Other error in Kerberos 4"
+ec AD_NOTGT, "Don't have Kerberos 4 ticket-granting ticket"
+index 76
+ec NO_TKT_FIL, "No Kerberos 4 ticket file found"
+ec TKT_FIL_ACC, "Couldn't access Kerberos 4 ticket file"
+ec TKT_FIL_LCK, "Couldn't lock Kerberos 4 ticket file"
+ec TKT_FIL_FMT, "Bad Kerberos 4 ticket file format"
+ec TKT_FIL_INI, "Kerberos 4: tf_init not called first"
+ec KNAME_FMT, "Bad Kerberos 4 name format"
Added: vendor-crypto/heimdal/dist/lib/krb5/krbhst-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krbhst-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krbhst-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2001 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: krbhst-test.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[realms ...]");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int i, j;
+ krb5_context context;
+ int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW,
+ KRB5_KRBHST_KRB524};
+ const char *type_str[] = {"kdc", "admin", "changepw", "krb524"};
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ krb5_init_context (&context);
+ for(i = 0; i < argc; i++) {
+ krb5_krbhst_handle handle;
+ char host[MAXHOSTNAMELEN];
+
+ for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
+ printf ("%s for %s:\n", type_str[j], argv[i]);
+
+ krb5_krbhst_init(context, argv[i], types[j], &handle);
+ while(krb5_krbhst_next_as_string(context, handle,
+ host, sizeof(host)) == 0)
+ printf("%s\n", host);
+ krb5_krbhst_reset(context, handle);
+ printf ("\n");
+ }
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/krbhst.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/krbhst.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/krbhst.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1010 @@
+/*
+ * Copyright (c) 2001 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <resolve.h>
+#include "locate_plugin.h"
+
+RCSID("$Id: krbhst.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int
+string_to_proto(const char *string)
+{
+ if(strcasecmp(string, "udp") == 0)
+ return KRB5_KRBHST_UDP;
+ else if(strcasecmp(string, "tcp") == 0)
+ return KRB5_KRBHST_TCP;
+ else if(strcasecmp(string, "http") == 0)
+ return KRB5_KRBHST_HTTP;
+ return -1;
+}
+
+/*
+ * set `res' and `count' to the result of looking up SRV RR in DNS for
+ * `proto', `proto', `realm' using `dns_type'.
+ * if `port' != 0, force that port number
+ */
+
+static krb5_error_code
+srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
+ const char *realm, const char *dns_type,
+ const char *proto, const char *service, int port)
+{
+ char domain[1024];
+ struct dns_reply *r;
+ struct resource_record *rr;
+ int num_srv;
+ int proto_num;
+ int def_port;
+
+ *res = NULL;
+ *count = 0;
+
+ proto_num = string_to_proto(proto);
+ if(proto_num < 0) {
+ krb5_set_error_string(context, "unknown protocol `%s'", proto);
+ return EINVAL;
+ }
+
+ if(proto_num == KRB5_KRBHST_HTTP)
+ def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
+ else if(port == 0)
+ def_port = ntohs(krb5_getportbyname (context, service, proto, 88));
+ else
+ def_port = port;
+
+ snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm);
+
+ r = dns_lookup(domain, dns_type);
+ if(r == NULL)
+ return KRB5_KDC_UNREACH;
+
+ for(num_srv = 0, rr = r->head; rr; rr = rr->next)
+ if(rr->type == T_SRV)
+ num_srv++;
+
+ *res = malloc(num_srv * sizeof(**res));
+ if(*res == NULL) {
+ dns_free_data(r);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ dns_srv_order(r);
+
+ for(num_srv = 0, rr = r->head; rr; rr = rr->next)
+ if(rr->type == T_SRV) {
+ krb5_krbhst_info *hi;
+ size_t len = strlen(rr->u.srv->target);
+
+ hi = calloc(1, sizeof(*hi) + len);
+ if(hi == NULL) {
+ dns_free_data(r);
+ while(--num_srv >= 0)
+ free((*res)[num_srv]);
+ free(*res);
+ *res = NULL;
+ return ENOMEM;
+ }
+ (*res)[num_srv++] = hi;
+
+ hi->proto = proto_num;
+
+ hi->def_port = def_port;
+ if (port != 0)
+ hi->port = port;
+ else
+ hi->port = rr->u.srv->port;
+
+ strlcpy(hi->hostname, rr->u.srv->target, len + 1);
+ }
+
+ *count = num_srv;
+
+ dns_free_data(r);
+ return 0;
+}
+
+
+struct krb5_krbhst_data {
+ char *realm;
+ unsigned int flags;
+ int def_port;
+ int port; /* hardwired port number if != 0 */
+#define KD_CONFIG 1
+#define KD_SRV_UDP 2
+#define KD_SRV_TCP 4
+#define KD_SRV_HTTP 8
+#define KD_FALLBACK 16
+#define KD_CONFIG_EXISTS 32
+#define KD_LARGE_MSG 64
+#define KD_PLUGIN 128
+ krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *,
+ krb5_krbhst_info**);
+
+ unsigned int fallback_count;
+
+ struct krb5_krbhst_info *hosts, **index, **end;
+};
+
+static krb5_boolean
+krbhst_empty(const struct krb5_krbhst_data *kd)
+{
+ return kd->index == &kd->hosts;
+}
+
+/*
+ * Return the default protocol for the `kd' (either TCP or UDP)
+ */
+
+static int
+krbhst_get_default_proto(struct krb5_krbhst_data *kd)
+{
+ if (kd->flags & KD_LARGE_MSG)
+ return KRB5_KRBHST_TCP;
+ return KRB5_KRBHST_UDP;
+}
+
+
+/*
+ * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port'
+ * and forcing it to `port' if port != 0
+ */
+
+static struct krb5_krbhst_info*
+parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd,
+ const char *spec, int def_port, int port)
+{
+ const char *p = spec;
+ struct krb5_krbhst_info *hi;
+
+ hi = calloc(1, sizeof(*hi) + strlen(spec));
+ if(hi == NULL)
+ return NULL;
+
+ hi->proto = krbhst_get_default_proto(kd);
+
+ if(strncmp(p, "http://", 7) == 0){
+ hi->proto = KRB5_KRBHST_HTTP;
+ p += 7;
+ } else if(strncmp(p, "http/", 5) == 0) {
+ hi->proto = KRB5_KRBHST_HTTP;
+ p += 5;
+ def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80));
+ }else if(strncmp(p, "tcp/", 4) == 0){
+ hi->proto = KRB5_KRBHST_TCP;
+ p += 4;
+ } else if(strncmp(p, "udp/", 4) == 0) {
+ p += 4;
+ }
+
+ if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) {
+ free(hi);
+ return NULL;
+ }
+ /* get rid of trailing /, and convert to lower case */
+ hi->hostname[strcspn(hi->hostname, "/")] = '\0';
+ strlwr(hi->hostname);
+
+ hi->port = hi->def_port = def_port;
+ if(p != NULL) {
+ char *end;
+ hi->port = strtol(p, &end, 0);
+ if(end == p) {
+ free(hi);
+ return NULL;
+ }
+ }
+ if (port)
+ hi->port = port;
+ return hi;
+}
+
+void
+_krb5_free_krbhst_info(krb5_krbhst_info *hi)
+{
+ if (hi->ai != NULL)
+ freeaddrinfo(hi->ai);
+ free(hi);
+}
+
+krb5_error_code
+_krb5_krbhost_info_move(krb5_context context,
+ krb5_krbhst_info *from,
+ krb5_krbhst_info **to)
+{
+ size_t hostnamelen = strlen(from->hostname);
+ /* trailing NUL is included in structure */
+ *to = calloc(1, sizeof(**to) + hostnamelen);
+ if(*to == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ (*to)->proto = from->proto;
+ (*to)->port = from->port;
+ (*to)->def_port = from->def_port;
+ (*to)->ai = from->ai;
+ from->ai = NULL;
+ (*to)->next = NULL;
+ memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
+ return 0;
+}
+
+
+static void
+append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host)
+{
+ struct krb5_krbhst_info *h;
+
+ for(h = kd->hosts; h; h = h->next)
+ if(h->proto == host->proto &&
+ h->port == host->port &&
+ strcmp(h->hostname, host->hostname) == 0) {
+ _krb5_free_krbhst_info(host);
+ return;
+ }
+ *kd->end = host;
+ kd->end = &host->next;
+}
+
+static krb5_error_code
+append_host_string(krb5_context context, struct krb5_krbhst_data *kd,
+ const char *host, int def_port, int port)
+{
+ struct krb5_krbhst_info *hi;
+
+ hi = parse_hostspec(context, kd, host, def_port, port);
+ if(hi == NULL)
+ return ENOMEM;
+
+ append_host_hostinfo(kd, hi);
+ return 0;
+}
+
+/*
+ * return a readable representation of `host' in `hostname, hostlen'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host,
+ char *hostname, size_t hostlen)
+{
+ const char *proto = "";
+ char portstr[7] = "";
+ if(host->proto == KRB5_KRBHST_TCP)
+ proto = "tcp/";
+ else if(host->proto == KRB5_KRBHST_HTTP)
+ proto = "http://";
+ if(host->port != host->def_port)
+ snprintf(portstr, sizeof(portstr), ":%d", host->port);
+ snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr);
+ return 0;
+}
+
+/*
+ * create a getaddrinfo `hints' based on `proto'
+ */
+
+static void
+make_hints(struct addrinfo *hints, int proto)
+{
+ memset(hints, 0, sizeof(*hints));
+ hints->ai_family = AF_UNSPEC;
+ switch(proto) {
+ case KRB5_KRBHST_UDP :
+ hints->ai_socktype = SOCK_DGRAM;
+ break;
+ case KRB5_KRBHST_HTTP :
+ case KRB5_KRBHST_TCP :
+ hints->ai_socktype = SOCK_STREAM;
+ break;
+ }
+}
+
+/*
+ * return an `struct addrinfo *' in `ai' corresponding to the information
+ * in `host'. free:ing is handled by krb5_krbhst_free.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
+ struct addrinfo **ai)
+{
+ struct addrinfo hints;
+ char portstr[NI_MAXSERV];
+ int ret;
+
+ if (host->ai == NULL) {
+ make_hints(&hints, host->proto);
+ snprintf (portstr, sizeof(portstr), "%d", host->port);
+ ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
+ if (ret)
+ return krb5_eai_to_heim_errno(ret, errno);
+ }
+ *ai = host->ai;
+ return 0;
+}
+
+static krb5_boolean
+get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host)
+{
+ struct krb5_krbhst_info *hi = *kd->index;
+ if(hi != NULL) {
+ *host = hi;
+ kd->index = &(*kd->index)->next;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+static void
+srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
+ const char *proto, const char *service)
+{
+ krb5_krbhst_info **res;
+ int count, i;
+
+ if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service,
+ kd->port))
+ return;
+ for(i = 0; i < count; i++)
+ append_host_hostinfo(kd, res[i]);
+ free(res);
+}
+
+/*
+ * read the configuration for `conf_string', defaulting to kd->def_port and
+ * forcing it to `kd->port' if kd->port != 0
+ */
+
+static void
+config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
+ const char *conf_string)
+{
+ int i;
+
+ char **hostlist;
+ hostlist = krb5_config_get_strings(context, NULL,
+ "realms", kd->realm, conf_string, NULL);
+
+ if(hostlist == NULL)
+ return;
+ kd->flags |= KD_CONFIG_EXISTS;
+ for(i = 0; hostlist && hostlist[i] != NULL; i++)
+ append_host_string(context, kd, hostlist[i], kd->def_port, kd->port);
+
+ krb5_config_free_strings(hostlist);
+}
+
+/*
+ * as a fallback, look for `serv_string.kd->realm' (typically
+ * kerberos.REALM, kerberos-1.REALM, ...
+ * `port' is the default port for the service, and `proto' the
+ * protocol
+ */
+
+static krb5_error_code
+fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd,
+ const char *serv_string, int port, int proto)
+{
+ char *host;
+ int ret;
+ struct addrinfo *ai;
+ struct addrinfo hints;
+ char portstr[NI_MAXSERV];
+
+ /*
+ * Don't try forever in case the DNS server keep returning us
+ * entries (like wildcard entries or the .nu TLD)
+ */
+ if(kd->fallback_count >= 5) {
+ kd->flags |= KD_FALLBACK;
+ return 0;
+ }
+
+ if(kd->fallback_count == 0)
+ asprintf(&host, "%s.%s.", serv_string, kd->realm);
+ else
+ asprintf(&host, "%s-%d.%s.",
+ serv_string, kd->fallback_count, kd->realm);
+
+ if (host == NULL)
+ return ENOMEM;
+
+ make_hints(&hints, proto);
+ snprintf(portstr, sizeof(portstr), "%d", port);
+ ret = getaddrinfo(host, portstr, &hints, &ai);
+ if (ret) {
+ /* no more hosts, so we're done here */
+ free(host);
+ kd->flags |= KD_FALLBACK;
+ } else {
+ struct krb5_krbhst_info *hi;
+ size_t hostlen = strlen(host);
+
+ hi = calloc(1, sizeof(*hi) + hostlen);
+ if(hi == NULL) {
+ free(host);
+ return ENOMEM;
+ }
+
+ hi->proto = proto;
+ hi->port = hi->def_port = port;
+ hi->ai = ai;
+ memmove(hi->hostname, host, hostlen);
+ hi->hostname[hostlen] = '\0';
+ free(host);
+ append_host_hostinfo(kd, hi);
+ kd->fallback_count++;
+ }
+ return 0;
+}
+
+/*
+ * Fetch hosts from plugin
+ */
+
+static krb5_error_code
+add_locate(void *ctx, int type, struct sockaddr *addr)
+{
+ struct krb5_krbhst_info *hi;
+ struct krb5_krbhst_data *kd = ctx;
+ char host[NI_MAXHOST], port[NI_MAXSERV];
+ struct addrinfo hints, *ai;
+ socklen_t socklen;
+ size_t hostlen;
+ int ret;
+
+ socklen = socket_sockaddr_size(addr);
+
+ ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+ if (ret != 0)
+ return 0;
+
+ make_hints(&hints, krbhst_get_default_proto(kd));
+ ret = getaddrinfo(host, port, &hints, &ai);
+ if (ret)
+ return 0;
+
+ hostlen = strlen(host);
+
+ hi = calloc(1, sizeof(*hi) + hostlen);
+ if(hi == NULL)
+ return ENOMEM;
+
+ hi->proto = krbhst_get_default_proto(kd);
+ hi->port = hi->def_port = socket_get_port(addr);
+ hi->ai = ai;
+ memmove(hi->hostname, host, hostlen);
+ hi->hostname[hostlen] = '\0';
+ append_host_hostinfo(kd, hi);
+
+ return 0;
+}
+
+static void
+plugin_get_hosts(krb5_context context,
+ struct krb5_krbhst_data *kd,
+ enum locate_service_type type)
+{
+ struct krb5_plugin *list = NULL, *e;
+ krb5_error_code ret;
+
+ ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list);
+ if(ret != 0 || list == NULL)
+ return;
+
+ kd->flags |= KD_CONFIG_EXISTS;
+
+ for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
+ krb5plugin_service_locate_ftable *service;
+ void *ctx;
+
+ service = _krb5_plugin_get_symbol(e);
+ if (service->minor_version != 0)
+ continue;
+
+ (*service->init)(context, &ctx);
+ ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
+ (*service->fini)(ctx);
+ if (ret) {
+ krb5_set_error_string(context, "Plugin failed to lookup");
+ break;
+ }
+ }
+ _krb5_plugin_free(list);
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+kdc_get_next(krb5_context context,
+ struct krb5_krbhst_data *kd,
+ krb5_krbhst_info **host)
+{
+ krb5_error_code ret;
+
+ if ((kd->flags & KD_PLUGIN) == 0) {
+ plugin_get_hosts(context, kd, locate_service_kdc);
+ kd->flags |= KD_PLUGIN;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if((kd->flags & KD_CONFIG) == 0) {
+ config_get_hosts(context, kd, "kdc");
+ kd->flags |= KD_CONFIG;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if (kd->flags & KD_CONFIG_EXISTS)
+ return KRB5_KDC_UNREACH; /* XXX */
+
+ if(context->srv_lookup) {
+ if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) {
+ srv_get_hosts(context, kd, "udp", "kerberos");
+ kd->flags |= KD_SRV_UDP;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if((kd->flags & KD_SRV_TCP) == 0) {
+ srv_get_hosts(context, kd, "tcp", "kerberos");
+ kd->flags |= KD_SRV_TCP;
+ if(get_next(kd, host))
+ return 0;
+ }
+ if((kd->flags & KD_SRV_HTTP) == 0) {
+ srv_get_hosts(context, kd, "http", "kerberos");
+ kd->flags |= KD_SRV_HTTP;
+ if(get_next(kd, host))
+ return 0;
+ }
+ }
+
+ while((kd->flags & KD_FALLBACK) == 0) {
+ ret = fallback_get_hosts(context, kd, "kerberos",
+ kd->def_port,
+ krbhst_get_default_proto(kd));
+ if(ret)
+ return ret;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ return KRB5_KDC_UNREACH; /* XXX */
+}
+
+static krb5_error_code
+admin_get_next(krb5_context context,
+ struct krb5_krbhst_data *kd,
+ krb5_krbhst_info **host)
+{
+ krb5_error_code ret;
+
+ if ((kd->flags & KD_PLUGIN) == 0) {
+ plugin_get_hosts(context, kd, locate_service_kadmin);
+ kd->flags |= KD_PLUGIN;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if((kd->flags & KD_CONFIG) == 0) {
+ config_get_hosts(context, kd, "admin_server");
+ kd->flags |= KD_CONFIG;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if (kd->flags & KD_CONFIG_EXISTS)
+ return KRB5_KDC_UNREACH; /* XXX */
+
+ if(context->srv_lookup) {
+ if((kd->flags & KD_SRV_TCP) == 0) {
+ srv_get_hosts(context, kd, "tcp", "kerberos-adm");
+ kd->flags |= KD_SRV_TCP;
+ if(get_next(kd, host))
+ return 0;
+ }
+ }
+
+ if (krbhst_empty(kd)
+ && (kd->flags & KD_FALLBACK) == 0) {
+ ret = fallback_get_hosts(context, kd, "kerberos",
+ kd->def_port,
+ krbhst_get_default_proto(kd));
+ if(ret)
+ return ret;
+ kd->flags |= KD_FALLBACK;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ return KRB5_KDC_UNREACH; /* XXX */
+}
+
+static krb5_error_code
+kpasswd_get_next(krb5_context context,
+ struct krb5_krbhst_data *kd,
+ krb5_krbhst_info **host)
+{
+ krb5_error_code ret;
+
+ if ((kd->flags & KD_PLUGIN) == 0) {
+ plugin_get_hosts(context, kd, locate_service_kpasswd);
+ kd->flags |= KD_PLUGIN;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if((kd->flags & KD_CONFIG) == 0) {
+ config_get_hosts(context, kd, "kpasswd_server");
+ kd->flags |= KD_CONFIG;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if (kd->flags & KD_CONFIG_EXISTS)
+ return KRB5_KDC_UNREACH; /* XXX */
+
+ if(context->srv_lookup) {
+ if((kd->flags & KD_SRV_UDP) == 0) {
+ srv_get_hosts(context, kd, "udp", "kpasswd");
+ kd->flags |= KD_SRV_UDP;
+ if(get_next(kd, host))
+ return 0;
+ }
+ if((kd->flags & KD_SRV_TCP) == 0) {
+ srv_get_hosts(context, kd, "tcp", "kpasswd");
+ kd->flags |= KD_SRV_TCP;
+ if(get_next(kd, host))
+ return 0;
+ }
+ }
+
+ /* no matches -> try admin */
+
+ if (krbhst_empty(kd)) {
+ kd->flags = 0;
+ kd->port = kd->def_port;
+ kd->get_next = admin_get_next;
+ ret = (*kd->get_next)(context, kd, host);
+ if (ret == 0)
+ (*host)->proto = krbhst_get_default_proto(kd);
+ return ret;
+ }
+
+ return KRB5_KDC_UNREACH; /* XXX */
+}
+
+static krb5_error_code
+krb524_get_next(krb5_context context,
+ struct krb5_krbhst_data *kd,
+ krb5_krbhst_info **host)
+{
+ if ((kd->flags & KD_PLUGIN) == 0) {
+ plugin_get_hosts(context, kd, locate_service_krb524);
+ kd->flags |= KD_PLUGIN;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if((kd->flags & KD_CONFIG) == 0) {
+ config_get_hosts(context, kd, "krb524_server");
+ if(get_next(kd, host))
+ return 0;
+ kd->flags |= KD_CONFIG;
+ }
+
+ if (kd->flags & KD_CONFIG_EXISTS)
+ return KRB5_KDC_UNREACH; /* XXX */
+
+ if(context->srv_lookup) {
+ if((kd->flags & KD_SRV_UDP) == 0) {
+ srv_get_hosts(context, kd, "udp", "krb524");
+ kd->flags |= KD_SRV_UDP;
+ if(get_next(kd, host))
+ return 0;
+ }
+
+ if((kd->flags & KD_SRV_TCP) == 0) {
+ srv_get_hosts(context, kd, "tcp", "krb524");
+ kd->flags |= KD_SRV_TCP;
+ if(get_next(kd, host))
+ return 0;
+ }
+ }
+
+ /* no matches -> try kdc */
+
+ if (krbhst_empty(kd)) {
+ kd->flags = 0;
+ kd->port = kd->def_port;
+ kd->get_next = kdc_get_next;
+ return (*kd->get_next)(context, kd, host);
+ }
+
+ return KRB5_KDC_UNREACH; /* XXX */
+}
+
+static struct krb5_krbhst_data*
+common_init(krb5_context context,
+ const char *realm,
+ int flags)
+{
+ struct krb5_krbhst_data *kd;
+
+ if((kd = calloc(1, sizeof(*kd))) == NULL)
+ return NULL;
+
+ if((kd->realm = strdup(realm)) == NULL) {
+ free(kd);
+ return NULL;
+ }
+
+ /* For 'realms' without a . do not even think of going to DNS */
+ if (!strchr(realm, '.'))
+ kd->flags |= KD_CONFIG_EXISTS;
+
+ if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG)
+ kd->flags |= KD_LARGE_MSG;
+ kd->end = kd->index = &kd->hosts;
+ return kd;
+}
+
+/*
+ * initialize `handle' to look for hosts of type `type' in realm `realm'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_init(krb5_context context,
+ const char *realm,
+ unsigned int type,
+ krb5_krbhst_handle *handle)
+{
+ return krb5_krbhst_init_flags(context, realm, type, 0, handle);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_init_flags(krb5_context context,
+ const char *realm,
+ unsigned int type,
+ int flags,
+ krb5_krbhst_handle *handle)
+{
+ struct krb5_krbhst_data *kd;
+ krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *,
+ krb5_krbhst_info **);
+ int def_port;
+
+ switch(type) {
+ case KRB5_KRBHST_KDC:
+ next = kdc_get_next;
+ def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88));
+ break;
+ case KRB5_KRBHST_ADMIN:
+ next = admin_get_next;
+ def_port = ntohs(krb5_getportbyname (context, "kerberos-adm",
+ "tcp", 749));
+ break;
+ case KRB5_KRBHST_CHANGEPW:
+ next = kpasswd_get_next;
+ def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp",
+ KPASSWD_PORT));
+ break;
+ case KRB5_KRBHST_KRB524:
+ next = krb524_get_next;
+ def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
+ break;
+ default:
+ krb5_set_error_string(context, "unknown krbhst type (%u)", type);
+ return ENOTTY;
+ }
+ if((kd = common_init(context, realm, flags)) == NULL)
+ return ENOMEM;
+ kd->get_next = next;
+ kd->def_port = def_port;
+ *handle = kd;
+ return 0;
+}
+
+/*
+ * return the next host information from `handle' in `host'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_next(krb5_context context,
+ krb5_krbhst_handle handle,
+ krb5_krbhst_info **host)
+{
+ if(get_next(handle, host))
+ return 0;
+
+ return (*handle->get_next)(context, handle, host);
+}
+
+/*
+ * return the next host information from `handle' as a host name
+ * in `hostname' (or length `hostlen)
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_krbhst_next_as_string(krb5_context context,
+ krb5_krbhst_handle handle,
+ char *hostname,
+ size_t hostlen)
+{
+ krb5_error_code ret;
+ krb5_krbhst_info *host;
+ ret = krb5_krbhst_next(context, handle, &host);
+ if(ret)
+ return ret;
+ return krb5_krbhst_format_string(context, host, hostname, hostlen);
+}
+
+
+void KRB5_LIB_FUNCTION
+krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle)
+{
+ handle->index = &handle->hosts;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle)
+{
+ krb5_krbhst_info *h, *next;
+
+ if (handle == NULL)
+ return;
+
+ for (h = handle->hosts; h != NULL; h = next) {
+ next = h->next;
+ _krb5_free_krbhst_info(h);
+ }
+
+ free(handle->realm);
+ free(handle);
+}
+
+/* backwards compatibility ahead */
+
+static krb5_error_code
+gethostlist(krb5_context context, const char *realm,
+ unsigned int type, char ***hostlist)
+{
+ krb5_error_code ret;
+ int nhost = 0;
+ krb5_krbhst_handle handle;
+ char host[MAXHOSTNAMELEN];
+ krb5_krbhst_info *hostinfo;
+
+ ret = krb5_krbhst_init(context, realm, type, &handle);
+ if (ret)
+ return ret;
+
+ while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
+ nhost++;
+ if(nhost == 0) {
+ krb5_set_error_string(context, "No KDC found for realm %s", realm);
+ return KRB5_KDC_UNREACH;
+ }
+ *hostlist = calloc(nhost + 1, sizeof(**hostlist));
+ if(*hostlist == NULL) {
+ krb5_krbhst_free(context, handle);
+ return ENOMEM;
+ }
+
+ krb5_krbhst_reset(context, handle);
+ nhost = 0;
+ while(krb5_krbhst_next_as_string(context, handle,
+ host, sizeof(host)) == 0) {
+ if(((*hostlist)[nhost++] = strdup(host)) == NULL) {
+ krb5_free_krbhst(context, *hostlist);
+ krb5_krbhst_free(context, handle);
+ return ENOMEM;
+ }
+ }
+ (*hostlist)[nhost++] = NULL;
+ krb5_krbhst_free(context, handle);
+ return 0;
+}
+
+/*
+ * return an malloced list of kadmin-hosts for `realm' in `hostlist'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krb_admin_hst (krb5_context context,
+ const krb5_realm *realm,
+ char ***hostlist)
+{
+ return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist);
+}
+
+/*
+ * return an malloced list of changepw-hosts for `realm' in `hostlist'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krb_changepw_hst (krb5_context context,
+ const krb5_realm *realm,
+ char ***hostlist)
+{
+ return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist);
+}
+
+/*
+ * return an malloced list of 524-hosts for `realm' in `hostlist'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krb524hst (krb5_context context,
+ const krb5_realm *realm,
+ char ***hostlist)
+{
+ return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist);
+}
+
+
+/*
+ * return an malloced list of KDC's for `realm' in `hostlist'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_krbhst (krb5_context context,
+ const krb5_realm *realm,
+ char ***hostlist)
+{
+ return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist);
+}
+
+/*
+ * free all the memory allocated in `hostlist'
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_krbhst (krb5_context context,
+ char **hostlist)
+{
+ char **p;
+
+ for (p = hostlist; *p; ++p)
+ free (*p);
+ free (hostlist);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/kuserok.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/kuserok.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/kuserok.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,262 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <dirent.h>
+
+RCSID("$Id: kuserok.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/* see if principal is mentioned in the filename access file, return
+ TRUE (in result) if so, FALSE otherwise */
+
+static krb5_error_code
+check_one_file(krb5_context context,
+ const char *filename,
+ struct passwd *pwd,
+ krb5_principal principal,
+ krb5_boolean *result)
+{
+ FILE *f;
+ char buf[BUFSIZ];
+ krb5_error_code ret;
+ struct stat st;
+
+ *result = FALSE;
+
+ f = fopen (filename, "r");
+ if (f == NULL)
+ return errno;
+
+ /* check type and mode of file */
+ if (fstat(fileno(f), &st) != 0) {
+ fclose (f);
+ return errno;
+ }
+ if (S_ISDIR(st.st_mode)) {
+ fclose (f);
+ return EISDIR;
+ }
+ if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
+ fclose (f);
+ return EACCES;
+ }
+ if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
+ fclose (f);
+ return EACCES;
+ }
+
+ while (fgets (buf, sizeof(buf), f) != NULL) {
+ krb5_principal tmp;
+ char *newline = buf + strcspn(buf, "\n");
+
+ if(*newline != '\n') {
+ int c;
+ c = fgetc(f);
+ if(c != EOF) {
+ while(c != EOF && c != '\n')
+ c = fgetc(f);
+ /* line was too long, so ignore it */
+ continue;
+ }
+ }
+ *newline = '\0';
+ ret = krb5_parse_name (context, buf, &tmp);
+ if (ret)
+ continue;
+ *result = krb5_principal_compare (context, principal, tmp);
+ krb5_free_principal (context, tmp);
+ if (*result) {
+ fclose (f);
+ return 0;
+ }
+ }
+ fclose (f);
+ return 0;
+}
+
+static krb5_error_code
+check_directory(krb5_context context,
+ const char *dirname,
+ struct passwd *pwd,
+ krb5_principal principal,
+ krb5_boolean *result)
+{
+ DIR *d;
+ struct dirent *dent;
+ char filename[MAXPATHLEN];
+ krb5_error_code ret = 0;
+ struct stat st;
+
+ *result = FALSE;
+
+ if(lstat(dirname, &st) < 0)
+ return errno;
+
+ if (!S_ISDIR(st.st_mode))
+ return ENOTDIR;
+
+ if (st.st_uid != pwd->pw_uid && st.st_uid != 0)
+ return EACCES;
+ if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
+ return EACCES;
+
+ if((d = opendir(dirname)) == NULL)
+ return errno;
+
+#ifdef HAVE_DIRFD
+ {
+ int fd;
+ struct stat st2;
+
+ fd = dirfd(d);
+ if(fstat(fd, &st2) < 0) {
+ closedir(d);
+ return errno;
+ }
+ if(st.st_dev != st2.st_dev || st.st_ino != st2.st_ino) {
+ closedir(d);
+ return EACCES;
+ }
+ }
+#endif
+
+ while((dent = readdir(d)) != NULL) {
+ if(strcmp(dent->d_name, ".") == 0 ||
+ strcmp(dent->d_name, "..") == 0 ||
+ dent->d_name[0] == '#' || /* emacs autosave */
+ dent->d_name[strlen(dent->d_name) - 1] == '~') /* emacs backup */
+ continue;
+ snprintf(filename, sizeof(filename), "%s/%s", dirname, dent->d_name);
+ ret = check_one_file(context, filename, pwd, principal, result);
+ if(ret == 0 && *result == TRUE)
+ break;
+ ret = 0; /* don't propagate errors upstream */
+ }
+ closedir(d);
+ return ret;
+}
+
+static krb5_boolean
+match_local_principals(krb5_context context,
+ krb5_principal principal,
+ const char *luser)
+{
+ krb5_error_code ret;
+ krb5_realm *realms, *r;
+ krb5_boolean result = FALSE;
+
+ /* multi-component principals can never match */
+ if(krb5_principal_get_comp_string(context, principal, 1) != NULL)
+ return FALSE;
+
+ ret = krb5_get_default_realms (context, &realms);
+ if (ret)
+ return FALSE;
+
+ for (r = realms; *r != NULL; ++r) {
+ if(strcmp(krb5_principal_get_realm(context, principal),
+ *r) != 0)
+ continue;
+ if(strcmp(krb5_principal_get_comp_string(context, principal, 0),
+ luser) == 0) {
+ result = TRUE;
+ break;
+ }
+ }
+ krb5_free_host_realm (context, realms);
+ return result;
+}
+
+/**
+ * Return TRUE iff `principal' is allowed to login as `luser'.
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_kuserok (krb5_context context,
+ krb5_principal principal,
+ const char *luser)
+{
+ char *buf;
+ size_t buflen;
+ struct passwd *pwd;
+ krb5_error_code ret;
+ krb5_boolean result = FALSE;
+
+ krb5_boolean found_file = FALSE;
+
+#ifdef POSIX_GETPWNAM_R
+ char pwbuf[2048];
+ struct passwd pw;
+
+ if(getpwnam_r(luser, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
+ return FALSE;
+#else
+ pwd = getpwnam (luser);
+#endif
+ if (pwd == NULL)
+ return FALSE;
+
+#define KLOGIN "/.k5login"
+ buflen = strlen(pwd->pw_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */
+ buf = malloc(buflen);
+ if(buf == NULL)
+ return FALSE;
+ /* check user's ~/.k5login */
+ strlcpy(buf, pwd->pw_dir, buflen);
+ strlcat(buf, KLOGIN, buflen);
+ ret = check_one_file(context, buf, pwd, principal, &result);
+
+ if(ret == 0 && result == TRUE) {
+ free(buf);
+ return TRUE;
+ }
+
+ if(ret != ENOENT)
+ found_file = TRUE;
+
+ strlcat(buf, ".d", buflen);
+ ret = check_directory(context, buf, pwd, principal, &result);
+ free(buf);
+ if(ret == 0 && result == TRUE)
+ return TRUE;
+
+ if(ret != ENOENT && ret != ENOTDIR)
+ found_file = TRUE;
+
+ /* finally if no files exist, allow all principals matching
+ <localuser>@<LOCALREALM> */
+ if(found_file == FALSE)
+ return match_local_principals(context, principal, luser);
+
+ return FALSE;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/locate_plugin.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/locate_plugin.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/locate_plugin.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: locate_plugin.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H
+#define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1
+
+#include <krb5.h>
+
+enum locate_service_type {
+ locate_service_kdc = 1,
+ locate_service_master_kdc,
+ locate_service_kadmin,
+ locate_service_krb524,
+ locate_service_kpasswd
+};
+
+typedef krb5_error_code
+(*krb5plugin_service_locate_lookup) (void *, enum locate_service_type,
+ const char *, int, int,
+ int (*)(void *,int,struct sockaddr *),
+ void *);
+
+
+typedef struct krb5plugin_service_locate_ftable {
+ int minor_version;
+ krb5_error_code (*init)(krb5_context, void **);
+ void (*fini)(void *);
+ krb5plugin_service_locate_lookup lookup;
+} krb5plugin_service_locate_ftable;
+
+#endif /* HEIMDAL_KRB5_LOCATE_PLUGIN_H */
+
Added: vendor-crypto/heimdal/dist/lib/krb5/log.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/log.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/log.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,471 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: log.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct facility {
+ int min;
+ int max;
+ krb5_log_log_func_t log_func;
+ krb5_log_close_func_t close_func;
+ void *data;
+};
+
+static struct facility*
+log_realloc(krb5_log_facility *f)
+{
+ struct facility *fp;
+ fp = realloc(f->val, (f->len + 1) * sizeof(*f->val));
+ if(fp == NULL)
+ return NULL;
+ f->len++;
+ f->val = fp;
+ fp += f->len - 1;
+ return fp;
+}
+
+struct s2i {
+ const char *s;
+ int val;
+};
+
+#define L(X) { #X, LOG_ ## X }
+
+static struct s2i syslogvals[] = {
+ L(EMERG),
+ L(ALERT),
+ L(CRIT),
+ L(ERR),
+ L(WARNING),
+ L(NOTICE),
+ L(INFO),
+ L(DEBUG),
+
+ L(AUTH),
+#ifdef LOG_AUTHPRIV
+ L(AUTHPRIV),
+#endif
+#ifdef LOG_CRON
+ L(CRON),
+#endif
+ L(DAEMON),
+#ifdef LOG_FTP
+ L(FTP),
+#endif
+ L(KERN),
+ L(LPR),
+ L(MAIL),
+#ifdef LOG_NEWS
+ L(NEWS),
+#endif
+ L(SYSLOG),
+ L(USER),
+#ifdef LOG_UUCP
+ L(UUCP),
+#endif
+ L(LOCAL0),
+ L(LOCAL1),
+ L(LOCAL2),
+ L(LOCAL3),
+ L(LOCAL4),
+ L(LOCAL5),
+ L(LOCAL6),
+ L(LOCAL7),
+ { NULL, -1 }
+};
+
+static int
+find_value(const char *s, struct s2i *table)
+{
+ while(table->s && strcasecmp(table->s, s))
+ table++;
+ return table->val;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_initlog(krb5_context context,
+ const char *program,
+ krb5_log_facility **fac)
+{
+ krb5_log_facility *f = calloc(1, sizeof(*f));
+ if(f == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ f->program = strdup(program);
+ if(f->program == NULL){
+ free(f);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *fac = f;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_addlog_func(krb5_context context,
+ krb5_log_facility *fac,
+ int min,
+ int max,
+ krb5_log_log_func_t log_func,
+ krb5_log_close_func_t close_func,
+ void *data)
+{
+ struct facility *fp = log_realloc(fac);
+ if(fp == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ fp->min = min;
+ fp->max = max;
+ fp->log_func = log_func;
+ fp->close_func = close_func;
+ fp->data = data;
+ return 0;
+}
+
+
+struct _heimdal_syslog_data{
+ int priority;
+};
+
+static void
+log_syslog(const char *timestr,
+ const char *msg,
+ void *data)
+
+{
+ struct _heimdal_syslog_data *s = data;
+ syslog(s->priority, "%s", msg);
+}
+
+static void
+close_syslog(void *data)
+{
+ free(data);
+ closelog();
+}
+
+static krb5_error_code
+open_syslog(krb5_context context,
+ krb5_log_facility *facility, int min, int max,
+ const char *sev, const char *fac)
+{
+ struct _heimdal_syslog_data *sd = malloc(sizeof(*sd));
+ int i;
+
+ if(sd == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ i = find_value(sev, syslogvals);
+ if(i == -1)
+ i = LOG_ERR;
+ sd->priority = i;
+ i = find_value(fac, syslogvals);
+ if(i == -1)
+ i = LOG_AUTH;
+ sd->priority |= i;
+ roken_openlog(facility->program, LOG_PID | LOG_NDELAY, i);
+ return krb5_addlog_func(context, facility, min, max,
+ log_syslog, close_syslog, sd);
+}
+
+struct file_data{
+ const char *filename;
+ const char *mode;
+ FILE *fd;
+ int keep_open;
+};
+
+static void
+log_file(const char *timestr,
+ const char *msg,
+ void *data)
+{
+ struct file_data *f = data;
+ if(f->keep_open == 0)
+ f->fd = fopen(f->filename, f->mode);
+ if(f->fd == NULL)
+ return;
+ fprintf(f->fd, "%s %s\n", timestr, msg);
+ if(f->keep_open == 0) {
+ fclose(f->fd);
+ f->fd = NULL;
+ }
+}
+
+static void
+close_file(void *data)
+{
+ struct file_data *f = data;
+ if(f->keep_open && f->filename)
+ fclose(f->fd);
+ free(data);
+}
+
+static krb5_error_code
+open_file(krb5_context context, krb5_log_facility *fac, int min, int max,
+ const char *filename, const char *mode, FILE *f, int keep_open)
+{
+ struct file_data *fd = malloc(sizeof(*fd));
+ if(fd == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ fd->filename = filename;
+ fd->mode = mode;
+ fd->fd = f;
+ fd->keep_open = keep_open;
+
+ return krb5_addlog_func(context, fac, min, max, log_file, close_file, fd);
+}
+
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
+{
+ krb5_error_code ret = 0;
+ int min = 0, max = -1, n;
+ char c;
+ const char *p = orig;
+
+ n = sscanf(p, "%d%c%d/", &min, &c, &max);
+ if(n == 2){
+ if(c == '/') {
+ if(min < 0){
+ max = -min;
+ min = 0;
+ }else{
+ max = min;
+ }
+ }
+ }
+ if(n){
+ p = strchr(p, '/');
+ if(p == NULL) {
+ krb5_set_error_string (context, "failed to parse \"%s\"", orig);
+ return HEIM_ERR_LOG_PARSE;
+ }
+ p++;
+ }
+ if(strcmp(p, "STDERR") == 0){
+ ret = open_file(context, f, min, max, NULL, NULL, stderr, 1);
+ }else if(strcmp(p, "CONSOLE") == 0){
+ ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0);
+ }else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){
+ char *fn;
+ FILE *file = NULL;
+ int keep_open = 0;
+ fn = strdup(p + 5);
+ if(fn == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if(p[4] == '='){
+ int i = open(fn, O_WRONLY | O_CREAT |
+ O_TRUNC | O_APPEND, 0666);
+ if(i < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "open(%s): %s", fn,
+ strerror(ret));
+ free(fn);
+ return ret;
+ }
+ file = fdopen(i, "a");
+ if(file == NULL){
+ ret = errno;
+ close(i);
+ krb5_set_error_string (context, "fdopen(%s): %s", fn,
+ strerror(ret));
+ free(fn);
+ return ret;
+ }
+ keep_open = 1;
+ }
+ ret = open_file(context, f, min, max, fn, "a", file, keep_open);
+ }else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){
+ ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
+ }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
+ char severity[128] = "";
+ char facility[128] = "";
+ p += 6;
+ if(*p != '\0')
+ p++;
+ if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
+ strsep_copy(&p, ":", facility, sizeof(facility));
+ if(*severity == '\0')
+ strlcpy(severity, "ERR", sizeof(severity));
+ if(*facility == '\0')
+ strlcpy(facility, "AUTH", sizeof(facility));
+ ret = open_syslog(context, f, min, max, severity, facility);
+ }else{
+ krb5_set_error_string (context, "unknown log type: %s", p);
+ ret = HEIM_ERR_LOG_PARSE; /* XXX */
+ }
+ return ret;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_openlog(krb5_context context,
+ const char *program,
+ krb5_log_facility **fac)
+{
+ krb5_error_code ret;
+ char **p, **q;
+
+ ret = krb5_initlog(context, program, fac);
+ if(ret)
+ return ret;
+
+ p = krb5_config_get_strings(context, NULL, "logging", program, NULL);
+ if(p == NULL)
+ p = krb5_config_get_strings(context, NULL, "logging", "default", NULL);
+ if(p){
+ for(q = p; *q; q++)
+ ret = krb5_addlog_dest(context, *fac, *q);
+ krb5_config_free_strings(p);
+ }else
+ ret = krb5_addlog_dest(context, *fac, "SYSLOG");
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_closelog(krb5_context context,
+ krb5_log_facility *fac)
+{
+ int i;
+ for(i = 0; i < fac->len; i++)
+ (*fac->val[i].close_func)(fac->val[i].data);
+ free(fac->val);
+ free(fac->program);
+ fac->val = NULL;
+ fac->len = 0;
+ fac->program = NULL;
+ free(fac);
+ return 0;
+}
+
+#undef __attribute__
+#define __attribute__(X)
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vlog_msg(krb5_context context,
+ krb5_log_facility *fac,
+ char **reply,
+ int level,
+ const char *fmt,
+ va_list ap)
+ __attribute__((format (printf, 5, 0)))
+{
+
+ char *msg = NULL;
+ const char *actual = NULL;
+ char buf[64];
+ time_t t = 0;
+ int i;
+
+ for(i = 0; fac && i < fac->len; i++)
+ if(fac->val[i].min <= level &&
+ (fac->val[i].max < 0 || fac->val[i].max >= level)) {
+ if(t == 0) {
+ t = time(NULL);
+ krb5_format_time(context, t, buf, sizeof(buf), TRUE);
+ }
+ if(actual == NULL) {
+ vasprintf(&msg, fmt, ap);
+ if(msg == NULL)
+ actual = fmt;
+ else
+ actual = msg;
+ }
+ (*fac->val[i].log_func)(buf, actual, fac->val[i].data);
+ }
+ if(reply == NULL)
+ free(msg);
+ else
+ *reply = msg;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vlog(krb5_context context,
+ krb5_log_facility *fac,
+ int level,
+ const char *fmt,
+ va_list ap)
+ __attribute__((format (printf, 4, 0)))
+{
+ return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_log_msg(krb5_context context,
+ krb5_log_facility *fac,
+ int level,
+ char **reply,
+ const char *fmt,
+ ...)
+ __attribute__((format (printf, 5, 6)))
+{
+ va_list ap;
+ krb5_error_code ret;
+
+ va_start(ap, fmt);
+ ret = krb5_vlog_msg(context, fac, reply, level, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_log(krb5_context context,
+ krb5_log_facility *fac,
+ int level,
+ const char *fmt,
+ ...)
+ __attribute__((format (printf, 4, 5)))
+{
+ va_list ap;
+ krb5_error_code ret;
+
+ va_start(ap, fmt);
+ ret = krb5_vlog(context, fac, level, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
Added: vendor-crypto/heimdal/dist/lib/krb5/mcache.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mcache.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mcache.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,477 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: mcache.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+typedef struct krb5_mcache {
+ char *name;
+ unsigned int refcnt;
+ int dead;
+ krb5_principal primary_principal;
+ struct link {
+ krb5_creds cred;
+ struct link *next;
+ } *creds;
+ struct krb5_mcache *next;
+} krb5_mcache;
+
+static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static struct krb5_mcache *mcc_head;
+
+#define MCACHE(X) ((krb5_mcache *)(X)->data.data)
+
+#define MISDEAD(X) ((X)->dead)
+
+static const char*
+mcc_get_name(krb5_context context,
+ krb5_ccache id)
+{
+ return MCACHE(id)->name;
+}
+
+static krb5_mcache *
+mcc_alloc(const char *name)
+{
+ krb5_mcache *m, *m_c;
+
+ ALLOC(m, 1);
+ if(m == NULL)
+ return NULL;
+ if(name == NULL)
+ asprintf(&m->name, "%p", m);
+ else
+ m->name = strdup(name);
+ if(m->name == NULL) {
+ free(m);
+ return NULL;
+ }
+ /* check for dups first */
+ HEIMDAL_MUTEX_lock(&mcc_mutex);
+ for (m_c = mcc_head; m_c != NULL; m_c = m_c->next)
+ if (strcmp(m->name, m_c->name) == 0)
+ break;
+ if (m_c) {
+ free(m->name);
+ free(m);
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+ return NULL;
+ }
+
+ m->dead = 0;
+ m->refcnt = 1;
+ m->primary_principal = NULL;
+ m->creds = NULL;
+ m->next = mcc_head;
+ mcc_head = m;
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+ return m;
+}
+
+static krb5_error_code
+mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
+{
+ krb5_mcache *m;
+
+ HEIMDAL_MUTEX_lock(&mcc_mutex);
+ for (m = mcc_head; m != NULL; m = m->next)
+ if (strcmp(m->name, res) == 0)
+ break;
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+
+ if (m != NULL) {
+ m->refcnt++;
+ (*id)->data.data = m;
+ (*id)->data.length = sizeof(*m);
+ return 0;
+ }
+
+ m = mcc_alloc(res);
+ if (m == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+
+ (*id)->data.data = m;
+ (*id)->data.length = sizeof(*m);
+
+ return 0;
+}
+
+
+static krb5_error_code
+mcc_gen_new(krb5_context context, krb5_ccache *id)
+{
+ krb5_mcache *m;
+
+ m = mcc_alloc(NULL);
+
+ if (m == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+
+ (*id)->data.data = m;
+ (*id)->data.length = sizeof(*m);
+
+ return 0;
+}
+
+static krb5_error_code
+mcc_initialize(krb5_context context,
+ krb5_ccache id,
+ krb5_principal primary_principal)
+{
+ krb5_mcache *m = MCACHE(id);
+ m->dead = 0;
+ return krb5_copy_principal (context,
+ primary_principal,
+ &m->primary_principal);
+}
+
+static int
+mcc_close_internal(krb5_mcache *m)
+{
+ if (--m->refcnt != 0)
+ return 0;
+
+ if (MISDEAD(m)) {
+ free (m->name);
+ return 1;
+ }
+ return 0;
+}
+
+static krb5_error_code
+mcc_close(krb5_context context,
+ krb5_ccache id)
+{
+ if (mcc_close_internal(MCACHE(id)))
+ krb5_data_free(&id->data);
+ return 0;
+}
+
+static krb5_error_code
+mcc_destroy(krb5_context context,
+ krb5_ccache id)
+{
+ krb5_mcache **n, *m = MCACHE(id);
+ struct link *l;
+
+ if (m->refcnt == 0)
+ krb5_abortx(context, "mcc_destroy: refcnt already 0");
+
+ if (!MISDEAD(m)) {
+ /* if this is an active mcache, remove it from the linked
+ list, and free all data */
+ HEIMDAL_MUTEX_lock(&mcc_mutex);
+ for(n = &mcc_head; n && *n; n = &(*n)->next) {
+ if(m == *n) {
+ *n = m->next;
+ break;
+ }
+ }
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+ if (m->primary_principal != NULL) {
+ krb5_free_principal (context, m->primary_principal);
+ m->primary_principal = NULL;
+ }
+ m->dead = 1;
+
+ l = m->creds;
+ while (l != NULL) {
+ struct link *old;
+
+ krb5_free_cred_contents (context, &l->cred);
+ old = l;
+ l = l->next;
+ free (old);
+ }
+ m->creds = NULL;
+ }
+ return 0;
+}
+
+static krb5_error_code
+mcc_store_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_creds *creds)
+{
+ krb5_mcache *m = MCACHE(id);
+ krb5_error_code ret;
+ struct link *l;
+
+ if (MISDEAD(m))
+ return ENOENT;
+
+ l = malloc (sizeof(*l));
+ if (l == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return KRB5_CC_NOMEM;
+ }
+ l->next = m->creds;
+ m->creds = l;
+ memset (&l->cred, 0, sizeof(l->cred));
+ ret = krb5_copy_creds_contents (context, creds, &l->cred);
+ if (ret) {
+ m->creds = l->next;
+ free (l);
+ return ret;
+ }
+ return 0;
+}
+
+static krb5_error_code
+mcc_get_principal(krb5_context context,
+ krb5_ccache id,
+ krb5_principal *principal)
+{
+ krb5_mcache *m = MCACHE(id);
+
+ if (MISDEAD(m) || m->primary_principal == NULL)
+ return ENOENT;
+ return krb5_copy_principal (context,
+ m->primary_principal,
+ principal);
+}
+
+static krb5_error_code
+mcc_get_first (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ krb5_mcache *m = MCACHE(id);
+
+ if (MISDEAD(m))
+ return ENOENT;
+
+ *cursor = m->creds;
+ return 0;
+}
+
+static krb5_error_code
+mcc_get_next (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor,
+ krb5_creds *creds)
+{
+ krb5_mcache *m = MCACHE(id);
+ struct link *l;
+
+ if (MISDEAD(m))
+ return ENOENT;
+
+ l = *cursor;
+ if (l != NULL) {
+ *cursor = l->next;
+ return krb5_copy_creds_contents (context,
+ &l->cred,
+ creds);
+ } else
+ return KRB5_CC_END;
+}
+
+static krb5_error_code
+mcc_end_get (krb5_context context,
+ krb5_ccache id,
+ krb5_cc_cursor *cursor)
+{
+ return 0;
+}
+
+static krb5_error_code
+mcc_remove_cred(krb5_context context,
+ krb5_ccache id,
+ krb5_flags which,
+ krb5_creds *mcreds)
+{
+ krb5_mcache *m = MCACHE(id);
+ struct link **q, *p;
+ for(q = &m->creds, p = *q; p; p = *q) {
+ if(krb5_compare_creds(context, which, mcreds, &p->cred)) {
+ *q = p->next;
+ krb5_free_cred_contents(context, &p->cred);
+ free(p);
+ } else
+ q = &p->next;
+ }
+ return 0;
+}
+
+static krb5_error_code
+mcc_set_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags flags)
+{
+ return 0; /* XXX */
+}
+
+struct mcache_iter {
+ krb5_mcache *cache;
+};
+
+static krb5_error_code
+mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
+{
+ struct mcache_iter *iter;
+
+ iter = calloc(1, sizeof(*iter));
+ if (iter == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ HEIMDAL_MUTEX_lock(&mcc_mutex);
+ iter->cache = mcc_head;
+ if (iter->cache)
+ iter->cache->refcnt++;
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+
+ *cursor = iter;
+ return 0;
+}
+
+static krb5_error_code
+mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
+{
+ struct mcache_iter *iter = cursor;
+ krb5_error_code ret;
+ krb5_mcache *m;
+
+ if (iter->cache == NULL)
+ return KRB5_CC_END;
+
+ HEIMDAL_MUTEX_lock(&mcc_mutex);
+ m = iter->cache;
+ if (m->next)
+ m->next->refcnt++;
+ iter->cache = m->next;
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+
+ ret = _krb5_cc_allocate(context, &krb5_mcc_ops, id);
+ if (ret)
+ return ret;
+
+ (*id)->data.data = m;
+ (*id)->data.length = sizeof(*m);
+
+ return 0;
+}
+
+static krb5_error_code
+mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
+{
+ struct mcache_iter *iter = cursor;
+
+ if (iter->cache)
+ mcc_close_internal(iter->cache);
+ iter->cache = NULL;
+ free(iter);
+ return 0;
+}
+
+static krb5_error_code
+mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
+{
+ krb5_mcache *mfrom = MCACHE(from), *mto = MCACHE(to);
+ struct link *creds;
+ krb5_principal principal;
+ krb5_mcache **n;
+
+ HEIMDAL_MUTEX_lock(&mcc_mutex);
+
+ /* drop the from cache from the linked list to avoid lookups */
+ for(n = &mcc_head; n && *n; n = &(*n)->next) {
+ if(mfrom == *n) {
+ *n = mfrom->next;
+ break;
+ }
+ }
+
+ /* swap creds */
+ creds = mto->creds;
+ mto->creds = mfrom->creds;
+ mfrom->creds = creds;
+ /* swap principal */
+ principal = mto->primary_principal;
+ mto->primary_principal = mfrom->primary_principal;
+ mfrom->primary_principal = principal;
+
+ HEIMDAL_MUTEX_unlock(&mcc_mutex);
+ mcc_destroy(context, from);
+
+ return 0;
+}
+
+static krb5_error_code
+mcc_default_name(krb5_context context, char **str)
+{
+ *str = strdup("MEMORY:");
+ if (*str == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+
+/**
+ * Variable containing the MEMORY based credential cache implemention.
+ *
+ * @ingroup krb5_ccache
+ */
+
+const krb5_cc_ops krb5_mcc_ops = {
+ "MEMORY",
+ mcc_get_name,
+ mcc_resolve,
+ mcc_gen_new,
+ mcc_initialize,
+ mcc_destroy,
+ mcc_close,
+ mcc_store_cred,
+ NULL, /* mcc_retrieve */
+ mcc_get_principal,
+ mcc_get_first,
+ mcc_get_next,
+ mcc_end_get,
+ mcc_remove_cred,
+ mcc_set_flags,
+ NULL,
+ mcc_get_cache_first,
+ mcc_get_cache_next,
+ mcc_end_cache_get,
+ mcc_move,
+ mcc_default_name
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/misc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/misc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/misc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: misc.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_s4u2self_to_checksumdata(krb5_context context,
+ const PA_S4U2Self *self,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_ssize_t ssize;
+ krb5_storage *sp;
+ size_t size;
+ int i;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+ ret = krb5_store_int32(sp, self->name.name_type);
+ if (ret)
+ goto out;
+ for (i = 0; i < self->name.name_string.len; i++) {
+ size = strlen(self->name.name_string.val[i]);
+ ssize = krb5_storage_write(sp, self->name.name_string.val[i], size);
+ if (ssize != size) {
+ ret = ENOMEM;
+ goto out;
+ }
+ }
+ size = strlen(self->realm);
+ ssize = krb5_storage_write(sp, self->realm, size);
+ if (ssize != size) {
+ ret = ENOMEM;
+ goto out;
+ }
+ size = strlen(self->auth);
+ ssize = krb5_storage_write(sp, self->auth, size);
+ if (ssize != size) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = krb5_storage_to_data(sp, data);
+ krb5_storage_free(sp);
+ return ret;
+
+out:
+ krb5_clear_error_string(context);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mit_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mit_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mit_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,369 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: mit_glue.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Glue for MIT API
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_make_checksum(krb5_context context,
+ krb5_cksumtype cksumtype,
+ const krb5_keyblock *key,
+ krb5_keyusage usage,
+ const krb5_data *input,
+ krb5_checksum *cksum)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_create_checksum(context, crypto, usage, cksumtype,
+ input->data, input->length, cksum);
+ krb5_crypto_destroy(context, crypto);
+
+ return ret ;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
+ krb5_keyusage usage, const krb5_data *data,
+ const krb5_checksum *cksum, krb5_boolean *valid)
+{
+ krb5_error_code ret;
+ krb5_checksum data_cksum;
+
+ *valid = 0;
+
+ ret = krb5_c_make_checksum(context, cksum->cksumtype,
+ key, usage, data, &data_cksum);
+ if (ret)
+ return ret;
+
+ if (data_cksum.cksumtype == cksum->cksumtype
+ && data_cksum.checksum.length == cksum->checksum.length
+ && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0)
+ *valid = 1;
+
+ krb5_free_checksum_contents(context, &data_cksum);
+
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum,
+ krb5_cksumtype *type, krb5_data **data)
+{
+ krb5_error_code ret;
+
+ if (type)
+ *type = cksum->cksumtype;
+ if (data) {
+ *data = malloc(sizeof(**data));
+ if (*data == NULL)
+ return ENOMEM;
+
+ ret = der_copy_octet_string(&cksum->checksum, *data);
+ if (ret) {
+ free(*data);
+ *data = NULL;
+ return ret;
+ }
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum,
+ krb5_cksumtype type, const krb5_data *data)
+{
+ cksum->cksumtype = type;
+ return der_copy_octet_string(data, &cksum->checksum);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_checksum (krb5_context context, krb5_checksum *cksum)
+{
+ krb5_checksum_free(context, cksum);
+ free(cksum);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum)
+{
+ krb5_checksum_free(context, cksum);
+ memset(cksum, 0, sizeof(*cksum));
+}
+
+void KRB5_LIB_FUNCTION
+krb5_checksum_free(krb5_context context, krb5_checksum *cksum)
+{
+ free_Checksum(cksum);
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_valid_enctype (krb5_enctype etype)
+{
+ return krb5_enctype_valid(NULL, etype);
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_valid_cksumtype(krb5_cksumtype ctype)
+{
+ return krb5_cksumtype_valid(NULL, ctype);
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
+{
+ return krb5_checksum_is_collision_proof(NULL, ctype);
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
+{
+ return krb5_checksum_is_keyed(NULL, ctype);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_checksum (krb5_context context,
+ const krb5_checksum *old,
+ krb5_checksum **new)
+{
+ *new = malloc(sizeof(**new));
+ if (*new == NULL)
+ return ENOMEM;
+ return copy_Checksum(old, *new);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype,
+ size_t *length)
+{
+ return krb5_checksumsize(context, cksumtype, length);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_block_size(krb5_context context,
+ krb5_enctype enctype,
+ size_t *blocksize)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ krb5_keyblock key;
+
+ ret = krb5_generate_random_keyblock(context, enctype, &key);
+ if (ret)
+ return ret;
+
+ ret = krb5_crypto_init(context, &key, 0, &crypto);
+ krb5_free_keyblock_contents(context, &key);
+ if (ret)
+ return ret;
+ ret = krb5_crypto_getblocksize(context, crypto, blocksize);
+ krb5_crypto_destroy(context, crypto);
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_decrypt(krb5_context context,
+ const krb5_keyblock key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ krb5_enc_data *input,
+ krb5_data *output)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, &key, input->enctype, &crypto);
+ if (ret)
+ return ret;
+
+ if (ivec) {
+ size_t blocksize;
+
+ ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
+ if (ret) {
+ krb5_crypto_destroy(context, crypto);
+ return ret;
+ }
+
+ if (blocksize > ivec->length) {
+ krb5_crypto_destroy(context, crypto);
+ return KRB5_BAD_MSIZE;
+ }
+ }
+
+ ret = krb5_decrypt_ivec(context, crypto, usage,
+ input->ciphertext.data, input->ciphertext.length,
+ output,
+ ivec ? ivec->data : NULL);
+
+ krb5_crypto_destroy(context, crypto);
+
+ return ret ;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_encrypt(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ const krb5_data *input,
+ krb5_enc_data *output)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+
+ if (ivec) {
+ size_t blocksize;
+
+ ret = krb5_crypto_getblocksize(context, crypto, &blocksize);
+ if (ret) {
+ krb5_crypto_destroy(context, crypto);
+ return ret;
+ }
+
+ if (blocksize > ivec->length) {
+ krb5_crypto_destroy(context, crypto);
+ return KRB5_BAD_MSIZE;
+ }
+ }
+
+ ret = krb5_encrypt_ivec(context, crypto, usage,
+ input->data, input->length,
+ &output->ciphertext,
+ ivec ? ivec->data : NULL);
+ output->kvno = 0;
+ krb5_crypto_getenctype(context, crypto, &output->enctype);
+
+ krb5_crypto_destroy(context, crypto);
+
+ return ret ;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_encrypt_length(krb5_context context,
+ krb5_enctype enctype,
+ size_t inputlen,
+ size_t *length)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ krb5_keyblock key;
+
+ ret = krb5_generate_random_keyblock(context, enctype, &key);
+ if (ret)
+ return ret;
+
+ ret = krb5_crypto_init(context, &key, 0, &crypto);
+ krb5_free_keyblock_contents(context, &key);
+ if (ret)
+ return ret;
+
+ *length = krb5_get_wrapped_length(context, crypto, inputlen);
+ krb5_crypto_destroy(context, crypto);
+
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_enctype_compare(krb5_context context,
+ krb5_enctype e1,
+ krb5_enctype e2,
+ krb5_boolean *similar)
+{
+ *similar = krb5_enctypes_compatible_keys(context, e1, e2);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_make_random_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_keyblock *random_key)
+{
+ return krb5_generate_random_keyblock(context, enctype, random_key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_keylengths(krb5_context context,
+ krb5_enctype enctype,
+ size_t *ilen,
+ size_t *keylen)
+{
+ krb5_error_code ret;
+
+ ret = krb5_enctype_keybits(context, enctype, ilen);
+ if (ret)
+ return ret;
+ *ilen = (*ilen + 7) / 8;
+ return krb5_enctype_keysize(context, enctype, keylen);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_prf_length(krb5_context context,
+ krb5_enctype type,
+ size_t *length)
+{
+ return krb5_crypto_prf_length(context, type, length);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_c_prf(krb5_context context,
+ const krb5_keyblock *key,
+ const krb5_data *input,
+ krb5_data *output)
+{
+ krb5_crypto crypto;
+ krb5_error_code ret;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_crypto_prf(context, crypto, input, output);
+ krb5_crypto_destroy(context, crypto);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mk_error.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mk_error.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mk_error.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: mk_error.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_error(krb5_context context,
+ krb5_error_code error_code,
+ const char *e_text,
+ const krb5_data *e_data,
+ const krb5_principal client,
+ const krb5_principal server,
+ time_t *client_time,
+ int *client_usec,
+ krb5_data *reply)
+{
+ KRB_ERROR msg;
+ krb5_timestamp sec;
+ int32_t usec;
+ size_t len;
+ krb5_error_code ret = 0;
+
+ krb5_us_timeofday (context, &sec, &usec);
+
+ memset(&msg, 0, sizeof(msg));
+ msg.pvno = 5;
+ msg.msg_type = krb_error;
+ msg.stime = sec;
+ msg.susec = usec;
+ msg.ctime = client_time;
+ msg.cusec = client_usec;
+ /* Make sure we only send `protocol' error codes */
+ if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) {
+ if(e_text == NULL)
+ e_text = krb5_get_err_text(context, error_code);
+ error_code = KRB5KRB_ERR_GENERIC;
+ }
+ msg.error_code = error_code - KRB5KDC_ERR_NONE;
+ if (e_text)
+ msg.e_text = rk_UNCONST(&e_text);
+ if (e_data)
+ msg.e_data = rk_UNCONST(e_data);
+ if(server){
+ msg.realm = server->realm;
+ msg.sname = server->name;
+ }else{
+ msg.realm = "<unspecified realm>";
+ }
+ if(client){
+ msg.crealm = &client->realm;
+ msg.cname = &client->name;
+ }
+
+ ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
+ if (ret)
+ return ret;
+ if(reply->length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mk_priv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mk_priv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mk_priv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: mk_priv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_priv(krb5_context context,
+ krb5_auth_context auth_context,
+ const krb5_data *userdata,
+ krb5_data *outbuf,
+ krb5_replay_data *outdata)
+{
+ krb5_error_code ret;
+ KRB_PRIV s;
+ EncKrbPrivPart part;
+ u_char *buf = NULL;
+ size_t buf_size;
+ size_t len;
+ krb5_crypto crypto;
+ krb5_keyblock *key;
+ krb5_replay_data rdata;
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+ outdata == NULL)
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+
+ if (auth_context->local_subkey)
+ key = auth_context->local_subkey;
+ else if (auth_context->remote_subkey)
+ key = auth_context->remote_subkey;
+ else
+ key = auth_context->keyblock;
+
+ memset(&rdata, 0, sizeof(rdata));
+
+ part.user_data = *userdata;
+
+ krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ part.timestamp = &rdata.timestamp;
+ part.usec = &rdata.usec;
+ } else {
+ part.timestamp = NULL;
+ part.usec = NULL;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
+ outdata->timestamp = rdata.timestamp;
+ outdata->usec = rdata.usec;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ rdata.seq = auth_context->local_seqnumber;
+ part.seq_number = &rdata.seq;
+ } else
+ part.seq_number = NULL;
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
+ outdata->seq = auth_context->local_seqnumber;
+
+ part.s_address = auth_context->local_address;
+ part.r_address = auth_context->remote_address;
+
+ krb5_data_zero (&s.enc_part.cipher);
+
+ ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
+ if (ret)
+ goto fail;
+ if (buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ s.pvno = 5;
+ s.msg_type = krb_priv;
+ s.enc_part.etype = key->keytype;
+ s.enc_part.kvno = NULL;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
+ ret = krb5_encrypt (context,
+ crypto,
+ KRB5_KU_KRB_PRIV,
+ buf + buf_size - len,
+ len,
+ &s.enc_part.cipher);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free(buf);
+ return ret;
+ }
+ free(buf);
+
+
+ ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
+ if (ret)
+ goto fail;
+ if (buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ krb5_data_free (&s.enc_part.cipher);
+
+ ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
+ if (ret) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ free(buf);
+ return ENOMEM;
+ }
+ free (buf);
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ auth_context->local_seqnumber =
+ (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
+ return 0;
+
+ fail:
+ free (buf);
+ krb5_data_free (&s.enc_part.cipher);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mk_rep.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mk_rep.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mk_rep.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: mk_rep.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_rep(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_data *outbuf)
+{
+ krb5_error_code ret;
+ AP_REP ap;
+ EncAPRepPart body;
+ u_char *buf = NULL;
+ size_t buf_size;
+ size_t len;
+ krb5_crypto crypto;
+
+ ap.pvno = 5;
+ ap.msg_type = krb_ap_rep;
+
+ memset (&body, 0, sizeof(body));
+
+ body.ctime = auth_context->authenticator->ctime;
+ body.cusec = auth_context->authenticator->cusec;
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
+ if (auth_context->local_subkey == NULL) {
+ ret = krb5_auth_con_generatelocalsubkey(context,
+ auth_context,
+ auth_context->keyblock);
+ if(ret) {
+ krb5_set_error_string (context,
+ "krb5_mk_rep: generating subkey");
+ free_EncAPRepPart(&body);
+ return ret;
+ }
+ }
+ ret = krb5_copy_keyblock(context, auth_context->local_subkey,
+ &body.subkey);
+ if (ret) {
+ krb5_set_error_string (context,
+ "krb5_copy_keyblock: out of memory");
+ free_EncAPRepPart(&body);
+ return ENOMEM;
+ }
+ } else
+ body.subkey = NULL;
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ if(auth_context->local_seqnumber == 0)
+ krb5_generate_seq_number (context,
+ auth_context->keyblock,
+ &auth_context->local_seqnumber);
+ ALLOC(body.seq_number, 1);
+ if (body.seq_number == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ free_EncAPRepPart(&body);
+ return ENOMEM;
+ }
+ *(body.seq_number) = auth_context->local_seqnumber;
+ } else
+ body.seq_number = NULL;
+
+ ap.enc_part.etype = auth_context->keyblock->keytype;
+ ap.enc_part.kvno = NULL;
+
+ ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
+ free_EncAPRepPart (&body);
+ if(ret)
+ return ret;
+ if (buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ ret = krb5_crypto_init(context, auth_context->keyblock,
+ 0 /* ap.enc_part.etype */, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
+ ret = krb5_encrypt (context,
+ crypto,
+ KRB5_KU_AP_REQ_ENC_PART,
+ buf + buf_size - len,
+ len,
+ &ap.enc_part.cipher);
+ krb5_crypto_destroy(context, crypto);
+ free(buf);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
+ if (ret == 0 && outbuf->length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ free_AP_REP (&ap);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mk_req.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mk_req.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mk_req.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: mk_req.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_req_exact(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ const krb5_principal server,
+ krb5_data *in_data,
+ krb5_ccache ccache,
+ krb5_data *outbuf)
+{
+ krb5_error_code ret;
+ krb5_creds this_cred, *cred;
+
+ memset(&this_cred, 0, sizeof(this_cred));
+
+ ret = krb5_cc_get_principal(context, ccache, &this_cred.client);
+
+ if(ret)
+ return ret;
+
+ ret = krb5_copy_principal (context, server, &this_cred.server);
+ if (ret) {
+ krb5_free_cred_contents (context, &this_cred);
+ return ret;
+ }
+
+ this_cred.times.endtime = 0;
+ if (auth_context && *auth_context && (*auth_context)->keytype)
+ this_cred.session.keytype = (*auth_context)->keytype;
+
+ ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
+ krb5_free_cred_contents(context, &this_cred);
+ if (ret)
+ return ret;
+
+ ret = krb5_mk_req_extended (context,
+ auth_context,
+ ap_req_options,
+ in_data,
+ cred,
+ outbuf);
+ krb5_free_creds(context, cred);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_req(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ const char *service,
+ const char *hostname,
+ krb5_data *in_data,
+ krb5_ccache ccache,
+ krb5_data *outbuf)
+{
+ krb5_error_code ret;
+ char **realms;
+ char *real_hostname;
+ krb5_principal server;
+
+ ret = krb5_expand_hostname_realms (context, hostname,
+ &real_hostname, &realms);
+ if (ret)
+ return ret;
+
+ ret = krb5_build_principal (context, &server,
+ strlen(*realms),
+ *realms,
+ service,
+ real_hostname,
+ NULL);
+ free (real_hostname);
+ krb5_free_host_realm (context, realms);
+ if (ret)
+ return ret;
+ ret = krb5_mk_req_exact (context, auth_context, ap_req_options,
+ server, in_data, ccache, outbuf);
+ krb5_free_principal (context, server);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mk_req_ext.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mk_req_ext.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mk_req_ext.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: mk_req_ext.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code
+_krb5_mk_req_internal(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ krb5_data *in_data,
+ krb5_creds *in_creds,
+ krb5_data *outbuf,
+ krb5_key_usage checksum_usage,
+ krb5_key_usage encrypt_usage)
+{
+ krb5_error_code ret;
+ krb5_data authenticator;
+ Checksum c;
+ Checksum *c_opt;
+ krb5_auth_context ac;
+
+ if(auth_context) {
+ if(*auth_context == NULL)
+ ret = krb5_auth_con_init(context, auth_context);
+ else
+ ret = 0;
+ ac = *auth_context;
+ } else
+ ret = krb5_auth_con_init(context, &ac);
+ if(ret)
+ return ret;
+
+ if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+ ret = krb5_auth_con_generatelocalsubkey(context,
+ ac,
+ &in_creds->session);
+ if(ret)
+ goto out;
+ }
+
+ krb5_free_keyblock(context, ac->keyblock);
+ ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+ if (ret)
+ goto out;
+
+ /* it's unclear what type of checksum we can use. try the best one, except:
+ * a) if it's configured differently for the current realm, or
+ * b) if the session key is des-cbc-crc
+ */
+
+ if (in_data) {
+ if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
+ /* this is to make DCE secd (and older MIT kdcs?) happy */
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_RSA_MD4,
+ in_data->data,
+ in_data->length,
+ &c);
+ } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 ||
+ ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 ||
+ ac->keyblock->keytype == ETYPE_DES_CBC_MD4 ||
+ ac->keyblock->keytype == ETYPE_DES_CBC_MD5) {
+ /* this is to make MS kdc happy */
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_RSA_MD5,
+ in_data->data,
+ in_data->length,
+ &c);
+ } else {
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
+ if (ret)
+ goto out;
+ ret = krb5_create_checksum(context,
+ crypto,
+ checksum_usage,
+ 0,
+ in_data->data,
+ in_data->length,
+ &c);
+ krb5_crypto_destroy(context, crypto);
+ }
+ c_opt = &c;
+ } else {
+ c_opt = NULL;
+ }
+
+ if (ret)
+ goto out;
+
+ ret = krb5_build_authenticator (context,
+ ac,
+ ac->keyblock->keytype,
+ in_creds,
+ c_opt,
+ NULL,
+ &authenticator,
+ encrypt_usage);
+ if (c_opt)
+ free_Checksum (c_opt);
+ if (ret)
+ goto out;
+
+ ret = krb5_build_ap_req (context, ac->keyblock->keytype,
+ in_creds, ap_req_options, authenticator, outbuf);
+out:
+ if(auth_context == NULL)
+ krb5_auth_con_free(context, ac);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_req_extended(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ krb5_data *in_data,
+ krb5_creds *in_creds,
+ krb5_data *outbuf)
+{
+ return _krb5_mk_req_internal (context,
+ auth_context,
+ ap_req_options,
+ in_data,
+ in_creds,
+ outbuf,
+ KRB5_KU_AP_REQ_AUTH_CKSUM,
+ KRB5_KU_AP_REQ_AUTH);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/mk_safe.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/mk_safe.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/mk_safe.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: mk_safe.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_mk_safe(krb5_context context,
+ krb5_auth_context auth_context,
+ const krb5_data *userdata,
+ krb5_data *outbuf,
+ krb5_replay_data *outdata)
+{
+ krb5_error_code ret;
+ KRB_SAFE s;
+ u_char *buf = NULL;
+ size_t buf_size;
+ size_t len;
+ krb5_crypto crypto;
+ krb5_keyblock *key;
+ krb5_replay_data rdata;
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+ outdata == NULL)
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+
+ if (auth_context->local_subkey)
+ key = auth_context->local_subkey;
+ else if (auth_context->remote_subkey)
+ key = auth_context->remote_subkey;
+ else
+ key = auth_context->keyblock;
+
+ s.pvno = 5;
+ s.msg_type = krb_safe;
+
+ memset(&rdata, 0, sizeof(rdata));
+
+ s.safe_body.user_data = *userdata;
+
+ krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ s.safe_body.timestamp = &rdata.timestamp;
+ s.safe_body.usec = &rdata.usec;
+ } else {
+ s.safe_body.timestamp = NULL;
+ s.safe_body.usec = NULL;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
+ outdata->timestamp = rdata.timestamp;
+ outdata->usec = rdata.usec;
+ }
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ rdata.seq = auth_context->local_seqnumber;
+ s.safe_body.seq_number = &rdata.seq;
+ } else
+ s.safe_body.seq_number = NULL;
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
+ outdata->seq = auth_context->local_seqnumber;
+
+ s.safe_body.s_address = auth_context->local_address;
+ s.safe_body.r_address = auth_context->remote_address;
+
+ s.cksum.cksumtype = 0;
+ s.cksum.checksum.data = NULL;
+ s.cksum.checksum.length = 0;
+
+ ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
+ if (ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_KRB_SAFE_CKSUM,
+ 0,
+ buf,
+ len,
+ &s.cksum);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
+
+ free(buf);
+ ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
+ free_Checksum (&s.cksum);
+ if(ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ outbuf->length = len;
+ outbuf->data = buf;
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ auth_context->local_seqnumber =
+ (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/n-fold-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/n-fold-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/n-fold-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: n-fold-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+enum { MAXSIZE = 24 };
+
+static struct testcase {
+ const char *str;
+ unsigned n;
+ unsigned char res[MAXSIZE];
+} tests[] = {
+ {"012345", 8,
+ {0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55}
+ },
+ {"basch", 24,
+ {0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde,
+ 0x2d, 0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31,
+ 0x64, 0x3f}
+ },
+ {"eichin", 24,
+ {0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b,
+ 0x1b, 0x43, 0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0,
+ 0xd2, 0xdc, 0xca}
+ },
+ {"sommerfeld", 24,
+ {0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4,
+ 0xe7, 0x11, 0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5,
+ 0xde, 0xf7, 0x5c}
+ },
+ {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
+ {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82,
+ 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9,
+ 0x54, 0x0c, 0x1b}
+ },
+ {"assar at NADA.KTH.SE", 24,
+ {0x5c, 0x06, 0xc3, 0x4d, 0x2c, 0x89, 0x05, 0xbe, 0x7a, 0x51,
+ 0x83, 0x6c, 0xd6, 0xf8, 0x1c, 0x4b, 0x7a, 0x93, 0x49, 0x16, 0x5a,
+ 0xb3, 0xfa, 0xa9}
+ },
+ {"testKRBTEST.MIT.EDUtestkey", 24,
+ {0x50, 0x2c, 0xf8, 0x29, 0x78, 0xe5, 0xfb, 0x1a, 0x29, 0x06,
+ 0xbd, 0x22, 0x28, 0x91, 0x56, 0xc0, 0x06, 0xa0, 0xdc, 0xf5, 0xb6,
+ 0xc2, 0xda, 0x6c}
+ },
+ {"password", 7,
+ {0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa}
+ },
+ {"Rough Consensus, and Running Code", 8,
+ {0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0},
+ },
+ {"password", 21,
+ {0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 0xc3, 0x7b, 0x3f,
+ 0x6d, 0x20, 0x00, 0x24, 0x7c, 0xb6, 0xe6, 0xbd, 0x5b, 0x3e},
+ },
+ {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24,
+ {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3,
+ 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54,
+ 0x0c, 0x1b}
+ },
+ {NULL, 0}
+};
+
+int
+main(int argc, char **argv)
+{
+ unsigned char data[MAXSIZE];
+ struct testcase *t;
+ int ret = 0;
+
+ for (t = tests; t->str; ++t) {
+ int i;
+
+ ret = _krb5_n_fold (t->str, strlen(t->str), data, t->n);
+ if (ret)
+ errx(1, "out of memory");
+ if (memcmp (data, t->res, t->n) != 0) {
+ printf ("n-fold(\"%s\", %d) failed\n", t->str, t->n);
+ printf ("should be: ");
+ for (i = 0; i < t->n; ++i)
+ printf ("%02x", t->res[i]);
+ printf ("\nresult was: ");
+ for (i = 0; i < t->n; ++i)
+ printf ("%02x", data[i]);
+ printf ("\n");
+ ret = 1;
+ }
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/n-fold.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/n-fold.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/n-fold.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: n-fold.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_error_code
+rr13(unsigned char *buf, size_t len)
+{
+ unsigned char *tmp;
+ int bytes = (len + 7) / 8;
+ int i;
+ if(len == 0)
+ return 0;
+ {
+ const int bits = 13 % len;
+ const int lbit = len % 8;
+
+ tmp = malloc(bytes);
+ if (tmp == NULL)
+ return ENOMEM;
+ memcpy(tmp, buf, bytes);
+ if(lbit) {
+ /* pad final byte with inital bits */
+ tmp[bytes - 1] &= 0xff << (8 - lbit);
+ for(i = lbit; i < 8; i += len)
+ tmp[bytes - 1] |= buf[0] >> i;
+ }
+ for(i = 0; i < bytes; i++) {
+ int bb;
+ int b1, s1, b2, s2;
+ /* calculate first bit position of this byte */
+ bb = 8 * i - bits;
+ while(bb < 0)
+ bb += len;
+ /* byte offset and shift count */
+ b1 = bb / 8;
+ s1 = bb % 8;
+
+ if(bb + 8 > bytes * 8)
+ /* watch for wraparound */
+ s2 = (len + 8 - s1) % 8;
+ else
+ s2 = 8 - s1;
+ b2 = (b1 + 1) % bytes;
+ buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2);
+ }
+ free(tmp);
+ }
+ return 0;
+}
+
+/* Add `b' to `a', both being one's complement numbers. */
+static void
+add1(unsigned char *a, unsigned char *b, size_t len)
+{
+ int i;
+ int carry = 0;
+ for(i = len - 1; i >= 0; i--){
+ int x = a[i] + b[i] + carry;
+ carry = x > 0xff;
+ a[i] = x & 0xff;
+ }
+ for(i = len - 1; carry && i >= 0; i--){
+ int x = a[i] + carry;
+ carry = x > 0xff;
+ a[i] = x & 0xff;
+ }
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_n_fold(const void *str, size_t len, void *key, size_t size)
+{
+ /* if len < size we need at most N * len bytes, ie < 2 * size;
+ if len > size we need at most 2 * len */
+ krb5_error_code ret = 0;
+ size_t maxlen = 2 * max(size, len);
+ size_t l = 0;
+ unsigned char *tmp = malloc(maxlen);
+ unsigned char *buf = malloc(len);
+
+ if (tmp == NULL || buf == NULL)
+ return ENOMEM;
+
+ memcpy(buf, str, len);
+ memset(key, 0, size);
+ do {
+ memcpy(tmp + l, buf, len);
+ l += len;
+ ret = rr13(buf, len * 8);
+ if (ret)
+ goto out;
+ while(l >= size) {
+ add1(key, tmp, size);
+ l -= size;
+ if(l == 0)
+ break;
+ memmove(tmp, tmp + size, l);
+ }
+ } while(l != 0);
+out:
+ memset(buf, 0, len);
+ free(buf);
+ memset(tmp, 0, maxlen);
+ free(tmp);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/name-45-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/name-45-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/name-45-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 2002 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: name-45-test.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+enum { MAX_COMPONENTS = 3 };
+
+static struct testcase {
+ const char *v4_name;
+ const char *v4_inst;
+ const char *v4_realm;
+
+ krb5_realm v5_realm;
+ unsigned ncomponents;
+ char *comp_val[MAX_COMPONENTS];
+
+ const char *config_file;
+ krb5_error_code ret; /* expected error code from 524 */
+
+ krb5_error_code ret2; /* expected error code from 425 */
+} tests[] = {
+ {"", "", "", "", 1, {""}, NULL, 0, 0},
+ {"a", "", "", "", 1, {"a"}, NULL, 0, 0},
+ {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
+ {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
+
+ {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
+ {"krbtgt", "FOO.SE"}, NULL, 0, 0},
+
+ {"foo", "bar2", "BAZ", "BAZ", 2,
+ {"foo", "bar2"}, NULL, 0, 0},
+ {"foo", "bar2", "BAZ", "BAZ", 2,
+ {"foo", "bar2"},
+ "[libdefaults]\n"
+ " v4_name_convert = {\n"
+ " host = {\n"
+ " foo = foo5\n"
+ " }\n"
+ "}\n",
+ HEIM_ERR_V4_PRINC_NO_CONV, 0},
+ {"foo", "bar2", "BAZ", "BAZ", 2,
+ {"foo5", "bar2.baz"},
+ "[realms]\n"
+ " BAZ = {\n"
+ " v4_name_convert = {\n"
+ " host = {\n"
+ " foo = foo5\n"
+ " }\n"
+ " }\n"
+ " v4_instance_convert = {\n"
+ " bar2 = bar2.baz\n"
+ " }\n"
+ " }\n",
+ 0, 0},
+
+ {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
+ HEIM_ERR_V4_PRINC_NO_CONV, 0},
+ {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
+ "[realms]\n"
+ " realm = {\n"
+ " v4_instance_convert = {\n"
+ " foo = foo.realm\n"
+ " }\n"
+ " }\n",
+ 0, 0},
+
+ {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
+ {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
+ {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
+ {"pop", "mail0.nada.kth.se"},
+ "[realms]\n"
+ " NADA.KTH.SE = {\n"
+ " default_domain = nada.kth.se\n"
+ " }\n",
+ 0, 0},
+ {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
+ {"pop", "mail0.nada.kth.se"},
+ "[libdefaults]\n"
+ " v4_instance_resolve = true\n",
+ HEIM_ERR_V4_PRINC_NO_CONV, 0},
+
+ {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
+ {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0},
+ {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2,
+ {"host", "hokkigai.pdc.kth.se"},
+ "[libdefaults]\n"
+ " v4_instance_resolve = true\n"
+ "[realms]\n"
+ " NADA.KTH.SE = {\n"
+ " v4_name_convert = {\n"
+ " host = {\n"
+ " rcmd = host\n"
+ " }\n"
+ " }\n"
+ " default_domain = pdc.kth.se\n"
+ " }\n",
+ 0, 0},
+
+ {"0123456789012345678901234567890123456789",
+ "0123456789012345678901234567890123456789",
+ "0123456789012345678901234567890123456789",
+ "0123456789012345678901234567890123456789",
+ 2, {"0123456789012345678901234567890123456789",
+ "0123456789012345678901234567890123456789"}, NULL,
+ 0, KRB5_PARSE_MALFORMED},
+
+ {"012345678901234567890123456789012345678",
+ "012345678901234567890123456789012345678",
+ "012345678901234567890123456789012345678",
+ "012345678901234567890123456789012345678",
+ 2, {"012345678901234567890123456789012345678",
+ "012345678901234567890123456789012345678"}, NULL,
+ 0, 0},
+
+ {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0}
+};
+
+int
+main(int argc, char **argv)
+{
+ struct testcase *t;
+ krb5_context context;
+ krb5_error_code ret;
+ char hostname[1024];
+ int val = 0;
+
+ setprogname(argv[0]);
+
+ gethostname(hostname, sizeof(hostname));
+ if (!(strstr(hostname, "kth.se") != NULL || strstr(hostname, "su.se") != NULL))
+ return 0;
+
+ for (t = tests; t->v4_name; ++t) {
+ krb5_principal princ;
+ int i;
+ char name[40], inst[40], realm[40];
+ char printable_princ[256];
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if (t->config_file != NULL) {
+ char template[] = "/tmp/krb5-conf-XXXXXX";
+ int fd = mkstemp(template);
+ char *files[2];
+
+ if (fd < 0)
+ krb5_err (context, 1, errno, "mkstemp %s", template);
+
+ if (write (fd, t->config_file, strlen(t->config_file))
+ != strlen(t->config_file))
+ krb5_err (context, 1, errno, "write %s", template);
+ close (fd);
+ files[0] = template;
+ files[1] = NULL;
+
+ ret = krb5_set_config_files (context, files);
+ unlink (template);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_set_config_files");
+ }
+
+ ret = krb5_425_conv_principal (context,
+ t->v4_name,
+ t->v4_inst,
+ t->v4_realm,
+ &princ);
+ if (ret) {
+ if (ret != t->ret) {
+ krb5_warn (context, ret,
+ "krb5_425_conv_principal %s.%s@%s",
+ t->v4_name, t->v4_inst, t->v4_realm);
+ val = 1;
+ }
+ } else {
+ if (t->ret) {
+ char *s;
+ krb5_unparse_name(context, princ, &s);
+ krb5_warnx (context,
+ "krb5_425_conv_principal %s.%s@%s "
+ "passed unexpected: %s",
+ t->v4_name, t->v4_inst, t->v4_realm, s);
+ free(s);
+ val = 1;
+ krb5_free_context(context);
+ continue;
+ }
+ }
+
+ if (ret) {
+ krb5_free_context(context);
+ continue;
+ }
+
+ if (strcmp (t->v5_realm, princ->realm) != 0) {
+ printf ("wrong realm (\"%s\" should be \"%s\")"
+ " for \"%s.%s@%s\"\n",
+ princ->realm, t->v5_realm,
+ t->v4_name,
+ t->v4_inst,
+ t->v4_realm);
+ val = 1;
+ }
+
+ if (t->ncomponents != princ->name.name_string.len) {
+ printf ("wrong number of components (%u should be %u)"
+ " for \"%s.%s@%s\"\n",
+ princ->name.name_string.len, t->ncomponents,
+ t->v4_name,
+ t->v4_inst,
+ t->v4_realm);
+ val = 1;
+ } else {
+ for (i = 0; i < t->ncomponents; ++i) {
+ if (strcmp(t->comp_val[i],
+ princ->name.name_string.val[i]) != 0) {
+ printf ("bad component %d (\"%s\" should be \"%s\")"
+ " for \"%s.%s@%s\"\n",
+ i,
+ princ->name.name_string.val[i],
+ t->comp_val[i],
+ t->v4_name,
+ t->v4_inst,
+ t->v4_realm);
+ val = 1;
+ }
+ }
+ }
+ ret = krb5_524_conv_principal (context, princ,
+ name, inst, realm);
+ if (krb5_unparse_name_fixed(context, princ,
+ printable_princ, sizeof(printable_princ)))
+ strlcpy(printable_princ, "unknown principal",
+ sizeof(printable_princ));
+ if (ret) {
+ if (ret != t->ret2) {
+ krb5_warn (context, ret,
+ "krb5_524_conv_principal %s", printable_princ);
+ val = 1;
+ }
+ } else {
+ if (t->ret2) {
+ krb5_warnx (context,
+ "krb5_524_conv_principal %s "
+ "passed unexpected", printable_princ);
+ val = 1;
+ krb5_free_context(context);
+ continue;
+ }
+ }
+ if (ret) {
+ krb5_free_principal (context, princ);
+ krb5_free_context(context);
+ continue;
+ }
+
+ krb5_free_principal (context, princ);
+ krb5_free_context(context);
+ }
+ return val;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/net_read.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/net_read.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/net_read.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: net_read.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_net_read (krb5_context context,
+ void *p_fd,
+ void *buf,
+ size_t len)
+{
+ int fd = *((int *)p_fd);
+
+ return net_read (fd, buf, len);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/net_write.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/net_write.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/net_write.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: net_write.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_net_write (krb5_context context,
+ void *p_fd,
+ const void *buf,
+ size_t len)
+{
+ int fd = *((int *)p_fd);
+
+ return net_write (fd, buf, len);
+}
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_net_write_block(krb5_context context,
+ void *p_fd,
+ const void *buf,
+ size_t len,
+ time_t timeout)
+{
+ int fd = *((int *)p_fd);
+ int ret;
+ struct timeval tv, *tvp;
+ const char *cbuf = (const char *)buf;
+ size_t rem = len;
+ ssize_t count;
+ fd_set wfds;
+
+ do {
+ FD_ZERO(&wfds);
+ FD_SET(fd, &wfds);
+
+ if (timeout != 0) {
+ tv.tv_sec = timeout;
+ tv.tv_usec = 0;
+ tvp = &tv;
+ } else
+ tvp = NULL;
+
+ ret = select(fd + 1, NULL, &wfds, NULL, tvp);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ return -1;
+ } else if (ret == 0)
+ return 0;
+
+ if (!FD_ISSET(fd, &wfds)) {
+ errno = ETIMEDOUT;
+ return -1;
+ }
+
+#ifdef WIN32
+ count = send (fd, cbuf, rem, 0);
+#else
+ count = write (fd, cbuf, rem);
+#endif
+ if (count < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ return count;
+ }
+ cbuf += count;
+ rem -= count;
+
+ } while (rem > 0);
+
+ return len;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/pac.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/pac.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/pac.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1041 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: pac.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct PAC_INFO_BUFFER {
+ uint32_t type;
+ uint32_t buffersize;
+ uint32_t offset_hi;
+ uint32_t offset_lo;
+};
+
+struct PACTYPE {
+ uint32_t numbuffers;
+ uint32_t version;
+ struct PAC_INFO_BUFFER buffers[1];
+};
+
+struct krb5_pac_data {
+ struct PACTYPE *pac;
+ krb5_data data;
+ struct PAC_INFO_BUFFER *server_checksum;
+ struct PAC_INFO_BUFFER *privsvr_checksum;
+ struct PAC_INFO_BUFFER *logon_name;
+};
+
+#define PAC_ALIGNMENT 8
+
+#define PACTYPE_SIZE 8
+#define PAC_INFO_BUFFER_SIZE 16
+
+#define PAC_SERVER_CHECKSUM 6
+#define PAC_PRIVSVR_CHECKSUM 7
+#define PAC_LOGON_NAME 10
+#define PAC_CONSTRAINED_DELEGATION 11
+
+#define CHECK(r,f,l) \
+ do { \
+ if (((r) = f ) != 0) { \
+ krb5_clear_error_string(context); \
+ goto l; \
+ } \
+ } while(0)
+
+static const char zeros[PAC_ALIGNMENT] = { 0 };
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
+ krb5_pac *pac)
+{
+ krb5_error_code ret;
+ krb5_pac p;
+ krb5_storage *sp = NULL;
+ uint32_t i, tmp, tmp2, header_end;
+
+ p = calloc(1, sizeof(*p));
+ if (p == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+
+ sp = krb5_storage_from_readonly_mem(ptr, len);
+ if (sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
+ CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
+ if (tmp < 1) {
+ krb5_set_error_string(context, "PAC have too few buffer");
+ ret = EINVAL; /* Too few buffers */
+ goto out;
+ }
+ if (tmp2 != 0) {
+ krb5_set_error_string(context, "PAC have wrong version");
+ ret = EINVAL; /* Wrong version */
+ goto out;
+ }
+
+ p->pac = calloc(1,
+ sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
+ if (p->pac == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ p->pac->numbuffers = tmp;
+ p->pac->version = tmp2;
+
+ header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
+ if (header_end > len) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ for (i = 0; i < p->pac->numbuffers; i++) {
+ CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
+ CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
+ CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
+ CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
+
+ /* consistency checks */
+ if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
+ krb5_set_error_string(context, "PAC out of allignment");
+ ret = EINVAL;
+ goto out;
+ }
+ if (p->pac->buffers[i].offset_hi) {
+ krb5_set_error_string(context, "PAC high offset set");
+ ret = EINVAL;
+ goto out;
+ }
+ if (p->pac->buffers[i].offset_lo > len) {
+ krb5_set_error_string(context, "PAC offset off end");
+ ret = EINVAL;
+ goto out;
+ }
+ if (p->pac->buffers[i].offset_lo < header_end) {
+ krb5_set_error_string(context, "PAC offset inside header: %d %d",
+ p->pac->buffers[i].offset_lo, header_end);
+ ret = EINVAL;
+ goto out;
+ }
+ if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
+ krb5_set_error_string(context, "PAC length off end");
+ ret = EINVAL;
+ goto out;
+ }
+
+ /* let save pointer to data we need later */
+ if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
+ if (p->server_checksum) {
+ krb5_set_error_string(context, "PAC have two server checksums");
+ ret = EINVAL;
+ goto out;
+ }
+ p->server_checksum = &p->pac->buffers[i];
+ } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
+ if (p->privsvr_checksum) {
+ krb5_set_error_string(context, "PAC have two KDC checksums");
+ ret = EINVAL;
+ goto out;
+ }
+ p->privsvr_checksum = &p->pac->buffers[i];
+ } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
+ if (p->logon_name) {
+ krb5_set_error_string(context, "PAC have two logon names");
+ ret = EINVAL;
+ goto out;
+ }
+ p->logon_name = &p->pac->buffers[i];
+ }
+ }
+
+ ret = krb5_data_copy(&p->data, ptr, len);
+ if (ret)
+ goto out;
+
+ krb5_storage_free(sp);
+
+ *pac = p;
+ return 0;
+
+out:
+ if (sp)
+ krb5_storage_free(sp);
+ if (p) {
+ if (p->pac)
+ free(p->pac);
+ free(p);
+ }
+ *pac = NULL;
+
+ return ret;
+}
+
+krb5_error_code
+krb5_pac_init(krb5_context context, krb5_pac *pac)
+{
+ krb5_error_code ret;
+ krb5_pac p;
+
+ p = calloc(1, sizeof(*p));
+ if (p == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+
+ p->pac = calloc(1, sizeof(*p->pac));
+ if (p->pac == NULL) {
+ free(p);
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+
+ ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
+ if (ret) {
+ free (p->pac);
+ free(p);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+
+
+ *pac = p;
+ return 0;
+}
+
+krb5_error_code
+krb5_pac_add_buffer(krb5_context context, krb5_pac p,
+ uint32_t type, const krb5_data *data)
+{
+ krb5_error_code ret;
+ void *ptr;
+ size_t len, offset, header_end, old_end;
+ uint32_t i;
+
+ len = p->pac->numbuffers;
+
+ ptr = realloc(p->pac,
+ sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
+ if (ptr == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ p->pac = ptr;
+
+ for (i = 0; i < len; i++)
+ p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
+
+ offset = p->data.length + PAC_INFO_BUFFER_SIZE;
+
+ p->pac->buffers[len].type = type;
+ p->pac->buffers[len].buffersize = data->length;
+ p->pac->buffers[len].offset_lo = offset;
+ p->pac->buffers[len].offset_hi = 0;
+
+ old_end = p->data.length;
+ len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
+ if (len < p->data.length) {
+ krb5_set_error_string(context, "integer overrun");
+ return EINVAL;
+ }
+
+ /* align to PAC_ALIGNMENT */
+ len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
+
+ ret = krb5_data_realloc(&p->data, len);
+ if (ret) {
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+
+ /*
+ * make place for new PAC INFO BUFFER header
+ */
+ header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
+ memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
+ (unsigned char *)p->data.data + header_end ,
+ old_end - header_end);
+ memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
+
+ /*
+ * copy in new data part
+ */
+
+ memcpy((unsigned char *)p->data.data + offset,
+ data->data, data->length);
+ memset((unsigned char *)p->data.data + offset + data->length,
+ 0, p->data.length - offset - data->length);
+
+ p->pac->numbuffers += 1;
+
+ return 0;
+}
+
+krb5_error_code
+krb5_pac_get_buffer(krb5_context context, krb5_pac p,
+ uint32_t type, krb5_data *data)
+{
+ krb5_error_code ret;
+ uint32_t i;
+
+ /*
+ * Hide the checksums from external consumers
+ */
+
+ if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) {
+ ret = krb5_data_alloc(data, 16);
+ if (ret) {
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
+ memset(data->data, 0, data->length);
+ return 0;
+ }
+
+ for (i = 0; i < p->pac->numbuffers; i++) {
+ size_t len = p->pac->buffers[i].buffersize;
+ size_t offset = p->pac->buffers[i].offset_lo;
+
+ if (p->pac->buffers[i].type != type)
+ continue;
+
+ ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
+ if (ret) {
+ krb5_set_error_string(context, "Out of memory");
+ return ret;
+ }
+ return 0;
+ }
+ krb5_set_error_string(context, "No PAC buffer of type %lu was found",
+ (unsigned long)type);
+ return ENOENT;
+}
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_pac_get_types(krb5_context context,
+ krb5_pac p,
+ size_t *len,
+ uint32_t **types)
+{
+ size_t i;
+
+ *types = calloc(p->pac->numbuffers, sizeof(*types));
+ if (*types == NULL) {
+ *len = 0;
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ for (i = 0; i < p->pac->numbuffers; i++)
+ (*types)[i] = p->pac->buffers[i].type;
+ *len = p->pac->numbuffers;
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+void
+krb5_pac_free(krb5_context context, krb5_pac pac)
+{
+ krb5_data_free(&pac->data);
+ free(pac->pac);
+ free(pac);
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+verify_checksum(krb5_context context,
+ const struct PAC_INFO_BUFFER *sig,
+ const krb5_data *data,
+ void *ptr, size_t len,
+ const krb5_keyblock *key)
+{
+ krb5_crypto crypto = NULL;
+ krb5_storage *sp = NULL;
+ uint32_t type;
+ krb5_error_code ret;
+ Checksum cksum;
+
+ memset(&cksum, 0, sizeof(cksum));
+
+ sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
+ sig->buffersize);
+ if (sp == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(ret, krb5_ret_uint32(sp, &type), out);
+ cksum.cksumtype = type;
+ cksum.checksum.length =
+ sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
+ cksum.checksum.data = malloc(cksum.checksum.length);
+ if (cksum.checksum.data == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
+ if (ret != cksum.checksum.length) {
+ krb5_set_error_string(context, "PAC checksum missing checksum");
+ ret = EINVAL;
+ goto out;
+ }
+
+ if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
+ krb5_set_error_string (context, "Checksum type %d not keyed",
+ cksum.cksumtype);
+ ret = EINVAL;
+ goto out;
+ }
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ goto out;
+
+ ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
+ ptr, len, &cksum);
+ free(cksum.checksum.data);
+ krb5_crypto_destroy(context, crypto);
+ krb5_storage_free(sp);
+
+ return ret;
+
+out:
+ if (cksum.checksum.data)
+ free(cksum.checksum.data);
+ if (sp)
+ krb5_storage_free(sp);
+ if (crypto)
+ krb5_crypto_destroy(context, crypto);
+ return ret;
+}
+
+static krb5_error_code
+create_checksum(krb5_context context,
+ const krb5_keyblock *key,
+ void *data, size_t datalen,
+ void *sig, size_t siglen)
+{
+ krb5_crypto crypto = NULL;
+ krb5_error_code ret;
+ Checksum cksum;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
+ data, datalen, &cksum);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ return ret;
+
+ if (cksum.checksum.length != siglen) {
+ krb5_set_error_string(context, "pac checksum wrong length");
+ free_Checksum(&cksum);
+ return EINVAL;
+ }
+
+ memcpy(sig, cksum.checksum.data, siglen);
+ free_Checksum(&cksum);
+
+ return 0;
+}
+
+
+/*
+ *
+ */
+
+#define NTTIME_EPOCH 0x019DB1DED53E8000LL
+
+static uint64_t
+unix2nttime(time_t unix_time)
+{
+ long long wt;
+ wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
+ return wt;
+}
+
+static krb5_error_code
+verify_logonname(krb5_context context,
+ const struct PAC_INFO_BUFFER *logon_name,
+ const krb5_data *data,
+ time_t authtime,
+ krb5_const_principal principal)
+{
+ krb5_error_code ret;
+ krb5_principal p2;
+ uint32_t time1, time2;
+ krb5_storage *sp;
+ uint16_t len;
+ char *s;
+
+ sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
+ logon_name->buffersize);
+ if (sp == NULL) {
+ krb5_set_error_string(context, "Out of memory");
+ return ENOMEM;
+ }
+
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(ret, krb5_ret_uint32(sp, &time1), out);
+ CHECK(ret, krb5_ret_uint32(sp, &time2), out);
+
+ {
+ uint64_t t1, t2;
+ t1 = unix2nttime(authtime);
+ t2 = ((uint64_t)time2 << 32) | time1;
+ if (t1 != t2) {
+ krb5_storage_free(sp);
+ krb5_set_error_string(context, "PAC timestamp mismatch");
+ return EINVAL;
+ }
+ }
+ CHECK(ret, krb5_ret_uint16(sp, &len), out);
+ if (len == 0) {
+ krb5_storage_free(sp);
+ krb5_set_error_string(context, "PAC logon name length missing");
+ return EINVAL;
+ }
+
+ s = malloc(len);
+ if (s == NULL) {
+ krb5_storage_free(sp);
+ krb5_set_error_string(context, "Out of memory");
+ return ENOMEM;
+ }
+ ret = krb5_storage_read(sp, s, len);
+ if (ret != len) {
+ krb5_storage_free(sp);
+ krb5_set_error_string(context, "Failed to read pac logon name");
+ return EINVAL;
+ }
+ krb5_storage_free(sp);
+#if 1 /* cheat for now */
+ {
+ size_t i;
+
+ if (len & 1) {
+ krb5_set_error_string(context, "PAC logon name malformed");
+ return EINVAL;
+ }
+
+ for (i = 0; i < len / 2; i++) {
+ if (s[(i * 2) + 1]) {
+ krb5_set_error_string(context, "PAC logon name not ASCII");
+ return EINVAL;
+ }
+ s[i] = s[i * 2];
+ }
+ s[i] = '\0';
+ }
+#else
+ {
+ uint16_t *ucs2;
+ ssize_t ucs2len;
+ size_t u8len;
+
+ ucs2 = malloc(sizeof(ucs2[0]) * len / 2);
+ if (ucs2)
+ abort();
+ ucs2len = wind_ucs2read(s, len / 2, ucs2);
+ free(s);
+ if (len < 0)
+ return -1;
+ ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len);
+ if (ret < 0)
+ abort();
+ s = malloc(u8len + 1);
+ if (s == NULL)
+ abort();
+ wind_ucs2toutf8(ucs2, ucs2len, s, &u8len);
+ free(ucs2);
+ }
+#endif
+ ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
+ free(s);
+ if (ret)
+ return ret;
+
+ if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
+ krb5_set_error_string(context, "PAC logon name mismatch");
+ ret = EINVAL;
+ }
+ krb5_free_principal(context, p2);
+ return ret;
+out:
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+build_logon_name(krb5_context context,
+ time_t authtime,
+ krb5_const_principal principal,
+ krb5_data *logon)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ uint64_t t;
+ char *s, *s2;
+ size_t i, len;
+
+ t = unix2nttime(authtime);
+
+ krb5_data_zero(logon);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
+ CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
+
+ ret = krb5_unparse_name_flags(context, principal,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
+ if (ret)
+ goto out;
+
+ len = strlen(s);
+
+ CHECK(ret, krb5_store_uint16(sp, len * 2), out);
+
+#if 1 /* cheat for now */
+ s2 = malloc(len * 2);
+ if (s2 == NULL) {
+ ret = ENOMEM;
+ free(s);
+ goto out;
+ }
+ for (i = 0; i < len; i++) {
+ s2[i * 2] = s[i];
+ s2[i * 2 + 1] = 0;
+ }
+ free(s);
+#else
+ /* write libwind code here */
+#endif
+
+ ret = krb5_storage_write(sp, s2, len * 2);
+ free(s2);
+ if (ret != len * 2) {
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = krb5_storage_to_data(sp, logon);
+ if (ret)
+ goto out;
+ krb5_storage_free(sp);
+
+ return 0;
+out:
+ krb5_storage_free(sp);
+ return ret;
+}
+
+
+/*
+ *
+ */
+
+krb5_error_code
+krb5_pac_verify(krb5_context context,
+ const krb5_pac pac,
+ time_t authtime,
+ krb5_const_principal principal,
+ const krb5_keyblock *server,
+ const krb5_keyblock *privsvr)
+{
+ krb5_error_code ret;
+
+ if (pac->server_checksum == NULL) {
+ krb5_set_error_string(context, "PAC missing server checksum");
+ return EINVAL;
+ }
+ if (pac->privsvr_checksum == NULL) {
+ krb5_set_error_string(context, "PAC missing kdc checksum");
+ return EINVAL;
+ }
+ if (pac->logon_name == NULL) {
+ krb5_set_error_string(context, "PAC missing logon name");
+ return EINVAL;
+ }
+
+ ret = verify_logonname(context,
+ pac->logon_name,
+ &pac->data,
+ authtime,
+ principal);
+ if (ret)
+ return ret;
+
+ /*
+ * in the service case, clean out data option of the privsvr and
+ * server checksum before checking the checksum.
+ */
+ {
+ krb5_data *copy;
+
+ ret = krb5_copy_data(context, &pac->data, ©);
+ if (ret)
+ return ret;
+
+ if (pac->server_checksum->buffersize < 4)
+ return EINVAL;
+ if (pac->privsvr_checksum->buffersize < 4)
+ return EINVAL;
+
+ memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
+ 0,
+ pac->server_checksum->buffersize - 4);
+
+ memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
+ 0,
+ pac->privsvr_checksum->buffersize - 4);
+
+ ret = verify_checksum(context,
+ pac->server_checksum,
+ &pac->data,
+ copy->data,
+ copy->length,
+ server);
+ krb5_free_data(context, copy);
+ if (ret)
+ return ret;
+ }
+ if (privsvr) {
+ ret = verify_checksum(context,
+ pac->privsvr_checksum,
+ &pac->data,
+ (char *)pac->data.data
+ + pac->server_checksum->offset_lo + 4,
+ pac->server_checksum->buffersize - 4,
+ privsvr);
+ if (ret)
+ return ret;
+ }
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
+{
+ ssize_t sret;
+ size_t l;
+
+ while (len) {
+ l = len;
+ if (l > sizeof(zeros))
+ l = sizeof(zeros);
+ sret = krb5_storage_write(sp, zeros, l);
+ if (sret <= 0) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ len -= sret;
+ }
+ return 0;
+}
+
+static krb5_error_code
+pac_checksum(krb5_context context,
+ const krb5_keyblock *key,
+ uint32_t *cksumtype,
+ size_t *cksumsize)
+{
+ krb5_cksumtype cktype;
+ krb5_error_code ret;
+ krb5_crypto crypto = NULL;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
+ ret = krb5_crypto_destroy(context, crypto);
+ if (ret)
+ return ret;
+
+ if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
+ krb5_set_error_string(context, "PAC checksum type is not keyed");
+ return EINVAL;
+ }
+
+ ret = krb5_checksumsize(context, cktype, cksumsize);
+ if (ret)
+ return ret;
+
+ *cksumtype = (uint32_t)cktype;
+
+ return 0;
+}
+
+krb5_error_code
+_krb5_pac_sign(krb5_context context,
+ krb5_pac p,
+ time_t authtime,
+ krb5_principal principal,
+ const krb5_keyblock *server_key,
+ const krb5_keyblock *priv_key,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_storage *sp = NULL, *spdata = NULL;
+ uint32_t end;
+ size_t server_size, priv_size;
+ uint32_t server_offset = 0, priv_offset = 0;
+ uint32_t server_cksumtype = 0, priv_cksumtype = 0;
+ int i, num = 0;
+ krb5_data logon, d;
+
+ krb5_data_zero(&logon);
+
+ if (p->logon_name == NULL)
+ num++;
+ if (p->server_checksum == NULL)
+ num++;
+ if (p->privsvr_checksum == NULL)
+ num++;
+
+ if (num) {
+ void *ptr;
+
+ ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
+ if (ptr == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ p->pac = ptr;
+
+ if (p->logon_name == NULL) {
+ p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
+ memset(p->logon_name, 0, sizeof(*p->logon_name));
+ p->logon_name->type = PAC_LOGON_NAME;
+ }
+ if (p->server_checksum == NULL) {
+ p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
+ memset(p->server_checksum, 0, sizeof(*p->server_checksum));
+ p->server_checksum->type = PAC_SERVER_CHECKSUM;
+ }
+ if (p->privsvr_checksum == NULL) {
+ p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
+ memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
+ p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
+ }
+ }
+
+ /* Calculate LOGON NAME */
+ ret = build_logon_name(context, authtime, principal, &logon);
+ if (ret)
+ goto out;
+
+ /* Set lengths for checksum */
+ ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
+ if (ret)
+ goto out;
+ ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
+ if (ret)
+ goto out;
+
+ /* Encode PAC */
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ spdata = krb5_storage_emem();
+ if (spdata == NULL) {
+ krb5_storage_free(sp);
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
+ CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
+
+ end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
+
+ for (i = 0; i < p->pac->numbuffers; i++) {
+ uint32_t len;
+ size_t sret;
+ void *ptr = NULL;
+
+ /* store data */
+
+ if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
+ len = server_size + 4;
+ server_offset = end + 4;
+ CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
+ CHECK(ret, fill_zeros(context, spdata, server_size), out);
+ } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
+ len = priv_size + 4;
+ priv_offset = end + 4;
+ CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
+ CHECK(ret, fill_zeros(context, spdata, priv_size), out);
+ } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
+ len = krb5_storage_write(spdata, logon.data, logon.length);
+ if (logon.length != len) {
+ ret = EINVAL;
+ goto out;
+ }
+ } else {
+ len = p->pac->buffers[i].buffersize;
+ ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
+
+ sret = krb5_storage_write(spdata, ptr, len);
+ if (sret != len) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ /* XXX if not aligned, fill_zeros */
+ }
+
+ /* write header */
+ CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
+ CHECK(ret, krb5_store_uint32(sp, len), out);
+ CHECK(ret, krb5_store_uint32(sp, end), out);
+ CHECK(ret, krb5_store_uint32(sp, 0), out);
+
+ /* advance data endpointer and align */
+ {
+ int32_t e;
+
+ end += len;
+ e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
+ if (end != e) {
+ CHECK(ret, fill_zeros(context, spdata, e - end), out);
+ }
+ end = e;
+ }
+
+ }
+
+ /* assert (server_offset != 0 && priv_offset != 0); */
+
+ /* export PAC */
+ ret = krb5_storage_to_data(spdata, &d);
+ if (ret) {
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+ ret = krb5_storage_write(sp, d.data, d.length);
+ if (ret != d.length) {
+ krb5_data_free(&d);
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ krb5_data_free(&d);
+
+ ret = krb5_storage_to_data(sp, &d);
+ if (ret) {
+ krb5_set_error_string(context, "out of memory");
+ goto out;
+ }
+
+ /* sign */
+
+ ret = create_checksum(context, server_key,
+ d.data, d.length,
+ (char *)d.data + server_offset, server_size);
+ if (ret) {
+ krb5_data_free(&d);
+ goto out;
+ }
+
+ ret = create_checksum(context, priv_key,
+ (char *)d.data + server_offset, server_size,
+ (char *)d.data + priv_offset, priv_size);
+ if (ret) {
+ krb5_data_free(&d);
+ goto out;
+ }
+
+ /* done */
+ *data = d;
+
+ krb5_data_free(&logon);
+ krb5_storage_free(sp);
+ krb5_storage_free(spdata);
+
+ return 0;
+out:
+ krb5_data_free(&logon);
+ if (sp)
+ krb5_storage_free(sp);
+ if (spdata)
+ krb5_storage_free(spdata);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/padata.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/padata.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/padata.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: padata.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+PA_DATA *
+krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
+{
+ for(; *idx < len; (*idx)++)
+ if(val[*idx].padata_type == type)
+ return val + *idx;
+ return NULL;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_padata_add(krb5_context context, METHOD_DATA *md,
+ int type, void *buf, size_t len)
+{
+ PA_DATA *pa;
+
+ pa = realloc (md->val, (md->len + 1) * sizeof(*md->val));
+ if (pa == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ md->val = pa;
+
+ pa[md->len].padata_type = type;
+ pa[md->len].padata_value.length = len;
+ pa[md->len].padata_value.data = buf;
+ md->len++;
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/parse-name-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/parse-name-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/parse-name-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: parse-name-test.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+enum { MAX_COMPONENTS = 3 };
+
+static struct testcase {
+ const char *input_string;
+ const char *output_string;
+ krb5_realm realm;
+ unsigned ncomponents;
+ char *comp_val[MAX_COMPONENTS];
+ int realmp;
+} tests[] = {
+ {"", "@", "", 1, {""}, FALSE},
+ {"a", "a@", "", 1, {"a"}, FALSE},
+ {"\\n", "\\n@", "", 1, {"\n"}, FALSE},
+ {"\\ ", "\\ @", "", 1, {" "}, FALSE},
+ {"\\t", "\\t@", "", 1, {"\t"}, FALSE},
+ {"\\b", "\\b@", "", 1, {"\b"}, FALSE},
+ {"\\\\", "\\\\@", "", 1, {"\\"}, FALSE},
+ {"\\/", "\\/@", "", 1, {"/"}, FALSE},
+ {"\\@", "\\@@", "", 1, {"@"}, FALSE},
+ {"@", "@", "", 1, {""}, TRUE},
+ {"a/b", "a/b@", "", 2, {"a", "b"}, FALSE},
+ {"a/", "a/@", "", 2, {"a", ""}, FALSE},
+ {"a\\//\\/", "a\\//\\/@", "", 2, {"a/", "/"}, FALSE},
+ {"/a", "/a@", "", 2, {"", "a"}, FALSE},
+ {"\\@@\\@", "\\@@\\@", "@", 1, {"@"}, TRUE},
+ {"a/b/c", "a/b/c@", "", 3, {"a", "b", "c"}, FALSE},
+ {NULL, NULL, "", 0, { NULL }, FALSE}};
+
+int KRB5_LIB_FUNCTION
+main(int argc, char **argv)
+{
+ struct testcase *t;
+ krb5_context context;
+ krb5_error_code ret;
+ int val = 0;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ /* to enable realm-less principal name above */
+
+ krb5_set_default_realm(context, "");
+
+ for (t = tests; t->input_string; ++t) {
+ krb5_principal princ;
+ int i, j;
+ char name_buf[1024];
+ char *s;
+
+ ret = krb5_parse_name(context, t->input_string, &princ);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s",
+ t->input_string);
+ if (strcmp (t->realm, princ->realm) != 0) {
+ printf ("wrong realm (\"%s\" should be \"%s\")"
+ " for \"%s\"\n",
+ princ->realm, t->realm,
+ t->input_string);
+ val = 1;
+ }
+
+ if (t->ncomponents != princ->name.name_string.len) {
+ printf ("wrong number of components (%u should be %u)"
+ " for \"%s\"\n",
+ princ->name.name_string.len, t->ncomponents,
+ t->input_string);
+ val = 1;
+ } else {
+ for (i = 0; i < t->ncomponents; ++i) {
+ if (strcmp(t->comp_val[i],
+ princ->name.name_string.val[i]) != 0) {
+ printf ("bad component %d (\"%s\" should be \"%s\")"
+ " for \"%s\"\n",
+ i,
+ princ->name.name_string.val[i],
+ t->comp_val[i],
+ t->input_string);
+ val = 1;
+ }
+ }
+ }
+ for (j = 0; j < strlen(t->output_string); ++j) {
+ ret = krb5_unparse_name_fixed(context, princ,
+ name_buf, j);
+ if (ret != ERANGE) {
+ printf ("unparse_name %s with length %d should have failed\n",
+ t->input_string, j);
+ val = 1;
+ break;
+ }
+ }
+ ret = krb5_unparse_name_fixed(context, princ,
+ name_buf, sizeof(name_buf));
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
+
+ if (strcmp (t->output_string, name_buf) != 0) {
+ printf ("failed comparing the re-parsed"
+ " (\"%s\" should be \"%s\")\n",
+ name_buf, t->output_string);
+ val = 1;
+ }
+
+ ret = krb5_unparse_name(context, princ, &s);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name");
+
+ if (strcmp (t->output_string, s) != 0) {
+ printf ("failed comparing the re-parsed"
+ " (\"%s\" should be \"%s\"\n",
+ s, t->output_string);
+ val = 1;
+ }
+ free(s);
+
+ if (!t->realmp) {
+ for (j = 0; j < strlen(t->input_string); ++j) {
+ ret = krb5_unparse_name_fixed_short(context, princ,
+ name_buf, j);
+ if (ret != ERANGE) {
+ printf ("unparse_name_short %s with length %d"
+ " should have failed\n",
+ t->input_string, j);
+ val = 1;
+ break;
+ }
+ }
+ ret = krb5_unparse_name_fixed_short(context, princ,
+ name_buf, sizeof(name_buf));
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name_fixed");
+
+ if (strcmp (t->input_string, name_buf) != 0) {
+ printf ("failed comparing the re-parsed"
+ " (\"%s\" should be \"%s\")\n",
+ name_buf, t->input_string);
+ val = 1;
+ }
+
+ ret = krb5_unparse_name_short(context, princ, &s);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_unparse_name_short");
+
+ if (strcmp (t->input_string, s) != 0) {
+ printf ("failed comparing the re-parsed"
+ " (\"%s\" should be \"%s\"\n",
+ s, t->input_string);
+ val = 1;
+ }
+ free(s);
+ }
+ krb5_free_principal (context, princ);
+ }
+ krb5_free_context(context);
+ return val;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/pkinit.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/pkinit.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/pkinit.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2070 @@
+/*
+ * Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: pkinit.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+struct krb5_dh_moduli {
+ char *name;
+ unsigned long bits;
+ heim_integer p;
+ heim_integer g;
+ heim_integer q;
+};
+
+#ifdef PKINIT
+
+#include <heim_asn1.h>
+#include <rfc2459_asn1.h>
+#include <cms_asn1.h>
+#include <pkcs8_asn1.h>
+#include <pkcs9_asn1.h>
+#include <pkcs12_asn1.h>
+#include <pkinit_asn1.h>
+#include <asn1_err.h>
+
+#include <der.h>
+
+#include <hx509.h>
+
+enum {
+ COMPAT_WIN2K = 1,
+ COMPAT_IETF = 2
+};
+
+struct krb5_pk_identity {
+ hx509_context hx509ctx;
+ hx509_verify_ctx verify_ctx;
+ hx509_certs certs;
+ hx509_certs anchors;
+ hx509_certs certpool;
+ hx509_revoke_ctx revokectx;
+};
+
+struct krb5_pk_cert {
+ hx509_cert cert;
+};
+
+struct krb5_pk_init_ctx_data {
+ struct krb5_pk_identity *id;
+ DH *dh;
+ krb5_data *clientDHNonce;
+ struct krb5_dh_moduli **m;
+ hx509_peer_info peer;
+ int type;
+ unsigned int require_binding:1;
+ unsigned int require_eku:1;
+ unsigned int require_krbtgt_otherName:1;
+ unsigned int require_hostname_match:1;
+ unsigned int trustedCertifiers:1;
+};
+
+static void
+_krb5_pk_copy_error(krb5_context context,
+ hx509_context hx509ctx,
+ int hxret,
+ const char *fmt,
+ ...)
+ __attribute__ ((format (printf, 4, 5)));
+
+/*
+ *
+ */
+
+void KRB5_LIB_FUNCTION
+_krb5_pk_cert_free(struct krb5_pk_cert *cert)
+{
+ if (cert->cert) {
+ hx509_cert_free(cert->cert);
+ }
+ free(cert);
+}
+
+static krb5_error_code
+BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
+{
+ integer->length = BN_num_bytes(bn);
+ integer->data = malloc(integer->length);
+ if (integer->data == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ BN_bn2bin(bn, integer->data);
+ integer->negative = BN_is_negative(bn);
+ return 0;
+}
+
+static BIGNUM *
+integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
+{
+ BIGNUM *bn;
+
+ bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
+ if (bn == NULL) {
+ krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
+ return NULL;
+ }
+ BN_set_negative(bn, f->negative);
+ return bn;
+}
+
+
+static krb5_error_code
+_krb5_pk_create_sign(krb5_context context,
+ const heim_oid *eContentType,
+ krb5_data *eContent,
+ struct krb5_pk_identity *id,
+ hx509_peer_info peer,
+ krb5_data *sd_data)
+{
+ hx509_cert cert;
+ hx509_query *q;
+ int ret;
+
+ ret = hx509_query_alloc(id->hx509ctx, &q);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Allocate query to find signing certificate");
+ return ret;
+ }
+
+ hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
+ hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
+
+ ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert);
+ hx509_query_free(id->hx509ctx, q);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Find certificate to signed CMS data");
+ return ret;
+ }
+
+ ret = hx509_cms_create_signed_1(id->hx509ctx,
+ 0,
+ eContentType,
+ eContent->data,
+ eContent->length,
+ NULL,
+ cert,
+ peer,
+ NULL,
+ id->certs,
+ sd_data);
+ if (ret)
+ _krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData");
+ hx509_cert_free(cert);
+
+ return ret;
+}
+
+static int
+cert2epi(hx509_context context, void *ctx, hx509_cert c)
+{
+ ExternalPrincipalIdentifiers *ids = ctx;
+ ExternalPrincipalIdentifier id;
+ hx509_name subject = NULL;
+ void *p;
+ int ret;
+
+ memset(&id, 0, sizeof(id));
+
+ ret = hx509_cert_get_subject(c, &subject);
+ if (ret)
+ return ret;
+
+ if (hx509_name_is_null_p(subject) != 0) {
+
+ id.subjectName = calloc(1, sizeof(*id.subjectName));
+ if (id.subjectName == NULL) {
+ hx509_name_free(&subject);
+ free_ExternalPrincipalIdentifier(&id);
+ return ENOMEM;
+ }
+
+ ret = hx509_name_binary(subject, id.subjectName);
+ if (ret) {
+ hx509_name_free(&subject);
+ free_ExternalPrincipalIdentifier(&id);
+ return ret;
+ }
+ }
+ hx509_name_free(&subject);
+
+
+ id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber));
+ if (id.issuerAndSerialNumber == NULL) {
+ free_ExternalPrincipalIdentifier(&id);
+ return ENOMEM;
+ }
+
+ {
+ IssuerAndSerialNumber iasn;
+ hx509_name issuer;
+ size_t size;
+
+ memset(&iasn, 0, sizeof(iasn));
+
+ ret = hx509_cert_get_issuer(c, &issuer);
+ if (ret) {
+ free_ExternalPrincipalIdentifier(&id);
+ return ret;
+ }
+
+ ret = hx509_name_to_Name(issuer, &iasn.issuer);
+ hx509_name_free(&issuer);
+ if (ret) {
+ free_ExternalPrincipalIdentifier(&id);
+ return ret;
+ }
+
+ ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber);
+ if (ret) {
+ free_IssuerAndSerialNumber(&iasn);
+ free_ExternalPrincipalIdentifier(&id);
+ return ret;
+ }
+
+ ASN1_MALLOC_ENCODE(IssuerAndSerialNumber,
+ id.issuerAndSerialNumber->data,
+ id.issuerAndSerialNumber->length,
+ &iasn, &size, ret);
+ free_IssuerAndSerialNumber(&iasn);
+ if (ret)
+ return ret;
+ if (id.issuerAndSerialNumber->length != size)
+ abort();
+ }
+
+ id.subjectKeyIdentifier = NULL;
+
+ p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1));
+ if (p == NULL) {
+ free_ExternalPrincipalIdentifier(&id);
+ return ENOMEM;
+ }
+
+ ids->val = p;
+ ids->val[ids->len] = id;
+ ids->len++;
+
+ return 0;
+}
+
+static krb5_error_code
+build_edi(krb5_context context,
+ hx509_context hx509ctx,
+ hx509_certs certs,
+ ExternalPrincipalIdentifiers *ids)
+{
+ return hx509_certs_iter(hx509ctx, certs, cert2epi, ids);
+}
+
+static krb5_error_code
+build_auth_pack(krb5_context context,
+ unsigned nonce,
+ krb5_pk_init_ctx ctx,
+ DH *dh,
+ const KDC_REQ_BODY *body,
+ AuthPack *a)
+{
+ size_t buf_size, len;
+ krb5_error_code ret;
+ void *buf;
+ krb5_timestamp sec;
+ int32_t usec;
+ Checksum checksum;
+
+ krb5_clear_error_string(context);
+
+ memset(&checksum, 0, sizeof(checksum));
+
+ krb5_us_timeofday(context, &sec, &usec);
+ a->pkAuthenticator.ctime = sec;
+ a->pkAuthenticator.nonce = nonce;
+
+ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
+ if (ret)
+ return ret;
+ if (buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_SHA1,
+ buf,
+ len,
+ &checksum);
+ free(buf);
+ if (ret)
+ return ret;
+
+ ALLOC(a->pkAuthenticator.paChecksum, 1);
+ if (a->pkAuthenticator.paChecksum == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = krb5_data_copy(a->pkAuthenticator.paChecksum,
+ checksum.checksum.data, checksum.checksum.length);
+ free_Checksum(&checksum);
+ if (ret)
+ return ret;
+
+ if (dh) {
+ DomainParameters dp;
+ heim_integer dh_pub_key;
+ krb5_data dhbuf;
+ size_t size;
+
+ if (1 /* support_cached_dh */) {
+ ALLOC(a->clientDHNonce, 1);
+ if (a->clientDHNonce == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ ret = krb5_data_alloc(a->clientDHNonce, 40);
+ if (a->clientDHNonce == NULL) {
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+ memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
+ ret = krb5_copy_data(context, a->clientDHNonce,
+ &ctx->clientDHNonce);
+ if (ret)
+ return ret;
+ }
+
+ ALLOC(a->clientPublicValue, 1);
+ if (a->clientPublicValue == NULL)
+ return ENOMEM;
+ ret = der_copy_oid(oid_id_dhpublicnumber(),
+ &a->clientPublicValue->algorithm.algorithm);
+ if (ret)
+ return ret;
+
+ memset(&dp, 0, sizeof(dp));
+
+ ret = BN_to_integer(context, dh->p, &dp.p);
+ if (ret) {
+ free_DomainParameters(&dp);
+ return ret;
+ }
+ ret = BN_to_integer(context, dh->g, &dp.g);
+ if (ret) {
+ free_DomainParameters(&dp);
+ return ret;
+ }
+ ret = BN_to_integer(context, dh->q, &dp.q);
+ if (ret) {
+ free_DomainParameters(&dp);
+ return ret;
+ }
+ dp.j = NULL;
+ dp.validationParms = NULL;
+
+ a->clientPublicValue->algorithm.parameters =
+ malloc(sizeof(*a->clientPublicValue->algorithm.parameters));
+ if (a->clientPublicValue->algorithm.parameters == NULL) {
+ free_DomainParameters(&dp);
+ return ret;
+ }
+
+ ASN1_MALLOC_ENCODE(DomainParameters,
+ a->clientPublicValue->algorithm.parameters->data,
+ a->clientPublicValue->algorithm.parameters->length,
+ &dp, &size, ret);
+ free_DomainParameters(&dp);
+ if (ret)
+ return ret;
+ if (size != a->clientPublicValue->algorithm.parameters->length)
+ krb5_abortx(context, "Internal ASN1 encoder error");
+
+ ret = BN_to_integer(context, dh->pub_key, &dh_pub_key);
+ if (ret)
+ return ret;
+
+ ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length,
+ &dh_pub_key, &size, ret);
+ der_free_heim_integer(&dh_pub_key);
+ if (ret)
+ return ret;
+ if (size != dhbuf.length)
+ krb5_abortx(context, "asn1 internal error");
+
+ a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
+ a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
+ }
+
+ {
+ a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
+ if (a->supportedCMSTypes == NULL)
+ return ENOMEM;
+
+ ret = hx509_crypto_available(ctx->id->hx509ctx, HX509_SELECT_ALL, NULL,
+ &a->supportedCMSTypes->val,
+ &a->supportedCMSTypes->len);
+ if (ret)
+ return ret;
+ }
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_mk_ContentInfo(krb5_context context,
+ const krb5_data *buf,
+ const heim_oid *oid,
+ struct ContentInfo *content_info)
+{
+ krb5_error_code ret;
+
+ ret = der_copy_oid(oid, &content_info->contentType);
+ if (ret)
+ return ret;
+ ALLOC(content_info->content, 1);
+ if (content_info->content == NULL)
+ return ENOMEM;
+ content_info->content->data = malloc(buf->length);
+ if (content_info->content->data == NULL)
+ return ENOMEM;
+ memcpy(content_info->content->data, buf->data, buf->length);
+ content_info->content->length = buf->length;
+ return 0;
+}
+
+static krb5_error_code
+pk_mk_padata(krb5_context context,
+ krb5_pk_init_ctx ctx,
+ const KDC_REQ_BODY *req_body,
+ unsigned nonce,
+ METHOD_DATA *md)
+{
+ struct ContentInfo content_info;
+ krb5_error_code ret;
+ const heim_oid *oid;
+ size_t size;
+ krb5_data buf, sd_buf;
+ int pa_type;
+
+ krb5_data_zero(&buf);
+ krb5_data_zero(&sd_buf);
+ memset(&content_info, 0, sizeof(content_info));
+
+ if (ctx->type == COMPAT_WIN2K) {
+ AuthPack_Win2k ap;
+ krb5_timestamp sec;
+ int32_t usec;
+
+ memset(&ap, 0, sizeof(ap));
+
+ /* fill in PKAuthenticator */
+ ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName);
+ if (ret) {
+ free_AuthPack_Win2k(&ap);
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm);
+ if (ret) {
+ free_AuthPack_Win2k(&ap);
+ krb5_clear_error_string(context);
+ goto out;
+ }
+
+ krb5_us_timeofday(context, &sec, &usec);
+ ap.pkAuthenticator.ctime = sec;
+ ap.pkAuthenticator.cusec = usec;
+ ap.pkAuthenticator.nonce = nonce;
+
+ ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length,
+ &ap, &size, ret);
+ free_AuthPack_Win2k(&ap);
+ if (ret) {
+ krb5_set_error_string(context, "AuthPack_Win2k: %d", ret);
+ goto out;
+ }
+ if (buf.length != size)
+ krb5_abortx(context, "internal ASN1 encoder error");
+
+ oid = oid_id_pkcs7_data();
+ } else if (ctx->type == COMPAT_IETF) {
+ AuthPack ap;
+
+ memset(&ap, 0, sizeof(ap));
+
+ ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap);
+ if (ret) {
+ free_AuthPack(&ap);
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
+ free_AuthPack(&ap);
+ if (ret) {
+ krb5_set_error_string(context, "AuthPack: %d", ret);
+ goto out;
+ }
+ if (buf.length != size)
+ krb5_abortx(context, "internal ASN1 encoder error");
+
+ oid = oid_id_pkauthdata();
+ } else
+ krb5_abortx(context, "internal pkinit error");
+
+ ret = _krb5_pk_create_sign(context,
+ oid,
+ &buf,
+ ctx->id,
+ ctx->peer,
+ &sd_buf);
+ krb5_data_free(&buf);
+ if (ret)
+ goto out;
+
+ ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf);
+ krb5_data_free(&sd_buf);
+ if (ret) {
+ krb5_set_error_string(context,
+ "ContentInfo wrapping of signedData failed");
+ goto out;
+ }
+
+ if (ctx->type == COMPAT_WIN2K) {
+ PA_PK_AS_REQ_Win2k winreq;
+
+ pa_type = KRB5_PADATA_PK_AS_REQ_WIN;
+
+ memset(&winreq, 0, sizeof(winreq));
+
+ winreq.signed_auth_pack = buf;
+
+ ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length,
+ &winreq, &size, ret);
+ free_PA_PK_AS_REQ_Win2k(&winreq);
+
+ } else if (ctx->type == COMPAT_IETF) {
+ PA_PK_AS_REQ req;
+
+ pa_type = KRB5_PADATA_PK_AS_REQ;
+
+ memset(&req, 0, sizeof(req));
+ req.signedAuthPack = buf;
+
+ if (ctx->trustedCertifiers) {
+
+ req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers));
+ if (req.trustedCertifiers == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ free_PA_PK_AS_REQ(&req);
+ goto out;
+ }
+ ret = build_edi(context, ctx->id->hx509ctx,
+ ctx->id->anchors, req.trustedCertifiers);
+ if (ret) {
+ krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers");
+ free_PA_PK_AS_REQ(&req);
+ goto out;
+ }
+ }
+ req.kdcPkId = NULL;
+
+ ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length,
+ &req, &size, ret);
+
+ free_PA_PK_AS_REQ(&req);
+
+ } else
+ krb5_abortx(context, "internal pkinit error");
+ if (ret) {
+ krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret);
+ goto out;
+ }
+ if (buf.length != size)
+ krb5_abortx(context, "Internal ASN1 encoder error");
+
+ ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length);
+ if (ret)
+ free(buf.data);
+
+ if (ret == 0 && ctx->type == COMPAT_WIN2K)
+ krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
+
+out:
+ free_ContentInfo(&content_info);
+
+ return ret;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_mk_padata(krb5_context context,
+ void *c,
+ const KDC_REQ_BODY *req_body,
+ unsigned nonce,
+ METHOD_DATA *md)
+{
+ krb5_pk_init_ctx ctx = c;
+ int win2k_compat;
+
+ win2k_compat = krb5_config_get_bool_default(context, NULL,
+ FALSE,
+ "realms",
+ req_body->realm,
+ "pkinit_win2k",
+ NULL);
+
+ if (win2k_compat) {
+ ctx->require_binding =
+ krb5_config_get_bool_default(context, NULL,
+ FALSE,
+ "realms",
+ req_body->realm,
+ "pkinit_win2k_require_binding",
+ NULL);
+ ctx->type = COMPAT_WIN2K;
+ } else
+ ctx->type = COMPAT_IETF;
+
+ ctx->require_eku =
+ krb5_config_get_bool_default(context, NULL,
+ TRUE,
+ "realms",
+ req_body->realm,
+ "pkinit_require_eku",
+ NULL);
+ ctx->require_krbtgt_otherName =
+ krb5_config_get_bool_default(context, NULL,
+ TRUE,
+ "realms",
+ req_body->realm,
+ "pkinit_require_krbtgt_otherName",
+ NULL);
+
+ ctx->require_hostname_match =
+ krb5_config_get_bool_default(context, NULL,
+ FALSE,
+ "realms",
+ req_body->realm,
+ "pkinit_require_hostname_match",
+ NULL);
+
+ ctx->trustedCertifiers =
+ krb5_config_get_bool_default(context, NULL,
+ TRUE,
+ "realms",
+ req_body->realm,
+ "pkinit_trustedCertifiers",
+ NULL);
+
+ return pk_mk_padata(context, ctx, req_body, nonce, md);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_verify_sign(krb5_context context,
+ const void *data,
+ size_t length,
+ struct krb5_pk_identity *id,
+ heim_oid *contentType,
+ krb5_data *content,
+ struct krb5_pk_cert **signer)
+{
+ hx509_certs signer_certs;
+ int ret;
+
+ *signer = NULL;
+
+ ret = hx509_cms_verify_signed(id->hx509ctx,
+ id->verify_ctx,
+ data,
+ length,
+ NULL,
+ id->certpool,
+ contentType,
+ content,
+ &signer_certs);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "CMS verify signed failed");
+ return ret;
+ }
+
+ *signer = calloc(1, sizeof(**signer));
+ if (*signer == NULL) {
+ krb5_clear_error_string(context);
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed to get on of the signer certs");
+ goto out;
+ }
+
+out:
+ hx509_certs_free(&signer_certs);
+ if (ret) {
+ if (*signer) {
+ hx509_cert_free((*signer)->cert);
+ free(*signer);
+ *signer = NULL;
+ }
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+get_reply_key_win(krb5_context context,
+ const krb5_data *content,
+ unsigned nonce,
+ krb5_keyblock **key)
+{
+ ReplyKeyPack_Win2k key_pack;
+ krb5_error_code ret;
+ size_t size;
+
+ ret = decode_ReplyKeyPack_Win2k(content->data,
+ content->length,
+ &key_pack,
+ &size);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT decoding reply key failed");
+ free_ReplyKeyPack_Win2k(&key_pack);
+ return ret;
+ }
+
+ if (key_pack.nonce != nonce) {
+ krb5_set_error_string(context, "PKINIT enckey nonce is wrong");
+ free_ReplyKeyPack_Win2k(&key_pack);
+ return KRB5KRB_AP_ERR_MODIFIED;
+ }
+
+ *key = malloc (sizeof (**key));
+ if (*key == NULL) {
+ krb5_set_error_string(context, "PKINIT failed allocating reply key");
+ free_ReplyKeyPack_Win2k(&key_pack);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = copy_EncryptionKey(&key_pack.replyKey, *key);
+ free_ReplyKeyPack_Win2k(&key_pack);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT failed copying reply key");
+ free(*key);
+ *key = NULL;
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+get_reply_key(krb5_context context,
+ const krb5_data *content,
+ const krb5_data *req_buffer,
+ krb5_keyblock **key)
+{
+ ReplyKeyPack key_pack;
+ krb5_error_code ret;
+ size_t size;
+
+ ret = decode_ReplyKeyPack(content->data,
+ content->length,
+ &key_pack,
+ &size);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT decoding reply key failed");
+ free_ReplyKeyPack(&key_pack);
+ return ret;
+ }
+
+ {
+ krb5_crypto crypto;
+
+ /*
+ * XXX Verify kp.replyKey is a allowed enctype in the
+ * configuration file
+ */
+
+ ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto);
+ if (ret) {
+ free_ReplyKeyPack(&key_pack);
+ return ret;
+ }
+
+ ret = krb5_verify_checksum(context, crypto, 6,
+ req_buffer->data, req_buffer->length,
+ &key_pack.asChecksum);
+ krb5_crypto_destroy(context, crypto);
+ if (ret) {
+ free_ReplyKeyPack(&key_pack);
+ return ret;
+ }
+ }
+
+ *key = malloc (sizeof (**key));
+ if (*key == NULL) {
+ krb5_set_error_string(context, "PKINIT failed allocating reply key");
+ free_ReplyKeyPack(&key_pack);
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = copy_EncryptionKey(&key_pack.replyKey, *key);
+ free_ReplyKeyPack(&key_pack);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT failed copying reply key");
+ free(*key);
+ *key = NULL;
+ }
+
+ return ret;
+}
+
+
+static krb5_error_code
+pk_verify_host(krb5_context context,
+ const char *realm,
+ const krb5_krbhst_info *hi,
+ struct krb5_pk_init_ctx_data *ctx,
+ struct krb5_pk_cert *host)
+{
+ krb5_error_code ret = 0;
+
+ if (ctx->require_eku) {
+ ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
+ oid_id_pkkdcekuoid(), 0);
+ if (ret) {
+ krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate");
+ return ret;
+ }
+ }
+ if (ctx->require_krbtgt_otherName) {
+ hx509_octet_string_list list;
+ int i;
+
+ ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx,
+ host->cert,
+ oid_id_pkinit_san(),
+ &list);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to find the PK-INIT "
+ "subjectAltName in the KDC certificate");
+
+ return ret;
+ }
+
+ for (i = 0; i < list.len; i++) {
+ KRB5PrincipalName r;
+
+ ret = decode_KRB5PrincipalName(list.val[i].data,
+ list.val[i].length,
+ &r,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode the PK-INIT "
+ "subjectAltName in the KDC certificate");
+
+ break;
+ }
+
+ if (r.principalName.name_string.len != 2 ||
+ strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 ||
+ strcmp(r.principalName.name_string.val[1], realm) != 0 ||
+ strcmp(r.realm, realm) != 0)
+ {
+ krb5_set_error_string(context, "KDC have wrong realm name in "
+ "the certificate");
+ ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
+ }
+
+ free_KRB5PrincipalName(&r);
+ if (ret)
+ break;
+ }
+ hx509_free_octet_string_list(&list);
+ }
+ if (ret)
+ return ret;
+
+ if (hi) {
+ ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert,
+ ctx->require_hostname_match,
+ HX509_HN_HOSTNAME,
+ hi->hostname,
+ hi->ai->ai_addr, hi->ai->ai_addrlen);
+
+ if (ret)
+ krb5_set_error_string(context, "Address mismatch in "
+ "the KDC certificate");
+ }
+ return ret;
+}
+
+static krb5_error_code
+pk_rd_pa_reply_enckey(krb5_context context,
+ int type,
+ const heim_octet_string *indata,
+ const heim_oid *dataType,
+ const char *realm,
+ krb5_pk_init_ctx ctx,
+ krb5_enctype etype,
+ const krb5_krbhst_info *hi,
+ unsigned nonce,
+ const krb5_data *req_buffer,
+ PA_DATA *pa,
+ krb5_keyblock **key)
+{
+ krb5_error_code ret;
+ struct krb5_pk_cert *host = NULL;
+ krb5_data content;
+ heim_oid contentType = { 0, NULL };
+
+ if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) {
+ krb5_set_error_string(context, "PKINIT: Invalid content type");
+ return EINVAL;
+ }
+
+ ret = hx509_cms_unenvelope(ctx->id->hx509ctx,
+ ctx->id->certs,
+ HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT,
+ indata->data,
+ indata->length,
+ NULL,
+ &contentType,
+ &content);
+ if (ret) {
+ _krb5_pk_copy_error(context, ctx->id->hx509ctx, ret,
+ "Failed to unenvelope CMS data in PK-INIT reply");
+ return ret;
+ }
+ der_free_oid(&contentType);
+
+#if 0 /* windows LH with interesting CMS packets, leaks memory */
+ {
+ size_t ph = 1 + der_length_len (length);
+ unsigned char *ptr = malloc(length + ph);
+ size_t l;
+
+ memcpy(ptr + ph, p, length);
+
+ ret = der_put_length_and_tag (ptr + ph - 1, ph, length,
+ ASN1_C_UNIV, CONS, UT_Sequence, &l);
+ if (ret)
+ return ret;
+ ptr += ph - l;
+ length += l;
+ p = ptr;
+ }
+#endif
+
+ /* win2k uses ContentInfo */
+ if (type == COMPAT_WIN2K) {
+ heim_oid type;
+ heim_octet_string out;
+
+ ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
+ if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) {
+ ret = EINVAL; /* XXX */
+ krb5_set_error_string(context, "PKINIT: Invalid content type");
+ der_free_oid(&type);
+ der_free_octet_string(&out);
+ goto out;
+ }
+ der_free_oid(&type);
+ krb5_data_free(&content);
+ ret = krb5_data_copy(&content, out.data, out.length);
+ der_free_octet_string(&out);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT: out of memory");
+ goto out;
+ }
+ }
+
+ ret = _krb5_pk_verify_sign(context,
+ content.data,
+ content.length,
+ ctx->id,
+ &contentType,
+ &content,
+ &host);
+ if (ret)
+ goto out;
+
+ /* make sure that it is the kdc's certificate */
+ ret = pk_verify_host(context, realm, hi, ctx, host);
+ if (ret) {
+ goto out;
+ }
+
+#if 0
+ if (type == COMPAT_WIN2K) {
+ if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
+ krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ goto out;
+ }
+ } else {
+ if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) {
+ krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ goto out;
+ }
+ }
+#endif
+
+ switch(type) {
+ case COMPAT_WIN2K:
+ ret = get_reply_key(context, &content, req_buffer, key);
+ if (ret != 0 && ctx->require_binding == 0)
+ ret = get_reply_key_win(context, &content, nonce, key);
+ break;
+ case COMPAT_IETF:
+ ret = get_reply_key(context, &content, req_buffer, key);
+ break;
+ }
+ if (ret)
+ goto out;
+
+ /* XXX compare given etype with key->etype */
+
+ out:
+ if (host)
+ _krb5_pk_cert_free(host);
+ der_free_oid(&contentType);
+ krb5_data_free(&content);
+
+ return ret;
+}
+
+static krb5_error_code
+pk_rd_pa_reply_dh(krb5_context context,
+ const heim_octet_string *indata,
+ const heim_oid *dataType,
+ const char *realm,
+ krb5_pk_init_ctx ctx,
+ krb5_enctype etype,
+ const krb5_krbhst_info *hi,
+ const DHNonce *c_n,
+ const DHNonce *k_n,
+ unsigned nonce,
+ PA_DATA *pa,
+ krb5_keyblock **key)
+{
+ unsigned char *p, *dh_gen_key = NULL;
+ struct krb5_pk_cert *host = NULL;
+ BIGNUM *kdc_dh_pubkey = NULL;
+ KDCDHKeyInfo kdc_dh_info;
+ heim_oid contentType = { 0, NULL };
+ krb5_data content;
+ krb5_error_code ret;
+ int dh_gen_keylen;
+ size_t size;
+
+ krb5_data_zero(&content);
+ memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
+
+ if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) {
+ krb5_set_error_string(context, "PKINIT: Invalid content type");
+ return EINVAL;
+ }
+
+ ret = _krb5_pk_verify_sign(context,
+ indata->data,
+ indata->length,
+ ctx->id,
+ &contentType,
+ &content,
+ &host);
+ if (ret)
+ goto out;
+
+ /* make sure that it is the kdc's certificate */
+ ret = pk_verify_host(context, realm, hi, ctx, host);
+ if (ret)
+ goto out;
+
+ if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
+ krb5_set_error_string(context, "pkinit - dh reply contains wrong oid");
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ goto out;
+ }
+
+ ret = decode_KDCDHKeyInfo(content.data,
+ content.length,
+ &kdc_dh_info,
+ &size);
+
+ if (ret) {
+ krb5_set_error_string(context, "pkinit - "
+ "failed to decode KDC DH Key Info");
+ goto out;
+ }
+
+ if (kdc_dh_info.nonce != nonce) {
+ krb5_set_error_string(context, "PKINIT: DH nonce is wrong");
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto out;
+ }
+
+ if (kdc_dh_info.dhKeyExpiration) {
+ if (k_n == NULL) {
+ krb5_set_error_string(context, "pkinit; got key expiration "
+ "without server nonce");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ if (c_n == NULL) {
+ krb5_set_error_string(context, "pkinit; got DH reuse but no "
+ "client nonce");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ } else {
+ if (k_n) {
+ krb5_set_error_string(context, "pkinit: got server nonce "
+ "without key expiration");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ c_n = NULL;
+ }
+
+
+ p = kdc_dh_info.subjectPublicKey.data;
+ size = (kdc_dh_info.subjectPublicKey.length + 7) / 8;
+
+ {
+ DHPublicKey k;
+ ret = decode_DHPublicKey(p, size, &k, NULL);
+ if (ret) {
+ krb5_set_error_string(context, "pkinit: can't decode "
+ "without key expiration");
+ goto out;
+ }
+
+ kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
+ free_DHPublicKey(&k);
+ if (kdc_dh_pubkey == NULL) {
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+ }
+
+ dh_gen_keylen = DH_size(ctx->dh);
+ size = BN_num_bytes(ctx->dh->p);
+ if (size < dh_gen_keylen)
+ size = dh_gen_keylen;
+
+ dh_gen_key = malloc(size);
+ if (dh_gen_key == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ memset(dh_gen_key, 0, size - dh_gen_keylen);
+
+ dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
+ kdc_dh_pubkey, ctx->dh);
+ if (dh_gen_keylen == -1) {
+ krb5_set_error_string(context,
+ "PKINIT: Can't compute Diffie-Hellman key");
+ ret = KRB5KRB_ERR_GENERIC;
+ goto out;
+ }
+
+ *key = malloc (sizeof (**key));
+ if (*key == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = _krb5_pk_octetstring2key(context,
+ etype,
+ dh_gen_key, dh_gen_keylen,
+ c_n, k_n,
+ *key);
+ if (ret) {
+ krb5_set_error_string(context,
+ "PKINIT: can't create key from DH key");
+ free(*key);
+ *key = NULL;
+ goto out;
+ }
+
+ out:
+ if (kdc_dh_pubkey)
+ BN_free(kdc_dh_pubkey);
+ if (dh_gen_key) {
+ memset(dh_gen_key, 0, DH_size(ctx->dh));
+ free(dh_gen_key);
+ }
+ if (host)
+ _krb5_pk_cert_free(host);
+ if (content.data)
+ krb5_data_free(&content);
+ der_free_oid(&contentType);
+ free_KDCDHKeyInfo(&kdc_dh_info);
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_rd_pa_reply(krb5_context context,
+ const char *realm,
+ void *c,
+ krb5_enctype etype,
+ const krb5_krbhst_info *hi,
+ unsigned nonce,
+ const krb5_data *req_buffer,
+ PA_DATA *pa,
+ krb5_keyblock **key)
+{
+ krb5_pk_init_ctx ctx = c;
+ krb5_error_code ret;
+ size_t size;
+
+ /* Check for IETF PK-INIT first */
+ if (ctx->type == COMPAT_IETF) {
+ PA_PK_AS_REP rep;
+ heim_octet_string os, data;
+ heim_oid oid;
+
+ if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
+ krb5_set_error_string(context, "PKINIT: wrong padata recv");
+ return EINVAL;
+ }
+
+ ret = decode_PA_PK_AS_REP(pa->padata_value.data,
+ pa->padata_value.length,
+ &rep,
+ &size);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode pkinit AS rep");
+ return ret;
+ }
+
+ switch (rep.element) {
+ case choice_PA_PK_AS_REP_dhInfo:
+ os = rep.u.dhInfo.dhSignedData;
+ break;
+ case choice_PA_PK_AS_REP_encKeyPack:
+ os = rep.u.encKeyPack;
+ break;
+ default:
+ free_PA_PK_AS_REP(&rep);
+ krb5_set_error_string(context, "PKINIT: -27 reply "
+ "invalid content type");
+ return EINVAL;
+ }
+
+ ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
+ if (ret) {
+ free_PA_PK_AS_REP(&rep);
+ krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
+ return ret;
+ }
+
+ switch (rep.element) {
+ case choice_PA_PK_AS_REP_dhInfo:
+ ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi,
+ ctx->clientDHNonce,
+ rep.u.dhInfo.serverDHNonce,
+ nonce, pa, key);
+ break;
+ case choice_PA_PK_AS_REP_encKeyPack:
+ ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm,
+ ctx, etype, hi, nonce, req_buffer, pa, key);
+ break;
+ default:
+ krb5_abortx(context, "pk-init as-rep case not possible to happen");
+ }
+ der_free_octet_string(&data);
+ der_free_oid(&oid);
+ free_PA_PK_AS_REP(&rep);
+
+ } else if (ctx->type == COMPAT_WIN2K) {
+ PA_PK_AS_REP_Win2k w2krep;
+
+ /* Check for Windows encoding of the AS-REP pa data */
+
+#if 0 /* should this be ? */
+ if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
+ krb5_set_error_string(context, "PKINIT: wrong padata recv");
+ return EINVAL;
+ }
+#endif
+
+ memset(&w2krep, 0, sizeof(w2krep));
+
+ ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data,
+ pa->padata_value.length,
+ &w2krep,
+ &size);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT: Failed decoding windows "
+ "pkinit reply %d", ret);
+ return ret;
+ }
+
+ krb5_clear_error_string(context);
+
+ switch (w2krep.element) {
+ case choice_PA_PK_AS_REP_Win2k_encKeyPack: {
+ heim_octet_string data;
+ heim_oid oid;
+
+ ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack,
+ &oid, &data, NULL);
+ free_PA_PK_AS_REP_Win2k(&w2krep);
+ if (ret) {
+ krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
+ return ret;
+ }
+
+ ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm,
+ ctx, etype, hi, nonce, req_buffer, pa, key);
+ der_free_octet_string(&data);
+ der_free_oid(&oid);
+
+ break;
+ }
+ default:
+ free_PA_PK_AS_REP_Win2k(&w2krep);
+ krb5_set_error_string(context, "PKINIT: win2k reply invalid "
+ "content type");
+ ret = EINVAL;
+ break;
+ }
+
+ } else {
+ krb5_set_error_string(context, "PKINIT: unknown reply type");
+ ret = EINVAL;
+ }
+
+ return ret;
+}
+
+struct prompter {
+ krb5_context context;
+ krb5_prompter_fct prompter;
+ void *prompter_data;
+};
+
+static int
+hx_pass_prompter(void *data, const hx509_prompt *prompter)
+{
+ krb5_error_code ret;
+ krb5_prompt prompt;
+ krb5_data password_data;
+ struct prompter *p = data;
+
+ password_data.data = prompter->reply.data;
+ password_data.length = prompter->reply.length;
+
+ prompt.prompt = prompter->prompt;
+ prompt.hidden = hx509_prompt_hidden(prompter->type);
+ prompt.reply = &password_data;
+
+ switch (prompter->type) {
+ case HX509_PROMPT_TYPE_INFO:
+ prompt.type = KRB5_PROMPT_TYPE_INFO;
+ break;
+ case HX509_PROMPT_TYPE_PASSWORD:
+ case HX509_PROMPT_TYPE_QUESTION:
+ default:
+ prompt.type = KRB5_PROMPT_TYPE_PASSWORD;
+ break;
+ }
+
+ ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt);
+ if (ret) {
+ memset (prompter->reply.data, 0, prompter->reply.length);
+ return 1;
+ }
+ return 0;
+}
+
+
+void KRB5_LIB_FUNCTION
+_krb5_pk_allow_proxy_certificate(struct krb5_pk_identity *id,
+ int boolean)
+{
+ hx509_verify_set_proxy_certificate(id->verify_ctx, boolean);
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_pk_load_id(krb5_context context,
+ struct krb5_pk_identity **ret_id,
+ const char *user_id,
+ const char *anchor_id,
+ char * const *chain_list,
+ char * const *revoke_list,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ char *password)
+{
+ struct krb5_pk_identity *id = NULL;
+ hx509_lock lock = NULL;
+ struct prompter p;
+ int ret;
+
+ *ret_id = NULL;
+
+ if (anchor_id == NULL) {
+ krb5_set_error_string(context, "PKINIT: No anchor given");
+ return HEIM_PKINIT_NO_VALID_CA;
+ }
+
+ if (user_id == NULL) {
+ krb5_set_error_string(context,
+ "PKINIT: No user certificate given");
+ return HEIM_PKINIT_NO_PRIVATE_KEY;
+ }
+
+ /* load cert */
+
+ id = calloc(1, sizeof(*id));
+ if (id == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = hx509_context_init(&id->hx509ctx);
+ if (ret)
+ goto out;
+
+ ret = hx509_lock_init(id->hx509ctx, &lock);
+ if (password && password[0])
+ hx509_lock_add_password(lock, password);
+
+ if (prompter) {
+ p.context = context;
+ p.prompter = prompter;
+ p.prompter_data = prompter_data;
+
+ ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p);
+ if (ret)
+ goto out;
+ }
+
+ ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed to init cert certs");
+ goto out;
+ }
+
+ ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed to init anchors");
+ goto out;
+ }
+
+ ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain",
+ 0, NULL, &id->certpool);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed to init chain");
+ goto out;
+ }
+
+ while (chain_list && *chain_list) {
+ ret = hx509_certs_append(id->hx509ctx, id->certpool,
+ NULL, *chain_list);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed to laod chain %s",
+ *chain_list);
+ goto out;
+ }
+ chain_list++;
+ }
+
+ if (revoke_list) {
+ ret = hx509_revoke_init(id->hx509ctx, &id->revokectx);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed init revoke list");
+ goto out;
+ }
+
+ while (*revoke_list) {
+ ret = hx509_revoke_add_crl(id->hx509ctx,
+ id->revokectx,
+ *revoke_list);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed load revoke list");
+ goto out;
+ }
+ revoke_list++;
+ }
+ } else
+ hx509_context_set_missing_revoke(id->hx509ctx, 1);
+
+ ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
+ if (ret) {
+ _krb5_pk_copy_error(context, id->hx509ctx, ret,
+ "Failed init verify context");
+ goto out;
+ }
+
+ hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
+ hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
+
+out:
+ if (ret) {
+ hx509_verify_destroy_ctx(id->verify_ctx);
+ hx509_certs_free(&id->certs);
+ hx509_certs_free(&id->anchors);
+ hx509_certs_free(&id->certpool);
+ hx509_revoke_free(&id->revokectx);
+ hx509_context_free(&id->hx509ctx);
+ free(id);
+ } else
+ *ret_id = id;
+
+ hx509_lock_free(lock);
+
+ return ret;
+}
+
+static krb5_error_code
+select_dh_group(krb5_context context, DH *dh, unsigned long bits,
+ struct krb5_dh_moduli **moduli)
+{
+ const struct krb5_dh_moduli *m;
+
+ if (bits == 0) {
+ m = moduli[1]; /* XXX */
+ if (m == NULL)
+ m = moduli[0]; /* XXX */
+ } else {
+ int i;
+ for (i = 0; moduli[i] != NULL; i++) {
+ if (bits < moduli[i]->bits)
+ break;
+ }
+ if (moduli[i] == NULL) {
+ krb5_set_error_string(context,
+ "Did not find a DH group parameter "
+ "matching requirement of %lu bits",
+ bits);
+ return EINVAL;
+ }
+ m = moduli[i];
+ }
+
+ dh->p = integer_to_BN(context, "p", &m->p);
+ if (dh->p == NULL)
+ return ENOMEM;
+ dh->g = integer_to_BN(context, "g", &m->g);
+ if (dh->g == NULL)
+ return ENOMEM;
+ dh->q = integer_to_BN(context, "q", &m->q);
+ if (dh->q == NULL)
+ return ENOMEM;
+
+ return 0;
+}
+
+#endif /* PKINIT */
+
+static int
+parse_integer(krb5_context context, char **p, const char *file, int lineno,
+ const char *name, heim_integer *integer)
+{
+ int ret;
+ char *p1;
+ p1 = strsep(p, " \t");
+ if (p1 == NULL) {
+ krb5_set_error_string(context, "moduli file %s missing %s on line %d",
+ file, name, lineno);
+ return EINVAL;
+ }
+ ret = der_parse_hex_heim_integer(p1, integer);
+ if (ret) {
+ krb5_set_error_string(context, "moduli file %s failed parsing %s "
+ "on line %d",
+ file, name, lineno);
+ return ret;
+ }
+
+ return 0;
+}
+
+krb5_error_code
+_krb5_parse_moduli_line(krb5_context context,
+ const char *file,
+ int lineno,
+ char *p,
+ struct krb5_dh_moduli **m)
+{
+ struct krb5_dh_moduli *m1;
+ char *p1;
+ int ret;
+
+ *m = NULL;
+
+ m1 = calloc(1, sizeof(*m1));
+ if (m1 == NULL) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ return ENOMEM;
+ }
+
+ while (isspace((unsigned char)*p))
+ p++;
+ if (*p == '#')
+ return 0;
+ ret = EINVAL;
+
+ p1 = strsep(&p, " \t");
+ if (p1 == NULL) {
+ krb5_set_error_string(context, "moduli file %s missing name "
+ "on line %d", file, lineno);
+ goto out;
+ }
+ m1->name = strdup(p1);
+ if (p1 == NULL) {
+ krb5_set_error_string(context, "malloc - out of memeory");
+ ret = ENOMEM;
+ goto out;
+ }
+
+ p1 = strsep(&p, " \t");
+ if (p1 == NULL) {
+ krb5_set_error_string(context, "moduli file %s missing bits on line %d",
+ file, lineno);
+ goto out;
+ }
+
+ m1->bits = atoi(p1);
+ if (m1->bits == 0) {
+ krb5_set_error_string(context, "moduli file %s have un-parsable "
+ "bits on line %d", file, lineno);
+ goto out;
+ }
+
+ ret = parse_integer(context, &p, file, lineno, "p", &m1->p);
+ if (ret)
+ goto out;
+ ret = parse_integer(context, &p, file, lineno, "g", &m1->g);
+ if (ret)
+ goto out;
+ ret = parse_integer(context, &p, file, lineno, "q", &m1->q);
+ if (ret)
+ goto out;
+
+ *m = m1;
+
+ return 0;
+out:
+ free(m1->name);
+ der_free_heim_integer(&m1->p);
+ der_free_heim_integer(&m1->g);
+ der_free_heim_integer(&m1->q);
+ free(m1);
+ return ret;
+}
+
+void
+_krb5_free_moduli(struct krb5_dh_moduli **moduli)
+{
+ int i;
+ for (i = 0; moduli[i] != NULL; i++) {
+ free(moduli[i]->name);
+ der_free_heim_integer(&moduli[i]->p);
+ der_free_heim_integer(&moduli[i]->g);
+ der_free_heim_integer(&moduli[i]->q);
+ free(moduli[i]);
+ }
+ free(moduli);
+}
+
+static const char *default_moduli_RFC2412_MODP_group2 =
+ /* name */
+ "RFC2412-MODP-group2 "
+ /* bits */
+ "1024 "
+ /* p */
+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
+ "FFFFFFFF" "FFFFFFFF "
+ /* g */
+ "02 "
+ /* q */
+ "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
+ "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
+ "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
+ "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
+ "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
+ "FFFFFFFF" "FFFFFFFF";
+
+static const char *default_moduli_rfc3526_MODP_group14 =
+ /* name */
+ "rfc3526-MODP-group14 "
+ /* bits */
+ "1760 "
+ /* p */
+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
+ "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
+ "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
+ "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
+ "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
+ "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
+ "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
+ /* g */
+ "02 "
+ /* q */
+ "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
+ "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
+ "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
+ "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
+ "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
+ "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
+ "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
+ "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
+ "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
+ "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
+ "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
+
+krb5_error_code
+_krb5_parse_moduli(krb5_context context, const char *file,
+ struct krb5_dh_moduli ***moduli)
+{
+ /* name bits P G Q */
+ krb5_error_code ret;
+ struct krb5_dh_moduli **m = NULL, **m2;
+ char buf[4096];
+ FILE *f;
+ int lineno = 0, n = 0;
+
+ *moduli = NULL;
+
+ m = calloc(1, sizeof(m[0]) * 3);
+ if (m == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
+ ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
+ if (ret) {
+ _krb5_free_moduli(m);
+ return ret;
+ }
+ n++;
+
+ strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
+ ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
+ if (ret) {
+ _krb5_free_moduli(m);
+ return ret;
+ }
+ n++;
+
+
+ if (file == NULL)
+ file = MODULI_FILE;
+
+ f = fopen(file, "r");
+ if (f == NULL) {
+ *moduli = m;
+ return 0;
+ }
+
+ while(fgets(buf, sizeof(buf), f) != NULL) {
+ struct krb5_dh_moduli *element;
+
+ buf[strcspn(buf, "\n")] = '\0';
+ lineno++;
+
+ m2 = realloc(m, (n + 2) * sizeof(m[0]));
+ if (m2 == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ _krb5_free_moduli(m);
+ return ENOMEM;
+ }
+ m = m2;
+
+ m[n] = NULL;
+
+ ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element);
+ if (ret) {
+ _krb5_free_moduli(m);
+ return ret;
+ }
+ if (element == NULL)
+ continue;
+
+ m[n] = element;
+ m[n + 1] = NULL;
+ n++;
+ }
+ *moduli = m;
+ return 0;
+}
+
+krb5_error_code
+_krb5_dh_group_ok(krb5_context context, unsigned long bits,
+ heim_integer *p, heim_integer *g, heim_integer *q,
+ struct krb5_dh_moduli **moduli,
+ char **name)
+{
+ int i;
+
+ if (name)
+ *name = NULL;
+
+ for (i = 0; moduli[i] != NULL; i++) {
+ if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
+ der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
+ (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0))
+ {
+ if (bits && bits > moduli[i]->bits) {
+ krb5_set_error_string(context, "PKINIT: DH group parameter %s "
+ "no accepted, not enough bits generated",
+ moduli[i]->name);
+ return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
+ }
+ if (name)
+ *name = strdup(moduli[i]->name);
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "PKINIT: DH group parameter no ok");
+ return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
+}
+
+void KRB5_LIB_FUNCTION
+_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
+{
+#ifdef PKINIT
+ krb5_pk_init_ctx ctx;
+
+ if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL)
+ return;
+ ctx = opt->opt_private->pk_init_ctx;
+ if (ctx->dh)
+ DH_free(ctx->dh);
+ ctx->dh = NULL;
+ if (ctx->id) {
+ hx509_verify_destroy_ctx(ctx->id->verify_ctx);
+ hx509_certs_free(&ctx->id->certs);
+ hx509_certs_free(&ctx->id->anchors);
+ hx509_certs_free(&ctx->id->certpool);
+ hx509_context_free(&ctx->id->hx509ctx);
+
+ if (ctx->clientDHNonce) {
+ krb5_free_data(NULL, ctx->clientDHNonce);
+ ctx->clientDHNonce = NULL;
+ }
+ if (ctx->m)
+ _krb5_free_moduli(ctx->m);
+ free(ctx->id);
+ ctx->id = NULL;
+ }
+ free(opt->opt_private->pk_init_ctx);
+ opt->opt_private->pk_init_ctx = NULL;
+#endif
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_init_creds_opt_set_pkinit(krb5_context context,
+ krb5_get_init_creds_opt *opt,
+ krb5_principal principal,
+ const char *user_id,
+ const char *x509_anchors,
+ char * const * pool,
+ char * const * pki_revoke,
+ int flags,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ char *password)
+{
+#ifdef PKINIT
+ krb5_error_code ret;
+ char *anchors = NULL;
+
+ if (opt->opt_private == NULL) {
+ krb5_set_error_string(context, "PKINIT: on non extendable opt");
+ return EINVAL;
+ }
+
+ opt->opt_private->pk_init_ctx =
+ calloc(1, sizeof(*opt->opt_private->pk_init_ctx));
+ if (opt->opt_private->pk_init_ctx == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ opt->opt_private->pk_init_ctx->dh = NULL;
+ opt->opt_private->pk_init_ctx->id = NULL;
+ opt->opt_private->pk_init_ctx->clientDHNonce = NULL;
+ opt->opt_private->pk_init_ctx->require_binding = 0;
+ opt->opt_private->pk_init_ctx->require_eku = 1;
+ opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1;
+ opt->opt_private->pk_init_ctx->peer = NULL;
+
+ /* XXX implement krb5_appdefault_strings */
+ if (pool == NULL)
+ pool = krb5_config_get_strings(context, NULL,
+ "appdefaults",
+ "pkinit_pool",
+ NULL);
+
+ if (pki_revoke == NULL)
+ pki_revoke = krb5_config_get_strings(context, NULL,
+ "appdefaults",
+ "pkinit_revoke",
+ NULL);
+
+ if (x509_anchors == NULL) {
+ krb5_appdefault_string(context, "kinit",
+ krb5_principal_get_realm(context, principal),
+ "pkinit_anchors", NULL, &anchors);
+ x509_anchors = anchors;
+ }
+
+ ret = _krb5_pk_load_id(context,
+ &opt->opt_private->pk_init_ctx->id,
+ user_id,
+ x509_anchors,
+ pool,
+ pki_revoke,
+ prompter,
+ prompter_data,
+ password);
+ if (ret) {
+ free(opt->opt_private->pk_init_ctx);
+ opt->opt_private->pk_init_ctx = NULL;
+ return ret;
+ }
+
+ if ((flags & 2) == 0) {
+ const char *moduli_file;
+ unsigned long dh_min_bits;
+
+ moduli_file = krb5_config_get_string(context, NULL,
+ "libdefaults",
+ "moduli",
+ NULL);
+
+ dh_min_bits =
+ krb5_config_get_int_default(context, NULL, 0,
+ "libdefaults",
+ "pkinit_dh_min_bits",
+ NULL);
+
+ ret = _krb5_parse_moduli(context, moduli_file,
+ &opt->opt_private->pk_init_ctx->m);
+ if (ret) {
+ _krb5_get_init_creds_opt_free_pkinit(opt);
+ return ret;
+ }
+
+ opt->opt_private->pk_init_ctx->dh = DH_new();
+ if (opt->opt_private->pk_init_ctx->dh == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ _krb5_get_init_creds_opt_free_pkinit(opt);
+ return ENOMEM;
+ }
+
+ ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh,
+ dh_min_bits,
+ opt->opt_private->pk_init_ctx->m);
+ if (ret) {
+ _krb5_get_init_creds_opt_free_pkinit(opt);
+ return ret;
+ }
+
+ if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) {
+ krb5_set_error_string(context, "pkinit: failed to generate DH key");
+ _krb5_get_init_creds_opt_free_pkinit(opt);
+ return ENOMEM;
+ }
+ }
+
+ return 0;
+#else
+ krb5_set_error_string(context, "no support for PKINIT compiled in");
+ return EINVAL;
+#endif
+}
+
+/*
+ *
+ */
+
+static void
+_krb5_pk_copy_error(krb5_context context,
+ hx509_context hx509ctx,
+ int hxret,
+ const char *fmt,
+ ...)
+{
+ va_list va;
+ char *s, *f;
+
+ va_start(va, fmt);
+ vasprintf(&f, fmt, va);
+ va_end(va);
+ if (f == NULL) {
+ krb5_clear_error_string(context);
+ return;
+ }
+
+ s = hx509_get_error_string(hx509ctx, hxret);
+ if (s == NULL) {
+ krb5_clear_error_string(context);
+ free(f);
+ return;
+ }
+ krb5_set_error_string(context, "%s: %s", f, s);
+ free(s);
+ free(f);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/plugin.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/plugin.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/plugin.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,264 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: plugin.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+#include <dirent.h>
+
+struct krb5_plugin {
+ void *symbol;
+ void *dsohandle;
+ struct krb5_plugin *next;
+};
+
+struct plugin {
+ enum krb5_plugin_type type;
+ void *name;
+ void *symbol;
+ struct plugin *next;
+};
+
+static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER;
+static struct plugin *registered = NULL;
+
+static const char *plugin_dir = LIBDIR "/plugin/krb5";
+
+/*
+ *
+ */
+
+void *
+_krb5_plugin_get_symbol(struct krb5_plugin *p)
+{
+ return p->symbol;
+}
+
+struct krb5_plugin *
+_krb5_plugin_get_next(struct krb5_plugin *p)
+{
+ return p->next;
+}
+
+/*
+ *
+ */
+
+#ifdef HAVE_DLOPEN
+
+static krb5_error_code
+loadlib(krb5_context context,
+ enum krb5_plugin_type type,
+ const char *name,
+ const char *lib,
+ struct krb5_plugin **e)
+{
+ *e = calloc(1, sizeof(**e));
+ if (*e == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+
+#ifndef RTLD_LAZY
+#define RTLD_LAZY 0
+#endif
+
+ (*e)->dsohandle = dlopen(lib, RTLD_LAZY);
+ if ((*e)->dsohandle == NULL) {
+ free(*e);
+ *e = NULL;
+ krb5_set_error_string(context, "Failed to load %s: %s",
+ lib, dlerror());
+ return ENOMEM;
+ }
+
+ /* dlsym doesn't care about the type */
+ (*e)->symbol = dlsym((*e)->dsohandle, name);
+ if ((*e)->symbol == NULL) {
+ dlclose((*e)->dsohandle);
+ free(*e);
+ krb5_clear_error_string(context);
+ return ENOMEM;
+ }
+
+ return 0;
+}
+#endif /* HAVE_DLOPEN */
+
+/**
+ * Register a plugin symbol name of specific type.
+ * @param context a Keberos context
+ * @param type type of plugin symbol
+ * @param name name of plugin symbol
+ * @param symbol a pointer to the named symbol
+ * @return In case of error a non zero error com_err error is returned
+ * and the Kerberos error string is set.
+ *
+ * @ingroup krb5_support
+ */
+
+krb5_error_code
+krb5_plugin_register(krb5_context context,
+ enum krb5_plugin_type type,
+ const char *name,
+ void *symbol)
+{
+ struct plugin *e;
+
+ e = calloc(1, sizeof(*e));
+ if (e == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ e->type = type;
+ e->name = strdup(name);
+ if (e->name == NULL) {
+ free(e);
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ e->symbol = symbol;
+
+ HEIMDAL_MUTEX_lock(&plugin_mutex);
+ e->next = registered;
+ registered = e;
+ HEIMDAL_MUTEX_unlock(&plugin_mutex);
+
+ return 0;
+}
+
+krb5_error_code
+_krb5_plugin_find(krb5_context context,
+ enum krb5_plugin_type type,
+ const char *name,
+ struct krb5_plugin **list)
+{
+ struct krb5_plugin *e;
+ struct plugin *p;
+ krb5_error_code ret;
+ char *sysdirs[2] = { NULL, NULL };
+ char **dirs = NULL, **di;
+ struct dirent *entry;
+ char *path;
+ DIR *d = NULL;
+
+ *list = NULL;
+
+ HEIMDAL_MUTEX_lock(&plugin_mutex);
+
+ for (p = registered; p != NULL; p = p->next) {
+ if (p->type != type || strcmp(p->name, name) != 0)
+ continue;
+
+ e = calloc(1, sizeof(*e));
+ if (e == NULL) {
+ HEIMDAL_MUTEX_unlock(&plugin_mutex);
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ e->symbol = p->symbol;
+ e->dsohandle = NULL;
+ e->next = *list;
+ *list = e;
+ }
+ HEIMDAL_MUTEX_unlock(&plugin_mutex);
+
+#ifdef HAVE_DLOPEN
+
+ dirs = krb5_config_get_strings(context, NULL, "libdefaults",
+ "plugin_dir", NULL);
+ if (dirs == NULL) {
+ sysdirs[0] = rk_UNCONST(plugin_dir);
+ dirs = sysdirs;
+ }
+
+ for (di = dirs; *di != NULL; di++) {
+
+ d = opendir(*di);
+ if (d == NULL)
+ continue;
+
+ while ((entry = readdir(d)) != NULL) {
+ asprintf(&path, "%s/%s", *di, entry->d_name);
+ if (path == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = loadlib(context, type, name, path, &e);
+ free(path);
+ if (ret)
+ continue;
+
+ e->next = *list;
+ *list = e;
+ }
+ closedir(d);
+ }
+ if (dirs != sysdirs)
+ krb5_config_free_strings(dirs);
+#endif /* HAVE_DLOPEN */
+
+ if (*list == NULL) {
+ krb5_set_error_string(context, "Did not find a plugin for %s", name);
+ return ENOENT;
+ }
+
+ return 0;
+
+out:
+ if (dirs && dirs != sysdirs)
+ krb5_config_free_strings(dirs);
+ if (d)
+ closedir(d);
+ _krb5_plugin_free(*list);
+ *list = NULL;
+
+ return ret;
+}
+
+void
+_krb5_plugin_free(struct krb5_plugin *list)
+{
+ struct krb5_plugin *next;
+ while (list) {
+ next = list->next;
+ if (list->dsohandle)
+ dlclose(list->dsohandle);
+ free(list);
+ list = next;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/principal.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/principal.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/principal.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1254 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#ifdef HAVE_RES_SEARCH
+#define USE_RESOLVER
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#include <fnmatch.h>
+#include "resolve.h"
+
+RCSID("$Id: principal.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#define princ_num_comp(P) ((P)->name.name_string.len)
+#define princ_type(P) ((P)->name.name_type)
+#define princ_comp(P) ((P)->name.name_string.val)
+#define princ_ncomp(P, N) ((P)->name.name_string.val[(N)])
+#define princ_realm(P) ((P)->realm)
+
+void KRB5_LIB_FUNCTION
+krb5_free_principal(krb5_context context,
+ krb5_principal p)
+{
+ if(p){
+ free_Principal(p);
+ free(p);
+ }
+}
+
+void KRB5_LIB_FUNCTION
+krb5_principal_set_type(krb5_context context,
+ krb5_principal principal,
+ int type)
+{
+ princ_type(principal) = type;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_principal_get_type(krb5_context context,
+ krb5_const_principal principal)
+{
+ return princ_type(principal);
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_principal_get_realm(krb5_context context,
+ krb5_const_principal principal)
+{
+ return princ_realm(principal);
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_principal_get_comp_string(krb5_context context,
+ krb5_const_principal principal,
+ unsigned int component)
+{
+ if(component >= princ_num_comp(principal))
+ return NULL;
+ return princ_ncomp(principal, component);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name_flags(krb5_context context,
+ const char *name,
+ int flags,
+ krb5_principal *principal)
+{
+ krb5_error_code ret;
+ heim_general_string *comp;
+ heim_general_string realm = NULL;
+ int ncomp;
+
+ const char *p;
+ char *q;
+ char *s;
+ char *start;
+
+ int n;
+ char c;
+ int got_realm = 0;
+ int first_at = 1;
+ int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
+
+ *principal = NULL;
+
+#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
+
+ if ((flags & RFLAGS) == RFLAGS) {
+ krb5_set_error_string(context, "Can't require both realm and "
+ "no realm at the same time");
+ return KRB5_ERR_NO_SERVICE;
+ }
+#undef RFLAGS
+
+ /* count number of component,
+ * enterprise names only have one component
+ */
+ ncomp = 1;
+ if (!enterprise) {
+ for(p = name; *p; p++){
+ if(*p=='\\'){
+ if(!p[1]) {
+ krb5_set_error_string (context,
+ "trailing \\ in principal name");
+ return KRB5_PARSE_MALFORMED;
+ }
+ p++;
+ } else if(*p == '/')
+ ncomp++;
+ else if(*p == '@')
+ break;
+ }
+ }
+ comp = calloc(ncomp, sizeof(*comp));
+ if (comp == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ n = 0;
+ p = start = q = s = strdup(name);
+ if (start == NULL) {
+ free (comp);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ while(*p){
+ c = *p++;
+ if(c == '\\'){
+ c = *p++;
+ if(c == 'n')
+ c = '\n';
+ else if(c == 't')
+ c = '\t';
+ else if(c == 'b')
+ c = '\b';
+ else if(c == '0')
+ c = '\0';
+ else if(c == '\0') {
+ krb5_set_error_string (context,
+ "trailing \\ in principal name");
+ ret = KRB5_PARSE_MALFORMED;
+ goto exit;
+ }
+ }else if(enterprise && first_at) {
+ if (c == '@')
+ first_at = 0;
+ }else if((c == '/' && !enterprise) || c == '@'){
+ if(got_realm){
+ krb5_set_error_string (context,
+ "part after realm in principal name");
+ ret = KRB5_PARSE_MALFORMED;
+ goto exit;
+ }else{
+ comp[n] = malloc(q - start + 1);
+ if (comp[n] == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto exit;
+ }
+ memcpy(comp[n], start, q - start);
+ comp[n][q - start] = 0;
+ n++;
+ }
+ if(c == '@')
+ got_realm = 1;
+ start = q;
+ continue;
+ }
+ if(got_realm && (c == ':' || c == '/' || c == '\0')) {
+ krb5_set_error_string (context,
+ "part after realm in principal name");
+ ret = KRB5_PARSE_MALFORMED;
+ goto exit;
+ }
+ *q++ = c;
+ }
+ if(got_realm){
+ if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
+ krb5_set_error_string (context, "realm found in 'short' principal "
+ "expected to be without one");
+ ret = KRB5_PARSE_MALFORMED;
+ goto exit;
+ }
+ realm = malloc(q - start + 1);
+ if (realm == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto exit;
+ }
+ memcpy(realm, start, q - start);
+ realm[q - start] = 0;
+ }else{
+ if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
+ krb5_set_error_string (context, "realm NOT found in principal "
+ "expected to be with one");
+ ret = KRB5_PARSE_MALFORMED;
+ goto exit;
+ } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
+ realm = NULL;
+ } else {
+ ret = krb5_get_default_realm (context, &realm);
+ if (ret)
+ goto exit;
+ }
+
+ comp[n] = malloc(q - start + 1);
+ if (comp[n] == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto exit;
+ }
+ memcpy(comp[n], start, q - start);
+ comp[n][q - start] = 0;
+ n++;
+ }
+ *principal = malloc(sizeof(**principal));
+ if (*principal == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ ret = ENOMEM;
+ goto exit;
+ }
+ if (enterprise)
+ (*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL;
+ else
+ (*principal)->name.name_type = KRB5_NT_PRINCIPAL;
+ (*principal)->name.name_string.val = comp;
+ princ_num_comp(*principal) = n;
+ (*principal)->realm = realm;
+ free(s);
+ return 0;
+exit:
+ while(n>0){
+ free(comp[--n]);
+ }
+ free(comp);
+ free(realm);
+ free(s);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name(krb5_context context,
+ const char *name,
+ krb5_principal *principal)
+{
+ return krb5_parse_name_flags(context, name, 0, principal);
+}
+
+static const char quotable_chars[] = " \n\t\b\\/@";
+static const char replace_chars[] = " ntb\\/@";
+static const char nq_chars[] = " \\/@";
+
+#define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
+
+static size_t
+quote_string(const char *s, char *out, size_t idx, size_t len, int display)
+{
+ const char *p, *q;
+ for(p = s; *p && idx < len; p++){
+ q = strchr(quotable_chars, *p);
+ if (q && display) {
+ add_char(out, idx, len, replace_chars[q - quotable_chars]);
+ } else if (q) {
+ add_char(out, idx, len, '\\');
+ add_char(out, idx, len, replace_chars[q - quotable_chars]);
+ }else
+ add_char(out, idx, len, *p);
+ }
+ if(idx < len)
+ out[idx] = '\0';
+ return idx;
+}
+
+
+static krb5_error_code
+unparse_name_fixed(krb5_context context,
+ krb5_const_principal principal,
+ char *name,
+ size_t len,
+ int flags)
+{
+ size_t idx = 0;
+ int i;
+ int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0;
+ int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
+ int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
+
+ if (!no_realm && princ_realm(principal) == NULL) {
+ krb5_set_error_string(context, "Realm missing from principal, "
+ "can't unparse");
+ return ERANGE;
+ }
+
+ for(i = 0; i < princ_num_comp(principal); i++){
+ if(i)
+ add_char(name, idx, len, '/');
+ idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
+ if(idx == len) {
+ krb5_set_error_string(context, "Out of space printing principal");
+ return ERANGE;
+ }
+ }
+ /* add realm if different from default realm */
+ if(short_form && !no_realm) {
+ krb5_realm r;
+ krb5_error_code ret;
+ ret = krb5_get_default_realm(context, &r);
+ if(ret)
+ return ret;
+ if(strcmp(princ_realm(principal), r) != 0)
+ short_form = 0;
+ free(r);
+ }
+ if(!short_form && !no_realm) {
+ add_char(name, idx, len, '@');
+ idx = quote_string(princ_realm(principal), name, idx, len, display);
+ if(idx == len) {
+ krb5_set_error_string(context,
+ "Out of space printing realm of principal");
+ return ERANGE;
+ }
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_fixed(krb5_context context,
+ krb5_const_principal principal,
+ char *name,
+ size_t len)
+{
+ return unparse_name_fixed(context, principal, name, len, 0);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_fixed_short(krb5_context context,
+ krb5_const_principal principal,
+ char *name,
+ size_t len)
+{
+ return unparse_name_fixed(context, principal, name, len,
+ KRB5_PRINCIPAL_UNPARSE_SHORT);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_fixed_flags(krb5_context context,
+ krb5_const_principal principal,
+ int flags,
+ char *name,
+ size_t len)
+{
+ return unparse_name_fixed(context, principal, name, len, flags);
+}
+
+static krb5_error_code
+unparse_name(krb5_context context,
+ krb5_const_principal principal,
+ char **name,
+ int flags)
+{
+ size_t len = 0, plen;
+ int i;
+ krb5_error_code ret;
+ /* count length */
+ if (princ_realm(principal)) {
+ plen = strlen(princ_realm(principal));
+
+ if(strcspn(princ_realm(principal), quotable_chars) == plen)
+ len += plen;
+ else
+ len += 2*plen;
+ len++; /* '@' */
+ }
+ for(i = 0; i < princ_num_comp(principal); i++){
+ plen = strlen(princ_ncomp(principal, i));
+ if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen)
+ len += plen;
+ else
+ len += 2*plen;
+ len++;
+ }
+ len++; /* '\0' */
+ *name = malloc(len);
+ if(*name == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ ret = unparse_name_fixed(context, principal, *name, len, flags);
+ if(ret) {
+ free(*name);
+ *name = NULL;
+ }
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name(krb5_context context,
+ krb5_const_principal principal,
+ char **name)
+{
+ return unparse_name(context, principal, name, 0);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_flags(krb5_context context,
+ krb5_const_principal principal,
+ int flags,
+ char **name)
+{
+ return unparse_name(context, principal, name, flags);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_short(krb5_context context,
+ krb5_const_principal principal,
+ char **name)
+{
+ return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT);
+}
+
+#if 0 /* not implemented */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_unparse_name_ext(krb5_context context,
+ krb5_const_principal principal,
+ char **name,
+ size_t *size)
+{
+ krb5_abortx(context, "unimplemented krb5_unparse_name_ext called");
+}
+
+#endif
+
+krb5_realm * KRB5_LIB_FUNCTION
+krb5_princ_realm(krb5_context context,
+ krb5_principal principal)
+{
+ return &princ_realm(principal);
+}
+
+
+void KRB5_LIB_FUNCTION
+krb5_princ_set_realm(krb5_context context,
+ krb5_principal principal,
+ krb5_realm *realm)
+{
+ princ_realm(principal) = *realm;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal(krb5_context context,
+ krb5_principal *principal,
+ int rlen,
+ krb5_const_realm realm,
+ ...)
+{
+ krb5_error_code ret;
+ va_list ap;
+ va_start(ap, realm);
+ ret = krb5_build_principal_va(context, principal, rlen, realm, ap);
+ va_end(ap);
+ return ret;
+}
+
+static krb5_error_code
+append_component(krb5_context context, krb5_principal p,
+ const char *comp,
+ size_t comp_len)
+{
+ heim_general_string *tmp;
+ size_t len = princ_num_comp(p);
+
+ tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp));
+ if(tmp == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ princ_comp(p) = tmp;
+ princ_ncomp(p, len) = malloc(comp_len + 1);
+ if (princ_ncomp(p, len) == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy (princ_ncomp(p, len), comp, comp_len);
+ princ_ncomp(p, len)[comp_len] = '\0';
+ princ_num_comp(p)++;
+ return 0;
+}
+
+static void
+va_ext_princ(krb5_context context, krb5_principal p, va_list ap)
+{
+ while(1){
+ const char *s;
+ int len;
+ len = va_arg(ap, int);
+ if(len == 0)
+ break;
+ s = va_arg(ap, const char*);
+ append_component(context, p, s, len);
+ }
+}
+
+static void
+va_princ(krb5_context context, krb5_principal p, va_list ap)
+{
+ while(1){
+ const char *s;
+ s = va_arg(ap, const char*);
+ if(s == NULL)
+ break;
+ append_component(context, p, s, strlen(s));
+ }
+}
+
+
+static krb5_error_code
+build_principal(krb5_context context,
+ krb5_principal *principal,
+ int rlen,
+ krb5_const_realm realm,
+ void (*func)(krb5_context, krb5_principal, va_list),
+ va_list ap)
+{
+ krb5_principal p;
+
+ p = calloc(1, sizeof(*p));
+ if (p == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ princ_type(p) = KRB5_NT_PRINCIPAL;
+
+ princ_realm(p) = strdup(realm);
+ if(p->realm == NULL){
+ free(p);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ (*func)(context, p, ap);
+ *principal = p;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_make_principal(krb5_context context,
+ krb5_principal *principal,
+ krb5_const_realm realm,
+ ...)
+{
+ krb5_error_code ret;
+ krb5_realm r = NULL;
+ va_list ap;
+ if(realm == NULL) {
+ ret = krb5_get_default_realm(context, &r);
+ if(ret)
+ return ret;
+ realm = r;
+ }
+ va_start(ap, realm);
+ ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
+ va_end(ap);
+ if(r)
+ free(r);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal_va(krb5_context context,
+ krb5_principal *principal,
+ int rlen,
+ krb5_const_realm realm,
+ va_list ap)
+{
+ return build_principal(context, principal, rlen, realm, va_princ, ap);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal_va_ext(krb5_context context,
+ krb5_principal *principal,
+ int rlen,
+ krb5_const_realm realm,
+ va_list ap)
+{
+ return build_principal(context, principal, rlen, realm, va_ext_princ, ap);
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_build_principal_ext(krb5_context context,
+ krb5_principal *principal,
+ int rlen,
+ krb5_const_realm realm,
+ ...)
+{
+ krb5_error_code ret;
+ va_list ap;
+ va_start(ap, realm);
+ ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap);
+ va_end(ap);
+ return ret;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_principal(krb5_context context,
+ krb5_const_principal inprinc,
+ krb5_principal *outprinc)
+{
+ krb5_principal p = malloc(sizeof(*p));
+ if (p == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if(copy_Principal(inprinc, p)) {
+ free(p);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *outprinc = p;
+ return 0;
+}
+
+/*
+ * return TRUE iff princ1 == princ2 (without considering the realm)
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_principal_compare_any_realm(krb5_context context,
+ krb5_const_principal princ1,
+ krb5_const_principal princ2)
+{
+ int i;
+ if(princ_num_comp(princ1) != princ_num_comp(princ2))
+ return FALSE;
+ for(i = 0; i < princ_num_comp(princ1); i++){
+ if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0)
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/*
+ * return TRUE iff princ1 == princ2
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_principal_compare(krb5_context context,
+ krb5_const_principal princ1,
+ krb5_const_principal princ2)
+{
+ if(!krb5_realm_compare(context, princ1, princ2))
+ return FALSE;
+ return krb5_principal_compare_any_realm(context, princ1, princ2);
+}
+
+/*
+ * return TRUE iff realm(princ1) == realm(princ2)
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_realm_compare(krb5_context context,
+ krb5_const_principal princ1,
+ krb5_const_principal princ2)
+{
+ return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
+}
+
+/*
+ * return TRUE iff princ matches pattern
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_principal_match(krb5_context context,
+ krb5_const_principal princ,
+ krb5_const_principal pattern)
+{
+ int i;
+ if(princ_num_comp(princ) != princ_num_comp(pattern))
+ return FALSE;
+ if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
+ return FALSE;
+ for(i = 0; i < princ_num_comp(princ); i++){
+ if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
+ return FALSE;
+ }
+ return TRUE;
+}
+
+
+static struct v4_name_convert {
+ const char *from;
+ const char *to;
+} default_v4_name_convert[] = {
+ { "ftp", "ftp" },
+ { "hprop", "hprop" },
+ { "pop", "pop" },
+ { "imap", "imap" },
+ { "rcmd", "host" },
+ { "smtp", "smtp" },
+ { NULL, NULL }
+};
+
+/*
+ * return the converted instance name of `name' in `realm'.
+ * look in the configuration file and then in the default set above.
+ * return NULL if no conversion is appropriate.
+ */
+
+static const char*
+get_name_conversion(krb5_context context, const char *realm, const char *name)
+{
+ struct v4_name_convert *q;
+ const char *p;
+
+ p = krb5_config_get_string(context, NULL, "realms", realm,
+ "v4_name_convert", "host", name, NULL);
+ if(p == NULL)
+ p = krb5_config_get_string(context, NULL, "libdefaults",
+ "v4_name_convert", "host", name, NULL);
+ if(p)
+ return p;
+
+ /* XXX should be possible to override default list */
+ p = krb5_config_get_string(context, NULL,
+ "realms",
+ realm,
+ "v4_name_convert",
+ "plain",
+ name,
+ NULL);
+ if(p)
+ return NULL;
+ p = krb5_config_get_string(context, NULL,
+ "libdefaults",
+ "v4_name_convert",
+ "plain",
+ name,
+ NULL);
+ if(p)
+ return NULL;
+ for(q = default_v4_name_convert; q->from; q++)
+ if(strcmp(q->from, name) == 0)
+ return q->to;
+ return NULL;
+}
+
+/*
+ * convert the v4 principal `name.instance at realm' to a v5 principal in `princ'.
+ * if `resolve', use DNS.
+ * if `func', use that function for validating the conversion
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_425_conv_principal_ext2(krb5_context context,
+ const char *name,
+ const char *instance,
+ const char *realm,
+ krb5_boolean (*func)(krb5_context,
+ void *, krb5_principal),
+ void *funcctx,
+ krb5_boolean resolve,
+ krb5_principal *princ)
+{
+ const char *p;
+ krb5_error_code ret;
+ krb5_principal pr;
+ char host[MAXHOSTNAMELEN];
+ char local_hostname[MAXHOSTNAMELEN];
+
+ /* do the following: if the name is found in the
+ `v4_name_convert:host' part, is assumed to be a `host' type
+ principal, and the instance is looked up in the
+ `v4_instance_convert' part. if not found there the name is
+ (optionally) looked up as a hostname, and if that doesn't yield
+ anything, the `default_domain' is appended to the instance
+ */
+
+ if(instance == NULL)
+ goto no_host;
+ if(instance[0] == 0){
+ instance = NULL;
+ goto no_host;
+ }
+ p = get_name_conversion(context, realm, name);
+ if(p == NULL)
+ goto no_host;
+ name = p;
+ p = krb5_config_get_string(context, NULL, "realms", realm,
+ "v4_instance_convert", instance, NULL);
+ if(p){
+ instance = p;
+ ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
+ if(func == NULL || (*func)(context, funcctx, pr)){
+ *princ = pr;
+ return 0;
+ }
+ krb5_free_principal(context, pr);
+ *princ = NULL;
+ krb5_clear_error_string (context);
+ return HEIM_ERR_V4_PRINC_NO_CONV;
+ }
+ if(resolve){
+ krb5_boolean passed = FALSE;
+ char *inst = NULL;
+#ifdef USE_RESOLVER
+ struct dns_reply *r;
+
+ r = dns_lookup(instance, "aaaa");
+ if (r) {
+ if (r->head && r->head->type == T_AAAA) {
+ inst = strdup(r->head->domain);
+ passed = TRUE;
+ }
+ dns_free_data(r);
+ } else {
+ r = dns_lookup(instance, "a");
+ if (r) {
+ if(r->head && r->head->type == T_A) {
+ inst = strdup(r->head->domain);
+ passed = TRUE;
+ }
+ dns_free_data(r);
+ }
+ }
+#else
+ struct addrinfo hints, *ai;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_CANONNAME;
+ ret = getaddrinfo(instance, NULL, &hints, &ai);
+ if (ret == 0) {
+ const struct addrinfo *a;
+ for (a = ai; a != NULL; a = a->ai_next) {
+ if (a->ai_canonname != NULL) {
+ inst = strdup (a->ai_canonname);
+ passed = TRUE;
+ break;
+ }
+ }
+ freeaddrinfo (ai);
+ }
+#endif
+ if (passed) {
+ if (inst == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ strlwr(inst);
+ ret = krb5_make_principal(context, &pr, realm, name, inst,
+ NULL);
+ free (inst);
+ if(ret == 0) {
+ if(func == NULL || (*func)(context, funcctx, pr)){
+ *princ = pr;
+ return 0;
+ }
+ krb5_free_principal(context, pr);
+ }
+ }
+ }
+ if(func != NULL) {
+ snprintf(host, sizeof(host), "%s.%s", instance, realm);
+ strlwr(host);
+ ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
+ if((*func)(context, funcctx, pr)){
+ *princ = pr;
+ return 0;
+ }
+ krb5_free_principal(context, pr);
+ }
+
+ /*
+ * if the instance is the first component of the local hostname,
+ * the converted host should be the long hostname.
+ */
+
+ if (func == NULL &&
+ gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
+ strncmp(instance, local_hostname, strlen(instance)) == 0 &&
+ local_hostname[strlen(instance)] == '.') {
+ strlcpy(host, local_hostname, sizeof(host));
+ goto local_host;
+ }
+
+ {
+ char **domains, **d;
+ domains = krb5_config_get_strings(context, NULL, "realms", realm,
+ "v4_domains", NULL);
+ for(d = domains; d && *d; d++){
+ snprintf(host, sizeof(host), "%s.%s", instance, *d);
+ ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
+ if(func == NULL || (*func)(context, funcctx, pr)){
+ *princ = pr;
+ krb5_config_free_strings(domains);
+ return 0;
+ }
+ krb5_free_principal(context, pr);
+ }
+ krb5_config_free_strings(domains);
+ }
+
+
+ p = krb5_config_get_string(context, NULL, "realms", realm,
+ "default_domain", NULL);
+ if(p == NULL){
+ /* this should be an error, just faking a name is not good */
+ krb5_clear_error_string (context);
+ return HEIM_ERR_V4_PRINC_NO_CONV;
+ }
+
+ if (*p == '.')
+ ++p;
+ snprintf(host, sizeof(host), "%s.%s", instance, p);
+local_host:
+ ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
+ if(func == NULL || (*func)(context, funcctx, pr)){
+ *princ = pr;
+ return 0;
+ }
+ krb5_free_principal(context, pr);
+ krb5_clear_error_string (context);
+ return HEIM_ERR_V4_PRINC_NO_CONV;
+no_host:
+ p = krb5_config_get_string(context, NULL,
+ "realms",
+ realm,
+ "v4_name_convert",
+ "plain",
+ name,
+ NULL);
+ if(p == NULL)
+ p = krb5_config_get_string(context, NULL,
+ "libdefaults",
+ "v4_name_convert",
+ "plain",
+ name,
+ NULL);
+ if(p)
+ name = p;
+
+ ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
+ if(func == NULL || (*func)(context, funcctx, pr)){
+ *princ = pr;
+ return 0;
+ }
+ krb5_free_principal(context, pr);
+ krb5_clear_error_string (context);
+ return HEIM_ERR_V4_PRINC_NO_CONV;
+}
+
+static krb5_boolean
+convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal)
+{
+ krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx;
+ return (*func)(conxtext, principal);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_425_conv_principal_ext(krb5_context context,
+ const char *name,
+ const char *instance,
+ const char *realm,
+ krb5_boolean (*func)(krb5_context, krb5_principal),
+ krb5_boolean resolve,
+ krb5_principal *principal)
+{
+ return krb5_425_conv_principal_ext2(context,
+ name,
+ instance,
+ realm,
+ func ? convert_func : NULL,
+ func,
+ resolve,
+ principal);
+}
+
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_425_conv_principal(krb5_context context,
+ const char *name,
+ const char *instance,
+ const char *realm,
+ krb5_principal *princ)
+{
+ krb5_boolean resolve = krb5_config_get_bool(context,
+ NULL,
+ "libdefaults",
+ "v4_instance_resolve",
+ NULL);
+
+ return krb5_425_conv_principal_ext(context, name, instance, realm,
+ NULL, resolve, princ);
+}
+
+
+static int
+check_list(const krb5_config_binding *l, const char *name, const char **out)
+{
+ while(l){
+ if (l->type != krb5_config_string)
+ continue;
+ if(strcmp(name, l->u.string) == 0) {
+ *out = l->name;
+ return 1;
+ }
+ l = l->next;
+ }
+ return 0;
+}
+
+static int
+name_convert(krb5_context context, const char *name, const char *realm,
+ const char **out)
+{
+ const krb5_config_binding *l;
+ l = krb5_config_get_list (context,
+ NULL,
+ "realms",
+ realm,
+ "v4_name_convert",
+ "host",
+ NULL);
+ if(l && check_list(l, name, out))
+ return KRB5_NT_SRV_HST;
+ l = krb5_config_get_list (context,
+ NULL,
+ "libdefaults",
+ "v4_name_convert",
+ "host",
+ NULL);
+ if(l && check_list(l, name, out))
+ return KRB5_NT_SRV_HST;
+ l = krb5_config_get_list (context,
+ NULL,
+ "realms",
+ realm,
+ "v4_name_convert",
+ "plain",
+ NULL);
+ if(l && check_list(l, name, out))
+ return KRB5_NT_UNKNOWN;
+ l = krb5_config_get_list (context,
+ NULL,
+ "libdefaults",
+ "v4_name_convert",
+ "host",
+ NULL);
+ if(l && check_list(l, name, out))
+ return KRB5_NT_UNKNOWN;
+
+ /* didn't find it in config file, try built-in list */
+ {
+ struct v4_name_convert *q;
+ for(q = default_v4_name_convert; q->from; q++) {
+ if(strcmp(name, q->to) == 0) {
+ *out = q->from;
+ return KRB5_NT_SRV_HST;
+ }
+ }
+ }
+ return -1;
+}
+
+/*
+ * convert the v5 principal in `principal' into a v4 corresponding one
+ * in `name, instance, realm'
+ * this is limited interface since there's no length given for these
+ * three parameters. They have to be 40 bytes each (ANAME_SZ).
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_524_conv_principal(krb5_context context,
+ const krb5_principal principal,
+ char *name,
+ char *instance,
+ char *realm)
+{
+ const char *n, *i, *r;
+ char tmpinst[40];
+ int type = princ_type(principal);
+ const int aname_sz = 40;
+
+ r = principal->realm;
+
+ switch(principal->name.name_string.len){
+ case 1:
+ n = principal->name.name_string.val[0];
+ i = "";
+ break;
+ case 2:
+ n = principal->name.name_string.val[0];
+ i = principal->name.name_string.val[1];
+ break;
+ default:
+ krb5_set_error_string (context,
+ "cannot convert a %d component principal",
+ principal->name.name_string.len);
+ return KRB5_PARSE_MALFORMED;
+ }
+
+ {
+ const char *tmp;
+ int t = name_convert(context, n, r, &tmp);
+ if(t >= 0) {
+ type = t;
+ n = tmp;
+ }
+ }
+
+ if(type == KRB5_NT_SRV_HST){
+ char *p;
+
+ strlcpy (tmpinst, i, sizeof(tmpinst));
+ p = strchr(tmpinst, '.');
+ if(p)
+ *p = 0;
+ i = tmpinst;
+ }
+
+ if (strlcpy (name, n, aname_sz) >= aname_sz) {
+ krb5_set_error_string (context,
+ "too long name component to convert");
+ return KRB5_PARSE_MALFORMED;
+ }
+ if (strlcpy (instance, i, aname_sz) >= aname_sz) {
+ krb5_set_error_string (context,
+ "too long instance component to convert");
+ return KRB5_PARSE_MALFORMED;
+ }
+ if (strlcpy (realm, r, aname_sz) >= aname_sz) {
+ krb5_set_error_string (context,
+ "too long realm component to convert");
+ return KRB5_PARSE_MALFORMED;
+ }
+ return 0;
+}
+
+/*
+ * Create a principal in `ret_princ' for the service `sname' running
+ * on host `hostname'. */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sname_to_principal (krb5_context context,
+ const char *hostname,
+ const char *sname,
+ int32_t type,
+ krb5_principal *ret_princ)
+{
+ krb5_error_code ret;
+ char localhost[MAXHOSTNAMELEN];
+ char **realms, *host = NULL;
+
+ if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
+ krb5_set_error_string (context, "unsupported name type %d",
+ type);
+ return KRB5_SNAME_UNSUPP_NAMETYPE;
+ }
+ if(hostname == NULL) {
+ gethostname(localhost, sizeof(localhost));
+ hostname = localhost;
+ }
+ if(sname == NULL)
+ sname = "host";
+ if(type == KRB5_NT_SRV_HST) {
+ ret = krb5_expand_hostname_realms (context, hostname,
+ &host, &realms);
+ if (ret)
+ return ret;
+ strlwr(host);
+ hostname = host;
+ } else {
+ ret = krb5_get_host_realm(context, hostname, &realms);
+ if(ret)
+ return ret;
+ }
+
+ ret = krb5_make_principal(context, ret_princ, realms[0], sname,
+ hostname, NULL);
+ if(host)
+ free(host);
+ krb5_free_host_realm(context, realms);
+ return ret;
+}
+
+static const struct {
+ const char *type;
+ int32_t value;
+} nametypes[] = {
+ { "UNKNOWN", KRB5_NT_UNKNOWN },
+ { "PRINCIPAL", KRB5_NT_PRINCIPAL },
+ { "SRV_INST", KRB5_NT_SRV_INST },
+ { "SRV_HST", KRB5_NT_SRV_HST },
+ { "SRV_XHST", KRB5_NT_SRV_XHST },
+ { "UID", KRB5_NT_UID },
+ { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL },
+ { "SMTP_NAME", KRB5_NT_SMTP_NAME },
+ { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL },
+ { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID },
+ { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL },
+ { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID },
+ { NULL }
+};
+
+krb5_error_code
+krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
+{
+ size_t i;
+
+ for(i = 0; nametypes[i].type; i++) {
+ if (strcasecmp(nametypes[i].type, str) == 0) {
+ *nametype = nametypes[i].value;
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "Failed to find name type %s", str);
+ return KRB5_PARSE_MALFORMED;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/prog_setup.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/prog_setup.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/prog_setup.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <getarg.h>
+#include <err.h>
+
+RCSID("$Id: prog_setup.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+void KRB5_LIB_FUNCTION
+krb5_std_usage(int code, struct getargs *args, int num_args)
+{
+ arg_printusage(args, num_args, NULL, "");
+ exit(code);
+}
+
+int KRB5_LIB_FUNCTION
+krb5_program_setup(krb5_context *context, int argc, char **argv,
+ struct getargs *args, int num_args,
+ void (*usage)(int, struct getargs*, int))
+{
+ krb5_error_code ret;
+ int optidx = 0;
+
+ if(usage == NULL)
+ usage = krb5_std_usage;
+
+ setprogname(argv[0]);
+ ret = krb5_init_context(context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if(getarg(args, num_args, argc, argv, &optidx))
+ (*usage)(1, args, num_args);
+ return optidx;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/prompter_posix.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/prompter_posix.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/prompter_posix.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: prompter_posix.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+int KRB5_LIB_FUNCTION
+krb5_prompter_posix (krb5_context context,
+ void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[])
+{
+ int i;
+
+ if (name)
+ fprintf (stderr, "%s\n", name);
+ if (banner)
+ fprintf (stderr, "%s\n", banner);
+ if (name || banner)
+ fflush(stderr);
+ for (i = 0; i < num_prompts; ++i) {
+ if (prompts[i].hidden) {
+ if(UI_UTIL_read_pw_string(prompts[i].reply->data,
+ prompts[i].reply->length,
+ prompts[i].prompt,
+ 0))
+ return 1;
+ } else {
+ char *s = prompts[i].reply->data;
+
+ fputs (prompts[i].prompt, stdout);
+ fflush (stdout);
+ if(fgets(prompts[i].reply->data,
+ prompts[i].reply->length,
+ stdin) == NULL)
+ return 1;
+ s[strcspn(s, "\n")] = '\0';
+ }
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/rd_cred.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/rd_cred.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/rd_cred.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,340 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: rd_cred.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_error_code
+compare_addrs(krb5_context context,
+ krb5_address *a,
+ krb5_address *b,
+ const char *message)
+{
+ char a_str[64], b_str[64];
+ size_t len;
+
+ if(krb5_address_compare (context, a, b))
+ return 0;
+
+ krb5_print_address (a, a_str, sizeof(a_str), &len);
+ krb5_print_address (b, b_str, sizeof(b_str), &len);
+ krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str);
+ return KRB5KRB_AP_ERR_BADADDR;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_cred(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_data *in_data,
+ krb5_creds ***ret_creds,
+ krb5_replay_data *outdata)
+{
+ krb5_error_code ret;
+ size_t len;
+ KRB_CRED cred;
+ EncKrbCredPart enc_krb_cred_part;
+ krb5_data enc_krb_cred_part_data;
+ krb5_crypto crypto;
+ int i;
+
+ memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part));
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+ outdata == NULL)
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+
+ *ret_creds = NULL;
+
+ ret = decode_KRB_CRED(in_data->data, in_data->length,
+ &cred, &len);
+ if(ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+
+ if (cred.pvno != 5) {
+ ret = KRB5KRB_AP_ERR_BADVERSION;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+
+ if (cred.msg_type != krb_cred) {
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+
+ if (cred.enc_part.etype == ETYPE_NULL) {
+ /* DK: MIT GSS-API Compatibility */
+ enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
+ enc_krb_cred_part_data.data = cred.enc_part.cipher.data;
+ } else {
+ /* Try both subkey and session key.
+ *
+ * RFC4120 claims we should use the session key, but Heimdal
+ * before 0.8 used the remote subkey if it was send in the
+ * auth_context.
+ */
+
+ if (auth_context->remote_subkey) {
+ ret = krb5_crypto_init(context, auth_context->remote_subkey,
+ 0, &crypto);
+ if (ret)
+ goto out;
+
+ ret = krb5_decrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_KRB_CRED,
+ &cred.enc_part,
+ &enc_krb_cred_part_data);
+
+ krb5_crypto_destroy(context, crypto);
+ }
+
+ /*
+ * If there was not subkey, or we failed using subkey,
+ * retry using the session key
+ */
+ if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+ {
+
+ ret = krb5_crypto_init(context, auth_context->keyblock,
+ 0, &crypto);
+
+ if (ret)
+ goto out;
+
+ ret = krb5_decrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_KRB_CRED,
+ &cred.enc_part,
+ &enc_krb_cred_part_data);
+
+ krb5_crypto_destroy(context, crypto);
+ }
+ if (ret)
+ goto out;
+ }
+
+ ret = krb5_decode_EncKrbCredPart (context,
+ enc_krb_cred_part_data.data,
+ enc_krb_cred_part_data.length,
+ &enc_krb_cred_part,
+ &len);
+ if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data)
+ krb5_data_free(&enc_krb_cred_part_data);
+ if (ret)
+ goto out;
+
+ /* check sender address */
+
+ if (enc_krb_cred_part.s_address
+ && auth_context->remote_address
+ && auth_context->remote_port) {
+ krb5_address *a;
+
+ ret = krb5_make_addrport (context, &a,
+ auth_context->remote_address,
+ auth_context->remote_port);
+ if (ret)
+ goto out;
+
+
+ ret = compare_addrs(context, a, enc_krb_cred_part.s_address,
+ "sender address is wrong in received creds");
+ krb5_free_address(context, a);
+ free(a);
+ if(ret)
+ goto out;
+ }
+
+ /* check receiver address */
+
+ if (enc_krb_cred_part.r_address
+ && auth_context->local_address) {
+ if(auth_context->local_port &&
+ enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
+ krb5_address *a;
+ ret = krb5_make_addrport (context, &a,
+ auth_context->local_address,
+ auth_context->local_port);
+ if (ret)
+ goto out;
+
+ ret = compare_addrs(context, a, enc_krb_cred_part.r_address,
+ "receiver address is wrong in received creds");
+ krb5_free_address(context, a);
+ free(a);
+ if(ret)
+ goto out;
+ } else {
+ ret = compare_addrs(context, auth_context->local_address,
+ enc_krb_cred_part.r_address,
+ "receiver address is wrong in received creds");
+ if(ret)
+ goto out;
+ }
+ }
+
+ /* check timestamp */
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+
+ if (enc_krb_cred_part.timestamp == NULL ||
+ enc_krb_cred_part.usec == NULL ||
+ abs(*enc_krb_cred_part.timestamp - sec)
+ > context->max_skew) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_SKEW;
+ goto out;
+ }
+ }
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
+ /* if these fields are not present in the cred-part, silently
+ return zero */
+ memset(outdata, 0, sizeof(*outdata));
+ if(enc_krb_cred_part.timestamp)
+ outdata->timestamp = *enc_krb_cred_part.timestamp;
+ if(enc_krb_cred_part.usec)
+ outdata->usec = *enc_krb_cred_part.usec;
+ if(enc_krb_cred_part.nonce)
+ outdata->seq = *enc_krb_cred_part.nonce;
+ }
+
+ /* Convert to NULL terminated list of creds */
+
+ *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1,
+ sizeof(**ret_creds));
+
+ if (*ret_creds == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ goto out;
+ }
+
+ for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
+ KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
+ krb5_creds *creds;
+
+ creds = calloc(1, sizeof(*creds));
+ if(creds == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ goto out;
+ }
+
+ ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
+ &cred.tickets.val[i], &len, ret);
+ if (ret) {
+ free(creds);
+ goto out;
+ }
+ if(creds->ticket.length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+ copy_EncryptionKey (&kci->key, &creds->session);
+ if (kci->prealm && kci->pname)
+ _krb5_principalname2krb5_principal (context,
+ &creds->client,
+ *kci->pname,
+ *kci->prealm);
+ if (kci->flags)
+ creds->flags.b = *kci->flags;
+ if (kci->authtime)
+ creds->times.authtime = *kci->authtime;
+ if (kci->starttime)
+ creds->times.starttime = *kci->starttime;
+ if (kci->endtime)
+ creds->times.endtime = *kci->endtime;
+ if (kci->renew_till)
+ creds->times.renew_till = *kci->renew_till;
+ if (kci->srealm && kci->sname)
+ _krb5_principalname2krb5_principal (context,
+ &creds->server,
+ *kci->sname,
+ *kci->srealm);
+ if (kci->caddr)
+ krb5_copy_addresses (context,
+ kci->caddr,
+ &creds->addresses);
+
+ (*ret_creds)[i] = creds;
+
+ }
+ (*ret_creds)[i] = NULL;
+
+ free_KRB_CRED (&cred);
+ free_EncKrbCredPart(&enc_krb_cred_part);
+
+ return 0;
+
+ out:
+ free_EncKrbCredPart(&enc_krb_cred_part);
+ free_KRB_CRED (&cred);
+ if(*ret_creds) {
+ for(i = 0; (*ret_creds)[i]; i++)
+ krb5_free_creds(context, (*ret_creds)[i]);
+ free(*ret_creds);
+ *ret_creds = NULL;
+ }
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_cred2 (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_ccache ccache,
+ krb5_data *in_data)
+{
+ krb5_error_code ret;
+ krb5_creds **creds;
+ int i;
+
+ ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL);
+ if(ret)
+ return ret;
+
+ /* Store the creds in the ccache */
+
+ for(i = 0; creds && creds[i]; i++) {
+ krb5_cc_store_cred(context, ccache, creds[i]);
+ krb5_free_creds(context, creds[i]);
+ }
+ free(creds);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/rd_error.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/rd_error.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/rd_error.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: rd_error.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_error(krb5_context context,
+ const krb5_data *msg,
+ KRB_ERROR *result)
+{
+
+ size_t len;
+ krb5_error_code ret;
+
+ ret = decode_KRB_ERROR(msg->data, msg->length, result, &len);
+ if(ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ result->error_code += KRB5KDC_ERR_NONE;
+ return 0;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_error_contents (krb5_context context,
+ krb5_error *error)
+{
+ free_KRB_ERROR(error);
+ memset(error, 0, sizeof(*error));
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_error (krb5_context context,
+ krb5_error *error)
+{
+ krb5_free_error_contents (context, error);
+ free (error);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_error_from_rd_error(krb5_context context,
+ const krb5_error *error,
+ const krb5_creds *creds)
+{
+ krb5_error_code ret;
+
+ ret = error->error_code;
+ if (error->e_text != NULL) {
+ krb5_set_error_string(context, "%s", *error->e_text);
+ } else {
+ char clientname[256], servername[256];
+
+ if (creds != NULL) {
+ krb5_unparse_name_fixed(context, creds->client,
+ clientname, sizeof(clientname));
+ krb5_unparse_name_fixed(context, creds->server,
+ servername, sizeof(servername));
+ }
+
+ switch (ret) {
+ case KRB5KDC_ERR_NAME_EXP :
+ krb5_set_error_string(context, "Client %s%s%s expired",
+ creds ? "(" : "",
+ creds ? clientname : "",
+ creds ? ")" : "");
+ break;
+ case KRB5KDC_ERR_SERVICE_EXP :
+ krb5_set_error_string(context, "Server %s%s%s expired",
+ creds ? "(" : "",
+ creds ? servername : "",
+ creds ? ")" : "");
+ break;
+ case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
+ krb5_set_error_string(context, "Client %s%s%s unknown",
+ creds ? "(" : "",
+ creds ? clientname : "",
+ creds ? ")" : "");
+ break;
+ case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
+ krb5_set_error_string(context, "Server %s%s%s unknown",
+ creds ? "(" : "",
+ creds ? servername : "",
+ creds ? ")" : "");
+ break;
+ default :
+ krb5_clear_error_string(context);
+ break;
+ }
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/rd_priv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/rd_priv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/rd_priv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: rd_priv.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_priv(krb5_context context,
+ krb5_auth_context auth_context,
+ const krb5_data *inbuf,
+ krb5_data *outbuf,
+ krb5_replay_data *outdata)
+{
+ krb5_error_code ret;
+ KRB_PRIV priv;
+ EncKrbPrivPart part;
+ size_t len;
+ krb5_data plain;
+ krb5_keyblock *key;
+ krb5_crypto crypto;
+
+ if (outbuf)
+ krb5_data_zero(outbuf);
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+ outdata == NULL) {
+ krb5_clear_error_string (context);
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+ }
+
+ memset(&priv, 0, sizeof(priv));
+ ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
+ if (ret) {
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+ if (priv.pvno != 5) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BADVERSION;
+ goto failure;
+ }
+ if (priv.msg_type != krb_priv) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ goto failure;
+ }
+
+ if (auth_context->remote_subkey)
+ key = auth_context->remote_subkey;
+ else if (auth_context->local_subkey)
+ key = auth_context->local_subkey;
+ else
+ key = auth_context->keyblock;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ goto failure;
+ ret = krb5_decrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_KRB_PRIV,
+ &priv.enc_part,
+ &plain);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ goto failure;
+
+ ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
+ krb5_data_free (&plain);
+ if (ret) {
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+
+ /* check sender address */
+
+ if (part.s_address
+ && auth_context->remote_address
+ && !krb5_address_compare (context,
+ auth_context->remote_address,
+ part.s_address)) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ goto failure_part;
+ }
+
+ /* check receiver address */
+
+ if (part.r_address
+ && auth_context->local_address
+ && !krb5_address_compare (context,
+ auth_context->local_address,
+ part.r_address)) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ goto failure_part;
+ }
+
+ /* check timestamp */
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+ if (part.timestamp == NULL ||
+ part.usec == NULL ||
+ abs(*part.timestamp - sec) > context->max_skew) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_SKEW;
+ goto failure_part;
+ }
+ }
+
+ /* XXX - check replay cache */
+
+ /* check sequence number. since MIT krb5 cannot generate a sequence
+ number of zero but instead generates no sequence number, we accept that
+ */
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ if ((part.seq_number == NULL
+ && auth_context->remote_seqnumber != 0)
+ || (part.seq_number != NULL
+ && *part.seq_number != auth_context->remote_seqnumber)) {
+ krb5_clear_error_string (context);
+ ret = KRB5KRB_AP_ERR_BADORDER;
+ goto failure_part;
+ }
+ auth_context->remote_seqnumber++;
+ }
+
+ ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
+ if (ret)
+ goto failure_part;
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
+ /* if these fields are not present in the priv-part, silently
+ return zero */
+ memset(outdata, 0, sizeof(*outdata));
+ if(part.timestamp)
+ outdata->timestamp = *part.timestamp;
+ if(part.usec)
+ outdata->usec = *part.usec;
+ if(part.seq_number)
+ outdata->seq = *part.seq_number;
+ }
+
+ failure_part:
+ free_EncKrbPrivPart (&part);
+
+ failure:
+ free_KRB_PRIV (&priv);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/rd_rep.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/rd_rep.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/rd_rep.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: rd_rep.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_rep(krb5_context context,
+ krb5_auth_context auth_context,
+ const krb5_data *inbuf,
+ krb5_ap_rep_enc_part **repl)
+{
+ krb5_error_code ret;
+ AP_REP ap_rep;
+ size_t len;
+ krb5_data data;
+ krb5_crypto crypto;
+
+ krb5_data_zero (&data);
+ ret = 0;
+
+ ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len);
+ if (ret)
+ return ret;
+ if (ap_rep.pvno != 5) {
+ ret = KRB5KRB_AP_ERR_BADVERSION;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ if (ap_rep.msg_type != krb_ap_rep) {
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+
+ ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ if (ret)
+ goto out;
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_AP_REQ_ENC_PART,
+ &ap_rep.enc_part,
+ &data);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ goto out;
+
+ *repl = malloc(sizeof(**repl));
+ if (*repl == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ goto out;
+ }
+ ret = krb5_decode_EncAPRepPart(context,
+ data.data,
+ data.length,
+ *repl,
+ &len);
+ if (ret)
+ return ret;
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ if ((*repl)->ctime != auth_context->authenticator->ctime ||
+ (*repl)->cusec != auth_context->authenticator->cusec)
+ {
+ krb5_free_ap_rep_enc_part(context, *repl);
+ *repl = NULL;
+ ret = KRB5KRB_AP_ERR_MUT_FAIL;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ }
+ if ((*repl)->seq_number)
+ krb5_auth_con_setremoteseqnumber(context, auth_context,
+ *((*repl)->seq_number));
+ if ((*repl)->subkey)
+ krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
+
+ out:
+ krb5_data_free (&data);
+ free_AP_REP (&ap_rep);
+ return ret;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_free_ap_rep_enc_part (krb5_context context,
+ krb5_ap_rep_enc_part *val)
+{
+ if (val) {
+ free_EncAPRepPart (val);
+ free (val);
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/rd_req.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/rd_req.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/rd_req.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,892 @@
+/*
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: rd_req.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_error_code
+decrypt_tkt_enc_part (krb5_context context,
+ krb5_keyblock *key,
+ EncryptedData *enc_part,
+ EncTicketPart *decr_part)
+{
+ krb5_error_code ret;
+ krb5_data plain;
+ size_t len;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_TICKET,
+ enc_part,
+ &plain);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_decode_EncTicketPart(context, plain.data, plain.length,
+ decr_part, &len);
+ krb5_data_free (&plain);
+ return ret;
+}
+
+static krb5_error_code
+decrypt_authenticator (krb5_context context,
+ EncryptionKey *key,
+ EncryptedData *enc_part,
+ Authenticator *authenticator,
+ krb5_key_usage usage)
+{
+ krb5_error_code ret;
+ krb5_data plain;
+ size_t len;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ usage /* KRB5_KU_AP_REQ_AUTH */,
+ enc_part,
+ &plain);
+ /* for backwards compatibility, also try the old usage */
+ if (ret && usage == KRB5_KU_TGS_REQ_AUTH)
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_AP_REQ_AUTH,
+ enc_part,
+ &plain);
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_decode_Authenticator(context, plain.data, plain.length,
+ authenticator, &len);
+ krb5_data_free (&plain);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decode_ap_req(krb5_context context,
+ const krb5_data *inbuf,
+ krb5_ap_req *ap_req)
+{
+ krb5_error_code ret;
+ size_t len;
+ ret = decode_AP_REQ(inbuf->data, inbuf->length, ap_req, &len);
+ if (ret)
+ return ret;
+ if (ap_req->pvno != 5){
+ free_AP_REQ(ap_req);
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_BADVERSION;
+ }
+ if (ap_req->msg_type != krb_ap_req){
+ free_AP_REQ(ap_req);
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_MSG_TYPE;
+ }
+ if (ap_req->ticket.tkt_vno != 5){
+ free_AP_REQ(ap_req);
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_BADVERSION;
+ }
+ return 0;
+}
+
+static krb5_error_code
+check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
+{
+ char **realms;
+ int num_realms;
+ krb5_error_code ret;
+
+ /*
+ * Windows 2000 and 2003 uses this inside their TGT so it's normaly
+ * not seen by others, however, samba4 joined with a Windows AD as
+ * a Domain Controller gets exposed to this.
+ */
+ if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0)
+ return 0;
+
+ if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
+ return KRB5KDC_ERR_TRTYPE_NOSUPP;
+
+ if(enc->transited.contents.length == 0)
+ return 0;
+
+ ret = krb5_domain_x500_decode(context, enc->transited.contents,
+ &realms, &num_realms,
+ enc->crealm,
+ ticket->realm);
+ if(ret)
+ return ret;
+ ret = krb5_check_transited(context, enc->crealm,
+ ticket->realm,
+ realms, num_realms, NULL);
+ free(realms);
+ return ret;
+}
+
+static krb5_error_code
+find_etypelist(krb5_context context,
+ krb5_auth_context auth_context,
+ EtypeList *etypes)
+{
+ krb5_error_code ret;
+ krb5_authdata *ad;
+ krb5_authdata adIfRelevant;
+ unsigned i;
+
+ adIfRelevant.len = 0;
+
+ etypes->len = 0;
+ etypes->val = NULL;
+
+ ad = auth_context->authenticator->authorization_data;
+ if (ad == NULL)
+ return 0;
+
+ for (i = 0; i < ad->len; i++) {
+ if (ad->val[i].ad_type == KRB5_AUTHDATA_IF_RELEVANT) {
+ ret = decode_AD_IF_RELEVANT(ad->val[i].ad_data.data,
+ ad->val[i].ad_data.length,
+ &adIfRelevant,
+ NULL);
+ if (ret)
+ return ret;
+
+ if (adIfRelevant.len == 1 &&
+ adIfRelevant.val[0].ad_type ==
+ KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION) {
+ break;
+ }
+ free_AD_IF_RELEVANT(&adIfRelevant);
+ adIfRelevant.len = 0;
+ }
+ }
+
+ if (adIfRelevant.len == 0)
+ return 0;
+
+ ret = decode_EtypeList(adIfRelevant.val[0].ad_data.data,
+ adIfRelevant.val[0].ad_data.length,
+ etypes,
+ NULL);
+ if (ret)
+ krb5_clear_error_string(context);
+
+ free_AD_IF_RELEVANT(&adIfRelevant);
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_decrypt_ticket(krb5_context context,
+ Ticket *ticket,
+ krb5_keyblock *key,
+ EncTicketPart *out,
+ krb5_flags flags)
+{
+ EncTicketPart t;
+ krb5_error_code ret;
+ ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t);
+ if (ret)
+ return ret;
+
+ {
+ krb5_timestamp now;
+ time_t start = t.authtime;
+
+ krb5_timeofday (context, &now);
+ if(t.starttime)
+ start = *t.starttime;
+ if(start - now > context->max_skew
+ || (t.flags.invalid
+ && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
+ free_EncTicketPart(&t);
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_TKT_NYV;
+ }
+ if(now - t.endtime > context->max_skew) {
+ free_EncTicketPart(&t);
+ krb5_clear_error_string (context);
+ return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ }
+
+ if(!t.flags.transited_policy_checked) {
+ ret = check_transited(context, ticket, &t);
+ if(ret) {
+ free_EncTicketPart(&t);
+ return ret;
+ }
+ }
+ }
+
+ if(out)
+ *out = t;
+ else
+ free_EncTicketPart(&t);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_authenticator_checksum(krb5_context context,
+ krb5_auth_context ac,
+ void *data,
+ size_t len)
+{
+ krb5_error_code ret;
+ krb5_keyblock *key;
+ krb5_authenticator authenticator;
+ krb5_crypto crypto;
+
+ ret = krb5_auth_con_getauthenticator (context,
+ ac,
+ &authenticator);
+ if(ret)
+ return ret;
+ if(authenticator->cksum == NULL) {
+ krb5_free_authenticator(context, &authenticator);
+ return -17;
+ }
+ ret = krb5_auth_con_getkey(context, ac, &key);
+ if(ret) {
+ krb5_free_authenticator(context, &authenticator);
+ return ret;
+ }
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if(ret)
+ goto out;
+ ret = krb5_verify_checksum (context,
+ crypto,
+ KRB5_KU_AP_REQ_AUTH_CKSUM,
+ data,
+ len,
+ authenticator->cksum);
+ krb5_crypto_destroy(context, crypto);
+out:
+ krb5_free_authenticator(context, &authenticator);
+ krb5_free_keyblock(context, key);
+ return ret;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_ap_req(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_ap_req *ap_req,
+ krb5_const_principal server,
+ krb5_keyblock *keyblock,
+ krb5_flags flags,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket)
+{
+ return krb5_verify_ap_req2 (context,
+ auth_context,
+ ap_req,
+ server,
+ keyblock,
+ flags,
+ ap_req_options,
+ ticket,
+ KRB5_KU_AP_REQ_AUTH);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_ap_req2(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_ap_req *ap_req,
+ krb5_const_principal server,
+ krb5_keyblock *keyblock,
+ krb5_flags flags,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket,
+ krb5_key_usage usage)
+{
+ krb5_ticket *t;
+ krb5_auth_context ac;
+ krb5_error_code ret;
+ EtypeList etypes;
+
+ if (ticket)
+ *ticket = NULL;
+
+ if (auth_context && *auth_context) {
+ ac = *auth_context;
+ } else {
+ ret = krb5_auth_con_init (context, &ac);
+ if (ret)
+ return ret;
+ }
+
+ t = calloc(1, sizeof(*t));
+ if (t == NULL) {
+ ret = ENOMEM;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+
+ if (ap_req->ap_options.use_session_key && ac->keyblock){
+ ret = krb5_decrypt_ticket(context, &ap_req->ticket,
+ ac->keyblock,
+ &t->ticket,
+ flags);
+ krb5_free_keyblock(context, ac->keyblock);
+ ac->keyblock = NULL;
+ }else
+ ret = krb5_decrypt_ticket(context, &ap_req->ticket,
+ keyblock,
+ &t->ticket,
+ flags);
+
+ if(ret)
+ goto out;
+
+ ret = _krb5_principalname2krb5_principal(context,
+ &t->server,
+ ap_req->ticket.sname,
+ ap_req->ticket.realm);
+ if (ret) goto out;
+ ret = _krb5_principalname2krb5_principal(context,
+ &t->client,
+ t->ticket.cname,
+ t->ticket.crealm);
+ if (ret) goto out;
+
+ /* save key */
+
+ ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
+ if (ret) goto out;
+
+ ret = decrypt_authenticator (context,
+ &t->ticket.key,
+ &ap_req->authenticator,
+ ac->authenticator,
+ usage);
+ if (ret)
+ goto out;
+
+ {
+ krb5_principal p1, p2;
+ krb5_boolean res;
+
+ _krb5_principalname2krb5_principal(context,
+ &p1,
+ ac->authenticator->cname,
+ ac->authenticator->crealm);
+ _krb5_principalname2krb5_principal(context,
+ &p2,
+ t->ticket.cname,
+ t->ticket.crealm);
+ res = krb5_principal_compare (context, p1, p2);
+ krb5_free_principal (context, p1);
+ krb5_free_principal (context, p2);
+ if (!res) {
+ ret = KRB5KRB_AP_ERR_BADMATCH;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ }
+
+ /* check addresses */
+
+ if (t->ticket.caddr
+ && ac->remote_address
+ && !krb5_address_search (context,
+ ac->remote_address,
+ t->ticket.caddr)) {
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+
+ /* check timestamp in authenticator */
+ {
+ krb5_timestamp now;
+
+ krb5_timeofday (context, &now);
+
+ if (abs(ac->authenticator->ctime - now) > context->max_skew) {
+ ret = KRB5KRB_AP_ERR_SKEW;
+ krb5_clear_error_string (context);
+ goto out;
+ }
+ }
+
+ if (ac->authenticator->seq_number)
+ krb5_auth_con_setremoteseqnumber(context, ac,
+ *ac->authenticator->seq_number);
+
+ /* XXX - Xor sequence numbers */
+
+ if (ac->authenticator->subkey) {
+ ret = krb5_auth_con_setremotesubkey(context, ac,
+ ac->authenticator->subkey);
+ if (ret)
+ goto out;
+ }
+
+ ret = find_etypelist(context, ac, &etypes);
+ if (ret)
+ goto out;
+
+ ac->keytype = ETYPE_NULL;
+
+ if (etypes.val) {
+ int i;
+
+ for (i = 0; i < etypes.len; i++) {
+ if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
+ ac->keytype = etypes.val[i];
+ break;
+ }
+ }
+ }
+
+ if (ap_req_options) {
+ *ap_req_options = 0;
+ if (ac->keytype != ETYPE_NULL)
+ *ap_req_options |= AP_OPTS_USE_SUBKEY;
+ if (ap_req->ap_options.use_session_key)
+ *ap_req_options |= AP_OPTS_USE_SESSION_KEY;
+ if (ap_req->ap_options.mutual_required)
+ *ap_req_options |= AP_OPTS_MUTUAL_REQUIRED;
+ }
+
+ if(ticket)
+ *ticket = t;
+ else
+ krb5_free_ticket (context, t);
+ if (auth_context) {
+ if (*auth_context == NULL)
+ *auth_context = ac;
+ } else
+ krb5_auth_con_free (context, ac);
+ free_EtypeList(&etypes);
+ return 0;
+ out:
+ if (t)
+ krb5_free_ticket (context, t);
+ if (auth_context == NULL || *auth_context == NULL)
+ krb5_auth_con_free (context, ac);
+ return ret;
+}
+
+/*
+ *
+ */
+
+struct krb5_rd_req_in_ctx_data {
+ krb5_keytab keytab;
+ krb5_keyblock *keyblock;
+ krb5_boolean check_pac;
+};
+
+struct krb5_rd_req_out_ctx_data {
+ krb5_keyblock *keyblock;
+ krb5_flags ap_req_options;
+ krb5_ticket *ticket;
+};
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
+{
+ *ctx = calloc(1, sizeof(**ctx));
+ if (*ctx == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_set_keytab(krb5_context context,
+ krb5_rd_req_in_ctx in,
+ krb5_keytab keytab)
+{
+ in->keytab = keytab; /* XXX should make copy */
+ return 0;
+}
+
+/**
+ * Set if krb5_rq_red() is going to check the Windows PAC or not
+ *
+ * @param context Keberos 5 context.
+ * @param in krb5_rd_req_in_ctx to check the option on.
+ * @param flag flag to select if to check the pac (TRUE) or not (FALSE).
+ *
+ * @return Kerberos 5 error code, see krb5_get_error_message().
+ *
+ * @ingroup krb5
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_set_pac_check(krb5_context context,
+ krb5_rd_req_in_ctx in,
+ krb5_boolean flag)
+{
+ in->check_pac = flag;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_in_set_keyblock(krb5_context context,
+ krb5_rd_req_in_ctx in,
+ krb5_keyblock *keyblock)
+{
+ in->keyblock = keyblock; /* XXX should make copy */
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_out_get_ap_req_options(krb5_context context,
+ krb5_rd_req_out_ctx out,
+ krb5_flags *ap_req_options)
+{
+ *ap_req_options = out->ap_req_options;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_out_get_ticket(krb5_context context,
+ krb5_rd_req_out_ctx out,
+ krb5_ticket **ticket)
+{
+ return krb5_copy_ticket(context, out->ticket, ticket);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_out_get_keyblock(krb5_context context,
+ krb5_rd_req_out_ctx out,
+ krb5_keyblock **keyblock)
+{
+ return krb5_copy_keyblock(context, out->keyblock, keyblock);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx)
+{
+ free(ctx);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx)
+{
+ *ctx = calloc(1, sizeof(**ctx));
+ if (*ctx == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx)
+{
+ krb5_free_keyblock(context, ctx->keyblock);
+ free(ctx);
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_data *inbuf,
+ krb5_const_principal server,
+ krb5_keytab keytab,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket)
+{
+ krb5_error_code ret;
+ krb5_rd_req_in_ctx in;
+ krb5_rd_req_out_ctx out;
+
+ ret = krb5_rd_req_in_ctx_alloc(context, &in);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_req_in_set_keytab(context, in, keytab);
+ if (ret) {
+ krb5_rd_req_in_ctx_free(context, in);
+ return ret;
+ }
+
+ ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
+ krb5_rd_req_in_ctx_free(context, in);
+ if (ret)
+ return ret;
+
+ if (ap_req_options)
+ *ap_req_options = out->ap_req_options;
+ if (ticket) {
+ ret = krb5_copy_ticket(context, out->ticket, ticket);
+ if (ret)
+ goto out;
+ }
+
+out:
+ krb5_rd_req_out_ctx_free(context, out);
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_with_keyblock(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_data *inbuf,
+ krb5_const_principal server,
+ krb5_keyblock *keyblock,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket)
+{
+ krb5_error_code ret;
+ krb5_rd_req_in_ctx in;
+ krb5_rd_req_out_ctx out;
+
+ ret = krb5_rd_req_in_ctx_alloc(context, &in);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_req_in_set_keyblock(context, in, keyblock);
+ if (ret) {
+ krb5_rd_req_in_ctx_free(context, in);
+ return ret;
+ }
+
+ ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out);
+ krb5_rd_req_in_ctx_free(context, in);
+ if (ret)
+ return ret;
+
+ if (ap_req_options)
+ *ap_req_options = out->ap_req_options;
+ if (ticket) {
+ ret = krb5_copy_ticket(context, out->ticket, ticket);
+ if (ret)
+ goto out;
+ }
+
+out:
+ krb5_rd_req_out_ctx_free(context, out);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+get_key_from_keytab(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_ap_req *ap_req,
+ krb5_const_principal server,
+ krb5_keytab keytab,
+ krb5_keyblock **out_key)
+{
+ krb5_keytab_entry entry;
+ krb5_error_code ret;
+ int kvno;
+ krb5_keytab real_keytab;
+
+ if(keytab == NULL)
+ krb5_kt_default(context, &real_keytab);
+ else
+ real_keytab = keytab;
+
+ if (ap_req->ticket.enc_part.kvno)
+ kvno = *ap_req->ticket.enc_part.kvno;
+ else
+ kvno = 0;
+
+ ret = krb5_kt_get_entry (context,
+ real_keytab,
+ server,
+ kvno,
+ ap_req->ticket.enc_part.etype,
+ &entry);
+ if(ret)
+ goto out;
+ ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
+ krb5_kt_free_entry (context, &entry);
+out:
+ if(keytab == NULL)
+ krb5_kt_close(context, real_keytab);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_req_ctx(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_data *inbuf,
+ krb5_const_principal server,
+ krb5_rd_req_in_ctx inctx,
+ krb5_rd_req_out_ctx *outctx)
+{
+ krb5_error_code ret;
+ krb5_ap_req ap_req;
+ krb5_principal service = NULL;
+ krb5_rd_req_out_ctx o = NULL;
+
+ ret = _krb5_rd_req_out_ctx_alloc(context, &o);
+ if (ret)
+ goto out;
+
+ if (*auth_context == NULL) {
+ ret = krb5_auth_con_init(context, auth_context);
+ if (ret)
+ goto out;
+ }
+
+ ret = krb5_decode_ap_req(context, inbuf, &ap_req);
+ if(ret)
+ goto out;
+
+ if(server == NULL){
+ ret = _krb5_principalname2krb5_principal(context,
+ &service,
+ ap_req.ticket.sname,
+ ap_req.ticket.realm);
+ if (ret)
+ goto out;
+ server = service;
+ }
+ if (ap_req.ap_options.use_session_key &&
+ (*auth_context)->keyblock == NULL) {
+ krb5_set_error_string(context, "krb5_rd_req: user to user auth "
+ "without session key given");
+ ret = KRB5KRB_AP_ERR_NOKEY;
+ goto out;
+ }
+
+ if((*auth_context)->keyblock){
+ ret = krb5_copy_keyblock(context,
+ (*auth_context)->keyblock,
+ &o->keyblock);
+ if (ret)
+ goto out;
+ } else if(inctx->keyblock){
+ ret = krb5_copy_keyblock(context,
+ inctx->keyblock,
+ &o->keyblock);
+ if (ret)
+ goto out;
+ } else {
+ krb5_keytab keytab = NULL;
+
+ if (inctx && inctx->keytab)
+ keytab = inctx->keytab;
+
+ ret = get_key_from_keytab(context,
+ auth_context,
+ &ap_req,
+ server,
+ keytab,
+ &o->keyblock);
+ if(ret)
+ goto out;
+ }
+
+ ret = krb5_verify_ap_req2(context,
+ auth_context,
+ &ap_req,
+ server,
+ o->keyblock,
+ 0,
+ &o->ap_req_options,
+ &o->ticket,
+ KRB5_KU_AP_REQ_AUTH);
+
+ if (ret)
+ goto out;
+
+ /* If there is a PAC, verify its server signature */
+ if (inctx->check_pac) {
+ krb5_pac pac;
+ krb5_data data;
+
+ ret = krb5_ticket_get_authorization_data_type(context,
+ o->ticket,
+ KRB5_AUTHDATA_WIN2K_PAC,
+ &data);
+ if (ret == 0) {
+ ret = krb5_pac_parse(context, data.data, data.length, &pac);
+ krb5_data_free(&data);
+ if (ret)
+ goto out;
+
+ ret = krb5_pac_verify(context,
+ pac,
+ o->ticket->ticket.authtime,
+ o->ticket->client,
+ o->keyblock,
+ NULL);
+ krb5_pac_free(context, pac);
+ if (ret)
+ goto out;
+ }
+ ret = 0;
+ }
+out:
+ if (ret || outctx == NULL) {
+ krb5_rd_req_out_ctx_free(context, o);
+ } else
+ *outctx = o;
+
+ free_AP_REQ(&ap_req);
+ if(service)
+ krb5_free_principal(context, service);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/rd_safe.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/rd_safe.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/rd_safe.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: rd_safe.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_error_code
+verify_checksum(krb5_context context,
+ krb5_auth_context auth_context,
+ KRB_SAFE *safe)
+{
+ krb5_error_code ret;
+ u_char *buf;
+ size_t buf_size;
+ size_t len;
+ Checksum c;
+ krb5_crypto crypto;
+ krb5_keyblock *key;
+
+ c = safe->cksum;
+ safe->cksum.cksumtype = 0;
+ safe->cksum.checksum.data = NULL;
+ safe->cksum.checksum.length = 0;
+
+ ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
+ if(ret)
+ return ret;
+ if(buf_size != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ if (auth_context->remote_subkey)
+ key = auth_context->remote_subkey;
+ else if (auth_context->local_subkey)
+ key = auth_context->local_subkey;
+ else
+ key = auth_context->keyblock;
+
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ goto out;
+ ret = krb5_verify_checksum (context,
+ crypto,
+ KRB5_KU_KRB_SAFE_CKSUM,
+ buf + buf_size - len,
+ len,
+ &c);
+ krb5_crypto_destroy(context, crypto);
+out:
+ safe->cksum = c;
+ free (buf);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rd_safe(krb5_context context,
+ krb5_auth_context auth_context,
+ const krb5_data *inbuf,
+ krb5_data *outbuf,
+ krb5_replay_data *outdata)
+{
+ krb5_error_code ret;
+ KRB_SAFE safe;
+ size_t len;
+
+ if (outbuf)
+ krb5_data_zero(outbuf);
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+ outdata == NULL) {
+ krb5_set_error_string(context, "rd_safe: need outdata to return data");
+ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
+ }
+
+ ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
+ if (ret)
+ return ret;
+ if (safe.pvno != 5) {
+ ret = KRB5KRB_AP_ERR_BADVERSION;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+ if (safe.msg_type != krb_safe) {
+ ret = KRB5KRB_AP_ERR_MSG_TYPE;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+ if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
+ || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+
+ /* check sender address */
+
+ if (safe.safe_body.s_address
+ && auth_context->remote_address
+ && !krb5_address_compare (context,
+ auth_context->remote_address,
+ safe.safe_body.s_address)) {
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+
+ /* check receiver address */
+
+ if (safe.safe_body.r_address
+ && auth_context->local_address
+ && !krb5_address_compare (context,
+ auth_context->local_address,
+ safe.safe_body.r_address)) {
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+
+ /* check timestamp */
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+
+ if (safe.safe_body.timestamp == NULL ||
+ safe.safe_body.usec == NULL ||
+ abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
+ ret = KRB5KRB_AP_ERR_SKEW;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+ }
+ /* XXX - check replay cache */
+
+ /* check sequence number. since MIT krb5 cannot generate a sequence
+ number of zero but instead generates no sequence number, we accept that
+ */
+
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ if ((safe.safe_body.seq_number == NULL
+ && auth_context->remote_seqnumber != 0)
+ || (safe.safe_body.seq_number != NULL
+ && *safe.safe_body.seq_number !=
+ auth_context->remote_seqnumber)) {
+ ret = KRB5KRB_AP_ERR_BADORDER;
+ krb5_clear_error_string (context);
+ goto failure;
+ }
+ auth_context->remote_seqnumber++;
+ }
+
+ ret = verify_checksum (context, auth_context, &safe);
+ if (ret)
+ goto failure;
+
+ outbuf->length = safe.safe_body.user_data.length;
+ outbuf->data = malloc(outbuf->length);
+ if (outbuf->data == NULL && outbuf->length != 0) {
+ ret = ENOMEM;
+ krb5_set_error_string (context, "malloc: out of memory");
+ krb5_data_zero(outbuf);
+ goto failure;
+ }
+ memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
+
+ if ((auth_context->flags &
+ (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
+ /* if these fields are not present in the safe-part, silently
+ return zero */
+ memset(outdata, 0, sizeof(*outdata));
+ if(safe.safe_body.timestamp)
+ outdata->timestamp = *safe.safe_body.timestamp;
+ if(safe.safe_body.usec)
+ outdata->usec = *safe.safe_body.usec;
+ if(safe.safe_body.seq_number)
+ outdata->seq = *safe.safe_body.seq_number;
+ }
+
+ failure:
+ free_KRB_SAFE (&safe);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/read_message.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/read_message.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/read_message.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: read_message.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_read_message (krb5_context context,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ uint32_t len;
+ uint8_t buf[4];
+
+ krb5_data_zero(data);
+
+ ret = krb5_net_read (context, p_fd, buf, 4);
+ if(ret == -1) {
+ ret = errno;
+ krb5_clear_error_string (context);
+ return ret;
+ }
+ if(ret < 4) {
+ krb5_clear_error_string(context);
+ return HEIM_ERR_EOF;
+ }
+ len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
+ ret = krb5_data_alloc (data, len);
+ if (ret) {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ if (krb5_net_read (context, p_fd, data->data, len) != len) {
+ ret = errno;
+ krb5_data_free (data);
+ krb5_clear_error_string (context);
+ return ret;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_read_priv_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+
+ ret = krb5_read_message(context, p_fd, &packet);
+ if(ret)
+ return ret;
+ ret = krb5_rd_priv (context, ac, &packet, data, NULL);
+ krb5_data_free(&packet);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_read_safe_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+
+ ret = krb5_read_message(context, p_fd, &packet);
+ if(ret)
+ return ret;
+ ret = krb5_rd_safe (context, ac, &packet, data, NULL);
+ krb5_data_free(&packet);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/recvauth.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/recvauth.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/recvauth.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: recvauth.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * See `sendauth.c' for the format.
+ */
+
+static krb5_boolean
+match_exact(const void *data, const char *appl_version)
+{
+ return strcmp(data, appl_version) == 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_recvauth(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_pointer p_fd,
+ const char *appl_version,
+ krb5_principal server,
+ int32_t flags,
+ krb5_keytab keytab,
+ krb5_ticket **ticket)
+{
+ return krb5_recvauth_match_version(context, auth_context, p_fd,
+ match_exact, appl_version,
+ server, flags,
+ keytab, ticket);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_recvauth_match_version(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_pointer p_fd,
+ krb5_boolean (*match_appl_version)(const void *,
+ const char*),
+ const void *match_data,
+ krb5_principal server,
+ int32_t flags,
+ krb5_keytab keytab,
+ krb5_ticket **ticket)
+{
+ krb5_error_code ret;
+ const char *version = KRB5_SENDAUTH_VERSION;
+ char her_version[sizeof(KRB5_SENDAUTH_VERSION)];
+ char *her_appl_version;
+ uint32_t len;
+ u_char repl;
+ krb5_data data;
+ krb5_flags ap_options;
+ ssize_t n;
+
+ /*
+ * If there are no addresses in auth_context, get them from `fd'.
+ */
+
+ if (*auth_context == NULL) {
+ ret = krb5_auth_con_init (context, auth_context);
+ if (ret)
+ return ret;
+ }
+
+ ret = krb5_auth_con_setaddrs_from_fd (context,
+ *auth_context,
+ p_fd);
+ if (ret)
+ return ret;
+
+ if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) {
+ n = krb5_net_read (context, p_fd, &len, 4);
+ if (n < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "read: %s", strerror(errno));
+ return ret;
+ }
+ if (n == 0) {
+ krb5_set_error_string (context, "Failed to receive sendauth data");
+ return KRB5_SENDAUTH_BADAUTHVERS;
+ }
+ len = ntohl(len);
+ if (len != sizeof(her_version)
+ || krb5_net_read (context, p_fd, her_version, len) != len
+ || strncmp (version, her_version, len)) {
+ repl = 1;
+ krb5_net_write (context, p_fd, &repl, 1);
+ krb5_clear_error_string (context);
+ return KRB5_SENDAUTH_BADAUTHVERS;
+ }
+ }
+
+ n = krb5_net_read (context, p_fd, &len, 4);
+ if (n < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "read: %s", strerror(errno));
+ return ret;
+ }
+ if (n == 0) {
+ krb5_clear_error_string (context);
+ return KRB5_SENDAUTH_BADAPPLVERS;
+ }
+ len = ntohl(len);
+ her_appl_version = malloc (len);
+ if (her_appl_version == NULL) {
+ repl = 2;
+ krb5_net_write (context, p_fd, &repl, 1);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if (krb5_net_read (context, p_fd, her_appl_version, len) != len
+ || !(*match_appl_version)(match_data, her_appl_version)) {
+ repl = 2;
+ krb5_net_write (context, p_fd, &repl, 1);
+ krb5_set_error_string (context, "wrong sendauth version (%s)",
+ her_appl_version);
+ free (her_appl_version);
+ return KRB5_SENDAUTH_BADAPPLVERS;
+ }
+ free (her_appl_version);
+
+ repl = 0;
+ if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
+ ret = errno;
+ krb5_set_error_string (context, "write: %s", strerror(errno));
+ return ret;
+ }
+
+ krb5_data_zero (&data);
+ ret = krb5_read_message (context, p_fd, &data);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_req (context,
+ auth_context,
+ &data,
+ server,
+ keytab,
+ &ap_options,
+ ticket);
+ krb5_data_free (&data);
+ if (ret) {
+ krb5_data error_data;
+ krb5_error_code ret2;
+
+ ret2 = krb5_mk_error (context,
+ ret,
+ NULL,
+ NULL,
+ NULL,
+ server,
+ NULL,
+ NULL,
+ &error_data);
+ if (ret2 == 0) {
+ krb5_write_message (context, p_fd, &error_data);
+ krb5_data_free (&error_data);
+ }
+ return ret;
+ }
+
+ len = 0;
+ if (krb5_net_write (context, p_fd, &len, 4) != 4) {
+ ret = errno;
+ krb5_set_error_string (context, "write: %s", strerror(errno));
+ return ret;
+ }
+
+ if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
+ ret = krb5_mk_rep (context, *auth_context, &data);
+ if (ret)
+ return ret;
+
+ ret = krb5_write_message (context, p_fd, &data);
+ if (ret)
+ return ret;
+ krb5_data_free (&data);
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/replay.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/replay.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/replay.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,312 @@
+/*
+ * Copyright (c) 1997-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <vis.h>
+
+RCSID("$Id: replay.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct krb5_rcache_data {
+ char *name;
+};
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_resolve(krb5_context context,
+ krb5_rcache id,
+ const char *name)
+{
+ id->name = strdup(name);
+ if(id->name == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return KRB5_RC_MALLOC;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_resolve_type(krb5_context context,
+ krb5_rcache *id,
+ const char *type)
+{
+ *id = NULL;
+ if(strcmp(type, "FILE")) {
+ krb5_set_error_string (context, "replay cache type %s not supported",
+ type);
+ return KRB5_RC_TYPE_NOTFOUND;
+ }
+ *id = calloc(1, sizeof(**id));
+ if(*id == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return KRB5_RC_MALLOC;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_resolve_full(krb5_context context,
+ krb5_rcache *id,
+ const char *string_name)
+{
+ krb5_error_code ret;
+
+ *id = NULL;
+
+ if(strncmp(string_name, "FILE:", 5)) {
+ krb5_set_error_string (context, "replay cache type %s not supported",
+ string_name);
+ return KRB5_RC_TYPE_NOTFOUND;
+ }
+ ret = krb5_rc_resolve_type(context, id, "FILE");
+ if(ret)
+ return ret;
+ ret = krb5_rc_resolve(context, *id, string_name + 5);
+ if (ret) {
+ krb5_rc_close(context, *id);
+ *id = NULL;
+ }
+ return ret;
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_default_name(krb5_context context)
+{
+ return "FILE:/var/run/default_rcache";
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_default_type(krb5_context context)
+{
+ return "FILE";
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_default(krb5_context context,
+ krb5_rcache *id)
+{
+ return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context));
+}
+
+struct rc_entry{
+ time_t stamp;
+ unsigned char data[16];
+};
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_initialize(krb5_context context,
+ krb5_rcache id,
+ krb5_deltat auth_lifespan)
+{
+ FILE *f = fopen(id->name, "w");
+ struct rc_entry tmp;
+ int ret;
+
+ if(f == NULL) {
+ ret = errno;
+ krb5_set_error_string (context, "open(%s): %s", id->name,
+ strerror(ret));
+ return ret;
+ }
+ tmp.stamp = auth_lifespan;
+ fwrite(&tmp, 1, sizeof(tmp), f);
+ fclose(f);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_recover(krb5_context context,
+ krb5_rcache id)
+{
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_destroy(krb5_context context,
+ krb5_rcache id)
+{
+ int ret;
+
+ if(remove(id->name) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "remove(%s): %s", id->name,
+ strerror(ret));
+ return ret;
+ }
+ return krb5_rc_close(context, id);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_close(krb5_context context,
+ krb5_rcache id)
+{
+ free(id->name);
+ free(id);
+ return 0;
+}
+
+static void
+checksum_authenticator(Authenticator *auth, void *data)
+{
+ MD5_CTX md5;
+ int i;
+
+ MD5_Init (&md5);
+ MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
+ for(i = 0; i < auth->cname.name_string.len; i++)
+ MD5_Update(&md5, auth->cname.name_string.val[i],
+ strlen(auth->cname.name_string.val[i]));
+ MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
+ MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
+ MD5_Final (data, &md5);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_store(krb5_context context,
+ krb5_rcache id,
+ krb5_donot_replay *rep)
+{
+ struct rc_entry ent, tmp;
+ time_t t;
+ FILE *f;
+ int ret;
+
+ ent.stamp = time(NULL);
+ checksum_authenticator(rep, ent.data);
+ f = fopen(id->name, "r");
+ if(f == NULL) {
+ ret = errno;
+ krb5_set_error_string (context, "open(%s): %s", id->name,
+ strerror(ret));
+ return ret;
+ }
+ fread(&tmp, sizeof(ent), 1, f);
+ t = ent.stamp - tmp.stamp;
+ while(fread(&tmp, sizeof(ent), 1, f)){
+ if(tmp.stamp < t)
+ continue;
+ if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){
+ fclose(f);
+ krb5_clear_error_string (context);
+ return KRB5_RC_REPLAY;
+ }
+ }
+ if(ferror(f)){
+ ret = errno;
+ fclose(f);
+ krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
+ return ret;
+ }
+ fclose(f);
+ f = fopen(id->name, "a");
+ if(f == NULL) {
+ krb5_set_error_string (context, "open(%s): %s", id->name,
+ strerror(errno));
+ return KRB5_RC_IO_UNKNOWN;
+ }
+ fwrite(&ent, 1, sizeof(ent), f);
+ fclose(f);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_expunge(krb5_context context,
+ krb5_rcache id)
+{
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_rc_get_lifespan(krb5_context context,
+ krb5_rcache id,
+ krb5_deltat *auth_lifespan)
+{
+ FILE *f = fopen(id->name, "r");
+ int r;
+ struct rc_entry ent;
+ r = fread(&ent, sizeof(ent), 1, f);
+ fclose(f);
+ if(r){
+ *auth_lifespan = ent.stamp;
+ return 0;
+ }
+ krb5_clear_error_string (context);
+ return KRB5_RC_IO_UNKNOWN;
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_get_name(krb5_context context,
+ krb5_rcache id)
+{
+ return id->name;
+}
+
+const char* KRB5_LIB_FUNCTION
+krb5_rc_get_type(krb5_context context,
+ krb5_rcache id)
+{
+ return "FILE";
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_get_server_rcache(krb5_context context,
+ const krb5_data *piece,
+ krb5_rcache *id)
+{
+ krb5_rcache rcache;
+ krb5_error_code ret;
+
+ char *tmp = malloc(4 * piece->length + 1);
+ char *name;
+
+ if(tmp == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
+#ifdef HAVE_GETEUID
+ asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid());
+#else
+ asprintf(&name, "FILE:rc_%s", tmp);
+#endif
+ free(tmp);
+ if(name == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ ret = krb5_rc_resolve_full(context, &rcache, name);
+ free(name);
+ if(ret)
+ return ret;
+ *id = rcache;
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/send_to_kdc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/send_to_kdc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/send_to_kdc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,604 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: send_to_kdc.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct send_to_kdc {
+ krb5_send_to_kdc_func func;
+ void *data;
+};
+
+/*
+ * send the data in `req' on the socket `fd' (which is datagram iff udp)
+ * waiting `tmout' for a reply and returning the reply in `rep'.
+ * iff limit read up to this many bytes
+ * returns 0 and data in `rep' if succesful, otherwise -1
+ */
+
+static int
+recv_loop (int fd,
+ time_t tmout,
+ int udp,
+ size_t limit,
+ krb5_data *rep)
+{
+ fd_set fdset;
+ struct timeval timeout;
+ int ret;
+ int nbytes;
+
+ if (fd >= FD_SETSIZE) {
+ return -1;
+ }
+
+ krb5_data_zero(rep);
+ do {
+ FD_ZERO(&fdset);
+ FD_SET(fd, &fdset);
+ timeout.tv_sec = tmout;
+ timeout.tv_usec = 0;
+ ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
+ return -1;
+ } else if (ret == 0) {
+ return 0;
+ } else {
+ void *tmp;
+
+ if (ioctl (fd, FIONREAD, &nbytes) < 0) {
+ krb5_data_free (rep);
+ return -1;
+ }
+ if(nbytes <= 0)
+ return 0;
+
+ if (limit)
+ nbytes = min(nbytes, limit - rep->length);
+
+ tmp = realloc (rep->data, rep->length + nbytes);
+ if (tmp == NULL) {
+ krb5_data_free (rep);
+ return -1;
+ }
+ rep->data = tmp;
+ ret = recv (fd, (char*)tmp + rep->length, nbytes, 0);
+ if (ret < 0) {
+ krb5_data_free (rep);
+ return -1;
+ }
+ rep->length += ret;
+ }
+ } while(!udp && (limit == 0 || rep->length < limit));
+ return 0;
+}
+
+/*
+ * Send kerberos requests and receive a reply on a udp or any other kind
+ * of a datagram socket. See `recv_loop'.
+ */
+
+static int
+send_and_recv_udp(int fd,
+ time_t tmout,
+ const krb5_data *req,
+ krb5_data *rep)
+{
+ if (send (fd, req->data, req->length, 0) < 0)
+ return -1;
+
+ return recv_loop(fd, tmout, 1, 0, rep);
+}
+
+/*
+ * `send_and_recv' for a TCP (or any other stream) socket.
+ * Since there are no record limits on a stream socket the protocol here
+ * is to prepend the request with 4 bytes of its length and the reply
+ * is similarly encoded.
+ */
+
+static int
+send_and_recv_tcp(int fd,
+ time_t tmout,
+ const krb5_data *req,
+ krb5_data *rep)
+{
+ unsigned char len[4];
+ unsigned long rep_len;
+ krb5_data len_data;
+
+ _krb5_put_int(len, req->length, 4);
+ if(net_write(fd, len, sizeof(len)) < 0)
+ return -1;
+ if(net_write(fd, req->data, req->length) < 0)
+ return -1;
+ if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
+ return -1;
+ if (len_data.length != 4) {
+ krb5_data_free (&len_data);
+ return -1;
+ }
+ _krb5_get_int(len_data.data, &rep_len, 4);
+ krb5_data_free (&len_data);
+ if (recv_loop (fd, tmout, 0, rep_len, rep) < 0)
+ return -1;
+ if(rep->length != rep_len) {
+ krb5_data_free (rep);
+ return -1;
+ }
+ return 0;
+}
+
+int
+_krb5_send_and_recv_tcp(int fd,
+ time_t tmout,
+ const krb5_data *req,
+ krb5_data *rep)
+{
+ return send_and_recv_tcp(fd, tmout, req, rep);
+}
+
+/*
+ * `send_and_recv' tailored for the HTTP protocol.
+ */
+
+static int
+send_and_recv_http(int fd,
+ time_t tmout,
+ const char *prefix,
+ const krb5_data *req,
+ krb5_data *rep)
+{
+ char *request;
+ char *str;
+ int ret;
+ int len = base64_encode(req->data, req->length, &str);
+
+ if(len < 0)
+ return -1;
+ asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str);
+ free(str);
+ if (request == NULL)
+ return -1;
+ ret = net_write (fd, request, strlen(request));
+ free (request);
+ if (ret < 0)
+ return ret;
+ ret = recv_loop(fd, tmout, 0, 0, rep);
+ if(ret)
+ return ret;
+ {
+ unsigned long rep_len;
+ char *s, *p;
+
+ s = realloc(rep->data, rep->length + 1);
+ if (s == NULL) {
+ krb5_data_free (rep);
+ return -1;
+ }
+ s[rep->length] = 0;
+ p = strstr(s, "\r\n\r\n");
+ if(p == NULL) {
+ krb5_data_zero(rep);
+ free(s);
+ return -1;
+ }
+ p += 4;
+ rep->data = s;
+ rep->length -= p - s;
+ if(rep->length < 4) { /* remove length */
+ krb5_data_zero(rep);
+ free(s);
+ return -1;
+ }
+ rep->length -= 4;
+ _krb5_get_int(p, &rep_len, 4);
+ if (rep_len != rep->length) {
+ krb5_data_zero(rep);
+ free(s);
+ return -1;
+ }
+ memmove(rep->data, p + 4, rep->length);
+ }
+ return 0;
+}
+
+static int
+init_port(const char *s, int fallback)
+{
+ if (s) {
+ int tmp;
+
+ sscanf (s, "%d", &tmp);
+ return htons(tmp);
+ } else
+ return fallback;
+}
+
+/*
+ * Return 0 if succesful, otherwise 1
+ */
+
+static int
+send_via_proxy (krb5_context context,
+ const krb5_krbhst_info *hi,
+ const krb5_data *send_data,
+ krb5_data *receive)
+{
+ char *proxy2 = strdup(context->http_proxy);
+ char *proxy = proxy2;
+ char *prefix;
+ char *colon;
+ struct addrinfo hints;
+ struct addrinfo *ai, *a;
+ int ret;
+ int s = -1;
+ char portstr[NI_MAXSERV];
+
+ if (proxy == NULL)
+ return ENOMEM;
+ if (strncmp (proxy, "http://", 7) == 0)
+ proxy += 7;
+
+ colon = strchr(proxy, ':');
+ if(colon != NULL)
+ *colon++ = '\0';
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ snprintf (portstr, sizeof(portstr), "%d",
+ ntohs(init_port (colon, htons(80))));
+ ret = getaddrinfo (proxy, portstr, &hints, &ai);
+ free (proxy2);
+ if (ret)
+ return krb5_eai_to_heim_errno(ret, errno);
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ close (s);
+ continue;
+ }
+ break;
+ }
+ if (a == NULL) {
+ freeaddrinfo (ai);
+ return 1;
+ }
+ freeaddrinfo (ai);
+
+ asprintf(&prefix, "http://%s/", hi->hostname);
+ if(prefix == NULL) {
+ close(s);
+ return 1;
+ }
+ ret = send_and_recv_http(s, context->kdc_timeout,
+ prefix, send_data, receive);
+ close (s);
+ free(prefix);
+ if(ret == 0 && receive->length != 0)
+ return 0;
+ return 1;
+}
+
+/*
+ * Send the data `send' to one host from `handle` and get back the reply
+ * in `receive'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto (krb5_context context,
+ const krb5_data *send_data,
+ krb5_krbhst_handle handle,
+ krb5_data *receive)
+{
+ krb5_error_code ret;
+ int fd;
+ int i;
+
+ krb5_data_zero(receive);
+
+ for (i = 0; i < context->max_retries; ++i) {
+ krb5_krbhst_info *hi;
+
+ while (krb5_krbhst_next(context, handle, &hi) == 0) {
+ struct addrinfo *ai, *a;
+
+ if (context->send_to_kdc) {
+ struct send_to_kdc *s = context->send_to_kdc;
+
+ ret = (*s->func)(context, s->data,
+ hi, send_data, receive);
+ if (ret == 0 && receive->length != 0)
+ goto out;
+ continue;
+ }
+
+ if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) {
+ if (send_via_proxy (context, hi, send_data, receive) == 0) {
+ ret = 0;
+ goto out;
+ }
+ continue;
+ }
+
+ ret = krb5_krbhst_get_addrinfo(context, hi, &ai);
+ if (ret)
+ continue;
+
+ for (a = ai; a != NULL; a = a->ai_next) {
+ fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (fd < 0)
+ continue;
+ if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) {
+ close (fd);
+ continue;
+ }
+ switch (hi->proto) {
+ case KRB5_KRBHST_HTTP :
+ ret = send_and_recv_http(fd, context->kdc_timeout,
+ "", send_data, receive);
+ break;
+ case KRB5_KRBHST_TCP :
+ ret = send_and_recv_tcp (fd, context->kdc_timeout,
+ send_data, receive);
+ break;
+ case KRB5_KRBHST_UDP :
+ ret = send_and_recv_udp (fd, context->kdc_timeout,
+ send_data, receive);
+ break;
+ }
+ close (fd);
+ if(ret == 0 && receive->length != 0)
+ goto out;
+ }
+ }
+ krb5_krbhst_reset(context, handle);
+ }
+ krb5_clear_error_string (context);
+ ret = KRB5_KDC_UNREACH;
+out:
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_kdc(krb5_context context,
+ const krb5_data *send_data,
+ const krb5_realm *realm,
+ krb5_data *receive)
+{
+ return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_kdc_flags(krb5_context context,
+ const krb5_data *send_data,
+ const krb5_realm *realm,
+ krb5_data *receive,
+ int flags)
+{
+ krb5_error_code ret;
+ krb5_sendto_ctx ctx;
+
+ ret = krb5_sendto_ctx_alloc(context, &ctx);
+ if (ret)
+ return ret;
+ krb5_sendto_ctx_add_flags(ctx, flags);
+ krb5_sendto_ctx_set_func(ctx, _krb5_kdc_retry, NULL);
+
+ ret = krb5_sendto_context(context, ctx, send_data, *realm, receive);
+ krb5_sendto_ctx_free(context, ctx);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_send_to_kdc_func(krb5_context context,
+ krb5_send_to_kdc_func func,
+ void *data)
+{
+ free(context->send_to_kdc);
+ if (func == NULL) {
+ context->send_to_kdc = NULL;
+ return 0;
+ }
+
+ context->send_to_kdc = malloc(sizeof(*context->send_to_kdc));
+ if (context->send_to_kdc == NULL) {
+ krb5_set_error_string(context, "Out of memory");
+ return ENOMEM;
+ }
+
+ context->send_to_kdc->func = func;
+ context->send_to_kdc->data = data;
+ return 0;
+}
+
+struct krb5_sendto_ctx_data {
+ int flags;
+ int type;
+ krb5_sendto_ctx_func func;
+ void *data;
+};
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
+{
+ *ctx = calloc(1, sizeof(**ctx));
+ if (*ctx == NULL) {
+ krb5_set_error_string(context, "out of memory");
+ return ENOMEM;
+ }
+ return 0;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags)
+{
+ ctx->flags |= flags;
+}
+
+int KRB5_LIB_FUNCTION
+krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx)
+{
+ return ctx->flags;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type)
+{
+ ctx->type = type;
+}
+
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx,
+ krb5_sendto_ctx_func func,
+ void *data)
+{
+ ctx->func = func;
+ ctx->data = data;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ free(ctx);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendto_context(krb5_context context,
+ krb5_sendto_ctx ctx,
+ const krb5_data *send_data,
+ const krb5_realm realm,
+ krb5_data *receive)
+{
+ krb5_error_code ret;
+ krb5_krbhst_handle handle = NULL;
+ int type, freectx = 0;
+ int action;
+
+ krb5_data_zero(receive);
+
+ if (ctx == NULL) {
+ freectx = 1;
+ ret = krb5_sendto_ctx_alloc(context, &ctx);
+ if (ret)
+ return ret;
+ }
+
+ type = ctx->type;
+ if (type == 0) {
+ if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc)
+ type = KRB5_KRBHST_ADMIN;
+ else
+ type = KRB5_KRBHST_KDC;
+ }
+
+ if (send_data->length > context->large_msg_size)
+ ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG;
+
+ /* loop until we get back a appropriate response */
+
+ do {
+ action = KRB5_SENDTO_DONE;
+
+ krb5_data_free(receive);
+
+ if (handle == NULL) {
+ ret = krb5_krbhst_init_flags(context, realm, type,
+ ctx->flags, &handle);
+ if (ret) {
+ if (freectx)
+ krb5_sendto_ctx_free(context, ctx);
+ return ret;
+ }
+ }
+
+ ret = krb5_sendto(context, send_data, handle, receive);
+ if (ret)
+ break;
+ if (ctx->func) {
+ ret = (*ctx->func)(context, ctx, ctx->data, receive, &action);
+ if (ret)
+ break;
+ }
+ if (action != KRB5_SENDTO_CONTINUE) {
+ krb5_krbhst_free(context, handle);
+ handle = NULL;
+ }
+ } while (action != KRB5_SENDTO_DONE);
+ if (handle)
+ krb5_krbhst_free(context, handle);
+ if (ret == KRB5_KDC_UNREACH)
+ krb5_set_error_string(context,
+ "unable to reach any KDC in realm %s", realm);
+ if (ret)
+ krb5_data_free(receive);
+ if (freectx)
+ krb5_sendto_ctx_free(context, ctx);
+ return ret;
+}
+
+krb5_error_code
+_krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data,
+ const krb5_data *reply, int *action)
+{
+ krb5_error_code ret;
+ KRB_ERROR error;
+
+ if(krb5_rd_error(context, reply, &error))
+ return 0;
+
+ ret = krb5_error_from_rd_error(context, &error, NULL);
+ krb5_free_error_contents(context, &error);
+
+ switch(ret) {
+ case KRB5KRB_ERR_RESPONSE_TOO_BIG: {
+ if (krb5_sendto_ctx_get_flags(ctx) & KRB5_KRBHST_FLAGS_LARGE_MSG)
+ break;
+ krb5_sendto_ctx_add_flags(ctx, KRB5_KRBHST_FLAGS_LARGE_MSG);
+ *action = KRB5_SENDTO_RESTART;
+ break;
+ }
+ case KRB5KDC_ERR_SVC_UNAVAILABLE:
+ *action = KRB5_SENDTO_CONTINUE;
+ break;
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/sendauth.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/sendauth.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/sendauth.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: sendauth.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * The format seems to be:
+ * client -> server
+ *
+ * 4 bytes - length
+ * KRB5_SENDAUTH_V1.0 (including zero)
+ * 4 bytes - length
+ * protocol string (with terminating zero)
+ *
+ * server -> client
+ * 1 byte - (0 = OK, else some kind of error)
+ *
+ * client -> server
+ * 4 bytes - length
+ * AP-REQ
+ *
+ * server -> client
+ * 4 bytes - length (0 = OK, else length of error)
+ * (error)
+ *
+ * if(mutual) {
+ * server -> client
+ * 4 bytes - length
+ * AP-REP
+ * }
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sendauth(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_pointer p_fd,
+ const char *appl_version,
+ krb5_principal client,
+ krb5_principal server,
+ krb5_flags ap_req_options,
+ krb5_data *in_data,
+ krb5_creds *in_creds,
+ krb5_ccache ccache,
+ krb5_error **ret_error,
+ krb5_ap_rep_enc_part **rep_result,
+ krb5_creds **out_creds)
+{
+ krb5_error_code ret;
+ uint32_t len, net_len;
+ const char *version = KRB5_SENDAUTH_VERSION;
+ u_char repl;
+ krb5_data ap_req, error_data;
+ krb5_creds this_cred;
+ krb5_principal this_client = NULL;
+ krb5_creds *creds;
+ ssize_t sret;
+ krb5_boolean my_ccache = FALSE;
+
+ len = strlen(version) + 1;
+ net_len = htonl(len);
+ if (krb5_net_write (context, p_fd, &net_len, 4) != 4
+ || krb5_net_write (context, p_fd, version, len) != len) {
+ ret = errno;
+ krb5_set_error_string (context, "write: %s", strerror(ret));
+ return ret;
+ }
+
+ len = strlen(appl_version) + 1;
+ net_len = htonl(len);
+ if (krb5_net_write (context, p_fd, &net_len, 4) != 4
+ || krb5_net_write (context, p_fd, appl_version, len) != len) {
+ ret = errno;
+ krb5_set_error_string (context, "write: %s", strerror(ret));
+ return ret;
+ }
+
+ sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
+ if (sret < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "read: %s", strerror(ret));
+ return ret;
+ } else if (sret != sizeof(repl)) {
+ krb5_clear_error_string (context);
+ return KRB5_SENDAUTH_BADRESPONSE;
+ }
+
+ if (repl != 0) {
+ krb5_clear_error_string (context);
+ return KRB5_SENDAUTH_REJECTED;
+ }
+
+ if (in_creds == NULL) {
+ if (ccache == NULL) {
+ ret = krb5_cc_default (context, &ccache);
+ if (ret)
+ return ret;
+ my_ccache = TRUE;
+ }
+
+ if (client == NULL) {
+ ret = krb5_cc_get_principal (context, ccache, &this_client);
+ if (ret) {
+ if(my_ccache)
+ krb5_cc_close(context, ccache);
+ return ret;
+ }
+ client = this_client;
+ }
+ memset(&this_cred, 0, sizeof(this_cred));
+ this_cred.client = client;
+ this_cred.server = server;
+ this_cred.times.endtime = 0;
+ this_cred.ticket.length = 0;
+ in_creds = &this_cred;
+ }
+ if (in_creds->ticket.length == 0) {
+ ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
+ if (ret) {
+ if(my_ccache)
+ krb5_cc_close(context, ccache);
+ return ret;
+ }
+ } else {
+ creds = in_creds;
+ }
+ if(my_ccache)
+ krb5_cc_close(context, ccache);
+ ret = krb5_mk_req_extended (context,
+ auth_context,
+ ap_req_options,
+ in_data,
+ creds,
+ &ap_req);
+
+ if (out_creds)
+ *out_creds = creds;
+ else
+ krb5_free_creds(context, creds);
+ if(this_client)
+ krb5_free_principal(context, this_client);
+
+ if (ret)
+ return ret;
+
+ ret = krb5_write_message (context,
+ p_fd,
+ &ap_req);
+ if (ret)
+ return ret;
+
+ krb5_data_free (&ap_req);
+
+ ret = krb5_read_message (context, p_fd, &error_data);
+ if (ret)
+ return ret;
+
+ if (error_data.length != 0) {
+ KRB_ERROR error;
+
+ ret = krb5_rd_error (context, &error_data, &error);
+ krb5_data_free (&error_data);
+ if (ret == 0) {
+ ret = krb5_error_from_rd_error(context, &error, NULL);
+ if (ret_error != NULL) {
+ *ret_error = malloc (sizeof(krb5_error));
+ if (*ret_error == NULL) {
+ krb5_free_error_contents (context, &error);
+ } else {
+ **ret_error = error;
+ }
+ } else {
+ krb5_free_error_contents (context, &error);
+ }
+ return ret;
+ } else {
+ krb5_clear_error_string(context);
+ return ret;
+ }
+ }
+
+ if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
+ krb5_data ap_rep;
+ krb5_ap_rep_enc_part *ignore;
+
+ krb5_data_zero (&ap_rep);
+ ret = krb5_read_message (context,
+ p_fd,
+ &ap_rep);
+ if (ret)
+ return ret;
+
+ ret = krb5_rd_rep (context, *auth_context, &ap_rep,
+ rep_result ? rep_result : &ignore);
+ krb5_data_free (&ap_rep);
+ if (ret)
+ return ret;
+ if (rep_result == NULL)
+ krb5_free_ap_rep_enc_part (context, ignore);
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/set_default_realm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/set_default_realm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/set_default_realm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: set_default_realm.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Convert the simple string `s' into a NULL-terminated and freshly allocated
+ * list in `list'. Return an error code.
+ */
+
+static krb5_error_code
+string_to_list (krb5_context context, const char *s, krb5_realm **list)
+{
+
+ *list = malloc (2 * sizeof(**list));
+ if (*list == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ (*list)[0] = strdup (s);
+ if ((*list)[0] == NULL) {
+ free (*list);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ (*list)[1] = NULL;
+ return 0;
+}
+
+/*
+ * Set the knowledge of the default realm(s) in `context'.
+ * If realm != NULL, that's the new default realm.
+ * Otherwise, the realm(s) are figured out from configuration or DNS.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_default_realm(krb5_context context,
+ const char *realm)
+{
+ krb5_error_code ret = 0;
+ krb5_realm *realms = NULL;
+
+ if (realm == NULL) {
+ realms = krb5_config_get_strings (context, NULL,
+ "libdefaults",
+ "default_realm",
+ NULL);
+ if (realms == NULL)
+ ret = krb5_get_host_realm(context, NULL, &realms);
+ } else {
+ ret = string_to_list (context, realm, &realms);
+ }
+ if (ret)
+ return ret;
+ krb5_free_host_realm (context, context->default_realms);
+ context->default_realms = realms;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/sock_principal.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/sock_principal.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/sock_principal.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: sock_principal.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_sock_to_principal (krb5_context context,
+ int sock,
+ const char *sname,
+ int32_t type,
+ krb5_principal *ret_princ)
+{
+ krb5_error_code ret;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ socklen_t salen = sizeof(__ss);
+ char hostname[NI_MAXHOST];
+
+ if (getsockname (sock, sa, &salen) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "getsockname: %s", strerror(ret));
+ return ret;
+ }
+ ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0);
+ if (ret) {
+ int save_errno = errno;
+
+ krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret));
+ return krb5_eai_to_heim_errno(ret, save_errno);
+ }
+
+ ret = krb5_sname_to_principal (context,
+ hostname,
+ sname,
+ type,
+ ret_princ);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/store-int.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/store-int.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/store-int.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef __store_int_h__
+#define __store_int_h__
+
+struct krb5_storage_data {
+ void *data;
+ ssize_t (*fetch)(struct krb5_storage_data*, void*, size_t);
+ ssize_t (*store)(struct krb5_storage_data*, const void*, size_t);
+ off_t (*seek)(struct krb5_storage_data*, off_t, int);
+ void (*free)(struct krb5_storage_data*);
+ krb5_flags flags;
+ int eof_code;
+};
+
+#endif /* __store_int_h__ */
Added: vendor-crypto/heimdal/dist/lib/krb5/store-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/store-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/store-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: store-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static void
+print_data(unsigned char *data, size_t len)
+{
+ int i;
+ for(i = 0; i < len; i++) {
+ if(i > 0 && (i % 16) == 0)
+ printf("\n ");
+ printf("%02x ", data[i]);
+ }
+ printf("\n");
+}
+
+static int
+compare(const char *name, krb5_storage *sp, void *expected, size_t len)
+{
+ int ret = 0;
+ krb5_data data;
+ krb5_storage_to_data(sp, &data);
+ krb5_storage_free(sp);
+ if(data.length != len || memcmp(data.data, expected, len) != 0) {
+ printf("%s mismatch\n", name);
+ printf(" Expected: ");
+ print_data(expected, len);
+ printf(" Actual: ");
+ print_data(data.data, data.length);
+ ret++;
+ }
+ krb5_data_free(&data);
+ return ret;
+}
+
+int
+main(int argc, char **argv)
+{
+ int nerr = 0;
+ krb5_storage *sp;
+ krb5_context context;
+ krb5_principal principal;
+
+
+ krb5_init_context(&context);
+
+ sp = krb5_storage_emem();
+ krb5_store_int32(sp, 0x01020304);
+ nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4);
+
+ sp = krb5_storage_emem();
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
+ krb5_store_int32(sp, 0x01020304);
+ nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4);
+
+ sp = krb5_storage_emem();
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+ krb5_store_int32(sp, 0x01020304);
+ nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4);
+
+ sp = krb5_storage_emem();
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
+ krb5_store_int32(sp, 0x01020304);
+ {
+ int test = 1;
+ void *data;
+ if(*(char*)&test)
+ data = "\x4\x3\x2\x1";
+ else
+ data = "\x1\x2\x3\x4";
+ nerr += compare("Integer (host)", sp, data, 4);
+ }
+
+ sp = krb5_storage_emem();
+ krb5_make_principal(context, &principal, "TEST", "foobar", NULL);
+ krb5_store_principal(sp, principal);
+ krb5_free_principal(context, principal);
+ nerr += compare("Principal", sp, "\x0\x0\x0\x1"
+ "\x0\x0\x0\x1"
+ "\x0\x0\x0\x4TEST"
+ "\x0\x0\x0\x6""foobar", 26);
+
+ krb5_free_context(context);
+
+ return nerr ? 1 : 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/store.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/store.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/store.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1035 @@
+/*
+ * Copyright (c) 1997-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include "store-int.h"
+
+RCSID("$Id: store.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
+#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
+#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE)
+#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \
+ krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER))
+
+void KRB5_LIB_FUNCTION
+krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
+{
+ sp->flags |= flags;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags)
+{
+ sp->flags &= ~flags;
+}
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags)
+{
+ return (sp->flags & flags) == flags;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder)
+{
+ sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK;
+ sp->flags |= byteorder;
+}
+
+krb5_flags KRB5_LIB_FUNCTION
+krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder)
+{
+ return sp->flags & KRB5_STORAGE_BYTEORDER_MASK;
+}
+
+off_t KRB5_LIB_FUNCTION
+krb5_storage_seek(krb5_storage *sp, off_t offset, int whence)
+{
+ return (*sp->seek)(sp, offset, whence);
+}
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_storage_read(krb5_storage *sp, void *buf, size_t len)
+{
+ return sp->fetch(sp, buf, len);
+}
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+krb5_storage_write(krb5_storage *sp, const void *buf, size_t len)
+{
+ return sp->store(sp, buf, len);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_storage_set_eof_code(krb5_storage *sp, int code)
+{
+ sp->eof_code = code;
+}
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+_krb5_put_int(void *buffer, unsigned long value, size_t size)
+{
+ unsigned char *p = buffer;
+ int i;
+ for (i = size - 1; i >= 0; i--) {
+ p[i] = value & 0xff;
+ value >>= 8;
+ }
+ return size;
+}
+
+krb5_ssize_t KRB5_LIB_FUNCTION
+_krb5_get_int(void *buffer, unsigned long *value, size_t size)
+{
+ unsigned char *p = buffer;
+ unsigned long v = 0;
+ int i;
+ for (i = 0; i < size; i++)
+ v = (v << 8) + p[i];
+ *value = v;
+ return size;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_storage_free(krb5_storage *sp)
+{
+ if(sp->free)
+ (*sp->free)(sp);
+ free(sp->data);
+ free(sp);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
+{
+ off_t pos;
+ size_t size;
+ krb5_error_code ret;
+
+ pos = sp->seek(sp, 0, SEEK_CUR);
+ size = (size_t)sp->seek(sp, 0, SEEK_END);
+ ret = krb5_data_alloc (data, size);
+ if (ret) {
+ sp->seek(sp, pos, SEEK_SET);
+ return ret;
+ }
+ if (size) {
+ sp->seek(sp, 0, SEEK_SET);
+ sp->fetch(sp, data->data, data->length);
+ sp->seek(sp, pos, SEEK_SET);
+ }
+ return 0;
+}
+
+static krb5_error_code
+krb5_store_int(krb5_storage *sp,
+ int32_t value,
+ size_t len)
+{
+ int ret;
+ unsigned char v[16];
+
+ if(len > sizeof(v))
+ return EINVAL;
+ _krb5_put_int(v, value, len);
+ ret = sp->store(sp, v, len);
+ if (ret != len)
+ return (ret<0)?errno:sp->eof_code;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_int32(krb5_storage *sp,
+ int32_t value)
+{
+ if(BYTEORDER_IS_HOST(sp))
+ value = htonl(value);
+ else if(BYTEORDER_IS_LE(sp))
+ value = bswap32(value);
+ return krb5_store_int(sp, value, 4);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_uint32(krb5_storage *sp,
+ uint32_t value)
+{
+ return krb5_store_int32(sp, (int32_t)value);
+}
+
+static krb5_error_code
+krb5_ret_int(krb5_storage *sp,
+ int32_t *value,
+ size_t len)
+{
+ int ret;
+ unsigned char v[4];
+ unsigned long w;
+ ret = sp->fetch(sp, v, len);
+ if(ret != len)
+ return (ret<0)?errno:sp->eof_code;
+ _krb5_get_int(v, &w, len);
+ *value = w;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_int32(krb5_storage *sp,
+ int32_t *value)
+{
+ krb5_error_code ret = krb5_ret_int(sp, value, 4);
+ if(ret)
+ return ret;
+ if(BYTEORDER_IS_HOST(sp))
+ *value = htonl(*value);
+ else if(BYTEORDER_IS_LE(sp))
+ *value = bswap32(*value);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_uint32(krb5_storage *sp,
+ uint32_t *value)
+{
+ krb5_error_code ret;
+ int32_t v;
+
+ ret = krb5_ret_int32(sp, &v);
+ if (ret == 0)
+ *value = (uint32_t)v;
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_int16(krb5_storage *sp,
+ int16_t value)
+{
+ if(BYTEORDER_IS_HOST(sp))
+ value = htons(value);
+ else if(BYTEORDER_IS_LE(sp))
+ value = bswap16(value);
+ return krb5_store_int(sp, value, 2);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_uint16(krb5_storage *sp,
+ uint16_t value)
+{
+ return krb5_store_int16(sp, (int16_t)value);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_int16(krb5_storage *sp,
+ int16_t *value)
+{
+ int32_t v;
+ int ret;
+ ret = krb5_ret_int(sp, &v, 2);
+ if(ret)
+ return ret;
+ *value = v;
+ if(BYTEORDER_IS_HOST(sp))
+ *value = htons(*value);
+ else if(BYTEORDER_IS_LE(sp))
+ *value = bswap16(*value);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_uint16(krb5_storage *sp,
+ uint16_t *value)
+{
+ krb5_error_code ret;
+ int16_t v;
+
+ ret = krb5_ret_int16(sp, &v);
+ if (ret == 0)
+ *value = (uint16_t)v;
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_int8(krb5_storage *sp,
+ int8_t value)
+{
+ int ret;
+
+ ret = sp->store(sp, &value, sizeof(value));
+ if (ret != sizeof(value))
+ return (ret<0)?errno:sp->eof_code;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_uint8(krb5_storage *sp,
+ uint8_t value)
+{
+ return krb5_store_int8(sp, (int8_t)value);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_int8(krb5_storage *sp,
+ int8_t *value)
+{
+ int ret;
+
+ ret = sp->fetch(sp, value, sizeof(*value));
+ if (ret != sizeof(*value))
+ return (ret<0)?errno:sp->eof_code;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_uint8(krb5_storage *sp,
+ uint8_t *value)
+{
+ krb5_error_code ret;
+ int8_t v;
+
+ ret = krb5_ret_int8(sp, &v);
+ if (ret == 0)
+ *value = (uint8_t)v;
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_data(krb5_storage *sp,
+ krb5_data data)
+{
+ int ret;
+ ret = krb5_store_int32(sp, data.length);
+ if(ret < 0)
+ return ret;
+ ret = sp->store(sp, data.data, data.length);
+ if(ret != data.length){
+ if(ret < 0)
+ return errno;
+ return sp->eof_code;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_data(krb5_storage *sp,
+ krb5_data *data)
+{
+ int ret;
+ int32_t size;
+
+ ret = krb5_ret_int32(sp, &size);
+ if(ret)
+ return ret;
+ ret = krb5_data_alloc (data, size);
+ if (ret)
+ return ret;
+ if (size) {
+ ret = sp->fetch(sp, data->data, size);
+ if(ret != size)
+ return (ret < 0)? errno : sp->eof_code;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_string(krb5_storage *sp, const char *s)
+{
+ krb5_data data;
+ data.length = strlen(s);
+ data.data = rk_UNCONST(s);
+ return krb5_store_data(sp, data);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_string(krb5_storage *sp,
+ char **string)
+{
+ int ret;
+ krb5_data data;
+ ret = krb5_ret_data(sp, &data);
+ if(ret)
+ return ret;
+ *string = realloc(data.data, data.length + 1);
+ if(*string == NULL){
+ free(data.data);
+ return ENOMEM;
+ }
+ (*string)[data.length] = 0;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_stringz(krb5_storage *sp, const char *s)
+{
+ size_t len = strlen(s) + 1;
+ ssize_t ret;
+
+ ret = sp->store(sp, s, len);
+ if(ret != len) {
+ if(ret < 0)
+ return ret;
+ else
+ return sp->eof_code;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_stringz(krb5_storage *sp,
+ char **string)
+{
+ char c;
+ char *s = NULL;
+ size_t len = 0;
+ ssize_t ret;
+
+ while((ret = sp->fetch(sp, &c, 1)) == 1){
+ char *tmp;
+
+ len++;
+ tmp = realloc (s, len);
+ if (tmp == NULL) {
+ free (s);
+ return ENOMEM;
+ }
+ s = tmp;
+ s[len - 1] = c;
+ if(c == 0)
+ break;
+ }
+ if(ret != 1){
+ free(s);
+ if(ret == 0)
+ return sp->eof_code;
+ return ret;
+ }
+ *string = s;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_stringnl(krb5_storage *sp, const char *s)
+{
+ size_t len = strlen(s);
+ ssize_t ret;
+
+ ret = sp->store(sp, s, len);
+ if(ret != len) {
+ if(ret < 0)
+ return ret;
+ else
+ return sp->eof_code;
+ }
+ ret = sp->store(sp, "\n", 1);
+ if(ret != 1) {
+ if(ret < 0)
+ return ret;
+ else
+ return sp->eof_code;
+ }
+
+ return 0;
+
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_stringnl(krb5_storage *sp,
+ char **string)
+{
+ int expect_nl = 0;
+ char c;
+ char *s = NULL;
+ size_t len = 0;
+ ssize_t ret;
+
+ while((ret = sp->fetch(sp, &c, 1)) == 1){
+ char *tmp;
+
+ if (c == '\r') {
+ expect_nl = 1;
+ continue;
+ }
+ if (expect_nl && c != '\n') {
+ free(s);
+ return KRB5_BADMSGTYPE;
+ }
+
+ len++;
+ tmp = realloc (s, len);
+ if (tmp == NULL) {
+ free (s);
+ return ENOMEM;
+ }
+ s = tmp;
+ if(c == '\n') {
+ s[len - 1] = '\0';
+ break;
+ }
+ s[len - 1] = c;
+ }
+ if(ret != 1){
+ free(s);
+ if(ret == 0)
+ return sp->eof_code;
+ return ret;
+ }
+ *string = s;
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_principal(krb5_storage *sp,
+ krb5_const_principal p)
+{
+ int i;
+ int ret;
+
+ if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) {
+ ret = krb5_store_int32(sp, p->name.name_type);
+ if(ret) return ret;
+ }
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
+ ret = krb5_store_int32(sp, p->name.name_string.len + 1);
+ else
+ ret = krb5_store_int32(sp, p->name.name_string.len);
+
+ if(ret) return ret;
+ ret = krb5_store_string(sp, p->realm);
+ if(ret) return ret;
+ for(i = 0; i < p->name.name_string.len; i++){
+ ret = krb5_store_string(sp, p->name.name_string.val[i]);
+ if(ret) return ret;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_principal(krb5_storage *sp,
+ krb5_principal *princ)
+{
+ int i;
+ int ret;
+ krb5_principal p;
+ int32_t type;
+ int32_t ncomp;
+
+ p = calloc(1, sizeof(*p));
+ if(p == NULL)
+ return ENOMEM;
+
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
+ type = KRB5_NT_UNKNOWN;
+ else if((ret = krb5_ret_int32(sp, &type))){
+ free(p);
+ return ret;
+ }
+ if((ret = krb5_ret_int32(sp, &ncomp))){
+ free(p);
+ return ret;
+ }
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
+ ncomp--;
+ if (ncomp < 0) {
+ free(p);
+ return EINVAL;
+ }
+ p->name.name_type = type;
+ p->name.name_string.len = ncomp;
+ ret = krb5_ret_string(sp, &p->realm);
+ if(ret) {
+ free(p);
+ return ret;
+ }
+ p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
+ if(p->name.name_string.val == NULL && ncomp != 0){
+ free(p->realm);
+ free(p);
+ return ENOMEM;
+ }
+ for(i = 0; i < ncomp; i++){
+ ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
+ if(ret) {
+ while (i >= 0)
+ free(p->name.name_string.val[i--]);
+ free(p->realm);
+ free(p);
+ return ret;
+ }
+ }
+ *princ = p;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p)
+{
+ int ret;
+ ret = krb5_store_int16(sp, p.keytype);
+ if(ret) return ret;
+
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
+ /* this should really be enctype, but it is the same as
+ keytype nowadays */
+ ret = krb5_store_int16(sp, p.keytype);
+ if(ret) return ret;
+ }
+
+ ret = krb5_store_data(sp, p.keyvalue);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p)
+{
+ int ret;
+ int16_t tmp;
+
+ ret = krb5_ret_int16(sp, &tmp);
+ if(ret) return ret;
+ p->keytype = tmp;
+
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){
+ ret = krb5_ret_int16(sp, &tmp);
+ if(ret) return ret;
+ }
+
+ ret = krb5_ret_data(sp, &p->keyvalue);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_times(krb5_storage *sp, krb5_times times)
+{
+ int ret;
+ ret = krb5_store_int32(sp, times.authtime);
+ if(ret) return ret;
+ ret = krb5_store_int32(sp, times.starttime);
+ if(ret) return ret;
+ ret = krb5_store_int32(sp, times.endtime);
+ if(ret) return ret;
+ ret = krb5_store_int32(sp, times.renew_till);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_times(krb5_storage *sp, krb5_times *times)
+{
+ int ret;
+ int32_t tmp;
+ ret = krb5_ret_int32(sp, &tmp);
+ times->authtime = tmp;
+ if(ret) return ret;
+ ret = krb5_ret_int32(sp, &tmp);
+ times->starttime = tmp;
+ if(ret) return ret;
+ ret = krb5_ret_int32(sp, &tmp);
+ times->endtime = tmp;
+ if(ret) return ret;
+ ret = krb5_ret_int32(sp, &tmp);
+ times->renew_till = tmp;
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_address(krb5_storage *sp, krb5_address p)
+{
+ int ret;
+ ret = krb5_store_int16(sp, p.addr_type);
+ if(ret) return ret;
+ ret = krb5_store_data(sp, p.address);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_address(krb5_storage *sp, krb5_address *adr)
+{
+ int16_t t;
+ int ret;
+ ret = krb5_ret_int16(sp, &t);
+ if(ret) return ret;
+ adr->addr_type = t;
+ ret = krb5_ret_data(sp, &adr->address);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_addrs(krb5_storage *sp, krb5_addresses p)
+{
+ int i;
+ int ret;
+ ret = krb5_store_int32(sp, p.len);
+ if(ret) return ret;
+ for(i = 0; i<p.len; i++){
+ ret = krb5_store_address(sp, p.val[i]);
+ if(ret) break;
+ }
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr)
+{
+ int i;
+ int ret;
+ int32_t tmp;
+
+ ret = krb5_ret_int32(sp, &tmp);
+ if(ret) return ret;
+ adr->len = tmp;
+ ALLOC(adr->val, adr->len);
+ if (adr->val == NULL && adr->len != 0)
+ return ENOMEM;
+ for(i = 0; i < adr->len; i++){
+ ret = krb5_ret_address(sp, &adr->val[i]);
+ if(ret) break;
+ }
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_authdata(krb5_storage *sp, krb5_authdata auth)
+{
+ krb5_error_code ret;
+ int i;
+ ret = krb5_store_int32(sp, auth.len);
+ if(ret) return ret;
+ for(i = 0; i < auth.len; i++){
+ ret = krb5_store_int16(sp, auth.val[i].ad_type);
+ if(ret) break;
+ ret = krb5_store_data(sp, auth.val[i].ad_data);
+ if(ret) break;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
+{
+ krb5_error_code ret;
+ int32_t tmp;
+ int16_t tmp2;
+ int i;
+ ret = krb5_ret_int32(sp, &tmp);
+ if(ret) return ret;
+ ALLOC_SEQ(auth, tmp);
+ if (auth->val == NULL && tmp != 0)
+ return ENOMEM;
+ for(i = 0; i < tmp; i++){
+ ret = krb5_ret_int16(sp, &tmp2);
+ if(ret) break;
+ auth->val[i].ad_type = tmp2;
+ ret = krb5_ret_data(sp, &auth->val[i].ad_data);
+ if(ret) break;
+ }
+ return ret;
+}
+
+static int32_t
+bitswap32(int32_t b)
+{
+ int32_t r = 0;
+ int i;
+ for (i = 0; i < 32; i++) {
+ r = r << 1 | (b & 1);
+ b = b >> 1;
+ }
+ return r;
+}
+
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
+{
+ int ret;
+
+ ret = krb5_store_principal(sp, creds->client);
+ if(ret)
+ return ret;
+ ret = krb5_store_principal(sp, creds->server);
+ if(ret)
+ return ret;
+ ret = krb5_store_keyblock(sp, creds->session);
+ if(ret)
+ return ret;
+ ret = krb5_store_times(sp, creds->times);
+ if(ret)
+ return ret;
+ ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
+ if(ret)
+ return ret;
+
+ if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER))
+ ret = krb5_store_int32(sp, creds->flags.i);
+ else
+ ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
+ if(ret)
+ return ret;
+
+ ret = krb5_store_addrs(sp, creds->addresses);
+ if(ret)
+ return ret;
+ ret = krb5_store_authdata(sp, creds->authdata);
+ if(ret)
+ return ret;
+ ret = krb5_store_data(sp, creds->ticket);
+ if(ret)
+ return ret;
+ ret = krb5_store_data(sp, creds->second_ticket);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
+{
+ krb5_error_code ret;
+ int8_t dummy8;
+ int32_t dummy32;
+
+ memset(creds, 0, sizeof(*creds));
+ ret = krb5_ret_principal (sp, &creds->client);
+ if(ret) goto cleanup;
+ ret = krb5_ret_principal (sp, &creds->server);
+ if(ret) goto cleanup;
+ ret = krb5_ret_keyblock (sp, &creds->session);
+ if(ret) goto cleanup;
+ ret = krb5_ret_times (sp, &creds->times);
+ if(ret) goto cleanup;
+ ret = krb5_ret_int8 (sp, &dummy8);
+ if(ret) goto cleanup;
+ ret = krb5_ret_int32 (sp, &dummy32);
+ if(ret) goto cleanup;
+ /*
+ * Runtime detect the what is the higher bits of the bitfield. If
+ * any of the higher bits are set in the input data, it's either a
+ * new ticket flag (and this code need to be removed), or it's a
+ * MIT cache (or new Heimdal cache), lets change it to our current
+ * format.
+ */
+ {
+ uint32_t mask = 0xffff0000;
+ creds->flags.i = 0;
+ creds->flags.b.anonymous = 1;
+ if (creds->flags.i & mask)
+ mask = ~mask;
+ if (dummy32 & mask)
+ dummy32 = bitswap32(dummy32);
+ }
+ creds->flags.i = dummy32;
+ ret = krb5_ret_addrs (sp, &creds->addresses);
+ if(ret) goto cleanup;
+ ret = krb5_ret_authdata (sp, &creds->authdata);
+ if(ret) goto cleanup;
+ ret = krb5_ret_data (sp, &creds->ticket);
+ if(ret) goto cleanup;
+ ret = krb5_ret_data (sp, &creds->second_ticket);
+cleanup:
+ if(ret) {
+#if 0
+ krb5_free_cred_contents(context, creds); /* XXX */
+#endif
+ }
+ return ret;
+}
+
+#define SC_CLIENT_PRINCIPAL 0x0001
+#define SC_SERVER_PRINCIPAL 0x0002
+#define SC_SESSION_KEY 0x0004
+#define SC_TICKET 0x0008
+#define SC_SECOND_TICKET 0x0010
+#define SC_AUTHDATA 0x0020
+#define SC_ADDRESSES 0x0040
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds)
+{
+ int ret;
+ int32_t header = 0;
+
+ if (creds->client)
+ header |= SC_CLIENT_PRINCIPAL;
+ if (creds->server)
+ header |= SC_SERVER_PRINCIPAL;
+ if (creds->session.keytype != ETYPE_NULL)
+ header |= SC_SESSION_KEY;
+ if (creds->ticket.data)
+ header |= SC_TICKET;
+ if (creds->second_ticket.length)
+ header |= SC_SECOND_TICKET;
+ if (creds->authdata.len)
+ header |= SC_AUTHDATA;
+ if (creds->addresses.len)
+ header |= SC_ADDRESSES;
+
+ ret = krb5_store_int32(sp, header);
+
+ if (creds->client) {
+ ret = krb5_store_principal(sp, creds->client);
+ if(ret)
+ return ret;
+ }
+
+ if (creds->server) {
+ ret = krb5_store_principal(sp, creds->server);
+ if(ret)
+ return ret;
+ }
+
+ if (creds->session.keytype != ETYPE_NULL) {
+ ret = krb5_store_keyblock(sp, creds->session);
+ if(ret)
+ return ret;
+ }
+
+ ret = krb5_store_times(sp, creds->times);
+ if(ret)
+ return ret;
+ ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */
+ if(ret)
+ return ret;
+
+ ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b)));
+ if(ret)
+ return ret;
+
+ if (creds->addresses.len) {
+ ret = krb5_store_addrs(sp, creds->addresses);
+ if(ret)
+ return ret;
+ }
+
+ if (creds->authdata.len) {
+ ret = krb5_store_authdata(sp, creds->authdata);
+ if(ret)
+ return ret;
+ }
+
+ if (creds->ticket.data) {
+ ret = krb5_store_data(sp, creds->ticket);
+ if(ret)
+ return ret;
+ }
+
+ if (creds->second_ticket.data) {
+ ret = krb5_store_data(sp, creds->second_ticket);
+ if (ret)
+ return ret;
+ }
+
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ret_creds_tag(krb5_storage *sp,
+ krb5_creds *creds)
+{
+ krb5_error_code ret;
+ int8_t dummy8;
+ int32_t dummy32, header;
+
+ memset(creds, 0, sizeof(*creds));
+
+ ret = krb5_ret_int32 (sp, &header);
+ if (ret) goto cleanup;
+
+ if (header & SC_CLIENT_PRINCIPAL) {
+ ret = krb5_ret_principal (sp, &creds->client);
+ if(ret) goto cleanup;
+ }
+ if (header & SC_SERVER_PRINCIPAL) {
+ ret = krb5_ret_principal (sp, &creds->server);
+ if(ret) goto cleanup;
+ }
+ if (header & SC_SESSION_KEY) {
+ ret = krb5_ret_keyblock (sp, &creds->session);
+ if(ret) goto cleanup;
+ }
+ ret = krb5_ret_times (sp, &creds->times);
+ if(ret) goto cleanup;
+ ret = krb5_ret_int8 (sp, &dummy8);
+ if(ret) goto cleanup;
+ ret = krb5_ret_int32 (sp, &dummy32);
+ if(ret) goto cleanup;
+ /*
+ * Runtime detect the what is the higher bits of the bitfield. If
+ * any of the higher bits are set in the input data, it's either a
+ * new ticket flag (and this code need to be removed), or it's a
+ * MIT cache (or new Heimdal cache), lets change it to our current
+ * format.
+ */
+ {
+ uint32_t mask = 0xffff0000;
+ creds->flags.i = 0;
+ creds->flags.b.anonymous = 1;
+ if (creds->flags.i & mask)
+ mask = ~mask;
+ if (dummy32 & mask)
+ dummy32 = bitswap32(dummy32);
+ }
+ creds->flags.i = dummy32;
+ if (header & SC_ADDRESSES) {
+ ret = krb5_ret_addrs (sp, &creds->addresses);
+ if(ret) goto cleanup;
+ }
+ if (header & SC_AUTHDATA) {
+ ret = krb5_ret_authdata (sp, &creds->authdata);
+ if(ret) goto cleanup;
+ }
+ if (header & SC_TICKET) {
+ ret = krb5_ret_data (sp, &creds->ticket);
+ if(ret) goto cleanup;
+ }
+ if (header & SC_SECOND_TICKET) {
+ ret = krb5_ret_data (sp, &creds->second_ticket);
+ if(ret) goto cleanup;
+ }
+
+cleanup:
+ if(ret) {
+#if 0
+ krb5_free_cred_contents(context, creds); /* XXX */
+#endif
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/store_emem.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/store_emem.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/store_emem.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include "store-int.h"
+
+RCSID("$Id: store_emem.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+typedef struct emem_storage{
+ unsigned char *base;
+ size_t size;
+ size_t len;
+ unsigned char *ptr;
+}emem_storage;
+
+static ssize_t
+emem_fetch(krb5_storage *sp, void *data, size_t size)
+{
+ emem_storage *s = (emem_storage*)sp->data;
+ if(s->base + s->len - s->ptr < size)
+ size = s->base + s->len - s->ptr;
+ memmove(data, s->ptr, size);
+ sp->seek(sp, size, SEEK_CUR);
+ return size;
+}
+
+static ssize_t
+emem_store(krb5_storage *sp, const void *data, size_t size)
+{
+ emem_storage *s = (emem_storage*)sp->data;
+ if(size > s->base + s->size - s->ptr){
+ void *base;
+ size_t sz, off;
+ off = s->ptr - s->base;
+ sz = off + size;
+ if (sz < 4096)
+ sz *= 2;
+ base = realloc(s->base, sz);
+ if(base == NULL)
+ return 0;
+ s->size = sz;
+ s->base = base;
+ s->ptr = (unsigned char*)base + off;
+ }
+ memmove(s->ptr, data, size);
+ sp->seek(sp, size, SEEK_CUR);
+ return size;
+}
+
+static off_t
+emem_seek(krb5_storage *sp, off_t offset, int whence)
+{
+ emem_storage *s = (emem_storage*)sp->data;
+ switch(whence){
+ case SEEK_SET:
+ if(offset > s->size)
+ offset = s->size;
+ if(offset < 0)
+ offset = 0;
+ s->ptr = s->base + offset;
+ if(offset > s->len)
+ s->len = offset;
+ break;
+ case SEEK_CUR:
+ sp->seek(sp,s->ptr - s->base + offset, SEEK_SET);
+ break;
+ case SEEK_END:
+ sp->seek(sp, s->len + offset, SEEK_SET);
+ break;
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+ return s->ptr - s->base;
+}
+
+static void
+emem_free(krb5_storage *sp)
+{
+ emem_storage *s = sp->data;
+ memset(s->base, 0, s->len);
+ free(s->base);
+}
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_emem(void)
+{
+ krb5_storage *sp = malloc(sizeof(krb5_storage));
+ if (sp == NULL)
+ return NULL;
+ emem_storage *s = malloc(sizeof(*s));
+ if (s == NULL) {
+ free(sp);
+ return NULL;
+ }
+ sp->data = s;
+ sp->flags = 0;
+ sp->eof_code = HEIM_ERR_EOF;
+ s->size = 1024;
+ s->base = malloc(s->size);
+ if (s->base == NULL) {
+ free(sp);
+ free(s);
+ return NULL;
+ }
+ s->len = 0;
+ s->ptr = s->base;
+ sp->fetch = emem_fetch;
+ sp->store = emem_store;
+ sp->seek = emem_seek;
+ sp->free = emem_free;
+ return sp;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/store_fd.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/store_fd.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/store_fd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include "store-int.h"
+
+RCSID("$Id: store_fd.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+typedef struct fd_storage {
+ int fd;
+} fd_storage;
+
+#define FD(S) (((fd_storage*)(S)->data)->fd)
+
+static ssize_t
+fd_fetch(krb5_storage * sp, void *data, size_t size)
+{
+ return net_read(FD(sp), data, size);
+}
+
+static ssize_t
+fd_store(krb5_storage * sp, const void *data, size_t size)
+{
+ return net_write(FD(sp), data, size);
+}
+
+static off_t
+fd_seek(krb5_storage * sp, off_t offset, int whence)
+{
+ return lseek(FD(sp), offset, whence);
+}
+
+static void
+fd_free(krb5_storage * sp)
+{
+ close(FD(sp));
+}
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_fd(int fd)
+{
+ krb5_storage *sp;
+
+ fd = dup(fd);
+ if (fd < 0)
+ return NULL;
+
+ sp = malloc(sizeof(krb5_storage));
+ if (sp == NULL) {
+ close(fd);
+ return NULL;
+ }
+
+ sp->data = malloc(sizeof(fd_storage));
+ if (sp->data == NULL) {
+ close(fd);
+ free(sp);
+ return NULL;
+ }
+ sp->flags = 0;
+ sp->eof_code = HEIM_ERR_EOF;
+ FD(sp) = fd;
+ sp->fetch = fd_fetch;
+ sp->store = fd_store;
+ sp->seek = fd_seek;
+ sp->free = fd_free;
+ return sp;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/store_mem.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/store_mem.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/store_mem.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include "store-int.h"
+
+RCSID("$Id: store_mem.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+typedef struct mem_storage{
+ unsigned char *base;
+ size_t size;
+ unsigned char *ptr;
+}mem_storage;
+
+static ssize_t
+mem_fetch(krb5_storage *sp, void *data, size_t size)
+{
+ mem_storage *s = (mem_storage*)sp->data;
+ if(size > s->base + s->size - s->ptr)
+ size = s->base + s->size - s->ptr;
+ memmove(data, s->ptr, size);
+ sp->seek(sp, size, SEEK_CUR);
+ return size;
+}
+
+static ssize_t
+mem_store(krb5_storage *sp, const void *data, size_t size)
+{
+ mem_storage *s = (mem_storage*)sp->data;
+ if(size > s->base + s->size - s->ptr)
+ size = s->base + s->size - s->ptr;
+ memmove(s->ptr, data, size);
+ sp->seek(sp, size, SEEK_CUR);
+ return size;
+}
+
+static ssize_t
+mem_no_store(krb5_storage *sp, const void *data, size_t size)
+{
+ return -1;
+}
+
+static off_t
+mem_seek(krb5_storage *sp, off_t offset, int whence)
+{
+ mem_storage *s = (mem_storage*)sp->data;
+ switch(whence){
+ case SEEK_SET:
+ if(offset > s->size)
+ offset = s->size;
+ if(offset < 0)
+ offset = 0;
+ s->ptr = s->base + offset;
+ break;
+ case SEEK_CUR:
+ return sp->seek(sp, s->ptr - s->base + offset, SEEK_SET);
+ case SEEK_END:
+ return sp->seek(sp, s->size + offset, SEEK_SET);
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+ return s->ptr - s->base;
+}
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_mem(void *buf, size_t len)
+{
+ krb5_storage *sp = malloc(sizeof(krb5_storage));
+ mem_storage *s;
+ if(sp == NULL)
+ return NULL;
+ s = malloc(sizeof(*s));
+ if(s == NULL) {
+ free(sp);
+ return NULL;
+ }
+ sp->data = s;
+ sp->flags = 0;
+ sp->eof_code = HEIM_ERR_EOF;
+ s->base = buf;
+ s->size = len;
+ s->ptr = buf;
+ sp->fetch = mem_fetch;
+ sp->store = mem_store;
+ sp->seek = mem_seek;
+ sp->free = NULL;
+ return sp;
+}
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_data(krb5_data *data)
+{
+ return krb5_storage_from_mem(data->data, data->length);
+}
+
+krb5_storage * KRB5_LIB_FUNCTION
+krb5_storage_from_readonly_mem(const void *buf, size_t len)
+{
+ krb5_storage *sp = malloc(sizeof(krb5_storage));
+ mem_storage *s;
+ if(sp == NULL)
+ return NULL;
+ s = malloc(sizeof(*s));
+ if(s == NULL) {
+ free(sp);
+ return NULL;
+ }
+ sp->data = s;
+ sp->flags = 0;
+ sp->eof_code = HEIM_ERR_EOF;
+ s->base = rk_UNCONST(buf);
+ s->size = len;
+ s->ptr = rk_UNCONST(buf);
+ sp->fetch = mem_fetch;
+ sp->store = mem_no_store;
+ sp->seek = mem_seek;
+ sp->free = NULL;
+ return sp;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/string-to-key-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/string-to-key-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/string-to-key-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: string-to-key-test.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+enum { MAXSIZE = 24 };
+
+static struct testcase {
+ const char *principal_name;
+ const char *password;
+ krb5_enctype enctype;
+ unsigned char res[MAXSIZE];
+} tests[] = {
+ {"@", "", ETYPE_DES_CBC_MD5,
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}},
+ {"nisse at FOO.SE", "hej", ETYPE_DES_CBC_MD5,
+ {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}},
+ {"assar/liten at FOO.SE", "hemligt", ETYPE_DES_CBC_MD5,
+ {0x5b, 0x9b, 0xcb, 0xf2, 0x97, 0x43, 0xc8, 0x40}},
+#if 0
+ {"@", "", ETYPE_DES3_CBC_SHA1,
+ {0xce, 0xa2, 0x2f, 0x9b, 0x52, 0x2c, 0xb0, 0x15, 0x6e, 0x6b, 0x64,
+ 0x73, 0x62, 0x64, 0x73, 0x4f, 0x6e, 0x73, 0xce, 0xa2, 0x2f, 0x9b,
+ 0x52, 0x57}},
+#endif
+ {"nisse at FOO.SE", "hej", ETYPE_DES3_CBC_SHA1,
+ {0x0e, 0xbc, 0x23, 0x9d, 0x68, 0x46, 0xf2, 0xd5, 0x51, 0x98, 0x5b,
+ 0x57, 0xc1, 0x57, 0x01, 0x79, 0x04, 0xc4, 0xe9, 0xfe, 0xc1, 0x0e,
+ 0x13, 0xd0}},
+ {"assar/liten at FOO.SE", "hemligt", ETYPE_DES3_CBC_SHA1,
+ {0x7f, 0x40, 0x67, 0xb9, 0xbc, 0xc4, 0x40, 0xfb, 0x43, 0x73, 0xd9,
+ 0xd3, 0xcd, 0x7c, 0xc7, 0x67, 0xe6, 0x79, 0x94, 0xd0, 0xa8, 0x34,
+ 0xdf, 0x62}},
+ {"does/not at MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5,
+ {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe,
+ 0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}},
+ {"raeburn at ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5,
+ {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}},
+ {"danny at WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5,
+ {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}},
+ {"buckaroo at EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5,
+ {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}},
+ {"Juri\xc5\xa1i\xc4\x87 at ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5,
+ {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}},
+ {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5,
+ {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}},
+ {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5,
+ {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}},
+ {"raeburn at ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1,
+ {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}},
+ {"danny at WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1,
+ {0xdf, 0xcd, 0x23, 0x3d, 0xd0, 0xa4, 0x32, 0x04, 0xea, 0x6d, 0xc4, 0x37, 0xfb, 0x15, 0xe0, 0x61, 0xb0, 0x29, 0x79, 0xc1, 0xf7, 0x4f, 0x37, 0x7a}},
+ {"buckaroo at EXAMPLE.COM", "penny", ETYPE_DES3_CBC_SHA1,
+ {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}},
+ {"Juri\xc5\xa1i\xc4\x87 at ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1,
+ {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}},
+ {NULL}
+};
+
+int
+main(int argc, char **argv)
+{
+ struct testcase *t;
+ krb5_context context;
+ krb5_error_code ret;
+ int val = 0;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ /* to enable realm-less principal name above */
+
+ krb5_set_default_realm(context, "");
+
+ for (t = tests; t->principal_name; ++t) {
+ krb5_keyblock key;
+ krb5_principal principal;
+ int i;
+
+ ret = krb5_parse_name (context, t->principal_name, &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_parse_name %s",
+ t->principal_name);
+ ret = krb5_string_to_key (context, t->enctype, t->password,
+ principal, &key);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_string_to_key");
+ krb5_free_principal (context, principal);
+ if (memcmp (key.keyvalue.data, t->res, key.keyvalue.length) != 0) {
+ const unsigned char *p = key.keyvalue.data;
+
+ printf ("string_to_key(%s, %s) failed\n",
+ t->principal_name, t->password);
+ printf ("should be: ");
+ for (i = 0; i < key.keyvalue.length; ++i)
+ printf ("%02x", t->res[i]);
+ printf ("\nresult was: ");
+ for (i = 0; i < key.keyvalue.length; ++i)
+ printf ("%02x", p[i]);
+ printf ("\n");
+ val = 1;
+ }
+ krb5_free_keyblock_contents(context, &key);
+ }
+ krb5_free_context(context);
+ return val;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_acl.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_acl.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_acl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_acl.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+#define RETVAL(c, r, e, s) \
+ do { if (r != e) krb5_errx(c, 1, "%s", s); } while (0)
+#define STRINGMATCH(c, s, _s1, _s2) \
+ do { \
+ if (_s1 == NULL || _s2 == NULL) \
+ krb5_errx(c, 1, "s1 or s2 is NULL"); \
+ if (strcmp(_s1,_s2) != 0) \
+ krb5_errx(c, 1, "%s", s); \
+ } while (0)
+
+static void
+test_match_string(krb5_context context)
+{
+ krb5_error_code ret;
+ char *s1, *s2;
+
+ ret = krb5_acl_match_string(context, "foo", "s", "foo");
+ RETVAL(context, ret, 0, "single s");
+ ret = krb5_acl_match_string(context, "foo foo", "s", "foo");
+ RETVAL(context, ret, EACCES, "too many strings");
+ ret = krb5_acl_match_string(context, "foo bar", "ss", "foo", "bar");
+ RETVAL(context, ret, 0, "two strings");
+ ret = krb5_acl_match_string(context, "foo bar", "ss", "foo", "bar");
+ RETVAL(context, ret, 0, "two strings double space");
+ ret = krb5_acl_match_string(context, "foo \tbar", "ss", "foo", "bar");
+ RETVAL(context, ret, 0, "two strings space + tab");
+ ret = krb5_acl_match_string(context, "foo", "ss", "foo", "bar");
+ RETVAL(context, ret, EACCES, "one string, two format strings");
+ ret = krb5_acl_match_string(context, "foo", "ss", "foo", "foo");
+ RETVAL(context, ret, EACCES, "one string, two format strings (same)");
+ ret = krb5_acl_match_string(context, "foo \t", "s", "foo");
+ RETVAL(context, ret, 0, "ending space");
+
+ ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/bar");
+ RETVAL(context, ret, 0, "liternal fnmatch");
+ ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/*");
+ RETVAL(context, ret, 0, "foo/*");
+ ret = krb5_acl_match_string(context, "foo/bar/baz", "f", "foo/*/baz");
+ RETVAL(context, ret, 0, "foo/*/baz");
+
+ ret = krb5_acl_match_string(context, "foo", "r", &s1);
+ RETVAL(context, ret, 0, "ret 1");
+ STRINGMATCH(context, "ret 1 match", s1, "foo"); free(s1);
+
+ ret = krb5_acl_match_string(context, "foo bar", "rr", &s1, &s2);
+ RETVAL(context, ret, 0, "ret 2");
+ STRINGMATCH(context, "ret 2 match 1", s1, "foo"); free(s1);
+ STRINGMATCH(context, "ret 2 match 2", s2, "bar"); free(s2);
+
+ ret = krb5_acl_match_string(context, "foo bar", "sr", "bar", &s1);
+ RETVAL(context, ret, EACCES, "ret mismatch");
+ if (s1 != NULL) krb5_errx(context, 1, "s1 not NULL");
+
+ ret = krb5_acl_match_string(context, "foo", "l", "foo");
+ RETVAL(context, ret, EINVAL, "unknown letter");
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ test_match_string(context);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_addr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_addr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_addr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_addr.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+print_addr(krb5_context context, const char *addr)
+{
+ krb5_addresses addresses;
+ krb5_error_code ret;
+ char buf[38];
+ char buf2[1000];
+ size_t len;
+ int i;
+
+ ret = krb5_parse_address(context, addr, &addresses);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_address");
+
+ if (addresses.len < 1)
+ krb5_err(context, 1, ret, "too few addresses");
+
+ for (i = 0; i < addresses.len; i++) {
+ krb5_print_address(&addresses.val[i], buf, sizeof(buf), &len);
+#if 0
+ printf("addr %d: %s (%d/%d)\n", i, buf, (int)len, (int)strlen(buf));
+#endif
+ if (strlen(buf) > sizeof(buf))
+ abort();
+ krb5_print_address(&addresses.val[i], buf2, sizeof(buf2), &len);
+#if 0
+ printf("addr %d: %s (%d/%d)\n", i, buf2, (int)len, (int)strlen(buf2));
+#endif
+ if (strlen(buf2) > sizeof(buf2))
+ abort();
+
+ }
+ krb5_free_addresses(context, &addresses);
+
+}
+
+static void
+truncated_addr(krb5_context context, const char *addr,
+ size_t truncate_len, size_t outlen)
+{
+ krb5_addresses addresses;
+ krb5_error_code ret;
+ char *buf;
+ size_t len;
+
+ buf = ecalloc(1, outlen + 1);
+
+ ret = krb5_parse_address(context, addr, &addresses);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_address");
+
+ if (addresses.len != 1)
+ krb5_err(context, 1, ret, "addresses should be one");
+
+ krb5_print_address(&addresses.val[0], buf, truncate_len, &len);
+
+#if 0
+ printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf));
+#endif
+
+ if (truncate_len > strlen(buf) + 1)
+ abort();
+ if (outlen != len)
+ abort();
+
+ krb5_print_address(&addresses.val[0], buf, outlen + 1, &len);
+
+#if 0
+ printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf));
+#endif
+
+ if (len != outlen)
+ abort();
+ if (strlen(buf) != len)
+ abort();
+
+ krb5_free_addresses(context, &addresses);
+ free(buf);
+}
+
+static void
+check_truncation(krb5_context context, const char *addr)
+{
+ int i, len = strlen(addr);
+
+ for (i = 0; i < len; i++)
+ truncated_addr(context, addr, i, len);
+}
+
+static void
+match_addr(krb5_context context, const char *range_addr,
+ const char *one_addr, int match)
+{
+ krb5_addresses range, one;
+ krb5_error_code ret;
+
+ ret = krb5_parse_address(context, range_addr, &range);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_address");
+
+ if (range.len != 1)
+ krb5_err(context, 1, ret, "wrong num of addresses");
+
+ ret = krb5_parse_address(context, one_addr, &one);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_address");
+
+ if (one.len != 1)
+ krb5_err(context, 1, ret, "wrong num of addresses");
+
+ if (krb5_address_order(context, &range.val[0], &one.val[0]) == 0) {
+ if (!match)
+ krb5_errx(context, 1, "match when one shouldn't be");
+ } else {
+ if (match)
+ krb5_errx(context, 1, "no match when one should be");
+ }
+
+ krb5_free_addresses(context, &range);
+ krb5_free_addresses(context, &one);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ print_addr(context, "RANGE:127.0.0.0/8");
+ print_addr(context, "RANGE:127.0.0.0/24");
+ print_addr(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255");
+ print_addr(context, "RANGE:130.237.237.4/29");
+#ifdef HAVE_IPV6
+ print_addr(context, "RANGE:fe80::209:6bff:fea0:e522/64");
+ print_addr(context, "RANGE:IPv6:fe80::209:6bff:fea0:e522/64");
+ print_addr(context, "RANGE:IPv6:fe80::-IPv6:fe80::ffff:ffff:ffff:ffff");
+ print_addr(context, "RANGE:fe80::-fe80::ffff:ffff:ffff:ffff");
+#endif
+
+ check_truncation(context, "IPv4:127.0.0.0");
+ check_truncation(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255");
+#ifdef HAVE_IPV6
+ check_truncation(context, "IPv6:::1");
+ check_truncation(context, "IPv6:fe80::ffff:ffff:ffff:ffff");
+#endif
+
+ match_addr(context, "RANGE:127.0.0.0/8", "inet:127.0.0.0", 1);
+ match_addr(context, "RANGE:127.0.0.0/8", "inet:127.255.255.255", 1);
+ match_addr(context, "RANGE:127.0.0.0/8", "inet:128.0.0.0", 0);
+
+ match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.7", 0);
+ match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.8", 1);
+ match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.15", 1);
+ match_addr(context, "RANGE:130.237.237.8/29", "inet:130.237.237.16", 0);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_alname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_alname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_alname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <getarg.h>
+#include <err.h>
+
+RCSID("$Id: test_alname.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+test_alname(krb5_context context, krb5_const_realm realm,
+ const char *user, const char *inst,
+ const char *localuser, int ok)
+{
+ krb5_principal p;
+ char localname[1024];
+ krb5_error_code ret;
+ char *princ;
+
+ ret = krb5_make_principal(context, &p, realm, user, inst, NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_build_principal");
+
+ ret = krb5_unparse_name(context, p, &princ);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ ret = krb5_aname_to_localname(context, p, sizeof(localname), localname);
+ krb5_free_principal(context, p);
+ free(princ);
+ if (ret) {
+ if (!ok)
+ return;
+ krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s",
+ princ, localuser);
+ }
+
+ if (strcmp(localname, localuser) != 0) {
+ if (ok)
+ errx(1, "compared failed %s != %s (should have succeded)",
+ localname, localuser);
+ } else {
+ if (!ok)
+ errx(1, "compared failed %s == %s (should have failed)",
+ localname, localuser);
+ }
+
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_realm realm;
+ int optidx = 0;
+ char *user;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 1)
+ errx(1, "first argument should be a local user that in root .k5login");
+
+ user = argv[0];
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_get_default_realm(context, &realm);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_get_default_realm");
+
+ test_alname(context, realm, user, NULL, user, 1);
+ test_alname(context, realm, user, "root", "root", 1);
+
+ test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0);
+ test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0);
+
+ test_alname(context, realm, user, NULL,
+ "not-same-as-user", 0);
+ test_alname(context, realm, user, "root",
+ "not-same-as-user", 0);
+
+ test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL,
+ "not-same-as-user", 0);
+ test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root",
+ "not-same-as-user", 0);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_cc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_cc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_cc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,532 @@
+/*
+ * Copyright (c) 2003 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <getarg.h>
+#include <err.h>
+
+RCSID("$Id: test_cc.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int debug_flag = 0;
+static int version_flag = 0;
+static int help_flag = 0;
+
+static void
+test_default_name(krb5_context context)
+{
+ krb5_error_code ret;
+ const char *p, *test_cc_name = "/tmp/krb5-cc-test-foo";
+ char *p1, *p2, *p3;
+
+ p = krb5_cc_default_name(context);
+ if (p == NULL)
+ krb5_errx (context, 1, "krb5_cc_default_name 1 failed");
+ p1 = estrdup(p);
+
+ ret = krb5_cc_set_default_name(context, NULL);
+ if (p == NULL)
+ krb5_errx (context, 1, "krb5_cc_set_default_name failed");
+
+ p = krb5_cc_default_name(context);
+ if (p == NULL)
+ krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
+ p2 = estrdup(p);
+
+ if (strcmp(p1, p2) != 0)
+ krb5_errx (context, 1, "krb5_cc_default_name no longer same");
+
+ ret = krb5_cc_set_default_name(context, test_cc_name);
+ if (p == NULL)
+ krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
+
+ p = krb5_cc_default_name(context);
+ if (p == NULL)
+ krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
+ p3 = estrdup(p);
+
+ if (strcmp(p3, test_cc_name) != 0)
+ krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
+
+ free(p1);
+ free(p2);
+ free(p3);
+}
+
+/*
+ * Check that a closed cc still keeps it data and that it's no longer
+ * there when it's destroyed.
+ */
+
+static void
+test_mcache(krb5_context context)
+{
+ krb5_error_code ret;
+ krb5_ccache id, id2;
+ const char *nc, *tc;
+ char *c;
+ krb5_principal p, p2;
+
+ ret = krb5_parse_name(context, "lha at SU.SE", &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ ret = krb5_cc_initialize(context, id, p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ nc = krb5_cc_get_name(context, id);
+ if (nc == NULL)
+ krb5_errx(context, 1, "krb5_cc_get_name");
+
+ tc = krb5_cc_get_type(context, id);
+ if (tc == NULL)
+ krb5_errx(context, 1, "krb5_cc_get_name");
+
+ asprintf(&c, "%s:%s", tc, nc);
+
+ krb5_cc_close(context, id);
+
+ ret = krb5_cc_resolve(context, c, &id2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_resolve");
+
+ ret = krb5_cc_get_principal(context, id2, &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_get_principal");
+
+ if (krb5_principal_compare(context, p, p2) == FALSE)
+ krb5_errx(context, 1, "p != p2");
+
+ krb5_cc_destroy(context, id2);
+ krb5_free_principal(context, p);
+ krb5_free_principal(context, p2);
+
+ ret = krb5_cc_resolve(context, c, &id2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_resolve");
+
+ ret = krb5_cc_get_principal(context, id2, &p2);
+ if (ret == 0)
+ krb5_errx(context, 1, "krb5_cc_get_principal");
+
+ krb5_cc_destroy(context, id2);
+ free(c);
+}
+
+/*
+ * Test that init works on a destroyed cc.
+ */
+
+static void
+test_init_vs_destroy(krb5_context context, const krb5_cc_ops *ops)
+{
+ krb5_error_code ret;
+ krb5_ccache id, id2;
+ krb5_principal p, p2;
+ char *n;
+
+ ret = krb5_parse_name(context, "lha at SU.SE", &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_cc_gen_new(context, ops, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ asprintf(&n, "%s:%s",
+ krb5_cc_get_type(context, id),
+ krb5_cc_get_name(context, id));
+
+ ret = krb5_cc_resolve(context, n, &id2);
+ free(n);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_resolve");
+
+ krb5_cc_destroy(context, id);
+
+ ret = krb5_cc_initialize(context, id2, p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_get_principal(context, id2, &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_get_principal");
+
+ krb5_cc_destroy(context, id2);
+ krb5_free_principal(context, p);
+ krb5_free_principal(context, p2);
+}
+
+static void
+test_fcache_remove(krb5_context context)
+{
+ krb5_error_code ret;
+ krb5_ccache id;
+ krb5_principal p;
+ krb5_creds cred;
+
+ ret = krb5_parse_name(context, "lha at SU.SE", &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ ret = krb5_cc_initialize(context, id, p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ /* */
+ memset(&cred, 0, sizeof(cred));
+ ret = krb5_parse_name(context, "krbtgt/SU.SE at SU.SE", &cred.server);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+ ret = krb5_parse_name(context, "lha at SU.SE", &cred.client);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_cc_store_cred(context, id, &cred);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_store_cred");
+
+ ret = krb5_cc_remove_cred(context, id, 0, &cred);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_remove_cred");
+
+ ret = krb5_cc_destroy(context, id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_destroy");
+
+ krb5_free_principal(context, p);
+ krb5_free_principal(context, cred.server);
+ krb5_free_principal(context, cred.client);
+}
+
+static void
+test_mcc_default(void)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_ccache id, id2;
+ int i;
+
+ for (i = 0; i < 10; i++) {
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_init_context");
+
+ ret = krb5_cc_set_default_name(context, "MEMORY:foo");
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_set_default_name");
+
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_default");
+
+ ret = krb5_cc_default(context, &id2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_default");
+
+ ret = krb5_cc_close(context, id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_close");
+
+ ret = krb5_cc_close(context, id2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_close");
+
+ krb5_free_context(context);
+ }
+}
+
+struct {
+ char *str;
+ int fail;
+ char *res;
+} cc_names[] = {
+ { "foo", 0, "foo" },
+ { "%{uid}", 0 },
+ { "foo%{null}", 0, "foo" },
+ { "foo%{null}bar", 0, "foobar" },
+ { "%{", 1 },
+ { "%{foo %{", 1 },
+ { "%{{", 1 },
+};
+
+static void
+test_def_cc_name(krb5_context context)
+{
+ krb5_error_code ret;
+ char *str;
+ int i;
+
+ for (i = 0; i < sizeof(cc_names)/sizeof(cc_names[0]); i++) {
+ ret = _krb5_expand_default_cc_name(context, cc_names[i].str, &str);
+ if (ret) {
+ if (cc_names[i].fail == 0)
+ krb5_errx(context, 1, "test %d \"%s\" failed",
+ i, cc_names[i].str);
+ } else {
+ if (cc_names[i].fail)
+ krb5_errx(context, 1, "test %d \"%s\" was successful",
+ i, cc_names[i].str);
+ if (cc_names[i].res && strcmp(cc_names[i].res, str) != 0)
+ krb5_errx(context, 1, "test %d %s != %s",
+ i, cc_names[i].res, str);
+ if (debug_flag)
+ printf("%s => %s\n", cc_names[i].str, str);
+ free(str);
+ }
+ }
+}
+
+static void
+test_cache_find(krb5_context context, const char *type, const char *principal,
+ int find)
+{
+ krb5_principal client;
+ krb5_error_code ret;
+ krb5_ccache id = NULL;
+
+ ret = krb5_parse_name(context, principal, &client);
+ if (ret)
+ krb5_err(context, 1, ret, "parse_name for %s failed", principal);
+
+ ret = krb5_cc_cache_match(context, client, type, &id);
+ if (ret && find)
+ krb5_err(context, 1, ret, "cc_cache_match for %s failed", principal);
+ if (ret == 0 && !find)
+ krb5_err(context, 1, ret, "cc_cache_match for %s found", principal);
+
+ if (id)
+ krb5_cc_close(context, id);
+ krb5_free_principal(context, client);
+}
+
+
+static void
+test_cache_iter(krb5_context context, const char *type, int destroy)
+{
+ krb5_cc_cache_cursor cursor;
+ krb5_error_code ret;
+ krb5_ccache id;
+
+ ret = krb5_cc_cache_get_first (context, type, &cursor);
+ if (ret == KRB5_CC_NOSUPP)
+ return;
+ else if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_cache_get_first(%s)", type);
+
+
+ while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
+ krb5_principal principal;
+ char *name;
+
+ if (debug_flag)
+ printf("name: %s\n", krb5_cc_get_name(context, id));
+ ret = krb5_cc_get_principal(context, id, &principal);
+ if (ret == 0) {
+ ret = krb5_unparse_name(context, principal, &name);
+ if (ret == 0) {
+ if (debug_flag)
+ printf("\tprincipal: %s\n", name);
+ free(name);
+ }
+ krb5_free_principal(context, principal);
+ }
+ if (destroy)
+ krb5_cc_destroy(context, id);
+ else
+ krb5_cc_close(context, id);
+ }
+
+ krb5_cc_cache_end_seq_get(context, cursor);
+}
+
+static void
+test_copy(krb5_context context, const char *fromtype, const char *totype)
+{
+ const krb5_cc_ops *from, *to;
+ krb5_ccache fromid, toid;
+ krb5_error_code ret;
+ krb5_principal p, p2;
+
+ from = krb5_cc_get_prefix_ops(context, fromtype);
+ if (from == NULL)
+ krb5_errx(context, 1, "%s isn't a type", fromtype);
+
+ to = krb5_cc_get_prefix_ops(context, totype);
+ if (to == NULL)
+ krb5_errx(context, 1, "%s isn't a type", totype);
+
+ ret = krb5_parse_name(context, "lha at SU.SE", &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_cc_gen_new(context, from, &fromid);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ ret = krb5_cc_initialize(context, fromid, p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_initialize");
+
+ ret = krb5_cc_gen_new(context, to, &toid);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_gen_new");
+
+ ret = krb5_cc_copy_cache(context, fromid, toid);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_copy_cache");
+
+ ret = krb5_cc_get_principal(context, toid, &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_get_principal");
+
+ if (krb5_principal_compare(context, p, p2) == FALSE)
+ krb5_errx(context, 1, "p != p2");
+
+ krb5_free_principal(context, p);
+ krb5_free_principal(context, p2);
+
+ krb5_cc_destroy(context, fromid);
+ krb5_cc_destroy(context, toid);
+}
+
+static void
+test_prefix_ops(krb5_context context, const char *name, const krb5_cc_ops *ops)
+{
+ const krb5_cc_ops *o;
+
+ o = krb5_cc_get_prefix_ops(context, name);
+ if (o == NULL)
+ krb5_errx(context, 1, "found no match for prefix '%s'", name);
+ if (strcmp(o->prefix, ops->prefix) != 0)
+ krb5_errx(context, 1, "ops for prefix '%s' is not "
+ "the expected %s != %s", name, o->prefix, ops->prefix);
+}
+
+
+static struct getargs args[] = {
+ {"debug", 'd', arg_flag, &debug_flag,
+ "turn on debuggin", NULL },
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int optidx = 0;
+ krb5_ccache id1, id2;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ test_fcache_remove(context);
+ test_default_name(context);
+ test_mcache(context);
+ test_init_vs_destroy(context, &krb5_mcc_ops);
+ test_init_vs_destroy(context, &krb5_fcc_ops);
+ test_mcc_default();
+ test_def_cc_name(context);
+ test_cache_iter(context, "MEMORY", 0);
+ {
+ krb5_principal p;
+ krb5_cc_new_unique(context, "MEMORY", "bar", &id1);
+ krb5_cc_new_unique(context, "MEMORY", "baz", &id2);
+ krb5_parse_name(context, "lha at SU.SE", &p);
+ krb5_cc_initialize(context, id1, p);
+ krb5_free_principal(context, p);
+ }
+
+ test_cache_find(context, "MEMORY", "lha at SU.SE", 1);
+ test_cache_find(context, "MEMORY", "hulabundulahotentot at SU.SE", 0);
+
+ test_cache_iter(context, "MEMORY", 0);
+ test_cache_iter(context, "MEMORY", 1);
+ test_cache_iter(context, "MEMORY", 0);
+ test_cache_iter(context, "FILE", 0);
+ test_cache_iter(context, "API", 0);
+
+ test_copy(context, "FILE", "FILE");
+ test_copy(context, "MEMORY", "MEMORY");
+ test_copy(context, "FILE", "MEMORY");
+ test_copy(context, "MEMORY", "FILE");
+
+ test_prefix_ops(context, "FILE:/tmp/foo", &krb5_fcc_ops);
+ test_prefix_ops(context, "FILE", &krb5_fcc_ops);
+ test_prefix_ops(context, "MEMORY", &krb5_mcc_ops);
+ test_prefix_ops(context, "MEMORY:foo", &krb5_mcc_ops);
+ test_prefix_ops(context, "/tmp/kaka", &krb5_fcc_ops);
+
+ krb5_cc_destroy(context, id1);
+ krb5_cc_destroy(context, id2);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_config.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_config.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_config.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_config.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int
+check_config_file(krb5_context context, char *filelist, char **res, int def)
+{
+ krb5_error_code ret;
+ char **pp;
+ int i;
+
+ pp = NULL;
+
+ if (def)
+ ret = krb5_prepend_config_files_default(filelist, &pp);
+ else
+ ret = krb5_prepend_config_files(filelist, NULL, &pp);
+
+ if (ret)
+ krb5_err(context, 1, ret, "prepend_config_files");
+
+ for (i = 0; res[i] && pp[i]; i++)
+ if (strcmp(pp[i], res[i]) != 0)
+ krb5_errx(context, 1, "'%s' != '%s'", pp[i], res[i]);
+
+ if (res[i] != NULL)
+ krb5_errx(context, 1, "pp ended before res list");
+
+ if (def) {
+ char **deflist;
+ int j;
+
+ ret = krb5_get_default_config_files(&deflist);
+ if (ret)
+ krb5_err(context, 1, ret, "get_default_config_files");
+
+ for (j = 0 ; pp[i] && deflist[j]; i++, j++)
+ if (strcmp(pp[i], deflist[j]) != 0)
+ krb5_errx(context, 1, "'%s' != '%s'", pp[i], deflist[j]);
+
+ if (deflist[j] != NULL)
+ krb5_errx(context, 1, "pp ended before def list");
+ krb5_free_config_files(deflist);
+ }
+
+ if (pp[i] != NULL)
+ krb5_errx(context, 1, "pp ended after res (and def) list");
+
+ krb5_free_config_files(pp);
+
+ return 0;
+}
+
+char *list0[] = { "/tmp/foo", NULL };
+char *list1[] = { "/tmp/foo", "/tmp/foo/bar", NULL };
+char *list2[] = { "", NULL };
+
+struct {
+ char *fl;
+ char **res;
+} test[] = {
+ { "/tmp/foo", NULL },
+ { "/tmp/foo:/tmp/foo/bar", NULL },
+ { "", NULL }
+};
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int i;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context %d", ret);
+
+ test[0].res = list0;
+ test[1].res = list1;
+ test[2].res = list2;
+
+ for (i = 0; i < sizeof(test)/sizeof(*test); i++) {
+ check_config_file(context, test[i].fl, test[i].res, 0);
+ check_config_file(context, test[i].fl, test[i].res, 1);
+ }
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_crypto.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_crypto.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_crypto.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 2003-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_crypto.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+time_encryption(krb5_context context, size_t size,
+ krb5_enctype etype, int iterations)
+{
+ struct timeval tv1, tv2;
+ krb5_error_code ret;
+ krb5_keyblock key;
+ krb5_crypto crypto;
+ krb5_data data;
+ char *etype_name;
+ void *buf;
+ int i;
+
+ ret = krb5_generate_random_keyblock(context, etype, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ ret = krb5_enctype_to_string(context, etype, &etype_name);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_enctype_to_string");
+
+ buf = malloc(size);
+ if (buf == NULL)
+ krb5_errx(context, 1, "out of memory");
+ memset(buf, 0, size);
+
+ ret = krb5_crypto_init(context, &key, 0, &crypto);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_init");
+
+ gettimeofday(&tv1, NULL);
+
+ for (i = 0; i < iterations; i++) {
+ ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "encrypt: %d", i);
+ krb5_data_free(&data);
+ }
+
+ gettimeofday(&tv2, NULL);
+
+ timevalsub(&tv2, &tv1);
+
+ printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n",
+ etype_name, (unsigned long)size, iterations,
+ (long)tv2.tv_sec, (long)tv2.tv_usec);
+
+ free(buf);
+ free(etype_name);
+ krb5_crypto_destroy(context, crypto);
+ krb5_free_keyblock_contents(context, &key);
+}
+
+static void
+time_s2k(krb5_context context,
+ krb5_enctype etype,
+ const char *password,
+ krb5_salt salt,
+ int iterations)
+{
+ struct timeval tv1, tv2;
+ krb5_error_code ret;
+ krb5_keyblock key;
+ krb5_data opaque;
+ char *etype_name;
+ int i;
+
+ ret = krb5_enctype_to_string(context, etype, &etype_name);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_enctype_to_string");
+
+ opaque.data = NULL;
+ opaque.length = 0;
+
+ gettimeofday(&tv1, NULL);
+
+ for (i = 0; i < iterations; i++) {
+ ret = krb5_string_to_key_salt_opaque(context, etype, password, salt,
+ opaque, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_string_to_key_data_salt_opaque");
+ krb5_free_keyblock_contents(context, &key);
+ }
+
+ gettimeofday(&tv2, NULL);
+
+ timevalsub(&tv2, &tv1);
+
+ printf("%s string2key %d iterations time: %3ld.%06ld\n",
+ etype_name, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec);
+ free(etype_name);
+
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int i, enciter, s2kiter;
+ int optidx = 0;
+ krb5_salt salt;
+
+ krb5_enctype enctypes[] = {
+ ETYPE_DES_CBC_CRC,
+ ETYPE_DES3_CBC_SHA1,
+ ETYPE_ARCFOUR_HMAC_MD5,
+ ETYPE_AES128_CTS_HMAC_SHA1_96,
+ ETYPE_AES256_CTS_HMAC_SHA1_96
+ };
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ salt.salttype = KRB5_PW_SALT;
+ salt.saltvalue.data = NULL;
+ salt.saltvalue.length = 0;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ enciter = 1000;
+ s2kiter = 100;
+
+ for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
+
+ time_encryption(context, 16, enctypes[i], enciter);
+ time_encryption(context, 32, enctypes[i], enciter);
+ time_encryption(context, 512, enctypes[i], enciter);
+ time_encryption(context, 1024, enctypes[i], enciter);
+ time_encryption(context, 2048, enctypes[i], enciter);
+ time_encryption(context, 4096, enctypes[i], enciter);
+ time_encryption(context, 8192, enctypes[i], enciter);
+ time_encryption(context, 16384, enctypes[i], enciter);
+ time_encryption(context, 32768, enctypes[i], enciter);
+
+ time_s2k(context, enctypes[i], "mYsecreitPassword", salt, s2kiter);
+ }
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_crypto_wrapping.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_crypto_wrapping.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_crypto_wrapping.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_crypto_wrapping.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+test_wrapping(krb5_context context,
+ size_t min_size,
+ size_t max_size,
+ size_t step,
+ krb5_enctype etype)
+{
+ krb5_error_code ret;
+ krb5_keyblock key;
+ krb5_crypto crypto;
+ krb5_data data;
+ char *etype_name;
+ void *buf;
+ size_t size;
+
+ ret = krb5_generate_random_keyblock(context, etype, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ ret = krb5_enctype_to_string(context, etype, &etype_name);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_enctype_to_string");
+
+ buf = malloc(max_size);
+ if (buf == NULL)
+ krb5_errx(context, 1, "out of memory");
+ memset(buf, 0, max_size);
+
+ ret = krb5_crypto_init(context, &key, 0, &crypto);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_init");
+
+ for (size = min_size; size < max_size; size += step) {
+ size_t wrapped_size;
+
+ ret = krb5_encrypt(context, crypto, 0, buf, size, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "encrypt size %lu using %s",
+ (unsigned long)size, etype_name);
+
+ wrapped_size = krb5_get_wrapped_length(context, crypto, size);
+
+ if (wrapped_size != data.length)
+ krb5_errx(context, 1, "calculated wrapped length %lu != "
+ "real wrapped length %lu for data length %lu using "
+ "enctype %s",
+ (unsigned long)wrapped_size,
+ (unsigned long)data.length,
+ (unsigned long)size,
+ etype_name);
+ krb5_data_free(&data);
+ }
+
+ free(etype_name);
+ free(buf);
+ krb5_crypto_destroy(context, crypto);
+ krb5_free_keyblock_contents(context, &key);
+}
+
+
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int i, optidx = 0;
+
+ krb5_enctype enctypes[] = {
+ ETYPE_DES_CBC_CRC,
+ ETYPE_DES_CBC_MD4,
+ ETYPE_DES_CBC_MD5,
+ ETYPE_DES3_CBC_SHA1,
+ ETYPE_ARCFOUR_HMAC_MD5,
+ ETYPE_AES128_CTS_HMAC_SHA1_96,
+ ETYPE_AES256_CTS_HMAC_SHA1_96
+ };
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) {
+ test_wrapping(context, 0, 1024, 1, enctypes[i]);
+ test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]);
+ }
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_forward.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_forward.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_forward.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2008 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_forward.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "hostname");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ const char *hostname;
+ krb5_context context;
+ krb5_auth_context ac;
+ krb5_error_code ret;
+ krb5_creds cred;
+ krb5_ccache id;
+ krb5_data data;
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc < 1)
+ usage(1);
+
+ hostname = argv[0];
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_default failed: %d", ret);
+
+ ret = krb5_auth_con_init(context, &ac);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_auth_con_init failed: %d", ret);
+
+ krb5_auth_con_addflags(context, ac,
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, NULL);
+
+ ret = krb5_cc_get_principal(context, id, &cred.client);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_get_principal");
+
+ ret = krb5_make_principal(context,
+ &cred.server,
+ krb5_principal_get_realm(context, cred.client),
+ KRB5_TGS_NAME,
+ krb5_principal_get_realm(context, cred.client),
+ NULL);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_make_principal(server)");
+
+ ret = krb5_get_forwarded_creds (context,
+ ac,
+ id,
+ KDC_OPT_FORWARDABLE,
+ hostname,
+ &cred,
+ &data);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_forwarded_creds");
+
+ krb5_data_free(&data);
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_get_addrs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_get_addrs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_get_addrs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2000 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_get_addrs.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/* print all addresses that we find */
+
+static void
+print_addresses (krb5_context context, const krb5_addresses *addrs)
+{
+ int i;
+ char buf[256];
+ size_t len;
+
+ for (i = 0; i < addrs->len; ++i) {
+ krb5_print_address (&addrs->val[i], buf, sizeof(buf), &len);
+ printf ("%s\n", buf);
+ }
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_addresses addrs;
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_get_all_client_addrs (context, &addrs);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
+ printf ("client addresses\n");
+ print_addresses (context, &addrs);
+ krb5_free_addresses (context, &addrs);
+
+ ret = krb5_get_all_server_addrs (context, &addrs);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
+ printf ("server addresses\n");
+ print_addresses (context, &addrs);
+ krb5_free_addresses (context, &addrs);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_hostname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_hostname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_hostname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_hostname.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int debug_flag = 0;
+static int version_flag = 0;
+static int help_flag = 0;
+
+static int
+expand_hostname(krb5_context context, const char *host)
+{
+ krb5_error_code ret;
+ char *h, **r;
+
+ ret = krb5_expand_hostname(context, host, &h);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_expand_hostname(%s)", host);
+
+ free(h);
+
+ if (debug_flag)
+ printf("hostname: %s -> %s\n", host, h);
+
+ ret = krb5_expand_hostname_realms(context, host, &h, &r);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_expand_hostname_realms(%s)", host);
+
+ if (debug_flag) {
+ int j;
+
+ printf("hostname: %s -> %s\n", host, h);
+ for (j = 0; r[j]; j++) {
+ printf("\trealm: %s\n", r[j]);
+ }
+ }
+ free(h);
+ krb5_free_host_realm(context, r);
+
+ return 0;
+}
+
+static int
+test_expand_hostname(krb5_context context)
+{
+ int i, errors = 0;
+
+ struct t {
+ krb5_error_code ret;
+ const char *orig_hostname;
+ const char *new_hostname;
+ } tests[] = {
+ { 0, "pstn1.su.se", "pstn1.su.se" },
+ { 0, "pstnproxy.su.se", "pstnproxy.su.se" },
+ };
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
+ errors += expand_hostname(context, tests[i].orig_hostname);
+ }
+
+ return errors;
+}
+
+static struct getargs args[] = {
+ {"debug", 'd', arg_flag, &debug_flag,
+ "turn on debuggin", NULL },
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "hostname ...");
+ exit (ret);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int optidx = 0, errors = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if (argc > 0) {
+ while (argc-- > 0)
+ errors += expand_hostname(context, *argv++);
+ return errors;
+ }
+
+ errors += test_expand_hostname(context);
+
+ krb5_free_context(context);
+
+ return errors;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_keytab.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_keytab.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_keytab.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_keytab.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Test that removal entry from of empty keytab doesn't corrupts
+ * memory.
+ */
+
+static void
+test_empty_keytab(krb5_context context, const char *keytab)
+{
+ krb5_error_code ret;
+ krb5_keytab id;
+ krb5_keytab_entry entry;
+
+ ret = krb5_kt_resolve(context, keytab, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ memset(&entry, 0, sizeof(entry));
+
+ krb5_kt_remove_entry(context, id, &entry);
+
+ ret = krb5_kt_close(context, id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+}
+
+/*
+ * Test that memory keytab are refcounted.
+ */
+
+static void
+test_memory_keytab(krb5_context context, const char *keytab, const char *keytab2)
+{
+ krb5_error_code ret;
+ krb5_keytab id, id2, id3;
+ krb5_keytab_entry entry, entry2, entry3;
+
+ ret = krb5_kt_resolve(context, keytab, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ memset(&entry, 0, sizeof(entry));
+ ret = krb5_parse_name(context, "lha at SU.SE", &entry.principal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+ entry.vno = 1;
+ ret = krb5_generate_random_keyblock(context,
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ &entry.keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ krb5_kt_add_entry(context, id, &entry);
+
+ ret = krb5_kt_resolve(context, keytab, &id2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ ret = krb5_kt_get_entry(context, id,
+ entry.principal,
+ 0,
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ &entry2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_get_entry");
+ krb5_kt_free_entry(context, &entry2);
+
+ ret = krb5_kt_close(context, id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+
+ ret = krb5_kt_get_entry(context, id2,
+ entry.principal,
+ 0,
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ &entry2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_get_entry");
+ krb5_kt_free_entry(context, &entry2);
+
+ ret = krb5_kt_close(context, id2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+
+
+ ret = krb5_kt_resolve(context, keytab2, &id3);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ memset(&entry3, 0, sizeof(entry3));
+ ret = krb5_parse_name(context, "lha3 at SU.SE", &entry3.principal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+ entry3.vno = 1;
+ ret = krb5_generate_random_keyblock(context,
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ &entry3.keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ krb5_kt_add_entry(context, id3, &entry3);
+
+
+ ret = krb5_kt_resolve(context, keytab, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ ret = krb5_kt_get_entry(context, id,
+ entry.principal,
+ 0,
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ &entry2);
+ if (ret == 0)
+ krb5_errx(context, 1, "krb5_kt_get_entry when if should fail");
+
+ krb5_kt_remove_entry(context, id, &entry);
+
+ ret = krb5_kt_close(context, id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+
+ krb5_kt_free_entry(context, &entry);
+
+ krb5_kt_remove_entry(context, id3, &entry3);
+
+ ret = krb5_kt_close(context, id3);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_close");
+
+ krb5_free_principal(context, entry3.principal);
+ krb5_free_keyblock_contents(context, &entry3.keyblock);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ test_empty_keytab(context, "MEMORY:foo");
+ test_empty_keytab(context, "FILE:foo");
+ test_empty_keytab(context, "KRB4:foo");
+
+ test_memory_keytab(context, "MEMORY:foo", "MEMORY:foo2");
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_kuserok.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_kuserok.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_kuserok.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <getarg.h>
+#include <err.h>
+
+RCSID("$Id: test_kuserok.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "principal luser");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_principal principal;
+ char *p;
+ int o = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &o))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= o;
+ argv += o;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ if (argc != 2)
+ usage(1);
+
+ ret = krb5_parse_name(context, argv[0], &principal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name(context, principal, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ ret = krb5_kuserok(context, principal, argv[1]);
+
+ krb5_free_context(context);
+
+ printf("%s is %sallowed to login as %s\n", p, ret ? "" : "NOT ", argv[1]);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_mem.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_mem.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_mem.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_mem.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Test run functions, to be used with valgrind to detect memoryleaks.
+ */
+
+static void
+check_log(void)
+{
+ int i;
+
+ for (i = 0; i < 10; i++) {
+ krb5_log_facility *logfacility;
+ krb5_context context;
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ krb5_initlog(context, "test-mem", &logfacility);
+ krb5_addlog_dest(context, logfacility, "0/STDERR:");
+ krb5_set_warn_dest(context, logfacility);
+
+ krb5_free_context(context);
+ }
+}
+
+
+int
+main(int argc, char **argv)
+{
+ setprogname(argv[0]);
+
+ check_log();
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_pac.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_pac.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_pac.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: test_pac.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * This PAC and keys are copied (with permission) from Samba torture
+ * regression test suite, they where created by Andrew Bartlet.
+ */
+
+static const unsigned char saved_pac[] = {
+ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
+ 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+ 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+ 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+ 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+ 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
+ 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
+ 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
+ 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
+ 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+ 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
+ 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+ 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
+ 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+ 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+ 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
+ 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
+ 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
+ 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+ 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
+ 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
+ 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
+ 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
+ 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
+ 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
+};
+
+static int type_1_length = 472;
+
+static const krb5_keyblock kdc_keyblock = {
+ ETYPE_ARCFOUR_HMAC_MD5,
+ { 16, "\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7" }
+};
+
+static const krb5_keyblock member_keyblock = {
+ ETYPE_ARCFOUR_HMAC_MD5,
+ { 16, "\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC" }
+};
+
+static time_t authtime = 1120440609;
+static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_pac pac;
+ krb5_data data;
+ krb5_principal p;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_contex");
+
+ ret = krb5_parse_name(context, user, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_pac_parse(context, saved_pac, sizeof(saved_pac), &pac);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_parse");
+
+ ret = krb5_pac_verify(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_verify");
+
+ ret = _krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "_krb5_pac_sign");
+
+ krb5_pac_free(context, pac);
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac);
+ krb5_data_free(&data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_parse 2");
+
+ ret = krb5_pac_verify(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_verify 2");
+
+ /* make a copy and try to reproduce it */
+ {
+ uint32_t *list;
+ size_t len, i;
+ krb5_pac pac2;
+
+ ret = krb5_pac_init(context, &pac2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_init");
+
+ /* our two user buffer plus the three "system" buffers */
+ ret = krb5_pac_get_types(context, pac, &len, &list);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_get_types");
+
+ for (i = 0; i < len; i++) {
+ /* skip server_cksum, privsvr_cksum, and logon_name */
+ if (list[i] == 6 || list[i] == 7 || list[i] == 10)
+ continue;
+
+ ret = krb5_pac_get_buffer(context, pac, list[i], &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_get_buffer");
+
+ if (list[i] == 1) {
+ if (type_1_length != data.length)
+ krb5_errx(context, 1, "type 1 have wrong length: %lu",
+ (unsigned long)data.length);
+ } else
+ krb5_errx(context, 1, "unknown type %lu",
+ (unsigned long)list[i]);
+
+ ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_add_buffer");
+ krb5_data_free(&data);
+ }
+ free(list);
+
+ ret = _krb5_pac_sign(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "_krb5_pac_sign 4");
+
+ krb5_pac_free(context, pac2);
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_parse 4");
+
+ ret = krb5_pac_verify(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_verify 4");
+
+ krb5_pac_free(context, pac2);
+ }
+
+ krb5_pac_free(context, pac);
+
+ /*
+ * Test empty free
+ */
+
+ ret = krb5_pac_init(context, &pac);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_init");
+ krb5_pac_free(context, pac);
+
+ /*
+ * Test add remove buffer
+ */
+
+ ret = krb5_pac_init(context, &pac);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_init");
+
+ {
+ const krb5_data cdata = { 2, "\x00\x01" } ;
+
+ ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_add_buffer");
+ }
+ {
+ ret = krb5_pac_get_buffer(context, pac, 1, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_get_buffer");
+ if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
+ krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
+ krb5_data_free(&data);
+ }
+
+ {
+ const krb5_data cdata = { 2, "\x02\x00" } ;
+
+ ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_add_buffer");
+ }
+ {
+ ret = krb5_pac_get_buffer(context, pac, 1, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_get_buffer");
+ if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
+ krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
+ krb5_data_free(&data);
+ /* */
+ ret = krb5_pac_get_buffer(context, pac, 2, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_get_buffer");
+ if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
+ krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
+ krb5_data_free(&data);
+ }
+
+ ret = _krb5_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "_krb5_pac_sign");
+
+ krb5_pac_free(context, pac);
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac);
+ krb5_data_free(&data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_parse 3");
+
+ ret = krb5_pac_verify(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_verify 3");
+
+ {
+ uint32_t *list;
+ size_t len;
+
+ /* our two user buffer plus the three "system" buffers */
+ ret = krb5_pac_get_types(context, pac, &len, &list);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_pac_get_types");
+ if (len != 5)
+ krb5_errx(context, 1, "list wrong length");
+ free(list);
+ }
+
+ krb5_pac_free(context, pac);
+
+ krb5_free_principal(context, p);
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_pkinit_dh2key.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_pkinit_dh2key.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_pkinit_dh2key.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,218 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_pkinit_dh2key.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+test_dh2key(int i,
+ krb5_context context,
+ const heim_octet_string *dh,
+ const heim_octet_string *c_n,
+ const heim_octet_string *k_n,
+ krb5_enctype etype,
+ const heim_octet_string *result)
+{
+ krb5_error_code ret;
+ krb5_keyblock key;
+
+ ret = _krb5_pk_octetstring2key(context,
+ etype,
+ dh->data, dh->length,
+ c_n,
+ k_n,
+ &key);
+ if (ret != 0)
+ krb5_err(context, 1, ret, "_krb5_pk_octetstring2key: %d", i);
+
+ if (key.keyvalue.length != result->length ||
+ memcmp(key.keyvalue.data, result->data, result->length) != 0)
+ krb5_errx(context, 1, "resulting key wrong: %d", i);
+
+ krb5_free_keyblock_contents(context, &key);
+}
+
+
+struct {
+ krb5_enctype type;
+ krb5_data X;
+ krb5_data key;
+} tests[] = {
+ /* 0 */
+ {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ {
+ 256,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ },
+ {
+ 32,
+ "\x5e\xe5\x0d\x67\x5c\x80\x9f\xe5\x9e\x4a\x77\x62\xc5\x4b\x65\x83"
+ "\x75\x47\xea\xfb\x15\x9b\xd8\xcd\xc7\x5f\xfc\xa5\x91\x1e\x4c\x41"
+ }
+ },
+ /* 1 */
+ {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ {
+ 128,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ },
+ {
+ 32,
+ "\xac\xf7\x70\x7c\x08\x97\x3d\xdf\xdb\x27\xcd\x36\x14\x42\xcc\xfb"
+ "\xa3\x55\xc8\x88\x4c\xb4\x72\xf3\x7d\xa6\x36\xd0\x7d\x56\x78\x7e"
+ }
+ },
+ /* 2 */
+ {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ {
+ 128,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
+ "\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
+ "\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"
+ "\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b"
+ "\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
+ "\x0b\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09"
+ "\x0a\x0b\x0c\x0d\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08"
+ },
+ {
+ 32,
+ "\xc4\x42\xda\x58\x5f\xcb\x80\xe4\x3b\x47\x94\x6f\x25\x40\x93\xe3"
+ "\x73\x29\xd9\x90\x01\x38\x0d\xb7\x83\x71\xdb\x3a\xcf\x5c\x79\x7e"
+ }
+ },
+ /* 3 */
+ {
+ ETYPE_AES256_CTS_HMAC_SHA1_96,
+ {
+ 77,
+ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
+ "\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
+ "\x0e\x0f\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c"
+ "\x0d\x0e\x0f\x10\x00\x01\x02\x03"
+ "\x04\x05\x06\x07\x08"
+ },
+ {
+ 32,
+ "\x00\x53\x95\x3b\x84\xc8\x96\xf4\xeb\x38\x5c\x3f\x2e\x75\x1c\x4a"
+ "\x59\x0e\xd6\xff\xad\xca\x6f\xf6\x4f\x47\xeb\xeb\x8d\x78\x0f\xfc"
+ }
+ }
+};
+
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int i, optidx = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
+ test_dh2key(i, context, &tests[i].X, NULL, NULL,
+ tests[i].type, &tests[i].key);
+ }
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_plugin.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_plugin.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_plugin.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+RCSID("$Id: test_plugin.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+#include "locate_plugin.h"
+
+static krb5_error_code
+resolve_init(krb5_context context, void **ctx)
+{
+ *ctx = NULL;
+ return 0;
+}
+
+static void
+resolve_fini(void *ctx)
+{
+}
+
+static krb5_error_code
+resolve_lookup(void *ctx,
+ enum locate_service_type service,
+ const char *realm,
+ int domain,
+ int type,
+ int (*add)(void *,int,struct sockaddr *),
+ void *addctx)
+{
+ struct sockaddr_in s;
+
+ memset(&s, 0, sizeof(s));
+
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ s.sin_len = sizeof(s);
+#endif
+ s.sin_family = AF_INET;
+ s.sin_port = htons(88);
+ s.sin_addr.s_addr = htonl(0x7f000002);
+
+ if (strcmp(realm, "NOTHERE.H5L.SE") == 0)
+ (*add)(addctx, type, (struct sockaddr *)&s);
+
+ return 0;
+}
+
+
+krb5plugin_service_locate_ftable resolve = {
+ 0,
+ resolve_init,
+ resolve_fini,
+ resolve_lookup
+};
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_krbhst_handle handle;
+ char host[MAXHOSTNAMELEN];
+ int found = 0;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_contex");
+
+ ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, "resolve", &resolve);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_plugin_register");
+
+
+ ret = krb5_krbhst_init_flags(context,
+ "NOTHERE.H5L.SE",
+ KRB5_KRBHST_KDC,
+ 0,
+ &handle);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_krbhst_init_flags");
+
+
+ while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0){
+ found++;
+ if (strcmp(host, "127.0.0.2") != 0)
+ krb5_errx(context, 1, "wrong address: %s", host);
+ }
+ if (!found)
+ krb5_errx(context, 1, "failed to find host");
+
+ krb5_krbhst_free(context, handle);
+
+ krb5_free_context(context);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_prf.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_prf.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_prf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: test_prf.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <hex.h>
+#include <err.h>
+
+/*
+ * key: string2key(aes256, "testkey", "testkey", default_params)
+ * input: unhex(1122334455667788)
+ * output: 58b594b8a61df6e9439b7baa991ff5c1
+ *
+ * key: string2key(aes128, "testkey", "testkey", default_params)
+ * input: unhex(1122334455667788)
+ * output: ffa2f823aa7f83a8ce3c5fb730587129
+ */
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_keyblock key;
+ krb5_crypto crypto;
+ size_t length;
+ krb5_data input, output, output2;
+ krb5_enctype etype = ETYPE_AES256_CTS_HMAC_SHA1_96;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context %d", ret);
+
+ ret = krb5_generate_random_keyblock(context, etype, &key);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_generate_random_keyblock");
+
+ ret = krb5_crypto_prf_length(context, etype, &length);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_prf_length");
+
+ ret = krb5_crypto_init(context, &key, 0, &crypto);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_init");
+
+ input.data = rk_UNCONST("foo");
+ input.length = 3;
+
+ ret = krb5_crypto_prf(context, crypto, &input, &output);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_prf");
+
+ ret = krb5_crypto_prf(context, crypto, &input, &output2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_prf");
+
+ if (krb5_data_cmp(&output, &output2) != 0)
+ krb5_errx(context, 1, "krb5_data_cmp");
+
+ krb5_data_free(&output);
+ krb5_data_free(&output2);
+
+ krb5_crypto_destroy(context, crypto);
+
+ krb5_free_keyblock_contents(context, &key);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_princ.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_princ.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_princ.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,366 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_princ.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+/*
+ * Check that a closed cc still keeps it data and that it's no longer
+ * there when it's destroyed.
+ */
+
+static void
+test_princ(krb5_context context)
+{
+ const char *princ = "lha at SU.SE";
+ const char *princ_short = "lha";
+ const char *noquote;
+ krb5_error_code ret;
+ char *princ_unparsed;
+ char *princ_reformed = NULL;
+ const char *realm;
+
+ krb5_principal p, p2;
+
+ ret = krb5_parse_name(context, princ, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name(context, p, &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed)) {
+ krb5_errx(context, 1, "%s != %s", princ, princ_unparsed);
+ }
+
+ free(princ_unparsed);
+
+ ret = krb5_unparse_name_flags(context, p,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (strcmp(princ_short, princ_unparsed))
+ krb5_errx(context, 1, "%s != %s", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ realm = krb5_principal_get_realm(context, p);
+
+ asprintf(&princ_reformed, "%s@%s", princ_short, realm);
+
+ ret = krb5_parse_name(context, princ_reformed, &p2);
+ free(princ_reformed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2)) {
+ krb5_errx(context, 1, "p != p2");
+ }
+
+ krb5_free_principal(context, p2);
+
+ ret = krb5_set_default_realm(context, "SU.SE");
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name_flags(context, p,
+ KRB5_PRINCIPAL_UNPARSE_SHORT,
+ &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (strcmp(princ_short, princ_unparsed))
+ krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_parse_name(context, princ_short, &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2))
+ krb5_errx(context, 1, "p != p2");
+ krb5_free_principal(context, p2);
+
+ ret = krb5_unparse_name(context, p, &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed))
+ krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_set_default_realm(context, "SAMBA.ORG");
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_parse_name(context, princ_short, &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (krb5_principal_compare(context, p, p2))
+ krb5_errx(context, 1, "p == p2");
+
+ if (!krb5_principal_compare_any_realm(context, p, p2))
+ krb5_errx(context, 1, "(ignoring realms) p != p2");
+
+ ret = krb5_unparse_name(context, p2, &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed) == 0)
+ krb5_errx(context, 1, "%s == %s", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p2);
+
+ ret = krb5_parse_name(context, princ, &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2))
+ krb5_errx(context, 1, "p != p2");
+
+ ret = krb5_unparse_name(context, p2, &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed))
+ krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p2);
+
+ ret = krb5_unparse_name_flags(context, p,
+ KRB5_PRINCIPAL_UNPARSE_SHORT,
+ &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name_short");
+
+ if (strcmp(princ, princ_unparsed) != 0)
+ krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_unparse_name(context, p, &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name_short");
+
+ if (strcmp(princ, princ_unparsed))
+ krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_parse_name_flags(context, princ,
+ KRB5_PRINCIPAL_PARSE_NO_REALM,
+ &p2);
+ if (!ret)
+ krb5_err(context, 1, ret, "Should have failed to parse %s a "
+ "short name", princ);
+
+ ret = krb5_parse_name_flags(context, princ_short,
+ KRB5_PRINCIPAL_PARSE_NO_REALM,
+ &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name_flags(context, p2,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_unparsed);
+ krb5_free_principal(context, p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name_norealm");
+
+ if (strcmp(princ_short, princ_unparsed))
+ krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_parse_name_flags(context, princ_short,
+ KRB5_PRINCIPAL_PARSE_MUST_REALM,
+ &p2);
+ if (!ret)
+ krb5_err(context, 1, ret, "Should have failed to parse %s "
+ "because it lacked a realm", princ_short);
+
+ ret = krb5_parse_name_flags(context, princ,
+ KRB5_PRINCIPAL_PARSE_MUST_REALM,
+ &p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2))
+ krb5_errx(context, 1, "p != p2");
+
+ ret = krb5_unparse_name_flags(context, p2,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_unparsed);
+ krb5_free_principal(context, p2);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name_norealm");
+
+ if (strcmp(princ_short, princ_unparsed))
+ krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p);
+
+ /* test quoting */
+
+ princ = "test\\ principal at SU.SE";
+ noquote = "test principal at SU.SE";
+
+ ret = krb5_parse_name_flags(context, princ, 0, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name_flags(context, p, 0, &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name_flags");
+
+ if (strcmp(princ, princ_unparsed))
+ krb5_errx(context, 1, "q '%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+ &princ_unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name_flags");
+
+ if (strcmp(noquote, princ_unparsed))
+ krb5_errx(context, 1, "nq '%s' != '%s'", noquote, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p);
+}
+
+static void
+test_enterprise(krb5_context context)
+{
+ krb5_error_code ret;
+ char *unparsed;
+ krb5_principal p;
+
+ ret = krb5_set_default_realm(context, "SAMBA.ORG");
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_parse_name_flags(context, "lha at su.se@WIN.SU.SE",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+
+ if (strcmp(unparsed, "lha\\@su.se at WIN.SU.SE") != 0)
+ krb5_errx(context, 1, "enterprise name failed 1");
+ free(unparsed);
+
+ /*
+ *
+ */
+
+ ret = krb5_parse_name_flags(context, "lha\\@su.se at WIN.SU.SE",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lha\\@su.se\\@WIN.SU.SE at SAMBA.ORG") != 0)
+ krb5_errx(context, 1, "enterprise name failed 2: %s", unparsed);
+ free(unparsed);
+
+ /*
+ *
+ */
+
+ ret = krb5_parse_name_flags(context, "lha\\@su.se at WIN.SU.SE", 0, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lha\\@su.se at WIN.SU.SE") != 0)
+ krb5_errx(context, 1, "enterprise name failed 3");
+ free(unparsed);
+
+ /*
+ *
+ */
+
+ ret = krb5_parse_name_flags(context, "lha at su.se",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lha\\@su.se at SAMBA.ORG") != 0)
+ krb5_errx(context, 1, "enterprise name failed 2: %s", unparsed);
+ free(unparsed);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ setprogname(argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ test_princ(context);
+
+ test_enterprise(context);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_renew.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_renew.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_renew.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <err.h>
+#include <getarg.h>
+
+RCSID("$Id: test_renew.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[principal]");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_principal client;
+ krb5_context context;
+ const char *in_tkt_service = NULL;
+ krb5_ccache id;
+ krb5_error_code ret;
+ krb5_creds out;;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc > 0)
+ in_tkt_service = argv[0];
+
+ memset(&out, 0, sizeof(out));
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_init_context");
+
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_default");
+
+ ret = krb5_cc_get_principal(context, id, &client);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_default");
+
+ ret = krb5_get_renewed_creds(context,
+ &out,
+ client,
+ id,
+ in_tkt_service);
+
+ if(ret)
+ krb5_err(context, 1, ret, "krb5_get_kdc_cred");
+
+ if (krb5_principal_compare(context, out.client, client) != TRUE)
+ krb5_errx(context, 1, "return principal is not as expected");
+
+ krb5_free_cred_contents(context, &out);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_store.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_store.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_store.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <getarg.h>
+
+RCSID("$Id: test_store.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static void
+test_int8(krb5_context context, krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int i;
+ int8_t val[] = {
+ 0, 1, -1, 128, -127
+ }, v;
+
+ for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
+
+ ret = krb5_store_int8(sp, val[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_store_int8");
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ ret = krb5_ret_int8(sp, &v);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ret_int8");
+ if (v != val[i])
+ krb5_errx(context, 1, "store and ret mismatch");
+ }
+}
+
+static void
+test_int16(krb5_context context, krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int i;
+ int16_t val[] = {
+ 0, 1, -1, 32768, -32767
+ }, v;
+
+ for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
+
+ ret = krb5_store_int16(sp, val[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_store_int16");
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ ret = krb5_ret_int16(sp, &v);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ret_int16");
+ if (v != val[i])
+ krb5_errx(context, 1, "store and ret mismatch");
+ }
+}
+
+static void
+test_int32(krb5_context context, krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int i;
+ int32_t val[] = {
+ 0, 1, -1, 2147483647, -2147483646
+ }, v;
+
+ for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
+
+ ret = krb5_store_int32(sp, val[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_store_int32");
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ ret = krb5_ret_int32(sp, &v);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ret_int32");
+ if (v != val[i])
+ krb5_errx(context, 1, "store and ret mismatch");
+ }
+}
+
+static void
+test_uint8(krb5_context context, krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int i;
+ uint8_t val[] = {
+ 0, 1, 255
+ }, v;
+
+ for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
+
+ ret = krb5_store_uint8(sp, val[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_store_uint8");
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ ret = krb5_ret_uint8(sp, &v);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ret_uint8");
+ if (v != val[i])
+ krb5_errx(context, 1, "store and ret mismatch");
+ }
+}
+
+static void
+test_uint16(krb5_context context, krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int i;
+ uint16_t val[] = {
+ 0, 1, 65535
+ }, v;
+
+ for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
+
+ ret = krb5_store_uint16(sp, val[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_store_uint16");
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ ret = krb5_ret_uint16(sp, &v);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ret_uint16");
+ if (v != val[i])
+ krb5_errx(context, 1, "store and ret mismatch");
+ }
+}
+
+static void
+test_uint32(krb5_context context, krb5_storage *sp)
+{
+ krb5_error_code ret;
+ int i;
+ uint32_t val[] = {
+ 0, 1, 4294967295UL
+ }, v;
+
+ for (i = 0; i < sizeof(val[0])/sizeof(val); i++) {
+
+ ret = krb5_store_uint32(sp, val[i]);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_store_uint32");
+ krb5_storage_seek(sp, 0, SEEK_SET);
+ ret = krb5_ret_uint32(sp, &v);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_ret_uint32");
+ if (v != val[i])
+ krb5_errx(context, 1, "store and ret mismatch");
+ }
+}
+
+
+static void
+test_storage(krb5_context context)
+{
+ krb5_storage *sp;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ krb5_errx(context, 1, "krb5_storage_emem: no mem");
+
+ test_int8(context, sp);
+ test_int16(context, sp);
+ test_int32(context, sp);
+ test_uint8(context, sp);
+ test_uint16(context, sp);
+ test_uint32(context, sp);
+
+ krb5_storage_free(sp);
+}
+
+/*
+ *
+ */
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int optidx = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ test_storage(context);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/test_time.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/test_time.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/test_time.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_time.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void
+check_set_time(krb5_context context)
+{
+ krb5_error_code ret;
+ krb5_timestamp sec;
+ int32_t usec;
+ struct timeval tv;
+ int diff = 10;
+ int diff2;
+
+ gettimeofday(&tv, NULL);
+
+ ret = krb5_set_real_time(context, tv.tv_sec + diff, tv.tv_usec);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_us_timeofday");
+
+ ret = krb5_us_timeofday(context, &sec, &usec);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_us_timeofday");
+
+ diff2 = abs(sec - tv.tv_sec);
+
+ if (diff2 < 9 || diff > 11)
+ krb5_errx(context, 1, "set time error: diff: %d",
+ abs(sec - tv.tv_sec));
+}
+
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx(1, "krb5_init_context %d", ret);
+
+ check_set_time(context);
+ check_set_time(context);
+ check_set_time(context);
+ check_set_time(context);
+ check_set_time(context);
+
+ krb5_free_context(context);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/ticket.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/ticket.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/ticket.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,272 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: ticket.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_free_ticket(krb5_context context,
+ krb5_ticket *ticket)
+{
+ free_EncTicketPart(&ticket->ticket);
+ krb5_free_principal(context, ticket->client);
+ krb5_free_principal(context, ticket->server);
+ free(ticket);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_copy_ticket(krb5_context context,
+ const krb5_ticket *from,
+ krb5_ticket **to)
+{
+ krb5_error_code ret;
+ krb5_ticket *tmp;
+
+ *to = NULL;
+ tmp = malloc(sizeof(*tmp));
+ if(tmp == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){
+ free(tmp);
+ return ret;
+ }
+ ret = krb5_copy_principal(context, from->client, &tmp->client);
+ if(ret){
+ free_EncTicketPart(&tmp->ticket);
+ free(tmp);
+ return ret;
+ }
+ ret = krb5_copy_principal(context, from->server, &tmp->server);
+ if(ret){
+ krb5_free_principal(context, tmp->client);
+ free_EncTicketPart(&tmp->ticket);
+ free(tmp);
+ return ret;
+ }
+ *to = tmp;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ticket_get_client(krb5_context context,
+ const krb5_ticket *ticket,
+ krb5_principal *client)
+{
+ return krb5_copy_principal(context, ticket->client, client);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ticket_get_server(krb5_context context,
+ const krb5_ticket *ticket,
+ krb5_principal *server)
+{
+ return krb5_copy_principal(context, ticket->server, server);
+}
+
+time_t KRB5_LIB_FUNCTION
+krb5_ticket_get_endtime(krb5_context context,
+ const krb5_ticket *ticket)
+{
+ return ticket->ticket.endtime;
+}
+
+static int
+find_type_in_ad(krb5_context context,
+ int type,
+ krb5_data *data,
+ krb5_boolean *found,
+ krb5_boolean failp,
+ krb5_keyblock *sessionkey,
+ const AuthorizationData *ad,
+ int level)
+{
+ krb5_error_code ret = 0;
+ int i;
+
+ if (level > 9) {
+ krb5_set_error_string(context, "Authorization data nested deeper "
+ "then %d levels, stop searching", level);
+ ret = ENOENT; /* XXX */
+ goto out;
+ }
+
+ /*
+ * Only copy out the element the first time we get to it, we need
+ * to run over the whole authorization data fields to check if
+ * there are any container clases we need to care about.
+ */
+ for (i = 0; i < ad->len; i++) {
+ if (!*found && ad->val[i].ad_type == type) {
+ ret = der_copy_octet_string(&ad->val[i].ad_data, data);
+ if (ret) {
+ krb5_set_error_string(context, "malloc - out of memory");
+ goto out;
+ }
+ *found = TRUE;
+ continue;
+ }
+ switch (ad->val[i].ad_type) {
+ case KRB5_AUTHDATA_IF_RELEVANT: {
+ AuthorizationData child;
+ ret = decode_AuthorizationData(ad->val[i].ad_data.data,
+ ad->val[i].ad_data.length,
+ &child,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode "
+ "IF_RELEVANT with %d", ret);
+ goto out;
+ }
+ ret = find_type_in_ad(context, type, data, found, FALSE,
+ sessionkey, &child, level + 1);
+ free_AuthorizationData(&child);
+ if (ret)
+ goto out;
+ break;
+ }
+#if 0 /* XXX test */
+ case KRB5_AUTHDATA_KDC_ISSUED: {
+ AD_KDCIssued child;
+
+ ret = decode_AD_KDCIssued(ad->val[i].ad_data.data,
+ ad->val[i].ad_data.length,
+ &child,
+ NULL);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to decode "
+ "AD_KDCIssued with %d", ret);
+ goto out;
+ }
+ if (failp) {
+ krb5_boolean valid;
+ krb5_data buf;
+ size_t len;
+
+ ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length,
+ &child.elements, &len, ret);
+ if (ret) {
+ free_AD_KDCIssued(&child);
+ krb5_clear_error_string(context);
+ goto out;
+ }
+ if(buf.length != len)
+ krb5_abortx(context, "internal error in ASN.1 encoder");
+
+ ret = krb5_c_verify_checksum(context, sessionkey, 19, &buf,
+ &child.ad_checksum, &valid);
+ krb5_data_free(&buf);
+ if (ret) {
+ free_AD_KDCIssued(&child);
+ goto out;
+ }
+ if (!valid) {
+ krb5_clear_error_string(context);
+ ret = ENOENT;
+ free_AD_KDCIssued(&child);
+ goto out;
+ }
+ }
+ ret = find_type_in_ad(context, type, data, found, failp, sessionkey,
+ &child.elements, level + 1);
+ free_AD_KDCIssued(&child);
+ if (ret)
+ goto out;
+ break;
+ }
+#endif
+ case KRB5_AUTHDATA_AND_OR:
+ if (!failp)
+ break;
+ krb5_set_error_string(context, "Authorization data contains "
+ "AND-OR element that is unknown to the "
+ "application");
+ ret = ENOENT; /* XXX */
+ goto out;
+ default:
+ if (!failp)
+ break;
+ krb5_set_error_string(context, "Authorization data contains "
+ "unknown type (%d) ", ad->val[i].ad_type);
+ ret = ENOENT; /* XXX */
+ goto out;
+ }
+ }
+out:
+ if (ret) {
+ if (*found) {
+ krb5_data_free(data);
+ *found = 0;
+ }
+ }
+ return ret;
+}
+
+/*
+ * Extract the authorization data type of `type' from the
+ * 'ticket'. Store the field in `data'. This function is to use for
+ * kerberos applications.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_ticket_get_authorization_data_type(krb5_context context,
+ krb5_ticket *ticket,
+ int type,
+ krb5_data *data)
+{
+ AuthorizationData *ad;
+ krb5_error_code ret;
+ krb5_boolean found = FALSE;
+
+ krb5_data_zero(data);
+
+ ad = ticket->ticket.authorization_data;
+ if (ticket->ticket.authorization_data == NULL) {
+ krb5_set_error_string(context, "Ticket have not authorization data");
+ return ENOENT; /* XXX */
+ }
+
+ ret = find_type_in_ad(context, type, data, &found, TRUE,
+ &ticket->ticket.key, ad, 0);
+ if (ret)
+ return ret;
+ if (!found) {
+ krb5_set_error_string(context, "Ticket have not authorization "
+ "data of type %d", type);
+ return ENOENT; /* XXX */
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/time.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/time.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/time.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: time.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Set the absolute time that the caller knows the kdc has so the
+ * kerberos library can calculate the relative diffrence beteen the
+ * KDC time and local system time.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_real_time (krb5_context context,
+ krb5_timestamp sec,
+ int32_t usec)
+{
+ struct timeval tv;
+
+ gettimeofday(&tv, NULL);
+
+ context->kdc_sec_offset = sec - tv.tv_sec;
+ context->kdc_usec_offset = usec - tv.tv_usec;
+
+ if (context->kdc_usec_offset < 0) {
+ context->kdc_sec_offset--;
+ context->kdc_usec_offset += 1000000;
+ }
+ return 0;
+}
+
+/*
+ * return ``corrected'' time in `timeret'.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_timeofday (krb5_context context,
+ krb5_timestamp *timeret)
+{
+ *timeret = time(NULL) + context->kdc_sec_offset;
+ return 0;
+}
+
+/*
+ * like gettimeofday but with time correction to the KDC
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_us_timeofday (krb5_context context,
+ krb5_timestamp *sec,
+ int32_t *usec)
+{
+ struct timeval tv;
+
+ gettimeofday (&tv, NULL);
+
+ *sec = tv.tv_sec + context->kdc_sec_offset;
+ *usec = tv.tv_usec; /* XXX */
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_format_time(krb5_context context, time_t t,
+ char *s, size_t len, krb5_boolean include_time)
+{
+ struct tm *tm;
+ if(context->log_utc)
+ tm = gmtime (&t);
+ else
+ tm = localtime(&t);
+ if(tm == NULL ||
+ strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm) == 0)
+ snprintf(s, len, "%ld", (long)t);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_deltat(const char *string, krb5_deltat *deltat)
+{
+ if((*deltat = parse_time(string, "s")) == -1)
+ return KRB5_DELTAT_BADFORMAT;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/transited.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/transited.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/transited.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,503 @@
+/*
+ * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: transited.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/* this is an attempt at one of the most horrible `compression'
+ schemes that has ever been invented; it's so amazingly brain-dead
+ that words can not describe it, and all this just to save a few
+ silly bytes */
+
+struct tr_realm {
+ char *realm;
+ unsigned leading_space:1;
+ unsigned leading_slash:1;
+ unsigned trailing_dot:1;
+ struct tr_realm *next;
+};
+
+static void
+free_realms(struct tr_realm *r)
+{
+ struct tr_realm *p;
+ while(r){
+ p = r;
+ r = r->next;
+ free(p->realm);
+ free(p);
+ }
+}
+
+static int
+make_path(krb5_context context, struct tr_realm *r,
+ const char *from, const char *to)
+{
+ const char *p;
+ struct tr_realm *path = r->next;
+ struct tr_realm *tmp;
+
+ if(strlen(from) < strlen(to)){
+ const char *str;
+ str = from;
+ from = to;
+ to = str;
+ }
+
+ if(strcmp(from + strlen(from) - strlen(to), to) == 0){
+ p = from;
+ while(1){
+ p = strchr(p, '.');
+ if(p == NULL) {
+ krb5_clear_error_string (context);
+ return KRB5KDC_ERR_POLICY;
+ }
+ p++;
+ if(strcmp(p, to) == 0)
+ break;
+ tmp = calloc(1, sizeof(*tmp));
+ if(tmp == NULL){
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ tmp->next = path;
+ path = tmp;
+ path->realm = strdup(p);
+ if(path->realm == NULL){
+ r->next = path; /* XXX */
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;;
+ }
+ }
+ }else if(strncmp(from, to, strlen(to)) == 0){
+ p = from + strlen(from);
+ while(1){
+ while(p >= from && *p != '/') p--;
+ if(p == from) {
+ r->next = path; /* XXX */
+ return KRB5KDC_ERR_POLICY;
+ }
+ if(strncmp(to, from, p - from) == 0)
+ break;
+ tmp = calloc(1, sizeof(*tmp));
+ if(tmp == NULL){
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ tmp->next = path;
+ path = tmp;
+ path->realm = malloc(p - from + 1);
+ if(path->realm == NULL){
+ r->next = path; /* XXX */
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(path->realm, from, p - from);
+ path->realm[p - from] = '\0';
+ p--;
+ }
+ } else {
+ krb5_clear_error_string (context);
+ return KRB5KDC_ERR_POLICY;
+ }
+ r->next = path;
+
+ return 0;
+}
+
+static int
+make_paths(krb5_context context,
+ struct tr_realm *realms, const char *client_realm,
+ const char *server_realm)
+{
+ struct tr_realm *r;
+ int ret;
+ const char *prev_realm = client_realm;
+ const char *next_realm = NULL;
+ for(r = realms; r; r = r->next){
+ /* it *might* be that you can have more than one empty
+ component in a row, at least that's how I interpret the
+ "," exception in 1510 */
+ if(r->realm[0] == '\0'){
+ while(r->next && r->next->realm[0] == '\0')
+ r = r->next;
+ if(r->next)
+ next_realm = r->next->realm;
+ else
+ next_realm = server_realm;
+ ret = make_path(context, r, prev_realm, next_realm);
+ if(ret){
+ free_realms(realms);
+ return ret;
+ }
+ }
+ prev_realm = r->realm;
+ }
+ return 0;
+}
+
+static int
+expand_realms(krb5_context context,
+ struct tr_realm *realms, const char *client_realm)
+{
+ struct tr_realm *r;
+ const char *prev_realm = NULL;
+ for(r = realms; r; r = r->next){
+ if(r->trailing_dot){
+ char *tmp;
+ size_t len;
+
+ if(prev_realm == NULL)
+ prev_realm = client_realm;
+
+ len = strlen(r->realm) + strlen(prev_realm) + 1;
+
+ tmp = realloc(r->realm, len);
+ if(tmp == NULL){
+ free_realms(realms);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ r->realm = tmp;
+ strlcat(r->realm, prev_realm, len);
+ }else if(r->leading_slash && !r->leading_space && prev_realm){
+ /* yet another exception: if you use x500-names, the
+ leading realm doesn't have to be "quoted" with a space */
+ char *tmp;
+ size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
+
+ tmp = malloc(len);
+ if(tmp == NULL){
+ free_realms(realms);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ strlcpy(tmp, prev_realm, len);
+ strlcat(tmp, r->realm, len);
+ free(r->realm);
+ r->realm = tmp;
+ }
+ prev_realm = r->realm;
+ }
+ return 0;
+}
+
+static struct tr_realm *
+make_realm(char *realm)
+{
+ struct tr_realm *r;
+ char *p, *q;
+ int quote = 0;
+ r = calloc(1, sizeof(*r));
+ if(r == NULL){
+ free(realm);
+ return NULL;
+ }
+ r->realm = realm;
+ for(p = q = r->realm; *p; p++){
+ if(p == r->realm && *p == ' '){
+ r->leading_space = 1;
+ continue;
+ }
+ if(q == r->realm && *p == '/')
+ r->leading_slash = 1;
+ if(quote){
+ *q++ = *p;
+ quote = 0;
+ continue;
+ }
+ if(*p == '\\'){
+ quote = 1;
+ continue;
+ }
+ if(p[0] == '.' && p[1] == '\0')
+ r->trailing_dot = 1;
+ *q++ = *p;
+ }
+ *q = '\0';
+ return r;
+}
+
+static struct tr_realm*
+append_realm(struct tr_realm *head, struct tr_realm *r)
+{
+ struct tr_realm *p;
+ if(head == NULL){
+ r->next = NULL;
+ return r;
+ }
+ p = head;
+ while(p->next) p = p->next;
+ p->next = r;
+ return head;
+}
+
+static int
+decode_realms(krb5_context context,
+ const char *tr, int length, struct tr_realm **realms)
+{
+ struct tr_realm *r = NULL;
+
+ char *tmp;
+ int quote = 0;
+ const char *start = tr;
+ int i;
+
+ for(i = 0; i < length; i++){
+ if(quote){
+ quote = 0;
+ continue;
+ }
+ if(tr[i] == '\\'){
+ quote = 1;
+ continue;
+ }
+ if(tr[i] == ','){
+ tmp = malloc(tr + i - start + 1);
+ if(tmp == NULL){
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(tmp, start, tr + i - start);
+ tmp[tr + i - start] = '\0';
+ r = make_realm(tmp);
+ if(r == NULL){
+ free_realms(*realms);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *realms = append_realm(*realms, r);
+ start = tr + i + 1;
+ }
+ }
+ tmp = malloc(tr + i - start + 1);
+ if(tmp == NULL){
+ free(*realms);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(tmp, start, tr + i - start);
+ tmp[tr + i - start] = '\0';
+ r = make_realm(tmp);
+ if(r == NULL){
+ free_realms(*realms);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ *realms = append_realm(*realms, r);
+
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_domain_x500_decode(krb5_context context,
+ krb5_data tr, char ***realms, int *num_realms,
+ const char *client_realm, const char *server_realm)
+{
+ struct tr_realm *r = NULL;
+ struct tr_realm *p, **q;
+ int ret;
+
+ if(tr.length == 0) {
+ *realms = NULL;
+ *num_realms = 0;
+ return 0;
+ }
+
+ /* split string in components */
+ ret = decode_realms(context, tr.data, tr.length, &r);
+ if(ret)
+ return ret;
+
+ /* apply prefix rule */
+ ret = expand_realms(context, r, client_realm);
+ if(ret)
+ return ret;
+
+ ret = make_paths(context, r, client_realm, server_realm);
+ if(ret)
+ return ret;
+
+ /* remove empty components and count realms */
+ q = &r;
+ *num_realms = 0;
+ for(p = r; p; ){
+ if(p->realm[0] == '\0'){
+ free(p->realm);
+ *q = p->next;
+ free(p);
+ p = *q;
+ }else{
+ q = &p->next;
+ p = p->next;
+ (*num_realms)++;
+ }
+ }
+ if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
+ return ERANGE;
+
+ {
+ char **R;
+ R = malloc((*num_realms + 1) * sizeof(*R));
+ if (R == NULL)
+ return ENOMEM;
+ *realms = R;
+ while(r){
+ *R++ = r->realm;
+ p = r->next;
+ free(r);
+ r = p;
+ }
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
+{
+ char *s = NULL;
+ int len = 0;
+ int i;
+ krb5_data_zero(encoding);
+ if (num_realms == 0)
+ return 0;
+ for(i = 0; i < num_realms; i++){
+ len += strlen(realms[i]);
+ if(realms[i][0] == '/')
+ len++;
+ }
+ len += num_realms - 1;
+ s = malloc(len + 1);
+ if (s == NULL)
+ return ENOMEM;
+ *s = '\0';
+ for(i = 0; i < num_realms; i++){
+ if(i && i < num_realms - 1)
+ strlcat(s, ",", len + 1);
+ if(realms[i][0] == '/')
+ strlcat(s, " ", len + 1);
+ strlcat(s, realms[i], len + 1);
+ }
+ encoding->data = s;
+ encoding->length = strlen(s);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_check_transited(krb5_context context,
+ krb5_const_realm client_realm,
+ krb5_const_realm server_realm,
+ krb5_realm *realms,
+ int num_realms,
+ int *bad_realm)
+{
+ char **tr_realms;
+ char **p;
+ int i;
+
+ if(num_realms == 0)
+ return 0;
+
+ tr_realms = krb5_config_get_strings(context, NULL,
+ "capaths",
+ client_realm,
+ server_realm,
+ NULL);
+ for(i = 0; i < num_realms; i++) {
+ for(p = tr_realms; p && *p; p++) {
+ if(strcmp(*p, realms[i]) == 0)
+ break;
+ }
+ if(p == NULL || *p == NULL) {
+ krb5_config_free_strings(tr_realms);
+ krb5_set_error_string (context, "no transit through realm %s",
+ realms[i]);
+ if(bad_realm)
+ *bad_realm = i;
+ return KRB5KRB_AP_ERR_ILL_CR_TKT;
+ }
+ }
+ krb5_config_free_strings(tr_realms);
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_check_transited_realms(krb5_context context,
+ const char *const *realms,
+ int num_realms,
+ int *bad_realm)
+{
+ int i;
+ int ret = 0;
+ char **bad_realms = krb5_config_get_strings(context, NULL,
+ "libdefaults",
+ "transited_realms_reject",
+ NULL);
+ if(bad_realms == NULL)
+ return 0;
+
+ for(i = 0; i < num_realms; i++) {
+ char **p;
+ for(p = bad_realms; *p; p++)
+ if(strcmp(*p, realms[i]) == 0) {
+ krb5_set_error_string (context, "no transit through realm %s",
+ *p);
+ ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
+ if(bad_realm)
+ *bad_realm = i;
+ break;
+ }
+ }
+ krb5_config_free_strings(bad_realms);
+ return ret;
+}
+
+#if 0
+int
+main(int argc, char **argv)
+{
+ krb5_data x;
+ char **r;
+ int num, i;
+ x.data = argv[1];
+ x.length = strlen(x.data);
+ if(domain_expand(x, &r, &num, argv[2], argv[3]))
+ exit(1);
+ for(i = 0; i < num; i++)
+ printf("%s\n", r[i]);
+ return 0;
+}
+#endif
+
Added: vendor-crypto/heimdal/dist/lib/krb5/v4_glue.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/v4_glue.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/v4_glue.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,939 @@
+/*
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+RCSID("$Id: v4_glue.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+#include "krb5-v4compat.h"
+
+/*
+ *
+ */
+
+#define RCHECK(r,func,label) \
+ do { (r) = func ; if (r) goto label; } while(0);
+
+
+/* include this here, to avoid dependencies on libkrb */
+
+static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
+ 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318,
+ 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684,
+ 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720,
+ 191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116,
+ 326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904,
+ 556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303,
+ 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
+ 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
+};
+
+int KRB5_LIB_FUNCTION
+_krb5_krb_time_to_life(time_t start, time_t end)
+{
+ int i;
+ time_t life = end - start;
+
+ if (life > MAXTKTLIFETIME || life <= 0)
+ return 0;
+#if 0
+ if (krb_no_long_lifetimes)
+ return (life + 5*60 - 1)/(5*60);
+#endif
+
+ if (end >= NEVERDATE)
+ return TKTLIFENOEXPIRE;
+ if (life < _tkt_lifetimes[0])
+ return (life + 5*60 - 1)/(5*60);
+ for (i=0; i<TKTLIFENUMFIXED; i++)
+ if (life <= _tkt_lifetimes[i])
+ return i + TKTLIFEMINFIXED;
+ return 0;
+
+}
+
+time_t KRB5_LIB_FUNCTION
+_krb5_krb_life_to_time(int start, int life_)
+{
+ unsigned char life = (unsigned char) life_;
+
+#if 0
+ if (krb_no_long_lifetimes)
+ return start + life*5*60;
+#endif
+
+ if (life == TKTLIFENOEXPIRE)
+ return NEVERDATE;
+ if (life < TKTLIFEMINFIXED)
+ return start + life*5*60;
+ if (life > TKTLIFEMAXFIXED)
+ return start + MAXTKTLIFETIME;
+ return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
+}
+
+/*
+ * Get the name of the krb4 credentials cache, will use `tkfile' as
+ * the name if that is passed in. `cc' must be free()ed by caller,
+ */
+
+static krb5_error_code
+get_krb4_cc_name(const char *tkfile, char **cc)
+{
+
+ *cc = NULL;
+ if(tkfile == NULL) {
+ char *path;
+ if(!issuid()) {
+ path = getenv("KRBTKFILE");
+ if (path)
+ *cc = strdup(path);
+ }
+ if(*cc == NULL)
+ if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0)
+ return errno;
+ } else {
+ *cc = strdup(tkfile);
+ if (*cc == NULL)
+ return ENOMEM;
+ }
+ return 0;
+}
+
+/*
+ * Write a Kerberos 4 ticket file
+ */
+
+#define KRB5_TF_LCK_RETRY_COUNT 50
+#define KRB5_TF_LCK_RETRY 1
+
+static krb5_error_code
+write_v4_cc(krb5_context context, const char *tkfile,
+ krb5_storage *sp, int append)
+{
+ krb5_error_code ret;
+ struct stat sb;
+ krb5_data data;
+ char *path;
+ int fd, i;
+
+ ret = get_krb4_cc_name(tkfile, &path);
+ if (ret) {
+ krb5_set_error_string(context,
+ "krb5_krb_tf_setup: failed getting "
+ "the krb4 credentials cache name");
+ return ret;
+ }
+
+ fd = open(path, O_WRONLY|O_CREAT, 0600);
+ if (fd < 0) {
+ ret = errno;
+ krb5_set_error_string(context,
+ "krb5_krb_tf_setup: error opening file %s",
+ path);
+ free(path);
+ return ret;
+ }
+
+ if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
+ krb5_set_error_string(context,
+ "krb5_krb_tf_setup: tktfile %s is not a file",
+ path);
+ free(path);
+ close(fd);
+ return KRB5_FCC_PERM;
+ }
+
+ for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) {
+ if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
+ sleep(KRB5_TF_LCK_RETRY);
+ } else
+ break;
+ }
+ if (i == KRB5_TF_LCK_RETRY_COUNT) {
+ krb5_set_error_string(context,
+ "krb5_krb_tf_setup: failed to lock %s",
+ path);
+ free(path);
+ close(fd);
+ return KRB5_FCC_PERM;
+ }
+
+ if (!append) {
+ ret = ftruncate(fd, 0);
+ if (ret < 0) {
+ flock(fd, LOCK_UN);
+ krb5_set_error_string(context,
+ "krb5_krb_tf_setup: failed to truncate %s",
+ path);
+ free(path);
+ close(fd);
+ return KRB5_FCC_PERM;
+ }
+ }
+ ret = lseek(fd, 0L, SEEK_END);
+ if (ret < 0) {
+ ret = errno;
+ flock(fd, LOCK_UN);
+ free(path);
+ close(fd);
+ return ret;
+ }
+
+ krb5_storage_to_data(sp, &data);
+
+ ret = write(fd, data.data, data.length);
+ if (ret != data.length)
+ ret = KRB5_CC_IO;
+
+ krb5_free_data_contents(context, &data);
+
+ flock(fd, LOCK_UN);
+ free(path);
+ close(fd);
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_tf_setup(krb5_context context,
+ struct credentials *v4creds,
+ const char *tkfile,
+ int append)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return ENOMEM;
+
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
+ krb5_storage_set_eof_code(sp, KRB5_CC_IO);
+
+ krb5_clear_error_string(context);
+
+ if (!append) {
+ RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
+ RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
+ }
+
+ /* cred */
+ RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
+ RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
+ RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
+ ret = krb5_storage_write(sp, v4creds->session, 8);
+ if (ret != 8) {
+ ret = KRB5_CC_IO;
+ goto error;
+ }
+ RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
+ RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
+ RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
+
+ ret = krb5_storage_write(sp, v4creds->ticket_st.dat,
+ v4creds->ticket_st.length);
+ if (ret != v4creds->ticket_st.length) {
+ ret = KRB5_CC_IO;
+ goto error;
+ }
+ RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
+
+ ret = write_v4_cc(context, tkfile, sp, append);
+
+ error:
+ krb5_storage_free(sp);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
+{
+ krb5_error_code ret;
+ char *path;
+
+ ret = get_krb4_cc_name(tkfile, &path);
+ if (ret) {
+ krb5_set_error_string(context,
+ "krb5_krb_tf_setup: failed getting "
+ "the krb4 credentials cache name");
+ return ret;
+ }
+
+ if (unlink(path) < 0) {
+ ret = errno;
+ krb5_set_error_string(context,
+ "krb5_krb_dest_tkt failed removing the cache "
+ "with error %s", strerror(ret));
+ }
+ free(path);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+decrypt_etext(krb5_context context, const krb5_keyblock *key,
+ const krb5_data *cdata, krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+
+ ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
+ if (ret)
+ return ret;
+
+ ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data);
+ krb5_crypto_destroy(context, crypto);
+
+ return ret;
+}
+
+
+/*
+ *
+ */
+
+static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00";
+
+static krb5_error_code
+storage_to_etext(krb5_context context,
+ krb5_storage *sp,
+ const krb5_keyblock *key,
+ krb5_data *enc_data)
+{
+ krb5_error_code ret;
+ krb5_crypto crypto;
+ krb5_ssize_t size;
+ krb5_data data;
+
+ /* multiple of eight bytes */
+
+ size = krb5_storage_seek(sp, 0, SEEK_END);
+ if (size < 0)
+ return KRB4ET_RD_AP_UNDEC;
+ size = 8 - (size & 7);
+
+ ret = krb5_storage_write(sp, eightzeros, size);
+ if (ret != size)
+ return KRB4ET_RD_AP_UNDEC;
+
+ ret = krb5_storage_to_data(sp, &data);
+ if (ret)
+ return ret;
+
+ ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
+ if (ret) {
+ krb5_data_free(&data);
+ return ret;
+ }
+
+ ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data);
+
+ krb5_data_free(&data);
+ krb5_crypto_destroy(context, crypto);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+put_nir(krb5_storage *sp, const char *name,
+ const char *instance, const char *realm)
+{
+ krb5_error_code ret;
+
+ RCHECK(ret, krb5_store_stringz(sp, name), error);
+ RCHECK(ret, krb5_store_stringz(sp, instance), error);
+ if (realm) {
+ RCHECK(ret, krb5_store_stringz(sp, realm), error);
+ }
+ error:
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_create_ticket(krb5_context context,
+ unsigned char flags,
+ const char *pname,
+ const char *pinstance,
+ const char *prealm,
+ int32_t paddress,
+ const krb5_keyblock *session,
+ int16_t life,
+ int32_t life_sec,
+ const char *sname,
+ const char *sinstance,
+ const krb5_keyblock *key,
+ krb5_data *enc_data)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ krb5_data_zero(enc_data);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+
+ RCHECK(ret, krb5_store_int8(sp, flags), error);
+ RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error);
+ RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error);
+
+ /* session key */
+ ret = krb5_storage_write(sp,
+ session->keyvalue.data,
+ session->keyvalue.length);
+ if (ret != session->keyvalue.length) {
+ ret = KRB4ET_INTK_PROT;
+ goto error;
+ }
+
+ RCHECK(ret, krb5_store_int8(sp, life), error);
+ RCHECK(ret, krb5_store_int32(sp, life_sec), error);
+ RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error);
+
+ ret = storage_to_etext(context, sp, key, enc_data);
+
+ error:
+ krb5_storage_free(sp);
+ if (ret)
+ krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_create_ciph(krb5_context context,
+ const krb5_keyblock *session,
+ const char *service,
+ const char *instance,
+ const char *realm,
+ uint32_t life,
+ unsigned char kvno,
+ const krb5_data *ticket,
+ uint32_t kdc_time,
+ const krb5_keyblock *key,
+ krb5_data *enc_data)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ krb5_data_zero(enc_data);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+
+ /* session key */
+ ret = krb5_storage_write(sp,
+ session->keyvalue.data,
+ session->keyvalue.length);
+ if (ret != session->keyvalue.length) {
+ ret = KRB4ET_INTK_PROT;
+ goto error;
+ }
+
+ RCHECK(ret, put_nir(sp, service, instance, realm), error);
+ RCHECK(ret, krb5_store_int8(sp, life), error);
+ RCHECK(ret, krb5_store_int8(sp, kvno), error);
+ RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
+ ret = krb5_storage_write(sp, ticket->data, ticket->length);
+ if (ret != ticket->length) {
+ ret = KRB4ET_INTK_PROT;
+ goto error;
+ }
+ RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
+
+ ret = storage_to_etext(context, sp, key, enc_data);
+
+ error:
+ krb5_storage_free(sp);
+ if (ret)
+ krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_create_auth_reply(krb5_context context,
+ const char *pname,
+ const char *pinst,
+ const char *prealm,
+ int32_t time_ws,
+ int n,
+ uint32_t x_date,
+ unsigned char kvno,
+ const krb5_data *cipher,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ krb5_data_zero(data);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+
+ RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
+ RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error);
+ RCHECK(ret, put_nir(sp, pname, pinst, prealm), error);
+ RCHECK(ret, krb5_store_int32(sp, time_ws), error);
+ RCHECK(ret, krb5_store_int8(sp, n), error);
+ RCHECK(ret, krb5_store_int32(sp, x_date), error);
+ RCHECK(ret, krb5_store_int8(sp, kvno), error);
+ RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
+ ret = krb5_storage_write(sp, cipher->data, cipher->length);
+ if (ret != cipher->length) {
+ ret = KRB4ET_INTK_PROT;
+ goto error;
+ }
+
+ ret = krb5_storage_to_data(sp, data);
+
+ error:
+ krb5_storage_free(sp);
+ if (ret)
+ krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_cr_err_reply(krb5_context context,
+ const char *name,
+ const char *inst,
+ const char *realm,
+ uint32_t time_ws,
+ uint32_t e,
+ const char *e_string,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+
+ krb5_data_zero(data);
+
+ if (name == NULL) name = "";
+ if (inst == NULL) inst = "";
+ if (realm == NULL) realm = "";
+ if (e_string == NULL) e_string = "";
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+
+ RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
+ RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
+ RCHECK(ret, put_nir(sp, name, inst, realm), error);
+ RCHECK(ret, krb5_store_int32(sp, time_ws), error);
+ /* If it is a Kerberos 4 error-code, remove the et BASE */
+ if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
+ e -= ERROR_TABLE_BASE_krb;
+ RCHECK(ret, krb5_store_int32(sp, e), error);
+ RCHECK(ret, krb5_store_stringz(sp, e_string), error);
+
+ ret = krb5_storage_to_data(sp, data);
+
+ error:
+ krb5_storage_free(sp);
+ if (ret)
+ krb5_set_error_string(context, "Failed to encode kerberos 4 error");
+
+ return 0;
+}
+
+static krb5_error_code
+get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
+{
+ krb5_error_code ret;
+
+ ret = krb5_ret_stringz(sp, str);
+ if (ret)
+ return ret;
+ if (strlen(*str) > max_len) {
+ free(*str);
+ *str = NULL;
+ return KRB4ET_INTK_PROT;
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_decomp_ticket(krb5_context context,
+ const krb5_data *enc_ticket,
+ const krb5_keyblock *key,
+ const char *local_realm,
+ char **sname,
+ char **sinstance,
+ struct _krb5_krb_auth_data *ad)
+{
+ krb5_error_code ret;
+ krb5_ssize_t size;
+ krb5_storage *sp = NULL;
+ krb5_data ticket;
+ unsigned char des_key[8];
+
+ memset(ad, 0, sizeof(*ad));
+ krb5_data_zero(&ticket);
+
+ *sname = NULL;
+ *sinstance = NULL;
+
+ RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error);
+
+ sp = krb5_storage_from_data(&ticket);
+ if (sp == NULL) {
+ krb5_data_free(&ticket);
+ krb5_set_error_string(context, "alloc: out of memory");
+ return ENOMEM;
+ }
+
+ krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
+
+ RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
+ RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
+ RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error);
+ RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error);
+ RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error);
+
+ size = krb5_storage_read(sp, des_key, sizeof(des_key));
+ if (size != sizeof(des_key)) {
+ ret = KRB4ET_INTK_PROT;
+ goto error;
+ }
+
+ RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error);
+
+ if (ad->k_flags & 1)
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
+ else
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+
+ RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error);
+
+ RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error);
+ RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error);
+
+ ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE,
+ des_key, sizeof(des_key), &ad->session);
+ if (ret)
+ goto error;
+
+ if (strlen(ad->prealm) == 0) {
+ free(ad->prealm);
+ ad->prealm = strdup(local_realm);
+ if (ad->prealm == NULL) {
+ ret = ENOMEM;
+ goto error;
+ }
+ }
+
+ error:
+ memset(des_key, 0, sizeof(des_key));
+ if (sp)
+ krb5_storage_free(sp);
+ krb5_data_free(&ticket);
+ if (ret) {
+ if (*sname) {
+ free(*sname);
+ *sname = NULL;
+ }
+ if (*sinstance) {
+ free(*sinstance);
+ *sinstance = NULL;
+ }
+ _krb5_krb_free_auth_data(context, ad);
+ krb5_set_error_string(context, "Failed to decode v4 ticket");
+ }
+ return ret;
+}
+
+/*
+ *
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_krb_rd_req(krb5_context context,
+ krb5_data *authent,
+ const char *service,
+ const char *instance,
+ const char *local_realm,
+ int32_t from_addr,
+ const krb5_keyblock *key,
+ struct _krb5_krb_auth_data *ad)
+{
+ krb5_error_code ret;
+ krb5_storage *sp;
+ krb5_data ticket, eaut, aut;
+ krb5_ssize_t size;
+ int little_endian;
+ int8_t pvno;
+ int8_t type;
+ int8_t s_kvno;
+ uint8_t ticket_length;
+ uint8_t eaut_length;
+ uint8_t time_5ms;
+ char *realm = NULL;
+ char *sname = NULL;
+ char *sinstance = NULL;
+ char *r_realm = NULL;
+ char *r_name = NULL;
+ char *r_instance = NULL;
+
+ uint32_t r_time_sec; /* Coarse time from authenticator */
+ unsigned long delta_t; /* Time in authenticator - local time */
+ long tkt_age; /* Age of ticket */
+
+ struct timeval tv;
+
+ krb5_data_zero(&ticket);
+ krb5_data_zero(&eaut);
+ krb5_data_zero(&aut);
+
+ sp = krb5_storage_from_data(authent);
+ if (sp == NULL) {
+ krb5_set_error_string(context, "alloc: out of memory");
+ return ENOMEM;
+ }
+
+ krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
+
+ ret = krb5_ret_int8(sp, &pvno);
+ if (ret) {
+ krb5_set_error_string(context, "Failed reading v4 pvno");
+ goto error;
+ }
+
+ if (pvno != KRB_PROT_VERSION) {
+ ret = KRB4ET_RD_AP_VERSION;
+ krb5_set_error_string(context, "Failed v4 pvno not 4");
+ goto error;
+ }
+
+ ret = krb5_ret_int8(sp, &type);
+ if (ret) {
+ krb5_set_error_string(context, "Failed readin v4 type");
+ goto error;
+ }
+
+ little_endian = type & 1;
+ type &= ~1;
+
+ if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
+ ret = KRB4ET_RD_AP_MSG_TYPE;
+ krb5_set_error_string(context, "Not a valid v4 request type");
+ goto error;
+ }
+
+ RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error);
+ RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error);
+ RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error);
+ RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error);
+ RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error);
+
+ size = krb5_storage_read(sp, ticket.data, ticket.length);
+ if (size != ticket.length) {
+ ret = KRB4ET_INTK_PROT;
+ krb5_set_error_string(context, "Failed reading v4 ticket");
+ goto error;
+ }
+
+ /* Decrypt and take apart ticket */
+ ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm,
+ &sname, &sinstance, ad);
+ if (ret)
+ goto error;
+
+ RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error);
+
+ size = krb5_storage_read(sp, eaut.data, eaut.length);
+ if (size != eaut.length) {
+ ret = KRB4ET_INTK_PROT;
+ krb5_set_error_string(context, "Failed reading v4 authenticator");
+ goto error;
+ }
+
+ krb5_storage_free(sp);
+ sp = NULL;
+
+ ret = decrypt_etext(context, &ad->session, &eaut, &aut);
+ if (ret)
+ goto error;
+
+ sp = krb5_storage_from_data(&aut);
+ if (sp == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_string(context, "alloc: out of memory");
+ goto error;
+ }
+
+ if (little_endian)
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
+ else
+ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
+
+ RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error);
+ RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error);
+ RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error);
+
+ RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error);
+ RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error);
+ RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error);
+
+ if (strcmp(ad->pname, r_name) != 0 ||
+ strcmp(ad->pinst, r_instance) != 0 ||
+ strcmp(ad->prealm, r_realm) != 0) {
+ krb5_set_error_string(context, "v4 principal mismatch");
+ ret = KRB4ET_RD_AP_INCON;
+ goto error;
+ }
+
+ if (from_addr && ad->address && from_addr != ad->address) {
+ krb5_set_error_string(context, "v4 bad address in ticket");
+ ret = KRB4ET_RD_AP_BADD;
+ goto error;
+ }
+
+ gettimeofday(&tv, NULL);
+ delta_t = abs((int)(tv.tv_sec - r_time_sec));
+ if (delta_t > CLOCK_SKEW) {
+ ret = KRB4ET_RD_AP_TIME;
+ krb5_set_error_string(context, "v4 clock skew");
+ goto error;
+ }
+
+ /* Now check for expiration of ticket */
+
+ tkt_age = tv.tv_sec - ad->time_sec;
+
+ if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
+ ret = KRB4ET_RD_AP_NYV;
+ krb5_set_error_string(context, "v4 clock skew for expiration");
+ goto error;
+ }
+
+ if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
+ ret = KRB4ET_RD_AP_EXP;
+ krb5_set_error_string(context, "v4 ticket expired");
+ goto error;
+ }
+
+ ret = 0;
+ error:
+ krb5_data_free(&ticket);
+ krb5_data_free(&eaut);
+ krb5_data_free(&aut);
+ if (realm)
+ free(realm);
+ if (sname)
+ free(sname);
+ if (sinstance)
+ free(sinstance);
+ if (r_name)
+ free(r_name);
+ if (r_instance)
+ free(r_instance);
+ if (r_realm)
+ free(r_realm);
+ if (sp)
+ krb5_storage_free(sp);
+
+ if (ret)
+ krb5_clear_error_string(context);
+
+ return ret;
+}
+
+/*
+ *
+ */
+
+void KRB5_LIB_FUNCTION
+_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
+{
+ if (ad->pname)
+ free(ad->pname);
+ if (ad->pinst)
+ free(ad->pinst);
+ if (ad->prealm)
+ free(ad->prealm);
+ krb5_free_keyblock_contents(context, &ad->session);
+ memset(ad, 0, sizeof(*ad));
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/verify_init.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/verify_init.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/verify_init.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: verify_init.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+void KRB5_LIB_FUNCTION
+krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options)
+{
+ memset (options, 0, sizeof(*options));
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options,
+ int ap_req_nofail)
+{
+ options->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
+ options->ap_req_nofail = ap_req_nofail;
+}
+
+/*
+ *
+ */
+
+static krb5_boolean
+fail_verify_is_ok (krb5_context context,
+ krb5_verify_init_creds_opt *options)
+{
+ if ((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
+ && options->ap_req_nofail != 0)
+ || krb5_config_get_bool (context,
+ NULL,
+ "libdefaults",
+ "verify_ap_req_nofail",
+ NULL))
+ return FALSE;
+ else
+ return TRUE;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_init_creds(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal ap_req_server,
+ krb5_keytab ap_req_keytab,
+ krb5_ccache *ccache,
+ krb5_verify_init_creds_opt *options)
+{
+ krb5_error_code ret;
+ krb5_data req;
+ krb5_ccache local_ccache = NULL;
+ krb5_creds *new_creds = NULL;
+ krb5_auth_context auth_context = NULL;
+ krb5_principal server = NULL;
+ krb5_keytab keytab = NULL;
+
+ krb5_data_zero (&req);
+
+ if (ap_req_server == NULL) {
+ char local_hostname[MAXHOSTNAMELEN];
+
+ if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
+ ret = errno;
+ krb5_set_error_string (context, "gethostname: %s",
+ strerror(ret));
+ return ret;
+ }
+
+ ret = krb5_sname_to_principal (context,
+ local_hostname,
+ "host",
+ KRB5_NT_SRV_HST,
+ &server);
+ if (ret)
+ goto cleanup;
+ } else
+ server = ap_req_server;
+
+ if (ap_req_keytab == NULL) {
+ ret = krb5_kt_default (context, &keytab);
+ if (ret)
+ goto cleanup;
+ } else
+ keytab = ap_req_keytab;
+
+ if (ccache && *ccache)
+ local_ccache = *ccache;
+ else {
+ ret = krb5_cc_gen_new (context, &krb5_mcc_ops, &local_ccache);
+ if (ret)
+ goto cleanup;
+ ret = krb5_cc_initialize (context,
+ local_ccache,
+ creds->client);
+ if (ret)
+ goto cleanup;
+ ret = krb5_cc_store_cred (context,
+ local_ccache,
+ creds);
+ if (ret)
+ goto cleanup;
+ }
+
+ if (!krb5_principal_compare (context, server, creds->server)) {
+ krb5_creds match_cred;
+
+ memset (&match_cred, 0, sizeof(match_cred));
+
+ match_cred.client = creds->client;
+ match_cred.server = server;
+
+ ret = krb5_get_credentials (context,
+ 0,
+ local_ccache,
+ &match_cred,
+ &new_creds);
+ if (ret) {
+ if (fail_verify_is_ok (context, options))
+ ret = 0;
+ goto cleanup;
+ }
+ creds = new_creds;
+ }
+
+ ret = krb5_mk_req_extended (context,
+ &auth_context,
+ 0,
+ NULL,
+ creds,
+ &req);
+
+ krb5_auth_con_free (context, auth_context);
+ auth_context = NULL;
+
+ if (ret)
+ goto cleanup;
+
+ ret = krb5_rd_req (context,
+ &auth_context,
+ &req,
+ server,
+ keytab,
+ 0,
+ NULL);
+
+ if (ret == KRB5_KT_NOTFOUND && fail_verify_is_ok (context, options))
+ ret = 0;
+cleanup:
+ if (auth_context)
+ krb5_auth_con_free (context, auth_context);
+ krb5_data_free (&req);
+ if (new_creds != NULL)
+ krb5_free_creds (context, new_creds);
+ if (ap_req_server == NULL && server)
+ krb5_free_principal (context, server);
+ if (ap_req_keytab == NULL && keytab)
+ krb5_kt_close (context, keytab);
+ if (local_ccache != NULL
+ &&
+ (ccache == NULL
+ || (ret != 0 && *ccache == NULL)))
+ krb5_cc_destroy (context, local_ccache);
+
+ if (ret == 0 && ccache != NULL && *ccache == NULL)
+ *ccache = local_ccache;
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.8
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.8 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.8 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+.\" Copyright (c) 2000 - 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: verify_krb5_conf.8,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+.\"
+.Dd December 8, 2004
+.Dt VERIFY_KRB5_CONF 8
+.Os HEIMDAL
+.Sh NAME
+.Nm verify_krb5_conf
+.Nd checks krb5.conf for obvious errors
+.Sh SYNOPSIS
+.Nm
+.Ar [config-file]
+.Sh DESCRIPTION
+.Nm
+reads the configuration file
+.Pa krb5.conf ,
+or the file given on the command line,
+and parses it, thereby verifying that the syntax is not correctly wrong.
+.Pp
+If the file is syntactically correct,
+.Nm
+tries to verify that the contents of the file is of relevant nature.
+.Sh ENVIRONMENT
+.Ev KRB5_CONFIG
+points to the configuration file to read.
+.Sh FILES
+.Bl -tag -width /etc/krb5.conf -compact
+.It Pa /etc/krb5.conf
+Kerberos 5 configuration file
+.El
+.Sh DIAGNOSTICS
+Possible output from
+.Nm
+include:
+.Bl -tag -width "FpathF"
+.It "<path>: failed to parse <something> as size/time/number/boolean"
+Usually means that <something> is misspelled, or that it contains
+weird characters. The parsing done by
+.Nm
+is more strict than the one performed by libkrb5, so strings that
+work in real life might be reported as bad.
+.It "<path>: host not found (<hostname>)"
+Means that <path> is supposed to point to a host, but it can't be
+recognised as one.
+.It <path>: unknown or wrong type
+Means that <path> is either a string when it should be a list, vice
+versa, or just that
+.Nm
+is confused.
+.It <path>: unknown entry
+Means that <string> is not known by
+.Nm "" .
+.El
+.Sh SEE ALSO
+.Xr krb5.conf 5
+.Sh BUGS
+Since each application can put almost anything in the config file,
+it's hard to come up with a watertight verification process. Most of
+the default settings are sanity checked, but this does not mean that
+every problem is discovered, or that everything that is reported as a
+possible problem actually is one. This tool should thus be used with
+some care.
+.Pp
+It should warn about obsolete data, or bad practice, but currently
+doesn't.
Added: vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/verify_krb5_conf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,676 @@
+/*
+ * Copyright (c) 1999 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <getarg.h>
+#include <parse_bytes.h>
+#include <err.h>
+RCSID("$Id: verify_krb5_conf.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* verify krb5.conf */
+
+static int dumpconfig_flag = 0;
+static int version_flag = 0;
+static int help_flag = 0;
+static int warn_mit_syntax_flag = 0;
+
+static struct getargs args[] = {
+ {"dumpconfig", 0, arg_flag, &dumpconfig_flag,
+ "show the parsed config files", NULL },
+ {"warn-mit-syntax", 0, arg_flag, &warn_mit_syntax_flag,
+ "show the parsed config files", NULL },
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "[config-file]");
+ exit (ret);
+}
+
+static int
+check_bytes(krb5_context context, const char *path, char *data)
+{
+ if(parse_bytes(data, NULL) == -1) {
+ krb5_warnx(context, "%s: failed to parse \"%s\" as size", path, data);
+ return 1;
+ }
+ return 0;
+}
+
+static int
+check_time(krb5_context context, const char *path, char *data)
+{
+ if(parse_time(data, NULL) == -1) {
+ krb5_warnx(context, "%s: failed to parse \"%s\" as time", path, data);
+ return 1;
+ }
+ return 0;
+}
+
+static int
+check_numeric(krb5_context context, const char *path, char *data)
+{
+ long int v;
+ char *end;
+ v = strtol(data, &end, 0);
+ if(*end != '\0') {
+ krb5_warnx(context, "%s: failed to parse \"%s\" as a number",
+ path, data);
+ return 1;
+ }
+ return 0;
+}
+
+static int
+check_boolean(krb5_context context, const char *path, char *data)
+{
+ long int v;
+ char *end;
+ if(strcasecmp(data, "yes") == 0 ||
+ strcasecmp(data, "true") == 0 ||
+ strcasecmp(data, "no") == 0 ||
+ strcasecmp(data, "false") == 0)
+ return 0;
+ v = strtol(data, &end, 0);
+ if(*end != '\0') {
+ krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean",
+ path, data);
+ return 1;
+ }
+ if(v != 0 && v != 1)
+ krb5_warnx(context, "%s: numeric value \"%s\" is treated as \"true\"",
+ path, data);
+ return 0;
+}
+
+static int
+check_524(krb5_context context, const char *path, char *data)
+{
+ if(strcasecmp(data, "yes") == 0 ||
+ strcasecmp(data, "no") == 0 ||
+ strcasecmp(data, "2b") == 0 ||
+ strcasecmp(data, "local") == 0)
+ return 0;
+
+ krb5_warnx(context, "%s: didn't contain a valid option `%s'",
+ path, data);
+ return 1;
+}
+
+static int
+check_host(krb5_context context, const char *path, char *data)
+{
+ int ret;
+ char hostname[128];
+ const char *p = data;
+ struct addrinfo hints;
+ char service[32];
+ int defport;
+ struct addrinfo *ai;
+
+ hints.ai_flags = 0;
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = 0;
+ hints.ai_protocol = 0;
+
+ hints.ai_addrlen = 0;
+ hints.ai_canonname = NULL;
+ hints.ai_addr = NULL;
+ hints.ai_next = NULL;
+
+ /* XXX data could be a list of hosts that this code can't handle */
+ /* XXX copied from krbhst.c */
+ if(strncmp(p, "http://", 7) == 0){
+ p += 7;
+ hints.ai_socktype = SOCK_STREAM;
+ strlcpy(service, "http", sizeof(service));
+ defport = 80;
+ } else if(strncmp(p, "http/", 5) == 0) {
+ p += 5;
+ hints.ai_socktype = SOCK_STREAM;
+ strlcpy(service, "http", sizeof(service));
+ defport = 80;
+ }else if(strncmp(p, "tcp/", 4) == 0){
+ p += 4;
+ hints.ai_socktype = SOCK_STREAM;
+ strlcpy(service, "kerberos", sizeof(service));
+ defport = 88;
+ } else if(strncmp(p, "udp/", 4) == 0) {
+ p += 4;
+ hints.ai_socktype = SOCK_DGRAM;
+ strlcpy(service, "kerberos", sizeof(service));
+ defport = 88;
+ } else {
+ hints.ai_socktype = SOCK_DGRAM;
+ strlcpy(service, "kerberos", sizeof(service));
+ defport = 88;
+ }
+ if(strsep_copy(&p, ":", hostname, sizeof(hostname)) < 0) {
+ return 1;
+ }
+ hostname[strcspn(hostname, "/")] = '\0';
+ if(p != NULL) {
+ char *end;
+ int tmp = strtol(p, &end, 0);
+ if(end == p) {
+ krb5_warnx(context, "%s: failed to parse port number in %s",
+ path, data);
+ return 1;
+ }
+ defport = tmp;
+ snprintf(service, sizeof(service), "%u", defport);
+ }
+ ret = getaddrinfo(hostname, service, &hints, &ai);
+ if(ret == EAI_SERVICE && !isdigit((unsigned char)service[0])) {
+ snprintf(service, sizeof(service), "%u", defport);
+ ret = getaddrinfo(hostname, service, &hints, &ai);
+ }
+ if(ret != 0) {
+ krb5_warnx(context, "%s: %s (%s)", path, gai_strerror(ret), hostname);
+ return 1;
+ }
+ return 0;
+}
+
+static int
+mit_entry(krb5_context context, const char *path, char *data)
+{
+ if (warn_mit_syntax_flag)
+ krb5_warnx(context, "%s is only used by MIT Kerberos", path);
+ return 0;
+}
+
+struct s2i {
+ const char *s;
+ int val;
+};
+
+#define L(X) { #X, LOG_ ## X }
+
+static struct s2i syslogvals[] = {
+ /* severity */
+ L(EMERG),
+ L(ALERT),
+ L(CRIT),
+ L(ERR),
+ L(WARNING),
+ L(NOTICE),
+ L(INFO),
+ L(DEBUG),
+ /* facility */
+ L(AUTH),
+#ifdef LOG_AUTHPRIV
+ L(AUTHPRIV),
+#endif
+#ifdef LOG_CRON
+ L(CRON),
+#endif
+ L(DAEMON),
+#ifdef LOG_FTP
+ L(FTP),
+#endif
+ L(KERN),
+ L(LPR),
+ L(MAIL),
+#ifdef LOG_NEWS
+ L(NEWS),
+#endif
+ L(SYSLOG),
+ L(USER),
+#ifdef LOG_UUCP
+ L(UUCP),
+#endif
+ L(LOCAL0),
+ L(LOCAL1),
+ L(LOCAL2),
+ L(LOCAL3),
+ L(LOCAL4),
+ L(LOCAL5),
+ L(LOCAL6),
+ L(LOCAL7),
+ { NULL, -1 }
+};
+
+static int
+find_value(const char *s, struct s2i *table)
+{
+ while(table->s && strcasecmp(table->s, s))
+ table++;
+ return table->val;
+}
+
+static int
+check_log(krb5_context context, const char *path, char *data)
+{
+ /* XXX sync with log.c */
+ int min = 0, max = -1, n;
+ char c;
+ const char *p = data;
+
+ n = sscanf(p, "%d%c%d/", &min, &c, &max);
+ if(n == 2){
+ if(c == '/') {
+ if(min < 0){
+ max = -min;
+ min = 0;
+ }else{
+ max = min;
+ }
+ }
+ }
+ if(n){
+ p = strchr(p, '/');
+ if(p == NULL) {
+ krb5_warnx(context, "%s: failed to parse \"%s\"", path, data);
+ return 1;
+ }
+ p++;
+ }
+ if(strcmp(p, "STDERR") == 0 ||
+ strcmp(p, "CONSOLE") == 0 ||
+ (strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')) ||
+ (strncmp(p, "DEVICE", 6) == 0 && p[6] == '='))
+ return 0;
+ if(strncmp(p, "SYSLOG", 6) == 0){
+ int ret = 0;
+ char severity[128] = "";
+ char facility[128] = "";
+ p += 6;
+ if(*p != '\0')
+ p++;
+ if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1)
+ strsep_copy(&p, ":", facility, sizeof(facility));
+ if(*severity == '\0')
+ strlcpy(severity, "ERR", sizeof(severity));
+ if(*facility == '\0')
+ strlcpy(facility, "AUTH", sizeof(facility));
+ if(find_value(severity, syslogvals) == -1) {
+ krb5_warnx(context, "%s: unknown syslog facility \"%s\"",
+ path, facility);
+ ret++;
+ }
+ if(find_value(severity, syslogvals) == -1) {
+ krb5_warnx(context, "%s: unknown syslog severity \"%s\"",
+ path, severity);
+ ret++;
+ }
+ return ret;
+ }else{
+ krb5_warnx(context, "%s: unknown log type: \"%s\"", path, data);
+ return 1;
+ }
+}
+
+typedef int (*check_func_t)(krb5_context, const char*, char*);
+struct entry {
+ const char *name;
+ int type;
+ void *check_data;
+};
+
+struct entry all_strings[] = {
+ { "", krb5_config_string, NULL },
+ { NULL }
+};
+
+struct entry all_boolean[] = {
+ { "", krb5_config_string, check_boolean },
+ { NULL }
+};
+
+
+struct entry v4_name_convert_entries[] = {
+ { "host", krb5_config_list, all_strings },
+ { "plain", krb5_config_list, all_strings },
+ { NULL }
+};
+
+struct entry libdefaults_entries[] = {
+ { "accept_null_addresses", krb5_config_string, check_boolean },
+ { "capath", krb5_config_list, all_strings },
+ { "check_pac", krb5_config_string, check_boolean },
+ { "clockskew", krb5_config_string, check_time },
+ { "date_format", krb5_config_string, NULL },
+ { "default_cc_name", krb5_config_string, NULL },
+ { "default_etypes", krb5_config_string, NULL },
+ { "default_etypes_des", krb5_config_string, NULL },
+ { "default_keytab_modify_name", krb5_config_string, NULL },
+ { "default_keytab_name", krb5_config_string, NULL },
+ { "default_realm", krb5_config_string, NULL },
+ { "dns_canonize_hostname", krb5_config_string, check_boolean },
+ { "dns_proxy", krb5_config_string, NULL },
+ { "dns_lookup_kdc", krb5_config_string, check_boolean },
+ { "dns_lookup_realm", krb5_config_string, check_boolean },
+ { "dns_lookup_realm_labels", krb5_config_string, NULL },
+ { "egd_socket", krb5_config_string, NULL },
+ { "encrypt", krb5_config_string, check_boolean },
+ { "extra_addresses", krb5_config_string, NULL },
+ { "fcache_version", krb5_config_string, check_numeric },
+ { "fcc-mit-ticketflags", krb5_config_string, check_boolean },
+ { "forward", krb5_config_string, check_boolean },
+ { "forwardable", krb5_config_string, check_boolean },
+ { "http_proxy", krb5_config_string, check_host /* XXX */ },
+ { "ignore_addresses", krb5_config_string, NULL },
+ { "kdc_timeout", krb5_config_string, check_time },
+ { "kdc_timesync", krb5_config_string, check_boolean },
+ { "log_utc", krb5_config_string, check_boolean },
+ { "maxretries", krb5_config_string, check_numeric },
+ { "scan_interfaces", krb5_config_string, check_boolean },
+ { "srv_lookup", krb5_config_string, check_boolean },
+ { "srv_try_txt", krb5_config_string, check_boolean },
+ { "ticket_lifetime", krb5_config_string, check_time },
+ { "time_format", krb5_config_string, NULL },
+ { "transited_realms_reject", krb5_config_string, NULL },
+ { "no-addresses", krb5_config_string, check_boolean },
+ { "v4_instance_resolve", krb5_config_string, check_boolean },
+ { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
+ { "verify_ap_req_nofail", krb5_config_string, check_boolean },
+ { "max_retries", krb5_config_string, check_time },
+ { "renew_lifetime", krb5_config_string, check_time },
+ { "proxiable", krb5_config_string, check_boolean },
+ { "warn_pwexpire", krb5_config_string, check_time },
+ /* MIT stuff */
+ { "permitted_enctypes", krb5_config_string, mit_entry },
+ { "default_tgs_enctypes", krb5_config_string, mit_entry },
+ { "default_tkt_enctypes", krb5_config_string, mit_entry },
+ { NULL }
+};
+
+struct entry appdefaults_entries[] = {
+ { "afslog", krb5_config_string, check_boolean },
+ { "afs-use-524", krb5_config_string, check_524 },
+ { "encrypt", krb5_config_string, check_boolean },
+ { "forward", krb5_config_string, check_boolean },
+ { "forwardable", krb5_config_string, check_boolean },
+ { "proxiable", krb5_config_string, check_boolean },
+ { "ticket_lifetime", krb5_config_string, check_time },
+ { "renew_lifetime", krb5_config_string, check_time },
+ { "no-addresses", krb5_config_string, check_boolean },
+ { "krb4_get_tickets", krb5_config_string, check_boolean },
+ { "pkinit_anchors", krb5_config_string, NULL },
+ { "pkinit_win2k", krb5_config_string, NULL },
+ { "pkinit_win2k_require_binding", krb5_config_string, NULL },
+ { "pkinit_require_eku", krb5_config_string, NULL },
+ { "pkinit_require_krbtgt_otherName", krb5_config_string, NULL },
+ { "pkinit_require_hostname_match", krb5_config_string, NULL },
+#if 0
+ { "anonymous", krb5_config_string, check_boolean },
+#endif
+ { "", krb5_config_list, appdefaults_entries },
+ { NULL }
+};
+
+struct entry realms_entries[] = {
+ { "forwardable", krb5_config_string, check_boolean },
+ { "proxiable", krb5_config_string, check_boolean },
+ { "ticket_lifetime", krb5_config_string, check_time },
+ { "renew_lifetime", krb5_config_string, check_time },
+ { "warn_pwexpire", krb5_config_string, check_time },
+ { "kdc", krb5_config_string, check_host },
+ { "admin_server", krb5_config_string, check_host },
+ { "kpasswd_server", krb5_config_string, check_host },
+ { "krb524_server", krb5_config_string, check_host },
+ { "v4_name_convert", krb5_config_list, v4_name_convert_entries },
+ { "v4_instance_convert", krb5_config_list, all_strings },
+ { "v4_domains", krb5_config_string, NULL },
+ { "default_domain", krb5_config_string, NULL },
+ { "win2k_pkinit", krb5_config_string, NULL },
+ /* MIT stuff */
+ { "admin_keytab", krb5_config_string, mit_entry },
+ { "acl_file", krb5_config_string, mit_entry },
+ { "dict_file", krb5_config_string, mit_entry },
+ { "kadmind_port", krb5_config_string, mit_entry },
+ { "kpasswd_port", krb5_config_string, mit_entry },
+ { "master_key_name", krb5_config_string, mit_entry },
+ { "master_key_type", krb5_config_string, mit_entry },
+ { "key_stash_file", krb5_config_string, mit_entry },
+ { "max_life", krb5_config_string, mit_entry },
+ { "max_renewable_life", krb5_config_string, mit_entry },
+ { "default_principal_expiration", krb5_config_string, mit_entry },
+ { "default_principal_flags", krb5_config_string, mit_entry },
+ { "supported_enctypes", krb5_config_string, mit_entry },
+ { "database_name", krb5_config_string, mit_entry },
+ { NULL }
+};
+
+struct entry realms_foobar[] = {
+ { "", krb5_config_list, realms_entries },
+ { NULL }
+};
+
+
+struct entry kdc_database_entries[] = {
+ { "realm", krb5_config_string, NULL },
+ { "dbname", krb5_config_string, NULL },
+ { "mkey_file", krb5_config_string, NULL },
+ { "acl_file", krb5_config_string, NULL },
+ { "log_file", krb5_config_string, NULL },
+ { NULL }
+};
+
+struct entry kdc_entries[] = {
+ { "database", krb5_config_list, kdc_database_entries },
+ { "key-file", krb5_config_string, NULL },
+ { "logging", krb5_config_string, check_log },
+ { "max-request", krb5_config_string, check_bytes },
+ { "require-preauth", krb5_config_string, check_boolean },
+ { "ports", krb5_config_string, NULL },
+ { "addresses", krb5_config_string, NULL },
+ { "enable-kerberos4", krb5_config_string, check_boolean },
+ { "enable-524", krb5_config_string, check_boolean },
+ { "enable-http", krb5_config_string, check_boolean },
+ { "check-ticket-addresses", krb5_config_string, check_boolean },
+ { "allow-null-ticket-addresses", krb5_config_string, check_boolean },
+ { "allow-anonymous", krb5_config_string, check_boolean },
+ { "v4_realm", krb5_config_string, NULL },
+ { "enable-kaserver", krb5_config_string, check_boolean },
+ { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean },
+ { "kdc_warn_pwexpire", krb5_config_string, check_time },
+ { "use_2b", krb5_config_list, NULL },
+ { "enable-pkinit", krb5_config_string, check_boolean },
+ { "pkinit_identity", krb5_config_string, NULL },
+ { "pkinit_anchors", krb5_config_string, NULL },
+ { "pkinit_pool", krb5_config_string, NULL },
+ { "pkinit_revoke", krb5_config_string, NULL },
+ { "pkinit_kdc_ocsp", krb5_config_string, NULL },
+ { "pkinit_principal_in_certificate", krb5_config_string, NULL },
+ { "pkinit_dh_min_bits", krb5_config_string, NULL },
+ { "pkinit_allow_proxy_certificate", krb5_config_string, NULL },
+ { "hdb-ldap-create-base", krb5_config_string, NULL },
+ { "v4-realm", krb5_config_string, NULL },
+ { NULL }
+};
+
+struct entry kadmin_entries[] = {
+ { "password_lifetime", krb5_config_string, check_time },
+ { "default_keys", krb5_config_string, NULL },
+ { "use_v4_salt", krb5_config_string, NULL },
+ { "require-preauth", krb5_config_string, check_boolean },
+ { NULL }
+};
+struct entry log_strings[] = {
+ { "", krb5_config_string, check_log },
+ { NULL }
+};
+
+
+/* MIT stuff */
+struct entry kdcdefaults_entries[] = {
+ { "kdc_ports", krb5_config_string, mit_entry },
+ { "v4_mode", krb5_config_string, mit_entry },
+ { NULL }
+};
+
+struct entry capaths_entries[] = {
+ { "", krb5_config_list, all_strings },
+ { NULL }
+};
+
+struct entry password_quality_entries[] = {
+ { "policies", krb5_config_string, NULL },
+ { "external_program", krb5_config_string, NULL },
+ { "min_classes", krb5_config_string, check_numeric },
+ { "min_length", krb5_config_string, check_numeric },
+ { "", krb5_config_list, all_strings },
+ { NULL }
+};
+
+struct entry toplevel_sections[] = {
+ { "libdefaults" , krb5_config_list, libdefaults_entries },
+ { "realms", krb5_config_list, realms_foobar },
+ { "domain_realm", krb5_config_list, all_strings },
+ { "logging", krb5_config_list, log_strings },
+ { "kdc", krb5_config_list, kdc_entries },
+ { "kadmin", krb5_config_list, kadmin_entries },
+ { "appdefaults", krb5_config_list, appdefaults_entries },
+ { "gssapi", krb5_config_list, NULL },
+ { "capaths", krb5_config_list, capaths_entries },
+ { "password_quality", krb5_config_list, password_quality_entries },
+ /* MIT stuff */
+ { "kdcdefaults", krb5_config_list, kdcdefaults_entries },
+ { NULL }
+};
+
+
+static int
+check_section(krb5_context context, const char *path, krb5_config_section *cf,
+ struct entry *entries)
+{
+ int error = 0;
+ krb5_config_section *p;
+ struct entry *e;
+
+ char *local;
+
+ for(p = cf; p != NULL; p = p->next) {
+ asprintf(&local, "%s/%s", path, p->name);
+ for(e = entries; e->name != NULL; e++) {
+ if(*e->name == '\0' || strcmp(e->name, p->name) == 0) {
+ if(e->type != p->type) {
+ krb5_warnx(context, "%s: unknown or wrong type", local);
+ error |= 1;
+ } else if(p->type == krb5_config_string && e->check_data != NULL) {
+ error |= (*(check_func_t)e->check_data)(context, local, p->u.string);
+ } else if(p->type == krb5_config_list && e->check_data != NULL) {
+ error |= check_section(context, local, p->u.list, e->check_data);
+ }
+ break;
+ }
+ }
+ if(e->name == NULL) {
+ krb5_warnx(context, "%s: unknown entry", local);
+ error |= 1;
+ }
+ free(local);
+ }
+ return error;
+}
+
+
+static void
+dumpconfig(int level, krb5_config_section *top)
+{
+ krb5_config_section *x;
+ for(x = top; x; x = x->next) {
+ switch(x->type) {
+ case krb5_config_list:
+ if(level == 0) {
+ printf("[%s]\n", x->name);
+ } else {
+ printf("%*s%s = {\n", 4 * level, " ", x->name);
+ }
+ dumpconfig(level + 1, x->u.list);
+ if(level > 0)
+ printf("%*s}\n", 4 * level, " ");
+ break;
+ case krb5_config_string:
+ printf("%*s%s = %s\n", 4 * level, " ", x->name, x->u.string);
+ break;
+ }
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_config_section *tmp_cf;
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ ret = krb5_init_context(&context);
+ if (ret == KRB5_CONFIG_BADFORMAT)
+ errx (1, "krb5_init_context failed to parse configuration file");
+ else if (ret)
+ errx (1, "krb5_init_context failed with %d", ret);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ tmp_cf = NULL;
+ if(argc == 0)
+ krb5_get_default_config_files(&argv);
+
+ while(*argv) {
+ ret = krb5_config_parse_file_multi(context, *argv, &tmp_cf);
+ if (ret != 0)
+ krb5_warn (context, ret, "krb5_config_parse_file");
+ argv++;
+ }
+
+ if(dumpconfig_flag)
+ dumpconfig(0, tmp_cf);
+
+ return check_section(context, "", tmp_cf, toplevel_sections);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/verify_user.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/verify_user.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/verify_user.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,265 @@
+/*
+ * Copyright (c) 1997-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: verify_user.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static krb5_error_code
+verify_common (krb5_context context,
+ krb5_principal principal,
+ krb5_ccache ccache,
+ krb5_keytab keytab,
+ krb5_boolean secure,
+ const char *service,
+ krb5_creds cred)
+{
+ krb5_error_code ret;
+ krb5_principal server;
+ krb5_verify_init_creds_opt vopt;
+ krb5_ccache id;
+
+ ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST,
+ &server);
+ if(ret)
+ return ret;
+
+ krb5_verify_init_creds_opt_init(&vopt);
+ krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure);
+
+ ret = krb5_verify_init_creds(context,
+ &cred,
+ server,
+ keytab,
+ NULL,
+ &vopt);
+ krb5_free_principal(context, server);
+ if(ret)
+ return ret;
+ if(ccache == NULL)
+ ret = krb5_cc_default (context, &id);
+ else
+ id = ccache;
+ if(ret == 0){
+ ret = krb5_cc_initialize(context, id, principal);
+ if(ret == 0){
+ ret = krb5_cc_store_cred(context, id, &cred);
+ }
+ if(ccache == NULL)
+ krb5_cc_close(context, id);
+ }
+ krb5_free_cred_contents(context, &cred);
+ return ret;
+}
+
+/*
+ * Verify user `principal' with `password'.
+ *
+ * If `secure', also verify against local service key for `service'.
+ *
+ * As a side effect, fresh tickets are obtained and stored in `ccache'.
+ */
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_init(krb5_verify_opt *opt)
+{
+ memset(opt, 0, sizeof(*opt));
+ opt->secure = TRUE;
+ opt->service = "host";
+}
+
+int KRB5_LIB_FUNCTION
+krb5_verify_opt_alloc(krb5_context context, krb5_verify_opt **opt)
+{
+ *opt = calloc(1, sizeof(**opt));
+ if ((*opt) == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ krb5_verify_opt_init(*opt);
+ return 0;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_free(krb5_verify_opt *opt)
+{
+ free(opt);
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache)
+{
+ opt->ccache = ccache;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab)
+{
+ opt->keytab = keytab;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure)
+{
+ opt->secure = secure;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service)
+{
+ opt->service = service;
+}
+
+void KRB5_LIB_FUNCTION
+krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags)
+{
+ opt->flags |= flags;
+}
+
+static krb5_error_code
+verify_user_opt_int(krb5_context context,
+ krb5_principal principal,
+ const char *password,
+ krb5_verify_opt *vopt)
+
+{
+ krb5_error_code ret;
+ krb5_get_init_creds_opt *opt;
+ krb5_creds cred;
+
+ ret = krb5_get_init_creds_opt_alloc (context, &opt);
+ if (ret)
+ return ret;
+ krb5_get_init_creds_opt_set_default_flags(context, NULL,
+ krb5_principal_get_realm(context, principal),
+ opt);
+ ret = krb5_get_init_creds_password (context,
+ &cred,
+ principal,
+ password,
+ krb5_prompter_posix,
+ NULL,
+ 0,
+ NULL,
+ opt);
+ krb5_get_init_creds_opt_free(context, opt);
+ if(ret)
+ return ret;
+#define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D))
+ return verify_common (context, principal, OPT(ccache, NULL),
+ OPT(keytab, NULL), vopt ? vopt->secure : TRUE,
+ OPT(service, "host"), cred);
+#undef OPT
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_user_opt(krb5_context context,
+ krb5_principal principal,
+ const char *password,
+ krb5_verify_opt *opt)
+{
+ krb5_error_code ret;
+
+ if(opt && (opt->flags & KRB5_VERIFY_LREALMS)) {
+ krb5_realm *realms, *r;
+ ret = krb5_get_default_realms (context, &realms);
+ if (ret)
+ return ret;
+ ret = KRB5_CONFIG_NODEFREALM;
+
+ for (r = realms; *r != NULL && ret != 0; ++r) {
+ char *tmp = strdup (*r);
+
+ if (tmp == NULL) {
+ krb5_free_host_realm (context, realms);
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ free (*krb5_princ_realm (context, principal));
+ krb5_princ_set_realm (context, principal, &tmp);
+
+ ret = verify_user_opt_int(context, principal, password, opt);
+ }
+ krb5_free_host_realm (context, realms);
+ if(ret)
+ return ret;
+ } else
+ ret = verify_user_opt_int(context, principal, password, opt);
+ return ret;
+}
+
+/* compat function that calls above */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_user(krb5_context context,
+ krb5_principal principal,
+ krb5_ccache ccache,
+ const char *password,
+ krb5_boolean secure,
+ const char *service)
+{
+ krb5_verify_opt opt;
+
+ krb5_verify_opt_init(&opt);
+
+ krb5_verify_opt_set_ccache(&opt, ccache);
+ krb5_verify_opt_set_secure(&opt, secure);
+ krb5_verify_opt_set_service(&opt, service);
+
+ return krb5_verify_user_opt(context, principal, password, &opt);
+}
+
+/*
+ * A variant of `krb5_verify_user'. The realm of `principal' is
+ * ignored and all the local realms are tried.
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verify_user_lrealm(krb5_context context,
+ krb5_principal principal,
+ krb5_ccache ccache,
+ const char *password,
+ krb5_boolean secure,
+ const char *service)
+{
+ krb5_verify_opt opt;
+
+ krb5_verify_opt_init(&opt);
+
+ krb5_verify_opt_set_ccache(&opt, ccache);
+ krb5_verify_opt_set_secure(&opt, secure);
+ krb5_verify_opt_set_service(&opt, service);
+ krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS);
+
+ return krb5_verify_user_opt(context, principal, password, &opt);
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,722 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+
+HEIMDAL_KRB5_1.0 {
+ global:
+ krb524_convert_creds_kdc;
+ krb524_convert_creds_kdc_ccache;
+ krb5_425_conv_principal;
+ krb5_425_conv_principal_ext2;
+ krb5_425_conv_principal_ext;
+ krb5_524_conv_principal;
+ krb5_abort;
+ krb5_abortx;
+ krb5_acl_match_file;
+ krb5_acl_match_string;
+ krb5_add_et_list;
+ krb5_add_extra_addresses;
+ krb5_add_ignore_addresses;
+ krb5_addlog_dest;
+ krb5_addlog_func;
+ krb5_addr2sockaddr;
+ krb5_address_compare;
+ krb5_address_order;
+ krb5_address_prefixlen_boundary;
+ krb5_address_search;
+ krb5_aname_to_localname;
+ krb5_anyaddr;
+ krb5_appdefault_boolean;
+ krb5_appdefault_string;
+ krb5_appdefault_time;
+ krb5_append_addresses;
+ krb5_auth_con_addflags;
+ krb5_auth_con_free;
+ krb5_auth_con_genaddrs;
+ krb5_auth_con_generatelocalsubkey;
+ krb5_auth_con_getaddrs;
+ krb5_auth_con_getauthenticator;
+ krb5_auth_con_getcksumtype;
+ krb5_auth_con_getflags;
+ krb5_auth_con_getkey;
+ krb5_auth_con_getkeytype;
+ krb5_auth_con_getlocalseqnumber;
+ krb5_auth_con_getlocalsubkey;
+ krb5_auth_con_getrcache;
+ krb5_auth_con_getremotesubkey;
+ krb5_auth_con_init;
+ krb5_auth_con_removeflags;
+ krb5_auth_con_setaddrs;
+ krb5_auth_con_setaddrs_from_fd;
+ krb5_auth_con_setcksumtype;
+ krb5_auth_con_setflags;
+ krb5_auth_con_setkey;
+ krb5_auth_con_setkeytype;
+ krb5_auth_con_setlocalseqnumber;
+ krb5_auth_con_setlocalsubkey;
+ krb5_auth_con_setrcache;
+ krb5_auth_con_setremoteseqnumber;
+ krb5_auth_con_setremotesubkey;
+ krb5_auth_con_setuserkey;
+ krb5_auth_getremoteseqnumber;
+ krb5_build_ap_req;
+ krb5_build_authenticator;
+ krb5_build_principal;
+ krb5_build_principal_ext;
+ krb5_build_principal_va;
+ krb5_build_principal_va_ext;
+ krb5_c_block_size;
+ krb5_c_checksum_length;
+ krb5_c_decrypt;
+ krb5_c_encrypt;
+ krb5_c_encrypt_length;
+ krb5_c_enctype_compare;
+ krb5_c_get_checksum;
+ krb5_c_is_coll_proof_cksum;
+ krb5_c_is_keyed_cksum;
+ krb5_c_keylengths;
+ krb5_c_make_checksum;
+ krb5_c_make_random_key;
+ krb5_c_prf;
+ krb5_c_prf_length;
+ krb5_c_set_checksum;
+ krb5_c_valid_cksumtype;
+ krb5_c_valid_enctype;
+ krb5_c_verify_checksum;
+ krb5_cc_cache_end_seq_get;
+ krb5_cc_cache_get_first;
+ krb5_cc_cache_match;
+ krb5_cc_cache_next;
+ krb5_cc_clear_mcred;
+ krb5_cc_close;
+ krb5_cc_copy_cache;
+ krb5_cc_copy_cache_match;
+ krb5_cc_default;
+ krb5_cc_default_name;
+ krb5_cc_destroy;
+ krb5_cc_end_seq_get;
+ krb5_cc_gen_new;
+ krb5_cc_get_full_name;
+ krb5_cc_get_name;
+ krb5_cc_get_ops;
+ krb5_cc_get_prefix_ops;
+ krb5_cc_get_principal;
+ krb5_cc_get_type;
+ krb5_cc_get_version;
+ krb5_cc_initialize;
+ krb5_cc_move;
+ krb5_cc_new_unique;
+ krb5_cc_next_cred;
+ krb5_cc_next_cred_match;
+ krb5_cc_register;
+ krb5_cc_remove_cred;
+ krb5_cc_resolve;
+ krb5_cc_retrieve_cred;
+ krb5_cc_set_default_name;
+ krb5_cc_set_flags;
+ krb5_cc_start_seq_get;
+ krb5_cc_store_cred;
+ krb5_change_password;
+ krb5_check_transited;
+ krb5_check_transited_realms;
+ krb5_checksum_disable;
+ krb5_checksum_free;
+ krb5_checksum_is_collision_proof;
+ krb5_checksum_is_keyed;
+ krb5_checksumsize;
+ krb5_cksumtype_valid;
+ krb5_clear_error_string;
+ krb5_closelog;
+ krb5_compare_creds;
+ krb5_config_file_free;
+ krb5_config_free_strings;
+ krb5_config_get;
+ krb5_config_get_bool;
+ krb5_config_get_bool_default;
+ krb5_config_get_int;
+ krb5_config_get_int_default;
+ krb5_config_get_list;
+ krb5_config_get_next;
+ krb5_config_get_string;
+ krb5_config_get_string_default;
+ krb5_config_get_strings;
+ krb5_config_get_time;
+ krb5_config_get_time_default;
+ krb5_config_parse_file;
+ krb5_config_parse_file_multi;
+ krb5_config_parse_string_multi;
+ krb5_config_vget;
+ krb5_config_vget_bool;
+ krb5_config_vget_bool_default;
+ krb5_config_vget_int;
+ krb5_config_vget_int_default;
+ krb5_config_vget_list;
+ krb5_config_vget_next;
+ krb5_config_vget_string;
+ krb5_config_vget_string_default;
+ krb5_config_vget_strings;
+ krb5_config_vget_time;
+ krb5_config_vget_time_default;
+ krb5_copy_address;
+ krb5_copy_addresses;
+ krb5_copy_checksum;
+ krb5_copy_creds;
+ krb5_copy_creds_contents;
+ krb5_copy_data;
+ krb5_copy_host_realm;
+ krb5_copy_keyblock;
+ krb5_copy_keyblock_contents;
+ krb5_copy_principal;
+ krb5_copy_ticket;
+ krb5_create_checksum;
+ krb5_crypto_destroy;
+ krb5_crypto_get_checksum_type;
+ krb5_crypto_getblocksize;
+ krb5_crypto_getconfoundersize;
+ krb5_crypto_getenctype;
+ krb5_crypto_getpadsize;
+ krb5_crypto_init;
+ krb5_crypto_overhead;
+ krb5_crypto_prf;
+ krb5_crypto_prf_length;
+ krb5_data_alloc;
+ krb5_data_cmp;
+ krb5_data_copy;
+ krb5_data_free;
+ krb5_data_realloc;
+ krb5_data_zero;
+ krb5_decode_Authenticator;
+ krb5_decode_ETYPE_INFO2;
+ krb5_decode_ETYPE_INFO;
+ krb5_decode_EncAPRepPart;
+ krb5_decode_EncASRepPart;
+ krb5_decode_EncKrbCredPart;
+ krb5_decode_EncTGSRepPart;
+ krb5_decode_EncTicketPart;
+ krb5_decode_ap_req;
+ krb5_decrypt;
+ krb5_decrypt_EncryptedData;
+ krb5_decrypt_ivec;
+ krb5_decrypt_ticket;
+ krb5_derive_key;
+ krb5_digest_alloc;
+ krb5_digest_free;
+ krb5_digest_get_client_binding;
+ krb5_digest_get_identifier;
+ krb5_digest_get_opaque;
+ krb5_digest_get_rsp;
+ krb5_digest_get_server_nonce;
+ krb5_digest_get_session_key;
+ krb5_digest_get_tickets;
+ krb5_digest_init_request;
+ krb5_digest_probe;
+ krb5_digest_rep_get_status;
+ krb5_digest_request;
+ krb5_digest_set_authentication_user;
+ krb5_digest_set_authid;
+ krb5_digest_set_client_nonce;
+ krb5_digest_set_digest;
+ krb5_digest_set_hostname;
+ krb5_digest_set_identifier;
+ krb5_digest_set_method;
+ krb5_digest_set_nonceCount;
+ krb5_digest_set_opaque;
+ krb5_digest_set_qop;
+ krb5_digest_set_realm;
+ krb5_digest_set_responseData;
+ krb5_digest_set_server_cb;
+ krb5_digest_set_server_nonce;
+ krb5_digest_set_type;
+ krb5_digest_set_uri;
+ krb5_digest_set_username;
+ krb5_domain_x500_decode;
+ krb5_domain_x500_encode;
+ krb5_eai_to_heim_errno;
+ krb5_encode_Authenticator;
+ krb5_encode_ETYPE_INFO2;
+ krb5_encode_ETYPE_INFO;
+ krb5_encode_EncAPRepPart;
+ krb5_encode_EncASRepPart;
+ krb5_encode_EncKrbCredPart;
+ krb5_encode_EncTGSRepPart;
+ krb5_encode_EncTicketPart;
+ krb5_encrypt;
+ krb5_encrypt_EncryptedData;
+ krb5_encrypt_ivec;
+ krb5_enctype_disable;
+ krb5_enctype_keybits;
+ krb5_enctype_keysize;
+ krb5_enctype_to_keytype;
+ krb5_enctype_to_string;
+ krb5_enctype_valid;
+ krb5_enctypes_compatible_keys;
+ krb5_err;
+ krb5_error_from_rd_error;
+ krb5_errx;
+ krb5_expand_hostname;
+ krb5_expand_hostname_realms;
+ krb5_find_padata;
+ krb5_format_time;
+ krb5_free_address;
+ krb5_free_addresses;
+ krb5_free_ap_rep_enc_part;
+ krb5_free_authenticator;
+ krb5_free_checksum;
+ krb5_free_checksum_contents;
+ krb5_free_config_files;
+ krb5_free_context;
+ krb5_free_cred_contents;
+ krb5_free_creds;
+ krb5_free_creds_contents;
+ krb5_free_data;
+ krb5_free_data_contents;
+ krb5_free_error;
+ krb5_free_error_contents;
+ krb5_free_error_string;
+ krb5_free_host_realm;
+ krb5_free_kdc_rep;
+ krb5_free_keyblock;
+ krb5_free_keyblock_contents;
+ krb5_free_krbhst;
+ krb5_free_principal;
+ krb5_free_salt;
+ krb5_free_ticket;
+ krb5_fwd_tgt_creds;
+ krb5_generate_random_block;
+ krb5_generate_random_keyblock;
+ krb5_generate_seq_number;
+ krb5_generate_subkey;
+ krb5_generate_subkey_extended;
+ krb5_get_all_client_addrs;
+ krb5_get_all_server_addrs;
+ krb5_get_cred_from_kdc;
+ krb5_get_cred_from_kdc_opt;
+ krb5_get_credentials;
+ krb5_get_credentials_with_flags;
+ krb5_get_creds;
+ krb5_get_creds_opt_add_options;
+ krb5_get_creds_opt_alloc;
+ krb5_get_creds_opt_free;
+ krb5_get_creds_opt_set_enctype;
+ krb5_get_creds_opt_set_impersonate;
+ krb5_get_creds_opt_set_options;
+ krb5_get_creds_opt_set_ticket;
+ krb5_get_default_config_files;
+ krb5_get_default_in_tkt_etypes;
+ krb5_get_default_principal;
+ krb5_get_default_realm;
+ krb5_get_default_realms;
+ krb5_get_dns_canonicalize_hostname;
+ krb5_get_err_text;
+ krb5_get_error_message;
+ krb5_get_error_string;
+ krb5_get_extra_addresses;
+ krb5_get_fcache_version;
+ krb5_get_forwarded_creds;
+ krb5_get_host_realm;
+ krb5_get_ignore_addresses;
+ krb5_get_in_cred;
+ krb5_get_in_tkt;
+ krb5_get_in_tkt_with_keytab;
+ krb5_get_in_tkt_with_password;
+ krb5_get_in_tkt_with_skey;
+ krb5_get_init_creds;
+ krb5_get_init_creds_keyblock;
+ krb5_get_init_creds_keytab;
+ krb5_get_init_creds_opt_alloc;
+ krb5_get_init_creds_opt_free;
+ krb5_get_init_creds_opt_get_error;
+ krb5_get_init_creds_opt_init;
+ krb5_get_init_creds_opt_set_address_list;
+ krb5_get_init_creds_opt_set_addressless;
+ krb5_get_init_creds_opt_set_anonymous;
+ krb5_get_init_creds_opt_set_canonicalize;
+ krb5_get_init_creds_opt_set_default_flags;
+ krb5_get_init_creds_opt_set_etype_list;
+ krb5_get_init_creds_opt_set_forwardable;
+ krb5_get_init_creds_opt_set_pa_password;
+ krb5_get_init_creds_opt_set_pac_request;
+ krb5_get_init_creds_opt_set_pkinit;
+ krb5_get_init_creds_opt_set_preauth_list;
+ krb5_get_init_creds_opt_set_proxiable;
+ krb5_get_init_creds_opt_set_renew_life;
+ krb5_get_init_creds_opt_set_salt;
+ krb5_get_init_creds_opt_set_tkt_life;
+ krb5_get_init_creds_opt_set_win2k;
+ krb5_get_init_creds_password;
+ krb5_get_kdc_cred;
+ krb5_get_kdc_sec_offset;
+ krb5_get_krb524hst;
+ krb5_get_krb_admin_hst;
+ krb5_get_krb_changepw_hst;
+ krb5_get_krbhst;
+ krb5_get_max_time_skew;
+ krb5_get_pw_salt;
+ krb5_get_renewed_creds;
+ krb5_get_server_rcache;
+ krb5_get_use_admin_kdc;
+ krb5_get_warn_dest;
+ krb5_get_wrapped_length;
+ krb5_getportbyname;
+ krb5_h_addr2addr;
+ krb5_h_addr2sockaddr;
+ krb5_h_errno_to_heim_errno;
+ krb5_have_error_string;
+ krb5_hmac;
+ krb5_init_context;
+ krb5_init_ets;
+ krb5_init_etype;
+ krb5_initlog;
+ krb5_is_thread_safe;
+ krb5_kerberos_enctypes;
+ krb5_keyblock_get_enctype;
+ krb5_keyblock_init;
+ krb5_keyblock_key_proc;
+ krb5_keyblock_zero;
+ krb5_keytab_key_proc;
+ krb5_keytype_to_enctypes;
+ krb5_keytype_to_enctypes_default;
+ krb5_keytype_to_string;
+ krb5_krbhst_format_string;
+ krb5_krbhst_free;
+ krb5_krbhst_get_addrinfo;
+ krb5_krbhst_init;
+ krb5_krbhst_init_flags;
+ krb5_krbhst_next;
+ krb5_krbhst_next_as_string;
+ krb5_krbhst_reset;
+ krb5_kt_add_entry;
+ krb5_kt_close;
+ krb5_kt_compare;
+ krb5_kt_copy_entry_contents;
+ krb5_kt_default;
+ krb5_kt_default_modify_name;
+ krb5_kt_default_name;
+ krb5_kt_end_seq_get;
+ krb5_kt_free_entry;
+ krb5_kt_get_entry;
+ krb5_kt_get_full_name;
+ krb5_kt_get_name;
+ krb5_kt_get_type;
+ krb5_kt_next_entry;
+ krb5_kt_read_service_key;
+ krb5_kt_register;
+ krb5_kt_remove_entry;
+ krb5_kt_resolve;
+ krb5_kt_start_seq_get;
+ krb5_kuserok;
+ krb5_log;
+ krb5_log_msg;
+ krb5_make_addrport;
+ krb5_make_principal;
+ krb5_max_sockaddr_size;
+ krb5_mk_error;
+ krb5_mk_priv;
+ krb5_mk_rep;
+ krb5_mk_req;
+ krb5_mk_req_exact;
+ krb5_mk_req_extended;
+ krb5_mk_safe;
+ krb5_net_read;
+ krb5_net_write;
+ krb5_net_write_block;
+ krb5_ntlm_alloc;
+ krb5_ntlm_free;
+ krb5_ntlm_init_get_challange;
+ krb5_ntlm_init_get_flags;
+ krb5_ntlm_init_get_opaque;
+ krb5_ntlm_init_get_targetinfo;
+ krb5_ntlm_init_get_targetname;
+ krb5_ntlm_init_request;
+ krb5_ntlm_rep_get_sessionkey;
+ krb5_ntlm_rep_get_status;
+ krb5_ntlm_req_set_flags;
+ krb5_ntlm_req_set_lm;
+ krb5_ntlm_req_set_ntlm;
+ krb5_ntlm_req_set_opaque;
+ krb5_ntlm_req_set_session;
+ krb5_ntlm_req_set_targetname;
+ krb5_ntlm_req_set_username;
+ krb5_ntlm_request;
+ krb5_openlog;
+ krb5_pac_add_buffer;
+ krb5_pac_free;
+ krb5_pac_get_buffer;
+ krb5_pac_get_types;
+ krb5_pac_init;
+ krb5_pac_parse;
+ krb5_pac_verify;
+ krb5_padata_add;
+ krb5_parse_address;
+ krb5_parse_name;
+ krb5_parse_name_flags;
+ krb5_parse_nametype;
+ krb5_passwd_result_to_string;
+ krb5_password_key_proc;
+ krb5_plugin_register;
+ krb5_prepend_config_files;
+ krb5_prepend_config_files_default;
+ krb5_princ_realm;
+ krb5_princ_set_realm;
+ krb5_principal_compare;
+ krb5_principal_compare_any_realm;
+ krb5_principal_get_comp_string;
+ krb5_principal_get_realm;
+ krb5_principal_get_type;
+ krb5_principal_match;
+ krb5_principal_set_type;
+ krb5_print_address;
+ krb5_program_setup;
+ krb5_prompter_posix;
+ krb5_random_to_key;
+ krb5_rc_close;
+ krb5_rc_default;
+ krb5_rc_default_name;
+ krb5_rc_default_type;
+ krb5_rc_destroy;
+ krb5_rc_expunge;
+ krb5_rc_get_lifespan;
+ krb5_rc_get_name;
+ krb5_rc_get_type;
+ krb5_rc_initialize;
+ krb5_rc_recover;
+ krb5_rc_resolve;
+ krb5_rc_resolve_full;
+ krb5_rc_resolve_type;
+ krb5_rc_store;
+ krb5_rd_cred2;
+ krb5_rd_cred;
+ krb5_rd_error;
+ krb5_rd_priv;
+ krb5_rd_rep;
+ krb5_rd_req;
+ krb5_rd_req_ctx;
+ krb5_rd_req_in_ctx_alloc;
+ krb5_rd_req_in_ctx_free;
+ krb5_rd_req_in_set_keyblock;
+ krb5_rd_req_in_set_keytab;
+ krb5_rd_req_in_set_pac_check;
+ krb5_rd_req_out_ctx_free;
+ krb5_rd_req_out_get_ap_req_options;
+ krb5_rd_req_out_get_keyblock;
+ krb5_rd_req_out_get_ticket;
+ krb5_rd_req_with_keyblock;
+ krb5_rd_safe;
+ krb5_read_message;
+ krb5_read_priv_message;
+ krb5_read_safe_message;
+ krb5_realm_compare;
+ krb5_recvauth;
+ krb5_recvauth_match_version;
+ krb5_ret_address;
+ krb5_ret_addrs;
+ krb5_ret_authdata;
+ krb5_ret_creds;
+ krb5_ret_creds_tag;
+ krb5_ret_data;
+ krb5_ret_int16;
+ krb5_ret_int32;
+ krb5_ret_int8;
+ krb5_ret_keyblock;
+ krb5_ret_principal;
+ krb5_ret_string;
+ krb5_ret_stringnl;
+ krb5_ret_stringz;
+ krb5_ret_times;
+ krb5_ret_uint16;
+ krb5_ret_uint32;
+ krb5_ret_uint8;
+ krb5_salttype_to_string;
+ krb5_sendauth;
+ krb5_sendto;
+ krb5_sendto_context;
+ krb5_sendto_ctx_add_flags;
+ krb5_sendto_ctx_alloc;
+ krb5_sendto_ctx_free;
+ krb5_sendto_ctx_get_flags;
+ krb5_sendto_ctx_set_func;
+ krb5_sendto_ctx_set_type;
+ krb5_sendto_kdc;
+ krb5_sendto_kdc_flags;
+ krb5_set_config_files;
+ krb5_set_default_in_tkt_etypes;
+ krb5_set_default_realm;
+ krb5_set_dns_canonicalize_hostname;
+ krb5_set_error_string;
+ krb5_set_extra_addresses;
+ krb5_set_fcache_version;
+ krb5_set_ignore_addresses;
+ krb5_set_max_time_skew;
+ krb5_set_password;
+ krb5_set_password_using_ccache;
+ krb5_set_real_time;
+ krb5_set_send_to_kdc_func;
+ krb5_set_use_admin_kdc;
+ krb5_set_warn_dest;
+ krb5_sname_to_principal;
+ krb5_sock_to_principal;
+ krb5_sockaddr2address;
+ krb5_sockaddr2port;
+ krb5_sockaddr_uninteresting;
+ krb5_std_usage;
+ krb5_storage_clear_flags;
+ krb5_storage_emem;
+ krb5_storage_free;
+ krb5_storage_from_data;
+ krb5_storage_from_fd;
+ krb5_storage_from_mem;
+ krb5_storage_from_readonly_mem;
+ krb5_storage_get_byteorder;
+ krb5_storage_is_flags;
+ krb5_storage_read;
+ krb5_storage_seek;
+ krb5_storage_set_byteorder;
+ krb5_storage_set_eof_code;
+ krb5_storage_set_flags;
+ krb5_storage_to_data;
+ krb5_storage_write;
+ krb5_store_address;
+ krb5_store_addrs;
+ krb5_store_authdata;
+ krb5_store_creds;
+ krb5_store_creds_tag;
+ krb5_store_data;
+ krb5_store_int16;
+ krb5_store_int32;
+ krb5_store_int8;
+ krb5_store_keyblock;
+ krb5_store_principal;
+ krb5_store_string;
+ krb5_store_stringnl;
+ krb5_store_stringz;
+ krb5_store_times;
+ krb5_store_uint16;
+ krb5_store_uint32;
+ krb5_store_uint8;
+ krb5_string_to_deltat;
+ krb5_string_to_enctype;
+ krb5_string_to_key;
+ krb5_string_to_key_data;
+ krb5_string_to_key_data_salt;
+ krb5_string_to_key_data_salt_opaque;
+ krb5_string_to_key_derived;
+ krb5_string_to_key_salt;
+ krb5_string_to_key_salt_opaque;
+ krb5_string_to_keytype;
+ krb5_string_to_salttype;
+ krb5_ticket_get_authorization_data_type;
+ krb5_ticket_get_client;
+ krb5_ticket_get_endtime;
+ krb5_ticket_get_server;
+ krb5_timeofday;
+ krb5_unparse_name;
+ krb5_unparse_name_fixed;
+ krb5_unparse_name_fixed_flags;
+ krb5_unparse_name_fixed_short;
+ krb5_unparse_name_flags;
+ krb5_unparse_name_short;
+ krb5_us_timeofday;
+ krb5_vabort;
+ krb5_vabortx;
+ krb5_verify_ap_req2;
+ krb5_verify_ap_req;
+ krb5_verify_authenticator_checksum;
+ krb5_verify_checksum;
+ krb5_verify_init_creds;
+ krb5_verify_init_creds_opt_init;
+ krb5_verify_init_creds_opt_set_ap_req_nofail;
+ krb5_verify_opt_alloc;
+ krb5_verify_opt_free;
+ krb5_verify_opt_init;
+ krb5_verify_opt_set_ccache;
+ krb5_verify_opt_set_flags;
+ krb5_verify_opt_set_keytab;
+ krb5_verify_opt_set_secure;
+ krb5_verify_opt_set_service;
+ krb5_verify_user;
+ krb5_verify_user_lrealm;
+ krb5_verify_user_opt;
+ krb5_verr;
+ krb5_verrx;
+ krb5_vlog;
+ krb5_vlog_msg;
+ krb5_vset_error_string;
+ krb5_vwarn;
+ krb5_vwarnx;
+ krb5_warn;
+ krb5_warnx;
+ krb5_write_message;
+ krb5_write_priv_message;
+ krb5_write_safe_message;
+ krb5_xfree;
+
+ # com_err error tables
+ initialize_krb5_error_table_r;
+ initialize_krb5_error_table;
+ initialize_krb_error_table_r;
+ initialize_krb_error_table;
+ initialize_heim_error_table_r;
+ initialize_heim_error_table;
+ initialize_k524_error_table_r;
+ initialize_k524_error_table;
+
+ # variables
+ krb5_mcc_ops;
+ krb5_acc_ops;
+ krb5_fcc_ops;
+ krb5_kcm_ops;
+ krb4_fkt_ops;
+ krb5_wrfkt_ops;
+ krb5_mkt_ops;
+ krb5_fkt_ops;
+ krb5_akf_ops;
+ krb5_srvtab_fkt_ops;
+ krb5_any_ops;
+ heimdal_version;
+ heimdal_long_version;
+ krb5_config_file;
+ krb5_defkeyname;
+
+ # Shared with GSSAPI krb5
+ _krb5_crc_init_table;
+ _krb5_crc_update;
+
+ # V4 compat glue
+ _krb5_krb_tf_setup;
+ _krb5_krb_dest_tkt;
+ _krb5_krb_life_to_time;
+ _krb5_krb_decomp_ticket;
+ _krb5_krb_decomp_ticket;
+ _krb5_krb_create_ticket;
+ _krb5_krb_create_ciph;
+ _krb5_krb_create_auth_reply;
+ _krb5_krb_rd_req;
+ _krb5_krb_free_auth_data;
+ _krb5_krb_time_to_life;
+ _krb5_krb_cr_err_reply;
+
+ # Shared with libkdc
+ _krb5_principalname2krb5_principal;
+ _krb5_principal2principalname;
+ _krb5_s4u2self_to_checksumdata;
+ _krb5_put_int;
+ _krb5_get_int;
+ _krb5_pk_load_id;
+ _krb5_parse_moduli;
+ _krb5_pk_mk_ContentInfo;
+ _krb5_dh_group_ok;
+ _krb5_pk_octetstring2key;
+ _krb5_pk_allow_proxy_certificate;
+ _krb5_pac_sign;
+ _krb5_plugin_find;
+ _krb5_plugin_get_symbol;
+ _krb5_plugin_get_next;
+ _krb5_plugin_free;
+ _krb5_AES_string_to_default_iterator;
+ _krb5_get_host_realm_int;
+
+ # testing
+ _krb5_aes_cts_encrypt;
+ _krb5_n_fold;
+ _krb5_expand_default_cc_name;
+ local:
+ *;
+};
Added: vendor-crypto/heimdal/dist/lib/krb5/version.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/version.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/version.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: version.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+/* this is just to get a version stamp in the library file */
+
+#define heimdal_version __heimdal_version
+#define heimdal_long_version __heimdal_long_version
+#include "version.h"
+
Added: vendor-crypto/heimdal/dist/lib/krb5/warn.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/warn.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/warn.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: warn.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static krb5_error_code _warnerr(krb5_context context, int do_errtext,
+ krb5_error_code code, int level, const char *fmt, va_list ap)
+ __attribute__((__format__(__printf__, 5, 0)));
+
+static krb5_error_code
+_warnerr(krb5_context context, int do_errtext,
+ krb5_error_code code, int level, const char *fmt, va_list ap)
+{
+ char xfmt[7] = "";
+ const char *args[2], **arg;
+ char *msg = NULL;
+ char *err_str = NULL;
+
+ args[0] = args[1] = NULL;
+ arg = args;
+ if(fmt){
+ strlcat(xfmt, "%s", sizeof(xfmt));
+ if(do_errtext)
+ strlcat(xfmt, ": ", sizeof(xfmt));
+ vasprintf(&msg, fmt, ap);
+ if(msg == NULL)
+ return ENOMEM;
+ *arg++ = msg;
+ }
+ if(context && do_errtext){
+ const char *err_msg;
+
+ strlcat(xfmt, "%s", sizeof(xfmt));
+
+ err_str = krb5_get_error_string(context);
+ if (err_str != NULL) {
+ *arg++ = err_str;
+ } else {
+ err_msg = krb5_get_err_text(context, code);
+ if (err_msg)
+ *arg++ = err_msg;
+ else
+ *arg++ = "<unknown error>";
+ }
+ }
+
+ if(context && context->warn_dest)
+ krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]);
+ else
+ warnx(xfmt, args[0], args[1]);
+ free(msg);
+ free(err_str);
+ return 0;
+}
+
+#define FUNC(ETEXT, CODE, LEVEL) \
+ krb5_error_code ret; \
+ va_list ap; \
+ va_start(ap, fmt); \
+ ret = _warnerr(context, ETEXT, CODE, LEVEL, fmt, ap); \
+ va_end(ap);
+
+#undef __attribute__
+#define __attribute__(X)
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vwarn(krb5_context context, krb5_error_code code,
+ const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 3, 0)))
+{
+ return _warnerr(context, 1, code, 1, fmt, ap);
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...)
+ __attribute__ ((format (printf, 3, 4)))
+{
+ FUNC(1, code, 1);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vwarnx(krb5_context context, const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 2, 0)))
+{
+ return _warnerr(context, 0, 0, 1, fmt, ap);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_warnx(krb5_context context, const char *fmt, ...)
+ __attribute__ ((format (printf, 2, 3)))
+{
+ FUNC(0, 0, 1);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verr(krb5_context context, int eval, krb5_error_code code,
+ const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 4, 0)))
+{
+ _warnerr(context, 1, code, 0, fmt, ap);
+ exit(eval);
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_err(krb5_context context, int eval, krb5_error_code code,
+ const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 4, 5)))
+{
+ FUNC(1, code, 0);
+ exit(eval);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 3, 0)))
+{
+ _warnerr(context, 0, 0, 0, fmt, ap);
+ exit(eval);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_errx(krb5_context context, int eval, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 3, 4)))
+{
+ FUNC(0, 0, 0);
+ exit(eval);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vabort(krb5_context context, krb5_error_code code,
+ const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 3, 0)))
+{
+ _warnerr(context, 1, code, 0, fmt, ap);
+ abort();
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 3, 4)))
+{
+ FUNC(1, code, 0);
+ abort();
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 2, 0)))
+{
+ _warnerr(context, 0, 0, 0, fmt, ap);
+ abort();
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_abortx(krb5_context context, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 2, 3)))
+{
+ FUNC(0, 0, 0);
+ abort();
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac)
+{
+ context->warn_dest = fac;
+ return 0;
+}
+
+krb5_log_facility * KRB5_LIB_FUNCTION
+krb5_get_warn_dest(krb5_context context)
+{
+ return context->warn_dest;
+}
Added: vendor-crypto/heimdal/dist/lib/krb5/write_message.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/krb5/write_message.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/krb5/write_message.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: write_message.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_write_message (krb5_context context,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ uint32_t len;
+ uint8_t buf[4];
+ int ret;
+
+ len = data->length;
+ _krb5_put_int(buf, len, 4);
+ if (krb5_net_write (context, p_fd, buf, 4) != 4
+ || krb5_net_write (context, p_fd, data->data, len) != len) {
+ ret = errno;
+ krb5_set_error_string (context, "write: %s", strerror(ret));
+ return ret;
+ }
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_write_priv_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+
+ ret = krb5_mk_priv (context, ac, data, &packet, NULL);
+ if(ret)
+ return ret;
+ ret = krb5_write_message(context, p_fd, &packet);
+ krb5_data_free(&packet);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_write_safe_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+ ret = krb5_mk_safe (context, ac, data, &packet, NULL);
+ if(ret)
+ return ret;
+ ret = krb5_write_message(context, p_fd, &packet);
+ krb5_data_free(&packet);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/ntlm/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,112 @@
+2007-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * heimntlm.h: Add NTLM_TARGET_*
+
+ * ntlm.c: Make heim_ntlm_decode_type3 more useful and provide a
+ username. From Ming Yang.
+
+2007-11-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * move doxygen into the main file
+
+ * write doxygen documentation
+
+ * export heim_ntlm_free_buf, start doxygen documentation
+
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm.c: Use unsigned char * as argument to HMAC_Update to please
+ OpenSSL and gcc.
+
+ * test_ntlm.c: more verbose what we are testing.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: New library version.
+
+2007-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: heim_ntlm_calculate_ntlm2_sess_resp
+
+ * ntlm.c: Change prototype to match other heim_ntlm_calculate
+ functions.
+
+ * test_ntlm.c: Its ok if infotarget2 length is longer.
+
+ * ntlm.c: Merge in changes from Puneet Mehra and make work again.
+
+ * ntlm.c (heim_ntlm_ntlmv2_key): target should be uppercase.
+ From Puneet Mehra.
+
+ * version-script.map: Add heim_ntlm_calculate_ntlm2_sess_resp from
+ Puneet Mehra.
+
+ * ntlm.c: Add heim_ntlm_calculate_ntlm2_sess_resp from Puneet
+ Mehra.
+
+ * test_ntlm.c: Test heim_ntlm_calculate_ntlm2_sess_resp from
+ Puneet Mehra.
+
+2007-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: EXTRA_DIST += version-script.map.
+
+2007-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: Free memory diffrently.
+
+ * ntlm.c: Make free functions free memory.
+
+2007-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: symbol versioning.
+
+ * version-script.map: symbol versioning.
+
+2007-01-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: No need to include <gssapi.h>.
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add LIB_roken for test_ntlm
+
+2006-12-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: Verify infotarget.
+
+ * ntlm.c: Extract the infotarget from the answer.
+
+ * ntlm.c (heim_ntlm_verify_ntlm2): verify the ntlmv2 reply
+
+2006-12-22 Dave Love <fx at gnu.org>
+
+ * ntlm.c: Include <limits.h>.
+
+2006-12-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: add some new tests.
+
+ * ntlm.c: Add ntlmv2 answer calculating functions.
+
+ * ntlm.c: sent lm hashes, needed for NTLM2 session
+
+ * heimntlm.h: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security.
+
+2006-12-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm.c (heim_ntlm_build_ntlm1_master): return session master
+ key.
+
+2006-12-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ntlm.c (heim_ntlm_build_ntlm1_master): calculate the ntlm
+ version 1 "master" key.
+
+2006-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_ntlm.c: Add simple parser test app.
+
+ * inital version of a NTLM library, only handles ntml version 1 and
+ ascii strings for now
+
Added: vendor-crypto/heimdal/dist/lib/ntlm/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,34 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libheimntlm.la
+
+include_HEADERS = heimntlm.h heimntlm-protos.h
+
+libheimntlm_la_SOURCES = ntlm.c heimntlm.h
+
+libheimntlm_la_LDFLAGS = -version-info 1:0:1
+
+if versionscript
+libheimntlm_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+endif
+$(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map
+
+libheimntlm_la_LIBADD = \
+ ../krb5/libkrb5.la \
+ $(LIBADD_roken)
+
+$(srcdir)/heimntlm-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h
+
+$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h
+
+
+TESTS = test_ntlm
+
+check_PROGRAMS = test_ntlm
+
+LDADD = libheimntlm.la $(LIB_roken)
+
+EXTRA_DIST = version-script.map
Added: vendor-crypto/heimdal/dist/lib/ntlm/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,909 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+ at versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
+TESTS = test_ntlm$(EXEEXT)
+check_PROGRAMS = test_ntlm$(EXEEXT)
+subdir = lib/ntlm
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libheimntlm_la_DEPENDENCIES = ../krb5/libkrb5.la $(am__DEPENDENCIES_1)
+am_libheimntlm_la_OBJECTS = ntlm.lo
+libheimntlm_la_OBJECTS = $(am_libheimntlm_la_OBJECTS)
+libheimntlm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libheimntlm_la_LDFLAGS) $(LDFLAGS) -o $@
+test_ntlm_SOURCES = test_ntlm.c
+test_ntlm_OBJECTS = test_ntlm.$(OBJEXT)
+test_ntlm_LDADD = $(LDADD)
+test_ntlm_DEPENDENCIES = libheimntlm.la $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c
+DIST_SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+lib_LTLIBRARIES = libheimntlm.la
+include_HEADERS = heimntlm.h heimntlm-protos.h
+libheimntlm_la_SOURCES = ntlm.c heimntlm.h
+libheimntlm_la_LDFLAGS = -version-info 1:0:1 $(am__append_1)
+libheimntlm_la_LIBADD = \
+ ../krb5/libkrb5.la \
+ $(LIBADD_roken)
+
+LDADD = libheimntlm.la $(LIB_roken)
+EXTRA_DIST = version-script.map
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/ntlm/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/ntlm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libheimntlm.la: $(libheimntlm_la_OBJECTS) $(libheimntlm_la_DEPENDENCIES)
+ $(libheimntlm_la_LINK) -rpath $(libdir) $(libheimntlm_la_OBJECTS) $(libheimntlm_la_LIBADD) $(LIBS)
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES)
+ @rm -f test_ntlm$(EXEEXT)
+ $(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-includeHEADERS install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook \
+ uninstall-includeHEADERS uninstall-libLTLIBRARIES
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+$(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map
+
+$(srcdir)/heimntlm-protos.h:
+ cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h
+
+$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/ntlm/heimntlm-protos.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/heimntlm-protos.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/heimntlm-protos.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,131 @@
+/* This is a generated file */
+#ifndef __heimntlm_protos_h__
+#define __heimntlm_protos_h__
+
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int
+heim_ntlm_build_ntlm1_master (
+ void */*key*/,
+ size_t /*len*/,
+ struct ntlm_buf */*session*/,
+ struct ntlm_buf */*master*/);
+
+int
+heim_ntlm_calculate_ntlm1 (
+ void */*key*/,
+ size_t /*len*/,
+ unsigned char challange[8],
+ struct ntlm_buf */*answer*/);
+
+int
+heim_ntlm_calculate_ntlm2 (
+ const void */*key*/,
+ size_t /*len*/,
+ const char */*username*/,
+ const char */*target*/,
+ const unsigned char serverchallange[8],
+ const struct ntlm_buf */*infotarget*/,
+ unsigned char ntlmv2[16],
+ struct ntlm_buf */*answer*/);
+
+int
+heim_ntlm_calculate_ntlm2_sess (
+ const unsigned char clnt_nonce[8],
+ const unsigned char svr_chal[8],
+ const unsigned char ntlm_hash[16],
+ struct ntlm_buf */*lm*/,
+ struct ntlm_buf */*ntlm*/);
+
+int
+heim_ntlm_decode_targetinfo (
+ const struct ntlm_buf */*data*/,
+ int /*ucs2*/,
+ struct ntlm_targetinfo */*ti*/);
+
+int
+heim_ntlm_decode_type1 (
+ const struct ntlm_buf */*buf*/,
+ struct ntlm_type1 */*data*/);
+
+int
+heim_ntlm_decode_type2 (
+ const struct ntlm_buf */*buf*/,
+ struct ntlm_type2 */*type2*/);
+
+int
+heim_ntlm_decode_type3 (
+ const struct ntlm_buf */*buf*/,
+ int /*ucs2*/,
+ struct ntlm_type3 */*type3*/);
+
+int
+heim_ntlm_encode_targetinfo (
+ const struct ntlm_targetinfo */*ti*/,
+ int /*ucs2*/,
+ struct ntlm_buf */*data*/);
+
+int
+heim_ntlm_encode_type1 (
+ const struct ntlm_type1 */*type1*/,
+ struct ntlm_buf */*data*/);
+
+int
+heim_ntlm_encode_type2 (
+ const struct ntlm_type2 */*type2*/,
+ struct ntlm_buf */*data*/);
+
+int
+heim_ntlm_encode_type3 (
+ const struct ntlm_type3 */*type3*/,
+ struct ntlm_buf */*data*/);
+
+void
+heim_ntlm_free_buf (struct ntlm_buf */*p*/);
+
+void
+heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/);
+
+void
+heim_ntlm_free_type1 (struct ntlm_type1 */*data*/);
+
+void
+heim_ntlm_free_type2 (struct ntlm_type2 */*data*/);
+
+void
+heim_ntlm_free_type3 (struct ntlm_type3 */*data*/);
+
+int
+heim_ntlm_nt_key (
+ const char */*password*/,
+ struct ntlm_buf */*key*/);
+
+void
+heim_ntlm_ntlmv2_key (
+ const void */*key*/,
+ size_t /*len*/,
+ const char */*username*/,
+ const char */*target*/,
+ unsigned char ntlmv2[16]);
+
+int
+heim_ntlm_verify_ntlm2 (
+ const void */*key*/,
+ size_t /*len*/,
+ const char */*username*/,
+ const char */*target*/,
+ time_t /*now*/,
+ const unsigned char serverchallange[8],
+ const struct ntlm_buf */*answer*/,
+ struct ntlm_buf */*infotarget*/,
+ unsigned char ntlmv2[16]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __heimntlm_protos_h__ */
Added: vendor-crypto/heimdal/dist/lib/ntlm/heimntlm.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/heimntlm.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/heimntlm.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: heimntlm.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef HEIM_NTLM_H
+#define HEIM_NTLM_H
+
+/**
+ * Buffer for storing data in the NTLM library. When filled in by the
+ * library it should be freed with heim_ntlm_free_buf().
+ */
+struct ntlm_buf {
+ size_t length; /**< length buffer data */
+ void *data; /**< pointer to the data itself */
+};
+
+#define NTLM_NEG_UNICODE 0x00000001
+#define NTLM_NEG_TARGET 0x00000004
+#define NTLM_NEG_SIGN 0x00000010
+#define NTLM_NEG_SEAL 0x00000020
+#define NTLM_NEG_NTLM 0x00000200
+
+#define NTLM_SUPPLIED_DOMAIN 0x00001000
+#define NTLM_SUPPLIED_WORKSTAION 0x00002000
+
+#define NTLM_NEG_ALWAYS_SIGN 0x00008000
+#define NTLM_NEG_NTLM2_SESSION 0x00080000
+
+#define NTLM_TARGET_DOMAIN 0x00010000
+#define NTLM_TARGET_SERVER 0x00020000
+#define NTLM_ENC_128 0x20000000
+#define NTLM_NEG_KEYEX 0x40000000
+
+/**
+ * Struct for the NTLM target info, the strings is assumed to be in
+ * UTF8. When filled in by the library it should be freed with
+ * heim_ntlm_free_targetinfo().
+ */
+struct ntlm_targetinfo {
+ char *servername; /**< */
+ char *domainname; /**< */
+ char *dnsdomainname; /**< */
+ char *dnsservername; /**< */
+};
+
+/**
+ * Struct for the NTLM type1 message info, the strings is assumed to
+ * be in UTF8. When filled in by the library it should be freed with
+ * heim_ntlm_free_type1().
+ */
+
+struct ntlm_type1 {
+ uint32_t flags; /**< */
+ char *domain; /**< */
+ char *hostname; /**< */
+ uint32_t os[2]; /**< */
+};
+
+/**
+ * Struct for the NTLM type2 message info, the strings is assumed to
+ * be in UTF8. When filled in by the library it should be freed with
+ * heim_ntlm_free_type2().
+ */
+
+struct ntlm_type2 {
+ uint32_t flags; /**< */
+ char *targetname; /**< */
+ struct ntlm_buf targetinfo; /**< */
+ unsigned char challange[8]; /**< */
+ uint32_t context[2]; /**< */
+ uint32_t os[2]; /**< */
+};
+
+/**
+ * Struct for the NTLM type3 message info, the strings is assumed to
+ * be in UTF8. When filled in by the library it should be freed with
+ * heim_ntlm_free_type3().
+ */
+
+struct ntlm_type3 {
+ uint32_t flags; /**< */
+ char *username; /**< */
+ char *targetname; /**< */
+ struct ntlm_buf lm; /**< */
+ struct ntlm_buf ntlm; /**< */
+ struct ntlm_buf sessionkey; /**< */
+ char *ws; /**< */
+ uint32_t os[2]; /**< */
+};
+
+#include <heimntlm-protos.h>
+
+#endif /* NTLM_NTLM_H */
Added: vendor-crypto/heimdal/dist/lib/ntlm/ntlm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/ntlm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/ntlm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1364 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+RCSID("$Id: ntlm.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+
+#include <krb5.h>
+#include <roken.h>
+
+#include "krb5-types.h"
+#include "crypto-headers.h"
+
+#include <heimntlm.h>
+
+/*! \mainpage Heimdal NTLM library
+ *
+ * \section intro Introduction
+ *
+ * Heimdal libheimntlm library is a implementation of the NTLM
+ * protocol, both version 1 and 2. The GSS-API mech that uses this
+ * library adds support for transport encryption and integrity
+ * checking.
+ *
+ * NTLM is a protocol for mutual authentication, its still used in
+ * many protocol where Kerberos is not support, one example is
+ * EAP/X802.1x mechanism LEAP from Microsoft and Cisco.
+ *
+ * This is a support library for the core protocol, its used in
+ * Heimdal to implement and GSS-API mechanism. There is also support
+ * in the KDC to do remote digest authenticiation, this to allow
+ * services to authenticate users w/o direct access to the users ntlm
+ * hashes (same as Kerberos arcfour enctype hashes).
+ *
+ * More information about the NTLM protocol can found here
+ * http://davenport.sourceforge.net/ntlm.html .
+ *
+ * The Heimdal projects web page: http://www.h5l.org/
+ */
+
+/** @defgroup ntlm_core Heimdal NTLM library
+ *
+ * The NTLM core functions implement the string2key generation
+ * function, message encode and decode function, and the hash function
+ * functions.
+ */
+
+struct sec_buffer {
+ uint16_t length;
+ uint16_t allocated;
+ uint32_t offset;
+};
+
+static const unsigned char ntlmsigature[8] = "NTLMSSP\x00";
+
+/*
+ *
+ */
+
+#define CHECK(f, e) \
+ do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0)
+
+/**
+ * heim_ntlm_free_buf frees the ntlm buffer
+ *
+ * @param p buffer to be freed
+ *
+ * @ingroup ntlm_core
+ */
+
+void
+heim_ntlm_free_buf(struct ntlm_buf *p)
+{
+ if (p->data)
+ free(p->data);
+ p->data = NULL;
+ p->length = 0;
+}
+
+
+static int
+ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf)
+{
+ unsigned char *p;
+ size_t len, i;
+
+ len = strlen(string);
+ if (len / 2 > UINT_MAX)
+ return ERANGE;
+
+ buf->length = len * 2;
+ buf->data = malloc(buf->length);
+ if (buf->data == NULL && len != 0) {
+ heim_ntlm_free_buf(buf);
+ return ENOMEM;
+ }
+
+ p = buf->data;
+ for (i = 0; i < len; i++) {
+ unsigned char t = (unsigned char)string[i];
+ if (t & 0x80) {
+ heim_ntlm_free_buf(buf);
+ return EINVAL;
+ }
+ if (up)
+ t = toupper(t);
+ p[(i * 2) + 0] = t;
+ p[(i * 2) + 1] = 0;
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf)
+{
+ krb5_error_code ret;
+ CHECK(krb5_ret_uint16(sp, &buf->length), 0);
+ CHECK(krb5_ret_uint16(sp, &buf->allocated), 0);
+ CHECK(krb5_ret_uint32(sp, &buf->offset), 0);
+out:
+ return ret;
+}
+
+static krb5_error_code
+store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf)
+{
+ krb5_error_code ret;
+ CHECK(krb5_store_uint16(sp, buf->length), 0);
+ CHECK(krb5_store_uint16(sp, buf->allocated), 0);
+ CHECK(krb5_store_uint32(sp, buf->offset), 0);
+out:
+ return ret;
+}
+
+/*
+ * Strings are either OEM or UNICODE. The later is encoded as ucs2 on
+ * wire, but using utf8 in memory.
+ */
+
+static krb5_error_code
+len_string(int ucs2, const char *s)
+{
+ size_t len = strlen(s);
+ if (ucs2)
+ len *= 2;
+ return len;
+}
+
+static krb5_error_code
+ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s)
+{
+ krb5_error_code ret;
+
+ *s = malloc(desc->length + 1);
+ CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
+ CHECK(krb5_storage_read(sp, *s, desc->length), desc->length);
+ (*s)[desc->length] = '\0';
+
+ if (ucs2) {
+ size_t i;
+ for (i = 0; i < desc->length / 2; i++) {
+ (*s)[i] = (*s)[i * 2];
+ if ((*s)[i * 2 + 1]) {
+ free(*s);
+ *s = NULL;
+ return EINVAL;
+ }
+ }
+ (*s)[i] = '\0';
+ }
+ ret = 0;
+out:
+ return ret;
+
+ return 0;
+}
+
+static krb5_error_code
+put_string(krb5_storage *sp, int ucs2, const char *s)
+{
+ krb5_error_code ret;
+ struct ntlm_buf buf;
+
+ if (ucs2) {
+ ret = ascii2ucs2le(s, 0, &buf);
+ if (ret)
+ return ret;
+ } else {
+ buf.data = rk_UNCONST(s);
+ buf.length = strlen(s);
+ }
+
+ CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length);
+ if (ucs2)
+ heim_ntlm_free_buf(&buf);
+ ret = 0;
+out:
+ return ret;
+}
+
+/*
+ *
+ */
+
+static krb5_error_code
+ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf)
+{
+ krb5_error_code ret;
+
+ buf->data = malloc(desc->length);
+ buf->length = desc->length;
+ CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset);
+ CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length);
+ ret = 0;
+out:
+ return ret;
+}
+
+static krb5_error_code
+put_buf(krb5_storage *sp, const struct ntlm_buf *buf)
+{
+ krb5_error_code ret;
+ CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length);
+ ret = 0;
+out:
+ return ret;
+}
+
+/**
+ * Frees the ntlm_targetinfo message
+ *
+ * @param ti targetinfo to be freed
+ *
+ * @ingroup ntlm_core
+ */
+
+void
+heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti)
+{
+ free(ti->servername);
+ free(ti->domainname);
+ free(ti->dnsdomainname);
+ free(ti->dnsservername);
+ memset(ti, 0, sizeof(*ti));
+}
+
+static int
+encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s)
+{
+ krb5_error_code ret;
+ CHECK(krb5_store_uint16(out, type), 0);
+ CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0);
+ CHECK(put_string(out, ucs2, s), 0);
+out:
+ return ret;
+}
+
+/**
+ * Encodes a ntlm_targetinfo message.
+ *
+ * @param ti the ntlm_targetinfo message to encode.
+ * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
+ * @param data is the return buffer with the encoded message, should be
+ * freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti,
+ int ucs2,
+ struct ntlm_buf *data)
+{
+ krb5_error_code ret;
+ krb5_storage *out;
+
+ data->data = NULL;
+ data->length = 0;
+
+ out = krb5_storage_emem();
+ if (out == NULL)
+ return ENOMEM;
+
+ if (ti->servername)
+ CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0);
+ if (ti->domainname)
+ CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0);
+ if (ti->dnsservername)
+ CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0);
+ if (ti->dnsdomainname)
+ CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0);
+
+ /* end tag */
+ CHECK(krb5_store_int16(out, 0), 0);
+ CHECK(krb5_store_int16(out, 0), 0);
+
+ {
+ krb5_data d;
+ ret = krb5_storage_to_data(out, &d);
+ data->data = d.data;
+ data->length = d.length;
+ }
+out:
+ krb5_storage_free(out);
+ return ret;
+}
+
+/**
+ * Decodes an NTLM targetinfo message
+ *
+ * @param data input data buffer with the encode NTLM targetinfo message
+ * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
+ * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
+ int ucs2,
+ struct ntlm_targetinfo *ti)
+{
+ memset(ti, 0, sizeof(*ti));
+ return 0;
+}
+
+/**
+ * Frees the ntlm_type1 message
+ *
+ * @param data message to be freed
+ *
+ * @ingroup ntlm_core
+ */
+
+void
+heim_ntlm_free_type1(struct ntlm_type1 *data)
+{
+ if (data->domain)
+ free(data->domain);
+ if (data->hostname)
+ free(data->hostname);
+ memset(data, 0, sizeof(*data));
+}
+
+int
+heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
+{
+ krb5_error_code ret;
+ unsigned char sig[8];
+ uint32_t type;
+ struct sec_buffer domain, hostname;
+ krb5_storage *in;
+
+ memset(data, 0, sizeof(*data));
+
+ in = krb5_storage_from_readonly_mem(buf->data, buf->length);
+ if (in == NULL) {
+ ret = EINVAL;
+ goto out;
+ }
+ krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
+ CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
+ CHECK(krb5_ret_uint32(in, &type), 0);
+ CHECK(type, 1);
+ CHECK(krb5_ret_uint32(in, &data->flags), 0);
+ if (data->flags & NTLM_SUPPLIED_DOMAIN)
+ CHECK(ret_sec_buffer(in, &domain), 0);
+ if (data->flags & NTLM_SUPPLIED_WORKSTAION)
+ CHECK(ret_sec_buffer(in, &hostname), 0);
+#if 0
+ if (domain.offset > 32) {
+ CHECK(krb5_ret_uint32(in, &data->os[0]), 0);
+ CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
+ }
+#endif
+ if (data->flags & NTLM_SUPPLIED_DOMAIN)
+ CHECK(ret_string(in, 0, &domain, &data->domain), 0);
+ if (data->flags & NTLM_SUPPLIED_WORKSTAION)
+ CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
+
+out:
+ krb5_storage_free(in);
+ if (ret)
+ heim_ntlm_free_type1(data);
+
+ return ret;
+}
+
+/**
+ * Encodes an ntlm_type1 message.
+ *
+ * @param type1 the ntlm_type1 message to encode.
+ * @param data is the return buffer with the encoded message, should be
+ * freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
+{
+ krb5_error_code ret;
+ struct sec_buffer domain, hostname;
+ krb5_storage *out;
+ uint32_t base, flags;
+
+ flags = type1->flags;
+ base = 16;
+
+ if (type1->domain) {
+ base += 8;
+ flags |= NTLM_SUPPLIED_DOMAIN;
+ }
+ if (type1->hostname) {
+ base += 8;
+ flags |= NTLM_SUPPLIED_WORKSTAION;
+ }
+ if (type1->os[0])
+ base += 8;
+
+ if (type1->domain) {
+ domain.offset = base;
+ domain.length = len_string(0, type1->domain);
+ domain.allocated = domain.length;
+ }
+ if (type1->hostname) {
+ hostname.offset = domain.allocated + domain.offset;
+ hostname.length = len_string(0, type1->hostname);
+ hostname.allocated = hostname.length;
+ }
+
+ out = krb5_storage_emem();
+ if (out == NULL)
+ return ENOMEM;
+
+ krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
+ CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
+ sizeof(ntlmsigature));
+ CHECK(krb5_store_uint32(out, 1), 0);
+ CHECK(krb5_store_uint32(out, flags), 0);
+
+ if (type1->domain)
+ CHECK(store_sec_buffer(out, &domain), 0);
+ if (type1->hostname)
+ CHECK(store_sec_buffer(out, &hostname), 0);
+ if (type1->os[0]) {
+ CHECK(krb5_store_uint32(out, type1->os[0]), 0);
+ CHECK(krb5_store_uint32(out, type1->os[1]), 0);
+ }
+ if (type1->domain)
+ CHECK(put_string(out, 0, type1->domain), 0);
+ if (type1->hostname)
+ CHECK(put_string(out, 0, type1->hostname), 0);
+
+ {
+ krb5_data d;
+ ret = krb5_storage_to_data(out, &d);
+ data->data = d.data;
+ data->length = d.length;
+ }
+out:
+ krb5_storage_free(out);
+
+ return ret;
+}
+
+/**
+ * Frees the ntlm_type2 message
+ *
+ * @param data message to be freed
+ *
+ * @ingroup ntlm_core
+ */
+
+void
+heim_ntlm_free_type2(struct ntlm_type2 *data)
+{
+ if (data->targetname)
+ free(data->targetname);
+ heim_ntlm_free_buf(&data->targetinfo);
+ memset(data, 0, sizeof(*data));
+}
+
+int
+heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2)
+{
+ krb5_error_code ret;
+ unsigned char sig[8];
+ uint32_t type, ctx[2];
+ struct sec_buffer targetname, targetinfo;
+ krb5_storage *in;
+ int ucs2 = 0;
+
+ memset(type2, 0, sizeof(*type2));
+
+ in = krb5_storage_from_readonly_mem(buf->data, buf->length);
+ if (in == NULL) {
+ ret = EINVAL;
+ goto out;
+ }
+ krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
+ CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
+ CHECK(krb5_ret_uint32(in, &type), 0);
+ CHECK(type, 2);
+
+ CHECK(ret_sec_buffer(in, &targetname), 0);
+ CHECK(krb5_ret_uint32(in, &type2->flags), 0);
+ if (type2->flags & NTLM_NEG_UNICODE)
+ ucs2 = 1;
+ CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)),
+ sizeof(type2->challange));
+ CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */
+ CHECK(krb5_ret_uint32(in, &ctx[1]), 0);
+ CHECK(ret_sec_buffer(in, &targetinfo), 0);
+ /* os version */
+#if 0
+ CHECK(krb5_ret_uint32(in, &type2->os[0]), 0);
+ CHECK(krb5_ret_uint32(in, &type2->os[1]), 0);
+#endif
+
+ CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0);
+ CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0);
+ ret = 0;
+
+out:
+ krb5_storage_free(in);
+ if (ret)
+ heim_ntlm_free_type2(type2);
+
+ return ret;
+}
+
+/**
+ * Encodes an ntlm_type2 message.
+ *
+ * @param type2 the ntlm_type2 message to encode.
+ * @param data is the return buffer with the encoded message, should be
+ * freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data)
+{
+ struct sec_buffer targetname, targetinfo;
+ krb5_error_code ret;
+ krb5_storage *out = NULL;
+ uint32_t base;
+ int ucs2 = 0;
+
+ if (type2->os[0])
+ base = 56;
+ else
+ base = 48;
+
+ if (type2->flags & NTLM_NEG_UNICODE)
+ ucs2 = 1;
+
+ targetname.offset = base;
+ targetname.length = len_string(ucs2, type2->targetname);
+ targetname.allocated = targetname.length;
+
+ targetinfo.offset = targetname.allocated + targetname.offset;
+ targetinfo.length = type2->targetinfo.length;
+ targetinfo.allocated = type2->targetinfo.length;
+
+ out = krb5_storage_emem();
+ if (out == NULL)
+ return ENOMEM;
+
+ krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
+ CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
+ sizeof(ntlmsigature));
+ CHECK(krb5_store_uint32(out, 2), 0);
+ CHECK(store_sec_buffer(out, &targetname), 0);
+ CHECK(krb5_store_uint32(out, type2->flags), 0);
+ CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)),
+ sizeof(type2->challange));
+ CHECK(krb5_store_uint32(out, 0), 0); /* context */
+ CHECK(krb5_store_uint32(out, 0), 0);
+ CHECK(store_sec_buffer(out, &targetinfo), 0);
+ /* os version */
+ if (type2->os[0]) {
+ CHECK(krb5_store_uint32(out, type2->os[0]), 0);
+ CHECK(krb5_store_uint32(out, type2->os[1]), 0);
+ }
+ CHECK(put_string(out, ucs2, type2->targetname), 0);
+ CHECK(krb5_storage_write(out, type2->targetinfo.data,
+ type2->targetinfo.length),
+ type2->targetinfo.length);
+
+ {
+ krb5_data d;
+ ret = krb5_storage_to_data(out, &d);
+ data->data = d.data;
+ data->length = d.length;
+ }
+
+out:
+ krb5_storage_free(out);
+
+ return ret;
+}
+
+/**
+ * Frees the ntlm_type3 message
+ *
+ * @param data message to be freed
+ *
+ * @ingroup ntlm_core
+ */
+
+void
+heim_ntlm_free_type3(struct ntlm_type3 *data)
+{
+ heim_ntlm_free_buf(&data->lm);
+ heim_ntlm_free_buf(&data->ntlm);
+ if (data->targetname)
+ free(data->targetname);
+ if (data->username)
+ free(data->username);
+ if (data->ws)
+ free(data->ws);
+ heim_ntlm_free_buf(&data->sessionkey);
+ memset(data, 0, sizeof(*data));
+}
+
+/*
+ *
+ */
+
+int
+heim_ntlm_decode_type3(const struct ntlm_buf *buf,
+ int ucs2,
+ struct ntlm_type3 *type3)
+{
+ krb5_error_code ret;
+ unsigned char sig[8];
+ uint32_t type;
+ krb5_storage *in;
+ struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
+
+ memset(type3, 0, sizeof(*type3));
+ memset(&sessionkey, 0, sizeof(sessionkey));
+
+ in = krb5_storage_from_readonly_mem(buf->data, buf->length);
+ if (in == NULL) {
+ ret = EINVAL;
+ goto out;
+ }
+ krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig));
+ CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0);
+ CHECK(krb5_ret_uint32(in, &type), 0);
+ CHECK(type, 3);
+ CHECK(ret_sec_buffer(in, &lm), 0);
+ CHECK(ret_sec_buffer(in, &ntlm), 0);
+ CHECK(ret_sec_buffer(in, &target), 0);
+ CHECK(ret_sec_buffer(in, &username), 0);
+ CHECK(ret_sec_buffer(in, &ws), 0);
+ if (lm.offset >= 60) {
+ CHECK(ret_sec_buffer(in, &sessionkey), 0);
+ }
+ if (lm.offset >= 64) {
+ CHECK(krb5_ret_uint32(in, &type3->flags), 0);
+ }
+ if (lm.offset >= 72) {
+ CHECK(krb5_ret_uint32(in, &type3->os[0]), 0);
+ CHECK(krb5_ret_uint32(in, &type3->os[1]), 0);
+ }
+ CHECK(ret_buf(in, &lm, &type3->lm), 0);
+ CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0);
+ CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0);
+ CHECK(ret_string(in, ucs2, &username, &type3->username), 0);
+ CHECK(ret_string(in, ucs2, &ws, &type3->ws), 0);
+ if (sessionkey.offset)
+ CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0);
+
+out:
+ krb5_storage_free(in);
+ if (ret)
+ heim_ntlm_free_type3(type3);
+
+ return ret;
+}
+
+/**
+ * Encodes an ntlm_type3 message.
+ *
+ * @param type3 the ntlm_type3 message to encode.
+ * @param data is the return buffer with the encoded message, should be
+ * freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data)
+{
+ struct sec_buffer lm, ntlm, target, username, sessionkey, ws;
+ krb5_error_code ret;
+ krb5_storage *out = NULL;
+ uint32_t base;
+ int ucs2 = 0;
+
+ memset(&lm, 0, sizeof(lm));
+ memset(&ntlm, 0, sizeof(ntlm));
+ memset(&target, 0, sizeof(target));
+ memset(&username, 0, sizeof(username));
+ memset(&ws, 0, sizeof(ws));
+ memset(&sessionkey, 0, sizeof(sessionkey));
+
+ base = 52;
+ if (type3->sessionkey.length) {
+ base += 8; /* sessionkey sec buf */
+ base += 4; /* flags */
+ }
+ if (type3->os[0]) {
+ base += 8;
+ }
+
+ if (type3->flags & NTLM_NEG_UNICODE)
+ ucs2 = 1;
+
+ lm.offset = base;
+ lm.length = type3->lm.length;
+ lm.allocated = type3->lm.length;
+
+ ntlm.offset = lm.offset + lm.allocated;
+ ntlm.length = type3->ntlm.length;
+ ntlm.allocated = ntlm.length;
+
+ target.offset = ntlm.offset + ntlm.allocated;
+ target.length = len_string(ucs2, type3->targetname);
+ target.allocated = target.length;
+
+ username.offset = target.offset + target.allocated;
+ username.length = len_string(ucs2, type3->username);
+ username.allocated = username.length;
+
+ ws.offset = username.offset + username.allocated;
+ ws.length = len_string(ucs2, type3->ws);
+ ws.allocated = ws.length;
+
+ sessionkey.offset = ws.offset + ws.allocated;
+ sessionkey.length = type3->sessionkey.length;
+ sessionkey.allocated = type3->sessionkey.length;
+
+ out = krb5_storage_emem();
+ if (out == NULL)
+ return ENOMEM;
+
+ krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE);
+ CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)),
+ sizeof(ntlmsigature));
+ CHECK(krb5_store_uint32(out, 3), 0);
+
+ CHECK(store_sec_buffer(out, &lm), 0);
+ CHECK(store_sec_buffer(out, &ntlm), 0);
+ CHECK(store_sec_buffer(out, &target), 0);
+ CHECK(store_sec_buffer(out, &username), 0);
+ CHECK(store_sec_buffer(out, &ws), 0);
+ /* optional */
+ if (type3->sessionkey.length) {
+ CHECK(store_sec_buffer(out, &sessionkey), 0);
+ CHECK(krb5_store_uint32(out, type3->flags), 0);
+ }
+#if 0
+ CHECK(krb5_store_uint32(out, 0), 0); /* os0 */
+ CHECK(krb5_store_uint32(out, 0), 0); /* os1 */
+#endif
+
+ CHECK(put_buf(out, &type3->lm), 0);
+ CHECK(put_buf(out, &type3->ntlm), 0);
+ CHECK(put_string(out, ucs2, type3->targetname), 0);
+ CHECK(put_string(out, ucs2, type3->username), 0);
+ CHECK(put_string(out, ucs2, type3->ws), 0);
+ CHECK(put_buf(out, &type3->sessionkey), 0);
+
+ {
+ krb5_data d;
+ ret = krb5_storage_to_data(out, &d);
+ data->data = d.data;
+ data->length = d.length;
+ }
+
+out:
+ krb5_storage_free(out);
+
+ return ret;
+}
+
+
+/*
+ *
+ */
+
+static void
+splitandenc(unsigned char *hash,
+ unsigned char *challange,
+ unsigned char *answer)
+{
+ DES_cblock key;
+ DES_key_schedule sched;
+
+ ((unsigned char*)key)[0] = hash[0];
+ ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1);
+ ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2);
+ ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3);
+ ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4);
+ ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5);
+ ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6);
+ ((unsigned char*)key)[7] = (hash[6] << 1);
+
+ DES_set_odd_parity(&key);
+ DES_set_key(&key, &sched);
+ DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1);
+ memset(&sched, 0, sizeof(sched));
+ memset(key, 0, sizeof(key));
+}
+
+/**
+ * Calculate the NTLM key, the password is assumed to be in UTF8.
+ *
+ * @param password password to calcute the key for.
+ * @param key calcuted key, should be freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_nt_key(const char *password, struct ntlm_buf *key)
+{
+ struct ntlm_buf buf;
+ MD4_CTX ctx;
+ int ret;
+
+ key->data = malloc(MD5_DIGEST_LENGTH);
+ if (key->data == NULL)
+ return ENOMEM;
+ key->length = MD5_DIGEST_LENGTH;
+
+ ret = ascii2ucs2le(password, 0, &buf);
+ if (ret) {
+ heim_ntlm_free_buf(key);
+ return ret;
+ }
+ MD4_Init(&ctx);
+ MD4_Update(&ctx, buf.data, buf.length);
+ MD4_Final(key->data, &ctx);
+ heim_ntlm_free_buf(&buf);
+ return 0;
+}
+
+/**
+ * Calculate NTLMv1 response hash
+ *
+ * @param key the ntlm v1 key
+ * @param len length of key
+ * @param challange sent by the server
+ * @param answer calculated answer, should be freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_calculate_ntlm1(void *key, size_t len,
+ unsigned char challange[8],
+ struct ntlm_buf *answer)
+{
+ unsigned char res[21];
+
+ if (len != MD4_DIGEST_LENGTH)
+ return EINVAL;
+
+ memcpy(res, key, len);
+ memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH);
+
+ answer->data = malloc(24);
+ if (answer->data == NULL)
+ return ENOMEM;
+ answer->length = 24;
+
+ splitandenc(&res[0], challange, ((unsigned char *)answer->data) + 0);
+ splitandenc(&res[7], challange, ((unsigned char *)answer->data) + 8);
+ splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16);
+
+ return 0;
+}
+
+/**
+ * Generates an NTLMv1 session random with assosited session master key.
+ *
+ * @param key the ntlm v1 key
+ * @param len length of key
+ * @param session generated session nonce, should be freed with heim_ntlm_free_buf().
+ * @param master calculated session master key, should be freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_build_ntlm1_master(void *key, size_t len,
+ struct ntlm_buf *session,
+ struct ntlm_buf *master)
+{
+ RC4_KEY rc4;
+
+ memset(master, 0, sizeof(*master));
+ memset(session, 0, sizeof(*session));
+
+ if (len != MD4_DIGEST_LENGTH)
+ return EINVAL;
+
+ session->length = MD4_DIGEST_LENGTH;
+ session->data = malloc(session->length);
+ if (session->data == NULL) {
+ session->length = 0;
+ return EINVAL;
+ }
+ master->length = MD4_DIGEST_LENGTH;
+ master->data = malloc(master->length);
+ if (master->data == NULL) {
+ heim_ntlm_free_buf(master);
+ heim_ntlm_free_buf(session);
+ return EINVAL;
+ }
+
+ {
+ unsigned char sessionkey[MD4_DIGEST_LENGTH];
+ MD4_CTX ctx;
+
+ MD4_Init(&ctx);
+ MD4_Update(&ctx, key, len);
+ MD4_Final(sessionkey, &ctx);
+
+ RC4_set_key(&rc4, sizeof(sessionkey), sessionkey);
+ }
+
+ if (RAND_bytes(session->data, session->length) != 1) {
+ heim_ntlm_free_buf(master);
+ heim_ntlm_free_buf(session);
+ return EINVAL;
+ }
+
+ RC4(&rc4, master->length, session->data, master->data);
+ memset(&rc4, 0, sizeof(rc4));
+
+ return 0;
+}
+
+/**
+ * Generates an NTLMv2 session key.
+ *
+ * @param key the ntlm key
+ * @param len length of key
+ * @param username name of the user, as sent in the message, assumed to be in UTF8.
+ * @param target the name of the target, assumed to be in UTF8.
+ * @param ntlmv2 the ntlmv2 session key
+ *
+ * @ingroup ntlm_core
+ */
+
+void
+heim_ntlm_ntlmv2_key(const void *key, size_t len,
+ const char *username,
+ const char *target,
+ unsigned char ntlmv2[16])
+{
+ unsigned int hmaclen;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+ HMAC_Init_ex(&c, key, len, EVP_md5(), NULL);
+ {
+ struct ntlm_buf buf;
+ /* uppercase username and turn it inte ucs2-le */
+ ascii2ucs2le(username, 1, &buf);
+ HMAC_Update(&c, buf.data, buf.length);
+ free(buf.data);
+ /* uppercase target and turn into ucs2-le */
+ ascii2ucs2le(target, 1, &buf);
+ HMAC_Update(&c, buf.data, buf.length);
+ free(buf.data);
+ }
+ HMAC_Final(&c, ntlmv2, &hmaclen);
+ HMAC_CTX_cleanup(&c);
+
+}
+
+/*
+ *
+ */
+
+#define NTTIME_EPOCH 0x019DB1DED53E8000LL
+
+static uint64_t
+unix2nttime(time_t unix_time)
+{
+ long long wt;
+ wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
+ return wt;
+}
+
+static time_t
+nt2unixtime(uint64_t t)
+{
+ t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000);
+ if (t > (((time_t)(~(uint64_t)0)) >> 1))
+ return 0;
+ return (time_t)t;
+}
+
+
+/**
+ * Calculate NTLMv2 response
+ *
+ * @param key the ntlm key
+ * @param len length of key
+ * @param username name of the user, as sent in the message, assumed to be in UTF8.
+ * @param target the name of the target, assumed to be in UTF8.
+ * @param serverchallange challange as sent by the server in the type2 message.
+ * @param infotarget infotarget as sent by the server in the type2 message.
+ * @param ntlmv2 calculated session key
+ * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_calculate_ntlm2(const void *key, size_t len,
+ const char *username,
+ const char *target,
+ const unsigned char serverchallange[8],
+ const struct ntlm_buf *infotarget,
+ unsigned char ntlmv2[16],
+ struct ntlm_buf *answer)
+{
+ krb5_error_code ret;
+ krb5_data data;
+ unsigned int hmaclen;
+ unsigned char ntlmv2answer[16];
+ krb5_storage *sp;
+ unsigned char clientchallange[8];
+ HMAC_CTX c;
+ uint64_t t;
+
+ t = unix2nttime(time(NULL));
+
+ if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1)
+ return EINVAL;
+
+ /* calculate ntlmv2 key */
+
+ heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
+
+ /* calculate and build ntlmv2 answer */
+
+ sp = krb5_storage_emem();
+ if (sp == NULL)
+ return ENOMEM;
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(krb5_store_uint32(sp, 0x00000101), 0);
+ CHECK(krb5_store_uint32(sp, 0), 0);
+ /* timestamp le 64 bit ts */
+ CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0);
+ CHECK(krb5_store_uint32(sp, t >> 32), 0);
+
+ CHECK(krb5_storage_write(sp, clientchallange, 8), 8);
+
+ CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
+ CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length),
+ infotarget->length);
+ CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */
+
+ CHECK(krb5_storage_to_data(sp, &data), 0);
+ krb5_storage_free(sp);
+ sp = NULL;
+
+ HMAC_CTX_init(&c);
+ HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
+ HMAC_Update(&c, serverchallange, 8);
+ HMAC_Update(&c, data.data, data.length);
+ HMAC_Final(&c, ntlmv2answer, &hmaclen);
+ HMAC_CTX_cleanup(&c);
+
+ sp = krb5_storage_emem();
+ if (sp == NULL) {
+ krb5_data_free(&data);
+ return ENOMEM;
+ }
+
+ CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16);
+ CHECK(krb5_storage_write(sp, data.data, data.length), data.length);
+ krb5_data_free(&data);
+
+ CHECK(krb5_storage_to_data(sp, &data), 0);
+ krb5_storage_free(sp);
+ sp = NULL;
+
+ answer->data = data.data;
+ answer->length = data.length;
+
+ return 0;
+out:
+ if (sp)
+ krb5_storage_free(sp);
+ return ret;
+}
+
+static const int authtimediff = 3600 * 2; /* 2 hours */
+
+/**
+ * Verify NTLMv2 response.
+ *
+ * @param key the ntlm key
+ * @param len length of key
+ * @param username name of the user, as sent in the message, assumed to be in UTF8.
+ * @param target the name of the target, assumed to be in UTF8.
+ * @param now the time now (0 if the library should pick it up itself)
+ * @param serverchallange challange as sent by the server in the type2 message.
+ * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
+ * @param infotarget infotarget as sent by the server in the type2 message.
+ * @param ntlmv2 calculated session key
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_verify_ntlm2(const void *key, size_t len,
+ const char *username,
+ const char *target,
+ time_t now,
+ const unsigned char serverchallange[8],
+ const struct ntlm_buf *answer,
+ struct ntlm_buf *infotarget,
+ unsigned char ntlmv2[16])
+{
+ krb5_error_code ret;
+ unsigned int hmaclen;
+ unsigned char clientanswer[16];
+ unsigned char clientnonce[8];
+ unsigned char serveranswer[16];
+ krb5_storage *sp;
+ HMAC_CTX c;
+ uint64_t t;
+ time_t authtime;
+ uint32_t temp;
+
+ infotarget->length = 0;
+ infotarget->data = NULL;
+
+ if (answer->length < 16)
+ return EINVAL;
+
+ if (now == 0)
+ now = time(NULL);
+
+ /* calculate ntlmv2 key */
+
+ heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2);
+
+ /* calculate and build ntlmv2 answer */
+
+ sp = krb5_storage_from_readonly_mem(answer->data, answer->length);
+ if (sp == NULL)
+ return ENOMEM;
+ krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
+
+ CHECK(krb5_storage_read(sp, clientanswer, 16), 16);
+
+ CHECK(krb5_ret_uint32(sp, &temp), 0);
+ CHECK(temp, 0x00000101);
+ CHECK(krb5_ret_uint32(sp, &temp), 0);
+ CHECK(temp, 0);
+ /* timestamp le 64 bit ts */
+ CHECK(krb5_ret_uint32(sp, &temp), 0);
+ t = temp;
+ CHECK(krb5_ret_uint32(sp, &temp), 0);
+ t |= ((uint64_t)temp)<< 32;
+
+ authtime = nt2unixtime(t);
+
+ if (abs((int)(authtime - now)) > authtimediff) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ /* client challange */
+ CHECK(krb5_storage_read(sp, clientnonce, 8), 8);
+
+ CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */
+
+ /* should really unparse the infotarget, but lets pick up everything */
+ infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR);
+ infotarget->data = malloc(infotarget->length);
+ if (infotarget->data == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length),
+ infotarget->length);
+ /* XXX remove the unknown ?? */
+ krb5_storage_free(sp);
+ sp = NULL;
+
+ HMAC_CTX_init(&c);
+ HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
+ HMAC_Update(&c, serverchallange, 8);
+ HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
+ HMAC_Final(&c, serveranswer, &hmaclen);
+ HMAC_CTX_cleanup(&c);
+
+ if (memcmp(serveranswer, clientanswer, 16) != 0) {
+ heim_ntlm_free_buf(infotarget);
+ return EINVAL;
+ }
+
+ return 0;
+out:
+ heim_ntlm_free_buf(infotarget);
+ if (sp)
+ krb5_storage_free(sp);
+ return ret;
+}
+
+
+/*
+ * Calculate the NTLM2 Session Response
+ *
+ * @param clnt_nonce client nonce
+ * @param svr_chal server challage
+ * @param ntlm2_hash ntlm hash
+ * @param lm The LM response, should be freed with heim_ntlm_free_buf().
+ * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf().
+ *
+ * @return In case of success 0 is return, an errors, a errno in what
+ * went wrong.
+ *
+ * @ingroup ntlm_core
+ */
+
+int
+heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8],
+ const unsigned char svr_chal[8],
+ const unsigned char ntlm_hash[16],
+ struct ntlm_buf *lm,
+ struct ntlm_buf *ntlm)
+{
+ unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH];
+ unsigned char res[21], *resp;
+ MD5_CTX md5;
+
+ lm->data = malloc(24);
+ if (lm->data == NULL)
+ return ENOMEM;
+ lm->length = 24;
+
+ ntlm->data = malloc(24);
+ if (ntlm->data == NULL) {
+ free(lm->data);
+ lm->data = NULL;
+ return ENOMEM;
+ }
+ ntlm->length = 24;
+
+ /* first setup the lm resp */
+ memset(lm->data, 0, 24);
+ memcpy(lm->data, clnt_nonce, 8);
+
+ MD5_Init(&md5);
+ MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */
+ MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */
+ MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */
+
+ memset(res, 0, sizeof(res));
+ memcpy(res, ntlm_hash, 16);
+
+ resp = ntlm->data;
+ splitandenc(&res[0], ntlm2_sess_hash, resp + 0);
+ splitandenc(&res[7], ntlm2_sess_hash, resp + 8);
+ splitandenc(&res[14], ntlm2_sess_hash, resp + 16);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/ntlm/test_ntlm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/test_ntlm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/test_ntlm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,339 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+RCSID("$Id: test_ntlm.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <krb5.h>
+#include <heimntlm.h>
+
+static int
+test_parse(void)
+{
+ const char *user = "foo",
+ *domain = "mydomain",
+ *password = "digestpassword",
+ *target = "DOMAIN";
+ struct ntlm_type1 type1;
+ struct ntlm_type2 type2;
+ struct ntlm_type3 type3;
+ struct ntlm_buf data;
+ krb5_error_code ret;
+ int flags;
+
+ memset(&type1, 0, sizeof(type1));
+
+ type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
+ type1.domain = rk_UNCONST(domain);
+ type1.hostname = NULL;
+ type1.os[0] = 0;
+ type1.os[1] = 0;
+
+ ret = heim_ntlm_encode_type1(&type1, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type1");
+
+ memset(&type1, 0, sizeof(type1));
+
+ ret = heim_ntlm_decode_type1(&data, &type1);
+ free(data.data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type1");
+
+ heim_ntlm_free_type1(&type1);
+
+ /*
+ *
+ */
+
+ memset(&type2, 0, sizeof(type2));
+
+ flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
+ type2.flags = flags;
+
+ memset(type2.challange, 0x7f, sizeof(type2.challange));
+ type2.targetname = rk_UNCONST(target);
+ type2.targetinfo.data = NULL;
+ type2.targetinfo.length = 0;
+
+ ret = heim_ntlm_encode_type2(&type2, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type2");
+
+ memset(&type2, 0, sizeof(type2));
+
+ ret = heim_ntlm_decode_type2(&data, &type2);
+ free(data.data);
+ if (ret)
+ errx(1, "heim_ntlm_decode_type2");
+
+ heim_ntlm_free_type2(&type2);
+
+ /*
+ *
+ */
+
+ memset(&type3, 0, sizeof(type3));
+
+ type3.flags = flags;
+ type3.username = rk_UNCONST(user);
+ type3.targetname = rk_UNCONST(target);
+ type3.ws = rk_UNCONST("workstation");
+
+ {
+ struct ntlm_buf key;
+ heim_ntlm_nt_key(password, &key);
+
+ heim_ntlm_calculate_ntlm1(key.data, key.length,
+ type2.challange,
+ &type3.ntlm);
+ free(key.data);
+ }
+
+ ret = heim_ntlm_encode_type3(&type3, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type3");
+
+ free(type3.ntlm.data);
+
+ memset(&type3, 0, sizeof(type3));
+
+ ret = heim_ntlm_decode_type3(&data, 1, &type3);
+ free(data.data);
+ if (ret)
+ errx(1, "heim_ntlm_decode_type3");
+
+ if (strcmp("workstation", type3.ws) != 0)
+ errx(1, "type3 ws wrong");
+
+ if (strcmp(target, type3.targetname) != 0)
+ errx(1, "type3 targetname wrong");
+
+ if (strcmp(user, type3.username) != 0)
+ errx(1, "type3 username wrong");
+
+
+ heim_ntlm_free_type3(&type3);
+
+ /*
+ * NTLMv2
+ */
+
+ memset(&type2, 0, sizeof(type2));
+
+ flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
+ type2.flags = flags;
+
+ memset(type2.challange, 0x7f, sizeof(type2.challange));
+ type2.targetname = rk_UNCONST(target);
+ type2.targetinfo.data = "\x00\x00";
+ type2.targetinfo.length = 2;
+
+ ret = heim_ntlm_encode_type2(&type2, &data);
+ if (ret)
+ errx(1, "heim_ntlm_encode_type2");
+
+ memset(&type2, 0, sizeof(type2));
+
+ ret = heim_ntlm_decode_type2(&data, &type2);
+ free(data.data);
+ if (ret)
+ errx(1, "heim_ntlm_decode_type2");
+
+ heim_ntlm_free_type2(&type2);
+
+ return 0;
+}
+
+static int
+test_keys(void)
+{
+ const char
+ *username = "test",
+ *password = "test1234",
+ *target = "TESTNT";
+ const unsigned char
+ serverchallange[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
+ struct ntlm_buf infotarget, infotarget2, answer, key;
+ unsigned char ntlmv2[16], ntlmv2_1[16];
+ int ret;
+
+ infotarget.length = 70;
+ infotarget.data =
+ "\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
+ "\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
+ "\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
+ "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
+ "\x00\x6d\x00"
+ "\x00\x00\x00\x00";
+
+ answer.length = 0;
+ answer.data = NULL;
+
+ heim_ntlm_nt_key(password, &key);
+
+ ret = heim_ntlm_calculate_ntlm2(key.data,
+ key.length,
+ username,
+ target,
+ serverchallange,
+ &infotarget,
+ ntlmv2,
+ &answer);
+ if (ret)
+ errx(1, "heim_ntlm_calculate_ntlm2");
+
+ ret = heim_ntlm_verify_ntlm2(key.data,
+ key.length,
+ username,
+ target,
+ 0,
+ serverchallange,
+ &answer,
+ &infotarget2,
+ ntlmv2_1);
+ if (ret)
+ errx(1, "heim_ntlm_verify_ntlm2");
+
+ if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
+ errx(1, "ntlm master key not same");
+
+ if (infotarget.length > infotarget2.length)
+ errx(1, "infotarget length");
+
+ if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
+ errx(1, "infotarget not the same");
+
+ free(key.data);
+ free(answer.data);
+ free(infotarget2.data);
+
+ return 0;
+}
+
+static int
+test_ntlm2_session_resp(void)
+{
+ int ret;
+ struct ntlm_buf lm, ntlm;
+
+ const unsigned char lm_resp[24] =
+ "\xff\xff\xff\x00\x11\x22\x33\x44"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00";
+ const unsigned char ntlm2_sess_resp[24] =
+ "\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
+ "\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
+ "\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
+
+ const unsigned char client_nonce[8] =
+ "\xff\xff\xff\x00\x11\x22\x33\x44";
+ const unsigned char server_challange[8] =
+ "\x01\x23\x45\x67\x89\xab\xcd\xef";
+
+ const unsigned char ntlm_hash[16] =
+ "\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
+ "\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
+
+ ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
+ server_challange,
+ ntlm_hash,
+ &lm,
+ &ntlm);
+ if (ret)
+ errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
+
+ if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
+ errx(1, "lm_resp wrong");
+ if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
+ errx(1, "ntlm2_sess_resp wrong");
+
+ free(lm.data);
+ free(ntlm.data);
+
+
+ return 0;
+}
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag, "print version", NULL },
+ {"help", 0, arg_flag, &help_flag, NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args),
+ NULL, "");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ret = 0, optind = 0;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ printf("test_parse\n");
+ ret += test_parse();
+ printf("test_keys\n");
+ ret += test_keys();
+ printf("test_ntlm2_session_resp\n");
+ ret += test_ntlm2_session_resp();
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/ntlm/version-script.map
===================================================================
--- vendor-crypto/heimdal/dist/lib/ntlm/version-script.map (rev 0)
+++ vendor-crypto/heimdal/dist/lib/ntlm/version-script.map 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,27 @@
+# $Id: version-script.map,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+HEIMDAL_NTLM_1.0 {
+ global:
+ heim_ntlm_build_ntlm1_master;
+ heim_ntlm_calculate_ntlm1;
+ heim_ntlm_calculate_ntlm2;
+ heim_ntlm_calculate_ntlm2_sess;
+ heim_ntlm_decode_targetinfo;
+ heim_ntlm_decode_type1;
+ heim_ntlm_decode_type2;
+ heim_ntlm_decode_type3;
+ heim_ntlm_encode_targetinfo;
+ heim_ntlm_encode_type1;
+ heim_ntlm_encode_type2;
+ heim_ntlm_encode_type3;
+ heim_ntlm_free_buf;
+ heim_ntlm_free_targetinfo;
+ heim_ntlm_free_type1;
+ heim_ntlm_free_type2;
+ heim_ntlm_free_type3;
+ heim_ntlm_nt_key;
+ heim_ntlm_ntlmv2_key;
+ heim_ntlm_verify_ntlm2;
+ local:
+ *;
+};
Added: vendor-crypto/heimdal/dist/lib/roken/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2196 @@
+2008-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add missing files.
+
+2007-08-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strftime.c: rewrite str[pf]time for testing.
+
+ * strptime.c: rewrite str[pf]time for testing.
+
+ * Makefile.am: add TEST_STRPFTIME
+
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ndbm_wrap.c (dbm_get): set dsize to 0 on failure.
+
+ * Makefile.am: add ndbm_wrap.[ch] to EXTRA_DIST
+
+ * ndbm_wrap.c (dbm_fetch): set dsize to 0 on failure.
+
+2007-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket_wrapper.c: Implement swrap_dup too.
+
+ * socket_wrapper.c: Add dup(dummy stub) and dup2(real).
+
+ * socket_wrapper.h: Add dup(dummy stub) and dup2(real).
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: New library version.
+
+2007-06-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken_gethostby.c: set proxy_port to 0 to pacify BEAM.
+
+2007-06-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * use "roken.h" consitantly
+
+2007-06-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test-readenv.c: Free environment.
+
+ * environment.c (free_environment): free result of
+ read_environment().
+
+ * roken-common.h (free_environment): free result of
+ read_environment().
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fnmatch.c: Do recursive call to rk_fnmatch
+
+2007-01-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c: Try harder to call res_ndestroy().
+
+2006-12-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: make sure built headers are copied to the
+ ${build_topdir}/include
+
+2006-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * unvis.c: Use internal version of rk_unvis
+
+ * unvis.c: Always include rk_versions.
+
+ * vis.c: Always include rk_versions.
+
+ * vis.hin: Fix argument for unvis and strsvisx.
+
+ * unvis.c: prefix unvis functions with rk_, and prototypes.
+
+2006-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * vis.c: Provide some prototypes for the rk_vis functions.
+
+2006-12-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ifaddrs.hin: Prefix getifaddrs functions with rk_ and do symbol
+ renaming.
+
+ * fnmatch.c: Prefix fnmatch functions with rk_ and do symbol
+ renaming.
+
+ * vis.hin: Prefix strvis functions with rk_ and do symbol
+ renaming.
+
+ * vis.c: prefix strvis functions with rk_
+
+ * Makefile.am: Install extra posix headers in <roken/...> to avoid
+ dup headers.
+
+2006-11-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket_wrapper.c (swrap_sendto): fail on to unknown si->type
+
+2006-11-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket_wrapper.c: A few fixes to have Heimdal pass the make
+ check under socket_wrapper. The first is a missing 'break' before
+ the (heimdal specific) IPv6 support. The second works around the
+ fact that sendto() *may* object to a destination being specified.
+ It appears to be that on Linux, this objects (with EISCONN) for
+ unix stream sockets, but not for TCP sockets. The alternate fix
+ would be to have the KDC use 'send()' in this case. Andrew Bartlett.
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: split dist and nondist HEADERS
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken.h.in: Add timegm glue.
+
+ * timegm.c: add timegm()
+
+ * socket_wrapper.c: Include <roken.h>, gives os socklen_t on IRIX
+ 6.4.
+
+ * socket_wrapper.c: Maybe include <sys/time.h> and/or maybe
+ include <time.h>.
+
+2006-10-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken.h.in: Revert prevois for now, the problem is that we have
+ to include symbols unconditionally, even for those that just needs
+ protos.
+
+ * roken.h.in: Provide symbol renaming, let see what breaks.
+
+ * socket_wrapper.c: Maybe include <sys/filio.h>.
+
+2006-10-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket_wrapper.c: more consitity check, remove dead code, add
+ socket length code, add missing break, make diffrent chars of type
+ type files for case-insensitiv filesystems
+
+ * socket_wrapper.c: try even hard to not use socket wrapper for
+ socket_wrapper itself.
+
+ * socket_wrapper.c: Force no socket wrapper for socket_wrapper
+ itself.
+
+2006-10-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket_wrapper.c: Maybe include <config.h>.
+
+ * socket_wrapper.c: Protect AF_INET6 with #ifdef HAVE_IPV6.
+
+ * socket_wrapper.c: Use a symbol for the v6 address.
+
+ * socket_wrapper.c: Add IPv6 suppport.
+
+ * socket_wrapper.[ch]: Include socket wrapper from samba4 (rev
+ 19179).
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add build_HEADERZ to EXTRA_DIST
+
+ * Makefile.am: Add man_MANS to EXTRA_DIST
+
+ * Makefile.am: Add to all objects BUILD_ROKEN_LIB.
+
+2006-09-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken.h.in: Add samba socket wrapper fragment.
+
+ * Makefile.am: Add samba socket wrapper fragment.
+
+2006-09-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * snprintf.c: reapply patch that went away in last commit
+
+ * snprintf-test.c: unbreak from previous commit
+
+ * snprintf.c: Add size_t formater (z modifer).
+
+ * snprintf-test.c: add tests for size_t printf formater
+
+2006-06-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rtbl.h: Add extern "C" for C++.
+
+ * rtbl.c: Add rtbl_add_column_entryv functions, printf like
+
+ * rtbl.h: Add rtbl_add_column_entryv functions, printf like
+
+2006-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * glob.hin: Add extern "C" for C++. From joerg at britannica dot
+ bec dot de
+
+ * fnmatch.hin: Add extern "C" for C++. From joerg at britannica
+ dot bec dot de
+
+2006-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * fnmatch.hin (fnmatch): CPP rename to rk_fnmatch
+
+2006-04-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c (dns_srv_order): change a if (ptr == NULL) continue
+ into a assert(ptr != NULL) since it could never happen, found by
+ the IBM code checker (beam). Thanks to Florian Krohm for
+ explaining it.
+
+2006-04-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken_gethostby.c (roken_gethostby): make addr_list one larger
+ to avoid a off-by-one error. Found by IBM checker.
+
+ * resolve.c: Plug memory leak found by IBM checker (and try to
+ please it).
+
+2006-02-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c: Spelling, from Alexey Dobriyan, via Jason McIntyre
+
+2006-01-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getcap.c: Don't use db support unless its build into libc but we
+ dont check for that now, so just disable the code. This removes
+ the dependency on libdb for roken, and that is a good thing since
+ it causes problem with nss plugins that uses DB3 that also
+ provides the same symbol, but with a diffrent ABI. so when the
+ application calls getpwnamn() and it linked to roken, it craches
+ in the nss functions.
+
+2006-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hex.c (hex_decode): support decoding odd number of characters,
+ in the odd len case, the first character ends up in the first byte
+ in the lower nibble.
+
+ * hex-test.c: Check that we can decode single character hex chars.
+
+2005-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getifaddrs.c: Try handle HP/UX 11.nn, its diffrent from Solaris
+ large SIOCGIFCONF.
+
+2005-09-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-common.h: Move rk_UNCONST to roken.h.in since it might use
+ uintptr_t depending on avaibility.
+
+ * roken.h.in: Include <stdint.h> if it exists. If avaiable, use
+ uintptr_t to define rk_UNCONST.
+
+2005-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-common.h: Add rk_dumpdata.
+
+ * dumpdata.c: Add rk_dumpdata() that write a chunk of data into a
+ file for later processing by some other tool (like asn1_print).
+
+2005-09-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strptime.c: cast to unsigned char to make sure its not negative
+ when passing it to is* functions
+
+2005-09-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * socket.c: Add socket_set_ipv6only.
+
+ * roken-common.h: Add socket_set_ipv6only, remove some argument
+ names.
+
+2005-08-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strpool.c (rk_strpoolprintf): remove debug printf, plug memory
+ leak
+
+2005-08-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * setprogname.c (setprogname): const poision
+
+ * print_version.c: Removed, moved to libvers.
+
+2005-08-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c (dns_lookup_int): if we have res_ndestroy, prefeer
+ that before res_nclose
+
+2005-08-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getaddrinfo-test.c: Rename optind to optidx to avoid shadowing.
+
+2005-08-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gai_strerror.c: sprinkel more const
+
+ * gai_strerror.c, roken.h.in: Make return value of gai_strerror
+ const to match SUSv3. Prompted by Stefan Metzmacher change to
+ Samba.
+
+2005-07-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken.h.in: Remove parameter names to avoid shadow warnings.
+
+2005-07-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getifaddrs.c (nl_getlist): poll to get messages from kernel, and
+ retry if the message was lost
+ (free_nlmsglist): free all linked elements, not just the first one
+
+2005-07-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * snprintf-test.c: Check a very simple format string
+
+2005-07-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken.h.in: If we have <strings.h> include it, its needed for
+ strcasecmp() on those platforms that are SUS3/iso c99 strict (like
+ AIX)
+
+ * roken-common.h: remove duplicate ;
+
+2005-07-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-common.h: rk_strpoolprintf first variable identifier is 3
+
+2005-06-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * base64.h: remove variable names
+
+2005-06-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-common.h: fix format attribute
+
+ * Makefile.am (libroken_la_SOURCES): += strpool.c
+
+ * roken-common.h: add strpool, a printf collector to make it
+ eaiser to collect strings into one string
+
+ * strpool.c: add strpool, a printf collector to make it eaiser to
+ collect strings into one string
+
+2005-06-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * base64.c: Add const, from Andrew Abartlet <abartlet at samba.org>
+
+2005-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strpftime-test.c: test for "%Y%m"
+
+ * esetenv.c: unconst
+
+ * strptime.c: Write a new parse_number function that is possible
+ to limit that amount of numbers used, with this strptime can
+ handle strptime("200505", "%Y%m", &tm);
+
+2005-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getaddrinfo.c: avoid shadowing sin
+
+ * resolve-test.c: rename optind to optidx to avoid shadowing
+
+ * strptime.c: UNCONST return value from strptime
+
+ * strftime.c: rk_UNCONST argument mktime
+
+ * getnameinfo.c: avoid shadowing sin
+
+ * socket.c: avoid shadowing sin
+
+ * resolve.c (parse_record): fix casting to avoid losing const
+
+ * roken.awk: since we got no feedback regarding people running
+ heimdal on the crays, remove the quoted # version
+
+ * environment.c: rename index to idx to avoid shadowing
+
+2005-05-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse_reply-test.c: avoid signedness warnings
+
+ * test-mem.c: avoid signedness warnings
+
+2005-05-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hex.c: include "roken.h" to avoid undefined size_t/ssize_t
+
+2005-05-24 Dave Love <fx at gnu.org>
+
+ * Makefile.am (snprintf_test_SOURCES): Add snprintf-test.h.
+
+2005-05-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * environment.c (rk_read_env_file): move assignment to later to
+ make pre c99 compiler happy
+
+2005-05-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strptime.c: use english spelling of March
+
+2005-05-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: only link with dblib if we need it
+
+ * Makefile.am: add test_readenv
+
+ * test-readenv.c: test for read_environment()
+
+ * environment.c: eliminate duplicates
+
+2005-05-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * issuid.c (issuid): change the #ifdef order to avoid unreachable
+ code warning.
+
+2005-05-10 Dave Love <fx at gnu.org>
+
+ * roken.h.in: Get daemon declared on Solaris (it's in unistd.h but
+ masked by a feature test), just to avoid a warning, since it has
+ int args. Include err.h unconditionally, since it's always
+ supplied.
+
+2005-05-04 Dave Love <fx at gnu.org>
+
+ * snprintf-test.c: Include snprintf-test.h earlier.
+
+2005-05-03 Dave Love <fx at gnu.org>
+
+ * snprintf.c: Include snprintf-test.h earlier.
+
+ * test-mem.c: Add member fd to map.
+ (rk_test_mem_alloc, rk_test_mem_free): Use it.
+
+2005-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getifaddrs.c: add break on default: statements, from Douglas
+ E. Engert
+
+ * snprintf.c (vsnprintf): don't write the NUL into the string if
+ the length was 0
+
+ * snprintf-test.c: add check that snprintf doesn't write the NUL
+ into the last byte when its a zero length input string
+
+ * parse_time-test.c: Include <err.h>.
+
+2005-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse_time-test.c: improve testing
+
+ * roken-common.h: add rk_realloc
+
+ * Makefile.am: add realloc
+
+ * realloc.c: add rk_realloc, unbroken version of realloc
+
+2005-04-26 Dave Love <fx at gnu.org>
+
+ * getusershell.c: Include roken.h
+
+2005-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * unvis.c: cast to unsigned char to make sure its not negative
+ when passing it to is* functions
+
+ * strptime.c: cast to unsigned char to make sure its not negative
+ when passing it to to* functions
+
+2005-04-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * simple_exec.c: don't close stderr, close all fd that is num 3
+ and larger
+
+ * simple_exec.c (pipe_execv): use closefrom
+
+ * add closefrom
+
+2005-04-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * add ROKEN_LIB_FUNCTION to all exported functions
+
+2005-04-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve-test.c: print DS
+
+2005-04-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse_time-test.c: remove unused variable
+
+2005-04-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strpftime-test.c: print size_t by casting to unsigned long
+
+ * base64-test.c: print size_t by casting to unsigned long
+
+ * hex-test.c: print size_t by casting to unsigned long
+
+ * resolve-test.c: print size_t by casting to unsigned long
+
+2005-04-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * snprintf-test.c (try): reset va_list argument between reuse,
+ from Peter Kruty <xkruty at fi.muni.cz>
+
+2005-03-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken_gethostby.c (roken_gethostby): s/sin/addr/ to avoid
+ shadowing
+
+ * resolve.c (dns_lookup_int): s/stat/state/ to avoid shadowing
+
+ * parse_units.c: avoid shadowing div
+
+2005-03-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * snprintf.c: use defined(TEST_SNPRINTF) like on all other places
+ in the same file
+
+2005-03-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * hex.c: check for overflows
+
+2005-03-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * vis.c: use RCSID instead of __RCSID
+
+2005-03-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: check_PROGRAMS += hex-test
+
+ * hex-test.c: hex encoding/decoding test
+
+ * hex.c: fix decodeing, it processed to much data and thus
+ returned the wrong length
+
+2005-03-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add hex.[ch]
+
+ * hex.c: add hex encoder/decoder
+
+2005-03-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * daemon.c fnmatch.c fnmatch.hin getcap.c getopt.c getusershell.c
+ glob.c glob.hin iruserok.c unvis.c vis.hin:
+
+ In 1997, the University of California, Berkeley issued a statement
+ retroactively relicensing all code held under their copyright from
+ a 4-clause 'traditional' BSD license to a new 3-clause 'revised'
+ BSD license, which removed the advertising clause.
+
+ From NetBSD, via Joel Baker, and Alistair G. Crooks
+
+ * getaddrinfo-test.c: remove stray ( in output
+
+ * vis.c: Update new revision from NetBSD (copyright update)
+
+2005-02-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: bump version to 17:0:1
+
+2005-01-19 Dave Love <d.love at dl.ac.uk>
+
+ * getusershell.c: Include ctype.h, cast argument to isspace to
+ unsigned char.
+
+2004-10-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * parse_time.3, parse_units.c: Change the behavior of the
+ parse_unit code to return the number of bytes needed to print the
+ whole string (minus the trailing '\0'), just like snprintf. Idea
+ from bugreport from Gabriel Kihlman <gk at stacken.kth.se>.
+
+ * parse_time-test.c Makefile.am test-mem.c test-mem.h: test parse_time
+
+2004-10-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c: put dns_type_to_string and dns_string_to_type in the
+ abi
+
+ * resolve.c: add ds_record
+
+ * resolve.h: add ds_record
+
+2004-10-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ndbm_wrap.c: undefine open so this works on solaris with large
+ file support From netbsd's pkgsrc via Gavan Fantom
+
+2004-09-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve-test.c: add --version/--help
+
+2004-09-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: make resolve-test a noinst program
+
+2004-09-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve-test.c: test program for libroken resolve from resolve.c
+
+ * Makefile.am: add resolve-test
+
+ * resolve.h: add constant for max DNS protocol packet size
+
+ * resolve.c (dns_lookup_int): grow the answer buffer to the size
+ the server send to us if the answer buffer was too small (limited
+ to the dns protocol max packet size)
+
+2004-08-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * err.hin: no need to declare __progname here
+
+ * Makefile.am: always clean generated headers
+
+2004-06-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * rtbl.3: use .In for header, remove trailing space
+
+2004-06-23 Johan Danielsson <joda at pdc.kth.se>
+
+ * rtbl.h: add protos and macros
+
+ * rtbl.c: implement a bunch of stuff:
+ - column separator (instead of global column prefix)
+ - per column suffix
+ - indexing columns by id-number instead of column header
+ - optional header supression (via settable flags)
+ - ability to end a row
+ - don't extend last column to full width
+
+2004-06-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.[ch]: add and use and bind9 version of rr type
+ (rk_ns_t_XXX) instead of the old bind4 version (T_XXX)
+
+2004-05-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c (stot): add AAAA
+
+2004-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * getarg.c (add_string): catch error from realloc
+
+2004-02-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * roken-common.h: add simple_execve_timed
+
+ * roken-common.h: add timed simple_exec
+
+ * simple_exec.c: add timed simple_exec
+
+2004-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gai_strerror.c: correct ifdef for EAI_ADDRFAMILY
+
+2003-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c: parse dns header, add support for SSHFP
+
+ * resolve.h: add cpp rewrite for sshfp_record
+
+ * resolve.h: add SSHFP, clean up the the dns_header
+
+2003-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.h: remove HEADER (only used for crays)
+
+ * resolve.c: number-of fields no longer stored in network order
+
+2003-12-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolve.c: remove depency on c99 types in resolv.h
+
+ * resolve.h: remove depency on c99 types
+
+2003-12-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * resolv.h: add more T_ types and inline the dns headers, all this
+ for bind9 resolvers
+
+2003-12-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gai_strerror.c: EAI_ADDRFAMILY and EAI_NODATA is deprecated
+
+ * roken-common.h: use EAI_NONAME instead of EAI_ADDRFAMILY to
+ check for if we need EAI_ macros
+
+2003-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * strptime.c: let t and n match zero or more whitespaces
+
+2003-08-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ndbm_wrap.c: patch for working with DB4 on heimdal-discuss
+ From: Luke Howard <lukeh at PADL.COM>
+
+2003-08-27 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: don't include discovered files in EXTRA_SOURCES;
+ don't depend on all header files, just the built ones
+
+2003-08-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * emalloc.3: manpage
+
+2003-07-11 Love <lha at stacken.kth.se>
+
+ * resolve.c: AIX have broken res_nsearch() in 5.1 (5.0 also ?) so
+ just don't use res_nsearch on AIX
+
+2003-06-29 Johan Danielsson <joda at pdc.kth.se>
+
+ * snprintf.c: * don't ever print sign for unsigned conversions *
+ don't break when right justifying a number past the end of the
+ buffer * handle zero precision and the value zero more correctly
+
+2003-06-14 Love <lha at stacken.kth.se>
+
+ * glob.hin: prefix glob symbols with rk_
+
+2003-04-22 Love <lha at stacken.kth.se>
+
+ * resolve.c: copy NUL too, from janj at wenf.org via openbsd
+
+2003-04-16 Love <lha at stacken.kth.se>
+
+ * parse_units.h: remove typedef for units to avoid problems with
+ shadowing
+
+ * resolve.c: use strlcpy, from openbsd
+
+ * getcap.c: use strlcpy, from openbsd
+
+ * getarg.3: Change .Fd #include <header.h> to .In header.h
+ from Thomas Klausner <wiz at netbsd.org>
+
+2003-04-15 Love <lha at stacken.kth.se>
+
+ * socket.c (socket_set_tos): if setsockopt failed with EINVAL
+ failed, just ignore it, sock was probably a just a non AF_INET
+ socket
+
+2003-04-14 Love <lha at stacken.kth.se>
+
+ * strncasecmp.c: cast argument to toupper to unsigned char, from
+ Christian Biere <christianbiere at gmx.de> via NetBSD
+
+ * strlwr.c: cast argument to tolower to unsigned char, from
+ Christian Biere <christianbiere at gmx.de> via NetBSD
+
+ * strcasecmp.c: cast argument to toupper to unsigned char, from
+ Christian Biere <christianbiere at gmx.de> via NetBSD
+
+2003-03-19 Love <lha at stacken.kth.se>
+
+ * getarg.3: spelling, from <jmc at prioris.mini.pw.edu.pl>
+
+2003-03-07 Love <lha at stacken.kth.se>
+
+ * parse_bytes.c: use struct units instead of units
+
+ * parse_time.c: use struct units instead of units
+
+2003-03-04 Love <lha at stacken.kth.se>
+
+ * roken.awk: use full prototype for main
+
+2002-10-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * resolve.c: check length of txt records
+
+2002-09-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.awk: include config.h before stdio.h (breaks with
+ _FILE_OFFSET_BITS on solaris otherwise)
+
+2002-09-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * resolve.c: fix res_nsearch call, but don't use it for now, AIX5
+ has a broken version that trashes memory
+
+ * roken-common.h: fix typo in previous
+
+ * roken-common.h: change IRIX == 4 to IRIX4
+
+2002-09-04 Assar Westerlund <assar at kth.se>
+
+ * getifaddrs.c: remove some warnings from the linux-portion
+
+ * getnameinfo_verified.c (getnameinfo_verified): handle the case
+ of forward but no backward DNS information, and also describe the
+ desired behaviour. from Love <lha at stacken.kth.se>
+
+2002-09-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * rtbl.c (rtbl_destroy): free whole table
+
+ * resolve.c: use res_nsearch if we have it (from Larry Greenfield)
+
+2002-09-03 Assar Westerlund <assar at kth.se>
+
+ * getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
+ YOSHIFUJI of the Usagi project
+
+ * parse_reply-test.c: make this build and return 77 if there is no
+ mmap
+
+ * Makefile.am (parse_reply-test): add
+ * parse_reply-test.c: add a test case for parse_reply reading past
+ the given buffer
+ * resolve.c (parse_reply): update the arguments to more reasonable
+ types. allow parse_reply-test to call it
+
+2002-08-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * resolve.c (dns_srv_order): do alignment tricks with the random()
+ state (from NetBSD)
+
+2002-08-27 Assar Westerlund <assar at kth.se>
+
+ * resolve.c (parse_reply): verify the lengths (both external and
+ internal) are consistent and not too long
+ (dns_lookup_int): be conservative in the length sent in to to
+ parse_reply
+
+2002-08-26 Assar Westerlund <assar at kth.se>
+
+ * roken.h.in: add prototypes for str, unvis functions
+ * resolve.h: add fallback definition for T_AAAA
+
+2002-08-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.h.in: we may need a prototype for strndup
+
+2002-08-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.h.in: typedef ssize_t here
+
+ * getarg.c: don't put Ns before comma
+
+ * resolve.c: _res might not be available
+
+ * localtime_r.c: include stdio.h and roken.h
+
+ * strftime.c: only use altzone if we have it
+
+ * roken-common.h: AI_NUMERICHOST needs special handling
+
+ * strlcat.c: add some consistency checks
+
+ * strlcpy.c: make the logic simpler, and handle dst_sz == 0
+
+2002-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * resolve.h: prefix these functions to avoid conflicts with other
+ packages
+
+2002-08-14 Johan Danielsson <joda at pdc.kth.se>
+
+ * strsep_copy.c: don't write to buf if len == 0
+
+2002-05-31 Assar Westerlund <assar at pdc.kth.se>
+
+ * Makefile.am: *_LDADD: add LDADD, so that libroken is used
+
+2002-05-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * xdbm.h: remove old dbm part
+
+2002-04-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * ndbm_wrap.{c,h}: ndbm wrapper for newer db libraries
+
+2002-04-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.h.in: move mini_inetd protos to after addrinfo definition
+
+ * snprintf.c (append_number): make rep const
+
+ * getarg.h: rename optind and optarg to avoid some gcc warnings
+
+ * getarg.c: rename optind and optarg to avoid some gcc warnings
+
+2002-02-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * mini_inetd.c: mini_inetd_addrinfo that takes an addrinfo instead
+ of a port number
+
+2001-11-30 Assar Westerlund <assar at sics.se>
+
+ * getifaddrs.c: support SIOCGLIFCONF and SIOCGLIFFLAGS which are
+ used on Solaris 8 to retrieve addresses larger than `struct
+ sockaddr'. From Magnus Ahltorp <ahltorp at nada.kth.se> (with some
+ modifications by me)
+
+2001-10-27 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): set version to 15:0:6
+
+2001-10-22 Assar Westerlund <assar at sics.se>
+
+ * localtime_r.c: add
+
+2001-10-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * resolve.c (dns_srv_order): don't try to return a value
+
+2001-09-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * snprintf.c: va_{start,end} fixes; from Thomas Klausner
+
+2001-09-20 Assar Westerlund <assar at sics.se>
+
+ * resolve.c (dns_srv_order): make sure of not reading after the
+ array
+
+2001-09-17 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): bump to 14:4:5
+ * snprintf.c: rename 'struct state' -> 'struct snprintf_test' to
+ avoid collision with resolv.h on aix
+
+2001-09-04 Assar Westerlund <assar at sics.se>
+
+ * parse_bytes-test.c, parse_bytes.c, parse_bytes.h, parse_units.c,
+ parse_units.h: use int instead of size_t as return values to be
+ compatible with snprintf
+
+ * strftime.c (strftime): check for return values from snprintf() <
+ 0
+
+2001-09-03 Johan Danielsson <joda at pdc.kth.se>
+
+ * socket.c: restrict is a keyword
+
+2001-09-03 Assar Westerlund <assar at sics.se>
+
+ * write_pid.c: handle atexit or on_exit
+
+ * Makefile.am (EXTRA_libroken_la_SOURCES): add vis.hin to help
+ solaris make
+
+2001-08-30 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: use LDADD directly
+
+2001-08-28 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): set to 14:3:5
+
+ * issuid.c (issuid): call issetugid if it exists
+
+2001-08-24 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: make it play better with recent automake
+
+2001-08-21 Assar Westerlund <assar at sics.se>
+
+ * glob.c: provide a fallback for ARG_MAX. from <tol at stacken.kth.se>
+
+ * roken.h.in: remove all winsock.h
+ for now, it does more harm than good under cygwin and if it should be
+ used, the correct conditional needs to be found
+ from <tol at stacken.kth.se>
+
+2001-08-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * getaddrinfo.c: include a definition of in6addr_loopback if it
+ doesn't exist
+
+2001-08-10 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): update to 14:2:5
+
+2001-08-08 Assar Westerlund <assar at sics.se>
+
+ * hstrerror.c: move h_errno to its own file (h_errno.c)
+
+2001-08-04 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add getarg.3
+
+2001-08-01 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (mini_inetd): explicitly use PF_UNSPEC. be more
+ resilient to bind/listen failing.
+
+2001-07-31 Assar Westerlund <assar at sics.se>
+
+ * getifaddrs.c (getifaddrs2): remove unused variables
+
+2001-07-31 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): update version to 14:1:5
+
+2001-07-23 Assar Westerlund <assar at sics.se>
+
+ * getarg.c (arg_match_long): fix parsing of arg_counter optional
+ argument
+
+2001-07-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): bump version to 14:0:5
+
+2001-07-17 Assar Westerlund <assar at sics.se>
+
+ * snprintf-test.h: add a file with renaming of the snprintf
+ functions, to be used for running the tests
+
+2001-07-11 Assar Westerlund <assar at sics.se>
+
+ * snprintf-test.c: add more %X tests, and long and conditional
+ long long tests
+ * snprintf.c: add support for printing long long (if available)
+
+2001-07-10 Assar Westerlund <assar at sics.se>
+
+ * getaddrinfo.c (add_hostent): adapt to const hostent_find_fqdn
+ * hostent_find_fqdn.c (hostent_find_fqdn): const-ize
+
+2001-07-09 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h (hostent_find_fqdn): add
+ * hostent_find_fqdn.c: separate out hostent_find_fqdn
+
+ * warnerr.c: move out getprogname, setprogname
+
+2001-07-03 Assar Westerlund <assar at sics.se>
+
+ * warnerr.c (setprogname): add const cast
+ * vis.c (SVIS): add some (unsigned char) before calling isfoo*
+ * Makefile.am (libroken_la_LDFLAGS:) set version to 13:0:4
+
+ * Makefile.am: add snprintf_test
+ * snprintf.c: rewrite so that it does not stop as soon as there
+ are no more characters to print, we need to figure out how long
+ the string would have to be. this also fixes snprintf(NULL, 0
+
+2001-06-21 Assar Westerlund <assar at sics.se>
+
+ * simple_exec.c (pipe_execv): remove unused variable
+
+2001-06-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * getdtablesize.c: fix typo in obviously never used sysctl case
+
+ * simple_exec.c: rename check_status to wait_for_process, and
+ export it; function pipe_execv similar to popen, but with more
+ control over input and output
+
+ * roken-common.h: prototypes for wait_for_process and pipe_execv
+
+2001-06-17 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h: move emalloc et al to roken.h.in
+ * Makefile.am: make emalloc,ecalloc,erealloc,estrdup conditional
+ * emalloc.c, erealloc.c, estrup.c: use errx, since errno might not
+ be set reliably
+ * ecalloc.c: add for symmetry
+
+2001-06-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * resolve.c: dns_srv_order to order srv records
+
+2001-06-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * getarg.c: Grog tries to figure out if to use mdoc.old instead of
+ mdoc by looking at some macros that were only present in the old
+ version, and by looking at the number of .Oo's present. In
+ mdoc.old .Oo was a toggle, but in mdoc it's closed by .Oc, so if
+ the number of .Oo's is bigger than the number of .Oc's, it figures
+ it must be mdoc.old. This doesn't however account for called Oc's,
+ and thus grog thinks that valid pages are mdoc.old when they
+ infact are mdoc. So let's make sure that Oc's are not called by
+ other macros.
+
+2001-05-29 Assar Westerlund <assar at sics.se>
+
+ * base64-test.c (main): initialize numerr
+
+2001-05-28 Johan Danielsson <joda at pdc.kth.se>
+
+ * base64.c: clean up the decode mess somewhat
+
+ * base64-test.c: base64 tests
+
+2001-05-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.h.in: just use standard C types with bswap*
+
+ * bswap.c: just use standard C types
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in: include all the headers that AC_GROK_TYPES tries for
+ finding u_int17_t et al
+
+ * Makefile.am: bump version to 12:0:3
+ * roken.h.in: re-add set_progname and get_progname for backwards
+ compatability
+ * warnerr.c: re-add set_progname and get_progname for backwards
+ compatability
+
+2001-05-12 Assar Westerlund <assar at sics.se>
+
+ * glob.c: add limits.h, from <shadow at dementia.org>
+
+2001-05-11 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: bswap.c
+
+ * bswap.c: bswap{16,32}
+
+2001-05-08 Assar Westerlund <assar at sics.se>
+
+ * freeaddrinfo.c (freeaddrinfo): also free every `struct
+ addrinfo'. from <tmartin at mirapoint.com>
+
+2001-04-25 Assar Westerlund <assar at sics.se>
+
+ * getarg.h (free_getarg_strings): add prototype
+ * getarg.c (free_getarg_strings): add function
+
+2001-04-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * getarg.c: pack short flag options togther, to shorten the usage
+ string
+
+2001-04-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * getifaddrs.c (getifaddrs2): close socket when done
+
+2001-03-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.awk: END has to be last with Sun's awk
+
+2001-03-26 Assar Westerlund <assar at sics.se>
+
+ * parse_units.c (parse_something): do not check the return value
+ from strtod, it might return != 0.0 when the string has no digits.
+ just testing if it consumed any characters is enough and more
+ resilient
+ * glob.c: add GLOB_LIMIT (from NetBSD)
+
+2001-02-20 Assar Westerlund <assar at sics.se>
+
+ * warnerr.c (warnerr): do not use __progname
+ * roken.h.in (setprogname, getprogname): add prototypes
+ * warnerr.c (setprogname, getprogname): rename to. change all
+ callers
+
+2001-02-12 Assar Westerlund <assar at sics.se>
+
+ * getnameinfo_verified.c (getnameinfo_verified): do the first
+ getnameinfo with NI_NUMERICSERV to avoid the error that bind 8.2.3
+ reports on not finding the service
+ (ENI_NOSERVNAME). reported by Ake Sandgren <ake at cs.umu.se>
+
+2001-02-09 Assar Westerlund <assar at sics.se>
+
+ * getnameinfo.c (doit): call inet_ntop with correct af, noted by
+ Ake Sandgren <ake at cs.umu.se>
+
+2001-02-08 Assar Westerlund <assar at sics.se>
+
+ * getnameinfo_verified.c (getnameinfo_verified): always capture
+ the service from getnameinfo so it can be sent back to getaddrinfo
+ and set socktype to avoid getaddrinfo not returning any addresses
+
+2001-01-30 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): bump version to 11:1:2
+ * print_version.c (print_version): add 2001
+
+2001-01-29 Assar Westerlund <assar at sics.se>
+
+ * getifaddrs.c (getifaddrs2): copy the entire sockaddr
+
+ * roken-common.h (_PATH_BSHELL): add
+
+2001-01-27 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in: move __attribute__ to roken-common.h
+
+ * esetenv.c (esetenv): cast to handle a setenv that takes a `char
+ * which is the case on Unicos
+
+2000-12-29 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (EXTRA_libroken_la_SOURCES): ifaddrs.h ->
+ ifaddrs.hin
+
+2000-12-25 Assar Westerlund <assar at sics.se>
+
+ * getarg.c (print_arg): add a case for arg_strings
+
+2000-12-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * snprintf.c (append_string): handle NULL strings by printing
+ `(null)'
+
+2000-12-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken-common.h: add c++ externs
+
+ * roken.h.in: fix last commit differently
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * err.hin (warnerr): remove, it's not part of the err.h interface
+ * roken-common.h (warnerr): moved here from err.hin
+ * Makefile.am (libroken_la_LDFLAGS): set version to 11:0:2
+ * vis.c: s/u_int32_t/unsigned/ for systems that do not define
+ u_int32_t
+
+2000-12-10 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: rename some headers to avoid conflict with possible
+ system headers
+
+2000-12-06 Johan Danielsson <joda at pdc.kth.se>
+
+ * vis.c: make sure _DIAGASSERT is defined
+
+ * unvis.c: make sure _DIAGASSERT is defined
+
+ * Makefile.am: unvis.c, and vis.h
+
+ * vis.h: vis.h from NetBSD
+
+ * unvis.c: unvis from NetBSD
+
+ * roken.h.in: cleanup previous
+
+ * roken-common.h: make `extern "C"' into a macro, this make emacs
+ much happier
+
+ * vis.c: strvis implementation from NetBSD
+
+ * roken.h.in: add prototypes for strvis*
+
+2000-12-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * ifaddrs.h: fix freeifaddrs prototype, and add ifa_broadaddr
+ macro
+
+ * getifaddrs.c: free some memory
+
+2000-12-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * ifaddrs.h: getifaddrs implementation using SIOCGIFCONFIG etc
+
+ * getifaddrs.c: getifaddrs implementation using SIOCGIFCONFIG etc
+
+2000-10-08 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (mini_inetd): check that fds are not too large to
+ select on
+
+2000-09-24 Assar Westerlund <assar at sics.se>
+
+ * esetenv.c: new file/function
+
+2000-08-16 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 10:0:1
+
+2000-08-10 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (accept_it): type-correctness on parameters to
+ accept
+
+2000-08-07 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.h.in: add proto compat for getsockname
+
+2000-08-04 Johan Danielsson <joda at pdc.kth.se>
+
+ * write_pid.c: conditionalise pidfile
+
+ * write_pid.c: add pidfile function
+
+2000-07-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: bump version to 9:0:0
+
+ * warnerr.c: add get_progname
+
+2000-07-24 Assar Westerlund <assar at sics.se>
+
+ * getaddrinfo.c (add_hostent): if there's no fqdn in `he' try
+ reverse resolving to see if there's a fuller name there. don't
+ use just-freed memory
+
+2000-07-22 Assar Westerlund <assar at sics.se>
+
+ * xdbm.h: do not define ndbm functions in terms of dbm functions
+ if we're using db
+
+2000-07-20 Assar Westerlund <assar at sics.se>
+
+ * rtbl.c (rtbl_format): avoid printing an empty row at the end
+
+2000-07-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: make this compatible with `make dist'
+
+ * Makefile.am: revert version number for now
+
+2000-07-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * configure.in: AM_PROG_LIBTOOL -> AC_PROG_LIBTOOL
+
+2000-07-17 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: set ACLOCAL_AMFLAGS
+
+2000-07-15 Johan Danielsson <joda at pdc.kth.se>
+
+ * getaddrinfo_hostspec.c: add new function that takes socktype
+ hint as parameter
+
+2000-07-09 Assar Westerlund <assar at sics.se>
+
+ * rtbl.c (rtbl_add_column): initialize `col' completely
+
+ * configure.in: bring headers and functions more in-line with
+ what's actually being used
+
+2000-07-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.h.in: declare ether_addr and sockaddr_dl for AIX
+
+ * rtbl.{c,h}: simple table functions
+
+2000-07-08 Assar Westerlund <assar at sics.se>
+
+ * configure.in (AM_INIT_AUTOMAKE): bump version to 10
+ * configure.in (AC_BROKEN): add strsep_copy
+ * Makefile.am (ACLOCAL): fetch files from cf
+
+2000-07-01 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h (pid_file_*): fix protos
+
+2000-06-28 Assar Westerlund <assar at sics.se>
+
+ * getnameinfo_verified.c (getnameinfo_verified): free memory
+ returned from getaddrinfo
+
+2000-06-27 Assar Westerlund <assar at sics.se>
+
+ * resolve.c: export string_to_type and type_to_string
+ * resolve.c: add key,sig,cert update test-program
+ * resolve.h: add key,sig,cert
+
+2000-06-21 Assar Westerlund <assar at sics.se>
+
+ * resolve.h: add T_SIG, T_KEY
+ * resolve.c: add SIG and KEY
+ * Makefile.am (libroken_la_SOURCES): add environment.c and
+ write_pid.c
+
+ * write_pid.c: new file for writing a pid file.
+
+ * environment.c: new file with functionality for reading
+ /etc/environment. From Ake Sandgren <ake at cs.umu.se>
+
+2000-06-12 Johan Danielsson <joda at pdc.kth.se>
+
+ * strsep_copy.c: strsep, but with const stringp so returns string
+ in separate buffer
+
+2000-05-23 Assar Westerlund <assar at sics.se>
+
+ * vsyslog.c (vsyslog): calculate length of new format string
+ correctly
+
+2000-05-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * getusershell.c: implment the AIX version use
+ /etc/security/login.cfg
+
+2000-05-21 Assar Westerlund <assar at sics.se>
+
+ * vsyslog.c (vsyslog): actually handle `%m'
+
+2000-05-15 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): set version to 8:1:3
+
+ * roken-common.h: moved __attribute__ to roken.h.in
+
+2000-04-14 Assar Westerlund <assar at sics.se>
+
+ * getaddrinfo_hostspec.c (roken_getaddrinfo_hostspec): copy the
+ correct length from `hostspec'. based on a patch from Love
+ <lha at s3.kth.se>
+
+2000-04-09 Assar Westerlund <assar at sics.se>
+
+ * xdbm.h: only include one of db.h and the dbm-series
+
+2000-04-05 Assar Westerlund <assar at sics.se>
+
+ * resolve.c (_resolve_debug): explicitly set to zero. this moves
+ the variable from bss to data and the dynamic linker on MacOS
+ X/Darwin seems unhappy with stuff in the bss segment.
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 8:0:3
+
+2000-03-11 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (_SS_PAD1SIZE): try to write an inpenetrable
+ expression that also works on Crays
+
+2000-03-09 Assar Westerlund <assar at sics.se>
+
+ * getarg.c (arg_match_short): backup optind when there's a missing
+ argument so that the error can point at the flag and not the
+ non-existant argument
+
+2000-03-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (SOURCES): add timeval.c
+ * Makefile.am (libroken_la_SOURCES): add timeval.c
+ * timeval.c: new file
+
+2000-02-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 7:1:2
+
+2000-02-16 Assar Westerlund <assar at sics.se>
+
+ * snprintf.c (PARSE_INT_FORMAT): note that shorts are actually
+ transmitted as ints
+ (according to the integer protomotion rules) in variable arguments
+ lists. Therefore, we should not call va_arg with short but rather
+ with int. See <http://www.debian.org/Bugs/db/57/57919.html> for
+ original bug report
+
+2000-02-13 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 7:0:2
+
+ * getarg.c (mandoc_template): also fix no- prefix in .Sh OPTIONS
+ * getarg.c (mandoc_template): better man-stuff for negative
+ options
+
+2000-02-07 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 6:0:1
+
+2000-02-06 Assar Westerlund <assar at sics.se>
+
+ * xdbm.h: hopefully catch a few more declarations by including
+ <ndbm.h> even if <db.h> was found
+
+2000-01-26 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (mini_inetd): separate number of allocated sockets
+ and number of actual ones
+ * mini_inetd.c (mini_inetd): count sockets properly. and fail if
+ we cannot bind any
+ * mini_inetd.c (mini_inetd): make failing to create a socket
+ non-fatal
+
+2000-01-09 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am(libroken_la_SOURCES): add strcollect.c
+ * Makefile.in: add strcollect.[co]
+ * simple_exec.c: use vstrcollect
+ * roken-common.h (_PATH_DEV): add
+ (strcollect, vstrcollect): add prototypes
+ * strcollect.c: new file. functions for collapsing an `va_list'
+ into an `char **'
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 5:0:0
+
+1999-12-30 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (strpftime_test_SOURCES): correct source file name
+
+ * roken.h.in (sockaddr_storage): change padding so that we have
+ one char[] of pad and then an unsigned long[] (for alignment and
+ padding). this works much better in practice.
+
+1999-12-22 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (sockaddr_storage): drop leading underscore on
+ `public' fields. this was the consensus on the ipng mailing list
+
+1999-12-21 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (strpftime-test): define sources to avoid having
+ '.o'
+ * Makefile.am (print_version.h): use $(EXEEXT)
+ * Makefile.am (roken.h): add $(EXEEXT) to make this work on cygwin
+ et al
+
+1999-12-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): bump version to 4:3:0
+
+ * getaddrinfo.c (get_nodes): use getipnodebyname instead of
+ gethostbyname(2)
+
+1999-12-16 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_LDFLAGS): bump version to 4:2:0
+
+ * roken.h.in (struct sockaddr_storage): redefine with the example
+ code from rfc2553
+
+ * getaddrinfo.c (get_null): set loopback with correct endianess
+ for v4. dunno about v6.
+
+1999-12-13 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in: add prototypes for str[pf]time
+
+ * signal.c: macosx = rhapsody ~= nextstep also can't handle
+ various definitions of the same symbol.
+
+1999-12-12 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 4:1:0
+
+1999-12-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 4:0:0
+
+1999-12-05 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: replace inaddr2str with getnameinfo_verified
+
+ * roken-common.h (INADDR_LOOPBACK): add fallback definition
+
+ * roken-common.h: move getnameinfo_verified to roken.h.in
+ * roken.h.in (inaddr2str): remove
+ * Makefile.am (libroken_la_SOURCES); removed inaddr2str
+ * roken-common.h (getnameinfo_verified): add prototype
+ * getnameinfo_verified.c: new file
+
+1999-12-04 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h: add constants for getaddrinfo, getnameinfo
+ * roken.h.in (socklen_t): make independent of sockaddr_storage
+ (AI_*, NI_*, EAI_*): move to roken-common.h
+
+1999-12-03 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (mini_inted): rewrite to use `getaddrinfo'
+ * getaddrinfo.c (const_v*): no sizeof(sizeof())
+ * getaddrinfo.c (add_hostent): search for the canonical name among
+ all aliases
+ (getaddrinfo): handle AI_NUMERICHOST correctly
+ * Makefile.am (EXTRA_libroken_la_SOURCES): add freeaddinfo,
+ getaddrinfo, getnameinfo, gai_strerror
+ (getaddrinfo_test): add
+ * Makefile.in (SOURCES): add freeaddinfo, getaddrinfo,
+ getnameinfo, gai_strerror
+ (getaddrinfo_test): add
+ * roken.h.in: arpa/inet.h: include
+ (socklen_t): add
+ (struct addrinfo): add
+ (EAI_*): add
+ (NI_*): add
+ (AI_*): add
+ (getaddrinfo, getnameinfo, freeaddrinfo, gai_strerror): add
+ * getnameinfo.c: new file
+ * getaddrinfo-test.c: new file
+ * gai_strerror.c: new file
+ * getaddrinfo.c: new file
+ * freeaddrinfo.c: new file
+
+1999-11-25 Assar Westerlund <assar at sics.se>
+
+ * getopt.c (getopt): return -1 instead of EOF. From
+ <art at stacken.kth.se>
+
+1999-11-13 Assar Westerlund <assar at sics.se>
+
+ * strftime.c (strftime): handle `%z' and `%Z' in a tm_gmtoff-less
+ world
+
+ * getcap.c: make sure to use db only if we have both the library
+ and the header file
+
+1999-11-12 Assar Westerlund <assar at sics.se>
+
+ * getarg.h: add arg_counter
+ * getarg.c: add a new type of argument: `arg_counter' re-organize
+ the code somewhat
+
+ * Makefile.am: add strptime and strpftime-test
+
+ * snprintf.c (xyzprintf): try to do the right thing with an % at
+ the end of the format string
+
+ * strptime.c (strptime): implement '%U', '%V', '%W'
+ * strftime.c (strftime): implement '%U', '%V', '%W', '%z'
+
+ * strftime.c (strftime): correct %E and %O handling. do something
+ reasonable with "...%"
+
+ * strftime.c: replace the BSD implementation by one of our own
+ coding
+
+ * strptime.c : new file
+ * strpftime-test.c: new file
+
+1999-11-07 Assar Westerlund <assar at sics.se>
+
+ * parse_bytes-test.c: new file
+
+ * Makefile.am: add parse_bytes-test
+
+ * parse_units.c (parse_something): try to handle the case of no
+ value specified a little bit better
+
+1999-11-04 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 3:2:0
+
+1999-10-30 Assar Westerlund <assar at sics.se>
+
+ * snprintf.c (PARSE_INT_FORMAT): add redundant casts to work
+ around a gcc-bug that manifests itself on Linux-PPC. From Tom
+ Rini <trini at kernel.crashing.org>
+
+1999-10-28 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump version to 3:1:0
+
+ * roken.h.in: use `unsigned char' instead of `u_int8_t' to avoid
+ having to have that definition. this is the easy way out instead
+ of getting the definition here where it's needed. flame me.
+
+Fri Oct 22 15:39:31 1999 Bjoern Groenvall <bg at sics.se>
+
+ * k_getpwuid.c (k_getpwuid): getspuid() does not exist (even
+ though it should), use getspnam().
+
+1999-10-20 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 3:0:0
+
+1999-10-18 Johan Danielsson <joda at pdc.kth.se>
+
+ * getarg.3: document arg_collect
+
+ * getarg.c: change the way arg_collect works; it's still quite
+ horrible though
+
+ * getarg.h: change type of the collect function
+
+1999-10-17 Assar Westerlund <assar at sics.se>
+
+ * xdbm.h: undo last commit
+
+ * xdbm.h: reorder db includes
+
+1999-10-10 Assar Westerlund <assar at sics.se>
+
+ * socket.c: const-ize and comment
+
+ * net_write.c: const-ize
+
+ * base64.c: const-ize
+
+1999-10-06 Assar Westerlund <assar at sics.se>
+
+ * getarg.c (getarg): also set optind when returning error
+
+1999-09-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add parse_bytes.[ch]
+
+1999-09-24 Johan Danielsson <joda at pdc.kth.se>
+
+ * getarg.3: getarg manpage
+
+ * getarg.{c,h}: add a callback type to do more complicated processing
+
+ * getarg.{c,h}: add floating point support
+
+1999-09-16 Assar Westerlund <assar at sics.se>
+
+ * strlcat.c (strlcat): call strlcpy
+
+ * strlcpy.c: update name and prototype
+
+ * strlcat.c: update name and prototype
+
+ * roken.h.in: rename strc{py,at}_truncate to strlc{py,at}
+
+ * Makefile.am: rename strc{py,at}_truncate -> strlc{py,at}
+
+ * Makefile.in: rename strc{py,at}_truncate -> strlc{py,at}
+
+ * strcpy_truncate.c (strcpy_truncate): change return value to be
+ the length of `src'
+
+1999-08-16 Assar Westerlund <assar at sics.se>
+
+ * getcap.c: try to make this work on systems with DB
+
+1999-08-16 Johan Danielsson <joda at pdc.kth.se>
+
+ * getcap.c: protect from db-less systems
+
+1999-08-09 Johan Danielsson <joda at pdc.kth.se>
+
+ * simple_exec.c: add simple_exec{ve,le}
+
+ * getcap.c: getcap from NetBSD
+
+1999-08-06 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (sockaddr_storage): cater for those that have
+ v6-support also
+
+1999-08-05 Assar Westerlund <assar at sics.se>
+
+ * inet_ntop.c (inet_ntop_v4): remember to call ntohl
+
+1999-08-04 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h: add shutdown constants
+
+ * mini_inetd.c (listen_v4, listen_v6): handle the case of the
+ protocol not being supported
+
+1999-08-01 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (socket_set_reuseaddr): remove duplicate
+
+1999-07-29 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c (mini_inetd): fix my stupid bugs
+
+1999-07-28 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h: add socket* functions
+
+ * Makefile.am (libroken_la_SOURCES): add socket.c
+
+ * socket.c: new file, originally from appl/ftp/common
+
+ * Makefile.am: set version to 2:0:2
+
+ * roken.h.in (inet_pton): add prototype
+
+ * Makefile.am (EXTRA_libroken_la_SOURCES): add inet_pton
+
+ * inet_pton.c: new file
+
+ * getipnodebyname.c (getipnodebyname): try gethostbyname2 if we
+ have it
+
+1999-07-27 Assar Westerlund <assar at sics.se>
+
+ * mini_inetd.c: support IPv6
+
+1999-07-26 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 1:0:1
+
+ * roken.h.in (inet_ntop): add prototype
+
+ * roken-common.h: (INET{,6}_ADDRSTRLEN): add
+
+ * inet_ntop.c: new file
+
+ * Makefile.am (EXTRA_libroken_la_SOURCES): add inet_ntop.c
+
+ * Makefile.am: move some files from libroken_la_SOURCES to
+ EXTRA_libroken_la_SOURCES
+
+ * snprintf.c: some signed vs unsigned casts
+
+1999-07-24 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (struct sockaddr_storage): define it needed
+
+1999-07-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libroken_la_SOURCES): add copyhostent.c,
+ freehostent.c, getipnodebyname.c, getipnodebyaddr.c
+
+ * roken.h.in: <netdb.h>: include
+ (copyhostent, freehostent, getipnodebyname, getipnodebyaddr): add
+ prototypes
+
+ * roken-common.h: new constants for getipnodeby*
+
+ * Makefile.in (SOURCES): add freehostent, copyhostent,
+ getipnodebyname, getipnodebyaddr
+
+ * freehostent.c: new file
+
+ * copyhostent.c: new file
+
+ * getipnodebyaddr.c: new file
+
+ * getipnodebyname.c: new file
+
+1999-07-13 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (k_getpwnam): update prototype
+
+ * k_getpwnam.c (k_getpwnam): const-ize
+
+ * get_default_username.c (get_default_username): a better way of
+ guessing when the user has su:ed
+
+1999-07-08 Johan Danielsson <joda at pdc.kth.se>
+
+ * roken.awk: use puts, as suggested by Jeffrey Hutzelman
+ <jhutz+ at cmu.edu>
+
+1999-07-06 Assar Westerlund <assar at sics.se>
+
+ * readv.c (readv): typo
+
+1999-07-03 Assar Westerlund <assar at sics.se>
+
+ * writev.c (writev): error check malloc properly
+
+ * sendmsg.c (sendmsg): error check malloc properly
+
+ * resolve.c (parse_reply): error check malloc properly
+
+ * recvmsg.c (recvmsg): error check malloc properly
+
+ * readv.c (readv): error check malloc properly
+
+1999-06-23 Assar Westerlund <assar at sics.se>
+
+ * parse_units.c (acc_units): move the special case of 0 -> 1 to
+ parse_something to avoid having it happen at the end of the string
+
+1999-06-15 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add get_default_username
+
+ * get_default_username.c: new file
+
+ * roken.h.in (get_default_username): add prototype
+
+ * Makefile.am: add get_default_username
+
+1999-05-08 Assar Westerlund <assar at sics.se>
+
+ * xdbm.h: also try <db.h> with DB_DBM_HSEARCH == 1
+
+ * strnlen.c (strnlen): update prototype
+
+ * Makefile.am: strndup.c: add
+
+ * Makefile.in: strndup.c: add
+
+ * roken.h.in (strndup): add
+ (strnlen): update prototype
+
+ * strndup.c: new file
+
+Fri Apr 16 17:59:30 1999 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in: include strsep prototype if needed
+
+Thu Apr 15 14:04:03 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: make make-print-version.o depend on version.h
+
+Wed Apr 7 14:11:00 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: make it compile w/o krb4
+
+Sat Mar 27 17:33:03 1999 Johan Danielsson <joda at blubb.pdc.kth.se>
+
+ * snprintf.c (vasnprintf): correct check if realloc returns NULL
+
+Sat Mar 27 12:37:55 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: link print_version with -ldes to avoid unresolved
+ references if -lkrb is shared
+
+Sat Mar 20 03:42:30 1999 Assar Westerlund <assar at sics.se>
+
+ * roken-common.h (eread, ewrite): add
+
+ * simple_exec.c: add <roken.h>
+
+Fri Mar 19 21:29:58 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add eread, ewrite
+
+ * eread.c, ewrite.c: new files
+
+ * Makefile.am (libroken_la_SOURCES): add eread and ewrite
+
+Fri Mar 19 14:52:57 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: add version-info
+
+Thu Mar 18 12:53:32 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: remove include_dir hack
+
+ * Makefile.am: parse_units.h
+
+ * Makefile.am: include Makefile.am.common
+
+Sat Mar 13 23:31:35 1999 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (SOURCES): add glob.c
+
+Thu Mar 11 15:02:21 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * iruserok.c: move innetgr() to separate file
+
+ * innetgr.c: move innetgr() to separate file
+
+ * hstrerror.c (hstrerror): add const to return type
+
+ * erealloc.c: fix types in format string
+
+ * emalloc.c: fix types in format string
+
+Wed Mar 10 16:36:55 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * resolve.c: ugly fix for crays
+
+Mon Mar 8 11:52:20 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * roken.h.in: protos for {un,}setenv
+
+1999-02-16 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (SOURCES): add fnmatch
+
+ * roken-common.h (abs): add
+
+Sat Feb 13 17:12:53 1999 Assar Westerlund <assar at sics.se>
+
+ * emalloc.c, erealloc.c, estrup.c: new files
+
+ * roken.h.in (mkstemp, gethostname): also includes prototypes if
+ they are needed.
+
+1998-12-23 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in: mkstemp: add prototype
+
+1998-12-20 Assar Westerlund <assar at sics.se>
+
+ * snprintf.c, iruserok.c, parse-units.c: unsigned char-correctness
+
+ * roken.h.in (inet_aton): also chedk NEED_INET_ATON_PROTO
+
+ * roken-common.h: __attribute__: check for autoconf'd
+ HAVE___ATTRIBUTE__ instead of GNUC
+
+Sun Dec 6 19:53:21 1998 Assar Westerlund <assar at sics.se>
+
+ * parse_units.c (parse_something): func is called with val == 0 if
+ no unit was given
+ (acc_flags, acc_units): update to new standard
+
+Fri Nov 27 03:09:42 1998 Assar Westerlund <assar at sics.se>
+
+ * resolve.c (stot): constify
+ (type_to_string): always declare
+ (dns_lookup_int): correct debug output
+
+Thu Nov 26 23:43:55 1998 Assar Westerlund <assar at sics.se>
+
+ * resolve.c (dns_lookup_int): send rr_class to res_search
+
+Thu Nov 26 17:09:47 1998 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * resolve.c: some cleanup
+
+ * resolve.h: add T_NAPTR
+
+Sun Nov 22 10:23:07 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (WFLAGS): set
+
+ * k_getpwnam.c (k_getpwnam): check for `struct spwd'
+
+ * k_getpwuid.c (k_getpwuid): check for `struct spwd'
+
+Tue Sep 8 05:18:31 1998 Assar Westerlund <assar at sics.se>
+
+ * recvmsg.c (recvmsg): patch from bpreece at unity.ncsu.edu
+
+Fri Sep 4 16:29:27 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * vsyslog.c: asprintf -> vasprintf
+
+Tue Aug 18 22:25:52 1998 Assar Westerlund <assar at sics.se>
+
+ * getarg.h (arg_printusage): new signature
+
+ * getarg.c (arg_printusage): new parameter `progname'. NULL means
+ __progname.
+
+Sun Aug 9 14:53:44 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Makefile.am: net_{read,write}.c
+
+Fri Jul 24 21:56:02 1998 Assar Westerlund <assar at sics.se>
+
+ * simple_exec.c (simple_execvp): loop around waitpid when errno ==
+ EINTR
+
+Thu Jul 23 20:24:35 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Makefile.am: net_{read,write}.c
+
+Wed Jul 22 21:38:35 1998 Assar Westerlund <assar at sics.se>
+
+ * simple_exec.c (simple_execlp): initialize `argv'
+
+Mon Jul 13 23:01:22 1998 Assar Westerlund <assar at sics.se>
+
+ * inaddr2str.c (inaddr2str): don't advance hostent->h_addr_list,
+ use a copy instead
+
+Fri Jul 10 01:20:08 1998 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (net_write, net_read): add prototypes
+
+ * Makefile.in: net_{read,write}.c: add
+
+ * net_{read,write}.c: new files
+
+Tue Jun 30 17:29:09 1998 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in (issuid): add
+
+ * get_window_size.c: fix misspelling of TIOCGWINSZ and bad use of
+ fields
+
+Sun May 31 03:24:34 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * getarg.c (mandoc_template): Put short and long options in
+ SYNOPSIS within the same [ ] pair.
+
+Sat May 30 00:13:01 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * getarg.c (arg_printusage): try to keep options shorter than
+ column width
+
+ * get_window_size.c (get_window_size): check COLUMNS and LINES
+
+Fri May 29 00:05:04 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * getarg.c (mandoc_template): Put short and long options in
+ DESCRIPTION on the same line.
+
+ * getarg.c (arg_match_long): make sure you only get an exact match
+ if the strings are the same length
+
+Thu May 14 02:23:40 1998 Assar Westerlund <assar at sics.se>
+
+ * roken.awk: stupid cray awk wants \#
+
+Fri May 1 01:29:36 1998 Assar Westerlund <assar at sics.se>
+
+ * print_version.c (print_version): according to ISO/ANSI C the
+ elements of `arg' are not constant and therefore not settable at
+ compile-time. Set the at run-time instead.
+
+Sun Apr 19 10:00:06 1998 Assar Westerlund <assar at sics.se>
+
+ * roken.h.in: include paths.h
+
+Sun Apr 5 12:30:49 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (SOURCES): add roken_gethostby.c to make solaris
+ make happy
+
+Thu Mar 19 20:41:25 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * simple_exec.c: Simple fork+exec system() replacement.
+
+Fri Mar 6 00:21:53 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * roken_gethostby.c: Make `roken_gethostby_setup' take URL-like
+ specification instead of split up versions. Makes it easier for
+ calling applications.
+
+ * roken_gethostby.c: Another miracle of the 20th century:
+ gethostby* over HTTP.
+
+Sat Feb 21 15:18:36 1998 assar westerlund <assar at sics.se>
+
+ * parse_time.c (unparse_time_approx): new function that calls
+ `unparse_units_approx'
+
+ * parse_units.c (unparse_units_approx): new function that will
+ only print the first unit.
+
+ * Makefile.in: include parse_{time,units}
+
+Thu Feb 12 03:30:08 1998 Assar Westerlund <assar at sics.se>
+
+ * parse_time.c (print_time_table): don't return a void value.
+
+Tue Feb 3 11:06:24 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * getarg.c (mandoc_template): Change date format to full month
+ name, and day of month without leading zero.
+
+Thu Jan 22 21:23:23 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * getarg.c: Fix long form of negative flags.
+
+Mon Dec 29 23:31:10 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * roken.h.in: Include <err.h>, to get linux __progname.
+
+Sun Dec 21 09:45:18 1997 Assar Westerlund <assar at sics.se>
+
+ * parse_time.c (print_time_table): new function
+
+ * parse_units.c (print_flags_table, print_units_table): new
+ functions.
+
+Thu Dec 4 02:51:46 1997 Assar Westerlund <assar at sics.se>
+
+ * iruserok.c: moved here.
+
+ * snprintf.c (sn_append_char): don't write any terminating zero.
+ (as_reserve): don't loop. better heuristic for how much space to
+ realloc.
+ (vasnprintf): simplify initializing to one.
+
+Sun Nov 30 14:56:59 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * getarg.c: Add mandoc help back-end to getarg.
+
+Wed Nov 12 01:09:17 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * verr.c, verrx.c: Fix warnings by moving exit from.
+
+Tue Nov 11 21:12:09 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * parse_units.c: Change the list of separating characters (between
+ units) to comma, space, and tab, removing digits. Having digits in
+ this list makes a flag like `T42 generate a parse error. This
+ change makes `17m3s' an invalid time-spec (you need a space).
+
+Tue Nov 11 02:38:44 1997 Assar Westerlund <assar at sics.se>
+
+ * roken.h: add <sys/socket.h>
+
+Sun Nov 9 04:48:46 1997 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * fnmatch.c: Add fnmatch from NetBSD
+
+Sun Nov 9 02:00:08 1997 Assar Westerlund <assar at sics.se>
+
+ * parse_units.c (parse_something): ignore white-space and ','
+
+Mon Nov 3 22:38:32 1997 Assar Westerlund <assar at sics.se>
+
+ * roken.h: fclose prototype
+
+ * roken.h: add prototype for vsyslog
+
+ * Makefile.in: add some more source files to make soriasis make
+ happy
+
+Sat Nov 1 00:19:21 1997 Assar Westerlund <assar at sics.se>
+
+ * roken.h: include <sys/uio.h> and <errno.h>.
+ prototypes for readv and writev
+
+ * readv.c, writev.c: new files
+
+Wed Oct 29 02:21:38 1997 Assar Westerlund <assar at sics.se>
+
+ * roken.h: Add ugly macros for openlog, gethostbyname,
+ gethostbyaddr, and getservbyname for the benefit of Crays. Add
+ default definition of MAXPATHLEN
Added: vendor-crypto/heimdal/dist/lib/roken/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,194 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+ACLOCAL_AMFLAGS = -I ../../cf
+
+CLEANFILES = roken.h make-roken.c $(XHEADERS)
+
+lib_LTLIBRARIES = libroken.la
+libroken_la_LDFLAGS = -version-info 19:0:1
+libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB
+
+# XXX this is needed for the LIBOBJS objects
+CPPFLAGS = $(libroken_la_CPPFLAGS)
+
+noinst_PROGRAMS = make-roken snprintf-test resolve-test
+
+nodist_make_roken_SOURCES = make-roken.c
+
+check_PROGRAMS = \
+ base64-test \
+ getaddrinfo-test \
+ hex-test \
+ test-readenv \
+ parse_bytes-test \
+ parse_reply-test \
+ parse_time-test \
+ snprintf-test \
+ strpftime-test
+
+TESTS = $(check_PROGRAMS)
+
+LDADD = libroken.la $(LIB_crypt)
+make_roken_LDADD =
+
+noinst_LTLIBRARIES = libtest.la
+libtest_la_SOURCES = strftime.c strptime.c snprintf.c
+libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
+
+parse_reply_test_SOURCES = parse_reply-test.c resolve.c
+parse_reply_test_CFLAGS = -DTEST_RESOLVE
+
+test_readenv_SOURCES = test-readenv.c test-mem.c
+
+parse_time_test_SOURCES = parse_time-test.c test-mem.c
+
+strpftime_test_SOURCES = strpftime-test.c strpftime-test.h
+strpftime_test_LDADD = libtest.la $(LDADD)
+strpftime_test_CFLAGS = -DTEST_STRPFTIME
+snprintf_test_SOURCES = snprintf-test.c snprintf-test.h
+snprintf_test_LDADD = libtest.la $(LDADD)
+snprintf_test_CFLAGS = -DTEST_SNPRINTF
+
+resolve_test_SOURCES = resolve-test.c
+
+libroken_la_SOURCES = \
+ base64.c \
+ bswap.c \
+ concat.c \
+ dumpdata.c \
+ environment.c \
+ eread.c \
+ esetenv.c \
+ ewrite.c \
+ getaddrinfo_hostspec.c \
+ get_default_username.c \
+ get_window_size.c \
+ getarg.c \
+ getnameinfo_verified.c \
+ getprogname.c \
+ h_errno.c \
+ hex.c \
+ hostent_find_fqdn.c \
+ issuid.c \
+ k_getpwnam.c \
+ k_getpwuid.c \
+ mini_inetd.c \
+ net_read.c \
+ net_write.c \
+ parse_bytes.c \
+ parse_time.c \
+ parse_units.c \
+ realloc.c \
+ resolve.c \
+ roken_gethostby.c \
+ rtbl.c \
+ rtbl.h \
+ setprogname.c \
+ signal.c \
+ simple_exec.c \
+ snprintf.c \
+ socket.c \
+ strcollect.c \
+ strpool.c \
+ timeval.c \
+ tm2time.c \
+ unvis.c \
+ verify.c \
+ vis.c \
+ vis.h \
+ warnerr.c \
+ write_pid.c \
+ xdbm.h
+
+EXTRA_libroken_la_SOURCES = \
+ err.hin \
+ glob.hin \
+ fnmatch.hin \
+ ifaddrs.hin \
+ vis.hin
+
+libroken_la_LIBADD = @LTLIBOBJS@
+
+$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
+
+BUILT_SOURCES = make-roken.c roken.h
+
+if have_err_h
+err_h =
+else
+err_h = err.h
+endif
+
+if have_fnmatch_h
+fnmatch_h =
+else
+fnmatch_h = fnmatch.h
+endif
+
+if have_glob_h
+glob_h =
+else
+glob_h = glob.h
+endif
+
+if have_ifaddrs_h
+ifaddrs_h =
+else
+ifaddrs_h = ifaddrs.h
+endif
+
+if have_vis_h
+vis_h =
+else
+vis_h = vis.h
+endif
+
+## these are controlled by configure
+XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
+CLEANFILES += err.h fnmatch.h glob.h ifaddrs.h vis.h
+
+dist_include_HEADERS = \
+ base64.h \
+ getarg.h \
+ hex.h \
+ parse_bytes.h \
+ parse_time.h \
+ parse_units.h \
+ resolve.h \
+ roken-common.h \
+ rtbl.h \
+ xdbm.h
+
+if have_socket_wrapper
+libroken_la_SOURCES += socket_wrapper.c socket_wrapper.h
+dist_include_HEADERS += socket_wrapper.h
+endif
+
+build_HEADERZ = test-mem.h $(XHEADERS)
+
+nodist_include_HEADERS = roken.h
+rokenincludedir = $(includedir)/roken
+nodist_rokeninclude_HEADERS = $(XHEADERS)
+
+man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3
+
+SUFFIXES += .hin
+.hin.h:
+ cp $< $@
+
+roken.h: make-roken$(EXEEXT)
+ @./make-roken$(EXEEXT) > tmp.h ;\
+ if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
+ else rm -f roken.h; mv tmp.h roken.h; fi
+
+make-roken.c: roken.h.in roken.awk
+ $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
+
+EXTRA_DIST = \
+ roken.awk roken.h.in \
+ $(man_MANS) \
+ test-mem.h \
+ ndbm_wrap.c \
+ ndbm_wrap.h
Added: vendor-crypto/heimdal/dist/lib/roken/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1426 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(am__dist_include_HEADERS_DIST) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog chown.c \
+ closefrom.c copyhostent.c daemon.c ecalloc.c emalloc.c \
+ erealloc.c err.c errx.c estrdup.c fchown.c flock.c fnmatch.c \
+ freeaddrinfo.c freehostent.c gai_strerror.c getaddrinfo.c \
+ getcap.c getcwd.c getdtablesize.c getegid.c geteuid.c getgid.c \
+ gethostname.c getifaddrs.c getipnodebyaddr.c getipnodebyname.c \
+ getnameinfo.c getopt.c gettimeofday.c getuid.c getusershell.c \
+ glob.c hstrerror.c inet_aton.c inet_ntop.c inet_pton.c \
+ initgroups.c innetgr.c install-sh iruserok.c localtime_r.c \
+ lstat.c memmove.c missing mkinstalldirs mkstemp.c putenv.c \
+ rcmd.c readv.c recvmsg.c sendmsg.c setegid.c setenv.c \
+ seteuid.c strcasecmp.c strdup.c strerror.c strftime.c \
+ strlcat.c strlcpy.c strlwr.c strncasecmp.c strndup.c strnlen.c \
+ strptime.c strsep.c strsep_copy.c strtok_r.c strupr.c swab.c \
+ timegm.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c vwarnx.c \
+ warn.c warnx.c writev.c
+noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) \
+ resolve-test$(EXEEXT)
+check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \
+ hex-test$(EXEEXT) test-readenv$(EXEEXT) \
+ parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \
+ parse_time-test$(EXEEXT) snprintf-test$(EXEEXT) \
+ strpftime-test$(EXEEXT)
+ at have_socket_wrapper_TRUE@am__append_1 = socket_wrapper.c socket_wrapper.h
+ at have_socket_wrapper_TRUE@am__append_2 = socket_wrapper.h
+subdir = lib/roken
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \
+ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \
+ "$(DESTDIR)$(rokenincludedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
+libroken_la_DEPENDENCIES = @LTLIBOBJS@
+am__libroken_la_SOURCES_DIST = base64.c bswap.c concat.c dumpdata.c \
+ environment.c eread.c esetenv.c ewrite.c \
+ getaddrinfo_hostspec.c get_default_username.c \
+ get_window_size.c getarg.c getnameinfo_verified.c \
+ getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \
+ k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \
+ parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \
+ roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \
+ simple_exec.c snprintf.c socket.c strcollect.c strpool.c \
+ timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \
+ write_pid.c xdbm.h socket_wrapper.c socket_wrapper.h
+ at have_socket_wrapper_TRUE@am__objects_1 = \
+ at have_socket_wrapper_TRUE@ libroken_la-socket_wrapper.lo
+am_libroken_la_OBJECTS = libroken_la-base64.lo libroken_la-bswap.lo \
+ libroken_la-concat.lo libroken_la-dumpdata.lo \
+ libroken_la-environment.lo libroken_la-eread.lo \
+ libroken_la-esetenv.lo libroken_la-ewrite.lo \
+ libroken_la-getaddrinfo_hostspec.lo \
+ libroken_la-get_default_username.lo \
+ libroken_la-get_window_size.lo libroken_la-getarg.lo \
+ libroken_la-getnameinfo_verified.lo libroken_la-getprogname.lo \
+ libroken_la-h_errno.lo libroken_la-hex.lo \
+ libroken_la-hostent_find_fqdn.lo libroken_la-issuid.lo \
+ libroken_la-k_getpwnam.lo libroken_la-k_getpwuid.lo \
+ libroken_la-mini_inetd.lo libroken_la-net_read.lo \
+ libroken_la-net_write.lo libroken_la-parse_bytes.lo \
+ libroken_la-parse_time.lo libroken_la-parse_units.lo \
+ libroken_la-realloc.lo libroken_la-resolve.lo \
+ libroken_la-roken_gethostby.lo libroken_la-rtbl.lo \
+ libroken_la-setprogname.lo libroken_la-signal.lo \
+ libroken_la-simple_exec.lo libroken_la-snprintf.lo \
+ libroken_la-socket.lo libroken_la-strcollect.lo \
+ libroken_la-strpool.lo libroken_la-timeval.lo \
+ libroken_la-tm2time.lo libroken_la-unvis.lo \
+ libroken_la-verify.lo libroken_la-vis.lo \
+ libroken_la-warnerr.lo libroken_la-write_pid.lo \
+ $(am__objects_1)
+libroken_la_OBJECTS = $(am_libroken_la_OBJECTS)
+libroken_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libroken_la_LDFLAGS) $(LDFLAGS) -o $@
+libtest_la_LIBADD =
+am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \
+ libtest_la-snprintf.lo
+libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
+libtest_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+PROGRAMS = $(noinst_PROGRAMS)
+base64_test_SOURCES = base64-test.c
+base64_test_OBJECTS = base64-test.$(OBJEXT)
+base64_test_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+base64_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+getaddrinfo_test_SOURCES = getaddrinfo-test.c
+getaddrinfo_test_OBJECTS = getaddrinfo-test.$(OBJEXT)
+getaddrinfo_test_LDADD = $(LDADD)
+getaddrinfo_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+hex_test_SOURCES = hex-test.c
+hex_test_OBJECTS = hex-test.$(OBJEXT)
+hex_test_LDADD = $(LDADD)
+hex_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+nodist_make_roken_OBJECTS = make-roken.$(OBJEXT)
+make_roken_OBJECTS = $(nodist_make_roken_OBJECTS)
+make_roken_DEPENDENCIES =
+parse_bytes_test_SOURCES = parse_bytes-test.c
+parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT)
+parse_bytes_test_LDADD = $(LDADD)
+parse_bytes_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+am_parse_reply_test_OBJECTS = \
+ parse_reply_test-parse_reply-test.$(OBJEXT) \
+ parse_reply_test-resolve.$(OBJEXT)
+parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS)
+parse_reply_test_LDADD = $(LDADD)
+parse_reply_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+parse_reply_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(parse_reply_test_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_parse_time_test_OBJECTS = parse_time-test.$(OBJEXT) \
+ test-mem.$(OBJEXT)
+parse_time_test_OBJECTS = $(am_parse_time_test_OBJECTS)
+parse_time_test_LDADD = $(LDADD)
+parse_time_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+am_resolve_test_OBJECTS = resolve-test.$(OBJEXT)
+resolve_test_OBJECTS = $(am_resolve_test_OBJECTS)
+resolve_test_LDADD = $(LDADD)
+resolve_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT)
+snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS)
+am__DEPENDENCIES_2 = libroken.la $(am__DEPENDENCIES_1)
+snprintf_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2)
+snprintf_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(snprintf_test_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_strpftime_test_OBJECTS = strpftime_test-strpftime-test.$(OBJEXT)
+strpftime_test_OBJECTS = $(am_strpftime_test_OBJECTS)
+strpftime_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2)
+strpftime_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(strpftime_test_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_test_readenv_OBJECTS = test-readenv.$(OBJEXT) test-mem.$(OBJEXT)
+test_readenv_OBJECTS = $(am_test_readenv_OBJECTS)
+test_readenv_LDADD = $(LDADD)
+test_readenv_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \
+ $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \
+ hex-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c \
+ $(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \
+ $(resolve_test_SOURCES) $(snprintf_test_SOURCES) \
+ $(strpftime_test_SOURCES) $(test_readenv_SOURCES)
+DIST_SOURCES = $(am__libroken_la_SOURCES_DIST) \
+ $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) \
+ base64-test.c getaddrinfo-test.c hex-test.c parse_bytes-test.c \
+ $(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \
+ $(resolve_test_SOURCES) $(snprintf_test_SOURCES) \
+ $(strpftime_test_SOURCES) $(test_readenv_SOURCES)
+man3dir = $(mandir)/man3
+MANS = $(man_MANS)
+am__dist_include_HEADERS_DIST = base64.h getarg.h hex.h parse_bytes.h \
+ parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \
+ xdbm.h socket_wrapper.h
+dist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER)
+nodist_rokenincludeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) \
+ $(nodist_rokeninclude_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+
+# XXX this is needed for the LIBOBJS objects
+CPPFLAGS = $(libroken_la_CPPFLAGS)
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ACLOCAL_AMFLAGS = -I ../../cf
+CLEANFILES = roken.h make-roken.c $(XHEADERS) err.h fnmatch.h glob.h \
+ ifaddrs.h vis.h
+lib_LTLIBRARIES = libroken.la
+libroken_la_LDFLAGS = -version-info 19:0:1
+libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB
+nodist_make_roken_SOURCES = make-roken.c
+TESTS = $(check_PROGRAMS)
+LDADD = libroken.la $(LIB_crypt)
+make_roken_LDADD =
+noinst_LTLIBRARIES = libtest.la
+libtest_la_SOURCES = strftime.c strptime.c snprintf.c
+libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME
+parse_reply_test_SOURCES = parse_reply-test.c resolve.c
+parse_reply_test_CFLAGS = -DTEST_RESOLVE
+test_readenv_SOURCES = test-readenv.c test-mem.c
+parse_time_test_SOURCES = parse_time-test.c test-mem.c
+strpftime_test_SOURCES = strpftime-test.c strpftime-test.h
+strpftime_test_LDADD = libtest.la $(LDADD)
+strpftime_test_CFLAGS = -DTEST_STRPFTIME
+snprintf_test_SOURCES = snprintf-test.c snprintf-test.h
+snprintf_test_LDADD = libtest.la $(LDADD)
+snprintf_test_CFLAGS = -DTEST_SNPRINTF
+resolve_test_SOURCES = resolve-test.c
+libroken_la_SOURCES = base64.c bswap.c concat.c dumpdata.c \
+ environment.c eread.c esetenv.c ewrite.c \
+ getaddrinfo_hostspec.c get_default_username.c \
+ get_window_size.c getarg.c getnameinfo_verified.c \
+ getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \
+ k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \
+ parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \
+ roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \
+ simple_exec.c snprintf.c socket.c strcollect.c strpool.c \
+ timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \
+ write_pid.c xdbm.h $(am__append_1)
+EXTRA_libroken_la_SOURCES = \
+ err.hin \
+ glob.hin \
+ fnmatch.hin \
+ ifaddrs.hin \
+ vis.hin
+
+libroken_la_LIBADD = @LTLIBOBJS@
+BUILT_SOURCES = make-roken.c roken.h
+ at have_err_h_FALSE@err_h = err.h
+ at have_err_h_TRUE@err_h =
+ at have_fnmatch_h_FALSE@fnmatch_h = fnmatch.h
+ at have_fnmatch_h_TRUE@fnmatch_h =
+ at have_glob_h_FALSE@glob_h = glob.h
+ at have_glob_h_TRUE@glob_h =
+ at have_ifaddrs_h_FALSE@ifaddrs_h = ifaddrs.h
+ at have_ifaddrs_h_TRUE@ifaddrs_h =
+ at have_vis_h_FALSE@vis_h = vis.h
+ at have_vis_h_TRUE@vis_h =
+XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h)
+dist_include_HEADERS = base64.h getarg.h hex.h parse_bytes.h \
+ parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \
+ xdbm.h $(am__append_2)
+build_HEADERZ = test-mem.h $(XHEADERS)
+nodist_include_HEADERS = roken.h
+rokenincludedir = $(includedir)/roken
+nodist_rokeninclude_HEADERS = $(XHEADERS)
+man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3
+EXTRA_DIST = \
+ roken.awk roken.h.in \
+ $(man_MANS) \
+ test-mem.h \
+ ndbm_wrap.c \
+ ndbm_wrap.h
+
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/roken/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/roken/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libroken.la: $(libroken_la_OBJECTS) $(libroken_la_DEPENDENCIES)
+ $(libroken_la_LINK) -rpath $(libdir) $(libroken_la_OBJECTS) $(libroken_la_LIBADD) $(LIBS)
+libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES)
+ $(libtest_la_LINK) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS)
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+base64-test$(EXEEXT): $(base64_test_OBJECTS) $(base64_test_DEPENDENCIES)
+ @rm -f base64-test$(EXEEXT)
+ $(LINK) $(base64_test_OBJECTS) $(base64_test_LDADD) $(LIBS)
+getaddrinfo-test$(EXEEXT): $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_DEPENDENCIES)
+ @rm -f getaddrinfo-test$(EXEEXT)
+ $(LINK) $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_LDADD) $(LIBS)
+hex-test$(EXEEXT): $(hex_test_OBJECTS) $(hex_test_DEPENDENCIES)
+ @rm -f hex-test$(EXEEXT)
+ $(LINK) $(hex_test_OBJECTS) $(hex_test_LDADD) $(LIBS)
+make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES)
+ @rm -f make-roken$(EXEEXT)
+ $(LINK) $(make_roken_OBJECTS) $(make_roken_LDADD) $(LIBS)
+parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES)
+ @rm -f parse_bytes-test$(EXEEXT)
+ $(LINK) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS)
+parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES)
+ @rm -f parse_reply-test$(EXEEXT)
+ $(parse_reply_test_LINK) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS)
+parse_time-test$(EXEEXT): $(parse_time_test_OBJECTS) $(parse_time_test_DEPENDENCIES)
+ @rm -f parse_time-test$(EXEEXT)
+ $(LINK) $(parse_time_test_OBJECTS) $(parse_time_test_LDADD) $(LIBS)
+resolve-test$(EXEEXT): $(resolve_test_OBJECTS) $(resolve_test_DEPENDENCIES)
+ @rm -f resolve-test$(EXEEXT)
+ $(LINK) $(resolve_test_OBJECTS) $(resolve_test_LDADD) $(LIBS)
+snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES)
+ @rm -f snprintf-test$(EXEEXT)
+ $(snprintf_test_LINK) $(snprintf_test_OBJECTS) $(snprintf_test_LDADD) $(LIBS)
+strpftime-test$(EXEEXT): $(strpftime_test_OBJECTS) $(strpftime_test_DEPENDENCIES)
+ @rm -f strpftime-test$(EXEEXT)
+ $(strpftime_test_LINK) $(strpftime_test_OBJECTS) $(strpftime_test_LDADD) $(LIBS)
+test-readenv$(EXEEXT): $(test_readenv_OBJECTS) $(test_readenv_DEPENDENCIES)
+ @rm -f test-readenv$(EXEEXT)
+ $(LINK) $(test_readenv_OBJECTS) $(test_readenv_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+libroken_la-base64.lo: base64.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
+
+libroken_la-bswap.lo: bswap.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-bswap.lo `test -f 'bswap.c' || echo '$(srcdir)/'`bswap.c
+
+libroken_la-concat.lo: concat.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-concat.lo `test -f 'concat.c' || echo '$(srcdir)/'`concat.c
+
+libroken_la-dumpdata.lo: dumpdata.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-dumpdata.lo `test -f 'dumpdata.c' || echo '$(srcdir)/'`dumpdata.c
+
+libroken_la-environment.lo: environment.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-environment.lo `test -f 'environment.c' || echo '$(srcdir)/'`environment.c
+
+libroken_la-eread.lo: eread.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-eread.lo `test -f 'eread.c' || echo '$(srcdir)/'`eread.c
+
+libroken_la-esetenv.lo: esetenv.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-esetenv.lo `test -f 'esetenv.c' || echo '$(srcdir)/'`esetenv.c
+
+libroken_la-ewrite.lo: ewrite.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-ewrite.lo `test -f 'ewrite.c' || echo '$(srcdir)/'`ewrite.c
+
+libroken_la-getaddrinfo_hostspec.lo: getaddrinfo_hostspec.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getaddrinfo_hostspec.lo `test -f 'getaddrinfo_hostspec.c' || echo '$(srcdir)/'`getaddrinfo_hostspec.c
+
+libroken_la-get_default_username.lo: get_default_username.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_default_username.lo `test -f 'get_default_username.c' || echo '$(srcdir)/'`get_default_username.c
+
+libroken_la-get_window_size.lo: get_window_size.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_window_size.lo `test -f 'get_window_size.c' || echo '$(srcdir)/'`get_window_size.c
+
+libroken_la-getarg.lo: getarg.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getarg.lo `test -f 'getarg.c' || echo '$(srcdir)/'`getarg.c
+
+libroken_la-getnameinfo_verified.lo: getnameinfo_verified.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getnameinfo_verified.lo `test -f 'getnameinfo_verified.c' || echo '$(srcdir)/'`getnameinfo_verified.c
+
+libroken_la-getprogname.lo: getprogname.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getprogname.lo `test -f 'getprogname.c' || echo '$(srcdir)/'`getprogname.c
+
+libroken_la-h_errno.lo: h_errno.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-h_errno.lo `test -f 'h_errno.c' || echo '$(srcdir)/'`h_errno.c
+
+libroken_la-hex.lo: hex.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hex.lo `test -f 'hex.c' || echo '$(srcdir)/'`hex.c
+
+libroken_la-hostent_find_fqdn.lo: hostent_find_fqdn.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hostent_find_fqdn.lo `test -f 'hostent_find_fqdn.c' || echo '$(srcdir)/'`hostent_find_fqdn.c
+
+libroken_la-issuid.lo: issuid.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-issuid.lo `test -f 'issuid.c' || echo '$(srcdir)/'`issuid.c
+
+libroken_la-k_getpwnam.lo: k_getpwnam.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwnam.lo `test -f 'k_getpwnam.c' || echo '$(srcdir)/'`k_getpwnam.c
+
+libroken_la-k_getpwuid.lo: k_getpwuid.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwuid.lo `test -f 'k_getpwuid.c' || echo '$(srcdir)/'`k_getpwuid.c
+
+libroken_la-mini_inetd.lo: mini_inetd.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-mini_inetd.lo `test -f 'mini_inetd.c' || echo '$(srcdir)/'`mini_inetd.c
+
+libroken_la-net_read.lo: net_read.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c
+
+libroken_la-net_write.lo: net_write.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c
+
+libroken_la-parse_bytes.lo: parse_bytes.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_bytes.lo `test -f 'parse_bytes.c' || echo '$(srcdir)/'`parse_bytes.c
+
+libroken_la-parse_time.lo: parse_time.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_time.lo `test -f 'parse_time.c' || echo '$(srcdir)/'`parse_time.c
+
+libroken_la-parse_units.lo: parse_units.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_units.lo `test -f 'parse_units.c' || echo '$(srcdir)/'`parse_units.c
+
+libroken_la-realloc.lo: realloc.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-realloc.lo `test -f 'realloc.c' || echo '$(srcdir)/'`realloc.c
+
+libroken_la-resolve.lo: resolve.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
+
+libroken_la-roken_gethostby.lo: roken_gethostby.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-roken_gethostby.lo `test -f 'roken_gethostby.c' || echo '$(srcdir)/'`roken_gethostby.c
+
+libroken_la-rtbl.lo: rtbl.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-rtbl.lo `test -f 'rtbl.c' || echo '$(srcdir)/'`rtbl.c
+
+libroken_la-setprogname.lo: setprogname.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-setprogname.lo `test -f 'setprogname.c' || echo '$(srcdir)/'`setprogname.c
+
+libroken_la-signal.lo: signal.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-signal.lo `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
+
+libroken_la-simple_exec.lo: simple_exec.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-simple_exec.lo `test -f 'simple_exec.c' || echo '$(srcdir)/'`simple_exec.c
+
+libroken_la-snprintf.lo: snprintf.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
+
+libroken_la-socket.lo: socket.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket.lo `test -f 'socket.c' || echo '$(srcdir)/'`socket.c
+
+libroken_la-strcollect.lo: strcollect.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strcollect.lo `test -f 'strcollect.c' || echo '$(srcdir)/'`strcollect.c
+
+libroken_la-strpool.lo: strpool.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strpool.lo `test -f 'strpool.c' || echo '$(srcdir)/'`strpool.c
+
+libroken_la-timeval.lo: timeval.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
+
+libroken_la-tm2time.lo: tm2time.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-tm2time.lo `test -f 'tm2time.c' || echo '$(srcdir)/'`tm2time.c
+
+libroken_la-unvis.lo: unvis.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-unvis.lo `test -f 'unvis.c' || echo '$(srcdir)/'`unvis.c
+
+libroken_la-verify.lo: verify.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-verify.lo `test -f 'verify.c' || echo '$(srcdir)/'`verify.c
+
+libroken_la-vis.lo: vis.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-vis.lo `test -f 'vis.c' || echo '$(srcdir)/'`vis.c
+
+libroken_la-warnerr.lo: warnerr.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-warnerr.lo `test -f 'warnerr.c' || echo '$(srcdir)/'`warnerr.c
+
+libroken_la-write_pid.lo: write_pid.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-write_pid.lo `test -f 'write_pid.c' || echo '$(srcdir)/'`write_pid.c
+
+libroken_la-socket_wrapper.lo: socket_wrapper.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket_wrapper.lo `test -f 'socket_wrapper.c' || echo '$(srcdir)/'`socket_wrapper.c
+
+libtest_la-strftime.lo: strftime.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c
+
+libtest_la-strptime.lo: strptime.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c
+
+libtest_la-snprintf.lo: snprintf.c
+ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
+
+parse_reply_test-parse_reply-test.o: parse_reply-test.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
+
+parse_reply_test-parse_reply-test.obj: parse_reply-test.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `if test -f 'parse_reply-test.c'; then $(CYGPATH_W) 'parse_reply-test.c'; else $(CYGPATH_W) '$(srcdir)/parse_reply-test.c'; fi`
+
+parse_reply_test-resolve.o: resolve.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
+
+parse_reply_test-resolve.obj: resolve.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi`
+
+snprintf_test-snprintf-test.o: snprintf-test.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c
+
+snprintf_test-snprintf-test.obj: snprintf-test.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `if test -f 'snprintf-test.c'; then $(CYGPATH_W) 'snprintf-test.c'; else $(CYGPATH_W) '$(srcdir)/snprintf-test.c'; fi`
+
+strpftime_test-strpftime-test.o: strpftime-test.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.o `test -f 'strpftime-test.c' || echo '$(srcdir)/'`strpftime-test.c
+
+strpftime_test-strpftime-test.obj: strpftime-test.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.obj `if test -f 'strpftime-test.c'; then $(CYGPATH_W) 'strpftime-test.c'; else $(CYGPATH_W) '$(srcdir)/strpftime-test.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man3: $(man3_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)"
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+uninstall-man3:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.3*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 3*) ;; \
+ *) ext='3' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man3dir)/$$inst"; \
+ done
+install-dist_includeHEADERS: $(dist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-dist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-nodist_rokenincludeHEADERS: $(nodist_rokeninclude_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(rokenincludedir)" || $(MKDIR_P) "$(DESTDIR)$(rokenincludedir)"
+ @list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(nodist_rokenincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(rokenincludedir)/$$f'"; \
+ $(nodist_rokenincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(rokenincludedir)/$$f"; \
+ done
+
+uninstall-nodist_rokenincludeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(rokenincludedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(rokenincludedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \
+ all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(rokenincludedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_includeHEADERS install-man \
+ install-nodist_includeHEADERS \
+ install-nodist_rokenincludeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man3
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \
+ uninstall-man uninstall-nodist_includeHEADERS \
+ uninstall-nodist_rokenincludeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man3
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \
+ clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-hook install-dist_includeHEADERS install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-man3 \
+ install-nodist_includeHEADERS \
+ install-nodist_rokenincludeHEADERS install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-dist_includeHEADERS \
+ uninstall-hook uninstall-libLTLIBRARIES uninstall-man \
+ uninstall-man3 uninstall-nodist_includeHEADERS \
+ uninstall-nodist_rokenincludeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
+.hin.h:
+ cp $< $@
+
+roken.h: make-roken$(EXEEXT)
+ @./make-roken$(EXEEXT) > tmp.h ;\
+ if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \
+ else rm -f roken.h; mv tmp.h roken.h; fi
+
+make-roken.c: roken.h.in roken.awk
+ $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/roken/base64-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/base64-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/base64-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <base64.h>
+
+int
+main(int argc, char **argv)
+{
+ int numerr = 0;
+ int numtest = 1;
+ struct test {
+ void *data;
+ size_t len;
+ const char *result;
+ } *t, tests[] = {
+ { "", 0 , "" },
+ { "1", 1, "MQ==" },
+ { "22", 2, "MjI=" },
+ { "333", 3, "MzMz" },
+ { "4444", 4, "NDQ0NA==" },
+ { "55555", 5, "NTU1NTU=" },
+ { "abc:def", 7, "YWJjOmRlZg==" },
+ { NULL }
+ };
+ for(t = tests; t->data; t++) {
+ char *str;
+ int len;
+ len = base64_encode(t->data, t->len, &str);
+ if(strcmp(str, t->result) != 0) {
+ fprintf(stderr, "failed test %d: %s != %s\n", numtest,
+ str, t->result);
+ numerr++;
+ }
+ free(str);
+ str = strdup(t->result);
+ len = base64_decode(t->result, str);
+ if(len != t->len) {
+ fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
+ (unsigned long)len, (unsigned long)t->len);
+ numerr++;
+ } else if(memcmp(str, t->data, t->len) != 0) {
+ fprintf(stderr, "failed test %d: data\n", numtest);
+ numerr++;
+ }
+ free(str);
+ numtest++;
+ }
+
+ {
+ char str[32];
+ if(base64_decode("M=M=", str) != -1) {
+ fprintf(stderr, "failed test %d: successful decode of `M=M='\n",
+ numtest++);
+ numerr++;
+ }
+ if(base64_decode("MQ===", str) != -1) {
+ fprintf(stderr, "failed test %d: successful decode of `MQ==='\n",
+ numtest++);
+ numerr++;
+ }
+ }
+ return numerr;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/base64.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/base64.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/base64.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1995-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: base64.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "base64.h"
+
+static const char base64_chars[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int
+pos(char c)
+{
+ const char *p;
+ for (p = base64_chars; *p; p++)
+ if (*p == c)
+ return p - base64_chars;
+ return -1;
+}
+
+int ROKEN_LIB_FUNCTION
+base64_encode(const void *data, int size, char **str)
+{
+ char *s, *p;
+ int i;
+ int c;
+ const unsigned char *q;
+
+ p = s = (char *) malloc(size * 4 / 3 + 4);
+ if (p == NULL)
+ return -1;
+ q = (const unsigned char *) data;
+ i = 0;
+ for (i = 0; i < size;) {
+ c = q[i++];
+ c *= 256;
+ if (i < size)
+ c += q[i];
+ i++;
+ c *= 256;
+ if (i < size)
+ c += q[i];
+ i++;
+ p[0] = base64_chars[(c & 0x00fc0000) >> 18];
+ p[1] = base64_chars[(c & 0x0003f000) >> 12];
+ p[2] = base64_chars[(c & 0x00000fc0) >> 6];
+ p[3] = base64_chars[(c & 0x0000003f) >> 0];
+ if (i > size)
+ p[3] = '=';
+ if (i > size + 1)
+ p[2] = '=';
+ p += 4;
+ }
+ *p = 0;
+ *str = s;
+ return strlen(s);
+}
+
+#define DECODE_ERROR 0xffffffff
+
+static unsigned int
+token_decode(const char *token)
+{
+ int i;
+ unsigned int val = 0;
+ int marker = 0;
+ if (strlen(token) < 4)
+ return DECODE_ERROR;
+ for (i = 0; i < 4; i++) {
+ val *= 64;
+ if (token[i] == '=')
+ marker++;
+ else if (marker > 0)
+ return DECODE_ERROR;
+ else
+ val += pos(token[i]);
+ }
+ if (marker > 2)
+ return DECODE_ERROR;
+ return (marker << 24) | val;
+}
+
+int ROKEN_LIB_FUNCTION
+base64_decode(const char *str, void *data)
+{
+ const char *p;
+ unsigned char *q;
+
+ q = data;
+ for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
+ unsigned int val = token_decode(p);
+ unsigned int marker = (val >> 24) & 0xff;
+ if (val == DECODE_ERROR)
+ return -1;
+ *q++ = (val >> 16) & 0xff;
+ if (marker < 2)
+ *q++ = (val >> 8) & 0xff;
+ if (marker < 1)
+ *q++ = val & 0xff;
+ }
+ return q - (unsigned char *) data;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/base64.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/base64.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/base64.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: base64.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+int ROKEN_LIB_FUNCTION
+base64_encode(const void *, int, char **);
+
+int ROKEN_LIB_FUNCTION
+base64_decode(const char *, void *);
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/bswap.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/bswap.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/bswap.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: bswap.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef HAVE_BSWAP32
+
+unsigned int ROKEN_LIB_FUNCTION
+bswap32 (unsigned int val)
+{
+ return (val & 0xff) << 24 |
+ (val & 0xff00) << 8 |
+ (val & 0xff0000) >> 8 |
+ (val & 0xff000000) >> 24;
+}
+#endif
+
+#ifndef HAVE_BSWAP16
+
+unsigned short ROKEN_LIB_FUNCTION
+bswap16 (unsigned short val)
+{
+ return (val & 0xff) << 8 |
+ (val & 0xff00) >> 8;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/chown.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/chown.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/chown.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: chown.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+chown(const char *path, uid_t owner, gid_t group)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/closefrom.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/closefrom.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/closefrom.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: closefrom.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+closefrom(int fd)
+{
+ int num = getdtablesize();
+
+ if (num < 0)
+ num = 1024; /* XXX */
+
+ for (; fd <= num; fd++)
+ close(fd);
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/concat.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/concat.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/concat.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: concat.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+roken_concat (char *s, size_t len, ...)
+{
+ int ret;
+ va_list args;
+
+ va_start(args, len);
+ ret = roken_vconcat (s, len, args);
+ va_end(args);
+ return ret;
+}
+
+int ROKEN_LIB_FUNCTION
+roken_vconcat (char *s, size_t len, va_list args)
+{
+ const char *a;
+
+ while ((a = va_arg(args, const char*))) {
+ size_t n = strlen (a);
+
+ if (n >= len)
+ return -1;
+ memcpy (s, a, n);
+ s += n;
+ len -= n;
+ }
+ *s = '\0';
+ return 0;
+}
+
+size_t ROKEN_LIB_FUNCTION
+roken_vmconcat (char **s, size_t max_len, va_list args)
+{
+ const char *a;
+ char *p, *q;
+ size_t len = 0;
+ *s = NULL;
+ p = malloc(1);
+ if(p == NULL)
+ return 0;
+ len = 1;
+ while ((a = va_arg(args, const char*))) {
+ size_t n = strlen (a);
+
+ if(max_len && len + n > max_len){
+ free(p);
+ return 0;
+ }
+ q = realloc(p, len + n);
+ if(q == NULL){
+ free(p);
+ return 0;
+ }
+ p = q;
+ memcpy (p + len - 1, a, n);
+ len += n;
+ }
+ p[len - 1] = '\0';
+ *s = p;
+ return len;
+}
+
+size_t ROKEN_LIB_FUNCTION
+roken_mconcat (char **s, size_t max_len, ...)
+{
+ int ret;
+ va_list args;
+
+ va_start(args, max_len);
+ ret = roken_vmconcat (s, max_len, args);
+ va_end(args);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/copyhostent.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/copyhostent.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/copyhostent.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: copyhostent.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * return a malloced copy of `h'
+ */
+
+struct hostent * ROKEN_LIB_FUNCTION
+copyhostent (const struct hostent *h)
+{
+ struct hostent *res;
+ char **p;
+ int i, n;
+
+ res = malloc (sizeof (*res));
+ if (res == NULL)
+ return NULL;
+ res->h_name = NULL;
+ res->h_aliases = NULL;
+ res->h_addrtype = h->h_addrtype;
+ res->h_length = h->h_length;
+ res->h_addr_list = NULL;
+ res->h_name = strdup (h->h_name);
+ if (res->h_name == NULL) {
+ freehostent (res);
+ return NULL;
+ }
+ for (n = 0, p = h->h_aliases; *p != NULL; ++p)
+ ++n;
+ res->h_aliases = malloc ((n + 1) * sizeof(*res->h_aliases));
+ if (res->h_aliases == NULL) {
+ freehostent (res);
+ return NULL;
+ }
+ for (i = 0; i < n + 1; ++i)
+ res->h_aliases[i] = NULL;
+ for (i = 0; i < n; ++i) {
+ res->h_aliases[i] = strdup (h->h_aliases[i]);
+ if (res->h_aliases[i] == NULL) {
+ freehostent (res);
+ return NULL;
+ }
+ }
+
+ for (n = 0, p = h->h_addr_list; *p != NULL; ++p)
+ ++n;
+ res->h_addr_list = malloc ((n + 1) * sizeof(*res->h_addr_list));
+ if (res->h_addr_list == NULL) {
+ freehostent (res);
+ return NULL;
+ }
+ for (i = 0; i < n + 1; ++i) {
+ res->h_addr_list[i] = NULL;
+ }
+ for (i = 0; i < n; ++i) {
+ res->h_addr_list[i] = malloc (h->h_length);
+ if (res->h_addr_list[i] == NULL) {
+ freehostent (res);
+ return NULL;
+ }
+ memcpy (res->h_addr_list[i], h->h_addr_list[i], h->h_length);
+ }
+ return res;
+}
+
Added: vendor-crypto/heimdal/dist/lib/roken/daemon.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/daemon.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/daemon.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+/*-
+ * Copyright (c) 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: daemon.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef HAVE_DAEMON
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+daemon(int nochdir, int noclose)
+{
+ int fd;
+
+ switch (fork()) {
+ case -1:
+ return (-1);
+ case 0:
+ break;
+ default:
+ _exit(0);
+ }
+
+ if (setsid() == -1)
+ return (-1);
+
+ if (!nochdir)
+ chdir("/");
+
+ if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+ dup2(fd, STDIN_FILENO);
+ dup2(fd, STDOUT_FILENO);
+ dup2(fd, STDERR_FILENO);
+ if (fd > 2)
+ close (fd);
+ }
+ return (0);
+}
+
+#endif /* HAVE_DAEMON */
Added: vendor-crypto/heimdal/dist/lib/roken/dumpdata.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/dumpdata.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/dumpdata.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: dumpdata.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <unistd.h>
+
+#include "roken.h"
+
+/*
+ * Write datablob to a filename, don't care about errors.
+ */
+
+void ROKEN_LIB_FUNCTION
+rk_dumpdata (const char *filename, const void *buf, size_t size)
+{
+ int fd;
+
+ fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0640);
+ if (fd < 0)
+ return;
+ net_write(fd, buf, size);
+ close(fd);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/ecalloc.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ecalloc.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ecalloc.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+.\" Copyright (c) 2001, 2003 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" $Id: ecalloc.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd August 14, 2003
+.Dt ECALLOC 3
+.Os HEIMDAL
+.Sh NAME
+.Nm ecalloc ,
+.Nm emalloc ,
+.Nm eread ,
+.Nm erealloc ,
+.Nm esetenv ,
+.Nm estrdup ,
+.Nm ewrite
+.Nd exit-on-failure wrapper functions
+.Sh LIBRARY
+The roken library (libroken, -lroken)
+.Sh SYNOPSIS
+.Fd #include <roken.h>
+.Ft "void *"
+.Fn ecalloc "size_t number" "size_t size"
+.Ft "void *"
+.Fn emalloc "size_t sz"
+.Ft ssize_t
+.Fn eread "int fd" "void *buf" "size_t nbytes"
+.Ft "void *"
+.Fn erealloc "void *ptr" "size_t sz"
+.Ft void
+.Fn esetenv "const char *var" "const char *val" "int rewrite"
+.Ft "char *"
+.Fn estrdup "const char *str"
+.Ft ssize_t
+.Fn ewrite "int fd" "const void *buf" "size_t nbytes"
+.Sh DESCRIPTION
+These functions do the same as the ones without the
+.Dq e
+prefix, but if there is an error they will print a message with
+.Xr errx 3 ,
+and exit. For
+.Nm eread
+and
+.Nm ewrite
+this is also true for partial data.
+.Pp
+This is useful in applications when there is no need for a more
+advanced failure mode.
+.Sh SEE ALSO
+.Xr read 2 ,
+.Xr write 2 ,
+.Xr calloc 3 ,
+.Xr errx 3 ,
+.Xr malloc 3 ,
+.Xr realloc 3 ,
+.Xr setenv 3 ,
+.Xr strdup 3
Added: vendor-crypto/heimdal/dist/lib/roken/ecalloc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ecalloc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ecalloc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ecalloc.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include "roken.h"
+
+/*
+ * Like calloc but never fails.
+ */
+
+void * ROKEN_LIB_FUNCTION
+ecalloc (size_t number, size_t size)
+{
+ void *tmp = calloc (number, size);
+
+ if (tmp == NULL && number * size != 0)
+ errx (1, "calloc %lu failed", (unsigned long)number * size);
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/emalloc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/emalloc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/emalloc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: emalloc.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include "roken.h"
+
+/*
+ * Like malloc but never fails.
+ */
+
+void * ROKEN_LIB_FUNCTION
+emalloc (size_t sz)
+{
+ void *tmp = malloc (sz);
+
+ if (tmp == NULL && sz != 0)
+ errx (1, "malloc %lu failed", (unsigned long)sz);
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/environment.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/environment.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/environment.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2000, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: environment.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include "roken.h"
+
+/* find assignment in env list; len is length of variable including
+ * equal
+ */
+
+static int
+find_var(char **env, char *assignment, size_t len)
+{
+ int i;
+ for(i = 0; env != NULL && env[i] != NULL; i++)
+ if(strncmp(env[i], assignment, len) == 0)
+ return i;
+ return -1;
+}
+
+/*
+ * return count of environment assignments from open file F in
+ * assigned and list of malloced strings in env, return 0 or errno
+ * number
+ */
+
+static int
+rk_read_env_file(FILE *F, char ***env, int *assigned)
+{
+ int idx = 0;
+ int i;
+ char **l;
+ char buf[BUFSIZ], *p, *r;
+ char **tmp;
+ int ret = 0;
+
+ *assigned = 0;
+
+ for(idx = 0; *env != NULL && (*env)[idx] != NULL; idx++);
+ l = *env;
+
+ /* This is somewhat more relaxed on what it accepts then
+ * Wietses sysv_environ from K4 was...
+ */
+ while (fgets(buf, BUFSIZ, F) != NULL) {
+ buf[strcspn(buf, "#\n")] = '\0';
+
+ for(p = buf; isspace((unsigned char)*p); p++);
+ if (*p == '\0')
+ continue;
+
+ /* Here one should check that it's a 'valid' env string... */
+ r = strchr(p, '=');
+ if (r == NULL)
+ continue;
+
+ if((i = find_var(l, p, r - p + 1)) >= 0) {
+ char *val = strdup(p);
+ if(val == NULL) {
+ ret = ENOMEM;
+ break;
+ }
+ free(l[i]);
+ l[i] = val;
+ (*assigned)++;
+ continue;
+ }
+
+ tmp = realloc(l, (idx+2) * sizeof (char *));
+ if(tmp == NULL) {
+ ret = ENOMEM;
+ break;
+ }
+
+ l = tmp;
+ l[idx] = strdup(p);
+ if(l[idx] == NULL) {
+ ret = ENOMEM;
+ break;
+ }
+ l[++idx] = NULL;
+ (*assigned)++;
+ }
+ if(ferror(F))
+ ret = errno;
+ *env = l;
+ return ret;
+}
+
+/*
+ * return count of environment assignments from file and
+ * list of malloced strings in `env'
+ */
+
+int ROKEN_LIB_FUNCTION
+read_environment(const char *file, char ***env)
+{
+ int assigned;
+ FILE *F;
+
+ if ((F = fopen(file, "r")) == NULL)
+ return 0;
+
+ rk_read_env_file(F, env, &assigned);
+ fclose(F);
+ return assigned;
+}
+
+void ROKEN_LIB_FUNCTION
+free_environment(char **env)
+{
+ int i;
+ if (env == NULL)
+ return;
+ for (i = 0; env[i]; i++)
+ free(env[i]);
+ free(env);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/eread.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/eread.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/eread.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: eread.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <unistd.h>
+#include <err.h>
+
+#include "roken.h"
+
+/*
+ * Like read but never fails (and never returns partial data).
+ */
+
+ssize_t ROKEN_LIB_FUNCTION
+eread (int fd, void *buf, size_t nbytes)
+{
+ ssize_t ret;
+
+ ret = net_read (fd, buf, nbytes);
+ if (ret < 0)
+ err (1, "read");
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/erealloc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/erealloc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/erealloc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: erealloc.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include "roken.h"
+
+/*
+ * Like realloc but never fails.
+ */
+
+void * ROKEN_LIB_FUNCTION
+erealloc (void *ptr, size_t sz)
+{
+ void *tmp = realloc (ptr, sz);
+
+ if (tmp == NULL && sz != 0)
+ errx (1, "realloc %lu failed", (unsigned long)sz);
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/err.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/err.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/err.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: err.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "err.h"
+
+void ROKEN_LIB_FUNCTION
+err(int eval, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ verr(eval, fmt, ap);
+ va_end(ap);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/err.hin
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/err.hin (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/err.hin 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1995 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: err.hin,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __ERR_H__
+#define __ERR_H__
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+void ROKEN_LIB_FUNCTION
+verr(int eval, const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 2, 0)));
+
+void ROKEN_LIB_FUNCTION
+err(int eval, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 2, 3)));
+
+void ROKEN_LIB_FUNCTION
+verrx(int eval, const char *fmt, va_list ap)
+ __attribute__ ((noreturn, format (printf, 2, 0)));
+
+void ROKEN_LIB_FUNCTION
+errx(int eval, const char *fmt, ...)
+ __attribute__ ((noreturn, format (printf, 2, 3)));
+void ROKEN_LIB_FUNCTION
+vwarn(const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 1, 0)));
+
+void ROKEN_LIB_FUNCTION
+warn(const char *fmt, ...)
+ __attribute__ ((format (printf, 1, 2)));
+
+void ROKEN_LIB_FUNCTION
+vwarnx(const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 1, 0)));
+
+void ROKEN_LIB_FUNCTION
+warnx(const char *fmt, ...)
+ __attribute__ ((format (printf, 1, 2)));
+
+#endif /* __ERR_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/errx.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/errx.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/errx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: errx.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "err.h"
+
+void ROKEN_LIB_FUNCTION
+errx(int eval, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ verrx(eval, fmt, ap);
+ va_end(ap);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/esetenv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/esetenv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/esetenv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2000, 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: esetenv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#include <err.h>
+
+void ROKEN_LIB_FUNCTION
+esetenv(const char *var, const char *val, int rewrite)
+{
+ if (setenv (rk_UNCONST(var), rk_UNCONST(val), rewrite))
+ errx (1, "failed setting environment variable %s", var);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/estrdup.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/estrdup.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/estrdup.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: estrdup.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#include <err.h>
+
+#include "roken.h"
+
+/*
+ * Like strdup but never fails.
+ */
+
+char * ROKEN_LIB_FUNCTION
+estrdup (const char *str)
+{
+ char *tmp = strdup (str);
+
+ if (tmp == NULL)
+ errx (1, "strdup failed");
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/ewrite.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ewrite.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ewrite.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ewrite.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <unistd.h>
+#include <err.h>
+
+#include "roken.h"
+
+/*
+ * Like write but never fails (and never returns partial data).
+ */
+
+ssize_t ROKEN_LIB_FUNCTION
+ewrite (int fd, const void *buf, size_t nbytes)
+{
+ ssize_t ret;
+
+ ret = net_write (fd, buf, nbytes);
+ if (ret < 0)
+ err (1, "write");
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/fchown.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/fchown.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/fchown.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: fchown.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+fchown(int fd, uid_t owner, gid_t group)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/flock.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/flock.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/flock.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_FLOCK
+RCSID("$Id: flock.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#include "roken.h"
+
+
+#define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN)
+
+int ROKEN_LIB_FUNCTION
+flock(int fd, int operation)
+{
+#if defined(HAVE_FCNTL) && defined(F_SETLK)
+ struct flock arg;
+ int code, cmd;
+
+ arg.l_whence = SEEK_SET;
+ arg.l_start = 0;
+ arg.l_len = 0; /* means to EOF */
+
+ if (operation & LOCK_NB)
+ cmd = F_SETLK;
+ else
+ cmd = F_SETLKW; /* Blocking */
+
+ switch (operation & OP_MASK) {
+ case LOCK_UN:
+ arg.l_type = F_UNLCK;
+ code = fcntl(fd, F_SETLK, &arg);
+ break;
+ case LOCK_SH:
+ arg.l_type = F_RDLCK;
+ code = fcntl(fd, cmd, &arg);
+ break;
+ case LOCK_EX:
+ arg.l_type = F_WRLCK;
+ code = fcntl(fd, cmd, &arg);
+ break;
+ default:
+ errno = EINVAL;
+ code = -1;
+ break;
+ }
+ return code;
+#else
+ return -1;
+#endif
+}
+
+#endif
+
Added: vendor-crypto/heimdal/dist/lib/roken/fnmatch.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/fnmatch.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/fnmatch.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,169 @@
+/* $NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $ */
+
+/*
+ * Copyright (c) 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)fnmatch.c 8.2 (Berkeley) 4/16/94";
+#else
+static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
+ * Compares a filename or pathname to a pattern.
+ */
+
+#include <fnmatch.h>
+#include <string.h>
+
+#define EOS '\0'
+
+static const char *rangematch (const char *, int, int);
+
+int ROKEN_LIB_FUNCTION
+rk_fnmatch(const char *pattern, const char *string, int flags)
+{
+ const char *stringstart;
+ char c, test;
+
+ for (stringstart = string;;)
+ switch (c = *pattern++) {
+ case EOS:
+ return (*string == EOS ? 0 : FNM_NOMATCH);
+ case '?':
+ if (*string == EOS)
+ return (FNM_NOMATCH);
+ if (*string == '/' && (flags & FNM_PATHNAME))
+ return (FNM_NOMATCH);
+ if (*string == '.' && (flags & FNM_PERIOD) &&
+ (string == stringstart ||
+ ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+ return (FNM_NOMATCH);
+ ++string;
+ break;
+ case '*':
+ c = *pattern;
+ /* Collapse multiple stars. */
+ while (c == '*')
+ c = *++pattern;
+
+ if (*string == '.' && (flags & FNM_PERIOD) &&
+ (string == stringstart ||
+ ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+ return (FNM_NOMATCH);
+
+ /* Optimize for pattern with * at end or before /. */
+ if (c == EOS)
+ if (flags & FNM_PATHNAME)
+ return (strchr(string, '/') == NULL ?
+ 0 : FNM_NOMATCH);
+ else
+ return (0);
+ else if (c == '/' && flags & FNM_PATHNAME) {
+ if ((string = strchr(string, '/')) == NULL)
+ return (FNM_NOMATCH);
+ break;
+ }
+
+ /* General case, use recursion. */
+ while ((test = *string) != EOS) {
+ if (!rk_fnmatch(pattern, string, flags & ~FNM_PERIOD))
+ return (0);
+ if (test == '/' && flags & FNM_PATHNAME)
+ break;
+ ++string;
+ }
+ return (FNM_NOMATCH);
+ case '[':
+ if (*string == EOS)
+ return (FNM_NOMATCH);
+ if (*string == '/' && flags & FNM_PATHNAME)
+ return (FNM_NOMATCH);
+ if ((pattern =
+ rangematch(pattern, *string, flags)) == NULL)
+ return (FNM_NOMATCH);
+ ++string;
+ break;
+ case '\\':
+ if (!(flags & FNM_NOESCAPE)) {
+ if ((c = *pattern++) == EOS) {
+ c = '\\';
+ --pattern;
+ }
+ }
+ /* FALLTHROUGH */
+ default:
+ if (c != *string++)
+ return (FNM_NOMATCH);
+ break;
+ }
+ /* NOTREACHED */
+}
+
+static const char *
+rangematch(const char *pattern, int test, int flags)
+{
+ int negate, ok;
+ char c, c2;
+
+ /*
+ * A bracket expression starting with an unquoted circumflex
+ * character produces unspecified results (IEEE 1003.2-1992,
+ * 3.13.2). This implementation treats it like '!', for
+ * consistency with the regular expression syntax.
+ * J.T. Conklin (conklin at ngai.kaleida.com)
+ */
+ if (negate = (*pattern == '!' || *pattern == '^'))
+ ++pattern;
+
+ for (ok = 0; (c = *pattern++) != ']';) {
+ if (c == '\\' && !(flags & FNM_NOESCAPE))
+ c = *pattern++;
+ if (c == EOS)
+ return (NULL);
+ if (*pattern == '-'
+ && (c2 = *(pattern+1)) != EOS && c2 != ']') {
+ pattern += 2;
+ if (c2 == '\\' && !(flags & FNM_NOESCAPE))
+ c2 = *pattern++;
+ if (c2 == EOS)
+ return (NULL);
+ if (c <= test && test <= c2)
+ ok = 1;
+ } else if (c == test)
+ ok = 1;
+ }
+ return (ok == negate ? NULL : pattern);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/fnmatch.hin
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/fnmatch.hin (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/fnmatch.hin 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/* $NetBSD: fnmatch.h,v 1.5 1994/10/26 00:55:53 cgd Exp $ */
+
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)fnmatch.h 8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _FNMATCH_H_
+#define _FNMATCH_H_
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define FNM_NOMATCH 1 /* Match failed. */
+
+#define FNM_NOESCAPE 0x01 /* Disable backslash escaping. */
+#define FNM_PATHNAME 0x02 /* Slash must be matched by slash. */
+#define FNM_PERIOD 0x04 /* Period must be matched by period. */
+
+int ROKEN_LIB_FUNCTION
+rk_fnmatch (const char *, const char *, int);
+
+#define fnmatch(a,b,c) rk_fnmatch(a,b,c)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_FNMATCH_H_ */
Added: vendor-crypto/heimdal/dist/lib/roken/freeaddrinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/freeaddrinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/freeaddrinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: freeaddrinfo.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * free the list of `struct addrinfo' starting at `ai'
+ */
+
+void ROKEN_LIB_FUNCTION
+freeaddrinfo(struct addrinfo *ai)
+{
+ struct addrinfo *tofree;
+
+ while(ai != NULL) {
+ free (ai->ai_canonname);
+ free (ai->ai_addr);
+ tofree = ai;
+ ai = ai->ai_next;
+ free (tofree);
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/roken/freehostent.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/freehostent.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/freehostent.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: freehostent.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * free a malloced hostent
+ */
+
+void ROKEN_LIB_FUNCTION
+freehostent (struct hostent *h)
+{
+ char **p;
+
+ free (h->h_name);
+ if (h->h_aliases != NULL) {
+ for (p = h->h_aliases; *p != NULL; ++p)
+ free (*p);
+ free (h->h_aliases);
+ }
+ if (h->h_addr_list != NULL) {
+ for (p = h->h_addr_list; *p != NULL; ++p)
+ free (*p);
+ free (h->h_addr_list);
+ }
+ free (h);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/gai_strerror.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/gai_strerror.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/gai_strerror.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: gai_strerror.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+static struct gai_error {
+ int code;
+ const char *str;
+} errors[] = {
+{EAI_NOERROR, "no error"},
+#ifdef EAI_ADDRFAMILY
+{EAI_ADDRFAMILY, "address family for nodename not supported"},
+#endif
+{EAI_AGAIN, "temporary failure in name resolution"},
+{EAI_BADFLAGS, "invalid value for ai_flags"},
+{EAI_FAIL, "non-recoverable failure in name resolution"},
+{EAI_FAMILY, "ai_family not supported"},
+{EAI_MEMORY, "memory allocation failure"},
+#ifdef EAI_NODATA
+{EAI_NODATA, "no address associated with nodename"},
+#endif
+{EAI_NONAME, "nodename nor servname provided, or not known"},
+{EAI_SERVICE, "servname not supported for ai_socktype"},
+{EAI_SOCKTYPE, "ai_socktype not supported"},
+{EAI_SYSTEM, "system error returned in errno"},
+{0, NULL},
+};
+
+/*
+ *
+ */
+
+const char * ROKEN_LIB_FUNCTION
+gai_strerror(int ecode)
+{
+ struct gai_error *g;
+
+ for (g = errors; g->str != NULL; ++g)
+ if (g->code == ecode)
+ return g->str;
+ return "unknown error code in gai_strerror";
+}
Added: vendor-crypto/heimdal/dist/lib/roken/get_default_username.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/get_default_username.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/get_default_username.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1997 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: get_default_username.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+
+/*
+ * Try to return what should be considered the default username or
+ * NULL if we can't guess at all.
+ */
+
+const char * ROKEN_LIB_FUNCTION
+get_default_username (void)
+{
+ const char *user;
+
+ user = getenv ("USER");
+ if (user == NULL)
+ user = getenv ("LOGNAME");
+ if (user == NULL)
+ user = getenv ("USERNAME");
+
+#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+ if (user == NULL) {
+ user = (const char *)getlogin ();
+ if (user != NULL)
+ return user;
+ }
+#endif
+#ifdef HAVE_PWD_H
+ {
+ uid_t uid = getuid ();
+ struct passwd *pwd;
+
+ if (user != NULL) {
+ pwd = k_getpwnam (user);
+ if (pwd != NULL && pwd->pw_uid == uid)
+ return user;
+ }
+ pwd = k_getpwuid (uid);
+ if (pwd != NULL)
+ return pwd->pw_name;
+ }
+#endif
+ return user;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/get_window_size.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/get_window_size.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/get_window_size.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: get_window_size.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#if 0 /* Where were those needed? /confused */
+#ifdef HAVE_SYS_PROC_H
+#include <sys/proc.h>
+#endif
+
+#ifdef HAVE_SYS_TTY_H
+#include <sys/tty.h>
+#endif
+#endif
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+get_window_size(int fd, struct winsize *wp)
+{
+ int ret = -1;
+
+ memset(wp, 0, sizeof(*wp));
+
+#if defined(TIOCGWINSZ)
+ ret = ioctl(fd, TIOCGWINSZ, wp);
+#elif defined(TIOCGSIZE)
+ {
+ struct ttysize ts;
+
+ ret = ioctl(fd, TIOCGSIZE, &ts);
+ if(ret == 0) {
+ wp->ws_row = ts.ts_lines;
+ wp->ws_col = ts.ts_cols;
+ }
+ }
+#elif defined(HAVE__SCRSIZE)
+ {
+ int dst[2];
+
+ _scrsize(dst);
+ wp->ws_row = dst[1];
+ wp->ws_col = dst[0];
+ ret = 0;
+ }
+#endif
+ if (ret != 0) {
+ char *s;
+ if((s = getenv("COLUMNS")))
+ wp->ws_col = atoi(s);
+ if((s = getenv("LINES")))
+ wp->ws_row = atoi(s);
+ if(wp->ws_col > 0 && wp->ws_row > 0)
+ ret = 0;
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getaddrinfo-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getaddrinfo-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getaddrinfo-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getaddrinfo-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include "getarg.h"
+
+static int flags;
+static int family;
+static int socktype;
+
+static int version_flag;
+static int help_flag;
+
+static struct getargs args[] = {
+ {"flags", 0, arg_integer, &flags, "flags", NULL},
+ {"family", 0, arg_integer, &family, "family", NULL},
+ {"socktype",0, arg_integer, &socktype, "socktype", NULL},
+ {"version", 0, arg_flag, &version_flag, "print version",NULL},
+ {"help", 0, arg_flag, &help_flag, NULL, NULL}
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "[nodename servname...]");
+ exit (ret);
+}
+
+static void
+doit (const char *nodename, const char *servname)
+{
+ struct addrinfo hints;
+ struct addrinfo *res, *r;
+ int ret;
+
+ printf ("(%s,%s)... ", nodename ? nodename : "null", servname);
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = flags;
+ hints.ai_family = family;
+ hints.ai_socktype = socktype;
+
+ ret = getaddrinfo (nodename, servname, &hints, &res);
+ if (ret) {
+ printf ("error: %s\n", gai_strerror(ret));
+ return;
+ }
+ printf ("\n");
+
+ for (r = res; r != NULL; r = r->ai_next) {
+ char addrstr[256];
+
+ if (inet_ntop (r->ai_family,
+ socket_get_address (r->ai_addr),
+ addrstr, sizeof(addrstr)) == NULL) {
+ printf ("\tbad address?\n");
+ continue;
+ }
+ printf ("\tfamily = %d, socktype = %d, protocol = %d, "
+ "address = \"%s\", port = %d",
+ r->ai_family, r->ai_socktype, r->ai_protocol,
+ addrstr,
+ ntohs(socket_get_port (r->ai_addr)));
+ if (r->ai_canonname)
+ printf (", canonname = \"%s\"", r->ai_canonname);
+ printf ("\n");
+ }
+ freeaddrinfo (res);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+ int i;
+
+ setprogname (argv[0]);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optidx))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ fprintf (stderr, "%s from %s-%s)\n", getprogname(), PACKAGE, VERSION);
+ return 0;
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc % 2 != 0)
+ usage (1);
+
+ for (i = 0; i < argc; i += 2) {
+ const char *nodename = argv[i];
+
+ if (strcmp (nodename, "null") == 0)
+ nodename = NULL;
+
+ doit (nodename, argv[i+1]);
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getaddrinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getaddrinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getaddrinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,417 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getaddrinfo.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * uses hints->ai_socktype and hints->ai_protocol
+ */
+
+static int
+get_port_protocol_socktype (const char *servname,
+ const struct addrinfo *hints,
+ int *port,
+ int *protocol,
+ int *socktype)
+{
+ struct servent *se;
+ const char *proto_str = NULL;
+
+ *socktype = 0;
+
+ if (hints != NULL && hints->ai_protocol != 0) {
+ struct protoent *protoent = getprotobynumber (hints->ai_protocol);
+
+ if (protoent == NULL)
+ return EAI_SOCKTYPE; /* XXX */
+
+ proto_str = protoent->p_name;
+ *protocol = protoent->p_proto;
+ }
+
+ if (hints != NULL)
+ *socktype = hints->ai_socktype;
+
+ if (*socktype == SOCK_STREAM) {
+ se = getservbyname (servname, proto_str ? proto_str : "tcp");
+ if (proto_str == NULL)
+ *protocol = IPPROTO_TCP;
+ } else if (*socktype == SOCK_DGRAM) {
+ se = getservbyname (servname, proto_str ? proto_str : "udp");
+ if (proto_str == NULL)
+ *protocol = IPPROTO_UDP;
+ } else if (*socktype == 0) {
+ if (proto_str != NULL) {
+ se = getservbyname (servname, proto_str);
+ } else {
+ se = getservbyname (servname, "tcp");
+ *protocol = IPPROTO_TCP;
+ *socktype = SOCK_STREAM;
+ if (se == NULL) {
+ se = getservbyname (servname, "udp");
+ *protocol = IPPROTO_UDP;
+ *socktype = SOCK_DGRAM;
+ }
+ }
+ } else
+ return EAI_SOCKTYPE;
+
+ if (se == NULL) {
+ char *endstr;
+
+ *port = htons(strtol (servname, &endstr, 10));
+ if (servname == endstr)
+ return EAI_NONAME;
+ } else {
+ *port = se->s_port;
+ }
+ return 0;
+}
+
+static int
+add_one (int port, int protocol, int socktype,
+ struct addrinfo ***ptr,
+ int (*func)(struct addrinfo *, void *data, int port),
+ void *data,
+ char *canonname)
+{
+ struct addrinfo *a;
+ int ret;
+
+ a = malloc (sizeof (*a));
+ if (a == NULL)
+ return EAI_MEMORY;
+ memset (a, 0, sizeof(*a));
+ a->ai_flags = 0;
+ a->ai_next = NULL;
+ a->ai_protocol = protocol;
+ a->ai_socktype = socktype;
+ a->ai_canonname = canonname;
+ ret = (*func)(a, data, port);
+ if (ret) {
+ free (a);
+ return ret;
+ }
+ **ptr = a;
+ *ptr = &a->ai_next;
+ return 0;
+}
+
+static int
+const_v4 (struct addrinfo *a, void *data, int port)
+{
+ struct sockaddr_in *sin4;
+ struct in_addr *addr = (struct in_addr *)data;
+
+ a->ai_family = PF_INET;
+ a->ai_addrlen = sizeof(*sin4);
+ a->ai_addr = malloc (sizeof(*sin4));
+ if (a->ai_addr == NULL)
+ return EAI_MEMORY;
+ sin4 = (struct sockaddr_in *)a->ai_addr;
+ memset (sin4, 0, sizeof(*sin4));
+ sin4->sin_family = AF_INET;
+ sin4->sin_port = port;
+ sin4->sin_addr = *addr;
+ return 0;
+}
+
+#ifdef HAVE_IPV6
+static int
+const_v6 (struct addrinfo *a, void *data, int port)
+{
+ struct sockaddr_in6 *sin6;
+ struct in6_addr *addr = (struct in6_addr *)data;
+
+ a->ai_family = PF_INET6;
+ a->ai_addrlen = sizeof(*sin6);
+ a->ai_addr = malloc (sizeof(*sin6));
+ if (a->ai_addr == NULL)
+ return EAI_MEMORY;
+ sin6 = (struct sockaddr_in6 *)a->ai_addr;
+ memset (sin6, 0, sizeof(*sin6));
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = port;
+ sin6->sin6_addr = *addr;
+ return 0;
+}
+#endif
+
+/* this is mostly a hack for some versions of AIX that has a prototype
+ for in6addr_loopback but no actual symbol in libc */
+#if defined(HAVE_IPV6) && !defined(HAVE_IN6ADDR_LOOPBACK) && defined(IN6ADDR_LOOPBACK_INIT)
+#define in6addr_loopback _roken_in6addr_loopback
+struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
+#endif
+
+static int
+get_null (const struct addrinfo *hints,
+ int port, int protocol, int socktype,
+ struct addrinfo **res)
+{
+ struct in_addr v4_addr;
+#ifdef HAVE_IPV6
+ struct in6_addr v6_addr;
+#endif
+ struct addrinfo *first = NULL;
+ struct addrinfo **current = &first;
+ int family = PF_UNSPEC;
+ int ret;
+
+ if (hints != NULL)
+ family = hints->ai_family;
+
+ if (hints && hints->ai_flags & AI_PASSIVE) {
+ v4_addr.s_addr = INADDR_ANY;
+#ifdef HAVE_IPV6
+ v6_addr = in6addr_any;
+#endif
+ } else {
+ v4_addr.s_addr = htonl(INADDR_LOOPBACK);
+#ifdef HAVE_IPV6
+ v6_addr = in6addr_loopback;
+#endif
+ }
+
+#ifdef HAVE_IPV6
+ if (family == PF_INET6 || family == PF_UNSPEC) {
+ ret = add_one (port, protocol, socktype,
+ ¤t, const_v6, &v6_addr, NULL);
+ }
+#endif
+ if (family == PF_INET || family == PF_UNSPEC) {
+ ret = add_one (port, protocol, socktype,
+ ¤t, const_v4, &v4_addr, NULL);
+ }
+ *res = first;
+ return 0;
+}
+
+static int
+add_hostent (int port, int protocol, int socktype,
+ struct addrinfo ***current,
+ int (*func)(struct addrinfo *, void *data, int port),
+ struct hostent *he, int *flags)
+{
+ int ret;
+ char *canonname = NULL;
+ char **h;
+
+ if (*flags & AI_CANONNAME) {
+ struct hostent *he2 = NULL;
+ const char *tmp_canon;
+
+ tmp_canon = hostent_find_fqdn (he);
+ if (strchr (tmp_canon, '.') == NULL) {
+ int error;
+
+ he2 = getipnodebyaddr (he->h_addr_list[0], he->h_length,
+ he->h_addrtype, &error);
+ if (he2 != NULL) {
+ const char *tmp = hostent_find_fqdn (he2);
+
+ if (strchr (tmp, '.') != NULL)
+ tmp_canon = tmp;
+ }
+ }
+
+ canonname = strdup (tmp_canon);
+ if (he2 != NULL)
+ freehostent (he2);
+ if (canonname == NULL)
+ return EAI_MEMORY;
+ }
+
+ for (h = he->h_addr_list; *h != NULL; ++h) {
+ ret = add_one (port, protocol, socktype,
+ current, func, *h, canonname);
+ if (ret)
+ return ret;
+ if (*flags & AI_CANONNAME) {
+ *flags &= ~AI_CANONNAME;
+ canonname = NULL;
+ }
+ }
+ return 0;
+}
+
+static int
+get_number (const char *nodename,
+ const struct addrinfo *hints,
+ int port, int protocol, int socktype,
+ struct addrinfo **res)
+{
+ struct addrinfo *first = NULL;
+ struct addrinfo **current = &first;
+ int family = PF_UNSPEC;
+ int ret;
+
+ if (hints != NULL) {
+ family = hints->ai_family;
+ }
+
+#ifdef HAVE_IPV6
+ if (family == PF_INET6 || family == PF_UNSPEC) {
+ struct in6_addr v6_addr;
+
+ if (inet_pton (PF_INET6, nodename, &v6_addr) == 1) {
+ ret = add_one (port, protocol, socktype,
+ ¤t, const_v6, &v6_addr, NULL);
+ *res = first;
+ return ret;
+ }
+ }
+#endif
+ if (family == PF_INET || family == PF_UNSPEC) {
+ struct in_addr v4_addr;
+
+ if (inet_pton (PF_INET, nodename, &v4_addr) == 1) {
+ ret = add_one (port, protocol, socktype,
+ ¤t, const_v4, &v4_addr, NULL);
+ *res = first;
+ return ret;
+ }
+ }
+ return EAI_NONAME;
+}
+
+static int
+get_nodes (const char *nodename,
+ const struct addrinfo *hints,
+ int port, int protocol, int socktype,
+ struct addrinfo **res)
+{
+ struct addrinfo *first = NULL;
+ struct addrinfo **current = &first;
+ int family = PF_UNSPEC;
+ int flags = 0;
+ int ret = EAI_NONAME;
+ int error;
+
+ if (hints != NULL) {
+ family = hints->ai_family;
+ flags = hints->ai_flags;
+ }
+
+#ifdef HAVE_IPV6
+ if (family == PF_INET6 || family == PF_UNSPEC) {
+ struct hostent *he;
+
+ he = getipnodebyname (nodename, PF_INET6, 0, &error);
+
+ if (he != NULL) {
+ ret = add_hostent (port, protocol, socktype,
+ ¤t, const_v6, he, &flags);
+ freehostent (he);
+ }
+ }
+#endif
+ if (family == PF_INET || family == PF_UNSPEC) {
+ struct hostent *he;
+
+ he = getipnodebyname (nodename, PF_INET, 0, &error);
+
+ if (he != NULL) {
+ ret = add_hostent (port, protocol, socktype,
+ ¤t, const_v4, he, &flags);
+ freehostent (he);
+ }
+ }
+ *res = first;
+ return ret;
+}
+
+/*
+ * hints:
+ *
+ * struct addrinfo {
+ * int ai_flags;
+ * int ai_family;
+ * int ai_socktype;
+ * int ai_protocol;
+ * ...
+ * };
+ */
+
+int ROKEN_LIB_FUNCTION
+getaddrinfo(const char *nodename,
+ const char *servname,
+ const struct addrinfo *hints,
+ struct addrinfo **res)
+{
+ int ret;
+ int port = 0;
+ int protocol = 0;
+ int socktype = 0;
+
+ *res = NULL;
+
+ if (servname == NULL && nodename == NULL)
+ return EAI_NONAME;
+
+ if (hints != NULL
+ && hints->ai_family != PF_UNSPEC
+ && hints->ai_family != PF_INET
+#ifdef HAVE_IPV6
+ && hints->ai_family != PF_INET6
+#endif
+ )
+ return EAI_FAMILY;
+
+ if (servname != NULL) {
+ ret = get_port_protocol_socktype (servname, hints,
+ &port, &protocol, &socktype);
+ if (ret)
+ return ret;
+ }
+ if (nodename != NULL) {
+ ret = get_number (nodename, hints, port, protocol, socktype, res);
+ if (ret) {
+ if(hints && hints->ai_flags & AI_NUMERICHOST)
+ ret = EAI_NONAME;
+ else
+ ret = get_nodes (nodename, hints, port, protocol, socktype,
+ res);
+ }
+ } else {
+ ret = get_null (hints, port, protocol, socktype, res);
+ }
+ if (ret)
+ freeaddrinfo (*res);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getaddrinfo_hostspec.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getaddrinfo_hostspec.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getaddrinfo_hostspec.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getaddrinfo_hostspec.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/* getaddrinfo via string specifying host and port */
+
+int ROKEN_LIB_FUNCTION
+roken_getaddrinfo_hostspec2(const char *hostspec,
+ int socktype,
+ int port,
+ struct addrinfo **ai)
+{
+ const char *p;
+ char portstr[NI_MAXSERV];
+ char host[MAXHOSTNAMELEN];
+ struct addrinfo hints;
+ int hostspec_len;
+
+ struct hst {
+ const char *prefix;
+ int socktype;
+ int protocol;
+ int port;
+ } *hstp, hst[] = {
+ { "http://", SOCK_STREAM, IPPROTO_TCP, 80 },
+ { "http/", SOCK_STREAM, IPPROTO_TCP, 80 },
+ { "tcp/", SOCK_STREAM, IPPROTO_TCP },
+ { "udp/", SOCK_DGRAM, IPPROTO_UDP },
+ { NULL }
+ };
+
+ memset(&hints, 0, sizeof(hints));
+
+ hints.ai_socktype = socktype;
+
+ for(hstp = hst; hstp->prefix; hstp++) {
+ if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) {
+ hints.ai_socktype = hstp->socktype;
+ hints.ai_protocol = hstp->protocol;
+ if(port == 0)
+ port = hstp->port;
+ hostspec += strlen(hstp->prefix);
+ break;
+ }
+ }
+
+ p = strchr (hostspec, ':');
+ if (p != NULL) {
+ char *end;
+
+ port = strtol (p + 1, &end, 0);
+ hostspec_len = p - hostspec;
+ } else {
+ hostspec_len = strlen(hostspec);
+ }
+ snprintf (portstr, sizeof(portstr), "%u", port);
+
+ snprintf (host, sizeof(host), "%.*s", hostspec_len, hostspec);
+ return getaddrinfo (host, portstr, &hints, ai);
+}
+
+int ROKEN_LIB_FUNCTION
+roken_getaddrinfo_hostspec(const char *hostspec,
+ int port,
+ struct addrinfo **ai)
+{
+ return roken_getaddrinfo_hostspec2(hostspec, 0, port, ai);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getarg.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getarg.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getarg.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,341 @@
+.\" Copyright (c) 1999 - 2002 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: getarg.3,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+.Dd September 24, 1999
+.Dt GETARG 3
+.Os ROKEN
+.Sh NAME
+.Nm getarg ,
+.Nm arg_printusage
+.Nd collect command line options
+.Sh SYNOPSIS
+.In getarg.h
+.Ft int
+.Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind"
+.Ft void
+.Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
+.Sh DESCRIPTION
+.Fn getarg
+collects any command line options given to a program in an easily used way.
+.Fn arg_printusage
+pretty-prints the available options, with a short help text.
+.Pp
+.Fa args
+is the option specification to use, and it's an array of
+.Fa struct getargs
+elements.
+.Fa num_args
+is the size of
+.Fa args
+(in elements).
+.Fa argc
+and
+.Fa argv
+are the argument count and argument vector to extract option from.
+.Fa optind
+is a pointer to an integer where the index to the last processed
+argument is stored, it must be initialised to the first index (minus
+one) to process (normally 0) before the first call.
+.Pp
+.Fa arg_printusage
+take the same
+.Fa args
+and
+.Fa num_args
+as getarg;
+.Fa progname
+is the name of the program (to be used in the help text), and
+.Fa extra_string
+is a string to print after the actual options to indicate more
+arguments. The usefulness of this function is realised only be people
+who has used programs that has help strings that doesn't match what
+the code does.
+.Pp
+The
+.Fa getargs
+struct has the following elements.
+.Bd -literal
+struct getargs{
+ const char *long_name;
+ char short_name;
+ enum { arg_integer,
+ arg_string,
+ arg_flag,
+ arg_negative_flag,
+ arg_strings,
+ arg_double,
+ arg_collect
+ } type;
+ void *value;
+ const char *help;
+ const char *arg_help;
+};
+.Ed
+.Pp
+.Fa long_name
+is the long name of the option, it can be
+.Dv NULL ,
+if you don't want a long name.
+.Fa short_name
+is the characted to use as short option, it can be zero. If the option
+has a value the
+.Fa value
+field gets filled in with that value interpreted as specified by the
+.Fa type
+field.
+.Fa help
+is a longer help string for the option as a whole, if it's
+.Dv NULL
+the help text for the option is omitted (but it's still displayed in
+the synopsis).
+.Fa arg_help
+is a description of the argument, if
+.Dv NULL
+a default value will be used, depending on the type of the option:
+.Pp
+.Bl -hang -width arg_negative_flag
+.It arg_integer
+the argument is a signed integer, and
+.Fa value
+should point to an
+.Fa int .
+.It Fa arg_string
+the argument is a string, and
+.Fa value
+should point to a
+.Fa char* .
+.It Fa arg_flag
+the argument is a flag, and
+.Fa value
+should point to a
+.Fa int .
+It gets filled in with either zero or one, depending on how the option
+is given, the normal case being one. Note that if the option isn't
+given, the value isn't altered, so it should be initialised to some
+useful default.
+.It Fa arg_negative_flag
+this is the same as
+.Fa arg_flag
+but it reverses the meaning of the flag (a given short option clears
+the flag), and the synopsis of a long option is negated.
+.It Fa arg_strings
+the argument can be given multiple times, and the values are collected
+in an array;
+.Fa value
+should be a pointer to a
+.Fa struct getarg_strings
+structure, which holds a length and a string pointer.
+.It Fa arg_double
+argument is a double precision floating point value, and
+.Fa value
+should point to a
+.Fa double .
+.It Fa arg_collect
+allows more fine-grained control of the option parsing process.
+.Fa value
+should be a pointer to a
+.Fa getarg_collect_info
+structure:
+.Bd -literal
+typedef int (*getarg_collect_func)(int short_opt,
+ int argc,
+ char **argv,
+ int *optind,
+ int *optarg,
+ void *data);
+
+typedef struct getarg_collect_info {
+ getarg_collect_func func;
+ void *data;
+} getarg_collect_info;
+.Ed
+.Pp
+With the
+.Fa func
+member set to a function to call, and
+.Fa data
+to some application specific data. The parameters to the collect function are:
+.Bl -inset
+.It Fa short_flag
+non-zero if this call is via a short option flag, zero otherwise
+.It Fa argc , argv
+the whole argument list
+.It Fa optind
+pointer to the index in argv where the flag is
+.It Fa optarg
+pointer to the index in argv[*optind] where the flag name starts
+.It Fa data
+application specific data
+.El
+.Pp
+You can modify
+.Fa *optind ,
+and
+.Fa *optarg ,
+but to do this correct you (more or less) have to know about the inner
+workings of getarg.
+.Pp
+You can skip parts of arguments by increasing
+.Fa *optarg
+(you could
+implement the
+.Fl z Ns Ar 3
+set of flags from
+.Nm gzip
+with this), or whole argument strings by increasing
+.Fa *optind
+(let's say you want a flag
+.Fl c Ar x y z
+to specify a coordinate); if you also have to set
+.Fa *optarg
+to a sane value.
+.Pp
+The collect function should return one of
+.Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG, ENOMEM
+on error, zero otherwise.
+.Pp
+For your convenience there is a function,
+.Fn getarg_optarg ,
+that returns the traditional argument string, and you pass it all
+arguments, sans data, that where given to the collection function.
+.Pp
+Don't use this more this unless you absolutely have to.
+.El
+.Pp
+Option parsing is similar to what
+.Xr getopt
+uses. Short options without arguments can be compressed
+.Pf ( Fl xyz
+is the same as
+.Fl x y z ) ,
+and short
+options with arguments take these as either the rest of the
+argv-string or as the next option
+.Pf ( Fl o Ns Ar foo ,
+or
+.Fl o Ar foo ) .
+.Pp
+Long option names are prefixed with -- (double dash), and the value
+with a = (equal),
+.Fl -foo= Ns Ar bar .
+Long option flags can either be specified as they are
+.Pf ( Fl -help ) ,
+or with an (boolean parsable) option
+.Pf ( Fl -help= Ns Ar yes ,
+.Fl -help= Ns Ar true ,
+or similar), or they can also be negated
+.Pf ( Fl -no-help
+is the same as
+.Fl -help= Ns no ) ,
+and if you're really confused you can do it multiple times
+.Pf ( Fl -no-no-help= Ns Ar false ,
+or even
+.Fl -no-no-help= Ns Ar maybe ) .
+.Sh EXAMPLE
+.Bd -literal
+#include <stdio.h>
+#include <string.h>
+#include <getarg.h>
+
+char *source = "Ouagadougou";
+char *destination;
+int weight;
+int include_catalog = 1;
+int help_flag;
+
+struct getargs args[] = {
+ { "source", 's', arg_string, &source,
+ "source of shippment", "city" },
+ { "destination", 'd', arg_string, &destination,
+ "destination of shippment", "city" },
+ { "weight", 'w', arg_integer, &weight,
+ "weight of shippment", "tons" },
+ { "catalog", 'c', arg_negative_flag, &include_catalog,
+ "include product catalog" },
+ { "help", 'h', arg_flag, &help_flag }
+};
+
+int num_args = sizeof(args) / sizeof(args[0]); /* number of elements in args */
+
+const char *progname = "ship++";
+
+int
+main(int argc, char **argv)
+{
+ int optind = 0;
+ if (getarg(args, num_args, argc, argv, &optind)) {
+ arg_printusage(args, num_args, progname, "stuff...");
+ exit (1);
+ }
+ if (help_flag) {
+ arg_printusage(args, num_args, progname, "stuff...");
+ exit (0);
+ }
+ if (destination == NULL) {
+ fprintf(stderr, "%s: must specify destination\en", progname);
+ exit(1);
+ }
+ if (strcmp(source, destination) == 0) {
+ fprintf(stderr, "%s: destination must be different from source\en");
+ exit(1);
+ }
+ /* include more stuff here ... */
+ exit(2);
+}
+.Ed
+.Pp
+The output help output from this program looks like this:
+.Bd -literal
+$ ship++ --help
+Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
+ [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff...
+-s city, --source=city source of shippment
+-d city, --destination=city destination of shippment
+-w tons, --weight=tons weight of shippment
+-c, --no-catalog include product catalog
+.Ed
+.Sh BUGS
+It should be more flexible, so it would be possible to use other more
+complicated option syntaxes, such as what
+.Xr ps 1 ,
+and
+.Xr tar 1 ,
+uses, or the AFS model where you can skip the flag names as long as
+the options come in the correct order.
+.Pp
+Options with multiple arguments should be handled better.
+.Pp
+Should be integreated with SL.
+.Pp
+It's very confusing that the struct you pass in is called getargS.
+.Sh SEE ALSO
+.Xr getopt 3
Added: vendor-crypto/heimdal/dist/lib/roken/getarg.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getarg.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getarg.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,595 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getarg.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "roken.h"
+#include "getarg.h"
+
+#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag)
+
+static size_t
+print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg)
+{
+ const char *s;
+
+ *string = '\0';
+
+ if (ISFLAG(*arg) || (!longp && arg->type == arg_counter))
+ return 0;
+
+ if(mdoc){
+ if(longp)
+ strlcat(string, "= Ns", len);
+ strlcat(string, " Ar ", len);
+ } else {
+ if (longp)
+ strlcat (string, "=", len);
+ else
+ strlcat (string, " ", len);
+ }
+
+ if (arg->arg_help)
+ s = arg->arg_help;
+ else if (arg->type == arg_integer || arg->type == arg_counter)
+ s = "integer";
+ else if (arg->type == arg_string)
+ s = "string";
+ else if (arg->type == arg_strings)
+ s = "strings";
+ else if (arg->type == arg_double)
+ s = "float";
+ else
+ s = "<undefined>";
+
+ strlcat(string, s, len);
+ return 1 + strlen(s);
+}
+
+static void
+mandoc_template(struct getargs *args,
+ size_t num_args,
+ const char *progname,
+ const char *extra_string)
+{
+ int i;
+ char timestr[64], cmd[64];
+ char buf[128];
+ const char *p;
+ time_t t;
+
+ printf(".\\\" Things to fix:\n");
+ printf(".\\\" * correct section, and operating system\n");
+ printf(".\\\" * remove Op from mandatory flags\n");
+ printf(".\\\" * use better macros for arguments (like .Pa for files)\n");
+ printf(".\\\"\n");
+ t = time(NULL);
+ strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t));
+ printf(".Dd %s\n", timestr);
+ p = strrchr(progname, '/');
+ if(p) p++; else p = progname;
+ strlcpy(cmd, p, sizeof(cmd));
+ strupr(cmd);
+
+ printf(".Dt %s SECTION\n", cmd);
+ printf(".Os OPERATING_SYSTEM\n");
+ printf(".Sh NAME\n");
+ printf(".Nm %s\n", p);
+ printf(".Nd\n");
+ printf("in search of a description\n");
+ printf(".Sh SYNOPSIS\n");
+ printf(".Nm\n");
+ for(i = 0; i < num_args; i++){
+ /* we seem to hit a limit on number of arguments if doing
+ short and long flags with arguments -- split on two lines */
+ if(ISFLAG(args[i]) ||
+ args[i].short_name == 0 || args[i].long_name == NULL) {
+ printf(".Op ");
+
+ if(args[i].short_name) {
+ print_arg(buf, sizeof(buf), 1, 0, args + i);
+ printf("Fl %c%s", args[i].short_name, buf);
+ if(args[i].long_name)
+ printf(" | ");
+ }
+ if(args[i].long_name) {
+ print_arg(buf, sizeof(buf), 1, 1, args + i);
+ printf("Fl -%s%s%s",
+ args[i].type == arg_negative_flag ? "no-" : "",
+ args[i].long_name, buf);
+ }
+ printf("\n");
+ } else {
+ print_arg(buf, sizeof(buf), 1, 0, args + i);
+ printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf);
+ print_arg(buf, sizeof(buf), 1, 1, args + i);
+ printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf);
+ }
+ /*
+ if(args[i].type == arg_strings)
+ fprintf (stderr, "...");
+ */
+ }
+ if (extra_string && *extra_string)
+ printf (".Ar %s\n", extra_string);
+ printf(".Sh DESCRIPTION\n");
+ printf("Supported options:\n");
+ printf(".Bl -tag -width Ds\n");
+ for(i = 0; i < num_args; i++){
+ printf(".It Xo\n");
+ if(args[i].short_name){
+ printf(".Fl %c", args[i].short_name);
+ print_arg(buf, sizeof(buf), 1, 0, args + i);
+ printf("%s", buf);
+ if(args[i].long_name)
+ printf(" ,");
+ printf("\n");
+ }
+ if(args[i].long_name){
+ printf(".Fl -%s%s",
+ args[i].type == arg_negative_flag ? "no-" : "",
+ args[i].long_name);
+ print_arg(buf, sizeof(buf), 1, 1, args + i);
+ printf("%s\n", buf);
+ }
+ printf(".Xc\n");
+ if(args[i].help)
+ printf("%s\n", args[i].help);
+ /*
+ if(args[i].type == arg_strings)
+ fprintf (stderr, "...");
+ */
+ }
+ printf(".El\n");
+ printf(".\\\".Sh ENVIRONMENT\n");
+ printf(".\\\".Sh FILES\n");
+ printf(".\\\".Sh EXAMPLES\n");
+ printf(".\\\".Sh DIAGNOSTICS\n");
+ printf(".\\\".Sh SEE ALSO\n");
+ printf(".\\\".Sh STANDARDS\n");
+ printf(".\\\".Sh HISTORY\n");
+ printf(".\\\".Sh AUTHORS\n");
+ printf(".\\\".Sh BUGS\n");
+}
+
+static int
+check_column(FILE *f, int col, int len, int columns)
+{
+ if(col + len > columns) {
+ fprintf(f, "\n");
+ col = fprintf(f, " ");
+ }
+ return col;
+}
+
+void ROKEN_LIB_FUNCTION
+arg_printusage (struct getargs *args,
+ size_t num_args,
+ const char *progname,
+ const char *extra_string)
+{
+ int i;
+ size_t max_len = 0;
+ char buf[128];
+ int col = 0, columns;
+ struct winsize ws;
+
+ if (progname == NULL)
+ progname = getprogname();
+
+ if(getenv("GETARGMANDOC")){
+ mandoc_template(args, num_args, progname, extra_string);
+ return;
+ }
+ if(get_window_size(2, &ws) == 0)
+ columns = ws.ws_col;
+ else
+ columns = 80;
+ col = 0;
+ col += fprintf (stderr, "Usage: %s", progname);
+ buf[0] = '\0';
+ for (i = 0; i < num_args; ++i) {
+ if(args[i].short_name && ISFLAG(args[i])) {
+ char s[2];
+ if(buf[0] == '\0')
+ strlcpy(buf, "[-", sizeof(buf));
+ s[0] = args[i].short_name;
+ s[1] = '\0';
+ strlcat(buf, s, sizeof(buf));
+ }
+ }
+ if(buf[0] != '\0') {
+ strlcat(buf, "]", sizeof(buf));
+ col = check_column(stderr, col, strlen(buf) + 1, columns);
+ col += fprintf(stderr, " %s", buf);
+ }
+
+ for (i = 0; i < num_args; ++i) {
+ size_t len = 0;
+
+ if (args[i].long_name) {
+ buf[0] = '\0';
+ strlcat(buf, "[--", sizeof(buf));
+ len += 2;
+ if(args[i].type == arg_negative_flag) {
+ strlcat(buf, "no-", sizeof(buf));
+ len += 3;
+ }
+ strlcat(buf, args[i].long_name, sizeof(buf));
+ len += strlen(args[i].long_name);
+ len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ 0, 1, &args[i]);
+ strlcat(buf, "]", sizeof(buf));
+ if(args[i].type == arg_strings)
+ strlcat(buf, "...", sizeof(buf));
+ col = check_column(stderr, col, strlen(buf) + 1, columns);
+ col += fprintf(stderr, " %s", buf);
+ }
+ if (args[i].short_name && !ISFLAG(args[i])) {
+ snprintf(buf, sizeof(buf), "[-%c", args[i].short_name);
+ len += 2;
+ len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ 0, 0, &args[i]);
+ strlcat(buf, "]", sizeof(buf));
+ if(args[i].type == arg_strings)
+ strlcat(buf, "...", sizeof(buf));
+ col = check_column(stderr, col, strlen(buf) + 1, columns);
+ col += fprintf(stderr, " %s", buf);
+ }
+ if (args[i].long_name && args[i].short_name)
+ len += 2; /* ", " */
+ max_len = max(max_len, len);
+ }
+ if (extra_string) {
+ col = check_column(stderr, col, strlen(extra_string) + 1, columns);
+ fprintf (stderr, " %s\n", extra_string);
+ } else
+ fprintf (stderr, "\n");
+ for (i = 0; i < num_args; ++i) {
+ if (args[i].help) {
+ size_t count = 0;
+
+ if (args[i].short_name) {
+ count += fprintf (stderr, "-%c", args[i].short_name);
+ print_arg (buf, sizeof(buf), 0, 0, &args[i]);
+ count += fprintf(stderr, "%s", buf);
+ }
+ if (args[i].short_name && args[i].long_name)
+ count += fprintf (stderr, ", ");
+ if (args[i].long_name) {
+ count += fprintf (stderr, "--");
+ if (args[i].type == arg_negative_flag)
+ count += fprintf (stderr, "no-");
+ count += fprintf (stderr, "%s", args[i].long_name);
+ print_arg (buf, sizeof(buf), 0, 1, &args[i]);
+ count += fprintf(stderr, "%s", buf);
+ }
+ while(count++ <= max_len)
+ putc (' ', stderr);
+ fprintf (stderr, "%s\n", args[i].help);
+ }
+ }
+}
+
+static int
+add_string(getarg_strings *s, char *value)
+{
+ char **strings;
+
+ strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings));
+ if (strings == NULL) {
+ free(s->strings);
+ s->strings = NULL;
+ s->num_strings = 0;
+ return ENOMEM;
+ }
+ s->strings = strings;
+ s->strings[s->num_strings] = value;
+ s->num_strings++;
+ return 0;
+}
+
+static int
+arg_match_long(struct getargs *args, size_t num_args,
+ char *argv, int argc, char **rargv, int *goptind)
+{
+ int i;
+ char *goptarg = NULL;
+ int negate = 0;
+ int partial_match = 0;
+ struct getargs *partial = NULL;
+ struct getargs *current = NULL;
+ int argv_len;
+ char *p;
+ int p_len;
+
+ argv_len = strlen(argv);
+ p = strchr (argv, '=');
+ if (p != NULL)
+ argv_len = p - argv;
+
+ for (i = 0; i < num_args; ++i) {
+ if(args[i].long_name) {
+ int len = strlen(args[i].long_name);
+ p = argv;
+ p_len = argv_len;
+ negate = 0;
+
+ for (;;) {
+ if (strncmp (args[i].long_name, p, p_len) == 0) {
+ if(p_len == len)
+ current = &args[i];
+ else {
+ ++partial_match;
+ partial = &args[i];
+ }
+ goptarg = p + p_len;
+ } else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) {
+ negate = !negate;
+ p += 3;
+ p_len -= 3;
+ continue;
+ }
+ break;
+ }
+ if (current)
+ break;
+ }
+ }
+ if (current == NULL) {
+ if (partial_match == 1)
+ current = partial;
+ else
+ return ARG_ERR_NO_MATCH;
+ }
+
+ if(*goptarg == '\0'
+ && !ISFLAG(*current)
+ && current->type != arg_collect
+ && current->type != arg_counter)
+ return ARG_ERR_NO_MATCH;
+ switch(current->type){
+ case arg_integer:
+ {
+ int tmp;
+ if(sscanf(goptarg + 1, "%d", &tmp) != 1)
+ return ARG_ERR_BAD_ARG;
+ *(int*)current->value = tmp;
+ return 0;
+ }
+ case arg_string:
+ {
+ *(char**)current->value = goptarg + 1;
+ return 0;
+ }
+ case arg_strings:
+ {
+ return add_string((getarg_strings*)current->value, goptarg + 1);
+ }
+ case arg_flag:
+ case arg_negative_flag:
+ {
+ int *flag = current->value;
+ if(*goptarg == '\0' ||
+ strcmp(goptarg + 1, "yes") == 0 ||
+ strcmp(goptarg + 1, "true") == 0){
+ *flag = !negate;
+ return 0;
+ } else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) {
+#ifdef HAVE_RANDOM
+ *flag = random() & 1;
+#else
+ *flag = rand() & 1;
+#endif
+ } else {
+ *flag = negate;
+ return 0;
+ }
+ return ARG_ERR_BAD_ARG;
+ }
+ case arg_counter :
+ {
+ int val;
+
+ if (*goptarg == '\0')
+ val = 1;
+ else if(sscanf(goptarg + 1, "%d", &val) != 1)
+ return ARG_ERR_BAD_ARG;
+ *(int *)current->value += val;
+ return 0;
+ }
+ case arg_double:
+ {
+ double tmp;
+ if(sscanf(goptarg + 1, "%lf", &tmp) != 1)
+ return ARG_ERR_BAD_ARG;
+ *(double*)current->value = tmp;
+ return 0;
+ }
+ case arg_collect:{
+ struct getarg_collect_info *c = current->value;
+ int o = argv - rargv[*goptind];
+ return (*c->func)(FALSE, argc, rargv, goptind, &o, c->data);
+ }
+
+ default:
+ abort ();
+ }
+}
+
+static int
+arg_match_short (struct getargs *args, size_t num_args,
+ char *argv, int argc, char **rargv, int *goptind)
+{
+ int j, k;
+
+ for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) {
+ for(k = 0; k < num_args; k++) {
+ char *goptarg;
+
+ if(args[k].short_name == 0)
+ continue;
+ if(argv[j] == args[k].short_name) {
+ if(args[k].type == arg_flag) {
+ *(int*)args[k].value = 1;
+ break;
+ }
+ if(args[k].type == arg_negative_flag) {
+ *(int*)args[k].value = 0;
+ break;
+ }
+ if(args[k].type == arg_counter) {
+ ++*(int *)args[k].value;
+ break;
+ }
+ if(args[k].type == arg_collect) {
+ struct getarg_collect_info *c = args[k].value;
+
+ if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data))
+ return ARG_ERR_BAD_ARG;
+ break;
+ }
+
+ if(argv[j + 1])
+ goptarg = &argv[j + 1];
+ else {
+ ++*goptind;
+ goptarg = rargv[*goptind];
+ }
+ if(goptarg == NULL) {
+ --*goptind;
+ return ARG_ERR_NO_ARG;
+ }
+ if(args[k].type == arg_integer) {
+ int tmp;
+ if(sscanf(goptarg, "%d", &tmp) != 1)
+ return ARG_ERR_BAD_ARG;
+ *(int*)args[k].value = tmp;
+ return 0;
+ } else if(args[k].type == arg_string) {
+ *(char**)args[k].value = goptarg;
+ return 0;
+ } else if(args[k].type == arg_strings) {
+ return add_string((getarg_strings*)args[k].value, goptarg);
+ } else if(args[k].type == arg_double) {
+ double tmp;
+ if(sscanf(goptarg, "%lf", &tmp) != 1)
+ return ARG_ERR_BAD_ARG;
+ *(double*)args[k].value = tmp;
+ return 0;
+ }
+ return ARG_ERR_BAD_ARG;
+ }
+ }
+ if (k == num_args)
+ return ARG_ERR_NO_MATCH;
+ }
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+getarg(struct getargs *args, size_t num_args,
+ int argc, char **argv, int *goptind)
+{
+ int i;
+ int ret = 0;
+
+#if defined(HAVE_SRANDOMDEV)
+ srandomdev();
+#elif defined(HAVE_RANDOM)
+ srandom(time(NULL));
+#else
+ srand (time(NULL));
+#endif
+ (*goptind)++;
+ for(i = *goptind; i < argc; i++) {
+ if(argv[i][0] != '-')
+ break;
+ if(argv[i][1] == '-'){
+ if(argv[i][2] == 0){
+ i++;
+ break;
+ }
+ ret = arg_match_long (args, num_args, argv[i] + 2,
+ argc, argv, &i);
+ } else {
+ ret = arg_match_short (args, num_args, argv[i],
+ argc, argv, &i);
+ }
+ if(ret)
+ break;
+ }
+ *goptind = i;
+ return ret;
+}
+
+void ROKEN_LIB_FUNCTION
+free_getarg_strings (getarg_strings *s)
+{
+ free (s->strings);
+}
+
+#if TEST
+int foo_flag = 2;
+int flag1 = 0;
+int flag2 = 0;
+int bar_int;
+char *baz_string;
+
+struct getargs args[] = {
+ { NULL, '1', arg_flag, &flag1, "one", NULL },
+ { NULL, '2', arg_flag, &flag2, "two", NULL },
+ { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL },
+ { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"},
+ { "baz", 'x', arg_string, &baz_string, "baz", "name" },
+};
+
+int main(int argc, char **argv)
+{
+ int goptind = 0;
+ while(getarg(args, 5, argc, argv, &goptind))
+ printf("Bad arg: %s\n", argv[goptind]);
+ printf("flag1 = %d\n", flag1);
+ printf("flag2 = %d\n", flag2);
+ printf("foo_flag = %d\n", foo_flag);
+ printf("bar_int = %d\n", bar_int);
+ printf("baz_flag = %s\n", baz_string);
+ arg_printusage (args, 5, argv[0], "nothing here");
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/getarg.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getarg.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getarg.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: getarg.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __GETARG_H__
+#define __GETARG_H__
+
+#include <stddef.h>
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+struct getargs{
+ const char *long_name;
+ char short_name;
+ enum { arg_integer,
+ arg_string,
+ arg_flag,
+ arg_negative_flag,
+ arg_strings,
+ arg_double,
+ arg_collect,
+ arg_counter
+ } type;
+ void *value;
+ const char *help;
+ const char *arg_help;
+};
+
+enum {
+ ARG_ERR_NO_MATCH = 1,
+ ARG_ERR_BAD_ARG,
+ ARG_ERR_NO_ARG
+};
+
+typedef struct getarg_strings {
+ int num_strings;
+ char **strings;
+} getarg_strings;
+
+typedef int (*getarg_collect_func)(int short_opt,
+ int argc,
+ char **argv,
+ int *goptind,
+ int *goptarg,
+ void *data);
+
+typedef struct getarg_collect_info {
+ getarg_collect_func func;
+ void *data;
+} getarg_collect_info;
+
+int ROKEN_LIB_FUNCTION
+getarg(struct getargs *args, size_t num_args,
+ int argc, char **argv, int *goptind);
+
+void ROKEN_LIB_FUNCTION
+arg_printusage (struct getargs *args,
+ size_t num_args,
+ const char *progname,
+ const char *extra_string);
+
+void ROKEN_LIB_FUNCTION
+free_getarg_strings (getarg_strings *);
+
+#endif /* __GETARG_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/getcap.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getcap.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getcap.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1122 @@
+/* $NetBSD: getcap.c,v 1.29 1999/03/29 09:27:29 abs Exp $ */
+
+/*-
+ * Copyright (c) 1992, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Casey Leedom of Lawrence Livermore National Laboratory.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+RCSID("$Id: getcap.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#include <sys/types.h>
+#include <ctype.h>
+#if defined(HAVE_DB_185_H)
+#include <db_185.h>
+#elif defined(HAVE_DB_H)
+#include <db.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define BFRAG 1024
+#if 0
+#define BSIZE 1024
+#endif
+#define ESC ('[' & 037) /* ASCII ESC */
+#define MAX_RECURSION 32 /* maximum getent recursion */
+#define SFRAG 100 /* cgetstr mallocs in SFRAG chunks */
+
+#define RECOK (char)0
+#define TCERR (char)1
+#define SHADOW (char)2
+
+static size_t topreclen; /* toprec length */
+static char *toprec; /* Additional record specified by cgetset() */
+static int gottoprec; /* Flag indicating retrieval of toprecord */
+
+#if 0 /*
+ * Don't use db support unless it's build into libc but we don't
+ * check for that now, so just disable the code.
+ */
+#if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)
+#define USE_DB
+#endif
+#endif
+
+#ifdef USE_DB
+static int cdbget (DB *, char **, const char *);
+#endif
+static int getent (char **, size_t *, char **, int, const char *, int, char *);
+static int nfcmp (char *, char *);
+
+
+int ROKEN_LIB_FUNCTION cgetset(const char *ent);
+char *ROKEN_LIB_FUNCTION cgetcap(char *buf, const char *cap, int type);
+int ROKEN_LIB_FUNCTION cgetent(char **buf, char **db_array, const char *name);
+int ROKEN_LIB_FUNCTION cgetmatch(const char *buf, const char *name);
+int ROKEN_LIB_FUNCTION cgetclose(void);
+#if 0
+int cgetfirst(char **buf, char **db_array);
+int cgetnext(char **bp, char **db_array);
+#endif
+int ROKEN_LIB_FUNCTION cgetstr(char *buf, const char *cap, char **str);
+int ROKEN_LIB_FUNCTION cgetustr(char *buf, const char *cap, char **str);
+int ROKEN_LIB_FUNCTION cgetnum(char *buf, const char *cap, long *num);
+/*
+ * Cgetset() allows the addition of a user specified buffer to be added
+ * to the database array, in effect "pushing" the buffer on top of the
+ * virtual database. 0 is returned on success, -1 on failure.
+ */
+int ROKEN_LIB_FUNCTION
+cgetset(const char *ent)
+{
+ const char *source, *check;
+ char *dest;
+
+ if (ent == NULL) {
+ if (toprec)
+ free(toprec);
+ toprec = NULL;
+ topreclen = 0;
+ return (0);
+ }
+ topreclen = strlen(ent);
+ if ((toprec = malloc (topreclen + 1)) == NULL) {
+ errno = ENOMEM;
+ return (-1);
+ }
+ gottoprec = 0;
+
+ source=ent;
+ dest=toprec;
+ while (*source) { /* Strip whitespace */
+ *dest++ = *source++; /* Do not check first field */
+ while (*source == ':') {
+ check=source+1;
+ while (*check && (isspace((unsigned char)*check) ||
+ (*check=='\\' && isspace((unsigned char)check[1]))))
+ ++check;
+ if( *check == ':' )
+ source=check;
+ else
+ break;
+
+ }
+ }
+ *dest=0;
+
+ return (0);
+}
+
+/*
+ * Cgetcap searches the capability record buf for the capability cap with
+ * type `type'. A pointer to the value of cap is returned on success, NULL
+ * if the requested capability couldn't be found.
+ *
+ * Specifying a type of ':' means that nothing should follow cap (:cap:).
+ * In this case a pointer to the terminating ':' or NUL will be returned if
+ * cap is found.
+ *
+ * If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator)
+ * return NULL.
+ */
+char * ROKEN_LIB_FUNCTION
+cgetcap(char *buf, const char *cap, int type)
+{
+ char *bp;
+ const char *cp;
+
+ bp = buf;
+ for (;;) {
+ /*
+ * Skip past the current capability field - it's either the
+ * name field if this is the first time through the loop, or
+ * the remainder of a field whose name failed to match cap.
+ */
+ for (;;)
+ if (*bp == '\0')
+ return (NULL);
+ else
+ if (*bp++ == ':')
+ break;
+
+ /*
+ * Try to match (cap, type) in buf.
+ */
+ for (cp = cap; *cp == *bp && *bp != '\0'; cp++, bp++)
+ continue;
+ if (*cp != '\0')
+ continue;
+ if (*bp == '@')
+ return (NULL);
+ if (type == ':') {
+ if (*bp != '\0' && *bp != ':')
+ continue;
+ return(bp);
+ }
+ if (*bp != type)
+ continue;
+ bp++;
+ return (*bp == '@' ? NULL : bp);
+ }
+ /* NOTREACHED */
+}
+
+/*
+ * Cgetent extracts the capability record name from the NULL terminated file
+ * array db_array and returns a pointer to a malloc'd copy of it in buf.
+ * Buf must be retained through all subsequent calls to cgetcap, cgetnum,
+ * cgetflag, and cgetstr, but may then be free'd. 0 is returned on success,
+ * -1 if the requested record couldn't be found, -2 if a system error was
+ * encountered (couldn't open/read a file, etc.), and -3 if a potential
+ * reference loop is detected.
+ */
+int ROKEN_LIB_FUNCTION
+cgetent(char **buf, char **db_array, const char *name)
+{
+ size_t dummy;
+
+ return (getent(buf, &dummy, db_array, -1, name, 0, NULL));
+}
+
+/*
+ * Getent implements the functions of cgetent. If fd is non-negative,
+ * *db_array has already been opened and fd is the open file descriptor. We
+ * do this to save time and avoid using up file descriptors for tc=
+ * recursions.
+ *
+ * Getent returns the same success/failure codes as cgetent. On success, a
+ * pointer to a malloc'ed capability record with all tc= capabilities fully
+ * expanded and its length (not including trailing ASCII NUL) are left in
+ * *cap and *len.
+ *
+ * Basic algorithm:
+ * + Allocate memory incrementally as needed in chunks of size BFRAG
+ * for capability buffer.
+ * + Recurse for each tc=name and interpolate result. Stop when all
+ * names interpolated, a name can't be found, or depth exceeds
+ * MAX_RECURSION.
+ */
+static int
+getent(char **cap, size_t *len, char **db_array, int fd,
+ const char *name, int depth, char *nfield)
+{
+ char *r_end, *rp = NULL, **db_p; /* pacify gcc */
+ int myfd = 0, eof, foundit;
+ char *record;
+ int tc_not_resolved;
+
+ /*
+ * Return with ``loop detected'' error if we've recursed more than
+ * MAX_RECURSION times.
+ */
+ if (depth > MAX_RECURSION)
+ return (-3);
+
+ /*
+ * Check if we have a top record from cgetset().
+ */
+ if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) {
+ size_t len = topreclen + BFRAG;
+ if ((record = malloc (len)) == NULL) {
+ errno = ENOMEM;
+ return (-2);
+ }
+ (void)strlcpy(record, toprec, len);
+ db_p = db_array;
+ rp = record + topreclen + 1;
+ r_end = rp + BFRAG;
+ goto tc_exp;
+ }
+ /*
+ * Allocate first chunk of memory.
+ */
+ if ((record = malloc(BFRAG)) == NULL) {
+ errno = ENOMEM;
+ return (-2);
+ }
+ r_end = record + BFRAG;
+ foundit = 0;
+ /*
+ * Loop through database array until finding the record.
+ */
+
+ for (db_p = db_array; *db_p != NULL; db_p++) {
+ eof = 0;
+
+ /*
+ * Open database if not already open.
+ */
+
+ if (fd >= 0) {
+ (void)lseek(fd, (off_t)0, SEEK_SET);
+ } else {
+#ifdef USE_DB
+ char pbuf[_POSIX_PATH_MAX];
+ char *cbuf;
+ size_t clen;
+ int retval;
+ DB *capdbp;
+
+ (void)snprintf(pbuf, sizeof(pbuf), "%s.db", *db_p);
+ if ((capdbp = dbopen(pbuf, O_RDONLY, 0, DB_HASH, 0))
+ != NULL) {
+ free(record);
+ retval = cdbget(capdbp, &record, name);
+ if (retval < 0) {
+ /* no record available */
+ (void)capdbp->close(capdbp);
+ return (retval);
+ }
+ /* save the data; close frees it */
+ clen = strlen(record);
+ cbuf = malloc(clen + 1);
+ if (cbuf == NULL)
+ return (-2);
+ memmove(cbuf, record, clen + 1);
+ if (capdbp->close(capdbp) < 0) {
+ free(cbuf);
+ return (-2);
+ }
+ *len = clen;
+ *cap = cbuf;
+ return (retval);
+ } else
+#endif
+ {
+ fd = open(*db_p, O_RDONLY, 0);
+ if (fd < 0) {
+ /* No error on unfound file. */
+ continue;
+ }
+ myfd = 1;
+ }
+ }
+ /*
+ * Find the requested capability record ...
+ */
+ {
+ char buf[BUFSIZ];
+ char *b_end, *bp, *cp;
+ int c, slash;
+
+ /*
+ * Loop invariants:
+ * There is always room for one more character in record.
+ * R_end always points just past end of record.
+ * Rp always points just past last character in record.
+ * B_end always points just past last character in buf.
+ * Bp always points at next character in buf.
+ * Cp remembers where the last colon was.
+ */
+ b_end = buf;
+ bp = buf;
+ cp = 0;
+ slash = 0;
+ for (;;) {
+
+ /*
+ * Read in a line implementing (\, newline)
+ * line continuation.
+ */
+ rp = record;
+ for (;;) {
+ if (bp >= b_end) {
+ int n;
+
+ n = read(fd, buf, sizeof(buf));
+ if (n <= 0) {
+ if (myfd)
+ (void)close(fd);
+ if (n < 0) {
+ free(record);
+ return (-2);
+ } else {
+ fd = -1;
+ eof = 1;
+ break;
+ }
+ }
+ b_end = buf+n;
+ bp = buf;
+ }
+
+ c = *bp++;
+ if (c == '\n') {
+ if (slash) {
+ slash = 0;
+ rp--;
+ continue;
+ } else
+ break;
+ }
+ if (slash) {
+ slash = 0;
+ cp = 0;
+ }
+ if (c == ':') {
+ /*
+ * If the field was `empty' (i.e.
+ * contained only white space), back up
+ * to the colon (eliminating the
+ * field).
+ */
+ if (cp)
+ rp = cp;
+ else
+ cp = rp;
+ } else if (c == '\\') {
+ slash = 1;
+ } else if (c != ' ' && c != '\t') {
+ /*
+ * Forget where the colon was, as this
+ * is not an empty field.
+ */
+ cp = 0;
+ }
+ *rp++ = c;
+
+ /*
+ * Enforce loop invariant: if no room
+ * left in record buffer, try to get
+ * some more.
+ */
+ if (rp >= r_end) {
+ u_int pos;
+ size_t newsize;
+
+ pos = rp - record;
+ newsize = r_end - record + BFRAG;
+ record = realloc(record, newsize);
+ if (record == NULL) {
+ errno = ENOMEM;
+ if (myfd)
+ (void)close(fd);
+ return (-2);
+ }
+ r_end = record + newsize;
+ rp = record + pos;
+ }
+ }
+ /* Eliminate any white space after the last colon. */
+ if (cp)
+ rp = cp + 1;
+ /* Loop invariant lets us do this. */
+ *rp++ = '\0';
+
+ /*
+ * If encountered eof check next file.
+ */
+ if (eof)
+ break;
+
+ /*
+ * Toss blank lines and comments.
+ */
+ if (*record == '\0' || *record == '#')
+ continue;
+
+ /*
+ * See if this is the record we want ...
+ */
+ if (cgetmatch(record, name) == 0) {
+ if (nfield == NULL || !nfcmp(nfield, record)) {
+ foundit = 1;
+ break; /* found it! */
+ }
+ }
+ }
+ }
+ if (foundit)
+ break;
+ }
+
+ if (!foundit)
+ return (-1);
+
+ /*
+ * Got the capability record, but now we have to expand all tc=name
+ * references in it ...
+ */
+ tc_exp: {
+ char *newicap, *s;
+ size_t ilen, newilen;
+ int diff, iret, tclen;
+ char *icap, *scan, *tc, *tcstart, *tcend;
+
+ /*
+ * Loop invariants:
+ * There is room for one more character in record.
+ * R_end points just past end of record.
+ * Rp points just past last character in record.
+ * Scan points at remainder of record that needs to be
+ * scanned for tc=name constructs.
+ */
+ scan = record;
+ tc_not_resolved = 0;
+ for (;;) {
+ if ((tc = cgetcap(scan, "tc", '=')) == NULL)
+ break;
+
+ /*
+ * Find end of tc=name and stomp on the trailing `:'
+ * (if present) so we can use it to call ourselves.
+ */
+ s = tc;
+ for (;;)
+ if (*s == '\0')
+ break;
+ else
+ if (*s++ == ':') {
+ *(s - 1) = '\0';
+ break;
+ }
+ tcstart = tc - 3;
+ tclen = s - tcstart;
+ tcend = s;
+
+ iret = getent(&icap, &ilen, db_p, fd, tc, depth+1,
+ NULL);
+ newicap = icap; /* Put into a register. */
+ newilen = ilen;
+ if (iret != 0) {
+ /* an error */
+ if (iret < -1) {
+ if (myfd)
+ (void)close(fd);
+ free(record);
+ return (iret);
+ }
+ if (iret == 1)
+ tc_not_resolved = 1;
+ /* couldn't resolve tc */
+ if (iret == -1) {
+ *(s - 1) = ':';
+ scan = s - 1;
+ tc_not_resolved = 1;
+ continue;
+
+ }
+ }
+ /* not interested in name field of tc'ed record */
+ s = newicap;
+ for (;;)
+ if (*s == '\0')
+ break;
+ else
+ if (*s++ == ':')
+ break;
+ newilen -= s - newicap;
+ newicap = s;
+
+ /* make sure interpolated record is `:'-terminated */
+ s += newilen;
+ if (*(s-1) != ':') {
+ *s = ':'; /* overwrite NUL with : */
+ newilen++;
+ }
+
+ /*
+ * Make sure there's enough room to insert the
+ * new record.
+ */
+ diff = newilen - tclen;
+ if (diff >= r_end - rp) {
+ u_int pos, tcpos, tcposend;
+ size_t newsize;
+
+ pos = rp - record;
+ newsize = r_end - record + diff + BFRAG;
+ tcpos = tcstart - record;
+ tcposend = tcend - record;
+ record = realloc(record, newsize);
+ if (record == NULL) {
+ errno = ENOMEM;
+ if (myfd)
+ (void)close(fd);
+ free(icap);
+ return (-2);
+ }
+ r_end = record + newsize;
+ rp = record + pos;
+ tcstart = record + tcpos;
+ tcend = record + tcposend;
+ }
+
+ /*
+ * Insert tc'ed record into our record.
+ */
+ s = tcstart + newilen;
+ memmove(s, tcend, (size_t)(rp - tcend));
+ memmove(tcstart, newicap, newilen);
+ rp += diff;
+ free(icap);
+
+ /*
+ * Start scan on `:' so next cgetcap works properly
+ * (cgetcap always skips first field).
+ */
+ scan = s-1;
+ }
+
+ }
+ /*
+ * Close file (if we opened it), give back any extra memory, and
+ * return capability, length and success.
+ */
+ if (myfd)
+ (void)close(fd);
+ *len = rp - record - 1; /* don't count NUL */
+ if (r_end > rp)
+ if ((record =
+ realloc(record, (size_t)(rp - record))) == NULL) {
+ errno = ENOMEM;
+ return (-2);
+ }
+
+ *cap = record;
+ if (tc_not_resolved)
+ return (1);
+ return (0);
+}
+
+#ifdef USE_DB
+static int
+cdbget(DB *capdbp, char **bp, const char *name)
+{
+ DBT key;
+ DBT data;
+
+ /* LINTED key is not modified */
+ key.data = (char *)name;
+ key.size = strlen(name);
+
+ for (;;) {
+ /* Get the reference. */
+ switch(capdbp->get(capdbp, &key, &data, 0)) {
+ case -1:
+ return (-2);
+ case 1:
+ return (-1);
+ }
+
+ /* If not an index to another record, leave. */
+ if (((char *)data.data)[0] != SHADOW)
+ break;
+
+ key.data = (char *)data.data + 1;
+ key.size = data.size - 1;
+ }
+
+ *bp = (char *)data.data + 1;
+ return (((char *)(data.data))[0] == TCERR ? 1 : 0);
+}
+#endif /* USE_DB */
+
+/*
+ * Cgetmatch will return 0 if name is one of the names of the capability
+ * record buf, -1 if not.
+ */
+int
+cgetmatch(const char *buf, const char *name)
+{
+ const char *np, *bp;
+
+ /*
+ * Start search at beginning of record.
+ */
+ bp = buf;
+ for (;;) {
+ /*
+ * Try to match a record name.
+ */
+ np = name;
+ for (;;)
+ if (*np == '\0') {
+ if (*bp == '|' || *bp == ':' || *bp == '\0')
+ return (0);
+ else
+ break;
+ } else
+ if (*bp++ != *np++)
+ break;
+
+ /*
+ * Match failed, skip to next name in record.
+ */
+ bp--; /* a '|' or ':' may have stopped the match */
+ for (;;)
+ if (*bp == '\0' || *bp == ':')
+ return (-1); /* match failed totally */
+ else
+ if (*bp++ == '|')
+ break; /* found next name */
+ }
+}
+
+#if 0
+int
+cgetfirst(char **buf, char **db_array)
+{
+ (void)cgetclose();
+ return (cgetnext(buf, db_array));
+}
+#endif
+
+static FILE *pfp;
+static int slash;
+static char **dbp;
+
+int ROKEN_LIB_FUNCTION
+cgetclose(void)
+{
+ if (pfp != NULL) {
+ (void)fclose(pfp);
+ pfp = NULL;
+ }
+ dbp = NULL;
+ gottoprec = 0;
+ slash = 0;
+ return(0);
+}
+
+#if 0
+/*
+ * Cgetnext() gets either the first or next entry in the logical database
+ * specified by db_array. It returns 0 upon completion of the database, 1
+ * upon returning an entry with more remaining, and -1 if an error occurs.
+ */
+int
+cgetnext(char **bp, char **db_array)
+{
+ size_t len;
+ int status, done;
+ char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE];
+ size_t dummy;
+
+ if (dbp == NULL)
+ dbp = db_array;
+
+ if (pfp == NULL && (pfp = fopen(*dbp, "r")) == NULL) {
+ (void)cgetclose();
+ return (-1);
+ }
+ for(;;) {
+ if (toprec && !gottoprec) {
+ gottoprec = 1;
+ line = toprec;
+ } else {
+ line = fgetln(pfp, &len);
+ if (line == NULL && pfp) {
+ if (ferror(pfp)) {
+ (void)cgetclose();
+ return (-1);
+ } else {
+ (void)fclose(pfp);
+ pfp = NULL;
+ if (*++dbp == NULL) {
+ (void)cgetclose();
+ return (0);
+ } else if ((pfp =
+ fopen(*dbp, "r")) == NULL) {
+ (void)cgetclose();
+ return (-1);
+ } else
+ continue;
+ }
+ } else
+ line[len - 1] = '\0';
+ if (len == 1) {
+ slash = 0;
+ continue;
+ }
+ if (isspace((unsigned char)*line) ||
+ *line == ':' || *line == '#' || slash) {
+ if (line[len - 2] == '\\')
+ slash = 1;
+ else
+ slash = 0;
+ continue;
+ }
+ if (line[len - 2] == '\\')
+ slash = 1;
+ else
+ slash = 0;
+ }
+
+
+ /*
+ * Line points to a name line.
+ */
+ done = 0;
+ np = nbuf;
+ for (;;) {
+ for (cp = line; *cp != '\0'; cp++) {
+ if (*cp == ':') {
+ *np++ = ':';
+ done = 1;
+ break;
+ }
+ if (*cp == '\\')
+ break;
+ *np++ = *cp;
+ }
+ if (done) {
+ *np = '\0';
+ break;
+ } else { /* name field extends beyond the line */
+ line = fgetln(pfp, &len);
+ if (line == NULL && pfp) {
+ if (ferror(pfp)) {
+ (void)cgetclose();
+ return (-1);
+ }
+ (void)fclose(pfp);
+ pfp = NULL;
+ *np = '\0';
+ break;
+ } else
+ line[len - 1] = '\0';
+ }
+ }
+ rp = buf;
+ for(cp = nbuf; *cp != '\0'; cp++)
+ if (*cp == '|' || *cp == ':')
+ break;
+ else
+ *rp++ = *cp;
+
+ *rp = '\0';
+ /*
+ * XXX
+ * Last argument of getent here should be nbuf if we want true
+ * sequential access in the case of duplicates.
+ * With NULL, getent will return the first entry found
+ * rather than the duplicate entry record. This is a
+ * matter of semantics that should be resolved.
+ */
+ status = getent(bp, &dummy, db_array, -1, buf, 0, NULL);
+ if (status == -2 || status == -3)
+ (void)cgetclose();
+
+ return (status + 1);
+ }
+ /* NOTREACHED */
+}
+#endif
+
+/*
+ * Cgetstr retrieves the value of the string capability cap from the
+ * capability record pointed to by buf. A pointer to a decoded, NUL
+ * terminated, malloc'd copy of the string is returned in the char *
+ * pointed to by str. The length of the string not including the trailing
+ * NUL is returned on success, -1 if the requested string capability
+ * couldn't be found, -2 if a system error was encountered (storage
+ * allocation failure).
+ */
+int ROKEN_LIB_FUNCTION
+cgetstr(char *buf, const char *cap, char **str)
+{
+ u_int m_room;
+ const char *bp;
+ char *mp;
+ int len;
+ char *mem;
+
+ /*
+ * Find string capability cap
+ */
+ bp = cgetcap(buf, cap, '=');
+ if (bp == NULL)
+ return (-1);
+
+ /*
+ * Conversion / storage allocation loop ... Allocate memory in
+ * chunks SFRAG in size.
+ */
+ if ((mem = malloc(SFRAG)) == NULL) {
+ errno = ENOMEM;
+ return (-2); /* couldn't even allocate the first fragment */
+ }
+ m_room = SFRAG;
+ mp = mem;
+
+ while (*bp != ':' && *bp != '\0') {
+ /*
+ * Loop invariants:
+ * There is always room for one more character in mem.
+ * Mp always points just past last character in mem.
+ * Bp always points at next character in buf.
+ */
+ if (*bp == '^') {
+ bp++;
+ if (*bp == ':' || *bp == '\0')
+ break; /* drop unfinished escape */
+ *mp++ = *bp++ & 037;
+ } else if (*bp == '\\') {
+ bp++;
+ if (*bp == ':' || *bp == '\0')
+ break; /* drop unfinished escape */
+ if ('0' <= *bp && *bp <= '7') {
+ int n, i;
+
+ n = 0;
+ i = 3; /* maximum of three octal digits */
+ do {
+ n = n * 8 + (*bp++ - '0');
+ } while (--i && '0' <= *bp && *bp <= '7');
+ *mp++ = n;
+ }
+ else switch (*bp++) {
+ case 'b': case 'B':
+ *mp++ = '\b';
+ break;
+ case 't': case 'T':
+ *mp++ = '\t';
+ break;
+ case 'n': case 'N':
+ *mp++ = '\n';
+ break;
+ case 'f': case 'F':
+ *mp++ = '\f';
+ break;
+ case 'r': case 'R':
+ *mp++ = '\r';
+ break;
+ case 'e': case 'E':
+ *mp++ = ESC;
+ break;
+ case 'c': case 'C':
+ *mp++ = ':';
+ break;
+ default:
+ /*
+ * Catches '\', '^', and
+ * everything else.
+ */
+ *mp++ = *(bp-1);
+ break;
+ }
+ } else
+ *mp++ = *bp++;
+ m_room--;
+
+ /*
+ * Enforce loop invariant: if no room left in current
+ * buffer, try to get some more.
+ */
+ if (m_room == 0) {
+ size_t size = mp - mem;
+
+ if ((mem = realloc(mem, size + SFRAG)) == NULL)
+ return (-2);
+ m_room = SFRAG;
+ mp = mem + size;
+ }
+ }
+ *mp++ = '\0'; /* loop invariant let's us do this */
+ m_room--;
+ len = mp - mem - 1;
+
+ /*
+ * Give back any extra memory and return value and success.
+ */
+ if (m_room != 0)
+ if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
+ return (-2);
+ *str = mem;
+ return (len);
+}
+
+/*
+ * Cgetustr retrieves the value of the string capability cap from the
+ * capability record pointed to by buf. The difference between cgetustr()
+ * and cgetstr() is that cgetustr does not decode escapes but rather treats
+ * all characters literally. A pointer to a NUL terminated malloc'd
+ * copy of the string is returned in the char pointed to by str. The
+ * length of the string not including the trailing NUL is returned on success,
+ * -1 if the requested string capability couldn't be found, -2 if a system
+ * error was encountered (storage allocation failure).
+ */
+int ROKEN_LIB_FUNCTION
+cgetustr(char *buf, const char *cap, char **str)
+{
+ u_int m_room;
+ const char *bp;
+ char *mp;
+ int len;
+ char *mem;
+
+ /*
+ * Find string capability cap
+ */
+ if ((bp = cgetcap(buf, cap, '=')) == NULL)
+ return (-1);
+
+ /*
+ * Conversion / storage allocation loop ... Allocate memory in
+ * chunks SFRAG in size.
+ */
+ if ((mem = malloc(SFRAG)) == NULL) {
+ errno = ENOMEM;
+ return (-2); /* couldn't even allocate the first fragment */
+ }
+ m_room = SFRAG;
+ mp = mem;
+
+ while (*bp != ':' && *bp != '\0') {
+ /*
+ * Loop invariants:
+ * There is always room for one more character in mem.
+ * Mp always points just past last character in mem.
+ * Bp always points at next character in buf.
+ */
+ *mp++ = *bp++;
+ m_room--;
+
+ /*
+ * Enforce loop invariant: if no room left in current
+ * buffer, try to get some more.
+ */
+ if (m_room == 0) {
+ size_t size = mp - mem;
+
+ if ((mem = realloc(mem, size + SFRAG)) == NULL)
+ return (-2);
+ m_room = SFRAG;
+ mp = mem + size;
+ }
+ }
+ *mp++ = '\0'; /* loop invariant let's us do this */
+ m_room--;
+ len = mp - mem - 1;
+
+ /*
+ * Give back any extra memory and return value and success.
+ */
+ if (m_room != 0)
+ if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
+ return (-2);
+ *str = mem;
+ return (len);
+}
+
+/*
+ * Cgetnum retrieves the value of the numeric capability cap from the
+ * capability record pointed to by buf. The numeric value is returned in
+ * the long pointed to by num. 0 is returned on success, -1 if the requested
+ * numeric capability couldn't be found.
+ */
+int ROKEN_LIB_FUNCTION
+cgetnum(char *buf, const char *cap, long *num)
+{
+ long n;
+ int base, digit;
+ const char *bp;
+
+ /*
+ * Find numeric capability cap
+ */
+ bp = cgetcap(buf, cap, '#');
+ if (bp == NULL)
+ return (-1);
+
+ /*
+ * Look at value and determine numeric base:
+ * 0x... or 0X... hexadecimal,
+ * else 0... octal,
+ * else decimal.
+ */
+ if (*bp == '0') {
+ bp++;
+ if (*bp == 'x' || *bp == 'X') {
+ bp++;
+ base = 16;
+ } else
+ base = 8;
+ } else
+ base = 10;
+
+ /*
+ * Conversion loop ...
+ */
+ n = 0;
+ for (;;) {
+ if ('0' <= *bp && *bp <= '9')
+ digit = *bp - '0';
+ else if ('a' <= *bp && *bp <= 'f')
+ digit = 10 + *bp - 'a';
+ else if ('A' <= *bp && *bp <= 'F')
+ digit = 10 + *bp - 'A';
+ else
+ break;
+
+ if (digit >= base)
+ break;
+
+ n = n * base + digit;
+ bp++;
+ }
+
+ /*
+ * Return value and success.
+ */
+ *num = n;
+ return (0);
+}
+
+
+/*
+ * Compare name field of record.
+ */
+static int
+nfcmp(char *nf, char *rec)
+{
+ char *cp, tmp;
+ int ret;
+
+ for (cp = rec; *cp != ':'; cp++)
+ ;
+
+ tmp = *(cp + 1);
+ *(cp + 1) = '\0';
+ ret = strcmp(nf, rec);
+ *(cp + 1) = tmp;
+
+ return (ret);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getcwd.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getcwd.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getcwd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getcwd.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include "roken.h"
+
+char* ROKEN_LIB_FUNCTION
+getcwd(char *path, size_t size)
+{
+ char xxx[MaxPathLen];
+ char *ret;
+ ret = getwd(xxx);
+ if(ret)
+ strlcpy(path, xxx, size);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getdtablesize.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getdtablesize.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getdtablesize.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1995-2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getdtablesize.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+int ROKEN_LIB_FUNCTION
+getdtablesize(void)
+{
+ int files = -1;
+#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX)
+ files = sysconf(_SC_OPEN_MAX);
+#else /* !defined(HAVE_SYSCONF) */
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
+ struct rlimit res;
+ if (getrlimit(RLIMIT_NOFILE, &res) == 0)
+ files = res.rlim_cur;
+#else /* !definded(HAVE_GETRLIMIT) */
+#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES)
+ int mib[2];
+ size_t len;
+
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_MAXFILES;
+ len = sizeof(files);
+ sysctl(&mib, 2, &files, sizeof(files), NULL, 0);
+#endif /* defined(HAVE_SYSCTL) */
+#endif /* !definded(HAVE_GETRLIMIT) */
+#endif /* !defined(HAVE_SYSCONF) */
+
+#ifdef OPEN_MAX
+ if (files < 0)
+ files = OPEN_MAX;
+#endif
+
+#ifdef NOFILE
+ if (files < 0)
+ files = NOFILE;
+#endif
+
+ return files;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getegid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getegid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getegid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETEGID
+
+RCSID("$Id: getegid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int ROKEN_LIB_FUNCTION
+getegid(void)
+{
+ return getgid();
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/geteuid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/geteuid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/geteuid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETEUID
+
+RCSID("$Id: geteuid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int ROKEN_LIB_FUNCTION
+geteuid(void)
+{
+ return getuid();
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/getgid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getgid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getgid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETGID
+
+RCSID("$Id: getgid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int ROKEN_LIB_FUNCTION
+getgid(void)
+{
+ return 17;
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/gethostname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/gethostname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/gethostname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETHOSTNAME
+
+#ifdef HAVE_SYS_UTSNAME_H
+#include <sys/utsname.h>
+#endif
+
+/*
+ * Return the local host's name in "name", up to "namelen" characters.
+ * "name" will be null-terminated if "namelen" is big enough.
+ * The return code is 0 on success, -1 on failure. (The calling
+ * interface is identical to gethostname(2).)
+ */
+
+int ROKEN_LIB_FUNCTION
+gethostname(char *name, int namelen)
+{
+#if defined(HAVE_UNAME)
+ {
+ struct utsname utsname;
+ int ret;
+
+ ret = uname (&utsname);
+ if (ret < 0)
+ return ret;
+ strlcpy (name, utsname.nodename, namelen);
+ return 0;
+ }
+#else
+ strlcpy (name, "some.random.host", namelen);
+ return 0;
+#endif
+}
+
+#endif /* GETHOSTNAME */
Added: vendor-crypto/heimdal/dist/lib/roken/getifaddrs.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getifaddrs.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getifaddrs.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1250 @@
+/*
+ * Copyright (c) 2000 - 2002, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getifaddrs.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include "roken.h"
+
+#ifdef __osf__
+/* hate */
+struct rtentry;
+struct mbuf;
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif /* HAVE_SYS_SOCKIO_H */
+
+#ifdef HAVE_NETINET_IN6_VAR_H
+#include <netinet/in6_var.h>
+#endif /* HAVE_NETINET_IN6_VAR_H */
+
+#include <ifaddrs.h>
+
+#ifdef __hpux
+#define lifconf if_laddrconf
+#define lifc_len iflc_len
+#define lifc_buf iflc_buf
+#define lifc_req iflc_req
+
+#define lifreq if_laddrreq
+#define lifr_addr iflr_addr
+#define lifr_name iflr_name
+#define lifr_dstaddr iflr_dstaddr
+#define lifr_broadaddr iflr_broadaddr
+#define lifr_flags iflr_flags
+#define lifr_index iflr_index
+#endif
+
+#ifdef AF_NETLINK
+
+/*
+ * The linux - AF_NETLINK version of getifaddrs - from Usagi.
+ * Linux does not return v6 addresses from SIOCGIFCONF.
+ */
+
+/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */
+
+/**************************************************************************
+ * ifaddrs.c
+ * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include <time.h>
+#include <malloc.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include <sys/socket.h>
+#include <asm/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/poll.h>
+#include <netpacket/packet.h>
+#include <net/ethernet.h> /* the L2 protocols */
+#include <sys/uio.h>
+#include <net/if.h>
+#include <net/if_arp.h>
+#include <ifaddrs.h>
+#include <netinet/in.h>
+
+#define __set_errno(e) (errno = (e))
+#define __close(fd) (close(fd))
+#undef ifa_broadaddr
+#define ifa_broadaddr ifa_dstaddr
+#define IFA_NETMASK
+
+/* ====================================================================== */
+struct nlmsg_list{
+ struct nlmsg_list *nlm_next;
+ struct nlmsghdr *nlh;
+ int size;
+ time_t seq;
+};
+
+struct rtmaddr_ifamap {
+ void *address;
+ void *local;
+#ifdef IFA_NETMASK
+ void *netmask;
+#endif
+ void *broadcast;
+#ifdef HAVE_IFADDRS_IFA_ANYCAST
+ void *anycast;
+#endif
+ int address_len;
+ int local_len;
+#ifdef IFA_NETMASK
+ int netmask_len;
+#endif
+ int broadcast_len;
+#ifdef HAVE_IFADDRS_IFA_ANYCAST
+ int anycast_len;
+#endif
+};
+
+/* ====================================================================== */
+static size_t
+ifa_sa_len(sa_family_t family, int len)
+{
+ size_t size;
+ switch(family){
+ case AF_INET:
+ size = sizeof(struct sockaddr_in);
+ break;
+ case AF_INET6:
+ size = sizeof(struct sockaddr_in6);
+ break;
+ case AF_PACKET:
+ size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len;
+ if (size < sizeof(struct sockaddr_ll))
+ size = sizeof(struct sockaddr_ll);
+ break;
+ default:
+ size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len;
+ if (size < sizeof(struct sockaddr))
+ size = sizeof(struct sockaddr);
+ break;
+ }
+ return size;
+}
+
+static void
+ifa_make_sockaddr(sa_family_t family,
+ struct sockaddr *sa,
+ void *p, size_t len,
+ uint32_t scope, uint32_t scopeid)
+{
+ if (sa == NULL) return;
+ switch(family){
+ case AF_INET:
+ memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len);
+ break;
+ case AF_INET6:
+ memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len);
+ if (IN6_IS_ADDR_LINKLOCAL(p) ||
+ IN6_IS_ADDR_MC_LINKLOCAL(p)){
+ ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
+ }
+ break;
+ case AF_PACKET:
+ memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len);
+ ((struct sockaddr_ll*)sa)->sll_halen = len;
+ break;
+ default:
+ memcpy(sa->sa_data, p, len); /*XXX*/
+ break;
+ }
+ sa->sa_family = family;
+#ifdef HAVE_SOCKADDR_SA_LEN
+ sa->sa_len = ifa_sa_len(family, len);
+#endif
+}
+
+#ifndef IFA_NETMASK
+static struct sockaddr *
+ifa_make_sockaddr_mask(sa_family_t family,
+ struct sockaddr *sa,
+ uint32_t prefixlen)
+{
+ int i;
+ char *p = NULL, c;
+ uint32_t max_prefixlen = 0;
+
+ if (sa == NULL) return NULL;
+ switch(family){
+ case AF_INET:
+ memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr));
+ p = (char *)&((struct sockaddr_in*)sa)->sin_addr;
+ max_prefixlen = 32;
+ break;
+ case AF_INET6:
+ memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr));
+ p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr;
+#if 0 /* XXX: fill scope-id? */
+ if (IN6_IS_ADDR_LINKLOCAL(p) ||
+ IN6_IS_ADDR_MC_LINKLOCAL(p)){
+ ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
+ }
+#endif
+ max_prefixlen = 128;
+ break;
+ default:
+ return NULL;
+ }
+ sa->sa_family = family;
+#ifdef HAVE_SOCKADDR_SA_LEN
+ sa->sa_len = ifa_sa_len(family, len);
+#endif
+ if (p){
+ if (prefixlen > max_prefixlen)
+ prefixlen = max_prefixlen;
+ for (i=0; i<(prefixlen / 8); i++)
+ *p++ = 0xff;
+ c = 0xff;
+ c <<= (8 - (prefixlen % 8));
+ *p = c;
+ }
+ return sa;
+}
+#endif
+
+/* ====================================================================== */
+static int
+nl_sendreq(int sd, int request, int flags, int *seq)
+{
+ char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
+ NLMSG_ALIGN(sizeof(struct rtgenmsg))];
+ struct sockaddr_nl nladdr;
+ struct nlmsghdr *req_hdr;
+ struct rtgenmsg *req_msg;
+ time_t t = time(NULL);
+
+ if (seq) *seq = t;
+ memset(&reqbuf, 0, sizeof(reqbuf));
+ req_hdr = (struct nlmsghdr *)reqbuf;
+ req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr);
+ req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg));
+ req_hdr->nlmsg_type = request;
+ req_hdr->nlmsg_flags = flags | NLM_F_REQUEST;
+ req_hdr->nlmsg_pid = 0;
+ req_hdr->nlmsg_seq = t;
+ req_msg->rtgen_family = AF_UNSPEC;
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+ return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0,
+ (struct sockaddr *)&nladdr, sizeof(nladdr)));
+}
+
+static int
+nl_recvmsg(int sd, int request, int seq,
+ void *buf, size_t buflen,
+ int *flags)
+{
+ struct msghdr msg;
+ struct iovec iov = { buf, buflen };
+ struct sockaddr_nl nladdr;
+ int read_len;
+
+ for (;;){
+ msg.msg_name = (void *)&nladdr;
+ msg.msg_namelen = sizeof(nladdr);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = NULL;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+ read_len = recvmsg(sd, &msg, 0);
+ if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC))
+ continue;
+ if (flags) *flags = msg.msg_flags;
+ break;
+ }
+ return read_len;
+}
+
+static int
+nl_getmsg(int sd, int request, int seq,
+ struct nlmsghdr **nlhp,
+ int *done)
+{
+ struct nlmsghdr *nh;
+ size_t bufsize = 65536, lastbufsize = 0;
+ void *buff = NULL;
+ int result = 0, read_size;
+ int msg_flags;
+ pid_t pid = getpid();
+ for (;;){
+ void *newbuff = realloc(buff, bufsize);
+ if (newbuff == NULL || bufsize < lastbufsize) {
+ result = -1;
+ break;
+ }
+ buff = newbuff;
+ result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags);
+ if (read_size < 0 || (msg_flags & MSG_TRUNC)){
+ lastbufsize = bufsize;
+ bufsize *= 2;
+ continue;
+ }
+ if (read_size == 0) break;
+ nh = (struct nlmsghdr *)buff;
+ for (nh = (struct nlmsghdr *)buff;
+ NLMSG_OK(nh, read_size);
+ nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){
+ if (nh->nlmsg_pid != pid ||
+ nh->nlmsg_seq != seq)
+ continue;
+ if (nh->nlmsg_type == NLMSG_DONE){
+ (*done)++;
+ break; /* ok */
+ }
+ if (nh->nlmsg_type == NLMSG_ERROR){
+ struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh);
+ result = -1;
+ if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
+ __set_errno(EIO);
+ else
+ __set_errno(-nlerr->error);
+ break;
+ }
+ }
+ break;
+ }
+ if (result < 0)
+ if (buff){
+ int saved_errno = errno;
+ free(buff);
+ __set_errno(saved_errno);
+ }
+ *nlhp = (struct nlmsghdr *)buff;
+ return result;
+}
+
+static int
+nl_getlist(int sd, int seq,
+ int request,
+ struct nlmsg_list **nlm_list,
+ struct nlmsg_list **nlm_end)
+{
+ struct nlmsghdr *nlh = NULL;
+ int status;
+ int done = 0;
+ int tries = 3;
+
+ try_again:
+ status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq);
+ if (status < 0)
+ return status;
+ if (seq == 0)
+ seq = (int)time(NULL);
+ while(!done){
+ struct pollfd pfd;
+
+ pfd.fd = sd;
+ pfd.events = POLLIN | POLLPRI;
+ pfd.revents = 0;
+ status = poll(&pfd, 1, 1000);
+ if (status < 0)
+ return status;
+ else if (status == 0) {
+ seq++;
+ if (tries-- > 0)
+ goto try_again;
+ return -1;
+ }
+
+ status = nl_getmsg(sd, request, seq, &nlh, &done);
+ if (status < 0)
+ return status;
+ if (nlh){
+ struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list));
+ if (nlm_next == NULL){
+ int saved_errno = errno;
+ free(nlh);
+ __set_errno(saved_errno);
+ status = -1;
+ } else {
+ nlm_next->nlm_next = NULL;
+ nlm_next->nlh = (struct nlmsghdr *)nlh;
+ nlm_next->size = status;
+ nlm_next->seq = seq;
+ if (*nlm_list == NULL){
+ *nlm_list = nlm_next;
+ *nlm_end = nlm_next;
+ } else {
+ (*nlm_end)->nlm_next = nlm_next;
+ *nlm_end = nlm_next;
+ }
+ }
+ }
+ }
+ return status >= 0 ? seq : status;
+}
+
+/* ---------------------------------------------------------------------- */
+static void
+free_nlmsglist(struct nlmsg_list *nlm0)
+{
+ struct nlmsg_list *nlm, *nlm_next;
+ int saved_errno;
+ if (!nlm0)
+ return;
+ saved_errno = errno;
+ for (nlm=nlm0; nlm; nlm=nlm_next){
+ if (nlm->nlh)
+ free(nlm->nlh);
+ nlm_next=nlm->nlm_next;
+ free(nlm);
+ }
+ __set_errno(saved_errno);
+}
+
+static void
+free_data(void *data, void *ifdata)
+{
+ int saved_errno = errno;
+ if (data != NULL) free(data);
+ if (ifdata != NULL) free(ifdata);
+ __set_errno(saved_errno);
+}
+
+/* ---------------------------------------------------------------------- */
+static void
+nl_close(int sd)
+{
+ int saved_errno = errno;
+ if (sd >= 0) __close(sd);
+ __set_errno(saved_errno);
+}
+
+/* ---------------------------------------------------------------------- */
+static int
+nl_open(void)
+{
+ struct sockaddr_nl nladdr;
+ int sd;
+
+ sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (sd < 0) return -1;
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+ if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){
+ nl_close(sd);
+ return -1;
+ }
+ return sd;
+}
+
+/* ====================================================================== */
+int ROKEN_LIB_FUNCTION
+rk_getifaddrs(struct ifaddrs **ifap)
+{
+ int sd;
+ struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm;
+ /* - - - - - - - - - - - - - - - */
+ int icnt;
+ size_t dlen, xlen, nlen;
+ uint32_t max_ifindex = 0;
+
+ pid_t pid = getpid();
+ int seq;
+ int result;
+ int build ; /* 0 or 1 */
+
+/* ---------------------------------- */
+ /* initialize */
+ icnt = dlen = xlen = nlen = 0;
+ nlmsg_list = nlmsg_end = NULL;
+
+ if (ifap)
+ *ifap = NULL;
+
+/* ---------------------------------- */
+ /* open socket and bind */
+ sd = nl_open();
+ if (sd < 0)
+ return -1;
+
+/* ---------------------------------- */
+ /* gather info */
+ if ((seq = nl_getlist(sd, 0, RTM_GETLINK,
+ &nlmsg_list, &nlmsg_end)) < 0){
+ free_nlmsglist(nlmsg_list);
+ nl_close(sd);
+ return -1;
+ }
+ if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR,
+ &nlmsg_list, &nlmsg_end)) < 0){
+ free_nlmsglist(nlmsg_list);
+ nl_close(sd);
+ return -1;
+ }
+
+/* ---------------------------------- */
+ /* Estimate size of result buffer and fill it */
+ for (build=0; build<=1; build++){
+ struct ifaddrs *ifl = NULL, *ifa = NULL;
+ struct nlmsghdr *nlh, *nlh0;
+ char *data = NULL, *xdata = NULL;
+ void *ifdata = NULL;
+ char *ifname = NULL, **iflist = NULL;
+ uint16_t *ifflist = NULL;
+ struct rtmaddr_ifamap ifamap;
+
+ if (build){
+ data = calloc(1,
+ NLMSG_ALIGN(sizeof(struct ifaddrs[icnt]))
+ + dlen + xlen + nlen);
+ ifa = (struct ifaddrs *)data;
+ ifdata = calloc(1,
+ NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))
+ + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1])));
+ if (ifap != NULL)
+ *ifap = (ifdata != NULL) ? ifa : NULL;
+ else{
+ free_data(data, ifdata);
+ result = 0;
+ break;
+ }
+ if (data == NULL || ifdata == NULL){
+ free_data(data, ifdata);
+ result = -1;
+ break;
+ }
+ ifl = NULL;
+ data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt;
+ xdata = data + dlen;
+ ifname = xdata + xlen;
+ iflist = ifdata;
+ ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])));
+ }
+
+ for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){
+ int nlmlen = nlm->size;
+ if (!(nlh0 = nlm->nlh))
+ continue;
+ for (nlh = nlh0;
+ NLMSG_OK(nlh, nlmlen);
+ nlh=NLMSG_NEXT(nlh,nlmlen)){
+ struct ifinfomsg *ifim = NULL;
+ struct ifaddrmsg *ifam = NULL;
+ struct rtattr *rta;
+
+ size_t nlm_struct_size = 0;
+ sa_family_t nlm_family = 0;
+ uint32_t nlm_scope = 0, nlm_index = 0;
+ size_t sockaddr_size = 0;
+ uint32_t nlm_prefixlen = 0;
+ size_t rtasize;
+
+ memset(&ifamap, 0, sizeof(ifamap));
+
+ /* check if the message is what we want */
+ if (nlh->nlmsg_pid != pid ||
+ nlh->nlmsg_seq != nlm->seq)
+ continue;
+ if (nlh->nlmsg_type == NLMSG_DONE){
+ break; /* ok */
+ }
+ switch (nlh->nlmsg_type){
+ case RTM_NEWLINK:
+ ifim = (struct ifinfomsg *)NLMSG_DATA(nlh);
+ nlm_struct_size = sizeof(*ifim);
+ nlm_family = ifim->ifi_family;
+ nlm_scope = 0;
+ nlm_index = ifim->ifi_index;
+ nlm_prefixlen = 0;
+ if (build)
+ ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags;
+ break;
+ case RTM_NEWADDR:
+ ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh);
+ nlm_struct_size = sizeof(*ifam);
+ nlm_family = ifam->ifa_family;
+ nlm_scope = ifam->ifa_scope;
+ nlm_index = ifam->ifa_index;
+ nlm_prefixlen = ifam->ifa_prefixlen;
+ if (build)
+ ifa->ifa_flags = ifflist[nlm_index];
+ break;
+ default:
+ continue;
+ }
+
+ if (!build){
+ if (max_ifindex < nlm_index)
+ max_ifindex = nlm_index;
+ } else {
+ if (ifl != NULL)
+ ifl->ifa_next = ifa;
+ }
+
+ rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size);
+ for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size));
+ RTA_OK(rta, rtasize);
+ rta = RTA_NEXT(rta, rtasize)){
+ struct sockaddr **sap = NULL;
+ void *rtadata = RTA_DATA(rta);
+ size_t rtapayload = RTA_PAYLOAD(rta);
+ socklen_t sa_len;
+
+ switch(nlh->nlmsg_type){
+ case RTM_NEWLINK:
+ switch(rta->rta_type){
+ case IFLA_ADDRESS:
+ case IFLA_BROADCAST:
+ if (build){
+ sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr;
+ *sap = (struct sockaddr *)data;
+ }
+ sa_len = ifa_sa_len(AF_PACKET, rtapayload);
+ if (rta->rta_type == IFLA_ADDRESS)
+ sockaddr_size = NLMSG_ALIGN(sa_len);
+ if (!build){
+ dlen += NLMSG_ALIGN(sa_len);
+ } else {
+ memset(*sap, 0, sa_len);
+ ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0);
+ ((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index;
+ ((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type;
+ data += NLMSG_ALIGN(sa_len);
+ }
+ break;
+ case IFLA_IFNAME:/* Name of Interface */
+ if (!build)
+ nlen += NLMSG_ALIGN(rtapayload + 1);
+ else{
+ ifa->ifa_name = ifname;
+ if (iflist[nlm_index] == NULL)
+ iflist[nlm_index] = ifa->ifa_name;
+ strncpy(ifa->ifa_name, rtadata, rtapayload);
+ ifa->ifa_name[rtapayload] = '\0';
+ ifname += NLMSG_ALIGN(rtapayload + 1);
+ }
+ break;
+ case IFLA_STATS:/* Statistics of Interface */
+ if (!build)
+ xlen += NLMSG_ALIGN(rtapayload);
+ else{
+ ifa->ifa_data = xdata;
+ memcpy(ifa->ifa_data, rtadata, rtapayload);
+ xdata += NLMSG_ALIGN(rtapayload);
+ }
+ break;
+ case IFLA_UNSPEC:
+ break;
+ case IFLA_MTU:
+ break;
+ case IFLA_LINK:
+ break;
+ case IFLA_QDISC:
+ break;
+ default:
+ break;
+ }
+ break;
+ case RTM_NEWADDR:
+ if (nlm_family == AF_PACKET) break;
+ switch(rta->rta_type){
+ case IFA_ADDRESS:
+ ifamap.address = rtadata;
+ ifamap.address_len = rtapayload;
+ break;
+ case IFA_LOCAL:
+ ifamap.local = rtadata;
+ ifamap.local_len = rtapayload;
+ break;
+ case IFA_BROADCAST:
+ ifamap.broadcast = rtadata;
+ ifamap.broadcast_len = rtapayload;
+ break;
+#ifdef HAVE_IFADDRS_IFA_ANYCAST
+ case IFA_ANYCAST:
+ ifamap.anycast = rtadata;
+ ifamap.anycast_len = rtapayload;
+ break;
+#endif
+ case IFA_LABEL:
+ if (!build)
+ nlen += NLMSG_ALIGN(rtapayload + 1);
+ else{
+ ifa->ifa_name = ifname;
+ if (iflist[nlm_index] == NULL)
+ iflist[nlm_index] = ifname;
+ strncpy(ifa->ifa_name, rtadata, rtapayload);
+ ifa->ifa_name[rtapayload] = '\0';
+ ifname += NLMSG_ALIGN(rtapayload + 1);
+ }
+ break;
+ case IFA_UNSPEC:
+ break;
+ case IFA_CACHEINFO:
+ break;
+ default:
+ break;
+ }
+ }
+ }
+ if (nlh->nlmsg_type == RTM_NEWADDR &&
+ nlm_family != AF_PACKET) {
+ if (!ifamap.local) {
+ ifamap.local = ifamap.address;
+ ifamap.local_len = ifamap.address_len;
+ }
+ if (!ifamap.address) {
+ ifamap.address = ifamap.local;
+ ifamap.address_len = ifamap.local_len;
+ }
+ if (ifamap.address_len != ifamap.local_len ||
+ (ifamap.address != NULL &&
+ memcmp(ifamap.address, ifamap.local, ifamap.address_len))) {
+ /* p2p; address is peer and local is ours */
+ ifamap.broadcast = ifamap.address;
+ ifamap.broadcast_len = ifamap.address_len;
+ ifamap.address = ifamap.local;
+ ifamap.address_len = ifamap.local_len;
+ }
+ if (ifamap.address) {
+#ifndef IFA_NETMASK
+ sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
+#endif
+ if (!build)
+ dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
+ else {
+ ifa->ifa_addr = (struct sockaddr *)data;
+ ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len,
+ nlm_scope, nlm_index);
+ data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len));
+ }
+ }
+#ifdef IFA_NETMASK
+ if (ifamap.netmask) {
+ if (!build)
+ dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len));
+ else {
+ ifa->ifa_netmask = (struct sockaddr *)data;
+ ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len,
+ nlm_scope, nlm_index);
+ data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len));
+ }
+ }
+#endif
+ if (ifamap.broadcast) {
+ if (!build)
+ dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len));
+ else {
+ ifa->ifa_broadaddr = (struct sockaddr *)data;
+ ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len,
+ nlm_scope, nlm_index);
+ data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len));
+ }
+ }
+#ifdef HAVE_IFADDRS_IFA_ANYCAST
+ if (ifamap.anycast) {
+ if (!build)
+ dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len));
+ else {
+ ifa->ifa_anycast = (struct sockaddr *)data;
+ ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len,
+ nlm_scope, nlm_index);
+ data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len));
+ }
+ }
+#endif
+ }
+ if (!build){
+#ifndef IFA_NETMASK
+ dlen += sockaddr_size;
+#endif
+ icnt++;
+ } else {
+ if (ifa->ifa_name == NULL)
+ ifa->ifa_name = iflist[nlm_index];
+#ifndef IFA_NETMASK
+ if (ifa->ifa_addr &&
+ ifa->ifa_addr->sa_family != AF_UNSPEC &&
+ ifa->ifa_addr->sa_family != AF_PACKET){
+ ifa->ifa_netmask = (struct sockaddr *)data;
+ ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen);
+ }
+ data += sockaddr_size;
+#endif
+ ifl = ifa++;
+ }
+ }
+ }
+ if (!build){
+ if (icnt == 0 && (dlen + nlen + xlen == 0)){
+ if (ifap != NULL)
+ *ifap = NULL;
+ break; /* cannot found any addresses */
+ }
+ }
+ else
+ free_data(NULL, ifdata);
+ }
+
+/* ---------------------------------- */
+ /* Finalize */
+ free_nlmsglist(nlmsg_list);
+ nl_close(sd);
+ return 0;
+}
+
+#else /* !AF_NETLINK */
+
+/*
+ * The generic SIOCGIFCONF version.
+ */
+
+static int
+getifaddrs2(struct ifaddrs **ifap,
+ int af, int siocgifconf, int siocgifflags,
+ size_t ifreq_sz)
+{
+ int ret;
+ int fd;
+ size_t buf_size;
+ char *buf;
+ struct ifconf ifconf;
+ char *p;
+ size_t sz;
+ struct sockaddr sa_zero;
+ struct ifreq *ifr;
+ struct ifaddrs *start = NULL, **end = &start;
+
+ buf = NULL;
+
+ memset (&sa_zero, 0, sizeof(sa_zero));
+ fd = socket(af, SOCK_DGRAM, 0);
+ if (fd < 0)
+ return -1;
+
+ buf_size = 8192;
+ for (;;) {
+ buf = calloc(1, buf_size);
+ if (buf == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ ifconf.ifc_len = buf_size;
+ ifconf.ifc_buf = buf;
+
+ /*
+ * Solaris returns EINVAL when the buffer is too small.
+ */
+ if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
+ ret = errno;
+ goto error_out;
+ }
+ /*
+ * Can the difference between a full and a overfull buf
+ * be determined?
+ */
+
+ if (ifconf.ifc_len < buf_size)
+ break;
+ free (buf);
+ buf_size *= 2;
+ }
+
+ for (p = ifconf.ifc_buf;
+ p < ifconf.ifc_buf + ifconf.ifc_len;
+ p += sz) {
+ struct ifreq ifreq;
+ struct sockaddr *sa;
+ size_t salen;
+
+ ifr = (struct ifreq *)p;
+ sa = &ifr->ifr_addr;
+
+ sz = ifreq_sz;
+ salen = sizeof(struct sockaddr);
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ salen = sa->sa_len;
+ sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
+#endif
+#ifdef SA_LEN
+ salen = SA_LEN(sa);
+ sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
+#endif
+ memset (&ifreq, 0, sizeof(ifreq));
+ memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name));
+
+ if (ioctl(fd, siocgifflags, &ifreq) < 0) {
+ ret = errno;
+ goto error_out;
+ }
+
+ *end = malloc(sizeof(**end));
+ if (*end == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+
+ (*end)->ifa_next = NULL;
+ (*end)->ifa_name = strdup(ifr->ifr_name);
+ if ((*end)->ifa_name == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ (*end)->ifa_flags = ifreq.ifr_flags;
+ (*end)->ifa_addr = malloc(salen);
+ if ((*end)->ifa_addr == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ memcpy((*end)->ifa_addr, sa, salen);
+ (*end)->ifa_netmask = NULL;
+
+#if 0
+ /* fix these when we actually need them */
+ if(ifreq.ifr_flags & IFF_BROADCAST) {
+ (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
+ if ((*end)->ifa_broadaddr == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr,
+ sizeof(ifr->ifr_broadaddr));
+ } else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
+ (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
+ if ((*end)->ifa_dstaddr == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr,
+ sizeof(ifr->ifr_dstaddr));
+ } else
+ (*end)->ifa_dstaddr = NULL;
+#else
+ (*end)->ifa_dstaddr = NULL;
+#endif
+
+ (*end)->ifa_data = NULL;
+
+ end = &(*end)->ifa_next;
+
+ }
+ *ifap = start;
+ close(fd);
+ free(buf);
+ return 0;
+ error_out:
+ rk_freeifaddrs(start);
+ close(fd);
+ free(buf);
+ errno = ret;
+ return -1;
+}
+
+#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
+static int
+getlifaddrs2(struct ifaddrs **ifap,
+ int af, int siocgifconf, int siocgifflags,
+ size_t ifreq_sz)
+{
+ int ret;
+ int fd;
+ size_t buf_size;
+ char *buf;
+ struct lifconf ifconf;
+ char *p;
+ size_t sz;
+ struct sockaddr sa_zero;
+ struct lifreq *ifr;
+ struct ifaddrs *start = NULL, **end = &start;
+
+ buf = NULL;
+
+ memset (&sa_zero, 0, sizeof(sa_zero));
+ fd = socket(af, SOCK_DGRAM, 0);
+ if (fd < 0)
+ return -1;
+
+ buf_size = 8192;
+ for (;;) {
+ buf = calloc(1, buf_size);
+ if (buf == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+#ifndef __hpux
+ ifconf.lifc_family = AF_UNSPEC;
+ ifconf.lifc_flags = 0;
+#endif
+ ifconf.lifc_len = buf_size;
+ ifconf.lifc_buf = buf;
+
+ /*
+ * Solaris returns EINVAL when the buffer is too small.
+ */
+ if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
+ ret = errno;
+ goto error_out;
+ }
+ /*
+ * Can the difference between a full and a overfull buf
+ * be determined?
+ */
+
+ if (ifconf.lifc_len < buf_size)
+ break;
+ free (buf);
+ buf_size *= 2;
+ }
+
+ for (p = ifconf.lifc_buf;
+ p < ifconf.lifc_buf + ifconf.lifc_len;
+ p += sz) {
+ struct lifreq ifreq;
+ struct sockaddr_storage *sa;
+ size_t salen;
+
+ ifr = (struct lifreq *)p;
+ sa = &ifr->lifr_addr;
+
+ sz = ifreq_sz;
+ salen = sizeof(struct sockaddr_storage);
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ salen = sa->sa_len;
+ sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
+#endif
+#ifdef SA_LEN
+ salen = SA_LEN(sa);
+ sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa));
+#endif
+ memset (&ifreq, 0, sizeof(ifreq));
+ memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name));
+
+ if (ioctl(fd, siocgifflags, &ifreq) < 0) {
+ ret = errno;
+ goto error_out;
+ }
+
+ *end = malloc(sizeof(**end));
+ if (*end == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+
+ (*end)->ifa_next = NULL;
+ (*end)->ifa_name = strdup(ifr->lifr_name);
+ if ((*end)->ifa_name == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ (*end)->ifa_flags = ifreq.lifr_flags;
+ (*end)->ifa_addr = malloc(salen);
+ if ((*end)->ifa_addr == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ memcpy((*end)->ifa_addr, sa, salen);
+ (*end)->ifa_netmask = NULL;
+
+#if 0
+ /* fix these when we actually need them */
+ if(ifreq.ifr_flags & IFF_BROADCAST) {
+ (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr));
+ if ((*end)->ifa_broadaddr == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr,
+ sizeof(ifr->ifr_broadaddr));
+ } else if(ifreq.ifr_flags & IFF_POINTOPOINT) {
+ (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr));
+ if ((*end)->ifa_dstaddr == NULL) {
+ ret = ENOMEM;
+ goto error_out;
+ }
+ memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr,
+ sizeof(ifr->ifr_dstaddr));
+ } else
+ (*end)->ifa_dstaddr = NULL;
+#else
+ (*end)->ifa_dstaddr = NULL;
+#endif
+
+ (*end)->ifa_data = NULL;
+
+ end = &(*end)->ifa_next;
+
+ }
+ *ifap = start;
+ close(fd);
+ free(buf);
+ return 0;
+ error_out:
+ rk_freeifaddrs(start);
+ close(fd);
+ free(buf);
+ errno = ret;
+ return -1;
+}
+#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */
+
+int ROKEN_LIB_FUNCTION
+rk_getifaddrs(struct ifaddrs **ifap)
+{
+ int ret = -1;
+ errno = ENXIO;
+#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS)
+ if (ret)
+ ret = getifaddrs2 (ifap, AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS,
+ sizeof(struct in6_ifreq));
+#endif
+#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
+ if (ret)
+ ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS,
+ sizeof(struct lifreq));
+#endif
+#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
+ if (ret)
+ ret = getifaddrs2 (ifap, AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS,
+ sizeof(struct ifreq));
+#endif
+#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS)
+ if (ret)
+ ret = getifaddrs2 (ifap, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
+ sizeof(struct ifreq));
+#endif
+ return ret;
+}
+
+#endif /* !AF_NETLINK */
+
+void ROKEN_LIB_FUNCTION
+rk_freeifaddrs(struct ifaddrs *ifp)
+{
+ struct ifaddrs *p, *q;
+
+ for(p = ifp; p; ) {
+ free(p->ifa_name);
+ if(p->ifa_addr)
+ free(p->ifa_addr);
+ if(p->ifa_dstaddr)
+ free(p->ifa_dstaddr);
+ if(p->ifa_netmask)
+ free(p->ifa_netmask);
+ if(p->ifa_data)
+ free(p->ifa_data);
+ q = p;
+ p = p->ifa_next;
+ free(q);
+ }
+}
+
+#ifdef TEST
+
+void
+print_addr(const char *s, struct sockaddr *sa)
+{
+ int i;
+ printf(" %s=%d/", s, sa->sa_family);
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+ for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++)
+ printf("%02x", ((unsigned char*)sa->sa_data)[i]);
+#else
+ for(i = 0; i < sizeof(sa->sa_data); i++)
+ printf("%02x", ((unsigned char*)sa->sa_data)[i]);
+#endif
+ printf("\n");
+}
+
+void
+print_ifaddrs(struct ifaddrs *x)
+{
+ struct ifaddrs *p;
+
+ for(p = x; p; p = p->ifa_next) {
+ printf("%s\n", p->ifa_name);
+ printf(" flags=%x\n", p->ifa_flags);
+ if(p->ifa_addr)
+ print_addr("addr", p->ifa_addr);
+ if(p->ifa_dstaddr)
+ print_addr("dstaddr", p->ifa_dstaddr);
+ if(p->ifa_netmask)
+ print_addr("netmask", p->ifa_netmask);
+ printf(" %p\n", p->ifa_data);
+ }
+}
+
+int
+main()
+{
+ struct ifaddrs *a = NULL, *b;
+ getifaddrs2(&a, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, sizeof(struct ifreq));
+ print_ifaddrs(a);
+ printf("---\n");
+ getifaddrs(&b);
+ print_ifaddrs(b);
+ return 0;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/getipnodebyaddr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getipnodebyaddr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getipnodebyaddr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getipnodebyaddr.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * lookup `src, len' (address family `af') in DNS and return a pointer
+ * to a malloced struct hostent or NULL.
+ */
+
+struct hostent * ROKEN_LIB_FUNCTION
+getipnodebyaddr (const void *src, size_t len, int af, int *error_num)
+{
+ struct hostent *tmp;
+
+ tmp = gethostbyaddr (src, len, af);
+ if (tmp == NULL) {
+ switch (h_errno) {
+ case HOST_NOT_FOUND :
+ case TRY_AGAIN :
+ case NO_RECOVERY :
+ *error_num = h_errno;
+ break;
+ case NO_DATA :
+ *error_num = NO_ADDRESS;
+ break;
+ default :
+ *error_num = NO_RECOVERY;
+ break;
+ }
+ return NULL;
+ }
+ tmp = copyhostent (tmp);
+ if (tmp == NULL) {
+ *error_num = TRY_AGAIN;
+ return NULL;
+ }
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getipnodebyname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getipnodebyname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getipnodebyname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getipnodebyname.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#ifndef HAVE_H_ERRNO
+static int h_errno = NO_RECOVERY;
+#endif
+
+/*
+ * lookup `name' (address family `af') in DNS and return a pointer
+ * to a malloced struct hostent or NULL.
+ */
+
+struct hostent * ROKEN_LIB_FUNCTION
+getipnodebyname (const char *name, int af, int flags, int *error_num)
+{
+ struct hostent *tmp;
+
+#ifdef HAVE_GETHOSTBYNAME2
+ tmp = gethostbyname2 (name, af);
+#else
+ if (af != AF_INET) {
+ *error_num = NO_ADDRESS;
+ return NULL;
+ }
+ tmp = gethostbyname (name);
+#endif
+ if (tmp == NULL) {
+ switch (h_errno) {
+ case HOST_NOT_FOUND :
+ case TRY_AGAIN :
+ case NO_RECOVERY :
+ *error_num = h_errno;
+ break;
+ case NO_DATA :
+ *error_num = NO_ADDRESS;
+ break;
+ default :
+ *error_num = NO_RECOVERY;
+ break;
+ }
+ return NULL;
+ }
+ tmp = copyhostent (tmp);
+ if (tmp == NULL) {
+ *error_num = TRY_AGAIN;
+ return NULL;
+ }
+ return tmp;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getnameinfo.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getnameinfo.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getnameinfo.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getnameinfo.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+static int
+doit (int af,
+ const void *addr,
+ size_t addrlen,
+ int port,
+ char *host, size_t hostlen,
+ char *serv, size_t servlen,
+ int flags)
+{
+ if (host != NULL) {
+ if (flags & NI_NUMERICHOST) {
+ if (inet_ntop (af, addr, host, hostlen) == NULL)
+ return EAI_SYSTEM;
+ } else {
+ struct hostent *he = gethostbyaddr (addr,
+ addrlen,
+ af);
+ if (he != NULL) {
+ strlcpy (host, hostent_find_fqdn(he), hostlen);
+ if (flags & NI_NOFQDN) {
+ char *dot = strchr (host, '.');
+ if (dot != NULL)
+ *dot = '\0';
+ }
+ } else if (flags & NI_NAMEREQD) {
+ return EAI_NONAME;
+ } else if (inet_ntop (af, addr, host, hostlen) == NULL)
+ return EAI_SYSTEM;
+ }
+ }
+
+ if (serv != NULL) {
+ if (flags & NI_NUMERICSERV) {
+ snprintf (serv, servlen, "%u", ntohs(port));
+ } else {
+ const char *proto = "tcp";
+ struct servent *se;
+
+ if (flags & NI_DGRAM)
+ proto = "udp";
+
+ se = getservbyport (port, proto);
+ if (se == NULL) {
+ snprintf (serv, servlen, "%u", ntohs(port));
+ } else {
+ strlcpy (serv, se->s_name, servlen);
+ }
+ }
+ }
+ return 0;
+}
+
+/*
+ *
+ */
+
+int ROKEN_LIB_FUNCTION
+getnameinfo(const struct sockaddr *sa, socklen_t salen,
+ char *host, size_t hostlen,
+ char *serv, size_t servlen,
+ int flags)
+{
+ switch (sa->sa_family) {
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+
+ return doit (AF_INET6, &sin6->sin6_addr, sizeof(sin6->sin6_addr),
+ sin6->sin6_port,
+ host, hostlen,
+ serv, servlen,
+ flags);
+ }
+#endif
+ case AF_INET : {
+ const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+
+ return doit (AF_INET, &sin4->sin_addr, sizeof(sin4->sin_addr),
+ sin4->sin_port,
+ host, hostlen,
+ serv, servlen,
+ flags);
+ }
+ default :
+ return EAI_FAMILY;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getnameinfo_verified.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getnameinfo_verified.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getnameinfo_verified.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getnameinfo_verified.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * Try to obtain a verified name for the address in `sa, salen' (much
+ * similar to getnameinfo).
+ * Verified in this context means that forwards and backwards lookups
+ * in DNS are consistent. If that fails, return an error if the
+ * NI_NAMEREQD flag is set or return the numeric address as a string.
+ */
+
+int ROKEN_LIB_FUNCTION
+getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
+ char *host, size_t hostlen,
+ char *serv, size_t servlen,
+ int flags)
+{
+ int ret;
+ struct addrinfo *ai, *a;
+ char servbuf[NI_MAXSERV];
+ struct addrinfo hints;
+
+ if (host == NULL)
+ return EAI_NONAME;
+
+ if (serv == NULL) {
+ serv = servbuf;
+ servlen = sizeof(servbuf);
+ }
+
+ ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
+ flags | NI_NUMERICSERV);
+ if (ret)
+ goto fail;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ ret = getaddrinfo (host, serv, &hints, &ai);
+ if (ret)
+ goto fail;
+ for (a = ai; a != NULL; a = a->ai_next) {
+ if (a->ai_addrlen == salen
+ && memcmp (a->ai_addr, sa, salen) == 0) {
+ freeaddrinfo (ai);
+ return 0;
+ }
+ }
+ freeaddrinfo (ai);
+ fail:
+ if (flags & NI_NAMEREQD)
+ return EAI_NONAME;
+ ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
+ flags | NI_NUMERICSERV | NI_NUMERICHOST);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getopt.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getopt.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getopt.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 1987, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifndef __STDC__
+#define const
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * get option letter from argument vector
+ */
+int opterr = 1, /* if error message should be printed */
+ optind = 1, /* index into parent argv vector */
+ optopt, /* character checked for validity */
+ optreset; /* reset getopt */
+char *optarg; /* argument associated with option */
+
+#define BADCH (int)'?'
+#define BADARG (int)':'
+#define EMSG ""
+
+int ROKEN_LIB_FUNCTION
+getopt(nargc, nargv, ostr)
+ int nargc;
+ char * const *nargv;
+ const char *ostr;
+{
+ static char *place = EMSG; /* option letter processing */
+ char *oli; /* option letter list index */
+ char *p;
+
+ if (optreset || !*place) { /* update scanning pointer */
+ optreset = 0;
+ if (optind >= nargc || *(place = nargv[optind]) != '-') {
+ place = EMSG;
+ return(-1);
+ }
+ if (place[1] && *++place == '-') { /* found "--" */
+ ++optind;
+ place = EMSG;
+ return(-1);
+ }
+ } /* option letter okay? */
+ if ((optopt = (int)*place++) == (int)':' ||
+ !(oli = strchr(ostr, optopt))) {
+ /*
+ * if the user didn't specify '-' as an option,
+ * assume it means -1 (EOF).
+ */
+ if (optopt == (int)'-')
+ return(-1);
+ if (!*place)
+ ++optind;
+ if (opterr && *ostr != ':') {
+ if (!(p = strrchr(*nargv, '/')))
+ p = *nargv;
+ else
+ ++p;
+ fprintf(stderr, "%s: illegal option -- %c\n",
+ p, optopt);
+ }
+ return(BADCH);
+ }
+ if (*++oli != ':') { /* don't need argument */
+ optarg = NULL;
+ if (!*place)
+ ++optind;
+ }
+ else { /* need an argument */
+ if (*place) /* no white space */
+ optarg = place;
+ else if (nargc <= ++optind) { /* no arg */
+ place = EMSG;
+ if (!(p = strrchr(*nargv, '/')))
+ p = *nargv;
+ else
+ ++p;
+ if (*ostr == ':')
+ return(BADARG);
+ if (opterr)
+ fprintf(stderr,
+ "%s: option requires an argument -- %c\n",
+ p, optopt);
+ return(BADCH);
+ }
+ else /* white space */
+ optarg = nargv[optind];
+ place = EMSG;
+ ++optind;
+ }
+ return(optopt); /* dump back option letter */
+}
Added: vendor-crypto/heimdal/dist/lib/roken/getprogname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getprogname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getprogname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 1995-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: getprogname.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#ifndef HAVE___PROGNAME
+const char *__progname;
+#endif
+
+#ifndef HAVE_GETPROGNAME
+const char * ROKEN_LIB_FUNCTION
+getprogname(void)
+{
+ return __progname;
+}
+#endif /* HAVE_GETPROGNAME */
Added: vendor-crypto/heimdal/dist/lib/roken/gettimeofday.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/gettimeofday.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/gettimeofday.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#ifndef HAVE_GETTIMEOFDAY
+
+RCSID("$Id: gettimeofday.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+/*
+ * Simple gettimeofday that only returns seconds.
+ */
+int ROKEN_LIB_FUNCTION
+gettimeofday (struct timeval *tp, void *ignore)
+{
+ time_t t;
+
+ t = time(NULL);
+ tp->tv_sec = t;
+ tp->tv_usec = 0;
+ return 0;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/getuid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getuid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getuid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_GETUID
+
+RCSID("$Id: getuid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int ROKEN_LIB_FUNCTION
+getuid(void)
+{
+ return 17;
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/getusershell.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/getusershell.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/getusershell.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 1985, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+RCSID("$Id: getusershell.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef HAVE_GETUSERSHELL
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_USERSEC_H
+struct aud_rec;
+#include <usersec.h>
+#endif
+#ifdef HAVE_USERCONF_H
+#include <userconf.h>
+#endif
+#include "roken.h"
+
+#ifndef _PATH_SHELLS
+#define _PATH_SHELLS "/etc/shells"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef _PATH_CSHELL
+#define _PATH_CSHELL "/bin/csh"
+#endif
+
+/*
+ * Local shells should NOT be added here. They should be added in
+ * /etc/shells.
+ */
+
+static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL };
+static char **curshell, **shells, *strings;
+static char **initshells (void);
+
+/*
+ * Get a list of shells from _PATH_SHELLS, if it exists.
+ */
+char * ROKEN_LIB_FUNCTION
+getusershell()
+{
+ char *ret;
+
+ if (curshell == NULL)
+ curshell = initshells();
+ ret = *curshell;
+ if (ret != NULL)
+ curshell++;
+ return (ret);
+}
+
+void ROKEN_LIB_FUNCTION
+endusershell()
+{
+ if (shells != NULL)
+ free(shells);
+ shells = NULL;
+ if (strings != NULL)
+ free(strings);
+ strings = NULL;
+ curshell = NULL;
+}
+
+void ROKEN_LIB_FUNCTION
+setusershell()
+{
+ curshell = initshells();
+}
+
+static char **
+initshells()
+{
+ char **sp, *cp;
+#ifdef HAVE_GETCONFATTR
+ char *tmp;
+ int nsh;
+#else
+ FILE *fp;
+#endif
+ struct stat statb;
+
+ free(shells);
+ shells = NULL;
+ free(strings);
+ strings = NULL;
+#ifdef HAVE_GETCONFATTR
+ if(getconfattr(SC_SYS_LOGIN, SC_SHELLS, &tmp, SEC_LIST) != 0)
+ return okshells;
+
+ for(cp = tmp, nsh = 0; *cp; cp += strlen(cp) + 1, nsh++);
+
+ shells = calloc(nsh + 1, sizeof(*shells));
+ if(shells == NULL)
+ return okshells;
+
+ strings = malloc(cp - tmp);
+ if(strings == NULL) {
+ free(shells);
+ shells = NULL;
+ return okshells;
+ }
+ memcpy(strings, tmp, cp - tmp);
+ for(sp = shells, cp = strings; *cp; cp += strlen(cp) + 1, sp++)
+ *sp = cp;
+#else
+ if ((fp = fopen(_PATH_SHELLS, "r")) == NULL)
+ return (okshells);
+ if (fstat(fileno(fp), &statb) == -1) {
+ fclose(fp);
+ return (okshells);
+ }
+ if ((strings = malloc((u_int)statb.st_size)) == NULL) {
+ fclose(fp);
+ return (okshells);
+ }
+ shells = calloc((unsigned)statb.st_size / 3, sizeof (char *));
+ if (shells == NULL) {
+ fclose(fp);
+ free(strings);
+ strings = NULL;
+ return (okshells);
+ }
+ sp = shells;
+ cp = strings;
+ while (fgets(cp, MaxPathLen + 1, fp) != NULL) {
+ while (*cp != '#' && *cp != '/' && *cp != '\0')
+ cp++;
+ if (*cp == '#' || *cp == '\0')
+ continue;
+ *sp++ = cp;
+ while (!isspace((unsigned char)*cp) && *cp != '#' && *cp != '\0')
+ cp++;
+ *cp++ = '\0';
+ }
+ fclose(fp);
+#endif
+ *sp = NULL;
+ return (shells);
+}
+#endif /* HAVE_GETUSERSHELL */
Added: vendor-crypto/heimdal/dist/lib/roken/glob.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/glob.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/glob.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,850 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ * Escaping convention: \ inhibits any special meaning the following
+ * character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ * Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ * Same as GLOB_NOCHECK, but it will only append pattern if it did
+ * not contain any magic characters. [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ * Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ * expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ * expand {1,2}{a,b} to 1a 1b 2a 2b
+ * gl_matchc:
+ * Number of matches in the current invocation of glob.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+#include <dirent.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "glob.h"
+#include "roken.h"
+
+#ifndef ARG_MAX
+#define ARG_MAX _POSIX_ARG_MAX
+#endif
+
+#define CHAR_DOLLAR '$'
+#define CHAR_DOT '.'
+#define CHAR_EOS '\0'
+#define CHAR_LBRACKET '['
+#define CHAR_NOT '!'
+#define CHAR_QUESTION '?'
+#define CHAR_QUOTE '\\'
+#define CHAR_RANGE '-'
+#define CHAR_RBRACKET ']'
+#define CHAR_SEP '/'
+#define CHAR_STAR '*'
+#define CHAR_TILDE '~'
+#define CHAR_UNDERSCORE '_'
+#define CHAR_LBRACE '{'
+#define CHAR_RBRACE '}'
+#define CHAR_SLASH '/'
+#define CHAR_COMMA ','
+
+#ifndef DEBUG
+
+#define M_QUOTE 0x8000
+#define M_PROTECT 0x4000
+#define M_MASK 0xffff
+#define M_ASCII 0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define M_QUOTE 0x80
+#define M_PROTECT 0x40
+#define M_MASK 0xff
+#define M_ASCII 0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define CHAR(c) ((Char)((c)&M_ASCII))
+#define META(c) ((Char)((c)|M_QUOTE))
+#define M_ALL META('*')
+#define M_END META(']')
+#define M_NOT META('!')
+#define M_ONE META('?')
+#define M_RNG META('-')
+#define M_SET META('[')
+#define ismeta(c) (((c)&M_QUOTE) != 0)
+
+
+static int compare (const void *, const void *);
+static void g_Ctoc (const Char *, char *);
+static int g_lstat (Char *, struct stat *, glob_t *);
+static DIR *g_opendir (Char *, glob_t *);
+static Char *g_strchr (const Char *, int);
+#ifdef notdef
+static Char *g_strcat (Char *, const Char *);
+#endif
+static int g_stat (Char *, struct stat *, glob_t *);
+static int glob0 (const Char *, glob_t *);
+static int glob1 (Char *, glob_t *, size_t *);
+static int glob2 (Char *, Char *, Char *, glob_t *, size_t *);
+static int glob3 (Char *, Char *, Char *, Char *, glob_t *, size_t *);
+static int globextend (const Char *, glob_t *, size_t *);
+static const Char * globtilde (const Char *, Char *, glob_t *);
+static int globexp1 (const Char *, glob_t *);
+static int globexp2 (const Char *, const Char *, glob_t *, int *);
+static int match (Char *, Char *, Char *);
+#ifdef DEBUG
+static void qprintf (const char *, Char *);
+#endif
+
+int ROKEN_LIB_FUNCTION
+glob(const char *pattern,
+ int flags,
+ int (*errfunc)(const char *, int),
+ glob_t *pglob)
+{
+ const u_char *patnext;
+ int c;
+ Char *bufnext, *bufend, patbuf[MaxPathLen+1];
+
+ patnext = (const u_char *) pattern;
+ if (!(flags & GLOB_APPEND)) {
+ pglob->gl_pathc = 0;
+ pglob->gl_pathv = NULL;
+ if (!(flags & GLOB_DOOFFS))
+ pglob->gl_offs = 0;
+ }
+ pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ pglob->gl_errfunc = errfunc;
+ pglob->gl_matchc = 0;
+
+ bufnext = patbuf;
+ bufend = bufnext + MaxPathLen;
+ if (flags & GLOB_QUOTE) {
+ /* Protect the quoted characters. */
+ while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
+ if (c == CHAR_QUOTE) {
+ if ((c = *patnext++) == CHAR_EOS) {
+ c = CHAR_QUOTE;
+ --patnext;
+ }
+ *bufnext++ = c | M_PROTECT;
+ }
+ else
+ *bufnext++ = c;
+ }
+ else
+ while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
+ *bufnext++ = c;
+ *bufnext = CHAR_EOS;
+
+ if (flags & GLOB_BRACE)
+ return globexp1(patbuf, pglob);
+ else
+ return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int globexp1(const Char *pattern, glob_t *pglob)
+{
+ const Char* ptr = pattern;
+ int rv;
+
+ /* Protect a single {}, for find(1), like csh */
+ if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
+ return glob0(pattern, pglob);
+
+ while ((ptr = (const Char *) g_strchr(ptr, CHAR_LBRACE)) != NULL)
+ if (!globexp2(ptr, pattern, pglob, &rv))
+ return rv;
+
+ return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int globexp2(const Char *ptr, const Char *pattern,
+ glob_t *pglob, int *rv)
+{
+ int i;
+ Char *lm, *ls;
+ const Char *pe, *pm, *pl;
+ Char patbuf[MaxPathLen + 1];
+
+ /* copy part up to the brace */
+ for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+ continue;
+ ls = lm;
+
+ /* Find the balanced brace */
+ for (i = 0, pe = ++ptr; *pe; pe++)
+ if (*pe == CHAR_LBRACKET) {
+ /* Ignore everything between [] */
+ for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
+ continue;
+ if (*pe == CHAR_EOS) {
+ /*
+ * We could not find a matching CHAR_RBRACKET.
+ * Ignore and just look for CHAR_RBRACE
+ */
+ pe = pm;
+ }
+ }
+ else if (*pe == CHAR_LBRACE)
+ i++;
+ else if (*pe == CHAR_RBRACE) {
+ if (i == 0)
+ break;
+ i--;
+ }
+
+ /* Non matching braces; just glob the pattern */
+ if (i != 0 || *pe == CHAR_EOS) {
+ *rv = glob0(patbuf, pglob);
+ return 0;
+ }
+
+ for (i = 0, pl = pm = ptr; pm <= pe; pm++)
+ switch (*pm) {
+ case CHAR_LBRACKET:
+ /* Ignore everything between [] */
+ for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
+ continue;
+ if (*pm == CHAR_EOS) {
+ /*
+ * We could not find a matching CHAR_RBRACKET.
+ * Ignore and just look for CHAR_RBRACE
+ */
+ pm = pl;
+ }
+ break;
+
+ case CHAR_LBRACE:
+ i++;
+ break;
+
+ case CHAR_RBRACE:
+ if (i) {
+ i--;
+ break;
+ }
+ /* FALLTHROUGH */
+ case CHAR_COMMA:
+ if (i && *pm == CHAR_COMMA)
+ break;
+ else {
+ /* Append the current string */
+ for (lm = ls; (pl < pm); *lm++ = *pl++)
+ continue;
+ /*
+ * Append the rest of the pattern after the
+ * closing brace
+ */
+ for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
+ continue;
+
+ /* Expand the current pattern */
+#ifdef DEBUG
+ qprintf("globexp2:", patbuf);
+#endif
+ *rv = globexp1(patbuf, pglob);
+
+ /* move after the comma, to the next string */
+ pl = pm + 1;
+ }
+ break;
+
+ default:
+ break;
+ }
+ *rv = 0;
+ return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
+{
+ struct passwd *pwd;
+ char *h;
+ const Char *p;
+ Char *b;
+
+ if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
+ return pattern;
+
+ /* Copy up to the end of the string or / */
+ for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH;
+ *h++ = *p++)
+ continue;
+
+ *h = CHAR_EOS;
+
+ if (((char *) patbuf)[0] == CHAR_EOS) {
+ /*
+ * handle a plain ~ or ~/ by expanding $HOME
+ * first and then trying the password file
+ */
+ if ((h = getenv("HOME")) == NULL) {
+ if ((pwd = k_getpwuid(getuid())) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+ }
+ else {
+ /*
+ * Expand a ~user
+ */
+ if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
+ return pattern;
+ else
+ h = pwd->pw_dir;
+ }
+
+ /* Copy the home directory */
+ for (b = patbuf; *h; *b++ = *h++)
+ continue;
+
+ /* Append the rest of the pattern */
+ while ((*b++ = *p++) != CHAR_EOS)
+ continue;
+
+ return patbuf;
+}
+
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested). Returns 0
+ * if things went well, nonzero if errors occurred. It is not an error
+ * to find no matches.
+ */
+static int
+glob0(const Char *pattern, glob_t *pglob)
+{
+ const Char *qpatnext;
+ int c, err, oldpathc;
+ Char *bufnext, patbuf[MaxPathLen+1];
+ size_t limit = 0;
+
+ qpatnext = globtilde(pattern, patbuf, pglob);
+ oldpathc = pglob->gl_pathc;
+ bufnext = patbuf;
+
+ /* We don't need to check for buffer overflow any more. */
+ while ((c = *qpatnext++) != CHAR_EOS) {
+ switch (c) {
+ case CHAR_LBRACKET:
+ c = *qpatnext;
+ if (c == CHAR_NOT)
+ ++qpatnext;
+ if (*qpatnext == CHAR_EOS ||
+ g_strchr(qpatnext+1, CHAR_RBRACKET) == NULL) {
+ *bufnext++ = CHAR_LBRACKET;
+ if (c == CHAR_NOT)
+ --qpatnext;
+ break;
+ }
+ *bufnext++ = M_SET;
+ if (c == CHAR_NOT)
+ *bufnext++ = M_NOT;
+ c = *qpatnext++;
+ do {
+ *bufnext++ = CHAR(c);
+ if (*qpatnext == CHAR_RANGE &&
+ (c = qpatnext[1]) != CHAR_RBRACKET) {
+ *bufnext++ = M_RNG;
+ *bufnext++ = CHAR(c);
+ qpatnext += 2;
+ }
+ } while ((c = *qpatnext++) != CHAR_RBRACKET);
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ *bufnext++ = M_END;
+ break;
+ case CHAR_QUESTION:
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ *bufnext++ = M_ONE;
+ break;
+ case CHAR_STAR:
+ pglob->gl_flags |= GLOB_MAGCHAR;
+ /* collapse adjacent stars to one,
+ * to avoid exponential behavior
+ */
+ if (bufnext == patbuf || bufnext[-1] != M_ALL)
+ *bufnext++ = M_ALL;
+ break;
+ default:
+ *bufnext++ = CHAR(c);
+ break;
+ }
+ }
+ *bufnext = CHAR_EOS;
+#ifdef DEBUG
+ qprintf("glob0:", patbuf);
+#endif
+
+ if ((err = glob1(patbuf, pglob, &limit)) != 0)
+ return(err);
+
+ /*
+ * If there was no match we are going to append the pattern
+ * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
+ * and the pattern did not contain any magic characters
+ * GLOB_NOMAGIC is there just for compatibility with csh.
+ */
+ if (pglob->gl_pathc == oldpathc &&
+ ((pglob->gl_flags & GLOB_NOCHECK) ||
+ ((pglob->gl_flags & GLOB_NOMAGIC) &&
+ !(pglob->gl_flags & GLOB_MAGCHAR))))
+ return(globextend(pattern, pglob, &limit));
+ else if (!(pglob->gl_flags & GLOB_NOSORT))
+ qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+ pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+ return(0);
+}
+
+static int
+compare(const void *p, const void *q)
+{
+ return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(Char *pattern, glob_t *pglob, size_t *limit)
+{
+ Char pathbuf[MaxPathLen+1];
+
+ /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+ if (*pattern == CHAR_EOS)
+ return(0);
+ return(glob2(pathbuf, pathbuf, pattern, pglob, limit));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+
+#ifndef S_ISLNK
+#if defined(S_IFLNK) && defined(S_IFMT)
+#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
+#else
+#define S_ISLNK(mode) 0
+#endif
+#endif
+
+static int
+glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob,
+ size_t *limit)
+{
+ struct stat sb;
+ Char *p, *q;
+ int anymeta;
+
+ /*
+ * Loop over pattern segments until end of pattern or until
+ * segment with meta character found.
+ */
+ for (anymeta = 0;;) {
+ if (*pattern == CHAR_EOS) { /* End of pattern? */
+ *pathend = CHAR_EOS;
+ if (g_lstat(pathbuf, &sb, pglob))
+ return(0);
+
+ if (((pglob->gl_flags & GLOB_MARK) &&
+ pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
+ || (S_ISLNK(sb.st_mode) &&
+ (g_stat(pathbuf, &sb, pglob) == 0) &&
+ S_ISDIR(sb.st_mode)))) {
+ *pathend++ = CHAR_SEP;
+ *pathend = CHAR_EOS;
+ }
+ ++pglob->gl_matchc;
+ return(globextend(pathbuf, pglob, limit));
+ }
+
+ /* Find end of next segment, copy tentatively to pathend. */
+ q = pathend;
+ p = pattern;
+ while (*p != CHAR_EOS && *p != CHAR_SEP) {
+ if (ismeta(*p))
+ anymeta = 1;
+ *q++ = *p++;
+ }
+
+ if (!anymeta) { /* No expansion, do next segment. */
+ pathend = q;
+ pattern = p;
+ while (*pattern == CHAR_SEP)
+ *pathend++ = *pattern++;
+ } else /* Need expansion, recurse. */
+ return(glob3(pathbuf, pathend, pattern, p, pglob,
+ limit));
+ }
+ /* NOTREACHED */
+}
+
+static int
+glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern,
+ glob_t *pglob, size_t *limit)
+{
+ struct dirent *dp;
+ DIR *dirp;
+ int err;
+ char buf[MaxPathLen];
+
+ /*
+ * The readdirfunc declaration can't be prototyped, because it is
+ * assigned, below, to two functions which are prototyped in glob.h
+ * and dirent.h as taking pointers to differently typed opaque
+ * structures.
+ */
+ struct dirent *(*readdirfunc)(void *);
+
+ *pathend = CHAR_EOS;
+ errno = 0;
+
+ if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+ /* TODO: don't call for ENOENT or ENOTDIR? */
+ if (pglob->gl_errfunc) {
+ g_Ctoc(pathbuf, buf);
+ if (pglob->gl_errfunc(buf, errno) ||
+ pglob->gl_flags & GLOB_ERR)
+ return (GLOB_ABEND);
+ }
+ return(0);
+ }
+
+ err = 0;
+
+ /* Search directory for matching names. */
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ readdirfunc = pglob->gl_readdir;
+ else
+ readdirfunc = (struct dirent *(*)(void *))readdir;
+ while ((dp = (*readdirfunc)(dirp))) {
+ u_char *sc;
+ Char *dc;
+
+ /* Initial CHAR_DOT must be matched literally. */
+ if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
+ continue;
+ for (sc = (u_char *) dp->d_name, dc = pathend;
+ (*dc++ = *sc++) != CHAR_EOS;)
+ continue;
+ if (!match(pathend, pattern, restpattern)) {
+ *pathend = CHAR_EOS;
+ continue;
+ }
+ err = glob2(pathbuf, --dc, restpattern, pglob, limit);
+ if (err)
+ break;
+ }
+
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ (*pglob->gl_closedir)(dirp);
+ else
+ closedir(dirp);
+ return(err);
+}
+
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ * gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(const Char *path, glob_t *pglob, size_t *limit)
+{
+ char **pathv;
+ int i;
+ size_t newsize, len;
+ char *copy;
+ const Char *p;
+
+ newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+ pathv = pglob->gl_pathv ?
+ realloc(pglob->gl_pathv, newsize) :
+ malloc(newsize);
+ if (pathv == NULL)
+ return(GLOB_NOSPACE);
+
+ if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+ /* first time around -- clear initial gl_offs items */
+ pathv += pglob->gl_offs;
+ for (i = pglob->gl_offs; --i >= 0; )
+ *--pathv = NULL;
+ }
+ pglob->gl_pathv = pathv;
+
+ for (p = path; *p++;)
+ continue;
+ len = (size_t)(p - path);
+ *limit += len;
+ if ((copy = malloc(len)) != NULL) {
+ g_Ctoc(path, copy);
+ pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+ }
+ pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+
+ if ((pglob->gl_flags & GLOB_LIMIT) && (newsize + *limit) >= ARG_MAX) {
+ errno = 0;
+ return(GLOB_NOSPACE);
+ }
+
+ return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+
+/*
+ * pattern matching function for filenames. Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(Char *name, Char *pat, Char *patend)
+{
+ int ok, negate_range;
+ Char c, k;
+
+ while (pat < patend) {
+ c = *pat++;
+ switch (c & M_MASK) {
+ case M_ALL:
+ if (pat == patend)
+ return(1);
+ do
+ if (match(name, pat, patend))
+ return(1);
+ while (*name++ != CHAR_EOS);
+ return(0);
+ case M_ONE:
+ if (*name++ == CHAR_EOS)
+ return(0);
+ break;
+ case M_SET:
+ ok = 0;
+ if ((k = *name++) == CHAR_EOS)
+ return(0);
+ if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
+ ++pat;
+ while (((c = *pat++) & M_MASK) != M_END)
+ if ((*pat & M_MASK) == M_RNG) {
+ if (c <= k && k <= pat[1])
+ ok = 1;
+ pat += 2;
+ } else if (c == k)
+ ok = 1;
+ if (ok == negate_range)
+ return(0);
+ break;
+ default:
+ if (*name++ != c)
+ return(0);
+ break;
+ }
+ }
+ return(*name == CHAR_EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void ROKEN_LIB_FUNCTION
+globfree(glob_t *pglob)
+{
+ int i;
+ char **pp;
+
+ if (pglob->gl_pathv != NULL) {
+ pp = pglob->gl_pathv + pglob->gl_offs;
+ for (i = pglob->gl_pathc; i--; ++pp)
+ if (*pp)
+ free(*pp);
+ free(pglob->gl_pathv);
+ pglob->gl_pathv = NULL;
+ }
+}
+
+static DIR *
+g_opendir(Char *str, glob_t *pglob)
+{
+ char buf[MaxPathLen];
+
+ if (!*str)
+ strlcpy(buf, ".", sizeof(buf));
+ else
+ g_Ctoc(str, buf);
+
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ return((*pglob->gl_opendir)(buf));
+
+ return(opendir(buf));
+}
+
+static int
+g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+ char buf[MaxPathLen];
+
+ g_Ctoc(fn, buf);
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ return((*pglob->gl_lstat)(buf, sb));
+ return(lstat(buf, sb));
+}
+
+static int
+g_stat(Char *fn, struct stat *sb, glob_t *pglob)
+{
+ char buf[MaxPathLen];
+
+ g_Ctoc(fn, buf);
+ if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ return((*pglob->gl_stat)(buf, sb));
+ return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(const Char *str, int ch)
+{
+ do {
+ if (*str == ch)
+ return (Char *)str;
+ } while (*str++);
+ return (NULL);
+}
+
+#ifdef notdef
+static Char *
+g_strcat(Char *dst, const Char *src)
+{
+ Char *sdst = dst;
+
+ while (*dst++)
+ continue;
+ --dst;
+ while((*dst++ = *src++) != CHAR_EOS)
+ continue;
+
+ return (sdst);
+}
+#endif
+
+static void
+g_Ctoc(const Char *str, char *buf)
+{
+ char *dc;
+
+ for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
+ continue;
+}
+
+#ifdef DEBUG
+static void
+qprintf(const Char *str, Char *s)
+{
+ Char *p;
+
+ printf("%s:\n", str);
+ for (p = s; *p; p++)
+ printf("%c", CHAR(*p));
+ printf("\n");
+ for (p = s; *p; p++)
+ printf("%c", *p & M_PROTECT ? '"' : ' ');
+ printf("\n");
+ for (p = s; *p; p++)
+ printf("%c", ismeta(*p) ? '_' : ' ');
+ printf("\n");
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/glob.hin
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/glob.hin (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/glob.hin 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)glob.h 8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define _GLOB_H_
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define glob_t rk_glob_t
+#define glob rk_glob
+#define globfree rk_globfree
+
+struct stat;
+typedef struct {
+ int gl_pathc; /* Count of total paths so far. */
+ int gl_matchc; /* Count of paths matching pattern. */
+ int gl_offs; /* Reserved at beginning of gl_pathv. */
+ int gl_flags; /* Copy of flags parameter to glob. */
+ char **gl_pathv; /* List of paths matching pattern. */
+ /* Copy of errfunc parameter to glob. */
+ int (*gl_errfunc) (const char *, int);
+
+ /*
+ * Alternate filesystem access methods for glob; replacement
+ * versions of closedir(3), readdir(3), opendir(3), stat(2)
+ * and lstat(2).
+ */
+ void (*gl_closedir) (void *);
+ struct dirent *(*gl_readdir) (void *);
+ void *(*gl_opendir) (const char *);
+ int (*gl_lstat) (const char *, struct stat *);
+ int (*gl_stat) (const char *, struct stat *);
+} glob_t;
+
+#define GLOB_APPEND 0x0001 /* Append to output from previous call. */
+#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */
+#define GLOB_ERR 0x0004 /* Return on error. */
+#define GLOB_MARK 0x0008 /* Append / to matching directories. */
+#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
+#define GLOB_NOSORT 0x0020 /* Don't sort. */
+
+#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
+#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
+#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */
+#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
+#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
+#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
+#define GLOB_LIMIT 0x1000 /* Limit memory used by matches to ARG_MAX */
+
+#define GLOB_NOSPACE (-1) /* Malloc call failed. */
+#define GLOB_ABEND (-2) /* Unignored error. */
+
+int ROKEN_LIB_FUNCTION
+glob (const char *, int, int (*)(const char *, int), glob_t *);
+
+void ROKEN_LIB_FUNCTION
+globfree (glob_t *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_GLOB_H_ */
Added: vendor-crypto/heimdal/dist/lib/roken/h_errno.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/h_errno.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/h_errno.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: h_errno.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifndef HAVE_H_ERRNO
+int h_errno = -17; /* Some magic number */
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/hex-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/hex-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/hex-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 1999 - 2001, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+
+RCSID("$Id: hex-test.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <hex.h>
+
+int
+main(int argc, char **argv)
+{
+ int numerr = 0;
+ int numtest = 1;
+ struct test {
+ void *data;
+ size_t len;
+ const char *result;
+ } *t, tests[] = {
+ { "", 0 , "" },
+ { "a", 1, "61" },
+ { "ab", 2, "6162" },
+ { "abc", 3, "616263" },
+ { "abcd", 4, "61626364" },
+ { "abcde", 5, "6162636465" },
+ { "abcdef", 6, "616263646566" },
+ { "abcdefg", 7, "61626364656667" },
+ { "=", 1, "3D" },
+ { NULL }
+ };
+ for(t = tests; t->data; t++) {
+ char *str;
+ int len;
+ len = hex_encode(t->data, t->len, &str);
+ if(strcmp(str, t->result) != 0) {
+ fprintf(stderr, "failed test %d: %s != %s\n", numtest,
+ str, t->result);
+ numerr++;
+ }
+ free(str);
+ str = strdup(t->result);
+ len = strlen(str);
+ len = hex_decode(t->result, str, len);
+ if(len != t->len) {
+ fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
+ (unsigned long)len, (unsigned long)t->len);
+ numerr++;
+ } else if(memcmp(str, t->data, t->len) != 0) {
+ fprintf(stderr, "failed test %d: data\n", numtest);
+ numerr++;
+ }
+ free(str);
+ numtest++;
+ }
+
+ {
+ unsigned char buf[2] = { 0, 0xff } ;
+ int len;
+
+ len = hex_decode("A", buf, 1);
+ if (len != 1) {
+ fprintf(stderr, "len != 1");
+ numerr++;
+ }
+ if (buf[0] != 10) {
+ fprintf(stderr, "buf != 10");
+ numerr++;
+ }
+ if (buf[1] != 0xff) {
+ fprintf(stderr, "buf != 0xff");
+ numerr++;
+ }
+
+ }
+
+ return numerr;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/hex.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/hex.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/hex.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2004-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: hex.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include "roken.h"
+#include <ctype.h>
+#include "hex.h"
+
+const static char hexchar[] = "0123456789ABCDEF";
+
+static int
+pos(char c)
+{
+ const char *p;
+ c = toupper((unsigned char)c);
+ for (p = hexchar; *p; p++)
+ if (*p == c)
+ return p - hexchar;
+ return -1;
+}
+
+ssize_t ROKEN_LIB_FUNCTION
+hex_encode(const void *data, size_t size, char **str)
+{
+ const unsigned char *q = data;
+ size_t i;
+ char *p;
+
+ /* check for overflow */
+ if (size * 2 < size)
+ return -1;
+
+ p = malloc(size * 2 + 1);
+ if (p == NULL)
+ return -1;
+
+ for (i = 0; i < size; i++) {
+ p[i * 2] = hexchar[(*q >> 4) & 0xf];
+ p[i * 2 + 1] = hexchar[*q & 0xf];
+ q++;
+ }
+ p[i * 2] = '\0';
+ *str = p;
+
+ return i * 2;
+}
+
+ssize_t ROKEN_LIB_FUNCTION
+hex_decode(const char *str, void *data, size_t len)
+{
+ size_t l;
+ unsigned char *p = data;
+ size_t i;
+
+ l = strlen(str);
+
+ /* check for overflow, same as (l+1)/2 but overflow safe */
+ if ((l/2) + (l&1) > len)
+ return -1;
+
+ i = 0;
+ if (l & 1) {
+ p[0] = pos(str[0]);
+ str++;
+ p++;
+ }
+ for (i = 0; i < l / 2; i++)
+ p[i] = pos(str[i * 2]) << 4 | pos(str[(i * 2) + 1]);
+ return i + (l & 1);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/hex.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/hex.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/hex.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: hex.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef _rk_HEX_H_
+#define _rk_HEX_H_ 1
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#define hex_encode rk_hex_encode
+#define hex_decode rk_hex_decode
+
+ssize_t ROKEN_LIB_FUNCTION
+ hex_encode(const void *, size_t, char **);
+ssize_t ROKEN_LIB_FUNCTION
+ hex_decode(const char *, void *, size_t);
+
+#endif /* _rk_HEX_H_ */
Added: vendor-crypto/heimdal/dist/lib/roken/hostent_find_fqdn.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/hostent_find_fqdn.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/hostent_find_fqdn.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: hostent_find_fqdn.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * Try to find a fqdn (with `.') in he if possible, else return h_name
+ */
+
+const char * ROKEN_LIB_FUNCTION
+hostent_find_fqdn (const struct hostent *he)
+{
+ const char *ret = he->h_name;
+ const char **h;
+
+ if (strchr (ret, '.') == NULL)
+ for (h = (const char **)he->h_aliases; *h != NULL; ++h) {
+ if (strchr (*h, '.') != NULL) {
+ ret = *h;
+ break;
+ }
+ }
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/hstrerror.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/hstrerror.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/hstrerror.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: hstrerror.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifndef HAVE_HSTRERROR
+
+#if (defined(SunOS) && (SunOS >= 50))
+#define hstrerror broken_proto
+#endif
+#include "roken.h"
+#if (defined(SunOS) && (SunOS >= 50))
+#undef hstrerror
+#endif
+
+#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR))
+static const char *const h_errlist[] = {
+ "Resolver Error 0 (no error)",
+ "Unknown host", /* 1 HOST_NOT_FOUND */
+ "Host name lookup failure", /* 2 TRY_AGAIN */
+ "Unknown server error", /* 3 NO_RECOVERY */
+ "No address associated with name", /* 4 NO_ADDRESS */
+};
+
+static
+const
+int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] };
+#else
+
+#if !HAVE_DECL_H_ERRLIST
+extern const char *h_errlist[];
+extern int h_nerr;
+#endif
+
+#endif
+
+const char * ROKEN_LIB_FUNCTION
+hstrerror(int herr)
+{
+ if (0 <= herr && herr < h_nerr)
+ return h_errlist[herr];
+ else if(herr == -17)
+ return "unknown error";
+ else
+ return "Error number out of range (hstrerror)";
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/ifaddrs.hin
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ifaddrs.hin (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ifaddrs.hin 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ifaddrs.hin,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __ifaddrs_h__
+#define __ifaddrs_h__
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+/*
+ * the interface is defined in terms of the fields below, and this is
+ * sometimes #define'd, so there seems to be no simple way of solving
+ * this and this seemed the best. */
+
+#undef ifa_dstaddr
+
+struct ifaddrs {
+ struct ifaddrs *ifa_next;
+ char *ifa_name;
+ unsigned int ifa_flags;
+ struct sockaddr *ifa_addr;
+ struct sockaddr *ifa_netmask;
+ struct sockaddr *ifa_dstaddr;
+ void *ifa_data;
+};
+
+#ifndef ifa_broadaddr
+#define ifa_broadaddr ifa_dstaddr
+#endif
+
+int ROKEN_LIB_FUNCTION
+rk_getifaddrs(struct ifaddrs**);
+
+void ROKEN_LIB_FUNCTION
+rk_freeifaddrs(struct ifaddrs*);
+
+#define getifaddrs(a) rk_getifaddrs(a)
+#define freeifaddrs(a) rk_freeifaddrs(a)
+
+#endif /* __ifaddrs_h__ */
Added: vendor-crypto/heimdal/dist/lib/roken/inet_aton.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/inet_aton.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/inet_aton.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_aton.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/* Minimal implementation of inet_aton.
+ * Cannot distinguish between failure and a local broadcast address. */
+
+int ROKEN_LIB_FUNCTION
+inet_aton(const char *cp, struct in_addr *addr)
+{
+ addr->s_addr = inet_addr(cp);
+ return (addr->s_addr == INADDR_NONE) ? 0 : 1;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/inet_ntop.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/inet_ntop.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/inet_ntop.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_ntop.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ *
+ */
+
+static const char *
+inet_ntop_v4 (const void *src, char *dst, size_t size)
+{
+ const char digits[] = "0123456789";
+ int i;
+ struct in_addr *addr = (struct in_addr *)src;
+ u_long a = ntohl(addr->s_addr);
+ const char *orig_dst = dst;
+
+ if (size < INET_ADDRSTRLEN) {
+ errno = ENOSPC;
+ return NULL;
+ }
+ for (i = 0; i < 4; ++i) {
+ int n = (a >> (24 - i * 8)) & 0xFF;
+ int non_zerop = 0;
+
+ if (non_zerop || n / 100 > 0) {
+ *dst++ = digits[n / 100];
+ n %= 100;
+ non_zerop = 1;
+ }
+ if (non_zerop || n / 10 > 0) {
+ *dst++ = digits[n / 10];
+ n %= 10;
+ non_zerop = 1;
+ }
+ *dst++ = digits[n];
+ if (i != 3)
+ *dst++ = '.';
+ }
+ *dst++ = '\0';
+ return orig_dst;
+}
+
+#ifdef HAVE_IPV6
+static const char *
+inet_ntop_v6 (const void *src, char *dst, size_t size)
+{
+ const char xdigits[] = "0123456789abcdef";
+ int i;
+ const struct in6_addr *addr = (struct in6_addr *)src;
+ const u_char *ptr = addr->s6_addr;
+ const char *orig_dst = dst;
+
+ if (size < INET6_ADDRSTRLEN) {
+ errno = ENOSPC;
+ return NULL;
+ }
+ for (i = 0; i < 8; ++i) {
+ int non_zerop = 0;
+
+ if (non_zerop || (ptr[0] >> 4)) {
+ *dst++ = xdigits[ptr[0] >> 4];
+ non_zerop = 1;
+ }
+ if (non_zerop || (ptr[0] & 0x0F)) {
+ *dst++ = xdigits[ptr[0] & 0x0F];
+ non_zerop = 1;
+ }
+ if (non_zerop || (ptr[1] >> 4)) {
+ *dst++ = xdigits[ptr[1] >> 4];
+ non_zerop = 1;
+ }
+ *dst++ = xdigits[ptr[1] & 0x0F];
+ if (i != 7)
+ *dst++ = ':';
+ ptr += 2;
+ }
+ *dst++ = '\0';
+ return orig_dst;
+}
+#endif /* HAVE_IPV6 */
+
+const char * ROKEN_LIB_FUNCTION
+inet_ntop(int af, const void *src, char *dst, size_t size)
+{
+ switch (af) {
+ case AF_INET :
+ return inet_ntop_v4 (src, dst, size);
+#ifdef HAVE_IPV6
+ case AF_INET6 :
+ return inet_ntop_v6 (src, dst, size);
+#endif
+ default :
+ errno = EAFNOSUPPORT;
+ return NULL;
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/roken/inet_pton.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/inet_pton.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/inet_pton.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: inet_pton.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+inet_pton(int af, const char *src, void *dst)
+{
+ if (af != AF_INET) {
+ errno = EAFNOSUPPORT;
+ return -1;
+ }
+ return inet_aton (src, dst);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/initgroups.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/initgroups.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/initgroups.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: initgroups.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+initgroups(const char *name, gid_t basegid)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/innetgr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/innetgr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/innetgr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_INNETGR
+
+RCSID("$Id: innetgr.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+int ROKEN_LIB_FUNCTION
+innetgr(const char *netgroup, const char *machine,
+ const char *user, const char *domain)
+{
+ return 0;
+}
+#endif
+
Added: vendor-crypto/heimdal/dist/lib/roken/install-sh
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/install-sh (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/install-sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission. M.I.T. makes no representations about the
+# suitability of this software for any purpose. It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch. It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+ case $1 in
+ -c) instcmd="$cpprog"
+ shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -m) chmodcmd="$chmodprog $2"
+ shift
+ shift
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd="$stripprog"
+ shift
+ continue;;
+
+ -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+ shift
+ continue;;
+
+ -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+ shift
+ continue;;
+
+ *) if [ x"$src" = x ]
+ then
+ src=$1
+ else
+ # this colon is to work around a 386BSD /bin/sh bug
+ :
+ dst=$1
+ fi
+ shift
+ continue;;
+ esac
+done
+
+if [ x"$src" = x ]
+then
+ echo "install: no input file specified"
+ exit 1
+else
+ true
+fi
+
+if [ x"$dir_arg" != x ]; then
+ dst=$src
+ src=""
+
+ if [ -d $dst ]; then
+ instcmd=:
+ chmodcmd=""
+ else
+ instcmd=mkdir
+ fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad
+# if $src (and thus $dsttmp) contains '*'.
+
+ if [ -f $src -o -d $src ]
+ then
+ true
+ else
+ echo "install: $src does not exist"
+ exit 1
+ fi
+
+ if [ x"$dst" = x ]
+ then
+ echo "install: no destination specified"
+ exit 1
+ else
+ true
+ fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+ if [ -d $dst ]
+ then
+ dst="$dst"/`basename $src`
+ else
+ true
+ fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+# this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+ pathcomp="${pathcomp}${1}"
+ shift
+
+ if [ ! -d "${pathcomp}" ] ;
+ then
+ $mkdirprog "${pathcomp}"
+ else
+ true
+ fi
+
+ pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+ $doit $instcmd $dst &&
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+ if [ x"$transformarg" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ dstfile=`basename $dst $transformbasename |
+ sed $transformarg`$transformbasename
+ fi
+
+# don't allow the sed command to completely eliminate the filename
+
+ if [ x"$dstfile" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ true
+ fi
+
+# Make a temp file name in the proper directory.
+
+ dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+ $doit $instcmd $src $dsttmp &&
+
+ trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing. If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+ $doit $rmcmd -f $dstdir/$dstfile &&
+ $doit $mvcmd $dsttmp $dstdir/$dstfile
+
+fi &&
+
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/roken/iruserok.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/iruserok.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/iruserok.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,284 @@
+/*
+ * Copyright (c) 1983, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: iruserok.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
+
+#include "roken.h"
+
+int __check_rhosts_file = 1;
+char *__rcmd_errstr = 0;
+
+/*
+ * Returns "true" if match, 0 if no match.
+ */
+static
+int
+__icheckhost(unsigned raddr, const char *lhost)
+{
+ struct hostent *hp;
+ u_long laddr;
+ char **pp;
+
+ /* Try for raw ip address first. */
+ if (isdigit((unsigned char)*lhost)
+ && (long)(laddr = inet_addr(lhost)) != -1)
+ return (raddr == laddr);
+
+ /* Better be a hostname. */
+ if ((hp = gethostbyname(lhost)) == NULL)
+ return (0);
+
+ /* Spin through ip addresses. */
+ for (pp = hp->h_addr_list; *pp; ++pp)
+ if (memcmp(&raddr, *pp, sizeof(u_long)) == 0)
+ return (1);
+
+ /* No match. */
+ return (0);
+}
+
+/*
+ * Returns 0 if ok, -1 if not ok.
+ */
+static
+int
+__ivaliduser(FILE *hostf, unsigned raddr, const char *luser,
+ const char *ruser)
+{
+ char *user, *p;
+ int ch;
+ char buf[MaxHostNameLen + 128]; /* host + login */
+ char hname[MaxHostNameLen];
+ struct hostent *hp;
+ /* Presumed guilty until proven innocent. */
+ int userok = 0, hostok = 0;
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ char *ypdomain;
+
+ if (yp_get_default_domain(&ypdomain))
+ ypdomain = NULL;
+#else
+#define ypdomain NULL
+#endif
+ /* We need to get the damn hostname back for netgroup matching. */
+ if ((hp = gethostbyaddr((char *)&raddr,
+ sizeof(u_long),
+ AF_INET)) == NULL)
+ return (-1);
+ strlcpy(hname, hp->h_name, sizeof(hname));
+
+ while (fgets(buf, sizeof(buf), hostf)) {
+ p = buf;
+ /* Skip lines that are too long. */
+ if (strchr(p, '\n') == NULL) {
+ while ((ch = getc(hostf)) != '\n' && ch != EOF);
+ continue;
+ }
+ if (*p == '\n' || *p == '#') {
+ /* comment... */
+ continue;
+ }
+ while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') {
+ if (isupper((unsigned char)*p))
+ *p = tolower((unsigned char)*p);
+ p++;
+ }
+ if (*p == ' ' || *p == '\t') {
+ *p++ = '\0';
+ while (*p == ' ' || *p == '\t')
+ p++;
+ user = p;
+ while (*p != '\n' && *p != ' ' &&
+ *p != '\t' && *p != '\0')
+ p++;
+ } else
+ user = p;
+ *p = '\0';
+ /*
+ * Do +/- and +@/-@ checking. This looks really nasty,
+ * but it matches SunOS's behavior so far as I can tell.
+ */
+ switch(buf[0]) {
+ case '+':
+ if (!buf[1]) { /* '+' matches all hosts */
+ hostok = 1;
+ break;
+ }
+ if (buf[1] == '@') /* match a host by netgroup */
+ hostok = innetgr((char *)&buf[2],
+ (char *)&hname, NULL, ypdomain);
+ else /* match a host by addr */
+ hostok = __icheckhost(raddr,(char *)&buf[1]);
+ break;
+ case '-': /* reject '-' hosts and all their users */
+ if (buf[1] == '@') {
+ if (innetgr((char *)&buf[2],
+ (char *)&hname, NULL, ypdomain))
+ return(-1);
+ } else {
+ if (__icheckhost(raddr,(char *)&buf[1]))
+ return(-1);
+ }
+ break;
+ default: /* if no '+' or '-', do a simple match */
+ hostok = __icheckhost(raddr, buf);
+ break;
+ }
+ switch(*user) {
+ case '+':
+ if (!*(user+1)) { /* '+' matches all users */
+ userok = 1;
+ break;
+ }
+ if (*(user+1) == '@') /* match a user by netgroup */
+ userok = innetgr(user+2, NULL, (char *)ruser,
+ ypdomain);
+ else /* match a user by direct specification */
+ userok = !(strcmp(ruser, user+1));
+ break;
+ case '-': /* if we matched a hostname, */
+ if (hostok) { /* check for user field rejections */
+ if (!*(user+1))
+ return(-1);
+ if (*(user+1) == '@') {
+ if (innetgr(user+2, NULL,
+ (char *)ruser, ypdomain))
+ return(-1);
+ } else {
+ if (!strcmp(ruser, user+1))
+ return(-1);
+ }
+ }
+ break;
+ default: /* no rejections: try to match the user */
+ if (hostok)
+ userok = !(strcmp(ruser,*user ? user : luser));
+ break;
+ }
+ if (hostok && userok)
+ return(0);
+ }
+ return (-1);
+}
+
+/*
+ * New .rhosts strategy: We are passed an ip address. We spin through
+ * hosts.equiv and .rhosts looking for a match. When the .rhosts only
+ * has ip addresses, we don't have to trust a nameserver. When it
+ * contains hostnames, we spin through the list of addresses the nameserver
+ * gives us and look for a match.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int ROKEN_LIB_FUNCTION
+iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser)
+{
+ char *cp;
+ struct stat sbuf;
+ struct passwd *pwd;
+ FILE *hostf;
+ uid_t uid;
+ int first;
+ char pbuf[MaxPathLen];
+
+ first = 1;
+ hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r");
+again:
+ if (hostf) {
+ if (__ivaliduser(hostf, raddr, luser, ruser) == 0) {
+ fclose(hostf);
+ return (0);
+ }
+ fclose(hostf);
+ }
+ if (first == 1 && (__check_rhosts_file || superuser)) {
+ first = 0;
+ if ((pwd = k_getpwnam((char*)luser)) == NULL)
+ return (-1);
+ snprintf (pbuf, sizeof(pbuf), "%s/.rhosts", pwd->pw_dir);
+
+ /*
+ * Change effective uid while opening .rhosts. If root and
+ * reading an NFS mounted file system, can't read files that
+ * are protected read/write owner only.
+ */
+ uid = geteuid();
+ if (seteuid(pwd->pw_uid) < 0)
+ return (-1);
+ hostf = fopen(pbuf, "r");
+ seteuid(uid);
+
+ if (hostf == NULL)
+ return (-1);
+ /*
+ * If not a regular file, or is owned by someone other than
+ * user or root or if writeable by anyone but the owner, quit.
+ */
+ cp = NULL;
+ if (lstat(pbuf, &sbuf) < 0)
+ cp = ".rhosts lstat failed";
+ else if (!S_ISREG(sbuf.st_mode))
+ cp = ".rhosts not regular file";
+ else if (fstat(fileno(hostf), &sbuf) < 0)
+ cp = ".rhosts fstat failed";
+ else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid)
+ cp = "bad .rhosts owner";
+ else if (sbuf.st_mode & (S_IWGRP|S_IWOTH))
+ cp = ".rhosts writeable by other than owner";
+ /* If there were any problems, quit. */
+ if (cp) {
+ __rcmd_errstr = cp;
+ fclose(hostf);
+ return (-1);
+ }
+ goto again;
+ }
+ return (-1);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/issuid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/issuid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/issuid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: issuid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+issuid(void)
+{
+#if defined(HAVE_ISSETUGID)
+ return issetugid();
+#else /* !HAVE_ISSETUGID */
+
+#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
+ if(getuid() != geteuid())
+ return 1;
+#endif
+#if defined(HAVE_GETGID) && defined(HAVE_GETEGID)
+ if(getgid() != getegid())
+ return 2;
+#endif
+
+ return 0;
+#endif /* HAVE_ISSETUGID */
+}
Added: vendor-crypto/heimdal/dist/lib/roken/k_getpwnam.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/k_getpwnam.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/k_getpwnam.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: k_getpwnam.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+struct passwd * ROKEN_LIB_FUNCTION
+k_getpwnam (const char *user)
+{
+ struct passwd *p;
+
+ p = getpwnam (user);
+#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
+ if(p)
+ {
+ struct spwd *spwd;
+
+ spwd = getspnam (user);
+ if (spwd)
+ p->pw_passwd = spwd->sp_pwdp;
+ endspent ();
+ }
+#else
+ endpwent ();
+#endif
+ return p;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/k_getpwuid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/k_getpwuid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/k_getpwuid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: k_getpwuid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif /* HAVE_CONFIG_H */
+
+#include "roken.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+
+struct passwd * ROKEN_LIB_FUNCTION
+k_getpwuid (uid_t uid)
+{
+ struct passwd *p;
+
+ p = getpwuid (uid);
+#if defined(HAVE_GETSPNAM) && defined(HAVE_STRUCT_SPWD)
+ if (p)
+ {
+ struct spwd *spwd;
+
+ spwd = getspnam (p->pw_name);
+ if (spwd)
+ p->pw_passwd = spwd->sp_pwdp;
+ endspent ();
+ }
+#else
+ endpwent ();
+#endif
+ return p;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/localtime_r.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/localtime_r.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/localtime_r.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: localtime_r.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <time.h>
+#include "roken.h"
+
+#ifndef HAVE_LOCALTIME_R
+
+struct tm * ROKEN_LIB_FUNCTION
+localtime_r(const time_t *timer, struct tm *result)
+{
+ struct tm *tm;
+
+ tm = localtime((time_t *)timer);
+ if (tm == NULL)
+ return NULL;
+ *result = *tm;
+ return result;
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/lstat.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/lstat.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/lstat.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: lstat.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+lstat(const char *path, struct stat *buf)
+{
+ return stat(path, buf);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/memmove.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/memmove.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/memmove.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: memmove.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+/*
+ * memmove for systems that doesn't have it
+ */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+void* ROKEN_LIB_FUNCTION
+memmove(void *s1, const void *s2, size_t n)
+{
+ char *s=(char*)s2, *d=(char*)s1;
+
+ if(d > s){
+ s+=n-1;
+ d+=n-1;
+ while(n){
+ *d--=*s--;
+ n--;
+ }
+ }else if(d < s)
+ while(n){
+ *d++=*s++;
+ n--;
+ }
+ return s1;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/mini_inetd.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/mini_inetd.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/mini_inetd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: mini_inetd.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <err.h>
+#include "roken.h"
+
+/*
+ * accept a connection on `s' and pretend it's served by inetd.
+ */
+
+static void
+accept_it (int s)
+{
+ int s2;
+
+ s2 = accept(s, NULL, NULL);
+ if(s2 < 0)
+ err (1, "accept");
+ close(s);
+ dup2(s2, STDIN_FILENO);
+ dup2(s2, STDOUT_FILENO);
+ /* dup2(s2, STDERR_FILENO); */
+ close(s2);
+}
+
+/*
+ * Listen on a specified port, emulating inetd.
+ */
+
+void ROKEN_LIB_FUNCTION
+mini_inetd_addrinfo (struct addrinfo *ai)
+{
+ int ret;
+ struct addrinfo *a;
+ int n, nalloc, i;
+ int *fds;
+ fd_set orig_read_set, read_set;
+ int max_fd = -1;
+
+ for (nalloc = 0, a = ai; a != NULL; a = a->ai_next)
+ ++nalloc;
+
+ fds = malloc (nalloc * sizeof(*fds));
+ if (fds == NULL)
+ errx (1, "mini_inetd: out of memory");
+
+ FD_ZERO(&orig_read_set);
+
+ for (i = 0, a = ai; a != NULL; a = a->ai_next) {
+ fds[i] = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (fds[i] < 0) {
+ warn ("socket af = %d", a->ai_family);
+ continue;
+ }
+ socket_set_reuseaddr (fds[i], 1);
+ if (bind (fds[i], a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("bind af = %d", a->ai_family);
+ close(fds[i]);
+ continue;
+ }
+ if (listen (fds[i], SOMAXCONN) < 0) {
+ warn ("listen af = %d", a->ai_family);
+ close(fds[i]);
+ continue;
+ }
+ if (fds[i] >= FD_SETSIZE)
+ errx (1, "fd too large");
+ FD_SET(fds[i], &orig_read_set);
+ max_fd = max(max_fd, fds[i]);
+ ++i;
+ }
+ if (i == 0)
+ errx (1, "no sockets");
+ n = i;
+
+ do {
+ read_set = orig_read_set;
+
+ ret = select (max_fd + 1, &read_set, NULL, NULL, NULL);
+ if (ret < 0 && errno != EINTR)
+ err (1, "select");
+ } while (ret <= 0);
+
+ for (i = 0; i < n; ++i)
+ if (FD_ISSET (fds[i], &read_set)) {
+ accept_it (fds[i]);
+ return;
+ }
+ abort ();
+}
+
+void ROKEN_LIB_FUNCTION
+mini_inetd (int port)
+{
+ int error;
+ struct addrinfo *ai, hints;
+ char portstr[NI_MAXSERV];
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_family = PF_UNSPEC;
+
+ snprintf (portstr, sizeof(portstr), "%d", ntohs(port));
+
+ error = getaddrinfo (NULL, portstr, &hints, &ai);
+ if (error)
+ errx (1, "getaddrinfo: %s", gai_strerror (error));
+
+ mini_inetd_addrinfo(ai);
+
+ freeaddrinfo(ai);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/missing
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/missing (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/missing 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,190 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+# Copyright (C) 1996, 1997 Free Software Foundation, Inc.
+# Franc,ois Pinard <pinard at iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+case "$1" in
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]"
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing - GNU libit 0.0"
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+ aclocal)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`acinclude.m4' or \`configure.in'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`configure.in'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`acconfig.h' or \`configure.in'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' configure.in`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case "$f" in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ bison|yacc)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if [ $# -ne 1 ]; then
+ eval LASTARG="\${$#}"
+ case "$LASTARG" in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if [ ! -f y.tab.h ]; then
+ echo >y.tab.h
+ fi
+ if [ ! -f y.tab.c ]; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex|flex)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if [ $# -ne 1 ]; then
+ eval LASTARG="\${$#}"
+ case "$LASTARG" in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if [ -f "$SRCFILE" ]; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if [ ! -f lex.yy.c ]; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ makeinfo)
+ echo 1>&2 "\
+WARNING: \`$1' is missing on your system. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+ if test -z "$file"; then
+ file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
+ fi
+ touch $file
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and you do not seem to have it handy on your
+ system. You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequirements for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
Added: vendor-crypto/heimdal/dist/lib/roken/mkinstalldirs
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/mkinstalldirs (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/mkinstalldirs 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,40 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman at prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+# $Id: mkinstalldirs,v 1.1.1.2 2006-02-25 02:34:22 laffer1 Exp $
+
+errstatus=0
+
+for file
+do
+ set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+ shift
+
+ pathcomp=
+ for d
+ do
+ pathcomp="$pathcomp$d"
+ case "$pathcomp" in
+ -* ) pathcomp=./$pathcomp ;;
+ esac
+
+ if test ! -d "$pathcomp"; then
+ echo "mkdir $pathcomp"
+
+ mkdir "$pathcomp" || lasterr=$?
+
+ if test ! -d "$pathcomp"; then
+ errstatus=$lasterr
+ fi
+ fi
+
+ pathcomp="$pathcomp/"
+ done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
Added: vendor-crypto/heimdal/dist/lib/roken/mkstemp.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/mkstemp.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/mkstemp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <errno.h>
+
+RCSID("$Id: mkstemp.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef HAVE_MKSTEMP
+
+int ROKEN_LIB_FUNCTION
+mkstemp(char *template)
+{
+ int start, i;
+ pid_t val;
+ val = getpid();
+ start = strlen(template) - 1;
+ while(template[start] == 'X') {
+ template[start] = '0' + val % 10;
+ val /= 10;
+ start--;
+ }
+
+ do{
+ int fd;
+ fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
+ if(fd >= 0 || errno != EEXIST)
+ return fd;
+ i = start + 1;
+ do{
+ if(template[i] == 0)
+ return -1;
+ template[i]++;
+ if(template[i] == '9' + 1)
+ template[i] = 'a';
+ if(template[i] <= 'z')
+ break;
+ template[i] = 'a';
+ i++;
+ }while(1);
+ }while(1);
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ndbm_wrap.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "ndbm_wrap.h"
+#if defined(HAVE_DB4_DB_H)
+#include <db4/db.h>
+#elif defined(HAVE_DB3_DB_H)
+#include <db3/db.h>
+#else
+#include <db.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+
+/* XXX undefine open so this works on Solaris with large file support */
+#undef open
+
+#define DBT2DATUM(DBT, DATUM) do { (DATUM)->dptr = (DBT)->data; (DATUM)->dsize = (DBT)->size; } while(0)
+#define DATUM2DBT(DATUM, DBT) do { (DBT)->data = (DATUM)->dptr; (DBT)->size = (DATUM)->dsize; } while(0)
+#define RETURN(X) return ((X) == 0) ? 0 : -1
+
+#ifdef HAVE_DB3
+static DBC *cursor;
+#endif
+
+#define D(X) ((DB*)(X))
+
+void ROKEN_LIB_FUNCTION
+dbm_close (DBM *db)
+{
+#ifdef HAVE_DB3
+ D(db)->close(D(db), 0);
+ cursor = NULL;
+#else
+ D(db)->close(D(db));
+#endif
+}
+
+int ROKEN_LIB_FUNCTION
+dbm_delete (DBM *db, datum dkey)
+{
+ DBT key;
+ DATUM2DBT(&dkey, &key);
+#ifdef HAVE_DB3
+ RETURN(D(db)->del(D(db), NULL, &key, 0));
+#else
+ RETURN(D(db)->del(D(db), &key, 0));
+#endif
+}
+
+datum
+dbm_fetch (DBM *db, datum dkey)
+{
+ datum dvalue;
+ DBT key, value;
+ DATUM2DBT(&dkey, &key);
+ if(D(db)->get(D(db),
+#ifdef HAVE_DB3
+ NULL,
+#endif
+ &key, &value, 0) != 0) {
+ dvalue.dptr = NULL;
+ dvalue.dsize = 0;
+ }
+ else
+ DBT2DATUM(&value, &dvalue);
+
+ return dvalue;
+}
+
+static datum
+dbm_get (DB *db, int flags)
+{
+ DBT key, value;
+ datum datum;
+#ifdef HAVE_DB3
+ if(cursor == NULL)
+ db->cursor(db, NULL, &cursor, 0);
+ if(cursor->c_get(cursor, &key, &value, flags) != 0) {
+ datum.dptr = NULL;
+ datum.dsize = 0;
+ } else
+ DBT2DATUM(&value, &datum);
+#else
+ db->seq(db, &key, &value, flags);
+#endif
+ return datum;
+}
+
+#ifndef DB_FIRST
+#define DB_FIRST R_FIRST
+#define DB_NEXT R_NEXT
+#define DB_NOOVERWRITE R_NOOVERWRITE
+#define DB_KEYEXIST 1
+#endif
+
+datum ROKEN_LIB_FUNCTION
+dbm_firstkey (DBM *db)
+{
+ return dbm_get(D(db), DB_FIRST);
+}
+
+datum ROKEN_LIB_FUNCTION
+dbm_nextkey (DBM *db)
+{
+ return dbm_get(D(db), DB_NEXT);
+}
+
+DBM* ROKEN_LIB_FUNCTION
+dbm_open (const char *file, int flags, mode_t mode)
+{
+ DB *db;
+ int myflags = 0;
+ char *fn = malloc(strlen(file) + 4);
+ if(fn == NULL)
+ return NULL;
+ strcpy(fn, file);
+ strcat(fn, ".db");
+#ifdef HAVE_DB3
+ if (flags & O_CREAT)
+ myflags |= DB_CREATE;
+
+ if (flags & O_EXCL)
+ myflags |= DB_EXCL;
+
+ if (flags & O_RDONLY)
+ myflags |= DB_RDONLY;
+
+ if (flags & O_TRUNC)
+ myflags |= DB_TRUNCATE;
+ if(db_create(&db, NULL, 0) != 0) {
+ free(fn);
+ return NULL;
+ }
+
+#if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
+ if(db->open(db, NULL, fn, NULL, DB_BTREE, myflags, mode) != 0) {
+#else
+ if(db->open(db, fn, NULL, DB_BTREE, myflags, mode) != 0) {
+#endif
+ free(fn);
+ db->close(db, 0);
+ return NULL;
+ }
+#else
+ db = dbopen(fn, flags, mode, DB_BTREE, NULL);
+#endif
+ free(fn);
+ return (DBM*)db;
+}
+
+int ROKEN_LIB_FUNCTION
+dbm_store (DBM *db, datum dkey, datum dvalue, int flags)
+{
+ int ret;
+ DBT key, value;
+ int myflags = 0;
+ if((flags & DBM_REPLACE) == 0)
+ myflags |= DB_NOOVERWRITE;
+ DATUM2DBT(&dkey, &key);
+ DATUM2DBT(&dvalue, &value);
+ ret = D(db)->put(D(db),
+#ifdef HAVE_DB3
+ NULL,
+#endif
+&key, &value, myflags);
+ if(ret == DB_KEYEXIST)
+ return 1;
+ RETURN(ret);
+}
+
+int ROKEN_LIB_FUNCTION
+dbm_error (DBM *db)
+{
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+dbm_clearerr (DBM *db)
+{
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/ndbm_wrap.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: ndbm_wrap.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __ndbm_wrap_h__
+#define __ndbm_wrap_h__
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#ifndef dbm_rename
+#define dbm_rename(X) __roken_ ## X
+#endif
+
+#define dbm_open dbm_rename(dbm_open)
+#define dbm_close dbm_rename(dbm_close)
+#define dbm_delete dbm_rename(dbm_delete)
+#define dbm_fetch dbm_rename(dbm_fetch)
+#define dbm_get dbm_rename(dbm_get)
+#define dbm_firstkey dbm_rename(dbm_firstkey)
+#define dbm_nextkey dbm_rename(dbm_nextkey)
+#define dbm_store dbm_rename(dbm_store)
+#define dbm_error dbm_rename(dbm_error)
+#define dbm_clearerr dbm_rename(dbm_clearerr)
+
+#define datum dbm_rename(datum)
+
+typedef struct {
+ void *dptr;
+ size_t dsize;
+} datum;
+
+#define DBM_REPLACE 1
+typedef struct DBM DBM;
+
+#if 0
+typedef struct {
+ int dummy;
+} DBM;
+#endif
+
+int ROKEN_LIB_FUNCTION dbm_clearerr (DBM*);
+void ROKEN_LIB_FUNCTION dbm_close (DBM*);
+int ROKEN_LIB_FUNCTION dbm_delete (DBM*, datum);
+int ROKEN_LIB_FUNCTION dbm_error (DBM*);
+datum ROKEN_LIB_FUNCTION dbm_fetch (DBM*, datum);
+datum ROKEN_LIB_FUNCTION dbm_firstkey (DBM*);
+datum ROKEN_LIB_FUNCTION dbm_nextkey (DBM*);
+DBM* ROKEN_LIB_FUNCTION dbm_open (const char*, int, mode_t);
+int ROKEN_LIB_FUNCTION dbm_store (DBM*, datum, datum, int);
+
+#endif /* __ndbm_wrap_h__ */
Added: vendor-crypto/heimdal/dist/lib/roken/net_read.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/net_read.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/net_read.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: net_read.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "roken.h"
+
+/*
+ * Like read but never return partial data.
+ */
+
+ssize_t ROKEN_LIB_FUNCTION
+net_read (int fd, void *buf, size_t nbytes)
+{
+ char *cbuf = (char *)buf;
+ ssize_t count;
+ size_t rem = nbytes;
+
+ while (rem > 0) {
+#ifdef WIN32
+ count = recv (fd, cbuf, rem, 0);
+#else
+ count = read (fd, cbuf, rem);
+#endif
+ if (count < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ return count;
+ } else if (count == 0) {
+ return count;
+ }
+ cbuf += count;
+ rem -= count;
+ }
+ return nbytes;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/net_write.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/net_write.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/net_write.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: net_write.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "roken.h"
+
+/*
+ * Like write but never return partial data.
+ */
+
+ssize_t ROKEN_LIB_FUNCTION
+net_write (int fd, const void *buf, size_t nbytes)
+{
+ const char *cbuf = (const char *)buf;
+ ssize_t count;
+ size_t rem = nbytes;
+
+ while (rem > 0) {
+#ifdef WIN32
+ count = send (fd, cbuf, rem, 0);
+#else
+ count = write (fd, cbuf, rem);
+#endif
+ if (count < 0) {
+ if (errno == EINTR)
+ continue;
+ else
+ return count;
+ }
+ cbuf += count;
+ rem -= count;
+ }
+ return nbytes;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_bytes-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_bytes-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_bytes-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_bytes-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include "parse_bytes.h"
+
+static struct testcase {
+ int canonicalp;
+ int val;
+ const char *def_unit;
+ const char *str;
+} tests[] = {
+ {0, 0, NULL, "0 bytes"},
+ {1, 0, NULL, "0"},
+ {0, 1, NULL, "1"},
+ {1, 1, NULL, "1 byte"},
+ {0, 0, "kilobyte", "0"},
+ {0, 1024, "kilobyte", "1"},
+ {1, 1024, "kilobyte", "1 kilobyte"},
+ {1, 1024 * 1024, NULL, "1 megabyte"},
+ {0, 1025, NULL, "1 kilobyte 1"},
+ {1, 1025, NULL, "1 kilobyte 1 byte"},
+};
+
+int
+main(int argc, char **argv)
+{
+ int i;
+ int ret = 0;
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
+ char buf[256];
+ int val = parse_bytes (tests[i].str, tests[i].def_unit);
+ int len;
+
+ if (val != tests[i].val) {
+ printf ("parse_bytes (%s, %s) = %d != %d\n",
+ tests[i].str,
+ tests[i].def_unit ? tests[i].def_unit : "none",
+ val, tests[i].val);
+ ++ret;
+ }
+ if (tests[i].canonicalp) {
+ len = unparse_bytes (tests[i].val, buf, sizeof(buf));
+ if (strcmp (tests[i].str, buf) != 0) {
+ printf ("unparse_bytes (%d) = \"%s\" != \"%s\"\n",
+ tests[i].val, buf, tests[i].str);
+ ++ret;
+ }
+ }
+ }
+ if (ret) {
+ printf ("%d errors\n", ret);
+ return 1;
+ } else
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_bytes.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_bytes.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_bytes.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_bytes.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <parse_units.h>
+#include "parse_bytes.h"
+
+static struct units bytes_units[] = {
+ { "gigabyte", 1024 * 1024 * 1024 },
+ { "gbyte", 1024 * 1024 * 1024 },
+ { "GB", 1024 * 1024 * 1024 },
+ { "megabyte", 1024 * 1024 },
+ { "mbyte", 1024 * 1024 },
+ { "MB", 1024 * 1024 },
+ { "kilobyte", 1024 },
+ { "KB", 1024 },
+ { "byte", 1 },
+ { NULL, 0 }
+};
+
+static struct units bytes_short_units[] = {
+ { "GB", 1024 * 1024 * 1024 },
+ { "MB", 1024 * 1024 },
+ { "KB", 1024 },
+ { NULL, 0 }
+};
+
+int ROKEN_LIB_FUNCTION
+parse_bytes (const char *s, const char *def_unit)
+{
+ return parse_units (s, bytes_units, def_unit);
+}
+
+int ROKEN_LIB_FUNCTION
+unparse_bytes (int t, char *s, size_t len)
+{
+ return unparse_units (t, bytes_units, s, len);
+}
+
+int ROKEN_LIB_FUNCTION
+unparse_bytes_short (int t, char *s, size_t len)
+{
+ return unparse_units_approx (t, bytes_short_units, s, len);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_bytes.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_bytes.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_bytes.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: parse_bytes.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __PARSE_BYTES_H__
+#define __PARSE_BYTES_H__
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+int ROKEN_LIB_FUNCTION
+parse_bytes (const char *s, const char *def_unit);
+
+int ROKEN_LIB_FUNCTION
+unparse_bytes (int t, char *s, size_t len);
+
+int ROKEN_LIB_FUNCTION
+unparse_bytes_short (int t, char *s, size_t len);
+
+#endif /* __PARSE_BYTES_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/parse_reply-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_reply-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_reply-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_reply-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+#include <fcntl.h>
+
+#include "roken.h"
+#include "resolve.h"
+
+struct dns_reply*
+parse_reply(const unsigned char *, size_t);
+
+enum { MAX_BUF = 36};
+
+static struct testcase {
+ unsigned char buf[MAX_BUF];
+ size_t buf_len;
+} tests[] = {
+ {{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x03, 'f', 'o', 'o', 0x00,
+ 0x00, 0x10, 0x00, 0x01,
+ 0x03, 'f', 'o', 'o', 0x00,
+ 0x00, 0x10, 0x00, 0x01,
+ 0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36}
+};
+
+#ifndef MAP_FAILED
+#define MAP_FAILED (-1)
+#endif
+
+static sig_atomic_t val = 0;
+
+static RETSIGTYPE
+segv_handler(int sig)
+{
+ val = 1;
+}
+
+int
+main(int argc, char **argv)
+{
+#ifndef HAVE_MMAP
+ return 77; /* signal to automake that this test
+ cannot be run */
+#else /* HAVE_MMAP */
+ int ret;
+ int i;
+ struct sigaction sa;
+
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sa.sa_handler = segv_handler;
+ sigaction (SIGSEGV, &sa, NULL);
+
+ for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) {
+ const struct testcase *t = &tests[i];
+ unsigned char *p1, *p2;
+ int flags;
+ int fd;
+ size_t pagesize = getpagesize();
+ unsigned char *buf;
+
+#ifdef MAP_ANON
+ flags = MAP_ANON;
+ fd = -1;
+#else
+ flags = 0;
+ fd = open ("/dev/zero", O_RDONLY);
+ if(fd < 0)
+ err (1, "open /dev/zero");
+#endif
+ flags |= MAP_PRIVATE;
+
+ p1 = (unsigned char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE,
+ flags, fd, 0);
+ if (p1 == (unsigned char *)MAP_FAILED)
+ err (1, "mmap");
+ p2 = p1 + pagesize;
+ ret = mprotect ((void *)p2, pagesize, 0);
+ if (ret < 0)
+ err (1, "mprotect");
+ buf = p2 - t->buf_len;
+ memcpy (buf, t->buf, t->buf_len);
+ parse_reply (buf, t->buf_len);
+ ret = munmap ((void *)p1, 2 * pagesize);
+ if (ret < 0)
+ err (1, "munmap");
+ }
+ return val;
+#endif /* HAVE_MMAP */
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_time-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_time-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_time-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_time-test.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include "parse_time.h"
+#include "test-mem.h"
+#include "err.h"
+
+static struct testcase {
+ size_t size;
+ time_t val;
+ char *str;
+} tests[] = {
+ { 8, 1, "1 second" },
+ { 17, 61, "1 minute 1 second" },
+ { 18, 62, "1 minute 2 seconds" },
+ { 8, 60, "1 minute" },
+ { 6, 3600, "1 hour" },
+ { 15, 3601, "1 hour 1 second" },
+ { 16, 3602, "1 hour 2 seconds" }
+};
+
+int
+main(int argc, char **argv)
+{
+ size_t sz;
+ size_t buf_sz;
+ int i, j;
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
+ char *buf;
+
+ sz = unparse_time(tests[i].val, NULL, 0);
+ if (sz != tests[i].size)
+ errx(1, "sz (%lu) != tests[%d].size (%lu)",
+ (unsigned long)sz, i, (unsigned long)tests[i].size);
+
+ for (buf_sz = 0; buf_sz < tests[i].size + 2; buf_sz++) {
+
+ buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun",
+ NULL, buf_sz);
+ sz = unparse_time(tests[i].val, buf, buf_sz);
+ if (sz != tests[i].size)
+ errx(1, "sz (%lu) != tests[%d].size (%lu) with in size %lu",
+ (unsigned long)sz, i,
+ (unsigned long)tests[i].size,
+ (unsigned long)buf_sz);
+ if (buf_sz > 0 && memcmp(buf, tests[i].str, buf_sz - 1) != 0)
+ errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str);
+ if (buf_sz > 0 && buf[buf_sz - 1] != '\0')
+ errx(1, "test %i not zero terminated", i);
+ rk_test_mem_free("overrun");
+
+ buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun",
+ NULL, tests[i].size);
+ sz = unparse_time(tests[i].val, buf, buf_sz);
+ if (sz != tests[i].size)
+ errx(1, "sz (%lu) != tests[%d].size (%lu) with insize %lu",
+ (unsigned long)sz, i,
+ (unsigned long)tests[i].size,
+ (unsigned long)buf_sz);
+ if (buf_sz > 0 && strncmp(buf, tests[i].str, buf_sz - 1) != 0)
+ errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str);
+ if (buf_sz > 0 && buf[buf_sz - 1] != '\0')
+ errx(1, "test %i not zero terminated", i);
+ rk_test_mem_free("underrun");
+ }
+ buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun",
+ tests[i].str, tests[i].size + 1);
+ j = parse_time(buf, "s");
+ if (j != tests[i].val)
+ errx(1, "parse_time failed for test %d", i);
+ rk_test_mem_free("overrun");
+
+ buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun",
+ tests[i].str, tests[i].size + 1);
+ j = parse_time(buf, "s");
+ if (j != tests[i].val)
+ errx(1, "parse_time failed for test %d", i);
+ rk_test_mem_free("underrun");
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_time.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_time.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_time.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,173 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" $Id: parse_time.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd October 31, 2004
+.Dt PARSE_TIME 3
+.Os HEIMDAL
+.Sh NAME
+.Nm parse_time ,
+.Nm print_time_table ,
+.Nm unparse_time ,
+.Nm unparse_time_approx ,
+.Nd parse and unparse time intervals
+.Sh LIBRARY
+The roken library (libroken, -lroken)
+.Sh SYNOPSIS
+.Fd #include <parse_time.h>
+.Ft int
+.Fn parse_time "const char *timespec" "const char *def_unit"
+.Ft void
+.Fn print_time_table "FILE *f"
+.Ft size_t
+.Fn unparse_time "int seconds" "char *buf" "size_t len"
+.Ft size_t
+.Fn unparse_time_approx "int seconds" "char *buf" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn parse_time
+function converts a the period of time specified in
+into a number of seconds.
+The
+.Fa timespec
+can be any number of
+.Aq number unit
+pairs separated by comma and whitespace. The number can be
+negative. Number without explicit units are taken as being
+.Fa def_unit .
+.Pp
+The
+.Fn unparse_time
+and
+.Fn unparse_time_approx
+does the opposite of
+.Fn parse_time ,
+that is they take a number of seconds and express that as human
+readable string.
+.Fa unparse_time
+produces an exact time, while
+.Fa unparse_time_approx
+restricts the result to only include one units.
+.Pp
+.Fn print_time_table
+prints a descriptive list of available units on the passed file
+descriptor.
+.Pp
+The possible units include:
+.Bl -tag -width "month" -compact -offset indent
+.It Li second , s
+.It Li minute , m
+.It Li hour , h
+.It day
+.It week
+seven days
+.It month
+30 days
+.It year
+365 days
+.El
+.Pp
+Units names can be arbitrarily abbreviated (as long as they are
+unique).
+.Sh RETURN VALUES
+.Fn parse_time
+returns the number of seconds that represents the expression in
+.Fa timespec
+or -1 on error.
+.Fn unparse_time
+and
+.Fn unparse_time_approx
+return the number of characters written to
+.Fa buf .
+if the return value is greater than or equal to the
+.Fa len
+argument, the string was too short and some of the printed characters
+were discarded.
+.Sh EXAMPLES
+.Bd -literal
+#include <stdio.h>
+#include <parse_time.h>
+
+int
+main(int argc, char **argv)
+{
+ int i;
+ int result;
+ char buf[128];
+ print_time_table(stdout);
+ for (i = 1; i < argc; i++) {
+ result = parse_time(argv[i], "second");
+ if(result == -1) {
+ fprintf(stderr, "%s: parse error\\n", argv[i]);
+ continue;
+ }
+ printf("--\\n");
+ printf("parse_time = %d\\n", result);
+ unparse_time(result, buf, sizeof(buf));
+ printf("unparse_time = %s\\n", buf);
+ unparse_time_approx(result, buf, sizeof(buf));
+ printf("unparse_time_approx = %s\\n", buf);
+ }
+ return 0;
+}
+.Ed
+.Bd -literal
+$ ./a.out "1 minute 30 seconds" "90 s" "1 y -1 s"
+1 year = 365 days
+1 month = 30 days
+1 week = 7 days
+1 day = 24 hours
+1 hour = 60 minutes
+1 minute = 60 seconds
+1 second
+--
+parse_time = 90
+unparse_time = 1 minute 30 seconds
+unparse_time_approx = 1 minute
+--
+parse_time = 90
+unparse_time = 1 minute 30 seconds
+unparse_time_approx = 1 minute
+--
+parse_time = 31535999
+unparse_time = 12 months 4 days 23 hours 59 minutes 59 seconds
+unparse_time_approx = 12 months
+.Ed
+.Sh BUGS
+Since
+.Fn parse_time
+returns -1 on error there is no way to parse "minus one second".
+Currently "s" at the end of units is ignored. This is a hack for
+English plural forms. If these functions are ever localised, this
+scheme will have to change.
+.\".Sh SEE ALSO
+.\".Xr parse_bytes 3
+.\".Xr parse_units 3
Added: vendor-crypto/heimdal/dist/lib/roken/parse_time.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_time.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_time.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_time.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <parse_units.h>
+#include "parse_time.h"
+
+static struct units time_units[] = {
+ {"year", 365 * 24 * 60 * 60},
+ {"month", 30 * 24 * 60 * 60},
+ {"week", 7 * 24 * 60 * 60},
+ {"day", 24 * 60 * 60},
+ {"hour", 60 * 60},
+ {"h", 60 * 60},
+ {"minute", 60},
+ {"m", 60},
+ {"second", 1},
+ {"s", 1},
+ {NULL, 0},
+};
+
+int ROKEN_LIB_FUNCTION
+parse_time (const char *s, const char *def_unit)
+{
+ return parse_units (s, time_units, def_unit);
+}
+
+size_t ROKEN_LIB_FUNCTION
+unparse_time (int t, char *s, size_t len)
+{
+ return unparse_units (t, time_units, s, len);
+}
+
+size_t ROKEN_LIB_FUNCTION
+unparse_time_approx (int t, char *s, size_t len)
+{
+ return unparse_units_approx (t, time_units, s, len);
+}
+
+void ROKEN_LIB_FUNCTION
+print_time_table (FILE *f)
+{
+ print_units_table (time_units, f);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_time.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_time.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_time.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: parse_time.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __PARSE_TIME_H__
+#define __PARSE_TIME_H__
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+int
+parse_time (const char *s, const char *def_unit);
+
+size_t
+unparse_time (int t, char *s, size_t len);
+
+size_t
+unparse_time_approx (int t, char *s, size_t len);
+
+void
+print_time_table (FILE *f);
+
+#endif /* __PARSE_TIME_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/parse_units.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_units.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_units.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,330 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: parse_units.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include "roken.h"
+#include "parse_units.h"
+
+/*
+ * Parse string in `s' according to `units' and return value.
+ * def_unit defines the default unit.
+ */
+
+static int
+parse_something (const char *s, const struct units *units,
+ const char *def_unit,
+ int (*func)(int res, int val, unsigned mult),
+ int init,
+ int accept_no_val_p)
+{
+ const char *p;
+ int res = init;
+ unsigned def_mult = 1;
+
+ if (def_unit != NULL) {
+ const struct units *u;
+
+ for (u = units; u->name; ++u) {
+ if (strcasecmp (u->name, def_unit) == 0) {
+ def_mult = u->mult;
+ break;
+ }
+ }
+ if (u->name == NULL)
+ return -1;
+ }
+
+ p = s;
+ while (*p) {
+ double val;
+ char *next;
+ const struct units *u, *partial_unit;
+ size_t u_len;
+ unsigned partial;
+ int no_val_p = 0;
+
+ while(isspace((unsigned char)*p) || *p == ',')
+ ++p;
+
+ val = strtod (p, &next); /* strtol(p, &next, 0); */
+ if (p == next) {
+ val = 0;
+ if(!accept_no_val_p)
+ return -1;
+ no_val_p = 1;
+ }
+ p = next;
+ while (isspace((unsigned char)*p))
+ ++p;
+ if (*p == '\0') {
+ res = (*func)(res, val, def_mult);
+ if (res < 0)
+ return res;
+ break;
+ } else if (*p == '+') {
+ ++p;
+ val = 1;
+ } else if (*p == '-') {
+ ++p;
+ val = -1;
+ }
+ if (no_val_p && val == 0)
+ val = 1;
+ u_len = strcspn (p, ", \t");
+ partial = 0;
+ partial_unit = NULL;
+ if (u_len > 1 && p[u_len - 1] == 's')
+ --u_len;
+ for (u = units; u->name; ++u) {
+ if (strncasecmp (p, u->name, u_len) == 0) {
+ if (u_len == strlen (u->name)) {
+ p += u_len;
+ res = (*func)(res, val, u->mult);
+ if (res < 0)
+ return res;
+ break;
+ } else {
+ ++partial;
+ partial_unit = u;
+ }
+ }
+ }
+ if (u->name == NULL) {
+ if (partial == 1) {
+ p += u_len;
+ res = (*func)(res, val, partial_unit->mult);
+ if (res < 0)
+ return res;
+ } else {
+ return -1;
+ }
+ }
+ if (*p == 's')
+ ++p;
+ }
+ return res;
+}
+
+/*
+ * The string consists of a sequence of `n unit'
+ */
+
+static int
+acc_units(int res, int val, unsigned mult)
+{
+ return res + val * mult;
+}
+
+int ROKEN_LIB_FUNCTION
+parse_units (const char *s, const struct units *units,
+ const char *def_unit)
+{
+ return parse_something (s, units, def_unit, acc_units, 0, 0);
+}
+
+/*
+ * The string consists of a sequence of `[+-]flag'. `orig' consists
+ * the original set of flags, those are then modified and returned as
+ * the function value.
+ */
+
+static int
+acc_flags(int res, int val, unsigned mult)
+{
+ if(val == 1)
+ return res | mult;
+ else if(val == -1)
+ return res & ~mult;
+ else if (val == 0)
+ return mult;
+ else
+ return -1;
+}
+
+int ROKEN_LIB_FUNCTION
+parse_flags (const char *s, const struct units *units,
+ int orig)
+{
+ return parse_something (s, units, NULL, acc_flags, orig, 1);
+}
+
+/*
+ * Return a string representation according to `units' of `num' in `s'
+ * with maximum length `len'. The actual length is the function value.
+ */
+
+static int
+unparse_something (int num, const struct units *units, char *s, size_t len,
+ int (*print) (char *, size_t, int, const char *, int),
+ int (*update) (int, unsigned),
+ const char *zero_string)
+{
+ const struct units *u;
+ int ret = 0, tmp;
+
+ if (num == 0)
+ return snprintf (s, len, "%s", zero_string);
+
+ for (u = units; num > 0 && u->name; ++u) {
+ int divisor;
+
+ divisor = num / u->mult;
+ if (divisor) {
+ num = (*update) (num, u->mult);
+ tmp = (*print) (s, len, divisor, u->name, num);
+ if (tmp < 0)
+ return tmp;
+ if (tmp > len) {
+ len = 0;
+ s = NULL;
+ } else {
+ len -= tmp;
+ s += tmp;
+ }
+ ret += tmp;
+ }
+ }
+ return ret;
+}
+
+static int
+print_unit (char *s, size_t len, int divisor, const char *name, int rem)
+{
+ return snprintf (s, len, "%u %s%s%s",
+ divisor, name,
+ divisor == 1 ? "" : "s",
+ rem > 0 ? " " : "");
+}
+
+static int
+update_unit (int in, unsigned mult)
+{
+ return in % mult;
+}
+
+static int
+update_unit_approx (int in, unsigned mult)
+{
+ if (in / mult > 0)
+ return 0;
+ else
+ return update_unit (in, mult);
+}
+
+int ROKEN_LIB_FUNCTION
+unparse_units (int num, const struct units *units, char *s, size_t len)
+{
+ return unparse_something (num, units, s, len,
+ print_unit,
+ update_unit,
+ "0");
+}
+
+int ROKEN_LIB_FUNCTION
+unparse_units_approx (int num, const struct units *units, char *s, size_t len)
+{
+ return unparse_something (num, units, s, len,
+ print_unit,
+ update_unit_approx,
+ "0");
+}
+
+void ROKEN_LIB_FUNCTION
+print_units_table (const struct units *units, FILE *f)
+{
+ const struct units *u, *u2;
+ unsigned max_sz = 0;
+
+ for (u = units; u->name; ++u) {
+ max_sz = max(max_sz, strlen(u->name));
+ }
+
+ for (u = units; u->name;) {
+ char buf[1024];
+ const struct units *next;
+
+ for (next = u + 1; next->name && next->mult == u->mult; ++next)
+ ;
+
+ if (next->name) {
+ for (u2 = next;
+ u2->name && u->mult % u2->mult != 0;
+ ++u2)
+ ;
+ if (u2->name == NULL)
+ --u2;
+ unparse_units (u->mult, u2, buf, sizeof(buf));
+ fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf);
+ } else {
+ fprintf (f, "1 %s\n", u->name);
+ }
+ u = next;
+ }
+}
+
+static int
+print_flag (char *s, size_t len, int divisor, const char *name, int rem)
+{
+ return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : "");
+}
+
+static int
+update_flag (int in, unsigned mult)
+{
+ return in - mult;
+}
+
+int ROKEN_LIB_FUNCTION
+unparse_flags (int num, const struct units *units, char *s, size_t len)
+{
+ return unparse_something (num, units, s, len,
+ print_flag,
+ update_flag,
+ "");
+}
+
+void ROKEN_LIB_FUNCTION
+print_flags_table (const struct units *units, FILE *f)
+{
+ const struct units *u;
+
+ for(u = units; u->name; ++u)
+ fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n");
+}
Added: vendor-crypto/heimdal/dist/lib/roken/parse_units.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/parse_units.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/parse_units.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: parse_units.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __PARSE_UNITS_H__
+#define __PARSE_UNITS_H__
+
+#include <stdio.h>
+#include <stddef.h>
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+struct units {
+ const char *name;
+ unsigned mult;
+};
+
+int ROKEN_LIB_FUNCTION
+parse_units (const char *s, const struct units *units,
+ const char *def_unit);
+
+void ROKEN_LIB_FUNCTION
+print_units_table (const struct units *units, FILE *f);
+
+int ROKEN_LIB_FUNCTION
+parse_flags (const char *s, const struct units *units,
+ int orig);
+
+int ROKEN_LIB_FUNCTION
+unparse_units (int num, const struct units *units, char *s, size_t len);
+
+int ROKEN_LIB_FUNCTION
+unparse_units_approx (int num, const struct units *units, char *s,
+ size_t len);
+
+int ROKEN_LIB_FUNCTION
+unparse_flags (int num, const struct units *units, char *s, size_t len);
+
+void ROKEN_LIB_FUNCTION
+print_flags_table (const struct units *units, FILE *f);
+
+#endif /* __PARSE_UNITS_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/putenv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/putenv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/putenv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: putenv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+
+extern char **environ;
+
+/*
+ * putenv --
+ * String points to a string of the form name=value.
+ *
+ * Makes the value of the environment variable name equal to
+ * value by altering an existing variable or creating a new one.
+ */
+
+int ROKEN_LIB_FUNCTION
+putenv(const char *string)
+{
+ int i;
+ const char *eq = (const char *)strchr(string, '=');
+ int len;
+
+ if (eq == NULL)
+ return 1;
+ len = eq - string;
+
+ if(environ == NULL) {
+ environ = malloc(sizeof(char*));
+ if(environ == NULL)
+ return 1;
+ environ[0] = NULL;
+ }
+
+ for(i = 0; environ[i] != NULL; i++)
+ if(strncmp(string, environ[i], len) == 0) {
+ environ[i] = string;
+ return 0;
+ }
+ environ = realloc(environ, sizeof(char*) * (i + 2));
+ if(environ == NULL)
+ return 1;
+ environ[i] = string;
+ environ[i+1] = NULL;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/rcmd.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/rcmd.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/rcmd.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: rcmd.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <stdio.h>
+
+int ROKEN_LIB_FUNCTION
+rcmd(char **ahost,
+ unsigned short inport,
+ const char *locuser,
+ const char *remuser,
+ const char *cmd,
+ int *fd2p)
+{
+ fprintf(stderr, "Only kerberized services are implemented\n");
+ return -1;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/readv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/readv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/readv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: readv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t ROKEN_LIB_FUNCTION
+readv(int d, const struct iovec *iov, int iovcnt)
+{
+ ssize_t ret, nb;
+ size_t tot = 0;
+ int i;
+ char *buf, *p;
+
+ for(i = 0; i < iovcnt; ++i)
+ tot += iov[i].iov_len;
+ buf = malloc(tot);
+ if (tot != 0 && buf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ nb = ret = read (d, buf, tot);
+ p = buf;
+ while (nb > 0) {
+ ssize_t cnt = min(nb, iov->iov_len);
+
+ memcpy (iov->iov_base, p, cnt);
+ p += cnt;
+ nb -= cnt;
+ }
+ free(buf);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/realloc.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/realloc.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/realloc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#undef realloc
+#endif
+#include <stdlib.h>
+#include "roken.h"
+
+RCSID("$Id");
+
+
+void * ROKEN_LIB_FUNCTION
+rk_realloc(void *ptr, size_t size)
+{
+ if (ptr == NULL)
+ return malloc(size);
+ return realloc(ptr, size);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/recvmsg.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/recvmsg.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/recvmsg.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: recvmsg.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t ROKEN_LIB_FUNCTION
+recvmsg(int s, struct msghdr *msg, int flags)
+{
+ ssize_t ret, nb;
+ size_t tot = 0;
+ int i;
+ char *buf, *p;
+ struct iovec *iov = msg->msg_iov;
+
+ for(i = 0; i < msg->msg_iovlen; ++i)
+ tot += iov[i].iov_len;
+ buf = malloc(tot);
+ if (tot != 0 && buf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ nb = ret = recvfrom (s, buf, tot, flags, msg->msg_name, &msg->msg_namelen);
+ p = buf;
+ while (nb > 0) {
+ ssize_t cnt = min(nb, iov->iov_len);
+
+ memcpy (iov->iov_base, p, cnt);
+ p += cnt;
+ nb -= cnt;
+ ++iov;
+ }
+ free(buf);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/resolve-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/resolve-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/resolve-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 1995 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#include "getarg.h"
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include "resolve.h"
+
+RCSID("$Id: resolve-test.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args,
+ sizeof(args)/sizeof(*args),
+ NULL,
+ "dns-record resource-record-type");
+ exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+ struct dns_reply *r;
+ struct resource_record *rr;
+ int optidx = 0;
+
+ setprogname (argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ printf("some version\n");
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc != 2)
+ usage(1);
+
+ r = dns_lookup(argv[0], argv[1]);
+ if(r == NULL){
+ printf("No reply.\n");
+ return 1;
+ }
+ if(r->q.type == rk_ns_t_srv)
+ dns_srv_order(r);
+
+ for(rr = r->head; rr;rr=rr->next){
+ printf("%-30s %-5s %-6d ", rr->domain, dns_type_to_string(rr->type), rr->ttl);
+ switch(rr->type){
+ case rk_ns_t_ns:
+ case rk_ns_t_cname:
+ case rk_ns_t_ptr:
+ printf("%s\n", (char*)rr->u.data);
+ break;
+ case rk_ns_t_a:
+ printf("%s\n", inet_ntoa(*rr->u.a));
+ break;
+ case rk_ns_t_mx:
+ case rk_ns_t_afsdb:{
+ printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain);
+ break;
+ }
+ case rk_ns_t_srv:{
+ struct srv_record *srv = rr->u.srv;
+ printf("%d %d %d %s\n", srv->priority, srv->weight,
+ srv->port, srv->target);
+ break;
+ }
+ case rk_ns_t_txt: {
+ printf("%s\n", rr->u.txt);
+ break;
+ }
+ case rk_ns_t_sig : {
+ struct sig_record *sig = rr->u.sig;
+ const char *type_string = dns_type_to_string (sig->type);
+
+ printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n",
+ sig->type, type_string ? type_string : "",
+ sig->algorithm, sig->labels, sig->orig_ttl,
+ sig->sig_expiration, sig->sig_inception, sig->key_tag,
+ sig->signer);
+ break;
+ }
+ case rk_ns_t_key : {
+ struct key_record *key = rr->u.key;
+
+ printf ("flags %u, protocol %u, algorithm %u\n",
+ key->flags, key->protocol, key->algorithm);
+ break;
+ }
+ case rk_ns_t_sshfp : {
+ struct sshfp_record *sshfp = rr->u.sshfp;
+ int i;
+
+ printf ("alg %u type %u length %lu data ", sshfp->algorithm,
+ sshfp->type, (unsigned long)sshfp->sshfp_len);
+ for (i = 0; i < sshfp->sshfp_len; i++)
+ printf("%02X", sshfp->sshfp_data[i]);
+ printf("\n");
+
+ break;
+ }
+ case rk_ns_t_ds : {
+ struct ds_record *ds = rr->u.ds;
+ int i;
+
+ printf ("key tag %u alg %u type %u length %u data ",
+ ds->key_tag, ds->algorithm, ds->digest_type,
+ ds->digest_len);
+ for (i = 0; i < ds->digest_len; i++)
+ printf("%02X", ds->digest_data[i]);
+ printf("\n");
+
+ break;
+ }
+ default:
+ printf("\n");
+ break;
+ }
+ }
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/resolve.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/resolve.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/resolve.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,711 @@
+/*
+ * Copyright (c) 1995 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#include "resolve.h"
+
+#include <assert.h>
+
+RCSID("$Id: resolve.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
+#undef HAVE_RES_NSEARCH
+#endif
+
+#define DECL(X) {#X, rk_ns_t_##X}
+
+static struct stot{
+ const char *name;
+ int type;
+}stot[] = {
+ DECL(a),
+ DECL(aaaa),
+ DECL(ns),
+ DECL(cname),
+ DECL(soa),
+ DECL(ptr),
+ DECL(mx),
+ DECL(txt),
+ DECL(afsdb),
+ DECL(sig),
+ DECL(key),
+ DECL(srv),
+ DECL(naptr),
+ DECL(sshfp),
+ DECL(ds),
+ {NULL, 0}
+};
+
+int _resolve_debug = 0;
+
+int ROKEN_LIB_FUNCTION
+dns_string_to_type(const char *name)
+{
+ struct stot *p = stot;
+ for(p = stot; p->name; p++)
+ if(strcasecmp(name, p->name) == 0)
+ return p->type;
+ return -1;
+}
+
+const char * ROKEN_LIB_FUNCTION
+dns_type_to_string(int type)
+{
+ struct stot *p = stot;
+ for(p = stot; p->name; p++)
+ if(type == p->type)
+ return p->name;
+ return NULL;
+}
+
+#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
+
+static void
+dns_free_rr(struct resource_record *rr)
+{
+ if(rr->domain)
+ free(rr->domain);
+ if(rr->u.data)
+ free(rr->u.data);
+ free(rr);
+}
+
+void ROKEN_LIB_FUNCTION
+dns_free_data(struct dns_reply *r)
+{
+ struct resource_record *rr;
+ if(r->q.domain)
+ free(r->q.domain);
+ for(rr = r->head; rr;){
+ struct resource_record *tmp = rr;
+ rr = rr->next;
+ dns_free_rr(tmp);
+ }
+ free (r);
+}
+
+static int
+parse_record(const unsigned char *data, const unsigned char *end_data,
+ const unsigned char **pp, struct resource_record **ret_rr)
+{
+ struct resource_record *rr;
+ int type, class, ttl, size;
+ int status;
+ char host[MAXDNAME];
+ const unsigned char *p = *pp;
+
+ *ret_rr = NULL;
+
+ status = dn_expand(data, end_data, p, host, sizeof(host));
+ if(status < 0)
+ return -1;
+ if (p + status + 10 > end_data)
+ return -1;
+
+ p += status;
+ type = (p[0] << 8) | p[1];
+ p += 2;
+ class = (p[0] << 8) | p[1];
+ p += 2;
+ ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ p += 4;
+ size = (p[0] << 8) | p[1];
+ p += 2;
+
+ if (p + size > end_data)
+ return -1;
+
+ rr = calloc(1, sizeof(*rr));
+ if(rr == NULL)
+ return -1;
+ rr->domain = strdup(host);
+ if(rr->domain == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ rr->type = type;
+ rr->class = class;
+ rr->ttl = ttl;
+ rr->size = size;
+ switch(type){
+ case rk_ns_t_ns:
+ case rk_ns_t_cname:
+ case rk_ns_t_ptr:
+ status = dn_expand(data, end_data, p, host, sizeof(host));
+ if(status < 0) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ rr->u.txt = strdup(host);
+ if(rr->u.txt == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ break;
+ case rk_ns_t_mx:
+ case rk_ns_t_afsdb:{
+ size_t hostlen;
+
+ status = dn_expand(data, end_data, p + 2, host, sizeof(host));
+ if(status < 0){
+ dns_free_rr(rr);
+ return -1;
+ }
+ if (status + 2 > size) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ hostlen = strlen(host);
+ rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
+ hostlen);
+ if(rr->u.mx == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ rr->u.mx->preference = (p[0] << 8) | p[1];
+ strlcpy(rr->u.mx->domain, host, hostlen + 1);
+ break;
+ }
+ case rk_ns_t_srv:{
+ size_t hostlen;
+ status = dn_expand(data, end_data, p + 6, host, sizeof(host));
+ if(status < 0){
+ dns_free_rr(rr);
+ return -1;
+ }
+ if (status + 6 > size) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ hostlen = strlen(host);
+ rr->u.srv =
+ (struct srv_record*)malloc(sizeof(struct srv_record) +
+ hostlen);
+ if(rr->u.srv == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ rr->u.srv->priority = (p[0] << 8) | p[1];
+ rr->u.srv->weight = (p[2] << 8) | p[3];
+ rr->u.srv->port = (p[4] << 8) | p[5];
+ strlcpy(rr->u.srv->target, host, hostlen + 1);
+ break;
+ }
+ case rk_ns_t_txt:{
+ if(size == 0 || size < *p + 1) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ rr->u.txt = (char*)malloc(*p + 1);
+ if(rr->u.txt == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ strncpy(rr->u.txt, (const char*)(p + 1), *p);
+ rr->u.txt[*p] = '\0';
+ break;
+ }
+ case rk_ns_t_key : {
+ size_t key_len;
+
+ if (size < 4) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ key_len = size - 4;
+ rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1);
+ if (rr->u.key == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ rr->u.key->flags = (p[0] << 8) | p[1];
+ rr->u.key->protocol = p[2];
+ rr->u.key->algorithm = p[3];
+ rr->u.key->key_len = key_len;
+ memcpy (rr->u.key->key_data, p + 4, key_len);
+ break;
+ }
+ case rk_ns_t_sig : {
+ size_t sig_len, hostlen;
+
+ if(size <= 18) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ status = dn_expand (data, end_data, p + 18, host, sizeof(host));
+ if (status < 0) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ if (status + 18 > size) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ /* the signer name is placed after the sig_data, to make it
+ easy to free this structure; the size calculation below
+ includes the zero-termination if the structure itself.
+ don't you just love C?
+ */
+ sig_len = size - 18 - status;
+ hostlen = strlen(host);
+ rr->u.sig = malloc(sizeof(*rr->u.sig)
+ + hostlen + sig_len);
+ if (rr->u.sig == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ rr->u.sig->type = (p[0] << 8) | p[1];
+ rr->u.sig->algorithm = p[2];
+ rr->u.sig->labels = p[3];
+ rr->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16)
+ | (p[6] << 8) | p[7];
+ rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
+ | (p[10] << 8) | p[11];
+ rr->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16)
+ | (p[14] << 8) | p[15];
+ rr->u.sig->key_tag = (p[16] << 8) | p[17];
+ rr->u.sig->sig_len = sig_len;
+ memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len);
+ rr->u.sig->signer = &rr->u.sig->sig_data[sig_len];
+ strlcpy(rr->u.sig->signer, host, hostlen + 1);
+ break;
+ }
+
+ case rk_ns_t_cert : {
+ size_t cert_len;
+
+ if (size < 5) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ cert_len = size - 5;
+ rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1);
+ if (rr->u.cert == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ rr->u.cert->type = (p[0] << 8) | p[1];
+ rr->u.cert->tag = (p[2] << 8) | p[3];
+ rr->u.cert->algorithm = p[4];
+ rr->u.cert->cert_len = cert_len;
+ memcpy (rr->u.cert->cert_data, p + 5, cert_len);
+ break;
+ }
+ case rk_ns_t_sshfp : {
+ size_t sshfp_len;
+
+ if (size < 2) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ sshfp_len = size - 2;
+
+ rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1);
+ if (rr->u.sshfp == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ rr->u.sshfp->algorithm = p[0];
+ rr->u.sshfp->type = p[1];
+ rr->u.sshfp->sshfp_len = sshfp_len;
+ memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len);
+ break;
+ }
+ case rk_ns_t_ds: {
+ size_t digest_len;
+
+ if (size < 4) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ digest_len = size - 4;
+
+ rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1);
+ if (rr->u.ds == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+
+ rr->u.ds->key_tag = (p[0] << 8) | p[1];
+ rr->u.ds->algorithm = p[2];
+ rr->u.ds->digest_type = p[3];
+ rr->u.ds->digest_len = digest_len;
+ memcpy (rr->u.ds->digest_data, p + 4, digest_len);
+ break;
+ }
+ default:
+ rr->u.data = (unsigned char*)malloc(size);
+ if(size != 0 && rr->u.data == NULL) {
+ dns_free_rr(rr);
+ return -1;
+ }
+ if (size)
+ memcpy(rr->u.data, p, size);
+ }
+ *pp = p + size;
+ *ret_rr = rr;
+
+ return 0;
+}
+
+#ifndef TEST_RESOLVE
+static
+#endif
+struct dns_reply*
+parse_reply(const unsigned char *data, size_t len)
+{
+ const unsigned char *p;
+ int status;
+ int i;
+ char host[MAXDNAME];
+ const unsigned char *end_data = data + len;
+ struct dns_reply *r;
+ struct resource_record **rr;
+
+ r = calloc(1, sizeof(*r));
+ if (r == NULL)
+ return NULL;
+
+ p = data;
+
+ r->h.id = (p[0] << 8) | p[1];
+ r->h.flags = 0;
+ if (p[2] & 0x01)
+ r->h.flags |= rk_DNS_HEADER_RESPONSE_FLAG;
+ r->h.opcode = (p[2] >> 1) & 0xf;
+ if (p[2] & 0x20)
+ r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER;
+ if (p[2] & 0x40)
+ r->h.flags |= rk_DNS_HEADER_TRUNCATED_MESSAGE;
+ if (p[2] & 0x80)
+ r->h.flags |= rk_DNS_HEADER_RECURSION_DESIRED;
+ if (p[3] & 0x01)
+ r->h.flags |= rk_DNS_HEADER_RECURSION_AVAILABLE;
+ if (p[3] & 0x04)
+ r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER;
+ if (p[3] & 0x08)
+ r->h.flags |= rk_DNS_HEADER_CHECKING_DISABLED;
+ r->h.response_code = (p[3] >> 4) & 0xf;
+ r->h.qdcount = (p[4] << 8) | p[5];
+ r->h.ancount = (p[6] << 8) | p[7];
+ r->h.nscount = (p[8] << 8) | p[9];
+ r->h.arcount = (p[10] << 8) | p[11];
+
+ p += 12;
+
+ if(r->h.qdcount != 1) {
+ free(r);
+ return NULL;
+ }
+ status = dn_expand(data, end_data, p, host, sizeof(host));
+ if(status < 0){
+ dns_free_data(r);
+ return NULL;
+ }
+ r->q.domain = strdup(host);
+ if(r->q.domain == NULL) {
+ dns_free_data(r);
+ return NULL;
+ }
+ if (p + status + 4 > end_data) {
+ dns_free_data(r);
+ return NULL;
+ }
+ p += status;
+ r->q.type = (p[0] << 8 | p[1]);
+ p += 2;
+ r->q.class = (p[0] << 8 | p[1]);
+ p += 2;
+
+ rr = &r->head;
+ for(i = 0; i < r->h.ancount; i++) {
+ if(parse_record(data, end_data, &p, rr) != 0) {
+ dns_free_data(r);
+ return NULL;
+ }
+ rr = &(*rr)->next;
+ }
+ for(i = 0; i < r->h.nscount; i++) {
+ if(parse_record(data, end_data, &p, rr) != 0) {
+ dns_free_data(r);
+ return NULL;
+ }
+ rr = &(*rr)->next;
+ }
+ for(i = 0; i < r->h.arcount; i++) {
+ if(parse_record(data, end_data, &p, rr) != 0) {
+ dns_free_data(r);
+ return NULL;
+ }
+ rr = &(*rr)->next;
+ }
+ *rr = NULL;
+ return r;
+}
+
+#ifdef HAVE_RES_NSEARCH
+#ifdef HAVE_RES_NDESTROY
+#define rk_res_free(x) res_ndestroy(x)
+#else
+#define rk_res_free(x) res_nclose(x)
+#endif
+#endif
+
+static struct dns_reply *
+dns_lookup_int(const char *domain, int rr_class, int rr_type)
+{
+ struct dns_reply *r;
+ unsigned char *reply = NULL;
+ int size;
+ int len;
+#ifdef HAVE_RES_NSEARCH
+ struct __res_state state;
+ memset(&state, 0, sizeof(state));
+ if(res_ninit(&state))
+ return NULL; /* is this the best we can do? */
+#elif defined(HAVE__RES)
+ u_long old_options = 0;
+#endif
+
+ size = 0;
+ len = 1000;
+ do {
+ if (reply) {
+ free(reply);
+ reply = NULL;
+ }
+ if (size <= len)
+ size = len;
+ if (_resolve_debug) {
+#ifdef HAVE_RES_NSEARCH
+ state.options |= RES_DEBUG;
+#elif defined(HAVE__RES)
+ old_options = _res.options;
+ _res.options |= RES_DEBUG;
+#endif
+ fprintf(stderr, "dns_lookup(%s, %d, %s), buffer size %d\n", domain,
+ rr_class, dns_type_to_string(rr_type), size);
+ }
+ reply = malloc(size);
+ if (reply == NULL) {
+#ifdef HAVE_RES_NSEARCH
+ rk_res_free(&state);
+#endif
+ return NULL;
+ }
+#ifdef HAVE_RES_NSEARCH
+ len = res_nsearch(&state, domain, rr_class, rr_type, reply, size);
+#else
+ len = res_search(domain, rr_class, rr_type, reply, size);
+#endif
+ if (_resolve_debug) {
+#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH)
+ _res.options = old_options;
+#endif
+ fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
+ domain, rr_class, dns_type_to_string(rr_type), len);
+ }
+ if (len < 0) {
+#ifdef HAVE_RES_NSEARCH
+ rk_res_free(&state);
+#endif
+ free(reply);
+ return NULL;
+ }
+ } while (size < len && len < rk_DNS_MAX_PACKET_SIZE);
+#ifdef HAVE_RES_NSEARCH
+ rk_res_free(&state);
+#endif
+
+ len = min(len, size);
+ r = parse_reply(reply, len);
+ free(reply);
+ return r;
+}
+
+struct dns_reply * ROKEN_LIB_FUNCTION
+dns_lookup(const char *domain, const char *type_name)
+{
+ int type;
+
+ type = dns_string_to_type(type_name);
+ if(type == -1) {
+ if(_resolve_debug)
+ fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n",
+ type_name);
+ return NULL;
+ }
+ return dns_lookup_int(domain, C_IN, type);
+}
+
+static int
+compare_srv(const void *a, const void *b)
+{
+ const struct resource_record *const* aa = a, *const* bb = b;
+
+ if((*aa)->u.srv->priority == (*bb)->u.srv->priority)
+ return ((*aa)->u.srv->weight - (*bb)->u.srv->weight);
+ return ((*aa)->u.srv->priority - (*bb)->u.srv->priority);
+}
+
+#ifndef HAVE_RANDOM
+#define random() rand()
+#endif
+
+/* try to rearrange the srv-records by the algorithm in RFC2782 */
+void ROKEN_LIB_FUNCTION
+dns_srv_order(struct dns_reply *r)
+{
+ struct resource_record **srvs, **ss, **headp;
+ struct resource_record *rr;
+ int num_srv = 0;
+
+#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
+ int state[256 / sizeof(int)];
+ char *oldstate;
+#endif
+
+ for(rr = r->head; rr; rr = rr->next)
+ if(rr->type == rk_ns_t_srv)
+ num_srv++;
+
+ if(num_srv == 0)
+ return;
+
+ srvs = malloc(num_srv * sizeof(*srvs));
+ if(srvs == NULL)
+ return; /* XXX not much to do here */
+
+ /* unlink all srv-records from the linked list and put them in
+ a vector */
+ for(ss = srvs, headp = &r->head; *headp; )
+ if((*headp)->type == rk_ns_t_srv) {
+ *ss = *headp;
+ *headp = (*headp)->next;
+ (*ss)->next = NULL;
+ ss++;
+ } else
+ headp = &(*headp)->next;
+
+ /* sort them by priority and weight */
+ qsort(srvs, num_srv, sizeof(*srvs), compare_srv);
+
+#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
+ oldstate = initstate(time(NULL), (char*)state, sizeof(state));
+#endif
+
+ headp = &r->head;
+
+ for(ss = srvs; ss < srvs + num_srv; ) {
+ int sum, rnd, count;
+ struct resource_record **ee, **tt;
+ /* find the last record with the same priority and count the
+ sum of all weights */
+ for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) {
+ assert(*tt != NULL);
+ if((*tt)->u.srv->priority != (*ss)->u.srv->priority)
+ break;
+ sum += (*tt)->u.srv->weight;
+ }
+ ee = tt;
+ /* ss is now the first record of this priority and ee is the
+ first of the next */
+ while(ss < ee) {
+ rnd = random() % (sum + 1);
+ for(count = 0, tt = ss; ; tt++) {
+ if(*tt == NULL)
+ continue;
+ count += (*tt)->u.srv->weight;
+ if(count >= rnd)
+ break;
+ }
+
+ assert(tt < ee);
+
+ /* insert the selected record at the tail (of the head) of
+ the list */
+ (*tt)->next = *headp;
+ *headp = *tt;
+ headp = &(*tt)->next;
+ sum -= (*tt)->u.srv->weight;
+ *tt = NULL;
+ while(ss < ee && *ss == NULL)
+ ss++;
+ }
+ }
+
+#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE)
+ setstate(oldstate);
+#endif
+ free(srvs);
+ return;
+}
+
+#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */
+
+struct dns_reply * ROKEN_LIB_FUNCTION
+dns_lookup(const char *domain, const char *type_name)
+{
+ return NULL;
+}
+
+void ROKEN_LIB_FUNCTION
+dns_free_data(struct dns_reply *r)
+{
+}
+
+void ROKEN_LIB_FUNCTION
+dns_srv_order(struct dns_reply *r)
+{
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/resolve.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/resolve.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/resolve.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 1995 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: resolve.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __RESOLVE_H__
+#define __RESOLVE_H__
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+typedef enum {
+ rk_ns_t_invalid = 0, /* Cookie. */
+ rk_ns_t_a = 1, /* Host address. */
+ rk_ns_t_ns = 2, /* Authoritative server. */
+ rk_ns_t_md = 3, /* Mail destination. */
+ rk_ns_t_mf = 4, /* Mail forwarder. */
+ rk_ns_t_cname = 5, /* Canonical name. */
+ rk_ns_t_soa = 6, /* Start of authority zone. */
+ rk_ns_t_mb = 7, /* Mailbox domain name. */
+ rk_ns_t_mg = 8, /* Mail group member. */
+ rk_ns_t_mr = 9, /* Mail rename name. */
+ rk_ns_t_null = 10, /* Null resource record. */
+ rk_ns_t_wks = 11, /* Well known service. */
+ rk_ns_t_ptr = 12, /* Domain name pointer. */
+ rk_ns_t_hinfo = 13, /* Host information. */
+ rk_ns_t_minfo = 14, /* Mailbox information. */
+ rk_ns_t_mx = 15, /* Mail routing information. */
+ rk_ns_t_txt = 16, /* Text strings. */
+ rk_ns_t_rp = 17, /* Responsible person. */
+ rk_ns_t_afsdb = 18, /* AFS cell database. */
+ rk_ns_t_x25 = 19, /* X_25 calling address. */
+ rk_ns_t_isdn = 20, /* ISDN calling address. */
+ rk_ns_t_rt = 21, /* Router. */
+ rk_ns_t_nsap = 22, /* NSAP address. */
+ rk_ns_t_nsap_ptr = 23, /* Reverse NSAP lookup (deprecated). */
+ rk_ns_t_sig = 24, /* Security signature. */
+ rk_ns_t_key = 25, /* Security key. */
+ rk_ns_t_px = 26, /* X.400 mail mapping. */
+ rk_ns_t_gpos = 27, /* Geographical position (withdrawn). */
+ rk_ns_t_aaaa = 28, /* Ip6 Address. */
+ rk_ns_t_loc = 29, /* Location Information. */
+ rk_ns_t_nxt = 30, /* Next domain (security). */
+ rk_ns_t_eid = 31, /* Endpoint identifier. */
+ rk_ns_t_nimloc = 32, /* Nimrod Locator. */
+ rk_ns_t_srv = 33, /* Server Selection. */
+ rk_ns_t_atma = 34, /* ATM Address */
+ rk_ns_t_naptr = 35, /* Naming Authority PoinTeR */
+ rk_ns_t_kx = 36, /* Key Exchange */
+ rk_ns_t_cert = 37, /* Certification record */
+ rk_ns_t_a6 = 38, /* IPv6 address (deprecates AAAA) */
+ rk_ns_t_dname = 39, /* Non-terminal DNAME (for IPv6) */
+ rk_ns_t_sink = 40, /* Kitchen sink (experimentatl) */
+ rk_ns_t_opt = 41, /* EDNS0 option (meta-RR) */
+ rk_ns_t_apl = 42, /* Address prefix list (RFC 3123) */
+ rk_ns_t_ds = 43, /* Delegation Signer (RFC 3658) */
+ rk_ns_t_sshfp = 44, /* SSH fingerprint */
+ rk_ns_t_tkey = 249, /* Transaction key */
+ rk_ns_t_tsig = 250, /* Transaction signature. */
+ rk_ns_t_ixfr = 251, /* Incremental zone transfer. */
+ rk_ns_t_axfr = 252, /* Transfer zone of authority. */
+ rk_ns_t_mailb = 253, /* Transfer mailbox records. */
+ rk_ns_t_maila = 254, /* Transfer mail agent records. */
+ rk_ns_t_any = 255, /* Wildcard match. */
+ rk_ns_t_zxfr = 256, /* BIND-specific, nonstandard. */
+ rk_ns_t_max = 65536
+} rk_ns_type;
+
+/* We use these, but they are not always present in <arpa/nameser.h> */
+
+#ifndef C_IN
+#define C_IN 1
+#endif
+
+#ifndef T_A
+#define T_A 1
+#endif
+#ifndef T_NS
+#define T_NS 2
+#endif
+#ifndef T_CNAME
+#define T_CNAME 5
+#endif
+#ifndef T_SOA
+#define T_SOA 5
+#endif
+#ifndef T_PTR
+#define T_PTR 12
+#endif
+#ifndef T_MX
+#define T_MX 15
+#endif
+#ifndef T_TXT
+#define T_TXT 16
+#endif
+#ifndef T_AFSDB
+#define T_AFSDB 18
+#endif
+#ifndef T_SIG
+#define T_SIG 24
+#endif
+#ifndef T_KEY
+#define T_KEY 25
+#endif
+#ifndef T_AAAA
+#define T_AAAA 28
+#endif
+#ifndef T_SRV
+#define T_SRV 33
+#endif
+#ifndef T_NAPTR
+#define T_NAPTR 35
+#endif
+#ifndef T_CERT
+#define T_CERT 37
+#endif
+#ifndef T_SSHFP
+#define T_SSHFP 44
+#endif
+
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+
+#define dns_query rk_dns_query
+#define mx_record rk_mx_record
+#define srv_record rk_srv_record
+#define key_record rk_key_record
+#define sig_record rk_sig_record
+#define cert_record rk_cert_record
+#define sshfp_record rk_sshfp_record
+#define resource_record rk_resource_record
+#define dns_reply rk_dns_reply
+
+#define dns_lookup rk_dns_lookup
+#define dns_free_data rk_dns_free_data
+#define dns_string_to_type rk_dns_string_to_type
+#define dns_type_to_string rk_dns_type_to_string
+#define dns_srv_order rk_dns_srv_order
+
+struct dns_query{
+ char *domain;
+ unsigned type;
+ unsigned class;
+};
+
+struct mx_record{
+ unsigned preference;
+ char domain[1];
+};
+
+struct srv_record{
+ unsigned priority;
+ unsigned weight;
+ unsigned port;
+ char target[1];
+};
+
+struct key_record {
+ unsigned flags;
+ unsigned protocol;
+ unsigned algorithm;
+ size_t key_len;
+ u_char key_data[1];
+};
+
+struct sig_record {
+ unsigned type;
+ unsigned algorithm;
+ unsigned labels;
+ unsigned orig_ttl;
+ unsigned sig_expiration;
+ unsigned sig_inception;
+ unsigned key_tag;
+ char *signer;
+ unsigned sig_len;
+ char sig_data[1]; /* also includes signer */
+};
+
+struct cert_record {
+ unsigned type;
+ unsigned tag;
+ unsigned algorithm;
+ size_t cert_len;
+ u_char cert_data[1];
+};
+
+struct sshfp_record {
+ unsigned algorithm;
+ unsigned type;
+ size_t sshfp_len;
+ u_char sshfp_data[1];
+};
+
+struct ds_record {
+ unsigned key_tag;
+ unsigned algorithm;
+ unsigned digest_type;
+ unsigned digest_len;
+ u_char digest_data[1];
+};
+
+struct resource_record{
+ char *domain;
+ unsigned type;
+ unsigned class;
+ unsigned ttl;
+ unsigned size;
+ union {
+ void *data;
+ struct mx_record *mx;
+ struct mx_record *afsdb; /* mx and afsdb are identical */
+ struct srv_record *srv;
+ struct in_addr *a;
+ char *txt;
+ struct key_record *key;
+ struct cert_record *cert;
+ struct sig_record *sig;
+ struct sshfp_record *sshfp;
+ struct ds_record *ds;
+ }u;
+ struct resource_record *next;
+};
+
+#define rk_DNS_MAX_PACKET_SIZE 0xffff
+
+struct dns_header {
+ unsigned id;
+ unsigned flags;
+#define rk_DNS_HEADER_RESPONSE_FLAG 1
+#define rk_DNS_HEADER_AUTHORITIVE_ANSWER 2
+#define rk_DNS_HEADER_TRUNCATED_MESSAGE 4
+#define rk_DNS_HEADER_RECURSION_DESIRED 8
+#define rk_DNS_HEADER_RECURSION_AVAILABLE 16
+#define rk_DNS_HEADER_AUTHENTIC_DATA 32
+#define rk_DNS_HEADER_CHECKING_DISABLED 64
+ unsigned opcode;
+ unsigned response_code;
+ unsigned qdcount;
+ unsigned ancount;
+ unsigned nscount;
+ unsigned arcount;
+};
+
+struct dns_reply{
+ struct dns_header h;
+ struct dns_query q;
+ struct resource_record *head;
+};
+
+
+struct dns_reply* ROKEN_LIB_FUNCTION
+ dns_lookup(const char *, const char *);
+void ROKEN_LIB_FUNCTION
+ dns_free_data(struct dns_reply *);
+int ROKEN_LIB_FUNCTION
+ dns_string_to_type(const char *name);
+const char *ROKEN_LIB_FUNCTION
+ dns_type_to_string(int type);
+void ROKEN_LIB_FUNCTION
+ dns_srv_order(struct dns_reply*);
+
+#endif /* __RESOLVE_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/roken-common.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/roken-common.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/roken-common.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,405 @@
+/*
+ * Copyright (c) 1995 - 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken-common.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __ROKEN_COMMON_H__
+#define __ROKEN_COMMON_H__
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#ifdef __cplusplus
+#define ROKEN_CPP_START extern "C" {
+#define ROKEN_CPP_END }
+#else
+#define ROKEN_CPP_START
+#define ROKEN_CPP_END
+#endif
+
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+#ifndef INADDR_LOOPBACK
+#define INADDR_LOOPBACK 0x7f000001
+#endif
+
+#ifndef SOMAXCONN
+#define SOMAXCONN 5
+#endif
+
+#ifndef STDIN_FILENO
+#define STDIN_FILENO 0
+#endif
+
+#ifndef STDOUT_FILENO
+#define STDOUT_FILENO 1
+#endif
+
+#ifndef STDERR_FILENO
+#define STDERR_FILENO 2
+#endif
+
+#ifndef max
+#define max(a,b) (((a)>(b))?(a):(b))
+#endif
+
+#ifndef min
+#define min(a,b) (((a)<(b))?(a):(b))
+#endif
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+#ifndef LOG_DAEMON
+#define openlog(id,option,facility) openlog((id),(option))
+#define LOG_DAEMON 0
+#endif
+#ifndef LOG_ODELAY
+#define LOG_ODELAY 0
+#endif
+#ifndef LOG_NDELAY
+#define LOG_NDELAY 0x08
+#endif
+#ifndef LOG_CONS
+#define LOG_CONS 0
+#endif
+#ifndef LOG_AUTH
+#define LOG_AUTH 0
+#endif
+#ifndef LOG_AUTHPRIV
+#define LOG_AUTHPRIV LOG_AUTH
+#endif
+
+#ifndef F_OK
+#define F_OK 0
+#endif
+
+#ifndef O_ACCMODE
+#define O_ACCMODE 003
+#endif
+
+#ifndef _PATH_DEV
+#define _PATH_DEV "/dev/"
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef _PATH_HEQUIV
+#define _PATH_HEQUIV "/etc/hosts.equiv"
+#endif
+
+#ifndef _PATH_VARRUN
+#define _PATH_VARRUN "/var/run/"
+#endif
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
+#endif
+
+#ifndef MAXPATHLEN
+#define MAXPATHLEN (1024+4)
+#endif
+
+#ifndef SIG_ERR
+#define SIG_ERR ((RETSIGTYPE (*)(int))-1)
+#endif
+
+/*
+ * error code for getipnodeby{name,addr}
+ */
+
+#ifndef HOST_NOT_FOUND
+#define HOST_NOT_FOUND 1
+#endif
+
+#ifndef TRY_AGAIN
+#define TRY_AGAIN 2
+#endif
+
+#ifndef NO_RECOVERY
+#define NO_RECOVERY 3
+#endif
+
+#ifndef NO_DATA
+#define NO_DATA 4
+#endif
+
+#ifndef NO_ADDRESS
+#define NO_ADDRESS NO_DATA
+#endif
+
+/*
+ * error code for getaddrinfo
+ */
+
+#ifndef EAI_NOERROR
+#define EAI_NOERROR 0 /* no error */
+#endif
+
+#ifndef EAI_NONAME
+
+#define EAI_ADDRFAMILY 1 /* address family for nodename not supported */
+#define EAI_AGAIN 2 /* temporary failure in name resolution */
+#define EAI_BADFLAGS 3 /* invalid value for ai_flags */
+#define EAI_FAIL 4 /* non-recoverable failure in name resolution */
+#define EAI_FAMILY 5 /* ai_family not supported */
+#define EAI_MEMORY 6 /* memory allocation failure */
+#define EAI_NODATA 7 /* no address associated with nodename */
+#define EAI_NONAME 8 /* nodename nor servname provided, or not known */
+#define EAI_SERVICE 9 /* servname not supported for ai_socktype */
+#define EAI_SOCKTYPE 10 /* ai_socktype not supported */
+#define EAI_SYSTEM 11 /* system error returned in errno */
+
+#endif /* EAI_NONAME */
+
+/* flags for getaddrinfo() */
+
+#ifndef AI_PASSIVE
+#define AI_PASSIVE 0x01
+#define AI_CANONNAME 0x02
+#endif /* AI_PASSIVE */
+
+#ifndef AI_NUMERICHOST
+#define AI_NUMERICHOST 0x04
+#endif
+
+/* flags for getnameinfo() */
+
+#ifndef NI_DGRAM
+#define NI_DGRAM 0x01
+#define NI_NAMEREQD 0x02
+#define NI_NOFQDN 0x04
+#define NI_NUMERICHOST 0x08
+#define NI_NUMERICSERV 0x10
+#endif
+
+/*
+ * constants for getnameinfo
+ */
+
+#ifndef NI_MAXHOST
+#define NI_MAXHOST 1025
+#define NI_MAXSERV 32
+#endif
+
+/*
+ * constants for inet_ntop
+ */
+
+#ifndef INET_ADDRSTRLEN
+#define INET_ADDRSTRLEN 16
+#endif
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46
+#endif
+
+/*
+ * for shutdown(2)
+ */
+
+#ifndef SHUT_RD
+#define SHUT_RD 0
+#endif
+
+#ifndef SHUT_WR
+#define SHUT_WR 1
+#endif
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+ROKEN_CPP_START
+
+#ifndef IRIX4 /* fix for compiler bug */
+#ifdef RETSIGTYPE
+typedef RETSIGTYPE (*SigAction)(int);
+SigAction signal(int iSig, SigAction pAction); /* BSD compatible */
+#endif
+#endif
+
+int ROKEN_LIB_FUNCTION
+simple_execve(const char*, char*const[], char*const[]);
+
+int ROKEN_LIB_FUNCTION
+simple_execve_timed(const char *, char *const[],
+ char *const [], time_t (*)(void *),
+ void *, time_t);
+int ROKEN_LIB_FUNCTION
+simple_execvp(const char*, char *const[]);
+
+int ROKEN_LIB_FUNCTION
+simple_execvp_timed(const char *, char *const[],
+ time_t (*)(void *), void *, time_t);
+int ROKEN_LIB_FUNCTION
+simple_execlp(const char*, ...);
+
+int ROKEN_LIB_FUNCTION
+simple_execle(const char*, ...);
+
+int ROKEN_LIB_FUNCTION
+simple_execl(const char *file, ...);
+
+int ROKEN_LIB_FUNCTION
+wait_for_process(pid_t);
+
+int ROKEN_LIB_FUNCTION
+wait_for_process_timed(pid_t, time_t (*)(void *),
+ void *, time_t);
+int ROKEN_LIB_FUNCTION
+pipe_execv(FILE**, FILE**, FILE**, const char*, ...);
+
+void ROKEN_LIB_FUNCTION
+print_version(const char *);
+
+ssize_t ROKEN_LIB_FUNCTION
+eread (int fd, void *buf, size_t nbytes);
+
+ssize_t ROKEN_LIB_FUNCTION
+ewrite (int fd, const void *buf, size_t nbytes);
+
+struct hostent;
+
+const char * ROKEN_LIB_FUNCTION
+hostent_find_fqdn (const struct hostent *);
+
+void ROKEN_LIB_FUNCTION
+esetenv(const char *, const char *, int);
+
+void ROKEN_LIB_FUNCTION
+socket_set_address_and_port (struct sockaddr *, const void *, int);
+
+size_t ROKEN_LIB_FUNCTION
+socket_addr_size (const struct sockaddr *);
+
+void ROKEN_LIB_FUNCTION
+socket_set_any (struct sockaddr *, int);
+
+size_t ROKEN_LIB_FUNCTION
+socket_sockaddr_size (const struct sockaddr *);
+
+void * ROKEN_LIB_FUNCTION
+socket_get_address (struct sockaddr *);
+
+int ROKEN_LIB_FUNCTION
+socket_get_port (const struct sockaddr *);
+
+void ROKEN_LIB_FUNCTION
+socket_set_port (struct sockaddr *, int);
+
+void ROKEN_LIB_FUNCTION
+socket_set_portrange (int, int, int);
+
+void ROKEN_LIB_FUNCTION
+socket_set_debug (int);
+
+void ROKEN_LIB_FUNCTION
+socket_set_tos (int, int);
+
+void ROKEN_LIB_FUNCTION
+socket_set_reuseaddr (int, int);
+
+void ROKEN_LIB_FUNCTION
+socket_set_ipv6only (int, int);
+
+char ** ROKEN_LIB_FUNCTION
+vstrcollect(va_list *ap);
+
+char ** ROKEN_LIB_FUNCTION
+strcollect(char *first, ...);
+
+void ROKEN_LIB_FUNCTION
+timevalfix(struct timeval *t1);
+
+void ROKEN_LIB_FUNCTION
+timevaladd(struct timeval *t1, const struct timeval *t2);
+
+void ROKEN_LIB_FUNCTION
+timevalsub(struct timeval *t1, const struct timeval *t2);
+
+char *ROKEN_LIB_FUNCTION
+pid_file_write (const char *progname);
+
+void ROKEN_LIB_FUNCTION
+pid_file_delete (char **);
+
+int ROKEN_LIB_FUNCTION
+read_environment(const char *file, char ***env);
+
+void ROKEN_LIB_FUNCTION
+free_environment(char **);
+
+void ROKEN_LIB_FUNCTION
+warnerr(int doerrno, const char *fmt, va_list ap)
+ __attribute__ ((format (printf, 2, 0)));
+
+void * ROKEN_LIB_FUNCTION
+rk_realloc(void *, size_t);
+
+struct rk_strpool;
+
+char * ROKEN_LIB_FUNCTION
+rk_strpoolcollect(struct rk_strpool *);
+
+struct rk_strpool * ROKEN_LIB_FUNCTION
+rk_strpoolprintf(struct rk_strpool *, const char *, ...)
+ __attribute__ ((format (printf, 2, 3)));
+
+void ROKEN_LIB_FUNCTION
+rk_strpoolfree(struct rk_strpool *);
+
+void ROKEN_LIB_FUNCTION
+rk_dumpdata (const char *, const void *, size_t);
+
+ROKEN_CPP_END
+
+#endif /* __ROKEN_COMMON_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/roken.awk
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/roken.awk (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/roken.awk 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,40 @@
+# $Id: roken.awk,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $
+
+BEGIN {
+ print "#ifdef HAVE_CONFIG_H"
+ print "#include <config.h>"
+ print "#endif"
+ print "#include <stdio.h>"
+ print ""
+ print "int main(int argc, char **argv)"
+ print "{"
+ print "puts(\"/* This is an OS dependent, generated file */\");"
+ print "puts(\"\\n\");"
+ print "puts(\"#ifndef __ROKEN_H__\");"
+ print "puts(\"#define __ROKEN_H__\");"
+ print "puts(\"\");"
+}
+
+$1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#elif" || $1 == "#endif" {
+ print $0;
+ next
+}
+
+{
+ s = ""
+ for(i = 1; i <= length; i++){
+ x = substr($0, i, 1)
+ if(x == "\"" || x == "\\")
+ s = s "\\";
+ s = s x;
+ }
+ print "puts(\"" s "\");"
+}
+
+END {
+ print "puts(\"#define ROKEN_VERSION \" VERSION );"
+ print "puts(\"\");"
+ print "puts(\"#endif /* __ROKEN_H__ */\");"
+ print "return 0;"
+ print "}"
+}
Added: vendor-crypto/heimdal/dist/lib/roken/roken.h.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/roken.h.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/roken.h.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,706 @@
+/* -*- C -*- */
+/*
+ * Copyright (c) 1995-2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken.h.in,v 1.2 2012-11-27 01:44:45 laffer1 Exp $ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <string.h>
+#include <signal.h>
+
+#ifdef _AIX
+struct ether_addr;
+struct sockaddr_dl;
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_BIND_BITYPES_H
+#include <bind/bitypes.h>
+#endif
+#ifdef HAVE_NETINET_IN6_MACHTYPES_H
+#include <netinet/in6_machtypes.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET6_IN6_H
+#include <netinet6/in6.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_RESOLV_H
+#include <resolv.h>
+#endif
+#ifdef HAVE_SYSLOG_H
+#include <syslog.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#include <err.h>
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
+#include <sys/ioctl.h>
+#endif
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifndef HAVE_SSIZE_T
+typedef int ssize_t;
+#endif
+
+#include <roken-common.h>
+
+ROKEN_CPP_START
+
+#ifdef HAVE_UINTPTR_T
+#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x))
+#else
+#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x))
+#endif
+
+#if !defined(HAVE_SETSID) && defined(HAVE__SETSID)
+#define setsid _setsid
+#endif
+
+#ifndef HAVE_PUTENV
+int ROKEN_LIB_FUNCTION putenv(const char *);
+#endif
+
+#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO)
+int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int);
+#endif
+
+#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO)
+void ROKEN_LIB_FUNCTION unsetenv(const char *);
+#endif
+
+#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO)
+char * ROKEN_LIB_FUNCTION getusershell(void);
+void ROKEN_LIB_FUNCTION endusershell(void);
+#endif
+
+#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO)
+int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...)
+ __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO)
+int ROKEN_LIB_FUNCTION
+ vsnprintf (char *, size_t, const char *, va_list)
+ __attribute__((format (printf, 3, 0)));
+#endif
+
+#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO)
+int ROKEN_LIB_FUNCTION
+ asprintf (char **, const char *, ...)
+ __attribute__ ((format (printf, 2, 3)));
+#endif
+
+#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO)
+int ROKEN_LIB_FUNCTION
+ vasprintf (char **, const char *, va_list)
+ __attribute__((format (printf, 2, 0)));
+#endif
+
+#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO)
+int ROKEN_LIB_FUNCTION
+ asnprintf (char **, size_t, const char *, ...)
+ __attribute__ ((format (printf, 3, 4)));
+#endif
+
+#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO)
+int ROKEN_LIB_FUNCTION
+ vasnprintf (char **, size_t, const char *, va_list)
+ __attribute__((format (printf, 3, 0)));
+#endif
+
+#ifndef HAVE_STRDUP
+char * ROKEN_LIB_FUNCTION strdup(const char *);
+#endif
+
+#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO)
+char * ROKEN_LIB_FUNCTION strndup(const char *, size_t);
+#endif
+
+#ifndef HAVE_STRLWR
+char * ROKEN_LIB_FUNCTION strlwr(char *);
+#endif
+
+#ifndef HAVE_STRNLEN
+size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t);
+#endif
+
+#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO)
+char * ROKEN_LIB_FUNCTION strsep(char**, const char*);
+#endif
+
+#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO)
+ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t);
+#endif
+
+#ifndef HAVE_STRCASECMP
+int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *);
+#endif
+
+#ifdef NEED_FCLOSE_PROTO
+int ROKEN_LIB_FUNCTION fclose(FILE *);
+#endif
+
+#ifdef NEED_STRTOK_R_PROTO
+char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **);
+#endif
+
+#ifndef HAVE_STRUPR
+char * ROKEN_LIB_FUNCTION strupr(char *);
+#endif
+
+#ifndef HAVE_STRLCPY
+size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t);
+#endif
+
+#ifndef HAVE_GETDTABLESIZE
+int ROKEN_LIB_FUNCTION getdtablesize(void);
+#endif
+
+#if !defined(HAVE_STRERROR) && !defined(strerror)
+char * ROKEN_LIB_FUNCTION strerror(int);
+#endif
+
+#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
+/* This causes a fatal error under Psoriasis */
+#if !(defined(SunOS) && (SunOS >= 50))
+const char * ROKEN_LIB_FUNCTION hstrerror(int);
+#endif
+#endif
+
+#if !HAVE_DECL_H_ERRNO
+extern int h_errno;
+#endif
+
+#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO)
+int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *);
+#endif
+
+#ifndef HAVE_INET_NTOP
+const char * ROKEN_LIB_FUNCTION
+inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#ifndef HAVE_INET_PTON
+int ROKEN_LIB_FUNCTION
+inet_pton(int, const char *, void *);
+#endif
+
+#if !defined(HAVE_GETCWD)
+char* ROKEN_LIB_FUNCTION getcwd(char *, size_t);
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *);
+struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t);
+#endif
+
+const char * ROKEN_LIB_FUNCTION get_default_username (void);
+
+#ifndef HAVE_SETEUID
+int ROKEN_LIB_FUNCTION seteuid(uid_t);
+#endif
+
+#ifndef HAVE_SETEGID
+int ROKEN_LIB_FUNCTION setegid(gid_t);
+#endif
+
+#ifndef HAVE_LSTAT
+int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *);
+#endif
+
+#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO)
+int ROKEN_LIB_FUNCTION mkstemp(char *);
+#endif
+
+#ifndef HAVE_CGETENT
+int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *);
+int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **);
+#endif
+
+#ifndef HAVE_INITGROUPS
+int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t);
+#endif
+
+#ifndef HAVE_FCHOWN
+int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t);
+#endif
+
+#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO)
+int ROKEN_LIB_FUNCTION daemon(int, int);
+#endif
+
+#ifndef HAVE_INNETGR
+int ROKEN_LIB_FUNCTION innetgr(const char *, const char *,
+ const char *, const char *);
+#endif
+
+#ifndef HAVE_CHOWN
+int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t);
+#endif
+
+#ifndef HAVE_RCMD
+int ROKEN_LIB_FUNCTION
+ rcmd(char **, unsigned short, const char *,
+ const char *, const char *, int *);
+#endif
+
+#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO)
+int ROKEN_LIB_FUNCTION innetgr(const char*, const char*,
+ const char*, const char*);
+#endif
+
+#ifndef HAVE_IRUSEROK
+int ROKEN_LIB_FUNCTION iruserok(unsigned, int,
+ const char *, const char *);
+#endif
+
+#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO)
+int ROKEN_LIB_FUNCTION gethostname(char *, int);
+#endif
+
+#ifndef HAVE_WRITEV
+ssize_t ROKEN_LIB_FUNCTION
+writev(int, const struct iovec *, int);
+#endif
+
+#ifndef HAVE_READV
+ssize_t ROKEN_LIB_FUNCTION
+readv(int, const struct iovec *, int);
+#endif
+
+#ifndef HAVE_MKSTEMP
+int ROKEN_LIB_FUNCTION
+mkstemp(char *);
+#endif
+
+#ifndef HAVE_PIDFILE
+void ROKEN_LIB_FUNCTION pidfile (const char*);
+#endif
+
+#ifndef HAVE_BSWAP32
+unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int);
+#endif
+
+#ifndef HAVE_BSWAP16
+unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short);
+#endif
+
+#ifndef HAVE_FLOCK
+#ifndef LOCK_SH
+#define LOCK_SH 1 /* Shared lock */
+#endif
+#ifndef LOCK_EX
+#define LOCK_EX 2 /* Exclusive lock */
+#endif
+#ifndef LOCK_NB
+#define LOCK_NB 4 /* Don't block when locking */
+#endif
+#ifndef LOCK_UN
+#define LOCK_UN 8 /* Unlock */
+#endif
+
+int flock(int fd, int operation);
+#endif /* HAVE_FLOCK */
+
+time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int);
+
+int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *);
+
+int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...);
+
+size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...);
+
+int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list);
+
+size_t ROKEN_LIB_FUNCTION
+ roken_vmconcat (char **, size_t, va_list);
+
+ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t);
+
+ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t);
+
+int ROKEN_LIB_FUNCTION issuid(void);
+
+#ifndef HAVE_STRUCT_WINSIZE
+struct winsize {
+ unsigned short ws_row, ws_col;
+ unsigned short ws_xpixel, ws_ypixel;
+};
+#endif
+
+int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *);
+
+#ifndef HAVE_VSYSLOG
+void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list);
+#endif
+
+#if !HAVE_DECL_OPTARG
+extern char *optarg;
+#endif
+#if !HAVE_DECL_OPTIND
+extern int optind;
+#endif
+#if !HAVE_DECL_OPTERR
+extern int opterr;
+#endif
+
+#if !HAVE_DECL_ENVIRON
+extern char **environ;
+#endif
+
+#ifndef HAVE_GETIPNODEBYNAME
+struct hostent * ROKEN_LIB_FUNCTION
+getipnodebyname (const char *, int, int, int *);
+#endif
+
+#ifndef HAVE_GETIPNODEBYADDR
+struct hostent * ROKEN_LIB_FUNCTION
+getipnodebyaddr (const void *, size_t, int, int *);
+#endif
+
+#ifndef HAVE_FREEHOSTENT
+void ROKEN_LIB_FUNCTION
+freehostent (struct hostent *);
+#endif
+
+#ifndef HAVE_COPYHOSTENT
+struct hostent * ROKEN_LIB_FUNCTION
+copyhostent (const struct hostent *);
+#endif
+
+#ifndef HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+
+#ifndef HAVE_SA_FAMILY_T
+typedef unsigned short sa_family_t;
+#endif
+
+#ifdef HAVE_IPV6
+#define _SS_MAXSIZE sizeof(struct sockaddr_in6)
+#else
+#define _SS_MAXSIZE sizeof(struct sockaddr_in)
+#endif
+
+#define _SS_ALIGNSIZE sizeof(unsigned long)
+
+#if HAVE_STRUCT_SOCKADDR_SA_LEN
+
+typedef unsigned char roken_sa_family_t;
+
+#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE)
+#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
+
+struct sockaddr_storage {
+ unsigned char ss_len;
+ roken_sa_family_t ss_family;
+ char __ss_pad1[_SS_PAD1SIZE];
+ unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
+};
+
+#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+typedef unsigned short roken_sa_family_t;
+
+#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE)
+#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE))
+
+struct sockaddr_storage {
+ roken_sa_family_t ss_family;
+ char __ss_pad1[_SS_PAD1SIZE];
+ unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1];
+};
+
+#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */
+
+#ifndef HAVE_STRUCT_ADDRINFO
+struct addrinfo {
+ int ai_flags;
+ int ai_family;
+ int ai_socktype;
+ int ai_protocol;
+ size_t ai_addrlen;
+ char *ai_canonname;
+ struct sockaddr *ai_addr;
+ struct addrinfo *ai_next;
+};
+#endif
+
+#ifndef HAVE_GETADDRINFO
+int ROKEN_LIB_FUNCTION
+getaddrinfo(const char *,
+ const char *,
+ const struct addrinfo *,
+ struct addrinfo **);
+#endif
+
+#ifndef HAVE_GETNAMEINFO
+int ROKEN_LIB_FUNCTION
+getnameinfo(const struct sockaddr *, socklen_t,
+ char *, size_t,
+ char *, size_t,
+ int);
+#endif
+
+#ifndef HAVE_FREEADDRINFO
+void ROKEN_LIB_FUNCTION
+freeaddrinfo(struct addrinfo *);
+#endif
+
+#ifndef HAVE_GAI_STRERROR
+const char * ROKEN_LIB_FUNCTION
+gai_strerror(int);
+#endif
+
+int ROKEN_LIB_FUNCTION
+getnameinfo_verified(const struct sockaddr *, socklen_t,
+ char *, size_t,
+ char *, size_t,
+ int);
+
+int ROKEN_LIB_FUNCTION
+roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **);
+int ROKEN_LIB_FUNCTION
+roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **);
+
+#ifndef HAVE_STRFTIME
+size_t ROKEN_LIB_FUNCTION
+strftime (char *, size_t, const char *, const struct tm *);
+#endif
+
+#ifndef HAVE_STRPTIME
+char * ROKEN_LIB_FUNCTION
+strptime (const char *, const char *, struct tm *);
+#endif
+
+#ifndef HAVE_EMALLOC
+void * ROKEN_LIB_FUNCTION emalloc (size_t);
+#endif
+#ifndef HAVE_ECALLOC
+void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t);
+#endif
+#ifndef HAVE_EREALLOC
+void * ROKEN_LIB_FUNCTION erealloc (void *, size_t);
+#endif
+#ifndef HAVE_ESTRDUP
+char * ROKEN_LIB_FUNCTION estrdup (const char *);
+#endif
+
+/*
+ * kludges and such
+ */
+
+#if 1
+int ROKEN_LIB_FUNCTION
+roken_gethostby_setup(const char*, const char*);
+struct hostent* ROKEN_LIB_FUNCTION
+roken_gethostbyname(const char*);
+struct hostent* ROKEN_LIB_FUNCTION
+roken_gethostbyaddr(const void*, size_t, int);
+#else
+#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE
+#define roken_gethostbyname(x) gethostbyname(x)
+#else
+#define roken_gethostbyname(x) gethostbyname((char *)x)
+#endif
+
+#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE
+#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t)
+#else
+#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t)
+#endif
+#endif
+
+#ifdef GETSERVBYNAME_PROTO_COMPATIBLE
+#define roken_getservbyname(x,y) getservbyname(x,y)
+#else
+#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y)
+#endif
+
+#ifdef OPENLOG_PROTO_COMPATIBLE
+#define roken_openlog(a,b,c) openlog(a,b,c)
+#else
+#define roken_openlog(a,b,c) openlog((char *)a,b,c)
+#endif
+
+#ifdef GETSOCKNAME_PROTO_COMPATIBLE
+#define roken_getsockname(a,b,c) getsockname(a,b,c)
+#else
+#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c)
+#endif
+
+#ifndef HAVE_SETPROGNAME
+void ROKEN_LIB_FUNCTION setprogname(const char *);
+#endif
+
+#ifndef HAVE_GETPROGNAME
+const char * ROKEN_LIB_FUNCTION getprogname(void);
+#endif
+
+#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME
+extern const char *__progname;
+#endif
+
+void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*);
+void ROKEN_LIB_FUNCTION mini_inetd (int);
+
+#ifndef HAVE_LOCALTIME_R
+struct tm * ROKEN_LIB_FUNCTION
+localtime_r(const time_t *, struct tm *);
+#endif
+
+#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO)
+int ROKEN_LIB_FUNCTION
+strsvis(char *, const char *, int, const char *);
+#endif
+
+#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO)
+int ROKEN_LIB_FUNCTION
+strunvis(char *, const char *);
+#endif
+
+#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO)
+int ROKEN_LIB_FUNCTION
+strvis(char *, const char *, int);
+#endif
+
+#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO)
+int ROKEN_LIB_FUNCTION
+strvisx(char *, const char *, size_t, int);
+#endif
+
+#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO)
+char * ROKEN_LIB_FUNCTION
+svis(char *, int, int, int, const char *);
+#endif
+
+#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO)
+int ROKEN_LIB_FUNCTION
+unvis(char *, int, int *, int);
+#endif
+
+#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO)
+char * ROKEN_LIB_FUNCTION
+vis(char *, int, int, int);
+#endif
+
+#if !defined(HAVE_CLOSEFROM) && !defined(__MidnightBSD_version)
+int ROKEN_LIB_FUNCTION
+closefrom(int);
+#endif
+
+#if !defined(HAVE_TIMEGM)
+#define timegm rk_timegm
+time_t ROKEN_LIB_FUNCTION
+rk_timegm(struct tm *tm);
+#endif
+
+#ifdef SOCKET_WRAPPER_REPLACE
+#include <socket_wrapper.h>
+#endif
+
+ROKEN_CPP_END
Added: vendor-crypto/heimdal/dist/lib/roken/roken_gethostby.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/roken_gethostby.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/roken_gethostby.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,274 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: roken_gethostby.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#undef roken_gethostbyname
+#undef roken_gethostbyaddr
+
+static struct sockaddr_in dns_addr;
+static char *dns_req;
+
+static int
+make_address(const char *address, struct in_addr *ip)
+{
+ if(inet_aton(address, ip) == 0){
+ /* try to resolve as hostname, it might work if the address we
+ are trying to lookup is local, for instance a web proxy */
+ struct hostent *he = gethostbyname(address);
+ if(he) {
+ unsigned char *p = (unsigned char*)he->h_addr;
+ ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+ } else {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static int
+setup_int(const char *proxy_host, short proxy_port,
+ const char *dns_host, short dns_port,
+ const char *dns_path)
+{
+ memset(&dns_addr, 0, sizeof(dns_addr));
+ if(dns_req)
+ free(dns_req);
+ if(proxy_host) {
+ if(make_address(proxy_host, &dns_addr.sin_addr) != 0)
+ return -1;
+ dns_addr.sin_port = htons(proxy_port);
+ asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path);
+ } else {
+ if(make_address(dns_host, &dns_addr.sin_addr) != 0)
+ return -1;
+ dns_addr.sin_port = htons(dns_port);
+ asprintf(&dns_req, "%s", dns_path);
+ }
+ dns_addr.sin_family = AF_INET;
+ return 0;
+}
+
+static void
+split_spec(const char *spec, char **host, int *port, char **path, int def_port)
+{
+ char *p;
+ *host = strdup(spec);
+ p = strchr(*host, ':');
+ if(p) {
+ *p++ = '\0';
+ if(sscanf(p, "%d", port) != 1)
+ *port = def_port;
+ } else
+ *port = def_port;
+ p = strchr(p ? p : *host, '/');
+ if(p) {
+ if(path)
+ *path = strdup(p);
+ *p = '\0';
+ }else
+ if(path)
+ *path = NULL;
+}
+
+
+int ROKEN_LIB_FUNCTION
+roken_gethostby_setup(const char *proxy_spec, const char *dns_spec)
+{
+ char *proxy_host = NULL;
+ int proxy_port = 0;
+ char *dns_host, *dns_path;
+ int dns_port;
+
+ int ret = -1;
+
+ split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80);
+ if(dns_path == NULL)
+ goto out;
+ if(proxy_spec)
+ split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80);
+ ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path);
+out:
+ free(proxy_host);
+ free(dns_host);
+ free(dns_path);
+ return ret;
+}
+
+
+/* Try to lookup a name or an ip-address using http as transport
+ mechanism. See the end of this file for an example program. */
+static struct hostent*
+roken_gethostby(const char *hostname)
+{
+ int s;
+ struct sockaddr_in addr;
+ char *request;
+ char buf[1024];
+ int offset = 0;
+ int n;
+ char *p, *foo;
+
+ if(dns_addr.sin_family == 0)
+ return NULL; /* no configured host */
+ addr = dns_addr;
+ asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname);
+ if(request == NULL)
+ return NULL;
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if(s < 0) {
+ free(request);
+ return NULL;
+ }
+ if(connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
+ close(s);
+ free(request);
+ return NULL;
+ }
+ if(write(s, request, strlen(request)) != strlen(request)) {
+ close(s);
+ free(request);
+ return NULL;
+ }
+ free(request);
+ while(1) {
+ n = read(s, buf + offset, sizeof(buf) - offset);
+ if(n <= 0)
+ break;
+ offset += n;
+ }
+ buf[offset] = '\0';
+ close(s);
+ p = strstr(buf, "\r\n\r\n"); /* find end of header */
+ if(p) p += 4;
+ else return NULL;
+ foo = NULL;
+ p = strtok_r(p, " \t\r\n", &foo);
+ if(p == NULL)
+ return NULL;
+ {
+ /* make a hostent to return */
+#define MAX_ADDRS 16
+ static struct hostent he;
+ static char addrs[4 * MAX_ADDRS];
+ static char *addr_list[MAX_ADDRS + 1];
+ int num_addrs = 0;
+
+ he.h_name = p;
+ he.h_aliases = NULL;
+ he.h_addrtype = AF_INET;
+ he.h_length = 4;
+
+ while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) {
+ struct in_addr ip;
+ inet_aton(p, &ip);
+ ip.s_addr = ntohl(ip.s_addr);
+ addr_list[num_addrs] = &addrs[num_addrs * 4];
+ addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff;
+ addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff;
+ addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff;
+ addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff;
+ addr_list[++num_addrs] = NULL;
+ }
+ he.h_addr_list = addr_list;
+ return &he;
+ }
+}
+
+struct hostent*
+roken_gethostbyname(const char *hostname)
+{
+ struct hostent *he;
+ he = gethostbyname(hostname);
+ if(he)
+ return he;
+ return roken_gethostby(hostname);
+}
+
+struct hostent* ROKEN_LIB_FUNCTION
+roken_gethostbyaddr(const void *addr, size_t len, int type)
+{
+ struct in_addr a;
+ const char *p;
+ struct hostent *he;
+ he = gethostbyaddr(addr, len, type);
+ if(he)
+ return he;
+ if(type != AF_INET || len != 4)
+ return NULL;
+ p = addr;
+ a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+ return roken_gethostby(inet_ntoa(a));
+}
+
+#if 0
+
+/* this program can be used as a cgi `script' to lookup names and
+ ip-addresses */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <netdb.h>
+#include <sys/param.h>
+
+int
+main(int argc, char **argv)
+{
+ char *query = getenv("QUERY_STRING");
+ char host[MAXHOSTNAMELEN];
+ int i;
+ struct hostent *he;
+
+ printf("Content-type: text/plain\n\n");
+ if(query == NULL)
+ exit(0);
+ he = gethostbyname(query);
+ strncpy(host, he->h_name, sizeof(host));
+ host[sizeof(host) - 1] = '\0';
+ he = gethostbyaddr(he->h_addr, he->h_length, AF_INET);
+ printf("%s\n", he->h_name);
+ for(i = 0; he->h_addr_list[i]; i++) {
+ struct in_addr ip;
+ unsigned char *p = (unsigned char*)he->h_addr_list[i];
+ ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
+ printf("%s\n", inet_ntoa(ip));
+ }
+ exit(0);
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/rtbl.3
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/rtbl.3 (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/rtbl.3 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,201 @@
+.\" Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" $Id: rtbl.3,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $
+.\"
+.Dd June 26, 2004
+.Dt RTBL 3
+.Os HEIMDAL
+.Sh NAME
+.Nm rtbl_create ,
+.Nm rtbl_destroy ,
+.Nm rtbl_set_flags ,
+.Nm rtbl_get_flags ,
+.Nm rtbl_set_prefix ,
+.Nm rtbl_set_separator ,
+.Nm rtbl_set_column_prefix ,
+.Nm rtbl_set_column_affix_by_id ,
+.Nm rtbl_add_column ,
+.Nm rtbl_add_column_by_id ,
+.Nm rtbl_add_column_entry ,
+.Nm rtbl_add_column_entry_by_id ,
+.Nm rtbl_new_row ,
+.Nm rtbl_format
+.Nd format data in simple tables
+.Sh LIBRARY
+The roken library (libroken, -lroken)
+.Sh SYNOPSIS
+.In rtbl.h
+.Ft int
+.Fn rtbl_add_column "rtbl_t table" "const char *column_name" "unsigned int flags"
+.Ft int
+.Fn rtbl_add_column_by_id "rtbl_t table" "unsigned int column_id" "const char *column_header" "unsigned int flags"
+.Ft int
+.Fn rtbl_add_column_entry "rtbl_t table" "const char *column_name" "const char *cell_entry"
+.Ft int
+.Fn rtbl_add_column_entry_by_id "rtbl_t table" "unsigned int column_id" "const char *cell_entry"
+.Ft rtbl_t
+.Fn rtbl_create "void"
+.Ft void
+.Fn rtbl_destroy "rtbl_t table"
+.Ft int
+.Fn rtbl_new_row "rtbl_t table"
+.Ft int
+.Fn rtbl_set_column_affix_by_id "rtbl_t table" "unsigned int column_id "const char *prefix" "const char *suffix"
+.Ft int
+.Fn rtbl_set_column_prefix "rtbl_t table" "const char *column_name" "const char *prefix"
+.Ft "unsigned int"
+.Fn rtbl_get_flags "rtbl_t table"
+.Ft void
+.Fn rtbl_set_flags "rtbl_t table" "unsigned int flags"
+.Ft int
+.Fn rtbl_set_prefix "rtbl_t table" "const char *prefix"
+.Ft int
+.Fn rtbl_set_separator "rtbl_t table" "const char *separator"
+.Ft int
+.Fn rtbl_format "rtbl_t table "FILE *file"
+.Sh DESCRIPTION
+This set of functions assemble a simple table consisting of rows and
+columns, allowing it to be printed with certain options. Typical use
+would be output from tools such as
+.Xr ls 1
+or
+.Xr netstat 1 ,
+where you have a fixed number of columns, but don't know the column
+widthds before hand.
+.Pp
+A table is created with
+.Fn rtbl_create
+and destroyed with
+.Fn rtbl_destroy .
+.Pp
+Global flags on the table are set with
+.Fa rtbl_set_flags
+and retrieved with
+.Fa rtbl_get_flags .
+At present the only defined flag is
+.Dv RTBL_HEADER_STYLE_NONE
+which suppresses printing the header.
+.Pp
+Before adding data to the table, one or more columns need to be
+created. This would normally be done with
+.Fn rtbl_add_column_by_id ,
+.Fa column_id
+is any number of your choice (it's used only to identify columns),
+.Fa column_header
+is the header to print at the top of the column, and
+.Fa flags
+are flags specific to this column. Currently the only defined flag is
+.Dv RTBL_ALIGN_RIGHT ,
+aligning column entries to the right. Columns are printed in the order
+they are added.
+.Pp
+There's also a way to add columns by column name with
+.Fn rtbl_add_column ,
+but this is less flexible (you need unique header names), and is
+considered deprecated.
+.Pp
+To add data to a column you use
+.Fn rtbl_add_column_entry_by_id ,
+where the
+.Fa column_id
+is the same as when the column was added (adding data to a
+non-existent column is undefined), and
+.Fa cell_entry
+is whatever string you wish to include in that cell. It should not
+include newlines.
+For columns added with
+.Fn rtbl_add_column
+you must use
+.Fn rtbl_add_column_entry
+instead.
+.Pp
+.Fn rtbl_new_row
+fills all columns with blank entries until they all have the same
+number of rows.
+.Pp
+Each column can have a separate prefix and suffix, set with
+.Fa rtbl_set_column_affix_by_id ;
+.Fa rtbl_set_column_prefix
+allows setting the prefix only by column name. In addition to this,
+columns may be separated by a string set with
+.Fa rtbl_set_separator ( Ns
+by default columns are not seprated by anything).
+.Pp
+The finished table is printed to
+.Fa file
+with
+.Fa rtbl_format .
+.Sh EXAMPLES
+This program:
+.Bd -literal -offset xxxx
+#include <stdio.h>
+#include <rtbl.h>
+int
+main(int argc, char **argv)
+{
+ rtbl_t table;
+ table = rtbl_create();
+ rtbl_set_separator(table, " ");
+ rtbl_add_column_by_id(table, 0, "Column A", 0);
+ rtbl_add_column_by_id(table, 1, "Column B", RTBL_ALIGN_RIGHT);
+ rtbl_add_column_by_id(table, 2, "Column C", 0);
+ rtbl_add_column_entry_by_id(table, 0, "A-1");
+ rtbl_add_column_entry_by_id(table, 0, "A-2");
+ rtbl_add_column_entry_by_id(table, 0, "A-3");
+ rtbl_add_column_entry_by_id(table, 1, "B-1");
+ rtbl_add_column_entry_by_id(table, 2, "C-1");
+ rtbl_add_column_entry_by_id(table, 2, "C-2");
+ rtbl_add_column_entry_by_id(table, 1, "B-2");
+ rtbl_add_column_entry_by_id(table, 1, "B-3");
+ rtbl_add_column_entry_by_id(table, 2, "C-3");
+ rtbl_add_column_entry_by_id(table, 0, "A-4");
+ rtbl_new_row(table);
+ rtbl_add_column_entry_by_id(table, 1, "B-4");
+ rtbl_new_row(table);
+ rtbl_add_column_entry_by_id(table, 2, "C-4");
+ rtbl_new_row(table);
+ rtbl_format(table, stdout);
+ rtbl_destroy(table);
+ return 0;
+}
+.Ed
+.Pp
+will output the following:
+.Bd -literal -offset xxxx
+Column A Column B Column C
+A-1 B-1 C-1
+A-2 B-2 C-2
+A-3 B-3 C-3
+A-4
+ B-4
+ C-4
+.Ed
+.\" .Sh SEE ALSO
Added: vendor-crypto/heimdal/dist/lib/roken/rtbl.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/rtbl.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/rtbl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,489 @@
+/*
+ * Copyright (c) 2000, 2002, 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID ("$Id: rtbl.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include "roken.h"
+#include "rtbl.h"
+
+struct column_entry {
+ char *data;
+};
+
+struct column_data {
+ char *header;
+ char *prefix;
+ int width;
+ unsigned flags;
+ size_t num_rows;
+ struct column_entry *rows;
+ unsigned int column_id;
+ char *suffix;
+};
+
+struct rtbl_data {
+ char *column_prefix;
+ size_t num_columns;
+ struct column_data **columns;
+ unsigned int flags;
+ char *column_separator;
+};
+
+rtbl_t ROKEN_LIB_FUNCTION
+rtbl_create (void)
+{
+ return calloc (1, sizeof (struct rtbl_data));
+}
+
+void ROKEN_LIB_FUNCTION
+rtbl_set_flags (rtbl_t table, unsigned int flags)
+{
+ table->flags = flags;
+}
+
+unsigned int ROKEN_LIB_FUNCTION
+rtbl_get_flags (rtbl_t table)
+{
+ return table->flags;
+}
+
+static struct column_data *
+rtbl_get_column_by_id (rtbl_t table, unsigned int id)
+{
+ int i;
+ for(i = 0; i < table->num_columns; i++)
+ if(table->columns[i]->column_id == id)
+ return table->columns[i];
+ return NULL;
+}
+
+static struct column_data *
+rtbl_get_column (rtbl_t table, const char *column)
+{
+ int i;
+ for(i = 0; i < table->num_columns; i++)
+ if(strcmp(table->columns[i]->header, column) == 0)
+ return table->columns[i];
+ return NULL;
+}
+
+void ROKEN_LIB_FUNCTION
+rtbl_destroy (rtbl_t table)
+{
+ int i, j;
+
+ for (i = 0; i < table->num_columns; i++) {
+ struct column_data *c = table->columns[i];
+
+ for (j = 0; j < c->num_rows; j++)
+ free (c->rows[j].data);
+ free (c->rows);
+ free (c->header);
+ free (c->prefix);
+ free (c->suffix);
+ free (c);
+ }
+ free (table->column_prefix);
+ free (table->column_separator);
+ free (table->columns);
+ free (table);
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_by_id (rtbl_t table, unsigned int id,
+ const char *header, unsigned int flags)
+{
+ struct column_data *col, **tmp;
+
+ tmp = realloc (table->columns, (table->num_columns + 1) * sizeof (*tmp));
+ if (tmp == NULL)
+ return ENOMEM;
+ table->columns = tmp;
+ col = malloc (sizeof (*col));
+ if (col == NULL)
+ return ENOMEM;
+ col->header = strdup (header);
+ if (col->header == NULL) {
+ free (col);
+ return ENOMEM;
+ }
+ col->prefix = NULL;
+ col->width = 0;
+ col->flags = flags;
+ col->num_rows = 0;
+ col->rows = NULL;
+ col->column_id = id;
+ col->suffix = NULL;
+ table->columns[table->num_columns++] = col;
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column (rtbl_t table, const char *header, unsigned int flags)
+{
+ return rtbl_add_column_by_id(table, 0, header, flags);
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_new_row(rtbl_t table)
+{
+ size_t max_rows = 0;
+ size_t c;
+ for (c = 0; c < table->num_columns; c++)
+ if(table->columns[c]->num_rows > max_rows)
+ max_rows = table->columns[c]->num_rows;
+ for (c = 0; c < table->num_columns; c++) {
+ struct column_entry *tmp;
+
+ if(table->columns[c]->num_rows == max_rows)
+ continue;
+ tmp = realloc(table->columns[c]->rows,
+ max_rows * sizeof(table->columns[c]->rows));
+ if(tmp == NULL)
+ return ENOMEM;
+ table->columns[c]->rows = tmp;
+ while(table->columns[c]->num_rows < max_rows) {
+ if((tmp[table->columns[c]->num_rows++].data = strdup("")) == NULL)
+ return ENOMEM;
+ }
+ }
+ return 0;
+}
+
+static void
+column_compute_width (rtbl_t table, struct column_data *column)
+{
+ int i;
+
+ if(table->flags & RTBL_HEADER_STYLE_NONE)
+ column->width = 0;
+ else
+ column->width = strlen (column->header);
+ for (i = 0; i < column->num_rows; i++)
+ column->width = max (column->width, strlen (column->rows[i].data));
+}
+
+/* DEPRECATED */
+int ROKEN_LIB_FUNCTION
+rtbl_set_prefix (rtbl_t table, const char *prefix)
+{
+ if (table->column_prefix)
+ free (table->column_prefix);
+ table->column_prefix = strdup (prefix);
+ if (table->column_prefix == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_separator (rtbl_t table, const char *separator)
+{
+ if (table->column_separator)
+ free (table->column_separator);
+ table->column_separator = strdup (separator);
+ if (table->column_separator == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_column_prefix (rtbl_t table, const char *column,
+ const char *prefix)
+{
+ struct column_data *c = rtbl_get_column (table, column);
+
+ if (c == NULL)
+ return -1;
+ if (c->prefix)
+ free (c->prefix);
+ c->prefix = strdup (prefix);
+ if (c->prefix == NULL)
+ return ENOMEM;
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id,
+ const char *prefix, const char *suffix)
+{
+ struct column_data *c = rtbl_get_column_by_id (table, id);
+
+ if (c == NULL)
+ return -1;
+ if (c->prefix)
+ free (c->prefix);
+ if(prefix == NULL)
+ c->prefix = NULL;
+ else {
+ c->prefix = strdup (prefix);
+ if (c->prefix == NULL)
+ return ENOMEM;
+ }
+
+ if (c->suffix)
+ free (c->suffix);
+ if(suffix == NULL)
+ c->suffix = NULL;
+ else {
+ c->suffix = strdup (suffix);
+ if (c->suffix == NULL)
+ return ENOMEM;
+ }
+ return 0;
+}
+
+
+static const char *
+get_column_prefix (rtbl_t table, struct column_data *c)
+{
+ if (c == NULL)
+ return "";
+ if (c->prefix)
+ return c->prefix;
+ if (table->column_prefix)
+ return table->column_prefix;
+ return "";
+}
+
+static const char *
+get_column_suffix (rtbl_t table, struct column_data *c)
+{
+ if (c && c->suffix)
+ return c->suffix;
+ return "";
+}
+
+static int
+add_column_entry (struct column_data *c, const char *data)
+{
+ struct column_entry row, *tmp;
+
+ row.data = strdup (data);
+ if (row.data == NULL)
+ return ENOMEM;
+ tmp = realloc (c->rows, (c->num_rows + 1) * sizeof (*tmp));
+ if (tmp == NULL) {
+ free (row.data);
+ return ENOMEM;
+ }
+ c->rows = tmp;
+ c->rows[c->num_rows++] = row;
+ return 0;
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data)
+{
+ struct column_data *c = rtbl_get_column_by_id (table, id);
+
+ if (c == NULL)
+ return -1;
+
+ return add_column_entry(c, data);
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
+ const char *fmt, ...)
+{
+ va_list ap;
+ char *str;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = vasprintf(&str, fmt, ap);
+ va_end(ap);
+ if (ret == -1)
+ return -1;
+ ret = rtbl_add_column_entry_by_id(table, id, str);
+ free(str);
+ return ret;
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entry (rtbl_t table, const char *column, const char *data)
+{
+ struct column_data *c = rtbl_get_column (table, column);
+
+ if (c == NULL)
+ return -1;
+
+ return add_column_entry(c, data);
+}
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...)
+{
+ va_list ap;
+ char *str;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = vasprintf(&str, fmt, ap);
+ va_end(ap);
+ if (ret == -1)
+ return -1;
+ ret = rtbl_add_column_entry(table, column, str);
+ free(str);
+ return ret;
+}
+
+
+int ROKEN_LIB_FUNCTION
+rtbl_format (rtbl_t table, FILE * f)
+{
+ int i, j;
+
+ for (i = 0; i < table->num_columns; i++)
+ column_compute_width (table, table->columns[i]);
+ if((table->flags & RTBL_HEADER_STYLE_NONE) == 0) {
+ for (i = 0; i < table->num_columns; i++) {
+ struct column_data *c = table->columns[i];
+
+ if(table->column_separator != NULL && i > 0)
+ fprintf (f, "%s", table->column_separator);
+ fprintf (f, "%s", get_column_prefix (table, c));
+ if(i == table->num_columns - 1 && c->suffix == NULL)
+ /* last column, so no need to pad with spaces */
+ fprintf (f, "%-*s", 0, c->header);
+ else
+ fprintf (f, "%-*s", (int)c->width, c->header);
+ fprintf (f, "%s", get_column_suffix (table, c));
+ }
+ fprintf (f, "\n");
+ }
+
+ for (j = 0;; j++) {
+ int flag = 0;
+
+ /* are there any more rows left? */
+ for (i = 0; flag == 0 && i < table->num_columns; ++i) {
+ struct column_data *c = table->columns[i];
+
+ if (c->num_rows > j) {
+ ++flag;
+ break;
+ }
+ }
+ if (flag == 0)
+ break;
+
+ for (i = 0; i < table->num_columns; i++) {
+ int w;
+ struct column_data *c = table->columns[i];
+
+ if(table->column_separator != NULL && i > 0)
+ fprintf (f, "%s", table->column_separator);
+
+ w = c->width;
+
+ if ((c->flags & RTBL_ALIGN_RIGHT) == 0) {
+ if(i == table->num_columns - 1 && c->suffix == NULL)
+ /* last column, so no need to pad with spaces */
+ w = 0;
+ else
+ w = -w;
+ }
+ fprintf (f, "%s", get_column_prefix (table, c));
+ if (c->num_rows <= j)
+ fprintf (f, "%*s", w, "");
+ else
+ fprintf (f, "%*s", w, c->rows[j].data);
+ fprintf (f, "%s", get_column_suffix (table, c));
+ }
+ fprintf (f, "\n");
+ }
+ return 0;
+}
+
+#ifdef TEST
+int
+main (int argc, char **argv)
+{
+ rtbl_t table;
+
+ table = rtbl_create ();
+ rtbl_add_column_by_id (table, 0, "Issued", 0);
+ rtbl_add_column_by_id (table, 1, "Expires", 0);
+ rtbl_add_column_by_id (table, 2, "Foo", RTBL_ALIGN_RIGHT);
+ rtbl_add_column_by_id (table, 3, "Principal", 0);
+
+ rtbl_add_column_entry_by_id (table, 0, "Jul 7 21:19:29");
+ rtbl_add_column_entry_by_id (table, 1, "Jul 8 07:19:29");
+ rtbl_add_column_entry_by_id (table, 2, "73");
+ rtbl_add_column_entry_by_id (table, 2, "0");
+ rtbl_add_column_entry_by_id (table, 2, "-2000");
+ rtbl_add_column_entry_by_id (table, 3, "krbtgt/NADA.KTH.SE at NADA.KTH.SE");
+
+ rtbl_add_column_entry_by_id (table, 0, "Jul 7 21:19:29");
+ rtbl_add_column_entry_by_id (table, 1, "Jul 8 07:19:29");
+ rtbl_add_column_entry_by_id (table, 3, "afs/pdc.kth.se at NADA.KTH.SE");
+
+ rtbl_add_column_entry_by_id (table, 0, "Jul 7 21:19:29");
+ rtbl_add_column_entry_by_id (table, 1, "Jul 8 07:19:29");
+ rtbl_add_column_entry_by_id (table, 3, "afs at NADA.KTH.SE");
+
+ rtbl_set_separator (table, " ");
+
+ rtbl_format (table, stdout);
+
+ rtbl_destroy (table);
+
+ printf("\n");
+
+ table = rtbl_create ();
+ rtbl_add_column_by_id (table, 0, "Column A", 0);
+ rtbl_set_column_affix_by_id (table, 0, "<", ">");
+ rtbl_add_column_by_id (table, 1, "Column B", 0);
+ rtbl_set_column_affix_by_id (table, 1, "[", "]");
+ rtbl_add_column_by_id (table, 2, "Column C", 0);
+ rtbl_set_column_affix_by_id (table, 2, "(", ")");
+
+ rtbl_add_column_entry_by_id (table, 0, "1");
+ rtbl_new_row(table);
+ rtbl_add_column_entry_by_id (table, 1, "2");
+ rtbl_new_row(table);
+ rtbl_add_column_entry_by_id (table, 2, "3");
+ rtbl_new_row(table);
+
+ rtbl_set_separator (table, " ");
+ rtbl_format (table, stdout);
+
+ rtbl_destroy (table);
+
+ return 0;
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/rtbl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/rtbl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/rtbl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2000,2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: rtbl.h,v 1.1.1.2 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __rtbl_h__
+#define __rtbl_h__
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+#if !defined(__GNUC__) && !defined(__attribute__)
+#define __attribute__(x)
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct rtbl_data;
+typedef struct rtbl_data *rtbl_t;
+
+#define RTBL_ALIGN_LEFT 0
+#define RTBL_ALIGN_RIGHT 1
+
+/* flags */
+#define RTBL_HEADER_STYLE_NONE 1
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column (rtbl_t, const char*, unsigned int);
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int);
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id,
+ const char *fmt, ...)
+ __attribute__ ((format (printf, 3, 0)));
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entry (rtbl_t, const char*, const char*);
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...)
+ __attribute__ ((format (printf, 3, 0)));
+
+int ROKEN_LIB_FUNCTION
+rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*);
+
+rtbl_t ROKEN_LIB_FUNCTION
+rtbl_create (void);
+
+void ROKEN_LIB_FUNCTION
+rtbl_destroy (rtbl_t);
+
+int ROKEN_LIB_FUNCTION
+rtbl_format (rtbl_t, FILE*);
+
+unsigned int ROKEN_LIB_FUNCTION
+rtbl_get_flags (rtbl_t);
+
+int ROKEN_LIB_FUNCTION
+rtbl_new_row (rtbl_t);
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*);
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_column_prefix (rtbl_t, const char*, const char*);
+
+void ROKEN_LIB_FUNCTION
+rtbl_set_flags (rtbl_t, unsigned int);
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_prefix (rtbl_t, const char*);
+
+int ROKEN_LIB_FUNCTION
+rtbl_set_separator (rtbl_t, const char*);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __rtbl_h__ */
Added: vendor-crypto/heimdal/dist/lib/roken/sendmsg.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/sendmsg.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/sendmsg.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: sendmsg.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t ROKEN_LIB_FUNCTION
+sendmsg(int s, const struct msghdr *msg, int flags)
+{
+ ssize_t ret;
+ size_t tot = 0;
+ int i;
+ char *buf, *p;
+ struct iovec *iov = msg->msg_iov;
+
+ for(i = 0; i < msg->msg_iovlen; ++i)
+ tot += iov[i].iov_len;
+ buf = malloc(tot);
+ if (tot != 0 && buf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ p = buf;
+ for (i = 0; i < msg->msg_iovlen; ++i) {
+ memcpy (p, iov[i].iov_base, iov[i].iov_len);
+ p += iov[i].iov_len;
+ }
+ ret = sendto (s, buf, tot, flags, msg->msg_name, msg->msg_namelen);
+ free (buf);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/setegid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/setegid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/setegid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setegid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+setegid(gid_t egid)
+{
+#ifdef HAVE_SETREGID
+ return setregid(-1, egid);
+#endif
+
+#ifdef HAVE_SETRESGID
+ return setresgid(-1, egid, -1);
+#endif
+
+ return -1;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/setenv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/setenv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/setenv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setenv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * This is the easy way out, use putenv to implement setenv. We might
+ * leak some memory but that is ok since we are usally about to exec
+ * anyway.
+ */
+
+int ROKEN_LIB_FUNCTION
+setenv(const char *var, const char *val, int rewrite)
+{
+ char *t;
+
+ if (!rewrite && getenv(var) != 0)
+ return 0;
+
+ asprintf (&t, "%s=%s", var, val);
+ if (t == NULL)
+ return -1;
+
+ if (putenv(t) == 0)
+ return 0;
+ else
+ return -1;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/seteuid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/seteuid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/seteuid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: seteuid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+seteuid(uid_t euid)
+{
+#ifdef HAVE_SETREUID
+ return setreuid(-1, euid);
+#endif
+
+#ifdef HAVE_SETRESUID
+ return setresuid(-1, euid, -1);
+#endif
+
+ return -1;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/setprogname.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/setprogname.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/setprogname.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995-2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: setprogname.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+#ifndef HAVE___PROGNAME
+extern const char *__progname;
+#endif
+
+#ifndef HAVE_SETPROGNAME
+void ROKEN_LIB_FUNCTION
+setprogname(const char *argv0)
+{
+#ifndef HAVE___PROGNAME
+ const char *p;
+ if(argv0 == NULL)
+ return;
+ p = strrchr(argv0, '/');
+ if(p == NULL)
+ p = argv0;
+ else
+ p++;
+ __progname = p;
+#endif
+}
+#endif /* HAVE_SETPROGNAME */
Added: vendor-crypto/heimdal/dist/lib/roken/signal.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/signal.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/signal.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: signal.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <signal.h>
+#include "roken.h"
+
+/*
+ * We would like to always use this signal but there is a link error
+ * on NEXTSTEP
+ */
+#if !defined(NeXT) && !defined(__APPLE__)
+/*
+ * Bugs:
+ *
+ * Do we need any extra hacks for SIGCLD and/or SIGCHLD?
+ */
+
+SigAction ROKEN_LIB_FUNCTION
+signal(int iSig, SigAction pAction)
+{
+ struct sigaction saNew, saOld;
+
+ saNew.sa_handler = pAction;
+ sigemptyset(&saNew.sa_mask);
+ saNew.sa_flags = 0;
+
+ if (iSig == SIGALRM)
+ {
+#ifdef SA_INTERRUPT
+ saNew.sa_flags |= SA_INTERRUPT;
+#endif
+ }
+ else
+ {
+#ifdef SA_RESTART
+ saNew.sa_flags |= SA_RESTART;
+#endif
+ }
+
+ if (sigaction(iSig, &saNew, &saOld) < 0)
+ return(SIG_ERR);
+
+ return(saOld.sa_handler);
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/simple_exec.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/simple_exec.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/simple_exec.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,331 @@
+/*
+ * Copyright (c) 1998 - 2001, 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: simple_exec.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <errno.h>
+
+#include "roken.h"
+
+#define EX_NOEXEC 126
+#define EX_NOTFOUND 127
+
+/* return values:
+ -1 on `unspecified' system errors
+ -2 on fork failures
+ -3 on waitpid errors
+ -4 exec timeout
+ 0- is return value from subprocess
+ 126 if the program couldn't be executed
+ 127 if the program couldn't be found
+ 128- is 128 + signal that killed subprocess
+
+ possible values `func' can return:
+ ((time_t)-2) exit loop w/o killing child and return
+ `exec timeout'/-4 from simple_exec
+ ((time_t)-1) kill child with SIGTERM and wait for child to exit
+ 0 don't timeout again
+ n seconds to next timeout
+ */
+
+static int sig_alarm;
+
+static RETSIGTYPE
+sigtimeout(int sig)
+{
+ sig_alarm = 1;
+ SIGRETURN(0);
+}
+
+int ROKEN_LIB_FUNCTION
+wait_for_process_timed(pid_t pid, time_t (*func)(void *),
+ void *ptr, time_t timeout)
+{
+ RETSIGTYPE (*old_func)(int sig) = NULL;
+ unsigned int oldtime = 0;
+ int ret;
+
+ sig_alarm = 0;
+
+ if (func) {
+ old_func = signal(SIGALRM, sigtimeout);
+ oldtime = alarm(timeout);
+ }
+
+ while(1) {
+ int status;
+
+ while(waitpid(pid, &status, 0) < 0) {
+ if (errno != EINTR) {
+ ret = -3;
+ goto out;
+ }
+ if (func == NULL)
+ continue;
+ if (sig_alarm == 0)
+ continue;
+ timeout = (*func)(ptr);
+ if (timeout == (time_t)-1) {
+ kill(pid, SIGTERM);
+ continue;
+ } else if (timeout == (time_t)-2) {
+ ret = -4;
+ goto out;
+ }
+ alarm(timeout);
+ }
+ if(WIFSTOPPED(status))
+ continue;
+ if(WIFEXITED(status)) {
+ ret = WEXITSTATUS(status);
+ break;
+ }
+ if(WIFSIGNALED(status)) {
+ ret = WTERMSIG(status) + 128;
+ break;
+ }
+ }
+ out:
+ if (func) {
+ signal(SIGALRM, old_func);
+ alarm(oldtime);
+ }
+ return ret;
+}
+
+int ROKEN_LIB_FUNCTION
+wait_for_process(pid_t pid)
+{
+ return wait_for_process_timed(pid, NULL, NULL, 0);
+}
+
+int ROKEN_LIB_FUNCTION
+pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd,
+ const char *file, ...)
+{
+ int in_fd[2], out_fd[2], err_fd[2];
+ pid_t pid;
+ va_list ap;
+ char **argv;
+
+ if(stdin_fd != NULL)
+ pipe(in_fd);
+ if(stdout_fd != NULL)
+ pipe(out_fd);
+ if(stderr_fd != NULL)
+ pipe(err_fd);
+ pid = fork();
+ switch(pid) {
+ case 0:
+ va_start(ap, file);
+ argv = vstrcollect(&ap);
+ va_end(ap);
+ if(argv == NULL)
+ exit(-1);
+
+ /* close pipes we're not interested in */
+ if(stdin_fd != NULL)
+ close(in_fd[1]);
+ if(stdout_fd != NULL)
+ close(out_fd[0]);
+ if(stderr_fd != NULL)
+ close(err_fd[0]);
+
+ /* pipe everything caller doesn't care about to /dev/null */
+ if(stdin_fd == NULL)
+ in_fd[0] = open(_PATH_DEVNULL, O_RDONLY);
+ if(stdout_fd == NULL)
+ out_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
+ if(stderr_fd == NULL)
+ err_fd[1] = open(_PATH_DEVNULL, O_WRONLY);
+
+ /* move to proper descriptors */
+ if(in_fd[0] != STDIN_FILENO) {
+ dup2(in_fd[0], STDIN_FILENO);
+ close(in_fd[0]);
+ }
+ if(out_fd[1] != STDOUT_FILENO) {
+ dup2(out_fd[1], STDOUT_FILENO);
+ close(out_fd[1]);
+ }
+ if(err_fd[1] != STDERR_FILENO) {
+ dup2(err_fd[1], STDERR_FILENO);
+ close(err_fd[1]);
+ }
+
+ closefrom(3);
+
+ execv(file, argv);
+ exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
+ case -1:
+ if(stdin_fd != NULL) {
+ close(in_fd[0]);
+ close(in_fd[1]);
+ }
+ if(stdout_fd != NULL) {
+ close(out_fd[0]);
+ close(out_fd[1]);
+ }
+ if(stderr_fd != NULL) {
+ close(err_fd[0]);
+ close(err_fd[1]);
+ }
+ return -2;
+ default:
+ if(stdin_fd != NULL) {
+ close(in_fd[0]);
+ *stdin_fd = fdopen(in_fd[1], "w");
+ }
+ if(stdout_fd != NULL) {
+ close(out_fd[1]);
+ *stdout_fd = fdopen(out_fd[0], "r");
+ }
+ if(stderr_fd != NULL) {
+ close(err_fd[1]);
+ *stderr_fd = fdopen(err_fd[0], "r");
+ }
+ }
+ return pid;
+}
+
+int ROKEN_LIB_FUNCTION
+simple_execvp_timed(const char *file, char *const args[],
+ time_t (*func)(void *), void *ptr, time_t timeout)
+{
+ pid_t pid = fork();
+ switch(pid){
+ case -1:
+ return -2;
+ case 0:
+ execvp(file, args);
+ exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
+ default:
+ return wait_for_process_timed(pid, func, ptr, timeout);
+ }
+}
+
+int ROKEN_LIB_FUNCTION
+simple_execvp(const char *file, char *const args[])
+{
+ return simple_execvp_timed(file, args, NULL, NULL, 0);
+}
+
+/* gee, I'd like a execvpe */
+int ROKEN_LIB_FUNCTION
+simple_execve_timed(const char *file, char *const args[], char *const envp[],
+ time_t (*func)(void *), void *ptr, time_t timeout)
+{
+ pid_t pid = fork();
+ switch(pid){
+ case -1:
+ return -2;
+ case 0:
+ execve(file, args, envp);
+ exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC);
+ default:
+ return wait_for_process_timed(pid, func, ptr, timeout);
+ }
+}
+
+int ROKEN_LIB_FUNCTION
+simple_execve(const char *file, char *const args[], char *const envp[])
+{
+ return simple_execve_timed(file, args, envp, NULL, NULL, 0);
+}
+
+int ROKEN_LIB_FUNCTION
+simple_execlp(const char *file, ...)
+{
+ va_list ap;
+ char **argv;
+ int ret;
+
+ va_start(ap, file);
+ argv = vstrcollect(&ap);
+ va_end(ap);
+ if(argv == NULL)
+ return -1;
+ ret = simple_execvp(file, argv);
+ free(argv);
+ return ret;
+}
+
+int ROKEN_LIB_FUNCTION
+simple_execle(const char *file, ... /* ,char *const envp[] */)
+{
+ va_list ap;
+ char **argv;
+ char *const* envp;
+ int ret;
+
+ va_start(ap, file);
+ argv = vstrcollect(&ap);
+ envp = va_arg(ap, char **);
+ va_end(ap);
+ if(argv == NULL)
+ return -1;
+ ret = simple_execve(file, argv, envp);
+ free(argv);
+ return ret;
+}
+
+int ROKEN_LIB_FUNCTION
+simple_execl(const char *file, ...)
+{
+ va_list ap;
+ char **argv;
+ int ret;
+
+ va_start(ap, file);
+ argv = vstrcollect(&ap);
+ va_end(ap);
+ if(argv == NULL)
+ return -1;
+ ret = simple_execve(file, argv, environ);
+ free(argv);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/snprintf-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/snprintf-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/snprintf-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "snprintf-test.h"
+#include "roken.h"
+#include <limits.h>
+
+RCSID("$Id: snprintf-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static int
+try (const char *format, ...)
+{
+ int ret;
+ va_list ap;
+ char buf1[256], buf2[256];
+
+ va_start (ap, format);
+ ret = vsnprintf (buf1, sizeof(buf1), format, ap);
+ if (ret >= sizeof(buf1))
+ errx (1, "increase buf and try again");
+ va_end (ap);
+ va_start (ap, format);
+ vsprintf (buf2, format, ap);
+ ret = strcmp (buf1, buf2);
+ if (ret)
+ printf ("failed: format = \"%s\", \"%s\" != \"%s\"\n",
+ format, buf1, buf2);
+ va_end (ap);
+ return ret;
+}
+
+static int
+cmp_with_sprintf_int (void)
+{
+ int tot = 0;
+ int int_values[] = {INT_MIN, -17, -1, 0, 1, 17, 4711, 65535, INT_MAX};
+ int i;
+
+ for (i = 0; i < sizeof(int_values) / sizeof(int_values[0]); ++i) {
+ tot += try ("%d", int_values[i]);
+ tot += try ("%x", int_values[i]);
+ tot += try ("%X", int_values[i]);
+ tot += try ("%o", int_values[i]);
+ tot += try ("%#x", int_values[i]);
+ tot += try ("%#X", int_values[i]);
+ tot += try ("%#o", int_values[i]);
+ tot += try ("%10d", int_values[i]);
+ tot += try ("%10x", int_values[i]);
+ tot += try ("%10X", int_values[i]);
+ tot += try ("%10o", int_values[i]);
+ tot += try ("%#10x", int_values[i]);
+ tot += try ("%#10X", int_values[i]);
+ tot += try ("%#10o", int_values[i]);
+ tot += try ("%-10d", int_values[i]);
+ tot += try ("%-10x", int_values[i]);
+ tot += try ("%-10X", int_values[i]);
+ tot += try ("%-10o", int_values[i]);
+ tot += try ("%-#10x", int_values[i]);
+ tot += try ("%-#10X", int_values[i]);
+ tot += try ("%-#10o", int_values[i]);
+ }
+ return tot;
+}
+
+static int
+cmp_with_sprintf_long (void)
+{
+ int tot = 0;
+ long long_values[] = {LONG_MIN, -17, -1, 0, 1, 17, 4711, 65535, LONG_MAX};
+ int i;
+
+ for (i = 0; i < sizeof(long_values) / sizeof(long_values[0]); ++i) {
+ tot += try ("%ld", long_values[i]);
+ tot += try ("%lx", long_values[i]);
+ tot += try ("%lX", long_values[i]);
+ tot += try ("%lo", long_values[i]);
+ tot += try ("%#lx", long_values[i]);
+ tot += try ("%#lX", long_values[i]);
+ tot += try ("%#lo", long_values[i]);
+ tot += try ("%10ld", long_values[i]);
+ tot += try ("%10lx", long_values[i]);
+ tot += try ("%10lX", long_values[i]);
+ tot += try ("%10lo", long_values[i]);
+ tot += try ("%#10lx", long_values[i]);
+ tot += try ("%#10lX", long_values[i]);
+ tot += try ("%#10lo", long_values[i]);
+ tot += try ("%-10ld", long_values[i]);
+ tot += try ("%-10lx", long_values[i]);
+ tot += try ("%-10lX", long_values[i]);
+ tot += try ("%-10lo", long_values[i]);
+ tot += try ("%-#10lx", long_values[i]);
+ tot += try ("%-#10lX", long_values[i]);
+ tot += try ("%-#10lo", long_values[i]);
+ }
+ return tot;
+}
+
+#ifdef HAVE_LONG_LONG
+
+/* XXX doesn't work as expected on lp64 platforms with sizeof(long
+ * long) == sizeof(long) */
+
+static int
+cmp_with_sprintf_long_long (void)
+{
+ int tot = 0;
+ long long long_long_values[] = {
+ ((long long)LONG_MIN) -1, LONG_MIN, -17, -1,
+ 0,
+ 1, 17, 4711, 65535, LONG_MAX, ((long long)LONG_MAX) + 1};
+ int i;
+
+ for (i = 0; i < sizeof(long_long_values) / sizeof(long_long_values[0]); ++i) {
+ tot += try ("%lld", long_long_values[i]);
+ tot += try ("%llx", long_long_values[i]);
+ tot += try ("%llX", long_long_values[i]);
+ tot += try ("%llo", long_long_values[i]);
+ tot += try ("%#llx", long_long_values[i]);
+ tot += try ("%#llX", long_long_values[i]);
+ tot += try ("%#llo", long_long_values[i]);
+ tot += try ("%10lld", long_long_values[i]);
+ tot += try ("%10llx", long_long_values[i]);
+ tot += try ("%10llX", long_long_values[i]);
+ tot += try ("%10llo", long_long_values[i]);
+ tot += try ("%#10llx", long_long_values[i]);
+ tot += try ("%#10llX", long_long_values[i]);
+ tot += try ("%#10llo", long_long_values[i]);
+ tot += try ("%-10lld", long_long_values[i]);
+ tot += try ("%-10llx", long_long_values[i]);
+ tot += try ("%-10llX", long_long_values[i]);
+ tot += try ("%-10llo", long_long_values[i]);
+ tot += try ("%-#10llx", long_long_values[i]);
+ tot += try ("%-#10llX", long_long_values[i]);
+ tot += try ("%-#10llo", long_long_values[i]);
+ }
+ return tot;
+}
+
+#endif
+
+#if 0
+static int
+cmp_with_sprintf_float (void)
+{
+ int tot = 0;
+ double double_values[] = {-99999, -999, -17.4, -4.3, -3.0, -1.5, -1,
+ 0, 0.1, 0.2342374852, 0.2340007,
+ 3.1415926, 14.7845, 34.24758, 9999, 9999999};
+ int i;
+
+ for (i = 0; i < sizeof(double_values) / sizeof(double_values[0]); ++i) {
+ tot += try ("%f", double_values[i]);
+ tot += try ("%10f", double_values[i]);
+ tot += try ("%.2f", double_values[i]);
+ tot += try ("%7.0f", double_values[i]);
+ tot += try ("%5.2f", double_values[i]);
+ tot += try ("%0f", double_values[i]);
+ tot += try ("%#f", double_values[i]);
+ tot += try ("%e", double_values[i]);
+ tot += try ("%10e", double_values[i]);
+ tot += try ("%.2e", double_values[i]);
+ tot += try ("%7.0e", double_values[i]);
+ tot += try ("%5.2e", double_values[i]);
+ tot += try ("%0e", double_values[i]);
+ tot += try ("%#e", double_values[i]);
+ tot += try ("%E", double_values[i]);
+ tot += try ("%10E", double_values[i]);
+ tot += try ("%.2E", double_values[i]);
+ tot += try ("%7.0E", double_values[i]);
+ tot += try ("%5.2E", double_values[i]);
+ tot += try ("%0E", double_values[i]);
+ tot += try ("%#E", double_values[i]);
+ tot += try ("%g", double_values[i]);
+ tot += try ("%10g", double_values[i]);
+ tot += try ("%.2g", double_values[i]);
+ tot += try ("%7.0g", double_values[i]);
+ tot += try ("%5.2g", double_values[i]);
+ tot += try ("%0g", double_values[i]);
+ tot += try ("%#g", double_values[i]);
+ tot += try ("%G", double_values[i]);
+ tot += try ("%10G", double_values[i]);
+ tot += try ("%.2G", double_values[i]);
+ tot += try ("%7.0G", double_values[i]);
+ tot += try ("%5.2G", double_values[i]);
+ tot += try ("%0G", double_values[i]);
+ tot += try ("%#G", double_values[i]);
+ }
+ return tot;
+}
+#endif
+
+static int
+test_null (void)
+{
+ return snprintf (NULL, 0, "foo") != 3;
+}
+
+static int
+test_sizet (void)
+{
+ int tot = 0;
+ size_t sizet_values[] = { 0, 1, 2, 200, 4294967295u }; /* SIZE_MAX */
+ char *result[] = { "0", "1", "2", "200", "4294967295" };
+ int i;
+
+ for (i = 0; i < sizeof(sizet_values) / sizeof(sizet_values[0]); ++i) {
+#if 0
+ tot += try("%zu", sizet_values[i]);
+ tot += try("%zx", sizet_values[i]);
+ tot += try("%zX", sizet_values[i]);
+#else
+ char buf[256];
+ snprintf(buf, sizeof(buf), "%zu", sizet_values[i]);
+ if (strcmp(buf, result[i]) != 0) {
+ printf("%s != %s", buf, result[i]);
+ tot++;
+ }
+#endif
+ }
+ return tot;
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int ret = 0;
+
+ ret += cmp_with_sprintf_int ();
+ ret += cmp_with_sprintf_long ();
+#ifdef HAVE_LONG_LONG
+ ret += cmp_with_sprintf_long_long ();
+#endif
+ ret += test_null ();
+ ret += test_sizet ();
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/snprintf-test.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/snprintf-test.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/snprintf-test.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: snprintf-test.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __SNPRINTF_TEST_H__
+#define __SNPRINTF_TEST_H__
+
+/*
+ * we cannot use the real names of the functions when testing, since
+ * they might have different prototypes as the system functions, hence
+ * these evil hacks
+ */
+
+#define snprintf test_snprintf
+#define asprintf test_asprintf
+#define asnprintf test_asnprintf
+#define vasprintf test_vasprintf
+#define vasnprintf test_vasnprintf
+#define vsnprintf test_vsnprintf
+
+#endif /* __SNPRINTF_TEST_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/snprintf.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/snprintf.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/snprintf.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,702 @@
+/*
+ * Copyright (c) 1995-2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: snprintf.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#if defined(TEST_SNPRINTF)
+#include "snprintf-test.h"
+#endif /* TEST_SNPRINTF */
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include "roken.h"
+#include <assert.h>
+
+enum format_flags {
+ minus_flag = 1,
+ plus_flag = 2,
+ space_flag = 4,
+ alternate_flag = 8,
+ zero_flag = 16
+};
+
+/*
+ * Common state
+ */
+
+struct snprintf_state {
+ unsigned char *str;
+ unsigned char *s;
+ unsigned char *theend;
+ size_t sz;
+ size_t max_sz;
+ void (*append_char)(struct snprintf_state *, unsigned char);
+ /* XXX - methods */
+};
+
+#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
+static int
+sn_reserve (struct snprintf_state *state, size_t n)
+{
+ return state->s + n > state->theend;
+}
+
+static void
+sn_append_char (struct snprintf_state *state, unsigned char c)
+{
+ if (!sn_reserve (state, 1))
+ *state->s++ = c;
+}
+#endif
+
+static int
+as_reserve (struct snprintf_state *state, size_t n)
+{
+ if (state->s + n > state->theend) {
+ int off = state->s - state->str;
+ unsigned char *tmp;
+
+ if (state->max_sz && state->sz >= state->max_sz)
+ return 1;
+
+ state->sz = max(state->sz * 2, state->sz + n);
+ if (state->max_sz)
+ state->sz = min(state->sz, state->max_sz);
+ tmp = realloc (state->str, state->sz);
+ if (tmp == NULL)
+ return 1;
+ state->str = tmp;
+ state->s = state->str + off;
+ state->theend = state->str + state->sz - 1;
+ }
+ return 0;
+}
+
+static void
+as_append_char (struct snprintf_state *state, unsigned char c)
+{
+ if(!as_reserve (state, 1))
+ *state->s++ = c;
+}
+
+/* longest integer types */
+
+#ifdef HAVE_LONG_LONG
+typedef unsigned long long u_longest;
+typedef long long longest;
+#else
+typedef unsigned long u_longest;
+typedef long longest;
+#endif
+
+
+
+static int
+pad(struct snprintf_state *state, int width, char c)
+{
+ int len = 0;
+ while(width-- > 0){
+ (*state->append_char)(state, c);
+ ++len;
+ }
+ return len;
+}
+
+/* return true if we should use alternatve hex form */
+static int
+use_alternative (int flags, u_longest num, unsigned base)
+{
+ return (flags & alternate_flag) && base == 16 && num != 0;
+}
+
+static int
+append_number(struct snprintf_state *state,
+ u_longest num, unsigned base, const char *rep,
+ int width, int prec, int flags, int minusp)
+{
+ int len = 0;
+ u_longest n = num;
+ char nstr[64]; /* enough for <192 bit octal integers */
+ int nstart, nlen;
+ char signchar;
+
+ /* given precision, ignore zero flag */
+ if(prec != -1)
+ flags &= ~zero_flag;
+ else
+ prec = 1;
+
+ /* format number as string */
+ nstart = sizeof(nstr);
+ nlen = 0;
+ nstr[--nstart] = '\0';
+ do {
+ assert(nstart > 0);
+ nstr[--nstart] = rep[n % base];
+ ++nlen;
+ n /= base;
+ } while(n);
+
+ /* zero value with zero precision should produce no digits */
+ if(prec == 0 && num == 0) {
+ nlen--;
+ nstart++;
+ }
+
+ /* figure out what char to use for sign */
+ if(minusp)
+ signchar = '-';
+ else if((flags & plus_flag))
+ signchar = '+';
+ else if((flags & space_flag))
+ signchar = ' ';
+ else
+ signchar = '\0';
+
+ if((flags & alternate_flag) && base == 8) {
+ /* if necessary, increase the precision to
+ make first digit a zero */
+
+ /* XXX C99 claims (regarding # and %o) that "if the value and
+ precision are both 0, a single 0 is printed", but there is
+ no such wording for %x. This would mean that %#.o would
+ output "0", but %#.x "". This does not make sense, and is
+ also not what other printf implementations are doing. */
+
+ if(prec <= nlen && nstr[nstart] != '0' && nstr[nstart] != '\0')
+ prec = nlen + 1;
+ }
+
+ /* possible formats:
+ pad | sign | alt | zero | digits
+ sign | alt | zero | digits | pad minus_flag
+ sign | alt | zero | digits zero_flag */
+
+ /* if not right justifying or padding with zeros, we need to
+ compute the length of the rest of the string, and then pad with
+ spaces */
+ if(!(flags & (minus_flag | zero_flag))) {
+ if(prec > nlen)
+ width -= prec;
+ else
+ width -= nlen;
+
+ if(use_alternative(flags, num, base))
+ width -= 2;
+
+ if(signchar != '\0')
+ width--;
+
+ /* pad to width */
+ len += pad(state, width, ' ');
+ }
+ if(signchar != '\0') {
+ (*state->append_char)(state, signchar);
+ ++len;
+ }
+ if(use_alternative(flags, num, base)) {
+ (*state->append_char)(state, '0');
+ (*state->append_char)(state, rep[10] + 23); /* XXX */
+ len += 2;
+ }
+ if(flags & zero_flag) {
+ /* pad to width with zeros */
+ if(prec - nlen > width - len - nlen)
+ len += pad(state, prec - nlen, '0');
+ else
+ len += pad(state, width - len - nlen, '0');
+ } else
+ /* pad to prec with zeros */
+ len += pad(state, prec - nlen, '0');
+
+ while(nstr[nstart] != '\0') {
+ (*state->append_char)(state, nstr[nstart++]);
+ ++len;
+ }
+
+ if(flags & minus_flag)
+ len += pad(state, width - len, ' ');
+
+ return len;
+}
+
+/*
+ * return length
+ */
+
+static int
+append_string (struct snprintf_state *state,
+ const unsigned char *arg,
+ int width,
+ int prec,
+ int flags)
+{
+ int len = 0;
+
+ if(arg == NULL)
+ arg = (const unsigned char*)"(null)";
+
+ if(prec != -1)
+ width -= prec;
+ else
+ width -= strlen((const char *)arg);
+ if(!(flags & minus_flag))
+ len += pad(state, width, ' ');
+
+ if (prec != -1) {
+ while (*arg && prec--) {
+ (*state->append_char) (state, *arg++);
+ ++len;
+ }
+ } else {
+ while (*arg) {
+ (*state->append_char) (state, *arg++);
+ ++len;
+ }
+ }
+ if(flags & minus_flag)
+ len += pad(state, width, ' ');
+ return len;
+}
+
+static int
+append_char(struct snprintf_state *state,
+ unsigned char arg,
+ int width,
+ int flags)
+{
+ int len = 0;
+
+ while(!(flags & minus_flag) && --width > 0) {
+ (*state->append_char) (state, ' ') ;
+ ++len;
+ }
+ (*state->append_char) (state, arg);
+ ++len;
+ while((flags & minus_flag) && --width > 0) {
+ (*state->append_char) (state, ' ');
+ ++len;
+ }
+ return 0;
+}
+
+/*
+ * This can't be made into a function...
+ */
+
+#ifdef HAVE_LONG_LONG
+
+#define PARSE_INT_FORMAT(res, arg, unsig) \
+if (long_long_flag) \
+ res = (unsig long long)va_arg(arg, unsig long long); \
+else if (long_flag) \
+ res = (unsig long)va_arg(arg, unsig long); \
+else if (size_t_flag) \
+ res = (unsig long)va_arg(arg, size_t); \
+else if (short_flag) \
+ res = (unsig short)va_arg(arg, unsig int); \
+else \
+ res = (unsig int)va_arg(arg, unsig int)
+
+#else
+
+#define PARSE_INT_FORMAT(res, arg, unsig) \
+if (long_flag) \
+ res = (unsig long)va_arg(arg, unsig long); \
+else if (size_t_flag) \
+ res = (unsig long)va_arg(arg, size_t); \
+else if (short_flag) \
+ res = (unsig short)va_arg(arg, unsig int); \
+else \
+ res = (unsig int)va_arg(arg, unsig int)
+
+#endif
+
+/*
+ * zyxprintf - return length, as snprintf
+ */
+
+static int
+xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap)
+{
+ const unsigned char *format = (const unsigned char *)char_format;
+ unsigned char c;
+ int len = 0;
+
+ while((c = *format++)) {
+ if (c == '%') {
+ int flags = 0;
+ int width = 0;
+ int prec = -1;
+ int size_t_flag = 0;
+ int long_long_flag = 0;
+ int long_flag = 0;
+ int short_flag = 0;
+
+ /* flags */
+ while((c = *format++)){
+ if(c == '-')
+ flags |= minus_flag;
+ else if(c == '+')
+ flags |= plus_flag;
+ else if(c == ' ')
+ flags |= space_flag;
+ else if(c == '#')
+ flags |= alternate_flag;
+ else if(c == '0')
+ flags |= zero_flag;
+ else if(c == '\'')
+ ; /* just ignore */
+ else
+ break;
+ }
+
+ if((flags & space_flag) && (flags & plus_flag))
+ flags ^= space_flag;
+
+ if((flags & minus_flag) && (flags & zero_flag))
+ flags ^= zero_flag;
+
+ /* width */
+ if (isdigit(c))
+ do {
+ width = width * 10 + c - '0';
+ c = *format++;
+ } while(isdigit(c));
+ else if(c == '*') {
+ width = va_arg(ap, int);
+ c = *format++;
+ }
+
+ /* precision */
+ if (c == '.') {
+ prec = 0;
+ c = *format++;
+ if (isdigit(c))
+ do {
+ prec = prec * 10 + c - '0';
+ c = *format++;
+ } while(isdigit(c));
+ else if (c == '*') {
+ prec = va_arg(ap, int);
+ c = *format++;
+ }
+ }
+
+ /* size */
+
+ if (c == 'h') {
+ short_flag = 1;
+ c = *format++;
+ } else if (c == 'z') {
+ size_t_flag = 1;
+ c = *format++;
+ } else if (c == 'l') {
+ long_flag = 1;
+ c = *format++;
+ if (c == 'l') {
+ long_long_flag = 1;
+ c = *format++;
+ }
+ }
+
+ if(c != 'd' && c != 'i')
+ flags &= ~(plus_flag | space_flag);
+
+ switch (c) {
+ case 'c' :
+ append_char(state, va_arg(ap, int), width, flags);
+ ++len;
+ break;
+ case 's' :
+ len += append_string(state,
+ va_arg(ap, unsigned char*),
+ width,
+ prec,
+ flags);
+ break;
+ case 'd' :
+ case 'i' : {
+ longest arg;
+ u_longest num;
+ int minusp = 0;
+
+ PARSE_INT_FORMAT(arg, ap, signed);
+
+ if (arg < 0) {
+ minusp = 1;
+ num = -arg;
+ } else
+ num = arg;
+
+ len += append_number (state, num, 10, "0123456789",
+ width, prec, flags, minusp);
+ break;
+ }
+ case 'u' : {
+ u_longest arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ len += append_number (state, arg, 10, "0123456789",
+ width, prec, flags, 0);
+ break;
+ }
+ case 'o' : {
+ u_longest arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ len += append_number (state, arg, 010, "01234567",
+ width, prec, flags, 0);
+ break;
+ }
+ case 'x' : {
+ u_longest arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ len += append_number (state, arg, 0x10, "0123456789abcdef",
+ width, prec, flags, 0);
+ break;
+ }
+ case 'X' :{
+ u_longest arg;
+
+ PARSE_INT_FORMAT(arg, ap, unsigned);
+
+ len += append_number (state, arg, 0x10, "0123456789ABCDEF",
+ width, prec, flags, 0);
+ break;
+ }
+ case 'p' : {
+ unsigned long arg = (unsigned long)va_arg(ap, void*);
+
+ len += append_number (state, arg, 0x10, "0123456789ABCDEF",
+ width, prec, flags, 0);
+ break;
+ }
+ case 'n' : {
+ int *arg = va_arg(ap, int*);
+ *arg = state->s - state->str;
+ break;
+ }
+ case '\0' :
+ --format;
+ /* FALLTHROUGH */
+ case '%' :
+ (*state->append_char)(state, c);
+ ++len;
+ break;
+ default :
+ (*state->append_char)(state, '%');
+ (*state->append_char)(state, c);
+ len += 2;
+ break;
+ }
+ } else {
+ (*state->append_char) (state, c);
+ ++len;
+ }
+ }
+ return len;
+}
+
+#if !defined(HAVE_SNPRINTF) || defined(TEST_SNPRINTF)
+int ROKEN_LIB_FUNCTION
+snprintf (char *str, size_t sz, const char *format, ...)
+{
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+ ret = vsnprintf (str, sz, format, args);
+ va_end(args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+
+ tmp = malloc (sz);
+ if (tmp == NULL)
+ abort ();
+
+ va_start(args, format);
+ ret2 = vsprintf (tmp, format, args);
+ va_end(args);
+ if (ret != ret2 || strcmp(str, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ return ret;
+}
+#endif
+
+#if !defined(HAVE_ASPRINTF) || defined(TEST_SNPRINTF)
+int ROKEN_LIB_FUNCTION
+asprintf (char **ret, const char *format, ...)
+{
+ va_list args;
+ int val;
+
+ va_start(args, format);
+ val = vasprintf (ret, format, args);
+ va_end(args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+ tmp = malloc (val + 1);
+ if (tmp == NULL)
+ abort ();
+
+ va_start(args, format);
+ ret2 = vsprintf (tmp, format, args);
+ va_end(args);
+ if (val != ret2 || strcmp(*ret, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ return val;
+}
+#endif
+
+#if !defined(HAVE_ASNPRINTF) || defined(TEST_SNPRINTF)
+int ROKEN_LIB_FUNCTION
+asnprintf (char **ret, size_t max_sz, const char *format, ...)
+{
+ va_list args;
+ int val;
+
+ va_start(args, format);
+ val = vasnprintf (ret, max_sz, format, args);
+
+#ifdef PARANOIA
+ {
+ int ret2;
+ char *tmp;
+ tmp = malloc (val + 1);
+ if (tmp == NULL)
+ abort ();
+
+ ret2 = vsprintf (tmp, format, args);
+ if (val != ret2 || strcmp(*ret, tmp))
+ abort ();
+ free (tmp);
+ }
+#endif
+
+ va_end(args);
+ return val;
+}
+#endif
+
+#if !defined(HAVE_VASPRINTF) || defined(TEST_SNPRINTF)
+int ROKEN_LIB_FUNCTION
+vasprintf (char **ret, const char *format, va_list args)
+{
+ return vasnprintf (ret, 0, format, args);
+}
+#endif
+
+
+#if !defined(HAVE_VASNPRINTF) || defined(TEST_SNPRINTF)
+int ROKEN_LIB_FUNCTION
+vasnprintf (char **ret, size_t max_sz, const char *format, va_list args)
+{
+ int st;
+ struct snprintf_state state;
+
+ state.max_sz = max_sz;
+ state.sz = 1;
+ state.str = malloc(state.sz);
+ if (state.str == NULL) {
+ *ret = NULL;
+ return -1;
+ }
+ state.s = state.str;
+ state.theend = state.s + state.sz - 1;
+ state.append_char = as_append_char;
+
+ st = xyzprintf (&state, format, args);
+ if (st > state.sz) {
+ free (state.str);
+ *ret = NULL;
+ return -1;
+ } else {
+ char *tmp;
+
+ *state.s = '\0';
+ tmp = realloc (state.str, st+1);
+ if (tmp == NULL) {
+ free (state.str);
+ *ret = NULL;
+ return -1;
+ }
+ *ret = tmp;
+ return st;
+ }
+}
+#endif
+
+#if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF)
+int ROKEN_LIB_FUNCTION
+vsnprintf (char *str, size_t sz, const char *format, va_list args)
+{
+ struct snprintf_state state;
+ int ret;
+ unsigned char *ustr = (unsigned char *)str;
+
+ state.max_sz = 0;
+ state.sz = sz;
+ state.str = ustr;
+ state.s = ustr;
+ state.theend = ustr + sz - (sz > 0);
+ state.append_char = sn_append_char;
+
+ ret = xyzprintf (&state, format, args);
+ if (state.s != NULL && sz != 0)
+ *state.s = '\0';
+ return ret;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/socket.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/socket.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/socket.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,302 @@
+/*
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: socket.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <err.h>
+
+/*
+ * Set `sa' to the unitialized address of address family `af'
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_any (struct sockaddr *sa, int af)
+{
+ switch (af) {
+ case AF_INET : {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+
+ memset (sin4, 0, sizeof(*sin4));
+ sin4->sin_family = AF_INET;
+ sin4->sin_port = 0;
+ sin4->sin_addr.s_addr = INADDR_ANY;
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+ memset (sin6, 0, sizeof(*sin6));
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = 0;
+ sin6->sin6_addr = in6addr_any;
+ break;
+ }
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * set `sa' to (`ptr', `port')
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port)
+{
+ switch (sa->sa_family) {
+ case AF_INET : {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+
+ memset (sin4, 0, sizeof(*sin4));
+ sin4->sin_family = AF_INET;
+ sin4->sin_port = port;
+ memcpy (&sin4->sin_addr, ptr, sizeof(struct in_addr));
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+
+ memset (sin6, 0, sizeof(*sin6));
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = port;
+ memcpy (&sin6->sin6_addr, ptr, sizeof(struct in6_addr));
+ break;
+ }
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * Return the size of an address of the type in `sa'
+ */
+
+size_t ROKEN_LIB_FUNCTION
+socket_addr_size (const struct sockaddr *sa)
+{
+ switch (sa->sa_family) {
+ case AF_INET :
+ return sizeof(struct in_addr);
+#ifdef HAVE_IPV6
+ case AF_INET6 :
+ return sizeof(struct in6_addr);
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * Return the size of a `struct sockaddr' in `sa'.
+ */
+
+size_t ROKEN_LIB_FUNCTION
+socket_sockaddr_size (const struct sockaddr *sa)
+{
+ switch (sa->sa_family) {
+ case AF_INET :
+ return sizeof(struct sockaddr_in);
+#ifdef HAVE_IPV6
+ case AF_INET6 :
+ return sizeof(struct sockaddr_in6);
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * Return the binary address of `sa'.
+ */
+
+void * ROKEN_LIB_FUNCTION
+socket_get_address (struct sockaddr *sa)
+{
+ switch (sa->sa_family) {
+ case AF_INET : {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+ return &sin4->sin_addr;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+ return &sin6->sin6_addr;
+ }
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * Return the port number from `sa'.
+ */
+
+int ROKEN_LIB_FUNCTION
+socket_get_port (const struct sockaddr *sa)
+{
+ switch (sa->sa_family) {
+ case AF_INET : {
+ const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa;
+ return sin4->sin_port;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa;
+ return sin6->sin6_port;
+ }
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * Set the port in `sa' to `port'.
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_port (struct sockaddr *sa, int port)
+{
+ switch (sa->sa_family) {
+ case AF_INET : {
+ struct sockaddr_in *sin4 = (struct sockaddr_in *)sa;
+ sin4->sin_port = port;
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
+ sin6->sin6_port = port;
+ break;
+ }
+#endif
+ default :
+ errx (1, "unknown address family %d", sa->sa_family);
+ break;
+ }
+}
+
+/*
+ * Set the range of ports to use when binding with port = 0.
+ */
+void ROKEN_LIB_FUNCTION
+socket_set_portrange (int sock, int restr, int af)
+{
+#if defined(IP_PORTRANGE)
+ if (af == AF_INET) {
+ int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
+ if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
+ sizeof(on)) < 0)
+ warn ("setsockopt IP_PORTRANGE (ignored)");
+ }
+#endif
+#if defined(IPV6_PORTRANGE)
+ if (af == AF_INET6) {
+ int on = restr ? IPV6_PORTRANGE_HIGH :
+ IPV6_PORTRANGE_DEFAULT;
+ if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
+ sizeof(on)) < 0)
+ warn ("setsockopt IPV6_PORTRANGE (ignored)");
+ }
+#endif
+}
+
+/*
+ * Enable debug on `sock'.
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_debug (int sock)
+{
+#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
+ int on = 1;
+
+ if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
+ warn ("setsockopt SO_DEBUG (ignored)");
+#endif
+}
+
+/*
+ * Set the type-of-service of `sock' to `tos'.
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_tos (int sock, int tos)
+{
+#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
+ if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
+ if (errno != EINVAL)
+ warn ("setsockopt TOS (ignored)");
+#endif
+}
+
+/*
+ * set the reuse of addresses on `sock' to `val'.
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_reuseaddr (int sock, int val)
+{
+#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
+ if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
+ sizeof(val)) < 0)
+ err (1, "setsockopt SO_REUSEADDR");
+#endif
+}
+
+/*
+ * Set the that the `sock' should bind to only IPv6 addresses.
+ */
+
+void ROKEN_LIB_FUNCTION
+socket_set_ipv6only (int sock, int val)
+{
+#if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT)
+ setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val));
+#endif
+}
Added: vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1913 @@
+/*
+ * Copyright (C) Jelmer Vernooij 2005 <jelmer at samba.org>
+ * Copyright (C) Stefan Metzmacher 2006 <metze at samba.org>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the author nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+/*
+ Socket wrapper library. Passes all socket communication over
+ unix domain sockets if the environment variable SOCKET_WRAPPER_DIR
+ is set.
+*/
+
+#define SOCKET_WRAPPER_NOT_REPLACE
+
+#ifdef _SAMBA_BUILD_
+
+#include "includes.h"
+#include "system/network.h"
+#include "system/filesys.h"
+
+#ifdef malloc
+#undef malloc
+#endif
+#ifdef calloc
+#undef calloc
+#endif
+#ifdef strdup
+#undef strdup
+#endif
+
+#else /* _SAMBA_BUILD_ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#undef SOCKET_WRAPPER_REPLACE
+
+#include <sys/types.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#include <errno.h>
+#include <sys/un.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include "roken.h"
+
+#include "socket_wrapper.h"
+
+#define HAVE_GETTIMEOFDAY_TZ 1
+
+#define _PUBLIC_
+
+#endif
+
+#define SWRAP_DLIST_ADD(list,item) do { \
+ if (!(list)) { \
+ (item)->prev = NULL; \
+ (item)->next = NULL; \
+ (list) = (item); \
+ } else { \
+ (item)->prev = NULL; \
+ (item)->next = (list); \
+ (list)->prev = (item); \
+ (list) = (item); \
+ } \
+} while (0)
+
+#define SWRAP_DLIST_REMOVE(list,item) do { \
+ if ((list) == (item)) { \
+ (list) = (item)->next; \
+ if (list) { \
+ (list)->prev = NULL; \
+ } \
+ } else { \
+ if ((item)->prev) { \
+ (item)->prev->next = (item)->next; \
+ } \
+ if ((item)->next) { \
+ (item)->next->prev = (item)->prev; \
+ } \
+ } \
+ (item)->prev = NULL; \
+ (item)->next = NULL; \
+} while (0)
+
+/* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support
+ * for now */
+#define REWRITE_CALLS
+
+#ifdef REWRITE_CALLS
+#define real_accept accept
+#define real_connect connect
+#define real_bind bind
+#define real_listen listen
+#define real_getpeername getpeername
+#define real_getsockname getsockname
+#define real_getsockopt getsockopt
+#define real_setsockopt setsockopt
+#define real_recvfrom recvfrom
+#define real_sendto sendto
+#define real_ioctl ioctl
+#define real_recv recv
+#define real_send send
+#define real_socket socket
+#define real_close close
+#define real_dup dup
+#define real_dup2 dup2
+#endif
+
+#ifdef HAVE_GETTIMEOFDAY_TZ
+#define swrapGetTimeOfDay(tval) gettimeofday(tval,NULL)
+#else
+#define swrapGetTimeOfDay(tval) gettimeofday(tval)
+#endif
+
+/* we need to use a very terse format here as IRIX 6.4 silently
+ truncates names to 16 chars, so if we use a longer name then we
+ can't tell which port a packet came from with recvfrom()
+
+ with this format we have 8 chars left for the directory name
+*/
+#define SOCKET_FORMAT "%c%02X%04X"
+#define SOCKET_TYPE_CHAR_TCP 'T'
+#define SOCKET_TYPE_CHAR_UDP 'U'
+#define SOCKET_TYPE_CHAR_TCP_V6 'X'
+#define SOCKET_TYPE_CHAR_UDP_V6 'Y'
+
+#define MAX_WRAPPED_INTERFACES 16
+
+#define SW_IPV6_ADDRESS 1
+
+static struct sockaddr *sockaddr_dup(const void *data, socklen_t len)
+{
+ struct sockaddr *ret = (struct sockaddr *)malloc(len);
+ memcpy(ret, data, len);
+ return ret;
+}
+
+static void set_port(int family, int prt, struct sockaddr *addr)
+{
+ switch (family) {
+ case AF_INET:
+ ((struct sockaddr_in *)addr)->sin_port = htons(prt);
+ break;
+#ifdef HAVE_IPV6
+ case AF_INET6:
+ ((struct sockaddr_in6 *)addr)->sin6_port = htons(prt);
+ break;
+#endif
+ }
+}
+
+static int socket_length(int family)
+{
+ switch (family) {
+ case AF_INET:
+ return sizeof(struct sockaddr_in);
+#ifdef HAVE_IPV6
+ case AF_INET6:
+ return sizeof(struct sockaddr_in6);
+#endif
+ }
+ return -1;
+}
+
+
+
+struct socket_info
+{
+ int fd;
+
+ int family;
+ int type;
+ int protocol;
+ int bound;
+ int bcast;
+ int is_server;
+
+ char *path;
+ char *tmp_path;
+
+ struct sockaddr *myname;
+ socklen_t myname_len;
+
+ struct sockaddr *peername;
+ socklen_t peername_len;
+
+ struct {
+ unsigned long pck_snd;
+ unsigned long pck_rcv;
+ } io;
+
+ struct socket_info *prev, *next;
+};
+
+static struct socket_info *sockets;
+
+
+static const char *socket_wrapper_dir(void)
+{
+ const char *s = getenv("SOCKET_WRAPPER_DIR");
+ if (s == NULL) {
+ return NULL;
+ }
+ if (strncmp(s, "./", 2) == 0) {
+ s += 2;
+ }
+ return s;
+}
+
+static unsigned int socket_wrapper_default_iface(void)
+{
+ const char *s = getenv("SOCKET_WRAPPER_DEFAULT_IFACE");
+ if (s) {
+ unsigned int iface;
+ if (sscanf(s, "%u", &iface) == 1) {
+ if (iface >= 1 && iface <= MAX_WRAPPED_INTERFACES) {
+ return iface;
+ }
+ }
+ }
+
+ return 1;/* 127.0.0.1 */
+}
+
+static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, socklen_t *len)
+{
+ unsigned int iface;
+ unsigned int prt;
+ const char *p;
+ char type;
+
+ p = strrchr(un->sun_path, '/');
+ if (p) p++; else p = un->sun_path;
+
+ if (sscanf(p, SOCKET_FORMAT, &type, &iface, &prt) != 3) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (prt > 0xFFFF) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ switch(type) {
+ case SOCKET_TYPE_CHAR_TCP:
+ case SOCKET_TYPE_CHAR_UDP: {
+ struct sockaddr_in *in2 = (struct sockaddr_in *)in;
+
+ if ((*len) < sizeof(*in2)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ memset(in2, 0, sizeof(*in2));
+ in2->sin_family = AF_INET;
+ in2->sin_addr.s_addr = htonl((127<<24) | iface);
+ in2->sin_port = htons(prt);
+
+ *len = sizeof(*in2);
+ break;
+ }
+#ifdef HAVE_IPV6
+ case SOCKET_TYPE_CHAR_TCP_V6:
+ case SOCKET_TYPE_CHAR_UDP_V6: {
+ struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)in;
+
+ if ((*len) < sizeof(*in2)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ memset(in2, 0, sizeof(*in2));
+ in2->sin6_family = AF_INET6;
+ in2->sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS;
+ in2->sin6_port = htons(prt);
+
+ *len = sizeof(*in2);
+ break;
+ }
+#endif
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+
+ return 0;
+}
+
+static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
+ int *bcast)
+{
+ char type = '\0';
+ unsigned int prt;
+ unsigned int iface;
+ int is_bcast = 0;
+
+ if (bcast) *bcast = 0;
+
+ switch (si->family) {
+ case AF_INET: {
+ const struct sockaddr_in *in =
+ (const struct sockaddr_in *)inaddr;
+ unsigned int addr = ntohl(in->sin_addr.s_addr);
+ char u_type = '\0';
+ char b_type = '\0';
+ char a_type = '\0';
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ u_type = SOCKET_TYPE_CHAR_TCP;
+ break;
+ case SOCK_DGRAM:
+ u_type = SOCKET_TYPE_CHAR_UDP;
+ a_type = SOCKET_TYPE_CHAR_UDP;
+ b_type = SOCKET_TYPE_CHAR_UDP;
+ break;
+ }
+
+ prt = ntohs(in->sin_port);
+ if (a_type && addr == 0xFFFFFFFF) {
+ /* 255.255.255.255 only udp */
+ is_bcast = 2;
+ type = a_type;
+ iface = socket_wrapper_default_iface();
+ } else if (b_type && addr == 0x7FFFFFFF) {
+ /* 127.255.255.255 only udp */
+ is_bcast = 1;
+ type = b_type;
+ iface = socket_wrapper_default_iface();
+ } else if ((addr & 0xFFFFFF00) == 0x7F000000) {
+ /* 127.0.0.X */
+ is_bcast = 0;
+ type = u_type;
+ iface = (addr & 0x000000FF);
+ } else {
+ errno = ENETUNREACH;
+ return -1;
+ }
+ if (bcast) *bcast = is_bcast;
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6: {
+ const struct sockaddr_in6 *in =
+ (const struct sockaddr_in6 *)inaddr;
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ type = SOCKET_TYPE_CHAR_TCP_V6;
+ break;
+ case SOCK_DGRAM:
+ type = SOCKET_TYPE_CHAR_UDP_V6;
+ break;
+ }
+
+ /* XXX no multicast/broadcast */
+
+ prt = ntohs(in->sin6_port);
+ iface = SW_IPV6_ADDRESS;
+
+ break;
+ }
+#endif
+ default:
+ errno = ENETUNREACH;
+ return -1;
+ }
+
+ if (prt == 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (is_bcast) {
+ snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL",
+ socket_wrapper_dir());
+ /* the caller need to do more processing */
+ return 0;
+ }
+
+ snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
+ socket_wrapper_dir(), type, iface, prt);
+
+ return 0;
+}
+
+static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
+ int *bcast)
+{
+ char type = '\0';
+ unsigned int prt;
+ unsigned int iface;
+ struct stat st;
+ int is_bcast = 0;
+
+ if (bcast) *bcast = 0;
+
+ switch (si->family) {
+ case AF_INET: {
+ const struct sockaddr_in *in =
+ (const struct sockaddr_in *)inaddr;
+ unsigned int addr = ntohl(in->sin_addr.s_addr);
+ char u_type = '\0';
+ char d_type = '\0';
+ char b_type = '\0';
+ char a_type = '\0';
+
+ prt = ntohs(in->sin_port);
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ u_type = SOCKET_TYPE_CHAR_TCP;
+ d_type = SOCKET_TYPE_CHAR_TCP;
+ break;
+ case SOCK_DGRAM:
+ u_type = SOCKET_TYPE_CHAR_UDP;
+ d_type = SOCKET_TYPE_CHAR_UDP;
+ a_type = SOCKET_TYPE_CHAR_UDP;
+ b_type = SOCKET_TYPE_CHAR_UDP;
+ break;
+ }
+
+ if (addr == 0) {
+ /* 0.0.0.0 */
+ is_bcast = 0;
+ type = d_type;
+ iface = socket_wrapper_default_iface();
+ } else if (a_type && addr == 0xFFFFFFFF) {
+ /* 255.255.255.255 only udp */
+ is_bcast = 2;
+ type = a_type;
+ iface = socket_wrapper_default_iface();
+ } else if (b_type && addr == 0x7FFFFFFF) {
+ /* 127.255.255.255 only udp */
+ is_bcast = 1;
+ type = b_type;
+ iface = socket_wrapper_default_iface();
+ } else if ((addr & 0xFFFFFF00) == 0x7F000000) {
+ /* 127.0.0.X */
+ is_bcast = 0;
+ type = u_type;
+ iface = (addr & 0x000000FF);
+ } else {
+ errno = EADDRNOTAVAIL;
+ return -1;
+ }
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6: {
+ const struct sockaddr_in6 *in =
+ (const struct sockaddr_in6 *)inaddr;
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ type = SOCKET_TYPE_CHAR_TCP_V6;
+ break;
+ case SOCK_DGRAM:
+ type = SOCKET_TYPE_CHAR_UDP_V6;
+ break;
+ }
+
+ /* XXX no multicast/broadcast */
+
+ prt = ntohs(in->sin6_port);
+ iface = SW_IPV6_ADDRESS;
+
+ break;
+ }
+#endif
+ default:
+ errno = ENETUNREACH;
+ return -1;
+ }
+
+
+ if (bcast) *bcast = is_bcast;
+
+ if (prt == 0) {
+ /* handle auto-allocation of ephemeral ports */
+ for (prt = 5001; prt < 10000; prt++) {
+ snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
+ socket_wrapper_dir(), type, iface, prt);
+ if (stat(un->sun_path, &st) == 0) continue;
+
+ set_port(si->family, prt, si->myname);
+ }
+ }
+
+ snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
+ socket_wrapper_dir(), type, iface, prt);
+ return 0;
+}
+
+static struct socket_info *find_socket_info(int fd)
+{
+ struct socket_info *i;
+ for (i = sockets; i; i = i->next) {
+ if (i->fd == fd)
+ return i;
+ }
+
+ return NULL;
+}
+
+static int sockaddr_convert_to_un(struct socket_info *si, const struct sockaddr *in_addr, socklen_t in_len,
+ struct sockaddr_un *out_addr, int alloc_sock, int *bcast)
+{
+ if (!out_addr)
+ return 0;
+
+ out_addr->sun_family = AF_UNIX;
+
+ switch (in_addr->sa_family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ switch (si->type) {
+ case SOCK_STREAM:
+ case SOCK_DGRAM:
+ break;
+ default:
+ errno = ESOCKTNOSUPPORT;
+ return -1;
+ }
+ if (alloc_sock) {
+ return convert_in_un_alloc(si, in_addr, out_addr, bcast);
+ } else {
+ return convert_in_un_remote(si, in_addr, out_addr, bcast);
+ }
+ default:
+ break;
+ }
+
+ errno = EAFNOSUPPORT;
+ return -1;
+}
+
+static int sockaddr_convert_from_un(const struct socket_info *si,
+ const struct sockaddr_un *in_addr,
+ socklen_t un_addrlen,
+ int family,
+ struct sockaddr *out_addr,
+ socklen_t *out_addrlen)
+{
+ if (out_addr == NULL || out_addrlen == NULL)
+ return 0;
+
+ if (un_addrlen == 0) {
+ *out_addrlen = 0;
+ return 0;
+ }
+
+ switch (family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ switch (si->type) {
+ case SOCK_STREAM:
+ case SOCK_DGRAM:
+ break;
+ default:
+ errno = ESOCKTNOSUPPORT;
+ return -1;
+ }
+ return convert_un_in(in_addr, out_addr, out_addrlen);
+ default:
+ break;
+ }
+
+ errno = EAFNOSUPPORT;
+ return -1;
+}
+
+enum swrap_packet_type {
+ SWRAP_CONNECT_SEND,
+ SWRAP_CONNECT_UNREACH,
+ SWRAP_CONNECT_RECV,
+ SWRAP_CONNECT_ACK,
+ SWRAP_ACCEPT_SEND,
+ SWRAP_ACCEPT_RECV,
+ SWRAP_ACCEPT_ACK,
+ SWRAP_RECVFROM,
+ SWRAP_SENDTO,
+ SWRAP_SENDTO_UNREACH,
+ SWRAP_PENDING_RST,
+ SWRAP_RECV,
+ SWRAP_RECV_RST,
+ SWRAP_SEND,
+ SWRAP_SEND_RST,
+ SWRAP_CLOSE_SEND,
+ SWRAP_CLOSE_RECV,
+ SWRAP_CLOSE_ACK
+};
+
+struct swrap_file_hdr {
+ unsigned long magic;
+ unsigned short version_major;
+ unsigned short version_minor;
+ long timezone;
+ unsigned long sigfigs;
+ unsigned long frame_max_len;
+#define SWRAP_FRAME_LENGTH_MAX 0xFFFF
+ unsigned long link_type;
+};
+#define SWRAP_FILE_HDR_SIZE 24
+
+struct swrap_packet {
+ struct {
+ unsigned long seconds;
+ unsigned long micro_seconds;
+ unsigned long recorded_length;
+ unsigned long full_length;
+ } frame;
+#define SWRAP_PACKET__FRAME_SIZE 16
+
+ struct {
+ struct {
+ unsigned char ver_hdrlen;
+ unsigned char tos;
+ unsigned short packet_length;
+ unsigned short identification;
+ unsigned char flags;
+ unsigned char fragment;
+ unsigned char ttl;
+ unsigned char protocol;
+ unsigned short hdr_checksum;
+ unsigned long src_addr;
+ unsigned long dest_addr;
+ } hdr;
+#define SWRAP_PACKET__IP_HDR_SIZE 20
+
+ union {
+ struct {
+ unsigned short source_port;
+ unsigned short dest_port;
+ unsigned long seq_num;
+ unsigned long ack_num;
+ unsigned char hdr_length;
+ unsigned char control;
+ unsigned short window;
+ unsigned short checksum;
+ unsigned short urg;
+ } tcp;
+#define SWRAP_PACKET__IP_P_TCP_SIZE 20
+ struct {
+ unsigned short source_port;
+ unsigned short dest_port;
+ unsigned short length;
+ unsigned short checksum;
+ } udp;
+#define SWRAP_PACKET__IP_P_UDP_SIZE 8
+ struct {
+ unsigned char type;
+ unsigned char code;
+ unsigned short checksum;
+ unsigned long unused;
+ } icmp;
+#define SWRAP_PACKET__IP_P_ICMP_SIZE 8
+ } p;
+ } ip;
+};
+#define SWRAP_PACKET_SIZE 56
+
+static const char *socket_wrapper_pcap_file(void)
+{
+ static int initialized = 0;
+ static const char *s = NULL;
+ static const struct swrap_file_hdr h;
+ static const struct swrap_packet p;
+
+ if (initialized == 1) {
+ return s;
+ }
+ initialized = 1;
+
+ /*
+ * TODO: don't use the structs use plain buffer offsets
+ * and PUSH_U8(), PUSH_U16() and PUSH_U32()
+ *
+ * for now make sure we disable PCAP support
+ * if the struct has alignment!
+ */
+ if (sizeof(h) != SWRAP_FILE_HDR_SIZE) {
+ return NULL;
+ }
+ if (sizeof(p) != SWRAP_PACKET_SIZE) {
+ return NULL;
+ }
+ if (sizeof(p.frame) != SWRAP_PACKET__FRAME_SIZE) {
+ return NULL;
+ }
+ if (sizeof(p.ip.hdr) != SWRAP_PACKET__IP_HDR_SIZE) {
+ return NULL;
+ }
+ if (sizeof(p.ip.p.tcp) != SWRAP_PACKET__IP_P_TCP_SIZE) {
+ return NULL;
+ }
+ if (sizeof(p.ip.p.udp) != SWRAP_PACKET__IP_P_UDP_SIZE) {
+ return NULL;
+ }
+ if (sizeof(p.ip.p.icmp) != SWRAP_PACKET__IP_P_ICMP_SIZE) {
+ return NULL;
+ }
+
+ s = getenv("SOCKET_WRAPPER_PCAP_FILE");
+ if (s == NULL) {
+ return NULL;
+ }
+ if (strncmp(s, "./", 2) == 0) {
+ s += 2;
+ }
+ return s;
+}
+
+static struct swrap_packet *swrap_packet_init(struct timeval *tval,
+ const struct sockaddr_in *src_addr,
+ const struct sockaddr_in *dest_addr,
+ int socket_type,
+ const unsigned char *payload,
+ size_t payload_len,
+ unsigned long tcp_seq,
+ unsigned long tcp_ack,
+ unsigned char tcp_ctl,
+ int unreachable,
+ size_t *_packet_len)
+{
+ struct swrap_packet *ret;
+ struct swrap_packet *packet;
+ size_t packet_len;
+ size_t alloc_len;
+ size_t nonwire_len = sizeof(packet->frame);
+ size_t wire_hdr_len = 0;
+ size_t wire_len = 0;
+ size_t icmp_hdr_len = 0;
+ size_t icmp_truncate_len = 0;
+ unsigned char protocol = 0, icmp_protocol = 0;
+ unsigned short src_port = src_addr->sin_port;
+ unsigned short dest_port = dest_addr->sin_port;
+
+ switch (socket_type) {
+ case SOCK_STREAM:
+ protocol = 0x06; /* TCP */
+ wire_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.tcp);
+ wire_len = wire_hdr_len + payload_len;
+ break;
+
+ case SOCK_DGRAM:
+ protocol = 0x11; /* UDP */
+ wire_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.udp);
+ wire_len = wire_hdr_len + payload_len;
+ break;
+ }
+
+ if (unreachable) {
+ icmp_protocol = protocol;
+ protocol = 0x01; /* ICMP */
+ if (wire_len > 64 ) {
+ icmp_truncate_len = wire_len - 64;
+ }
+ icmp_hdr_len = sizeof(packet->ip.hdr) + sizeof(packet->ip.p.icmp);
+ wire_hdr_len += icmp_hdr_len;
+ wire_len += icmp_hdr_len;
+ }
+
+ packet_len = nonwire_len + wire_len;
+ alloc_len = packet_len;
+ if (alloc_len < sizeof(struct swrap_packet)) {
+ alloc_len = sizeof(struct swrap_packet);
+ }
+ ret = (struct swrap_packet *)malloc(alloc_len);
+ if (!ret) return NULL;
+
+ packet = ret;
+
+ packet->frame.seconds = tval->tv_sec;
+ packet->frame.micro_seconds = tval->tv_usec;
+ packet->frame.recorded_length = wire_len - icmp_truncate_len;
+ packet->frame.full_length = wire_len - icmp_truncate_len;
+
+ packet->ip.hdr.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
+ packet->ip.hdr.tos = 0x00;
+ packet->ip.hdr.packet_length = htons(wire_len - icmp_truncate_len);
+ packet->ip.hdr.identification = htons(0xFFFF);
+ packet->ip.hdr.flags = 0x40; /* BIT 1 set - means don't fraqment */
+ packet->ip.hdr.fragment = htons(0x0000);
+ packet->ip.hdr.ttl = 0xFF;
+ packet->ip.hdr.protocol = protocol;
+ packet->ip.hdr.hdr_checksum = htons(0x0000);
+ packet->ip.hdr.src_addr = src_addr->sin_addr.s_addr;
+ packet->ip.hdr.dest_addr = dest_addr->sin_addr.s_addr;
+
+ if (unreachable) {
+ packet->ip.p.icmp.type = 0x03; /* destination unreachable */
+ packet->ip.p.icmp.code = 0x01; /* host unreachable */
+ packet->ip.p.icmp.checksum = htons(0x0000);
+ packet->ip.p.icmp.unused = htonl(0x00000000);
+
+ /* set the ip header in the ICMP payload */
+ packet = (struct swrap_packet *)(((unsigned char *)ret) + icmp_hdr_len);
+ packet->ip.hdr.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
+ packet->ip.hdr.tos = 0x00;
+ packet->ip.hdr.packet_length = htons(wire_len - icmp_hdr_len);
+ packet->ip.hdr.identification = htons(0xFFFF);
+ packet->ip.hdr.flags = 0x40; /* BIT 1 set - means don't fraqment */
+ packet->ip.hdr.fragment = htons(0x0000);
+ packet->ip.hdr.ttl = 0xFF;
+ packet->ip.hdr.protocol = icmp_protocol;
+ packet->ip.hdr.hdr_checksum = htons(0x0000);
+ packet->ip.hdr.src_addr = dest_addr->sin_addr.s_addr;
+ packet->ip.hdr.dest_addr = src_addr->sin_addr.s_addr;
+
+ src_port = dest_addr->sin_port;
+ dest_port = src_addr->sin_port;
+ }
+
+ switch (socket_type) {
+ case SOCK_STREAM:
+ packet->ip.p.tcp.source_port = src_port;
+ packet->ip.p.tcp.dest_port = dest_port;
+ packet->ip.p.tcp.seq_num = htonl(tcp_seq);
+ packet->ip.p.tcp.ack_num = htonl(tcp_ack);
+ packet->ip.p.tcp.hdr_length = 0x50; /* 5 * 32 bit words */
+ packet->ip.p.tcp.control = tcp_ctl;
+ packet->ip.p.tcp.window = htons(0x7FFF);
+ packet->ip.p.tcp.checksum = htons(0x0000);
+ packet->ip.p.tcp.urg = htons(0x0000);
+
+ break;
+
+ case SOCK_DGRAM:
+ packet->ip.p.udp.source_port = src_addr->sin_port;
+ packet->ip.p.udp.dest_port = dest_addr->sin_port;
+ packet->ip.p.udp.length = htons(8 + payload_len);
+ packet->ip.p.udp.checksum = htons(0x0000);
+
+ break;
+ }
+
+ if (payload && payload_len > 0) {
+ unsigned char *p = (unsigned char *)ret;
+ p += nonwire_len;
+ p += wire_hdr_len;
+ memcpy(p, payload, payload_len);
+ }
+
+ *_packet_len = packet_len - icmp_truncate_len;
+ return ret;
+}
+
+static int swrap_get_pcap_fd(const char *fname)
+{
+ static int fd = -1;
+
+ if (fd != -1) return fd;
+
+ fd = open(fname, O_WRONLY|O_CREAT|O_EXCL|O_APPEND, 0644);
+ if (fd != -1) {
+ struct swrap_file_hdr file_hdr;
+ file_hdr.magic = 0xA1B2C3D4;
+ file_hdr.version_major = 0x0002;
+ file_hdr.version_minor = 0x0004;
+ file_hdr.timezone = 0x00000000;
+ file_hdr.sigfigs = 0x00000000;
+ file_hdr.frame_max_len = SWRAP_FRAME_LENGTH_MAX;
+ file_hdr.link_type = 0x0065; /* 101 RAW IP */
+
+ write(fd, &file_hdr, sizeof(file_hdr));
+ return fd;
+ }
+
+ fd = open(fname, O_WRONLY|O_APPEND, 0644);
+
+ return fd;
+}
+
+static void swrap_dump_packet(struct socket_info *si, const struct sockaddr *addr,
+ enum swrap_packet_type type,
+ const void *buf, size_t len)
+{
+ const struct sockaddr_in *src_addr;
+ const struct sockaddr_in *dest_addr;
+ const char *file_name;
+ unsigned long tcp_seq = 0;
+ unsigned long tcp_ack = 0;
+ unsigned char tcp_ctl = 0;
+ int unreachable = 0;
+ struct timeval tv;
+ struct swrap_packet *packet;
+ size_t packet_len = 0;
+ int fd;
+
+ file_name = socket_wrapper_pcap_file();
+ if (!file_name) {
+ return;
+ }
+
+ switch (si->family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ break;
+ default:
+ return;
+ }
+
+ switch (type) {
+ case SWRAP_CONNECT_SEND:
+ if (si->type != SOCK_STREAM) return;
+
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)addr;
+
+ tcp_seq = si->io.pck_snd;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x02; /* SYN */
+
+ si->io.pck_snd += 1;
+
+ break;
+
+ case SWRAP_CONNECT_RECV:
+ if (si->type != SOCK_STREAM) return;
+
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)addr;
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x12; /** SYN,ACK */
+
+ si->io.pck_rcv += 1;
+
+ break;
+
+ case SWRAP_CONNECT_UNREACH:
+ if (si->type != SOCK_STREAM) return;
+
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)addr;
+
+ /* Unreachable: resend the data of SWRAP_CONNECT_SEND */
+ tcp_seq = si->io.pck_snd - 1;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x02; /* SYN */
+ unreachable = 1;
+
+ break;
+
+ case SWRAP_CONNECT_ACK:
+ if (si->type != SOCK_STREAM) return;
+
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)addr;
+
+ tcp_seq = si->io.pck_snd;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x10; /* ACK */
+
+ break;
+
+ case SWRAP_ACCEPT_SEND:
+ if (si->type != SOCK_STREAM) return;
+
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)addr;
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x02; /* SYN */
+
+ si->io.pck_rcv += 1;
+
+ break;
+
+ case SWRAP_ACCEPT_RECV:
+ if (si->type != SOCK_STREAM) return;
+
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)addr;
+
+ tcp_seq = si->io.pck_snd;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x12; /* SYN,ACK */
+
+ si->io.pck_snd += 1;
+
+ break;
+
+ case SWRAP_ACCEPT_ACK:
+ if (si->type != SOCK_STREAM) return;
+
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)addr;
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x10; /* ACK */
+
+ break;
+
+ case SWRAP_SEND:
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)si->peername;
+
+ tcp_seq = si->io.pck_snd;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x18; /* PSH,ACK */
+
+ si->io.pck_snd += len;
+
+ break;
+
+ case SWRAP_SEND_RST:
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)si->peername;
+
+ if (si->type == SOCK_DGRAM) {
+ swrap_dump_packet(si, si->peername,
+ SWRAP_SENDTO_UNREACH,
+ buf, len);
+ return;
+ }
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x14; /** RST,ACK */
+
+ break;
+
+ case SWRAP_PENDING_RST:
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)si->peername;
+
+ if (si->type == SOCK_DGRAM) {
+ return;
+ }
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x14; /* RST,ACK */
+
+ break;
+
+ case SWRAP_RECV:
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)si->peername;
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x18; /* PSH,ACK */
+
+ si->io.pck_rcv += len;
+
+ break;
+
+ case SWRAP_RECV_RST:
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)si->peername;
+
+ if (si->type == SOCK_DGRAM) {
+ return;
+ }
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x14; /* RST,ACK */
+
+ break;
+
+ case SWRAP_SENDTO:
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)addr;
+
+ si->io.pck_snd += len;
+
+ break;
+
+ case SWRAP_SENDTO_UNREACH:
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)addr;
+
+ unreachable = 1;
+
+ break;
+
+ case SWRAP_RECVFROM:
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)addr;
+
+ si->io.pck_rcv += len;
+
+ break;
+
+ case SWRAP_CLOSE_SEND:
+ if (si->type != SOCK_STREAM) return;
+
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)si->peername;
+
+ tcp_seq = si->io.pck_snd;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x11; /* FIN, ACK */
+
+ si->io.pck_snd += 1;
+
+ break;
+
+ case SWRAP_CLOSE_RECV:
+ if (si->type != SOCK_STREAM) return;
+
+ dest_addr = (const struct sockaddr_in *)si->myname;
+ src_addr = (const struct sockaddr_in *)si->peername;
+
+ tcp_seq = si->io.pck_rcv;
+ tcp_ack = si->io.pck_snd;
+ tcp_ctl = 0x11; /* FIN,ACK */
+
+ si->io.pck_rcv += 1;
+
+ break;
+
+ case SWRAP_CLOSE_ACK:
+ if (si->type != SOCK_STREAM) return;
+
+ src_addr = (const struct sockaddr_in *)si->myname;
+ dest_addr = (const struct sockaddr_in *)si->peername;
+
+ tcp_seq = si->io.pck_snd;
+ tcp_ack = si->io.pck_rcv;
+ tcp_ctl = 0x10; /* ACK */
+
+ break;
+ default:
+ return;
+ }
+
+ swrapGetTimeOfDay(&tv);
+
+ packet = swrap_packet_init(&tv, src_addr, dest_addr, si->type,
+ (const unsigned char *)buf, len,
+ tcp_seq, tcp_ack, tcp_ctl, unreachable,
+ &packet_len);
+ if (!packet) {
+ return;
+ }
+
+ fd = swrap_get_pcap_fd(file_name);
+ if (fd != -1) {
+ write(fd, packet, packet_len);
+ }
+
+ free(packet);
+}
+
+_PUBLIC_ int swrap_socket(int family, int type, int protocol)
+{
+ struct socket_info *si;
+ int fd;
+
+ if (!socket_wrapper_dir()) {
+ return real_socket(family, type, protocol);
+ }
+
+ switch (family) {
+ case AF_INET:
+#ifdef HAVE_IPV6
+ case AF_INET6:
+#endif
+ break;
+ case AF_UNIX:
+ return real_socket(family, type, protocol);
+ default:
+ errno = EAFNOSUPPORT;
+ return -1;
+ }
+
+ switch (type) {
+ case SOCK_STREAM:
+ break;
+ case SOCK_DGRAM:
+ break;
+ default:
+ errno = EPROTONOSUPPORT;
+ return -1;
+ }
+
+#if 0
+ switch (protocol) {
+ case 0:
+ break;
+ default:
+ errno = EPROTONOSUPPORT;
+ return -1;
+ }
+#endif
+
+ fd = real_socket(AF_UNIX, type, 0);
+
+ if (fd == -1) return -1;
+
+ si = (struct socket_info *)calloc(1, sizeof(struct socket_info));
+
+ si->family = family;
+ si->type = type;
+ si->protocol = protocol;
+ si->fd = fd;
+
+ SWRAP_DLIST_ADD(sockets, si);
+
+ return si->fd;
+}
+
+_PUBLIC_ int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen)
+{
+ struct socket_info *parent_si, *child_si;
+ int fd;
+ struct sockaddr_un un_addr;
+ socklen_t un_addrlen = sizeof(un_addr);
+ struct sockaddr_un un_my_addr;
+ socklen_t un_my_addrlen = sizeof(un_my_addr);
+ struct sockaddr *my_addr;
+ socklen_t my_addrlen, len;
+ int ret;
+
+ parent_si = find_socket_info(s);
+ if (!parent_si) {
+ return real_accept(s, addr, addrlen);
+ }
+
+ /*
+ * assume out sockaddr have the same size as the in parent
+ * socket family
+ */
+ my_addrlen = socket_length(parent_si->family);
+ if (my_addrlen < 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ my_addr = malloc(my_addrlen);
+ if (my_addr == NULL) {
+ return -1;
+ }
+
+ memset(&un_addr, 0, sizeof(un_addr));
+ memset(&un_my_addr, 0, sizeof(un_my_addr));
+
+ ret = real_accept(s, (struct sockaddr *)&un_addr, &un_addrlen);
+ if (ret == -1) {
+ free(my_addr);
+ return ret;
+ }
+
+ fd = ret;
+
+ len = my_addrlen;
+ ret = sockaddr_convert_from_un(parent_si, &un_addr, un_addrlen,
+ parent_si->family, my_addr, &len);
+ if (ret == -1) {
+ free(my_addr);
+ close(fd);
+ return ret;
+ }
+
+ child_si = (struct socket_info *)malloc(sizeof(struct socket_info));
+ memset(child_si, 0, sizeof(*child_si));
+
+ child_si->fd = fd;
+ child_si->family = parent_si->family;
+ child_si->type = parent_si->type;
+ child_si->protocol = parent_si->protocol;
+ child_si->bound = 1;
+ child_si->is_server = 1;
+
+ child_si->peername_len = len;
+ child_si->peername = sockaddr_dup(my_addr, len);
+
+ if (addr != NULL && addrlen != NULL) {
+ *addrlen = len;
+ if (*addrlen >= len)
+ memcpy(addr, my_addr, len);
+ *addrlen = 0;
+ }
+
+ ret = real_getsockname(fd, (struct sockaddr *)&un_my_addr, &un_my_addrlen);
+ if (ret == -1) {
+ free(child_si);
+ close(fd);
+ return ret;
+ }
+
+ len = my_addrlen;
+ ret = sockaddr_convert_from_un(child_si, &un_my_addr, un_my_addrlen,
+ child_si->family, my_addr, &len);
+ if (ret == -1) {
+ free(child_si);
+ free(my_addr);
+ close(fd);
+ return ret;
+ }
+
+ child_si->myname_len = len;
+ child_si->myname = sockaddr_dup(my_addr, len);
+ free(my_addr);
+
+ SWRAP_DLIST_ADD(sockets, child_si);
+
+ swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_SEND, NULL, 0);
+ swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_RECV, NULL, 0);
+ swrap_dump_packet(child_si, addr, SWRAP_ACCEPT_ACK, NULL, 0);
+
+ return fd;
+}
+
+static int autobind_start_init;
+static int autobind_start;
+
+/* using sendto() or connect() on an unbound socket would give the
+ recipient no way to reply, as unlike UDP and TCP, a unix domain
+ socket can't auto-assign emphemeral port numbers, so we need to
+ assign it here */
+static int swrap_auto_bind(struct socket_info *si)
+{
+ struct sockaddr_un un_addr;
+ int i;
+ char type;
+ int ret;
+ int port;
+ struct stat st;
+
+ if (autobind_start_init != 1) {
+ autobind_start_init = 1;
+ autobind_start = getpid();
+ autobind_start %= 50000;
+ autobind_start += 10000;
+ }
+
+ un_addr.sun_family = AF_UNIX;
+
+ switch (si->family) {
+ case AF_INET: {
+ struct sockaddr_in in;
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ type = SOCKET_TYPE_CHAR_TCP;
+ break;
+ case SOCK_DGRAM:
+ type = SOCKET_TYPE_CHAR_UDP;
+ break;
+ default:
+ errno = ESOCKTNOSUPPORT;
+ return -1;
+ }
+
+ memset(&in, 0, sizeof(in));
+ in.sin_family = AF_INET;
+ in.sin_addr.s_addr = htonl(127<<24 |
+ socket_wrapper_default_iface());
+
+ si->myname_len = sizeof(in);
+ si->myname = sockaddr_dup(&in, si->myname_len);
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6: {
+ struct sockaddr_in6 in6;
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ type = SOCKET_TYPE_CHAR_TCP_V6;
+ break;
+ case SOCK_DGRAM:
+ type = SOCKET_TYPE_CHAR_UDP_V6;
+ break;
+ default:
+ errno = ESOCKTNOSUPPORT;
+ return -1;
+ }
+
+ memset(&in6, 0, sizeof(in6));
+ in6.sin6_family = AF_INET6;
+ in6.sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS;
+ si->myname_len = sizeof(in6);
+ si->myname = sockaddr_dup(&in6, si->myname_len);
+ break;
+ }
+#endif
+ default:
+ errno = ESOCKTNOSUPPORT;
+ return -1;
+ }
+
+ if (autobind_start > 60000) {
+ autobind_start = 10000;
+ }
+
+ for (i=0;i<1000;i++) {
+ port = autobind_start + i;
+ snprintf(un_addr.sun_path, sizeof(un_addr.sun_path),
+ "%s/"SOCKET_FORMAT, socket_wrapper_dir(),
+ type, socket_wrapper_default_iface(), port);
+ if (stat(un_addr.sun_path, &st) == 0) continue;
+
+ ret = real_bind(si->fd, (struct sockaddr *)&un_addr, sizeof(un_addr));
+ if (ret == -1) return ret;
+
+ si->tmp_path = strdup(un_addr.sun_path);
+ si->bound = 1;
+ autobind_start = port + 1;
+ break;
+ }
+ if (i == 1000) {
+ errno = ENFILE;
+ return -1;
+ }
+
+ set_port(si->family, port, si->myname);
+
+ return 0;
+}
+
+
+_PUBLIC_ int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen)
+{
+ int ret;
+ struct sockaddr_un un_addr;
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_connect(s, serv_addr, addrlen);
+ }
+
+ if (si->bound == 0) {
+ ret = swrap_auto_bind(si);
+ if (ret == -1) return -1;
+ }
+
+ if (si->family != serv_addr->sa_family) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ ret = sockaddr_convert_to_un(si, (const struct sockaddr *)serv_addr, addrlen, &un_addr, 0, NULL);
+ if (ret == -1) return -1;
+
+ swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_SEND, NULL, 0);
+
+ ret = real_connect(s, (struct sockaddr *)&un_addr,
+ sizeof(struct sockaddr_un));
+
+ /* to give better errors */
+ if (ret == -1 && errno == ENOENT) {
+ errno = EHOSTUNREACH;
+ }
+
+ if (ret == 0) {
+ si->peername_len = addrlen;
+ si->peername = sockaddr_dup(serv_addr, addrlen);
+
+ swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_RECV, NULL, 0);
+ swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_ACK, NULL, 0);
+ } else {
+ swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_UNREACH, NULL, 0);
+ }
+
+ return ret;
+}
+
+_PUBLIC_ int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen)
+{
+ int ret;
+ struct sockaddr_un un_addr;
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_bind(s, myaddr, addrlen);
+ }
+
+ si->myname_len = addrlen;
+ si->myname = sockaddr_dup(myaddr, addrlen);
+
+ ret = sockaddr_convert_to_un(si, (const struct sockaddr *)myaddr, addrlen, &un_addr, 1, &si->bcast);
+ if (ret == -1) return -1;
+
+ unlink(un_addr.sun_path);
+
+ ret = real_bind(s, (struct sockaddr *)&un_addr,
+ sizeof(struct sockaddr_un));
+
+ if (ret == 0) {
+ si->bound = 1;
+ }
+
+ return ret;
+}
+
+_PUBLIC_ int swrap_listen(int s, int backlog)
+{
+ int ret;
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_listen(s, backlog);
+ }
+
+ ret = real_listen(s, backlog);
+
+ return ret;
+}
+
+_PUBLIC_ int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen)
+{
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_getpeername(s, name, addrlen);
+ }
+
+ if (!si->peername)
+ {
+ errno = ENOTCONN;
+ return -1;
+ }
+
+ memcpy(name, si->peername, si->peername_len);
+ *addrlen = si->peername_len;
+
+ return 0;
+}
+
+_PUBLIC_ int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen)
+{
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_getsockname(s, name, addrlen);
+ }
+
+ memcpy(name, si->myname, si->myname_len);
+ *addrlen = si->myname_len;
+
+ return 0;
+}
+
+_PUBLIC_ int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen)
+{
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_getsockopt(s, level, optname, optval, optlen);
+ }
+
+ if (level == SOL_SOCKET) {
+ return real_getsockopt(s, level, optname, optval, optlen);
+ }
+
+ errno = ENOPROTOOPT;
+ return -1;
+}
+
+_PUBLIC_ int swrap_setsockopt(int s, int level, int optname, const void *optval, socklen_t optlen)
+{
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_setsockopt(s, level, optname, optval, optlen);
+ }
+
+ if (level == SOL_SOCKET) {
+ return real_setsockopt(s, level, optname, optval, optlen);
+ }
+
+ switch (si->family) {
+ case AF_INET:
+ return 0;
+ default:
+ errno = ENOPROTOOPT;
+ return -1;
+ }
+}
+
+_PUBLIC_ ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
+{
+ struct sockaddr_un un_addr;
+ socklen_t un_addrlen = sizeof(un_addr);
+ int ret;
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_recvfrom(s, buf, len, flags, from, fromlen);
+ }
+
+ /* irix 6.4 forgets to null terminate the sun_path string :-( */
+ memset(&un_addr, 0, sizeof(un_addr));
+ ret = real_recvfrom(s, buf, len, flags, (struct sockaddr *)&un_addr, &un_addrlen);
+ if (ret == -1)
+ return ret;
+
+ if (sockaddr_convert_from_un(si, &un_addr, un_addrlen,
+ si->family, from, fromlen) == -1) {
+ return -1;
+ }
+
+ swrap_dump_packet(si, from, SWRAP_RECVFROM, buf, ret);
+
+ return ret;
+}
+
+
+_PUBLIC_ ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen)
+{
+ struct sockaddr_un un_addr;
+ int ret;
+ struct socket_info *si = find_socket_info(s);
+ int bcast = 0;
+
+ if (!si) {
+ return real_sendto(s, buf, len, flags, to, tolen);
+ }
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ ret = real_send(s, buf, len, flags);
+ break;
+ case SOCK_DGRAM:
+ if (si->bound == 0) {
+ ret = swrap_auto_bind(si);
+ if (ret == -1) return -1;
+ }
+
+ ret = sockaddr_convert_to_un(si, to, tolen, &un_addr, 0, &bcast);
+ if (ret == -1) return -1;
+
+ if (bcast) {
+ struct stat st;
+ unsigned int iface;
+ unsigned int prt = ntohs(((const struct sockaddr_in *)to)->sin_port);
+ char type;
+
+ type = SOCKET_TYPE_CHAR_UDP;
+
+ for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
+ snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT,
+ socket_wrapper_dir(), type, iface, prt);
+ if (stat(un_addr.sun_path, &st) != 0) continue;
+
+ /* ignore the any errors in broadcast sends */
+ real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr));
+ }
+
+ swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
+
+ return len;
+ }
+
+ ret = real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr));
+ break;
+ default:
+ ret = -1;
+ errno = EHOSTUNREACH;
+ break;
+ }
+
+ /* to give better errors */
+ if (ret == -1 && errno == ENOENT) {
+ errno = EHOSTUNREACH;
+ }
+
+ if (ret == -1) {
+ swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
+ swrap_dump_packet(si, to, SWRAP_SENDTO_UNREACH, buf, len);
+ } else {
+ swrap_dump_packet(si, to, SWRAP_SENDTO, buf, ret);
+ }
+
+ return ret;
+}
+
+_PUBLIC_ int swrap_ioctl(int s, int r, void *p)
+{
+ int ret;
+ struct socket_info *si = find_socket_info(s);
+ int value;
+
+ if (!si) {
+ return real_ioctl(s, r, p);
+ }
+
+ ret = real_ioctl(s, r, p);
+
+ switch (r) {
+ case FIONREAD:
+ value = *((int *)p);
+ if (ret == -1 && errno != EAGAIN && errno != ENOBUFS) {
+ swrap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
+ } else if (value == 0) { /* END OF FILE */
+ swrap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
+ }
+ break;
+ }
+
+ return ret;
+}
+
+_PUBLIC_ ssize_t swrap_recv(int s, void *buf, size_t len, int flags)
+{
+ int ret;
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_recv(s, buf, len, flags);
+ }
+
+ ret = real_recv(s, buf, len, flags);
+ if (ret == -1 && errno != EAGAIN && errno != ENOBUFS) {
+ swrap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
+ } else if (ret == 0) { /* END OF FILE */
+ swrap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
+ } else {
+ swrap_dump_packet(si, NULL, SWRAP_RECV, buf, ret);
+ }
+
+ return ret;
+}
+
+
+_PUBLIC_ ssize_t swrap_send(int s, const void *buf, size_t len, int flags)
+{
+ int ret;
+ struct socket_info *si = find_socket_info(s);
+
+ if (!si) {
+ return real_send(s, buf, len, flags);
+ }
+
+ ret = real_send(s, buf, len, flags);
+
+ if (ret == -1) {
+ swrap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
+ swrap_dump_packet(si, NULL, SWRAP_SEND_RST, NULL, 0);
+ } else {
+ swrap_dump_packet(si, NULL, SWRAP_SEND, buf, ret);
+ }
+
+ return ret;
+}
+
+_PUBLIC_ int swrap_close(int fd)
+{
+ struct socket_info *si = find_socket_info(fd);
+ int ret;
+
+ if (!si) {
+ return real_close(fd);
+ }
+
+ SWRAP_DLIST_REMOVE(sockets, si);
+
+ if (si->myname && si->peername) {
+ swrap_dump_packet(si, NULL, SWRAP_CLOSE_SEND, NULL, 0);
+ }
+
+ ret = real_close(fd);
+
+ if (si->myname && si->peername) {
+ swrap_dump_packet(si, NULL, SWRAP_CLOSE_RECV, NULL, 0);
+ swrap_dump_packet(si, NULL, SWRAP_CLOSE_ACK, NULL, 0);
+ }
+
+ if (si->path) free(si->path);
+ if (si->myname) free(si->myname);
+ if (si->peername) free(si->peername);
+ if (si->tmp_path) {
+ unlink(si->tmp_path);
+ free(si->tmp_path);
+ }
+ free(si);
+
+ return ret;
+}
+
+static int
+dup_internal(const struct socket_info *si_oldd, int fd)
+{
+ struct socket_info *si_newd;
+
+ si_newd = (struct socket_info *)calloc(1, sizeof(struct socket_info));
+
+ si_newd->fd = fd;
+
+ si_newd->family = si_oldd->family;
+ si_newd->type = si_oldd->type;
+ si_newd->protocol = si_oldd->protocol;
+ si_newd->bound = si_oldd->bound;
+ si_newd->bcast = si_oldd->bcast;
+ if (si_oldd->path)
+ si_newd->path = strdup(si_oldd->path);
+ if (si_oldd->tmp_path)
+ si_newd->tmp_path = strdup(si_oldd->tmp_path);
+ si_newd->myname =
+ sockaddr_dup(si_oldd->myname, si_oldd->myname_len);
+ si_newd->myname_len = si_oldd->myname_len;
+ si_newd->peername =
+ sockaddr_dup(si_oldd->peername, si_oldd->peername_len);
+ si_newd->peername_len = si_oldd->peername_len;
+
+ si_newd->io = si_oldd->io;
+
+ SWRAP_DLIST_ADD(sockets, si_newd);
+
+ return fd;
+}
+
+
+_PUBLIC_ int swrap_dup(int oldd)
+{
+ struct socket_info *si;
+ int fd;
+
+ si = find_socket_info(oldd);
+ if (si == NULL)
+ return real_dup(oldd);
+
+ fd = real_dup(si->fd);
+ if (fd < 0)
+ return fd;
+
+ return dup_internal(si, fd);
+}
+
+
+_PUBLIC_ int swrap_dup2(int oldd, int newd)
+{
+ struct socket_info *si_newd, *si_oldd;
+ int fd;
+
+ if (newd == oldd)
+ return newd;
+
+ si_oldd = find_socket_info(oldd);
+ si_newd = find_socket_info(newd);
+
+ if (si_oldd == NULL && si_newd == NULL)
+ return real_dup2(oldd, newd);
+
+ fd = real_dup2(si_oldd->fd, newd);
+ if (fd < 0)
+ return fd;
+
+ /* close new socket first */
+ if (si_newd)
+ swrap_close(newd);
+
+ return dup_internal(si_oldd, fd);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/socket_wrapper.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) Jelmer Vernooij 2005 <jelmer at samba.org>
+ * Copyright (C) Stefan Metzmacher 2006 <metze at samba.org>
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the author nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#ifndef __SOCKET_WRAPPER_H__
+#define __SOCKET_WRAPPER_H__
+
+int swrap_socket(int family, int type, int protocol);
+int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
+int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen);
+int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen);
+int swrap_listen(int s, int backlog);
+int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen);
+int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen);
+int swrap_getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen);
+int swrap_setsockopt(int s, int level, int optname, const void *optval, socklen_t optlen);
+ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen);
+ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen);
+int swrap_ioctl(int s, int req, void *ptr);
+ssize_t swrap_recv(int s, void *buf, size_t len, int flags);
+ssize_t swrap_send(int s, const void *buf, size_t len, int flags);
+int swrap_close(int);
+int swrap_dup(int);
+int swrap_dup2(int, int);
+
+#ifdef SOCKET_WRAPPER_REPLACE
+
+#ifdef accept
+#undef accept
+#endif
+#define accept(s,addr,addrlen) swrap_accept(s,addr,addrlen)
+
+#ifdef connect
+#undef connect
+#endif
+#define connect(s,serv_addr,addrlen) swrap_connect(s,serv_addr,addrlen)
+
+#ifdef bind
+#undef bind
+#endif
+#define bind(s,myaddr,addrlen) swrap_bind(s,myaddr,addrlen)
+
+#ifdef listen
+#undef listen
+#endif
+#define listen(s,blog) swrap_listen(s,blog)
+
+#ifdef getpeername
+#undef getpeername
+#endif
+#define getpeername(s,name,addrlen) swrap_getpeername(s,name,addrlen)
+
+#ifdef getsockname
+#undef getsockname
+#endif
+#define getsockname(s,name,addrlen) swrap_getsockname(s,name,addrlen)
+
+#ifdef getsockopt
+#undef getsockopt
+#endif
+#define getsockopt(s,level,optname,optval,optlen) swrap_getsockopt(s,level,optname,optval,optlen)
+
+#ifdef setsockopt
+#undef setsockopt
+#endif
+#define setsockopt(s,level,optname,optval,optlen) swrap_setsockopt(s,level,optname,optval,optlen)
+
+#ifdef recvfrom
+#undef recvfrom
+#endif
+#define recvfrom(s,buf,len,flags,from,fromlen) swrap_recvfrom(s,buf,len,flags,from,fromlen)
+
+#ifdef sendto
+#undef sendto
+#endif
+#define sendto(s,buf,len,flags,to,tolen) swrap_sendto(s,buf,len,flags,to,tolen)
+
+#ifdef ioctl
+#undef ioctl
+#endif
+#define ioctl(s,req,ptr) swrap_ioctl(s,req,ptr)
+
+#ifdef recv
+#undef recv
+#endif
+#define recv(s,buf,len,flags) swrap_recv(s,buf,len,flags)
+
+#ifdef send
+#undef send
+#endif
+#define send(s,buf,len,flags) swrap_send(s,buf,len,flags)
+
+#ifdef socket
+#undef socket
+#endif
+#define socket(domain,type,protocol) swrap_socket(domain,type,protocol)
+
+#ifdef close
+#undef close
+#endif
+#define close(s) swrap_close(s)
+
+#ifdef dup
+#undef dup
+#endif
+#define dup(oldd) swrap_dup(oldd)
+
+#ifdef dup2
+#undef dup2
+#endif
+#define dup2(oldd, newd) swrap_dup2(oldd, newd)
+
+#endif
+
+#endif /* __SOCKET_WRAPPER_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/strcasecmp.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strcasecmp.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strcasecmp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strcasecmp.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+#include "roken.h"
+
+#ifndef HAVE_STRCASECMP
+
+int ROKEN_LIB_FUNCTION
+strcasecmp(const char *s1, const char *s2)
+{
+ while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) {
+ if(*s1 == '\0')
+ return 0;
+ s1++;
+ s2++;
+ }
+ return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strcollect.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strcollect.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strcollect.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strcollect.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "roken.h"
+
+enum { initial = 10, increment = 5 };
+
+static char **
+sub (char **argv, int i, int argc, va_list *ap)
+{
+ do {
+ if(i == argc) {
+ /* realloc argv */
+ char **tmp = realloc(argv, (argc + increment) * sizeof(*argv));
+ if(tmp == NULL) {
+ free(argv);
+ errno = ENOMEM;
+ return NULL;
+ }
+ argv = tmp;
+ argc += increment;
+ }
+ argv[i++] = va_arg(*ap, char*);
+ } while(argv[i - 1] != NULL);
+ return argv;
+}
+
+/*
+ * return a malloced vector of pointers to the strings in `ap'
+ * terminated by NULL.
+ */
+
+char ** ROKEN_LIB_FUNCTION
+vstrcollect(va_list *ap)
+{
+ return sub (NULL, 0, 0, ap);
+}
+
+/*
+ *
+ */
+
+char ** ROKEN_LIB_FUNCTION
+strcollect(char *first, ...)
+{
+ va_list ap;
+ char **ret = malloc (initial * sizeof(char *));
+
+ if (ret == NULL)
+ return ret;
+
+ ret[0] = first;
+ va_start(ap, first);
+ ret = sub (ret, 1, initial, &ap);
+ va_end(ap);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strdup.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strdup.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strdup.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strdup.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef HAVE_STRDUP
+char * ROKEN_LIB_FUNCTION
+strdup(const char *old)
+{
+ char *t = malloc(strlen(old)+1);
+ if (t != 0)
+ strcpy(t, old);
+ return t;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strerror.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strerror.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strerror.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strerror.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+extern int sys_nerr;
+extern char *sys_errlist[];
+
+char* ROKEN_LIB_FUNCTION
+strerror(int eno)
+{
+ static char emsg[1024];
+
+ if(eno < 0 || eno >= sys_nerr)
+ snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
+ else
+ snprintf(emsg, sizeof(emsg), "%s", sys_errlist[eno]);
+
+ return emsg;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strftime.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strftime.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strftime.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,401 @@
+/*
+ * Copyright (c) 1999 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef TEST_STRPFTIME
+#include "strpftime-test.h"
+#endif
+#include "roken.h"
+
+RCSID("$Id: strftime.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static const char *abb_weekdays[] = {
+ "Sun",
+ "Mon",
+ "Tue",
+ "Wed",
+ "Thu",
+ "Fri",
+ "Sat",
+};
+
+static const char *full_weekdays[] = {
+ "Sunday",
+ "Monday",
+ "Tuesday",
+ "Wednesday",
+ "Thursday",
+ "Friday",
+ "Saturday",
+};
+
+static const char *abb_month[] = {
+ "Jan",
+ "Feb",
+ "Mar",
+ "Apr",
+ "May",
+ "Jun",
+ "Jul",
+ "Aug",
+ "Sep",
+ "Oct",
+ "Nov",
+ "Dec"
+};
+
+static const char *full_month[] = {
+ "January",
+ "February",
+ "Mars",
+ "April",
+ "May",
+ "June",
+ "July",
+ "August",
+ "September",
+ "October",
+ "November",
+ "December"
+};
+
+static const char *ampm[] = {
+ "AM",
+ "PM"
+};
+
+/*
+ * Convert hour in [0, 24] to [12 1 - 11 12 1 - 11 12]
+ */
+
+static int
+hour_24to12 (int hour)
+{
+ int ret = hour % 12;
+
+ if (ret == 0)
+ ret = 12;
+ return ret;
+}
+
+/*
+ * Return AM or PM for `hour'
+ */
+
+static const char *
+hour_to_ampm (int hour)
+{
+ return ampm[hour / 12];
+}
+
+/*
+ * Return the week number of `tm' (Sunday being the first day of the week)
+ * as [0, 53]
+ */
+
+static int
+week_number_sun (const struct tm *tm)
+{
+ return (tm->tm_yday + 7 - (tm->tm_yday % 7 - tm->tm_wday + 7) % 7) / 7;
+}
+
+/*
+ * Return the week number of `tm' (Monday being the first day of the week)
+ * as [0, 53]
+ */
+
+static int
+week_number_mon (const struct tm *tm)
+{
+ int wday = (tm->tm_wday + 6) % 7;
+
+ return (tm->tm_yday + 7 - (tm->tm_yday % 7 - wday + 7) % 7) / 7;
+}
+
+/*
+ * Return the week number of `tm' (Monday being the first day of the
+ * week) as [01, 53]. Week number one is the one that has four or more
+ * days in that year.
+ */
+
+static int
+week_number_mon4 (const struct tm *tm)
+{
+ int wday = (tm->tm_wday + 6) % 7;
+ int w1day = (wday - tm->tm_yday % 7 + 7) % 7;
+ int ret;
+
+ ret = (tm->tm_yday + w1day) / 7;
+ if (w1day >= 4)
+ --ret;
+ if (ret == -1)
+ ret = 53;
+ else
+ ++ret;
+ return ret;
+}
+
+/*
+ *
+ */
+
+size_t ROKEN_LIB_FUNCTION
+strftime (char *buf, size_t maxsize, const char *format,
+ const struct tm *tm)
+{
+ size_t n = 0;
+ int ret;
+
+ while (*format != '\0' && n < maxsize) {
+ if (*format == '%') {
+ ++format;
+ if(*format == 'E' || *format == 'O')
+ ++format;
+ switch (*format) {
+ case 'a' :
+ ret = snprintf (buf, maxsize - n,
+ "%s", abb_weekdays[tm->tm_wday]);
+ break;
+ case 'A' :
+ ret = snprintf (buf, maxsize - n,
+ "%s", full_weekdays[tm->tm_wday]);
+ break;
+ case 'h' :
+ case 'b' :
+ ret = snprintf (buf, maxsize - n,
+ "%s", abb_month[tm->tm_mon]);
+ break;
+ case 'B' :
+ ret = snprintf (buf, maxsize - n,
+ "%s", full_month[tm->tm_mon]);
+ break;
+ case 'c' :
+ ret = snprintf (buf, maxsize - n,
+ "%d:%02d:%02d %02d:%02d:%02d",
+ tm->tm_year,
+ tm->tm_mon + 1,
+ tm->tm_mday,
+ tm->tm_hour,
+ tm->tm_min,
+ tm->tm_sec);
+ break;
+ case 'C' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", (tm->tm_year + 1900) / 100);
+ break;
+ case 'd' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", tm->tm_mday);
+ break;
+ case 'D' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d/%02d/%02d",
+ tm->tm_mon + 1,
+ tm->tm_mday,
+ (tm->tm_year + 1900) % 100);
+ break;
+ case 'e' :
+ ret = snprintf (buf, maxsize - n,
+ "%2d", tm->tm_mday);
+ break;
+ case 'F':
+ ret = snprintf (buf, maxsize - n,
+ "%04d-%02d-%02d", tm->tm_year + 1900,
+ tm->tm_mon + 1, tm->tm_mday);
+ break;
+ case 'g':
+ /* last two digits of week-based year */
+ abort();
+ case 'G':
+ /* week-based year */
+ abort();
+ case 'H' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", tm->tm_hour);
+ break;
+ case 'I' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d",
+ hour_24to12 (tm->tm_hour));
+ break;
+ case 'j' :
+ ret = snprintf (buf, maxsize - n,
+ "%03d", tm->tm_yday + 1);
+ break;
+ case 'k' :
+ ret = snprintf (buf, maxsize - n,
+ "%2d", tm->tm_hour);
+ break;
+ case 'l' :
+ ret = snprintf (buf, maxsize - n,
+ "%2d",
+ hour_24to12 (tm->tm_hour));
+ break;
+ case 'm' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", tm->tm_mon + 1);
+ break;
+ case 'M' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", tm->tm_min);
+ break;
+ case 'n' :
+ ret = snprintf (buf, maxsize - n, "\n");
+ break;
+ case 'p' :
+ ret = snprintf (buf, maxsize - n, "%s",
+ hour_to_ampm (tm->tm_hour));
+ break;
+ case 'r' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d:%02d:%02d %s",
+ hour_24to12 (tm->tm_hour),
+ tm->tm_min,
+ tm->tm_sec,
+ hour_to_ampm (tm->tm_hour));
+ break;
+ case 'R' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d:%02d",
+ tm->tm_hour,
+ tm->tm_min);
+
+ case 's' :
+ ret = snprintf (buf, maxsize - n,
+ "%d", (int)mktime(rk_UNCONST(tm)));
+ break;
+ case 'S' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", tm->tm_sec);
+ break;
+ case 't' :
+ ret = snprintf (buf, maxsize - n, "\t");
+ break;
+ case 'T' :
+ case 'X' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d:%02d:%02d",
+ tm->tm_hour,
+ tm->tm_min,
+ tm->tm_sec);
+ break;
+ case 'u' :
+ ret = snprintf (buf, maxsize - n,
+ "%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday);
+ break;
+ case 'U' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", week_number_sun (tm));
+ break;
+ case 'V' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", week_number_mon4 (tm));
+ break;
+ case 'w' :
+ ret = snprintf (buf, maxsize - n,
+ "%d", tm->tm_wday);
+ break;
+ case 'W' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", week_number_mon (tm));
+ break;
+ case 'x' :
+ ret = snprintf (buf, maxsize - n,
+ "%d:%02d:%02d",
+ tm->tm_year,
+ tm->tm_mon + 1,
+ tm->tm_mday);
+ break;
+ case 'y' :
+ ret = snprintf (buf, maxsize - n,
+ "%02d", (tm->tm_year + 1900) % 100);
+ break;
+ case 'Y' :
+ ret = snprintf (buf, maxsize - n,
+ "%d", tm->tm_year + 1900);
+ break;
+ case 'z':
+ ret = snprintf (buf, maxsize - n,
+ "%ld",
+#if defined(HAVE_STRUCT_TM_TM_GMTOFF)
+ (long)tm->tm_gmtoff
+#elif defined(HAVE_TIMEZONE)
+#ifdef HAVE_ALTZONE
+ tm->tm_isdst ?
+ (long)altzone :
+#endif
+ (long)timezone
+#else
+#error Where in timezone chaos are you?
+#endif
+ );
+ break;
+ case 'Z' :
+ ret = snprintf (buf, maxsize - n,
+ "%s",
+
+#if defined(HAVE_STRUCT_TM_TM_ZONE)
+ tm->tm_zone
+#elif defined(HAVE_TIMEZONE)
+ tzname[tm->tm_isdst]
+#else
+#error what?
+#endif
+ );
+ break;
+ case '\0' :
+ --format;
+ /* FALLTHROUGH */
+ case '%' :
+ ret = snprintf (buf, maxsize - n,
+ "%%");
+ break;
+ default :
+ ret = snprintf (buf, maxsize - n,
+ "%%%c", *format);
+ break;
+ }
+ if (ret < 0 || ret >= maxsize - n)
+ return 0;
+ n += ret;
+ buf += ret;
+ ++format;
+ } else {
+ *buf++ = *format++;
+ ++n;
+ }
+ }
+ *buf++ = '\0';
+ return n;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strlcat.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strlcat.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strlcat.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strlcat.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef HAVE_STRLCAT
+
+size_t ROKEN_LIB_FUNCTION
+strlcat (char *dst, const char *src, size_t dst_sz)
+{
+ size_t len = strlen(dst);
+
+ if (dst_sz < len)
+ /* the total size of dst is less than the string it contains;
+ this could be considered bad input, but we might as well
+ handle it */
+ return len + strlen(src);
+
+ return len + strlcpy (dst + len, src, dst_sz - len);
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strlcpy.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strlcpy.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strlcpy.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 1995-2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+RCSID("$Id: strlcpy.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+#ifndef HAVE_STRLCPY
+
+size_t ROKEN_LIB_FUNCTION
+strlcpy (char *dst, const char *src, size_t dst_sz)
+{
+ size_t n;
+
+ for (n = 0; n < dst_sz; n++) {
+ if ((*dst++ = *src++) == '\0')
+ break;
+ }
+
+ if (n < dst_sz)
+ return n;
+ if (n > 0)
+ *(dst - 1) = '\0';
+ return n + strlen (src);
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strlwr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strlwr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strlwr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strlwr.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include <string.h>
+#include <ctype.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRLWR
+char * ROKEN_LIB_FUNCTION
+strlwr(char *str)
+{
+ char *s;
+
+ for(s = str; *s; s++)
+ *s = tolower((unsigned char)*s);
+ return str;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strncasecmp.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strncasecmp.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strncasecmp.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strncasecmp.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+
+#ifndef HAVE_STRNCASECMP
+
+int ROKEN_LIB_FUNCTION
+strncasecmp(const char *s1, const char *s2, size_t n)
+{
+ while(n > 0
+ && toupper((unsigned char)*s1) == toupper((unsigned char)*s2))
+ {
+ if(*s1 == '\0')
+ return 0;
+ s1++;
+ s2++;
+ n--;
+ }
+ if(n == 0)
+ return 0;
+ return toupper((unsigned char)*s1) - toupper((unsigned char)*s2);
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strndup.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strndup.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strndup.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strndup.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRNDUP
+char * ROKEN_LIB_FUNCTION
+strndup(const char *old, size_t sz)
+{
+ size_t len = strnlen (old, sz);
+ char *t = malloc(len + 1);
+
+ if (t != NULL) {
+ memcpy (t, old, len);
+ t[len] = '\0';
+ }
+ return t;
+}
+#endif /* HAVE_STRNDUP */
Added: vendor-crypto/heimdal/dist/lib/roken/strnlen.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strnlen.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strnlen.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 1995 - 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strnlen.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+size_t ROKEN_LIB_FUNCTION
+strnlen(const char *s, size_t len)
+{
+ size_t i;
+
+ for(i = 0; i < len && s[i]; i++)
+ ;
+ return i;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strpftime-test.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strpftime-test.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strpftime-test.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,299 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef TEST_STRPFTIME
+#include "strpftime-test.h"
+#endif
+#include "roken.h"
+
+RCSID("$Id: strpftime-test.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+enum { MAXSIZE = 26 };
+
+static struct testcase {
+ time_t t;
+ struct {
+ const char *format;
+ const char *result;
+ } vals[MAXSIZE];
+} tests[] = {
+ {0,
+ {
+ {"%A", "Thursday"},
+ {"%a", "Thu"},
+ {"%B", "January"},
+ {"%b", "Jan"},
+ {"%C", "19"},
+ {"%d", "01"},
+ {"%e", " 1"},
+ {"%H", "00"},
+ {"%I", "12"},
+ {"%j", "001"},
+ {"%k", " 0"},
+ {"%l", "12"},
+ {"%M", "00"},
+ {"%m", "01"},
+ {"%n", "\n"},
+ {"%p", "AM"},
+ {"%S", "00"},
+ {"%t", "\t"},
+ {"%w", "4"},
+ {"%Y", "1970"},
+ {"%y", "70"},
+ {"%U", "00"},
+ {"%W", "00"},
+ {"%V", "01"},
+ {"%%", "%"},
+ {NULL, NULL}}
+ },
+ {90000,
+ {
+ {"%A", "Friday"},
+ {"%a", "Fri"},
+ {"%B", "January"},
+ {"%b", "Jan"},
+ {"%C", "19"},
+ {"%d", "02"},
+ {"%e", " 2"},
+ {"%H", "01"},
+ {"%I", "01"},
+ {"%j", "002"},
+ {"%k", " 1"},
+ {"%l", " 1"},
+ {"%M", "00"},
+ {"%m", "01"},
+ {"%n", "\n"},
+ {"%p", "AM"},
+ {"%S", "00"},
+ {"%t", "\t"},
+ {"%w", "5"},
+ {"%Y", "1970"},
+ {"%y", "70"},
+ {"%U", "00"},
+ {"%W", "00"},
+ {"%V", "01"},
+ {"%%", "%"},
+ {NULL, NULL}
+ }
+ },
+ {216306,
+ {
+ {"%A", "Saturday"},
+ {"%a", "Sat"},
+ {"%B", "January"},
+ {"%b", "Jan"},
+ {"%C", "19"},
+ {"%d", "03"},
+ {"%e", " 3"},
+ {"%H", "12"},
+ {"%I", "12"},
+ {"%j", "003"},
+ {"%k", "12"},
+ {"%l", "12"},
+ {"%M", "05"},
+ {"%m", "01"},
+ {"%n", "\n"},
+ {"%p", "PM"},
+ {"%S", "06"},
+ {"%t", "\t"},
+ {"%w", "6"},
+ {"%Y", "1970"},
+ {"%y", "70"},
+ {"%U", "00"},
+ {"%W", "00"},
+ {"%V", "01"},
+ {"%%", "%"},
+ {NULL, NULL}
+ }
+ },
+ {259200,
+ {
+ {"%A", "Sunday"},
+ {"%a", "Sun"},
+ {"%B", "January"},
+ {"%b", "Jan"},
+ {"%C", "19"},
+ {"%d", "04"},
+ {"%e", " 4"},
+ {"%H", "00"},
+ {"%I", "12"},
+ {"%j", "004"},
+ {"%k", " 0"},
+ {"%l", "12"},
+ {"%M", "00"},
+ {"%m", "01"},
+ {"%n", "\n"},
+ {"%p", "AM"},
+ {"%S", "00"},
+ {"%t", "\t"},
+ {"%w", "0"},
+ {"%Y", "1970"},
+ {"%y", "70"},
+ {"%U", "01"},
+ {"%W", "00"},
+ {"%V", "01"},
+ {"%%", "%"},
+ {NULL, NULL}
+ }
+ },
+ {915148800,
+ {
+ {"%A", "Friday"},
+ {"%a", "Fri"},
+ {"%B", "January"},
+ {"%b", "Jan"},
+ {"%C", "19"},
+ {"%d", "01"},
+ {"%e", " 1"},
+ {"%H", "00"},
+ {"%I", "12"},
+ {"%j", "001"},
+ {"%k", " 0"},
+ {"%l", "12"},
+ {"%M", "00"},
+ {"%m", "01"},
+ {"%n", "\n"},
+ {"%p", "AM"},
+ {"%S", "00"},
+ {"%t", "\t"},
+ {"%w", "5"},
+ {"%Y", "1999"},
+ {"%y", "99"},
+ {"%U", "00"},
+ {"%W", "00"},
+ {"%V", "53"},
+ {"%%", "%"},
+ {NULL, NULL}}
+ },
+ {942161105,
+ {
+
+ {"%A", "Tuesday"},
+ {"%a", "Tue"},
+ {"%B", "November"},
+ {"%b", "Nov"},
+ {"%C", "19"},
+ {"%d", "09"},
+ {"%e", " 9"},
+ {"%H", "15"},
+ {"%I", "03"},
+ {"%j", "313"},
+ {"%k", "15"},
+ {"%l", " 3"},
+ {"%M", "25"},
+ {"%m", "11"},
+ {"%n", "\n"},
+ {"%p", "PM"},
+ {"%S", "05"},
+ {"%t", "\t"},
+ {"%w", "2"},
+ {"%Y", "1999"},
+ {"%y", "99"},
+ {"%U", "45"},
+ {"%W", "45"},
+ {"%V", "45"},
+ {"%%", "%"},
+ {NULL, NULL}
+ }
+ }
+};
+
+int
+main(int argc, char **argv)
+{
+ int i, j;
+ int ret = 0;
+
+ for (i = 0; i < sizeof(tests)/sizeof(tests[0]); ++i) {
+ struct tm *tm;
+
+ tm = gmtime (&tests[i].t);
+
+ for (j = 0; tests[i].vals[j].format != NULL; ++j) {
+ char buf[128];
+ size_t len;
+ struct tm tm2;
+ char *ptr;
+
+ len = strftime (buf, sizeof(buf), tests[i].vals[j].format, tm);
+ if (len != strlen (buf)) {
+ printf ("length of strftime(\"%s\") = %lu (\"%s\")\n",
+ tests[i].vals[j].format, (unsigned long)len,
+ buf);
+ ++ret;
+ continue;
+ }
+ if (strcmp (buf, tests[i].vals[j].result) != 0) {
+ printf ("result of strftime(\"%s\") = \"%s\" != \"%s\"\n",
+ tests[i].vals[j].format, buf,
+ tests[i].vals[j].result);
+ ++ret;
+ continue;
+ }
+ memset (&tm2, 0, sizeof(tm2));
+ ptr = strptime (tests[i].vals[j].result,
+ tests[i].vals[j].format,
+ &tm2);
+ if (ptr == NULL || *ptr != '\0') {
+ printf ("bad return value from strptime("
+ "\"%s\", \"%s\")\n",
+ tests[i].vals[j].result,
+ tests[i].vals[j].format);
+ ++ret;
+ }
+ strftime (buf, sizeof(buf), tests[i].vals[j].format, &tm2);
+ if (strcmp (buf, tests[i].vals[j].result) != 0) {
+ printf ("reverse of \"%s\" failed: \"%s\" vs \"%s\"\n",
+ tests[i].vals[j].format,
+ buf, tests[i].vals[j].result);
+ ++ret;
+ }
+ }
+ }
+ {
+ struct tm tm;
+ memset(&tm, 0, sizeof(tm));
+ strptime ("200505", "%Y%m", &tm);
+ if (tm.tm_year != 105)
+ ++ret;
+ if (tm.tm_mon != 4)
+ ++ret;
+ }
+ if (ret) {
+ printf ("%d errors\n", ret);
+ return 1;
+ } else
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strpftime-test.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strpftime-test.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strpftime-test.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: strpftime-test.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+#ifndef __STRFTIME_TEST_H__
+#define __STRFTIME_TEST_H__
+
+/*
+ * we cannot use the real names of the functions when testing, since
+ * they might have different prototypes as the system functions, hence
+ * these evil hacks
+ */
+
+#define strftime test_strftime
+#define strptime test_strptime
+
+#endif /* __STRFTIME_TEST_H__ */
Added: vendor-crypto/heimdal/dist/lib/roken/strpool.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strpool.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strpool.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strpool.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdarg.h>
+#include <stdlib.h>
+#include "roken.h"
+
+struct rk_strpool {
+ char *str;
+ size_t len;
+};
+
+/*
+ *
+ */
+
+void ROKEN_LIB_FUNCTION
+rk_strpoolfree(struct rk_strpool *p)
+{
+ if (p->str) {
+ free(p->str);
+ p->str = NULL;
+ }
+ free(p);
+}
+
+/*
+ *
+ */
+
+struct rk_strpool * ROKEN_LIB_FUNCTION
+rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...)
+{
+ va_list ap;
+ char *str, *str2;
+ int len;
+
+ if (p == NULL) {
+ p = malloc(sizeof(*p));
+ if (p == NULL)
+ return NULL;
+ p->str = NULL;
+ p->len = 0;
+ }
+ va_start(ap, fmt);
+ len = vasprintf(&str, fmt, ap);
+ va_end(ap);
+ if (str == NULL) {
+ rk_strpoolfree(p);
+ return NULL;
+ }
+ str2 = realloc(p->str, len + p->len + 1);
+ if (str2 == NULL) {
+ rk_strpoolfree(p);
+ return NULL;
+ }
+ p->str = str2;
+ memcpy(p->str + p->len, str, len + 1);
+ p->len += len;
+ free(str);
+ return p;
+}
+
+/*
+ *
+ */
+
+char * ROKEN_LIB_FUNCTION
+rk_strpoolcollect(struct rk_strpool *p)
+{
+ char *str = p->str;
+ p->str = NULL;
+ free(p);
+ return str;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strptime.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strptime.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strptime.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,453 @@
+/*
+ * Copyright (c) 1999, 2003, 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef TEST_STRPFTIME
+#include "strpftime-test.h"
+#endif
+#include <ctype.h>
+#include "roken.h"
+
+RCSID("$Id: strptime.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+static const char *abb_weekdays[] = {
+ "Sun",
+ "Mon",
+ "Tue",
+ "Wed",
+ "Thu",
+ "Fri",
+ "Sat",
+ NULL
+};
+
+static const char *full_weekdays[] = {
+ "Sunday",
+ "Monday",
+ "Tuesday",
+ "Wednesday",
+ "Thursday",
+ "Friday",
+ "Saturday",
+ NULL
+};
+
+static const char *abb_month[] = {
+ "Jan",
+ "Feb",
+ "Mar",
+ "Apr",
+ "May",
+ "Jun",
+ "Jul",
+ "Aug",
+ "Sep",
+ "Oct",
+ "Nov",
+ "Dec",
+ NULL
+};
+
+static const char *full_month[] = {
+ "January",
+ "February",
+ "March",
+ "April",
+ "May",
+ "June",
+ "July",
+ "August",
+ "September",
+ "October",
+ "November",
+ "December",
+ NULL,
+};
+
+static const char *ampm[] = {
+ "am",
+ "pm",
+ NULL
+};
+
+/*
+ * Try to match `*buf' to one of the strings in `strs'. Return the
+ * index of the matching string (or -1 if none). Also advance buf.
+ */
+
+static int
+match_string (const char **buf, const char **strs)
+{
+ int i = 0;
+
+ for (i = 0; strs[i] != NULL; ++i) {
+ int len = strlen (strs[i]);
+
+ if (strncasecmp (*buf, strs[i], len) == 0) {
+ *buf += len;
+ return i;
+ }
+ }
+ return -1;
+}
+
+/*
+ * Try to match `*buf' to at the most `n' characters and return the
+ * resulting number in `num'. Returns 0 or an error. Also advance
+ * buf.
+ */
+
+static int
+parse_number (const char **buf, int n, int *num)
+{
+ char *s, *str;
+ int i;
+
+ str = malloc(n + 1);
+ if (str == NULL)
+ return -1;
+
+ /* skip whitespace */
+ for (; **buf != '\0' && isspace((unsigned char)(**buf)); (*buf)++)
+ ;
+
+ /* parse at least n characters */
+ for (i = 0; **buf != '\0' && i < n && isdigit((unsigned char)(**buf)); i++, (*buf)++)
+ str[i] = **buf;
+ str[i] = '\0';
+
+ *num = strtol (str, &s, 10);
+ free(str);
+ if (s == str)
+ return -1;
+
+ return 0;
+}
+
+/*
+ * tm_year is relative this year
+ */
+
+const int tm_year_base = 1900;
+
+/*
+ * Return TRUE iff `year' was a leap year.
+ */
+
+static int
+is_leap_year (int year)
+{
+ return (year % 4) == 0 && ((year % 100) != 0 || (year % 400) == 0);
+}
+
+/*
+ * Return the weekday [0,6] (0 = Sunday) of the first day of `year'
+ */
+
+static int
+first_day (int year)
+{
+ int ret = 4;
+
+ for (; year > 1970; --year)
+ ret = (ret + 365 + is_leap_year (year) ? 1 : 0) % 7;
+ return ret;
+}
+
+/*
+ * Set `timeptr' given `wnum' (week number [0, 53])
+ */
+
+static void
+set_week_number_sun (struct tm *timeptr, int wnum)
+{
+ int fday = first_day (timeptr->tm_year + tm_year_base);
+
+ timeptr->tm_yday = wnum * 7 + timeptr->tm_wday - fday;
+ if (timeptr->tm_yday < 0) {
+ timeptr->tm_wday = fday;
+ timeptr->tm_yday = 0;
+ }
+}
+
+/*
+ * Set `timeptr' given `wnum' (week number [0, 53])
+ */
+
+static void
+set_week_number_mon (struct tm *timeptr, int wnum)
+{
+ int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
+
+ timeptr->tm_yday = wnum * 7 + (timeptr->tm_wday + 6) % 7 - fday;
+ if (timeptr->tm_yday < 0) {
+ timeptr->tm_wday = (fday + 1) % 7;
+ timeptr->tm_yday = 0;
+ }
+}
+
+/*
+ * Set `timeptr' given `wnum' (week number [0, 53])
+ */
+
+static void
+set_week_number_mon4 (struct tm *timeptr, int wnum)
+{
+ int fday = (first_day (timeptr->tm_year + tm_year_base) + 6) % 7;
+ int offset = 0;
+
+ if (fday < 4)
+ offset += 7;
+
+ timeptr->tm_yday = offset + (wnum - 1) * 7 + timeptr->tm_wday - fday;
+ if (timeptr->tm_yday < 0) {
+ timeptr->tm_wday = fday;
+ timeptr->tm_yday = 0;
+ }
+}
+
+/*
+ *
+ */
+
+char * ROKEN_LIB_FUNCTION
+strptime (const char *buf, const char *format, struct tm *timeptr)
+{
+ char c;
+
+ for (; (c = *format) != '\0'; ++format) {
+ char *s;
+ int ret;
+
+ if (isspace ((unsigned char)c)) {
+ while (isspace ((unsigned char)*buf))
+ ++buf;
+ } else if (c == '%' && format[1] != '\0') {
+ c = *++format;
+ if (c == 'E' || c == 'O')
+ c = *++format;
+ switch (c) {
+ case 'A' :
+ ret = match_string (&buf, full_weekdays);
+ if (ret < 0)
+ return NULL;
+ timeptr->tm_wday = ret;
+ break;
+ case 'a' :
+ ret = match_string (&buf, abb_weekdays);
+ if (ret < 0)
+ return NULL;
+ timeptr->tm_wday = ret;
+ break;
+ case 'B' :
+ ret = match_string (&buf, full_month);
+ if (ret < 0)
+ return NULL;
+ timeptr->tm_mon = ret;
+ break;
+ case 'b' :
+ case 'h' :
+ ret = match_string (&buf, abb_month);
+ if (ret < 0)
+ return NULL;
+ timeptr->tm_mon = ret;
+ break;
+ case 'C' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ timeptr->tm_year = (ret * 100) - tm_year_base;
+ break;
+ case 'c' :
+ abort ();
+ case 'D' : /* %m/%d/%y */
+ s = strptime (buf, "%m/%d/%y", timeptr);
+ if (s == NULL)
+ return NULL;
+ buf = s;
+ break;
+ case 'd' :
+ case 'e' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ timeptr->tm_mday = ret;
+ break;
+ case 'H' :
+ case 'k' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ timeptr->tm_hour = ret;
+ break;
+ case 'I' :
+ case 'l' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ if (ret == 12)
+ timeptr->tm_hour = 0;
+ else
+ timeptr->tm_hour = ret;
+ break;
+ case 'j' :
+ if (parse_number(&buf, 3, &ret))
+ return NULL;
+ if (ret == 0)
+ return NULL;
+ timeptr->tm_yday = ret - 1;
+ break;
+ case 'm' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ if (ret == 0)
+ return NULL;
+ timeptr->tm_mon = ret - 1;
+ break;
+ case 'M' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ timeptr->tm_min = ret;
+ break;
+ case 'n' :
+ while (isspace ((unsigned char)*buf))
+ buf++;
+ break;
+ case 'p' :
+ ret = match_string (&buf, ampm);
+ if (ret < 0)
+ return NULL;
+ if (timeptr->tm_hour == 0) {
+ if (ret == 1)
+ timeptr->tm_hour = 12;
+ } else
+ timeptr->tm_hour += 12;
+ break;
+ case 'r' : /* %I:%M:%S %p */
+ s = strptime (buf, "%I:%M:%S %p", timeptr);
+ if (s == NULL)
+ return NULL;
+ buf = s;
+ break;
+ case 'R' : /* %H:%M */
+ s = strptime (buf, "%H:%M", timeptr);
+ if (s == NULL)
+ return NULL;
+ buf = s;
+ break;
+ case 'S' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ timeptr->tm_sec = ret;
+ break;
+ case 't' :
+ while (isspace ((unsigned char)*buf))
+ buf++;
+ break;
+ case 'T' : /* %H:%M:%S */
+ case 'X' :
+ s = strptime (buf, "%H:%M:%S", timeptr);
+ if (s == NULL)
+ return NULL;
+ buf = s;
+ break;
+ case 'u' :
+ if (parse_number(&buf, 1, &ret))
+ return NULL;
+ if (ret <= 0)
+ return NULL;
+ timeptr->tm_wday = ret - 1;
+ break;
+ case 'w' :
+ if (parse_number(&buf, 1, &ret))
+ return NULL;
+ timeptr->tm_wday = ret;
+ break;
+ case 'U' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ set_week_number_sun (timeptr, ret);
+ break;
+ case 'V' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ set_week_number_mon4 (timeptr, ret);
+ break;
+ case 'W' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ set_week_number_mon (timeptr, ret);
+ break;
+ case 'x' :
+ s = strptime (buf, "%Y:%m:%d", timeptr);
+ if (s == NULL)
+ return NULL;
+ buf = s;
+ break;
+ case 'y' :
+ if (parse_number(&buf, 2, &ret))
+ return NULL;
+ if (ret < 70)
+ timeptr->tm_year = 100 + ret;
+ else
+ timeptr->tm_year = ret;
+ break;
+ case 'Y' :
+ if (parse_number(&buf, 4, &ret))
+ return NULL;
+ timeptr->tm_year = ret - tm_year_base;
+ break;
+ case 'Z' :
+ abort ();
+ case '\0' :
+ --format;
+ /* FALLTHROUGH */
+ case '%' :
+ if (*buf == '%')
+ ++buf;
+ else
+ return NULL;
+ break;
+ default :
+ if (*buf == '%' || *++buf == c)
+ ++buf;
+ else
+ return NULL;
+ break;
+ }
+ } else {
+ if (*buf == c)
+ ++buf;
+ else
+ return NULL;
+ }
+ }
+ return rk_UNCONST(buf);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/strsep.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strsep.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strsep.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strsep.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRSEP
+
+char * ROKEN_LIB_FUNCTION
+strsep(char **str, const char *delim)
+{
+ char *save = *str;
+ if(*str == NULL)
+ return NULL;
+ *str = *str + strcspn(*str, delim);
+ if(**str == 0)
+ *str = NULL;
+ else{
+ **str = 0;
+ (*str)++;
+ }
+ return save;
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strsep_copy.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strsep_copy.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strsep_copy.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2000, 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strsep_copy.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRSEP_COPY
+
+/* strsep, but with const stringp, so return string in buf */
+
+ssize_t ROKEN_LIB_FUNCTION
+strsep_copy(const char **stringp, const char *delim, char *buf, size_t len)
+{
+ const char *save = *stringp;
+ size_t l;
+ if(save == NULL)
+ return -1;
+ *stringp = *stringp + strcspn(*stringp, delim);
+ l = min(len, *stringp - save);
+ if(len > 0) {
+ memcpy(buf, save, l);
+ buf[l] = '\0';
+ }
+
+ l = *stringp - save;
+ if(**stringp == '\0')
+ *stringp = NULL;
+ else
+ (*stringp)++;
+ return l;
+}
+
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/strtok_r.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strtok_r.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strtok_r.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strtok_r.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <string.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRTOK_R
+
+char * ROKEN_LIB_FUNCTION
+strtok_r(char *s1, const char *s2, char **lasts)
+{
+ char *ret;
+
+ if (s1 == NULL)
+ s1 = *lasts;
+ while(*s1 && strchr(s2, *s1))
+ ++s1;
+ if(*s1 == '\0')
+ return NULL;
+ ret = s1;
+ while(*s1 && !strchr(s2, *s1))
+ ++s1;
+ if(*s1)
+ *s1++ = '\0';
+ *lasts = s1;
+ return ret;
+}
+
+#endif /* HAVE_STRTOK_R */
Added: vendor-crypto/heimdal/dist/lib/roken/strupr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/strupr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/strupr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: strupr.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include <string.h>
+#include <ctype.h>
+
+#include "roken.h"
+
+#ifndef HAVE_STRUPR
+char * ROKEN_LIB_FUNCTION
+strupr(char *str)
+{
+ char *s;
+
+ for(s = str; *s; s++)
+ *s = toupper((unsigned char)*s);
+ return str;
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/swab.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/swab.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/swab.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include "roken.h"
+
+#ifndef HAVE_SWAB
+
+RCSID("$Id: swab.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+
+void ROKEN_LIB_FUNCTION
+swab (char *from, char *to, int nbytes)
+{
+ while(nbytes >= 2) {
+ *(to + 1) = *from;
+ *to = *(from + 1);
+ to += 2;
+ from += 2;
+ nbytes -= 2;
+ }
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/test-mem.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/test-mem.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/test-mem.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 1999 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <err.h>
+#include "roken.h"
+
+#include "test-mem.h"
+
+RCSID("$Id: test-mem.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+
+/* #undef HAVE_MMAP */
+
+struct {
+ void *start;
+ size_t size;
+ void *data_start;
+ size_t data_size;
+ enum rk_test_mem_type type;
+ int fd;
+} map;
+
+struct sigaction sa, osa;
+
+char *testname;
+
+static RETSIGTYPE
+segv_handler(int sig)
+{
+ int fd;
+ char msg[] = "SIGSEGV i current test: ";
+
+ fd = open("/dev/stdout", O_WRONLY, 0600);
+ if (fd >= 0) {
+ write(fd, msg, sizeof(msg) - 1);
+ write(fd, testname, strlen(testname));
+ write(fd, "\n", 1);
+ close(fd);
+ }
+ _exit(1);
+}
+
+#define TESTREC() \
+ if (testname) \
+ errx(1, "test %s run recursively on %s", name, testname); \
+ testname = strdup(name); \
+ if (testname == NULL) \
+ errx(1, "malloc");
+
+
+void * ROKEN_LIB_FUNCTION
+rk_test_mem_alloc(enum rk_test_mem_type type, const char *name,
+ void *buf, size_t size)
+{
+#ifndef HAVE_MMAP
+ unsigned char *p;
+
+ TESTREC();
+
+ p = malloc(size + 2);
+ if (p == NULL)
+ errx(1, "malloc");
+ map.type = type;
+ map.start = p;
+ map.size = size + 2;
+ p[0] = 0xff;
+ p[map.size] = 0xff;
+ map.data_start = p + 1;
+#else
+ unsigned char *p;
+ int flags, ret, fd;
+ size_t pagesize = getpagesize();
+
+ TESTREC();
+
+ map.type = type;
+
+#ifdef MAP_ANON
+ flags = MAP_ANON;
+ fd = -1;
+#else
+ flags = 0;
+ fd = open ("/dev/zero", O_RDONLY);
+ if(fd < 0)
+ err (1, "open /dev/zero");
+#endif
+ map.fd = fd;
+ flags |= MAP_PRIVATE;
+
+ map.size = size + pagesize - (size % pagesize) + pagesize * 2;
+
+ p = (unsigned char *)mmap(0, map.size, PROT_READ | PROT_WRITE,
+ flags, fd, 0);
+ if (p == (unsigned char *)MAP_FAILED)
+ err (1, "mmap");
+
+ map.start = p;
+
+ ret = mprotect ((void *)p, pagesize, 0);
+ if (ret < 0)
+ err (1, "mprotect");
+
+ ret = mprotect (p + map.size - pagesize, pagesize, 0);
+ if (ret < 0)
+ err (1, "mprotect");
+
+ switch (type) {
+ case RK_TM_OVERRUN:
+ map.data_start = p + map.size - pagesize - size;
+ break;
+ case RK_TM_UNDERRUN:
+ map.data_start = p + pagesize;
+ break;
+ default:
+ abort();
+ }
+#endif
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+#ifdef SA_RESETHAND
+ sa.sa_flags |= SA_RESETHAND;
+#endif
+ sa.sa_handler = segv_handler;
+ sigaction (SIGSEGV, &sa, &osa);
+
+ map.data_size = size;
+ if (buf)
+ memcpy(map.data_start, buf, size);
+ return map.data_start;
+}
+
+void ROKEN_LIB_FUNCTION
+rk_test_mem_free(const char *map_name)
+{
+#ifndef HAVE_MMAP
+ unsigned char *p = map.start;
+
+ if (testname == NULL)
+ errx(1, "test_mem_free call on no free");
+
+ if (p[0] != 0xff)
+ errx(1, "%s: %s underrun %x\n", testname, map_name, p[0]);
+ if (p[map.size] != 0xff)
+ errx(1, "%s: %s overrun %x\n", testname, map_name, p[map.size - 1]);
+ free(map.start);
+#else
+ int ret;
+
+ if (testname == NULL)
+ errx(1, "test_mem_free call on no free");
+
+ ret = munmap (map.start, map.size);
+ if (ret < 0)
+ err (1, "munmap");
+ if (map.fd > 0)
+ close(map.fd);
+#endif
+ free(testname);
+ testname = NULL;
+
+ sigaction (SIGSEGV, &osa, NULL);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/test-mem.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/test-mem.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/test-mem.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 1999 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+enum rk_test_mem_type { RK_TM_OVERRUN, RK_TM_UNDERRUN };
+
+void * ROKEN_LIB_FUNCTION
+ rk_test_mem_alloc(enum rk_test_mem_type, const char *, void *, size_t);
+void ROKEN_LIB_FUNCTION
+ rk_test_mem_free(const char *);
Added: vendor-crypto/heimdal/dist/lib/roken/test-readenv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/test-readenv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/test-readenv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: test-readenv.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include "test-mem.h"
+
+char *s1 = "VAR1=VAL1#comment\n\
+VAR2=VAL2 VAL2 #comment\n\
+#this another comment\n\
+\n\
+VAR3=FOO";
+
+char *s2 = "VAR1=ENV2\n\
+";
+
+static void
+make_file(char *tmpl, size_t l)
+{
+ int fd;
+ strlcpy(tmpl, "env.XXXXXX", l);
+ fd = mkstemp(tmpl);
+ if(fd < 0)
+ err(1, "mkstemp");
+ close(fd);
+}
+
+static void
+write_file(const char *fn, const char *s)
+{
+ FILE *f;
+ f = fopen(fn, "w");
+ if(f == NULL) {
+ unlink(fn);
+ err(1, "fopen");
+ }
+ if(fwrite(s, 1, strlen(s), f) != strlen(s))
+ err(1, "short write");
+ if(fclose(f) != 0) {
+ unlink(fn);
+ err(1, "fclose");
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ char **env = NULL;
+ int count = 0;
+ char fn[MAXPATHLEN];
+ int error = 0;
+
+ make_file(fn, sizeof(fn));
+
+ write_file(fn, s1);
+ count = read_environment(fn, &env);
+ if(count != 3) {
+ warnx("test 1: variable count %d != 3", count);
+ error++;
+ }
+
+ write_file(fn, s2);
+ count = read_environment(fn, &env);
+ if(count != 1) {
+ warnx("test 2: variable count %d != 1", count);
+ error++;
+ }
+
+ unlink(fn);
+ count = read_environment(fn, &env);
+ if(count != 0) {
+ warnx("test 3: variable count %d != 0", count);
+ error++;
+ }
+ for(count = 0; env && env[count]; count++);
+ if(count != 3) {
+ warnx("total variable count %d != 3", count);
+ error++;
+ }
+ free_environment(env);
+
+
+ return error;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/timegm.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/timegm.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/timegm.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1997, 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: timegm.c,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+static int
+is_leap(unsigned y)
+{
+ y += 1900;
+ return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0);
+}
+
+/*
+ * XXX This is a simplifed version of timegm, it needs to support out of
+ * bounds values.
+ */
+
+time_t
+rk_timegm (struct tm *tm)
+{
+ static const unsigned ndays[2][12] ={
+ {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
+ {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}};
+ time_t res = 0;
+ unsigned i;
+
+ if (tm->tm_year < 0)
+ return -1;
+ if (tm->tm_mon < 0 || tm->tm_mon > 11)
+ return -1;
+ if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
+ return -1;
+ if (tm->tm_hour < 0 || tm->tm_hour > 23)
+ return -1;
+ if (tm->tm_min < 0 || tm->tm_min > 59)
+ return -1;
+ if (tm->tm_sec < 0 || tm->tm_sec > 59)
+ return -1;
+
+ for (i = 70; i < tm->tm_year; ++i)
+ res += is_leap(i) ? 366 : 365;
+
+ for (i = 0; i < tm->tm_mon; ++i)
+ res += ndays[is_leap(tm->tm_year)][i];
+ res += tm->tm_mday - 1;
+ res *= 24;
+ res += tm->tm_hour;
+ res *= 60;
+ res += tm->tm_min;
+ res *= 60;
+ res += tm->tm_sec;
+ return res;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/timeval.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/timeval.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/timeval.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Timeval stuff
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: timeval.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+/*
+ * Make `t1' consistent.
+ */
+
+void ROKEN_LIB_FUNCTION
+timevalfix(struct timeval *t1)
+{
+ if (t1->tv_usec < 0) {
+ t1->tv_sec--;
+ t1->tv_usec += 1000000;
+ }
+ if (t1->tv_usec >= 1000000) {
+ t1->tv_sec++;
+ t1->tv_usec -= 1000000;
+ }
+}
+
+/*
+ * t1 += t2
+ */
+
+void ROKEN_LIB_FUNCTION
+timevaladd(struct timeval *t1, const struct timeval *t2)
+{
+ t1->tv_sec += t2->tv_sec;
+ t1->tv_usec += t2->tv_usec;
+ timevalfix(t1);
+}
+
+/*
+ * t1 -= t2
+ */
+
+void ROKEN_LIB_FUNCTION
+timevalsub(struct timeval *t1, const struct timeval *t2)
+{
+ t1->tv_sec -= t2->tv_sec;
+ t1->tv_usec -= t2->tv_usec;
+ timevalfix(t1);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/tm2time.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/tm2time.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/tm2time.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: tm2time.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifdef TIME_WITH_SYS_TIME
+#include <sys/time.h>
+#include <time.h>
+#elif defined(HAVE_SYS_TIME_H)
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+#include "roken.h"
+
+time_t ROKEN_LIB_FUNCTION
+tm2time (struct tm tm, int local)
+{
+ time_t t;
+
+ tm.tm_isdst = local ? -1 : 0;
+
+ t = mktime (&tm);
+
+ if (!local)
+ t += t - mktime (gmtime (&t));
+ return t;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/unsetenv.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/unsetenv.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/unsetenv.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: unsetenv.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "roken.h"
+
+extern char **environ;
+
+/*
+ * unsetenv --
+ */
+void ROKEN_LIB_FUNCTION
+unsetenv(const char *name)
+{
+ int len;
+ const char *np;
+ char **p;
+
+ if (name == 0 || environ == 0)
+ return;
+
+ for (np = name; *np && *np != '='; np++)
+ /* nop */;
+ len = np - name;
+
+ for (p = environ; *p != 0; p++)
+ if (strncmp(*p, name, len) == 0 && (*p)[len] == '=')
+ break;
+
+ for (; *p != 0; p++)
+ *p = *(p + 1);
+}
+
Added: vendor-crypto/heimdal/dist/lib/roken/unvis.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/unvis.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/unvis.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,286 @@
+/* $NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $ */
+
+/*-
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if 1
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: unvis.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include "roken.h"
+#ifndef _DIAGASSERT
+#define _DIAGASSERT(X)
+#endif
+#else
+#include <sys/cdefs.h>
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)unvis.c 8.1 (Berkeley) 6/4/93";
+#else
+__RCSID("$NetBSD: unvis.c,v 1.19 2000/01/22 22:19:13 mycroft Exp $");
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#define __LIBC12_SOURCE__
+
+#include "namespace.h"
+#endif
+#include <sys/types.h>
+
+#include <assert.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <vis.h>
+
+#if 0
+#ifdef __weak_alias
+__weak_alias(strunvis,_strunvis)
+__weak_alias(unvis,_unvis)
+#endif
+
+__warn_references(unvis,
+ "warning: reference to compatibility unvis(); include <vis.h> for correct reference")
+#endif
+
+/*
+ * decode driven by state machine
+ */
+#define S_GROUND 0 /* haven't seen escape char */
+#define S_START 1 /* start decoding special sequence */
+#define S_META 2 /* metachar started (M) */
+#define S_META1 3 /* metachar more, regular char (-) */
+#define S_CTRL 4 /* control char started (^) */
+#define S_OCTAL2 5 /* octal digit 2 */
+#define S_OCTAL3 6 /* octal digit 3 */
+
+#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
+
+int ROKEN_LIB_FUNCTION
+ rk_strunvis (char *, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_unvis (char *, int, int *, int);
+
+/*
+ * unvis - decode characters previously encoded by vis
+ */
+
+int ROKEN_LIB_FUNCTION
+rk_unvis(char *cp, int c, int *astate, int flag)
+{
+
+ _DIAGASSERT(cp != NULL);
+ _DIAGASSERT(astate != NULL);
+
+ if (flag & UNVIS_END) {
+ if (*astate == S_OCTAL2 || *astate == S_OCTAL3) {
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ }
+ return (*astate == S_GROUND ? UNVIS_NOCHAR : UNVIS_SYNBAD);
+ }
+
+ switch (*astate) {
+
+ case S_GROUND:
+ *cp = 0;
+ if (c == '\\') {
+ *astate = S_START;
+ return (0);
+ }
+ *cp = c;
+ return (UNVIS_VALID);
+
+ case S_START:
+ switch(c) {
+ case '\\':
+ *cp = c;
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case '0': case '1': case '2': case '3':
+ case '4': case '5': case '6': case '7':
+ *cp = (c - '0');
+ *astate = S_OCTAL2;
+ return (0);
+ case 'M':
+ *cp = (char)0200;
+ *astate = S_META;
+ return (0);
+ case '^':
+ *astate = S_CTRL;
+ return (0);
+ case 'n':
+ *cp = '\n';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 'r':
+ *cp = '\r';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 'b':
+ *cp = '\b';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 'a':
+ *cp = '\007';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 'v':
+ *cp = '\v';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 't':
+ *cp = '\t';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 'f':
+ *cp = '\f';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 's':
+ *cp = ' ';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case 'E':
+ *cp = '\033';
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+ case '\n':
+ /*
+ * hidden newline
+ */
+ *astate = S_GROUND;
+ return (UNVIS_NOCHAR);
+ case '$':
+ /*
+ * hidden marker
+ */
+ *astate = S_GROUND;
+ return (UNVIS_NOCHAR);
+ }
+ *astate = S_GROUND;
+ return (UNVIS_SYNBAD);
+
+ case S_META:
+ if (c == '-')
+ *astate = S_META1;
+ else if (c == '^')
+ *astate = S_CTRL;
+ else {
+ *astate = S_GROUND;
+ return (UNVIS_SYNBAD);
+ }
+ return (0);
+
+ case S_META1:
+ *astate = S_GROUND;
+ *cp |= c;
+ return (UNVIS_VALID);
+
+ case S_CTRL:
+ if (c == '?')
+ *cp |= 0177;
+ else
+ *cp |= c & 037;
+ *astate = S_GROUND;
+ return (UNVIS_VALID);
+
+ case S_OCTAL2: /* second possible octal digit */
+ if (isoctal(c)) {
+ /*
+ * yes - and maybe a third
+ */
+ *cp = (*cp << 3) + (c - '0');
+ *astate = S_OCTAL3;
+ return (0);
+ }
+ /*
+ * no - done with current sequence, push back passed char
+ */
+ *astate = S_GROUND;
+ return (UNVIS_VALIDPUSH);
+
+ case S_OCTAL3: /* third possible octal digit */
+ *astate = S_GROUND;
+ if (isoctal(c)) {
+ *cp = (*cp << 3) + (c - '0');
+ return (UNVIS_VALID);
+ }
+ /*
+ * we were done, push back passed char
+ */
+ return (UNVIS_VALIDPUSH);
+
+ default:
+ /*
+ * decoder in unknown state - (probably uninitialized)
+ */
+ *astate = S_GROUND;
+ return (UNVIS_SYNBAD);
+ }
+}
+
+/*
+ * strunvis - decode src into dst
+ *
+ * Number of chars decoded into dst is returned, -1 on error.
+ * Dst is null terminated.
+ */
+
+int ROKEN_LIB_FUNCTION
+rk_strunvis(char *dst, const char *src)
+{
+ char c;
+ char *start = dst;
+ int state = 0;
+
+ _DIAGASSERT(src != NULL);
+ _DIAGASSERT(dst != NULL);
+
+ while ((c = *src++) != '\0') {
+ again:
+ switch (rk_unvis(dst, (unsigned char)c, &state, 0)) {
+ case UNVIS_VALID:
+ dst++;
+ break;
+ case UNVIS_VALIDPUSH:
+ dst++;
+ goto again;
+ case 0:
+ case UNVIS_NOCHAR:
+ break;
+ default:
+ return (-1);
+ }
+ }
+ if (unvis(dst, (unsigned char)c, &state, UNVIS_END) == UNVIS_VALID)
+ dst++;
+ *dst = '\0';
+ return (dst - start);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/verify.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/verify.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/verify.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verify.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+#include "roken.h"
+
+int ROKEN_LIB_FUNCTION
+unix_verify_user(char *user, char *password)
+{
+ struct passwd *pw;
+
+ pw = k_getpwnam(user);
+ if(pw == NULL)
+ return -1;
+ if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
+ return 0;
+ if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
+ return 0;
+ return -1;
+}
+
Added: vendor-crypto/heimdal/dist/lib/roken/verr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/verr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/verr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verr.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <err.h>
+
+void ROKEN_LIB_FUNCTION
+verr(int eval, const char *fmt, va_list ap)
+{
+ warnerr(1, fmt, ap);
+ exit(eval);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/verrx.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/verrx.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/verrx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: verrx.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <err.h>
+
+void ROKEN_LIB_FUNCTION
+verrx(int eval, const char *fmt, va_list ap)
+{
+ warnerr(0, fmt, ap);
+ exit(eval);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/vis.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/vis.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/vis.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,335 @@
+/* $NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $ */
+
+/*-
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*-
+ * Copyright (c) 1999 The NetBSD Foundation, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+
+#if 1
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vis.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+#include "roken.h"
+#ifndef _DIAGASSERT
+#define _DIAGASSERT(X)
+#endif
+#else
+#include <sys/cdefs.h>
+#if !defined(lint)
+__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $");
+#endif /* not lint */
+#endif
+
+#if 0
+#include "namespace.h"
+#endif
+#include <sys/types.h>
+
+#include <assert.h>
+#include <ctype.h>
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <vis.h>
+
+#if 0
+#ifdef __weak_alias
+__weak_alias(strsvis,_strsvis)
+__weak_alias(strsvisx,_strsvisx)
+__weak_alias(strvis,_strvis)
+__weak_alias(strvisx,_strvisx)
+__weak_alias(svis,_svis)
+__weak_alias(vis,_vis)
+#endif
+#endif
+
+#undef BELL
+#if defined(__STDC__)
+#define BELL '\a'
+#else
+#define BELL '\007'
+#endif
+
+char ROKEN_LIB_FUNCTION
+ *rk_vis (char *, int, int, int);
+char ROKEN_LIB_FUNCTION
+ *rk_svis (char *, int, int, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvis (char *, const char *, int);
+int ROKEN_LIB_FUNCTION
+ rk_strsvis (char *, const char *, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvisx (char *, const char *, size_t, int);
+int ROKEN_LIB_FUNCTION
+ rk_strsvisx (char *, const char *, size_t, int, const char *);
+
+
+#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
+#define iswhite(c) (c == ' ' || c == '\t' || c == '\n')
+#define issafe(c) (c == '\b' || c == BELL || c == '\r')
+
+#define MAXEXTRAS 5
+
+
+#define MAKEEXTRALIST(flag, extra) \
+do { \
+ char *pextra = extra; \
+ if (flag & VIS_SP) *pextra++ = ' '; \
+ if (flag & VIS_TAB) *pextra++ = '\t'; \
+ if (flag & VIS_NL) *pextra++ = '\n'; \
+ if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\'; \
+ *pextra = '\0'; \
+} while (/*CONSTCOND*/0)
+
+/*
+ * This is SVIS, the central macro of vis.
+ * dst: Pointer to the destination buffer
+ * c: Character to encode
+ * flag: Flag word
+ * nextc: The character following 'c'
+ * extra: Pointer to the list of extra characters to be
+ * backslash-protected.
+ */
+#define SVIS(dst, c, flag, nextc, extra) \
+do { \
+ int isextra, isc; \
+ isextra = strchr(extra, c) != NULL; \
+ if (!isextra && \
+ isascii((unsigned char)c) && \
+ (isgraph((unsigned char)c) || iswhite(c) || \
+ ((flag & VIS_SAFE) && issafe(c)))) { \
+ *dst++ = c; \
+ break; \
+ } \
+ isc = 0; \
+ if (flag & VIS_CSTYLE) { \
+ switch (c) { \
+ case '\n': \
+ isc = 1; *dst++ = '\\'; *dst++ = 'n'; \
+ break; \
+ case '\r': \
+ isc = 1; *dst++ = '\\'; *dst++ = 'r'; \
+ break; \
+ case '\b': \
+ isc = 1; *dst++ = '\\'; *dst++ = 'b'; \
+ break; \
+ case BELL: \
+ isc = 1; *dst++ = '\\'; *dst++ = 'a'; \
+ break; \
+ case '\v': \
+ isc = 1; *dst++ = '\\'; *dst++ = 'v'; \
+ break; \
+ case '\t': \
+ isc = 1; *dst++ = '\\'; *dst++ = 't'; \
+ break; \
+ case '\f': \
+ isc = 1; *dst++ = '\\'; *dst++ = 'f'; \
+ break; \
+ case ' ': \
+ isc = 1; *dst++ = '\\'; *dst++ = 's'; \
+ break; \
+ case '\0': \
+ isc = 1; *dst++ = '\\'; *dst++ = '0'; \
+ if (isoctal(nextc)) { \
+ *dst++ = '0'; \
+ *dst++ = '0'; \
+ } \
+ } \
+ } \
+ if (isc) break; \
+ if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { \
+ *dst++ = '\\'; \
+ *dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0'; \
+ *dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0'; \
+ *dst++ = (c & 07) + '0'; \
+ } else { \
+ if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; \
+ if (c & 0200) { \
+ c &= 0177; *dst++ = 'M'; \
+ } \
+ if (iscntrl((unsigned char)c)) { \
+ *dst++ = '^'; \
+ if (c == 0177) \
+ *dst++ = '?'; \
+ else \
+ *dst++ = c + '@'; \
+ } else { \
+ *dst++ = '-'; *dst++ = c; \
+ } \
+ } \
+} while (/*CONSTCOND*/0)
+
+
+/*
+ * svis - visually encode characters, also encoding the characters
+ * pointed to by `extra'
+ */
+
+char * ROKEN_LIB_FUNCTION
+rk_svis(char *dst, int c, int flag, int nextc, const char *extra)
+{
+ _DIAGASSERT(dst != NULL);
+ _DIAGASSERT(extra != NULL);
+
+ SVIS(dst, c, flag, nextc, extra);
+ *dst = '\0';
+ return(dst);
+}
+
+
+/*
+ * strsvis, strsvisx - visually encode characters from src into dst
+ *
+ * Extra is a pointer to a \0-terminated list of characters to
+ * be encoded, too. These functions are useful e. g. to
+ * encode strings in such a way so that they are not interpreted
+ * by a shell.
+ *
+ * Dst must be 4 times the size of src to account for possible
+ * expansion. The length of dst, not including the trailing NULL,
+ * is returned.
+ *
+ * Strsvisx encodes exactly len bytes from src into dst.
+ * This is useful for encoding a block of data.
+ */
+
+int ROKEN_LIB_FUNCTION
+rk_strsvis(char *dst, const char *src, int flag, const char *extra)
+{
+ char c;
+ char *start;
+
+ _DIAGASSERT(dst != NULL);
+ _DIAGASSERT(src != NULL);
+ _DIAGASSERT(extra != NULL);
+
+ for (start = dst; (c = *src++) != '\0'; /* empty */)
+ SVIS(dst, c, flag, *src, extra);
+ *dst = '\0';
+ return (dst - start);
+}
+
+
+int ROKEN_LIB_FUNCTION
+rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra)
+{
+ char c;
+ char *start;
+
+ _DIAGASSERT(dst != NULL);
+ _DIAGASSERT(src != NULL);
+ _DIAGASSERT(extra != NULL);
+
+ for (start = dst; len > 0; len--) {
+ c = *src++;
+ SVIS(dst, c, flag, len ? *src : '\0', extra);
+ }
+ *dst = '\0';
+ return (dst - start);
+}
+
+
+/*
+ * vis - visually encode characters
+ */
+char * ROKEN_LIB_FUNCTION
+rk_vis(char *dst, int c, int flag, int nextc)
+{
+ char extra[MAXEXTRAS];
+
+ _DIAGASSERT(dst != NULL);
+
+ MAKEEXTRALIST(flag, extra);
+ SVIS(dst, c, flag, nextc, extra);
+ *dst = '\0';
+ return (dst);
+}
+
+
+/*
+ * strvis, strvisx - visually encode characters from src into dst
+ *
+ * Dst must be 4 times the size of src to account for possible
+ * expansion. The length of dst, not including the trailing NULL,
+ * is returned.
+ *
+ * Strvisx encodes exactly len bytes from src into dst.
+ * This is useful for encoding a block of data.
+ */
+
+int ROKEN_LIB_FUNCTION
+rk_strvis(char *dst, const char *src, int flag)
+{
+ char extra[MAXEXTRAS];
+
+ MAKEEXTRALIST(flag, extra);
+ return (rk_strsvis(dst, src, flag, extra));
+}
+
+
+int ROKEN_LIB_FUNCTION
+rk_strvisx(char *dst, const char *src, size_t len, int flag)
+{
+ char extra[MAXEXTRAS];
+
+ MAKEEXTRALIST(flag, extra);
+ return (rk_strsvisx(dst, src, len, flag, extra));
+}
Added: vendor-crypto/heimdal/dist/lib/roken/vis.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/vis.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/vis.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,115 @@
+/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */
+/* $Id: vis.h,v 1.1.1.1 2012-07-21 15:09:07 laffer1 Exp $ */
+
+/*-
+ * Copyright (c) 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)vis.h 8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _VIS_H_
+#define _VIS_H_
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+/*
+ * to select alternate encoding format
+ */
+#define VIS_OCTAL 0x01 /* use octal \ddd format */
+#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropiate */
+
+/*
+ * to alter set of characters encoded (default is to encode all
+ * non-graphic except space, tab, and newline).
+ */
+#define VIS_SP 0x04 /* also encode space */
+#define VIS_TAB 0x08 /* also encode tab */
+#define VIS_NL 0x10 /* also encode newline */
+#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
+#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
+
+/*
+ * other
+ */
+#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
+
+/*
+ * unvis return codes
+ */
+#define UNVIS_VALID 1 /* character valid */
+#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */
+#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */
+#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */
+#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */
+
+/*
+ * unvis flags
+ */
+#define UNVIS_END 1 /* no more characters */
+
+char ROKEN_LIB_FUNCTION
+ *rk_vis (char *, int, int, int);
+char ROKEN_LIB_FUNCTION
+ *rk_svis (char *, int, int, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvis (char *, const char *, int);
+int ROKEN_LIB_FUNCTION
+ rk_strsvis (char *, const char *, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvisx (char *, const char *, size_t, int);
+int ROKEN_LIB_FUNCTION
+ rk_strsvisx (char *, const char *, size_t, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strunvis (char *, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_unvis (char *, int, int *, int);
+
+#undef vis
+#define vis(a,b,c,d) rk_vis(a,b,c,d)
+#undef svis
+#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e)
+#undef strvis
+#define strvis(a,b,c) rk_strvis(a,b,c)
+#undef strsvis
+#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d)
+#undef strvisx
+#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d)
+#undef strsvisx
+#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e)
+#undef strunvis
+#define strunvis(a,b) rk_strunvis(a,b)
+#undef unvis
+#define unvis(a,b,c,d) rk_unvis(a,b,c,d)
+
+#endif /* !_VIS_H_ */
Added: vendor-crypto/heimdal/dist/lib/roken/vis.hin
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/vis.hin (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/vis.hin 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,115 @@
+/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */
+/* $Id: vis.hin,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+/*-
+ * Copyright (c) 1990, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)vis.h 8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _VIS_H_
+#define _VIS_H_
+
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32
+#define ROKEN_LIB_FUNCTION _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+
+/*
+ * to select alternate encoding format
+ */
+#define VIS_OCTAL 0x01 /* use octal \ddd format */
+#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropiate */
+
+/*
+ * to alter set of characters encoded (default is to encode all
+ * non-graphic except space, tab, and newline).
+ */
+#define VIS_SP 0x04 /* also encode space */
+#define VIS_TAB 0x08 /* also encode tab */
+#define VIS_NL 0x10 /* also encode newline */
+#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
+#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
+
+/*
+ * other
+ */
+#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
+
+/*
+ * unvis return codes
+ */
+#define UNVIS_VALID 1 /* character valid */
+#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */
+#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */
+#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */
+#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */
+
+/*
+ * unvis flags
+ */
+#define UNVIS_END 1 /* no more characters */
+
+char ROKEN_LIB_FUNCTION
+ *rk_vis (char *, int, int, int);
+char ROKEN_LIB_FUNCTION
+ *rk_svis (char *, int, int, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvis (char *, const char *, int);
+int ROKEN_LIB_FUNCTION
+ rk_strsvis (char *, const char *, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strvisx (char *, const char *, size_t, int);
+int ROKEN_LIB_FUNCTION
+ rk_strsvisx (char *, const char *, size_t, int, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_strunvis (char *, const char *);
+int ROKEN_LIB_FUNCTION
+ rk_unvis (char *, int, int *, int);
+
+#undef vis
+#define vis(a,b,c,d) rk_vis(a,b,c,d)
+#undef svis
+#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e)
+#undef strvis
+#define strvis(a,b,c) rk_strvis(a,b,c)
+#undef strsvis
+#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d)
+#undef strvisx
+#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d)
+#undef strsvisx
+#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e)
+#undef strunvis
+#define strunvis(a,b) rk_strunvis(a,b)
+#undef unvis
+#define unvis(a,b,c,d) rk_unvis(a,b,c,d)
+
+#endif /* !_VIS_H_ */
Added: vendor-crypto/heimdal/dist/lib/roken/vsyslog.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/vsyslog.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/vsyslog.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vsyslog.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#ifndef HAVE_VSYSLOG
+
+#include <stdio.h>
+#include <syslog.h>
+#include <stdarg.h>
+
+#include "roken.h"
+
+/*
+ * the theory behind this is that we might be trying to call vsyslog
+ * when there's no memory left, and we should try to be as useful as
+ * possible. And the format string should say something about what's
+ * failing.
+ */
+
+static void
+simple_vsyslog(int pri, const char *fmt, va_list ap)
+{
+ syslog (pri, "%s", fmt);
+}
+
+/*
+ * do like syslog but with a `va_list'
+ */
+
+void ROKEN_LIB_FUNCTION
+vsyslog(int pri, const char *fmt, va_list ap)
+{
+ char *fmt2;
+ const char *p;
+ char *p2;
+ int saved_errno = errno;
+ int fmt_len = strlen (fmt);
+ int fmt2_len = fmt_len;
+ char *buf;
+
+ fmt2 = malloc (fmt_len + 1);
+ if (fmt2 == NULL) {
+ simple_vsyslog (pri, fmt, ap);
+ return;
+ }
+
+ for (p = fmt, p2 = fmt2; *p != '\0'; ++p) {
+ if (p[0] == '%' && p[1] == 'm') {
+ const char *e = strerror (saved_errno);
+ int e_len = strlen (e);
+ char *tmp;
+ int pos;
+
+ pos = p2 - fmt2;
+ fmt2_len += e_len - 2;
+ tmp = realloc (fmt2, fmt2_len + 1);
+ if (tmp == NULL) {
+ free (fmt2);
+ simple_vsyslog (pri, fmt, ap);
+ return;
+ }
+ fmt2 = tmp;
+ p2 = fmt2 + pos;
+ memmove (p2, e, e_len);
+ p2 += e_len;
+ ++p;
+ } else
+ *p2++ = *p;
+ }
+ *p2 = '\0';
+
+ vasprintf (&buf, fmt2, ap);
+ free (fmt2);
+ if (buf == NULL) {
+ simple_vsyslog (pri, fmt, ap);
+ return;
+ }
+ syslog (pri, "%s", buf);
+ free (buf);
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/vwarn.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/vwarn.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/vwarn.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vwarn.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <err.h>
+
+void ROKEN_LIB_FUNCTION
+vwarn(const char *fmt, va_list ap)
+{
+ warnerr(1, fmt, ap);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/vwarnx.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/vwarnx.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/vwarnx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: vwarnx.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include <err.h>
+
+void ROKEN_LIB_FUNCTION
+vwarnx(const char *fmt, va_list ap)
+{
+ warnerr(0, fmt, ap);
+}
+
Added: vendor-crypto/heimdal/dist/lib/roken/warn.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/warn.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/warn.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warn.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "err.h"
+
+void
+warn(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vwarn(fmt, ap);
+ va_end(ap);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/warnerr.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/warnerr.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/warnerr.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warnerr.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+#include "err.h"
+
+void ROKEN_LIB_FUNCTION
+warnerr(int doerrno, const char *fmt, va_list ap)
+{
+ int sverrno = errno;
+ const char *progname = getprogname();
+
+ if(progname != NULL){
+ fprintf(stderr, "%s", progname);
+ if(fmt != NULL || doerrno)
+ fprintf(stderr, ": ");
+ }
+ if (fmt != NULL){
+ vfprintf(stderr, fmt, ap);
+ if(doerrno)
+ fprintf(stderr, ": ");
+ }
+ if(doerrno)
+ fprintf(stderr, "%s", strerror(sverrno));
+ fprintf(stderr, "\n");
+}
Added: vendor-crypto/heimdal/dist/lib/roken/warnx.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/warnx.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/warnx.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: warnx.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "err.h"
+
+void ROKEN_LIB_FUNCTION
+warnx(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vwarnx(fmt, ap);
+ va_end(ap);
+}
Added: vendor-crypto/heimdal/dist/lib/roken/write_pid.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/write_pid.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/write_pid.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: write_pid.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include "roken.h"
+
+#include "roken.h"
+
+char * ROKEN_LIB_FUNCTION
+pid_file_write (const char *progname)
+{
+ FILE *fp;
+ char *ret;
+
+ asprintf (&ret, "%s%s.pid", _PATH_VARRUN, progname);
+ if (ret == NULL)
+ return NULL;
+ fp = fopen (ret, "w");
+ if (fp == NULL) {
+ free (ret);
+ return NULL;
+ }
+ fprintf (fp, "%u", (unsigned)getpid());
+ fclose (fp);
+ return ret;
+}
+
+void ROKEN_LIB_FUNCTION
+pid_file_delete (char **filename)
+{
+ if (*filename != NULL) {
+ unlink (*filename);
+ free (*filename);
+ *filename = NULL;
+ }
+}
+
+#ifndef HAVE_PIDFILE
+static char *pidfile_path;
+
+static void
+pidfile_cleanup(void)
+{
+ if(pidfile_path != NULL)
+ pid_file_delete(&pidfile_path);
+}
+
+void
+pidfile(const char *basename)
+{
+ if(pidfile_path != NULL)
+ return;
+ if(basename == NULL)
+ basename = getprogname();
+ pidfile_path = pid_file_write(basename);
+#if defined(HAVE_ATEXIT)
+ atexit(pidfile_cleanup);
+#elif defined(HAVE_ON_EXIT)
+ on_exit(pidfile_cleanup);
+#endif
+}
+#endif
Added: vendor-crypto/heimdal/dist/lib/roken/writev.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/writev.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/writev.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: writev.c,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $");
+#endif
+
+#include "roken.h"
+
+ssize_t ROKEN_LIB_FUNCTION
+writev(int d, const struct iovec *iov, int iovcnt)
+{
+ ssize_t ret;
+ size_t tot = 0;
+ int i;
+ char *buf, *p;
+
+ for(i = 0; i < iovcnt; ++i)
+ tot += iov[i].iov_len;
+ buf = malloc(tot);
+ if (tot != 0 && buf == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ p = buf;
+ for (i = 0; i < iovcnt; ++i) {
+ memcpy (p, iov[i].iov_base, iov[i].iov_len);
+ p += iov[i].iov_len;
+ }
+ ret = write (d, buf, tot);
+ free (buf);
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/lib/roken/xdbm.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/roken/xdbm.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/roken/xdbm.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1995 - 2002 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: xdbm.h,v 1.1.1.3 2012-07-21 15:09:07 laffer1 Exp $ */
+
+/* Generic *dbm include file */
+
+#ifndef __XDBM_H__
+#define __XDBM_H__
+
+#if HAVE_DB_NDBM
+#define DB_DBM_HSEARCH 1
+#include <db.h>
+#elif HAVE_NDBM
+#if defined(HAVE_GDBM_NDBM_H)
+#include <gdbm/ndbm.h>
+#elif defined(HAVE_NDBM_H)
+#include <ndbm.h>
+#endif
+#endif /* HAVE_NDBM */
+
+#endif /* __XDBM_H__ */
Added: vendor-crypto/heimdal/dist/lib/sl/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,325 @@
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: roken_rename.h is a dist_ source k
+
+ * Makefile.am: split source files in dist and nodist.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: New library version.
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sl.c: make compile.
+
+ * sl.c: Pass in pointer to strlen().
+
+ * sl.c (sl_make_argv): use memmove since we are dealing with
+ overlapping strings.
+
+2007-06-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: don't clean yacc/lex files in CLEANFILES,
+ maintainers clean will do that for us.
+
+2007-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * slc-gram.y (main): also fclose yyin.
+
+2007-04-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add dependency on slc-gram.h for slc-lex.c, breaks
+ in disttree with make -j
+
+2006-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_sl.c: Fix caseing for case-sensitive filesystems
+
+2006-12-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test_sl.c: catch test that should fail but didn't
+
+ * test_sl.c: Test more quoting variants.
+
+ * sl_locl.h: Include <ctype.h>.
+
+ * test_sl.c: test sl_make_argv
+
+ * sl.c (sl_make_argv): Add quoting support (both "" and \ style).
+
+2006-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sl.c: Use strcspn to remove \n from fgets result. Prompted by
+ change by Ray Lai of OpenBSD via Bj\xF6rn Sandell.
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am (ES): add roken_rename.h
+
+2006-08-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sl.c (sl_slc_help): remove return
+
+2006-08-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sl.h: Add sl_slc_help.
+
+ * sl.c: Add sl_slc_help.
+
+2005-07-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * slc-gram.y (gen_wrapper): use the generated version of name for
+ function, if no function is is used, also use the generated name
+ for the structure name.
+
+2005-06-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * slc-gram.y: fix a merge error
+
+ * slc-gram.y: rename optind to optidx, rename variables to avoid
+ shadowing
+
+ * make_cmds.c: rename optind to optidx, move variable define to
+ avoid shadowing
+
+ * ss.c: rename index to idx
+
+ * sl.c: use rk_UNCONST to un-constify
+
+2005-05-10 Dave Love <fx at gnu.org>
+
+ * slc-lex.l: Include <stdlib.h>.
+
+2005-05-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sl.c (sl_command_loop): new return code -2 for EOF
+ (sl_loop): treat all return value from sl_command_loop >= 0 as ok, and
+ continue.
+
+2005-04-29 Dave Love <fx at gnu.org>
+
+ * Makefile.am (LDADD): Add libsl.la.
+
+2005-04-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * slc-gram.y: include <config.h> since defines _GNU_SOURCE if
+ needed, avoid asprintf warning
+
+2005-01-21 Dave Love <d.love at dl.ac.uk>
+
+ * slc-gram.y: include <roken.h>
+
+2005-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * slc-gram.y: cast argument to isalnum to unsigned char
+
+2004-09-22 Johan Danielsson <joda at pdc.kth.se>
+
+ * slc-gram.y: add support for "strings" and "negative-flag" types,
+ plus some usability tweaks and bug fixes
+
+2004-07-05 Johan Danielsson <joda at pdc.kth.se>
+
+ * slc-gram.y: add min_args/max_args checking
+
+2004-06-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * slc-gram.y: pull in <stdlib.h> and <vers.h> to avoid warnings
+
+2004-03-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * sl.h: make it possible to use libsl from c++
+ From: Mattias Amnefelt <mattiasa at kth.se>
+
+2002-05-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: just link mk_cmds against libsl; avoids libtool
+ problem
+
+2001-07-09 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add getprogname.c libss.la:add libcom_err.la noted
+ by Leif Johansson <leifj at it.su.se>
+
+2001-05-17 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump versions to 1:2:1 and 1:4:1
+
+2001-05-06 Assar Westerlund <assar at sics.se>
+
+ * roken_rename.h (strdup): add
+
+2001-03-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: re do the roken-renaming properly
+
+2001-02-13 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add more functions to rename
+
+2001-01-26 Johan Danielsson <joda at pdc.kth.se>
+
+ * sl.h: proto
+
+ * sl.c (sl_command_loop): try to handle user pressing C-c
+
+2000-12-11 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (libss_la_LDFLAGS): bump version to 1:2:1
+
+2000-08-19 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: add dependencies for libss/libsl shared libraries
+
+2000-07-25 Johan Danielsson <joda at pdc.kth.se>
+
+ * Makefile.am: bump ss version to 1:1:1
+
+2000-06-27 Assar Westerlund <assar at sics.se>
+
+ * parse.y (yyerror): static-ize
+ * make_cmds.h (error_message, yylex): add prototypes
+ * lex.l: fix prototypes and kill warnings
+
+2000-05-24 Assar Westerlund <assar at sics.se>
+
+ * ss.h (SS_ET_COMMAND_NOT_FOUND): add
+ * ss.c: check allocation and return some other error codes too
+
+2000-04-29 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add LIB_tgetent. From Derrick J Brashear
+ <shadow at dementia.org>
+
+2000-04-03 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: set version to 1:0:1
+
+2000-03-07 Assar Westerlund <assar at sics.se>
+
+ * sl.h (SL_BADCOMMAND): define
+ (sl_apropos): add prototype
+
+ * sl.c: mandoc-generation
+ (sl_apropos): stolen from arla
+
+2000-01-06 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: bump both versions to 0:1:0
+
+1999-12-16 Assar Westerlund <assar at sics.se>
+
+ * parse.y (name2number): not used here. remove.
+
+Thu Apr 1 17:03:59 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * make_cmds.c: use getarg
+
+Tue Mar 23 14:36:21 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: don't rename
+
+Sun Mar 21 14:13:29 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: don't roken-rename
+
+Sat Mar 20 03:43:30 1999 Assar Westerlund <assar at sics.se>
+
+ * parse.y: replace return with YYACCEPT
+
+Fri Mar 19 14:53:20 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: add libss; add version-info
+
+Thu Mar 18 15:07:06 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.am: clean lex.c parse.c parse.h
+
+ * Makefile.am: install ss.h
+
+ * Makefile.am: include Makefile.am.common
+
+Thu Mar 11 15:01:01 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * parse.y: prototype for error_message
+
+Tue Feb 9 23:45:37 1999 Johan Danielsson <joda at hella.pdc.kth.se>
+
+ * Makefile.in: add snprintf.o to make_cmds
+
+Sun Nov 22 10:46:23 1998 Assar Westerlund <assar at sics.se>
+
+ * sl.c (sl_command_loop): remove unused variable
+
+ * ss.c (ss_error): remove unused variable
+
+ * make_cmds.c: include err.h
+ (main): remove unused variable
+
+ * Makefile.in (WFLAGS): set
+
+Sun Sep 27 01:28:21 1998 Assar Westerlund <assar at sics.se>
+
+ * make_cmds.c: clean-up and simplification
+
+Mon May 25 02:54:13 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in (clean): try to remove shared library debris
+
+ * Makefile.in: make symlink magic work
+
+Sun Apr 19 10:00:26 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.in: add symlink magic for linux
+
+Sun Apr 5 09:21:43 1998 Assar Westerlund <assar at sics.se>
+
+ * parse.y: define alloca to malloc in case we're using bison but
+ don't have alloca
+
+Sat Mar 28 11:39:00 1998 Assar Westerlund <assar at sics.se>
+
+ * sl.c (sl_loop): s/2/1
+
+Sat Mar 21 00:46:51 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * sl.c (sl_loop): check that there is at least one argument before
+ calling sl_command
+
+Sun Mar 1 05:14:37 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * sl.c (sl_loop): Fix general broken-ness.
+
+ * sl.c: Cleanup printing of help strings.
+
+Thu Feb 26 02:22:02 1998 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: @LEXLIB@
+
+Sat Feb 21 15:18:21 1998 assar westerlund <assar at sics.se>
+
+ * Makefile.in: set YACC and LEX
+
+Mon Feb 16 16:08:25 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Makefile.am: Some fixes for ss/mk_cmds.
+
+Sun Feb 15 05:12:11 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * Makefile.in: Install libsl under the `libss' name too. Install
+ mk_cmds, and ss.h.
+
+ * make_cmds.c: A mk_cmds clone that creates SL structures.
+
+ * ss.c: SS compatibility functions.
+
+ * sl.c: Move command line split to function `sl_make_argv'.
+
+Tue Feb 3 16:45:44 1998 Johan Danielsson <joda at emma.pdc.kth.se>
+
+ * sl.c: Add sl_command_loop, that is the loop body of sl_loop.
+
+Mon Oct 20 01:13:21 1997 Assar Westerlund <assar at sics.se>
+
+ * sl.c (sl_help): actually use the `help' field of `SL_cmd'
+
Added: vendor-crypto/heimdal/dist/lib/sl/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,63 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+if do_roken_rename
+ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
+endif
+
+AM_CPPFLAGS += $(ROKEN_RENAME)
+
+YFLAGS = -d
+
+include_HEADERS = sl.h
+
+lib_LTLIBRARIES = libsl.la libss.la
+libsl_la_LDFLAGS = -version-info 2:1:2
+libss_la_LDFLAGS = -version-info 1:6:1
+
+libsl_la_LIBADD = @LIB_readline@
+libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
+
+dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h
+nodist_libsl_la_SOURCES = $(ES)
+dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h
+nodist_libss_la_SOURCES = $(ES)
+
+TESTS = test_sl
+check_PROGRAMS = $(TESTS)
+
+# install these?
+
+bin_PROGRAMS = mk_cmds
+noinst_PROGRAMS = slc
+
+mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
+mk_cmds_LDADD = libsl.la $(LDADD)
+
+slc_SOURCES = slc-gram.y slc-lex.l slc.h
+
+ssincludedir = $(includedir)/ss
+ssinclude_HEADERS = ss.h
+
+CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
+
+$(mk_cmds_OBJECTS): parse.h parse.c
+
+LDADD = \
+ libsl.la \
+ $(LIB_roken) \
+ $(LEXLIB)
+
+strtok_r.c:
+ $(LN_S) $(srcdir)/../roken/strtok_r.c .
+snprintf.c:
+ $(LN_S) $(srcdir)/../roken/snprintf.c .
+strdup.c:
+ $(LN_S) $(srcdir)/../roken/strdup.c .
+strupr.c:
+ $(LN_S) $(srcdir)/../roken/strupr.c .
+getprogname.c:
+ $(LN_S) $(srcdir)/../roken/getprogname.c .
+
+slc-lex.c: slc-gram.h
Added: vendor-crypto/heimdal/dist/lib/sl/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1064 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(ssinclude_HEADERS) \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \
+ parse.h slc-gram.c slc-gram.h slc-lex.c
+TESTS = test_sl$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+bin_PROGRAMS = mk_cmds$(EXEEXT)
+noinst_PROGRAMS = slc$(EXEEXT)
+subdir = lib/sl
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libsl_la_DEPENDENCIES =
+dist_libsl_la_OBJECTS = sl.lo
+ at do_roken_rename_TRUE@am__objects_1 = strtok_r.lo snprintf.lo \
+ at do_roken_rename_TRUE@ strdup.lo strupr.lo getprogname.lo
+nodist_libsl_la_OBJECTS = $(am__objects_1)
+libsl_la_OBJECTS = $(dist_libsl_la_OBJECTS) $(nodist_libsl_la_OBJECTS)
+libsl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libsl_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+libss_la_DEPENDENCIES =
+am__objects_2 = sl.lo
+dist_libss_la_OBJECTS = $(am__objects_2) ss.lo
+nodist_libss_la_OBJECTS = $(am__objects_1)
+libss_la_OBJECTS = $(dist_libss_la_OBJECTS) $(nodist_libss_la_OBJECTS)
+libss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libss_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+am__EXEEXT_1 = test_sl$(EXEEXT)
+PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
+am_mk_cmds_OBJECTS = make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT)
+mk_cmds_OBJECTS = $(am_mk_cmds_OBJECTS)
+am__DEPENDENCIES_1 =
+am__DEPENDENCIES_2 = libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+mk_cmds_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_2)
+am_slc_OBJECTS = slc-gram.$(OBJEXT) slc-lex.$(OBJEXT)
+slc_OBJECTS = $(am_slc_OBJECTS)
+slc_LDADD = $(LDADD)
+slc_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+test_sl_SOURCES = test_sl.c
+test_sl_OBJECTS = test_sl.$(OBJEXT)
+test_sl_LDADD = $(LDADD)
+test_sl_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+ at MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ ||
+LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS)
+LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS)
+YLWRAP = $(top_srcdir)/ylwrap
+ at MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ ||
+YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
+LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS)
+SOURCES = $(dist_libsl_la_SOURCES) $(nodist_libsl_la_SOURCES) \
+ $(dist_libss_la_SOURCES) $(nodist_libss_la_SOURCES) \
+ $(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c
+DIST_SOURCES = $(dist_libsl_la_SOURCES) $(dist_libss_la_SOURCES) \
+ $(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c
+includeHEADERS_INSTALL = $(INSTALL_HEADER)
+ssincludeHEADERS_INSTALL = $(INSTALL_HEADER)
+HEADERS = $(include_HEADERS) $(ssinclude_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = -d
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \
+ $(ROKEN_RENAME)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+ at do_roken_rename_TRUE@ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c
+include_HEADERS = sl.h
+lib_LTLIBRARIES = libsl.la libss.la
+libsl_la_LDFLAGS = -version-info 2:1:2
+libss_la_LDFLAGS = -version-info 1:6:1
+libsl_la_LIBADD = @LIB_readline@
+libss_la_LIBADD = @LIB_readline@ @LIB_com_err@
+dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h
+nodist_libsl_la_SOURCES = $(ES)
+dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h
+nodist_libss_la_SOURCES = $(ES)
+mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l
+mk_cmds_LDADD = libsl.la $(LDADD)
+slc_SOURCES = slc-gram.y slc-lex.l slc.h
+ssincludedir = $(includedir)/ss
+ssinclude_HEADERS = ss.h
+CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c
+LDADD = \
+ libsl.la \
+ $(LIB_roken) \
+ $(LEXLIB)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/sl/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/sl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libsl.la: $(libsl_la_OBJECTS) $(libsl_la_DEPENDENCIES)
+ $(libsl_la_LINK) -rpath $(libdir) $(libsl_la_OBJECTS) $(libsl_la_LIBADD) $(LIBS)
+libss.la: $(libss_la_OBJECTS) $(libss_la_DEPENDENCIES)
+ $(libss_la_LINK) -rpath $(libdir) $(libss_la_OBJECTS) $(libss_la_LIBADD) $(LIBS)
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ if test -f $$p \
+ || test -f $$p1 \
+ ; then \
+ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+ else :; fi; \
+ done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+parse.h: parse.c
+ @if test ! -f $@; then \
+ rm -f parse.c; \
+ $(MAKE) $(AM_MAKEFLAGS) parse.c; \
+ else :; fi
+mk_cmds$(EXEEXT): $(mk_cmds_OBJECTS) $(mk_cmds_DEPENDENCIES)
+ @rm -f mk_cmds$(EXEEXT)
+ $(LINK) $(mk_cmds_OBJECTS) $(mk_cmds_LDADD) $(LIBS)
+slc-gram.h: slc-gram.c
+ @if test ! -f $@; then \
+ rm -f slc-gram.c; \
+ $(MAKE) $(AM_MAKEFLAGS) slc-gram.c; \
+ else :; fi
+slc$(EXEEXT): $(slc_OBJECTS) $(slc_DEPENDENCIES)
+ @rm -f slc$(EXEEXT)
+ $(LINK) $(slc_OBJECTS) $(slc_LDADD) $(LIBS)
+test_sl$(EXEEXT): $(test_sl_OBJECTS) $(test_sl_DEPENDENCIES)
+ @rm -f test_sl$(EXEEXT)
+ $(LINK) $(test_sl_OBJECTS) $(test_sl_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+.l.c:
+ $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
+
+.y.c:
+ $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE)
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-includeHEADERS: $(include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \
+ $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \
+ done
+
+uninstall-includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(includedir)/$$f"; \
+ done
+install-ssincludeHEADERS: $(ssinclude_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(ssincludedir)" || $(MKDIR_P) "$(DESTDIR)$(ssincludedir)"
+ @list='$(ssinclude_HEADERS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(ssincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(ssincludedir)/$$f'"; \
+ $(ssincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(ssincludedir)/$$f"; \
+ done
+
+uninstall-ssincludeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(ssinclude_HEADERS)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(ssincludedir)/$$f'"; \
+ rm -f "$(DESTDIR)$(ssincludedir)/$$f"; \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -rm -f lex.c
+ -rm -f parse.c
+ -rm -f parse.h
+ -rm -f slc-gram.c
+ -rm -f slc-gram.h
+ -rm -f slc-lex.c
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS install-ssincludeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binPROGRAMS install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \
+ clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-binPROGRAMS install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-includeHEADERS install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-ssincludeHEADERS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-hook uninstall-includeHEADERS \
+ uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+$(mk_cmds_OBJECTS): parse.h parse.c
+
+strtok_r.c:
+ $(LN_S) $(srcdir)/../roken/strtok_r.c .
+snprintf.c:
+ $(LN_S) $(srcdir)/../roken/snprintf.c .
+strdup.c:
+ $(LN_S) $(srcdir)/../roken/strdup.c .
+strupr.c:
+ $(LN_S) $(srcdir)/../roken/strupr.c .
+getprogname.c:
+ $(LN_S) $(srcdir)/../roken/getprogname.c .
+
+slc-lex.c: slc-gram.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/sl/lex.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/lex.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/lex.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1880 @@
+
+#line 3 "lex.c"
+
+#define YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 33
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if __STDC_VERSION__ >= 199901L
+
+/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
+ * if you want the limit (max/min) macros for int types.
+ */
+#ifndef __STDC_LIMIT_MACROS
+#define __STDC_LIMIT_MACROS 1
+#endif
+
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index. If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition. This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state. The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart(yyin )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+/* The state buf must be large enough to hold one state per character in the main buffer.
+ */
+#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int yyleng;
+
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+ #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ *yy_cp = (yy_hold_char); \
+ YY_RESTORE_YY_MORE_OFFSET \
+ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } \
+ while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr) )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+ {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ int yy_bs_lineno; /**< The line count. */
+ int yy_bs_column; /**< The column count. */
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+ /* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
+#define YY_BUFFER_EOF_PENDING 2
+
+ };
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+ : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 0; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin. A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart (FILE *input_file );
+void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
+YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
+void yy_delete_buffer (YY_BUFFER_STATE b );
+void yy_flush_buffer (YY_BUFFER_STATE b );
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
+void yypop_buffer_state (void );
+
+static void yyensure_buffer_stack (void );
+static void yy_load_buffer_state (void );
+static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
+
+#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
+YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
+YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
+
+void *yyalloc (yy_size_t );
+void *yyrealloc (void *,yy_size_t );
+void yyfree (void * );
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){ \
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ }
+
+#define yy_set_bol(at_bol) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){\
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ }
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+typedef unsigned char YY_CHAR;
+
+FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int yylineno;
+
+int yylineno = 1;
+
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[] );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION \
+ (yytext_ptr) = yy_bp; \
+ yyleng = (size_t) (yy_cp - yy_bp); \
+ (yy_hold_char) = *yy_cp; \
+ *yy_cp = '\0'; \
+ (yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 12
+#define YY_END_OF_BUFFER 13
+/* This struct is not used in this scanner,
+ but its presence is necessary. */
+struct yy_trans_info
+ {
+ flex_int32_t yy_verify;
+ flex_int32_t yy_nxt;
+ };
+static yyconst flex_int16_t yy_accept[54] =
+ { 0,
+ 0, 0, 13, 11, 7, 8, 9, 6, 10, 10,
+ 10, 10, 10, 6, 10, 10, 10, 10, 10, 10,
+ 5, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 10, 10, 10, 10, 10, 10, 10, 2, 10, 3,
+ 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 1, 4, 0
+ } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 1, 4, 5, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 1, 1, 1,
+ 1, 1, 1, 1, 6, 6, 6, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 1, 1, 1, 1, 7, 1, 8, 9, 10, 11,
+
+ 12, 6, 6, 6, 13, 6, 14, 15, 16, 17,
+ 18, 19, 20, 21, 22, 23, 24, 6, 25, 6,
+ 6, 6, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1
+ } ;
+
+static yyconst flex_int32_t yy_meta[26] =
+ { 0,
+ 1, 1, 2, 1, 1, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3
+ } ;
+
+static yyconst flex_int16_t yy_base[57] =
+ { 0,
+ 0, 24, 69, 70, 70, 70, 70, 0, 0, 50,
+ 50, 54, 48, 0, 0, 48, 52, 42, 0, 45,
+ 0, 36, 43, 41, 49, 44, 36, 35, 30, 24,
+ 29, 18, 31, 18, 28, 22, 31, 0, 21, 0,
+ 12, 21, 24, 14, 21, 0, 2, 4, 3, 0,
+ 0, 0, 70, 48, 51, 3
+ } ;
+
+static yyconst flex_int16_t yy_def[57] =
+ { 0,
+ 54, 54, 53, 53, 53, 53, 53, 55, 56, 56,
+ 56, 56, 56, 55, 56, 56, 56, 56, 56, 56,
+ 56, 56, 56, 56, 56, 56, 56, 56, 56, 56,
+ 56, 56, 56, 56, 56, 56, 56, 56, 56, 56,
+ 56, 56, 56, 56, 56, 56, 56, 56, 56, 56,
+ 56, 56, 0, 53, 53, 53
+ } ;
+
+static yyconst flex_int16_t yy_nxt[96] =
+ { 0,
+ 4, 5, 6, 7, 8, 15, 53, 53, 53, 10,
+ 52, 11, 23, 24, 51, 50, 49, 53, 53, 53,
+ 12, 53, 48, 13, 4, 5, 6, 7, 8, 47,
+ 46, 45, 44, 10, 43, 11, 42, 41, 40, 39,
+ 38, 37, 36, 35, 12, 34, 33, 13, 9, 9,
+ 9, 14, 32, 14, 31, 30, 29, 28, 27, 26,
+ 25, 22, 21, 20, 19, 18, 17, 16, 53, 3,
+ 53, 53, 53, 53, 53, 53, 53, 53, 53, 53,
+ 53, 53, 53, 53, 53, 53, 53, 53, 53, 53,
+ 53, 53, 53, 53, 53
+
+ } ;
+
+static yyconst flex_int16_t yy_chk[96] =
+ { 0,
+ 1, 1, 1, 1, 1, 56, 0, 0, 0, 1,
+ 50, 1, 19, 19, 49, 48, 47, 0, 0, 0,
+ 1, 0, 46, 1, 2, 2, 2, 2, 2, 45,
+ 44, 43, 42, 2, 41, 2, 39, 37, 36, 35,
+ 34, 33, 32, 31, 2, 30, 29, 2, 54, 54,
+ 54, 55, 28, 55, 27, 26, 25, 24, 23, 22,
+ 20, 18, 17, 16, 13, 12, 11, 10, 3, 53,
+ 53, 53, 53, 53, 53, 53, 53, 53, 53, 53,
+ 53, 53, 53, 53, 53, 53, 53, 53, 53, 53,
+ 53, 53, 53, 53, 53
+
+ } ;
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+extern int yy_flex_debug;
+int yy_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "lex.l"
+#line 2 "lex.l"
+/*
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#undef ECHO
+
+#include "make_cmds.h"
+#include "parse.h"
+
+RCSID("$Id: lex.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static unsigned lineno = 1;
+static int getstring(void);
+
+#define YY_NO_UNPUT
+
+#undef ECHO
+
+#line 538 "lex.c"
+
+#define INITIAL 0
+
+#ifndef YY_NO_UNISTD_H
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+#endif
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+static int yy_init_globals (void );
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap (void );
+#else
+extern int yywrap (void );
+#endif
+#endif
+
+ static void yyunput (int c,char *buf_ptr );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#endif
+
+/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ { \
+ int c = '*'; \
+ size_t n; \
+ for ( n = 0; n < max_size && \
+ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ buf[n] = (char) c; \
+ if ( c == '\n' ) \
+ buf[n++] = (char) c; \
+ if ( c == EOF && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ result = n; \
+ } \
+ else \
+ { \
+ errno=0; \
+ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
+ { \
+ if( errno != EINTR) \
+ { \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ break; \
+ } \
+ errno=0; \
+ clearerr(yyin); \
+ } \
+ }\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int yylex (void);
+
+#define YY_DECL int yylex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+ YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+#line 52 "lex.l"
+
+#line 693 "lex.c"
+
+ if ( !(yy_init) )
+ {
+ (yy_init) = 1;
+
+#ifdef YY_USER_INIT
+ YY_USER_INIT;
+#endif
+
+ if ( ! (yy_start) )
+ (yy_start) = 1; /* first start state */
+
+ if ( ! yyin )
+ yyin = stdin;
+
+ if ( ! yyout )
+ yyout = stdout;
+
+ if ( ! YY_CURRENT_BUFFER ) {
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_load_buffer_state( );
+ }
+
+ while ( 1 ) /* loops until end-of-file is reached */
+ {
+ yy_cp = (yy_c_buf_p);
+
+ /* Support of yytext. */
+ *yy_cp = (yy_hold_char);
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = (yy_start);
+yy_match:
+ do
+ {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 54 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ ++yy_cp;
+ }
+ while ( yy_base[yy_current_state] != 70 );
+
+yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if ( yy_act == 0 )
+ { /* have to back up */
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+do_action: /* This label is used only to access EOF actions. */
+
+ switch ( yy_act )
+ { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = (yy_hold_char);
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ goto yy_find_action;
+
+case 1:
+YY_RULE_SETUP
+#line 53 "lex.l"
+{ return TABLE; }
+ YY_BREAK
+case 2:
+YY_RULE_SETUP
+#line 54 "lex.l"
+{ return REQUEST; }
+ YY_BREAK
+case 3:
+YY_RULE_SETUP
+#line 55 "lex.l"
+{ return UNKNOWN; }
+ YY_BREAK
+case 4:
+YY_RULE_SETUP
+#line 56 "lex.l"
+{ return UNIMPLEMENTED; }
+ YY_BREAK
+case 5:
+YY_RULE_SETUP
+#line 57 "lex.l"
+{ return END; }
+ YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 58 "lex.l"
+;
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 59 "lex.l"
+;
+ YY_BREAK
+case 8:
+/* rule 8 can match eol */
+YY_RULE_SETUP
+#line 60 "lex.l"
+{ lineno++; }
+ YY_BREAK
+case 9:
+YY_RULE_SETUP
+#line 61 "lex.l"
+{ return getstring(); }
+ YY_BREAK
+case 10:
+YY_RULE_SETUP
+#line 62 "lex.l"
+{ yylval.string = strdup(yytext); return STRING; }
+ YY_BREAK
+case 11:
+YY_RULE_SETUP
+#line 63 "lex.l"
+{ return *yytext; }
+ YY_BREAK
+case 12:
+YY_RULE_SETUP
+#line 64 "lex.l"
+ECHO;
+ YY_BREAK
+#line 837 "lex.c"
+case YY_STATE_EOF(INITIAL):
+ yyterminate();
+
+ case YY_END_OF_BUFFER:
+ {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = (yy_hold_char);
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between YY_CURRENT_BUFFER and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+ if ( yy_next_state )
+ {
+ /* Consume the NUL. */
+ yy_cp = ++(yy_c_buf_p);
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else
+ {
+ yy_cp = (yy_c_buf_p);
+ goto yy_find_action;
+ }
+ }
+
+ else switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_END_OF_FILE:
+ {
+ (yy_did_buffer_switch_on_eof) = 0;
+
+ if ( yywrap( ) )
+ {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else
+ {
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) =
+ (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ (yy_c_buf_p) =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found" );
+ } /* end of action switch */
+ } /* end of scanning one token */
+} /* end of yylex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+ register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+ register char *source = (yytext_ptr);
+ register int number_to_move, i;
+ int ret_val;
+
+ if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed" );
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ { /* Don't try to fill the buffer, so this is an EOF. */
+ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else
+ {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+ for ( i = 0; i < number_to_move; ++i )
+ *(dest++) = *(source++);
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+ else
+ {
+ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+ { /* Not enough room in the buffer - grow it. */
+
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+ int yy_c_buf_p_offset =
+ (int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+ if ( b->yy_is_our_buffer )
+ {
+ int new_size = b->yy_buf_size * 2;
+
+ if ( new_size <= 0 )
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
+
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ }
+ else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
+
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow" );
+
+ (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+ num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ number_to_move - 1;
+
+ }
+
+ if ( num_to_read > YY_READ_BUF_SIZE )
+ num_to_read = YY_READ_BUF_SIZE;
+
+ /* Read in more data. */
+ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+ (yy_n_chars), num_to_read );
+
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ if ( (yy_n_chars) == 0 )
+ {
+ if ( number_to_move == YY_MORE_ADJ )
+ {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart(yyin );
+ }
+
+ else
+ {
+ ret_val = EOB_ACT_LAST_MATCH;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
+
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
+
+ (yy_n_chars) += number_to_move;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+ (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+ return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+ static yy_state_type yy_get_previous_state (void)
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = (yy_start);
+
+ for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 54 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ }
+
+ return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ * next_state = yy_try_NUL_trans( current_state );
+ */
+ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
+{
+ register int yy_is_jam;
+ register char *yy_cp = (yy_c_buf_p);
+
+ register YY_CHAR yy_c = 1;
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 54 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ yy_is_jam = (yy_current_state == 53);
+
+ return yy_is_jam ? 0 : yy_current_state;
+}
+
+ static void yyunput (int c, register char * yy_bp )
+{
+ register char *yy_cp;
+
+ yy_cp = (yy_c_buf_p);
+
+ /* undo effects of setting up yytext */
+ *yy_cp = (yy_hold_char);
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = (yy_n_chars) + 2;
+ register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+ register char *source =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+ while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ *--dest = *--source;
+
+ yy_cp += (int) (dest - source);
+ yy_bp += (int) (dest - source);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ YY_FATAL_ERROR( "flex scanner push-back overflow" );
+ }
+
+ *--yy_cp = (char) c;
+
+ (yytext_ptr) = yy_bp;
+ (yy_hold_char) = *yy_cp;
+ (yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+ static int yyinput (void)
+#else
+ static int input (void)
+#endif
+
+{
+ int c;
+
+ *(yy_c_buf_p) = (yy_hold_char);
+
+ if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ /* This was really a NUL. */
+ *(yy_c_buf_p) = '\0';
+
+ else
+ { /* need more input */
+ int offset = (yy_c_buf_p) - (yytext_ptr);
+ ++(yy_c_buf_p);
+
+ switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart(yyin );
+
+ /*FALLTHROUGH*/
+
+ case EOB_ACT_END_OF_FILE:
+ {
+ if ( yywrap( ) )
+ return 0;
+
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+#ifdef __cplusplus
+ return yyinput();
+#else
+ return input();
+#endif
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) = (yytext_ptr) + offset;
+ break;
+ }
+ }
+ }
+
+ c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
+ *(yy_c_buf_p) = '\0'; /* preserve yytext */
+ (yy_hold_char) = *++(yy_c_buf_p);
+
+ return c;
+}
+#endif /* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+ void yyrestart (FILE * input_file )
+{
+
+ if ( ! YY_CURRENT_BUFFER ){
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+ yy_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
+{
+
+ /* TODO. We should be able to replace this entire function body
+ * with
+ * yypop_buffer_state();
+ * yypush_buffer_state(new_buffer);
+ */
+ yyensure_buffer_stack ();
+ if ( YY_CURRENT_BUFFER == new_buffer )
+ return;
+
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ yy_load_buffer_state( );
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void yy_load_buffer_state (void)
+{
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+ (yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
+{
+ YY_BUFFER_STATE b;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_buf_size = size;
+
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_is_our_buffer = 1;
+
+ yy_init_buffer(b,file );
+
+ return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with yy_create_buffer()
+ *
+ */
+ void yy_delete_buffer (YY_BUFFER_STATE b )
+{
+
+ if ( ! b )
+ return;
+
+ if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+ if ( b->yy_is_our_buffer )
+ yyfree((void *) b->yy_ch_buf );
+
+ yyfree((void *) b );
+}
+
+#ifndef __cplusplus
+extern int isatty (int );
+#endif /* __cplusplus */
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a yyrestart() or at EOF.
+ */
+ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
+
+{
+ int oerrno = errno;
+
+ yy_flush_buffer(b );
+
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
+
+ /* If b is the current buffer, then yy_init_buffer was _probably_
+ * called from yyrestart() or through yy_get_next_buffer.
+ * In that case, we don't want to reset the lineno or column.
+ */
+ if (b != YY_CURRENT_BUFFER){
+ b->yy_bs_lineno = 1;
+ b->yy_bs_column = 0;
+ }
+
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+
+ errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+ void yy_flush_buffer (YY_BUFFER_STATE b )
+{
+ if ( ! b )
+ return;
+
+ b->yy_n_chars = 0;
+
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+ b->yy_buf_pos = &b->yy_ch_buf[0];
+
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ if ( b == YY_CURRENT_BUFFER )
+ yy_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ * the current state. This function will allocate the stack
+ * if necessary.
+ * @param new_buffer The new state.
+ *
+ */
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+ if (new_buffer == NULL)
+ return;
+
+ yyensure_buffer_stack();
+
+ /* This block is copied from yy_switch_to_buffer. */
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ /* Only push if top exists. Otherwise, replace top. */
+ if (YY_CURRENT_BUFFER)
+ (yy_buffer_stack_top)++;
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+ /* copied from yy_switch_to_buffer. */
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ * The next element becomes the new top.
+ *
+ */
+void yypop_buffer_state (void)
+{
+ if (!YY_CURRENT_BUFFER)
+ return;
+
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ if ((yy_buffer_stack_top) > 0)
+ --(yy_buffer_stack_top);
+
+ if (YY_CURRENT_BUFFER) {
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+ }
+}
+
+/* Allocates the stack if it does not exist.
+ * Guarantees space for at least one push.
+ */
+static void yyensure_buffer_stack (void)
+{
+ int num_to_alloc;
+
+ if (!(yy_buffer_stack)) {
+
+ /* First allocation is just for 2 elements, since we don't know if this
+ * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ * immediate realloc on the next call.
+ */
+ num_to_alloc = 1;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ (num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+ (yy_buffer_stack_max) = num_to_alloc;
+ (yy_buffer_stack_top) = 0;
+ return;
+ }
+
+ if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+ /* Increase the buffer to prepare for a possible push. */
+ int grow_size = 8 /* arbitrary grow size */;
+
+ num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+ ((yy_buffer_stack),
+ num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ /* zero only the new slots.*/
+ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+ (yy_buffer_stack_max) = num_to_alloc;
+ }
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
+{
+ YY_BUFFER_STATE b;
+
+ if ( size < 2 ||
+ base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ base[size-1] != YY_END_OF_BUFFER_CHAR )
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer(b );
+
+ return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to yylex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ * yy_scan_bytes() instead.
+ */
+YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
+{
+
+ return yy_scan_bytes(yystr,strlen(yystr) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
+{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
+
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = _yybytes_len + 2;
+ buf = (char *) yyalloc(n );
+ if ( ! buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+ for ( i = 0; i < _yybytes_len; ++i )
+ buf[i] = yybytes[i];
+
+ buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+
+ b = yy_scan_buffer(buf,n );
+ if ( ! b )
+ YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
+
+ return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ yytext[yyleng] = (yy_hold_char); \
+ (yy_c_buf_p) = yytext + yyless_macro_arg; \
+ (yy_hold_char) = *(yy_c_buf_p); \
+ *(yy_c_buf_p) = '\0'; \
+ yyleng = yyless_macro_arg; \
+ } \
+ while ( 0 )
+
+/* Accessor methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int yyget_lineno (void)
+{
+
+ return yylineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *yyget_in (void)
+{
+ return yyin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *yyget_out (void)
+{
+ return yyout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int yyget_leng (void)
+{
+ return yyleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *yyget_text (void)
+{
+ return yytext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void yyset_lineno (int line_number )
+{
+
+ yylineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see yy_switch_to_buffer
+ */
+void yyset_in (FILE * in_str )
+{
+ yyin = in_str ;
+}
+
+void yyset_out (FILE * out_str )
+{
+ yyout = out_str ;
+}
+
+int yyget_debug (void)
+{
+ return yy_flex_debug;
+}
+
+void yyset_debug (int bdebug )
+{
+ yy_flex_debug = bdebug ;
+}
+
+static int yy_init_globals (void)
+{
+ /* Initialization is the same as for the non-reentrant scanner.
+ * This function is called from yylex_destroy(), so don't allocate here.
+ */
+
+ (yy_buffer_stack) = 0;
+ (yy_buffer_stack_top) = 0;
+ (yy_buffer_stack_max) = 0;
+ (yy_c_buf_p) = (char *) 0;
+ (yy_init) = 0;
+ (yy_start) = 0;
+
+/* Defined in main.c */
+#ifdef YY_STDINIT
+ yyin = stdin;
+ yyout = stdout;
+#else
+ yyin = (FILE *) 0;
+ yyout = (FILE *) 0;
+#endif
+
+ /* For future reference: Set errno on error, since we are called by
+ * yylex_init()
+ */
+ return 0;
+}
+
+/* yylex_destroy is for both reentrant and non-reentrant scanners. */
+int yylex_destroy (void)
+{
+
+ /* Pop the buffer stack, destroying each element. */
+ while(YY_CURRENT_BUFFER){
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ yypop_buffer_state();
+ }
+
+ /* Destroy the stack itself. */
+ yyfree((yy_buffer_stack) );
+ (yy_buffer_stack) = NULL;
+
+ /* Reset the globals. This is important in a non-reentrant scanner so the next time
+ * yylex() is called, initialization will occur. */
+ yy_init_globals( );
+
+ return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+ register int i;
+ for ( i = 0; i < n; ++i )
+ s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+ register int n;
+ for ( n = 0; s[n]; ++n )
+ ;
+
+ return n;
+}
+#endif
+
+void *yyalloc (yy_size_t size )
+{
+ return (void *) malloc( size );
+}
+
+void *yyrealloc (void * ptr, yy_size_t size )
+{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *) realloc( (char *) ptr, size );
+}
+
+void yyfree (void * ptr )
+{
+ free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#line 64 "lex.l"
+
+
+
+#ifndef yywrap /* XXX */
+int
+yywrap ()
+{
+ return 1;
+}
+#endif
+
+static int
+getstring(void)
+{
+ char x[128];
+ int i = 0;
+ int c;
+ int backslash = 0;
+ while((c = input()) != EOF){
+ if(backslash) {
+ if(c == 'n')
+ c = '\n';
+ else if(c == 't')
+ c = '\t';
+ x[i++] = c;
+ backslash = 0;
+ continue;
+ }
+ if(c == '\n'){
+ error_message("unterminated string");
+ lineno++;
+ break;
+ }
+ if(c == '\\'){
+ backslash++;
+ continue;
+ }
+ if(c == '\"')
+ break;
+ x[i++] = c;
+ }
+ x[i] = '\0';
+ yylval.string = strdup(x);
+ return STRING;
+}
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", filename, lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ numerror++;
+}
+
Added: vendor-crypto/heimdal/dist/lib/sl/lex.l
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/lex.l (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/lex.l 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,119 @@
+%{
+/*
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#undef ECHO
+
+#include "make_cmds.h"
+#include "parse.h"
+
+RCSID("$Id: lex.l,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static unsigned lineno = 1;
+static int getstring(void);
+
+#define YY_NO_UNPUT
+
+#undef ECHO
+
+%}
+
+
+%%
+command_table { return TABLE; }
+request { return REQUEST; }
+unknown { return UNKNOWN; }
+unimplemented { return UNIMPLEMENTED; }
+end { return END; }
+#[^\n]* ;
+[ \t] ;
+\n { lineno++; }
+\" { return getstring(); }
+[a-zA-Z0-9_]+ { yylval.string = strdup(yytext); return STRING; }
+. { return *yytext; }
+%%
+
+#ifndef yywrap /* XXX */
+int
+yywrap ()
+{
+ return 1;
+}
+#endif
+
+static int
+getstring(void)
+{
+ char x[128];
+ int i = 0;
+ int c;
+ int backslash = 0;
+ while((c = input()) != EOF){
+ if(backslash) {
+ if(c == 'n')
+ c = '\n';
+ else if(c == 't')
+ c = '\t';
+ x[i++] = c;
+ backslash = 0;
+ continue;
+ }
+ if(c == '\n'){
+ error_message("unterminated string");
+ lineno++;
+ break;
+ }
+ if(c == '\\'){
+ backslash++;
+ continue;
+ }
+ if(c == '\"')
+ break;
+ x[i++] = c;
+ }
+ x[i] = '\0';
+ yylval.string = strdup(x);
+ return STRING;
+}
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", filename, lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ numerror++;
+}
Added: vendor-crypto/heimdal/dist/lib/sl/make_cmds.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/make_cmds.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/make_cmds.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,239 @@
+/*
+ * Copyright (c) 1998-1999 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "make_cmds.h"
+#include <getarg.h>
+
+RCSID("$Id: make_cmds.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+#include <roken.h>
+#include <err.h>
+#include "parse.h"
+
+int numerror;
+extern FILE *yyin;
+FILE *c_file;
+
+extern void yyparse(void);
+
+#ifdef YYDEBUG
+extern int yydebug = 1;
+#endif
+
+char *filename;
+char *table_name;
+
+static struct command_list *commands;
+
+void
+add_command(char *function,
+ char *help,
+ struct string_list *aliases,
+ unsigned flags)
+{
+ struct command_list *cl = malloc(sizeof(*cl));
+
+ if (cl == NULL)
+ err (1, "malloc");
+ cl->function = function;
+ cl->help = help;
+ cl->aliases = aliases;
+ cl->flags = flags;
+ cl->next = NULL;
+ if(commands) {
+ *commands->tail = cl;
+ commands->tail = &cl->next;
+ return;
+ }
+ cl->tail = &cl->next;
+ commands = cl;
+}
+
+static char *
+quote(const char *str)
+{
+ char buf[1024]; /* XXX */
+ const char *p;
+ char *q;
+ q = buf;
+
+ *q++ = '\"';
+ for(p = str; *p != '\0'; p++) {
+ if(*p == '\n') {
+ *q++ = '\\';
+ *q++ = 'n';
+ continue;
+ }
+ if(*p == '\t') {
+ *q++ = '\\';
+ *q++ = 't';
+ continue;
+ }
+ if(*p == '\"' || *p == '\\')
+ *q++ = '\\';
+ *q++ = *p;
+ }
+ *q++ = '\"';
+ *q++ = '\0';
+ return strdup(buf);
+}
+
+static void
+generate_commands(void)
+{
+ char *base;
+ char *cfn;
+ char *p, *q;
+
+ p = strrchr(table_name, '/');
+ if(p == NULL)
+ p = table_name;
+ else
+ p++;
+
+ base = strdup (p);
+ if (base == NULL)
+ err (1, "strdup");
+
+ p = strrchr(base, '.');
+ if(p)
+ *p = '\0';
+
+ asprintf(&cfn, "%s.c", base);
+ if (cfn == NULL)
+ err (1, "asprintf");
+
+ c_file = fopen(cfn, "w");
+ if (c_file == NULL)
+ err (1, "cannot fopen %s", cfn);
+
+ fprintf(c_file, "/* Generated from %s */\n", filename);
+ fprintf(c_file, "\n");
+ fprintf(c_file, "#include <stddef.h>\n");
+ fprintf(c_file, "#include <sl.h>\n");
+ fprintf(c_file, "\n");
+
+ {
+ struct command_list *cl, *xl;
+
+ for(cl = commands; cl; cl = cl->next) {
+ for(xl = commands; xl != cl; xl = xl->next)
+ if(strcmp(cl->function, xl->function) == 0)
+ break;
+ if(xl != cl)
+ continue;
+ /* XXX hack for ss_quit */
+ if(strcmp(cl->function, "ss_quit") == 0) {
+ fprintf(c_file, "int %s (int, char**);\n", cl->function);
+ fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n");
+ continue;
+ }
+ fprintf(c_file, "void %s (int, char**);\n", cl->function);
+ fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n",
+ cl->function);
+ fprintf(c_file, "{\n");
+ fprintf(c_file, " %s (argc, argv);\n", cl->function);
+ fprintf(c_file, " return 0;\n");
+ fprintf(c_file, "}\n\n");
+ }
+
+ fprintf(c_file, "SL_cmd %s[] = {\n", table_name);
+ for(cl = commands; cl; cl = cl->next) {
+ struct string_list *sl;
+ sl = cl->aliases;
+ p = quote(sl->string);
+ q = quote(cl->help);
+ fprintf(c_file, " { %s, _%s_wrap, %s },\n", p, cl->function, q);
+ free(p);
+ free(q);
+
+ for(sl = sl->next; sl; sl = sl->next) {
+ p = quote(sl->string);
+ fprintf(c_file, " { %s },\n", p);
+ free(p);
+ }
+ }
+ fprintf(c_file, " { NULL },\n");
+ fprintf(c_file, "};\n");
+ fprintf(c_file, "\n");
+ }
+ fclose(c_file);
+ free(base);
+ free(cfn);
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "command-table");
+ exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(argc == optidx)
+ usage(1);
+ filename = argv[optidx];
+ yyin = fopen(filename, "r");
+ if(yyin == NULL)
+ err(1, "%s", filename);
+
+ yyparse();
+
+ generate_commands();
+
+ if(numerror)
+ return 1;
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/sl/make_cmds.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/make_cmds.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/make_cmds.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: make_cmds.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __MAKE_CMDS_H__
+#define __MAKE_CMDS_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include <roken.h>
+
+extern char *filename;
+extern char *table_name;
+extern int numerror;
+
+struct command_list {
+ char *function;
+ char *help;
+ struct string_list *aliases;
+ unsigned flags;
+ struct command_list *next;
+ struct command_list **tail;
+};
+
+struct string_list {
+ char *string;
+ struct string_list *next;
+ struct string_list **tail;
+};
+
+void add_command(char*, char*, struct string_list*, unsigned);
+
+void error_message(const char *, ...)
+ __attribute__ ((format (printf, 1,2)));
+
+int yylex (void);
+
+#endif /* __MAKE_CMDS_H__ */
Added: vendor-crypto/heimdal/dist/lib/sl/parse.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/parse.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/parse.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1724 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+ simplifying the original so-called "semantic" parser. */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+ infringing on user name space. This should be done even for local
+ variables, as they might otherwise be expanded by user macros.
+ There are some unavoidable exceptions within include files to
+ define necessary library symbols; they are noted "INFRINGES ON
+ USER NAME SPACE" below. */
+
+/* Identify Bison output. */
+#define YYBISON 1
+
+/* Bison version. */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name. */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers. */
+#define YYPURE 0
+
+/* Using locations. */
+#define YYLSP_NEEDED 0
+
+
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ TABLE = 258,
+ REQUEST = 259,
+ UNKNOWN = 260,
+ UNIMPLEMENTED = 261,
+ END = 262,
+ STRING = 263
+ };
+#endif
+/* Tokens. */
+#define TABLE 258
+#define REQUEST 259
+#define UNKNOWN 260
+#define UNIMPLEMENTED 261
+#define END 262
+#define STRING 263
+
+
+
+
+/* Copy the first part of user declarations. */
+#line 1 "parse.y"
+
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "make_cmds.h"
+RCSID("$Id: parse.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void yyerror (char *s);
+
+struct string_list* append_string(struct string_list*, char*);
+void free_string_list(struct string_list *list);
+unsigned string_to_flag(const char *);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+
+
+/* Enabling traces. */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages. */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table. */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 52 "parse.y"
+{
+ char *string;
+ unsigned number;
+ struct string_list *list;
+}
+/* Line 193 of yacc.c. */
+#line 169 "parse.c"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations. */
+
+
+/* Line 216 of yacc.c. */
+#line 182 "parse.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+# define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+# define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# else
+# define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+# if ENABLE_NLS
+# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+# define YY_(msgid) dgettext ("bison-runtime", msgid)
+# endif
+# endif
+# ifndef YY_
+# define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E. */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions. */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+ int i;
+#endif
+{
+ return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols. */
+
+# ifdef YYSTACK_USE_ALLOCA
+# if YYSTACK_USE_ALLOCA
+# ifdef __GNUC__
+# define YYSTACK_ALLOC __builtin_alloca
+# elif defined __BUILTIN_VA_ARG_INCR
+# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+# elif defined _AIX
+# define YYSTACK_ALLOC __alloca
+# elif defined _MSC_VER
+# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+# define alloca _alloca
+# else
+# define YYSTACK_ALLOC alloca
+# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# endif
+# endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+ /* Pacify GCC's `empty if-body' warning. */
+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+# ifndef YYSTACK_ALLOC_MAXIMUM
+ /* The OS might guarantee only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
+ to allow for a few compiler-allocated temporary stack slots. */
+# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+# endif
+# else
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
+# ifndef YYSTACK_ALLOC_MAXIMUM
+# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+# endif
+# if (defined __cplusplus && ! defined _STDLIB_H \
+ && ! ((defined YYMALLOC || defined malloc) \
+ && (defined YYFREE || defined free)))
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# ifndef YYFREE
+# define YYFREE free
+# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+ && (! defined __cplusplus \
+ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member. */
+union yyalloc
+{
+ yytype_int16 yyss;
+ YYSTYPE yyvs;
+ };
+
+/* The size of the maximum gap between one aligned stack and the next. */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+ N elements. */
+# define YYSTACK_BYTES(N) \
+ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+ + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO. The source and destination do
+ not overlap. */
+# ifndef YYCOPY
+# if defined __GNUC__ && 1 < __GNUC__
+# define YYCOPY(To, From, Count) \
+ __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+# else
+# define YYCOPY(To, From, Count) \
+ do \
+ { \
+ YYSIZE_T yyi; \
+ for (yyi = 0; yyi < (Count); yyi++) \
+ (To)[yyi] = (From)[yyi]; \
+ } \
+ while (YYID (0))
+# endif
+# endif
+
+/* Relocate STACK from its old location to the new one. The
+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
+ elements in the stack, and YYPTR gives the new location of the
+ stack. Advance YYPTR to a properly aligned location for the next
+ stack. */
+# define YYSTACK_RELOCATE(Stack) \
+ do \
+ { \
+ YYSIZE_T yynewbytes; \
+ YYCOPY (&yyptr->Stack, Stack, yysize); \
+ Stack = &yyptr->Stack; \
+ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+ yyptr += yynewbytes / sizeof (*yyptr); \
+ } \
+ while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL 15
+/* YYLAST -- Last index in YYTABLE. */
+#define YYLAST 37
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS 13
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS 7
+/* YYNRULES -- Number of rules. */
+#define YYNRULES 16
+/* YYNRULES -- Number of states. */
+#define YYNSTATES 40
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
+#define YYUNDEFTOK 2
+#define YYMAXUTOK 263
+
+#define YYTRANSLATE(YYX) \
+ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
+static const yytype_uint8 yytranslate[] =
+{
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 11, 12, 2, 2, 10, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 9,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
+ 5, 6, 7, 8
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+ YYRHS. */
+static const yytype_uint8 yyprhs[] =
+{
+ 0, 0, 3, 4, 6, 8, 11, 15, 27, 35,
+ 43, 47, 50, 52, 56, 58, 62
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yytype_int8 yyrhs[] =
+{
+ 14, 0, -1, -1, 15, -1, 16, -1, 15, 16,
+ -1, 3, 8, 9, -1, 4, 8, 10, 8, 10,
+ 17, 10, 11, 18, 12, 9, -1, 4, 8, 10,
+ 8, 10, 17, 9, -1, 6, 8, 10, 8, 10,
+ 17, 9, -1, 5, 17, 9, -1, 7, 9, -1,
+ 8, -1, 17, 10, 8, -1, 19, -1, 18, 10,
+ 19, -1, 8, -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+static const yytype_uint8 yyrline[] =
+{
+ 0, 65, 65, 66, 69, 70, 73, 77, 81, 85,
+ 91, 95, 101, 105, 111, 115, 120
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+ "$end", "error", "$undefined", "TABLE", "REQUEST", "UNKNOWN",
+ "UNIMPLEMENTED", "END", "STRING", "';'", "','", "'('", "')'", "$accept",
+ "file", "statements", "statement", "aliases", "flags", "flag", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+ token YYLEX-NUM. */
+static const yytype_uint16 yytoknum[] =
+{
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 59,
+ 44, 40, 41
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
+static const yytype_uint8 yyr1[] =
+{
+ 0, 13, 14, 14, 15, 15, 16, 16, 16, 16,
+ 16, 16, 17, 17, 18, 18, 19
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
+static const yytype_uint8 yyr2[] =
+{
+ 0, 2, 0, 1, 1, 2, 3, 11, 7, 7,
+ 3, 2, 1, 3, 1, 3, 1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+ STATE-NUM when YYTABLE doesn't specify something else to do. Zero
+ means the default is an error. */
+static const yytype_uint8 yydefact[] =
+{
+ 2, 0, 0, 0, 0, 0, 0, 3, 4, 0,
+ 0, 12, 0, 0, 11, 1, 5, 6, 0, 10,
+ 0, 0, 0, 13, 0, 0, 0, 0, 0, 8,
+ 0, 9, 0, 16, 0, 14, 0, 0, 15, 7
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const yytype_int8 yydefgoto[] =
+{
+ -1, 6, 7, 8, 12, 34, 35
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+ STATE-NUM. */
+#define YYPACT_NINF -10
+static const yytype_int8 yypact[] =
+{
+ -3, 0, 10, 11, 12, 13, 21, -3, -10, 14,
+ 15, -10, 1, 16, -10, -10, -10, -10, 19, -10,
+ 20, 22, 23, -10, 24, 11, 11, 3, 5, -10,
+ -2, -10, 27, -10, -5, -10, 27, 28, -10, -10
+};
+
+/* YYPGOTO[NTERM-NUM]. */
+static const yytype_int8 yypgoto[] =
+{
+ -10, -10, -10, 17, -9, -10, -7
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
+ positive, shift that token. If negative, reduce the rule which
+ number is the opposite. If zero, do what YYDEFACT says.
+ If YYTABLE_NINF, syntax error. */
+#define YYTABLE_NINF -1
+static const yytype_uint8 yytable[] =
+{
+ 1, 2, 3, 4, 5, 36, 23, 37, 9, 32,
+ 19, 20, 29, 30, 31, 20, 27, 28, 10, 11,
+ 13, 15, 14, 17, 16, 18, 21, 22, 23, 38,
+ 24, 0, 0, 25, 26, 33, 0, 39
+};
+
+static const yytype_int8 yycheck[] =
+{
+ 3, 4, 5, 6, 7, 10, 8, 12, 8, 11,
+ 9, 10, 9, 10, 9, 10, 25, 26, 8, 8,
+ 8, 0, 9, 9, 7, 10, 10, 8, 8, 36,
+ 8, -1, -1, 10, 10, 8, -1, 9
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+ symbol of state STATE-NUM. */
+static const yytype_uint8 yystos[] =
+{
+ 0, 3, 4, 5, 6, 7, 14, 15, 16, 8,
+ 8, 8, 17, 8, 9, 0, 16, 9, 10, 9,
+ 10, 10, 8, 8, 8, 10, 10, 17, 17, 9,
+ 10, 9, 11, 8, 18, 19, 10, 12, 19, 9
+};
+
+#define yyerrok (yyerrstatus = 0)
+#define yyclearin (yychar = YYEMPTY)
+#define YYEMPTY (-2)
+#define YYEOF 0
+
+#define YYACCEPT goto yyacceptlab
+#define YYABORT goto yyabortlab
+#define YYERROR goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror. This remains here temporarily
+ to ease the transition to the new meaning of YYERROR, for GCC.
+ Once GCC version 2 has supplanted version 1, this can go. */
+
+#define YYFAIL goto yyerrlab
+
+#define YYRECOVERING() (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value) \
+do \
+ if (yychar == YYEMPTY && yylen == 1) \
+ { \
+ yychar = (Token); \
+ yylval = (Value); \
+ yytoken = YYTRANSLATE (yychar); \
+ YYPOPSTACK (1); \
+ goto yybackup; \
+ } \
+ else \
+ { \
+ yyerror (YY_("syntax error: cannot back up")); \
+ YYERROR; \
+ } \
+while (YYID (0))
+
+
+#define YYTERROR 1
+#define YYERRCODE 256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (YYID (N)) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+ This macro was not mandated originally: define only if we know
+ we won't break user code: when these are the locations we know. */
+
+#ifndef YY_LOCATION_PRINT
+# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+# define YY_LOCATION_PRINT(File, Loc) \
+ fprintf (File, "%d.%d-%d.%d", \
+ (Loc).first_line, (Loc).first_column, \
+ (Loc).last_line, (Loc).last_column)
+# else
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments. */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested. */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+# define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args) \
+do { \
+ if (yydebug) \
+ YYFPRINTF Args; \
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
+do { \
+ if (yydebug) \
+ { \
+ YYFPRINTF (stderr, "%s ", Title); \
+ yy_symbol_print (stderr, \
+ Type, Value); \
+ YYFPRINTF (stderr, "\n"); \
+ } \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (!yyvaluep)
+ return;
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+ YYUSE (yyoutput);
+# endif
+ switch (yytype)
+ {
+ default:
+ break;
+ }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (yytype < YYNTOKENS)
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+ else
+ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+ YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included). |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+ yytype_int16 *bottom;
+ yytype_int16 *top;
+#endif
+{
+ YYFPRINTF (stderr, "Stack now");
+ for (; bottom <= top; ++bottom)
+ YYFPRINTF (stderr, " %d", *bottom);
+ YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top) \
+do { \
+ if (yydebug) \
+ yy_stack_print ((Bottom), (Top)); \
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced. |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+ YYSTYPE *yyvsp;
+ int yyrule;
+#endif
+{
+ int yynrhs = yyr2[yyrule];
+ int yyi;
+ unsigned long int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+ yyrule - 1, yylno);
+ /* The symbols being reduced. */
+ for (yyi = 0; yyi < yynrhs; yyi++)
+ {
+ fprintf (stderr, " $%d = ", yyi + 1);
+ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+ &(yyvsp[(yyi + 1) - (yynrhs)])
+ );
+ fprintf (stderr, "\n");
+ }
+}
+
+# define YY_REDUCE_PRINT(Rule) \
+do { \
+ if (yydebug) \
+ yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace. It is left uninitialized so that
+ multiple parsers can coexist. */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks. */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+ if the built-in stack extension method is used).
+
+ Do not make this value too large; the results are undefined if
+ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ evaluated with infinite-precision integer arithmetic. */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+# if defined __GLIBC__ && defined _STRING_H
+# define yystrlen strlen
+# else
+/* Return the length of YYSTR. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+ const char *yystr;
+#endif
+{
+ YYSIZE_T yylen;
+ for (yylen = 0; yystr[yylen]; yylen++)
+ continue;
+ return yylen;
+}
+# endif
+# endif
+
+# ifndef yystpcpy
+# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+# define yystpcpy stpcpy
+# else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+ YYDEST. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+ char *yydest;
+ const char *yysrc;
+#endif
+{
+ char *yyd = yydest;
+ const char *yys = yysrc;
+
+ while ((*yyd++ = *yys++) != '\0')
+ continue;
+
+ return yyd - 1;
+}
+# endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+ quotes and backslashes, so that it's suitable for yyerror. The
+ heuristic is that double-quoting is unnecessary unless the string
+ contains an apostrophe, a comma, or backslash (other than
+ backslash-backslash). YYSTR is taken from yytname. If YYRES is
+ null, do not copy; instead, return the length of what the result
+ would have been. */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+ if (*yystr == '"')
+ {
+ YYSIZE_T yyn = 0;
+ char const *yyp = yystr;
+
+ for (;;)
+ switch (*++yyp)
+ {
+ case '\'':
+ case ',':
+ goto do_not_strip_quotes;
+
+ case '\\':
+ if (*++yyp != '\\')
+ goto do_not_strip_quotes;
+ /* Fall through. */
+ default:
+ if (yyres)
+ yyres[yyn] = *yyp;
+ yyn++;
+ break;
+
+ case '"':
+ if (yyres)
+ yyres[yyn] = '\0';
+ return yyn;
+ }
+ do_not_strip_quotes: ;
+ }
+
+ if (! yyres)
+ return yystrlen (yystr);
+
+ return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+ YYCHAR while in state YYSTATE. Return the number of bytes copied,
+ including the terminating null byte. If YYRESULT is null, do not
+ copy anything; just return the number of bytes that would be
+ copied. As a special case, return 0 if an ordinary "syntax error"
+ message will do. Return YYSIZE_MAXIMUM if overflow occurs during
+ size calculation. */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+ int yyn = yypact[yystate];
+
+ if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+ return 0;
+ else
+ {
+ int yytype = YYTRANSLATE (yychar);
+ YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+ YYSIZE_T yysize = yysize0;
+ YYSIZE_T yysize1;
+ int yysize_overflow = 0;
+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ int yyx;
+
+# if 0
+ /* This is so xgettext sees the translatable formats that are
+ constructed on the fly. */
+ YY_("syntax error, unexpected %s");
+ YY_("syntax error, unexpected %s, expecting %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+ char *yyfmt;
+ char const *yyf;
+ static char const yyunexpected[] = "syntax error, unexpected %s";
+ static char const yyexpecting[] = ", expecting %s";
+ static char const yyor[] = " or %s";
+ char yyformat[sizeof yyunexpected
+ + sizeof yyexpecting - 1
+ + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+ * (sizeof yyor - 1))];
+ char const *yyprefix = yyexpecting;
+
+ /* Start YYX at -YYN if negative to avoid negative indexes in
+ YYCHECK. */
+ int yyxbegin = yyn < 0 ? -yyn : 0;
+
+ /* Stay within bounds of both yycheck and yytname. */
+ int yychecklim = YYLAST - yyn + 1;
+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+ int yycount = 1;
+
+ yyarg[0] = yytname[yytype];
+ yyfmt = yystpcpy (yyformat, yyunexpected);
+
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+ {
+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ {
+ yycount = 1;
+ yysize = yysize0;
+ yyformat[sizeof yyunexpected - 1] = '\0';
+ break;
+ }
+ yyarg[yycount++] = yytname[yyx];
+ yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+ yyfmt = yystpcpy (yyfmt, yyprefix);
+ yyprefix = yyor;
+ }
+
+ yyf = YY_(yyformat);
+ yysize1 = yysize + yystrlen (yyf);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+
+ if (yysize_overflow)
+ return YYSIZE_MAXIMUM;
+
+ if (yyresult)
+ {
+ /* Avoid sprintf, as that infringes on the user's name space.
+ Don't have undefined behavior even if the translation
+ produced a string with the wrong number of "%s"s. */
+ char *yyp = yyresult;
+ int yyi = 0;
+ while ((*yyp = *yyf) != '\0')
+ {
+ if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+ {
+ yyp += yytnamerr (yyp, yyarg[yyi++]);
+ yyf += 2;
+ }
+ else
+ {
+ yyp++;
+ yyf++;
+ }
+ }
+ }
+ return yysize;
+ }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol. |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
+ int yytype;
+ YYSTYPE *yyvaluep;
+#endif
+{
+ YYUSE (yyvaluep);
+
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+ switch (yytype)
+ {
+
+ default:
+ break;
+ }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes. */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The look-ahead symbol. */
+int yychar;
+
+/* The semantic value of the look-ahead symbol. */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far. */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse. |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+ void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+ int yystate;
+ int yyn;
+ int yyresult;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
+ /* Look-ahead token as an internal (translated) token number. */
+ int yytoken = 0;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+ /* Three stacks and their tools:
+ `yyss': related to states,
+ `yyvs': related to semantic values,
+ `yyls': related to locations.
+
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss = yyssa;
+ yytype_int16 *yyssp;
+
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs = yyvsa;
+ YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
+
+ YYSIZE_T yystacksize = YYINITDEPTH;
+
+ /* The variables used to return semantic value and location from the
+ action routines. */
+ YYSTYPE yyval;
+
+
+ /* The number of symbols on the RHS of the reduced rule.
+ Keep to zero when no symbol should be popped. */
+ int yylen = 0;
+
+ YYDPRINTF ((stderr, "Starting parse\n"));
+
+ yystate = 0;
+ yyerrstatus = 0;
+ yynerrs = 0;
+ yychar = YYEMPTY; /* Cause a token to be read. */
+
+ /* Initialize stack pointers.
+ Waste one element of value and location stack
+ so that they stay on the same level as the state stack.
+ The wasted elements are never initialized. */
+
+ yyssp = yyss;
+ yyvsp = yyvs;
+
+ goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate. |
+`------------------------------------------------------------*/
+ yynewstate:
+ /* In all cases, when you get here, the value and location stacks
+ have just been pushed. So pushing a state here evens the stacks. */
+ yyssp++;
+
+ yysetstate:
+ *yyssp = yystate;
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ {
+ /* Get the current used size of the three stacks, in elements. */
+ YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+ {
+ /* Give user a chance to reallocate the stack. Use copies of
+ these so that the &'s don't force the real ones into
+ memory. */
+ YYSTYPE *yyvs1 = yyvs;
+ yytype_int16 *yyss1 = yyss;
+
+
+ /* Each stack pointer address is followed by the size of the
+ data in use in that stack, in bytes. This used to be a
+ conditional around just the two extra args, but that might
+ be undefined if yyoverflow is a macro. */
+ yyoverflow (YY_("memory exhausted"),
+ &yyss1, yysize * sizeof (*yyssp),
+ &yyvs1, yysize * sizeof (*yyvsp),
+
+ &yystacksize);
+
+ yyss = yyss1;
+ yyvs = yyvs1;
+ }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+ goto yyexhaustedlab;
+# else
+ /* Extend the stack our own way. */
+ if (YYMAXDEPTH <= yystacksize)
+ goto yyexhaustedlab;
+ yystacksize *= 2;
+ if (YYMAXDEPTH < yystacksize)
+ yystacksize = YYMAXDEPTH;
+
+ {
+ yytype_int16 *yyss1 = yyss;
+ union yyalloc *yyptr =
+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+ if (! yyptr)
+ goto yyexhaustedlab;
+ YYSTACK_RELOCATE (yyss);
+ YYSTACK_RELOCATE (yyvs);
+
+# undef YYSTACK_RELOCATE
+ if (yyss1 != yyssa)
+ YYSTACK_FREE (yyss1);
+ }
+# endif
+#endif /* no yyoverflow */
+
+ yyssp = yyss + yysize - 1;
+ yyvsp = yyvs + yysize - 1;
+
+
+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+ (unsigned long int) yystacksize));
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ YYABORT;
+ }
+
+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+ goto yybackup;
+
+/*-----------.
+| yybackup. |
+`-----------*/
+yybackup:
+
+ /* Do appropriate processing given the current state. Read a
+ look-ahead token if we need one and don't already have one. */
+
+ /* First try to decide what to do without reference to look-ahead token. */
+ yyn = yypact[yystate];
+ if (yyn == YYPACT_NINF)
+ goto yydefault;
+
+ /* Not known => get a look-ahead token if don't already have one. */
+
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ if (yychar == YYEMPTY)
+ {
+ YYDPRINTF ((stderr, "Reading a token: "));
+ yychar = YYLEX;
+ }
+
+ if (yychar <= YYEOF)
+ {
+ yychar = yytoken = YYEOF;
+ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+ else
+ {
+ yytoken = YYTRANSLATE (yychar);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+ }
+
+ /* If the proper action on seeing token YYTOKEN is to reduce or to
+ detect an error, take that action. */
+ yyn += yytoken;
+ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+ goto yydefault;
+ yyn = yytable[yyn];
+ if (yyn <= 0)
+ {
+ if (yyn == 0 || yyn == YYTABLE_NINF)
+ goto yyerrlab;
+ yyn = -yyn;
+ goto yyreduce;
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ /* Count tokens shifted since error; after three, turn off error
+ status. */
+ if (yyerrstatus)
+ yyerrstatus--;
+
+ /* Shift the look-ahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+ /* Discard the shifted token unless it is eof. */
+ if (yychar != YYEOF)
+ yychar = YYEMPTY;
+
+ yystate = yyn;
+ *++yyvsp = yylval;
+
+ goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state. |
+`-----------------------------------------------------------*/
+yydefault:
+ yyn = yydefact[yystate];
+ if (yyn == 0)
+ goto yyerrlab;
+ goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction. |
+`-----------------------------*/
+yyreduce:
+ /* yyn is the number of a rule to reduce with. */
+ yylen = yyr2[yyn];
+
+ /* If YYLEN is nonzero, implement the default value of the action:
+ `$$ = $1'.
+
+ Otherwise, the following line sets YYVAL to garbage.
+ This behavior is undocumented and Bison
+ users should not rely upon it. Assigning to YYVAL
+ unconditionally makes the parser a bit smaller, and it avoids a
+ GCC warning that YYVAL may be used uninitialized. */
+ yyval = yyvsp[1-yylen];
+
+
+ YY_REDUCE_PRINT (yyn);
+ switch (yyn)
+ {
+ case 6:
+#line 74 "parse.y"
+ {
+ table_name = (yyvsp[(2) - (3)].string);
+ }
+ break;
+
+ case 7:
+#line 78 "parse.y"
+ {
+ add_command((yyvsp[(2) - (11)].string), (yyvsp[(4) - (11)].string), (yyvsp[(6) - (11)].list), (yyvsp[(9) - (11)].number));
+ }
+ break;
+
+ case 8:
+#line 82 "parse.y"
+ {
+ add_command((yyvsp[(2) - (7)].string), (yyvsp[(4) - (7)].string), (yyvsp[(6) - (7)].list), 0);
+ }
+ break;
+
+ case 9:
+#line 86 "parse.y"
+ {
+ free((yyvsp[(2) - (7)].string));
+ free((yyvsp[(4) - (7)].string));
+ free_string_list((yyvsp[(6) - (7)].list));
+ }
+ break;
+
+ case 10:
+#line 92 "parse.y"
+ {
+ free_string_list((yyvsp[(2) - (3)].list));
+ }
+ break;
+
+ case 11:
+#line 96 "parse.y"
+ {
+ YYACCEPT;
+ }
+ break;
+
+ case 12:
+#line 102 "parse.y"
+ {
+ (yyval.list) = append_string(NULL, (yyvsp[(1) - (1)].string));
+ }
+ break;
+
+ case 13:
+#line 106 "parse.y"
+ {
+ (yyval.list) = append_string((yyvsp[(1) - (3)].list), (yyvsp[(3) - (3)].string));
+ }
+ break;
+
+ case 14:
+#line 112 "parse.y"
+ {
+ (yyval.number) = (yyvsp[(1) - (1)].number);
+ }
+ break;
+
+ case 15:
+#line 116 "parse.y"
+ {
+ (yyval.number) = (yyvsp[(1) - (3)].number) | (yyvsp[(3) - (3)].number);
+ }
+ break;
+
+ case 16:
+#line 121 "parse.y"
+ {
+ (yyval.number) = string_to_flag((yyvsp[(1) - (1)].string));
+ free((yyvsp[(1) - (1)].string));
+ }
+ break;
+
+
+/* Line 1267 of yacc.c. */
+#line 1469 "parse.c"
+ default: break;
+ }
+ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+
+ *++yyvsp = yyval;
+
+
+ /* Now `shift' the result of the reduction. Determine what state
+ that goes to, based on the state we popped back to and the rule
+ number reduced by. */
+
+ yyn = yyr1[yyn];
+
+ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+ yystate = yytable[yystate];
+ else
+ yystate = yydefgoto[yyn - YYNTOKENS];
+
+ goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+ /* If not already recovering from an error, report this error. */
+ if (!yyerrstatus)
+ {
+ ++yynerrs;
+#if ! YYERROR_VERBOSE
+ yyerror (YY_("syntax error"));
+#else
+ {
+ YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+ if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+ {
+ YYSIZE_T yyalloc = 2 * yysize;
+ if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+ yyalloc = YYSTACK_ALLOC_MAXIMUM;
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+ yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+ if (yymsg)
+ yymsg_alloc = yyalloc;
+ else
+ {
+ yymsg = yymsgbuf;
+ yymsg_alloc = sizeof yymsgbuf;
+ }
+ }
+
+ if (0 < yysize && yysize <= yymsg_alloc)
+ {
+ (void) yysyntax_error (yymsg, yystate, yychar);
+ yyerror (yymsg);
+ }
+ else
+ {
+ yyerror (YY_("syntax error"));
+ if (yysize != 0)
+ goto yyexhaustedlab;
+ }
+ }
+#endif
+ }
+
+
+
+ if (yyerrstatus == 3)
+ {
+ /* If just tried and failed to reuse look-ahead token after an
+ error, discard it. */
+
+ if (yychar <= YYEOF)
+ {
+ /* Return failure if at end of input. */
+ if (yychar == YYEOF)
+ YYABORT;
+ }
+ else
+ {
+ yydestruct ("Error: discarding",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
+ }
+ }
+
+ /* Else will try to reuse look-ahead token after shifting the error
+ token. */
+ goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR. |
+`---------------------------------------------------*/
+yyerrorlab:
+
+ /* Pacify compilers like GCC when the user code never invokes
+ YYERROR and the label yyerrorlab therefore never appears in user
+ code. */
+ if (/*CONSTCOND*/ 0)
+ goto yyerrorlab;
+
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYERROR. */
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+ yystate = *yyssp;
+ goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR. |
+`-------------------------------------------------------------*/
+yyerrlab1:
+ yyerrstatus = 3; /* Each real token shifted decrements this. */
+
+ for (;;)
+ {
+ yyn = yypact[yystate];
+ if (yyn != YYPACT_NINF)
+ {
+ yyn += YYTERROR;
+ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+ {
+ yyn = yytable[yyn];
+ if (0 < yyn)
+ break;
+ }
+ }
+
+ /* Pop the current state because it cannot handle the error token. */
+ if (yyssp == yyss)
+ YYABORT;
+
+
+ yydestruct ("Error: popping",
+ yystos[yystate], yyvsp);
+ YYPOPSTACK (1);
+ yystate = *yyssp;
+ YY_STACK_PRINT (yyss, yyssp);
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ *++yyvsp = yylval;
+
+
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+ yystate = yyn;
+ goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here. |
+`-------------------------------------*/
+yyacceptlab:
+ yyresult = 0;
+ goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here. |
+`-----------------------------------*/
+yyabortlab:
+ yyresult = 1;
+ goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here. |
+`-------------------------------------------------*/
+yyexhaustedlab:
+ yyerror (YY_("memory exhausted"));
+ yyresult = 2;
+ /* Fall through. */
+#endif
+
+yyreturn:
+ if (yychar != YYEOF && yychar != YYEMPTY)
+ yydestruct ("Cleanup: discarding lookahead",
+ yytoken, &yylval);
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYABORT or YYACCEPT. */
+ YYPOPSTACK (yylen);
+ YY_STACK_PRINT (yyss, yyssp);
+ while (yyssp != yyss)
+ {
+ yydestruct ("Cleanup: popping",
+ yystos[*yyssp], yyvsp);
+ YYPOPSTACK (1);
+ }
+#ifndef yyoverflow
+ if (yyss != yyssa)
+ YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+#endif
+ /* Make sure YYID is used. */
+ return YYID (yyresult);
+}
+
+
+#line 129 "parse.y"
+
+
+static void
+yyerror (char *s)
+{
+ error_message ("%s\n", s);
+}
+
+struct string_list*
+append_string(struct string_list *list, char *str)
+{
+ struct string_list *sl = malloc(sizeof(*sl));
+ if (sl == NULL)
+ return sl;
+ sl->string = str;
+ sl->next = NULL;
+ if(list) {
+ *list->tail = sl;
+ list->tail = &sl->next;
+ return list;
+ }
+ sl->tail = &sl->next;
+ return sl;
+}
+
+void
+free_string_list(struct string_list *list)
+{
+ while(list) {
+ struct string_list *sl = list->next;
+ free(list->string);
+ free(list);
+ list = sl;
+ }
+}
+
+unsigned
+string_to_flag(const char *string)
+{
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/lib/sl/parse.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/parse.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/parse.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ TABLE = 258,
+ REQUEST = 259,
+ UNKNOWN = 260,
+ UNIMPLEMENTED = 261,
+ END = 262,
+ STRING = 263
+ };
+#endif
+/* Tokens. */
+#define TABLE 258
+#define REQUEST 259
+#define UNKNOWN 260
+#define UNIMPLEMENTED 261
+#define END 262
+#define STRING 263
+
+
+
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 52 "parse.y"
+{
+ char *string;
+ unsigned number;
+ struct string_list *list;
+}
+/* Line 1529 of yacc.c. */
+#line 71 "parse.h"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+extern YYSTYPE yylval;
+
Added: vendor-crypto/heimdal/dist/lib/sl/parse.y
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/parse.y (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/parse.y 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,169 @@
+%{
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "make_cmds.h"
+RCSID("$Id: parse.y,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+static void yyerror (char *s);
+
+struct string_list* append_string(struct string_list*, char*);
+void free_string_list(struct string_list *list);
+unsigned string_to_flag(const char *);
+
+/* This is for bison */
+
+#if !defined(alloca) && !defined(HAVE_ALLOCA)
+#define alloca(x) malloc(x)
+#endif
+
+%}
+
+%union {
+ char *string;
+ unsigned number;
+ struct string_list *list;
+}
+
+%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END
+%token <string> STRING
+%type <number> flag flags
+%type <list> aliases
+
+%%
+
+file : /* */
+ | statements
+ ;
+
+statements : statement
+ | statements statement
+ ;
+
+statement : TABLE STRING ';'
+ {
+ table_name = $2;
+ }
+ | REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';'
+ {
+ add_command($2, $4, $6, $9);
+ }
+ | REQUEST STRING ',' STRING ',' aliases ';'
+ {
+ add_command($2, $4, $6, 0);
+ }
+ | UNIMPLEMENTED STRING ',' STRING ',' aliases ';'
+ {
+ free($2);
+ free($4);
+ free_string_list($6);
+ }
+ | UNKNOWN aliases ';'
+ {
+ free_string_list($2);
+ }
+ | END ';'
+ {
+ YYACCEPT;
+ }
+ ;
+
+aliases : STRING
+ {
+ $$ = append_string(NULL, $1);
+ }
+ | aliases ',' STRING
+ {
+ $$ = append_string($1, $3);
+ }
+ ;
+
+flags : flag
+ {
+ $$ = $1;
+ }
+ | flags ',' flag
+ {
+ $$ = $1 | $3;
+ }
+ ;
+flag : STRING
+ {
+ $$ = string_to_flag($1);
+ free($1);
+ }
+ ;
+
+
+
+%%
+
+static void
+yyerror (char *s)
+{
+ error_message ("%s\n", s);
+}
+
+struct string_list*
+append_string(struct string_list *list, char *str)
+{
+ struct string_list *sl = malloc(sizeof(*sl));
+ if (sl == NULL)
+ return sl;
+ sl->string = str;
+ sl->next = NULL;
+ if(list) {
+ *list->tail = sl;
+ list->tail = &sl->next;
+ return list;
+ }
+ sl->tail = &sl->next;
+ return sl;
+}
+
+void
+free_string_list(struct string_list *list)
+{
+ while(list) {
+ struct string_list *sl = list->next;
+ free(list->string);
+ free(list);
+ list = sl;
+ }
+}
+
+unsigned
+string_to_flag(const char *string)
+{
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/sl/roken_rename.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/roken_rename.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/roken_rename.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1998 - 2001 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: roken_rename.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __roken_rename_h__
+#define __roken_rename_h__
+
+#ifndef HAVE_STRTOK_R
+#define strtok_r _sl_strtok_r
+#endif
+#ifndef HAVE_SNPRINTF
+#define snprintf _sl_snprintf
+#endif
+#ifndef HAVE_ASPRINTF
+#define asprintf _sl_asprintf
+#endif
+#ifndef HAVE_ASNPRINTF
+#define asnprintf _sl_asnprintf
+#endif
+#ifndef HAVE_VASPRINTF
+#define vasprintf _sl_vasprintf
+#endif
+#ifndef HAVE_VASNPRINTF
+#define vasnprintf _sl_vasnprintf
+#endif
+#ifndef HAVE_VSNPRINTF
+#define vsnprintf _sl_vsnprintf
+#endif
+#ifndef HAVE_STRUPR
+#define strupr _sl_strupr
+#endif
+#ifndef HAVE_STRDUP
+#define strdup _sl_strdup
+#endif
+
+#endif /* __roken_rename_h__ */
Added: vendor-crypto/heimdal/dist/lib/sl/sl.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/sl.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/sl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,396 @@
+/*
+ * Copyright (c) 1995 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: sl.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+
+#include "sl_locl.h"
+#include <setjmp.h>
+
+static void
+mandoc_template(SL_cmd *cmds,
+ const char *extra_string)
+{
+ SL_cmd *c, *prev;
+ char timestr[64], cmd[64];
+ const char *p;
+ time_t t;
+
+ printf(".\\\" Things to fix:\n");
+ printf(".\\\" * correct section, and operating system\n");
+ printf(".\\\" * remove Op from mandatory flags\n");
+ printf(".\\\" * use better macros for arguments (like .Pa for files)\n");
+ printf(".\\\"\n");
+ t = time(NULL);
+ strftime(timestr, sizeof(timestr), "%b %d, %Y", localtime(&t));
+ printf(".Dd %s\n", timestr);
+ p = strrchr(getprogname(), '/');
+ if(p) p++; else p = getprogname();
+ strncpy(cmd, p, sizeof(cmd));
+ cmd[sizeof(cmd)-1] = '\0';
+ strupr(cmd);
+
+ printf(".Dt %s SECTION\n", cmd);
+ printf(".Os OPERATING_SYSTEM\n");
+ printf(".Sh NAME\n");
+ printf(".Nm %s\n", p);
+ printf(".Nd\n");
+ printf("in search of a description\n");
+ printf(".Sh SYNOPSIS\n");
+ printf(".Nm\n");
+ for(c = cmds; c->name; ++c) {
+/* if (c->func == NULL)
+ continue; */
+ printf(".Op Fl %s", c->name);
+ printf("\n");
+
+ }
+ if (extra_string && *extra_string)
+ printf (".Ar %s\n", extra_string);
+ printf(".Sh DESCRIPTION\n");
+ printf("Supported options:\n");
+ printf(".Bl -tag -width Ds\n");
+ prev = NULL;
+ for(c = cmds; c->name; ++c) {
+ if (c->func) {
+ if (prev)
+ printf ("\n%s\n", prev->usage);
+
+ printf (".It Fl %s", c->name);
+ prev = c;
+ } else
+ printf (", %s\n", c->name);
+ }
+ if (prev)
+ printf ("\n%s\n", prev->usage);
+
+ printf(".El\n");
+ printf(".\\\".Sh ENVIRONMENT\n");
+ printf(".\\\".Sh FILES\n");
+ printf(".\\\".Sh EXAMPLES\n");
+ printf(".\\\".Sh DIAGNOSTICS\n");
+ printf(".\\\".Sh SEE ALSO\n");
+ printf(".\\\".Sh STANDARDS\n");
+ printf(".\\\".Sh HISTORY\n");
+ printf(".\\\".Sh AUTHORS\n");
+ printf(".\\\".Sh BUGS\n");
+}
+
+SL_cmd *
+sl_match (SL_cmd *cmds, char *cmd, int exactp)
+{
+ SL_cmd *c, *current = NULL, *partial_cmd = NULL;
+ int partial_match = 0;
+
+ for (c = cmds; c->name; ++c) {
+ if (c->func)
+ current = c;
+ if (strcmp (cmd, c->name) == 0)
+ return current;
+ else if (strncmp (cmd, c->name, strlen(cmd)) == 0 &&
+ partial_cmd != current) {
+ ++partial_match;
+ partial_cmd = current;
+ }
+ }
+ if (partial_match == 1 && !exactp)
+ return partial_cmd;
+ else
+ return NULL;
+}
+
+void
+sl_help (SL_cmd *cmds, int argc, char **argv)
+{
+ SL_cmd *c, *prev_c;
+
+ if (getenv("SLMANDOC")) {
+ mandoc_template(cmds, NULL);
+ return;
+ }
+
+ if (argc == 1) {
+ prev_c = NULL;
+ for (c = cmds; c->name; ++c) {
+ if (c->func) {
+ if(prev_c)
+ printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
+ prev_c->usage ? "\n" : "");
+ prev_c = c;
+ printf ("%s", c->name);
+ } else
+ printf (", %s", c->name);
+ }
+ if(prev_c)
+ printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "",
+ prev_c->usage ? "\n" : "");
+ } else {
+ c = sl_match (cmds, argv[1], 0);
+ if (c == NULL)
+ printf ("No such command: %s. "
+ "Try \"help\" for a list of all commands\n",
+ argv[1]);
+ else {
+ printf ("%s\t%s\n", c->name, c->usage);
+ if(c->help && *c->help)
+ printf ("%s\n", c->help);
+ if((++c)->name && c->func == NULL) {
+ printf ("Synonyms:");
+ while (c->name && c->func == NULL)
+ printf ("\t%s", (c++)->name);
+ printf ("\n");
+ }
+ }
+ }
+}
+
+#ifdef HAVE_READLINE
+
+char *readline(char *prompt);
+void add_history(char *p);
+
+#else
+
+static char *
+readline(char *prompt)
+{
+ char buf[BUFSIZ];
+ printf ("%s", prompt);
+ fflush (stdout);
+ if(fgets(buf, sizeof(buf), stdin) == NULL)
+ return NULL;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ return strdup(buf);
+}
+
+static void
+add_history(char *p)
+{
+}
+
+#endif
+
+int
+sl_command(SL_cmd *cmds, int argc, char **argv)
+{
+ SL_cmd *c;
+ c = sl_match (cmds, argv[0], 0);
+ if (c == NULL)
+ return -1;
+ return (*c->func)(argc, argv);
+}
+
+struct sl_data {
+ int max_count;
+ char **ptr;
+};
+
+int
+sl_make_argv(char *line, int *ret_argc, char ***ret_argv)
+{
+ char *p, *begining;
+ int argc, nargv;
+ char **argv;
+ int quote = 0;
+
+ nargv = 10;
+ argv = malloc(nargv * sizeof(*argv));
+ if(argv == NULL)
+ return ENOMEM;
+ argc = 0;
+
+ p = line;
+
+ while(isspace((unsigned char)*p))
+ p++;
+ begining = p;
+
+ while (1) {
+ if (*p == '\0') {
+ ;
+ } else if (*p == '"') {
+ quote = !quote;
+ memmove(&p[0], &p[1], strlen(&p[1]) + 1);
+ continue;
+ } else if (*p == '\\') {
+ if (p[1] == '\0')
+ goto failed;
+ memmove(&p[0], &p[1], strlen(&p[1]) + 1);
+ p += 2;
+ continue;
+ } else if (quote || !isspace((unsigned char)*p)) {
+ p++;
+ continue;
+ } else
+ *p++ = '\0';
+ if (quote)
+ goto failed;
+ if(argc == nargv - 1) {
+ char **tmp;
+ nargv *= 2;
+ tmp = realloc (argv, nargv * sizeof(*argv));
+ if (tmp == NULL) {
+ free(argv);
+ return ENOMEM;
+ }
+ argv = tmp;
+ }
+ argv[argc++] = begining;
+ while(isspace((unsigned char)*p))
+ p++;
+ if (*p == '\0')
+ break;
+ begining = p;
+ }
+ argv[argc] = NULL;
+ *ret_argc = argc;
+ *ret_argv = argv;
+ return 0;
+failed:
+ free(argv);
+ return ERANGE;
+}
+
+static jmp_buf sl_jmp;
+
+static void sl_sigint(int sig)
+{
+ longjmp(sl_jmp, 1);
+}
+
+static char *sl_readline(const char *prompt)
+{
+ char *s;
+ void (*old)(int);
+ old = signal(SIGINT, sl_sigint);
+ if(setjmp(sl_jmp))
+ printf("\n");
+ s = readline(rk_UNCONST(prompt));
+ signal(SIGINT, old);
+ return s;
+}
+
+/* return values:
+ * 0 on success,
+ * -1 on fatal error,
+ * -2 if EOF, or
+ * return value of command */
+int
+sl_command_loop(SL_cmd *cmds, const char *prompt, void **data)
+{
+ int ret = 0;
+ char *buf;
+ int argc;
+ char **argv;
+
+ ret = 0;
+ buf = sl_readline(prompt);
+ if(buf == NULL)
+ return -2;
+
+ if(*buf)
+ add_history(buf);
+ ret = sl_make_argv(buf, &argc, &argv);
+ if(ret) {
+ fprintf(stderr, "sl_loop: out of memory\n");
+ free(buf);
+ return -1;
+ }
+ if (argc >= 1) {
+ ret = sl_command(cmds, argc, argv);
+ if(ret == -1) {
+ printf ("Unrecognized command: %s\n", argv[0]);
+ ret = 0;
+ }
+ }
+ free(buf);
+ free(argv);
+ return ret;
+}
+
+int
+sl_loop(SL_cmd *cmds, const char *prompt)
+{
+ void *data = NULL;
+ int ret;
+ while((ret = sl_command_loop(cmds, prompt, &data)) >= 0)
+ ;
+ return ret;
+}
+
+void
+sl_apropos (SL_cmd *cmd, const char *topic)
+{
+ for (; cmd->name != NULL; ++cmd)
+ if (cmd->usage != NULL && strstr(cmd->usage, topic) != NULL)
+ printf ("%-20s%s\n", cmd->name, cmd->usage);
+}
+
+/*
+ * Help to be used with slc.
+ */
+
+void
+sl_slc_help (SL_cmd *cmds, int argc, char **argv)
+{
+ if(argc == 0) {
+ sl_help(cmds, 1, argv - 1 /* XXX */);
+ } else {
+ SL_cmd *c = sl_match (cmds, argv[0], 0);
+ if(c == NULL) {
+ fprintf (stderr, "No such command: %s. "
+ "Try \"help\" for a list of commands\n",
+ argv[0]);
+ } else {
+ if(c->func) {
+ char *fake[] = { NULL, "--help", NULL };
+ fake[0] = argv[0];
+ (*c->func)(2, fake);
+ fprintf(stderr, "\n");
+ }
+ if(c->help && *c->help)
+ fprintf (stderr, "%s\n", c->help);
+ if((++c)->name && c->func == NULL) {
+ int f = 0;
+ fprintf (stderr, "Synonyms:");
+ while (c->name && c->func == NULL) {
+ fprintf (stderr, "%s%s", f ? ", " : " ", (c++)->name);
+ f = 1;
+ }
+ fprintf (stderr, "\n");
+ }
+ }
+ }
+}
Added: vendor-crypto/heimdal/dist/lib/sl/sl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/sl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/sl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1995 - 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef _SL_H
+#define _SL_H
+
+#define SL_BADCOMMAND -1
+
+typedef int (*cmd_func)(int, char **);
+
+struct sl_cmd {
+ char *name;
+ cmd_func func;
+ char *usage;
+ char *help;
+};
+
+typedef struct sl_cmd SL_cmd;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void sl_help (SL_cmd *, int argc, char **argv);
+int sl_loop (SL_cmd *, const char *prompt);
+int sl_command_loop (SL_cmd *cmds, const char *prompt, void **data);
+int sl_command (SL_cmd *cmds, int argc, char **argv);
+int sl_make_argv(char*, int*, char***);
+void sl_apropos (SL_cmd *cmd, const char *topic);
+SL_cmd *sl_match (SL_cmd *cmds, char *cmd, int exactp);
+void sl_slc_help (SL_cmd *cmds, int argc, char **argv);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _SL_H */
Added: vendor-crypto/heimdal/dist/lib/sl/sl_locl.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/sl_locl.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/sl_locl.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: sl_locl.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+
+#include <roken.h>
+
+#include <sl.h>
Added: vendor-crypto/heimdal/dist/lib/sl/slc-gram.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/slc-gram.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/slc-gram.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2275 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+ simplifying the original so-called "semantic" parser. */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+ infringing on user name space. This should be done even for local
+ variables, as they might otherwise be expanded by user macros.
+ There are some unavoidable exceptions within include files to
+ define necessary library symbols; they are noted "INFRINGES ON
+ USER NAME SPACE" below. */
+
+/* Identify Bison output. */
+#define YYBISON 1
+
+/* Bison version. */
+#define YYBISON_VERSION "2.3"
+
+/* Skeleton name. */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers. */
+#define YYPURE 0
+
+/* Using locations. */
+#define YYLSP_NEEDED 0
+
+
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ LITERAL = 258,
+ STRING = 259
+ };
+#endif
+/* Tokens. */
+#define LITERAL 258
+#define STRING 259
+
+
+
+
+/* Copy the first part of user declarations. */
+#line 1 "slc-gram.y"
+
+/*
+ * Copyright (c) 2004-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: slc-gram.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <err.h>
+#include <ctype.h>
+#include <limits.h>
+#include <getarg.h>
+#include <vers.h>
+#include <roken.h>
+
+#include "slc.h"
+extern FILE *yyin;
+extern struct assignment *assignment;
+
+
+/* Enabling traces. */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages. */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+/* Enabling the token table. */
+#ifndef YYTOKEN_TABLE
+# define YYTOKEN_TABLE 0
+#endif
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 54 "slc-gram.y"
+{
+ char *string;
+ struct assignment *assignment;
+}
+/* Line 193 of yacc.c. */
+#line 162 "slc-gram.c"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations. */
+
+
+/* Line 216 of yacc.c. */
+#line 175 "slc-gram.c"
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#elif (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+typedef signed char yytype_int8;
+#else
+typedef short int yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+# define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+# define YYSIZE_T size_t
+# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+# define YYSIZE_T size_t
+# else
+# define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+# if ENABLE_NLS
+# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+# define YY_(msgid) dgettext ("bison-runtime", msgid)
+# endif
+# endif
+# ifndef YY_
+# define YY_(msgid) msgid
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E. */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(e) ((void) (e))
+#else
+# define YYUSE(e) /* empty */
+#endif
+
+/* Identity function, used to suppress warnings about constant conditions. */
+#ifndef lint
+# define YYID(n) (n)
+#else
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static int
+YYID (int i)
+#else
+static int
+YYID (i)
+ int i;
+#endif
+{
+ return i;
+}
+#endif
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols. */
+
+# ifdef YYSTACK_USE_ALLOCA
+# if YYSTACK_USE_ALLOCA
+# ifdef __GNUC__
+# define YYSTACK_ALLOC __builtin_alloca
+# elif defined __BUILTIN_VA_ARG_INCR
+# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+# elif defined _AIX
+# define YYSTACK_ALLOC __alloca
+# elif defined _MSC_VER
+# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+# define alloca _alloca
+# else
+# define YYSTACK_ALLOC alloca
+# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# endif
+# endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+ /* Pacify GCC's `empty if-body' warning. */
+# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
+# ifndef YYSTACK_ALLOC_MAXIMUM
+ /* The OS might guarantee only one guard page at the bottom of the stack,
+ and a page size can be as small as 4096 bytes. So we cannot safely
+ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
+ to allow for a few compiler-allocated temporary stack slots. */
+# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+# endif
+# else
+# define YYSTACK_ALLOC YYMALLOC
+# define YYSTACK_FREE YYFREE
+# ifndef YYSTACK_ALLOC_MAXIMUM
+# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+# endif
+# if (defined __cplusplus && ! defined _STDLIB_H \
+ && ! ((defined YYMALLOC || defined malloc) \
+ && (defined YYFREE || defined free)))
+# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+# ifndef _STDLIB_H
+# define _STDLIB_H 1
+# endif
+# endif
+# ifndef YYMALLOC
+# define YYMALLOC malloc
+# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# ifndef YYFREE
+# define YYFREE free
+# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+# endif
+# endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+ && (! defined __cplusplus \
+ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member. */
+union yyalloc
+{
+ yytype_int16 yyss;
+ YYSTYPE yyvs;
+ };
+
+/* The size of the maximum gap between one aligned stack and the next. */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+ N elements. */
+# define YYSTACK_BYTES(N) \
+ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+ + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO. The source and destination do
+ not overlap. */
+# ifndef YYCOPY
+# if defined __GNUC__ && 1 < __GNUC__
+# define YYCOPY(To, From, Count) \
+ __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+# else
+# define YYCOPY(To, From, Count) \
+ do \
+ { \
+ YYSIZE_T yyi; \
+ for (yyi = 0; yyi < (Count); yyi++) \
+ (To)[yyi] = (From)[yyi]; \
+ } \
+ while (YYID (0))
+# endif
+# endif
+
+/* Relocate STACK from its old location to the new one. The
+ local variables YYSIZE and YYSTACKSIZE give the old and new number of
+ elements in the stack, and YYPTR gives the new location of the
+ stack. Advance YYPTR to a properly aligned location for the next
+ stack. */
+# define YYSTACK_RELOCATE(Stack) \
+ do \
+ { \
+ YYSIZE_T yynewbytes; \
+ YYCOPY (&yyptr->Stack, Stack, yysize); \
+ Stack = &yyptr->Stack; \
+ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+ yyptr += yynewbytes / sizeof (*yyptr); \
+ } \
+ while (YYID (0))
+
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL 6
+/* YYLAST -- Last index in YYTABLE. */
+#define YYLAST 7
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS 8
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS 4
+/* YYNRULES -- Number of rules. */
+#define YYNRULES 6
+/* YYNRULES -- Number of states. */
+#define YYNSTATES 12
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
+#define YYUNDEFTOK 2
+#define YYMAXUTOK 259
+
+#define YYTRANSLATE(YYX) \
+ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
+static const yytype_uint8 yytranslate[] =
+{
+ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 5, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 6, 2, 7, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+ YYRHS. */
+static const yytype_uint8 yyprhs[] =
+{
+ 0, 0, 3, 5, 8, 10, 14
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yytype_int8 yyrhs[] =
+{
+ 9, 0, -1, 10, -1, 11, 10, -1, 11, -1,
+ 3, 5, 4, -1, 3, 5, 6, 10, 7, -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+static const yytype_uint8 yyrline[] =
+{
+ 0, 67, 67, 73, 78, 81, 90
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+ "$end", "error", "$undefined", "LITERAL", "STRING", "'='", "'{'", "'}'",
+ "$accept", "start", "assignments", "assignment", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+ token YYLEX-NUM. */
+static const yytype_uint16 yytoknum[] =
+{
+ 0, 256, 257, 258, 259, 61, 123, 125
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
+static const yytype_uint8 yyr1[] =
+{
+ 0, 8, 9, 10, 10, 11, 11
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
+static const yytype_uint8 yyr2[] =
+{
+ 0, 2, 1, 2, 1, 3, 5
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+ STATE-NUM when YYTABLE doesn't specify something else to do. Zero
+ means the default is an error. */
+static const yytype_uint8 yydefact[] =
+{
+ 0, 0, 0, 2, 4, 0, 1, 3, 5, 0,
+ 0, 6
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const yytype_int8 yydefgoto[] =
+{
+ -1, 2, 3, 4
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+ STATE-NUM. */
+#define YYPACT_NINF -5
+static const yytype_int8 yypact[] =
+{
+ -1, 1, 4, -5, -1, -3, -5, -5, -5, -1,
+ 0, -5
+};
+
+/* YYPGOTO[NTERM-NUM]. */
+static const yytype_int8 yypgoto[] =
+{
+ -5, -5, -4, -5
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
+ positive, shift that token. If negative, reduce the rule which
+ number is the opposite. If zero, do what YYDEFACT says.
+ If YYTABLE_NINF, syntax error. */
+#define YYTABLE_NINF -1
+static const yytype_uint8 yytable[] =
+{
+ 7, 8, 1, 9, 6, 10, 5, 11
+};
+
+static const yytype_uint8 yycheck[] =
+{
+ 4, 4, 3, 6, 0, 9, 5, 7
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+ symbol of state STATE-NUM. */
+static const yytype_uint8 yystos[] =
+{
+ 0, 3, 9, 10, 11, 5, 0, 10, 4, 6,
+ 10, 7
+};
+
+#define yyerrok (yyerrstatus = 0)
+#define yyclearin (yychar = YYEMPTY)
+#define YYEMPTY (-2)
+#define YYEOF 0
+
+#define YYACCEPT goto yyacceptlab
+#define YYABORT goto yyabortlab
+#define YYERROR goto yyerrorlab
+
+
+/* Like YYERROR except do call yyerror. This remains here temporarily
+ to ease the transition to the new meaning of YYERROR, for GCC.
+ Once GCC version 2 has supplanted version 1, this can go. */
+
+#define YYFAIL goto yyerrlab
+
+#define YYRECOVERING() (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value) \
+do \
+ if (yychar == YYEMPTY && yylen == 1) \
+ { \
+ yychar = (Token); \
+ yylval = (Value); \
+ yytoken = YYTRANSLATE (yychar); \
+ YYPOPSTACK (1); \
+ goto yybackup; \
+ } \
+ else \
+ { \
+ yyerror (YY_("syntax error: cannot back up")); \
+ YYERROR; \
+ } \
+while (YYID (0))
+
+
+#define YYTERROR 1
+#define YYERRCODE 256
+
+
+/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N].
+ If N is 0, then set CURRENT to the empty location which ends
+ the previous symbol: RHS[0] (always defined). */
+
+#define YYRHSLOC(Rhs, K) ((Rhs)[K])
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N) \
+ do \
+ if (YYID (N)) \
+ { \
+ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \
+ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \
+ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \
+ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \
+ } \
+ else \
+ { \
+ (Current).first_line = (Current).last_line = \
+ YYRHSLOC (Rhs, 0).last_line; \
+ (Current).first_column = (Current).last_column = \
+ YYRHSLOC (Rhs, 0).last_column; \
+ } \
+ while (YYID (0))
+#endif
+
+
+/* YY_LOCATION_PRINT -- Print the location on the stream.
+ This macro was not mandated originally: define only if we know
+ we won't break user code: when these are the locations we know. */
+
+#ifndef YY_LOCATION_PRINT
+# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL
+# define YY_LOCATION_PRINT(File, Loc) \
+ fprintf (File, "%d.%d-%d.%d", \
+ (Loc).first_line, (Loc).first_column, \
+ (Loc).last_line, (Loc).last_column)
+# else
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+# endif
+#endif
+
+
+/* YYLEX -- calling `yylex' with the right arguments. */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested. */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+# define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args) \
+do { \
+ if (yydebug) \
+ YYFPRINTF Args; \
+} while (YYID (0))
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
+do { \
+ if (yydebug) \
+ { \
+ YYFPRINTF (stderr, "%s ", Title); \
+ yy_symbol_print (stderr, \
+ Type, Value); \
+ YYFPRINTF (stderr, "\n"); \
+ } \
+} while (YYID (0))
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_value_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (!yyvaluep)
+ return;
+# ifdef YYPRINT
+ if (yytype < YYNTOKENS)
+ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# else
+ YYUSE (yyoutput);
+# endif
+ switch (yytype)
+ {
+ default:
+ break;
+ }
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT. |
+`--------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
+#else
+static void
+yy_symbol_print (yyoutput, yytype, yyvaluep)
+ FILE *yyoutput;
+ int yytype;
+ YYSTYPE const * const yyvaluep;
+#endif
+{
+ if (yytype < YYNTOKENS)
+ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+ else
+ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
+ YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included). |
+`------------------------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+#else
+static void
+yy_stack_print (bottom, top)
+ yytype_int16 *bottom;
+ yytype_int16 *top;
+#endif
+{
+ YYFPRINTF (stderr, "Stack now");
+ for (; bottom <= top; ++bottom)
+ YYFPRINTF (stderr, " %d", *bottom);
+ YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top) \
+do { \
+ if (yydebug) \
+ yy_stack_print ((Bottom), (Top)); \
+} while (YYID (0))
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced. |
+`------------------------------------------------*/
+
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
+#else
+static void
+yy_reduce_print (yyvsp, yyrule)
+ YYSTYPE *yyvsp;
+ int yyrule;
+#endif
+{
+ int yynrhs = yyr2[yyrule];
+ int yyi;
+ unsigned long int yylno = yyrline[yyrule];
+ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+ yyrule - 1, yylno);
+ /* The symbols being reduced. */
+ for (yyi = 0; yyi < yynrhs; yyi++)
+ {
+ fprintf (stderr, " $%d = ", yyi + 1);
+ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
+ &(yyvsp[(yyi + 1) - (yynrhs)])
+ );
+ fprintf (stderr, "\n");
+ }
+}
+
+# define YY_REDUCE_PRINT(Rule) \
+do { \
+ if (yydebug) \
+ yy_reduce_print (yyvsp, Rule); \
+} while (YYID (0))
+
+/* Nonzero means print parse trace. It is left uninitialized so that
+ multiple parsers can coexist. */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks. */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+ if the built-in stack extension method is used).
+
+ Do not make this value too large; the results are undefined if
+ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+ evaluated with infinite-precision integer arithmetic. */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+# if defined __GLIBC__ && defined _STRING_H
+# define yystrlen strlen
+# else
+/* Return the length of YYSTR. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static YYSIZE_T
+yystrlen (const char *yystr)
+#else
+static YYSIZE_T
+yystrlen (yystr)
+ const char *yystr;
+#endif
+{
+ YYSIZE_T yylen;
+ for (yylen = 0; yystr[yylen]; yylen++)
+ continue;
+ return yylen;
+}
+# endif
+# endif
+
+# ifndef yystpcpy
+# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+# define yystpcpy stpcpy
+# else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+ YYDEST. */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+#else
+static char *
+yystpcpy (yydest, yysrc)
+ char *yydest;
+ const char *yysrc;
+#endif
+{
+ char *yyd = yydest;
+ const char *yys = yysrc;
+
+ while ((*yyd++ = *yys++) != '\0')
+ continue;
+
+ return yyd - 1;
+}
+# endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+ quotes and backslashes, so that it's suitable for yyerror. The
+ heuristic is that double-quoting is unnecessary unless the string
+ contains an apostrophe, a comma, or backslash (other than
+ backslash-backslash). YYSTR is taken from yytname. If YYRES is
+ null, do not copy; instead, return the length of what the result
+ would have been. */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+ if (*yystr == '"')
+ {
+ YYSIZE_T yyn = 0;
+ char const *yyp = yystr;
+
+ for (;;)
+ switch (*++yyp)
+ {
+ case '\'':
+ case ',':
+ goto do_not_strip_quotes;
+
+ case '\\':
+ if (*++yyp != '\\')
+ goto do_not_strip_quotes;
+ /* Fall through. */
+ default:
+ if (yyres)
+ yyres[yyn] = *yyp;
+ yyn++;
+ break;
+
+ case '"':
+ if (yyres)
+ yyres[yyn] = '\0';
+ return yyn;
+ }
+ do_not_strip_quotes: ;
+ }
+
+ if (! yyres)
+ return yystrlen (yystr);
+
+ return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into YYRESULT an error message about the unexpected token
+ YYCHAR while in state YYSTATE. Return the number of bytes copied,
+ including the terminating null byte. If YYRESULT is null, do not
+ copy anything; just return the number of bytes that would be
+ copied. As a special case, return 0 if an ordinary "syntax error"
+ message will do. Return YYSIZE_MAXIMUM if overflow occurs during
+ size calculation. */
+static YYSIZE_T
+yysyntax_error (char *yyresult, int yystate, int yychar)
+{
+ int yyn = yypact[yystate];
+
+ if (! (YYPACT_NINF < yyn && yyn <= YYLAST))
+ return 0;
+ else
+ {
+ int yytype = YYTRANSLATE (yychar);
+ YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
+ YYSIZE_T yysize = yysize0;
+ YYSIZE_T yysize1;
+ int yysize_overflow = 0;
+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+ int yyx;
+
+# if 0
+ /* This is so xgettext sees the translatable formats that are
+ constructed on the fly. */
+ YY_("syntax error, unexpected %s");
+ YY_("syntax error, unexpected %s, expecting %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s");
+ YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
+# endif
+ char *yyfmt;
+ char const *yyf;
+ static char const yyunexpected[] = "syntax error, unexpected %s";
+ static char const yyexpecting[] = ", expecting %s";
+ static char const yyor[] = " or %s";
+ char yyformat[sizeof yyunexpected
+ + sizeof yyexpecting - 1
+ + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
+ * (sizeof yyor - 1))];
+ char const *yyprefix = yyexpecting;
+
+ /* Start YYX at -YYN if negative to avoid negative indexes in
+ YYCHECK. */
+ int yyxbegin = yyn < 0 ? -yyn : 0;
+
+ /* Stay within bounds of both yycheck and yytname. */
+ int yychecklim = YYLAST - yyn + 1;
+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+ int yycount = 1;
+
+ yyarg[0] = yytname[yytype];
+ yyfmt = yystpcpy (yyformat, yyunexpected);
+
+ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+ {
+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+ {
+ yycount = 1;
+ yysize = yysize0;
+ yyformat[sizeof yyunexpected - 1] = '\0';
+ break;
+ }
+ yyarg[yycount++] = yytname[yyx];
+ yysize1 = yysize + yytnamerr (0, yytname[yyx]);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+ yyfmt = yystpcpy (yyfmt, yyprefix);
+ yyprefix = yyor;
+ }
+
+ yyf = YY_(yyformat);
+ yysize1 = yysize + yystrlen (yyf);
+ yysize_overflow |= (yysize1 < yysize);
+ yysize = yysize1;
+
+ if (yysize_overflow)
+ return YYSIZE_MAXIMUM;
+
+ if (yyresult)
+ {
+ /* Avoid sprintf, as that infringes on the user's name space.
+ Don't have undefined behavior even if the translation
+ produced a string with the wrong number of "%s"s. */
+ char *yyp = yyresult;
+ int yyi = 0;
+ while ((*yyp = *yyf) != '\0')
+ {
+ if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
+ {
+ yyp += yytnamerr (yyp, yyarg[yyi++]);
+ yyf += 2;
+ }
+ else
+ {
+ yyp++;
+ yyf++;
+ }
+ }
+ }
+ return yysize;
+ }
+}
+#endif /* YYERROR_VERBOSE */
+
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol. |
+`-----------------------------------------------*/
+
+/*ARGSUSED*/
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yymsg, yytype, yyvaluep)
+ const char *yymsg;
+ int yytype;
+ YYSTYPE *yyvaluep;
+#endif
+{
+ YYUSE (yyvaluep);
+
+ if (!yymsg)
+ yymsg = "Deleting";
+ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+ switch (yytype)
+ {
+
+ default:
+ break;
+ }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes. */
+
+#ifdef YYPARSE_PARAM
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void *YYPARSE_PARAM);
+#else
+int yyparse ();
+#endif
+#else /* ! YYPARSE_PARAM */
+#if defined __STDC__ || defined __cplusplus
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The look-ahead symbol. */
+int yychar;
+
+/* The semantic value of the look-ahead symbol. */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far. */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse. |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void *YYPARSE_PARAM)
+#else
+int
+yyparse (YYPARSE_PARAM)
+ void *YYPARSE_PARAM;
+#endif
+#else /* ! YYPARSE_PARAM */
+#if (defined __STDC__ || defined __C99__FUNC__ \
+ || defined __cplusplus || defined _MSC_VER)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+ int yystate;
+ int yyn;
+ int yyresult;
+ /* Number of tokens to shift before error messages enabled. */
+ int yyerrstatus;
+ /* Look-ahead token as an internal (translated) token number. */
+ int yytoken = 0;
+#if YYERROR_VERBOSE
+ /* Buffer for error messages, and its allocated size. */
+ char yymsgbuf[128];
+ char *yymsg = yymsgbuf;
+ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+ /* Three stacks and their tools:
+ `yyss': related to states,
+ `yyvs': related to semantic values,
+ `yyls': related to locations.
+
+ Refer to the stacks thru separate pointers, to allow yyoverflow
+ to reallocate them elsewhere. */
+
+ /* The state stack. */
+ yytype_int16 yyssa[YYINITDEPTH];
+ yytype_int16 *yyss = yyssa;
+ yytype_int16 *yyssp;
+
+ /* The semantic value stack. */
+ YYSTYPE yyvsa[YYINITDEPTH];
+ YYSTYPE *yyvs = yyvsa;
+ YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
+
+ YYSIZE_T yystacksize = YYINITDEPTH;
+
+ /* The variables used to return semantic value and location from the
+ action routines. */
+ YYSTYPE yyval;
+
+
+ /* The number of symbols on the RHS of the reduced rule.
+ Keep to zero when no symbol should be popped. */
+ int yylen = 0;
+
+ YYDPRINTF ((stderr, "Starting parse\n"));
+
+ yystate = 0;
+ yyerrstatus = 0;
+ yynerrs = 0;
+ yychar = YYEMPTY; /* Cause a token to be read. */
+
+ /* Initialize stack pointers.
+ Waste one element of value and location stack
+ so that they stay on the same level as the state stack.
+ The wasted elements are never initialized. */
+
+ yyssp = yyss;
+ yyvsp = yyvs;
+
+ goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate. |
+`------------------------------------------------------------*/
+ yynewstate:
+ /* In all cases, when you get here, the value and location stacks
+ have just been pushed. So pushing a state here evens the stacks. */
+ yyssp++;
+
+ yysetstate:
+ *yyssp = yystate;
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ {
+ /* Get the current used size of the three stacks, in elements. */
+ YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+ {
+ /* Give user a chance to reallocate the stack. Use copies of
+ these so that the &'s don't force the real ones into
+ memory. */
+ YYSTYPE *yyvs1 = yyvs;
+ yytype_int16 *yyss1 = yyss;
+
+
+ /* Each stack pointer address is followed by the size of the
+ data in use in that stack, in bytes. This used to be a
+ conditional around just the two extra args, but that might
+ be undefined if yyoverflow is a macro. */
+ yyoverflow (YY_("memory exhausted"),
+ &yyss1, yysize * sizeof (*yyssp),
+ &yyvs1, yysize * sizeof (*yyvsp),
+
+ &yystacksize);
+
+ yyss = yyss1;
+ yyvs = yyvs1;
+ }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+ goto yyexhaustedlab;
+# else
+ /* Extend the stack our own way. */
+ if (YYMAXDEPTH <= yystacksize)
+ goto yyexhaustedlab;
+ yystacksize *= 2;
+ if (YYMAXDEPTH < yystacksize)
+ yystacksize = YYMAXDEPTH;
+
+ {
+ yytype_int16 *yyss1 = yyss;
+ union yyalloc *yyptr =
+ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+ if (! yyptr)
+ goto yyexhaustedlab;
+ YYSTACK_RELOCATE (yyss);
+ YYSTACK_RELOCATE (yyvs);
+
+# undef YYSTACK_RELOCATE
+ if (yyss1 != yyssa)
+ YYSTACK_FREE (yyss1);
+ }
+# endif
+#endif /* no yyoverflow */
+
+ yyssp = yyss + yysize - 1;
+ yyvsp = yyvs + yysize - 1;
+
+
+ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+ (unsigned long int) yystacksize));
+
+ if (yyss + yystacksize - 1 <= yyssp)
+ YYABORT;
+ }
+
+ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+ goto yybackup;
+
+/*-----------.
+| yybackup. |
+`-----------*/
+yybackup:
+
+ /* Do appropriate processing given the current state. Read a
+ look-ahead token if we need one and don't already have one. */
+
+ /* First try to decide what to do without reference to look-ahead token. */
+ yyn = yypact[yystate];
+ if (yyn == YYPACT_NINF)
+ goto yydefault;
+
+ /* Not known => get a look-ahead token if don't already have one. */
+
+ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */
+ if (yychar == YYEMPTY)
+ {
+ YYDPRINTF ((stderr, "Reading a token: "));
+ yychar = YYLEX;
+ }
+
+ if (yychar <= YYEOF)
+ {
+ yychar = yytoken = YYEOF;
+ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+ else
+ {
+ yytoken = YYTRANSLATE (yychar);
+ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+ }
+
+ /* If the proper action on seeing token YYTOKEN is to reduce or to
+ detect an error, take that action. */
+ yyn += yytoken;
+ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+ goto yydefault;
+ yyn = yytable[yyn];
+ if (yyn <= 0)
+ {
+ if (yyn == 0 || yyn == YYTABLE_NINF)
+ goto yyerrlab;
+ yyn = -yyn;
+ goto yyreduce;
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ /* Count tokens shifted since error; after three, turn off error
+ status. */
+ if (yyerrstatus)
+ yyerrstatus--;
+
+ /* Shift the look-ahead token. */
+ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+ /* Discard the shifted token unless it is eof. */
+ if (yychar != YYEOF)
+ yychar = YYEMPTY;
+
+ yystate = yyn;
+ *++yyvsp = yylval;
+
+ goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state. |
+`-----------------------------------------------------------*/
+yydefault:
+ yyn = yydefact[yystate];
+ if (yyn == 0)
+ goto yyerrlab;
+ goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction. |
+`-----------------------------*/
+yyreduce:
+ /* yyn is the number of a rule to reduce with. */
+ yylen = yyr2[yyn];
+
+ /* If YYLEN is nonzero, implement the default value of the action:
+ `$$ = $1'.
+
+ Otherwise, the following line sets YYVAL to garbage.
+ This behavior is undocumented and Bison
+ users should not rely upon it. Assigning to YYVAL
+ unconditionally makes the parser a bit smaller, and it avoids a
+ GCC warning that YYVAL may be used uninitialized. */
+ yyval = yyvsp[1-yylen];
+
+
+ YY_REDUCE_PRINT (yyn);
+ switch (yyn)
+ {
+ case 2:
+#line 68 "slc-gram.y"
+ {
+ assignment = (yyvsp[(1) - (1)].assignment);
+ }
+ break;
+
+ case 3:
+#line 74 "slc-gram.y"
+ {
+ (yyvsp[(1) - (2)].assignment)->next = (yyvsp[(2) - (2)].assignment);
+ (yyval.assignment) = (yyvsp[(1) - (2)].assignment);
+ }
+ break;
+
+ case 5:
+#line 82 "slc-gram.y"
+ {
+ (yyval.assignment) = malloc(sizeof(*(yyval.assignment)));
+ (yyval.assignment)->name = (yyvsp[(1) - (3)].string);
+ (yyval.assignment)->type = a_value;
+ (yyval.assignment)->lineno = lineno;
+ (yyval.assignment)->u.value = (yyvsp[(3) - (3)].string);
+ (yyval.assignment)->next = NULL;
+ }
+ break;
+
+ case 6:
+#line 91 "slc-gram.y"
+ {
+ (yyval.assignment) = malloc(sizeof(*(yyval.assignment)));
+ (yyval.assignment)->name = (yyvsp[(1) - (5)].string);
+ (yyval.assignment)->type = a_assignment;
+ (yyval.assignment)->lineno = lineno;
+ (yyval.assignment)->u.assignment = (yyvsp[(4) - (5)].assignment);
+ (yyval.assignment)->next = NULL;
+ }
+ break;
+
+
+/* Line 1267 of yacc.c. */
+#line 1397 "slc-gram.c"
+ default: break;
+ }
+ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+
+ *++yyvsp = yyval;
+
+
+ /* Now `shift' the result of the reduction. Determine what state
+ that goes to, based on the state we popped back to and the rule
+ number reduced by. */
+
+ yyn = yyr1[yyn];
+
+ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+ yystate = yytable[yystate];
+ else
+ yystate = yydefgoto[yyn - YYNTOKENS];
+
+ goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+ /* If not already recovering from an error, report this error. */
+ if (!yyerrstatus)
+ {
+ ++yynerrs;
+#if ! YYERROR_VERBOSE
+ yyerror (YY_("syntax error"));
+#else
+ {
+ YYSIZE_T yysize = yysyntax_error (0, yystate, yychar);
+ if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM)
+ {
+ YYSIZE_T yyalloc = 2 * yysize;
+ if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM))
+ yyalloc = YYSTACK_ALLOC_MAXIMUM;
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+ yymsg = (char *) YYSTACK_ALLOC (yyalloc);
+ if (yymsg)
+ yymsg_alloc = yyalloc;
+ else
+ {
+ yymsg = yymsgbuf;
+ yymsg_alloc = sizeof yymsgbuf;
+ }
+ }
+
+ if (0 < yysize && yysize <= yymsg_alloc)
+ {
+ (void) yysyntax_error (yymsg, yystate, yychar);
+ yyerror (yymsg);
+ }
+ else
+ {
+ yyerror (YY_("syntax error"));
+ if (yysize != 0)
+ goto yyexhaustedlab;
+ }
+ }
+#endif
+ }
+
+
+
+ if (yyerrstatus == 3)
+ {
+ /* If just tried and failed to reuse look-ahead token after an
+ error, discard it. */
+
+ if (yychar <= YYEOF)
+ {
+ /* Return failure if at end of input. */
+ if (yychar == YYEOF)
+ YYABORT;
+ }
+ else
+ {
+ yydestruct ("Error: discarding",
+ yytoken, &yylval);
+ yychar = YYEMPTY;
+ }
+ }
+
+ /* Else will try to reuse look-ahead token after shifting the error
+ token. */
+ goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR. |
+`---------------------------------------------------*/
+yyerrorlab:
+
+ /* Pacify compilers like GCC when the user code never invokes
+ YYERROR and the label yyerrorlab therefore never appears in user
+ code. */
+ if (/*CONSTCOND*/ 0)
+ goto yyerrorlab;
+
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYERROR. */
+ YYPOPSTACK (yylen);
+ yylen = 0;
+ YY_STACK_PRINT (yyss, yyssp);
+ yystate = *yyssp;
+ goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR. |
+`-------------------------------------------------------------*/
+yyerrlab1:
+ yyerrstatus = 3; /* Each real token shifted decrements this. */
+
+ for (;;)
+ {
+ yyn = yypact[yystate];
+ if (yyn != YYPACT_NINF)
+ {
+ yyn += YYTERROR;
+ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+ {
+ yyn = yytable[yyn];
+ if (0 < yyn)
+ break;
+ }
+ }
+
+ /* Pop the current state because it cannot handle the error token. */
+ if (yyssp == yyss)
+ YYABORT;
+
+
+ yydestruct ("Error: popping",
+ yystos[yystate], yyvsp);
+ YYPOPSTACK (1);
+ yystate = *yyssp;
+ YY_STACK_PRINT (yyss, yyssp);
+ }
+
+ if (yyn == YYFINAL)
+ YYACCEPT;
+
+ *++yyvsp = yylval;
+
+
+ /* Shift the error token. */
+ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+ yystate = yyn;
+ goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here. |
+`-------------------------------------*/
+yyacceptlab:
+ yyresult = 0;
+ goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here. |
+`-----------------------------------*/
+yyabortlab:
+ yyresult = 1;
+ goto yyreturn;
+
+#ifndef yyoverflow
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here. |
+`-------------------------------------------------*/
+yyexhaustedlab:
+ yyerror (YY_("memory exhausted"));
+ yyresult = 2;
+ /* Fall through. */
+#endif
+
+yyreturn:
+ if (yychar != YYEOF && yychar != YYEMPTY)
+ yydestruct ("Cleanup: discarding lookahead",
+ yytoken, &yylval);
+ /* Do not reclaim the symbols of the rule which action triggered
+ this YYABORT or YYACCEPT. */
+ YYPOPSTACK (yylen);
+ YY_STACK_PRINT (yyss, yyssp);
+ while (yyssp != yyss)
+ {
+ yydestruct ("Cleanup: popping",
+ yystos[*yyssp], yyvsp);
+ YYPOPSTACK (1);
+ }
+#ifndef yyoverflow
+ if (yyss != yyssa)
+ YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+ if (yymsg != yymsgbuf)
+ YYSTACK_FREE (yymsg);
+#endif
+ /* Make sure YYID is used. */
+ return YYID (yyresult);
+}
+
+
+#line 101 "slc-gram.y"
+
+char *filename;
+FILE *cfile, *hfile;
+int error_flag;
+struct assignment *assignment;
+
+
+static void
+ex(struct assignment *a, const char *fmt, ...)
+{
+ va_list ap;
+ fprintf(stderr, "%s:%d: ", a->name, a->lineno);
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, "\n");
+}
+
+
+
+static int
+check_option(struct assignment *as)
+{
+ struct assignment *a;
+ int seen_long = 0;
+ int seen_short = 0;
+ int seen_type = 0;
+ int seen_argument = 0;
+ int seen_help = 0;
+ int seen_default = 0;
+ int ret = 0;
+
+ for(a = as; a != NULL; a = a->next) {
+ if(strcmp(a->name, "long") == 0)
+ seen_long++;
+ else if(strcmp(a->name, "short") == 0)
+ seen_short++;
+ else if(strcmp(a->name, "type") == 0)
+ seen_type++;
+ else if(strcmp(a->name, "argument") == 0)
+ seen_argument++;
+ else if(strcmp(a->name, "help") == 0)
+ seen_help++;
+ else if(strcmp(a->name, "default") == 0)
+ seen_default++;
+ else {
+ ex(a, "unknown name");
+ ret++;
+ }
+ }
+ if(seen_long == 0 && seen_short == 0) {
+ ex(as, "neither long nor short option");
+ ret++;
+ }
+ if(seen_long > 1) {
+ ex(as, "multiple long options");
+ ret++;
+ }
+ if(seen_short > 1) {
+ ex(as, "multiple short options");
+ ret++;
+ }
+ if(seen_type > 1) {
+ ex(as, "multiple types");
+ ret++;
+ }
+ if(seen_argument > 1) {
+ ex(as, "multiple arguments");
+ ret++;
+ }
+ if(seen_help > 1) {
+ ex(as, "multiple help strings");
+ ret++;
+ }
+ if(seen_default > 1) {
+ ex(as, "multiple default values");
+ ret++;
+ }
+ return ret;
+}
+
+static int
+check_command(struct assignment *as)
+{
+ struct assignment *a;
+ int seen_name = 0;
+ int seen_function = 0;
+ int seen_help = 0;
+ int seen_argument = 0;
+ int seen_minargs = 0;
+ int seen_maxargs = 0;
+ int ret = 0;
+ for(a = as; a != NULL; a = a->next) {
+ if(strcmp(a->name, "name") == 0)
+ seen_name++;
+ else if(strcmp(a->name, "function") == 0) {
+ seen_function++;
+ } else if(strcmp(a->name, "option") == 0)
+ ret += check_option(a->u.assignment);
+ else if(strcmp(a->name, "help") == 0) {
+ seen_help++;
+ } else if(strcmp(a->name, "argument") == 0) {
+ seen_argument++;
+ } else if(strcmp(a->name, "min_args") == 0) {
+ seen_minargs++;
+ } else if(strcmp(a->name, "max_args") == 0) {
+ seen_maxargs++;
+ } else {
+ ex(a, "unknown name");
+ ret++;
+ }
+ }
+ if(seen_name == 0) {
+ ex(as, "no command name");
+ ret++;
+ }
+ if(seen_function > 1) {
+ ex(as, "multiple function names");
+ ret++;
+ }
+ if(seen_help > 1) {
+ ex(as, "multiple help strings");
+ ret++;
+ }
+ if(seen_argument > 1) {
+ ex(as, "multiple argument strings");
+ ret++;
+ }
+ if(seen_minargs > 1) {
+ ex(as, "multiple min_args strings");
+ ret++;
+ }
+ if(seen_maxargs > 1) {
+ ex(as, "multiple max_args strings");
+ ret++;
+ }
+
+ return ret;
+}
+
+static int
+check(struct assignment *as)
+{
+ struct assignment *a;
+ int ret = 0;
+ for(a = as; a != NULL; a = a->next) {
+ if(strcmp(a->name, "command")) {
+ fprintf(stderr, "unknown type %s line %d\n", a->name, a->lineno);
+ ret++;
+ continue;
+ }
+ if(a->type != a_assignment) {
+ fprintf(stderr, "bad command definition %s line %d\n", a->name, a->lineno);
+ ret++;
+ continue;
+ }
+ ret += check_command(a->u.assignment);
+ }
+ return ret;
+}
+
+static struct assignment *
+find_next(struct assignment *as, const char *name)
+{
+ for(as = as->next; as != NULL; as = as->next) {
+ if(strcmp(as->name, name) == 0)
+ return as;
+ }
+ return NULL;
+}
+
+static struct assignment *
+find(struct assignment *as, const char *name)
+{
+ for(; as != NULL; as = as->next) {
+ if(strcmp(as->name, name) == 0)
+ return as;
+ }
+ return NULL;
+}
+
+static void
+space(FILE *f, int level)
+{
+ fprintf(f, "%*.*s", level * 4, level * 4, " ");
+}
+
+static void
+cprint(int level, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ space(cfile, level);
+ vfprintf(cfile, fmt, ap);
+ va_end(ap);
+}
+
+static void
+hprint(int level, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ space(hfile, level);
+ vfprintf(hfile, fmt, ap);
+ va_end(ap);
+}
+
+static void gen_name(char *str);
+
+static void
+gen_command(struct assignment *as)
+{
+ struct assignment *a, *b;
+ char *f;
+ a = find(as, "name");
+ f = strdup(a->u.value);
+ gen_name(f);
+ cprint(1, " { ");
+ fprintf(cfile, "\"%s\", ", a->u.value);
+ fprintf(cfile, "%s_wrap, ", f);
+ b = find(as, "argument");
+ if(b)
+ fprintf(cfile, "\"%s %s\", ", a->u.value, b->u.value);
+ else
+ fprintf(cfile, "\"%s\", ", a->u.value);
+ b = find(as, "help");
+ if(b)
+ fprintf(cfile, "\"%s\"", b->u.value);
+ else
+ fprintf(cfile, "NULL");
+ fprintf(cfile, " },\n");
+ for(a = a->next; a != NULL; a = a->next)
+ if(strcmp(a->name, "name") == 0)
+ cprint(1, " { \"%s\" },\n", a->u.value);
+ cprint(0, "\n");
+}
+
+static void
+gen_name(char *str)
+{
+ char *p;
+ for(p = str; *p != '\0'; p++)
+ if(!isalnum((unsigned char)*p))
+ *p = '_';
+}
+
+static char *
+make_name(struct assignment *as)
+{
+ struct assignment *lopt;
+ struct assignment *type;
+ char *s;
+
+ lopt = find(as, "long");
+ if(lopt == NULL)
+ lopt = find(as, "name");
+ if(lopt == NULL)
+ return NULL;
+
+ type = find(as, "type");
+ if(strcmp(type->u.value, "-flag") == 0)
+ asprintf(&s, "%s_flag", lopt->u.value);
+ else
+ asprintf(&s, "%s_%s", lopt->u.value, type->u.value);
+ gen_name(s);
+ return s;
+}
+
+
+static void defval_int(const char *name, struct assignment *defval)
+{
+ if(defval != NULL)
+ cprint(1, "opt.%s = %s;\n", name, defval->u.value);
+ else
+ cprint(1, "opt.%s = 0;\n", name);
+}
+static void defval_string(const char *name, struct assignment *defval)
+{
+ if(defval != NULL)
+ cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value);
+ else
+ cprint(1, "opt.%s = NULL;\n", name);
+}
+static void defval_strings(const char *name, struct assignment *defval)
+{
+ cprint(1, "opt.%s.num_strings = 0;\n", name);
+ cprint(1, "opt.%s.strings = NULL;\n", name);
+}
+
+static void free_strings(const char *name)
+{
+ cprint(1, "free_getarg_strings (&opt.%s);\n", name);
+}
+
+struct type_handler {
+ const char *typename;
+ const char *c_type;
+ const char *getarg_type;
+ void (*defval)(const char*, struct assignment*);
+ void (*free)(const char*);
+} type_handlers[] = {
+ { "integer",
+ "int",
+ "arg_integer",
+ defval_int,
+ NULL
+ },
+ { "string",
+ "char*",
+ "arg_string",
+ defval_string,
+ NULL
+ },
+ { "strings",
+ "struct getarg_strings",
+ "arg_strings",
+ defval_strings,
+ free_strings
+ },
+ { "flag",
+ "int",
+ "arg_flag",
+ defval_int,
+ NULL
+ },
+ { "-flag",
+ "int",
+ "arg_negative_flag",
+ defval_int,
+ NULL
+ },
+ { NULL }
+};
+
+static struct type_handler *find_handler(struct assignment *type)
+{
+ struct type_handler *th;
+ for(th = type_handlers; th->typename != NULL; th++)
+ if(strcmp(type->u.value, th->typename) == 0)
+ return th;
+ ex(type, "unknown type \"%s\"", type->u.value);
+ exit(1);
+}
+
+static void
+gen_options(struct assignment *opt1, const char *name)
+{
+ struct assignment *tmp;
+
+ hprint(0, "struct %s_options {\n", name);
+
+ for(tmp = opt1;
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ struct assignment *type;
+ struct type_handler *th;
+ char *s;
+
+ s = make_name(tmp->u.assignment);
+ type = find(tmp->u.assignment, "type");
+ th = find_handler(type);
+ hprint(1, "%s %s;\n", th->c_type, s);
+ free(s);
+ }
+ hprint(0, "};\n");
+}
+
+static void
+gen_wrapper(struct assignment *as)
+{
+ struct assignment *name;
+ struct assignment *arg;
+ struct assignment *opt1;
+ struct assignment *function;
+ struct assignment *tmp;
+ char *n, *f;
+ int nargs = 0;
+
+ name = find(as, "name");
+ n = strdup(name->u.value);
+ gen_name(n);
+ arg = find(as, "argument");
+ opt1 = find(as, "option");
+ function = find(as, "function");
+ if(function)
+ f = function->u.value;
+ else
+ f = n;
+
+
+ if(opt1 != NULL) {
+ gen_options(opt1, n);
+ hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n);
+ } else {
+ hprint(0, "int %s(void*, int, char **);\n", f);
+ }
+
+ fprintf(cfile, "static int\n");
+ fprintf(cfile, "%s_wrap(int argc, char **argv)\n", n);
+ fprintf(cfile, "{\n");
+ if(opt1 != NULL)
+ cprint(1, "struct %s_options opt;\n", n);
+ cprint(1, "int ret;\n");
+ cprint(1, "int optidx = 0;\n");
+ cprint(1, "struct getargs args[] = {\n");
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ struct assignment *type = find(tmp->u.assignment, "type");
+ struct assignment *lopt = find(tmp->u.assignment, "long");
+ struct assignment *sopt = find(tmp->u.assignment, "short");
+ struct assignment *aarg = find(tmp->u.assignment, "argument");
+ struct assignment *help = find(tmp->u.assignment, "help");
+
+ struct type_handler *th;
+
+ cprint(2, "{ ");
+ if(lopt)
+ fprintf(cfile, "\"%s\", ", lopt->u.value);
+ else
+ fprintf(cfile, "NULL, ");
+ if(sopt)
+ fprintf(cfile, "'%c', ", *sopt->u.value);
+ else
+ fprintf(cfile, "0, ");
+ th = find_handler(type);
+ fprintf(cfile, "%s, ", th->getarg_type);
+ fprintf(cfile, "NULL, ");
+ if(help)
+ fprintf(cfile, "\"%s\", ", help->u.value);
+ else
+ fprintf(cfile, "NULL, ");
+ if(aarg)
+ fprintf(cfile, "\"%s\"", aarg->u.value);
+ else
+ fprintf(cfile, "NULL");
+ fprintf(cfile, " },\n");
+ }
+ cprint(2, "{ \"help\", 'h', arg_flag, NULL, NULL, NULL }\n");
+ cprint(1, "};\n");
+ cprint(1, "int help_flag = 0;\n");
+
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ struct assignment *type = find(tmp->u.assignment, "type");
+
+ struct assignment *defval = find(tmp->u.assignment, "default");
+
+ struct type_handler *th;
+
+ s = make_name(tmp->u.assignment);
+ th = find_handler(type);
+ (*th->defval)(s, defval);
+ free(s);
+ }
+
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ s = make_name(tmp->u.assignment);
+ cprint(1, "args[%d].value = &opt.%s;\n", nargs++, s);
+ free(s);
+ }
+ cprint(1, "args[%d].value = &help_flag;\n", nargs++);
+ cprint(1, "if(getarg(args, %d, argc, argv, &optidx))\n", nargs);
+ cprint(2, "goto usage;\n");
+
+ {
+ int min_args = -1;
+ int max_args = -1;
+ char *end;
+ if(arg == NULL) {
+ max_args = 0;
+ } else {
+ if((tmp = find(as, "min_args")) != NULL) {
+ min_args = strtol(tmp->u.value, &end, 0);
+ if(*end != '\0') {
+ ex(tmp, "min_args is not numeric");
+ exit(1);
+ }
+ if(min_args < 0) {
+ ex(tmp, "min_args must be non-negative");
+ exit(1);
+ }
+ }
+ if((tmp = find(as, "max_args")) != NULL) {
+ max_args = strtol(tmp->u.value, &end, 0);
+ if(*end != '\0') {
+ ex(tmp, "max_args is not numeric");
+ exit(1);
+ }
+ if(max_args < 0) {
+ ex(tmp, "max_args must be non-negative");
+ exit(1);
+ }
+ }
+ }
+ if(min_args != -1 || max_args != -1) {
+ if(min_args == max_args) {
+ cprint(1, "if(argc - optidx != %d) {\n",
+ min_args);
+ cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args);
+ cprint(2, "goto usage;\n");
+ cprint(1, "}\n");
+ } else {
+ if(max_args != -1) {
+ cprint(1, "if(argc - optidx > %d) {\n", max_args);
+ cprint(2, "fprintf(stderr, \"Arguments given (%%u) are more than expected (%u).\\n\\n\", argc - optidx);\n", max_args);
+ cprint(2, "goto usage;\n");
+ cprint(1, "}\n");
+ }
+ if(min_args != -1) {
+ cprint(1, "if(argc - optidx < %d) {\n", min_args);
+ cprint(2, "fprintf(stderr, \"Arguments given (%%u) are less than expected (%u).\\n\\n\", argc - optidx);\n", min_args);
+ cprint(2, "goto usage;\n");
+ cprint(1, "}\n");
+ }
+ }
+ }
+ }
+
+ cprint(1, "if(help_flag)\n");
+ cprint(2, "goto usage;\n");
+
+ cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n",
+ f, opt1 ? "&opt": "NULL");
+
+ /* free allocated data */
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ struct assignment *type = find(tmp->u.assignment, "type");
+ struct type_handler *th;
+ th = find_handler(type);
+ if(th->free == NULL)
+ continue;
+ s = make_name(tmp->u.assignment);
+ (*th->free)(s);
+ free(s);
+ }
+ cprint(1, "return ret;\n");
+
+ cprint(0, "usage:\n");
+ cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs,
+ name->u.value, arg ? arg->u.value : "");
+ /* free allocated data */
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ struct assignment *type = find(tmp->u.assignment, "type");
+ struct type_handler *th;
+ th = find_handler(type);
+ if(th->free == NULL)
+ continue;
+ s = make_name(tmp->u.assignment);
+ (*th->free)(s);
+ free(s);
+ }
+ cprint(1, "return 0;\n");
+ cprint(0, "}\n");
+ cprint(0, "\n");
+}
+
+char cname[PATH_MAX];
+char hname[PATH_MAX];
+
+static void
+gen(struct assignment *as)
+{
+ struct assignment *a;
+ cprint(0, "#include <stdio.h>\n");
+ cprint(0, "#include <getarg.h>\n");
+ cprint(0, "#include <sl.h>\n");
+ cprint(0, "#include \"%s\"\n\n", hname);
+
+ hprint(0, "#include <stdio.h>\n");
+ hprint(0, "#include <sl.h>\n");
+ hprint(0, "\n");
+
+
+ for(a = as; a != NULL; a = a->next)
+ gen_wrapper(a->u.assignment);
+
+ cprint(0, "SL_cmd commands[] = {\n");
+ for(a = as; a != NULL; a = a->next)
+ gen_command(a->u.assignment);
+ cprint(1, "{ NULL }\n");
+ cprint(0, "};\n");
+
+ hprint(0, "extern SL_cmd commands[];\n");
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "command-table");
+ exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *p;
+
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(argc == optidx)
+ usage(1);
+
+ filename = argv[optidx];
+ yyin = fopen(filename, "r");
+ if(yyin == NULL)
+ err(1, "%s", filename);
+ p = strrchr(filename, '/');
+ if(p)
+ strlcpy(cname, p + 1, sizeof(cname));
+ else
+ strlcpy(cname, filename, sizeof(cname));
+ p = strrchr(cname, '.');
+ if(p)
+ *p = '\0';
+ strlcpy(hname, cname, sizeof(hname));
+ strlcat(cname, ".c", sizeof(cname));
+ strlcat(hname, ".h", sizeof(hname));
+ yyparse();
+ if(error_flag)
+ exit(1);
+ if(check(assignment) == 0) {
+ cfile = fopen(cname, "w");
+ if(cfile == NULL)
+ err(1, "%s", cname);
+ hfile = fopen(hname, "w");
+ if(hfile == NULL)
+ err(1, "%s", hname);
+ gen(assignment);
+ fclose(cfile);
+ fclose(hfile);
+ }
+ fclose(yyin);
+ return 0;
+}
+
Added: vendor-crypto/heimdal/dist/lib/sl/slc-gram.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/slc-gram.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/slc-gram.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+/* A Bison parser, made by GNU Bison 2.3. */
+
+/* Skeleton interface for Bison's Yacc-like parsers in C
+
+ Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+/* As a special exception, you may create a larger work that contains
+ part or all of the Bison parser skeleton and distribute that work
+ under terms of your choice, so long as that work isn't itself a
+ parser generator using the skeleton or a modified version thereof
+ as a parser skeleton. Alternatively, if you modify or redistribute
+ the parser skeleton itself, you may (at your option) remove this
+ special exception, which will cause the skeleton and the resulting
+ Bison output files to be licensed under the GNU General Public
+ License without this special exception.
+
+ This special exception was added by the Free Software Foundation in
+ version 2.2 of Bison. */
+
+/* Tokens. */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+ /* Put the tokens into the symbol table, so that GDB and other debuggers
+ know about them. */
+ enum yytokentype {
+ LITERAL = 258,
+ STRING = 259
+ };
+#endif
+/* Tokens. */
+#define LITERAL 258
+#define STRING 259
+
+
+
+
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+typedef union YYSTYPE
+#line 54 "slc-gram.y"
+{
+ char *string;
+ struct assignment *assignment;
+}
+/* Line 1529 of yacc.c. */
+#line 62 "slc-gram.h"
+ YYSTYPE;
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+extern YYSTYPE yylval;
+
Added: vendor-crypto/heimdal/dist/lib/sl/slc-gram.y
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/slc-gram.y (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/slc-gram.y 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,765 @@
+%{
+/*
+ * Copyright (c) 2004-2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: slc-gram.y,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <err.h>
+#include <ctype.h>
+#include <limits.h>
+#include <getarg.h>
+#include <vers.h>
+#include <roken.h>
+
+#include "slc.h"
+extern FILE *yyin;
+extern struct assignment *assignment;
+extern int yyparse(void);
+%}
+
+%union {
+ char *string;
+ struct assignment *assignment;
+}
+
+%token <string> LITERAL
+%token <string> STRING
+%type <assignment> assignment assignments
+
+%start start
+
+%%
+
+start : assignments
+ {
+ assignment = $1;
+ }
+ ;
+
+assignments : assignment assignments
+ {
+ $1->next = $2;
+ $$ = $1;
+ }
+ | assignment
+ ;
+
+assignment : LITERAL '=' STRING
+ {
+ $$ = malloc(sizeof(*$$));
+ $$->name = $1;
+ $$->type = a_value;
+ $$->lineno = lineno;
+ $$->u.value = $3;
+ $$->next = NULL;
+ }
+ | LITERAL '=' '{' assignments '}'
+ {
+ $$ = malloc(sizeof(*$$));
+ $$->name = $1;
+ $$->type = a_assignment;
+ $$->lineno = lineno;
+ $$->u.assignment = $4;
+ $$->next = NULL;
+ }
+ ;
+
+%%
+char *filename;
+FILE *cfile, *hfile;
+int error_flag;
+struct assignment *assignment;
+
+
+static void
+ex(struct assignment *a, const char *fmt, ...)
+{
+ va_list ap;
+ fprintf(stderr, "%s:%d: ", a->name, a->lineno);
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ fprintf(stderr, "\n");
+}
+
+
+
+static int
+check_option(struct assignment *as)
+{
+ struct assignment *a;
+ int seen_long = 0;
+ int seen_short = 0;
+ int seen_type = 0;
+ int seen_argument = 0;
+ int seen_help = 0;
+ int seen_default = 0;
+ int ret = 0;
+
+ for(a = as; a != NULL; a = a->next) {
+ if(strcmp(a->name, "long") == 0)
+ seen_long++;
+ else if(strcmp(a->name, "short") == 0)
+ seen_short++;
+ else if(strcmp(a->name, "type") == 0)
+ seen_type++;
+ else if(strcmp(a->name, "argument") == 0)
+ seen_argument++;
+ else if(strcmp(a->name, "help") == 0)
+ seen_help++;
+ else if(strcmp(a->name, "default") == 0)
+ seen_default++;
+ else {
+ ex(a, "unknown name");
+ ret++;
+ }
+ }
+ if(seen_long == 0 && seen_short == 0) {
+ ex(as, "neither long nor short option");
+ ret++;
+ }
+ if(seen_long > 1) {
+ ex(as, "multiple long options");
+ ret++;
+ }
+ if(seen_short > 1) {
+ ex(as, "multiple short options");
+ ret++;
+ }
+ if(seen_type > 1) {
+ ex(as, "multiple types");
+ ret++;
+ }
+ if(seen_argument > 1) {
+ ex(as, "multiple arguments");
+ ret++;
+ }
+ if(seen_help > 1) {
+ ex(as, "multiple help strings");
+ ret++;
+ }
+ if(seen_default > 1) {
+ ex(as, "multiple default values");
+ ret++;
+ }
+ return ret;
+}
+
+static int
+check_command(struct assignment *as)
+{
+ struct assignment *a;
+ int seen_name = 0;
+ int seen_function = 0;
+ int seen_help = 0;
+ int seen_argument = 0;
+ int seen_minargs = 0;
+ int seen_maxargs = 0;
+ int ret = 0;
+ for(a = as; a != NULL; a = a->next) {
+ if(strcmp(a->name, "name") == 0)
+ seen_name++;
+ else if(strcmp(a->name, "function") == 0) {
+ seen_function++;
+ } else if(strcmp(a->name, "option") == 0)
+ ret += check_option(a->u.assignment);
+ else if(strcmp(a->name, "help") == 0) {
+ seen_help++;
+ } else if(strcmp(a->name, "argument") == 0) {
+ seen_argument++;
+ } else if(strcmp(a->name, "min_args") == 0) {
+ seen_minargs++;
+ } else if(strcmp(a->name, "max_args") == 0) {
+ seen_maxargs++;
+ } else {
+ ex(a, "unknown name");
+ ret++;
+ }
+ }
+ if(seen_name == 0) {
+ ex(as, "no command name");
+ ret++;
+ }
+ if(seen_function > 1) {
+ ex(as, "multiple function names");
+ ret++;
+ }
+ if(seen_help > 1) {
+ ex(as, "multiple help strings");
+ ret++;
+ }
+ if(seen_argument > 1) {
+ ex(as, "multiple argument strings");
+ ret++;
+ }
+ if(seen_minargs > 1) {
+ ex(as, "multiple min_args strings");
+ ret++;
+ }
+ if(seen_maxargs > 1) {
+ ex(as, "multiple max_args strings");
+ ret++;
+ }
+
+ return ret;
+}
+
+static int
+check(struct assignment *as)
+{
+ struct assignment *a;
+ int ret = 0;
+ for(a = as; a != NULL; a = a->next) {
+ if(strcmp(a->name, "command")) {
+ fprintf(stderr, "unknown type %s line %d\n", a->name, a->lineno);
+ ret++;
+ continue;
+ }
+ if(a->type != a_assignment) {
+ fprintf(stderr, "bad command definition %s line %d\n", a->name, a->lineno);
+ ret++;
+ continue;
+ }
+ ret += check_command(a->u.assignment);
+ }
+ return ret;
+}
+
+static struct assignment *
+find_next(struct assignment *as, const char *name)
+{
+ for(as = as->next; as != NULL; as = as->next) {
+ if(strcmp(as->name, name) == 0)
+ return as;
+ }
+ return NULL;
+}
+
+static struct assignment *
+find(struct assignment *as, const char *name)
+{
+ for(; as != NULL; as = as->next) {
+ if(strcmp(as->name, name) == 0)
+ return as;
+ }
+ return NULL;
+}
+
+static void
+space(FILE *f, int level)
+{
+ fprintf(f, "%*.*s", level * 4, level * 4, " ");
+}
+
+static void
+cprint(int level, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ space(cfile, level);
+ vfprintf(cfile, fmt, ap);
+ va_end(ap);
+}
+
+static void
+hprint(int level, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ space(hfile, level);
+ vfprintf(hfile, fmt, ap);
+ va_end(ap);
+}
+
+static void gen_name(char *str);
+
+static void
+gen_command(struct assignment *as)
+{
+ struct assignment *a, *b;
+ char *f;
+ a = find(as, "name");
+ f = strdup(a->u.value);
+ gen_name(f);
+ cprint(1, " { ");
+ fprintf(cfile, "\"%s\", ", a->u.value);
+ fprintf(cfile, "%s_wrap, ", f);
+ b = find(as, "argument");
+ if(b)
+ fprintf(cfile, "\"%s %s\", ", a->u.value, b->u.value);
+ else
+ fprintf(cfile, "\"%s\", ", a->u.value);
+ b = find(as, "help");
+ if(b)
+ fprintf(cfile, "\"%s\"", b->u.value);
+ else
+ fprintf(cfile, "NULL");
+ fprintf(cfile, " },\n");
+ for(a = a->next; a != NULL; a = a->next)
+ if(strcmp(a->name, "name") == 0)
+ cprint(1, " { \"%s\" },\n", a->u.value);
+ cprint(0, "\n");
+}
+
+static void
+gen_name(char *str)
+{
+ char *p;
+ for(p = str; *p != '\0'; p++)
+ if(!isalnum((unsigned char)*p))
+ *p = '_';
+}
+
+static char *
+make_name(struct assignment *as)
+{
+ struct assignment *lopt;
+ struct assignment *type;
+ char *s;
+
+ lopt = find(as, "long");
+ if(lopt == NULL)
+ lopt = find(as, "name");
+ if(lopt == NULL)
+ return NULL;
+
+ type = find(as, "type");
+ if(strcmp(type->u.value, "-flag") == 0)
+ asprintf(&s, "%s_flag", lopt->u.value);
+ else
+ asprintf(&s, "%s_%s", lopt->u.value, type->u.value);
+ gen_name(s);
+ return s;
+}
+
+
+static void defval_int(const char *name, struct assignment *defval)
+{
+ if(defval != NULL)
+ cprint(1, "opt.%s = %s;\n", name, defval->u.value);
+ else
+ cprint(1, "opt.%s = 0;\n", name);
+}
+static void defval_string(const char *name, struct assignment *defval)
+{
+ if(defval != NULL)
+ cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value);
+ else
+ cprint(1, "opt.%s = NULL;\n", name);
+}
+static void defval_strings(const char *name, struct assignment *defval)
+{
+ cprint(1, "opt.%s.num_strings = 0;\n", name);
+ cprint(1, "opt.%s.strings = NULL;\n", name);
+}
+
+static void free_strings(const char *name)
+{
+ cprint(1, "free_getarg_strings (&opt.%s);\n", name);
+}
+
+struct type_handler {
+ const char *typename;
+ const char *c_type;
+ const char *getarg_type;
+ void (*defval)(const char*, struct assignment*);
+ void (*free)(const char*);
+} type_handlers[] = {
+ { "integer",
+ "int",
+ "arg_integer",
+ defval_int,
+ NULL
+ },
+ { "string",
+ "char*",
+ "arg_string",
+ defval_string,
+ NULL
+ },
+ { "strings",
+ "struct getarg_strings",
+ "arg_strings",
+ defval_strings,
+ free_strings
+ },
+ { "flag",
+ "int",
+ "arg_flag",
+ defval_int,
+ NULL
+ },
+ { "-flag",
+ "int",
+ "arg_negative_flag",
+ defval_int,
+ NULL
+ },
+ { NULL }
+};
+
+static struct type_handler *find_handler(struct assignment *type)
+{
+ struct type_handler *th;
+ for(th = type_handlers; th->typename != NULL; th++)
+ if(strcmp(type->u.value, th->typename) == 0)
+ return th;
+ ex(type, "unknown type \"%s\"", type->u.value);
+ exit(1);
+}
+
+static void
+gen_options(struct assignment *opt1, const char *name)
+{
+ struct assignment *tmp;
+
+ hprint(0, "struct %s_options {\n", name);
+
+ for(tmp = opt1;
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ struct assignment *type;
+ struct type_handler *th;
+ char *s;
+
+ s = make_name(tmp->u.assignment);
+ type = find(tmp->u.assignment, "type");
+ th = find_handler(type);
+ hprint(1, "%s %s;\n", th->c_type, s);
+ free(s);
+ }
+ hprint(0, "};\n");
+}
+
+static void
+gen_wrapper(struct assignment *as)
+{
+ struct assignment *name;
+ struct assignment *arg;
+ struct assignment *opt1;
+ struct assignment *function;
+ struct assignment *tmp;
+ char *n, *f;
+ int nargs = 0;
+
+ name = find(as, "name");
+ n = strdup(name->u.value);
+ gen_name(n);
+ arg = find(as, "argument");
+ opt1 = find(as, "option");
+ function = find(as, "function");
+ if(function)
+ f = function->u.value;
+ else
+ f = n;
+
+
+ if(opt1 != NULL) {
+ gen_options(opt1, n);
+ hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n);
+ } else {
+ hprint(0, "int %s(void*, int, char **);\n", f);
+ }
+
+ fprintf(cfile, "static int\n");
+ fprintf(cfile, "%s_wrap(int argc, char **argv)\n", n);
+ fprintf(cfile, "{\n");
+ if(opt1 != NULL)
+ cprint(1, "struct %s_options opt;\n", n);
+ cprint(1, "int ret;\n");
+ cprint(1, "int optidx = 0;\n");
+ cprint(1, "struct getargs args[] = {\n");
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ struct assignment *type = find(tmp->u.assignment, "type");
+ struct assignment *lopt = find(tmp->u.assignment, "long");
+ struct assignment *sopt = find(tmp->u.assignment, "short");
+ struct assignment *aarg = find(tmp->u.assignment, "argument");
+ struct assignment *help = find(tmp->u.assignment, "help");
+
+ struct type_handler *th;
+
+ cprint(2, "{ ");
+ if(lopt)
+ fprintf(cfile, "\"%s\", ", lopt->u.value);
+ else
+ fprintf(cfile, "NULL, ");
+ if(sopt)
+ fprintf(cfile, "'%c', ", *sopt->u.value);
+ else
+ fprintf(cfile, "0, ");
+ th = find_handler(type);
+ fprintf(cfile, "%s, ", th->getarg_type);
+ fprintf(cfile, "NULL, ");
+ if(help)
+ fprintf(cfile, "\"%s\", ", help->u.value);
+ else
+ fprintf(cfile, "NULL, ");
+ if(aarg)
+ fprintf(cfile, "\"%s\"", aarg->u.value);
+ else
+ fprintf(cfile, "NULL");
+ fprintf(cfile, " },\n");
+ }
+ cprint(2, "{ \"help\", 'h', arg_flag, NULL, NULL, NULL }\n");
+ cprint(1, "};\n");
+ cprint(1, "int help_flag = 0;\n");
+
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ struct assignment *type = find(tmp->u.assignment, "type");
+
+ struct assignment *defval = find(tmp->u.assignment, "default");
+
+ struct type_handler *th;
+
+ s = make_name(tmp->u.assignment);
+ th = find_handler(type);
+ (*th->defval)(s, defval);
+ free(s);
+ }
+
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ s = make_name(tmp->u.assignment);
+ cprint(1, "args[%d].value = &opt.%s;\n", nargs++, s);
+ free(s);
+ }
+ cprint(1, "args[%d].value = &help_flag;\n", nargs++);
+ cprint(1, "if(getarg(args, %d, argc, argv, &optidx))\n", nargs);
+ cprint(2, "goto usage;\n");
+
+ {
+ int min_args = -1;
+ int max_args = -1;
+ char *end;
+ if(arg == NULL) {
+ max_args = 0;
+ } else {
+ if((tmp = find(as, "min_args")) != NULL) {
+ min_args = strtol(tmp->u.value, &end, 0);
+ if(*end != '\0') {
+ ex(tmp, "min_args is not numeric");
+ exit(1);
+ }
+ if(min_args < 0) {
+ ex(tmp, "min_args must be non-negative");
+ exit(1);
+ }
+ }
+ if((tmp = find(as, "max_args")) != NULL) {
+ max_args = strtol(tmp->u.value, &end, 0);
+ if(*end != '\0') {
+ ex(tmp, "max_args is not numeric");
+ exit(1);
+ }
+ if(max_args < 0) {
+ ex(tmp, "max_args must be non-negative");
+ exit(1);
+ }
+ }
+ }
+ if(min_args != -1 || max_args != -1) {
+ if(min_args == max_args) {
+ cprint(1, "if(argc - optidx != %d) {\n",
+ min_args);
+ cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args);
+ cprint(2, "goto usage;\n");
+ cprint(1, "}\n");
+ } else {
+ if(max_args != -1) {
+ cprint(1, "if(argc - optidx > %d) {\n", max_args);
+ cprint(2, "fprintf(stderr, \"Arguments given (%%u) are more than expected (%u).\\n\\n\", argc - optidx);\n", max_args);
+ cprint(2, "goto usage;\n");
+ cprint(1, "}\n");
+ }
+ if(min_args != -1) {
+ cprint(1, "if(argc - optidx < %d) {\n", min_args);
+ cprint(2, "fprintf(stderr, \"Arguments given (%%u) are less than expected (%u).\\n\\n\", argc - optidx);\n", min_args);
+ cprint(2, "goto usage;\n");
+ cprint(1, "}\n");
+ }
+ }
+ }
+ }
+
+ cprint(1, "if(help_flag)\n");
+ cprint(2, "goto usage;\n");
+
+ cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n",
+ f, opt1 ? "&opt": "NULL");
+
+ /* free allocated data */
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ struct assignment *type = find(tmp->u.assignment, "type");
+ struct type_handler *th;
+ th = find_handler(type);
+ if(th->free == NULL)
+ continue;
+ s = make_name(tmp->u.assignment);
+ (*th->free)(s);
+ free(s);
+ }
+ cprint(1, "return ret;\n");
+
+ cprint(0, "usage:\n");
+ cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs,
+ name->u.value, arg ? arg->u.value : "");
+ /* free allocated data */
+ for(tmp = find(as, "option");
+ tmp != NULL;
+ tmp = find_next(tmp, "option")) {
+ char *s;
+ struct assignment *type = find(tmp->u.assignment, "type");
+ struct type_handler *th;
+ th = find_handler(type);
+ if(th->free == NULL)
+ continue;
+ s = make_name(tmp->u.assignment);
+ (*th->free)(s);
+ free(s);
+ }
+ cprint(1, "return 0;\n");
+ cprint(0, "}\n");
+ cprint(0, "\n");
+}
+
+char cname[PATH_MAX];
+char hname[PATH_MAX];
+
+static void
+gen(struct assignment *as)
+{
+ struct assignment *a;
+ cprint(0, "#include <stdio.h>\n");
+ cprint(0, "#include <getarg.h>\n");
+ cprint(0, "#include <sl.h>\n");
+ cprint(0, "#include \"%s\"\n\n", hname);
+
+ hprint(0, "#include <stdio.h>\n");
+ hprint(0, "#include <sl.h>\n");
+ hprint(0, "\n");
+
+
+ for(a = as; a != NULL; a = a->next)
+ gen_wrapper(a->u.assignment);
+
+ cprint(0, "SL_cmd commands[] = {\n");
+ for(a = as; a != NULL; a = a->next)
+ gen_command(a->u.assignment);
+ cprint(1, "{ NULL }\n");
+ cprint(0, "};\n");
+
+ hprint(0, "extern SL_cmd commands[];\n");
+}
+
+int version_flag;
+int help_flag;
+struct getargs args[] = {
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+int num_args = sizeof(args) / sizeof(args[0]);
+
+static void
+usage(int code)
+{
+ arg_printusage(args, num_args, NULL, "command-table");
+ exit(code);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *p;
+
+ int optidx = 0;
+
+ setprogname(argv[0]);
+ if(getarg(args, num_args, argc, argv, &optidx))
+ usage(1);
+ if(help_flag)
+ usage(0);
+ if(version_flag) {
+ print_version(NULL);
+ exit(0);
+ }
+
+ if(argc == optidx)
+ usage(1);
+
+ filename = argv[optidx];
+ yyin = fopen(filename, "r");
+ if(yyin == NULL)
+ err(1, "%s", filename);
+ p = strrchr(filename, '/');
+ if(p)
+ strlcpy(cname, p + 1, sizeof(cname));
+ else
+ strlcpy(cname, filename, sizeof(cname));
+ p = strrchr(cname, '.');
+ if(p)
+ *p = '\0';
+ strlcpy(hname, cname, sizeof(hname));
+ strlcat(cname, ".c", sizeof(cname));
+ strlcat(hname, ".h", sizeof(hname));
+ yyparse();
+ if(error_flag)
+ exit(1);
+ if(check(assignment) == 0) {
+ cfile = fopen(cname, "w");
+ if(cfile == NULL)
+ err(1, "%s", cname);
+ hfile = fopen(hname, "w");
+ if(hfile == NULL)
+ err(1, "%s", hname);
+ gen(assignment);
+ fclose(cfile);
+ fclose(hfile);
+ }
+ fclose(yyin);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/sl/slc-lex.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/slc-lex.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/slc-lex.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1877 @@
+
+#line 3 "slc-lex.c"
+
+#define YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 33
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if __STDC_VERSION__ >= 199901L
+
+/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
+ * if you want the limit (max/min) macros for int types.
+ */
+#ifndef __STDC_LIMIT_MACROS
+#define __STDC_LIMIT_MACROS 1
+#endif
+
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index. If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition. This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state. The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart(yyin )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+/* The state buf must be large enough to hold one state per character in the main buffer.
+ */
+#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int yyleng;
+
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+ #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ *yy_cp = (yy_hold_char); \
+ YY_RESTORE_YY_MORE_OFFSET \
+ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } \
+ while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr) )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+ {
+ FILE *yy_input_file;
+
+ char *yy_ch_buf; /* input buffer */
+ char *yy_buf_pos; /* current position in input buffer */
+
+ /* Size of input buffer in bytes, not including room for EOB
+ * characters.
+ */
+ yy_size_t yy_buf_size;
+
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+ int yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+ * delete it.
+ */
+ int yy_is_our_buffer;
+
+ /* Whether this is an "interactive" input source; if so, and
+ * if we're using stdio for input, then we want to use getc()
+ * instead of fread(), to make sure we stop fetching input after
+ * each newline.
+ */
+ int yy_is_interactive;
+
+ /* Whether we're considered to be at the beginning of a line.
+ * If so, '^' rules will be active on the next match, otherwise
+ * not.
+ */
+ int yy_at_bol;
+
+ int yy_bs_lineno; /**< The line count. */
+ int yy_bs_column; /**< The column count. */
+
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+ /* When an EOF's been seen but there's still some text to process
+ * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+ * shouldn't try reading from the input source any more. We might
+ * still have a bunch of tokens to match, though, because of
+ * possible backing-up.
+ *
+ * When we actually see the EOF, we change the status to "new"
+ * (via yyrestart()), so that the user can continue scanning by
+ * just pointing yyin at a new input file.
+ */
+#define YY_BUFFER_EOF_PENDING 2
+
+ };
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+ : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 0; /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin. A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart (FILE *input_file );
+void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
+YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
+void yy_delete_buffer (YY_BUFFER_STATE b );
+void yy_flush_buffer (YY_BUFFER_STATE b );
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
+void yypop_buffer_state (void );
+
+static void yyensure_buffer_stack (void );
+static void yy_load_buffer_state (void );
+static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
+
+#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
+YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
+YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len );
+
+void *yyalloc (yy_size_t );
+void *yyrealloc (void *,yy_size_t );
+void yyfree (void * );
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){ \
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ }
+
+#define yy_set_bol(at_bol) \
+ { \
+ if ( ! YY_CURRENT_BUFFER ){\
+ yyensure_buffer_stack (); \
+ YY_CURRENT_BUFFER_LVALUE = \
+ yy_create_buffer(yyin,YY_BUF_SIZE ); \
+ } \
+ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ }
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+typedef unsigned char YY_CHAR;
+
+FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int yylineno;
+
+int yylineno = 1;
+
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[] );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION \
+ (yytext_ptr) = yy_bp; \
+ yyleng = (size_t) (yy_cp - yy_bp); \
+ (yy_hold_char) = *yy_cp; \
+ *yy_cp = '\0'; \
+ (yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 7
+#define YY_END_OF_BUFFER 8
+/* This struct is not used in this scanner,
+ but its presence is necessary. */
+struct yy_trans_info
+ {
+ flex_int32_t yy_verify;
+ flex_int32_t yy_nxt;
+ };
+static yyconst flex_int16_t yy_accept[14] =
+ { 0,
+ 0, 0, 8, 7, 6, 3, 2, 7, 5, 1,
+ 4, 1, 0
+ } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 1, 4, 1, 1, 1, 1, 1, 1,
+ 1, 5, 1, 1, 6, 1, 7, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 1, 1, 1,
+ 8, 1, 1, 1, 9, 9, 9, 9, 9, 9,
+ 9, 9, 9, 9, 9, 9, 9, 9, 9, 9,
+ 9, 9, 9, 9, 9, 9, 9, 9, 9, 9,
+ 1, 1, 1, 1, 6, 1, 9, 9, 9, 9,
+
+ 9, 9, 9, 9, 9, 9, 9, 9, 9, 9,
+ 9, 9, 9, 9, 9, 9, 9, 9, 9, 9,
+ 9, 9, 8, 1, 8, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1
+ } ;
+
+static yyconst flex_int32_t yy_meta[10] =
+ { 0,
+ 1, 1, 1, 1, 1, 2, 1, 1, 2
+ } ;
+
+static yyconst flex_int16_t yy_base[15] =
+ { 0,
+ 0, 0, 12, 13, 13, 13, 13, 6, 13, 0,
+ 13, 0, 13, 8
+ } ;
+
+static yyconst flex_int16_t yy_def[15] =
+ { 0,
+ 13, 1, 13, 13, 13, 13, 13, 13, 13, 14,
+ 13, 14, 0, 13
+ } ;
+
+static yyconst flex_int16_t yy_nxt[23] =
+ { 0,
+ 4, 5, 6, 7, 4, 4, 8, 9, 10, 12,
+ 11, 13, 3, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13
+ } ;
+
+static yyconst flex_int16_t yy_chk[23] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 14,
+ 8, 3, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13
+ } ;
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+extern int yy_flex_debug;
+int yy_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "slc-lex.l"
+#line 2 "slc-lex.l"
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: slc-lex.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#undef ECHO
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include "slc.h"
+#include "slc-gram.h"
+unsigned lineno = 1;
+
+static void handle_comment(void);
+static char * handle_string(void);
+
+#define YY_NO_UNPUT
+
+#undef ECHO
+
+#line 513 "slc-lex.c"
+
+#define INITIAL 0
+
+#ifndef YY_NO_UNISTD_H
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+#endif
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+static int yy_init_globals (void );
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap (void );
+#else
+extern int yywrap (void );
+#endif
+#endif
+
+ static void yyunput (int c,char *buf_ptr );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#endif
+
+/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ { \
+ int c = '*'; \
+ size_t n; \
+ for ( n = 0; n < max_size && \
+ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ buf[n] = (char) c; \
+ if ( c == '\n' ) \
+ buf[n++] = (char) c; \
+ if ( c == EOF && ferror( yyin ) ) \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ result = n; \
+ } \
+ else \
+ { \
+ errno=0; \
+ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
+ { \
+ if( errno != EINTR) \
+ { \
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ break; \
+ } \
+ errno=0; \
+ clearerr(yyin); \
+ } \
+ }\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int yylex (void);
+
+#define YY_DECL int yylex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+ YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
+
+#line 55 "slc-lex.l"
+
+#line 668 "slc-lex.c"
+
+ if ( !(yy_init) )
+ {
+ (yy_init) = 1;
+
+#ifdef YY_USER_INIT
+ YY_USER_INIT;
+#endif
+
+ if ( ! (yy_start) )
+ (yy_start) = 1; /* first start state */
+
+ if ( ! yyin )
+ yyin = stdin;
+
+ if ( ! yyout )
+ yyout = stdout;
+
+ if ( ! YY_CURRENT_BUFFER ) {
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_load_buffer_state( );
+ }
+
+ while ( 1 ) /* loops until end-of-file is reached */
+ {
+ yy_cp = (yy_c_buf_p);
+
+ /* Support of yytext. */
+ *yy_cp = (yy_hold_char);
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+ yy_current_state = (yy_start);
+yy_match:
+ do
+ {
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 14 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ ++yy_cp;
+ }
+ while ( yy_base[yy_current_state] != 13 );
+
+yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if ( yy_act == 0 )
+ { /* have to back up */
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+do_action: /* This label is used only to access EOF actions. */
+
+ switch ( yy_act )
+ { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+ *yy_cp = (yy_hold_char);
+ yy_cp = (yy_last_accepting_cpos);
+ yy_current_state = (yy_last_accepting_state);
+ goto yy_find_action;
+
+case 1:
+YY_RULE_SETUP
+#line 56 "slc-lex.l"
+{
+ yylval.string = strdup ((const char *)yytext);
+ return LITERAL;
+ }
+ YY_BREAK
+case 2:
+YY_RULE_SETUP
+#line 60 "slc-lex.l"
+{ yylval.string = handle_string(); return STRING; }
+ YY_BREAK
+case 3:
+/* rule 3 can match eol */
+YY_RULE_SETUP
+#line 61 "slc-lex.l"
+{ ++lineno; }
+ YY_BREAK
+case 4:
+YY_RULE_SETUP
+#line 62 "slc-lex.l"
+{ handle_comment(); }
+ YY_BREAK
+case 5:
+YY_RULE_SETUP
+#line 63 "slc-lex.l"
+{ return *yytext; }
+ YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 64 "slc-lex.l"
+;
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 65 "slc-lex.l"
+ECHO;
+ YY_BREAK
+#line 790 "slc-lex.c"
+case YY_STATE_EOF(INITIAL):
+ yyterminate();
+
+ case YY_END_OF_BUFFER:
+ {
+ /* Amount of text matched not including the EOB char. */
+ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+ *yy_cp = (yy_hold_char);
+ YY_RESTORE_YY_MORE_OFFSET
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+ * consistency between YY_CURRENT_BUFFER and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+ * of the first EOB in the buffer, since yy_c_buf_p will
+ * already have been incremented past the NUL character
+ * (since all states make transitions on EOB to the
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+ (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+ * yy_get_previous_state() go ahead and do it
+ * for us because it doesn't know how to deal
+ * with the possibility of jamming (and we don't
+ * want to build jamming into it because then it
+ * will run more slowly).
+ */
+
+ yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+ if ( yy_next_state )
+ {
+ /* Consume the NUL. */
+ yy_cp = ++(yy_c_buf_p);
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else
+ {
+ yy_cp = (yy_c_buf_p);
+ goto yy_find_action;
+ }
+ }
+
+ else switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_END_OF_FILE:
+ {
+ (yy_did_buffer_switch_on_eof) = 0;
+
+ if ( yywrap( ) )
+ {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+ * yytext, we can now set up
+ * yy_c_buf_p so that if some total
+ * hoser (like flex itself) wants to
+ * call the scanner after we return the
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+ }
+
+ else
+ {
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) =
+ (yytext_ptr) + yy_amount_of_matched_text;
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+ (yy_c_buf_p) =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+ yy_current_state = yy_get_previous_state( );
+
+ yy_cp = (yy_c_buf_p);
+ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+ }
+
+ default:
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--no action found" );
+ } /* end of action switch */
+ } /* end of scanning one token */
+} /* end of yylex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ * EOB_ACT_LAST_MATCH -
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+ register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+ register char *source = (yytext_ptr);
+ register int number_to_move, i;
+ int ret_val;
+
+ if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed" );
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ { /* Don't try to fill the buffer, so this is an EOF. */
+ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+ */
+ return EOB_ACT_END_OF_FILE;
+ }
+
+ else
+ {
+ /* We matched some text prior to the EOB, first
+ * process it.
+ */
+ return EOB_ACT_LAST_MATCH;
+ }
+ }
+
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+ for ( i = 0; i < number_to_move; ++i )
+ *(dest++) = *(source++);
+
+ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+ else
+ {
+ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+ { /* Not enough room in the buffer - grow it. */
+
+ /* just a shorter name for the current buffer */
+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+ int yy_c_buf_p_offset =
+ (int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+ if ( b->yy_is_our_buffer )
+ {
+ int new_size = b->yy_buf_size * 2;
+
+ if ( new_size <= 0 )
+ b->yy_buf_size += b->yy_buf_size / 8;
+ else
+ b->yy_buf_size *= 2;
+
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ }
+ else
+ /* Can't grow it, we don't own it. */
+ b->yy_ch_buf = 0;
+
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow" );
+
+ (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+ num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ number_to_move - 1;
+
+ }
+
+ if ( num_to_read > YY_READ_BUF_SIZE )
+ num_to_read = YY_READ_BUF_SIZE;
+
+ /* Read in more data. */
+ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+ (yy_n_chars), num_to_read );
+
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ if ( (yy_n_chars) == 0 )
+ {
+ if ( number_to_move == YY_MORE_ADJ )
+ {
+ ret_val = EOB_ACT_END_OF_FILE;
+ yyrestart(yyin );
+ }
+
+ else
+ {
+ ret_val = EOB_ACT_LAST_MATCH;
+ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
+
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
+
+ (yy_n_chars) += number_to_move;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+ (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+ return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+ static yy_state_type yy_get_previous_state (void)
+{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+
+ yy_current_state = (yy_start);
+
+ for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 14 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ }
+
+ return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ * next_state = yy_try_NUL_trans( current_state );
+ */
+ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
+{
+ register int yy_is_jam;
+ register char *yy_cp = (yy_c_buf_p);
+
+ register YY_CHAR yy_c = 1;
+ if ( yy_accept[yy_current_state] )
+ {
+ (yy_last_accepting_state) = yy_current_state;
+ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+ if ( yy_current_state >= 14 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ yy_is_jam = (yy_current_state == 13);
+
+ return yy_is_jam ? 0 : yy_current_state;
+}
+
+ static void yyunput (int c, register char * yy_bp )
+{
+ register char *yy_cp;
+
+ yy_cp = (yy_c_buf_p);
+
+ /* undo effects of setting up yytext */
+ *yy_cp = (yy_hold_char);
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ { /* need to shift things up to make room */
+ /* +2 for EOB chars. */
+ register int number_to_move = (yy_n_chars) + 2;
+ register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+ register char *source =
+ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+ while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+ *--dest = *--source;
+
+ yy_cp += (int) (dest - source);
+ yy_bp += (int) (dest - source);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+ if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+ YY_FATAL_ERROR( "flex scanner push-back overflow" );
+ }
+
+ *--yy_cp = (char) c;
+
+ (yytext_ptr) = yy_bp;
+ (yy_hold_char) = *yy_cp;
+ (yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+ static int yyinput (void)
+#else
+ static int input (void)
+#endif
+
+{
+ int c;
+
+ *(yy_c_buf_p) = (yy_hold_char);
+
+ if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ /* This was really a NUL. */
+ *(yy_c_buf_p) = '\0';
+
+ else
+ { /* need more input */
+ int offset = (yy_c_buf_p) - (yytext_ptr);
+ ++(yy_c_buf_p);
+
+ switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+ * sees that we've accumulated a
+ * token and flags that we need to
+ * try matching the token before
+ * proceeding. But for input(),
+ * there's no matching to consider.
+ * So convert the EOB_ACT_LAST_MATCH
+ * to EOB_ACT_END_OF_FILE.
+ */
+
+ /* Reset buffer status. */
+ yyrestart(yyin );
+
+ /*FALLTHROUGH*/
+
+ case EOB_ACT_END_OF_FILE:
+ {
+ if ( yywrap( ) )
+ return 0;
+
+ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+#ifdef __cplusplus
+ return yyinput();
+#else
+ return input();
+#endif
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+ (yy_c_buf_p) = (yytext_ptr) + offset;
+ break;
+ }
+ }
+ }
+
+ c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
+ *(yy_c_buf_p) = '\0'; /* preserve yytext */
+ (yy_hold_char) = *++(yy_c_buf_p);
+
+ return c;
+}
+#endif /* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+ void yyrestart (FILE * input_file )
+{
+
+ if ( ! YY_CURRENT_BUFFER ){
+ yyensure_buffer_stack ();
+ YY_CURRENT_BUFFER_LVALUE =
+ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
+ yy_init_buffer(YY_CURRENT_BUFFER,input_file );
+ yy_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
+{
+
+ /* TODO. We should be able to replace this entire function body
+ * with
+ * yypop_buffer_state();
+ * yypush_buffer_state(new_buffer);
+ */
+ yyensure_buffer_stack ();
+ if ( YY_CURRENT_BUFFER == new_buffer )
+ return;
+
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+ yy_load_buffer_state( );
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void yy_load_buffer_state (void)
+{
+ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+ (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+ (yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
+{
+ YY_BUFFER_STATE b;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_buf_size = size;
+
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_is_our_buffer = 1;
+
+ yy_init_buffer(b,file );
+
+ return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with yy_create_buffer()
+ *
+ */
+ void yy_delete_buffer (YY_BUFFER_STATE b )
+{
+
+ if ( ! b )
+ return;
+
+ if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+ if ( b->yy_is_our_buffer )
+ yyfree((void *) b->yy_ch_buf );
+
+ yyfree((void *) b );
+}
+
+#ifndef __cplusplus
+extern int isatty (int );
+#endif /* __cplusplus */
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a yyrestart() or at EOF.
+ */
+ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
+
+{
+ int oerrno = errno;
+
+ yy_flush_buffer(b );
+
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
+
+ /* If b is the current buffer, then yy_init_buffer was _probably_
+ * called from yyrestart() or through yy_get_next_buffer.
+ * In that case, we don't want to reset the lineno or column.
+ */
+ if (b != YY_CURRENT_BUFFER){
+ b->yy_bs_lineno = 1;
+ b->yy_bs_column = 0;
+ }
+
+ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+
+ errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+ void yy_flush_buffer (YY_BUFFER_STATE b )
+{
+ if ( ! b )
+ return;
+
+ b->yy_n_chars = 0;
+
+ /* We always need two end-of-buffer characters. The first causes
+ * a transition to the end-of-buffer state. The second causes
+ * a jam in that state.
+ */
+ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+ b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+ b->yy_buf_pos = &b->yy_ch_buf[0];
+
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ if ( b == YY_CURRENT_BUFFER )
+ yy_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ * the current state. This function will allocate the stack
+ * if necessary.
+ * @param new_buffer The new state.
+ *
+ */
+void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+ if (new_buffer == NULL)
+ return;
+
+ yyensure_buffer_stack();
+
+ /* This block is copied from yy_switch_to_buffer. */
+ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+ *(yy_c_buf_p) = (yy_hold_char);
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+ /* Only push if top exists. Otherwise, replace top. */
+ if (YY_CURRENT_BUFFER)
+ (yy_buffer_stack_top)++;
+ YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+ /* copied from yy_switch_to_buffer. */
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ * The next element becomes the new top.
+ *
+ */
+void yypop_buffer_state (void)
+{
+ if (!YY_CURRENT_BUFFER)
+ return;
+
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ if ((yy_buffer_stack_top) > 0)
+ --(yy_buffer_stack_top);
+
+ if (YY_CURRENT_BUFFER) {
+ yy_load_buffer_state( );
+ (yy_did_buffer_switch_on_eof) = 1;
+ }
+}
+
+/* Allocates the stack if it does not exist.
+ * Guarantees space for at least one push.
+ */
+static void yyensure_buffer_stack (void)
+{
+ int num_to_alloc;
+
+ if (!(yy_buffer_stack)) {
+
+ /* First allocation is just for 2 elements, since we don't know if this
+ * scanner will even need a stack. We use 2 instead of 1 to avoid an
+ * immediate realloc on the next call.
+ */
+ num_to_alloc = 1;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
+ (num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+ (yy_buffer_stack_max) = num_to_alloc;
+ (yy_buffer_stack_top) = 0;
+ return;
+ }
+
+ if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+ /* Increase the buffer to prepare for a possible push. */
+ int grow_size = 8 /* arbitrary grow size */;
+
+ num_to_alloc = (yy_buffer_stack_max) + grow_size;
+ (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
+ ((yy_buffer_stack),
+ num_to_alloc * sizeof(struct yy_buffer_state*)
+ );
+
+ /* zero only the new slots.*/
+ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+ (yy_buffer_stack_max) = num_to_alloc;
+ }
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
+{
+ YY_BUFFER_STATE b;
+
+ if ( size < 2 ||
+ base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ base[size-1] != YY_END_OF_BUFFER_CHAR )
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+ b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+ b->yy_buf_pos = b->yy_ch_buf = base;
+ b->yy_is_our_buffer = 0;
+ b->yy_input_file = 0;
+ b->yy_n_chars = b->yy_buf_size;
+ b->yy_is_interactive = 0;
+ b->yy_at_bol = 1;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+ yy_switch_to_buffer(b );
+
+ return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to yylex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ * yy_scan_bytes() instead.
+ */
+YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
+{
+
+ return yy_scan_bytes(yystr,strlen(yystr) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len )
+{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+ int i;
+
+ /* Get memory for full buffer, including space for trailing EOB's. */
+ n = _yybytes_len + 2;
+ buf = (char *) yyalloc(n );
+ if ( ! buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+ for ( i = 0; i < _yybytes_len; ++i )
+ buf[i] = yybytes[i];
+
+ buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+
+ b = yy_scan_buffer(buf,n );
+ if ( ! b )
+ YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+ /* It's okay to grow etc. this buffer, and we should throw it
+ * away when we're done.
+ */
+ b->yy_is_our_buffer = 1;
+
+ return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+ (void) fprintf( stderr, "%s\n", msg );
+ exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+ int yyless_macro_arg = (n); \
+ YY_LESS_LINENO(yyless_macro_arg);\
+ yytext[yyleng] = (yy_hold_char); \
+ (yy_c_buf_p) = yytext + yyless_macro_arg; \
+ (yy_hold_char) = *(yy_c_buf_p); \
+ *(yy_c_buf_p) = '\0'; \
+ yyleng = yyless_macro_arg; \
+ } \
+ while ( 0 )
+
+/* Accessor methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int yyget_lineno (void)
+{
+
+ return yylineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *yyget_in (void)
+{
+ return yyin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *yyget_out (void)
+{
+ return yyout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int yyget_leng (void)
+{
+ return yyleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *yyget_text (void)
+{
+ return yytext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void yyset_lineno (int line_number )
+{
+
+ yylineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see yy_switch_to_buffer
+ */
+void yyset_in (FILE * in_str )
+{
+ yyin = in_str ;
+}
+
+void yyset_out (FILE * out_str )
+{
+ yyout = out_str ;
+}
+
+int yyget_debug (void)
+{
+ return yy_flex_debug;
+}
+
+void yyset_debug (int bdebug )
+{
+ yy_flex_debug = bdebug ;
+}
+
+static int yy_init_globals (void)
+{
+ /* Initialization is the same as for the non-reentrant scanner.
+ * This function is called from yylex_destroy(), so don't allocate here.
+ */
+
+ (yy_buffer_stack) = 0;
+ (yy_buffer_stack_top) = 0;
+ (yy_buffer_stack_max) = 0;
+ (yy_c_buf_p) = (char *) 0;
+ (yy_init) = 0;
+ (yy_start) = 0;
+
+/* Defined in main.c */
+#ifdef YY_STDINIT
+ yyin = stdin;
+ yyout = stdout;
+#else
+ yyin = (FILE *) 0;
+ yyout = (FILE *) 0;
+#endif
+
+ /* For future reference: Set errno on error, since we are called by
+ * yylex_init()
+ */
+ return 0;
+}
+
+/* yylex_destroy is for both reentrant and non-reentrant scanners. */
+int yylex_destroy (void)
+{
+
+ /* Pop the buffer stack, destroying each element. */
+ while(YY_CURRENT_BUFFER){
+ yy_delete_buffer(YY_CURRENT_BUFFER );
+ YY_CURRENT_BUFFER_LVALUE = NULL;
+ yypop_buffer_state();
+ }
+
+ /* Destroy the stack itself. */
+ yyfree((yy_buffer_stack) );
+ (yy_buffer_stack) = NULL;
+
+ /* Reset the globals. This is important in a non-reentrant scanner so the next time
+ * yylex() is called, initialization will occur. */
+ yy_init_globals( );
+
+ return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+ register int i;
+ for ( i = 0; i < n; ++i )
+ s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+ register int n;
+ for ( n = 0; s[n]; ++n )
+ ;
+
+ return n;
+}
+#endif
+
+void *yyalloc (yy_size_t size )
+{
+ return (void *) malloc( size );
+}
+
+void *yyrealloc (void * ptr, yy_size_t size )
+{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+ * because both ANSI C and C++ allow castless assignment from
+ * any pointer type to void*, and deal with argument conversions
+ * as though doing an assignment.
+ */
+ return (void *) realloc( (char *) ptr, size );
+}
+
+void yyfree (void * ptr )
+{
+ free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#line 65 "slc-lex.l"
+
+
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", filename, lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ error_flag++;
+}
+
+void
+yyerror (char *s)
+{
+ error_message("%s\n", s);
+}
+
+static void
+handle_comment(void)
+{
+ int c;
+ int start_lineno = lineno;
+ int level = 1;
+ int seen_star = 0;
+ int seen_slash = 0;
+ while((c = input()) != EOF) {
+ if(c == '/') {
+ if(seen_star) {
+ if(--level == 0)
+ return;
+ seen_star = 0;
+ continue;
+ }
+ seen_slash = 1;
+ continue;
+ }
+ if(seen_star && c == '/') {
+ if(--level == 0)
+ return;
+ seen_star = 0;
+ continue;
+ }
+ if(c == '*') {
+ if(seen_slash) {
+ level++;
+ seen_star = seen_slash = 0;
+ continue;
+ }
+ seen_star = 1;
+ continue;
+ }
+ seen_star = seen_slash = 0;
+ if(c == '\n') {
+ lineno++;
+ continue;
+ }
+ }
+ if(c == EOF)
+ error_message("unterminated comment, possibly started on line %d\n", start_lineno);
+}
+
+static char *
+handle_string(void)
+{
+ char x[1024];
+ int i = 0;
+ int c;
+ int quote = 0;
+ while((c = input()) != EOF){
+ if(quote) {
+ x[i++] = '\\';
+ x[i++] = c;
+ quote = 0;
+ continue;
+ }
+ if(c == '\n'){
+ error_message("unterminated string");
+ lineno++;
+ break;
+ }
+ if(c == '\\'){
+ quote++;
+ continue;
+ }
+ if(c == '\"')
+ break;
+ x[i++] = c;
+ }
+ x[i] = '\0';
+ return strdup(x);
+}
+
+int
+yywrap ()
+{
+ return 1;
+}
+
Added: vendor-crypto/heimdal/dist/lib/sl/slc-lex.l
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/slc-lex.l (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/slc-lex.l 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,164 @@
+%{
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: slc-lex.l,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#undef ECHO
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include "slc.h"
+#include "slc-gram.h"
+unsigned lineno = 1;
+
+static void handle_comment(void);
+static char * handle_string(void);
+
+#define YY_NO_UNPUT
+
+#undef ECHO
+
+%}
+%%
+[A-Za-z][-A-Za-z0-9_]* {
+ yylval.string = strdup ((const char *)yytext);
+ return LITERAL;
+ }
+"\"" { yylval.string = handle_string(); return STRING; }
+\n { ++lineno; }
+\/\* { handle_comment(); }
+[={}] { return *yytext; }
+[ \t] ;
+%%
+
+void
+error_message (const char *format, ...)
+{
+ va_list args;
+
+ va_start (args, format);
+ fprintf (stderr, "%s:%d: ", filename, lineno);
+ vfprintf (stderr, format, args);
+ va_end (args);
+ error_flag++;
+}
+
+void
+yyerror (char *s)
+{
+ error_message("%s\n", s);
+}
+
+static void
+handle_comment(void)
+{
+ int c;
+ int start_lineno = lineno;
+ int level = 1;
+ int seen_star = 0;
+ int seen_slash = 0;
+ while((c = input()) != EOF) {
+ if(c == '/') {
+ if(seen_star) {
+ if(--level == 0)
+ return;
+ seen_star = 0;
+ continue;
+ }
+ seen_slash = 1;
+ continue;
+ }
+ if(seen_star && c == '/') {
+ if(--level == 0)
+ return;
+ seen_star = 0;
+ continue;
+ }
+ if(c == '*') {
+ if(seen_slash) {
+ level++;
+ seen_star = seen_slash = 0;
+ continue;
+ }
+ seen_star = 1;
+ continue;
+ }
+ seen_star = seen_slash = 0;
+ if(c == '\n') {
+ lineno++;
+ continue;
+ }
+ }
+ if(c == EOF)
+ error_message("unterminated comment, possibly started on line %d\n", start_lineno);
+}
+
+static char *
+handle_string(void)
+{
+ char x[1024];
+ int i = 0;
+ int c;
+ int quote = 0;
+ while((c = input()) != EOF){
+ if(quote) {
+ x[i++] = '\\';
+ x[i++] = c;
+ quote = 0;
+ continue;
+ }
+ if(c == '\n'){
+ error_message("unterminated string");
+ lineno++;
+ break;
+ }
+ if(c == '\\'){
+ quote++;
+ continue;
+ }
+ if(c == '\"')
+ break;
+ x[i++] = c;
+ }
+ x[i] = '\0';
+ return strdup(x);
+}
+
+int
+yywrap ()
+{
+ return 1;
+}
Added: vendor-crypto/heimdal/dist/lib/sl/slc.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/slc.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/slc.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: slc.h,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $ */
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+struct assignment {
+ char *name;
+ enum { a_value, a_assignment } type;
+ union {
+ char *value;
+ struct assignment *assignment;
+ } u;
+ unsigned int lineno;
+ struct assignment *next;
+};
+
+extern char *filename;
+extern int error_flag;
+void error_message (const char *format, ...);
+int yylex(void);
+void yyerror (char *s);
+extern unsigned lineno;
Added: vendor-crypto/heimdal/dist/lib/sl/ss.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/ss.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/ss.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "sl_locl.h"
+#include <com_err.h>
+#include "ss.h"
+
+RCSID("$Id: ss.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct ss_subst {
+ char *name;
+ char *version;
+ char *info;
+ ss_request_table *table;
+};
+
+static struct ss_subst subsystems[2];
+static int num_subsystems;
+
+int
+ss_create_invocation(const char *subsystem,
+ const char *version,
+ const char *info,
+ ss_request_table *table,
+ int *code)
+{
+ struct ss_subst *ss;
+
+ if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) {
+ *code = 17;
+ return 0;
+ }
+ ss = &subsystems[num_subsystems];
+ ss->name = ss->version = ss->info = NULL;
+ if (subsystem != NULL) {
+ ss->name = strdup (subsystem);
+ if (ss->name == NULL) {
+ *code = ENOMEM;
+ return 0;
+ }
+ }
+ if (version != NULL) {
+ ss->version = strdup (version);
+ if (ss->version == NULL) {
+ *code = ENOMEM;
+ return 0;
+ }
+ }
+ if (info != NULL) {
+ ss->info = strdup (info);
+ if (ss->info == NULL) {
+ *code = ENOMEM;
+ return 0;
+ }
+ }
+ ss->table = table;
+ *code = 0;
+ return num_subsystems++;
+}
+
+void
+ss_error (int idx, long code, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ com_err_va (subsystems[idx].name, code, fmt, ap);
+ va_end(ap);
+}
+
+void
+ss_perror (int idx, long code, const char *msg)
+{
+ ss_error(idx, code, "%s", msg);
+}
+
+int
+ss_execute_command(int idx, char **argv)
+{
+ int argc = 0;
+ int ret;
+
+ while(argv[argc++]);
+ ret = sl_command(subsystems[idx].table, argc, argv);
+ if (ret == SL_BADCOMMAND)
+ return SS_ET_COMMAND_NOT_FOUND;
+ return 0;
+}
+
+int
+ss_execute_line (int idx, const char *line)
+{
+ char *buf = strdup(line);
+ int argc;
+ char **argv;
+ int ret;
+
+ if (buf == NULL)
+ return ENOMEM;
+ sl_make_argv(buf, &argc, &argv);
+ ret = sl_command(subsystems[idx].table, argc, argv);
+ free(buf);
+ if (ret == SL_BADCOMMAND)
+ return SS_ET_COMMAND_NOT_FOUND;
+ return 0;
+}
+
+int
+ss_listen (int idx)
+{
+ char *prompt = malloc(strlen(subsystems[idx].name) + 3);
+ if (prompt == NULL)
+ return ENOMEM;
+
+ strcpy(prompt, subsystems[idx].name);
+ strcat(prompt, ": ");
+ sl_loop(subsystems[idx].table, prompt);
+ free(prompt);
+ return 0;
+}
+
+int
+ss_list_requests(int argc, char **argv /* , int idx, void *info */)
+{
+ sl_help(subsystems[0 /* idx */].table, argc, argv);
+ return 0;
+}
+
+int
+ss_quit(int argc, char **argv)
+{
+ return 1;
+}
Added: vendor-crypto/heimdal/dist/lib/sl/ss.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/ss.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/ss.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 1998 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* $Id: ss.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+/* SS compatibility for SL */
+
+#ifndef __ss_h__
+#define __ss_h__
+
+#include <sl.h>
+
+typedef SL_cmd ss_request_table;
+
+int ss_create_invocation (const char *, const char *, const char*,
+ ss_request_table*, int*);
+
+void ss_error (int, long, const char*, ...);
+int ss_execute_command (int, char**);
+int ss_execute_line (int, const char*);
+int ss_list_requests (int argc, char**);
+int ss_listen (int);
+void ss_perror (int, long, const char*);
+int ss_quit (int argc, char**);
+
+#define SS_ET_COMMAND_NOT_FOUND (-1)
+
+#endif /* __ss_h__ */
Added: vendor-crypto/heimdal/dist/lib/sl/test_sl.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/sl/test_sl.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/sl/test_sl.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "sl_locl.h"
+
+RCSID("$Id: test_sl.c,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $");
+
+struct {
+ int ok;
+ const char *line;
+ int argc;
+ const char *argv[4];
+} lines[] = {
+ { 1, "", 1, { "" } },
+ { 1, "foo", 1, { "foo" } },
+ { 1, "foo bar", 2, { "foo", "bar" }},
+ { 1, "foo bar baz", 3, { "foo", "bar", "baz" }},
+ { 1, "foobar baz", 2, { "foobar", "baz" }},
+ { 1, " foo", 1, { "foo" } },
+ { 1, "foo ", 1, { "foo" } },
+ { 1, " foo ", 1, { "foo" } },
+ { 1, " foo bar", 2, { "foo", "bar" } },
+ { 1, "foo\\ bar", 1, { "foo bar" } },
+ { 1, "\"foo bar\"", 1, { "foo bar" } },
+ { 1, "\"foo\\ bar\"", 1, { "foo bar" } },
+ { 1, "\"foo\\\" bar\"", 1, { "foo\" bar" } },
+ { 1, "\"\"f\"\"oo\"\"", 1, { "foo" } },
+ { 1, "\"foobar\"baz", 1, { "foobarbaz" }},
+ { 1, "foo\tbar baz", 3, { "foo", "bar", "baz" }},
+ { 1, "\"foo bar\" baz", 2, { "foo bar", "baz" }},
+ { 1, "\"foo bar baz\"", 1, { "foo bar baz" }},
+ { 1, "\\\"foo bar baz", 3, { "\"foo", "bar", "baz" }},
+ { 1, "\\ foo bar baz", 3, { " foo", "bar", "baz" }},
+ { 0, "\\", 0, { "" }},
+ { 0, "\"", 0, { "" }}
+};
+
+int
+main(int argc, char **argv)
+{
+ int ret, i;
+
+ for (i = 0; i < sizeof(lines)/sizeof(lines[0]); i++) {
+ int j, rargc = 0;
+ char **rargv = NULL;
+ char *buf = strdup(lines[i].line);
+
+ ret = sl_make_argv(buf, &rargc, &rargv);
+ if (ret) {
+ if (!lines[i].ok)
+ goto next;
+ errx(1, "sl_make_argv test %d failed", i);
+ } else if (!lines[i].ok)
+ errx(1, "sl_make_argv passed test %d when it shouldn't", i);
+ if (rargc != lines[i].argc)
+ errx(1, "result argc (%d) != should be argc (%d) for test %d",
+ rargc, lines[i].argc, i);
+ for (j = 0; j < rargc; j++)
+ if (strcmp(rargv[j], lines[i].argv[j]) != 0)
+ errx(1, "result argv (%s) != should be argv (%s) for test %d",
+ rargv[j], lines[i].argv[j], i);
+ next:
+ free(buf);
+ free(rargv);
+ }
+
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/vers/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/lib/vers/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/lib/vers/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,74 @@
+2007-10-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: don't run local checks.
+
+2006-12-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print_version.c: Update (c).
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * make-print-version.c: include <string.h>
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * make-print-version.c: Avoid creating a file called --version.
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: fix spelling of build_HEADERZ
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add build_HEADERZ to EXTRA_DIST
+
+2005-01-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print_version.c: Happy New Year
+
+2004-01-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * print_version.c: add year 2004
+
+2003-01-02 Johan Danielsson <joda at pdc.kth.se>
+
+ * print_version.c: considerable clean up
+
+ * make-print-version.c: make VERSIONLIST a string instead of an
+ array of strings
+
+2002-08-28 Assar Westerlund <assar at kth.se>
+
+ * Makefile.am (make_print_version_LDADD): do not hardcode -ldes,
+ use $(LIB_des)
+
+2002-08-19 Johan Danielsson <joda at pdc.kth.se>
+
+ * print_version.c: add bug-report message
+
+2002-05-20 Johan Danielsson <joda at pdc.kth.se>
+
+ * print_version.c: update year
+
+2001-08-24 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am (make_print_version_LDADD): use = instead of += (be
+ nice to current automake)
+
+2001-04-21 Johan Danielsson <joda at pdc.kth.se>
+
+ * print_version.c: 2001
+
+2001-01-31 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: remove -static turning this into a convenience
+ library
+
+2000-11-15 Assar Westerlund <assar at sics.se>
+
+ * Makefile.am: make the library static and don't install it
+
+2000-07-08 Assar Westerlund <assar at sics.se>
+
+ * make-print-version.c (heimdal_version, krb4_version): const-ize,
+ based on thorpej at netbsd.org's change to NetBSD
Added: vendor-crypto/heimdal/dist/lib/vers/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/lib/vers/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/lib/vers/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,32 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+CLEANFILES = print_version.h
+
+noinst_LTLIBRARIES = libvers.la
+
+build_HEADERZ = vers.h
+
+CHECK_LOCAL = no-check-local
+
+noinst_PROGRAMS = make-print-version
+
+if KRB4
+if KRB5
+## need to link with des here; otherwise, if krb4 is shared the link
+## will fail with unresolved references
+make_print_version_LDADD = $(LIB_krb4) $(LIB_hcrypto)
+endif
+endif
+
+libvers_la_SOURCES = print_version.c
+
+print_version.lo: print_version.h
+
+print_version.h: make-print-version$(EXEEXT)
+ ./make-print-version$(EXEEXT) print_version.h
+
+make-print-version.o: $(top_builddir)/include/version.h
+
+EXTRA_DIST = $(build_HEADERZ)
Added: vendor-crypto/heimdal/dist/lib/vers/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/lib/vers/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/lib/vers/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,781 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+noinst_PROGRAMS = make-print-version$(EXEEXT)
+subdir = lib/vers
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libvers_la_LIBADD =
+am_libvers_la_OBJECTS = print_version.lo
+libvers_la_OBJECTS = $(am_libvers_la_OBJECTS)
+PROGRAMS = $(noinst_PROGRAMS)
+make_print_version_SOURCES = make-print-version.c
+make_print_version_OBJECTS = make-print-version.$(OBJEXT)
+am__DEPENDENCIES_1 =
+ at KRB4_TRUE@@KRB5_TRUE at make_print_version_DEPENDENCIES = \
+ at KRB4_TRUE@@KRB5_TRUE@ $(am__DEPENDENCIES_1) \
+ at KRB4_TRUE@@KRB5_TRUE@ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libvers_la_SOURCES) make-print-version.c
+DIST_SOURCES = $(libvers_la_SOURCES) make-print-version.c
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+CLEANFILES = print_version.h
+noinst_LTLIBRARIES = libvers.la
+build_HEADERZ = vers.h
+CHECK_LOCAL = no-check-local
+ at KRB4_TRUE@@KRB5_TRUE at make_print_version_LDADD = $(LIB_krb4) $(LIB_hcrypto)
+libvers_la_SOURCES = print_version.c
+EXTRA_DIST = $(build_HEADERZ)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/vers/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps lib/vers/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libvers.la: $(libvers_la_OBJECTS) $(libvers_la_DEPENDENCIES)
+ $(LINK) $(libvers_la_OBJECTS) $(libvers_la_LIBADD) $(LIBS)
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+make-print-version$(EXEEXT): $(make_print_version_OBJECTS) $(make_print_version_DEPENDENCIES)
+ @rm -f make-print-version$(EXEEXT)
+ $(LINK) $(make_print_version_OBJECTS) $(make_print_version_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-noinstPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \
+ clean clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-noinstPROGRAMS ctags dist-hook distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am \
+ install-data-hook install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+print_version.lo: print_version.h
+
+print_version.h: make-print-version$(EXEEXT)
+ ./make-print-version$(EXEEXT) print_version.h
+
+make-print-version.o: $(top_builddir)/include/version.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/lib/vers/make-print-version.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/vers/make-print-version.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/vers/make-print-version.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1998 - 2003 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: make-print-version.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#ifdef KRB5
+extern const char *heimdal_version;
+#endif
+#ifdef KRB4
+extern const char *krb4_version;
+#endif
+#include <version.h>
+
+int
+main(int argc, char **argv)
+{
+ FILE *f;
+ if(argc != 2)
+ return 1;
+ if (strcmp(argv[1], "--version") == 0) {
+ printf("some version");
+ return 0;
+ }
+ f = fopen(argv[1], "w");
+ if(f == NULL)
+ return 1;
+ fprintf(f, "#define VERSIONLIST \"");
+#ifdef KRB5
+ fprintf(f, "%s", heimdal_version);
+#endif
+#ifdef KRB4
+#ifdef KRB5
+ fprintf(f, ", ");
+#endif
+ fprintf(f, "%s", krb4_version);
+#endif
+ fprintf(f, "\"\n");
+ fclose(f);
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/lib/vers/print_version.c
===================================================================
--- vendor-crypto/heimdal/dist/lib/vers/print_version.c (rev 0)
+++ vendor-crypto/heimdal/dist/lib/vers/print_version.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 1998 - 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: print_version.c,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $");
+#endif
+#include "roken.h"
+
+#include "print_version.h"
+
+void
+print_version(const char *progname)
+{
+ const char *package_list = VERSIONLIST;
+
+ if(progname == NULL)
+ progname = getprogname();
+
+ if(*package_list == '\0')
+ package_list = "no version information";
+ fprintf(stderr, "%s (%s)\n", progname, package_list);
+ fprintf(stderr, "Copyright 1995-2008 Kungliga Tekniska H\xF6gskolan\n");
+ fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT);
+}
Added: vendor-crypto/heimdal/dist/lib/vers/vers.h
===================================================================
--- vendor-crypto/heimdal/dist/lib/vers/vers.h (rev 0)
+++ vendor-crypto/heimdal/dist/lib/vers/vers.h 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id: vers.h,v 1.1.1.3 2012-07-21 15:09:08 laffer1 Exp $ */
+
+#ifndef __VERS_H__
+#define __VERS_H__
+
+void print_version(const char *);
+
+#endif /* __VERS_H__ */
Added: vendor-crypto/heimdal/dist/ltmain.sh
===================================================================
--- vendor-crypto/heimdal/dist/ltmain.sh (rev 0)
+++ vendor-crypto/heimdal/dist/ltmain.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6863 @@
+# ltmain.sh - Provide generalized library-building support services.
+# NOTE: Changing this file will not affect anything until you rerun configure.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+# Originally by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+basename="s,^.*/,,g"
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+progname=`echo "$progpath" | $SED $basename`
+modename="$progname"
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=1.5.22
+TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)"
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes.
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+# Check that we have a working $echo.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
+ # Yippee, $echo works!
+ :
+else
+ # Restart under the correct shell, and then maybe $echo will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+default_mode=
+help="Try \`$progname --help' for more information."
+magic="%%%MAGIC variable%%%"
+mkdir="mkdir"
+mv="mv -f"
+rm="rm -f"
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ SP2NL='tr \040 \012'
+ NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ SP2NL='tr \100 \n'
+ NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+# NLS nuisances.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+# We save the old values to restore during execute mode.
+if test "${LC_ALL+set}" = set; then
+ save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
+fi
+if test "${LANG+set}" = set; then
+ save_LANG="$LANG"; LANG=C; export LANG
+fi
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ $echo "$modename: not configured to build any kind of library" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+fi
+
+# Global variables.
+mode=$default_mode
+nonopt=
+prev=
+prevopt=
+run=
+show="$echo"
+show_help=
+execute_dlfiles=
+duplicate_deps=no
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+
+#####################################
+# Shell function definitions:
+# This seems to be the best place for them
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $mkdir "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || {
+ $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+ exit $EXIT_FAILURE
+ }
+ fi
+
+ $echo "X$my_tmpdir" | $Xsed
+}
+
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \
+ $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 | \
+ $SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'`
+ case $win32_nmres in
+ import*) win32_libid_type="x86 archive import";;
+ *) win32_libid_type="x86 archive static";;
+ esac
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $echo $win32_libid_type
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ CC_quoted="$CC_quoted $arg"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ CC_quoted="$CC_quoted $arg"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ $echo "$modename: unable to infer tagged configuration"
+ $echo "$modename: specify a tag with \`--tag'" 1>&2
+ exit $EXIT_FAILURE
+# else
+# $echo "$modename: using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+
+ $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
+ $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
+ exit $EXIT_FAILURE
+ fi
+}
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+ my_status=""
+
+ $show "${rm}r $my_gentop"
+ $run ${rm}r "$my_gentop"
+ $show "$mkdir $my_gentop"
+ $run $mkdir "$my_gentop"
+ my_status=$?
+ if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then
+ exit $my_status
+ fi
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
+ my_xdir="$my_gentop/$my_xlib"
+
+ $show "${rm}r $my_xdir"
+ $run ${rm}r "$my_xdir"
+ $show "$mkdir $my_xdir"
+ $run $mkdir "$my_xdir"
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then
+ exit $exit_status
+ fi
+ case $host in
+ *-darwin*)
+ $show "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ if test -z "$run"; then
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'`
+ darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ $show "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we have a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ lipo -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ ${rm}r unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd "$darwin_orig_dir"
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ fi # $run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+ func_extract_archives_result="$my_oldobjs"
+}
+# End of Shell function definitions
+#####################################
+
+# Darwin sucks
+eval std_shrext=\"$shrext_cmds\"
+
+disable_libs=no
+
+# Parse our command line options once, thoroughly.
+while test "$#" -gt 0
+do
+ arg="$1"
+ shift
+
+ case $arg in
+ -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ execute_dlfiles)
+ execute_dlfiles="$execute_dlfiles $arg"
+ ;;
+ tag)
+ tagname="$arg"
+ preserve_args="${preserve_args}=$arg"
+
+ # Check whether tagname contains only valid characters
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ $echo "$progname: invalid tag name: $tagname" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $tagname in
+ CC)
+ # Don't test for the "default" C tag, as we know, it's there, but
+ # not specially marked.
+ ;;
+ *)
+ if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then
+ taglist="$taglist $tagname"
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`"
+ else
+ $echo "$progname: ignoring unknown tag $tagname" 1>&2
+ fi
+ ;;
+ esac
+ ;;
+ *)
+ eval "$prev=\$arg"
+ ;;
+ esac
+
+ prev=
+ prevopt=
+ continue
+ fi
+
+ # Have we seen a non-optional argument yet?
+ case $arg in
+ --help)
+ show_help=yes
+ ;;
+
+ --version)
+ $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
+ $echo
+ $echo "Copyright (C) 2005 Free Software Foundation, Inc."
+ $echo "This is free software; see the source for copying conditions. There is NO"
+ $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+ exit $?
+ ;;
+
+ --config)
+ ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath"
+ done
+ exit $?
+ ;;
+
+ --debug)
+ $echo "$progname: enabling shell trace mode"
+ set -x
+ preserve_args="$preserve_args $arg"
+ ;;
+
+ --dry-run | -n)
+ run=:
+ ;;
+
+ --features)
+ $echo "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $echo "enable shared libraries"
+ else
+ $echo "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $echo "enable static libraries"
+ else
+ $echo "disable static libraries"
+ fi
+ exit $?
+ ;;
+
+ --finish) mode="finish" ;;
+
+ --mode) prevopt="--mode" prev=mode ;;
+ --mode=*) mode="$optarg" ;;
+
+ --preserve-dup-deps) duplicate_deps="yes" ;;
+
+ --quiet | --silent)
+ show=:
+ preserve_args="$preserve_args $arg"
+ ;;
+
+ --tag)
+ prevopt="--tag"
+ prev=tag
+ preserve_args="$preserve_args --tag"
+ ;;
+ --tag=*)
+ set tag "$optarg" ${1+"$@"}
+ shift
+ prev=tag
+ preserve_args="$preserve_args --tag"
+ ;;
+
+ -dlopen)
+ prevopt="-dlopen"
+ prev=execute_dlfiles
+ ;;
+
+ -*)
+ $echo "$modename: unrecognized option \`$arg'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+
+ *)
+ nonopt="$arg"
+ break
+ ;;
+ esac
+done
+
+if test -n "$prevopt"; then
+ $echo "$modename: option \`$prevopt' requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+fi
+
+case $disable_libs in
+no)
+ ;;
+shared)
+ build_libtool_libs=no
+ build_old_libs=yes
+ ;;
+static)
+ build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+ ;;
+esac
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+if test -z "$show_help"; then
+
+ # Infer the operation mode.
+ if test -z "$mode"; then
+ $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2
+ $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2
+ case $nonopt in
+ *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*)
+ mode=link
+ for arg
+ do
+ case $arg in
+ -c)
+ mode=compile
+ break
+ ;;
+ esac
+ done
+ ;;
+ *db | *dbx | *strace | *truss)
+ mode=execute
+ ;;
+ *install*|cp|mv)
+ mode=install
+ ;;
+ *rm)
+ mode=uninstall
+ ;;
+ *)
+ # If we have no mode, but dlfiles were specified, then do execute mode.
+ test -n "$execute_dlfiles" && mode=execute
+
+ # Just use the default operation mode.
+ if test -z "$mode"; then
+ if test -n "$nonopt"; then
+ $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
+ else
+ $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
+ fi
+ fi
+ ;;
+ esac
+ fi
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ $echo "$modename: unrecognized option \`-dlopen'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$modename --help --mode=$mode' for more information."
+
+ # These modes are in order of execution frequency so that they run quickly.
+ case $mode in
+ # libtool compile mode
+ compile)
+ modename="$modename: compile"
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+
+ for arg
+ do
+ case $arg_mode in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ if test -n "$libobj" ; then
+ $echo "$modename: you cannot specify \`-o' more than once" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ arg_mode=target
+ continue
+ ;;
+
+ -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+
+ # Double-quote args containing other shell metacharacters.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ lastarg="$lastarg $arg"
+ done
+ IFS="$save_ifs"
+ lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ * )
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
+
+ case $lastarg in
+ # Double-quote args containing other shell metacharacters.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, and some SunOS ksh mistreat backslash-escaping
+ # in scan sets (worked around with variable expansion),
+ # and furthermore cannot handle '|' '&' '(' ')' in scan sets
+ # at all, so we specify them separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ lastarg="\"$lastarg\""
+ ;;
+ esac
+
+ base_compile="$base_compile $lastarg"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ $echo "$modename: you must specify an argument for -Xcompile"
+ exit $EXIT_FAILURE
+ ;;
+ target)
+ $echo "$modename: you must specify a target with \`-o'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ *)
+ # Get the name of the library object.
+ [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ xform='[cCFSifmso]'
+ case $libobj in
+ *.ada) xform=ada ;;
+ *.adb) xform=adb ;;
+ *.ads) xform=ads ;;
+ *.asm) xform=asm ;;
+ *.c++) xform=c++ ;;
+ *.cc) xform=cc ;;
+ *.ii) xform=ii ;;
+ *.class) xform=class ;;
+ *.cpp) xform=cpp ;;
+ *.cxx) xform=cxx ;;
+ *.f90) xform=f90 ;;
+ *.for) xform=for ;;
+ *.java) xform=java ;;
+ esac
+
+ libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
+
+ case $libobj in
+ *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
+ *)
+ $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -static)
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
+ case $qlibobj in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ qlibobj="\"$qlibobj\"" ;;
+ esac
+ test "X$libobj" != "X$qlibobj" \
+ && $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' &()|`$[]' \
+ && $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
+ objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+ xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$obj"; then
+ xdir=
+ else
+ xdir=$xdir/
+ fi
+ lobj=${xdir}$objdir/$objname
+
+ if test -z "$base_compile"; then
+ $echo "$modename: you must specify a compilation command" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ $run $rm $removelist
+ trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ removelist="$removelist $output_obj $lockfile"
+ trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $run ln "$progpath" "$lockfile" 2>/dev/null; do
+ $show "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $echo "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+ $echo "$srcfile" > "$lockfile"
+ fi
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
+ case $qsrcfile in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ qsrcfile="\"$qsrcfile\"" ;;
+ esac
+
+ $run $rm "$libobj" "${libobj}T"
+
+ # Create a libtool object file (analogous to a ".la" file),
+ # but don't create it if we're doing a dry run.
+ test -z "$run" && cat > ${libobj}T <<EOF
+# $libobj - a libtool object file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+EOF
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ if test ! -d "${xdir}$objdir"; then
+ $show "$mkdir ${xdir}$objdir"
+ $run $mkdir ${xdir}$objdir
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "${xdir}$objdir"; then
+ exit $exit_status
+ fi
+ fi
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ $run $rm "$lobj" "$output_obj"
+
+ $show "$command"
+ if $run eval "$command"; then :
+ else
+ test -n "$output_obj" && $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ $show "$mv $output_obj $lobj"
+ if $run $mv $output_obj $lobj; then :
+ else
+ error=$?
+ $run $rm $removelist
+ exit $error
+ fi
+ fi
+
+ # Append the name of the PIC object to the libtool object file.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object='$objdir/$objname'
+
+EOF
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ else
+ # No PIC object so indicate it doesn't exist in the libtool
+ # object file.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object=none
+
+EOF
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ $run $rm "$obj" "$output_obj"
+ $show "$command"
+ if $run eval "$command"; then :
+ else
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $run $rm $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ $show "$mv $output_obj $obj"
+ if $run $mv $output_obj $obj; then :
+ else
+ error=$?
+ $run $rm $removelist
+ exit $error
+ fi
+ fi
+
+ # Append the name of the non-PIC object the libtool object file.
+ # Only append if the libtool object file exists.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object='$objname'
+
+EOF
+ else
+ # Append the name of the non-PIC object the libtool object file.
+ # Only append if the libtool object file exists.
+ test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object=none
+
+EOF
+ fi
+
+ $run $mv "${libobj}T" "${libobj}"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ $run $rm "$lockfile"
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool link mode
+ link | relink)
+ modename="$modename: link"
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args="$nonopt"
+ base_compile="$nonopt $@"
+ compile_command="$nonopt"
+ finalize_command="$nonopt"
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ notinst_path= # paths that contain not-installed libtool libraries
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -all-static | -static)
+ if test "X$arg" = "X-all-static"; then
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ else
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=built
+ fi
+ build_libtool_libs=no
+ build_old_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
+ ;;
+ *) qarg=$arg ;;
+ esac
+ libtool_args="$libtool_args $qarg"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ compile_command="$compile_command @OUTPUT@"
+ finalize_command="$finalize_command @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ compile_command="$compile_command @SYMFILE@"
+ finalize_command="$finalize_command @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ if test ! -f "$arg"; then
+ $echo "$modename: symbol file \`$arg' does not exist"
+ exit $EXIT_FAILURE
+ fi
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat $save_arg`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ # If there is no directory component, then add one.
+ case $arg in
+ */* | *\\*) . $arg ;;
+ *) . ./$arg ;;
+ esac
+
+ if test -z "$pic_object" || \
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none && \
+ test "$non_pic_object" = none; then
+ $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ libobjs="$libobjs $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if test -z "$run"; then
+ $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+ exit $EXIT_FAILURE
+ else
+ # Dry-run case.
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+ non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+ libobjs="$libobjs $pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ fi
+ done
+ else
+ $echo "$modename: link input file \`$save_arg' does not exist"
+ exit $EXIT_FAILURE
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ $echo "$modename: only absolute run-paths are allowed" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ compile_command="$compile_command $qarg"
+ finalize_command="$finalize_command $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ compile_command="$compile_command $wl$qarg"
+ finalize_command="$finalize_command $wl$qarg"
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ compile_command="$compile_command $qarg"
+ finalize_command="$finalize_command $qarg"
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ darwin_framework|darwin_framework_skip)
+ test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ prev=
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ compile_command="$compile_command $link_static_flag"
+ finalize_command="$finalize_command $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
+ continue
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ $echo "$modename: more than one -exported-symbols argument is not allowed"
+ exit $EXIT_FAILURE
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework|-arch|-isysroot)
+ case " $CC " in
+ *" ${arg} ${1} "* | *" ${arg} ${1} "*)
+ prev=darwin_framework_skip ;;
+ *) compiler_flags="$compiler_flags $arg"
+ prev=darwin_framework ;;
+ esac
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
+ absdir="$dir"
+ notinst_path="$notinst_path $dir"
+ fi
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs -framework System"
+ continue
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ test "X$arg" = "X-lc" && continue
+ ;;
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ -model)
+ compile_command="$compile_command $arg"
+ compiler_flags="$compiler_flags $arg"
+ finalize_command="$finalize_command $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+ compiler_flags="$compiler_flags $arg"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m* pass through architecture-specific compiler args for GCC
+ # -m*, -t[45]*, -txscale* pass through architecture-specific
+ # compiler args for GCC
+ # -pg pass through profiling flag for GCC
+ # @file GCC response files
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*|-pg| \
+ -t[45]*|-txscale*|@*)
+
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ compiler_flags="$compiler_flags $arg"
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # in order for the loader to find any dlls it needs.
+ $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
+ $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ $echo "$modename: only absolute run-paths are allowed" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -static)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -Wc,*)
+ args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ case $flag in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ flag="\"$flag\""
+ ;;
+ esac
+ arg="$arg $wl$flag"
+ compiler_flags="$compiler_flags $flag"
+ done
+ IFS="$save_ifs"
+ arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+ ;;
+
+ -Wl,*)
+ args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ case $flag in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ flag="\"$flag\""
+ ;;
+ esac
+ arg="$arg $wl$flag"
+ compiler_flags="$compiler_flags $wl$flag"
+ linker_flags="$linker_flags $flag"
+ done
+ IFS="$save_ifs"
+ arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ # If there is no directory component, then add one.
+ case $arg in
+ */* | *\\*) . $arg ;;
+ *) . ./$arg ;;
+ esac
+
+ if test -z "$pic_object" || \
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none && \
+ test "$non_pic_object" = none; then
+ $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ libobjs="$libobjs $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if test -z "$run"; then
+ $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+ exit $EXIT_FAILURE
+ else
+ # Dry-run case.
+
+ # Extract subdirectory from the argument.
+ xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$xdir" = "X$arg"; then
+ xdir=
+ else
+ xdir="$xdir/"
+ fi
+
+ pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+ non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+ libobjs="$libobjs $pic_object"
+ non_pic_objects="$non_pic_objects $non_pic_object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ fi
+ done # argument parsing loop
+
+ if test -n "$prev"; then
+ $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ compile_command="$compile_command $arg"
+ finalize_command="$finalize_command $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$output_objdir" = "X$output"; then
+ output_objdir="$objdir"
+ else
+ output_objdir="$output_objdir/$objdir"
+ fi
+ # Create the object directory.
+ if test ! -d "$output_objdir"; then
+ $show "$mkdir $output_objdir"
+ $run $mkdir $output_objdir
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then
+ exit $exit_status
+ fi
+ fi
+
+ # Determine the type of output
+ case $output in
+ "")
+ $echo "$modename: you must specify an output file" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ case $host in
+ *cygwin* | *mingw* | *pw32*)
+ # don't eliminate duplications in $postdeps and $predeps
+ duplicate_compiler_generated_deps=yes
+ ;;
+ *)
+ duplicate_compiler_generated_deps=$duplicate_deps
+ ;;
+ esac
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ case $linkmode in
+ lib)
+ passes="conv link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+ for pass in $passes; do
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+ esac
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ fi
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2
+ continue
+ fi
+ name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
+ for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ else # deplib is a libtool library
+ # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+ # We need to do some special things here, and not later.
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $deplib "*)
+ if (${SED} -e '2q' $lib |
+ grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ library_names=
+ old_library=
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+ for l in $old_library $library_names; do
+ ll="$l"
+ done
+ if test "X$ll" = "X$old_library" ; then # only static version available
+ found=no
+ ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$ladir" = "X$lib" && ladir="."
+ lib=$ladir/$old_library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ fi
+ fi
+ ;;
+ *) ;;
+ esac
+ fi
+ fi
+ ;; # -l
+ -L*)
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+ ;;
+ *)
+ $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2
+ ;;
+ esac # linkmode
+ continue
+ ;; # -L
+ -R*)
+ if test "$pass" = link; then
+ dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
+ # Make sure the xrpath contains only unique directories.
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ fi
+ deplibs="$deplib $deplibs"
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ case $linkmode in
+ lib)
+ valid_a_lib=no
+ case $deplibs_check_method in
+ match_pattern*)
+ set dummy $deplibs_check_method
+ match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ if eval $echo \"$deplib\" 2>/dev/null \
+ | $SED 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ valid_a_lib=yes
+ fi
+ ;;
+ pass_all)
+ valid_a_lib=yes
+ ;;
+ esac
+ if test "$valid_a_lib" != yes; then
+ $echo
+ $echo "*** Warning: Trying to link with static lib archive $deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because the file extensions .$libext of this argument makes me believe"
+ $echo "*** that it is just a static archive that I should not used here."
+ else
+ $echo
+ $echo "*** Warning: Linking the shared library $output against the"
+ $echo "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ fi
+ continue
+ ;;
+ prog)
+ if test "$pass" != link; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ continue
+ ;;
+ esac # linkmode
+ ;; # *.$libext
+ *.lo | *.$objext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ elif test "$linkmode" = prog; then
+ if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ # If there is no dlopen support or we're linking statically,
+ # we need to preload.
+ newdlprefiles="$newdlprefiles $deplib"
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ newdlfiles="$newdlfiles $deplib"
+ fi
+ fi
+ continue
+ ;;
+ %DEPLIBS%)
+ alldeplibs=yes
+ continue
+ ;;
+ esac # case $deplib
+ if test "$found" = yes || test -f "$lib"; then :
+ else
+ $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$ladir" = "X$lib" && ladir="."
+
+ dlname=
+ dlopen=
+ dlpreopen=
+ libdir=
+ library_names=
+ old_library=
+ # If the library was installed with an old release of libtool,
+ # it will not redefine variables installed, or shouldnotlink
+ installed=yes
+ shouldnotlink=no
+ avoidtemprpath=
+
+
+ # Read the .la file
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan" ||
+ { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+ test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ fi
+
+ if test "$pass" = conv; then
+ # Only check for convenience libraries
+ deplibs="$lib $deplibs"
+ if test -z "$libdir"; then
+ if test -z "$old_library"; then
+ $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # It is a libtool convenience library, so add in its objects.
+ convenience="$convenience $ladir/$objdir/$old_library"
+ old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+ elif test "$linkmode" != prog && test "$linkmode" != lib; then
+ $echo "$modename: \`$lib' is not a convenience library" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ continue
+ fi # $pass = conv
+
+
+ # Get the name of the library we link against.
+ linklib=
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ if test -z "$linklib"; then
+ $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # This library was specified with -dlopen.
+ if test "$pass" = dlopen; then
+ if test -z "$libdir"; then
+ $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test -z "$dlname" ||
+ test "$dlopen_support" != yes ||
+ test "$build_libtool_libs" = no; then
+ # If there is no dlname, no dlopen support or we're linking
+ # statically, we need to preload. We also need to preload any
+ # dependent libraries so libltdl's deplib preloader doesn't
+ # bomb out in the load deplibs phase.
+ dlprefiles="$dlprefiles $lib $dependency_libs"
+ else
+ newdlfiles="$newdlfiles $lib"
+ fi
+ continue
+ fi # $pass = dlopen
+
+ # We need an absolute path.
+ case $ladir in
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ *)
+ abs_ladir=`cd "$ladir" && pwd`
+ if test -z "$abs_ladir"; then
+ $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
+ $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
+ abs_ladir="$ladir"
+ fi
+ ;;
+ esac
+ laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+
+ # Find the relevant object directory and library name.
+ if test "X$installed" = Xyes; then
+ if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ $echo "$modename: warning: library \`$lib' was moved." 1>&2
+ dir="$ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ else
+ dir="$libdir"
+ absdir="$libdir"
+ fi
+ test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ else
+ if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ dir="$ladir"
+ absdir="$abs_ladir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ else
+ dir="$ladir/$objdir"
+ absdir="$abs_ladir/$objdir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ fi
+ fi # $installed = yes
+ name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+
+ # This library was specified with -dlpreopen.
+ if test "$pass" = dlpreopen; then
+ if test -z "$libdir"; then
+ $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ newdlprefiles="$newdlprefiles $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ newdlprefiles="$newdlprefiles $dir/$dlname"
+ else
+ newdlprefiles="$newdlprefiles $dir/$linklib"
+ fi
+ fi # $pass = dlpreopen
+
+ if test -z "$libdir"; then
+ # Link the convenience library
+ if test "$linkmode" = lib; then
+ deplibs="$dir/$old_library $deplibs"
+ elif test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$dir/$old_library $compile_deplibs"
+ finalize_deplibs="$dir/$old_library $finalize_deplibs"
+ else
+ deplibs="$lib $deplibs" # used for prog,scan pass
+ fi
+ continue
+ fi
+
+
+ if test "$linkmode" = prog && test "$pass" != link; then
+ newlib_search_path="$newlib_search_path $ladir"
+ deplibs="$lib $deplibs"
+
+ linkalldeplibs=no
+ if test "$link_all_deplibs" != no || test -z "$library_names" ||
+ test "$build_libtool_libs" = no; then
+ linkalldeplibs=yes
+ fi
+
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
+ esac
+ # Need to link against all dependency_libs?
+ if test "$linkalldeplibs" = yes; then
+ deplibs="$deplib $deplibs"
+ else
+ # Need to hardcode shared library paths
+ # or/and link against static libraries
+ newdependency_libs="$deplib $newdependency_libs"
+ fi
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done # for deplib
+ continue
+ fi # $linkmode = prog...
+
+ if test "$linkmode,$pass" = "prog,link"; then
+ if test -n "$library_names" &&
+ { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
+ # We need to hardcode the library path
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ # Make sure the rpath contains only unique directories.
+ case "$temp_rpath " in
+ *" $dir "*) ;;
+ *" $absdir "*) ;;
+ *) temp_rpath="$temp_rpath $absdir" ;;
+ esac
+ fi
+
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi # $linkmode,$pass = prog,link...
+
+ if test "$alldeplibs" = yes &&
+ { test "$deplibs_check_method" = pass_all ||
+ { test "$build_libtool_libs" = yes &&
+ test -n "$library_names"; }; }; then
+ # We only need to search for static libraries
+ continue
+ fi
+ fi
+
+ link_static=no # Whether the deplib will be linked statically
+ use_static_libs=$prefer_static_libs
+ if test "$use_static_libs" = built && test "$installed" = yes ; then
+ use_static_libs=no
+ fi
+ if test -n "$library_names" &&
+ { test "$use_static_libs" = no || test -z "$old_library"; }; then
+ if test "$installed" = no; then
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=yes
+ fi
+ # This is a shared library
+
+ # Warn about portability, can't link against -module's on
+ # some systems (darwin)
+ if test "$shouldnotlink" = yes && test "$pass" = link ; then
+ $echo
+ if test "$linkmode" = prog; then
+ $echo "*** Warning: Linking the executable $output against the loadable module"
+ else
+ $echo "*** Warning: Linking the shared library $output against the loadable module"
+ fi
+ $echo "*** $linklib is not portable!"
+ fi
+ if test "$linkmode" = lib &&
+ test "$hardcode_into_libs" = yes; then
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi
+
+ if test -n "$old_archive_from_expsyms_cmds"; then
+ # figure out the soname
+ set dummy $library_names
+ realname="$2"
+ shift; shift
+ libname=`eval \\$echo \"$libname_spec\"`
+ # use dlname if we got it. it's perfectly good, no?
+ if test -n "$dlname"; then
+ soname="$dlname"
+ elif test -n "$soname_spec"; then
+ # bleh windows
+ case $host in
+ *cygwin* | mingw*)
+ major=`expr $current - $age`
+ versuffix="-$major"
+ ;;
+ esac
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+
+ # Make a new name for the extract_expsyms_cmds to use
+ soroot="$soname"
+ soname=`$echo $soroot | ${SED} -e 's/^.*\///'`
+ newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a"
+
+ # If the library has no export list, then create one now
+ if test -f "$output_objdir/$soname-def"; then :
+ else
+ $show "extracting exported symbol list from \`$soname'"
+ save_ifs="$IFS"; IFS='~'
+ cmds=$extract_expsyms_cmds
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ # Create $newlib
+ if test -f "$output_objdir/$newlib"; then :; else
+ $show "generating import library for \`$soname'"
+ save_ifs="$IFS"; IFS='~'
+ cmds=$old_archive_from_expsyms_cmds
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+ # make sure the library variables are pointing to the new library
+ dir=$output_objdir
+ linklib=$newlib
+ fi # test -n "$old_archive_from_expsyms_cmds"
+
+ if test "$linkmode" = prog || test "$mode" != relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ lib_linked=yes
+ case $hardcode_action in
+ immediate | unsupported)
+ if test "$hardcode_direct" = no; then
+ add="$dir/$linklib"
+ case $host in
+ *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+ *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+ *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+ *-*-unixware7*) add_dir="-L$dir" ;;
+ *-*-darwin* )
+ # if the lib is a module then we can not link against
+ # it, someone is ignoring the new warnings I added
+ if /usr/bin/file -L $add 2> /dev/null |
+ $EGREP ": [^:]* bundle" >/dev/null ; then
+ $echo "** Warning, lib $linklib is a module, not a shared library"
+ if test -z "$old_library" ; then
+ $echo
+ $echo "** And there doesn't seem to be a static archive available"
+ $echo "** The link will probably fail, sorry"
+ else
+ add="$dir/$old_library"
+ fi
+ fi
+ esac
+ elif test "$hardcode_minus_L" = no; then
+ case $host in
+ *-*-sunos*) add_shlibpath="$dir" ;;
+ esac
+ add_dir="-L$dir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = no; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ relink)
+ if test "$hardcode_direct" = yes; then
+ add="$dir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$dir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ *) lib_linked=no ;;
+ esac
+
+ if test "$lib_linked" != yes; then
+ $echo "$modename: configuration error: unsupported hardcode properties"
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$add_shlibpath"; then
+ case :$compile_shlibpath: in
+ *":$add_shlibpath:"*) ;;
+ *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ esac
+ fi
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+ test -n "$add" && compile_deplibs="$add $compile_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ if test "$hardcode_direct" != yes && \
+ test "$hardcode_minus_L" != yes && \
+ test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ fi
+ fi
+ fi
+
+ if test "$linkmode" = prog || test "$mode" = relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ # Finalize command for both is simple: just hardcode it.
+ if test "$hardcode_direct" = yes; then
+ add="$libdir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$libdir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ add="-l$name"
+ elif test "$hardcode_automatic" = yes; then
+ if test -n "$inst_prefix_dir" &&
+ test -f "$inst_prefix_dir$libdir/$linklib" ; then
+ add="$inst_prefix_dir$libdir/$linklib"
+ else
+ add="$libdir/$linklib"
+ fi
+ else
+ # We cannot seem to hardcode it, guess we'll fake it.
+ add_dir="-L$libdir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ fi
+
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+ test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ fi
+ fi
+ elif test "$linkmode" = prog; then
+ # Here we assume that one of hardcode_direct or hardcode_minus_L
+ # is not unsupported. This is valid on all known static and
+ # shared platforms.
+ if test "$hardcode_direct" != unsupported; then
+ test -n "$old_library" && linklib="$old_library"
+ compile_deplibs="$dir/$linklib $compile_deplibs"
+ finalize_deplibs="$dir/$linklib $finalize_deplibs"
+ else
+ compile_deplibs="-l$name -L$dir $compile_deplibs"
+ finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+ fi
+ elif test "$build_libtool_libs" = yes; then
+ # Not a shared library
+ if test "$deplibs_check_method" != pass_all; then
+ # We're trying link a shared library against a static one
+ # but the system doesn't support it.
+
+ # Just print a warning and add the library to dependency_libs so
+ # that the program can be linked against the static library.
+ $echo
+ $echo "*** Warning: This system can not link to static lib archive $lib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have."
+ if test "$module" = yes; then
+ $echo "*** But as you try to build a module library, libtool will still create "
+ $echo "*** a static module, that should work as long as the dlopening application"
+ $echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ if test -z "$global_symbol_pipe"; then
+ $echo
+ $echo "*** However, this would only work if libtool was able to extract symbol"
+ $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $echo "*** not find such a program. So, this module is probably useless."
+ $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ else
+ deplibs="$dir/$old_library $deplibs"
+ link_static=yes
+ fi
+ fi # link shared/static library?
+
+ if test "$linkmode" = lib; then
+ if test -n "$dependency_libs" &&
+ { test "$hardcode_into_libs" != yes ||
+ test "$build_old_libs" = yes ||
+ test "$link_static" = yes; }; then
+ # Extract -R from dependency_libs
+ temp_deplibs=
+ for libdir in $dependency_libs; do
+ case $libdir in
+ -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
+ case " $xrpath " in
+ *" $temp_xrpath "*) ;;
+ *) xrpath="$xrpath $temp_xrpath";;
+ esac;;
+ *) temp_deplibs="$temp_deplibs $libdir";;
+ esac
+ done
+ dependency_libs="$temp_deplibs"
+ fi
+
+ newlib_search_path="$newlib_search_path $absdir"
+ # Link against this library
+ test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ # ... and its dependency_libs
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ newdependency_libs="$deplib $newdependency_libs"
+ if test "X$duplicate_deps" = "Xyes" ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+
+ if test "$link_all_deplibs" != no; then
+ # Add the search paths of all dependency libraries
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) path="$deplib" ;;
+ *.la)
+ dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$deplib" && dir="."
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
+ absdir="$dir"
+ fi
+ ;;
+ esac
+ if grep "^installed=no" $deplib > /dev/null; then
+ path="$absdir/$objdir"
+ else
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test "$absdir" != "$libdir"; then
+ $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
+ fi
+ path="$absdir"
+ fi
+ depdepl=
+ case $host in
+ *-*-darwin*)
+ # we do not want to link against static libs,
+ # but need to link against shared
+ eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names" ; then
+ for tmp in $deplibrary_names ; do
+ depdepl=$tmp
+ done
+ if test -f "$path/$depdepl" ; then
+ depdepl="$path/$depdepl"
+ fi
+ # do not add paths which are already there
+ case " $newlib_search_path " in
+ *" $path "*) ;;
+ *) newlib_search_path="$newlib_search_path $path";;
+ esac
+ fi
+ path=""
+ ;;
+ *)
+ path="-L$path"
+ ;;
+ esac
+ ;;
+ -l*)
+ case $host in
+ *-*-darwin*)
+ # Again, we only want to link against shared libraries
+ eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"`
+ for tmp in $newlib_search_path ; do
+ if test -f "$tmp/lib$tmp_libs.dylib" ; then
+ eval depdepl="$tmp/lib$tmp_libs.dylib"
+ break
+ fi
+ done
+ path=""
+ ;;
+ *) continue ;;
+ esac
+ ;;
+ *) continue ;;
+ esac
+ case " $deplibs " in
+ *" $path "*) ;;
+ *) deplibs="$path $deplibs" ;;
+ esac
+ case " $deplibs " in
+ *" $depdepl "*) ;;
+ *) deplibs="$depdepl $deplibs" ;;
+ esac
+ done
+ fi # link_all_deplibs != no
+ fi # linkmode = lib
+ done # for deplib in $libs
+ dependency_libs="$newdependency_libs"
+ if test "$pass" = dlpreopen; then
+ # Link the dlpreopened libraries before other libraries
+ for deplib in $save_deplibs; do
+ deplibs="$deplib $deplibs"
+ done
+ fi
+ if test "$pass" != dlopen; then
+ if test "$pass" != conv; then
+ # Make sure lib_search_path contains only unique directories.
+ lib_search_path=
+ for dir in $newlib_search_path; do
+ case "$lib_search_path " in
+ *" $dir "*) ;;
+ *) lib_search_path="$lib_search_path $dir" ;;
+ esac
+ done
+ newlib_search_path=
+ fi
+
+ if test "$linkmode,$pass" != "prog,link"; then
+ vars="deplibs"
+ else
+ vars="compile_deplibs finalize_deplibs"
+ fi
+ for var in $vars dependency_libs; do
+ # Add libraries to $var in reverse order
+ eval tmp_libs=\"\$$var\"
+ new_libs=
+ for deplib in $tmp_libs; do
+ # FIXME: Pedantically, this is the right thing to do, so
+ # that some nasty dependency loop isn't accidentally
+ # broken:
+ #new_libs="$deplib $new_libs"
+ # Pragmatically, this seems to cause very few problems in
+ # practice:
+ case $deplib in
+ -L*) new_libs="$deplib $new_libs" ;;
+ -R*) ;;
+ *)
+ # And here is the reason: when a library appears more
+ # than once as an explicit dependence of a library, or
+ # is implicitly linked in more than once by the
+ # compiler, it is considered special, and multiple
+ # occurrences thereof are not removed. Compare this
+ # with having the same library being listed as a
+ # dependency of multiple other libraries: in this case,
+ # we know (pedantically, we assume) the library does not
+ # need to be listed more than once, so we keep only the
+ # last copy. This is not always right, but it is rare
+ # enough that we require users that really mean to play
+ # such unportable linking tricks to link the library
+ # using -Wl,-lname, so that libtool does not consider it
+ # for duplicate removal.
+ case " $specialdeplibs " in
+ *" $deplib "*) new_libs="$deplib $new_libs" ;;
+ *)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$deplib $new_libs" ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ done
+ tmp_libs=
+ for deplib in $new_libs; do
+ case $deplib in
+ -L*)
+ case " $tmp_libs " in
+ *" $deplib "*) ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ done
+ eval $var=\"$tmp_libs\"
+ done # for var
+ fi
+ # Last step: remove runtime libs from dependency_libs
+ # (they stay in deplibs)
+ tmp_libs=
+ for i in $dependency_libs ; do
+ case " $predeps $postdeps $compiler_lib_search_path " in
+ *" $i "*)
+ i=""
+ ;;
+ esac
+ if test -n "$i" ; then
+ tmp_libs="$tmp_libs $i"
+ fi
+ done
+ dependency_libs=$tmp_libs
+ done # for pass
+ if test "$linkmode" = prog; then
+ dlfiles="$newdlfiles"
+ dlprefiles="$newdlprefiles"
+ fi
+
+ case $linkmode in
+ oldlib)
+ if test -n "$deplibs"; then
+ $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2
+ fi
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$rpath"; then
+ $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$xrpath"; then
+ $echo "$modename: warning: \`-R' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for archives" 1>&2
+ fi
+
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
+ fi
+
+ # Now set the variables for building old libraries.
+ build_libtool_libs=no
+ oldlibs="$output"
+ objs="$objs$old_deplibs"
+ ;;
+
+ lib)
+ # Make sure we only generate libraries of the form `libNAME.la'.
+ case $outputname in
+ lib*)
+ name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ ;;
+ *)
+ if test "$module" = no; then
+ $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ if test "$need_lib_prefix" != no; then
+ # Add the "lib" prefix for modules if required
+ name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ else
+ libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+ fi
+ ;;
+ esac
+
+ if test -n "$objs"; then
+ if test "$deplibs_check_method" != pass_all; then
+ $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
+ exit $EXIT_FAILURE
+ else
+ $echo
+ $echo "*** Warning: Linking the shared library $output against the non-libtool"
+ $echo "*** objects $objs is not portable!"
+ libobjs="$libobjs $objs"
+ fi
+ fi
+
+ if test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
+ fi
+
+ set dummy $rpath
+ if test "$#" -gt 2; then
+ $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
+ fi
+ install_libdir="$2"
+
+ oldlibs=
+ if test -z "$rpath"; then
+ if test "$build_libtool_libs" = yes; then
+ # Building a libtool convenience library.
+ # Some compilers have problems with a `.al' extension so
+ # convenience libraries should have the same extension an
+ # archive normally would.
+ oldlibs="$output_objdir/$libname.$libext $oldlibs"
+ build_libtool_libs=convenience
+ build_old_libs=yes
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
+ fi
+ else
+
+ # Parse the version information argument.
+ save_ifs="$IFS"; IFS=':'
+ set dummy $vinfo 0 0 0
+ IFS="$save_ifs"
+
+ if test -n "$8"; then
+ $echo "$modename: too many parameters to \`-version-info'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # convert absolute version numbers to libtool ages
+ # this retains compatibility with .la files and attempts
+ # to make the code below a bit more comprehensible
+
+ case $vinfo_number in
+ yes)
+ number_major="$2"
+ number_minor="$3"
+ number_revision="$4"
+ #
+ # There are really only two kinds -- those that
+ # use the current revision as the major version
+ # and those that subtract age and use age as
+ # a minor version. But, then there is irix
+ # which has an extra 1 added just for fun
+ #
+ case $version_type in
+ darwin|linux|osf|windows)
+ current=`expr $number_major + $number_minor`
+ age="$number_minor"
+ revision="$number_revision"
+ ;;
+ freebsd-aout|freebsd-elf|sunos)
+ current="$number_major"
+ revision="$number_minor"
+ age="0"
+ ;;
+ irix|nonstopux)
+ current=`expr $number_major + $number_minor - 1`
+ age="$number_minor"
+ revision="$number_minor"
+ ;;
+ esac
+ ;;
+ no)
+ current="$2"
+ revision="$3"
+ age="$4"
+ ;;
+ esac
+
+ # Check that each of the things are valid numbers.
+ case $current in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $revision in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ case $age in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ if test "$age" -gt "$current"; then
+ $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
+ $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Calculate the version variables.
+ major=
+ versuffix=
+ verstring=
+ case $version_type in
+ none) ;;
+
+ darwin)
+ # Like Linux, but with the current version available in
+ # verstring for coding it into the library header
+ major=.`expr $current - $age`
+ versuffix="$major.$age.$revision"
+ # Darwin ld doesn't like 0 for these options...
+ minor_current=`expr $current + 1`
+ verstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ ;;
+
+ freebsd-aout)
+ major=".$current"
+ versuffix=".$current.$revision";
+ ;;
+
+ freebsd-elf)
+ major=".$current"
+ versuffix=".$current";
+ ;;
+
+ irix | nonstopux)
+ major=`expr $current - $age + 1`
+
+ case $version_type in
+ nonstopux) verstring_prefix=nonstopux ;;
+ *) verstring_prefix=sgi ;;
+ esac
+ verstring="$verstring_prefix$major.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$revision
+ while test "$loop" -ne 0; do
+ iface=`expr $revision - $loop`
+ loop=`expr $loop - 1`
+ verstring="$verstring_prefix$major.$iface:$verstring"
+ done
+
+ # Before this point, $major must not contain `.'.
+ major=.$major
+ versuffix="$major.$revision"
+ ;;
+
+ linux)
+ major=.`expr $current - $age`
+ versuffix="$major.$age.$revision"
+ ;;
+
+ osf)
+ major=.`expr $current - $age`
+ versuffix=".$current.$age.$revision"
+ verstring="$current.$age.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$age
+ while test "$loop" -ne 0; do
+ iface=`expr $current - $loop`
+ loop=`expr $loop - 1`
+ verstring="$verstring:${iface}.0"
+ done
+
+ # Make executables depend on our current version.
+ verstring="$verstring:${current}.0"
+ ;;
+
+ sunos)
+ major=".$current"
+ versuffix=".$current.$revision"
+ ;;
+
+ windows)
+ # Use '-' rather than '.', since we only want one
+ # extension on DOS 8.3 filesystems.
+ major=`expr $current - $age`
+ versuffix="-$major"
+ ;;
+
+ *)
+ $echo "$modename: unknown library version type \`$version_type'" 1>&2
+ $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ # Clear the version info if we defaulted, and they specified a release.
+ if test -z "$vinfo" && test -n "$release"; then
+ major=
+ case $version_type in
+ darwin)
+ # we can't check for "0.0" in archive_cmds due to quoting
+ # problems, so we reset it completely
+ verstring=
+ ;;
+ *)
+ verstring="0.0"
+ ;;
+ esac
+ if test "$need_version" = no; then
+ versuffix=
+ else
+ versuffix=".0.0"
+ fi
+ fi
+
+ # Remove version info from name if versioning should be avoided
+ if test "$avoid_version" = yes && test "$need_version" = no; then
+ major=
+ versuffix=
+ verstring=""
+ fi
+
+ # Check to see if the archive will have undefined symbols.
+ if test "$allow_undefined" = yes; then
+ if test "$allow_undefined_flag" = unsupported; then
+ $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
+ build_libtool_libs=no
+ build_old_libs=yes
+ fi
+ else
+ # Don't allow undefined symbols.
+ allow_undefined_flag="$no_undefined_flag"
+ fi
+ fi
+
+ if test "$mode" != relink; then
+ # Remove our outputs, but don't remove object files since they
+ # may have been created when compiling PIC objects.
+ removelist=
+ tempremovelist=`$echo "$output_objdir/*"`
+ for p in $tempremovelist; do
+ case $p in
+ *.$objext)
+ ;;
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+ if test "X$precious_files_regex" != "X"; then
+ if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+ then
+ continue
+ fi
+ fi
+ removelist="$removelist $p"
+ ;;
+ *) ;;
+ esac
+ done
+ if test -n "$removelist"; then
+ $show "${rm}r $removelist"
+ $run ${rm}r $removelist
+ fi
+ fi
+
+ # Now set the variables for building old libraries.
+ if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+ # Transform .lo files to .o files.
+ oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ fi
+
+ # Eliminate all temporary directories.
+ for path in $notinst_path; do
+ lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
+ deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
+ dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
+ done
+
+ if test -n "$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ temp_xrpath=
+ for libdir in $xrpath; do
+ temp_xrpath="$temp_xrpath -R$libdir"
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ dependency_libs="$temp_xrpath $dependency_libs"
+ fi
+ fi
+
+ # Make sure dlfiles contains only unique files that won't be dlpreopened
+ old_dlfiles="$dlfiles"
+ dlfiles=
+ for lib in $old_dlfiles; do
+ case " $dlprefiles $dlfiles " in
+ *" $lib "*) ;;
+ *) dlfiles="$dlfiles $lib" ;;
+ esac
+ done
+
+ # Make sure dlprefiles contains only unique files
+ old_dlprefiles="$dlprefiles"
+ dlprefiles=
+ for lib in $old_dlprefiles; do
+ case "$dlprefiles " in
+ *" $lib "*) ;;
+ *) dlprefiles="$dlprefiles $lib" ;;
+ esac
+ done
+
+ if test "$build_libtool_libs" = yes; then
+ if test -n "$rpath"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
+ # these systems don't actually have a c library (as such)!
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C library is in the System framework
+ deplibs="$deplibs -framework System"
+ ;;
+ *-*-netbsd*)
+ # Don't link with libc until the a.out ld.so is fixed.
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ ;;
+ *)
+ # Add libc to deplibs on all other systems if necessary.
+ if test "$build_libtool_need_lc" = "yes"; then
+ deplibs="$deplibs -lc"
+ fi
+ ;;
+ esac
+ fi
+
+ # Transform deplibs into only deplibs that can be linked in shared.
+ name_save=$name
+ libname_save=$libname
+ release_save=$release
+ versuffix_save=$versuffix
+ major_save=$major
+ # I'm not sure if I'm treating the release correctly. I think
+ # release should show up in the -l (ie -lgmp5) so we don't want to
+ # add it in twice. Is that correct?
+ release=""
+ versuffix=""
+ major=""
+ newdeplibs=
+ droppeddeps=no
+ case $deplibs_check_method in
+ pass_all)
+ # Don't check for shared/static. Everything works.
+ # This might be a little naive. We might want to check
+ # whether the library exists or not. But this is on
+ # osf3 & osf4 and I'm not really sure... Just
+ # implementing what was already the behavior.
+ newdeplibs=$deplibs
+ ;;
+ test_compile)
+ # This code stresses the "libraries are programs" paradigm to its
+ # limits. Maybe even breaks it. We compile a program, linking it
+ # against the deplibs as a proxy for the library. Then we can check
+ # whether they linked in statically or dynamically with ldd.
+ $rm conftest.c
+ cat > conftest.c <<EOF
+ int main() { return 0; }
+EOF
+ $rm conftest
+ $LTCC $LTCFLAGS -o conftest conftest.c $deplibs
+ if test "$?" -eq 0 ; then
+ ldd_output=`ldd conftest`
+ for i in $deplibs; do
+ name=`expr $i : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" -ne "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ deplib_matches=`eval \\$echo \"$library_names_spec\"`
+ set dummy $deplib_matches
+ deplib_match=$2
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: dynamic linker does not accept needed library $i."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which I believe you do not have"
+ $echo "*** because a test_compile did reveal that the linker did not use it for"
+ $echo "*** its dynamic dependency list that programs get resolved with at runtime."
+ fi
+ fi
+ else
+ newdeplibs="$newdeplibs $i"
+ fi
+ done
+ else
+ # Error occurred in the first compile. Let's try to salvage
+ # the situation: Compile a separate program for each library.
+ for i in $deplibs; do
+ name=`expr $i : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" != "0"; then
+ $rm conftest
+ $LTCC $LTCFLAGS -o conftest conftest.c $i
+ # Did it work?
+ if test "$?" -eq 0 ; then
+ ldd_output=`ldd conftest`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ deplib_matches=`eval \\$echo \"$library_names_spec\"`
+ set dummy $deplib_matches
+ deplib_match=$2
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: dynamic linker does not accept needed library $i."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because a test_compile did reveal that the linker did not use this one"
+ $echo "*** as a dynamic dependency that programs can get resolved with at runtime."
+ fi
+ fi
+ else
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning! Library $i is needed by this library but I was not able to"
+ $echo "*** make it link in! You will probably need to install it or some"
+ $echo "*** library that it depends on before this library will be fully"
+ $echo "*** functional. Installing it before continuing would be even better."
+ fi
+ else
+ newdeplibs="$newdeplibs $i"
+ fi
+ done
+ fi
+ ;;
+ file_magic*)
+ set dummy $deplibs_check_method
+ file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ for a_deplib in $deplibs; do
+ name=`expr $a_deplib : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test "$name" != "" && test "$name" != "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ # Follow soft links.
+ if ls -lLd "$potent_lib" 2>/dev/null \
+ | grep " -> " >/dev/null; then
+ continue
+ fi
+ # The statement above tries to avoid entering an
+ # endless loop below, in case of cyclic links.
+ # We might still enter an endless loop, since a link
+ # loop can be closed while we follow links,
+ # but so what?
+ potlib="$potent_lib"
+ while test -h "$potlib" 2>/dev/null; do
+ potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ case $potliblink in
+ [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+ *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ esac
+ done
+ if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
+ | ${SED} 10q \
+ | $EGREP "$file_magic_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: linker path does not have real file for library $a_deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $echo "*** with $libname but no candidates were found. (...for file magic test)"
+ else
+ $echo "*** with $libname and none of the candidates passed a file format test"
+ $echo "*** using a file magic. Last file checked: $potlib"
+ fi
+ fi
+ else
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ fi
+ done # Gone through all deplibs.
+ ;;
+ match_pattern*)
+ set dummy $deplibs_check_method
+ match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+ for a_deplib in $deplibs; do
+ name=`expr $a_deplib : '-l\(.*\)'`
+ # If $name is empty we are operating on a -L argument.
+ if test -n "$name" && test "$name" != "0"; then
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval \\$echo \"$libname_spec\"`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ potlib="$potent_lib" # see symlink-check above in file_magic test
+ if eval $echo \"$potent_lib\" 2>/dev/null \
+ | ${SED} 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $echo
+ $echo "*** Warning: linker path does not have real file for library $a_deplib."
+ $echo "*** I have the capability to make that library automatically link in when"
+ $echo "*** you link to this library. But I can only do this if you have a"
+ $echo "*** shared version of the library, which you do not appear to have"
+ $echo "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $echo "*** with $libname but no candidates were found. (...for regex pattern test)"
+ else
+ $echo "*** with $libname and none of the candidates passed a file format test"
+ $echo "*** using a regex pattern. Last file checked: $potlib"
+ fi
+ fi
+ else
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ fi
+ done # Gone through all deplibs.
+ ;;
+ none | unknown | *)
+ newdeplibs=""
+ tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
+ -e 's/ -[LR][^ ]*//g'`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ for i in $predeps $postdeps ; do
+ # can't use Xsed below, because $i might contain '/'
+ tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"`
+ done
+ fi
+ if $echo "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' \
+ | grep . >/dev/null; then
+ $echo
+ if test "X$deplibs_check_method" = "Xnone"; then
+ $echo "*** Warning: inter-library dependencies are not supported in this platform."
+ else
+ $echo "*** Warning: inter-library dependencies are not known to be supported."
+ fi
+ $echo "*** All declared inter-library dependencies are being dropped."
+ droppeddeps=yes
+ fi
+ ;;
+ esac
+ versuffix=$versuffix_save
+ major=$major_save
+ release=$release_save
+ libname=$libname_save
+ name=$name_save
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ ;;
+ esac
+
+ if test "$droppeddeps" = yes; then
+ if test "$module" = yes; then
+ $echo
+ $echo "*** Warning: libtool could not satisfy all declared inter-library"
+ $echo "*** dependencies of module $libname. Therefore, libtool will create"
+ $echo "*** a static module, that should work as long as the dlopening"
+ $echo "*** application is linked with the -dlopen flag."
+ if test -z "$global_symbol_pipe"; then
+ $echo
+ $echo "*** However, this would only work if libtool was able to extract symbol"
+ $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $echo "*** not find such a program. So, this module is probably useless."
+ $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ else
+ $echo "*** The inter-library dependencies that have been dropped here will be"
+ $echo "*** automatically added whenever a program is linked with this library"
+ $echo "*** or is declared to -dlopen it."
+
+ if test "$allow_undefined" = no; then
+ $echo
+ $echo "*** Since this library must not contain undefined symbols,"
+ $echo "*** because either the platform does not support them or"
+ $echo "*** it was explicitly requested with -no-undefined,"
+ $echo "*** libtool will only create a static version of it."
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ fi
+ fi
+ # Done checking deplibs!
+ deplibs=$newdeplibs
+ fi
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ deplibs="$new_libs"
+
+
+ # All the library-specific variables (install_libdir is set above).
+ library_names=
+ old_library=
+ dlname=
+
+ # Test again, we may have decided not to build it any more
+ if test "$build_libtool_libs" = yes; then
+ if test "$hardcode_into_libs" = yes; then
+ # Hardcode the library paths
+ hardcode_libdirs=
+ dep_rpath=
+ rpath="$finalize_rpath"
+ test "$mode" != relink && rpath="$compile_rpath$rpath"
+ for libdir in $rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ dep_rpath="$dep_rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ if test -n "$hardcode_libdir_flag_spec_ld"; then
+ eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+ else
+ eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+ fi
+ fi
+ if test -n "$runpath_var" && test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+ fi
+ test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+ fi
+
+ shlibpath="$finalize_shlibpath"
+ test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ if test -n "$shlibpath"; then
+ eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+ fi
+
+ # Get the real and link names of the library.
+ eval shared_ext=\"$shrext_cmds\"
+ eval library_names=\"$library_names_spec\"
+ set dummy $library_names
+ realname="$2"
+ shift; shift
+
+ if test -n "$soname_spec"; then
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+ if test -z "$dlname"; then
+ dlname=$soname
+ fi
+
+ lib="$output_objdir/$realname"
+ linknames=
+ for link
+ do
+ linknames="$linknames $link"
+ done
+
+ # Use standard objects if they are pic
+ test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+ $show "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $run $rm $export_symbols
+ cmds=$export_symbols_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ if len=`expr "X$cmd" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ skipped_export=false
+ else
+ # The command line is too long to execute in one step.
+ $show "using reloadable object file for export list..."
+ skipped_export=:
+ # Break out early, otherwise skipped_export may be
+ # set to false by a later but shorter cmd.
+ break
+ fi
+ done
+ IFS="$save_ifs"
+ if test -n "$export_symbols_regex"; then
+ $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
+ $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ $show "$mv \"${export_symbols}T\" \"$export_symbols\""
+ $run eval '$mv "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+ fi
+
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
+ fi
+
+ tmp_deplibs=
+ for test_deplib in $deplibs; do
+ case " $convenience " in
+ *" $test_deplib "*) ;;
+ *)
+ tmp_deplibs="$tmp_deplibs $test_deplib"
+ ;;
+ esac
+ done
+ deplibs="$tmp_deplibs"
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ else
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ libobjs="$libobjs $func_extract_archives_result"
+ fi
+ fi
+
+ if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ eval flag=\"$thread_safe_flag_spec\"
+ linker_flags="$linker_flags $flag"
+ fi
+
+ # Make a backup of the uninstalled library when relinking
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
+ fi
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ eval test_cmds=\"$module_expsym_cmds\"
+ cmds=$module_expsym_cmds
+ else
+ eval test_cmds=\"$module_cmds\"
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ eval test_cmds=\"$archive_expsym_cmds\"
+ cmds=$archive_expsym_cmds
+ else
+ eval test_cmds=\"$archive_cmds\"
+ cmds=$archive_cmds
+ fi
+ fi
+
+ if test "X$skipped_export" != "X:" &&
+ len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ :
+ else
+ # The command line is too long to link in one step, link piecewise.
+ $echo "creating reloadable object files..."
+
+ # Save the value of $output and $libobjs because we want to
+ # use them later. If we have whole_archive_flag_spec, we
+ # want to use save_libobjs as it was before
+ # whole_archive_flag_spec was expanded, because we can't
+ # assume the linker understands whole_archive_flag_spec.
+ # This may have to be revisited, in case too many
+ # convenience libraries get linked in and end up exceeding
+ # the spec.
+ if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ fi
+ save_output=$output
+ output_la=`$echo "X$output" | $Xsed -e "$basename"`
+
+ # Clear the reloadable object creation command queue and
+ # initialize k to one.
+ test_cmds=
+ concat_cmds=
+ objlist=
+ delfiles=
+ last_robj=
+ k=1
+ output=$output_objdir/$output_la-${k}.$objext
+ # Loop over the list of objects to be linked.
+ for obj in $save_libobjs
+ do
+ eval test_cmds=\"$reload_cmds $objlist $last_robj\"
+ if test "X$objlist" = X ||
+ { len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+ test "$len" -le "$max_cmd_len"; }; then
+ objlist="$objlist $obj"
+ else
+ # The command $test_cmds is almost too long, add a
+ # command to the queue.
+ if test "$k" -eq 1 ; then
+ # The first file doesn't have a previous command to add.
+ eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ else
+ # All subsequent reloadable object files will link in
+ # the last one created.
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\"
+ fi
+ last_robj=$output_objdir/$output_la-${k}.$objext
+ k=`expr $k + 1`
+ output=$output_objdir/$output_la-${k}.$objext
+ objlist=$obj
+ len=1
+ fi
+ done
+ # Handle the remaining objects by creating one last
+ # reloadable object file. All subsequent reloadable object
+ # files will link in the last one created.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+
+ if ${skipped_export-false}; then
+ $show "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $run $rm $export_symbols
+ libobjs=$output
+ # Append the command to create the export file.
+ eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\"
+ fi
+
+ # Set up a command to remove the reloadable object files
+ # after they are used.
+ i=0
+ while test "$i" -lt "$k"
+ do
+ i=`expr $i + 1`
+ delfiles="$delfiles $output_objdir/$output_la-${i}.$objext"
+ done
+
+ $echo "creating a temporary reloadable object file: $output"
+
+ # Loop through the commands generated above and execute them.
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $concat_cmds; do
+ IFS="$save_ifs"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ libobjs=$output
+ # Restore the value of output.
+ output=$save_output
+
+ if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ fi
+ # Expand the library linking commands again to reset the
+ # value of $libobjs for piecewise linking.
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ cmds=$module_expsym_cmds
+ else
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ cmds=$archive_expsym_cmds
+ else
+ cmds=$archive_cmds
+ fi
+ fi
+
+ # Append the command to remove the reloadable object files
+ # to the just-reset $cmds.
+ eval cmds=\"\$cmds~\$rm $delfiles\"
+ fi
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
+
+ if test -n "$convenience"; then
+ if test -z "$whole_archive_flag_spec"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r "$gentop"
+ fi
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ # Create links to the real library.
+ for linkname in $linknames; do
+ if test "$realname" != "$linkname"; then
+ $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
+ $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
+ fi
+ done
+
+ # If -module or -export-dynamic was specified, set the dlname.
+ if test "$module" = yes || test "$export_dynamic" = yes; then
+ # On all known operating systems, these are identical.
+ dlname="$soname"
+ fi
+ fi
+ ;;
+
+ obj)
+ if test -n "$deplibs"; then
+ $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
+ fi
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$rpath"; then
+ $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$xrpath"; then
+ $echo "$modename: warning: \`-R' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for objects" 1>&2
+ fi
+
+ case $output in
+ *.lo)
+ if test -n "$objs$old_deplibs"; then
+ $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ libobj="$output"
+ obj=`$echo "X$output" | $Xsed -e "$lo2o"`
+ ;;
+ *)
+ libobj=
+ obj="$output"
+ ;;
+ esac
+
+ # Delete the old objects.
+ $run $rm $obj $libobj
+
+ # Objects from convenience libraries. This assumes
+ # single-version convenience libraries. Whenever we create
+ # different ones for PIC/non-PIC, this we'll have to duplicate
+ # the extraction.
+ reload_conv_objs=
+ gentop=
+ # reload_cmds runs $LD directly, so let us get rid of
+ # -Wl from whole_archive_flag_spec
+ wl=
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
+ else
+ gentop="$output_objdir/${obj}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ reload_conv_objs="$reload_objs $func_extract_archives_result"
+ fi
+ fi
+
+ # Create the old-style object.
+ reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+ output="$obj"
+ cmds=$reload_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+
+ # Exit if we aren't doing a library object file.
+ if test -z "$libobj"; then
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$build_libtool_libs" != yes; then
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ # Create an invalid libtool object if no PIC, so that we don't
+ # accidentally link it into a program.
+ # $show "echo timestamp > $libobj"
+ # $run eval "echo timestamp > $libobj" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test -n "$pic_flag" || test "$pic_mode" != default; then
+ # Only do commands if we really have different PIC objects.
+ reload_objs="$libobjs $reload_conv_objs"
+ output="$libobj"
+ cmds=$reload_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ fi
+
+ if test -n "$gentop"; then
+ $show "${rm}r $gentop"
+ $run ${rm}r $gentop
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ prog)
+ case $host in
+ *cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;;
+ esac
+ if test -n "$vinfo"; then
+ $echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
+ fi
+
+ if test -n "$release"; then
+ $echo "$modename: warning: \`-release' is ignored for programs" 1>&2
+ fi
+
+ if test "$preload" = yes; then
+ if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
+ test "$dlopen_self_static" = unknown; then
+ $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
+ fi
+ fi
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+ ;;
+ esac
+
+ case $host in
+ *darwin*)
+ # Don't allow lazy linking, it breaks C++ global constructors
+ if test "$tagname" = CXX ; then
+ compile_command="$compile_command ${wl}-bind_at_load"
+ finalize_command="$finalize_command ${wl}-bind_at_load"
+ fi
+ ;;
+ esac
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $compile_deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $compile_deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ compile_deplibs="$new_libs"
+
+
+ compile_command="$compile_command $compile_deplibs"
+ finalize_command="$finalize_command $finalize_deplibs"
+
+ if test -n "$rpath$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ for libdir in $rpath $xrpath; do
+ # This is the magic to use -rpath.
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ fi
+
+ # Now hardcode the library paths
+ rpath=
+ hardcode_libdirs=
+ for libdir in $compile_rpath $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+ testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$libdir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$libdir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ compile_rpath="$rpath"
+
+ rpath=
+ hardcode_libdirs=
+ for libdir in $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$finalize_perm_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ finalize_rpath="$rpath"
+
+ if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ # Transform all the library objects into standard objects.
+ compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ fi
+
+ dlsyms=
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ dlsyms="${outputname}S.c"
+ else
+ $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
+ fi
+ fi
+
+ if test -n "$dlsyms"; then
+ case $dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${outputname}.nm"
+
+ $show "$rm $nlist ${nlist}S ${nlist}T"
+ $run $rm "$nlist" "${nlist}S" "${nlist}T"
+
+ # Parse the name list into a source file.
+ $show "creating $output_objdir/$dlsyms"
+
+ test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
+/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
+/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* Prevent the only kind of declaration conflicts we can make. */
+#define lt_preloaded_symbols some_other_symbol
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ $show "generating symbol list for \`$output'"
+
+ test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for arg in $progfiles; do
+ $show "extracting global C symbols from \`$arg'"
+ $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ $run eval '$mv "$nlist"T "$nlist"'
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ $run eval '$mv "$nlist"T "$nlist"'
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $run $rm $export_symbols
+ $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ case $host in
+ *cygwin* | *mingw* )
+ $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ $run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ else
+ $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ $run eval 'mv "$nlist"T "$nlist"'
+ case $host in
+ *cygwin* | *mingw* )
+ $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ $run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ fi
+ fi
+
+ for arg in $dlprefiles; do
+ $show "extracting global C symbols from \`$arg'"
+ name=`$echo "$arg" | ${SED} -e 's%^.*/%%'`
+ $run eval '$echo ": $name " >> "$nlist"'
+ $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -z "$run"; then
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $mv "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if grep -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ grep -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
+ else
+ $echo '/* NONE */' >> "$output_objdir/$dlsyms"
+ fi
+
+ $echo >> "$output_objdir/$dlsyms" "\
+
+#undef lt_preloaded_symbols
+
+#if defined (__STDC__) && __STDC__
+# define lt_ptr void *
+#else
+# define lt_ptr char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+"
+
+ case $host in
+ *cygwin* | *mingw* )
+ $echo >> "$output_objdir/$dlsyms" "\
+/* DATA imports from DLLs on WIN32 can't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs */
+struct {
+"
+ ;;
+ * )
+ $echo >> "$output_objdir/$dlsyms" "\
+const struct {
+"
+ ;;
+ esac
+
+
+ $echo >> "$output_objdir/$dlsyms" "\
+ const char *name;
+ lt_ptr address;
+}
+lt_preloaded_symbols[] =
+{\
+"
+
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
+
+ $echo >> "$output_objdir/$dlsyms" "\
+ {0, (lt_ptr) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ fi
+
+ pic_flag_for_symtable=
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ case "$compile_command " in
+ *" -static "*) ;;
+ *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";;
+ esac;;
+ *-*-hpux*)
+ case "$compile_command " in
+ *" -static "*) ;;
+ *) pic_flag_for_symtable=" $pic_flag";;
+ esac
+ esac
+
+ # Now compile the dynamic symbol file.
+ $show "(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
+ $run eval '(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
+
+ # Clean up the generated files.
+ $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
+ $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
+
+ # Transform the symbol file into the correct name.
+ case $host in
+ *cygwin* | *mingw* )
+ if test -f "$output_objdir/${outputname}.def" ; then
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+ else
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ fi
+ ;;
+ * )
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+ ;;
+ esac
+ ;;
+ *)
+ $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+
+ if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+ # Replace the output file specification.
+ compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command="$compile_command$compile_rpath"
+
+ # We have no uninstalled library dependencies, so finalize right now.
+ $show "$link_command"
+ $run eval "$link_command"
+ exit_status=$?
+
+ # Delete the generated files.
+ if test -n "$dlsyms"; then
+ $show "$rm $output_objdir/${outputname}S.${objext}"
+ $run $rm "$output_objdir/${outputname}S.${objext}"
+ fi
+
+ exit $exit_status
+ fi
+
+ if test -n "$shlibpath_var"; then
+ # We should set the shlibpath_var
+ rpath=
+ for dir in $temp_rpath; do
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*)
+ # Absolute path.
+ rpath="$rpath$dir:"
+ ;;
+ *)
+ # Relative path: add a thisdir entry.
+ rpath="$rpath\$thisdir/$dir:"
+ ;;
+ esac
+ done
+ temp_rpath="$rpath"
+ fi
+
+ if test -n "$compile_shlibpath$finalize_shlibpath"; then
+ compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+ fi
+ if test -n "$finalize_shlibpath"; then
+ finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+ fi
+
+ compile_var=
+ finalize_var=
+ if test -n "$runpath_var"; then
+ if test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ if test -n "$finalize_perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $finalize_perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ fi
+
+ if test "$no_install" = yes; then
+ # We don't need to create a wrapper script.
+ link_command="$compile_var$compile_command$compile_rpath"
+ # Replace the output file specification.
+ link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ # Delete the old output file.
+ $run $rm $output
+ # Link the executable and exit
+ $show "$link_command"
+ $run eval "$link_command" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+ $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
+ $echo "$modename: \`$output' will be relinked during installation" 1>&2
+ else
+ if test "$fast_install" != no; then
+ link_command="$finalize_var$compile_command$finalize_rpath"
+ if test "$fast_install" = yes; then
+ relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ else
+ # fast_install is set to needless
+ relink_command=
+ fi
+ else
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+ fi
+ fi
+
+ # Replace the output file specification.
+ link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+ # Delete the old output files.
+ $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+ $show "$link_command"
+ $run eval "$link_command" || exit $?
+
+ # Now create the wrapper script.
+ $show "creating $output"
+
+ # Quote the relink command for shipping.
+ if test -n "$relink_command"; then
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+ relink_command="$var=\"$var_value\"; export $var; $relink_command"
+ fi
+ done
+ relink_command="(cd `pwd`; $relink_command)"
+ relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Quote $echo for shipping.
+ if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then
+ case $progpath in
+ [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+ *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+ esac
+ qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
+ else
+ qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Only actually do things if our run command is non-null.
+ if test -z "$run"; then
+ # win32 will think the script is a binary if it has
+ # a .exe suffix, so we strip it off here.
+ case $output in
+ *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;;
+ esac
+ # test for cygwin because mv fails w/o .exe extensions
+ case $host in
+ *cygwin*)
+ exeext=.exe
+ outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;;
+ *) exeext= ;;
+ esac
+ case $host in
+ *cygwin* | *mingw* )
+ output_name=`basename $output`
+ output_path=`dirname $output`
+ cwrappersource="$output_path/$objdir/lt-$output_name.c"
+ cwrapper="$output_path/$output_name.exe"
+ $rm $cwrappersource $cwrapper
+ trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+ cat > $cwrappersource <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "/bin/sh $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat >> $cwrappersource<<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# ifndef DIR_SEPARATOR_2
+# define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+# define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+/* -DDEBUG is fairly common in CFLAGS. */
+#undef DEBUG
+#if defined DEBUGWRAPPER
+# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__)
+#else
+# define DEBUG(format, ...)
+#endif
+
+const char *program_name = NULL;
+
+void * xmalloc (size_t num);
+char * xstrdup (const char *string);
+const char * base_name (const char *name);
+char * find_executable(const char *wrapper);
+int check_executable(const char *path);
+char * strendzap(char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int i;
+
+ program_name = (char *) xstrdup (base_name (argv[0]));
+ DEBUG("(main) argv[0] : %s\n",argv[0]);
+ DEBUG("(main) program_name : %s\n",program_name);
+ newargz = XMALLOC(char *, argc+2);
+EOF
+
+ cat >> $cwrappersource <<EOF
+ newargz[0] = (char *) xstrdup("$SHELL");
+EOF
+
+ cat >> $cwrappersource <<"EOF"
+ newargz[1] = find_executable(argv[0]);
+ if (newargz[1] == NULL)
+ lt_fatal("Couldn't find %s", argv[0]);
+ DEBUG("(main) found exe at : %s\n",newargz[1]);
+ /* we know the script has the same name, without the .exe */
+ /* so make sure newargz[1] doesn't end in .exe */
+ strendzap(newargz[1],".exe");
+ for (i = 1; i < argc; i++)
+ newargz[i+1] = xstrdup(argv[i]);
+ newargz[argc+1] = NULL;
+
+ for (i=0; i<argc+1; i++)
+ {
+ DEBUG("(main) newargz[%d] : %s\n",i,newargz[i]);
+ ;
+ }
+
+EOF
+
+ case $host_os in
+ mingw*)
+ cat >> $cwrappersource <<EOF
+ execv("$SHELL",(char const **)newargz);
+EOF
+ ;;
+ *)
+ cat >> $cwrappersource <<EOF
+ execv("$SHELL",newargz);
+EOF
+ ;;
+ esac
+
+ cat >> $cwrappersource <<"EOF"
+ return 127;
+}
+
+void *
+xmalloc (size_t num)
+{
+ void * p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL
+;
+}
+
+const char *
+base_name (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha ((unsigned char)name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return base;
+}
+
+int
+check_executable(const char * path)
+{
+ struct stat st;
+
+ DEBUG("(check_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!");
+ if ((!path) || (!*path))
+ return 0;
+
+ if ((stat (path, &st) >= 0) &&
+ (
+ /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */
+#if defined (S_IXOTH)
+ ((st.st_mode & S_IXOTH) == S_IXOTH) ||
+#endif
+#if defined (S_IXGRP)
+ ((st.st_mode & S_IXGRP) == S_IXGRP) ||
+#endif
+ ((st.st_mode & S_IXUSR) == S_IXUSR))
+ )
+ return 1;
+ else
+ return 0;
+}
+
+/* Searches for the full path of the wrapper. Returns
+ newly allocated full path name if found, NULL otherwise */
+char *
+find_executable (const char* wrapper)
+{
+ int has_slash = 0;
+ const char* p;
+ const char* p_next;
+ /* static buffer for getcwd */
+ char tmp[LT_PATHMAX + 1];
+ int tmp_len;
+ char* concat_name;
+
+ DEBUG("(find_executable) : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!");
+
+ if ((wrapper == NULL) || (*wrapper == '\0'))
+ return NULL;
+
+ /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':')
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ }
+ else
+ {
+#endif
+ if (IS_DIR_SEPARATOR (wrapper[0]))
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ }
+#endif
+
+ for (p = wrapper; *p; p++)
+ if (*p == '/')
+ {
+ has_slash = 1;
+ break;
+ }
+ if (!has_slash)
+ {
+ /* no slashes; search PATH */
+ const char* path = getenv ("PATH");
+ if (path != NULL)
+ {
+ for (p = path; *p; p = p_next)
+ {
+ const char* q;
+ size_t p_len;
+ for (q = p; *q; q++)
+ if (IS_PATH_SEPARATOR(*q))
+ break;
+ p_len = q - p;
+ p_next = (*q == '\0' ? q : q + 1);
+ if (p_len == 0)
+ {
+ /* empty path: current directory */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen(tmp);
+ concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+ }
+ else
+ {
+ concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1);
+ memcpy (concat_name, p, p_len);
+ concat_name[p_len] = '/';
+ strcpy (concat_name + p_len + 1, wrapper);
+ }
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ }
+ }
+ /* not found in PATH; assume curdir */
+ }
+ /* Relative path | not found in path: prepend cwd */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen(tmp);
+ concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+
+ if (check_executable(concat_name))
+ return concat_name;
+ XFREE(concat_name);
+ return NULL;
+}
+
+char *
+strendzap(char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert(str != NULL);
+ assert(pat != NULL);
+
+ len = strlen(str);
+ patlen = strlen(pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp(str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char * mode,
+ const char * message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+EOF
+ # we should really use a build-platform specific compiler
+ # here, but OTOH, the wrappers (shell script and this C one)
+ # are only useful if you want to execute the "real" binary.
+ # Since the "real" binary is built for $host, then this
+ # wrapper might as well be built for $host, too.
+ $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource
+ ;;
+ esac
+ $rm $output
+ trap "$rm $output; exit $EXIT_FAILURE" 1 2 15
+
+ $echo > $output "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variable:
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$echo are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ echo=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$echo works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$echo will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $echo >> $output "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $echo >> $output "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" || \\
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $mkdir \"\$progdir\"
+ else
+ $rm \"\$progdir/\$file\"
+ fi"
+
+ $echo >> $output "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $echo \"\$relink_command_output\" >&2
+ $rm \"\$progdir/\$file\"
+ exit $EXIT_FAILURE
+ fi
+ fi
+
+ $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $rm \"\$progdir/\$program\";
+ $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $rm \"\$progdir/\$file\"
+ fi"
+ else
+ $echo >> $output "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $echo >> $output "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $echo >> $output "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $echo >> $output "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $echo >> $output "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2*)
+ $echo >> $output "\
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $echo >> $output "\
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $echo >> $output "\
+ \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
+ exit $EXIT_FAILURE
+ fi
+ else
+ # The program doesn't exist.
+ \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$echo \"This script is just a wrapper for \$program.\" 1>&2
+ $echo \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit $EXIT_FAILURE
+ fi
+fi\
+"
+ chmod +x $output
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+ esac
+
+ # See if we need to build an old-fashioned archive.
+ for oldlib in $oldlibs; do
+
+ if test "$build_libtool_libs" = convenience; then
+ oldobjs="$libobjs_save"
+ addlibs="$convenience"
+ build_libtool_libs=no
+ else
+ if test "$build_libtool_libs" = module; then
+ oldobjs="$libobjs_save"
+ build_libtool_libs=no
+ else
+ oldobjs="$old_deplibs $non_pic_objects"
+ fi
+ addlibs="$old_convenience"
+ fi
+
+ if test -n "$addlibs"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $addlibs
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # Do each command in the archive commands.
+ if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ cmds=$old_archive_from_new_cmds
+ else
+ # POSIX demands no paths to be encoded in archives. We have
+ # to avoid creating archives with duplicate basenames if we
+ # might have to extract them afterwards, e.g., when creating a
+ # static archive out of a convenience library, or when linking
+ # the entirety of a libtool archive into another (currently
+ # not supported by libtool).
+ if (for obj in $oldobjs
+ do
+ $echo "X$obj" | $Xsed -e 's%^.*/%%'
+ done | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $echo "copying selected object files to avoid basename conflicts..."
+
+ if test -z "$gentop"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ $show "${rm}r $gentop"
+ $run ${rm}r "$gentop"
+ $show "$mkdir $gentop"
+ $run $mkdir "$gentop"
+ exit_status=$?
+ if test "$exit_status" -ne 0 && test ! -d "$gentop"; then
+ exit $exit_status
+ fi
+ fi
+
+ save_oldobjs=$oldobjs
+ oldobjs=
+ counter=1
+ for obj in $save_oldobjs
+ do
+ objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+ case " $oldobjs " in
+ " ") oldobjs=$obj ;;
+ *[\ /]"$objbase "*)
+ while :; do
+ # Make sure we don't pick an alternate name that also
+ # overlaps.
+ newobj=lt$counter-$objbase
+ counter=`expr $counter + 1`
+ case " $oldobjs " in
+ *[\ /]"$newobj "*) ;;
+ *) if test ! -f "$gentop/$newobj"; then break; fi ;;
+ esac
+ done
+ $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+ $run ln "$obj" "$gentop/$newobj" ||
+ $run cp "$obj" "$gentop/$newobj"
+ oldobjs="$oldobjs $gentop/$newobj"
+ ;;
+ *) oldobjs="$oldobjs $obj" ;;
+ esac
+ done
+ fi
+
+ eval cmds=\"$old_archive_cmds\"
+
+ if len=`expr "X$cmds" : ".*"` &&
+ test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ cmds=$old_archive_cmds
+ else
+ # the command line is too long to link in one step, link in parts
+ $echo "using piecewise archive linking..."
+ save_RANLIB=$RANLIB
+ RANLIB=:
+ objlist=
+ concat_cmds=
+ save_oldobjs=$oldobjs
+
+ # Is there a better way of finding the last object in the list?
+ for obj in $save_oldobjs
+ do
+ last_oldobj=$obj
+ done
+ for obj in $save_oldobjs
+ do
+ oldobjs="$objlist $obj"
+ objlist="$objlist $obj"
+ eval test_cmds=\"$old_archive_cmds\"
+ if len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+ test "$len" -le "$max_cmd_len"; then
+ :
+ else
+ # the above command should be used before it gets too long
+ oldobjs=$objlist
+ if test "$obj" = "$last_oldobj" ; then
+ RANLIB=$save_RANLIB
+ fi
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ objlist=
+ fi
+ done
+ RANLIB=$save_RANLIB
+ oldobjs=$objlist
+ if test "X$oldobjs" = "X" ; then
+ eval cmds=\"\$concat_cmds\"
+ else
+ eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+ fi
+ fi
+ fi
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ eval cmd=\"$cmd\"
+ IFS="$save_ifs"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ done
+
+ if test -n "$generated"; then
+ $show "${rm}r$generated"
+ $run ${rm}r$generated
+ fi
+
+ # Now create the libtool archive.
+ case $output in
+ *.la)
+ old_library=
+ test "$build_old_libs" = yes && old_library="$libname.$libext"
+ $show "creating $output"
+
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+ relink_command="$var=\"$var_value\"; export $var; $relink_command"
+ fi
+ done
+ # Quote the link command for shipping.
+ relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ if test "$hardcode_automatic" = yes ; then
+ relink_command=
+ fi
+
+
+ # Only create the output if not a dry run.
+ if test -z "$run"; then
+ for installed in no yes; do
+ if test "$installed" = yes; then
+ if test -z "$install_libdir"; then
+ break
+ fi
+ output="$output_objdir/$outputname"i
+ # Replace all uninstalled libtool libraries with the installed ones
+ newdependency_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ *.la)
+ name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdependency_libs="$newdependency_libs $libdir/$name"
+ ;;
+ *) newdependency_libs="$newdependency_libs $deplib" ;;
+ esac
+ done
+ dependency_libs="$newdependency_libs"
+ newdlfiles=
+ for lib in $dlfiles; do
+ name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdlfiles="$newdlfiles $libdir/$name"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ if test -z "$libdir"; then
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ newdlprefiles="$newdlprefiles $libdir/$name"
+ done
+ dlprefiles="$newdlprefiles"
+ else
+ newdlfiles=
+ for lib in $dlfiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlfiles="$newdlfiles $abs"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlprefiles="$newdlprefiles $abs"
+ done
+ dlprefiles="$newdlprefiles"
+ fi
+ $rm $output
+ # place dlname in correct position for cygwin
+ tdlname=$dlname
+ case $host,$output,$installed,$module,$dlname in
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ esac
+ $echo > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+ if test "$installed" = no && test "$need_relink" = yes; then
+ $echo >> $output "\
+relink_command=\"$relink_command\""
+ fi
+ done
+ fi
+
+ # Do a symbolic link so that the libtool archive can be found in
+ # LD_LIBRARY_PATH before the program is installed.
+ $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
+ $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
+ ;;
+ esac
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool install mode
+ install)
+ modename="$modename: install"
+
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $echo "X$nonopt" | grep shtool > /dev/null; then
+ # Aesthetically quote it.
+ arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$arg "
+ arg="$1"
+ shift
+ else
+ install_prog=
+ arg=$nonopt
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$install_prog$arg"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest=$arg
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f)
+ case " $install_prog " in
+ *[\\\ /]cp\ *) ;;
+ *) prev=$arg ;;
+ esac
+ ;;
+ -g | -m | -o) prev=$arg ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*)
+ ;;
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest=$arg
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+ case $arg in
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ arg="\"$arg\""
+ ;;
+ esac
+ install_prog="$install_prog $arg"
+ done
+
+ if test -z "$install_prog"; then
+ $echo "$modename: you must specify an install program" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$prev"; then
+ $echo "$modename: the \`$prev' option requires an argument" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ $echo "$modename: no file or destination specified" 1>&2
+ else
+ $echo "$modename: you must specify a destination" 1>&2
+ fi
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Strip any trailing slash from the destination.
+ dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$destdir" = "X$dest" && destdir=.
+ destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files
+ if test "$#" -gt 2; then
+ $echo "$modename: \`$dest' is not a directory" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ library_names=
+ old_library=
+ relink_command=
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
+ test "X$dir" = "X$file/" && dir=
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ if test "$inst_prefix_dir" = "$destdir"; then
+ $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
+ fi
+
+ $echo "$modename: warning: relinking \`$file'" 1>&2
+ $show "$relink_command"
+ if $run eval "$relink_command"; then :
+ else
+ $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names
+ if test -n "$2"; then
+ realname="$2"
+ shift
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ $show "$install_prog $dir/$srcname $destdir/$realname"
+ $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
+ if test -n "$stripme" && test -n "$striplib"; then
+ $show "$striplib $destdir/$realname"
+ $run eval "$striplib $destdir/$realname" || exit $?
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ # Try `ln -sf' first, because the `ln' binary might depend on
+ # the symlink we replace! Solaris /bin/ln does not understand -f,
+ # so we also need to try rm && ln -s.
+ for linkname
+ do
+ if test "$linkname" != "$realname"; then
+ $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+ $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+ fi
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ cmds=$postinstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+ fi
+
+ # Install the pseudo-library for information purposes.
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ instname="$dir/$name"i
+ $show "$install_prog $instname $destdir/$name"
+ $run eval "$install_prog $instname $destdir/$name" || exit $?
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ if test -n "$destfile"; then
+ $show "$install_prog $file $destfile"
+ $run eval "$install_prog $file $destfile" || exit $?
+ fi
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
+
+ $show "$install_prog $staticobj $staticdest"
+ $run eval "$install_prog \$staticobj \$staticdest" || exit $?
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ file=`$echo $file|${SED} 's,.exe$,,'`
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin*|*mingw*)
+ wrapper=`$echo $file | ${SED} -e 's,.exe$,,'`
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then
+ notinst_deplibs=
+ relink_command=
+
+ # Note that it is not necessary on cygwin/mingw to append a dot to
+ # foo even if both foo and FILE.exe exist: automatic-append-.exe
+ # behavior happens only for exec(3), not for open(2)! Also, sourcing
+ # `FILE.' does not work on cygwin managed mounts.
+ #
+ # If there is no directory component, then add one.
+ case $wrapper in
+ */* | *\\*) . ${wrapper} ;;
+ *) . ./${wrapper} ;;
+ esac
+
+ # Check the variables that should have been set.
+ if test -z "$notinst_deplibs"; then
+ $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ # If there is no directory component, then add one.
+ case $lib in
+ */* | *\\*) . $lib ;;
+ *) . ./$lib ;;
+ esac
+ fi
+ libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ # Note that it is not necessary on cygwin/mingw to append a dot to
+ # foo even if both foo and FILE.exe exist: automatic-append-.exe
+ # behavior happens only for exec(3), not for open(2)! Also, sourcing
+ # `FILE.' does not work on cygwin managed mounts.
+ #
+ # If there is no directory component, then add one.
+ case $wrapper in
+ */* | *\\*) . ${wrapper} ;;
+ *) . ./${wrapper} ;;
+ esac
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ if test "$finalize" = yes && test -z "$run"; then
+ tmpdir=`func_mktempdir`
+ file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $show "$relink_command"
+ if $run eval "$relink_command"; then :
+ else
+ $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+ ${rm}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ $echo "$modename: warning: cannot relink \`$file'" 1>&2
+ fi
+ else
+ # Install the binary that we compiled earlier.
+ file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyway
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'`
+ ;;
+ esac
+ ;;
+ esac
+ $show "$install_prog$stripme $file $destfile"
+ $run eval "$install_prog\$stripme \$file \$destfile" || exit $?
+ test -n "$outputname" && ${rm}r "$tmpdir"
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ $show "$install_prog $file $oldlib"
+ $run eval "$install_prog \$file \$oldlib" || exit $?
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ $show "$old_striplib $oldlib"
+ $run eval "$old_striplib $oldlib" || exit $?
+ fi
+
+ # Do each command in the postinstall commands.
+ cmds=$old_postinstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || exit $?
+ done
+ IFS="$save_ifs"
+ done
+
+ if test -n "$future_libdirs"; then
+ $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
+ fi
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ test -n "$run" && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+ ;;
+
+ # libtool finish mode
+ finish)
+ modename="$modename: finish"
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ cmds=$finish_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd" || admincmds="$admincmds
+ $cmd"
+ done
+ IFS="$save_ifs"
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $run eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ test "$show" = : && exit $EXIT_SUCCESS
+
+ $echo "X----------------------------------------------------------------------" | $Xsed
+ $echo "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $echo " $libdir"
+ done
+ $echo
+ $echo "If you ever happen to want to link against installed libraries"
+ $echo "in a given directory, LIBDIR, you must either use libtool, and"
+ $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $echo "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $echo " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $echo " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $echo " - add LIBDIR to the \`$runpath_var' environment variable"
+ $echo " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $echo " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $echo " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $echo
+ $echo "See any operating system documentation about shared libraries for"
+ $echo "more information, such as the ld(1) and ld.so(8) manual pages."
+ $echo "X----------------------------------------------------------------------" | $Xsed
+ exit $EXIT_SUCCESS
+ ;;
+
+ # libtool execute mode
+ execute)
+ modename="$modename: execute"
+
+ # The first argument is the command name.
+ cmd="$nonopt"
+ if test -z "$cmd"; then
+ $echo "$modename: you must specify a COMMAND" 1>&2
+ $echo "$help"
+ exit $EXIT_FAILURE
+ fi
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ if test ! -f "$file"; then
+ $echo "$modename: \`$file' is not a file" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+ else
+ $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$file" && dir=.
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
+ exit $EXIT_FAILURE
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ test "X$dir" = "X$file" && dir=.
+ ;;
+
+ *)
+ $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ # If there is no directory component, then add one.
+ case $file in
+ */* | *\\*) . $file ;;
+ *) . ./$file ;;
+ esac
+
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
+ args="$args \"$file\""
+ done
+
+ if test -z "$run"; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ if test "${save_LC_ALL+set}" = set; then
+ LC_ALL="$save_LC_ALL"; export LC_ALL
+ fi
+ if test "${save_LANG+set}" = set; then
+ LANG="$save_LANG"; export LANG
+ fi
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
+ $echo "export $shlibpath_var"
+ fi
+ $echo "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+ ;;
+
+ # libtool clean and uninstall mode
+ clean | uninstall)
+ modename="$modename: $mode"
+ rm="$nonopt"
+ files=
+ rmforce=
+ exit_status=0
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ for arg
+ do
+ case $arg in
+ -f) rm="$rm $arg"; rmforce=yes ;;
+ -*) rm="$rm $arg" ;;
+ *) files="$files $arg" ;;
+ esac
+ done
+
+ if test -z "$rm"; then
+ $echo "$modename: you must specify an RM program" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ rmdirs=
+
+ origobjdir="$objdir"
+ for file in $files; do
+ dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+ if test "X$dir" = "X$file"; then
+ dir=.
+ objdir="$origobjdir"
+ else
+ objdir="$dir/$origobjdir"
+ fi
+ name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+ test "$mode" = uninstall && objdir="$dir"
+
+ # Remember objdir for removal later, being careful to avoid duplicates
+ if test "$mode" = clean; then
+ case " $rmdirs " in
+ *" $objdir "*) ;;
+ *) rmdirs="$rmdirs $objdir" ;;
+ esac
+ fi
+
+ # Don't error if the file doesn't exist and rm -f was used.
+ if (test -L "$file") >/dev/null 2>&1 \
+ || (test -h "$file") >/dev/null 2>&1 \
+ || test -f "$file"; then
+ :
+ elif test -d "$file"; then
+ exit_status=1
+ continue
+ elif test "$rmforce" = yes; then
+ continue
+ fi
+
+ rmfiles="$file"
+
+ case $name in
+ *.la)
+ # Possibly a libtool archive, so verify it.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ . $dir/$name
+
+ # Delete the libtool libraries and symlinks.
+ for n in $library_names; do
+ rmfiles="$rmfiles $objdir/$n"
+ done
+ test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+ case "$mode" in
+ clean)
+ case " $library_names " in
+ # " " in the beginning catches empty $dlname
+ *" $dlname "*) ;;
+ *) rmfiles="$rmfiles $objdir/$dlname" ;;
+ esac
+ test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+ ;;
+ uninstall)
+ if test -n "$library_names"; then
+ # Do each command in the postuninstall commands.
+ cmds=$postuninstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd"
+ if test "$?" -ne 0 && test "$rmforce" != yes; then
+ exit_status=1
+ fi
+ done
+ IFS="$save_ifs"
+ fi
+
+ if test -n "$old_library"; then
+ # Do each command in the old_postuninstall commands.
+ cmds=$old_postuninstall_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $show "$cmd"
+ $run eval "$cmd"
+ if test "$?" -ne 0 && test "$rmforce" != yes; then
+ exit_status=1
+ fi
+ done
+ IFS="$save_ifs"
+ fi
+ # FIXME: should reinstall the best remaining shared library.
+ ;;
+ esac
+ fi
+ ;;
+
+ *.lo)
+ # Possibly a libtool object, so verify it.
+ if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+
+ # Read the .lo file
+ . $dir/$name
+
+ # Add PIC object to the list of files to remove.
+ if test -n "$pic_object" \
+ && test "$pic_object" != none; then
+ rmfiles="$rmfiles $dir/$pic_object"
+ fi
+
+ # Add non-PIC object to the list of files to remove.
+ if test -n "$non_pic_object" \
+ && test "$non_pic_object" != none; then
+ rmfiles="$rmfiles $dir/$non_pic_object"
+ fi
+ fi
+ ;;
+
+ *)
+ if test "$mode" = clean ; then
+ noexename=$name
+ case $file in
+ *.exe)
+ file=`$echo $file|${SED} 's,.exe$,,'`
+ noexename=`$echo $name|${SED} 's,.exe$,,'`
+ # $file with .exe has already been added to rmfiles,
+ # add $file without .exe
+ rmfiles="$rmfiles $file"
+ ;;
+ esac
+ # Do a test to see if this is a libtool program.
+ if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+ relink_command=
+ . $dir/$noexename
+
+ # note $name still contains .exe if it was in $file originally
+ # as does the version of $file that was added into $rmfiles
+ rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ if test "$fast_install" = yes && test -n "$relink_command"; then
+ rmfiles="$rmfiles $objdir/lt-$name"
+ fi
+ if test "X$noexename" != "X$name" ; then
+ rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ fi
+ fi
+ fi
+ ;;
+ esac
+ $show "$rm $rmfiles"
+ $run $rm $rmfiles || exit_status=1
+ done
+ objdir="$origobjdir"
+
+ # Try to remove the ${objdir}s in the directories where we deleted files
+ for dir in $rmdirs; do
+ if test -d "$dir"; then
+ $show "rmdir $dir"
+ $run rmdir $dir >/dev/null 2>&1
+ fi
+ done
+
+ exit $exit_status
+ ;;
+
+ "")
+ $echo "$modename: you must specify a MODE" 1>&2
+ $echo "$generic_help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+ esac
+
+ if test -z "$exec_cmd"; then
+ $echo "$modename: invalid operation mode \`$mode'" 1>&2
+ $echo "$generic_help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+fi # test -z "$show_help"
+
+if test -n "$exec_cmd"; then
+ eval exec $exec_cmd
+ exit $EXIT_FAILURE
+fi
+
+# We need to display help for each of the modes.
+case $mode in
+"") $echo \
+"Usage: $modename [OPTION]... [MODE-ARG]...
+
+Provide generalized library-building support services.
+
+ --config show all configuration variables
+ --debug enable verbose shell tracing
+-n, --dry-run display commands without modifying any files
+ --features display basic configuration information and exit
+ --finish same as \`--mode=finish'
+ --help display this help message and exit
+ --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS]
+ --quiet same as \`--silent'
+ --silent don't print informational messages
+ --tag=TAG use configuration variables from tag TAG
+ --version print version information
+
+MODE must be one of the following:
+
+ clean remove files from the build directory
+ compile compile a source file into a libtool object
+ execute automatically set library path, then run a program
+ finish complete the installation of libtool libraries
+ install install libraries or executables
+ link create a library or an executable
+ uninstall remove libraries from an installed directory
+
+MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for
+a more detailed description of MODE.
+
+Report bugs to <bug-libtool at gnu.org>."
+ exit $EXIT_SUCCESS
+ ;;
+
+clean)
+ $echo \
+"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+compile)
+ $echo \
+"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -static always build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+execute)
+ $echo \
+"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+finish)
+ $echo \
+"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+install)
+ $echo \
+"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+link)
+ $echo \
+"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -static do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+uninstall)
+ $echo \
+"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+*)
+ $echo "$modename: invalid operation mode \`$mode'" 1>&2
+ $echo "$help" 1>&2
+ exit $EXIT_FAILURE
+ ;;
+esac
+
+$echo
+$echo "Try \`$modename --help' for more information about other modes."
+
+exit $?
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries. Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them. This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration. But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+disable_libs=shared
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+disable_libs=static
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
Added: vendor-crypto/heimdal/dist/missing
===================================================================
--- vendor-crypto/heimdal/dist/missing (rev 0)
+++ vendor-crypto/heimdal/dist/missing 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,367 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2006-05-10.23
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
+# Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard at iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+ configure_ac=configure.ac
+else
+ configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+ # Try to run requested program, and just exit if it succeeds.
+ run=
+ shift
+ "$@" && exit 0
+ # Exit code 63 means version mismatch. This often happens
+ # when the user try to use an ancient version of a tool on
+ # a file that requires a minimum version. In this case we
+ # we should proceed has if the program had been absent, or
+ # if --run hadn't been passed.
+ if test $? = 63; then
+ run=:
+ msg="probably too old"
+ fi
+ ;;
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+ --run try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ help2man touch the output file
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ tar try tar, gnutar, gtar, then tar without non-portable flags
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Send bug reports to <bug-automake at gnu.org>."
+ exit $?
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing $scriptversion (GNU Automake)"
+ exit $?
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+esac
+
+# Now exit if we have it, but it failed. Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).
+case $1 in
+ lex|yacc)
+ # Not GNU programs, they don't have --version.
+ ;;
+
+ tar)
+ if test -n "$run"; then
+ echo 1>&2 "ERROR: \`tar' requires --run"
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ exit 1
+ fi
+ ;;
+
+ *)
+ if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+ # We have it, but it failed.
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ # Could not run --version or --help. This is probably someone
+ # running `$TOOL --version' or `$TOOL --help' to check whether
+ # $TOOL exists and not knowing $TOOL uses missing.
+ exit 1
+ fi
+ ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $1 in
+ aclocal*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acinclude.m4' or \`${configure_ac}'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`${configure_ac}'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acconfig.h' or \`${configure_ac}'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case $f in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ autom4te)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them.
+ You can get \`$1' as part of \`Autoconf' from any GNU
+ archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo "#! /bin/sh"
+ echo "# Created by GNU Automake missing as a replacement of"
+ echo "# $ $@"
+ echo "exit 0"
+ chmod +x $file
+ exit 1
+ fi
+ ;;
+
+ bison|yacc)
+ echo 1>&2 "\
+WARNING: \`$1' $msg. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f y.tab.h; then
+ echo >y.tab.h
+ fi
+ if test ! -f y.tab.c; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex|flex)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f lex.yy.c; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ help2man)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a dependency of a manual page. You may need the
+ \`Help2man' package in order for those modifications to take
+ effect. You can get \`Help2man' from any GNU archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo ".ab help2man is required to generate this page"
+ exit 1
+ fi
+ ;;
+
+ makeinfo)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ # The file to touch is that specified with -o ...
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -z "$file"; then
+ # ... or it is the one specified with @setfilename ...
+ infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
+ # ... or it is derived from the source name (dir/f.texi becomes f.info)
+ test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+ fi
+ # If the file does not exist, the user really needs makeinfo;
+ # let's fail without touching anything.
+ test -f $file || exit 1
+ touch $file
+ ;;
+
+ tar)
+ shift
+
+ # We have already tried tar in the generic part.
+ # Look for gnutar/gtar before invocation to avoid ugly error
+ # messages.
+ if (gnutar --version > /dev/null 2>&1); then
+ gnutar "$@" && exit 0
+ fi
+ if (gtar --version > /dev/null 2>&1); then
+ gtar "$@" && exit 0
+ fi
+ firstarg="$1"
+ if shift; then
+ case $firstarg in
+ *o*)
+ firstarg=`echo "$firstarg" | sed s/o//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ case $firstarg in
+ *h*)
+ firstarg=`echo "$firstarg" | sed s/h//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ fi
+
+ echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+ You may want to install GNU tar or Free paxutils, or check the
+ command line arguments."
+ exit 1
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequisites for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
Added: vendor-crypto/heimdal/dist/packages/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/packages/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/packages/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,26 @@
+2007-12-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mac/Makefile.am: Rename Info.plist.in Info.plist.
+
+ * mac/mac.sh: Adapt to macos 10.5 packagemaker
+
+ * mac/Info.plist{,.in}: Rename, content static now
+
+ * mac/Info.plist.in: set version number via makepackage
+
+2007-12-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mac/mac.sh: Packagemaker switch location.
+
+2007-10-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: SUBDIRS += debian
+
+ * debian: EXTRA_DIST
+
+2006-11-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * mac/mac.sh: clean after ourself.
+
+ * mac/mac.sh: how to build a mac package
+
Added: vendor-crypto/heimdal/dist/packages/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/packages/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/packages/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,6 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS= mac debian
+
Added: vendor-crypto/heimdal/dist/packages/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/packages/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/packages/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,815 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+subdir = packages
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SUBDIRS = mac debian
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps packages/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps packages/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/packages/debian/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+EXTRA_DIST = \
+ README \
+ README.Debian \
+ changelog \
+ compat \
+ control \
+ copyright \
+ extras/default \
+ extras/kadmind.acl \
+ extras/kdc.conf \
+ heimdal-clients-x.install \
+ heimdal-clients.install \
+ heimdal-clients.postinst \
+ heimdal-clients.prerm \
+ heimdal-dev.install \
+ heimdal-docs.install \
+ heimdal-kcm.init \
+ heimdal-kcm.install \
+ heimdal-kdc.dirs \
+ heimdal-kdc.examples \
+ heimdal-kdc.init \
+ heimdal-kdc.install \
+ heimdal-kdc.logrotate \
+ heimdal-kdc.postinst \
+ heimdal-kdc.postrm \
+ heimdal-kdc.templates \
+ heimdal-servers-x.dirs \
+ heimdal-servers-x.install \
+ heimdal-servers-x.postinst \
+ heimdal-servers-x.postrm \
+ heimdal-servers-x.prerm \
+ heimdal-servers.dirs \
+ heimdal-servers.install \
+ heimdal-servers.postinst \
+ heimdal-servers.postrm \
+ heimdal-servers.prerm \
+ libasn1-8-heimdal.install \
+ libasn1-8-heimdal.postinst.debhelper \
+ libasn1-8-heimdal.postrm.debhelper \
+ libasn1-8-heimdal.substvars \
+ libgssapi2-heimdal.install \
+ libgssapi2-heimdal.postinst.debhelper \
+ libgssapi2-heimdal.postrm.debhelper \
+ libgssapi2-heimdal.substvars \
+ libhdb9-heimdal.install \
+ libhdb9-heimdal.postinst.debhelper \
+ libhdb9-heimdal.postrm.debhelper \
+ libhdb9-heimdal.substvars \
+ libkadm5clnt7-heimdal.install \
+ libkadm5clnt7-heimdal.postinst.debhelper \
+ libkadm5clnt7-heimdal.postrm.debhelper \
+ libkadm5clnt7-heimdal.substvars \
+ libkadm5srv7-heimdal.install \
+ libkadm5srv8-heimdal.install \
+ libkafs0-heimdal.install \
+ libkrb5-22-heimdal.install \
+ libkrb5-22-heimdal.postinst.debhelper \
+ libkrb5-22-heimdal.postrm.debhelper \
+ libkrb5-22-heimdal.substvars \
+ libotp0-heimdal.install \
+ libroken18-heimdal.install \
+ libroken18-heimdal.postinst.debhelper \
+ libroken18-heimdal.postrm.debhelper \
+ libroken18-heimdal.substvars \
+ libsl0-heimdal.install \
+ patches/021_debian \
+ patches/022_ftp-roken-glob \
+ patches/022_openafs \
+ patches/025_pthreads \
+ patches/026_posix_max \
+ po/POTFILES.in \
+ po/cs.po \
+ po/da.po \
+ po/de.po \
+ po/es.po \
+ po/fr.po \
+ po/gl.po \
+ po/ja.po \
+ po/nl.po \
+ po/pt.po \
+ po/pt_BR.po \
+ po/ru.po \
+ po/sv.po \
+ po/templates.pot \
+ po/vi.po \
+ rules \
+ scripts/convert_source
Added: vendor-crypto/heimdal/dist/packages/debian/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,745 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = packages/debian
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+EXTRA_DIST = \
+ README \
+ README.Debian \
+ changelog \
+ compat \
+ control \
+ copyright \
+ extras/default \
+ extras/kadmind.acl \
+ extras/kdc.conf \
+ heimdal-clients-x.install \
+ heimdal-clients.install \
+ heimdal-clients.postinst \
+ heimdal-clients.prerm \
+ heimdal-dev.install \
+ heimdal-docs.install \
+ heimdal-kcm.init \
+ heimdal-kcm.install \
+ heimdal-kdc.dirs \
+ heimdal-kdc.examples \
+ heimdal-kdc.init \
+ heimdal-kdc.install \
+ heimdal-kdc.logrotate \
+ heimdal-kdc.postinst \
+ heimdal-kdc.postrm \
+ heimdal-kdc.templates \
+ heimdal-servers-x.dirs \
+ heimdal-servers-x.install \
+ heimdal-servers-x.postinst \
+ heimdal-servers-x.postrm \
+ heimdal-servers-x.prerm \
+ heimdal-servers.dirs \
+ heimdal-servers.install \
+ heimdal-servers.postinst \
+ heimdal-servers.postrm \
+ heimdal-servers.prerm \
+ libasn1-8-heimdal.install \
+ libasn1-8-heimdal.postinst.debhelper \
+ libasn1-8-heimdal.postrm.debhelper \
+ libasn1-8-heimdal.substvars \
+ libgssapi2-heimdal.install \
+ libgssapi2-heimdal.postinst.debhelper \
+ libgssapi2-heimdal.postrm.debhelper \
+ libgssapi2-heimdal.substvars \
+ libhdb9-heimdal.install \
+ libhdb9-heimdal.postinst.debhelper \
+ libhdb9-heimdal.postrm.debhelper \
+ libhdb9-heimdal.substvars \
+ libkadm5clnt7-heimdal.install \
+ libkadm5clnt7-heimdal.postinst.debhelper \
+ libkadm5clnt7-heimdal.postrm.debhelper \
+ libkadm5clnt7-heimdal.substvars \
+ libkadm5srv7-heimdal.install \
+ libkadm5srv8-heimdal.install \
+ libkafs0-heimdal.install \
+ libkrb5-22-heimdal.install \
+ libkrb5-22-heimdal.postinst.debhelper \
+ libkrb5-22-heimdal.postrm.debhelper \
+ libkrb5-22-heimdal.substvars \
+ libotp0-heimdal.install \
+ libroken18-heimdal.install \
+ libroken18-heimdal.postinst.debhelper \
+ libroken18-heimdal.postrm.debhelper \
+ libroken18-heimdal.substvars \
+ libsl0-heimdal.install \
+ patches/021_debian \
+ patches/022_ftp-roken-glob \
+ patches/022_openafs \
+ patches/025_pthreads \
+ patches/026_posix_max \
+ po/POTFILES.in \
+ po/cs.po \
+ po/da.po \
+ po/de.po \
+ po/es.po \
+ po/fr.po \
+ po/gl.po \
+ po/ja.po \
+ po/nl.po \
+ po/pt.po \
+ po/pt_BR.po \
+ po/ru.po \
+ po/sv.po \
+ po/templates.pot \
+ po/vi.po \
+ rules \
+ scripts/convert_source
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps packages/debian/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps packages/debian/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/packages/debian/README
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/README (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/README 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+
+d=ubuntu/gutsy
+
+mkdir foo
+cd foo
+svn co .... heimdal-src
+cd heimdal-src
+ln -s packages/debian
+test -f configure || autoreconf -f -i
+fakeroot debian/rules binary
+cd ..
+cp *.deb /afs/pdc.kth.se/public/ftp/pub/heimdal/binaries/$dist
+cd /afs/pdc.kth.se/public/ftp/pub/heimdal/binaries/$dist
+dpkg-scanpackages . /dev/null 2> /dev/null | gzip -9 > Packages.gz
+
Added: vendor-crypto/heimdal/dist/packages/debian/README.Debian
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/README.Debian (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/README.Debian 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,120 @@
+Note on ksu
+-----------
+This program is not installed setuid root be default. If you want to
+install it setuid root, then you can override the package permissions
+with:
+
+dpkg-statoverride --update --add root root 4755 /usr/bin/ksu
+
+Note on ipropd and/or hpropd
+----------------------------
+The following entries may be required in you /etc/services
+file (see bug #139845):
+
+krb_prop 754/tcp # Kerberos slave propagation
+iprop 2121/tcp # incremental propagation
+
+Note on kerberos.8 man page
+---------------------------
+This man page is not currently included due to conflict with kerberos4kth-kdc
+package. For more information on Kerberos, see:
+http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
+
+Installing heimdal for Debian
+-----------------------------
+(Note: if you do not have a krb4 KDC, you may need to include
+"krb4_get_tickets = no" in the [libdefaults] section of
+kdc.conf; otherwise kinit will complain with an error).
+
+Things you will have to do manually (see info documentation for
+details):
+
+On KDC:
+1. Add adminstrator keys using kadmin.
+
+For example:
+# kadmin -l
+kadmin> add bam/admin
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
+Attributes []:
+bam/admin at CHOCBIT.ORG.AU's Password:
+Verifying password - bam/admin at CHOCBIT.ORG.AU's Password:
+
+2. Add kadmin/admin key to KDC:
+
+For example:
+# kadmin -l
+kadmin> add -r kadmin/admin at CHOCBIT.ORG.AU
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
+Attributes []:
+
+(note: this key doesn't need to be extracted).
+
+3. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl
+
+For example:
+echo 'bam/admin at CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl
+
+4. Test.
+
+For example:
+# kadmin -p bam/admin
+bam/admin at CHOCBIT.ORG.AU's Password:
+kadmin> list *
+[should list all keys]
+
+5. Add user keys
+
+For example:
+# kadmin -p bam/admin
+bam/admin at CHOCBIT.ORG.AU's Password:
+kadmin> add bam
+
+
+On other computers:
+1. If you installed heimdal-clients-x or heimdal-servers-x,
+then you will need to add the following entry to /etc/services
+kx 2111/tcp # X over kerberos
+(check to make sure this doesn't already exist).
+2. edit /etc/krb5.conf
+3. setup secret keys each computer, using kadmin and/or ktutil.
+
+For example, on remote computer dewey.chocbit.org.au:
+bam/admin at CHOCBIT.ORG.AU's Password:
+kadmin> add -r host/dewey.chocbit.org.au
+[...]
+kadmin> ext host/dewey.chocbit.org.au
+kadmin> add -r ftp/dewey.chocbit.org.au
+[...]
+kadmin> ext ftp/dewey.chocbit.org.au
+
+The ext command extracts keys to /etc/krb5.keytab, where
+they can be inspected with the "ktutil list" command at the
+shell prompt.
+
+Tell me if any files conflict with any other package - do not
+try to force the package to install, otherwise things may break...
+In general, this package conflicts with kerberos4kth and
+probably MIT Kerberos (not packaged as of potato). Local
+installations under /usr/local should be OK.
+
+Changes from upstream source:
+1. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/<user>
+in that order.
+2. /var/lib/heimdal-kdc used instead of /var/heimdal
+3. /usr/bin/login moved to /usr/lib/heimdal-servers
+4. /usr/lib/heimdal-servers used instead of /usr/libexec
+5. telnet and ftp have been renamed to ktelnet and kftp, and
+use the update-alternatives mechanism. In the future, this
+should allow heimdal-clients to exist at the same time
+as telnet-ssl.
+6. kdc config files kdc.conf and kadmind.acl stored in
+/etc/heimdal-kdc instead of /usr/lib/heimdal-servers.
+
+ -- Brian May <bam at debian.org>, Wed, 8 Dec 1999 11:54:13 +1100
Added: vendor-crypto/heimdal/dist/packages/debian/changelog
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/changelog (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/changelog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,1168 @@
+heimdal (1.0.2RC5.dfsg.1) gutsy; urgency=low
+
+ * New version
+
+ -- Love H\xF6rnquist \xC5strand <lha at h5l.se> Mon, 4 Dec 2007 17:54:28 -0200
+
+heimdal (1.0.2RC2.dfsg.1) gutsy; urgency=low
+
+ * New version
+
+ * Add new libs
+
+ -- Love H\xF6rnquist \xC5strand <lha at h5l.se> Fri, 19 Oct 2007 17:54:28 -0200
+
+heimdal (0.7.2.dfsg.1-10ubuntu2) gutsy; urgency=low
+
+ * debian/control:
+ - Actually added openbsd-inetd | inet-superserver to heimdal-servers'
+ dependencies (LP: #123782).
+ - DebainMaintainerField foo
+
+ -- Rick Clark <rick.clark at ubuntu.com> Tue, 03 Jul 2007 19:58:47 -0400
+
+heimdal (0.7.2.dfsg.1-10ubuntu1) feisty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Add update-inetd to heimdal-servers and heimdal-kdc's dependencies
+ - Add openbsd-inetd | inet-superserver to heimdal-servers dependencies
+
+ -- Lionel Porcheron <lionel at alveonet.org> Fri, 09 Feb 2007 14:17:33 +0100
+
+heimdal (0.7.2.dfsg.1-10) unstable; urgency=low
+
+ * Add Portuguese debconf translation (closes: #408186).
+ * Properly quote values in heimdal-kdc's postinst (closes: #408908).
+ * Fixes broken conflicts in libsl0-heimdal (closes: #406651).
+
+ -- Brian May <bam at snoopy.debian.net> Thu, 8 Feb 2007 15:27:28 +1100
+
+heimdal (0.7.2.dfsg.1-9ubuntu1) feisty; urgency=low
+
+ * Merge from Debian unstable, remaining changes:
+ - Add update-inetd to heimdal-servers and heimdal-kdc's dependencies
+ - Add openbsd-inetd | inet-superserver to heimdal-servers dependencies
+
+ -- Lionel Porcheron <lionel at alveonet.org> Sun, 14 Jan 2007 21:48:33 +0100
+
+heimdal (0.7.2.dfsg.1-9) unstable; urgency=low
+
+ * Include Spanish po-debconf translation (closes: #403481).
+
+ -- Brian May <bam at snoopy.debian.net> Thu, 11 Jan 2007 09:09:26 +1100
+
+heimdal (0.7.2.dfsg.1-8ubuntu1) feisty; urgency=low
+
+ * debian/control: Add update-inetd to heimdal-servers's dependencies
+ (Closes Ubuntu: #76104).
+ * debian/control: Add openbsd-inetd | inet-superserver dependencies
+ as heimdal-servers needs an inet server to work
+
+ -- Lionel Porcheron <lionel at alveonet.org> Sun, 17 Dec 2006 11:28:51 +0100
+
+heimdal (0.7.2.dfsg.1-8) unstable; urgency=high
+
+ * Swap -n with -z in test, otherwise servers won't get added on initial
+ installation. This was due to broken fix for #401258.
+
+ -- Brian May <bam at snoopy.debian.net> Wed, 13 Dec 2006 14:45:52 +1100
+
+heimdal (0.7.2.dfsg.1-7) unstable; urgency=high
+
+ * Don't change services on upgrades, only on fresh installation, purge, and
+ upgrade from old versions. Closes: #401258.
+
+ -- Brian May <bam at snoopy.debian.net> Tue, 12 Dec 2006 14:45:22 +1100
+
+heimdal (0.7.2.dfsg.1-6) unstable; urgency=low
+
+ * Update maintainer E-Mail address.
+
+ -- Brian May <bam at snoopy.debian.net> Mon, 20 Nov 2006 12:02:02 +1100
+
+heimdal (0.7.2.dfsg.1-5) unstable; urgency=low
+
+ * Rebuild against latest openldap (closes: #385809).
+ * Add SLAVE_PARAMS to KDC /etc/default/heimdal-kdc file (closes: #392933).
+ * Fix klist man page (closes: #389848).
+
+ -- Brian May <bam at debian.org> Mon, 16 Oct 2006 15:15:32 +1000
+
+heimdal (0.7.2.dfsg.1-4) unstable; urgency=low
+
+ * Include KCM (closes: #379245).
+ * Move heimdal-docs to Section: doc.
+
+ -- Brian May <bam at debian.org> Tue, 22 Aug 2006 12:19:57 +1000
+
+heimdal (0.7.2.dfsg.1-3) unstable; urgency=low
+
+ * Remove bashism in debian/rules. Closes: #376082.
+ * Build depends on texinfo, required for makeinfo. Closes: #376224.
+
+ -- Brian May <bam at debian.org> Sun, 2 Jul 2006 10:49:35 +1000
+
+heimdal (0.7.2.dfsg.1-2) unstable; urgency=low
+
+ * Search for all references to HDB_DB_DIR "/kdc.conf" and replace with
+ "/etc/heimdal-kdc/kdc.conf". Closes: #365883, #365890.
+
+ -- Brian May <bam at debian.org> Sun, 14 May 2006 10:42:24 +1000
+
+heimdal (0.7.2.dfsg.1-1) unstable; urgency=low
+
+ * Remove non-free documentation. Closes: #364860.
+ * Add Galician debconf templates. Closes: #362091.
+ * Update standards version to 3.7.2.
+
+ -- Brian May <bam at debian.org> Sat, 13 May 2006 16:02:41 +1000
+
+heimdal (0.7.2-4) unstable; urgency=low
+
+ * Fix file deletion in postrm. Closes: #361411.
+
+ -- Brian May <bam at debian.org> Mon, 10 Apr 2006 12:45:34 +1000
+
+heimdal (0.7.2-3) unstable; urgency=low
+
+ * Move heimdal-kdc config files, kdc.conf, kadmind.acl and .configured, from
+ /var/lib/heimdal-kdc to /etc/heimdal-kdc. Closes: #351960.
+
+ -- Brian May <bam at debian.org> Fri, 7 Apr 2006 10:13:55 +1000
+
+heimdal (0.7.2-2) unstable; urgency=low
+
+ * Install krcp.1 manpage.
+ * Move xnlock.1 man page to correct man page section 1.
+ * heimdal-dev: add depends on comerr-dev. Closes: #357115.
+
+ -- Brian May <bam at debian.org> Thu, 16 Mar 2006 19:15:32 +1100
+
+heimdal (0.7.2-1) unstable; urgency=low
+
+ * New upstream version. Includes security fixes. Changes from upstream:
+
+ * Fix security problem in rshd that enable an attacker to overwrite
+ and change ownership of any file that root could write
+ (CVE-2006-0582).
+
+ * Fix a DOS in telnetd. The attacker could force the server to crash
+ in a NULL de-reference before the user logged in, resulting in inetd
+ turning telnetd off because it forked too fast (CVE-2006-0677).
+
+ * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
+ exists in the keytab before returning success. This allows servers
+ to check if its even possible to use GSSAPI.
+
+ * Fix receiving end of token delegation for GSS-API. It still wrongly
+ uses subkey for sending for compatibility reasons, this will change
+ in 0.8.
+
+ * telnetd, login and rshd are now more verbose in logging failed and
+ successful logins.
+
+ * Bug fixes.
+
+ * Ditch dbs build system in preference for quilt and cdbs.
+
+ * Don't install /usr/include/ss. It's not included by any other header
+ in heimdal-dev and is provided by ss-dev. Closes: #349213.
+
+ * Also remove /usr/bin/mk_cmds which is also provided by ss-dev.
+
+ * Supply /etc/ldap/schema/hdb.schema. Closes: #355287.
+
+ * Move iprop man pages from heimdal-clients package into
+ heimdal-kdc package. Closes: #347555.
+
+ * Change default program for krsh from rlogin to ktelnet if no parameters
+ given. Closes: #355080.
+
+ -- Brian May <bam at debian.org> Thu, 9 Mar 2006 18:24:51 +1100
+
+heimdal (0.7.1-3) unstable; urgency=high
+
+ * Brian May <bam at debian.org>:
+ * Delete patches for old Heimdal versions.
+ * Update Swedish debconf translation (closes: #347605).
+ * Michael Banck <mbanck at debian.org>:
+ * Changes for GNU HURD: 026_posix_max (closes: #113317),
+ 026_no_afs (closes: #324342).
+ * Steve Langasek <vorlon at debian.org>:
+ * 025_pthreads
+ * High-urgency upload for RC bugfix.
+ * Use -pthread -lpthread when linking shared libs, not just -pthread,
+ needed for proper linking of libgssapi on mips/mipsel. Closes: #346346.
+ * Build-depend on libx11-dev, libxau-dev, libxt-dev, x-dev instead of the
+ obsolete xlibs-dev. Closes: #346680.
+
+ -- Brian May <bam at debian.org> Fri, 13 Jan 2006 19:04:05 +1100
+
+heimdal (0.7.1-2) unstable; urgency=low
+
+ * Apply 022_ftp-roken-glob again.
+ * Upload for unstable.
+
+ -- Brian May <bam at debian.org> Thu, 22 Dec 2005 11:24:21 +1100
+
+heimdal (0.7.1-1) experimental; urgency=low
+
+ * New upstream version.
+ * Remove krb4 support (closes: #315059, #334632).
+ * Conflict with krb4.
+
+ -- Brian May <bam at debian.org> Mon, 24 Oct 2005 08:08:39 +1000
+
+heimdal (0.6.3-13) unstable; urgency=low
+
+ * Add alternative depends of debconf-2.0 in heimdal-kdc. Closes
+ <URL:http://lists.debian.org/debian-devel/2005/08/msg00136.html>.
+ * Update sv translations (closes: #330318).
+
+ -- Brian May <bam at debian.org> Sun, 2 Oct 2005 12:36:49 +1000
+
+heimdal (0.6.3-12) unstable; urgency=low
+
+ * Rebuild to fix broken *.la files (closes: #316980).
+ * Modify rxtelnet and rxterm to use ktelnet and krsh (closes: #274063).
+ * Add Vietnamese debconf translation (closes: #314197).
+ * Add Czech debconf translation (closes: #314749).
+ * Move string2key into heimdal-clients (closes: #314365).
+ * Fix LDAP searches (closes: #318409).
+
+ -- Brian May <bam at debian.org> Thu, 25 Aug 2005 11:39:59 +1000
+
+heimdal (0.6.3-11) unstable; urgency=low
+
+ * Apply patch to fix "Remotely exploitable buffer overflow in
+ getterminaltype function", reported in Secunia advisory SA15718 at
+ http://secunia.com/advisories/15718/. Closes: #315065.
+
+ -- Brian May <bam at debian.org> Sun, 3 Jul 2005 13:54:19 +1000
+
+heimdal (0.6.3-10) unstable; urgency=low
+
+ * LDAP support (closes: #95246).
+ * Fix buffer overflow security bug in telnet client, CAN-2005-0469,
+ closes: #305574.
+
+ -- Brian May <bam at debian.org> Mon, 25 Apr 2005 14:48:03 +1000
+
+heimdal (0.6.3-9) unstable; urgency=low
+
+ * Add Japanese debconf translation (closes: #302485)
+ * Updated replaces for heimdal-clients (closes: #303751).
+ * Support update-alternatives with rcp man page (closes: #303753).
+
+ -- Brian May <bam at debian.org> Sun, 10 Apr 2005 12:47:40 +1000
+
+heimdal (0.6.3-8) unstable; urgency=low
+
+ * Apply patch to build on amd64 (closes: #300811).
+ * Move verify_krb5_conf man page to heimdal-clients (closes: #299905).
+ * Include danish debconf translations (closes: #296987).
+ * Add missing (versioned) comerr-dev to build depends (closes: #293270).
+
+ -- Brian May <bam at debian.org> Thu, 24 Mar 2005 10:34:46 +1100
+
+heimdal (0.6.3-7) unstable; urgency=low
+
+ * Remove setconfig from built package, the new kdc.conf config broke this
+ script, and the config it changed wasn't used by Heimdal anyway.
+ Closes: #289295.
+ * Add patch from upstream to stop KDC crashing with SIGPIPE error.
+ Closes: #284498.
+
+ -- Brian May <bam at debian.org> Fri, 14 Jan 2005 15:59:20 +1100
+
+heimdal (0.6.3-6) unstable; urgency=low
+
+ * Make conflict between heimdal-kdc and krb5-admin-server explicit, see
+ #274763 for details.
+ * Supply better example kdc.conf (closes: #210575). I deliberately omitted
+ the database setting as upstream say it isn't currently usable and will
+ change soon. Improvements welcome.
+ * Fix hardcoded paths to work with openafs (closes: #286249).
+
+ -- Brian May <bam at debian.org> Mon, 20 Dec 2004 10:39:43 +1100
+
+heimdal (0.6.3-5) unstable; urgency=low
+
+ * Add new German debconf translations (closes: #284375).
+ * Set Project-Id-Version, PO-Revision-Date, Last-Translator fields to
+ Swedish and Russian translations from information in BTS.
+ * Remove kerberos.8.gz man page. This hack is to remove the conflict with
+ kerberos4kth which also contains the same file. It doesn't appear worth
+ keeping. See bug #274763 for details on conflict.
+ * Add note concerning above item in README.Debian.
+ * Make conflict between heimdal-kdc and krb5-kdc explicit, see #274763
+ for details.
+
+ -- Brian May <bam at debian.org> Sun, 12 Dec 2004 15:41:05 +1100
+
+heimdal (0.6.3-4) unstable; urgency=low
+
+ * Adding the attached Brazilian Portuguese templates (closes: #278730).
+ * Fix typo in prerm script (closes: #280354).
+
+ -- Brian May <bam at debian.org> Tue, 9 Nov 2004 14:09:01 +1100
+
+heimdal (0.6.3-3) unstable; urgency=low
+
+ * Move kerberos.8.gz from heimdal-servers into heimdal-docs package.
+ * Move kadmind.8.gz from heimdal-servers into heimdal-kdc package.
+ * Conflict with pop3-server instead of qpopper (closes: #274774).
+
+ -- Brian May <bam at debian.org> Mon, 18 Oct 2004 17:12:05 +1000
+
+heimdal (0.6.3-2) unstable; urgency=low
+
+ * Stop all daemons as long as PID file exists, regardless if deamon is
+ enabled or not (closes: #266575).
+ * Add Dutch po-debconf translations (closes: #263597).
+ * Add some cleanups recommended in #95246 to debian/rules.
+ * Remove debian/*.ex files.
+ * Remove debian/control.* files.
+ * Remove debian/ex.doc-base.package.
+ * Remove obsolete libtool hack.
+ * Remove calls to obsolete dh_suidregister program.
+
+ -- Brian May <bam at debian.org> Sat, 25 Sep 2004 14:59:21 +1000
+
+heimdal (0.6.3-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Brian May <bam at debian.org> Tue, 14 Sep 2004 08:28:11 +1000
+
+heimdal (0.6.2-0.6.3rc3-1) unstable; urgency=low
+
+ * New upstream version.
+ * Fixes security bugs in FTP server.
+
+ -- Brian May <bam at debian.org> Mon, 13 Sep 2004 16:00:23 +1000
+
+heimdal (0.6.2-6) unstable; urgency=low
+
+ * Update replaces header for heimdal-clients, to allow for push.8.gz
+ moving from heimdal-servers to heimdal-clients (closes: #264979).
+
+ -- Brian May <bam at debian.org> Thu, 12 Aug 2004 09:02:48 +1000
+
+heimdal (0.6.2-5) unstable; urgency=low
+
+ * Cave in to pressure and remove libdb4.2-dev from depends in
+ heimdal-dev. See bug #253894 for reasons, both for and against.
+
+ -- Brian May <bam at debian.org> Mon, 2 Aug 2004 17:46:29 +1000
+
+heimdal (0.6.2-4) unstable; urgency=low
+
+ * Add patch 000_afslog to make afslog work (closes: #261065).
+
+ -- Brian May <bam at debian.org> Sat, 31 Jul 2004 14:56:32 +1000
+
+heimdal (0.6.2-3) unstable; urgency=low
+
+ * Use default realm configured by krb5-config for KDC (closes:
+ #251725).
+ * Move push.8 man page from heimdal-servers to heimdal-clients
+ (push binary is already in heimdal-clients).
+
+ -- Brian May <bam at debian.org> Mon, 31 May 2004 08:30:54 +1000
+
+heimdal (0.6.2-2) unstable; urgency=low
+
+ * Make build depends on libssl-dev versioned (closes: #249595).
+ * libdb4.2 support (closes: #223055).
+
+ -- Brian May <bam at debian.org> Sun, 23 May 2004 10:10:04 +1000
+
+heimdal (0.6.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Fixes possible buffer overflow bug in the krb4 code in kadmin
+ (CAN-2004-0472).
+ * Disables krb4 support by default in kadmin.
+ * Next upstream version will remove krb4 support in kadmin.
+
+ -- Brian May <bam at debian.org> Tue, 11 May 2004 09:57:12 +1000
+
+heimdal (0.6.1-1) unstable; urgency=low
+
+ * New upstream version:
+ * Fix cross realm trust vulnerability (closes: #241524).
+
+ * The following patches removed as they appear to be in upstream:
+ * patches/001_sasl_external.
+ * patches/010_gcc33.
+ * patches/016_nessus_dos.
+ * patches/023_db4
+
+ * Simplify patches/032_libtool_version_script, remove hunks that only
+ change line numbers (these created rejects).
+
+ -- Brian May <bam at debian.org> Sun, 4 Apr 2004 10:14:22 +1000
+
+heimdal (0.6-8) unstable; urgency=low
+
+ * Change /etc/defaults/heimdal-kdc to /etc/default/heimdal-kdc in
+ heimdal-kdc init.d script (closes: #236289).
+ * Add french debconf templates (closes: #236891).
+
+ -- Brian May <bam at debian.org> Thu, 11 Mar 2004 13:07:59 +1100
+
+heimdal (0.6-7) unstable; urgency=low
+
+ * Use new gettext based debconf (closes: #235170).
+
+ -- Brian May <bam at debian.org> Sat, 28 Feb 2004 13:15:41 +1100
+
+heimdal (0.6-6) unstable; urgency=low
+
+ * Move /etc/defaults/heimdal-kdc to /etc/default/heimdal-kdc (closes:
+ #233824)
+
+ -- Brian May <bam at debian.org> Wed, 25 Feb 2004 11:09:29 +1100
+
+heimdal (0.6-5) unstable; urgency=low
+
+ * Add sample kadmind.acl on initial installation (closes: #215649)
+ * Split KDC init.d script into /etc/default/heimdal-kdc (closes: #213534).
+ * Add openldap patch from upstream 001_sasl_external (LDAP is not
+ enabled in build though).
+
+ -- Brian May <bam at debian.org> Wed, 31 Dec 2003 12:41:38 +1100
+
+heimdal (0.6-4) unstable; urgency=low
+
+ * The "Lets fix all these bugs release" (and see what breaks!).
+ * Set standards version to 3.6.1.
+ * Upgrade to DH_COMPAT version 4.
+ * Fix minor errors reported by linda, including:
+ * Remove call to dh_suidregister.
+ * Add versioned dependancy on debhelper (closes: #216290).
+ * Add versioned depends on debconf,
+ * When START_KDC is set, the init.d script should stop kdc; when
+ START_KPASSWDD is set, the init.d script should stop kpasswdd; not the
+ other way around. Closes #214447.
+ * Fix info pages by installing all files, closes #214248.
+ * Add libtool patch to version symbols, thanks Steve Langasek
+ <vorlon at netexpress.net>. Closes: #205592.
+ * Attempt to link against libdb4.1 instead of libdb3 failed, as automake
+ wouldn't stop complaining about lib/roken/Makefile.am (not touched by
+ this patch). Added debian/patch/db4 all the same.
+
+ -- Brian May <bam at snoopy.apana.org.au> Sat, 13 Dec 2003 11:17:42 +1100
+
+heimdal (0.6-3) unstable; urgency=low
+
+ * Remove heimdal-libs package, I am not sure why I kept it, it isn't really
+ required for upgrades. This solves the (non-)issue with the description
+ (closes: #209552).
+
+ * Fix nessus DOS attack (closes: #197161).
+
+ * Since 0.6-2.2 no longer links with libreadline (closes: #198511).
+
+ -- Brian May <bam at snoopy.apana.org.au> Sun, 28 Sep 2003 11:06:57 +1000
+
+heimdal (0.6-2.3) unstable; urgency=low
+
+ * NMU with Blessings from Brian May <bam at debian.org>
+
+ -- Mikael Andersson <mikan at debian.org> Tue, 16 Sep 2003 07:14:03 +0200
+
+heimdal (0.6-2.2) unstable; urgency=low
+
+ * Compile against libedit instead of libreadline4.
+ Added patch 015_editline
+ Recreated 030_autotools (Need $TMP to be set, and add libtoolize)
+ Changed builddependency from libreadline4-dev to libedit-dev
+ Change configure --with-readline in rules
+
+ -- Mikael Andersson <mikan at debian.org> Mon, 15 Sep 2003 12:31:46 +0200
+
+heimdal (0.6-2.1) unstable; urgency=low
+
+ * Use com_err from comerr-dev.
+
+ * Removed comerr-dev, ss-dev from Conflicts of heimdal-dev
+
+ -- Mikael Andersson <mikan at debian.org> Mon, 15 Sep 2003 11:36:49 +0200
+
+heimdal (0.6-2) unstable; urgency=low
+
+ * Remove login man page, it conflicts with the login package.
+
+ -- Brian May <bam at debian.org> Sat, 6 Sep 2003 12:40:01 +1000
+
+heimdal (0.6-1) unstable; urgency=low
+
+ * New upstream version.
+ * Built for woody.
+
+ -- Brian May <bam at debian.org> Thu, 28 Aug 2003 15:50:17 +1000
+
+heimdal (0.5.2-5) unstable; urgency=low
+
+ * Update conflicts for heimdal-clients not to conflict with ftp, as it
+ uses update-alternatives since version 0.16-1 (closes: #202701).
+
+ -- Brian May <bam at debian.org> Wed, 6 Aug 2003 12:15:05 +1000
+
+heimdal (0.5.2-4) unstable; urgency=low
+
+ * Move conflicts libdb3-dev to depends libdb3-dev, really-closes
+ #196157.
+
+ -- Brian May <bam at debian.org> Sun, 29 Jun 2003 09:32:20 +1000
+
+heimdal (0.5.2-3) unstable; urgency=low
+
+ * Fix FTBFS error with GCC-3.3 by adding debian/patches/010_gcc33
+ (closes: #196406).
+ * heimdal-dev depends on libdb3-dev, closes: #196157.
+
+ -- Brian May <bam at debian.org> Sat, 28 Jun 2003 15:47:53 +1000
+
+heimdal (0.5.2-2) unstable; urgency=low
+
+ * Make heimdal-kdc daemons configurable. Also fix type in
+ etc/init.d/heimdal-kdc (closes: #186353).
+ * Upstream said kftp -n option was fixed in 0.5.2-1 (closes: #181697).
+
+ -- Brian May <bam at debian.org> Thu, 27 Mar 2003 12:26:09 +1100
+
+heimdal (0.5.2-1) unstable; urgency=high
+
+ * New upstream version; Fixes krb4 security bug (closes: #185164).
+ * Remove versioned symbols patch, this more important.
+ * Remove debian/patches/016_openssl, hopefully it is no longer required.
+ * Remove debian/patches/018_sasize, hopefully it is no longer required.
+
+ -- Brian May <bam at debian.org> Tue, 18 Mar 2003 10:57:31 +1100
+
+heimdal (0.5.1-7) unstable; urgency=low
+
+ * Use versioned symbols for all libraries.
+
+ -- Brian May <bam at debian.org> Mon, 17 Mar 2003 12:50:38 +1100
+
+heimdal (0.5.1-6) unstable; urgency=low
+
+ * Fix credential delegation bug (018_gssapi_forward).
+ * Rename 023_sasize patch to 018_sasize, 02* is for Debian specific
+ changes, not bugs fixes of upstream code, that is for 01*.
+
+ -- Brian May <bam at debian.org> Fri, 7 Mar 2003 18:47:29 +1100
+
+heimdal (0.5.1-5) unstable; urgency=low
+
+ * Fix error with sa_size not getting initialized properly. See
+ debian/patches/023_sasize.
+
+ -- Brian May <bam at debian.org> Tue, 4 Mar 2003 19:06:01 +1100
+
+heimdal (0.5.1-4) unstable; urgency=low
+
+ * Rebuild for sid.
+ * 016_openssl patch to work with openssl 0.9.7.
+ * Now builds on sid (closes: #178775).
+ * New build will have correct dependancy on libroken (closes: #177250).
+
+ -- Brian May <bam at debian.org> Thu, 30 Jan 2003 11:35:44 +1100
+
+heimdal (0.5.1-3) unstable; urgency=low
+
+ * 015_getifaddrs patch fixes segmentation fault.
+ * Remove *.rej file from 014_cache patch.
+
+ -- Brian May <bam at debian.org> Thu, 16 Jan 2003 13:30:07 +1100
+
+heimdal (0.5.1-2) unstable; urgency=low
+
+ * Move dependancy on krb5-config to heimdal-servers and heimdal-
+ clients (closes: #171868).
+ * Add build depends on libhesiod-dev, it is only small, and
+ all versions of Heimdal need to be built the same.
+ * These changes were in 0.4e-23, but missed in 0.5.1-1.
+
+ -- Brian May <bam at debian.org> Thu, 9 Jan 2003 16:29:39 +1100
+
+heimdal (0.5.1-1) unstable; urgency=low
+
+ * New upstream version.
+ * Build-depends on kerberos4kth-dev 1.2.1, it includes a new version
+ of libroken.
+ * New major version of libasn1-6-heimdal (was libasn1-5-heimdal).
+
+ -- Brian May <bam at debian.org> Thu, 9 Jan 2003 14:34:54 +1100
+
+heimdal (0.5-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Brian May <bam at snoopy.apana.org.au> Sun, 29 Sep 2002 10:06:28 +1000
+
+heimdal (0.4e-20) unstable; urgency=low
+
+ * Add missing depends of kerberos4kth-dev to heimdal-dev (closes:
+ 160669).
+ * Add description of changes required to /etc/services to get hprop
+ and/or iprop to work (closes: 139845).
+ * Add sample inetd entry for hprop and sample code in init.d script
+ for iprop (closes: #139851).
+
+ -- Brian May <bam at snoopy.apana.org.au> Fri, 13 Sep 2002 13:34:04 +1000
+
+heimdal (0.4e-19) unstable; urgency=low
+
+ * Apply patch to fix time sync problem (closes: #155816).
+
+ -- Brian May <bam at snoopy.apana.org.au> Tue, 20 Aug 2002 13:04:51 +1000
+
+heimdal (0.4e-18) unstable; urgency=low
+
+ * Apply patches from Mikael Andersson to fix FTP bug, closes: 150967.
+
+ -- Brian May <bam at snoopy.apana.org.au> Thu, 15 Aug 2002 10:05:46 +1000
+
+heimdal (0.4e-17) unstable; urgency=low
+
+ * Use Maintainer Mode for automake.
+ * Include krb5.conf.5heimdal man page (closes: #150293).
+
+ -- Brian May <bam at snoopy.apana.org.au> Tue, 6 Aug 2002 10:30:07 +1000
+
+heimdal (0.4e-16) unstable; urgency=low
+
+ * Fix heap overflow bug in ftp client that allows remote code
+ execution by malicious ftp server.
+ * Don't delete libkafs.so
+
+ -- Brian May <bam at snoopy.apana.org.au> Thu, 30 May 2002 09:33:21 +1000
+
+heimdal (0.4e-15) unstable; urgency=low
+
+ * Attempt to use libraries from kerberos4kth.
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 22 Apr 2002 18:03:13 +1000
+
+heimdal (0.4e-14) unstable; urgency=low
+
+ * Attempt to recompile with krb4 support. Closes: #143273.
+ For some reason this was marked as grave, even though the
+ rest of Heimdal functioned OK.
+ * Reopens bug: cyclic dependancies exist between Heimdal and
+ Kerberos4kth. This really needs to get fixed.
+ * Attempt to fix this in debian/patches-0.4e-trial (still needs
+ further work), but this failed as autoconf in Debian doesn't like
+ autoconf files used in Heimdal.
+
+ -- Brian May <bam at snoopy.apana.org.au> Sat, 20 Apr 2002 15:12:57 +1000
+
+heimdal (0.4e-13) unstable; urgency=low
+
+ * Move push to heimdal-clients (closes: #142331).
+ * The 'but I am sure I removed the build depends for kerberos4kth'
+ release. Closes: #142491
+ * Also get rid of libkafs0, as including an empty libkafs0 could be
+ confusing. closes: #142411
+
+ -- Brian May <bam at snoopy.apana.org.au> Fri, 12 Apr 2002 18:44:34 +1000
+
+heimdal (0.4e-12) unstable; urgency=low
+
+ * Remove krb4 support, and remove build depends loop.
+
+ -- Brian May <bam at snoopy.apana.org.au> Wed, 10 Apr 2002 08:29:52 +1000
+
+heimdal (0.4e-11) unstable; urgency=low
+
+ * Move to main.
+ * Attempt to get priorities correct.
+
+ -- Brian May <bam at snoopy.apana.org.au> Wed, 3 Apr 2002 09:12:15 +1000
+
+heimdal (0.4e-10) unstable; urgency=low
+
+ * Change build depends from libssl096-dev to libssl-dev, closes:
+ #140690.
+ * Some dependancies are still in non-us, so this can't go in
+ main yet. Examples: krb5-config and kerberos4kth.
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 1 Apr 2002 10:39:31 +1000
+
+heimdal (0.4e-9) unstable; urgency=low
+
+ * Use /bin/login instead of /usr/sbin/login (which doesn't exist),
+ closes #139250. /bin/login is better then the login provided with
+ Heimdal, as it provides support for PAM.
+
+ -- Brian May <bam at snoopy.apana.org.au> Thu, 21 Mar 2002 16:19:28 +1100
+
+heimdal (0.4e-8) unstable; urgency=low
+
+ * heimdal-servers: add conflicts qpopper (closes: #137208).
+ * Add russian debconf template (closes: #137657). I hope the character
+ encoding comes up Ok...
+ * Added note in README.Debian on making ksu setuid root (closes: #84468).
+
+ -- Brian May <bam at snoopy.apana.org.au> Thu, 14 Mar 2002 11:35:15 +1100
+
+heimdal (0.4e-7) unstable; urgency=low
+
+ * Move krb5-config man page to heimdal-dev (closes: #135957).
+ * Fix extended descriptions (closes #135525, #135515).
+ * Move ktutil man page to heimdal-clients (closes: #136449).
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 4 Mar 2002 14:19:53 +1100
+
+heimdal (0.4e-6) unstable; urgency=low
+
+ * Versioned conflicts against openafs (closes: #127817,#128105).
+
+ -- Brian May <bam at snoopy.apana.org.au> Tue, 8 Jan 2002 11:19:12 +1100
+
+heimdal (0.4e-5) unstable; urgency=low
+
+ * Change conflicts keerberos4kth-clients, as it has changed from
+ kerberos4kth-user (closes: #124020). heimdal-clients is supposed to
+ have Kerberos4kth support, hence there should be no need to have
+ both installed as the same time.
+ * Build problem on hppa was previously fixed (closes: #101064).
+ * Fix BSD license (closes: #123822).
+
+ -- Brian May <bam at snoopy.apana.org.au> Fri, 21 Dec 2001 11:46:23 +1100
+
+heimdal (0.4e-4) unstable; urgency=low
+
+ * Move login back to /usr/sbin/login.
+ * Use update-alternatives for pagsh.
+ * Apply patch to stop kstash from segfaulting (closes: #120502).
+
+ -- Brian May <bam at snoopy.apana.org.au> Tue, 4 Dec 2001 20:30:38 +1100
+
+heimdal (0.4e-3) unstable; urgency=low
+
+ * Move files to correct packages (closes: #121131)
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 26 Nov 2001 09:22:36 +1100
+
+heimdal (0.4e-2) unstable; urgency=low
+
+ * Kerberos 4 support (closes: #65387).
+ * Build libsl packages (closes: #120496).
+
+ -- Brian May <bam at snoopy.apana.org.au> Wed, 14 Nov 2001 17:49:40 +1100
+
+heimdal (0.4e-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 10 Sep 2001 09:40:06 +1000
+
+heimdal (0.4c-2) unstable; urgency=low
+
+ * Include devfs fix, telnetd now supports /dev/pts filesystem.
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 6 Aug 2001 14:20:50 +1000
+
+heimdal (0.4c-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Brian May <bam at snoopy.apana.org.au> Sun, 29 Jul 2001 14:33:17 +1000
+
+heimdal (0.3f-1) unstable; urgency=low
+
+ * New upstream version.
+ * Move krb5.conf.5.gz man page from libkrb5 package to heimdal-doc,
+ in order to allow different versions of libkrb5 to be installed
+ at same time. What was I thinking?
+ * Previous compilation was based on old libraries. Lets try again...
+
+ -- Brian May <bam at snoopy.apana.org.au> Thu, 28 Jun 2001 09:05:09 +1000
+
+heimdal (0.3e-6) unstable; urgency=low
+
+ * heimdal-dev no longer conflicts with kerberos4kth-dev.
+ * build conflicts with heimdal-dev, due to libtool hack.
+ * remove build dependancy on kerberos4kth-dev, as it is not
+ yet used.
+ * remove kafs.h and kafs.3.gz is these conflict with files from
+ kerberos4kth.
+
+ -- Brian May <bam at snoopy.apana.org.au> Tue, 12 Jun 2001 09:41:34 +1000
+
+heimdal (0.3e-5) unstable; urgency=low
+
+ * Fix library dependancy problem on libdb.
+ * Use libtool 1.4. Other packages should link -lkrb5 or -lgssapi,
+ and none of the other libraries (unless really required).
+ * Split libraries apart.
+ * Remove libsl, as it doesn't seem to be used anymore.
+ * Remove conflicts with kerberos4kth libraries (closes: #58090).
+ * Attempt build with kerberos4kth libraries (not-closed: #65387);
+ attempt failed (compile error); waiting till I get more time to fix
+ this or for somebody to fix it for me ;-).
+ * Uses updated config.sub and config.guess files from libtool 1.4
+ (as far as I can tell). Closes: #98153.
+ * add 31_autotools patch to work around install libtool bug.
+
+ -- Brian May <bam at snoopy.apana.org.au> Tue, 22 May 2001 11:14:25 +1000
+
+heimdal (0.3e-4) unstable; urgency=low
+
+ * Fix more silly postinst bugs. Disable anonymous ftp logins
+ by default.
+
+ -- Brian May <bam at debian.org> Thu, 22 Feb 2001 09:38:40 +1100
+
+heimdal (0.3e-3) unstable; urgency=low
+
+ * Use update-alternatives for rcp (closes: #86702)
+ * Remove update-alternatives for rsh when package is removed.
+ * Add upstream patch to select versions for replay_log.
+
+ -- Brian May <bam at debian.org> Wed, 21 Feb 2001 09:04:58 +1100
+
+heimdal (0.3e-2) unstable; urgency=low
+
+ * Disable anonymous ftp logins by default. This can be changed by
+ using the -a option to ftpd in /etc/inetd.conf.
+ * Add upstream patch to fix weak key detection.
+
+ -- Brian May <bam at debian.org> Sat, 17 Feb 2001 13:52:35 +1100
+
+heimdal (0.3e-1) unstable; urgency=low
+
+ * New upstream version 0.3e. Warning: This fixes a potential security
+ problem (buffer overrun) in ftpd.
+
+ -- Brian May <bam at debian.org> Tue, 6 Feb 2001 12:59:14 +1100
+
+heimdal (0.3d-8) unstable; urgency=low
+
+ * Change section to non-US.
+ * Add german translation to heimdal-lib.templates file (closes: #83754).
+ * Add german translation to heimdal-kdc.templates file (closes: #83864).
+ * Add Depends: libssl096 to heimdal-dev, so packages that use
+ heimdal-dev no longer need to include this in build-depends:
+ (unless they really do guse libssl).
+ * disable openldap support by default (I may enable it latter)
+ (closes: #83993).
+ * add patch for openldap.
+ * don't build binary-all for binary-dep target (closes: #84171).
+
+ -- Brian May <bam at debian.org> Wed, 31 Jan 2001 09:26:39 +1100
+
+heimdal (0.3d-7) unstable; urgency=low
+
+ * Replace missing prerm script for heimdal-kdc, as kadmind wasn't being
+ disabled (in /etc/inetd.conf) on --remove (closes: #83526).
+ * Fix type in postrm script for heimdal-servers, as inetd entry for ftp
+ wasn't getting removed on -purge.
+ * Fix type in postrm script for heimdal-servers-x, as inetd entry for kx
+ wasn't getting removed on -purge.
+ * Add swedish translation to heimdal-lib.templates file.
+ Also add same translation to question in heimdal-kdc.templates, as the
+ question is exactly the same (closes: #83535).
+
+ -- Brian May <bam at debian.org> Fri, 26 Jan 2001 10:27:13 +1100
+
+heimdal (0.3d-6) unstable; urgency=low
+
+ * Use rsh-server and telnet-sever virtual packages (see bug #77404).
+
+ -- Brian May <bam at debian.org> Thu, 18 Jan 2001 18:20:54 +1100
+
+heimdal (0.3d-5) unstable; urgency=low
+
+ * Fix ftp bug with ports > 32767 (closes: #81663).
+ * Move krb5-config to heimdal-dev.
+
+ -- Brian May <bam at debian.org> Fri, 12 Jan 2001 09:02:03 +1100
+
+heimdal (0.3d-4) unstable; urgency=low
+
+ * Better, non-hacked fix for krb5-config. Patch from
+ GOMBAS Gabor <gombasg at inf.elte.hu>.
+
+ -- Brian May <bam at debian.org> Tue, 9 Jan 2001 10:13:28 +1100
+
+heimdal (0.3d-3) unstable; urgency=low
+
+ * Compile using libssl026 instead of libdes. Patch from
+ GOMBAS Gabor <gombasg at inf.elte.hu>.
+
+ -- Brian May <bam at debian.org> Sat, 6 Jan 2001 10:30:03 +1100
+
+heimdal (0.3d-2) unstable; urgency=low
+
+ * Add libdb2-dev to build-depends (closes: #80442).
+
+ -- Brian May <bam at debian.org> Tue, 26 Dec 2000 10:59:44 +1100
+
+heimdal (0.3d-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Brian May <bam at debian.org> Tue, 12 Dec 2000 16:20:34 +1100
+
+heimdal (0.3c-6) unstable; urgency=low
+
+ * Rename xnlock.man to xnlock.1, closes: #78117
+ * Move xnlock.1 to heimdal-clients-x.
+
+ -- Brian May <bam at debian.org> Tue, 28 Nov 2000 09:55:12 +1100
+
+heimdal (0.3c-5) unstable; urgency=low
+
+ * New structure for source. Now there is a different patch for each
+ change from upstream (closes: 77000).
+ * Move TODO and NEWS documentation to heimdal-docs, where it should always
+ have been
+ * Apply patch from
+ http://ns1.logidee.com/~joko/heimdal/src/heimdal_cache.patch,
+ which should allow PAM module to work.
+
+ -- Brian May <bam at debian.org> Sat, 18 Nov 2000 13:04:39 +1100
+
+heimdal (0.3c-4) unstable; urgency=low
+
+ * applied patch to fix ftpd problem (closes: #64746).
+
+ -- Brian May <bam at debian.org> Wed, 8 Nov 2000 17:26:16 +1100
+
+heimdal (0.3c-3) unstable; urgency=low
+
+ * Try to strip binaries again, by making libeditline libtool
+ controlled.
+
+ -- Brian May <bam at debian.org> Mon, 9 Oct 2000 09:20:27 +1100
+
+heimdal (0.3c-2) unstable; urgency=low
+
+ * applied patch to disable line editing in ftp (closes: #69301).
+
+ -- Brian May <bam at debian.org> Thu, 5 Oct 2000 09:15:44 +1100
+
+heimdal (0.3c-1) unstable; urgency=low
+
+ * New upstream version.
+ * applied patch to fix missing newline problem in ftp (closes: #64289).
+ * dh_strip commented out, as it crashed the build process.
+ A bug (#73637) has been opened on this issue.
+
+ -- Brian May <bam at debian.org> Mon, 2 Oct 2000 10:07:53 +1100
+
+heimdal (0.3b-2) unstable; urgency=low
+
+ * Add debhelper, xlib6g-dev to build dependancies (closes: #70718).
+
+ * Change documentation to indicate that kadmind uses kadmind.acl,
+ not kadm5.acl, as previously specified. Add warning in default
+ kdc.conf file that it needs checking, as it may not be
+ correct. Everything should work OK though with default values.
+ closes: #69139.
+
+ -- Brian May <bam at debian.org> Sat, 2 Sep 2000 15:46:53 +1100
+
+heimdal (0.3b-1) unstable; urgency=low
+
+ * New upstream version.
+
+ * Shouldn't conflict with telnet anymore, as both use
+ update-alternatives (not tested yet).
+
+ * Provides telnet-client instead of telnet, as telnet-client is now
+ the accepted virtual package (see closed bug #58759).
+
+ -- Brian May <bam at debian.org> Wed, 30 Aug 2000 10:58:07 +1100
+
+heimdal (0.3a-2) unstable; urgency=low
+
+ * Remove /usr/include/glob.h from heimdal-dev (closes: #68649). This
+ file conflicts with libc6-dev.
+
+ * For some reason heimdal doesn't detect /usr/include/glob.h, why?
+
+ -- Brian May <bam at debian.org> Sun, 6 Aug 2000 18:07:52 +1000
+
+heimdal (0.3a-1) unstable; urgency=low
+
+ * New upstream version.
+
+ * -rpath hack no longer required.
+
+ * fix bug in postinst script (closes: #67509).
+
+ * No longer conflicts with rsh-client (<< 0.16.1-1), as rsh-client
+ now uses update-alternatives (closes: #58102).
+
+ * Uses new libtool version 1.3c (closes: 59037).
+
+ -- Brian May <bam at debian.org> Mon, 31 Jul 2000 13:21:21 +1000
+
+heimdal (0.2t-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Brian May <bam at debian.org> Fri, 19 May 2000 15:24:31 +1000
+
+heimdal (0.2r-2) unstable; urgency=low
+
+ * Add Build-Depends and Build-Conflicts line. It is possible
+ that the Build-Conflicts might be excessive (some libraries
+ can be turned of with command line options to Configure),
+ however, I think this is safest for now.
+
+ -- Brian May <bam at debian.org> Sun, 16 Apr 2000 10:29:33 +1000
+
+heimdal (0.2r-1) unstable; urgency=low
+
+ * New upstream version.
+ * Fix yet another silly typo in postinst script.
+ * Added hack to use defaults inside kadmin init without crashing.
+
+ -- Brian May <bam at debian.org> Wed, 5 Apr 2000 14:36:55 +1000
+
+heimdal (0.2q-3) unstable; urgency=low
+
+ * fix silly typo in postinst script (closes: #61482).
+
+ -- Brian May <bam at debian.org> Sat, 1 Apr 2000 12:33:34 +1000
+
+heimdal (0.2q-2) unstable; urgency=low
+
+ * Password to kstash now handled by debconf.
+
+ -- Brian May <bam at debian.org> Sun, 12 Mar 2000 12:16:25 +1100
+
+heimdal (0.2q-1) unstable; urgency=low
+
+ * New upstream version.
+ * Looking through the upstream Changelog, I cannot see any changes
+ that might break functionality that wasn't already broken.
+ * Fix problem with debconf script (closes: #58011).
+ * Change ftp dependancy to ftp-server (closes: #58118).
+ * Replaced power-pc fix with patch from upstream.
+ * Fixed shlibs dependancy information - all executables will now
+ depend on *this* upstream version of heimdal-lib. This is currently
+ a hacked solution to allow clean (future) upgrades.
+ * Moved README.Debian to heimdal-docs.
+ * Include doc/standardisation in heimdal-docs, contains information
+ not found elsewhere.
+ * Use update-alternatives for rsh.
+ * Hack debian/rules not to run configure.
+ * ftp/ftpd no longer seems to work, fixes welcome.
+ * This should really go to frozen, but because of above problem
+ will go into unstable only.
+
+ -- Brian May <bam at debian.org> Fri, 25 Feb 2000 15:46:16 +1100
+
+heimdal (0.2l-7) frozen unstable; urgency=low
+
+ * Copied copyright file from doc/heimdal.texi
+ * heimdal-servers no longer conflicts with rsh-server (closes: #57545).
+ * heimdal-lib conflicts with kerberos4kth (closes: #57587, #57602, #57654).
+ * this conflicts business is never ending...
+ * fixed minor bugs in README.Debian, eg there is no need to
+ extract the kadmin/admin key to /etc/krb5.keytab.
+ * fixed compilation problem on power-pc (closes: #57919).
+
+ -- Brian May <bam at debian.org> Sun, 13 Feb 2000 19:46:37 +1100
+
+heimdal (0.2l-6) frozen unstable; urgency=low
+
+ * Move /usr/bin/compile_et into heimdal-dev.
+ * heimdal-clients conflicts with otp.
+ * heimdal-dev conflicts with ss-dev and comerr-dev (closes: #56281).
+ * minor changes to sample kdc.conf file. eg stash file created
+ by postinst script wasn't used by kdc...
+
+ -- Brian May <bam at debian.org> Sat, 29 Jan 2000 09:58:00 +1100
+
+heimdal (0.2l-5) frozen unstable; urgency=low
+
+ * Heimdal-servers: reenable telnet properly after upgrade
+ (closes: #55733).
+ * Change section to non-US/main (closes: #55546).
+ * These changes wont break anything that wasn't already broken ;-).
+
+ -- Brian May <bam at debian.org> Thu, 20 Jan 2000 16:13:21 +1100
+
+heimdal (0.2l-4) frozen unstable; urgency=low
+
+ * heimdal-kdc nows starts password server, so users can change
+ passwords.
+ * heimdal-kdc now inserts entry for kadmind into /etc/inetd.conf.
+ kadmind is essential for normal kerberos administration.
+ * Fix /etc/init.d/heimdal-kdc restart so it works.
+ * No code has been changed/added/removed apart from postinst,
+ prerm, postrm and init scripts for the above changes.
+ * Got rid of stupid looking syntax for log file in sample kdc.conf.
+ * Minor changes (including addition of examples) into README.Debian.
+ * Known problem: debconf doesn't replace default value for
+ some reason on initial installation. I can't see whats wrong...
+ This is annoying, but not a critical problem.
+
+ -- Brian May <bam at snoopy.apana.org.au> Mon, 17 Jan 2000 19:07:06 +1100
+
+heimdal (0.2l-3) unstable; urgency=low
+
+ * Conflicts with kerberos4kth packages. closes: #54783.
+ * Move kstash and man page to heimdal-kdc.
+ * Move kxd man page to heimdal-servers-x.
+ * Move kadmind page to heimdal-kdc.
+ * Move kpasswdd and man page to heimdal-kdc.
+ * Fix permissions of /var/lib/heimdal-kdc.
+
+ -- Brian May <bam at snoopy.apana.org.au> Fri, 14 Jan 2000 19:18:51 +1100
+
+heimdal (0.2l-2) unstable; urgency=low
+
+ * Move man pages into proper packages.
+ * heimdal-servers now conflicts and provides ftpd.
+ (closes: #54818).
+ * Problems believed to already be fixed. closes: #54792.
+ * heimdal-lib postrm: add -f parameter to rm so that it will not
+ fail if the file doesn't exist. closes: #54847.
+ * Rename telnet and ftp to ktelnet and kftp respectively.
+ * Use update-alternatives for ftp and telnet.
+ (note rxtelnet still uses telnet, not ktelnet).
+
+ -- Brian May <bam at snoopy.apana.org.au> Thu, 13 Jan 2000 10:47:14 +1100
+
+heimdal (0.2l-1) unstable; urgency=low
+
+ * New upstream source.
+ * heimdal-clients now provides ftp, telnet, and rsh-client
+ (closes: #54497).
+ * heimdal-servers now provides telnetd and rsh-server.
+
+ -- Brian May <bam at snoopy.apana.org.au> Sun, 9 Jan 2000 10:00:02 +1100
+
+heimdal (0.2j-1) unstable; urgency=low
+
+ * New upstream source.
+ * Improved debconf support, using setconfig helper program.
+ * setconfig may not parse all valid configuration files correctly.
+ Patches welcome!
+ * Moved /usr/bin/login to /usr/lib/heimdal-servers/login, as I
+ suspect this will help porting to the Hurd, if/when anyone tries.
+ * kdc now supports (and requires) logrotate.
+ * kdc tested and now works with minimal configuration.
+ * heimdal-kdc does not support dpkg-reconfigure (not sure how to
+ reconfigure without deleting existing setup first).
+
+ -- Brian May <bam at snoopy.apana.org.au> Wed, 5 Jan 2000 02:31:00 +0000
+
+heimdal (0.2i-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Brian May <bam at snoopy.apana.org.au> Wed, 8 Dec 1999 11:54:13 +1100
+
Added: vendor-crypto/heimdal/dist/packages/debian/compat
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/compat (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/compat 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+4
Added: vendor-crypto/heimdal/dist/packages/debian/control
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/control (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/control 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,276 @@
+Source: heimdal
+Section: net
+Priority: optional
+Maintainer: Love Hornquist Astrand <lha at h5l.org>
+Standards-Version: 3.7.2
+Build-Depends: libncurses5-dev, bison, flex, debhelper (>= 4.1.16), libx11-dev, libxau-dev, libxt-dev, libedit-dev, libdb4.4-dev, libssl-dev (>= 0.9.8), cdbs, quilt, comerr-dev (>= 1.35-1), libldap2-dev, texinfo
+Build-Conflicts: heimdal-dev
+
+Package: heimdal-docs
+Section: doc
+Priority: extra
+Architecture: all
+Depends:
+Replaces: heimdal-lib (<< 0.3c-5), libkrb5-15-heimdal, heimdal-servers (<< 0.6.3-3)
+Conflicts: heimdal-lib (<< 0.3c-5)
+Suggests: heimdal-clients, heimdal-clients-x, heimdal-servers, heimdal-servers-x
+Description: Documentation for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes documentation (in info format) on how to
+ use Heimdal, and relevant standards for Kerberos.
+
+Package: heimdal-kdc
+Priority: extra
+Architecture: any
+Conflicts: kerberos4kth-kdc, heimdal-clients (<< 0.4e-3), heimdal-servers (<< 0.6.3-3), krb5-kdc, krb5-admin-server
+Depends: ${shlibs:Depends}, heimdal-clients, logrotate, debconf (>= 0.5.00) | debconf-2.0, krb5-config, netbase, openbsd-inetd | inet-superserver, update-inetd
+Replaces: heimdal-clients (<< 0.7.2-1), heimdal-servers (<< 0.4e-3)
+Suggests: heimdal-docs
+Description: KDC for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes the KDC (key distribution centre) server,
+ which is designed to run on a secure computer and keeps track
+ of users passwords. This is done using the Kerberos protocol in
+ such a way that the server computers do not need to know user's
+ passwords.
+
+Package: heimdal-dev
+Section: devel
+Priority: extra
+Architecture: any
+Conflicts: heimdal-clients (<< 0.4e-7), kerberos4kth-dev
+Depends: libasn1-8-heimdal (= ${Source-Version}), libkrb5-22-heimdal (= ${Source-Version}), libhdb9-heimdal (= ${Source-Version}), libkadm5srv8-heimdal (= ${Source-Version}), libkadm5clnt7-heimdal (= ${Source-Version}), libgssapi2-heimdal (= ${Source-Version}), libkafs0-heimdal (= ${Source-Version}), libheimntlm-0-heimdal (= ${Source-Version}), libhx509-1-heimdal (= ${Source-Version}), comerr-dev
+Replaces: heimdal-clients (<< 0.4e-7)
+Suggests: heimdal-docs
+Description: Development files for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This is the development package, required for developing
+ programs for Heimdal.
+
+Package: heimdal-clients-x
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}, netbase, heimdal-clients
+Replaces: heimdal-clients (<< 0.2l-2)
+Conflicts: heimdal-clients (<< 0.2l-2), kerberos4kth-x11
+Suggests: heimdal-docs
+Description: X11 files for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes kerberos client programs for forwarding the X
+ connection securely to a remote computer.
+
+Package: heimdal-clients
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}, krb5-config
+Conflicts: telnet (<< 0.17-1), ftp (<< 0.16-1), rsh-client (<< 0.16.1-1), netstd, telnet-ssl (<< 0.14.9-2), ssltelnet, kerberos4kth-user, kerberos4kth-clients, otp, heimdal-servers (<< 0.4e-7), openafs-client (<< 1.2.2-3)
+Provides: telnet-client, ftp, rsh-client
+Suggests: heimdal-docs, heimdal-kcm
+Replaces: heimdal-servers (<< 0.6.3-12)
+Description: Clients for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes client programs like telnet and ftp that have been
+ compiled with Kerberos support.
+
+Package: heimdal-kcm
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: KCM for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes the KCM daemon.
+ The kcm daemon can hold the credentials for all users in the system.
+ Access control is done with Unix-like permissions. The daemon checks the
+ access on all operations based on the uid and gid of the user. The
+ tickets are renewed as long as is permitted by the KDC's policy.
+
+Package: heimdal-servers-x
+Priority: extra
+Architecture: any
+Conflicts: kerberos4kth-x11, heimdal-servers (<< 0.2l-3)
+Depends: ${shlibs:Depends}, netbase, heimdal-servers
+Suggests: heimdal-docs
+Replaces: heimdal-servers (<< 0.2l-3)
+Description: X11 files for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes kerberos server programs for forwarding the X
+ connection securely from a remote computer.
+
+Package: heimdal-servers
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}, netbase, krb5-config, update-inetd, openbsd-inetd | inet-superserver
+Conflicts: telnetd, wu-ftpd-academ (<< 2.5.0), netstd, heimdal-clients (<< 0.2l-2), telnetd-ssl, kerberos4kth-services, ftp-server, rsh-server, telnet-server, pop3-server
+Provides: ftp-server, rsh-server, telnet-server
+Suggests: heimdal-docs
+Replaces: heimdal-clients (<< 0.2l-2)
+Description: Servers for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package includes servers like telnetd and ftpd that have been
+ compiled with Heimdal support.
+
+Package: libasn1-8-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: heimdal-lib (<< 0.3e-5)
+Conflicts: heimdal-libs (<< 0.3e-5)
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the asn1 parser required for Heimdal.
+
+Package: libkrb5-22-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: heimdal-lib (<< 0.3e-5)
+Conflicts: heimdal-libs (<< 0.3e-5)
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the kerberos 5 library.
+
+Package: libheimntlm-0-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the NTLM library.
+
+Package: libhx509-1-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the hx509 library, and X.509 library.
+
+Package: libhcrypto-4-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the hcrypto library.
+
+Package: libhdb9-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: heimdal-lib (<< 0.3e-5)
+Conflicts: heimdal-libs (<< 0.3e-5)
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the library for storing the KDC database.
+
+Package: libkadm5srv8-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: heimdal-lib (<< 0.3e-5)
+Conflicts: heimdal-libs (<< 0.3e-5)
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the server library for kadmin.
+
+Package: libkadm5clnt7-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: heimdal-lib (<< 0.3e-5)
+Conflicts: heimdal-libs (<< 0.3e-5)
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the client library for kadmin.
+
+Package: libgssapi2-heimdal
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Replaces: heimdal-lib (<< 0.3e-5)
+Conflicts: heimdal-libs (<< 0.3e-5)
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the library for GSSAPI support.
+
+Package: libkafs0-heimdal
+Section: libs
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the library for KAFS support.
+
+Package: libroken18-heimdal
+Section: libs
+Priority: extra
+Architecture: any
+Conflicts: libroken16-kerberos4kth
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the library for roken support.
+
+Package: libotp0-heimdal
+Section: libs
+Priority: extra
+Architecture: any
+Conflicts: libotp0-kerberos4kth
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the library for OTP support.
+
+Package: libsl0-heimdal
+Section: libs
+Priority: extra
+Architecture: any
+Conflicts: libsl0-kerberos4kth
+Depends: ${shlibs:Depends}
+Description: Libraries for Heimdal Kerberos
+ Heimdal is a free implementation of Kerberos 5, that aims to be
+ compatible with MIT Kerberos.
+ .
+ This package contains the library for SL support.
+
Added: vendor-crypto/heimdal/dist/packages/debian/copyright
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/copyright (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/copyright 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,195 @@
+This package was debianized by Brian May <bam at snoopy.apana.org.au> on
+Wed, 8 Dec 1999 11:54:13 +1100.
+
+It was downloaded from http://www.pdc.kth.se/heimdal/
+
+Upstream Authors: heimdal-bugs at h5l.se
+(see above URL for mailing list info).
+
+Copyrights:
+
+As found in doc/heimdal.texi.
+
+
+Copyright (c) 1997-2007 Kungliga Tekniska H\xF6gskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (C) 1990 by the Massachusetts Institute of Technology
+
+Export of this software from the United States of America may
+require a specific license from the United States Government.
+It is the responsibility of any person or organization contemplating
+export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+
+
+Copyright (c) 1988, 1990, 1993
+ The Regents of the University of California. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or of the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. The authors are not responsible for the consequences of use of this
+ software, no matter how awful, even if they arise from flaws in it.
+
+2. The origin of this software must not be misrepresented, either by
+ explicit claim or by omission. Since few users ever read sources,
+ credits must appear in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+ misrepresented as being the original software. Since few users
+ ever read sources, credits must appear in the documentation.
+
+4. This notice may not be removed or altered.
+
+
+
+IMath is Copyright 2002-2005 Michael J. Fromberger
+You may use it subject to the following Licensing Terms:
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+
+Copyright (c) 2005 Doug Rabson
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+
+Copyright (c) 2005 Marko Kreen
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
Added: vendor-crypto/heimdal/dist/packages/debian/extras/default
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/extras/default (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/extras/default 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,17 @@
+# Do we start the KDC?
+KDC_ENABLED=yes
+KDC_PARAMS=""
+
+# the kpasswdd?
+KPASSWDD_ENABLED=yes
+KPASSWDD_PARAMS=""
+
+# kprop master?
+MASTER_ENABLED=no
+
+# How about the kprop slave?
+SLAVE_ENABLED=no
+
+# Add at least your master server name here when using iprop-replication
+# otherwise it would fail silently.
+SLAVE_PARAMS=""
Added: vendor-crypto/heimdal/dist/packages/debian/extras/kadmind.acl
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/extras/kadmind.acl (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/extras/kadmind.acl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+#principal [priv1,priv2,...] [glob-pattern]
Added: vendor-crypto/heimdal/dist/packages/debian/extras/kdc.conf
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/extras/kdc.conf (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/extras/kdc.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,91 @@
+[kdc]
+# See allowed values in krb5_openlog(3) man page.
+logging = FILE:/var/log/heimdal-kdc.log
+
+# detach = boolean
+
+# Gives an upper limit on the size of the requests that the kdc is
+# willing to handle.
+# max-request = integer
+
+# Turn off the requirement for pre-autentication in the initial AS-
+# REQ for all principals. The use of pre-authentication makes it
+# more difficult to do offline password attacks. You might want to
+# turn it off if you have clients that don't support pre-authenti-
+# cation. Since the version 4 protocol doesn't support any pre-
+# authentication, serving version 4 clients is just about the same
+# as not requiring pre-athentication. The default is to require
+# pre-authentication. Adding the require-preauth per principal is
+# a more flexible way of handling this.
+# require-preauth = boolean
+
+# Specifies the set of ports the KDC should listen on. It is given
+# as a white-space separated list of services or port numbers.
+# ports = 88,750
+
+# The list of addresses to listen for requests on. By default, the
+# kdc will listen on all the locally configured addresses. If only
+# a subset is desired, or the automatic detection fails, this
+# option might be used.
+# addresses = list of ip addresses
+
+# respond to Kerberos 4 requests
+# enable-kerberos4 = false
+
+# respond to Kerberos 4 requests from foreign realms. This is a
+# known security hole and should not be enabled unless you under-
+# stand the consequences and are willing to live with them.
+# enable-kerberos4-cross-realm = false
+
+# respond to 524 requests
+# enable-524 = value of enable-kerberos4
+
+# Makes the kdc listen on port 80 and handle requests encapsulated
+# in HTTP.
+# enable-http = boolean
+
+# What realm this server should act as when dealing with version 4
+# requests. The database can contain any number of realms, but
+# since the version 4 protocol doesn't contain a realm for the
+# server, it must be explicitly specified. The default is whatever
+# is returned by krb_get_lrealm(). This option is only availabe if
+# the KDC has been compiled with version 4 support.
+# v4-realm = string
+
+# Enable kaserver emulation (in case it's compiled in).
+# enable-kaserver = false
+
+# Check the addresses in the ticket when processing TGS requests.
+# check-ticket-addresses = true
+
+# Permit tickets with no addresses. This option is only
+# relevent when check-ticket-addresses is TRUE.
+# allow-null-ticket-addresses = true
+
+# Permit anonymous tickets with no addresses.
+# allow-anonymous = boolean
+
+# Always verify the transited policy, ignoring the
+# disable-transited-check flag if set in the KDC client request.
+# transited-policy = {always-check,allow-per-principal,always-honour-request}
+
+# Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
+# code. The Heimdal clients allow both.
+# encode_as_rep_as_tgs_rep = boolean
+
+# How long before password/principal expiration the KDC should
+# start sending out warning messages.
+# kdc_warn_pwexpire = time
+
+# Specifies the set of ports the KDC should listen on. It is given
+# as a white-space separated list of services or port numbers.
+# kdc_ports = 88,750
+
+# [password_quality]
+# check_library = LIBRARY
+# check_function = FUNCTION
+# min_length = value
+
+# [kadmin]
+# default_keys = list of strings
+# use_v4_salt = boolean
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-clients-x.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-clients-x.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-clients-x.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,10 @@
+usr/bin/kx
+usr/bin/rxterm
+usr/bin/rxtelnet
+usr/bin/tenletxr
+usr/bin/xnlock
+usr/share/man/man1/kx.1
+usr/share/man/man1/rxterm.1
+usr/share/man/man1/rxtelnet.1
+usr/share/man/man1/tenletxr.1
+usr/share/man/man1/xnlock.1
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,43 @@
+usr/bin/afslog
+usr/bin/rsh
+usr/bin/kauth
+usr/bin/kdestroy
+usr/bin/kf
+usr/bin/kgetcred
+usr/bin/kinit
+usr/bin/klist
+usr/bin/kpasswd
+usr/bin/otp
+usr/bin/otpprint
+usr/bin/su
+usr/bin/pfrom
+usr/bin/rcp
+usr/bin/string2key
+usr/bin/ftp
+usr/bin/verify_krb5_conf
+usr/bin/telnet
+usr/bin/pagsh
+usr/sbin/kadmin
+usr/sbin/ktutil
+usr/sbin/push
+usr/share/man/man1/kauth.1
+usr/share/man/man1/kdestroy.1
+usr/share/man/man1/kf.1
+usr/share/man/man1/kinit.1
+usr/share/man/man1/klist.1
+usr/share/man/man1/kpasswd.1
+usr/share/man/man1/otp.1
+usr/share/man/man1/otpprint.1
+usr/share/man/man1/su.1
+usr/share/man/man1/pfrom.1
+usr/share/man/man1/ftp.1
+usr/share/man/man1/telnet.1
+usr/share/man/man1/afslog.1
+usr/share/man/man1/rsh.1
+usr/share/man/man1/kgetcred.1
+usr/share/man/man1/pagsh.1
+usr/share/man/man8/kadmin.8
+usr/share/man/man8/ktutil.8
+usr/share/man/man8/push.8
+usr/share/man/man8/verify_krb5_conf.8
+usr/share/man/man8/string2key.8
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.postinst
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.postinst (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.postinst 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+for i in ftp telnet rsh rcp pagsh
+do
+ update-alternatives --install /usr/bin/$i $i /usr/bin/k$i 23 \
+ --slave /usr/share/man/man1/$i.1.gz $i.1.gz /usr/share/man/man1/k$i.1.gz
+done
+
+#DEBHELPER#
+
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.prerm
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.prerm (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-clients.prerm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,13 @@
+#!/bin/sh -e
+
+if [ "$1" != "upgrade" ]
+then
+ for i in ftp telnet rsh rcp pagsh
+ do
+ update-alternatives --remove $i /usr/bin/k$i
+ done
+fi
+
+#DEBHELPER#
+
+
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-dev.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-dev.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-dev.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,8 @@
+usr/bin/krb5-config
+usr/bin/mk_cmds
+usr/lib/*.a
+usr/lib/*.la
+usr/lib/*.so
+usr/include
+usr/share/man/man1/krb5-config.1
+usr/share/man/man3
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-docs.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-docs.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-docs.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/share/man/man5/krb5.conf.5
+usr/share/info
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.init
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.init (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.init 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,69 @@
+#! /bin/sh
+#
+# skeleton example file to build /etc/init.d/ scripts.
+# This file should be used to construct scripts for /etc/init.d.
+#
+# Written by Miquel van Smoorenburg <miquels at cistron.nl>.
+# Modified for Debian GNU/Linux
+# by Ian Murdock <imurdock at gnu.ai.mit.edu>.
+#
+# Version: @(#)skeleton 1.8 03-Mar-1998 miquels at cistron.nl
+#
+# This file was automatically customized by dh-make on Wed, 8 Dec 1999 11:54:13 +1100
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+KCM_DAEMON="/usr/sbin/kcm"
+KCM_NAME="kcm"
+KCM_DESC="Heimdal KCM"
+KCM_PARAMS="--detach"
+
+test -f $KCM_DAEMON || exit 0
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $KCM_DESC: "
+ start-stop-daemon --start --quiet \
+ --pidfile /var/run/$KCM_NAME.pid \
+ --exec $KCM_DAEMON -- $KCM_PARAMS
+ echo "$KCM_NAME."
+ ;;
+ stop)
+ echo -n "Stopping $KCM_DESC: "
+ start-stop-daemon --stop --oknodo --quiet \
+ --pidfile /var/run/$KCM_NAME.pid \
+ --exec $KCM_DAEMON -- $KCM_PARAMS
+ echo "$KCM_NAME."
+ ;;
+ #reload)
+ #
+ # If the daemon can reload its config files on the fly
+ # for example by sending it SIGHUP, do it here.
+ #
+ # If the daemon responds to changes in its config file
+ # directly anyway, make this a do-nothing entry.
+ #
+ # echo "Reloading $DESC configuration files."
+ # start-stop-daemon --stop --signal 1 --quiet --pidfile \
+ # /var/run/$NAME.pid --exec $DAEMON
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented, move the "force-reload"
+ # option to the "reload" entry above. If not, "force-reload" is
+ # just the same as "restart".
+ #
+ /etc/init.d/heimdal-kcm stop
+ sleep 1
+ /etc/init.d/heimdal-kcm start
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kcm.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/sbin/kcm
+usr/share/man/man8/kcm.8
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.dirs
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.dirs (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.dirs 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+etc/default
+etc/heimdal-kdc
+etc/ldap/schema
+usr/lib/heimdal-servers
+var/lib/heimdal-kdc
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.examples
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.examples (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.examples 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+debian/extras/kdc.conf
+debian/extras/kadmind.acl
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.init
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.init (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.init 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,124 @@
+#! /bin/sh
+#
+# skeleton example file to build /etc/init.d/ scripts.
+# This file should be used to construct scripts for /etc/init.d.
+#
+# Written by Miquel van Smoorenburg <miquels at cistron.nl>.
+# Modified for Debian GNU/Linux
+# by Ian Murdock <imurdock at gnu.ai.mit.edu>.
+#
+# Version: @(#)skeleton 1.8 03-Mar-1998 miquels at cistron.nl
+#
+# This file was automatically customized by dh-make on Wed, 8 Dec 1999 11:54:13 +1100
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+KDC_DAEMON=/usr/lib/heimdal-servers/kdc
+KDC_NAME=heimdal-kdc
+KDC_DESC="Heimdal KDC"
+KPASSWDD_DAEMON=/usr/lib/heimdal-servers/kpasswdd
+KPASSWDD_NAME=kpasswdd
+KPASSWDD_DESC="Heimdal password server"
+
+. /etc/default/heimdal-kdc
+
+test -f $KDC_DAEMON || exit 0
+test -f $KPASSWDD_DAEMON || exit 0
+
+set -e
+
+case "$1" in
+ start)
+ if [ "$KDC_ENABLED" = "yes" ];
+ then
+ echo -n "Starting $KDC_DESC: "
+ start-stop-daemon --start --quiet --background \
+ --make-pidfile --pidfile /var/run/$KDC_NAME.pid \
+ --exec $KDC_DAEMON -- $KDC_PARAMS
+ echo "$KDC_NAME."
+ fi
+ if [ "$KPASSWDD_ENABLED" = "yes" ];
+ then
+ echo -n "Starting $KPASSWDD_DESC: "
+ start-stop-daemon --start --quiet --background \
+ --make-pidfile --pidfile /var/run/$KPASSWDD_NAME.pid \
+ --exec $KPASSWDD_DAEMON -- $KPASSWDD_PARAMS
+ echo "$KPASSWDD_NAME."
+ fi
+ if [ "$MASTER_ENABLED" = "yes" ];
+ then
+ echo -n "Starting incremental propagation master: "
+ start-stop-daemon --start --quiet --background \
+ --make-pidfile --pidfile /var/run/ipropd-master.pid \
+ --exec /usr/sbin/ipropd-master -- $MASTER_PARAMS
+ echo "ipropd-master."
+ fi
+ if [ "$SLAVE_ENABLED" = "yes" ];
+ then
+ echo -n "Starting incremental propagation slave: "
+ start-stop-daemon --start --quiet --background \
+ --make-pidfile --pidfile /var/run/ipropd-slave.pid \
+ --exec /usr/sbin/ipropd-slave -- $SLAVE_PARAMS
+ echo "ipropd-slave."
+ fi
+ ;;
+ stop)
+ if [ -f /var/run/$KPASSWDD_NAME.pid ]
+ then
+ echo -n "Stopping $KPASSWDD_DESC: "
+ start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/$KPASSWDD_NAME.pid \
+ --exec $KPASSWDD_DAEMON -- $KPASSWDD_PARAMS
+ echo "$KPASSWDD_NAME."
+ fi
+ if [ -f /var/run/$KDC_NAME.pid ]
+ then
+ echo -n "Stopping $KDC_DESC: "
+ start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/$KDC_NAME.pid \
+ --exec $KDC_DAEMON -- $KDC_PARAMS
+ echo "$KDC_NAME."
+ fi
+ if [ -f /var/run/ipropd-master.pid ]
+ then
+ echo -n "Stopping incremental propagation master: "
+ start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/ipropd-master.pid \
+ --exec /usr/sbin/ipropd-master -- $MASTER_PARAMS
+ echo "ipropd-master."
+ fi
+ if [ -f /var/run/ipropd-slave.pid ]
+ then
+ echo -n "Stopping incremental propagation slave: "
+ start-stop-daemon --stop --oknodo --quiet --pidfile /var/run/ipropd-slave.pid \
+ --exec /usr/sbin/ipropd-slave -- $SLAVE_PARAMS
+ echo "/usr/sbin/ipropd-slave."
+ fi
+ ;;
+ #reload)
+ #
+ # If the daemon can reload its config files on the fly
+ # for example by sending it SIGHUP, do it here.
+ #
+ # If the daemon responds to changes in its config file
+ # directly anyway, make this a do-nothing entry.
+ #
+ # echo "Reloading $DESC configuration files."
+ # start-stop-daemon --stop --signal 1 --quiet --pidfile \
+ # /var/run/$NAME.pid --exec $DAEMON
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented, move the "force-reload"
+ # option to the "reload" entry above. If not, "force-reload" is
+ # just the same as "restart".
+ #
+ /etc/init.d/heimdal-kdc stop
+ sleep 1
+ /etc/init.d/heimdal-kdc start
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,20 @@
+usr/sbin/iprop-log
+usr/sbin/hprop
+usr/sbin/hpropd
+usr/sbin/ipropd-master
+usr/sbin/ipropd-slave
+usr/sbin/kdc
+usr/sbin/kadmind
+usr/sbin/kpasswdd
+usr/share/man/man8/iprop.8
+usr/share/man/man8/iprop-log.8
+usr/share/man/man8/ipropd-master.8
+usr/share/man/man8/ipropd-slave.8
+usr/share/man/man8/kdc.8
+usr/share/man/man8/kadmind.8
+usr/share/man/man8/kstash.8
+usr/share/man/man8/kpasswdd.8
+usr/share/man/man8/hprop.8
+usr/share/man/man8/hpropd.8
+usr/lib/libkdc.so.2.*
+usr/lib/libkdc.so.2
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.logrotate
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.logrotate (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.logrotate 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+/var/log/heimdal-kdc.log {
+ rotate 5
+ weekly
+ compress
+}
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postinst
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postinst (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postinst 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,98 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+if [ ! -f /var/log/heimdal-kdc.log ]
+then
+ touch /var/log/heimdal-kdc.log
+ chmod 600 /var/log/heimdal-kdc.log
+fi
+
+add_servers() {
+kadmin_entry="kerberos-adm stream tcp nowait root /usr/sbin/tcpd /usr/lib/heimdal-servers/kadmind"
+hprop_entry="#krb_prop stream tcp nowait root /usr/sbin/tcpd /usr/sbin/hpropd"
+
+ update-inetd --group KRB5 --add "$kadmin_entry"
+ update-inetd --group KRB5 --add "$hprop_entry"
+}
+
+enable_servers() {
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/kadmind' --enable kerberos-adm
+}
+
+# if not configured, try moving existing configuration
+if [ ! -f /etc/heimdal-kdc/.configured ] &&
+ [ -f /var/lib/heimdal-kdc/.configured ]
+then
+ for i in kdc.conf kadmind.acl
+ do
+ if [ -f /var/lib/heimdal-kdc/$i ]
+ then
+ mv /var/lib/heimdal-kdc/$i /etc/heimdal-kdc/$i
+ fi
+ done
+ mv /var/lib/heimdal-kdc/.configured /etc/heimdal-kdc/.configured
+fi
+
+# if already configured - dont reconfigure
+if [ ! -f /etc/heimdal-kdc/.configured ]
+then
+ # get default realm
+ # should use krb5-config setting???
+ if db_get krb5-config/default_realm && [ "x$RET" != "x" ]
+ then
+ default_realm="$RET"
+ else
+ default_realm="`hostname -d | tr a-z A-Z`"
+ fi
+ db_fget heimdal/realm seen
+ if [ "$RET" != "true" ]; then
+ db_set heimdal/realm "$default_realm"
+ fi
+ db_subst heimdal/realm default_realm "$default_realm"
+ db_input medium heimdal/realm || true
+ db_go
+ db_get heimdal/realm; REALM="$RET"
+
+ # get password
+ db_input medium heimdal-kdc/password || true
+ db_go
+ db_get heimdal-kdc/password; PASSWORD="$RET"
+ db_set heimdal-kdc/password ""
+
+ DST=/etc/heimdal-kdc/kdc.conf
+ cp -a /usr/share/doc/heimdal-kdc/examples/kdc.conf "$DST"
+# /usr/lib/heimdal-kdc/setconfig --file "$DST" --section realms::REALM.ORG "=$REALM"
+
+ DST=/etc/heimdal-kdc/kadmind.acl
+ cp -a /usr/share/doc/heimdal-kdc/examples/kadmind.acl "$DST"
+
+ kstash --master-key-fd=0 <<EOF
+$PASSWORD
+EOF
+
+ echo -e "\n\n" | kadmin -l init "$REALM" > /dev/null
+
+ touch /etc/heimdal-kdc/.configured
+fi
+
+case "$1" in
+abort-upgrade | abort-deconfigure | abort-remove)
+ ;;
+configure)
+ if [ -z "$2" ]
+ then
+ add_servers
+ elif dpkg --compare-versions "$2" le "0.7.2.dfsg.1-6"
+ then
+ enable_servers
+ fi
+ ;;
+*)
+ printf "$0: incorrect arguments: $*\n" >&2
+ exit 1
+ ;;
+esac
+
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postrm
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postrm (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.postrm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,32 @@
+#!/bin/sh -e
+
+remove_servers() {
+ update-inetd --remove 'kerberos-adm[ \t].*[ \t]/usr/lib/heimdal-servers/kadmind'
+ update-inetd --remove 'krb_prop[ \t].*[ \t]/usr/sbin/hpropd'
+}
+
+case "$1" in
+abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear)
+ ;;
+purge)
+ # If netbase is not installed, then we don't need to do the remove.
+ if command -v update-inetd >/dev/null 2>&1; then
+ remove_servers
+ fi
+ ;;
+*)
+ echo "$0: incorrect arguments: $*" >&2
+ exit 1
+ ;;
+esac
+
+if [ "$1" = "purge" ]
+then
+ rm -f /var/log/heimdal-kdc.log*
+ rm -rf /var/lib/heimdal-kdc
+ rm -f /etc/heimdal-kdc/.configured
+ rm -f /etc/heimdal-kdc/kdc.conf
+ rm -f /etc/heimdal-kdc/kadmind.acl
+fi
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.templates
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.templates (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-kdc.templates 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+Template: heimdal/realm
+Type: string
+_Description: Local realm name:
+ Heimdal requires the name of your local realm. This is typically your
+ domain name in uppercase. eg if your hostname is host.org.com, then your
+ realm will become ORG.COM. The default for your host is ${default_realm}.
+
+Template: heimdal-kdc/password
+Type: password
+_Description: Password for KDC:
+ Heimdal can encrypt the KDC data with a password. A hashed representation
+ will be stored in /var/lib/heimdal-kdc/m-key.
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.dirs
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.dirs (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.dirs 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+usr/lib/heimdal-servers
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/sbin/kxd
+usr/share/man/man8/kxd.8
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postinst
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postinst (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postinst 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,34 @@
+#!/bin/sh -e
+
+add_servers() {
+ kx_entry="kx stream tcp nowait root /usr/sbin/tcpd /usr/lib/heimdal-servers/kxd"
+ update-inetd --group KRB5 --add "$kx_entry"
+}
+
+enable_servers() {
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/kx' --enable kx
+}
+
+remove_servers() {
+ update-inetd --remove 'kx[ \t].*[ \t]/usr/lib/heimdal-servers/kxd'
+}
+
+case "$1" in
+abort-upgrade | abort-deconfigure | abort-remove)
+ enable_servers
+ ;;
+configure)
+ if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.2h-1; then
+ enable_servers
+ else
+ remove_servers
+ add_servers
+ fi
+ ;;
+*)
+ printf "$0: incorrect arguments: $*\n" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postrm
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postrm (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.postrm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,23 @@
+#!/bin/sh -e
+# $Id: heimdal-servers-x.postrm,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+remove_servers() {
+ update-inetd --remove 'kx[ \t].*[ \t]/usr/lib/heimdal-servers/kxd'
+}
+
+case "$1" in
+abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear)
+ ;;
+purge)
+ # If netbase is not installed, then we don't need to do the remove.
+ if command -v update-inetd >/dev/null 2>&1; then
+ remove_servers
+ fi
+ ;;
+*)
+ echo "$0: incorrect arguments: $*" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.prerm
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.prerm (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers-x.prerm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+
+disable_servers() {
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/kx' --disable kx
+}
+
+if command -v update-inetd >/dev/null 2>&1; then
+ disable_servers
+fi
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.dirs
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.dirs (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.dirs 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+usr/lib/heimdal-servers
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,12 @@
+usr/sbin/kfd
+usr/sbin/ftpd
+usr/sbin/rshd
+usr/sbin/telnetd
+usr/sbin/popper
+usr/bin/login
+usr/share/man/man5/ftpusers.5
+usr/share/man/man8/ftpd.8
+usr/share/man/man8/popper.8
+usr/share/man/man8/telnetd.8
+usr/share/man/man8/kfd.8
+usr/share/man/man8/rshd.8
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postinst
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postinst (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postinst 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+#!/bin/sh -e
+
+add_servers() {
+kshell_entry="kshell stream tcp nowait root /usr/sbin/tcpd /usr/lib/heimdal-servers/rshd -k"
+ ftp_entry="ftp stream tcp nowait root /usr/sbin/tcpd /usr/lib/heimdal-servers/ftpd -a plain"
+telnet_entry="telnet stream tcp nowait root /usr/sbin/tcpd /usr/lib/heimdal-servers/telnetd -a none"
+ pop3_entry="pop-3 stream tcp nowait root /usr/sbin/tcpd /usr/lib/heimdal-servers/popper"
+
+ update-inetd --group KRB5 --add "$kshell_entry"
+ update-inetd --group KRB5 --add "$ftp_entry"
+ update-inetd --group KRB5 --add "$telnet_entry"
+ update-inetd --group KRB5 --add "$pop3_entry"
+}
+
+enable_servers() {
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/rshd' --enable kshell
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/ftpd' --enable ftp
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/telnetd' --enable telnet
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/popper' --enable pop-3
+}
+
+remove_servers() {
+ update-inetd --remove 'kshell[ \t].*[ \t]/usr/lib/heimdal-servers/rshd'
+ update-inetd --remove 'ftp[ \t].*[ \t]/usr/lib/heimdal-servers/ftpd'
+ update-inetd --remove 'telnet[ \t].*[ \t]/usr/lib/heimdal-servers/telnetd'
+ update-inetd --remove 'pop-3[ \t].*[ \t]/usr/lib/heimdal-servers/popper'
+}
+
+case "$1" in
+abort-upgrade | abort-deconfigure | abort-remove)
+ enable_servers
+ ;;
+configure)
+ if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.3e-4; then
+ enable_servers
+ else
+ remove_servers
+ add_servers
+ fi
+ ;;
+*)
+ printf "$0: incorrect arguments: $*\n" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postrm
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postrm (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.postrm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,26 @@
+#!/bin/sh -e
+# $Id: heimdal-servers.postrm,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+remove_servers() {
+ update-inetd --remove 'kshell[ \t].*[ \t]/usr/lib/heimdal-servers/rshd'
+ update-inetd --remove 'ftp[ \t].*[ \t]/usr/lib/heimdal-servers/ftpd'
+ update-inetd --remove 'telnet[ \t].*[ \t]/usr/lib/heimdal-servers/telnetd'
+ update-inetd --remove 'pop-3[ \t].*[ \t]/usr/lib/heimdal-servers/popper'
+}
+
+case "$1" in
+abort-install | remove | abort-upgrade | upgrade | failed-upgrade | disappear)
+ ;;
+purge)
+ # If netbase is not installed, then we don't need to do the remove.
+ if command -v update-inetd >/dev/null 2>&1; then
+ remove_servers
+ fi
+ ;;
+*)
+ echo "$0: incorrect arguments: $*" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.prerm
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.prerm (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/heimdal-servers.prerm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+#!/bin/sh -e
+
+disable_servers() {
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/rshd' --disable kshell
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/ftpd' --disable ftp
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/telnetd' --disable telnet
+ update-inetd --pattern '[ \t]/usr/lib/heimdal-servers/popper' --disable pop-3
+}
+
+if command -v update-inetd >/dev/null 2>&1; then
+ disable_servers
+fi
+
+#DEBHELPER#
Added: vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/lib/libasn1.so.8.*
+usr/lib/libasn1.so.8
Added: vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postinst.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postinst.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postinst.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postrm.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postrm.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.postrm.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.substvars
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.substvars (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libasn1-8-heimdal.substvars 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+shlibs:Depends=libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libroken16-heimdal
Added: vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/lib/libgssapi.so.2.*
+usr/lib/libgssapi.so.2
Added: vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postinst.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postinst.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postinst.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postrm.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postrm.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.postrm.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.substvars
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.substvars (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libgssapi2-heimdal.substvars 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+shlibs:Depends=libasn1-6-heimdal, libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libkrb5-17-heimdal, libroken16-heimdal
Added: vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+usr/lib/libhdb.so.9.*
+usr/lib/libhdb.so.9
+
Added: vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postinst.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postinst.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postinst.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postrm.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postrm.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.postrm.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.substvars
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.substvars (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libhdb9-heimdal.substvars 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+shlibs:Depends=libasn1-6-heimdal, libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libdb4.4, libkrb5-17-heimdal, libroken16-heimdal
Added: vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+usr/lib/libkadm5clnt.so.7.*
+usr/lib/libkadm5clnt.so.7
+
Added: vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.substvars
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.substvars (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkadm5clnt7-heimdal.substvars 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+shlibs:Depends=libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libkrb5-17-heimdal, libroken16-heimdal
Added: vendor-crypto/heimdal/dist/packages/debian/libkadm5srv7-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkadm5srv7-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkadm5srv7-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/lib/libkadm5srv.so.*
+
Added: vendor-crypto/heimdal/dist/packages/debian/libkadm5srv8-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkadm5srv8-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkadm5srv8-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+usr/lib/libkadm5srv.so.8.*
+usr/lib/libkadm5srv.so.8
+
Added: vendor-crypto/heimdal/dist/packages/debian/libkafs0-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkafs0-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkafs0-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/lib/libkafs.so.0.*
+usr/lib/libkafs.so.0
Added: vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+usr/lib/libkrb5.so.22.*
+usr/lib/libkrb5.so.22
+
Added: vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postinst.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postinst.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postinst.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postrm.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postrm.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.postrm.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.substvars
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.substvars (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libkrb5-22-heimdal.substvars 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+shlibs:Depends=libasn1-6-heimdal, libc6 (>= 2.6-1), libcomerr2 (>= 1.33-3), libroken16-heimdal
Added: vendor-crypto/heimdal/dist/packages/debian/libotp0-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libotp0-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libotp0-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+usr/lib/libotp.so.*
Added: vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/lib/libroken.so.18.*
+usr/lib/libroken.so.18
Added: vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postinst.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postinst.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postinst.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "configure" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postrm.debhelper
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postrm.debhelper (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.postrm.debhelper 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+# Automatically added by dh_makeshlibs
+if [ "$1" = "remove" ]; then
+ ldconfig
+fi
+# End automatically added section
Added: vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.substvars
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.substvars (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libroken18-heimdal.substvars 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+shlibs:Depends=libc6 (>= 2.6-1)
Added: vendor-crypto/heimdal/dist/packages/debian/libsl0-heimdal.install
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/libsl0-heimdal.install (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/libsl0-heimdal.install 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+usr/lib/libsl.so.0.*
+usr/lib/libsl.so.0
Added: vendor-crypto/heimdal/dist/packages/debian/patches/021_debian
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/patches/021_debian (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/patches/021_debian 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,204 @@
+Index: heimdal-0.7.2.dfsg.1/lib/hdb/hdb.h
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/hdb/hdb.h 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/lib/hdb/hdb.h 2006-05-13 16:42:58.000000000 +1000
+@@ -86,7 +86,7 @@
+ krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
+ };
+
+-#define HDB_DB_DIR "/var/heimdal"
++#define HDB_DB_DIR "/var/lib/heimdal-kdc"
+ #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
+ #define HDB_DB_FORMAT_ENTRY "hdb/db-format"
+
+Index: heimdal-0.7.2.dfsg.1/appl/telnet/telnetd/telnetd.h
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/appl/telnet/telnetd/telnetd.h 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/appl/telnet/telnetd/telnetd.h 2006-05-13 16:42:58.000000000 +1000
+@@ -192,7 +192,7 @@
+ #endif
+
+ #undef _PATH_LOGIN
+-#define _PATH_LOGIN BINDIR "/login"
++#define _PATH_LOGIN "/bin/login"
+
+ /* fallbacks */
+
+Index: heimdal-0.7.2.dfsg.1/kdc/kdc.8
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/kdc/kdc.8 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/kdc/kdc.8 2006-05-13 16:42:58.000000000 +1000
+@@ -77,7 +77,7 @@
+ .Fl -config-file= Ns Ar file
+ .Xc
+ Specifies the location of the config file, the default is
+-.Pa /var/heimdal/kdc.conf .
++.Pa /etc/heimdal-kdc/kdc.conf .
+ This is the only value that can't be specified in the config file.
+ .It Xo
+ .Fl p ,
+Index: heimdal-0.7.2.dfsg.1/doc/setup.texi
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/doc/setup.texi 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/doc/setup.texi 2006-05-13 16:42:58.000000000 +1000
+@@ -335,7 +335,7 @@
+ as @samp{749/tcp}.
+
+ Access to the administration server is controlled by an ACL file, (default
+- at file{/var/heimdal/kadmind.acl}.) The lines in the access file, have the
++ at file{/etc/heimdal-kdc/kadmind.acl}.) The lines in the access file, have the
+ following syntax:
+ @smallexample
+ principal [priv1,priv2,...] [glob-pattern]
+Index: heimdal-0.7.2.dfsg.1/kdc/kdc_locl.h
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/kdc/kdc_locl.h 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/kdc/kdc_locl.h 2006-05-13 16:42:58.000000000 +1000
+@@ -74,7 +74,7 @@
+ extern int enable_pkinit_princ_in_cert;
+ #endif
+
+-#define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf"
++#define _PATH_KDC_CONF "/etc/heimdal-kdc/kdc.conf"
+ #define DEFAULT_LOG_DEST "0-1/FILE:" HDB_DB_DIR "/kdc.log"
+
+ extern struct timeval now;
+Index: heimdal-0.7.2.dfsg.1/lib/kadm5/context_s.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/context_s.c 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/lib/kadm5/context_s.c 2006-05-13 16:42:58.000000000 +1000
+@@ -158,7 +158,7 @@
+ set_config(ctx, default_binding);
+ else {
+ ctx->config.dbname = strdup(HDB_DEFAULT_DB);
+- ctx->config.acl_file = strdup(HDB_DB_DIR "/kadmind.acl");
++ ctx->config.acl_file = strdup("/etc/heimdal-kdc/kadmind.acl");
+ ctx->config.stash_file = strdup(HDB_DB_DIR "/m-key");
+ ctx->log_context.log_file = strdup(HDB_DB_DIR "/log");
+ memset(&ctx->log_context.socket_name, 0,
+Index: heimdal-0.7.2.dfsg.1/kadmin/kadmind.8
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/kadmin/kadmind.8 2006-05-13 16:42:53.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/kadmin/kadmind.8 2006-05-13 16:42:58.000000000 +1000
+@@ -85,7 +85,7 @@
+ Principals are always allowed to change their own password and list
+ their own principal. Apart from that, doing any operation requires
+ permission explicitly added in the ACL file
+-.Pa /var/heimdal/kadmind.acl .
++.Pa /etc/heimdal-kdc/kadmind.acl .
+ The format of this file is:
+ .Bd -ragged
+ .Va principal
+@@ -155,7 +155,7 @@
+ .El
+ .\".Sh ENVIRONMENT
+ .Sh FILES
+-.Pa /var/heimdal/kadmind.acl
++.Pa /etc/heimdal-kdc/kadmind.acl
+ .Sh EXAMPLES
+ This will cause
+ .Nm
+Index: heimdal-0.7.2.dfsg.1/lib/kadm5/truncate_log.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/truncate_log.c 2003-11-19 10:19:26.000000000 +1100
++++ heimdal-0.7.2.dfsg.1/lib/kadm5/truncate_log.c 2006-05-14 10:33:39.054471619 +1000
+@@ -69,7 +69,7 @@
+ }
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/lib/kadm5/dump_log.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/dump_log.c 2005-04-26 04:17:51.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/lib/kadm5/dump_log.c 2006-05-14 10:33:13.743359875 +1000
+@@ -246,7 +246,7 @@
+ }
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/kadmin/kadmind.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/kadmin/kadmind.c 2005-04-15 21:16:32.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/kadmin/kadmind.c 2006-05-14 10:27:22.837834789 +1000
+@@ -117,7 +117,7 @@
+ argv += optind;
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/kadmin/kadmin.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/kadmin/kadmin.c 2005-05-10 01:35:22.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/kadmin/kadmin.c 2006-05-14 10:27:03.969138000 +1000
+@@ -194,7 +194,7 @@
+ argv += optind;
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/lib/kadm5/replay_log.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/replay_log.c 2003-11-19 10:19:22.000000000 +1100
++++ heimdal-0.7.2.dfsg.1/lib/kadm5/replay_log.c 2006-05-14 10:33:28.976621605 +1000
+@@ -99,7 +99,7 @@
+ }
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_slave.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/ipropd_slave.c 2005-05-24 03:39:35.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_slave.c 2006-05-14 10:31:34.812853916 +1000
+@@ -418,7 +418,7 @@
+ }
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_master.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/lib/kadm5/ipropd_master.c 2005-05-24 03:38:46.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/lib/kadm5/ipropd_master.c 2006-05-14 10:31:17.286905672 +1000
+@@ -654,7 +654,7 @@
+ }
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
+Index: heimdal-0.7.2.dfsg.1/kpasswd/kpasswdd.c
+===================================================================
+--- heimdal-0.7.2.dfsg.1.orig/kpasswd/kpasswdd.c 2005-04-22 21:03:11.000000000 +1000
++++ heimdal-0.7.2.dfsg.1/kpasswd/kpasswdd.c 2006-05-14 10:27:49.778564590 +1000
+@@ -749,7 +749,7 @@
+ }
+
+ if (config_file == NULL)
+- config_file = HDB_DB_DIR "/kdc.conf";
++ config_file = "/etc/heimdal-kdc/kdc.conf";
+
+ ret = krb5_prepend_config_files_default(config_file, &files);
+ if (ret)
Added: vendor-crypto/heimdal/dist/packages/debian/patches/022_ftp-roken-glob
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/patches/022_ftp-roken-glob (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/patches/022_ftp-roken-glob 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,270 @@
+Index: heimdal-0.7.2/appl/ftp/ftp/cmds.c
+===================================================================
+--- heimdal-0.7.2.orig/appl/ftp/ftp/cmds.c 2005-04-18 17:45:12.000000000 +1000
++++ heimdal-0.7.2/appl/ftp/ftp/cmds.c 2006-03-09 12:50:02.997025112 +1100
+@@ -536,9 +536,17 @@
+
+ memset(&gl, 0, sizeof(gl));
+ flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
++#ifdef HAVE_GLOB
+ if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
++#else
++ if (roken_glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) {
++#endif
+ warnx("%s: not found", argv[i]);
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
+ continue;
+ }
+ for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) {
+@@ -559,7 +567,11 @@
+ }
+ }
+ }
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
+ }
+ signal(SIGINT, oldintr);
+ mflag = 0;
+@@ -1568,14 +1580,27 @@
+
+ flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ memset(&gl, 0, sizeof(gl));
++#ifdef HAVE_GLOB
+ if (glob(*cpp, flags, NULL, &gl) ||
++#else
++ if (roken_glob(*cpp, flags, NULL, &gl) ||
++#endif
+ gl.gl_pathc == 0) {
+ warnx("%s: not found", *cpp);
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
+ return (0);
+ }
+ *cpp = strdup(gl.gl_pathv[0]); /* XXX - wasted memory */
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
++
+ return (1);
+ }
+
+Index: heimdal-0.7.2/appl/ftp/ftp/ftp_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/ftp/ftp/ftp_locl.h 2002-09-11 06:03:46.000000000 +1000
++++ heimdal-0.7.2/appl/ftp/ftp/ftp_locl.h 2006-03-09 12:50:02.998024960 +1100
+@@ -101,7 +101,11 @@
+
+ #include <errno.h>
+ #include <ctype.h>
++#ifdef HAVE_GLOB
+ #include <glob.h>
++#else
++#include <roken-glob.h>
++#endif
+ #ifdef HAVE_NETDB_H
+ #include <netdb.h>
+ #endif
+Index: heimdal-0.7.2/appl/ftp/ftpd/ftpcmd.y
+===================================================================
+--- heimdal-0.7.2.orig/appl/ftp/ftpd/ftpcmd.y 2004-08-20 23:31:19.000000000 +1000
++++ heimdal-0.7.2/appl/ftp/ftpd/ftpcmd.y 2006-03-09 12:50:03.000024656 +1100
+@@ -826,14 +826,22 @@
+ GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+
+ memset(&gl, 0, sizeof(gl));
++#ifdef HAVE_GLOB
+ if (glob($1, flags, NULL, &gl) ||
++#else
++ if (roken_glob($1, flags, NULL, &gl) ||
++#endif
+ gl.gl_pathc == 0) {
+ reply(550, "not found");
+ $$ = NULL;
+ } else {
+ $$ = strdup(gl.gl_pathv[0]);
+ }
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
+ free($1);
+ } else
+ $$ = $1;
+Index: heimdal-0.7.2/appl/ftp/ftpd/ftpd.c
+===================================================================
+--- heimdal-0.7.2.orig/appl/ftp/ftpd/ftpd.c 2005-06-02 20:41:28.000000000 +1000
++++ heimdal-0.7.2/appl/ftp/ftpd/ftpd.c 2006-03-09 12:50:03.003024200 +1100
+@@ -2234,7 +2234,11 @@
+
+ memset(&gl, 0, sizeof(gl));
+ freeglob = 1;
++#ifdef HAVE_GLOB
+ if (glob(whichf, flags, 0, &gl)) {
++#else
++ if (roken_glob(whichf, flags, 0, &gl)) {
++#endif
+ reply(550, "not found");
+ goto out;
+ } else if (gl.gl_pathc == 0) {
+@@ -2341,7 +2345,11 @@
+ pdata = -1;
+ if (freeglob) {
+ freeglob = 0;
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
+ }
+ }
+
+Index: heimdal-0.7.2/appl/ftp/ftpd/ftpd_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/ftp/ftpd/ftpd_locl.h 2005-04-25 05:58:14.000000000 +1000
++++ heimdal-0.7.2/appl/ftp/ftpd/ftpd_locl.h 2006-03-09 12:50:03.004024048 +1100
+@@ -106,7 +106,11 @@
+ #ifdef HAVE_FCNTL_H
+ #include <fcntl.h>
+ #endif
++#ifdef HAVE_GLOB
+ #include <glob.h>
++#else
++#include <roken-glob.h>
++#endif
+ #include <limits.h>
+ #ifdef HAVE_PWD_H
+ #include <pwd.h>
+Index: heimdal-0.7.2/appl/ftp/ftpd/popen.c
+===================================================================
+--- heimdal-0.7.2.orig/appl/ftp/ftpd/popen.c 2002-04-02 21:57:39.000000000 +1000
++++ heimdal-0.7.2/appl/ftp/ftpd/popen.c 2006-03-09 12:50:03.013022680 +1100
+@@ -55,7 +55,11 @@
+ #include <sys/wait.h>
+
+ #include <errno.h>
++#ifdef HAVE_GLOB
+ #include <glob.h>
++#else
++#include <roken-glob.h>
++#endif
+ #include <signal.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -149,7 +153,11 @@
+
+ memset(&gl, 0, sizeof(gl));
+ if (no_glob ||
++#ifdef HAVE_GLOB
+ glob(argv[argc], flags, NULL, &gl) ||
++#else
++ roken_glob(argv[argc], flags, NULL, &gl) ||
++#endif
+ gl.gl_pathc == 0)
+ gargv[gargc++] = strdup(argv[argc]);
+ else
+@@ -157,7 +165,11 @@
+ *pop && gargc < MAXGLOBS - 1;
+ pop++)
+ gargv[gargc++] = strdup(*pop);
++#ifdef HAVE_GLOB
+ globfree(&gl);
++#else
++ roken_globfree(&gl);
++#endif
+ }
+ gargv[gargc] = NULL;
+
+Index: heimdal-0.7.2/lib/roken/glob.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/roken/glob.c 2005-04-12 21:28:50.000000000 +1000
++++ heimdal-0.7.2/lib/roken/glob.c 2006-03-09 12:50:03.015022376 +1100
+@@ -87,7 +87,7 @@
+ #include <limits.h>
+ #endif
+
+-#include "glob.h"
++#include "roken-glob.h"
+ #include "roken.h"
+
+ #ifndef ARG_MAX
+@@ -167,7 +167,7 @@
+ #endif
+
+ int ROKEN_LIB_FUNCTION
+-glob(const char *pattern,
++roken_glob(const char *pattern,
+ int flags,
+ int (*errfunc)(const char *, int),
+ glob_t *pglob)
+@@ -742,7 +742,7 @@
+
+ /* Free allocated data belonging to a glob_t structure. */
+ void ROKEN_LIB_FUNCTION
+-globfree(glob_t *pglob)
++roken_globfree(glob_t *pglob)
+ {
+ int i;
+ char **pp;
+Index: heimdal-0.7.2/lib/roken/glob.hin
+===================================================================
+--- heimdal-0.7.2.orig/lib/roken/glob.hin 2005-04-13 23:17:56.000000000 +1000
++++ heimdal-0.7.2/lib/roken/glob.hin 2006-03-09 12:50:03.016022224 +1100
+@@ -32,8 +32,8 @@
+ * @(#)glob.h 8.1 (Berkeley) 6/2/93
+ */
+
+-#ifndef _GLOB_H_
+-#define _GLOB_H_
++#ifndef _ROKEN_GLOB_H_
++#define _ROKEN_GLOB_H_
+
+ #ifndef ROKEN_LIB_FUNCTION
+ #ifdef _WIN32
+@@ -88,9 +88,9 @@
+ #define GLOB_ABEND (-2) /* Unignored error. */
+
+ int ROKEN_LIB_FUNCTION
+-glob (const char *, int, int (*)(const char *, int), glob_t *);
++roken_glob (const char *, int, int (*)(const char *, int), glob_t *);
+
+ void ROKEN_LIB_FUNCTION
+-globfree (glob_t *);
++roken_globfree (glob_t *);
+
+-#endif /* !_GLOB_H_ */
++#endif /* !_ROKEN_GLOB_H_ */
+Index: heimdal-0.7.2/lib/roken/Makefile.am
+===================================================================
+--- heimdal-0.7.2.orig/lib/roken/Makefile.am 2005-05-24 21:39:01.000000000 +1000
++++ heimdal-0.7.2/lib/roken/Makefile.am 2006-03-09 12:50:03.016022224 +1100
+@@ -129,7 +129,7 @@
+ if have_glob_h
+ glob_h =
+ else
+-glob_h = glob.h
++glob_h = roken-glob.h
+ endif
+
+ if have_ifaddrs_h
+@@ -170,6 +170,8 @@
+ SUFFIXES += .hin
+ .hin.h:
+ cp $< $@
++roken-glob.h:
++ cp glob.hin roken-glob.h
+
+ roken.h: make-roken$(EXEEXT)
+ @./make-roken$(EXEEXT) > tmp.h ;\
Added: vendor-crypto/heimdal/dist/packages/debian/patches/022_openafs
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/patches/022_openafs (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/patches/022_openafs 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,15 @@
+Index: heimdal-0.7.2/lib/krb5/keytab_keyfile.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/keytab_keyfile.c 2005-01-09 09:57:18.000000000 +1100
++++ heimdal-0.7.2/lib/krb5/keytab_keyfile.c 2006-03-09 12:50:07.121398112 +1100
+@@ -48,8 +48,8 @@
+ *
+ */
+
+-#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell"
+-#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf"
++#define AFS_SERVERTHISCELL "/etc/openafs/ThisCell"
++#define AFS_SERVERMAGICKRBCONF "/etc/openafs/etc/krb.conf"
+
+ struct akf_data {
+ int num_entries;
Added: vendor-crypto/heimdal/dist/packages/debian/patches/025_pthreads
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/patches/025_pthreads (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/patches/025_pthreads 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,13 @@
+Index: heimdal-0.7.2/cf/pthreads.m4
+===================================================================
+--- heimdal-0.7.2.orig/cf/pthreads.m4 2006-03-09 12:55:11.651102560 +1100
++++ heimdal-0.7.2/cf/pthreads.m4 2006-03-09 12:59:12.806441376 +1100
+@@ -32,7 +32,7 @@
+ 2.*)
+ native_pthread_support=yes
+ PTHREADS_CFLAGS=-pthread
+- PTHREADS_LIBS=-pthread
++ PTHREADS_LIBS="-pthread -lpthread"
+ ;;
+ esac
+ ;;
Added: vendor-crypto/heimdal/dist/packages/debian/patches/026_posix_max
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/patches/026_posix_max (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/patches/026_posix_max 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,293 @@
+Index: heimdal-0.7.2/appl/kf/kf_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/kf/kf_locl.h 2002-09-05 06:29:04.000000000 +1000
++++ heimdal-0.7.2/appl/kf/kf_locl.h 2006-03-09 12:59:30.120809192 +1100
+@@ -79,3 +79,7 @@
+ #define KF_PORT_NAME "kf"
+ #define KF_PORT_NUM 2110
+ #define KF_VERSION_1 "KFWDV0.1"
++
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
+Index: heimdal-0.7.2/appl/kf/kfd.c
+===================================================================
+--- heimdal-0.7.2.orig/appl/kf/kfd.c 2005-05-27 23:43:24.000000000 +1000
++++ heimdal-0.7.2/appl/kf/kfd.c 2006-03-09 12:59:30.121809040 +1100
+@@ -128,7 +128,7 @@
+ krb5_ticket *ticket;
+ char *name;
+ char ret_string[10];
+- char hostname[MAXHOSTNAMELEN];
++ char hostname[MaxHostNameLen];
+ krb5_data data;
+ krb5_data remotename;
+ krb5_data tk_file;
+Index: heimdal-0.7.2/appl/kx/kx.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/kx/kx.h 2003-04-17 02:45:43.000000000 +1000
++++ heimdal-0.7.2/appl/kx/kx.h 2006-03-09 12:59:30.122808888 +1100
+@@ -107,6 +107,10 @@
+ #include <sys/stropts.h>
+ #endif
+
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
++
+ /* defined by aix's sys/stream.h and again by arpa/nameser.h */
+
+ #undef NOERROR
+Index: heimdal-0.7.2/appl/login/login_access.c
+===================================================================
+--- heimdal-0.7.2.orig/appl/login/login_access.c 2001-06-05 00:09:45.000000000 +1000
++++ heimdal-0.7.2/appl/login/login_access.c 2006-03-09 12:59:30.123808736 +1100
+@@ -163,11 +163,11 @@
+
+ static char *myhostname(void)
+ {
+- static char name[MAXHOSTNAMELEN + 1] = "";
++ static char name[MaxHostNameLen + 1] = "";
+
+ if (name[0] == 0) {
+ gethostname(name, sizeof(name));
+- name[MAXHOSTNAMELEN] = 0;
++ name[MaxHostNameLen] = 0;
+ }
+ return (name);
+ }
+Index: heimdal-0.7.2/appl/login/login_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/login/login_locl.h 2005-04-23 01:38:54.000000000 +1000
++++ heimdal-0.7.2/appl/login/login_locl.h 2006-03-09 12:59:30.124808584 +1100
+@@ -150,6 +150,10 @@
+ #endif
+
+
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
++
+ struct spwd;
+
+ extern char **env;
+Index: heimdal-0.7.2/appl/popper/popper.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/popper/popper.h 2004-07-14 19:10:30.000000000 +1000
++++ heimdal-0.7.2/appl/popper/popper.h 2006-03-09 12:59:30.125808432 +1100
+@@ -154,6 +154,10 @@
+ #define POP_MAILDIR "/usr/spool/mail"
+ #endif
+
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
++
+ #define POP_DROP POP_MAILDIR "/.%s.pop"
+ /* POP_TMPSIZE needs to be big enough to hold the string
+ * defined by POP_TMPDROP. POP_DROP and POP_TMPDROP
+Index: heimdal-0.7.2/appl/rcp/rcp_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/rcp/rcp_locl.h 2005-05-30 04:24:43.000000000 +1000
++++ heimdal-0.7.2/appl/rcp/rcp_locl.h 2006-03-09 12:59:30.125808432 +1100
+@@ -65,3 +65,7 @@
+ #endif
+ #undef _PATH_RSH
+ #define _PATH_RSH BINDIR "/rsh"
++
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
+Index: heimdal-0.7.2/appl/rsh/rsh_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/appl/rsh/rsh_locl.h 2005-12-29 05:00:05.000000000 +1100
++++ heimdal-0.7.2/appl/rsh/rsh_locl.h 2006-03-09 12:59:30.126808280 +1100
+@@ -172,3 +172,7 @@
+ #define do_write(F, B, L, I) write((F), (B), (L))
+ #define do_read(F, B, L, I) read((F), (B), (L))
+ #endif
++
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
+Index: heimdal-0.7.2/appl/test/tcp_server.c
+===================================================================
+--- heimdal-0.7.2.orig/appl/test/tcp_server.c 1999-12-16 21:31:08.000000000 +1100
++++ heimdal-0.7.2/appl/test/tcp_server.c 2006-03-09 12:59:30.127808128 +1100
+@@ -44,7 +44,7 @@
+ krb5_principal server;
+ krb5_ticket *ticket;
+ char *name;
+- char hostname[MAXHOSTNAMELEN];
++ char hostname[MaxHostNameLen];
+ krb5_data packet;
+ krb5_data data;
+ u_int32_t len, net_len;
+Index: heimdal-0.7.2/lib/gssapi/gssapi_locl.h
+===================================================================
+--- heimdal-0.7.2.orig/lib/gssapi/gssapi_locl.h 2005-05-31 06:53:46.000000000 +1000
++++ heimdal-0.7.2/lib/gssapi/gssapi_locl.h 2006-03-09 12:59:30.128807976 +1100
+@@ -84,6 +84,10 @@
+ *
+ */
+
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
++
+ extern krb5_context gssapi_krb5_context;
+
+ extern krb5_keytab gssapi_krb5_keytab;
+Index: heimdal-0.7.2/lib/gssapi/import_name.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/gssapi/import_name.c 2003-03-17 04:33:31.000000000 +1100
++++ heimdal-0.7.2/lib/gssapi/import_name.c 2006-03-09 12:59:30.129807824 +1100
+@@ -90,7 +90,7 @@
+ char *tmp;
+ char *p;
+ char *host;
+- char local_hostname[MAXHOSTNAMELEN];
++ char local_hostname[MaxHostNameLen];
+
+ *output_name = NULL;
+
+Index: heimdal-0.7.2/lib/kdfs/k5dfspag.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/kdfs/k5dfspag.c 2002-08-13 01:11:58.000000000 +1000
++++ heimdal-0.7.2/lib/kdfs/k5dfspag.c 2006-03-09 12:59:30.130807672 +1100
+@@ -78,6 +78,9 @@
+ #define WAIT_USES_INT
+ typedef krb5_sigtype sigtype;
+
++#ifndef MAXPATHLEN
++#define MAXPATHLEN 4096
++#endif
+
+ /*
+ * Need some syscall numbers based on different systems.
+Index: heimdal-0.7.2/lib/krb5/get_addrs.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/get_addrs.c 2004-05-26 07:26:05.000000000 +1000
++++ heimdal-0.7.2/lib/krb5/get_addrs.c 2006-03-09 12:59:30.139806304 +1100
+@@ -49,7 +49,7 @@
+ gethostname_fallback (krb5_context context, krb5_addresses *res)
+ {
+ krb5_error_code ret;
+- char hostname[MAXHOSTNAMELEN];
++ char hostname[MaxHostNameLen];
+ struct hostent *hostent;
+
+ if (gethostname (hostname, sizeof(hostname))) {
+Index: heimdal-0.7.2/lib/krb5/get_host_realm.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/get_host_realm.c 2005-04-20 04:52:51.000000000 +1000
++++ heimdal-0.7.2/lib/krb5/get_host_realm.c 2006-03-09 12:59:30.140806152 +1100
+@@ -95,7 +95,7 @@
+ krb5_realm **realms)
+ {
+ static char *default_labels[] = { "_kerberos", NULL };
+- char dom[MAXHOSTNAMELEN];
++ char dom[MaxHostNameLen];
+ struct dns_reply *r;
+ char **labels;
+ int i, ret;
+@@ -208,7 +208,7 @@
+ const char *host,
+ krb5_realm **realms)
+ {
+- char hostname[MAXHOSTNAMELEN];
++ char hostname[MaxHostNameLen];
+
+ if (host == NULL) {
+ if (gethostname (hostname, sizeof(hostname)))
+Index: heimdal-0.7.2/lib/krb5/krbhst-test.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/krbhst-test.c 2002-08-23 13:43:18.000000000 +1000
++++ heimdal-0.7.2/lib/krb5/krbhst-test.c 2006-03-09 12:59:30.140806152 +1100
+@@ -87,7 +87,7 @@
+ krb5_init_context (&context);
+ for(i = 0; i < argc; i++) {
+ krb5_krbhst_handle handle;
+- char host[MAXHOSTNAMELEN];
++ char host[MaxHostNameLen];
+
+ for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
+ printf ("%s for %s:\n", type_str[j], argv[i]);
+Index: heimdal-0.7.2/lib/krb5/krbhst.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/krbhst.c 2005-05-20 19:09:42.000000000 +1000
++++ heimdal-0.7.2/lib/krb5/krbhst.c 2006-03-09 12:59:30.142805848 +1100
+@@ -763,7 +763,7 @@
+ krb5_error_code ret;
+ int nhost = 0;
+ krb5_krbhst_handle handle;
+- char host[MAXHOSTNAMELEN];
++ char host[MaxHostNameLen];
+ krb5_krbhst_info *hostinfo;
+
+ ret = krb5_krbhst_init(context, realm, type, &handle);
+Index: heimdal-0.7.2/lib/krb5/principal.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/principal.c 2004-12-29 12:54:54.000000000 +1100
++++ heimdal-0.7.2/lib/krb5/principal.c 2006-03-09 12:59:30.150804632 +1100
+@@ -706,8 +706,8 @@
+ const char *p;
+ krb5_error_code ret;
+ krb5_principal pr;
+- char host[MAXHOSTNAMELEN];
+- char local_hostname[MAXHOSTNAMELEN];
++ char host[MaxHostNameLen];
++ char local_hostname[MaxHostNameLen];
+
+ /* do the following: if the name is found in the
+ `v4_name_convert:host' part, is is assumed to be a `host' type
+@@ -1059,7 +1059,7 @@
+ krb5_principal *ret_princ)
+ {
+ krb5_error_code ret;
+- char localhost[MAXHOSTNAMELEN];
++ char localhost[MaxHostNameLen];
+ char **realms, *host = NULL;
+
+ if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
+Index: heimdal-0.7.2/lib/krb5/verify_init.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/krb5/verify_init.c 2004-05-26 07:45:47.000000000 +1000
++++ heimdal-0.7.2/lib/krb5/verify_init.c 2006-03-09 12:59:30.151804480 +1100
+@@ -90,7 +90,7 @@
+ memset (&entry, 0, sizeof(entry));
+
+ if (ap_req_server == NULL) {
+- char local_hostname[MAXHOSTNAMELEN];
++ char local_hostname[MaxHostNameLen];
+
+ if (gethostname (local_hostname, sizeof(local_hostname)) < 0) {
+ ret = errno;
+Index: heimdal-0.7.2/lib/roken/getaddrinfo_hostspec.c
+===================================================================
+--- heimdal-0.7.2.orig/lib/roken/getaddrinfo_hostspec.c 2005-04-12 21:28:43.000000000 +1000
++++ heimdal-0.7.2/lib/roken/getaddrinfo_hostspec.c 2006-03-09 12:59:30.152804328 +1100
+@@ -48,7 +48,7 @@
+ {
+ const char *p;
+ char portstr[NI_MAXSERV];
+- char host[MAXHOSTNAMELEN];
++ char host[MaxHostNameLen];
+ struct addrinfo hints;
+ int hostspec_len;
+
+Index: heimdal-0.7.2/lib/sl/slc-gram.y
+===================================================================
+--- heimdal-0.7.2.orig/lib/sl/slc-gram.y 2005-04-19 20:28:28.000000000 +1000
++++ heimdal-0.7.2/lib/sl/slc-gram.y 2006-03-09 12:59:30.153804176 +1100
+@@ -46,6 +46,10 @@
+ #include <vers.h>
+ #include <roken.h>
+
++#ifndef PATH_MAX
++#define PATH_MAX 4096
++#endif
++
+ #include "slc.h"
+ extern FILE *yyin;
+ extern struct assignment *a;
Added: vendor-crypto/heimdal/dist/packages/debian/po/POTFILES.in
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/po/POTFILES.in (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/po/POTFILES.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] heimdal-kdc.templates
Added: vendor-crypto/heimdal/dist/packages/debian/po/templates.pot
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/po/templates.pot (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/po/templates.pot 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,54 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2004-02-27 10:15-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
+"Language-Team: LANGUAGE <LL at li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: string
+#. Description
+#: ../heimdal-kdc.templates:3
+msgid "Local realm name:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../heimdal-kdc.templates:3
+msgid ""
+"Heimdal requires the name of your local realm. This is typically your domain "
+"name in uppercase. eg if your hostname is host.org.com, then your realm will "
+"become ORG.COM. The default for your host is ${default_realm}."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../heimdal-kdc.templates:10
+msgid "Password for KDC:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../heimdal-kdc.templates:10
+msgid ""
+"Heimdal can encrypt the KDC data with a password. A hashed representation "
+"will be stored in /var/lib/heimdal-kdc/m-key."
+msgstr ""
Added: vendor-crypto/heimdal/dist/packages/debian/rules
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/rules (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/rules 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,62 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+include /usr/share/cdbs/1/rules/patchsys-quilt.mk
+
+DEB_INSTALL_DOCS_ALL =
+DEB_INSTALL_DOCS_heimdal-docs = $(filter-out $(DEB_INSTALL_CHANGELOGS_ALL),$(shell for f in README NEWS TODO BUGS AUTHORS THANKS; do if test -s $(DEB_SRCDIR)/$$f; then echo $(DEB_SRCDIR)/$$f; fi; done)) \
+ NEWS TODO
+
+
+DEB_DH_INSTALL_SOURCEDIR = debian/tmp
+
+DEB_CONFIGURE_LIBEXECDIR ="\$${prefix}/sbin"
+
+DEB_CONFIGURE_EXTRA_FLAGS := \
+ --enable-shared \
+ --enable-otp \
+ --with-kaserver \
+ --with-openssl \
+ --with-openldap \
+ --with-readline-include=/usr/include/editline \
+ --enable-kcm
+
+# /var/lib/heimdal-kdc is 700
+DEB_FIXPERMS_EXCLUDE = heimdal-kdc
+
+binary-post-install/heimdal-servers::
+ mv debian/heimdal-servers/usr/sbin/kfd debian/heimdal-servers/usr/lib/heimdal-servers
+ mv debian/heimdal-servers/usr/sbin/ftpd debian/heimdal-servers/usr/lib/heimdal-servers
+ mv debian/heimdal-servers/usr/sbin/rshd debian/heimdal-servers/usr/lib/heimdal-servers
+ mv debian/heimdal-servers/usr/sbin/telnetd debian/heimdal-servers/usr/lib/heimdal-servers
+ mv debian/heimdal-servers/usr/sbin/popper debian/heimdal-servers/usr/lib/heimdal-servers
+ mv debian/heimdal-servers/usr/bin/login debian/heimdal-servers/usr/lib/heimdal-servers
+
+binary-post-install/heimdal-servers-x::
+ mv debian/heimdal-servers-x/usr/sbin/kxd debian/heimdal-servers-x/usr/lib/heimdal-servers
+
+binary-post-install/heimdal-kdc::
+ mv debian/heimdal-kdc/usr/sbin/kdc debian/heimdal-kdc/usr/lib/heimdal-servers
+ mv debian/heimdal-kdc/usr/sbin/kadmind debian/heimdal-kdc/usr/lib/heimdal-servers
+ mv debian/heimdal-kdc/usr/sbin/kpasswdd debian/heimdal-kdc/usr/lib/heimdal-servers
+ install -m644 debian/extras/default debian/heimdal-kdc/etc/default/heimdal-kdc
+ install -m644 lib/hdb/hdb.schema debian/heimdal-kdc/etc/ldap/schema/hdb.schema
+ dh_fixperms -pheimdal-kdc
+ chmod 700 debian/heimdal-kdc/var/lib/heimdal-kdc
+
+binary-post-install/heimdal-clients::
+ mv debian/heimdal-clients/usr/bin/telnet debian/heimdal-clients/usr/bin/ktelnet
+ mv debian/heimdal-clients/usr/bin/ftp debian/heimdal-clients/usr/bin/kftp
+ mv debian/heimdal-clients/usr/share/man/man1/telnet.1 debian/heimdal-clients/usr/share/man/man1/ktelnet.1
+ mv debian/heimdal-clients/usr/share/man/man1/ftp.1 debian/heimdal-clients/usr/share/man/man1/kftp.1
+ mv debian/heimdal-clients/usr/bin/rsh debian/heimdal-clients/usr/bin/krsh
+ mv debian/heimdal-clients/usr/bin/rcp debian/heimdal-clients/usr/bin/krcp
+ mv debian/heimdal-clients/usr/bin/pagsh debian/heimdal-clients/usr/bin/kpagsh
+ mv debian/heimdal-clients/usr/bin/su debian/heimdal-clients/usr/bin/ksu
+ mv debian/heimdal-clients/usr/share/man/man1/rsh.1 debian/heimdal-clients/usr/share/man/man1/krsh.1
+ mv debian/heimdal-clients/usr/share/man/man1/pagsh.1 debian/heimdal-clients/usr/share/man/man1/kpagsh.1
+ mv debian/heimdal-clients/usr/share/man/man1/su.1 debian/heimdal-clients/usr/share/man/man1/ksu.1
+
+binary-post-install/heimdal-docs::
+ mv debian/heimdal-docs/usr/share/man/man5/krb5.conf.5 debian/heimdal-docs/usr/share/man/man5/krb5.conf.5heimdal
Added: vendor-crypto/heimdal/dist/packages/debian/scripts/convert_source
===================================================================
--- vendor-crypto/heimdal/dist/packages/debian/scripts/convert_source (rev 0)
+++ vendor-crypto/heimdal/dist/packages/debian/scripts/convert_source 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,17 @@
+#!/bin/sh -ex
+
+SRC="$1"
+VERSION="$2"
+DST="heimdal_$VERSION.dfsg.1.orig.tar.gz"
+SRC_DIR="heimdal-$VERSION"
+
+MYTMP=""
+trap 'if [ -n "$MYTMP" ]; then rm -rf $MYTMP; fi' EXIT
+MYTMP=`mktemp -td heimdal.XXXXXX` || exit 1
+
+tar -xzf $SRC -C $MYTMP
+ls -l $MYTMP/$SRC_DIR
+
+rm -r $MYTMP/$SRC_DIR/doc/standardisation
+
+tar -czf $DST -C $MYTMP $SRC_DIR
Added: vendor-crypto/heimdal/dist/packages/mac/Info.plist
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/packages/mac/Info.plist
===================================================================
--- vendor-crypto/heimdal/dist/packages/mac/Info.plist 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/packages/mac/Info.plist 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/packages/mac/Info.plist
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/packages/mac/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/packages/mac/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/packages/mac/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,9 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+EXTRA_DIST = \
+ Info.plist \
+ mac.sh \
+ Resources/Description.plist \
+ Resources/English.lproj/Welcome.rtf
Added: vendor-crypto/heimdal/dist/packages/mac/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/packages/mac/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/packages/mac/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,663 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = packages/mac
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+EXTRA_DIST = \
+ Info.plist \
+ mac.sh \
+ Resources/Description.plist \
+ Resources/English.lproj/Welcome.rtf
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps packages/mac/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps packages/mac/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/packages/mac/Resources/Description.plist
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/packages/mac/Resources/Description.plist
===================================================================
--- vendor-crypto/heimdal/dist/packages/mac/Resources/Description.plist 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/packages/mac/Resources/Description.plist 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/packages/mac/Resources/Description.plist
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/packages/mac/Resources/English.lproj/Welcome.rtf
===================================================================
--- vendor-crypto/heimdal/dist/packages/mac/Resources/English.lproj/Welcome.rtf (rev 0)
+++ vendor-crypto/heimdal/dist/packages/mac/Resources/English.lproj/Welcome.rtf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,8 @@
+{\rtf1\mac\ansicpg10000\cocoartf100
+{\fonttbl\f0\fswiss\fcharset77 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\margl1440\margr1440\vieww9000\viewh9000\viewkind0
+\pard\tx1440\tx2880\tx4320\tx5760\tx7200\ql\qnatural
+
+\f0\fs28 \cf0 Welcome to the Heimdal Installation Program.\
+}
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/packages/mac/mac.sh
===================================================================
--- vendor-crypto/heimdal/dist/packages/mac/mac.sh (rev 0)
+++ vendor-crypto/heimdal/dist/packages/mac/mac.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+#!/bin/sh
+# $Id: mac.sh,v 1.1.1.1 2012-07-21 15:09:08 laffer1 Exp $
+
+dbase=`dirname $0`
+base=`cd $dbase && pwd`
+config=${base}/../../configure
+
+destdir=`pwd`/destdir
+builddir=`pwd`/builddir
+imgdir=`pwd`/imgdir
+
+rm -rf ${destdir} ${builddir} ${imgdir} || exit 1
+mkdir ${destdir} || exit 1
+mkdir ${builddir} || exit 1
+mkdir ${imgdir} || exit 1
+
+cd ${builddir} || exit 1
+
+version=`sh ${config} --help 2>/dev/null | head -1 | sed 's/.*Heimdal \([^ ]*\).*/\1/'`
+
+echo "Building Mac universal binary package for Heimdal ${version}"
+echo "Configure"
+env \
+ CFLAGS="-arch i386 -arch ppc" \
+ LDFLAGS="-arch i386 -arch ppc" \
+ ${config} > log || exit 1
+echo "Build"
+make all > /dev/null || exit 1
+echo "Run regression suite"
+make check > /dev/null || exit 1
+echo "Install"
+make install DESTDIR=${destdir} > /dev/null || exit 1
+
+echo "Build package"
+/Developer/usr/bin/packagemaker \
+ --version "${version}" \
+ --root ${destdir} \
+ --info ${base}/Info.plist \
+ --out ${imgdir}/Heimdal.pkg \
+ --resources ${base}/Resources \
+ --domain system || exit 1
+
+cd ..
+echo "Build disk image"
+rm "heimdal-${version}.dmg"
+/usr/bin/hdiutil create -volname "Heimdal-${version}" -srcfolder ${imgdir} "heimdal-${version}.dmg" || exit 1
+
+echo "Clean"
+rm -rf ${destdir} ${builddir} ${imgdir} || exit 1
+
+echo "Done!"
+exit 0
Added: vendor-crypto/heimdal/dist/tests/ChangeLog
===================================================================
--- vendor-crypto/heimdal/dist/tests/ChangeLog (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ChangeLog 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,742 @@
+2008-01-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc: Test the PKCS11 provider built-in to libhx509.
+
+2007-12-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ldap/init.ldif: Add space to make valid ldiff file, from Buchan
+ Milne
+
+ * ldap/slapd-init.in: Another place where schemas are installed,
+ from Buchan Milne.
+
+2007-12-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kadmin.in: Check that admin-less principal works.
+
+2007-12-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-ntlm.in: test kdigest digest-probe command.
+
+2007-12-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-basic.in: Test GSS_C_NO_NAME too.
+
+2007-10-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Try multiple enctypes.
+
+2007-08-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * java/Makefile.am: EXTRA_DIST += jaas.conf
+
+2007-08-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * java/Makefile.am: Add java source code.
+
+2007-08-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-iprop.in: Don't run this test in AFS since AFS is
+ missing unix sockets.
+
+ * kdc/wait-kdc.sh: Catch bind ../../tests/kdc/signal: Operation
+ not permitted
+
+2007-08-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-iprop.in: use wait-kdc.sh for all diffrent places we
+ start ipropd-{master,slave}.
+
+ * all-tests: empty messages.log
+
+ * kdc/check-iprop.in: Use wait-kdc.sh to wait for
+ ipropd-{master,slave}.
+
+ * kdc/wait-kdc.sh: look futher back in the logfile.
+
+ * kdc/wait-kdc.sh: Make wait-kdc.sh able to wait on other things.
+
+ * kdc/check-iprop.in: Checking master going backward, create
+ iprop-stats.
+
+2007-08-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * java/have-java.sh: GNU GCC Java doesn't support Kerberos
+
+2007-08-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-iprop.in: wait longer for iprop, dump messages.log on
+ failure.
+
+ * kdc/Makefile.am: Clean after iprop tests.
+
+ * kdc/check-iprop.in: more iprop tests.
+
+2007-07-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: Add check-iprop and related files.
+
+ * kdc/krb5.conf.in: Add stuff for iprop.
+
+ * kdc/check-iprop.in: Test for iprop.
+
+ * kdc/iprop-acl: ACL file for iprop.
+
+2007-07-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/donotexists.txt: missing file.
+
+2007-07-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: EXTRA_DIST += donotexists.txt
+
+2007-07-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Test renewing.
+
+2007-07-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: Test for simple salt types.
+
+ * kdc/krb5.conf.keys.in: Configuration file for testing keys.
+
+ * kdc/check-keys.in: Test some simple salt types.
+
+2007-07-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * java/Makefile.am: EXTRA_DIST += have_java.sh
+
+ * java/check-kinit.in: Make failing to compile a java program a
+ no-fatal error.
+
+ * java/check-kinit.in: Disable test if we use socket wrapper.
+
+2007-07-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kadmin.in: Give more hints of what went wrong.
+
+2007-07-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: add check-kadmin.in
+
+2007-07-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ldap/slapd.conf: add samba.schema.
+
+ * ldap/slapd-init.in: Add samba schema.
+
+ * ldap/init.ldif: Samba entry to do testing with.
+
+2007-07-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * java/check-kinit.in: Only print when there is an error.
+
+ * java/krb5.conf.in: Move the AES enctypes first.
+
+2007-07-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kadmin.in: Send kill outout to /dev/null.
+
+ * kdc/krb5.conf.in: Add bits needed for kadmind server test.
+
+ * kdc/Makefile.am: Add check-kadmin.
+
+ * kdc/check-kadmin.in: Simple test for server based kadmin.
+
+ * kdc/heimdal.acl: ACL file for check-admin test.
+
+2007-07-05 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: Add java.
+
+ * java: simple java kinit test
+
+2007-06-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ldap/check-ldap.in: Add one more principal and list the
+ database.
+
+ * kdc/check-pkinit.in: Fix hxtool issue-certificate --req.
+
+ * kdc/check-referral.in: Spelling.
+
+2007-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-context.in: disable dns canon on test, break on some
+ buildfarm hosts.
+
+2007-06-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * can/test_can.in: readline seems strange, try diffrent way to
+ setup the database.
+
+2007-06-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * can/test_can.in: spoon feed kadmin diffrently
+
+2007-06-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Also test rename user to anther realm.
+
+ * kdc/check-kdc.in: Test renaming a user.
+
+ * can/test_can.in: Tell use what the messages.log told us.
+
+ * kdc/check-referral.in: Add some more as-req canon tests, add
+ disable tgs-req tests.
+
+2007-06-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * can/check-can.in: Check is there is a working db backend here.
+
+2007-06-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * can/Makefile.am: Clean up more cruft.
+
+2007-06-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * can/Makefile.am: More files we want in the dist.
+
+ * can/test_can.in: Simplify error reporting.
+
+ * can/test_can.in: Catch error from kadmin.
+
+ * can/mit-pkinit-20070607.*: mit pkinit-9 request
+
+ * can/check-can.in: Add mit-pkinit test.
+
+ * can/Makefile.am: Create specific configurtion files for some
+ tests.
+
+ * can/test_can.in: Pick up the right generated
+ krb5.conf (spelling).
+
+ * can: Add Apple Tiger 10.4/MIT Kerberos 1.4
+
+ * can/test_can.in: Don't need to start a kdc for this test.
+
+ * can: pre-canned requests from older versions and other implementations
+
+ * Makefile.am: SUBDIRS += can
+
+2007-06-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-uu.in: Use stdout from uu_server.
+
+2007-05-31 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-pkinit.in: Try pkinit in w2k mode, also add tests for
+ MS SAN.
+
+ * kdc/Makefile.am: generate a krb5-pkinit-win.conf
+
+ * kdc/krb5-pkinit.conf.in: W2K tests.
+
+2007-05-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: remove more files
+
+2007-05-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-pkinit.in: try principal subject in DB
+
+2007-05-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-basic.in: test using test_kcred
+
+ * gss/check-ntlm.in: One more test.
+
+ * ldap/check-ldap.in: check in /usr/lib/openldap too for slapd and
+ slapadd
+
+2007-05-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/add-modify-delete.in: Remove comment.
+
+ * db/add-modify-delete.in: try replay
+
+ * db/Makefile.am: clean more files.
+
+ * db/add-modify-delete.in: try iprop-log commands.
+
+2007-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/krb5.conf.in: Add longer example.
+
+2007-04-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db: basic tests for dbinfo
+
+2007-04-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/Makefile.am: Add check-ntlm.
+
+ * gss/check-ntlm.in: test ntlm client credentials code.
+
+2007-04-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/loaddump-db.in: make kstash quiet
+
+2007-04-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-basic.in: more gss_acquire_cred tests
+
+2007-04-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/Makefile.am: add check-basic
+
+ * gss/check-basic.in: basic tests that might require a KDC.
+
+2007-04-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: CLEANFILES += sdigest-init
+
+2007-04-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * ldap/slapd-init.in: Add Id tag
+
+2007-02-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: test new kadmin add_enctype functionallity
+
+2007-02-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Makefile.am: add ldap
+
+ * kdc/check-referral.in: add check-referral
+
+ * kdc/Makefile.am: add check-referral
+
+2007-02-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * tests/ldap: simple ldap test, inspried by samba ldb ldap test
+
+2007-02-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-digest.in: Test ms-chap-v2 (client response, server
+ response, session key)
+
+2007-02-02 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5.conf.in: allow ms-chap-v2
+
+2007-02-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-digest.in: Negative check too.
+
+2007-01-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-uu.in: save log, wait longer
+
+2007-01-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-pkinit.in: tell me about certifiate that we have
+ generated
+
+2007-01-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * no random, no RSA/DH tests
+
+ * plugin/Makefile.am: remove files created by tests
+
+ * gss/Makefile.am: remove files created by tests
+
+ * gss/Makefile.am: add ntlm-user-file.txt
+
+2007-01-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/ap-req.c: --verify-pac no means verify existance of PAC in
+ ticket, the signature checking is done by the kerberos library.
+
+ * kdc/check-digest.in: display messages.log and help that that
+ tells us what went wrong.
+
+ * plugin/windc.c: Update to validate function signature change.
+
+ * Makefile.am: Only traverse into plugin if there is shared
+ library support.
+
+2007-01-09 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-pkinit.in: Prefix key with FILE:
+
+2007-01-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * plugin/Makefile.am: EXTRA_DIST += krb5.conf.in
+
+ * plugin/check-pac.in: test explicit requested pac and explicit
+ negative requested pac.
+
+ * kdc/ap-req.c: Make it possible to turn off PAC check, its
+ default on.
+
+ * plugin/windc.c: Add client_access.
+
+ * plugin/check-pac.in: Verify PAC on server end too.
+
+ * kdc/ap-req.c: Add verification of PAC.
+
+ * kdc/Makefile.am: Add test for pkinit with locally generated
+ certs.
+
+ * kdc/check-pkinit.in: Generate a ca, kdc cert and client cert and
+ try to use them
+
+ * kdc/pki-mapping: add other foo at TEST
+
+ * kdc/krb5-pkinit.conf.in: pkinit specific krb5.conf
+
+2007-01-03 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * plugin/check-pac.in: test tgs-req
+
+ * plugin/windc.c: log that the function is called.
+
+ * kdc/check-digest.in: Test security layer in ntlm.
+
+ * plugin: test WinDC PAC functionallity
+
+ * Makefile.am: Include plugin in tests
+
+2006-12-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/ntlm-user-file.txt: Correct DOMAIN name
+
+2006-12-26 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5.conf.in: Add digests acls (all)
+
+2006-12-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-spnego.in: test wrapunwrap
+
+ * gss/check-spnego.in: Test get and verify MIC.
+
+ * gss/check-context.in: don't need to set GSSAPI_SPNEGO_NAME any
+ longer
+
+2006-12-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-context.in: Define GSSAPI_SPNEGO_NAME and re-add
+ spnego
+
+ * gss/check-context.in: add trap, remove allow-digest, pretty
+ print.
+
+ * gss/check-gssmask.in: catch EXIT traps
+
+ * gss/check-spnego.in: test more combination of spnego contexts
+
+ * gss/Makefile.am: add check-spnego
+
+ * gss/check-spnego.in: check spnego combinations.
+
+2006-12-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-digest.in: test more combinations of names
+
+2006-12-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/ntlm-user-file.txt: ntlm username and password file
+
+ * kdc/check-digest.in: Check that ntlm works.
+
+2006-12-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-digest.in: prefix digest commands with digest-
+
+2006-11-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Don't (afs) unlog using kdestroy
+
+2006-11-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: Add LIB_roken and (implictly by that libvers
+ for print_version) to LDADD
+
+2006-11-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: check that the getarg -- option works for
+ delete and add.
+
+ * kdc/check-kdc.in: Test proxy cert.
+
+2006-11-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/krb5.conf.in: revert the enable-pkinit change, and make it
+ consistant with all other other enable- options
+
+2006-11-15 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-context.in: Add dce-style context building test.
+
+ * gss/check-context.in: test more combination of context building
+
+2006-11-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * Use TEST{,2}.H5L.SE for testing
+
+2006-11-08 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/Makefile.am: Use EGREP.
+
+ * kdc/check-kdc.in: Use EGREP.
+
+2006-10-23 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: run eval on the testfailed variable so we run
+ all commands
+
+2006-10-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/Makefile.am: make have-db being built in the "make all"
+ target.
+
+ * kdc/check-kdc.in: tell more what the kdc though about the
+ failure.
+
+2006-10-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/add-modify-delete.in: Use EGREP.
+
+ * db/Makefile.am: add EGREP to do_subst
+
+2006-10-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/Makefile.am: Clean temporary files
+
+ * db/Makefile.am: clean have-db
+
+ * kdc/Makefile.am: Add pki-mapping to dist file.
+
+ * kdc/Makefile.am: more files
+
+ * db/Makefile.am: more files
+
+2006-10-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-context.in: give path to have-db
+
+ * gss/check-gssmask.in: give path to have-db
+
+ * kdc/check-kdc.in: give path to have-db
+
+ * kdc/check-digest.in: give path to have-db
+
+ * gss/check-gssmask.in: If there is no useful db support compile
+ in, disable test
+
+ * gss/check-context.in: Add commeted out digest check.
+
+ * kdc/check-digest.in: If there is no useful db support compile
+ in, disable test
+
+ * kdc/check-kdc.in: If there is no useful db support compile in,
+ disable test
+
+ * db/loaddump-db.in: If there is no useful db support compile in,
+ disable test
+
+ * db/have-db.in: Check if the kdc have any useful builtin
+ database.
+
+ * kdc/check-kdc.in: Fix awk statement, put RE on the right side.
+
+2006-10-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-gssmask.in: remove dup exit
+
+ * gss/check-context.in: More name tests.
+
+ * gss/check-context.in: test with and without dns-canon
+
+2006-10-14 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Be more explit about what test failed.
+
+2006-10-13 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-context.in: et KRB5CCNAME in global enviorment
+
+2006-10-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/Makefile.am: Check if the gss context tester test_context
+ works ok.
+
+ * gss/check-context.in: Check if the gss context tester
+ test_context works ok.
+
+2006-10-10 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-gssmask.in: use wait-kdc.sh script
+
+ * kdc/check-kdc.in: use wait-kdc.sh script
+
+ * kdc/check-digest.in: use wait-kdc.sh script
+
+ * Heimdal uses TESTS_ENVIRONMENT before every binary being tested
+ directly from the Makefile. This now uses the same for the
+ scripts, so we can run them under valgrind. From Andrew Bartlet
+
+2006-10-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/Makefile.am: splits script tests and binary tests
+
+ * db/Makefile.am: Add tests script depenencies
+
+ * kdc/Makefile.am: Split script tests and binary tests
+
+2006-10-04 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Test pkinit encKey case.
+
+2006-09-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-gssmask.in: Catch failures from gssmaestro.
+
+2006-09-20 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-gssmask.in: Add a third client
+
+2006-09-19 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-gssmask.in: test for gssmask + gssmaestro.
+
+ * gss/krb5.conf.in: Add krb5.conf for krb5.conf
+
+2006-09-18 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * gss/check-gss.in: Add (c)
+
+ * kdc/check-kdc.in: Test constrained delegation impersonation.
+
+2006-09-16 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Change the password on krbtgt a couple of
+ times to have a non boring kvno.
+
+2006-08-24 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-digest.in: Use the server as the server and set
+ diffrent password for the user and service.
+
+ * kdc/check-digest.in: Set allow digest flag on the server.
+
+ * kdc/Makefile.am: Build and run check-digest test.
+
+ * kdc/check-digest.in: Remove channel bindings from CHAP tests,
+ there is no such thing for CHAP.
+
+ * kdc/check-kdc.in: Test aes only krbtgt and des3 only service.
+
+2006-08-21 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Remove empty lines for picky awks
+
+2006-07-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Check for cross realm case where remove user
+ doesn't exists in the database, this is ok assuming the cross
+ realm isn't local. In the general case this isn't true.
+
+2006-06-22 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: run kadmin check
+
+2006-06-07 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: test that delegated cred works too
+
+ * kdc/check-kdc.in: Test delegation
+
+2006-06-06 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Add impersonation tests.
+
+2006-06-01 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Less verbose, spelling.
+
+ * kdc/check-kdc.in: test cross realm and deleted user
+
+2006-05-12 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Check password protected pk-init keyfile.
+
+2006-04-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Don't try pkinit if there is no rsa
+
+2006-04-29 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pki-mapping: change pki-mapping
+
+ * kdc/Makefile.am: clean the server.keytab
+
+ * kdc/check-kdc.in: Add test for pk-init
+
+ * kdc/krb5.conf.in: Add pkinit glue
+
+2006-04-28 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/pki-mapping: Add pk-init mapping file
+
+2006-04-27 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * kdc/check-kdc.in: Sprinkle more ap-req now that the credential
+ is removed from the cache using kdestroy --credential=
+
+ * kdc/ap-req.c: check that AP_OPTS_MUTUAL_REQUIRED matches, check
+ seqnumber
+
+ * kdc/Makefile.am: Build as-req.
+
+ * kdc/check-kdc.in: Sprinkel some as-req
+
+ * kdc/ap-req.c: simple test program checking that as ap-req/as-rep
+ exchange works
+
+2006-04-25 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * {,kdc/,db/}.cvsignore: ignore Makefile.in
+
+ * kdc/check-kdc.in: Try to detect another KDC running.
+
+ * kdc/check-kdc.in: more tests regarding doing AS-REQ and TGS-REQ
+
+ * kdc/krb5.conf.in: krb5.conf template
+
+ * kdc/check-kdc.in: check that the keytab have the right kvno
+
+ * db/add-modify-delete.in: create a server too
+
+ * kdc/check-kdc.in: check kdc too
+
+ * db/Makefile.am: Add add-modify-delete
+
+ * db/add-modify-delete.in: basic kadmin tests
+
+ * Makefile.am: SUBDIRS += kdc
+
+ * kdc/check-kdc.in: Test framework for getting and checking
+ tickets, start kdc on localhost:8888.
+
+ * kdc/Makefile.am: Test framework for getting and checking
+ tickets.
+
+ * db/krb5.conf.in: log all message to local file
+
+ * db/Makefile.am: clean messages file
+
+2006-01-17 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/krb5.conf.in: Set [libdefaults] default_realm = EXAMPLE.ORG.
+
+2005-11-30 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * db/loaddump-db.in: Specifify explicitly that the database is in
+ the current directory.
+
+2005-08-11 Love H\xF6rnquist \xC5strand <lha at it.su.se>
+
+ * test loading and dumping of the database
Added: vendor-crypto/heimdal/dist/tests/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,11 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+SUBDIRS = db kdc gss ldap can java
+
+if ENABLE_SHARED
+if HAVE_DLOPEN
+SUBDIRS += plugin
+endif
+endif
Added: vendor-crypto/heimdal/dist/tests/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,816 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common ChangeLog
+ at ENABLE_SHARED_TRUE@@HAVE_DLOPEN_TRUE at am__append_1 = plugin
+subdir = tests
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = db kdc gss ldap can java plugin
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+SUBDIRS = db kdc gss ldap can java $(am__append_1)
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ distdir=`$(am__cd) $(distdir) && pwd`; \
+ top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+ (cd $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$top_distdir" \
+ distdir="$$distdir/$$subdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-recursive
+all-am: Makefile all-local
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+ install-data-am install-exec-am install-strip uninstall-am
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool ctags ctags-recursive dist-hook \
+ distclean distclean-generic distclean-libtool distclean-tags \
+ distdir dvi dvi-am html html-am info info-am install \
+ install-am install-data install-data-am install-data-hook \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-hook install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/can/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf mit-pkinit-20070607.cf
+
+check_SCRIPTS = $(SCRIPT_TESTS) test_can
+
+SCRIPT_TESTS = check-can
+TESTS = $(SCRIPT_TESTS)
+
+port = 49188
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+test_can: test_can.in Makefile
+ $(do_subst) < $(srcdir)/test_can.in > test_can.tmp
+ chmod +x test_can.tmp
+ mv test_can.tmp test_can
+
+check-can: check-can.in Makefile
+ $(do_subst) < $(srcdir)/check-can.in > check-can.tmp
+ chmod +x check-can.tmp
+ mv check-can.tmp check-can
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+SUFFIXES += .xf .cf
+
+.xf.cf:
+ $(do_subst) < $< > $@.tmp
+ mv $@.tmp $@
+
+CLEANFILES= $(TESTS) *.tmp *.cf \
+ current-db* \
+ krb5.conf \
+ messages.log \
+ test_can
+
+EXTRA_DIST = \
+ apple-10.4.kadm \
+ apple-10.4.req \
+ check-can.in \
+ heim-0.8.kadm \
+ heim-0.8.req \
+ krb5.conf.in \
+ mit-pkinit-20070607.ca.crt \
+ mit-pkinit-20070607.kadm \
+ mit-pkinit-20070607.req \
+ mit-pkinit-20070607.xf \
+ test_can.in
Added: vendor-crypto/heimdal/dist/tests/can/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,781 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tests/can
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DATA = $(noinst_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .xf .cf
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = krb5.conf mit-pkinit-20070607.cf
+check_SCRIPTS = $(SCRIPT_TESTS) test_can
+SCRIPT_TESTS = check-can
+TESTS = $(SCRIPT_TESTS)
+port = 49188
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/can,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+CLEANFILES = $(TESTS) *.tmp *.cf \
+ current-db* \
+ krb5.conf \
+ messages.log \
+ test_can
+
+EXTRA_DIST = \
+ apple-10.4.kadm \
+ apple-10.4.req \
+ check-can.in \
+ heim-0.8.kadm \
+ heim-0.8.req \
+ krb5.conf.in \
+ mit-pkinit-20070607.ca.crt \
+ mit-pkinit-20070607.kadm \
+ mit-pkinit-20070607.req \
+ mit-pkinit-20070607.xf \
+ test_can.in
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .xf .cf .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/can/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/can/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-TESTS check-am check-local \
+ clean clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+test_can: test_can.in Makefile
+ $(do_subst) < $(srcdir)/test_can.in > test_can.tmp
+ chmod +x test_can.tmp
+ mv test_can.tmp test_can
+
+check-can: check-can.in Makefile
+ $(do_subst) < $(srcdir)/check-can.in > check-can.tmp
+ chmod +x check-can.tmp
+ mv check-can.tmp check-can
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+.xf.cf:
+ $(do_subst) < $< > $@.tmp
+ mv $@.tmp $@
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/can/apple-10.4.kadm
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/apple-10.4.kadm (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/apple-10.4.kadm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4 @@
+init --realm-max-ticket-life=1day --realm-max-renewable-life=1month TEST.H5L.SE
+cpw -p kaka krbtgt/TEST.H5L.SE at TEST.H5L.SE
+add -p foo --use-defaults foo at TEST.H5L.SE
+add -p foo --use-defaults bar at TEST.H5L.SE
Added: vendor-crypto/heimdal/dist/tests/can/apple-10.4.req
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/tests/can/apple-10.4.req
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/apple-10.4.req 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/tests/can/apple-10.4.req 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/tests/can/apple-10.4.req
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/tests/can/check-can.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/check-can.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/check-can.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-can.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+./test_can TEST.H5L.SE heim-0.8 || exit 1
+./test_can TEST.H5L.SE apple-10.4 || exit 1
+./test_can HEIMDAL.CITI.UMICH.EDU mit-pkinit-20070607 || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/can/heim-0.8.kadm
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/heim-0.8.kadm (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/heim-0.8.kadm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4 @@
+init --realm-max-ticket-life=1day --realm-max-renewable-life=1month TEST.H5L.SE
+cpw -p kaka krbtgt/TEST.H5L.SE at TEST.H5L.SE
+add -p foo --use-defaults foo at TEST.H5L.SE
+add -p foo --use-defaults bar at TEST.H5L.SE
Added: vendor-crypto/heimdal/dist/tests/can/heim-0.8.req
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/tests/can/heim-0.8.req
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/heim-0.8.req 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/tests/can/heim-0.8.req 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/tests/can/heim-0.8.req
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/tests/can/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,24 @@
+# $Id: krb5.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+ no-addresses = TRUE
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[kdc]
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
Added: vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.ca.crt
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.ca.crt (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.ca.crt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgICNOswDQYJKoZIhvcNAQEFBQAwczELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgTCE1pY2hpZ2FuMRIwEAYDVQQHEwlBbm4gQXJib3IxHzAdBgNVBAoT
+FlVuaXZlcnNpdHkgb2YgTWljaGlnYW4xHDAaBgNVBAMTE0NJVEkgUHJvZHVjdGlv
+biBLQ0EwHhcNMDYxMDEzMTYxNTIyWhcNMTYxMDEyMTYxNTIyWjBzMQswCQYDVQQG
+EwJVUzERMA8GA1UECBMITWljaGlnYW4xEjAQBgNVBAcTCUFubiBBcmJvcjEfMB0G
+A1UEChMWVW5pdmVyc2l0eSBvZiBNaWNoaWdhbjEcMBoGA1UEAxMTQ0lUSSBQcm9k
+dWN0aW9uIEtDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM85fWVD
+rneI9CM9NvpSw1PO571/8RhBiY1p0hMFi9ppD4Xaztswz0nrCEpuAhtXUxF+H6CS
+aAXFLiY/SQhj3JGpVw3yPE2CeGtmcMjDDxOW5Raw0XwbK/BdgYFg/AU5FH7RtOV7
+pnhBlk5oJt0VJyJs+NNw4+V2IqODRvX88AR6dDAd8TpbZJEdgoGU+LHaC6cha6WU
+p6nmjVx0TLUvIa16NFZGs44bNIIt7cI6zil/dM76881APTbYcB8hGqQJiphqX6ff
+HI3uiHclK2rOZufRqhn0NJNWDCrK55PXQX67UmKBLqAsoFSJDPD+cBIUXtVeFLGs
+uJYK8F9FaN3r9XsCAwEAAaOBgDB+MA8GA1UdEwQIMAYBAf8CAQAwEQYJYIZIAYb4
+QgEBBAQDAgAHMAsGA1UdDwQEAwIBhjAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
+ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGXMLAou01gvxxcJc+Tvat/T
+QHwwMA0GCSqGSIb3DQEBBQUAA4IBAQC99gg/E230FPGmDaP4YecmtSSGOnD+jJ+A
+sPcJKaeS3dOGDTngKCzzQZ4nl7LYRSj5DWZTTrlrKfbc6GiUE0n/K/+GBvL/kjOV
+qZsyGNfepscVe6mPz43NoNztf/1j+0QQcioHHHtAq/YFPBp1VdYsOsB+IE+g8RVi
+EDjsvmR/++s9zX5fGuVvN7RNwLFrxfqcPFZCUG8pkIHbBPRhRV/aOKHGMcThNrtC
+9cZ8xaDwhP0fdSUVESGFj+MMQCAp8YZvypJuHTYX7Ng4OMdCOPPg4Kk1ycOGAcYe
+o/m7ICx1md6Va9zEfwqmrXVxGaT0I23lI9H9sv+ugvZ3v5iedhO/
+-----END CERTIFICATE-----
Added: vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.kadm
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.kadm (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.kadm 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+init --realm-max-ticket-life=1day --realm-max-renewable-life=1month HEIMDAL.CITI.UMICH.EDU
+cpw -p kaka krbtgt/HEIMDAL.CITI.UMICH.EDU at HEIMDAL.CITI.UMICH.EDU
+add -p foo --use-defaults aglo at HEIMDAL.CITI.UMICH.EDU
Added: vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.req
===================================================================
(Binary files differ)
Index: vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.req
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.req 2015-07-21 23:40:51 UTC (rev 7123)
+++ vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.req 2015-07-22 14:55:56 UTC (rev 7124)
Property changes on: vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.req
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.xf
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.xf (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/mit-pkinit-20070607.xf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+# $Id: mit-pkinit-20070607.xf,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = HEIMDAL.CITI.UMICH.EDU
+ no-addresses = TRUE
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[kdc]
+ enable-pkinit = yes
+ pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt, at srcdir@/../../lib/hx509/data/kdc.key
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt, at srcdir@/mit-pkinit-20070607.ca.crt
+
+ database = {
+ dbname = @objdir@/current-db
+ realm = HEIMDAL.CITI.UMICH.EDU
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
Added: vendor-crypto/heimdal/dist/tests/can/test_can.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/can/test_can.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/can/test_can.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,79 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: test_can.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+R=$1
+tst=$2
+
+if [ ! -f ${srcdir}/${tst}.req ] ; then
+ echo "${tst}.req missing"
+fi
+if [ ! -f ${srcdir}/${tst}.kadm ] ; then
+ echo "${tst}.kadm missing"
+fi
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+replay="${TESTS_ENVIRONMENT} ../../kdc/kdc-replay"
+
+if [ -f ${objdir}/${tst}.cf ]; then
+ KRB5_CONFIG="${objdir}/${tst}.cf"
+else
+ KRB5_CONFIG="${objdir}/krb5.conf"
+fi
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+echo "Load database for ${tst}"
+while read x ; do
+ ${kadmin} $x || exit 1
+done < ${srcdir}/${tst}.kadm || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+> messages.log
+${replay} ${srcdir}/${tst}.req || { cat messages.log ; exit 1; }
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/db/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf
+
+noinst_SCRIPTS = have-db
+
+check_SCRIPTS = loaddump-db add-modify-delete check-dbinfo
+
+TESTS = $(check_SCRIPTS)
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/db,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+loaddump-db: loaddump-db.in Makefile
+ $(do_subst) < $(srcdir)/loaddump-db.in > loaddump-db.tmp
+ chmod +x loaddump-db.tmp
+ mv loaddump-db.tmp loaddump-db
+
+add-modify-delete: add-modify-delete.in Makefile
+ $(do_subst) < $(srcdir)/add-modify-delete.in > add-modify-delete.tmp
+ chmod +x add-modify-delete.tmp
+ mv add-modify-delete.tmp add-modify-delete
+
+check-dbinfo: check-dbinfo.in Makefile
+ $(do_subst) < $(srcdir)/check-dbinfo.in > check-dbinfo.tmp
+ chmod +x check-dbinfo.tmp
+ mv check-dbinfo.tmp check-dbinfo
+
+have-db: have-db.in Makefile
+ $(do_subst) < $(srcdir)/have-db.in > have-db.tmp
+ chmod +x have-db.tmp
+ mv have-db.tmp have-db
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+
+CLEANFILES= \
+ $(TESTS) \
+ have-db \
+ db-dump* \
+ dbinfo.out \
+ current-db* \
+ out-text-dump* \
+ out-current-* \
+ mkey.file* \
+ krb5.conf krb5.conf.tmp \
+ tempfile \
+ log.current-db* \
+ messages.log
+
+EXTRA_DIST = \
+ check-dbinfo.in \
+ loaddump-db.in \
+ add-modify-delete.in \
+ have-db.in \
+ krb5.conf.in \
+ text-dump-0.7 \
+ text-dump-known-ext \
+ text-dump-no-ext \
+ text-dump-unknown-ext
+
Added: vendor-crypto/heimdal/dist/tests/db/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,793 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tests/db
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+SCRIPTS = $(noinst_SCRIPTS)
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DATA = $(noinst_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = krb5.conf
+noinst_SCRIPTS = have-db
+check_SCRIPTS = loaddump-db add-modify-delete check-dbinfo
+TESTS = $(check_SCRIPTS)
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/db,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+CLEANFILES = \
+ $(TESTS) \
+ have-db \
+ db-dump* \
+ dbinfo.out \
+ current-db* \
+ out-text-dump* \
+ out-current-* \
+ mkey.file* \
+ krb5.conf krb5.conf.tmp \
+ tempfile \
+ log.current-db* \
+ messages.log
+
+EXTRA_DIST = \
+ check-dbinfo.in \
+ loaddump-db.in \
+ add-modify-delete.in \
+ have-db.in \
+ krb5.conf.in \
+ text-dump-0.7 \
+ text-dump-known-ext \
+ text-dump-no-ext \
+ text-dump-unknown-ext
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/db/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/db/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(SCRIPTS) $(DATA) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-TESTS check-am check-local \
+ clean clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+loaddump-db: loaddump-db.in Makefile
+ $(do_subst) < $(srcdir)/loaddump-db.in > loaddump-db.tmp
+ chmod +x loaddump-db.tmp
+ mv loaddump-db.tmp loaddump-db
+
+add-modify-delete: add-modify-delete.in Makefile
+ $(do_subst) < $(srcdir)/add-modify-delete.in > add-modify-delete.tmp
+ chmod +x add-modify-delete.tmp
+ mv add-modify-delete.tmp add-modify-delete
+
+check-dbinfo: check-dbinfo.in Makefile
+ $(do_subst) < $(srcdir)/check-dbinfo.in > check-dbinfo.tmp
+ chmod +x check-dbinfo.tmp
+ mv check-dbinfo.tmp check-dbinfo
+
+have-db: have-db.in Makefile
+ $(do_subst) < $(srcdir)/have-db.in > have-db.tmp
+ chmod +x have-db.tmp
+ mv have-db.tmp have-db
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/db/add-modify-delete.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/add-modify-delete.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/add-modify-delete.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,137 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: add-modify-delete.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+# If there is no useful db support compile in, disable test
+./have-db || exit 77
+
+R=EXAMPLE.ORG
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+iproplog="${TESTS_ENVIRONMENT} ../../lib/kadm5/iprop-log"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f current-db*
+rm -f log.current-db*
+rm -f out-*
+rm -f mkey.file*
+
+echo init database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ EXAMPLE.ORG || exit 1
+
+echo test add
+${kadmin} add -r --use-defaults foo || exit 1
+${kadmin} list '*' > /dev/null || exit 1
+${kadmin} list '*' | ${EGREP} '^foo$' > /dev/null || exit 1
+
+echo "test add (double)"
+${kadmin} add -r --use-defaults foo 2>/dev/null && exit 1
+
+echo test rename
+${kadmin} rename foo bar
+${kadmin} list '*' | ${EGREP} '^foo$' > /dev/null && exit 1
+${kadmin} list '*' | ${EGREP} '^bar$' > /dev/null || exit 1
+
+echo test delete
+${kadmin} delete bar || exit 1
+${kadmin} list '*' | ${EGREP} '^bar$' > /dev/null && exit 1
+
+echo "test delete (double)"
+${kadmin} delete bar 2> /dev/null && exit 1
+
+echo "creating sample user"
+${kadmin} add -r --use-defaults foo || exit 1
+${kadmin} get foo > tempfile || exit 1
+echo checking principal
+${EGREP} " *Principal: foo at EXAMPLE.ORG$" tempfile > /dev/null || exit 1
+echo checking kvno
+${EGREP} " *Kvno: 1$" tempfile > /dev/null || exit 1
+echo checking failed login count
+${EGREP} " *Failed login count: 0$" tempfile > /dev/null || exit 1
+echo checking modifier
+${EGREP} " *Modifier: kadmin/admin at EXAMPLE.ORG$" tempfile > /dev/null || exit 1
+echo checking attributes
+${EGREP} " *Attributes: $" tempfile > /dev/null || exit 1
+echo checking renew time
+${EGREP} " *Max renewable life: 1 week$" tempfile > /dev/null || exit 1
+
+echo modifing renewable-life
+${kadmin} modify --max-renewable-life=2months foo
+echo checking renew time
+${kadmin} get foo > tempfile || exit 1
+${EGREP} " *Max renewable life: 2 months$" tempfile > /dev/null || exit 1
+
+echo "creating sample server"
+${kadmin} add -r --use-defaults host/datan.example.org || exit 1
+${kadmin} get host/datan.example.org > tempfile || exit 1
+echo checking principal
+${EGREP} " *Principal: host/datan.example.org at EXAMPLE.ORG$" tempfile > /dev/null || exit 1
+echo checking kvno
+${EGREP} " *Kvno: 1$" tempfile > /dev/null || exit 1
+
+echo "iprop-log dump"
+${iproplog} dump > /dev/null || exit 1
+echo "iprop-log last-version"
+${iproplog} last-version > /dev/null || exit 1
+
+echo "check iprop replay"
+
+${kadmin} dump out-current-db || exit 1
+sort out-current-db > out-current-db-sort
+
+rm -f current-db*
+
+echo "replaying"
+${iproplog} replay > /dev/null || exit 1
+
+${kadmin} dump out-current-db2 || exit 1
+sort out-current-db2 > out-current-db2-sort
+
+# XXX database should really be the same afterward... :(
+# cmp out-current-db-sort out-current-db2-sort || exit 1
+
+
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/db/check-dbinfo.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/check-dbinfo.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/check-dbinfo.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-dbinfo.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+../../lib/hdb/test_dbinfo > dbinfo.out || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/db/have-db.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/have-db.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/have-db.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: have-db.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+base=`dirname "$0"`
+
+kdc="${base}/../../kdc/kdc"
+
+list=`${kdc} --builtin-hdb | sed 's/^builtin hdb backends: //'`
+oldIFS="$IFS"
+IPS=,
+set - ${list}
+IFS="$oldIFS"
+
+while [ $# != 0 ] ; do
+ case $1 in
+ db:*) exit 0 ;;
+ ndbm:*) exit 0 ;;
+ gdbm:*) exit 0 ;;
+ db4:*) exit 0 ;;
+ db3:*) exit 0 ;;
+ ldb:*) exit 0 ;;
+ esac
+ shift
+done
+
+exit 1
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/tests/db/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+[libdefaults]
+ default_realm = EXAMPLE.ORG
+
+[realms]
+ EXAMPLE.ORG = {
+ kdc = localhost
+ }
+
+[kdc]
+ database = {
+ label = {
+ realm = LABEL.TEST.H5L.SE
+ dbname = @objdir@/label-db
+ mkey_file = @objdir@/mkey.file
+ }
+ label2 = {
+ dbname = @objdir@/lable2-db
+ realm = LABEL2.TEST.H5L.SE
+ mkey_file = @objdir@/mkey2.file
+ }
+ dbname = @objdir@/current-db
+ realm = EXAMPLE.ORG
+ mkey_file = @objdir@/mkey.file
+ log_file = @objdir@/log.current-db.log
+ }
+
+[logging]
+ default = 0-/FILE:@objdir@/messages.log
Added: vendor-crypto/heimdal/dist/tests/db/loaddump-db.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/loaddump-db.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/loaddump-db.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: loaddump-db.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+./have-db || exit 77
+
+R=EXAMPLE.ORG
+
+kadmin="../../kadmin/kadmin -l -r $R"
+kstash="../../kdc/kstash"
+hprop="../../kdc/hprop"
+hpropd="../../kdc/hpropd"
+
+propdb="${hprop} --database=./current-db -n"
+propddb="${hpropd} --database=./current-db -n"
+
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ EXAMPLE.ORG || exit 1
+
+# check that we can dump and load ourself
+${kadmin} dump out-current-db || exit 1
+sort out-current-db > out-current-db-sort
+${kadmin} load out-current-db || exit 1
+${kadmin} dump out-current-db2 || exit 1
+sort out-current-db2 > out-current-db2-sort
+cmp out-current-db-sort out-current-db2-sort || exit 1
+
+rm -f current-db*
+
+# check with no extentions
+${kadmin} load ${srcdir}/text-dump-0.7 || exit 1
+${propdb} > db-dump.tmp|| exit 1
+rm -f current-db*
+${propddb} < db-dump.tmp || exit 1
+${kadmin} dump | sort | sed 's/[0-9]* -$//' > out-text-dump-0.7 || exit 1
+sort < ${srcdir}/text-dump-0.7 | \
+ sed 's/[0-9]*$//' > out-text-dump-0.7-orig || exit 1
+cmp out-text-dump-0.7-orig out-text-dump-0.7 || exit 1
+
+# check with no extentions
+${kadmin} load ${srcdir}/text-dump-no-ext || exit 1
+${propdb} > db-dump.tmp || exit 1
+${propddb} < db-dump.tmp || exit 1
+${kadmin} dump | sort | \
+ awk '{$11=""; print;}' > out-text-dump-no-ext || exit 1
+sort < ${srcdir}/text-dump-no-ext | \
+ awk '{$11=""; print;}' > out-text-dump-no-ext-orig || exit 1
+cmp out-text-dump-no-ext-orig out-text-dump-no-ext || exit 1
+
+# check with known extentions
+${kadmin} load ${srcdir}/text-dump-known-ext || exit 1
+${propdb} > db-dump.tmp || exit 1
+${propddb} < db-dump.tmp || exit 1
+${kadmin} dump | sort | \
+ awk '{$11=""; print;}' > out-text-dump-known-ext || exit 1
+sort < ${srcdir}/text-dump-known-ext | \
+ awk '{$11=""; print;}' > out-text-dump-known-ext-orig || exit 1
+cmp out-text-dump-known-ext-orig out-text-dump-known-ext || exit 1
+
+# check with unknown extentions
+${kadmin} load ${srcdir}/text-dump-unknown-ext || exit 1
+${propdb} > db-dump.tmp || exit 1
+${propddb} < db-dump.tmp || exit 1
+${kadmin} dump | sort | \
+ awk '{$11=""; print;}' > out-text-dump-unknown-ext || exit 1
+sort < ${srcdir}/text-dump-unknown-ext | \
+ awk '{$11=""; print;}' > out-text-dump-unknown-ext-orig || exit 1
+cmp out-text-dump-unknown-ext-orig out-text-dump-unknown-ext || exit 1
+
+${kstash} -e aes256-cts-hmac-sha1-96 --random-key -k ./mkey.file >/dev/null 2>/dev/null || exit 1
+
+# remove masterkey
+${kadmin} load ${srcdir}/text-dump-0.7 || exit 1
+${propdb} > db-dump.tmp|| exit 1
+${propddb} < db-dump.tmp || exit 1
+${propdb} -m mkey.file -D > db-dump.tmp || exit 1
+mv mkey.file mkey.file.no || exit 1
+${propddb} < db-dump.tmp || exit 1
+${kadmin} dump | sort | \
+ awk '{$11=""; print;}' > out-text-dump-0.7 || exit 1
+sort < ${srcdir}/text-dump-unknown-ext | \
+ awk '{$11=""; print;}' > out-text-dump-0.7-orig || exit 1
+cmp out-text-dump-0.7 out-text-dump-0.7-orig || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/db/text-dump-0.7
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/text-dump-0.7 (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/text-dump-0.7 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7 @@
+changepw/kerberos at EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2
+default at EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin at EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0
+kadmin/admin at EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2
+kadmin/changepw at EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2
+kadmin/hprop at EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2
+krbtgt/EXAMPLE.ORG at EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2
+lha at EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin at EXAMPLE.ORG 20050728203758:kadmin/admin at EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1
Added: vendor-crypto/heimdal/dist/tests/db/text-dump-known-ext
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/text-dump-known-ext (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/text-dump-known-ext 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7 @@
+changepw/kerberos at EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2 -
+default at EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin at EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0 -
+kadmin/admin at EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2 -
+kadmin/changepw at EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2 -
+kadmin/hprop at EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2 -
+krbtgt/EXAMPLE.ORG at EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2 -
+lha at EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin at EXAMPLE.ORG 20050728203758:kadmin/admin at EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1 -
Added: vendor-crypto/heimdal/dist/tests/db/text-dump-no-ext
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/text-dump-no-ext (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/text-dump-no-ext 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7 @@
+changepw/kerberos at EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2 -
+default at EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin at EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0 -
+kadmin/admin at EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2 -
+kadmin/changepw at EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2 -
+kadmin/hprop at EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2 -
+krbtgt/EXAMPLE.ORG at EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2 -
+lha at EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin at EXAMPLE.ORG 20050728203758:kadmin/admin at EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1 -
Added: vendor-crypto/heimdal/dist/tests/db/text-dump-unknown-ext
===================================================================
--- vendor-crypto/heimdal/dist/tests/db/text-dump-unknown-ext (rev 0)
+++ vendor-crypto/heimdal/dist/tests/db/text-dump-unknown-ext 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,7 @@
+changepw/kerberos at EXAMPLE.ORG 1::3:2376E6A4C1D5456D:-::2:2376E6A4C1D5456D:-::1:2376E6A4C1D5456D:-::18:39C3D293A6B0CEE734C7874764A8B5449F348AC00A6EA94F7451D07BE31EF239:-::16:108373F74F105875DCCE866B160886C7BC6780E526D0DAEA:-::23:D279B73431AA349F63594EA800397195:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 639 20050728203748:743456:2 -
+default at EXAMPLE.ORG 0::3:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::2:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::1:3B2A671585E93D6B:3/"EXAMPLE.ORGdefault"::18:AF401411D3F29C204611A9BA1EF54AEDEC43A01B0123C57B994B2EE104E7F127:3/"EXAMPLE.ORGdefault"::16:02401CAD7A92760E464025760BCD3BE5DF616DD5A798C719:3/"EXAMPLE.ORGdefault"::23:31D6CFE0D16AE931B73C59D7E0C089C0:3/"EXAMPLE.ORGdefault" 20050728203748:kadmin/admin at EXAMPLE.ORG - - - - 86400 604800 254 20050728203748:863727:0 -
+kadmin/admin at EXAMPLE.ORG 1::3:2FCD23DCC2C726CE:-::2:2FCD23DCC2C726CE:-::1:2FCD23DCC2C726CE:-::18:1675F5E5BAD61428DE51F7C8EDCD53F23426D90F4F0BB4F9C73514D317E0482A:-::16:C79D6B0879B6ABADCE4A9B436B5B4A4F792679CDBC7F5D10:-::23:265C712FED225A85567BAF8CD9A4C4ED:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 382 20050728203748:682995:2 -
+kadmin/changepw at EXAMPLE.ORG 1::3:57A132CB9D7F4F37:-::2:57A132CB9D7F4F37:-::1:57A132CB9D7F4F37:-::18:B8252C9E3EC99969053631C238BBF88A0AAA082A8F1C4ED8D1729170C79519B8:-::16:10CE89987A1FD0986E6D836DB3F473E04C648C34F17CBCE3:-::23:A6D2BCA6F54B1C1AA5E875F116EEDE82:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 300 300 867 20050728203748:623022:2 -
+kadmin/hprop at EXAMPLE.ORG 1::3:76DC5751EFE52931:-::2:76DC5751EFE52931:-::1:76DC5751EFE52931:-::18:9B4D02F7D74790AB929E607BE5940CFF66801C237840EE968FDEFD7ED1387350:-::16:4CD575703D197F2991D5233704BAE379DF4FFBE616256762:-::23:E3D49F7E3462823492F33FAD8F0A754F:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 3600 3600 383 20050728203748:803541:2 -
+krbtgt/EXAMPLE.ORG at EXAMPLE.ORG 1::3:C219830E0E73DCEC:-::2:C219830E0E73DCEC:-::1:C219830E0E73DCEC:-::18:56CD702EE58B6EF4CAF758DA0BA1B92B21EFC1D2E9FCC0785009BC391F8571B8:-::16:29E9A2F45B2561D5B592C1070708B94A894AE046D091CE7C:-::23:30A2FB86CDC17B4EC625DC66C47AAF37:- 20050728203748:kadmin/admin at EXAMPLE.ORG 20050728203748:kadmin/admin at EXAMPLE.ORG - - - 86400 2592000 126 20050728203748:560639:2 -
+lha at EXAMPLE.ORG 1::3:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::2:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::1:80AB08A261D6A82F:3/"EXAMPLE.ORGlha"::18:96653BEA5A46E5DF97D535C6C49F007E02F0E56B21F498C14F8C014871FE9889:3/"EXAMPLE.ORGlha"::16:7545202640A81304AE987F231FCB1F625D02CE7FF8A4ABEA:3/"EXAMPLE.ORGlha"::23:AC8E657F83DF82BEEA5D43BDAF7800CC:3/"EXAMPLE.ORGlha" 20050728203752:kadmin/admin at EXAMPLE.ORG 20050728203758:kadmin/admin at EXAMPLE.ORG - - - 86400 604800 126 20050728203752:988968:1 -
Added: vendor-crypto/heimdal/dist/tests/gss/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,78 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf
+
+SCRIPT_TESTS = check-gss check-gssmask check-context check-spnego check-ntlm
+
+TESTS = $(SCRIPT_TESTS)
+
+check_SCRIPTS = $(SCRIPT_TESTS)
+
+port = 49188
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/gss,g'
+
+check-gss: check-gss.in Makefile
+ $(do_subst) < $(srcdir)/check-gss.in > check-gss.tmp
+ chmod +x check-gss.tmp
+ mv check-gss.tmp check-gss
+
+check-gssmask: check-gssmask.in Makefile
+ $(do_subst) < $(srcdir)/check-gssmask.in > check-gssmask.tmp
+ chmod +x check-gssmask.tmp
+ mv check-gssmask.tmp check-gssmask
+
+check-context: check-context.in Makefile
+ $(do_subst) < $(srcdir)/check-context.in > check-context.tmp
+ chmod +x check-context.tmp
+ mv check-context.tmp check-context
+
+check-spnego: check-spnego.in Makefile
+ $(do_subst) < $(srcdir)/check-spnego.in > check-spnego.tmp
+ chmod +x check-spnego.tmp
+ mv check-spnego.tmp check-spnego
+
+check-basic: check-basic.in Makefile
+ $(do_subst) < $(srcdir)/check-basic.in > check-basic.tmp
+ chmod +x check-basic.tmp
+ mv check-basic.tmp check-basic
+
+check-ntlm: check-ntlm.in Makefile
+ $(do_subst) < $(srcdir)/check-ntlm.in > check-ntlm.tmp
+ chmod +x check-ntlm.tmp
+ mv check-ntlm.tmp check-ntlm
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+CLEANFILES= \
+ $(TESTS) \
+ foopassword \
+ barpassword \
+ krb5ccfile \
+ krb5ccfile-ds \
+ server.keytab \
+ krb5.conf \
+ current-db* \
+ *.log \
+ check-basic.tmp \
+ check-gss.tmp \
+ check-gssmask.tmp \
+ check-spnego.tmp \
+ check-ntlm.tmp \
+ check-context.tmp
+
+EXTRA_DIST = \
+ check-basic.in \
+ check-gss.in \
+ check-gssmask.in \
+ check-spnego.in \
+ check-ntlm.in \
+ check-context.in \
+ ntlm-user-file.txt \
+ krb5.conf.in
Added: vendor-crypto/heimdal/dist/tests/gss/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,804 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tests/gss
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DATA = $(noinst_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = krb5.conf
+SCRIPT_TESTS = check-gss check-gssmask check-context check-spnego check-ntlm
+TESTS = $(SCRIPT_TESTS)
+check_SCRIPTS = $(SCRIPT_TESTS)
+port = 49188
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/gss,g'
+
+CLEANFILES = \
+ $(TESTS) \
+ foopassword \
+ barpassword \
+ krb5ccfile \
+ krb5ccfile-ds \
+ server.keytab \
+ krb5.conf \
+ current-db* \
+ *.log \
+ check-basic.tmp \
+ check-gss.tmp \
+ check-gssmask.tmp \
+ check-spnego.tmp \
+ check-ntlm.tmp \
+ check-context.tmp
+
+EXTRA_DIST = \
+ check-basic.in \
+ check-gss.in \
+ check-gssmask.in \
+ check-spnego.in \
+ check-ntlm.in \
+ check-context.in \
+ ntlm-user-file.txt \
+ krb5.conf.in
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/gss/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/gss/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-TESTS check-am check-local \
+ clean clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+check-gss: check-gss.in Makefile
+ $(do_subst) < $(srcdir)/check-gss.in > check-gss.tmp
+ chmod +x check-gss.tmp
+ mv check-gss.tmp check-gss
+
+check-gssmask: check-gssmask.in Makefile
+ $(do_subst) < $(srcdir)/check-gssmask.in > check-gssmask.tmp
+ chmod +x check-gssmask.tmp
+ mv check-gssmask.tmp check-gssmask
+
+check-context: check-context.in Makefile
+ $(do_subst) < $(srcdir)/check-context.in > check-context.tmp
+ chmod +x check-context.tmp
+ mv check-context.tmp check-context
+
+check-spnego: check-spnego.in Makefile
+ $(do_subst) < $(srcdir)/check-spnego.in > check-spnego.tmp
+ chmod +x check-spnego.tmp
+ mv check-spnego.tmp check-spnego
+
+check-basic: check-basic.in Makefile
+ $(do_subst) < $(srcdir)/check-basic.in > check-basic.tmp
+ chmod +x check-basic.tmp
+ mv check-basic.tmp check-basic
+
+check-ntlm: check-ntlm.in Makefile
+ $(do_subst) < $(srcdir)/check-ntlm.in > check-ntlm.tmp
+ chmod +x check-ntlm.tmp
+ mv check-ntlm.tmp check-ntlm
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/gss/check-basic.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/check-basic.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/check-basic.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,156 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-basic.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+nokeytab="FILE:no-such-keytab"
+cache="FILE:krb5ccfile"
+nocache="FILE:no-such-cache"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+acquire_cred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_acquire_cred"
+test_kcred="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_kcred"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+KRB5_KTNAME="${keytab}"
+export KRB5_KTNAME
+KRB5CCNAME="${cache}"
+export KRB5CCNAME
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+echo upw > ${objdir}/foopassword
+
+${kadmin} add -p upw --use-defaults user@${R} || exit 1
+${kadmin} add -p upw --use-defaults another@${R} || exit 1
+${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+exitcode=0
+
+echo "initial ticket"
+${kinit} --password-file=${objdir}/foopassword user@${R} || exitcode=1
+
+echo "keytab"
+${acquire_cred} \
+ --acquire-type=accept \
+ --acquire-name=host at host.test.h5l.se || exit 1
+echo "keytab w/o name"
+${acquire_cred} \
+ --acquire-type=accept || exit 1
+echo "keytab w/ wrong name"
+${acquire_cred} \
+ --acquire-type=accept \
+ --acquire-name=host at host2.test.h5l.se 2>/dev/null && exit 1
+echo "init using keytab"
+${acquire_cred} \
+ --acquire-type=initiate \
+ --acquire-name=host at host.test.h5l.se || exit 1
+echo "init using existing cc"
+${acquire_cred} \
+ --name-type=user-name \
+ --acquire-type=initiate \
+ --acquire-name=user || exit 1
+
+KRB5CCNAME=${nocache}
+
+echo "fail init using existing cc"
+${acquire_cred} \
+ --name-type=user-name \
+ --acquire-type=initiate \
+ --acquire-name=user 2>/dev/null && exit 1
+
+echo "use gss_krb5_ccache_name"
+${acquire_cred} \
+ --name-type=user-name \
+ --ccache=${cache} \
+ --acquire-type=initiate \
+ --acquire-name=user >/dev/null || exit 1
+
+KRB5CCNAME=${cache}
+KRB5_KTNAME=${nokeytab}
+
+echo "kcred"
+${test_kcred} || exit 1
+
+trap "" EXIT
+
+echo "killing kdc (${kdcpid})"
+kill ${kdcpid} 2> /dev/null
+
+exit $exitcode
Added: vendor-crypto/heimdal/dist/tests/gss/check-context.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/check-context.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/check-context.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,188 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2008 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-context.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+cache="FILE:krb5ccfile"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+KRB5CCNAME=${cache}
+export KRB5CCNAME
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+# add both lucid and lucid.test.h5l.se to simulate aliases
+${kadmin} add -p p1 --use-defaults host/lucid.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
+${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
+${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
+${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
+
+${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo u1 > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+exitcode=0
+
+echo "Getting client initial tickets"
+${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
+
+echo "======test naming combinations"
+echo "plain"
+${context} --name-type=hostbased-service host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+echo "plain (krb5)"
+${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \
+ { exitcode=1 ; echo test failed; }
+echo "plain (krb5 realmless)"
+${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+echo "dns canon on (long name) OFF, need dns_wrapper"
+#${context} --dns-canon host at lucid.test.h5l.se || \
+# { exitcode=1 ; echo test failed; }
+echo "dns canon off (long name)"
+${context} --no-dns-canon host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+echo "dns canon off (short name)"
+${context} --no-dns-canon host at lucid || \
+ { exitcode=1 ; echo test failed; }
+echo "dns canon off (short name, krb5)"
+${context} --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \
+ { exitcode=1 ; echo test failed; }
+echo "dns canon off (short name, krb5)"
+${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \
+ { exitcode=1 ; echo test failed; }
+
+echo "======test context building"
+for mech in krb5 spnego ; do
+ echo "${mech} no-mutual"
+ ${context} --mech-type=${mech} \
+ --name-type=hostbased-service host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+
+ echo "${mech} mutual"
+ ${context} --mech-type=${mech} \
+ --mutual \
+ --name-type=hostbased-service host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+
+ echo "${mech} delegate"
+ ${context} --mech-type=${mech} \
+ --delegate \
+ --name-type=hostbased-service host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+
+ echo "${mech} mutual delegate"
+ ${context} --mech-type=${mech} \
+ --mutual --delegate \
+ --name-type=hostbased-service host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+done
+
+#add spnego !
+echo "======dce-style"
+for mech in krb5 ; do
+
+ echo "${mech}: dce-style"
+ ${context} \
+ --mech-type=${mech} \
+ --mutual \
+ --dce-style \
+ --name-type=hostbased-service host at lucid.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+
+done
+
+#echo "sasl-digest-md5"
+#${context} --mech-type=sasl-digest-md5 \
+# --name-type=hostbased-service \
+# host at lucid.test.h5l.se || \
+# { exitcode=1 ; echo test failed; }
+
+
+trap "" EXIT
+
+echo "killing kdc (${kdcpid})"
+kill ${kdcpid} 2> /dev/null
+
+exit $exitcode
+
+
Added: vendor-crypto/heimdal/dist/tests/gss/check-gss.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/check-gss.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/check-gss.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-gss.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+objdir="@objdir@"
+gssdir="${objdir}/../../lib/gssapi"
+
+${TESTS_ENVIRONMENT} ${gssdir}/gss help > /dev/null || exit 1
+${TESTS_ENVIRONMENT} ${gssdir}/gss supported-mechanisms > /dev/null || exit 1
+
+exit 0
+
+
Added: vendor-crypto/heimdal/dist/tests/gss/check-gssmask.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/check-gssmask.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/check-gssmask.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,133 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-gssmask.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+
+gssmask="${TESTS_ENVIRONMENT} ../../appl/gssmask/gssmask"
+gssmaskn1="${gssmask} -p 8889 --spn=host/n1.test.h5l.se@${R} --logfile=n1.log"
+gssmaskn2="${gssmask} -p 8890 --spn=host/n2.test.h5l.se@${R} --logfile=n2.log"
+gssmaskn3="${gssmask} -p 8891 --spn=host/n3.test.h5l.se@${R} --logfile=n3.log"
+gssmaestro="../../appl/gssmask/gssmaestro"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p p1 --use-defaults host/n1.test.h5l.se@${R} || exit 1
+${kadmin} add -p p2 --use-defaults host/n2.test.h5l.se@${R} || exit 1
+${kadmin} add -p p3 --use-defaults host/n3.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/n1.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/n2.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/n3.test.h5l.se@${R} || exit 1
+
+${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+exitcode=0
+
+echo "Starting client 1"
+${gssmaskn1} --moniker=n1 &
+n1pid=$!
+#echo $n1pid
+#xterm -display :0 -e g ${gssmaskn1} &
+#read x
+
+echo "Starting client 2"
+${gssmaskn2} --moniker=n2 &
+n2pid=$!
+
+echo "Starting client 3"
+${gssmaskn3} --moniker=n3 &
+n3pid=$!
+
+trap "kill ${kdcpid} ${n1pid} ${n2pid} ${n3pid} 2> /dev/null; echo signal killing kdc and maskar; exit 1;" EXIT
+
+sleep 10
+
+${gssmaestro} \
+ --slaves=localhost:8889 \
+ --slaves=localhost:8890 \
+ --slaves=localhost:8891 \
+ --principals=user1@${R}:u1 || exitcode=1
+
+trap "" EXIT
+
+echo "killing kdc and clients (${kdcpid}, ${n1pid}, ${n2pid}, ${n3pid})"
+kill ${kdcpid} ${n1pid} ${n2pid} ${n3pid} 2> /dev/null
+
+exit $exitcode
+
+
Added: vendor-crypto/heimdal/dist/tests/gss/check-ntlm.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/check-ntlm.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/check-ntlm.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,170 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-ntlm.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+cache="FILE:krb5ccfile"
+cacheds="FILE:krb5ccfile-ds"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest"
+
+context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+KRB5_KTNAME="${keytab}"
+export KRB5_KTNAME
+KRB5CCNAME="${cache}"
+export KRB5CCNAME
+NTLM_ACCEPTOR_CCACHE="${cacheds}"
+export NTLM_ACCEPTOR_CCACHE
+NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
+export NTLM_USER_FILE
+
+GSSAPI_SPNEGO_NAME=host at host.test.h5l.se
+export GSSAPI_SPNEGO_NAME
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
+
+${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
+
+${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1
+${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1
+
+${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo u1 > ${objdir}/foopassword
+echo ds > ${objdir}/barpassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+exitcode=0
+
+echo "Getting client initial tickets"
+${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
+echo "Getting digestserver initial tickets"
+${kinitds} --password-file=${objdir}/barpassword digestserver@${R} || exitcode=1
+
+echo "======probe"
+KRB5CCNAME="$cacheds"
+
+ ${kdigest} digest-probe --realm=${R} > /dev/null || \
+ { exitcode=1; echo "test failed"; }
+
+echo "======context building ntlm"
+
+NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no"
+KRB5CCNAME="$cache"
+
+echo "no NTLM initiator creds"
+${context} --mech-type=ntlm \
+ --mutual \
+ --name-type=hostbased-service \
+ --ret-mech-type=ntlm \
+ host at host.test.h5l.se 2> /dev/null && \
+ { exitcode=1 ; echo "test failed"; }
+
+echo "Getting client initial tickets (with ntlm creds)"
+${kinit} --password-file=${objdir}/foopassword --ntlm-domain=TEST user1@${R} || exitcode=1
+
+echo "NTLM initiator krb5 creds"
+${context} --mech-type=ntlm \
+ --mutual \
+ --name-type=hostbased-service \
+ --ret-mech-type=ntlm \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo "test failed"; }
+
+echo "NTLM initiator krb5 creds (getverifymic, wrapunwrap)"
+${context} --mech-type=ntlm \
+ --mutual \
+ --name-type=hostbased-service \
+ --ret-mech-type=ntlm \
+ --getverifymic --wrapunwrap \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo "test failed"; }
+
+trap "" EXIT
+
+echo "killing kdc (${kdcpid})"
+kill ${kdcpid} 2> /dev/null
+
+exit $exitcode
+
+
Added: vendor-crypto/heimdal/dist/tests/gss/check-spnego.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/check-spnego.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/check-spnego.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,209 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-spnego.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+cache="FILE:krb5ccfile"
+cacheds="FILE:krb5ccfile-ds"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kinitds="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cacheds --no-afslog"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+KRB5_KTNAME="${keytab}"
+export KRB5_KTNAME
+KRB5CCNAME="${cache}"
+export KRB5CCNAME
+NTLM_ACCEPTOR_CCACHE="${cacheds}"
+export NTLM_ACCEPTOR_CCACHE
+NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
+export NTLM_USER_FILE
+
+GSSAPI_SPNEGO_NAME=host at host.test.h5l.se
+export GSSAPI_SPNEGO_NAME
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
+${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
+
+${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
+
+${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1
+${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1
+
+${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo u1 > ${objdir}/foopassword
+echo ds > ${objdir}/barpassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+exitcode=0
+
+echo "Getting client initial tickets"
+${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
+echo "Getting digestserver initial tickets"
+${kinitds} --password-file=${objdir}/barpassword digestserver@${R} || exitcode=1
+
+echo "======context building for each mech"
+
+for mech in ntlm krb5 ; do
+ echo "${mech}"
+ ${context} --mech-type=${mech} --ret-mech-type=${mech} \
+ --name-type=hostbased-service host at host.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+done
+
+echo "spnego"
+${context} \
+ --mech-type=spnego \
+ --ret-mech-type=krb5 \
+ --name-type=hostbased-service \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+
+echo "test failure cases"
+${context} --mech-type=ntlm --ret-mech-type=krb5 \
+ --name-type=hostbased-service host at host.test.h5l.se 2> /dev/null && \
+ { exitcode=1 ; echo test failed; }
+
+${context} --mech-type=krb5 --ret-mech-type=ntlm \
+ --name-type=hostbased-service host at host.test.h5l.se 2> /dev/null && \
+ { exitcode=1 ; echo test failed; }
+
+echo "======spnego variants context building"
+
+for arg in \
+ "" \
+ "--mutual" \
+ "--delegate" \
+ "--mutual --delegate" \
+ "--getverifymic --wrapunwrap" \
+ "--mutual --getverifymic --wrapunwrap" \
+ ; do
+
+ echo "no NTLM acceptor cred ${arg}"
+ NTLM_ACCEPTOR_CCACHE="${cacheds}-no"
+ ${context} --mech-type=spnego \
+ $arg \
+ --name-type=hostbased-service \
+ --ret-mech-type=krb5 \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+ NTLM_ACCEPTOR_CCACHE="${cacheds}"
+
+ echo "no NTLM initiator cred ${arg}"
+ NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt-no"
+ ${context} --mech-type=spnego \
+ $arg \
+ --name-type=hostbased-service \
+ --ret-mech-type=krb5 \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+ NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
+
+ echo "no krb5 acceptor cred ${arg}"
+ KRB5_KTNAME="${keytab}-no"
+ ${context} --mech-type=spnego \
+ $arg \
+ --name-type=hostbased-service \
+ --ret-mech-type=ntlm \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+ KRB5_KTNAME="${keytab}"
+
+ echo "no krb5 initiator cred ${arg}"
+ KRB5CCNAME="${cache}-no"
+ ${context} --mech-type=spnego \
+ $arg \
+ --name-type=hostbased-service \
+ --ret-mech-type=ntlm \
+ host at host.test.h5l.se || \
+ { exitcode=1 ; echo test failed; }
+ KRB5CCNAME="${cache}"
+
+done
+
+trap "" EXIT
+
+echo "killing kdc (${kdcpid})"
+kill ${kdcpid} 2> /dev/null
+
+exit $exitcode
+
+
Added: vendor-crypto/heimdal/dist/tests/gss/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,33 @@
+# $Id: krb5.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+ no-addresses = TRUE
+ default_keytab_name = @objdir@/server.keytab
+ dns_canonicalize_hostname = false
+ dns_lookup_realm = false
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[domain_realms]
+ .test.h5l.se = TEST.H5L.SE
+
+[kdc]
+ enable-digest = true
+ digests_allowed = ntlm-v2,ntlm-v1-session,ntlm-v1
+
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
Added: vendor-crypto/heimdal/dist/tests/gss/ntlm-user-file.txt
===================================================================
--- vendor-crypto/heimdal/dist/tests/gss/ntlm-user-file.txt (rev 0)
+++ vendor-crypto/heimdal/dist/tests/gss/ntlm-user-file.txt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+# $Id: ntlm-user-file.txt,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+TEST:user1:u1
Added: vendor-crypto/heimdal/dist/tests/java/KerberosInit.java
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/KerberosInit.java (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/KerberosInit.java 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,95 @@
+/*
+ *
+ * Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: KerberosInit.java,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+ */
+
+import javax.security.auth.login.*;
+import javax.security.auth.callback.*;
+
+public class KerberosInit {
+
+ private class TestCallBackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks)
+ throws UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof TextOutputCallback) {
+ TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+ System.out.println(toc.getMessage());
+ } else if (callbacks[i] instanceof NameCallback) {
+ NameCallback nc = (NameCallback)callbacks[i];
+ nc.setName("lha");
+ } else if (callbacks[i] instanceof PasswordCallback) {
+ PasswordCallback pc = (PasswordCallback)callbacks[i];
+ pc.setPassword("foo".toCharArray());
+ } else {
+ throw new
+ UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+ }
+ private TestCallBackHandler getHandler() {
+ return new TestCallBackHandler();
+ }
+
+ public static void main(String[] args) {
+
+ LoginContext lc = null;
+ try {
+ lc = new LoginContext("kinit", new KerberosInit().getHandler());
+ } catch (LoginException e) {
+ System.err.println("Cannot create LoginContext. " + e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ } catch (SecurityException e) {
+ System.err.println("Cannot create LoginContext. " + e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ }
+
+ try {
+ lc.login();
+ } catch (LoginException e) {
+ System.err.println("Authentication failed:" + e.getMessage());
+ e.printStackTrace();
+ System.exit(1);
+ }
+
+ System.out.println("lc.login ok");
+ System.exit(0);
+ }
+}
+
Added: vendor-crypto/heimdal/dist/tests/java/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf
+
+check_SCRIPTS = $(SCRIPT_TESTS)
+
+SCRIPT_TESTS = check-kinit
+
+TESTS = $(SCRIPT_TESTS)
+
+port = 49188
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/java,g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+
+check-kinit: check-kinit.in Makefile
+ $(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp
+ chmod +x check-kinit.tmp
+ mv check-kinit.tmp check-kinit
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+CLEANFILES= \
+ $(TESTS) \
+ *.tmp \
+ *.class \
+ current-db* \
+ krb5.conf \
+ messages.log
+
+
+EXTRA_DIST = \
+ KerberosInit.java \
+ jaas.conf \
+ check-kinit.in \
+ have-java.sh \
+ krb5.conf.in
Added: vendor-crypto/heimdal/dist/tests/java/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,768 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tests/java
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DATA = $(noinst_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = krb5.conf
+check_SCRIPTS = $(SCRIPT_TESTS)
+SCRIPT_TESTS = check-kinit
+TESTS = $(SCRIPT_TESTS)
+port = 49188
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/java,g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+CLEANFILES = \
+ $(TESTS) \
+ *.tmp \
+ *.class \
+ current-db* \
+ krb5.conf \
+ messages.log
+
+EXTRA_DIST = \
+ KerberosInit.java \
+ jaas.conf \
+ check-kinit.in \
+ have-java.sh \
+ krb5.conf.in
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/java/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/java/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-TESTS check-am check-local \
+ clean clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+check-kinit: check-kinit.in Makefile
+ $(do_subst) < $(srcdir)/check-kinit.in > check-kinit.tmp
+ chmod +x check-kinit.tmp
+ mv check-kinit.tmp check-kinit
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/java/check-kinit.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/check-kinit.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/check-kinit.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,101 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-kinit.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+port="@port@"
+
+# Disable test if: no data, no java, or socket wrapper
+../db/have-db || exit 77
+sh ${srcdir}/have-java.sh || exit 77
+[ X"$SOCKET_WRAPPER_DIR" != X ] && exit 77
+
+R=TEST.H5L.SE
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=127.0.0.1 -P $port"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile} messages.log
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+echo "Compile"
+javac -d "${objdir}" "${srcdir}/KerberosInit.java" || \
+ { echo "Failed to compile java program: $?" ; exit 77; }
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults lha@${R} || exit 1
+${kadmin} modify --attributes=+requires-pre-auth lha@${R} || exit 1
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+echo "Run init"
+java \
+ -Dsun.security.krb5.debug=true \
+ -Djava.security.krb5.conf="${objdir}"/krb5.conf \
+ -Djava.security.auth.login.config="${srcdir}/jaas.conf" \
+ KerberosInit > output.tmp 2>&1 || { cat output.tmp ; exit 1; }
+
+echo "Done"
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+trap "" EXIT
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/java/have-java.sh
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/have-java.sh (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/have-java.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: have-java.sh,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+echo "Checking for java and javac"
+
+oldifs=$IFS
+IFS=:
+set -- $PATH
+IFS=$oldifs
+for i in $*; do
+ test -n "$i" || i="."
+ test -x $i/java && j=f
+ test -x $i/javac && k=c
+done
+
+test "$j$k" = fc || exit 1
+
+# GNU GCC Java doesn't support Kerberos
+if java -version 2>&1 | grep 'gij' > /dev/null ; then
+ exit 1
+fi
+
+echo "ok"
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/java/jaas.conf
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/jaas.conf (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/jaas.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,5 @@
+/* $Id: jaas.conf,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $ */
+
+kinit {
+ com.sun.security.auth.module.Krb5LoginModule required;
+};
Added: vendor-crypto/heimdal/dist/tests/java/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/java/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/java/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,30 @@
+# $Id: krb5.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[kdc]
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+# Have both default and non default salting for single DES encryptes,
+# this to check if the kdc return default salting.
+[kadmin]
+ default_keys = aes256-cts-hmac-sha1-96:pw-salt
+ default_keys = aes128-cts-hmac-sha1-96:pw-salt
+ default_keys = des3-cbc-sha1:pw-salt
+ default_keys = des:pw-salt
+ default_keys = des:pw-salt:
Added: vendor-crypto/heimdal/dist/tests/kdc/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,159 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = \
+ krb5.conf \
+ krb5-pkinit.conf \
+ krb5-pkinit-win.conf \
+ krb5-slave.conf
+
+check_PROGRAMS = ap-req
+check_SCRIPTS = $(SCRIPT_TESTS)
+
+SCRIPT_TESTS = \
+ check-digest \
+ check-kadmin \
+ check-kdc \
+ check-keys \
+ check-pkinit \
+ check-iprop \
+ check-referral \
+ check-uu
+
+TESTS = $(SCRIPT_TESTS)
+
+port = 49188
+admport = 49189
+
+if HAVE_DLOPEN
+do_dlopen = -e 's,[@]DLOPEN[@],true,g'
+else
+do_dlopen = -e 's,[@]DLOPEN[@],false,g'
+endif
+
+do_subst = sed $(do_dlopen) \
+ -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]admport[@],$(admport),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+
+check-kdc: check-kdc.in Makefile
+ $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp
+ chmod +x check-kdc.tmp
+ mv check-kdc.tmp check-kdc
+
+check-keys: check-keys.in Makefile
+ $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp
+ chmod +x check-keys.tmp
+ mv check-keys.tmp check-keys
+
+check-kadmin: check-kadmin.in Makefile
+ $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp
+ chmod +x check-kadmin.tmp
+ mv check-kadmin.tmp check-kadmin
+
+check-uu: check-uu.in Makefile
+ $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp
+ chmod +x check-uu.tmp
+ mv check-uu.tmp check-uu
+
+check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf
+ $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp
+ chmod +x check-pkinit.tmp
+ mv check-pkinit.tmp check-pkinit
+
+check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf
+ $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp
+ chmod +x check-iprop.tmp
+ mv check-iprop.tmp check-iprop
+
+check-digest: check-digest.in Makefile
+ $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp
+ chmod +x check-digest.tmp
+ mv check-digest.tmp check-digest
+
+check-referral: check-referral.in Makefile
+ $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp
+ chmod +x check-referral.tmp
+ mv check-referral.tmp check-referral
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+krb5-slave.conf: krb5.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp
+ mv krb5-slave.conf.tmp krb5-slave.conf
+
+krb5-pkinit.conf: krb5-pkinit.conf.in Makefile
+ $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp
+ mv krb5-pkinit.conf.tmp krb5-pkinit.conf
+
+krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile
+ $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp
+ mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf
+
+CLEANFILES= \
+ $(TESTS) \
+ iprop-stats \
+ barpassword \
+ cache.krb5 \
+ cdigest-reply \
+ *.tmp \
+ client-cache \
+ current-db* \
+ current*.log \
+ iprop.keytab \
+ digest-reply \
+ foopassword \
+ krb5.conf \
+ krb5-slave.conf \
+ krb5-pkinit.conf \
+ krb5-pkinit-win.conf \
+ krb5.conf.keys \
+ signal \
+ messages.log \
+ o2cache.krb5 \
+ o2digest-reply \
+ ocache.krb5 \
+ s2digest-reply \
+ sdigest-init \
+ sdigest-reply \
+ server.keytab \
+ req-pkinit.der \
+ req-pkinit2.der \
+ req-kdc.der \
+ pkinit.crt \
+ pkinit2.crt \
+ pkinit3.crt \
+ kdc.crt \
+ ca.crt \
+ uuserver.log \
+ tempfile \
+ test-rc-file.rc
+
+EXTRA_DIST = \
+ check-kadmin.in \
+ check-kdc.in \
+ check-keys.in \
+ check-referral.in \
+ check-uu.in \
+ check-pkinit.in \
+ check-iprop.in \
+ check-digest.in \
+ heimdal.acl \
+ krb5.conf.in \
+ krb5.conf.keys.in \
+ krb5-pkinit.conf.in \
+ iprop-acl \
+ wait-kdc.sh \
+ pki-mapping \
+ ntlm-user-file.txt \
+ uuserver.txt \
+ donotexists.txt
Added: vendor-crypto/heimdal/dist/tests/kdc/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,971 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+check_PROGRAMS = ap-req$(EXEEXT)
+subdir = tests/kdc
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+ap_req_SOURCES = ap-req.c
+ap_req_OBJECTS = ap-req.$(OBJEXT)
+ap_req_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+ap_req_DEPENDENCIES = ../../lib/krb5/libkrb5.la $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = ap-req.c
+DIST_SOURCES = ap-req.c
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = \
+ krb5.conf \
+ krb5-pkinit.conf \
+ krb5-pkinit-win.conf \
+ krb5-slave.conf
+
+check_SCRIPTS = $(SCRIPT_TESTS)
+SCRIPT_TESTS = \
+ check-digest \
+ check-kadmin \
+ check-kdc \
+ check-keys \
+ check-pkinit \
+ check-iprop \
+ check-referral \
+ check-uu
+
+TESTS = $(SCRIPT_TESTS)
+port = 49188
+admport = 49189
+ at HAVE_DLOPEN_FALSE@do_dlopen = -e 's,[@]DLOPEN[@],false,g'
+ at HAVE_DLOPEN_TRUE@do_dlopen = -e 's,[@]DLOPEN[@],true,g'
+do_subst = sed $(do_dlopen) \
+ -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]admport[@],$(admport),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+CLEANFILES = \
+ $(TESTS) \
+ iprop-stats \
+ barpassword \
+ cache.krb5 \
+ cdigest-reply \
+ *.tmp \
+ client-cache \
+ current-db* \
+ current*.log \
+ iprop.keytab \
+ digest-reply \
+ foopassword \
+ krb5.conf \
+ krb5-slave.conf \
+ krb5-pkinit.conf \
+ krb5-pkinit-win.conf \
+ krb5.conf.keys \
+ signal \
+ messages.log \
+ o2cache.krb5 \
+ o2digest-reply \
+ ocache.krb5 \
+ s2digest-reply \
+ sdigest-init \
+ sdigest-reply \
+ server.keytab \
+ req-pkinit.der \
+ req-pkinit2.der \
+ req-kdc.der \
+ pkinit.crt \
+ pkinit2.crt \
+ pkinit3.crt \
+ kdc.crt \
+ ca.crt \
+ uuserver.log \
+ tempfile \
+ test-rc-file.rc
+
+EXTRA_DIST = \
+ check-kadmin.in \
+ check-kdc.in \
+ check-keys.in \
+ check-referral.in \
+ check-uu.in \
+ check-pkinit.in \
+ check-iprop.in \
+ check-digest.in \
+ heimdal.acl \
+ krb5.conf.in \
+ krb5.conf.keys.in \
+ krb5-pkinit.conf.in \
+ iprop-acl \
+ wait-kdc.sh \
+ pki-mapping \
+ ntlm-user-file.txt \
+ uuserver.txt \
+ donotexists.txt
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/kdc/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/kdc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+ap-req$(EXEEXT): $(ap_req_OBJECTS) $(ap_req_DEPENDENCIES)
+ @rm -f ap-req$(EXEEXT)
+ $(LINK) $(ap_req_OBJECTS) $(ap_req_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-checkPROGRAMS clean-generic \
+ clean-libtool ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+check-kdc: check-kdc.in Makefile
+ $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp
+ chmod +x check-kdc.tmp
+ mv check-kdc.tmp check-kdc
+
+check-keys: check-keys.in Makefile
+ $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp
+ chmod +x check-keys.tmp
+ mv check-keys.tmp check-keys
+
+check-kadmin: check-kadmin.in Makefile
+ $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp
+ chmod +x check-kadmin.tmp
+ mv check-kadmin.tmp check-kadmin
+
+check-uu: check-uu.in Makefile
+ $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp
+ chmod +x check-uu.tmp
+ mv check-uu.tmp check-uu
+
+check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf
+ $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp
+ chmod +x check-pkinit.tmp
+ mv check-pkinit.tmp check-pkinit
+
+check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf
+ $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp
+ chmod +x check-iprop.tmp
+ mv check-iprop.tmp check-iprop
+
+check-digest: check-digest.in Makefile
+ $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp
+ chmod +x check-digest.tmp
+ mv check-digest.tmp check-digest
+
+check-referral: check-referral.in Makefile
+ $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp
+ chmod +x check-referral.tmp
+ mv check-referral.tmp check-referral
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+krb5-slave.conf: krb5.conf.in Makefile
+ $(do_subst) \
+ -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp
+ mv krb5-slave.conf.tmp krb5-slave.conf
+
+krb5-pkinit.conf: krb5-pkinit.conf.in Makefile
+ $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp
+ mv krb5-pkinit.conf.tmp krb5-pkinit.conf
+
+krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile
+ $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp
+ mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/kdc/ap-req.c
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/ap-req.c (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/ap-req.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+RCSID("$Id: ap-req.c,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $");
+#endif
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <krb5.h>
+#include <err.h>
+#include <getarg.h>
+#include <roken.h>
+
+static int verify_pac = 0;
+static int version_flag = 0;
+static int help_flag = 0;
+
+static struct getargs args[] = {
+ {"verify-pac",0, arg_flag, &verify_pac,
+ "verify the PAC", NULL },
+ {"version", 0, arg_flag, &version_flag,
+ "print version", NULL },
+ {"help", 0, arg_flag, &help_flag,
+ NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+ arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "...");
+ exit (ret);
+}
+
+
+static void
+test_ap(krb5_context context,
+ krb5_principal sprincipal,
+ krb5_keytab keytab,
+ krb5_ccache ccache,
+ const krb5_flags client_flags)
+{
+ krb5_error_code ret;
+ krb5_auth_context client_ac = NULL, server_ac = NULL;
+ krb5_data data;
+ krb5_flags server_flags;
+ krb5_ticket *ticket = NULL;
+ int32_t server_seq, client_seq;
+
+ ret = krb5_mk_req_exact(context,
+ &client_ac,
+ client_flags,
+ sprincipal,
+ NULL,
+ ccache,
+ &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_mk_req_exact");
+
+ ret = krb5_rd_req(context,
+ &server_ac,
+ &data,
+ sprincipal,
+ keytab,
+ &server_flags,
+ &ticket);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_rd_req");
+
+
+ if (server_flags & AP_OPTS_MUTUAL_REQUIRED) {
+ krb5_ap_rep_enc_part *repl;
+
+ krb5_data_free(&data);
+
+ if ((client_flags & AP_OPTS_MUTUAL_REQUIRED) == 0)
+ krb5_errx(context, 1, "client flag missing mutual req");
+
+ ret = krb5_mk_rep (context, server_ac, &data);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_mk_rep");
+
+ ret = krb5_rd_rep (context,
+ client_ac,
+ &data,
+ &repl);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_rd_rep");
+
+ krb5_free_ap_rep_enc_part (context, repl);
+ } else {
+ if (client_flags & AP_OPTS_MUTUAL_REQUIRED)
+ krb5_errx(context, 1, "server flag missing mutual req");
+ }
+
+ krb5_auth_getremoteseqnumber(context, server_ac, &server_seq);
+ krb5_auth_getremoteseqnumber(context, client_ac, &client_seq);
+ if (server_seq != client_seq)
+ krb5_errx(context, 1, "seq num differ");
+
+ krb5_auth_con_getlocalseqnumber(context, server_ac, &server_seq);
+ krb5_auth_con_getlocalseqnumber(context, client_ac, &client_seq);
+ if (server_seq != client_seq)
+ krb5_errx(context, 1, "seq num differ");
+
+ krb5_data_free(&data);
+ krb5_auth_con_free(context, client_ac);
+ krb5_auth_con_free(context, server_ac);
+
+ if (verify_pac) {
+ krb5_pac pac;
+
+ ret = krb5_ticket_get_authorization_data_type(context,
+ ticket,
+ KRB5_AUTHDATA_WIN2K_PAC,
+ &data);
+ if (ret)
+ krb5_err(context, 1, ret, "get pac");
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac);
+ if (ret)
+ krb5_err(context, 1, ret, "pac parse");
+
+ krb5_pac_free(context, pac);
+ }
+
+ krb5_free_ticket(context, ticket);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ int optidx = 0;
+ const char *principal, *keytab, *ccache;
+ krb5_ccache id;
+ krb5_keytab kt;
+ krb5_principal sprincipal;
+
+ setprogname(argv[0]);
+
+ if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
+
+ if (help_flag)
+ usage (0);
+
+ if(version_flag){
+ print_version(NULL);
+ exit(0);
+ }
+
+ argc -= optidx;
+ argv += optidx;
+
+ if (argc < 3)
+ usage(1);
+
+ principal = argv[0];
+ keytab = argv[1];
+ ccache = argv[2];
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_cc_resolve(context, ccache, &id);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_cc_resolve");
+
+ ret = krb5_parse_name(context, principal, &sprincipal);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+
+ ret = krb5_kt_resolve(context, keytab, &kt);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_kt_resolve");
+
+ test_ap(context, sprincipal, kt, id, 0);
+ test_ap(context, sprincipal, kt, id, AP_OPTS_MUTUAL_REQUIRED);
+
+ krb5_cc_close(context, id);
+ krb5_kt_close(context, kt);
+ krb5_free_principal(context, sprincipal);
+
+ krb5_free_context(context);
+
+ return ret;
+}
Added: vendor-crypto/heimdal/dist/tests/kdc/check-digest.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-digest.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-digest.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,295 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-digest.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+server=host/datan.test.h5l.se
+cache="FILE:${objdir}/cache.krb5"
+ocache="FILE:${objdir}/ocache.krb5"
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+kdigest="${TESTS_ENVIRONMENT} ../../kuser/kdigest --ccache=$cache"
+test_ntlm="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_ntlm"
+context="${TESTS_ENVIRONMENT} ../../lib/gssapi/test_context"
+
+username=foo
+userpassword=digestpassword
+
+password=foobarbaz
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1
+${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1
+${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
+${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1
+${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo $password > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; cat messages.log; exit 1;" EXIT
+
+exitcode=0
+
+echo "Getting digest server tickets"
+${kinit} --password-file=${objdir}/foopassword ${server}@$R || exitcode=1
+${kdigest} digest-server-init \
+ --kerberos-realm=${R} \
+ --type=CHAP > /dev/null || exitcode=1
+
+echo "Trying NTLM"
+
+NTLM_ACCEPTOR_CCACHE="$cache"
+export NTLM_ACCEPTOR_CCACHE
+
+echo "Trying server-init"
+echo ${kdigest} ntlm-server-init \
+ --kerberos-realm=${R} \
+ > sdigest-init || exitcode=1
+
+echo "test_ntlm"
+${test_ntlm} || { echo "test_ntlm failed"; exit 1; }
+
+NTLM_USER_FILE="${srcdir}/ntlm-user-file.txt"
+export NTLM_USER_FILE
+
+echo "test_context --mech-type=ntlm"
+${context} --mech-type=ntlm \
+ --name-type=hostbased-service datan at TEST || \
+ { echo "test_context 1 failed"; exit 1; }
+
+${context} --mech-type=ntlm \
+ --name-type=hostbased-service datan at host.TEST || \
+ { echo "test_context 2 failed"; exit 1; }
+
+${context} --mech-type=ntlm \
+ --name-type=hostbased-service datan at host.test.domain2 || \
+ { echo "test_context 3 failed"; exit 1; }
+
+${context} --mech-type=ntlm \
+ --name-type=hostbased-service datan at host.foo 2>/dev/null && \
+ { echo "test_context 4 failed"; exit 1; }
+
+echo "Trying SL in NTLM"
+
+
+for type in \
+ "" \
+ "--getverifymic" \
+ "--wrapunwrap" \
+ "--getverifymic --wrapunwrap" \
+ ; do
+
+ echo "Trying NTLM type: ${type}"
+ ${context} --mech-type=ntlm ${type} \
+ --name-type=hostbased-service datan at TEST || \
+ { echo "test_context 1 failed"; exit 1; }
+
+done
+
+
+echo "Trying CHAP"
+
+${kdigest} digest-server-init \
+ --kerberos-realm=${R} \
+ --type=CHAP \
+ > sdigest-reply || exitcode=1
+
+snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
+identifier=`grep identifier= sdigest-reply | cut -f2- -d=`
+opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
+
+${kdigest} digest-client-request \
+ --type=CHAP \
+ --username="$username" \
+ --password="$userpassword" \
+ --opaque="$opaque" \
+ --server-identifier="$identifier" \
+ --server-nonce="$snonce" \
+ > cdigest-reply || exitcode=1
+
+cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
+
+#echo user: $username
+#echo server-nonce: $snonce
+#echo opaqeue: $opaque
+#echo identifier: $identifier
+
+${kdigest} digest-server-request \
+ --kerberos-realm=${R} \
+ --type=CHAP \
+ --username="$username" \
+ --opaque="$opaque" \
+ --client-response="$cresponseData" \
+ --server-identifier="$identifier" \
+ --server-nonce="$snonce" \
+ > s2digest-reply || exitcode=1
+
+status=`grep status= s2digest-reply | cut -f2- -d=`
+
+if test "X$status" = "Xok" ; then
+ echo "CHAP response ok"
+else
+ echo "CHAP response failed"
+ exitcode=1
+fi
+
+cresponseData=`echo $cresponseData | sed 's/..../DEADBEEF/'`
+
+${kdigest} digest-server-request \
+ --kerberos-realm=${R} \
+ --type=CHAP \
+ --username="$username" \
+ --opaque="$opaque" \
+ --client-response="$cresponseData" \
+ --server-identifier="$identifier" \
+ --server-nonce="$snonce" \
+ > s2digest-reply || exitcode=1
+
+status=`grep status= s2digest-reply | cut -f2- -d=`
+
+if test "X$status" = "Xfailed" ; then
+ echo "CHAP response fail as it should"
+else
+ echo "CHAP response succeeded errorously"
+ exitcode=1
+fi
+
+echo "Trying MS-CHAP-V2"
+
+${kdigest} digest-server-init \
+ --kerberos-realm=${R} \
+ --type=MS-CHAP-V2 \
+ > sdigest-reply || exitcode=1
+
+snonce=`grep server-nonce= sdigest-reply | cut -f2- -d=`
+opaque=`grep opaque= sdigest-reply | cut -f2- -d=`
+cnonce="21402324255E262A28295F2B3A337C7E"
+
+echo "MS-CHAP-V2 client request"
+${kdigest} digest-client-request \
+ --type=MS-CHAP-V2 \
+ --username="$username" \
+ --password="$userpassword" \
+ --opaque="$opaque" \
+ --client-nonce="$cnonce" \
+ --server-nonce="$snonce" \
+ > cdigest-reply || exitcode=1
+
+cresponseData=`grep responseData= cdigest-reply | cut -f2- -d=`
+cRsp=`grep AuthenticatorResponse= cdigest-reply | cut -f2- -d=`
+ckey=`grep session-key= cdigest-reply | cut -f2- -d=`
+
+${kdigest} digest-server-request \
+ --kerberos-realm=${R} \
+ --type=MS-CHAP-V2 \
+ --username="$username" \
+ --opaque="$opaque" \
+ --client-response="$cresponseData" \
+ --client-nonce="$cnonce" \
+ --server-nonce="$snonce" \
+ > s2digest-reply || exitcode=1
+
+status=`grep status= s2digest-reply | cut -f2- -d=`
+sRsp=`grep rsp= s2digest-reply | cut -f2- -d=`
+skey=`grep session-key= s2digest-reply | cut -f2- -d=`
+
+if test "X$sRsp" != "X$cRsp" ; then
+ echo "rsp wrong $sRsp != $cRsp"
+ exitcode=1
+fi
+
+if test "X$skey" != "X$ckey" ; then
+ echo "rsp wrong"
+ exitcode=1
+fi
+
+if test "X$status" = "Xok" ; then
+ echo "MS-CHAP-V2 response ok"
+else
+ echo "MS-CHAP-V2 response failed"
+ exitcode=1
+fi
+
+trap "" EXIT
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+exit $exitcode
+
Added: vendor-crypto/heimdal/dist/tests/kdc/check-iprop.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-iprop.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-iprop.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,248 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-iprop.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+# Dont run this test in AFS, since it lacks support for AF_UNIX
+expr "X`/bin/pwd || pwd`" : "X/afs/.*" > /dev/null 2>/dev/null && exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+cache="FILE:${objdir}/cache.krb5"
+keytabfile=${objdir}/iprop.keytab
+keytab="FILE:${keytabfile}"
+
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -r $R"
+ipropdslave="${TESTS_ENVIRONMENT} ../../lib/kadm5/ipropd-slave"
+ipropdmaster="${TESTS_ENVIRONMENT} ../../lib/kadm5/ipropd-master"
+iproplog="${TESTS_ENVIRONMENT} ../../lib/kadm5/iprop-log"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f current*.log
+rm -f out-*
+rm -f mkey.file*
+rm -f messages.log
+
+> messages.log
+
+echo Creating database
+${kadmin} -l \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} -l add -p foo --use-defaults user@${R} || exit 1
+
+${kadmin} -l add --random-key --use-defaults iprop/localhost@${R} || exit 1
+${kadmin} -l ext -k ${keytab} iprop/localhost@${R} || exit 1
+${kadmin} -l add --random-key --use-defaults iprop/slave@${R} || exit 1
+${kadmin} -l ext -k ${keytab} iprop/slave@${R} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+# -- foo
+ipds=
+ipdm=
+kdcpid=
+
+> iprop-stats
+trap "echo 'killing ipropd s + m + kdc'; kill \${ipdm} \${ipds} \${kdcpid} >/dev/null 2>/dev/null; tail messages.log ; tail iprop-stats; exit 1;" EXIT
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh || exit 1
+
+echo "starting master"
+${ipropdmaster} --hostname=localhost -k ${keytab} \
+ --database=${objdir}/current-db &
+ipdm=$!
+sh ${srcdir}/wait-kdc.sh ipropd-master || exit 1
+
+echo "starting slave"
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${ipropdslave} --hostname=slave -k ${keytab} localhost &
+ipds=$!
+sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
+
+echo "checking slave is up"
+${EGREP} 'iprop/slave at TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+
+# ----------------- checking: pushing lives changes
+
+echo "Add host"
+${kadmin} -l add --random-key --use-defaults host/foo@${R} || exit 1
+sleep 2
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${kadmin} -l get host/foo@${R} > /dev/null || exit 1
+
+echo "Rename host"
+${kadmin} -l rename host/foo@${R} host/bar@${R} || exit 1
+sleep 2
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${kadmin} -l get host/foo@${R} > /dev/null 2>/dev/null && exit 1
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${kadmin} -l get host/bar@${R} > /dev/null || exit 1
+
+echo "Delete host"
+${kadmin} -l delete host/bar@${R} || exit 1
+sleep 2
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${kadmin} -l get host/bar@${R} > /dev/null 2>/dev/null && exit 1
+
+echo "kill slave"
+> iprop-stats
+kill ${ipds}
+sleep 2
+
+${EGREP} 'iprop/slave at TEST.H5L.SE.*Down' iprop-stats >/dev/null || exit 1
+
+# ----------------- checking: slave is missing changes while down
+
+echo "doing changes while slave is down"
+${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
+${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
+
+echo "Makeing a copy of the master log file"
+cp ${objdir}/current.log ${objdir}/current.log.tmp
+
+# ----------------- checking: checking that master and slaves resyncs
+
+echo "starting slave again"
+> iprop-stats
+> messages.log
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${ipropdslave} --hostname=slave -k ${keytab} localhost &
+ipds=$!
+sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
+
+echo "checking slave is up again"
+${EGREP} 'iprop/slave at TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+echo "checking for replay problems"
+${EGREP} 'Entry already exists in database' messages.log && exit 1
+
+echo "kill slave and remove log and database"
+kill ${ipds}
+sleep 2
+
+rm current.slave.log current-db.slave* || exit 1
+> iprop-stats
+> messages.log
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${ipropdslave} --hostname=slave -k ${keytab} localhost &
+ipds=$!
+sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
+
+echo "checking slave is up again"
+${EGREP} 'iprop/slave at TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+echo "checking for replay problems"
+${EGREP} 'Entry already exists in database' messages.log && exit 1
+
+# ----------------- checking: checking live truncation of master log
+
+${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
+sleep 2
+
+echo "live truncate on master log"
+${iproplog} truncate || exit 1
+sleep 2
+
+echo "Killing master and slave"
+kill ${ipdm} ${ipds} >/dev/null 2>/dev/null
+
+sleep 2
+${EGREP} "^master down at " iprop-stats > /dev/null || exit 1
+
+echo "compare versions on master and slave logs"
+KRB5_CONFIG=${objdir}/krb5-slave.conf \
+${iproplog} last-version > slave-last.tmp
+${iproplog} last-version > master-last.tmp
+cmp master-last.tmp slave-last.tmp || exit 1
+
+# ----------------- checking: master going backward
+> iprop-stats
+> messages.log
+
+echo "Going back to old version of the master log file"
+cp ${objdir}/current.log.tmp ${objdir}/current.log
+
+echo "starting master"
+${ipropdmaster} --hostname=localhost -k ${keytab} \
+ --database=${objdir}/current-db &
+ipdm=$!
+sh ${srcdir}/wait-kdc.sh ipropd-master || exit 1
+
+echo "starting slave"
+KRB5_CONFIG="${objdir}/krb5-slave.conf" \
+${ipropdslave} --hostname=slave -k ${keytab} localhost &
+ipds=$!
+sh ${srcdir}/wait-kdc.sh ipropd-slave || exit 1
+
+echo "checking slave is up again"
+${EGREP} 'iprop/slave at TEST.H5L.SE.*Up' iprop-stats >/dev/null || exit 1
+echo "checking for replay problems"
+${EGREP} 'Entry already exists in database' messages.log && exit 1
+
+echo "pushing one change"
+${kadmin} -l cpw --random-password user@${R} > /dev/null || exit 1
+sleep 2
+
+trap "" EXIT
+kill ${ipdm} ${ipds} ${kdcpid}
+
+echo "compare versions on master and slave logs"
+KRB5_CONFIG=${objdir}/krb5-slave.conf \
+${iproplog} last-version > slave-last.tmp
+${iproplog} last-version > master-last.tmp
+cmp master-last.tmp slave-last.tmp || exit 1
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/kdc/check-kadmin.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-kadmin.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-kadmin.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,151 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-kadmin.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+R2=TEST2.H5L.SE
+
+port=@port@
+admport=@admport@
+
+cache="FILE:${objdir}/cache.krb5"
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+kadmind="${TESTS_ENVIRONMENT} ../../kadmin/kadmind -p $admport"
+
+server=host/datan.test.h5l.se
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+rm -f messages.log
+
+> messages.log
+
+echo Creating database
+${kadmin} -l \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} -l add -p foo --use-defaults foo/admin@${R} || exit 1
+${kadmin} -l add -p foo --use-defaults bar@${R} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ kill ${kadmpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid} ${kadmpid}" EXIT
+
+#----------------------------------
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+echo "kinit (no admin)"
+${kinit} --password-file=${objdir}/foopassword \
+ -S kadmin/admin@${R} bar@${R} || exit 1
+echo "kadmin"
+env KRB5CCNAME=${cache} \
+${kadmin} -p bar@${R} add -p foo --use-defaults kaka2@${R} ||
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+
+${kadmin} -l get kaka2@${R} > /dev/null ||
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+
+#----------------------------------
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+echo "kinit (admin)"
+${kinit} --password-file=${objdir}/foopassword \
+ -S kadmin/admin@${R} foo/admin@${R} || exit 1
+
+echo "kadmin"
+env KRB5CCNAME=${cache} \
+${kadmin} -p foo/admin@${R} add -p foo --use-defaults kaka@${R} ||
+ { echo "kadmin failed $?"; cat messages.log ; exit 1; }
+
+#----------------------------------
+${kadmind} -d &
+kadmpid=$!
+sleep 1
+
+echo "kadmin get doesnotexists"
+env KRB5CCNAME=${cache} \
+${kadmin} -p foo/admin@${R} get -s doesnotexists@${R} \
+ > /dev/null 2>kadmin.tmp && \
+ { echo "kadmin passed"; cat messages.log ; exit 1; }
+
+# evil hack to support libtool
+sed 's/lt-kadmin:/kadmin:/' < kadmin.tmp > kadmin2.tmp
+mv kadmin2.tmp kadmin.tmp
+
+cmp kadmin.tmp ${srcdir}/donotexists.txt || \
+ { echo "wrong response"; exit 1;}
+
+echo "killing kdc (${kdcpid} ${kadmpid})"
+kill ${kdcpid} ${kadmpid} > /dev/null 2>/dev/null
+
+trap "" EXIT
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/kdc/check-kdc.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-kdc.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-kdc.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,413 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-kdc.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+R2=TEST2.H5L.SE
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+server=host/datan.test.h5l.se
+server2=host/computer.example.com
+cache="FILE:${objdir}/cache.krb5"
+ocache="FILE:${objdir}/ocache.krb5"
+o2cache="FILE:${objdir}/o2cache.krb5"
+icache="FILE:${objdir}/icache.krb5"
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+ps="proxy-service@${R}"
+aesenctype="aes256-cts-hmac-sha1-96"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+kgetcred_imp="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache --out-cache=${ocache}"
+kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
+ktutil="${TESTS_ENVIRONMENT} ../../admin/ktutil"
+hxtool="${TESTS_ENVIRONMENT} ../../lib/hx509/hxtool"
+kimpersonate="${TESTS_ENVIRONMENT} ../../kuser/kimpersonate -k ${keytab} --ccache=${ocache}"
+test_renew="${TESTS_ENVIRONMENT} ../../lib/krb5/test_renew"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R2} || exit 1
+
+${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
+${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
+${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
+${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} add -p bar --use-defaults bar@${R} || exit 1
+${kadmin} add -p foo --use-defaults remove@${R} || exit 1
+${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
+${kadmin} add -p kaka --use-defaults ${server}-des3@${R} || exit 1
+${kadmin} add -p foo --use-defaults ${ps} || exit 1
+${kadmin} modify --attributes=+trusted-for-delegation ${ps} || exit 1
+${kadmin} modify --constrained-delegation=${server} ${ps} || exit 1
+${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
+${kadmin} ext -k ${keytab} ${ps} || exit 1
+
+${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1
+${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1
+${kadmin} add -p foo --use-defaults remove2@${R2} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
+
+${kadmin} add -p foo --use-defaults -- -p || exit 1
+${kadmin} delete -- -p || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+${kadmin} check ${R2} || exit 1
+
+echo "Extracting enctypes"
+${ktutil} -k ${keytab} list > tempfile || exit 1
+${EGREP} -v '^FILE:' tempfile | ${EGREP} -v '^Vno' | ${EGREP} -v '^$' | \
+ awk '$1 !~ /1/ { exit 1 }' || exit 1
+
+${kadmin} get foo@${R} > tempfile || exit 1
+enctypes=`grep Keytypes: tempfile | sed 's/(pw-salt)//g' | sed 's/,//g' | sed 's/Keytypes://'`
+
+enctype_sans_aes=`echo $enctypes | sed 's/aes[^ ]*//g'`
+enctype_sans_des3=`echo $enctypes | sed 's/des3-cbc-sha1//g'`
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+ec=0
+
+echo "Getting client initial tickets"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "Getting tickets"; > messages.log
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Listing tickets"; > messages.log
+${klist} > /dev/null || { ec=1 ; eval "${testfailed}"; }
+./ap-req ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Specific enctype"; > messages.log
+${kinit} --password-file=${objdir}/foopassword \
+ -e ${aesenctype} -e ${aesenctype} \
+ foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+for a in $enctypes; do
+ echo "Getting client initial tickets ($a)"; > messages.log
+ ${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || { ec=1 ; eval "${testfailed}"; }
+ echo "Getting tickets"; > messages.log
+ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+ ./ap-req ${server}@${R} ${keytab} ${cache} || { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy}
+done
+
+
+echo "Getting client initial tickets"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+for a in $enctypes; do
+ echo "Getting tickets ($a)"; > messages.log
+ ${kgetcred} -e $a ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+ ./ap-req ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy} --credential=${server}@${R}
+done
+${kdestroy}
+
+echo "Getting client initial tickets for cross realm case"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@$R || { ec=1 ; eval "${testfailed}"; }
+for a in $enctypes; do
+ echo "Getting cross realm tickets ($a)"; > messages.log
+ ${kgetcred} -e $a ${server2}@${R2} || { ec=1 ; eval "${testfailed}"; }
+ ./ap-req ${server2}@${R2} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy} --credential=${server2}@${R2}
+done
+${kdestroy}
+
+echo "try all permutations"; > messages.log
+for a in $enctypes; do
+ echo "Getting client initial tickets ($a)"; > messages.log
+ ${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+ for b in $enctypes; do
+ echo "Getting tickets ($a -> $b)"; > messages.log
+ ${kgetcred} -e $b ${server}@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ./ap-req ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy} --credential=${server}@${R}
+ done
+ ${kdestroy}
+done
+
+echo "Getting server initial tickets"; > messages.log
+${kinit} --keytab=${keytab} ${server}@$R || { ec=1 ; eval "${testfailed}"; }
+echo "Listing tickets"; > messages.log
+${klist} | grep "Principal: ${server}" > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "initial tickets for deleted user test case"; > messages.log
+${kinit} --password-file=${objdir}/foopassword remove@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+${kadmin} delete remove@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "try getting ticket with deleted user"; > messages.log
+${kgetcred} ${server}@${R} 2> /dev/null && { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "cross realm case (removed user)"; > messages.log
+${kinit} --password-file=${objdir}/foopassword remove2@$R2 || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} krbtgt/${R}@${R2} 2> /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kadmin} delete remove2@${R2} || exit 1
+${kgetcred} ${server}@${R} 2> /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "rename user"; > messages.log
+${kadmin} add -p foo --use-defaults rename@${R} || exit 1
+${kinit} --password-file=${objdir}/foopassword rename@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kadmin} rename rename@${R} rename2@${R} || exit 1
+${kinit} --password-file=${objdir}/foopassword rename2@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+${kadmin} delete rename2@${R} || exit 1
+
+echo "rename user to another realm"; > messages.log
+${kadmin} add -p foo --use-defaults rename@${R} || exit 1
+${kinit} --password-file=${objdir}/foopassword rename@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kadmin} rename rename@${R} rename@${R2} || exit 1
+${kinit} --password-file=${objdir}/foopassword rename@${R2} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+${kadmin} delete rename@${R2} || exit 1
+
+echo deleting all but aes enctypes on krbtgt
+${kadmin} del_enctype krbtgt/${R}@${R} ${enctype_sans_aes} || exit 1
+
+echo deleting all but des enctypes on server-des3
+${kadmin} del_enctype ${server}-des3@${R} ${enctype_sans_des3} || exit 1
+${kadmin} ext -k ${keytab} ${server}-des3@${R} || exit 1
+
+echo "try all permutations (only aes)"; > messages.log
+for a in $enctypes; do
+ echo "Getting client initial tickets ($a)"; > messages.log
+ ${kinit} --enctype=$a --password-file=${objdir}/foopassword foo@${R} ||\
+ { ec=1 ; eval "${testfailed}"; }
+ for b in $enctypes; do
+ echo "Getting tickets ($a -> $b)"; > messages.log
+ ${kgetcred} -e $b ${server}@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ./ap-req ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+
+ echo "Getting tickets ($a -> $b) (server des3 only)"; > messages.log
+ ${kgetcred} ${server}-des3@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ./ap-req ${server}-des3@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+
+ ${kdestroy} --credential=${server}@${R}
+ ${kdestroy} --credential=${server}-des3@${R}
+ done
+ ${kdestroy}
+done
+
+echo deleting all enctypes on krbtgt
+${kadmin} del_enctype krbtgt/${R}@${R} aes256-cts-hmac-sha1-96 || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "try initial ticket w/o and keys on krbtgt"
+${kinit} --password-file=${objdir}/foopassword foo@${R} 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+echo "adding random aes key"
+${kadmin} add_enctype -r krbtgt/${R}@${R} aes256-cts-hmac-sha1-96 || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "try initial ticket with random aes key on krbtgt"
+${kinit} --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+
+rsa=yes
+pkinit=no
+if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
+ rsa=no
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ rsa=no
+fi
+if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
+ pkinit=yes
+fi
+
+# If we support pkinit and have RSA, lets try that
+if test "$pkinit" = yes -a "$rsa" = yes ; then
+
+ for type in "" "--pk-use-enckey"; do
+ echo "Trying pk-init (principal in certificate) $type"; > messages.log
+ base="${srcdir}/../../lib/hx509/data"
+ ${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key bar@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy}
+
+ echo "Trying pk-init (principal in pki-mapping) $type"; > messages.log
+ ${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit.key foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy}
+
+ echo "Trying pk-init (password protected key) $type"; > messages.log
+ ${kinit} $type -C FILE:${base}/pkinit.crt,${base}/pkinit-pw.key --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kgetcred} ${server}@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy}
+
+ echo "Trying pk-init (proxy cert) $type"; > messages.log
+ base="${srcdir}/../../lib/hx509/data"
+ ${kinit} $type -C FILE:${base}/pkinit-proxy-chain.crt,${base}/pkinit-proxy.key foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy}
+
+ done
+else
+ echo "no pkinit (pkinit: $pkinit, rsa: $rsa)"; > messages.log
+fi
+
+echo "tickets for impersonate test case"; > messages.log
+${kinit} --forwardable --password-file=${objdir}/foopassword ${ps} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred_imp} --impersonate=bar@${R} ${ps} || \
+ { ec=1 ; eval "${testfailed}"; }
+./ap-req ${ps} ${keytab} ${ocache} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+echo test constrained delegation
+${kgetcred_imp} --forward --impersonate=bar@${R} ${ps} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+./ap-req ${server}@${R} ${keytab} ${o2cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} bar@${R} 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "test constrained delegation impersonation (non forward)"; > messages.log
+rm -f ocache.krb5
+${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "test constrained delegation impersonation (missing KRB5SignedPath)"; > messages.log
+rm -f ocache.krb5
+${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} -f forwardable || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} > /dev/null 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+
+${kdestroy}
+
+echo "check renewing" > messages.log
+${kinit} --renewable --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "kinit -R"
+${kinit} -R || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "check renewing MIT interface" > messages.log
+${kinit} --renewable --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "test_renew"
+env KRB5CCNAME=${cache} ${test_renew} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/kdc/check-keys.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-keys.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-keys.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,101 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-keys.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+principal=host/datan.test.h5l.se@${R}
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -r $R -l"
+
+CIN=${srcdir}/krb5.conf.keys.in
+COUT=${objdir}/krb5.conf.keys
+
+sedvars="-e s,[@]srcdir[@],${srcdir},g -e s,[@]objdir[@],${objdir},g"
+
+KRB5_CONFIG="${COUT}"
+export KRB5_CONFIG
+
+rm -f ${COUT}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+rm -f messages.log
+
+sed -e 's/@keys@/v5/' \
+ ${sedvars} < ${CIN} > ${COUT}
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults ${principal} || exit 1
+
+${kadmin} cpw -p foo ${principal} || exit 1
+
+sed -e 's/@keys@/v4/' \
+ ${sedvars} < ${CIN} > ${COUT}
+${kadmin} cpw -p foo ${principal} || exit 1
+
+sed -e 's/@keys@/v4 v5/' \
+ ${sedvars} < ${CIN} > ${COUT}
+${kadmin} cpw -p foo ${principal} || exit 1
+
+sed -e 's/@keys@/v5 v4/' \
+ ${sedvars} < ${CIN} > ${COUT}
+${kadmin} cpw -p foo ${principal} || exit 1
+
+sed -e 's/@keys@/des:pw-salt:/' \
+ ${sedvars} < ${CIN} > ${COUT}
+${kadmin} cpw -p foo ${principal} || exit 1
+
+sed -e 's/@keys@/des-cbc-crc:afs3-salt:test.h5l.se/' \
+ ${sedvars} < ${CIN} > ${COUT}
+${kadmin} cpw -p foo ${principal} || exit 1
+
+sed -e 's/@keys@/des:afs3-salt:test.h5l.se/' \
+ ${sedvars} < ${CIN} > ${COUT}
+${kadmin} cpw -p foo ${principal} || exit 1
+
+exit 0
Added: vendor-crypto/heimdal/dist/tests/kdc/check-pkinit.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-pkinit.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-pkinit.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,273 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2008 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-pkinit.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+server=host/datan.test.h5l.se
+cache="FILE:${objdir}/cache.krb5"
+keyfile="${srcdir}/../../lib/hx509/data/key.der"
+keyfile2="${srcdir}/../../lib/hx509/data/key2.der"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
+hxtool="${TESTS_ENVIRONMENT} ../../lib/hx509/hxtool"
+
+KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
+export KRB5_CONFIG
+
+rsa=yes
+pkinit=no
+if ${hxtool} info | grep 'rsa: hx509 null RSA' > /dev/null ; then
+ rsa=no
+fi
+if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
+ rsa=no
+fi
+
+if ${kinit} --help 2>&1 | grep "CA certificates" > /dev/null; then
+ pkinit=yes
+fi
+
+# If we doesn't support pkinit and have RSA, give up
+if test "$pkinit" != yes -o "$rsa" != yes ; then
+ exit 77
+fi
+
+
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} add -p bar --use-defaults bar@${R} || exit 1
+${kadmin} add -p baz --use-defaults baz@${R} || exit 1
+${kadmin} modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" baz@${R} || exit 1
+
+${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo "Setting up certificates"
+${hxtool} request-create \
+ --subject="CN=kdc,DC=test,DC=h5l,DC=se" \
+ --key=FILE:${keyfile2} \
+ req-kdc.der || exit 1
+${hxtool} request-create \
+ --subject="CN=bar,DC=test,DC=h5l,DC=se" \
+ --key=FILE:${keyfile2} \
+ req-pkinit.der || exit 1
+${hxtool} request-create \
+ --subject="CN=baz,DC=test,DC=h5l,DC=se" \
+ --key=FILE:${keyfile2} \
+ req-pkinit2.der || exit 1
+
+echo "issue self-signed ca cert"
+${hxtool} issue-certificate \
+ --self-signed \
+ --issue-ca \
+ --ca-private-key=FILE:${keyfile} \
+ --subject="CN=CA,DC=test,DC=h5l,DC=se" \
+ --certificate="FILE:ca.crt" || exit 1
+
+echo "issue kdc certificate"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
+ --type="pkinit-kdc" \
+ --pk-init-principal="krbtgt/TEST.H5L.SE at TEST.H5L.SE" \
+ --req="PKCS10:req-kdc.der" \
+ --certificate="FILE:kdc.crt" || exit 1
+
+echo "issue user certificate (pkinit san)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
+ --type="pkinit-client" \
+ --pk-init-principal="bar at TEST.H5L.SE" \
+ --req="PKCS10:req-pkinit.der" \
+ --certificate="FILE:pkinit.crt" || exit 1
+
+echo "issue user 2 certificate (no san)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
+ --type="pkinit-client" \
+ --req="PKCS10:req-pkinit2.der" \
+ --certificate="FILE:pkinit2.crt" || exit 1
+
+echo "issue user 3 certificate (ms san)"
+${hxtool} issue-certificate \
+ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
+ --type="pkinit-client" \
+ --ms-upn="bar at test.h5l.se" \
+ --req="PKCS10:req-pkinit2.der" \
+ --certificate="FILE:pkinit3.crt" || exit 1
+
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; cat ca.crt kdc.crt pkinit.crt ;exit 1;" EXIT
+
+ec=0
+
+echo "Trying pk-init (principal in cert)"; > messages.log
+base="${objdir}"
+${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} bar@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
+${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying pk-init (principal subject in DB)"; > messages.log
+${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying pk-init (ms upn)"; > messages.log
+${kinit} -C FILE:${base}/pkinit3.crt,${keyfile2} bar@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+KRB5_CONFIG="${objdir}/krb5-pkinit-win.conf"
+export KRB5_CONFIG
+
+echo "Duplicated tests, now in windows 2000 mode"
+
+echo "Trying pk-init (principal in cert)"; > messages.log
+base="${objdir}"
+${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} bar@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
+${kinit} -C FILE:${base}/pkinit.crt,${keyfile2} foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying pk-init (principal subject in DB)"; > messages.log
+${kinit} -C FILE:${base}/pkinit2.crt,${keyfile2} baz@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Trying pk-init (ms upn)"; > messages.log
+${kinit} -C FILE:${base}/pkinit3.crt,${keyfile2} bar@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+
+KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
+export KRB5_CONFIG
+
+echo "Trying PKCS11 support"
+
+cat > test-rc-file.rc <<EOF
+certificate cert User certificate FILE:${base}/pkinit.crt,${keyfile2}
+app-fatal true
+EOF
+
+SOFTPKCS11RC="test-rc-file.rc"
+export SOFTPKCS11RC
+
+dir=${base}/../../lib/hx509
+file=
+
+for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do
+ if [ -f $dir/$a ] ; then
+ file=$dir/$a
+ break
+ fi
+done
+
+if [ X"$file" != X -a @DLOPEN@ ] ; then
+
+ echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
+ ${kinit} -C PKCS11:${file} foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+ ${kdestroy}
+
+fi
+
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/kdc/check-referral.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-referral.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-referral.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,200 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-referral.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+R2=SUB.TEST.H5L.SE
+
+service=ldap/host.sub.test.h5l.se
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+cache="FILE:${objdir}/cache.krb5"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
+
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R2} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1
+
+${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1
+
+${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
+${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+${kadmin} check ${R2} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+ec=0
+
+echo "Test AS-REQ"
+
+echo "Getting client (no canon)"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "checking that we got back right principal"
+${klist} | grep "Principal: foo@${R}" > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
+${kinit} --canonicalize \
+ --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "checking that we got back right principal"
+${klist} | grep "Principal: foo@${R}" > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Getting client alias1 tickets"; > messages.log
+${kinit} --canonicalize \
+ --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "checking that we got back right principal"
+${klist} | grep "Principal: foo@${R}" > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+
+echo "Getting client alias2 tickets"; > messages.log
+${kinit} --canonicalize \
+ --password-file=${objdir}/foopassword alias2@${R}@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "checking that we got back right principal"
+${klist} | grep "Principal: foo@${R}" > /dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Getting client alias1 tickets (non canon case)"; > messages.log
+${kinit} --password-file=${objdir}/foopassword \
+ alias1@${R}@${R} > /dev/null 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting client alias2 tickets (removed)"; > messages.log
+${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
+${kinit} --canonicalize \
+ --password-file=${objdir}/foopassword \
+ alias2@${R}@${R} > /dev/null 2>/dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Remove alias"
+${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; }
+
+echo "Test TGS-REQ"
+
+#echo "Getting client for ${service}@${R} (kdc referral)"
+#> messages.log
+#${kinit} --password-file=${objdir}/foopassword foo@${R} || \
+# { ec=1 ; eval "${testfailed}"; }
+#${kgetcred} --server ${service}@${R} ||
+# { ec=1 ; eval "${testfailed}"; }
+#${klist}
+#echo "checking that we got back right principal"
+#${klist} | grep "${service}@${R2}" > /dev/null || \
+# { ec=1 ; eval "${testfailed}"; }
+#${kdestroy}
+#
+#echo "Getting client for ${service}@${R2} (client side guessing)"
+#> messages.log
+#${kinit} --password-file=${objdir}/foopassword foo@${R} || \
+# { ec=1 ; eval "${testfailed}"; }
+#${kgetcred} --server ${service}@${R2} ||
+# { ec=1 ; eval "${testfailed}"; }
+#${klist}
+#echo "checking that we got back right principal"
+#${klist} | grep "${service}@${R2}" > /dev/null || \
+# { ec=1 ; eval "${testfailed}"; }
+#${kdestroy}
+
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/kdc/check-uu.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/check-uu.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/check-uu.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,138 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-uu.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+uuspid=
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+cache1="FILE:${objdir}/cache1.krb5"
+cache2="FILE:${objdir}/cache2.krb5"
+
+kinit1="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache1 --no-afslog"
+kinit2="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache2 --no-afslog"
+kdestroy1="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache1 --no-unlog"
+kdestroy2="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache2 --no-unlog"
+uu_server="${TESTS_ENVIRONMENT} ../../appl/test/uu_server"
+uu_client="${TESTS_ENVIRONMENT} ../../appl/test/uu_client"
+
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults user1@${R} || exit 1
+${kadmin} add -p foo --use-defaults user2@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid} ${uuspid}; echo signal killing kdc; exit 1;" EXIT
+
+ec=0
+
+echo "Getting client initial tickets user1"; > messages.log
+${kinit1} --password-file=${objdir}/foopassword user1@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting client initial tickets user2"; > messages.log
+${kinit2} --password-file=${objdir}/foopassword user2@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+
+echo "starting uu server (using user1)"
+KRB5CCNAME=$cache1 ${uu_server} > uuserver.log &
+uuspid=$!
+sleep 5
+
+echo "trying to contact server with client (using user2)"
+KRB5CCNAME=$cache2 ${uu_client} localhost > messages.log 2>&1 || \
+ { ec=1; eval "${testfailed}"; }
+
+sleep 5
+
+echo "checking if server got the right message"
+cmp uuserver.log ${srcdir}/uuserver.txt || \
+ { ec=1; eval "${testfailed}"; }
+
+uuspid=""
+
+${kdestroy1}
+${kdestroy2}
+
+echo "killing kdc uu_server (${kdcpid} ${uuspid})"
+kill $kdcpid $uuspid || exit 1
+
+trap "" EXIT
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/kdc/donotexists.txt
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/donotexists.txt (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/donotexists.txt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+kadmin: get doesnotexists at TEST.H5L.SE: Principal does not exist
Added: vendor-crypto/heimdal/dist/tests/kdc/heimdal.acl
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/heimdal.acl (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/heimdal.acl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+# $Id: heimdal.acl,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+foo/admin at TEST.H5L.SE all
+bar at TEST.H5L.SE all
Added: vendor-crypto/heimdal/dist/tests/kdc/iprop-acl
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/iprop-acl (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/iprop-acl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1 @@
+iprop/slave at TEST.H5L.SE
Added: vendor-crypto/heimdal/dist/tests/kdc/krb5-pkinit.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/krb5-pkinit.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/krb5-pkinit.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,33 @@
+# $Id: krb5-pkinit.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+ no-addresses = TRUE
+
+[appdefaults]
+ pkinit_anchors = FILE:@objdir@/ca.crt
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ pkinit_win2k = @w2k@
+ }
+
+[kdc]
+ enable-pkinit = true
+ pkinit_identity = FILE:@objdir@/kdc.crt, at srcdir@/../../lib/hx509/data/key2.der
+ pkinit_anchors = FILE:@objdir@/ca.crt
+ pkinit_mappings_file = @srcdir@/pki-mapping
+
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
Added: vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,56 @@
+# $Id: krb5.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+ no-addresses = TRUE
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ admin_server = localhost:@admport@
+ }
+ SUB.TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+ TEST2.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[domain_realms]
+ .sub.test.h5l.se = SUB.TEST.H5L.SE
+ localhost = TEST.H5L.SE
+
+
+[kdc]
+ enable-digest = true
+ digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
+
+ enable-pkinit = true
+ pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt, at srcdir@/../../lib/hx509/data/kdc.key
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+ pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
+# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
+ pkinit_mappings_file = @srcdir@/pki-mapping
+ pkinit_allow_proxy_certificate = true
+
+ database = {
+ dbname = @objdir@/current-db at kdc@
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ log_file = @objdir@/current at kdc@.log
+ }
+
+ signal_socket = @objdir@/signal
+ iprop-stats = @objdir@/iprop-stats
+ iprop-acl = @srcdir@/iprop-acl
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+ save-password = true
Added: vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.keys.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.keys.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/krb5.conf.keys.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,13 @@
+# $Id: krb5.conf.keys.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[kdc]
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ acl_file = @srcdir@/heimdal.acl
+ }
+
+
+[kadmin]
+ default_keys = @keys@
Added: vendor-crypto/heimdal/dist/tests/kdc/ntlm-user-file.txt
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/ntlm-user-file.txt (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/ntlm-user-file.txt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,2 @@
+# $Id: ntlm-user-file.txt,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+TEST:foo:digestpassword
Added: vendor-crypto/heimdal/dist/tests/kdc/pki-mapping
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/pki-mapping (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/pki-mapping 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,3 @@
+# $Id: pki-mapping,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+foo at TEST.H5L.SE:CN=pkinit,C=SE
+foo at TEST.H5L.SE:CN=bar,DC=test,DC=h5l,DC=se
Added: vendor-crypto/heimdal/dist/tests/kdc/uuserver.txt
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/uuserver.txt (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/uuserver.txt 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,4 @@
+User is `user2 at TEST.H5L.SE'
+Server is `user1 at TEST.H5L.SE'
+safe packet: hej
+priv packet: hemligt
Added: vendor-crypto/heimdal/dist/tests/kdc/wait-kdc.sh
===================================================================
--- vendor-crypto/heimdal/dist/tests/kdc/wait-kdc.sh (rev 0)
+++ vendor-crypto/heimdal/dist/tests/kdc/wait-kdc.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: wait-kdc.sh,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+name=${1:-KDC}
+log=${2:-messages.log}
+
+t=0
+waitsec=20
+
+echo "Waiting for ${name} to start, looking logfile ${log}"
+
+while true ; do
+ t=`expr ${t} + 2`
+ sleep 2
+ echo "Have waited $t seconds"
+ if tail -30 ${log} | grep "${name} started" > /dev/null; then
+ break
+ fi
+ if tail -30 ${log} | grep "No sockets" ; then
+ echo "The ${name} failed to bind to any sockets, another ${name} running ?"
+ exit 1
+ fi
+ if tail -30 ${log} | grep "bind" | grep "Operation not permitted" ; then
+ echo "The ${name} failed to bind to any sockets, another ${name} running ?"
+ exit 1
+ fi
+ if [ "$t" -gt $waitsec ]; then
+ echo "Waited for $waitsec for the ${name} to start, and it didnt happen"
+ exit 2
+ fi
+done
+
+exit 0
\ No newline at end of file
Added: vendor-crypto/heimdal/dist/tests/ldap/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,52 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf
+
+check_SCRIPTS = $(TESTS) slapd-init
+
+TESTS = check-ldap
+
+port = 49188
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/ldap,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+check-ldap: check-ldap.in Makefile
+ $(do_subst) < $(srcdir)/check-ldap.in > check-ldap.tmp
+ chmod +x check-ldap.tmp
+ mv check-ldap.tmp check-ldap
+
+slapd-init: slapd-init.in Makefile
+ $(do_subst) < $(srcdir)/slapd-init.in > slapd-init.tmp
+ chmod +x slapd-init.tmp
+ mv slapd-init.tmp slapd-init
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+CLEANFILES= \
+ $(TESTS) \
+ check-ldap.tmp \
+ slapd-init.tmp \
+ current-db* \
+ krb5.conf krb5.conf.tmp \
+ modules.conf \
+ cache.krb5 \
+ slapd-init \
+ foopassword \
+ messages.log \
+ slapd.pid
+
+EXTRA_DIST = \
+ samba.schema \
+ slapd.conf \
+ slapd-stop \
+ check-ldap.in \
+ init.ldif \
+ krb5.conf.in \
+ slapd-init.in
Added: vendor-crypto/heimdal/dist/tests/ldap/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,779 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tests/ldap
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+DATA = $(noinst_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = krb5.conf
+check_SCRIPTS = $(TESTS) slapd-init
+TESTS = check-ldap
+port = 49188
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/ldap,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+CLEANFILES = \
+ $(TESTS) \
+ check-ldap.tmp \
+ slapd-init.tmp \
+ current-db* \
+ krb5.conf krb5.conf.tmp \
+ modules.conf \
+ cache.krb5 \
+ slapd-init \
+ foopassword \
+ messages.log \
+ slapd.pid
+
+EXTRA_DIST = \
+ samba.schema \
+ slapd.conf \
+ slapd-stop \
+ check-ldap.in \
+ init.ldif \
+ krb5.conf.in \
+ slapd-init.in
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/ldap/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/ldap/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(DATA) all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-TESTS check-am check-local \
+ clean clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-hook install-dvi install-dvi-am \
+ install-exec install-exec-am install-exec-hook install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-hook
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+check-ldap: check-ldap.in Makefile
+ $(do_subst) < $(srcdir)/check-ldap.in > check-ldap.tmp
+ chmod +x check-ldap.tmp
+ mv check-ldap.tmp check-ldap
+
+slapd-init: slapd-init.in Makefile
+ $(do_subst) < $(srcdir)/slapd-init.in > slapd-init.tmp
+ chmod +x slapd-init.tmp
+ mv slapd-init.tmp slapd-init
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/ldap/check-ldap.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/check-ldap.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/check-ldap.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,143 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-ldap.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+R=TEST.H5L.SE
+
+port=@port@
+
+cache="FILE:${objdir}/cache.krb5"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r $R"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+testfailed="echo test failed; exit 1"
+
+# If there is no ldap support compile in, disable test
+if ${kdc} --builtin-hdb | grep ldap > /dev/null ; then
+ :
+else
+ echo "no ldap support"
+ exit 77
+fi
+
+#search for all ldap tools
+
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/libexec:/usr/lib/openldap:$PATH
+export PATH
+
+oldifs=$IFS
+IFS=:
+set -- $PATH
+IFS=$oldifs
+for j in slapd slapadd; do
+ for i in $*; do
+ test -n "$i" || i="."
+ if test -x $i/$j; then
+ continue 2
+ fi
+ done
+ echo "$j missing, not running test"
+ exit 77
+done
+
+sh ${objdir}/slapd-init || exit 1
+
+trap "sh ${srcdir}/slapd-stop ; exit 1;" EXIT
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f current-db*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} add -p foo --use-defaults bar@${R} || exit 1
+
+${kadmin} cpw --random-password bar@${R} > /dev/null || exit 1
+${kadmin} cpw --random-password bar@${R} > /dev/null || exit 1
+${kadmin} cpw --random-password bar@${R} > /dev/null || exit 1
+
+${kadmin} cpw --random-password suser@${R} > /dev/null|| exit 1
+${kadmin} cpw --password=foo suser@${R} || exit 1
+
+${kadmin} list '*' > /dev/null || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ sh ${srcdir}/slapd-stop
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; sh ${srcdir}/slapd-stop ; exit 1;" EXIT
+
+ec=0
+
+echo "Getting client initial tickets";
+${kinit} --password-file=${objdir}/foopassword foo@$R || \
+ { ec=1 ; eval "${testfailed}"; }
+
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+trap "" EXIT
+
+# kill of old slapd
+sh ${srcdir}/slapd-stop
+
+rm -rf db schema
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/ldap/init.ldif
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/init.ldif (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/init.ldif 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,44 @@
+dn: o=TEST,dc=H5L,dc=SE
+objectclass: organization
+o: Test
+
+dn: ou=kerberosPrincipals,o=TEST,dc=H5L,dc=SE
+objectclass: organizationalUnit
+ou: kerberosPrincipals
+
+dn: uid=suser,ou=kerberosPrincipals,o=TEST,dc=H5L,dc=SE
+cn: root
+sn: root
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+gidNumber: 0
+uid: suser
+uidNumber: 0
+homeDirectory: /root
+loginShell: /bin/bash
+gecos: Netbios root user
+structuralObjectClass: inetOrgPerson
+creatorsName: cn=root,dc=test,dc=h5l,dc=se
+userPassword:: AAAAAA
+objectClass: krb5KDCEntry
+krb5KeyVersionNumber: 2
+krb5PrincipalName: suser at TEST.H5L.SE
+objectClass: sambaSamAccount
+sambaHomePath: \\admin1\suser
+sambaPwdCanChange: 1159699688
+sambaPwdLastSet: 1159699688
+sambaPrimaryGroupSID: S-1-5-21-3017333096-1338036268-1966094567-512
+sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
+ 00000000
+sambaLMPassword: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+sambaNTPassword: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdMustChange: 2147483647
+sambaHomeDrive: H:
+sambaAcctFlags: [U ]
+sambaSID: S-1-5-21-3017333096-1338036268-1966094567-1000
Added: vendor-crypto/heimdal/dist/tests/ldap/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,21 @@
+# $Id: krb5.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+ no-addresses = TRUE
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[kdc]
+ database = {
+ dbname = ldapi://ldap-socket:OU=KerberosPrincipals,o=test,DC=h5l,DC=se
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
Added: vendor-crypto/heimdal/dist/tests/ldap/samba.schema
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/samba.schema (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/samba.schema 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,554 @@
+##
+## schema file for OpenLDAP 2.x
+## Schema for storing Samba user accounts and group maps in LDAP
+## OIDs are owned by the Samba Team
+##
+## Prerequisite schemas - uid (cosine.schema)
+## - displayName (inetorgperson.schema)
+## - gidNumber (nis.schema)
+##
+## 1.3.6.1.4.1.7165.2.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.2.x - objectclasses
+##
+## Printer support
+## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
+##
+## Samba4
+## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
+## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
+## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
+##
+## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
+##
+## Run the 'get_next_oid' bash script in this directory to find the
+## next available OID for attribute type and object classes.
+##
+## $ ./get_next_oid
+## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
+## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
+##
+## Also ensure that new entries adhere to the declaration style
+## used throughout this file
+##
+## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
+## ^ ^ ^
+##
+## The spaces are required for the get_next_oid script (and for
+## readability).
+##
+## ------------------------------------------------------------------
+
+# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
+# objectIdentifier Samba3 SambaRoot:2
+# objectIdentifier Samba3Attrib Samba3:1
+# objectIdentifier Samba3ObjectClass Samba3:2
+# objectIdentifier Samba4 SambaRoot:4
+
+########################################################################
+## HISTORICAL ##
+########################################################################
+
+##
+## Password hashes
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
+# DESC 'LanManager Passwd'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
+# DESC 'NT Passwd'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX ])
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
+# DESC 'Account Flags'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
+# DESC 'NT pwdLastSet'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
+# DESC 'NT logonTime'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
+# DESC 'NT logoffTime'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
+# DESC 'NT kickoffTime'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
+# DESC 'NT pwdCanChange'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
+# DESC 'NT pwdMustChange'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## string settings
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
+# DESC 'NT homeDrive'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
+# DESC 'NT scriptPath'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
+# DESC 'NT profilePath'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
+# DESC 'userWorkstations'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
+# DESC 'smbHome'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
+# DESC 'Windows NT domain to which the user belongs'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+##
+## user and group RID
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
+# DESC 'NT rid'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
+# DESC 'NT Group RID'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## The smbPasswordEntry objectclass has been depreciated in favor of the
+## sambaAccount objectclass
+##
+#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
+# DESC 'Samba smbpasswd entry'
+# MUST ( uid $ uidNumber )
+# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+# DESC 'Samba Account'
+# MUST ( uid $ rid )
+# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+# description $ userWorkstations $ primaryGroupID $ domain ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
+# DESC 'Samba Auxiliary Account'
+# MUST ( uid $ rid )
+# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+# description $ userWorkstations $ primaryGroupID $ domain ))
+
+########################################################################
+## END OF HISTORICAL ##
+########################################################################
+
+#######################################################################
+## Attributes used by Samba 3.0 schema ##
+#######################################################################
+
+##
+## Password hashes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
+ DESC 'LanManager Password'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
+ DESC 'MD4 hash of the unicode password'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX ])
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
+ DESC 'Account Flags'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
+ DESC 'Timestamp of the last password update'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
+ DESC 'Timestamp of when the user is allowed to update the password'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
+ DESC 'Timestamp of when the password will expire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
+ DESC 'Timestamp of last logon'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
+ DESC 'Timestamp of last logoff'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
+ DESC 'Timestamp of when the user will be logged off automatically'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
+ DESC 'Bad password attempt count'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
+ DESC 'Time of the last bad password attempt'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
+ DESC 'Logon Hours'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
+
+##
+## string settings
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
+ DESC 'Driver letter of home directory mapping'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
+ DESC 'Logon script path'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
+ DESC 'Roaming profile path'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
+ DESC 'List of user workstations the user is allowed to logon to'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
+ DESC 'Home directory UNC path'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
+ DESC 'Windows NT domain to which the user belongs'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
+ DESC 'Base64 encoded user parameter string'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
+ DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+##
+## SID, of any type
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
+ DESC 'Security ID'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+##
+## Primary group SID, compatible with ntSid
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
+ DESC 'Primary Group Security ID'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
+ DESC 'Security ID List'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+##
+## group mapping attributes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
+ DESC 'NT Group Type'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## Store info on the domain
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
+ DESC 'Next NT rid to give our for users'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
+ DESC 'Next NT rid to give out for groups'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
+ DESC 'Next NT rid to give out for anything'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
+ DESC 'Base at which the samba RID generation algorithm should operate'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
+ DESC 'Share Name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
+ DESC 'Option Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
+ DESC 'A boolean option'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
+ DESC 'An integer option'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
+ DESC 'A string option'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
+ DESC 'A string list option'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
+## SUP name )
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
+## DESC 'Privileges List'
+## EQUALITY caseIgnoreIA5Match
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
+ DESC 'Trust Password Flags'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# "min password length"
+attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
+ DESC 'Minimal password length (default: 5)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "password history"
+attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
+ DESC 'Length of Password History Entries (default: 0 => off)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "user must logon to change password"
+attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
+ DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "maximum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
+ DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "minimum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
+ DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "lockout duration"
+attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
+ DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "reset count minutes"
+attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
+ DESC 'Reset time after lockout in minutes (default: 30)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "bad lockout attempt"
+attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
+ DESC 'Lockout users after bad logon attempts (default: 0 => off)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "disconnect time"
+attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
+ DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "refuse machine password change"
+attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
+ DESC 'Allow Machine Password changes (default: 0 => off)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+
+
+
+#######################################################################
+## objectClasses used by Samba 3.0 schema ##
+#######################################################################
+
+## The X.500 data model (and therefore LDAPv3) says that each entry can
+## only have one structural objectclass. OpenLDAP 2.0 does not enforce
+## this currently but will in v2.1
+
+##
+## added new objectclass (and OID) for 3.0 to help us deal with backwards
+## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
+ DESC 'Samba 3.0 Auxilary SAM Account'
+ MUST ( uid $ sambaSID )
+ MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
+ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
+ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
+ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
+ sambaProfilePath $ description $ sambaUserWorkstations $
+ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
+ sambaBadPasswordCount $ sambaBadPasswordTime $
+ sambaPasswordHistory $ sambaLogonHours))
+
+##
+## Group mapping info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
+ DESC 'Samba Group Mapping'
+ MUST ( gidNumber $ sambaSID $ sambaGroupType )
+ MAY ( displayName $ description $ sambaSIDList ))
+
+##
+## Trust password for trust relationships (any kind)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
+ DESC 'Samba Trust Password'
+ MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
+ MAY ( sambaSID $ sambaPwdLastSet ))
+
+##
+## Whole-of-domain info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
+ DESC 'Samba Domain Information'
+ MUST ( sambaDomainName $
+ sambaSID )
+ MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
+ sambaAlgorithmicRidBase $
+ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
+ sambaMaxPwdAge $ sambaMinPwdAge $
+ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
+ sambaForceLogoff $ sambaRefuseMachinePwdChange ))
+
+##
+## used for idmap_ldap module
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
+ DESC 'Pool for allocating UNIX uids/gids'
+ MUST ( uidNumber $ gidNumber ) )
+
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
+ DESC 'Mapping from a SID to an ID'
+ MUST ( sambaSID )
+ MAY ( uidNumber $ gidNumber ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
+ DESC 'Structural Class for a SID'
+ MUST ( sambaSID ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
+ DESC 'Samba Configuration Section'
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
+ DESC 'Samba Share Section'
+ MUST ( sambaShareName )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
+ DESC 'Samba Configuration Option'
+ MUST ( sambaOptionName )
+ MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
+ sambaStringListoption $ description ) )
+
+
+## retired during privilege rewrite
+##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
+## DESC 'Samba Privilege'
+## MUST ( sambaSID )
+## MAY ( sambaPrivilegeList ) )
Added: vendor-crypto/heimdal/dist/tests/ldap/slapd-init.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/slapd-init.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/slapd-init.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,39 @@
+#!/bin/sh
+# $Id: slapd-init.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+srcdir=@srcdir@
+
+rm -rf db schema
+mkdir db
+
+# kill of old slapd if running
+sh ${srcdir}/slapd-stop > /dev/null
+
+SCHEMA_NEEDED="hdb core nis cosine inetorgperson openldap samba"
+
+SCHEMA_PATHS="${srcdir}/../../lib/hdb ${srcdir} /etc/ldap/schema /etc/openldap/schema /private/etc/openldap/schema /usr/share/openldap/schema"
+
+test -d schema || mkdir schema
+
+# setup needed schema files
+for f in $SCHEMA_NEEDED; do
+ if [ ! -r schema/$f.schema ]; then
+ for d in $SCHEMA_PATHS ; do
+ if [ -r $d/$f.schema ] ; then
+ cp $d/$f.schema schema/$f.schema
+ continue 2
+ fi
+ done
+ echo "SKIPPING TESTS: you need the following schema file: $f.schema"
+ exit 1
+ fi
+done
+
+touch modules.conf || exit 1
+
+slapadd -d 0 -f ${srcdir}/slapd.conf < ${srcdir}/init.ldif || exit 0
+
+echo "starting slapd"
+slapd -d0 -f ${srcdir}/slapd.conf -h ldapi://.%2Fldap-socket &
+
+sleep 4
Added: vendor-crypto/heimdal/dist/tests/ldap/slapd-stop
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/slapd-stop (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/slapd-stop 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,18 @@
+#!/bin/sh
+# $Id: slapd-stop,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+echo stoping slapd
+
+# kill of old slapd
+if [ -f slapd.pid ]; then
+ kill `cat slapd.pid`
+ sleep 5
+fi
+if [ -f slapd.pid ]; then
+ kill -9 `cat slapd.pid`
+ rm -f slapd.pid
+ sleep 5
+fi
+
+exit 0
+
Added: vendor-crypto/heimdal/dist/tests/ldap/slapd.conf
===================================================================
--- vendor-crypto/heimdal/dist/tests/ldap/slapd.conf (rev 0)
+++ vendor-crypto/heimdal/dist/tests/ldap/slapd.conf 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,28 @@
+loglevel 0
+
+include schema/core.schema
+include schema/cosine.schema
+include schema/inetorgperson.schema
+include schema/openldap.schema
+include schema/nis.schema
+include schema/hdb.schema
+include schema/samba.schema
+
+
+pidfile slapd.pid
+argsfile slapd.args
+
+access to * by * write
+
+allow update_anon bind_anon_dn
+
+include modules.conf
+
+defaultsearchbase "ou=TEST,dc=H5L,dc=SE"
+
+backend bdb
+database bdb
+suffix "o=TEST,dc=H5L,dc=SE"
+directory db
+index objectClass eq
+index uid eq
Added: vendor-crypto/heimdal/dist/tests/plugin/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tests/plugin/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tests/plugin/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,43 @@
+# $Id: Makefile.am,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+noinst_DATA = krb5.conf
+
+SCRIPT_TESTS = check-pac
+TESTS = $(SCRIPT_TESTS)
+
+port = 49188
+
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/plugin,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+
+check-pac: check-pac.in Makefile
+ $(do_subst) < $(srcdir)/check-pac.in > check-pac.tmp
+ chmod +x check-pac.tmp
+ mv check-pac.tmp check-pac
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+
+lib_LTLIBRARIES = windc.la
+
+windc_la_SOURCES = windc.c
+windc_la_LDFLAGS = -module
+
+CLEANFILES= \
+ $(TESTS) \
+ server.keytab \
+ current-db* \
+ foopassword \
+ krb5.conf krb5.conf.tmp \
+ messages.log
+
+EXTRA_DIST = \
+ check-pac.in \
+ krb5.conf.in
Added: vendor-crypto/heimdal/dist/tests/plugin/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/plugin/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/plugin/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,890 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tests/plugin
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(libdir)"
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(lib_LTLIBRARIES)
+windc_la_LIBADD =
+am_windc_la_OBJECTS = windc.lo
+windc_la_OBJECTS = $(am_windc_la_OBJECTS)
+windc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(windc_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I. -I$(top_builddir)/include at am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(windc_la_SOURCES)
+DIST_SOURCES = $(windc_la_SOURCES)
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+noinst_DATA = krb5.conf
+SCRIPT_TESTS = check-pac
+TESTS = $(SCRIPT_TESTS)
+port = 49188
+do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+ -e 's,[@]port[@],$(port),g' \
+ -e 's,[@]objdir[@],$(top_builddir)/tests/plugin,g' \
+ -e 's,[@]EGREP[@],$(EGREP),g'
+
+LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken)
+lib_LTLIBRARIES = windc.la
+windc_la_SOURCES = windc.c
+windc_la_LDFLAGS = -module
+CLEANFILES = \
+ $(TESTS) \
+ server.keytab \
+ current-db* \
+ foopassword \
+ krb5.conf krb5.conf.tmp \
+ messages.log
+
+EXTRA_DIST = \
+ check-pac.in \
+ krb5.conf.in
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/plugin/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tests/plugin/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+ $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+windc.la: $(windc_la_OBJECTS) $(windc_la_DEPENDENCIES)
+ $(windc_la_LINK) -rpath $(libdir) $(windc_la_OBJECTS) $(windc_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
+ END { for (i in files) print i; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *$$ws$$tst$$ws*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ echo "SKIP: $$tst"; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ skipped="($$skip tests were not run)"; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(DATA) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \
+ check-local clean clean-generic clean-libLTLIBRARIES \
+ clean-libtool ctags dist-hook distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-hook \
+ uninstall-libLTLIBRARIES
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+check-pac: check-pac.in Makefile
+ $(do_subst) < $(srcdir)/check-pac.in > check-pac.tmp
+ chmod +x check-pac.tmp
+ mv check-pac.tmp check-pac
+
+krb5.conf: krb5.conf.in Makefile
+ $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
+ mv krb5.conf.tmp krb5.conf
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tests/plugin/check-pac.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/plugin/check-pac.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/plugin/check-pac.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,147 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 - 2007 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: check-pac.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+
+srcdir="@srcdir@"
+objdir="@objdir@"
+EGREP="@EGREP@"
+
+testfailed="echo test failed; cat messages.log; exit 1"
+
+# If there is no useful db support compile in, disable test
+../db/have-db || exit 77
+
+R=TEST.H5L.SE
+
+port=@port@
+
+kadmin="${TESTS_ENVIRONMENT} ../../kadmin/kadmin -l -r ${R}"
+kdc="${TESTS_ENVIRONMENT} ../../kdc/kdc --addresses=localhost -P $port"
+
+server=host/datan.test.h5l.se
+cache="FILE:${objdir}/cache.krb5"
+keytabfile=${objdir}/server.keytab
+keytab="FILE:${keytabfile}"
+
+kinit="${TESTS_ENVIRONMENT} ../../kuser/kinit -c $cache --no-afslog"
+klist="${TESTS_ENVIRONMENT} ../../kuser/klist -c $cache"
+kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache"
+kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog"
+
+KRB5_CONFIG="${objdir}/krb5.conf"
+export KRB5_CONFIG
+
+rm -f ${keytabfile}
+rm -f current-db*
+rm -f out-*
+rm -f mkey.file*
+
+> messages.log
+
+echo Creating database
+${kadmin} \
+ init \
+ --realm-max-ticket-life=1day \
+ --realm-max-renewable-life=1month \
+ ${R} || exit 1
+
+${kadmin} add -p foo --use-defaults foo@${R} || exit 1
+${kadmin} add -p bar --use-defaults ${server}@${R} || exit 1
+${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
+
+echo "Doing database check"
+${kadmin} check ${R} || exit 1
+${kadmin} check ${R2} || exit 1
+
+echo foo > ${objdir}/foopassword
+
+echo "Empty log"
+> messages.log
+
+echo Starting kdc
+${kdc} &
+kdcpid=$!
+
+sh ${srcdir}/../kdc/wait-kdc.sh
+if [ "$?" != 0 ] ; then
+ kill ${kdcpid}
+ exit 1
+fi
+
+trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
+
+ec=0
+
+echo "Check that WINDC module was loaded "
+grep "windc init" messages.log >/dev/null || \
+ { ec=1 ; eval "${testfailed}"; }
+
+echo "Getting client initial tickets"; > messages.log
+${kinit} --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "Getting tickets" ; > messages.log
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Verify PAC on server"; > messages.log
+../kdc/ap-req --verify-pac ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Getting client initial tickets (pag)"; > messages.log
+${kinit} --request-pac --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "Getting tickets" ; > messages.log
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Verify PAC on server (pag)"; > messages.log
+../kdc/ap-req --verify-pac ${server}@${R} ${keytab} ${cache} || \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+echo "Getting client initial tickets (no pag)"; > messages.log
+${kinit} --no-request-pac --password-file=${objdir}/foopassword foo@${R} || \
+ { ec=1 ; eval "${testfailed}"; }
+echo "Getting tickets" ; > messages.log
+${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+echo "Verify PAC on server (no pag)"; > messages.log
+../kdc/ap-req --verify-pac ${server}@${R} ${keytab} ${cache} 2> /dev/null && \
+ { ec=1 ; eval "${testfailed}"; }
+${kdestroy}
+
+
+echo "killing kdc (${kdcpid})"
+kill $kdcpid || exit 1
+
+trap "" EXIT
+
+exit $ec
Added: vendor-crypto/heimdal/dist/tests/plugin/krb5.conf.in
===================================================================
--- vendor-crypto/heimdal/dist/tests/plugin/krb5.conf.in (rev 0)
+++ vendor-crypto/heimdal/dist/tests/plugin/krb5.conf.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,29 @@
+# $Id: krb5.conf.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+[libdefaults]
+ default_realm = TEST.H5L.SE
+ no-addresses = TRUE
+
+ plugin_dir = @objdir@ @objdir@/.libs
+
+[appdefaults]
+ pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
+
+[realms]
+ TEST.H5L.SE = {
+ kdc = localhost:@port@
+ }
+
+[kdc]
+ database = {
+ dbname = @objdir@/current-db
+ realm = TEST.H5L.SE
+ mkey_file = @objdir@/mkey.file
+ }
+
+[logging]
+ kdc = 0-/FILE:@objdir@/messages.log
+ default = 0-/FILE:@objdir@/messages.log
+
+[kadmin]
+# default_keys = arcfour-hmac-md5:pw-salt
Added: vendor-crypto/heimdal/dist/tests/plugin/windc.c
===================================================================
--- vendor-crypto/heimdal/dist/tests/plugin/windc.c (rev 0)
+++ vendor-crypto/heimdal/dist/tests/plugin/windc.c 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,77 @@
+#include <krb5.h>
+#include <hdb.h>
+#include <windc_plugin.h>
+
+static krb5_error_code
+windc_init(krb5_context context, void **ctx)
+{
+ krb5_warnx(context, "windc init");
+ *ctx = NULL;
+ return 0;
+}
+
+static void
+windc_fini(void *ctx)
+{
+}
+
+static krb5_error_code
+pac_generate(void *ctx, krb5_context context,
+ struct hdb_entry_ex *client, krb5_pac *pac)
+{
+ krb5_error_code ret;
+ krb5_data data;
+
+ krb5_warnx(context, "pac generate");
+
+ data.data = "\x00\x01";
+ data.length = 2;
+
+ ret = krb5_pac_init(context, pac);
+ if (ret)
+ return ret;
+
+ ret = krb5_pac_add_buffer(context, *pac, 1, &data);
+ if (ret)
+ return ret;
+
+ return 0;
+}
+
+static krb5_error_code
+pac_verify(void *ctx, krb5_context context,
+ const krb5_principal client_principal,
+ struct hdb_entry_ex *client,
+ struct hdb_entry_ex *server,
+ krb5_pac *pac)
+{
+ krb5_error_code ret;
+ krb5_data data;
+
+ krb5_warnx(context, "pac_verify");
+
+ ret = krb5_pac_get_buffer(context, *pac, 1, &data);
+ if (ret)
+ return ret;
+
+ krb5_data_free(&data);
+
+ return 0;
+}
+
+static krb5_error_code
+client_access(void *ctx, krb5_context context,
+ struct hdb_entry_ex *client, KDC_REQ *req)
+{
+ krb5_warnx(context, "client_access");
+ return 0;
+}
+
+krb5plugin_windc_ftable windc = {
+ KRB5_WINDC_PLUGING_MINOR,
+ windc_init,
+ windc_fini,
+ pac_generate,
+ pac_verify,
+ client_access
+};
Added: vendor-crypto/heimdal/dist/tools/Makefile.am
===================================================================
--- vendor-crypto/heimdal/dist/tools/Makefile.am (rev 0)
+++ vendor-crypto/heimdal/dist/tools/Makefile.am 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,53 @@
+# $Id: Makefile.am,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+include $(top_srcdir)/Makefile.am.common
+
+bin_SCRIPTS = krb5-config
+
+pkgconfigdir = $(libdir)/pkgconfig
+
+pkgconfig_DATA = heimdal-gssapi.pc
+
+man_MANS = krb5-config.1
+
+if PKINIT
+LIB_pkinit = -lhx509
+endif
+
+subst = sed -e "s!@PACKAGE\@!$(PACKAGE)!g" \
+ -e "s!@VERSION\@!$(VERSION)!g" \
+ -e "s!@prefix\@!$(prefix)!g" \
+ -e "s!@exec_prefix\@!$(exec_prefix)!g" \
+ -e "s!@libdir\@!$(libdir)!g" \
+ -e "s!@includedir\@!$(includedir)!g" \
+ -e "s!@LIB_crypt\@!$(LIB_crypt)!g" \
+ -e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \
+ -e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \
+ -e "s!@LIB_hcrypto_appl\@!$(LIB_hcrypto_appl)!g" \
+ -e "s!@LIB_dlopen\@!$(LIB_dlopen)!g" \
+ -e "s!@LIB_door_create\@!$(LIB_door_create)!g" \
+ -e "s!@LIB_pkinit\@!$(LIB_pkinit)!g" \
+ -e "s!@LIBS\@!$(LIBS)!g"
+
+krb5-config: krb5-config.in
+ $(subst) $(srcdir)/krb5-config.in > $@.new
+ mv $@.new $@
+ chmod +x $@
+
+heimdal-gssapi.pc: heimdal-gssapi.pc.in
+ $(subst) $(srcdir)/heimdal-gssapi.pc.in > $@.new
+ mv $@.new $@
+
+EXTRA_DIST = \
+ $(man_MANS) \
+ heimdal-build.sh \
+ krb5-config.in \
+ heimdal-gssapi.pc.in \
+ kdc-log-analyze.pl
+
+CLEANFILES = \
+ krb5-config \
+ krb5-config.new \
+ heimdal-gssapi.pc \
+ heimdal-gssapi.pc.new
+
Added: vendor-crypto/heimdal/dist/tools/Makefile.in
===================================================================
--- vendor-crypto/heimdal/dist/tools/Makefile.in (rev 0)
+++ vendor-crypto/heimdal/dist/tools/Makefile.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,805 @@
+# Makefile.in generated by automake 1.10 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+ at SET_MAKE@
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+# $Id: Makefile.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/Makefile.am.common \
+ $(top_srcdir)/cf/Makefile.am.common
+subdir = tools
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \
+ $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \
+ $(top_srcdir)/cf/broken-getaddrinfo.m4 \
+ $(top_srcdir)/cf/broken-glob.m4 \
+ $(top_srcdir)/cf/broken-realloc.m4 \
+ $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \
+ $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \
+ $(top_srcdir)/cf/capabilities.m4 \
+ $(top_srcdir)/cf/check-compile-et.m4 \
+ $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \
+ $(top_srcdir)/cf/check-man.m4 \
+ $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \
+ $(top_srcdir)/cf/check-type-extra.m4 \
+ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \
+ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \
+ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \
+ $(top_srcdir)/cf/dlopen.m4 \
+ $(top_srcdir)/cf/find-func-no-libs.m4 \
+ $(top_srcdir)/cf/find-func-no-libs2.m4 \
+ $(top_srcdir)/cf/find-func.m4 \
+ $(top_srcdir)/cf/find-if-not-broken.m4 \
+ $(top_srcdir)/cf/framework-security.m4 \
+ $(top_srcdir)/cf/have-struct-field.m4 \
+ $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \
+ $(top_srcdir)/cf/krb-bigendian.m4 \
+ $(top_srcdir)/cf/krb-func-getlogin.m4 \
+ $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \
+ $(top_srcdir)/cf/krb-readline.m4 \
+ $(top_srcdir)/cf/krb-struct-spwd.m4 \
+ $(top_srcdir)/cf/krb-struct-winsize.m4 \
+ $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \
+ $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \
+ $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \
+ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \
+ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \
+ $(top_srcdir)/cf/roken-frag.m4 \
+ $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \
+ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \
+ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \
+ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \
+ "$(DESTDIR)$(pkgconfigdir)"
+binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+SCRIPTS = $(bin_SCRIPTS)
+depcomp =
+am__depfiles_maybe =
+SOURCES =
+DIST_SOURCES =
+man1dir = $(mandir)/man1
+MANS = $(man_MANS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+pkgconfigDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(pkgconfig_DATA)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CANONICAL_HOST = @CANONICAL_HOST@
+CATMAN = @CATMAN@
+CATMANEXT = @CATMANEXT@
+CC = @CC@
+CFLAGS = @CFLAGS@
+COMPILE_ET = @COMPILE_ET@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DBLIB = @DBLIB@
+DEFS = @DEFS@
+DIR_com_err = @DIR_com_err@
+DIR_hcrypto = @DIR_hcrypto@
+DIR_hdbdir = @DIR_hdbdir@
+DIR_roken = @DIR_roken@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
+INCLUDE_hcrypto = @INCLUDE_hcrypto@
+INCLUDE_hesiod = @INCLUDE_hesiod@
+INCLUDE_krb4 = @INCLUDE_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+INCLUDE_readline = @INCLUDE_readline@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBADD_roken = @LIBADD_roken@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_NDBM = @LIB_NDBM@
+LIB_XauFileName = @LIB_XauFileName@
+LIB_XauReadAuth = @LIB_XauReadAuth@
+LIB_XauWriteAuth = @LIB_XauWriteAuth@
+LIB_bswap16 = @LIB_bswap16@
+LIB_bswap32 = @LIB_bswap32@
+LIB_com_err = @LIB_com_err@
+LIB_com_err_a = @LIB_com_err_a@
+LIB_com_err_so = @LIB_com_err_so@
+LIB_crypt = @LIB_crypt@
+LIB_db_create = @LIB_db_create@
+LIB_dbm_firstkey = @LIB_dbm_firstkey@
+LIB_dbopen = @LIB_dbopen@
+LIB_dlopen = @LIB_dlopen@
+LIB_dn_expand = @LIB_dn_expand@
+LIB_door_create = @LIB_door_create@
+LIB_el_init = @LIB_el_init@
+LIB_freeaddrinfo = @LIB_freeaddrinfo@
+LIB_gai_strerror = @LIB_gai_strerror@
+LIB_getaddrinfo = @LIB_getaddrinfo@
+LIB_gethostbyname = @LIB_gethostbyname@
+LIB_gethostbyname2 = @LIB_gethostbyname2@
+LIB_getnameinfo = @LIB_getnameinfo@
+LIB_getpwnam_r = @LIB_getpwnam_r@
+LIB_getsockopt = @LIB_getsockopt@
+LIB_hcrypto = @LIB_hcrypto@
+LIB_hcrypto_a = @LIB_hcrypto_a@
+LIB_hcrypto_appl = @LIB_hcrypto_appl@
+LIB_hcrypto_so = @LIB_hcrypto_so@
+LIB_hesiod = @LIB_hesiod@
+LIB_hstrerror = @LIB_hstrerror@
+LIB_kdb = @LIB_kdb@
+LIB_krb4 = @LIB_krb4@
+LIB_loadquery = @LIB_loadquery@
+LIB_logout = @LIB_logout@
+LIB_logwtmp = @LIB_logwtmp@
+LIB_openldap = @LIB_openldap@
+LIB_openpty = @LIB_openpty@
+LIB_otp = @LIB_otp@
+LIB_pidfile = @LIB_pidfile@
+LIB_readline = @LIB_readline@
+LIB_res_ndestroy = @LIB_res_ndestroy@
+LIB_res_nsearch = @LIB_res_nsearch@
+LIB_res_search = @LIB_res_search@
+LIB_roken = @LIB_roken@
+LIB_security = @LIB_security@
+LIB_setsockopt = @LIB_setsockopt@
+LIB_socket = @LIB_socket@
+LIB_syslog = @LIB_syslog@
+LIB_tgetent = @LIB_tgetent@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NROFF = @NROFF@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTHREADS_CFLAGS = @PTHREADS_CFLAGS@
+PTHREADS_LIBS = @PTHREADS_LIBS@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+VERSIONING = @VERSIONING@
+VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
+WFLAGS = @WFLAGS@
+WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
+WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
+XMKMF = @XMKMF@
+X_CFLAGS = @X_CFLAGS@
+X_EXTRA_LIBS = @X_EXTRA_LIBS@
+X_LIBS = @X_LIBS@
+X_PRE_LIBS = @X_PRE_LIBS@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__leading_dot = @am__leading_dot@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dpagaix_cflags = @dpagaix_cflags@
+dpagaix_ldadd = @dpagaix_ldadd@
+dpagaix_ldflags = @dpagaix_ldflags@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
+AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken)
+ at do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
+AM_CFLAGS = $(WFLAGS)
+CP = cp
+buildinclude = $(top_builddir)/include
+LIB_getattr = @LIB_getattr@
+LIB_getpwent_r = @LIB_getpwent_r@
+LIB_odm_initialize = @LIB_odm_initialize@
+LIB_setpcred = @LIB_setpcred@
+HESIODLIB = @HESIODLIB@
+HESIODINCLUDE = @HESIODINCLUDE@
+NROFF_MAN = groff -mandoc -Tascii
+LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+ at KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
+ at KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+
+ at KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+ at KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la
+ at DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
+bin_SCRIPTS = krb5-config
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = heimdal-gssapi.pc
+man_MANS = krb5-config.1
+ at PKINIT_TRUE@LIB_pkinit = -lhx509
+subst = sed -e "s!@PACKAGE\@!$(PACKAGE)!g" \
+ -e "s!@VERSION\@!$(VERSION)!g" \
+ -e "s!@prefix\@!$(prefix)!g" \
+ -e "s!@exec_prefix\@!$(exec_prefix)!g" \
+ -e "s!@libdir\@!$(libdir)!g" \
+ -e "s!@includedir\@!$(includedir)!g" \
+ -e "s!@LIB_crypt\@!$(LIB_crypt)!g" \
+ -e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \
+ -e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \
+ -e "s!@LIB_hcrypto_appl\@!$(LIB_hcrypto_appl)!g" \
+ -e "s!@LIB_dlopen\@!$(LIB_dlopen)!g" \
+ -e "s!@LIB_door_create\@!$(LIB_door_create)!g" \
+ -e "s!@LIB_pkinit\@!$(LIB_pkinit)!g" \
+ -e "s!@LIBS\@!$(LIBS)!g"
+
+EXTRA_DIST = \
+ $(man_MANS) \
+ heimdal-build.sh \
+ krb5-config.in \
+ heimdal-gssapi.pc.in \
+ kdc-log-analyze.pl
+
+CLEANFILES = \
+ krb5-config \
+ krb5-config.new \
+ heimdal-gssapi.pc \
+ heimdal-gssapi.pc.new
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tools/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --foreign --ignore-deps tools/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binSCRIPTS: $(bin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_SCRIPTS)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f $$d$$p; then \
+ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+ echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+ $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-binSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_SCRIPTS)'; for p in $$list; do \
+ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+ echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+ rm -f "$(DESTDIR)$(bindir)/$$f"; \
+ done
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+ for i in $$l2; do \
+ case "$$i" in \
+ *.1*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ case "$$ext" in \
+ 1*) ;; \
+ *) ext='1' ;; \
+ esac; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+ rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+ done
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)"
+ @list='$(pkgconfig_DATA)'; for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ f=$(am__strip_dir) \
+ echo " $(pkgconfigDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgconfigdir)/$$f'"; \
+ $(pkgconfigDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgconfigdir)/$$f"; \
+ done
+
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; for p in $$list; do \
+ f=$(am__strip_dir) \
+ echo " rm -f '$(DESTDIR)$(pkgconfigdir)/$$f'"; \
+ rm -f "$(DESTDIR)$(pkgconfigdir)/$$f"; \
+ done
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) check-local
+check: check-am
+all-am: Makefile $(SCRIPTS) $(MANS) $(DATA) all-local
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(pkgconfigdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-pkgconfigDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-data-hook
+
+install-dvi: install-dvi-am
+
+install-exec-am: install-binSCRIPTS
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binSCRIPTS uninstall-man \
+ uninstall-pkgconfigDATA
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-data-am install-exec-am install-strip \
+ uninstall-am
+
+.PHONY: all all-am all-local check check-am check-local clean \
+ clean-generic clean-libtool dist-hook distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binSCRIPTS \
+ install-data install-data-am install-data-hook install-dvi \
+ install-dvi-am install-exec install-exec-am install-exec-hook \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man1 install-pdf install-pdf-am \
+ install-pkgconfigDATA install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \
+ uninstall-binSCRIPTS uninstall-hook uninstall-man \
+ uninstall-man1 uninstall-pkgconfigDATA
+
+
+install-suid-programs:
+ @foo='$(bin_SUIDS)'; \
+ for file in $$foo; do \
+ x=$(DESTDIR)$(bindir)/$$file; \
+ if chown 0:0 $$x && chmod u+s $$x; then :; else \
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
+
+install-exec-hook: install-suid-programs
+
+install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS)
+ @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
+ for f in $$foo; do \
+ f=`basename $$f`; \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done ; \
+ foo='$(nobase_include_HEADERS)'; \
+ for f in $$foo; do \
+ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
+ else file="$$f"; fi; \
+ $(mkdir_p) $(buildinclude)/`dirname $$f` ; \
+ if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
+ : ; else \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
+ fi ; \
+ done
+
+all-local: install-build-headers
+
+check-local::
+ @if test '$(CHECK_LOCAL)' = "no-check-local"; then \
+ foo=''; elif test '$(CHECK_LOCAL)'; then \
+ foo='$(CHECK_LOCAL)'; else \
+ foo='$(PROGRAMS)'; fi; \
+ if test "$$foo"; then \
+ failed=0; all=0; \
+ for i in $$foo; do \
+ all=`expr $$all + 1`; \
+ if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \
+ echo "PASS: $$i"; \
+ else \
+ echo "FAIL: $$i"; \
+ failed=`expr $$failed + 1`; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="$$failed of $$all tests failed"; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0 || exit 1; \
+ fi
+
+.x.c:
+ @cmp -s $< $@ 2> /dev/null || cp $< $@
+#NROFF_MAN = nroff -man
+.1.cat1:
+ $(NROFF_MAN) $< > $@
+.3.cat3:
+ $(NROFF_MAN) $< > $@
+.5.cat5:
+ $(NROFF_MAN) $< > $@
+.8.cat8:
+ $(NROFF_MAN) $< > $@
+
+dist-cat1-mans:
+ @foo='$(man1_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.1) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat3-mans:
+ @foo='$(man3_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.3) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat5-mans:
+ @foo='$(man5_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.5) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-cat8-mans:
+ @foo='$(man8_MANS)'; \
+ bar='$(man_MANS)'; \
+ for i in $$bar; do \
+ case $$i in \
+ *.8) foo="$$foo $$i";; \
+ esac; done ;\
+ for i in $$foo; do \
+ x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
+ echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
+ $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
+ done
+
+dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
+
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+uninstall-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
+
+install-data-hook: install-cat-mans
+uninstall-hook: uninstall-cat-mans
+
+.et.h:
+ $(COMPILE_ET) $<
+.et.c:
+ $(COMPILE_ET) $<
+
+#
+# Useful target for debugging
+#
+
+check-valgrind:
+ tobjdir=`cd $(top_builddir) && pwd` ; \
+ tsrcdir=`cd $(top_srcdir) && pwd` ; \
+ env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check
+
+#
+# Target to please samba build farm, builds distfiles in-tree.
+# Will break when automake changes...
+#
+
+distdir-in-tree: $(DISTFILES) $(INFO_DEPS)
+ list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" != .; then \
+ (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \
+ fi ; \
+ done
+
+krb5-config: krb5-config.in
+ $(subst) $(srcdir)/krb5-config.in > $@.new
+ mv $@.new $@
+ chmod +x $@
+
+heimdal-gssapi.pc: heimdal-gssapi.pc.in
+ $(subst) $(srcdir)/heimdal-gssapi.pc.in > $@.new
+ mv $@.new $@
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Added: vendor-crypto/heimdal/dist/tools/heimdal-build.sh
===================================================================
--- vendor-crypto/heimdal/dist/tools/heimdal-build.sh (rev 0)
+++ vendor-crypto/heimdal/dist/tools/heimdal-build.sh 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,295 @@
+#!/bin/sh
+# Fetches, builds and store the result of a heimdal build
+# Version: $Id: heimdal-build.sh,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+
+fetchmethod=wget #options are: wget, curl, ftp, afs
+resultdir=
+email=heimdal-build-log at it.su.se
+baseurl=ftp://ftp.pdc.kth.se/pub/heimdal/src
+afsdir=/afs/pdc.kth.se/public/ftp/pub/heimdal/src
+keeptree=no
+passhrase=
+builddir=
+noemail=
+cputimelimit=3600
+confflags=
+
+# Add some bonus paths, to find sendmail and other tools
+# on interesting platforms.
+PATH="${PATH}:/usr/sbin:/usr/bin:/usr/libexec:/usr/lib"
+PATH="${PATH}:/usr/local/bin:/usr/local/sbin"
+
+# no more user configurabled part below (hopefully)
+
+usage="[--current] [--svn SourceRepository] [--cvs-flags] [--result-directory dir] [--fetch-method wget|ftp|curl|cvs|fetch|afs] --keep-tree] [--autotools] [--passhrase string] [--no-email] [--build-dir dir] [--cputime] [--distcheck] [--test-environment env] [--configure-flags flags]"
+
+date=`date +%Y%m%d`
+if [ "$?" != 0 ]; then
+ echo "have no sane date, punting"
+ exit 1
+fi
+
+hostname=`hostname`
+if [ "$?" != 0 ]; then
+ echo "have no sane hostname, punting"
+ exit 1
+fi
+
+version=`grep "^# Version: " "$0" | cut -f2- -d:`
+if [ "X${version}" = X ]; then
+ echo "Can not figure out what version I am"
+ exit 1
+fi
+
+dir=
+hversion=
+cvsroot=
+cvsflags=
+cvsbranch=
+branch=
+autotools=no
+distcheck=no
+
+while true
+do
+ case $1 in
+ --autotools)
+ autotools=yes
+ shift
+ ;;
+ --build-dir)
+ builddir="$2"
+ shift 2
+ ;;
+ --current)
+ dir="snapshots/"
+ hversion="heimdal-${date}"
+ shift
+ ;;
+ --release)
+ hversion="heimdal-$2"
+ shift 2
+ ;;
+ --cputime)
+ cputimelimit="$2"
+ shift 2
+ ;;
+ --ccache-dir)
+ ccachedir="$2"
+ shift 2
+ ;;
+ --svn)
+ hversion="heimdal-svn-${date}"
+ svnroot=$2
+ fetchmethod=svn
+ shift 2
+ ;;
+ --distcheck)
+ distcheck=yes
+ shift
+ ;;
+ --result-directory)
+ resultdir="$2"
+ if [ ! -d "$resultdir" ]; then
+ echo "$resultdir doesn't exists"
+ exit 1
+ fi
+ resultdir="`pwd`/${resultdir}"
+ shift 2
+ ;;
+ --fetch-method)
+ fetchmethod="$2"
+ shift 2
+ ;;
+ --keep-tree)
+ keeptree=yes
+ shift
+ ;;
+ --passphrase)
+ passhrase="$2"
+ shift 2
+ ;;
+ --prepend-path)
+ prependpath="$2"
+ shift 2
+ ;;
+ --test-environment)
+ testenvironment="$2"
+ shift 2
+ ;;
+ --no-email)
+ noemail="yes"
+ shift
+ ;;
+ --configure-flags)
+ confflags="${confflags} $2"
+ shift 2
+ ;;
+ --version)
+ echo "Version: $version"
+ exit 0
+ ;;
+ -*)
+ echo "unknown option: $1"
+ break
+ ;;
+ *)
+ break
+ ;;
+ esac
+done
+if test $# -gt 0; then
+ echo $usage
+ exit 1
+fi
+
+if [ "X${hversion}" = X ]; then
+ echo "no version given"
+ exit 0
+fi
+
+hfile="${hversion}.tar.gz"
+url="${baseurl}/${dir}${hfile}"
+afsfile="${afsdir}/${dir}${hfile}"
+unpack=yes
+
+# extra paths for the user
+if [ "X${prependpath}" != X ]; then
+ PATH="${prependpath}:${PATH}"
+fi
+
+# Limit cpu seconds this all can take
+ulimit -t "$cputimelimit" > /dev/null 2>&1
+
+if [ "X${builddir}" != X ]; then
+ echo "Changing build dir to ${builddir}"
+ cd "${builddir}"
+fi
+
+echo "Removing old source"
+rm -rf ${hversion}
+
+echo "Fetching ${hversion} using $fetchmethod"
+case "$fetchmethod" in
+wget|ftp|fetch)
+ ${fetchmethod} $url > /dev/null
+ res=$?
+ ;;
+curl)
+ ${fetchmethod} -o ${hfile} ${url} > /dev/null
+ res=$?
+ ;;
+afs)
+ cp ${afsfile} ${hfile}
+ res=$?
+ ;;
+svn)
+ svn co $svnroot ${hversion}
+ res=$?
+ unpack=no
+ autotools=yes
+ ;;
+*)
+ echo "unknown fetch method"
+ ;;
+esac
+
+if [ "X$res" != X0 ]; then
+ echo "Failed to download the tar-ball"
+ exit 1
+fi
+
+if [ X"$unpack" = Xyes ]; then
+ echo Unpacking source
+ (gzip -dc ${hfile} | tar xf -) || exit 1
+fi
+
+if [ X"$autotools" = Xyes ]; then
+ echo "Autotooling"
+ (cd ${hversion} && sh ./autogen.sh) || exit 1
+fi
+
+if [ X"$ccachedir" != X ]; then
+ CCACHE_DIR="${ccachedir}"
+ export CCACHE_DIR
+fi
+
+cd ${hversion} || exit 1
+
+makecheckenv=
+if [ X"${testenvironment}" != X ] ; then
+ makecheckenv="${makecheckenv} TESTS_ENVIRONMENT=\"${testenvironment}\""
+fi
+
+mkdir socket_wrapper_dir
+SOCKET_WRAPPER_DIR=`pwd`/socket_wrapper_dir
+export SOCKET_WRAPPER_DIR
+
+echo "Configuring and building ($hversion)"
+echo "./configure --enable-socket-wrapper ${confflags}" > ab.txt
+./configure --enable-socket-wrapper ${confflags} >> ab.txt 2>&1
+if [ $? != 0 ] ; then
+ echo Configure failed
+ status=${status:-configure}
+fi
+echo make all >> ab.txt
+make all >> ab.txt 2>&1
+if [ $? != 0 ] ; then
+ echo Make all failed
+ status=${status:-make all}
+fi
+echo make check >> ab.txt
+eval env $makecheckenv make check >> ab.txt 2>&1
+if [ $? != 0 ] ; then
+ echo Make check failed
+ status=${status:-make check}
+fi
+
+if [ "$distcheck" = yes ] ; then
+ echo make distcheck >> ab.txt
+ if [ $? != 0 ] ; then
+ echo Make check failed
+ status=${status:-make distcheck}
+ fi
+fi
+
+status=${status:-ok}
+
+echo "done: ${status}"
+
+if [ "X${resultdir}" != X ] ; then
+ cp ab.txt "${resultdir}/ab-${hversion}-${hostname}-${date}.txt"
+fi
+
+if [ "X${noemail}" = X ] ; then
+ cat > email-header <<EOF
+From: ${USER:-unknown-user}@${hostname}
+To: <heimdal-build-log at it.su.se>
+Subject: heimdal-build-log SPAM COOKIE
+X-heimdal-build: kaka-till-love
+
+Script-version: ${version}
+Heimdal-version: ${hversion}
+Machine: `uname -a`
+Status: $status
+EOF
+
+ if [ "X$passhrase" != X ] ; then
+ cat >> email-header <<EOF
+autobuild-passphrase: ${passhrase}
+EOF
+ fi
+ cat >> email-header <<EOF
+------L-O-G------------------------------------
+EOF
+
+ cat email-header ab.txt | sendmail "${email}"
+fi
+
+cd ..
+if [ X"$keeptree" != Xyes ] ; then
+ rm -rf ${hversion}
+fi
+rm -f ${hfile}
+
+exit 0
Added: vendor-crypto/heimdal/dist/tools/heimdal-gssapi.pc.in
===================================================================
--- vendor-crypto/heimdal/dist/tools/heimdal-gssapi.pc.in (rev 0)
+++ vendor-crypto/heimdal/dist/tools/heimdal-gssapi.pc.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,14 @@
+# $Id: heimdal-gssapi.pc.in,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+prefix=@PREFIX@
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: @PACKAGE@
+Description: Heimdal is an implementation of Kerberos 5, freely available under a three clause BSD style license.
+Version: @VERSION@
+URL: http://www.pdc.kth.se/heimdal/
+#Requires: foo = 1.3.1
+#Conflicts: bar <= 4.5
+Libs: -L${libdir} -lgssapi -lheimntlm -lkrb5 @LIB_pkinit@ -lcom_err @LIB_hcrypto_appl@ -lasn1 -lroken @LIB_crypt@ @LIB_dlopen@ @LIB_door_create@ @LIBS@
+Cflags: -I${includedir}
Added: vendor-crypto/heimdal/dist/tools/kdc-log-analyze.pl
===================================================================
--- vendor-crypto/heimdal/dist/tools/kdc-log-analyze.pl (rev 0)
+++ vendor-crypto/heimdal/dist/tools/kdc-log-analyze.pl 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,549 @@
+#! /usr/pkg/bin/perl
+# -*- mode: perl; perl-indent-level: 8 -*-
+#
+# Copyright (c) 2003 Kungliga Tekniska H\xF6gskolan
+# (Royal Institute of Technology, Stockholm, Sweden).
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the Institute nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id: kdc-log-analyze.pl,v 1.1.1.1 2012-07-21 15:09:06 laffer1 Exp $
+#
+# kdc-log-analyze - Analyze a KDC log file and give a report on the contents
+#
+# Note: The parts you want likely want to customize are the variable $notlocal,
+# the array @local_network_re and the array @local_realms.
+#
+# Idea and implemetion for MIT Kerberos was done first by
+# Ken Hornstein <kenh at cmf.nrl.navy.mil>, this program wouldn't exists
+# without his help.
+#
+
+use strict;
+use Sys::Hostname;
+
+my $notlocal = 'not SU';
+my @local_realms = ( "SU.SE" );
+my @local_networks_re =
+ (
+ "130\.237",
+ "193\.11\.3[0-9]\.",
+ "130.242.128",
+ "2001:6b0:5:"
+ );
+
+my $as_req = 0;
+my %as_req_addr;
+my %as_req_addr_nonlocal;
+my %as_req_client;
+my %as_req_server;
+my %addr_uses_des;
+my %princ_uses_des;
+my $five24_req = 0;
+my %five24_req_addr;
+my %five24_req_addr_nonlocal;
+my %five24_req_server;
+my %five24_req_client;
+my $as_req_successful = 0;
+my $as_req_error = 0;
+my $no_such_princ = 0;
+my %no_such_princ_princ;
+my %no_such_princ_addr;
+my %no_such_princ_addr_nonlocal;
+my $as_req_etype_odd = 0;
+my %bw_addr;
+my $pa_alt_princ_request = 0;
+my $pa_alt_princ_verify = 0;
+my $tgs_req = 0;
+my %tgs_req_addr;
+my %tgs_req_addr_nonlocal;
+my %tgs_req_client;
+my %tgs_req_server;
+my $tgs_xrealm_out = 0;
+my %tgs_xrealm_out_realm;
+my %tgs_xrealm_out_princ;
+my $tgs_xrealm_in = 0;
+my %tgs_xrealm_in_realm;
+my %tgs_xrealm_in_princ;
+my %enctype_session;
+my %enctype_ticket;
+my $restarts = 0;
+my $forward_non_forward = 0;
+my $v4_req = 0;
+my %v4_req_addr;
+my %v4_req_addr_nonlocal;
+my $v4_cross = 0;
+my %v4_cross_realm;
+my $v5_cross = 0;
+my %v5_cross_realm;
+my $referrals = 0;
+my %referral_princ;
+my %referral_realm;
+my %strange_tcp_data;
+my $http_malformed = 0;
+my %http_malformed_addr;
+my $http_non_kdc = 0;
+my %http_non_kdc_addr;
+my $tcp_conn_timeout = 0;
+my %tcp_conn_timeout_addr;
+my $failed_processing = 0;
+my %failed_processing_addr;
+my $connection_closed = 0;
+my %connection_closed_addr;
+my $pa_failed = 0;
+my %pa_failed_princ;
+my %pa_failed_addr;
+my %ip;
+
+$ip{'4'} = $ip{'6'} = 0;
+
+while (<>) {
+ process_line($_);
+}
+
+print "Kerberos KDC Log Report for ",
+ hostname, " on ", scalar localtime, "\n\n";
+
+print "General Statistics\n\n";
+
+print "\tNumber of IPv4 requests: $ip{'4'}\n";
+print "\tNumber of IPv6 requests: $ip{'6'}\n\n";
+
+print "\tNumber of restarts: $restarts\n";
+print "\tNumber of V4 requests: $v4_req\n";
+if ($v4_req > 0) {
+ print "\tTop ten IP addresses performing V4 requests:\n";
+ topten(\%v4_req_addr);
+}
+if (int(keys %v4_req_addr_nonlocal) > 0) {
+ print "\tTop ten $notlocal IP addresses performing V4 requests:\n";
+ topten(\%v4_req_addr_nonlocal);
+
+}
+print "\n";
+
+print "\tNumber of V4 cross realms (krb4 and 524) requests: $v4_cross\n";
+if ($v4_cross > 0) {
+ print "\tTop ten realms performing V4 cross requests:\n";
+ topten(\%v4_cross_realm);
+}
+print "\n";
+
+print "\tNumber of V45 cross realms requests: $v5_cross\n";
+if ($v5_cross > 0) {
+ print "\tTop ten realms performing V4 cross requests:\n";
+ topten(\%v5_cross_realm);
+}
+print "\n";
+
+print "\tNumber of failed lookups: $no_such_princ\n";
+if ($no_such_princ > 0) {
+ print "\tTop ten IP addresses failing to find principal:\n";
+ topten(\%no_such_princ_addr);
+ print "\tTop ten $notlocal IP addresses failing find principal:\n";
+ topten(\%no_such_princ_addr_nonlocal);
+ print "\tTop ten failed to find principals\n";
+ topten(\%no_such_princ_princ);
+}
+print "\n";
+
+print "\tBandwidth pigs:\n";
+topten(\%bw_addr);
+print "\n";
+
+print "\tStrange TCP data clients: ", int(keys %strange_tcp_data),"\n";
+topten(\%strange_tcp_data);
+print "\n";
+
+print "\tTimeout waiting on TCP requests: ", $tcp_conn_timeout,"\n";
+if ($tcp_conn_timeout > 0) {
+ print "\tTop ten TCP timeout request clients\n";
+ topten(\%tcp_conn_timeout_addr);
+}
+print "\n";
+
+print "\tFailed processing requests: ", $failed_processing,"\n";
+if ($failed_processing > 0) {
+ print "\tTop ten failed processing request clients\n";
+ topten(\%failed_processing_addr);
+}
+print "\n";
+
+print "\tConnection closed requests: ", $connection_closed,"\n";
+if ($connection_closed > 0) {
+ print "\tTop ten connection closed request clients\n";
+ topten(\%connection_closed_addr);
+}
+print "\n";
+
+print "\tMalformed HTTP requests: ", $http_malformed,"\n";
+if ($http_malformed > 0) {
+ print "\tTop ten malformed HTTP request clients\n";
+ topten(\%http_malformed_addr);
+}
+print "\n";
+
+print "\tHTTP non kdc requests: ", $http_non_kdc,"\n";
+if ($http_non_kdc > 0) {
+ print "\tTop ten HTTP non KDC request clients\n";
+ topten(\%http_non_kdc_addr);
+}
+print "\n";
+
+print "Report on AS_REQ requests\n\n";
+print "Overall AS_REQ statistics\n\n";
+
+print "\tTotal number: $as_req\n";
+
+print "\nAS_REQ client/server statistics\n\n";
+
+print "\tDistinct IP Addresses performing requests: ",
+ int(keys %as_req_addr),"\n";
+print "\tOverall top ten IP addresses\n";
+topten(\%as_req_addr);
+
+print "\tDistinct non-local ($notlocal) IP Addresses performing requests: ",
+ int(keys %as_req_addr_nonlocal), "\n";
+print "\tTop ten non-local ($notlocal) IP address:\n";
+topten(\%as_req_addr_nonlocal);
+
+print "\n\tPreauth failed for for: ", $pa_failed, " requests\n";
+if ($pa_failed) {
+ print "\tPreauth failed top ten IP addresses:\n";
+ topten(\%pa_failed_addr);
+ print "\tPreauth failed top ten principals:\n";
+ topten(\%pa_failed_princ);
+}
+
+print "\n\tDistinct clients performing requests: ",
+ int(keys %as_req_client), "\n";
+print "\tTop ten clients:\n";
+topten(\%as_req_client);
+
+print "\tDistinct services requested: ", int(keys %as_req_server), "\n";
+print "\tTop ten requested services:\n";
+topten(\%as_req_server);
+
+print "\n\n\nReport on TGS_REQ requests:\n\n";
+print "Overall TGS_REQ statistics\n\n";
+print "\tTotal number: $tgs_req\n";
+
+print "\nTGS_REQ client/server statistics\n\n";
+print "\tDistinct IP addresses performing requests: ",
+ int(keys %tgs_req_addr), "\n";
+print "\tOverall top ten IP addresses\n";
+topten(\%tgs_req_addr);
+
+print "\tDistinct non-local ($notlocal) IP Addresses performing requests: ",
+ int(keys %tgs_req_addr_nonlocal), "\n";
+print "\tTop ten non-local ($notlocal) IP address:\n";
+topten(\%tgs_req_addr_nonlocal);
+
+print "\tDistinct clients performing requests: ",
+ int(keys %tgs_req_client), "\n";
+print "\tTop ten clients:\n";
+topten(\%tgs_req_client);
+
+print "\tDistinct services requested: ", int(keys %tgs_req_server), "\n";
+print "\tTop ten requested services:\n";
+topten(\%tgs_req_server);
+
+print "\n\n\nReport on 524_REQ requests:\n\n";
+
+print "\t524_REQ client/server statistics\n\n";
+
+print "\tDistinct IP Addresses performing requests: ",
+ int(keys %five24_req_addr),"\n";
+print "\tOverall top ten IP addresses\n";
+topten(\%five24_req_addr);
+
+print "\tDistinct non-local ($notlocal) IP Addresses performing requests: ",
+ int(keys %five24_req_addr_nonlocal), "\n";
+print "\tTop ten non-local ($notlocal) IP address:\n";
+topten(\%five24_req_addr_nonlocal);
+
+print "\tDistinct clients performing requests: ", int(keys %five24_req_client), "\n";
+print "\tTop ten clients:\n";
+topten(\%five24_req_client);
+
+print "\tDistinct services requested: ", int(keys %five24_req_server), "\n";
+print "\tTop ten requested services:\n";
+topten(\%five24_req_server);
+print "\n";
+
+print "Cross realm statistics\n\n";
+
+print "\tNumber of cross-realm tgs out: $tgs_xrealm_out\n";
+if ($tgs_xrealm_out > 0) {
+ print "\tTop ten realms used for out cross-realm:\n";
+ topten(\%tgs_xrealm_out_realm);
+ print "\tTop ten principals use out cross-realm:\n";
+ topten(\%tgs_xrealm_out_princ);
+}
+print "\tNumber of cross-realm tgs in: $tgs_xrealm_in\n";
+if ($tgs_xrealm_in > 0) {
+ print "\tTop ten realms used for in cross-realm:\n";
+ topten(\%tgs_xrealm_in_realm);
+ print "\tTop ten principals use in cross-realm:\n";
+ topten(\%tgs_xrealm_in_princ);
+}
+
+print "\n\nReport on referral:\n\n";
+
+print "\tNumber of referrals: $referrals\n";
+if ($referrals > 0) {
+ print "\tTop ten referral-ed principals:\n";
+ topten(\%referral_princ);
+ print "\tTop ten to realm referrals:\n";
+ topten(\%referral_realm);
+}
+
+print "\n\nEnctype Statistics:\n\n";
+print "\tTop ten session enctypes:\n";
+topten(\%enctype_session);
+print "\tTop ten ticket enctypes:\n";
+topten(\%enctype_ticket);
+
+print "\tDistinct IP addresses using DES: ", int(keys %addr_uses_des), "\n";
+print "\tTop IP addresses using DES:\n";
+topten(\%addr_uses_des);
+print "\tDistinct principals using DES: ", int(keys %princ_uses_des), "\n";
+print "\tTop ten principals using DES:\n";
+topten(\%princ_uses_des);
+
+print "\n";
+
+printf("Requests to forward non-forwardable ticket: $forward_non_forward\n");
+
+
+exit 0;
+
+my $last_addr = "";
+my $last_principal = "";
+
+sub process_line {
+ local($_) = @_;
+ #
+ # Eat these lines that are output as a result of startup (but
+ # log the number of restarts)
+ #
+ if (/AS-REQ \(krb4\) (.*) from IPv([46]):([0-9\.:a-fA-F]+) for krbtgt.*$/){
+ $v4_req++;
+ $v4_req_addr{$3}++;
+ $v4_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
+ $last_addr = $3;
+ $last_principal = $1;
+ $ip{$2}++;
+ } elsif (/AS-REQ (.*) from IPv([46]):([0-9\.:a-fA-F]+) for (.*)$/) {
+ $as_req++;
+ $as_req_client{$1}++;
+ $as_req_server{$4}++;
+ $as_req_addr{$3}++;
+ $as_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
+ $last_addr = $3;
+ $last_principal = $1;
+ $ip{$2}++;
+ } elsif (/TGS-REQ \(krb4\)/) {
+ #Nothing
+ } elsif (/TGS-REQ (.+) from IPv([46]):([0-9\.:a-fA-F]+) for (.*?)( \[.*\]){0,1}$/) {
+ $tgs_req++;
+ $tgs_req_client{$1}++;
+ $tgs_req_server{$4}++;
+ $tgs_req_addr{$3}++;
+ $tgs_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
+ $last_addr = $3;
+ $last_principal = $1;
+ $ip{$2}++;
+
+ my $source = $1;
+ my $dest = $4;
+
+ if (!islocalrealm($source)) {
+ $tgs_xrealm_in++;
+ $tgs_xrealm_in_princ{$source}++;
+ if ($source =~ /[^@]+@([^@]+)/ ) {
+ $tgs_xrealm_in_realm{$1}++;
+ }
+ }
+ if ($dest =~ /krbtgt\/([^@]+)@[^@]+/) {
+ if (!islocalrealm($1)) {
+ $tgs_xrealm_out++;
+ $tgs_xrealm_out_realm{$1}++;
+ $tgs_xrealm_out_princ{$source}++;
+ }
+ }
+ } elsif (/524-REQ (.*) from IPv([46]):([0-9\.:a-fA-F]+) for (.*)$/) {
+ $five24_req++;
+ $five24_req_client{$1}++;
+ $five24_req_server{$4}++;
+ $five24_req_addr{$3}++;
+ $five24_req_addr_nonlocal{$3}++ if (!islocaladdr($3));
+ $last_addr = $3;
+ $last_principal = $1;
+ $ip{$2}++;
+ } elsif (/TCP data of strange type from IPv[46]:([0-9\.:a-fA-F]+)/) {
+ $strange_tcp_data{$1}++;
+ } elsif (/Lookup (.*) failed: No such entry in the database/) {
+ $no_such_princ++;
+ $no_such_princ_addr{$last_addr}++;
+ $no_such_princ_addr_nonlocal{$last_addr}++ if (!islocaladdr($last_addr));
+ $no_such_princ_princ{$1}++;
+ } elsif (/Lookup .* succeeded$/) {
+ # Nothing
+ } elsif (/Malformed HTTP request from IPv[46]:([0-9\.:a-fA-F]+)$/) {
+ $http_malformed++;
+ $http_malformed_addr{$1}++;
+ } elsif (/TCP-connection from IPv[46]:([0-9\.:a-fA-F]+) expired after [0-9]+ bytes/) {
+ $tcp_conn_timeout++;
+ $tcp_conn_timeout_addr{$1}++;
+ } elsif (/Failed processing [0-9]+ byte request from IPv[46]:([0-9\.:a-fA-F]+)/) {
+ $failed_processing++;
+ $failed_processing_addr{$1}++;
+ } elsif (/connection closed before end of data after [0-9]+ bytes from IPv[46]:([0-9\.:a-fA-F]+)/) {
+ $connection_closed++;
+ $connection_closed_addr{$1}++;
+ } elsif (/HTTP request from IPv[46]:([0-9\.:a-fA-F]+) is non KDC request/) {
+ $http_non_kdc++;
+ $http_non_kdc_addr{$1}++;
+ } elsif (/returning a referral to realm (.*) for server (.*) that was not found/) {
+ $referrals++;
+ $referral_princ{$2}++;
+ $referral_realm{$1}++;
+ } elsif (/krb4 Cross-realm (.*) -> (.*) disabled/) {
+ $v4_cross++;
+ $v4_cross_realm{$1."->".$2}++;
+ } elsif (/524 cross-realm (.*) -> (.*) disabled/) {
+ $v4_cross++;
+ $v4_cross_realm{$1."->".$2}++;
+ } elsif (/cross-realm (.*) -> (.*): no transit through realm (.*)/) {
+ } elsif (/cross-realm (.*) -> (.*) via \[([^\]]+)\]/) {
+ $v5_cross++;
+ $v5_cross_realm{$1."->".$2}++;
+ } elsif (/cross-realm (.*) -> (.*)/) {
+ $v5_cross++;
+ $v5_cross_realm{$1."->".$2}++;
+ } elsif (/sending ([0-9]+) bytes to IPv[46]:([0-9\.:a-fA-F]+)/) {
+ $bw_addr{$2} += $1;
+ } elsif (/Using ([-a-z0-9]+)\/([-a-z0-9]+)/) {
+ $enctype_ticket{$1}++;
+ $enctype_session{$2}++;
+
+ my $ticket = $1;
+ my $session = $2;
+
+ if ($ticket =~ /des-cbc-(crc|md4|md5)/) {
+ $addr_uses_des{$last_addr}++;
+ $princ_uses_des{$last_principal}++;
+ }
+
+ } elsif (/Failed to decrypt PA-DATA -- (.+)$/) {
+ $pa_failed++;
+ $pa_failed_princ{$last_principal}++;
+ $pa_failed_addr{$last_addr}++;
+
+ } elsif (/Request to forward non-forwardable ticket/) {
+ $forward_non_forward++;
+ } elsif (/HTTP request:/) {
+ } elsif (/krb_rd_req: Incorrect network address/) {
+ } elsif (/krb_rd_req: Ticket expired \(krb_rd_req\)/) {
+ } elsif (/Ticket expired \(.*\)/) {
+ } elsif (/krb_rd_req: Can't decode authenticator \(krb_rd_req\)/) {
+ } elsif (/Request from wrong address/) {
+ # XXX
+ } elsif (/UNKNOWN --/) {
+ # XXX
+ } elsif (/Too large time skew -- (.*)$/) {
+ # XXX
+ } elsif (/No PA-ENC-TIMESTAMP --/) {
+ # XXX
+ } elsif (/Looking for pa-data --/) {
+ # XXX
+ } elsif (/Pre-authentication succeded -- (.+)$/) {
+ # XXX
+ } elsif (/Bad request for ([,a-zA-Z0-9]+) ticket/) {
+ # XXX
+ } elsif (/Failed to verify AP-REQ: Ticket expired/) {
+ # XXX
+ } elsif (/Client not found in database:/) {
+ # XXX
+ } elsif (/Server not found in database \(krb4\)/) {
+ } elsif (/Server not found in database:/) {
+ # XXX
+ } elsif (/newsyslog.*logfile turned over/) {
+ # Nothing
+ } elsif (/Requested flags:/) {
+ # Nothing
+ } elsif (/shutting down/) {
+ # Nothing
+ } elsif (/listening on IP/) {
+ # Nothing
+ } elsif (/commencing operation/) {
+ $restarts++;
+ }
+ #
+ # Log it if we didn't parse the line
+ #
+ else {
+ print "Unknown log file line: $_";
+ }
+}
+
+sub topten {
+ my ($list) = @_;
+ my @keys;
+
+ my $key;
+
+ @keys = (sort {$$list{$b} <=> $$list{$a}} (keys %{$list}));
+ splice @keys, 10;
+
+ foreach $key (@keys) {
+ print "\t\t$key - $$list{$key}\n";
+ }
+}
+
+sub islocaladdr (\$) {
+ my ($addr) = @_;
+ my $net;
+
+ foreach $net (@local_networks_re) {
+ return 1 if ($addr =~ /$net/);
+ }
+ return 0;
+}
+
+sub islocalrealm (\$) {
+ my ($princ) = @_;
+ my $realm;
+
+ foreach $realm (@local_realms) {
+ return 1 if ($princ eq $realm);
+ return 1 if ($princ =~ /[^@]+\@${realm}/);
+ }
+ return 0;
+}
Added: vendor-crypto/heimdal/dist/tools/krb5-config.1
===================================================================
--- vendor-crypto/heimdal/dist/tools/krb5-config.1 (rev 0)
+++ vendor-crypto/heimdal/dist/tools/krb5-config.1 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,90 @@
+.\" Copyright (c) 2000 - 2001 Kungliga Tekniska H\xF6gskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: krb5-config.1,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+.\"
+.Dd November 30, 2000
+.Dt KRB5-CONFIG 1
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5-config
+.Nd "give information on how to link code against Heimdal libraries"
+.Sh SYNOPSIS
+.Nm
+.Op Fl -prefix Ns Op = Ns Ar dir
+.Op Fl -exec-prefix Ns Op = Ns Ar dir
+.Op Fl -libs
+.Op Fl -cflags
+.Op Ar libraries
+.Sh DESCRIPTION
+.Nm
+tells the application programmer what special flags to use to compile
+and link programs against the libraries installed by Heimdal.
+.Pp
+Options supported:
+.Bl -tag -width Ds
+.It Fl -prefix Ns Op = Ns Ar dir
+Print the prefix if no
+.Ar dir
+is specified, otherwise set prefix to
+.Ar dir .
+.It Fl -exec-prefix Ns Op = Ns Ar dir
+Print the exec-prefix if no
+.Ar dir
+is specified, otherwise set exec-prefix to
+.Ar dir .
+.It Fl -libs
+Output the set of libraries that should be linked against.
+.It Fl -cflags
+Output the set of flags to give to the C compiler when using the
+Heimdal libraries.
+.El
+.Pp
+By default
+.Nm
+will output the set of flags and libraries to be used by a normal
+program using the krb5 API. The user can also supply a library to be
+used, the supported ones are:
+.Bl -tag -width Ds
+.It krb5
+(the default)
+.It gssapi
+use the krb5 gssapi mechanism
+.It kadm-client
+use the client-side kadmin libraries
+.It kadm-server
+use the server-side kadmin libraries
+.El
+.Sh SEE ALSO
+.Xr cc 1
+.Sh HISTORY
+.Nm
+appeared in Heimdal 0.3d.
Added: vendor-crypto/heimdal/dist/tools/krb5-config.in
===================================================================
--- vendor-crypto/heimdal/dist/tools/krb5-config.in (rev 0)
+++ vendor-crypto/heimdal/dist/tools/krb5-config.in 2015-07-22 14:55:56 UTC (rev 7124)
@@ -0,0 +1,118 @@
+#!/bin/sh
+# $Id: krb5-config.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $
+
+do_libs=no
+do_cflags=no
+do_usage=no
+print_prefix=no
+print_exec_prefix=no
+library=krb5
+
+if test $# -eq 0; then
+ do_usage=yes
+ usage_exit=1
+fi
+
+for i in $*; do
+ case $i in
+ --help)
+ do_usage=yes
+ usage_exit=0
+ ;;
+ --version)
+ echo "@PACKAGE@ @VERSION@"
+ echo '$Id: krb5-config.in,v 1.1.1.3 2012-07-21 15:09:06 laffer1 Exp $'
+ exit 0
+ ;;
+ --prefix=*)
+ prefix=`echo $i | sed 's/^--prefix=//'`
+ ;;
+ --prefix)
+ print_prefix=yes
+ ;;
+ --exec-prefix=*)
+ exec_prefix=`echo $i | sed 's/^--exec-prefix=//'`
+ ;;
+ --exec-prefix)
+ print_exec_prefix=yes
+ ;;
+ --libs)
+ do_libs=yes
+ ;;
+ --cflags)
+ do_cflags=yes
+ ;;
+ krb5)
+ library=krb5
+ ;;
+ gssapi)
+ library=gssapi
+ ;;
+ kadm-client)
+ library=kadm-client
+ ;;
+ kadm-server)
+ library=kadm-server
+ ;;
+ kafs)
+ library=kafs
+ ;;
+ *)
+ echo "unknown option: $i"
+ exit 1
+ ;;
+ esac
+done
+
+if test "$do_usage" = "yes"; then
+ echo "usage: $0 [options] [libraries]"
+ echo "options: [--prefix[=dir]] [--exec-prefix[=dir]] [--libs] [--cflags]"
+ echo "libraries: krb5 gssapi kadm-client kadm-server kafs"
+ exit $usage_exit
+fi
+
+if test "$prefix" = ""; then
+ prefix=@prefix@
+fi
+if test "$exec_prefix" = ""; then
+ exec_prefix=@exec_prefix@
+fi
+
+libdir=@libdir@
+includedir=@includedir@
+
+if test "$print_prefix" = "yes"; then
+ echo $prefix
+fi
+
+if test "$print_exec_prefix" = "yes"; then
+ echo $exec_prefix
+fi
+
+if test "$do_libs" = "yes"; then
+ lib_flags="-L${libdir}"
+ case $library in
+ gssapi)
+ lib_flags="$lib_flags -lgssapi -lheimntlm"
+ ;;
+ kadm-client)
+ lib_flags="$lib_flags -lkadm5clnt"
+ ;;
+ kadm-server)
+ lib_flags="$lib_flags -lkadm5srv @LIB_dbopen@"
+ ;;
+ kafs)
+ lib_flags="$lib_flags -lkafs"
+ ;;
+ esac
+ lib_flags="$lib_flags -lkrb5 @LIB_pkinit@ -lcom_err"
+ lib_flags="$lib_flags @LIB_hcrypto_appl@ -lasn1 -lroken"
+ lib_flags="$lib_flags @LIB_crypt@ @LIB_dlopen@"
+ lib_flags="$lib_flags @LIB_door_create@ @LIBS@"
+ echo $lib_flags
+fi
+if test "$do_cflags" = "yes"; then
+ echo "-I${includedir} @INCLUDE_hcrypto@"
+fi
+
+exit 0
More information about the Midnightbsd-cvs
mailing list